Hi Dialog ,
I have two devices BLE central and peripheral made of da14583 exchanging data on connection .I want to implement bonding , so I made the changes on peripheral side as suggested in tutorial_5 ble_security_example.pdf. But on Central side I cannot find procedure to implement bonding .I also went through sps_host example but no implementation. Going through RW-BLE-GAP-IS.pdf I got to know that bonding procedure needs to be initiated from master side using the command :GAPC_BOND_CMD. I have requested security on peripheral through GAPC_SECURITY_CMD and successfully receive an indication GAPC_SECURITY_IND on master .I need help to write a procedure to initiate bonding from master on security request.
Thanks,
Regards,
Dhiraj
Device:
Hi dhirajp15,
Unfortunatelly there is no example that will guide you through the security procedure of a central, but as the document indicates you will need to issue a GAPC_BOND_CMD in order to start the procedure, so you can just send the GAPC_BOND_CMD as soon as the handler for the GAPC_SECURITY_IND is triggered. So you can just create a callback that will send the GAPC_BOND_CMD, just like below:
struct gapc_bond_cmd *msg;
msg = (struct gapc_bond_cmd *) KE_MSG_ALLOC(GAPC_BOND_CMD, TASK_GAPC,TASK_APP, gapc_bond_cmd);
and then attach your callback in the .app_on_security_req_ind hook.
Thansk MT_dialog
Hi MT_Dialog,
I am using Justworks security level for bonding with folowing configuration:
static const struct security_configuration user_security_configuration = {
.oob = GAP_OOB_AUTH_DATA_NOT_PRESENT,
.key_size = KEY_LEN,
.iocap = GAP_IO_CAP_NO_INPUT_NO_OUTPUT,
.auth = GAP_AUTH_REQ_NO_MITM_BOND,
.sec_req = GAP_SEC1_NOAUTH_PAIR_ENC,
.ikey_dist = GAP_KDIST_SIGNKEY,
.rkey_dist = GAP_KDIST_ENCKEY,
.tk={
.key={0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},
},
.csrk={
.key={0xAB,0xAB,0x45,0x55,0x23,0x01,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0},
},
};
我在韩user_catch_rest GAPC_BOND_CMD实现dler cb on GAPC_SECURITY_IND as suggested. So the peripheral gets a pairing request and it provides a pairing response .After this I get app_on_pairing_succeded callback on central device .I also receive GAPC_BOND_IND with msg_param->info==GAPC_LTK_EXCH here I initiate a GAPC_ENCRYPT_CMD sending the long term key received previously.Further I receive app_on_encryption_ind callback followed by GAPC_CMP_EVT with msg_param->operation==GAPC_ENCRYPT and msg_param->status =00 which indicates that encryption is completed with no errors .Is this the correct way to implement bonding on central device?Are there any more commands I am missing?
thanks ,
regards,
dhiraj
Hi dhirajp15,
If i properly understand what the sequence that you describe is, when the GAPC_BOND_IND comes with the GAPC_LTK_EXCH, it means that the device obtained the LTK key, when you receive that key you should store it, not initiate a GAPC_ENCRYPT_CMD (what kind keys are distributed over the air depends on the application). The GAPC_ENCRYPT command is in order to encrypt the link after the bonding procedure is over, and the pairing has succeded, and if you would like to encrypt the link with the LTK instead of the TK (which is the current encryption of the link), then you can send a encryption command. For example you can send an encryption command in the app_on_pairing_succeded.
Thanks MT_dialog
Hi MT_dialog,
Thanks for the help. I did the suggested changes and was able to complete the bonding process successfully. Now on re-connection If i don't want to repeat the paring procedure (assuming I have bonding data present- LTK,Ediv,randnb),the RW_BLE_GAP_IS.pdf suggests:
"When receiving the security request indication, master of the link can decide to initiate pairing or encryption
according to its bond data". --page 95.
So on master side if I receive GAPC_SECURITY_IND , should i keep a check whether to issue a GAPC_BOND_CMD or GAPC_ENCRYPT_CMD (previous bonded)??
Thanks ,
regards,
Dhiraj
Hi dhirajp15,
Since the bonding is complete and then the device is disconnected that means that both of the devices are bonded and retain their bonding data, so there is no need to execute the bonding procedure again in order to reconnect with security. So when the devices are bonded the central should issue a ecryption command in order to encrypt the link, so yes the master should check if its bonded or not in order to issue either a bonding command or an encryption command.
Thanks MT_dialog
Hi MT_Dialog,
Thanks for the help!
Regards,
Dhiraj