Is there a way to reject BLE connection based on security mode? I want to accept only connections with Security Mode 1, Level 4.
This is the setting I used when connecting.
p_event_data->pairing_io_capabilities_ble_request.local_io_cap = BTM_IO_CAPABILITIES_DISPLAY_ONLY;
p_event_data->pairing_io_capabilities_ble_request.oob_data = BTM_OOB_NONE;
p_event_data->pairing_io_capabilities_ble_request.auth_req = BTM_LE_AUTH_REQ_SC_MITM_BOND;
p_event_data->pairing_io_capabilities_ble_request.max_key_size = 0x10;
p_event_data->pairing_io_capabilities_ble_request.init_keys = BTM_LE_KEY_PENC | BTM_LE_KEY_PID;
p_event_data->pairing_io_capabilities_ble_request.resp_keys = BTM_LE_KEY_PENC | BTM_LE_KEY_PID;
I use a nRF52840 Bluetooth USB dongle to connect. It can change its IO and security settings. If I configure the nRF52840 with LE Secure Connection, Keyboard, and Display, the connection will be Security Mode 1, Level 4. If I configure the nRF52840 without LE Secure Connection, Keyboard, and Display, the connection will be Security Mode 1, Level 2. I want the Bluetooth stack to reject this connection.
I found this page that has a function (wiced_bt_ble_get_security_state) to check the security. It indicates if the connection is encrypted and paired with MITM. But it doesn't indicate if the connection is LE Secure. Is there any data structure or other API to check if a connection is LE Secure?
There is a function called wiced_bt_gatt_disconnect(). Where should I put it? It doesn't work when I put it under case BTM_PAIRING_COMPLETE_EVT.
I'm trying to check if a connection is LE Secure. If it isn't, then the device should initiate a disconnect.
Please try to set the security_requirement_mask to BTM_SEC_SECURE_CONNECTION in the wiced_bt_cfg.c file. I think this will force the connection to use a secure connection.
You can put the wiced_bt_gatt_disconnect() after the gatt connection event. Please make sure you are using the correct connection id.
The security_requirement_mask is BTM_SEC_SECURE_CONNECTION. I tried changing it to different values but it doesn't make a difference.
I got the disconnect to work by putting wiced_bt_gatt_disconnect() in wiced_bt_gatt_server_request_handler.
The firmware I'm using is BCM4345C0_003.001.025.0172.0344.
I found this comment that says:
The .security_requirement_mask is not used for LE, so you can omit it.
Can you confirm this?
I'm using ble_hellor_sensor application with BCM4345C0_003.001.025.0172.0344.
Sorry for the mistake in the last reply. The security_requirement_mask is only used for BT application.
Could your problem resolved by wiced_bt_gatt_disconnect() as a workaround?
I can use wiced_bt_gatt_disconnect() but there is no method to differentiate security level 3 and level 4. When I use wiced_bt_ble_get_security_state(), they get the same value for the security flag. Also, wiced_bt_gatt_disconnect() only works after the device is connected. It is better if the stack can reject the connection before entering the passkey.
Which host and stack are you using? Could you see the API wiced_bt_dev_configure_secure_connections_only_mode?
I'm using ble_hellor_sensor application with BCM4345C0_003.001.025.0172.0344. The project is for NXP RT1052 chip. How do I check the stack version? I don't see the API wiced_bt_dev_configure_secure_connections_only_mode in wiced_bt_dev.h.
What is BSA?
I got the project from Murata support. The library being used is libwicedble.a.