Bluetooth: Allow to require FIPS security level for connection
If local IO capabilities allow MITM and LE SC is enabled then FIPS level is reachable. Change-Id: Icfb32fbffa0355117b6723d641a6d3db38feb87d Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
This commit is contained in:
Szymon Janc
Anas Nashif
parent
cd1ed791b4
commit
71fe9c1994
1 changed files with 6 additions and 5 deletions
|
|
@ -178,6 +178,12 @@ static int start_security(struct bt_conn *conn)
|
|||
return bt_smp_send_pairing_req(conn);
|
||||
}
|
||||
|
||||
if (conn->required_sec_level > BT_SECURITY_HIGH &&
|
||||
conn->keys->type != BT_KEYS_AUTHENTICATED &&
|
||||
!(conn->keys->keys & BT_KEYS_LTK_P256)) {
|
||||
return bt_smp_send_pairing_req(conn);
|
||||
}
|
||||
|
||||
/* LE SC LTK and legacy master LTK are stored in same place */
|
||||
return bt_conn_le_start_encryption(conn, conn->keys->ltk.rand,
|
||||
conn->keys->ltk.ediv,
|
||||
|
|
@ -207,11 +213,6 @@ int bt_conn_security(struct bt_conn *conn, bt_security_t sec)
|
|||
return 0;
|
||||
}
|
||||
|
||||
/* for now we only support legacy pairing */
|
||||
if (sec > BT_SECURITY_HIGH) {
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
conn->required_sec_level = sec;
|
||||
|
||||
err = start_security(conn);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue