system/bt
| リビジョン | f32527f508fa9d7966cd72265b299f5d4183f3cc (tree) |
|---|---|
| 日時 | 2019-06-05 18:35:26 |
| 作者 | Chih-Wei Huang <cwhuang@linu...> |
| コミッター | Chih-Wei Huang |
Merge tag 'android-8.1.0_r65' into oreo-x86
Android 8.1.0 release 65
btif/src/btif_dm.cc (diff) btif/src/btif_storage.cc (diff) device/src/controller.cc (diff) stack/btm/btm_sec.cc (diff) stack/btu/btu_hcif.cc (diff) stack/hcic/hcicmds.cc (diff)
stack/include/bt_types.h (diff) stack/include/btm_ble_api.h (diff) stack/include/hcimsgs.h (diff)| @@ -183,7 +183,6 @@ typedef struct { | ||
| 183 | 183 | #define BTA_SERVICE_ID_TO_SERVICE_MASK(id) (1 << (id)) |
| 184 | 184 | |
| 185 | 185 | #define UUID_HUMAN_INTERFACE_DEVICE "00001124-0000-1000-8000-00805f9b34fb" |
| 186 | -#define UUID_EMPTY "00000000-0000-0000-0000-000000000000" | |
| 187 | 186 | |
| 188 | 187 | #define MAX_BTIF_BOND_EVENT_ENTRIES 15 |
| 189 | 188 |
| @@ -262,11 +261,6 @@ static bool is_empty_128bit(uint8_t* data) { | ||
| 262 | 261 | return !memcmp(zero, data, sizeof(zero)); |
| 263 | 262 | } |
| 264 | 263 | |
| 265 | -static bool is_bonding_or_sdp() { | |
| 266 | - return pairing_cb.state == BT_BOND_STATE_BONDING || | |
| 267 | - (pairing_cb.state == BT_BOND_STATE_BONDED && pairing_cb.sdp_attempts); | |
| 268 | -} | |
| 269 | - | |
| 270 | 264 | static void btif_dm_data_copy(uint16_t event, char* dst, char* src) { |
| 271 | 265 | tBTA_DM_SEC* dst_dm_sec = (tBTA_DM_SEC*)dst; |
| 272 | 266 | tBTA_DM_SEC* src_dm_sec = (tBTA_DM_SEC*)src; |
| @@ -493,6 +487,8 @@ static void bond_state_changed(bt_status_t status, const RawAddress& bd_addr, | ||
| 493 | 487 | bt_bond_state_t state) { |
| 494 | 488 | btif_stats_add_bond_event(bd_addr, BTIF_DM_FUNC_BOND_STATE_CHANGED, state); |
| 495 | 489 | |
| 490 | + // Send bonding state only once - based on outgoing/incoming we may receive | |
| 491 | + // duplicates | |
| 496 | 492 | if ((pairing_cb.state == state) && (state == BT_BOND_STATE_BONDING)) { |
| 497 | 493 | // Cross key pairing so send callback for static address |
| 498 | 494 | if (!pairing_cb.static_bdaddr.IsEmpty()) { |
| @@ -510,18 +506,14 @@ static void bond_state_changed(bt_status_t status, const RawAddress& bd_addr, | ||
| 510 | 506 | auto tmp = bd_addr; |
| 511 | 507 | HAL_CBACK(bt_hal_cbacks, bond_state_changed_cb, status, &tmp, state); |
| 512 | 508 | |
| 513 | - int dev_type; | |
| 514 | - if (!btif_get_device_type(bd_addr, &dev_type)) { | |
| 515 | - dev_type = BT_DEVICE_TYPE_BREDR; | |
| 516 | - } | |
| 517 | - | |
| 518 | - if (state == BT_BOND_STATE_BONDING || | |
| 519 | - (state == BT_BOND_STATE_BONDED && pairing_cb.sdp_attempts > 0)) { | |
| 520 | - // Save state for the device is bonding or SDP. | |
| 509 | + if (state == BT_BOND_STATE_BONDING) { | |
| 521 | 510 | pairing_cb.state = state; |
| 522 | 511 | pairing_cb.bd_addr = bd_addr; |
| 523 | 512 | } else { |
| 524 | - pairing_cb = {}; | |
| 513 | + if (!pairing_cb.sdp_attempts) | |
