Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7a960ac1 authored by Brian Delwiche's avatar Brian Delwiche
Browse files

Fix timing attack in BTM_BleVerifySignature 

BTM_BleVerifySignature uses a stock memcmp, allowing signature contents
to be deduced through a side-channel attack.

Change to CRYPTO_memcmp, which is hardened against this attack, to
eliminate this attack.

Bug: 274478807
Test: atest bluetooth_test_gd_unit
Tag: #security
Ignore-AOSP-First: Security
Merged-In: I7f5646b683209bc6a6fbce8d4702ec311adc9cfc
Change-Id: Iddeff055d9064f51a1e0cfb851d8b74135a714c2
parent c2166e96

system/stack/btm/btm_ble.cc

+4 −3
Original line number Diff line number Diff line
@@ -25,12 +25,15 @@ 


#define LOG_TAG "bt_btm_ble"



#include <base/logging.h>



#include <cstdint>



#include "device/include/controller.h"

#include "main/shim/btm_api.h"

#include "main/shim/l2c_api.h"

#include "main/shim/shim.h"

#include "openssl/mem.h"

#include "osi/include/allocator.h"

#include "osi/include/properties.h"

#include "stack/btm/btm_dev.h"
@@ -48,8 +51,6 @@ 
#include "stack/include/smp_api.h"

#include "types/raw_address.h"



#include <base/logging.h>



extern tBTM_CB btm_cb;



extern bool btm_ble_init_pseudo_addr(tBTM_SEC_DEV_REC* p_dev_rec,
@@ -2006,7 +2007,7 @@ bool BTM_BleVerifySignature(const RawAddress& bd_addr, uint8_t* p_orig, 


    crypto_toolbox::aes_cmac(p_rec->ble.keys.pcsrk, p_orig, len,

                             BTM_CMAC_TLEN_SIZE, p_mac);

    if (memcmp(p_mac, p_comp, BTM_CMAC_TLEN_SIZE) == 0) {

    if (CRYPTO_memcmp(p_mac, p_comp, BTM_CMAC_TLEN_SIZE) == 0) {

      btm_ble_increment_sign_ctr(bd_addr, false);

      verified = true;

    }