
Bug

Resolution: Fixed

High

SimpleLink CC2640R2 SDK BLE Stack

BLESTACK5554

BLE Stack 3.3.7 RC1

Description:
 The proposed mitigation for Impersonation in the Passkey Entry Protocol vulnerability is to reject the peer public key in case it is identical to the local public key (E15668).
 The above is not enough because the f4 function that is used to produce the verification code only uses the X coordinate value.
 By looking at the ECDH formula, Y^2 = X^3 + aX + b there are two potential coordinates Y for every coordinate X.
 That is, if an adversary sends another point that is on the curve and has the same X coordinate instead of simply reflecting the (X,Y) coordinate, its original purpose E15668 tries to achieve will fail.
Recommendations:
 Reject the peer public key in case it has the same Xaxis value as the local public key