From 66984a9aeb8945211d0e99e33ffc186d28124c5b Mon Sep 17 00:00:00 2001
From: Jakub Pawlowski <jpawlowski@google.com>
Date: Tue, 11 Oct 2022 19:04:02 +0200
Subject: [PATCH] Replace CTKD detection with information from lower layers
When performing CTKD, we know about it in SMP, but don't pass this
information to BTA and BTIF layer. In BTIF, we guessed wether CTKD
happens by checking if address returned from pairing is different than
one we requested pairing on. This assumes device is using RPA or Static
address over LE. This is incorrect - device can advertise using Public
address over LE, and still perform CTKD.
Bug: 246560805
Test: pair with device using Public transport over LE multiple times
ensure device is paired and visible in settings.
Merged-In: Iacefcd0439d7fba1c1b1ab873f79c6aae9c73eb8
Change-Id: Iacefcd0439d7fba1c1b1ab873f79c6aae9c73eb8
---
system/bta/dm/bta_dm_act.cc | 8 ++++++--
system/bta/include/bta_api.h | 1 +
system/btif/src/btif_dm.cc | 6 ++----
system/main/shim/btm_api.cc | 2 +-
system/stack/btm/btm_sec.cc | 14 +++++++-------
system/stack/include/security_client_callbacks.h | 3 ++-
6 files changed, 19 insertions(+), 15 deletions(-)
diff --git a/system/bta/dm/bta_dm_act.cc b/system/bta/dm/bta_dm_act.cc
index bde70deacdf..6055d30e067 100644
--- a/system/bta/dm/bta_dm_act.cc
+++ b/system/bta/dm/bta_dm_act.cc
@@ -87,7 +87,8 @@ static uint8_t bta_dm_pin_cback(const RawAddress& bd_addr, DEV_CLASS dev_class,
static uint8_t bta_dm_new_link_key_cback(const RawAddress& bd_addr,
DEV_CLASS dev_class,
tBTM_BD_NAME bd_name,
- const LinkKey& key, uint8_t key_type);
+ const LinkKey& key, uint8_t key_type,
+ bool is_ctkd);
static void bta_dm_authentication_complete_cback(const RawAddress& bd_addr,
DEV_CLASS dev_class,
tBTM_BD_NAME bd_name,
@@ -2075,7 +2076,8 @@ static uint8_t bta_dm_pin_cback(const RawAddress& bd_addr, DEV_CLASS dev_class,
static uint8_t bta_dm_new_link_key_cback(const RawAddress& bd_addr,
UNUSED_ATTR DEV_CLASS dev_class,
tBTM_BD_NAME bd_name,
- const LinkKey& key, uint8_t key_type) {
+ const LinkKey& key, uint8_t key_type,
+ bool is_ctkd) {
tBTA_DM_SEC sec_event;
tBTA_DM_AUTH_CMPL* p_auth_cmpl;
tBTA_DM_SEC_EVT event = BTA_DM_AUTH_CMPL_EVT;
@@ -2092,6 +2094,8 @@ static uint8_t bta_dm_new_link_key_cback(const RawAddress& bd_addr,
p_auth_cmpl->key_type = key_type;
p_auth_cmpl->success = true;
p_auth_cmpl->key = key;
+ p_auth_cmpl->is_ctkd = is_ctkd;
+
sec_event.auth_cmpl.fail_reason = HCI_SUCCESS;
// Report the BR link key based on the BR/EDR address and type
diff --git a/system/bta/include/bta_api.h b/system/bta/include/bta_api.h
index 98182f4010e..18a71f327fc 100644
--- a/system/bta/include/bta_api.h
+++ b/system/bta/include/bta_api.h
@@ -304,6 +304,7 @@ typedef struct {
fail_reason; /* The HCI reason/error code for when success=false */
tBLE_ADDR_TYPE addr_type; /* Peer device address type */
tBT_DEVICE_TYPE dev_type;
+ bool is_ctkd; /* True if key is derived using CTKD procedure */
} tBTA_DM_AUTH_CMPL;
/* Structure associated with BTA_DM_LINK_UP_EVT */
diff --git a/system/btif/src/btif_dm.cc b/system/btif/src/btif_dm.cc
index 8191daaf904..b48b076fe21 100644
--- a/system/btif/src/btif_dm.cc
+++ b/system/btif/src/btif_dm.cc
@@ -1079,8 +1079,7 @@ static void btif_dm_auth_cmpl_evt(tBTA_DM_AUTH_CMPL* p_auth_cmpl) {
}
bool is_crosskey = false;
- if (pairing_cb.state == BT_BOND_STATE_BONDING &&
- p_auth_cmpl->bd_addr != pairing_cb.bd_addr) {
+ if (pairing_cb.state == BT_BOND_STATE_BONDING && p_auth_cmpl->is_ctkd) {
LOG_INFO("bonding initiated due to cross key pairing");
is_crosskey = true;
}
@@ -1113,8 +1112,7 @@ static void btif_dm_auth_cmpl_evt(tBTA_DM_AUTH_CMPL* p_auth_cmpl) {
invoke_remote_device_properties_cb(BT_STATUS_SUCCESS, bd_addr, 1, &prop);
} else {
/* If bonded due to cross-key, save the static address too*/
- if (pairing_cb.state == BT_BOND_STATE_BONDING &&
- p_auth_cmpl->bd_addr != pairing_cb.bd_addr) {
+ if (is_crosskey) {
BTIF_TRACE_DEBUG(
"%s: bonding initiated due to cross key, adding static address",
__func__);
diff --git a/system/main/shim/btm_api.cc b/system/main/shim/btm_api.cc
index 8b761c0138e..2833a48a251 100644
--- a/system/main/shim/btm_api.cc
+++ b/system/main/shim/btm_api.cc
@@ -460,7 +460,7 @@ class ShimBondListener : public bluetooth::security::ISecurityManagerListener {
LinkKey key; // Never want to send the key to the stack
(*bta_callbacks_->p_link_key_callback)(
bluetooth::ToRawAddress(device.GetAddress()), 0, name, key,
- BTM_LKEY_TYPE_COMBINATION);
+ BTM_LKEY_TYPE_COMBINATION, false /* is_ctkd */);
}
if (*bta_callbacks_->p_auth_complete_callback) {
(*bta_callbacks_->p_auth_complete_callback)(
diff --git a/system/stack/btm/btm_sec.cc b/system/stack/btm/btm_sec.cc
index ea51aa8d1ee..b650223d5a5 100644
--- a/system/stack/btm/btm_sec.cc
+++ b/system/stack/btm/btm_sec.cc
@@ -3941,9 +3941,9 @@ void btm_sec_link_key_notification(const RawAddress& p_bda,
if (btm_cb.api.p_link_key_callback) {
BTM_TRACE_DEBUG("%s() Save LTK derived LK (key_type = %d)", __func__,
p_dev_rec->link_key_type);
- (*btm_cb.api.p_link_key_callback)(p_bda, p_dev_rec->dev_class,
- p_dev_rec->sec_bd_name, link_key,
- p_dev_rec->link_key_type);
+ (*btm_cb.api.p_link_key_callback)(
+ p_bda, p_dev_rec->dev_class, p_dev_rec->sec_bd_name, link_key,
+ p_dev_rec->link_key_type, true /* is_ctkd */);
}
} else {
if ((p_dev_rec->link_key_type == BTM_LKEY_TYPE_UNAUTH_COMB_P_256) ||
@@ -3991,9 +3991,9 @@ void btm_sec_link_key_notification(const RawAddress& p_bda,
" (key_type = %d)",
p_dev_rec->link_key_type);
} else {
- (*btm_cb.api.p_link_key_callback)(p_bda, p_dev_rec->dev_class,
- p_dev_rec->sec_bd_name, link_key,
- p_dev_rec->link_key_type);
+ (*btm_cb.api.p_link_key_callback)(
+ p_bda, p_dev_rec->dev_class, p_dev_rec->sec_bd_name, link_key,
+ p_dev_rec->link_key_type, false /* is_ctkd */);
}
}
}
@@ -4579,7 +4579,7 @@ static void btm_send_link_key_notif(tBTM_SEC_DEV_REC* p_dev_rec) {
if (btm_cb.api.p_link_key_callback)
(*btm_cb.api.p_link_key_callback)(
p_dev_rec->bd_addr, p_dev_rec->dev_class, p_dev_rec->sec_bd_name,
- p_dev_rec->link_key, p_dev_rec->link_key_type);
+ p_dev_rec->link_key, p_dev_rec->link_key_type, false);
}
/*******************************************************************************
diff --git a/system/stack/include/security_client_callbacks.h b/system/stack/include/security_client_callbacks.h
index de59ff17439..d6070cd050f 100644
--- a/system/stack/include/security_client_callbacks.h
+++ b/system/stack/include/security_client_callbacks.h
@@ -52,7 +52,8 @@ typedef uint8_t(tBTM_PIN_CALLBACK)(const RawAddress& bd_addr,
typedef uint8_t(tBTM_LINK_KEY_CALLBACK)(const RawAddress& bd_addr,
DEV_CLASS dev_class,
tBTM_BD_NAME bd_name,
- const LinkKey& key, uint8_t key_type);
+ const LinkKey& key, uint8_t key_type,
+ bool is_ctkd);
/* Remote Name Resolved. Parameters are
* BD Address of remote
--
GitLab