Update LoRaMac-node to Version 4.4.4，fix Security breach found by Tencent Blade Team please refer to security advisory - CVE-2020-11068

fix Security breach found by Tencent Blade Team please refer to security advisory - CVE-2020-11068
2020-05-29 11:59:05 +08:00
parent 5d9895cecc
commit f9bd2588a2
137 changed files with 10401 additions and 4328 deletions
--- a/components/connectivity/LoraWAN/mac/secure-element.h
+++ b/components/connectivity/LoraWAN/mac/secure-element.h
@@ -30,13 +30,37 @@
 *
 * \author    Johannes Bruder ( STACKFORCE )
 *
+ * \defgroup  SECUREELEMENT Secure Element API Definition
+ *
+ * \{
+ *
 */
 #ifndef __SECURE_ELEMENT_H__
 #define __SECURE_ELEMENT_H__

+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
 #include <stdint.h>
 #include "LoRaMacCrypto.h"

+/*!
+ * Secure-element keys size in bytes
+ */
+#define SE_KEY_SIZE             16
+
+/*!
+ * Secure-element EUI size in bytes
+ */
+#define SE_EUI_SIZE             8
+
+/*!
+ * Secure-element pin size in bytes
+ */
+#define SE_PIN_SIZE             4
+
 /*!
 * Return values.
 */
@@ -70,6 +94,10 @@ typedef enum eSecureElementStatus
     * Undefined Error occurred
     */
    SECURE_ELEMENT_ERROR,
+    /*!
+     * Failed to encrypt
+     */
+    SECURE_ELEMENT_FAIL_ENCRYPT,
 }SecureElementStatus_t;

 /*!
@@ -77,7 +105,7 @@ typedef enum eSecureElementStatus
 * non volatile context have to be stored.
 *
 */
-typedef void ( *EventNvmCtxChanged )( void );
+typedef void ( *SecureElementNvmEvent )( void );

 /*!
 * Initialization of Secure Element driver
@@ -86,7 +114,7 @@ typedef void ( *EventNvmCtxChanged )( void );
 *                                            non-volatile context have to be stored.
 * \retval                                  - Status of the operation
 */
-SecureElementStatus_t SecureElementInit( EventNvmCtxChanged seNvmCtxChanged );
+SecureElementStatus_t SecureElementInit( SecureElementNvmEvent seNvmCtxChanged );

 /*!
 * Restores the internal nvm context from passed pointer.
@@ -114,15 +142,16 @@ void* SecureElementGetNvmCtx( size_t* seNvmCtxSize );
 SecureElementStatus_t SecureElementSetKey( KeyIdentifier_t keyID, uint8_t* key );

 /*!
- * Computes a CMAC
+ * Computes a CMAC of a message using provided initial Bx block
 *
+ * \param[IN]  micBxBuffer    - Buffer containing the initial Bx block
 * \param[IN]  buffer         - Data buffer
 * \param[IN]  size           - Data buffer size
 * \param[IN]  keyID          - Key identifier to determine the AES key to be used
 * \param[OUT] cmac           - Computed cmac
 * \retval                    - Status of the operation
 */
-SecureElementStatus_t SecureElementComputeAesCmac( uint8_t* buffer, uint16_t size, KeyIdentifier_t keyID, uint32_t* cmac );
+SecureElementStatus_t SecureElementComputeAesCmac( uint8_t* micBxBuffer, uint8_t* buffer, uint16_t size, KeyIdentifier_t keyID, uint32_t* cmac );

 /*!
 * Verifies a CMAC (computes and compare with expected cmac)
@@ -157,6 +186,22 @@ SecureElementStatus_t SecureElementAesEncrypt( uint8_t* buffer, uint16_t size, K
 */
 SecureElementStatus_t SecureElementDeriveAndStoreKey( Version_t version, uint8_t* input, KeyIdentifier_t rootKeyID, KeyIdentifier_t targetKeyID );

+/*!
+ * Process JoinAccept message.
+ *
+ * \param[IN]  encJoinAccept     - Received encrypted JoinAccept message
+ * \param[IN]  encJoinAcceptSize - Received encrypted JoinAccept message Size
+ * \param[OUT] decJoinAccept     - Decrypted and validated JoinAccept message
+ * \param[OUT] versionMinor      - Detected LoRaWAN specification version minor field.
+ *                                     - 0 -> LoRaWAN 1.0.x
+ *                                     - 1 -> LoRaWAN 1.1.x
+ * \retval                       - Status of the operation
+ */
+SecureElementStatus_t SecureElementProcessJoinAccept( JoinReqIdentifier_t joinReqType, uint8_t* joinEui,
+                                                      uint16_t devNonce, uint8_t* encJoinAccept,
+                                                      uint8_t encJoinAcceptSize, uint8_t* decJoinAccept,
+                                                      uint8_t* versionMinor );
+
 /*!
 * Generates a random number
 *
@@ -165,4 +210,55 @@ SecureElementStatus_t SecureElementDeriveAndStoreKey( Version_t version, uint8_t
 */
 SecureElementStatus_t SecureElementRandomNumber( uint32_t* randomNum );

+/*!
+ * Sets the DevEUI
+ *
+ * \param[IN] devEui          - Pointer to the 8-byte devEUI
+ * \retval                    - Status of the operation
+ */
+SecureElementStatus_t SecureElementSetDevEui( uint8_t* devEui );
+
+/*!
+ * Gets the DevEUI
+ *
+ * \retval                    - Pointer to the 8-byte devEUI
+ */
+uint8_t* SecureElementGetDevEui( void );
+
+/*!
+ * Sets the JoinEUI
+ *
+ * \param[IN] joinEui         - Pointer to the 8-byte joinEui
+ * \retval                    - Status of the operation
+ */
+SecureElementStatus_t SecureElementSetJoinEui( uint8_t* joinEui );
+
+/*!
+ * Gets the DevEUI
+ *
+ * \retval                    - Pointer to the 8-byte joinEui
+ */
+uint8_t* SecureElementGetJoinEui( void );
+
+/*!
+ * Sets the pin
+ *
+ * \param[IN] pin             - Pointer to the 4-byte pin
+ * \retval                    - Status of the operation
+ */
+SecureElementStatus_t SecureElementSetPin( uint8_t* pin );
+
+/*!
+ * Gets the Pin
+ *
+ * \retval                    - Pointer to the 4-byte pin
+ */
+uint8_t* SecureElementGetPin( void );
+
+/*! \} defgroup SECUREELEMENT */
+
+#ifdef __cplusplus
+}
+#endif
+
 #endif //  __SECURE_ELEMENT_H__