How to implement the LESC for ble peripheral?

RE: How to implement the LESC for ble peripheral?

Simonr — Fri, 30 Oct 2020 08:19:20 GMT

Yes, by setting the LESC_DEBUG_MODE define to 1 you should enable the LESC debug keys and in turn use the sniffer to inspect traffic.

Best regards,

Simon

RE: How to implement the LESC for ble peripheral?

fox.tai — Fri, 30 Oct 2020 05:56:11 GMT

Hi Simon,

I found this article LESC_DEBUG_MODE define in ble_app_multirole_lesc, nRF5 SDK 15.0.0, it seems that marco LESC_DEBUG_MODE is not used after sdk 15.0? So debug key is still available in sdk 17.02?

Thansk,

Fox Tai

RE: How to implement the LESC for ble peripheral?

fox.tai — Fri, 30 Oct 2020 05:38:29 GMT

Hi Simon,

Actually, I wonder where can I find the correct LTK in code, then I would print it out this LTK and fill into the Ellisys application to decrypt sniffer packets.

Few days ago, I followed this article How can I find the long term key being currently used -peer manager to obtain LTK in function sec_info_request_process(). Because it said "read from flash in sec_info_request_process() with pdb_peer_data_ptr_get() when the device reconnect and re-encrypt", but in bonding procedure, no one called sec_info_request_process(), which means I didn't get the LTK.

And I remind that article mentioned reconnect device and re-encrypt, program would read the LTK from flash, that's why I try to connect, disconnect, then connect to get the LTK. Now I get the LTK from peer_data.p_bonding_data->own_ltk.enc_info.ltk[] in function auth_status_success_process() after bonding, the first 16 bytes of this LTK is the same with in sec_info_request_process(), but it's weird that strlen size of peer_data.p_bonding_data->own_ltk.enc_info.ltk[] is 17 bytes, the last byte always 0x43. And I ignore the last byte and use the first 16 bytes to decrypt.

Unfortunately, this LTK often cannot decrypt the sniffer packets. Maybe run 10 times, only 1 time can decrypt successfully. Every time I run the test, I would delete bond, and reflash the image of the Glucose application.

B.T.W., I also try to set LESC_DEBUG_MODE to 1 and 0. LTK usually cannot decrypt my sniffer packets. So I wonder where can I find the correct LTK in source code?

Thanks,

Fox Tai

RE: How to implement the LESC for ble peripheral?

Simonr — Thu, 29 Oct 2020 13:50:31 GMT

1. Bonding and pairing are also encryption procedures, and I assume this is called "Encryption" just to ensure the user that it is still an encrypted link as well, as it can't be called "bonding" when the devices are already bonded.

2. Yes, you will not have to disconnect and reconnect in order to be in an encrypted connection after bonding.

3. Seeing as you're using LESC, you will have to use a debug-key which is standard for all connections, or add the LTK in Ellisys (see this paper). You can get this from the nRF by I.E. logging it from the nRF.

Best regards,

Simon

RE: How to implement the LESC for ble peripheral?

fox.tai — Thu, 29 Oct 2020 09:06:03 GMT

Hi Simon,

I've tried to use 2 nrf52840-DK, one to connect to nRF Connect Desktop, another to run the Glucose application. When I tab the "connect" on nRF Connect Desktop show the log "Security updated, mode:1, level:4". And I find the uart print the following log, it seemed to run bonding:

<info> peer_manager_handler: Connection secured: role: Peripheral, conn_handle: 1, procedure: Bonding

If I tab "disconnect", then "connect", uart would print the following log, it seemed to run encryption:

<info> peer_manager_handler: Connection secured: role: Peripheral, conn_handle: 1, procedure: Encryption

So, I have some questions:

Question 1.

After advertising, I tab "connect", it only perform bonding. Then I tab "disconnect" and "connect", it would perform "encryption".

These behavior is right?

Question 2.

If the program is running bonding, that also runs the security connection and encryption?

Question 3.

Could you tell me where can I find the LTK to decrypt my sniffer packets. Almost of time, my LTK cannot decrypt packets...

Thanks,

Fox Tai

RE: How to implement the LESC for ble peripheral?

Simonr — Wed, 28 Oct 2020 10:34:36 GMT

1. Step 6 seems to be somewhat outdated indeed. Step 6 should be the following in nRFConnect for Desktop for example. After you have successfully connected to the Nordic Glucose example, press the settings icon and Pair... in the dropdown menu. A pop-up should appear where you can enable LESC pairing, etc. Please check the Enable LE Secure Connection pairing as well as Perform bonding and press "Pair". A new window prompting you to enter the passkey should appear once more. Enter it in order to pair using LESC.

In order to use nRFConnect for Desktop, you will need 2 DKs, one to act as a central, and one to act as the Glucose peripheral.

Step 6 for nRFConnect on Android/iOS can be skipped, as the initial pairing process trigs the LESC pairing automatically.

2. I had no problems making the nRF52840 DK write I.E. its battery status to the nRFConnect app (tested with Android and Desktop apps). When disconnecting, and reconnecting to the device, the peer manager handles the bonding information, and connects again with the same encryption used when initially paired. I suggest you check out the peer manager documentation for more information on this.

3. This question is not entirely clear to me, can you please try to explain in detail what you mean here? Yes, the encryption uses DH keys for encryption if that's what you're asking.

Best regards,

Simon

RE: How to implement the LESC for ble peripheral?

fox.tai — Wed, 28 Oct 2020 05:09:29 GMT

Hi Simon,

I just survey related the Glucose application article, should it prepare 2 nordic dk, one for connecting to nRF Connect for Desktop as central, another one use this the Glucose application as peripheral?

Thanks,

Fox Tai

RE: How to implement the LESC for ble peripheral?

fox.tai — Wed, 28 Oct 2020 03:04:07 GMT

Hi Simon,

You're right, I knew ble_app_multirole_lesc is for experimental, so I hesitate to ask this question here. And I didn't get any error message, but it did nothing after encryption. Actually, I've modified this ble_app_multirole_lesc to connect to our Android APP, but it was disconnected by Android APP. I guess the supervision timeout happened because LL_START_ENC_RSP didn't send by Android APP(central).

Thanks for giving me another LESC example the Glucose application. And I have some questions about how to run the test and the result for this example the Glucose application .

I attach the devzone.nordicsemi.com/.../test_5F00_example_5F00_Glucose.btt sniffer packet for reference . Oh, this time also no any error log happened.

Question 1:

Step 6. in title Testing the Glucose application, it said to select "Security Settings" in settings, but I cannot find "Security Settings" in Android, iOS or nRF Connect desktop version, so I think this article may be old, the nRF Connect may already get this settings done, and I skip this step.

Using nRF Connect, bond to the device with LESC enabled. Enter the settings, select "Security Settings", check "Enable LE Secure Connection pairing" and "Perform bonding", and click "Apply"

B.T.W., I don't use nRF Connect Desktop version, because it should reprogram the image in flash right? So I think my nrf52840 won't run the Glucose example, right?

Question 2:

After I enter the passkey, it prints the following log, it seemed to perform Bonding:

<info> app_timer: RTC: initialized.
<info> app: Glucose example started.
<info> app: Fast advertising
<info> app: Connected
<info> app: Passkey: 146511
<info> app: BLE_GAP_EVT_LESC_DHKEY_REQUEST
<info> nrf_ble_lesc: Calling sd_ble_gap_lesc_dhkey_reply on conn_handle: 0
<info> peer_manager_handler: Connection secured: role: Peripheral, conn_handle: 0, procedure: Bonding
<info> app: Link secured. Role: 1. conn_handle: 0, Procedure: 1
<info> app: BLE_GAP_EVT_AUTH_STATUS: status=0x0 bond=0x1 lv4: 1 kdist_own:0x3 kdist_peer:0x2
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Bonding data, action: Update
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Peer rank, action: Update
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Local database, action: Update
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Central address resolution, action: Updat

Then I tab the "Read Characteristic" or "Enable CCCDs", nrf52840 didn't started to encrypt. So I tab the DISCONNECT, then tab CONNECT on nRF Connect, it started to run the encryption and prints the following log:

From the log, it seemed to generate 2 times LTK?

<info> app: Connected
<info> peer_manager_smd: [sec_info_request_process:370] after call sd_ble_gap_sec_info_reply(p_gap_evt->conn_handle, p_enc_info, NULL, NULL),     err_code=0x0
<info> peer_manager_smd: [sec_info_request_process:372] GOT LTK p_enc_info->ltk[]
<info> peer_manager_smd: AE A4 A9 BD
<info> peer_manager_smd: C5 29 6F A9
<info> peer_manager_smd: 19 2F 63 C5
<info> peer_manager_smd: 29 20 1 4E
<info> peer_manager_handler: Connection secured: role: Peripheral, conn_handle: 0, procedure: Encryption
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Peer rank, action: Update, no change
<info> app: Link secured. Role: 1. conn_handle: 0, Procedure: 0
<info> peer_manager_smd: [sec_info_request_process:370] after call sd_ble_gap_sec_info_reply(p_gap_evt->conn_handle, p_enc_info, NULL, NULL),     err_code=0x0
<info> peer_manager_smd: [sec_info_request_process:372] GOT LTK p_enc_info->ltk[]
<info> peer_manager_smd: AE A4 A9 BD
<info> peer_manager_smd: C5 29 6F A9
<info> peer_manager_smd: 19 2F 63 C5
<info> peer_manager_smd: 29 20 1 4E
<info> peer_manager_handler: Connection secured: role: Peripheral, conn_handle: 0, procedure: Encryption
<info> peer_manager_handler: Peer data updated in flash: peer_id: 0, data_id: Peer rank, action: Update, no change

So example the Glucose application should connect, disconnect, then connect, it would run the 2 times encryption?

Question 3:

And I track the sniffer packets by Ellisys, it really needs 3 keys, 1st is generate right after bonding, 2nd and 3rd are generated right after encryption. The following picture is what I mention 3 keys:

I wonder bonding need any key to decrypt? Is that DHKey or something?

After encryption, I only got 1 LTK in p_enc_info->ltk[] in sec_info_request_process(), but this LTK is not applicable on 2nd and 3rd. So is this LTK correct?

Question 4:

LLCP packets still not get the LL_START_ENC_RSP from central (nRF Connect), so is it normal behavior?

Thanks,

Fox Tai

RE: How to implement the LESC for ble peripheral?

Simonr — Tue, 27 Oct 2020 13:38:36 GMT

I'm sorry, but what exactly is the problem? It seems like your BLE sniffer is the part that's struggling to keep up in the different connections (please correct me if I'm wrong). Do you see problems in the encryption in the log on your nRFConnect app and/or the debug log of the DK?

Please also note that the LESC Multirole Example is defined as an experimental example, which means it has not been thoroughly tested and may have some undiscovered bugs. For a more streamlined peripheral application with LESC pairing/bonding, please check out the Glucose application instead.

Best regards,

Simon