commit 43d61f3c91502f6e18d5286d50e5d1d5c07801eb
author Myles Watson <mylesgw@google.com> Mon Feb 08 14:38:57 2021 -0800
committer Anis Assi <anisassi@google.com> Thu Mar 11 13:46:51 2021 -0800
tree c3f1dffc8189ed0aa7cb52433448a13b89b851ff
parent 2d360b4bbfbe3f45296c6d497e5341a5fd27fc53

smp: Reject pairing if the public keys match

Bug: 174886838
Test: pair an LE device
Tag: #security
Change-Id: I0902fdf6bb5c1c7d443fc73fc480d51226fb836b
Merged-In: I0902fdf6bb5c1c7d443fc73fc480d51226fb836b
(cherry picked from commit 8106ba379843a3bd17696c902d26c87f690a161a)

stack/smp/smp_act.cc

diff --git a/stack/smp/smp_act.cc b/stack/smp/smp_act.cc
index 5b548b6..b7ba0d8 100644
--- a/stack/smp/smp_act.cc
+++ b/stack/smp/smp_act.cc
@@ -661,6 +661,15 @@
   memcpy(pt.x, p_cb->peer_publ_key.x, BT_OCTET32_LEN);
   memcpy(pt.y, p_cb->peer_publ_key.y, BT_OCTET32_LEN);
 
+  if (!memcmp(p_cb->peer_publ_key.x, p_cb->loc_publ_key.x, BT_OCTET32_LEN) &&
+      !memcmp(p_cb->peer_publ_key.y, p_cb->loc_publ_key.y, BT_OCTET32_LEN)) {
+    android_errorWriteLog(0x534e4554, "174886838");
+    SMP_TRACE_WARNING("Remote and local public keys can't match");
+    reason = SMP_PAIR_AUTH_FAIL;
+    smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
+    return;
+  }
+
   if (!ECC_ValidatePoint(pt)) {
     android_errorWriteLog(0x534e4554, "72377774");
     smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);