[Interest] BLE : Bonding and ble security
Jérôme Godbout
godboutj at amotus.ca
Mon Aug 17 18:22:20 CEST 2020
Hi, good, it mean the characteristic is secure, it require a valid authentication and encryption normally (however, encryption might not be necessary as per spec). So in order to access, the authentication must be done as you said and like NRF connect is doing just fine. Is Windows supporting the security mode at all? Or is Qt supporting on Windows? Is your BLE on Windows version enough to make the proper connection? What capability you are giving on the Windows side (keyboard + display I guess).
From: Simon FEUTRIER <sfeutrier at bluegriot.com>
Sent: August 17, 2020 11:18 AM
To: Jérôme Godbout <godboutj at amotus.ca>; alexander.blasche at qt.io
Cc: interest at qt-project.org
Subject: Re: [Interest] BLE : Bonding and ble security
Alex, I can discover all services and characteristics, without any errors. I have the same behavior with the example project "lowEnergyScanner". Using connectToDevice is OK.
Question, is Qt able to communicate in security mode with an Unknown Service ? Because the service I'm using is particular.
I'm not able to read or write in this service. Meanwhile I am able to read the characteristic's value of services Generic Access, Generic Attribute and Device Information.
Jérôme, when talking about bonding I mean bonding :p. I just saw with the nrf connect app that the app cannot read until bonding is done in Just Work mode. So I guessed that in this security bonding is mandatory. That is the only difference between working exchange and not working exchange.
Cordialement,
Simon Feutrier - Ingénieur systèmes embarqués
BLUEGRioT
Le lun. 17 août 2020 à 17:06, Jérôme Godbout <godboutj at amotus.ca<mailto:godboutj at amotus.ca>> a écrit :
As for the bounding (take care of the wording, in BLE many people confuse them):
Terminology
Term
Info
Connection
Act of establishing a link between 2 device, this create an anonymous connection. This is a mandatory step into communicating with a device beyond the advertising.
Pairing
Act of exchanging the security and encryption key once authentication is completed.
Bonding
Act of keeping the pairing key into NV memory for next time the pairing is requested to avoid the authentication and pairing steps.
Authentication
Act to validate the device with each other. This require the connection to be done. There is several way to authenticate: pin, OOB, etc...
As for the authentication, it depends on the flags allowed by both devices (OOB is not part of this table and Just Work is always the fallback):
[cid:image001.png at 01D67490.676B82A0]
Also the security level requested by both end:
LE Security
Mode
Level
Name
Bluetooth version
1
1
No Security (no authentication and no encryption)
All
2
Unauthenticated with encryption
>= 4.0
3
Authenticated with encryption
>= 4.0
4
Authenticated LE Secure Connections with 128 bits encryption
>= 4.2
2
1
Unauthenticated with data signing
>= 4.0
2
Authenticated with data signing
>= 4.0
After your are connected to a device, the authentication process should be started be the central. The end device might request the procedure to be started. Make sure the right flags are set to the connection capabilities. Also make sure the documentation allow the API for Windows, I know that Qt Windows API was having limitation but should now work, maybe some part of it ain’t cover just yet.
From: Interest <interest-bounces at qt-project.org<mailto:interest-bounces at qt-project.org>> On Behalf Of Jérôme Godbout
Sent: August 17, 2020 10:50 AM
To: Simon FEUTRIER <sfeutrier at bluegriot.com<mailto:sfeutrier at bluegriot.com>>
Cc: interest at qt-project.org<mailto:interest at qt-project.org>
Subject: Re: [Interest] BLE : Bonding and ble security
Can you discover the service and the characteristics? are there any errors while doing so? Make sure to discover those before writing to them, might help to see if anything went wrong.
