2024-03-04 15:58:55

by Frédéric Danis

[permalink] [raw]
Subject: [RESEND PATCH BlueZ v2 0/2] Add support for signed write command

GAP/SEC/CSIGN/BV-02-C request the ability to check that signed write has
been performed successfully.

Move the storage of local and remote CSRK keys to the device object.
This allow to pass GAP/SEC/CSIGN/BV-01-C and GAP/SEC/CSIGN/BV-02-C tests.

v1 -> v2: Move CSRK keys storage to device object only

Frédéric Danis (2):
gatt-server: Add support for signed write command
device: Update local and remote CSRK on management event

src/adapter.c | 77 +---------------------------------------
src/device.c | 48 +++++++++++++++++++++++++
src/device.h | 3 ++
src/shared/gatt-server.c | 13 ++++++-
4 files changed, 64 insertions(+), 77 deletions(-)

--
2.34.1



2024-03-04 15:58:59

by Frédéric Danis

[permalink] [raw]
Subject: [RESEND PATCH BlueZ v2 2/2] device: Update local and remote CSRK on management event

Currently the local and remote CSRK keys are only loaded to device object
from storage during start.
Those keys are updated on MGMT_EV_NEW_CSRK event only in adapter object,
but saved both in adapter and device objects.

Those keys should be updated on management event to be able to perform
signed write for GAP/SEC/CSIGN/BV-01-C and GAP/SEC/CSIGN/BV-02-C.

This commits updates the keys on management event in the device object and
move their storage to device object only.
---
v1 -> v2: Move CSRK keys storage to device object only
---
src/adapter.c | 77 +--------------------------------------------------
src/device.c | 48 ++++++++++++++++++++++++++++++++
src/device.h | 3 ++
3 files changed, 52 insertions(+), 76 deletions(-)

diff --git a/src/adapter.c b/src/adapter.c
index ef1e66e4b..4bcc464de 100644
--- a/src/adapter.c
+++ b/src/adapter.c
@@ -8785,75 +8785,6 @@ static void new_long_term_key_callback(uint16_t index, uint16_t length,
bonding_complete(adapter, &addr->bdaddr, addr->type, 0);
}

-static void store_csrk(struct btd_adapter *adapter, const bdaddr_t *peer,
- uint8_t bdaddr_type, const unsigned char *key,
- uint32_t counter, uint8_t type)
-{
- const char *group;
- char device_addr[18];
- char filename[PATH_MAX];
- GKeyFile *key_file;
- GError *gerr = NULL;
- char key_str[33];
- gsize length = 0;
- gboolean auth;
- char *str;
- int i;
-
- switch (type) {
- case 0x00:
- group = "LocalSignatureKey";
- auth = FALSE;
- break;
- case 0x01:
- group = "RemoteSignatureKey";
- auth = FALSE;
- break;
- case 0x02:
- group = "LocalSignatureKey";
- auth = TRUE;
- break;
- case 0x03:
- group = "RemoteSignatureKey";
- auth = TRUE;
- break;
- default:
- warn("Unsupported CSRK type %u", type);
- return;
- }
-
- ba2str(peer, device_addr);
-
- create_filename(filename, PATH_MAX, "/%s/%s/info",
- btd_adapter_get_storage_dir(adapter), device_addr);
-
- key_file = g_key_file_new();
- if (!g_key_file_load_from_file(key_file, filename, 0, &gerr)) {
- error("Unable to load key file from %s: (%s)", filename,
- gerr->message);
- g_clear_error(&gerr);
- }
-
- for (i = 0; i < 16; i++)
- sprintf(key_str + (i * 2), "%2.2X", key[i]);
-
- g_key_file_set_string(key_file, group, "Key", key_str);
- g_key_file_set_integer(key_file, group, "Counter", counter);
- g_key_file_set_boolean(key_file, group, "Authenticated", auth);
-
- create_file(filename, 0600);
-
- str = g_key_file_to_data(key_file, &length, NULL);
- if (!g_file_set_contents(filename, str, length, &gerr)) {
- error("Unable set contents for %s: (%s)", filename,
- gerr->message);
- g_error_free(gerr);
- }
- g_free(str);
-
- g_key_file_free(key_file);
-}
-
static void new_csrk_callback(uint16_t index, uint16_t length,
const void *param, void *user_data)
{
@@ -8881,13 +8812,7 @@ static void new_csrk_callback(uint16_t index, uint16_t length,
return;
}

