This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Bonding fails following ble_app_hrs example: peer_manager_handler: Event PM_EVT_CONN_SEC_FAILED (error: 1)

Hello everyone,

I'm developing a custom software with SDK 15.3, SD 132 6.1.1 following the ble_app_hrs example for supporting Peer_Manager and Encrypted Link.

This is my initialization code:

    log_init();
        #ifndef BOARD_CUSTOM
    uart_init();
    #endif
    timers_init();
    #ifndef BOARD_CUSTOM
    buttons_leds_init(&erase_bonds);
    #endif
    power_management_init();
    adc_init();
    ble_stack_init();
    gap_params_init();
    gatt_init();
    services_init();
    advertising_init();
    conn_params_init();
    peer_manager_init();
    timers_app_start();
    advertising_start();

And the BLE functions are attached in the ble_app.c file.

I erased all the flash memory and programmed the softdevice and the application.

The application runs and starts_advertising. I can successfully connect to the device via nRF_Connect for Android:

00> <debug> nrf_ble_gatt: Requesting to update ATT MTU to 247 bytes on connection 0x0.
00> 
00> <debug> nrf_ble_gatt: Updating data length to 251 on connection 0x0.
00> 
00> <info> app: Connected
00> 
00> <debug> nrf_ble_gatt: ATT MTU updated to 247 bytes on connection 0x0 (response).
00> 
00> <info> app: Data len is set to 0xF4(244)
00> 
00> <debug> app: ATT MTU exchange completed. central 0xF7 peripheral 0xF7
00> 
00> <debug> nrf_ble_gatt: Data length updated to 123 on connection 0x0.
00> 
00> <debug> nrf_ble_gatt: max_rx_octets: 123
00> 
00> <debug> nrf_ble_gatt: max_tx_octets: 123
00> 
00> <debug> nrf_ble_gatt: max_rx_time: 1096
00> 
00> <debug> nrf_ble_gatt: max_tx_time: 1096
00> 
00> <debug> app: ATT MTU exchange completed. central 0xF7 peripheral 0xF7
00> 
00> <debug> nrf_ble_gatt: Peer on connection 0x0 requested a data length of 123 bytes.
00> 
00> <debug> nrf_ble_gatt: Updating data length to 123 on connection 0x0.
00> 
00> <debug> nrf_ble_gatt: Data length updated to 123 on connection 0x0.
00> 
00> <debug> nrf_ble_gatt: max_rx_octets: 123
00> 
00> <debug> nrf_ble_gatt: max_tx_octets: 123
00> 
00> <debug> nrf_ble_gatt: max_rx_time: 1096
00> 
00> <debug> nrf_ble_gatt: max_tx_time: 1096
00> 
00> <debug> app: ATT MTU exchange completed. central 0xF7 peripheral 0xF7

However when I try to bond from nRF_Connect, it takes a while with no response after BLE_GAP_EVT_LESC_DHKEY_REQUEST and then it says "Bonding failed". This is the full log:

00> <debug> nrf_ble_lesc: Initialized nrf_crypto.
00> 
00> <debug> nrf_ble_lesc: Initialized nrf_ble_lesc.
00> 
00> <debug> nrf_ble_lesc: Generating ECC key pair
00> 
00> Init finished. Debug logging for UART over RTT started.
00> 
00> <debug> nrf_ble_gatt: Requesting to update ATT MTU to 247 bytes on connection 0x0.
00> 
00> <debug> nrf_ble_gatt: Updating data length to 251 on connection 0x0.
00> 
00> <info> app: Connected
00> 
00> <debug> peer_manager_handler: Event PM_EVT_CONN_SEC_START
00> 
00> <debug> peer_manager_handler: Connection security procedure started: role: Peripheral, conn_handle: 0, procedure: Bonding
00> 
00> <debug> peer_manager_handler: Event PM_EVT_CONN_SEC_PARAMS_REQ
00> 
00> <debug> peer_manager_handler: Security parameter request
00> 
00> <debug> app: BLE_GAP_EVT_SEC_PARAMS_REQUEST
00> 
00> <debug> nrf_ble_gatt: ATT MTU updated to 247 bytes on connection 0x0 (response).
00> 
00> <info> app: Data len is set to 0xF4(244)
00> 
00> <debug> app: ATT MTU exchange completed. central 0xF7 peripheral 0xF7
00> 
00> <debug> nrf_ble_gatt: Data length updated to 123 on connection 0x0.
00> 
00> <debug> nrf_ble_gatt: max_rx_octets: 123
00> 
00> <debug> nrf_ble_gatt: max_tx_octets: 123
00> 
00> <debug> nrf_ble_gatt: max_rx_time: 1096
00> 
00> <debug> nrf_ble_gatt: max_tx_time: 1096
00> 
00> <debug> app: ATT MTU exchange completed. central 0xF7 peripheral 0xF7
00> 
00> <debug> nrf_ble_lesc: BLE_GAP_EVT_LESC_DHKEY_REQUEST
00> 
00> <info> app: BLE_GAP_EVT_LESC_DHKEY_REQUEST
00> 
00> <debug> nrf_ble_gatt: Peer on connection 0x0 requested a data length of 123 bytes.
00> 
00> <debug> nrf_ble_gatt: Updating data length to 123 on connection 0x0.
00> 
00> <debug> nrf_ble_gatt: Data length updated to 123 on connection 0x0.
00> 
00> <debug> nrf_ble_gatt: max_rx_octets: 123
00> 
00> <debug> nrf_ble_gatt: max_tx_octets: 123
00> 
00> <debug> nrf_ble_gatt: max_rx_time: 1096
00> 
00> <debug> nrf_ble_gatt: max_tx_time: 1096
00> 
00> <debug> app: ATT MTU exchange completed. central 0xF7 peripheral 0xF7
00> 
00> <debug> peer_manager_handler: Event PM_EVT_CONN_SEC_FAILED
00> 
00> <info> peer_manager_handler: Connection security failed: role: Peripheral, conn_handle: 0x0, procedure: Bonding, error: 1
00> 
00> <debug> peer_manager_ast: New peer has been added to the blacklist:
00> 
00> <debug> peer_manager_ast:  EE 32 .. .. .. ..      |.2..oo  
00> 
00> <info> app: BLE_GAP_EVT_AUTH_STATUS: status=0x1 bond=0x0 lv4: 0 kdist_own:0x0 kdist_peer:0x0
00> 
00> <info> app: Disconnected, reason 19.
00> 
00> <debug> peer_manager_ast: Peer has been removed from the blacklist, its address:
00> 
00> <debug> peer_manager_ast:  EE 32 .. .. .. ..      |.2..oo  
00> 
00> <debug> peer_manager_ast: Pairing waiting interval has expired for:
00> 
00> <debug> peer_manager_ast:  EE 32 .. .. .. ..      |.2..oo  

