• State Verified Answer
  • Replies 2 replies
  • Subscribers 68 subscribers
  • Views 1599 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 233263
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

LESC Numeric Comparison pairing with DISPLAY_YESNO capabilities on peripheral

Andrea p

Hello everyone,

I tried reading around the devzone and the infocenter, but I still didn't manage to solve my question.

In my scenario I'm using:

  • an nRF52832 as a peripheral to allow users to pair to the nordic
  • peer_manager to handle pairing and bonding
  • UART to transmit data to another UART device which has a display capabilities and two buttons, that will be used as Yes/No.
  • SoftDevice 6.1.1

The pairing capabilities are DISPLAY_YESNO on the nrf52, and need to be DISPLAY_YESNO or KEYBOARD_DISPLAY on the central side to require the Numeric Comparison capabilities.

Question 1:

Do you confirm that BLE_GAP_CONN_SEC_MODE_SET_LESC_ENC_WITH_MITM(&sec_mode); will set the nrf52832 to accept only bonding requests that can satisfy the Numeric Comparison security capabilities?

Question 2:

How can I tell the SoftDevice if it should proceed with pairing? In other words: how can I tell the  Yes/No answer to the SoftDevice?

The procedure I'm adopting is:

  1.  Pairing request incoming: Peer manager handles SEC_PARAMS_REQUEST event and answers with SEC_PARAMS_REPLY
  2. I get the passkey via the BLE_GAP_EVT_PASSKEY_DISPLAY
  3.  I send the passkey to the UART and I wait for the YES/NO (How can I tell if I need to answer yes/no, or if the user on their side will input the passkey I'm showing on the display?)
  4. If I had to answer Yes/No, I need to tell the softdevice to continue with pairing? Do I need to send, if correct, sd_ble_gap_auth_key_reply(BLE_GAP_AUTH_KEY_TYPE_PASSKEY,NULL)  or, if failed, sd_ble_gap_auth_key_reply(BLE_GAP_AUTH_KEY_TYPE_NONE,NULL) ?

Thanks in advance,

Andrea

Parents
  • +1

    Hi Andrea, 

    1. You would need to set SEC_PARAM_MITM  = 1 as well. It's set inside peer_manager_init(). But it's not only Nummeric Comparison but also Passkey and Out of band is allowed. Both of them has higher security protection than Nummeric though. 

    2. Please follow the message sequence chart here. The ble_app_multirole_lesc example is a good reference source. 

  • 0 in reply to Hung Bui

    Hi Hung,

    1. Thanks a lot, I thought the passkey was weaker (not only in the case of a static one). I set the SEC_PARAM_MITM=1 the peer_manager_init() before, even though I didn't specify. I started by following the ble_app_multirole_lesc example.

    2. I tried following that example in the past couple of days, but it was not so clear to me. Now I figured out what I need to do. Thanks again.

    I'll send the code to my display, and if required by the match_request param, I'll call the sd_ble_gap_auth_key_reply to confirm or refuse the pairing.

    Thanks again!

Reply
  • 0 in reply to Hung Bui

    Hi Hung,

    1. Thanks a lot, I thought the passkey was weaker (not only in the case of a static one). I set the SEC_PARAM_MITM=1 the peer_manager_init() before, even though I didn't specify. I started by following the ble_app_multirole_lesc example.

    2. I tried following that example in the past couple of days, but it was not so clear to me. Now I figured out what I need to do. Thanks again.

    I'll send the code to my display, and if required by the match_request param, I'll call the sd_ble_gap_auth_key_reply to confirm or refuse the pairing.

    Thanks again!

Children
No Data
Related