Bondage

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
Anonymous
Not applicable

I'm having trouble understanding the use of bonding. (Using EZ-Serial).

   

So, I pair with a device, enter passkeys etc and save the bonding info. Later I disconnect.

   

Then I reconnect. As I understand bonding, I should not need to go through the authorization/passkey procedure again.

   

But, I do need to re-establish encryption (I get an error saying this when I try to read the other device).

   

My problem is that I can see no way to turn on the encryption. The API has an Event that says encryption has been turned on, but no way to do it explicitly.

   

Is this a missing thing in the API, or should the underlying OS turn the encryption automatically on seeing the bonded connection, and for some reason does not ?

0 Likes
1 Solution
Anonymous
Not applicable

Hi Nick,

   

Smartphones connecting to an EZ-Serial peripheral device should automatically re-encrypt the link for you after establishing a connection. I have recently checked both Android (6.0) and iOS in this regard, and found them to work as expected. Here's an example log output:

   

[connect from LightBlue iOS]
@E,0035,C,C=04,A=578BFAE30477,T=01,I=0018,L=0000,O=0048,B=00
@E,001A,W,C=04,H=000B,T=00,D=0200
[request pairing from EZ-Serial]
/p
@R,0008,/P,0000
[confirm request on smartphone, iOS takes over as pairing initiator]
@E,001B,P,C=04,M=11,B=01,K=10,P=00
@E,000E,ENC,C=04,S=01
@E,001B,B,B=04,A=578BFAE30477,T=01
@E,000F,PR,C=04,R=0000
[pairing and bonding completed successfully, now disconnect on smartphone side]
@E,0010,DIS,C=04,R=0913
@E,000E,ASC,S=01,R=03
[reconnect from same smartphone, note new bond handle 0x04]
@E,0035,C,C=04,A=578BFAE30477,T=01,I=0018,L=0000,O=0048,B=04
@E,001B,B,B=04,A=578BFAE30477,T=01
@E,000F,PR,C=04,R=0000
@E,000E,ENC,C=04,S=01
[above three bond record/pairing/encryption events happen automatically with no additional interaction]
@E,001A,W,C=04,H=000B,T=00,D=0200

   

If EZ-Serial is acting as the central device (initiating the connection to a peripheral), then it does not automatically re-encrypt the link on its own after reconnecting to a previously bonded device. However, all you need to do in this case is issue the smp_pair command again ("/P"), and it will encrypt using previously exchanged information. You will not need to go through the whole bonding and passkey entry process again. Here's an example log from an EZ-Serial central-role session:

   

[configure MITM support and full keyboard+mouse I/O capabilities]
/ssbp,m=12,i=4
@R,000A,SSBP,0000
[connect to remote peripheral]
/c,a=00a050421650
@R,000D,/C,0000,C=00
@E,0035,C,C=04,A=00A050421650,T=00,I=0006,L=0000,O=0064,B=00
[initiate pairing with remote device, which has display only I/O]
/p
@R,0008,/P,0000
@E,0009,PKE,C=04
[enter passkey, which is 0x0000131E on remote device ('004894')]
/pe,p=131e
@R,0009,/PE,0000
@E,000E,ENC,C=04,S=01
@E,001B,B,B=04,A=00A050421650,T=00
@E,000F,PR,C=04,R=0000
[pairing completes successfully, now disconnect]
/dis
@R,000A,/DIS,0000
@E,0010,DIS,C=04,R=0916
@E,000E,ASC,S=01,R=03
/ax
@R,0009,/AX,0000
@E,000E,ASC,S=00,R=00
[reconnect to same device, note non-zero bond handle 0x04 indicating previous bond]
/c,a=00a050421650
@R,000D,/C,0000,C=00
@E,0035,C,C=04,A=00A050421650,T=00,I=0006,L=0000,O=0064,B=04
[use pairing command to re-encrypt]
/p
@R,0008,/P,0000
@E,001B,B,B=04,A=00A050421650,T=00
@E,000F,PR,C=04,R=0000
@E,000E,ENC,C=04,S=01
[encryption completes, no additional interaction required on either device]

   

Hopefully this helps explain the execution flow. E.pratt is correct that there is no BLE component stack API method (or EZ-Serial API command) which is explicitly meant to re-encrypt separately from any other pairing/bonding activity. The stack handles whether to use existing stored keys or to initiate a new exchange/verification process based on stored bonding data.

