Fix uplink FCnt security issue.

brocaar · brocaar · commit 1fd785518503 · 2016-12-01T19:20:47.000+01:00
diff --git a/cmd/loraserver/main.go b/cmd/loraserver/main.go
@@ -217,12 +217,12 @@ func mustGetTransportCredentials(tlsCert, tlsKey, caCert string, verifyClientCer
 			RootCAs:      caCertPool,
 			ClientAuth:   tls.RequireAndVerifyClientCert,
 		})
-	} else {
-		return credentials.NewTLS(&tls.Config{
-			Certificates: []tls.Certificate{cert},
-			RootCAs:      caCertPool,
-		})
 	}
+
+	return credentials.NewTLS(&tls.Config{
+		Certificates: []tls.Certificate{cert},
+		RootCAs:      caCertPool,
+	})
 }
 
 func main() {
diff --git a/docs/changelog.md b/docs/changelog.md
@@ -1,5 +1,14 @@
 # Changelog
 
+## 0.12.5
+
+**Security:**
+
+* This release fixes a `FCnt` related security issue. Instead of keeping the
+  uplink `FCnt` value in sync with the `FCnt` of the uplink transmission, it
+  is incremented (uplink `FCnt + 1`) after it has been processed by
+  LoRa Server.
+
 ## 0.12.4
 
