Check Classic key before cross-key derivation
Bug: 158854097
Test: atest net_test_stack_smp
Tag: #security
Ignore-AOSP-First: Security fix
Change-Id: Id88241324e9fb89ef14e50b52eb459a0d81c492b
diff --git a/stack/smp/smp_act.cc b/stack/smp/smp_act.cc
index 5f79441..d6ee29d 100644
--- a/stack/smp/smp_act.cc
+++ b/stack/smp/smp_act.cc
@@ -1187,7 +1187,17 @@
/* state check to prevent re-entrant */
if (smp_get_state() == SMP_STATE_BOND_PENDING) {
if (p_cb->derive_lk) {
- smp_derive_link_key_from_long_term_key(p_cb, NULL);
+ tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(p_cb->pairing_bda);
+ if (!(p_dev_rec->sec_flags & BTM_SEC_LE_LINK_KEY_AUTHED) &&
+ (p_dev_rec->sec_flags & BTM_SEC_LINK_KEY_AUTHED)) {
+ SMP_TRACE_DEBUG(
+ "%s BR key is higher security than existing LE keys, don't "
+ "derive LK from LTK",
+ __func__);
+ android_errorWriteLog(0x534e4554, "158854097");
+ } else {
+ smp_derive_link_key_from_long_term_key(p_cb, NULL);
+ }
p_cb->derive_lk = false;
}