Beware that this post is related to an SDK in maintenance mode
More Info: Consider nRF Connect SDK for new designs

Can't get Just Works bonding between nRF5 SDK and nRF Connect SDK to work

Central nRF5 device connects to peripheral NCS and initiates bonding.

The peripheral reports that security failed with error code 4 (BT_SECURITY_ERR_AUTH_REQUIREMENT) "The requested security level could not be reached".

Central nRF5 has these Peer Manager settings:

// Security parameters to be used for all security procedures.
sec_param.bond           = true;
sec_param.mitm           = false;
sec_param.lesc           = false;
sec_param.keypress       = false;
sec_param.io_caps        = BLE_GAP_IO_CAPS_NONE;
sec_param.oob            = false;
sec_param.min_key_size   = 7;
sec_param.max_key_size   = BLEAM_DATA_CHUNK_SIZE;
sec_param.kdist_own.enc  = true;
sec_param.kdist_own.id   = true;
sec_param.kdist_peer.enc = true;
sec_param.kdist_peer.id  = true;

Peripheral NCS device uses pretty much the Peripheral UART example but with button press requirement removed.

I tried removing security callbacks like the answer to this post suggested at the peripheral and setting the central nRF5 params differently, tried setting LESC as true, but it didn't work. With LESC set on central nRF5 I got NRF_ERROR_INVALID_ADDR on sd_ble_gap_sec_params_reply call. If I set the params at the central to only pairing/no bonding, the pairing is successful.

I'm pretty sure I'm missing something on either side, but I can't find any information on the subject. What can be done to have nRF5 and NCS devices to bond?

Parents

0 Simonr over 4 years ago

Hi

sd_ble_gap_sec_params_reply returning an NRF_ERROR_INVALID_ADDR means that an invalid pointer has been supplied. Have you seen the message sequence chart for "just works Bonding"?

How does the peripheral side's conn_auth_callbacks look? Have you made sure to set passkey_display, passkey_confirm, and pairing_confim to NULL in your conn_auth_callbacks? What central example application is your nRF5 SDK central project based on exactly?

Best regards,

Simon
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Simonr over 4 years ago

Hi

sd_ble_gap_sec_params_reply returning an NRF_ERROR_INVALID_ADDR means that an invalid pointer has been supplied. Have you seen the message sequence chart for "just works Bonding"?

How does the peripheral side's conn_auth_callbacks look? Have you made sure to set passkey_display, passkey_confirm, and pairing_confim to NULL in your conn_auth_callbacks? What central example application is your nRF5 SDK central project based on exactly?

Best regards,

Simon
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 tyana over 4 years ago in reply to Simonr

Hello!

The conn_auth_callbacks that should be set as NULL are all set as NULL at peripheral.

I can't say for sure my nRF5 SDK project is based on any example, but when I was adding peer manager to the project I used HRS Central example as a reference. So I just copied peer manager init (but with security settings as in my post above) and pm_evt_handler from that and added a pm_conn_secure call to the discovery complete event in my service event handler.

With that, I got BT_SECURITY_ERR_AUTH_REQUIREMENT error on the peripheral.

I've figured out the NRF_ERROR_INVALID_ADDR that appeared when I tried to have LESC, I didn't have it enabled in peer manager (didn't set PM_LESC_ENABLED). This is no longer as issue.

Now when I set sec_param.lesc to true on the central, I get BT_SECURITY_ERR_UNSPECIFIED error on the peripheral instead.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel