How to enable encrypted link in nRF52832 firmware?

peerManagerInit() has called pm_init() and setting security parameters. But nRF connect shows "Unencrypted link". How can I enabled encrypted link in nRF52832 firmware?

int main(void) {

...

peerManagerInit(true);
gapParamsInit();

...

}

Parents
  • #include "sdk_config.h"
    #include "advertising.h"
    #include "ble_conn_state.h"
    #include "error.h"
    #include "fds.h"
    #include "nrf_log.h"
    #include "peer_manager.h"
    #include "peer_manager_handler.h"
    #include "peer_manager_types.h"
    #include "security.h"
    
    #if 0 // nrf51
    #define SEC_PARAM_TIMEOUT               30                                          /**< Timeout for Pairing Request or Security Request (in seconds). */
    #define SEC_PARAM_BOND                  1                                           /**< Perform bonding. */
    #define SEC_PARAM_MITM                  1                                           /**< Man In The Middle protection not required. */
    #define SEC_PARAM_IO_CAPABILITIES       BLE_GAP_IO_CAPS_DISPLAY_ONLY                        /**< No I/O capabilities. */
    #define SEC_PARAM_OOB                   0                                           /**< Out Of Band data not available. */
    #define SEC_PARAM_MIN_KEY_SIZE          7                                           /**< Minimum encryption key size. */
    #define SEC_PARAM_MAX_KEY_SIZE          16 /**< Maximum encryption key size. */
    #define SEC_PARAM_LESC                  0
    #define SEC_PARAM_KEYPRESS              0 
    
    #else
    #define SEC_PARAM_BOND                  1                                           /**< Perform bonding. */
    #define SEC_PARAM_MITM                  0                                           /**< Man In The Middle protection required (applicable when display module is detected). */
    #define SEC_PARAM_LESC                  0                                           /**< LE Secure Connections not enabled. */
    #define SEC_PARAM_KEYPRESS              0                                           /**< Keypress notifications not enabled. */
    #define SEC_PARAM_IO_CAPABILITIES       BLE_GAP_IO_CAPS_NONE                        /**< No I/O capabilities. */
    #define SEC_PARAM_OOB                   0                                           /**< Out Of Band data not available. */
    #define SEC_PARAM_MIN_KEY_SIZE          7                                           /**< Minimum encryption key size. */
    #define SEC_PARAM_MAX_KEY_SIZE          16                                          /**< Maximum encryption key size. */
    #endif
    
    static void _pmEvtHandler(pm_evt_t const * pEvt) {
        ret_code_t errCode;
    
        switch (pEvt->evt_id) {
            case PM_EVT_BONDED_PEER_CONNECTED:
            {
                NRF_LOG_INFO("Connected to a previously bonded device.");
            } break;
    
            case PM_EVT_CONN_SEC_SUCCEEDED:
            {
                NRF_LOG_INFO("Connection secured: role: %d, conn_handle: 0x%x, procedure: %d.",
                             ble_conn_state_role(pEvt->conn_handle),
                             pEvt->conn_handle,
                             pEvt->params.conn_sec_succeeded.procedure);
            } break;
    
    
            case PM_EVT_CONN_SEC_FAILED:
            {
                NRF_LOG_INFO("Faield to secure connection with handle 0%x.", pEvt->conn_handle);
                errCode = sd_ble_gap_disconnect(pEvt->conn_handle,
                                          BLE_HCI_REMOTE_USER_TERMINATED_CONNECTION);
                if (errCode != NRF_ERROR_INVALID_STATE)
                {
                    APP_ERROR_CHECK(errCode);
                }
                //pEvt->conn_handle = BLE_CONN_HANDLE_INVALID;
                /* Often, when securing fails, it shouldn't be restarted, for security reasons.
                 * Other times, it can be restarted directly.
                 * Sometimes it can be restarted, but only after changing some Security Parameters.
                 * Sometimes, it cannot be restarted until the link is disconnected and reconnected.
                 * Sometimes it is impossible, to secure the link, or the peer device does not support it.
                 * How to handle this error is highly application dependent. */
            } break;
    
            case PM_EVT_CONN_SEC_CONFIG_REQ:
            {
                // Reject pairing request from an already bonded peer.
                pm_conn_sec_config_t conn_sec_config = {.allow_repairing = false};
                pm_conn_sec_config_reply(pEvt->conn_handle, &conn_sec_config);
            } break;
    
            case PM_EVT_STORAGE_FULL:
            {
                // Run garbage collection on the flash.
                errCode = fds_gc();
                if (errCode == FDS_ERR_NO_SPACE_IN_QUEUES)
                {
                    // Retry.
                }
                else
                {
                    APP_ERROR_CHECK(errCode);
                }
            } break;
    
            case PM_EVT_PEERS_DELETE_SUCCEEDED:
            {
                NRF_LOG_DEBUG("PM_EVT_PEERS_DELETE_SUCCEEDED");
                advertisingStart();
            } break;
    
            case PM_EVT_PEER_DATA_UPDATE_FAILED:
            {
                // Assert.
                APP_ERROR_CHECK(pEvt->params.peer_data_update_failed.error);
            } break;
    
            case PM_EVT_PEER_DELETE_FAILED:
            {
                // Assert.
                APP_ERROR_CHECK(pEvt->params.peer_delete_failed.error);
            } break;
    
            case PM_EVT_PEERS_DELETE_FAILED:
            {
                // Assert.
                APP_ERROR_CHECK(pEvt->params.peers_delete_failed_evt.error);
            } break;
    
            case PM_EVT_ERROR_UNEXPECTED:
            {
                // Assert.
                APP_ERROR_CHECK(pEvt->params.error_unexpected.error);
            } break;
    
            case PM_EVT_CONN_SEC_START:
            case PM_EVT_PEER_DATA_UPDATE_SUCCEEDED:
            case PM_EVT_PEER_DELETE_SUCCEEDED:
            case PM_EVT_LOCAL_DB_CACHE_APPLIED:
            case PM_EVT_LOCAL_DB_CACHE_APPLY_FAILED:
                // This can happen when the local DB has changed.
            case PM_EVT_SERVICE_CHANGED_IND_SENT:
            case PM_EVT_SERVICE_CHANGED_IND_CONFIRMED:
            default:
                break;
        }
    }
    
    
    /**@brief Function for the Peer Manager initialization.
     */
    int peerManagerInit(const bool eraseBonds) {
        ble_gap_sec_params_t secParam;
        ret_code_t errCode;
        
        errCode = pm_init();
        if (errCode != NRF_SUCCESS) {
            NRF_LOG_WARNING("pm_init() failed, errCode=0x%x\n", errCode);
            return ERROR_PEER_MANAGER_INITIALIZE_FAIL;
        }    
         
        if (eraseBonds) {
            errCode = pm_peers_delete();
            if (errCode != NRF_SUCCESS) {
                NRF_LOG_WARNING("pm_peers_delete() failed, errCode=0x%x\n", errCode);
                return ERROR_PEER_MANAGER_INITIALIZE_FAIL;
            } 
        }
        
            memset(&secParam, 0, sizeof(ble_gap_sec_params_t));
        
            // Security parameters to be used for all security procedures.
            secParam.bond           = SEC_PARAM_BOND;
            secParam.mitm           = SEC_PARAM_MITM;
            secParam.lesc           = SEC_PARAM_LESC;
            secParam.keypress       = SEC_PARAM_KEYPRESS;
            secParam.io_caps        = SEC_PARAM_IO_CAPABILITIES;
            secParam.oob            = SEC_PARAM_OOB;
            secParam.min_key_size   = SEC_PARAM_MIN_KEY_SIZE;
            secParam.max_key_size   = SEC_PARAM_MAX_KEY_SIZE;
            secParam.kdist_own.enc  = 1;
            secParam.kdist_own.id   = 1;
            secParam.kdist_peer.enc = 1;
            secParam.kdist_peer.id  = 1;
        
