Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fd94bb2e authored by Andre Eisenbach's avatar Andre Eisenbach
Browse files

DO NOT MERGE SMP: Validate remote elliptic curve points 

Fixes: 72377774
Test: net_test_stack_smp (where applicable)
Change-Id: Iefcf97364493467075fadefd77d12716f71cd4f6
(cherry picked from commit 9fd31a04)
parent b0ff1b81

system/stack/smp/p_256_ecc_pp.c

+24 −1
Original line number Diff line number Diff line
@@ -259,4 +259,27 @@ void ECC_PointMult_Bin_NAF(Point *q, Point *p, DWORD *n, uint32_t keyLength) 
    multiprecision_mersenns_mult_mod(q->y, q->y, q->z, keyLength);

}



bool ECC_ValidatePoint(const Point* pt) {

    const size_t kl = KEY_LENGTH_DWORDS_P256;

    p_256_init_curve(kl);



    // Ensure y^2 = x^3 + a*x + b (mod p); a = -3



    // y^2 mod p

    DWORD y2_mod[kl];

    memset(y2_mod, 0, sizeof(y2_mod));

    multiprecision_mersenns_squa_mod(y2_mod, (DWORD*)pt->y, kl);



    // Right hand side calculation

    DWORD rhs[kl];

    memset(rhs, 0, sizeof(rhs));

    multiprecision_mersenns_squa_mod(rhs, (DWORD*)pt->x, kl);

    DWORD three[kl];

    memset(three, 0, sizeof(three));

    three[0] = 3;

    multiprecision_sub_mod(rhs, rhs, three, kl);

    multiprecision_mersenns_mult_mod(rhs, rhs, (DWORD*)pt->x, kl);

    multiprecision_add_mod(rhs, rhs, curve_p256.b, kl);



    return multiprecision_compare(rhs, y2_mod, kl) == 0;

}

system/stack/smp/p_256_ecc_pp.h

+3 −0
Original line number Diff line number Diff line
@@ -24,6 +24,7 @@ 


#pragma once



#include <stdbool.h>

#include "p_256_multprecision.h"



typedef unsigned long  DWORD;
@@ -56,6 +57,8 @@ typedef struct { 
extern elliptic_curve_t curve;

extern elliptic_curve_t curve_p256;



bool ECC_ValidatePoint(const Point* p);



void ECC_PointMult_Bin_NAF(Point *q, Point *p, DWORD *n, uint32_t keyLength);



#define ECC_PointMult(q, p, n, keyLength)  ECC_PointMult_Bin_NAF(q, p, n, keyLength)

system/stack/smp/smp_act.c

+13 −0
Original line number Diff line number Diff line
@@ -16,11 +16,13 @@ 
 *

 ******************************************************************************/



#include <log/log.h>

#include <string.h>

#include "device/include/interop.h"

#include "include/bt_target.h"

#include "stack/btm/btm_int.h"

#include "stack/include/l2c_api.h"

#include "stack/smp/p_256_ecc_pp.h"

#include "stack/smp/smp_int.h"

#include "utils/include/bt_utils.h"
@@ -745,6 +747,17 @@ void smp_process_pairing_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 


    STREAM_TO_ARRAY(p_cb->peer_publ_key.x, p, BT_OCTET32_LEN);

    STREAM_TO_ARRAY(p_cb->peer_publ_key.y, p, BT_OCTET32_LEN);



    Point pt;

    memcpy(pt.x, p_cb->peer_publ_key.x, BT_OCTET32_LEN);

    memcpy(pt.y, p_cb->peer_publ_key.y, BT_OCTET32_LEN);



    if (!ECC_ValidatePoint(&pt)) {

        android_errorWriteLog(0x534e4554, "72377774");

        smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);

        return;

    }



    p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY;



    smp_wait_for_both_public_keys(p_cb, NULL);