• State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 71 subscribers
  • Views 2483 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 112187
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Generating my own LTK/EDIV/RAND

RK

Is there a hook anywhere in the SD (130/132) to let me generate my own LTKs, EDIV and RAND during the bonding process? I don't think so, I've not found one, but perhaps I missed it.

I wanted to move to a security model which uses one private on-device piece of data to generate all LTKs from the diversifier, yes that's 16 bit but it's enough for my purposes and would help making devices with pre-shareable keys. It also drastically cuts down on the amount of data you need to store in flash for devices which are expected to bond with many others, in fact it cuts it down to just remembering the highest diversifier you've used because everything else can be calculated on the fly.

Parents
  • 0

    Hi,

    It's not possible to override those yourself in the way you ask, but you shouldn't need to. If you have the means to generate the LTK based on some EDIV and RAND, you do not need to bond at all. On the central side, simply call sd_ble_gap_encrypt with the custom EDIV, RAND and LTK fields filled into the arguments. On the peripheral side, fetch the BLE_GAP_EVT_SEC_INFO_REQUEST event, recalculate the custom LTK based on the EDIV/RAND in the event, then fill in the datatypes for the sd_ble_gap_sec_info_reply call with the LTK.

    If the peer device is not one of your special devices, it should signal that it doesn't have a bond, and you can then choose to bond normally.

  • 0 in reply to Ulrich Myhre

    We actually used to do something like this in the older variants of S110, but the potential for collisions became such a big problem that we changed it. The SoftDevice would combine the ediv and rand into a diversifier, then encrypt it with a device-specific secret to get the LTK. On the s13x, the LTK is always set by the device, and cannot be overridden. If you feel that this is a must-have, then please contact the closes sales representative so we get the correct idea about interest. We already allow you to change IRK with an options API, so it's not impossible that something like this could go into the same API - given interest.

Reply
  • 0 in reply to Ulrich Myhre

    We actually used to do something like this in the older variants of S110, but the potential for collisions became such a big problem that we changed it. The SoftDevice would combine the ediv and rand into a diversifier, then encrypt it with a device-specific secret to get the LTK. On the s13x, the LTK is always set by the device, and cannot be overridden. If you feel that this is a must-have, then please contact the closes sales representative so we get the correct idea about interest. We already allow you to change IRK with an options API, so it's not impossible that something like this could go into the same API - given interest.

Children
No Data
Related
Terms of service