• State Verified Answer
  • Replies 3 replies
  • Subscribers 87 subscribers
  • Views 1605 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 258406
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Connection security failed: PM_CONN_SEC_ERROR_PIN_OR_KEY_MISSING after several reconnects

Constantin

Hi,

we are facing the following error. We bond our device (peripheral S140, SDK 15.3) with the following settings with iOS devices:

#define SEC_PARAM_BOND                  1                                       // Perform bonding.
#define SEC_PARAM_MITM                  1                                       // Man In The Middle protection not required.
#define SEC_PARAM_LESC                  1                                       // LE Secure Connections not enabled.
#define SEC_PARAM_KEYPRESS              0                                       // Keypress notifications not enabled.
#define SEC_PARAM_IO_CAPABILITIES       BLE_GAP_IO_CAPS_DISPLAY_ONLY
#define SEC_PARAM_OOB                   0                                       // Out Of Band data not available.
#define SEC_PARAM_MIN_KEY_SIZE          7                                       // Minimum encryption key size.
#define SEC_PARAM_MAX_KEY_SIZE          16                                      // Maximum encryption key size.

After a lot of reconnects with our app we are getting sometime the error:

```

<info> peer_manager_handler: Connection security failed: role: Peripheral, conn_handle: 0x0, procedure: Encryption, error: 4102

<warning> peer_manager_handler: Disconnecting conn_handle 0.

<debug> BLE_CONN_HANDLER: PM_EVT_CONN_SEC_FAILED

```

In our code there is pm_peer_delete(p_evt->peer_id); in case a PM_EVT_CONN_SEC_FAILED happened. If we do not delete the peer what would be the best procedure?

Thanks in advance,

C.W:

  • 0

    Hi,

    Are you calling pm_peer_delete() from PM_EVT_CONN_SEC_FAILED to allow iOS to re-pair on the next connection? The risk of doing that is that you end up deleting the bonding info even if PM_EVT_CONN_SEC_FAILED  was just caused by a temporary issue like a sudden disconnect. Another alternative may be to set the .allow_repairing flag as I explained in this other thread: https://devzone.nordicsemi.com/f/nordic-q-a/51274/bonding-doesn-t-work-after-deleting-bond-info-on-nrf-connect

    Best regards,

    Vidar

     

  • 0 in reply to Vidar Berg

    Okay this solved some issues. But with one Iphone we are still getting sometimes the following issue:

    	case BLE_GAP_EVT_AUTH_STATUS:
		NRF_LOG_INFO("BLE_GAP_EVT_AUTH_STATUS: status=0x%x bond=0x%x lv4: %d kdist_own:0x%x kdist_peer:0x%x",
				p_ble_evt->evt.gap_evt.params.auth_status.auth_status,
				p_ble_evt->evt.gap_evt.params.auth_status.bonded,
				p_ble_evt->evt.gap_evt.params.auth_status.sm1_levels.lv4,
				*((uint8_t *)&p_ble_evt->evt.gap_evt.params.auth_status.kdist_own),
				*((uint8_t *)&p_ble_evt->evt.gap_evt.params.auth_status.kdist_peer));
		if(BLE_GAP_SEC_STATUS_PAIRING_NOT_SUPP == p_ble_evt->evt.gap_evt.params.auth_status.auth_status){
			pm_peer_delete(p_ble_evt->evt.gap_evt.params.auth_status.kdist_peer.id);
			pm_peers_delete();
		}
		if(BLE_GAP_SEC_STATUS_UNSPECIFIED == p_ble_evt->evt.gap_evt.params.auth_status.auth_status){
			NRF_LOG_INFO("Doing a reset ... this only happens because the device was completely erased.");
			sd_nvic_SystemReset();
		}

    As one can see if this happens all peers are deleted. But we cannot figure out why this BLE_GAP_SEC_STATUS_PAIRING_NOT_SUPP status can happen? Since the pair already exists.

    Best regards,

    C.W

  • +1 in reply to Constantin

    Okay we cannot remember how this part ended up in our code but it seems to be the issue. By deleting the entire case solved the issue of unresolved peer deletes during reconnect.

Related
Terms of service