From 69d415c9ce5515017d842a0dc6e7f8e2dad3b2f1 Mon Sep 17 00:00:00 2001
From: Lyle Zhu <lyle.zhu@nxp.com>
Date: Thu, 6 Jun 2024 18:00:27 +0800
Subject: [PATCH] Bluetooth: SSP: Improve BR SC only mode

Actively disconnect the connection with error code `BT_HCI_ERR_AUTH_FAIL`
when the notified link key type is not `BT_LK_AUTH_COMBINATION_P256` in
BR SC only mode.

Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
---
 subsys/bluetooth/host/classic/ssp.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/subsys/bluetooth/host/classic/ssp.c b/subsys/bluetooth/host/classic/ssp.c
index 022be6967d7..9ccf22d3632 100644
--- a/subsys/bluetooth/host/classic/ssp.c
+++ b/subsys/bluetooth/host/classic/ssp.c
@@ -447,6 +447,23 @@ void bt_hci_link_key_notify(struct net_buf *buf)
 
 	LOG_DBG("%s, link type 0x%02x", bt_addr_str(&evt->bdaddr), evt->key_type);
 
+	if (IS_ENABLED(CONFIG_BT_SMP_SC_ONLY) && (evt->key_type != BT_LK_AUTH_COMBINATION_P256)) {
+		/*
+		 * When in Secure Connections Only mode, all services
+		 * (except those allowed to have Security Mode 4, Level 0)
+		 * available on the BR/EDR physical transport require Security
+		 * Mode 4, Level 4.
+		 * Link key type should be P-256 based Secure Simple Pairing
+		 * and Secure Authentication.
+		 */
+		LOG_WRN("For SC only mode, link key type should be %d",
+			BT_LK_AUTH_COMBINATION_P256);
+		ssp_pairing_complete(conn, bt_security_err_get(BT_HCI_ERR_AUTH_FAIL));
+		bt_conn_disconnect(conn, BT_HCI_ERR_AUTH_FAIL);
+		bt_conn_unref(conn);
+		return;
+	}
+
 	if (!conn->br.link_key) {
 		conn->br.link_key = bt_keys_get_link_key(&evt->bdaddr);
 	}