            errCode = pm_sec_params_set(&secParam);
            if (errCode != NRF_SUCCESS) {
                NRF_LOG_WARNING("pm_sec_params_set() failed, errCode=0x%x\n", errCode);
                return ERROR_PEER_MANAGER_INITIALIZE_FAIL;
            } 
        
            errCode = pm_register(_pmEvtHandler);
            if (errCode != NRF_SUCCESS) {
                NRF_LOG_WARNING("pm_register() failed, errCode=0x%x\n", errCode);
                return ERROR_PEER_MANAGER_INITIALIZE_FAIL;
            } 
    
        return 0;
    }
    
    
    #include "sdk_config.h"
    #include "ble.h"
    #include "ble_conn_params.h"
    #include "ble_gap.h"
    #include "gap.h"
    #include "error.h"
    #include "nrf_log.h"
    
    #define DEVICE_NAME       "ANCS2"                         /**< Name of the device. Will be included in the advertising data. */
    #define STATIC_PASSKEY    "123456"                        /**< Static passkey. */
    #define MIN_CONN_INTERVAL MSEC_TO_UNITS(15, UNIT_1_25_MS) /**< Minimum acceptable connection interval (0.5 seconds). */
    #define MAX_CONN_INTERVAL MSEC_TO_UNITS(30, UNIT_1_25_MS) /**< Maximum acceptable connection interval (1 second). */
    #define SLAVE_LATENCY     0                               /**< Slave latency. */
    #define CONN_SUP_TIMEOUT  MSEC_TO_UNITS(3000, UNIT_10_MS) /**< Connection supervisory time-out (4 seconds). */
    
    static ble_opt_t _gStaticPasskeyOption;	/**< Pointer to the struct containing static pin option. */
    
    /**@brief Function for initializing GAP connection parameters.
     *
     * @details Use this function to set up all necessary GAP (Generic Access Profile)
     *          parameters of the device. It also sets the permissions and appearance.
     */
    int gapParamsInit(void) {
        ret_code_t              errCode;
        ble_gap_conn_params_t   gapConnParams;
        ble_gap_conn_sec_mode_t secMode;
    
        BLE_GAP_CONN_SEC_MODE_SET_OPEN(&secMode);
    
        errCode = sd_ble_gap_device_name_set(&secMode, (const uint8_t *)DEVICE_NAME, strlen(DEVICE_NAME));
        if (errCode != NRF_SUCCESS) {
            NRF_LOG_WARNING("sd_ble_gap_device_name_set() failed, errCode=0x%x", errCode);
            return ERROR_GAP_INITIALIZE_FAIL;
        }
    
        memset(&gapConnParams, 0, sizeof(gapConnParams));
    
        gapConnParams.min_conn_interval = MIN_CONN_INTERVAL;
        gapConnParams.max_conn_interval = MAX_CONN_INTERVAL;
        gapConnParams.slave_latency     = SLAVE_LATENCY;
        gapConnParams.conn_sup_timeout  = CONN_SUP_TIMEOUT;
    
        errCode = sd_ble_gap_ppcp_set(&gapConnParams);
        if (errCode != NRF_SUCCESS) {
            NRF_LOG_WARNING("sd_ble_gap_ppcp_set() failed, errCode=0x%x", errCode);
            return ERROR_GAP_INITIALIZE_FAIL;
        }
    
        uint8_t passkey[] = STATIC_PASSKEY;
    	_gStaticPasskeyOption.gap_opt.passkey.p_passkey = passkey;
    	errCode = sd_ble_opt_set(BLE_GAP_OPT_PASSKEY, &_gStaticPasskeyOption);
    	if (errCode != NRF_SUCCESS) {
            NRF_LOG_WARNING("sd_ble_opt_set() failed, errCode=0x%x", errCode);
            return ERROR_GAP_INITIALIZE_FAIL;
        }
    
        return 0;
    }
    
    
    
