extmod/modbluetooth: Add pairing/bonding support. #6651
Conversation
Signed-off-by: Jim Mussared <jim.mussared@gmail.com>
This allows the application to be notified of changes to - Connection interval - Connection latency - Supervision timeout Signed-off-by: Jim Mussared <jim.mussared@gmail.com>
Signed-off-by: Jim Mussared <jim.mussared@gmail.com>
This widens the characteristic/descriptor flags to 16-bit, to allow setting encryption/authentication requirements. Sets the required flags for NimBLE and btstack implementations. Deprecate the BLE.FLAG_* constants in favour of copy & paste Python constants (like the IRQs). Signed-off-by: Jim Mussared <jim.mussared@gmail.com>
Signed-off-by: Jim Mussared <jim.mussared@gmail.com>
Instead of returning None/bool from the IRQ, return None/int. Signed-off-by: Jim Mussared <jim.mussared@gmail.com>
Signed-off-by: Jim Mussared <jim.mussared@gmail.com>
|
+1 for bonding secret store into Python |
|
Minor note: in top post For anyone else looking at this though its a moot point, as this is enabled automatically for ports where its supported. |
Enable for STM32/Unix NimBLE only (requires synchronous events and full bindings). Signed-off-by: Jim Mussared <jim.mussared@gmail.com>
This allows the application to be notified if any of
{encrypted,authenticated,bonded} states change as well as the encryption key
size.
Signed-off-by: Jim Mussared <jim.mussared@gmail.com>
Sets security and MITM-protection requirements. Signed-off-by: Jim Mussared <jim.mussared@gmail.com>
Signed-off-by: Jim Mussared <jim.mussared@gmail.com>
Signed-off-by: Jim Mussared <jim.mussared@gmail.com>
Signed-off-by: Jim Mussared <jim.mussared@gmail.com>
34a8386 to
f3f82e6
Compare
Fixed. (And the PASSKEY defines) |
|
My testing of this PR today has gone very well, though I think the IRK issue can cause some strange behaviors if there are multiple devices running. I've been testing primarily android central connecting to micropython peripheral on both unix (zephyr hci radio) and stm32 (mynewt/nimble hci radio). Pairing and bonding works from both explicit pairing request and/or reading a characteristic with the This is with both the The bond is maintained reliably across power cycles of either end of the link. If the ble is disabled on micropython: |
This adds `_IRQ_GET_SECRET` and `_IRQ_SET_SECRET` to allow the stack to request the Python code retrive/store/delete secret key data. The actual keys and values are opaque to Python and stack-specific. Only NimBLE is implemented (pending moving btstack to sync events). Signed-off-by: Jim Mussared <jim.mussared@gmail.com>
Signed-off-by: Jim Mussared <jim.mussared@gmail.com>
Rather than dealing with the different int types, just pass them all as a single array of mp_int_t with n_unsigned (before addr) and n_signed (after addr). Signed-off-by: Jim Mussared <jim.mussared@gmail.com>
Signed-off-by: Jim Mussared <jim.mussared@gmail.com>
Signed-off-by: Jim Mussared <jim.mussared@gmail.com>
Signed-off-by: Jim Mussared <jim.mussared@gmail.com>
This provides a workaround for apache/mynewt-nimble#887. Without this, all devices would share a fixed default IRK. Signed-off-by: Jim Mussared <jim.mussared@gmail.com>
f3f82e6 to
c01effb
Compare
|
I've added a commit that adds a workaround for the fixed IRK. |
|
I've continued testing, still with micropython running as peripheral but a different Android (samsung A20, Android 10) phone running central (both nrf-connect and custom app). With this phone, the pairing is not persisting over the micropython reboot when running on my custom stm32 application. This exact same procedure with my previous Android phone (Xiaomi MI6 running Lineage OS Android 10) works correctly - pairing/bonding is maintained over stm32 reboots. I'll continue to investigate the difference between the two. |
I'm seeing similar issues with Andriod-PYBD bonding. Can you give a trace of the set/get secrets IRQ calls, the data (key and value) that each event is given? (You may want to email me / obfuscate your public BD ADDR) |
|
Yeah the secret it's trying to read upon connection is the same each time connect/disconnect/re-connect without rebooting the mpy, but then it's different after reboot mpy. I suspect the peer IRK isn't working / not getting re-loaded into the radio correctly. I don't think the problem is from the latest "own IRK" commit though, I was seeing the same behavior before that too. I'd say my xiaomi is likely using a static public address so resolves consistently, whereas the samsung is probably using a randomised addr so relies on the IRK. Tomorrow I'll trace it all through before and after the reboot to confirm the behavior and hopefully find the fix. |
Yes that could be it, sounds similar to what I'm seeing. |
|
Yep just confirmed; when the phones connect to ble_bonding_peripheral.py the working Xiaomi triggers a |
| if i == index: | ||
| return value |
There was a problem hiding this comment.
| if i == index: | |
| return value | |
| if i == index: | |
| return value | |
| i += 1 |
There was a problem hiding this comment.
@jimmo This fixes the "samsung not working over restart" issue I was having, turns out it's got nothing to do with the public/random address thing
|
@andrewleech does your BLE controller support LL privacy? |
I think so, I'm using mynewt/nimble hci controller build on stm32, zephyr hci on unix. Would need to double check the build configs to be sure though. |
Two basic multitests for pairing and bonding have been added in #6662.
The BT controller on PYBD doesn't support LL privacy in the controller so RPA would need to be added on the host side. |
|
I've tested this and am happy with how it works. Merged in f2a9a0a through d79b9c6 Outstanding items can be addressed in follow-up work. Thank you @jimmo and @andrewleech ! |
Improve web workflow responsiveness
WIP, looking for feedback on the approach.
Much of this work was done by @andrewleech in #6289, #6312, and #6447. This PR changes:
Currently only supported on NimBLE on STM32 and Unix, as it requires synchronous (non-ringbuffer) events. Enabled via
MICROPY_PY_BLUETOOTH_ENABLE_PAIRING_BONDINGmacro (which is now enabled by default for NimBLE STM32/Unix). Some BlueKitchen support is implemented, but will need to wait until it's migrated to synchronous events. The secret store is designed to be compatible with BlueKitchen's TLV store API.Tested against Android and BlueZ.
This PR adds:
Four major outstanding pieces: