Skip to content

BLE: improved pairing security #4240

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Sep 24, 2025
Merged

BLE: improved pairing security #4240

merged 7 commits into from
Sep 24, 2025

Conversation

hedger
Copy link
Member

@hedger hedger commented Jun 1, 2025
edited
Loading

What's new

  • ble: use unique root security keys for new pairings after pairing reset;
  • ble: added migrations for existing pairing data;
  • unit_tests: added migration tests

NB: Pairing information is upgraded to new format with this PR, it's not backwards compatible! Downgrading will lead to reset of BLE pairings.

Kudos to daw10 on Discord for providing report on potential security issues with old key usage model

Verification

  • Upgrade to this branch, pairings from apps & main system should still work
  • Check that keys file format is upgraded
  • Reset pairing multiple times and validate that root keys stored at the start of pairing file are unique

Checklist (For Reviewer)

  • PR has description of feature/bug or link to Confluence/Jira task
  • Description contains actions to verify feature/bugfix
  • I've built this code, uploaded it to the device and verified feature/bugfix

@hedger
ble: use unique root security keys for new pairings after pairing res…
a001bd9 
…et; added migrations for existing pairing data; unit_tests: added migration tests
@github-actions GitHub Actions
Copy link

github-actions bot commented Jun 1, 2025
edited
Loading

Compiled f7 firmware for commit 6b02ca4f:

@hedger hedger added New Feature Contains an IMPLEMENTATION of a new feature Bluetooth labels Jun 1, 2025
@hedger hedger marked this pull request as ready for review June 1, 2025 15:11
@github-actions GitHub Actions

This comment was marked as outdated.

Sign in to view
@hedger hedger merged commit 0d5beed into dev Sep 24, 2025
11 checks passed
@hedger hedger deleted the hedger/ble_keys_migration branch September 24, 2025 18:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gsurkov gsurkov gsurkov approved these changes

@DrZlo13 DrZlo13 Awaiting requested review from DrZlo13 DrZlo13 is a code owner

@nminaylov nminaylov Awaiting requested review from nminaylov nminaylov is a code owner

@gornekich gornekich Awaiting requested review from gornekich gornekich is a code owner

@Skorpionm Skorpionm Awaiting requested review from Skorpionm Skorpionm is a code owner

Assignees
No one assigned
Labels
Bluetooth New Feature Contains an IMPLEMENTATION of a new feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hedger @gsurkov