From: "Michał Lowas-Rzechonek" <michal.lowas-rzechonek@silvair.com>
To: linux-bluetooth@vger.kernel.org
Subject: [PATCH BlueZ 3/4] mesh: Align appkey_packet_decrypt with dev and virt variants.
Date: Mon, 19 Aug 2019 11:33:23 +0200 [thread overview]
Message-ID: <20190819093324.10566-4-michal.lowas-rzechonek@silvair.com> (raw)
In-Reply-To: <20190819093324.10566-1-michal.lowas-rzechonek@silvair.com>
Move appkey_packet_decrypt to mesh/model, rename it to
app_packet_decrypt, make it private and change arguments to be aligned
with other decryption functions.
Also, simplify the implementation using an inline loop, removing the
need of mod_decrypt struct.
---
mesh/appkey.c | 111 +++++++++-----------------------------------------
mesh/appkey.h | 10 ++---
mesh/model.c | 73 +++++++++++++++++++++++++++++----
3 files changed, 89 insertions(+), 105 deletions(-)
diff --git a/mesh/appkey.c b/mesh/appkey.c
index 6c65454c1..e96d5228a 100644
--- a/mesh/appkey.c
+++ b/mesh/appkey.c
@@ -50,23 +50,6 @@ struct mesh_msg {
uint16_t src;
};
-struct mod_decrypt {
- const uint8_t *data;
- uint8_t *out;
- struct mesh_app_key *key;
- uint8_t *virt;
- uint32_t seq;
- uint32_t iv_idx;
- uint16_t src;
- uint16_t dst;
- uint16_t idx;
- uint16_t size;
- uint16_t virt_size;
- uint8_t key_aid;
- bool szmict;
- bool decrypted;
-};
-
static bool match_key_index(const void *a, const void *b)
{
const struct mesh_app_key *key = a;
@@ -99,80 +82,6 @@ static bool clean_old_iv_index(void *a, void *b)
return false;
}
-static void packet_decrypt(void *a, void *b)
-{
- struct mesh_app_key *key = a;
- struct mod_decrypt *dec = b;
-
- l_debug("model.c - app_packet_decrypt");
- if (dec->decrypted)
- return;
-
- if (key->key_aid != dec->key_aid &&
- key->new_key_aid != dec->key_aid)
- return;
-
- dec->key = key;
-
- if (key->key_aid == dec->key_aid) {
- dec->decrypted = mesh_crypto_payload_decrypt(dec->virt,
- dec->virt_size, dec->data, dec->size,
- dec->szmict, dec->src, dec->dst, dec->key_aid,
- dec->seq, dec->iv_idx, dec->out, key->key);
- if (dec->decrypted)
- print_packet("Used App Key", dec->key->key, 16);
- else
- print_packet("Failed with App Key", dec->key->key, 16);
- }
-
- if (!dec->decrypted && key->new_key_aid == dec->key_aid) {
- dec->decrypted = mesh_crypto_payload_decrypt(dec->virt,
- dec->virt_size, dec->data, dec->size,
- dec->szmict, dec->src, dec->dst, dec->key_aid,
- dec->seq, dec->iv_idx, dec->out, key->new_key);
- if (dec->decrypted)
- print_packet("Used App Key", dec->key->new_key, 16);
- else
- print_packet("Failed with App Key",
- dec->key->new_key, 16);
- }
-
- if (dec->decrypted)
- dec->idx = key->app_idx;
-}
-
-int appkey_packet_decrypt(struct mesh_net *net, bool szmict, uint32_t seq,
- uint32_t iv_index, uint16_t src,
- uint16_t dst, uint8_t *virt, uint16_t virt_size,
- uint8_t key_aid, const uint8_t *data,
- uint16_t data_size, uint8_t *out)
-{
- struct l_queue *app_keys;
-
- struct mod_decrypt decrypt = {
- .src = src,
