From 128cf42d8a029f73b6f6c0bf35a032ab060412ee Mon Sep 17 00:00:00 2001 From: Joakim Andersson Date: Wed, 21 Aug 2019 10:51:14 +0200 Subject: [PATCH] Bluetooth: Host: Add option to force pairing in bt_conn_security Add option to force the host to initiate pairing procedure even if the host has encryption keys for the peer. This option can be used to pair with a bonded peer that has deleted its bonding information without deleting the keys. If new pairing results in weaker keys the pairing will be aborted. Signed-off-by: Joakim Andersson --- include/bluetooth/conn.h | 4 ++++ subsys/bluetooth/host/conn.c | 4 +++- subsys/bluetooth/host/conn_internal.h | 1 + subsys/bluetooth/host/smp.c | 4 ++++ 4 files changed, 12 insertions(+), 1 deletion(-) diff --git a/include/bluetooth/conn.h b/include/bluetooth/conn.h index d2585d33d19..265f3c05fec 100644 --- a/include/bluetooth/conn.h +++ b/include/bluetooth/conn.h @@ -288,6 +288,10 @@ typedef enum __packed { BT_SECURITY_HIGH, /** Authenticated Secure Connections */ BT_SECURITY_FIPS, + /** Bit to force new pairing procedure, bit-wise OR with requested + * security level. + */ + BT_SECURITY_FORCE_PAIR = BIT(7), } bt_security_t; /** @brief Set security level for a connection. diff --git a/subsys/bluetooth/host/conn.c b/subsys/bluetooth/host/conn.c index 9f60ef296c9..012fbe3333a 100644 --- a/subsys/bluetooth/host/conn.c +++ b/subsys/bluetooth/host/conn.c @@ -1058,7 +1058,9 @@ int bt_conn_security(struct bt_conn *conn, bt_security_t sec) return 0; } - conn->required_sec_level = sec; + atomic_set_bit_to(conn->flags, BT_CONN_FORCE_PAIR, + sec & BT_SECURITY_FORCE_PAIR); + conn->required_sec_level = sec & ~BT_SECURITY_FORCE_PAIR; err = start_security(conn); diff --git a/subsys/bluetooth/host/conn_internal.h b/subsys/bluetooth/host/conn_internal.h index 30911e343a0..8ec66f09698 100644 --- a/subsys/bluetooth/host/conn_internal.h +++ b/subsys/bluetooth/host/conn_internal.h @@ -29,6 +29,7 @@ enum { BT_CONN_SLAVE_PARAM_UPDATE, /* If slave param update timer fired */ BT_CONN_SLAVE_PARAM_SET, /* If slave param were set from app */ BT_CONN_SLAVE_PARAM_L2CAP, /* If should force L2CAP for CPUP */ + BT_CONN_FORCE_PAIR, /* Pairing even with existing keys. */ /* Total number of flags - must be at the end of the enum */ BT_CONN_NUM_FLAGS, diff --git a/subsys/bluetooth/host/smp.c b/subsys/bluetooth/host/smp.c index d83953fe5d1..2cead81d5fc 100644 --- a/subsys/bluetooth/host/smp.c +++ b/subsys/bluetooth/host/smp.c @@ -4911,6 +4911,10 @@ bool bt_smp_get_tk(struct bt_conn *conn, u8_t *tk) bool bt_smp_keys_check(struct bt_conn *conn) { + if (atomic_test_bit(conn->flags, BT_CONN_FORCE_PAIR)) { + return false; + } + if (!conn->le.keys) { conn->le.keys = bt_keys_find(BT_KEYS_LTK_P256, conn->id, &conn->le.dst);