- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm trying to create a secure BLE application. I see the following comment in the docs for Cy_BLE_GAP_GenerateSetLocalP256Keys, "If this function is not called before pairing process starts, the BLE Stack will use a debug public-private key pair defined in Bluetooth Core specification.".
Having a well known private key does seem like a security problem.
I don't see any sample code that calls this function. I can imagine the following implementation might be correct, but with security code like this its hard to know whether it is secure and not if it just works. I'd much prefer a known good sample.
case CY_BLE_EVT_STACK_ON:
Cy_BLE_GAP_GenerateSetLocalP256Keys();
delayAdvertStart = true;
// don't StartAdvertisment until keys set
break;
case CY_BLE_EVT_GAP_GEN_SET_LOCAL_P256_KEYS_COMPLETE:
Cy_BLE_GAP_SetLocalP256Keys((cy_stc_ble_gap_smp_local_p256_keys_t *)eventParam);
if (delayAdvertStart)
Cy_BLE_GAPP_StartAdvertisement(CY_BLE_ADVERTISING_FAST, 0u);
delayAdvertStart = false;
break;
case CY_BLE_EVT_GAP_DEVICE_CONNECTED:
// For robust security Cypress recommends every pairing (successful or failed) attempt to update public-private key pair
Cy_BLE_GAP_GenerateSetLocalP256Keys();
...
break;
case CY_BLE_EVT_GAP_DEVICE_DISCONNECTED:
// For robust security Cypress recommends every pairing (successful or failed) attempt to update public-private key pair
Cy_BLE_GAP_GenerateSetLocalP256Keys();
...
break;
Solved! Go to Solution.
- Labels:
-
PSoC 6 MCU
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
The function Cy_BLE_GAP_GenerateSetLocalP256Keys() has to be called before pairing process starts, so you can call this function in CY_BLE_EVT_GAP_DEVICE_CONNECTED event. Successful completion of this API is informed by CY_BLE_EVT_GAP_GEN_SET_LOCAL_P256_KEYS_COMPLETE event. Event parameter cy_stc_ble_gap_smp_local_p256_keys_t will contains the keys that are generated and set for LE Secure connection pairing procedure.
Thanks,
P Yugandhar.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
May I know the software version which you are using for your app development? Also please share the BT chip/module name.
Thanks,
-Dheeraj.P.K
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
PSoC Creator 4.4
PDL 3.1.4
CYBLE-416045-02
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
The function Cy_BLE_GAP_GenerateSetLocalP256Keys() has to be called before pairing process starts, so you can call this function in CY_BLE_EVT_GAP_DEVICE_CONNECTED event. Successful completion of this API is informed by CY_BLE_EVT_GAP_GEN_SET_LOCAL_P256_KEYS_COMPLETE event. Event parameter cy_stc_ble_gap_smp_local_p256_keys_t will contains the keys that are generated and set for LE Secure connection pairing procedure.
Thanks,
P Yugandhar.