stm32WB Security standar

j.villar · ‎2023-07-04

Hi!
I've some doubts about security features of stm32WB.
After reading the documentation, forums, etc; I can find that stm32WB implements all 4 security levels of Security Mode 1, which includes the ECDHE P-256 cryptography.
I've some questions about that:

If I enable pairing with no fixed PIN selected, Display Only I/O Capability and MITM protection requierd bit enabled, could I asume that after pairing process with the device, the communication will be encrypted? If so, which encryption would be established, AES-CMAC, ECDHE P-256, both or none?

I've already been able to program the stm32wb to advertise data, print PIN from terminal and pairing my phone to the stm32WB, but I would like to know if that is all, or if I need more steps to encrypt communications.

Thank you in advance!!

Remy ISSALYS · ‎2023-07-27

Hello,

It depends to the value of CFG_SC_SUPPORT parameter in app_conf.h file in your application, see below:

/**
 * Define Secure Connections Support
 */
#define CFG_SECURE_NOT_SUPPORTED              (0x00)
#define CFG_SECURE_OPTIONAL                   (0x01)
#define CFG_SECURE_MANDATORY                  (0x02)

#define CFG_SC_SUPPORT                        CFG_SECURE_MANDATORY

If it's set to CFG_SECURE_NOT_SUPPORTED, it means the LE Legacy pairing will be used.

If it's set to CFG_SECURE_OPTIONAL, LE Legacy pairing or LE Secure Connections will be used depending of the peer device supported feature.

If it's set to CFG_SECURE_MANDATORY, it means the LE Secure Connections will be used.

The LE Legacy pairing is based on AES-CCM encryption and the LE Secure Connections is based on FIPS-approved algorithms (AES-CMAC and P-256 elliptic curve).

Best Regards

View solution in original post

Remy ISSALYS · ‎2023-07-27