Bluedroid: Fixes for some vulnerabilities.

Browse Source

This commit fixes 'Impersonation in Passkey entry protocol'
(CVE-2020-26558) and suggests fixes for other vulnerabilites like
'Impersonation in the Pin Pairing Protocol' (CVE-2020-26555) and
'Authentication of the LE Legacy Pairing Protocol'

CVE-2020-26558 can be easily implemented if the peer device can
impersonate our public key. This commit adds a check by comparing our
and received public key and returns failed pairing if keys are same.

This commit also adds comments suggesting to use secure connection when
supported by all devices.

...

This commit is contained in:

Chinmay Chhajed

2020-12-22 12:36:07 +05:30

parent cc8525f630

commit 0b84a1242e

2 changed files with 3487 additions and 0 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

1300

components/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h Normal file

File diff suppressed because it is too large Load Diff

2187

components/bt/host/bluedroid/stack/smp/smp_act.c Normal file

File diff suppressed because it is too large Load Diff