From c051df3cf9652f971a9ea1e2beb5b66d69ed01ce Mon Sep 17 00:00:00 2001 From: Brian Gix Date: Thu, 4 Apr 2019 15:43:14 -0700 Subject: [PATCH] mesh: Create and store random token per node Fix issue with device key being used as a token. Token now seperate, and with a portable representation in the node database. --- mesh/mesh-db.c | 38 ++++++++++++++++++++++++++++++++++++++ mesh/mesh-db.h | 2 ++ mesh/mesh.c | 6 +++--- mesh/node.c | 22 ++++++++++++++++++++-- mesh/node.h | 2 ++ mesh/storage.c | 5 +++++ 6 files changed, 70 insertions(+), 5 deletions(-) diff --git a/mesh/mesh-db.c b/mesh/mesh-db.c index f1bf8d8fa..64e33cd91 100644 --- a/mesh/mesh-db.c +++ b/mesh/mesh-db.c @@ -51,6 +51,21 @@ static bool get_int(json_object *jobj, const char *keyword, int *value) return true; } +static bool add_u64_value(json_object *jobject, const char *desc, + const uint8_t u64[8]) +{ + json_object *jstring; + char hexstr[17]; + + hex2str((uint8_t *) u64, 8, hexstr, 17); + jstring = json_object_new_string(hexstr); + if (!jstring) + return false; + + json_object_object_add(jobject, desc, jstring); + return true; +} + static bool add_key_value(json_object *jobject, const char *desc, const uint8_t key[16]) { @@ -257,6 +272,24 @@ bool mesh_db_read_iv_index(json_object *jobj, uint32_t *idx, bool *update) return true; } +bool mesh_db_read_token(json_object *jobj, uint8_t token[8]) +{ + json_object *jvalue; + char *str; + + if (!token) + return false; + + if (!json_object_object_get_ex(jobj, "token", &jvalue)) + return false; + + str = (char *)json_object_get_string(jvalue); + if (!str2hex(str, strlen(str), token, 8)) + return false; + + return true; +} + bool mesh_db_read_device_key(json_object *jobj, uint8_t key_buf[16]) { json_object *jvalue; @@ -515,6 +548,11 @@ bool mesh_db_write_device_key(json_object *jnode, uint8_t *key) return add_key_value(jnode, "deviceKey", key); } +bool mesh_db_write_token(json_object *jnode, uint8_t *token) +{ + return add_u64_value(jnode, "token", token); +} + bool mesh_db_app_key_add(json_object *jobj, uint16_t net_idx, uint16_t app_idx, const uint8_t key[16]) { diff --git a/mesh/mesh-db.h b/mesh/mesh-db.h index b9af1203b..06aba1f31 100644 --- a/mesh/mesh-db.h +++ b/mesh/mesh-db.h @@ -104,6 +104,7 @@ bool mesh_db_read_node(json_object *jobj, mesh_db_node_cb cb, void *user_data); bool mesh_db_add_node(json_object *jnode, struct mesh_db_node *node); bool mesh_db_read_iv_index(json_object *jobj, uint32_t *idx, bool *update); bool mesh_db_read_device_key(json_object *jobj, uint8_t key_buf[16]); +bool mesh_db_read_token(json_object *jobj, uint8_t token[8]); bool mesh_db_read_net_transmit(json_object *jobj, uint8_t *cnt, uint16_t *interval); bool mesh_db_write_net_transmit(json_object *jobj, uint8_t cnt, @@ -113,6 +114,7 @@ bool mesh_db_read_net_keys(json_object *jobj, mesh_db_net_key_cb cb, bool mesh_db_read_app_keys(json_object *jobj, mesh_db_app_key_cb cb, void *user_data); bool mesh_db_write_device_key(json_object *jobj, uint8_t *key); +bool mesh_db_write_token(json_object *jobj, uint8_t *token); bool mesh_db_write_network_key(json_object *jobj, uint16_t idx, uint8_t *key, uint8_t *new_key, int phase); bool mesh_db_write_app_key(json_object *jobj, uint16_t net_idx, diff --git a/mesh/mesh.c b/mesh/mesh.c index a0a9a7c8e..e7eef0473 100644 --- a/mesh/mesh.c +++ b/mesh/mesh.c @@ -487,7 +487,7 @@ static bool prov_complete_cb(void *user_data, uint8_t status, struct l_dbus_message *msg; const char *owner; const char *path; - const uint8_t *dev_key; + const uint8_t *token; l_debug("Provisioning complete %s", prov_status_str(status)); @@ -506,13 +506,13 @@ static bool prov_complete_cb(void *user_data, uint8_t status, return false; } - dev_key = node_get_device_key(join_pending->node); + token = node_get_token(join_pending->node); msg = l_dbus_message_new_method_call(dbus, owner, path, MESH_APPLICATION_INTERFACE, "JoinComplete"); - l_dbus_message_set_arguments(msg, "t", l_get_u64(dev_key)); + l_dbus_message_set_arguments(msg, "t", l_get_be64(token)); l_dbus_send(dbus_get_bus(), msg); diff --git a/mesh/node.c b/mesh/node.c index 79221b5e2..dae9a4b79 100644 --- a/mesh/node.c +++ b/mesh/node.c @@ -91,6 +91,7 @@ struct mesh_node { } relay; uint8_t dev_uuid[16]; uint8_t dev_key[16]; + uint8_t token[8]; uint8_t num_ele; uint8_t ttl; uint8_t lpn; @@ -132,7 +133,7 @@ static bool match_token(const void *a, const void *b) { const struct mesh_node *node = a; const uint64_t *token = b; - const uint64_t tmp = l_get_u64(node->dev_key); + const uint64_t tmp = l_get_be64(node->token); return *token == tmp; } @@ -453,6 +454,19 @@ const uint8_t *node_get_device_key(struct mesh_node *node) return node->dev_key; } +void node_set_token(struct mesh_node *node, uint8_t token[8]) +{ + memcpy(node->token, token, 8); +} + +const uint8_t *node_get_token(struct mesh_node *node) +{ + if (!node) + return NULL; + else + return node->token; +} + uint8_t node_get_num_elements(struct mesh_node *node) { return node->num_ele; @@ -1059,7 +1073,7 @@ static void get_managed_objects_attach_cb(struct l_dbus_message *msg, struct attach_obj_request *req = user_data; struct mesh_node *node = req->node; const char *path; - uint64_t token = l_get_u64(node->dev_key); + uint64_t token = l_get_be64(node->token); uint8_t num_ele; if (l_dbus_message_is_error(msg)) { @@ -1748,6 +1762,10 @@ bool node_add_pending_local(struct mesh_node *node, void *prov_node_info, node->primary = info->unicast; mesh_net_register_unicast(node->net, info->unicast, node->num_ele); + l_getrandom(node->token, sizeof(node->token)); + if (!mesh_db_write_token(node->jconfig, node->token)) + return false; + memcpy(node->dev_key, info->device_key, 16); if (!mesh_db_write_device_key(node->jconfig, info->device_key)) return false; diff --git a/mesh/node.h b/mesh/node.h index 954dfca75..ebc82ffb8 100644 --- a/mesh/node.h +++ b/mesh/node.h @@ -47,6 +47,8 @@ bool node_app_key_delete(struct mesh_net *net, uint16_t addr, uint16_t net_idx, uint16_t idx); uint16_t node_get_primary(struct mesh_node *node); uint16_t node_get_primary_net_idx(struct mesh_node *node); +void node_set_token(struct mesh_node *node, uint8_t token[8]); +const uint8_t *node_get_token(struct mesh_node *node); void node_set_device_key(struct mesh_node *node, uint8_t key[16]); const uint8_t *node_get_device_key(struct mesh_node *node); void node_set_num_elements(struct mesh_node *node, uint8_t num_ele); diff --git a/mesh/storage.c b/mesh/storage.c index f04e3ec89..8a70b5696 100644 --- a/mesh/storage.c +++ b/mesh/storage.c @@ -156,6 +156,11 @@ static bool parse_node(struct mesh_node *node, json_object *jnode) if (!mesh_db_read_net_keys(jnode, read_net_keys_cb, net)) return false; + if (!mesh_db_read_token(jnode, key_buf)) + return false; + + node_set_token(node, key_buf); + if (!mesh_db_read_device_key(jnode, key_buf)) return false; -- 2.47.3