Bluetooth: Host: Add option to force pairing in bt_conn_security

Add option to force the host to initiate pairing procedure even if the
host has encryption keys for the peer.
This option can be used to pair with a bonded peer that has deleted its
bonding information without deleting the keys. If new pairing results
in weaker keys the pairing will be aborted.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
This commit is contained in:
Joakim Andersson 2019-08-21 10:51:14 +02:00 committed by Carles Cufí
commit 128cf42d8a
4 changed files with 12 additions and 1 deletions

View file

@ -288,6 +288,10 @@ typedef enum __packed {
BT_SECURITY_HIGH,
/** Authenticated Secure Connections */
BT_SECURITY_FIPS,
/** Bit to force new pairing procedure, bit-wise OR with requested
* security level.
*/
BT_SECURITY_FORCE_PAIR = BIT(7),
} bt_security_t;
/** @brief Set security level for a connection.

View file

@ -1058,7 +1058,9 @@ int bt_conn_security(struct bt_conn *conn, bt_security_t sec)
return 0;
}
conn->required_sec_level = sec;
atomic_set_bit_to(conn->flags, BT_CONN_FORCE_PAIR,
sec & BT_SECURITY_FORCE_PAIR);
conn->required_sec_level = sec & ~BT_SECURITY_FORCE_PAIR;
err = start_security(conn);

View file

@ -29,6 +29,7 @@ enum {
BT_CONN_SLAVE_PARAM_UPDATE, /* If slave param update timer fired */
BT_CONN_SLAVE_PARAM_SET, /* If slave param were set from app */
BT_CONN_SLAVE_PARAM_L2CAP, /* If should force L2CAP for CPUP */
BT_CONN_FORCE_PAIR, /* Pairing even with existing keys. */
/* Total number of flags - must be at the end of the enum */
BT_CONN_NUM_FLAGS,

View file

@ -4911,6 +4911,10 @@ bool bt_smp_get_tk(struct bt_conn *conn, u8_t *tk)
bool bt_smp_keys_check(struct bt_conn *conn)
{
if (atomic_test_bit(conn->flags, BT_CONN_FORCE_PAIR)) {
return false;
}
if (!conn->le.keys) {
conn->le.keys = bt_keys_find(BT_KEYS_LTK_P256,
conn->id, &conn->le.dst);