mirror/btstack
1
0
Fork 0
mirror of https://github.com/bluekitchen/btstack.git synced 2025-03-31 01:20:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

CVE-2020-26558: abort LE Secure Connection pairing if remote uses the same public key

Browse Source
This commit is contained in:
Matthias Ringwald 2021-06-22 15:22:17 +02:00
parent a50d6f9c6a
commit 0265874907
2 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@ -26,8 +26,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
- GAP: abort legacy pairing if Level 4 is required - GAP: abort legacy pairing if Level 4 is required
- GAP: abort SSP on IO Capabilities Request event if Level 4 is required but SC not supported by remote - GAP: abort SSP on IO Capabilities Request event if Level 4 is required but SC not supported by remote
- GAP: abort SSP on User Confirmation Request event if Level 3 is required but MITM protection not possible - GAP: abort SSP on User Confirmation Request event if Level 3 is required but MITM protection not possible
- GAP: check if minimal service security level can be reached in responder role - GAP: validate minimal service security level can be reached during pairing in responder role
- L2CAP: don't trigger hci disconnect if l2cap security requirements are insufficient - L2CAP: don't trigger hci disconnect if l2cap security requirements are insufficient
- CVE-2020-26558: abort LE Secure Connection pairing if remote uses the same public key
## Release v1.4 ## Release v1.4
@ -107,6 +108,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
- HSP AG: emit HSP_SUBEVENT_BUTTON_PRESSED instead of audio connection setup/release - HSP AG: emit HSP_SUBEVENT_BUTTON_PRESSED instead of audio connection setup/release
- Example: use `btstack_event.h` getters instead of direct array access, use enum to compare status codes - Example: use `btstack_event.h` getters instead of direct array access, use enum to compare status codes
## Release v1.3.2 ## Release v1.3.2
### Added ### Added

9
src/ble/sm.c
View File

@ -4046,10 +4046,17 @@ static void sm_pdu_handler(uint8_t packet_type, hci_con_handle_t con_handle, uin
reverse_256(&packet[01], &setup->sm_peer_q[0]); reverse_256(&packet[01], &setup->sm_peer_q[0]);
reverse_256(&packet[33], &setup->sm_peer_q[32]); reverse_256(&packet[33], &setup->sm_peer_q[32]);
// CVE-2020-26558: abort pairing if remote uses the same public key
if (memcmp(&setup->sm_peer_q, ec_q, 64) == 0){
log_info("Remote PK matches ours");
sm_pairing_error(sm_conn, SM_REASON_DHKEY_CHECK_FAILED);
break;
}
// validate public key // validate public key
err = btstack_crypto_ecc_p256_validate_public_key(setup->sm_peer_q); err = btstack_crypto_ecc_p256_validate_public_key(setup->sm_peer_q);
if (err != 0){ if (err != 0){
log_error("sm: peer public key invalid %x", err); log_info("sm: peer public key invalid %x", err);
sm_pairing_error(sm_conn, SM_REASON_DHKEY_CHECK_FAILED); sm_pairing_error(sm_conn, SM_REASON_DHKEY_CHECK_FAILED);
break; break;
} }