alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

ble_mesh: Update the SIG recommendations for CVE issues

Browse Source
This commit is contained in:
lly 2021-08-17 19:32:48 +08:00
parent 66fb27c0e8
commit 780db9b7bf
3 changed files with 53 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
components/bt/esp_ble_mesh/api/core/include/esp_ble_mesh_provisioning_api.h
View File

@ -69,6 +69,12 @@ esp_err_t esp_ble_mesh_node_prov_disable(esp_ble_mesh_prov_bearer_t bearers);
/**
* @brief Unprovisioned device set own oob public key & private key pair.
*
* @note In order to avoid suffering brute-forcing attack (CVE-2020-26559).
* The Bluetooth SIG recommends that potentially vulnerable mesh provisioners
* use an out-of-band mechanism to exchange the public keys.
* So as an unprovisioned device, it should use this function to input
* the Public Key exchanged through the out-of-band mechanism.
*
* @param[in] pub_key_x: Unprovisioned device's Public Key X
* @param[in] pub_key_y: Unprovisioned device's Public Key Y
* @param[in] private_key: Unprovisioned device's Private Key
@ -121,6 +127,10 @@ esp_err_t esp_ble_mesh_set_unprovisioned_device_name(const char *name);
/**
* @brief Provisioner inputs unprovisioned device's oob public key.
*
* @note In order to avoid suffering brute-forcing attack (CVE-2020-26559).
* The Bluetooth SIG recommends that potentially vulnerable mesh provisioners
* use an out-of-band mechanism to exchange the public keys.
*
* @param[in] link_idx: The provisioning link index
* @param[in] pub_key_x: Unprovisioned device's Public Key X
* @param[in] pub_key_y: Unprovisioned device's Public Key Y
@ -329,6 +339,14 @@ esp_err_t esp_ble_mesh_provisioner_set_prov_data_info(esp_ble_mesh_prov_data_inf
* A large entropy helps ensure that a brute-force of the AuthValue, even a static
* AuthValue, cannot normally be completed in a reasonable time (CVE-2020-26557).
*
* AuthValues selected using a cryptographically secure random or pseudorandom number
* generator and having the maximum permitted entropy (128-bits) will be most difficult
* to brute-force. AuthValues with reduced entropy or generated in a predictable manner
* will not grant the same level of protection against this vulnerability. Selecting a
* new AuthValue with each provisioning attempt can also make it more difficult to launch
* a brute-force attack by requiring the attacker to restart the search with each
* provisioning attempt (CVE-2020-26556).
*
* @param[in] value: Pointer to the static oob value.
* @param[in] length: Length of the static oob value.
*

14
components/bt/esp_ble_mesh/api/esp_ble_mesh_defs.h
View File

@ -583,8 +583,10 @@ typedef struct {
esp_ble_mesh_prov_oob_info_t oob_info;
/* NOTE: In order to avoid suffering brute-forcing attack (CVE-2020-26559).
* The Bluetooth SIG recommends that potentially vulnerable mesh node
* The Bluetooth SIG recommends that potentially vulnerable mesh provisioners
* support an out-of-band mechanism to exchange the public keys.
* So as an unprovisioned device, it should enable this flag to support
* using an out-of-band mechanism to exchange Public Key.
*/
/** Flag indicates whether unprovisioned devices support OOB public key */
bool oob_pub_key;
@ -639,7 +641,7 @@ typedef struct {
/** Provisioning Algorithm for the Provisioner */
uint8_t prov_algorithm;
/* NOTE: In order to avoid suffering brute-forcing attack(CVE-2020-26559).
/* NOTE: In order to avoid suffering brute-forcing attack (CVE-2020-26559).
* The Bluetooth SIG recommends that potentially vulnerable mesh provisioners
* use an out-of-band mechanism to exchange the public keys.
*/
@ -653,6 +655,14 @@ typedef struct {
* selected AuthValue using all of the available bits, where permitted by the
* implementation. A large entropy helps ensure that a brute-force of the AuthValue,
* even a static AuthValue, cannot normally be completed in a reasonable time (CVE-2020-26557).
*
* AuthValues selected using a cryptographically secure random or pseudorandom number
* generator and having the maximum permitted entropy (128-bits) will be most difficult
* to brute-force. AuthValues with reduced entropy or generated in a predictable manner
* will not grant the same level of protection against this vulnerability. Selecting a
* new AuthValue with each provisioning attempt can also make it more difficult to launch
* a brute-force attack by requiring the attacker to restart the search with each
* provisioning attempt (CVE-2020-26556).
*/
/** Provisioner static oob value */
uint8_t *prov_static_oob_val;

