-
-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Help with the new security #11
Comments
You'll need to change:
to:
For some reason this is how NimBLE set it up, I should consider making that automatic in the library. For the 2902 you would set the same properties but with You can use the security class as you have it there and it should work fine. The other option to do the same this would be to use:
or
and finally |
ok, i got NimBLEDevice::setSecurityIOCap(BLE_HS_IO_DISPLAY_ONLY); some other wierd stuff.. im trying to sort i didnt create the 2902, its done by creatcharacteristic (since notifiy property there) |
ble scanner is pretty good.
It's strange that nimble doesn't handle this in the stack. I'm not sure how best to sort out this issue, might need to modify the library for this. |
i had that app long ago..didnt work well.. trying now... yikes; now i cant connect anymore, just says "connecting fail from peripheral" so logging says when i try to reconnect |
i switched to my "testing" code and same issue |
i changed to this NimBLEDevice::setSecurityIOCap(BLE_HS_IO_DISPLAY_ONLY); and i can connect over and over, i just have to put in the passkey every time |
If you bond, the keys are persisted in the phone and on the esp32, if you delete the bond on one of them they both need to be deleted (library will detect this and do it for you but you need to reconnect).
If you want to use bonding with a passkey Edit: also I would recommend using |
hmm,,, if i let it bond, i cant connect to it again... I (114939) mycallback: onConnect() I (115159) mycallback: onDisconnect() as you can see from upbove i get kicked right out so... something is wrong for sure... as once i bond, and then disconnect, and just try to reconnect this mean anything? I NimBLEDevice: "BLE Host Task Started" (erase_flash, reloaded... no change) do i need any of the security callbacks? to return something? you have default ones i see |
That's the nimble stack letting us know what the issue is, I'm not sure why it would have this problem I would need to see the logs when it first connects and bonds to see where the issue is. |
Actually I think I know why, you are using IDF v4.0 correct? If so can you tell me the commit you're on. I made a PR on the esp-nimble repo to address this issue and it was merged a little while ago. If you don't have that then that's probably the cause. |
yes. idf 4.0 not sure how exactly to switch to idf4.x im using thier "ESP-IDF Visual Studio Code Extension" i might be able to switch to 4. something... actually says IDF v4.0.1 |
that IRK error happens at boot, and before any connections |
Yeah, that’s because it has stored bonds that it’s trying to load and cannot for some reason. If you checkout my esp-nimble-component library and put that in your projects/components folder then disable nimble in menuconfig as you’ll be using the component instead I think you’ll find everything working. If you prefer you could also copy the files from the NimBLE folder from that repo into your idf NimBLE folder and leave menuconfig alone. There is one last option but we don’t want to go there lol, creates even more issues down the road. Best off if you can update nimble. |
Just so you know why this is happening here is the PR that fixes it. |
i switched to the MASTER IDF... looks like whats in the master IDF repository is linked to the master of the nimble repository |
This is odd, I don’t see any issues here on master branch, I’ll look into this more. I’ll get back to you after I do some testing. |
After you switched branches did you You’ll need to start out clean once you have the updated nimble, also delete esp32 bonds from your phone. |
im starting to loose track of what im doing... :( so... i now cant build nimble when on 4.0.1 going to IDF master, trying once more... will do erase_flash what i think i want to be is at 4.0.1 (since that is considered stable) and have the lastest nimble |
it looks like i need to have the IDF master to get it all to work right |
You can use any IDF version you wish actually. Just need to update the nimble sources to the master branch. Or use this and just put it in your project/components folder then you don't have to change IDF versions at all. Are you using git or just downloading the installer? |
i use git to get the IDF... when i look at Nimble in 4.0.1 mitchjs@Homer MINGW64 /e/esp32-idf/esp-idf/components/bt/host/nimble/nimble ((591721b7...))
|
its master that i want right? |
You want 1.2.0-idf branch, that's the main one. |
when i compile idf v4.0.1 with nimble-1.2.0-idf
|
I just tested this configuration and I can confirm, I think something is missing from cmakefiles in v4.0.1 |
thank you (for just letting me know its not me) it built! and works as it should.. i can connect-pair-disconnect-reconnect |
yup "host/nimble/nimble/nimble/host/src/ble_hs_periodic_sync.c" i updated the cmake file and now it built |
Nice! you beat me to it. I found the missing line in the make file but it still would not compile for me, kept telling me nimble was out of date... strange. Glad you got it sorted 👍 |
ok. got it working.. but it builds now updated "esp_nimble_cfg." with the sync stuff that 1.2.0-idf uses thanks for you help... i think all this i learned alot about git and even cmake :) |
Yeah sorry for all that, I wish espressif would backport the nimble updates, it’s far more stable now than it is in those releases. |
not your fault, thanks for help |
Sounds good and please do so it stays fresh and others can chime in. |
Hi there, |
@dorianim @mitchjs I'm in the same boat. Enable bonding, iOS can only connect once via lightblue, second time reports failed to connect. Have to delete the bond via Settings->Bluetooth before it will connect again. esp-idf v5.2, esp32-s3 here. Enabled 'nimble NVS persistence' via the appropriate kconfig setting. |
Hi @cmorganBE, |
@dorianim does it get called for you on other platforms? Have you reported the issue on the espressif forums? They are usually pretty responsive but I wasn't sure if I was doing it wrong. I see the bleprph example supports encryption and bonding. Trying it here the behavior is different, the bleprph example wants to pair right off, as soon as I hit connect. For the esp-nimble-cpp example it only prompts me to pair when accessing an encrypted property (maybe because I have a few that are like NOTIFY, or mfg/model that aren't encrypted). But I can say that the bleprph example DOES allow my iOS device to reconnect after bonding. AND after I enabled 'nimble persist to NVS', I can reconnect without the pairing prompt after the esp32s3-devkit-c1 is rebooted. So it looks like there could be something related to esp-nimble-cpp going on here but I'd have no idea where to start looking. |
@cmorganBE I have not tried other platforms yet. And I didn't report it on the espressif forums because I'm pretty sure it's not an issue with the esp/espidf but rather with this lib. The fact that the bleprph example works, confirms that. |
Try fully erasing the flash. Also please check your config for max bonds. |
@h2zero I check both, but with no success. ESP_LOGI(TAG, "Bonded devices:");
for (int i = 0; i < NimBLEDevice::getNumBonds(); i++)
{
ESP_LOGI(TAG, "%d.: %s", i, NimBLEDevice::getBondedAddress(i).toString().c_str());
}
|
@h2zero @cmorganBE I put together a simple test repo here: I tried it with a normal esp32 module and an esp32-s3. With the normal one, it works fine, but with the s3 it does not work after the first connection on iOS (I get "Peer removed pairing information" as the error message). So, this seems to only occur on the esp32-s3 with iOS devices. Should I open a new, more specific issue? |
Thank you for that, I'll try it when I get a chance. Please open as a separate issue as it seems to only affect the S3 so it's cause will be different most likely. |
Just noticed that @cmorganBE already opened a separate issue:
Thank you! |
Would payment help speed things along? Need this for a customer project. Would $250USD be enough to incentivize a fix in the near term? I got the ok from the project manager, would be paying direct via PayPal or wherever you’d prefer.
