Linux-Bluetooth Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH 1/1] mesh: Add mesh agent cleanup to mesh cleanup
       [not found] <CGME20200324192821epcas5p3e756863feafcf1f8eab993a237c19521@epcas5p3.samsung.com>
@ 2020-03-24 19:27 ` Prathyusha Nelluri
       [not found]   ` <CGME20200324192820epcas5p10a4ae9a6d7e7dab22f4a5ab4ee752099@epcas5p1.samsung.com>
                     ` (8 more replies)
  0 siblings, 9 replies; 15+ messages in thread
From: Prathyusha Nelluri @ 2020-03-24 19:27 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: s.syam, Prathyusha N

From: Prathyusha N <prathyusha.n@samsung.com>

Freed agent completely in agent_free(). Removed agent from queue
after app disconnects in provisioner case. Linked agent to
join_pending so that agent gets freed after every join call.
Added mesh_agent_cleanup in mesh_cleanup to clear and free
agents queue.
---
 mesh/agent.c   | 3 ++-
 mesh/manager.c | 1 +
 mesh/mesh.c    | 2 ++
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/mesh/agent.c b/mesh/agent.c
index 3ab3893a1..ec49c37d0 100644
--- a/mesh/agent.c
+++ b/mesh/agent.c
@@ -205,6 +205,7 @@ static void agent_free(void *agent_data)
 
 	l_free(agent->path);
 	l_free(agent->owner);
+	l_free(agent);
 }
 
 void mesh_agent_remove(struct mesh_agent *agent)
@@ -212,8 +213,8 @@ void mesh_agent_remove(struct mesh_agent *agent)
 	if (!agent || !l_queue_find(agents, simple_match, agent))
 		return;
 
-	agent_free(agent);
 	l_queue_remove(agents, agent);
+	agent_free(agent);
 }
 
 void mesh_agent_cleanup(void)
diff --git a/mesh/manager.c b/mesh/manager.c
index e4a7deaeb..0b6511b4a 100644
--- a/mesh/manager.c
+++ b/mesh/manager.c
@@ -92,6 +92,7 @@ static void prov_disc_cb(struct l_dbus *bus, void *user_data)
 	initiator_cancel(add_pending);
 	add_pending->disc_watch = 0;
 
+	mesh_agent_remove(add_pending->agent);
 	free_pending_add_call();
 }
 
diff --git a/mesh/mesh.c b/mesh/mesh.c
index 6d2f86b6d..caabab508 100644
--- a/mesh/mesh.c
+++ b/mesh/mesh.c
@@ -336,6 +336,7 @@ void mesh_cleanup(void)
 	l_queue_destroy(pending_queue, pending_request_exit);
 	node_cleanup_all();
 	mesh_model_cleanup();
+	mesh_agent_cleanup();
 
 	l_dbus_object_remove_interface(dbus_get_bus(), BLUEZ_MESH_PATH,
 							MESH_NETWORK_INTERFACE);
@@ -480,6 +481,7 @@ static void node_init_cb(struct mesh_node *node, struct mesh_agent *agent)
 	}
 
 	join_pending->node = node;
+	join_pending->agent = agent;
 	num_ele = node_get_num_elements(node);
 
 	if (!acceptor_start(num_ele, join_pending->uuid, mesh.algorithms,
-- 
2.17.1


^ permalink raw reply	[flat|nested] 15+ messages in thread

* [PATCH 1/1] mesh: Check limits for count and interval of relay
       [not found]   ` <CGME20200324192820epcas5p10a4ae9a6d7e7dab22f4a5ab4ee752099@epcas5p1.samsung.com>
@ 2020-03-24 19:27     ` Prathyusha Nelluri
  2020-03-25 19:12       ` Gix, Brian
  0 siblings, 1 reply; 15+ messages in thread
From: Prathyusha Nelluri @ 2020-03-24 19:27 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: s.syam, Prathyusha N

From: Prathyusha N <prathyusha.n@samsung.com>

Added limit checking condition for count and interval
before processing for count and interval steps.
---
 mesh/cfgmod-server.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/mesh/cfgmod-server.c b/mesh/cfgmod-server.c
index 7111411c7..151cab154 100644
--- a/mesh/cfgmod-server.c
+++ b/mesh/cfgmod-server.c
@@ -881,7 +881,11 @@ static bool cfg_srv_pkt(uint16_t src, uint32_t dst, uint16_t unicast,
 		n = mesh_model_opcode_set(OP_CONFIG_RELAY_STATUS, msg);
 
 		msg[n++] = node_relay_mode_get(node, &count, &interval);
-		msg[n++] = (count - 1) + ((interval/10 - 1) << 3);
+
+		if (count > 0 && interval >= 10)
+			msg[n++] = (count - 1) + ((interval/10 - 1) << 3);
+		else
+			msg[n++] = 0;
 
 		l_debug("Get/Set Relay Config (%d)", msg[n-1]);
 		break;
-- 
2.17.1


^ permalink raw reply	[flat|nested] 15+ messages in thread

* [PATCH 1/1] mesh: Handle close for Acceptor
       [not found]   ` <CGME20200324192821epcas5p1cc8182aac6ed0b096c76e3ccbd269688@epcas5p1.samsung.com>
@ 2020-03-24 19:27     ` Prathyusha Nelluri
  0 siblings, 0 replies; 15+ messages in thread
From: Prathyusha Nelluri @ 2020-03-24 19:27 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: s.syam, Prathyusha N