The error I get is:

<debug> peer_manager_handler: Event PM_EVT_CONN_SEC_FAILED

<info> peer_manager_handler: Connection security failed: role: Peripheral, conn_handle: 0x0, procedure: Bonding, error: 1

<info> app: BLE_GAP_EVT_AUTH_STATUS: status=0x1 bond=0x0 lv4: 0 kdist_own:0x0 kdist_peer:0x0

Which I think it means pairing maximum delay is over and hence bonding is cancelled.

Anyone knows what the problem is and can I solve it?

#include "ble_app.h"
#include "nrf_log.h"

//#include "nordic_common.h"
//#include "nrf.h"
#include "nrf_sdh.h"
#include "nrf_sdh_soc.h"
//#include "nrf_sdh_ble.h"
//#include "ble_hci.h"
//#include "ble_advdata.h"
#include "ble_advertising.h"
#include "ble_conn_params.h"
#include "peer_manager.h"
#include "peer_manager_handler.h"
#include "fds.h"
#include "nrf_ble_gatt.h"
#include "nrf_ble_qwr.h"
#include "app_timer.h"
#include "ble_nus.h"
#include "app_error.h"
#include "app_uart.h"
#include "bsp_btn_ble_app.h"
#include "system.h"
#include "sdk_errors.h"
#include "sos_device.h"


#define APP_BLE_CONN_CFG_TAG            1                                           /**< A tag identifying the SoftDevice BLE configuration. */

#define DEVICE_NAME                     "SOS_Device v0.2"     //Stop Ojos Secos          /**< Name of device. Will be included in the advertising data. */
#define NUS_SERVICE_UUID_TYPE           BLE_UUID_TYPE_VENDOR_BEGIN                  /**< UUID type for the Nordic UART Service (vendor specific). */

#define APP_BLE_OBSERVER_PRIO           3                                           /**< Application's BLE observer priority. You shouldn't need to modify this value. */

#define APP_ADV_INTERVAL                64                                          /**< The advertising interval (in units of 0.625 ms. This value corresponds to 40 ms). */

#define APP_ADV_DURATION                18000                                       /**< The advertising duration (180 seconds) in units of 10 milliseconds. */

#define MIN_CONN_INTERVAL               MSEC_TO_UNITS(20, UNIT_1_25_MS)             /**< Minimum acceptable connection interval (20 ms), Connection interval uses 1.25 ms units. */
#define MAX_CONN_INTERVAL               MSEC_TO_UNITS(75, UNIT_1_25_MS)             /**< Maximum acceptable connection interval (75 ms), Connection interval uses 1.25 ms units. */
#define SLAVE_LATENCY                   0                                           /**< Slave latency. */
#define CONN_SUP_TIMEOUT                MSEC_TO_UNITS(4000, UNIT_10_MS)             /**< Connection supervisory timeout (4 seconds), Supervision Timeout uses 10 ms units. */
#define FIRST_CONN_PARAMS_UPDATE_DELAY  APP_TIMER_TICKS(5000)                       /**< Time from initiating event (connect or start of notification) to first time sd_ble_gap_conn_param_update is called (5 seconds). */
#define NEXT_CONN_PARAMS_UPDATE_DELAY   APP_TIMER_TICKS(30000)                      /**< Time between each call to sd_ble_gap_conn_param_update after the first call (30 seconds). */
#define MAX_CONN_PARAMS_UPDATE_COUNT    3                                           /**< Number of attempts before giving up the connection parameter negotiation. */

#define LESC_DEBUG_MODE                     1                                       /**< Set to 1 to use LESC debug keys, allows you to use a sniffer to inspect traffic. */

#define SEC_PARAM_BOND                      1                                       /**< Perform bonding. */
#define SEC_PARAM_MITM                      0                                       /**< Man In The Middle protection not required. */
#define SEC_PARAM_LESC                      1                                       /**< LE Secure Connections enabled. */
#define SEC_PARAM_KEYPRESS                  0                                       /**< Keypress notifications not enabled. */
#define SEC_PARAM_IO_CAPABILITIES           BLE_GAP_IO_CAPS_NONE                    /**< No I/O capabilities. */
#define SEC_PARAM_OOB                       0                                       /**< Out Of Band data not available. */
#define SEC_PARAM_MIN_KEY_SIZE              7                                       /**< Minimum encryption key size. */
#define SEC_PARAM_MAX_KEY_SIZE              16                                      /**< Maximum encryption key size. */

#define DEAD_BEEF                       0xDEADBEEF                                  /**< Value used as error code on stack dump, can be used to identify stack location on stack unwind. */

