Access without giving a passkey

Hello,

 This is a followup of an answered question: " How to get pairing/bonding to work in e.g. ble_app_uart".

The project, ble_app_uart_pair is the ble_app_uart example with added the pairing/bonding stuff from the ble_app_gls example. It basically works fine, however there is one situation where it goes wrong.

When there was no bounding and a connection is made, via nRF Toolbox (UART), the smartphone ask whether a pairing is to be made.

If this request is directly annulled (or not answered at all for 10 seconds) access is granted to the device. This should NOT happen when the correct passkey isn't entered!

When this happens, in the RTT log there is the following:

<debug> nrf_ble_lesc: Generating ECC key pair
<info> app: BLE_GAP_EVT_AUTH_STATUS: status=0x89 bond=0x0 lv4: 0 kdist_own:0x0 kdist_peer:0x0

I think 0x89 means BLE_GAP_SEC_STATUS_REPEATED_ATTEMPTS.

How can I make the device disconnect in this situation?

   Thanks in advance, Sietse

PS. Here the main.c from my project

Parents
  • Hi Sietse, 

    We would need to look at how you configure your characteristic and service read/write access.

    Note that by default BLE doesn't have any mechanism to terminate a connection if the link is not bonded/encrypted. It's up to the application to decide if it needs to terminate the connection due to lack of encryption/security level. 

    However, in your service/characteristic you can configure the level of encryption needed to access the characteristic/service. You can find that in the configuration of read_access and write_access in ble_nus_init() function. 
    By default they are SEC_OPEN, but you can change to SEC_JUST_WORKS or SEC_MITM etc to limit the access if the link is not bonded. Please refer to the gls example. 

    In addition to that, if you want to terminate the connection if the link is not encrypted you can implement in your application code to check if the BLE_GAP_EVT_AUTH_STATUS doesn't return BLE_GAP_SEC_STATUS_SUCCESS and you can terminate the connection using sd_ble_gap_disconnect(). 

  • Hello, it is working now!

    I, ad hoc, patched ble_nus_init() to use SEC_JUST_WORKS, with is enough for me.

    In the BLE_GAP_EVT_AUTH_STATUS case I did

                 if (p_ble_evt->evt.gap_evt.params.auth_status.auth_status == 0x89) {
                   err_code = sd_ble_gap_disconnect(p_ble_evt->evt.gattc_evt.conn_handle,
                                                    BLE_HCI_REMOTE_USER_TERMINATED_CONNECTION);
                   APP_ERROR_CHECK(err_code);
                 }
    

    Thanks for the help, Sietse

Reply
  • Hello, it is working now!

    I, ad hoc, patched ble_nus_init() to use SEC_JUST_WORKS, with is enough for me.

    In the BLE_GAP_EVT_AUTH_STATUS case I did

                 if (p_ble_evt->evt.gap_evt.params.auth_status.auth_status == 0x89) {
                   err_code = sd_ble_gap_disconnect(p_ble_evt->evt.gattc_evt.conn_handle,
                                                    BLE_HCI_REMOTE_USER_TERMINATED_CONNECTION);
                   APP_ERROR_CHECK(err_code);
                 }
    

    Thanks for the help, Sietse

Children
No Data
Related