1 /* 2 * Copyright (C) 2014 BlueKitchen GmbH 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the copyright holders nor the names of 14 * contributors may be used to endorse or promote products derived 15 * from this software without specific prior written permission. 16 * 4. Any redistribution, use, or modification is done solely for 17 * personal benefit and not for any commercial purpose or for 18 * monetary gain. 19 * 20 * THIS SOFTWARE IS PROVIDED BY BLUEKITCHEN GMBH AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MATTHIAS 24 * RINGWALD OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 26 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 27 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 28 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 29 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 30 * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * Please inquire about commercial licensing options at 34 * [email protected] 35 * 36 */ 37 38 #define __BTSTACK_FILE__ "mesh_transport.c" 39 40 #include <stdio.h> 41 #include <stdlib.h> 42 #include <string.h> 43 #include "mesh/beacon.h" 44 #include "mesh/mesh_lower_transport.h" 45 #include "mesh/mesh_upper_transport.h" 46 #include "btstack_util.h" 47 #include "btstack_memory.h" 48 #include "mesh_peer.h" 49 #include "mesh_keys.h" 50 #include "mesh_virtual_addresses.h" 51 52 static uint16_t primary_element_address; 53 54 static void (*higher_layer_handler)( mesh_transport_callback_type_t callback_type, mesh_transport_status_t status, mesh_pdu_t * pdu); 55 56 static void mesh_print_hex(const char * name, const uint8_t * data, uint16_t len){ 57 printf("%-20s ", name); 58 printf_hexdump(data, len); 59 } 60 // static void mesh_print_x(const char * name, uint32_t value){ 61 // printf("%20s: 0x%x", name, (int) value); 62 // } 63 64 65 // combined key x address iterator for upper transport decryption 66 67 typedef struct { 68 // state 69 mesh_transport_key_iterator_t key_it; 70 mesh_virtual_address_iterator_t address_it; 71 // elements 72 const mesh_transport_key_t * key; 73 const mesh_virtual_address_t * address; 74 // address - might be virtual 75 uint16_t dst; 76 // key info 77 } mesh_transport_key_and_virtual_address_iterator_t; 78 79 static void mesh_transport_key_and_virtual_address_iterator_init(mesh_transport_key_and_virtual_address_iterator_t *it, 80 uint16_t dst, uint16_t netkey_index, uint8_t akf, 81 uint8_t aid) { 82 printf("KEY_INIT: dst %04x, akf %x, aid %x\n", dst, akf, aid); 83 // config 84 it->dst = dst; 85 // init elements 86 it->key = NULL; 87 it->address = NULL; 88 // init element iterators 89 mesh_transport_key_aid_iterator_init(&it->key_it, netkey_index, akf, aid); 90 // init address iterator 91 if (mesh_network_address_virtual(it->dst)){ 92 mesh_virtual_address_iterator_init(&it->address_it, dst); 93 // get first key 94 if (mesh_transport_key_aid_iterator_has_more(&it->key_it)) { 95 it->key = mesh_transport_key_aid_iterator_get_next(&it->key_it); 96 } 97 } 98 } 99 100 // cartesian product: keys x addressses 101 static int mesh_transport_key_and_virtual_address_iterator_has_more(mesh_transport_key_and_virtual_address_iterator_t * it){ 102 if (mesh_network_address_virtual(it->dst)) { 103 // find next valid entry 104 while (1){ 105 if (mesh_virtual_address_iterator_has_more(&it->address_it)) return 1; 106 if (!mesh_transport_key_aid_iterator_has_more(&it->key_it)) return 0; 107 // get next key 108 it->key = mesh_transport_key_aid_iterator_get_next(&it->key_it); 109 mesh_virtual_address_iterator_init(&it->address_it, it->dst); 110 } 111 } else { 112 return mesh_transport_key_aid_iterator_has_more(&it->key_it); 113 } 114 } 115 116 static void mesh_transport_key_and_virtual_address_iterator_next(mesh_transport_key_and_virtual_address_iterator_t * it){ 117 if (mesh_network_address_virtual(it->dst)) { 118 it->address = mesh_virtual_address_iterator_get_next(&it->address_it); 119 } else { 120 it->key = mesh_transport_key_aid_iterator_get_next(&it->key_it); 121 } 122 } 123 124 // UPPER TRANSPORT 125 126 // stub lower transport 127 128 static void mesh_upper_transport_validate_unsegmented_message(mesh_network_pdu_t * network_pdu); 129 static void mesh_upper_transport_validate_segmented_message(mesh_transport_pdu_t * transport_pdu); 130 131 static void mesh_transport_run(void); 132 133 static int crypto_active; 134 static mesh_network_pdu_t * network_pdu_in_validation; 135 static mesh_transport_pdu_t * transport_pdu_in_validation; 136 static uint8_t application_nonce[13]; 137 static btstack_crypto_ccm_t ccm; 138 static mesh_transport_key_and_virtual_address_iterator_t mesh_transport_key_it; 139 140 // upper transport callbacks - in access layer 141 static void (*mesh_access_message_handler)(mesh_pdu_t * pdu); 142 static void (*mesh_control_message_handler)(mesh_pdu_t * pdu); 143 144 // unsegmented (network) and segmented (transport) control and access messages 145 static btstack_linked_list_t upper_transport_incoming; 146 147 148 void mesh_upper_unsegmented_control_message_received(mesh_network_pdu_t * network_pdu){ 149 uint8_t * lower_transport_pdu = mesh_network_pdu_data(network_pdu); 150 uint8_t opcode = lower_transport_pdu[0]; 151 if (mesh_control_message_handler){ 152 mesh_control_message_handler((mesh_pdu_t*) network_pdu); 153 } else { 154 printf("[!] Unhandled Control message with opcode %02x\n", opcode); 155 // done 156 mesh_lower_transport_message_processed_by_higher_layer((mesh_pdu_t *) network_pdu); 157 } 158 } 159 160 static void mesh_upper_transport_process_unsegmented_message_done(mesh_network_pdu_t *network_pdu){ 161 crypto_active = 0; 162 if (mesh_network_control(network_pdu)) { 163 mesh_lower_transport_message_processed_by_higher_layer((mesh_pdu_t *) network_pdu); 164 } else { 165 mesh_network_pdu_free(network_pdu); 166 mesh_lower_transport_message_processed_by_higher_layer((mesh_pdu_t *) network_pdu_in_validation); 167 network_pdu_in_validation = NULL; 168 } 169 mesh_transport_run(); 170 } 171 172 static void mesh_upper_transport_process_segmented_message_done(mesh_transport_pdu_t *transport_pdu){ 173 crypto_active = 0; 174 if (mesh_transport_ctl(transport_pdu)) { 175 mesh_lower_transport_message_processed_by_higher_layer((mesh_pdu_t *)transport_pdu); 176 } else { 177 mesh_transport_pdu_free(transport_pdu); 178 mesh_lower_transport_message_processed_by_higher_layer((mesh_pdu_t *)transport_pdu_in_validation); 179 transport_pdu_in_validation = NULL; 180 } 181 mesh_transport_run(); 182 } 183 184 static uint32_t iv_index_for_ivi_nid(uint8_t ivi_nid){ 185 // get IV Index and IVI 186 uint32_t iv_index = mesh_get_iv_index(); 187 int ivi = ivi_nid >> 7; 188 189 // if least significant bit differs, use previous IV Index 190 if ((iv_index & 1 ) ^ ivi){ 191 iv_index--; 192 } 193 return iv_index; 194 } 195 196 static void transport_unsegmented_setup_nonce(uint8_t * nonce, const mesh_network_pdu_t * network_pdu){ 197 nonce[1] = 0x00; // SZMIC if a Segmented Access message or 0 for all other message formats 198 memcpy(&nonce[2], &network_pdu->data[2], 7); 199 big_endian_store_32(nonce, 9, iv_index_for_ivi_nid(network_pdu->data[0])); 200 } 201 202 static void transport_segmented_setup_nonce(uint8_t * nonce, const mesh_transport_pdu_t * transport_pdu){ 203 nonce[1] = transport_pdu->transmic_len == 8 ? 0x80 : 0x00; 204 memcpy(&nonce[2], &transport_pdu->network_header[2], 7); 205 big_endian_store_32(nonce, 9, iv_index_for_ivi_nid(transport_pdu->network_header[0])); 206 } 207 208 static void transport_unsegmented_setup_application_nonce(uint8_t * nonce, const mesh_network_pdu_t * network_pdu){ 209 nonce[0] = 0x01; 210 transport_unsegmented_setup_nonce(nonce, network_pdu); 211 mesh_print_hex("AppNonce", nonce, 13); 212 } 213 214 static void transport_unsegmented_setup_device_nonce(uint8_t * nonce, const mesh_network_pdu_t * network_pdu){ 215 nonce[0] = 0x02; 216 transport_unsegmented_setup_nonce(nonce, network_pdu); 217 mesh_print_hex("DeviceNonce", nonce, 13); 218 } 219 220 static void transport_segmented_setup_application_nonce(uint8_t * nonce, const mesh_transport_pdu_t * transport_pdu){ 221 nonce[0] = 0x01; 222 transport_segmented_setup_nonce(nonce, transport_pdu); 223 mesh_print_hex("AppNonce", nonce, 13); 224 } 225 226 static void transport_segmented_setup_device_nonce(uint8_t * nonce, const mesh_transport_pdu_t * transport_pdu){ 227 nonce[0] = 0x02; 228 transport_segmented_setup_nonce(nonce, transport_pdu); 229 mesh_print_hex("DeviceNonce", nonce, 13); 230 } 231 232 static void mesh_upper_transport_validate_unsegmented_message_ccm(void * arg){ 233 mesh_network_pdu_t * network_pdu = (mesh_network_pdu_t *) arg; 234 235 uint8_t * lower_transport_pdu = mesh_network_pdu_data(network_pdu); 236 uint8_t trans_mic_len = 4; 237 238 // store TransMIC 239 uint8_t trans_mic[8]; 240 btstack_crypto_ccm_get_authentication_value(&ccm, trans_mic); 241 mesh_print_hex("TransMIC", trans_mic, trans_mic_len); 242 243 uint8_t * upper_transport_pdu = mesh_network_pdu_data(network_pdu) + 1; 244 uint8_t upper_transport_pdu_len = mesh_network_pdu_len(network_pdu) - 1; 245 246 mesh_print_hex("Decryted PDU", upper_transport_pdu, upper_transport_pdu_len - trans_mic_len); 247 248 if (memcmp(trans_mic, &upper_transport_pdu[upper_transport_pdu_len - trans_mic_len], trans_mic_len) == 0){ 249 printf("TransMIC matches\n"); 250 251 // remove TransMIC from payload 252 network_pdu->len -= trans_mic_len; 253 254 // if virtual address, update dst to pseudo_dst 255 if (mesh_network_address_virtual(mesh_network_dst(network_pdu))){ 256 big_endian_store_16(network_pdu->data, 7, mesh_transport_key_it.address->pseudo_dst); 257 } 258 259 // pass to upper layer 260 if (mesh_access_message_handler){ 261 mesh_access_message_handler((mesh_pdu_t*) network_pdu); 262 } else { 263 printf("[!] Unhandled Unsegmented Access message\n"); 264 // done 265 mesh_upper_transport_process_unsegmented_message_done(network_pdu); 266 } 267 268 printf("\n"); 269 } else { 270 uint8_t afk = lower_transport_pdu[0] & 0x40; 271 if (afk){ 272 printf("TransMIC does not match, try next key\n"); 273 mesh_upper_transport_validate_unsegmented_message(network_pdu); 274 } else { 275 printf("TransMIC does not match device key, done\n"); 276 // done 277 mesh_upper_transport_process_unsegmented_message_done(network_pdu); 278 } 279 } 280 } 281 282 static void mesh_upper_transport_validate_segmented_message_ccm(void * arg){ 283 mesh_transport_pdu_t * transport_pdu = (mesh_transport_pdu_t *) arg; 284 285 uint8_t * upper_transport_pdu = transport_pdu->data; 286 uint8_t upper_transport_pdu_len = transport_pdu->len - transport_pdu->transmic_len; 287 288 mesh_print_hex("Decrypted PDU", upper_transport_pdu, upper_transport_pdu_len); 289 290 // store TransMIC 291 uint8_t trans_mic[8]; 292 btstack_crypto_ccm_get_authentication_value(&ccm, trans_mic); 293 mesh_print_hex("TransMIC", trans_mic, transport_pdu->transmic_len); 294 295 if (memcmp(trans_mic, &upper_transport_pdu[upper_transport_pdu_len], transport_pdu->transmic_len) == 0){ 296 printf("TransMIC matches\n"); 297 298 // remove TransMIC from payload 299 transport_pdu->len -= transport_pdu->transmic_len; 300 301 // if virtual address, update dst to pseudo_dst 302 if (mesh_network_address_virtual(mesh_transport_dst(transport_pdu))){ 303 big_endian_store_16(transport_pdu->network_header, 7, mesh_transport_key_it.address->pseudo_dst); 304 } 305 306 // pass to upper layer 307 if (mesh_access_message_handler){ 308 mesh_access_message_handler((mesh_pdu_t*) transport_pdu); 309 } else { 310 printf("[!] Unhandled Segmented Access/Control message\n"); 311 // done 312 mesh_upper_transport_process_segmented_message_done(transport_pdu); 313 } 314 315 printf("\n"); 316 317 } else { 318 uint8_t akf = transport_pdu->akf_aid & 0x40; 319 if (akf){ 320 printf("TransMIC does not match, try next key\n"); 321 mesh_upper_transport_validate_segmented_message(transport_pdu); 322 } else { 323 printf("TransMIC does not match device key, done\n"); 324 // done 325 mesh_upper_transport_process_segmented_message_done(transport_pdu); 326 } 327 } 328 } 329 330 void mesh_upper_transport_message_processed_by_higher_layer(mesh_pdu_t * pdu){ 331 crypto_active = 0; 332 switch (pdu->pdu_type){ 333 case MESH_PDU_TYPE_NETWORK: 334 mesh_upper_transport_process_unsegmented_message_done((mesh_network_pdu_t *) pdu); 335 break; 336 case MESH_PDU_TYPE_TRANSPORT: 337 mesh_upper_transport_process_segmented_message_done((mesh_transport_pdu_t *) pdu); 338 break; 339 default: 340 break; 341 } 342 } 343 344 static void mesh_upper_transport_validate_segmented_message_digest(void * arg){ 345 mesh_transport_pdu_t * transport_pdu = (mesh_transport_pdu_t*) arg; 346 uint8_t upper_transport_pdu_len = transport_pdu_in_validation->len - transport_pdu_in_validation->transmic_len; 347 uint8_t * upper_transport_pdu_data_in = transport_pdu_in_validation->data; 348 uint8_t * upper_transport_pdu_data_out = transport_pdu->data; 349 btstack_crypto_ccm_decrypt_block(&ccm, upper_transport_pdu_len, upper_transport_pdu_data_in, upper_transport_pdu_data_out, &mesh_upper_transport_validate_segmented_message_ccm, transport_pdu); 350 } 351 352 static void mesh_upper_transport_validate_unsegmented_message_digest(void * arg){ 353 mesh_network_pdu_t * network_pdu = (mesh_network_pdu_t *) arg; 354 uint8_t trans_mic_len = 4; 355 uint8_t lower_transport_pdu_len = network_pdu_in_validation->len - 9; 356 uint8_t * upper_transport_pdu_data_in = &network_pdu_in_validation->data[10]; 357 uint8_t * upper_transport_pdu_data_out = &network_pdu->data[10]; 358 uint8_t upper_transport_pdu_len = lower_transport_pdu_len - 1 - trans_mic_len; 359 btstack_crypto_ccm_decrypt_block(&ccm, upper_transport_pdu_len, upper_transport_pdu_data_in, upper_transport_pdu_data_out, &mesh_upper_transport_validate_unsegmented_message_ccm, network_pdu); 360 } 361 362 static void mesh_upper_transport_validate_unsegmented_message(mesh_network_pdu_t * network_pdu){ 363 364 if (!mesh_transport_key_and_virtual_address_iterator_has_more(&mesh_transport_key_it)){ 365 printf("No valid transport key found\n"); 366 mesh_upper_transport_process_unsegmented_message_done(network_pdu); 367 return; 368 } 369 mesh_transport_key_and_virtual_address_iterator_next(&mesh_transport_key_it); 370 const mesh_transport_key_t * message_key = mesh_transport_key_it.key; 371 372 if (message_key->akf){ 373 transport_unsegmented_setup_application_nonce(application_nonce, network_pdu_in_validation); 374 } else { 375 transport_unsegmented_setup_device_nonce(application_nonce, network_pdu_in_validation); 376 } 377 378 // store application / device key index 379 mesh_print_hex("AppOrDevKey", message_key->key, 16); 380 network_pdu->appkey_index = message_key->appkey_index; 381 382 // unsegmented message have TransMIC of 32 bit 383 uint8_t trans_mic_len = 4; 384 printf("Unsegmented Access message with TransMIC len 4\n"); 385 386 uint8_t lower_transport_pdu_len = network_pdu_in_validation->len - 9; 387 uint8_t * upper_transport_pdu_data = &network_pdu_in_validation->data[10]; 388 uint8_t upper_transport_pdu_len = lower_transport_pdu_len - 1 - trans_mic_len; 389 390 mesh_print_hex("EncAccessPayload", upper_transport_pdu_data, upper_transport_pdu_len); 391 392 // decrypt ccm 393 crypto_active = 1; 394 uint16_t aad_len = 0; 395 if (mesh_network_address_virtual(mesh_network_dst(network_pdu))){ 396 aad_len = 16; 397 } 398 btstack_crypto_ccm_init(&ccm, message_key->key, application_nonce, upper_transport_pdu_len, aad_len, trans_mic_len); 399 if (aad_len){ 400 btstack_crypto_ccm_digest(&ccm, (uint8_t*) mesh_transport_key_it.address->label_uuid, aad_len, &mesh_upper_transport_validate_unsegmented_message_digest, network_pdu); 401 } else { 402 mesh_upper_transport_validate_unsegmented_message_digest(network_pdu); 403 } 404 } 405 406 static void mesh_upper_transport_validate_segmented_message(mesh_transport_pdu_t * transport_pdu){ 407 uint8_t * upper_transport_pdu_data = transport_pdu->data; 408 uint8_t upper_transport_pdu_len = transport_pdu->len - transport_pdu->transmic_len; 409 410 if (!mesh_transport_key_and_virtual_address_iterator_has_more(&mesh_transport_key_it)){ 411 printf("No valid transport key found\n"); 412 mesh_upper_transport_process_segmented_message_done(transport_pdu); 413 return; 414 } 415 mesh_transport_key_and_virtual_address_iterator_next(&mesh_transport_key_it); 416 const mesh_transport_key_t * message_key = mesh_transport_key_it.key; 417 418 if (message_key->akf){ 419 transport_segmented_setup_application_nonce(application_nonce, transport_pdu_in_validation); 420 } else { 421 transport_segmented_setup_device_nonce(application_nonce, transport_pdu_in_validation); 422 } 423 424 // store application / device key index 425 mesh_print_hex("AppOrDevKey", message_key->key, 16); 426 transport_pdu->appkey_index = message_key->appkey_index; 427 428 mesh_print_hex("EncAccessPayload", upper_transport_pdu_data, upper_transport_pdu_len); 429 430 // decrypt ccm 431 crypto_active = 1; 432 uint16_t aad_len = 0; 433 if (mesh_network_address_virtual(mesh_transport_dst(transport_pdu))){ 434 aad_len = 16; 435 } 436 btstack_crypto_ccm_init(&ccm, message_key->key, application_nonce, upper_transport_pdu_len, aad_len, transport_pdu->transmic_len); 437 438 if (aad_len){ 439 btstack_crypto_ccm_digest(&ccm, (uint8_t *) mesh_transport_key_it.address->label_uuid, aad_len, &mesh_upper_transport_validate_segmented_message_digest, transport_pdu); 440 } else { 441 mesh_upper_transport_validate_segmented_message_digest(transport_pdu); 442 } 443 } 444 445 static void mesh_upper_transport_process_unsegmented_access_message(mesh_network_pdu_t *network_pdu){ 446 // copy original pdu 447 network_pdu->len = network_pdu_in_validation->len; 448 memcpy(network_pdu->data, network_pdu_in_validation->data, network_pdu->len); 449 450 // 451 uint8_t * lower_transport_pdu = &network_pdu_in_validation->data[9]; 452 uint8_t lower_transport_pdu_len = network_pdu_in_validation->len - 9; 453 454 mesh_print_hex("Lower Transport network pdu", &network_pdu_in_validation->data[9], lower_transport_pdu_len); 455 456 uint8_t aid = lower_transport_pdu[0] & 0x3f; 457 uint8_t akf = (lower_transport_pdu[0] & 0x40) >> 6; 458 printf("AKF: %u\n", akf); 459 printf("AID: %02x\n", aid); 460 461 mesh_transport_key_and_virtual_address_iterator_init(&mesh_transport_key_it, mesh_network_dst(network_pdu), 462 network_pdu->netkey_index, akf, aid); 463 mesh_upper_transport_validate_unsegmented_message(network_pdu); 464 } 465 466 static void mesh_upper_transport_process_message(mesh_transport_pdu_t * transport_pdu){ 467 // copy original pdu 468 transport_pdu->len = transport_pdu_in_validation->len; 469 memcpy(transport_pdu, transport_pdu_in_validation, sizeof(mesh_transport_pdu_t)); 470 471 // 472 uint8_t * upper_transport_pdu = transport_pdu->data; 473 uint8_t upper_transport_pdu_len = transport_pdu->len - transport_pdu->transmic_len; 474 mesh_print_hex("Upper Transport pdu", upper_transport_pdu, upper_transport_pdu_len); 475 476 uint8_t aid = transport_pdu->akf_aid & 0x3f; 477 uint8_t akf = (transport_pdu->akf_aid & 0x40) >> 6; 478 479 printf("AKF: %u\n", akf); 480 printf("AID: %02x\n", aid); 481 482 mesh_transport_key_and_virtual_address_iterator_init(&mesh_transport_key_it, mesh_transport_dst(transport_pdu), 483 transport_pdu->netkey_index, akf, aid); 484 mesh_upper_transport_validate_segmented_message(transport_pdu); 485 } 486 487 void mesh_upper_transport_message_received(mesh_pdu_t * pdu){ 488 btstack_linked_list_add_tail(&upper_transport_incoming, (btstack_linked_item_t*) pdu); 489 mesh_transport_run(); 490 } 491 492 void mesh_upper_transport_pdu_free(mesh_pdu_t * pdu){ 493 mesh_network_pdu_t * network_pdu; 494 mesh_transport_pdu_t * transport_pdu; 495 switch (pdu->pdu_type) { 496 case MESH_PDU_TYPE_NETWORK: 497 network_pdu = (mesh_network_pdu_t *) pdu; 498 mesh_network_pdu_free(network_pdu); 499 break; 500 case MESH_PDU_TYPE_TRANSPORT: 501 transport_pdu = (mesh_transport_pdu_t *) pdu; 502 mesh_transport_pdu_free(transport_pdu); 503 break; 504 default: 505 break; 506 } 507 } 508 509 void mesh_upper_transport_pdu_handler(mesh_transport_callback_type_t callback_type, mesh_transport_status_t status, mesh_pdu_t * pdu){ 510 switch (callback_type){ 511 case MESH_TRANSPORT_PDU_RECEIVED: 512 mesh_upper_transport_message_received(pdu); 513 break; 514 case MESH_TRANSPORT_PDU_SENT: 515 // notify upper layer (or just free pdu) 516 if (higher_layer_handler){ 517 higher_layer_handler(callback_type, status, pdu); 518 } else { 519 mesh_upper_transport_pdu_free(pdu); 520 } 521 break; 522 default: 523 break; 524 } 525 } 526 static void mesh_upper_transport_send_unsegmented_access_pdu_ccm(void * arg){ 527 crypto_active = 0; 528 529 mesh_network_pdu_t * network_pdu = (mesh_network_pdu_t *) arg; 530 uint8_t * upper_transport_pdu = mesh_network_pdu_data(network_pdu) + 1; 531 uint8_t upper_transport_pdu_len = mesh_network_pdu_len(network_pdu) - 1; 532 mesh_print_hex("EncAccessPayload", upper_transport_pdu, upper_transport_pdu_len); 533 // store TransMIC 534 btstack_crypto_ccm_get_authentication_value(&ccm, &upper_transport_pdu[upper_transport_pdu_len]); 535 mesh_print_hex("TransMIC", &upper_transport_pdu[upper_transport_pdu_len], 4); 536 network_pdu->len += 4; 537 // send network pdu 538 mesh_lower_transport_send_pdu((mesh_pdu_t*) network_pdu); 539 } 540 541 static void mesh_upper_transport_send_segmented_access_pdu_ccm(void * arg){ 542 crypto_active = 0; 543 544 mesh_transport_pdu_t * transport_pdu = (mesh_transport_pdu_t *) arg; 545 mesh_print_hex("EncAccessPayload", transport_pdu->data, transport_pdu->len); 546 // store TransMIC 547 btstack_crypto_ccm_get_authentication_value(&ccm, &transport_pdu->data[transport_pdu->len]); 548 mesh_print_hex("TransMIC", &transport_pdu->data[transport_pdu->len], transport_pdu->transmic_len); 549 transport_pdu->len += transport_pdu->transmic_len; 550 mesh_lower_transport_send_pdu((mesh_pdu_t*) transport_pdu); 551 } 552 553 static uint8_t mesh_upper_transport_setup_unsegmented_control_pdu(mesh_network_pdu_t * network_pdu, uint16_t netkey_index, uint8_t ttl, uint16_t src, uint16_t dest, uint8_t opcode, 554 const uint8_t * control_pdu_data, uint16_t control_pdu_len){ 555 556 printf("[+] Upper transport, setup unsegmented Control PDU (opcode %02x): \n", opcode); 557 printf_hexdump(control_pdu_data, control_pdu_len); 558 559 if (control_pdu_len > 11) return 1; 560 561 const mesh_network_key_t * network_key = mesh_network_key_list_get(netkey_index); 562 if (!network_key) return 1; 563 564 uint8_t transport_pdu_data[12]; 565 transport_pdu_data[0] = opcode; 566 memcpy(&transport_pdu_data[1], control_pdu_data, control_pdu_len); 567 uint16_t transport_pdu_len = control_pdu_len + 1; 568 569 mesh_print_hex("LowerTransportPDU", transport_pdu_data, transport_pdu_len); 570 // setup network_pdu 571 mesh_network_setup_pdu(network_pdu, netkey_index, network_key->nid, 1, ttl, mesh_lower_transport_next_seq(), src, dest, transport_pdu_data, transport_pdu_len); 572 573 return 0; 574 } 575 576 static uint8_t mesh_upper_transport_setup_segmented_control_pdu(mesh_transport_pdu_t * transport_pdu, uint16_t netkey_index, uint8_t ttl, uint16_t src, uint16_t dest, uint8_t opcode, 577 const uint8_t * control_pdu_data, uint16_t control_pdu_len){ 578 579 printf("[+] Upper transport, setup segmented Control PDU (opcode %02x): \n", opcode); 580 printf_hexdump(control_pdu_data, control_pdu_len); 581 582 if (control_pdu_len > 256) return 1; 583 584 const mesh_network_key_t * network_key = mesh_network_key_list_get(netkey_index); 585 if (!network_key) return 1; 586 587 uint32_t seq = mesh_lower_transport_peek_seq(); 588 589 memcpy(transport_pdu->data, control_pdu_data, control_pdu_len); 590 transport_pdu->len = control_pdu_len; 591 transport_pdu->netkey_index = netkey_index; 592 transport_pdu->akf_aid = opcode; 593 transport_pdu->transmic_len = 0; // no TransMIC for control 594 mesh_transport_set_nid_ivi(transport_pdu, network_key->nid); 595 mesh_transport_set_seq(transport_pdu, seq); 596 mesh_transport_set_src(transport_pdu, src); 597 mesh_transport_set_dest(transport_pdu, dest); 598 mesh_transport_set_ctl_ttl(transport_pdu, 0x80 | ttl); 599 600 return 0; 601 } 602 603 uint8_t mesh_upper_transport_setup_control_pdu(mesh_pdu_t * pdu, uint16_t netkey_index, 604 uint8_t ttl, uint16_t src, uint16_t dest, uint8_t opcode, const uint8_t * control_pdu_data, uint16_t control_pdu_len){ 605 switch (pdu->pdu_type){ 606 case MESH_PDU_TYPE_NETWORK: 607 return mesh_upper_transport_setup_unsegmented_control_pdu((mesh_network_pdu_t *) pdu, netkey_index, ttl, src, dest, opcode, control_pdu_data, control_pdu_len); 608 case MESH_PDU_TYPE_TRANSPORT: 609 return