• State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 76 subscribers
  • Views 856 views
  • Users 0 members are here
Attachments (3) Download All
Nordic Case Info
  • Case ID: 252230
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

nRF51 just work paring and bonding

Mehdi

Hi,

I'm developing on nRF51422 board and I'm currently adding BLE security just work feature based on SDK12.3.0 using softdevice s130_2.0.1(nRF is used as BLE peripheral).

So i configured peer manager as below : 

void peer_manager_init(bool erase_bonds)
{
    ble_gap_sec_params_t sec_param;
    ret_code_t           err_code=NRF_SUCCESS;

    err_code = pm_init();
    APP_ERROR_CHECK(err_code);

    if (erase_bonds)
    {
        err_code = pm_peers_delete();
        APP_ERROR_CHECK(err_code);
    }

    memset(&sec_param, 0, sizeof(ble_gap_sec_params_t));

    // Security parameters to be used for all security procedures.
		
	sec_param.bond           = 1;
	sec_param.mitm           = 0;
	sec_param.lesc           = 1;
	sec_param.keypress       = 0;
	sec_param.io_caps        = BLE_GAP_IO_CAPS_NONE;
    
    sec_param.oob            = 0;
    sec_param.min_key_size   = 7;
    sec_param.max_key_size   = 16;
    sec_param.kdist_own.enc  = 1;
    sec_param.kdist_own.id   = 1;
    sec_param.kdist_peer.enc = 1;
    sec_param.kdist_peer.id  = 1;

    err_code = pm_sec_params_set(&sec_param);
    APP_ERROR_CHECK(err_code);

    err_code = pm_register(pm_evt_handler);
    APP_ERROR_CHECK(err_code);
		
		err_code = fds_register(fds_evt_handler);
    APP_ERROR_CHECK(err_code);


		nrf_crypto_init();

		err_code = nrf_crypto_public_key_compute(NRF_CRYPTO_CURVE_SECP256R1, &m_crypto_key_sk, &m_crypto_key_pk);
		APP_ERROR_CHECK(err_code);

		/* Set the public key */
		err_code = pm_lesc_public_key_set(&m_lesc_pk);
		APP_ERROR_CHECK(err_code);	
		
}

In my case, the nRF board is connected with mobile through a costume android application.

As you see in this capture, when the mobile request for pairing(when trying to enable notification), the nRF respond with IO Capability No Input, No Output and MITM protection is disabled(as expected), to ensure just work security method and than nRF exchange.

Than, nRF exchange with the mobile paring keys, check DHKey and start the encryption (see capture for more details).

After a few seconds, the mobile loss connection with nRF51.

To better understand this issue, I connected nRF51 with mobile through nRFconnect application for android, I enabled notification a first time for pairing exchanges, once the pairing exchange has proceeded, I enabled notification for the seconds to let nRF send data to the mobile, but I get the same issue.

According to the attached data, is there something missing on the mobile implementation or embedded implementation  ?? 

Please find attached all the sniffing traces.

BLE_SECURE_WITH_BIOS_APP_NRF_16_1.pcapng

Best Regards

Mehdi.

  • +1

    Hello,

    I think I solve it, in fact, previously, the write and read permission of my characteristics are set as below : 

    BLE_GAP_CONN_SEC_MODE_SET_LESC_ENC_WITH_MITM(&attr_md.read_perm);/*those value should be encrypted*/
BLE_GAP_CONN_SEC_MODE_SET_LESC_ENC_WITH_MITM(&attr_md.write_perm);

    Knowing that just work paring method is desired, the MITM should be disabled as shows the code below:  

    BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&attr_md.read_perm);
BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&attr_md.write_perm);

    Now, I'm able to enable characteristics and exchange data with nRFconnect.

    After all, I want to know if there is no other modification to do to ensure security using just work pairing method.

    Best Regards,

    Mehdi.

  • 0

    Note that nRF51 is not recommended for new BLE designs (and has not been for some time now):

    devzone.nordicsemi.com/.../169728

    Mehdi said:
    I think I solve it

Related
Terms of service