Re: Using a predefined passkey on a BLE peripheral device with no input/output


Johan Hedberg
 

Hi Jun,

We don't have such a feature currently (no one has asked for it until
now). Do I understand right that you want to have a per-device static
random passkey that's e.g. on a sticker on the device, in the packaging
or the manual, and the user then needs to read that and enter it into
the other device that's initiating the pairing?

I would do this as a runtime API instead of Kconfig since some devices
may need to dig out the value from a special flash location or factory
register.

By calling the new (yet to be defined) API it would essentially force
our IO Capability to DisplayOnly, however instead of using the
passkey_display callback from struct bt_conn_auth_cb we would use the
value given by the app using the new API? I suppose we should also
reject pairings from any remote device which doesn't have sufficient IO
capabilities to perform passkey entry (say, they have DisplayOnly or
NoInputNoOutput), right? Are there any special considerations with
legacy pairing vs secure connections that should be taken into account?

Could you open a github issue for this, so we can document the exact
requirement, and get it implemented in time for Zephyr 1.13?

Johan

On Tue, Jun 12, 2018, Li, Jun R wrote:
Hi Johan,
Is that a way to pre-set the static passkey by like a Kconfig item? Six zeros are not good as a passkey.

Regards,
Jun


On 6/12/18, 01:21, "Johan Hedberg" <johan.hedberg@...> wrote:

Hi Jun,

On Mon, Jun 11, 2018, Li, Jun R wrote:
> I have a NRF51 BLE device which doesn’t have either a display or a
> keyboard, and would like to use a static passkey to secure the
> connection establishment. Is it possible to use a static pre-defined
> passkey in Zephyr’s BLE stack and how is the static passkey defined?

The normal way to configure pairing on a device which lacks both output
and input capabilities is to set NoInputNoOutput as the IO capability in
the Security Manager Protocol. This will then cause an all-zeroes
"pre-defined" passkey to be used for pairing. The simplest way to do
this is by not registering a "struct bt_conn_auth_cb" using the
bt_conn_auth_cb_register() API, i.e. remove that call from your app if
you have it there.

Johan

Join devel@lists.zephyrproject.org to automatically receive all group messages.