Re: BLE security/encryption/passkey authentication
Hi Andrzej, Thank you - that does indeed work. I have another question. Bonding now works (i.e. using the nRF52 Connect app on Android, I connect to the advertising end device and then bond with it to save the credentials), however I would also like to configure the end device so that it requires a pin when connecting to the advertising device. How would this be realised using Nimble? Thanks Amr On Tue, 10 Jul 2018 at 00:50, Andrzej Kaczmarek wrote: > > Hi, > > You code looks ok. However, I noticed strange thing when testing with > Android phone on my side: pairing fails if specified passkey has less > than 6 digits (i.e. <10). This does not seem to be issue in NimBLE > since the same happens when trying to pair Android with BlueZ while > pairing between NimBLE and BlueZ works just fine. Looks like some > issue in Android LE SC implementation tbh... > > So please try with 6 digits passkey (i.e. >=10) and it should work. > > Best, > Andrzej > > > On Mon, Jul 9, 2018 at 12:08 PM Amr Bekhit wrote: > > > > Hi Andrzej, > > > > Below is my GAP event callback function and the console output when I > > attempt to bond with my device (I'm using the Nordic nRF Connect app > > on my phone to interact with the device): > > > > static int bleprph_gap_event(struct ble_gap_event *event, void *arg) { > > int rc = 0; > > > > switch(event->type) { > > case BLE_GAP_EVENT_CONNECT: > > console_printf("Connected\n"); > > break; > > > > case BLE_GAP_EVENT_DISCONNECT: > > console_printf("Disconnected\n"); > > ble_advertise(); > > break; > > > > case BLE_GAP_EVENT_CONN_UPDATE: > > console_printf("Connection updated\n"); > > break; > > > > case BLE_GAP_EVENT_CONN_UPDATE_REQ: > > console_printf("Connection update requested\n"); > > break; > > > > case BLE_GAP_EVENT_PASSKEY_ACTION: { > > console_printf("Passkey Request. Action: %d, Numcmp: %lu\n", > > event->passkey.params.action, > > event->passkey.params.numcmp); > > > > if (event->passkey.params.action == BLE_SM_IOACT_DISP) { > > struct ble_sm_io pk; > > pk.action = event->passkey.params.action; > > pk.passkey = 4539; > > rc = ble_sm_inject_io(event->passkey.conn_handle, ); > > console_printf("ble_sm_inject_io result: %d\n", rc); > > } > > break; > > } > > > > default: > > console_printf("GAP Event: %i\n", event->type); > > } > > > > return rc; > > } > > > > 001039 Passkey Request. Action: 3, Numcmp: 0 > > 001040 ble_sm_inject_io result: 0 > > 001639 GAP Event: 10 > > 002037 Connection updated > > 002037 Disconnected > > > > On the phone, I get requested for a pin number and I enter 4539. After > > that, the end device just disconnects from the bluetooth.