| 514 | + memset(&pairing_cb, 0, sizeof(pairing_cb)); | |
| 515 | + else | |
| 516 | + BTIF_TRACE_DEBUG("%s: BR-EDR service discovery active", __func__); | |
| 525 | 517 | } |
| 526 | 518 | } |
| 527 | 519 |
| @@ -1129,10 +1121,6 @@ static void btif_dm_auth_cmpl_evt(tBTA_DM_AUTH_CMPL* p_auth_cmpl) { | ||
| 1129 | 1121 | |
| 1130 | 1122 | /* Trigger SDP on the device */ |
| 1131 | 1123 | pairing_cb.sdp_attempts = 1; |
| 1132 | - | |
| 1133 | - // Report bonded to Java before start SDP | |
| 1134 | - bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDED); | |
| 1135 | - | |
| 1136 | 1124 | btif_dm_get_remote_services(bd_addr); |
| 1137 | 1125 | } |
| 1138 | 1126 | } |
| @@ -1390,9 +1378,9 @@ static void btif_dm_search_services_evt(uint16_t event, char* p_param) { | ||
| 1390 | 1378 | |
| 1391 | 1379 | BTIF_TRACE_DEBUG("%s:(result=0x%x, services 0x%x)", __func__, |
| 1392 | 1380 | p_data->disc_res.result, p_data->disc_res.services); |
| 1393 | - if (p_data->disc_res.result != BTA_SUCCESS && | |
| 1394 | - pairing_cb.state == BT_BOND_STATE_BONDED && | |
| 1395 | - pairing_cb.sdp_attempts < BTIF_DM_MAX_SDP_ATTEMPTS_AFTER_PAIRING) { | |
| 1381 | + if ((p_data->disc_res.result != BTA_SUCCESS) && | |
| 1382 | + (pairing_cb.state == BT_BOND_STATE_BONDING) && | |
| 1383 | + (pairing_cb.sdp_attempts < BTIF_DM_MAX_SDP_ATTEMPTS_AFTER_PAIRING)) { | |
| 1396 | 1384 | BTIF_TRACE_WARNING("%s:SDP failed after bonding re-attempting", |
| 1397 | 1385 | __func__); |
| 1398 | 1386 | pairing_cb.sdp_attempts++; |
| @@ -1417,42 +1405,21 @@ static void btif_dm_search_services_evt(uint16_t event, char* p_param) { | ||
| 1417 | 1405 | /* onUuidChanged requires getBondedDevices to be populated. |
| 1418 | 1406 | ** bond_state_changed needs to be sent prior to remote_device_property |
| 1419 | 1407 | */ |
| 1420 | - if ((pairing_cb.state == BT_BOND_STATE_BONDED && pairing_cb.sdp_attempts) && | |
| 1408 | + if ((pairing_cb.state == BT_BOND_STATE_BONDING) && | |
| 1421 | 1409 | (p_data->disc_res.bd_addr == pairing_cb.bd_addr || |
| 1422 | - p_data->disc_res.bd_addr == pairing_cb.static_bdaddr)) { | |
| 1423 | - LOG_INFO(LOG_TAG, "%s Remote Service SDP done.", __func__); | |
| 1410 | + p_data->disc_res.bd_addr == pairing_cb.static_bdaddr) && | |
| 1411 | + pairing_cb.sdp_attempts > 0) { | |
| 1412 | + BTIF_TRACE_DEBUG( | |
| 1413 | + "%s Remote Service SDP done. Call bond_state_changed_cb BONDED", | |
| 1414 | + __func__); | |
| 1424 | 1415 | pairing_cb.sdp_attempts = 0; |
| 1425 | 1416 | |
| 1426 | - // If bond occured due to cross-key pairing, send bond state callback | |
| 1417 | + // If bonding occured due to cross-key pairing, send bonding callback | |
| 1427 | 1418 | // for static address now |
| 1428 | - if (p_data->disc_res.bd_addr == pairing_cb.static_bdaddr) { | |
| 1419 | + if (p_data->disc_res.bd_addr == pairing_cb.static_bdaddr) | |
| 1429 | 1420 | bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDING); |
| 1430 | - bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDED); | |
| 1431 | - } | |
| 1432 | - if (pairing_cb.state == BT_BOND_STATE_BONDED) { | |
| 1433 | - if (p_data->disc_res.result == BTA_SUCCESS) { | |
| 1434 | - // Device is bonded and SDP completed. Clear the pairing control | |
| 1435 | - // block. | |
| 1436 | - pairing_cb = {}; | |
| 1437 | - } else { | |
| 1438 | - // Report empty UUID to Java if SDP report negative result while | |
| 1439 | - // pairing. | |
| 1440 | - bt_property_t prop; | |
| 1441 | - bt_uuid_t uuid; | |
| 1442 | - char uuid_str[128] = UUID_EMPTY; | |
| 1443 | - | |
| 1444 | - string_to_uuid(uuid_str, &uuid); | |
| 1445 | - | |
| 1446 | - prop.type = BT_PROPERTY_UUIDS; | |
| 1447 | - prop.val = uuid.uu; | |
| 1448 | - prop.len = MAX_UUID_SIZE; | |
| 1449 | - | |
| 1450 | - /* Send the event to the BTIF */ | |
| 1451 | - HAL_CBACK(bt_hal_cbacks, remote_device_properties_cb, | |
| 1452 | - BT_STATUS_SUCCESS, &bd_addr, 1, &prop); | |
| 1453 | - break; | |
| 1454 | - } | |
| 1455 | - } | |
| 1421 | + | |
| 1422 | + bond_state_changed(BT_STATUS_SUCCESS, bd_addr, BT_BOND_STATE_BONDED); | |
| 1456 | 1423 | } |
| 1457 | 1424 | |
| 1458 | 1425 | if (p_data->disc_res.num_uuids != 0) { |
| @@ -1662,7 +1629,7 @@ static void btif_dm_upstreams_evt(uint16_t event, char* p_param) { | ||
| 1662 | 1629 | break; |
| 1663 | 1630 | |
| 1664 | 1631 | case BTA_DM_BOND_CANCEL_CMPL_EVT: |
| 1665 | - if (is_bonding_or_sdp()) { | |
| 1632 | + if (pairing_cb.state == BT_BOND_STATE_BONDING) { | |
| 1666 | 1633 | bd_addr = pairing_cb.bd_addr; |
| 1667 | 1634 | btm_set_bond_type_dev(pairing_cb.bd_addr, BOND_TYPE_UNKNOWN); |
| 1668 | 1635 | bond_state_changed((bt_status_t)p_data->bond_cancel_cmpl.result, |
| @@ -2310,7 +2277,7 @@ bt_status_t btif_dm_cancel_bond(const RawAddress* bd_addr) { | ||
| 2310 | 2277 | ** 1. Restore scan modes |
| 2311 | 2278 | ** 2. special handling for HID devices |
| 2312 | 2279 | */ |
| 2313 | - if (is_bonding_or_sdp()) { | |
| 2280 | + if (pairing_cb.state == BT_BOND_STATE_BONDING) { | |
| 2314 | 2281 | if (pairing_cb.is_ssp) { |
| 2315 | 2282 | if (pairing_cb.is_le_only) { |
| 2316 | 2283 | BTA_DmBleSecurityGrant(*bd_addr, BTA_DM_SEC_PAIR_NOT_SPT); |
| @@ -2502,7 +2469,7 @@ bt_status_t btif_dm_get_remote_services(const RawAddress& remote_addr) { | ||
| 2502 | 2469 | |
| 2503 | 2470 | /******************************************************************************* |
| 2504 | 2471 | * |
| 2505 | - * Function btif_dm_get_remote_services_by_transport | |
| 2472 | + * Function btif_dm_get_remote_services_transport | |
| 2506 | 2473 | * |
| 2507 | 2474 | * Description Start SDP to get remote services by transport |
| 2508 | 2475 | * |
| @@ -3204,7 +3171,7 @@ bt_status_t btif_le_test_mode(uint16_t opcode, uint8_t* buf, uint8_t len) { | ||
| 3204 | 3171 | |
| 3205 | 3172 | void btif_dm_on_disable() { |
