Port Cordio LE Secure Connections check from PacketCraft

This change is provided by Packetcraft (which maintains the Cordio BLE stack) to address possible Sweyntooth vulnerabilities. (cherry picked from commit c927773115)
2020-04-09 15:06:53 +01:00 · 2020-04-09 15:06:53 +01:00 · 568c1f915f
parent 421becce8d
commit 568c1f915f
3 changed files with 40 additions and 0 deletions
--- a/features/FEATURE_BLE/targets/TARGET_CORDIO/stack/ble-host/include/smp_api.h
+++ b/features/FEATURE_BLE/targets/TARGET_CORDIO/stack/ble-host/include/smp_api.h
@ -1,4 +1,5 @@
 /* Copyright (c) 2009-2019 Arm Limited
+ * Copyright (c) 2019-2020 Packetcraft, Inc.
 * SPDX-License-Identifier: Apache-2.0
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
@ -252,6 +253,17 @@ void SmpDmMsgSend(smpDmMsg_t *pMsg);
 /*************************************************************************************************/
 void SmpDmEncryptInd(wsfMsgHdr_t *pMsg);

+/*************************************************************************************************/
+/*!
+ *  \brief  Check if LE Secure Connections is enabled on the connection.
+ *
+ *  \param  connId    Connection identifier.
+ *
+ *  \return TRUE is Secure Connections is enabled, else FALSE
+ */
+/*************************************************************************************************/
+bool_t SmpDmLescEnabled(dmConnId_t connId);
+
 /*************************************************************************************************/
 /*!
 *  \brief  Return the STK for the given connection.
--- a/features/FEATURE_BLE/targets/TARGET_CORDIO/stack/ble-host/sources/stack/dm/dm_sec.c
+++ b/features/FEATURE_BLE/targets/TARGET_CORDIO/stack/ble-host/sources/stack/dm/dm_sec.c
@ -1,4 +1,5 @@
 /* Copyright (c) 2009-2019 Arm Limited
+ * Copyright (c) 2019-2020 Packetcraft, Inc.
 * SPDX-License-Identifier: Apache-2.0
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
@ -117,6 +118,12 @@ void dmSecHciHandler(hciEvt_t *pEvent)
          return;
        }
      }
+      else if (SmpDmLescEnabled(pCcb->connId) == TRUE)
+      {
+        /* EDIV and Rand must be zero in LE Secure Connections */
+        HciLeLtkReqNegReplCmd(pEvent->hdr.param);
+        return;
+      }

      /* call callback to get key from app */

--- a/features/FEATURE_BLE/targets/TARGET_CORDIO/stack/ble-host/sources/stack/smp/smp_main.c
+++ b/features/FEATURE_BLE/targets/TARGET_CORDIO/stack/ble-host/sources/stack/smp/smp_main.c
@ -695,6 +695,27 @@ uint8_t smpGetScSecLevel(smpCcb_t *pCcb)
  return secLevel;
 }

+/*************************************************************************************************/
+/*!
+ *  \brief  Check if LE Secure Connections is enabled on the connection.
+ *
+ *  \param  connId    Connection identifier.
+ *
+ *  \return TRUE is Secure Connections is enabled, else FALSE
+ */
+/*************************************************************************************************/
+bool_t SmpDmLescEnabled(dmConnId_t connId)
+{
+  smpCcb_t *pCcb = smpCcbByConnId(connId);
+
+  if (pCcb == NULL || pCcb->pScCcb == NULL)
+  {
+    return FALSE;
+  }
+
+  return pCcb->pScCcb->lescEnabled;
+}
+
 /*************************************************************************************************/
 /*!
 *  \brief  Return the STK for the given connection.