Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp257618ybt;
        Fri, 19 Jun 2020 00:56:57 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzjIenjN9zp2JSoMn4ZNud29eWfNKkste6T/FGvEIDXIowfgISe8k2NIUBwpuKUbXHjpRBa
X-Received: by 2002:a50:fb14:: with SMTP id d20mr2011512edq.209.1592553416848;
        Fri, 19 Jun 2020 00:56:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1592553416; cv=none;
        d=google.com; s=arc-20160816;
        b=mtJdkyFMxsQPF7clZeCD2j4U3S2xlgw6fRBGjmp5bWPoggwCf6Q5qcIyCc8keH2BcG
         lFqcoMhyPTh09ol7I4PVwpfpkSFIxLQpOy2djDgEyvlmoOH30QFtXYvINSA0okBEktlw
         SRbW6aI1xOYI6VXeV0s3UbGj5ZUiblYLLc0ULcvKuYNm1fyHtRZVdiuSvQo453k5Vg0h
         Qjr+P8Ux4QuAo/Ua9QnkkH44pJclbuEmgtSzSKELJkdpurtTlLvjEg0rH4GGa+0cyZms
         7S2Yl/x9mCSAUMaiM0xLRn7E2wLDaHHVJdDLcGYDqtiG3VJ9ZsoipHYoe7hA2BQO9P7a
         s+Gg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:to:references:message-id
         :content-transfer-encoding:cc:date:in-reply-to:from:subject
         :mime-version;
        bh=IXIfU7DF3J+46BLDZ/IgRbxt0GSBW2/jaWxRUsnwAfI=;
        b=tdzMFLCuhNsVbDZePBGzFBwUotafhr5ZrSJ1iVGyeFDmkORravbv4TxgtmRf0STz+T
         ykyS59XKzRsc8BDf0XmQloyj5kCfjaxjGDwKvAVcpakU54cnmzTWDwjQ5WBXt1QCGdB6
         LVcFtjZ7GqpuWklbkisa8hdKdpkJ8HaXQ7IxOOXBEGyZSQBjjHn2kG45b8/0Yqqr4ChP
         6aReQdC7Gy/zorpW+xFEqqxREZPUNQRtxK7qlVm4+4+bNrzLM2FOT1Qpy1X5Us9O57O6
         EJMhK6boOYOnZJxbPXH/w7l6tCTMp5+YJgPvGT9b9iu3SBnR9rBfJdefiRQ3pNtshXcF
         s/Yg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org
Return-Path: <linux-bluetooth-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id h6si3528016edn.503.2020.06.19.00.56.31;
        Fri, 19 Jun 2020 00:56:56 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730935AbgFSHzB (ORCPT <rfc822;batyiev@gmail.com> + 99 others);
        Fri, 19 Jun 2020 03:55:01 -0400
Received: from coyote.holtmann.net ([212.227.132.17]:34130 "EHLO
        mail.holtmann.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1730880AbgFSHzA (ORCPT
        <rfc822;linux-bluetooth@vger.kernel.org>);
        Fri, 19 Jun 2020 03:55:00 -0400
Received: from marcel-macbook.fritz.box (p5b3d2638.dip0.t-ipconnect.de [91.61.38.56])
        by mail.holtmann.org (Postfix) with ESMTPSA id 70974CECF1;
        Fri, 19 Jun 2020 10:04:51 +0200 (CEST)
Content-Type: text/plain;
        charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Subject: Re: [PATCH v2 1/2] Bluetooth: Disconnect if E0 is used for Level 4
From:   Marcel Holtmann <marcel@holtmann.org>
In-Reply-To: <20200520212015.626026-1-luiz.dentz@gmail.com>
Date:   Fri, 19 Jun 2020 09:54:59 +0200
Cc:     linux-bluetooth@vger.kernel.org
Content-Transfer-Encoding: 7bit
Message-Id: <2B2EAC6C-D6FA-4CF1-87EB-8CCB774DBBE4@holtmann.org>
References: <20200520212015.626026-1-luiz.dentz@gmail.com>
To:     Luiz Augusto von Dentz <luiz.dentz@gmail.com>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Sender: linux-bluetooth-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

Hi Luiz,

> E0 is not allowed with Level 4:
> 
> BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C page 1319:
> 
>  '128-bit equivalent strength for link and encryption keys
>   required using FIPS approved algorithms (E0 not allowed,
>   SAFER+ not allowed, and P-192 not allowed; encryption key
>   not shortened'
> 
> SC enabled:
> 
>> HCI Event: Read Remote Extended Features (0x23) plen 13
>        Status: Success (0x00)
>        Handle: 256
>        Page: 1/2
>        Features: 0x0b 0x00 0x00 0x00 0x00 0x00 0x00 0x00
>          Secure Simple Pairing (Host Support)
>          LE Supported (Host)
>          Secure Connections (Host Support)
>> HCI Event: Encryption Change (0x08) plen 4
>        Status: Success (0x00)
>        Handle: 256
>        Encryption: Enabled with AES-CCM (0x02)
> 
> SC disabled:
> 
>> HCI Event: Read Remote Extended Features (0x23) plen 13
>        Status: Success (0x00)
>        Handle: 256
>        Page: 1/2
>        Features: 0x03 0x00 0x00 0x00 0x00 0x00 0x00 0x00
>          Secure Simple Pairing (Host Support)
>          LE Supported (Host)
>> HCI Event: Encryption Change (0x08) plen 4
>        Status: Success (0x00)
>        Handle: 256
>        Encryption: Enabled with E0 (0x01)
> [May 8 20:23] Bluetooth: hci0: Invalid security: expect AES but E0 was used
> < HCI Command: Disconnect (0x01|0x0006) plen 3
>        Handle: 256
>        Reason: Authentication Failure (0x05)
> 
> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> ---
> include/net/bluetooth/hci_core.h | 10 ++++++----
> net/bluetooth/hci_conn.c         | 17 +++++++++++++++++
> net/bluetooth/hci_event.c        | 20 ++++++++------------
> 3 files changed, 31 insertions(+), 16 deletions(-)

patch has been applied to bluetooth-next tree.

Regards

Marcel