* [PATCH BlueZ] mesh: Add Provisioning Confirmation validity check
@ 2021-04-08 19:09 Brian Gix
2021-04-08 19:36 ` [BlueZ] " bluez.test.bot
0 siblings, 1 reply; 2+ messages in thread
From: Brian Gix @ 2021-04-08 19:09 UTC (permalink / raw)
To: linux-bluetooth; +Cc: inga.stotland, brian.gix
Validate generated and received confirmation data is unique during
provisioning.
---
mesh/prov-acceptor.c | 13 +++++++++++--
mesh/prov-initiator.c | 8 ++++++++
2 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/mesh/prov-acceptor.c b/mesh/prov-acceptor.c
index 4ec6ea34a..e806b12ef 100644
--- a/mesh/prov-acceptor.c
+++ b/mesh/prov-acceptor.c
@@ -347,14 +347,20 @@ static void send_pub_key(struct mesh_prov_acceptor *prov)
prov->trans_tx(prov->trans_data, &msg, sizeof(msg));
}
-static void send_conf(struct mesh_prov_acceptor *prov)
+static bool send_conf(struct mesh_prov_acceptor *prov)
{
struct prov_conf_msg msg;
msg.opcode = PROV_CONFIRM;
mesh_crypto_aes_cmac(prov->calc_key, prov->rand_auth_workspace, 32,
msg.conf);
+
+ /* Fail if confirmations match */
+ if (!memcmp(msg.conf, prov->confirm, sizeof(msg.conf)))
+ return false;
+
prov->trans_tx(prov->trans_data, &msg, sizeof(msg));
+ return true;
}
static void send_rand(struct mesh_prov_acceptor *prov)
@@ -529,7 +535,10 @@ static void acp_prov_rx(void *user_data, const uint8_t *data, uint16_t len)
memcpy(prov->confirm, data, 16);
prov->expected = PROV_RANDOM;
- send_conf(prov);
+ if (!send_conf(prov)) {
+ fail.reason = PROV_ERR_INVALID_PDU;
+ goto failure;
+ }
break;
case PROV_RANDOM: /* Random Value */
diff --git a/mesh/prov-initiator.c b/mesh/prov-initiator.c
index 4f492a49c..ae9c646de 100644
--- a/mesh/prov-initiator.c
+++ b/mesh/prov-initiator.c
@@ -279,6 +279,7 @@ static void send_confirm(struct mesh_prov_initiator *prov)
msg.opcode = PROV_CONFIRM;
mesh_crypto_aes_cmac(prov->calc_key, prov->rand_auth_workspace,
32, msg.conf);
+ memcpy(prov->confirm, msg.conf, sizeof(prov->confirm));
prov->trans_tx(prov->trans_data, &msg, sizeof(msg));
prov->state = INT_PROV_CONF_SENT;
prov->expected = PROV_CONFIRM;
@@ -732,6 +733,13 @@ static void int_prov_rx(void *user_data, const uint8_t *data, uint16_t len)
case PROV_CONFIRM: /* Confirmation */
prov->state = INT_PROV_CONF_ACKED;
/* RXed Device Confirmation */
+
+ /* Disallow echoed values */
+ if (!memcmp(prov->confirm, data, 16)) {
+ fail_code[1] = PROV_ERR_INVALID_PDU;
+ goto failure;
+ }
+
memcpy(prov->confirm, data, 16);
print_packet("ConfirmationDevice", prov->confirm, 16);
send_random(prov);
--
2.25.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* RE: [BlueZ] mesh: Add Provisioning Confirmation validity check
2021-04-08 19:09 [PATCH BlueZ] mesh: Add Provisioning Confirmation validity check Brian Gix
@ 2021-04-08 19:36 ` bluez.test.bot
0 siblings, 0 replies; 2+ messages in thread
From: bluez.test.bot @ 2021-04-08 19:36 UTC (permalink / raw)
To: linux-bluetooth, brian.gix
[-- Attachment #1: Type: text/plain, Size: 758 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=463665
---Test result---
##############################
Test: CheckPatch - PASS
##############################
Test: CheckGitLint - PASS
##############################
Test: CheckBuild: Setup ELL - PASS
##############################
Test: CheckBuild: Setup - PASS
##############################
Test: CheckBuild - PASS
##############################
Test: MakeCheck - PASS
##############################
Test: CheckBuild w/external ell - PASS
---
Regards,
Linux Bluetooth
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-04-08 19:36 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-08 19:09 [PATCH BlueZ] mesh: Add Provisioning Confirmation validity check Brian Gix
2021-04-08 19:36 ` [BlueZ] " bluez.test.bot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.