Re: understanding of #BluetoothMesh OOB authentication procedure #bluetoothmesh
Vikrant More <vikrant8051@...>
toggle quoted messageShow quoted text
Many many thanks Johan, for your in detail explanation.
I don't want to use static public-private key pair for DEVICE & happy with current implementation.
It is inherently more secure since every time new pair get generated.
Now as per my understanding, it is only important to do authentication over OOB using randomly generated
(on every reset if DEVICE is in Unprovisioned state) 16-Bytes static-OOB.
If I have to go with output-OOB or input-OOB but it will increase cost of BoM since we have to add NFC or small LCD etc. etc.
(Note that all budget smartphone doesn't have NFC feature)
Second point is, I don't want to use Input-OOB & output-OOB.
By taking reference from your old reply, I have an idea to generate secret RANDOM 16-bytes static OOB using DEVICE MAC address
by executing some common vendor specific algorithm on both sides where nothing will get exchanged over OOB channel.
In case of nRF52840, we get DEVICE's MAC address by accessing oob.addr.a.val.
But as per this link, https://blog.bluetooth.com/provisioning-a-bluetooth-mesh-network-part-2#_ftn2
" Static OOB or No OOB
In cases where neither Input OOB or
Output OOB are possible,
the provisioner and unprovisioned device may
use either Static OOB authentication or No OOB authentication.
In this case, the provisioner and unprovisioned device each generate a random number and then proceed to the check confirmation value operation "
Now this is confusing, if I edit code as follow that means only static-OOB feature is working
static const struct bt_mesh_prov prov =
.static_val = static_oob, // <-- randomly generated after every reset
And as per that link, if random no. is different for DEVICE & Provisioner then how they will authenticate each other
( assuming OOB channel is not at all in existence) ?
Is OOB channel is mandatory to exchange those 2 static-OOB ?
In case of #meshctl, it ask only for DEVICE's (16-bytes ) static-OOB & nothing provide from own side for DEVICE.
Is OOB channel/tunnel approx. mandatory concept of #BluetoothMesh ?
Thank You !!
On Jan 17, 2018 2:15 PM, "Johan Hedberg" <johan.hedberg@...> wrote: