RE: [PATCH BlueZ] mesh: Create and store random token per node

RE: [PATCH BlueZ] mesh: Create and store random token per node

[Gix, Brian]

> -----Original Message-----
> From: Gix, Brian
> Sent: Thursday, April 4, 2019 3:43 PM
> To: linux-bluetooth@vger.kernel.org
> Cc: Gix, Brian <brian.gix@intel.com>
> Subject: [PATCH BlueZ] mesh: Create and store random token per node
> 
> Fix issue with device key being used as a token. Token now seperate, and
> with a portable representation in the node database.
> ---
>  mesh/mesh-db.c | 38 ++++++++++++++++++++++++++++++++++++++
>  mesh/mesh-db.h |  2 ++
>  mesh/mesh.c    |  6 +++---
>  mesh/node.c    | 22 ++++++++++++++++++++--
>  mesh/node.h    |  2 ++
>  mesh/storage.c |  5 +++++
>  6 files changed, 70 insertions(+), 5 deletions(-)
> 
> diff --git a/mesh/mesh-db.c b/mesh/mesh-db.c index f1bf8d8fa..64e33cd91
> 100644
> --- a/mesh/mesh-db.c
> +++ b/mesh/mesh-db.c
> @@ -51,6 +51,21 @@ static bool get_int(json_object *jobj, const char
> *keyword, int *value)
>  	return true;
>  }
> 
> +static bool add_u64_value(json_object *jobject, const char *desc,
> +					const uint8_t u64[8])
> +{
> +	json_object *jstring;
> +	char hexstr[17];
> +
> +	hex2str((uint8_t *) u64, 8, hexstr, 17);
> +	jstring = json_object_new_string(hexstr);
> +	if (!jstring)
> +		return false;
> +
> +	json_object_object_add(jobject, desc, jstring);
> +	return true;
> +}
> +
>  static bool add_key_value(json_object *jobject, const char *desc,
>  					const uint8_t key[16])
>  {
> @@ -257,6 +272,24 @@ bool mesh_db_read_iv_index(json_object *jobj,
> uint32_t *idx, bool *update)
>  	return true;
>  }
> 
> +bool mesh_db_read_token(json_object *jobj, uint8_t token[8]) {
> +	json_object *jvalue;
> +	char *str;
> +
> +	if (!token)
> +		return false;
> +
> +	if (!json_object_object_get_ex(jobj, "token", &jvalue))
> +		return false;
> +
> +	str = (char *)json_object_get_string(jvalue);
> +	if (!str2hex(str, strlen(str), token, 8))
> +		return false;
> +
> +	return true;
> +}
> +
>  bool mesh_db_read_device_key(json_object *jobj, uint8_t key_buf[16])  {
>  	json_object *jvalue;
> @@ -515,6 +548,11 @@ bool mesh_db_write_device_key(json_object
> *jnode, uint8_t *key)
>  	return add_key_value(jnode, "deviceKey", key);  }
> 
> +bool mesh_db_write_token(json_object *jnode, uint8_t *token) {
> +	return add_u64_value(jnode, "token", token); }
> +
>  bool mesh_db_app_key_add(json_object *jobj, uint16_t net_idx, uint16_t
> app_idx,
>  							const uint8_t key[16])
>  {
> diff --git a/mesh/mesh-db.h b/mesh/mesh-db.h index b9af1203b..06aba1f31
> 100644
> --- a/mesh/mesh-db.h
> +++ b/mesh/mesh-db.h
> @@ -104,6 +104,7 @@ bool mesh_db_read_node(json_object *jobj,
> mesh_db_node_cb cb, void *user_data);  bool
> mesh_db_add_node(json_object *jnode, struct mesh_db_node *node);
> bool mesh_db_read_iv_index(json_object *jobj, uint32_t *idx, bool
> *update);  bool mesh_db_read_device_key(json_object *jobj, uint8_t
> key_buf[16]);
> +bool mesh_db_read_token(json_object *jobj, uint8_t token[8]);
>  bool mesh_db_read_net_transmit(json_object *jobj, uint8_t *cnt,
>  							uint16_t *interval);
>  bool mesh_db_write_net_transmit(json_object *jobj, uint8_t cnt, @@ -
> 113,6 +114,7 @@ bool mesh_db_read_net_keys(json_object *jobj,
> mesh_db_net_key_cb cb,  bool mesh_db_read_app_keys(json_object
> *jobj, mesh_db_app_key_cb cb,
>  							void *user_data);
>  bool mesh_db_write_device_key(json_object *jobj, uint8_t *key);
> +bool mesh_db_write_token(json_object *jobj, uint8_t *token);
>  bool mesh_db_write_network_key(json_object *jobj, uint16_t idx, uint8_t
> *key,
>  						uint8_t *new_key, int
> phase);
>  bool mesh_db_write_app_key(json_object *jobj, uint16_t net_idx, diff --git
> a/mesh/mesh.c b/mesh/mesh.c index a0a9a7c8e..e7eef0473 100644
> --- a/mesh/mesh.c
> +++ b/mesh/mesh.c
