Port Cordio LE Secure Connections check from PacketCraft

This change is provided by Packetcraft (which maintains the Cordio BLE stack) to address possible Sweyntooth vulnerabilities.
2020-04-09 15:06:53 +01:00 · 2020-04-09 15:06:53 +01:00 · c927773115
parent 0402fe4efb
commit c927773115
3 changed files with 40 additions and 0 deletions
--- a/features/FEATURE_BLE/targets/TARGET_CORDIO/stack/ble-host/include/smp_api.h
+++ b/features/FEATURE_BLE/targets/TARGET_CORDIO/stack/ble-host/include/smp_api.h
@ -1,4 +1,5 @@
 /* Copyright (c) 2009-2019 Arm Limited
+ * Copyright (c) 2019-2020 Packetcraft, Inc.
 * SPDX-License-Identifier: Apache-2.0
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
@ -252,6 +253,17 @@ void SmpDmMsgSend(smpDmMsg_t *pMsg);
 /*************************************************************************************************/
 void SmpDmEncryptInd(wsfMsgHdr_t *pMsg);

+/*************************************************************************************************/
+/*!
+ *  \brief  Check if LE Secure Connections is enabled on the connection.
+ *
+ *  \param  connId    Connection identifier.
+ *
+ *  \return TRUE is Secure Connections is enabled, else FALSE
+ */
+/*************************************************************************************************/
+bool_t SmpDmLescEnabled(dmConnId_t connId);
+
 /*************************************************************************************************/
 /*!
 *  \brief  Return the STK for the given connection.
--- a/features/FEATURE_BLE/targets/TARGET_CORDIO/stack/ble-host/sources/stack/dm/dm_sec.c
+++ b/features/FEATURE_BLE/targets/TARGET_CORDIO/stack/ble-host/sources/stack/dm/dm_sec.c
@ -1,4 +1,5 @@
 /* Copyright (c) 2009-2019 Arm Limited
+ * Copyright (c) 2019-2020 Packetcraft, Inc.
 * SPDX-License-Identifier: Apache-2.0
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
@ -117,6 +118,12 @@ void dmSecHciHandler(hciEvt_t *pEvent)
          return;
        }
      }
+      else if (SmpDmLescEnabled(pCcb->connId) == TRUE)
+      {
+        /* EDIV and Rand must be zero in LE Secure Connections */
+        HciLeLtkReqNegReplCmd(pEvent->hdr.param);
+        return;
+      }

      /* call callback to get key from app */

--- a/features/FEATURE_BLE/targets/TARGET_CORDIO/stack/ble-host/sources/stack/smp/smp_main.c
+++ b/features/FEATURE_BLE/targets/TARGET_CORDIO/stack/ble-host/sources/stack/smp/smp_main.c
@ -695,6 +695,27 @@ uint8_t smpGetScSecLevel(smpCcb_t *pCcb)
  return secLevel;
 }

+/*************************************************************************************************/
+/*!
+ *  \brief  Check if LE Secure Connections is enabled on the connection.
+ *
+ *  \param  connId    Connection identifier.
+ *
+ *  \return TRUE is Secure Connections is enabled, else FALSE
+ */
+/*************************************************************************************************/
+bool_t SmpDmLescEnabled(dmConnId_t connId)
+{
+  smpCcb_t *pCcb = smpCcbByConnId(connId);
+
+  if (pCcb == NULL || pCcb->pScCcb == NULL)
+  {
+    return FALSE;
+  }
+
+  return pCcb->pScCcb->lescEnabled;
+}
+
 /*************************************************************************************************/
 /*!
 *  \brief  Return the STK for the given connection.