CCS/CC2652R: Does GAP Bond Manager support OOB pairing for LE Secure Connections?

krs

Part Number: CC2652R

Tool/software: Code Composer Studio

We try to pair 2 devices using the TI GAP Bond manager. The pairing method is OOB with LE Secure Connections.

In this page there is no mention of OOB with LE Secure Connections. Is this supported by the Bond Manager? If so, is there an example or Documentation on how to use it?

Here there is no description of this mode.

We found these functions... but do not know exactly how to use them, or how or when the Bond Manager calls them.

GAPBondMgr_SCGetLocalOOBParameters (Description seems to be a copy/paste from the function above)

GAPBondMgr_SCSetRemoteOOBParameters

over 4 years ago

0 desouza over 4 years ago

TI__Guru**** 171224 points

Hi,

Thanks for your inquiry. I notified one of my colleagues and he will reply as soon as possible.

In the meantime, can you check the BLE Security Fundamentals and the Advanced Security Features modules of our SimpleLink Academy module? That may bring additional ideas to implment this.

https://dev.ti.com/tirex/explore/node?node=AAqqwhkEV.0hRKMj.vsvTA__pTTHBmu__LATEST

Hope this helps,

Rafael

0 Luis M over 4 years ago in reply to desouza

TI__Expert 5345 points

Christian,

You're right. The documentation for Out-of-Band pairing is incomplete.

I will notify the team and we will update the documentation in the future.

In the meantime, please look at the SimpleLink Academy link that Rafael provided, as well as the section on the GAP Bond Manager on the User's Guide. On my side, I'll investigate on how to use those functions in order establish the pairing keys through other means different than BLE communication. I will update you here.

Thanks,

Luis

0 Luis M over 4 years ago in reply to Luis M

TI__Expert 5345 points

Christian,

I am investigating this matter with our dev team. Thanks for your patience.

-Luis

0 krs over 4 years ago in reply to Luis M

Intellectual 780 points

Until an official documentation update, here the steps we are taking to achieve OOB Secure-Connection:

1. Get local OOB parameters for TI chip.
GAPBondMgr_SCGetLocalOOBParameters (OpCode = 0xFE4C) from BTool Misc_GenericCommand with data = empty.

2: Encrypt and send the data OOB to DUT

3: Receive OOB data from DUT
We need to decrypt with AES CCM

4: Set Pairing Parameters for Bond Manager
GapBondMgr_SetParameter
Pair mode – GAPBOND_PAIRING_MODE_INITIATE
Mitm protection – true
IO caps -GAPBOND_IO_CAP_NO_INPUT_NO_OUTPUT
OOB enabled – true
Bond enabled – true
KeySize – 16
Secure-Connection GAPBOND_SECURE_CONNECTION_ONLY

5: Start Pairing
GapBondMgr_Pair

6: After 1-2 seconds Set remotes OOB data:
GAPBondMgr_SCSetRemoteOOBParameters (OpCode = 0xFE4D) from BTool Misc_GenericCommand with data = PeerConfirm(16bytes) | PeerRandom(16bytes) | 0x01

7: Pairing done

One additional problem is that we try to do all this via NPI interface and most of these functions are not available over NPI or BTool so we need to use workarounds or rely on external libs (like for AES CCM).

Would be nice to have all these functions natively available over NPI since they are mandatory! for OOB pairing with Secure connections.

0 Luis M over 4 years ago in reply to krs

TI__Expert 5345 points

krs,

The good news is that, yes, the OOB method is supported and we are working on updating the documentation.

In summary, these are the steps:

1: Create gapBondOOBData_t variables, one for local OOB data and one for remote’s data:

typedef struct
{
    uint8 confirm[KEYLEN];          // calculated/received confirm value
    uint8 rand[KEYLEN];              //  calculated/received random number
} gapBondOOBData_t;

gapBondOOBData_t localOobData;
gapBondOOBData_t remoteOobData;

2: Define pair state callback

// Bond Manager Callbacks
static gapBondCBs_t bondMgrCBs =
{
SimpleCentral_passcodeCb, // Passcode callback
SimpleCentral_pairStateCb // Pairing/Bonding state Callback
};
 
/*********************************************************************
 * @fn      SimpleCentral_pairStateCb
 *
 * @brief   Pairing state callback.
 *
 * @return  none
 */
static void SimpleCentral_pairStateCb(uint16_t connHandle, uint8_t state, uint8_t status)
{
  scPairStateData_t *pData;
  // Allocate space for the event data.
  if ((pData = ICall_malloc(sizeof(scPairStateData_t))))
  {
    pData->connHandle = connHandle;
    pData->status = status;
    // Queue the event.
    if(SimpleCentral_enqueueMsg(SC_EVT_PAIR_STATE, state, (uint8_t*) pData) != SUCCESS)
    {
      ICall_free(pData);
    }
  }
}

3: Call to “GAPBondMgr_GenerateEccKeys()” and wait for pair state callback.

4: Process pair state callback and call to “GAPBondMgr_SCGetLocalOOBParameters” API:

/*********************************************************************
 * @fn      SimpleCentral_processPairState
 *
 * @brief   Process the new paring state.
 *
 * @return  none
 */
static void SimplePeripheral_processPairState(spPairStateData_t *pPairData)
{
  uint8_t state = pPairData->state;
  uint8_t status = pPairData->status;
  switch (state)
  {
    case GAPBOND_GENERATE_ECC_DONE:
    {
      if( status == SUCCESS)
      {
         GAPBondMgr_SCGetLocalOOBParameters(&localOobData);
      }
      break;
    }
    default:
      break;
  }
}

5: Perform OOB communication, in which device address, random number and confirm value are exchanged, per the spec.

6: Set remotes OOB authentication data using:

GAPBondMgr_SCSetRemoteOOBParameters (&remoteOobData, 1);

IMPORTANT: Please note that setting the remote OOB parameters (with step #6) will trigger the pairing automatically.

Now, this doesn't exactly apply to an application over NPI. I will need to investigate on that.

Thanks,

Luis

0 krs over 4 years ago in reply to Luis M

Intellectual 780 points

Is the step 3. Call to “GAPBondMgr_GenerateEccKeys()” and wait for pair state callback. mandatory?

Aren't these keys generated already? Or better yet aren't they generated with each Pair depending on eccKeyRegen parameter?

--------------------------------------------------------------------
[18] : <Tx> - 03:32:23.723
-Type           : 0x01 (Command)
-OpCode         : 0xFE36 (GAPBondMgr_SetParameter)
-Data Length    : 0x04 (4) byte(s)
 ParamID        : 0x0412 (1042) (GAPBOND_ECCKEY_REGEN_POLICY)
 ParamLength    : 0x01 (1)
 EccKeyRegenPol : 0x02 (2)
Dump(Tx):
0000:01 36 FE 04 12 04 01 02                         .6......
--------------------------------------------------------------------
[19] : <Rx> - 03:32:23.738
-Type           : 0x04 (Event)
-EventCode      : 0x00FF (HCI_LE_ExtEvent)
-Data Length    : 0x06 (6) bytes(s)
 Event          : 0x067F (1663) (GAP_HCI_ExtentionCommandStatus)
 Status         : 0x00 (0) (SUCCESS)
 OpCode         : 0xFE36 (GAPBondMgr_SetParameter)
 DataLength     : 0x00 (0)
Dump(Rx):
0000:04 FF 06 7F 06 00 36 FE 00                      ......6..
--------------------------------------------------------------------

When I call GetECCKeys some private keys are listed. but they change on every call?!?

