diff --git a/include/bluetooth/conn.h b/include/bluetooth/conn.h index d2585d33d19..265f3c05fec 100644 --- a/include/bluetooth/conn.h +++ b/include/bluetooth/conn.h @@ -288,6 +288,10 @@ typedef enum __packed { BT_SECURITY_HIGH, /** Authenticated Secure Connections */ BT_SECURITY_FIPS, + /** Bit to force new pairing procedure, bit-wise OR with requested + * security level. + */ + BT_SECURITY_FORCE_PAIR = BIT(7), } bt_security_t; /** @brief Set security level for a connection. diff --git a/subsys/bluetooth/host/conn.c b/subsys/bluetooth/host/conn.c index 9f60ef296c9..012fbe3333a 100644 --- a/subsys/bluetooth/host/conn.c +++ b/subsys/bluetooth/host/conn.c @@ -1058,7 +1058,9 @@ int bt_conn_security(struct bt_conn *conn, bt_security_t sec) return 0; } - conn->required_sec_level = sec; + atomic_set_bit_to(conn->flags, BT_CONN_FORCE_PAIR, + sec & BT_SECURITY_FORCE_PAIR); + conn->required_sec_level = sec & ~BT_SECURITY_FORCE_PAIR; err = start_security(conn); diff --git a/subsys/bluetooth/host/conn_internal.h b/subsys/bluetooth/host/conn_internal.h index 30911e343a0..8ec66f09698 100644 --- a/subsys/bluetooth/host/conn_internal.h +++ b/subsys/bluetooth/host/conn_internal.h @@ -29,6 +29,7 @@ enum { BT_CONN_SLAVE_PARAM_UPDATE, /* If slave param update timer fired */ BT_CONN_SLAVE_PARAM_SET, /* If slave param were set from app */ BT_CONN_SLAVE_PARAM_L2CAP, /* If should force L2CAP for CPUP */ + BT_CONN_FORCE_PAIR, /* Pairing even with existing keys. */ /* Total number of flags - must be at the end of the enum */ BT_CONN_NUM_FLAGS, diff --git a/subsys/bluetooth/host/smp.c b/subsys/bluetooth/host/smp.c index d83953fe5d1..2cead81d5fc 100644 --- a/subsys/bluetooth/host/smp.c +++ b/subsys/bluetooth/host/smp.c @@ -4911,6 +4911,10 @@ bool bt_smp_get_tk(struct bt_conn *conn, u8_t *tk) bool bt_smp_keys_check(struct bt_conn *conn) { + if (atomic_test_bit(conn->flags, BT_CONN_FORCE_PAIR)) { + return false; + } + if (!conn->le.keys) { conn->le.keys = bt_keys_find(BT_KEYS_LTK_P256, conn->id, &conn->le.dst);