From: Prathyusha N <prathyusha.n@samsung.com>

Provision complete callback is handled in provision failure case.
If link closed received abruptly with reason success, triggered
provision complete callback. Removed session timeout and session
free as they are handled in pb_adv_unreg.
---
 mesh/pb-adv.c        | 7 -------
 mesh/prov-acceptor.c | 9 ++++++++-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/mesh/pb-adv.c b/mesh/pb-adv.c
index 6ef45b8b0..649816fc6 100644
--- a/mesh/pb-adv.c
+++ b/mesh/pb-adv.c
@@ -223,9 +223,6 @@ static void tx_timeout(struct l_timeout *timeout, void *user_data)
 	if (!l_queue_find(pb_sessions, session_match, session))
 		return;
 
-	l_timeout_remove(session->tx_timeout);
-	session->tx_timeout = NULL;
-
 	mesh_send_cancel(filter, sizeof(filter));
 
 	l_info("TX timeout");
@@ -392,15 +389,11 @@ static void pb_adv_packet(void *user_data, const uint8_t *pkt, uint16_t len)
 		break;
 
 	case PB_ADV_CLOSE:
-		l_timeout_remove(session->tx_timeout);
 		l_debug("Link closed notification: %2.2x", pkt[0]);
 		/* Wrap callback for pre-cleaning */
 		if (true) {
 			mesh_prov_close_func_t cb = session->close_cb;
 			void *user_data = session->user_data;
-
-			l_queue_remove(pb_sessions, session);
-			l_free(session);
 			cb(user_data, pkt[0]);
 		}
 		break;
diff --git a/mesh/prov-acceptor.c b/mesh/prov-acceptor.c
index 03972c227..b6da67cf0 100644
--- a/mesh/prov-acceptor.c
+++ b/mesh/prov-acceptor.c
@@ -120,7 +120,14 @@ static void acceptor_free(void)
 
 static void acp_prov_close(void *user_data, uint8_t reason)
 {
-	/* TODO: Handle Close */
+	struct mesh_prov_acceptor *prov = user_data;
+
+	if (reason != PROV_ERR_SUCCESS && prov->cmplt)
+		prov->cmplt(prov->caller_data, reason, NULL);
+	else if (reason == PROV_ERR_SUCCESS && prov->cmplt)
+		prov->cmplt(prov->caller_data, PROV_ERR_UNEXPECTED_ERR, NULL);
+
+	prov->cmplt = NULL;
 	acceptor_free();
 }
 
-- 
2.17.1


^ permalink raw reply	[flat|nested] 15+ messages in thread

* [PATCH 1/1] mesh: Handle invalid public keys
       [not found]   ` <CGME20200324192822epcas5p2986c35616c596051bb7826457439c893@epcas5p2.samsung.com>
@ 2020-03-24 19:27     ` Prathyusha Nelluri
  2020-03-26 17:03       ` Gix, Brian
  0 siblings, 1 reply; 15+ messages in thread
From: Prathyusha Nelluri @ 2020-03-24 19:27 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: s.syam, Prathyusha N

From: Prathyusha N <prathyusha.n@samsung.com>

Check for invalid public keys received and send provision failed.
---
 mesh/prov-acceptor.c | 38 ++++++++++++++++++++++++++------------
 1 file changed, 26 insertions(+), 12 deletions(-)

diff --git a/mesh/prov-acceptor.c b/mesh/prov-acceptor.c
index 03972c227..d395bc5f2 100644
--- a/mesh/prov-acceptor.c
+++ b/mesh/prov-acceptor.c
@@ -180,7 +180,7 @@ static void swap_u256_bytes(uint8_t *u256)
 	}
 }
 
-static void prov_calc_secret(const uint8_t *pub, const uint8_t *priv,
+static bool prov_calc_secret(const uint8_t *pub, const uint8_t *priv,
 							uint8_t *secret)
 {
 	uint8_t tmp[64];
@@ -190,22 +190,27 @@ static void prov_calc_secret(const uint8_t *pub, const uint8_t *priv,
 	swap_u256_bytes(tmp);
 	swap_u256_bytes(tmp + 32);
 
-	ecdh_shared_secret(tmp, priv, secret);
+	if (!ecdh_shared_secret(tmp, priv, secret))
+		return false;
 
 	/* Convert to Mesh byte order */
 	swap_u256_bytes(secret);
+	return true;
 }
 
-static void acp_credentials(struct mesh_prov_acceptor *prov)
+static bool acp_credentials(struct mesh_prov_acceptor *prov)
 {
-	prov_calc_secret(prov->conf_inputs.prv_pub_key,
-			prov->private_key, prov->secret);
+	if (!prov_calc_secret(prov->conf_inputs.prv_pub_key,
+			prov->private_key, prov->secret))
+		return false;
 
