From 70411f0877d9e57c185b049a7b94241181876f72 Mon Sep 17 00:00:00 2001
From: Jakub Pawlowski <jpawlowski@google.com>
Date: Mon, 11 Mar 2019 19:22:01 +0100
Subject: Don't persist bonds using sample LTK

Test: compilation, manual testing
Bug: 128843052
Bug: 162497143
Merged-In: I52fd484d42bf87e96dbc9e6456090f231ed48111
Change-Id: I52fd484d42bf87e96dbc9e6456090f231ed48111
(cherry picked from commit 292fcf8612f488a2fcbf99614caba46ead076eb2)
---
 btif/src/btif_storage.cc | 43 +++++++++++++++++++++++++++++++++++++++++++
 stack/btm/btm_sec.cc     | 16 ++++++++++++++++
 stack/include/bt_types.h | 10 ++++++++++
 3 files changed, 69 insertions(+)

diff --git a/btif/src/btif_storage.cc b/btif/src/btif_storage.cc
index c8dfcdeca..d45790b6d 100644
--- a/btif/src/btif_storage.cc
+++ b/btif/src/btif_storage.cc
@@ -35,6 +35,7 @@
 #include <alloca.h>
 #include <base/logging.h>
 #include <ctype.h>
+#include <log/log.h>
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
@@ -779,6 +780,46 @@ bt_status_t btif_storage_remove_bonded_device(bt_bdaddr_t* remote_bd_addr) {
   return ret ? BT_STATUS_SUCCESS : BT_STATUS_FAIL;
 }
 
+/* Some devices hardcode sample LTK value from spec, instead of generating one.
+ * Treat such devices as insecure, and remove such bonds when bluetooth
+ * restarts. Removing them after disconnection is handled separately.
+ *
+ * We still allow such devices to bond in order to give the user a chance to
+ * update firmware.
+ */
+static void remove_devices_with_sample_ltk() {
+  std::vector<bt_bdaddr_t> bad_ltk;
+  for (const btif_config_section_iter_t* iter = btif_config_section_begin();
+       iter != btif_config_section_end();
+       iter = btif_config_section_next(iter)) {
+    const char* name = btif_config_section_name(iter);
+    if (!string_is_bdaddr(name)) {
+      continue;
+    }
+
+    bt_bdaddr_t bda;
+    string_to_bdaddr(name, &bda);
+
+    tBTA_LE_KEY_VALUE key;
+    memset(&key, 0, sizeof(key));
+
+    if (btif_storage_get_ble_bonding_key(&bda, BTIF_DM_LE_KEY_PENC, (char*)&key,
+                                         sizeof(tBTM_LE_PENC_KEYS)) ==
+        BT_STATUS_SUCCESS) {
+      if (is_sample_ltk(key.penc_key.ltk)) {
+        bad_ltk.push_back(bda);
+      }
+    }
+  }
+
+  for (bt_bdaddr_t address : bad_ltk) {
+    android_errorWriteLog(0x534e4554, "128437297");
+    LOG(ERROR) << __func__ << ": removing bond to device using test TLK";
+
+    btif_storage_remove_bonded_device(&address);
+  }
+}
+
 /*******************************************************************************
  *
  * Function         btif_storage_load_bonded_devices
@@ -806,6 +847,8 @@ bt_status_t btif_storage_load_bonded_devices(void) {
   bt_uuid_t remote_uuids[BT_MAX_NUM_UUIDS];
   bt_status_t status;
 
+  remove_devices_with_sample_ltk();
+
   btif_in_fetch_bonded_devices(&bonded_devices, 1);
 
   /* Now send the adapter_properties_cb with all adapter_properties */
diff --git a/stack/btm/btm_sec.cc b/stack/btm/btm_sec.cc
index 3d68c0e71..1c8d42695 100644
--- a/stack/btm/btm_sec.cc
+++ b/stack/btm/btm_sec.cc
@@ -24,6 +24,7 @@
 
 #define LOG_TAG "bt_btm_sec"
 
+#include <log/log.h>
 #include <stdarg.h>
 #include <stdio.h>
 #include <string.h>
@@ -42,6 +43,8 @@
 
 #include "gatt_int.h"
 
+#include "bta/dm/bta_dm_int.h"
+
 #define BTM_SEC_MAX_COLLISION_DELAY (5000)
 
 extern fixed_queue_t* btu_general_alarm_queue;
@@ -4693,6 +4696,19 @@ void btm_sec_disconnected(uint16_t handle, uint8_t reason) {
           BTM_SEC_ROLE_SWITCHED | BTM_SEC_16_DIGIT_PIN_AUTHED);
   }
 
+  /* Some devices hardcode sample LTK value from spec, instead of generating
+   * one. Treat such devices as insecure, and remove such bonds on
+   * disconnection.
+   */
+  if (is_sample_ltk(p_dev_rec->ble.keys.pltk)) {
+    android_errorWriteLog(0x534e4554, "128437297");
+    LOG(INFO) << __func__ << " removing bond to device that used sample LTK";
+
+    tBTA_DM_MSG p_data;
+    memcpy(p_data.remove_dev.bd_addr, p_dev_rec->bd_addr, BD_ADDR_LEN);
+    bta_dm_remove_device(&p_data);
+  }
+
   if (p_dev_rec->sec_state == BTM_SEC_STATE_DISCONNECTING_BOTH) {
     p_dev_rec->sec_state = (transport == BT_TRANSPORT_LE)
                                ? BTM_SEC_STATE_DISCONNECTING
diff --git a/stack/include/bt_types.h b/stack/include/bt_types.h
index 5540a7e03..655a70cea 100644
--- a/stack/include/bt_types.h
+++ b/stack/include/bt_types.h
@@ -21,6 +21,7 @@
 
 #include <stdbool.h>
 #include <stdint.h>
+#include <string.h>
 
 #ifndef FALSE
 #define FALSE false
@@ -1008,4 +1009,13 @@ static inline int bdcmpany(const BD_ADDR a) { return bdcmp(a, bd_addr_any); }
  *
  ******************************************************************************/
 static inline void bdsetany(BD_ADDR a) { bdcpy(a, bd_addr_any); }
+
+static inline bool is_sample_ltk(const BT_OCTET16 ltk) {
+  /* Sample LTK from BT Spec 5.1 | Vol 6, Part C 1
+   * 0x4C68384139F574D836BCF34E9DFB01BF */
+  const uint8_t SAMPLE_LTK[] = {0xbf, 0x01, 0xfb, 0x9d, 0x4e, 0xf3, 0xbc, 0x36,
+                                0xd8, 0x74, 0xf5, 0x39, 0x41, 0x38, 0x68, 0x4c};
+  return memcmp(ltk, SAMPLE_LTK, BT_OCTET16_LEN) == 0;
+}
+
 #endif
-- 
cgit v1.2.3