diff options
| author | Nathan Chancellor <natechancellor@gmail.com> | 2020-10-17 19:41:12 -0700 |
|---|---|---|
| committer | dragonGR <alex@dragongr.dev> | 2020-10-21 17:48:12 +0300 |
| commit | b95c30af9b48bddb166a50c8cd8e5b046b443ca5 (patch) | |
| tree | 5b6d24aa3d4f44570343affa07e7ea50cc7cb766 /net/bluetooth/hci_conn.c | |
| parent | 15c7ef27ab40e8ccda729e0736eb91a7e387e2bb (diff) | |
Changes in 4.14.202: (19 commits)
Bluetooth: fix kernel oops in store_pending_adv_report
Bluetooth: A2MP: Fix not initializing all members
Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel
Bluetooth: MGMT: Fix not checking if BT_HS is enabled
Bluetooth: Consolidate encryption handling in hci_encrypt_cfm
Bluetooth: Fix update of connection state in `hci_encrypt_cfm`
Bluetooth: Disconnect if E0 is used for Level 4
media: usbtv: Fix refcounting mixup
USB: serial: option: add Cellient MPL200 card
USB: serial: option: Add Telit FT980-KS composition
staging: comedi: check validity of wMaxPacketSize of usb endpoints found
USB: serial: pl2303: add device-id for HP GC device
USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters
reiserfs: Initialize inode keys properly
reiserfs: Fix oops during mount
drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case
crypto: bcm - Verify GCM/CCM key length in setkey
crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA
Linux 4.14.202
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Diffstat (limited to 'net/bluetooth/hci_conn.c')
| -rw-r--r-- | net/bluetooth/hci_conn.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c index 1d085eed72d0..e3cd81ce2a7b 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c @@ -1163,6 +1163,23 @@ int hci_conn_check_link_mode(struct hci_conn *conn) return 0; } + /* AES encryption is required for Level 4: + * + * BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C + * page 1319: + * + * 128-bit equivalent strength for link and encryption keys + * required using FIPS approved algorithms (E0 not allowed, + * SAFER+ not allowed, and P-192 not allowed; encryption key + * not shortened) + */ + if (conn->sec_level == BT_SECURITY_FIPS && + !test_bit(HCI_CONN_AES_CCM, &conn->flags)) { + bt_dev_err(conn->hdev, + "Invalid security: Missing AES-CCM usage"); + return 0; + } + if (hci_conn_ssp_enabled(conn) && !test_bit(HCI_CONN_ENCRYPT, &conn->flags)) return 0; |