diff mbox series

[1/1] mesh: Handle invalid public keys

Message ID 1585078044-14974-4-git-send-email-prathyusha.n@samsung.com (mailing list archive)
State Accepted
Delegated to: Brian Gix
Headers show
Series [1/1] mesh: Handle invalid public keys | expand

Commit Message

Prathyusha Nelluri March 24, 2020, 7:27 p.m. UTC
From: Prathyusha N <prathyusha.n@samsung.com>

Check for invalid public keys received and send provision failed.
---
 mesh/prov-acceptor.c | 38 ++++++++++++++++++++++++++------------
 1 file changed, 26 insertions(+), 12 deletions(-)

Comments

Brian Gix March 26, 2020, 5:03 p.m. UTC | #1
Applied
On Wed, 2020-03-25 at 00:57 +0530, Prathyusha Nelluri wrote:
> From: Prathyusha N <prathyusha.n@samsung.com>
> 
> Check for invalid public keys received and send provision failed.
> ---
>  mesh/prov-acceptor.c | 38 ++++++++++++++++++++++++++------------
>  1 file changed, 26 insertions(+), 12 deletions(-)
> 
> diff --git a/mesh/prov-acceptor.c b/mesh/prov-acceptor.c
> index 03972c227..d395bc5f2 100644
> --- a/mesh/prov-acceptor.c
> +++ b/mesh/prov-acceptor.c
> @@ -180,7 +180,7 @@ static void swap_u256_bytes(uint8_t *u256)
>  	}
>  }
>  
> -static void prov_calc_secret(const uint8_t *pub, const uint8_t *priv,
> +static bool prov_calc_secret(const uint8_t *pub, const uint8_t *priv,
>  							uint8_t *secret)
>  {
>  	uint8_t tmp[64];
> @@ -190,22 +190,27 @@ static void prov_calc_secret(const uint8_t *pub, const uint8_t *priv,
>  	swap_u256_bytes(tmp);
>  	swap_u256_bytes(tmp + 32);
>  
> -	ecdh_shared_secret(tmp, priv, secret);
> +	if (!ecdh_shared_secret(tmp, priv, secret))
> +		return false;
>  
>  	/* Convert to Mesh byte order */
>  	swap_u256_bytes(secret);
> +	return true;
>  }
>  
> -static void acp_credentials(struct mesh_prov_acceptor *prov)
> +static bool acp_credentials(struct mesh_prov_acceptor *prov)
>  {
> -	prov_calc_secret(prov->conf_inputs.prv_pub_key,
> -			prov->private_key, prov->secret);
> +	if (!prov_calc_secret(prov->conf_inputs.prv_pub_key,
> +			prov->private_key, prov->secret))
> +		return false;
>  
> -	mesh_crypto_s1(&prov->conf_inputs,
> -			sizeof(prov->conf_inputs), prov->salt);
> +	if (!mesh_crypto_s1(&prov->conf_inputs,
> +			sizeof(prov->conf_inputs), prov->salt))
> +		return false;
>  
> -	mesh_crypto_prov_conf_key(prov->secret, prov->salt,
> -			prov->calc_key);
> +	if (!mesh_crypto_prov_conf_key(prov->secret, prov->salt,
> +			prov->calc_key))
> +		return false;
>  
>  	l_getrandom(prov->rand_auth_workspace, 16);
>  
> @@ -218,6 +223,7 @@ static void acp_credentials(struct mesh_prov_acceptor *prov)
>  	print_packet("LocalRandom", prov->rand_auth_workspace, 16);
>  	print_packet("ConfirmationSalt", prov->salt, 16);
>  	print_packet("ConfirmationKey", prov->calc_key, 16);
> +	return true;
>  }
>  
>  static uint32_t digit_mod(uint8_t power)
> @@ -298,8 +304,13 @@ static void priv_key_cb(void *user_data, int err, uint8_t *key, uint32_t len)
>  	swap_u256_bytes(prov->conf_inputs.dev_pub_key + 32);
>  
>  	prov->material |= MAT_LOCAL_PRIVATE;
> -	if ((prov->material & MAT_SECRET) == MAT_SECRET)
> -		acp_credentials(prov);
> +	if ((prov->material & MAT_SECRET) == MAT_SECRET) {
> +		if (!acp_credentials(prov)) {
> +			msg.opcode = PROV_FAILED;
> +			msg.reason = PROV_ERR_UNEXPECTED_ERR;
> +			prov->trans_tx(prov->trans_data, &msg, sizeof(msg));
> +		}
> +	}
>  }
>  
>  static void send_caps(struct mesh_prov_acceptor *prov)
> @@ -423,7 +434,10 @@ static void acp_prov_rx(void *user_data, const uint8_t *data, uint16_t len)
>  		if ((prov->material & MAT_SECRET) != MAT_SECRET)
>  			return;
>  
> -		acp_credentials(prov);
> +		if (!acp_credentials(prov)) {
> +			fail.reason = PROV_ERR_UNEXPECTED_ERR;
> +			goto failure;
> +		}
>  
>  		if (!prov->conf_inputs.start.pub_key)
>  			send_pub_key(prov);
diff mbox series

Patch

diff --git a/mesh/prov-acceptor.c b/mesh/prov-acceptor.c
index 03972c227..d395bc5f2 100644
--- a/mesh/prov-acceptor.c
+++ b/mesh/prov-acceptor.c
@@ -180,7 +180,7 @@  static void swap_u256_bytes(uint8_t *u256)
 	}
 }
 
-static void prov_calc_secret(const uint8_t *pub, const uint8_t *priv,
+static bool prov_calc_secret(const uint8_t *pub, const uint8_t *priv,
 							uint8_t *secret)
 {
 	uint8_t tmp[64];
@@ -190,22 +190,27 @@  static void prov_calc_secret(const uint8_t *pub, const uint8_t *priv,
 	swap_u256_bytes(tmp);
 	swap_u256_bytes(tmp + 32);
 
-	ecdh_shared_secret(tmp, priv, secret);
+	if (!ecdh_shared_secret(tmp, priv, secret))
+		return false;
 
 	/* Convert to Mesh byte order */
 	swap_u256_bytes(secret);
+	return true;
 }
 
-static void acp_credentials(struct mesh_prov_acceptor *prov)
+static bool acp_credentials(struct mesh_prov_acceptor *prov)
 {
-	prov_calc_secret(prov->conf_inputs.prv_pub_key,
-			prov->private_key, prov->secret);
+	if (!prov_calc_secret(prov->conf_inputs.prv_pub_key,
+			prov->private_key, prov->secret))
+		return false;
 
-	mesh_crypto_s1(&prov->conf_inputs,
-			sizeof(prov->conf_inputs), prov->salt);
+	if (!mesh_crypto_s1(&prov->conf_inputs,
+			sizeof(prov->conf_inputs), prov->salt))
+		return false;
 
-	mesh_crypto_prov_conf_key(prov->secret, prov->salt,
-			prov->calc_key);
+	if (!mesh_crypto_prov_conf_key(prov->secret, prov->salt,
+			prov->calc_key))
+		return false;
 
 	l_getrandom(prov->rand_auth_workspace, 16);
 
@@ -218,6 +223,7 @@  static void acp_credentials(struct mesh_prov_acceptor *prov)
 	print_packet("LocalRandom", prov->rand_auth_workspace, 16);
 	print_packet("ConfirmationSalt", prov->salt, 16);
 	print_packet("ConfirmationKey", prov->calc_key, 16);
+	return true;
 }
 
 static uint32_t digit_mod(uint8_t power)
@@ -298,8 +304,13 @@  static void priv_key_cb(void *user_data, int err, uint8_t *key, uint32_t len)
 	swap_u256_bytes(prov->conf_inputs.dev_pub_key + 32);
 
 	prov->material |= MAT_LOCAL_PRIVATE;
-	if ((prov->material & MAT_SECRET) == MAT_SECRET)
-		acp_credentials(prov);
+	if ((prov->material & MAT_SECRET) == MAT_SECRET) {
+		if (!acp_credentials(prov)) {
+			msg.opcode = PROV_FAILED;
+			msg.reason = PROV_ERR_UNEXPECTED_ERR;
+			prov->trans_tx(prov->trans_data, &msg, sizeof(msg));
+		}
+	}
 }
 
 static void send_caps(struct mesh_prov_acceptor *prov)
@@ -423,7 +434,10 @@  static void acp_prov_rx(void *user_data, const uint8_t *data, uint16_t len)
 		if ((prov->material & MAT_SECRET) != MAT_SECRET)
 			return;
 
-		acp_credentials(prov);
+		if (!acp_credentials(prov)) {
+			fail.reason = PROV_ERR_UNEXPECTED_ERR;
+			goto failure;
+		}
 
 		if (!prov->conf_inputs.start.pub_key)
 			send_pub_key(prov);