• State
  • Locked Locked
  • Replies 11 replies
  • Subscribers 52 subscribers
  • Views 830 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC2642R: CC2642 encryption failure

wangrenli
Intellectual 690 points
Part Number: CC2642R


Hi,

CC2642 do host connect slave, test 12 hours there are 3 times encryption failure problem, the host side triggered GAPBOND_PAIRING_STATE_ENCRYPTED event returned status is 6, the slave prints the reason for disconnection is 5

Test distance: <50cm

sdk version: simplelink_cc13xx_cc26xx_sdk_7_10_01_24

Project example: multi_role

20231213_030104.rar

  • 0
    TI__Expert 4090 points

    Hello,

    Thanks for reaching out! I am inquiring internally with someone who may be able to better assist with this question. For now, I would recommend you look at the SLA BLE Security Fundamentals course, if you haven't already, which covers how to add an encrypted characteristic to ensure you haven't missed anything! This thread may also be useful to look through in the meantime. 

    Thanks,

    Luke

  • 0 in reply to Luke
    TI__Expert 4090 points

    Wangrenli, 

    I wanted to check in and see if there has been any resolution on your end with this encryption failure problem. If the resources provided were useful or you found your own solution, let me know!

    Thanks,

    Luke

  • 0 in reply to Luke
    Intellectual 690 points

    Hi,

    This issue has not been resolved yet

  • 0 in reply to wangrenli
    TI__Mastermind 42870 points

    Hi,

    Thank you for updating us on the status of this behavior. The subject expert who can best address your inquiry is out of office for the holidays. After returning in early January, they will review your post and provide an initial response within 24 hours.

    To ensure quick and efficient resolution of your problem, please make sure you have provided all relevant information related to your request. If you have any debugging updates or findings, then please share them in a reply to this message to further help accelerate how quickly we are able to get to the bottom of this.

    Regards,
    Jan

  • 0 in reply to Jan
    TI__Expert 4090 points

    Wangrenli,

    Did you get a chance to look through the BLE Security Fundamentals material I shared previously? According to the status code returned from the GAPBOND_PAIRING_STATE_ENCRYPTED event, your pin key is missing and the slave is disconnecting due to an authentication failure subsequently. You can see more details on other HCI Error Codes in the TI BLE5-Stack API Documentation here.

    My recommendation would be to verify you are setting up the encryption characteristics properly and I will need more context on your encryption methods in order to better support further. 

    Thanks,

    Luke

  • 0 in reply to Luke
    Intellectual 690 points

    Hi,

    The central and peripheral configurations are as follows

    center:
//=============================================================
uint8_t pairMode                =    GAPBOND_PAIRING_MODE_INITIATE;
uint8_t mitm                    =    false;
uint8_t ioCap                   =    GAPBOND_IO_CAP_NO_INPUT_NO_OUTPUT;
uint8_t bonding                 =    true;
uint8_t secureConnection        =    GAPBOND_SECURE_CONNECTION_ONLY;
uint8_t authenPairingOnly       =    false;
uint8_t autoSyncWL              =    false;
uint8_t eccReGenPolicy          =    0;
uint8_t KeySize                 =    16;
uint8_t removeLRUBond           =    true;
uint8_t bondFailAction          =    GAPBOND_FAIL_TERMINATE_ERASE_SINGLE_BOND;
uint8_t KeyDistList             =    GAPBOND_KEYDIST_MENCKEY | GAPBOND_KEYDIST_MIDKEY | GAPBOND_KEYDIST_MSIGN | GAPBOND_KEYDIST_SENCKEY | GAPBOND_KEYDIST_SIDKEY | GAPBOND_KEYDIST_SSIGN;
uint8_t eccDebugKeys            =    false;
uint8_t allowDebugKeys          =    true;
uint8_t eraseBondWhileInConn    =    true;
uint8_t sameIrkAction           =    GAPBOND_SAME_IRK_UPDATE_BOND_REC;

void setBondManagerParameters()
{
    GAPBondMgr_SetParameter(GAPBOND_PAIRING_MODE, sizeof(uint8_t), &pairMode);
    GAPBondMgr_SetParameter(GAPBOND_MITM_PROTECTION, sizeof(uint8_t), &mitm);
    GAPBondMgr_SetParameter(GAPBOND_IO_CAPABILITIES, sizeof(uint8_t), &ioCap);
    GAPBondMgr_SetParameter(GAPBOND_BONDING_ENABLED, sizeof(uint8_t), &bonding);
    GAPBondMgr_SetParameter(GAPBOND_SECURE_CONNECTION, sizeof(uint8_t), &secureConnection);
    // Set Authenticated Pairing Only mode
    GAPBondMgr_SetParameter(GAPBOND_AUTHEN_PAIRING_ONLY, sizeof(uint8_t), &authenPairingOnly);
    // Set Auto Whitelist Sync
    GAPBondMgr_SetParameter(GAPBOND_AUTO_SYNC_WL, sizeof(uint8_t), &autoSyncWL);
    GAPBondMgr_SetParameter(GAPBOND_ECCKEY_REGEN_POLICY, sizeof(uint8_t), &eccReGenPolicy);
    GAPBondMgr_SetParameter(GAPBOND_KEYSIZE, sizeof(uint8_t), &KeySize);
    GAPBondMgr_SetParameter(GAPBOND_LRU_BOND_REPLACEMENT, sizeof(uint8_t), &removeLRUBond);
    GAPBondMgr_SetParameter(GAPBOND_BOND_FAIL_ACTION, sizeof(uint8_t), &bondFailAction);
    GAPBondMgr_SetParameter(GAPBOND_KEY_DIST_LIST, sizeof(uint8_t), &KeyDistList);
    // Set Secure Connection Debug Keys
    GAPBondMgr_SetParameter(GAPBOND_SC_HOST_DEBUG, sizeof(uint8_t), &eccDebugKeys);
    // Set Allow Debug Keys
    GAPBondMgr_SetParameter(GAPBOND_ALLOW_DEBUG_KEYS, sizeof(uint8_t), &allowDebugKeys);
    // Set the Erase bond While in Active Connection Flag
    GAPBondMgr_SetParameter(GAPBOND_ERASE_BOND_IN_CONN, sizeof(uint8_t), &eraseBondWhileInConn);
    GAPBondMgr_SetParameter(GAPBOND_SAME_IRK_OPTION, sizeof(uint8_t), &sameIrkAction);
}




peripherals:
//=============================================================

uint8_t pairMode                =    GAPBOND_PAIRING_MODE_WAIT_FOR_REQ;
uint8_t mitm                    =    false;
uint8_t ioCap                   =    GAPBOND_IO_CAP_NO_INPUT_NO_OUTPUT;
uint8_t bonding                 =    true;
uint8_t secureConnection        =    GAPBOND_SECURE_CONNECTION_ONLY;
uint8_t authenPairingOnly       =    false;
uint8_t autoSyncWL              =    false;
uint8_t eccReGenPolicy          =    0;
uint8_t KeySize                 =    16;
uint8_t removeLRUBond           =    true;
uint8_t KeyDistList             =    GAPBOND_KEYDIST_MENCKEY | GAPBOND_KEYDIST_MIDKEY | GAPBOND_KEYDIST_MSIGN | GAPBOND_KEYDIST_SENCKEY | GAPBOND_KEYDIST_SIDKEY | GAPBOND_KEYDIST_SSIGN;
uint8_t eccDebugKeys            =    false;
uint8_t allowDebugKeys          =    true;
uint8_t eraseBondWhileInConn    =    true;
uint8_t sameIrkAction           =    GAPBOND_SAME_IRK_UPDATE_BOND_REC;

