• State Resolved
  • Locked Locked
  • Replies 11 replies
  • Answers 2 answers
  • Subscribers 52 subscribers
  • Views 2987 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC2564: CC256X bluetopia LE OOB

Jerome Godbout86
Intellectual 330 points
Part Number: CC2564
Other Parts Discussed in Thread: CC256XCQFN-EM

Hi,

I'm looking for a way to create an out of band (OOB) connection for Bluetooth LE between a center and a peripheral that have temporary a wired communication to exchange the OOB data. I have the CC256X STM32 Bluetopia SDK. I want a secure OOB connection as much as possible (not just works unsecure connection).

My understanding is the following so far for (classic/legacy) OOB:

- The peripheral get the OOB data from GAP_Query_Local_Out_of_Band_Data()??? (Simple_Pairing_Hash_t and Simple_Pairing_Randomizer_t) and transfer both information along his BD_ADDR along with it.

- The master receive the OOB data. Should it set it somewhere before the connection is started? or it's only used during the pairing? where should it be used into the whole connection/authentification/pairing/bonding flow?

- The master must initiate a connection to the peripheral (no need to advertise and scan I hope, a direct connection should be enough).

- Upon connection, the peripheral OOB data should be used to authentificate, pair and bond (How??? to do this, what is the event we must used to fill the information ?)

For BLE OOB, thing seem different from the specs (seem like more I want to do):

- The devices must exchange the TK key (where do I get this key inside Bluetopia?)

- Upon receiving the TK key where should I call to create the STK on devices.

I'm a bit lost into the Bluetopia SDK where/what I need for making an OOB connection/pairing properly (really wish I could do the LE TK exchange for a more secure pairing).

  • 0
    Intellectual 330 points
    After further reading, I thing I must implement the paring flow explained into Bluetooth specification V.5 Volume 2 part F section 4.2 "SIMPLE PAIRING MESSAGE SEQUENCE CHARTS"
    I guess the OOB connection under BLE is a secure connection that must be step 1, 2, 3a, 4, 5, 6, 7c, 8, 9, 10, 11
    I hope I'm not miss understanding the OOB connection flow for a BLE device with Bluetopia stack.

    The flow is exaplined with HCI layer, I wonder how I can make this work at GAP layer or for a BLE device? I'm not sure what is required here. If someone could shed some light on this that would be nice.

    Can I use the GAP_LE_X functions? Do I need to avoid all GAP_ function and talk to the HCI layer only? What was the OOB flow into the Bluetopia stack?
  • 0 in reply to Jerome Godbout86
    TI__Expert 6335 points
    Jerome,

    e2e.ti.com/.../577536

    Please refer to this thread regarding OOB pairing using Bluetopia.
  • 0 in reply to dale
    Intellectual 330 points

    Isn’t that recommendation a non secure connection legacy just work pairing only? I mean it doesn’t follow the spec flow and only bypass the pin number (which I guess should be set as display and keyboard capable device to make this work.

    I was looking for something more inline with the spec that exchange the oob data (hash and randomizer) and cteate a secure connection. Maybe I don’t understand something but the bluetooth spec  seem to give some clear HCI steps on this. My question is the bluetopia and gap layer: can they be used to perform the specs flow and simplify this flow? if so, how and where the oob data enter into play with those? or do I need to use the HCI Api only to perform the oob pairing from the host?

  • 0
    TI__Mastermind 29250 points

    Hi Jerome,

    Jerome Godbout86 said:

    - The devices must exchange the TK key (where do I get this key inside Bluetopia?)

    The TK key refers to the LE legacy pairing. The TK key input/calculation for Bluetopia is done internally in the Security Manager, so it is not possible to input the TK for the legacy pairing. You can use the LE Secure Connection (SC) Out-of-Band pairing method.

    Jerome Godbout86 said:

    - Upon receiving the TK key where should I call to create the STK on devices.

    Please refer to the comment above. For usage/implementation of the LE Secure Connections OOB pairing, please refer to the SCGenerateOOBLocalParams() function and the GAP_LE_Event_Callback() of the SPPLEDemo.c.

    Best regards,

    Vihang

    Edit (01/18/2018) : Please refer to the later post from January 18, 2018 regarding more accurate information.

  • 0 in reply to Vihang Parmar
    Intellectual 330 points

    Hi, thanks for the info. I was under the impression the SCGenerateOOBLocalParams was only for the LE Legacy Secure Simple Pairing (4.0/4.1) and the doc seem to be into this way too.

    http://processors.wiki.ti.com/index.php/CC256x_TI_Bluetooth_Stack_CSCPDemo_App#SCGenerateOOBLocalParams

    I'm still not sure what is required to be exchanged for an OOB LE Secure Connection (full 4.2, not a Just Work nor a legacy pairing). I'm a bit at lost with all the connections type but I would like a secure authenticated/encrypted connection (require as little as possible exchange between devices and use the most of the oob link prior to start connecting the device).

    I will go and try a normal secure connection with whitelist of oob address received only. I guess giving both IO capbability OOB will request me something special at some point where I will have to figure out what is required to be exchange between device into OOB link and will be filled into some events (both side I think).

    Maybe I'm missing a main concept here,

    Thanks for the help

  • 0 in reply to Jerome Godbout86
    TI__Mastermind 29250 points

    Jerome,

    Jerome Godbout86 said:
    I was under the impression the SCGenerateOOBLocalParams was only for the LE Legacy Secure Simple Pairing (4.0/4.1) and the doc seem to be into this way too.

    It is quite the opposite. The SCGenerateOOBLocalParams is for LE Secure Connections (4.2) OOB pairing. The documentation that you linked above mentions the same thing. "It is relevant for LE SC pairing only! "

    Jerome Godbout86 said:
    Maybe I'm missing a main concept here,

    Please refer to the Section "2.3.4.6.4 Authentication Stage 1 - Out of Band" in Bluetooth Core Specification 4.2 [Vol 3, Part H] for details on the exact OOB pairing procedure for LE Secure Connections.

    Best regards,

    Vihang

  • 0 in reply to Vihang Parmar
    Intellectual 330 points
    Ok, thanks, my bad. With your example link I just realized the download link I found at first was Bluetopia SDK 4.0.2.2 which don't have those API call at all. After some search I did find another CC256X download link for v4.2.1.0.

    www.ti.com/.../CC2564CSTBTBLESW
    contain the proper link to Bluetopia v4.2.1.0 which support 4.2 Bluetooth

    www.ti.com/.../CC256XSTBTBLESW
    contain the old 4.0.2.2 link, I did not knew all CC256X radio were not supporting the same Bluetooth version (I though 4.0 to 4.2 was just software update, my bad, I guess this is due to some hardware that does the P-256 ECDH is missing).

    My board only have a CC2564MODN radio chip. So I guess I'm left with only the 4.0 spec design (I can only make it connect with LE legacy Secure Simple Pairing).

    By comparing the GAP API header, now it start to make some sense out of it. I was trying to fit a square into a round hole here, thanks. Now the specs and the doc might start make some sense. Thanks again. Sorry for the beginner questioning, this is my first Bluetooth project and the specs is a bit hard to follow.
  • 0 in reply to Jerome Godbout86
    TI__Mastermind 29250 points
    Jerome,

    Glad I could help! Just FYI, you can use the CC256XCQFN-EM that is certified for BT 4.2.

    Best regards,
    Vihang
  • 0 in reply to Vihang Parmar
    Intellectual 330 points

    Hi again, I'm still struggling with a few concept of OOB, this follow my last finding, now that I known I only have Bluetooth 4.0 (Bluetopia 4.0.2.2) with my radio and stack I wonder if the Le Legacy - Secure Simple Pairing is possible? I can generate and exchange the OOB  using:

    GAP_Query_Local_Out_Of_Band_Data(GAP_Out_Of_Band_Data_t*)

    which give me the hash and the rand. I already pass this data over my OOB link along with the public address. Each device then white list each other and the peripheral start advertise to the white list address and the central start scanning with white filter enabled.

    Device connect. I should now give my IO capability (No IO on both device in my case) and set the OOB flag. After this, according to those link:

    https://blog.bluetooth.com/bluetooth-pairing-part-5-legacy-pairing-out-of-band

    https://community.nxp.com/thread/332191

    I should receive and confirm with OOB data with the C1() and S1 function. But the second link seem to indicate this was introduced into 4.1 specs and I can't find them into Bluetopia 4.0.2.2. Is Le Legacy - Secure Pairing OOB with hash/rand possible with this stack or I'm chasing a ghost again?

    With this stack is possible or built-in?

    If this is not implemented/possible, I probably will make a pin key exchange on OOB (4-6 number?) and use IO capability on the master for keyboard/display and display on peripheral device and simulate user action to authenticate? That would be an ugly hack but could work I think (if the pin number can be enforced on the peripheral and is not generated by the stack at the display time).

    Thanks for your help, it's appreciated

    Jerome

  • 0 in reply to Jerome Godbout86
    Intellectual 330 points

    To add some information which might help or clarify:
    I just checked the 4.0 specs and I want to achieve the security mode 1 level 3, I guess this should be possible with OOB.
    When I have to fill the 

    GAP_LE_Authentication_Response_Information_t
{
  ...
  {
    GAP_LE_OOB_Data_t Out_Of_Band_Data
    {
       Encryption_Key_t OOB_Key
    }
    ...
  } Authentication_Data
}

    this is only a single key Encryption_Key_t, which is the result of c1() function call (if I'm not mistaken from the oob hash and rand). Is the C1 function implemented into the stack or should I create it?

  • 0 in reply to Jerome Godbout86
    TI__Mastermind 29250 points

    Hi Jerome,

    I think there was some confusion on my side regarding the terminology. Sorry about that.

    Jerome Godbout86 said:
    GAP_LE_Authentication_Response_Information_t
{
  ...
  {
    GAP_LE_OOB_Data_t Out_Of_Band_Data
    {
       Encryption_Key_t OOB_Key
    }
    ...
  } Authentication_Data
}

    this is only a single key Encryption_Key_t, which is the result of c1() function call (if I'm not mistaken from the oob hash and rand). Is the C1 function implemented into the stack or should I create it?

    This is actually not the result of the c1(), but it is the TK. And yes, the c1() function is implemented inside the stack.

    Strictly speaking about the LE Legacy Pairing using the OOB authentication, the best way to implement is like the following.

    Device A:

1. Generate the 128-bit random number TK using (i.e. using the HCI_LE_Rand from HCIAPI.h). 
    You can combine two of the Random keys generated by the HCI_LE_Rand() to create the TK. 

2. Send the 128-bit TK to the Device B using the OOB method.

3. Set the OOB_Present flag in the Capabilities and start pairing.

4. When the GAP_LE_Event_Callback is called with (GAP_LE_Authentication_Event_Type 
    = latConfirmationRequest) and (Request_Type = crtOOB), set the TK as the Out_of_Band_Data 
    and respond with the GAP_LE_Authentication_Response.

Device B:

i. When the GAP_LE_Event_Callback is called with (GAP_LE_Authentication_Event_Type
     = latConfirmationRequest) and (Request_Type = crtOOB), set the TK as the Out_of_Band_Data 
    and respond with the GAP_LE_Authentication_Response.

    Best regards,

    Vihang