Pair Device with Legacy Connection OOB preshared key, using Android NRF connect

Hi

Can you provide the log you see in the Android nRFConnect app when you try bonding to the peripheral? We should be able to see an error code of some kind I think. Also, what Android device are you using when seeing this issue?

Please also provide some information of how the pairing is done in your application.

Best regards,

Simon

Hi Simonr,

Simonr said:

Please also provide some information of how the pairing is done in your application.

The pairing is done like that :

So i have enabled these parameters in sdk_config file :

PEER_MANAGER_ENABLED 1, FDS_ENABLED 1 and NRF_FSTORAGE_ENABLED 1.

Here is the peer_manager_init and its handler :

/**@brief Function for handling Peer Manager events.
 *
 * @param[in] p_evt  Peer Manager event.
 */
static void pm_evt_handler(pm_evt_t const * p_evt)
{
    pm_handler_on_pm_evt(p_evt);
    pm_handler_disconnect_on_sec_failure(p_evt);
    pm_handler_flash_clean(p_evt);

    switch (p_evt->evt_id)
    {
        case PM_EVT_PEERS_DELETE_SUCCEEDED:
        {
            advertising_start();
        }
        break;

        default:
        {
            //Others events are handled by the peer manager
        }
        break;
    }
}

/**@brief Function for the Peer Manager initialization.
 */
static void peer_manager_init(void)
{
    ble_gap_sec_params_t sec_param;
    ret_code_t           err_code;

    err_code = pm_init();
    APP_ERROR_CHECK(err_code);

    memset(&sec_param, 0, sizeof(ble_gap_sec_params_t));

    // Security parameters to be used for all security procedures.
    sec_param.bond           = SEC_PARAM_BOND;
    sec_param.mitm           = SEC_PARAM_MITM;
    sec_param.lesc           = SEC_PARAM_LESC;
    sec_param.keypress       = SEC_PARAM_KEYPRESS;
    sec_param.io_caps        = SEC_PARAM_IO_CAPABILITIES;
    sec_param.oob            = SEC_PARAM_OOB;
    sec_param.min_key_size   = SEC_PARAM_MIN_KEY_SIZE;
    sec_param.max_key_size   = SEC_PARAM_MAX_KEY_SIZE;
    sec_param.kdist_own.enc  = 0; //no long term key
    sec_param.kdist_own.id   = 0; // no resolvable address irk
    sec_param.kdist_peer.enc = 0; //no long term key
    sec_param.kdist_peer.id  = 0; // no resolvable address irk

    err_code = pm_sec_params_set(&sec_param);
    APP_ERROR_CHECK(err_code);

    err_code = pm_register(pm_evt_handler);
    APP_ERROR_CHECK(err_code);
}

Here are the Peer manager parameters :

/* ----Security parameters for Peer Manager--------- */
#define SEC_PARAM_BOND                  0                                       /**< No perform bonding. */
#define SEC_PARAM_MITM                  1                                       /**< Man In The Middle protection required for OOB to work */
#define SEC_PARAM_LESC                  0                                       /**< LE Secure Connections not enabled. */
#define SEC_PARAM_KEYPRESS              0                                       /**< Keypress notifications not enabled. */
#define SEC_PARAM_IO_CAPABILITIES       BLE_GAP_IO_CAPS_NONE                    /**< No I/O capabilities. */
#define SEC_PARAM_OOB                   1                                       /**< Out Of Band data available. */ //AKR
#define SEC_PARAM_MIN_KEY_SIZE          7                                       /**< Minimum encryption key size. */
#define SEC_PARAM_MAX_KEY_SIZE          16                                      /**< Maximum encryption key size. */

The key is shared when the BLE_GAP_EVT_AUTH_KEY_REQUEST event occurs :

        // Upon authentication key request, reply with the preshared key in the device.
        case BLE_GAP_EVT_AUTH_KEY_REQUEST:
        {

            NRF_LOG_INFO("BLE_GAP_EVT_AUTH_KEY_REQUEST");

            //Need to obtain the pre shared key sending a request to the host
            /*
            *
            *
            */

            err_code = sd_ble_gap_auth_key_reply(p_ble_evt->evt.gatts_evt.conn_handle,
                                                 BLE_GAP_AUTH_KEY_TYPE_OOB,
                                                 key_auth);
            APP_ERROR_CHECK(err_code);
        }

When i switch in bonding mode i change these parameters :

sec_param.bond = true;
sec_param.kdist_own.enc = 1;
sec_param.kdist_own.id = 1;
sec_param.kdist_peer.enc = 1;
sec_param.kdist_peer.id = 1;

Simonr said:

Can you provide the log you see in the Android nRFConnect app when you try bonding to the peripheral? We should be able to see an error code of some kind I think. Also, what Android device are you using when seeing this issue?

Here are the logs :

I have removed the logs about the services discovered.

So it seems that the bonding succeeded, but the Android app haven't asked me the Key, and after I have tried to read my characteristic and it failed, of course because  my characteristic is protected and no pairing key was asked.

My Android phone is an Oppo A5 with Android 10 version (Android Q) and Oppo custom version ColorOS 7.1

Simonr said:

Can you provide the log you see in the Android nRFConnect app when you try bonding to the peripheral? We should be able to see an error code of some kind I think. Also, what Android device are you using when seeing this issue?

Here are the logs :

I have removed the logs about the services discovered.

So it seems that the bonding succeeded, but the Android app haven't asked me the Key, and after I have tried to read my characteristic and it failed, of course because  my characteristic is protected and no pairing key was asked.

My Android phone is an Oppo A5 with Android 10 version (Android Q) and Oppo custom version ColorOS 7.1