Uploaded image for project: 'Embedded Software & Tools'
  1. Embedded Software & Tools
  2. EXT_EP-11108

[PSIRT-143] BLE secure pairing: Accepts DHKeyCheckSend with all fields zero

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: High High
    • SimpleLink CC13x2-26x2 SDK BLE5 Stack
    • BLE_AGAMA-4305
    • BLE Stack BLE5-2.2.7
    • Hide
      BLE Stack BLE5-2.2.8
      BLE Stack BLE5-2.2.8 RC12
      Show
      BLE Stack BLE5-2.2.8 BLE Stack BLE5-2.2.8 RC12
    • CC26X2R1

      During BLE secure pairing the implementation responds to DHKeyCheckSend message with MacKey,Na and Nb set to zero.

      the implementation fails to properly check the confirmation value. In the specification it is clearly stated - If this (conformation value) check fails, it indicates that the initiating device has not confirmed the pairing, and the protocol must be aborted. However, this implementation responds if the key values are set to zero.

      This issue happens because the central device is sending the pairing messages through the SMP in the wrong order.

            syncuser TI User
            syncuser TI User
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: