Bluetooth Low Energy (BLE) Security via Encryption

  • Are there any plans to expand the Bluetooth Low Energy APIs to include pairing with authentication and encryption? Most of my experience is using BLE as-is. Can the ESP32 support more secure BLE data transfers?


  • My work so far looks promising. I'm able to assign characteristic properties that include encryption and iOS/MacOS/Android devices show the pairing prompt when the characteristic is accessed. The issue that I'm currently facing is a very short timeout that makes it impossible to enter the key. I've logged an issue with the ESP-IDF project to see if they have any ideas.

  • While implementing "pairing failure reasons" I came across a minor documentation issue upstream:

  • @jmarcelino, I'm beginning to work on this. Quick question about the C toolchain...

    The function esp_ble_gap_set_security_param is within esp_gap_ble_api.h but is gated by #if (SMP_INCLUDED == TRUE).

    The only reference I see is in esp32/build/WIPY/release/genhdr/qstr.i.last which is obviously generated and looks like:

    # 108 "/home/user/pycom/pycom-esp-idf/components/bt/bluedroid/include/bt_target.h"

    I also noticed that sdkconfig.h contains references to options such as #define CONFIG_GATTC_ENABLE 1 but also reads Automatically generated file; DO NOT EDIT..

    Can you offer any pointers on how to familiarize myself with the toolchain to enable the use of esp_ble_gap_set_security_param?

    Update 1
    The dir pycom-esp-idf (ESP-IDF SDK) file components/bt/bluedroid/include/bt_target.h contains:

    #define SMP_INCLUDED              TRUE
    #define BLE_PRIVACY_SPT           TRUE
    #define SMP_INCLUDED              FALSE
    #define BLE_PRIVACY_SPT           FALSE
    #endif  /* CONFIG_GATTC_ENABLE */

    Interestingly, this thread describes the relationships as:

    The sdkconfig.h file is generated from the ESP32 environment. Assuming platformio wasn’t present, one would download the ESP-IDF SDK and then download an application template (both from Github). One would then run the make command to build a tool …
    make menuconfig
    When run, this produces a terminal based application which shows menus for the configuration of an ESP32 environment. This contains a wealth of options and it is extremely common to modify these options on a project by project basis. For example, one can describe that one wants Bluetooth or WiFi or change the baud rate for upload or change the diagnostics logging levels. Once the tool has been run, a file called “sdkconfig” is generated which contains your saved settings. In addition, a file called “sdkconfig,h” is built which is the missing file needed for ESP32 ESP-IDF application compilation.

    That said, it seems that for now it's safe to edit sdkconfig.h and add #define CONFIG_SMP_ENABLE=1. Running make clean; make regenerated build/WIPY/release/genhdr/qstr.i.last and tried to build the source but references to esp_ble_gap_set_security_param still create an undefined reference error when linking. Frustrating...

    Update 2
    The lib/libbt.a that ships with pycom-micropython-sigfox isn't rebuilt from the ESP-IDF SDK. The symbols can be verified using nm lib/libbt.a | grep esp_ble_gap_set_security_param. If this symbol is missing then the result will be "undefined reference" when linking (above).

    One way to work-around this is to cd to pycom-esp-idf/examples/bluetooth/gatt_security_server/ and run make. The resulting build/bt/libbt.a can be copied to pycom-micropython-sigfox/esp32/lib/ and with that the build should succeed. The next step is to figure out how to setup the PyCom toolchain so that this process can be repeated within a "normal" build.

  • @semireg
    The ESP32 and ESP-IDF support this it just hasnt’t been brought into Python yet. It is planned to be but I can’t offer an ETA.


Pycom on Twitter