Update LoRaMac-node to Version 4.4.4，fix Security breach found by Tencent Blade Team please refer to security advisory - CVE-2020-11068

fix Security breach found by Tencent Blade Team please refer to security advisory - CVE-2020-11068

components/connectivity/LoraWAN/mac/LoRaMacCrypto.h

@@ -37,6 +37,11 @@
 #ifndef __LORAMAC_CRYPTO_H__
 #define __LORAMAC_CRYPTO_H__
 
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
 #include <stdlib.h>
 #include <stdint.h>
 #include <stdbool.h>
@@ -44,6 +49,26 @@
 #include "LoRaMacTypes.h"
 #include "LoRaMacMessageTypes.h"
 
+/*!
+ * Indicates if LoRaWAN 1.1.x crypto scheme is enabled
+ */
+#define USE_LRWAN_1_1_X_CRYPTO                      0
+
+/*!
+ * Indicates if a random devnonce must be used or not
+ */
+#define USE_RANDOM_DEV_NONCE                        1
+
+/*!
+ * Indicates if JoinNonce is counter based and requires to be checked
+ */
+#define USE_JOIN_NONCE_COUNTER_CHECK                0
+
+/*!
+ * Initial value of the frame counters
+ */
+#define FCNT_DOWN_INITAL_VALUE          0xFFFFFFFF
+
 /*!
  * LoRaMac Cryto Status
  */
@@ -70,9 +95,21 @@ typedef enum eLoRaMacCryptoStatus
      */
     LORAMAC_CRYPTO_FAIL_RJCOUNT0_OVERFLOW,
     /*!
-     * FCntUp/Down check failed
+     * FCNT_ID is not supported
      */
-    LORAMAC_CRYPTO_FAIL_FCNT,
+    LORAMAC_CRYPTO_FAIL_FCNT_ID,
+    /*!
+     * FCntUp/Down check failed (new FCnt is smaller than previous one)
+     */
+    LORAMAC_CRYPTO_FAIL_FCNT_SMALLER,
+    /*!
+     * FCntUp/Down check failed (duplicated)
+     */
+    LORAMAC_CRYPTO_FAIL_FCNT_DUPLICATED,
+    /*!
+     * MAX_GAP_FCNT check failed
+     */
+    LORAMAC_CRYPTO_FAIL_MAX_GAP_FCNT,
     /*!
      * Not allowed parameter value
      */
@@ -125,7 +162,7 @@ typedef enum eLoRaMacCryptoStatus
  * crypto module context.
  *
  */
-typedef void ( *EventNvmCtxChanged )( void );
+typedef void ( *LoRaMacCryptoNvmEvent )( void );
 
 /*!
  * Initialization of LoRaMac Crypto module
@@ -135,11 +172,11 @@ typedef void ( *EventNvmCtxChanged )( void );
  *                                      non-volatile context have to be stored.
  * \retval                            - Status of the operation
  */
-LoRaMacCryptoStatus_t LoRaMacCryptoInit( EventNvmCtxChanged cryptoNvmCtxChanged );
+LoRaMacCryptoStatus_t LoRaMacCryptoInit( LoRaMacCryptoNvmEvent cryptoNvmCtxChanged );
 
 /*!
  * Sets the LoRaWAN specification version to be used.
- * 
+ *
  * \warning This function should be used for ABP only. In case of OTA the version will be set automatically.
  *
  * \param[IN]     version             - LoRaWAN specification version to be used.
@@ -164,6 +201,34 @@ LoRaMacCryptoStatus_t LoRaMacCryptoRestoreNvmCtx( void* cryptoNvmCtx );
  */
 void* LoRaMacCryptoGetNvmCtx( size_t* cryptoNvmCtxSize );
 
+/*!
+ * Returns updated fCntID downlink counter value.
+ *
+ * \param[IN]     fCntID         - Frame counter identifier
+ * \param[IN]     maxFcntGap     - Maximum allowed frame counter difference (only necessary for L2 LW1.0.x)
+ * \param[IN]     frameFcnt      - Received frame counter (used to update current counter value)
+ * \param[OUT]    currentDown    - Current downlink counter value
+ * \retval                       - Status of the operation
+ */
+LoRaMacCryptoStatus_t LoRaMacCryptoGetFCntDown( FCntIdentifier_t fCntID, uint16_t maxFCntGap, uint32_t frameFcnt, uint32_t* currentDown );
+
+/*!
+ * Returns updated fCntUp uplink counter value.
+ *
+ * \param[IN]     currentUp      - Uplink counter value
+ * \retval                       - Status of the operation
+ */
+LoRaMacCryptoStatus_t LoRaMacCryptoGetFCntUp( uint32_t* currentUp );
+
+/*!
+ * Provides multicast context.
+ *
+ * \param[IN]     multicastList - Pointer to the multicast context list
+ *
+ * \retval                      - Status of the operation
+ */
+LoRaMacCryptoStatus_t LoRaMacCryptoSetMulticastReference( MulticastCtx_t* multicastList );
+
 /*!
  * Sets a key
  *
@@ -235,16 +300,28 @@ LoRaMacCryptoStatus_t LoRaMacCryptoSecureMessage( uint32_t fCntUp, uint8_t txDr,
 LoRaMacCryptoStatus_t LoRaMacCryptoUnsecureMessage( AddressIdentifier_t addrID, uint32_t address, FCntIdentifier_t fCntID, uint32_t fCntDown, LoRaMacMessageData_t* macMsg );
 
 /*!
- * Derives the McKEKey from the AppKey or NwkKey.
+ * Derives the McRootKey from the AppKey.
  *
- * McKEKey = aes128_encrypt(NwkKey or AppKey , nonce | DevEUI  | pad16)
+ * 1.0.x
+ * McRootKey = aes128_encrypt(AppKey, 0x00 | pad16)
  *
- * \param[IN]     keyID           - Key identifier of the root key to use to perform the derivation ( NwkKey or AppKey )
- * \param[IN]     nonce           - Nonce value ( nonce <= 15)
- * \param[IN]     devEUI          - DevEUI Value
+ * 1.1.x
+ * McRootKey = aes128_encrypt(AppKey, 0x20 | pad16)
+ *
+ * \param[IN]     keyID           - Key identifier of the root key to use to perform the derivation ( AppKey )
  * \retval                        - Status of the operation
  */
-LoRaMacCryptoStatus_t LoRaMacCryptoDeriveMcKEKey( KeyIdentifier_t keyID, uint16_t nonce, uint8_t* devEUI );
+LoRaMacCryptoStatus_t LoRaMacCryptoDeriveMcRootKey( KeyIdentifier_t keyID );
+
+/*!
+ * Derives the McKEKey from the McRootKey.
+ *
+ * McKEKey = aes128_encrypt(McRootKey , 0x00  | pad16)
+ *
+ * \param[IN]     keyID           - Key identifier of the root key to use to perform the derivation ( McRootKey )
+ * \retval                        - Status of the operation
+ */
+LoRaMacCryptoStatus_t LoRaMacCryptoDeriveMcKEKey( KeyIdentifier_t keyID );
 
 /*!
  * Derives a Multicast group key pair ( McAppSKey, McNwkSKey ) from McKey
@@ -260,4 +337,8 @@ LoRaMacCryptoStatus_t LoRaMacCryptoDeriveMcSessionKeyPair( AddressIdentifier_t a
 
 /*! \} addtogroup LORAMAC */
 
+#ifdef __cplusplus
+}
+#endif
+
 #endif // __LORAMAC_CRYPTO_H__