I need to show a proof of concept for a product development decision of a new development project.
The PoC consists of connecting a (very special) BLE central device (named HAX) with pre-bonded LTK to a Nordic nRF52 DK board. (I know that concerning security, this does not make much sense, but the PoC and also the end product have very low security requirements.)
Please note that the HAX does not support pairing, but it supports bonding with a factory pre-programmed LTK. HAX supports LESC or LEGACY security and I can configure the LTK, MITM protection, EDIV and RAND data on the central side.
As the peripheral, I used the ble_app_bms example project on the nRF52 DK with s132_nrf52_5.0.0_softdevice.hex and I was able to reach the breakpoint at BLE_GAP_EVT_SEC_INFO_REQUEST when the central HAX tries to establish a secure connection.
What I need to do is to configure a complete pre-bonding in the ble_app_bms example project and I don't know exactly how to do this. Could you please give me some advice on how I could setup such a pre-bonding on the nRF52?
Here is what I found so far (from https://devzone.nordicsemi.com/f/nordic-q-a/18442/how-can-i-find-the-long-term-key-being-currently-used--peer-manager)
[The LTK is stored in peer_data -> p_bonding_data. It's stored to flash in auth_status_success_process() in security_dispatcher.c after the device bond and read from flash in sec_info_request_process() with pdb_peer_data_ptr_get() when the device reconnect and re-encrypt.]
Isn't sec_info_request_process() only called during pairing? (which is not supported by our central HAX)
I'm trying to write an own function store_peer_ltk that is called on BLE_GAP_EVT_SEC_INFO_REQUEST prior to sec_info_request_process, but I was not able to get a valid peer_id and thus was not able to write to peer_data -> p_bonding_data.
I'm not a very experienced code developer so I would be very happy if you could provide me some hints on how I could achieve this. Thanks a lot!
