Microchip® Advanced Software Framework

 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
Security APIs

This group includes security APIs.

Functions

at_ble_status_t at_ble_authenticate (at_ble_handle_t conn_handle, at_ble_pair_features_t *features, at_ble_LTK_t *ltk, at_ble_CSRK_t *csrk)
 Starts Pairing procedure for a given connection. More...
 
at_ble_status_t at_ble_encryption_request_reply (at_ble_handle_t conn_handle, at_ble_auth_t auth, bool key_found, at_ble_LTK_t *key)
 Responds to encryption start request from master device AT_BLE_ENCRYPTION_REQUEST, once encryption starts AT_BLE_ENCRYPTION_STATUS_CHANGED event is delivered. More...
 
at_ble_status_t at_ble_encryption_start (at_ble_handle_t conn_handle, at_ble_LTK_t *key, at_ble_auth_t auth)
 Starts encryption, once encryption starts AT_BLE_ENCRYPTION_STATUS_CHANGED event is delivered. More...
 
at_ble_status_t at_ble_pair_key_reply (at_ble_handle_t conn_handle, at_ble_pair_key_type_t type, uint8_t *key)
 Provides a passkey or OOB data that was requested via AT_BLE_PAIR_KEY_REQUEST event, If key type is AT_BLE_PAIR_PASSKEY, then a 6-byte ASCII string (digit 0..9 only). More...
 
at_ble_status_t at_ble_send_sec_config (at_ble_signature_info_t *signature_info, at_ble_auth_t authen, bool service_changed)
 Set specific link security configuration and bonding data. More...
 
at_ble_status_t at_ble_send_slave_sec_request (at_ble_handle_t conn_handle, bool mitm_protection, bool bond)
 Send slave security request to master. More...
 

at_ble_status_t at_ble_authenticate ( at_ble_handle_t  conn_handle,
at_ble_pair_features_t features,
at_ble_LTK_t ltk,
at_ble_CSRK_t csrk 
)

Starts Pairing procedure for a given connection.

This API will initiate the authentication procedure, given local device requirements and IO capabilities the authentication will proceed in a number of ways, progress is monitored and controlled via the events : AT_BLE_PAIR_KEY_REQUEST ,AT_BLE_PAIR_DONE

In the central role, this function will send an SMP Pairing Request, otherwise in the peripheral role, this function will reply to AT_BLE_PAIR_REQUEST.

Note
  • The authentication procedure with this API shall only be initiated after a connection has been established in master mode or as a response in case of receiving AT_BLE_PAIR_REQUEST event in slave mode.
  • Bonding information(information exchanged during pairing)such as key, authentication level should be stored by application in order to be reused during another connection at_ble_send_sec_config .
  • If the device acts as a master, so initiator_keys is the device itself and responder_keys for peer and in case of acting as a slave, responder_keys for the device itself and initiator_keys for peer.
  • According to IO capabilities or Out Of Band (OOB), if it is possible to perform a pairing using PIN code or OOB data then AT_BLE_PAIR_KEY_REQUEST event will be received by application.
  • If no security message is exchange during more than 30s, bonding procedure is cancelled and no new bond procedure can be started for this link. For your security and in case of a timeout error, it is optional for the application to disconnect the current connection.
Parameters
[in]conn_handlehandle of the ongoing connection
[in]featureslocal device requirements and IO capabilities, should be NULL to reject the pairing request in case of pairing as SLAVE connection ONLY.
[in]ltkLocal device Long Term Key, null if not available
[in]csrkLocal device Connection Signature Resolution Key, null if not available
Returns
Upon successful completion the function shall return AT_BLE_SUCCESS, Otherwise the function shall return at_ble_status_t.

Referenced by ble_pair_request_handler(), and ble_slave_security_request_handler().

at_ble_status_t at_ble_encryption_request_reply ( at_ble_handle_t  conn_handle,
at_ble_auth_t  auth,
bool  key_found,
at_ble_LTK_t key 
)

Responds to encryption start request from master device AT_BLE_ENCRYPTION_REQUEST, once encryption starts AT_BLE_ENCRYPTION_STATUS_CHANGED event is delivered.

Parameters
[in]conn_handlehandle of the connection to be updated
[in]key_foundIf true then a valid key is found in device database and will be used
[in]authauthentication level
[in]keyLTK key used for encryption
Returns
Upon successful completion the function shall return AT_BLE_SUCCESS, Otherwise the function shall return at_ble_status_t

Referenced by ble_encryption_request_handler().

at_ble_status_t at_ble_encryption_start ( at_ble_handle_t  conn_handle,
at_ble_LTK_t key,
at_ble_auth_t  auth 
)

Starts encryption, once encryption starts AT_BLE_ENCRYPTION_STATUS_CHANGED event is delivered.

Parameters
[in]conn_handlehandle of the connection to be updated
[in]keyLTK key used for encryption
[in]authauthentication level , this information must be stored in device database after each pairing process at_ble_pair_done_t
Note
  • This procedure can be initiated only by master of the connection.
Returns
Upon successful completion the function shall return AT_BLE_SUCCESS, Otherwise the function shall return at_ble_status_t

Referenced by ble_slave_security_request_handler(), and pxp_monitor_app_button_event().

at_ble_status_t at_ble_pair_key_reply ( at_ble_handle_t  conn_handle,
at_ble_pair_key_type_t  type,
uint8_t *  key 
)

Provides a passkey or OOB data that was requested via AT_BLE_PAIR_KEY_REQUEST event, If key type is AT_BLE_PAIR_PASSKEY, then a 6-byte ASCII string (digit 0..9 only).

If key type is AT_BLE_PAIR_OOB , then a 16-byte OOB key value in Little Endian format

Parameters
[in]conn_handlehandle of the ongoing connection
[in]typetype of requested key, must match the one asked for in AT_BLE_PAIR_KEY_REQUEST
[in]keythe key requested, should be NULL to reject the pairing TK exchange and terminate pairing procedure.
Returns
Upon successful completion the function shall return AT_BLE_SUCCESS, Otherwise the function shall return at_ble_status_t.

Referenced by ble_pair_key_request_handler().

at_ble_status_t at_ble_send_sec_config ( at_ble_signature_info_t signature_info,
at_ble_auth_t  authen,
bool  service_changed 
)

Set specific link security configuration and bonding data.

Parameters
[in]signature_infosignature_info, more info at at_ble_signature_info_t
[in]authenAuthentication value, one of at_ble_auth_t
[in]service_changedService Changed Indication enabled
Note
  • This function must be called before signed write operation to exchange CSR Keys first.
Returns
Upon successful completion the function shall return AT_BLE_SUCCESS, Otherwise the function shall return at_ble_status_t
at_ble_status_t at_ble_send_slave_sec_request ( at_ble_handle_t  conn_handle,
bool  mitm_protection,
bool  bond 
)

Send slave security request to master.

Parameters
[in]conn_handlehandle of the ongoing connection
[in]mitm_protectionBoolean value for Man-In-The-Middle protection FALSE -> Disable, TRUE -> Enable
[in]bond
Note
Returns
Upon successful completion the function shall return AT_BLE_SUCCESS, Otherwise the function shall return at_ble_status_t.

Referenced by ble_send_slave_sec_request().