mesh: Validate OTA provision security material

When validating incoming security material, ensure that the data is unique to the provisioning session.
author: Brian Gix <brian.gix@intel.com> 2021-03-08 15:36:53 -0800
committer: Brian Gix <brian.gix@intel.com> 2021-03-09 06:09:01 -0800
commit: 13c98ce3256f852b1d43c9dec1fe0d0a217f5d43 (patch)
tree: b08fe16f9d50d8aa715a0e37087b910b8edfe853 /mesh/prov-initiator.c
parent: f3e4937bc6a4fd01e21a5b26d40807c33572e7cb (diff)
download: bluez-13c98ce3256f852b1d43c9dec1fe0d0a217f5d43.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/mesh/prov-initiator.c b/mesh/prov-initiator.c
index 8399282ee..4f492a49c 100644
--- a/mesh/prov-initiator.c
+++ b/mesh/prov-initiator.c
@@ -202,6 +202,10 @@ static bool prov_calc_secret(const uint8_t *pub, const uint8_t *priv,
 
 static bool int_credentials(struct mesh_prov_initiator *prov)
 {
+	if (!memcmp(prov->conf_inputs.prv_pub_key,
+					prov->conf_inputs.dev_pub_key, 64))
+		return false;
+
 	if (!prov_calc_secret(prov->conf_inputs.dev_pub_key,
 				prov->private_key, prov->secret))
 		return false;
@@ -736,6 +740,12 @@ static void int_prov_rx(void *user_data, const uint8_t *data, uint16_t len)
 	case PROV_RANDOM: /* Random */
 		prov->state = INT_PROV_RAND_ACKED;
 
+		/* Disallow matching random values */
+		if (!memcmp(prov->rand_auth_workspace, data, 16)) {
+			fail_code[1] = PROV_ERR_INVALID_PDU;
+			goto failure;
+		}
+
 		/* RXed Device Confirmation */
 		calc_local_material(data);
 		memcpy(prov->rand_auth_workspace + 16, data, 16);
author	Brian Gix <brian.gix@intel.com>	2021-03-08 15:36:53 -0800
committer	Brian Gix <brian.gix@intel.com>	2021-03-09 06:09:01 -0800
commit	13c98ce3256f852b1d43c9dec1fe0d0a217f5d43 (patch)
tree	b08fe16f9d50d8aa715a0e37087b910b8edfe853 /mesh/prov-initiator.c
parent	f3e4937bc6a4fd01e21a5b26d40807c33572e7cb (diff)
download	bluez-13c98ce3256f852b1d43c9dec1fe0d0a217f5d43.tar.gz