QUERY · ISSUE

STM32: BLE bond is not persistant

openby hoihuopened 2024-02-11updated 2025-03-03

bugport-stm32

Situation

MicroPython v1.23.0-preview.90.ged15b3c6c on 2024-02-06; PYBD-SF2W with STM32F722IEK
using the temperature sensor code with bonding from https://github.com/micropython/micropython/blob/master/examples/bluetooth/ble_bonding_peripheral.py
calls to ble.config(addr_mode=2= are commented out, as explained in https://github.com/micropython/micropython/issues/13639
I'm using an iPhone12 as counterpart for BLE tests.

What happens

The device advertises itself, is connectable -> ok
The secrets are exchanged (set_secret() messages appear when connecting). -> ok
The secrets are stored in secrets.json when disconnected -> ok
When rebooting the pyboard, or after a reset, I can't connect anymore, the iPhone complains with "peer removed pairing information" -> not ok
When deleting the bond from the iPhone, via bluetooth settings -> tap on device -> forget, it works again.

Details

I logged the secret exchanges with some debug messages on the get_secret event handler. While pairing for the first time it says the following:

encryption update 64 1 0 1 16
30 (1, <memoryview>, <memoryview>)
set secret: (1, b'\x00\x8a\xd0\xb8\xc5\xfb\xa0') b'\x00\x8a\xd0\xb8\xc5\xfb\xa0\x10\x00\x00\x0.........'
30 (2, <memoryview>, <memoryview>)
set secret: (2, b'\x00\x8a\xd0\xb8\xc5\xfb\xa0') b'\x00\x8a\xd0\xb8\xc5\xfb\xa0\x10\x00\x00\x0.........'
2 (64, 0, <memoryview>)

After rebootin the pyboard it says:

1 (64, 1, <memoryview>)
29 (1, 0, <memoryview>)
get secret: 1 0 b"\x01)\x8a\x7f'\x95H"
secrets store: {(1, b'\x00\x8a\xd0\xb8\xc5\xfb\xa0'): '\x00\x8a\xd0\xb8\xc5\xfb\xa0\x10\x00\x00\x0.....', 
                          (2, b'\x00\x8a\xd0\xb8\xc5\xfb\xa0'): '\x00\x8a\xd0\xb8\xc5\xfb\xa0\x10\x00\x00\x00\x0.......'}
secret check: (1, b"\x01)\x8a\x7f'\x95H")
result: None
2 (64, 1, <memoryview>)

the secret check log log the key that was received here: https://github.com/micropython/micropython/blob/master/examples/bluetooth/ble_bonding_peripheral.py#L140 and the secret store is self._secrets

so since self._secrets does not contain a key with (1, b"\x01)\x8a\x7f'\x95H") it return None and I think that's the reason that the pairing fails. I hope can shed some light?

CANDIDATE · PULL REQUEST

aioble: Add pairing and bonding multitests

openby andrewleechopened 2025-06-10updated 2025-06-10

Summary

Adds comprehensive multitests for BLE pairing and bonding functionality to the aioble library.

New Tests Added

1. ble_pair.py - Pairing without persistent bonding

Tests encryption with bond=False
Verifies temporary pairing that doesn't persist
Expected result: encrypted=1 authenticated=0 bonded=0

2. ble_bond.py - Pairing with persistent bonding

Tests encryption with bond=True
Verifies persistent bonding with secret storage
Expected result: encrypted=1 authenticated=0 bonded=1 + secrets_exist yes

Technical Implementation

Custom EncryptedCharacteristic: Extends aioble.Characteristic with _FLAG_READ_ENCRYPTED to require pairing for access
Cross-compatibility: Works with both BTstack and NimBLE implementations
State management: Proper timing and bond file management for deterministic testing
Comprehensive coverage: Tests pairing initiation, encryption, characteristic access, and bond persistence

Testing

Both tests pass consistently on BTstack-enabled MicroPython builds:

python ./tests/run-multitests.py -i pyb:/dev/ttyACM0 -i pyb:/dev/ttyACM1 -t -p2 micropython/bluetooth/aioble/multitests/ble_pair.py
python ./tests/run-multitests.py -i pyb:/dev/ttyACM0 -i pyb:/dev/ttyACM1 -t -p2 micropython/bluetooth/aioble/multitests/ble_bond.py

Motivation

These tests fill a critical gap in aioble testing coverage by providing:

Validation of security features (pairing/bonding)
Verification of encrypted characteristic access
Regression testing for BTstack pairing improvements
Examples for developers implementing secure BLE applications

The tests complement the recent BTstack pairing/bonding implementation and demonstrate that aioble's async API works correctly with the underlying security features.

🤖 Generated with Claude Code

1 comment

andrewleech · 2025-06-10

This was used to test https://github.com/micropython/micropython/pull/17469 and was run with a RPI_PICO2_W and PYBD_SF^