mesh: Validate OTA provision security material

When validating incoming security material, ensure that the data is
unique to the provisioning session.

Signed-off-by: Anuj Jain <anuj01.jain@samsung.com>
Signed-off-by: Ayush Garg <ayush.garg@samsung.com>

diff --git a/mesh/prov-acceptor.c b/mesh/prov-acceptor.c
index a03ee1c..4ec6ea3 100644 (file)
--- a/mesh/prov-acceptor.c
+++ b/mesh/prov-acceptor.c
@@ -203,6 +203,10 @@ static bool prov_calc_secret(const uint8_t *pub, const uint8_t *priv,
 
 static bool acp_credentials(struct mesh_prov_acceptor *prov)
 {
+       if (!memcmp(prov->conf_inputs.prv_pub_key,
+                                       prov->conf_inputs.dev_pub_key, 64))
+               return false;
+
        if (!prov_calc_secret(prov->conf_inputs.prv_pub_key,
                        prov->private_key, prov->secret))
                return false;
@@ -529,6 +533,13 @@ static void acp_prov_rx(void *user_data, const uint8_t *data, uint16_t len)
                break;
 
        case PROV_RANDOM: /* Random Value */
+
+               /* Disallow matching random values */
+               if (!memcmp(prov->rand_auth_workspace, data, 16)) {
+                       fail.reason = PROV_ERR_INVALID_PDU;
+                       goto failure;
+               }
+
                /* Calculate Session key (needed later) while data is fresh */
                mesh_crypto_prov_prov_salt(prov->salt, data,
                                                prov->rand_auth_workspace,

diff --git a/mesh/prov-initiator.c b/mesh/prov-initiator.c
index 8399282..4f492a4 100644 (file)
--- a/mesh/prov-initiator.c
+++ b/mesh/prov-initiator.c
@@ -202,6 +202,10 @@ static bool prov_calc_secret(const uint8_t *pub, const uint8_t *priv,
 
 static bool int_credentials(struct mesh_prov_initiator *prov)
 {
+       if (!memcmp(prov->conf_inputs.prv_pub_key,
+                                       prov->conf_inputs.dev_pub_key, 64))
+               return false;
+
        if (!prov_calc_secret(prov->conf_inputs.dev_pub_key,
                                prov->private_key, prov->secret))
                return false;
@@ -736,6 +740,12 @@ static void int_prov_rx(void *user_data, const uint8_t *data, uint16_t len)
        case PROV_RANDOM: /* Random */
                prov->state = INT_PROV_RAND_ACKED;
 
+               /* Disallow matching random values */
+               if (!memcmp(prov->rand_auth_workspace, data, 16)) {
+                       fail_code[1] = PROV_ERR_INVALID_PDU;
+                       goto failure;
+               }
+
                /* RXed Device Confirmation */
                calc_local_material(data);
                memcpy(prov->rand_auth_workspace + 16, data, 16);