Re: BLE security/encryption/passkey authentication
I've experimented some more. If I declare a characteristic with the BLE_GATT_CHR_F_XXX_ENC flags, then accessing that characteristic prompts me for a pin code, and if I connect from a previously bonded profile, then no pin is requested (as expected). So this seems to work fine, in that I can pin code-protect certain characteristics of a service and require a pin to access them. However, is it possible to pin code-protect connections from the advertising stage? Because at the moment, any device can connect to and query the services and characteristics of the end device. Amr On Tue, 10 Jul 2018 at 10:12, Amr Bekhit wrote: > > Hi Andrzej, > > Thank you - that does indeed work. > > I have another question. Bonding now works (i.e. using the nRF52 > Connect app on Android, I connect to the advertising end device and > then bond with it to save the credentials), however I would also like > to configure the end device so that it requires a pin when connecting > to the advertising device. How would this be realised using Nimble? > > Thanks > > Amr > On Tue, 10 Jul 2018 at 00:50, Andrzej Kaczmarek > wrote: > > > > Hi, > > > > You code looks ok. However, I noticed strange thing when testing with > > Android phone on my side: pairing fails if specified passkey has less > > than 6 digits (i.e. <10). This does not seem to be issue in NimBLE > > since the same happens when trying to pair Android with BlueZ while > > pairing between NimBLE and BlueZ works just fine. Looks like some > > issue in Android LE SC implementation tbh... > > > > So please try with 6 digits passkey (i.e. >=10) and it should work. > > > > Best, > > Andrzej > > > > > > On Mon, Jul 9, 2018 at 12:08 PM Amr Bekhit wrote: > > > > > > Hi Andrzej, > > > > > > Below is my GAP event callback function and the console output when I > > > attempt to bond with my device (I'm using the Nordic nRF Connect app > > > on my phone to interact with the device): > > > > > > static int bleprph_gap_event(struct ble_gap_event *event, void *arg) { > > > int rc = 0; > > > > > > switch(event->type) { > > > case BLE_GAP_EVENT_CONNECT: > > > console_printf("Connected\n"); > > > break; > > > > > > case BLE_GAP_EVENT_DISCONNECT: > > > console_printf("Disconnected\n"); > > > ble_advertise(); > > > break; > > > > > > case BLE_GAP_EVENT_CONN_UPDATE: > > > console_printf("Connection updated\n"); > > > break; > > > > > > case BLE_GAP_EVENT_CONN_UPDATE_REQ: > > > console_printf("Connection update requested\n"); > > > break; > > > > > > case BLE_GAP_EVENT_PASSKEY_ACTION: { > > > console_printf("Passkey Request. Action: %d, Numcmp: %lu\n", > > > event->passkey.params.action, > > > event->passkey.params.numcmp); > > > > > > if (event->passkey.params.action == BLE_SM_IOACT_DISP) { > > > struct ble_sm_io pk; > > > pk.action = event->passkey.params.action; > > > pk.passkey = 4539; > > > rc = ble_sm_inject_io(event->passkey.conn_handle, ); > > > console_printf("ble_sm_inject_io result: %d\n", rc); > > > } > > > break; > > > } > > > > > > default: > > > console_printf("GAP Event: %i\n", event->type); > > > } > > > > > > return rc; > > > } > > > > > > 001039 Passkey Request. Action: 3, Numcmp: 0 > > > 001040 ble_sm_inject_io result: 0 > > > 001639 GAP Event: 10 > > > 002037 Connection updated > > > 002037 Disconnected > > > > > > On the phone, I get requested for a pin number and I enter 4539. After > > > that, the end device just disconnects from the bluetooth.
Re: BLE security/encryption/passkey authentication
Hi, There is no such method to protect services from being discovered, but this is "by design" as per Bluetooth Core spec [1]. As you said, you can just protect access on characteristic level by combining BLE_GATT_CHR_F_XXX_ENC (requires encryption, allows unauthenticated key) and BLE_GATT_CHR_F_XXX_AUTHEN (requires encryption and authenticated key) flags. [1] Core 5.0, Vol 3, Part G, Section 8.1: "The list of services and characteristics that a device supports is not considered private or confidential information, and therefore the Service and Characteristic Discovery procedures shall always be permitted." Best, Andrzej On Tue, Jul 10, 2018 at 10:06 AM Amr Bekhit wrote: > > I've experimented some more. If I declare a characteristic with the > BLE_GATT_CHR_F_XXX_ENC flags, then accessing that characteristic > prompts me for a pin code, and if I connect from a previously bonded > profile, then no pin is requested (as expected). So this seems to work > fine, in that I can pin code-protect certain characteristics of a > service and require a pin to access them. However, is it possible to > pin code-protect connections from the advertising stage? Because at > the moment, any device can connect to and query the services and > characteristics of the end device. > > Amr > On Tue, 10 Jul 2018 at 10:12, Amr Bekhit wrote: > > > > Hi Andrzej, > > > > Thank you - that does indeed work. > > > > I have another question. Bonding now works (i.e. using the nRF52 > > Connect app on Android, I connect to the advertising end device and > > then bond with it to save the credentials), however I would also like > > to configure the end device so that it requires a pin when connecting > > to the advertising device. How would this be realised using Nimble? > > > > Thanks > > > > Amr > > On Tue, 10 Jul 2018 at 00:50, Andrzej Kaczmarek > > wrote: > > > > > > Hi, > > > > > > You code looks ok. However, I noticed strange thing when testing with > > > Android phone on my side: pairing fails if specified passkey has less > > > than 6 digits (i.e. <10). This does not seem to be issue in NimBLE > > > since the same happens when trying to pair Android with BlueZ while > > > pairing between NimBLE and BlueZ works just fine. Looks like some > > > issue in Android LE SC implementation tbh... > > > > > > So please try with 6 digits passkey (i.e. >=10) and it should work. > > > > > > Best, > > > Andrzej > > > > > > > > > On Mon, Jul 9, 2018 at 12:08 PM Amr Bekhit wrote: > > > > > > > > Hi Andrzej, > > > > > > > > Below is my GAP event callback function and the console output when I > > > > attempt to bond with my device (I'm using the Nordic nRF Connect app > > > > on my phone to interact with the device): > > > > > > > > static int bleprph_gap_event(struct ble_gap_event *event, void *arg) { > > > > int rc = 0; > > > > > > > > switch(event->type) { > > > > case BLE_GAP_EVENT_CONNECT: > > > > console_printf("Connected\n"); > > > > break; > > > > > > > > case BLE_GAP_EVENT_DISCONNECT: > > > > console_printf("Disconnected\n"); > > > > ble_advertise(); > > > > break; > > > > > > > > case BLE_GAP_EVENT_CONN_UPDATE: > > > > console_printf("Connection updated\n"); > > > > break; > > > > > > > > case BLE_GAP_EVENT_CONN_UPDATE_REQ: > > > > console_printf("Connection update requested\n"); > > > > break; > > > > > > > > case BLE_GAP_EVENT_PASSKEY_ACTION: { > > > > console_printf("Passkey Request. Action: %d, Numcmp: %lu\n", > > > > event->passkey.params.action, > > > > event->passkey.params.numcmp); > > > > > > > > if (event->passkey.params.action == BLE_SM_IOACT_DISP) { > > > > struct ble_sm_io pk; > > > > pk.action = event->passkey.params.action; > > > > pk.passkey = 4539; > > > > rc = ble_sm_inject_io(event->passkey.conn_handle, ); > > > > console_printf("ble_sm_inject_io result: %d\n", rc); > > > > } > > > > break; > > > > } > > > > > > > > default: > > > > console_printf("GAP Event: %i\n", event->type); > > > > } > > > > > > > > return rc; > > > > } > > > > > > > > 001039 Passkey Request. Action: 3, Numcmp: 0 > > > > 001040 ble_sm_inject_io result: 0 > > > > 001639 GAP Event: 10 > > > > 002037 Connection updated > > > > 002037 Disconnected > > > > > > > > On the phone, I get requested for a pin number and I enter 4539. After > > > > that, the end device just disconnects from the bluetooth.
BLE uart read write
I'm working with the BLE uart example and I have it working as is, but it's a little hidden where the read and write data goes. I want to do something simple, like write a BLE uart, string and then read a BLE uart string. I need these functions in the main.c. What functions need to be brought forward to the main.c just to do a simple read and write operation. Jeff
Re: newtmgr fs command fails in sim
Hi Jacob, But Kevins code snippet brings up something im thinking about. In his comments he has CONFIG_NFFS: 1# Initialize and configure NFFS into the system I dont agree with that comment, whats thats actually doing is turning on the config subsystem and telling it to create its own nffs. Then hes coattail riding on config's nffs partition. Came back to this again today writing some internal documentation. I do agree this leads to some potentially false conclusions, especially to someone new to Mynewt since 'CONFIG_NFFS' sounds like it may well do what the comment is saying, and it's part of the official FS documentation here: https://mynewt.apache.org/latest/os/modules/fs/fs.html#description I missed that myself, but appreciate you pointing it out since it may have cause a problem in the future that might not have been obvious at first glance. K.
