search

zephyrproject-rtos / zephyr

Primary Git Repository for the Zephyr Project. Zephyr is a new generation, scalable, optimized, secure RTOS for multiple hardware architectures.
https://docs.zephyrproject.org
Apache License 2.0
10.93k stars 6.65k forks source link

Samples: Bluetooth: peripheral_hids fails to set security (Android central) #80558

Open Thalley opened 3 weeks ago

Thalley commented 3 weeks ago

Describe the bug The sample has

    if (bt_conn_set_security(conn, BT_SECURITY_L2)) {
        printk("Failed to set security\n");
    }

in the connected callback, but it seems to fail to do encryption when connected to an Android Phone.

To Reproduce

  1. Build the sample with CONFIG_SAMPLE_BT_USE_AUTHENTICATION=n
  2. Flash the sample
  3. Connect an Android Phone
  4. See error

Expected behavior Expect the security to be set to level 2.

Impact Depends. If it was something that used to work and stopped working at some point, it is caused by a change in the stack that may not be documented.

Logs and console output

Advertising successfully started
Connected 51:9E:D8:12:F4:4F (random)
Security failed: 51:9E:D8:12:F4:4F (random) level 1 err (2)
Disconnected from 51:9E:D8:12:F4:4F (random), reason 0x13

Environment (please complete the following information):

Additional context Tested on a nRF5340 DK for the Zephyr sample with the hci_ipc sample with the nrf5340_cpunet_iso-bt_ll_sw_split.conf overlay for the network core. Tested on an Pixel 8 running Android 14

alwa-nordic commented 3 weeks ago

Would you be able to get an HCI pcap? Would be great if you could test with an older version of Zephyr too.

Thalley commented 3 weeks ago

Would you be able to get an HCI pcap? Would be great if you could test with an older version of Zephyr too.

Trying to, but I have some issues getting the log with btmon. Not sure what the cause is yet.

jhedberg commented 3 weeks ago

Shouldn't the bt_conn_set_security() call be excluded when CONFIG_SAMPLE_BT_USE_AUTHENTICATION=n? I.e. is the sample simply missing an #ifdef?

Thalley commented 3 weeks ago

Shouldn't the bt_conn_set_security() call be excluded when CONFIG_SAMPLE_BT_USE_AUTHENTICATION=n? I.e. is the sample simply missing an #ifdef?

Security level 2 can be done without authentication

jhedberg commented 3 weeks ago

Security level 2 can be done without authentication

Right, and I checked that smp.c should correctly fall back to just-works when there are no authentication callbacks registered.

Thalley commented 3 weeks ago

Security level 2 can be done without authentication

Right, and I checked that smp.c should correctly fall back to just-works when there are no authentication callbacks registered.

Indeed. I've tested the same with the BT shell and works fine there, so I believe the issue is that it is being called in the connected callback, or related to timing