Fix Out-Of-Band (OOB) data generation for BLE OOB pairing #9339
Conversation
|
@costanic, thank you for your changes. |
| _oob_local_address = *address; | ||
| /* this will be updated when calculation completes, | ||
| * a value of all zeros is an invalid random value */ | ||
| set_all_zeros(_oob_local_random); |
There was a problem hiding this comment.
This modification to _oob_local_random should be reverted if generate_secure_connections_oob fail.
There was a problem hiding this comment.
no problem, should be easy enough.
| @@ -681,8 +676,8 @@ ble_error_t nRF5xSecurityManager::secure_connections_oob_request_reply( | |||
|
|
|||
| uint32_t err = sd_ble_gap_lesc_oob_data_set( | |||
| connection, | |||
| pairing_cb->own_oob ? &oob_own : NULL, | |||
| pairing_cb->peer_oob ? &oob_peer : NULL | |||
| &oob_own, | |||
There was a problem hiding this comment.
Content in oob_own or oob_peer should be all zeros if not available (according to the BT spec); however the nordic documentation state that we should pass NULL when this is the case. I wonder if we should look at the content then pass NULL if N/A instead of unconditionally passing the value.
There was a problem hiding this comment.
ok, i'll take a closer look
The GenericSecurityManager tracks the most recent OOB data generated by the PAL and the PAL function to generate OOB data is expected to be asynchronous such that the OOB data is returned via a callback. There was a race condition on the security manager's oob data variable because it was cleared (set to all zeros) after calling PAL generate. The expectation was that the clear operation would occur before the callback executed, but this is proving to not be the case. Instead, the callback is being executed as if it were syncronous with PAL generate, then PAL generate returns and the oob data is cleared, thereby losing the generated oob data that was set in the callback. To fix the issue, clear the oob data variables before calling into the PAL.
The function in the Nordic SDK for generating OOB data,
sd_ble_gap_lesc_oob_data_get, requires local LE Secure Connection
P256 Public Keys in {X,Y} format, but was being supplied with
the local secret key. This caused the generated OOB data to
fail to correspond to the Public Keys, which caused a mismatch
during the OOB pairing phase of the OOB confirmation value by
a remote peer when attempting to verify the OOB data against
the Public Keys, ultimately causing the OOB pairing request to
fail with a Confirm Value Failed (0x04) error.
the own_oob and peer_oob flags were not being set to 1 even though an OOB pairing request was in progress, which therefore prevented OOB data from being passed down to the softdevice during a OOB pairing operation, thus causing the OOB pairing process to fail.
|
Thanks for the feedback. I've updated the PR based on review comments. |
| set_all_zeros(_oob_local_random); | ||
| } else if (status != BLE_ERROR_NOT_IMPLEMENTED) { | ||
| status = _pal.generate_secure_connections_oob(); | ||
| if (status != BLE_ERROR_NONE && status != BLE_ERROR_NOT_IMPLEMENTED) { |
There was a problem hiding this comment.
you need to now: return status; below (on line 676 using the new count)
There was a problem hiding this comment.
status is returned on line 670 for the failure case. Do you mean you want BLE_ERROR_NOT_IMPLEMENTED to be able to be propagated back to the user? This was not the case originally.
There was a problem hiding this comment.
you are right, it needs to be hidden - bundling this together with legacy was not a good idea, we have to hide the SC failure since it's optional
|
Any additional feedback on this PR? |
There was a problem hiding this comment.
It looks all good on my end.
@paul-szczepanek-arm Anything to add ?
|
CI started |
Test run: FAILEDSummary: 1 of 7 test jobs failed Failed test jobs:
|
|
One breakage on master needs to be addressed asap, the current build was aborted and will be restarted within today. |
|
CI restarted |
Test run: SUCCESSSummary: 11 of 11 test jobs passed |
Description
OOB data is cryptographic material exchanged by two peers prior to pairing with the BLE OOB pairing method. After trading OOB data, during the BLE OOB pairing process, peers exchange their public keys, validate the previously exchanged OOB data against the peer's public key, and calculate encryption keys using a combination of the peer's public key and OOB data and the local private key. In this way, man in the middle attacks and passive eavesdropping are prevented.
There are a few bugs in the BLE GenericSecurityManager and Nordic PAL SecurityManager that prevent OOB data from being generated correctly such that a peer is unable to mathematically validate the OOB data and public key received from the Nordic device.
These issues occur on a Nordic nRF52-DK and prevent the nRF52-DK from pairing with a Linux device using the OOB pairing method. With these fixes, the Nordic nRF52-DK successfully pairs with a Linux device using the OOB pairing method.
Pull request type
Reviewers