Hello Peter, Thanks for the information. Please find my inputs below. Regards, Tejaswini -----Original Message----- From: Peter Hurley [mailto:peter@xxxxxxxxxxxxxxxxxx] Sent: Tuesday, July 12, 2011 7:43 PM To: Tejaswini Purandare (WT01 - Product Engineering Services) Cc: marcel@xxxxxxxxxxxx; linux-bluetooth@xxxxxxxxxxxxxxx Subject: RE: L2CAP connection on insecure link Hi Tejaswini, On Tue, 2011-07-12 at 07:34 -0400, tejaswini.purandare@xxxxxxxxx wrote: > Hello Marcel, > > Thanks for your response. > > Can you please let me know the exact section of the BT 2.1 Core specification which mentions "The specification is pretty damn clear here. Any Connect_Request needs to be rejected if the underlying link is not known to be secure." >From Vol 3, Part C. Generic Access Profile, Section 5.2.2.2. Security for Access to Local Service by Remote Device (Responding Side), para. 5: "If the remote device has indicated support for Secure Simple Pairing, a channel establishment request is received for a service other than SDP, and encryption has not yet been enabled, then the local device shall disconnect the ACL link with error code 0x05 - Authentication Failure." Regardless, the issue with the LMP/BB race can be exhibited as the L2CAP_Connect_Req being received prior to receipt of the Connection Complete Event (in which case the ACL connection handle is unknown). Should the HCI core pend that request too? >> Actually we have a race condition between the L2CAP_Connect_Req and the Encryption Change event and not the Connection Complete Event. Regards, Peter > Regards, > Tejaswini > > > -----Original Message----- > From: Marcel Holtmann [mailto:marcel@xxxxxxxxxxxx] > Sent: Thursday, June 30, 2011 9:39 PM > To: Tejaswini Purandare (WT01 - Product Engineering Services) > Cc: linux-bluetooth@xxxxxxxxxxxxxxx > Subject: Re: L2CAP connection on insecure link > > Hi Tejaswini, > > > We are facing an issue as below. > > > > Problem statement: > > This is with reference to the patch http://kernel.ubuntu.com/git?p=ubuntu/linux-2.6/.git;a=commit;h=e7c29cb16c833441fd2160642bb13025f4e7ac70 for handling L2CAP connection requests on an insecure link. I am pasting below the details of this patch. > > > > "The Security Mode 4 of the Bluetooth 2.1 specification has strict authentication and encryption requirements. It is the initiators job to create a secure ACL link. However in case of malicious devices, the acceptor has to make sure that the ACL is encrypted before allowing any kind of L2CAP connection. The only exception here is the PSM 1 for the service discovery protocol, because that is allowed to run on an insecure ACL link. > > Previously it was enough to reject a L2CAP connection during the connection setup phase, but with Bluetooth 2.1 it is forbidden to do any L2CAP protocol exchange on an insecure link (except SDP). > > The new hci_conn_check_link_mode() function can be used to check the integrity of an ACL link. This functions also takes care of the cases where Security Mode 4 is disabled or one of the devices is based on an older specification." > > > > On receipt of a L2CAP_Connect_Req (function l2cap_connect_req()), the function hci_conn_check_link_mode() checks is encryption is enabled on the link when SSP is enabled. If encryption is not yet enabled then the function l2cap_connect_req() returns L2CAP_Connect_Rsp with error Security Block. > > > > Due to this patch, if the HCI encryption change event arrives after the Initiator sends the L2CAP Connection Request, then the connection request is rejected with response Security Block. > > > > Query: > > I wanted to know if this can be handled by sending an L2CAP Connection response with Connection Pending and on receiving the Encryption Change event send the L2CAP Connection response with success; else with error Security Block. > > no it can not. The specification is pretty damn clear here. Any > Connect_Request needs to be rejected if the underlying link is not know > to be secure. > > And with some chips this is a race conditions in their LMP+BB and the > transport layer. They end up sending the ACL packet before the send the > HCI event for signaling that the encryption is active. > > If you do look at the air traffic you might see that the ACL packet > actually was encrypted, but that is not what they have signaled to the > host stack. There is nothing we can do from our side. The chips need to > be fixed to do this in the right order. > > Regards > > Marcel > > > ��칻�&�~�&���+-��ݶ��w��˛���m�b��[�筢�a�{ay�ʇڙ�,j ��f���h���z��w��� ���j:+v���w�j�m���� ����zZ+�����ݢj"��!�i ��.n��������+%������w��{.n�����{����^n�r������&��z�ޗ�zf���h���~����������_��+v���)ߣ