Reputation: 31
Bluetooth Pairing via BlueZ in Just Work Mode Fails - Confirm Value Failed
Kernel: Linux 4.9.84 armv7l on board
Bluez: 5.65
Peer: Android 12 & IOS 16.6
Application:
- Use btmgmt open bluetooth settings
btmgmt power off
btmgmt connectable on
btmgmt pairable on
btmgmt power on
btmgmt le on
btmgmt io-cap 0x3(set io capability as NoInputNoOutput)
btmgmt ssp on (use legacy mode)
- BT_SECURITY for the L2CAP socket has been set to low, and an encryption requirement has been applied to one characteristic.
Process:
I didn't manually create an agent with IO capability via bluetoothctl, but with the above operations, it seems like the protocol automatically creates an agent to handle pairing issues when I try to access the characteristic with the encryption requirement.
We can see the communication via btmon.
> ACL Data RX: Handle 24 flags 0x02 dlen 11 #240 [hci0] 74.105218
SMP: Pairing Request (0x01) len 6
IO capability: KeyboardDisplay (0x04)
OOB data: Authentication data not present (0x00)
Authentication requirement: Bonding, MITM, SC, No Keypresses, CT2 (0x2d)
Max encryption key size: 16
Initiator key distribution: EncKey IdKey Sign LinkKey (0x0f)
Responder key distribution: EncKey IdKey Sign LinkKey (0x0f)
< ACL Data TX: Handle 24 flags 0x00 dlen 11 #241 [hci0] 74.105300
SMP: Pairing Response (0x02) len 6
IO capability: NoInputNoOutput (0x03)
OOB data: Authentication data not present (0x00)
Authentication requirement: Bonding, MITM, Legacy, No Keypresses (0x05)
Max encryption key size: 16
Initiator key distribution: EncKey Sign (0x05)
Responder key distribution: EncKey Sign (0x05)
> HCI Event: Number of Completed Packets (0x13) plen 5 #242 [hci0] 74.224936
Num handles: 1
Handle: 24 Address: 67:D0:40:D9:1D:BF (Resolvable)
Count: 1
> ACL Data RX: Handle 24 flags 0x02 dlen 21 #243 [hci0] 75.304575
SMP: Pairing Confirm (0x03) len 16
Confim value: bf331d0c1af509252c7ac50a03acc66f
< ACL Data TX: Handle 24 flags 0x00 dlen 21 #244 [hci0] 75.304672
SMP: Pairing Confirm (0x03) len 16
Confim value: ac378c91768d6efd8b5b07ad5cd78ba4
> HCI Event: Number of Completed Packets (0x13) plen 5 #245 [hci0] 75.425942
Num handles: 1
Handle: 24 Address: 67:D0:40:D9:1D:BF (Resolvable)
Count: 1
> ACL Data RX: Handle 24 flags 0x02 dlen 21 #246 [hci0] 75.484575
SMP: Pairing Random (0x04) len 16
Random value: 830af66a612fb5dcb8bf8376a43b8dda
< ACL Data TX: Handle 24 flags 0x00 dlen 6 #247 [hci0] 75.486908
SMP: Pairing Failed (0x05) len 1
Reason: Confirm value failed (0x04)
> HCI Event: Number of Completed Packets (0x13) plen 5 #248 [hci0] 75.545938
Num handles: 1
Handle: 24 Address: 67:D0:40:D9:1D:BF (Resolvable)
Count: 1
> HCI Event: Disconnect Complete (0x05) plen 4 #249 [hci0] 79.624942
Status: Success (0x00)
Handle: 24 Address: 67:D0:40:D9:1D:BF (Resolvable)
Reason: Remote User Terminated Connection (0x13)
Problem: I faced the problem where the Peripheral (my board) confirmation failed during the confirm phase. For details, see the btmon message in the picture above.
ps : This picture from Core_v5.4 Vol3, Part H, pate 1618
Suspicion:
I'm not quite sure where the problem is located, but after reading the confirmation calculation formula, I suspect it might be due to the algorithm differences between my phone and my board or an address issue, as the other parameters seem to be the same.
I have tried to connect to my virtual machine(ubuntu) via Bluetooth with the same BlueZ version and the same operations, and it worked! Therefore, I suspect the problem is located in the kernel configuration of my board
Upvotes: 2
Views: 289
Answers (1)
Reputation: 31
The problem was finally located in the Linux Kernel configuration.
The recommended configuration from Bluez is shown in the picture below.
(Screenshot from A1 Bluetooth Linux Study Guide - Installation and Configuration.pdf Page 4 downloaded from the official website)
However, this configuration leads to a confirm value calculation failure, so an extra configuration is needed
* User-space interface for random number generator algorithms
Upvotes: 0