From 81a4dbcf8f98bdb8703cd7c0dfd6b408633a66d4 Mon Sep 17 00:00:00 2001 From: Szymon Janc Date: Thu, 25 Jun 2015 11:08:57 +0200 Subject: [PATCH] Bluetooth: Allow to set required security for connection This adds bt_conn_security function that can be used to elevate security on connection. If device is not paired it will trigger pairing first. For now only JustWorks pairing is supported so full security level tracking is not needed as only medium level is supported. Change-Id: I6d344f55286a79bd989bd18f852a6859dc8ea96a Signed-off-by: Szymon Janc --- include/bluetooth/conn.h | 11 +++++++++++ net/bluetooth/conn.c | 27 +++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) diff --git a/include/bluetooth/conn.h b/include/bluetooth/conn.h index 17045479620..96226d4d367 100644 --- a/include/bluetooth/conn.h +++ b/include/bluetooth/conn.h @@ -93,4 +93,15 @@ struct bt_conn_cb { */ void bt_conn_cb_register(struct bt_conn_cb *cb); + +typedef enum { + BT_CONN_SEC_NONE, + BT_CONN_SEC_LOW, + BT_CONN_SEC_MEDIUM, + BT_CONN_SEC_HIGH, + BT_CONN_SEC_FIPS, +} bt_conn_security_t; + +int bt_conn_security(struct bt_conn *conn, bt_conn_security_t sec); + #endif /* __BT_CONN_H */ diff --git a/net/bluetooth/conn.c b/net/bluetooth/conn.c index d0573d0bbbd..1421afed6a9 100644 --- a/net/bluetooth/conn.c +++ b/net/bluetooth/conn.c @@ -46,6 +46,8 @@ #include "hci_core.h" #include "conn_internal.h" #include "l2cap.h" +#include "keys.h" +#include "smp.h" #if !defined(CONFIG_BLUETOOTH_DEBUG_CONN) #undef BT_DBG @@ -383,3 +385,28 @@ const bt_addr_le_t *bt_conn_get_dst(const struct bt_conn *conn) { return &conn->dst; } + +int bt_conn_security(struct bt_conn *conn, bt_conn_security_t sec) +{ + if (conn->state != BT_CONN_CONNECTED) { + return -ENOTCONN; + } + + /* for now we only support JustWorks */ + if (sec > BT_CONN_SEC_MEDIUM) { + return -EINVAL; + } + + if (conn->role == BT_HCI_ROLE_SLAVE) { + /* TODO Add Security Request support */ + return -ENOTSUP; + } + + if (conn->encrypt) { + return 0; + } + + /* TODO check for master LTK */ + + return smp_send_pairing_req(conn); +}