From: Simon FEUTRIER <sfeutrier at bluegriot.com<mailto:sfeutrier at bluegriot.com>>
Sent: August 17, 2020 10:32 AM
To: Jérôme Godbout <godboutj at amotus.ca<mailto:godboutj at amotus.ca>>
Cc: interest at qt-project.org<mailto:interest at qt-project.org>
Subject: Re: [Interest] BLE : Bonding and ble security
Alex, thank you for your quick reply. I just tried with the pre-release 5.15.1 and this is the same behavior.
When trying to activate notification (first write to characteristic that I do), it always fails to write. Qt still never initiates the bonding.
Could you clearly tell me if it is supposed to work or if this has not been implemented yet ?
Jérôme, thank you for your message, sorry I forgot to specify I am working with Windows 10 with MSVC. I'm sure your message will be helpful but I don't think it applies to my case.
Best regards,
Simon Feutrier
Le lun. 17 août 2020 à 15:52, Jérôme Godbout <godboutj at amotus.ca<mailto:godboutj at amotus.ca>> a écrit :
Here is my error code I’m currently using:
switch (error)
{
case QLowEnergyController::Error::AdvertisingError:
case QLowEnergyController::Error::UnknownRemoteDeviceError:
case QLowEnergyController::Error::UnknownError:
case QLowEnergyController::Error::InvalidBluetoothAdapterError:
case QLowEnergyController::Error::NetworkError:
case QLowEnergyController::Error::ConnectionError:
#if QT_VERSION >= QT_VERSION_CHECK(5, 10, 0)
case QLowEnergyController::Error::RemoteHostClosedError:
#endif
#if QT_VERSION >= QT_VERSION_CHECK(5, 14, 0)
case QLowEnergyController::Error::AuthorizationError:
#endif
break;
// Code 0x22 (0d34) seem to be link to unsupported Read Characteristic on device the read timeout, missing read/write connect on service?
// Android problem: BLE_HCI_STATUS_CODE_LMP_RESPONSE_TIMEOUT
case 0x22:
qDebug() << "Android Device have problem BLE_HCI_STATUS_CODE_LMP_RESPONSE_TIMEOUT or GATT CONN LMP TIMEOUT: " << error;
// TODO godboutj 2018-06-11, find a fix or a workaround this issue
break;
// Special erro 129 QLowEnergyController Error is Generic Android internal error. Often just disconnecting and reconnecting help the issue
case 0x81: // (0d129)
qDebug() << "Android generic error, disconnect and try to reconnect again";
break;
// Special erro 133 GATT_ERROR, seen on Samsung Android 8 tablet, reason can be almost anything
case 0x85: // (0d133)
qDebug() << "Android device error, not sure about why we get this on some device";
break;
// More code explaination can be found here: http://allmydroids.blogspot.com/2015/06/android-ble-error-status-codes-explained.html
default:
qDebug() << "UnhandledError: " << error;
break;
}
If that might help others developing with Android. This will generate some warning for bad enum value, but they are showing up on Android… If someone have information about those error, I will gladly be accepting any information about why they can occur.
From: Interest <interest-bounces at qt-project.org<mailto:interest-bounces at qt-project.org>> On Behalf Of Jérôme Godbout
Sent: August 17, 2020 9:25 AM
To: Simon FEUTRIER <sfeutrier at bluegriot.com<mailto:sfeutrier at bluegriot.com>>; interest at qt-project.org<mailto:interest at qt-project.org>
Subject: Re: [Interest] BLE : Bonding and ble security
Hi,
If you are using Qt and Android for the application. I did found over time to have a reliable behavior with Android connection step, you kind of need to slow things down on Android platform (this doesn’t apply to Windows, Mac, iOS). I delayed my task by 500 ms after connecting and doing anything (services discovery, pairing, authenticate… under Android. Also do this when I disconnect (garbage collector issue?!) and avoid reconnecting too quickly. This have solve many problems I had under Android. Android Bluetooth LE stack is really bad before Android 8. If you can, try to make things work with a recent device and Android 8+, then patch the behavior for older device if you can.
