apps: Remove pair when security change fails

This allows us to re-pair on the next connection, which is necessary
if, e.g., the peer has lost their bonding information.

Additionally, do not initiate the Pouch sync until after confirming
the security level was successfully changed.

Signed-off-by: Sam Friedman <[email protected]>

Author: sam-golioth

gateway/prj.conf

@@ -55,6 +55,7 @@ CONFIG_PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY=y
 
 # Bluetooth secure connections
 CONFIG_BT_SMP=y
+CONFIG_BT_SECURITY_ERR_TO_STR=y
 CONFIG_MBEDTLS_ECP_C=y
 # This option is implied by BT_SMP and breaks secp384r1 support
 CONFIG_MBEDTLS_PSA_P256M_DRIVER_ENABLED=n

gateway/src/main.c

@@ -168,8 +168,6 @@ static void bt_connected(struct bt_conn *conn, uint8_t err)
         bt_conn_disconnect(conn, BT_HCI_ERR_REMOTE_USER_TERM_CONN);
         return;
     }
-
-    pouch_gateway_bt_start(conn);
 }
 
 static void bt_disconnected(struct bt_conn *conn, uint8_t reason)
@@ -188,7 +186,25 @@ static void bt_disconnected(struct bt_conn *conn, uint8_t reason)
 
 static void security_changed(struct bt_conn *conn, bt_security_t level, enum bt_security_err err)
 {
-    LOG_INF("BT security changed to level %u, err %s(%u)", level, bt_security_err_to_str(err), err);
+    if (err)
+    {
+        LOG_ERR("BT security change failed. Current level: %d, err: %s(%u)",
+                level,
+                bt_security_err_to_str(err),
+                err);
+
+        struct bt_conn_info info;
+        bt_conn_get_info(conn, &info);
+
+        bt_unpair(info.id, info.le.dst);
+        bt_conn_disconnect(conn, BT_HCI_ERR_INSUFFICIENT_SECURITY);
+    }
+    else
+    {
+        LOG_INF("BT security changed to level %u", level);
+
+        pouch_gateway_bt_start(conn);
+    }
 }
 
 BT_CONN_CB_DEFINE(conn_callbacks) = {

samples/custom_connect/prj.conf

@@ -55,6 +55,7 @@ CONFIG_PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY=y
 
 # Bluetooth secure connections
 CONFIG_BT_SMP=y
+CONFIG_BT_SECURITY_ERR_TO_STR=y
 CONFIG_MBEDTLS_ECP_C=y
 # This option is implied by BT_SMP and breaks secp384r1 support
 CONFIG_MBEDTLS_PSA_P256M_DRIVER_ENABLED=n

samples/custom_connect/src/main.c

@@ -140,11 +140,6 @@ static void bt_connected(struct bt_conn *conn, uint8_t err)
         bt_conn_disconnect(conn, BT_HCI_ERR_REMOTE_USER_TERM_CONN);
         return;
     }
-
-    sync_data.conn = conn;
-    sync_data.counter = 0;
-
-    k_work_schedule(&sync_data.work, K_NO_WAIT);
 }
 
 static void bt_disconnected(struct bt_conn *conn, uint8_t reason)
@@ -163,7 +158,28 @@ static void bt_disconnected(struct bt_conn *conn, uint8_t reason)
 
 static void security_changed(struct bt_conn *conn, bt_security_t level, enum bt_security_err err)
 {
-    LOG_INF("BT security changed to level %u, err %s(%u)", level, bt_security_err_to_str(err), err);
+    if (err)
+    {
+        LOG_ERR("BT security change failed. Current level: %d, err: %s(%u)",
+                level,
+                bt_security_err_to_str(err),
+                err);
+
+        struct bt_conn_info info;
+        bt_conn_get_info(conn, &info);
+
+        bt_unpair(info.id, info.le.dst);
+        bt_conn_disconnect(conn, BT_HCI_ERR_INSUFFICIENT_SECURITY);
+    }
+    else
+    {
+        LOG_INF("BT security changed to level %u", level);
+
+        sync_data.conn = conn;
+        sync_data.counter = 0;
+
+        k_work_schedule(&sync_data.work, K_NO_WAIT);
+    }
 }
 
 BT_CONN_CB_DEFINE(conn_callbacks) = {