L2CAP: On insufficient authentication error received, Zephyr does unauthenticated pairing #17525
Description
Describe the bug
Zephyr with IO capabilities set to NoInputNoOutput creates unauthenticated pairing on rejection of LE L2CAP: LE Connection Request with insufficient authentication error. Channel establishment fails anyway, because after the pairing, the link will still not meet the requirements.
To Reproduce
Tested agains MyNewt Nimble
Steps to reproduce the behavior:
- Lower Tester - btshell (MyNewt)
security-set-data sc=0 mitm_flag=1 bonding=0 io_capabilities=0
advertise-configure legacy=1 connectable=1 scannable=1
advertise-set-adv-data flags=0x06
l2cap-create-server psm=128 error=1
advertise-start
IUT btshell:
bt init
bt auth none
bt connect c0:de:c0:de:00:03 (public)
l2cap connect 80
Expected behavior
Pairing is not started, because local IO Capablities does not allow to create authenticated pairing.
Screenshots or console output
```
< ACL Data TX: Handle 0 flags 0x00 dlen 18 #60 16.805100
LE L2CAP: LE Connection Request (0x14) ident 1 len 10
PSM: 128 (0x0080)
Source CID: 64
MTU: 230
MPS: 68
Credits: 4
HCI Event: Number of Completed Packets (0x13) plen 5 #61 16.850900
Num handles: 1
Handle: 0
Count: 1
ACL Data RX: Handle 0 flags 0x02 dlen 18 #62 16.905600
LE L2CAP: LE Connection Response (0x15) ident 1 len 10
Destination CID: 0
MTU: 0
MPS: 0
Credits: 0
Result: Connection refused - insufficient authentication (0x0005)
< ACL Data TX: Handle 0 flags 0x00 dlen 11 #63 16.907300
SMP: Pairing Request (0x01) len 6
IO capability: NoInputNoOutput (0x03)
OOB data: Authentication data not present (0x00)
Authentication requirement: Bonding, No MITM, SC, No Keypresses (0x09)
Max encryption key size: 16
Initiator key distribution: EncKey IdKey Sign (0x07)
Responder key distribution: EncKey IdKey Sign (0x07)
HCI Event: Number of Completed Packets (0x13) plen 5 #64 16.960100
Num handles: 1
Handle: 0
Count: 1
ACL Data RX: Handle 0 flags 0x02 dlen 11 #65 17.014800
SMP: Pairing Response (0x02) len 6
IO capability: DisplayOnly (0x00)
OOB data: Authentication data not present (0x00)
Authentication requirement: No bonding, MITM, Legacy, No Keypresses (0x04)
Max encryption key size: 16
Initiator key distribution: (0x00)
Responder key distribution: (0x00)
< ACL Data TX: Handle 0 flags 0x00 dlen 21 #66 17.015100
SMP: Pairing Confirm (0x03) len 16
Confim value: 44c55f3b5462ee79a33d7a51654f4e5a
HCI Event: Number of Completed Packets (0x13) plen 5 #67 17.069400
Num handles: 1
Handle: 0
Count: 1
ACL Data RX: Handle 0 flags 0x02 dlen 21 #68 17.124100
SMP: Pairing Confirm (0x03) len 16
Confim value: 2b719dcdc4a7aee82dffe8ea8e2c0726
< ACL Data TX: Handle 0 flags 0x00 dlen 21 #69 17.124400
SMP: Pairing Random (0x04) len 16
Random value: d8f1c2f45948c6ee5cc35c9b33b93622
HCI Event: Number of Completed Packets (0x13) plen 5 #70 17.178700
Num handles: 1
Handle: 0
Count: 1
ACL Data RX: Handle 0 flags 0x02 dlen 21 #71 17.233300
SMP: Pairing Random (0x04) len 16
Random value: 3d2ce860670b2ba2f8807d68a94bd604
< HCI Command: LE Start Encryption (0x08|0x0019) plen 28 #72 17.233700
Handle: 0
Random number: 0x0000000000000000
Encrypted diversifier: 0x0000
Long term key: 99a3fd01f925a1ec6878fee57f14f8f2
HCI Event: Command Status (0x0f) plen 4 #73 17.234700
LE Start Encryption (0x08|0x0019) ncmd 1
Status: Success (0x00)
HCI Event: Encryption Change (0x08) plen 4 #74 17.560900
Status: Success (0x00)
Handle: 0
Encryption: Enabled with AES-CCM (0x01)
< ACL Data TX: Handle 0 flags 0x00 dlen 18 #75 17.561200
LE L2CAP: LE Connection Request (0x14) ident 2 len 10
PSM: 128 (0x0080)
Source CID: 64
MTU: 230
MPS: 68
Credits: 4
HCI Event: Number of Completed Packets (0x13) plen 5 #76 17.615600
Num handles: 1
Handle: 0
Count: 1
ACL Data RX: Handle 0 flags 0x02 dlen 18 #77 17.670300
LE L2CAP: LE Connection Response (0x15) ident 2 len 10
Destination CID: 0
MTU: 0
MPS: 0
Credits: 0
Result: Connection refused - insufficient authentication (0x0005)
```