bletiny privacy

["paul@wrada.com" <pa...@wrada.com>]

Today, Will and I checked in our privacy code which allows resolvable private addresses.

Here some guidance on how to test/use with bletiny:

First, there is a keystore that holds the LTK and IRK keys (IRK are used for privacy, LTK for security).  This keystone is RAM-ONLY right now in ble-tiny.  Its implemented as an API with application callbacks to do the actual storage of blobs, so its possible to re-implement to use NFFS, KVP etc.

You can manually add keys to the keystone using the following

b store show type=<msec|ssec|cccd>
b store add type=<msec|ssec|cccd> addr_type=<public|random> addr=<mac> irk=<key>

You can also add LTK keys to the keystone with
B store add ediv=<16-bit num 123213> rand=<48 bit number> ltk=<key: e.g. 00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff>

NOTE: there is a delete command but its not hooked up to BLEtiny yet.

Examples:

b store show type=msec
b store add type=msec addr_type=public addr=11:22:33:44:55:66 irk=00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff
b store add type=msec ediv=1234 rand=32545432543 ltk=00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff

However, you don't need to add these manually, you can instead pair with the device and run a security exchange to exchange these automatically.

Here is a recipe to exchange keys in bletiny

On slave, you can set up the key distribution to exchange IRK and LTK.  You can also set bonding.  The address and IRK settings below are optional, but between two BLEtiny devices you must set local addresses and IRK since they default to the same value.


b set sm_data our_key_dist=3

b set sm_data their_key_dist=3

b set sm_data bonding=1

b set addr=00:01:02:00:01:02

b set irk=00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f

b set adv_data name=slave


b adv conn=und disc=gen own_addr_type=public


On the master, set up a similar configuration and then connect to the slave


b set sm_data our_key_dist=3

b set sm_data their_key_dist=3

b set sm_data bonding=1

b set addr=00:01:02:00:01:01

b set irk=00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff

b set adv_data name=master

b conn peer_addr_type=public addr=00:01:02:00:01:02

Now start security from the master to exchange keys


b sec start conn=1

You should now be able to see the keys in the keystore on master and slave

b store show type=msec


Now we can terminate the connection and reconnect using RPA (resolvable private addresses)

b term conn=1



# on slave

b adv conn=und disc=gen own_addr_type=rpa_pub

#on master

b conn peer_addr_type=public_ident addr=00:01:02:00:01:02 own_addr_type=rpa_pub


The connection procedure to iPhone is similar.


On the slave, initialize the unit to perform bonding and mitm. NOTE: Since our keys are not yet stored in persistent storage, you may have to forget the device on your phone first.


b set sm_data our_key_dist=3

b set sm_data their_key_dist=3

b set sm_data bonding=1

b set sm_data mitm_flag=1

b set sm_data io_capabilities=0

b set addr=00:01:02:00:01:01

b set irk=00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff

b set adv_data name=pauls-slave uuid16=0x1811 uuid16=0x1812

b adv conn=und disc=gen own_addr_type=public


Now the device should be visible as nimble-bletiny


If you click it on the phone, it will pair.


Once connected, initiate security from the client


b sec start conn=1

Because we have advertised our IO_CAP as 0, we will be the one displaying the number to type in to the phone.


Simulate that through bletiny with

b passkey conn=1 action=2 key=123456

Type in the 123456 on the phone and pairing will complete and the devices will exchange keys and they will appear in your keystore.

And again, we can repair with RPA privacy


b term conn=1

b adv conn=und disc=gen own_addr_type=rpa_pub

Click on the device on your phone and you will reconnect with private addresses.