3 Replies Latest reply on Jun 5, 2017 12:42 PM by nicholas.rose

    Bondage

    nicholas.rose

      I'm having trouble understanding the use of bonding. (Using EZ-Serial).

         

      So, I pair with a device, enter passkeys etc and save the bonding info. Later I disconnect.

         

      Then I reconnect. As I understand bonding, I should not need to go through the authorization/passkey procedure again.

         

      But, I do need to re-establish encryption (I get an error saying this when I try to read the other device).

         

      My problem is that I can see no way to turn on the encryption. The API has an Event that says encryption has been turned on, but no way to do it explicitly.

         

      Is this a missing thing in the API, or should the underlying OS turn the encryption automatically on seeing the bonded connection, and for some reason does not ?

        • 1. Re: Bondage
          e.pratt_1639216

          Afaik, the connection will encrypt when it bonds. I have not found a separate procedure to encrypt without bonding unfortunately. Perhaps a cypress employee knows otherwise? Worst case, you can re-bond with the bonded device to re-enable encryption. I do agree that it should be automatic, but I haven't found settings to modify/set it up.

          • 2. Re: Bondage
            jrow

            Hi Nick,

               

            Smartphones connecting to an EZ-Serial peripheral device should automatically re-encrypt the link for you after establishing a connection. I have recently checked both Android (6.0) and iOS in this regard, and found them to work as expected. Here's an example log output:

               

            [connect from LightBlue iOS]
            @E,0035,C,C=04,A=578BFAE30477,T=01,I=0018,L=0000,O=0048,B=00
            @E,001A,W,C=04,H=000B,T=00,D=0200
            [request pairing from EZ-Serial]
            /p
            @R,0008,/P,0000
            [confirm request on smartphone, iOS takes over as pairing initiator]
            @E,001B,P,C=04,M=11,B=01,K=10,P=00
            @E,000E,ENC,C=04,S=01
            @E,001B,B,B=04,A=578BFAE30477,T=01
            @E,000F,PR,C=04,R=0000
            [pairing and bonding completed successfully, now disconnect on smartphone side]
            @E,0010,DIS,C=04,R=0913
            @E,000E,ASC,S=01,R=03
            [reconnect from same smartphone, note new bond handle 0x04]
            @E,0035,C,C=04,A=578BFAE30477,T=01,I=0018,L=0000,O=0048,B=04
            @E,001B,B,B=04,A=578BFAE30477,T=01
            @E,000F,PR,C=04,R=0000
            @E,000E,ENC,C=04,S=01
            [above three bond record/pairing/encryption events happen automatically with no additional interaction]
            @E,001A,W,C=04,H=000B,T=00,D=0200

               

            If EZ-Serial is acting as the central device (initiating the connection to a peripheral), then it does not automatically re-encrypt the link on its own after reconnecting to a previously bonded device. However, all you need to do in this case is issue the smp_pair command again ("/P"), and it will encrypt using previously exchanged information. You will not need to go through the whole bonding and passkey entry process again. Here's an example log from an EZ-Serial central-role session:

               

            [configure MITM support and full keyboard+mouse I/O capabilities]
            /ssbp,m=12,i=4
            @R,000A,SSBP,0000
            [connect to remote peripheral]
            /c,a=00a050421650
            @R,000D,/C,0000,C=00
            @E,0035,C,C=04,A=00A050421650,T=00,I=0006,L=0000,O=0064,B=00
            [initiate pairing with remote device, which has display only I/O]
            /p
            @R,0008,/P,0000
            @E,0009,PKE,C=04
            [enter passkey, which is 0x0000131E on remote device ('004894')]
            /pe,p=131e
            @R,0009,/PE,0000
            @E,000E,ENC,C=04,S=01
            @E,001B,B,B=04,A=00A050421650,T=00
            @E,000F,PR,C=04,R=0000
            [pairing completes successfully, now disconnect]
            /dis
            @R,000A,/DIS,0000
            @E,0010,DIS,C=04,R=0916
            @E,000E,ASC,S=01,R=03
            /ax
            @R,0009,/AX,0000
            @E,000E,ASC,S=00,R=00
            [reconnect to same device, note non-zero bond handle 0x04 indicating previous bond]
            /c,a=00a050421650
            @R,000D,/C,0000,C=00
            @E,0035,C,C=04,A=00A050421650,T=00,I=0006,L=0000,O=0064,B=04
            [use pairing command to re-encrypt]
            /p
            @R,0008,/P,0000
            @E,001B,B,B=04,A=00A050421650,T=00
            @E,000F,PR,C=04,R=0000
            @E,000E,ENC,C=04,S=01
            [encryption completes, no additional interaction required on either device]

               

            Hopefully this helps explain the execution flow. E.pratt is correct that there is no BLE component stack API method (or EZ-Serial API command) which is explicitly meant to re-encrypt separately from any other pairing/bonding activity. The stack handles whether to use existing stored keys or to initiate a new exchange/verification process based on stored bonding data.

               

            Thanks,

               

            Jeff

            • 3. Re: Bondage
              nicholas.rose

              Thanks - that seems to do it. It hadn't worked for me before, but I'm thinking I wasn't paired and bonded properly.