• State Resolved
  • Locked Locked
  • Replies 6 replies
  • Subscribers 53 subscribers
  • Views 1076 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

ECDH in BLE-Stack 2.2 software

Farshad Firouzi
Intellectual 400 points
Other Parts Discussed in Thread: CC2650

Hi

According to TI webpage ( https://e2e.ti.com/blogs_/b/connecting_wirelessly/archive/2016/08/11/how-bluetooth-4-2-can-help-enable-product-security)

TI BLE-Stack 2.2 software now supports Bluetooth 4.2 Core Specification. including Secure pairing based on ECDH but I cannot find any document or sample code.

Thanks

Farshad

  • 0
    TI__Genius 11740 points
    Hi Farshad,

    We have some security examples on our GitHub Page for the CC2650, github.com/.../ble_examples

    They are for the SmartRF06 + cc2650em development kit at the moment.

    Regards,

    -Rebel
  • 0 in reply to A. Rebel
    Intellectual 400 points
    Hi Rabel,

    Thanks but the code is not updated and does not have anything about ECDH. I also studied the BLE-STACK-2-2-1 technical manual (updated in 23 Jun 2016), however, I do not see ECDH. I was wondering if you are going to release a new version?

    Thanks and regards,

    Farshad
  • 0 in reply to Farshad Firouzi
    TI__Mastermind 33460 points
    Hi Frashad,

    ECDH is a security aglorithm that is part of of the BLE secure connection features. This algorithm and the key exchanges related to it are handled internally by the BLE stack within the Security Manager layer. The application developer has no need to worry about the ECDH procedure and how it relates to the 4.2 Spec. If you are using secure connections pairing, then you are using ECDH under the hood.

    Relating to secure connections pairing, we have created a lot of collateral:

    1. See our software developer's guide section on LE Secure Connections (5.4) www.ti.com/.../swru393
    2. See the github page that you linked and try out the security examples, a BLE sniffer will reveal that they are in fact Secure connections complaint


    However if you are just interested in the nature of the ECDH algorithm, you might find this video interesting
    youtu.be/YEBfamv-_do
  • 0 in reply to Sean2
    Intellectual 400 points
    Hi Sean,

    Thanks for your note and clarification.
    However, I am a little confused. You mentioned that ECDH is under the hood, but according to my understanding, we need to explicitly select our paring method. According to BLE stack, it has the following methods:

    • just works (Secure Connections or LE Legacy)
    • passkey entry (Secure Connections or LE Legacy)
    • numeric comparison (Secure Connections)
    • Out of Band (Secure Connections or LE Legacy)


    -Could you please a little elaborate in which of the above method ECDH is implemented?

    -Another question: is there any API to i) get access to the key and ii) ECDH function itself. The reason is that I also have a wifi connection, and need to use the key not only for my BLE, but also I would like to perform an end-to-end encryption (over internet) and having access to ECDH is very important for, otherwise, I need to implement it myself.

    Thanks and regards,

    Farshad
  • 0 in reply to Farshad Firouzi
    TI__Mastermind 33460 points
    Hi Farshad,

    Sure, ECDH is used in all LE Secure connections pairing procedures. Kindly refer to Bluetooth Spec Version 4.2 [Vol3 , part H] section 2.3.5.6 which explains LE Secure connections pairing and ECDH key exchange. Note that this method is used by all 4 methods you listed above so long as you are using LE secure connections. LE legacy pairing will not use ECDH.

    The APIs documented in both the software developer's guide explain how to setup the stack to use these features.

    Regarding generating your own ECC keys:
    1. Yes you can do this using the ECCROMCC26xx driver. This is a re-entrant driver that access the ECC code in ROM.
    2. Reading the stack's ECC keys can be accomplished with the GAPBOND_ECC_KEYS parameter to the GAP Bond manager, please see appendix F of the Software developer's guide for more info.
  • 0 in reply to Sean2
    Intellectual 400 points
    Thanks a lot Sean. I appreciate your help.