From 80c6fa00ac10e92b9cb6ffea3263bc7d50adf3f7 Mon Sep 17 00:00:00 2001 From: Matthias Ringwald Date: Sat, 10 Oct 2015 21:36:43 +0200 Subject: [PATCH] store both local and remote csrk - remote incorrect optimization --- ble/att_server.c | 2 +- ble/gatt_client.c | 2 +- ble/le_device_db.h | 22 ++++++++++++++++++---- ble/le_device_db_dummy.c | 10 +++++++++- ble/le_device_db_memory.c | 24 +++++++++++++++++------- ble/sm.c | 12 +++--------- test/pts/ble_central_test.c | 2 +- 7 files changed, 50 insertions(+), 24 deletions(-) diff --git a/ble/att_server.c b/ble/att_server.c index 59a7a3974..d3cd8728c 100644 --- a/ble/att_server.c +++ b/ble/att_server.c @@ -267,7 +267,7 @@ static void att_run(void){ // signature is { sequence counter, secure hash } sm_key_t csrk; - le_device_db_csrk_get(att_ir_le_device_db_index, csrk); + le_device_db_remote_csrk_get(att_ir_le_device_db_index, csrk); att_server_state = ATT_SERVER_W4_SIGNED_WRITE_VALIDATION; log_info("Orig Signature: "); hexdump( &att_request_buffer[att_request_size-8], 8); diff --git a/ble/gatt_client.c b/ble/gatt_client.c index b8acfb245..898c5d55a 100644 --- a/ble/gatt_client.c +++ b/ble/gatt_client.c @@ -937,7 +937,7 @@ static void gatt_client_run(void){ case P_W4_CMAC_READY: if (sm_cmac_ready()){ sm_key_t csrk; - le_device_db_csrk_get(peripheral->le_device_index, csrk); + le_device_db_local_csrk_get(peripheral->le_device_index, csrk); uint32_t sign_counter = le_device_db_local_counter_get(peripheral->le_device_index); peripheral->gatt_client_state = P_W4_CMAC_RESULT; sm_cmac_start(csrk, ATT_SIGNED_WRITE_COMMAND, peripheral->attribute_handle, peripheral->attribute_length, peripheral->attribute_value, sign_counter, att_signed_write_handle_cmac_result); diff --git a/ble/le_device_db.h b/ble/le_device_db.h index ce82e7e42..cf1c4e351 100644 --- a/ble/le_device_db.h +++ b/ble/le_device_db.h @@ -115,18 +115,32 @@ void le_device_db_encryption_set(int index, uint16_t ediv, uint8_t rand[8], sm_k void le_device_db_encryption_get(int index, uint16_t * ediv, uint8_t rand[8], sm_key_t ltk, int * key_size, int * authenticated, int * authorized); /** - * @brief set signing key for this device + * @brief set local signing key for this device * @param index * @param signing key as input */ -void le_device_db_csrk_set(int index, sm_key_t csrk); +void le_device_db_local_csrk_set(int index, sm_key_t csrk); /** - * @brief get signing key for this device + * @brief get local signing key for this device * @param index * @param signing key as output */ -void le_device_db_csrk_get(int index, sm_key_t csrk); +void le_device_db_local_csrk_get(int index, sm_key_t csrk); + +/** + * @brief set remote signing key for this device + * @param index + * @param signing key as input + */ +void le_device_db_remote_csrk_set(int index, sm_key_t csrk); + +/** + * @brief get remote signing key for this device + * @param index + * @param signing key as output + */ +void le_device_db_remote_csrk_get(int index, sm_key_t csrk); /** * @brief query last used/seen signing counter diff --git a/ble/le_device_db_dummy.c b/ble/le_device_db_dummy.c index 345513a9e..c2eaf1680 100644 --- a/ble/le_device_db_dummy.c +++ b/ble/le_device_db_dummy.c @@ -57,7 +57,15 @@ void le_device_db_encryption_get(int index, uint16_t * ediv, uint8_t rand[8], sm void le_device_db_info(int index, int * addr_type, bd_addr_t addr, sm_key_t csrk){} // get signature key -void le_device_db_csrk_get(int index, sm_key_t csrk){} +void le_device_db_remote_csrk_get(int index, sm_key_t csrk){} + +void le_device_db_remote_csrk_set(int index, sm_key_t csrk){} + +// get signature key +void le_device_db_local_csrk_get(int index, sm_key_t csrk){} + +void le_device_db_local_csrk_set(int index, sm_key_t csrk){} + // query last used/seen signing counter uint32_t le_device_db_remote_counter_get(int index){ diff --git a/ble/le_device_db_memory.c b/ble/le_device_db_memory.c index a57cdfcb5..81a5fb939 100644 --- a/ble/le_device_db_memory.c +++ b/ble/le_device_db_memory.c @@ -59,10 +59,11 @@ typedef struct le_device_memory_db { uint8_t authorized; // Signed Writes by remote - sm_key_t csrk; + sm_key_t remote_csrk; uint32_t remote_counter; - // Signed Writes to remote (local CSRK is fixed) + // Signed Writes by us + sm_key_t local_csrk; uint32_t local_counter; } le_device_memory_db_t; @@ -150,12 +151,20 @@ void le_device_db_encryption_get(int index, uint16_t * ediv, uint8_t rand[8], sm } // get signature key -void le_device_db_csrk_get(int index, sm_key_t csrk){ - if (csrk) memcpy(csrk, le_devices[index].csrk, 16); +void le_device_db_remote_csrk_get(int index, sm_key_t csrk){ + if (csrk) memcpy(csrk, le_devices[index].remote_csrk, 16); } -void le_device_db_csrk_set(int index, sm_key_t csrk){ - if (csrk) memcpy(le_devices[index].csrk, csrk, 16); +void le_device_db_remote_csrk_set(int index, sm_key_t csrk){ + if (csrk) memcpy(le_devices[index].remote_csrk, csrk, 16); +} + +void le_device_db_local_csrk_get(int index, sm_key_t csrk){ + if (csrk) memcpy(csrk, le_devices[index].local_csrk, 16); +} + +void le_device_db_local_csrk_set(int index, sm_key_t csrk){ + if (csrk) memcpy(le_devices[index].local_csrk, csrk, 16); } // query last used/seen signing counter @@ -185,6 +194,7 @@ void le_device_db_dump(void){ if (le_devices[i].addr_type == INVALID_ENTRY_ADDR_TYPE) continue; log_info("%u: %u %s", i, le_devices[i].addr_type, bd_addr_to_str(le_devices[i].addr)); log_key("irk", le_devices[i].irk); - log_key("csrk", le_devices[i].csrk); + log_key("local csrk", le_devices[i].local_csrk); + log_key("remote csrk", le_devices[i].remote_csrk); } } diff --git a/ble/sm.c b/ble/sm.c index b6c89e9f2..63cd2eefe 100644 --- a/ble/sm.c +++ b/ble/sm.c @@ -1013,7 +1013,7 @@ static void sm_key_distribution_handle_all_received(sm_connection_t * sm_conn){ // store CSRK if (setup->sm_key_distribution_received_set & SM_KEYDIST_FLAG_SIGNING_IDENTIFICATION){ log_info("sm: store remote CSRK"); - le_device_db_csrk_set(le_db_index, setup->sm_peer_csrk); + le_device_db_remote_csrk_set(le_db_index, setup->sm_peer_csrk); le_device_db_remote_counter_set(le_db_index, 0); } @@ -1507,14 +1507,8 @@ static void sm_run(void){ uint8_t buffer[17]; buffer[0] = SM_CODE_SIGNING_INFORMATION; - // optimization: use CSRK of Peripheral if received, to avoid storing two CSRKs in our DB - if (setup->sm_key_distribution_received_set & SM_KEYDIST_FLAG_SIGNING_IDENTIFICATION){ - log_info("sm: mirror CSRK"); - memcpy(setup->sm_local_csrk, setup->sm_peer_csrk, 16); - } else { - log_info("sm: store local CSRK"); - le_device_db_csrk_set(connection->sm_le_db_index, setup->sm_local_csrk); - } + log_info("sm: store local CSRK"); + le_device_db_local_csrk_set(connection->sm_le_db_index, setup->sm_local_csrk); swap128(setup->sm_local_csrk, &buffer[1]); l2cap_send_connectionless(connection->sm_handle, L2CAP_CID_SECURITY_MANAGER_PROTOCOL, (uint8_t*) buffer, sizeof(buffer)); sm_timeout_reset(connection); diff --git a/test/pts/ble_central_test.c b/test/pts/ble_central_test.c index 302d18e76..2a88a737f 100644 --- a/test/pts/ble_central_test.c +++ b/test/pts/ble_central_test.c @@ -1275,7 +1275,7 @@ static void ui_process_command(char buffer){ break; case 'W': // fetch csrk - le_device_db_csrk_get(le_device_db_index, signing_csrk); + le_device_db_local_csrk_get(le_device_db_index, signing_csrk); // calc signature sm_cmac_start(signing_csrk, ATT_SIGNED_WRITE_COMMAND, pts_signed_write_characteristic_handle, sizeof(signed_write_value), signed_write_value, 0, att_signed_write_handle_cmac_result); break;