mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-07-18 09:11:57 +00:00
59bf3b75c7
https://review.lineageos.org/c/LineageOS/android_frameworks_base/+/353117 https://review.lineageos.org/q/topic:Q_asb_2023-03 https://review.lineageos.org/q/topic:Q_asb_2023-04 https://review.lineageos.org/q/topic:Q_asb_2023-05 https://review.lineageos.org/q/topic:Q_asb_2023-06 https://review.lineageos.org/q/topic:Q_asb_2023-07 https://review.lineageos.org/q/topic:Q_asb_2023-08 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/376560 https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/376561 https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/376562 https://review.lineageos.org/q/topic:Q_asb_2023-09 https://review.lineageos.org/q/topic:Q_asb_2023-10 https://review.lineageos.org/q/topic:Q_asb_2023-11 accounted for via patches: https://review.lineageos.org/c/LineageOS/android_system_ca-certificates/+/376563 accounted for via manifest change: https://review.lineageos.org/c/LineageOS/android_external_webp/+/376568 https://review.lineageos.org/q/topic:Q_asb_2023-12 https://review.lineageos.org/q/topic:Q_asb_2024-01 https://review.lineageos.org/q/topic:Q_asb_2024-02 https://review.lineageos.org/q/topic:Q_asb_2024-03 Signed-off-by: Tavi <tavi@divested.dev>
57 lines
1.9 KiB
Diff
57 lines
1.9 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Brian Delwiche <delwiche@google.com>
|
|
Date: Tue, 3 Oct 2023 21:27:49 +0000
|
|
Subject: [PATCH] Fix timing attack in BTM_BleVerifySignature
|
|
|
|
BTM_BleVerifySignature uses a stock memcmp, allowing signature contents
|
|
to be deduced through a side-channel attack.
|
|
|
|
Change to CRYPTO_memcmp, which is hardened against this attack, to
|
|
eliminate this attack.
|
|
|
|
Bug: 274478807
|
|
Test: atest bluetooth_test_gd_unit
|
|
Tag: #security
|
|
Ignore-AOSP-First: Security
|
|
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:fcd1c44f7c4bf431dd6a6902d74c045174bd00ce)
|
|
Merged-In: I41a9b586d663d2ad4694222ae451d2d30a428a3c
|
|
Change-Id: I41a9b586d663d2ad4694222ae451d2d30a428a3c
|
|
---
|
|
stack/Android.bp | 1 +
|
|
stack/btm/btm_ble.cc | 3 ++-
|
|
2 files changed, 3 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/stack/Android.bp b/stack/Android.bp
|
|
index c4684236e..4021d9e51 100644
|
|
--- a/stack/Android.bp
|
|
+++ b/stack/Android.bp
|
|
@@ -178,6 +178,7 @@ cc_library_static {
|
|
shared_libs: [
|
|
"libcutils",
|
|
"liblog",
|
|
+ "libcrypto",
|
|
],
|
|
required: [
|
|
"libldacBT_enc",
|
|
diff --git a/stack/btm/btm_ble.cc b/stack/btm/btm_ble.cc
|
|
index b1f4119d5..f34c6db59 100644
|
|
--- a/stack/btm/btm_ble.cc
|
|
+++ b/stack/btm/btm_ble.cc
|
|
@@ -41,6 +41,7 @@
|
|
#include "hcimsgs.h"
|
|
#include "log/log.h"
|
|
#include "l2c_int.h"
|
|
+#include "openssl/mem.h"
|
|
#include "osi/include/log.h"
|
|
#include "osi/include/osi.h"
|
|
#include "stack/crypto_toolbox/crypto_toolbox.h"
|
|
@@ -2110,7 +2111,7 @@ bool BTM_BleVerifySignature(const RawAddress& bd_addr, uint8_t* p_orig,
|
|
|
|
crypto_toolbox::aes_cmac(p_rec->ble.keys.pcsrk, p_orig, len,
|
|
BTM_CMAC_TLEN_SIZE, p_mac);
|
|
- if (memcmp(p_mac, p_comp, BTM_CMAC_TLEN_SIZE) == 0) {
|
|
+ if (CRYPTO_memcmp(p_mac, p_comp, BTM_CMAC_TLEN_SIZE) == 0) {
|
|
btm_ble_increment_sign_ctr(bd_addr, false);
|
|
verified = true;
|
|
}
|