void setBondManagerParameters()
{
    GAPBondMgr_SetParameter(GAPBOND_PAIRING_MODE, sizeof(uint8_t), &pairMode);
    GAPBondMgr_SetParameter(GAPBOND_MITM_PROTECTION, sizeof(uint8_t), &mitm);
    GAPBondMgr_SetParameter(GAPBOND_IO_CAPABILITIES, sizeof(uint8_t), &ioCap);
    GAPBondMgr_SetParameter(GAPBOND_BONDING_ENABLED, sizeof(uint8_t), &bonding);
    GAPBondMgr_SetParameter(GAPBOND_SECURE_CONNECTION, sizeof(uint8_t), &secureConnection);
    // Set Authenticated Pairing Only mode
    GAPBondMgr_SetParameter(GAPBOND_AUTHEN_PAIRING_ONLY, sizeof(uint8_t), &authenPairingOnly);
    // Set Auto Whitelist Sync
    GAPBondMgr_SetParameter(GAPBOND_AUTO_SYNC_WL, sizeof(uint8_t), &autoSyncWL);
    GAPBondMgr_SetParameter(GAPBOND_ECCKEY_REGEN_POLICY, sizeof(uint8_t), &eccReGenPolicy);
    GAPBondMgr_SetParameter(GAPBOND_KEYSIZE, sizeof(uint8_t), &KeySize);
    GAPBondMgr_SetParameter(GAPBOND_LRU_BOND_REPLACEMENT, sizeof(uint8_t), &removeLRUBond);
    GAPBondMgr_SetParameter(GAPBOND_KEY_DIST_LIST, sizeof(uint8_t), &KeyDistList);
    // Set Secure Connection Debug Keys
    GAPBondMgr_SetParameter(GAPBOND_SC_HOST_DEBUG, sizeof(uint8_t), &eccDebugKeys);
    // Set Allow Debug Keys
    GAPBondMgr_SetParameter(GAPBOND_ALLOW_DEBUG_KEYS, sizeof(uint8_t), &allowDebugKeys);
    // Set the Erase bond While in Active Connection Flag
    GAPBondMgr_SetParameter(GAPBOND_ERASE_BOND_IN_CONN, sizeof(uint8_t), &eraseBondWhileInConn);
    GAPBondMgr_SetParameter(GAPBOND_SAME_IRK_OPTION, sizeof(uint8_t), &sameIrkAction);
}

    I added logging to the AESCCM_startOperation function and found that after a period of successful encryption, the AESCCM_STATUS_RESOURCE_UNAVAILABLE error is executed and then the Bluetooth disconnect returns 0X3D, after which the encryption fails when reconnecting again

  • 0 in reply to wangrenli
    TI__Expert 4090 points

    Wangrenli,

    Thanks for sharing the configurations! Now, I want to verify that you are receiving the correct pin, or any pin at all, given that the error says the pin key is missing. Can you share a more detailed screenshot of your logs with labels identifying the specific packets/requests?

    Thanks,

    Luke 

  • 0 in reply to Luke
    Intellectual 690 points

    Hi,

    1、How can I know if the PIN has been obtained or if it is correct?

    2、This is the central and peripheral logs, I see that the ltk is the same

    ====================center log====================

[2024-01-03 21:42:48.771]# RECV ASCII>
GAP Event=5
connect success.
handle:1,role:0x08,connInterval:10
mac:0x70B950F7692F,accessAddr:0x5e1ad81b


[2024-01-03 21:42:49.101]# RECV ASCII>
Pair Event: state=2,status=0
bond info:  idx=0
pBondRec: 2f 69 f7 50 b9 70 00 1c 
pLocalLtk: 71 3f 54 43 ac 6c c1 1e 7a 1b 59 31 bf d1 37 c0 00 00 00 00 00 00 00 00 00 00 10 97 
pDevLtk: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 
pIRK: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 
pSRK: 23 77 6f 57 a6 16 e1 4d cb 98 54 1c 78 48 8c 85 
signCount: ff ff ff ff 
charCfg: ff ff ff ff 

Encryption success(central)


AESCCM_startOperation fail.reson:AESCCM_STATUS_RESOURCE_UNAVAILABLE

GAP Event=6
dissconnect reson:0x3d

bond info:  idx=0
pBondRec:2f 69 f7 50 b9 70 00 1c 
pLocalLtk:71 3f 54 43 ac 6c c1 1e 7a 1b 59 31 bf d1 37 c0 00 00 00 00 00 00 00 00 00 00 10 97 
pDevLtk: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 
pIRK:ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 
pSRK:23 77 6f 57 a6 16 e1 4d cb 98 54 1c 78 48 8c 85 
signCount: ff ff ff ff 
charCfg: ff ff ff ff 




[2024-01-03 21:42:50.615]# RECV ASCII>
GAP Event=5
connect success.
handle:1,role:0x08,connInterval:10
mac:0x70B950F7692F,accessAddr:0xe9879b92


