This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

How to do static authentication on PB_GATT unprovision advertise connection in nRF mesh

Hi,

When I am trying to connect nRF Mesh sdk 2.2 on nrf52832 DK using nRF connect mobile application I am able to connect without static passkey, now I want to enable static authentication on connection request from nRF connect. Is it possible to do some static authentication like BLE men in middle protection? In nrf mesh SDK which section I need to integrate this part

-

Thanks,

Pintu

Parents
  • Hi Pintu,

    Do you not get a disconnect when you access the data in or data out services on nRF Connect with the light switch proxy client or proxy server examples in mesh sdk v2.2.0? I believe this has something to do with a different packet format in the nRF Mesh app compared with nRF Connect for mobile. Do you realize that the source code for nRF Mesh is available (iOS, Android) & you are allowed to modify it, whereas nRF Connect for Mobile is not unfortunately?

    Also, we already use static authentication in our light switch example. See this case & comment from Hung Bui:

    "Static authentication (including OOB static authentication) is already used in our example. Currently we used a fix data (look for STATIC_AUTH_DATA). But you can use NFC, QR code or anything to update this value (on both provisioner and provisionee). It should be pretty straight forward to implement. Have a look at the config_params in main() in our light switch example."

    Kind Regards,

    Bjørn

  • Hi

    I am using nrf52832 with proxy_server application and nRF mesh mobile application original for static oob authentication

    I tried to enable static authentication but not able to do, I added below code in file examples/common/src/mesh_provisionee.c

    uint32_t mesh_provisionee_prov_start(const mesh_provisionee_start_params_t * p_start_params)
    {
        __LOG(LOG_SRC_APP, LOG_LEVEL_INFO, "%s\n", __func__);
        nrf_mesh_prov_oob_caps_t prov_caps =
        {
            ACCESS_ELEMENT_COUNT,
            NRF_MESH_PROV_ALGORITHM_FIPS_P256EC,
            0,
            NRF_MESH_PROV_OOB_STATIC_TYPE_SUPPORTED,
            0,
            0,
            0,
            0
        };

        m_params = *p_start_params;
        if (m_params.p_static_data == NULL)
        {
            return NRF_ERROR_INVALID_PARAM;
        }

        m_prov_ctx.oob_size      = NRF_MESH_KEY_SIZE;   /**< Size of the chosen OOB authentication data. */
        m_prov_ctx.oob_method    = NRF_MESH_PROV_OOB_METHOD_STATIC;
        memcpy(m_prov_ctx.auth_value, m_params.p_static_data, NRF_MESH_KEY_SIZE);
        RETURN_ON_ERROR(nrf_mesh_prov_generate_keys(m_public_key, m_private_key));

    Below is log of provisioning

    Log:

    <t:     347638>, prov_provisionee.c,  602, prov_provisionee_cb_link_established
    <t:     347641>, mesh_provisionee.c,  191, prov_evt_handler: event NRF_MESH_PROV_EVT_LINK_ESTABLISHED
    <t:     375581>, main.c,  217, Successfully updated connection parameters
    <t:     484934>, main.c,  217, Successfully updated connection parameters
    <t:     905906>, prov_provisionee.c,  328, prov_provisionee_pkt_in: pkt type PROV_PDU_TYPE_INVITE
    <t:     905913>, prov_provisionee.c,  342, Provisionee: invite received!
    <t:     905916>, prov_provisionee.c,   98, send_capabilities
    <t:     905918>, prov_provisionee.c,  112, Provisionee: sending capabilities
    <t:     905921>, prov_provisionee.c,  113, send_capabilities: 010100010001000000000000
    <t:     905924>, provisioning.c,   56, send_data: 010100010001000000000000
    <t:     905930>, mesh_provisionee.c,  191, prov_evt_handler: event NRF_MESH_PROV_EVT_INVITE_RECEIVED
    <t:     905933>, prov_provisionee.c,  361, PDU type 0, duration 5
    <t:     922122>, prov_provisionee.c,  564, prov_provisionee_cb_ack_received:state NRF_MESH_PROV_STATE_INVITE
    <t:     938347>, prov_provisionee.c,  328, prov_provisionee_pkt_in: pkt type PROV_PDU_TYPE_START
    <t:     938352>, prov_provisionee.c,  369, Provisionee: provisioning start message received!
    <t:     938355>, prov_provisionee.c,  122, handle_prov_start
    <t:     938357>, prov_provisionee.c,  165, pub key oob 0, oob_method 0, oob_size 0, oob_action 0
    <t:     938361>, mesh_provisionee.c,  191, prov_evt_handler: event NRF_MESH_PROV_EVT_START_RECEIVED
    <t:     938412>, prov_provisionee.c,  328, prov_provisionee_pkt_in: pkt type PROV_PDU_TYPE_PUBLIC_KEY
    <t:     938419>, prov_provisionee.c,  397, Provisionee: public key message received!
    <t:     938423>, provisioning.c,   56, send_data: 03E9935776C5E156F6C4D2A4B24A3DE861C615689DFFECBC8BF3A311661EED914E3635E70EF30E1424FC542ADC89E4FE38250E4D52E6FFF4707E8DBA172A72402E
    <t:     954571>, prov_provisionee.c,  564, prov_provisionee_cb_ack_received:state NRF_MESH_PROV_STATE_WAIT_PUB_KEY
    <t:     954578>, prov_provisionee.c,  285, start_authentication
    <t:     959345>, prov_provisionee.c,  211, request_authentication
    <t:     959347>, prov_provisionee.c,  268, Provisionee: requested OOB none

    From the log i observer i am not able to enable static authentication, can you suggest solution for it.

    Thanks,

    Pintu

Reply
  • Hi

    I am using nrf52832 with proxy_server application and nRF mesh mobile application original for static oob authentication

    I tried to enable static authentication but not able to do, I added below code in file examples/common/src/mesh_provisionee.c

    uint32_t mesh_provisionee_prov_start(const mesh_provisionee_start_params_t * p_start_params)
    {
        __LOG(LOG_SRC_APP, LOG_LEVEL_INFO, "%s\n", __func__);
        nrf_mesh_prov_oob_caps_t prov_caps =
        {
            ACCESS_ELEMENT_COUNT,
            NRF_MESH_PROV_ALGORITHM_FIPS_P256EC,
            0,
            NRF_MESH_PROV_OOB_STATIC_TYPE_SUPPORTED,
            0,
            0,
            0,
            0
        };

        m_params = *p_start_params;
        if (m_params.p_static_data == NULL)
        {
            return NRF_ERROR_INVALID_PARAM;
        }

        m_prov_ctx.oob_size      = NRF_MESH_KEY_SIZE;   /**< Size of the chosen OOB authentication data. */
        m_prov_ctx.oob_method    = NRF_MESH_PROV_OOB_METHOD_STATIC;
        memcpy(m_prov_ctx.auth_value, m_params.p_static_data, NRF_MESH_KEY_SIZE);
        RETURN_ON_ERROR(nrf_mesh_prov_generate_keys(m_public_key, m_private_key));

    Below is log of provisioning

    Log:

    <t:     347638>, prov_provisionee.c,  602, prov_provisionee_cb_link_established
    <t:     347641>, mesh_provisionee.c,  191, prov_evt_handler: event NRF_MESH_PROV_EVT_LINK_ESTABLISHED
    <t:     375581>, main.c,  217, Successfully updated connection parameters
    <t:     484934>, main.c,  217, Successfully updated connection parameters
    <t:     905906>, prov_provisionee.c,  328, prov_provisionee_pkt_in: pkt type PROV_PDU_TYPE_INVITE
    <t:     905913>, prov_provisionee.c,  342, Provisionee: invite received!
    <t:     905916>, prov_provisionee.c,   98, send_capabilities
    <t:     905918>, prov_provisionee.c,  112, Provisionee: sending capabilities
    <t:     905921>, prov_provisionee.c,  113, send_capabilities: 010100010001000000000000
    <t:     905924>, provisioning.c,   56, send_data: 010100010001000000000000
    <t:     905930>, mesh_provisionee.c,  191, prov_evt_handler: event NRF_MESH_PROV_EVT_INVITE_RECEIVED
    <t:     905933>, prov_provisionee.c,  361, PDU type 0, duration 5
    <t:     922122>, prov_provisionee.c,  564, prov_provisionee_cb_ack_received:state NRF_MESH_PROV_STATE_INVITE
    <t:     938347>, prov_provisionee.c,  328, prov_provisionee_pkt_in: pkt type PROV_PDU_TYPE_START
    <t:     938352>, prov_provisionee.c,  369, Provisionee: provisioning start message received!
    <t:     938355>, prov_provisionee.c,  122, handle_prov_start
    <t:     938357>, prov_provisionee.c,  165, pub key oob 0, oob_method 0, oob_size 0, oob_action 0
    <t:     938361>, mesh_provisionee.c,  191, prov_evt_handler: event NRF_MESH_PROV_EVT_START_RECEIVED
    <t:     938412>, prov_provisionee.c,  328, prov_provisionee_pkt_in: pkt type PROV_PDU_TYPE_PUBLIC_KEY
    <t:     938419>, prov_provisionee.c,  397, Provisionee: public key message received!
    <t:     938423>, provisioning.c,   56, send_data: 03E9935776C5E156F6C4D2A4B24A3DE861C615689DFFECBC8BF3A311661EED914E3635E70EF30E1424FC542ADC89E4FE38250E4D52E6FFF4707E8DBA172A72402E
    <t:     954571>, prov_provisionee.c,  564, prov_provisionee_cb_ack_received:state NRF_MESH_PROV_STATE_WAIT_PUB_KEY
    <t:     954578>, prov_provisionee.c,  285, start_authentication
    <t:     959345>, prov_provisionee.c,  211, request_authentication
    <t:     959347>, prov_provisionee.c,  268, Provisionee: requested OOB none

    From the log i observer i am not able to enable static authentication, can you suggest solution for it.

    Thanks,

    Pintu

Children
No Data
Related