LP-CC2652PSIP: Is the encrypted key able to change from master security material to friend security material to encrypt Friend Poll?

Min Lee

Prodigy 20 points

Part Number: LP-CC2652PSIP

Hi teams,

Recently I'm testing the friendship establishment between LPN and Friend node.

Everything works fine If both LPN and Friend node are LP-CC2652PSIP.

However, the friendship establishment will be failed if LPN is LP-CC2652PSIP and Friend node is from another vendor.

After capturing the mesh packets, I find that LPN uses master security material(Network key) to encrypt Friend Poll because I can use Network key to decrypt the Friend Poll packet in Wireshark.

Friend node which is from another vendor only supports friend security material to decrypt Friend Poll.

Therefore, I was wondering if the encrypted key was able to change from master security material to friend security material to encrypt Friend Poll on LPN.

Sincerely,

over 1 year ago

0 Clément over 1 year ago

TI__Guru** 101460 points

Hello,

Thank you for reaching out.

The approach you are suggesting has not been tested on our side so I can only provide broad suggestions.

It seems such approach would require a few changes in the way the LPN sends friend poll. I guess you can start your investigations in the file lpn.c, especially with the function send_friend_poll. The friend node credential should then be accessible from the same file.
In the end you may have to re-write the lower level functions to use the keying material you want for each type of message.

I hope this will help,

Best regards,

0 Min Lee over 1 year ago in reply to Clément

Prodigy 20 points

Hi Clément,

Thanks for your reply.

After following your suggestion, I found that the encryption credential was retrieved by calling net_tx_cred_get to encrypt the tx message in net.c.

It seemed like to retrieve the encryption credential was according to tx->sub in the net_tx_cred_get function.

Therefore, I modified the tx->sub value from bt_mesh.lpn.sub to bt_mesh.lpn.sub[1] and bt_mesh.lpn.sub[2] in the send_friend_poll function.

However, both modifications did not work even though I couldn't decrypt the Friend Poll message by the Network key in Wireshark.

Could you please tell me where friend security material was stored?

Sincerely,

0 Clément over 1 year ago in reply to Min Lee

TI__Guru** 101460 points

Hello,

My understanding is that the netKeyIndex used during friendship establishment is returned within the bt_mesh_lpn_cb received right after completion.

Can you please check if this is what you are looking for?

Best regards,

+1 Min Lee over 1 year ago in reply to Clément

Prodigy 20 points

Hi Clément,

Finally, I found how to change the encryption credential for the Friend Poll message.

The net_tx_cred_get function would return the friend security material by checking the bt_mesh.lpn.established variable.

This variable would be set to 1 when LPN received the Friend Update message from Friend Node.

However, during the friendship establishing LPN sent the Friend Poll message before it received the Friend Update message from Friend Node.

Therefore, I created another variable to indicate that LPN was sending the Friend Poll message and to force the net_tx_cred_get function to return the friend security material instead of the master security material.

By the way, I have one more question about the friendship establishment.

According to the Bluetooth's BLOG, the Friend Poll message should use the friend security material to encrypt it.

Is it ok to use the master security material to encrypt the Friend Poll message?

Here is the BLOG link below.

www.bluetooth.com/.../

I very appreciate all your support.

Sincerely,

Bluetooth®︎

Bluetooth forum

LP-CC2652PSIP: Is the encrypted key able to change from master security material to friend security material to encrypt Friend Poll?