BLE配对绑定过程梳理

(一)BLE SM为以下三种procedure提供支持:
1. Pairing;
2. Bondig;
3. Encryption Re-establishment;

区别于传统蓝牙的配对过程,BLE的配对过程发生在连接过程之后;为了弄清BLE的配对绑定过程,首先对BLE的广播连接过程进行了梳理,流程图如下图所示:
BLE配对绑定过程梳理_第1张图片

Devices that need to form a connection to another device listen for connectable
advertising packets. Such devices are referred to as initiators. If the advertiser
is using a connectable advertising event, an initiator may make a connection
request using the same advertising PHY channel on which it received the
connectable advertising packet. The advertising event is ended and connection
events begin if the advertiser receives and accepts the request for a
connection be initiated. Once a connection is established, the initiator becomes
the master device in what is referred to as a piconet and the advertising
device becomes the slave device.

(二)BLE配对绑定过程

Pairing can therefore create a secure link that will last only for the lifetime of the con‐ nection, whereas bonding actually creates a permanent association (also called bond) in the form of shared security keys that will be used in later connections until either side decides to delete them. Certain APIs and their documentation sometimes use the term pairing with bonding instead of simply bonding, because a bonding procedure always includes a pairing phase first.

BLE配对绑定过程梳理_第2张图片
从上图可以看出,配对过程分为两个阶段;在此基础上加上密钥分发就完成了绑定过程。

下面对以上三个阶段分别进行介绍:

Pairing is a three-phase process. The first two phases are always used and may be followed by an optional transport specific key distribution phase :
• Phase 2 (LE legacy pairing): Short Term Key (STK) Generation ;
• Phase 2 (LE Secure Connections): Long Term Key (LTK) Generation ;
• Phase 3: Transport Specific Key Distribution.

Phase 1: 特征交换;
交换的配对特征有以下几种,这直接决定了phase2密钥的生成方法;

The devices shall first exchange authentication requirements and IO capabilities in the Pairing Feature Exchange to determine which of the following methods shall be used in Phase 2:
• Just Works
• Numeric Comparison (Only for LE Secure Connections)
• Passkey Entry
• Out Of Band (OOB)

Authentication requirements retrieved from the Pairing Feature Exchange also determine whether LE Secure Connections or LE legacy pairing is used.

Phase 2:生成密钥;
配对过程产生的Key:
LE legacy pairing:
Temporary Key(TK ):短暂存在的Key,128 bit,用来产生STK;
Short Term Key(STK): 128 bit,会被用来加密配对后的链路;

LE secure connection:
Long Term Key(LTK): 128 bit,会被用来加密配对后的链路。

Phase3:密钥交换;

Phase 3 shall only be performed on a link which is encrypted using:
•The STK generated in Phase 2 when using LE legacy pairing or
• The LTK generated in Phase 2 when using LE Secure Connections or
• The shared Link Key generated using BR/EDR pairing

你可能感兴趣的:(BLE)