Get Outlook for iOS<https://aka.ms/o0ukef>
…________________________________
From: Dorian Zedler ***@***.***>
Sent: Thursday, May 16, 2024 4:59:24 PM
To: h2zero/esp-nimble-cpp ***@***.***>
Cc: Morgan, Chris ***@***.***>; Mention ***@***.***>
Subject: Re: [h2zero/esp-nimble-cpp] Help with the new security (#11)
Just noticed that @cmorganBE<https://github.com/cmorganBE> already opened a separate issue:
#159<#159>
I'll try it when I get a chance
Thank you!
—
Reply to this email directly, view it on GitHub<#11 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AMMP74GEPSNEEJTAQD5YGH3ZCUM2ZAVCNFSM4N5BGMKKU5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TEMJRGYYTMNRXGYYQ>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
CAUTION: This email originated from outside the organization. Do not click links or open attachments you were not expecting.
|
@cmorganBE That is certainly enticing, could you show me your server initialization code and service/characteristics setup? |
@h2zero I modified dorianim's example after forking it here, https://github.com/cmorganBE/esp-nimble-cpp-test Testing here on esp32s3-devkit-c1, esp-idf v5.2.1. I did find an interesting result from this testing, setSecurityAuth with secured connections is what is causing the issue with reconnecting after bonding. I don't understand BLE particularly well yet but its unclear why this is an issue. Shouldn't we want SC enabled? Maybe this falls into 'don't enable SC in this configuration this because of X' but I'd expect the library could tell me this is a problem if its a known bad configuration.
Also the example exhibits the same issue as mine does, iOS prompts to pair ONLY when accessing a characteristic in lightblue. bleprph example prompts as soon as you select the device and lightblue shows the device info. I mention it in case its a hint about where/what things are going wrong. Changes from his example are to drop back to 'just works' and comment out some setMinPreferred() calls (are these really helpful for iphones?) |
@cmorganBE Yes, I noticed the same behavior as well, there is no issues when secure connections is disabled but fails otherwise. This is definitely not something we want, especially with "just works" pairing as you are using. I will dig into this after I get home from this long weekend. The |
Hi @cmorganBE, @h2zero, @dorianim
|
@taks thanks! That seems to fix the Problem :D |
If a random address is used, the equipment can be identified by IRK ( For I couldn't find any usefulness for |
Odd that this would work, the default config for the sm keys is here: https://github.com/h2zero/NimBLE-Arduino/blob/e46123a084e0aa336e4cbdd52bf001dac71e5afb/src/NimBLEDevice.cpp#L894 As you can see, the resp key is already set, however the init key does not have |
@h2zero, im converting a project from the old API
which i had security working...
so the new way to have it going
i have this
NimBLECharacteristic *MyLEDStatusCharacteristic = pService->createCharacteristic(CHARACTERISTIC_UUID_LED_STATUS, NIMBLE_PROPERTY::READ | NIMBLE_PROPERTY::NOTIFY);
which works, to add securtity i would go
NimBLECharacteristic *MyLEDStatusCharacteristic = pService->createCharacteristic(CHARACTERISTIC_UUID_LED_STATUS, NIMBLE_PROPERTY::READ_ENC | NIMBLE_PROPERTY::NOTIFY);
once i do that, read isnt even showing up as a property for this characteristic
i also had on my 0x2902
MyLEDStatusNotificationDescriptor->setAccessPermissions(ESP_GATT_PERM_READ_ENCRYPTED | ESP_GATT_PERM_WRITE_ENCRYPTED);
so that one cant subscibe with out being authenticated
and this
NimBLESecurity *pSecurity = new NimBLESecurity();
pSecurity->setStaticPIN(123456);
pSecurity->setAuthenticationMode(ESP_LE_AUTH_REQ_SC_BOND);
does this simply turn into:
NimBLEDevice::setSecurityPasskey(123456);
NimBLEDevice::setSecurityAuth(BLE_SM_PAIR_AUTHREQ_BOND);
not getting security to work at all :)
thanks
The text was updated successfully, but these errors were encountered: