Re: BLE security/encryption/passkey authentication

2018-07-10 Thread Amr Bekhit 
Hi Andrzej,

Thank you - that does indeed work.

I have another question. Bonding now works (i.e. using the nRF52
Connect app on Android, I connect to the advertising end device and
then bond with it to save the credentials), however I would also like
to configure the end device so that it requires a pin when connecting
to the advertising device. How would this be realised using Nimble?

Thanks

Amr
On Tue, 10 Jul 2018 at 00:50, Andrzej Kaczmarek
 wrote:
>
> Hi,
>
> You code looks ok. However, I noticed strange thing when testing with
> Android phone on my side: pairing fails if specified passkey has less
> than 6 digits (i.e. <10). This does not seem to be issue in NimBLE
> since the same happens when trying to pair Android with BlueZ while
> pairing between NimBLE and BlueZ works just fine. Looks like some
> issue in Android LE SC implementation tbh...
>
> So please try with 6 digits passkey (i.e. >=10) and it should work.
>
> Best,
> Andrzej
>
>
> On Mon, Jul 9, 2018 at 12:08 PM Amr Bekhit  wrote:
> >
> > Hi Andrzej,
> >
> > Below is my GAP event callback function and the console output when I
> > attempt to bond with my device (I'm using the Nordic nRF Connect app
> > on my phone to interact with the device):
> >
> > static int bleprph_gap_event(struct ble_gap_event *event, void *arg) {
> > int rc = 0;
> >
> > switch(event->type) {
> > case BLE_GAP_EVENT_CONNECT:
> > console_printf("Connected\n");
> > break;
> >
> > case BLE_GAP_EVENT_DISCONNECT:
> > console_printf("Disconnected\n");
> > ble_advertise();
> > break;
> >
> > case BLE_GAP_EVENT_CONN_UPDATE:
> > console_printf("Connection updated\n");
> > break;
> >
> > case BLE_GAP_EVENT_CONN_UPDATE_REQ:
> > console_printf("Connection update requested\n");
> > break;
> >
> > case BLE_GAP_EVENT_PASSKEY_ACTION: {
> > console_printf("Passkey Request. Action: %d, Numcmp: %lu\n",
> > event->passkey.params.action,
> > event->passkey.params.numcmp);
> >
> > if (event->passkey.params.action == BLE_SM_IOACT_DISP) {
> > struct ble_sm_io pk;
> > pk.action = event->passkey.params.action;
> > pk.passkey = 4539;
> > rc = ble_sm_inject_io(event->passkey.conn_handle, );
> > console_printf("ble_sm_inject_io result: %d\n", rc);
> > }
> > break;
> > }
> >
> > default:
> > console_printf("GAP Event: %i\n", event->type);
> > }
> >
> > return rc;
> > }
> >
> > 001039 Passkey Request. Action: 3, Numcmp: 0
> > 001040 ble_sm_inject_io result: 0
> > 001639 GAP Event: 10
> > 002037 Connection updated
> > 002037 Disconnected
> >
> > On the phone, I get requested for a pin number and I enter 4539. After
> > that, the end device just disconnects from the bluetooth.

Re: BLE security/encryption/passkey authentication

2018-07-10 Thread Amr Bekhit 
I've experimented some more. If I declare a characteristic with the
BLE_GATT_CHR_F_XXX_ENC flags, then accessing that characteristic
prompts me for a pin code, and if I connect from a previously bonded
profile, then no pin is requested (as expected). So this seems to work
fine, in that I can pin code-protect certain characteristics of a
service and require a pin to access them. However, is it possible to
pin code-protect connections from the advertising stage? Because at
the moment, any device can connect to and query the services and
characteristics of the end device.

Amr
On Tue, 10 Jul 2018 at 10:12, Amr Bekhit  wrote:
>
> Hi Andrzej,
>
> Thank you - that does indeed work.
>
> I have another question. Bonding now works (i.e. using the nRF52
> Connect app on Android, I connect to the advertising end device and
> then bond with it to save the credentials), however I would also like
> to configure the end device so that it requires a pin when connecting
> to the advertising device. How would this be realised using Nimble?
>
> Thanks
>
> Amr
> On Tue, 10 Jul 2018 at 00:50, Andrzej Kaczmarek
>  wrote:
> >
> > Hi,
> >
> > You code looks ok. However, I noticed strange thing when testing with
> > Android phone on my side: pairing fails if specified passkey has less
> > than 6 digits (i.e. <10). This does not seem to be issue in NimBLE
> > since the same happens when trying to pair Android with BlueZ while
> > pairing between NimBLE and BlueZ works just fine. Looks like some
> > issue in Android LE SC implementation tbh...
> >
> > So please try with 6 digits passkey (i.e. >=10) and it should work.
> >
> > Best,
> > Andrzej
> >
> >
> > On Mon, Jul 9, 2018 at 12:08 PM Amr Bekhit  wrote:
> > >
> > > Hi Andrzej,
> > >
> > > Below is my GAP event callback function and the console output when I
> > > attempt to bond with my device (I'm using the Nordic nRF Connect app
> > > on my phone to interact with the device):
> > >
> > > static int bleprph_gap_event(struct ble_gap_event *event, void *arg) {
> > > int rc = 0;
> > >
> > > switch(event->type) {
> > > case BLE_GAP_EVENT_CONNECT:
> > > console_printf("Connected\n");
> > > break;
> > >
> > > case BLE_GAP_EVENT_DISCONNECT:
> > > console_printf("Disconnected\n");
> > > ble_advertise();
> > > break;
> > >
> > > case BLE_GAP_EVENT_CONN_UPDATE:
> > > console_printf("Connection updated\n");
> > > break;
> > >
> > > case BLE_GAP_EVENT_CONN_UPDATE_REQ:
> > > console_printf("Connection update requested\n");
> > > break;
> > >
> > > case BLE_GAP_EVENT_PASSKEY_ACTION: {
> > > console_printf("Passkey Request. Action: %d, Numcmp: %lu\n",
> > > event->passkey.params.action,
> > > event->passkey.params.numcmp);
> > >
> > > if (event->passkey.params.action == BLE_SM_IOACT_DISP) {
> > > struct ble_sm_io pk;
> > > pk.action = event->passkey.params.action;
> > > pk.passkey = 4539;
> > > rc = ble_sm_inject_io(event->passkey.conn_handle, );
> > > console_printf("ble_sm_inject_io result: %d\n", rc);
> > > }
> > > break;
> > > }
> > >
> > > default:
> > > console_printf("GAP Event: %i\n", event->type);
> > > }
> > >
> > > return rc;
> > > }
> > >
> > > 001039 Passkey Request. Action: 3, Numcmp: 0
> > > 001040 ble_sm_inject_io result: 0
> > > 001639 GAP Event: 10
> > > 002037 Connection updated
> > > 002037 Disconnected
> > >
> > > On the phone, I get requested for a pin number and I enter 4539. After
> > > that, the end device just disconnects from the bluetooth.

Re: BLE security/encryption/passkey authentication

2018-07-10 Thread Andrzej Kaczmarek 
Hi,

There is no such method to protect services from being discovered, but
this is "by design" as per Bluetooth Core spec [1]. As you said, you
can just protect access on characteristic level by combining
BLE_GATT_CHR_F_XXX_ENC (requires encryption, allows unauthenticated
key) and BLE_GATT_CHR_F_XXX_AUTHEN (requires encryption and
authenticated key) flags.

[1] Core 5.0, Vol 3, Part G, Section 8.1: "The list of services and
characteristics that a device supports is not considered private or
confidential information, and therefore the Service and Characteristic
Discovery procedures shall always be permitted."

