Bluetooth Low Energy (BLE) Security via Encryption
Are there any plans to expand the Bluetooth Low Energy APIs to include pairing with authentication and encryption? Most of my experience is using BLE as-is. Can the ESP32 support more secure BLE data transfers?
Derick Banned last edited by
This post is deleted!
My work so far looks promising. I'm able to assign characteristic properties that include encryption and iOS/MacOS/Android devices show the pairing prompt when the characteristic is accessed. The issue that I'm currently facing is a very short timeout that makes it impossible to enter the key. I've logged an issue with the ESP-IDF project to see if they have any ideas.
While implementing "pairing failure reasons" I came across a minor documentation issue upstream: https://github.com/espressif/esp-idf/issues/1845
@jmarcelino, I'm beginning to work on this. Quick question about the C toolchain...
The function esp_ble_gap_set_security_param is within esp_gap_ble_api.h but is gated by
#if (SMP_INCLUDED == TRUE).
The only reference I see is in
esp32/build/WIPY/release/genhdr/qstr.i.lastwhich is obviously generated and looks like:
#define BTC_PRF_QUEUE_INCLUDED FALSE #define BTC_GAP_BT_INCLUDED FALSE #define BTC_AV_INCLUDED FALSE #define GATTS_INCLUDED TRUE #define GATTC_INCLUDED TRUE # 108 "/home/user/pycom/pycom-esp-idf/components/bt/bluedroid/include/bt_target.h" #define SMP_INCLUDED FALSE #define BLE_PRIVACY_SPT FALSE #define MAX_ACL_CONNECTIONS CONFIG_BT_ACL_CONNECTIONS #define GATT_MAX_PHY_CHANNEL CONFIG_BT_ACL_CONNECTIONS
I also noticed that sdkconfig.h contains references to options such as
#define CONFIG_GATTC_ENABLE 1but also reads
Automatically generated file; DO NOT EDIT..
Can you offer any pointers on how to familiarize myself with the toolchain to enable the use of
pycom-esp-idf(ESP-IDF SDK) file
#if (CONFIG_SMP_ENABLE) #define SMP_INCLUDED TRUE #define BLE_PRIVACY_SPT TRUE #else #define SMP_INCLUDED FALSE #define BLE_PRIVACY_SPT FALSE #endif /* CONFIG_GATTC_ENABLE */
Interestingly, this thread describes the relationships as:
The sdkconfig.h file is generated from the ESP32 environment. Assuming platformio wasn’t present, one would download the ESP-IDF SDK and then download an application template (both from Github). One would then run the make command to build a tool …
When run, this produces a terminal based application which shows menus for the configuration of an ESP32 environment. This contains a wealth of options and it is extremely common to modify these options on a project by project basis. For example, one can describe that one wants Bluetooth or WiFi or change the baud rate for upload or change the diagnostics logging levels. Once the tool has been run, a file called “sdkconfig” is generated which contains your saved settings. In addition, a file called “sdkconfig,h” is built which is the missing file needed for ESP32 ESP-IDF application compilation.
That said, it seems that for now it's safe to edit sdkconfig.h and add
#define CONFIG_SMP_ENABLE=1. Running
make clean; makeregenerated build/WIPY/release/genhdr/qstr.i.last and tried to build the source but references to
esp_ble_gap_set_security_paramstill create an undefined reference error when linking. Frustrating...
The lib/libbt.a that ships with pycom-micropython-sigfox isn't rebuilt from the ESP-IDF SDK. The symbols can be verified using
nm lib/libbt.a | grep esp_ble_gap_set_security_param. If this symbol is missing then the result will be "undefined reference" when linking (above).
One way to work-around this is to cd to
pycom-esp-idf/examples/bluetooth/gatt_security_server/and run make. The resulting
build/bt/libbt.acan be copied to
pycom-micropython-sigfox/esp32/lib/and with that the build should succeed. The next step is to figure out how to setup the PyCom toolchain so that this process can be repeated within a "normal" build.
jmarcelino last edited by jmarcelino
The ESP32 and ESP-IDF support this it just hasnt’t been brought into Python yet. It is planned to be but I can’t offer an ETA.