Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 415bfc38 authored by Chris Manton's avatar Chris Manton
Browse files

legacy: Add HACK to set legacy SM4 from gd_acl 

Bug: 185967523
Test: gd/cert/run
Tag: #refactor
BYPASS_LONG_LINES_REASON: Bluetooth likes 120 lines

Change-Id: I32c92511fadebf458175a7f8f210c4ec0e0d3c74
parent 3f7121e6

system/stack/acl/btm_acl.cc

+32 −0
Original line number Diff line number Diff line
@@ -2910,3 +2910,35 @@ bool acl_check_and_clear_ignore_auto_connect_after_disconnect( 
void acl_clear_all_ignore_auto_connect_after_disconnect() {

  btm_cb.acl_cb_.ClearAllIgnoreAutoConnectAfterDisconnect();

}



/**

 * Confusingly, immutable device features are stored in the

 * ephemeral connection data structure while connection security

 * is stored in the device record.

 *

 * This HACK allows legacy security protocols to work as intended under

 * those conditions.

 */

void HACK_acl_check_sm4(tBTM_SEC_DEV_REC& record) {

  // Return if we already know this info

  if ((record.sm4 & BTM_SM4_TRUE) != BTM_SM4_UNKNOWN) return;



  tACL_CONN* p_acl =

      internal_.btm_bda_to_acl(record.RemoteAddress(), BT_TRANSPORT_BR_EDR);

  if (p_acl == nullptr) {

    LOG_WARN("Unable to find active acl for authentication device:%s",

             PRIVATE_ADDRESS(record.RemoteAddress()));

  }



  // If we have not received the SSP feature record

  // we have to wait

  if (!p_acl->peer_lmp_feature_valid[1]) {

    LOG_WARN(

        "Authentication started without extended feature page 1 request "

        "response");

    return;

  }

  record.sm4 = (HCI_SSP_HOST_SUPPORTED(p_acl->peer_lmp_feature_pages[1]))

                   ? BTM_SM4_TRUE

                   : BTM_SM4_KNOWN;

}

system/stack/btm/btm_sec.cc

+26 −7
Original line number Diff line number Diff line
@@ -44,6 +44,7 @@ 
#include "osi/include/log.h"

#include "osi/include/osi.h"

#include "stack/btm/btm_dev.h"

#include "stack/btm/security_device_record.h"

#include "stack/include/acl_api.h"

#include "stack/include/acl_hci_link_interface.h"

#include "stack/include/btm_status.h"
@@ -78,6 +79,7 @@ extern bool btm_ble_init_pseudo_addr(tBTM_SEC_DEV_REC* p_dev_rec, 
extern void bta_dm_remove_device(const RawAddress& bd_addr);

extern void bta_dm_process_remove_device(const RawAddress& bd_addr);

extern void btm_inq_clear_ssp(void);

extern void HACK_acl_check_sm4(tBTM_SEC_DEV_REC& p_dev_rec);



/*******************************************************************************

 *             L O C A L    F U N C T I O N     P R O T O T Y P E S            *
@@ -4214,18 +4216,31 @@ uint16_t BTM_GetClockOffset(const RawAddress& remote_bda) { 
 *

 ******************************************************************************/

tBTM_STATUS btm_sec_execute_procedure(tBTM_SEC_DEV_REC* p_dev_rec) {

  BTM_TRACE_EVENT(

      "btm_sec_execute_procedure: Required:0x%x Flags:0x%x State:%d",

      p_dev_rec->security_required, p_dev_rec->sec_flags, p_dev_rec->sec_state);

  CHECK(p_dev_rec != nullptr);

  LOG_DEBUG(

      "security_required:0x%x security_flags:0x%x security_state:%s[%hhu]",

      p_dev_rec->security_required, p_dev_rec->sec_flags,

      security_state_text(static_cast<tSECURITY_STATE>(p_dev_rec->sec_state))

          .c_str(),

      p_dev_rec->sec_state);



  /* There is a chance that we are getting name.  Wait until done. */

  if (p_dev_rec->sec_state != 0) return (BTM_CMD_STARTED);

  if (p_dev_rec->sec_state != BTM_SEC_STATE_IDLE) {

    LOG_DEBUG(

        "Security state is idle indicating remote name request is outstanding");

    return (BTM_CMD_STARTED);

  }



  if (!bluetooth::shim::is_gd_acl_enabled()) {

    // Load the SM4 values  //

    HACK_acl_check_sm4(*p_dev_rec);

  }



  /* If any security is required, get the name first */

  if (!(p_dev_rec->sec_flags & BTM_SEC_NAME_KNOWN) &&

      (p_dev_rec->hci_handle != HCI_INVALID_HANDLE)) {

    BTM_TRACE_EVENT("Security Manager: Start get name");

    LOG_DEBUG("Security Manager: Start get name");

    if (!btm_sec_start_get_name(p_dev_rec)) {

      LOG_WARN("Unable to start remote name request");

      return (BTM_NO_RESOURCES);

    }

    return (BTM_CMD_STARTED);
@@ -4249,7 +4264,7 @@ tBTM_STATUS btm_sec_execute_procedure(tBTM_SEC_DEV_REC* p_dev_rec) { 
     * authenticated connections, hence we cannot distinguish here.

     */



    BTM_TRACE_EVENT("Security Manager: Start authentication");

    LOG_DEBUG("Security Manager: Start authentication");



    /*

     * If we do have a link-key, but we end up here because we need an
@@ -4273,6 +4288,8 @@ tBTM_STATUS btm_sec_execute_procedure(tBTM_SEC_DEV_REC* p_dev_rec) { 


    btm_sec_start_authentication(p_dev_rec);

    return (BTM_CMD_STARTED);

  } else {

    LOG_DEBUG("Authentication not required");

  }



  /* If connection is not encrypted and encryption is required */
@@ -4288,6 +4305,8 @@ tBTM_STATUS btm_sec_execute_procedure(tBTM_SEC_DEV_REC* p_dev_rec) { 
    btsnd_hcic_set_conn_encrypt(p_dev_rec->hci_handle, true);

    p_dev_rec->sec_state = BTM_SEC_STATE_ENCRYPTING;

    return (BTM_CMD_STARTED);

  } else {

    LOG_DEBUG("Encryption not required");

  }



  if ((p_dev_rec->security_required & BTM_SEC_MODE4_LEVEL4) &&