Best,
Andrzej


On Tue, Jul 10, 2018 at 10:06 AM Amr Bekhit  wrote:
>
> I've experimented some more. If I declare a characteristic with the
> BLE_GATT_CHR_F_XXX_ENC flags, then accessing that characteristic
> prompts me for a pin code, and if I connect from a previously bonded
> profile, then no pin is requested (as expected). So this seems to work
> fine, in that I can pin code-protect certain characteristics of a
> service and require a pin to access them. However, is it possible to
> pin code-protect connections from the advertising stage? Because at
> the moment, any device can connect to and query the services and
> characteristics of the end device.
>
> Amr
> On Tue, 10 Jul 2018 at 10:12, Amr Bekhit  wrote:
> >
> > Hi Andrzej,
> >
> > Thank you - that does indeed work.
> >
> > I have another question. Bonding now works (i.e. using the nRF52
> > Connect app on Android, I connect to the advertising end device and
> > then bond with it to save the credentials), however I would also like
> > to configure the end device so that it requires a pin when connecting
> > to the advertising device. How would this be realised using Nimble?
> >
> > Thanks
> >
> > Amr
> > On Tue, 10 Jul 2018 at 00:50, Andrzej Kaczmarek
> >  wrote:
> > >
> > > Hi,
> > >
> > > You code looks ok. However, I noticed strange thing when testing with
> > > Android phone on my side: pairing fails if specified passkey has less
> > > than 6 digits (i.e. <10). This does not seem to be issue in NimBLE
> > > since the same happens when trying to pair Android with BlueZ while
> > > pairing between NimBLE and BlueZ works just fine. Looks like some
> > > issue in Android LE SC implementation tbh...
> > >
> > > So please try with 6 digits passkey (i.e. >=10) and it should work.
> > >
> > > Best,
> > > Andrzej
> > >
> > >
> > > On Mon, Jul 9, 2018 at 12:08 PM Amr Bekhit  wrote:
> > > >
> > > > Hi Andrzej,
> > > >
> > > > Below is my GAP event callback function and the console output when I
> > > > attempt to bond with my device (I'm using the Nordic nRF Connect app
> > > > on my phone to interact with the device):
> > > >
> > > > static int bleprph_gap_event(struct ble_gap_event *event, void *arg) {
> > > > int rc = 0;
> > > >
> > > > switch(event->type) {
> > > > case BLE_GAP_EVENT_CONNECT:
> > > > console_printf("Connected\n");
> > > > break;
> > > >
> > > > case BLE_GAP_EVENT_DISCONNECT:
> > > > console_printf("Disconnected\n");
> > > > ble_advertise();
> > > > break;
> > > >
> > > > case BLE_GAP_EVENT_CONN_UPDATE:
> > > > console_printf("Connection updated\n");
> > > > break;
> > > >
> > > > case BLE_GAP_EVENT_CONN_UPDATE_REQ:
> > > > console_printf("Connection update requested\n");
> > > > break;
> > > >
> > > > case BLE_GAP_EVENT_PASSKEY_ACTION: {
> > > > console_printf("Passkey Request. Action: %d, Numcmp: %lu\n",
> > > > event->passkey.params.action,
> > > > event->passkey.params.numcmp);
> > > >
> > > > if (event->passkey.params.action == BLE_SM_IOACT_DISP) {
> > > > struct ble_sm_io pk;
> > > > pk.action = event->passkey.params.action;
> > > > pk.passkey = 4539;
> > > > rc = ble_sm_inject_io(event->passkey.conn_handle, );
> > > > console_printf("ble_sm_inject_io result: %d\n", rc);
> > > > }
> > > > break;
> > > > }
> > > >
> > > > default:
> > > > console_printf("GAP Event: %i\n", event->type);
> > > > }
> > > >
> > > > return rc;
> > > > }
> > > >
> > > > 001039 Passkey Request. Action: 3, Numcmp: 0
> > > > 001040 ble_sm_inject_io result: 0
> > > > 001639 GAP Event: 10
> > > > 002037 Connection updated
> > > > 002037 Disconnected
> > > >
> > > > On the phone, I get requested for a pin number and I enter 4539. After
> > > > that, the end device just disconnects from the bluetooth.

BLE uart read write

2018-07-10 Thread Jeff Belz 
I'm working with the BLE uart example and I have it working as is, but it's a 
little hidden where the read and write data goes.

I want to do something simple, like write a BLE uart, string  and then read a 
BLE uart string.   I need these functions in the main.c.   What functions need 
to be brought forward to the main.c just to do a simple read and write 
operation.

Jeff

Re: newtmgr fs command fails in sim

2018-07-10 Thread Kevin Townsend 

Hi Jacob,

But Kevins code snippet brings up something im thinking about. In his
comments he has

CONFIG_NFFS: 1# Initialize and configure NFFS into the
 system


I dont agree with that comment, whats thats actually doing is turning on
the config subsystem and telling it to create its own nffs. Then hes
coattail riding on config's nffs partition.

Came back to this again today writing some internal documentation.

