How to use aioble save and load secrets

[brianreinhold]

I have not figured out how the aioble save and load secrets work. It's not clear if it is done automatically or if the application must participate. I placed some logging into the aioble security module and all I see are calls to save the secrets (which my application does not do directly). However, I never see the load secrets happen.

I have made modifications such that aioble will know of all pairing events (application-started pairing and btstack's security request pairing started). I would expect that the application should call the save secrets on shutdown and load secrets on startup.

Anyone know how this works? Point to some documentation if there is any? Much appreciated.

[xyzzy42]

There's code in aioble, secrets.py, to save and restore secrets from a file name ble_secrets.json. It has a handler to will act on the two "IRQs" used for secrets by mpy bluetooth module.
I believe it's possible to install or import aioble in a way that does not include the above file, i.e., like server or client support, it's an optional feature. Maybe you don't have it?
It does work on NimBLE. I've never tried btstack.

The data is in jSON format, obviously. The key and secret are base64 encoded strings, with an extra newline in string at the end. The data is stack specific. If you want use it, for instance to get a list of bonded devices, you'll have to look up how the BLE stack stores the IA data in the secret data.

[brianreinhold]

Trent, I think I figured out how to use it. It is up to the application to load the secrets at application start. Saving the secrets is done by the application though I have seen it call the save methods without having any devices that paired. Not sure what it is saving then. However, testing with multiple pairable devices indicates that the LTKs for those devices are saved and as long as my application loads those saved keys at application start, bonded reconnects appear to work.

The caution one must take is to be sure that aioble knows a device getting paired. When a device sends a security request, btstack automatically handles the pairing and aioble knows nothing about it. I had to add a method to aioble and handle an additional event in modbluetooth_btstack.c and run a background task in my application to trap a security request pairing event and pass it to aioble in order for aioble to be aware of the pairing. With that done, the secrets were properly saved.

[trentp-igor]

It looks like Micropython does not fully support bonding with btstack.

Code in aioble should respond to requests for secrets, https://github.com/micropython/micropython-lib/blob/45ead11f965ddad664b8efe380d83155859e653b/micropython/bluetooth/aioble/aioble/security.py#L114
Reading and writing the jSON file is all handled by this code in aioble.

The event from the ble module that the above code in aioble responds to is triggered here,

micropython/extmod/modbluetooth.c

Line 1327 in 5114f2c

bool mp_bluetooth_gap_on_get_secret(uint8_t type, uint8_t index, const uint8_t *key, uint16_t key_len, const uint8_t **value, size_t *value_len) {

That code should by run by any ble stack when the stack needs to get a secret.

When the NimBLE stack needs a secret, the request is handled here,

micropython/extmod/nimble/modbluetooth_nimble.c

Line 1947 in 5114f2c

if (!mp_bluetooth_gap_on_get_secret(obj_type, key->sec.idx, key_data, key_data_len, &value_data, &value_data_len)) {

This is what calls the code in modbluetooth.c that produces the event aioble responds to.

But looking in the btstack module, I see nothing that makes calls to mp_bluetooth_gap_on_get_secret(), so it never generates an event for aioble to respond to.

[brianreinhold]

That's an understatement! We have had to make several additions to modbluetooth_btstack.c to get pairing to work.