| 3206 | 3173 | /* cancel any pending pairing requests */ |
| 3207 | - if (is_bonding_or_sdp()) { | |
| 3174 | + if (pairing_cb.state == BT_BOND_STATE_BONDING) { | |
| 3208 | 3175 | BTIF_TRACE_DEBUG("%s: Cancel pending pairing request", __func__); |
| 3209 | 3176 | btif_dm_cancel_bond(&pairing_cb.bd_addr); |
| 3210 | 3177 | } |
| @@ -35,6 +35,7 @@ | ||
| 35 | 35 | #include <alloca.h> |
| 36 | 36 | #include <base/logging.h> |
| 37 | 37 | #include <ctype.h> |
| 38 | +#include <log/log.h> | |
| 38 | 39 | #include <stdlib.h> |
| 39 | 40 | #include <string.h> |
| 40 | 41 | #include <time.h> |
| @@ -783,6 +784,47 @@ bt_status_t btif_storage_remove_bonded_device( | ||
| 783 | 784 | return ret ? BT_STATUS_SUCCESS : BT_STATUS_FAIL; |
| 784 | 785 | } |
| 785 | 786 | |
| 787 | +/* Some devices hardcode sample LTK value from spec, instead of generating one. | |
| 788 | + * Treat such devices as insecure, and remove such bonds when bluetooth | |
| 789 | + * restarts. Removing them after disconnection is handled separately. | |
| 790 | + * | |
| 791 | + * We still allow such devices to bond in order to give the user a chance to | |
| 792 | + * update firmware. | |
| 793 | + */ | |
| 794 | +static void remove_devices_with_sample_ltk() { | |
| 795 | + std::vector<RawAddress> bad_ltk; | |
| 796 | + for (const btif_config_section_iter_t* iter = btif_config_section_begin(); | |
| 797 | + iter != btif_config_section_end(); | |
| 798 | + iter = btif_config_section_next(iter)) { | |
| 799 | + const std::string name(btif_config_section_name(iter)); | |
| 800 | + if (!RawAddress::IsValidAddress(name)) { | |
| 801 | + continue; | |
| 802 | + } | |
| 803 | + | |
| 804 | + RawAddress bd_addr; | |
| 805 | + RawAddress::FromString(name, bd_addr); | |
| 806 | + | |
| 807 | + tBTA_LE_KEY_VALUE key; | |
| 808 | + memset(&key, 0, sizeof(key)); | |
| 809 | + | |
| 810 | + if (btif_storage_get_ble_bonding_key( | |
| 811 | + &bd_addr, BTIF_DM_LE_KEY_PENC, (char*)&key, | |
| 812 | + sizeof(tBTM_LE_PENC_KEYS)) == BT_STATUS_SUCCESS) { | |
| 813 | + if (is_sample_ltk(key.penc_key.ltk)) { | |
| 814 | + bad_ltk.push_back(bd_addr); | |
| 815 | + } | |
| 816 | + } | |
| 817 | + } | |
| 818 | + | |
| 819 | + for (RawAddress address : bad_ltk) { | |
| 820 | + android_errorWriteLog(0x534e4554, "128437297"); | |
| 821 | + LOG(ERROR) << __func__ | |
| 822 | + << ": removing bond to device using test TLK: " << address; | |
| 823 | + | |
| 824 | + btif_storage_remove_bonded_device(&address); | |
| 825 | + } | |
| 826 | +} | |
| 827 | + | |
| 786 | 828 | /******************************************************************************* |
| 787 | 829 | * |
| 788 | 830 | * Function btif_storage_load_bonded_devices |
| @@ -810,6 +852,8 @@ bt_status_t btif_storage_load_bonded_devices(void) { | ||
| 810 | 852 | bt_uuid_t remote_uuids[BT_MAX_NUM_UUIDS]; |
| 811 | 853 | bt_status_t status; |
| 812 | 854 | |
