1 /* 2 * Copyright (C) 2017 BlueKitchen GmbH 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the copyright holders nor the names of 14 * contributors may be used to endorse or promote products derived 15 * from this software without specific prior written permission. 16 * 4. Any redistribution, use, or modification is done solely for 17 * personal benefit and not for any commercial purpose or for 18 * monetary gain. 19 * 20 * THIS SOFTWARE IS PROVIDED BY BLUEKITCHEN GMBH AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BLUEKITCHEN 24 * GMBH OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 26 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 27 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 28 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 29 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 30 * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * Please inquire about commercial licensing options at 34 * [email protected] 35 * 36 */ 37 38 #define BTSTACK_FILE__ "provisioning_device.c" 39 40 #include <stdint.h> 41 #include <stdio.h> 42 #include <stdlib.h> 43 #include <string.h> 44 45 #include "btstack_memory.h" 46 #include "btstack_event.h" 47 48 #include "mesh/provisioning_device.h" 49 #include "mesh/mesh_crypto.h" 50 #ifdef ENABLE_MESH_ADV_BEARER 51 #include "mesh/pb_adv.h" 52 #endif 53 #ifdef ENABLE_MESH_GATT_BEARER 54 #include "mesh/pb_gatt.h" 55 #endif 56 #include "mesh/provisioning.h" 57 58 static void prov_key_generated(void * arg); 59 60 // remote ecc 61 static uint8_t remote_ec_q[64]; 62 static uint8_t dhkey[32]; 63 64 static btstack_packet_handler_t prov_packet_handler; 65 66 static uint8_t prov_buffer_out[MESH_PROV_MAX_PROXY_PDU]; 67 // ConfirmationInputs = ProvisioningInvitePDUValue || ProvisioningCapabilitiesPDUValue || ProvisioningStartPDUValue || PublicKeyProvisioner || PublicKeyDevice 68 static uint8_t prov_confirmation_inputs[1 + 11 + 5 + 64 + 64]; 69 static uint8_t prov_authentication_method; 70 static uint8_t prov_public_key_oob_used; 71 static uint8_t prov_emit_public_key_oob_active; 72 static uint8_t prov_emit_output_oob_active; 73 static uint8_t prov_ec_q[64]; 74 75 static const uint8_t * prov_public_key_oob_q; 76 static const uint8_t * prov_public_key_oob_d; 77 78 // num elements 79 static uint8_t prov_num_elements = 1; 80 81 // capabilites 82 static const uint8_t * prov_static_oob_data; 83 84 static uint16_t prov_static_oob_len; 85 static uint16_t prov_output_oob_actions; 86 static uint16_t prov_input_oob_actions; 87 static uint8_t prov_public_key_oob_available; 88 static uint8_t prov_static_oob_available; 89 static uint8_t prov_output_oob_size; 90 static uint8_t prov_input_oob_size; 91 static uint8_t prov_error_code; 92 static uint8_t prov_waiting_for_outgoing_complete; 93 94 static uint8_t prov_attention_timer_timeout; 95 96 static btstack_timer_source_t prov_protocol_timer; 97 98 static btstack_crypto_aes128_cmac_t prov_cmac_request; 99 static btstack_crypto_random_t prov_random_request; 100 static btstack_crypto_ecc_p256_t prov_ecc_p256_request; 101 static btstack_crypto_ccm_t prov_ccm_request; 102 103 // ConfirmationDevice 104 static uint8_t confirmation_device[16]; 105 // ConfirmationSalt 106 static uint8_t confirmation_salt[16]; 107 // ConfirmationKey 108 static uint8_t confirmation_key[16]; 109 // RandomDevice 110 static uint8_t random_device[16]; 111 // ProvisioningSalt 112 static uint8_t provisioning_salt[16]; 113 // AuthValue 114 static uint8_t auth_value[16]; 115 // SessionKey 116 static uint8_t session_key[16]; 117 // SessionNonce 118 static uint8_t session_nonce[16]; 119 // EncProvisioningData 120 static uint8_t enc_provisioning_data[25]; 121 // ProvisioningData 122 static uint8_t provisioning_data[25]; 123 124 // received network_key 125 static mesh_network_key_t * network_key; 126 127 // DeviceKey 128 static uint8_t device_key[16]; 129 130 static uint8_t flags; 131 132 static uint32_t iv_index; 133 static uint16_t unicast_address; 134 135 typedef enum { 136 DEVICE_W4_INVITE, 137 DEVICE_SEND_CAPABILITIES, 138 DEVICE_W4_START, 139 DEVICE_W4_INPUT_OOK, 140 DEVICE_SEND_INPUT_COMPLETE, 141 DEVICE_W4_PUB_KEY, 142 DEVICE_SEND_PUB_KEY, 143 DEVICE_PUB_KEY_SENT, 144 DEVICE_W4_CONFIRM, 145 DEVICE_SEND_CONFIRM, 146 DEVICE_W4_RANDOM, 147 DEVICE_SEND_RANDOM, 148 DEVICE_W4_DATA, 149 DEVICE_SEND_COMPLETE, 150 DEVICE_SEND_ERROR, 151 DEVICE_W4_DONE, 152 } device_state_t; 153 154 static device_state_t device_state; 155 static uint16_t pb_transport_cid; 156 static mesh_pb_type_t pb_type; 157 158 static void pb_send_pdu(uint16_t transport_cid, const uint8_t * buffer, uint16_t buffer_size){ 159 switch (pb_type){ 160 #ifdef ENABLE_MESH_ADV_BEARER 161 case MESH_PB_TYPE_ADV: 162 pb_adv_send_pdu(transport_cid, buffer, buffer_size); 163 break; 164 #endif 165 #ifdef ENABLE_MESH_GATT_BEARER 166 case MESH_PB_TYPE_GATT: 167 pb_gatt_send_pdu(transport_cid, buffer, buffer_size); 168 break; 169 #endif 170 default: 171 break; 172 } 173 } 174 175 static void pb_close_link(uint16_t transport_cid, uint8_t reason){ 176 switch (pb_type){ 177 #ifdef ENABLE_MESH_ADV_BEARER 178 case MESH_PB_TYPE_ADV: 179 pb_adv_close_link(transport_cid, reason); 180 break; 181 #endif 182 #ifdef ENABLE_MESH_GATT_BEARER 183 case MESH_PB_TYPE_GATT: 184 pb_gatt_close_link(transport_cid, reason); 185 break; 186 #endif 187 default: 188 break; 189 } 190 } 191 192 static void provisioning_emit_event(uint16_t pb_adv_cid, uint8_t mesh_subevent){ 193 if (!prov_packet_handler) return; 194 uint8_t event[5] = { HCI_EVENT_MESH_META, 3, mesh_subevent}; 195 little_endian_store_16(event, 3, pb_adv_cid); 196 prov_packet_handler(HCI_EVENT_PACKET, 0, event, sizeof(event)); 197 } 198 199 static void provisioning_emit_output_oob_event(uint16_t pb_adv_cid, uint32_t number){ 200 if (!prov_packet_handler) return; 201 uint8_t event[9] = { HCI_EVENT_MESH_META, 7, MESH_SUBEVENT_PB_PROV_START_EMIT_OUTPUT_OOB}; 202 little_endian_store_16(event, 3, pb_adv_cid); 203 little_endian_store_32(event, 5, number); 204 prov_packet_handler(HCI_EVENT_PACKET, 0, event, sizeof(event)); 205 } 206 207 static void provisioning_emit_attention_timer_event(uint16_t pb_adv_cid, uint8_t timer_s){ 208 if (!prov_packet_handler) return; 209 uint8_t event[6] = { HCI_EVENT_MESH_META, 4, MESH_SUBEVENT_PB_PROV_ATTENTION_TIMER}; 210 little_endian_store_16(event, 3, pb_adv_cid); 211 event[5] = timer_s; 212 prov_packet_handler(HCI_EVENT_PACKET, 0, event, sizeof(event)); 213 } 214 215 static void provisiong_timer_handler(btstack_timer_source_t * ts){ 216 UNUSED(ts); 217 printf("Provisioning Protocol Timeout -> Close Link!\n"); 218 pb_close_link(1, 1); 219 } 220 221 // The provisioning protocol shall have a minimum timeout of 60 seconds that is reset 222 // each time a provisioning protocol PDU is sent or received 223 static void provisioning_timer_start(void){ 224 btstack_run_loop_remove_timer(&prov_protocol_timer); 225 btstack_run_loop_set_timer_handler(&prov_protocol_timer, &provisiong_timer_handler); 226 btstack_run_loop_set_timer(&prov_protocol_timer, PROVISIONING_PROTOCOL_TIMEOUT_MS); 227 btstack_run_loop_add_timer(&prov_protocol_timer); 228 } 229 230 static void provisioning_timer_stop(void){ 231 btstack_run_loop_remove_timer(&prov_protocol_timer); 232 } 233 234 235 // Outgoing Provisioning PDUs 236 static void provisioning_send_provisioning_error(void){ 237 // setup response 238 prov_buffer_out[0] = MESH_PROV_FAILED; 239 prov_buffer_out[1] = prov_error_code; 240 pb_send_pdu(pb_transport_cid, prov_buffer_out, 2); 241 } 242 243 static void provisioning_send_capabilites(void){ 244 // setup response 