Tutorial on Connection Encryption

Hi Marius,

I afraid that for now we don't have anything better than the device manager that you would need to dig into to understand how we handle encryption and security.

Another option is to look at the ble_app_template in SDK v8.1 or earlier. In this example we don't use device manager and handle the encryption manually in on_ble_evt() . Bonding is partly supported in the sense that the LTK is distributed but not stored on flash. You can reencrypt the link but not when you restart the device.

You can use one LTK in your mesh, since you can control both side central and peripheral (pairing process doesn't need to be performed for every new connection).

I'm not sure which message sequence chart you looked at. But it's where I would look at first if I want to know how smth works. I would suggest you to look at this one and this one to know how bonding and re-bonding works on the peripheral side.

For the central side, please have a look at this one and this one.

Also please have a look at the description of the sd_ble_gap_sec_params_reply function, especially on how p_sec_keyset works in the way that it will be updated with the encryption keys when bonding is done.

We are planing to have a tutorial soon on this topic. It would be nice if you can give some particular questions that you want the tutorial should cover.

Hello,

Thanks, I'll read your response in detail tomorrow. In the meantime I've just managed to get something running. Here's what I do:

 - Central and Peripheral connect and start an unencrypted connection.
 - The Central calls sd_ble_gap_encrypt with an ediv(keyid?) of 0 and an 8 byte random number
 - The Peripheral receives the BLE_GAP_EVT_SEC_INFO_REQUEST and calls sd_ble_gap_sec_info_reply with its key (which is the same)
 - Both sides receive the BLE_GAP_EVT_CONN_SEC_UPDATE

I've set the auth property of both keys to 1.

Now, did I encrypt this connection successfully?

(I've also implemented the method with the events and functions that you've mentioned but there were quite a few parameters in there that I was just guessing, so I tested this method instead)

As for the tutorial, it would be nice to have an explanation of most of the parameters, the API documentation is not extensive enough. Most of that stuff is documented somewhere in the BLE spec, but it would be nice if you could provide references for how the procedures as a whole work. Just link to some other online resources.

The CONN_SEC_UPDATE event will contain the status and the encryption level. If the status is success, and the encryption level is something higher than SM: 1 Level: 1, then you are indeed encrypted. You should provide an ble_gap_enc_info_t struct with a custom 16-byte LTK in it though, if not you are likely encrypting with an all-zero key. The master ID and rand is used for the peer to figure out which LTK it should load during encryption.

That sound good indeed. I checked the encryption level:

Connection key is now 16 bytes, level 3, securityMode 1

And of course, I provided a symmetrical 16 byte custom key on both sides. Is the rand only used to figure out the key that should be used or is it used as an initialization vector as well? if not, is the IV generated somewhere in the softdevice? I've also tested with a Sniffer and got encrypted packets but I was able to decrypt them by inputting my oob key into the sniffer.

Hi Marius,

The rand and ediv are used to identify the central. Rand is used to generate EDIV from DIV. DIV is generated by the softdevice. You can find how EDIV,LTK generated at Appendix A, B Vol 3 Path H in the Bluetooth Core spec v4.2.

We are currently only use ediv to index the LTK database, but it's not safe enough (16 bit), we will also use rand for indexing in the future release of the SDK.