35
components/bt/esp_ble_mesh/mesh_core/provisioner_prov.c
View File

@ -1930,6 +1930,19 @@ static int prov_auth(const uint8_t idx, uint8_t method, uint8_t action, uint8_t
/* Provisioner ouput number/string and wait for device's Provisioning Input Complete PDU */
link[idx].expect = PROV_INPUT_COMPLETE;
/* NOTE: The Bluetooth SIG recommends that mesh implementations enforce a randomly
* selected AuthValue using all of the available bits, where permitted by the
* implementation. A large entropy helps ensure that a brute-force of the AuthValue,
* even a static AuthValue, cannot normally be completed in a reasonable time (CVE-2020-26557).
*
* AuthValues selected using a cryptographically secure random or pseudorandom number
* generator and having the maximum permitted entropy (128-bits) will be most difficult
* to brute-force. AuthValues with reduced entropy or generated in a predictable manner
* will not grant the same level of protection against this vulnerability. Selecting a
* new AuthValue with each provisioning attempt can also make it more difficult to launch
* a brute-force attack by requiring the attacker to restart the search with each
* provisioning attempt (CVE-2020-26556).
*/
if (input == BLE_MESH_ENTER_STRING) {
unsigned char str[9] = {'\0'};
uint8_t j = 0U;
@ -2312,12 +2325,11 @@ static void prov_confirm(const uint8_t idx, const uint8_t *data)
BT_DBG("Remote Confirm: %s", bt_hex(data, 16));
/* NOTE: The Bluetooth SIG recommends that potentially vulnerable mesh
* provisioners restrict the authentication procedure and not accept
* provisioning random and provisioning confirmation numbers from a remote
* peer that are the same as those selected by the local device (CVE-2020-26556
* & CVE-2020-26560).
* */
/* NOTE: The Bluetooth SIG recommends that potentially vulnerable mesh provisioners
* restrict the authentication procedure and not accept provisioning random and
* provisioning confirmation numbers from a remote peer that are the same as those
* selected by the local device (CVE-2020-26560).
*/
if (!memcmp(data, link[idx].local_conf, 16)) {
BT_ERR("Confirmation value is identical to ours, rejecting.");
close_link(idx, CLOSE_REASON_FAILED);
@ -2534,12 +2546,11 @@ static void prov_random(const uint8_t idx, const uint8_t *data)
BT_DBG("Remote Random: %s", bt_hex(data, 16));
/* NOTE: The Bluetooth SIG recommends that potentially vulnerable mesh
* provisioners restrict the authentication procedure and not accept
* provisioning random and provisioning confirmation numbers from a remote
* peer that are the same as those selected by the local device (CVE-2020-26556
* & CVE-2020-26560).
* */
/* NOTE: The Bluetooth SIG recommends that potentially vulnerable mesh provisioners
* restrict the authentication procedure and not accept provisioning random and
* provisioning confirmation numbers from a remote peer that are the same as those
* selected by the local device (CVE-2020-26560).
*/
if (!memcmp(data, link[idx].rand, 16)) {
BT_ERR("Random value is identical to ours, rejecting.");
goto fail;