Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp2225163ybb; Mon, 30 Mar 2020 01:56:12 -0700 (PDT) X-Google-Smtp-Source: ADFU+vs3U2kVFUkp80JDLnCQQPRPGTMA2w9bGDAdJ5zAGxmCw4SHqswGRywEJJ8XKeiZlpRfO76A X-Received: by 2002:a4a:370f:: with SMTP id r15mr8846951oor.100.1585558572134; Mon, 30 Mar 2020 01:56:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1585558572; cv=none; d=google.com; s=arc-20160816; b=LYhnGdRA7MmuNo+4h0ff12lPy7xKE3aLTvuVnt2BaC/sW92rDxf2Xk/k39VZ58Xr+g qtU4xGYwFlncra88ZeuEn2LRC6i0rc+E/U1Q6t3smidOxx7MeoTxpeEgi1CO4jYPvsi4 L351Vr0TDhho0XeQOCt8t9UxIDf4WvO8jpUy2YHYgjQZEEc5FkTZz03NeXV6aBsA29Fo nUdp3jg4EtDzBqW1jf5wTKickquwhKC9TVWjRpDZmBsUn0gCb6Re8RaLIn+UnFQviJAf +ubQ7IBY4Fw+EWlPZI5TAHl22K8+0mwjTBZS8t6aCroTtzHgoG7gy4mOpNu+ifhwIQ2T Pszw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=3DoqjDacwN8qODbiTh/rSDoI68rYdGTSKTiICX8Foy4=; b=kjOQX14z7cT3fSGQ8eYyN+tq9AEW+eod6uLRsPUM6nMySBQ5HpKkMIRmhV2qIC6Lyk qzD9yJep/wYCwEJGlvAJu9quirqcFyDzCNXq6XdN92vOpO2dmJLXv0xByQVJ5ekP6z20 eFWb6KarbEW3eLnPZDbUlp0DuhTf5HB9xQ7zwM6Z+5petymZY2vn3FKN5tx37BjWlUBz KipBZAE1JidIeK9krSkTrB8KGOIgxIlISGVJlRGKob0Bko2K9JqyjrSHKfJ+3GBbMkr/ AwFZUe0xRk66rOh/YQNXA00HPQUjBhnZvsixCLHRS2jQYKIYDiyQAU7GhM033Woi4qzk 5g/Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=dihsC9h3; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w7si6133454otj.223.2020.03.30.01.55.48; Mon, 30 Mar 2020 01:56:12 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=dihsC9h3; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728759AbgC3Izn (ORCPT + 99 others); Mon, 30 Mar 2020 04:55:43 -0400 Received: from mail-wm1-f68.google.com ([209.85.128.68]:38271 "EHLO mail-wm1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729595AbgC3Izn (ORCPT ); Mon, 30 Mar 2020 04:55:43 -0400 Received: by mail-wm1-f68.google.com with SMTP id f6so14351534wmj.3 for ; Mon, 30 Mar 2020 01:55:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3DoqjDacwN8qODbiTh/rSDoI68rYdGTSKTiICX8Foy4=; b=dihsC9h3bbDlEevuwkBujW58HhdnK6cbbyAnhJq/ZpkEPL57EenP3lbT1VywnHEISJ 7fqDX+8EViapACw7SARGvPSa7lKeacWYWdIEfW3CEetX5Cm/DNzamf4bc/LdxgR44Dcx F6B7f1pJJWU1EUjm5QGR4DBAk+07IrKfP3J4a9cQ02L9ZmWyOT3bYZLv8K55vgHC/F1F r1D691eyLA5hkONxtmzWxEGKW6qPN9nfBVJoELCklyiAzPtViNLTevgSZdlhIsBzNU8P Ff86lXACWBYPjpX4qkBXomD/ikYYd8dKHvM1uyD8C2qtRck5pJaqCeEZBy6JZgSUDgJK 0TnA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3DoqjDacwN8qODbiTh/rSDoI68rYdGTSKTiICX8Foy4=; b=Gy4wUS3p8ABOCbYmdWnMHfwqyp/iXtZ7N+UR11xKlsXyisbFup+6tFWp7LYSUVZPj7 1QTx6hsMDMwhN/YT/jy0F+AYB2+2faH334/XCoSmJC3zTWOJrHc9913QcgkClIioikx4 kjzP62+GA+Gw8wTyI6Ror7TAbWwHnlZwQoVF5aTKrbJK4/xp1RvwYtjCp5CuTTnZTGlJ yLZr+91NBPD8wAvDMnR/ktL8Kr9iOGokBY3Z9Lj0GFmh/OtD7E96mNJlr3/CLvxWcsua gTACaM3SPRlJO4xJOfkboN1DDOOlHcnVmVTd+IF0BF9/0D1WbzeypZ3G1esBqyRl/Rwi 1thQ== X-Gm-Message-State: ANhLgQ1OtV9lMJl8lXFuu6DGWVWho4y20DV5I7UZmy8yr5VhRgewI6r+ dxiHvH4Pi0lTDdHyGjM8v1SftTBdBtntZEpxTf20dz6EhgA= X-Received: by 2002:a1c:456:: with SMTP id 83mr12122582wme.54.1585558541142; Mon, 30 Mar 2020 01:55:41 -0700 (PDT) MIME-Version: 1.0 References: <20200327201817.Bluez.v1.1.If919a39697a6506be273f879d752bd506e63b45b@changeid> In-Reply-To: From: Archie Pusaka Date: Mon, 30 Mar 2020 16:55:30 +0800 Message-ID: Subject: Re: [Bluez PATCH v1] shared/att: Check the signature of att packets To: Luiz Augusto von Dentz Cc: linux-bluetooth , Archie Pusaka Content-Type: text/plain; charset="UTF-8" Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hi Luiz, I will move the whole check to crypto.c. The problem with generating the signature without copying the pdu is, the function to generate the signature requires the opcode to be prepended to the pdu. Therefore, I make a copy of the pdu just for the sake to prepend the opcode to it. However, the opcode was actually prepended to the pdu in the first place, but we separate it when invoking handle_notify(). Because this function is local to only this file, I will change it so the opcode is not separated when entering handle_notify(), but we will do so for every other function that is called within handle_notify(). Thanks, Archie On Sat, 28 Mar 2020 at 02:17, Luiz Augusto von Dentz wrote: > > Hi Archie, > > On Fri, Mar 27, 2020 at 11:15 AM Luiz Augusto von Dentz > wrote: > > > > Hi Archie, > > > > On Fri, Mar 27, 2020 at 5:19 AM Archie Pusaka wrote: > > > > > > From: Archie Pusaka > > > > > > According to bluetooth spec Ver 5.1, Vol 3, Part C (GAP), 10.4.2 > > > A device receiving signed data shall authenticate it by performing > > > the Signing Algorithm. The signed data shall be authenticated by > > > performing the Signing Algorithm where m is the Data PDU to be > > > authenticated, k is the stored CSRK and the SignCounter is the > > > received counter value. If the MAC computed by the Signing > > > Algorithm does not match the received MAC, the verification fails > > > and the Host shall ignore the received Data PDU. > > > > > > Currently bluez ignore the signature of received signed att > > > packets, as the function bt_crypto_sign_att() only generates the > > > signature, and not actually make any check about the genuineness > > > of the signature itself. > > > > > > This patch also fix a wrong boolean condition which prevents > > > handle_signed() to be called. > > > > > > Tested to pass these BT certification test > > > SM/MAS/SIGN/BV-03-C > > > SM/MAS/SIGN/BI-01-C > > > > Nice catch, looks like we have never passed this test properly before. > > > > > --- > > > > > > src/shared/att.c | 26 +++++++++++++++++++++----- > > > 1 file changed, 21 insertions(+), 5 deletions(-) > > > > > > diff --git a/src/shared/att.c b/src/shared/att.c > > > index 948a5548b..0faac4d1d 100644 > > > --- a/src/shared/att.c > > > +++ b/src/shared/att.c > > > @@ -886,6 +886,8 @@ static bool handle_signed(struct bt_att *att, uint8_t opcode, uint8_t *pdu, > > > { > > > uint8_t *signature; > > > uint32_t sign_cnt; > > > + uint8_t *copy_pdu = NULL; > > > + uint8_t *generated_signature; > > > struct sign_info *sign; > > > > > > /* Check if there is enough data for a signature */ > > > @@ -903,15 +905,29 @@ static bool handle_signed(struct bt_att *att, uint8_t opcode, uint8_t *pdu, > > > if (!sign->counter(&sign_cnt, sign->user_data)) > > > goto fail; > > > > > > - /* Generate signature and verify it */ > > > - if (!bt_crypto_sign_att(att->crypto, sign->key, pdu, > > > - pdu_len - BT_ATT_SIGNATURE_LEN, sign_cnt, > > > - signature)) > > > + /* Generate signature */ > > > + copy_pdu = malloc(pdu_len + 1); > > > + if (!copy_pdu) > > > goto fail; > > > > > > + copy_pdu[0] = opcode; > > > + memcpy(copy_pdu + 1, pdu, pdu_len - BT_ATT_SIGNATURE_LEN); > > > + generated_signature = copy_pdu + pdu_len - BT_ATT_SIGNATURE_LEN + 1; > > > + > > > + if (!bt_crypto_sign_att(att->crypto, sign->key, copy_pdu, > > > + pdu_len - BT_ATT_SIGNATURE_LEN + 1, sign_cnt, > > > + generated_signature)) > > > + goto fail; > > > + > > > + /* Verify received signature */ > > > + if (memcmp(generated_signature, signature, BT_ATT_SIGNATURE_LEN)) > > > + goto fail; > > > > > > + free(copy_pdu); > > > > While this seems to do a proper check perhaps it is better to have a > > helper function in crypto to do that for us, so we can unit test it as > > well, also I would consider the possibility of doing the comparison in > > place since you don't seem to modify the PDU contents at any point we > > just want to compare the signatures match. > > I realize this may not be clear, what I meant is that we don't need a > extra copy of the PDU if its contents is no altered at any point. > > > > return true; > > > > > > fail: > > > + free(copy_pdu); > > > util_debug(att->debug_callback, att->debug_data, > > > "ATT failed to verify signature: 0x%02x", opcode); > > > > > > @@ -925,7 +941,7 @@ static void handle_notify(struct bt_att_chan *chan, uint8_t opcode, > > > const struct queue_entry *entry; > > > bool found; > > > > > > - if ((opcode & ATT_OP_SIGNED_MASK) && !att->crypto) { > > > + if ((opcode & ATT_OP_SIGNED_MASK) && att->crypto) { > > > if (!handle_signed(att, opcode, pdu, pdu_len)) > > > return; > > > pdu_len -= BT_ATT_SIGNATURE_LEN; > > > -- > > > 2.25.1.696.g5e7596f4ac-goog > > > > > > > > > -- > > Luiz Augusto von Dentz > > > > -- > Luiz Augusto von Dentz