GAP - client device circumventing security mode - can connect without key

ns1668
Posts: 50
Joined: Tue Mar 16, 2021 2:00 pm

GAP - client device circumventing security mode - can connect without key

Postby ns1668 » Mon Apr 19, 2021 2:51 pm

ESP-IDF: v4.2-242-g28f882f90
A2DP sink example project - disabled automatic acceptance of key:

Code: Select all

    case ESP_BT_GAP_CFM_REQ_EVT:
        ESP_LOGI(BT_AV_TAG, "ESP_BT_GAP_CFM_REQ_EVT Please compare the numeric value: %d", param->cfm_req.num_val);
        // esp_bt_gap_ssp_confirm_reply(param->cfm_req.bda, true); // commented for testing
Connecting with iPad Mini (iOS 9.3.5)
The device connects to A2DP - does not even go through SSP or legacy pairing process.

I have checked the project config through menuconfig and confirmed that SSP is enabled.

What is going on?!?

Please note that we are hoping to put this into a shipping product in the next 2 months - a response from espressif dev team would be great.

Cheers

ns1668
Posts: 50
Joined: Tue Mar 16, 2021 2:00 pm

Re: GAP - client device circumventing security mode - can connect without key

Postby ns1668 » Tue Apr 20, 2021 8:02 am

Here is some log output:

Code: Select all


D (14098) BT_BTM: Security Manager: Start get name

D (14108) BT_BTM: btm_acl_paging discing:0, paging:0 BDA: b4f0abcfe342

D (14118) BT_BTM: btm_bda_to_acl found

D (14118) BT_BTM: btm_acl_update_busy_level

D (14118) BT_BTM: BTM_BLI_PAGE_DONE_EVT

D (14128) BT_BTM: btm_acl_created hci_handle=128 link_role=1  transport=1

D (14138) BT_BTM: btm_bda_to_acl found

D (14138) BT_BTM: Duplicate btm_acl_created: RemBdAddr: b4f0abcfe342

D (14148) BT_BTM: BTM_SetLinkPolicy

D (14148) BT_BTM: btm_bda_to_acl found

D (14148) BT_BTM: btm_bda_to_acl found

D (14158) BT_BTM: BTM_SetLinkSuperTout

D (14158) BT_BTM: btm_process_clk_off_comp_evt

D (14168) BT_BTM: btm_handle_to_acl_index

I (14168) BT_BTM: BTM_InqDbRead: bd addr [b4f0abcfe342]

D (14178) BT_BTM: btm_read_remote_version_complete

D (14178) BT_BTM: btm_read_remote_features_complete

D (14188) BT_BTM: btm_handle_to_acl_index

D (14188) BT_BTM: Start reading remote extended features

D (14198) BT_BTM: btm_read_remote_ext_features() handle: 128 page: 1

D (14208) BT_BTM: BDA b4:f0:ab:cf:e3:42

D (14208) BT_BTM: Inquire BDA 00:00:00:00:00:00

D (14208) BT_BTM: btm_sec_rmt_name_request_complete

D (14218) BT_BTM: btm_bda_to_acl found

D (14218) BT_BTM: setting BTM_SEC_NAME_KNOWN sec_flags:0x88

D (14228) BT_BTM: btm_sec_execute_procedure: Required:0x0 Flags:0x88 State:0

D (14228) BT_BTM: Security Manager: trusted:0x00000000
And some additional log output:

Code: Select all



D (17408) BT_BTM: BTM_SetLinkPolicy

D (17418) BT_BTM: btm_bda_to_acl found

D (17418) BT_BTM: btm_bda_to_acl found

D (17428) BT_BTM: BTM_SetLinkSuperTout

D (17428) BT_BTM: btm_process_clk_off_comp_evt

D (17428) BT_BTM: btm_handle_to_acl_index

I (17438) BT_BTM: BTM_InqDbRead: bd addr [b4f0abcfe342]

D (17438) BT_BTM: btm_read_remote_version_complete

D (17448) BT_BTM: btm_find_or_alloc_dev

D (17448) BT_BTM: btm_find_or_alloc_dev

D (17458) BT_BTM: btm_io_capabilities_req:Security mode: 4, Num Read Remote Feat pages: 2

D (17468) BT_BTM: btm_bda_to_acl found

D (17468) BT_BTM: BTM_ReadRemoteFeatures

D (17618) BT_BTM: btm_proc_sp_req_evt()  just_works:1, io loc:0, rmt:1, auth loc:0, rmt:4

D (17648) BT_BTM: btm_find_or_alloc_dev

D (17648) BT_BTM: btm_sec_link_key_notification()  BDA:b4f0abcfe342, TYPE: 4

D (17648) BT_BTM: Remote device does not support Secure Connection
D (17658) BT_BTM: btm_bda_to_acl found
I have tested this same scenario on another BT A2DP sink device with the same client device (iPad Mini), a key validation response is requested on the ipad and the sink device.

The security mode for SSP is as follows:

Code: Select all

    /* Set default parameters for Secure Simple Pairing */
    esp_bt_sp_param_t param_type = ESP_BT_SP_IOCAP_MODE;
    esp_bt_io_cap_t iocap = ESP_BT_IO_CAP_IO;
    esp_bt_gap_set_security_param(param_type, &iocap, sizeof(uint8_t));

Who is online

Users browsing this forum: FrankJensen and 116 guests