- if (!ev->store_hint)
- return;
-
- store_csrk(adapter, &key->addr.bdaddr, key->addr.type, key->val, 0,
- key->type);
-
- btd_device_set_temporary(device, false);
+ device_set_csrk(device, key->val, 0, key->type, ev->store_hint);
}

static void store_irk(struct btd_adapter *adapter, const bdaddr_t *peer,
diff --git a/src/device.c b/src/device.c
index e5191cabe..aecceb100 100644
--- a/src/device.c
+++ b/src/device.c
@@ -169,6 +169,7 @@ struct ltk_info {
struct csrk_info {
uint8_t key[16];
uint32_t counter;
+ bool auth;
};

struct sirk_info {
@@ -400,6 +401,7 @@ static void store_csrk(struct csrk_info *csrk, GKeyFile *key_file,

g_key_file_set_string(key_file, group, "Key", key);
g_key_file_set_integer(key_file, group, "Counter", csrk->counter);
+ g_key_file_set_boolean(key_file, group, "Authenticated", csrk->auth);
}

static void store_sirk(struct sirk_info *sirk, GKeyFile *key_file,
@@ -1955,6 +1957,52 @@ bool btd_device_get_ltk(struct btd_device *device, uint8_t key[16],
return true;
}

+void device_set_csrk(struct btd_device *device, const uint8_t val[16],
+ uint32_t counter, uint8_t type,
+ bool store_hint)
+{
+ struct csrk_info **handle;
+ struct csrk_info *csrk;
+ bool auth;
+
+ switch (type) {
+ case 0x00:
+ handle = &device->local_csrk;
+ auth = FALSE;
+ break;
+ case 0x01:
+ handle = &device->remote_csrk;
+ auth = FALSE;
+ break;
+ case 0x02:
+ handle = &device->local_csrk;
+ auth = TRUE;
+ break;
+ case 0x03:
+ handle = &device->remote_csrk;
+ auth = TRUE;
+ break;
+ default:
+ warn("Unsupported CSRK type %u", type);
+ return;
+ }
+
+ if (!*handle)
+ *handle = g_new0(struct csrk_info, 1);
+
+ csrk = *handle;
+ memcpy(csrk->key, val, sizeof(csrk->key));
+ csrk->counter = counter;
+ csrk->auth = auth;
+
+ if (!store_hint)
+ return;
+
+ store_device_info(device);
+
+ btd_device_set_temporary(device, false);
+}
+
static bool match_sirk(const void *data, const void *match_data)
{
const struct sirk_info *sirk = data;
diff --git a/src/device.h b/src/device.h
index 96f41d479..d4e70b7ef 100644
--- a/src/device.h
+++ b/src/device.h
@@ -135,6 +135,9 @@ void device_set_ltk(struct btd_device *device, const uint8_t val[16],
bool central, uint8_t enc_size);
bool btd_device_get_ltk(struct btd_device *device, uint8_t val[16],
bool *central, uint8_t *enc_size);
+void device_set_csrk(struct btd_device *device, const uint8_t val[16],
+ uint32_t counter, uint8_t type,
+ bool store_hint);
bool btd_device_add_set(struct btd_device *device, bool encrypted,
uint8_t sirk[16], uint8_t size, uint8_t rank);
void device_store_svc_chng_ccc(struct btd_device *device, uint8_t bdaddr_type,
--
2.34.1


2024-03-04 16:24:46

by Frédéric Danis

[permalink] [raw]
Subject: [RESEND PATCH BlueZ v2 1/2] gatt-server: Add support for signed write command

GAP/SEC/CSIGN/BV-02-C request the ability to check that signed write has
been performed successfully.
---
v1 -> v2: No change
---
src/shared/gatt-server.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/shared/gatt-server.c b/src/shared/gatt-server.c
index c7ce3ec1f..0e399ceb1 100644
--- a/src/shared/gatt-server.c
+++ b/src/shared/gatt-server.c
@@ -106,6 +106,7 @@ struct bt_gatt_server {
unsigned int read_multiple_vl_id;
unsigned int prep_write_id;
unsigned int exec_write_id;
+ unsigned int signed_write_cmd_id;

uint8_t min_enc_size;

@@ -155,6 +156,7 @@ static void bt_gatt_server_free(struct bt_gatt_server *server)
bt_att_unregister(server->att, server->read_multiple_vl_id);
bt_att_unregister(server->att, server->prep_write_id);
bt_att_unregister(server->att, server->exec_write_id);
+ bt_att_unregister(server->att, server->signed_write_cmd_id);

queue_destroy(server->prep_queue, prep_write_data_destroy);

@@ -777,7 +779,8 @@ static void write_complete_cb(struct gatt_db_attribute *attr, int err,
struct bt_gatt_server *server = op->server;
uint16_t handle;

- if (op->opcode == BT_ATT_OP_WRITE_CMD) {
+ if (op->opcode == BT_ATT_OP_WRITE_CMD ||
+ op->opcode == BT_ATT_OP_SIGNED_WRITE_CMD) {
async_write_op_destroy(op);
return;
}
@@ -1628,6 +1631,14 @@ static bool gatt_server_register_att_handlers(struct bt_gatt_server *server)
if (!server->exec_write_id)
return NULL;

+ /* Signed Write Command */
+ server->signed_write_cmd_id = bt_att_register(server->att,
+ BT_ATT_OP_SIGNED_WRITE_CMD,
+ write_cb,
+ server, NULL);
+ if (!server->signed_write_cmd_id)
+ return false;
+
return true;
}

--
2.34.1


2024-03-04 17:25:18

by bluez.test.bot

[permalink] [raw]
Subject: RE: Add support for signed write command

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=832144

---Test result---

Test Summary:
CheckPatch PASS 0.92 seconds
GitLint PASS 0.65 seconds
BuildEll PASS 24.22 seconds
BluezMake PASS 738.03 seconds
MakeCheck PASS 12.39 seconds
MakeDistcheck PASS 168.23 seconds
CheckValgrind PASS 230.84 seconds
CheckSmatch WARNING 339.18 seconds
bluezmakeextell PASS 109.50 seconds
IncrementalBuild PASS 1388.86 seconds
ScanBuild PASS 991.91 seconds

Details
##############################
Test: CheckSmatch - WARNING
Desc: Run smatch tool with source
Output:
src/shared/gatt-server.c:278:25: warning: Variable length array is used.src/shared/gatt-server.c:621:25: warning: Variable length array is used.src/shared/gatt-server.c:720:25: warning: Variable length array is used.src/shared/gatt-server.c:278:25: warning: Variable length array is used.src/shared/gatt-server.c:621:25: warning: Variable length array is used.src/shared/gatt-server.c:720:25: warning: Variable length array is used.src/shared/gatt-server.c:278:25: warning: Variable length array is used.src/shared/gatt-server.c:621:25: warning: Variable length array is used.src/shared/gatt-server.c:720:25: warning: Variable length array is used.


---
Regards,
Linux Bluetooth

2024-03-04 21:01:04

by patchwork-bot+bluetooth

[permalink] [raw]
Subject: Re: [RESEND PATCH BlueZ v2 0/2] Add support for signed write command

Hello:

This series was applied to bluetooth/bluez.git (master)
by Luiz Augusto von Dentz <[email protected]>:

On Mon, 4 Mar 2024 16:58:37 +0100 you wrote:
> GAP/SEC/CSIGN/BV-02-C request the ability to check that signed write has
> been performed successfully.
>
> Move the storage of local and remote CSRK keys to the device object.
> This allow to pass GAP/SEC/CSIGN/BV-01-C and GAP/SEC/CSIGN/BV-02-C tests.
>
> v1 -> v2: Move CSRK keys storage to device object only
>
> [...]

Here is the summary with links:
- [RESEND,BlueZ,v2,1/2] gatt-server: Add support for signed write command
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=71f0a1e88d9a
- [RESEND,BlueZ,v2,2/2] device: Update local and remote CSRK on management event
https://git.kernel.org/pub/scm/bluetooth/bluez.git/?id=3eba64ba2c85

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html