Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 41455cf6 authored by Treehugger Robot's avatar Treehugger Robot Committed by Automerger Merge Worker
Browse files

Merge changes from topic "gd_security_shim" am: bcd0bef4 am: b8cd9d11 am:... 

Merge changes from topic "gd_security_shim" am: bcd0bef4 am: b8cd9d11 am: bb847d54 am: 25c2d850

Original change: https://android-review.googlesource.com/c/platform/system/bt/+/1443318

Change-Id: I591acee6ea00303dddb4566b06ec2403d1554b81
parents 849505e6 25c2d850

system/gd/security/cert/security_test.py

+4 −8
Original line number Diff line number Diff line
@@ -65,14 +65,10 @@ class SecurityTest(GdBaseTestClass): 
        IoCapabilities.NO_INPUT_NO_OUTPUT)



    # Possible Authentication Requirements

    auth_reqs = (

        AuthenticationRequirements.NO_BONDING,

        # TODO(optedoblivion): Figure out MITM cases

        AuthenticationRequirements.NO_BONDING_MITM_PROTECTION,

    auth_reqs = (AuthenticationRequirements.NO_BONDING, AuthenticationRequirements.NO_BONDING_MITM_PROTECTION,

                 AuthenticationRequirements.DEDICATED_BONDING,

                 AuthenticationRequirements.DEDICATED_BONDING_MITM_PROTECTION,

        AuthenticationRequirements.GENERAL_BONDING,

        AuthenticationRequirements.GENERAL_BONDING_MITM_PROTECTION)

                 AuthenticationRequirements.GENERAL_BONDING, AuthenticationRequirements.GENERAL_BONDING_MITM_PROTECTION)



    # Possible Out-of-Band data options

    oob_present = (

system/gd/security/facade.cc

+14 −5
Original line number Diff line number Diff line
@@ -339,8 +339,10 @@ class SecurityModuleFacadeService : public SecurityModuleFacade::Service, public 
    ui_events_.OnIncomingEvent(display_yes_no);

  }



  virtual void DisplayConfirmValue(const bluetooth::hci::AddressWithType& peer, std::string name,

                                   uint32_t numeric_value) {

  virtual void DisplayConfirmValue(ConfirmationData data) {

    const bluetooth::hci::AddressWithType& peer = data.GetAddressWithType();

    std::string name = data.GetName();

    uint32_t numeric_value = data.GetNumericValue();

    LOG_INFO("%s value = 0x%x", peer.ToString().c_str(), numeric_value);

    UiMsg display_with_value;

    *display_with_value.mutable_peer() = ToFacadeAddressWithType(peer);
@@ -350,7 +352,9 @@ class SecurityModuleFacadeService : public SecurityModuleFacade::Service, public 
    ui_events_.OnIncomingEvent(display_with_value);

  }



  void DisplayYesNoDialog(const bluetooth::hci::AddressWithType& peer, std::string name) override {

  void DisplayYesNoDialog(ConfirmationData data) override {

    const bluetooth::hci::AddressWithType& peer = data.GetAddressWithType();

    std::string name = data.GetName();

    LOG_INFO("%s", peer.ToString().c_str());

    UiMsg display_yes_no;

    *display_yes_no.mutable_peer() = ToFacadeAddressWithType(peer);
@@ -359,7 +363,10 @@ class SecurityModuleFacadeService : public SecurityModuleFacade::Service, public 
    ui_events_.OnIncomingEvent(display_yes_no);

  }



  void DisplayPasskey(const bluetooth::hci::AddressWithType& peer, std::string name, uint32_t passkey) override {

  void DisplayPasskey(ConfirmationData data) override {

    const bluetooth::hci::AddressWithType& peer = data.GetAddressWithType();

    std::string name = data.GetName();

    uint32_t passkey = data.GetNumericValue();

    LOG_INFO("%s value = 0x%x", peer.ToString().c_str(), passkey);

    UiMsg display_passkey;

    *display_passkey.mutable_peer() = ToFacadeAddressWithType(peer);
@@ -369,7 +376,9 @@ class SecurityModuleFacadeService : public SecurityModuleFacade::Service, public 
    ui_events_.OnIncomingEvent(display_passkey);

  }



  void DisplayEnterPasskeyDialog(const bluetooth::hci::AddressWithType& peer, std::string name) override {

  void DisplayEnterPasskeyDialog(ConfirmationData data) override {

    const bluetooth::hci::AddressWithType& peer = data.GetAddressWithType();

    std::string name = data.GetName();

    LOG_INFO("%s", peer.ToString().c_str());

    UiMsg display_passkey_input;

    *display_passkey_input.mutable_peer() = ToFacadeAddressWithType(peer);

system/gd/security/pairing/classic_pairing_handler.cc

+22 −10
Original line number Diff line number Diff line
@@ -26,26 +26,38 @@ namespace pairing { 


void ClassicPairingHandler::NotifyUiDisplayYesNo(uint32_t numeric_value) {

  ASSERT(user_interface_handler_ != nullptr);

  user_interface_handler_->CallOn(

      user_interface_, &UI::DisplayConfirmValue, *GetRecord()->GetPseudoAddress(), device_name_, numeric_value);

  ConfirmationData data(*GetRecord()->GetPseudoAddress(), device_name_, numeric_value);

  data.PutExtraData("remote_io_caps", hci::IoCapabilityText(remote_io_capability_));

  data.PutExtraData("remote_auth_reqs", hci::AuthenticationRequirementsText(remote_authentication_requirements_));

  data.PutExtraData("remote_oob_data_present", hci::OobDataPresentText(remote_oob_present_));

  user_interface_handler_->CallOn(user_interface_, &UI::DisplayConfirmValue, data);

}



void ClassicPairingHandler::NotifyUiDisplayYesNo() {

  ASSERT(user_interface_handler_ != nullptr);

  user_interface_handler_->CallOn(

      user_interface_, &UI::DisplayYesNoDialog, *GetRecord()->GetPseudoAddress(), device_name_);

  ConfirmationData data(*GetRecord()->GetPseudoAddress(), device_name_);

  data.PutExtraData("remote_io_caps", hci::IoCapabilityText(remote_io_capability_));

  data.PutExtraData("remote_auth_reqs", hci::AuthenticationRequirementsText(remote_authentication_requirements_));

  data.PutExtraData("remote_oob_data_present", hci::OobDataPresentText(remote_oob_present_));

  user_interface_handler_->CallOn(user_interface_, &UI::DisplayYesNoDialog, data);

}



void ClassicPairingHandler::NotifyUiDisplayPasskey(uint32_t passkey) {

  ASSERT(user_interface_handler_ != nullptr);

  user_interface_handler_->CallOn(

      user_interface_, &UI::DisplayPasskey, *GetRecord()->GetPseudoAddress(), device_name_, passkey);

  ConfirmationData data(*GetRecord()->GetPseudoAddress(), device_name_, passkey);

  data.PutExtraData("remote_io_caps", hci::IoCapabilityText(remote_io_capability_));

  data.PutExtraData("remote_auth_reqs", hci::AuthenticationRequirementsText(remote_authentication_requirements_));

  data.PutExtraData("remote_oob_data_present", hci::OobDataPresentText(remote_oob_present_));

  user_interface_handler_->CallOn(user_interface_, &UI::DisplayPasskey, data);

}



void ClassicPairingHandler::NotifyUiDisplayPasskeyInput() {

  ASSERT(user_interface_handler_ != nullptr);

  user_interface_handler_->CallOn(

      user_interface_, &UI::DisplayEnterPasskeyDialog, *GetRecord()->GetPseudoAddress(), device_name_);

  ConfirmationData data(*GetRecord()->GetPseudoAddress(), device_name_);

  data.PutExtraData("remote_io_caps", hci::IoCapabilityText(remote_io_capability_));

  data.PutExtraData("remote_auth_reqs", hci::AuthenticationRequirementsText(remote_authentication_requirements_));

  data.PutExtraData("remote_oob_data_present", hci::OobDataPresentText(remote_oob_present_));

  user_interface_handler_->CallOn(user_interface_, &UI::DisplayEnterPasskeyDialog, data);

}



void ClassicPairingHandler::NotifyUiDisplayCancel() {
@@ -54,7 +66,8 @@ void ClassicPairingHandler::NotifyUiDisplayCancel() { 
}



void ClassicPairingHandler::OnPairingPromptAccepted(const bluetooth::hci::AddressWithType& address, bool confirmed) {

  LOG_WARN("TODO Not Implemented!");

  // NOTE: This is not used by Classic, only by LE

  LOG_ALWAYS_FATAL("This is not supported by Classic Pairing Handler, only LE");

}



void ClassicPairingHandler::OnConfirmYesNo(const bluetooth::hci::AddressWithType& address, bool confirmed) {
@@ -179,7 +192,6 @@ void ClassicPairingHandler::OnReceive(hci::IoCapabilityResponseView packet) { 
  LOG_INFO("Received: %s", hci::EventCodeText(packet.GetEventCode()).c_str());

  ASSERT_LOG(GetRecord()->GetPseudoAddress()->GetAddress() == packet.GetBdAddr(), "Address mismatch");



  // Using local variable until device database pointer is ready

  remote_io_capability_ = packet.GetIoCapability();

  remote_authentication_requirements_ = packet.GetAuthenticationRequirements();

  remote_oob_present_ = packet.GetOobDataPresent();

system/gd/security/pairing_handler_le_legacy.cc

+7 −6
Original line number Diff line number Diff line
@@ -93,12 +93,13 @@ LegacyStage1ResultOrFailure PairingHandlerLe::LegacyPasskeyEntry(const InitialIn 
    constexpr uint32_t PASSKEY_MAX = 999999;

    if (passkey > PASSKEY_MAX) passkey >>= 1;



    i.user_interface_handler->Post(common::BindOnce(&UI::DisplayConfirmValue, common::Unretained(i.user_interface),

                                                    i.remote_connection_address, i.remote_name, passkey));

    ConfirmationData data(i.remote_connection_address, i.remote_name, passkey);

    i.user_interface_handler->Post(

        common::BindOnce(&UI::DisplayConfirmValue, common::Unretained(i.user_interface), data));

  } else {

    i.user_interface_handler->Post(common::BindOnce(&UI::DisplayEnterPasskeyDialog,

                                                    common::Unretained(i.user_interface), i.remote_connection_address,

                                                    i.remote_name));

    ConfirmationData data(i.remote_connection_address, i.remote_name);

    i.user_interface_handler->Post(

        common::BindOnce(&UI::DisplayEnterPasskeyDialog, common::Unretained(i.user_interface), data));

    std::optional<PairingEvent> response = WaitUiPasskey();

    if (!response) return PairingFailure("Passkey did not arrive!");

system/gd/security/pairing_handler_le_secure_connections.cc

+9 −8
Original line number Diff line number Diff line
@@ -288,13 +288,13 @@ Stage1ResultOrFailure PairingHandlerLe::SecureConnectionsPasskeyEntry(const Init 
    constexpr uint32_t PASSKEY_MAX = 999999;

    while (passkey > PASSKEY_MAX) passkey >>= 1;



    i.user_interface_handler->Post(common::BindOnce(&UI::DisplayPasskey, common::Unretained(i.user_interface),

                                                    i.remote_connection_address, i.remote_name, passkey));

    ConfirmationData data(i.remote_connection_address, i.remote_name, passkey);

    i.user_interface_handler->Post(common::BindOnce(&UI::DisplayPasskey, common::Unretained(i.user_interface), data));



  } else if (my_iocaps == IoCapability::KEYBOARD_ONLY || remote_iocaps == IoCapability::DISPLAY_ONLY) {

    i.user_interface_handler->Post(common::BindOnce(&UI::DisplayEnterPasskeyDialog,

                                                    common::Unretained(i.user_interface), i.remote_connection_address,

                                                    i.remote_name));

    ConfirmationData data(i.remote_connection_address, i.remote_name);

    i.user_interface_handler->Post(

        common::BindOnce(&UI::DisplayEnterPasskeyDialog, common::Unretained(i.user_interface), data));

    std::optional<PairingEvent> response = WaitUiPasskey();

    if (!response) return PairingFailure("Passkey did not arrive!");
@@ -409,8 +409,9 @@ Stage1ResultOrFailure PairingHandlerLe::SecureConnectionsNumericComparison(const 


  uint32_t number_to_display = crypto_toolbox::g2((uint8_t*)PKa.x.data(), (uint8_t*)PKb.x.data(), Na, Nb);



  i.user_interface_handler->Post(common::BindOnce(&UI::DisplayConfirmValue, common::Unretained(i.user_interface),

                                                  i.remote_connection_address, i.remote_name, number_to_display));

  ConfirmationData data(i.remote_connection_address, i.remote_name, number_to_display);

  i.user_interface_handler->Post(

      common::BindOnce(&UI::DisplayConfirmValue, common::Unretained(i.user_interface), data));



  std::optional<PairingEvent> confirmyesno = WaitUiConfirmYesNo();

  if (!confirmyesno || confirmyesno->ui_value == 0) {