RE: SMP Server Sample with CONFIG_MCUMGR_SMP_BT_AUTHEN=y

RAlexeev — Fri, 09 Oct 2020 01:53:55 GMT

Wow, you're great! Thanks for your quick and informative response! It completely helped me, and now everything works.

RE: SMP Server Sample with CONFIG_MCUMGR_SMP_BT_AUTHEN=y

Hung Bui — Thu, 08 Oct 2020 15:26:52 GMT

Hi Roman,
I think I found what could be wrong here.
If you have a look inside smp_bt_attrs[] in smp_bt.c you can find that the characteristic permission is set to BT_GATT_PERM_WRITE_AUTHEN and BT_GATT_PERM_WRITE_AUTHEN when you enable CONFIG_MCUMGR_SMP_BT_AUTHEN.

This requires the link not only be encrypted but also authenticated. This means the pairing need to be with MITM protection (passkey, OOB , etc)

But there isn't a passkey_display function declared in conn_auth_callbacks inside bluetooth.c so there is no MITM protection when you do bonding with the phone. This explains why the phone couldn't do FOTA.

So you have 2 options, one is to change the permission of the SMP_SVR characteristic to BT_GATT_PERM_WRITE_ENCRYPT and BT_GATT_PERM_READ_ENCRYPT instead of _AUTHEN. So you only request pairing without MITM.

Or you can add a passkey display call back into bluetooth.c so that you can handle pairing with passkey. For example something like this:

static void auth_passkey_display(struct bt_conn *conn, unsigned int passkey)
{
	char addr[BT_ADDR_LE_STR_LEN];

	bt_addr_le_to_str(bt_conn_get_dst(conn), addr, sizeof(addr));

	printk("Passkey for %s: %06u\n", addr, passkey);
}

static struct bt_conn_auth_cb conn_auth_callbacks = {
    .cancel = auth_cancel,
    .pairing_confirm = pairing_confirm,
    .pairing_complete = pairing_complete,
    .pairing_failed = pairing_failed,
    .passkey_display = auth_passkey_display,
};