-	mesh_crypto_s1(&prov->conf_inputs,
-			sizeof(prov->conf_inputs), prov->salt);
+	if (!mesh_crypto_s1(&prov->conf_inputs,
+			sizeof(prov->conf_inputs), prov->salt))
+		return false;
 
-	mesh_crypto_prov_conf_key(prov->secret, prov->salt,
-			prov->calc_key);
+	if (!mesh_crypto_prov_conf_key(prov->secret, prov->salt,
+			prov->calc_key))
+		return false;
 
 	l_getrandom(prov->rand_auth_workspace, 16);
 
@@ -218,6 +223,7 @@ static void acp_credentials(struct mesh_prov_acceptor *prov)
 	print_packet("LocalRandom", prov->rand_auth_workspace, 16);
 	print_packet("ConfirmationSalt", prov->salt, 16);
 	print_packet("ConfirmationKey", prov->calc_key, 16);
+	return true;
 }
 
 static uint32_t digit_mod(uint8_t power)
@@ -298,8 +304,13 @@ static void priv_key_cb(void *user_data, int err, uint8_t *key, uint32_t len)
 	swap_u256_bytes(prov->conf_inputs.dev_pub_key + 32);
 
 	prov->material |= MAT_LOCAL_PRIVATE;
-	if ((prov->material & MAT_SECRET) == MAT_SECRET)
-		acp_credentials(prov);
+	if ((prov->material & MAT_SECRET) == MAT_SECRET) {
+		if (!acp_credentials(prov)) {
+			msg.opcode = PROV_FAILED;
+			msg.reason = PROV_ERR_UNEXPECTED_ERR;
+			prov->trans_tx(prov->trans_data, &msg, sizeof(msg));
+		}
+	}
 }
 
 static void send_caps(struct mesh_prov_acceptor *prov)
@@ -423,7 +434,10 @@ static void acp_prov_rx(void *user_data, const uint8_t *data, uint16_t len)
 		if ((prov->material & MAT_SECRET) != MAT_SECRET)
 			return;
 
-		acp_credentials(prov);
+		if (!acp_credentials(prov)) {
+			fail.reason = PROV_ERR_UNEXPECTED_ERR;
+			goto failure;
+		}
 
 		if (!prov->conf_inputs.start.pub_key)
 			send_pub_key(prov);
-- 
2.17.1


^ permalink raw reply	[flat|nested] 15+ messages in thread

* [PATCH 1/1] mesh: Handle KeyRefresh phase 1 to phase 3
       [not found]   ` <CGME20200324192823epcas5p3b25363353b98e206a50d7fd4572c9552@epcas5p3.samsung.com>
@ 2020-03-24 19:27     ` Prathyusha Nelluri
  0 siblings, 0 replies; 15+ messages in thread
From: Prathyusha Nelluri @ 2020-03-24 19:27 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: s.syam, Prathyusha N

From: Prathyusha N <prathyusha.n@samsung.com>

Switch to phase 3 when updated net key index is same as
beacon key id. Switch beaconing key in phase 2 and phase 3.
---
 mesh/net.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/mesh/net.c b/mesh/net.c
index ec05b6be9..3b6c8365f 100644
--- a/mesh/net.c
+++ b/mesh/net.c
@@ -2598,6 +2598,14 @@ static int key_refresh_phase_two(struct mesh_net *net, uint16_t idx)
 	 */
 	subnet->kr_phase = KEY_REFRESH_PHASE_TWO;
 	refresh_beacon(subnet, net);
+
+	/* send snb with updated net key id in phase 2 */
+	if (net->beacon_enable) {
+		/* Switch beaconing key */
+		net_key_beacon_disable(subnet->net_key_cur);
+		net_key_beacon_enable(subnet->net_key_upd);
+	}
+
 	queue_friend_update(net);
 
 	l_queue_foreach(net->friends, frnd_kr_phase2, net);
@@ -2625,6 +2633,13 @@ static int key_refresh_finish(struct mesh_net *net, uint16_t idx)
 
 	l_info("Key refresh phase 3: use new keys only, discard old ones");
 
+	/* required when skipping phase 2 */
+	if (net->beacon_enable) {
+		/* Switch beaconing key */
+		net_key_beacon_disable(subnet->net_key_cur);
+		net_key_beacon_enable(subnet->net_key_upd);
+	}
+
 	/* Switch to using new keys, discard old ones */
 	net_key_unref(subnet->net_key_cur);
 	subnet->net_key_tx = subnet->net_key_cur = subnet->net_key_upd;
@@ -2755,7 +2770,8 @@ static void process_beacon(void *net_ptr, void *user_data)
 				ivi != net->iv_index || ivu != net->iv_update)
 		update_iv_ivu_state(net, ivi, ivu);
 
-	if (kr != local_kr)
+	if (kr != local_kr || (subnet->kr_phase == KEY_REFRESH_PHASE_ONE &&
+				subnet->net_key_upd == beacon_data->key_id))
 		update_kr_state(subnet, kr, beacon_data->key_id);
 
 	net_key_beacon_refresh(beacon_data->key_id, net->iv_index,
-- 
2.17.1


^ permalink raw reply	[flat|nested] 15+ messages in thread

* [PATCH 1/1] mesh: Handle KeyRefresh phase set to 3
       [not found]   ` <CGME20200324192824epcas5p4886d88a31b8f9b31eeaf2fa38385698b@epcas5p4.samsung.com>
@ 2020-03-24 19:27     ` Prathyusha Nelluri
  0 siblings, 0 replies; 15+ messages in thread
From: Prathyusha Nelluri @ 2020-03-24 19:27 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: s.syam, Prathyusha N

From: Prathyusha N <prathyusha.n@samsung.com>

If keyRefresh phase 3 is already completed then respond with
current phase state and status as SUCCESS.
---
 mesh/net.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/mesh/net.c b/mesh/net.c
index ec05b6be9..91d14b0b3 100644
--- a/mesh/net.c
+++ b/mesh/net.c
@@ -3419,6 +3419,9 @@ uint8_t mesh_net_key_refresh_phase_set(struct mesh_net *net, uint16_t idx,
 	if (transition == subnet->kr_phase)
 		return MESH_STATUS_SUCCESS;
 
+	if (transition == 3 && subnet->kr_phase == KEY_REFRESH_PHASE_NONE)
+		return MESH_STATUS_SUCCESS;
+
 	if ((transition != 2 && transition != 3) ||
 						transition < subnet->kr_phase)
 		return MESH_STATUS_CANNOT_SET;
-- 
2.17.1


^ permalink raw reply	[flat|nested] 15+ messages in thread

* [PATCH 1/1] mesh: Handle netkey delete when netkey is not in netkeylist
       [not found]   ` <CGME20200324192824epcas5p1de37a38491d79ea6dca2cc5da50cd289@epcas5p1.samsung.com>
@ 2020-03-24 19:27     ` Prathyusha Nelluri
  2020-03-26 17:03       ` Gix, Brian
  0 siblings, 1 reply; 15+ messages in thread
From: Prathyusha Nelluri @ 2020-03-24 19:27 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: s.syam, Prathyusha N

From: Prathyusha N <prathyusha.n@samsung.com>

4.4.1.2.9 of Mesh Profile Bluetooth specification:
When an element receives a Config NetKey Delete message that
identifies a NetKey that is not in the NetKey List, it
responds with Success, because the result of deleting the
key that does not exist in the NetKey List will be the same
as if the key was deleted from the NetKey List.
---
 mesh/net.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mesh/net.c b/mesh/net.c
index ec05b6be9..3546b87d0 100644
--- a/mesh/net.c
+++ b/mesh/net.c
@@ -941,7 +941,7 @@ int mesh_net_del_key(struct mesh_net *net, uint16_t idx)
 	subnet = l_queue_find(net->subnets, match_key_index,
 							L_UINT_TO_PTR(idx));
 	if (!subnet)
-		return MESH_STATUS_CANNOT_REMOVE;
+		return MESH_STATUS_SUCCESS;
 
 	/* Delete associated app keys */
 	appkey_delete_bound_keys(net, idx);
-- 
2.17.1


^ permalink raw reply	[flat|nested] 15+ messages in thread

* [PATCH 1/1] mesh: Initialize local_acked to zero
       [not found]   ` <CGME20200324192825epcas5p4c038b652414de6be433f224a655a2244@epcas5p4.samsung.com>
@ 2020-03-24 19:27     ` Prathyusha Nelluri
  0 siblings, 0 replies; 15+ messages in thread
From: Prathyusha Nelluri @ 2020-03-24 19:27 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: s.syam, Prathyusha N

From: Prathyusha N <prathyusha.n@samsung.com>

Initialized local_acked to zero to send received acknowledge
to acceptor.
---
 mesh/pb-adv.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mesh/pb-adv.c b/mesh/pb-adv.c
index 6ef45b8b0..f7aad0041 100644
--- a/mesh/pb-adv.c
+++ b/mesh/pb-adv.c
@@ -375,7 +375,7 @@ static void pb_adv_packet(void *user_data, const uint8_t *pkt, uint16_t len)
 		first = !session->link_id;
 		session->link_id = link_id;
 		session->last_peer_trans_num = 0xFF;
-		session->local_acked = 0xFF;
+		session->local_acked = 0x00;
 		session->peer_trans_num = 0x00;
 		session->local_trans_num = 0x7F;
 		session->opened = true;
-- 
2.17.1


^ permalink raw reply	[flat|nested] 15+ messages in thread

* [PATCH 1/1] mesh: Send input complete for input OOB Authentication
       [not found]   ` <CGME20200324192826epcas5p2eb80e44ac061329faf5421ba3b76e5f8@epcas5p2.samsung.com>
@ 2020-03-24 19:27     ` Prathyusha Nelluri
  2020-03-26 17:02       ` Gix, Brian
  0 siblings, 1 reply; 15+ messages in thread
From: Prathyusha Nelluri @ 2020-03-24 19:27 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: s.syam, Prathyusha N

