Don't persist bonds using sample LTK

#include <alloca.h>

#include <base/logging.h>

#include <ctype.h>

#include <log/log.h>

#include <stdlib.h>

#include <string.h>

#include <time.h>

  return ret ? BT_STATUS_SUCCESS : BT_STATUS_FAIL;

}

/* Some devices hardcode sample LTK value from spec, instead of generating one.

 * Treat such devices as insecure, and remove such bonds when bluetooth

 * restarts. Removing them after disconnection is handled separately.

 *

 * We still allow such devices to bond in order to give the user a chance to

 * update firmware.

 */

static void remove_devices_with_sample_ltk() {

  std::vector<bt_bdaddr_t> bad_ltk;

  for (const btif_config_section_iter_t* iter = btif_config_section_begin();

       iter != btif_config_section_end();

       iter = btif_config_section_next(iter)) {

    const char* name = btif_config_section_name(iter);

    if (!string_is_bdaddr(name)) {

      continue;

    }

    bt_bdaddr_t bda;

    string_to_bdaddr(name, &bda);

    tBTA_LE_KEY_VALUE key;

    memset(&key, 0, sizeof(key));

    if (btif_storage_get_ble_bonding_key(&bda, BTIF_DM_LE_KEY_PENC, (char*)&key,

                                         sizeof(tBTM_LE_PENC_KEYS)) ==

        BT_STATUS_SUCCESS) {

      if (is_sample_ltk(key.penc_key.ltk)) {

        bad_ltk.push_back(bda);

      }

    }

  }

  for (bt_bdaddr_t address : bad_ltk) {

    android_errorWriteLog(0x534e4554, "128437297");

    LOG(ERROR) << __func__ << ": removing bond to device using test TLK";

    btif_storage_remove_bonded_device(&address);

  }

}

/*******************************************************************************

 *

 * Function         btif_storage_load_bonded_devices

  bt_uuid_t remote_uuids[BT_MAX_NUM_UUIDS];

  bt_status_t status;

  remove_devices_with_sample_ltk();

  btif_in_fetch_bonded_devices(&bonded_devices, 1);

  /* Now send the adapter_properties_cb with all adapter_properties */

#define LOG_TAG "bt_btm_sec"

#include <log/log.h>

#include <stdarg.h>

#include <stdio.h>

#include <string.h>

#include "gatt_int.h"

#include "bta/dm/bta_dm_int.h"

#define BTM_SEC_MAX_COLLISION_DELAY (5000)

extern fixed_queue_t* btu_general_alarm_queue;

          BTM_SEC_ROLE_SWITCHED | BTM_SEC_16_DIGIT_PIN_AUTHED);

  }

  /* Some devices hardcode sample LTK value from spec, instead of generating

   * one. Treat such devices as insecure, and remove such bonds on

   * disconnection.

   */

  if (is_sample_ltk(p_dev_rec->ble.keys.pltk)) {

    android_errorWriteLog(0x534e4554, "128437297");

    LOG(INFO) << __func__ << " removing bond to device that used sample LTK";

    tBTA_DM_MSG p_data;

    memcpy(p_data.remove_dev.bd_addr, p_dev_rec->bd_addr, BD_ADDR_LEN);

    bta_dm_remove_device(&p_data);

  }

  if (p_dev_rec->sec_state == BTM_SEC_STATE_DISCONNECTING_BOTH) {

    p_dev_rec->sec_state = (transport == BT_TRANSPORT_LE)

                               ? BTM_SEC_STATE_DISCONNECTING

#include <stdbool.h>

#include <stdint.h>

#include <string.h>

#ifndef FALSE

#define FALSE false

 *

 ******************************************************************************/

static inline void bdsetany(BD_ADDR a) { bdcpy(a, bd_addr_any); }

static inline bool is_sample_ltk(const BT_OCTET16 ltk) {

  /* Sample LTK from BT Spec 5.1 | Vol 6, Part C 1

   * 0x4C68384139F574D836BCF34E9DFB01BF */

  const uint8_t SAMPLE_LTK[] = {0xbf, 0x01, 0xfb, 0x9d, 0x4e, 0xf3, 0xbc, 0x36,

                                0xd8, 0x74, 0xf5, 0x39, 0x41, 0x38, 0x68, 0x4c};

  return memcmp(ltk, SAMPLE_LTK, BT_OCTET16_LEN) == 0;

}

#endif