- .dst = dst,
- .seq = seq,
- .data = data,
- .out = out,
- .size = data_size,
- .key_aid = key_aid,
- .iv_idx = iv_index,
- .virt = virt,
- .virt_size = virt_size,
- .szmict = szmict,
- .decrypted = false,
- };
-
- app_keys = mesh_net_get_app_keys(net);
- if (!app_keys)
- return -1;
-
- l_queue_foreach(app_keys, packet_decrypt, &decrypt);
-
- return decrypt.decrypted ? decrypt.idx : -1;
-}
-
bool appkey_msg_in_replay_cache(struct mesh_net *net, uint16_t idx,
uint16_t src, uint16_t crpl, uint32_t seq,
uint32_t iv_index)
@@ -345,6 +254,26 @@ const uint8_t *appkey_get_key(struct mesh_net *net, uint16_t app_idx,
return app_key->new_key;
}
+int appkey_get_key_idx(struct mesh_app_key *app_key,
+ const uint8_t **key, uint8_t *key_aid,
+ const uint8_t **new_key, uint8_t *new_key_aid)
+{
+ if (!app_key)
+ return -1;
+
+ if (key && key_aid) {
+ *key = app_key->key;
+ *key_aid = app_key->key_aid;
+ }
+
+ if (new_key && new_key_aid) {
+ *new_key = app_key->new_key;
+ *new_key_aid = app_key->new_key_aid;
+ }
+
+ return app_key->app_idx;
+}
+
bool appkey_have_key(struct mesh_net *net, uint16_t app_idx)
{
struct mesh_app_key *key;
diff --git a/mesh/appkey.h b/mesh/appkey.h
index 4c135580a..b3e548071 100644
--- a/mesh/appkey.h
+++ b/mesh/appkey.h
@@ -20,19 +20,19 @@
/* TODO: get this number from configuration */
#define MAX_APP_KEYS 32
+struct mesh_app_key;
+
bool appkey_key_init(struct mesh_net *net, uint16_t net_idx, uint16_t app_idx,
uint8_t *key_value, uint8_t *new_key_value);
void appkey_key_free(void *data);
-int appkey_packet_decrypt(struct mesh_net *net, bool szmict, uint32_t seq,
- uint32_t iv_index, uint16_t src, uint16_t dst,
- uint8_t *virt, uint16_t virt_size,
- uint8_t key_id, const uint8_t *data,
- uint16_t data_size, uint8_t *out);
bool appkey_msg_in_replay_cache(struct mesh_net *net, uint16_t idx,
uint16_t src, uint16_t crpl, uint32_t seq,
uint32_t iv_index);
const uint8_t *appkey_get_key(struct mesh_net *net, uint16_t app_idx,
uint8_t *key_id);
+int appkey_get_key_idx(struct mesh_app_key *app_key,
+ const uint8_t **key, uint8_t *key_aid,
+ const uint8_t **new_key, uint8_t *new_key_aid);
bool appkey_have_key(struct mesh_net *net, uint16_t app_idx);
uint16_t appkey_net_idx(struct mesh_net *net, uint16_t app_idx);
int appkey_key_add(struct mesh_net *net, uint16_t net_idx, uint16_t app_idx,
diff --git a/mesh/model.c b/mesh/model.c
index 2ecaf00e9..52cb57429 100644
--- a/mesh/model.c
+++ b/mesh/model.c
@@ -353,6 +353,62 @@ static void forward_model(void *a, void *b)
fwd->done = true;
}
+static int app_packet_decrypt(struct mesh_net *net, const uint8_t *data,
+ uint16_t size, bool szmict, uint16_t src,
+ uint16_t dst, uint8_t *virt, uint16_t virt_size,
+ uint8_t key_aid, uint32_t seq,
+ uint32_t iv_idx, uint8_t *out)
+{
+ struct l_queue *app_keys = mesh_net_get_app_keys(net);
+ const struct l_queue_entry *entry;
+
+ if (!app_keys)
+ return -1;
+
+ for (entry = l_queue_get_entries(app_keys); entry;
