• State Suggested Answer
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 65 subscribers
  • Views 2717 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 211744
Options
Beware that this post is related to an SDK in maintenance mode
More Info: Consider nRF Connect SDK for new designs
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

LESC_DEBUG_MODE define in ble_app_multirole_lesc, nRF5 SDK 15.0.0

swlnk

Device: nRF52832

SDK: nRF5 SDK 15.0.0

SoftDevice 6.0.0

Hello. I'm using using the ble_app_multirole_lesc example with nRF5 SDK 15.0.0. I'm trying to debug using my sniffer, and want to use the debug private key. The following define exists in the main.c code which seems like it should set the private key to the debug key:

#define LESC_DEBUG_MODE 1 /**< Set to 1 to use LESC debug keys, allows you to use a sniffer to inspect traffic. */

The problem, though, is that this define doesn't appear to do anything. The LESC_DEBUG_MODE symbol is not used anywhere else in the code. I went back to the 14.2.0 SDK and found some code in the sample application that made use of the LESC_DEBUG_MODE flag:

#if LESC_DEBUG_MODE

/**@brief Bluetooth SIG debug mode Private Key */
#error Generated private key is not supported.
__ALIGN(4) static const ble_gap_lesc_p256_sk_t m_lesc_private_key =
{{
0xbd,0x1a,0x3c,0xcd,0xa6,0xb8,0x99,0x58,0x99,0xb7,0x40,0xeb,0x7b,0x60,0xff,0x4a,
0x50,0x3f,0x10,0xd2,0xe3,0xb3,0xc9,0x74,0x38,0x5f,0xc5,0xa3,0xd4,0xf6,0x49,0x3f
}};

#else

#endif

Unfortunately, even with the above code I don't quite understand how the debug key works because the m_lesc_private_key structure is not actually used anywhere. I would think that 

In any case, what I really need is to use the private key with SDK 15.0.0, not 14.2.0. From my understanding of the code I would have though that the code related to the debug private key would need to be in ble_lesc.c rather than in the application code (since the key generation and management are handled by that module rather than the application).

Could you please provide guidance for using the debug key?

Thanks.

Parents
  • 0

    Hi,

    It is correct that we have removed the debug key from SDK 15.0. The reason why we have removed the debug key is that we don’t want customers enabling and using the debug key by accident in their end-products. Using the debug key, and using a sniffer to monitor the encrypted connection is mostly done for very specific testing, and generally not something developers need to do. The define LESC_DEBUG_MODE is not used in SDK 15.0 , and will be removed completely in the next version of the SDK.

    swlnk said:
    From my understanding of the code I would have though that the code related to the debug private key would need to be in ble_lesc.c rather than in the application code (since the key generation and management are handled by that module rather than the application).

    That is correct. The correct place to override, and use the debug key would be in the function ble_lesc_ecc_keypair_generate_and_set(), where you would not use the auto generated key from nrf_crypto_ecc_key_pair_generate(), but instead use the static debug key.

Reply
  • 0

    Hi,

    It is correct that we have removed the debug key from SDK 15.0. The reason why we have removed the debug key is that we don’t want customers enabling and using the debug key by accident in their end-products. Using the debug key, and using a sniffer to monitor the encrypted connection is mostly done for very specific testing, and generally not something developers need to do. The define LESC_DEBUG_MODE is not used in SDK 15.0 , and will be removed completely in the next version of the SDK.

    swlnk said:
    From my understanding of the code I would have though that the code related to the debug private key would need to be in ble_lesc.c rather than in the application code (since the key generation and management are handled by that module rather than the application).

    That is correct. The correct place to override, and use the debug key would be in the function ble_lesc_ecc_keypair_generate_and_set(), where you would not use the auto generated key from nrf_crypto_ecc_key_pair_generate(), but instead use the static debug key.

Children
  • 0 in reply to Sigurd

    So... what to do if you need to sniff encrypted BLE traffic (LESC)? Note that I'm taking to Daniel Velleux and Patyush about this, and the advise seems to be tinker with the SDK to hack it in. Sigh.

    The suggesting is to start with adding the following to nrf_ble_lesc.c:

    __ALIGN(4) static const ble_gap_lesc_p256_sk_t m_lesc_private_key = {{
    0xbd,0x1a,0x3c,0xcd,0xa6,0xb8,0x99,0x58,0x99,0xb7,0x40,0xeb,0x7b,0x60,0xff,0x4a,
    0x50,0x3f,0x10,0xd2,0xe3,0xb3,0xc9,0x74,0x38,0x5f,0xc5,0xa3,0xd4,0xf6,0x49,0x3f
}};

    Note that we're currently calling nrf_ble_lesc_request_handler(), which I assume generates the keys and v16 of the SDK. I can't find ble_lesc_ecc_keypair_generate_and_set() in my project. Is the above advise stale, or am I missing something?

    Other suggestions/next steps are welcome.

Related

core_v2_widget.Hide()