This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

PASSKEY

 I’ve downloaded     nRF5_SDK_11.0.0_89a8197 and starting with examples from \examples\ble_peripheral\???\pca10040\s132\arm5_no_packs\

 I would like the other device to request a passkey (constant) at pairing (the passkey on my side is constant - no display needed)

After   gap_params_init();I’ve added the following code:

 

{

 static ble_opt_t optS;

   static uint8_t passw[]="123456";           

 optS.gap_opt.passkey.p_passkey=passw;

   err_code =sd_ble_opt_set(BLE_GAP_OPT_PASSKEY, &optS);

}

 

err_code returned :  0  

 

Still the module will pair and communicate without requesting a passkey.

I've tried to find an answer in Q&A . in some answers there was a reference to fields : io_caps,mitm. cant make out what does it mean. 

(these fields belong to structs relevant to services, not pairing)

 

Thanks for any help

   Yona

Parents
  • Hi Yona,

    You can change the permission/security level on the BLE characteristics to require MITM pairing. The central does not need to pair with the device if security level is set to "open".

    E..g, change BLE_GAP_CONN_SEC_MODE_SET_OPEN(&attr_md.read_perm) to BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM (&attr_md.read_perm) if you want to limit read access to a certain characteristic. 

     

  • thank you for the answer.

    making this change - finally  "produces"  the  events:

    BLE_GAP_EVT_SEC_PARAMS_REQUEST,   BLE_GAP_EVT_AUTH_STATUS

    how should I deal with them ?

    (as the cellphone application does not know that passkey is needed- so reading the characteristic results in a  BLE disconnection)

    Yona

  • Recommend to use the device manager module for handling of security requests. Device manger is implemented in most of the ble_peripheral examples, ble_app_hrs for instance.  

  • I would like to apologize for my repeating questions. 

    I took ble_app_hrs project ( DEVICE_NAME  =  "Nordic_HRM")

    it contains code for dealing with BLE_GAP_EVT_SEC_PARAMS_REQUEST

    I've added this code to define a constant passkey 


    static ble_opt_t optS;
    static uint8_t passw[]="123456";
    optS.gap_opt.passkey.p_passkey=passw;
    err_code =sd_ble_opt_set(BLE_GAP_OPT_PASSKEY,&optS);
    APP_ERROR_CHECK(err_code);

    than I've changed (for characteristic "Body Sensor Location") 

    BLE_GAP_CONN_SEC_MODE_SET_OPEN(&hrs_init.hrs_bsl_attr_md.read_perm);

     to 

    BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&hrs_init.hrs_bsl_attr_md.read_perm);

    the result is that  "Body Sensor Location" will not preform the read (the read request from the cellphone application does not respond) 

    all other services work normal

    what am I missing ?

    thanks again

    Yona

  • Hi Yona,

    Looks like I forgot to mention that you need to enable MITM and set IO capability in device_manager_init(). See diff file below for necessary changes:

    diff --git a/examples/ble_peripheral/ble_app_hrs/main.c b/examples/ble_peripheral/ble_app_hrs/main.c
    index 6facd54..b7bf916 100644
    --- a/examples/ble_peripheral/ble_app_hrs/main.c
    +++ b/examples/ble_peripheral/ble_app_hrs/main.c
    @@ -87,10 +87,10 @@
     #define MAX_CONN_PARAMS_UPDATE_COUNT     3                                          /**< Number of attempts before giving up the connection parameter negotiation. */
     
     #define SEC_PARAM_BOND                   1                                          /**< Perform bonding. */
    -#define SEC_PARAM_MITM                   0                                          /**< Man In The Middle protection not required. */
    +#define SEC_PARAM_MITM                   1                                          /**< Man In The Middle protection not required. */
     #define SEC_PARAM_LESC                   0                                          /**< LE Secure Connections not enabled. */
     #define SEC_PARAM_KEYPRESS               0                                          /**< Keypress notifications not enabled. */
    -#define SEC_PARAM_IO_CAPABILITIES        BLE_GAP_IO_CAPS_NONE                       /**< No I/O capabilities. */
    +#define SEC_PARAM_IO_CAPABILITIES        BLE_GAP_IO_CAPS_DISPLAY_ONLY               /**< No I/O capabilities. */
     #define SEC_PARAM_OOB                    0                                          /**< Out Of Band data not available. */
     #define SEC_PARAM_MIN_KEY_SIZE           7                                          /**< Minimum encryption key size. */
     #define SEC_PARAM_MAX_KEY_SIZE           16                                         /**< Maximum encryption key size. */
    @@ -327,6 +327,15 @@ static void gap_params_init(void)
     
         err_code = sd_ble_gap_ppcp_set(&gap_conn_params);
         APP_ERROR_CHECK(err_code);
    +                                          
    +    static ble_opt_t optS;
    +
    +    static uint8_t passw[]="123456";           
    +
    +    optS.gap_opt.passkey.p_passkey=passw;
    +
    +    err_code =sd_ble_opt_set(BLE_GAP_OPT_PASSKEY, &optS);
    +    APP_ERROR_CHECK(err_code);
     }
     
     
    @@ -455,7 +464,7 @@ static void services_init(void)
         BLE_GAP_CONN_SEC_MODE_SET_NO_ACCESS(&hrs_init.hrs_hrm_attr_md.read_perm);
         BLE_GAP_CONN_SEC_MODE_SET_NO_ACCESS(&hrs_init.hrs_hrm_attr_md.write_perm);
     
    -    BLE_GAP_CONN_SEC_MODE_SET_OPEN(&hrs_init.hrs_bsl_attr_md.read_perm);
    +    BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&hrs_init.hrs_bsl_attr_md.read_perm);
         BLE_GAP_CONN_SEC_MODE_SET_NO_ACCESS(&hrs_init.hrs_bsl_attr_md.write_perm);
     
         err_code = ble_hrs_init(&m_hrs, &hrs_init);
    

    Vidar

  • Hi again

    although all works, still I have a small issue.

    no problem to force read,write  to demand a PASSKEY, 

    BUT cant make "notify" demand it.

    if       char_md.p_cccd_md  = &cccd_md; 

    and I write  

        BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&cccd_md.read_perm);
        BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&cccd_md.write_perm);

    then  sd_ble_gatts_characteristic_add   returns error=7 (NRF_ERROR_INVALID_PARAM)

    if I dont write it  then even if "read" demands PASSKEY, its "notify" dosnt

    maby the problem is in the way I "make" read,notify: 

    if read without notify then I use      sd_ble_gatts_value_set

    if notify is involved then                  sd_ble_gatts_hvx   (same call covers read & notify)

    (at the time- it didnt work any other way)

    what do you think ?

    thanks again and again

    Yona

Reply
  • Hi again

    although all works, still I have a small issue.

    no problem to force read,write  to demand a PASSKEY, 

    BUT cant make "notify" demand it.

    if       char_md.p_cccd_md  = &cccd_md; 

    and I write  

        BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&cccd_md.read_perm);
        BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&cccd_md.write_perm);

    then  sd_ble_gatts_characteristic_add   returns error=7 (NRF_ERROR_INVALID_PARAM)

    if I dont write it  then even if "read" demands PASSKEY, its "notify" dosnt

    maby the problem is in the way I "make" read,notify: 

    if read without notify then I use      sd_ble_gatts_value_set

    if notify is involved then                  sd_ble_gatts_hvx   (same call covers read & notify)

    (at the time- it didnt work any other way)

    what do you think ?

    thanks again and again

    Yona

Children
Related