Infineon Logo AIROC BTSDK v4.9 - Documentation
 
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
Security

Functions

void wiced_bt_ble_security_grant (wiced_bt_device_address_t bd_addr, uint8_t res)
 Upon receiving a BTM_SECURITY_REQUEST_EVT in the BT stack management callback (wiced_bt_management_cback_t), this API is used to either grant or deny a pairing attempt by the peer device. More...
 
wiced_bool_t wiced_bt_ble_data_signature (wiced_bt_device_address_t bd_addr, uint8_t *p_text, uint16_t len, wiced_dev_ble_signature_t signature)
 Generates an authentication signature using AES128 CMAC algorithm. More...
 
wiced_bool_t wiced_bt_ble_verify_signature (wiced_bt_device_address_t bd_addr, uint8_t *p_orig, uint16_t len, uint32_t counter, uint8_t *p_comp)
 This function is used to check a given data signature against the original unsigned data. More...
 
wiced_bool_t wiced_bt_ble_get_security_state (wiced_bt_device_address_t bd_addr, uint8_t *p_le_sec_flags, uint8_t *p_le_key_size)
 Get security mode 1 flags and encryption key size for LE peer. More...
 

Detailed Description

Function Documentation

wiced_bool_t wiced_bt_ble_data_signature ( wiced_bt_device_address_t  bd_addr,
uint8_t *  p_text,
uint16_t  len,
wiced_dev_ble_signature_t  signature 
)

Generates an authentication signature using AES128 CMAC algorithm.

The BD_ADDR given as a parameter is used to find the keys stored by AIROC stack, then the keys are used to generate an authentication signature. This functionality is used to perform host-side authentication in the AIROC stack. Rarely used at the application layer.

Parameters
[in]bd_addrpeer device to sign data for (using stored keys)
[in]p_textpointer to data being signed
[in]lenlength of data in p_text
[out]signatureauth signature output by algorithm
Returns
  • WICED_TRUE success, dereference 'signature' param for output
  • WICED_FALSE error (peer addr not found or memory allocation failed)
wiced_bool_t wiced_bt_ble_get_security_state ( wiced_bt_device_address_t  bd_addr,
uint8_t *  p_le_sec_flags,
uint8_t *  p_le_key_size 
)

Get security mode 1 flags and encryption key size for LE peer.

The GATT layer of the AIROC stack will check the link's encryption status before triggering GATT read/write events on auth_readable/auth_writable characteristics. For further MITM checking, the below API should be used to verify the encryption status of the link before responding to GATT operations from the peer. This additional checking would occur in the callback wiced_bt_gatt_cback_t registered in wiced_bt_gatt_register.

If BTM_SEC_LE_LINK_PAIRED_WITHOUT_MITM and BTM_SEC_LE_LINK_PAIRED_WITH_MITM are both enabled in the flag, then this indicates that there is an LTK for this connection.

Parameters
[in]bd_addraddress of peer device
[out]p_le_sec_flagsenumerated wiced_bt_ble_sec_flags_e
  • BTM_SEC_LE_LINK_ENCRYPTED link: encrypted
  • BTM_SEC_LE_LINK_PAIRED_WITHOUT_MITM: paired w/o man-in-the-middle protect.
  • BTM_SEC_LE_LINK_PAIRED_WITH_MITM: paired with man-in-the-middle protect.
[out]p_le_key_sizelength of LTK or STK
Returns
  • WICED_TRUE success, output found in p_le_sec_flags and p_le_key_size
  • WICED_FALSE peer device not found
void wiced_bt_ble_security_grant ( wiced_bt_device_address_t  bd_addr,
uint8_t  res 
)

Upon receiving a BTM_SECURITY_REQUEST_EVT in the BT stack management callback (wiced_bt_management_cback_t), this API is used to either grant or deny a pairing attempt by the peer device.

Parameters
[in]bd_addraddress of peer device requesting pairing
[in]res
  • BTM_SUCCESS to grant access
  • BTM_MODE_UNSUPPORTED to deny pairing
  • BTM_REPEATED_ATTEMPTS already paired
Returns
void
wiced_bool_t wiced_bt_ble_verify_signature ( wiced_bt_device_address_t  bd_addr,
uint8_t *  p_orig,
uint16_t  len,
uint32_t  counter,
uint8_t *  p_comp 
)

This function is used to check a given data signature against the original unsigned data.

The function uses the stored keys of the given LE peer device to verify the signature. This functionality is used to perform host-side authentication in the AIROC stack. Rarely used at the application layer.

Parameters
[in]bd_addrpeer device to sign data for (using stored keys)
[in]p_origoriginal data to check signature for
[in]lenlength of p_orig
[in]countercounter input of CCM algo (refer to BT spec)
[in]p_compsign. to verify wiced_dev_ble_signature_t
Returns
  • WICED_TRUE success, signature matches
  • WICED_FALSE signature mismatch, peer keys not found, or buffer alloc. fail