blackbeard420/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf synced 2025-03-10 01:29:21 -04:00
Code Issues Projects Releases Wiki Activity

fix(blufi): Enhance security in BLUFI example

Browse Source
This commit is contained in:
zhanghaipeng 2025-02-07 15:21:19 +08:00 committed by xuzhekai
parent 9cb7206d4a
commit cc00e9f2fc
2 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
examples/bluetooth/blufi/main/blufi_example_main.c
View File

@ -415,7 +415,7 @@ static void example_event_callback(esp_blufi_cb_event_t event, esp_blufi_cb_para
BLUFI_INFO("Recv SOFTAP SSID %s, ssid len %d\n", ap_config.ap.ssid, ap_config.ap.ssid_len); BLUFI_INFO("Recv SOFTAP SSID %s, ssid len %d\n", ap_config.ap.ssid, ap_config.ap.ssid_len);
break; break;
case ESP_BLUFI_EVENT_RECV_SOFTAP_PASSWD: case ESP_BLUFI_EVENT_RECV_SOFTAP_PASSWD:
if (param->softap_passwd.passwd_len >= sizeof(ap_config.sta.ssid)/sizeof(ap_config.sta.ssid[0])) { if (param->softap_passwd.passwd_len >= sizeof(ap_config.ap.password)/sizeof(ap_config.ap.password[0])) {
esp_blufi_send_error_info(ESP_BLUFI_DATA_FORMAT_ERROR); esp_blufi_send_error_info(ESP_BLUFI_DATA_FORMAT_ERROR);
BLUFI_INFO("Invalid SOFTAP PASSWD\n"); BLUFI_INFO("Invalid SOFTAP PASSWD\n");
break; break;

20
examples/bluetooth/blufi/main/blufi_security.c
View File

@ -39,10 +39,8 @@
struct blufi_security { struct blufi_security {
#define DH_SELF_PUB_KEY_LEN 128 #define DH_SELF_PUB_KEY_LEN 128
#define DH_SELF_PUB_KEY_BIT_LEN (DH_SELF_PUB_KEY_LEN * 8)
uint8_t self_public_key[DH_SELF_PUB_KEY_LEN]; uint8_t self_public_key[DH_SELF_PUB_KEY_LEN];
#define SHARE_KEY_LEN 128 #define SHARE_KEY_LEN 128
#define SHARE_KEY_BIT_LEN (SHARE_KEY_LEN * 8)
uint8_t share_key[SHARE_KEY_LEN]; uint8_t share_key[SHARE_KEY_LEN];
size_t share_len; size_t share_len;
#define PSK_LEN 16 #define PSK_LEN 16
@ -89,6 +87,7 @@ void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_da
} }
blufi_sec->dh_param = (uint8_t *)malloc(blufi_sec->dh_param_len); blufi_sec->dh_param = (uint8_t *)malloc(blufi_sec->dh_param_len);
if (blufi_sec->dh_param == NULL) { if (blufi_sec->dh_param == NULL) {
blufi_sec->dh_param_len = 0; /* Reset length to avoid using unallocated memory */
btc_blufi_report_error(ESP_BLUFI_DH_MALLOC_ERROR); btc_blufi_report_error(ESP_BLUFI_DH_MALLOC_ERROR);
BLUFI_ERROR("%s, malloc failed\n", __func__); BLUFI_ERROR("%s, malloc failed\n", __func__);
return; return;
@ -123,9 +122,10 @@ void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_da
if (dhm_len > DH_SELF_PUB_KEY_LEN) { if (dhm_len > DH_SELF_PUB_KEY_LEN) {
BLUFI_ERROR("%s dhm len not support %d\n", __func__, dhm_len); BLUFI_ERROR("%s dhm len not support %d\n", __func__, dhm_len);
btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR); btc_blufi_report_error(ESP_BLUFI_DH_PARAM_ERROR);
return;
} }
ret = mbedtls_dhm_make_public(&blufi_sec->dhm, dhm_len, blufi_sec->self_public_key, dhm_len, myrand, NULL); ret = mbedtls_dhm_make_public(&blufi_sec->dhm, dhm_len, blufi_sec->self_public_key, DH_SELF_PUB_KEY_LEN, myrand, NULL);
if (ret) { if (ret) {
BLUFI_ERROR("%s make public failed %d\n", __func__, ret); BLUFI_ERROR("%s make public failed %d\n", __func__, ret);
btc_blufi_report_error(ESP_BLUFI_MAKE_PUBLIC_ERROR); btc_blufi_report_error(ESP_BLUFI_MAKE_PUBLIC_ERROR);
@ -134,7 +134,7 @@ void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_da
ret = mbedtls_dhm_calc_secret( &blufi_sec->dhm, ret = mbedtls_dhm_calc_secret( &blufi_sec->dhm,
blufi_sec->share_key, blufi_sec->share_key,
SHARE_KEY_BIT_LEN, SHARE_KEY_LEN,
&blufi_sec->share_len, &blufi_sec->share_len,
myrand, NULL); myrand, NULL);
if (ret) { if (ret) {
@ -151,7 +151,7 @@ void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_da
return; return;
} }
mbedtls_aes_setkey_enc(&blufi_sec->aes, blufi_sec->psk, 128); mbedtls_aes_setkey_enc(&blufi_sec->aes, blufi_sec->psk, PSK_LEN * 8);
/* alloc output data */ /* alloc output data */
*output_data = &blufi_sec->self_public_key[0]; *output_data = &blufi_sec->self_public_key[0];
@ -175,6 +175,10 @@ int blufi_aes_encrypt(uint8_t iv8, uint8_t *crypt_data, int crypt_len)
size_t iv_offset = 0; size_t iv_offset = 0;
uint8_t iv0[16]; uint8_t iv0[16];
if (!blufi_sec) {
return -1;
}
memcpy(iv0, blufi_sec->iv, sizeof(blufi_sec->iv)); memcpy(iv0, blufi_sec->iv, sizeof(blufi_sec->iv));
iv0[0] = iv8; /* set iv8 as the iv0[0] */ iv0[0] = iv8; /* set iv8 as the iv0[0] */
@ -192,6 +196,10 @@ int blufi_aes_decrypt(uint8_t iv8, uint8_t *crypt_data, int crypt_len)
size_t iv_offset = 0; size_t iv_offset = 0;
uint8_t iv0[16]; uint8_t iv0[16];
if (!blufi_sec) {
return -1;
}
memcpy(iv0, blufi_sec->iv, sizeof(blufi_sec->iv)); memcpy(iv0, blufi_sec->iv, sizeof(blufi_sec->iv));
iv0[0] = iv8; /* set iv8 as the iv0[0] */ iv0[0] = iv8; /* set iv8 as the iv0[0] */
@ -221,7 +229,7 @@ esp_err_t blufi_security_init(void)
mbedtls_dhm_init(&blufi_sec->dhm); mbedtls_dhm_init(&blufi_sec->dhm);
mbedtls_aes_init(&blufi_sec->aes); mbedtls_aes_init(&blufi_sec->aes);
memset(blufi_sec->iv, 0x0, 16); memset(blufi_sec->iv, 0x0, sizeof(blufi_sec->iv));
return 0; return 0;
} }