diff --git a/doc/nrf/libraries/bluetooth/mesh/vnd/images/bt_mesh_le_pair_resp.svg b/doc/nrf/libraries/bluetooth/mesh/vnd/images/bt_mesh_le_pair_resp.svg
index f02269c0389..628b761caa0 100644
--- a/doc/nrf/libraries/bluetooth/mesh/vnd/images/bt_mesh_le_pair_resp.svg
+++ b/doc/nrf/libraries/bluetooth/mesh/vnd/images/bt_mesh_le_pair_resp.svg
@@ -1,210 +1,446 @@
-
+
diff --git a/doc/nrf/libraries/bluetooth/mesh/vnd/le_pair_resp.rst b/doc/nrf/libraries/bluetooth/mesh/vnd/le_pair_resp.rst
index 68978b09884..b9bb7218615 100644
--- a/doc/nrf/libraries/bluetooth/mesh/vnd/le_pair_resp.rst
+++ b/doc/nrf/libraries/bluetooth/mesh/vnd/le_pair_resp.rst
@@ -7,21 +7,18 @@ LE Pairing Responder
:local:
:depth: 2
-The LE Pairing Responder model is a vendor model.
+The LE Pairing Responder model is a vendor model and you must enable the :kconfig:option:`CONFIG_BT_APP_PASSKEY` Kconfig option to use this model.
This model can be used to hand over a passkey that will authenticate a Bluetooth LE connection over a mesh network when it is not possible to use other pairing methods.
-Before the pairing is initiated, an initiator should send an LE Pairing message with Passkey Reset sub-opcode to set a new passkey for the next pairing request.
+Before the pairing is initiated, an initiator must send an LE Pairing message with the Passkey Reset sub-opcode.
+If the passkey has been set by the :c:func:`bt_mesh_le_pair_resp_passkey_set` function, the predefined passkey will be returned in the Passkey Status message.
+Otherwise, a new passkey will be generated by LE Pairing Responder model and returned in the Passkey Status message.
The passkey returned in the LE Pairing message with the Passkey Status sub-opcode should be used for the next pairing.
-The passkey is generated using the :c:func:`bt_rand` function and set to the host using the :c:func:`bt_passkey_set` function.
-The latter requires the :kconfig:option:`CONFIG_BT_FIXED_PASSKEY` option to be enabled.
-
-.. note::
- The warning generated by the :kconfig:option:`CONFIG_BT_FIXED_PASSKEY` option should be disregarded as long as the application always invalidates the previously used passkey by calling the :c:func:`bt_mesh_le_pair_resp_passkey_invalidate` function regardless of the pairing result (see below).
-
-This model requires an application to only enable the display capability for the LE pairing by setting the :c:member:`bt_conn_auth_cb.pairing_display` callback.
-After every pairing request, the application must invalidate the previously used passkey by calling the :c:func:`bt_mesh_le_pair_resp_passkey_invalidate` function.
-This function can be called from callbacks :c:member:`bt_conn_auth_info_cb.pairing_complete` and :c:member:`bt_conn_auth_info_cb.pairing_failed`.
+This model requires an application to only enable the display capability for the LE pairing by setting the :c:member:`bt_conn_auth_cb.passkey_display` callback.
+The application must also set the :c:member:`bt_conn_auth_cb.app_passkey` callback to use the passkey generated by LE Pairing Responder model.
+After every pairing request, the application must invalidate the previously used passkey by calling the :c:func:`bt_mesh_le_pair_resp_passkey_invalidate` function or calling :c:func:`bt_mesh_le_pair_resp_passkey_set` with the :c:macro:`BT_PASSKEY_RAND` value.
+Those functions can be called from callbacks :c:member:`bt_conn_auth_info_cb.pairing_complete` and :c:member:`bt_conn_auth_info_cb.pairing_failed`.
See the :file:`samples/bluetooth/mesh/common/smp_bt_auth.c` file for the reference.
.. figure:: images/bt_mesh_le_pair_resp.svg
diff --git a/doc/nrf/releases_and_maturity/migration/migration_guide_3.2.rst b/doc/nrf/releases_and_maturity/migration/migration_guide_3.2.rst
index d84a51ac2e1..5bbc08f1d4d 100644
--- a/doc/nrf/releases_and_maturity/migration/migration_guide_3.2.rst
+++ b/doc/nrf/releases_and_maturity/migration/migration_guide_3.2.rst
@@ -110,6 +110,24 @@ Matter
To fix this, you must now manually create the :file:`CodeDrivenCallback.h` and :file:`CodeDrivenInitShutdown.cpp` files, and implement the ``MatterClusterServerInitCallback`` and ``MatterClusterServerShutdownCallback`` callbacks to handle server initialization, shutdown, and Matter cluster commands.
Ensure that these callbacks contain your application's command handling logic as required.
+ * :ref:`matter_lock_sample` sample:
+
+ * The :kconfig:option:`CONFIG_BT_FIXED_PASSKEY` Kconfig option has been deprecated, replace it with the :kconfig:option:`CONFIG_BT_APP_PASSKEY` Kconfig option.
+ Now, if you want to use a fixed passkey for the Matter Lock NUS service, register the :c:member:`bt_conn_auth_cb.app_passkey` callback in the :c:struct:`bt_conn_auth_cb` structure.
+
+ For example:
+
+ .. code-block:: c
+
+ static uint32_t AuthAppPasskey(struct bt_conn *conn)
+ {
+ return 123456;
+ }
+
+ static struct bt_conn_auth_cb sConnAuthCallbacks = {
+ .app_passkey = AuthAppPasskey,
+ };
+
Serial LTE modem
----------------
diff --git a/doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst b/doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst
index b246ef630bc..67943a9aeb4 100644
--- a/doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst
+++ b/doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst
@@ -198,6 +198,10 @@ Bluetooth Mesh
* Deprecated the :kconfig:option:`CONFIG_BT_MESH_NLC_PERF_CONF` and :kconfig:option:`CONFIG_BT_MESH_NLC_PERF_DEFAULT` Kconfig options.
Existing configurations continue to work but you should migrate to individual profile options.
+* Updated the LE Pairing Responder model:
+
+ * Deprecated the :kconfig:option:`CONFIG_BT_FIXED_PASSKEY` option in favor of the new and supported :kconfig:option:`CONFIG_BT_APP_PASSKEY` option.
+
DECT NR+
--------
@@ -484,6 +488,10 @@ Bluetooth Mesh samples
* Support for external flash memory for the ``nrf52840dk/nrf52840`` and the ``nrf54l15dk/nrf54l15/cpuapp`` as the secondary partition for the DFU process.
+ * Updated:
+
+ * The sample to use the :kconfig:option:`CONFIG_BT_APP_PASSKEY` option instead of the deprecated :kconfig:option:`CONFIG_BT_FIXED_PASSKEY` option.
+
* :ref:`ble_mesh_dfu_target` sample:
* Added:
@@ -707,6 +715,7 @@ Matter samples
* Added a callback for the auto-relock feature.
This resolves the :ref:`known issue ` KRKNWK-20691.
+ * Updated the NUS service to use the :kconfig:option:`CONFIG_BT_APP_PASSKEY` Kconfig option instead of the deprecated :kconfig:option:`CONFIG_BT_FIXED_PASSKEY` Kconfig option.
Networking samples
------------------
diff --git a/include/bluetooth/mesh/vnd/le_pair_resp.h b/include/bluetooth/mesh/vnd/le_pair_resp.h
index 3486c4eeec4..0f2a4c9b92e 100644
--- a/include/bluetooth/mesh/vnd/le_pair_resp.h
+++ b/include/bluetooth/mesh/vnd/le_pair_resp.h
@@ -32,22 +32,35 @@ extern "C" {
_bt_mesh_le_pair_resp_op, NULL, NULL, \
&_bt_mesh_le_pair_resp_cb)
-/* @brief Invalidate previously used passkey.
+/** @brief Invalidate previously used passkey.
*
* A user must call this function when a pairing request completes regardless of the status.
*/
void bt_mesh_le_pair_resp_passkey_invalidate(void);
-/* @brief Set own passkey instead of using randomly generating passkeys.
+/** @brief Set own passkey instead of using randomly generating passkeys.
*
* By default, passkeys will be randomly generated on every new request. This function allows to use
* pre-defined passkey instead.
*
- * @params passkey Passkey to use for the pairing, or @ref BT_PASSKEY_INVALID to use randomly
+ * @param passkey Passkey to use for the pairing, or BT_PASSKEY_RAND to use randomly
* generated passkey again.
*/
void bt_mesh_le_pair_resp_passkey_set(uint32_t passkey);
+/** @brief Get passkey to be used in the very next pairing.
+ *
+ * This function will return the passkey set by the @ref bt_mesh_le_pair_resp_passkey_set function
+ * or it will return a randomly generated passkey by the reset message.
+ *
+ * If the passkey has never been set or the Reset message has never been received,
+ * BT_PASSKEY_RAND will be returned.
+ *
+ * @return Passkey to be used in the very next pairing;
+ * BT_PASSKEY_RAND if passkey is not set.
+ */
+uint32_t bt_mesh_le_pair_resp_passkey_get(void);
+
/** @cond INTERNAL_HIDDEN */
extern const struct bt_mesh_model_op _bt_mesh_le_pair_resp_op[];
diff --git a/samples/bluetooth/mesh/common/smp_bt_auth.c b/samples/bluetooth/mesh/common/smp_bt_auth.c
index 9a60b9d1af2..7931051bc68 100644
--- a/samples/bluetooth/mesh/common/smp_bt_auth.c
+++ b/samples/bluetooth/mesh/common/smp_bt_auth.c
@@ -47,12 +47,18 @@ static void pairing_confirm(struct bt_conn *conn)
printk("Pairing confirmed: %s\n", addr);
}
+static uint32_t app_passkey(struct bt_conn *conn)
+{
+ return bt_mesh_le_pair_resp_passkey_get();
+}
+
static struct bt_conn_auth_cb auth_cb = {
/* Enable passkey_display callback to enable the display capability. */
.passkey_display = passkey_display,
/* These 2 callbacks are required for passkey_display callback. */
.cancel = cancel,
.pairing_confirm = pairing_confirm,
+ .app_passkey = app_passkey,
};
static void pairing_complete(struct bt_conn *conn, bool bonded)
diff --git a/samples/bluetooth/mesh/dfu/distributor/overlay-smp-bt-auth.conf b/samples/bluetooth/mesh/dfu/distributor/overlay-smp-bt-auth.conf
index 57599466ce0..d1a0243088a 100644
--- a/samples/bluetooth/mesh/dfu/distributor/overlay-smp-bt-auth.conf
+++ b/samples/bluetooth/mesh/dfu/distributor/overlay-smp-bt-auth.conf
@@ -1,6 +1,6 @@
CONFIG_MCUMGR_TRANSPORT_BT_PERM_RW_AUTHEN=y
CONFIG_BT_SMP=y
-CONFIG_BT_FIXED_PASSKEY=y
+CONFIG_BT_APP_PASSKEY=y
CONFIG_BT_MESH_LE_PAIR_RESP=y
CONFIG_BT_SMP_SC_ONLY=y
CONFIG_BT_SMP_ALLOW_UNAUTH_OVERWRITE=n
