• State Verified Answer
  • Replies 25 replies
  • Subscribers 64 subscribers
  • Views 2013 views
  • Users 0 members are here
Attachments (2) Download All
Nordic Case Info
  • Case ID: 308121
Options

Creating a Heart Rate Service Peripheral Example Application That Requires Mode 1 Level 3 Security

mlyonupdesigns

I am using SDK v15.3 and would like to modify the peripheral heart rate service example to require the Central to establish mode 1, level 3 security. I am undecided on whether it will be numeric comparison, passkey or OOB, but would like to evaluate each.

If there is another example I could reference to help with the changes to the heart rate service example, please advise.

  • 0 in reply to Einar Thorsrud

    OK....thanks.

    This is the BT capture when I used nRF Connect (Android) to first bond to ble_app_hrs app (with mode 1, level 2 security required for the measurement data) and then reconnect after bonding.

    and this is my application (instead of nRF Connect) trying to reconnect to the ble_app_hrs app...obviously I have something wrong in  my app, but not sure what. Any ideas?

    I note that there is no "feature exchange" from my app...is this necessary?

    Also, the "More Data" flag is set in the example from my app (see Empty PDUs) which looks incorrect and may be keeping the peripheral from behaving properly. After 6 seconds the peripherals disconnects and begins advertising again.

    Above is the initial bonding capture

  • 0 in reply to mlyonupdesigns

    Hi,

    I see from the second screenshot that the central is re transmitting the LL_ENC_REQ packet, so it seems that something happened to the peripheral when you are using your central and not nRF Connect. Do you have logs from the peripheral that can tell us what happened there?

    Other than that, the peripheral sent the LL_LENGTH_REQ right before the central sent LL_ENC_REQ, but that should be OK. There are few limitations on the order of procedures other than that only one procedure can be initiated from each side at a single time, and as I see LL_ENC_REQ here right away, so a bond already exist. A feature exchange is normally needed for using any feature that is not mandatory, but up to this point the only non-mandatory feature is encrypting the link, but if a bond already existed that should be no problem. Do you have a sniffer trace from the first connection when the bond was established? (Or if this is the first connection, then there is something fundamentally wrong with the handling of the security as the central at least acts as if it has an existing bond).

    I am not able to say much more based on these  screenshots. Can you share logs from both the peripheral and central side, and your central implementation?

  • 0 in reply to Einar Thorsrud

    The third screen shot (which I added after the original reply) shows the initial bonding capture. The first screen shot is nRF connect and the second screen shot is my application.

    Can you comment on the "More Data" flag being set in the second screen shot?

  • 0 in reply to mlyonupdesigns

    Here are two example logs (and call stack screen shots) from the peripheral.

    Fullscreen ble_app_hrs_1.log Download 
    # SEGGER J-Link RTT Viewer V7.80c Terminal Log File
# Compiled: 16:09:36 on Sep 27 2022
# Logging started @ 26 May 2023 08:18:31
00> <debug> nrf_ble_lesc: Initialized nrf_crypto.
00> 
00> <debug> nrf_ble_lesc: Initialized nrf_ble_lesc.
00> 
00> <debug> nrf_ble_lesc: Generating ECC key pair
00> 
00> <info> app: Heart Rate Sensor example started.
00> 
00> <info> app: Fast advertising.
00> 
00> <debug> nrf_ble_gatt: Requesting to update ATT MTU to 247 bytes on connection 0x0.
00> 
00> <debug> nrf_ble_gatt: Updating data length to 251 on connection 0x0.
00> 
00> <info> app: Connected.
00> 
00> <error> app: Fatal error
00> 

# Logging stopped @ 26 May 2023 08:19:53
    Fullscreen ble_app_hrs_2.log Download 
    # SEGGER J-Link RTT Viewer V7.80c Terminal Log File
# Compiled: 16:09:36 on Sep 27 2022
# Logging started @ 26 May 2023 08:20:47
00> <debug> nrf_ble_lesc: Initialized nrf_crypto.
00> 
00> <debug> nrf_ble_lesc: Initialized nrf_ble_lesc.
00> 
00> <debug> nrf_ble_lesc: Generating ECC key pair
00> 
00> <info> app: Heart Rate Sensor example started.
00> 
00> <info> app: Fast advertising.
00> 
00> <debug> nrf_ble_gatt: Requesting to update ATT MTU to 247 bytes on connection 0x0.
00> 
00> <debug> nrf_ble_gatt: Updating data length to 251 on connection 0x0.
00> 
00> <info> app: Connected.
00> 
00> <debug> nrf_ble_gatt: ATT MTU updated to 247 bytes on connection 0x0 (response).
00> 
00> <info> app: GATT ATT MTU on connection 0x0 changed to 247.
00> 
00> <debug> nrf_ble_gatt: Data length updated to 251 on connection 0x0.
00> 
00> <debug> nrf_ble_gatt: max_rx_octets: 251
00> 
00> <debug> nrf_ble_gatt: max_tx_octets: 251
00> 
00> <debug> nrf_ble_gatt: max_rx_time: 2120
00> 
00> <debug> nrf_ble_gatt: max_tx_time: 2120
00> 
00> <debug> app: BLE_GAP_EVT_SEC_PARAMS_REQUEST
00> 
00> <error> app: Fatal error
00>

    The error being returned from heart_rate_meas_timeout_handler() is NRF_ERROR_FORBIDDEN.

  • 0 in reply to mlyonupdesigns

    Can you share code also? Regarding the more data bit in the last screenshot from the previous post I am not able to see much from the screenshot. Can you upload the actual trace file? Generally though, if there are empty packets with MD set, that seems odd.

Related