Bluetooth: Host: Add option to force pairing in bt_conn_security

Add option to force the host to initiate pairing procedure even if the
host has encryption keys for the peer.
This option can be used to pair with a bonded peer that has deleted its
bonding information without deleting the keys. If new pairing results
in weaker keys the pairing will be aborted.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>

include/bluetooth/conn.h

@@ -288,6 +288,10 @@ typedef enum __packed {
 	BT_SECURITY_HIGH,
 	/** Authenticated Secure Connections */
 	BT_SECURITY_FIPS,
+	/** Bit to force new pairing procedure, bit-wise OR with requested
+	 *  security level.
+	 */
+	BT_SECURITY_FORCE_PAIR = BIT(7),
 } bt_security_t;
 
 /** @brief Set security level for a connection.

subsys/bluetooth/host/conn.c

@@ -1058,7 +1058,9 @@ int bt_conn_security(struct bt_conn *conn, bt_security_t sec)
 		return 0;
 	}
 
-	conn->required_sec_level = sec;
+	atomic_set_bit_to(conn->flags, BT_CONN_FORCE_PAIR,
+			  sec & BT_SECURITY_FORCE_PAIR);
+	conn->required_sec_level = sec & ~BT_SECURITY_FORCE_PAIR;
 
 	err = start_security(conn);
 

subsys/bluetooth/host/conn_internal.h

@@ -29,6 +29,7 @@ enum {
 	BT_CONN_SLAVE_PARAM_UPDATE,	/* If slave param update timer fired */
 	BT_CONN_SLAVE_PARAM_SET,	/* If slave param were set from app */
 	BT_CONN_SLAVE_PARAM_L2CAP,	/* If should force L2CAP for CPUP */
+	BT_CONN_FORCE_PAIR,             /* Pairing even with existing keys. */
 
 	/* Total number of flags - must be at the end of the enum */
 	BT_CONN_NUM_FLAGS,

subsys/bluetooth/host/smp.c

@@ -4911,6 +4911,10 @@ bool bt_smp_get_tk(struct bt_conn *conn, u8_t *tk)
 
 bool bt_smp_keys_check(struct bt_conn *conn)
 {
+	if (atomic_test_bit(conn->flags, BT_CONN_FORCE_PAIR)) {
+		return false;
+	}
+
 	if (!conn->le.keys) {
 		conn->le.keys = bt_keys_find(BT_KEYS_LTK_P256,
 						     conn->id, &conn->le.dst);