• State Not Answered
  • Replies 4 replies
  • Subscribers 74 subscribers
  • Views 133 views
  • Users 0 members are here
Attachments (1) Download All
Nordic Case Info
  • Case ID: 346492
Options

Ble pairing with linux - zero distribution flags

kat829

Hi!

We are having problems pairing a nRF52840 against linux (ubuntu 25.04). Pairing fails instantly, before any passkey is shown on the host, returning with code 9.

Short log is here: 

<dbg> bt_smp: bt_smp_recv: Received SMP code 0x01 len 6
<dbg> bt_smp: smp_pairing_req: req: io_capability 0x04, oob_flag 0x00, auth_req 0x2D, max_key_size 0x10, init_key_dist 0x0D, resp_key_dist 0x0F
<dbg> bt_smp: smp_init: prnd 849156b688e37e12ad063cb072baf74f
<dbg> bt_smp: smp_pairing_req: rsp: io_capability 0x02, oob_flag 0x00, auth_req 0x0D, max_key_size 0x10, init_key_dist 0x00, resp_key_dist 0x00
<dbg> bt_smp: bt_smp_recv: Received SMP code 0x0c len 64
<dbg> bt_smp: smp_public_key: 
<inf> Bt: Received passkey pairing inquiry.
<inf> Bt: Type `uhk passkey xxxxxx` to pair, or `uhk passkey -1` to reject
<wrn> bt_conn: conn 0x20010498: not connected
<dbg> bt_smp: bt_smp_disconnected: chan 0x20010b9c cid 0x0006
<dbg> bt_smp: smp_pairing_complete: got status 0x8
<dbg> bt_smp: bt_smp_encrypt_change: chan 0x20010b9c conn 0x20010498 handle 1 encrypt 0x00 hci status 0x1f 
<wrn> Bt: Bt security failed: n/a (n/a, 98:5f:41:d2:92:3a), level 1, err 9, disconnecting
<wrn> Bt: The connection (n/a (n/a, 98:5f:41:d2:92:3a)) isn't even connected! Ignoring.
<wrn> Bt: Pairing of auth conn failed because of 9
<wrn> Bt: Pairing failed: n/a (n/a, 98:5f:41:d2:92:3a), reason 9


AI back and forths suggest that the host PC cancels pairing because it receives the zero distribution flags in
```
<dbg> bt_smp: smp_pairing_req: rsp: io_capability 0x02, oob_flag 0x00, auth_req 0x0D, max_key_size 0x10, init_key_dist 0x00, resp_key_dist 0x00
```

Detailed logs (attaching file here doesn't work, so linking externally):
- zephyr with hci_core and smp logging: http://ktweb.cz/upload/logs2/right.log
- the same, but filtered: http://ktweb.cz/upload/logs2/right_filtered.log
- btmon log: http://ktweb.cz/upload/logs2/btmon.log

Any ideas what the problem might be and where to look further?

EDIT: here is wireshark log (paired from gui this time):

- fails on gatt instead http://ktweb.cz/upload/logs2/wireshark_linux_pairing.pcapng (This is probably our problem, since gatt is handled by an external service.)
- this one actually contains pairing attempt similar to the key distribution problem: http://ktweb.cz/upload/logs2/wireshark_linux_pairing2.pcapng

EDIT2 my updated conclusions and hypotheses:
- I think that the distribution flags are correct and (on of the) troubles is that zephyr doesn't reply with its own keys within the next 400ms or so.
- Looks like key generation takes too long on zephyr side. Before it is finished, the connection gets terminated.
- Reason for termination seems to be related to gatt and the ll buffers. Right before the connection is determined as disconnected, I see this check to fail in conn.c. Increasing the number doesn't fix the issue, but results in increased number of calls to bt_conn_tx_processor before failure (which is where the disconnect is determined): 

static bool should_stop_tx(struct bt_conn *conn)
    ...
	if (atomic_get(&conn->in_ll) < 3) {
	   ...
	   return false;
	}
    return true;
}

- my guess is that the bt_conn_tx_processor is triggered by receiving the gatt requests
- successful pairing against android http://ktweb.cz/upload/logs2/wireshark_android_pairing.pcapng
- there is a minor difference between linux and android flow. I think it is not important, but it should be noted that we are trying to achieve security level 4:

Initiator Key Distribution: 0x0d, Link Key, Signature Key (CSRK), Encryption Key (LTK)
    0000 .... = Reserved: 0x0
    .... 1... = Link Key: True
    .... .1.. = Signature Key (CSRK): True
    .... ..0. = Id Key (IRK): False         // This is false from linux, but true from android
    .... ...1 = Encryption Key (LTK): True

- failed pairing with the number from above excerpt increased 3 to 12 and buffer count: http://ktweb.cz/upload/logs2/wireshark_linux_pairing3.pcapng (flood of gatt packets from central to peripheral)
- This makes me think that either linux simply overwhelms zephyr with gatt requests, or there is some problem with our gatt provider (which is implemented by a custom implementation from c2usb). Still will be grateful for any thoughts on the subject.

Parents
  • 0

    Hello,

    Please add comments instead of adding new information as edits (from this point), because it is difficult to keep track of new information (I don't have any changelog, just your final post, and I am not sure I will read it after replying now Slight smile)

    I am not able to download your ktwebs.cz files, can you please upload them here instead? Drag and drop, or hit the upload button in the text editor on DevZone (and then hit the gray text saying "upload" to browse to the file you want to upload).

    So I am not sure what we are facing right now. The peripheral you are testing, is it one of our samples? If not, can you test with one of our samples to see if the issue is the same there?

    Short log is here:

    From your log, I see:

    <inf> Bt: Type `uhk passkey xxxxxx` to pair, or `uhk passkey -1` to reject

    Did you get a popup on the client/central side to enter this 6-digit number? And did your log actually say "xxxxxxxx", or did you replace the numbers with X'es?

    Best regards,

    Edvin

  • 0 in reply to Edvin

    Hi Edvin!

    > I am not able to download your ktwebs.cz file

    What exactly is the problem there? Tested multiple times...

    File dropping doesn't work very well for me.

    - Neither work laptop with firefox nor chromium on home laptop reacts to dropping files at all.
    - Home firefox reacts by showing an error that `The file at /home/me/mnt/www/upload/logs2/btmon.log is not readable.` which is not surprising given sandboxing policies of modern browsers.

    Also the reply button doesn't actually open an editor in 9 of 10 tries. (Same problem in firefox 139.0.1 and chromium 137.0.7151.55 which are fairly up-to-date browsers. Finally managed to send this from the chromium, sadly without any files.)

    ---------

    I didn't get a pop-up. Connection is terminated within 420ms of the moment that packet arrives, so the pc doesn't have much time to show it.

    The message actually says xxxxxx, but it is literally printed that way by our code. I don't think there is any problem with that part - the procedure works fine with android.

    ------------

    The project is github.com/.../firmware . If you want to take look, points of interest are `device/prj.conf.overlays/*` and `device/src/bt_*`, and also c2usb/c2usb/port/zephyr/bluetooth/hid.cp in github.com/.../c2usb

    We have two related issues open:
    - macos issue github.com/.../1228
    - linux issue github.com/.../999

    Notably, while I am testing pairing with linux, macos pairing has broken between two versions where we are not aware of doing any bluetooth-related changes, so as far as we can tell the most likely culprit is switching to deferred logging, which may have to do with cpu time and timing.

  • 0 in reply to kat829

    Actually, this chromium shows an "Upload file(s)" overlay on hover, but doesn't do anything on dropping.

Reply Children
Related
Terms of service