DivestOS/Patches/LineageOS-16.0/android_system_bt/377782.patch

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Brian Delwiche <delwiche@google.com>
Date: Tue, 3 Oct 2023 21:27:49 +0000
Subject: [PATCH] Fix timing attack in BTM_BleVerifySignature

BTM_BleVerifySignature uses a stock memcmp, allowing signature contents
to be deduced through a side-channel attack.

Change to CRYPTO_memcmp, which is hardened against this attack, to
eliminate this attack.

Bug: 274478807
Test: atest bluetooth_test_gd_unit
Tag: #security
Ignore-AOSP-First: Security
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:fcd1c44f7c4bf431dd6a6902d74c045174bd00ce)
Merged-In: I41a9b586d663d2ad4694222ae451d2d30a428a3c
Change-Id: I41a9b586d663d2ad4694222ae451d2d30a428a3c
---
 stack/Android.bp     | 1 +
 stack/btm/btm_ble.cc | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/stack/Android.bp b/stack/Android.bp
index 03e2c940b..93c989ff5 100644
--- a/stack/Android.bp
+++ b/stack/Android.bp
@@ -179,6 +179,7 @@ cc_library_static {
         "libcutils",
         "liblog",
         "libstatslog",
+        "libcrypto",
     ],
     required: [
         "libldacBT_enc",
diff --git a/stack/btm/btm_ble.cc b/stack/btm/btm_ble.cc
index 48f4496b1..82699286a 100644
--- a/stack/btm/btm_ble.cc
+++ b/stack/btm/btm_ble.cc
@@ -41,6 +41,7 @@
 #include "hcimsgs.h"
 #include "log/log.h"
 #include "l2c_int.h"
+#include "openssl/mem.h"
 #include "osi/include/log.h"
 #include "osi/include/osi.h"
 #include "smp_api.h"
@@ -2261,7 +2262,7 @@ bool BTM_BleVerifySignature(const RawAddress& bd_addr, uint8_t* p_orig,
 
     if (aes_cipher_msg_auth_code(p_rec->ble.keys.pcsrk, p_orig, len,
                                  BTM_CMAC_TLEN_SIZE, p_mac)) {
-      if (memcmp(p_mac, p_comp, BTM_CMAC_TLEN_SIZE) == 0) {
+      if (CRYPTO_memcmp(p_mac, p_comp, BTM_CMAC_TLEN_SIZE) == 0) {
         btm_ble_increment_sign_ctr(bd_addr, false);
         verified = true;
       }
16.0: Import and verify picks https://review.lineageos.org/q/topic:P_asb_2022-05 https://review.lineageos.org/q/topic:P_asb_2022-06 https://review.lineageos.org/q/topic:P_asb_2022-07 https://review.lineageos.org/q/topic:P_asb_2022-08 https://review.lineageos.org/q/topic:P_asb_2022-09 https://review.lineageos.org/q/topic:P_asb_2022-10 https://review.lineageos.org/q/topic:P_asb_2022-11 https://review.lineageos.org/q/topic:P_asb_2022-12 https://review.lineageos.org/q/topic:P_asb_2023-01 https://review.lineageos.org/q/topic:P_asb_2023-02 https://review.lineageos.org/q/topic:P_asb_2023-03 https://review.lineageos.org/q/topic:P_asb_2023-04 https://review.lineageos.org/q/topic:P_asb_2023-05 https://review.lineageos.org/q/topic:P_asb_2023-06 https://review.lineageos.org/q/topic:P_asb_2023-07 accounted for via manifest change: https://review.lineageos.org/c/LineageOS/android_external_freetype/+/361250 https://review.lineageos.org/q/topic:P_asb_2023-08 accounted for via manifest change: https://review.lineageos.org/c/LineageOS/android_external_freetype/+/364606 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/365328 https://review.lineageos.org/q/topic:P_asb_2023-09 https://review.lineageos.org/q/topic:P_asb_2023-10 https://review.lineageos.org/q/topic:P_asb_2023-11 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/374916 https://review.lineageos.org/q/topic:P_asb_2023-12 https://review.lineageos.org/q/topic:P_asb_2024-01 https://review.lineageos.org/q/topic:P_asb_2024-02 https://review.lineageos.org/q/topic:P_asb_2024-03 https://review.lineageos.org/q/topic:P_asb_2024-04 Signed-off-by: Tavi <tavi@divested.dev> 2024-05-07 19:13:31 -04:00			`From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001`
			`From: Brian Delwiche <delwiche@google.com>`
			`Date: Tue, 3 Oct 2023 21:27:49 +0000`
			`Subject: [PATCH] Fix timing attack in BTM_BleVerifySignature`

			`BTM_BleVerifySignature uses a stock memcmp, allowing signature contents`
			`to be deduced through a side-channel attack.`

			`Change to CRYPTO_memcmp, which is hardened against this attack, to`
			`eliminate this attack.`

			`Bug: 274478807`
			`Test: atest bluetooth_test_gd_unit`
			`Tag: #security`
			`Ignore-AOSP-First: Security`
			`(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:fcd1c44f7c4bf431dd6a6902d74c045174bd00ce)`
			`Merged-In: I41a9b586d663d2ad4694222ae451d2d30a428a3c`
			`Change-Id: I41a9b586d663d2ad4694222ae451d2d30a428a3c`
			`---`
			`stack/Android.bp \| 1 +`
			`stack/btm/btm_ble.cc \| 3 ++-`
			`2 files changed, 3 insertions(+), 1 deletion(-)`

			`diff --git a/stack/Android.bp b/stack/Android.bp`
			`index 03e2c940b..93c989ff5 100644`
			`--- a/stack/Android.bp`
			`+++ b/stack/Android.bp`
			`@@ -179,6 +179,7 @@ cc_library_static {`
			`"libcutils",`
			`"liblog",`
			`"libstatslog",`
			`+ "libcrypto",`
			`],`
			`required: [`
			`"libldacBT_enc",`
			`diff --git a/stack/btm/btm_ble.cc b/stack/btm/btm_ble.cc`
			`index 48f4496b1..82699286a 100644`
			`--- a/stack/btm/btm_ble.cc`
			`+++ b/stack/btm/btm_ble.cc`
			`@@ -41,6 +41,7 @@`
			`#include "hcimsgs.h"`
			`#include "log/log.h"`
			`#include "l2c_int.h"`
			`+#include "openssl/mem.h"`
			`#include "osi/include/log.h"`
			`#include "osi/include/osi.h"`
			`#include "smp_api.h"`
			`@@ -2261,7 +2262,7 @@ bool BTM_BleVerifySignature(const RawAddress& bd_addr, uint8_t* p_orig,`

			`if (aes_cipher_msg_auth_code(p_rec->ble.keys.pcsrk, p_orig, len,`
			`BTM_CMAC_TLEN_SIZE, p_mac)) {`
			`- if (memcmp(p_mac, p_comp, BTM_CMAC_TLEN_SIZE) == 0) {`
			`+ if (CRYPTO_memcmp(p_mac, p_comp, BTM_CMAC_TLEN_SIZE) == 0) {`
			`btm_ble_increment_sign_ctr(bd_addr, false);`
			`verified = true;`
			`}`