Skip to content

Fixed passkey deprecation #3466

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
+157 −42
Open

Fixed passkey deprecation #3466

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b28679f
[nrf fromtree] Bluetooth: Host: Add BT_APP_PASSKEY Kconfig option
HaavardRei Oct 20, 2025
9ac0bf6
[nrf fromtree] Bluetooth: Host: Deprecate BT_FIXED_PASSKEY
HaavardRei Oct 20, 2025
e84fa1b
[nrf fromtree] Bluetooth: Host: shell: Don't use BT_FIXED_PASSKEY
HaavardRei Oct 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions doc/releases/migration-guide-4.3.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,15 @@ Bluetooth HCI
* The deprecated ``ipm`` value was removed from ``bt-hci-bus`` devicetree property.
``ipc`` should be used instead.

Bluetooth Host
==============

* :kconfig:option:`CONFIG_BT_FIXED_PASSKEY` has been deprecated. Instead, the application can
provide passkeys for pairing using the :c:member:`bt_conn_auth_cb.app_passkey` callback, which is
available when :kconfig:option:`CONFIG_BT_APP_PASSKEY` is enabled. The application can return the
passkey for pairing, or :c:macro:`BT_PASSKEY_RAND` for the Host to generate a random passkey
instead.

Ethernet
========

Expand Down
40 changes: 37 additions & 3 deletions include/zephyr/bluetooth/conn.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2397,8 +2397,8 @@ int bt_le_oob_get_sc_data(struct bt_conn *conn,
const struct bt_le_oob_sc_data **oobd_remote);

/**
* Special passkey value that can be used to disable a previously
* set fixed passkey.
* DEPRECATED - use @ref BT_PASSKEY_RAND instead. Special passkey value that can be used to disable
* a previously set fixed passkey.
*/
#define BT_PASSKEY_INVALID 0xffffffff

Expand All @@ -2410,12 +2410,15 @@ int bt_le_oob_get_sc_data(struct bt_conn *conn,
* Sets a fixed passkey to be used for pairing. If set, the
* pairing_confirm() callback will be called for all incoming pairings.
*
* @deprecated Use @ref BT_PASSKEY_RAND and the app_passkey callback from @ref bt_conn_auth_cb
* instead.
*
* @param passkey A valid passkey (0 - 999999) or BT_PASSKEY_INVALID
* to disable a previously set fixed passkey.
*
* @return 0 on success or a negative error code on failure.
*/
int bt_passkey_set(unsigned int passkey);
__deprecated int bt_passkey_set(unsigned int passkey);

/** Info Structure for OOB pairing */
struct bt_conn_oob_info {
Expand Down Expand Up @@ -2481,6 +2484,13 @@ struct bt_conn_pairing_feat {
};
#endif /* CONFIG_BT_SMP_APP_PAIRING_ACCEPT */

/**
* Special passkey value that can be used to generate a random passkey when using the
* app_passkey callback from @ref bt_conn_auth_cb.
*
*/
#define BT_PASSKEY_RAND 0xffffffff

/** Authenticated pairing callback structure */
struct bt_conn_auth_cb {
#if defined(CONFIG_BT_SMP_APP_PAIRING_ACCEPT)
Expand Down Expand Up @@ -2680,6 +2690,30 @@ struct bt_conn_auth_cb {
*/
void (*pincode_entry)(struct bt_conn *conn, bool highsec);
#endif

#if defined(CONFIG_BT_APP_PASSKEY)
/** @brief Allow the application to provide a passkey for pairing.
*
* If implemented, this callback allows the application to provide passkeys for pairing.
* The valid range of passkeys is 0 - 999999. The application shall return the passkey for
* pairing, or BT_PASSKEY_RAND to generate a random passkey. This callback is invoked only
* for the Passkey Entry method as defined in Core Specification Vol. 3, Part H. Which
* device in the pairing is showing the passkey depends on the IO capabilities of the
* device; see Table 2.8 of the Bluetooth Core Specification V6.0, Vol. 3, Part H for more
Copy link
Contributor

@seko-nordic seko-nordic Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

better not to specify version, so we don't need to update it with every spec release. The way core spec is developed guarantees that existing section numbers will not change in future specs.

Suggested change
* device; see Table 2.8 of the Bluetooth Core Specification V6.0, Vol. 3, Part H for more
* device; see Table 2.8 of the Bluetooth Core Specification, Vol. 3, Part H for more

Copy link
Contributor Author

@m-alperen-sener m-alperen-sener Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should I do it here? I don't know actually since this is upstream commit? any suggestion?

* details. For the purposes of this table, the device gains the "display" capability when
* this callback is non-NULL. This is irrespective of whether the callback returns a
* specified key or BT_PASSKEY_RAND.
*
*
* @note When using this callback, it is the responsibility of the application to use
* random and unique keys.
*
* @param conn Connection where pairing is currently active.
* @return Passkey for pairing, or BT_PASSKEY_RAND for the Host to generate a random
* passkey.
*/
uint32_t (*app_passkey)(struct bt_conn *conn);
#endif /* CONFIG_BT_APP_PASSKEY */
};

/** Authenticated pairing information callback structure */
Expand Down
14 changes: 13 additions & 1 deletion subsys/bluetooth/host/Kconfig
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -700,12 +700,24 @@ config BT_SMP_USB_HCI_CTLR_WORKAROUND
if the keys are distributed over an encrypted link.

config BT_FIXED_PASSKEY
bool "Use a fixed passkey for pairing"
bool "Use a fixed passkey for pairing [DEPRECATED]"
select DEPRECATED
help
This option is deprecated, use BT_APP_PASSKEY instead.
With this option enabled, the application will be able to call the
bt_passkey_set() API to set a fixed passkey. If set, the
pairing_confirm() callback will be called for all incoming pairings.

config BT_APP_PASSKEY
bool "Allow the application to provide passkeys for pairing"
depends on !BT_FIXED_PASSKEY
help
With this option enabled, the application will be able to provide passkeys for pairing
using the app_passkey() callback. If the application does not provide a passkey, a
random passkey will be generated by the Host.