BLE_NUS_DEF(m_nus, NRF_SDH_BLE_TOTAL_LINK_COUNT);                                   /**< BLE NUS service instance. */
NRF_BLE_GATT_DEF(m_gatt);                                                           /**< GATT module instance. */
NRF_BLE_QWR_DEF(m_qwr);                                                             /**< Context for the Queued Write module.*/
BLE_ADVERTISING_DEF(m_advertising);                                                 /**< Advertising module instance. */

static uint16_t   m_conn_handle          = BLE_CONN_HANDLE_INVALID;                 /**< Handle of the current connection. */
static uint16_t   m_ble_nus_max_data_len = BLE_GATT_ATT_MTU_DEFAULT - 3;            /**< Maximum length of data (in bytes) that can be transmitted to the peer by the Nordic UART service module. */
static ble_uuid_t m_adv_uuids[]          =                                          /**< Universally unique service identifier. */
{
    {BLE_UUID_NUS_SERVICE, NUS_SERVICE_UUID_TYPE}
};


/**@brief Function for assert macro callback.
 *
 * @details This function will be called in case of an assert in the SoftDevice.
 *
 * @warning This handler is an example only and does not fit a final product. You need to analyse
 *          how your product is supposed to react in case of Assert.
 * @warning On assert from the SoftDevice, the system can only recover on reset.
 *
 * @param[in] line_num    Line number of the failing ASSERT call.
 * @param[in] p_file_name File name of the failing ASSERT call.
 */
void assert_nrf_callback(uint16_t line_num, const uint8_t * p_file_name)
{
    app_error_handler(DEAD_BEEF, line_num, p_file_name);
}


/**@brief Clear bond information from persistent storage.
 */
static void delete_bonds(void)
{
    ret_code_t err_code;

    NRF_LOG_INFO("Erase bonds!");

    err_code = pm_peers_delete();
    APP_ERROR_CHECK(err_code);
}


/**@brief Function for handling Peer Manager events.
 *
 * @param[in] p_evt  Peer Manager event.
 */
static void pm_evt_handler(pm_evt_t const * p_evt)
{
    pm_handler_on_pm_evt(p_evt);
    pm_handler_flash_clean(p_evt);

    switch (p_evt->evt_id)
    {
        case PM_EVT_PEERS_DELETE_SUCCEEDED:
            //advertising_start(false); // TODO: Check if needed
            break;

        default:
            break;
    }
}


/**@brief Function for the GAP initialization.
 *
 * @details This function will set up all the necessary GAP (Generic Access Profile) parameters of
 *          the device. It also sets the permissions and appearance.
 */
void gap_params_init(void)
{
    uint32_t                err_code;
    ble_gap_conn_params_t   gap_conn_params;
    ble_gap_conn_sec_mode_t sec_mode;

    BLE_GAP_CONN_SEC_MODE_SET_OPEN(&sec_mode);

    err_code = sd_ble_gap_device_name_set(&sec_mode,
                                          (const uint8_t *) DEVICE_NAME,
                                          strlen(DEVICE_NAME));
    APP_ERROR_CHECK(err_code);

    memset(&gap_conn_params, 0, sizeof(gap_conn_params));

    gap_conn_params.min_conn_interval = MIN_CONN_INTERVAL;
    gap_conn_params.max_conn_interval = MAX_CONN_INTERVAL;
    gap_conn_params.slave_latency     = SLAVE_LATENCY;
    gap_conn_params.conn_sup_timeout  = CONN_SUP_TIMEOUT;

    err_code = sd_ble_gap_ppcp_set(&gap_conn_params);
    APP_ERROR_CHECK(err_code);
}


/**@brief Function for handling Queued Write Module errors.
 *
 * @details A pointer to this function will be passed to each service which may need to inform the
 *          application about an error.
 *
 * @param[in]   nrf_error   Error code containing information about what went wrong.
 */
static void nrf_qwr_error_handler(uint32_t nrf_error)
{
    APP_ERROR_HANDLER(nrf_error);
}


/**@brief Function for handling the data from the Nordic UART Service.
 *
 * @details This function will process the data received from the Nordic UART BLE Service and send
 *          it to the UART module.
 *
 * @param[in] p_evt       Nordic UART Service event.
 */
/**@snippet [Handling the data received over BLE] */
static void nus_data_handler(ble_nus_evt_t * p_evt)
{

    if (p_evt->type == BLE_NUS_EVT_RX_DATA)
    {
        NRF_LOG_DEBUG("Received data from BLE NUS. Writing data on UART.");
        NRF_LOG_HEXDUMP_DEBUG(p_evt->params.rx_data.p_data, p_evt->params.rx_data.length);

        #ifndef BOARD_CUSTOM
        uint32_t err_code;
        for (uint32_t i = 0; i < p_evt->params.rx_data.length; i++)
        {
            do
            {
                err_code = app_uart_put(p_evt->params.rx_data.p_data[i]);
                if ((err_code != NRF_SUCCESS) && (err_code != NRF_ERROR_BUSY))
                {
                    NRF_LOG_ERROR("Failed receiving NUS message. Error 0x%x. ", err_code);
                    APP_ERROR_CHECK(err_code);
                }
            } while (err_code == NRF_ERROR_BUSY);
        }
        if (p_evt->params.rx_data.p_data[p_evt->params.rx_data.length - 1] == '\r')
        {
            while (app_uart_put('\n') == NRF_ERROR_BUSY);
        }
        #else
        //NRF_LOG_RAW_INFO("%s\r\n",p_evt->params.rx_data.p_data);
        #endif
        
        //NRF_LOG_RAW_INFO("rx %d bytes:\r\n %s\r\n", p_evt->params.rx_data.length, p_evt->params.rx_data.p_data);
        sos_analyze_frame((uint8_t *)p_evt->params.rx_data.p_data, p_evt->params.rx_data.length);
    }
}
/**@snippet [Handling the data received over BLE] */


/**@brief Function for initializing services that will be used by the application.
 */
void services_init(void)
{
    uint32_t           err_code;
    ble_nus_init_t     nus_init;
    nrf_ble_qwr_init_t qwr_init = {0};

    // Initialize Queued Write Module.
    qwr_init.error_handler = nrf_qwr_error_handler;

    err_code = nrf_ble_qwr_init(&m_qwr, &qwr_init);
    APP_ERROR_CHECK(err_code);

