This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is there an API that can get the authentication method?

Hello.
I am developing using nrf52832 (S132 v7.0.1, SDK v17.0.0) as a peripheral device.

I want to know the authentication method of the central device when the connection is established.
Is there an API that can get the authentication method?

Also, when BLE_GAP_EVT_CONNECTED of ble_evt_handler is called, you can see the security parameters by checking "p_ble_evt-> evt-> gap_evt-> params-> sec_params_request-> peer_params".
Is it possible to know the authentication method of the central device by comparing it with the value on the following site and checking the authentication method?

Best regards.

Top Replies

Sigurd over 4 years ago in reply to sdi_kei +1 verified

Hi, I could not find a API for that. But in BLE_GAP_EVT_SEC_PARAMS_REQUEST you get the I/O capabilities of the other device. Depending on the method used, you will get different events. See these Message…

Parents

0 Sigurd over 4 years ago

Hi,

You can get the getting the security status of a connection using pm_conn_sec_status_get()

You also have the BLE_GAP_EVT_AUTH_STATUS event (Authentication procedure completed event)

         case BLE_GAP_EVT_AUTH_STATUS:
             NRF_LOG_INFO("BLE_GAP_EVT_AUTH_STATUS: status=0x%x bond=0x%x lv4: %d kdist_own:0x%x kdist_peer:0x%x",
                          p_ble_evt->evt.gap_evt.params.auth_status.auth_status,
                          p_ble_evt->evt.gap_evt.params.auth_status.bonded,
                          p_ble_evt->evt.gap_evt.params.auth_status.sm1_levels.lv4,
                          *((uint8_t *)&p_ble_evt->evt.gap_evt.params.auth_status.kdist_own),
                          *((uint8_t *)&p_ble_evt->evt.gap_evt.params.auth_status.kdist_peer));

Reply

0 Sigurd over 4 years ago

Hi,

You can get the getting the security status of a connection using pm_conn_sec_status_get()

You also have the BLE_GAP_EVT_AUTH_STATUS event (Authentication procedure completed event)

         case BLE_GAP_EVT_AUTH_STATUS:
             NRF_LOG_INFO("BLE_GAP_EVT_AUTH_STATUS: status=0x%x bond=0x%x lv4: %d kdist_own:0x%x kdist_peer:0x%x",
                          p_ble_evt->evt.gap_evt.params.auth_status.auth_status,
                          p_ble_evt->evt.gap_evt.params.auth_status.bonded,
                          p_ble_evt->evt.gap_evt.params.auth_status.sm1_levels.lv4,
                          *((uint8_t *)&p_ble_evt->evt.gap_evt.params.auth_status.kdist_own),
                          *((uint8_t *)&p_ble_evt->evt.gap_evt.params.auth_status.kdist_peer));

Children

0 sdi_kei over 4 years ago in reply to Sigurd

Hello.

thank you for your answer.
I know I can get the status of the connection, but looking at that information doesn't tell me which authentication method to use.
The authentication methods I would like to know are "Numeric Comparison" and "Passkey Entry".
Is it possible to obtain information like the site below?

https://infocenter.nordicsemi.com/index.jsp?topic=%2Fsdk_nrf5_v17.0.0%2Flib_pm_usage.html

Best regards.
Cancel
Vote Up 0 Vote Down

Cancel
+1 Sigurd over 4 years ago in reply to sdi_kei

Hi,

I could not find a API for that. But in BLE_GAP_EVT_SEC_PARAMS_REQUEST you get the I/O capabilities of the other device.

Depending on the method used, you will get different events. See these Message Sequence Charts:

Bonding: Numeric Comparison:

https://infocenter.nordicsemi.com/topic/com.nordic.infocenter.s112.api.v7.3.0/group___b_l_e___g_a_p___p_e_r_i_p_h___l_e_s_c___b_o_n_d_i_n_g___n_c___m_s_c.html

Bonding: Passkey Entry, User Inputs on Peripheral:

https://infocenter.nordicsemi.com/topic/com.nordic.infocenter.s112.api.v7.3.0/group___b_l_e___g_a_p___p_e_r_i_p_h___l_e_s_c___b_o_n_d_i_n_g___p_k_e___c_d___m_s_c.html
Cancel
Vote Up +1 Vote Down

Cancel
0 sdi_kei over 4 years ago in reply to Sigurd

Hello.

BLE_GAP_EVT_SEC_PARAMS_REQUEST, but this event occurs late. This is because it is confirmed that pairing will be performed when this event occurs. I want to know how to authenticate to determine if it's a pairing device.

Is there any good way?

Best regards.
Cancel
Vote Up 0 Vote Down

Cancel
0 Sigurd over 4 years ago in reply to sdi_kei

sdi_kei said:
BLE_GAP_EVT_SEC_PARAMS_REQUEST, but this event occurs late. This is because it is confirmed that pairing will be performed when this event occurs

No, you can use sd_ble_gap_sec_params_reply() to reply with a error-code and the paring will fail.

If you look at the IO capabilities(BLE_GAP_EVT_SEC_PARAMS_REQUEST, ble_gap_sec_params_t ble_gap_sec_params_t::io_caps and ::lesc), you should be able to determine the authentication method. See the table at step 4 here: https://www.bluetooth.com/blog/bluetooth-pairing-part-2-key-generation-methods/
Cancel
Vote Up 0 Vote Down

Cancel
0 sdi_kei over 4 years ago in reply to Sigurd

Hello.

Sigurd said:
No, you can use sd_ble_gap_sec_params_reply() to reply with a error-code and the paring will fail.

My explanation was strange. I'm sorry.

The timing when you want information is when a BLE connection is made.
This is because if the other party's BLE device does not have an authentication method different from yours, you want to disconnect, and if they are the same, you want to perform pairing (bonding). Also, at this time, I would like to know the information on LESC.

I was able to confirm the authentication method with "BLE_GAP_EVT_SEC_PARAMS_REQUEST", but an event occurred at the timing when the BLE connection was made and pairing (bonding) was performed.
Therefore, we could only get the information later than we originally wanted.

Is there a way to get the authentication method faster than "BLE_GAP_EVT_SEC_PARAMS_REQUEST"?

Best regards.
Cancel
Vote Up 0 Vote Down

Cancel