    2577.gap.h2072.security.h

Reply
  • #include "sdk_config.h"
    #include "advertising.h"
    #include "ble_conn_state.h"
    #include "error.h"
    #include "fds.h"
    #include "nrf_log.h"
    #include "peer_manager.h"
    #include "peer_manager_handler.h"
    #include "peer_manager_types.h"
    #include "security.h"
    
    #if 0 // nrf51
    #define SEC_PARAM_TIMEOUT               30                                          /**< Timeout for Pairing Request or Security Request (in seconds). */
    #define SEC_PARAM_BOND                  1                                           /**< Perform bonding. */
    #define SEC_PARAM_MITM                  1                                           /**< Man In The Middle protection not required. */
    #define SEC_PARAM_IO_CAPABILITIES       BLE_GAP_IO_CAPS_DISPLAY_ONLY                        /**< No I/O capabilities. */
    #define SEC_PARAM_OOB                   0                                           /**< Out Of Band data not available. */
    #define SEC_PARAM_MIN_KEY_SIZE          7                                           /**< Minimum encryption key size. */
    #define SEC_PARAM_MAX_KEY_SIZE          16 /**< Maximum encryption key size. */
    #define SEC_PARAM_LESC                  0
    #define SEC_PARAM_KEYPRESS              0 
    
    #else
    #define SEC_PARAM_BOND                  1                                           /**< Perform bonding. */
    #define SEC_PARAM_MITM                  0                                           /**< Man In The Middle protection required (applicable when display module is detected). */
    #define SEC_PARAM_LESC                  0                                           /**< LE Secure Connections not enabled. */
    #define SEC_PARAM_KEYPRESS              0                                           /**< Keypress notifications not enabled. */
    #define SEC_PARAM_IO_CAPABILITIES       BLE_GAP_IO_CAPS_NONE                        /**< No I/O capabilities. */
    #define SEC_PARAM_OOB                   0                                           /**< Out Of Band data not available. */
    #define SEC_PARAM_MIN_KEY_SIZE          7                                           /**< Minimum encryption key size. */
    #define SEC_PARAM_MAX_KEY_SIZE          16                                          /**< Maximum encryption key size. */
    #endif
    
    static void _pmEvtHandler(pm_evt_t const * pEvt) {
        ret_code_t errCode;
    
        switch (pEvt->evt_id) {
            case PM_EVT_BONDED_PEER_CONNECTED:
            {
                NRF_LOG_INFO("Connected to a previously bonded device.");
            } break;
    
            case PM_EVT_CONN_SEC_SUCCEEDED:
            {
                NRF_LOG_INFO("Connection secured: role: %d, conn_handle: 0x%x, procedure: %d.",
                             ble_conn_state_role(pEvt->conn_handle),
                             pEvt->conn_handle,
                             pEvt->params.conn_sec_succeeded.procedure);
            } break;
    
    
            case PM_EVT_CONN_SEC_FAILED:
            {
                NRF_LOG_INFO("Faield to secure connection with handle 0%x.", pEvt->conn_handle);
                errCode = sd_ble_gap_disconnect(pEvt->conn_handle,
                                          BLE_HCI_REMOTE_USER_TERMINATED_CONNECTION);
                if (errCode != NRF_ERROR_INVALID_STATE)
                {
                    APP_ERROR_CHECK(errCode);
                }
                //pEvt->conn_handle = BLE_CONN_HANDLE_INVALID;
                /* Often, when securing fails, it shouldn't be restarted, for security reasons.
                 * Other times, it can be restarted directly.
                 * Sometimes it can be restarted, but only after changing some Security Parameters.
                 * Sometimes, it cannot be restarted until the link is disconnected and reconnected.
                 * Sometimes it is impossible, to secure the link, or the peer device does not support it.
                 * How to handle this error is highly application dependent. */
            } break;
    