245 prov_buffer_out[0] = MESH_PROV_CAPABILITIES; 246 247 /* Number of Elements supported */ 248 prov_buffer_out[1] = prov_num_elements; 249 250 /* Supported algorithms - FIPS P-256 Eliptic Curve */ 251 big_endian_store_16(prov_buffer_out, 2, 1); 252 253 /* Public Key Type - Public Key OOB information available */ 254 prov_buffer_out[4] = prov_public_key_oob_available; 255 256 /* Static OOB Type - Static OOB information available */ 257 prov_buffer_out[5] = prov_static_oob_available; 258 259 /* Output OOB Size - max of 8 */ 260 prov_buffer_out[6] = prov_output_oob_size; 261 262 /* Output OOB Action */ 263 big_endian_store_16(prov_buffer_out, 7, prov_output_oob_actions); 264 265 /* Input OOB Size - max of 8*/ 266 prov_buffer_out[9] = prov_input_oob_size; 267 268 /* Input OOB Action */ 269 big_endian_store_16(prov_buffer_out, 10, prov_input_oob_actions); 270 271 // store for confirmation inputs: len 11 272 (void)memcpy(&prov_confirmation_inputs[1], &prov_buffer_out[1], 11); 273 274 // send 275 276 pb_send_pdu(pb_transport_cid, prov_buffer_out, 12); 277 } 278 279 static void provisioning_send_public_key(void){ 280 // setup response 281 prov_buffer_out[0] = MESH_PROV_PUB_KEY; 282 (void)memcpy(&prov_buffer_out[1], prov_ec_q, 64); 283 284 // store for confirmation inputs: len 64 285 (void)memcpy(&prov_confirmation_inputs[81], &prov_buffer_out[1], 64); 286 287 // send 288 pb_send_pdu(pb_transport_cid, prov_buffer_out, 65); 289 } 290 291 static void provisioning_send_input_complete(void){ 292 // setup response 293 prov_buffer_out[0] = MESH_PROV_INPUT_COMPLETE; 294 295 // send 296 pb_send_pdu(pb_transport_cid, prov_buffer_out, 17); 297 } 298 static void provisioning_send_confirm(void){ 299 // setup response 300 prov_buffer_out[0] = MESH_PROV_CONFIRM; 301 (void)memcpy(&prov_buffer_out[1], confirmation_device, 16); 302 303 // send 304 pb_send_pdu(pb_transport_cid, prov_buffer_out, 17); 305 } 306 307 static void provisioning_send_random(void){ 308 // setup response 309 prov_buffer_out[0] = MESH_PROV_RANDOM; 310 (void)memcpy(&prov_buffer_out[1], random_device, 16); 311 312 // send pdu 313 pb_send_pdu(pb_transport_cid, prov_buffer_out, 17); 314 } 315 316 static void provisioning_send_complete(void){ 317 // setup response 318 prov_buffer_out[0] = MESH_PROV_COMPLETE; 319 320 // send pdu 321 pb_send_pdu(pb_transport_cid, prov_buffer_out, 1); 322 } 323 324 static void provisioning_done(void){ 325 if (prov_emit_public_key_oob_active){ 326 prov_emit_public_key_oob_active = 0; 327 provisioning_emit_event(1, MESH_SUBEVENT_PB_PROV_STOP_EMIT_PUBLIC_KEY_OOB); 328 } 329 if (prov_emit_output_oob_active){ 330 prov_emit_output_oob_active = 0; 331 provisioning_emit_event(1, MESH_SUBEVENT_PB_PROV_STOP_EMIT_OUTPUT_OOB); 332 } 333 if (prov_attention_timer_timeout){ 334 prov_attention_timer_timeout = 0; 335 provisioning_emit_attention_timer_event(1, 0); 336 } 337 device_state = DEVICE_W4_INVITE; 338 339 // generate new public key 340 printf("Generate new public key\n"); 341 btstack_crypto_ecc_p256_generate_key(&prov_ecc_p256_request, prov_ec_q, &prov_key_generated, NULL); 342 } 343 344 static void provisioning_handle_auth_value_output_oob(void * arg){ 345 UNUSED(arg); 346 // limit auth value to single digit 347 auth_value[15] = auth_value[15] % 9 + 1; 348 349 printf("Output OOB: %u\n", auth_value[15]); 350 351 // emit output oob value 352 provisioning_emit_output_oob_event(1, auth_value[15]); 353 prov_emit_output_oob_active = 1; 354 } 355 356 static void provisioning_public_key_exchange_complete(void){ 357 358 // reset auth_value 359 memset(auth_value, 0, sizeof(auth_value)); 360 361 // handle authentication method 362 switch (prov_authentication_method){ 363 case 0x00: 364 device_state = DEVICE_W4_CONFIRM; 365 break; 366 case 0x01: 367 (void)memcpy(&auth_value[16 - prov_static_oob_len], 368 prov_static_oob_data, prov_static_oob_len); 369 device_state = DEVICE_W4_CONFIRM; 370 break; 371 case 0x02: 372 device_state = DEVICE_W4_CONFIRM; 373 printf("Generate random for auth_value\n"); 374 // generate single byte of random data to use for authentication 375 btstack_crypto_random_generate(&prov_random_request, &auth_value[15], 1, &provisioning_handle_auth_value_output_oob, NULL); 376 break; 377 case 0x03: 378 // Input OOB 379 printf("Input OOB requested\n"); 380 provisioning_emit_event(1, MESH_SUBEVENT_PB_PROV_INPUT_OOB_REQUEST); 381 device_state = DEVICE_W4_INPUT_OOK; 382 break; 383 default: 384 break; 385 } 386 } 387 388 static void provisioning_run(void){ 389 printf("provisioning_run: state %x, wait for outgoing complete %u\n", device_state, prov_waiting_for_outgoing_complete); 390 if (prov_waiting_for_outgoing_complete) return; 391 int start_timer = 1; 392 switch (device_state){ 393 case DEVICE_SEND_ERROR: 394 start_timer = 0; // game over 395 device_state = DEVICE_W4_DONE; 396 prov_waiting_for_outgoing_complete = 1; 397 provisioning_send_provisioning_error(); 398 break; 399 case DEVICE_SEND_CAPABILITIES: 400 device_state = DEVICE_W4_START; 401 prov_waiting_for_outgoing_complete = 1; 402 provisioning_send_capabilites(); 403 break; 404 case DEVICE_SEND_INPUT_COMPLETE: 405 device_state = DEVICE_W4_CONFIRM; 406 prov_waiting_for_outgoing_complete = 1; 407 provisioning_send_input_complete(); 408 break; 409 case DEVICE_SEND_PUB_KEY: 410 device_state = DEVICE_PUB_KEY_SENT; 411 prov_waiting_for_outgoing_complete = 1; 412 provisioning_send_public_key(); 413 provisioning_public_key_exchange_complete(); 414 break; 415 case DEVICE_SEND_CONFIRM: 416 device_state = DEVICE_W4_RANDOM; 417 prov_waiting_for_outgoing_complete = 1; 418 provisioning_send_confirm(); 419 break; 420 case DEVICE_SEND_RANDOM: 421 device_state = DEVICE_W4_DATA; 422 prov_waiting_for_outgoing_complete = 1; 423 provisioning_send_random(); 424 break; 425 case DEVICE_SEND_COMPLETE: 426 start_timer = 0; // last message 427 device_state = DEVICE_W4_DONE; 428 prov_waiting_for_outgoing_complete = 1; 429 provisioning_send_complete(); 430 break; 431 default: 432 return; 433 } 434 if (start_timer){ 435 provisioning_timer_start(); 436 } 437 } 438 439 static void provisioning_handle_provisioning_error(uint8_t error_code){ 440 printf("PROVISIONING ERROR\n"); 441 provisioning_timer_stop(); 442 prov_error_code = error_code; 443 device_state = DEVICE_SEND_ERROR; 444 provisioning_run(); 445 } 446 447 static void provisioning_handle_invite(uint8_t *packet, uint16_t size){ 448 449 if (size != 1) return; 450 451 // store for confirmation inputs: len 1 452 (void)memcpy(&prov_confirmation_inputs[0], packet, 1); 453 454 // handle invite message 455 prov_attention_timer_timeout = packet[0]; 456 if (prov_attention_timer_timeout){ 457 provisioning_emit_attention_timer_event(pb_transport_cid, prov_attention_timer_timeout); 458 } 459 460 device_state = DEVICE_SEND_CAPABILITIES; 461 provisioning_run(); 462 } 463 464 static void provisioning_handle_start(uint8_t * packet, uint16_t size){ 465 466 if (size != 5) return; 467 468 // validate Algorithm 469 int ok = 1; 470 if (packet[0] > 0x00){ 471 ok = 0; 472 } 473 // validate Publik Key 474 if (packet[1] > 0x01){ 475 ok = 0; 476 } 477 // validate Authentication Method 478 switch (packet[2]){ 479 case 0: 480 case 1: 481 if (packet[3] != 0 || packet[4] != 0){ 482 ok = 0; 483 break; 484 } 485 break; 486 case 2: 487 if (packet[3] > 0x04 || packet[4] == 0 || packet[4] > 0x08){ 488 ok = 0; 489 break; 490 } 491 break; 492 case 3: 493 if (packet[3] > 0x03 || packet[4] == 0 || packet[4] > 0x08){ 494 ok = 0; 495 break; 496 } 497 break; 498 default: 499 // TODO check 500 break; 501 } 502 if (!ok){ 503 printf("PROV_START arguments