gap: Detect Secure Connection -> Legacy Connection Downgrade Attack (BIAS)

2025-01-26 12:35:25 +00:00 · 2020-06-01 23:53:54 +02:00 · 2020-06-01 23:53:54 +02:00 · 254b78ee86
commit 254b78ee86
parent 0d589c3720
2 changed files with 14 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -24,6 +24,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - FreeRTOS: btstack_run_loop_freertos_trigger_exit allows to request run loop exit
 - sm: support LE Secure Connections Only mode with sm_set_secure_connections_only_mode
 - GAP: enable BR/EDR Secure Connections if supported, add gap_secure_connections_enable
+- GAP: Detect Secure Connection -> Legacy Connection Downgrade Attack (BIAS)

 ### Changed
 - L2CAP ERTM: send extended features request only once per HCI connection
--- a/src/hci.c
+++ b/src/hci.c
@ -2356,17 +2356,27 @@ static void event_handler(uint8_t *packet, int size){
 #endif

        case HCI_EVENT_ENCRYPTION_CHANGE:
-            handle = little_endian_read_16(packet, 3);
+            handle = hci_event_encryption_change_get_connection_handle(packet);
            conn = hci_connection_for_handle(handle);
            if (!conn) break;
-            if (packet[2] == 0) {
-                if (packet[5]){
+            if (hci_event_encryption_change_get_status(packet) == 0) {
+                uint8_t encryption_enabled = hci_event_encryption_change_get_encryption_enabled(packet);
+                if (encryption_enabled){
                    if (hci_is_le_connection(conn)){
                        // For LE, we accept connection as encrypted
                        conn->authentication_flags |= CONNECTION_ENCRYPTED;
                    }
 #ifdef ENABLE_CLASSIC
                    else {
+                        // Detect Secure Connection -> Legacy Connection Downgrade Attack (BIAS)
+                        bool sc_used_during_pairing = gap_secure_connection_for_link_key_type(conn->link_key_type) != 0;
+                        bool connected_uses_aes_ccm = encryption_enabled == 2;
+                        if (sc_used_during_pairing && !connected_uses_aes_ccm){
+                            log_info("SC during pairing, but only E0 now -> abort");
+                            conn->state = conn->bonding_flags |= BONDING_DISCONNECT_SECURITY_BLOCK;
+                            break;
+                        }
+
                        if ((hci_stack->local_supported_commands[0] & 0x80) != 0){
                            // For Classic, we need to validate encryption key size first, if possible (== supported by Controller)
                            conn->bonding_flags |= BONDING_SEND_READ_ENCRYPTION_KEY_SIZE;