When do encryption keys exchange?

RE: When do encryption keys exchange?

Petter Myhre — Mon, 19 Sep 2016 12:54:48 GMT

I converted this to an answer. Great that you figured out! And thanks for adding the solution.

RE: When do encryption keys exchange?

MC — Mon, 19 Sep 2016 12:22:41 GMT

Because my question is somewhat identical to this one, I'm replying in both questions. I think I solved this problem by changing the default address type to BLE_GAP_ADDR_TYPE_RANDOM_PRIVATE_RESOLVABLE. First I initialize the SD and immediately set the address by calling this sequence after sd_initialize function:

ble_gap_addr_t local_address; local_address.addr_type = BLE_GAP_ADDR_TYPE_RANDOM_PRIVATE_RESOLVABLE;

err_code = sd_ble_gap_address_set(BLE_GAP_ADDR_CYCLE_MODE_AUTO, &local_address); APP_ERROR_CHECK(err_code);

Now I get the right responses when bonding and encrypting the link

RE: When do encryption keys exchange?

MC — Wed, 17 Aug 2016 14:22:59 GMT

That is correct, MCP sends request: "Bond, MITM, Initiator keys: 0, Responder keys LTK IRK..." As you said, there is no CSRK key involved. I will try to understand what the deal is, but it seems to me, I'm stuck in a dead end for now. If I come up with some kind of solution or breakthrough, I will post a comment or an answer. For the time being, if anyone has some kind of suggestion about this issue, I will appreciate it.

RE: When do encryption keys exchange?

Petter Myhre — Wed, 17 Aug 2016 14:03:47 GMT

MCP will not use CSRK, so if you are able to MCP I guess that is not the issue. Strange. I'm not sure what it could be.

RE: When do encryption keys exchange?

MC — Wed, 17 Aug 2016 11:13:24 GMT

I tried to bond with MCP where I set IO caps to only_keyboard and none. In both cases I get successful bond with the peripheral. It bothers me that MCP works and my code with identical settings fails everytime.

RE: When do encryption keys exchange?

MC — Wed, 17 Aug 2016 07:38:25 GMT

I've managed to get android sniffer trace with old version of wireshark and added it to my main question. I can see, that android also uses CSRK keys for bonding, therefore, I'm back at the beginning. I don't think I will be able to do MCP sniffer trace, as I only have one development kit available, and I need it to run both the MCP and sniffer. If you look at the attached MCP log file (line number 165), MCP sends pairing request without CSRK and still succeeds. My pairing request is identical to MCP, but my fails. I still can't figure it out.

RE: When do encryption keys exchange?

Petter Myhre — Tue, 16 Aug 2016 14:34:26 GMT

You are correct, sorry. Please try. I don't know what version you are using, but it is recommended to use Wireshark v1.10 with the nRF Sniffer. It is the latest version that have been tested.

RE: When do encryption keys exchange?

MC — Tue, 16 Aug 2016 14:20:52 GMT

Sniffer trace with MITM and s120 is already added to my main question :) It has a name s120_central_pairing. I will try to get android trace if I can, because wireshark crashes often or doesn't parse events correctly while sniffing connection between android phone and my sensor. If I succeed, I will upload it.

RE: When do encryption keys exchange?

Petter Myhre — Tue, 16 Aug 2016 13:55:50 GMT

nRF Connect for PC uses an ordinary SoftDevice. MCP does not, but the ordinary SoftDevice should be capable of anything MCP can. Please try to to get a sniffer trace with MCP/nRF Connect for PC and/or Android. A sniffer trace with S120 with MITM set would also be nice.

RE: When do encryption keys exchange?

MC — Tue, 16 Aug 2016 13:08:44 GMT

Does MCP for PC use ordinary softdevice? Because, with MCP I can bond just as well as with windows phone or Android. I wil try to get a sniffer trace of pairing with an Android, but I have a feeling it will be the same.

RE: When do encryption keys exchange?

Petter Myhre — Tue, 16 Aug 2016 12:23:42 GMT

CSRK is used in security mode 2, which is not supported by our SoftDevices. It could be that's why the TI rejects the pairing request, but I don't know. Maybe you can test with another central device? You can try with nRF Connect for Android for example?

RE: When do encryption keys exchange?

MC — Tue, 16 Aug 2016 07:37:30 GMT

I've added a trace of phone pairing with advertising and connection establishment. I noticed one important thing, that I somehow missed last time I was pairing. Windows phone seems to have CSRK keys implemented, so it requests pairing with initiator keys: CSRK. If my understanding is correct, SDK 8 doesn't have this kind of keys implemented. Is my assumption correct? Is there no way of implementing CSRKs in SDK 8 and s120?

RE: When do encryption keys exchange?

Petter Myhre — Mon, 15 Aug 2016 07:25:44 GMT

The sniffer trace for the windows phone seems to start when already in a connection. Could you do a sniffer trace where advertising and connecting is included as well?

RE: When do encryption keys exchange?

MC — Fri, 12 Aug 2016 12:54:06 GMT

Sorry for confusing you, now I've added sniffer traces for windows phone, s120 and MCP log file to my question. Please ignore multiple pairing attempts by s120, it's a known feature (bug) in my code :) The main question still exists, what are MCP and windows phone doing differently, so their pairing is successful, as opposed to Device manager and s120 with SDK 8.1 which always fails?

RE: When do encryption keys exchange?

Petter Myhre — Fri, 12 Aug 2016 11:02:43 GMT

I'm confused. I thought the lower picture was S120? The pairing request is sent in that picture. What do you mean by sending pairing request prior to authentication? The authentication is part of the pairing process, it is not done before the pairing request is sent. Please upload the sniffer files instead of pictures, and mark clearly what trace is from what device. You send a pairing request by calling sd_ble_gap_authenticate(). You can do this directly, or you can let device manager handle this for you, then you should call dm_security_setup_req(). If you call this, the central will request to pair/bond if the peer is not bonded, if it is bonded, the link will be re-encrypted using existing bond information.

RE: When do encryption keys exchange?

MC — Fri, 12 Aug 2016 10:22:08 GMT

I thought that it doesn't matter if it is from TI, as BLE responses and protocols should be standardised :) As for the pairing request, this is the main difference I was talking about, device manager in SDK 8 doesn't include sending the pairing request prior to authentication, or I don't know how to do it.

Both files I included were done at roughly the same time, after connection was established. In my attemt, no pairing request is ever sent, even if I set MITM. I tried all the combinations with and without MITM/bonding, the response is the same. If you could tell me how to initiate pairing request from s120, I think, it will solve my problem.

RE: When do encryption keys exchange?

Petter Myhre — Fri, 12 Aug 2016 09:11:22 GMT

You could have mentioned that your peripheral was from TI :) Then it may be difficult for me to reproduce it. From your pictures I can't really see what the difference is, you haven't included the Pairing Request in both. Maybe you can just upload the files? Does it change anything if you set MITM? I suspect that the TI chip rejects the pairing request because the central says it doesn't support MITM.

RE: When do encryption keys exchange?

MC — Thu, 11 Aug 2016 14:04:05 GMT

First, you will need a peripheral, which has a static passkey hardcoded in the code. In my case, I have "000000". The sensors I have, require this passkey at bonding (pairing) procedure. Second, use some example code, lets say s120 multilink central example. Please use SDK 8.1.0. Then, connect to the peripheral and inside the client_handling_create function, call the function dm_security_setup_req.

After that, you should get an event from DM DM_EVT_SECURITY_SETUP_COMPLETE in main() with event_result 0x83. This comes from the fact, that dm_security_setup_req function forces authentication for unbonded devices by calling initiate_security_request. Because authentication function requires encryption keys to be available, it will always fail, given the fact that link hasn't been encrypted. Edit: added PNGs to my main question for clarification of the problem.

RE: When do encryption keys exchange?

Petter Myhre — Thu, 11 Aug 2016 12:32:49 GMT

I'm not familiar with that event. Could you provide some more information so I can try to reproduce it?