WARNING: It is the responsibility of the application to use random and unique keys.

config BT_USE_DEBUG_KEYS
bool "Security Manager Debug Mode"
help
Expand Down
53 changes: 37 additions & 16 deletions subsys/bluetooth/host/shell/bt.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4421,6 +4421,15 @@
}
#endif /* CONFIG_BT_CLASSIC */

#if defined(CONFIG_BT_APP_PASSKEY)
static uint32_t app_passkey = BT_PASSKEY_RAND;

static uint32_t auth_app_passkey(struct bt_conn *conn)
{
return app_passkey;
}
#endif /* CONFIG_BT_APP_PASSKEY */

static struct bt_conn_auth_cb auth_cb_display = {
.passkey_display = auth_passkey_display,
#if defined(CONFIG_BT_PASSKEY_KEYPRESS)
Expand All @@ -4437,6 +4446,9 @@
#if defined(CONFIG_BT_SMP_APP_PAIRING_ACCEPT)
.pairing_accept = pairing_accept,
#endif
#if defined(CONFIG_BT_APP_PASSKEY)
.app_passkey = auth_app_passkey,
#endif
};

static struct bt_conn_auth_cb auth_cb_display_yes_no = {
Expand All @@ -4445,6 +4457,9 @@
.passkey_confirm = auth_passkey_confirm,
#if defined(CONFIG_BT_CLASSIC)
.pincode_entry = auth_pincode_entry,
#endif
#if defined(CONFIG_BT_APP_PASSKEY)
.app_passkey = auth_app_passkey,
#endif
.oob_data_request = NULL,
.cancel = auth_cancel,
Expand All @@ -4460,6 +4475,9 @@
.passkey_confirm = NULL,
#if defined(CONFIG_BT_CLASSIC)
.pincode_entry = auth_pincode_entry,
#endif
#if defined(CONFIG_BT_APP_PASSKEY)
.app_passkey = auth_app_passkey,
#endif
.oob_data_request = NULL,
.cancel = auth_cancel,
Expand All @@ -4472,6 +4490,9 @@
static struct bt_conn_auth_cb auth_cb_confirm = {
#if defined(CONFIG_BT_CLASSIC)
.pincode_entry = auth_pincode_entry,
#endif
#if defined(CONFIG_BT_APP_PASSKEY)
.app_passkey = auth_app_passkey,
#endif
.oob_data_request = NULL,
.cancel = auth_cancel,
Expand All @@ -4487,6 +4508,9 @@
.passkey_confirm = auth_passkey_confirm,
#if defined(CONFIG_BT_CLASSIC)
.pincode_entry = auth_pincode_entry,
#endif
#if defined(CONFIG_BT_APP_PASSKEY)
.app_passkey = auth_app_passkey,
#endif
.oob_data_request = auth_pairing_oob_data_request,
.cancel = auth_cancel,
Expand Down Expand Up @@ -4703,16 +4727,15 @@
#endif /* CONFIG_BT_CENTRAL */
#endif /* defined(CONFIG_BT_FILTER_ACCEPT_LIST) */

#if defined(CONFIG_BT_FIXED_PASSKEY)
static int cmd_fixed_passkey(const struct shell *sh,
size_t argc, char *argv[])
#if defined(CONFIG_BT_APP_PASSKEY)
static int cmd_app_passkey(const struct shell *sh,
size_t argc, char *argv[])
{

Check notice on line 4733 in subsys/bluetooth/host/shell/bt.c

View workflow job for this annotation

GitHub Actions / Run compliance checks on patch series (PR)

You may want to run clang-format on this change 

subsys/bluetooth/host/shell/bt.c:4733 
-static int cmd_app_passkey(const struct shell *sh,
-			    size_t argc, char *argv[])
+static int cmd_app_passkey(const struct shell *sh, size_t argc, char *argv[])
unsigned int passkey;
int err;
uint32_t passkey;

if (argc < 2) {
bt_passkey_set(BT_PASSKEY_INVALID);
shell_print(sh, "Fixed passkey cleared");
app_passkey = BT_PASSKEY_RAND;
shell_print(sh, "App passkey cleared");
return 0;
}

Expand All @@ -4722,14 +4745,12 @@
return -ENOEXEC;
}

err = bt_passkey_set(passkey);
if (err) {
shell_print(sh, "Setting fixed passkey failed (err %d)", err);
}
app_passkey = passkey;
shell_print(sh, "App passkey set to %06u", passkey);

return err;
return 0;
}
#endif
#endif /* CONFIG_BT_APP_PASSKEY */

static int cmd_auth_passkey(const struct shell *sh,
size_t argc, char *argv[])
Expand Down Expand Up @@ -5150,7 +5171,7 @@
SHELL_CMD_ARG(id-delete, NULL, "<id>", cmd_id_delete, 2, 0),
SHELL_CMD_ARG(id-show, NULL, HELP_NONE, cmd_id_show, 1, 0),
SHELL_CMD_ARG(id-select, NULL, "<id>", cmd_id_select, 2, 0),
SHELL_CMD_ARG(name, NULL, "[name]", cmd_name, 1, 1),

Check notice on line 5174 in subsys/bluetooth/host/shell/bt.c

View workflow job for this annotation

GitHub Actions / Run compliance checks on patch series (PR)

You may want to run clang-format on this change 

subsys/bluetooth/host/shell/bt.c:5174 
-SHELL_STATIC_SUBCMD_SET_CREATE(bt_cmds,
-	SHELL_CMD_ARG(init, NULL, "[no-settings-load], [sync]",
-		      cmd_init, 1, 2),
+SHELL_STATIC_SUBCMD_SET_CREATE(
+	bt_cmds, SHELL_CMD_ARG(init, NULL, "[no-settings-load], [sync]", cmd_init, 1, 2),
 	SHELL_CMD_ARG(disable, NULL, HELP_NONE, cmd_disable, 1, 0),
 #if defined(CONFIG_SETTINGS)
-	SHELL_CMD_ARG(settings-load, NULL, HELP_NONE, cmd_settings_load, 1, 0),
+	SHELL_CMD_ARG(settings - load, NULL, HELP_NONE, cmd_settings_load, 1, 0),
 #endif
 #if defined(CONFIG_BT_HCI)
-	SHELL_CMD_ARG(hci-cmd, NULL, "<ogf> <ocf> [data]", cmd_hci_cmd, 3, 1),
-#endif
-	SHELL_CMD_ARG(id-create, NULL, HELP_ADDR, cmd_id_create, 1, 1),
-	SHELL_CMD_ARG(id-reset, NULL, "<id> "HELP_ADDR, cmd_id_reset, 2, 1),
-	SHELL_CMD_ARG(id-delete, NULL, "<id>", cmd_id_delete, 2, 0),
-	SHELL_CMD_ARG(id-show, NULL, HELP_NONE, cmd_id_show, 1, 0),
-	SHELL_CMD_ARG(id-select, NULL, "<id>", cmd_id_select, 2, 0),
+	SHELL_CMD_ARG(hci - cmd, NULL, "<ogf> <ocf> [data]", cmd_hci_cmd, 3, 1),
+#endif
+	SHELL_CMD_ARG(id - create, NULL, HELP_ADDR, cmd_id_create, 1, 1),
+	SHELL_CMD_ARG(id - reset, NULL, "<id> " HELP_ADDR, cmd_id_reset, 2, 1),
+	SHELL_CMD_ARG(id - delete, NULL, "<id>", cmd_id_delete, 2, 0),
+	SHELL_CMD_ARG(id - show, NULL, HELP_NONE, cmd_id_show, 1, 0),
+	SHELL_CMD_ARG(id - select, NULL, "<id>", cmd_id_select, 2, 0),
#if defined(CONFIG_BT_DEVICE_APPEARANCE_DYNAMIC)
SHELL_CMD_ARG(appearance, NULL, "[new appearance value]", cmd_appearance, 1, 1),
#else
Expand Down Expand Up @@ -5197,7 +5218,7 @@
#endif
#if defined(CONFIG_BT_FRAME_SPACE_UPDATE)
SHELL_CMD_ARG(frame-space-update, NULL,
"[frame_space_min <us>] [frame_space_max <us>] [phys <phy mask>] "

Check notice on line 5221 in subsys/bluetooth/host/shell/bt.c

View workflow job for this annotation

GitHub Actions / Run compliance checks on patch series (PR)

You may want to run clang-format on this change 

subsys/bluetooth/host/shell/bt.c:5221 
-		      "<value: on, passive, off> [filter: dups, nodups] [fal]"
-		      EXT_ADV_SCAN_OPT,
+		      "<value: on, passive, off> [filter: dups, nodups] [fal]" EXT_ADV_SCAN_OPT,
 		      cmd_scan, 2, 4),
-	SHELL_CMD(scan-filter-set, &bt_scan_filter_set_cmds,
-		      "Scan filter set commands",
-		      cmd_default_handler),
-	SHELL_CMD(scan-filter-clear, &bt_scan_filter_clear_cmds,
-		      "Scan filter clear commands",
-		      cmd_default_handler),
-	SHELL_CMD_ARG(scan-verbose-output, NULL, "<value: on, off>", cmd_scan_verbose_output, 2, 0),
+	SHELL_CMD(scan - filter - set, &bt_scan_filter_set_cmds, "Scan filter set commands",
+		  cmd_default_handler),
+	SHELL_CMD(scan - filter - clear, &bt_scan_filter_clear_cmds, "Scan filter clear commands",
+		  cmd_default_handler),
+	SHELL_CMD_ARG(scan - verbose - output, NULL, "<value: on, off>", cmd_scan_verbose_output, 2,
+		      0),
 #endif /* CONFIG_BT_OBSERVER */
 #if defined(CONFIG_BT_TRANSMIT_POWER_CONTROL)
-	SHELL_CMD_ARG(read-remote-tx-power, NULL, HELP_NONE, cmd_read_remote_tx_power, 2, 0),
-	SHELL_CMD_ARG(read-local-tx-power, NULL, HELP_NONE, cmd_read_local_tx_power, 2, 0),
-	SHELL_CMD_ARG(set-power-report-enable, NULL, HELP_NONE, cmd_set_power_report_enable, 3, 0),
+	SHELL_CMD_ARG(read - remote - tx - power, NULL, HELP_NONE, cmd_read_remote_tx_power, 2, 0),
+	SHELL_CMD_ARG(read - local - tx - power, NULL, HELP_NONE, cmd_read_local_tx_power, 2, 0),
+	SHELL_CMD_ARG(set - power - report - enable, NULL, HELP_NONE, cmd_set_power_report_enable,
+		      3, 0),
 #endif
 #if defined(CONFIG_BT_PATH_LOSS_MONITORING)
-	SHELL_CMD_ARG(path-loss-monitoring-set-params, NULL,
-		      "<high threshold> <high hysteresis> <low threshold> <low hysteresis> <min time spent>",
+	SHELL_CMD_ARG(path - loss - monitoring - set - params, NULL,
+		      "<high threshold> <high hysteresis> <low threshold> <low hysteresis> <min "
+		      "time spent>",
 		      cmd_set_path_loss_reporting_parameters, 6, 0),
-	SHELL_CMD_ARG(path-loss-monitoring-enable, NULL, "<enable: true, false>",
+	SHELL_CMD_ARG(path - loss - monitoring - enable, NULL, "<enable: true, false>",
 		      cmd_set_path_loss_reporting_enable, 2, 0),
 #endif
 #if defined(CONFIG_BT_SUBRATING)
-	SHELL_CMD_ARG(subrate-set-defaults, NULL,
-		"<min subrate factor> <max subrate factor> <max peripheral latency> "
-		"<min continuation number> <supervision timeout (seconds)>",
-		cmd_subrate_set_defaults, 6, 0),
-	SHELL_CMD_ARG(subrate-request, NULL,
-		"<min subrate factor> <max subrate factor> <max peripheral latency> "
-		"<min continuation number> <supervision timeout (seconds)>",
-		cmd_subrate_request, 6, 0),
+	SHELL_CMD_ARG(subrate - set - defaults, NULL,
+		      "<min subrate factor> <max subrate factor> <max peripheral latency> "
+		      "<min continuation number> <supervision timeout (seconds)>",
+		      cmd_subrate_set_defaults, 6, 0),
+	SHELL_CMD_ARG(subrate - request, NULL,
+		      "<min subrate factor> <max subrate factor> <max peripheral latency> "
+		      "<min continuation number> <supervision timeout (seconds)>",
+		      cmd_subrate_request, 6, 0),
 #endif
 #if defined(CONFIG_BT_LE_EXTENDED_FEAT_SET)
-	SHELL_CMD_ARG(read-all-remote-features, NULL, "<pages_requested>",
-		cmd_read_all_remote_features, 2, 0),
+	SHELL_CMD_ARG(read - all - remote - features, NULL, "<pages_requested>",
+		      cmd_read_all_remote_features, 2, 0),
 #endif
 #if defined(CONFIG_BT_FRAME_SPACE_UPDATE)
-	SHELL_CMD_ARG(frame-space-update, NULL,
+	SHELL_CMD_ARG(frame - space - update, NULL,
"[spacing_types <spacing types mask>]",
cmd_frame_space_update, 5, 0),
#endif
Expand Down Expand Up @@ -5306,7 +5327,7 @@
2, 0),
#if defined(CONFIG_BT_BONDABLE_PER_CONNECTION)
SHELL_CMD_ARG(conn-bondable, NULL, HELP_ONOFF, cmd_conn_bondable, 2, 0),
#endif /* CONFIG_BT_BONDABLE_PER_CONNECTION */

Check notice on line 5330 in subsys/bluetooth/host/shell/bt.c

View workflow job for this annotation

GitHub Actions / Run compliance checks on patch series (PR)

You may want to run clang-format on this change 

subsys/bluetooth/host/shell/bt.c:5330 
-	SHELL_CMD_ARG(directed-adv, NULL, HELP_ADDR_LE " [mode: low] "
-		      "[identity] [dir-rpa]",
+	SHELL_CMD_ARG(directed - adv, NULL,
+		      HELP_ADDR_LE " [mode: low] "
+				   "[identity] [dir-rpa]",
 		      cmd_directed_adv, 3, 6),
 #endif /* CONFIG_BT_PERIPHERAL */
 #if defined(CONFIG_BT_EXT_ADV)
-	SHELL_CMD_ARG(adv-create, NULL, EXT_ADV_PARAM, cmd_adv_create, 2, 11),
-	SHELL_CMD_ARG(adv-param, NULL, EXT_ADV_PARAM, cmd_adv_param, 2, 11),
-	SHELL_CMD_ARG(adv-data, NULL, "<data> [scan-response <data>] "
-				      "<type: discov, hex> [appearance] "
-				      "[name <str>] [dev-name]",
+	SHELL_CMD_ARG(adv - create, NULL, EXT_ADV_PARAM, cmd_adv_create, 2, 11),
+	SHELL_CMD_ARG(adv - param, NULL, EXT_ADV_PARAM, cmd_adv_param, 2, 11),
+	SHELL_CMD_ARG(adv - data, NULL,
+		      "<data> [scan-response <data>] "
+		      "<type: discov, hex> [appearance] "
+		      "[name <str>] [dev-name]",
 		      cmd_adv_data, 1, 16),
-	SHELL_CMD_ARG(adv-start, NULL,
-		"[timeout <timeout>] [num-events <num events>]",
-		cmd_adv_start, 1, 4),
-	SHELL_CMD_ARG(adv-stop, NULL, HELP_NONE, cmd_adv_stop, 1, 0),
-	SHELL_CMD_ARG(adv-delete, NULL, HELP_NONE, cmd_adv_delete, 1, 0),
-	SHELL_CMD_ARG(adv-select, NULL, "[adv]", cmd_adv_select, 1, 1),
-	SHELL_CMD_ARG(adv-info, NULL, HELP_NONE, cmd_adv_info, 1, 0),
+	SHELL_CMD_ARG(adv - start, NULL, "[timeout <timeout>] [num-events <num events>]",
+		      cmd_adv_start, 1, 4),
+	SHELL_CMD_ARG(adv - stop, NULL, HELP_NONE, cmd_adv_stop, 1, 0),
+	SHELL_CMD_ARG(adv - delete, NULL, HELP_NONE, cmd_adv_delete, 1, 0),
+	SHELL_CMD_ARG(adv - select, NULL, "[adv]", cmd_adv_select, 1, 1),
+	SHELL_CMD_ARG(adv - info, NULL, HELP_NONE, cmd_adv_info, 1, 0),
 #if defined(CONFIG_BT_PERIPHERAL)
-	SHELL_CMD_ARG(adv-oob, NULL, HELP_NONE, cmd_adv_oob, 1, 0),
+	SHELL_CMD_ARG(adv - oob, NULL, HELP_NONE, cmd_adv_oob, 1, 0),
 #endif /* CONFIG_BT_PERIPHERAL */
 #if defined(CONFIG_BT_PRIVACY)
-	SHELL_CMD_ARG(adv-rpa-expire, NULL, HELP_ONOFF, cmd_adv_rpa_expire, 2, 0),
+	SHELL_CMD_ARG(adv - rpa - expire, NULL, HELP_ONOFF, cmd_adv_rpa_expire, 2, 0),
 #endif
 #if defined(CONFIG_BT_PER_ADV)
-	SHELL_CMD_ARG(per-adv, NULL, HELP_ONOFF, cmd_per_adv, 2, 0),
-	SHELL_CMD_ARG(per-adv-param, NULL,
-		      "[<interval-min> [<interval-max> [tx_power]]]",
+	SHELL_CMD_ARG(per - adv, NULL, HELP_ONOFF, cmd_per_adv, 2, 0),
+	SHELL_CMD_ARG(per - adv - param, NULL, "[<interval-min> [<interval-max> [tx_power]]]",
 		      cmd_per_adv_param, 1, 3),
-	SHELL_CMD_ARG(per-adv-data, NULL, "[data]", cmd_per_adv_data, 1, 1),
+	SHELL_CMD_ARG(per - adv - data, NULL, "[data]", cmd_per_adv_data, 1, 1),
 #endif /* CONFIG_BT_PER_ADV */
 #endif /* CONFIG_BT_EXT_ADV */
 #endif /* CONFIG_BT_BROADCASTER */
 #if defined(CONFIG_BT_PER_ADV_SYNC)
-	SHELL_CMD_ARG(per-adv-sync-create, NULL,
+	SHELL_CMD_ARG(per - adv - sync - create, NULL,
 		      HELP_ADDR_LE " <sid> [skip <count>] [timeout <ms>] [aoa] "
-		      "[aod_1us] [aod_2us] [cte_only]",
+				   "[aod_1us] [aod_2us] [cte_only]",
 		      cmd_per_adv_sync_create, 4, 6),
-	SHELL_CMD_ARG(per-adv-sync-delete, NULL, "[<index>]",
-		      cmd_per_adv_sync_delete, 1, 1),
-	SHELL_CMD_ARG(per-adv-sync-select, NULL, "[adv]", cmd_per_adv_sync_select, 1, 1),
+	SHELL_CMD_ARG(per - adv - sync - delete, NULL, "[<index>]", cmd_per_adv_sync_delete, 1, 1),
+	SHELL_CMD_ARG(per - adv - sync - select, NULL, "[adv]", cmd_per_adv_sync_select, 1, 1),
 #endif /* defined(CONFIG_BT_PER_ADV_SYNC) */
 #if defined(CONFIG_BT_EAD)
-	SHELL_CMD(encrypted-ad, &bt_encrypted_ad_cmds, "Manage advertiser with encrypted data",
+	SHELL_CMD(encrypted - ad, &bt_encrypted_ad_cmds, "Manage advertiser with encrypted data",
 		  cmd_default_handler),
 #endif /* CONFIG_BT_EAD */
 #if defined(CONFIG_BT_CONN)
 #if defined(CONFIG_BT_PER_ADV_SYNC_TRANSFER_RECEIVER)
-	SHELL_CMD_ARG(past-subscribe, NULL, "[conn] [skip <count>] "
+	SHELL_CMD_ARG(past - subscribe, NULL,
+		      "[conn] [skip <count>] "
 		      "[timeout <ms>] [aoa] [aod_1us] [aod_2us] [cte_only]",
 		      cmd_past_subscribe, 1, 7),
-	SHELL_CMD_ARG(past-uns
SHELL_CMD_ARG(bonds, NULL, HELP_NONE, cmd_bonds, 1, 0),
SHELL_CMD_ARG(connections, NULL, HELP_NONE, cmd_connections, 1, 0),
SHELL_CMD_ARG(auth, NULL,
Expand Down Expand Up @@ -5340,10 +5361,10 @@
cmd_fal_connect, 2, 3),
#endif /* CONFIG_BT_CENTRAL */
#endif /* defined(CONFIG_BT_FILTER_ACCEPT_LIST) */
#if defined(CONFIG_BT_FIXED_PASSKEY)
SHELL_CMD_ARG(fixed-passkey, NULL, "[passkey]", cmd_fixed_passkey,
#if defined(CONFIG_BT_APP_PASSKEY)
SHELL_CMD_ARG(app-passkey, NULL, "[passkey]", cmd_app_passkey,
1, 1),
#endif
#endif /* CONFIG_BT_APP_PASSKEY */
#endif /* CONFIG_BT_SMP || CONFIG_BT_CLASSIC) */
#endif /* CONFIG_BT_CONN */

Expand Down Expand Up @@ -5371,5 +5392,5 @@

SHELL_SUBCMD_SET_END
);

Check notice on line 5395 in subsys/bluetooth/host/shell/bt.c

View workflow job for this annotation

GitHub Actions / Run compliance checks on patch series (PR)

You may want to run clang-format on this change 

subsys/bluetooth/host/shell/bt.c:5395 
-	SHELL_CMD_ARG(auth-cancel, NULL, HELP_NONE, cmd_auth_cancel, 1, 0),
-	SHELL_CMD_ARG(auth-passkey, NULL, "<passkey>", cmd_auth_passkey, 2, 0),
+	SHELL_CMD_ARG(auth - cancel, NULL, HELP_NONE, cmd_auth_cancel, 1, 0),
+	SHELL_CMD_ARG(auth - passkey, NULL, "<passkey>", cmd_auth_passkey, 2, 0),
 #if defined(CONFIG_BT_PASSKEY_KEYPRESS)
-	SHELL_CMD_ARG(auth-passkey-notify, NULL, "<type>",
-		      cmd_auth_passkey_notify, 2, 0),
+	SHELL_CMD_ARG(auth - passkey - notify, NULL, "<type>", cmd_auth_passkey_notify, 2, 0),
 #endif /* CONFIG_BT_PASSKEY_KEYPRESS */
-	SHELL_CMD_ARG(auth-passkey-confirm, NULL, HELP_NONE,
-		      cmd_auth_passkey_confirm, 1, 0),
-	SHELL_CMD_ARG(auth-pairing-confirm, NULL, HELP_NONE,
-		      cmd_auth_pairing_confirm, 1, 0),
+	SHELL_CMD_ARG(auth - passkey - confirm, NULL, HELP_NONE, cmd_auth_passkey_confirm, 1, 0),
+	SHELL_CMD_ARG(auth - pairing - confirm, NULL, HELP_NONE, cmd_auth_pairing_confirm, 1, 0),
 #if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
-	SHELL_CMD_ARG(auth-oob-tk, NULL, "<tk>", cmd_auth_oob_tk, 2, 0),
+	SHELL_CMD_ARG(auth - oob - tk, NULL, "<tk>", cmd_auth_oob_tk, 2, 0),
 #endif /* !defined(CONFIG_BT_SMP_SC_PAIR_ONLY) */
-	SHELL_CMD_ARG(oob-remote, NULL,
-		      HELP_ADDR_LE" <oob rand> <oob confirm>",
-		      cmd_oob_remote, 3, 2),
-	SHELL_CMD_ARG(oob-clear, NULL, HELP_NONE, cmd_oob_clear, 1, 0),
+	SHELL_CMD_ARG(oob - remote, NULL, HELP_ADDR_LE " <oob rand> <oob confirm>", cmd_oob_remote,
+		      3, 2),
+	SHELL_CMD_ARG(oob - clear, NULL, HELP_NONE, cmd_oob_clear, 1, 0),
 #if defined(CONFIG_BT_FILTER_ACCEPT_LIST)
-	SHELL_CMD_ARG(fal-add, NULL, HELP_ADDR_LE, cmd_fal_add, 3, 0),
-	SHELL_CMD_ARG(fal-rem, NULL, HELP_ADDR_LE, cmd_fal_rem, 3, 0),
-	SHELL_CMD_ARG(fal-clear, NULL, HELP_NONE, cmd_fal_clear, 1, 0),
+	SHELL_CMD_ARG(fal - add, NULL, HELP_ADDR_LE, cmd_fal_add, 3, 0),
+	SHELL_CMD_ARG(fal - rem, NULL, HELP_ADDR_LE, cmd_fal_rem, 3, 0),
+	SHELL_CMD_ARG(fal - clear, NULL, HELP_NONE, cmd_fal_clear, 1, 0),
 
 #if defined(CONFIG_BT_CENTRAL)
-	SHELL_CMD_ARG(fal-connect, NULL, HELP_ONOFF EXT_ADV_SCAN_OPT,
-		      cmd_fal_connect, 2, 3),
+	SHELL_CMD_ARG(fal - connect, NULL, HELP_ONOFF EXT_ADV_SCAN_OPT, cmd_fal_connect, 2, 3),
 #endif /* CONFIG_BT_CENTRAL */
 #endif /* defined(CONFIG_BT_FILTER_ACCEPT_LIST) */
 #if defined(CONFIG_BT_APP_PASSKEY)
-	SHELL_CMD_ARG(app-passkey, NULL, "[passkey]", cmd_app_passkey,
-		      1, 1),
+	SHELL_CMD_ARG(app - passkey, NULL, "[passkey]", cmd_app_passkey, 1, 1),
 #endif /* CONFIG_BT_APP_PASSKEY */
 #endif /* CONFIG_BT_SMP || CONFIG_BT_CLASSIC) */
 #endif /* CONFIG_BT_CONN */
 
 #if defined(CONFIG_BT_LL_SW_SPLIT)
-	SHELL_CMD(ll-addr, NULL, "<random|public>", cmd_ll_addr_read),
+	SHELL_CMD(ll - addr, NULL, "<random|public>", cmd_ll_addr_read),
 #if defined(CONFIG_BT_CTLR_ADV_EXT)
 #if defined(CONFIG_BT_BROADCASTER)
-	SHELL_CMD_ARG(advx, NULL,
-		      "<on hdcd ldcd off> [coded] [anon] [txp] [ad]",
-		      cmd_advx, 2, 4),
+	SHELL_CMD_ARG(advx, NULL, "<on hdcd ldcd off> [coded] [anon] [txp] [ad]", cmd_advx, 2, 4),
 #endif /* CONFIG_BT_BROADCASTER */
 #if defined(CONFIG_BT_OBSERVER)
-	SHELL_CMD_ARG(scanx, NULL, "<on passive off> [coded]", cmd_scanx,
-		      2, 1),
+	SHELL_CMD_ARG(scanx, NULL, "<on passive off> [coded]", cmd_scanx, 2, 1),
 #endif /* CONFIG_BT_OBSERVER */
 #endif /* CONFIG_BT_CTLR_ADV_EXT */
 #if defined(CONFIG_BT_CTLR_DTM)
-	SHELL_CMD_ARG(test_tx, NULL, "<chan> <len> <type> <phy>", cmd_test_tx,
-		      5, 0),
-	SHELL_CMD_ARG(test_rx, NULL, "<chan> <phy> <mod_idx>", cmd_test_rx,
-		      4, 0),
+	SHELL_CMD_ARG(test_tx, NULL, "<chan> <len> <type> <phy>", cmd_test_tx, 5, 0),
+	SHELL_CMD_ARG(test_rx, NULL, "<chan> <phy> <mod_idx>", cmd_test_rx, 4, 0),
 	SHELL_CMD_ARG(test_end, NULL, HELP_NONE, cmd_test_end, 1, 0),
 #endif /* CONFIG_BT_CTLR_DTM */
 #endif /* CONFIG_BT_LL_SW_SPLIT */
 
-	SHELL_SUBCMD_SET_END
-);
+	SHELL_SUBCMD_SET_END);
SHELL_CMD_REGISTER(bt, &bt_cmds, "Bluetooth shell commands", cmd_default_handler);
77 changes: 58 additions & 19 deletions subsys/bluetooth/host/smp.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -222,12 +222,12 @@
atomic_t bondable;
};

static unsigned int fixed_passkey = BT_PASSKEY_INVALID;
static unsigned int fixed_passkey = BT_PASSKEY_RAND;

#define DISPLAY_FIXED(smp) (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) && \
fixed_passkey != BT_PASSKEY_INVALID && \
fixed_passkey != BT_PASSKEY_RAND && \
(smp)->method == PASSKEY_DISPLAY)

Check notice on line 230 in subsys/bluetooth/host/smp.c

View workflow job for this annotation

GitHub Actions / Run compliance checks on patch series (PR)

You may want to run clang-format on this change 

subsys/bluetooth/host/smp.c:230 
-#define DISPLAY_FIXED(smp) (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) && \
-			    fixed_passkey != BT_PASSKEY_RAND && \
-			    (smp)->method == PASSKEY_DISPLAY)
+#define DISPLAY_FIXED(smp)                                                                         \
+	(IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) && fixed_passkey != BT_PASSKEY_RAND &&                \
+	 (smp)->method == PASSKEY_DISPLAY)
#if !defined(CONFIG_BT_SMP_SC_PAIR_ONLY)
/* based on table 2.8 Core Spec 2.3.5.1 Vol. 3 Part H */
static const uint8_t gen_method_legacy[5 /* remote */][5 /* local */] = {
Expand Down Expand Up @@ -363,9 +363,21 @@
return BT_SMP_IO_DISPLAY_YESNO;
}

#if defined(CONFIG_BT_APP_PASSKEY)
/* Implementation of the app_passkey cb implies that the application can "know" the passkey
* without actually having a display, thus earning the "display" capability.
*/
if (smp_auth_cb->app_passkey) {
if (smp_auth_cb->passkey_entry) {
return BT_SMP_IO_KEYBOARD_DISPLAY;
}

return BT_SMP_IO_DISPLAY_ONLY;
}
#endif /* CONFIG_BT_APP_PASSKEY */

if (smp_auth_cb->passkey_entry) {
if (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) &&
fixed_passkey != BT_PASSKEY_INVALID) {
if (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) && fixed_passkey != BT_PASSKEY_RAND) {
return BT_SMP_IO_KEYBOARD_DISPLAY;
} else {
return BT_SMP_IO_KEYBOARD_ONLY;
Expand All @@ -377,8 +389,7 @@
}

no_callbacks:
if (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) &&
fixed_passkey != BT_PASSKEY_INVALID) {
if (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) && fixed_passkey != BT_PASSKEY_RAND) {
return BT_SMP_IO_DISPLAY_ONLY;
} else {
return BT_SMP_IO_NO_INPUT_OUTPUT;
Expand Down Expand Up @@ -2467,7 +2478,6 @@
struct bt_conn *conn = smp->chan.chan.conn;
const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
struct bt_keys *keys;
uint32_t passkey;

/*
* Fail if we have keys that are stronger than keys that will be
Expand Down Expand Up @@ -2495,11 +2505,25 @@
}

break;
case PASSKEY_DISPLAY:
if (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) &&
fixed_passkey != BT_PASSKEY_INVALID) {
case PASSKEY_DISPLAY: {
uint32_t passkey;

if (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) && fixed_passkey != BT_PASSKEY_RAND) {
passkey = fixed_passkey;
} else {
#if defined(CONFIG_BT_APP_PASSKEY)
} else if (smp_auth_cb && smp_auth_cb->app_passkey) {
passkey = smp_auth_cb->app_passkey(conn);

if (passkey != BT_PASSKEY_RAND && passkey > 999999) {
LOG_WRN("App-provided passkey is out of valid range: %u", passkey);
return BT_SMP_ERR_UNSPECIFIED;
}
#endif /* CONFIG_BT_APP_PASSKEY */
} else {
passkey = BT_PASSKEY_RAND;
}

if (passkey == BT_PASSKEY_RAND) {
if (bt_rand(&passkey, sizeof(passkey))) {
return BT_SMP_ERR_UNSPECIFIED;
}
Expand All @@ -2519,6 +2543,7 @@
sys_put_le32(passkey, smp->tk);

break;
}
case PASSKEY_INPUT:
atomic_set_bit(smp->flags, SMP_FLAG_USER);
smp_auth_cb->passkey_entry(conn);
Expand Down Expand Up @@ -4429,18 +4454,32 @@
{
struct bt_conn *conn = smp->chan.chan.conn;
const struct bt_conn_auth_cb *smp_auth_cb = latch_auth_cb(smp);
uint32_t passkey = BT_PASSKEY_RAND;

if (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) &&
fixed_passkey != BT_PASSKEY_INVALID) {
smp->passkey = fixed_passkey;
} else {
if (bt_rand(&smp->passkey, sizeof(smp->passkey))) {
if (IS_ENABLED(CONFIG_BT_FIXED_PASSKEY) && fixed_passkey != BT_PASSKEY_RAND) {
passkey = fixed_passkey;
}

#if defined(CONFIG_BT_APP_PASSKEY)
if (smp_auth_cb && smp_auth_cb->app_passkey) {
passkey = smp_auth_cb->app_passkey(conn);

if (passkey != BT_PASSKEY_RAND && passkey > 999999) {
LOG_WRN("App-provided passkey is out of valid range: %u", passkey);
return BT_SMP_ERR_UNSPECIFIED;
}
}
#endif /* CONFIG_BT_APP_PASSKEY */

if (passkey == BT_PASSKEY_RAND) {
if (bt_rand(&passkey, sizeof(passkey))) {
return BT_SMP_ERR_UNSPECIFIED;
}

smp->passkey %= 1000000;
passkey %= 1000000;
}

smp->passkey = passkey;
smp->passkey_round = 0U;

if (smp_auth_cb && smp_auth_cb->passkey_display) {
Expand Down Expand Up @@ -6172,8 +6211,8 @@
#if defined(CONFIG_BT_FIXED_PASSKEY)
int bt_passkey_set(unsigned int passkey)
{
if (passkey == BT_PASSKEY_INVALID) {
fixed_passkey = BT_PASSKEY_INVALID;
if (passkey == BT_PASSKEY_INVALID || passkey == BT_PASSKEY_RAND) {
fixed_passkey = BT_PASSKEY_RAND;
return 0;
}

Expand Down
2 changes: 1 addition & 1 deletion tests/bluetooth/shell/audio.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ CONFIG_BT_GATT_AUTO_DISCOVER_CCC=y
CONFIG_BT_GATT_AUTO_UPDATE_MTU=y
CONFIG_BT_L2CAP_ECRED=y
CONFIG_BT_SIGNING=y
CONFIG_BT_FIXED_PASSKEY=y
CONFIG_BT_APP_PASSKEY=y
CONFIG_BT_ATT_PREPARE_COUNT=5
CONFIG_BT_SHELL=y
CONFIG_BT_DEVICE_NAME="audio test shell"
Expand Down
2 changes: 1 addition & 1 deletion tests/bluetooth/shell/log.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ CONFIG_BT_PERIPHERAL=y
CONFIG_BT_PRIVACY=y
CONFIG_BT_SMP=y
CONFIG_BT_SIGNING=y
CONFIG_BT_FIXED_PASSKEY=y
CONFIG_BT_APP_PASSKEY=y
CONFIG_BT_ATT_PREPARE_COUNT=2
CONFIG_BT_GATT_CLIENT=y
CONFIG_BT_L2CAP_DYNAMIC_CHANNEL=y
Expand Down
Loading
Loading