iOS Central with BlueZ Peripheral disconnect due to insufficient auth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In our system, we have a BLE Peripheral (in this example, running on
RPi4) using BlueZ 5.50.

We have an iOS app that connects to this Peripheral as a Central.

This connection can be seen in `btmon`, all looks ok:


> HCI Event: LE Meta Event (0x3e) plen 31                                                                                                                                                                             #189 [hci0] 1157.975252
      LE Enhanced Connection Complete (0x0a)
        Status: Success (0x00)
        Handle: 1
        Role: Slave (0x01)
        Peer address type: Random (0x01)
        Peer address: 51:A3:4E:3C:B5:D6 (Resolvable)
        Local resolvable private address: 00:00:00:00:00:00 (Non-Resolvable)
        Peer resolvable private address: 00:00:00:00:00:00 (Non-Resolvable)
        Connection interval: 30.00 msec (0x0018)
        Connection latency: 0 (0x0000)
        Supervision timeout: 720 msec (0x0048)
        Master clock accuracy: 0x01
@ MGMT Event: Device Connected (0x000b) plen 13


{0x0003} [hci0] 1157.975343
        LE Address: 51:A3:4E:3C:B5:D6 (Resolvable)
        Flags: 0x00000000
        Data length: 0
@ MGMT Event: Device Connected (0x000b) plen 13


{0x0002} [hci0] 1157.975343
        LE Address: 51:A3:4E:3C:B5:D6 (Resolvable)
        Flags: 0x00000000
        Data length: 0
@ MGMT Event: Device Connected (0x000b) plen 13


{0x0001} [hci0] 1157.975343
        LE Address: 51:A3:4E:3C:B5:D6 (Resolvable)
        Flags: 0x00000000
        Data length: 0
< HCI Command: LE Read Remote Used Features (0x08|0x0016) plen 2


 #190 [hci0] 1157.975611
        Handle: 1
> HCI Event: Command Status (0x0f) plen 4                                                                                                                                                                             #191 [hci0] 1157.976191
      LE Read Remote Used Features (0x08|0x0016) ncmd 1
        Status: Success (0x00)
> HCI Event: LE Meta Event (0x3e) plen 12                                                                                                                                                                             #192 [hci0] 1158.060347
      LE Read Remote Used Features (0x04)
        Status: Success (0x00)
        Handle: 1
        Features: 0xff 0x00 0x00 0x00 0x00 0x00 0x00 0x00
          LE Encryption
          Connection Parameter Request Procedure
          Extended Reject Indication
          Slave-initiated Features Exchange
          LE Ping
          LE Data Packet Length Extension
          LL Privacy
          Extended Scanner Filter Policies


The problem that we have is that after a couple of mins, there is a
disconnect. Looking deeper, the `btmon` logging shows the following,
and this loops continually until the eventual disconnect:


< ACL Data TX: Handle 1 flags 0x00 dlen 7


 #301 [hci0] 1159.739498
      ATT: Read Request (0x0a) len 2
        Handle: 0x0016
> ACL Data RX: Handle 1 flags 0x02 dlen 9                                                                                                                                                                             #302 [hci0] 1159.799046
      ATT: Error Response (0x01) len 4
        Read Request (0x0a)
        Handle: 0x0016
        Error: Insufficient Authentication (0x05)
> HCI Event: Number of Completed Packets (0x13) plen 5                                                                                                                                                                #303 [hci0] 1159.799227
        Num handles: 1
        Handle: 1
        Count: 1
< ACL Data TX: Handle 1 flags 0x00 dlen 6


 #304 [hci0] 1159.799388
      SMP: Security Request (0x0b) len 1
        Authentication requirement: Bonding, No MITM, Legacy, No
Keypresses (0x01)
> ACL Data RX: Handle 1 flags 0x02 dlen 11                                                                                                                                                                            #305 [hci0] 1159.859132
      SMP: Pairing Request (0x01) len 6
        IO capability: KeyboardDisplay (0x04)
        OOB data: Authentication data not present (0x00)
        Authentication requirement: Bonding, No MITM, Legacy, No
Keypresses (0x01)
        Max encryption key size: 16
        Initiator key distribution: EncKey IdKey (0x03)
        Responder key distribution: EncKey IdKey (0x03)
@ MGMT Event: Authentication Failed (0x0011) plen 8


{0x0003} [hci0] 1159.859286
        LE Address: 51:A3:4E:3C:B5:D6 (Resolvable)
        Status: Authentication Failed (0x05)
@ MGMT Event: Authentication Failed (0x0011) plen 8


{0x0002} [hci0] 1159.859286
        LE Address: 51:A3:4E:3C:B5:D6 (Resolvable)
        Status: Authentication Failed (0x05)
@ MGMT Event: Authentication Failed (0x0011) plen 8