            case PM_EVT_CONN_SEC_CONFIG_REQ:
            {
                // Reject pairing request from an already bonded peer.
                pm_conn_sec_config_t conn_sec_config = {.allow_repairing = false};
                pm_conn_sec_config_reply(pEvt->conn_handle, &conn_sec_config);
            } break;
    
            case PM_EVT_STORAGE_FULL:
            {
                // Run garbage collection on the flash.
                errCode = fds_gc();
                if (errCode == FDS_ERR_NO_SPACE_IN_QUEUES)
                {
                    // Retry.
                }
                else
                {
                    APP_ERROR_CHECK(errCode);
                }
            } break;
    
            case PM_EVT_PEERS_DELETE_SUCCEEDED:
            {
                NRF_LOG_DEBUG("PM_EVT_PEERS_DELETE_SUCCEEDED");
                advertisingStart();
            } break;
    
            case PM_EVT_PEER_DATA_UPDATE_FAILED:
            {
                // Assert.
                APP_ERROR_CHECK(pEvt->params.peer_data_update_failed.error);
            } break;
    
            case PM_EVT_PEER_DELETE_FAILED:
            {
                // Assert.
                APP_ERROR_CHECK(pEvt->params.peer_delete_failed.error);
            } break;
    
            case PM_EVT_PEERS_DELETE_FAILED:
            {
                // Assert.
                APP_ERROR_CHECK(pEvt->params.peers_delete_failed_evt.error);
            } break;
    
            case PM_EVT_ERROR_UNEXPECTED:
            {
                // Assert.
                APP_ERROR_CHECK(pEvt->params.error_unexpected.error);
            } break;
    
            case PM_EVT_CONN_SEC_START:
            case PM_EVT_PEER_DATA_UPDATE_SUCCEEDED:
            case PM_EVT_PEER_DELETE_SUCCEEDED:
            case PM_EVT_LOCAL_DB_CACHE_APPLIED:
            case PM_EVT_LOCAL_DB_CACHE_APPLY_FAILED:
                // This can happen when the local DB has changed.
            case PM_EVT_SERVICE_CHANGED_IND_SENT:
            case PM_EVT_SERVICE_CHANGED_IND_CONFIRMED:
            default:
                break;
        }
    }
    
    
    /**@brief Function for the Peer Manager initialization.
     */
    int peerManagerInit(const bool eraseBonds) {
        ble_gap_sec_params_t secParam;
        ret_code_t errCode;
        
        errCode = pm_init();
        if (errCode != NRF_SUCCESS) {
            NRF_LOG_WARNING("pm_init() failed, errCode=0x%x\n", errCode);
            return ERROR_PEER_MANAGER_INITIALIZE_FAIL;
        }    
         
        if (eraseBonds) {
            errCode = pm_peers_delete();
            if (errCode != NRF_SUCCESS) {
                NRF_LOG_WARNING("pm_peers_delete() failed, errCode=0x%x\n", errCode);
                return ERROR_PEER_MANAGER_INITIALIZE_FAIL;
            } 
        }
        
            memset(&secParam, 0, sizeof(ble_gap_sec_params_t));
        
            // Security parameters to be used for all security procedures.
            secParam.bond           = SEC_PARAM_BOND;
            secParam.mitm           = SEC_PARAM_MITM;
            secParam.lesc           = SEC_PARAM_LESC;
            secParam.keypress       = SEC_PARAM_KEYPRESS;
            secParam.io_caps        = SEC_PARAM_IO_CAPABILITIES;
            secParam.oob            = SEC_PARAM_OOB;
            secParam.min_key_size   = SEC_PARAM_MIN_KEY_SIZE;
            secParam.max_key_size   = SEC_PARAM_MAX_KEY_SIZE;
            secParam.kdist_own.enc  = 1;
            secParam.kdist_own.id   = 1;
            secParam.kdist_peer.enc = 1;
            secParam.kdist_peer.id  = 1;
        
