This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Is there a sample app that shows pairing (Passkey Entry) and then white listing the bonded device with private resolvable address?

Hi, the title says it all really. I'd love to get my hands on a sample application from the Nordic github repo (or elsewhere) which shows clearly how to implement for S110 a peripheral which:

  1. Requires the client to pair / bond e.g. through setting characteristic permissions
  2. Implements Passkey Entry as the association model (with nRF51DK this would need an output device connected to the board I guess)
  3. Shows how to take the bond info, device address and IRK and add it to the white list and for this to work when the bonded client is using a private resolvable address
  4. Shows how to indicate through filter policy that connection requests from all other devices should be ignored.

Does a sample like this exist? I looked through the examples in the SDK and the repo and didn't find anything quite right. I'm fairly new to the Nordic SDK so am hoping to scale the learning curve more quickly with "just the right example".

Hope someone from Nordic support can help. If the sample doesn't exist.... any chance something could be put together and published in the github repo?

Thanks in anticipation

Update:

Just spent some time looking at this along with infocenter.nordicsemi.com/index.jsp

I'm getting BLE_GAP_EVT_SEC_PARAMS_REQUEST and am calling sd_ble_gap_sec_params_reply with what I think are correct params but getting err_code 8 which I think means invalid state.

From terminal:

[XXX]: BLE_GAP_EVT_SEC_PARAMS_REQUEST

[XXX]: sd_ble_gap_sec_params_reply err_code=8

Code:

				case BLE_GAP_EVT_SEC_PARAMS_REQUEST:
      printf("[XXX]: BLE_GAP_EVT_SEC_PARAMS_REQUEST\r\n");
			  err_code = sd_ble_gap_sec_params_reply(m_conn_handle, BLE_GAP_SEC_STATUS_SUCCESS, &register_param.sec_param, &m_keys);
			  printf("[XXX]: sd_ble_gap_sec_params_reply err_code=%d\r\n",err_code);
      break;

And:

    memset(&register_param.sec_param, 0, sizeof(ble_gap_sec_params_t));

register_param.sec_param.bond         = SEC_PARAM_BOND;
register_param.sec_param.mitm         = SEC_PARAM_MITM;
register_param.sec_param.io_caps      = SEC_PARAM_IO_CAPABILITIES;
register_param.sec_param.oob          = SEC_PARAM_OOB;
register_param.sec_param.min_key_size = SEC_PARAM_MIN_KEY_SIZE;
register_param.sec_param.max_key_size = SEC_PARAM_MAX_KEY_SIZE;
register_param.evt_handler            = device_manager_evt_handler;
register_param.service_type           = DM_PROTOCOL_CNTXT_GATT_SRVR_ID;

And:

    #define SEC_PARAM_BOND                   1                                          /**< Perform bonding. */
#define SEC_PARAM_MITM                   1                                          /**< Man In The Middle protection required. */
#define SEC_PARAM_IO_CAPABILITIES BLE_GAP_IO_CAPS_DISPLAY_ONLY
#define SEC_PARAM_OOB                    0                                          /**< Out Of Band data not available. */
#define SEC_PARAM_MIN_KEY_SIZE           7                                          /**< Minimum encryption key size. */
#define SEC_PARAM_MAX_KEY_SIZE           16                                         /**< Maximum encryption key size. */

Any idea what I'm doing wrong? Thanks in anticipation.....

Update: I guess I hit the same issue as described here: devzone.nordicsemi.com/.../

NB: the documentation index.html file in the V9 SDK takes me to the V8 documentation.

I'll look at the glucose monitor example referenced in that other post.

Update: I got passkey based pairing working by reviewing and learning from the glucose monitor sample. Issues I encountered, for anyone else reading this were:

  1. You need to respond to the BLE_GAP_EVT_PASSKEY_DISPLAY event not the BLE_GAP_EVT_SEC_PARAMS_REQUEST event. Maybe this changed in some version of the SDK? The documentation is a little confusing especially when the V9 SDK links to the V8 documentation :-)

  2. I was getting problems with initialisation failing and seeming to loop. I think this was because adding a security timer was failing probably because I hit the max number allowed but the sample uses a macro APP_ERROR_CHECK after every API call and if you dig into it you'll find that (I think) it performs a reset for anything other than success. So if your initialisation sequence hits a problem this over enthusiastic macro causes a loop with the device resetting each time around the loop.

Good to see my smartphone ask for a 6 digit passkey though and good to see the random number generation is not my responsibility either. Will look at white listing later.

Parents
    1. In our examples this can be set in services_init(). In for example ble_app_hrs you can configure that a CCCD write requires encryption and/or MITM protection. In the unmodified example you have BLE_GAP_CONN_SEC_MODE_SET_OPEN(&hrs_init.hrs_hrm_attr_md.cccd_write_perm);. Change this to BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&hrs_init.hrs_hrm_attr_md.cccd_write_perm); if encryption is required, and change it to BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&hrs_init.hrs_hrm_attr_md.cccd_write_perm); if encryption and MITM protection is required.

    2. In our examples this can be set at the top of main.c. In the unmodified ble_app_hrs example you have #define SEC_PARAM_IO_CAPABILITIES BLE_GAP_IO_CAPS_NONE. Change this to #define SEC_PARAM_IO_CAPABILITIES BLE_GAP_IO_CAPS_DISPLAY_ONLY to trigger a passkey entry as authentication method (the central must have keyboard input capability).

    3. The Device Manager handles bonding, while whitelisting is handled by the advertising module, see this for more information.

    4. The filter policy is configured by setting the fp parameter in the ble_gap_adv_params_t struct. For example adv_params.fp = BLE_GAP_ADV_FP_FILTER_CONNREQ;

Reply
    1. In our examples this can be set in services_init(). In for example ble_app_hrs you can configure that a CCCD write requires encryption and/or MITM protection. In the unmodified example you have BLE_GAP_CONN_SEC_MODE_SET_OPEN(&hrs_init.hrs_hrm_attr_md.cccd_write_perm);. Change this to BLE_GAP_CONN_SEC_MODE_SET_ENC_NO_MITM(&hrs_init.hrs_hrm_attr_md.cccd_write_perm); if encryption is required, and change it to BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&hrs_init.hrs_hrm_attr_md.cccd_write_perm); if encryption and MITM protection is required.

    2. In our examples this can be set at the top of main.c. In the unmodified ble_app_hrs example you have #define SEC_PARAM_IO_CAPABILITIES BLE_GAP_IO_CAPS_NONE. Change this to #define SEC_PARAM_IO_CAPABILITIES BLE_GAP_IO_CAPS_DISPLAY_ONLY to trigger a passkey entry as authentication method (the central must have keyboard input capability).

    3. The Device Manager handles bonding, while whitelisting is handled by the advertising module, see this for more information.

    4. The filter policy is configured by setting the fp parameter in the ble_gap_adv_params_t struct. For example adv_params.fp = BLE_GAP_ADV_FP_FILTER_CONNREQ;

Children
Related