From: Andre Eisenbach Date: Wed, 4 Apr 2018 20:38:38 +0000 (-0700) Subject: DO NOT MERGE SMP: Validate remote elliptic curve points X-Git-Tag: android-x86-9.0-r1~71^2^2^2^2^2~8^2^2^2^2 X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=1a9023fffbdb4c2377f7d77afac3eeec08c2e800;p=android-x86%2Fsystem-bt.git DO NOT MERGE SMP: Validate remote elliptic curve points Fixes: 72377774 Test: net_test_stack_smp (where applicable) Change-Id: Iefcf97364493467075fadefd77d12716f71cd4f6 (cherry picked from commit 9181ec28da94705a763edbe60bd2a87e5f882beb) --- diff --git a/stack/smp/p_256_ecc_pp.c b/stack/smp/p_256_ecc_pp.c index 2eaebd4eb..bbe126d78 100644 --- a/stack/smp/p_256_ecc_pp.c +++ b/stack/smp/p_256_ecc_pp.c @@ -259,4 +259,27 @@ void ECC_PointMult_Bin_NAF(Point *q, Point *p, DWORD *n, uint32_t keyLength) multiprecision_mersenns_mult_mod(q->y, q->y, q->z, keyLength); } - +bool ECC_ValidatePoint(const Point* pt) { + const size_t kl = KEY_LENGTH_DWORDS_P256; + p_256_init_curve(kl); + + // Ensure y^2 = x^3 + a*x + b (mod p); a = -3 + + // y^2 mod p + DWORD y2_mod[kl]; + memset(y2_mod, 0, sizeof(y2_mod)); + multiprecision_mersenns_squa_mod(y2_mod, (DWORD*)pt->y, kl); + + // Right hand side calculation + DWORD rhs[kl]; + memset(rhs, 0, sizeof(rhs)); + multiprecision_mersenns_squa_mod(rhs, (DWORD*)pt->x, kl); + DWORD three[kl]; + memset(three, 0, sizeof(three)); + three[0] = 3; + multiprecision_sub_mod(rhs, rhs, three, kl); + multiprecision_mersenns_mult_mod(rhs, rhs, (DWORD*)pt->x, kl); + multiprecision_add_mod(rhs, rhs, curve_p256.b, kl); + + return multiprecision_compare(rhs, y2_mod, kl) == 0; +} diff --git a/stack/smp/p_256_ecc_pp.h b/stack/smp/p_256_ecc_pp.h index fd3dc64fe..27869ba05 100644 --- a/stack/smp/p_256_ecc_pp.h +++ b/stack/smp/p_256_ecc_pp.h @@ -24,6 +24,7 @@ #pragma once +#include #include "p_256_multprecision.h" typedef unsigned long DWORD; @@ -56,6 +57,8 @@ typedef struct { extern elliptic_curve_t curve; extern elliptic_curve_t curve_p256; +bool ECC_ValidatePoint(const Point* p); + void ECC_PointMult_Bin_NAF(Point *q, Point *p, DWORD *n, uint32_t keyLength); #define ECC_PointMult(q, p, n, keyLength) ECC_PointMult_Bin_NAF(q, p, n, keyLength) diff --git a/stack/smp/smp_act.c b/stack/smp/smp_act.c index 1e3effe02..78db66a72 100644 --- a/stack/smp/smp_act.c +++ b/stack/smp/smp_act.c @@ -16,11 +16,13 @@ * ******************************************************************************/ +#include #include #include "device/include/interop.h" #include "include/bt_target.h" #include "stack/btm/btm_int.h" #include "stack/include/l2c_api.h" +#include "stack/smp/p_256_ecc_pp.h" #include "stack/smp/smp_int.h" #include "utils/include/bt_utils.h" @@ -745,6 +747,17 @@ void smp_process_pairing_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) STREAM_TO_ARRAY(p_cb->peer_publ_key.x, p, BT_OCTET32_LEN); STREAM_TO_ARRAY(p_cb->peer_publ_key.y, p, BT_OCTET32_LEN); + + Point pt; + memcpy(pt.x, p_cb->peer_publ_key.x, BT_OCTET32_LEN); + memcpy(pt.y, p_cb->peer_publ_key.y, BT_OCTET32_LEN); + + if (!ECC_ValidatePoint(&pt)) { + android_errorWriteLog(0x534e4554, "72377774"); + smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); + return; + } + p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY; smp_wait_for_both_public_keys(p_cb, NULL);