    // Initialize NUS.
    memset(&nus_init, 0, sizeof(nus_init));

    nus_init.data_handler = nus_data_handler;

    err_code = ble_nus_init(&m_nus, &nus_init);
    APP_ERROR_CHECK(err_code);
}


/**@brief Function for handling an event from the Connection Parameters Module.
 *
 * @details This function will be called for all events in the Connection Parameters Module
 *          which are passed to the application.
 *
 * @note All this function does is to disconnect. This could have been done by simply setting
 *       the disconnect_on_fail config parameter, but instead we use the event handler
 *       mechanism to demonstrate its use.
 *
 * @param[in] p_evt  Event received from the Connection Parameters Module.
 */
static void on_conn_params_evt(ble_conn_params_evt_t * p_evt)
{
    uint32_t err_code;

    if (p_evt->evt_type == BLE_CONN_PARAMS_EVT_FAILED)
    {
        err_code = sd_ble_gap_disconnect(m_conn_handle, BLE_HCI_CONN_INTERVAL_UNACCEPTABLE);
        APP_ERROR_CHECK(err_code);
    }
}


/**@brief Function for handling errors from the Connection Parameters module.
 *
 * @param[in] nrf_error  Error code containing information about what went wrong.
 */
static void conn_params_error_handler(uint32_t nrf_error)
{
    APP_ERROR_HANDLER(nrf_error);
}


/**@brief Function for initializing the Connection Parameters module.
 */
void conn_params_init(void)
{
    uint32_t               err_code;
    ble_conn_params_init_t cp_init;

    memset(&cp_init, 0, sizeof(cp_init));

    cp_init.p_conn_params                  = NULL;
    cp_init.first_conn_params_update_delay = FIRST_CONN_PARAMS_UPDATE_DELAY;
    cp_init.next_conn_params_update_delay  = NEXT_CONN_PARAMS_UPDATE_DELAY;
    cp_init.max_conn_params_update_count   = MAX_CONN_PARAMS_UPDATE_COUNT;
    cp_init.start_on_notify_cccd_handle    = BLE_GATT_HANDLE_INVALID;
    cp_init.disconnect_on_fail             = false;
    cp_init.evt_handler                    = on_conn_params_evt;
    cp_init.error_handler                  = conn_params_error_handler;

    err_code = ble_conn_params_init(&cp_init);
    APP_ERROR_CHECK(err_code);
}


/**@brief Function for handling advertising events.
 *
 * @details This function will be called for advertising events which are passed to the application.
 *
 * @param[in] ble_adv_evt  Advertising event.
 */
static void on_adv_evt(ble_adv_evt_t ble_adv_evt)
{
    uint32_t err_code;

    switch (ble_adv_evt)
    {
        case BLE_ADV_EVT_FAST:
            err_code = bsp_indication_set(BSP_INDICATE_ADVERTISING);
            APP_ERROR_CHECK(err_code);
            break;
        case BLE_ADV_EVT_IDLE:
            advertising_start();
            break;
        default:
            break;
    }
}


/**@brief Function for handling BLE events.
 *
 * @param[in]   p_ble_evt   Bluetooth stack event.
 * @param[in]   p_context   Unused.
 */
static void ble_evt_handler(ble_evt_t const * p_ble_evt, void * p_context)
{
    uint32_t err_code;

    switch (p_ble_evt->header.evt_id)
    {
        case BLE_GAP_EVT_CONNECTED:
            NRF_LOG_INFO("Connected");
            err_code = bsp_indication_set(BSP_INDICATE_CONNECTED);
            APP_ERROR_CHECK(err_code);
            m_conn_handle = p_ble_evt->evt.gap_evt.conn_handle;
            err_code = nrf_ble_qwr_conn_handle_assign(&m_qwr, m_conn_handle);
            APP_ERROR_CHECK(err_code);
            break;

        case BLE_GAP_EVT_DISCONNECTED:
            NRF_LOG_INFO("Disconnected, reason %d.",
                          p_ble_evt->evt.gap_evt.params.disconnected.reason);
            // LED indication will be changed when advertising starts.
            m_conn_handle = BLE_CONN_HANDLE_INVALID;
            break;

        case BLE_GAP_EVT_PHY_UPDATE_REQUEST:
        {
            NRF_LOG_DEBUG("PHY update request.");
            ble_gap_phys_t const phys =
            {
                .rx_phys = BLE_GAP_PHY_AUTO,
                .tx_phys = BLE_GAP_PHY_AUTO,
            };
            err_code = sd_ble_gap_phy_update(p_ble_evt->evt.gap_evt.conn_handle, &phys);
            APP_ERROR_CHECK(err_code);
        } break;

        case BLE_GAP_EVT_SEC_PARAMS_REQUEST:
            NRF_LOG_DEBUG("BLE_GAP_EVT_SEC_PARAMS_REQUEST");
            break;

//        case BLE_GATTS_EVT_SYS_ATTR_MISSING:
//            // No system attributes have been stored.
//            err_code = sd_ble_gatts_sys_attr_set(m_conn_handle, NULL, 0, 0);
//            APP_ERROR_CHECK(err_code);
//            break;

        case BLE_GATTC_EVT_TIMEOUT:
            // Disconnect on GATT Client timeout event.
            NRF_LOG_DEBUG("GATT Client Timeout.");
            err_code = sd_ble_gap_disconnect(p_ble_evt->evt.gattc_evt.conn_handle,
                                             BLE_HCI_REMOTE_USER_TERMINATED_CONNECTION);
            APP_ERROR_CHECK(err_code);
            break;

        case BLE_GATTS_EVT_TIMEOUT:
            NRF_LOG_DEBUG("GATT Server Timeout.");
            // Disconnect on GATT Server timeout event.
            err_code = sd_ble_gap_disconnect(p_ble_evt->evt.gatts_evt.conn_handle,
                                             BLE_HCI_REMOTE_USER_TERMINATED_CONNECTION);
            APP_ERROR_CHECK(err_code);
            break;
        
        case BLE_GAP_EVT_AUTH_KEY_REQUEST:
            NRF_LOG_INFO("BLE_GAP_EVT_AUTH_KEY_REQUEST");
            break;

        case BLE_GAP_EVT_LESC_DHKEY_REQUEST:
            NRF_LOG_INFO("BLE_GAP_EVT_LESC_DHKEY_REQUEST");
            break;

         case BLE_GAP_EVT_AUTH_STATUS:
            NRF_LOG_INFO("BLE_GAP_EVT_AUTH_STATUS: status=0x%x bond=0x%x lv4: %d kdist_own:0x%x kdist_peer:0x%x",
                          p_ble_evt->evt.gap_evt.params.auth_status.auth_status,
                          p_ble_evt->evt.gap_evt.params.auth_status.bonded,
                          p_ble_evt->evt.gap_evt.params.auth_status.sm1_levels.lv4,
                          *((uint8_t *)&p_ble_evt->evt.gap_evt.params.auth_status.kdist_own),
                          *((uint8_t *)&p_ble_evt->evt.gap_evt.params.auth_status.kdist_peer));
            break;
		
        default:
            // No implementation needed.
            break;
    }
}


/**@brief Function for the SoftDevice initialization.
 *
 * @details This function initializes the SoftDevice and the BLE event interrupt.
 */
void ble_stack_init(void)
{
    ret_code_t err_code;

    err_code = nrf_sdh_enable_request();
    APP_ERROR_CHECK(err_code);

    // Configure the BLE stack using the default settings.
    // Fetch the start address of the application RAM.
    uint32_t ram_start = 0;
    err_code = nrf_sdh_ble_default_cfg_set(APP_BLE_CONN_CFG_TAG, &ram_start);
    APP_ERROR_CHECK(err_code);

    // Enable BLE stack.
    err_code = nrf_sdh_ble_enable(&ram_start);
    APP_ERROR_CHECK(err_code);

    // Register a handler for BLE events.
    NRF_SDH_BLE_OBSERVER(m_ble_observer, APP_BLE_OBSERVER_PRIO, ble_evt_handler, NULL);
}


/**@brief Function for the Peer Manager initialization.
 */
void peer_manager_init(void)
{
    ble_gap_sec_params_t sec_param;
    ret_code_t           err_code;

    err_code = pm_init();
    APP_ERROR_CHECK(err_code);

    memset(&sec_param, 0, sizeof(ble_gap_sec_params_t));

    // Security parameters to be used for all security procedures.
    sec_param.bond           = SEC_PARAM_BOND;
    sec_param.mitm           = SEC_PARAM_MITM;
    sec_param.lesc           = SEC_PARAM_LESC;
    sec_param.keypress       = SEC_PARAM_KEYPRESS;
    sec_param.io_caps        = SEC_PARAM_IO_CAPABILITIES;
    sec_param.oob            = SEC_PARAM_OOB;
    sec_param.min_key_size   = SEC_PARAM_MIN_KEY_SIZE;
    sec_param.max_key_size   = SEC_PARAM_MAX_KEY_SIZE;
    sec_param.kdist_own.enc  = 1;
    sec_param.kdist_own.id   = 1;
    sec_param.kdist_peer.enc = 1;
    sec_param.kdist_peer.id  = 1;

    err_code = pm_sec_params_set(&sec_param);
    APP_ERROR_CHECK(err_code);

    err_code = pm_register(pm_evt_handler);
    APP_ERROR_CHECK(err_code);
}


/**@brief Function for handling events from the GATT library. */
void gatt_evt_handler(nrf_ble_gatt_t * p_gatt, nrf_ble_gatt_evt_t const * p_evt)
{
    if ((m_conn_handle == p_evt->conn_handle) && (p_evt->evt_id == NRF_BLE_GATT_EVT_ATT_MTU_UPDATED))
    {
        m_ble_nus_max_data_len = p_evt->params.att_mtu_effective - OPCODE_LENGTH - HANDLE_LENGTH;
        NRF_LOG_INFO("Data len is set to 0x%X(%d)", m_ble_nus_max_data_len, m_ble_nus_max_data_len);
    }
    NRF_LOG_DEBUG("ATT MTU exchange completed. central 0x%x peripheral 0x%x",
                  p_gatt->att_mtu_desired_central,
                  p_gatt->att_mtu_desired_periph);
}


/**@brief Function for initializing the GATT library. */
void gatt_init(void)
{
    ret_code_t err_code;

    err_code = nrf_ble_gatt_init(&m_gatt, gatt_evt_handler);
    APP_ERROR_CHECK(err_code);

    err_code = nrf_ble_gatt_att_mtu_periph_set(&m_gatt, NRF_SDH_BLE_GATT_MAX_MTU_SIZE);
    APP_ERROR_CHECK(err_code);
}

/**@brief Function for initializing the Advertising functionality.
 */
void advertising_init(void)
{
    uint32_t               err_code;
    ble_advertising_init_t init;

    memset(&init, 0, sizeof(init));

    init.advdata.name_type          = BLE_ADVDATA_FULL_NAME;
    init.advdata.include_appearance = false;
    init.advdata.flags              = BLE_GAP_ADV_FLAGS_LE_ONLY_LIMITED_DISC_MODE; // TODO: GENERAL MODE for advertising infinitely

    init.srdata.uuids_complete.uuid_cnt = sizeof(m_adv_uuids) / sizeof(m_adv_uuids[0]);
    init.srdata.uuids_complete.p_uuids  = m_adv_uuids;

    init.config.ble_adv_fast_enabled  = true;
    init.config.ble_adv_fast_interval = APP_ADV_INTERVAL;
    init.config.ble_adv_fast_timeout  = APP_ADV_DURATION;
    init.evt_handler = on_adv_evt;

    err_code = ble_advertising_init(&m_advertising, &init);
    APP_ERROR_CHECK(err_code);

    ble_advertising_conn_cfg_tag_set(&m_advertising, APP_BLE_CONN_CFG_TAG);
}

/**@brief Function for starting advertising.
 */
void advertising_start(void)
{
    uint32_t err_code = ble_advertising_start(&m_advertising, BLE_ADV_MODE_FAST);
    APP_ERROR_CHECK(err_code);
}


void ble_get_m_conn_handler(uint16_t *p_m_conn_handle){
    p_m_conn_handle = &m_conn_handle;
}

void ble_get_m_advertising(ble_advertising_t *p_m_adverting){
    p_m_adverting = &m_advertising;
}

void ble_get_m_nus(ble_nus_t *p_m_nus){
    p_m_nus = &m_nus;
}


ret_code_t ble_send_data(uint8_t * p_data, uint16_t p_length){
    ret_code_t err_code;
    
    err_code = ble_nus_data_send(&m_nus, p_data, &p_length, m_conn_handle);
    if ((err_code != NRF_ERROR_INVALID_STATE) &&
        (err_code != NRF_ERROR_RESOURCES) &&
        (err_code != NRF_ERROR_NOT_FOUND)){
        APP_ERROR_CHECK(err_code);
    }
    return err_code;
}

/**@brief Function for stopping advertising.
 */
void advertising_stop(void)
{
    ret_code_t err_code = NRF_SUCCESS;

    if (m_advertising.adv_handle != (uint8_t)BLE_GAP_ADV_SET_HANDLE_NOT_SET)
    {
        NRF_LOG_INFO("BLE Stop advertising.");
        err_code = sd_ble_gap_adv_stop(m_advertising.adv_handle);
        if (err_code != NRF_ERROR_INVALID_STATE)
        {
            APP_ERROR_CHECK(err_code);
        }
        m_advertising.adv_handle = (uint8_t)BLE_GAP_ADV_SET_HANDLE_NOT_SET;
        NRF_LOG_INFO("BLE advertising STOPPED");
    } 
}

void advertising_restart(void){
    //uint32_t err_code = ble_advertising_restart_without_whitelist(&m_advertising);
    uint32_t err_code = sd_ble_gap_adv_start(m_advertising.adv_handle, m_advertising.conn_cfg_tag);
    APP_ERROR_CHECK(err_code);    
}

  • Hi,

    Please confirm that you are calling nrf_ble_lesc_request_handler() from your main loop like the idle_state_handle() does in ble_app_hrs. This could possibly explain why the bonding procedure times out. 

  • Missed that one! Thanks, I added that call and now it seems to work.

    00> <debug> nrf_ble_gatt: Requesting to update ATT MTU to 247 bytes on connection 0x0.
    00> 
    00> <debug> nrf_ble_gatt: Updating data length to 251 on connection 0x0.
    00> 
    00> <info> app: Connected
    00> 
    00> <debug> peer_manager_handler: Event PM_EVT_CONN_SEC_START
    00> 
    00> <debug> peer_manager_handler: Connection security procedure started: role: Peripheral, conn_handle: 0, procedure: Bonding
    00> 
    00> <debug> peer_manager_handler: Event PM_EVT_CONN_SEC_PARAMS_REQ
    00> 
    00> <debug> peer_manager_handler: Security parameter request
    00> 
    00> <debug> app: BLE_GAP_EVT_SEC_PARAMS_REQUEST
    00> 
    00> <debug> nrf_ble_gatt: ATT MTU updated to 247 bytes on connection 0x0 (response).
    00> 
    00> <info> app: Data len is set to 0xF4(244)
    00> 
    00> <debug> app: ATT MTU exchange completed. central 0xF7 peripheral 0xF7
    00> 
    00> <debug> nrf_ble_gatt: Data length updated to 123 on connection 0x0.
    00> 
    00> <debug> nrf_ble_gatt: max_rx_octets: 123
    00> 
    00> <debug> nrf_ble_gatt: max_tx_octets: 123
    00> 
    00> <debug> nrf_ble_gatt: max_rx_time: 1096
    00> 
    00> <debug> nrf_ble_gatt: max_tx_time: 1096
    00> 
    00> <debug> app: ATT MTU exchange completed. central 0xF7 peripheral 0xF7
    00> 
    00> <debug> nrf_ble_lesc: BLE_GAP_EVT_LESC_DHKEY_REQUEST
    00> 
    00> <info> app: BLE_GAP_EVT_LESC_DHKEY_REQUEST
    00> 
    00> <info> nrf_ble_lesc: Calling sd_ble_gap_lesc_dhkey_reply on conn_handle: 0
    00> 
    00> <debug> nrf_ble_gatt: Peer on connection 0x0 requested a data length of 123 bytes.
    00> 
    00> <debug> nrf_ble_gatt: Updating data length to 123 on connection 0x0.
    00> 
    00> <debug> nrf_ble_gatt: Data length updated to 123 on connection 0x0.
    00> 
    00> <debug> nrf_ble_gatt: max_rx_octets: 123
    00> 
    00> <debug> nrf_ble_gatt: max_tx_octets: 123
    00> 
    00> <debug> nrf_ble_gatt: max_rx_time: 1096
    00> 
    00> <debug> nrf_ble_gatt: max_tx_time: 1096
    00> 
    00> <debug> app: ATT MTU exchange completed. central 0xF7 peripheral 0xF7
    00> 
    00> <debug> peer_manager_handler: Event PM_EVT_CONN_SEC_SUCCEEDED
    00> 
    00> <info> peer_manager_handler: Connection secured: role: Peripheral, conn_handle: 0, procedure: Bonding
    00> 
    00> <info> app: BLE_GAP_EVT_AUTH_STATUS: status=0x0 bond=0x1 lv4: 0 kdist_own:0x3 kdist_peer:0x2
    00> 
    00> <debug> peer_manager_handler: Event PM_EVT_PEER_DATA_UPDATE_SUCCEEDED
    00> 
    00> <debug> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Bonding data, action: Update
    00> 
    00> <debug> peer_manager_handler: Event PM_EVT_PEER_DATA_UPDATE_SUCCEEDED
    00> 
    00> <debug> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Peer rank, action: Update
    00> 
    00> <debug> peer_manager_handler: Event PM_EVT_PEER_DATA_UPDATE_SUCCEEDED
    00> 
    00> <debug> peer_manager_handler: Peer data updated in flash: peer_i<debug> peer_manager_handler: Event PM_EVT_PEER_DATA_UPDATE_SUCCEEDED
    00> 
    00> <debug> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Central address resolution, action: Update

    So now the link is encrypted right?

