ble_mesh: Update the SIG recommendations for CVE issues

2025-09-23 09:13:11 +00:00 · 2021-08-17 19:32:48 +08:00
parent c0032dc9a6
commit f6c3b51b13
3 changed files with 53 additions and 14 deletions
--- a/components/bt/esp_ble_mesh/api/core/include/esp_ble_mesh_provisioning_api.h
+++ b/components/bt/esp_ble_mesh/api/core/include/esp_ble_mesh_provisioning_api.h
@@ -69,6 +69,12 @@ esp_err_t esp_ble_mesh_node_prov_disable(esp_ble_mesh_prov_bearer_t bearers);
 /**
 * @brief        Unprovisioned device set own oob public key & private key pair.
 *
+ * @note         In order to avoid suffering brute-forcing attack (CVE-2020-26559).
+ *               The Bluetooth SIG recommends that potentially vulnerable mesh provisioners
+ *               use an out-of-band mechanism to exchange the public keys.
+ *               So as an unprovisioned device, it should use this function to input
+ *               the Public Key exchanged through the out-of-band mechanism.
+ *
 * @param[in]    pub_key_x:   Unprovisioned device's Public Key X
 * @param[in]    pub_key_y:   Unprovisioned device's Public Key Y
 * @param[in]    private_key: Unprovisioned device's Private Key
@@ -121,6 +127,10 @@ esp_err_t esp_ble_mesh_set_unprovisioned_device_name(const char *name);
 /**
 * @brief        Provisioner inputs unprovisioned device's oob public key.
 *
+ * @note         In order to avoid suffering brute-forcing attack (CVE-2020-26559).
+ *               The Bluetooth SIG recommends that potentially vulnerable mesh provisioners
+ *               use an out-of-band mechanism to exchange the public keys.
+ *
 * @param[in]    link_idx:   The provisioning link index
 * @param[in]    pub_key_x:  Unprovisioned device's Public Key X
 * @param[in]    pub_key_y:  Unprovisioned device's Public Key Y
@@ -329,6 +339,14 @@ esp_err_t esp_ble_mesh_provisioner_set_prov_data_info(esp_ble_mesh_prov_data_inf
 *                A large entropy helps ensure that a brute-force of the AuthValue, even a static
 *                AuthValue, cannot normally be completed in a reasonable time (CVE-2020-26557).
 *
+ *                AuthValues selected using a cryptographically secure random or pseudorandom number
+ *                generator and having the maximum permitted entropy (128-bits) will be most difficult
+ *                to brute-force. AuthValues with reduced entropy or generated in a predictable manner
+ *                will not grant the same level of protection against this vulnerability. Selecting a
+ *                new AuthValue with each provisioning attempt can also make it more difficult to launch
+ *                a brute-force attack by requiring the attacker to restart the search with each
+ *                provisioning attempt (CVE-2020-26556).
+ *
 * @param[in]     value:  Pointer to the static oob value.
 * @param[in]     length: Length of the static oob value.
 *
--- a/components/bt/esp_ble_mesh/api/esp_ble_mesh_defs.h
+++ b/components/bt/esp_ble_mesh/api/esp_ble_mesh_defs.h
@@ -573,8 +573,10 @@ typedef struct {
    esp_ble_mesh_prov_oob_info_t oob_info;

    /* NOTE: In order to avoid suffering brute-forcing attack (CVE-2020-26559).
-     * The Bluetooth SIG recommends that potentially vulnerable mesh node
+     * The Bluetooth SIG recommends that potentially vulnerable mesh provisioners
     * support an out-of-band mechanism to exchange the public keys.
+     * So as an unprovisioned device, it should enable this flag to support
+     * using an out-of-band mechanism to exchange Public Key.
     */
    /** Flag indicates whether unprovisioned devices support OOB public key */
    bool oob_pub_key;
@@ -629,7 +631,7 @@ typedef struct {
    /** Provisioning Algorithm for the Provisioner */
    uint8_t        prov_algorithm;

-    /* NOTE: In order to avoid suffering brute-forcing attack(CVE-2020-26559).
+    /* NOTE: In order to avoid suffering brute-forcing attack (CVE-2020-26559).
     * The Bluetooth SIG recommends that potentially vulnerable mesh provisioners
     * use an out-of-band mechanism to exchange the public keys.
     */
@@ -643,6 +645,14 @@ typedef struct {
     * selected AuthValue using all of the available bits, where permitted by the
     * implementation. A large entropy helps ensure that a brute-force of the AuthValue,
     * even a static AuthValue, cannot normally be completed in a reasonable time (CVE-2020-26557).
+     *
+     * AuthValues selected using a cryptographically secure random or pseudorandom number
+     * generator and having the maximum permitted entropy (128-bits) will be most difficult
+     * to brute-force. AuthValues with reduced entropy or generated in a predictable manner
+     * will not grant the same level of protection against this vulnerability. Selecting a
+     * new AuthValue with each provisioning attempt can also make it more difficult to launch
+     * a brute-force attack by requiring the attacker to restart the search with each
+     * provisioning attempt (CVE-2020-26556).
     */
    /** Provisioner static oob value */
    uint8_t        *prov_static_oob_val;