mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
Merge branch 'bugfix/bt_bluedroid_same_public_key_attack_v4.1' into 'release/v4.1'
Bluedroid: Fixes for some Bluetooth vulnerabilities. (v4.1) See merge request espressif/esp-idf!11764
This commit is contained in:
commit
faa740028c
@ -1129,6 +1129,20 @@ esp_err_t esp_ble_gap_clean_duplicate_scan_exceptional_list(esp_duplicate_scan_e
|
||||
/**
|
||||
* @brief Set a GAP security parameter value. Overrides the default value.
|
||||
*
|
||||
* Secure connection is highly recommended to avoid some major
|
||||
* vulnerabilities like 'Impersonation in the Pin Pairing Protocol'
|
||||
* (CVE-2020-26555) and 'Authentication of the LE Legacy Pairing
|
||||
* Protocol'.
|
||||
*
|
||||
* To accept only `secure connection mode`, it is necessary do as following:
|
||||
*
|
||||
* 1. Set bit `ESP_LE_AUTH_REQ_SC_ONLY` (`param_type` is
|
||||
* `ESP_BLE_SM_AUTHEN_REQ_MODE`), bit `ESP_LE_AUTH_BOND` and bit
|
||||
* `ESP_LE_AUTH_REQ_MITM` is optional as required.
|
||||
*
|
||||
* 2. Set to `ESP_BLE_ONLY_ACCEPT_SPECIFIED_AUTH_ENABLE` (`param_type` is
|
||||
* `ESP_BLE_SM_ONLY_ACCEPT_SPECIFIED_SEC_AUTH`).
|
||||
*
|
||||
* @param[in] param_type : the type of the param which to be set
|
||||
* @param[in] value : the param value
|
||||
* @param[in] len : the length of the param value
|
||||
|
@ -760,6 +760,19 @@ void smp_process_pairing_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
|
||||
|
||||
STREAM_TO_ARRAY(p_cb->peer_publ_key.x, p, BT_OCTET32_LEN);
|
||||
STREAM_TO_ARRAY(p_cb->peer_publ_key.y, p, BT_OCTET32_LEN);
|
||||
|
||||
/* Check if the peer device's and own public key are not same. If they are same then
|
||||
* return pairing fail. This check is needed to avoid 'Impersonation in Passkey entry
|
||||
* protocol' vulnerability (CVE-2020-26558).*/
|
||||
if ((memcmp(p_cb->loc_publ_key.x, p_cb->peer_publ_key.x, sizeof(BT_OCTET32)) == 0) &&
|
||||
(memcmp(p_cb->loc_publ_key.y, p_cb->peer_publ_key.y, sizeof(BT_OCTET32)) == 0)) {
|
||||
p_cb->status = SMP_PAIR_AUTH_FAIL;
|
||||
p_cb->failure = SMP_PAIR_AUTH_FAIL;
|
||||
reason = SMP_PAIR_AUTH_FAIL;
|
||||
SMP_TRACE_ERROR("%s, Peer and own device cannot have same public key.", __func__);
|
||||
smp_sm_event(p_cb, SMP_PAIRING_FAILED_EVT, &reason);
|
||||
return ;
|
||||
}
|
||||
/* In order to prevent the x and y coordinates of the public key from being modified,
|
||||
we need to check whether the x and y coordinates are on the given elliptic curve. */
|
||||
if (!ECC_CheckPointIsInElliCur_P256((Point *)&p_cb->peer_publ_key)) {
|
||||
|
Loading…
Reference in New Issue
Block a user