diff --git a/examples/all-clusters-app/esp32/main/main.cpp b/examples/all-clusters-app/esp32/main/main.cpp index 00b9dccb5053ee..9cd06508620954 100644 --- a/examples/all-clusters-app/esp32/main/main.cpp +++ b/examples/all-clusters-app/esp32/main/main.cpp @@ -330,6 +330,49 @@ class DeviceListModel : public ListScreen::Model } }; +class ActionListModel : public ListScreen::Model +{ + int GetItemCount() override { return static_cast(mActions.size()); } + std::string GetItemText(int i) override { return mActions[i].title.c_str(); } + void ItemAction(int i) override + { + ESP_LOGI(TAG, "generic action %d", i); + mActions[i].action(); + } + +protected: + void AddAction(const char * name, std::function action) { mActions.push_back(Action(name, action)); } + +private: + struct Action + { + std::string title; + std::function action; + + Action(const char * t, std::function a) : title(t), action(a) {} + }; + + std::vector mActions; +}; + +class MdnsDebugListModel : public ActionListModel +{ +public: + std::string GetTitle() override { return "mDNS Debug"; } + + MdnsDebugListModel() { AddAction("(Re-)Init", std::bind(&MdnsDebugListModel::DoReinit, this)); } + +private: + void DoReinit() + { + CHIP_ERROR err = Dnssd::ServiceAdvertiser::Instance().Init(&DeviceLayer::InetLayer); + if (err != CHIP_NO_ERROR) + { + ESP_LOGE(TAG, "Error initializing: %s", err.AsString()); + } + } +}; + class SetupListModel : public ListScreen::Model { public: @@ -696,10 +739,10 @@ extern "C" void app_main() ESP_LOGI(TAG, "Opening device list"); ScreenManager::PushScreen(chip::Platform::New(chip::Platform::New())); }) - ->Item("Custom", + ->Item("mDNS Debug", []() { - ESP_LOGI(TAG, "Opening custom screen"); - ScreenManager::PushScreen(chip::Platform::New()); + ESP_LOGI(TAG, "Opening MDNS debug"); + ScreenManager::PushScreen(chip::Platform::New(chip::Platform::New())); }) ->Item("QR Code", [=]() { @@ -722,6 +765,11 @@ extern "C" void app_main() ESP_LOGI(TAG, "Opening Setup list"); ScreenManager::PushScreen(chip::Platform::New(chip::Platform::New())); }) + ->Item("Custom", + []() { + ESP_LOGI(TAG, "Opening custom screen"); + ScreenManager::PushScreen(chip::Platform::New()); + }) ->Item("More") ->Item("Items") ->Item("For") diff --git a/src/crypto/CHIPCryptoPAL.h b/src/crypto/CHIPCryptoPAL.h index ad6313027f7533..b9a65a8441eca6 100644 --- a/src/crypto/CHIPCryptoPAL.h +++ b/src/crypto/CHIPCryptoPAL.h @@ -50,7 +50,8 @@ constexpr size_t kSHA1_Hash_Length = 20; constexpr size_t CHIP_CRYPTO_GROUP_SIZE_BYTES = kP256_FE_Length; constexpr size_t CHIP_CRYPTO_PUBLIC_KEY_SIZE_BYTES = kP256_Point_Length; -constexpr size_t CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES = 16; +constexpr size_t CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES = 16; +constexpr size_t CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES = 16; constexpr size_t kMax_ECDH_Secret_Length = kP256_FE_Length; constexpr size_t kMax_ECDSA_Signature_Length = kP256_ECDSA_Signature_Length_Raw; diff --git a/src/inet/UDPEndPoint.cpp b/src/inet/UDPEndPoint.cpp index 646f690d323f27..eaef4fc599a244 100644 --- a/src/inet/UDPEndPoint.cpp +++ b/src/inet/UDPEndPoint.cpp @@ -142,7 +142,7 @@ CHIP_ERROR UDPEndPoint::BindImpl(IPAddressType addrType, const IPAddress & addr, // // We may want to consider having separate AnyV4 and AnyV6 constants // inside CHIP to resolve this ambiguity - if ((addr.Type() == kIPAddressType_Any) && (addrType == kIPAddressType_IPv6)) + if ((addr.Type() == IPAddressType::kAny) && (addrType == IPAddressType::kIPv6)) { ipAddr = *IP6_ADDR_ANY; } diff --git a/src/lib/dnssd/minimal_mdns/ResponseSender.cpp b/src/lib/dnssd/minimal_mdns/ResponseSender.cpp index 71ccc10f35b1a2..41d80a89ad4a7f 100644 --- a/src/lib/dnssd/minimal_mdns/ResponseSender.cpp +++ b/src/lib/dnssd/minimal_mdns/ResponseSender.cpp @@ -174,8 +174,8 @@ CHIP_ERROR ResponseSender::FlushReply() else { ChipLogDetail(Discovery, "Broadcasting mDns reply for query from %s", srcAddressString); - ReturnErrorOnFailure( - mServer->BroadcastSend(mResponseBuilder.ReleasePacket(), kMdnsStandardPort, mSendState.GetSourceInterfaceId())); + ReturnErrorOnFailure(mServer->BroadcastSend(mResponseBuilder.ReleasePacket(), kMdnsStandardPort, + mSendState.GetSourceInterfaceId(), mSendState.GetSourceAddress().Type())); } } diff --git a/src/lib/dnssd/minimal_mdns/Server.cpp b/src/lib/dnssd/minimal_mdns/Server.cpp index d2e3cc2dc9d099..7dc2ba09f0f3da 100644 --- a/src/lib/dnssd/minimal_mdns/Server.cpp +++ b/src/lib/dnssd/minimal_mdns/Server.cpp @@ -222,7 +222,8 @@ CHIP_ERROR ServerBase::DirectSend(chip::System::PacketBufferHandle && data, cons return CHIP_ERROR_NOT_CONNECTED; } -CHIP_ERROR ServerBase::BroadcastSend(chip::System::PacketBufferHandle && data, uint16_t port, chip::Inet::InterfaceId interface) +CHIP_ERROR ServerBase::BroadcastSend(chip::System::PacketBufferHandle && data, uint16_t port, chip::Inet::InterfaceId interface, + chip::Inet::IPAddressType addressType) { for (size_t i = 0; i < mEndpointCount; i++) { @@ -233,7 +234,12 @@ CHIP_ERROR ServerBase::BroadcastSend(chip::System::PacketBufferHandle && data, u continue; } - if ((info->udp->GetBoundInterface() != interface) && (info->udp->GetBoundInterface() != INET_NULL_INTERFACEID)) + if ((info->interfaceId != interface) && (info->interfaceId != INET_NULL_INTERFACEID)) + { + continue; + } + + if ((addressType != chip::Inet::IPAddressType::kAny) && (info->addressType != addressType)) { continue; } @@ -242,17 +248,17 @@ CHIP_ERROR ServerBase::BroadcastSend(chip::System::PacketBufferHandle && data, u /// The same packet needs to be sent over potentially multiple interfaces. /// LWIP does not like having a pbuf sent over serparate interfaces, hence we create a copy + /// for sending via `CloneData` + /// /// TODO: this wastes one copy of the data and that could be optimized away - chip::System::PacketBufferHandle copy = data.CloneData(); - if (info->addressType == chip::Inet::IPAddressType::kIPv6) { - err = info->udp->SendTo(mIpv6BroadcastAddress, port, std::move(copy), info->udp->GetBoundInterface()); + err = info->udp->SendTo(mIpv6BroadcastAddress, port, data.CloneData(), info->udp->GetBoundInterface()); } #if INET_CONFIG_ENABLE_IPV4 else if (info->addressType == chip::Inet::IPAddressType::kIPv4) { - err = info->udp->SendTo(mIpv4BroadcastAddress, port, std::move(copy), info->udp->GetBoundInterface()); + err = info->udp->SendTo(mIpv4BroadcastAddress, port, data.CloneData(), info->udp->GetBoundInterface()); } #endif else @@ -295,17 +301,17 @@ CHIP_ERROR ServerBase::BroadcastSend(chip::System::PacketBufferHandle && data, u /// The same packet needs to be sent over potentially multiple interfaces. /// LWIP does not like having a pbuf sent over serparate interfaces, hence we create a copy + /// for sending via `CloneData` + /// /// TODO: this wastes one copy of the data and that could be optimized away - chip::System::PacketBufferHandle copy = data.CloneData(); - if (info->addressType == chip::Inet::IPAddressType::kIPv6) { - err = info->udp->SendTo(mIpv6BroadcastAddress, port, std::move(copy), info->udp->GetBoundInterface()); + err = info->udp->SendTo(mIpv6BroadcastAddress, port, data.CloneData(), info->udp->GetBoundInterface()); } #if INET_CONFIG_ENABLE_IPV4 else if (info->addressType == chip::Inet::IPAddressType::kIPv4) { - err = info->udp->SendTo(mIpv4BroadcastAddress, port, std::move(copy), info->udp->GetBoundInterface()); + err = info->udp->SendTo(mIpv4BroadcastAddress, port, data.CloneData(), info->udp->GetBoundInterface()); } #endif else @@ -318,7 +324,6 @@ CHIP_ERROR ServerBase::BroadcastSend(chip::System::PacketBufferHandle && data, u if (err == CHIP_NO_ERROR) { hadSuccesfulSend = true; - ChipLogProgress(Discovery, "mDNS broadcast success"); } else { diff --git a/src/lib/dnssd/minimal_mdns/Server.h b/src/lib/dnssd/minimal_mdns/Server.h index 66eef610cb41bd..b8ca2bc1d71849 100644 --- a/src/lib/dnssd/minimal_mdns/Server.h +++ b/src/lib/dnssd/minimal_mdns/Server.h @@ -113,8 +113,9 @@ class ServerBase /// Send a specific packet broadcast to all interfaces virtual CHIP_ERROR BroadcastSend(chip::System::PacketBufferHandle && data, uint16_t port); - /// Send a specific packet broadcast to a specific interface - virtual CHIP_ERROR BroadcastSend(chip::System::PacketBufferHandle && data, uint16_t port, chip::Inet::InterfaceId interface); + /// Send a specific packet broadcast to a specific interface using a specific address type + virtual CHIP_ERROR BroadcastSend(chip::System::PacketBufferHandle && data, uint16_t port, chip::Inet::InterfaceId interface, + chip::Inet::IPAddressType addressType); ServerBase & SetDelegate(ServerDelegate * d) { diff --git a/src/protocols/secure_channel/CASESession.cpp b/src/protocols/secure_channel/CASESession.cpp index 3c2e2a2dc09a21..e3284f0dca06ab 100644 --- a/src/protocols/secure_channel/CASESession.cpp +++ b/src/protocols/secure_channel/CASESession.cpp @@ -68,9 +68,6 @@ constexpr uint8_t kTBEData3_Nonce[] = constexpr size_t kTBEDataNonceLength = sizeof(kTBEData2_Nonce); static_assert(sizeof(kTBEData2_Nonce) == sizeof(kTBEData3_Nonce), "TBEData2_Nonce and TBEData3_Nonce must be same size"); -// TODO: move this constant over to src/crypto/CHIPCryptoPAL.h - name it CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES -constexpr size_t kTAGSize = 16; - constexpr uint8_t kCASESessionVersion = 1; enum @@ -328,10 +325,10 @@ CHIP_ERROR CASESession::DeriveSecureSession(CryptoContext & session, CryptoConte CHIP_ERROR CASESession::SendSigma1() { - size_t data_len = - EstimateTLVStructOverhead(kSigmaParamRandomNumberSize + sizeof(uint16_t) + kSHA256_Hash_Length + - kP256_PublicKey_Length /* + kMRPOptionalParamsLength */ + kCASEResumptionIDSize + kTAGSize, - 7); + size_t data_len = EstimateTLVStructOverhead(kSigmaParamRandomNumberSize + sizeof(uint16_t) + kSHA256_Hash_Length + + kP256_PublicKey_Length /* + kMRPOptionalParamsLength */ + + kCASEResumptionIDSize + CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES, + 7); System::PacketBufferTLVWriter tlvWriter; System::PacketBufferHandle msg_R1; @@ -376,7 +373,7 @@ CHIP_ERROR CASESession::SendSigma1() { ReturnErrorOnFailure(tlvWriter.PutBytes(TLV::ContextTag(6), mResumptionId, kCASEResumptionIDSize)); - uint8_t