Skip to content

Cordio: Apply Packetcraft's fix for possible SweynTooth vulnerabilities #12785

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 15, 2020
Merged

Cordio: Apply Packetcraft's fix for possible SweynTooth vulnerabilities #12785

merged 2 commits into from
Apr 15, 2020

Conversation

LDong-Arm
Copy link
Contributor

@LDong-Arm LDong-Arm commented Apr 9, 2020
edited
Loading

Summary of changes

Packetcraft, the company that maintains the Cordio BLE stack, has assessed possible SweynTooth vulnerabilities - the only part of SweynTooth that potentially impacts Cordio is LTK Zero Installation and it takes the form of STK in our case.

This PR applies the fix (Build 1227 and Build 1233) from Packetcraft.

Impact of changes

Migration actions required

Documentation

None.

Pull request type 

[x] Patch update (Bug fix / Target update / Docs update / Test update / Refactor)
[] Feature update (New feature / Functionality change / New API)
[] Major update (Breaking change E.g. Return code change / API behaviour change)

Test results 

[] No Tests required for this change (E.g docs only update)
[] Covered by existing mbed-os tests (Greentea or Unittest)
[x] Tests / results supplied as part of this PR

Manual testing: BLE_SM (relevant to this PR) and BLE_HeartRate (randomly picked) examples behave the same ways as before, on NRF52840_DK and DISCO_L475VG_IOT01A, compiled with ARM and GCC_ARM toolchains.

Reviewers

@ARMmbed/mbed-os-pan @evedon

LDong-Arm added 2 commits April 9, 2020 15:57
@LDong-Arm
Port Cordio SMP control block improvements from Packetcraft
0402fe4 
This change is provided by Packetcraft (which maintains the
Cordio BLE stack) to address possible Sweyntooth vulnerabilities.
@LDong-Arm
Port Cordio LE Secure Connections check from PacketCraft
c927773 
This change is provided by Packetcraft (which maintains the
Cordio BLE stack) to address possible Sweyntooth vulnerabilities.
@ciarmcom ciarmcom requested review from evedon and a team April 9, 2020 17:00
@ciarmcom
Copy link
Member

ciarmcom commented Apr 9, 2020

@LDong-Arm, thank you for your changes.
@evedon @ARMmbed/mbed-os-pan @ARMmbed/mbed-os-maintainers please review.

@mergify mergify bot added needs: CI and removed needs: review labels Apr 9, 2020
evedon
evedon approved these changes Apr 14, 2020
View reviewed changes
Copy link
Contributor

@evedon evedon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.

donatieng
donatieng approved these changes Apr 14, 2020
View reviewed changes
Copy link
Contributor

@donatieng donatieng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks @LDong-Arm - FYI @jyi-packetcraft

@0xc0170
Copy link
Contributor

0xc0170 commented Apr 14, 2020

CI started

@donatieng
Copy link
Contributor

@ARMmbed/mbed-os-maintainers can you not merge this yet, PacketCraft will sanity check it first :)

@donatieng
Copy link
Contributor

Approved by PacketCraft, merge away! ;)

@mbed-ci
Copy link

mbed-ci commented Apr 14, 2020

Test run: SUCCESS

Summary: 6 of 6 test jobs passed
Build number : 1
Build artifacts

@0xc0170 0xc0170 merged commit 4128efd into ARMmbed:master Apr 15, 2020
@mergify mergify bot removed the ready for merge label Apr 15, 2020
@adbridge
Copy link
Contributor

@0xc0170 can we see if mergify can port this to 5.15? If not then @LDong-Arm will need to supply a dedicated patch...

@0xc0170
Copy link
Contributor

0xc0170 commented Apr 22, 2020

@Mergifyio backport mbed-os-5.15

@mergify
Copy link

mergify bot commented Apr 22, 2020

Command backport mbed-os-5.15: failure

No backport have been created

  • Backport to branch mbed-os-5.15 failed

backport fail: too big

@0xc0170
Copy link
Contributor

0xc0170 commented Apr 22, 2020

Failed, I'll try it manually now meanwhile I talk t o @LDong-Arm

@0xc0170 0xc0170 mentioned this pull request Apr 22, 2020
Closed
@LDong-Arm LDong-Arm mentioned this pull request Apr 22, 2020
Merged
@LDong-Arm
Copy link
Contributor Author

#12845 created

@Matheus-Garbelini
Copy link

Dear all. Thanks for creating the patch.
Regards.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@0xc0170 0xc0170 0xc0170 approved these changes

@donatieng donatieng donatieng approved these changes

@evedon evedon evedon approved these changes

Assignees
No one assigned
Labels
release-version: 6.0.0-beta-1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@LDong-Arm @ciarmcom @0xc0170 @donatieng @mbed-ci @adbridge @Matheus-Garbelini @evedon