Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrity protect unencrypted portion of message header #2237

Merged
merged 2 commits into from
Aug 19, 2020
Merged

Integrity protect unencrypted portion of message header #2237

merged 2 commits into from
Aug 19, 2020

Conversation

pan-apple
Copy link
Contributor

Problem

Unencrypted portion of message header is not integrity protected.

Summary of Changes

Use unencrypted header as AAD (additional authenticated data) during encryption and decryption. The encryption operation includes AAD when MAC tag is generated.

andy31415
andy31415 reviewed Aug 19, 2020
View reviewed changes
src/transport/SecureSession.cpp Outdated Show resolved Hide resolved
src/transport/SecureSession.h Outdated Show resolved Hide resolved
@github-actions
Copy link

Size increase report for "nrf-example-build"

File Section File VM
chip-nrf52840-lock-example.out .text 100 100
chip-nrf52840-lock-example.out [LOAD #2 [RW]] 0 4
Full report output 
BLOAT REPORT

Files found only in the build output:
    report.csv

Comparing ./master_artifact/chip-nrf52840-lock-example.out and ./pull_artifact/chip-nrf52840-lock-example.out:

sections,vmsize,filesize
.debug_info,0,719
.debug_loc,0,237
.debug_str,0,137
.debug_line,0,108
.text,100,100
.strtab,0,73
.debug_abbrev,0,62
.symtab,0,48
.debug_frame,0,40
.debug_aranges,0,8
[LOAD #2 [RW]],4,0
.debug_ranges,0,-24
[Unmapped],0,-96

@github-actions
Copy link

Size increase report for "nrfconnect-example-build"

File Section File VM
chip-nrf52840-lock-example.elf text 256 256
Full report output 
BLOAT REPORT

Files found only in the build output:
    report.csv

Comparing ./master_artifact/chip-nrf52840-lock-example.elf and ./pull_artifact/chip-nrf52840-lock-example.elf:

sections,vmsize,filesize
.debug_info,0,467
text,256,256
.debug_str,0,113
.debug_line,0,85
.strtab,0,73
.debug_abbrev,0,72
.debug_frame,0,40
.symtab,0,32
.debug_aranges,0,8
.debug_ranges,0,8
[Unmapped],0,-2

@github-actions
Copy link

Size increase report for "linux-example-build"

File Section File VM
chip-standalone-demo.out .text 208 208
chip-standalone-demo.out .eh_frame 56 56
chip-standalone-demo.out .eh_frame_hdr 8 8
Full report output 
BLOAT REPORT

Files found only in the build output:
    report.csv

Comparing ./master_artifact/chip-standalone-demo.out and ./pull_artifact/chip-standalone-demo.out:

sections,vmsize,filesize
.debug_info,0,1009
.debug_str,0,248
.text,208,208
.debug_abbrev,0,139
.strtab,0,92
.debug_line,0,70
.eh_frame,56,56
.symtab,0,24
.debug_aranges,0,16
.debug_ranges,0,16
.debug_macro,0,14
.eh_frame_hdr,8,8
.debug_loc,0,-131
[Unmapped],0,-281

@github-actions
Copy link

Size increase report for "esp32-example-build"

File Section File VM
chip-wifi-echo.elf .flash.text 212 212
Full report output 
BLOAT REPORT

Files found only in the build output:
    report.csv

Comparing ./master_artifact/chip-wifi-echo.elf and ./pull_artifact/chip-wifi-echo.elf:

sections,vmsize,filesize
.debug_info,0,539
.flash.text,212,212
.debug_line,0,191
.debug_str,0,113
.strtab,0,73
.debug_frame,0,24
.symtab,0,16
.debug_aranges,0,8
.debug_ranges,0,8

@github-actions
Copy link

Size increase report for "gn_nrf-example-build"

File Section File VM
Full report output 
BLOAT REPORT

Files found only in the build output:
    report.csv

@github-actions
Copy link

Size increase report for "gn_linux-example-build"

File Section File VM
Full report output 
BLOAT REPORT

Files found only in the build output:
    report.csv

@woody-apple woody-apple merged commit dc89961 into project-chip:master Aug 19, 2020
@pan-apple pan-apple deleted the integrity-protect branch August 19, 2020 17:48
mspang added a commit to mspang/connectedhomeip that referenced this pull request Aug 22, 2020
@mspang
Revert "Integrity protect unencrypted portion of message header (proj…
2e729d5 
…ect-chip#2237)"

This reverts commit dc89961.
mspang pushed a commit to mspang/connectedhomeip that referenced this pull request Aug 25, 2020
@pan-apple @mspang
Integrity protect unencrypted portion of message header (project-chip…
65b9b3f 
…#2237)

* Integrity protect unencrypted portion of message header

* more descriptive function name and comment
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andy31415 andy31415 andy31415 approved these changes

@saurabhst saurabhst saurabhst approved these changes

@BroderickCarlin BroderickCarlin BroderickCarlin approved these changes

@woody-apple woody-apple woody-apple approved these changes

@balducci-apple balducci-apple balducci-apple approved these changes

@anush-apple anush-apple Awaiting requested review from anush-apple

@chrisdecenzo chrisdecenzo Awaiting requested review from chrisdecenzo

@hawk248 hawk248 Awaiting requested review from hawk248

@jelderton jelderton Awaiting requested review from jelderton

@robszewczyk robszewczyk Awaiting requested review from robszewczyk

@emargolis emargolis Awaiting requested review from emargolis

Assignees
No one assigned
Labels
transport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@pan-apple @andy31415 @saurabhst @BroderickCarlin @woody-apple @balducci-apple