Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7d7adde6 authored by Jakub Pawlowski's avatar Jakub Pawlowski
Browse files

GD: Use proper random number generator 

Bluetooth requires random number generator that is compliant with FIPS PUB 140-2
Use implementation from BoringSSL, it does meet that requirement.

Bug: 139138713
Change-Id: If9ab33918b9ed3e5cb81c0ab4a5f326ee4bc1be8
parent 4f664ba0

system/gd/Android.bp

+6 −0
Original line number Diff line number Diff line
@@ -149,6 +149,7 @@ cc_library { 
    ],

    shared_libs: [

        "libchrome",

        "libcrypto",

    ],

}
@@ -185,6 +186,7 @@ cc_binary { 
    ],

    shared_libs: [

        "libchrome",

        "libcrypto",

        "libgrpc++_unsecure",

        "libprotobuf-cpp-full",

    ],
@@ -260,6 +262,7 @@ cc_test { 
    ],

    shared_libs: [

        "libchrome",

        "libcrypto",

    ],

    sanitize: {

        address: true,
@@ -305,6 +308,9 @@ cc_fuzz { 
  generated_headers: [

    "BluetoothGeneratedPackets_h",

  ],

  shared_libs: [

    "libcrypto",

  ],

  target: {

    android: {

        shared_libs: [

system/gd/Android.mk

+2 −0
Original line number Diff line number Diff line
@@ -20,6 +20,7 @@ LOCAL_host_libraries := \ 
	$(HOST_OUT_SHARED_LIBRARIES)/libbluetooth_gd.so \

	$(HOST_OUT_SHARED_LIBRARIES)/libc++.so \

	$(HOST_OUT_SHARED_LIBRARIES)/libchrome.so \

	$(HOST_OUT_SHARED_LIBRARIES)/libcrypto-host.so \

	$(HOST_OUT_SHARED_LIBRARIES)/libevent-host.so \

	$(HOST_OUT_SHARED_LIBRARIES)/libgrpc++_unsecure.so \

	$(HOST_OUT_SHARED_LIBRARIES)/liblog.so \
@@ -30,6 +31,7 @@ LOCAL_target_executables := \ 
	$(TARGET_OUT_EXECUTABLES)/bluetooth_stack_with_facade



LOCAL_target_libraries := \

	$(TARGET_OUT_SHARED_LIBRARIES)/libcrypto.so \

	$(TARGET_OUT_SHARED_LIBRARIES)/libbluetooth_gd.so \

	$(TARGET_OUT_SHARED_LIBRARIES)/libgrpc++_unsecure.so

system/gd/os/rand.h

0 → 100644
+40 −0
Original line number Diff line number Diff line 
/*

 * Copyright 2020 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



#pragma once



#include <array>



#include <openssl/rand.h>



namespace bluetooth {

namespace os {



template <size_t SIZE>

std::array<uint8_t, SIZE> GenerateRandom() {

  std::array<uint8_t, SIZE> ret;

  ASSERT(RAND_bytes(ret.data(), ret.size()) == 1);

  return ret;

}



inline uint32_t GenerateRandom() {

  uint32_t ret{};

  ASSERT(RAND_bytes((uint8_t*)(&ret), sizeof(uint32_t)) == 1);

  return ret;

}



}  // namespace os

}  // namespace bluetooth
 
 No newline at end of file

system/gd/security/pairing_handler_le.cc

+11 −0
Original line number Diff line number Diff line
@@ -18,9 +18,20 @@ 


#include "security/pairing_handler_le.h"



#include "os/rand.h"



namespace bluetooth {

namespace security {



MyOobData PairingHandlerLe::GenerateOobData() {

  MyOobData data{};

  std::tie(data.private_key, data.public_key) = GenerateECDHKeyPair();



  data.r = bluetooth::os::GenerateRandom<16>();

  data.c = crypto_toolbox::f4(data.public_key.x.data(), data.public_key.x.data(), data.r, 0);

  return data;

}



void PairingHandlerLe::PairingMain(InitialInformations i) {

  LOG_INFO("Pairing Started");

system/gd/security/pairing_handler_le.h

+1 −25
Original line number Diff line number Diff line
@@ -177,14 +177,7 @@ class PairingHandlerLe { 


  /* This function generates data that should be passed to remote device, except

     the private key. */

  static MyOobData GenerateOobData() {

    MyOobData data;

    std::tie(data.private_key, data.public_key) = GenerateECDHKeyPair();



    data.r = GenerateRandom<16>();

    data.c = crypto_toolbox::f4(data.public_key.x.data(), data.public_key.x.data(), data.r, 0);

    return data;

  }

  static MyOobData GenerateOobData();



  std::variant<PairingFailure, KeyExchangeResult> ExchangePublicKeys(const InitialInformations& i,

                                                                     OobDataFlag remote_have_oob_data);
@@ -463,23 +456,6 @@ class PairingHandlerLe { 
    return WaitPacket<Code::SIGNING_INFORMATION>();

  }



  template <size_t SIZE>

  static std::array<uint8_t, SIZE> GenerateRandom() {

    // TODO:  We need a proper  random number generator here.

    // use current time as seed for random generator

    std::srand(std::time(nullptr));

    std::array<uint8_t, SIZE> r;

    for (size_t i = 0; i < SIZE; i++) r[i] = std::rand();

    return r;

  }



  uint32_t GenerateRandom() {

    // TODO:  We need a proper  random number generator here.

    // use current time as seed for random generator

    std::srand(std::time(nullptr));

    return std::rand();

  }



  /* This is just for test, never use in production code! */

  void WaitUntilPairingFinished() {

    thread_.join();