Skip to content

Commit

Permalink
Refactor message encryption and pairing code (#4401)
Browse files Browse the repository at this point in the history
* Refactor message encryption and pairing code

- Extract message encryption/decryption to its own functions.
  These can be reused for pairing, and CASE based session setup
- Cleanup pairing and rendezvous code to use the new functions.

* Use SecureSessionMgr to send encrypted rendezvous messages

* fix doxygen

* cleanup

* cleanup

* Fix cirque failure

* address review comments

* Fix copyright year
pan-apple authored Jan 20, 2021

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
1 parent a8608f7 commit fad6d05
Showing 15 changed files with 422 additions and 303 deletions.
14 changes: 3 additions & 11 deletions src/app/server/RendezvousServer.cpp
Original file line number Diff line number Diff line change
@@ -35,9 +35,10 @@ namespace chip {

RendezvousServer::RendezvousServer() : mRendezvousSession(this) {}

CHIP_ERROR RendezvousServer::Init(const RendezvousParameters & params, TransportMgrBase * transportMgr)
CHIP_ERROR RendezvousServer::Init(const RendezvousParameters & params, TransportMgrBase * transportMgr,
SecureSessionMgr * sessionMgr)
{
return mRendezvousSession.Init(params, transportMgr);
return mRendezvousSession.Init(params, transportMgr, sessionMgr);
}

void RendezvousServer::OnRendezvousError(CHIP_ERROR err)
@@ -62,15 +63,6 @@ void RendezvousServer::OnRendezvousMessageReceived(const PacketHeader & packetHe
void RendezvousServer::OnRendezvousComplete()
{
ChipLogProgress(AppServer, "Device completed Rendezvous process");
if (mRendezvousSession.GetRemoteNodeId().HasValue())
{
SessionManager().NewPairing(Optional<Transport::PeerAddress>{}, mRendezvousSession.GetRemoteNodeId().Value(),
&mRendezvousSession.GetPairingSession());
}
else
{
ChipLogError(AppServer, "Commissioner did not assign a node ID to the device!!!");
}
}

void RendezvousServer::OnRendezvousStatusUpdate(Status status, CHIP_ERROR err)
2 changes: 1 addition & 1 deletion src/app/server/RendezvousServer.h
Original file line number Diff line number Diff line change
@@ -28,7 +28,7 @@ class RendezvousServer : public RendezvousSessionDelegate
public:
RendezvousServer();

CHIP_ERROR Init(const RendezvousParameters & params, TransportMgrBase * transportMgr);
CHIP_ERROR Init(const RendezvousParameters & params, TransportMgrBase * transportMgr, SecureSessionMgr * sessionMgr);
void SetDelegate(AppDelegate * delegate) { mDelegate = delegate; };

//////////////// RendezvousSessionDelegate Implementation ///////////////////
8 changes: 3 additions & 5 deletions src/app/server/Server.cpp
Original file line number Diff line number Diff line change
@@ -202,6 +202,8 @@ void InitServer(AppDelegate * delegate)
err = gSessions.Init(chip::kTestDeviceNodeId, &DeviceLayer::SystemLayer, &gTransports);
SuccessOrExit(err);

gSessions.SetDelegate(&gCallbacks);

// This flag is used to bypass BLE in the cirque test
// Only in the cirque test this is enabled with --args='bypass_rendezvous=true'
if (isRendezvousBypassed())
@@ -223,18 +225,14 @@ void InitServer(AppDelegate * delegate)
#else
params.SetSetupPINCode(pinCode);
#endif // CONFIG_NETWORK_LAYER_BLE
SuccessOrExit(err = gRendezvousServer.Init(params, &gTransports));
SuccessOrExit(err = gRendezvousServer.Init(params, &gTransports, &gSessions));
}

#if CHIP_ENABLE_MDNS
err = InitMdns();
SuccessOrExit(err);
#endif

gSessions.SetDelegate(&gCallbacks);
err = gSessions.NewPairing(peer, chip::kTestControllerNodeId, &gTestPairing);
SuccessOrExit(err);

exit:
if (err != CHIP_NO_ERROR)
{
9 changes: 5 additions & 4 deletions src/controller/CHIPDeviceController.cpp
Original file line number Diff line number Diff line change
@@ -355,7 +355,7 @@ void DeviceController::OnNewConnection(SecureSessionHandle session, SecureSessio
exit:
if (err != CHIP_NO_ERROR)
{
ChipLogError(Controller, "Failed to process received message: err %d", err);
ChipLogError(Controller, "OnNewConnection: Failed to process received message: err %d", err);
}
}

@@ -374,7 +374,7 @@ void DeviceController::OnConnectionExpired(SecureSessionHandle session, SecureSe
exit:
if (err != CHIP_NO_ERROR)
{
ChipLogError(Controller, "Failed to process received message: err %d", err);
ChipLogError(Controller, "OnConnectionExpired: Failed to process received message: err %d", err);
}
}

@@ -395,7 +395,7 @@ void DeviceController::OnMessageReceived(const PacketHeader & header, const Payl
exit:
if (err != CHIP_NO_ERROR)
{
ChipLogError(Controller, "Failed to process received message: err %d", err);
ChipLogError(Controller, "OnMessageReceived: Failed to process received message: err %d", err);
}
return;
}
@@ -559,7 +559,8 @@ CHIP_ERROR DeviceCommissioner::PairDevice(NodeId remoteDeviceId, RendezvousParam
mIsIPRendezvous = (params.GetPeerAddress().GetTransportType() != Transport::Type::kBle);
mRendezvousSession = chip::Platform::New<RendezvousSession>(this);
VerifyOrExit(mRendezvousSession != nullptr, err = CHIP_ERROR_NO_MEMORY);
err = mRendezvousSession->Init(params.SetLocalNodeId(mLocalDeviceId).SetRemoteNodeId(remoteDeviceId), mTransportMgr);
err = mRendezvousSession->Init(params.SetLocalNodeId(mLocalDeviceId).SetRemoteNodeId(remoteDeviceId), mTransportMgr,
mSessionManager);
SuccessOrExit(err);

device->Init(mTransportMgr, mSessionManager, mInetLayer, mListenPort, remoteDeviceId, remotePort, interfaceId);
2 changes: 2 additions & 0 deletions src/transport/BUILD.gn
Original file line number Diff line number Diff line change
@@ -27,6 +27,8 @@ static_library("transport") {
"RendezvousSession.cpp",
"RendezvousSession.h",
"RendezvousSessionDelegate.h",
"SecureMessageCodec.cpp",
"SecureMessageCodec.h",
"SecurePairingSession.cpp",
"SecurePairingSession.h",
"SecureSession.cpp",
15 changes: 10 additions & 5 deletions src/transport/PeerConnectionState.h
Original file line number Diff line number Diff line change
@@ -22,6 +22,7 @@
#pragma once

#include <transport/SecureSession.h>
#include <transport/raw/Base.h>
#include <transport/raw/MessageHeader.h>
#include <transport/raw/PeerAddress.h>

@@ -57,6 +58,9 @@ class PeerConnectionState
PeerAddress & GetPeerAddress() { return mPeerAddress; }
void SetPeerAddress(const PeerAddress & address) { mPeerAddress = address; }

void SetTransport(Transport::Base * transport) { mTransport = transport; }
Transport::Base * GetTransport() { return mTransport; }

NodeId GetPeerNodeId() const { return mPeerNodeId; }
void SetPeerNodeId(NodeId peerNodeId) { mPeerNodeId = peerNodeId; }

@@ -95,11 +99,12 @@ class PeerConnectionState

private:
PeerAddress mPeerAddress;
NodeId mPeerNodeId = kUndefinedNodeId;
uint32_t mSendMessageIndex = 0;
uint16_t mPeerKeyID = UINT16_MAX;
uint16_t mLocalKeyID = UINT16_MAX;
uint64_t mLastActityTimeMs = 0;
NodeId mPeerNodeId = kUndefinedNodeId;
uint32_t mSendMessageIndex = 0;
uint16_t mPeerKeyID = UINT16_MAX;
uint16_t mLocalKeyID = UINT16_MAX;
uint64_t mLastActityTimeMs = 0;
Transport::Base * mTransport = nullptr;
SecureSession mSecureSession;
};

Loading

0 comments on commit fad6d05

Please sign in to comment.