initiatorResume1MIC[kTAGSize]; + uint8_t initiatorResume1MIC[CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES]; MutableByteSpan resumeMICSpan(initiatorResume1MIC); ReturnErrorOnFailure(GenerateSigmaResumeMIC(ByteSpan(mInitiatorRandom), ByteSpan(mResumptionId), ByteSpan(kKDFS1RKeyInfo), ByteSpan(kResume1MIC_Nonce), resumeMICSpan)); @@ -492,8 +489,8 @@ CHIP_ERROR CASESession::HandleSigma1(System::PacketBufferHandle && msg) CHIP_ERROR CASESession::SendSigma2Resume(const ByteSpan & initiatorRandom) { - size_t max_sigma2_resume_data_len = - EstimateTLVStructOverhead(kCASEResumptionIDSize + kTAGSize + sizeof(uint16_t) /* + kMRPOptionalParamsLength */, 4); + size_t max_sigma2_resume_data_len = EstimateTLVStructOverhead( + kCASEResumptionIDSize + CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES + sizeof(uint16_t) /* + kMRPOptionalParamsLength */, 4); System::PacketBufferTLVWriter tlvWriter; System::PacketBufferHandle msg_R2_resume; @@ -510,7 +507,7 @@ CHIP_ERROR CASESession::SendSigma2Resume(const ByteSpan & initiatorRandom) ReturnErrorOnFailure(tlvWriter.StartContainer(TLV::AnonymousTag, TLV::kTLVType_Structure, outerContainerType)); ReturnErrorOnFailure(tlvWriter.Put(TLV::ContextTag(1), ByteSpan(mResumptionId))); - uint8_t sigma2ResumeMIC[kTAGSize]; + uint8_t sigma2ResumeMIC[CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES]; MutableByteSpan resumeMICSpan(sigma2ResumeMIC); ReturnErrorOnFailure(GenerateSigmaResumeMIC(initiatorRandom, ByteSpan(mResumptionId), ByteSpan(kKDFS2RKeyInfo), ByteSpan(kResume2MIC_Nonce), resumeMICSpan)); @@ -571,9 +568,9 @@ CHIP_ERROR CASESession::SendSigma2() ReturnErrorOnFailure(ConstructSaltSigma2(ByteSpan(msg_rand), mEphemeralKey.Pubkey(), ByteSpan(mIPK), saltSpan)); HKDF_sha_crypto mHKDF; - uint8_t sr2k[kAEADKeySize]; + uint8_t sr2k[CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES]; ReturnErrorOnFailure(mHKDF.HKDF_SHA256(mSharedSecret, mSharedSecret.Length(), saltSpan.data(), saltSpan.size(), kKDFSR2Info, - kKDFInfoLength, sr2k, kAEADKeySize)); + kKDFInfoLength, sr2k, CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES)); // Construct Sigma2 TBS Data size_t msg_r2_signed_len = EstimateTLVStructOverhead(nocCert.size() + icaCert.size() + kP256_PublicKey_Length * 2, 4); @@ -598,7 +595,7 @@ CHIP_ERROR CASESession::SendSigma2() EstimateTLVStructOverhead(nocCert.size() + icaCert.size() + tbsData2Signature.Length() + kCASEResumptionIDSize, 4); chip::Platform::ScopedMemoryBuffer msg_R2_Encrypted; - VerifyOrReturnError(msg_R2_Encrypted.Alloc(msg_r2_signed_enc_len + kTAGSize), CHIP_ERROR_NO_MEMORY); + VerifyOrReturnError(msg_R2_Encrypted.Alloc(msg_r2_signed_enc_len + CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES), CHIP_ERROR_NO_MEMORY); TLV::TLVWriter tlvWriter; TLV::TLVType outerContainerType = TLV::kTLVType_NotSpecified; @@ -623,13 +620,15 @@ CHIP_ERROR CASESession::SendSigma2() msg_r2_signed_enc_len = static_cast(tlvWriter.GetLengthWritten()); // Generate the encrypted data blob - ReturnErrorOnFailure(AES_CCM_encrypt(msg_R2_Encrypted.Get(), msg_r2_signed_enc_len, nullptr, 0, sr2k, kAEADKeySize, - kTBEData2_Nonce, kTBEDataNonceLength, msg_R2_Encrypted.Get(), - msg_R2_Encrypted.Get() + msg_r2_signed_enc_len, kTAGSize)); + ReturnErrorOnFailure(AES_CCM_encrypt(msg_R2_Encrypted.Get(), msg_r2_signed_enc_len, nullptr, 