Bluetooth: host: Allow to disable legacy pairing.
Add option to disable legacy pairing and only use secure connection. If legacy pairing was requested pairing will be denied with status insufficient authenticated Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
This commit is contained in:
Joakim Andersson
Johan Hedberg
parent
51574c177f
commit
912cdc0b8e
4 changed files with 39 additions and 29 deletions
|
|
@ -284,8 +284,18 @@ config BT_SIGNING
|
|||
This option enables data signing which is used for transferring
|
||||
authenticated data in an unencrypted connection.
|
||||
|
||||
config BT_SMP_SC_PAIR_ONLY
|
||||
bool "Disable legacy pairing"
|
||||
help
|
||||
This option disables LE legacy pairing and forces LE secure connection
|
||||
pairing. All Security Mode 1 levels can be used with legacy pairing
|
||||
disabled, but pairing with devices that do not support secure
|
||||
connections pairing will not be supported.
|
||||
To force a higher security level use "Secure Connections Only Mode"
|
||||
|
||||
config BT_SMP_SC_ONLY
|
||||
bool "Secure Connections Only Mode"
|
||||
select BT_SMP_SC_PAIR_ONLY
|
||||
help
|
||||
This option enables support for Secure Connection Only Mode. In this
|
||||
mode device shall only use Security Mode 1 Level 4 with exception
|
||||
|
|
|
|||
|
|
@ -2919,7 +2919,7 @@ static void le_ltk_request(struct net_buf *buf)
|
|||
goto done;
|
||||
}
|
||||
|
||||
#if !defined(CONFIG_BT_SMP_SC_ONLY)
|
||||
#if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
|
||||
if (conn->le.keys && (conn->le.keys->keys & BT_KEYS_SLAVE_LTK) &&
|
||||
!memcmp(conn->le.keys->slave_ltk.rand, &evt->rand, 8) &&
|
||||
!memcmp(conn->le.keys->slave_ltk.ediv, &evt->ediv, 2)) {
|
||||
|
|
@ -2944,7 +2944,7 @@ static void le_ltk_request(struct net_buf *buf)
|
|||
bt_hci_cmd_send(BT_HCI_OP_LE_LTK_REQ_REPLY, buf);
|
||||
goto done;
|
||||
}
|
||||
#endif /* !CONFIG_BT_SMP_SC_ONLY */
|
||||
#endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
|
||||
|
||||
le_ltk_neg_reply(evt->handle);
|
||||
|
||||
|
|
|
|||
|
|
@ -56,9 +56,9 @@ struct bt_keys {
|
|||
struct bt_csrk local_csrk;
|
||||
struct bt_csrk remote_csrk;
|
||||
#endif /* BT_SIGNING */
|
||||
#if !defined(CONFIG_BT_SMP_SC_ONLY)
|
||||
#if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
|
||||
struct bt_ltk slave_ltk;
|
||||
#endif /* CONFIG_BT_SMP_SC_ONLY */
|
||||
#endif /* CONFIG_BT_SMP_SC_PAIR_ONLY */
|
||||
};
|
||||
|
||||
#define BT_KEYS_STORAGE_LEN (sizeof(struct bt_keys) - \
|
||||
|
|
|
|||
|
|
@ -186,7 +186,7 @@ static unsigned int fixed_passkey = BT_PASSKEY_INVALID;
|
|||
fixed_passkey != BT_PASSKEY_INVALID && \
|
||||
(smp)->method == PASSKEY_DISPLAY)
|
||||
|
||||
#if !defined(CONFIG_BT_SMP_SC_ONLY)
|
||||
#if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
|
||||
/* based on table 2.8 Core Spec 2.3.5.1 Vol. 3 Part H */
|
||||
static const u8_t gen_method_legacy[5 /* remote */][5 /* local */] = {
|
||||
{ JUST_WORKS, JUST_WORKS, PASSKEY_INPUT, JUST_WORKS, PASSKEY_INPUT },
|
||||
|
|
@ -197,7 +197,7 @@ static const u8_t gen_method_legacy[5 /* remote */][5 /* local */] = {
|
|||
{ PASSKEY_DISPLAY, PASSKEY_DISPLAY, PASSKEY_INPUT, JUST_WORKS,
|
||||
PASSKEY_ROLE },
|
||||
};
|
||||
#endif /* CONFIG_BT_SMP_SC_ONLY */
|
||||
#endif /* CONFIG_BT_SMP_SC_PAIR_ONLY */
|
||||
|
||||
/* based on table 2.8 Core Spec 2.3.5.1 Vol. 3 Part H */
|
||||
static const u8_t gen_method_sc[5 /* remote */][5 /* local */] = {
|
||||
|
|
