• State Verified Answer
  • Replies 4 replies
  • Subscribers 87 subscribers
  • Views 584 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 259482
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Discovery before encryption

T IJ

Hello DevZone,

Perhip: PCA10040 SDK 15.0.0, SD 6.0.0

Central: PCA10056 SDK 15.0.0, SD 6.0.0

I am working on a BLE project and we need to make sure our link is secured.

I have followed some examples on how to setup a secure link and in my BLE_GAP_EVT_CONNECTED I call the following functions.

err_code = pm_conn_secure(p_gap_evt->conn_handle, false);
APP_ERROR_CHECK(err_code);

err_code = ble_handles_assign(&m_Central_c[p_gap_evt->conn_handle],
                              p_gap_evt->conn_handle,
                              NULL);
APP_ERROR_CHECK(err_code);

err_code = ble_db_discovery_start(&m_db_disc[p_gap_evt->conn_handle],
                                  p_gap_evt->conn_handle);
if (err_code != NRF_ERROR_BUSY)
{
    APP_ERROR_CHECK(err_code);
}

I can see using the BLE sniffer that a link encryption is requested but the entire discovery phase is still unencrypted. The data transmitted between the central and peripheral is encrypted. If I run the encrypted example everything after the pairing request is encrypted.

If I delete the  bonding on one of the devices and dont force repairing I see that the master sends out a pariring request with bonding, MITM, secure connection.

How does it come that the discovery phase isnt secured?

Parents
  • +1

    Hi Tom,

    Calling pm_conn_secure does not secure the link immediately. This is an asynchronous call and the request is queued inside the softdevice when all the requirements for the keys are met. It takes one to few connection interval for the softdevice to secure the link. And then the application is notified with an event PM_EVT_CONN_SEC_SUCCEEDED.

    May be you should start the discovery procedure after the link is encrypted and the application is notified that the link is secured,

Reply
  • +1

    Hi Tom,

    Calling pm_conn_secure does not secure the link immediately. This is an asynchronous call and the request is queued inside the softdevice when all the requirements for the keys are met. It takes one to few connection interval for the softdevice to secure the link. And then the application is notified with an event PM_EVT_CONN_SEC_SUCCEEDED.

    May be you should start the discovery procedure after the link is encrypted and the application is notified that the link is secured,

Children
Related
Terms of service