1 /* 2 * Copyright (C) 2017 BlueKitchen GmbH 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the copyright holders nor the names of 14 * contributors may be used to endorse or promote products derived 15 * from this software without specific prior written permission. 16 * 4. Any redistribution, use, or modification is done solely for 17 * personal benefit and not for any commercial purpose or for 18 * monetary gain. 19 * 20 * THIS SOFTWARE IS PROVIDED BY BLUEKITCHEN GMBH AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MATTHIAS 24 * RINGWALD OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 26 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 27 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 28 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 29 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 30 * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * Please inquire about commercial licensing options at 34 * [email protected] 35 * 36 */ 37 38 #define BTSTACK_FILE__ "provisioning_device.c" 39 40 #include <stdint.h> 41 #include <stdio.h> 42 #include <stdlib.h> 43 #include <string.h> 44 45 #include "btstack.h" 46 #include "btstack_memory.h" 47 48 #include "mesh/mesh_crypto.h" 49 #ifdef ENABLE_MESH_ADV_BEARER 50 #include "mesh/pb_adv.h" 51 #endif 52 #ifdef ENABLE_MESH_GATT_BEARER 53 #include "mesh/pb_gatt.h" 54 #endif 55 #include "mesh/provisioning.h" 56 57 static void prov_key_generated(void * arg); 58 59 // remote ecc 60 static uint8_t remote_ec_q[64]; 61 static uint8_t dhkey[32]; 62 63 static btstack_packet_handler_t prov_packet_handler; 64 65 static uint8_t prov_buffer_out[MESH_PROV_MAX_PROXY_PDU]; 66 // ConfirmationInputs = ProvisioningInvitePDUValue || ProvisioningCapabilitiesPDUValue || ProvisioningStartPDUValue || PublicKeyProvisioner || PublicKeyDevice 67 static uint8_t prov_confirmation_inputs[1 + 11 + 5 + 64 + 64]; 68 static uint8_t prov_authentication_method; 69 static uint8_t prov_public_key_oob_used; 70 static uint8_t prov_emit_public_key_oob_active; 71 static uint8_t prov_emit_output_oob_active; 72 static uint8_t prov_ec_q[64]; 73 74 static const uint8_t * prov_public_key_oob_q; 75 static const uint8_t * prov_public_key_oob_d; 76 77 // num elements 78 static uint8_t prov_num_elements = 1; 79 80 // capabilites 81 static const uint8_t * prov_static_oob_data; 82 83 static uint16_t prov_static_oob_len; 84 static uint16_t prov_output_oob_actions; 85 static uint16_t prov_input_oob_actions; 86 static uint8_t prov_public_key_oob_available; 87 static uint8_t prov_static_oob_available; 88 static uint8_t prov_output_oob_size; 89 static uint8_t prov_input_oob_size; 90 static uint8_t prov_error_code; 91 static uint8_t prov_waiting_for_outgoing_complete; 92 93 static uint8_t prov_attention_timer_timeout; 94 95 static btstack_timer_source_t prov_protocol_timer; 96 97 static btstack_crypto_aes128_cmac_t prov_cmac_request; 98 static btstack_crypto_random_t prov_random_request; 99 static btstack_crypto_ecc_p256_t prov_ecc_p256_request; 100 static btstack_crypto_ccm_t prov_ccm_request; 101 102 // ConfirmationDevice 103 static uint8_t confirmation_device[16]; 104 // ConfirmationSalt 105 static uint8_t confirmation_salt[16]; 106 // ConfirmationKey 107 static uint8_t confirmation_key[16]; 108 // RandomDevice 109 static uint8_t random_device[16]; 110 // ProvisioningSalt 111 static uint8_t provisioning_salt[16]; 112 // AuthValue 113 static uint8_t auth_value[16]; 114 // SessionKey 115 static uint8_t session_key[16]; 116 // SessionNonce 117 static uint8_t session_nonce[16]; 118 // EncProvisioningData 119 static uint8_t enc_provisioning_data[25]; 120 // ProvisioningData 121 static uint8_t provisioning_data[25]; 122 123 // received network_key 124 static