Does the DA14581 chip's BLE stack enforce the BLE LTK size limit (7-16 bytes) so that the application can always trust that the key size is valid?
Thanks!
Keywords:
Device:
⚠️
Hi there.. thanks for coming to the forums. Exciting news! we’re now in the process of moving to our new forum platform that will offer better functionality and is contained within the main Dialog website. All posts and accounts have been migrated. We’re now accepting traffic on the new forum only - please POST any new threads at//www.wsdof.com/support. We’ll be fixing bugs / optimising the searching and tagging over the coming days.
Hi there.. thanks for coming to the forums. Exciting news! we’re now in the process of moving to our new forum platform that will offer better functionality and is contained within the main Dialog website. All posts and accounts have been migrated. We’re now accepting traffic on the new forum only - please POST any new threads at//www.wsdof.com/support. We’ll be fixing bugs / optimising the searching and tagging over the coming days.
Hi JamesHiebert,
Could you please clarify your question? What do you mean that DA14581 chip’s BLE stack enforce the BLE LTK size limit (7-16 bytes). Be aware that the LTK is 16bytes.
Thanks, PM_Dialog
Hello Dialog,
The BLE v4.1 spec says the LTK can be between 7 and 16 bytes.
Section 2.4.2.3 Generation of LTK, EDIV, and Rand
"The generated LTK size must not exceed the negotiated encryption key size and its size may need to be reduced (see Section 2.3.4)".
2.3.4加密密钥大小
Each device shall have maximum and minimum encryption key length parameters
which defines the maximum and minimum size of the encryption key
allowed in octets. The maximum and minimum encryption key length parameters
shall be between 7 octets (56 bits) and 16 octets (128 bits), in 1 octet (8
bit) steps. This is defined by a profile or device application.
The smaller value of the initiating and responding devices maximum encryption
key length parameters shall be used as the encryption key size.
Both the initiating and responding devices shall check that the resultant
encryption key size is not smaller than the minimum key size parameter for that
device and if it is, the device shall send the Pairing Failed command with error
code “Encryption Key Size”.
The encryption key size may be stored so it can be checked by any service that
has minimum encryption key length requirements.
If a key has an encryption key size that is less than 16 octets (128 bits), it shall
be created by masking the appropriate MSBs of the generated key to provide a
生成的键具有商定的加密密钥大小。掩盖应该是
done after generation and before being distributed (in the case of LTK), used or
stored.
For example, if a 128-bit encryption key is
0x123456789abcdef0123456789abcdef0.
and it is reduced to 7 octets (56 bits), then the resulting key is
0x0000000000000000003456789ABCDEF0.
So my question is, will the stack ever pass an invalid size (<7 or >16) to the application (e.g., in the GAPC_LTK_EXCH flavor of a bond request indication) if the master sends an invalid key size?
Hi JamesHiebert,
According to the rom code of DA14581, there is a check only if the LTK is more that 16bytes. So, if the LTK is more than 16bytes, the rom code will send the first 16bytes in order to have a valid size. If the LTK size is smaller than 7bytes, then the unused bytes will be masked with zeros. In both situations, the LTK size will be 16bytes, so if the master sends an invalid size, there is a correction in rom code.
Thanks, PM_Dialog
谢谢你提供的详情。One more follow-on question regarding the size of the key passed:
If the master has an LTK size of 7 and the slave has an LTK size of 16 and is also supposed to generate the LTK, the slave's stack sends the GAPC_BOND_REQ_IND (GAPC_LTK_EXCH) message to the app with a data.key_size field value of 7.
Instead, if the master has an LTK size of 5 (which is an invalid size) and the slave has an LTK size of 16 and is also supposed to generate the LTK, will the slave's stack still send the GAPC_BOND_REQ_IND (GAPC_LTK_EXCH) message to the app? If it does, will it indicate an (invalid) key size of 5?
Hi JamesHiebert,
In every case, the LTK that the master and the slave send, is modified by the rom code to be 16 bytes. In both questions that you have made, the master’s LTK will be masked with zeros in order to have16bytes size.
Thanks, PM_Dialog
嗨对话框,
我明白堆栈焊接键的大小为16个字节。我的问题是报告的“key_size”字段为主LTK大小为5.如果主站和从站协商的LTK大小为7,则此值为7。如果主站提供的LTK大小为5,则将是什么??我正在尝试确定应用程序是否可以对具有GAPC_LTK_EXCH堆栈消息提供的无效key_size来确定和反应。