Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 750b3d44 authored by Brian Delwiche's avatar Brian Delwiche Committed by Automerger Merge Worker
Browse files

Add support for checking security downgrade am: 3cf3d9d9 am: d633a917 

Original change: https://googleplex-android-review.googlesource.com/c/platform/packages/modules/Bluetooth/+/27059672



Change-Id: I1f54299f0a7ba4791fa1cf445ff5350f250c78f8
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 5f9339f5 d633a917

system/btif/src/btif_storage.cc

+31 −0
Original line number Diff line number Diff line
@@ -92,10 +92,13 @@ using bluetooth::groups::DeviceGroups; 
#define BTIF_STORAGE_KEY_ADAPTER_SCANMODE "ScanMode"

#define BTIF_STORAGE_KEY_LOCAL_IO_CAPS "LocalIOCaps"

#define BTIF_STORAGE_KEY_LOCAL_IO_CAPS_BLE "LocalIOCapsBLE"

#define BTIF_STORAGE_KEY_MAX_SESSION_KEY_SIZE "MaxSessionKeySize"

#define BTIF_STORAGE_KEY_ADAPTER_DISC_TIMEOUT "DiscoveryTimeout"

#define BTIF_STORAGE_KEY_GATT_CLIENT_SUPPORTED "GattClientSupportedFeatures"

#define BTIF_STORAGE_KEY_GATT_CLIENT_DB_HASH "GattClientDatabaseHash"

#define BTIF_STORAGE_KEY_GATT_SERVER_SUPPORTED "GattServerSupportedFeatures"

#define BTIF_STORAGE_KEY_SECURE_CONNECTIONS_SUPPORTED \

  "SecureConnectionsSupported"

#define BTIF_STORAGE_DEVICE_GROUP_BIN "DeviceGroupBin"

#define BTIF_STORAGE_CSIS_AUTOCONNECT "CsisAutoconnect"

#define BTIF_STORAGE_CSIS_SET_INFO_BIN "CsisSetInfoBin"
@@ -293,6 +296,14 @@ static int prop2cfg(const RawAddress* remote_bd_addr, bt_property_t* prop) { 
      btif_config_set_int(bdstr, BT_CONFIG_KEY_REMOTE_VER_SUBVER,

                          info->sub_ver);

    } break;

    case BT_PROPERTY_REMOTE_SECURE_CONNECTIONS_SUPPORTED:

      btif_config_set_int(bdstr, BTIF_STORAGE_KEY_SECURE_CONNECTIONS_SUPPORTED,

                          *(uint8_t*)prop->val);

      break;

    case BT_PROPERTY_REMOTE_MAX_SESSION_KEY_SIZE:

      btif_config_set_int(bdstr, BTIF_STORAGE_KEY_MAX_SESSION_KEY_SIZE,

                          *(uint8_t*)prop->val);

      break;



    default:

      BTIF_TRACE_ERROR("Unknown prop type:%d", prop->type);
@@ -419,6 +430,26 @@ static int cfg2prop(const RawAddress* remote_bd_addr, bt_property_t* prop) { 
      }

    } break;



    case BT_PROPERTY_REMOTE_SECURE_CONNECTIONS_SUPPORTED: {

      int val;



      if (prop->len >= (int)sizeof(uint8_t)) {

        ret = btif_config_get_int(

            bdstr, BTIF_STORAGE_KEY_SECURE_CONNECTIONS_SUPPORTED, &val);

        *(uint8_t*)prop->val = (uint8_t)val;

      }

    } break;



    case BT_PROPERTY_REMOTE_MAX_SESSION_KEY_SIZE: {

      int val;



      if (prop->len >= (int)sizeof(uint8_t)) {

        ret = btif_config_get_int(bdstr, BTIF_STORAGE_KEY_MAX_SESSION_KEY_SIZE,

                                  &val);

        *(uint8_t*)prop->val = (uint8_t)val;

      }

    } break;



    default:

      BTIF_TRACE_ERROR("Unknow prop type:%d", prop->type);

      return false;

system/include/hardware/bluetooth.h

+14 −0
Original line number Diff line number Diff line
@@ -339,6 +339,20 @@ typedef enum { 
   */

  BT_PROPERTY_REMOTE_IS_COORDINATED_SET_MEMBER,



  /**

   * Description - Whether remote device supports Secure Connections mode

   * Access mode - GET and SET.

   * Data Type - uint8_t.

   */

  BT_PROPERTY_REMOTE_SECURE_CONNECTIONS_SUPPORTED,



  /**

   * Description - Maximum observed session key for remote device

   * Access mode - GET and SET.

   * Data Type - uint8_t.

   */

  BT_PROPERTY_REMOTE_MAX_SESSION_KEY_SIZE,



  BT_PROPERTY_REMOTE_DEVICE_TIMESTAMP = 0xFF,

} bt_property_type_t;

system/service/logging_helpers.cc

+2 −0
Original line number Diff line number Diff line
@@ -118,6 +118,8 @@ const char* BtPropertyText(const bt_property_type_t prop) { 
    CASE_RETURN_TEXT(BT_PROPERTY_REMOTE_VERSION_INFO);

    CASE_RETURN_TEXT(BT_PROPERTY_LOCAL_LE_FEATURES);

    CASE_RETURN_TEXT(BT_PROPERTY_REMOTE_DEVICE_TIMESTAMP);

    CASE_RETURN_TEXT(BT_PROPERTY_REMOTE_SECURE_CONNECTIONS_SUPPORTED);

    CASE_RETURN_TEXT(BT_PROPERTY_REMOTE_MAX_SESSION_KEY_SIZE);

    default:

      return "Invalid property";

  }

system/stack/btm/btm_sec.cc

+103 −0
Original line number Diff line number Diff line
@@ -217,6 +217,109 @@ static bool btm_dev_16_digit_authenticated(tBTM_SEC_DEV_REC* p_dev_rec) { 
  return (false);

}



/*******************************************************************************

 *

 * Function         btm_sec_is_device_sc_downgrade

 *

 * Description      Check for a stored device record matching the candidate

 *                  device, and return true if the stored device has reported

 *                  that it supports Secure Connections mode and the candidate

 *                  device reports that it does not.  Otherwise, return false.

 *

 * Returns          bool

 *

 ******************************************************************************/

static bool btm_sec_is_device_sc_downgrade(uint16_t hci_handle,

                                           bool secure_connections_supported) {

  if (secure_connections_supported) return false;



  tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev_by_handle(hci_handle);

  if (p_dev_rec == nullptr) return false;



  uint8_t property_val = 0;

  bt_property_t property = {

      .type = BT_PROPERTY_REMOTE_SECURE_CONNECTIONS_SUPPORTED,

      .len = sizeof(uint8_t),

      .val = &property_val};



  bt_status_t cached =

      btif_storage_get_remote_device_property(&p_dev_rec->bd_addr, &property);



  if (cached == BT_STATUS_FAIL) return false;



  return (bool)property_val;

}



/*******************************************************************************

 *

 * Function         btm_sec_store_device_sc_support

 *

 * Description      Save Secure Connections support for this device to file

 *

 ******************************************************************************/



static void btm_sec_store_device_sc_support(uint16_t hci_handle,

                                            bool secure_connections_supported) {

  tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev_by_handle(hci_handle);

  if (p_dev_rec == nullptr) return;



  uint8_t property_val = (uint8_t)secure_connections_supported;

  bt_property_t property = {

      .type = BT_PROPERTY_REMOTE_SECURE_CONNECTIONS_SUPPORTED,

      .len = sizeof(uint8_t),

      .val = &property_val};



  btif_storage_set_remote_device_property(&p_dev_rec->bd_addr, &property);

}



/*******************************************************************************

 *

 * Function         btm_sec_is_session_key_size_downgrade

 *

 * Description      Check if there is a stored device record matching this

 *                  handle, and return true if the stored record has a lower

 *                  session key size than the candidate device.

 *

 * Returns          bool

 *

 ******************************************************************************/

bool btm_sec_is_session_key_size_downgrade(uint16_t hci_handle,

                                           uint8_t key_size) {

  tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev_by_handle(hci_handle);

  if (p_dev_rec == nullptr) return false;



  uint8_t property_val = 0;

  bt_property_t property = {.type = BT_PROPERTY_REMOTE_MAX_SESSION_KEY_SIZE,

                            .len = sizeof(uint8_t),

                            .val = &property_val};



  bt_status_t cached =

      btif_storage_get_remote_device_property(&p_dev_rec->bd_addr, &property);



  if (cached == BT_STATUS_FAIL) return false;



  return property_val > key_size;

}



/*******************************************************************************

 *

 * Function         btm_sec_update_session_key_size

 *

 * Description      Store the max session key size to disk, if possible.

 *

 ******************************************************************************/

void btm_sec_update_session_key_size(uint16_t hci_handle, uint8_t key_size) {

  tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev_by_handle(hci_handle);

  if (p_dev_rec == nullptr) return;



  uint8_t property_val = key_size;

  bt_property_t property = {.type = BT_PROPERTY_REMOTE_MAX_SESSION_KEY_SIZE,

                            .len = sizeof(uint8_t),

                            .val = &property_val};



  btif_storage_set_remote_device_property(&p_dev_rec->bd_addr, &property);

}



/*******************************************************************************

 *

 * Function         access_secure_service_from_temp_bond

system/stack/btm/btm_sec.h

+23 −0
Original line number Diff line number Diff line
@@ -805,5 +805,28 @@ void btm_sec_set_peer_sec_caps(uint16_t hci_handle, bool ssp_supported, 
void btm_sec_cr_loc_oob_data_cback_event(const RawAddress& address,

                                         tSMP_LOC_OOB_DATA loc_oob_data);



/*******************************************************************************

 *

 * Function         btm_sec_is_session_key_size_downgrade

 *

 * Description      Check if there is a stored device record matching this

 *                  handle, and return true if the stored record has a lower

 *                  session key size than the candidate device.

 *

 * Returns          bool

 *

 ******************************************************************************/

bool btm_sec_is_session_key_size_downgrade(uint16_t hci_handle,

                                           uint8_t key_size);



/*******************************************************************************

 *

 * Function         btm_sec_update_session_key_size

 *

 * Description      Store the max session key size to disk, if possible.

 *

 ******************************************************************************/

void btm_sec_update_session_key_size(uint16_t hci_handle, uint8_t key_size);



// Return DEV_CLASS (uint8_t[3]) of bda. If record doesn't exist, create one.

const uint8_t* btm_get_dev_class(const RawAddress& bda);