Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit ec6e086f authored by Brian Delwiche's avatar Brian Delwiche
Browse files

Add support for checking security downgrade 

As a guard against the BLUFFS attack, we will need to check the security
parameters of incoming connections against cached values and disallow
connection if these parameters are downgraded or changed from their
cached values.

Future CLs will add checks during connection.  This CL adds the
functions that will be needed to perform those checks and the necessary
mocks.
Currently supported checks are : IO capabilities (must be an exact match),
Secure Connections capability (must not be a downgrade), and session key
length (must not be a downgrade).  Maximum session key length, which was
previously not cached, has been added to the device security manager
cache.

To QA: This CL is a logical no-op by itself.  Tests should be performed as described in ag/25815924 and ag/25815925/

Bug: 314331379
Test: m libbluetooth
Tag: #security
Ignore-AOSP-First: Security
Change-Id: I3cd1db300be68d15cb09bdabea711199fcf748da
parent 551d3861
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment