linux/net/bluetooth
Marcel Holtmann e7c29cb16c [Bluetooth] Reject L2CAP connections on an insecure ACL link
The Security Mode 4 of the Bluetooth 2.1 specification has strict
authentication and encryption requirements. It is the initiators job
to create a secure ACL link. However in case of malicious devices, the
acceptor has to make sure that the ACL is encrypted before allowing
any kind of L2CAP connection. The only exception here is the PSM 1 for
the service discovery protocol, because that is allowed to run on an
insecure ACL link.

Previously it was enough to reject a L2CAP connection during the
connection setup phase, but with Bluetooth 2.1 it is forbidden to
do any L2CAP protocol exchange on an insecure link (except SDP).

The new hci_conn_check_link_mode() function can be used to check the
integrity of an ACL link. This functions also takes care of the cases
where Security Mode 4 is disabled or one of the devices is based on
an older specification.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2008-09-09 07:19:20 +02:00
..
bnep [Bluetooth] Consolidate maintainers information 2008-08-18 13:23:53 +02:00
cmtp
hidp
rfcomm [Bluetooth] Consolidate maintainers information 2008-08-18 13:23:53 +02:00
af_bluetooth.c [Bluetooth] Reject L2CAP connections on an insecure ACL link 2008-09-09 07:19:20 +02:00
hci_conn.c [Bluetooth] Reject L2CAP connections on an insecure ACL link 2008-09-09 07:19:20 +02:00
hci_core.c
hci_event.c [Bluetooth] Fix reference counting during ACL config stage 2008-09-09 07:19:19 +02:00
hci_sock.c
hci_sysfs.c
Kconfig
l2cap.c [Bluetooth] Reject L2CAP connections on an insecure ACL link 2008-09-09 07:19:20 +02:00
lib.c
Makefile
sco.c [Bluetooth] Enforce correct authentication requirements 2008-09-09 07:19:20 +02:00