> @@ -487,7 +487,7 @@ static bool prov_complete_cb(void *user_data,
> uint8_t status,
>  	struct l_dbus_message *msg;
>  	const char *owner;
>  	const char *path;
> -	const uint8_t *dev_key;
> +	const uint8_t *token;
> 
>  	l_debug("Provisioning complete %s", prov_status_str(status));
> 
> @@ -506,13 +506,13 @@ static bool prov_complete_cb(void *user_data,
> uint8_t status,
>  		return false;
>  	}
> 
> -	dev_key = node_get_device_key(join_pending->node);
> +	token = node_get_token(join_pending->node);
> 
>  	msg = l_dbus_message_new_method_call(dbus, owner, path,
> 
> 	MESH_APPLICATION_INTERFACE,
>  						"JoinComplete");
> 
> -	l_dbus_message_set_arguments(msg, "t", l_get_u64(dev_key));
> +	l_dbus_message_set_arguments(msg, "t", l_get_be64(token));
> 
>  	l_dbus_send(dbus_get_bus(), msg);
> 
> diff --git a/mesh/node.c b/mesh/node.c
> index 79221b5e2..dae9a4b79 100644
> --- a/mesh/node.c
> +++ b/mesh/node.c
> @@ -91,6 +91,7 @@ struct mesh_node {
>  	} relay;
>  	uint8_t dev_uuid[16];
>  	uint8_t dev_key[16];
> +	uint8_t token[8];
>  	uint8_t num_ele;
>  	uint8_t ttl;
>  	uint8_t lpn;
> @@ -132,7 +133,7 @@ static bool match_token(const void *a, const void *b)
> {
>  	const struct mesh_node *node = a;
>  	const uint64_t *token = b;
> -	const uint64_t tmp = l_get_u64(node->dev_key);
> +	const uint64_t tmp = l_get_be64(node->token);
> 
>  	return *token == tmp;
>  }
> @@ -453,6 +454,19 @@ const uint8_t *node_get_device_key(struct
> mesh_node *node)
>  		return node->dev_key;
>  }
> 
> +void node_set_token(struct mesh_node *node, uint8_t token[8]) {
> +	memcpy(node->token, token, 8);
> +}
> +
> +const uint8_t *node_get_token(struct mesh_node *node) {
> +	if (!node)
> +		return NULL;
> +	else
> +		return node->token;
> +}
> +
>  uint8_t node_get_num_elements(struct mesh_node *node)  {
>  	return node->num_ele;
> @@ -1059,7 +1073,7 @@ static void get_managed_objects_attach_cb(struct
> l_dbus_message *msg,
>  	struct attach_obj_request *req = user_data;
>  	struct mesh_node *node = req->node;
>  	const char *path;
> -	uint64_t token = l_get_u64(node->dev_key);
> +	uint64_t token = l_get_be64(node->token);
>  	uint8_t num_ele;
> 
>  	if (l_dbus_message_is_error(msg)) {
> @@ -1748,6 +1762,10 @@ bool node_add_pending_local(struct mesh_node
> *node, void *prov_node_info,
>  	node->primary = info->unicast;
>  	mesh_net_register_unicast(node->net, info->unicast, node-
> >num_ele);
> 
> +	l_getrandom(node->token, sizeof(node->token));
> +	if (!mesh_db_write_token(node->jconfig, node->token))
> +		return false;
> +
>  	memcpy(node->dev_key, info->device_key, 16);
>  	if (!mesh_db_write_device_key(node->jconfig, info->device_key))
>  		return false;
> diff --git a/mesh/node.h b/mesh/node.h
> index 954dfca75..ebc82ffb8 100644
> --- a/mesh/node.h
> +++ b/mesh/node.h
> @@ -47,6 +47,8 @@ bool node_app_key_delete(struct mesh_net *net,
> uint16_t addr,
>  				uint16_t net_idx, uint16_t idx);
>  uint16_t node_get_primary(struct mesh_node *node);  uint16_t
> node_get_primary_net_idx(struct mesh_node *node);
> +void node_set_token(struct mesh_node *node, uint8_t token[8]); const
> +uint8_t *node_get_token(struct mesh_node *node);
>  void node_set_device_key(struct mesh_node *node, uint8_t key[16]);
> const uint8_t *node_get_device_key(struct mesh_node *node);  void
> node_set_num_elements(struct mesh_node *node, uint8_t num_ele); diff
> --git a/mesh/storage.c b/mesh/storage.c index f04e3ec89..8a70b5696 100644
> --- a/mesh/storage.c
> +++ b/mesh/storage.c
> @@ -156,6 +156,11 @@ static bool parse_node(struct mesh_node *node,
> json_object *jnode)
>  	if (!mesh_db_read_net_keys(jnode, read_net_keys_cb, net))
>  		return false;
> 
> +	if (!mesh_db_read_token(jnode, key_buf))
> +		return false;
> +
> +	node_set_token(node, key_buf);
> +
>  	if (!mesh_db_read_device_key(jnode, key_buf))
>  		return false;
> 
> --
> 2.14.5

Applied