From: Prathyusha N <prathyusha.n@samsung.com>

Send input complete when user completes input operation.
---
 mesh/prov-acceptor.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/mesh/prov-acceptor.c b/mesh/prov-acceptor.c
index 03972c227..20a2ce4be 100644
--- a/mesh/prov-acceptor.c
+++ b/mesh/prov-acceptor.c
@@ -272,6 +272,12 @@ static void static_cb(void *user_data, int err, uint8_t *key, uint32_t len)
 	memcpy(prov->rand_auth_workspace + 16, key, 16);
 	memcpy(prov->rand_auth_workspace + 32, key, 16);
 	prov->material |= MAT_RAND_AUTH;
+
+	if (prov->conf_inputs.start.auth_action ==
+							PROV_ACTION_IN_ALPHA) {
+		msg.opcode = PROV_INP_CMPLT;
+		prov->trans_tx(prov->trans_data, &msg.opcode, 1);
+	}
 }
 
 static void priv_key_cb(void *user_data, int err, uint8_t *key, uint32_t len)
-- 
2.17.1


^ permalink raw reply	[flat|nested] 15+ messages in thread

* [PATCH 1/1] mesh: Validate Provisioning Start PDU values
       [not found]   ` <CGME20200324192827epcas5p3f70d5e24d6042786ffea8bdbd5ddc8e8@epcas5p3.samsung.com>
@ 2020-03-24 19:27     ` Prathyusha Nelluri
  0 siblings, 0 replies; 15+ messages in thread
From: Prathyusha Nelluri @ 2020-03-24 19:27 UTC (permalink / raw)
  To: linux-bluetooth; +Cc: s.syam, Prathyusha N

From: Prathyusha N <prathyusha.n@samsung.com>

Check for inconsistent Authentication method versus Authentication
Action and Authentication Size fields before proceeding for
exchanging public keys. Check for Public Key OOB in Capabilities
and Start PDU.
---
 mesh/prov-acceptor.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/mesh/prov-acceptor.c b/mesh/prov-acceptor.c
index 03972c227..d0ae77322 100644
--- a/mesh/prov-acceptor.c
+++ b/mesh/prov-acceptor.c
@@ -393,6 +393,21 @@ static void acp_prov_rx(void *user_data, const uint8_t *data, uint16_t len)
 			goto failure;
 		}
 
+		if (prov->conf_inputs.start.auth_method < 2 &&
+				(prov->conf_inputs.start.auth_action ||
+					prov->conf_inputs.start.auth_size)) {
+			l_debug("inconsistent auth method and action");
+			fail.reason = PROV_ERR_INVALID_FORMAT;
+			goto failure;
+		}
+
+		if (prov->conf_inputs.caps.pub_type !=
+				prov->conf_inputs.start.pub_key) {
+			l_debug("inconsistent pubkey type");
+			fail.reason = PROV_ERR_INVALID_FORMAT;
+			goto failure;
+		}
+
 		if (prov->conf_inputs.start.pub_key) {
 			if (prov->conf_inputs.caps.pub_type) {
 				/* Prompt Agent for Private Key of OOB */
-- 
2.17.1


^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [PATCH 1/1] mesh: Check limits for count and interval of relay
  2020-03-24 19:27     ` [PATCH 1/1] mesh: Check limits for count and interval of relay Prathyusha Nelluri
@ 2020-03-25 19:12       ` Gix, Brian
  2020-03-26 17:02         ` Gix, Brian
  0 siblings, 1 reply; 15+ messages in thread
From: Gix, Brian @ 2020-03-25 19:12 UTC (permalink / raw)
  To: prathyusha.n, linux-bluetooth; +Cc: s.syam, Stotland, Inga

Hi Prathyusha,

Inga and I have been talking, and comparing behavior to spec, and we believe that the *only* way that invalid
data can make its way into the system is to hand-edit the node.json file, which is not something we want to
encourage.  We suggest moving validation to where the node.json is read....
mesh/config-json.c in parse_features()

Basically, we only care if 
    "mode":"enabled",

in which case, we range check interval (10-320) and count (1-8).

Any values outside that range, we "Fail to Parse" the node, and that node will not be loaded....  So edit the
node.json by hand *only* with legal arguments.

Beyond that, if relay is "disabled" or "unsupported", the interval and count are don't cares, and there is no
obligation for the 2nd parameter octet of RELAY_STATUS to be zero'd.  As for the incoming RELAY_SET, there are
no out of range or disallowed values for count or interval.  