I also found that a few manufacturer have more issue (but this might just be a specific product, I don’t have enough data to make sure this is happening all the time):
* Google Nexus 7", Android 6.0.1 can raise undocumented Error 34 (0x22) GATT CONN LMP TIMEOUT
* LG K4 LTE, Android 5.1.1 Debugger doesn’t run too well
* Lenovo (cheap tablet, I don’t remember the actual model #) the advertising is a big mess (some low level filtering, making beacon continuous discovery impossible).
* Samsung many older version had some debugger issue (missing or renamed tools)
If you Android BLE start behaving heraldically, turn off the BLE and wait at least 20s before activating again. Seem like the garbage collector/clean up task is fairly slow.
Hope this might help you.
Jerome
[cid:image002.jpg at 01D67490.676B82A0]
une compagnie [cid:image003.jpg at 01D67490.676B82A0]
RAPPROCHEZ LA DISTANCE
Jérôme Godbout
Développeur Logiciel Sénior /
Senior Software Developer
p: +1 (418) 800-1073 ext.:109
amotus.ca<http://www.amotus-solutions.com/>
statum-iot.com<http://statum-iot.com/>
[cid:image004.png at 01D67490.676B82A0]<https://www.facebook.com/LesSolutionsAmotus/> [cid:image005.png at 01D67490.676B82A0] <https://www.linkedin.com/company/amotus-solutions/> [cid:image006.png at 01D67490.676B82A0] <https://twitter.com/AmotusSolutions> [cid:image007.jpg at 01D67490.676B82A0] <https://www.youtube.com/channel/UCoYpQgsmj1iJZyDjTQ3x8Ig>
COVID-19 : we are glad to inform you that Amotus<https://www.amotus-solutions.com/> are up and running with limited impact on our performance. We will keep you informed of any changes as they occur.
COVID-19 : nous sommes fiers d’informer nos collaborateurs que Amotus opèrent adéquatement et que l’impact sur notre productivité est minimisé. Nous vous tiendrons au courant de tout changement.
From: Interest <interest-bounces at qt-project.org<mailto:interest-bounces at qt-project.org>> On Behalf Of Simon FEUTRIER
Sent: August 17, 2020 3:48 AM
To: interest at qt-project.org<mailto:interest at qt-project.org>
Subject: [Interest] BLE : Bonding and ble security
Hi,
That is the first time I use this mailing list, so tell me if I'm doing anything wrong when using it. Thanks !
Now my problem.
I'm developing a Qt application that communicates with a BLE device. It worked perfectly until I tried to add some security. When I turned on "Just Works" security mode (device side), I was not able anymore to write in a characteristic (or read) from my Qt application.
I compared the Bluetooth messages sent from Qt app and from the android app nfr Connect and I see that automatically, the nrf Connect app sends a bonding request when it fails to write.
Qt does not do this. That is the only difference that makes the android app working but not my Qt app.
I finally made it work once : I start my Qt App, pair my BLE device with Windows parameters and then it works one time only (after that I need to unpair my device from Windows parameters and redo the same process). It only works if it has been paired with Windows parameters...
I could not find anything about bonding in the API or security mode settings.
Any idea ? Should I post it as a bug or am I missing something ?
Thanks,
Regards,
Simon Feutrier
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20200817/0aaf2a19/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 120333 bytes
Desc: image001.png
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20200817/0aaf2a19/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 98353 bytes
Desc: image002.jpg
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20200817/0aaf2a19/attachment-0003.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 1427 bytes
Desc: image003.jpg
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20200817/0aaf2a19/attachment-0004.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 730 bytes
Desc: image004.png
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20200817/0aaf2a19/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 929 bytes
Desc: image005.png
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20200817/0aaf2a19/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.png
Type: image/png
Size: 839 bytes
Desc: image006.png
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20200817/0aaf2a19/attachment-0007.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image007.jpg
Type: image/jpeg
Size: 1167 bytes
Desc: image007.jpg
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20200817/0aaf2a19/attachment-0005.jpg>
More information about the Interest
mailing list