mesh_network_key_t * network_key; 125 126 // DeviceKey 127 static uint8_t device_key[16]; 128 129 static uint8_t flags; 130 131 static uint32_t iv_index; 132 static uint16_t unicast_address; 133 134 typedef enum { 135 DEVICE_W4_INVITE, 136 DEVICE_SEND_CAPABILITIES, 137 DEVICE_W4_START, 138 DEVICE_W4_INPUT_OOK, 139 DEVICE_SEND_INPUT_COMPLETE, 140 DEVICE_W4_PUB_KEY, 141 DEVICE_SEND_PUB_KEY, 142 DEVICE_W4_CONFIRM, 143 DEVICE_SEND_CONFIRM, 144 DEVICE_W4_RANDOM, 145 DEVICE_SEND_RANDOM, 146 DEVICE_W4_DATA, 147 DEVICE_SEND_COMPLETE, 148 DEVICE_SEND_ERROR, 149 DEVICE_W4_DONE, 150 } device_state_t; 151 152 static device_state_t device_state; 153 static uint16_t pb_transport_cid; 154 static mesh_pb_type_t pb_type; 155 156 static void pb_send_pdu(uint16_t transport_cid, const uint8_t * buffer, uint16_t buffer_size){ 157 switch (pb_type){ 158 #ifdef ENABLE_MESH_ADV_BEARER 159 case MESH_PB_TYPE_ADV: 160 pb_adv_send_pdu(transport_cid, buffer, buffer_size); 161 break; 162 #endif 163 #ifdef ENABLE_MESH_GATT_BEARER 164 case MESH_PB_TYPE_GATT: 165 pb_gatt_send_pdu(transport_cid, buffer, buffer_size); 166 break; 167 #endif 168 default: 169 break; 170 } 171 } 172 173 static void pb_close_link(uint16_t transport_cid, uint8_t reason){ 174 switch (pb_type){ 175 #ifdef ENABLE_MESH_ADV_BEARER 176 case MESH_PB_TYPE_ADV: 177 pb_adv_close_link(transport_cid, reason); 178 break; 179 #endif 180 #ifdef ENABLE_MESH_GATT_BEARER 181 case MESH_PB_TYPE_GATT: 182 pb_gatt_close_link(transport_cid, reason); 183 break; 184 #endif 185 default: 186 break; 187 } 188 } 189 190 static void provisioning_emit_event(uint16_t pb_adv_cid, uint8_t mesh_subevent){ 191 if (!prov_packet_handler) return; 192 uint8_t event[5] = { HCI_EVENT_MESH_META, 3, mesh_subevent}; 193 little_endian_store_16(event, 3, pb_adv_cid); 194 prov_packet_handler(HCI_EVENT_PACKET, 0, event, sizeof(event)); 195 } 196 197 static void provisioning_emit_output_oob_event(uint16_t pb_adv_cid, uint32_t number){ 198 if (!prov_packet_handler) return; 199 uint8_t event[9] = { HCI_EVENT_MESH_META, 7, MESH_SUBEVENT_PB_PROV_START_EMIT_OUTPUT_OOB}; 200 little_endian_store_16(event, 3, pb_adv_cid); 201 little_endian_store_32(event, 5, number); 202 prov_packet_handler(HCI_EVENT_PACKET, 0, event, sizeof(event)); 203 } 204 205 static void provisioning_emit_attention_timer_event(uint16_t pb_adv_cid, uint8_t timer_s){ 206 if (!prov_packet_handler) return; 207 uint8_t event[6] = { HCI_EVENT_MESH_META, 4, MESH_SUBEVENT_PB_PROV_ATTENTION_TIMER}; 208 little_endian_store_16(event, 3, pb_adv_cid); 209 event[5] = timer_s; 210 prov_packet_handler(HCI_EVENT_PACKET, 0, event, sizeof(event)); 211 } 212 213 static void provisiong_timer_handler(btstack_timer_source_t * ts){ 214 UNUSED(ts); 215 printf("Provisioning Protocol Timeout -> Close Link!\n"); 216 pb_close_link(1, 1); 217 } 218 219 // The provisioning protocol shall have a minimum timeout of 60 seconds that is reset 220 // each time a provisioning protocol PDU is sent or received 221 static void provisioning_timer_start(void){ 222 btstack_run_loop_remove_timer(&prov_protocol_timer); 223 btstack_run_loop_set_timer_handler(&prov_protocol_timer, &provisiong_timer_handler); 224 btstack_run_loop_set_timer(&prov_protocol_timer, PROVISIONING_PROTOCOL_TIMEOUT_MS); 225 btstack_run_loop_add_timer(&prov_protocol_timer); 226 } 227 228 static void provisioning_timer_stop(void){ 229 btstack_run_loop_remove_timer(&prov_protocol_timer); 230 } 231 232 233 // Outgoing Provisioning PDUs 234 static void provisioning_send_provisioning_error(void){ 235 // setup response 236 prov_buffer_out[0] = MESH_PROV_FAILED; 237 prov_buffer_out[1] = prov_error_code; 238 pb_send_pdu(pb_transport_cid, prov_buffer_out, 2); 239 } 240 241 static void provisioning_send_capabilites(void){ 242 // setup response 243 prov_buffer_out[0] = MESH_PROV_CAPABILITIES; 244 245 /* Number of Elements supported */ 246 prov_buffer_out[1] = prov_num_elements; 247 248 /* Supported algorithms - FIPS P-256 Eliptic Curve */ 249 big_endian_store_16(prov_buffer_out, 2, 1); 250 251 /* Public Key Type - Public Key OOB information available */ 252 prov_buffer_out[4] = prov_public_key_oob_available; 253 254 /* Static OOB Type - Static OOB information available */ 255 prov_buffer_out[5] = prov_static_oob_available; 256 257 /* Output OOB Size - max of 8 */ 258 prov_buffer_out[6] = prov_output_oob_size; 259 260 /* Output OOB Action */ 261 big_endian_store_16(prov_buffer_out, 7, prov_output_oob_actions); 262 263 /* Input OOB Size - max of 8*/ 264 prov_buffer_out[9] = prov_input_oob_size; 265 266 /* Input OOB Action */ 267 big_endian_store_16(prov_buffer_out, 10, prov_input_oob_actions); 268 269 // store for confirmation inputs: len 11 270 memcpy(&prov_confirmation_inputs[1], &prov_buffer_out[1], 11); 271 272 // send 273 274 pb_send_pdu(pb_transport_cid, prov_buffer_out, 12); 275 } 276 277 static void provisioning_send_public_key(void){ 278 // setup response 279 prov_buffer_out[0] = MESH_PROV_PUB_KEY; 280 memcpy(&prov_buffer_out[1], prov_ec_q, 64); 281 282 // store for confirmation inputs: len 64 283 memcpy(&prov_confirmation_inputs[81], &prov_buffer_out[1], 64); 284 285 // send 286 pb_send_pdu(pb_transport_cid, prov_buffer_out, 65); 287 } 288 289 static void provisioning_send_input_complete(void){ 290 // setup response 291 prov_buffer_out[0] = MESH_PROV_INPUT_COMPLETE; 292 293 // send 294 pb_send_pdu(pb_transport_cid, prov_buffer_out, 17); 295 } 296 static void provisioning_send_confirm(void){ 297 // setup response 298 prov_buffer_out[0] = MESH_PROV_CONFIRM; 299 memcpy(&prov_buffer_out[1], confirmation_device, 16); 300 301 // send 302 pb_send_pdu(pb_transport_cid, prov_buffer_out, 17); 303 } 304 305 static void provisioning_send_random(void){ 306 // setup response 307 prov_buffer_out[0] = MESH_PROV_RANDOM; 308 memcpy(&prov_buffer_out[1], random_device, 16); 309 310 // send pdu 311 pb_send_pdu(pb_transport_cid, prov_buffer_out, 17); 312 } 313 314 static void provisioning_send_complete(void){ 315 // setup response 316 prov_buffer_out[0] = MESH_PROV_COMPLETE; 317 318 // send pdu 319 pb_send_pdu(pb_transport_cid, prov_buffer_out, 1); 320 } 321 322 static void provisioning_done(void){ 323 if (prov_emit_public_key_oob_active){ 324 prov_emit_public_key_oob_active = 0; 325 provisioning_emit_event(1, MESH_SUBEVENT_PB_PROV_STOP_EMIT_PUBLIC_KEY_OOB); 326 } 327 if (prov_emit_output_oob_active){ 328 prov_emit_output_oob_active = 0; 329 provisioning_emit_event(1, MESH_SUBEVENT_PB_PROV_STOP_EMIT_OUTPUT_OOB); 330 } 331 if (prov_attention_timer_timeout){ 332 prov_attention_timer_timeout = 0; 333 provisioning_emit_attention_timer_event(1, 0); 334 } 335 device_state = DEVICE_W4_INVITE; 336 337 // generate new public key 338 printf("Generate new public key\n"); 339 btstack_crypto_ecc_p256_generate_key(&prov_ecc_p256_request, prov_ec_q, &prov_key_generated, NULL); 340 } 341 342 static void provisioning_handle_auth_value_output_oob(void * arg){ 343 UNUSED(arg); 344 // limit auth value to single digit 345 auth_value[15] = auth_value[15] % 9 + 1; 346 347 printf("Output OOB: %u\n", auth_value[15]); 348 349 // emit output oob value 350 provisioning_emit_output_oob_event(1, auth_value[15]); 351 prov_emit_output_oob_active = 1; 352 } 353 354 static void provisioning_public_key_exchange_complete(void){ 355 356 // reset auth_value 357 memset(auth_value, 0, sizeof(auth_value)); 358 359 // handle authentication method 360 switch (prov_authentication_method){ 361 case 0x00: 362 device_state = DEVICE_W4_CONFIRM; 363 break; 364 case 0x01: 365 memcpy(&auth_value[16-prov_static_oob_len], prov_static_oob_data, prov_static_oob_len); 366 device_state = DEVICE_W4_CONFIRM; 367 break; 368 case 0x02: 369 device_state = DEVICE_W4_CONFIRM; 370 printf("Generate random for auth_value\n"); 371 // generate single byte of random data to use for authentication 372 btstack_crypto_random_generate(&prov_random_request, &auth_value[15], 1, &provisioning_handle_auth_value_output_oob, NULL); 373 break; 374 case 0x03: 375 // Input OOB 376 printf("Input OOB requested\n"); 377 provisioning_emit_event(1, MESH_SUBEVENT_PB_PROV_INPUT_OOB_REQUEST); 378 device_state = DEVICE_W4_INPUT_OOK; 379 break; 380 default: 381 break; 382 } 383 } 384 385 static void provisioning_run(void){ 386 printf("provisioning_run: state %x, wait for outgoing complete %u\n", device_state, prov_waiting_for_outgoing_complete); 387 if (prov_waiting_for_outgoing_complete) return; 388 int start_timer = 1; 389 switch (device_state){ 390 case DEVICE_SEND_ERROR: 391 start_timer = 0; // game over 392 device_state = DEVICE_W4_DONE; 393 prov_waiting_for_outgoing_complete = 1; 394 provisioning_send_provisioning_error(); 395 break; 396 case DEVICE_SEND_CAPABILITIES: 397 device_state = DEVICE_W4_START; 398 prov_waiting_for_outgoing_complete = 1; 399 provisioning_send_capabilites(); 400 break; 401 case DEVICE_SEND_INPUT_COMPLETE: 402 device_state = DEVICE_W4_CONFIRM; 403 prov_waiting_for_outgoing_complete = 1; 404 provisioning_send_input_complete(); 405 break; 406 case DEVICE_SEND_PUB_KEY: 407 prov_waiting_for_outgoing_complete = 1; 408 provisioning_send_public_key(); 409 provisioning_public_key_exchange_complete(); 410 break; 411 case DEVICE_SEND_CONFIRM: 412 device_state = DEVICE_W4_RANDOM; 413 prov_waiting_for_outgoing_complete = 1; 414 provisioning_send_confirm(); 415 break; 416 case DEVICE_SEND_RANDOM: 417 device_state = DEVICE_W4_DATA; 418 prov_waiting_for_outgoing_complete = 1; 419 provisioning_send_random(); 420 break; 421 case DEVICE_SEND_COMPLETE: 422 start_timer = 0; // last message 423 device_state = DEVICE_W4_DONE; 424 prov_waiting_for_outgoing_complete = 1; 425 provisioning_send_complete(); 426 break; 427 default: 428 return; 429 } 430 if (start_timer){ 431 provisioning_timer_start(); 432 } 433 } 434 435 static void provisioning_handle_provisioning_error(uint8_t error_code){ 436 printf("PROVISIONING ERROR\n"); 437 provisioning_timer_stop(); 438 prov_error_code = error_code; 439 device_state = DEVICE_SEND_ERROR; 440 provisioning_run(); 441 } 442 443 static void provisioning_handle_invite(uint8_t *packet, uint16_t size){ 444 445 if (size != 1) return; 446 447 // store for confirmation inputs: len 1 448 memcpy(&prov_confirmation_inputs[0], packet, 1); 449 450 // handle invite message 451 prov_attention_timer_timeout = packet[0]; 452 if (prov_attention_timer_timeout){ 453 provisioning_emit_attention_timer_event(pb_transport_cid, prov_attention_timer_timeout); 454 } 455 456 device_state = DEVICE_SEND_CAPABILITIES; 457 provisioning_run(); 458 } 459 460 static void provisioning_handle_start(uint8_t * packet, uint16_t size){ 461 462 if (size != 5) return; 463 464 // validate Algorithm 465 int ok = 1; 466 if (packet[0] > 0x00){ 467 ok = 0; 468 } 469 // validate Publik Key 470 if (packet[1] > 0x01){ 471 ok = 0; 472 } 473 // validate Authentication Method 474 switch (packet[2]){ 475 case 0: 476 case 1: 477 if (packet[3] != 0 || packet[4] != 0){ 478 ok = 0; 479 break; 480 } 481 break; 482 case 2: 483 if (packet[3] > 0x04 || packet[4] == 0 || packet[4] > 0x08){ 484 ok = 0; 485 break; 486 } 487 break; 488 case 3: 489 if (packet[3] > 0x03 || packet[4] == 0 || packet[4] > 0x08){ 490 ok = 0; 491 break; 492 } 493 break; 494 } 495 if (!ok){ 496 printf("PROV_START arguments incorrect\n"); 497 provisioning_handle_provisioning_error(0x02); 498 return; 499 } 500 501 // store for confirmation inputs: len 5 502 memcpy(&prov_confirmation_inputs[12], packet, 5); 503 504 // public key oob 505 prov_public_key_oob_used = packet[1]; 506 507 // authentication method 508 prov_authentication_method = packet[2]; 509 510 // start emit public OOK if specified 511 if (prov_public_key_oob_available && prov_public_key_oob_used){ 512 provisioning_emit_event(1, MESH_SUBEVENT_PB_PROV_START_EMIT_PUBLIC_KEY_OOB); 513 } 514 515 printf("PublicKey: %02x\n", prov_public_key_oob_used); 516 printf("AuthMethod: %02x\n", prov_authentication_method); 517 518 device_state = DEVICE_W4_PUB_KEY; 519 provisioning_run(); 520 } 521 522 static void provisioning_handle_public_key_dhkey(void * arg){ 523 UNUSED(arg); 524 525 printf("DHKEY: "); 526 printf_hexdump(dhkey, sizeof(dhkey)); 527 528 // skip sending own public key when public key oob is used 529 if (prov_public_key_oob_available && prov_public_key_oob_used){ 530 // just copy key for confirmation inputs 531 memcpy(&prov_confirmation_inputs[81], prov_ec_q, 64); 532 provisioning_public_key_exchange_complete(); 533 } else { 534 // queue public key pdu 535 printf("DEVICE_SEND_PUB_KEY\n"); 536 device_state = DEVICE_SEND_PUB_KEY; 537 } 538 provisioning_run(); 539 } 540 541 static void provisioning_handle_public_key(uint8_t *packet, uint16_t size){ 542 543 // validate public key 544 if (size != sizeof(remote_ec_q) || btstack_crypto_ecc_p256_validate_public_key(packet) != 0){ 545 printf("Public Key invalid, abort provisioning\n"); 546 provisioning_handle_provisioning_error(0x07); // Unexpected Error 547 return; 548 } 549 550 // stop emit public OOK if specified and send to crypto module 551 if (prov_public_key_oob_available && prov_public_key_oob_used){ 552 provisioning_emit_event(1, MESH_SUBEVENT_PB_PROV_STOP_EMIT_PUBLIC_KEY_OOB); 553 554 printf("Replace generated ECC with Public Key OOB:"); 555 memcpy(prov_ec_q, prov_public_key_oob_q, 64); 556 printf_hexdump(prov_ec_q, sizeof(prov_ec_q)); 557 btstack_crypto_ecc_p256_set_key(prov_public_key_oob_q, prov_public_key_oob_d); 558 } 559 560 // store for confirmation inputs: len 64 561 memcpy(&prov_confirmation_inputs[17], packet, 64); 562 563 // store remote q 564 memcpy(remote_ec_q, packet, sizeof(remote_ec_q)); 565 566 // calculate DHKey 567 btstack_crypto_ecc_p256_calculate_dhkey(&prov_ecc_p256_request, remote_ec_q, dhkey, provisioning_handle_public_key_dhkey, NULL); 568 } 569 570 static void provisioning_handle_confirmation_device_calculated(void * arg){ 571 UNUSED(arg); 572 573 printf("ConfirmationDevice: "); 574 printf_hexdump(confirmation_device, sizeof(confirmation_device)); 575 576 device_state = DEVICE_SEND_CONFIRM; 577 provisioning_run(); 578 } 579 580 static void provisioning_handle_confirmation_random_device(void * arg){ 581 UNUSED(arg); 582 583 // re-use prov_confirmation_inputs buffer 584 memcpy(&prov_confirmation_inputs[0], random_device, 16); 585 memcpy(&prov_confirmation_inputs[16], auth_value, 16); 586 587 // calc confirmation device 588 btstack_crypto_aes128_cmac_message(&prov_cmac_request, confirmation_key, 32, prov_confirmation_inputs, confirmation_device, &provisioning_handle_confirmation_device_calculated, NULL); 589 } 590 591 static void provisioning_handle_confirmation_k1_calculated(void * arg){ 592 UNUSED(arg); 593 594 printf("ConfirmationKey: "); 595 printf_hexdump(confirmation_key, sizeof(confirmation_key)); 596 597 printf("AuthValue: "); 598 printf_hexdump(auth_value, 16); 599 600 // generate random_device 601 btstack_crypto_random_generate(&prov_random_request,random_device, 16, &provisioning_handle_confirmation_random_device, NULL); 602 } 603 604 static void provisioning_handle_confirmation_s1_calculated(void * arg){ 605 UNUSED(arg); 606 607 // ConfirmationSalt 608 printf("ConfirmationSalt: "); 609 printf_hexdump(confirmation_salt, sizeof(confirmation_salt)); 610 611 // ConfirmationKey 612 mesh_k1(&prov_cmac_request, dhkey, sizeof(dhkey), confirmation_salt, (const uint8_t*) "prck", 4, confirmation_key, &provisioning_handle_confirmation_k1_calculated, NULL); 613 } 614 615 static void provisioning_handle_confirmation(uint8_t *packet, uint16_t size){ 616 UNUSED(size); 617 UNUSED(packet); 618 619 // 620 if (prov_emit_output_oob_active){ 621 prov_emit_output_oob_active = 0; 622 provisioning_emit_event(1, MESH_SUBEVENT_PB_PROV_STOP_EMIT_OUTPUT_OOB); 623 } 624 625 // CalculationInputs 626 printf("ConfirmationInputs: "); 627 printf_hexdump(prov_confirmation_inputs, sizeof(prov_confirmation_inputs)); 628 629 // calculate s1 630 btstack_crypto_aes128_cmac_zero(&prov_cmac_request, sizeof(prov_confirmation_inputs), prov_confirmation_inputs, confirmation_salt, &provisioning_handle_confirmation_s1_calculated, NULL); 631 } 632 633 // PROV_RANDOM 634 static void provisioning_handle_random_session_nonce_calculated(void * arg){ 635 UNUSED(arg); 636 637 // The nonce shall be the 13 least significant octets == zero most significant octets 638 uint8_t temp[13]; 639 memcpy(temp, &session_nonce[3], 13); 640 memcpy(session_nonce, temp, 13); 641 642 // SessionNonce 643 printf("SessionNonce: "); 644 printf_hexdump(session_nonce, 13); 645 646 device_state = DEVICE_SEND_RANDOM; 647 provisioning_run(); 648 } 649 650 static void provisioning_handle_random_session_key_calculated(void * arg){ 651 UNUSED(arg); 652 653 // SessionKey 654 printf("SessionKey: "); 655 printf_hexdump(session_key, sizeof(session_key)); 656 657 // SessionNonce 658 mesh_k1(&prov_cmac_request, dhkey, sizeof(dhkey), provisioning_salt, (const uint8_t*) "prsn", 4, session_nonce, &provisioning_handle_random_session_nonce_calculated, NULL); 659 } 660 661 static void provisioning_handle_random_s1_calculated(void * arg){ 662 663 UNUSED(arg); 664 665 // ProvisioningSalt 666 printf("ProvisioningSalt: "); 667 printf_hexdump(provisioning_salt, sizeof(provisioning_salt)); 668 669 // SessionKey 670 mesh_k1(&prov_cmac_request, dhkey, sizeof(dhkey), provisioning_salt, (const uint8_t*) "prsk", 4, session_key, &provisioning_handle_random_session_key_calculated, NULL); 671 } 672 673 static void provisioning_handle_random(uint8_t *packet, uint16_t size){ 674 675 UNUSED(size); 676 UNUSED(packet); 677 678 // TODO: validate Confirmation 679 680 // calc ProvisioningSalt = s1(ConfirmationSalt || RandomProvisioner || RandomDevice) 681 memcpy(&prov_confirmation_inputs[0], confirmation_salt, 16); 682 memcpy(&prov_confirmation_inputs[16], packet, 16); 683 memcpy(&prov_confirmation_inputs[32], random_device, 16); 684 btstack_crypto_aes128_cmac_zero(&prov_cmac_request, 48, prov_confirmation_inputs, provisioning_salt, &provisioning_handle_random_s1_calculated, NULL); 685 } 686 687 // PROV_DATA 688 static void provisioning_handle_network_dervived(void * arg){ 689 UNUSED(arg); 690 691 provisioning_timer_stop(); 692 693 // notify client 694 provisioning_emit_event(1, MESH_SUBEVENT_PB_PROV_COMPLETE); 695 696 device_state = DEVICE_SEND_COMPLETE; 697 provisioning_run(); 698 699 } 700 701 static void provisioning_handle_data_device_key(void * arg){ 702 UNUSED(arg); 703 704 // derive full network key 705 mesh_network_key_derive(&prov_cmac_request, network_key, &provisioning_handle_network_dervived, NULL); 706 } 707 708 static void provisioning_handle_data_ccm(void * arg){ 709 710 UNUSED(arg); 711 712 // TODO: validate MIC? 713 uint8_t mic[8]; 714 btstack_crypto_ccm_get_authentication_value(&prov_ccm_request, mic); 715 printf("MIC: "); 716 printf_hexdump(mic, 8); 717 718 // allocate network key 719 network_key = btstack_memory_mesh_network_key_get(); 720 721 // sort provisoning data 722 memcpy(network_key->net_key, provisioning_data, 16); 723 network_key->netkey_index = big_endian_read_16(provisioning_data, 16); 724 // assume free index available for very first network key 725 network_key->internal_index = mesh_network_key_get_free_index(); 726 flags = provisioning_data[18]; 727 iv_index = big_endian_read_32(provisioning_data, 19); 728 unicast_address = big_endian_read_16(provisioning_data, 23); 729 730 // DeviceKey 731 mesh_k1(&prov_cmac_request, dhkey, sizeof(dhkey), provisioning_salt, (const uint8_t*) "prdk", 4, device_key, &provisioning_handle_data_device_key, NULL); 732 } 733 734 static void provisioning_handle_data(uint8_t *packet, uint16_t size){ 735 736 UNUSED(size); 737 738 memcpy(enc_provisioning_data, packet, 25); 739 740 // decode response 741 btstack_crypto_ccm_init(&prov_ccm_request, session_key, session_nonce, 25, 0, 8); 742 btstack_crypto_ccm_decrypt_block(&prov_ccm_request, 25, enc_provisioning_data, provisioning_data, &provisioning_handle_data_ccm, NULL); 743 } 744 745 static void provisioning_handle_unexpected_pdu(uint8_t *packet, uint16_t size){ 746 UNUSED(size); 747 printf("Unexpected PDU #%u in state #%u\n", packet[0], (int) device_state); 748 provisioning_handle_provisioning_error(0x03); 749 } 750 751 static void provisioning_handle_pdu(uint8_t packet_type, uint16_t channel, uint8_t *packet, uint16_t size){ 752 UNUSED(channel); 753 754 if (size < 1) return; 755 756 switch (packet_type){ 757 case HCI_EVENT_PACKET: 758 if (packet[0] != HCI_EVENT_MESH_META) break; 759 switch (packet[2]){ 760 case MESH_SUBEVENT_PB_TRANSPORT_LINK_OPEN: 761 pb_transport_cid = mesh_subevent_pb_transport_link_open_get_pb_transport_cid(packet); 762 pb_type = mesh_subevent_pb_transport_link_open_get_pb_type(packet); 763 printf("Link opened, reset state, transport cid 0x%02x, PB type %d\n", pb_transport_cid, pb_type); 764 provisioning_done(); 765 break; 766 case MESH_SUBEVENT_PB_TRANSPORT_PDU_SENT: 767 printf("Outgoing packet acked\n"); 768 prov_waiting_for_outgoing_complete = 0; 769 if (device_state == DEVICE_W4_DONE){ 770 provisioning_done(); 771 } 772 break; 773 case MESH_SUBEVENT_PB_TRANSPORT_LINK_CLOSED: 774 printf("Link close, reset state\n"); 775 pb_transport_cid = MESH_PB_TRANSPORT_INVALID_CID; 776 provisioning_done(); 777 break; 778 } 779 break; 780 case PROVISIONING_DATA_PACKET: 781 // check state 782 switch (device_state){ 783 case DEVICE_W4_INVITE: 784 if (packet[0] != MESH_PROV_INVITE) provisioning_handle_unexpected_pdu(packet, size); 785 printf("MESH_PROV_INVITE: "); 786 printf_hexdump(&packet[1], size-1); 787 provisioning_handle_invite(&packet[1], size-1); 788 break; 789 case DEVICE_W4_START: 790 if (packet[0] != MESH_PROV_START) provisioning_handle_unexpected_pdu(packet, size); 791 printf("MESH_PROV_START: "); 792 printf_hexdump(&packet[1], size-1); 793 provisioning_handle_start(&packet[1], size-1); 794 break; 795 case DEVICE_W4_PUB_KEY: 796 if (packet[0] != MESH_PROV_PUB_KEY) provisioning_handle_unexpected_pdu(packet, size); 797 printf("MESH_PROV_PUB_KEY: "); 798 printf_hexdump(&packet[1], size-1); 799 provisioning_handle_public_key(&packet[1], size-1); 800 break; 801 case DEVICE_W4_CONFIRM: 802 if (packet[0] != MESH_PROV_CONFIRM) provisioning_handle_unexpected_pdu(packet, size); 803 printf("MESH_PROV_CONFIRM: "); 804 printf_hexdump(&packet[1], size-1); 805 provisioning_handle_confirmation(&packet[1], size-1); 806 break; 807 case DEVICE_W4_RANDOM: 808 if (packet[0] != MESH_PROV_RANDOM) provisioning_handle_unexpected_pdu(packet, size); 809 printf("MESH_PROV_RANDOM: "); 810 printf_hexdump(&packet[1], size-1); 811 provisioning_handle_random(&packet[1], size-1); 812 break; 813 case DEVICE_W4_DATA: 814 if (packet[0] != MESH_PROV_DATA) provisioning_handle_unexpected_pdu(packet, size); 815 printf("MESH_PROV_DATA: "); 816 provisioning_handle_data(&packet[1], size-1); 817 break; 818 default: 819 break; 820 } 821 break; 822 default: 823 break; 824 } 825 provisioning_run(); 826 } 827 828 static void prov_key_generated(void * arg){ 829 UNUSED(arg); 830 printf("ECC-P256: "); 831 printf_hexdump(prov_ec_q, sizeof(prov_ec_q)); 832 // allow override 833 if (prov_public_key_oob_available){ 834 printf("Replace generated ECC with Public Key OOB:"); 835 memcpy(prov_ec_q, prov_public_key_oob_q, 64); 836 printf_hexdump(prov_ec_q, sizeof(prov_ec_q)); 837 btstack_crypto_ecc_p256_set_key(prov_public_key_oob_q, prov_public_key_oob_d); 838 } 839 } 840 841 void provisioning_device_init(void){ 842 #ifdef ENABLE_MESH_ADV_BEARER 843 // setup PB ADV 844 pb_adv_init(); 845 pb_adv_register_packet_handler(&provisioning_handle_pdu); 846 #endif 847 #ifdef ENABLE_MESH_GATT_BEARER 848 // setup PB GATT 849 pb_gatt_init(); 850 pb_gatt_register_packet_handler(&provisioning_handle_pdu); 851 #endif 852 853 pb_transport_cid = MESH_PB_TRANSPORT_INVALID_CID; 854 855 // init provisioning state and generate ecc key 856 provisioning_done(); 857 } 858 859 void provisioning_device_register_packet_handler(btstack_packet_handler_t packet_handler){ 860 prov_packet_handler = packet_handler; 861 } 862 863 void provisioning_device_set_public_key_oob(const uint8_t * public_key, const uint8_t * private_key){ 864 prov_public_key_oob_q = public_key; 865 prov_public_key_oob_d = private_key; 866 prov_public_key_oob_available = 1; 867 btstack_crypto_ecc_p256_set_key(prov_public_key_oob_q, prov_public_key_oob_d); 868 } 869 870 void provisioning_device_set_static_oob(uint16_t static_oob_len, const uint8_t * static_oob_data){ 871 prov_static_oob_available = 1; 872 prov_static_oob_data = static_oob_data; 873 prov_static_oob_len = btstack_min(static_oob_len, 16); 874 } 875 876 void provisioning_device_set_output_oob_actions(uint16_t supported_output_oob_action_types, uint8_t max_oob_output_size){ 877 prov_output_oob_actions = supported_output_oob_action_types; 878 prov_output_oob_size = max_oob_output_size; 879 } 880 881 void provisioning_device_set_input_oob_actions(uint16_t supported_input_oob_action_types, uint8_t max_oob_input_size){ 882 prov_input_oob_actions = supported_input_oob_action_types; 883 prov_input_oob_size = max_oob_input_size; 884 } 885 886 void provisioning_device_input_oob_complete_numeric(uint16_t pb_adv_cid, uint32_t input_oob){ 887 UNUSED(pb_adv_cid); 888 if (device_state != DEVICE_W4_INPUT_OOK) return; 889 890 // store input_oob as auth value 891 big_endian_store_32(auth_value, 12, input_oob); 892 device_state = DEVICE_SEND_INPUT_COMPLETE; 893 provisioning_run(); 894 } 895 896 void provisioning_device_input_oob_complete_alphanumeric(uint16_t pb_adv_cid, const uint8_t * input_oob_data, uint16_t input_oob_len){ 897 UNUSED(pb_adv_cid); 898 if (device_state != DEVICE_W4_INPUT_OOK) return; 899 900 // store input_oob and fillup with zeros 901 input_oob_len = btstack_min(input_oob_len, 16); 902 memset(auth_value, 0, 16); 903 memcpy(auth_value, input_oob_data, input_oob_len); 904 device_state = DEVICE_SEND_INPUT_COMPLETE; 905 provisioning_run(); 906 } 907 908 void provisioning_device_data_get(mesh_provisioning_data_t * the_provisioning_data){ 909 the_provisioning_data->unicast_address = unicast_address; 910 the_provisioning_data->iv_index = iv_index; 911 the_provisioning_data->flags = flags; 912 memcpy(the_provisioning_data->device_key, device_key, 16); 913 the_provisioning_data->network_key = network_key; 914 } 915