Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Secure Pairing class #2021

Merged
merged 15 commits into from
Aug 11, 2020
Merged

Implement Secure Pairing class #2021

merged 15 commits into from
Aug 11, 2020

Conversation

pan-apple
Copy link
Contributor

Problem

Need a class that wraps complexities of secure pairing (using SPAKE2P).

Summary of Changes

Added a new class SecurePairingSession. Added some unit tests. More tests are forthcoming.

@restyled-io restyled-io bot mentioned this pull request Aug 7, 2020
Closed
balducci-apple
balducci-apple requested changes Aug 7, 2020
View reviewed changes
@restyled-io restyled-io bot mentioned this pull request Aug 7, 2020
Closed
@pan-apple pan-apple requested a review from andy31415 August 10, 2020 16:41
@woody-apple
Copy link
Contributor

@andy31415 @jelderton ?

tcarmelveilleux
tcarmelveilleux requested changes Aug 11, 2020
View reviewed changes
src/transport/SecurePairingSession.cpp
CHIP_ERROR err = CHIP_NO_ERROR;

VerifyOrExit(salt != nullptr, err = CHIP_ERROR_INVALID_ARGUMENT);
VerifyOrExit(saltLen > 0, err = CHIP_ERROR_INVALID_ARGUMENT);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps we should already create a minimum salt length constant since it can never be 0.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@balducci-apple do you have a suggestion for minimum salt length?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Filed #2075 to track it.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

turon
turon reviewed Aug 11, 2020
View reviewed changes
Copy link
Contributor

@turon turon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! Thanks for the contribution.

src/transport/SecurePairingSession.cpp Outdated
VerifyOrExit(header.GetMessageType() == (uint8_t) mNextExpectedMsg, err = CHIP_ERROR_INVALID_MESSAGE_TYPE);

// The protocol for handling pA, pB, cB and cA is defined in SPAKE2 Plus specifications
// (https://www.ietf.org/id/draft-bar-cfrg-spake2plus-01.html)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The IETF specification includes test vectors at the end. Could a test be added that proves the code passes the IETF test vectors?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are running the test vectors on the underlying spake2p implementation (part of CHIP in src/crypto/tests). https://github.com/project-chip/connectedhomeip/blob/master/src/crypto/tests/SPAKE2P_RFC_test_vectors.h

Running those test vectors here may not be feasible, as we cannot control what random values are generated/used by the spake2p APIs internally.

@github-actions
Copy link

Size increase report for "gn_nrf-example-build"

File Section File VM
Full report output 
BLOAT REPORT

Files found only in the build output:
    report.csv

@github-actions
Copy link

Size increase report for "gn_linux-example-build"

File Section File VM
Full report output 
BLOAT REPORT

Files found only in the build output:
    report.csv

@github-actions
Copy link

Size increase report for "nrf-example-build"

File Section File VM
chip-nrf52840-lock-example.out .text 5580 5580
chip-nrf52840-lock-example.out .data 4 4
chip-nrf52840-lock-example.out .bss 0 -184
Full report output 
BLOAT REPORT

Files found only in the build output:
    report.csv

Comparing ./master_artifact/chip-nrf52840-lock-example.out and ./pull_artifact/chip-nrf52840-lock-example.out:

sections,vmsize,filesize
.debug_str,0,588588
.debug_info,0,110071
.debug_macro,0,62230
.debug_line,0,32784
.debug_loc,0,20506
.debug_abbrev,0,9286
.debug_frame,0,6808
.text,5580,5580
.symtab,0,4112
.strtab,0,3283
.debug_ranges,0,2032
.debug_aranges,0,2008
.data,4,4
.bss,-184,0
[Unmapped],0,-5580

@github-actions
Copy link

Size increase report for "nrfconnect-example-build"

File Section File VM
chip-nrf52840-lock-example.elf text 4288 4288
chip-nrf52840-lock-example.elf [LOAD #3 [RW]] 0 8
chip-nrf52840-lock-example.elf datas 3 3
chip-nrf52840-lock-example.elf [LOAD #2 [RW]] -3 -3
chip-nrf52840-lock-example.elf bss 0 -200
chip-nrf52840-lock-example.elf rodata -456 -456
Full report output 
BLOAT REPORT

Files found only in the build output:
    report.csv

Comparing ./master_artifact/chip-nrf52840-lock-example.elf and ./pull_artifact/chip-nrf52840-lock-example.elf:

sections,vmsize,filesize
.debug_info,0,124002
.debug_loc,0,34244
.debug_line,0,24701
.debug_str,0,19772
.debug_abbrev,0,10845
.debug_frame,0,4804
text,4288,4288
.debug_ranges,0,3784
.symtab,0,2704
.strtab,0,1990
.debug_aranges,0,1728
[LOAD #3 [RW]],8,0
datas,3,3
[LOAD #2 [RW]],-3,-3
[Unmapped],0,-22
bss,-200,0
rodata,-456,-456

@github-actions
Copy link

Size increase report for "linux-example-build"

File Section File VM
Full report output 
BLOAT REPORT

Files found only in the build output:
    report.csv

Comparing ./master_artifact/chip-standalone-demo.out and ./pull_artifact/chip-standalone-demo.out:

BLOAT EXECUTION FAILED WITH CODE 1:
bloaty: integer overflow

@github-actions
Copy link

Size increase report for "esp32-example-build"

File Section File VM
chip-wifi-echo.elf .flash.text 140 140
chip-wifi-echo.elf .flash.rodata 64 64
Full report output 
BLOAT REPORT

Files found only in the build output:
    report.csv

Comparing ./master_artifact/chip-wifi-echo.elf and ./pull_artifact/chip-wifi-echo.elf:

sections,vmsize,filesize
[Unmapped],0,4030
.debug_info,0,1085
.debug_line,0,571
.debug_str,0,177
.flash.text,140,140
.debug_frame,0,72
.flash.rodata,64,64
.strtab,0,53
.debug_aranges,0,24
.debug_ranges,0,24
.symtab,0,16

@pan-apple pan-apple mentioned this pull request Aug 11, 2020
Closed
@woody-apple woody-apple merged commit e8d270c into project-chip:master Aug 11, 2020
@pan-apple pan-apple deleted the rendezvous branch August 11, 2020 20:24
@vivien-apple vivien-apple mentioned this pull request Mar 1, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@turon turon turon left review comments

@BroderickCarlin BroderickCarlin BroderickCarlin approved these changes

@woody-apple woody-apple woody-apple approved these changes

@tcarmelveilleux tcarmelveilleux tcarmelveilleux approved these changes

@andy31415 andy31415 andy31415 approved these changes

@balducci-apple balducci-apple balducci-apple approved these changes

@anush-apple anush-apple Awaiting requested review from anush-apple

@chrisdecenzo chrisdecenzo Awaiting requested review from chrisdecenzo

@hawk248 hawk248 Awaiting requested review from hawk248

@jelderton jelderton Awaiting requested review from jelderton

@robszewczyk robszewczyk Awaiting requested review from robszewczyk

@saurabhst saurabhst Awaiting requested review from saurabhst

@emargolis emargolis Awaiting requested review from emargolis

Assignees
No one assigned
Labels
transport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@pan-apple @woody-apple @turon @tcarmelveilleux @andy31415 @BroderickCarlin @balducci-apple @restyled-commits