You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mynewt.apache.org by Łukasz Wolnik <lu...@gmail.com> on 2017/05/18 22:16:40 UTC
Getting BLE_ERR_CONN_TERM_MIC error while establishing LE Secure Connections
Hello,
I'm trying to set up a secure connection between my newt app (rb-nano2) and
an Android 6 phone using below syscfg.yml settings:
# Secure Connections
BLE_SM_LEGACY: 0
BLE_SM_SC: 1
BLE_SM_BONDING: 1
BLE_SM_OUR_KEY_DIST: 3 # BLE_SM_PAIR_KEY_DIST_ENC and
BLE_SM_PAIR_KEY_DIST_ID
BLE_SM_THEIR_KEY_DIST: 3
But everytime I run the ble_gap_security_initiate function I'm getting an
HCI error BLE_ERR_CONN_TERM_MIC (573 or 3d). Sometimes before dropping a
connection it'll manage to exchange keys with the phone (I can see my newt
device listed in Android Bluetooth settings screen).
I invoke the function in a callback for GAP events, i.e.
case BLE_GAP_EVENT_CONNECT:
WB_LOG(INFO, "\n* CONNECTED %d *\n", event->connect.conn_handle);
wb_gap_scan();
rc = wb_peers_add(event->connect.conn_handle);
WB_LOG(INFO, "wb_peers_add: %d\n", rc);
int rc = ble_gap_security_initiate(event->connect.conn_handle);
WB_LOG(INFO, "ble_gap_security_initiate rc=%d\n", rc);
return 0;
Below are log messages.
131572 [ts=1027906192ssb, mod=4 level=1] GAP procedure initiated: connect;
peer_addr_type=1 peer_addr=61:79:8f:72:17:a6 scan_itvl=16 scan_window=16
itvl_min=24 itvl_max=40 latency=0 supervision_timeout=256 min_ce_len=16
max_ce_len=768 own_addr_ty
131698 [ts=1028890568ssb, mod=64 level=1]
* CONNECTED 1 *
131699 [ts=1028898380ssb, mod=4 level=1] GAP procedure initiated:
discovery; own_addr_type=0 filter_policy=0 passive=1 limited=0
filter_duplicates=1 duration=forever
131704 [ts=1028937440ssb, mod=64 level=1] peer's connection handle;
conn_handle=1; addr=20006553; attr_read=0 attr_write=0
131707 [ts=1028960876ssb, mod=64 level=1] wb_peers_add: 0
131708 [ts=1028968688ssb, mod=64 level=1] ble_gap_security_initiate rc=0
131827 [ts=1029898380ssb, mod=64 level=1] wb_peers_get_by_addr: 536896840
131890 [ts=1030390600ssb, mod=64 level=1] wb_peers_get_by_addr: 0
132019 [ts=1031398412ssb, mod=64 level=1] wb_peers_get_by_addr: 0
132371 [ts=1034148428ssb, mod=4 level=1] GAP procedure initiated:
connection parameter update; conn_handle=1 itvl_min=6 itvl_max=6 latency=0
supervision_timeout=2000 min_ce_len=16 max_ce_len=76
132516 [ts=1035281232ssb, mod=64 level=1] conn update; status=0
132517 [ts=1035289044ssb, mod=64 level=1] wb_peers_get_by_addr: 0
132531 [ts=1035398412ssb, mod=64 level=1] enc change; status=0
132533 [ts=1035414036ssb, mod=64 level=1] Key: addr_type=0
132534 [ts=1035421848ssb, mod=64 level=1] LTK:
0xbc:0x3a:0xe2:0x1d:0x4c:0x0d:0x77:0x06:0xc0:0x87:0x33:0xc0:0xe7:0x14:0x2e:0x0e
132538 [ts=1035453096ssb, mod=64 level=1] IRK:
0x01:0x00:0x1c:0xa6:0xfc:0x45:0x23:0x59:0x4a:0x1a:0x23:0xbb:0x8c:0x06:0xcf:0x5c
132547 [ts=1035523404ssb, mod=4 level=1] GAP procedure initiated:
connection parameter update; conn_handle=1 itvl_min=40 itvl_max=40
latency=0 supervision_timeout=256 min_ce_len=16 max_ce_len=7
132558 [ts=1035609336ssb, mod=64 level=1] conn update; status=0
132622 [ts=1036109368ssb, mod=64 level=1] conn update; status=573
132623 [ts=1036117180ssb, mod=64 level=1] disconnect; reason=573
My issue seems related to MYNEWT-99 (it's mentioned that connections are
being dropped and/or experience occasional MIC failures) but I could be
wrong. I tried with BLE_SM_OUR/THEIR_KEY_DIST 7 as well to no avail.
I was trying to follow bletiny's flow described in:
https://lists.apache.org/thread.html/e3c4cea42957372e447aa5b698eeae0de535f9bcb5a6fe082ac44419@%3Cdev.mynewt.apache.org%3E
Kind regards,
Łukasz
Re: Getting BLE_ERR_CONN_TERM_MIC error while establishing LE Secure Connections
Posted by Łukasz Wolnik <lu...@gmail.com>.
Hi Szymon,
Thank you very much for shedding light on my issue. Now, that I know what
the error most probably means, I can go back to it and fix it.
Once I sort out the issue I'll post its root cause here.
Thanks again,
Łukasz
On Thu, May 25, 2017 at 8:44 AM, Szymon Janc <sz...@codecoup.pl>
wrote:
> Hi Łukasz,
>
> On Friday, 19 May 2017 00:16:40 CEST Łukasz Wolnik wrote:
> > Hello,
> >
> > I'm trying to set up a secure connection between my newt app (rb-nano2)
> and
> > an Android 6 phone using below syscfg.yml settings:
> >
> > # Secure Connections
> > BLE_SM_LEGACY: 0
> > BLE_SM_SC: 1
> > BLE_SM_BONDING: 1
> > BLE_SM_OUR_KEY_DIST: 3 # BLE_SM_PAIR_KEY_DIST_ENC and
> > BLE_SM_PAIR_KEY_DIST_ID
> > BLE_SM_THEIR_KEY_DIST: 3
> >
> > But everytime I run the ble_gap_security_initiate function I'm getting an
> > HCI error BLE_ERR_CONN_TERM_MIC (573 or 3d). Sometimes before dropping a
> > connection it'll manage to exchange keys with the phone (I can see my
> newt
> > device listed in Android Bluetooth settings screen).
> >
> > I invoke the function in a callback for GAP events, i.e.
> >
> > case BLE_GAP_EVENT_CONNECT:
> > WB_LOG(INFO, "\n* CONNECTED %d *\n", event->connect.conn_handle);
> >
> > wb_gap_scan();
> >
> > rc = wb_peers_add(event->connect.conn_handle);
> > WB_LOG(INFO, "wb_peers_add: %d\n", rc);
> >
> > int rc = ble_gap_security_initiate(event->connect.conn_handle);
> > WB_LOG(INFO, "ble_gap_security_initiate rc=%d\n", rc);
> >
> > return 0;
>
> Usually MIC failure means that peers are not using same LTK for encryption.
> Are you sure you don't store keys for this device already?
> ble_gap_security_initiate will initiate pairing only if no keys are
> present,
> otherwise it will authenticate link with existing LTK.
>
> > Below are log messages.
