Re: [PATCH v2] Bluetooth: Enforce key size of 16 bytes on FIPS level

From: Marcel Holtmann
Date: Wed Nov 11 2020 - 04:52:53 EST

Next message: Marcel Holtmann: "Re: [Resend v1] Bluetooth: hci_qca: Enhance retry logic in qca_setup"
Previous message: Sameer Pujar: "Re: [PATCH v3 1/3] dt-bindings: Convert graph bindings to json-schema"
In reply to: Archie Pusaka: "[PATCH v2] Bluetooth: Enforce key size of 16 bytes on FIPS level"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Archie,

> According to the spec Ver 5.2, Vol 3, Part C, Sec 5.2.2.8:
> Device in security mode 4 level 4 shall enforce:
> 128-bit equivalent strength for link and encryption keys required
> using FIPS approved algorithms (E0 not allowed, SAFER+ not allowed,
> and P-192 not allowed; encryption key not shortened)
>
> This patch rejects connection with key size below 16 for FIPS
> level services.
>
> Signed-off-by: Archie Pusaka <apusaka@xxxxxxxxxxxx>
> Reviewed-by: Alain Michaud <alainm@xxxxxxxxxxxx>
>
> ---
>
> Sorry for the long delay. This patch fell out of my radar.
>
> Changes in v2:
> * Add comment on enforcing 16 bytes key size
>
> net/bluetooth/l2cap_core.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)

patch has been applied to bluetooth-next tree.

Regards

Marcel

Next message: Marcel Holtmann: "Re: [Resend v1] Bluetooth: hci_qca: Enhance retry logic in qca_setup"
Previous message: Sameer Pujar: "Re: [PATCH v3 1/3] dt-bindings: Convert graph bindings to json-schema"
In reply to: Archie Pusaka: "[PATCH v2] Bluetooth: Enforce key size of 16 bytes on FIPS level"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]