feat(pairing) add max payload size to session and save accordingly

Signed-off-by: Eddy Babetto <eddy.babetto@secomind.com>

Author: eddbbt

apps/astarte_housekeeping/lib/astarte_housekeeping/realms/queries.ex

@@ -575,6 +575,7 @@ defmodule Astarte.Housekeeping.Realms.Queries do
       prove_dv_nonce blob,
       kex_suite_name ascii,
       cipher_suite_name int,
+      max_service_info int,
       owner_random blob,
       secret blob,
       sevk blob,

apps/astarte_housekeeping/priv/migrations/realm/0010_create_device_session_table.sql

@@ -7,6 +7,7 @@ CREATE TABLE :keyspace.to2_sessions (
   prove_dv_nonce blob,
   kex_suite_name ascii,
   cipher_suite_name int,
+  max_service_info int,
   owner_random blob,
   secret blob,
   sevk blob,

apps/astarte_pairing/lib/astarte_pairing/fdo/owner_onboarding/session.ex

@@ -40,6 +40,7 @@ defmodule Astarte.Pairing.FDO.OwnerOnboarding.Session do
     field :sevk, struct() | nil
     field :svk, struct() | nil
     field :sek, struct() | nil
+    field :max_service_info, integer() | nil
   end
 
   def new(realm_name, hello_device, ownership_voucher, owner_key) do
@@ -144,7 +145,8 @@ defmodule Astarte.Pairing.FDO.OwnerOnboarding.Session do
         secret: secret,
         sevk: sevk,
         svk: svk,
-        sek: sek
+        sek: sek,
+        max_service_info: max_service_info
       } = database_session
 
       session = %Session{
@@ -158,7 +160,8 @@ defmodule Astarte.Pairing.FDO.OwnerOnboarding.Session do
         secret: secret,
         sevk: SessionKey.from_db(sevk),
         svk: SessionKey.from_db(svk),
-        sek: SessionKey.from_db(sek)
+        sek: SessionKey.from_db(sek),
+        max_service_info: max_service_info
       }
 
       {:ok, session}

apps/astarte_pairing/lib/astarte_pairing/fdo/service_info.ex

@@ -19,19 +19,23 @@
 defmodule Astarte.Pairing.FDO.ServiceInfo do
   alias Astarte.Pairing.FDO.OwnershipVoucher
   alias Astarte.Pairing.FDO.OwnerOnboarding.DeviceServiceInfoReady
+  alias Astarte.Pairing.Queries
 
   @owner_max_service_info 4096
 
   def handle_msg_66(
+        realm_name,
+        session_key,
         %DeviceServiceInfoReady{
           replacement_hmac: replacement_hmac,
-          max_owner_service_info_sz: _device_max_size
+          max_owner_service_info_sz: device_max_size
         },
         %OwnershipVoucher{} = old_voucher
       ) do
     with {:ok, _new_voucher} <-
-           OwnershipVoucher.generate_replacement_voucher(old_voucher, replacement_hmac) do
-      # TODO: Store `new_voucher` and `device_max_size` in the Session or DB.
+           OwnershipVoucher.generate_replacement_voucher(old_voucher, replacement_hmac),
+         :ok <- Queries.update_session_max_payload(realm_name, session_key, device_max_size) do
+      # TODO: Store `new_voucher` into DB.
 
       msg_67_payload = [@owner_max_service_info]
 
@@ -43,13 +47,17 @@ defmodule Astarte.Pairing.FDO.ServiceInfo do
   end
 
   def handle_msg_66(
+        _,
+        _,
         %DeviceServiceInfoReady{},
         _
       ) do
     {:error, :invalid_device_voucher}
   end
 
   def handle_msg_66(
+        _,
+        _,
         _,
         %OwnershipVoucher{}
       ) do

apps/astarte_pairing/lib/astarte_pairing/queries.ex

@@ -293,6 +293,11 @@ defmodule Astarte.Pairing.Queries do
     end
   end
 
+  def update_session_max_payload(realm_name, session_key, size) do
+    updates = [max_service_info: size]
+    update_session(realm_name, session_key, updates)
+  end
+
   def add_session_secret(realm_name, session_key, secret) do
     updates = [secret: secret]
     update_session(realm_name, session_key, updates)

apps/astarte_pairing/test/astarte_pairing/fdo/service_info_test.ex

@@ -17,18 +17,40 @@
 #
 
 defmodule Astarte.Pairing.FDO.ServiceInfoTest do
-  use ExUnit.Case
+  use Astarte.Cases.Data, async: true
+  use Astarte.Cases.Device
   doctest Astarte.Pairing.FDO.ServiceInfo
 
   alias Astarte.Pairing.FDO.ServiceInfo
   alias Astarte.Pairing.FDO.OwnerOnboarding.DeviceServiceInfoReady
+  alias Astarte.Pairing.FDO.OwnerOnboarding.HelloDevice
+  alias Astarte.Pairing.FDO.OwnerOnboarding.SessionKey
   alias Astarte.Pairing.FDO.OwnershipVoucher
   alias COSE.Messages.Encrypt0
+  alias Astarte.Pairing.FDO.OwnerOnboarding.Session
   alias COSE.Keys
+  import Astarte.Helpers.FDO
 
   @owner_max_service_info 4096
   @aes_256_gcm :aes_256_gcm
 
+  setup_all do
+    hello_device = HelloDevice.generate()
+    ownership_voucher = sample_ownership_voucher()
+    owner_key = sample_extracted_private_key()
+    device_key = COSE.Keys.ECC.generate(:es256)
+    {:ok, device_random, xb} = SessionKey.new(hello_device.kex_name, device_key)
+
+    %{
+      hello_device: hello_device,
+      ownership_voucher: ownership_voucher,
+      owner_key: owner_key,
+      device_key: device_key,
+      device_random: device_random,
+      xb: xb
+    }
+  end
+
   setup do
     header_list = [
       # prot_ver
@@ -60,13 +82,22 @@ defmodule Astarte.Pairing.FDO.ServiceInfoTest do
 
   describe "handle_msg_66/4" do
     test "successfully processes Msg 66, creates new voucher, and returns Msg 67", %{
+      realm: realm_name,
+      hello_device: hello_device,
+      owner_key: owner_key,
+      ownership_voucher: ownership_voucher,
       old_voucher: old_voucher
     } do
+      {:ok, session} =
+        Session.new(realm_name, hello_device, ownership_voucher, owner_key)
+
       new_hmac = :crypto.strong_rand_bytes(32)
       device_max_size = 2048
 
       assert {:ok, result_msg_67} =
                ServiceInfo.handle_msg_66(
+                 realm_name,
+                 session.key,
                  %DeviceServiceInfoReady{
                    replacement_hmac: new_hmac,
                    max_owner_service_info_sz: device_max_size
@@ -78,10 +109,19 @@ defmodule Astarte.Pairing.FDO.ServiceInfoTest do
     end
 
     test "handles Credential Reuse (nil HMAC) correctly", %{
+      realm: realm_name,
+      hello_device: hello_device,
+      owner_key: owner_key,
+      ownership_voucher: ownership_voucher,
       old_voucher: old_voucher
     } do
+      {:ok, session} =
+        Session.new(realm_name, hello_device, ownership_voucher, owner_key)
+
       assert {:ok, _result} =
                ServiceInfo.handle_msg_66(
+                 realm_name,
+                 session.key,
                  %DeviceServiceInfoReady{
                    replacement_hmac: nil,
                    max_owner_service_info_sz: 2048
@@ -91,20 +131,37 @@ defmodule Astarte.Pairing.FDO.ServiceInfoTest do
     end
 
     test "returns error if inner CBOR payload is malformed", %{
+      realm: realm_name,
+      hello_device: hello_device,
+      owner_key: owner_key,
+      ownership_voucher: ownership_voucher,
       old_voucher: old_voucher
     } do
+      {:ok, session} =
+        Session.new(realm_name, hello_device, ownership_voucher, owner_key)
+
       malformed_payload = "not_a_valid_payload"
 
-      result = ServiceInfo.handle_msg_66(malformed_payload, old_voucher)
+      result = ServiceInfo.handle_msg_66(realm_name, session.key, malformed_payload, old_voucher)
 
       assert {:error, :invalid_payload} = result
     end
 
-    test "returns error if old voucher is invalid" do
+    test "returns error if old voucher is invalid", %{
+      realm: realm_name,
+      hello_device: hello_device,
+      owner_key: owner_key,
+      ownership_voucher: ownership_voucher
+    } do
       invalid_voucher = CBOR.encode("not a voucher")
 
+      {:ok, session} =
+        Session.new(realm_name, hello_device, ownership_voucher, owner_key)
+
       result =
         ServiceInfo.handle_msg_66(
+          realm_name,
+          session.key,
           %DeviceServiceInfoReady{
             replacement_hmac: :crypto.strong_rand_bytes(32),
             max_owner_service_info_sz: 1024

apps/astarte_pairing/test/support/helpers/database.ex

@@ -94,6 +94,7 @@ defmodule Astarte.Helpers.Database do
     prove_dv_nonce blob,
     kex_suite_name ascii,
     cipher_suite_name int,
+    max_service_info int,
     owner_random blob,
     secret blob,
     sevk blob,

libs/astarte_data_access/lib/astarte_data_access/fdo/to2_session.ex

@@ -52,5 +52,6 @@ defmodule Astarte.DataAccess.FDO.TO2Session do
     field :sevk, :binary
     field :svk, :binary
     field :sek, :binary
+    field :max_service_info, :integer 
   end
 end