0, sr2k, + CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES, kTBEData2_Nonce, kTBEDataNonceLength, + msg_R2_Encrypted.Get(), msg_R2_Encrypted.Get() + msg_r2_signed_enc_len, + CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES)); // Construct Sigma2 Msg - size_t data_len = EstimateTLVStructOverhead( - kSigmaParamRandomNumberSize + sizeof(uint16_t) + kP256_PublicKey_Length + msg_r2_signed_enc_len + kTAGSize, 4); + size_t data_len = EstimateTLVStructOverhead(kSigmaParamRandomNumberSize + sizeof(uint16_t) + kP256_PublicKey_Length + + msg_r2_signed_enc_len + CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES, + 4); System::PacketBufferHandle msg_R2 = System::PacketBufferHandle::New(data_len); VerifyOrReturnError(!msg_R2.IsNull(), CHIP_ERROR_NO_MEMORY); @@ -644,7 +643,7 @@ CHIP_ERROR CASESession::SendSigma2() ReturnErrorOnFailure( tlvWriterMsg2.PutBytes(TLV::ContextTag(3), mEphemeralKey.Pubkey(), static_cast(mEphemeralKey.Pubkey().Length()))); ReturnErrorOnFailure(tlvWriterMsg2.PutBytes(TLV::ContextTag(4), msg_R2_Encrypted.Get(), - static_cast(msg_r2_signed_enc_len + kTAGSize))); + static_cast(msg_r2_signed_enc_len + CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES))); ReturnErrorOnFailure(tlvWriterMsg2.EndContainer(outerContainerType)); ReturnErrorOnFailure(tlvWriterMsg2.Finalize(&msg_R2)); @@ -677,7 +676,7 @@ CHIP_ERROR CASESession::HandleSigma2Resume(System::PacketBufferHandle && msg) ChipLogDetail(SecureChannel, "Received Sigma2Resume msg"); - uint8_t sigma2ResumeMIC[kTAGSize]; + uint8_t sigma2ResumeMIC[CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES]; tlvReader.Init(std::move(msg)); SuccessOrExit(err = tlvReader.Next(containerType, TLV::AnonymousTag)); @@ -690,8 +689,8 @@ CHIP_ERROR CASESession::HandleSigma2Resume(System::PacketBufferHandle && msg) SuccessOrExit(err = tlvReader.Next()); VerifyOrExit(TLV::TagNumFromTag(tlvReader.GetTag()) == ++decodeTagIdSeq, err = CHIP_ERROR_INVALID_TLV_TAG); - VerifyOrExit(tlvReader.GetLength() == kTAGSize, err = CHIP_ERROR_INVALID_TLV_ELEMENT); - SuccessOrExit(err = tlvReader.GetBytes(sigma2ResumeMIC, kTAGSize)); + VerifyOrExit(tlvReader.GetLength() == CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES, err = CHIP_ERROR_INVALID_TLV_ELEMENT); + SuccessOrExit(err = tlvReader.GetBytes(sigma2ResumeMIC, CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES)); SuccessOrExit(err = ValidateSigmaResumeMIC(ByteSpan(sigma2ResumeMIC), ByteSpan(mInitiatorRandom), ByteSpan(mResumptionId), ByteSpan(kKDFS2RKeyInfo), ByteSpan(kResume2MIC_Nonce))); @@ -751,7 +750,7 @@ CHIP_ERROR CASESession::HandleSigma2(System::PacketBufferHandle && msg) chip::Platform::ScopedMemoryBuffer msg_R2_Signed; size_t msg_r2_signed_len; - uint8_t sr2k[kAEADKeySize]; + uint8_t sr2k[CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES]; P256ECDSASignature tbsData2Signature; @@ -802,7 +801,7 @@ CHIP_ERROR CASESession::HandleSigma2(System::PacketBufferHandle && msg) HKDF_sha_crypto mHKDF; err = mHKDF.HKDF_SHA256(mSharedSecret, mSharedSecret.Length(), saltSpan.data(), saltSpan.size(), kKDFSR2Info, - kKDFInfoLength, sr2k, kAEADKeySize); + kKDFInfoLength, sr2k, CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES); SuccessOrExit(err); } @@ -813,13 +812,14 @@ CHIP_ERROR CASESession::HandleSigma2(System::PacketBufferHandle && msg) VerifyOrExit(TLV::TagNumFromTag(tlvReader.GetTag()) == ++decodeTagIdSeq, err = CHIP_ERROR_INVALID_TLV_TAG); VerifyOrExit(msg_R2_Encrypted.Alloc(tlvReader.GetLength()), err = CHIP_ERROR_NO_MEMORY); msg_r2_encrypted_len_with_tag = tlvReader.GetLength(); - VerifyOrExit(msg_r2_encrypted_len_with_tag > kTAGSize, err = CHIP_ERROR_INVALID_TLV_ELEMENT); + VerifyOrExit(msg_r2_encrypted_len_with_tag > CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES, err = CHIP_ERROR_INVALID_TLV_ELEMENT); SuccessOrExit(err = tlvReader.GetBytes(msg_R2_Encrypted.Get(), static_cast(msg_r2_encrypted_len_with_tag))); - msg_r2_encrypted_len = msg_r2_encrypted_len_with_tag - kTAGSize; + msg_r2_encrypted_len = msg_r2_encrypted_len_with_tag - CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES; SuccessOrExit(err = AES_CCM_decrypt(msg_R2_Encrypted.Get(), msg_r2_encrypted_len, nullptr, 0, - msg_R2_Encrypted.Get() + msg_r2_encrypted_len, kTAGSize, sr2k, kAEADKeySize, - kTBEData2_Nonce, kTBEDataNonceLength, msg_R2_Encrypted.Get())); + msg_R2_Encrypted.Get() + msg_r2_encrypted_len, CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES, sr2k, + CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES, kTBEData2_Nonce, kTBEDataNonceLength, + msg_R2_Encrypted.Get())); decryptedDataTlvReader.Init(msg_R2_Encrypted.Get(), msg_r2_encrypted_len); containerType = TLV::kTLVType_Structure; @@ -884,7 +884,7 @@ CHIP_ERROR CASESession::SendSigma3() uint8_t msg_salt[kIPKSize + kSHA256_Hash_Length]; - uint8_t sr3k[kAEADKeySize]; + uint8_t sr3k[CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES]; chip::Platform::ScopedMemoryBuffer msg_R3_Signed; size_t msg_r3_signed_len; @@ -920,7 +920,7 @@ CHIP_ERROR CASESession::SendSigma3() // Prepare Sigma3 TBE Data Blob msg_r3_encrypted_len = EstimateTLVStructOverhead(nocCert.size() + icaCert.size() + tbsData3Signature.Length(), 3); - VerifyOrExit(msg_R3_Encrypted.Alloc(msg_r3_encrypted_len + kTAGSize), err = CHIP_ERROR_NO_MEMORY); + VerifyOrExit(msg_R3_Encrypted.Alloc(msg_r3_encrypted_len + CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES), err = CHIP_ERROR_NO_MEMORY); { TLV::TLVWriter tlvWriter; @@ -948,17 +948,18 @@ CHIP_ERROR CASESession::SendSigma3() HKDF_sha_crypto mHKDF; err = mHKDF.HKDF_SHA256(mSharedSecret, mSharedSecret.Length(), saltSpan.data(), saltSpan.size(), kKDFSR3Info, - kKDFInfoLength, sr3k, kAEADKeySize); + kKDFInfoLength, sr3k, CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES); SuccessOrExit(err); } // Generated Encrypted data blob - err = AES_CCM_encrypt(msg_R3_Encrypted.Get(), msg_r3_encrypted_len, nullptr, 0, sr3k, kAEADKeySize, kTBEData3_Nonce, - kTBEDataNonceLength, msg_R3_Encrypted.Get(), msg_R3_Encrypted.Get() + msg_r3_encrypted_len, kTAGSize); + err = AES_CCM_encrypt(msg_R3_Encrypted.Get(), msg_r3_encrypted_len, nullptr, 0, sr3k, CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES, + kTBEData3_Nonce, kTBEDataNonceLength, msg_R3_Encrypted.Get(), + msg_R3_Encrypted.Get() + msg_r3_encrypted_len, CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES); SuccessOrExit(err); // Generate Sigma3 Msg - data_len = EstimateTLVStructOverhead(kTAGSize + msg_r3_encrypted_len, 1); + data_len = EstimateTLVStructOverhead(CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES + msg_r3_encrypted_len, 1); msg_R3 = System::PacketBufferHandle::New(data_len); VerifyOrExit(!msg_R3.IsNull(), err = CHIP_ERROR_NO_MEMORY); @@ -970,8 +971,8 @@ CHIP_ERROR CASESession::SendSigma3() tlvWriter.Init(std::move(msg_R3)); err = tlvWriter.StartContainer(TLV::AnonymousTag, TLV::kTLVType_Structure, outerContainerType); SuccessOrExit(err); - err = - tlvWriter.PutBytes(TLV::ContextTag(1), msg_R3_Encrypted.Get(), static_cast(msg_r3_encrypted_len + kTAGSize)); + err = tlvWriter.PutBytes(TLV::ContextTag(1), msg_R3_Encrypted.Get(), + static_cast(msg_r3_encrypted_len + CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES)); SuccessOrExit(err); err = tlvWriter.EndContainer(outerContainerType); SuccessOrExit(err); @@ -1025,7 +1026,7 @@ CHIP_ERROR CASESession::HandleSigma3(System::PacketBufferHandle && msg) chip::Platform::ScopedMemoryBuffer msg_R3_Signed; size_t msg_r3_signed_len; - uint8_t sr3k[kAEADKeySize]; + uint8_t sr3k[CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES]; P256ECDSASignature tbsData3Signature; @@ -1049,9 +1050,9 @@ CHIP_ERROR CASESession::HandleSigma3(System::PacketBufferHandle && msg) VerifyOrExit(TLV::TagNumFromTag(tlvReader.GetTag()) == ++decodeTagIdSeq, err = CHIP_ERROR_INVALID_TLV_TAG); VerifyOrExit(msg_R3_Encrypted.Alloc(tlvReader.GetLength()), err = CHIP_ERROR_NO_MEMORY); msg_r3_encrypted_len_with_tag = tlvReader.GetLength(); - VerifyOrExit(msg_r3_encrypted_len_with_tag > kTAGSize, err = CHIP_ERROR_INVALID_TLV_ELEMENT); + VerifyOrExit(msg_r3_encrypted_len_with_tag > CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES, err = CHIP_ERROR_INVALID_TLV_ELEMENT); SuccessOrExit(err = tlvReader.GetBytes(msg_R3_Encrypted.Get(), static_cast(msg_r3_encrypted_len_with_tag))); - msg_r3_encrypted_len = msg_r3_encrypted_len_with_tag - kTAGSize; + msg_r3_encrypted_len = msg_r3_encrypted_len_with_tag - CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES; // Step 1 { @@ -1061,7 +1062,7 @@ CHIP_ERROR CASESession::HandleSigma3(System::PacketBufferHandle && msg) HKDF_sha_crypto mHKDF; err = mHKDF.HKDF_SHA256(mSharedSecret, mSharedSecret.Length(), saltSpan.data(), saltSpan.size(), kKDFSR3Info, - kKDFInfoLength, sr3k, kAEADKeySize); + kKDFInfoLength, sr3k, CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES); SuccessOrExit(err); } @@ -1069,8 +1070,9 @@ CHIP_ERROR CASESession::HandleSigma3(System::PacketBufferHandle && msg) // Step 2 - Decrypt data blob SuccessOrExit(err = AES_CCM_decrypt(msg_R3_Encrypted.Get(), msg_r3_encrypted_len, nullptr, 0, - msg_R3_Encrypted.Get() + msg_r3_encrypted_len, kTAGSize, sr3k, kAEADKeySize, - kTBEData3_Nonce, kTBEDataNonceLength, msg_R3_Encrypted.Get())); + msg_R3_Encrypted.Get() + msg_r3_encrypted_len, CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES, sr3k, + CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES, kTBEData3_Nonce, kTBEDataNonceLength, + msg_R3_Encrypted.Get())); decryptedDataTlvReader.Init(msg_R3_Encrypted.Get(), msg_r3_encrypted_len); containerType = TLV::kTLVType_Structure; @@ -1181,7 +1183,7 @@ CHIP_ERROR CASESession::ConstructSaltSigma3(const ByteSpan & ipk, MutableByteSpa CHIP_ERROR CASESession::ConstructSigmaResumeKey(const ByteSpan & initiatorRandom, const ByteSpan & resumptionID, const ByteSpan & skInfo, const ByteSpan & nonce, MutableByteSpan & resumeKey) { - VerifyOrReturnError(resumeKey.size() >= kAEADKeySize, CHIP_ERROR_BUFFER_TOO_SMALL); + VerifyOrReturnError(resumeKey.size() >= CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES, CHIP_ERROR_BUFFER_TOO_SMALL); constexpr size_t saltSize = kSigmaParamRandomNumberSize + kCASEResumptionIDSize; uint8_t salt[saltSize]; @@ -1197,24 +1199,24 @@ CHIP_ERROR CASESession::ConstructSigmaResumeKey(const ByteSpan & initiatorRandom HKDF_sha_crypto mHKDF; ReturnErrorOnFailure(mHKDF.HKDF_SHA256(mSharedSecret, mSharedSecret.Length(), salt, saltWritten, skInfo.data(), skInfo.size(), - resumeKey.data(), kAEADKeySize)); - resumeKey.reduce_size(kAEADKeySize); + resumeKey.data(), CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES)); + resumeKey.reduce_size(CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES); return CHIP_NO_ERROR; } CHIP_ERROR CASESession::GenerateSigmaResumeMIC(const ByteSpan & initiatorRandom, const ByteSpan & resumptionID, const ByteSpan & skInfo, const ByteSpan & nonce, MutableByteSpan & resumeMIC) { - VerifyOrReturnError(resumeMIC.size() >= kTAGSize, CHIP_ERROR_BUFFER_TOO_SMALL); + VerifyOrReturnError(resumeMIC.size() >= CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES, CHIP_ERROR_BUFFER_TOO_SMALL); - uint8_t srk[kAEADKeySize]; + uint8_t srk[CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES]; MutableByteSpan resumeKey(srk); ReturnErrorOnFailure(ConstructSigmaResumeKey(initiatorRandom, resumptionID, skInfo, nonce, resumeKey)); ReturnErrorOnFailure(AES_CCM_encrypt(nullptr, 0, nullptr, 0, resumeKey.data(), resumeKey.size(), nonce.data(), nonce.size(), - nullptr, resumeMIC.data(), kTAGSize)); - resumeMIC.reduce_size(kTAGSize); + nullptr, resumeMIC.data(), CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES)); + resumeMIC.reduce_size(CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES); return CHIP_NO_ERROR; } @@ -1222,9 +1224,9 @@ CHIP_ERROR CASESession::GenerateSigmaResumeMIC(const ByteSpan & initiatorRandom, CHIP_ERROR CASESession::ValidateSigmaResumeMIC(const ByteSpan & resumeMIC, const ByteSpan & initiatorRandom, const ByteSpan & resumptionID, const ByteSpan & skInfo, const ByteSpan & nonce) { - VerifyOrReturnError(resumeMIC.size() == kTAGSize, CHIP_ERROR_BUFFER_TOO_SMALL); + VerifyOrReturnError(resumeMIC.size() == CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES, CHIP_ERROR_BUFFER_TOO_SMALL); - uint8_t srk[kAEADKeySize]; + uint8_t srk[CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES]; MutableByteSpan resumeKey(srk); ReturnErrorOnFailure(ConstructSigmaResumeKey(initiatorRandom, resumptionID, skInfo, nonce, resumeKey)); @@ -1399,7 +1401,7 @@ CHIP_ERROR CASESession::ParseSigma1(TLV::ContiguousBufferTLVReader & tlvReader, { resume1MICTagFound = true; ReturnErrorOnFailure(tlvReader.GetByteView(initiatorResumeMIC)); - VerifyOrReturnError(initiatorResumeMIC.size() == kTAGSize, CHIP_ERROR_INVALID_CASE_PARAMETER); + VerifyOrReturnError(initiatorResumeMIC.size() == CHIP_CRYPTO_AEAD_MIC_LENGTH_BYTES, CHIP_ERROR_INVALID_CASE_PARAMETER); err = tlvReader.Next(); } diff --git a/src/protocols/secure_channel/CASESession.h b/src/protocols/secure_channel/CASESession.h index 733e5b84ab1b9f..90199a8050126b 100644 --- a/src/protocols/secure_channel/CASESession.h +++ b/src/protocols/secure_channel/CASESession.h @@ -46,9 +46,6 @@ namespace chip { -// TODO: move this constant over to src/crypto/CHIPCryptoPAL.h - name it CHIP_CRYPTO_SYMMETRIC_KEY_LENGTH_BYTES -constexpr uint16_t kAEADKeySize = 16; - constexpr uint16_t kSigmaParamRandomNumberSize = 32; constexpr uint16_t kTrustedRootIdSize = Credentials::kKeyIdentifierLength; constexpr uint16_t kMaxTrustedRootIds = 5;