michaelh/zephyr
1
0
Fork 0
Code Releases Activity

Bluetooth: Mesh: Fix rejecting invalid remote public key

Browse source 
Mesh Profile Spec v1.0.1 | Section 5.4.2.3:
"The Provisioner and the device shall check whether the public key
provided by the peer device or obtained OOB is valid (see Section
5.4.3.1).

When the Provisioner receives an invalid public key, then provisioning
fails, and the Provisioner shall act as described in Section 5.4.4.
When the device receives an invalid public key, then provisioning
fails, and the device shall act as described in Section 5.4.4."

This is also in Erratum 10395 which is Mandatory for Mesh v1.0.

The code was already rejecting the key, however that rejection
happened only after we had already sent our public key as response,
which got interpreted as acceptance by the tester (PTS).

Fixes MESH/NODE/PROV/BI-13-C.

Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
This commit is contained in:
Johan Hedberg 2019-06-25 17:04:16 +03:00 committed by Johan Hedberg
commit c4e225109e
1 changed files with 16 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

28
subsys/bluetooth/host/mesh/prov.c
View file

@ -909,6 +909,20 @@ static void send_pub_key(void)
BT_DBG("Local Public Key: %s", bt_hex(key, 64));
/* Copy remote key in little-endian for bt_dh_key_gen().
* X and Y halves are swapped independently. Use response
* buffer as a temporary storage location. The bt_dh_key_gen()
* will also take care of validating the remote public key.
*/
sys_memcpy_swap(buf.data, &link.conf_inputs[17], 32);
sys_memcpy_swap(&buf.data[32], &link.conf_inputs[49], 32);
if (bt_dh_key_gen(buf.data, prov_dh_key_cb)) {
BT_ERR("Failed to generate DHKey");
prov_send_fail_msg(PROV_ERR_UNEXP_ERR);
return;
}
prov_buf_init(&buf, PROV_PUB_KEY);
/* Swap X and Y halves independently to big-endian */
@ -917,18 +931,8 @@ static void send_pub_key(void)
memcpy(&link.conf_inputs[81], &buf.data[1], 64);
prov_send(&buf);
/* Copy remote key in little-endian for bt_dh_key_gen().
* X and Y halves are swapped independently.
*/
net_buf_simple_reset(&buf);
sys_memcpy_swap(buf.data, &link.conf_inputs[17], 32);
sys_memcpy_swap(&buf.data[32], &link.conf_inputs[49], 32);
if (bt_dh_key_gen(buf.data, prov_dh_key_cb)) {
BT_ERR("Failed to generate DHKey");
prov_send_fail_msg(PROV_ERR_UNEXP_ERR);
if (prov_send(&buf)) {
BT_ERR("Failed to send Public Key");
return;
}