mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
Merge branch 'bugfix/AuthValue_leak_v4.0' into 'release/v4.0'
ble_mesh: stack: Fix AuthValue Leak and Predictable AuthValue in Bluetooth... (v4.0) See merge request espressif/esp-idf!14005
This commit is contained in:
commit
ee8c27e5e3
@ -324,6 +324,11 @@ esp_err_t esp_ble_mesh_provisioner_set_prov_data_info(esp_ble_mesh_prov_data_inf
|
|||||||
/**
|
/**
|
||||||
* @brief This function is called by Provisioner to set static oob value used for provisioning.
|
* @brief This function is called by Provisioner to set static oob value used for provisioning.
|
||||||
*
|
*
|
||||||
|
* @note The Bluetooth SIG recommends that mesh implementations enforce a randomly selected
|
||||||
|
* AuthValue using all of the available bits, where permitted by the implementation.
|
||||||
|
* A large entropy helps ensure that a brute-force of the AuthValue, even a static
|
||||||
|
* AuthValue, cannot normally be completed in a reasonable time (CVE-2020-26557).
|
||||||
|
*
|
||||||
* @param[in] value: Pointer to the static oob value.
|
* @param[in] value: Pointer to the static oob value.
|
||||||
* @param[in] length: Length of the static oob value.
|
* @param[in] length: Length of the static oob value.
|
||||||
*
|
*
|
||||||
|
@ -582,6 +582,10 @@ typedef struct {
|
|||||||
/** Out of Band information field. */
|
/** Out of Band information field. */
|
||||||
esp_ble_mesh_prov_oob_info_t oob_info;
|
esp_ble_mesh_prov_oob_info_t oob_info;
|
||||||
|
|
||||||
|
/* NOTE: In order to avoid suffering brute-forcing attack (CVE-2020-26559).
|
||||||
|
* The Bluetooth SIG recommends that potentially vulnerable mesh node
|
||||||
|
* support an out-of-band mechanism to exchange the public keys.
|
||||||
|
*/
|
||||||
/** Flag indicates whether unprovisioned devices support OOB public key */
|
/** Flag indicates whether unprovisioned devices support OOB public key */
|
||||||
bool oob_pub_key;
|
bool oob_pub_key;
|
||||||
|
|
||||||
@ -635,12 +639,21 @@ typedef struct {
|
|||||||
/** Provisioning Algorithm for the Provisioner */
|
/** Provisioning Algorithm for the Provisioner */
|
||||||
uint8_t prov_algorithm;
|
uint8_t prov_algorithm;
|
||||||
|
|
||||||
|
/* NOTE: In order to avoid suffering brute-forcing attack(CVE-2020-26559).
|
||||||
|
* The Bluetooth SIG recommends that potentially vulnerable mesh provisioners
|
||||||
|
* use an out-of-band mechanism to exchange the public keys.
|
||||||
|
*/
|
||||||
/** Provisioner public key oob */
|
/** Provisioner public key oob */
|
||||||
uint8_t prov_pub_key_oob;
|
uint8_t prov_pub_key_oob;
|
||||||
|
|
||||||
/** Callback used to notify to set device OOB Public Key. Initialized by the stack. */
|
/** Callback used to notify to set device OOB Public Key. Initialized by the stack. */
|
||||||
esp_ble_mesh_cb_t provisioner_prov_read_oob_pub_key;
|
esp_ble_mesh_cb_t provisioner_prov_read_oob_pub_key;
|
||||||
|
|
||||||
|
/* NOTE: The Bluetooth SIG recommends that mesh implementations enforce a randomly
|
||||||
|
* selected AuthValue using all of the available bits, where permitted by the
|
||||||
|
* implementation. A large entropy helps ensure that a brute-force of the AuthValue,
|
||||||
|
* even a static AuthValue, cannot normally be completed in a reasonable time (CVE-2020-26557).
|
||||||
|
*/
|
||||||
/** Provisioner static oob value */
|
/** Provisioner static oob value */
|
||||||
uint8_t *prov_static_oob_val;
|
uint8_t *prov_static_oob_val;
|
||||||
/** Provisioner static oob value length */
|
/** Provisioner static oob value length */
|
||||||
|
@ -2312,6 +2312,12 @@ static void prov_confirm(const uint8_t idx, const uint8_t *data)
|
|||||||
|
|
||||||
BT_DBG("Remote Confirm: %s", bt_hex(data, 16));
|
BT_DBG("Remote Confirm: %s", bt_hex(data, 16));
|
||||||
|
|
||||||
|
/* NOTE: The Bluetooth SIG recommends that potentially vulnerable mesh
|
||||||
|
* provisioners restrict the authentication procedure and not accept
|
||||||
|
* provisioning random and provisioning confirmation numbers from a remote
|
||||||
|
* peer that are the same as those selected by the local device (CVE-2020-26556
|
||||||
|
* & CVE-2020-26560).
|
||||||
|
* */
|
||||||
if (!memcmp(data, link[idx].local_conf, 16)) {
|
if (!memcmp(data, link[idx].local_conf, 16)) {
|
||||||
BT_ERR("Confirmation value is identical to ours, rejecting.");
|
BT_ERR("Confirmation value is identical to ours, rejecting.");
|
||||||
close_link(idx, CLOSE_REASON_FAILED);
|
close_link(idx, CLOSE_REASON_FAILED);
|
||||||
@ -2528,6 +2534,12 @@ static void prov_random(const uint8_t idx, const uint8_t *data)
|
|||||||
|
|
||||||
BT_DBG("Remote Random: %s", bt_hex(data, 16));
|
BT_DBG("Remote Random: %s", bt_hex(data, 16));
|
||||||
|
|
||||||
|
/* NOTE: The Bluetooth SIG recommends that potentially vulnerable mesh
|
||||||
|
* provisioners restrict the authentication procedure and not accept
|
||||||
|
* provisioning random and provisioning confirmation numbers from a remote
|
||||||
|
* peer that are the same as those selected by the local device (CVE-2020-26556
|
||||||
|
* & CVE-2020-26560).
|
||||||
|
* */
|
||||||
if (!memcmp(data, link[idx].rand, 16)) {
|
if (!memcmp(data, link[idx].rand, 16)) {
|
||||||
BT_ERR("Random value is identical to ours, rejecting.");
|
BT_ERR("Random value is identical to ours, rejecting.");
|
||||||
goto fail;
|
goto fail;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user