You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mynewt.apache.org by Amr Bekhit <am...@gmail.com> on 2018/07/06 12:43:00 UTC
BLE security/encryption/passkey authentication
Hello all,
Is there any documentation regarding the security aspects of Nimble
(.e.g pairing, bonding, passkeys etc)? The mynewt documentation covers
the basic advertising and GATT systems quite well, and am happily
using those, but I'm struggling to find any information on the
security side of things.
Amr
Re: BLE security/encryption/passkey authentication
Posted by Andrzej Kaczmarek <an...@codecoup.pl>.
FYI: seems like it works fine if you enter passkey with leading zeroes
in Android (e.g. "001234" instead of "1234"). Not sure why it works
like this as passkey is handled as integer value during pairing
process, but Android is apparently full of surprises ;-)
Best,
Andrzej
On Mon, Jul 9, 2018 at 11:49 PM Andrzej Kaczmarek
<an...@codecoup.pl> wrote:
>
> Hi,
>
> You code looks ok. However, I noticed strange thing when testing with
> Android phone on my side: pairing fails if specified passkey has less
> than 6 digits (i.e. <100000). This does not seem to be issue in NimBLE
> since the same happens when trying to pair Android with BlueZ while
> pairing between NimBLE and BlueZ works just fine. Looks like some
> issue in Android LE SC implementation tbh...
>
> So please try with 6 digits passkey (i.e. >=100000) and it should work.
>
> Best,
> Andrzej
>
>
> On Mon, Jul 9, 2018 at 12:08 PM Amr Bekhit <am...@gmail.com> wrote:
> >
> > Hi Andrzej,
> >
> > Below is my GAP event callback function and the console output when I
> > attempt to bond with my device (I'm using the Nordic nRF Connect app
> > on my phone to interact with the device):
> >
> > static int bleprph_gap_event(struct ble_gap_event *event, void *arg) {
> > int rc = 0;
> >
> > switch(event->type) {
> > case BLE_GAP_EVENT_CONNECT:
> > console_printf("Connected\n");
> > break;
> >
> > case BLE_GAP_EVENT_DISCONNECT:
> > console_printf("Disconnected\n");
> > ble_advertise();
> > break;
> >
> > case BLE_GAP_EVENT_CONN_UPDATE:
> > console_printf("Connection updated\n");
> > break;
> >
> > case BLE_GAP_EVENT_CONN_UPDATE_REQ:
> > console_printf("Connection update requested\n");
> > break;
> >
> > case BLE_GAP_EVENT_PASSKEY_ACTION: {
> > console_printf("Passkey Request. Action: %d, Numcmp: %lu\n",
> > event->passkey.params.action,
> > event->passkey.params.numcmp);
> >
> > if (event->passkey.params.action == BLE_SM_IOACT_DISP) {
> > struct ble_sm_io pk;
> > pk.action = event->passkey.params.action;
> > pk.passkey = 4539;
> > rc = ble_sm_inject_io(event->passkey.conn_handle, &pk);
> > console_printf("ble_sm_inject_io result: %d\n", rc);
> > }
> > break;
> > }
> >
> > default:
> > console_printf("GAP Event: %i\n", event->type);
> > }
> >
> > return rc;
> > }
> >
> > 001039 Passkey Request. Action: 3, Numcmp: 0
> > 001040 ble_sm_inject_io result: 0
> > 001639 GAP Event: 10
> > 002037 Connection updated
> > 002037 Disconnected
> >
> > On the phone, I get requested for a pin number and I enter 4539. After
> > that, the end device just disconnects from the bluetooth.
Re: os_time issues
Posted by Christopher Collins <ch...@runtime.io>.
Hi Jan,
On Wed, Jul 18, 2018 at 06:54:01PM +0200, Jan Clement wrote:
> Hello All,
>
> i tried to get sntp client from lwip stack up and running today and
> stumbled over some little problems and questions i would like to share
> with you:
>
> To start the sntp service I wrote:
>
> sntp_setoperatingmode(SNTP_OPMODE_POLL);
> ip_addr_t ntp_server;
> IP4_ADDR(&ntp_server.u_addr.ip4, 94, 16, 116, 137);//0.de.pool.ntp.org
> sntp_setserver(0, &ntp_server);
> sntp_init();
>
> But the callback function, called by the stack upon receive of the
> packet is defined as follows in lwip/apps/sntp_ops.h:
>
> #if !defined SNTP_SET_SYSTEM_TIME || defined __DOXYGEN__
> #define SNTP_SET_SYSTEM_TIME(sec) LWIP_UNUSED_ARG(sec)
> #endif
It looks like lwIP expects this macro to be defined by the OS (as you
probably inferred!).
> And nothing happens.
>
> So I commented this out, and added
> extern void SNTP_SET_SYSTEM_TIME(uint32_t t);
> to sntp.c.
>
> in my code i defined
> void SNTP_SET_SYSTEM_TIME(uint32_t t) {
>
> ntptime.tv_sec = t * 1000;
> ntptime.tv_usec = 0;
> console_printf("SNTP time from server: %ld \r\n", t);
> os_settimeofday(&ntptime, NULL);
> }
>
> And this works as expected and I get the correct ntp time stamp!
>
> What would be a good and proper way to implement the callback function?
I think your implementation is fine! I would just turn that into a
function (with a lower-case name), and define `SNTP_SET_SYSTEM_TIME` to
call your function.
>
> Another problem is, that os_gettimeofday(&daytime, NULL); gives weird
> results:
>
> 005104 Time = 21474836480
> 006104 Time = 25769803776
> 007104 Time = 30064771072
> 008104 Time = 34359738368
> 009104 Time = 38654705664
> 010104 Time = 42949672960
> 010134 SNTP time from server: 1531932280
> (** syncronization happened)
> 010136 Date: 18.6.2018 16:44:40
>
> after the sync this is the ouput:
> 011104 Time = 6579599043818647160
> 012104 Time = 6579599048113614456
> 013104 Time = 6579599052408581752
> 014104 Time = 6579599056703549048
Hmm, that's odd. How are you printing the `struct os_timeval` value
that `os_gettimeofday` fills in?
Chris
Re: os_time issues
Posted by Jan Clement <Ja...@cm-electronics.de>.
no one using sntp?
Am 18.07.2018 um 18:54 schrieb Jan Clement:
> Hello All,
>
> i tried to get sntp client from lwip stack up and running today and
> stumbled over some little problems and questions i would like to share
> with you:
>
> To start the sntp service I wrote:
>
> sntp_setoperatingmode(SNTP_OPMODE_POLL);
> ip_addr_t ntp_server;
> IP4_ADDR(&ntp_server.u_addr.ip4, 94, 16, 116, 137);//0.de.pool.ntp.org
> sntp_setserver(0, &ntp_server);
> sntp_init();
>
> But the callback function, called by the stack upon receive of the
> packet is defined as follows in lwip/apps/sntp_ops.h:
>
> #if !defined SNTP_SET_SYSTEM_TIME || defined __DOXYGEN__
> #define SNTP_SET_SYSTEM_TIME(sec) LWIP_UNUSED_ARG(sec)
> #endif
>
> And nothing happens.
>
> So I commented this out, and added
> extern void SNTP_SET_SYSTEM_TIME(uint32_t t);
> to sntp.c.
>
> in my code i defined
> void SNTP_SET_SYSTEM_TIME(uint32_t t) {
>
> ntptime.tv_sec = t * 1000;
> ntptime.tv_usec = 0;
> console_printf("SNTP time from server: %ld \r\n", t);
> os_settimeofday(&ntptime, NULL);
> }
>
> And this works as expected and I get the correct ntp time stamp!
>
> What would be a good and proper way to implement the callback function?
>
> Another problem is, that os_gettimeofday(&daytime, NULL); gives weird
> results:
>
> 005104 Time = 21474836480
> 006104 Time = 25769803776
> 007104 Time = 30064771072
> 008104 Time = 34359738368
> 009104 Time = 38654705664
> 010104 Time = 42949672960
> 010134 SNTP time from server: 1531932280
> (** syncronization happened)
> 010136 Date: 18.6.2018 16:44:40
>
> after the sync this is the ouput:
> 011104 Time = 6579599043818647160
> 012104 Time = 6579599048113614456
> 013104 Time = 6579599052408581752
> 014104 Time = 6579599056703549048
>
>
> any ideas?
