Merge branch 'bugfix/bt_bluedroid_same_public_key_attack_v4.1' into 'release/v4.1'

Bluedroid: Fixes for some Bluetooth vulnerabilities. (v4.1)

See merge request espressif/esp-idf!11764
This commit is contained in:
Jiang Jiang Jian 2021-01-19 20:49:25 +08:00
commit faa740028c
2 changed files with 27 additions and 0 deletions

View File

@ -1129,6 +1129,20 @@ esp_err_t esp_ble_gap_clean_duplicate_scan_exceptional_list(esp_duplicate_scan_e
/**
* @brief Set a GAP security parameter value. Overrides the default value.
*
* Secure connection is highly recommended to avoid some major
* vulnerabilities like 'Impersonation in the Pin Pairing Protocol'
* (CVE-2020-26555) and 'Authentication of the LE Legacy Pairing
* Protocol'.
*
* To accept only `secure connection mode`, it is necessary do as following:
*
* 1. Set bit `ESP_LE_AUTH_REQ_SC_ONLY` (`param_type` is
* `ESP_BLE_SM_AUTHEN_REQ_MODE`), bit `ESP_LE_AUTH_BOND` and bit
* `ESP_LE_AUTH_REQ_MITM` is optional as required.
*
* 2. Set to `ESP_BLE_ONLY_ACCEPT_SPECIFIED_AUTH_ENABLE` (`param_type` is
* `ESP_BLE_SM_ONLY_ACCEPT_SPECIFIED_SEC_AUTH`).
*
* @param[in] param_type : the type of the param which to be set
* @param[in] value : the param value
* @param[in] len : the length of the param value

View File

@ -760,6 +760,19 @@ void smp_process_pairing_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
STREAM_TO_ARRAY(p_cb->peer_publ_key.x, p, BT_OCTET32_LEN);
STREAM_TO_ARRAY(p_cb->peer_publ_key.y, p, BT_OCTET32_LEN);
/* Check if the peer device's and own public key are not same. If they are same then
* return pairing fail. This check is needed to avoid 'Impersonation in Passkey entry
* protocol' vulnerability (CVE-2020-26558).*/
if ((memcmp(p_cb->loc_publ_key.x, p_cb->peer_publ_key.x, sizeof(BT_OCTET32)) == 0) &&
(memcmp(p_cb->loc_publ_key.y, p_cb->peer_publ_key.y, sizeof(BT_OCTET32)) == 0)) {
p_cb->status = SMP_PAIR_AUTH_FAIL;
p_cb->failure = SMP_PAIR_AUTH_FAIL;
reason = SMP_PAIR_AUTH_FAIL;
SMP_TRACE_ERROR("%s, Peer and own device cannot have same public key.", __func__);
smp_sm_event(p_cb, SMP_PAIRING_FAILED_EVT, &reason);
return ;
}
/* In order to prevent the x and y coordinates of the public key from being modified,
we need to check whether the x and y coordinates are on the given elliptic curve. */
if (!ECC_CheckPointIsInElliCur_P256((Point *)&p_cb->peer_publ_key)) {