DO NOT MERGE Don't persist bonds using sample LTK

#include <alloca.h>

#include <assert.h>

#include <ctype.h>

#include <log/log.h>

#include <stdlib.h>

#include <string.h>

#include <time.h>

#include "osi/include/allocator.h"

#include "osi/include/compat.h"

#include "osi/include/config.h"

#include "osi/include/list.h"

#include "osi/include/log.h"

#include "osi/include/osi.h"

}

/* Some devices hardcode sample LTK value from spec, instead of generating one.

 * Treat such devices as insecure, and remove such bonds when bluetooth restarts.

 * Removing them after disconnection is handled separately.

 *

 * We still allow such devices to bond in order to give the user a chance to update

 * firmware.

 */

static void remove_devices_with_sample_ltk() {

    list_t *bad_ltk = list_new(osi_free);

    for (const btif_config_section_iter_t *iter = btif_config_section_begin(); iter != btif_config_section_end(); iter = btif_config_section_next(iter)) {

        const char *name = btif_config_section_name(iter);

        if (!string_is_bdaddr(name)) {

            continue;

        }

        bt_bdaddr_t *bda = osi_malloc(sizeof(bt_bdaddr_t));

        string_to_bdaddr(name, bda);

        tBTA_LE_KEY_VALUE key;

        memset(&key, 0, sizeof(key));

        if (btif_storage_get_ble_bonding_key(bda, BTIF_DM_LE_KEY_PENC, (char*)&key, sizeof(tBTM_LE_PENC_KEYS)) ==

              BT_STATUS_SUCCESS) {

              if (is_sample_ltk(key.penc_key.ltk)) {

                  list_append(bad_ltk, (void*)bda);

              }

        }

    }

    for (list_node_t *sn = list_begin(bad_ltk); sn != list_end(bad_ltk); sn = list_next(sn)) {

        android_errorWriteLog(0x534e4554, "128437297");

        BTIF_TRACE_ERROR("%s: removing bond to device using test TLK", __func__);

        bt_bdaddr_t *bda = (bt_bdaddr_t*)list_node(sn);

        btif_storage_remove_bonded_device(bda);

    }

    list_free(bad_ltk);

}

/*******************************************************************************

**

** Function         btif_storage_load_bonded_devices

    bt_uuid_t local_uuids[BT_MAX_NUM_UUIDS];

    bt_uuid_t remote_uuids[BT_MAX_NUM_UUIDS];

    remove_devices_with_sample_ltk();

    btif_in_fetch_bonded_devices(&bonded_devices, 1);

    /* Now send the adapter_properties_cb with all adapter_properties */

#define LOG_TAG "bt_btm_sec"

#include <log/log.h>

#include <stdarg.h>

#include <string.h>

    #include "gatt_int.h"

#endif

#include "bta/sys/bta_sys.h"

#include "bta/dm/bta_dm_int.h"

#define BTM_SEC_MAX_COLLISION_DELAY     (5000)

extern fixed_queue_t *btu_general_alarm_queue;

                | BTM_SEC_ROLE_SWITCHED | BTM_SEC_16_DIGIT_PIN_AUTHED);

    }

    /* Some devices hardcode sample LTK value from spec, instead of generating

     * one. Treat such devices as insecure, and remove such bonds on

     * disconnection.

     */

    if (is_sample_ltk(p_dev_rec->ble.keys.pltk)) {

      android_errorWriteLog(0x534e4554, "128437297");

      BTM_TRACE_ERROR("%s: removing bond to device that used sample LTK", __func__);

      tBTA_DM_MSG p_data;

      memcpy(p_data.remove_dev.bd_addr, p_dev_rec->bd_addr, BD_ADDR_LEN);

      bta_dm_remove_device(&p_data);

    }

#if BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE

    if (p_dev_rec->sec_state == BTM_SEC_STATE_DISCONNECTING_BOTH)

    {

#include <stdint.h>

#include <stdbool.h>

#include <string.h>

#ifndef FALSE

#  define FALSE  false

{

    bdcpy(a, bd_addr_any);

}

static inline bool is_sample_ltk(const BT_OCTET16 ltk) {

  /* Sample LTK from BT Spec 5.1 | Vol 6, Part C 1

   * 0x4C68384139F574D836BCF34E9DFB01BF */

  const uint8_t SAMPLE_LTK[] = {0xbf, 0x01, 0xfb, 0x9d, 0x4e, 0xf3, 0xbc, 0x36,

                                0xd8, 0x74, 0xf5, 0x39, 0x41, 0x38, 0x68, 0x4c};

  return memcmp(ltk, SAMPLE_LTK, BT_OCTET16_LEN) == 0;

}

#endif