> >
> > 131572 [ts=1027906192ssb, mod=4 level=1] GAP procedure initiated:
> connect;
> > peer_addr_type=1 peer_addr=61:79:8f:72:17:a6 scan_itvl=16 scan_window=16
> > itvl_min=24 itvl_max=40 latency=0 supervision_timeout=256 min_ce_len=16
> > max_ce_len=768 own_addr_ty
> > 131698 [ts=1028890568ssb, mod=64 level=1]
> > * CONNECTED 1 *
> > 131699 [ts=1028898380ssb, mod=4 level=1] GAP procedure initiated:
> > discovery; own_addr_type=0 filter_policy=0 passive=1 limited=0
> > filter_duplicates=1 duration=forever
> > 131704 [ts=1028937440ssb, mod=64 level=1] peer's connection handle;
> > conn_handle=1; addr=20006553; attr_read=0 attr_write=0
> > 131707 [ts=1028960876ssb, mod=64 level=1] wb_peers_add: 0
> > 131708 [ts=1028968688ssb, mod=64 level=1] ble_gap_security_initiate rc=0
> > 131827 [ts=1029898380ssb, mod=64 level=1] wb_peers_get_by_addr: 536896840
> > 131890 [ts=1030390600ssb, mod=64 level=1] wb_peers_get_by_addr: 0
> > 132019 [ts=1031398412ssb, mod=64 level=1] wb_peers_get_by_addr: 0
> > 132371 [ts=1034148428ssb, mod=4 level=1] GAP procedure initiated:
> > connection parameter update; conn_handle=1 itvl_min=6 itvl_max=6
> latency=0
> > supervision_timeout=2000 min_ce_len=16 max_ce_len=76
> > 132516 [ts=1035281232ssb, mod=64 level=1] conn update; status=0
> > 132517 [ts=1035289044ssb, mod=64 level=1] wb_peers_get_by_addr: 0
> > 132531 [ts=1035398412ssb, mod=64 level=1] enc change; status=0
> > 132533 [ts=1035414036ssb, mod=64 level=1] Key: addr_type=0
> > 132534 [ts=1035421848ssb, mod=64 level=1] LTK:
> > 0xbc:0x3a:0xe2:0x1d:0x4c:0x0d:0x77:0x06:0xc0:0x87:0x33:0xc0:
> 0xe7:0x14:0x2e:0
> > x0e 132538 [ts=1035453096ssb, mod=64 level=1] IRK:
> > 0x01:0x00:0x1c:0xa6:0xfc:0x45:0x23:0x59:0x4a:0x1a:0x23:0xbb:
> 0x8c:0x06:0xcf:0
> > x5c 132547 [ts=1035523404ssb, mod=4 level=1] GAP procedure initiated:
> > connection parameter update; conn_handle=1 itvl_min=40 itvl_max=40
> > latency=0 supervision_timeout=256 min_ce_len=16 max_ce_len=7
> > 132558 [ts=1035609336ssb, mod=64 level=1] conn update; status=0
> > 132622 [ts=1036109368ssb, mod=64 level=1] conn update; status=573
> > 132623 [ts=1036117180ssb, mod=64 level=1] disconnect; reason=573
> >
> > My issue seems related to MYNEWT-99 (it's mentioned that connections are
> > being dropped and/or experience occasional MIC failures) but I could be
> > wrong. I tried with BLE_SM_OUR/THEIR_KEY_DIST 7 as well to no avail.
> >
> > I was trying to follow bletiny's flow described in:
> > https://lists.apache.org/thread.html/e3c4cea42957372e447aa5b698eeae
> 0de535f9b
> > cb5a6fe082ac44419@%3Cdev.mynewt.apache.org%3E
> >
> > Kind regards,
> > Łukasz
>
>
> --
> pozdrawiam
> Szymon Janc
>
Re: Getting BLE_ERR_CONN_TERM_MIC error while establishing LE Secure Connections
Posted by Szymon Janc <sz...@codecoup.pl>.
Hi Łukasz,
On Friday, 19 May 2017 00:16:40 CEST Łukasz Wolnik wrote:
> Hello,
>
> I'm trying to set up a secure connection between my newt app (rb-nano2) and
> an Android 6 phone using below syscfg.yml settings:
>
> # Secure Connections
> BLE_SM_LEGACY: 0
> BLE_SM_SC: 1
> BLE_SM_BONDING: 1
> BLE_SM_OUR_KEY_DIST: 3 # BLE_SM_PAIR_KEY_DIST_ENC and
> BLE_SM_PAIR_KEY_DIST_ID
> BLE_SM_THEIR_KEY_DIST: 3
>
> But everytime I run the ble_gap_security_initiate function I'm getting an
> HCI error BLE_ERR_CONN_TERM_MIC (573 or 3d). Sometimes before dropping a
> connection it'll manage to exchange keys with the phone (I can see my newt
> device listed in Android Bluetooth settings screen).
>
> I invoke the function in a callback for GAP events, i.e.
>
> case BLE_GAP_EVENT_CONNECT:
> WB_LOG(INFO, "\n* CONNECTED %d *\n", event->connect.conn_handle);
>
> wb_gap_scan();
>
> rc = wb_peers_add(event->connect.conn_handle);
> WB_LOG(INFO, "wb_peers_add: %d\n", rc);
>
> int rc = ble_gap_security_initiate(event->connect.conn_handle);
> WB_LOG(INFO, "ble_gap_security_initiate rc=%d\n", rc);
>
> return 0;
Usually MIC failure means that peers are not using same LTK for encryption.
Are you sure you don't store keys for this device already?
ble_gap_security_initiate will initiate pairing only if no keys are present,
otherwise it will authenticate link with existing LTK.
> Below are log messages.
>
> 131572 [ts=1027906192ssb, mod=4 level=1] GAP procedure initiated: connect;
> peer_addr_type=1 peer_addr=61:79:8f:72:17:a6 scan_itvl=16 scan_window=16
> itvl_min=24 itvl_max=40 latency=0 supervision_timeout=256 min_ce_len=16
> max_ce_len=768 own_addr_ty
> 131698 [ts=1028890568ssb, mod=64 level=1]
> * CONNECTED 1 *
> 131699 [ts=1028898380ssb, mod=4 level=1] GAP procedure initiated:
> discovery; own_addr_type=0 filter_policy=0 passive=1 limited=0
> filter_duplicates=1 duration=forever
> 131704 [ts=1028937440ssb, mod=64 level=1] peer's connection handle;
> conn_handle=1; addr=20006553; attr_read=0 attr_write=0
> 131707 [ts=1028960876ssb, mod=64 level=1] wb_peers_add: 0
> 131708 [ts=1028968688ssb, mod=64 level=1] ble_gap_security_initiate rc=0
> 131827 [ts=1029898380ssb, mod=64 level=1] wb_peers_get_by_addr: 536896840
> 131890 [ts=1030390600ssb, mod=64 level=1] wb_peers_get_by_addr: 0
> 132019 [ts=1031398412ssb, mod=64 level=1] wb_peers_get_by_addr: 0
> 132371 [ts=1034148428ssb, mod=4 level=1] GAP procedure initiated:
> connection parameter update; conn_handle=1 itvl_min=6 itvl_max=6 latency=0
> supervision_timeout=2000 min_ce_len=16 max_ce_len=76
> 132516 [ts=1035281232ssb, mod=64 level=1] conn update; status=0
> 132517 [ts=1035289044ssb, mod=64 level=1] wb_peers_get_by_addr: 0
> 132531 [ts=1035398412ssb, mod=64 level=1] enc change; status=0
> 132533 [ts=1035414036ssb, mod=64 level=1] Key: addr_type=0
> 132534 [ts=1035421848ssb, mod=64 level=1] LTK:
> 0xbc:0x3a:0xe2:0x1d:0x4c:0x0d:0x77:0x06:0xc0:0x87:0x33:0xc0:0xe7:0x14:0x2e:0
> x0e 132538 [ts=1035453096ssb, mod=64 level=1] IRK:
> 0x01:0x00:0x1c:0xa6:0xfc:0x45:0x23:0x59:0x4a:0x1a:0x23:0xbb:0x8c:0x06:0xcf:0
> x5c 132547 [ts=1035523404ssb, mod=4 level=1] GAP procedure initiated:
> connection parameter update; conn_handle=1 itvl_min=40 itvl_max=40
> latency=0 supervision_timeout=256 min_ce_len=16 max_ce_len=7
> 132558 [ts=1035609336ssb, mod=64 level=1] conn update; status=0
> 132622 [ts=1036109368ssb, mod=64 level=1] conn update; status=573
> 132623 [ts=1036117180ssb, mod=64 level=1] disconnect; reason=573
>
> My issue seems related to MYNEWT-99 (it's mentioned that connections are
> being dropped and/or experience occasional MIC failures) but I could be
> wrong. I tried with BLE_SM_OUR/THEIR_KEY_DIST 7 as well to no avail.
>
> I was trying to follow bletiny's flow described in:
> https://lists.apache.org/thread.html/e3c4cea42957372e447aa5b698eeae0de535f9b
> cb5a6fe082ac44419@%3Cdev.mynewt.apache.org%3E
>
> Kind regards,
> Łukasz
--
pozdrawiam
Szymon Janc