{0x0001} [hci0] 1159.859286
        LE Address: 51:A3:4E:3C:B5:D6 (Resolvable)
        Status: Authentication Failed (0x05)
> HCI Event: Number of Completed Packets (0x13) plen 5                                                                                                                                                                #306 [hci0] 1159.859215
        Num handles: 1
        Handle: 1
        Count: 1
< ACL Data TX: Handle 1 flags 0x00 dlen 6


 #307 [hci0] 1159.859348
      SMP: Pairing Failed (0x05) len 1
        Reason: Pairing not supported (0x05)
> HCI Event: Number of Completed Packets (0x13) plen 5                                                                                                                                                                #308 [hci0] 1159.919220
        Num handles: 1
        Handle: 1
        Count: 1
> ACL Data RX: Handle 1 flags 0x02 dlen 11                                                                                                                                                                            #309 [hci0] 1160.999201
      ATT: Read By Type Request (0x08) len 6
        Handle range: 0x0001-0x0005
        Attribute type: Device Name (0x2a00)
< ACL Data TX: Handle 1 flags 0x00 dlen 19


 #310 [hci0] 1160.999678
      ATT: Read By Type Response (0x09) len 14
        Attribute data length: 13
        Attribute data list: 1 entry
        Handle: 0x0003
        Value: 6d6174742d7562756e7475


Looking at this logging, it appears that the BlueZ side (Peripheral)
is trying to read something from the iOS side (Central).

If we examine the list of services on the iOS device via
`bluetoothctl`, we see that the device has 21 services exposed:


[iPhone]# info DC:08:0F:5B:8D:82
Device DC:08:0F:5B:8D:82 (public)
Name: iPhone
Alias: iPhone
Class: 0x007a020c
Icon: phone
Paired: yes
Trusted: no
Blocked: no
Connected: yes
LegacyPairing: no
UUID: Vendor specific (00000000-deca-fade-deca-deafdecacafe)
UUID: Service Discovery Serve.. (00001000-0000-1000-8000-00805f9b34fb)
UUID: Audio Source (0000110a-0000-1000-8000-00805f9b34fb)
UUID: A/V Remote Control Target (0000110c-0000-1000-8000-00805f9b34fb)
UUID: Advanced Audio Distribu.. (0000110d-0000-1000-8000-00805f9b34fb)
UUID: A/V Remote Control (0000110e-0000-1000-8000-00805f9b34fb)
UUID: NAP (00001116-0000-1000-8000-00805f9b34fb)
UUID: Handsfree Audio Gateway (0000111f-0000-1000-8000-00805f9b34fb)
UUID: Phonebook Access Server (0000112f-0000-1000-8000-00805f9b34fb)
UUID: Message Access Server (00001132-0000-1000-8000-00805f9b34fb)
UUID: PnP Information (00001200-0000-1000-8000-00805f9b34fb)
UUID: Generic Access Profile (00001800-0000-1000-8000-00805f9b34fb)
UUID: Generic Attribute Profile (00001801-0000-1000-8000-00805f9b34fb)
UUID: Current Time Service (00001805-0000-1000-8000-00805f9b34fb)
UUID: Device Information (0000180a-0000-1000-8000-00805f9b34fb)
UUID: Battery Service (0000180f-0000-1000-8000-00805f9b34fb)
UUID: Vendor specific (02030302-1d19-415f-86f2-22a2106a0a77)
UUID: Vendor specific (7905f431-b5ce-4e99-a40f-4b1e122d00d0)
UUID: Vendor specific (89d3502b-0f36-433a-8ef4-c502ad55f8dc)
UUID: Vendor specific (9fa480e0-4967-4542-9390-d343dc5d04ae)
UUID: Vendor specific (d0611e78-bbb4-4591-a5f8-487910ae4366)


This issue seems to be the crux of [this Stack Overflow
question](https://stackoverflow.com/questions/59214524/since-bluez-5-48-iphones-require-pairing-when-connecting-on-a-ble-gap-periphera)
and they have posted a workaround to compile BlueZ without the Battery
Profile.

Applying that workaround, which is to re-compile BlueZ with:


builtin_modules += battery
builtin_sources += profiles/battery/battery.c


removed from `Makefiles.plugin` makes the errors above go away, and
there is no more disconnect.

This is confusing, as according to the spec, there are no security
requirements for The Battery Service:


> "This service defines no security requirements for these characteristics."


So, does anyone know what is causing the above?
Is there a way to stop BlueZ from trying to read in this way?
Does anyone know of a workaround that avoids a recompilation of BlueZ?

Thanks.
Matt



[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux