Re: [PATCH v2] Bluetooth: Enforce key size of 16 bytes on FIPS level
From: Marcel Holtmann
Date: Wed Nov 11 2020 - 04:52:53 EST
Hi Archie,
> According to the spec Ver 5.2, Vol 3, Part C, Sec 5.2.2.8:
> Device in security mode 4 level 4 shall enforce:
> 128-bit equivalent strength for link and encryption keys required
> using FIPS approved algorithms (E0 not allowed, SAFER+ not allowed,
> and P-192 not allowed; encryption key not shortened)
>
> This patch rejects connection with key size below 16 for FIPS
> level services.
>
> Signed-off-by: Archie Pusaka <apusaka@xxxxxxxxxxxx>
> Reviewed-by: Alain Michaud <alainm@xxxxxxxxxxxx>
>
> ---
>
> Sorry for the long delay. This patch fell out of my radar.
>
> Changes in v2:
> * Add comment on enforcing 16 bytes key size
>
> net/bluetooth/l2cap_core.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
patch has been applied to bluetooth-next tree.
Regards
Marcel