diff --git a/samples/matter/common/src/bt_nus/bt_nus_service.cpp b/samples/matter/common/src/bt_nus/bt_nus_service.cpp
index af067d10713..333731e0e67 100644
--- a/samples/matter/common/src/bt_nus/bt_nus_service.cpp
+++ b/samples/matter/common/src/bt_nus/bt_nus_service.cpp
@@ -31,6 +31,9 @@ BT_CONN_CB_DEFINE(conn_callbacks) = {
bt_conn_auth_cb Nrf::NUSService::sConnAuthCallbacks = {
.passkey_display = AuthPasskeyDisplay,
.cancel = AuthCancel,
+#if defined(CONFIG_BT_APP_PASSKEY)
+ .app_passkey = AuthAppPasskey,
+#endif /* defined(CONFIG_BT_APP_PASSKEY) */
};
bt_conn_auth_info_cb Nrf::NUSService::sConnAuthInfoCallbacks = {
.pairing_complete = PairingComplete,
@@ -40,7 +43,8 @@ bt_nus_cb Nrf::NUSService::sNusCallbacks = {
.received = RxCallback,
};
-namespace Nrf {
+namespace Nrf
+{
NUSService NUSService::sInstance;
@@ -234,6 +238,14 @@ void NUSService::AuthPasskeyDisplay(bt_conn *conn, unsigned int passkey)
LOG_INF("PROVIDE THE FOLLOWING CODE IN YOUR MOBILE APP: %d", passkey);
}
+#if defined(CONFIG_BT_APP_PASSKEY)
+uint32_t NUSService::AuthAppPasskey(bt_conn *conn)
+{
+ return CONFIG_CHIP_NUS_FIXED_PASSKEY;
+}
+#endif /* defined(CONFIG_BT_APP_PASSKEY) */
+
+
void NUSService::AuthCancel(bt_conn *conn)
{
LOG_INF("NUS BT Pairing cancelled: %s", LogAddress(conn));
diff --git a/samples/matter/common/src/bt_nus/bt_nus_service.h b/samples/matter/common/src/bt_nus/bt_nus_service.h
index f28a7415c9f..063b066ce6d 100644
--- a/samples/matter/common/src/bt_nus/bt_nus_service.h
+++ b/samples/matter/common/src/bt_nus/bt_nus_service.h
@@ -85,6 +85,9 @@ class NUSService {
static void PairingComplete(struct bt_conn *conn, bool bonded);
static void PairingFailed(struct bt_conn *conn, enum bt_security_err reason);
static char* LogAddress(struct bt_conn *conn);
+#if defined(CONFIG_BT_APP_PASSKEY)
+ static uint32_t AuthAppPasskey(struct bt_conn *conn);
+#endif /* defined(CONFIG_BT_APP_PASSKEY) */
static struct bt_conn_auth_cb sConnAuthCallbacks;
static struct bt_conn_auth_info_cb sConnAuthInfoCallbacks;
diff --git a/samples/matter/lock/sample.yaml b/samples/matter/lock/sample.yaml
index 38e6930d1d1..7698f288fac 100644
--- a/samples/matter/lock/sample.yaml
+++ b/samples/matter/lock/sample.yaml
@@ -124,7 +124,7 @@ tests:
build_only: true
extra_args:
- CONFIG_CHIP_NUS=y
- - CONFIG_BT_FIXED_PASSKEY=y
+ - CONFIG_BT_APP_PASSKEY=y
- CONFIG_CHIP_NUS_FIXED_PASSKEY=112233
integration_platforms:
- nrf52840dk/nrf52840
diff --git a/subsys/bluetooth/mesh/vnd/Kconfig b/subsys/bluetooth/mesh/vnd/Kconfig
index 46b0706be65..904513e5171 100644
--- a/subsys/bluetooth/mesh/vnd/Kconfig
+++ b/subsys/bluetooth/mesh/vnd/Kconfig
@@ -85,10 +85,10 @@ config BT_MESH_DM_SRV_REFLECTOR_RANGING_WINDOW_US
endif # BT_MESH_DM_SRV
config BT_MESH_LE_PAIR_RESP
- bool "LE Pairing Responder model"
+ bool "LE Pairing Responder model [EXPERIMENTAL]"
