linux/net
Marcel Holtmann 8c1b235594 Bluetooth: Add enhanced security model for Simple Pairing
The current security model is based around the flags AUTH, ENCRYPT and
SECURE. Starting with support for the Bluetooth 2.1 specification this is
no longer sufficient. The different security levels are now defined as
SDP, LOW, MEDIUM and SECURE.

Previously it was possible to set each security independently, but this
actually doesn't make a lot of sense. For Bluetooth the encryption depends
on a previous successful authentication. Also you can only update your
existing link key if you successfully created at least one before. And of
course the update of link keys without having proper encryption in place
is a security issue.

The new security levels from the Bluetooth 2.1 specification are now
used internally. All old settings are mapped to the new values and this
way it ensures that old applications still work. The only limitation
is that it is no longer possible to set authentication without also
enabling encryption. No application should have done this anyway since
this is actually a security issue. Without encryption the integrity of
the authentication can't be guaranteed.

As default for a new L2CAP or RFCOMM connection, the LOW security level
is used. The only exception here are the service discovery sessions on
PSM 1 where SDP level is used. To have similar security strength as with
a Bluetooth 2.0 and before combination key, the MEDIUM level should be
used. This is according to the Bluetooth specification. The MEDIUM level
will not require any kind of man-in-the-middle (MITM) protection. Only
the HIGH security level will require this.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
2009-02-27 06:14:25 +01:00
..
9p 9p: fix endian issues [attempt 3] 2009-02-06 22:07:41 -08:00
802 snap: handle registration error and compile warning 2009-02-22 19:54:47 -08:00
8021q gro: Optimise Ethernet header comparison 2009-02-08 20:22:18 -08:00
appletalk net: replace uses of __constant_{endian} 2009-02-01 00:45:17 -08:00
atm lec: convert to net_device_ops 2009-01-21 14:02:00 -08:00
ax25 ax25: more common return path joining 2009-02-06 23:47:14 -08:00
bluetooth Bluetooth: Add enhanced security model for Simple Pairing 2009-02-27 06:14:25 +01:00
bridge netlink: change nlmsg_notify() return value logic 2009-02-24 23:18:28 -08:00
can ip: support for TX timestamps on UDP and RAW sockets 2009-02-15 22:43:38 -08:00
core netlink: change nlmsg_notify() return value logic 2009-02-24 23:18:28 -08:00
dcb DCB: fix kfree(skb) 2009-01-04 17:29:21 -08:00
dccp dccp: Debugging functions for feature negotiation 2009-01-21 14:34:05 -08:00
decnet netlink: change nlmsg_notify() return value logic 2009-02-24 23:18:28 -08:00
dsa net: replace uses of __constant_{endian} 2009-02-01 00:45:17 -08:00
econet net: replace uses of __constant_{endian} 2009-02-01 00:45:17 -08:00
ethernet eth: Declare an optimized compare_ether_addr_64bits() function 2008-11-23 23:24:32 -08:00
ipv4 Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2009-02-25 00:02:05 -08:00
ipv6 Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2009-02-25 00:02:05 -08:00
ipx net: replace uses of __constant_{endian} 2009-02-01 00:45:17 -08:00
irda net: replace uses of __constant_{endian} 2009-02-01 00:45:17 -08:00
iucv s390: remove s390_root_dev_*() 2009-01-06 10:44:34 -08:00
key af_key: initialize xfrm encap_oa 2009-01-25 20:49:14 -08:00
lapb
llc llc: fix non-const printk warning 2009-02-22 19:54:46 -08:00
mac80211 Merge branch 'master' of /home/davem/src/GIT/linux-2.6/ 2009-02-14 23:12:00 -08:00
netfilter Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2009-02-25 00:02:05 -08:00
netlabel netlabel: Update kernel configuration API 2008-12-31 12:54:11 -05:00
netlink netlink: change nlmsg_notify() return value logic 2009-02-24 23:18:28 -08:00
netrom netrom: convert to net_device_ops 2009-01-21 14:02:02 -08:00
packet net: packet socket packet_lookup_frame fix 2009-02-01 01:53:29 -08:00
phonet netlink: change nlmsg_notify() return value logic 2009-02-24 23:18:28 -08:00
rfkill net/rfkill/rfkill.c: fix unused rfkill_led_trigger() warning 2009-01-04 17:11:24 -08:00
rose rose: convert to network_device_ops 2009-01-21 14:02:04 -08:00
rxrpc RxRPC: Fix a potential NULL dereference 2009-02-06 21:50:52 -08:00
sched pkt_sched: sch_multiq: Change errno on non-multiqueue devices use. 2009-02-10 00:11:21 -08:00
sctp sctp: Inherit all socket options from parent correctly. 2009-02-16 00:03:11 -08:00
sunrpc net/sunrpc/xprtsock.c: some common code found 2009-02-06 23:48:33 -08:00
tipc net/tipc/bcast.h: use ARRAY_SIZE 2009-01-11 00:06:33 -08:00
unix introduce new LSM hooks where vfsmount is available. 2008-12-31 18:07:37 -05:00
wanrouter netdevice wanrouter: Convert directly reference of netdev->priv 2008-11-20 04:26:21 -08:00
wimax Merge branch 'master' of /home/davem/src/GIT/linux-2.6/ 2009-02-14 23:12:00 -08:00
wireless cfg80211: add more flexible BSS lookup 2009-02-13 13:45:56 -05:00
x25 net: replace uses of __constant_{endian} 2009-02-01 00:45:17 -08:00
xfrm Revert "xfrm: For 32/64 compatability wrt. xfrm_usersa_info" 2009-01-20 09:49:51 -08:00
compat.c net: socket infrastructure for SO_TIMESTAMPING 2009-02-15 22:43:35 -08:00
Kconfig Phonet: move to Networking options like other protocol stacks 2009-01-26 21:03:33 -08:00
Makefile wimax: Makefile, Kconfig and docbook linkage for the stack 2009-01-07 10:00:17 -08:00
nonet.c
socket.c net: socket infrastructure for SO_TIMESTAMPING 2009-02-15 22:43:35 -08:00
sysctl_net.c missing bits of net-namespace / sysctl 2008-07-27 09:45:34 -07:00
TUNABLE