From b135eb65f5f525163bba6717d515e730ee8abe2c Mon Sep 17 00:00:00 2001
From: Pete Johanson <peter@peterjohanson.com>
Date: Fri, 15 May 2020 11:39:16 -0400
Subject: [PATCH] BLE Security/Pairing fixes for "Just Works" SC.

---
 prj.conf        |  1 +
 src/ble.c       | 22 ++++++++++++++++------
 src/endpoints.c |  6 +++++-
 src/hog.c       |  6 ++----
 4 files changed, 24 insertions(+), 11 deletions(-)

diff --git a/prj.conf b/prj.conf
index 93cb7a78..949a8281 100644
--- a/prj.conf
+++ b/prj.conf
@@ -8,6 +8,7 @@ CONFIG_USB_DEVICE_HID=y
 CONFIG_USB_DEVICE_PRODUCT="ZMK Firmware"
 CONFIG_BT=y
 CONFIG_BT_SMP=y
+CONFIG_BT_SMP_SC_PAIR_ONLY=y
 CONFIG_BT_PERIPHERAL=y
 CONFIG_BT_GATT_DIS=y
 # HID GATT notifications sent this way are *not* picked up by Linux, and possibly others.
diff --git a/src/ble.c b/src/ble.c
index 006d424d..172bb4a4 100644
--- a/src/ble.c
+++ b/src/ble.c
@@ -20,10 +20,10 @@ static void connected(struct bt_conn *conn, u8_t err)
 
     printk("Connected %s\n", addr);
 
-    // if (bt_conn_set_security(conn, BT_SECURITY_L0))
-    // {
-    //     printk("Failed to set security\n");
-    // }
+    if (bt_conn_set_security(conn, BT_SECURITY_L2))
+    {
+        printk("Failed to set security\n");
+    }
 }
 
 static void disconnected(struct bt_conn *conn, u8_t reason)
@@ -68,6 +68,16 @@ static void auth_passkey_display(struct bt_conn *conn, unsigned int passkey)
     printk("Passkey for %s: %06u\n", addr, passkey);
 }
 
+static void auth_passkey_entry(struct bt_conn *conn)
+{
+    char addr[BT_ADDR_LE_STR_LEN];
+
+    bt_addr_le_to_str(bt_conn_get_dst(conn), addr, sizeof(addr));
+
+    printk("Passkey entry requested for %s\n", addr);
+    // bt_conn_auth_passkey_entry(conn, 1234);
+}
+
 static void auth_cancel(struct bt_conn *conn)
 {
     char addr[BT_ADDR_LE_STR_LEN];
@@ -78,8 +88,8 @@ static void auth_cancel(struct bt_conn *conn)
 }
 
 static struct bt_conn_auth_cb zmk_ble_auth_cb_display = {
-    .passkey_display = auth_passkey_display,
-    .passkey_entry = NULL,
+    // .passkey_display = auth_passkey_display,
+    // .passkey_entry = auth_passkey_entry,
     .cancel = auth_cancel,
 };
 
diff --git a/src/endpoints.c b/src/endpoints.c
index 402b1d44..1f78cb7b 100644
--- a/src/endpoints.c
+++ b/src/endpoints.c
@@ -28,6 +28,8 @@ int zmk_endpoints_init()
 int zmk_endpoints_send_key_event(struct zmk_key_event key_event)
 {
     struct zmk_hid_report *report;
+    int err;
+
     if (key_event.pressed)
     {
         zmk_hid_press_key(key_event.key);
@@ -44,8 +46,10 @@ int zmk_endpoints_send_key_event(struct zmk_key_event key_event)
     //     // LOG_DBG("USB Send Failed");
     // }
 
-    if (zmk_hog_send_report(report) != 0)
+    err = zmk_hog_send_report(report);
+    if (err)
     {
+        printk("FAILED TO SEND OVER HOG: %d\n", err);
         // LOG_DBG("HID Over GATTP Send Failed");
     }
 
diff --git a/src/hog.c b/src/hog.c
index 4d623fe3..dcddba6a 100644
--- a/src/hog.c
+++ b/src/hog.c
@@ -117,12 +117,10 @@ BT_GATT_SERVICE_DEFINE(hog_svc,
 
                        BT_GATT_CHARACTERISTIC(BT_UUID_HIDS_REPORT,
                                               BT_GATT_CHRC_READ | BT_GATT_CHRC_NOTIFY,
-                                              BT_GATT_PERM_READ_AUTHEN,
-                                              //   BT_GATT_PERM_READ,
+                                              BT_GATT_PERM_READ_ENCRYPT,
                                               read_hids_input_report, NULL, NULL),
                        BT_GATT_CCC(input_ccc_changed,
-                                   BT_GATT_PERM_READ_AUTHEN | BT_GATT_PERM_WRITE_AUTHEN),
-                       //    BT_GATT_PERM_READ | BT_GATT_PERM_WRITE),
+                                   BT_GATT_PERM_READ_ENCRYPT | BT_GATT_PERM_WRITE_ENCRYPT),
                        BT_GATT_DESCRIPTOR(BT_UUID_HIDS_REPORT_REF, BT_GATT_PERM_READ,
                                           read_hids_report_ref, NULL, &input),
                        BT_GATT_CHARACTERISTIC(BT_UUID_HIDS_CTRL_POINT,