This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

nRF52810 passkey entry

user20009 over 4 years ago

Hi Sir/Miss,

I try to implement static passkey in my project. Which is using nRF52810.

The SDK version is 17.0.2.

Softdevice is S112.

My project is based to develop on NUS.

I want to use central device to enter passkey to do pairing and bonding.

It's just like ble_app_gls example.

I refer ble_app_template example to add peer_manager and fds in project.

Reference this to do it.

#define SEC_PARAM_BOND                  1                                           /**< Perform bonding. */
#define SEC_PARAM_MITM                  1                                           /**< Man In The Middle protection required (applicable when display module is detected). */
#define SEC_PARAM_LESC                  0//1                                           /**< LE Secure Connections enabled. */
#define SEC_PARAM_KEYPRESS              0                                           /**< Keypress notifications not enabled. */
#define SEC_PARAM_IO_CAPABILITIES       BLE_GAP_IO_CAPS_DISPLAY_ONLY                /**< Display I/O capabilities. */
#define SEC_PARAM_OOB                   0                                           /**< Out Of Band data not available. */
#define SEC_PARAM_MIN_KEY_SIZE          7                                           /**< Minimum encryption key size. */
#define SEC_PARAM_MAX_KEY_SIZE          16                                          /**< Maximum encryption key size. */

And, add setup static passkey code between ble_stack_init() and advertising_start()

When I use dongle to connect nrf52810 in nRF connect, it doesn't pop up passkey entry window on it. It's connected directly.

It's different with glucose example.

How do I set it up?

Thank you.

Top Replies

0 user4240 over 4 years ago

Hello,

You should also increase the security level on your service characteristics to make pairing/bonding required. The NUS service characteristics are set to "SEC_OPEN" by default, which means the client can access them without securing the connecting first.

The security level can be set to 'SEC_MITM' when passkey pairing is supported.

For protection against passive eavesdropping (from a BT sniffer) you should also consider enabling the LESC bit. This require that you integrate the neccessary crypto libraries as in the ble_app_gls example and call the nrf_ble_lesc_request_handler() function from your main loop.

Best regards,

Vidar
Cancel
Vote Up 0 Vote Down

Cancel

0 user20009 over 4 years ago in reply to user4240

Hi,

Thank you for your reply.

There are still few questions about your tips.

I changed access to SEC_MITM in your yellow remark. After using nRF connect, it can't access these characteristics directly. Because it doesn't display passkey entry window. Does it not work in passkey?

void gap_params_init(uint8_t *dev_name, uint8_t len)
{
    uint32_t                err_code;
    ble_gap_conn_params_t   gap_conn_params;
    ble_gap_conn_sec_mode_t sec_mode;

    BLE_GAP_CONN_SEC_MODE_SET_OPEN(&sec_mode);

    err_code = sd_ble_gap_device_name_set(&sec_mode,
                                          dev_name,
                                          len);
    APP_ERROR_CHECK(err_code);

    memset(&gap_conn_params, 0, sizeof(gap_conn_params));

    gap_conn_params.min_conn_interval = MIN_CONN_INTERVAL;
    gap_conn_params.max_conn_interval = MAX_CONN_INTERVAL;
    gap_conn_params.slave_latency     = SLAVE_LATENCY;
    gap_conn_params.conn_sup_timeout  = CONN_SUP_TIMEOUT;

    err_code = sd_ble_gap_ppcp_set(&gap_conn_params);
    APP_ERROR_CHECK(err_code);
    
    // static passkey
    ble_opt_t ble_opt;
    uint8_t passkey[] = "123456";

    ble_opt.gap_opt.passkey.p_passkey = passkey;
    err_code = sd_ble_opt_set(BLE_GAP_OPT_PASSKEY, &ble_opt);
    APP_ERROR_CHECK(err_code);
}

Do you mean when device enables MITM which should also enable crypto function to get full protection?
I try to import below file to project which source is reference glucose example.

add nrf_rng.c

But, IDE displays two errors. Does it mean I import wrong file to cause RAM size not enough?