>
> regards
>
> j
>
os_time issues
Posted by Jan Clement <ja...@cm-electronics.de>.
Hello All,
i tried to get sntp client from lwip stack up and running today and
stumbled over some little problems and questions i would like to share
with you:
To start the sntp service I wrote:
sntp_setoperatingmode(SNTP_OPMODE_POLL);
ip_addr_t ntp_server;
IP4_ADDR(&ntp_server.u_addr.ip4, 94, 16, 116, 137);//0.de.pool.ntp.org
sntp_setserver(0, &ntp_server);
sntp_init();
But the callback function, called by the stack upon receive of the
packet is defined as follows in lwip/apps/sntp_ops.h:
#if !defined SNTP_SET_SYSTEM_TIME || defined __DOXYGEN__
#define SNTP_SET_SYSTEM_TIME(sec) LWIP_UNUSED_ARG(sec)
#endif
And nothing happens.
So I commented this out, and added
extern void SNTP_SET_SYSTEM_TIME(uint32_t t);
to sntp.c.
in my code i defined
void SNTP_SET_SYSTEM_TIME(uint32_t t) {
ntptime.tv_sec = t * 1000;
ntptime.tv_usec = 0;
console_printf("SNTP time from server: %ld \r\n", t);
os_settimeofday(&ntptime, NULL);
}
And this works as expected and I get the correct ntp time stamp!
What would be a good and proper way to implement the callback function?
Another problem is, that os_gettimeofday(&daytime, NULL); gives weird
results:
005104 Time = 21474836480
006104 Time = 25769803776
007104 Time = 30064771072
008104 Time = 34359738368
009104 Time = 38654705664
010104 Time = 42949672960
010134 SNTP time from server: 1531932280
(** syncronization happened)
010136 Date: 18.6.2018 16:44:40
after the sync this is the ouput:
011104 Time = 6579599043818647160
012104 Time = 6579599048113614456
013104 Time = 6579599052408581752
014104 Time = 6579599056703549048
any ideas?
regards
j
Re: BLE security/encryption/passkey authentication
Posted by Andrzej Kaczmarek <an...@codecoup.pl>.
Hi,
There is no such method to protect services from being discovered, but
this is "by design" as per Bluetooth Core spec [1]. As you said, you
can just protect access on characteristic level by combining
BLE_GATT_CHR_F_XXX_ENC (requires encryption, allows unauthenticated
key) and BLE_GATT_CHR_F_XXX_AUTHEN (requires encryption and
authenticated key) flags.
[1] Core 5.0, Vol 3, Part G, Section 8.1: "The list of services and
characteristics that a device supports is not considered private or
confidential information, and therefore the Service and Characteristic
Discovery procedures shall always be permitted."
Best,
Andrzej
On Tue, Jul 10, 2018 at 10:06 AM Amr Bekhit <am...@gmail.com> wrote:
>
> I've experimented some more. If I declare a characteristic with the
> BLE_GATT_CHR_F_XXX_ENC flags, then accessing that characteristic
> prompts me for a pin code, and if I connect from a previously bonded
> profile, then no pin is requested (as expected). So this seems to work
> fine, in that I can pin code-protect certain characteristics of a
> service and require a pin to access them. However, is it possible to
> pin code-protect connections from the advertising stage? Because at
> the moment, any device can connect to and query the services and
> characteristics of the end device.
>
> Amr
> On Tue, 10 Jul 2018 at 10:12, Amr Bekhit <am...@gmail.com> wrote:
> >
> > Hi Andrzej,
> >
> > Thank you - that does indeed work.
> >
> > I have another question. Bonding now works (i.e. using the nRF52
> > Connect app on Android, I connect to the advertising end device and
> > then bond with it to save the credentials), however I would also like
> > to configure the end device so that it requires a pin when connecting
> > to the advertising device. How would this be realised using Nimble?
> >
> > Thanks
> >
> > Amr
> > On Tue, 10 Jul 2018 at 00:50, Andrzej Kaczmarek
> > <an...@codecoup.pl> wrote:
> > >
> > > Hi,
> > >
> > > You code looks ok. However, I noticed strange thing when testing with
> > > Android phone on my side: pairing fails if specified passkey has less
> > > than 6 digits (i.e. <100000). This does not seem to be issue in NimBLE
> > > since the same happens when trying to pair Android with BlueZ while
> > > pairing between NimBLE and BlueZ works just fine. Looks like some
> > > issue in Android LE SC implementation tbh...
> > >
> > > So please try with 6 digits passkey (i.e. >=100000) and it should work.
> > >
> > > Best,
> > > Andrzej
> > >
> > >
> > > On Mon, Jul 9, 2018 at 12:08 PM Amr Bekhit <am...@gmail.com> wrote:
> > > >
> > > > Hi Andrzej,
> > > >
> > > > Below is my GAP event callback function and the console output when I
> > > > attempt to bond with my device (I'm using the Nordic nRF Connect app
> > > > on my phone to interact with the device):
> > > >
> > > > static int bleprph_gap_event(struct ble_gap_event *event, void *arg) {
> > > > int rc = 0;
> > > >
> > > > switch(event->type) {
> > > > case BLE_GAP_EVENT_CONNECT:
> > > > console_printf("Connected\n");
> > > > break;
> > > >
> > > > case BLE_GAP_EVENT_DISCONNECT:
> > > > console_printf("Disconnected\n");
> > > > ble_advertise();
> > > > break;
> > > >
> > > > case BLE_GAP_EVENT_CONN_UPDATE:
> > > > console_printf("Connection updated\n");
> > > > break;
> > > >
> > > > case BLE_GAP_EVENT_CONN_UPDATE_REQ:
> > > > console_printf("Connection update requested\n");
> > > > break;
> > > >
> > > > case BLE_GAP_EVENT_PASSKEY_ACTION: {
> > > > console_printf("Passkey Request. Action: %d, Numcmp: %lu\n",
> > > > event->passkey.params.action,
> > > > event->passkey.params.numcmp);
> > > >
> > > > if (event->passkey.params.action == BLE_SM_IOACT_DISP) {
> > > > struct ble_sm_io pk;
> > > > pk.action = event->passkey.params.action;
> > > > pk.passkey = 4539;
> > > > rc = ble_sm_inject_io(event->passkey.conn_handle, &pk);
> > > > console_printf("ble_sm_inject_io result: %d\n", rc);
> > > > }
> > > > break;
> > > > }
> > > >
> > > > default:
> > > > console_printf("GAP Event: %i\n", event->type);
> > > > }
> > > >
> > > > return rc;
> > > > }
> > > >
> > > > 001039 Passkey Request. Action: 3, Numcmp: 0
> > > > 001040 ble_sm_inject_io result: 0
> > > > 001639 GAP Event: 10
> > > > 002037 Connection updated
> > > > 002037 Disconnected
> > > >
> > > > On the phone, I get requested for a pin number and I enter 4539. After
> > > > that, the end device just disconnects from the bluetooth.
Re: BLE security/encryption/passkey authentication
Posted by Amr Bekhit <am...@gmail.com>.
I've experimented some more. If I declare a characteristic with the
BLE_GATT_CHR_F_XXX_ENC flags, then accessing that characteristic
prompts me for a pin code, and if I connect from a previously bonded
profile, then no pin is requested (as expected). So this seems to work
fine, in that I can pin code-protect certain characteristics of a
service and require a pin to access them. However, is it possible to
pin code-protect connections from the advertising stage? Because at
the moment, any device can connect to and query the services and
characteristics of the end device.
Amr
On Tue, 10 Jul 2018 at 10:12, Amr Bekhit <am...@gmail.com> wrote:
>
> Hi Andrzej,
>
> Thank you - that does indeed work.
>
> I have another question. Bonding now works (i.e. using the nRF52
> Connect app on Android, I connect to the advertising end device and
> then bond with it to save the credentials), however I would also like
> to configure the end device so that it requires a pin when connecting
> to the advertising device. How would this be realised using Nimble?
>
> Thanks
>
> Amr
> On Tue, 10 Jul 2018 at 00:50, Andrzej Kaczmarek
> <an...@codecoup.pl> wrote:
> >
> > Hi,
> >
> > You code looks ok. However, I noticed strange thing when testing with
> > Android phone on my side: pairing fails if specified passkey has less
> > than 6 digits (i.e. <100000). This does not seem to be issue in NimBLE
> > since the same happens when trying to pair Android with BlueZ while
> > pairing between NimBLE and BlueZ works just fine. Looks like some
> > issue in Android LE SC implementation tbh...
> >
> > So please try with 6 digits passkey (i.e. >=100000) and it should work.
> >
> > Best,
> > Andrzej
> >
> >
> > On Mon, Jul 9, 2018 at 12:08 PM Amr Bekhit <am...@gmail.com> wrote:
> > >
> > > Hi Andrzej,
> > >
> > > Below is my GAP event callback function and the console output when I
> > > attempt to bond with my device (I'm using the Nordic nRF Connect app
> > > on my phone to interact with the device):
> > >
> > > static int bleprph_gap_event(struct ble_gap_event *event, void *arg) {
> > > int rc = 0;
> > >
> > > switch(event->type) {
> > > case BLE_GAP_EVENT_CONNECT:
> > > console_printf("Connected\n");
> > > break;
> > >
> > > case BLE_GAP_EVENT_DISCONNECT:
> > > console_printf("Disconnected\n");
> > > ble_advertise();
> > > break;
> > >
> > > case BLE_GAP_EVENT_CONN_UPDATE:
> > > console_printf("Connection updated\n");
> > > break;
> > >
> > > case BLE_GAP_EVENT_CONN_UPDATE_REQ:
> > > console_printf("Connection update requested\n");
> > > break;
> > >
> > > case BLE_GAP_EVENT_PASSKEY_ACTION: {
> > > console_printf("Passkey Request. Action: %d, Numcmp: %lu\n",
> > > event->passkey.params.action,
> > > event->passkey.params.numcmp);
> > >
> > > if (event->passkey.params.action == BLE_SM_IOACT_DISP) {
> > > struct ble_sm_io pk;
> > > pk.action = event->passkey.params.action;
> > > pk.passkey = 4539;
> > > rc = ble_sm_inject_io(event->passkey.conn_handle, &pk);
> > > console_printf("ble_sm_inject_io result: %d\n", rc);
> > > }
> > > break;
> > > }
> > >
> > > default:
> > > console_printf("GAP Event: %i\n", event->type);
> > > }
> > >
> > > return rc;
> > > }
> > >
> > > 001039 Passkey Request. Action: 3, Numcmp: 0
> > > 001040 ble_sm_inject_io result: 0
> > > 001639 GAP Event: 10
> > > 002037 Connection updated
> > > 002037 Disconnected
> > >
> > > On the phone, I get requested for a pin number and I enter 4539. After
> > > that, the end device just disconnects from the bluetooth.
Re: BLE security/encryption/passkey authentication
Posted by Amr Bekhit <am...@gmail.com>.
Hi Andrzej,
Thank you - that does indeed work.
I have another question. Bonding now works (i.e. using the nRF52
Connect app on Android, I connect to the advertising end device and
then bond with it to save the credentials), however I would also like
to configure the end device so that it requires a pin when connecting
to the advertising device. How would this be realised using Nimble?
Thanks
Amr
On Tue, 10 Jul 2018 at 00:50, Andrzej Kaczmarek
<an...@codecoup.pl> wrote:
>
> Hi,
>
> You code looks ok. However, I noticed strange thing when testing with
> Android phone on my side: pairing fails if specified passkey has less
> than 6 digits (i.e. <100000). This does not seem to be issue in NimBLE
> since the same happens when trying to pair Android with BlueZ while
> pairing between NimBLE and BlueZ works just fine. Looks like some
> issue in Android LE SC implementation tbh...
>
> So please try with 6 digits passkey (i.e. >=100000) and it should work.
