• State Not Answered
  • Replies 11 replies
  • Subscribers 70 subscribers
  • Views 4981 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 287351
Options

How to initiate BLE pairing manually

ealtan
Hello,

I'm running nRF Connect SDK v1.9.0 on two nRF52840-DK devices, one Peripheral other Central.  
My application requires to initiate pairing, i.e. send pair request, programmatically.

For testing, I created a Peripheral device with a Service and two Characteristics.  
Via nRF Connect Desktop tool and nRF 52840 dongle, I can connect to that device, when connection establishes, it stays in "unencrypted link"  status.  
Then via Desktop tool, I click on "Pair" on the device settings configuration and it does pair with my Peripheral and gets into "encrypted link" mode. 
I want to accomplish same thing with my other nRF52840-DK device  which is in Central role.

Is there a way to initiate pair request manually ?   I couldn't see an API call for that.
All comments/hints are greatly appreciated.

E.
Parents
  • 0

    Hello,

    It is generally recommended to let the central initiate the pairing request, or at least, give it a chance to send it first. From the "Accessory Design
    Guidelines for Apple Devices" document:

    40.10 Pairing
    The accessory should not request pairing until an ATT request is rejected using the Insufficient
    Authentication error code. See the Bluetooth 4.0 specification, Volume 3, Part F, Section 4 for details.


    If, for security reasons, the accessory requires a bonded relationship with the Central, the Peripheral
    should reject the ATT request using the Insufficient Authentication error code, as appropriate. As a
    result, the device may proceed with the necessary security procedures.

    Similarly, if the device acts as a Central and a GATT server, it may reject an ATT request using the
    Insufficient Authentication error code. The accessory should initiate the security procedure for pairing
    in response.


    Pairing may require user authorization depending on device. Once an accessory is paired with a device,
    it shall retain the distributed keys of both central and peripheral for future use. If the pairing is no longer
    required, the accessory shall delete both sets of keys.

    The Insufficient Authentication error code is returned when the GATT client tries to read a characteristic that has the security level set to a level that requires authentication. The user will automatically get a pairing popup if they use iOS.

    Characteristic read and write permissions (i.e. security level) is configured when you initialize the service. Like here for the HIDS service: https://github.com/nrfconnect/sdk-nrf/blob/35f91d3151abfaddf60d826ed87c91cfa81773a5/subsys/bluetooth/services/hids.c#L751

    But to answer your question, it should be possible to issue a security request from the peripheral by calling the bt_conn_set_security() function, or by enabling the CONFIG_BT_GATT_AUTO_SEC_REQ option.

    Best regards,

    Vidar

  • 0 in reply to Vidar Berg

    Thank you, Vidar,   just one clarification,  I  initiate pairing from Central to Peripheral.   By using bt_conn_set_security()  I can upgrade the security level and that causes  pairing_complete callback to be called.  So, that's good, thank you.  

    But I have a new issue.  I have a test suite that I'm running in a loop : Central connects to a Peripheral, Central initiates pairing,  pairing successfully completes,  Central does some characteristics  read/write and then disconnects.  This process is run in a loop.   My problem is, after the first run,  pairing never completes, ie  I never see pairing_complete callback being  called.   So I'm guessing that I need to do something else to clear old pairing info.  Any idea how I can do that ?  

    Many thanks,

    E.

  • 0 in reply to ealtan

    Hi,

    Could it be the environment you are testing this in? BT_HCI_ERR_CONN_FAIL_TO_ESTABLISH will happen from time to time. It means the peripheral did not respond to the connect request (only one request is sent per connect attempt) and that the central have to retry. It is normal for this error to happen from time time, but it can also occur quite frequently if there is lots of noise or interference from other nearby sources, for instance, active scanning from other BLE devices.

  • 0 in reply to Vidar Berg

    Yes, it is possible, however,  I repeat the test with another MCU vendor and I don't have these connection and pairing issues.   So, my question is,  what can I change to create a more robust connection and pairing operation ?   For example, is there more info on these parameters ?  How do they affect connections ?   : 

    /** Connection parameters for LE connections */
    struct bt_le_conn_param {
        uint16_t interval_min;
        uint16_t interval_max;
        uint16_t latency;
        uint16_t timeout;
    };
        .options = (_options), \
        .interval = (_interval), \
        .window = (_window), \
        .interval_coded = 0, \
        .window_coded = 0, \
        .timeout = 0, \
  • 0 in reply to ealtan

    I don't think there is much you can do in FW to improve chances for a connection attempt to succeed  except for increasing the Radio's TX output power ( example ). Default is 0 dBm and radio is supporting up to +8 dBm. But I'm surprised you don't see this with the other board. Maybe the other board automatically repeats the connection attempt if it fails the first time? A Bluetooth sniffer trace may help show what the problem is.

    You are still using 2 Nordic DKs for this test?

  • 0 in reply to Vidar Berg

    I was using one Nordic nRF52840-DK in Peripheral mode and the other unit was another nRF52840-based module DK from another company.  So, I switched to two Nordic DKs and connection problems went away, so that's good.  But pairing failures are still here, so I've put Nordic nRF52840 dongle with Wireshark capture in between.   

    It seems like all is going well till when Slave responds with  LL_START_ENC_REQ and then I see all packets that are not empty PDU having "Encrypted packet decrypted incorrectly (bad MIC) " error.  

    Any idea why these bad MIC errors might be happening ? 

  • 0 in reply to ealtan

    The MIC failures occur because the sniffer does not have the encryption key to decrypt the payload.  To be able to sniff LESC pairing you need to enable the debug DH keys: https://developer.nordicsemi.com/nRF_Connect_SDK/doc/1.9.1/kconfig/CONFIG_BT_USE_DEBUG_KEYS.html

Reply Children
No Data
Related
Terms of service