Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Salt used for commissioning window should be randomly generated #10586

Closed
g-coppock opened this issue Oct 15, 2021 · 0 comments · Fixed by #16645
Closed

Salt used for commissioning window should be randomly generated #10586

g-coppock opened this issue Oct 15, 2021 · 0 comments · Fixed by #16645
Labels
spec Mismatch between spec and implementation V1.0

Comments

@g-coppock
Copy link
Contributor

Problem

PASESession.cpp defines a hardcoded salt value ("SPAKE2P Key Salt") which is used in relation to opening a commissioning window, in CommissioningWindowManager.cpp, CHIPDevice.cpp, and CHIPDeviceController.cpp.

Proposed Solution

Per 11.19.7.1. OpenCommissioningWindow (OCW) Command and 3.9. Password-Based Key Derivation Function (PBKDF), this salt should be derived from a random number source, and be between 16 and 32 bytes.
@andy31415 andy31415 added v1_triage_split_2 spec Mismatch between spec and implementation and removed v1_triage_split_2 labels Jan 30, 2022
@bzbarsky-apple bzbarsky-apple mentioned this issue Mar 24, 2022
Merged
bzbarsky-apple added a commit to bzbarsky-apple/connectedhomeip that referenced this issue Mar 24, 2022
@bzbarsky-apple
Stop using a fixed salt when opening commissioning windows.
4fe9c4c 
Fixes project-chip#10586
bzbarsky-apple added a commit to bzbarsky-apple/connectedhomeip that referenced this issue Mar 24, 2022
@bzbarsky-apple
Stop using a fixed salt when opening commissioning windows.
55da418 
Fixes project-chip#10586
bzbarsky-apple added a commit to bzbarsky-apple/connectedhomeip that referenced this issue Mar 24, 2022
@bzbarsky-apple
Stop using a fixed salt when opening commissioning windows.
6fad1e0 
Fixes project-chip#10586
@bzbarsky-apple bzbarsky-apple mentioned this issue Mar 24, 2022
Merged
Damian-Nordic added a commit that referenced this issue Mar 28, 2022
@bzbarsky-apple @Damian-Nordic
Stop using a fixed salt when opening commissioning windows. (#16645)
467c696 
* Stop using a fixed salt when opening commissioning windows.

Fixes #10586

* Address review comment.

* Apply suggestions from code review to fix bug in salt size checking.

Co-authored-by: Damian Królik <[email protected]>

Co-authored-by: Damian Królik <[email protected]>
rochaferraz pushed a commit to rochaferraz/connectedhomeip that referenced this issue Mar 31, 2022
@bzbarsky-apple @Damian-Nordic @rochaferraz
Stop using a fixed salt when opening commissioning windows. (project-…
d94e712 
…chip#16645)

* Stop using a fixed salt when opening commissioning windows.

Fixes project-chip#10586

* Address review comment.

* Apply suggestions from code review to fix bug in salt size checking.

Co-authored-by: Damian Królik <[email protected]>

Co-authored-by: Damian Królik <[email protected]>
andrei-menzopol pushed a commit to andrei-menzopol/connectedhomeip that referenced this issue Apr 14, 2022
@bzbarsky-apple @Damian-Nordic @andrei-menzopol
Stop using a fixed salt when opening commissioning windows. (project-…
cbff04c 
…chip#16645)

* Stop using a fixed salt when opening commissioning windows.

Fixes project-chip#10586

* Address review comment.

* Apply suggestions from code review to fix bug in salt size checking.

Co-authored-by: Damian Królik <[email protected]>

Co-authored-by: Damian Królik <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
spec Mismatch between spec and implementation V1.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Stop using a fixed salt when opening commissioning windows. bzbarsky-apple/connectedhomeip
3 participants
@andy31415 @g-coppock @woody-apple