From 4aeb054157c6e7e12dc80384f61186f6d8d23a92 Mon Sep 17 00:00:00 2001 From: Zachary Crockett Date: Sun, 31 Aug 2014 13:41:18 -0500 Subject: [PATCH 1/5] Secure random seed from Spark Cloud --- src/spark_protocol.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/spark_protocol.cpp b/src/spark_protocol.cpp index 08ae3fc..9f71afa 100644 --- a/src/spark_protocol.cpp +++ b/src/spark_protocol.cpp @@ -1233,6 +1233,10 @@ int SparkProtocol::set_key(const unsigned char *signed_encrypted_credentials) _message_id = *(credentials + 32) << 8 | *(credentials + 33); _token = *(credentials + 34); + unsigned int seed; + memcpy(&seed, credentials + 35, sizeof(seed)); + srand(seed); + return 0; } else return 2; From d90e6cd2ce43f08383ceb8d2ac50f65a3b5cb199 Mon Sep 17 00:00:00 2001 From: Zachary Crockett Date: Sun, 31 Aug 2014 15:12:37 -0500 Subject: [PATCH 2/5] Limit seed to 4 bytes even on future hardware There are only 5 bytes left in the credentials, so an attempt on any future hardware that might support 64-bit integers to use sizeof(seed) would read past the end of the credentials buffer. For future reference, there would be very little cryptographic risk in starting the seed at offset 32 and allowing 8 bytes, duplicating use of the initial message ID and token bytes as part of the seed. However, there is no need to do so at this time. --- src/spark_protocol.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/spark_protocol.cpp b/src/spark_protocol.cpp index 9f71afa..27a6045 100644 --- a/src/spark_protocol.cpp +++ b/src/spark_protocol.cpp @@ -1234,7 +1234,7 @@ int SparkProtocol::set_key(const unsigned char *signed_encrypted_credentials) _token = *(credentials + 34); unsigned int seed; - memcpy(&seed, credentials + 35, sizeof(seed)); + memcpy(&seed, credentials + 35, 4); srand(seed); return 0; From 72f167ba8e298cbe586f384a39607a4eab0a86fa Mon Sep 17 00:00:00 2001 From: Matthew McGowan Date: Thu, 4 Sep 2014 01:03:17 +0200 Subject: [PATCH 3/5] random seed from the cloud passed to `random_seed_from_cloud()` function. this function as weak linkage so that user code can redefine and override this behavior. --- src/build.mk | 2 +- src/functions.c | 17 +++++++++++++++++ src/functions.h | 28 ++++++++++++++++++++++++++++ src/spark_protocol.cpp | 5 +++-- 4 files changed, 49 insertions(+), 3 deletions(-) create mode 100644 src/functions.c create mode 100644 src/functions.h diff --git a/src/build.mk b/src/build.mk index 7118330..dbad867 100644 --- a/src/build.mk +++ b/src/build.mk @@ -10,7 +10,7 @@ TARGET_SRC_PATH = src INCLUDE_DIRS += $(TARGET_SRC_PATH) # C source files included in this build. -CSRC += +CSRC += $(TARGET_SRC_PATH)/functions.c # C++ source files included in this build. CPPSRC += $(TARGET_SRC_PATH)/coap.cpp diff --git a/src/functions.c b/src/functions.c new file mode 100644 index 0000000..317bf2c --- /dev/null +++ b/src/functions.c @@ -0,0 +1,17 @@ + +#include "functions.h" +#include + +/** + * Handle the cryptographically secure random seed from the cloud by using + * it to seed the stdlib PRNG. + * @param seed A random value from a cryptographically secure random number generator. + * + * This function has weak linkage, so that user code may re-define this function and + * handle the random number in some other way. For example, to combine with local + * entropy sources. + */ +__attribute__((weak)) void random_seed_from_cloud(unsigned int seed){ + srand(seed); +} + diff --git a/src/functions.h b/src/functions.h new file mode 100644 index 0000000..7f9d4f5 --- /dev/null +++ b/src/functions.h @@ -0,0 +1,28 @@ +/* + * File: functions.h + * Author: mat + * + * Created on 04 September 2014, 00:10 + */ + +#ifndef FUNCTIONS_H +#define FUNCTIONS_H + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * Handle the cryptographically secure random seed from the cloud. + * @param seed A random value. This is typically used to seed a pseudo-random generator. + */ +extern __attribute__((weak)) void random_seed_from_cloud(unsigned int seed); + + + +#ifdef __cplusplus +} +#endif + +#endif /* FUNCTIONS_H */ + diff --git a/src/spark_protocol.cpp b/src/spark_protocol.cpp index 27a6045..4ce30bf 100644 --- a/src/spark_protocol.cpp +++ b/src/spark_protocol.cpp @@ -24,6 +24,7 @@ */ #include "spark_protocol.h" #include "handshake.h" +#include "functions.h" #include #include @@ -1235,7 +1236,7 @@ int SparkProtocol::set_key(const unsigned char *signed_encrypted_credentials) unsigned int seed; memcpy(&seed, credentials + 35, 4); - srand(seed); + random_seed_from_cloud(seed); return 0; } @@ -1269,6 +1270,6 @@ inline void SparkProtocol::coded_ack(unsigned char *buf, buf[4] = token; memset(buf + 5, 11, 11); // PKCS #7 padding - + encrypt(buf, 16); } From 7ea8c181d1e45460459f23524b9cb95f25204d6a Mon Sep 17 00:00:00 2001 From: Matthew McGowan Date: Thu, 4 Sep 2014 02:40:26 +0200 Subject: [PATCH 4/5] missing function.o module in makefile. I assumed `make test` built the test suite using the libcore-communication-lib.a + headers. "assumptions are bad, mkay?" --- Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 1c3e7c1..134d135 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,8 @@ ssllib = $(ssllibdir)/libtropicssl.a objects = src/handshake.o \ src/coap.o \ src/spark_protocol.o \ - src/events.o + src/events.o \ + src/functions.o testobjects = tests/ConstructorFixture.o \ tests/TestHandshake.o \ From a69c03a9180cef3892e0dc94589bc49e576879ee Mon Sep 17 00:00:00 2001 From: Matthew McGowan Date: Thu, 4 Sep 2014 15:58:25 +0200 Subject: [PATCH 5/5] removed weak attribute from header - seemed to make it work on linux. I don't fully understand why - theory is that a weak declaration in the header seems to stop the linker binding the implementation given. --- src/functions.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/functions.h b/src/functions.h index 7f9d4f5..87ec255 100644 --- a/src/functions.h +++ b/src/functions.h @@ -16,7 +16,7 @@ extern "C" { * Handle the cryptographically secure random seed from the cloud. * @param seed A random value. This is typically used to seed a pseudo-random generator. */ -extern __attribute__((weak)) void random_seed_from_cloud(unsigned int seed); +extern void random_seed_from_cloud(unsigned int seed);