enhance pairing to work with numberic comparison

Author: hathach

libraries/Bluefruit52Lib/examples/Central/central_bleuart/central_bleuart.ino

@@ -25,7 +25,7 @@ BLEClientUart clientUart; // bleuart client
 void setup()
 {
   Serial.begin(115200);
-  while ( !Serial ) delay(10);   // for nrf52840 with native usb
+//  while ( !Serial ) delay(10);   // for nrf52840 with native usb
 
   Serial.println("Bluefruit52 Central BLEUART Example");
   Serial.println("-----------------------------------\n");

libraries/Bluefruit52Lib/examples/Peripheral/pairing_display/pairing_display.ino

@@ -22,6 +22,13 @@
 /* This sketch demonstrates Pairing process using dynamic Passkey.
  * This sketch is essentially the same as bleuart.ino except the BLE Uart
  * service requires Security Mode with Man-In-The-Middle protection i.e
+ *
+ * BLE Pairing procedure is complicated, it is advisable for users to go through
+ * these articles to get familiar with the procedure and terminology
+ * - https://www.bluetooth.com/blog/bluetooth-pairing-part-1-pairing-feature-exchange/
+ * - https://www.bluetooth.com/blog/bluetooth-pairing-part-2-key-generation-methods/
+ * - https://www.bluetooth.com/blog/bluetooth-pairing-passkey-entry/
+ * - https://www.bluetooth.com/blog/bluetooth-pairing-part-4/
  */
 
 /* This sketch demonstrates the "Image Upload" feature of Bluefruit Mobile App.
@@ -125,6 +132,9 @@ void setup()
 
 #endif // TFT
 
+  pinMode(PIN_BUTTON1, INPUT_PULLUP);
+  pinMode(PIN_BUTTON2, INPUT_PULLUP);
+
   // Setup the BLE LED to be enabled on CONNECT
   // Note: This is actually the default behavior, but provided
   // here in case you want to control this LED manually via PIN 19
@@ -142,7 +152,9 @@ void setup()
   // To use dynamic PassKey for pairing, we need to have
   // - IO capacities at least DISPPLAY
   // - Register callback to display/print dynamic passkey for central
-  Bluefruit.Pairing.setIOCaps(true, false, false);
+  // For complete mapping of the IO Capabilities to Key Generation Method, check out this article
+  // https://www.bluetooth.com/blog/bluetooth-pairing-part-2-key-generation-methods/
+  Bluefruit.Pairing.setIOCaps(true, true, false); // display = true, yes/no = true, keyboard = false
   Bluefruit.Pairing.setPasskeyCallback(pairing_passkey_callback);
 
   // Set complete callback to print the pairing result
@@ -223,20 +235,67 @@ void loop()
   }
 }
 
-void pairing_passkey_callback(uint16_t conn_handle, uint8_t const passkey[6])
+// callback invoked when pairing passkey is generated
+// - passkey: 6 keys (without null terminator) for displaying
+// - match_request: true when authentication method is Numberic Comparison.
+//                  Then this callback's return value is used to accept (true) or
+//                  reject (false) the pairing process. Otherwise, return value has no effect
+bool pairing_passkey_callback(uint16_t conn_handle, uint8_t const passkey[6], bool match_request)
 {
-  Serial.println("Enter this code on your phone to pair with Bluefruit:");
+  Serial.println("Pairing Passkey");
   Serial.printf("    %.3s %.3s\n", passkey, passkey+3);
 
 #if TFT_IN_USE != TFT_NO_DISPLAY
-  tft.printf("Enter this code on your phone to pair with Bluefruit:\n\n");
+  tft.fillScreen(COLOR_BLACK);
+  tft.println("Pairing Passkey\n");
   tft.setTextColor(COLOR_YELLOW);
   tft.setTextSize(4);
-  tft.printf(" %.3s %.3s\n", passkey, passkey+3);
+  tft.printf("  %.3s %.3s\n", passkey, passkey+3);
 
   tft.setTextColor(COLOR_WHITE);
   tft.setTextSize(2);
 #endif
+
+
+  if (match_request)
+  {
+    Serial.println("Do you want to pair");
+    Serial.println("Press Button A to accept, Button B to reject");
+
+    #if TFT_IN_USE != TFT_NO_DISPLAY
+    tft.println("\nDo you accept ?\n\n");
+
+    tft.setTextSize(3);
+    tft.setTextColor(COLOR_GREEN);
+    tft.print("<< Yes");
+    tft.setTextColor(COLOR_RED);
+    tft.println("  No >>");
+
+    tft.setTextColor(COLOR_WHITE);
+    tft.setTextSize(2);
+    #endif
+
+    // wait until either button is pressed
+    while( digitalRead(PIN_BUTTON1) && digitalRead(PIN_BUTTON2) ) { }
+
+    // wait until either button is pressed
+    uint32_t start_time = millis();
+    while( digitalRead(PIN_BUTTON1) && digitalRead(PIN_BUTTON2) )
+    {
+      // 30 seconds timeout
+      if ( millis() > start_time + 30000 ) break;
+    }
+
+    // A = accept
+    if ( 0 == digitalRead(PIN_BUTTON1) ) return true;
+
+    // B = reject
+    if ( 0 == digitalRead(PIN_BUTTON2) ) return false;
+
+    return false;
+  }
+
+  return true;
 }
 
 void pairing_complete_callback(uint16_t conn_handle, uint8_t auth_status)

libraries/Bluefruit52Lib/src/BLEPairing.cpp

@@ -102,7 +102,7 @@ bool BLEPairing::begin(void)
   return true;
 }
 
-void BLEPairing::setIOCaps(bool display, bool keyboard, bool yes_no)
+void BLEPairing::setIOCaps(bool display, bool yes_no, bool keyboard)
 {
   uint8_t io_caps = BLE_GAP_IO_CAPS_NONE;
 
