Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commits on Source (4)
Hide whitespace changes
Inline Side-by-side
flags/security.aconfig
View file @ 9e110004
...@@ -8,13 +8,6 @@ flag { ...@@ -8,13 +8,6 @@ flag {
bug: "319530790" bug: "319530790"
} }
flag {
name: "bluffs_mitigation"
namespace: "bluetooth"
description: "Cache security values to mitigate BLUFFS"
bug: "314331379"
}
flag { flag {
name: "fix_pairing_failure_reason_from_remote" name: "fix_pairing_failure_reason_from_remote"
namespace: "bluetooth" namespace: "bluetooth"
......
system/stack/btm/btm_sec.cc
View file @ 9e110004
...@@ -3510,22 +3510,20 @@ static void read_encryption_key_size_complete_after_encryption_change( ...@@ -3510,22 +3510,20 @@ static void read_encryption_key_size_complete_after_encryption_change(
return; return;
} }
if (IS_FLAG_ENABLED(bluffs_mitigation)) { if (btm_sec_is_session_key_size_downgrade(handle, key_size)) {
if (btm_sec_is_session_key_size_downgrade(handle, key_size)) { LOG_ERROR(
LOG_ERROR( "encryption key size lower than cached value, disconnecting. "
"encryption key size lower than cached value, disconnecting. " "handle: 0x%x attempted key size: %d",
"handle: 0x%x attempted key size: %d", handle, key_size);
handle, key_size); acl_disconnect_from_handle(
acl_disconnect_from_handle( handle, HCI_ERR_HOST_REJECT_SECURITY,
handle, HCI_ERR_HOST_REJECT_SECURITY, "stack::btu::btu_hcif::read_encryption_key_size_complete_after_"
"stack::btu::btu_hcif::read_encryption_key_size_complete_after_" "encryption_change Key Size Downgrade");
"encryption_change Key Size Downgrade"); return;
return;
}
btm_sec_update_session_key_size(handle, key_size);
} }
btm_sec_update_session_key_size(handle, key_size);
// good key size - succeed // good key size - succeed
btm_acl_encrypt_change(handle, static_cast<tHCI_STATUS>(status), btm_acl_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
1 /* enable */); 1 /* enable */);
...@@ -3547,52 +3545,24 @@ void smp_cancel_start_encryption_attempt(); ...@@ -3547,52 +3545,24 @@ void smp_cancel_start_encryption_attempt();
******************************************************************************/ ******************************************************************************/
void btm_sec_encryption_change_evt(uint16_t handle, tHCI_STATUS status, void btm_sec_encryption_change_evt(uint16_t handle, tHCI_STATUS status,
uint8_t encr_enable) { uint8_t encr_enable) {
if (IS_FLAG_ENABLED(bluffs_mitigation)) { if (status != HCI_SUCCESS || encr_enable == 0 ||
if (status != HCI_SUCCESS || encr_enable == 0 || BTM_IsBleConnection(handle) ||
BTM_IsBleConnection(handle) || !bluetooth::shim::GetController()->IsSupported(
!bluetooth::shim::GetController()->IsSupported( bluetooth::hci::OpCode::READ_ENCRYPTION_KEY_SIZE)) {
bluetooth::hci::OpCode::READ_ENCRYPTION_KEY_SIZE)) { if (status == HCI_ERR_CONNECTION_TOUT) {
if (status == HCI_ERR_CONNECTION_TOUT) { smp_cancel_start_encryption_attempt();
smp_cancel_start_encryption_attempt(); return;
return;
}
btm_acl_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
encr_enable);
btm_sec_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
encr_enable);
} else {
btsnd_hcic_read_encryption_key_size(
handle,
base::Bind(
&read_encryption_key_size_complete_after_encryption_change));
} }
} else {
// This block added to ensure matching code flow with the bluffs_mitigation
// flag off. The entire block should be removed when the flag is.
if (status != HCI_SUCCESS || encr_enable == 0 ||
BTM_IsBleConnection(handle) ||
!bluetooth::shim::GetController()->IsSupported(
bluetooth::hci::OpCode::READ_ENCRYPTION_KEY_SIZE) ||
// Skip encryption key size check when using set_min_encryption_key_size
(bluetooth::common::init_flags::set_min_encryption_is_enabled() &&
bluetooth::shim::GetController()->IsSupported(
bluetooth::hci::OpCode::SET_MIN_ENCRYPTION_KEY_SIZE))) {
if (status == HCI_ERR_CONNECTION_TOUT) {
smp_cancel_start_encryption_attempt();
return;
}
btm_acl_encrypt_change(handle, static_cast<tHCI_STATUS>(status), btm_acl_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
encr_enable); encr_enable);
btm_sec_encrypt_change(handle, static_cast<tHCI_STATUS>(status), btm_sec_encrypt_change(handle, static_cast<tHCI_STATUS>(status),
encr_enable); encr_enable);
} else { } else {
btsnd_hcic_read_encryption_key_size( btsnd_hcic_read_encryption_key_size(
handle, handle,
base::Bind( base::Bind(
&read_encryption_key_size_complete_after_encryption_change)); &read_encryption_key_size_complete_after_encryption_change));
}
} }
} }
/******************************************************************************* /*******************************************************************************
...@@ -4195,8 +4165,7 @@ void btm_sec_link_key_notification(const RawAddress& p_bda, ...@@ -4195,8 +4165,7 @@ void btm_sec_link_key_notification(const RawAddress& p_bda,
} }
} }
if (IS_FLAG_ENABLED(bluffs_mitigation) && if (p_dev_rec->sec_rec.is_bond_type_persistent() &&
p_dev_rec->sec_rec.is_bond_type_persistent() &&
(p_dev_rec->is_device_type_br_edr() || (p_dev_rec->is_device_type_br_edr() ||
p_dev_rec->is_device_type_dual_mode())) { p_dev_rec->is_device_type_dual_mode())) {
btm_sec_store_device_sc_support(p_dev_rec->get_br_edr_hci_handle(), btm_sec_store_device_sc_support(p_dev_rec->get_br_edr_hci_handle(),
...@@ -5225,16 +5194,14 @@ void btm_sec_set_peer_sec_caps(uint16_t hci_handle, bool ssp_supported, ...@@ -5225,16 +5194,14 @@ void btm_sec_set_peer_sec_caps(uint16_t hci_handle, bool ssp_supported,
tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev_by_handle(hci_handle); tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev_by_handle(hci_handle);
if (p_dev_rec == nullptr) return; if (p_dev_rec == nullptr) return;
if (IS_FLAG_ENABLED(bluffs_mitigation)) { // Drop the connection here if the remote attempts to downgrade from Secure
// Drop the connection here if the remote attempts to downgrade from Secure // Connections mode.
// Connections mode. if (btm_sec_is_device_sc_downgrade(hci_handle, sc_supported)) {
if (btm_sec_is_device_sc_downgrade(hci_handle, sc_supported)) { acl_set_disconnect_reason(HCI_ERR_HOST_REJECT_SECURITY);
acl_set_disconnect_reason(HCI_ERR_HOST_REJECT_SECURITY); btm_sec_send_hci_disconnect(
btm_sec_send_hci_disconnect( p_dev_rec, HCI_ERR_AUTH_FAILURE, hci_handle,
p_dev_rec, HCI_ERR_AUTH_FAILURE, hci_handle, "attempted to downgrade from Secure Connections mode");
"attempted to downgrade from Secure Connections mode"); return;
return;
}
} }
p_dev_rec->remote_feature_received = true; p_dev_rec->remote_feature_received = true;
......