2021-03-08 23:39:00

by Gix, Brian

[permalink] [raw]
Subject: [PATCH BlueZ] mesh: Validate OTA provision security material

When validating incoming security material, ensure that the data is
unique to the provisioning session.
---
mesh/prov-acceptor.c | 11 +++++++++++
mesh/prov-initiator.c | 10 ++++++++++
2 files changed, 21 insertions(+)

diff --git a/mesh/prov-acceptor.c b/mesh/prov-acceptor.c
index a03ee1ce5..4ec6ea34a 100644
--- a/mesh/prov-acceptor.c
+++ b/mesh/prov-acceptor.c
@@ -203,6 +203,10 @@ static bool prov_calc_secret(const uint8_t *pub, const uint8_t *priv,

static bool acp_credentials(struct mesh_prov_acceptor *prov)
{
+ if (!memcmp(prov->conf_inputs.prv_pub_key,
+ prov->conf_inputs.dev_pub_key, 64))
+ return false;
+
if (!prov_calc_secret(prov->conf_inputs.prv_pub_key,
prov->private_key, prov->secret))
return false;
@@ -529,6 +533,13 @@ static void acp_prov_rx(void *user_data, const uint8_t *data, uint16_t len)
break;

case PROV_RANDOM: /* Random Value */
+
+ /* Disallow matching random values */
+ if (!memcmp(prov->rand_auth_workspace, data, 16)) {
+ fail.reason = PROV_ERR_INVALID_PDU;
+ goto failure;
+ }
+
/* Calculate Session key (needed later) while data is fresh */
mesh_crypto_prov_prov_salt(prov->salt, data,
prov->rand_auth_workspace,
diff --git a/mesh/prov-initiator.c b/mesh/prov-initiator.c
index 8399282ee..4f492a49c 100644
--- a/mesh/prov-initiator.c
+++ b/mesh/prov-initiator.c
@@ -202,6 +202,10 @@ static bool prov_calc_secret(const uint8_t *pub, const uint8_t *priv,

static bool int_credentials(struct mesh_prov_initiator *prov)
{
+ if (!memcmp(prov->conf_inputs.prv_pub_key,
+ prov->conf_inputs.dev_pub_key, 64))
+ return false;
+
if (!prov_calc_secret(prov->conf_inputs.dev_pub_key,
prov->private_key, prov->secret))
return false;
@@ -736,6 +740,12 @@ static void int_prov_rx(void *user_data, const uint8_t *data, uint16_t len)
case PROV_RANDOM: /* Random */
prov->state = INT_PROV_RAND_ACKED;

+ /* Disallow matching random values */
+ if (!memcmp(prov->rand_auth_workspace, data, 16)) {
+ fail_code[1] = PROV_ERR_INVALID_PDU;
+ goto failure;
+ }
+
/* RXed Device Confirmation */
calc_local_material(data);
memcpy(prov->rand_auth_workspace + 16, data, 16);
--
2.25.4


2021-03-09 00:02:29

by bluez.test.bot

[permalink] [raw]
Subject: RE: [BlueZ] mesh: Validate OTA provision security material

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=444147

---Test result---

##############################
Test: CheckPatch - PASS

##############################
Test: CheckGitLint - PASS

##############################
Test: CheckBuild - PASS

##############################
Test: MakeCheck - PASS



---
Regards,
Linux Bluetooth