From 34f101ab80ae607d1db5852be1e837f9be8a26c6 Mon Sep 17 00:00:00 2001
From: Jakub Pawlowski <jpawlowski@google.com>
Date: Tue, 11 Oct 2022 19:04:02 +0200
Subject: [PATCH] Replace CTKD detection with information from lower layers
When performing CTKD, we know about it in SMP, but don't pass this
information to BTA and BTIF layer. In BTIF, we guessed wether CTKD
happens by checking if address returned from pairing is different than
one we requested pairing on. This assumes device is using RPA or Static
address over LE. This is incorrect - device can advertise using Public
address over LE, and still perform CTKD.
Bug: 246560805
Test: pair with device using Public transport over LE multiple times
ensure device is paired and visible in settings.
Change-Id: Iacefcd0439d7fba1c1b1ab873f79c6aae9c73eb8
---
system/bta/dm/bta_dm_act.cc | 8 ++++++--
system/bta/include/bta_api.h | 1 +
system/btif/src/btif_dm.cc | 6 ++----
system/main/shim/btm_api.cc | 2 +-
system/stack/btm/btm_sec.cc | 14 +++++++-------
system/stack/include/security_client_callbacks.h | 3 ++-
6 files changed, 19 insertions(+), 15 deletions(-)
diff --git a/system/bta/dm/bta_dm_act.cc b/system/bta/dm/bta_dm_act.cc
index 65389ad1ff1..6db079bf1ed 100644
--- a/system/bta/dm/bta_dm_act.cc
+++ b/system/bta/dm/bta_dm_act.cc
@@ -89,7 +89,8 @@ static uint8_t bta_dm_pin_cback(const RawAddress& bd_addr, DEV_CLASS dev_class,
static uint8_t bta_dm_new_link_key_cback(const RawAddress& bd_addr,
DEV_CLASS dev_class,
tBTM_BD_NAME bd_name,
- const LinkKey& key, uint8_t key_type);
+ const LinkKey& key, uint8_t key_type,
+ bool is_ctkd);
static void bta_dm_authentication_complete_cback(const RawAddress& bd_addr,
DEV_CLASS dev_class,
tBTM_BD_NAME bd_name,
@@ -2126,7 +2127,8 @@ static uint8_t bta_dm_pin_cback(const RawAddress& bd_addr, DEV_CLASS dev_class,
static uint8_t bta_dm_new_link_key_cback(const RawAddress& bd_addr,
UNUSED_ATTR DEV_CLASS dev_class,
tBTM_BD_NAME bd_name,
- const LinkKey& key, uint8_t key_type) {
+ const LinkKey& key, uint8_t key_type,
+ bool is_ctkd) {
tBTA_DM_SEC sec_event;
tBTA_DM_AUTH_CMPL* p_auth_cmpl;
tBTA_DM_SEC_EVT event = BTA_DM_AUTH_CMPL_EVT;
@@ -2143,6 +2145,8 @@ static uint8_t bta_dm_new_link_key_cback(const RawAddress& bd_addr,
p_auth_cmpl->key_type = key_type;
p_auth_cmpl->success = true;
p_auth_cmpl->key = key;
+ p_auth_cmpl->is_ctkd = is_ctkd;
+
sec_event.auth_cmpl.fail_reason = HCI_SUCCESS;
// Report the BR link key based on the BR/EDR address and type
diff --git a/system/bta/include/bta_api.h b/system/bta/include/bta_api.h
index 58c4c28551a..bcb40844452 100644
--- a/system/bta/include/bta_api.h
+++ b/system/bta/include/bta_api.h
@@ -305,6 +305,7 @@ typedef struct {
fail_reason; /* The HCI reason/error code for when success=false */
tBLE_ADDR_TYPE addr_type; /* Peer device address type */
tBT_DEVICE_TYPE dev_type;
+ bool is_ctkd; /* True if key is derived using CTKD procedure */
} tBTA_DM_AUTH_CMPL;
/* Structure associated with BTA_DM_LINK_UP_EVT */
diff --git a/system/btif/src/btif_dm.cc b/system/btif/src/btif_dm.cc
index 0ce6a639b50..ed99caef9fc 100644
--- a/system/btif/src/btif_dm.cc
+++ b/system/btif/src/btif_dm.cc
@@ -1104,8 +1104,7 @@ static void btif_dm_auth_cmpl_evt(tBTA_DM_AUTH_CMPL* p_auth_cmpl) {
}
bool is_crosskey = false;
- if (pairing_cb.state == BT_BOND_STATE_BONDING &&
- p_auth_cmpl->bd_addr != pairing_cb.bd_addr) {
