ESP32 Bluetooth SPP Security related queries (IDFGH-552)

[Ritesh236]

Dear Sir/Madam,

We have developed a BT SPP Acceptor based Application on ESP32 Wrover Module (No Input No Output Capability). We have connected a BT SPP based Application with BT Classic Mobile App (Initiator). When inserted different BT Security Options related to SPP Profile, found some unsolved queries. Following is the List of the Queries related to BT Security

Queries: 1) Bluetooth Security Mode (BT BR/EDR Security Mode 1, 2, 3 & 4) : Which Bluetooth Security Mode(s) supported/implemented by Different Security Options given by ESP32 SPP Profile?

2) BT Encryption Feature (ESP_SPP_SEC_ENCRYPT) i) Which Encryption Algorithm supported by SPP profile? What is the Size of Encryption Key used in Encryption Algorithm? ii) Suggest some way to test the Encryption feature of BT SPP Profile when encryption is enabled in our application

3) BT Authorization Feature (ESP_SPP_SEC_AUTHORIZE) a) Setting the Authorization in our BT Application cause the following problems: i) Not get the Service Connection (ESP_SPP_SRV_OPEN_EVT) event at Acceptor Side when connected with Mobile App ii) Connection was lost when data sent to the BT Acceptor by Mobile App Kindly suggest some solution to solve this

4) BT MITM Protection (ESP_SPP_SEC_MITM) a) How does this feature prevent the MITM? b) Does this feature provide authorization and encryption?

Regards, Ritesh Prajapati

[Ritesh236]

Any update regarding queries which I have sent?

Regards, Ritesh Prajapati

[blueMoodBHD]

Hi， @Ritesh236, Sorry for later reply. There is some problem in the Security Options in SPP, so please use it just as the demo. And for the queries: 1) The Bluetooth Security Mode we use is Mode 4, and the IO Capability which you use is No Input No Output, so the security level is 2. 2) The Encryption Algorithm supported by SPP profile is E0. 3) Not support, now. 4) As the IO Capability which you use is No Input No Output, MITM is not supported.

[Ritesh236]

@blueMoodBHD,

Thanks for providing update for that. I will check it with my team and let you know if any query regarding that.

So, Do you have any idea like when we get that type security support into ESP32 IDF which we need and asked for that? Do you have any idea regarding that?

[blueMoodBHD]

With ESP_SPP_SEC_AUTHENTICATE and No Input No Output, it support security mode 4 level 2, using Legacy Pairing or Security Simple Pairing are both OK. And if you use Security Simple Pairing, the authentication algorith which will be use is Numeric Comparison(just work). And if you use Legacy Pairing, you should set fixed pin.

[Ritesh236]

@blueMoodBHD,

Thanks for quick reply for same. I will check it with my team on Monday and send reply with query if any more from security perspective as we have already started to work on bluetooth with profile and security feature.

[Alvin1Zhang]

@Ritesh236 Hi, would you help provide any updates for the issue? Thanks.

[Alvin1Zhang]

@Ritesh236 Hi, would you help provide any updates for the issue? Thanks.

[Alvin1Zhang]

@Ritesh236 Hi, would you help provide any updates for the issue? Thanks.

[Alvin1Zhang]

@Ritesh236 Thanks for reporting the issue. Feel free to reopen the issue if you have any updates. Thanks.