   

Thanks,

   

Jeff

View solution in original post

0 Likes
3 Replies
Anonymous
Not applicable

Afaik, the connection will encrypt when it bonds. I have not found a separate procedure to encrypt without bonding unfortunately. Perhaps a cypress employee knows otherwise? Worst case, you can re-bond with the bonded device to re-enable encryption. I do agree that it should be automatic, but I haven't found settings to modify/set it up.

0 Likes
Anonymous
Not applicable

Hi Nick,

   

Smartphones connecting to an EZ-Serial peripheral device should automatically re-encrypt the link for you after establishing a connection. I have recently checked both Android (6.0) and iOS in this regard, and found them to work as expected. Here's an example log output:

   

[connect from LightBlue iOS]
@E,0035,C,C=04,A=578BFAE30477,T=01,I=0018,L=0000,O=0048,B=00
@E,001A,W,C=04,H=000B,T=00,D=0200
[request pairing from EZ-Serial]
/p
@R,0008,/P,0000
[confirm request on smartphone, iOS takes over as pairing initiator]
@E,001B,P,C=04,M=11,B=01,K=10,P=00
@E,000E,ENC,C=04,S=01
@E,001B,B,B=04,A=578BFAE30477,T=01
@E,000F,PR,C=04,R=0000
[pairing and bonding completed successfully, now disconnect on smartphone side]
@E,0010,DIS,C=04,R=0913
@E,000E,ASC,S=01,R=03
[reconnect from same smartphone, note new bond handle 0x04]
@E,0035,C,C=04,A=578BFAE30477,T=01,I=0018,L=0000,O=0048,B=04
@E,001B,B,B=04,A=578BFAE30477,T=01
@E,000F,PR,C=04,R=0000
@E,000E,ENC,C=04,S=01
[above three bond record/pairing/encryption events happen automatically with no additional interaction]
@E,001A,W,C=04,H=000B,T=00,D=0200

   

If EZ-Serial is acting as the central device (initiating the connection to a peripheral), then it does not automatically re-encrypt the link on its own after reconnecting to a previously bonded device. However, all you need to do in this case is issue the smp_pair command again ("/P"), and it will encrypt using previously exchanged information. You will not need to go through the whole bonding and passkey entry process again. Here's an example log from an EZ-Serial central-role session:

   

[configure MITM support and full keyboard+mouse I/O capabilities]
/ssbp,m=12,i=4
@R,000A,SSBP,0000
[connect to remote peripheral]
/c,a=00a050421650
@R,000D,/C,0000,C=00
@E,0035,C,C=04,A=00A050421650,T=00,I=0006,L=0000,O=0064,B=00
[initiate pairing with remote device, which has display only I/O]
/p
@R,0008,/P,0000
@E,0009,PKE,C=04
[enter passkey, which is 0x0000131E on remote device ('004894')]
/pe,p=131e
@R,0009,/PE,0000
@E,000E,ENC,C=04,S=01
@E,001B,B,B=04,A=00A050421650,T=00
@E,000F,PR,C=04,R=0000
[pairing completes successfully, now disconnect]
/dis
@R,000A,/DIS,0000
@E,0010,DIS,C=04,R=0916
@E,000E,ASC,S=01,R=03
/ax
@R,0009,/AX,0000
@E,000E,ASC,S=00,R=00
[reconnect to same device, note non-zero bond handle 0x04 indicating previous bond]
/c,a=00a050421650
@R,000D,/C,0000,C=00
@E,0035,C,C=04,A=00A050421650,T=00,I=0006,L=0000,O=0064,B=04
[use pairing command to re-encrypt]
/p
@R,0008,/P,0000
@E,001B,B,B=04,A=00A050421650,T=00
@E,000F,PR,C=04,R=0000
@E,000E,ENC,C=04,S=01
[encryption completes, no additional interaction required on either device]

   

Hopefully this helps explain the execution flow. E.pratt is correct that there is no BLE component stack API method (or EZ-Serial API command) which is explicitly meant to re-encrypt separately from any other pairing/bonding activity. The stack handles whether to use existing stored keys or to initiate a new exchange/verification process based on stored bonding data.

   

Thanks,

   

Jeff

0 Likes
Anonymous
Not applicable

Thanks - that seems to do it. It hadn't worked for me before, but I'm thinking I wasn't paired and bonded properly.

0 Likes