0 user4240 over 4 years ago in reply to user20009

Hi,

1. Please make sure you are not handling the following events in main.c::ble_event_handler():

- BLE_GAP_EVT_SEC_PARAMS_REQUEST

- BLE_GATTS_EVT_SYS_ATTR_MISSING

static void ble_evt_handler(ble_evt_t const * p_ble_evt, void * p_context)
{
    uint32_t err_code;

    switch (p_ble_evt->header.evt_id)
    {
        case BLE_GAP_EVT_CONNECTED:
            NRF_LOG_INFO("Connected");
            err_code = bsp_indication_set(BSP_INDICATE_CONNECTED);
            APP_ERROR_CHECK(err_code);
            m_conn_handle = p_ble_evt->evt.gap_evt.conn_handle;
            err_code = nrf_ble_qwr_conn_handle_assign(&m_qwr, m_conn_handle);
            APP_ERROR_CHECK(err_code);
            break;

        case BLE_GAP_EVT_DISCONNECTED:
            NRF_LOG_INFO("Disconnected");
            // LED indication will be changed when advertising starts.
            m_conn_handle = BLE_CONN_HANDLE_INVALID;
            break;

        case BLE_GAP_EVT_PHY_UPDATE_REQUEST:
        {
            NRF_LOG_DEBUG("PHY update request.");
            ble_gap_phys_t const phys =
            {
                .rx_phys = BLE_GAP_PHY_AUTO,
                .tx_phys = BLE_GAP_PHY_AUTO,
            };
            err_code = sd_ble_gap_phy_update(p_ble_evt->evt.gap_evt.conn_handle, &phys);
            APP_ERROR_CHECK(err_code);
        } break;
#if !PEER_MANAGER_ENABLED
        case BLE_GAP_EVT_SEC_PARAMS_REQUEST:
            // Pairing not supported
            err_code = sd_ble_gap_sec_params_reply(m_conn_handle, BLE_GAP_SEC_STATUS_PAIRING_NOT_SUPP, NULL, NULL);
            APP_ERROR_CHECK(err_code);
            break;

        case BLE_GATTS_EVT_SYS_ATTR_MISSING:
            // No system attributes have been stored.
            err_code = sd_ble_gatts_sys_attr_set(m_conn_handle, NULL, 0, 0);
            APP_ERROR_CHECK(err_code);
            break;
#endif // !PEER_MANAGER_ENABLED
        case BLE_GATTC_EVT_TIMEOUT:
            // Disconnect on GATT Client timeout event.
            err_code = sd_ble_gap_disconnect(p_ble_evt->evt.gattc_evt.conn_handle,
                                             BLE_HCI_REMOTE_USER_TERMINATED_CONNECTION);
            APP_ERROR_CHECK(err_code);
            break;

        case BLE_GATTS_EVT_TIMEOUT:
            // Disconnect on GATT Server timeout event.
            err_code = sd_ble_gap_disconnect(p_ble_evt->evt.gatts_evt.conn_handle,
                                             BLE_HCI_REMOTE_USER_TERMINATED_CONNECTION);
            APP_ERROR_CHECK(err_code);
            break;

        default:
            // No implementation needed.
            break;
    }
}

The peer manager is responsible for handling these events when enabled.

2. Yes. The encryption keys are sent on-air in cleartext when you use legacy pairing. This means that a BT sniffer can fetch the encryption key if it's listening during key exchange.

3. Yes, it looks like you have run out of RAM. Maybe you are including the wrong crypto libraries. I suggest you use the ble_app_hrs/pca10040e project as a reference for which crypto related configuration settings and source files to use for this chip variant.

Best regards,

Vidar

0 user20009 over 4 years ago in reply to user4240

Hi,

1. In my project, I add #if !PEER_MANAGER_ENABLED and #endif between BLE_GAP_EVT_SEC_PARAMS_REQUEST and BLE_GATTS_EVT_SYS_ATTR_MISSING in main.c. The nRF connect still can't pop up passkey entry window. I also import these files and modify on ble_app_uart example (PCA10040e). The result is same. Please help to solve it. Thank you.
Cancel
Vote Up 0 Vote Down

Cancel
0 user4240 over 4 years ago in reply to user20009

Hi,

Are you able to share the full project so I can try to debug it here?
Cancel
Vote Up 0 Vote Down

Cancel