| 855 | + remove_devices_with_sample_ltk(); | |
| 856 | + | |
| 813 | 857 | btif_in_fetch_bonded_devices(&bonded_devices, 1); |
| 814 | 858 | |
| 815 | 859 | /* Now send the adapter_properties_cb with all adapter_properties */ |
| @@ -253,6 +253,10 @@ static future_t* start_up(void) { | ||
| 253 | 253 | response, &number_of_local_supported_codecs, local_supported_codecs); |
| 254 | 254 | } |
| 255 | 255 | |
| 256 | + if (!HCI_READ_ENCR_KEY_SIZE_SUPPORTED(supported_commands)) { | |
| 257 | + LOG(FATAL) << " Controller must support Read Encryption Key Size command"; | |
| 258 | + } | |
| 259 | + | |
| 256 | 260 | readable = true; |
| 257 | 261 | return future_new_immediate(FUTURE_SUCCESS); |
| 258 | 262 | } |
| @@ -24,6 +24,7 @@ | ||
| 24 | 24 | |
| 25 | 25 | #define LOG_TAG "bt_btm_sec" |
| 26 | 26 | |
| 27 | +#include <log/log.h> | |
| 27 | 28 | #include <stdarg.h> |
| 28 | 29 | #include <stdio.h> |
| 29 | 30 | #include <string.h> |
| @@ -42,6 +43,8 @@ | ||
| 42 | 43 | |
| 43 | 44 | #include "gatt_int.h" |
| 44 | 45 | |
| 46 | +#include "bta/dm/bta_dm_int.h" | |
| 47 | + | |
| 45 | 48 | #define BTM_SEC_MAX_COLLISION_DELAY (5000) |
| 46 | 49 | |
| 47 | 50 | #ifdef APPL_AUTH_WRITE_EXCEPTION |
| @@ -4660,6 +4663,19 @@ void btm_sec_disconnected(uint16_t handle, uint8_t reason) { | ||
| 4660 | 4663 | BTM_TRACE_EVENT("%s after update sec_flags=0x%x", __func__, |
| 4661 | 4664 | p_dev_rec->sec_flags); |
| 4662 | 4665 | |
| 4666 | + /* Some devices hardcode sample LTK value from spec, instead of generating | |
| 4667 | + * one. Treat such devices as insecure, and remove such bonds on | |
| 4668 | + * disconnection. | |
| 4669 | + */ | |
| 4670 | + if (is_sample_ltk(p_dev_rec->ble.keys.pltk)) { | |
| 4671 | + android_errorWriteLog(0x534e4554, "128437297"); | |
| 4672 | + LOG(INFO) << __func__ << " removing bond to device that used sample LTK"; | |
| 4673 | + | |
| 4674 | + tBTA_DM_MSG p_data; | |
| 4675 | + p_data.remove_dev.bd_addr = p_dev_rec->bd_addr; | |
| 4676 | + bta_dm_remove_device(&p_data); | |
| 4677 | + } | |
| 4678 | + | |
| 4663 | 4679 | if (p_dev_rec->sec_state == BTM_SEC_STATE_DISCONNECTING_BOTH) { |
| 4664 | 4680 | p_dev_rec->sec_state = (transport == BT_TRANSPORT_LE) |
| 4665 | 4681 | ? BTM_SEC_STATE_DISCONNECTING |
| @@ -32,6 +32,7 @@ | ||
| 32 | 32 | #include <base/location.h> |
| 33 | 33 | #include <base/logging.h> |
| 34 | 34 | #include <base/threading/thread.h> |
| 35 | +#include <log/log.h> | |
| 35 | 36 | #include <stdio.h> |
| 36 | 37 | #include <stdlib.h> |
| 37 | 38 | #include <string.h> |
| @@ -705,6 +706,31 @@ static void btu_hcif_rmt_name_request_comp_evt(uint8_t* p, uint16_t evt_len) { | ||
| 705 | 706 | btm_sec_rmt_name_request_complete(&bd_addr, p, status); |
| 706 | 707 | } |
| 707 | 708 | |
| 709 | +constexpr uint8_t MIN_KEY_SIZE = 7; | |
| 710 | + | |
| 711 | +static void read_encryption_key_size_complete_after_encryption_change( | |
| 712 | + uint8_t status, uint16_t handle, uint8_t key_size) { | |
| 713 | + if (status != HCI_SUCCESS) { | |
| 714 | + HCI_TRACE_WARNING("%s: disconnecting, status: 0x%02x", __func__, status); | |
| 715 | + btsnd_hcic_disconnect(handle, HCI_ERR_PEER_USER); | |
| 716 | + return; | |
| 717 | + } | |
| 718 | + | |
| 719 | + if (key_size < MIN_KEY_SIZE) { | |
| 720 | + android_errorWriteLog(0x534e4554, "124301137"); | |
| 721 | + HCI_TRACE_ERROR( | |
| 722 | + "%s encryption key too short, disconnecting. handle: 0x%02x, key_size: " | |
| 723 | + "%d", | |
| 724 | + __func__, handle, key_size); | |
| 725 | + | |
| 726 | + btsnd_hcic_disconnect(handle, HCI_ERR_HOST_REJECT_SECURITY); | |
| 727 | + return; | |
| 728 | + } | |
| 729 | + | |
| 730 | + // good key size - succeed | |
| 731 | + btm_acl_encrypt_change(handle, status, 1 /* enable */); | |
| 732 | + btm_sec_encrypt_change(handle, status, 1 /* enable */); | |
| 733 | +} | |
| 708 | 734 | /******************************************************************************* |
| 709 | 735 | * |
| 710 | 736 | * Function btu_hcif_encryption_change_evt |
| @@ -723,8 +749,15 @@ static void btu_hcif_encryption_change_evt(uint8_t* p) { | ||
| 723 | 749 | STREAM_TO_UINT16(handle, p); |
| 724 | 750 | STREAM_TO_UINT8(encr_enable, p); |
| 725 | 751 | |
| 726 | - btm_acl_encrypt_change(handle, status, encr_enable); | |
| 727 | - btm_sec_encrypt_change(handle, status, encr_enable); | |
| 752 | + if (status != HCI_SUCCESS || encr_enable == 0 || | |
| 753 | + BTM_IsBleConnection(handle)) { | |
| 754 | + btm_acl_encrypt_change(handle, status, encr_enable); | |
| 755 | + btm_sec_encrypt_change(handle, status, encr_enable); | |
| 756 | + } else { | |
| 757 | + btsnd_hcic_read_encryption_key_size( | |
| 758 | + handle, | |
| 759 | + base::Bind(&read_encryption_key_size_complete_after_encryption_change)); | |
| 760 | + } | |
| 728 | 761 | } |
| 729 | 762 | |
| 730 | 763 | /******************************************************************************* |
| @@ -1622,22 +1655,48 @@ static void btu_hcif_enhanced_flush_complete_evt(void) { | ||
| 1622 | 1655 | * End of Simple Pairing Events |
| 1623 | 1656 | **********************************************/ |
| 1624 | 1657 | |
| 1625 | -/********************************************** | |
| 1626 | - * BLE Events | |
| 1627 | - **********************************************/ | |
| 1658 | +static void read_encryption_key_size_complete_after_key_refresh( | |
| 1659 | + uint8_t status, uint16_t handle, uint8_t key_size) { | |
| 1660 | + if (status != HCI_SUCCESS) { | |
| 1661 | + HCI_TRACE_WARNING("%s: disconnecting, status: 0x%02x", __func__, status); | |
| 1662 | + btsnd_hcic_disconnect(handle, HCI_ERR_PEER_USER); | |
| 1663 | + return; | |
| 1664 | + } | |
| 1665 | + | |
| 1666 | + if (key_size < MIN_KEY_SIZE) { | |
| 1667 | + android_errorWriteLog(0x534e4554, "124301137"); | |
| 1668 | + HCI_TRACE_WARNING( | |
| 1669 | + "%s encryption key too short, disconnecting. handle: 0x%02x, key_size: " | |
| 1670 | + "%d", | |
| 1671 | + __func__, handle, key_size); | |
| 1672 | + | |
| 1673 | + btsnd_hcic_disconnect(handle, HCI_ERR_HOST_REJECT_SECURITY); | |
| 1674 | + return; | |
| 1675 | + } | |
| 1676 | + | |
| 1677 | + btm_sec_encrypt_change(handle, status, 1 /* enc_enable */); | |
| 1678 | +} | |
| 1679 | + | |
| 1628 | 1680 | static void btu_hcif_encryption_key_refresh_cmpl_evt(uint8_t* p) { |
| 1629 | 1681 | uint8_t status; |
| 1630 | - uint8_t enc_enable = 0; | |
| 1631 | 1682 | uint16_t handle; |
| 1632 | 1683 | |
| 1633 | 1684 | STREAM_TO_UINT8(status, p); |
| 1634 | 1685 | STREAM_TO_UINT16(handle, p); |
| 1635 | 1686 | |
| 1636 | - if (status == HCI_SUCCESS) enc_enable = 1; | |
| 1637 | - | |
| 1638 | - btm_sec_encrypt_change(handle, status, enc_enable); | |
| 1687 | + if (status != HCI_SUCCESS || BTM_IsBleConnection(handle)) { | |
| 1688 | + btm_sec_encrypt_change(handle, status, (status == HCI_SUCCESS) ? 1 : 0); | |
| 1689 | + } else { | |
| 1690 | + btsnd_hcic_read_encryption_key_size( | |
| 1691 | + handle, | |
| 1692 | + base::Bind(&read_encryption_key_size_complete_after_key_refresh)); | |
| 1693 | + } | |
| 1639 | 1694 | } |
| 1640 | 1695 | |
| 1696 | +/********************************************** | |
| 1697 | + * BLE Events | |
| 1698 | + **********************************************/ | |
| 1699 | + | |
| 1641 | 1700 | static void btu_ble_ll_conn_complete_evt(uint8_t* p, uint16_t evt_len) { |
| 1642 | 1701 | btm_ble_conn_complete(p, evt_len, false); |
| 1643 | 1702 | } |
| @@ -29,6 +29,7 @@ | ||
| 29 | 29 | #include "hcidefs.h" |
| 30 | 30 | #include "hcimsgs.h" |
| 31 | 31 | |
| 32 | +#include <base/bind.h> | |
| 32 | 33 | #include <stddef.h> |
| 33 | 34 | #include <string.h> |
| 34 | 35 |
| @@ -1311,6 +1312,32 @@ void btsnd_hcic_read_rssi(uint16_t handle) { | ||
| 1311 | 1312 | btu_hcif_send_cmd(LOCAL_BR_EDR_CONTROLLER_ID, p); |
| 1312 | 1313 | } |
| 1313 | 1314 | |
| 1315 | +static void read_encryption_key_size_complete( | |
| 1316 | + ReadEncKeySizeCb cb, uint8_t* return_parameters, | |
| 1317 | + uint16_t return_parameters_length) { | |
| 1318 | + uint8_t status; | |
| 1319 | + uint16_t handle; | |
| 1320 | + uint8_t key_size; | |
| 1321 | + STREAM_TO_UINT8(status, return_parameters); | |
| 1322 | + STREAM_TO_UINT16(handle, return_parameters); | |
| 1323 | + STREAM_TO_UINT8(key_size, return_parameters); | |
| 1324 | + | |
| 1325 | + std::move(cb).Run(status, handle, key_size); | |
| 1326 | +} | |
| 1327 | + | |
| 1328 | +void btsnd_hcic_read_encryption_key_size(uint16_t handle, ReadEncKeySizeCb cb) { | |
| 1329 | + constexpr uint8_t len = 2; | |
| 1330 | + uint8_t param[len]; | |
| 1331 | + memset(param, 0, len); | |
| 1332 | + | |
| 1333 | + uint8_t* p = param; | |
| 1334 | + UINT16_TO_STREAM(p, handle); | |
| 1335 | + | |
| 1336 | + btu_hcif_send_cmd_with_cb( | |