incorrect\n"); 504 provisioning_handle_provisioning_error(0x02); 505 return; 506 } 507 508 // store for confirmation inputs: len 5 509 (void)memcpy(&prov_confirmation_inputs[12], packet, 5); 510 511 // public key oob 512 prov_public_key_oob_used = packet[1]; 513 514 // authentication method 515 prov_authentication_method = packet[2]; 516 517 // start emit public OOK if specified 518 if (prov_public_key_oob_available && prov_public_key_oob_used){ 519 provisioning_emit_event(1, MESH_SUBEVENT_PB_PROV_START_EMIT_PUBLIC_KEY_OOB); 520 } 521 522 printf("PublicKey: %02x\n", prov_public_key_oob_used); 523 printf("AuthMethod: %02x\n", prov_authentication_method); 524 525 device_state = DEVICE_W4_PUB_KEY; 526 provisioning_run(); 527 } 528 529 static void provisioning_handle_public_key_dhkey(void * arg){ 530 UNUSED(arg); 531 532 printf("DHKEY: "); 533 printf_hexdump(dhkey, sizeof(dhkey)); 534 535 // skip sending own public key when public key oob is used 536 if (prov_public_key_oob_available && prov_public_key_oob_used){ 537 // just copy key for confirmation inputs 538 (void)memcpy(&prov_confirmation_inputs[81], prov_ec_q, 64); 539 provisioning_public_key_exchange_complete(); 540 } else { 541 // queue public key pdu 542 printf("DEVICE_SEND_PUB_KEY\n"); 543 device_state = DEVICE_SEND_PUB_KEY; 544 } 545 provisioning_run(); 546 } 547 548 static void provisioning_handle_public_key(uint8_t *packet, uint16_t size){ 549 550 // validate public key 551 if (size != sizeof(remote_ec_q) || btstack_crypto_ecc_p256_validate_public_key(packet) != 0){ 552 printf("Public Key invalid, abort provisioning\n"); 553 provisioning_handle_provisioning_error(0x07); // Unexpected Error 554 return; 555 } 556 557 // stop emit public OOK if specified and send to crypto module 558 if (prov_public_key_oob_available && prov_public_key_oob_used){ 559 provisioning_emit_event(1, MESH_SUBEVENT_PB_PROV_STOP_EMIT_PUBLIC_KEY_OOB); 560 561 printf("Replace generated ECC with Public Key OOB:"); 562 (void)memcpy(prov_ec_q, prov_public_key_oob_q, 64); 563 printf_hexdump(prov_ec_q, sizeof(prov_ec_q)); 564 btstack_crypto_ecc_p256_set_key(prov_public_key_oob_q, prov_public_key_oob_d); 565 } 566 567 // store for confirmation inputs: len 64 568 (void)memcpy(&prov_confirmation_inputs[17], packet, 64); 569 570 // store remote q 571 (void)memcpy(remote_ec_q, packet, sizeof(remote_ec_q)); 572 573 // calculate DHKey 574 btstack_crypto_ecc_p256_calculate_dhkey(&prov_ecc_p256_request, remote_ec_q, dhkey, provisioning_handle_public_key_dhkey, NULL); 575 } 576 577 static void provisioning_handle_confirmation_device_calculated(void * arg){ 578 UNUSED(arg); 579 580 printf("ConfirmationDevice: "); 581 printf_hexdump(confirmation_device, sizeof(confirmation_device)); 582 583 device_state = DEVICE_SEND_CONFIRM; 584 provisioning_run(); 585 } 586 587 static void provisioning_handle_confirmation_random_device(void * arg){ 588 UNUSED(arg); 589 590 // re-use prov_confirmation_inputs buffer 591 (void)memcpy(&prov_confirmation_inputs[0], random_device, 16); 592 (void)memcpy(&prov_confirmation_inputs[16], auth_value, 16); 593 594 // calc confirmation device 595 btstack_crypto_aes128_cmac_message(&prov_cmac_request, confirmation_key, 32, prov_confirmation_inputs, confirmation_device, &provisioning_handle_confirmation_device_calculated, NULL); 596 } 597 598 static void provisioning_handle_confirmation_k1_calculated(void * arg){ 599 UNUSED(arg); 600 601 printf("ConfirmationKey: "); 602 printf_hexdump(confirmation_key, sizeof(confirmation_key)); 603 604 printf("AuthValue: "); 605 printf_hexdump(auth_value, 16); 606 607 // generate random_device 608 btstack_crypto_random_generate(&prov_random_request,random_device, 16, &provisioning_handle_confirmation_random_device, NULL); 609 } 610 611 static void