OOB key pairing support.

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
Anonymous
Not applicable

Hi BCM support,

By the below link I look into the hello_sensor example and copy the OOB key pairing setting in my project:

Is OOB available in SDK 2.0.1?

I am using SDK 2.1.1, assume it should be work. My added code like below:

  // setup the pairing parameters.

  lesmp_setPairingParam(

  LESMP_IO_CAP_DISP_ONLY,

  LESMP_OOB_AUTH_DATA_FROM_REMOTE_PRESENT,// OOBDataFlag,

  LESMP_AUTH_FLAG_BONDING, // AuthReq,

  LESMP_MAX_KEY_SIZE,                // MaxEncKeySize,

   // InitiatorKeyDistrib,

  LESMP_KEY_DISTRIBUTION_ENC_KEY

  | LESMP_KEY_DISTRIBUTION_ID_KEY

  | LESMP_KEY_DISTRIBUTION_SIGN_KEY,

   // ResponderKeyDistrib

  LESMP_KEY_DISTRIBUTION_ENC_KEY

  | LESMP_KEY_DISTRIBUTION_ID_KEY

  | LESMP_KEY_DISTRIBUTION_SIGN_KEY

  );

  lesmp_setSMPOOBdata((UINT8*)oob_tk,LESMP_MAX_KEY_SIZE);

  lesmp_setJustWorksNotPermitted();

  lesmp_setPasskeyEntryNotPermitted();

But when I used LightBlue APP or some other PC BLE scanner applications. The device still can be connected with just work method. Is there any other settings I need to modified? Or some libraries I need to add in Makefile?

0 Likes
1 Solution
Anonymous
Not applicable

Hello Henry,

1.  The BLE spec allows for any UUID to be discoverable

2.  If a Host tries to Read or Write, you can stop the characteristics, but you cannot hide the UUID

3.  Using the AUTH flag is the only way to access the services.

4.  However, the pairing process may come into play:

     If you don't want to authorize a paring device, as soon as the connection request comes back and you don't recognize the device, then you disconnect.

5.  This is a work-around and is not very good, because you don't know when you are in pairing mode or not.

Hope this helps

JT

View solution in original post

23 Replies
Anonymous
Not applicable

BTW, is there any document talk about the usage of APIs related to OOB setting?

Thanks.

0 Likes
Anonymous
Not applicable

Hi BCM support,

Please be patient and kindly read my words. I have told that I referred the discussion thread talked about OOB. Unfortunately the last reply mentioned the same problem like me here, even he used passkey pairing method and used lesmp_setJustWorksNotPermitted(). The BCM platform still wild open to just work connection. And the code I post here is referred from hello_sensor.c but it not work.

Of course I understand that the OOB key should be exchange "Out Of Band", and then set by lesmp_setSMPOOBdata().

My problem is suppose I enabled this feature then called lesmp_setJustWorksNotPermitted() and lesmp_setPasskeyEntryNotPermitted(), the JustWork connection method shouldn't not works. BUT it did still work under OOB is enabled and lesmp_setJustWorksNotPermitted() called! Why?

1. Should I add some libraries into makefile?

2. Should I include some headers?

3. Should I call some function in proper ways?

Thanks.

0 Likes

Did you have a chance to move to SDK 2.2.1?

0 Likes
Anonymous
Not applicable

Hi Boont,

It seems there is no SDK2.2.1 for MAC OSX host systems, and I got lots of trouble when installing SDK2.2.1 under Windows 10, I also tried using Linux but got trouble for JAVA issue.... Um...I would like to try if you can provide me the suitable SDK 2.2.1.

Thanks.

0 Likes
Anonymous
Not applicable

Hi Boont,

After struggling through the JAVA installation, I tried SDK 2.2.1 under Linux, no luck. The device still allow JustWork connection. Things become critical now.

Thanks.

0 Likes
Anonymous
Not applicable

Hi BCM supports,

Please kindly test with your TAG and your example hello_sensor.c for the OOB or PassKey feature.

It seems not enough to do the code added in sensor_create() only. Looks like you should take care of smp_bonding_result(), connection_up() and encryptionChanged() functions.

But I can not find any document mention about it, please kindly ask your SDK developer ASAP. We do not like black magic.

Thanks.

0 Likes
Anonymous
Not applicable

Hi BCM support,

Any update?

