From 026587490746caba523909998b442a2ae1c06bb5 Mon Sep 17 00:00:00 2001
From: Matthias Ringwald <matthias@ringwald.ch>
Date: Tue, 22 Jun 2021 15:22:17 +0200
Subject: [PATCH] CVE-2020-26558: abort LE Secure Connection pairing if remote
 uses the same public key

---
 CHANGELOG.md | 4 +++-
 src/ble/sm.c | 9 ++++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 44395ad3c..ff23d1099 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -26,8 +26,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - GAP: abort legacy pairing if Level 4 is required
 - GAP: abort SSP on IO Capabilities Request event if Level 4 is required but SC not supported by remote
 - GAP: abort SSP on User Confirmation Request event if Level 3 is required but MITM protection not possible
-- GAP: check if minimal service security level can be reached in responder role
+- GAP: validate minimal service security level can be reached during pairing in responder role
 - L2CAP: don't trigger hci disconnect if l2cap security requirements are insufficient
+- CVE-2020-26558: abort LE Secure Connection pairing if remote uses the same public key
 
 ## Release v1.4
 
@@ -107,6 +108,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - HSP AG: emit HSP_SUBEVENT_BUTTON_PRESSED instead of audio connection setup/release
 - Example: use `btstack_event.h` getters instead of direct array access, use enum to compare status codes
 
+
 ## Release v1.3.2
 
 ### Added
diff --git a/src/ble/sm.c b/src/ble/sm.c
index dad9582ee..75e624faf 100644
--- a/src/ble/sm.c
+++ b/src/ble/sm.c
@@ -4046,10 +4046,17 @@ static void sm_pdu_handler(uint8_t packet_type, hci_con_handle_t con_handle, uin
             reverse_256(&packet[01], &setup->sm_peer_q[0]);
             reverse_256(&packet[33], &setup->sm_peer_q[32]);
 
+            // CVE-2020-26558: abort pairing if remote uses the same public key
+            if (memcmp(&setup->sm_peer_q, ec_q, 64) == 0){
+                log_info("Remote PK matches ours");
+                sm_pairing_error(sm_conn, SM_REASON_DHKEY_CHECK_FAILED);
+                break;
+            }
+
             // validate public key
             err = btstack_crypto_ecc_p256_validate_public_key(setup->sm_peer_q);
             if (err != 0){
-                log_error("sm: peer public key invalid %x", err);
+                log_info("sm: peer public key invalid %x", err);
                 sm_pairing_error(sm_conn, SM_REASON_DHKEY_CHECK_FAILED);
                 break;
             }