BLE secure pairing: Bonding does not work when permission is ENC_MITM on characteristics.

Duracell
Posts: 5
Joined: Sun Oct 08, 2017 7:39 am

BLE secure pairing: Bonding does not work when permission is ENC_MITM on characteristics.

Postby Duracell » Wed Jun 06, 2018 7:18 am

Hi all

I have this strange problem:

IDF: v3

Example Code: examples/bluetooth/gatt_security_server

If I change the code to use passkey pairing with MITM:

Code: Select all

esp_ble_auth_req_t auth_req = ESP_LE_AUTH_REQ_SC_MITM_BOND;   
esp_ble_io_cap_t iocap = ESP_IO_CAP_OUT;
Everything works as expected. After Rebooting the ESP, my client device is still bonded and can connect/read/write without another pairing.

HOWEVER:

If I additionally change the security permissions of the characteristics to 'xxx_ENC_MITM' e.g.

Code: Select all

    
    // Heart Rate Control Point Characteristic Value
    [HRS_IDX_HR_CTNL_PT_VAL]             =
    {{ESP_GATT_AUTO_RSP}, {ESP_UUID_LEN_16, (uint8_t *)&heart_rate_ctrl_point, ESP_GATT_PERM_WRITE_ENC_MITM | ESP_GATT_PERM_READ_ENC_MITM,
      sizeof(uint8_t), sizeof(heart_ctrl_point), (uint8_t *)heart_ctrl_point}},
      
On the first connect, passkey pairing is triggered as expected, and the characteristic can be accessed.

But then, after rebooting the ESP, the client device CAN NOT reconnect/repair with the ESP.

The lowlevel error ist:
I (16062) SEC_GATTS_DEMO: ESP_GATTS_CONNECT_EVT
E (18472) BT_GATT: GATT_INSUF_AUTHENTICATION

Can anybody help with this?

linsid
Posts: 2
Joined: Tue Jun 26, 2018 11:04 am

Re: BLE secure pairing: Bonding does not work when permission is ENC_MITM on characteristics.

Postby linsid » Thu Jun 28, 2018 8:11 am

Hi, I am having the same problem.

I did a test - paired, bonded, disconnected. Connect, pair - log the central info (read works), reset, connect, pair - log the central info (insufficient authentication). In both cases all the information exchanged during the pairing was exactly the same. The keys are maintained during the power off.

There is another case, if we set ESP_LE_AUTH_REQ_SC_MITM (no bonding), but we keep characteristic permissions ESP_GATT_PERM_READ_ENC_MITM. It always gives the insufficient authentication error. Comparing the Central logs of Espressif and Cypress peripherals pairing I see that in the Espressif is missing this message:
  • [16:09:38:444] : 'Misc Event Notification' received
    [16:09:38:444] : Event Code: 0x002C
    [16:09:38:444] : Event Data: [0A:2D:F4:65:E3:BD:7B:49:1E:B4:C0:95:95:13:46:73]
I assume it has something to do with encryption or authentication key?
However, if we enable bonding, this message will be exchanged. Maybe that is why it works only if the bonding is enabled?

Does anyone have a solution?

Who is online

Users browsing this forum: marcelounisb and 114 guests