+ entry = entry->next) {
+ const uint8_t *old_key = NULL, *new_key = NULL;
+ uint8_t old_key_aid, new_key_aid;
+ int app_idx;
+ bool decrypted;
+
+ app_idx = appkey_get_key_idx(entry->data,
+ &old_key, &old_key_aid,
+ &new_key, &new_key_aid);
+
+ if (app_idx < 0)
+ continue;
+
+ if (old_key && old_key_aid == key_aid) {
+ decrypted = mesh_crypto_payload_decrypt(NULL, 0, data,
+ size, szmict, src, dst, key_aid,
+ seq, iv_idx, out, old_key);
+
+ if (decrypted) {
+ print_packet("Used App Key", old_key, 16);
+ return app_idx;
+ }
+
+ print_packet("Failed App Key", old_key, 16);
+ }
+
+ if (new_key && new_key_aid == key_aid) {
+ decrypted = mesh_crypto_payload_decrypt(NULL, 0, data,
+ size, szmict, src, dst, key_aid,
+ seq, iv_idx, out, new_key);
+
+ if (decrypted) {
+ print_packet("Used App Key", new_key, 16);
+ return app_idx;
+ }
+
+ print_packet("Failed App Key", new_key, 16);
+ }
+ }
+
+ return -1;
+}
+
static int dev_packet_decrypt(struct mesh_node *node, const uint8_t *data,
uint16_t size, bool szmict, uint16_t src,
uint16_t dst, uint8_t key_aid, uint32_t seq,
@@ -395,11 +451,10 @@ static int virt_packet_decrypt(struct mesh_net *net, const uint8_t *data,
if (virt->addr != dst)
continue;
- decrypt_idx = appkey_packet_decrypt(net, szmict, seq,
- iv_idx, src, dst,
- virt->label, 16,
- key_aid,
- data, size, out);
+ decrypt_idx = app_packet_decrypt(net, data, size, szmict, src,
+ dst, virt->label, 16,
+ key_aid, seq, iv_idx,
+ out);
if (decrypt_idx >= 0) {
*decrypt_virt = virt;
@@ -853,10 +908,10 @@ bool mesh_model_rx(struct mesh_node *node, bool szmict, uint32_t seq0,
iv_index, clear_text,
&decrypt_virt);
else
- decrypt_idx = appkey_packet_decrypt(net, szmict, seq0,
- iv_index, src, dst,
- NULL, 0, key_aid, data,
- size, clear_text);
+ decrypt_idx = app_packet_decrypt(net, data, size, szmict, src,
+ dst, NULL, 0,
+ key_aid, seq0, iv_index,
+ clear_text);
if (decrypt_idx < 0) {
l_error("model.c - Failed to decrypt application payload");
--
2.19.1
next prev parent reply other threads:[~2019-08-19 9:33 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-19 9:33 [PATCH BlueZ 0/4] mesh: Streamline crypto functions Michał Lowas-Rzechonek
2019-08-19 9:33 ` [PATCH BlueZ 1/4] mesh: Remove unused defines Michał Lowas-Rzechonek
2019-08-19 9:33 ` [PATCH BlueZ 2/4] mesh: Normalize Access Key AID and Index naming in models Michał Lowas-Rzechonek
2019-08-19 9:33 ` Michał Lowas-Rzechonek [this message]
2019-08-19 9:33 ` [PATCH BlueZ 4/4] mesh: Remove redundant code from mesh/crypto Michał Lowas-Rzechonek
2019-09-17 6:55 ` [PATCH BlueZ 0/4] mesh: Streamline crypto functions Michał Lowas-Rzechonek
2019-09-30 9:12 ` Michał Lowas-Rzechonek
2019-10-03 20:06 ` Gix, Brian
2019-10-05 19:01 ` michal.lowas-rzechonek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190819093324.10566-4-michal.lowas-rzechonek@silvair.com \
--to=michal.lowas-rzechonek@silvair.com \
--cc=linux-bluetooth@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).