[1] : <Tx> - 03:34:03.664
-Type           : 0x01 (Command)
-OpCode         : 0xFE3A (SM_GetEccKeys)
-Data Length    : 0x00 (0) byte(s)
Dump(Tx):
0000:01 3A FE 00                                     .:..
--------------------------------------------------------------------
[2] : <Rx> - 03:34:03.800
-Type           : 0x04 (Event)
-EventCode      : 0x00FF (HCI_LE_ExtEvent)
-Data Length    : 0x06 (6) bytes(s)
 Event          : 0x067F (1663) (GAP_HCI_ExtentionCommandStatus)
 Status         : 0x00 (0) (SUCCESS)
 OpCode         : 0xFE3A (SM_GetEccKeys)
 DataLength     : 0x00 (0)
Dump(Rx):
0000:04 FF 06 7F 06 00 3A FE 00                      ......:..
--------------------------------------------------------------------
[3] : <Rx> - 03:34:03.810
-Type           : 0x04 (Event)
-EventCode      : 0x00FF (HCI_LE_ExtEvent)
-Data Length    : 0x63 (99) bytes(s)
 Event          : 0x0610 (1552) (SM_GetEccKeys)
 Status         : 0x00 (0) (SUCCESS)
 Private Key    : 14:6C:80:7A:E3:EC:78:6F:6E:B5:14:A0:6F:9A:96:D4:
                  FB:94:5A:0F:6E:49:05:29:DD:CB:13:6F:2F:D1:26:41
 Private Key X  : 1F:AE:4C:47:9D:27:1B:A4:7E:7E:27:B4:31:C1:99:2E:
                  DE:91:C9:21:A0:8F:3F:CD:E1:BC:C8:DA:47:C4:FB:AD
 Private Key Y  : 06:13:79:B5:B1:CC:D6:7A:6A:31:41:2D:4E:B7:CA:E6:
                  E4:7D:D7:E3:26:E1:3F:A3:59:13:B8:32:CB:C4:EF:60
Dump(Rx):
0000:04 FF 63 10 06 00 14 6C 80 7A E3 EC 78 6F 6E B5 ..c....l.z..xon.
0010:14 A0 6F 9A 96 D4 FB 94 5A 0F 6E 49 05 29 DD CB ..o.....Z.nI.)..
0020:13 6F 2F D1 26 41 1F AE 4C 47 9D 27 1B A4 7E 7E .o/.&A..LG.'..~~
0030:27 B4 31 C1 99 2E DE 91 C9 21 A0 8F 3F CD E1 BC '.1......!..?...
0040:C8 DA 47 C4 FB AD 06 13 79 B5 B1 CC D6 7A 6A 31 ..G.....y....zj1
0050:41 2D 4E B7 CA E6 E4 7D D7 E3 26 E1 3F A3 59 13 A-N....}..&.?.Y.
0060:B8 32 CB C4 EF 60                               .2...`
--------------------------------------------------------------------
[4] : <Tx> - 03:34:04.841
-Type           : 0x01 (Command)
-OpCode         : 0xFE3A (SM_GetEccKeys)
-Data Length    : 0x00 (0) byte(s)
Dump(Tx):
0000:01 3A FE 00                                     .:..
--------------------------------------------------------------------
[5] : <Rx> - 03:34:04.979
-Type           : 0x04 (Event)
-EventCode      : 0x00FF (HCI_LE_ExtEvent)
-Data Length    : 0x06 (6) bytes(s)
 Event          : 0x067F (1663) (GAP_HCI_ExtentionCommandStatus)
 Status         : 0x00 (0) (SUCCESS)
 OpCode         : 0xFE3A (SM_GetEccKeys)
 DataLength     : 0x00 (0)
Dump(Rx):
0000:04 FF 06 7F 06 00 3A FE 00                      ......:..
--------------------------------------------------------------------
[6] : <Rx> - 03:34:04.990
-Type           : 0x04 (Event)
-EventCode      : 0x00FF (HCI_LE_ExtEvent)
-Data Length    : 0x63 (99) bytes(s)
 Event          : 0x0610 (1552) (SM_GetEccKeys)
 Status         : 0x00 (0) (SUCCESS)
 Private Key    : E3:05:1C:8E:26:B9:4A:93:56:CA:49:6C:40:E8:FE:6D:
                  1D:8A:AE:43:48:A0:CB:FF:73:0C:A1:97:CB:B9:80:9D
 Private Key X  : 02:2C:4A:BF:76:DE:A8:F5:61:93:EC:0F:04:3E:AF:66:
                  FE:4F:3C:07:11:B3:E9:34:B0:F7:68:D2:77:50:1B:38
 Private Key Y  : 6B:7C:0F:7B:5A:37:AC:24:46:DB:8F:2B:A0:5C:0D:90:
                  BB:C3:50:76:FD:9A:01:49:D1:2E:79:DE:93:B0:1E:AD
Dump(Rx):
0000:04 FF 63 10 06 00 E3 05 1C 8E 26 B9 4A 93 56 CA ..c.......&.J.V.
0010:49 6C 40 E8 FE 6D 1D 8A AE 43 48 A0 CB FF 73 0C Il@..m...CH...s.
0020:A1 97 CB B9 80 9D 02 2C 4A BF 76 DE A8 F5 61 93 .......,J.v...a.
0030:EC 0F 04 3E AF 66 FE 4F 3C 07 11 B3 E9 34 B0 F7 ...>.f.O<....4..
0040:68 D2 77 50 1B 38 6B 7C 0F 7B 5A 37 AC 24 46 DB h.wP.8k|.{Z7.$F.
0050:8F 2B A0 5C 0D 90 BB C3 50 76 FD 9A 01 49 D1 2E .+.\....Pv...I..
0060:79 DE 93 B0 1E AD                               y.....
--------------------------------------------------------------------

0 Luis M over 4 years ago in reply to krs

TI__Expert 5345 points

krs,

I'm sorry for the delay. We're in the middle of the Christmas and New Year's break.

To answer your questions:

Is the step 3. Call to “GAPBondMgr_GenerateEccKeys()” and wait for pair state callback mandatory? Yes
Aren't these keys generated already? No
Or better yet aren't they generated with each Pair? Yes, by calling GenerateEccKeys for each pairing process.
When I call GetECCKeys some private keys are listed, but they change on every call?!? Yes

Thanks,

Luis

Bluetooth®︎

Bluetooth forum

CCS/CC2652R: Does GAP Bond Manager support OOB pairing for LE Secure Connections?