LESEC without bonding

RE: LESEC without bonding

M. David. — Mon, 01 May 2023 06:39:01 GMT

Thank you for your response. I'm aware of the different pairing methods, however they are not applicable to my needs.

[quote userid="9456" url="~/f/nordic-q-a/98175/lesec-without-bonding/423070"]If you want to go with this option, please let me know and I can check for sure.[/quote]

I think this would be the approach I'd like to choose under the circumstances.

[quote userid="9456" url="~/f/nordic-q-a/98175/lesec-without-bonding/423070"]This has the side effect of the rejected peer keeping an invalid bond data.[/quote]

I fail to see what would be the difference, in regard of the remote peer, when doing a bonding and later revoke it or doing the bonding after "higher" application checks. By my understanding of the pairing and bonding process, the remote peer does not know, whether I do a bonding or not. But please, let me know if there would be any issues, for the rejected peer to retry the pairing/bonding.

RE: LESEC without bonding

Hieu — Fri, 28 Apr 2023 21:02:11 GMT

Hi M. David.,

My apology for the wait. Our team has been facing high loading due to some unavailability, one of which is Susheel being on a business trip. I will support you in his absence.

[quote user="M. David."]when I want to use the PeerManager, it is not possible to do the bonding as an additional/optional step (triggered by the application) at a later point in time after the pairing?[/quote]

You should be able to perform the bond at a later point. At the very least, you should be able to create your own handling of the key and manage it from the moment the peers pair till the moment they are clear to bond. After that, the Peer Manager module actually lets you add that data and then helps you manage it. See Peer Manager > Usage > Storing Data.

I am not sure whether the Peer Manager can also support the "later-bonding" that you require; but I don't have the capacity needed to look into this at the moment. My apology for this inconvenience.

Please do review the different pairing method to see if one of them already satisfies your need to authenticate the devices before bonding. If that is possible, it should make the process simpler.

The pairing methods are discussed in Lesson 5 of Nordic's Bluetooth Low Energy Fundamentals.

[quote user="M. David."]

would the following approach be appropriate or is there a better way?

Configure the security-parameter to also do the bonding
if the Application (after pairing and bonding) deems the connection to be unsuitable it will disconnect and delete the bonding.

[/quote]

This has the side effect of the rejected peer keeping an invalid bond data. It might cause some minor inconvenience if the peer later needs to bond. If I remember correctly, pairing would be impossible unless that peer's application can realize the problem and delete the invalid bond data. If you want to go with this option, please let me know and I can check for sure.

Please excuse our slow response in the coming days due to the aforementioned temporary staffing issue and a holiday.

Hieu

RE: LESEC without bonding

M. David. — Mon, 24 Apr 2023 09:28:11 GMT

Hello Susheel

Thank you for your response, I've also been absent for some time, thus the late followup question.

From your response I conclude that, when I want to use the PeerManager, it is not possible to do the bonding as an additional/optional step (triggered by the application) at a later point in time after the pairing?

If the above question is yes and I'd still want to have a similar behavior then would the following approach be appropriate or is there a better way?

Configure the security-parameter to also do the bonding
if the Application (after pairing and bonding) deems the connection to be unsuitable it will disconnect and delete the bonding.

RE: LESEC without bonding

Susheel Nuguru — Sun, 09 Apr 2023 14:05:23 GMT

[quote user="M. David."]Which function should I use to do the bonding at a later step "manually"?[/quote]

Thanks for your patience, David.
The events exchanged and the API used in the bonding sequence can be seen in the MSC(Message Sequence Charts). The application has the responsibility of storing the keys persistently if it is not using the peer manager to handle to bonding. You can use FDS for storing the keys. One the first bonding is performed (manually), then you can use this procedure to establish the encryption with stored keys next time.

[quote user="M. David."]Where do I get the required information exchanged during the paring from, to be stored as bonding information?[/quote]

The MSC charts should give you details on this, please let me know if those charts are not clear.

RE: LESEC without bonding

Simonr — Mon, 03 Apr 2023 06:05:53 GMT

Susheel is out of office for the Easter holiday, and will get back to you on April 11th. Thank you for your patience!

Best regards,

Simon

RE: LESEC without bonding

M. David. — Tue, 28 Mar 2023 11:13:00 GMT

Thank you for the link.

This however only covers part of my problem, which I've already figured out. As I've mentioned I'd like to do the bonding later after additional checks by the application.

So my question remains:

Which function should I use to do the bonding at a later step "manually"?
Where do I get the required information exchanged during the paring from, to be stored as bonding information?

Thanks in advance.

RE: LESEC without bonding

Susheel Nuguru — Tue, 28 Mar 2023 09:51:36 GMT

This question has been asked before. It is possible to pair only using LESC without bonding, but the given link shows the way with the peer manager library.