RE: LESec with nRF52840 and pc-ble-driver-js v2.6.1 sending all 0's for Diffie Hellman public key

Matthew Stormo — Fri, 10 Jul 2020 00:40:38 GMT

This reply is a full answer on the two issues in the above code. It includes the fix in the first reply.

There were two issues in the above code.
1) The public key being passed to the peripheral as all 0's was caused from the call to replySecParams with a null secParams. This happens in the updated event listener for 'secParamsRequest'.
2) On the event lescDhkeyRequest, the public key was being calculated instead of the shared secret key. The correct adapter function call was to computeSharedSecret with the parameter 'event' passed into said function.

See below for full functional code snip-it.

Nordic.prototype.pair = function(cb) {
    let secParams;

    secParams = {
        bond: true,
        mitm: false,
        lesc: true,
        keypress: false,
        io_caps: adapter.driver.BLE_GAP_IO_CAPS_NONE,
        oob: false,
        min_key_size: 16,
        max_key_size: 16,
        kdist_own: {
            enc: true,   /** Long Term Key and Master Identification. */
            id: true,    /** Identity Resolving Key and Identity Address Information. */
            sign: false,  /** Connection Signature Resolving Key. */
            link: false,  /** Derive the Link Key from the LTK. */
        },
        kdist_peer: {
            enc: true,   /** Long Term Key and Master Identification. */
            id: true,    /** Identity Resolving Key and Identity Address Information. */
            sign: false,  /** Connection Signature Resolving Key. */
            link: false,  /** Derive the Link Key from the LTK. */
        },
    };

    // Respond to Security parameters request
    adapter.on('secParamsRequest', (device, peer_params) => {
        console.log('peer_params: ' + JSON.stringify(peer_params));

        let secKeyset = {
            keys_own: {
                enc_key: null,
                id_key: null,
                sign_key: null,
                pk: null,
            },
            keys_peer: {
                enc_key: null,
                id_key: null,
                sign_key: null,
                pk: null,
            },
        };

        // Compute our public key here (nothing else is needed)
        secKeyset.keys_own.pk = { pk: adapter.computePublicKey() };
        
        // Send the response
        adapter.replySecParams(
            device.instanceId,
            adapter.driver.BLE_GAP_SEC_STATUS_SUCCESS,
            null, // This can be null IF we are a central AND we initiated the pairing
            secKeyset,
            (err, secKeyset) => {
                console.log('secKeyset: ' + JSON.stringify(secKeyset));
                if(err) {
                    console.error("secParamsRequest Err", err);
                }
            }
        );
    });

    // Respond to the Diffie Hellman key exchange request
    adapter.on('lescDhkeyRequest', function(device, event) {
        // Compute a shared secret key
        let key = adapter.computeSharedSecret(event);
        adapter.replyLescDhkey(
            adapter.device.instanceId,
            key,
            function(err) {
                // Compute shared secret on success
                if(err) {
                    console.error('LescDhkey err: ' + err);
                }
                cb();
            }
        );
    });

    // Start authentication
    adapter.authenticate(adapter.device.instanceId, secParams, function(err) {
        console.log('Auth err: ' + err);
    });
}

RE: LESec with nRF52840 and pc-ble-driver-js v2.6.1 sending all 0's for Diffie Hellman public key

Matthew Stormo — Fri, 10 Jul 2020 00:00:54 GMT

Determined public key being passed to the peripheral as all 0's was caused from the call to replySecParams with a null secParams. Below is the updated event listener for 'secParamsRequest'

// Respond to Security parameters request
adapter.on('secParamsRequest', (device, peer_params) => {
    console.log('peer_params: ' + JSON.stringify(peer_params));

    let secKeyset = {
        keys_own: {
            enc_key: null,
            id_key: null,
            sign_key: null,
            pk: null,
        },
        keys_peer: {
            enc_key: null,
            id_key: null,
            sign_key: null,
            pk: null,
        },
    };
    secKeyset.keys_own.pk = { pk: adapter.computePublicKey() };
    adapter.replySecParams(device.instanceId,
        adapter.driver.BLE_GAP_SEC_STATUS_SUCCESS,
        null,
        secKeyset,
        (err, secKeyset) => {
            console.log('secKeyset: ' + JSON.stringify(secKeyset));
            console.log("secParamsRequest Err", err);
        }
    );
});

DH Auth is still failing at this point. Still investigating.

SOLVED - Using LESec with nRF52840 and pc-ble-driver-js v2.6.1

RE: LESec with nRF52840 and pc-ble-driver-js v2.6.1 sending all 0's for Diffie Hellman public key

RE: LESec with nRF52840 and pc-ble-driver-js v2.6.1 sending all 0's for Diffie Hellman public key