@ -542,7 +542,7 @@ static u8_t get_encryption_key_size(struct bt_smp *smp)
|
|||
}
|
||||
|
||||
#if defined(CONFIG_BT_PRIVACY) || defined(CONFIG_BT_SIGNING) || \
|
||||
!defined(CONFIG_BT_SMP_SC_ONLY)
|
||||
!defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
|
||||
/* For TX callbacks */
|
||||
static void smp_pairing_complete(struct bt_smp *smp, u8_t status);
|
||||
#if defined(CONFIG_BT_BREDR)
|
||||
|
|
@ -1607,7 +1607,7 @@ static u8_t smp_send_pairing_random(struct bt_smp *smp)
|
|||
return 0;
|
||||
}
|
||||
|
||||
#if !defined(CONFIG_BT_SMP_SC_ONLY)
|
||||
#if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
|
||||
static void xor_128(const u8_t p[16], const u8_t q[16], u8_t r[16])
|
||||
{
|
||||
size_t len = 16;
|
||||
|
|
@ -1658,7 +1658,7 @@ static int smp_c1(const u8_t k[16], const u8_t r[16],
|
|||
|
||||
return bt_encrypt_le(k, enc_data, enc_data);
|
||||
}
|
||||
#endif /* !CONFIG_BT_SMP_SC_ONLY */
|
||||
#endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
|
||||
|
||||
static u8_t smp_send_pairing_confirm(struct bt_smp *smp)
|
||||
{
|
||||
|
|
@ -1707,7 +1707,7 @@ static u8_t smp_send_pairing_confirm(struct bt_smp *smp)
|
|||
return 0;
|
||||
}
|
||||
|
||||
#if !defined(CONFIG_BT_SMP_SC_ONLY)
|
||||
#if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
|
||||
static void ident_sent(struct bt_conn *conn)
|
||||
{
|
||||
smp_check_complete(conn, BT_SMP_DIST_ENC_KEY);
|
||||
|
|
@ -1772,7 +1772,7 @@ static void legacy_distribute_keys(struct bt_smp *smp)
|
|||
}
|
||||
}
|
||||
}
|
||||
#endif /* !CONFIG_BT_SMP_SC_ONLY */
|
||||
#endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
|
||||
|
||||
static void bt_smp_distribute_keys(struct bt_smp *smp)
|
||||
{
|
||||
|
|
@ -1784,12 +1784,12 @@ static void bt_smp_distribute_keys(struct bt_smp *smp)
|
|||
return;
|
||||
}
|
||||
|
||||
#if !defined(CONFIG_BT_SMP_SC_ONLY)
|
||||
#if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
|
||||
/* Distribute legacy pairing specific keys */
|
||||
if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
|
||||
legacy_distribute_keys(smp);
|
||||
}
|
||||
#endif /* !CONFIG_BT_SMP_SC_ONLY */
|
||||
#endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
|
||||
|
||||
#if defined(CONFIG_BT_PRIVACY)
|
||||
if (smp->local_dist & BT_SMP_DIST_ID_KEY) {
|
||||
|
|
@ -1871,7 +1871,7 @@ static u8_t send_pairing_rsp(struct bt_smp *smp)
|
|||
}
|
||||
#endif /* CONFIG_BT_PERIPHERAL */
|
||||
|
||||
#if !defined(CONFIG_BT_SMP_SC_ONLY)
|
||||
#if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
|
||||
static int smp_s1(const u8_t k[16], const u8_t r1[16],
|
||||
const u8_t r2[16], u8_t out[16])
|
||||
{
|
||||
|
|
@ -2250,7 +2250,7 @@ static u8_t smp_master_ident(struct bt_smp *smp, struct net_buf *buf)
|
|||
{
|
||||
return BT_SMP_ERR_CMD_NOTSUPP;
|
||||
}
|
||||
#endif /* !CONFIG_BT_SMP_SC_ONLY */
|
||||
#endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
|
||||
|
||||
static int _smp_init(struct bt_smp *smp)
|
||||
{
|
||||
|
|
@ -2439,11 +2439,11 @@ static u8_t smp_pairing_req(struct bt_smp *smp, struct net_buf *buf)
|
|||
atomic_set_bit(smp->flags, SMP_FLAG_PAIRING);
|
||||
|
||||
if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
|
||||
#if defined(CONFIG_BT_SMP_SC_ONLY)
|
||||
#if defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
|
||||
return BT_SMP_ERR_AUTH_REQUIREMENTS;
|
||||
#else
|
||||
return legacy_pairing_req(smp, req->io_capability);
|
||||
#endif /* CONFIG_BT_SMP_SC_ONLY */
|
||||
#endif /* CONFIG_BT_SMP_SC_PAIR_ONLY */
|
||||
}
|
||||
|
||||
smp->method = get_pair_method(smp, req->io_capability);
|
||||
|
|
@ -2592,11 +2592,11 @@ static u8_t smp_pairing_rsp(struct bt_smp *smp, struct net_buf *buf)
|
|||
}
|
||||
|
||||
if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
|
||||
#if defined(CONFIG_BT_SMP_SC_ONLY)
|
||||
#if defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
|
||||
return BT_SMP_ERR_AUTH_REQUIREMENTS;
|
||||
#else
|
||||
return legacy_pairing_rsp(smp, rsp->io_capability);
|
||||
#endif /* CONFIG_BT_SMP_SC_ONLY */
|
||||
#endif /* CONFIG_BT_SMP_SC_PAIR_ONLY */
|
||||
}
|
||||
|
||||
smp->method = get_pair_method(smp, rsp->io_capability);
|
||||
|
|
@ -2651,11 +2651,11 @@ static u8_t smp_pairing_confirm(struct bt_smp *smp, struct net_buf *buf)
|
|||
return 0;
|
||||
}
|
||||
|
||||
#if !defined(CONFIG_BT_SMP_SC_ONLY)
|
||||
#if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
|
||||
if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
|
||||
return legacy_pairing_confirm(smp);
|
||||
}
|
||||
#endif /* !CONFIG_BT_SMP_SC_ONLY */
|
||||
#endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
|
||||
|
||||
switch (smp->method) {
|
||||
case PASSKEY_DISPLAY:
|
||||
|
|
@ -2900,11 +2900,11 @@ static u8_t smp_pairing_random(struct bt_smp *smp, struct net_buf *buf)
|
|||
|
||||
memcpy(smp->rrnd, req->val, sizeof(smp->rrnd));
|
||||
|
||||
#if !defined(CONFIG_BT_SMP_SC_ONLY)
|
||||
#if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
|
||||
if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
|
||||
return legacy_pairing_random(smp);
|
||||
}
|
||||
#endif /* !CONFIG_BT_SMP_SC_ONLY */
|
||||
#endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
|
||||
|
||||
#if defined(CONFIG_BT_CENTRAL)
|
||||
if (smp->chan.chan.conn->role == BT_HCI_ROLE_MASTER) {
|
||||
|
|
@ -4240,12 +4240,12 @@ int bt_smp_auth_passkey_entry(struct bt_conn *conn, unsigned int passkey)
|
|||
return -EINVAL;
|
||||
}
|
||||
|
||||
#if !defined(CONFIG_BT_SMP_SC_ONLY)
|
||||
#if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
|
||||
if (!atomic_test_bit(smp->flags, SMP_FLAG_SC)) {
|
||||
legacy_passkey_entry(smp, passkey);
|
||||
return 0;
|
||||
}
|
||||
#endif /* !CONFIG_BT_SMP_SC_ONLY */
|
||||
#endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
|
||||
|
||||
smp->passkey = sys_cpu_to_le32(passkey);
|
||||
|
||||
|
|
@ -4346,7 +4346,7 @@ int bt_smp_auth_cancel(struct bt_conn *conn)
|
|||
}
|
||||
}
|
||||
|
||||
#if !defined(CONFIG_BT_SMP_SC_ONLY)
|
||||
#if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
|
||||
int bt_smp_auth_pairing_confirm(struct bt_conn *conn)
|
||||
{
|
||||
struct bt_smp *smp;
|
||||
|
|
@ -4398,7 +4398,7 @@ int bt_smp_auth_pairing_confirm(struct bt_conn *conn)
|
|||
/* confirm_pairing will never be called in LE SC only mode */
|
||||
return -EINVAL;
|
||||
}
|
||||
#endif /* !CONFIG_BT_SMP_SC_ONLY */
|
||||
#endif /* !CONFIG_BT_SMP_SC_PAIR_ONLY */
|
||||
|
||||
#if defined(CONFIG_BT_FIXED_PASSKEY)
|
||||
int bt_passkey_set(unsigned int passkey)
|
||||
|
|
@ -4578,8 +4578,8 @@ int bt_smp_init(void)
|
|||
};
|
||||
|
||||
sc_supported = le_sc_supported();
|
||||
if (IS_ENABLED(CONFIG_BT_SMP_SC_ONLY) && !sc_supported) {
|
||||
BT_ERR("SC Only Mode selected but LE SC not supported");
|
||||
if (IS_ENABLED(CONFIG_BT_SMP_SC_PAIR_ONLY) && !sc_supported) {
|
||||
BT_ERR("SC Pair Only Mode selected but LE SC not supported");
|
||||
return -ENOENT;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue