Double "Bluetooth pairing request" / GATT security server

redpanda
Posts: 13
Joined: Thu Feb 04, 2021 8:42 am

Double "Bluetooth pairing request" / GATT security server

Postby redpanda » Thu May 06, 2021 2:07 pm

Following the example of GATT security server, developed an Android App that is able to connect, pair, bond and perform data transfer with the ESP32 module.
https://github.com/espressif/esp-idf/tr ... ity_server

One annoying issue is the double "Bluetooth pairing request" popups when the Android GATT client fires the first connection to the GATT security server. The behavior can be repeated using nRF connect tool.

1. [ESP32] Run GATT security server
2. [nRF App] scan and found the ESP32's ESP_BLE_SECURITY GATT server
3. [nRF App] press connect to the GATT server
4. [ESP32] event ESP_GATTS_CONNECT_EVT is seen, i.e. connected
5. [Android] pops up "Bluetooth Pairing Request" as expected
6. [Android] User presses "OK" to confirm pairing
7. [Android] Step 6 has no effect
8. [Android] pops up "Bluetooth Pairing Request" the second time
9. [Android] User presses "OK" to confirm pairing the second time
10. [ESP32] ESP_GAP_BLE_KEY_EVT and ESP_GAP_BLE_AUTH_CMPL_EVT are seen. It shows bonding success
11. [Android] bonding is finished on the Android side as well

GATT Security info

Code: Select all

I (420) cpu_start: Application information:
I (425) cpu_start: Project name:     sec_gatts_demo
I (430) cpu_start: App version:      c118922-dirty
I (436) cpu_start: Compile time:     May  5 2021 10:28:01
I (442) cpu_start: ELF file SHA256:  0ccdfd6a1a49f0db...
I (448) cpu_start: ESP-IDF:          v4.1.1-44-g83aaee86d-dirty
Android version: Android 10 (Samsung)

I don't know if it is can be solved from ESP or Android side. Any suggestions? To end-users, it is very strange to confirm pairing twice.

danpf1
Posts: 14
Joined: Mon May 10, 2021 2:59 pm

Re: Double "Bluetooth pairing request" / GATT security server

Postby danpf1 » Mon May 10, 2021 3:23 pm

I see the same behavior on Android Pixel phone. Any suggestion or approach to fix?

phatpaul
Posts: 110
Joined: Fri Aug 24, 2018 1:14 pm

Re: Double "Bluetooth pairing request" / GATT security server

Postby phatpaul » Fri Jun 04, 2021 1:21 am

We are seeing similar behavior with Android 8.1 and 10. Even some iOS versions are acting weird.
If this behavior is expected, then is there a way to handle the bonding within my Android/iOS app, which could make the user experience smoother?

I just enabled GATTS security on my project with a 6-digit PIN. (IDF 3.3.5) I added these lines to ble_gap.c:

Code: Select all

	/* set the security iocap & auth_req & key size & init key response key parameters to the stack*/
	esp_ble_auth_req_t auth_req = ESP_LE_AUTH_REQ_SC_MITM_BOND; //bonding with peer device after authentication
	esp_ble_io_cap_t iocap = ESP_IO_CAP_OUT;					//set the IO capability to Display Only to allow passkey auth (if set NONE, then JustWorks is used)
	uint8_t key_size = 16;										//the key size should be 7~16 bytes
	uint8_t init_key = ESP_BLE_ENC_KEY_MASK | ESP_BLE_ID_KEY_MASK;
	uint8_t rsp_key = ESP_BLE_ENC_KEY_MASK | ESP_BLE_ID_KEY_MASK;
	uint8_t auth_option = ESP_BLE_ONLY_ACCEPT_SPECIFIED_AUTH_DISABLE;
	uint8_t oob_support = ESP_BLE_OOB_DISABLE;
	//set static passkey
	uint32_t passkey = devinfo_get_ble_pass_decimal();
	if (passkey == 0)
	{
		//disable PIN entry
		iocap = ESP_IO_CAP_NONE; //set the IO capability to NONE, then JustWorks is used
	}

	esp_ble_gap_set_security_param(ESP_BLE_SM_SET_STATIC_PASSKEY, &passkey, sizeof(uint32_t));
	esp_ble_gap_set_security_param(ESP_BLE_SM_AUTHEN_REQ_MODE, &auth_req, sizeof(uint8_t));
	esp_ble_gap_set_security_param(ESP_BLE_SM_IOCAP_MODE, &iocap, sizeof(uint8_t));
	esp_ble_gap_set_security_param(ESP_BLE_SM_MAX_KEY_SIZE, &key_size, sizeof(uint8_t));
	esp_ble_gap_set_security_param(ESP_BLE_SM_ONLY_ACCEPT_SPECIFIED_SEC_AUTH, &auth_option, sizeof(uint8_t));
	esp_ble_gap_set_security_param(ESP_BLE_SM_OOB_SUPPORT, &oob_support, sizeof(uint8_t));
	/* If your BLE device acts as a Slave, the init_key means you hope which types of key of the master should distribute to you,
    and the response key means which key you can distribute to the master;
    If your BLE device acts as a master, the response key means you hope which types of key of the slave should distribute to you,
    and the init key means which key you can distribute to the slave. */
	esp_ble_gap_set_security_param(ESP_BLE_SM_SET_INIT_KEY, &init_key, sizeof(uint8_t));
	esp_ble_gap_set_security_param(ESP_BLE_SM_SET_RSP_KEY, &rsp_key, sizeof(uint8_t));

phatpaul
Posts: 110
Joined: Fri Aug 24, 2018 1:14 pm

Re: Double "Bluetooth pairing request" / GATT security server

Postby phatpaul » Fri Jun 11, 2021 3:53 am

By trial and error I think I resolved the issue. Seems both the central and peripheral are trying to initiate the security.

Remove the call to esp_ble_set_encryption() within ESP_GATTS_CONNECT_EVT.

https://github.com/espressif/esp-idf/bl ... emo.c#L432

It's sufficient to just mark some GATT attribute as ESP_GATT_PERM_READ_ENCRYPTED so that when the central tries to read it triggers the central to initiate the security request.

Let me know if it works for you.

jhonedk
Posts: 1
Joined: Mon Feb 21, 2022 8:59 am

Re: Double "Bluetooth pairing request" / GATT security server

Postby jhonedk » Mon Feb 21, 2022 9:02 am

I have the same problem with Bluetooth pairing, I am not able to connect to my PC. :) Kinemaster Mod Apk

obouachra
Posts: 1
Joined: Thu Nov 10, 2022 1:47 pm

Re: Double "Bluetooth pairing request" / GATT security server

Postby obouachra » Thu Nov 10, 2022 1:50 pm

I have same problem but i'm working with AT commands

Who is online

Users browsing this forum: stdenits and 304 guests