diff --git a/include/bluetooth/conn.h b/include/bluetooth/conn.h index 265f3c05fec..edcf93716c1 100644 --- a/include/bluetooth/conn.h +++ b/include/bluetooth/conn.h @@ -278,16 +278,23 @@ struct bt_conn *bt_conn_create_slave_le(const bt_addr_le_t *peer, /** Security level. */ typedef enum __packed { - /** Only for BR/EDR special cases, like SDP */ - BT_SECURITY_NONE, - /** No encryption and no authentication. */ - BT_SECURITY_LOW, - /** Encryption and no authentication (no MITM). */ - BT_SECURITY_MEDIUM, - /** Encryption and authentication (MITM). */ - BT_SECURITY_HIGH, - /** Authenticated Secure Connections */ - BT_SECURITY_FIPS, + /** Level 0: Only for BR/EDR special cases, like SDP */ + BT_SECURITY_L0, + /** Level 1: No encryption and no authentication. */ + BT_SECURITY_L1, + /** Level 2: Encryption and no authentication (no MITM). */ + BT_SECURITY_L2, + /** Level 3: Encryption and authentication (MITM). */ + BT_SECURITY_L3, + /** Level 4: Authenticated Secure Connections and 128-bit key. */ + BT_SECURITY_L4, + + BT_SECURITY_NONE __deprecated = BT_SECURITY_L0, + BT_SECURITY_LOW __deprecated = BT_SECURITY_L1, + BT_SECURITY_MEDIUM __deprecated = BT_SECURITY_L2, + BT_SECURITY_HIGH __deprecated = BT_SECURITY_L3, + BT_SECURITY_FIPS __deprecated = BT_SECURITY_L4, + /** Bit to force new pairing procedure, bit-wise OR with requested * security level. */ diff --git a/samples/bluetooth/peripheral_hids/src/main.c b/samples/bluetooth/peripheral_hids/src/main.c index 50c0d25da7f..c4e0ba58e9f 100644 --- a/samples/bluetooth/peripheral_hids/src/main.c +++ b/samples/bluetooth/peripheral_hids/src/main.c @@ -44,7 +44,7 @@ static void connected(struct bt_conn *conn, u8_t err) printk("Connected %s\n", addr); - if (bt_conn_security(conn, BT_SECURITY_MEDIUM)) { + if (bt_conn_security(conn, BT_SECURITY_L2)) { printk("Failed to set security\n"); } } diff --git a/samples/bluetooth/peripheral_sc_only/src/main.c b/samples/bluetooth/peripheral_sc_only/src/main.c index b8329e21e0d..4eade53e8aa 100644 --- a/samples/bluetooth/peripheral_sc_only/src/main.c +++ b/samples/bluetooth/peripheral_sc_only/src/main.c @@ -37,7 +37,7 @@ static void connected(struct bt_conn *conn, u8_t err) printk("Connected %s\n", addr); - if (bt_conn_security(conn, BT_SECURITY_FIPS)) { + if (bt_conn_security(conn, BT_SECURITY_L4)) { printk("Failed to set security\n"); } } diff --git a/subsys/bluetooth/host/att.c b/subsys/bluetooth/host/att.c index 0711e13ff47..f9459dda31f 100644 --- a/subsys/bluetooth/host/att.c +++ b/subsys/bluetooth/host/att.c @@ -739,7 +739,7 @@ static u8_t check_perm(struct bt_conn *conn, const struct bt_gatt_attr *attr, mask &= attr->perm; if (mask & BT_GATT_PERM_AUTHEN_MASK) { #if defined(CONFIG_BT_SMP) - if (conn->sec_level < BT_SECURITY_HIGH) { + if (conn->sec_level < BT_SECURITY_L3) { return BT_ATT_ERR_AUTHENTICATION; } #else @@ -1588,12 +1588,12 @@ static int att_change_security(struct bt_conn *conn, u8_t err) switch (err) { case BT_ATT_ERR_INSUFFICIENT_ENCRYPTION: - if (conn->sec_level >= BT_SECURITY_MEDIUM) + if (conn->sec_level >= BT_SECURITY_L2) return -EALREADY; - sec = BT_SECURITY_MEDIUM; + sec = BT_SECURITY_L2; break; case BT_ATT_ERR_AUTHENTICATION: - if (conn->sec_level < BT_SECURITY_MEDIUM) { + if (conn->sec_level < BT_SECURITY_L2) { /* BLUETOOTH SPECIFICATION Version 4.2 [Vol 3, Part C] * page 375: * @@ -1604,8 +1604,8 @@ static int att_change_security(struct bt_conn *conn, u8_t err) * "Insufficient Authentication" does not indicate that * MITM protection is required. */ - sec = BT_SECURITY_MEDIUM; - } else if (conn->sec_level < BT_SECURITY_HIGH) { + sec = BT_SECURITY_L2; + } else if (conn->sec_level < BT_SECURITY_L3) { /* BLUETOOTH SPECIFICATION Version 4.2 [Vol 3, Part C] * page 375: * @@ -1619,8 +1619,8 @@ static int att_change_security(struct bt_conn *conn, u8_t err) * 'Insufficient Authentication' indicates that MITM * protection is required. */ - sec = BT_SECURITY_HIGH; - } else if (conn->sec_level < BT_SECURITY_FIPS) { + sec = BT_SECURITY_L3; + } else if (conn->sec_level < BT_SECURITY_L4) { /* BLUETOOTH SPECIFICATION Version 4.2 [Vol 3, Part C] * page 375: * @@ -1630,7 +1630,7 @@ static int att_change_security(struct bt_conn *conn, u8_t err) * shall be rejected with the error code ''Insufficient * Authentication'. */ - sec = BT_SECURITY_FIPS; + sec = BT_SECURITY_L4; } else { return -EALREADY; } @@ -2175,7 +2175,7 @@ static void bt_att_encrypt_change(struct bt_l2cap_chan *chan, return; } - if (conn->sec_level == BT_SECURITY_LOW) { + if (conn->sec_level == BT_SECURITY_L1) { return; } diff --git a/subsys/bluetooth/host/avdtp.c b/subsys/bluetooth/host/avdtp.c index f3eb2cbb875..588c0b6832a 100644 --- a/subsys/bluetooth/host/avdtp.c +++ b/subsys/bluetooth/host/avdtp.c @@ -203,7 +203,7 @@ int bt_avdtp_connect(struct bt_conn *conn, struct bt_avdtp *session) } session->br_chan.chan.ops = &ops; - session->br_chan.chan.required_sec_level = BT_SECURITY_MEDIUM; + session->br_chan.chan.required_sec_level = BT_SECURITY_L2; return bt_l2cap_chan_connect(conn, &session->br_chan.chan, BT_L2CAP_PSM_AVDTP); @@ -288,7 +288,7 @@ int bt_avdtp_init(void) int err; static struct bt_l2cap_server avdtp_l2cap = { .psm = BT_L2CAP_PSM_AVDTP, - .sec_level = BT_SECURITY_MEDIUM, + .sec_level = BT_SECURITY_L2, .accept = bt_avdtp_l2cap_accept, }; diff --git a/subsys/bluetooth/host/conn.c b/subsys/bluetooth/host/conn.c index 012fbe3333a..58313dee38d 100644 --- a/subsys/bluetooth/host/conn.c +++ b/subsys/bluetooth/host/conn.c @@ -628,7 +628,7 @@ int bt_conn_auth_pincode_entry(struct bt_conn *conn, const char *pin) return -EINVAL; } - if (conn->required_sec_level == BT_SECURITY_HIGH && len < 16) { + if (conn->required_sec_level == BT_SECURITY_L3 && len < 16) { BT_WARN("PIN code for %s is not 16 bytes wide", bt_addr_str(&conn->br.dst)); return -EPERM; @@ -651,7 +651,7 @@ void bt_conn_pin_code_req(struct bt_conn *conn) if (bt_auth && bt_auth->pincode_entry) { bool secure = false; - if (conn->required_sec_level == BT_SECURITY_HIGH) { + if (conn->required_sec_level == BT_SECURITY_L3) { secure = true; } @@ -767,7 +767,7 @@ void bt_conn_ssp_auth(struct bt_conn *conn, u32_t passkey) * If local required security is HIGH then MITM is mandatory. * MITM protection is no achievable when SSP 'justworks' is applied. */ - if (conn->required_sec_level > BT_SECURITY_MEDIUM && + if (conn->required_sec_level > BT_SECURITY_L2 && conn->br.pairing_method == JUST_WORKS) { BT_DBG("MITM protection infeasible for required security"); ssp_confirm_neg_reply(conn); @@ -1003,12 +1003,12 @@ static int start_security(struct bt_conn *conn) return -EBUSY; } - if (conn->required_sec_level > BT_SECURITY_HIGH) { + if (conn->required_sec_level > BT_SECURITY_L3) { return -ENOTSUP; } if (bt_conn_get_io_capa() == BT_IO_NO_INPUT_OUTPUT && - conn->required_sec_level > BT_SECURITY_MEDIUM) { + conn->required_sec_level > BT_SECURITY_L2) { return -EINVAL; } @@ -1049,7 +1049,7 @@ int bt_conn_security(struct bt_conn *conn, bt_security_t sec) } if (IS_ENABLED(CONFIG_BT_SMP_SC_ONLY) && - sec < BT_SECURITY_FIPS) { + sec < BT_SECURITY_L4) { return -EOPNOTSUPP; } @@ -1513,8 +1513,8 @@ struct bt_conn *bt_conn_add_le(const bt_addr_le_t *peer) bt_addr_le_copy(&conn->le.dst, peer); #if defined(CONFIG_BT_SMP) - conn->sec_level = BT_SECURITY_LOW; - conn->required_sec_level = BT_SECURITY_LOW; + conn->sec_level = BT_SECURITY_L1; + conn->required_sec_level = BT_SECURITY_L1; #endif /* CONFIG_BT_SMP */ conn->type = BT_CONN_TYPE_LE; conn->le.interval_min = BT_GAP_INIT_CONN_INT_MIN; diff --git a/subsys/bluetooth/host/hci_core.c b/subsys/bluetooth/host/hci_core.c index ef750f96867..2bfb94274a2 100644 --- a/subsys/bluetooth/host/hci_core.c +++ b/subsys/bluetooth/host/hci_core.c @@ -1875,7 +1875,7 @@ static bool br_sufficient_key_size(struct bt_conn *conn) BT_DBG("Encryption key size is %u", key_size); - if (conn->sec_level == BT_SECURITY_FIPS) { + if (conn->sec_level == BT_SECURITY_L4) { return key_size == BT_HCI_ENCRYPTION_KEY_SIZE_MAX; } @@ -1885,23 +1885,23 @@ static bool br_sufficient_key_size(struct bt_conn *conn) static bool update_sec_level_br(struct bt_conn *conn) { if (!conn->encrypt) { - conn->sec_level = BT_SECURITY_LOW; + conn->sec_level = BT_SECURITY_L1; return true; } if (conn->br.link_key) { if (conn->br.link_key->flags & BT_LINK_KEY_AUTHENTICATED) { if (conn->encrypt == 0x02) { - conn->sec_level = BT_SECURITY_FIPS; + conn->sec_level = BT_SECURITY_L4; } else { - conn->sec_level = BT_SECURITY_HIGH; + conn->sec_level = BT_SECURITY_L3; } } else { - conn->sec_level = BT_SECURITY_MEDIUM; + conn->sec_level = BT_SECURITY_L2; } } else { BT_WARN("No BR/EDR link key found"); - conn->sec_level = BT_SECURITY_MEDIUM; + conn->sec_level = BT_SECURITY_L2; } if (!br_sufficient_key_size(conn)) { @@ -2146,7 +2146,7 @@ static void link_key_req(struct net_buf *buf) * in database not covers requested security level. */ if (!(conn->br.link_key->flags & BT_LINK_KEY_AUTHENTICATED) && - conn->required_sec_level > BT_SECURITY_MEDIUM) { + conn->required_sec_level > BT_SECURITY_L2) { link_key_neg_reply(&evt->bdaddr); bt_conn_unref(conn); return; @@ -3049,19 +3049,19 @@ done: static void update_sec_level(struct bt_conn *conn) { if (!conn->encrypt) { - conn->sec_level = BT_SECURITY_LOW; + conn->sec_level = BT_SECURITY_L1; return; } if (conn->le.keys && (conn->le.keys->flags & BT_KEYS_AUTHENTICATED)) { if (conn->le.keys->flags & BT_KEYS_SC && conn->le.keys->enc_size == BT_SMP_MAX_ENC_KEY_SIZE) { - conn->sec_level = BT_SECURITY_FIPS; + conn->sec_level = BT_SECURITY_L4; } else { - conn->sec_level = BT_SECURITY_HIGH; + conn->sec_level = BT_SECURITY_L3; } } else { - conn->sec_level = BT_SECURITY_MEDIUM; + conn->sec_level = BT_SECURITY_L2; } if (conn->required_sec_level > conn->sec_level) { diff --git a/subsys/bluetooth/host/l2cap.c b/subsys/bluetooth/host/l2cap.c index e597dc4548b..34b8bac8f5f 100644 --- a/subsys/bluetooth/host/l2cap.c +++ b/subsys/bluetooth/host/l2cap.c @@ -645,11 +645,11 @@ int bt_l2cap_server_register(struct bt_l2cap_server *server) server->psm = psm; } - if (server->sec_level > BT_SECURITY_FIPS) { + if (server->sec_level > BT_SECURITY_L4) { return -EINVAL; - } else if (server->sec_level < BT_SECURITY_LOW) { + } else if (server->sec_level < BT_SECURITY_L1) { /* Level 0 is only applicable for BR/EDR */ - server->sec_level = BT_SECURITY_LOW; + server->sec_level = BT_SECURITY_L1; } BT_DBG("PSM 0x%04x", server->psm); @@ -947,18 +947,18 @@ static int l2cap_change_security(struct bt_l2cap_le_chan *chan, u16_t err) { switch (err) { case BT_L2CAP_LE_ERR_ENCRYPTION: - if (chan->chan.required_sec_level >= BT_SECURITY_MEDIUM) { + if (chan->chan.required_sec_level >= BT_SECURITY_L2) { return -EALREADY; } - chan->chan.required_sec_level = BT_SECURITY_MEDIUM; + chan->chan.required_sec_level = BT_SECURITY_L2; break; case BT_L2CAP_LE_ERR_AUTHENTICATION: - if (chan->chan.required_sec_level < BT_SECURITY_MEDIUM) { - chan->chan.required_sec_level = BT_SECURITY_MEDIUM; - } else if (chan->chan.required_sec_level < BT_SECURITY_HIGH) { - chan->chan.required_sec_level = BT_SECURITY_HIGH; - } else if (chan->chan.required_sec_level < BT_SECURITY_FIPS) { - chan->chan.required_sec_level = BT_SECURITY_FIPS; + if (chan->chan.required_sec_level < BT_SECURITY_L2) { + chan->chan.required_sec_level = BT_SECURITY_L2; + } else if (chan->chan.required_sec_level < BT_SECURITY_L3) { + chan->chan.required_sec_level = BT_SECURITY_L3; + } else if (chan->chan.required_sec_level < BT_SECURITY_L4) { + chan->chan.required_sec_level = BT_SECURITY_L4; } else { return -EALREADY; } @@ -1783,10 +1783,10 @@ int bt_l2cap_chan_connect(struct bt_conn *conn, struct bt_l2cap_chan *chan, return bt_l2cap_br_chan_connect(conn, chan, psm); } - if (chan->required_sec_level > BT_SECURITY_FIPS) { + if (chan->required_sec_level > BT_SECURITY_L4) { return -EINVAL; - } else if (chan->required_sec_level == BT_SECURITY_NONE) { - chan->required_sec_level = BT_SECURITY_LOW; + } else if (chan->required_sec_level == BT_SECURITY_L0) { + chan->required_sec_level = BT_SECURITY_L1; } return l2cap_le_connect(conn, BT_L2CAP_LE_CHAN(chan), psm); diff --git a/subsys/bluetooth/host/l2cap_br.c b/subsys/bluetooth/host/l2cap_br.c index ef7640c0a62..bb697e4ffdf 100644 --- a/subsys/bluetooth/host/l2cap_br.c +++ b/subsys/bluetooth/host/l2cap_br.c @@ -564,7 +564,7 @@ l2cap_br_conn_security(struct bt_l2cap_chan *chan, const u16_t psm) int check; /* For SDP PSM there's no need to change existing security on link */ - if (chan->required_sec_level == BT_SECURITY_NONE) { + if (chan->required_sec_level == BT_SECURITY_L0) { return L2CAP_CONN_SECURITY_PASSED; } @@ -572,15 +572,15 @@ l2cap_br_conn_security(struct bt_l2cap_chan *chan, const u16_t psm) * No link key needed for legacy devices (pre 2.1) and when low security * level is required. */ - if (chan->required_sec_level == BT_SECURITY_LOW && + if (chan->required_sec_level == BT_SECURITY_L1 && !BT_FEAT_HOST_SSP(chan->conn->br.features)) { return L2CAP_CONN_SECURITY_PASSED; } switch (chan->required_sec_level) { - case BT_SECURITY_FIPS: - case BT_SECURITY_HIGH: - case BT_SECURITY_MEDIUM: + case BT_SECURITY_L4: + case BT_SECURITY_L3: + case BT_SECURITY_L2: break; default: /* @@ -590,7 +590,7 @@ l2cap_br_conn_security(struct bt_l2cap_chan *chan, const u16_t psm) * local to MEDIUM security to trigger it if needed. */ if (BT_FEAT_HOST_SSP(chan->conn->br.features)) { - chan->required_sec_level = BT_SECURITY_MEDIUM; + chan->required_sec_level = BT_SECURITY_L2; } break; } @@ -697,7 +697,7 @@ static void l2cap_br_conn_req(struct bt_l2cap_br *l2cap, u8_t ident, * Report security violation for non SDP channel without encryption when * remote supports SSP. */ - if (server->sec_level != BT_SECURITY_NONE && + if (server->sec_level != BT_SECURITY_L0 && BT_FEAT_HOST_SSP(conn->br.features) && !conn->encrypt) { result = BT_L2CAP_BR_ERR_SEC_BLOCK; goto no_chan; @@ -843,11 +843,11 @@ int bt_l2cap_br_server_register(struct bt_l2cap_server *server) return -EINVAL; } - if (server->sec_level > BT_SECURITY_FIPS) { + if (server->sec_level > BT_SECURITY_L4) { return -EINVAL; - } else if (server->sec_level == BT_SECURITY_NONE && + } else if (server->sec_level == BT_SECURITY_L0 && server->psm != L2CAP_BR_PSM_SDP) { - server->sec_level = BT_SECURITY_LOW; + server->sec_level = BT_SECURITY_L1; } /* Check if given PSM is already in use */ @@ -1210,11 +1210,11 @@ int bt_l2cap_br_chan_connect(struct bt_conn *conn, struct bt_l2cap_chan *chan, return -EINVAL; } - if (chan->required_sec_level > BT_SECURITY_FIPS) { + if (chan->required_sec_level > BT_SECURITY_L4) { return -EINVAL; - } else if (chan->required_sec_level == BT_SECURITY_NONE && + } else if (chan->required_sec_level == BT_SECURITY_L0 && psm != L2CAP_BR_PSM_SDP) { - chan->required_sec_level = BT_SECURITY_LOW; + chan->required_sec_level = BT_SECURITY_L1; } switch (chan->state) { diff --git a/subsys/bluetooth/host/rfcomm.c b/subsys/bluetooth/host/rfcomm.c index a8a123cbe86..1e5c03dedb0 100644 --- a/subsys/bluetooth/host/rfcomm.c +++ b/subsys/bluetooth/host/rfcomm.c @@ -1728,7 +1728,7 @@ void bt_rfcomm_init(void) static struct bt_l2cap_server server = { .psm = BT_L2CAP_PSM_RFCOMM, .accept = rfcomm_accept, - .sec_level = BT_SECURITY_LOW, + .sec_level = BT_SECURITY_L1, }; bt_l2cap_br_server_register(&server); diff --git a/subsys/bluetooth/host/sdp.c b/subsys/bluetooth/host/sdp.c index b78262a0885..a0d46df591f 100644 --- a/subsys/bluetooth/host/sdp.c +++ b/subsys/bluetooth/host/sdp.c @@ -1422,7 +1422,7 @@ void bt_sdp_init(void) static struct bt_l2cap_server server = { .psm = SDP_PSM, .accept = bt_sdp_accept, - .sec_level = BT_SECURITY_NONE, + .sec_level = BT_SECURITY_L0, }; int res; diff --git a/subsys/bluetooth/host/smp.c b/subsys/bluetooth/host/smp.c index 5f4ed0d17bd..fdf14f14f25 100644 --- a/subsys/bluetooth/host/smp.c +++ b/subsys/bluetooth/host/smp.c @@ -2393,7 +2393,7 @@ static u8_t get_auth(struct bt_conn *conn, u8_t auth) if ((get_io_capa() == BT_SMP_IO_NO_INPUT_OUTPUT) || (!IS_ENABLED(CONFIG_BT_SMP_ENFORCE_MITM) && - (conn->required_sec_level < BT_SECURITY_HIGH))) { + (conn->required_sec_level < BT_SECURITY_L3))) { auth &= ~(BT_SMP_AUTH_MITM); } else { auth |= BT_SMP_AUTH_MITM; @@ -2411,13 +2411,13 @@ static u8_t get_auth(struct bt_conn *conn, u8_t auth) static bool sec_level_reachable(struct bt_conn *conn) { switch (conn->required_sec_level) { - case BT_SECURITY_LOW: - case BT_SECURITY_MEDIUM: + case BT_SECURITY_L1: + case BT_SECURITY_L2: return true; - case BT_SECURITY_HIGH: + case BT_SECURITY_L3: return get_io_capa() != BT_SMP_IO_NO_INPUT_OUTPUT || (bt_auth && bt_auth->oob_data_request && oobd_present); - case BT_SECURITY_FIPS: + case BT_SECURITY_L4: return (get_io_capa() != BT_SMP_IO_NO_INPUT_OUTPUT || (bt_auth && bt_auth->oob_data_request && oobd_present)) && @@ -2582,13 +2582,13 @@ static u8_t smp_pairing_req(struct bt_smp *smp, struct net_buf *buf) } if ((IS_ENABLED(CONFIG_BT_SMP_SC_ONLY) || - conn->required_sec_level == BT_SECURITY_FIPS) && + conn->required_sec_level == BT_SECURITY_L4) && smp->method == JUST_WORKS) { return BT_SMP_ERR_AUTH_REQUIREMENTS; } if ((IS_ENABLED(CONFIG_BT_SMP_SC_ONLY) || - conn->required_sec_level == BT_SECURITY_FIPS) && + conn->required_sec_level == BT_SECURITY_L4) && get_encryption_key_size(smp) != BT_SMP_MAX_ENC_KEY_SIZE) { return BT_SMP_ERR_ENC_KEY_SIZE; } @@ -2756,13 +2756,13 @@ static u8_t smp_pairing_rsp(struct bt_smp *smp, struct net_buf *buf) } if ((IS_ENABLED(CONFIG_BT_SMP_SC_ONLY) || - conn->required_sec_level == BT_SECURITY_FIPS) && + conn->required_sec_level == BT_SECURITY_L4) && smp->method == JUST_WORKS) { return BT_SMP_ERR_AUTH_REQUIREMENTS; } if ((IS_ENABLED(CONFIG_BT_SMP_SC_ONLY) || - conn->required_sec_level == BT_SECURITY_FIPS) && + conn->required_sec_level == BT_SECURITY_L4) && get_encryption_key_size(smp) != BT_SMP_MAX_ENC_KEY_SIZE) { return BT_SMP_ERR_ENC_KEY_SIZE; } @@ -4985,12 +4985,12 @@ bool bt_smp_keys_check(struct bt_conn *conn) return false; } - if (conn->required_sec_level > BT_SECURITY_MEDIUM && + if (conn->required_sec_level > BT_SECURITY_L2 && !(conn->le.keys->flags & BT_KEYS_AUTHENTICATED)) { return false; } - if (conn->required_sec_level > BT_SECURITY_HIGH && + if (conn->required_sec_level > BT_SECURITY_L3 && !(conn->le.keys->flags & BT_KEYS_AUTHENTICATED) && !(conn->le.keys->keys & BT_KEYS_LTK_P256) && !(conn->le.keys->enc_size == BT_SMP_MAX_ENC_KEY_SIZE)) { diff --git a/subsys/bluetooth/shell/bt.c b/subsys/bluetooth/shell/bt.c index 3c0996ec155..3bf7e65921e 100644 --- a/subsys/bluetooth/shell/bt.c +++ b/subsys/bluetooth/shell/bt.c @@ -1076,13 +1076,13 @@ static int cmd_security(const struct shell *shell, size_t argc, char *argv[]) sec = *argv[1] - '0'; if ((info.type == BT_CONN_TYPE_BR && - (sec < BT_SECURITY_NONE || sec > BT_SECURITY_HIGH))) { + (sec < BT_SECURITY_L0 || sec > BT_SECURITY_L3))) { shell_error(shell, "Invalid BR/EDR security level (%d)", sec); return -ENOEXEC; } if ((info.type == BT_CONN_TYPE_LE && - (sec < BT_SECURITY_LOW || sec > BT_SECURITY_FIPS))) { + (sec < BT_SECURITY_L1 || sec > BT_SECURITY_L4))) { shell_error(shell, "Invalid LE security level (%d)", sec); return -ENOEXEC; } diff --git a/tests/bluetooth/bsim_bt/bsim_test_app/src/test_connect1.c b/tests/bluetooth/bsim_bt/bsim_test_app/src/test_connect1.c index 9705db1f404..4a7b1597db5 100644 --- a/tests/bluetooth/bsim_bt/bsim_test_app/src/test_connect1.c +++ b/tests/bluetooth/bsim_bt/bsim_test_app/src/test_connect1.c @@ -225,7 +225,7 @@ static void connected(struct bt_conn *conn, u8_t conn_err) if (encrypt_link) { k_sleep(500); bt_conn_auth_cb_register(&auth_cb_success); - err = bt_conn_security(conn, BT_SECURITY_MEDIUM); + err = bt_conn_security(conn, BT_SECURITY_L2); if (err) { FAIL("bt_conn_security failed (err %d)\n", err); return; diff --git a/tests/bluetooth/tester/src/gap.c b/tests/bluetooth/tester/src/gap.c index 684b977a8f4..03cd387e8e5 100644 --- a/tests/bluetooth/tester/src/gap.c +++ b/tests/bluetooth/tester/src/gap.c @@ -596,7 +596,7 @@ static void pair(const u8_t *data, u16_t len) goto rsp; } - if (bt_conn_security(conn, BT_SECURITY_MEDIUM)) { + if (bt_conn_security(conn, BT_SECURITY_L2)) { status = BTP_STATUS_FAILED; bt_conn_unref(conn); goto rsp;