From: "Hans-Christian Egtvedt (hegtvedt)" <hegtvedt@cisco.com>
To: Greg KH <gregkh@linuxfoundation.org>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"Luiz Augusto von Dentz" <luiz.von.dentz@intel.com>,
Marcel Holtmann <marcel@holtmann.org>,
"stable@vger.kernel.org" <stable@vger.kernel.org>
Subject: Re: [v5.8/bluetooth PATCH] Bluetooth: Disconnect if E0 is used for Level 4
Date: Fri, 16 Oct 2020 07:48:19 +0000 [thread overview]
Message-ID: <b65dadad-ff95-671e-f330-7179b5752d75@cisco.com> (raw)
In-Reply-To: <20201016072553.GA578349@kroah.com>
[-- Attachment #1: Type: text/plain, Size: 2224 bytes --]
On 16/10/2020 09:25, Greg KH wrote:
> On Thu, Oct 15, 2020 at 11:11:24PM +0200, Hans-Christian Noren Egtvedt wrote:
>> From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
>>
>> E0 is not allowed with Level 4:
>>
>> BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C page 1319:
>>
>> '128-bit equivalent strength for link and encryption keys
>> required using FIPS approved algorithms (E0 not allowed,
>> SAFER+ not allowed, and P-192 not allowed; encryption key
>> not shortened'
>>
>> SC enabled:
>>
>>> HCI Event: Read Remote Extended Features (0x23) plen 13
>> Status: Success (0x00)
>> Handle: 256
>> Page: 1/2
>> Features: 0x0b 0x00 0x00 0x00 0x00 0x00 0x00 0x00
>> Secure Simple Pairing (Host Support)
>> LE Supported (Host)
>> Secure Connections (Host Support)
>>> HCI Event: Encryption Change (0x08) plen 4
>> Status: Success (0x00)
>> Handle: 256
>> Encryption: Enabled with AES-CCM (0x02)
>>
>> SC disabled:
>>
>>> HCI Event: Read Remote Extended Features (0x23) plen 13
>> Status: Success (0x00)
>> Handle: 256
>> Page: 1/2
>> Features: 0x03 0x00 0x00 0x00 0x00 0x00 0x00 0x00
>> Secure Simple Pairing (Host Support)
>> LE Supported (Host)
>>> HCI Event: Encryption Change (0x08) plen 4
>> Status: Success (0x00)
>> Handle: 256
>> Encryption: Enabled with E0 (0x01)
>> [May 8 20:23] Bluetooth: hci0: Invalid security: expect AES but E0 was used
>> < HCI Command: Disconnect (0x01|0x0006) plen 3
>> Handle: 256
>> Reason: Authentication Failure (0x05)
>>
>> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
>> Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
>> (cherry picked from commit 8746f135bb01872ff412d408ea1aa9ebd328c1f5)
>> Cc: stable@vger.kernel.org # 5.8
>
> Any reason you didn't sign off on these backports? You should take the
> credit for them :)
I just cherry-pick (-: I have always reserved the sign off part for code
change. Will make a note of that for the future.
--
Best regards, Hans-Christian Noren Egtvedt
[-- Attachment #2: pEpkey.asc --]
[-- Type: application/pgp-keys, Size: 1813 bytes --]
next prev parent reply other threads:[~2020-10-16 7:48 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-15 21:11 [v5.8/bluetooth PATCH] Bluetooth: Disconnect if E0 is used for Level 4 Hans-Christian Noren Egtvedt
2020-10-16 7:25 ` Greg KH
2020-10-16 7:48 ` Hans-Christian Egtvedt (hegtvedt) [this message]
2020-10-16 7:36 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b65dadad-ff95-671e-f330-7179b5752d75@cisco.com \
--to=hegtvedt@cisco.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luiz.von.dentz@intel.com \
--cc=marcel@holtmann.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.