Bluetooth: Host: Add CONFIG_BT_BONDING_REQUIRED flag

Added configuration for accepting pairing requests only if both devices
has bonding flag set in order to reject other devices at an early stage,
thus leaving more chance for devices expected to bond.

With the CONFIG_BT_BONDING_REQUIRED flag the device only accept pairing
requests if it has CONFIG_BT_BONMDABLE set and the device requesting
pairing has Bonding_Flags field set to Bonding (0x01) in its AuthReq.
Note: When using bt_set_bondable(false) pairing requests will be
rejected when CONFIG_BT_BONDING_REQUIRED is set.

Signed-off-by: Martin Rieva <mrrv@demant.com>
This commit is contained in:
Martin Rieva 2019-11-26 13:30:39 +01:00 committed by Johan Hedberg
commit bf361aa66c
2 changed files with 20 additions and 0 deletions

View file

@ -348,6 +348,14 @@ config BT_BONDABLE
Bonding flag in AuthReq of SMP Pairing Request/Response will be set
indicating the support for this mode.
config BT_BONDING_REQUIRED
bool "Always require bonding"
depends on BT_BONDABLE
help
When this option is enabled remote devices are required to always
set the bondable flag in their pairing request. Any other kind of
requests will be rejected.
config BT_STORE_DEBUG_KEYS
bool "Store Debug Mode bonds"
help

View file

@ -2774,6 +2774,9 @@ static u8_t smp_pairing_req(struct bt_smp *smp, struct net_buf *buf)
if ((rsp->auth_req & BT_SMP_AUTH_BONDING) &&
(req->auth_req & BT_SMP_AUTH_BONDING)) {
atomic_set_bit(smp->flags, SMP_FLAG_BOND);
} else if (IS_ENABLED(CONFIG_BT_BONDING_REQUIRED)) {
/* Reject pairing req if not both intend to bond */
return BT_SMP_ERR_UNSPECIFIED;
}
atomic_set_bit(smp->flags, SMP_FLAG_PAIRING);
@ -2955,6 +2958,9 @@ static u8_t smp_pairing_rsp(struct bt_smp *smp, struct net_buf *buf)
if ((rsp->auth_req & BT_SMP_AUTH_BONDING) &&
(req->auth_req & BT_SMP_AUTH_BONDING)) {
atomic_set_bit(smp->flags, SMP_FLAG_BOND);
} else if (IS_ENABLED(CONFIG_BT_BONDING_REQUIRED)) {
/* Reject pairing req if not both intend to bond */
return BT_SMP_ERR_UNSPECIFIED;
}
smp->method = get_pair_method(smp, rsp->io_capability);
@ -3686,6 +3692,12 @@ static u8_t smp_security_request(struct bt_smp *smp, struct net_buf *buf)
auth = req->auth_req & BT_SMP_AUTH_MASK;
}
if (IS_ENABLED(CONFIG_BT_BONDING_REQUIRED) &&
!(bondable && (auth & BT_SMP_AUTH_BONDING))) {
/* Reject security req if not both intend to bond */
return BT_SMP_ERR_UNSPECIFIED;
}
if (conn->le.keys) {
/* Make sure we have an LTK to encrypt with */
if (!(conn->le.keys->keys & (BT_KEYS_LTK_P256 | BT_KEYS_LTK))) {