mesh_upper_transport_setup_segmented_control_pdu((mesh_transport_pdu_t *) pdu, netkey_index, ttl, src, dest, opcode, control_pdu_data, control_pdu_len); 610 default: 611 return 1; 612 } 613 } 614 615 static uint8_t mesh_upper_transport_setup_unsegmented_access_pdu_header(mesh_network_pdu_t * network_pdu, uint16_t netkey_index, 616 uint16_t appkey_index, uint8_t ttl, uint16_t src, uint16_t dest){ 617 618 // get app or device key 619 const mesh_transport_key_t * appkey; 620 appkey = mesh_transport_key_get(appkey_index); 621 if (appkey == NULL){ 622 printf("appkey_index %x unknown\n", appkey_index); 623 return 1; 624 } 625 uint8_t akf_aid = (appkey->akf << 6) | appkey->aid; 626 627 // lookup network by netkey_index 628 const mesh_network_key_t * network_key = mesh_network_key_list_get(netkey_index); 629 if (!network_key) return 1; 630 631 network_pdu->data[9] = akf_aid; 632 // setup network_pdu 633 mesh_network_setup_pdu_header(network_pdu, netkey_index, network_key->nid, 0, ttl, mesh_lower_transport_next_seq(), src, dest); 634 network_pdu->appkey_index = appkey_index; 635 return 0; 636 } 637 638 static uint8_t mesh_upper_transport_setup_unsegmented_access_pdu(mesh_network_pdu_t * network_pdu, uint16_t netkey_index, uint16_t appkey_index, uint8_t ttl, uint16_t src, uint16_t dest, 639 const uint8_t * access_pdu_data, uint8_t access_pdu_len){ 640 641 int status = mesh_upper_transport_setup_unsegmented_access_pdu_header(network_pdu, netkey_index, appkey_index, ttl, src, dest); 642 if (status) return status; 643 644 printf("[+] Upper transport, setup unsegmented Access PDU - seq %06x\n", mesh_network_seq(network_pdu)); 645 mesh_print_hex("Access Payload", access_pdu_data, access_pdu_len); 646 647 // store in transport pdu 648 memcpy(&network_pdu->data[10], access_pdu_data, access_pdu_len); 649 network_pdu->len = 10 + access_pdu_len; 650 return 0; 651 } 652 653 static uint8_t mesh_upper_transport_setup_segmented_access_pdu_header(mesh_transport_pdu_t * transport_pdu, uint16_t netkey_index, uint16_t appkey_index, uint8_t ttl, uint16_t src, uint16_t dest, 654 uint8_t szmic){ 655 uint32_t seq = mesh_lower_transport_peek_seq(); 656 657 printf("[+] Upper transport, setup segmented Access PDU - seq %06x, szmic %u, iv_index %08x\n", seq, szmic, 658 mesh_get_iv_index_for_tx()); 659 mesh_print_hex("Access Payload", transport_pdu->data, transport_pdu->len); 660 661 // get app or device key 662 const mesh_transport_key_t *appkey; 663 appkey = mesh_transport_key_get(appkey_index); 664 if (appkey == NULL) { 665 printf("appkey_index %x unknown\n", appkey_index); 666 return 1; 667 } 668 uint8_t akf_aid = (appkey->akf << 6) | appkey->aid; 669 670 // lookup network by netkey_index 671 const mesh_network_key_t *network_key = mesh_network_key_list_get(netkey_index); 672 if (!network_key) return 1; 673 674 const uint8_t trans_mic_len = szmic ? 8 : 4; 675 676 // store in transport pdu 677 transport_pdu->transmic_len = trans_mic_len; 678 transport_pdu->netkey_index = netkey_index; 679 transport_pdu->appkey_index = appkey_index; 680 transport_pdu->akf_aid = akf_aid; 681 mesh_transport_set_nid_ivi(transport_pdu, network_key->nid | ((mesh_get_iv_index_for_tx() & 1) << 7)); 682 mesh_transport_set_seq(transport_pdu, seq); 683 mesh_transport_set_src(transport_pdu, src); 684 mesh_transport_set_dest(transport_pdu, dest); 685 mesh_transport_set_ctl_ttl(transport_pdu, ttl); 686 return 0; 687 } 688 689 690 static uint8_t mesh_upper_transport_setup_segmented_access_pdu(mesh_transport_pdu_t * transport_pdu, uint16_t netkey_index, uint16_t appkey_index, uint8_t ttl, uint16_t src, uint16_t dest, 691 uint8_t szmic, const uint8_t * access_pdu_data, uint8_t access_pdu_len){ 692 int status = mesh_upper_transport_setup_segmented_access_pdu_header(transport_pdu, netkey_index, appkey_index, ttl, src, dest, szmic); 693 if (status) return status; 694 695 // store in transport pdu 696 memcpy(transport_pdu->data, access_pdu_data, access_pdu_len); 697 transport_pdu->len = access_pdu_len; 698 return 0; 699 } 700 uint8_t mesh_upper_transport_setup_access_pdu_header(mesh_pdu_t * pdu, uint16_t netkey_index, uint16_t appkey_index, 701 uint8_t ttl, uint16_t src, uint16_t dest, uint8_t szmic){ 702 switch (pdu->pdu_type){ 703 case MESH_PDU_TYPE_NETWORK: 704 return mesh_upper_transport_setup_unsegmented_access_pdu_header((mesh_network_pdu_t *) pdu, netkey_index, appkey_index, ttl, src, dest); 705 case MESH_PDU_TYPE_TRANSPORT: 706 return mesh_upper_transport_setup_segmented_access_pdu_header((mesh_transport_pdu_t *) pdu, netkey_index, appkey_index, ttl, src, dest, szmic); 707 default: 708 return 1; 709 } 710 } 711 712 uint8_t mesh_upper_transport_setup_access_pdu(mesh_pdu_t * pdu, uint16_t netkey_index, uint16_t appkey_index, 713 uint8_t ttl, uint16_t src, uint16_t dest, uint8_t szmic, 714 const uint8_t * access_pdu_data, uint8_t access_pdu_len){ 715 switch (pdu->pdu_type){ 716 case MESH_PDU_TYPE_NETWORK: 717 return mesh_upper_transport_setup_unsegmented_access_pdu((mesh_network_pdu_t *) pdu, netkey_index, appkey_index, ttl, src, dest, access_pdu_data, access_pdu_len); 718 case MESH_PDU_TYPE_TRANSPORT: 719 return mesh_upper_transport_setup_segmented_access_pdu((mesh_transport_pdu_t *) pdu, netkey_index, appkey_index, ttl, src, dest, szmic, access_pdu_data, access_pdu_len); 720 default: 721 return 1; 722 } 723 } 724 725 void mesh_upper_transport_send_control_pdu(mesh_pdu_t * pdu){ 726 mesh_lower_transport_send_pdu((mesh_pdu_t*) pdu); 727 } 728 729 static void mesh_upper_transport_send_unsegmented_access_pdu_digest(void * arg){ 730 mesh_network_pdu_t * network_pdu = (mesh_network_pdu_t *) arg; 731 uint8_t * access_pdu_data = mesh_network_pdu_data(network_pdu) + 1; 732 uint16_t access_pdu_len = mesh_network_pdu_len(network_pdu) - 1; 733 btstack_crypto_ccm_encrypt_block(&ccm, access_pdu_len, access_pdu_data, access_pdu_data, &mesh_upper_transport_send_unsegmented_access_pdu_ccm, network_pdu); 734 } 735 736 static mesh_transport_key_t * mesh_upper_transport_get_outgoing_appkey(uint16_t netkey_index, uint16_t appkey_index){ 737 // Device Key is fixed 738 if (appkey_index == MESH_DEVICE_KEY_INDEX) { 739 return mesh_transport_key_get(appkey_index); 740 } 741 742 // Get key refresh state from subnet 743 mesh_subnet_t * subnet = mesh_subnet_get_by_netkey_index(netkey_index); 744 if (subnet == NULL) return NULL; 745 746 // identify old and new app keys for given appkey_index 747 mesh_transport_key_t * old_key = NULL; 748 mesh_transport_key_t * new_key = NULL; 749 mesh_transport_key_iterator_t it; 750 mesh_transport_key_iterator_init(&it, netkey_index); 751 while (mesh_transport_key_iterator_has_more(&it)){ 752 mesh_transport_key_t * transport_key = mesh_transport_key_iterator_get_next(&it); 753 if (transport_key->appkey_index != appkey_index) continue; 754 if (transport_key->old_key == 0) { 755 new_key = transport_key; 756 } else { 757 old_key = transport_key; 758 } 759 } 760 761 // if no key is marked as old, just use the current one 762 if (old_key == NULL) return new_key; 763 764 // use new key if it exists in phase two 765 if ((subnet->key_refresh == MESH_KEY_REFRESH_SECOND_PHASE) && (new_key != NULL)){ 766 return new_key; 767 } else { 768 return old_key; 769 } 770 } 771 772 static void mesh_upper_transport_send_unsegmented_access_pdu(mesh_network_pdu_t * network_pdu){ 773 774 // if dst is virtual address, lookup label uuid and hash 775 uint16_t aad_len = 0; 776 mesh_virtual_address_t * virtual_address = NULL; 777 uint16_t dst = mesh_network_dst(network_pdu); 778 if (mesh_network_address_virtual(dst)){ 779 virtual_address = mesh_virtual_address_for_pseudo_dst(dst); 780 if (!virtual_address){ 781 printf("No virtual address register for pseudo dst %4x\n", dst); 782 btstack_memory_mesh_network_pdu_free(network_pdu); 783 return; 784 } 785 aad_len = 16; 786 big_endian_store_16(network_pdu->data, 7, virtual_address->hash); 787 } 788 789 // setup nonce 790 uint16_t appkey_index = network_pdu->appkey_index; 791 if (appkey_index == MESH_DEVICE_KEY_INDEX){ 792 transport_unsegmented_setup_device_nonce(application_nonce, network_pdu); 793 } else { 794 transport_unsegmented_setup_application_nonce(application_nonce, network_pdu); 795 } 796 797 // get app or device key 798 const mesh_transport_key_t * appkey = mesh_upper_transport_get_outgoing_appkey(network_pdu->netkey_index, appkey_index); 799 mesh_print_hex("AppOrDevKey", appkey->key, 16); 800 801 // encrypt ccm 802 uint8_t trans_mic_len = 4; 803 uint16_t access_pdu_len = mesh_network_pdu_len(network_pdu) - 1; 804 crypto_active = 1; 805 806 btstack_crypto_ccm_init(&ccm, appkey->key, application_nonce, access_pdu_len, aad_len, trans_mic_len); 807 if (virtual_address){ 808 mesh_print_hex("LabelUUID", virtual_address->label_uuid, 16); 809 btstack_crypto_ccm_digest(&ccm, virtual_address->label_uuid, 16, &mesh_upper_transport_send_unsegmented_access_pdu_digest, network_pdu); 810 } else { 811 mesh_upper_transport_send_unsegmented_access_pdu_digest(network_pdu); 812 } 813 } 814 815 static void mesh_upper_transport_send_segmented_access_pdu_digest(void *arg){ 816 mesh_transport_pdu_t * transport_pdu = (mesh_transport_pdu_t *) arg; 817 uint16_t access_pdu_len = transport_pdu->len; 818 uint8_t * access_pdu_data = transport_pdu->data; 819 btstack_crypto_ccm_encrypt_block(&ccm, access_pdu_len,access_pdu_data, access_pdu_data, &mesh_upper_transport_send_segmented_access_pdu_ccm, transport_pdu); 820 } 821 822 static void mesh_upper_transport_send_segmented_access_pdu(mesh_transport_pdu_t * transport_pdu){ 823 824 // if dst is virtual address, lookup label uuid and hash 825 uint16_t aad_len = 0; 826 mesh_virtual_address_t * virtual_address = NULL; 827 uint16_t dst = mesh_transport_dst(transport_pdu); 828 if (mesh_network_address_virtual(dst)){ 829 virtual_address = mesh_virtual_address_for_pseudo_dst(dst); 830 if (!virtual_address){ 831 printf("No virtual address register for pseudo dst %4x\n", dst); 832 btstack_memory_mesh_transport_pdu_free(transport_pdu); 833 return; 834 } 835 // printf("Using hash %4x with LabelUUID: ", virtual_address->hash); 836 // printf_hexdump(virtual_address->label_uuid, 16); 837 aad_len = 16; 838 big_endian_store_16(transport_pdu->network_header, 7, virtual_address->hash); 839 } 840 841 // setup nonce - uses dst, so after pseudo address translation 842 uint16_t appkey_index = transport_pdu->appkey_index; 843 if (appkey_index == MESH_DEVICE_KEY_INDEX){ 844 transport_segmented_setup_device_nonce(application_nonce, transport_pdu); 845 } else { 846 transport_segmented_setup_application_nonce(application_nonce, transport_pdu); 847 } 848 849 // get app or device key 850 const mesh_transport_key_t * appkey = mesh_upper_transport_get_outgoing_appkey(transport_pdu->netkey_index, appkey_index); 851 mesh_print_hex("AppOrDevKey", appkey->key, 16); 852 853 // encrypt ccm 854 uint8_t transmic_len = transport_pdu->transmic_len; 855 uint16_t access_pdu_len = transport_pdu->len; 856 crypto_active = 1; 857 btstack_crypto_ccm_init(&ccm, appkey->key, application_nonce, access_pdu_len, aad_len, transmic_len); 858 if (virtual_address){ 859 mesh_print_hex("LabelUUID", virtual_address->label_uuid, 16); 860 btstack_crypto_ccm_digest(&ccm, virtual_address->label_uuid, 16, &mesh_upper_transport_send_segmented_access_pdu_digest, transport_pdu); 861 } else { 862 mesh_upper_transport_send_segmented_access_pdu_digest(transport_pdu); 863 } 864 } 865 866 void mesh_upper_transport_send_access_pdu(mesh_pdu_t * pdu){ 867 switch (pdu->pdu_type){ 868 case MESH_PDU_TYPE_NETWORK: 869 mesh_upper_transport_send_unsegmented_access_pdu((mesh_network_pdu_t *) pdu); 870 break; 871 case MESH_PDU_TYPE_TRANSPORT: 872 mesh_upper_transport_send_segmented_access_pdu((mesh_transport_pdu_t *) pdu); 873 break; 874 default: 875 break; 876 } 877 } 878 879 void mesh_upper_transport_set_primary_element_address(uint16_t unicast_address){ 880 primary_element_address = unicast_address; 881 } 882 883 void mesh_upper_transport_register_access_message_handler(void (*callback)(mesh_pdu_t *pdu)){ 884 mesh_access_message_handler = callback; 885 } 886 887 void mesh_upper_transport_register_control_message_handler(void (*callback)(mesh_pdu_t *pdu)){ 888 mesh_control_message_handler = callback; 889 } 890 891 void mesh_upper_transport_set_higher_layer_handler(void (*pdu_handler)( mesh_transport_callback_type_t callback_type, mesh_transport_status_t status, mesh_pdu_t * pdu)){ 892 higher_layer_handler = pdu_handler; 893 } 894 895 void mesh_upper_transport_init(){ 896 mesh_lower_transport_init(); 897 mesh_lower_transport_set_higher_layer_handler(&mesh_upper_transport_pdu_handler); 898 } 899 900 static void mesh_transport_run(void){ 901 while(!btstack_linked_list_empty(&upper_transport_incoming)){ 902 903 if (crypto_active) return; 904 905 // peek at next message 906 mesh_pdu_t * pdu = (mesh_pdu_t *) btstack_linked_list_get_first_item(&upper_transport_incoming); 907 mesh_transport_pdu_t * transport_pdu; 908 mesh_network_pdu_t * network_pdu; 909 switch (pdu->pdu_type){ 910 case MESH_PDU_TYPE_NETWORK: 911 network_pdu = (mesh_network_pdu_t *) pdu; 912 // control? 913 if (mesh_network_control(network_pdu)) { 914 (void) btstack_linked_list_pop(&upper_transport_incoming); 915 mesh_upper_unsegmented_control_message_received(network_pdu); 916 } else { 917 mesh_network_pdu_t * decode_pdu = mesh_network_pdu_get(); 918 if (!decode_pdu) return; 919 // get encoded network pdu and start processing 920 network_pdu_in_validation = network_pdu; 921 (void) btstack_linked_list_pop(&upper_transport_incoming); 922 mesh_upper_transport_process_unsegmented_access_message(decode_pdu); 923 } 924 break; 925 case MESH_PDU_TYPE_TRANSPORT: 926 transport_pdu = (mesh_transport_pdu_t *) pdu; 927 uint8_t ctl = mesh_transport_ctl(transport_pdu); 928 if (ctl){ 929 printf("Ignoring Segmented Control Message\n"); 930 (void) btstack_linked_list_pop(&upper_transport_incoming); 931 mesh_lower_transport_message_processed_by_higher_layer((mesh_pdu_t *) transport_pdu); 932 } else { 933 mesh_transport_pdu_t * decode_pdu = mesh_transport_pdu_get(); 934 if (!decode_pdu) return; 935 // get encoded transport pdu and start processing 936 transport_pdu_in_validation = transport_pdu; 937 (void) btstack_linked_list_pop(&upper_transport_incoming); 938 mesh_upper_transport_process_message(decode_pdu); 939 } 940 break; 941 default: 942 break; 943 } 944 } 945 } 946 947 // buffer pool 948 mesh_transport_pdu_t * mesh_transport_pdu_get(void){ 949 mesh_transport_pdu_t * transport_pdu = btstack_memory_mesh_transport_pdu_get(); 950 if (transport_pdu) { 951 memset(transport_pdu, 0, sizeof(mesh_transport_pdu_t)); 952 transport_pdu->pdu_header.pdu_type = MESH_PDU_TYPE_TRANSPORT; 953 } 954 return transport_pdu; 955 } 956 957 void mesh_transport_pdu_free(mesh_transport_pdu_t * transport_pdu){ 958 btstack_memory_mesh_transport_pdu_free(transport_pdu); 959 } 960