@@ -125,9 +125,6 @@ void BLEPairing::setIOCaps(bool display, bool keyboard, bool yes_no)
   }
 
   _sec_param.io_caps = io_caps;
-
-  // also set Man in the middle protection if we have some IO caps
-  if (io_caps != BLE_GAP_IO_CAPS_NONE) _sec_param.mitm = 1;
 }
 
 void BLEPairing::setMITM(bool enabled)
@@ -171,27 +168,19 @@ bool BLEPairing::resolveAddress(ble_gap_addr_t const * p_addr, ble_gap_irk_t con
 // Use Legacy SC static Passkey
 bool BLEPairing::setPIN(const char* pin)
 {
-  if (pin == NULL)
-  {
-    // back to default mode
-    _sec_param = _sec_param_default;
-  }else
-  {
-    VERIFY(strlen(pin) == BLE_GAP_PASSKEY_LEN);
-
-    // Static Passkey requires using
-    // - Legacy SC
-    // - IO cap: Display
-    // - MITM is on
-    _sec_param.bond = 1;
-    _sec_param.mitm = 1;
-    _sec_param.lesc = 0;
-    _sec_param.io_caps = BLE_GAP_IO_CAPS_DISPLAY_ONLY;
-
-    ble_opt_t opt;
-    opt.gap_opt.passkey.p_passkey = (const uint8_t*) pin;
-    VERIFY_STATUS(sd_ble_opt_set(BLE_GAP_OPT_PASSKEY, &opt), false);
-  }
+  VERIFY(pin && strlen(pin) == BLE_GAP_PASSKEY_LEN);
+
+  // Static Passkey requires using
+  // - Legacy SC
+  // - IO cap: Display
+  // - MITM is on
+  _sec_param.mitm = 1;
+  _sec_param.lesc = 0;
+  _sec_param.io_caps = BLE_GAP_IO_CAPS_DISPLAY_ONLY;
+
+  ble_opt_t opt;
+  opt.gap_opt.passkey.p_passkey = (const uint8_t*) pin;
+  VERIFY_STATUS(sd_ble_opt_set(BLE_GAP_OPT_PASSKEY, &opt), false);
 
   return true;
 }
@@ -201,17 +190,8 @@ bool BLEPairing::setPasskeyCallback(pair_passkey_cb_t fp)
 {
   _passkey_cb = fp;
 
-  if ( fp == NULL )
-  {
-    // back to default mode
-    _sec_param = _sec_param_default;
-  }else
-  {
-    _sec_param.bond = 1;
-    _sec_param.mitm = 1;
-    _sec_param.lesc = LESC_SUPPORTED;
-    _sec_param.io_caps = BLE_GAP_IO_CAPS_DISPLAY_ONLY;
-  }
+  // mitm is required to trigger passkey generation
+  _sec_param.mitm = 1;
 
   return true;
 }
@@ -304,12 +284,15 @@ void BLEPairing::_eventHandler(ble_evt_t* evt)
        LOG_LV2("PAIR", "Passkey = %.6s, match request = %d", passkey_display->passkey, passkey_display->match_request);
 
        // Invoke display callback
-       if ( _passkey_cb ) ada_callback(passkey_display->passkey, 6, _passkey_cb, conn_hdl, passkey_display->passkey);
-
-       if (passkey_display->match_request)
+       if ( _passkey_cb )
        {
-         // Match request require to report the match
-         // sd_ble_gap_auth_key_reply();
+         bool matched = _passkey_cb(conn_hdl, passkey_display->passkey, passkey_display->match_request);
+
+         if (passkey_display->match_request)
+         {
+           // Match request require to report the match (numberic comparison)
+           sd_ble_gap_auth_key_reply(conn_hdl, matched ? BLE_GAP_AUTH_KEY_TYPE_PASSKEY : BLE_GAP_AUTH_KEY_TYPE_NONE, NULL);
+         }
        }
     }
     break;

libraries/Bluefruit52Lib/src/BLEPairing.h

@@ -35,7 +35,7 @@
 class BLEPairing
 {
   public:
-    typedef void (*pair_passkey_cb_t ) (uint16_t conn_hdl, uint8_t const passkey[6]);
+    typedef bool (*pair_passkey_cb_t ) (uint16_t conn_hdl, uint8_t const passkey[6], bool match_request);
     typedef void (*pair_complete_cb_t) (uint16_t conn_hdl, uint8_t auth_status);
 
     BLEPairing(void);
@@ -46,7 +46,7 @@ class BLEPairing
     bool setPIN(const char* pin);
 
     // Set IO capacities
-    void setIOCaps(bool display, bool keyboard, bool yes_no);
+    void setIOCaps(bool display, bool yes_no, bool keyboard);
 
     // Enable/Disable Man in the middle protection
     void setMITM(bool enabled);
@@ -58,8 +58,6 @@ class BLEPairing
     bool setPasskeyCallback(pair_passkey_cb_t fp);
     void setCompleteCallback(pair_complete_cb_t fp);
 
-
-
     /*------------------------------------------------------------------*/
     /* INTERNAL USAGE ONLY
      * Although declare as public, it is meant to be invoked by internal