• State Resolved
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 52 subscribers
  • Views 3953 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

OOB pairing verification

Maulik Vaghela
Expert 2500 points

Other Parts Discussed in Thread: AES-128

Hi,

In my application , I am enabling OOB pairing as follow: 

uint8 my = TRUE;

uint8 oob_data[16] = {1,2,3,4,5,6,7,8,9,0};

GAPBondMgr_SetParameter( GAPBOND_OOB_ENABLED, sizeof ( uint8 ), &mitm );
GAPBondMgr_SetParameter( GAPBOND_OOB_DATA , 16 * sizeof ( uint8 ), &oob_data[0] );
iocap = GAPBOND_IO_CAP_DISPLAY_ONLY;

In our ios app it's not asking for any pairing. 

Will data which is sent over BLE have encryption or not?

When I am trying to get sniffer logs i could see 2-3 packets only because of tool crash very often. Data is not encyrpted. Is this expected or any other method to verify?

EDIT: Now I am able to take sniffer logs perfectly  but data is still not encrypted. 

Do I need to do anything else?

  • 0
    TI__Guru 57865 points

    Hi Maulik,

    If you are using OOB mode, you need to transmit the key from another medium, like NFC etc. Do you really need MITM protection? If so, you could use the standard Just Works or Passkey.

    I am not familiar with any OOB scenario for iOS. Maybe someone else on this forum can provide some useful facts.

    Best Regards

    Joakim

  • 0 in reply to J Lindh
    Expert 2500 points

    Hi Joakim,

    Thank you for your reply. I was not ware that we need to send key over NFC, So I guess we can't use OOB.

    Yes, MITM protection is needed to protect user data. My main goal is to provide encryption so that user data can't get sniffed.

    One thing , When I use MITM with passkey , it asks for password on ios app and even if I enter wrong password, it still gets connected and data is transmitted. 

    Is there any other way to provide protection?

     

  • 0 in reply to Maulik Vaghela
    TI__Guru 57865 points

    Hi Maulik, 

    Maulik Vaghela said:
    One thing , When I use MITM with passkey , it asks for password on ios app and even if I enter wrong password, it still gets connected and data is transmitted. 

    What passkey have you defined. If "JustWorks" is used, the passkey will be all zeroes and it might be that it doesn't matter what code is entered on the other side.

    Best Regards

    Joakim

  • 0 in reply to J Lindh
    Expert 2500 points

    Hi Joakim, 

    I have set deault passkey  to "112233" from firmware and device itself initiates pairing request as device doesn't have keyboard.

    Code is as follow: 

    uint32 passkey = 112233;
    uint8 pairMode = GAPBOND_PAIRING_MODE_INITIATE;
    uint8 mitm = TRUE;
    uint8 ioCap = GAPBOND_IO_CAP_DISPLAY_ONLY;
    uint8 bonding = TRUE;

    GAPBondMgr_SetParameter( GAPBOND_DEFAULT_PASSCODE, sizeof ( uint32 ), &passkey );
    GAPBondMgr_SetParameter( GAPBOND_PAIRING_MODE, sizeof ( uint8 ), &pairMode );
    GAPBondMgr_SetParameter( GAPBOND_MITM_PROTECTION, sizeof ( uint8 ), &mitm );
    GAPBondMgr_SetParameter( GAPBOND_IO_CAPABILITIES, sizeof ( uint8 ), &ioCap );
    GAPBondMgr_SetParameter( GAPBOND_BONDING_ENABLED, sizeof ( uint8 ), &bonding );

    Is there anything else I need to do?

  • 0 in reply to Maulik Vaghela
    TI__Guru 57865 points

    Hi Maulik,

    I wonder what the peer device states for IO Capabilities. Below image is from the core spec and it seems like the only way Authentication is guaranteed is if the peer device answers "Keyboard Only".

    Anyway, have you tried to set the pairMode to GAPBOND_PAIRING_MODE_WAIT_FOR_REQ instead. By that you will wait for the peer device. If you have a characteristic with protection set to GATT_PERMIT_AUTHEN_READ in any service, iOS (as an example) will trigger the authenticated encryption automatically.

    Best Regards

    Joakim

  • 0 in reply to J Lindh
    Expert 2500 points

    Hi Joakim,

    Thank you very much for your reply.

    I'll try to change pair mode and will also change read and write to authenticated read, writes.

    I'll also check whether data is encrypted or not using sniffer.

  • 0 in reply to Maulik Vaghela
    Expert 2500 points

    Hi Joakim,

    I changed pair mode and also enabled authenticated read and write in services, 

    In ios data is coming fine and when I try to access service, it asks for passcode. Once I enter correct passcode it authenticates and encryptes the link. 

    Now what I want is that When user connects with my device and if he enters wrong passcode, I want to disconnect the device. 

    Is that possible ?

    Another thing, on ios everything works fine but on Android it directly shows 'service not available' due to authenticated write. But when I set attribute to "write' then android starts fetching data without authentication. 

    Can someone pls provide solution for this?

  • 0 in reply to Maulik Vaghela
    Expert 2500 points

    Hi,

    I wanted one information. When I am using pairing mode MITM and when application wants authenticated data then it asks for passkey. Once correct passkey is entered then and then data will be sent. 

    Which encryption will it use ?  

    I guess it should be AES-128 bit encryption. Is that right?

    Thanks for answer.