Hi there,
I am adding security to my service characteristic and i found that for security mode 1 level 4, bonding is required in order to access characteristic values. Is it the same case for level1- level3, can i separate characteristic and bonding? eg. add different security level to characteristic and bonding and bond two devices only when i want to? I am using nRF52832 and SDK14.00.
Yes, you are partially correct, Security level 4 requires the link to be encrypted(i.e pairing must be performed) and that MITM protection was used. Bondinng is an optional step after pairing, i.e. storing the encryption key agreed upon during the pairing process in internal memory so that the link can be re-encrypted at a later stage without going through the pairing phase first. I have attached a table below showing the different security levels available in BLE. Security level 2 and above require encryption, i.e. pairing.
You can set the security level of each characteristic individually, so if you have a service with two characteristics then one can be set to security level 1 and the other to security level 4.
We have macros in the SDK that can be used to set the security level of an Attribute( i.e. characteristics and descriptors).
Here is an example where the BLE_GAP_CONN_SEC_MODE_SET_OPEN macro is used to set the read permission on a CCCD
static uint32_t heart_rate_measurement_char_add(ble_hrs_t * p_hrs,
const ble_hrs_init_t * p_hrs_init)
{
ble_gatts_char_md_t char_md;
ble_gatts_attr_md_t cccd_md;
ble_gatts_attr_t attr_char_value;
ble_uuid_t ble_uuid;
ble_gatts_attr_md_t attr_md;
uint8_t encoded_initial_hrm[MAX_HRM_LEN];
memset(&cccd_md, 0, sizeof(cccd_md));
BLE_GAP_CONN_SEC_MODE_SET_OPEN(&cccd_md.read_perm);
cccd_md.write_perm = p_hrs_init->hrs_hrm_attr_md.cccd_write_perm;
cccd_md.vloc = BLE_GATTS_VLOC_STACK;
.
.
.
}