| 1337 | + FROM_HERE, HCI_READ_ENCR_KEY_SIZE, param, len, | |
| 1338 | + base::Bind(&read_encryption_key_size_complete, base::Passed(&cb))); | |
| 1339 | +} | |
| 1340 | + | |
| 1314 | 1341 | void btsnd_hcic_read_failed_contact_counter(uint16_t handle) { |
| 1315 | 1342 | BT_HDR* p = (BT_HDR*)osi_malloc(HCI_CMD_BUF_SIZE); |
| 1316 | 1343 | uint8_t* pp = (uint8_t*)(p + 1); |
| @@ -21,6 +21,7 @@ | ||
| 21 | 21 | |
| 22 | 22 | #include <stdbool.h> |
| 23 | 23 | #include <stdint.h> |
| 24 | +#include <string.h> | |
| 24 | 25 | |
| 25 | 26 | #ifndef FALSE |
| 26 | 27 | #define FALSE false |
| @@ -929,4 +930,12 @@ typedef uint8_t tBT_DEVICE_TYPE; | ||
| 929 | 930 | /* Define a function for logging */ |
| 930 | 931 | typedef void(BT_LOG_FUNC)(int trace_type, const char* fmt_str, ...); |
| 931 | 932 | |
| 933 | +static inline bool is_sample_ltk(const BT_OCTET16 ltk) { | |
| 934 | + /* Sample LTK from BT Spec 5.1 | Vol 6, Part C 1 | |
| 935 | + * 0x4C68384139F574D836BCF34E9DFB01BF */ | |
| 936 | + const uint8_t SAMPLE_LTK[] = {0xbf, 0x01, 0xfb, 0x9d, 0x4e, 0xf3, 0xbc, 0x36, | |
| 937 | + 0xd8, 0x74, 0xf5, 0x39, 0x41, 0x38, 0x68, 0x4c}; | |
| 938 | + return memcmp(ltk, SAMPLE_LTK, BT_OCTET16_LEN) == 0; | |
| 939 | +} | |
| 940 | + | |
| 932 | 941 | #endif |
| @@ -366,6 +366,18 @@ extern void BTM_ReadConnectionAddr(const RawAddress& remote_bda, | ||
| 366 | 366 | |
| 367 | 367 | /******************************************************************************* |
| 368 | 368 | * |
| 369 | + * Function BTM_IsBleConnection | |
| 370 | + * | |
| 371 | + * Description This function is called to check if the connection handle | |
| 372 | + * for an LE link | |
| 373 | + * | |
| 374 | + * Returns true if connection is LE link, otherwise false. | |
| 375 | + * | |
| 376 | + ******************************************************************************/ | |
| 377 | +extern bool BTM_IsBleConnection(uint16_t conn_handle); | |
| 378 | + | |
| 379 | +/******************************************************************************* | |
| 380 | + * | |
| 369 | 381 | * Function BTM_ReadRemoteConnectionAddr |
| 370 | 382 | * |
| 371 | 383 | * Description Read the remote device address currently used. |
| @@ -612,6 +612,9 @@ extern void btsnd_hcic_write_cur_iac_lap( | ||
| 612 | 612 | |
| 613 | 613 | extern void btsnd_hcic_get_link_quality(uint16_t handle); /* Get Link Quality */ |
| 614 | 614 | extern void btsnd_hcic_read_rssi(uint16_t handle); /* Read RSSI */ |
| 615 | +using ReadEncKeySizeCb = base::Callback<void(uint8_t, uint16_t, uint8_t)>; | |
| 616 | +extern void btsnd_hcic_read_encryption_key_size(uint16_t handle, | |
| 617 | + ReadEncKeySizeCb cb); | |
| 615 | 618 | extern void btsnd_hcic_read_failed_contact_counter(uint16_t handle); |
| 616 | 619 | extern void btsnd_hcic_read_automatic_flush_timeout(uint16_t handle); |
| 617 | 620 | extern void btsnd_hcic_enable_test_mode( |
Fork