• State Verified Answer
  • Replies 20 replies
  • Subscribers 85 subscribers
  • Views 11017 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 116369
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

BLE_GAP_SEC_STATUS_AUTH_REQ event_result in DM_EVT_SECURITY_SETUP_COMPLETE

Mark Paul

Hello,

I'm working with a nrf51822, SoftDevice S120 v2.0 and SDK v9.0 platform.

Specifically using it a Central role to connect to a Blood Pressure peripheral.

When my central connects to the peripheral, it requests a DM_EVT_SECURITY_SETUP.

I then call dm_security_setup_req() and within this device_instance_allocate() and initiate_security_request() are both a success and there are no err_codes in any steps.

After this I receive DM_EVT_SECURITY_SETUP_COMPLETE but the event_result of this event carries the erro_code 0x083 (MUTEX_UNLOCK_FAILED?)

I believe this is thrown due to some issue in the DM_MUTEX_UNLOCK(); line within dm_security_setup_req()

Because of the error I cant recall dm_security_setup_req() to encrypt the link.

Any reason this might be happening?

Thanks very much. Mark

  • 0

    It is not an error, it is GAP security status, this should be 0x00 if the procedure completes with success.

    0x83 is BLE_GAP_SEC_STATUS_AUTH_REQ, which I haven't received myself before.

    Here is another question where this was received, maybe you can try what i suggest there. It is a bit difficult without a sniffer though. Let me know how it goes.

    I'm not sure what hardware revision you have of the nRF51, but if you have revision 3, you can try the latest SoftDevice and SDK, see if that changes anything.

  • 0

    Thanks @Petter

    Need more space to write so using the answer textbox.

    Looks like this is a bit of a dead end for now for me, I was reading a couple more posts about people in the forum trying to connect to other Peripherals and having this 0x83 come up and they don't seem to be able to resolve them. I think the order the DM handles auth and encryption may be very specific to Peripherals also using the same DM code? this may be causing issues with other products.

    I do have a question that may help me try and work out what is different:

    Typically now, when my central and peripherals connect the flow in my central is like this:

    • get DM_EVT_SECURITY_SETUP call dm_security_setup_req()
    • get DM_EVT_SECURITY_SETUP_COMPLETE with BLE_GAP_SEC_STATUS_AUTH_REQ as event_result
    • I call call dm_security_setup_req() again
    • get DM_EVT_LINK_SECURED i then try and read a characteristic and get BLE_GATT_STATUS_ATTERR_INSUF_AUTHENTICATION

    The above is the error flow.

    On one occasion I logged this flow that was different:

    • get DM_EVT_SECURITY_SETUP
    • call dm_security_setup_req() - just once this time
    • get DM_EVT_LINK_SECURED
    • get DM_EVT_SECURITY_SETUP_COMPLETE
    • DM_EVT_DEVICE_CONTEXT_STORED

    Unfortunately I didn't try and read a characteristic so dont know if it was allowed by the peripheral. But the fact that I only called dm_security_setup_req() and got right up to DM_EVT_LINK_SECURED and DM_EVT_DEVICE_CONTEXT_STORED was promising.

    Does this second flow seem like what should happen if BLE_GAP_SEC_STATUS_AUTH_REQ is not received and instead I had got a NRF_SUCCESS.

    If you can confirm that this flow of event was correct I can then try and remember what state my peripheral was in when I logged this down?

    Thanks very much.

  • 0 in reply to Mark Paul

    It is a bit strange that you get DM_EVT_LINK_SECURED the second time in the error flow. Anyways, you second flow looks correct.

  • 0 in reply to Mark Paul

    Hi @Petter

    Please bare with my questions below, I'm trying to work this out and fix it. I've also sent you a DM as I work for a company and we are working on a potential commercial product using nrf51, I'd like to let you know a bit about it.

    1. How can the link be DM_EVT_LINK_SECURED if DM_EVT_SECURITY_SETUP didn't complete, my understanding is that DM_EVT_SECURITY_SETUP would be responsible for the security check and temp keys exchange that encryption is then based on. So DM_EVT_LINK_SECURED should not come up right? Is the DM_EVT_LINK_SECURED event sent in by the Peripheral? or is DM managing this state locally and flagging that the link is most likely secured?

    2. Also is DM_EVT_LINK_SECURED an indication that the temp encryption has been set up (with the long term keys required for bonding not yet exchanged), or that the long term keys have been exchanged and device has bonded?

  • 0 in reply to Mark Paul

    1. I call dm_security_status_req() before and after I make a call to dm_security_setup_req(). And can see the encryption status changed from NOT_ENCRYPTED to ENCRYPTED. Does dm_security_status_req() actually query the peripheral if the link is indeed encrypted? or is this just a local flag in the DM/Link layer? I'm trying to work out the scenario on how a link can be encrypted when authentication/pairing failed as they are both closely coupled together.

    2. Is the BLE_GAP_SEC_STATUS_AUTH_REQ being sent by the peripheral directly to the central?

    3. (Sorry about this question but have to confirm) - both MUTEX_UNLOCK_FAILED and BLE_GAP_SEC_STATUS_AUTH_REQ have the same value. Is there a possibility that somewhere in the execution flow that the error codes got contaminated?

Related
Terms of service