• State Verified Answer
  • Replies 3 replies
  • Subscribers 73 subscribers
  • Views 2321 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 127192
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Role of Keys kdist_central and kdist_periph in sd_ble_gap_authenticate

Darrew

My Central is willing to perform a bond (pairing with bond) to a Peripheral.

As an example and according to

Message Sequence Chart > Central Security Procedures > Central Legacy Pairing > Bonding: Just Works,

the central calls sd_ble_authenticate(bond, no_mitm, no_io_caps) and it seems that the rest of the security parameters in p_sec_params (including kdist_central and kdist_periph) are of no importance.

It seems that keys will be stored in p_keyset if the following call to sd_ble_gap_sec_params_reply supplies the pointer p_keyset.

I wonder what the role of these keys kdist_central and kdist_periph is.

Parents
  • 0

    Hi Darrew,

    Note that inside p_sec_params, the description of kdist_central and kdist_periph say:

     ble_gap_sec_kdist_t   kdist_own;                 /**< Key distribution bitmap: keys that the local device will distribute. */
  ble_gap_sec_kdist_t   kdist_peer;                /**< Key distribution bitmap: keys that the remote device will distribute. */

    They are bitmap (flags) telling which key the peers will distribute and expect to be distributed.

  • 0 in reply to Hung Bui

    Hi Hung Bui,

    It would be more clear to have a Message Sequence Chart that exactly defines the correct and needed arguments on the call to sd_ble_authenticate(). I find sd_ble_authenticate(bond, no_mitm, no_io_caps) ambiguous (it will not work if the correct keys are not distributed!).

    Same problem -ambiguity- for sd_ble_gap_encrypt(ediv, rand, ltk) in MSC Central Legacy Pairing > Bonding: Just Works; it would help to mention that those arguments correspond to the peer device i.e. Peripheral.

Reply
  • 0 in reply to Hung Bui

    Hi Hung Bui,

    It would be more clear to have a Message Sequence Chart that exactly defines the correct and needed arguments on the call to sd_ble_authenticate(). I find sd_ble_authenticate(bond, no_mitm, no_io_caps) ambiguous (it will not work if the correct keys are not distributed!).

    Same problem -ambiguity- for sd_ble_gap_encrypt(ediv, rand, ltk) in MSC Central Legacy Pairing > Bonding: Just Works; it would help to mention that those arguments correspond to the peer device i.e. Peripheral.

Children
No Data
Related
Terms of service