select BT_MESH_VENDOR_MODELS
select EXPERIMENTAL
- depends on BT_FIXED_PASSKEY
+ depends on BT_APP_PASSKEY
depends on BT_SMP_SC_ONLY
help
Enable the LE Pairing Responder model. The LE Pairing Responder model is used to generate
diff --git a/subsys/bluetooth/mesh/vnd/le_pair_resp.c b/subsys/bluetooth/mesh/vnd/le_pair_resp.c
index 4755dd97676..af3d7f02abd 100644
--- a/subsys/bluetooth/mesh/vnd/le_pair_resp.c
+++ b/subsys/bluetooth/mesh/vnd/le_pair_resp.c
@@ -24,14 +24,13 @@ LOG_MODULE_REGISTER(bt_mesh_le_pair_resp);
#define STATUS_PASSKEY_SET 0x00
#define STATUS_PASSKEY_NOT_SET 0x01
-static uint32_t predefined_passkey = BT_PASSKEY_INVALID;
+static uint32_t predefined_passkey = BT_PASSKEY_RAND;
static int handle_reset(const struct bt_mesh_model *model, struct bt_mesh_msg_ctx *ctx,
struct net_buf_simple *buf)
{
uint32_t passkey;
uint8_t status = STATUS_PASSKEY_SET;
- int err;
if (buf->len != 0) {
return -EINVAL;
@@ -39,16 +38,15 @@ static int handle_reset(const struct bt_mesh_model *model, struct bt_mesh_msg_ct
BT_MESH_MODEL_BUF_DEFINE(rsp, BT_MESH_LE_PAIR_OP, 5);
- if (predefined_passkey != BT_PASSKEY_INVALID) {
+ if (predefined_passkey != BT_PASSKEY_RAND) {
passkey = predefined_passkey;
} else {
passkey = sys_rand32_get() % 1000000;
- }
-
- err = bt_passkey_set(passkey);
- if (err) {
- LOG_ERR("Unable to set passkey (err: %d)", err);
- status = STATUS_PASSKEY_NOT_SET;
+ /* Overwrite the predefined passkey with the randomly generated passkey.
+ * LE pair responder can use the randomly generated passkey for the next
+ * pairing request.
+ */
+ predefined_passkey = passkey;
}
bt_mesh_model_msg_init(&rsp, BT_MESH_LE_PAIR_OP);
@@ -112,10 +110,15 @@ const struct bt_mesh_model_cb _bt_mesh_le_pair_resp_cb = {
void bt_mesh_le_pair_resp_passkey_invalidate(void)
{
- (void)bt_passkey_set(BT_PASSKEY_INVALID);
+ predefined_passkey = BT_PASSKEY_RAND;
}
void bt_mesh_le_pair_resp_passkey_set(uint32_t passkey)
{
predefined_passkey = passkey;
}
+
+uint32_t bt_mesh_le_pair_resp_passkey_get(void)
+{
+ return predefined_passkey;
+}
diff --git a/west.yml b/west.yml
index 088e5bed737..72a1328aa10 100644
--- a/west.yml
+++ b/west.yml
@@ -64,7 +64,7 @@ manifest:
# https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/zephyr/guides/modules.html
- name: zephyr
repo-path: sdk-zephyr
- revision: 0985cced399a26c994a0736ba8c00dc852e22ec3
+ revision: d54a7f811327fe9cc3da2dffa7365de96c999c08
import:
# In addition to the zephyr repository itself, NCS also
# imports the contents of zephyr/west.yml at the above
@@ -155,7 +155,7 @@ manifest:
- name: matter
repo-path: sdk-connectedhomeip
path: modules/lib/matter
- revision: 4c78bef4bfc9b66d8d4ed44813cf7560efe69323
+ revision: c9826122fccab36e7caec9654bd1c0fdd1d27242
west-commands: scripts/west/west-commands.yml
submodules:
- name: nlio