>
> Best,
> Andrzej
>
>
> On Mon, Jul 9, 2018 at 12:08 PM Amr Bekhit <am...@gmail.com> wrote:
> >
> > Hi Andrzej,
> >
> > Below is my GAP event callback function and the console output when I
> > attempt to bond with my device (I'm using the Nordic nRF Connect app
> > on my phone to interact with the device):
> >
> > static int bleprph_gap_event(struct ble_gap_event *event, void *arg) {
> > int rc = 0;
> >
> > switch(event->type) {
> > case BLE_GAP_EVENT_CONNECT:
> > console_printf("Connected\n");
> > break;
> >
> > case BLE_GAP_EVENT_DISCONNECT:
> > console_printf("Disconnected\n");
> > ble_advertise();
> > break;
> >
> > case BLE_GAP_EVENT_CONN_UPDATE:
> > console_printf("Connection updated\n");
> > break;
> >
> > case BLE_GAP_EVENT_CONN_UPDATE_REQ:
> > console_printf("Connection update requested\n");
> > break;
> >
> > case BLE_GAP_EVENT_PASSKEY_ACTION: {
> > console_printf("Passkey Request. Action: %d, Numcmp: %lu\n",
> > event->passkey.params.action,
> > event->passkey.params.numcmp);
> >
> > if (event->passkey.params.action == BLE_SM_IOACT_DISP) {
> > struct ble_sm_io pk;
> > pk.action = event->passkey.params.action;
> > pk.passkey = 4539;
> > rc = ble_sm_inject_io(event->passkey.conn_handle, &pk);
> > console_printf("ble_sm_inject_io result: %d\n", rc);
> > }
> > break;
> > }
> >
> > default:
> > console_printf("GAP Event: %i\n", event->type);
> > }
> >
> > return rc;
> > }
> >
> > 001039 Passkey Request. Action: 3, Numcmp: 0
> > 001040 ble_sm_inject_io result: 0
> > 001639 GAP Event: 10
> > 002037 Connection updated
> > 002037 Disconnected
> >
> > On the phone, I get requested for a pin number and I enter 4539. After
> > that, the end device just disconnects from the bluetooth.
Re: BLE security/encryption/passkey authentication
Posted by Andrzej Kaczmarek <an...@codecoup.pl>.
Hi,
You code looks ok. However, I noticed strange thing when testing with
Android phone on my side: pairing fails if specified passkey has less
than 6 digits (i.e. <100000). This does not seem to be issue in NimBLE
since the same happens when trying to pair Android with BlueZ while
pairing between NimBLE and BlueZ works just fine. Looks like some
issue in Android LE SC implementation tbh...
So please try with 6 digits passkey (i.e. >=100000) and it should work.
Best,
Andrzej
On Mon, Jul 9, 2018 at 12:08 PM Amr Bekhit <am...@gmail.com> wrote:
>
> Hi Andrzej,
>
> Below is my GAP event callback function and the console output when I
> attempt to bond with my device (I'm using the Nordic nRF Connect app
> on my phone to interact with the device):
>
> static int bleprph_gap_event(struct ble_gap_event *event, void *arg) {
> int rc = 0;
>
> switch(event->type) {
> case BLE_GAP_EVENT_CONNECT:
> console_printf("Connected\n");
> break;
>
> case BLE_GAP_EVENT_DISCONNECT:
> console_printf("Disconnected\n");
> ble_advertise();
> break;
>
> case BLE_GAP_EVENT_CONN_UPDATE:
> console_printf("Connection updated\n");
> break;
>
> case BLE_GAP_EVENT_CONN_UPDATE_REQ:
> console_printf("Connection update requested\n");
> break;
>
> case BLE_GAP_EVENT_PASSKEY_ACTION: {
> console_printf("Passkey Request. Action: %d, Numcmp: %lu\n",
> event->passkey.params.action,
> event->passkey.params.numcmp);
>
> if (event->passkey.params.action == BLE_SM_IOACT_DISP) {
> struct ble_sm_io pk;
> pk.action = event->passkey.params.action;
> pk.passkey = 4539;
> rc = ble_sm_inject_io(event->passkey.conn_handle, &pk);
> console_printf("ble_sm_inject_io result: %d\n", rc);
> }
> break;
> }
>
> default:
> console_printf("GAP Event: %i\n", event->type);
> }
>
> return rc;
> }
>
> 001039 Passkey Request. Action: 3, Numcmp: 0
> 001040 ble_sm_inject_io result: 0
> 001639 GAP Event: 10
> 002037 Connection updated
> 002037 Disconnected
>
> On the phone, I get requested for a pin number and I enter 4539. After
> that, the end device just disconnects from the bluetooth.
