This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Zephyr BLE static passkey between central and peripheral on two nrf52840s

Hi!

I am trying to develop a way for a Bluetooth Central and Bluetooth Peripheral using Secure Connections (security mode 1 level 2 if I'm not mistaken) using a static passkey. Both the Central and the Peripheral are nrf52840s, using the Connect SDK/Zephyr on both.

I have managed to get the Zephyr Heart Rate samples running on both devices (central_hr and peripheral_hr), however I am somewhat at a loss of how to change the code to enable static passkeys. Both devices will operate without any IO capability, such that the wanted feature is for the central and peripheral to pair only if they share the same (permanently stored) static passkey.

My understanding is that in order to achieve this, both devices has to communicate their IO capabilities are NoInputNoOutput with the MITM flag set high and CONFIG_BT_FIXED_PASSKEY to be enabled. I would like to build upon the Heart Rate example to test this features success. My questions are:

1) Where in the code should bt_passkey_set(unsigned in passkey) be placed, both for central and peripheral example?

2) How/where do I communicate the Centrals IO capabilities? I've found explanations with regards to the Peripheral, but haven't found this for the Central and don't quite get it from the example code.

3) Is there a possibility to be guided with instructions in order to move from the central_hr + peripheral_hr example to a working "central_hr_static_passkey" + "peripheral_hr_static_passkey"-example?

Code for the central_hr: https://github.com/zephyrproject-rtos/zephyr/blob/master/samples/bluetooth/central_hr/src/main.c

Code fir the peripheral_hr: https://github.com/zephyrproject-rtos/zephyr/blob/master/samples/bluetooth/peripheral_hr/src/main.c

Please do tell if more information is needed or if I in any way can aid in this inquery.

Thanks a lot in advance,

Jonas

Parents Reply
  • Thanks a ton Kenneth for your reply! .

    I am going through the tutorials .  Btw, I understood setting MITM .What really confuses me is the logic behind the security implementation from SIG. While I used this example for testing the passkey pairing, I found that , when the peer device ( another nRF kit connected to windows lap nRF Connect BLE app loaded with connectivity firmware) changed its I/O capabilities to nokeyboard-nodisplay, the pairing happens though and it follows Just works(Level 2), I further came to conclusion that this dynamic changing of security pairing method happens as described in here . 

    I find a security breach here , as the example is set to connect with peers only via passkey method , but  if the peer device finds a way to manipulate its IO capabilities as nokeyboard-nodisplay then, it could make connect via just works. So what the use in having passkey secure pairing implementation.

    Later I read here that we can force to a security level here .through bt_conn_security(), as it was not implicitly provided by any GATT service. I am going to test this now. 

    It would be great if you could get back and comment on my understanding.

    Regards/Mohan 

Children
  • smohan said:
    I find a security breach here , as the example is set to connect with peers only via passkey method , but  if the peer device finds a way to manipulate its IO capabilities as nokeyboard-nodisplay then, it could make connect via just works. So what the use in having passkey secure pairing implementation.

    When you configure the GATT database, then you set the security level required to access these characteristics, so if the bond is established with lower than the intended security level, then the peer will not be able to write or read to these characteristics.

    Kenneth

  • Hi ,

    I would like to have the same functionality as you described in the ticket. I can connect using static pass-key and nrf connect applications yet our goal is to have two nrf52840 (one as peripheral and one as central). Have you implemented central side code?

Related