Here is what I want below:

Please provide the document about the below APIs: (No more black magic please.)

void lesmp_init(LESMP_INFO  *pinfo);

void lesmp_setPtr(LESMP_INFO  *pinfo);

void lesmp_setSMPRole(int role);

void lesmp_setPairingParam(

    int  IOCapability,

  int   OOBDataFlag,

  int   AuthReq,

  int   MaxEncKeySize,

  int   InitiatorKeyDistrib,

  int   ResponderKeyDistrib);

void lesmp_setPairingMode(LESMP_PAIRING_REQ *pkt );

#ifdef SMP_INITIATOR

void lesmp_calcLocalMConf(UINT8 *ptr);

void lesmp_calcMConf(UINT8 *key, UINT8 *rand);

void lesmp_verifySConf(UINT8 *key, UINT8 *rand);

int lesmp_startPairing(UINT8 *AuthReq);

void lesmp_sendPairingReq(void);

#endif

void lesmp_sendPairingRsp(void);

void lesmp_sendConfirmation(UINT8 *pkt);

void lesmp_sendLocalRand(void);

void lesmp_sendPairingFailed(int);

void lesmp_sendEncInfo( UINT8 *ltk );

void lesmp_sendMasterId( UINT8 *rand, UINT16 ediv );

void lesmp_sendIdInfo(UINT8 *irk );

void lesmp_sendIdAddrInfo(UINT8 *bdAddr, int type );

void lesmp_sendSigningInfo(UINT8 *csrk );

void lesmp_sendSecurityRequest(void);

0 Likes
Anonymous
Not applicable

Hi BCM support,

I changed back to PASSKey feature and hope we can go smoothly, but it not. And I found it waste me a lot of time until I found the below thread:

Pairing process with Passkey not completed - (MASTER: BCM20737S, SLAVE: BCM20737S)

So I think the PassKey and OOB pairing never success with BCM20737 platform. Now I just waiting for SDK 2.2.2.

tejas.kotadia@ubnt.com: This is the problem I told you that the OOB/Passkey seems not work well in BCM20737. Now the only thing I can do is just waiting for the SDK 2.2.2.

mwf_mmfae We are almost in MP stage, if the SDK 2.2.2 does not solve the problem. We may need an on-site support for this issue.

Thanks.

0 Likes

I will reach out to the team that manages your part of the world and see if there is a distributor that can support you.

Since it's a holiday week here in the US, SDK 2.2.2 will most likely not be released prior to Monday of next week.

0 Likes

My distributor has passed you something to try on. They will continue to work with you while we anticipate the 2.2.2 release.

henryubnt

forrest.chien

0 Likes
Anonymous
Not applicable

Hi Boont,

1. I just change back to use passkey for reference. The local FAE forrest.chien just pass me the hello_sensor.c the same as the SDK mention and  prove the Passkey half work, it isn't related to OOB key pairing problem.

2. About the passkey pairing, it is quite strange that I test the PassKey works in hello_sensor but doesn't work in my project. I used the same HW board and the same setting with PASSKEY feature. Even the BLE_PROFILE_CFG are also the same. There must be something which is a MUST beyond the PASSKEY_PAIRING macro.

0 Likes
Anonymous
Not applicable

I will help you go over the code directly to see if anything is missing.henryubnt

0 Likes
Anonymous
Not applicable

Hi forrest.chien,

Thank you for supporting. Now I am trying to use OOB pairing as you mentioned:

I can see the TAG03 get the connection to the slave device but stuck at "starting pairing". Below is my test environment.

1. Set the same oob_tk in hello_sensor.c and hello_client.c, uncomment the "#define OOB_PAIRING" to make it works.

2. download the hello_client into TAG03.

3. download the hello_sensor into our target.

4. Press the TAG03 button(SW1) over 5 seconds to trigger the scanning and connection.


And then I get the connection_up but stuck at bonding. In the device message I always get "Not bonding"==> The else option I added below the "if (LESMP_PAIRING_RESULT_BONDED)" condition.


Should we add something in "hello_client.smp_info" before we call "lesmp_startPairing(NULL)"??

0 Likes
Anonymous
Not applicable

Hi forrest.chien,

Thanks for the help, the OOB pairing seems work, but here are some more problems:

1. I think you have know that if the host just connect without pairing/bonding, the host still can discover the service. Even the handle values does not correct, but the UUIDs are disclosed.

2. During the connection under OOB, I made some access permission to be authenticated one, but which can not be accessed, maybe my setting is wrong, please give me some advise. Thanks.

For example:

The below code made the CHARs can be accessed:

  CHARACTERISTIC_UUID128 (HANDLE_MAIN_CHARACTERISTIC_STATUS, HANDLE_MAIN_CHARACTERISTIC_STATUS_VAL,

    UUID_MAIN_CHARACTERISTIC_STATUS,

    LEGATTDB_CHAR_PROP_READ,

    LEGATTDB_PERM_READABLE,

//    LEGATTDB_PERM_AUTH_READABLE,

    7), 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,


  CHARACTERISTIC_UUID128_WRITABLE (HANDLE_MAIN_CHARACTERISTIC_CONFIG, HANDLE_MAIN_CHARACTERISTIC_CONFIG_VAL,

    UUID_MAIN_CHARACTERISTIC_CONFIG,

    LEGATTDB_CHAR_PROP_READ | LEGATTDB_CHAR_PROP_WRITE,

    LEGATTDB_PERM_READABLE | LEGATTDB_PERM_WRITE_CMD | LEGATTDB_PERM_WRITE_REQ,

//    LEGATTDB_PERM_AUTH_READABLE | LEGATTDB_PERM_AUTH_WRITABLE,

    3), 0x00, 0x00, 0x00,

The below code made the CHARs can not be accessed:

  CHARACTERISTIC_UUID128 (HANDLE_MAIN_CHARACTERISTIC_STATUS, HANDLE_MAIN_CHARACTERISTIC_STATUS_VAL,

    UUID_MAIN_CHARACTERISTIC_STATUS,

    LEGATTDB_CHAR_PROP_READ,

//    LEGATTDB_PERM_READABLE,

    LEGATTDB_PERM_AUTH_READABLE,

    7), 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,


  CHARACTERISTIC_UUID128_WRITABLE (HANDLE_MAIN_CHARACTERISTIC_CONFIG, HANDLE_MAIN_CHARACTERISTIC_CONFIG_VAL,

    UUID_MAIN_CHARACTERISTIC_CONFIG,

    LEGATTDB_CHAR_PROP_READ | LEGATTDB_CHAR_PROP_WRITE,

//    LEGATTDB_PERM_READABLE | LEGATTDB_PERM_WRITE_CMD | LEGATTDB_PERM_WRITE_REQ,

    LEGATTDB_PERM_AUTH_READABLE | LEGATTDB_PERM_AUTH_WRITABLE,

    3), 0x00, 0x00, 0x00,

Please help, thanks.

0 Likes
MichaelF_56
Moderator
Moderator
Moderator
250 sign-ins 25 comments on blog 10 comments on blog

henryubnt boont forrest.chien

I checked with the developers last night and they are targeting the SDK 2.2.2 release for middle to late next week.

0 Likes
Anonymous
Not applicable

mwf_mmfae,

Got it, thanks for the update.

0 Likes
wewu_1392881
Level 3
Level 3
First like received First like given Welcome!

I meet the similar issue with you, mark!

Anonymous
Not applicable

Thanks. Here is the current conclusion of this thead:

The OOB key pairing works. But if any other un-auth host try to connect to the device. It's still available, thought we can add the AUTH flag for R/W access of the services. But the service UUID still can be discovered. So here is the latest question in this thread:

1. Is it possible to disable "service discover" feature if the device hasn't paired?

2. If the above is not possible, is it the Bluetooth limitation?

Thanks.

0 Likes
Anonymous
Not applicable

Hello Henry,

1.  The BLE spec allows for any UUID to be discoverable

2.  If a Host tries to Read or Write, you can stop the characteristics, but you cannot hide the UUID

3.  Using the AUTH flag is the only way to access the services.

4.  However, the pairing process may come into play:

     If you don't want to authorize a paring device, as soon as the connection request comes back and you don't recognize the device, then you disconnect.

5.  This is a work-around and is not very good, because you don't know when you are in pairing mode or not.

Hope this helps

JT

Anonymous
Not applicable

j.t

Thank you for the information, I have further one question about your #2:

"If a Host tries to Read or Write, you can stop the characteristics,"

How to do that? Is there also a "read_handler()" like write_handler()?


Thanks.

0 Likes
Anonymous
Not applicable

Hello Henry,

#2 What I meant to say is that you can ignore sending the characteristics.

JT

0 Likes