Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[msg] Authenticate message before counter and duplicate processing. #10095

Merged
merged 2 commits into from
Oct 5, 2021
Merged

[msg] Authenticate message before counter and duplicate processing. #10095

merged 2 commits into from
Oct 5, 2021

Conversation

turon
Copy link
Contributor

@turon turon commented Sep 30, 2021
edited
Loading

Problem

Per spec, if a message doesn't self-authenticate, it can be discarded ahead of any counter, replay, or duplicate processing.

Change overview

Performs message decryption/authentication before counter processing as required by specification.

Also renaming SecureMessageCodec::Encode/Decode to SecureMessageCodec::Encrypt/Decrypt to better differentiate crypto processing of a message from more benign header processing and parsing. The initial entry point for message decryption can now be found via regex search for Message.*Decrypt for example.

Testing

Only standard ./gn_build.sh unit test suite.

@restyled-io restyled-io bot mentioned this pull request Sep 30, 2021
Closed
@turon turon force-pushed the msg/decrypt-before-counter branch from d1d5a39 to 516f8a4 Compare September 30, 2021 14:48
@turon turon force-pushed the msg/decrypt-before-counter branch from 516f8a4 to ac1b4e9 Compare September 30, 2021 15:07
@github-actions
Copy link

Size increase report for "gn_qpg-example-build" from 12a35d8

File Section File VM
chip-qpg6100-lighting-example.out .text 12 12
Full report output 
BLOAT REPORT

Files found only in the build output:
    report.csv

Comparing ./master_artifact/chip-qpg6100-lighting-example.out and ./pull_artifact/chip-qpg6100-lighting-example.out:

sections,vmsize,filesize
.debug_loc,0,56
.debug_line,0,51
.debug_ranges,0,40
.text,12,12
.strtab,0,2
.debug_str,0,1
.shstrtab,0,-2
.debug_info,0,-4
[Unmapped],0,-12

Comparing ./master_artifact/chip-qpg6100-lighting-example.out.map and ./pull_artifact/chip-qpg6100-lighting-example.out.map:

BLOAT EXECUTION FAILED WITH CODE 1:
bloaty: unknown file type for file './pull_artifact/chip-qpg6100-lighting-example.out.map'

@github-actions
Copy link

Size increase report for "esp32-example-build" from 12a35d8

File Section File VM
chip-all-clusters-app.elf .flash.rodata 24 8
Full report output 
BLOAT REPORT

Files found only in the build output:
    report.csv

Comparing ./master_artifact/chip-all-clusters-app.elf and ./pull_artifact/chip-all-clusters-app.elf:

sections,vmsize,filesize
.debug_line,0,64
.flash.rodata,8,24
.debug_str,0,2
.strtab,0,2
.riscv.attributes,0,-2
.shstrtab,0,-2
.debug_frame,0,-4
[Unmapped],0,-24
.debug_loc,0,-80

@github-actions
Copy link

Size increase report for "nrfconnect-example-build" from 12a35d8

File Section File VM
chip-shell.elf rodata 16 16
chip-lock.elf rodata 16 16
Full report output 
BLOAT REPORT

Files found only in the build output:
    report.csv

Comparing ./master_artifact/chip-shell.elf and ./pull_artifact/chip-shell.elf:

sections,vmsize,filesize
rodata,16,16
.debug_line,0,10
.debug_str,0,2
.strtab,0,2
.shstrtab,0,-2
.debug_loc,0,-26
.debug_ranges,0,-40
.debug_info,0,-106

Comparing ./master_artifact/chip-lock.elf and ./pull_artifact/chip-lock.elf:

sections,vmsize,filesize
rodata,16,16
.debug_line,0,10
.debug_str,0,2
.shstrtab,0,2
.strtab,0,2
.debug_loc,0,-10
.debug_ranges,0,-40
.debug_info,0,-106

@turon turon merged commit 2b2b6ab into project-chip:master Oct 5, 2021
@bzbarsky-apple bzbarsky-apple mentioned this pull request Oct 19, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yufengwangca yufengwangca yufengwangca approved these changes

@emargolis emargolis emargolis approved these changes

@saurabhst saurabhst saurabhst approved these changes

@msandstedt msandstedt msandstedt approved these changes

@LuDuda LuDuda LuDuda approved these changes

@andy31415 andy31415 andy31415 approved these changes

@tcarmelveilleux tcarmelveilleux tcarmelveilleux approved these changes

@anush-apple anush-apple Awaiting requested review from anush-apple

@austinh0 austinh0 Awaiting requested review from austinh0

@balducci-apple balducci-apple Awaiting requested review from balducci-apple

@bzbarsky-apple bzbarsky-apple Awaiting requested review from bzbarsky-apple

@carol-apple carol-apple Awaiting requested review from carol-apple

@chrisdecenzo chrisdecenzo Awaiting requested review from chrisdecenzo

@Damian-Nordic Damian-Nordic Awaiting requested review from Damian-Nordic

@franck-apple franck-apple Awaiting requested review from franck-apple

@harimau-qirex harimau-qirex Awaiting requested review from harimau-qirex

@hawk248 hawk248 Awaiting requested review from hawk248

@holbrookt holbrookt Awaiting requested review from holbrookt

@jelderton jelderton Awaiting requested review from jelderton

@jepenven-silabs jepenven-silabs Awaiting requested review from jepenven-silabs

@jmartinez-silabs jmartinez-silabs Awaiting requested review from jmartinez-silabs

@mlepage-google mlepage-google Awaiting requested review from mlepage-google

@mspang mspang Awaiting requested review from mspang

@pan-apple pan-apple Awaiting requested review from pan-apple

@robszewczyk robszewczyk Awaiting requested review from robszewczyk

@sagar-apple sagar-apple Awaiting requested review from sagar-apple

@shana-apple shana-apple Awaiting requested review from shana-apple

@vivien-apple vivien-apple Awaiting requested review from vivien-apple

@woody-apple woody-apple Awaiting requested review from woody-apple

Assignees
No one assigned
Labels
review - approved transport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@turon @tcarmelveilleux @andy31415 @LuDuda @msandstedt @saurabhst @emargolis @yufengwangca