search

bluekitchen / btstack

Dual-mode Bluetooth stack, with small memory footprint.
http://bluekitchen-gmbh.com
Other
1.72k stars 610 forks source link

Disabling the encryption of the BTStack #481

Closed SinaKarvandi closed 1 year ago

SinaKarvandi commented 1 year ago

Hi, I have a question from BTStack that you might know. Currently, I'm working on an academic project that aims to accelerate BLE encryption by employing hardware designs.

I successfully deployed BTStack on a Raspberry Pi B, and it works perfectly.

During the past few days, I have been reading codes related to the BTStack and I want to find the routines that are related to the encryption and perform some profiling tasks (measuring the clocks the processor spends on running encryption functions) while the encryption is ON and OFF. (I am testing hid_keyboard_demo).

At first, I thought that by removing sm_init(); from the hid_keyboard_demo, I could disable the encryption. But, when I saw the actual Bluetooth packet in Wireshark, it seems the encryption is still enabled, please see the picture:

image

After that, I tried to manipulate functions in btstack_crypto.c. The only function that is called during my tests was btstack_crypto_event_handler(). I check this function, put several printfs for debugging it and I concluded that this function won't do any kind of encryption as none of the functions relating to encryption is called.

Now, my question is, how can I disable the encryption of the BTStack to perform my profiling tests? Is it even encrypted by default? Are there any configs or macro definitions to disable it? Is the encryption performed here in BTStack? or the HCI is responsible for encrypting it?

Thanks in advance.

mringwal commented 1 year ago

Hi Sina

To protect data from eaves dropping or modification over the air, data is encrypted and authenticated by the Bluetooth Link layer for both BR/EDR as well as LE connections. Due to timing constraints, this is fully handled by the Controller itself, the stack is only involved in the initial pairing for LE and storing/management of link keys (BR/EDR/LE).

If you want to try an external encryption, you could try to add encryption to our experimental link layer in port/nrf5-cinnamon or to a full-features link layer like the one provided as part of the Zephyr project e.g. for nRF5x SoCs. nRF5x SoCs have a hardware AES-CCM. If you can use your design, you would have a valid benchmark in the existing nRF AES-CCM peripheral.

Please post general question on the mailing list as this is neither a "bug report" nor a "feature request".

Cheers Matthias