#include <alloca.h>
#include <base/logging.h>
#include <ctype.h>
+#include <log/log.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
return ret ? BT_STATUS_SUCCESS : BT_STATUS_FAIL;
}
+/* Some devices hardcode sample LTK value from spec, instead of generating one.
+ * Treat such devices as insecure, and remove such bonds when bluetooth
+ * restarts. Removing them after disconnection is handled separately.
+ *
+ * We still allow such devices to bond in order to give the user a chance to
+ * update firmware.
+ */
+static void remove_devices_with_sample_ltk() {
+ std::vector<RawAddress> bad_ltk;
+ for (const section_t& section : btif_config_sections()) {
+ const std::string& name = section.name;
+ if (!RawAddress::IsValidAddress(name)) {
+ continue;
+ }
+
+ RawAddress bd_addr;
+ RawAddress::FromString(name, bd_addr);
+
+ tBTA_LE_KEY_VALUE key;
+ memset(&key, 0, sizeof(key));
+
+ if (btif_storage_get_ble_bonding_key(&bd_addr, BTIF_DM_LE_KEY_PENC, (uint8_t*)&key, sizeof(tBTM_LE_PENC_KEYS)) ==
+ BT_STATUS_SUCCESS) {
+ if (is_sample_ltk(key.penc_key.ltk)) {
+ bad_ltk.push_back(bd_addr);
+ }
+ }
+ }
+
+ for (RawAddress address : bad_ltk) {
+ android_errorWriteLog(0x534e4554, "128437297");
+ LOG(ERROR) << __func__ << ": removing bond to device using test TLK: " << address;
+
+ btif_storage_remove_bonded_device(&address);
+ }
+}
+
/*******************************************************************************
*
* Function btif_storage_load_bonded_devices
Uuid remote_uuids[BT_MAX_NUM_UUIDS];
bt_status_t status;
+ remove_devices_with_sample_ltk();
+
btif_in_fetch_bonded_devices(&bonded_devices, 1);
/* Now send the adapter_properties_cb with all adapter_properties */
#include <frameworks/base/core/proto/android/bluetooth/enums.pb.h>
#include <frameworks/base/core/proto/android/bluetooth/hci/enums.pb.h>
+#include <log/log.h>
#include <stdarg.h>
#include <stdio.h>
#include <string.h>
extern void btm_ble_advertiser_notify_terminated_legacy(
uint8_t status, uint16_t connection_handle);
+extern void bta_dm_remove_device(const RawAddress& bd_addr);
/*******************************************************************************
* L O C A L F U N C T I O N P R O T O T Y P E S *
p_dev_rec->sec_flags &= ~(BTM_SEC_LINK_KEY_KNOWN);
}
+ /* Some devices hardcode sample LTK value from spec, instead of generating
+ * one. Treat such devices as insecure, and remove such bonds on
+ * disconnection.
+ */
+ if (is_sample_ltk(p_dev_rec->ble.keys.pltk)) {
+ android_errorWriteLog(0x534e4554, "128437297");
+ LOG(INFO) << __func__ << " removing bond to device that used sample LTK: " << p_dev_rec->bd_addr;
+
+ bta_dm_remove_device(p_dev_rec->bd_addr);
+ }
+
BTM_TRACE_EVENT("%s after update sec_flags=0x%x", __func__,
p_dev_rec->sec_flags);
constexpr int LINK_KEY_LEN = OCTET16_LEN;
typedef Octet16 LinkKey; /* Link Key */
+/* Sample LTK from BT Spec 5.1 | Vol 6, Part C 1
+ * 0x4C68384139F574D836BCF34E9DFB01BF */
+constexpr Octet16 SAMPLE_LTK = {0xbf, 0x01, 0xfb, 0x9d, 0x4e, 0xf3, 0xbc, 0x36,
+ 0xd8, 0x74, 0xf5, 0x39, 0x41, 0x38, 0x68, 0x4c};
+inline bool is_sample_ltk(const Octet16& ltk) {
+ return ltk == SAMPLE_LTK;
+}
+
#endif
#define PIN_CODE_LEN 16
OSDN Git Service
