Security Mode 1 level 4, force us to use have key size 16 octects long.
This patch adds check for that.
This is required for the qualification test GAP/SEC/SEM/BI-10-C
Logs from test when ATT is configured with sec level BT_SECURITY_FIPS
< ACL Data TX: Handle 3585 flags 0x00 dlen 11 #28 [hci0] 3.785965
SMP: Pairing Request (0x01) len 6
IO capability: DisplayYesNo (0x01)
OOB data: Authentication data not present (0x00)
Authentication requirement: Bonding, MITM, SC, No Keypresses (0x0d)
Max encryption key size: 16
Initiator key distribution: EncKey Sign (0x05)
Responder key distribution: EncKey IdKey Sign (0x07)
> ACL Data RX: Handle 3585 flags 0x02 dlen 11 #35 [hci0] 3.883020
SMP: Pairing Response (0x02) len 6
IO capability: DisplayYesNo (0x01)
OOB data: Authentication data not present (0x00)
Authentication requirement: Bonding, MITM, SC, No Keypresses (0x0d)
Max encryption key size: 7
Initiator key distribution: EncKey Sign (0x05)
Responder key distribution: EncKey IdKey Sign (0x07)
< ACL Data TX: Handle 3585 flags 0x00 dlen 6 #36 [hci0] 3.883136
SMP: Pairing Failed (0x05) len 1
Reason: Encryption key size (0x06)
Signed-off-by: Łukasz Rymanowski <lukasz.rymanowski@xxxxxxxxxxx>
---
net/bluetooth/smp.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 5510017cf9ff..b9f5f74cd4a7 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -730,6 +730,10 @@ static u8 check_enc_key_size(struct l2cap_conn *conn, __u8 max_key_size)
struct hci_dev *hdev = conn->hcon->hdev;
struct smp_chan *smp = chan->data;
+ if (conn->hcon->pending_sec_level == BT_SECURITY_FIPS &&
+ max_key_size != SMP_MAX_ENC_KEY_SIZE)
+ return SMP_ENC_KEY_SIZE;
+
if (max_key_size > hdev->le_max_key_size ||
max_key_size < SMP_MIN_ENC_KEY_SIZE)
return SMP_ENC_KEY_SIZE;
--
2.20.1