 * Fix regression that caused a FCnt roll-over to result in an invalid MIC
diff --git a/internal/session/session_test.go b/internal/session/session_test.go
@@ -81,9 +81,9 @@ func TestNodeSession(t *testing.T) {
 					FullFCnt   uint32
 					Valid      bool
 				}{
-					{0, 1, 1, true},                                                               // ideal case counter was incremented
-					{1, 1, 1, true},                                                               // re-transmission
-					{2, 1, 0, false},                                                              // old packet received
+					{0, 1, 1, true},                                                               // one packet was lost
+					{1, 1, 1, true},                                                               // ideal case, the FCnt has the expected value
+					{2, 1, 0, false},                                                              // old packet received or re-transmission
 					{0, common.Band.MaxFCntGap, 0, false},                                         // gap should be less than MaxFCntGap
 					{0, common.Band.MaxFCntGap - 1, common.Band.MaxFCntGap - 1, true},             // gap is exactly within the allowed MaxFCntGap
 					{65536, common.Band.MaxFCntGap - 1, common.Band.MaxFCntGap - 1 + 65536, true}, // roll-over happened, gap ix exactly within allowed MaxFCntGap
diff --git a/internal/testsuite/uplink_test.go b/internal/testsuite/uplink_test.go
@@ -413,7 +413,7 @@ func TestUplinkScenarios(t *testing.T) {
 					ExpectedControllerHandleRXInfo:  expectedControllerHandleRXInfo,
 					ExpectedApplicationHandleDataUp: expectedApplicationPushDataUpNoData,
 					ExpectedApplicationGetDataDown:  expectedGetDataDown,
-					ExpectedFCntUp:                  0,
+					ExpectedFCntUp:                  1,
 					ExpectedFCntDown:                0,
 				},
 			}
@@ -446,7 +446,7 @@ func TestUplinkScenarios(t *testing.T) {
 					ExpectedControllerHandleRXInfo:  expectedControllerHandleRXInfo,
 					ExpectedApplicationHandleDataUp: expectedApplicationPushDataUp,
 					ExpectedApplicationGetDataDown:  expectedGetDataDown,
-					ExpectedFCntUp:                  10,
+					ExpectedFCntUp:                  11,
 					ExpectedFCntDown:                5,
 				},
 				{
@@ -470,7 +470,7 @@ func TestUplinkScenarios(t *testing.T) {
 					ExpectedControllerHandleRXInfo:  expectedControllerHandleRXInfo,
 					ExpectedApplicationHandleDataUp: expectedApplicationPushDataUpNoData,
 					ExpectedApplicationGetDataDown:  expectedGetDataDown,
-					ExpectedFCntUp:                  10,
+					ExpectedFCntUp:                  11,
 					ExpectedFCntDown:                5,
 				},
 				{
@@ -516,7 +516,7 @@ func TestUplinkScenarios(t *testing.T) {
 							},
 						},
 					},
-					ExpectedFCntUp:   10,
+					ExpectedFCntUp:   11,
 					ExpectedFCntDown: 6,
 				},
 				{
@@ -561,7 +561,7 @@ func TestUplinkScenarios(t *testing.T) {
 							},
 						},
 					},
-					ExpectedFCntUp:   10,
+					ExpectedFCntUp:   11,
 					ExpectedFCntDown: 6,
 				},
 				{
@@ -606,7 +606,7 @@ func TestUplinkScenarios(t *testing.T) {
 							},
 						},
 					},
-					ExpectedFCntUp:   10,
+					ExpectedFCntUp:   11,
 					ExpectedFCntDown: 6,
 				},
 				{
@@ -656,7 +656,7 @@ func TestUplinkScenarios(t *testing.T) {
 							},
 						},
 					},
-					ExpectedFCntUp:   10,
+					ExpectedFCntUp:   11,
 					ExpectedFCntDown: 6,
 				},
 				{
@@ -701,7 +701,7 @@ func TestUplinkScenarios(t *testing.T) {
 							},
 						},
 					},
-					ExpectedFCntUp:   10,
+					ExpectedFCntUp:   11,
 					ExpectedFCntDown: 6,
 				},
 				{
@@ -731,7 +731,7 @@ func TestUplinkScenarios(t *testing.T) {
 						{AppEUI: ns.AppEUI[:], DevEUI: ns.DevEUI[:], Data: []byte{2}},
 						{AppEUI: ns.AppEUI[:], DevEUI: ns.DevEUI[:], Data: []byte{3, 1}},
 					},
-					ExpectedFCntUp:   10,
+					ExpectedFCntUp:   11,
 					ExpectedFCntDown: 5,
 				},
 				{
@@ -763,7 +763,7 @@ func TestUplinkScenarios(t *testing.T) {
 						{AppEUI: ns.AppEUI[:], DevEUI: ns.DevEUI[:], FrmPayload: true, Data: []byte{2}},
 						{AppEUI: ns.AppEUI[:], DevEUI: ns.DevEUI[:], FrmPayload: true, Data: []byte{3, 1}},
 					},
-					ExpectedFCntUp:   10,
+					ExpectedFCntUp:   11,
 					ExpectedFCntDown: 5,
 				},
 				{
@@ -788,7 +788,7 @@ func TestUplinkScenarios(t *testing.T) {
 					ExpectedControllerHandleRXInfo:  expectedControllerHandleRXInfo,
 					ExpectedApplicationHandleDataUp: expectedApplicationPushDataUpFCntRollOver,
 					ExpectedApplicationGetDataDown:  expectedGetDataDown,
-					ExpectedFCntUp:                  65536,
+					ExpectedFCntUp:                  65537,
 					ExpectedFCntDown:                5,
 				},
 			}
@@ -848,7 +848,7 @@ func TestUplinkScenarios(t *testing.T) {
 							},
 						},
 					},
-					ExpectedFCntUp:   10,
+					ExpectedFCntUp:   11,
 					ExpectedFCntDown: 6,
 				},
 				{
@@ -907,7 +907,7 @@ func TestUplinkScenarios(t *testing.T) {
 							},
 						},
 					},
-					ExpectedFCntUp:   10,
+					ExpectedFCntUp:   11,
 					ExpectedFCntDown: 6,
 				},
 				{
@@ -960,7 +960,7 @@ func TestUplinkScenarios(t *testing.T) {
 							},
 						},
 					},
-					ExpectedFCntUp:   10,
+					ExpectedFCntUp:   11,
 					ExpectedFCntDown: 6,
 				},
 				{
@@ -1022,7 +1022,7 @@ func TestUplinkScenarios(t *testing.T) {
 						{DevEUI: ns.DevEUI, FRMPayload: true, Data: []byte{6}},
 						{DevEUI: ns.DevEUI, FRMPayload: true, Data: []byte{8, 3}},
 					},
-					ExpectedFCntUp:   10,
+					ExpectedFCntUp:   11,
 					ExpectedFCntDown: 6,
 				},
 				{
@@ -1096,7 +1096,7 @@ func TestUplinkScenarios(t *testing.T) {
 					ExpectedTXMACPayloadQueue: []queue.MACPayload{
 						{DevEUI: ns.DevEUI, Data: []byte{2, 10, 6}},
 					},
-					ExpectedFCntUp:   10,
+					ExpectedFCntUp:   11,
 					ExpectedFCntDown: 6,
 				},
 			}
@@ -1155,7 +1155,7 @@ func TestUplinkScenarios(t *testing.T) {
 							},
 						},
 					},
-					ExpectedFCntUp:   10,
+					ExpectedFCntUp:   11,
 					ExpectedFCntDown: 6,
 				},
 				{
@@ -1209,7 +1209,7 @@ func TestUplinkScenarios(t *testing.T) {
 							},
 						},
 					},
-					ExpectedFCntUp:   10,
+					ExpectedFCntUp:   11,
 					ExpectedFCntDown: 6,
 				},
 				{
@@ -1260,7 +1260,7 @@ func TestUplinkScenarios(t *testing.T) {
 							},
 						},
 					},
-					ExpectedFCntUp:   10,
+					ExpectedFCntUp:   11,
 					ExpectedFCntDown: 5, // will be incremented after the node ACKs the frame
 				},
 				{
@@ -1288,7 +1288,7 @@ func TestUplinkScenarios(t *testing.T) {
 					ExpectedControllerHandleRXInfo:  expectedControllerHandleRXInfo,
 					ExpectedApplicationHandleDataUp: expectedApplicationPushDataUpNoData,
 					ExpectedApplicationGetDataDown:  expectedGetDataDown,
-					ExpectedFCntUp:                  10,
+					ExpectedFCntUp:                  11,
 					ExpectedFCntDown:                5, // payload has been discarded, nothing to transmit
 				},
 				{
@@ -1344,7 +1344,7 @@ func TestUplinkScenarios(t *testing.T) {
 							},
 						},
 					},
-					ExpectedFCntUp:                 10,
+					ExpectedFCntUp:                 11,
 					ExpectedFCntDown:               6,
 					ExpectedApplicationGetDataDown: expectedGetDataDown,
 					ExpectedTXMACPayloadQueue: []queue.MACPayload{
diff --git a/internal/uplink/data.go b/internal/uplink/data.go
@@ -173,8 +173,8 @@ func handleCollectedDataUpPackets(ctx common.Context, rxPacket models.RXPacket)
 		}
 	}
 
-	// sync counter with that of the device
-	ns.FCntUp = macPL.FHDR.FCnt
+	// sync counter with that of the device + 1
+	ns.FCntUp = macPL.FHDR.FCnt + 1
 	if err := session.SaveNodeSession(ctx.RedisPool, ns); err != nil {
 		return err
 	}
diff --git a/mkdocs.yml b/mkdocs.yml
@@ -15,7 +15,7 @@ pages:
   - changelog.md
 
 extra:
-  version: '0.12.4'
+  version: '0.12.5'
   github:
     download_release: true
 

Original file line number	Diff line number	Diff line change
`@@ -173,8 +173,8 @@ func handleCollectedDataUpPackets(ctx common.Context, rxPacket models.RXPacket)`
`173`	`173`	`}`
`174`	`174`	`}`
`175`	`175`
`176`		`- // sync counter with that of the device`
`177`		`- ns.FCntUp = macPL.FHDR.FCnt`
	`176`	`+ // sync counter with that of the device + 1`
	`177`	`+ ns.FCntUp = macPL.FHDR.FCnt + 1`
`178`	`178`	`if err := session.SaveNodeSession(ctx.RedisPool, ns); err != nil {`
`179`	`179`	`return err`
`180`	`180`	`}`