store both local and remote csrk - remote incorrect optimization

ble/att_server.c

@@ -267,7 +267,7 @@ static void att_run(void){
 
                 // signature is { sequence counter, secure hash }
                 sm_key_t csrk;
-                le_device_db_csrk_get(att_ir_le_device_db_index, csrk);
+                le_device_db_remote_csrk_get(att_ir_le_device_db_index, csrk);
                 att_server_state = ATT_SERVER_W4_SIGNED_WRITE_VALIDATION;
                 log_info("Orig Signature: ");
                 hexdump( &att_request_buffer[att_request_size-8], 8);

ble/gatt_client.c

@@ -937,7 +937,7 @@ static void gatt_client_run(void){
             case P_W4_CMAC_READY:
                 if (sm_cmac_ready()){
                     sm_key_t csrk;
-                    le_device_db_csrk_get(peripheral->le_device_index, csrk);
+                    le_device_db_local_csrk_get(peripheral->le_device_index, csrk);
                     uint32_t sign_counter = le_device_db_local_counter_get(peripheral->le_device_index); 
                     peripheral->gatt_client_state = P_W4_CMAC_RESULT;
                     sm_cmac_start(csrk, ATT_SIGNED_WRITE_COMMAND, peripheral->attribute_handle, peripheral->attribute_length, peripheral->attribute_value, sign_counter, att_signed_write_handle_cmac_result);

ble/le_device_db.h

@@ -115,18 +115,32 @@ void le_device_db_encryption_set(int index, uint16_t ediv, uint8_t rand[8], sm_k
 void le_device_db_encryption_get(int index, uint16_t * ediv, uint8_t rand[8], sm_key_t ltk,  int * key_size, int * authenticated, int * authorized);
 
 /**
- * @brief set signing key for this device
+ * @brief set local signing key for this device
  * @param index
  * @param signing key as input
  */
-void le_device_db_csrk_set(int index, sm_key_t csrk);
+void le_device_db_local_csrk_set(int index, sm_key_t csrk);
 
 /**
- * @brief get signing key for this device
+ * @brief get local signing key for this device
  * @param index
  * @param signing key as output
  */
-void le_device_db_csrk_get(int index, sm_key_t csrk);
+void le_device_db_local_csrk_get(int index, sm_key_t csrk);
+
+/**
+ * @brief set remote signing key for this device
+ * @param index
+ * @param signing key as input
+ */
+void le_device_db_remote_csrk_set(int index, sm_key_t csrk);
+
+/**
+ * @brief get remote signing key for this device
+ * @param index
+ * @param signing key as output
+ */
+void le_device_db_remote_csrk_get(int index, sm_key_t csrk);
 
 /**
  * @brief query last used/seen signing counter

ble/le_device_db_dummy.c

@@ -57,7 +57,15 @@ void le_device_db_encryption_get(int index, uint16_t * ediv, uint8_t rand[8], sm
 void le_device_db_info(int index, int * addr_type, bd_addr_t addr, sm_key_t csrk){}
 
 // get signature key
-void le_device_db_csrk_get(int index, sm_key_t csrk){}
+void le_device_db_remote_csrk_get(int index, sm_key_t csrk){}
+
+void le_device_db_remote_csrk_set(int index, sm_key_t csrk){}
+
+// get signature key
+void le_device_db_local_csrk_get(int index, sm_key_t csrk){}
+
+void le_device_db_local_csrk_set(int index, sm_key_t csrk){}
+
 
 // query last used/seen signing counter
 uint32_t le_device_db_remote_counter_get(int index){ 

ble/le_device_db_memory.c

@@ -59,10 +59,11 @@ typedef struct le_device_memory_db {
     uint8_t  authorized;
 
     // Signed Writes by remote
-    sm_key_t csrk;
+    sm_key_t remote_csrk;
     uint32_t remote_counter;
 
-    // Signed Writes to remote (local CSRK is fixed)
+    // Signed Writes by us
+    sm_key_t local_csrk;
     uint32_t local_counter;
 
 } le_device_memory_db_t;
@@ -150,12 +151,20 @@ void le_device_db_encryption_get(int index, uint16_t * ediv, uint8_t rand[8], sm
 }
 
 // get signature key
-void le_device_db_csrk_get(int index, sm_key_t csrk){
-    if (csrk) memcpy(csrk, le_devices[index].csrk, 16);
+void le_device_db_remote_csrk_get(int index, sm_key_t csrk){
+    if (csrk) memcpy(csrk, le_devices[index].remote_csrk, 16);
 }
 
-void le_device_db_csrk_set(int index, sm_key_t csrk){
-    if (csrk) memcpy(le_devices[index].csrk, csrk, 16);
+void le_device_db_remote_csrk_set(int index, sm_key_t csrk){
+    if (csrk) memcpy(le_devices[index].remote_csrk, csrk, 16);
+}
+
+void le_device_db_local_csrk_get(int index, sm_key_t csrk){
+    if (csrk) memcpy(csrk, le_devices[index].local_csrk, 16);
+}
+
+void le_device_db_local_csrk_set(int index, sm_key_t csrk){
+    if (csrk) memcpy(le_devices[index].local_csrk, csrk, 16);
 }
 
 // query last used/seen signing counter
@@ -185,6 +194,7 @@ void le_device_db_dump(void){
         if (le_devices[i].addr_type == INVALID_ENTRY_ADDR_TYPE) continue;
         log_info("%u: %u %s", i, le_devices[i].addr_type, bd_addr_to_str(le_devices[i].addr));
         log_key("irk", le_devices[i].irk);
-        log_key("csrk", le_devices[i].csrk);
+        log_key("local csrk", le_devices[i].local_csrk);
+        log_key("remote csrk", le_devices[i].remote_csrk);
     }
 }

ble/sm.c

@@ -1013,7 +1013,7 @@ static void sm_key_distribution_handle_all_received(sm_connection_t * sm_conn){
         // store CSRK
         if (setup->sm_key_distribution_received_set & SM_KEYDIST_FLAG_SIGNING_IDENTIFICATION){
             log_info("sm: store remote CSRK");
-            le_device_db_csrk_set(le_db_index, setup->sm_peer_csrk);
+            le_device_db_remote_csrk_set(le_db_index, setup->sm_peer_csrk);
             le_device_db_remote_counter_set(le_db_index, 0);
         }
 
@@ -1507,14 +1507,8 @@ static void sm_run(void){
 
                     uint8_t buffer[17];
                     buffer[0] = SM_CODE_SIGNING_INFORMATION;
-                    // optimization: use CSRK of Peripheral if received, to avoid storing two CSRKs in our DB
-                    if (setup->sm_key_distribution_received_set & SM_KEYDIST_FLAG_SIGNING_IDENTIFICATION){
-                        log_info("sm: mirror CSRK");
-                        memcpy(setup->sm_local_csrk, setup->sm_peer_csrk, 16);
-                    } else {
-                        log_info("sm: store local CSRK");
-                        le_device_db_csrk_set(connection->sm_le_db_index, setup->sm_local_csrk);
-                    }
+                    log_info("sm: store local CSRK");
+                    le_device_db_local_csrk_set(connection->sm_le_db_index, setup->sm_local_csrk);
                     swap128(setup->sm_local_csrk, &buffer[1]);
                     l2cap_send_connectionless(connection->sm_handle, L2CAP_CID_SECURITY_MANAGER_PROTOCOL, (uint8_t*) buffer, sizeof(buffer));
                     sm_timeout_reset(connection);

test/pts/ble_central_test.c

@@ -1275,7 +1275,7 @@ static void ui_process_command(char buffer){
             break;
         case 'W':
             // fetch csrk
-            le_device_db_csrk_get(le_device_db_index, signing_csrk);
+            le_device_db_local_csrk_get(le_device_db_index, signing_csrk);
             // calc signature
             sm_cmac_start(signing_csrk, ATT_SIGNED_WRITE_COMMAND, pts_signed_write_characteristic_handle, sizeof(signed_write_value), signed_write_value, 0, att_signed_write_handle_cmac_result);
             break;