    In the HRS example and in my equivalent custom application, is the link encrypted only when the bonding is performed? Or also when the device is just connected?

    I tried to follow the explanation in this post but I don't know what's the difference between Connected and Paired. In nRFconnect app I can connect and bond, but I don't see any "Pair" option.

    Thanks a lot

  • Excellent! Yes, the link is encrypted after the BLE_GAP_EVT_AUTH_STATUS event. Note that in order to require encryption to access certain characteristics you need to make sure the security level is not set to 'SEC_OPEN' like in the ble_app_hrs example as that would allow the GATT client to access the characteristics without bonding. 

  • So the link is secured only after bonding, because it's then when I see that BLE_GAP_EVT_AUTH_STATUS event.

    I tried to increase the security level and I understand how to do that for the HRS service in that example, but as you can see in my code what I actually use is the NUS service and I can't find there any option to set the security level, following the UART example. How can I secure that service?

    Alternatively, I tried to activate MITM for requiring encryption since the first connection like this:

    #define SEC_PARAM_BOND 1 /**< Perform bonding. */
    #define SEC_PARAM_MITM 1 /**< Man In The Middle protection required. */
    #define SEC_PARAM_LESC 1 /**< LE Secure Connections enabled. */
    #define SEC_PARAM_KEYPRESS 0 /**< Keypress notifications not enabled. */
    #define SEC_PARAM_IO_CAPABILITIES BLE_GAP_IO_CAPS_NONE /**< No I/O capabilities. */
    #define SEC_PARAM_OOB 0 /**< Out Of Band data not available. */
    #define SEC_PARAM_MIN_KEY_SIZE 7 /**< Minimum encryption key size. */
    #define SEC_PARAM_MAX_KEY_SIZE 16 /**< Maximum encryption key size. */

    But I get a fatal error because "Must have either IO capabilities or OOB if MITM".

    This means either SEC_PARAM_IO_CAPABILITIES should be set to yes/no at least or OOB activated right? But I don't know how to use any of these options.

    • With IO capabilities do I have to provide a hardware interface (e.g. button in my board) for the user to accept? How is this done, is there any example?
    • What is exactly OOB? It does require a different channel e.g. NFC which I probably don't have in my board, right?

    So I see 3 alternatives but I don't know how to implement any of those: secure NUS service, implement Yes/No capabilities, implement OOB. What should I do?

  • Hi, , did a more extensive check and I found a problem:

    1. Erase chip and program SD and application. Run application. OK
    2. Connect to chip from Android nRF Connect. OK
    3. Bond from nRF Connect. OK
    4. Disconnect from nRF connect. OK
    5. Connect again from nRF connect. Error: nRF connect says disconnected
    6. Reset board and try to connect again. Same error as in step 5.

    If aftewards I delete bond information from APP and try to re-connect, Android pops up a request to accept bonding (I guess because my board has stored peer as bonded). It doesn't work even if I accept.

    Here you have the full log:

    CONNECT and BOND from APP
    
    00> 
    00> <debug> nrf_ble_lesc: Initialized nrf_crypto.
    00> 
    00> <debug> nrf_ble_lesc: Initialized nrf_ble_lesc.
    00> 
    00> <debug> nrf_ble_lesc: Generating ECC key pair
    00> 
    00> Init finished. Debug logging for UART over RTT started.
    00> 
    00> <debug> nrf_ble_gatt: Requesting to update ATT MTU to 247 bytes on connection 0x0.
    00> 
    00> <debug> nrf_ble_gatt: Updating data length to 251 on connection 0x0.
    00> 
    00> <info> app: Connected
    00> 
    00> <debug> nrf_ble_gatt: ATT MTU updated to 247 bytes on connection 0x0 (response).
    00> 
    00> <info> app: Data len is set to 0xF4(244)
    00> 
    00> <debug> app: ATT MTU exchange completed. central 0xF7 peripheral 0xF7
    00> 
    00> <debug> nrf_ble_gatt: Data length updated to 123 on connection 0x0.
    00> 
    00> <debug> nrf_ble_gatt: max_rx_octets: 123
    00> 
    00> <debug> nrf_ble_gatt: max_tx_octets: 123
    00> 
    00> <debug> nrf_ble_gatt: max_rx_time: 1096
    00> 
    00> <debug> nrf_ble_gatt: max_tx_time: 1096
    00> 
    00> <debug> app: ATT MTU exchange completed. central 0xF7 peripheral 0xF7
    00> 
    00> <debug> nrf_ble_gatt: Peer on connection 0x0 requested a data length of 123 bytes.
    00> 
    00> <debug> nrf_ble_gatt: Updating data length to 123 on connection 0x0.
    00> 
    00> <debug> nrf_ble_gatt: Data length updated to 123 on connection 0x0.
    00> 
    00> <debug> nrf_ble_gatt: max_rx_octets: 123
    00> 
    00> <debug> nrf_ble_gatt: max_tx_octets: 123
    00> 
    00> <debug> nrf_ble_gatt: max_rx_time: 1096
    00> 
    00> <debug> nrf_ble_gatt: max_tx_time: 1096
    00> 
    00> <debug> app: ATT MTU exchange completed. central 0xF7 peripheral 0xF7
    00> 
    00> <debug> peer_manager_handler: Event PM_EVT_CONN_SEC_START
    00> 
    00> <debug> peer_manager_handler: Connection security procedure started: role: Peripheral, conn_handle: 0, procedure: Bonding
    00> 
    00> <debug> peer_manager_handler: Event PM_EVT_CONN_SEC_PARAMS_REQ
    00> 
    00> <debug> peer_manager_handler: Security parameter request
    00> 
    00> <debug> app: BLE_GAP_EVT_SEC_PARAMS_REQUEST
    00> 
    00> <debug> nrf_ble_lesc: BLE_GAP_EVT_LESC_DHKEY_REQUEST
    00> 
    00> <info> app: BLE_GAP_EVT_LESC_DHKEY_REQUEST
    00> 
    00> <info> nrf_ble_lesc: Calling sd_ble_gap_lesc_dhkey_reply on conn_handle: 0
    00> 
    00> <debug> peer_manager_handler: Event PM_EVT_CONN_SEC_SUCCEEDED
    00> 
    00> <info> peer_manager_handler: Connection secured: role: Peripheral, conn_handle: 0, procedure: Bonding
    00> 
    00> <info> app: BLE_GAP_EVT_AUTH_STATUS: status=0x0 bond=0x1 lv4: 0 kdist_own:0x3 kdist_peer:0x2
    00> 
    00> <debug> peer_manager_handler: Event PM_EVT_PEER_DATA_UPDATE_SUCCEEDED
    00> 
    00> <debug> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Bonding data, action: Update
    00> 
    00> <debug> peer_manager_handler: Event PM_EVT_PEER_DATA_UPDATE_SUCCEEDED
    00> 
    00> <debug> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Peer rank, action: Update
    00> 
    00> <debug> peer_manager_handler: Event PM_EVT_PEER_DATA_UPDATE_SUCCEEDED
    00> 
    00> <debug> peer_manager_handler: Peer data updated in flash: peer_i<debug> peer_manager_handler: Event PM_EVT_PEER_DATA_UPDATE_SUCCEEDED
    00> 
    00> <debug> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Central address resolution, action: Update
    
    DISCONNECT from APP
    
    00> 
    00> <info> app: Disconnected, reason 19.
    00> 
    
    RE-CONNECT from APP
    
    00> 
    00> <debug> nrf_ble_gatt: Requesting to update ATT MTU to 247 bytes on connection 0x0.
    00> 
    00> <debug> nrf_ble_gatt: Updating data length to 251 on connection 0x0.
    00> 
    00> <debug> peer_manager_handler: Event PM_EVT_BONDED_PEER_CONNECTED
    00> 
    00> <debug> peer_manager_handler: Previously bonded peer connected: role: Peripheral, conn_handle: 0, peer_id: 0
    00> 
    00> <debug> peer_manager_handler: Event PM_EVT_CONN_SEC_PARAMS_REQ
    00> 
    00> <debug> peer_manager_handler: Security parameter request
    00> 
    00> EEDED
    00> 
    00> d: 0, data_id: Peer rank, action: Update
    00> 
    00> <debug> nrf_ble_gatt: ATT MTU updated to 247 bytes on connection 0x0 (response).
    00> 
    00> <info> app: Data len is set to 0xF4(244)
    00> 
    00> <debug> app: ATT MTU exchange completed. central 0xF7 peripheral 0xF7
    00> 
    00> <debug> peer_manager_handler: Event PM_EVT_CONN_SEC_START
    00> 
    00> <debug> peer_manager_handler: Connection security procedure started: role: Peripheral, conn_handle: 0, procedure: Encryption
    00> 
    00> <debug> peer_manager_handler: Event PM_EVT_CONN_SEC_SUCCEEDED
    00> 
    00> <info> peer_manager_handler: Connection secured: role: Peripheral, conn_handle: 0, procedure: Encryption
    00> 
    00> <debug> peer_manager_handler: Event PM_EVT_PEER_DATA_UPDATE_SUCCEEDED
    00> 
    00> <debug> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Peer rank, action: Update
    00> 
    00> <info> app: Disconnected, reason 42.
    
    DELETE BOND from APP and RE-CONNECT
    
    00> 
    00> <debug> nrf_ble_gatt: Requesting to update ATT MTU to 247 bytes on connection 0x0.
    00> 
    00> <debug> nrf_ble_gatt: Updating data length to 251 on connection 0x0.
    00> 
    00> <debug> peer_manager_handler: Event PM_EVT_BONDED_PEER_CONNECTED
    00> 
    00> <debug> peer_manager_handler: Previously bonded peer connected: role: Peripheral, conn_handle: 0, peer_id: 0
    00> 
    00> <debug> peer_manager_handler: Event PM_EVT_CONN_SEC_PARAMS_REQ
    00> 
    00> <debug> peer_manager_handler: Security parameter request
    00> 
    00> EEDED
    00> 
    00> d: 0, data_id: Peer rank, action: Update
    00> 
    00> <debug> nrf_ble_gatt: ATT MTU updated to 247 bytes on connection 0x0 (response).
    00> 
    00> <info> app: Data len is set to 0xF4(244)
    00> 
    00> <debug> app: ATT MTU exchange completed. central 0xF7 peripheral 0xF7
    00> 
    00> <debug> peer_manager_handler: Event PM_EVT_CONN_SEC_START
    00> 
    00> <debug> peer_manager_handler: Connection security procedure started: role: Peripheral, conn_handle: 0, procedure: Encryption
    00> 
    00> <debug> peer_manager_handler: Event PM_EVT_CONN_SEC_SUCCEEDED
    00> 
    00> <info> peer_manager_handler: Connection secured: role: Peripheral, conn_handle: 0, procedure: Encryption
    00> 
    00> <debug> peer_manager_handler: Event PM_EVT_PEER_DATA_UPDATE_SUCCEEDED
    00> 
    00> <debug> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Peer rank, action: Update
    00> 
    00> <info> app: Disconnected, reason 42.

Related