provisioning_handle_confirmation_s1_calculated(void * arg){ 612 UNUSED(arg); 613 614 // ConfirmationSalt 615 printf("ConfirmationSalt: "); 616 printf_hexdump(confirmation_salt, sizeof(confirmation_salt)); 617 618 // ConfirmationKey 619 mesh_k1(&prov_cmac_request, dhkey, sizeof(dhkey), confirmation_salt, (const uint8_t*) "prck", 4, confirmation_key, &provisioning_handle_confirmation_k1_calculated, NULL); 620 } 621 622 static void provisioning_handle_confirmation(uint8_t *packet, uint16_t size){ 623 UNUSED(size); 624 UNUSED(packet); 625 626 // 627 if (prov_emit_output_oob_active){ 628 prov_emit_output_oob_active = 0; 629 provisioning_emit_event(1, MESH_SUBEVENT_PB_PROV_STOP_EMIT_OUTPUT_OOB); 630 } 631 632 // CalculationInputs 633 printf("ConfirmationInputs: "); 634 printf_hexdump(prov_confirmation_inputs, sizeof(prov_confirmation_inputs)); 635 636 // calculate s1 637 btstack_crypto_aes128_cmac_zero(&prov_cmac_request, sizeof(prov_confirmation_inputs), prov_confirmation_inputs, confirmation_salt, &provisioning_handle_confirmation_s1_calculated, NULL); 638 } 639 640 // PROV_RANDOM 641 static void provisioning_handle_random_session_nonce_calculated(void * arg){ 642 UNUSED(arg); 643 644 // The nonce shall be the 13 least significant octets == zero most significant octets 645 uint8_t temp[13]; 646 (void)memcpy(temp, &session_nonce[3], 13); 647 (void)memcpy(session_nonce, temp, 13); 648 649 // SessionNonce 650 printf("SessionNonce: "); 651 printf_hexdump(session_nonce, 13); 652 653 device_state = DEVICE_SEND_RANDOM; 654 provisioning_run(); 655 } 656 657 static void provisioning_handle_random_session_key_calculated(void * arg){ 658 UNUSED(arg); 659 660 // SessionKey 661 printf("SessionKey: "); 662 printf_hexdump(session_key, sizeof(session_key)); 663 664 // SessionNonce 665 mesh_k1(&prov_cmac_request, dhkey, sizeof(dhkey), provisioning_salt, (const uint8_t*) "prsn", 4, session_nonce, &provisioning_handle_random_session_nonce_calculated, NULL); 666 } 667 668 static void provisioning_handle_random_s1_calculated(void * arg){ 669 670 UNUSED(arg); 671 672 // ProvisioningSalt 673 printf("ProvisioningSalt: "); 674 printf_hexdump(provisioning_salt, sizeof(provisioning_salt)); 675 676 // SessionKey 677 mesh_k1(&prov_cmac_request, dhkey, sizeof(dhkey), provisioning_salt, (const uint8_t*) "prsk", 4, session_key, &provisioning_handle_random_session_key_calculated, NULL); 678 } 679 680 static void provisioning_handle_random(uint8_t *packet, uint16_t size){ 681 682 UNUSED(size); 683 UNUSED(packet); 684 685 // TODO: validate Confirmation 686 687 // calc ProvisioningSalt = s1(ConfirmationSalt || RandomProvisioner || RandomDevice) 688 (void)memcpy(&prov_confirmation_inputs[0], confirmation_salt, 16); 689 (void)memcpy(&prov_confirmation_inputs[16], packet, 16); 690 (void)memcpy(&prov_confirmation_inputs[32], random_device, 16); 691 btstack_crypto_aes128_cmac_zero(&prov_cmac_request, 48, prov_confirmation_inputs, provisioning_salt, &provisioning_handle_random_s1_calculated, NULL); 692 } 693 694 // PROV_DATA 695 static void provisioning_handle_network_dervived(void * arg){ 696 UNUSED(arg); 697 698 provisioning_timer_stop(); 699 700 // notify client 701 provisioning_emit_event(1, MESH_SUBEVENT_PB_PROV_COMPLETE); 702 703 device_state = DEVICE_SEND_COMPLETE; 704 provisioning_run(); 705 706 } 707 708 static void provisioning_handle_data_device_key(void * arg){ 709 UNUSED(arg); 710 711 // derive full network key 712 mesh_network_key_derive(&prov_cmac_request, network_key, &provisioning_handle_network_dervived, NULL); 713 } 714 715 static void provisioning_handle_data_ccm(void * arg){ 716 717 UNUSED(arg); 718 719 // TODO: validate MIC? 720 uint8_t mic[8]; 721 btstack_crypto_ccm_get_authentication_value(&prov_ccm_request, mic); 722 printf("MIC: "); 723 printf_hexdump(mic, 8); 724 725 // allocate network key 726 network_key = btstack_memory_mesh_network_key_get(); 727 728 // sort provisoning data 729 (void)memcpy(network_key->net_key, provisioning_data, 16); 730 network_key->netkey_index = big_endian_read_16(provisioning_data, 16); 731 // assume free index available for very first network key 732 network_key->internal_index = mesh_network_key_get_free_index(); 733 flags = provisioning_data[18]; 734 iv_index = big_endian_read_32(provisioning_data, 19); 735 unicast_address = big_endian_read_16(provisioning_data, 23); 736 737 // DeviceKey 738 mesh_k1(&prov_cmac_request, dhkey, sizeof(dhkey), provisioning_salt, (const uint8_t*) "prdk", 4, device_key, &provisioning_handle_data_device_key, NULL); 739 } 740 741 static void provisioning_handle_data(uint8_t *packet, uint16_t size){ 742 743 UNUSED(size); 744 745 (void)memcpy(enc_provisioning_data, packet, 25); 746 747 // decode response 748 btstack_crypto_ccm_init(&prov_ccm_request, session_key, session_nonce, 25, 0, 8); 749 btstack_crypto_ccm_decrypt_block(&prov_ccm_request, 25, enc_provisioning_data, provisioning_data, &provisioning_handle_data_ccm, NULL); 750 } 751 752 static void provisioning_handle_unexpected_pdu(uint8_t *packet, uint16_t size){ 753 UNUSED(size); 754 printf("Unexpected PDU #%u in state #%u\n", packet[0], (int) device_state); 755 provisioning_handle_provisioning_error(0x03); 756 } 757 758 static void provisioning_handle_pdu(uint8_t packet_type, uint16_t channel, uint8_t *packet, uint16_t size){ 759 UNUSED(channel); 760 761 if (size < 1) return; 762 763 switch (packet_type){ 764 case HCI_EVENT_PACKET: 765 766 if (hci_event_packet_get_type(packet) != HCI_EVENT_MESH_META) break; 767 768 switch (hci_event_mesh_meta_get_subevent_code(packet)){ 769 case MESH_SUBEVENT_PB_TRANSPORT_LINK_OPEN: 770 pb_transport_cid = mesh_subevent_pb_transport_link_open_get_pb_transport_cid(packet); 771 pb_type = mesh_subevent_pb_transport_link_open_get_pb_type(packet); 772 printf("Link opened, reset state, transport cid 0x%02x, PB type %d\n", pb_transport_cid, pb_type); 773 provisioning_done(); 774 break; 775 case MESH_SUBEVENT_PB_TRANSPORT_PDU_SENT: 776 printf("Outgoing packet acked\n"); 777 prov_waiting_for_outgoing_complete = 0; 778 if (device_state == DEVICE_W4_DONE){ 779 pb_close_link(1, 0); 780 provisioning_done(); 781 } 782 break; 783 case MESH_SUBEVENT_PB_TRANSPORT_LINK_CLOSED: 784 printf("Link close, reset state\n"); 785 pb_transport_cid = MESH_PB_TRANSPORT_INVALID_CID; 786 provisioning_done(); 787 break; 788 default: 789 break; 790 } 791 break; 792 case PROVISIONING_DATA_PACKET: 793 // check state 794 switch (device_state){ 795 case DEVICE_W4_INVITE: 796 if (packet[0] != MESH_PROV_INVITE) provisioning_handle_unexpected_pdu(packet, size); 797 printf("MESH_PROV_INVITE: "); 798 printf_hexdump(&packet[1], size-1); 799 provisioning_handle_invite(&packet[1], size-1); 800 break; 801 case DEVICE_W4_START: 802 if (packet[0] != MESH_PROV_START) provisioning_handle_unexpected_pdu(packet, size); 803 printf("MESH_PROV_START: "); 804 printf_hexdump(&packet[1], size-1); 805 provisioning_handle_start(&packet[1], size-1); 806 break; 807 case DEVICE_W4_PUB_KEY: 808 if (packet[0] != MESH_PROV_PUB_KEY) provisioning_handle_unexpected_pdu(packet, size); 809 printf("MESH_PROV_PUB_KEY: "); 810 printf_hexdump(&packet[1], size-1); 811 provisioning_handle_public_key(&packet[1], size-1); 812 break; 813 case DEVICE_W4_CONFIRM: 814 if (packet[0] != MESH_PROV_CONFIRM) provisioning_handle_unexpected_pdu(packet, size); 815 printf("MESH_PROV_CONFIRM: "); 816 printf_hexdump(&packet[1], size-1); 817 provisioning_handle_confirmation(&packet[1], size-1); 818 break; 819 case DEVICE_W4_RANDOM: 820 if (packet[0] != MESH_PROV_RANDOM) provisioning_handle_unexpected_pdu(packet, size); 821 printf("MESH_PROV_RANDOM: "); 822 printf_hexdump(&packet[1], size-1); 823 provisioning_handle_random(&packet[1], size-1); 824 break; 825 case DEVICE_W4_DATA: 826 if (packet[0] != MESH_PROV_DATA) provisioning_handle_unexpected_pdu(packet, size); 827 printf("MESH_PROV_DATA: "); 828 provisioning_handle_data(&packet[1], size-1); 829 break; 830 default: 831 break; 832 } 833 break; 834 default: 835 break; 836 } 837 provisioning_run(); 838 } 839 840 static void prov_key_generated(void * arg){ 841 UNUSED(arg); 842 printf("ECC-P256: "); 843 printf_hexdump(prov_ec_q, sizeof(prov_ec_q)); 844 // allow override 845 if (prov_public_key_oob_available){ 846 printf("Replace generated ECC with Public Key OOB:"); 847 (void)memcpy(prov_ec_q, prov_public_key_oob_q, 64); 848 printf_hexdump(prov_ec_q, sizeof(prov_ec_q)); 849 btstack_crypto_ecc_p256_set_key(prov_public_key_oob_q, prov_public_key_oob_d); 850 } 851 } 852 853 void provisioning_device_init(void){ 854 #ifdef ENABLE_MESH_ADV_BEARER 855 // setup PB ADV 856 pb_adv_init(); 857 pb_adv_register_device_packet_handler(&provisioning_handle_pdu); 858 #endif 859 #ifdef ENABLE_MESH_GATT_BEARER 860 // setup PB GATT 861 pb_gatt_init(); 862 pb_gatt_register_packet_handler(&provisioning_handle_pdu); 863 #endif 864 865 pb_transport_cid = MESH_PB_TRANSPORT_INVALID_CID; 866 867 // init provisioning state and generate ecc key 868 provisioning_done(); 869 } 870 871 void provisioning_device_register_packet_handler(btstack_packet_handler_t packet_handler){ 872 prov_packet_handler = packet_handler; 873 } 874 875 void provisioning_device_set_public_key_oob(const uint8_t * public_key, const uint8_t * private_key){ 876 prov_public_key_oob_q = public_key; 877 prov_public_key_oob_d = private_key; 878 prov_public_key_oob_available = 1; 879 btstack_crypto_ecc_p256_set_key(prov_public_key_oob_q, prov_public_key_oob_d); 880 } 881 882 void provisioning_device_set_static_oob(uint16_t static_oob_len, const uint8_t * static_oob_data){ 883 prov_static_oob_available = 1; 884 prov_static_oob_data = static_oob_data; 885 prov_static_oob_len = btstack_min(static_oob_len, 16); 886 } 887 888 void provisioning_device_set_output_oob_actions(uint16_t supported_output_oob_action_types, uint8_t max_oob_output_size){ 889 prov_output_oob_actions = supported_output_oob_action_types; 890 prov_output_oob_size = max_oob_output_size; 891 } 892 893 void provisioning_device_set_input_oob_actions(uint16_t supported_input_oob_action_types, uint8_t max_oob_input_size){ 894 prov_input_oob_actions = supported_input_oob_action_types; 895 prov_input_oob_size = max_oob_input_size; 896 } 897 898 void provisioning_device_input_oob_complete_numeric(uint16_t pb_adv_cid, uint32_t input_oob){ 899 UNUSED(pb_adv_cid); 900 if (device_state != DEVICE_W4_INPUT_OOK) return; 901 902 // store input_oob as auth value 903 big_endian_store_32(auth_value, 12, input_oob); 904 device_state = DEVICE_SEND_INPUT_COMPLETE; 905 provisioning_run(); 906 } 907 908 void provisioning_device_input_oob_complete_alphanumeric(uint16_t pb_adv_cid, const uint8_t * input_oob_data, uint16_t input_oob_len){ 909 UNUSED(pb_adv_cid); 910 if (device_state != DEVICE_W4_INPUT_OOK) return; 911 912 // store input_oob and fillup with zeros 913 input_oob_len = btstack_min(input_oob_len, 16); 914 memset(auth_value, 0, 16); 915 (void)memcpy(auth_value, input_oob_data, input_oob_len); 916 device_state = DEVICE_SEND_INPUT_COMPLETE; 917 provisioning_run(); 918 } 919 920 void provisioning_device_data_get(mesh_provisioning_data_t * the_provisioning_data){ 921 the_provisioning_data->unicast_address = unicast_address; 922 the_provisioning_data->iv_index = iv_index; 923 the_provisioning_data->flags = flags; 924 (void)memcpy(the_provisioning_data->device_key, device_key, 16); 925 the_provisioning_data->network_key = network_key; 926 } 927