Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 03d4e545 authored Jun 07, 2021 by Hansong Zhang Committed by Myles Watson Jun 23, 2021

SMP: Reject pairing if public_key.x match

Bug: 189329824
Test: POC
Test: pair an LE device
Change-Id: If6d8a72075f0cf657cadfab033cacffeb22868cb
Tag: #security
(cherry picked from commit 76e6abc3ba34443b7a8354f14b6daf872c380e75)

parent 69e0f4e5

system/gd/security/pairing_handler_le_secure_connections.cc

+5 −0

Original line number	Diff line number	Diff line
		@@ -59,6 +59,11 @@ std::variant<PairingFailure, KeyExchangeResult> PairingHandlerLe::ExchangePublic
		remote_public_key.y = ppkv.GetPublicKeyY();
		LOG_INFO("Received Public key from remote");

		if (public_key.x == remote_public_key.x) {
		LOG_INFO("Remote and local public keys can't match");
		return PairingFailure("Remote and local public keys match");
		}

		// validate received public key
		if (!ValidateECDHPoint(remote_public_key)) {
		// TODO: Spec is unclear what should happend when the point is not on

system/stack/smp/smp_act.cc

+1 −2

Original line number	Diff line number	Diff line
		@@ -695,8 +695,7 @@ void smp_process_pairing_public_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
		memcpy(pt.x, p_cb->peer_publ_key.x, BT_OCTET32_LEN);
		memcpy(pt.y, p_cb->peer_publ_key.y, BT_OCTET32_LEN);

		if (!memcmp(p_cb->peer_publ_key.x, p_cb->loc_publ_key.x, BT_OCTET32_LEN) &&
		!memcmp(p_cb->peer_publ_key.y, p_cb->loc_publ_key.y, BT_OCTET32_LEN)) {
		if (!memcmp(p_cb->peer_publ_key.x, p_cb->loc_publ_key.x, BT_OCTET32_LEN)) {
		android_errorWriteLog(0x534e4554, "174886838");
		SMP_TRACE_WARNING("Remote and local public keys can't match");
		tSMP_INT_DATA smp;