Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp3935984ybe;
        Mon, 16 Sep 2019 04:03:01 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzTplZ8KA790MtC8NJxR3VlRAwA3YbInhRlcn5b5seT67NkG+3ENgLhO//oiN6cXJ5cvjUf
X-Received: by 2002:a50:9b0c:: with SMTP id o12mr1224497edi.303.1568631781579;
        Mon, 16 Sep 2019 04:03:01 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1568631781; cv=none;
        d=google.com; s=arc-20160816;
        b=vZWXTQcKdHOxFNLPrjmNYGIjJ+acHhjQKdGG84RiQZyCz2IdaM+k9y8mHass+vwoBq
         +CfVkO0qLLqbhBS4PWUXhAzRYwypVccnU/AY58GYiTuxZKcSSpQ+5DPz31ft0vnkd7AH
         5B9ZwO78abxPcTWfUwG2L3R1ojqWSaOUBKdEX+nWnqFdije2J15sD9AIRJ9dJPK77GVZ
         tJWk4drvb3xRcpnGbsWKY2r9f2xVVtlcZWjQ5w35y/OQJ3UbVhFsi1SGnm2pDNy99zb4
         LMtyf5i98r8Cm0ZyVZGPbSx1s8+aBgs5S1F2beNyn/UCaJGWbzXykv8OGQ5Ks1ZTzERH
         OmnA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:content-transfer-encoding
         :content-language:accept-language:in-reply-to:references:message-id
         :date:thread-index:thread-topic:subject:cc:to:from;
        bh=tuJUMxUTP5PQU3deiUZ2frbHo+Q4NwFN6pGzia6fBRo=;
        b=FrbDUdiYvVlIPUyoWtmyCwPGdoOna4xO+tgKoDuk4QH32+C0YhvNNQOIkIkppYsQMN
         BK5pK7/V5APQimDr2F03FxrnPUmGa9JV9nkz2Tg5WHYyAI68THj4L6jAXbuSBPhB05gl
         BBgpuTGp9WZX8NixT2Mv2Ko9jv00Ttt+jwK1Ie7VX1mwAF78uue4IlvpYamPGdevNhNL
         CcxUyqq/BOXax7VDCD69G8lwbisvQWM5gdaJHo/S8jS1QSpduQDPZzUv8epYncfKIYvj
         irBQ3SqsBeSnTuTIyjiIyXV5o9pPXI+XkZ1HqE2uQX8M1MOPED0hn/BJA4ya5Q3NRi4H
         7UjQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-bluetooth-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b27si19259349ejq.314.2019.09.16.04.02.30;
        Mon, 16 Sep 2019 04:03:01 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726118AbfIPKz5 convert rfc822-to-8bit (ORCPT
        <rfc822;maohongyicn@gmail.com> + 99 others);
        Mon, 16 Sep 2019 06:55:57 -0400
Received: from mga18.intel.com ([134.134.136.126]:27031 "EHLO mga18.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1732701AbfIPKz4 (ORCPT <rfc822;linux-bluetooth@vger.kernel.org>);
        Mon, 16 Sep 2019 06:55:56 -0400
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga007.jf.intel.com ([10.7.209.58])
  by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Sep 2019 03:55:55 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.64,492,1559545200"; 
   d="scan'208";a="177008851"
Received: from orsmsx106.amr.corp.intel.com ([10.22.225.133])
  by orsmga007.jf.intel.com with ESMTP; 16 Sep 2019 03:55:55 -0700
Received: from orsmsx152.amr.corp.intel.com (10.22.226.39) by
 ORSMSX106.amr.corp.intel.com (10.22.225.133) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Mon, 16 Sep 2019 03:55:55 -0700
Received: from orsmsx103.amr.corp.intel.com ([169.254.5.221]) by
 ORSMSX152.amr.corp.intel.com ([169.254.8.93]) with mapi id 14.03.0439.000;
 Mon, 16 Sep 2019 03:55:55 -0700
From:   "Gix, Brian" <brian.gix@intel.com>
To:     =?windows-1250?Q?Micha=B3_Lowas-Rzechonek?= 
        <michal.lowas-rzechonek@silvair.com>
CC:     "linux-bluetooth@vger.kernel.org" <linux-bluetooth@vger.kernel.org>,
        "Stotland, Inga" <inga.stotland@intel.com>
Subject: Re: [PATCH BlueZ 1/1] mesh: Add local/remote bools to DevKey
 transactions
Thread-Topic: [PATCH BlueZ 1/1] mesh: Add local/remote bools to DevKey
 transactions
Thread-Index: AQHVa52TiigZ9MdeYUO+JqwhakK/NqcuiMWA//+an5Y=
Date:   Mon, 16 Sep 2019 10:55:54 +0000
Message-ID: <8DD9DDA0-1081-479F-B215-2E815B1A8F27@intel.com>
References: <20190915081408.18116-1-brian.gix@intel.com>
 <20190915081408.18116-2-brian.gix@intel.com>,<20190916095845.htvyalekgr4k2ybt@mlowasrzechonek2133>
In-Reply-To: <20190916095845.htvyalekgr4k2ybt@mlowasrzechonek2133>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Content-Type: text/plain; charset="windows-1250"
Content-Transfer-Encoding: 8BIT
MIME-Version: 1.0
Sender: linux-bluetooth-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

Hi Micha?, 

> On Sep 16, 2019, at 11:58 AM, Micha? Lowas-Rzechonek <michal.lowas-rzechonek@silvair.com> wrote:
> 
> Hi Brian,
> 
>> On 09/15, Brian Gix wrote:
>> DevKey operations require authorization on the part of the applications
>> making the requests. Messages to state changing Servers should use keys
>> from the local Key Database to demonstrate authority.
> 
> Alright, so if I understand this correctly:
> 
> 1. If the application would like to change Config Server states on the
>   local node, it would need to:
>    - call ImportRemoteNode, passing the address of a *local* node and
>      the device key obtained from provisioner
>    - call DevKeySend to a *local* address, with remote flag set to true
>    - receive responses via DevKeyMessageReceived from *local* node,
>      with remote flag set to true
> 
>   Essentially this means that talking to a local node using device
>   security behaves in the same manner as if the node was a remote one.
> 
> 2. If the application would like to implement an external model that
>   uses device security, it would:
>    - receive DevKeyMessageReceived calls from remote nodes, with remote
>      flag set to false
>    - send responses by calling DevKeySend to a *remote* address with
>      remote flag set to false
> 
> This means that calling DevKeySend to a *local* address with remote flag
> false would be forbidden, in order to force the application to use
> ImportRemoteNode first?

I think that is all basically correct. I switched the Boolean bit-sense  such that the boolean parameter is ?remote? on the send and ?local? on the receive.

And most importantly, your last point is an emphatic yes....    you will need to import your own device key to the key ring if you want to talk to your own builtin servers.  The one exception will be nodes that have called ?Create()? which are generating brand new mesh networks with themselves as unicast 0001.


> 
> -- 
> Micha? Lowas-Rzechonek <michal.lowas-rzechonek@silvair.com>
> Silvair http://silvair.com
> Jasnog?rska 44, 31-358 Krakow, POLAND