main.conf: Add SecureConnections option

This introduces SecureConnections option to main.conf that can be used to
configure this on adapter initialization.

This is useful for:
- disable for adapters that have a problems with SecureConnections enabled
- if you want to disable CTKD (cross transport key derivation)
- add option to enable only SecureConnections

diff --git a/src/adapter.c b/src/adapter.c
index 29ee93b..9fff0b9 100644 (file)
--- a/src/adapter.c
+++ b/src/adapter.c
@@ -16552,7 +16552,8 @@ static void read_info_complete(uint8_t status, uint16_t length,
        }
 
        if (missing_settings & MGMT_SETTING_SECURE_CONN)
-               set_mode(adapter, MGMT_OP_SET_SECURE_CONN, 0x01);
+               set_mode(adapter, MGMT_OP_SET_SECURE_CONN,
+                                       btd_opts.secure_conn);
 
        if (adapter->supported_settings & MGMT_SETTING_PRIVACY)
                set_privacy(adapter, btd_opts.privacy);

diff --git a/src/btd.h b/src/btd.h
index d85a0af..ddebf1a 100755 (executable)
--- a/src/btd.h
+++ b/src/btd.h
@@ -36,6 +36,12 @@ enum mps_mode_t {
        MPS_MULTIPLE,
 };
 
+enum sc_mode_t {
+       SC_OFF,
+       SC_ON,
+       SC_ONLY,
+};
+
 struct btd_br_defaults {
        uint16_t        page_scan_type;
        uint16_t        page_scan_interval;
@@ -105,6 +111,7 @@ struct btd_opts {
        uint8_t         privacy;
        bool            device_privacy;
        uint32_t        name_request_retry_delay;
+       uint8_t         secure_conn;
 
        struct btd_defaults defaults;
 

diff --git a/src/main.c b/src/main.c
index 2dfc14e..d53ce3e 100755 (executable)
--- a/src/main.c
+++ b/src/main.c
@@ -79,6 +79,7 @@ static const char *supported_options[] = {
        "MaxControllers",
        "MultiProfile",
        "FastConnectable",
+       "SecureConnections",
        "Privacy",
        "JustWorksRepairing",
        "TemporaryTimeout",
@@ -913,6 +914,20 @@ static void parse_config(GKeyFile *config)
                g_free(str);
        }
 #endif
+
+       str = g_key_file_get_string(config, "General",
+                                               "SecureConnections", &err);
+       if (err)
+               g_clear_error(&err);
+       else {
+               if (!strcmp(str, "off"))
+                       btd_opts.secure_conn = SC_OFF;
+               else if (!strcmp(str, "on"))
+                       btd_opts.secure_conn = SC_ON;
+               else if (!strcmp(str, "only"))
+                       btd_opts.secure_conn = SC_ONLY;
+       }
+
        str = g_key_file_get_string(config, "GATT", "Cache", &err);
        if (err) {
                DBG("%s", err->message);
@@ -1024,6 +1039,7 @@ static void init_defaults(void)
        btd_opts.debug_keys = FALSE;
        btd_opts.refresh_discovery = TRUE;
        btd_opts.name_request_retry_delay = DEFAULT_NAME_REQUEST_RETRY_DELAY;
+       btd_opts.secure_conn = SC_ON;
 
        btd_opts.defaults.num_entries = 0;
        btd_opts.defaults.br.page_scan_type = 0xFFFF;

diff --git a/src/main.conf b/src/main.conf
index 76f6296..cd0bfd0 100755 (executable)
--- a/src/main.conf
+++ b/src/main.conf
@@ -117,6 +117,17 @@
 # profile is connected. Defaults to true.
 #RefreshDiscovery = true
 
+# Default Secure Connections setting.
+# Enables the Secure Connections setting for adapters that support it. It
+# provides better crypto algorithms for BT links and also enables CTKD (cross
+# transport key derivation) during pairing on any link.
+# Possible values: "off", "on", "only"
+# - "off": Secure Connections are disabled
+# - "on": Secure Connections are enabled when peer device supports them
+# - "only": we allow only Secure Connections
+# Defaults to "on"
+#SecureConnections = on
+
 # Enables D-Bus experimental interfaces
 # Possible values: true or false
 #Experimental = false