Does the STM32WB BLE stack implement Security Level 4 (Elliptic Curve Diffie-Hellman Encryption)?

User1655833706281357277 · ‎2024-05-18

NIST Special Publication 800-121
(https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=934038)
recommends using BLE Security Mode 1 Level 4 (page v) which calls for
Elliptic Curve Diffie-Hellman encryption. Does the latest STM32 BLE stack for the STM32WB implement that? If so, where is the API call to enforce it? There are no obvious parameters in any of the security-related BLE functions that I can find.

User1655833706281357277 · ‎2024-05-22

Apparently, the BLE stack doesn't implement security level 3 encryption, only level 4 encryption? Who knows? Anyway, setting MITM_Mode=1, SC_Support=2, and Use_Fixed_Pin=1 (do not used a fixed pin) in aci_gap_set_authentication_requirement() gets you security level 4 in BLE mode. Note that you have to be using the authenticated characteristic before aci_gap_get_security_level() gives you the security mode you're looking for.

View solution in original post

User1655833706281357277 · ‎2024-05-21

I guess I need to add that I very much want to be able to say that the product in development conforms to the NIST bluetooth security recommendations. I find the documentation on BLE security for the STM32WB pretty opaque in terms of getting clear answers on how to implement BLE security level 4. Does anyone have an API call they can point at?

User1655833706281357277 · ‎2024-05-22

Apparently, the BLE stack doesn't implement security level 3 encryption, only level 4 encryption? Who knows? Anyway, setting MITM_Mode=1, SC_Support=2, and Use_Fixed_Pin=1 (do not used a fixed pin) in aci_gap_set_authentication_requirement() gets you security level 4 in BLE mode. Note that you have to be using the authenticated characteristic before aci_gap_get_security_level() gives you the security mode you're looking for.