• State Not Answered
  • Replies 4 replies
  • Subscribers 90 subscribers
  • Views 1347 views
  • Users 0 members are here
Attachments (2) Download All
Nordic Case Info
  • Case ID: 284692
Options

BLE_GAP_SEC_STATUS_TIMEOUT issue

Ming

      I used ble_app_hrs Demo to test bonding.  However, I have been unable to bpnd successfully.  I'll give you my bonding parameters.  

#define SEC_PARAM_BOND 1

#define SEC_PARAM_MITM 1

#define SEC_PARAM_LESC 1

#define SEC_PARAM_KEYPRESS 0

#define SEC_PARAM_IO_CAPABILITIES BLE_GAP_IO_CAPS_KEYBOARD_DISPLAY

#define SEC_PARAM_OOB 0

#define SEC_PARAM_MIN_KEY_SIZE 7

#define SEC_PARAM_MAX_KEY_SIZE 16

static void peer_manager_init(void)
{
ble_gap_sec_params_t sec_param;
ret_code_t err_code;

err_code = pm_init();
APP_ERROR_CHECK(err_code);

memset(&sec_param, 0, sizeof(ble_gap_sec_params_t));

// Security parameters to be used for all security procedures.
sec_param.bond = SEC_PARAM_BOND;
sec_param.mitm = SEC_PARAM_MITM;
sec_param.lesc = SEC_PARAM_LESC;
sec_param.keypress = SEC_PARAM_KEYPRESS;
sec_param.io_caps = SEC_PARAM_IO_CAPABILITIES;
sec_param.oob = SEC_PARAM_OOB;
sec_param.min_key_size = SEC_PARAM_MIN_KEY_SIZE;
sec_param.max_key_size = SEC_PARAM_MAX_KEY_SIZE;
sec_param.kdist_own.enc = 1;
sec_param.kdist_own.id = 1;
sec_param.kdist_peer.enc = 1;
sec_param.kdist_peer.id = 1;

err_code = pm_sec_params_set(&sec_param);
APP_ERROR_CHECK(err_code);

err_code = pm_register(pm_evt_handler);
APP_ERROR_CHECK(err_code);
}

      At the same time, I use another device, can bind successfully.  The parameters are the same.

 

  • 0

    Hi,

    BLE_GAP_SEC_STATUS_TIMEOUT itself indicates that a security procedure timed out, but does not provide more information than that, so we need to digg a bit deeper. Can you upload the full sniffer trace for both a failing and working case?

    Which device do you see this issue with (for instance phone model and OS version)? And with which device do you use to test when it works?

  • 0 in reply to Einar Thorsrud

    tried to get the specific request, but the log did not see it.  

    The test master I used was an Android phone-XiaoMi 9.

    Fullscreen text_log.txt Download 
    00> <info> app_timer: RTC: initialized.
00> 
00> <debug> nrf_ble_lesc: Initialized nrf_crypto.
00> 
00> <debug> nrf_ble_lesc: Initialized nrf_ble_lesc.
00> 
00> <debug> nrf_ble_lesc: Generating ECC key pair
00> 
00> <info> app: Heart Rate Sensor example started.
00> 
00> <info> app: Fast advertising.
00> 
00> <debug> nrf_ble_gatt: Requesting to update ATT MTU to 247 bytes on connection 0x0.
00> 
00> <debug> nrf_ble_gatt: Updating data length to 251 on connection 0x0.
00> 
00> <info> app: ble evt:16.
00> 
00> <info> app: Connected.
00> 
00> <debug> nrf_ble_gatt: ATT MTU updated to 247 bytes on connection 0x0 (response).
00> 
00> <info> app: GATT ATT MTU on connection 0x0 changed to 247.
00> 
00> <info> app: ble evt:58.
00> 
00> <debug> nrf_ble_gatt: Data length updated to 251 on connection 0x0.
00> 
00> <debug> nrf_ble_gatt: max_rx_octets: 27
00> 
00> <debug> nrf_ble_gatt: max_tx_octets: 251
00> 
00> <debug> nrf_ble_gatt: max_rx_time: 328
00> 
00> <debug> nrf_ble_gatt: max_tx_time: 2120
00> 
00> <info> app: ble evt:36.
00> 
00> <info> app: ble evt:18.
00> 
00> <info> app: ble evt:18.
00> 
00> <info> peer_manager_handler: Event PM_EVT_CONN_SEC_START
00> 
00> <info> peer_manager_handler: Event PM_EVT_CONN_SEC_PARAMS_REQ
00> 
00> <info> app: ble evt:19.
00> 
00> <debug> app: BLE_GAP_EVT_SEC_PARAMS_REQUEST
00> 
00> <debug> nrf_ble_lesc: BLE_GAP_EVT_LESC_DHKEY_REQUEST
00> 
00> <info> app: ble evt:24.
00> 
00> <info> app: BLE_GAP_EVT_LESC_DHKEY_REQUEST
00> 
00> <info> nrf_ble_lesc: Calling sd_ble_gap_lesc_dhkey_reply on conn_handle: 0
00> 
00> <info> app: ble evt:21.
00> 
00> <info> app: ble evt:18.
00> 
00> <info> peer_manager_handler: Event PM_EVT_CONN_SEC_FAILED
00> 
00> <info> peer_manager_handler: Connection security failed: role: Peripheral, conn_handle: 0x0, procedure: Bonding, error: 1
00> 
00> <info> app: ble evt:25.
00> 
00> <info> app: BLE_GAP_EVT_AUTH_STATUS: status=0x1 bond=0x0 lv4: 0 kdist_own:0x0 kdist_peer:0x0
00> 
00> <info> app: Fast advertising.
00> 
00> <info> app: ble evt:17.
00> 
00> <info> app: Disconnected, reason 19.
00>

  • 0 in reply to Ming

    This is the test video

  • 0 in reply to Ming

    Hi,

    I see. If the code changes from your original post reflects all the changes you did, then this is expected. When using LESC and both devices having full I/O capabilities, you will use numeric comparison. But you do not have any code on the nRF that handles that, so it will time out.

    Do you have both a display capability and input (at least yes/no) on your nRF product? If not, you should use another MITM mechanism or no MITM at all.

    If you do have a display and buttons, so that the I/O capabilities you have specified is correct, then you can reply using sd_ble_gap_auth_key_reply() as explained in this post. Note that doing this without the required HW will not add any security, and so it is better to use a different combination (if you have for instance only a display), or no MITM at all.

Related
Terms of service