[2024-01-03 21:42:50.755]# RECV ASCII>
gapBondMgrEraseBonding: idx=0
Pair Event: state=2,status=6
Encryption failed: status=6,then terminate Link!

bond info:  idx=0
pBondRec:ff ff ff ff ff ff ff ff 
pLocalLtk:ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 
pDevLtk: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 
pIRK:ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 
pSRK:ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 
signCount: ff ff ff ff 


GAP Event=6
dissconnect reson:0x16






====================peripherals log====================

[2024-01-03 21:42:48.818]# RECV ASCII>
Connected to 0xF05ECD61BBAB

bond info:  idx=0
pBondRec: ab bb 61 cd 5e f0 00 08 
pLocalLtk: 71 3f 54 43 ac 6c c1 1e 7a 1b 59 31 bf d1 37 c0 00 00 00 00 00 00 00 00 00 00 10 51 
pDevLtk: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 
pIRK: 05 4d 48 4a c2 f6 e3 10 c4 1d 58 ec 41 b8 4e 85 
pSRK: 77 f2 c5 77 8f 0b 2c e7 46 d1 10 71 66 53 e0 7d 
signCount: ff ff ff ff 
charCfg: d9 ff fe ff 

[2024-01-03 21:42:48.988]# RECV ASCII>
Encryption success



[2024-01-03 21:42:50.164]# RECV ASCII>
Device Disconnected!
Num Conns: 0
Disconnect Reason: 0x08


bond info:  idx=0
pBondRec: ab bb 61 cd 5e f0 00 08 
pLocalLtk: 71 3f 54 43 ac 6c c1 1e 7a 1b 59 31 bf d1 37 c0 00 00 00 00 00 00 00 00 00 00 10 51 
pDevLtk: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 
pIRK: 05 4d 48 4a c2 f6 e3 10 c4 1d 58 ec 41 b8 4e 85 
pSRK: 77 f2 c5 77 8f 0b 2c e7 46 d1 10 71 66 53 e0 7d 
signCount: ff ff ff ff 
charCfg: d9 ff fe ff 






[2024-01-03 21:42:50.615]# RECV ASCII>
Connected to 0x41F36DE60020

bond info empty:	//The gapBondMgrReadBondRec interface returns an error. 


[2024-01-03 21:42:50.724]# RECV ASCII>
Device Disconnected!
Num Conns: 0
Disconnect Reason: 0x05

bond info empty:	//The gapBondMgrReadBondRec interface returns an error.

    20240103_213318.rar

    3、On the previous connection, the encryption success event (GAPBOND_PAIRING_STATE_ENCRYPTED) had been executed, but then there was an AESCCM_startOperation returning AESCCM_STATUS_RESOURCE_UNAVAILABLE, and then a Bluetooth disconnect returning 0x3d. When reconnecting again it fails to encrypt.

    Maybe the root cause is a problem with AESCCM_startOperation, my application doesn't use the AES module and currently only has pairing when the center and peripherals are connected.

  • 0 in reply to wangrenli
    TI__Expert 4090 points

    Wangrenli, 

    You should be able to find the PIN within the packets that are being advertised using your sniffer or another BLE scanning application. However, it seems that the pin is missing entirely which is throwing the error about the pin/key missing. It is likely that if you are not using the AES module, then the AESCCM_startOperation function is causing your issue as the description for this error status is as follows.

     

    I'd recommend either adding/enabling the AES module or testing without the function call. 

    Thanks,

    Luke

  • 0 in reply to Luke
    Intellectual 690 points

    Hi,

    I provided earlier the data before and after the problem with the sniffer packet grab, is it possible to see if the PIN is lost or can it be read out through the API interface.

    Because the connection needs to be bind-pairing. What do you mean by not calling the function, this function is called by the protocol stack and not by the application layer. Do you mean turn off the bind-pairing function?

  • 0 in reply to wangrenli
    TI__Expert 4090 points

    Wangrenli,

    I am not sure of a way to see if the PIN is lost or can be read out through the API interface currently but will inquire internally to see if that is a possibility. 

    Apologies for the misunderstanding. If the connection needs to be bind-pairing, then I would not turn off the bind-paring function unless you want to test if that is what is specifically causing this error currently. I will try to figure out what else may be causing this error but that may be another good place to check. 

    Thanks,

    Luke