* [PATCH BlueZ] mesh: Validate OTA provision security material
@ 2021-03-08 23:36 Brian Gix
2021-03-08 23:59 ` [BlueZ] " bluez.test.bot
0 siblings, 1 reply; 2+ messages in thread
From: Brian Gix @ 2021-03-08 23:36 UTC (permalink / raw)
To: linux-bluetooth; +Cc: inga.stotland, luiz.dentz, Brian Gix
When validating incoming security material, ensure that the data is
unique to the provisioning session.
---
mesh/prov-acceptor.c | 11 +++++++++++
mesh/prov-initiator.c | 10 ++++++++++
2 files changed, 21 insertions(+)
diff --git a/mesh/prov-acceptor.c b/mesh/prov-acceptor.c
index a03ee1ce5..4ec6ea34a 100644
--- a/mesh/prov-acceptor.c
+++ b/mesh/prov-acceptor.c
@@ -203,6 +203,10 @@ static bool prov_calc_secret(const uint8_t *pub, const uint8_t *priv,
static bool acp_credentials(struct mesh_prov_acceptor *prov)
{
+ if (!memcmp(prov->conf_inputs.prv_pub_key,
+ prov->conf_inputs.dev_pub_key, 64))
+ return false;
+
if (!prov_calc_secret(prov->conf_inputs.prv_pub_key,
prov->private_key, prov->secret))
return false;
@@ -529,6 +533,13 @@ static void acp_prov_rx(void *user_data, const uint8_t *data, uint16_t len)
break;
case PROV_RANDOM: /* Random Value */
+
+ /* Disallow matching random values */
+ if (!memcmp(prov->rand_auth_workspace, data, 16)) {
+ fail.reason = PROV_ERR_INVALID_PDU;
+ goto failure;
+ }
+
/* Calculate Session key (needed later) while data is fresh */
mesh_crypto_prov_prov_salt(prov->salt, data,
prov->rand_auth_workspace,
diff --git a/mesh/prov-initiator.c b/mesh/prov-initiator.c
index 8399282ee..4f492a49c 100644
--- a/mesh/prov-initiator.c
+++ b/mesh/prov-initiator.c
@@ -202,6 +202,10 @@ static bool prov_calc_secret(const uint8_t *pub, const uint8_t *priv,
static bool int_credentials(struct mesh_prov_initiator *prov)
{
+ if (!memcmp(prov->conf_inputs.prv_pub_key,
+ prov->conf_inputs.dev_pub_key, 64))
+ return false;
+
if (!prov_calc_secret(prov->conf_inputs.dev_pub_key,
prov->private_key, prov->secret))
return false;
@@ -736,6 +740,12 @@ static void int_prov_rx(void *user_data, const uint8_t *data, uint16_t len)
case PROV_RANDOM: /* Random */
prov->state = INT_PROV_RAND_ACKED;
+ /* Disallow matching random values */
+ if (!memcmp(prov->rand_auth_workspace, data, 16)) {
+ fail_code[1] = PROV_ERR_INVALID_PDU;
+ goto failure;
+ }
+
/* RXed Device Confirmation */
calc_local_material(data);
memcpy(prov->rand_auth_workspace + 16, data, 16);
--
2.25.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* RE: [BlueZ] mesh: Validate OTA provision security material
2021-03-08 23:36 [PATCH BlueZ] mesh: Validate OTA provision security material Brian Gix
@ 2021-03-08 23:59 ` bluez.test.bot
0 siblings, 0 replies; 2+ messages in thread
From: bluez.test.bot @ 2021-03-08 23:59 UTC (permalink / raw)
To: linux-bluetooth, brian.gix
[-- Attachment #1: Type: text/plain, Size: 557 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=444147
---Test result---
##############################
Test: CheckPatch - PASS
##############################
Test: CheckGitLint - PASS
##############################
Test: CheckBuild - PASS
##############################
Test: MakeCheck - PASS
---
Regards,
Linux Bluetooth
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-03-09 0:00 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-08 23:36 [PATCH BlueZ] mesh: Validate OTA provision security material Brian Gix
2021-03-08 23:59 ` [BlueZ] " bluez.test.bot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.