Shulou(Shulou.com)06/03 Report--

1. Concept

Pairing refers to the process by which Master and Slave negotiate to establish the key for encryption (decryption). It refers to part 7 of the figure below.

two。 Pairing method

Master and Slave have two optional pairing methods: legacy pairing and Secure Connections. From the point of view of naming, the former is the past method, and the latter is the new method. The selection is based on the use of Secure Connections when both Master and Slave support Secure Connections (the new method). Otherwise, use legacy pairing.

3. Pairing process

The pairing process is shown in the figure and is mainly completed by the following four parts:

3.1.Pairing Feature Exchange

It is used to exchange the authentication requirements of both parties (authentication requirements), and what kind of human-computer interaction capability (IO capabilities) both parties have. The most important of these is IO capabilities exchange.

The capabilities of IO can be summarized into the following six categories:

NoInputNoOutput

DisplayOnly

NoInputNoOutput1

DisplayYesNo

KeyboardOnly

KeyboardDisplay

The above IO capabilities determine the subsequent authentication method.

3.2.Public key exchange

Public key is exchanged between the two devices. Once the device receives the public key of the peer device, it can begin to calculate the Diffie Hellman key (DHKey). It is time-consuming and should start as early as possible so that user interaction can hide computing time. DHKey is not required before step 8.

When the length of the Public key is greater than the length of the DM1 packet, a special PDU is used for data transmission.

3.3.Authentication

The actual pairing operation is carried out through the SMP protocol. According to the result of phase 1 "Feature Exchange", there are three authentication methods available:

3.3.1.OOB authentication:

If both parties support OOB authentication, choose this method (with the highest priority). By the pairing parties, in addition to the pairing process, exchange some additional information, and use this information as input to carry out the subsequent pairing operation. This extra information is also called OOB (out of band), and the interaction process of OOB is called OOB protocol.

3.3.2.MITM authentication:

(man-in-the-middle) authentication, which consists of two methods:

Numeric Comparision authentication: two devices negotiate to generate 6 digits and display them (two devices are required to have display capabilities). Users confirm after comparison (consistent or inconsistent, devices are required to have simple yes or no confirmation capabilities).

Passkey Entry, authentication by inputting a pairing code.

3.3.3.Just Work:

Just Work, without the participation of users, the two devices negotiate on their own.

3.4.DHKey Checks

Once the device has completed the authentication process and the DHKey calculation has been completed, the generated DHKey value is checked. If successful, both devices will finish displaying information about the process to the user, otherwise the controller sends a message to the host informing it to stop displaying the information.

When the pairing process is completed, link key can be calculated from DHKey and used as input for subsequent interactions (KEY + plaintext = > encrypted data) to notify host through HCI_Link_Key_Notification.

After the above process, both parties have generated an encrypted key, so an encrypted connection can be established. After an encrypted connection is established, you can send some private information to each other, such as Encryption Information, Identity Information, Identity Address Information, etc.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.