[PSIRT-143] BLE secure pairing: Accepts DHKeyCheckSend with all fields zero

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: High
    • SimpleLink CC13x2-26x2 SDK BLE5 Stack
    • BLE_AGAMA-4305
    • BLE Stack BLE5-2.2.7
    • Hide
      BLE Stack BLE5-2.2.8
      BLE Stack BLE5-2.2.8 RC12
      Show
      BLE Stack BLE5-2.2.8 BLE Stack BLE5-2.2.8 RC12
    • CC26X2R1

      During BLE secure pairing the implementation responds to DHKeyCheckSend message with MacKey,Na and Nb set to zero.

      the implementation fails to properly check the confirmation value. In the specification it is clearly stated - If this (conformation value) check fails, it indicates that the initiating device has not confirmed the pairing, and the protocol must be aborted. However, this implementation responds if the key values are set to zero.

      This issue happens because the central device is sending the pairing messages through the SMP in the wrong order.

            Assignee:
            TI User
            Reporter:
            TI User
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved:

                Connection: Intermediate to External PROD System
                EXTSYNC-3807 - [PSIRT-143] BLE secure pairing: Acc...
                SYNCHRONIZED
                • Last Sync Date: