Pairing without entering the PIN

Question

H, I have a problem, that I can connect to my BT device without entering the PIN upon first paring. The device is based on nRF52832 and I followed peripheral_sc_only sample, which I found sets the correct security level for required pairing. I am using: Zephyr OS build v2.4.0-ncs1 
 Here is also my prj.conf (there are also other settings, but I believe those are important for mandatory pairing): # Enable settings 
CONFIG_BT_SETTINGS=y 
CONFIG_FLASH=y 
CONFIG_FLASH_PAGE_LAYOUT=y 
CONFIG_FLASH_MAP=y 
CONFIG_NVS=y 
CONFIG_SETTINGS=y 
# Enable explicit pairing 
CONFIG_BT_SMP=y 
CONFIG_BT_SMP_SC_ONLY=y 
CONFIG_BT_TINYCRYPT_ECC=y 
CONFIG_BT_FIXED_PASSKEY=y 
#CONFIG_BT_SMP_ENFORCE_MITM=y 
CONFIG_BT_BONDING_REQUIRED=y 
 When I use nRF Connect on my phone, I can see the device on the Scan tab and if I click connect, the dialog for pairing appears, but also the services discovered. If I click Cancel and quickly on one of the services discovered, I can then click on all of them and can send data to my device. Is there any other option I need to turn on, so I can make paring "really" mandatory? Thanks, Matej

Susheel Nuguru · Accepted Answer

Matej, 
 I have missed to see this basic point about service declaration A service declaration is an Attribute with the Attribute Type set to the UUID for
&#171;Primary Service&#187; or &#171;Secondary Service&#187;. The Attribute Value shall be the
16-bit Bluetooth UUID or 128-bit UUID for the service, known as the service
UUID. A client shall support the use of both 16-bit and 128-bit UUIDs. A client
may ignore any service definition with an unknown service UUID. An unknown
service UUID is a UUID for an unsupported service. The Attribute Permissions
shall be read-only and shall not require authentication or authorization.
 The service will always have read permission only and the IOS can discover them even before encryption. It is the central/phone that initiates the service discovery and your product being a slave cannot control this. It need to respond to the service discovery by showing the services but not the contents of it. 
 I have changed the declaration of the attributes so that the values can be read only after encryption. 
 /* UART Service Declaration */
BT_GATT_SERVICE_DEFINE(nus_svc,
BT_GATT_PRIMARY_SERVICE(BT_UUID_NUS_SERVICE),
	BT_GATT_CHARACTERISTIC(BT_UUID_NUS_TX,
 BT_GATT_CHRC_NOTIFY,
 BT_GATT_PERM_READ_ENCRYPT,
 NULL, NULL, NULL),
	BT_GATT_CCC(NULL, BT_GATT_PERM_READ_ENCRYPT | BT_GATT_PERM_READ_AUTHEN | BT_GATT_PERM_WRITE_AUTHEN),
	BT_GATT_CHARACTERISTIC(BT_UUID_NUS_RX,
 BT_GATT_CHRC_WRITE |
 BT_GATT_CHRC_WRITE_WITHOUT_RESP,
 BT_GATT_PERM_READ_ENCRYPT | BT_GATT_PERM_WRITE_ENCRYPT,
 NULL, on_receive, NULL),
); 
 Also if the connection fails, disconnect as below in ae_bt_conn.c 
 static void pairing_failed(struct bt_conn *conn, enum bt_security_err reason)
{
 char addr[BT_ADDR_LE_STR_LEN];

 bt_addr_le_to_str(bt_conn_get_dst(conn), addr, sizeof(addr));

 LOG_INF("Pairing failed and hence disconnecting conn: %s, reason %d", log_strdup(addr),
 reason);
 
 bt_conn_disconnect(conn, BT_HCI_ERR_AUTH_FAIL);
}

Pairing without entering the PIN

Top Replies