On Wed, 2020-03-25 at 00:57 +0530, Prathyusha Nelluri wrote:
> From: Prathyusha N <prathyusha.n@samsung.com>
> 
> Added limit checking condition for count and interval
> before processing for count and interval steps.
> ---
>  mesh/cfgmod-server.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/mesh/cfgmod-server.c b/mesh/cfgmod-server.c
> index 7111411c7..151cab154 100644
> --- a/mesh/cfgmod-server.c
> +++ b/mesh/cfgmod-server.c
> @@ -881,7 +881,11 @@ static bool cfg_srv_pkt(uint16_t src, uint32_t dst, uint16_t unicast,
>  		n = mesh_model_opcode_set(OP_CONFIG_RELAY_STATUS, msg);
>  
>  		msg[n++] = node_relay_mode_get(node, &count, &interval);
> -		msg[n++] = (count - 1) + ((interval/10 - 1) << 3);
> +
> +		if (count > 0 && interval >= 10)
> +			msg[n++] = (count - 1) + ((interval/10 - 1) << 3);
> +		else
> +			msg[n++] = 0;
>  
>  		l_debug("Get/Set Relay Config (%d)", msg[n-1]);
>  		break;

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [PATCH 1/1] mesh: Check limits for count and interval of relay
  2020-03-25 19:12       ` Gix, Brian
@ 2020-03-26 17:02         ` Gix, Brian
  0 siblings, 0 replies; 15+ messages in thread
From: Gix, Brian @ 2020-03-26 17:02 UTC (permalink / raw)
  To: prathyusha.n, linux-bluetooth; +Cc: s.syam, Stotland, Inga

Applied
On Wed, 2020-03-25 at 19:12 +0000, Gix, Brian wrote:
> Hi Prathyusha,
> 
> Inga and I have been talking, and comparing behavior to spec, and we believe that the *only* way that invalid
> data can make its way into the system is to hand-edit the node.json file, which is not something we want to
> encourage.  We suggest moving validation to where the node.json is read....
> mesh/config-json.c in parse_features()
> 
> Basically, we only care if 
>     "mode":"enabled",
> 
> in which case, we range check interval (10-320) and count (1-8).
> 
> Any values outside that range, we "Fail to Parse" the node, and that node will not be loaded....  So edit the
> node.json by hand *only* with legal arguments.
> 
> Beyond that, if relay is "disabled" or "unsupported", the interval and count are don't cares, and there is no
> obligation for the 2nd parameter octet of RELAY_STATUS to be zero'd.  As for the incoming RELAY_SET, there
> are
> no out of range or disallowed values for count or interval.  
> 
> 
> On Wed, 2020-03-25 at 00:57 +0530, Prathyusha Nelluri wrote:
> > From: Prathyusha N <prathyusha.n@samsung.com>
> > 
> > Added limit checking condition for count and interval
> > before processing for count and interval steps.
> > ---
> >  mesh/cfgmod-server.c | 6 +++++-
> >  1 file changed, 5 insertions(+), 1 deletion(-)
> > 
> > diff --git a/mesh/cfgmod-server.c b/mesh/cfgmod-server.c
> > index 7111411c7..151cab154 100644
> > --- a/mesh/cfgmod-server.c
> > +++ b/mesh/cfgmod-server.c
> > @@ -881,7 +881,11 @@ static bool cfg_srv_pkt(uint16_t src, uint32_t dst, uint16_t unicast,
> >  		n = mesh_model_opcode_set(OP_CONFIG_RELAY_STATUS, msg);
> >  
> >  		msg[n++] = node_relay_mode_get(node, &count, &interval);
> > -		msg[n++] = (count - 1) + ((interval/10 - 1) << 3);
> > +
> > +		if (count > 0 && interval >= 10)
> > +			msg[n++] = (count - 1) + ((interval/10 - 1) << 3);
> > +		else
> > +			msg[n++] = 0;
> >  
> >  		l_debug("Get/Set Relay Config (%d)", msg[n-1]);
> >  		break;

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [PATCH 1/1] mesh: Send input complete for input OOB Authentication
  2020-03-24 19:27     ` [PATCH 1/1] mesh: Send input complete for input OOB Authentication Prathyusha Nelluri
@ 2020-03-26 17:02       ` Gix, Brian
  0 siblings, 0 replies; 15+ messages in thread
From: Gix, Brian @ 2020-03-26 17:02 UTC (permalink / raw)
  To: prathyusha.n, linux-bluetooth; +Cc: s.syam

Applied
On Wed, 2020-03-25 at 00:57 +0530, Prathyusha Nelluri wrote:
> From: Prathyusha N <prathyusha.n@samsung.com>
> 
> Send input complete when user completes input operation.
> ---
>  mesh/prov-acceptor.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/mesh/prov-acceptor.c b/mesh/prov-acceptor.c
> index 03972c227..20a2ce4be 100644
> --- a/mesh/prov-acceptor.c
> +++ b/mesh/prov-acceptor.c
> @@ -272,6 +272,12 @@ static void static_cb(void *user_data, int err, uint8_t *key, uint32_t len)
>  	memcpy(prov->rand_auth_workspace + 16, key, 16);
>  	memcpy(prov->rand_auth_workspace + 32, key, 16);
>  	prov->material |= MAT_RAND_AUTH;
> +
> +	if (prov->conf_inputs.start.auth_action ==
> +							PROV_ACTION_IN_ALPHA) {
> +		msg.opcode = PROV_INP_CMPLT;
> +		prov->trans_tx(prov->trans_data, &msg.opcode, 1);
> +	}
>  }
>  
>  static void priv_key_cb(void *user_data, int err, uint8_t *key, uint32_t len)

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [PATCH 1/1] mesh: Handle invalid public keys
  2020-03-24 19:27     ` [PATCH 1/1] mesh: Handle invalid public keys Prathyusha Nelluri
@ 2020-03-26 17:03       ` Gix, Brian
  0 siblings, 0 replies; 15+ messages in thread
From: Gix, Brian @ 2020-03-26 17:03 UTC (permalink / raw)
  To: prathyusha.n, linux-bluetooth; +Cc: s.syam

Applied
On Wed, 2020-03-25 at 00:57 +0530, Prathyusha Nelluri wrote:
> From: Prathyusha N <prathyusha.n@samsung.com>
> 
> Check for invalid public keys received and send provision failed.
> ---
>  mesh/prov-acceptor.c | 38 ++++++++++++++++++++++++++------------
>  1 file changed, 26 insertions(+), 12 deletions(-)
> 
> diff --git a/mesh/prov-acceptor.c b/mesh/prov-acceptor.c
> index 03972c227..d395bc5f2 100644
> --- a/mesh/prov-acceptor.c
> +++ b/mesh/prov-acceptor.c
> @@ -180,7 +180,7 @@ static void swap_u256_bytes(uint8_t *u256)
>  	}
>  }
>  
> -static void prov_calc_secret(const uint8_t *pub, const uint8_t *priv,
> +static bool prov_calc_secret(const uint8_t *pub, const uint8_t *priv,
>  							uint8_t *secret)
>  {
>  	uint8_t tmp[64];
> @@ -190,22 +190,27 @@ static void prov_calc_secret(const uint8_t *pub, const uint8_t *priv,
>  	swap_u256_bytes(tmp);
>  	swap_u256_bytes(tmp + 32);
>  
> -	ecdh_shared_secret(tmp, priv, secret);
> +	if (!ecdh_shared_secret(tmp, priv, secret))
> +		return false;
>  
>  	/* Convert to Mesh byte order */
>  	swap_u256_bytes(secret);
> +	return true;
>  }
>  
> -static void acp_credentials(struct mesh_prov_acceptor *prov)
> +static bool acp_credentials(struct mesh_prov_acceptor *prov)
>  {
> -	prov_calc_secret(prov->conf_inputs.prv_pub_key,
> -			prov->private_key, prov->secret);
> +	if (!prov_calc_secret(prov->conf_inputs.prv_pub_key,
> +			prov->private_key, prov->secret))
> +		return false;
>  
> -	mesh_crypto_s1(&prov->conf_inputs,
> -			sizeof(prov->conf_inputs), prov->salt);
> +	if (!mesh_crypto_s1(&prov->conf_inputs,
> +			sizeof(prov->conf_inputs), prov->salt))
> +		return false;
>  
> -	mesh_crypto_prov_conf_key(prov->secret, prov->salt,
> -			prov->calc_key);
> +	if (!mesh_crypto_prov_conf_key(prov->secret, prov->salt,
> +			prov->calc_key))
> +		return false;
>  
>  	l_getrandom(prov->rand_auth_workspace, 16);
>  
> @@ -218,6 +223,7 @@ static void acp_credentials(struct mesh_prov_acceptor *prov)
>  	print_packet("LocalRandom", prov->rand_auth_workspace, 16);
>  	print_packet("ConfirmationSalt", prov->salt, 16);
>  	print_packet("ConfirmationKey", prov->calc_key, 16);
> +	return true;
>  }
>  
>  static uint32_t digit_mod(uint8_t power)
> @@ -298,8 +304,13 @@ static void priv_key_cb(void *user_data, int err, uint8_t *key, uint32_t len)
>  	swap_u256_bytes(prov->conf_inputs.dev_pub_key + 32);
>  
>  	prov->material |= MAT_LOCAL_PRIVATE;
> -	if ((prov->material & MAT_SECRET) == MAT_SECRET)
> -		acp_credentials(prov);
> +	if ((prov->material & MAT_SECRET) == MAT_SECRET) {
> +		if (!acp_credentials(prov)) {
> +			msg.opcode = PROV_FAILED;
> +			msg.reason = PROV_ERR_UNEXPECTED_ERR;
> +			prov->trans_tx(prov->trans_data, &msg, sizeof(msg));
> +		}
> +	}
>  }
>  
>  static void send_caps(struct mesh_prov_acceptor *prov)
> @@ -423,7 +434,10 @@ static void acp_prov_rx(void *user_data, const uint8_t *data, uint16_t len)
>  		if ((prov->material & MAT_SECRET) != MAT_SECRET)
>  			return;
>  
> -		acp_credentials(prov);
> +		if (!acp_credentials(prov)) {
> +			fail.reason = PROV_ERR_UNEXPECTED_ERR;
> +			goto failure;
> +		}
>  
>  		if (!prov->conf_inputs.start.pub_key)
>  			send_pub_key(prov);

^ permalink raw reply	[flat|nested] 15+ messages in thread

* Re: [PATCH 1/1] mesh: Handle netkey delete when netkey is not in netkeylist
  2020-03-24 19:27     ` [PATCH 1/1] mesh: Handle netkey delete when netkey is not in netkeylist Prathyusha Nelluri
@ 2020-03-26 17:03       ` Gix, Brian
  0 siblings, 0 replies; 15+ messages in thread
From: Gix, Brian @ 2020-03-26 17:03 UTC (permalink / raw)
  To: prathyusha.n, linux-bluetooth; +Cc: s.syam

Applied
On Wed, 2020-03-25 at 00:57 +0530, Prathyusha Nelluri wrote:
> From: Prathyusha N <prathyusha.n@samsung.com>
> 
> 4.4.1.2.9 of Mesh Profile Bluetooth specification:
> When an element receives a Config NetKey Delete message that
> identifies a NetKey that is not in the NetKey List, it
> responds with Success, because the result of deleting the
> key that does not exist in the NetKey List will be the same
> as if the key was deleted from the NetKey List.
> ---
>  mesh/net.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/mesh/net.c b/mesh/net.c
> index ec05b6be9..3546b87d0 100644
> --- a/mesh/net.c
> +++ b/mesh/net.c
> @@ -941,7 +941,7 @@ int mesh_net_del_key(struct mesh_net *net, uint16_t idx)
>  	subnet = l_queue_find(net->subnets, match_key_index,
>  							L_UINT_TO_PTR(idx));
>  	if (!subnet)
> -		return MESH_STATUS_CANNOT_REMOVE;
> +		return MESH_STATUS_SUCCESS;
>  
>  	/* Delete associated app keys */
>  	appkey_delete_bound_keys(net, idx);

^ permalink raw reply	[flat|nested] 15+ messages in thread

end of thread, back to index

Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <CGME20200324192821epcas5p3e756863feafcf1f8eab993a237c19521@epcas5p3.samsung.com>
2020-03-24 19:27 ` [PATCH 1/1] mesh: Add mesh agent cleanup to mesh cleanup Prathyusha Nelluri
     [not found]   ` <CGME20200324192820epcas5p10a4ae9a6d7e7dab22f4a5ab4ee752099@epcas5p1.samsung.com>
2020-03-24 19:27     ` [PATCH 1/1] mesh: Check limits for count and interval of relay Prathyusha Nelluri
2020-03-25 19:12       ` Gix, Brian
2020-03-26 17:02         ` Gix, Brian
     [not found]   ` <CGME20200324192821epcas5p1cc8182aac6ed0b096c76e3ccbd269688@epcas5p1.samsung.com>
2020-03-24 19:27     ` [PATCH 1/1] mesh: Handle close for Acceptor Prathyusha Nelluri
     [not found]   ` <CGME20200324192822epcas5p2986c35616c596051bb7826457439c893@epcas5p2.samsung.com>
2020-03-24 19:27     ` [PATCH 1/1] mesh: Handle invalid public keys Prathyusha Nelluri
2020-03-26 17:03       ` Gix, Brian
     [not found]   ` <CGME20200324192823epcas5p3b25363353b98e206a50d7fd4572c9552@epcas5p3.samsung.com>
2020-03-24 19:27     ` [PATCH 1/1] mesh: Handle KeyRefresh phase 1 to phase 3 Prathyusha Nelluri
     [not found]   ` <CGME20200324192824epcas5p4886d88a31b8f9b31eeaf2fa38385698b@epcas5p4.samsung.com>
2020-03-24 19:27     ` [PATCH 1/1] mesh: Handle KeyRefresh phase set to 3 Prathyusha Nelluri
     [not found]   ` <CGME20200324192824epcas5p1de37a38491d79ea6dca2cc5da50cd289@epcas5p1.samsung.com>
2020-03-24 19:27     ` [PATCH 1/1] mesh: Handle netkey delete when netkey is not in netkeylist Prathyusha Nelluri
2020-03-26 17:03       ` Gix, Brian
     [not found]   ` <CGME20200324192825epcas5p4c038b652414de6be433f224a655a2244@epcas5p4.samsung.com>
2020-03-24 19:27     ` [PATCH 1/1] mesh: Initialize local_acked to zero Prathyusha Nelluri
     [not found]   ` <CGME20200324192826epcas5p2eb80e44ac061329faf5421ba3b76e5f8@epcas5p2.samsung.com>
2020-03-24 19:27     ` [PATCH 1/1] mesh: Send input complete for input OOB Authentication Prathyusha Nelluri
2020-03-26 17:02       ` Gix, Brian
     [not found]   ` <CGME20200324192827epcas5p3f70d5e24d6042786ffea8bdbd5ddc8e8@epcas5p3.samsung.com>
2020-03-24 19:27     ` [PATCH 1/1] mesh: Validate Provisioning Start PDU values Prathyusha Nelluri

Linux-Bluetooth Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-bluetooth/0 linux-bluetooth/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-bluetooth linux-bluetooth/ https://lore.kernel.org/linux-bluetooth \
		linux-bluetooth@vger.kernel.org
	public-inbox-index linux-bluetooth

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-bluetooth


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git