I do agree this leads to some potentially false conclusions, especially to
someone new to Mynewt since 'CONFIG_NFFS' sounds like it may well do
what the comment is saying, and it's part of the official FS documentation
here: https://mynewt.apache.org/latest/os/modules/fs/fs.html#description

I missed that myself, but appreciate you pointing it out since it may have
cause a problem in the future that might not have been obvious at first
glance.

K.

Re: BLE uart read write

2018-07-10 Thread Amr Bekhit 
Are you referring to the host/services/bleuart package? Looking at the code
for that, it appears that there are no callbacks or hooks to allow you to
read and write data. The code appears hard coded to read and write data
from the console.

Regarding receiving data, looks like you'll need to replace lines 105 and
108. To transmit data you'll need to replace lines 154-162 in bleuart.c

Amr

On Tue, 10 Jul 2018, 9:46 p.m. Jeff Belz,  wrote:

> I'm working with the BLE uart example and I have it working as is, but
> it's a little hidden where the read and write data goes.
>
> I want to do something simple, like write a BLE uart, string  and then
> read a BLE uart string.   I need these functions in the main.c.   What
> functions need to be brought forward to the main.c just to do a simple read
> and write operation.
>
> Jeff
>

Re: BLE security/encryption/passkey authentication

2018-07-10 Thread Andrzej Kaczmarek 
FYI: seems like it works fine if you enter passkey with leading zeroes
in Android (e.g. "001234" instead of "1234"). Not sure why it works
like this as passkey is handled as integer value during pairing
process, but Android is apparently full of surprises ;-)

Best,
Andrzej

On Mon, Jul 9, 2018 at 11:49 PM Andrzej Kaczmarek
 wrote:
>
> Hi,
>
> You code looks ok. However, I noticed strange thing when testing with
> Android phone on my side: pairing fails if specified passkey has less
> than 6 digits (i.e. <10). This does not seem to be issue in NimBLE
> since the same happens when trying to pair Android with BlueZ while
> pairing between NimBLE and BlueZ works just fine. Looks like some
> issue in Android LE SC implementation tbh...
>
> So please try with 6 digits passkey (i.e. >=10) and it should work.
>
> Best,
> Andrzej
>
>
> On Mon, Jul 9, 2018 at 12:08 PM Amr Bekhit  wrote:
> >
> > Hi Andrzej,
> >
> > Below is my GAP event callback function and the console output when I
> > attempt to bond with my device (I'm using the Nordic nRF Connect app
> > on my phone to interact with the device):
> >
> > static int bleprph_gap_event(struct ble_gap_event *event, void *arg) {
> > int rc = 0;
> >
> > switch(event->type) {
> > case BLE_GAP_EVENT_CONNECT:
> > console_printf("Connected\n");
> > break;
> >
> > case BLE_GAP_EVENT_DISCONNECT:
> > console_printf("Disconnected\n");
> > ble_advertise();
> > break;
> >
> > case BLE_GAP_EVENT_CONN_UPDATE:
> > console_printf("Connection updated\n");
> > break;
> >
> > case BLE_GAP_EVENT_CONN_UPDATE_REQ:
> > console_printf("Connection update requested\n");
> > break;
> >
> > case BLE_GAP_EVENT_PASSKEY_ACTION: {
> > console_printf("Passkey Request. Action: %d, Numcmp: %lu\n",
> > event->passkey.params.action,
> > event->passkey.params.numcmp);
> >
> > if (event->passkey.params.action == BLE_SM_IOACT_DISP) {
> > struct ble_sm_io pk;
> > pk.action = event->passkey.params.action;
> > pk.passkey = 4539;
> > rc = ble_sm_inject_io(event->passkey.conn_handle, );
> > console_printf("ble_sm_inject_io result: %d\n", rc);
> > }
> > break;
> > }
> >
> > default:
> > console_printf("GAP Event: %i\n", event->type);
> > }
> >
> > return rc;
> > }
> >
> > 001039 Passkey Request. Action: 3, Numcmp: 0
> > 001040 ble_sm_inject_io result: 0
> > 001639 GAP Event: 10
> > 002037 Connection updated
> > 002037 Disconnected
> >
> > On the phone, I get requested for a pin number and I enter 4539. After
> > that, the end device just disconnects from the bluetooth.