Force central to only use OOB for pairing

Hello All,

I'm currently working on an application with a central and peripheral devices both using nrf52832 with SDK 15.3 and S132.
I'd like for the central to be only trying to connect and attempt pairing/bonding to known peripheral devices.

Since both sides don't have keypad/display, I thought of using Legacy OOB for the pairing.
The same key will be provisioned on the central and one or many peripherals. The central in addition will get the address(es) of the peripheral(s) which it will try to connect to.

That is all fine and seems to be working properly, but my problem is that the central tries to pair (and succeeds) to the peripheral even if it does not have the OOB flag set.

How can I make sure that the central only uses Legacy OOB for pairing?

Here are my security settings on the central:

sec_params.bond           = 1;
sec_params.mitm           = 1;
sec_params.lesc           = 0;
sec_params.keypress       = 0;
sec_params.io_caps        = BLE_GAP_IO_CAPS_NONE;
sec_params.oob            = 1;
sec_params.min_key_size   = 7;
sec_params.max_key_size   = 16;
sec_params.kdist_own.enc  = 1;
sec_params.kdist_own.id   = 1;
sec_params.kdist_peer.enc = 1;
sec_params.kdist_peer.id  = 1;



And with these parameters on the peripheral the central got successfully paired:

sec_param.bond           = 1;
sec_param.mitm           = 0;
sec_param.lesc           = 0;
sec_param.keypress       = 0;
sec_param.io_caps        = BLE_GAP_IO_CAPS_NONE;
sec_param.oob            = 0;
sec_param.min_key_size   = 7;
sec_param.max_key_size   = 16;
sec_param.kdist_own.enc  = 1;
sec_param.kdist_own.id   = 1;
sec_param.kdist_peer.enc = 1;
sec_param.kdist_peer.id  = 1;


Parents Reply
  • Hi,

    Did you figure out how to solve this? Problem is the spec requires the security parameters to be negotiated, so the highest common factor will be used for bonding. The application can decide what level is required to access various attributes, so you have to make sure you set the security level to highest level if that is what you require. Then the application can choose to disconnect in case the peer doesn't meet this requirement. It could also be possible to check the supported parameters in the ble_gap_evt_sec_params_request_t event. But afraid that requires some modifications to the peer manager.

Children
No Data
Related