            errCode = pm_sec_params_set(&secParam);
            if (errCode != NRF_SUCCESS) {
                NRF_LOG_WARNING("pm_sec_params_set() failed, errCode=0x%x\n", errCode);
                return ERROR_PEER_MANAGER_INITIALIZE_FAIL;
            } 
        
            errCode = pm_register(_pmEvtHandler);
            if (errCode != NRF_SUCCESS) {
                NRF_LOG_WARNING("pm_register() failed, errCode=0x%x\n", errCode);
                return ERROR_PEER_MANAGER_INITIALIZE_FAIL;
            } 
    
        return 0;
    }
    
    
    #include "sdk_config.h"
    #include "ble.h"
    #include "ble_conn_params.h"
    #include "ble_gap.h"
    #include "gap.h"
    #include "error.h"
    #include "nrf_log.h"
    
    #define DEVICE_NAME       "ANCS2"                         /**< Name of the device. Will be included in the advertising data. */
    #define STATIC_PASSKEY    "123456"                        /**< Static passkey. */
    #define MIN_CONN_INTERVAL MSEC_TO_UNITS(15, UNIT_1_25_MS) /**< Minimum acceptable connection interval (0.5 seconds). */
    #define MAX_CONN_INTERVAL MSEC_TO_UNITS(30, UNIT_1_25_MS) /**< Maximum acceptable connection interval (1 second). */
    #define SLAVE_LATENCY     0                               /**< Slave latency. */
    #define CONN_SUP_TIMEOUT  MSEC_TO_UNITS(3000, UNIT_10_MS) /**< Connection supervisory time-out (4 seconds). */
    
    static ble_opt_t _gStaticPasskeyOption;	/**< Pointer to the struct containing static pin option. */
    
    /**@brief Function for initializing GAP connection parameters.
     *
     * @details Use this function to set up all necessary GAP (Generic Access Profile)
     *          parameters of the device. It also sets the permissions and appearance.
     */
    int gapParamsInit(void) {
        ret_code_t              errCode;
        ble_gap_conn_params_t   gapConnParams;
        ble_gap_conn_sec_mode_t secMode;
    
        BLE_GAP_CONN_SEC_MODE_SET_OPEN(&secMode);
    
        errCode = sd_ble_gap_device_name_set(&secMode, (const uint8_t *)DEVICE_NAME, strlen(DEVICE_NAME));
        if (errCode != NRF_SUCCESS) {
            NRF_LOG_WARNING("sd_ble_gap_device_name_set() failed, errCode=0x%x", errCode);
            return ERROR_GAP_INITIALIZE_FAIL;
        }
    
        memset(&gapConnParams, 0, sizeof(gapConnParams));
    
        gapConnParams.min_conn_interval = MIN_CONN_INTERVAL;
        gapConnParams.max_conn_interval = MAX_CONN_INTERVAL;
        gapConnParams.slave_latency     = SLAVE_LATENCY;
        gapConnParams.conn_sup_timeout  = CONN_SUP_TIMEOUT;
    
        errCode = sd_ble_gap_ppcp_set(&gapConnParams);
        if (errCode != NRF_SUCCESS) {
            NRF_LOG_WARNING("sd_ble_gap_ppcp_set() failed, errCode=0x%x", errCode);
            return ERROR_GAP_INITIALIZE_FAIL;
        }
    
        uint8_t passkey[] = STATIC_PASSKEY;
    	_gStaticPasskeyOption.gap_opt.passkey.p_passkey = passkey;
    	errCode = sd_ble_opt_set(BLE_GAP_OPT_PASSKEY, &_gStaticPasskeyOption);
    	if (errCode != NRF_SUCCESS) {
            NRF_LOG_WARNING("sd_ble_opt_set() failed, errCode=0x%x", errCode);
            return ERROR_GAP_INITIALIZE_FAIL;
        }
    
        return 0;
    }
    
    
    
    2577.gap.h2072.security.h

Children
Related