nrf51288-DK BLE peripheral security

You are reading a single comment by @cefitzger and its replies. Click here to read the full conversation.

•

Gordon

Looks like NRF.setSecurity updates the peer manager settings immediately and also saves state so it can be restored at startup. This wasn't added to what the dump() command returned, but I just fixed that.

If you're interested:

https://github.com/espruino/Espruino/blob/master/targets/nrf5x/bluetooth.c#L1849
https://github.com/espruino/Espruino/blob/master/targets/nrf5x/bluetooth.c#L1834

However pm_sec_params_set states:

Function for providing pairing and bonding parameters to use for pairing procedures.

Which implies that when pairing those security requirements will be used, but perhaps something else needs setting to ensure that pairing is forced?

•

cefitzger in reply to @Gordon

Pairing and bonding are forced with the request from the master (AuthReq with the bonding flag set to 0x01) but the Pixl doesn't reply with LESC or MITM as per the NRF.setSecurity configuration. In fact it adheres exactly to the definition just above the links you provide in the bluetooth.c code:

static ble_gap_sec_params_t get_gap_sec_params() {
  ble_gap_sec_params_t sec_param;
  memset(&sec_param, 0, sizeof(ble_gap_sec_params_t));

  // Security parameters to be used for all security procedures.
  // All set to 0 beforehand, so
  sec_param.bond           = 1;                     /**< Perform bonding. */
  //sec_param.mitm           = 0;                     /**< Man In The Middle protection not required. */
  //sec_param.lesc           = 0;                     /**< LE Secure Connections not enabled. */
  //sec_param.keypress       = 0;                     /**< Keypress notifications not enabled. */
  sec_param.io_caps        = BLE_GAP_IO_CAPS_NONE;  /**< No I/O capabilities. */
  //sec_param.oob            = 0;                     /**< Out Of Band data not available. */
  sec_param.min_key_size   = 7;                     /**< Minimum encryption key size. */
  sec_param.max_key_size   = 16;

This is the exact configuration proposed by the Pixl to the central as seen in the trace.

I haven't got a build environment set up - any chance you could supply a build with the following parameter definitions for me to test in case it's the update process that isn't working?

static ble_gap_sec_params_t get_gap_sec_params() {
  ble_gap_sec_params_t sec_param;
  memset(&sec_param, 0, sizeof(ble_gap_sec_params_t));

  // Security parameters to be used for all security procedures.
  // All set to 0 beforehand, so
  sec_param.bond           = 1;                     /**< Perform bonding. */
  sec_param.mitm           = 1;                     /**< Man In The Middle protection required. */
  sec_param.lesc           = 1;                     /**< LE Secure Connections enabled. */
  //sec_param.keypress       = 0;                     /**< Keypress notifications not enabled. */
  sec_param.io_caps        = BLE_GAP_IO_CAPS_NONE;  /**< No I/O capabilities. */
  //sec_param.oob            = 0;                     /**< Out Of Band data not available. */
  sec_param.min_key_size   = 7;                     /**< Minimum encryption key size. */
  sec_param.max_key_size   = 16;

nrf51288-DK BLE peripheral security

About

Espruino