A common problem with Bluetooth devices is that they often have no user interface, other than the Bluetooth connection, but still need to support authentication. This article presents one method for accomplishing this.
The Bluetooth specification determines the pairing mechanism based on the reported I/O capabilities of the two devices. When one of the devices has no I/O capabilities at all then the selected method is JustWorks pairing. This ensures an encrypted connection but does not allow for any authentication and allows any Bluetooth device in range request pairing or bonding. The simplest way around this problem is to only allow bonding for a short period of time after power-up. This provides a little extra protection since the exposure is limited to the time that the device is bondable. However, this doesn’t prevent a rogue device from connecting. A better method is to use a fixed passkey that is made unique. Bluetooth allows for a 6 digit passkey. Since each device has a unique address, the Bluetooth address, it is possible to create a passcode based on this address. However, the number of device addresses is much larger than the number of passkey combinations so the passkey generated will not be truly unique.
The pairing method can be forced to passkey entry by configuring the peripheral as “display only”. The passkey will have to be shared with the user by some medium such as a printed hardcopy.
The first step in this setup is to get the device’s unique address with the following call
public_address = gecko_cmd_system_get_bt_address()->address;
The next step is to make a 32 bit integer from this 6 byte array. The easiest way to do this is to simply add the bytes together but if you experiment with a few addresses you’ll see that there is not much variation in the generated passkeys. In order to increase the variation in the keys, each byte is shifted by 8 bits before being added. Once the passkey has been created as follows
passkey = makePasskeyFromAddress(public_address);
it can be set as the system passkey with the following call
To ensure that the pairing method chosen is the passkey method. This allows the master, such as a mobile phone or tablet, to enter a passkey. This is done with the following call
The flags chosen in the first parameter require MITM protection, require bonding for encryption and require LE secure connections.
Now make the device bondable as shown
For simplicity, the attached example code requests any connection to be secured by calling gecko_cmd_sm_increase_security(). Normally this is done by giving at least one of the characteristics a property that requires security, such as authenticated_read/authenticated_write.
To build this application,
The easiest way to send printf() output over UART is by adding the retargetserial driver as follows
The method shown here is fairly simple, it is recommended that you develop your own algorithm for generating a passkey from the device address.
If i set that passkey its asking for PIN, what pin should i enter to get connection.