Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commits on Source (5)
Hide whitespace changes
Inline Side-by-side
flags/security.aconfig
View file @ f0942128
......@@ -8,13 +8,6 @@ flag {
bug: "319530790"
}
flag {
name: "bluffs_mitigation"
namespace: "bluetooth"
description: "Cache security values to mitigate BLUFFS"
bug: "314331379"
}
flag {
name: "fix_pairing_failure_reason_from_remote"
namespace: "bluetooth"
......
system/stack/btm/btm_sec.cc
View file @ f0942128
......@@ -3510,22 +3510,20 @@ static void read_encryption_key_size_complete_after_encryption_change(
return;
}
if (IS_FLAG_ENABLED(bluffs_mitigation)) {
if (btm_sec_is_session_key_size_downgrade(handle, key_size)) {
LOG_ERROR(
"encryption key size lower than cached value, disconnecting. "
"handle: 0x%x attempted key size: %d",
handle, key_size);
acl_disconnect_from_handle(
handle, HCI_ERR_HOST_REJECT_SECURITY,
"stack::btu::btu_hcif::read_encryption_key_size_complete_after_"
"encryption_change Key Size Downgrade");
return;
}
btm_sec_update_session_key_size(handle, key_size);
if (btm_sec_is_session_key_size_downgrade(handle, key_size)) {
LOG_ERROR(
"encryption key size lower than cached value, disconnecting. "
"handle: 0x%x attempted key size: %d",
handle, key_size);
acl_disconnect_from_handle(
handle, HCI_ERR_HOST_REJECT_SECURITY,
"stack::btu::btu_hcif::read_encryption_key_size_complete_after_"
"encryption_change Key Size Downgrade");
return;
}
btm_sec_update_session_key_size(handle, key_size);
// good key size - succeed
btm_acl_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
1 /* enable */);
......@@ -3547,52 +3545,24 @@ void smp_cancel_start_encryption_attempt();
******************************************************************************/
void btm_sec_encryption_change_evt(uint16_t handle, tHCI_STATUS status,
uint8_t encr_enable) {
if (IS_FLAG_ENABLED(bluffs_mitigation)) {
if (status != HCI_SUCCESS || encr_enable == 0 ||
BTM_IsBleConnection(handle) ||
!bluetooth::shim::GetController()->IsSupported(
bluetooth::hci::OpCode::READ_ENCRYPTION_KEY_SIZE)) {
if (status == HCI_ERR_CONNECTION_TOUT) {
smp_cancel_start_encryption_attempt();
return;
}
btm_acl_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
encr_enable);
btm_sec_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
encr_enable);
} else {
btsnd_hcic_read_encryption_key_size(
handle,
base::Bind(
&read_encryption_key_size_complete_after_encryption_change));
if (status != HCI_SUCCESS || encr_enable == 0 ||
BTM_IsBleConnection(handle) ||
!bluetooth::shim::GetController()->IsSupported(
bluetooth::hci::OpCode::READ_ENCRYPTION_KEY_SIZE)) {
if (status == HCI_ERR_CONNECTION_TOUT) {
smp_cancel_start_encryption_attempt();
return;
}
} else {
// This block added to ensure matching code flow with the bluffs_mitigation
// flag off. The entire block should be removed when the flag is.
if (status != HCI_SUCCESS || encr_enable == 0 ||
BTM_IsBleConnection(handle) ||
!bluetooth::shim::GetController()->IsSupported(
bluetooth::hci::OpCode::READ_ENCRYPTION_KEY_SIZE) ||
// Skip encryption key size check when using set_min_encryption_key_size
(bluetooth::common::init_flags::set_min_encryption_is_enabled() &&
bluetooth::shim::GetController()->IsSupported(
bluetooth::hci::OpCode::SET_MIN_ENCRYPTION_KEY_SIZE))) {
if (status == HCI_ERR_CONNECTION_TOUT) {
smp_cancel_start_encryption_attempt();
return;
}
btm_acl_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
encr_enable);
btm_sec_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
encr_enable);
} else {
btsnd_hcic_read_encryption_key_size(
handle,
base::Bind(
&read_encryption_key_size_complete_after_encryption_change));
}
btm_acl_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
encr_enable);
btm_sec_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
encr_enable);
} else {
btsnd_hcic_read_encryption_key_size(
handle,
base::Bind(
&read_encryption_key_size_complete_after_encryption_change));
}
}
/*******************************************************************************
......@@ -4195,8 +4165,7 @@ void btm_sec_link_key_notification(const RawAddress& p_bda,
}
}
if (IS_FLAG_ENABLED(bluffs_mitigation) &&
p_dev_rec->sec_rec.is_bond_type_persistent() &&
if (p_dev_rec->sec_rec.is_bond_type_persistent() &&
(p_dev_rec->is_device_type_br_edr() ||
p_dev_rec->is_device_type_dual_mode())) {
btm_sec_store_device_sc_support(p_dev_rec->get_br_edr_hci_handle(),
......@@ -5225,16 +5194,14 @@ void btm_sec_set_peer_sec_caps(uint16_t hci_handle, bool ssp_supported,
tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev_by_handle(hci_handle);
if (p_dev_rec == nullptr) return;
if (IS_FLAG_ENABLED(bluffs_mitigation)) {
// Drop the connection here if the remote attempts to downgrade from Secure
// Connections mode.
if (btm_sec_is_device_sc_downgrade(hci_handle, sc_supported)) {
acl_set_disconnect_reason(HCI_ERR_HOST_REJECT_SECURITY);
btm_sec_send_hci_disconnect(
p_dev_rec, HCI_ERR_AUTH_FAILURE, hci_handle,
"attempted to downgrade from Secure Connections mode");
return;
}
// Drop the connection here if the remote attempts to downgrade from Secure
// Connections mode.
if (btm_sec_is_device_sc_downgrade(hci_handle, sc_supported)) {
acl_set_disconnect_reason(HCI_ERR_HOST_REJECT_SECURITY);
btm_sec_send_hci_disconnect(
p_dev_rec, HCI_ERR_AUTH_FAILURE, hci_handle,
"attempted to downgrade from Secure Connections mode");
return;
}
p_dev_rec->remote_feature_received = true;
......