+ if (pairing_cb.state == BT_BOND_STATE_BONDING && p_auth_cmpl->is_ctkd) {
LOG_INFO("bonding initiated due to cross key pairing");
is_crosskey = true;
}
@@ -1138,8 +1137,7 @@ static void btif_dm_auth_cmpl_evt(tBTA_DM_AUTH_CMPL* p_auth_cmpl) {
invoke_remote_device_properties_cb(BT_STATUS_SUCCESS, bd_addr, 1, &prop);
} else {
/* If bonded due to cross-key, save the static address too*/
- if (pairing_cb.state == BT_BOND_STATE_BONDING &&
- p_auth_cmpl->bd_addr != pairing_cb.bd_addr) {
+ if (is_crosskey) {
BTIF_TRACE_DEBUG(
"%s: bonding initiated due to cross key, adding static address",
__func__);
diff --git a/system/main/shim/btm_api.cc b/system/main/shim/btm_api.cc
index ef1f2378028..e832fdc35d9 100644
--- a/system/main/shim/btm_api.cc
+++ b/system/main/shim/btm_api.cc
@@ -462,7 +462,7 @@ class ShimBondListener : public bluetooth::security::ISecurityManagerListener {
LinkKey key; // Never want to send the key to the stack
(*bta_callbacks_->p_link_key_callback)(
bluetooth::ToRawAddress(device.GetAddress()), 0, name, key,
- BTM_LKEY_TYPE_COMBINATION);
+ BTM_LKEY_TYPE_COMBINATION, false /* is_ctkd */);
}
if (*bta_callbacks_->p_auth_complete_callback) {
(*bta_callbacks_->p_auth_complete_callback)(
diff --git a/system/stack/btm/btm_sec.cc b/system/stack/btm/btm_sec.cc
index ea51aa8d1ee..b650223d5a5 100644
--- a/system/stack/btm/btm_sec.cc
+++ b/system/stack/btm/btm_sec.cc
@@ -3941,9 +3941,9 @@ void btm_sec_link_key_notification(const RawAddress& p_bda,
if (btm_cb.api.p_link_key_callback) {
BTM_TRACE_DEBUG("%s() Save LTK derived LK (key_type = %d)", __func__,
p_dev_rec->link_key_type);
- (*btm_cb.api.p_link_key_callback)(p_bda, p_dev_rec->dev_class,
- p_dev_rec->sec_bd_name, link_key,
- p_dev_rec->link_key_type);
+ (*btm_cb.api.p_link_key_callback)(
+ p_bda, p_dev_rec->dev_class, p_dev_rec->sec_bd_name, link_key,
+ p_dev_rec->link_key_type, true /* is_ctkd */);
}
} else {
if ((p_dev_rec->link_key_type == BTM_LKEY_TYPE_UNAUTH_COMB_P_256) ||
@@ -3991,9 +3991,9 @@ void btm_sec_link_key_notification(const RawAddress& p_bda,
" (key_type = %d)",
p_dev_rec->link_key_type);
} else {
- (*btm_cb.api.p_link_key_callback)(p_bda, p_dev_rec->dev_class,
- p_dev_rec->sec_bd_name, link_key,
- p_dev_rec->link_key_type);
+ (*btm_cb.api.p_link_key_callback)(
+ p_bda, p_dev_rec->dev_class, p_dev_rec->sec_bd_name, link_key,
+ p_dev_rec->link_key_type, false /* is_ctkd */);
}
}
}
@@ -4579,7 +4579,7 @@ static void btm_send_link_key_notif(tBTM_SEC_DEV_REC* p_dev_rec) {
if (btm_cb.api.p_link_key_callback)
(*btm_cb.api.p_link_key_callback)(
p_dev_rec->bd_addr, p_dev_rec->dev_class, p_dev_rec->sec_bd_name,
- p_dev_rec->link_key, p_dev_rec->link_key_type);
+ p_dev_rec->link_key, p_dev_rec->link_key_type, false);
}
/*******************************************************************************
diff --git a/system/stack/include/security_client_callbacks.h b/system/stack/include/security_client_callbacks.h
index de59ff17439..d6070cd050f 100644
--- a/system/stack/include/security_client_callbacks.h
+++ b/system/stack/include/security_client_callbacks.h
@@ -52,7 +52,8 @@ typedef uint8_t(tBTM_PIN_CALLBACK)(const RawAddress& bd_addr,
typedef uint8_t(tBTM_LINK_KEY_CALLBACK)(const RawAddress& bd_addr,
DEV_CLASS dev_class,
tBTM_BD_NAME bd_name,
- const LinkKey& key, uint8_t key_type);
+ const LinkKey& key, uint8_t key_type,
+ bool is_ctkd);
/* Remote Name Resolved. Parameters are
* BD Address of remote
--
GitLab