Re: BLE security/encryption/passkey authentication
Posted by Amr Bekhit <am...@gmail.com>.
Hi Andrzej,
Below is my GAP event callback function and the console output when I
attempt to bond with my device (I'm using the Nordic nRF Connect app
on my phone to interact with the device):
static int bleprph_gap_event(struct ble_gap_event *event, void *arg) {
int rc = 0;
switch(event->type) {
case BLE_GAP_EVENT_CONNECT:
console_printf("Connected\n");
break;
case BLE_GAP_EVENT_DISCONNECT:
console_printf("Disconnected\n");
ble_advertise();
break;
case BLE_GAP_EVENT_CONN_UPDATE:
console_printf("Connection updated\n");
break;
case BLE_GAP_EVENT_CONN_UPDATE_REQ:
console_printf("Connection update requested\n");
break;
case BLE_GAP_EVENT_PASSKEY_ACTION: {
console_printf("Passkey Request. Action: %d, Numcmp: %lu\n",
event->passkey.params.action,
event->passkey.params.numcmp);
if (event->passkey.params.action == BLE_SM_IOACT_DISP) {
struct ble_sm_io pk;
pk.action = event->passkey.params.action;
pk.passkey = 4539;
rc = ble_sm_inject_io(event->passkey.conn_handle, &pk);
console_printf("ble_sm_inject_io result: %d\n", rc);
}
break;
}
default:
console_printf("GAP Event: %i\n", event->type);
}
return rc;
}
001039 Passkey Request. Action: 3, Numcmp: 0
001040 ble_sm_inject_io result: 0
001639 GAP Event: 10
002037 Connection updated
002037 Disconnected
On the phone, I get requested for a pin number and I enter 4539. After
that, the end device just disconnects from the bluetooth.
Re: BLE security/encryption/passkey authentication
Posted by Andrzej Kaczmarek <an...@codecoup.pl>.
Hi,
On Mon, Jul 9, 2018 at 10:49 AM Amr Bekhit <am...@gmail.com> wrote:
>
> I've been playing around further. After including the
> @apache-mynewt-nimble/nimble/host/store/config package, when
> attempting to bond via my phone I now get request for a passkey (I've
> configured the bluetooth device to indicate that it has a display
> only). I'm trying to figure out how to tell the nimble stack what the
> passkey is. When the BLE GAP callback function is called with
> BLE_GAP_EVENT_PASSKEY_ACTION, I've tried to use the ble_sm_inject_io
> function to specify a passkey, but this doesn't seem to have any
> effect - the bonding still fails. Any thoughts?
ble_sm_inject_io() is the proper call to use here. Can you share some
code snippet how do you handle event and call this?
Best,
Andrzej
> On Fri, 6 Jul 2018 at 15:43, Amr Bekhit <am...@gmail.com> wrote:
> >
> > Hello all,
> >
> > Is there any documentation regarding the security aspects of Nimble
> > (.e.g pairing, bonding, passkeys etc)? The mynewt documentation covers
> > the basic advertising and GATT systems quite well, and am happily
> > using those, but I'm struggling to find any information on the
> > security side of things.
> >
> > Amr
Re: BLE security/encryption/passkey authentication
Posted by Amr Bekhit <am...@gmail.com>.
I've been playing around further. After including the
@apache-mynewt-nimble/nimble/host/store/config package, when
attempting to bond via my phone I now get request for a passkey (I've
configured the bluetooth device to indicate that it has a display
only). I'm trying to figure out how to tell the nimble stack what the
passkey is. When the BLE GAP callback function is called with
BLE_GAP_EVENT_PASSKEY_ACTION, I've tried to use the ble_sm_inject_io
function to specify a passkey, but this doesn't seem to have any
effect - the bonding still fails. Any thoughts?
On Fri, 6 Jul 2018 at 15:43, Amr Bekhit <am...@gmail.com> wrote:
>
> Hello all,
>
> Is there any documentation regarding the security aspects of Nimble
> (.e.g pairing, bonding, passkeys etc)? The mynewt documentation covers
> the basic advertising and GATT systems quite well, and am happily
> using those, but I'm struggling to find any information on the
> security side of things.
>
> Amr