Skip to content

Commit

Permalink
Disallow connect with Secure Connections downgrade
Browse files Browse the repository at this point in the history
As a guard against the BLUFFS attack, check security parameters of
incoming connections against cached values and disallow connection if
these parameters are downgraded or changed from their cached values.

This CL adds the connection-time check for Secure Connections mode.

Bug: 314331379
Test: m libbluetooth
Test: manual

To test this CL, please ensure that BR/EDR initial connections and reconnections  (after cycling remote devices, cycling Bluetooth, restarting the phone, etc.) work against remote devices which both support and do not support Secure Connections mode, and with all supported bonding types.  Basic validation of LE bonding functionality should be done as well.

Tag: #security
Ignore-AOSP-First: Security
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:f20fdd9b3225a6084f6b666172817fe0a89f0679)
Merged-In: I9130476600d31b59608e0e419b5136d255174265
Change-Id: I9130476600d31b59608e0e419b5136d255174265
  • Loading branch information
Brian Delwiche authored and aoleary committed Sep 17, 2024
1 parent 415dfb5 commit 4dcccb5
Showing 1 changed file with 17 additions and 0 deletions.
17 changes: 17 additions & 0 deletions system/stack/btm/btm_sec.cc
Original file line number Diff line number Diff line change
Expand Up @@ -4112,6 +4112,13 @@ void btm_sec_link_key_notification(const RawAddress& p_bda,
}
}

if (p_dev_rec->is_bond_type_persistent() &&
(p_dev_rec->is_device_type_br_edr() ||
p_dev_rec->is_device_type_dual_mode())) {
btm_sec_store_device_sc_support(p_dev_rec->get_br_edr_hci_handle(),
p_dev_rec->SupportsSecureConnections());
}

/* If name is not known at this point delay calling callback until the name is
*/
/* resolved. Unless it is a HID Device and we really need to send all link
Expand Down Expand Up @@ -5198,6 +5205,16 @@ void btm_sec_set_peer_sec_caps(uint16_t hci_handle, bool ssp_supported,
tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev_by_handle(hci_handle);
if (p_dev_rec == nullptr) return;

// Drop the connection here if the remote attempts to downgrade from Secure
// Connections mode.
if (btm_sec_is_device_sc_downgrade(hci_handle, sc_supported)) {
acl_set_disconnect_reason(HCI_ERR_HOST_REJECT_SECURITY);
btm_sec_send_hci_disconnect(
p_dev_rec, HCI_ERR_AUTH_FAILURE, hci_handle,
"attempted to downgrade from Secure Connections mode");
return;
}

p_dev_rec->remote_feature_received = true;
p_dev_rec->remote_supports_hci_role_switch = hci_role_switch_supported;

Expand Down

0 comments on commit 4dcccb5

Please sign in to comment.