Client pairing and bonding

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
RoHe_4370821
Level 4
Level 4
25 replies posted 25 sign-ins 10 replies posted

Dear Support,

I have a question regarding the procedure for BLE client to pair and bond to a BLE server. I am using 4343W (Murata 1dx module) and WICED Version: Wiced_006.006.000.0009

I am currently using the following API function: 

wiced_result_t wiced_bt_dev_sec_bond (wiced_bt_device_address_t bd_addr, wiced_bt_ble_address_type_t bd_addr_type, wiced_bt_transport_t transport, uint8_t pin_len, uint8_t *p_pin);

Upon initial connection, when I call the above function the result is always WICED_BT_PENDING.
A pairing IO capabilities request event occurs, to which my client sets the parameters in the callback.
The BTM_ENCRYPTION_STATUS_EVT event is called with the WICED_SUCCESS result (link encrypted).
The BTM_PAIRED_DEVICE_LINK_KEYS_UPDATE_EVT event is called and my application saves the link keys.

My question is:
How does my application to re-use the bond and encrypt the link using the saved keys for subsequent connections?

I only see the above API function and another one:

wiced_result_t wiced_bt_dev_set_encryption (wiced_bt_device_address_t bd_addr, wiced_bt_transport_t transport, void *p_ref_data);

The latter always returns 8036 (WICED_BT_WRONG_MODE).
If I call wiced_bt_dev_sec_bond() upon every connection, then it seems a new key exchange occurs as described above.

Please describe the correct process for establishing the encrypted link (pairing) and saving the keys for re-use (bonding) and describe how the application should ensure the bond is re-used (the saved keys are used to encrypt the link on subsequent connections).

Regards,
Rob

 

0 Likes
1 Solution
DheerajPK_41
Moderator
Moderator
Moderator
750 replies posted 500 likes received 500 replies posted

Hi,

wiced_bt_dev_sec_bond() initiate the pairing. ie. If the connection is already up, but not secure, pairing is attempted. wiced_bt_dev_set_encryption() Encrypt the specified connection. ie. If the peer already paired then just initiate encryption.

You can refer below application for understanding the usage. 

https://github.com/Infineon/mtb-example-btsdk-ble-hello-client/blob/master/hello_client.c

Thanks,

-Dheeraj.P.K

View solution in original post

0 Likes
4 Replies
RoHe_4370821
Level 4
Level 4
25 replies posted 25 sign-ins 10 replies posted

I should add that I have tried inserting the saved keys into the p_event_data->paired_device_link_keys_request upon receipt of the BTM_PAIRED_DEVICE_LINK_KEYS_REQUEST_EVT.

0 Likes
RoHe_4370821
Level 4
Level 4
25 replies posted 25 sign-ins 10 replies posted

I think I may have resolved this issue myself by entering a suitable parameter into the function, as follows:

enum wiced_bt_ble_sec_flags_e security = BTM_SEC_LE_LINK_PAIRED_WITHOUT_MITM;
result = wiced_bt_dev_set_encryption(g_tx_info.nv_data.tx_addr, BT_TRANSPORT_LE, &security);

The above results in WICED_BT_PENDING being returned and the BTM_ENCRYPTION_STATUS_EVT arrives soon after with WICED_SUCCESS == p_event_data->encryption_status.result

I will verify by printing the keys and by use of BLE sniffer.

0 Likes
DheerajPK_41
Moderator
Moderator
Moderator
750 replies posted 500 likes received 500 replies posted

Hi,

wiced_bt_dev_sec_bond() initiate the pairing. ie. If the connection is already up, but not secure, pairing is attempted. wiced_bt_dev_set_encryption() Encrypt the specified connection. ie. If the peer already paired then just initiate encryption.

You can refer below application for understanding the usage. 

https://github.com/Infineon/mtb-example-btsdk-ble-hello-client/blob/master/hello_client.c

Thanks,

-Dheeraj.P.K

0 Likes
RoHe_4370821
Level 4
Level 4
25 replies posted 25 sign-ins 10 replies posted

Thank you Dheeraj.P.K.

I already figured as much and have the pairing and bonding working satisfactorily now. You're example is in essence the same as my implementation, just I am needing to using BTM_SEC_LE_LINK_PAIRED_WITHOUT_MITM as the third param to wiced_bt_dev_set_encryption() instead.

Thanks and regards,
Rob