Re: BLE uart read write
Are you referring to the host/services/bleuart package? Looking at the code for that, it appears that there are no callbacks or hooks to allow you to read and write data. The code appears hard coded to read and write data from the console. Regarding receiving data, looks like you'll need to replace lines 105 and 108. To transmit data you'll need to replace lines 154-162 in bleuart.c Amr On Tue, 10 Jul 2018, 9:46 p.m. Jeff Belz, wrote: > I'm working with the BLE uart example and I have it working as is, but > it's a little hidden where the read and write data goes. > > I want to do something simple, like write a BLE uart, string and then > read a BLE uart string. I need these functions in the main.c. What > functions need to be brought forward to the main.c just to do a simple read > and write operation. > > Jeff >
Re: BLE security/encryption/passkey authentication
FYI: seems like it works fine if you enter passkey with leading zeroes in Android (e.g. "001234" instead of "1234"). Not sure why it works like this as passkey is handled as integer value during pairing process, but Android is apparently full of surprises ;-) Best, Andrzej On Mon, Jul 9, 2018 at 11:49 PM Andrzej Kaczmarek wrote: > > Hi, > > You code looks ok. However, I noticed strange thing when testing with > Android phone on my side: pairing fails if specified passkey has less > than 6 digits (i.e. <10). This does not seem to be issue in NimBLE > since the same happens when trying to pair Android with BlueZ while > pairing between NimBLE and BlueZ works just fine. Looks like some > issue in Android LE SC implementation tbh... > > So please try with 6 digits passkey (i.e. >=10) and it should work. > > Best, > Andrzej > > > On Mon, Jul 9, 2018 at 12:08 PM Amr Bekhit wrote: > > > > Hi Andrzej, > > > > Below is my GAP event callback function and the console output when I > > attempt to bond with my device (I'm using the Nordic nRF Connect app > > on my phone to interact with the device): > > > > static int bleprph_gap_event(struct ble_gap_event *event, void *arg) { > > int rc = 0; > > > > switch(event->type) { > > case BLE_GAP_EVENT_CONNECT: > > console_printf("Connected\n"); > > break; > > > > case BLE_GAP_EVENT_DISCONNECT: > > console_printf("Disconnected\n"); > > ble_advertise(); > > break; > > > > case BLE_GAP_EVENT_CONN_UPDATE: > > console_printf("Connection updated\n"); > > break; > > > > case BLE_GAP_EVENT_CONN_UPDATE_REQ: > > console_printf("Connection update requested\n"); > > break; > > > > case BLE_GAP_EVENT_PASSKEY_ACTION: { > > console_printf("Passkey Request. Action: %d, Numcmp: %lu\n", > > event->passkey.params.action, > > event->passkey.params.numcmp); > > > > if (event->passkey.params.action == BLE_SM_IOACT_DISP) { > > struct ble_sm_io pk; > > pk.action = event->passkey.params.action; > > pk.passkey = 4539; > > rc = ble_sm_inject_io(event->passkey.conn_handle, ); > > console_printf("ble_sm_inject_io result: %d\n", rc); > > } > > break; > > } > > > > default: > > console_printf("GAP Event: %i\n", event->type); > > } > > > > return rc; > > } > > > > 001039 Passkey Request. Action: 3, Numcmp: 0 > > 001040 ble_sm_inject_io result: 0 > > 001639 GAP Event: 10 > > 002037 Connection updated > > 002037 Disconnected > > > > On the phone, I get requested for a pin number and I enter 4539. After > > that, the end device just disconnects from the bluetooth.