• State Resolved
  • Locked Locked
  • Replies 9 replies
  • Subscribers 51 subscribers
  • Views 1320 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Phone got GATT error 15 "ATT_ERR_INSUFFICIENT_ENCRYPT"

jinxiang fu
Prodigy 200 points
Other Parts Discussed in Thread: CC2540

Hi TI,

It's strange that sometimes my Android phone got a GATT error 15 that is " Insufficient encryption for a given operation", then phone comes out the pin code menu which need user enter passcode again. I dont know if its the android forgetting the paired or the device forgeting paired.

I configure the characteristic as GATT_PERMIT_ENCRYPT_READ|GATT_PERMIT_ENCRYPT_WRITE.

The below is the CC254x src code which configure the pairMode and MITM.

{

        uint16 BondTimeOut = 10000;
        //uint8 KeyDisc = GAPBOND_KEYDIST_SENCKEY;
        uint8 FailAction = GAPBOND_FAIL_NO_ACTION;

        uint32 passkey = 0; // passkey "000000"
        uint8 pairMode =  GAPBOND_PAIRING_MODE_INITIATE;//GAPBOND_PAIRING_MODE_WAIT_FOR_REQ;  // GAPBOND_PAIRING_MODE_INITIATE
        uint8 mitm = TRUE;
        //GAPBOND_IO_CAP_KEYBOARD_ONLY, then the phone display passcode,the server should enter the passcode.
        //
        uint8 ioCap = GAPBOND_IO_CAP_DISPLAY_ONLY;
        uint8 bonding = TRUE;
        uint8 autoSync = 0;

        GAPBondMgr_SetParameter(GAPBOND_DEFAULT_PASSCODE, sizeof(uint32), &passkey);
        GAPBondMgr_SetParameter(GAPBOND_PAIRING_MODE, sizeof(uint8), &pairMode);
        GAPBondMgr_SetParameter(GAPBOND_MITM_PROTECTION, sizeof(uint8), &mitm);
        GAPBondMgr_SetParameter(GAPBOND_IO_CAPABILITIES, sizeof(uint8), &ioCap);
        GAPBondMgr_SetParameter(GAPBOND_BONDING_ENABLED, sizeof(uint8), &bonding);
        GAPBondMgr_SetParameter(GAPBOND_INITIATE_WAIT, sizeof(uint16), &BondTimeOut);
        //GAPBondMgr_SetParameter(GAPBOND_KEY_DIST_LIST, sizeof(uint16), &KeyDisc);
        GAPBondMgr_SetParameter(GAPBOND_BOND_FAIL_ACTION, sizeof(uint16), &FailAction);

        if(systemStatus.serverControledFlag & CMD_CONTROL_BIT_AUTO_ADD_BONDED_INTO_WHITHE_LIST)
            autoSync = 1;
        GAPBondMgr_SetParameter( GAPBOND_AUTO_SYNC_WL, sizeof ( uint8 ), &autoSync );
    }

Could you help me? I have no idea about it not.

Thanks in advance!

  • 0
    TI__Guru 56590 points
    Hello jinxiang fu,
    Could you try to capture a sniffer trace (you can use the CC2540 dongle to sniff) for us to look at? My guess is that the android device lose the bonding info...

    Although the following thread revolves around iOS there could be some relevant info there:
    e2e.ti.com/.../857934
  • 0 in reply to Eirik V
    Prodigy 200 points
    Hellow Eirik,
    Thanks for your quickly reply!
    It's difficult to capture the sniffer,becasue it not happen often, just very few time, not sure when it will happend. Other it's only have one cc2540 dongle in my hand, couldn't able to capture all the Advertiser Channels packets.

    My question is:
    Is it able to readout the LTK from NV? then I can check the LTK be changed or not when paired lost.
    Is it able to know that phone re-connect with LTK or not?
    Does phone able to readout the LTK in phone side?

    Thanks in advance!
  • 0 in reply to jinxiang fu
    TI__Guru 56590 points

    Hello jinxiang fu,

    You can change the advertisement channel map for the peripheral to advertise on a single channel. Then you can set up the packet sniffer with CC2540 and sniff on that channel. The connection will be formed on this channel and then the packet sniffer should be able to follow the frequency hopping sequence in the connected state. You can also add filter to the sniffer and simply run the sniffer until the issue occurs.

  • 0 in reply to Eirik V
    Prodigy 200 points
    Hi Eirik,

    Thanks for your advice!
    I have setted the 38 channel as advertise channel. It works fine. But once the slave device update paras request, then it couldn't able to capture all packets.
    How to set the packet sniffer to only filter with LL_Encryption packet?
    Is it possible to readout the LTK from CC254x?

    Thans in advance!
  • 0 in reply to jinxiang fu
    Prodigy 200 points

    Hi Eirik again,

    Could you help me to look the attached file. 

  • 0 in reply to jinxiang fu
    Prodigy 200 points

    PairedForget.docx

    Sorry, do you can reached my attached file?
    If able, help me to check the picture2 and picture3. It's strange that phone send "Pause_Encryption". Is it cause the paired invalid?

  • 0 in reply to jinxiang fu
    TI__Guru 56590 points
    Hello,
    Decryption of encrypted data is only supported by the Bluetooth low energy packet parser. This means it cannot follow the connection after parameter request updates that cause change in connection setting. Try to disable this from the slave (don't call GAPRole_SendUpdateParam).

    I have not tried this myself but I think you can access LTK's if you look in the gapbondmgr.c. Seems like the LTK are stored in a gapBondLTK_t struct during GAP_AUTHENTICATION_COMPLETE_EVENT in the gapBondMgrAddBond function. If you have a LCD you could print the LTK out to the screen.
  • 0 in reply to jinxiang fu
    TI__Guru 56590 points
    I cannot see anything wrong in the log attached. When a new encryption key is to be used without disconnecting the link, encryption must be disabled and then enabled again which will cause a LL_PAUSE_ENC_REQ. I don't have experience with the matter so I am not sure what will cause this on android.
  • 0 in reply to Eirik V
    Prodigy 200 points
    Hi Eirik,
    Thanks for your help! Now I have able to readout the LTK, we can do more test later.