xref: /btstack/src/mesh/provisioning_device.c (revision b6fc147f78a37f3479b846963ca40c9b931f6e2f)
1 /*
2  * Copyright (C) 2017 BlueKitchen GmbH
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  *
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 3. Neither the name of the copyright holders nor the names of
14  *    contributors may be used to endorse or promote products derived
15  *    from this software without specific prior written permission.
16  * 4. Any redistribution, use, or modification is done solely for
17  *    personal benefit and not for any commercial purpose or for
18  *    monetary gain.
19  *
20  * THIS SOFTWARE IS PROVIDED BY BLUEKITCHEN GMBH AND CONTRIBUTORS
21  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MATTHIAS
24  * RINGWALD OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
25  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
26  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
27  * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
28  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
29  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
30  * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  *
33  * Please inquire about commercial licensing options at
34  * [email protected]
35  *
36  */
37 
38 #define __BTSTACK_FILE__ "provisioning_device.c"
39 
40 #include <stdint.h>
41 #include <stdio.h>
42 #include <stdlib.h>
43 #include <string.h>
44 
45 #include "btstack.h"
46 #include "btstack_memory.h"
47 
48 #include "mesh/mesh_crypto.h"
49 #include "mesh/pb_adv.h"
50 #include "mesh/pb_gatt.h"
51 #include "mesh/provisioning.h"
52 
53 static void prov_key_generated(void * arg);
54 
55 // remote ecc
56 static uint8_t remote_ec_q[64];
57 static uint8_t dhkey[32];
58 
59 static btstack_packet_handler_t prov_packet_handler;
60 
61 static uint8_t  prov_buffer_out[MESH_PROV_MAX_PROXY_PDU];
62 // ConfirmationInputs = ProvisioningInvitePDUValue || ProvisioningCapabilitiesPDUValue || ProvisioningStartPDUValue || PublicKeyProvisioner || PublicKeyDevice
63 static uint8_t  prov_confirmation_inputs[1 + 11 + 5 + 64 + 64];
64 static uint8_t  prov_authentication_method;
65 static uint8_t  prov_public_key_oob_used;
66 static uint8_t  prov_emit_public_key_oob_active;
67 static uint8_t  prov_emit_output_oob_active;
68 static uint8_t  prov_ec_q[64];
69 
70 static const uint8_t * prov_public_key_oob_q;
71 static const uint8_t * prov_public_key_oob_d;
72 
73 // num elements
74 static uint8_t  prov_num_elements = 1;
75 
76 // capabilites
77 static const uint8_t * prov_static_oob_data;
78 
79 static uint16_t  prov_static_oob_len;
80 static uint16_t  prov_output_oob_actions;
81 static uint16_t  prov_input_oob_actions;
82 static uint8_t   prov_public_key_oob_available;
83 static uint8_t   prov_static_oob_available;
84 static uint8_t   prov_output_oob_size;
85 static uint8_t   prov_input_oob_size;
86 static uint8_t   prov_error_code;
87 static uint8_t   prov_waiting_for_outgoing_complete;
88 
89 static uint8_t                      prov_attention_timer_timeout;
90 
91 static btstack_timer_source_t       prov_protocol_timer;
92 
93 static btstack_crypto_aes128_cmac_t prov_cmac_request;
94 static btstack_crypto_random_t      prov_random_request;
95 static btstack_crypto_ecc_p256_t    prov_ecc_p256_request;
96 static btstack_crypto_ccm_t         prov_ccm_request;
97 
98 // ConfirmationDevice
99 static uint8_t confirmation_device[16];
100 // ConfirmationSalt
101 static uint8_t confirmation_salt[16];
102 // ConfirmationKey
103 static uint8_t confirmation_key[16];
104 // RandomDevice
105 static uint8_t random_device[16];
106 // ProvisioningSalt
107 static uint8_t provisioning_salt[16];
108 // AuthValue
109 static uint8_t auth_value[16];
110 // SessionKey
111 static uint8_t session_key[16];
112 // SessionNonce
113 static uint8_t session_nonce[16];
114 // EncProvisioningData
115 static uint8_t enc_provisioning_data[25];
116 // ProvisioningData
117 static uint8_t provisioning_data[25];
118 
119 // received network_key
120 static mesh_network_key_t * network_key;
121 
122 // DeviceKey
123 static uint8_t device_key[16];
124 
125 static uint8_t  flags;
126 
127 static uint32_t iv_index;
128 static uint16_t unicast_address;
129 
130 typedef enum {
131     DEVICE_W4_INVITE,
132     DEVICE_SEND_CAPABILITIES,
133     DEVICE_W4_START,
134     DEVICE_W4_INPUT_OOK,
135     DEVICE_SEND_INPUT_COMPLETE,
136     DEVICE_W4_PUB_KEY,
137     DEVICE_SEND_PUB_KEY,
138     DEVICE_W4_CONFIRM,
139     DEVICE_SEND_CONFIRM,
140     DEVICE_W4_RANDOM,
141     DEVICE_SEND_RANDOM,
142     DEVICE_W4_DATA,
143     DEVICE_SEND_COMPLETE,
144     DEVICE_SEND_ERROR,
145 } device_state_t;
146 
147 static device_state_t device_state;
148 static uint16_t pb_transport_cid;
149 static pb_type_t pb_type;
150 
151 static void pb_send_pdu(uint16_t transport_cid, const uint8_t * buffer, uint16_t buffer_size){
152     switch (pb_type){
153         case PB_TYPE_ADV:
154             pb_adv_send_pdu(transport_cid, buffer, buffer_size);
155             break;
156         case PB_TYPE_GATT:
157             pb_gatt_send_pdu(transport_cid, buffer, buffer_size);
158             break;
159     }
160 }
161 
162 static void pb_close_link(uint16_t transport_cid, uint8_t reason){
163     switch (pb_type){
164         case PB_TYPE_ADV:
165             pb_adv_close_link(transport_cid, reason);
166             break;
167         case PB_TYPE_GATT:
168             pb_gatt_close_link(transport_cid, reason);
169             break;
170     }
171 }
172 
173 static void provisioning_emit_event(uint16_t pb_adv_cid, uint8_t mesh_subevent){
174     if (!prov_packet_handler) return;
175     uint8_t event[5] = { HCI_EVENT_MESH_META, 3, mesh_subevent};
176     little_endian_store_16(event, 3, pb_adv_cid);
177     prov_packet_handler(HCI_EVENT_PACKET, 0, event, sizeof(event));
178 }
179 
180 static void provisioning_emit_output_oob_event(uint16_t pb_adv_cid, uint32_t number){
181     if (!prov_packet_handler) return;
182     uint8_t event[9] = { HCI_EVENT_MESH_META, 7, MESH_SUBEVENT_PB_PROV_START_EMIT_OUTPUT_OOB};
183     little_endian_store_16(event, 3, pb_adv_cid);
184     little_endian_store_32(event, 5, number);
185     prov_packet_handler(HCI_EVENT_PACKET, 0, event, sizeof(event));
186 }
187 
188 static void provisioning_emit_attention_timer_event(uint16_t pb_adv_cid, uint8_t timer_s){
189     if (!prov_packet_handler) return;
190     uint8_t event[6] = { HCI_EVENT_MESH_META, 4, MESH_SUBEVENT_PB_PROV_ATTENTION_TIMER};
191     little_endian_store_16(event, 3, pb_adv_cid);
192     event[5] = timer_s;
193     prov_packet_handler(HCI_EVENT_PACKET, 0, event, sizeof(event));
194 }
195 
196 static void provisiong_timer_handler(btstack_timer_source_t * ts){
197     UNUSED(ts);
198     printf("Provisioning Protocol Timeout -> Close Link!\n");
199     pb_close_link(1, 1);
200 }
201 
202 // The provisioning protocol shall have a minimum timeout of 60 seconds that is reset
203 // each time a provisioning protocol PDU is sent or received
204 static void provisioning_timer_start(void){
205     btstack_run_loop_remove_timer(&prov_protocol_timer);
206     btstack_run_loop_set_timer_handler(&prov_protocol_timer, &provisiong_timer_handler);
207     btstack_run_loop_set_timer(&prov_protocol_timer, PROVISIONING_PROTOCOL_TIMEOUT_MS);
208     btstack_run_loop_add_timer(&prov_protocol_timer);
209 }
210 
211 static void provisioning_timer_stop(void){
212     btstack_run_loop_remove_timer(&prov_protocol_timer);
213 }
214 
215 
216 // Outgoing Provisioning PDUs
217 static void provisioning_send_provisioning_error(void){
218     // setup response
219     prov_buffer_out[0] = MESH_PROV_FAILED;
220     prov_buffer_out[1] = prov_error_code;
221     pb_send_pdu(pb_transport_cid, prov_buffer_out, 2);
222 }
223 
224 static void provisioning_send_capabilites(void){
225     // setup response
226     prov_buffer_out[0] = MESH_PROV_CAPABILITIES;
227 
228     /* Number of Elements supported */
229     prov_buffer_out[1] = prov_num_elements;
230 
231     /* Supported algorithms - FIPS P-256 Eliptic Curve */
232     big_endian_store_16(prov_buffer_out, 2, 1);
233 
234     /* Public Key Type - Public Key OOB information available */
235     prov_buffer_out[4] = prov_public_key_oob_available;
236 
237     /* Static OOB Type - Static OOB information available */
238     prov_buffer_out[5] = prov_static_oob_available;
239 
240     /* Output OOB Size - max of 8 */
241     prov_buffer_out[6] = prov_output_oob_size;
242 
243     /* Output OOB Action */
244     big_endian_store_16(prov_buffer_out, 7, prov_output_oob_actions);
245 
246     /* Input OOB Size - max of 8*/
247     prov_buffer_out[9] = prov_input_oob_size;
248 
249     /* Input OOB Action */
250     big_endian_store_16(prov_buffer_out, 10, prov_input_oob_actions);
251 
252     // store for confirmation inputs: len 11
253     memcpy(&prov_confirmation_inputs[1], &prov_buffer_out[1], 11);
254 
255     // send
256 
257     pb_send_pdu(pb_transport_cid, prov_buffer_out, 12);
258 }
259 
260 static void provisioning_send_public_key(void){
261     // setup response
262     prov_buffer_out[0] = MESH_PROV_PUB_KEY;
263     memcpy(&prov_buffer_out[1], prov_ec_q, 64);
264 
265     // store for confirmation inputs: len 64
266     memcpy(&prov_confirmation_inputs[81], &prov_buffer_out[1], 64);
267 
268     // send
269     pb_send_pdu(pb_transport_cid, prov_buffer_out, 65);
270 }
271 
272 static void provisioning_send_input_complete(void){
273     // setup response
274     prov_buffer_out[0] = MESH_PROV_INPUT_COMPLETE;
275 
276     // send
277     pb_send_pdu(pb_transport_cid, prov_buffer_out, 17);
278 }
279 static void provisioning_send_confirm(void){
280     // setup response
281     prov_buffer_out[0] = MESH_PROV_CONFIRM;
282     memcpy(&prov_buffer_out[1], confirmation_device, 16);
283 
284     // send
285     pb_send_pdu(pb_transport_cid, prov_buffer_out, 17);
286 }
287 
288 static void provisioning_send_random(void){
289     // setup response
290     prov_buffer_out[0] = MESH_PROV_RANDOM;
291     memcpy(&prov_buffer_out[1],  random_device, 16);
292 
293     // send pdu
294     pb_send_pdu(pb_transport_cid, prov_buffer_out, 17);
295 }
296 
297 static void provisioning_send_complete(void){
298     // setup response
299     prov_buffer_out[0] = MESH_PROV_COMPLETE;
300 
301     // send pdu
302     pb_send_pdu(pb_transport_cid, prov_buffer_out, 1);
303 }
304 
305 static void provisioning_done(void){
306     if (prov_emit_public_key_oob_active){
307         prov_emit_public_key_oob_active = 0;
308         provisioning_emit_event(1, MESH_SUBEVENT_PB_PROV_STOP_EMIT_PUBLIC_KEY_OOB);
309     }
310     if (prov_emit_output_oob_active){
311         prov_emit_output_oob_active = 0;
312         provisioning_emit_event(1, MESH_SUBEVENT_PB_PROV_STOP_EMIT_OUTPUT_OOB);
313     }
314     if (prov_attention_timer_timeout){
315         prov_attention_timer_timeout = 0;
316         provisioning_emit_attention_timer_event(1, 0);
317     }
318     device_state = DEVICE_W4_INVITE;
319 
320     // generate new public key
321     printf("Generate new public key\n");
322     btstack_crypto_ecc_p256_generate_key(&prov_ecc_p256_request, prov_ec_q, &prov_key_generated, NULL);
323 }
324 
325 static void provisioning_handle_auth_value_output_oob(void * arg){
326     UNUSED(arg);
327     // limit auth value to single digit
328     auth_value[15] = auth_value[15] % 9 + 1;
329 
330     printf("Output OOB: %u\n", auth_value[15]);
331 
332     // emit output oob value
333     provisioning_emit_output_oob_event(1, auth_value[15]);
334     prov_emit_output_oob_active = 1;
335 }
336 
337 static void provisioning_public_key_exchange_complete(void){
338 
339     // reset auth_value
340     memset(auth_value, 0, sizeof(auth_value));
341 
342     // handle authentication method
343     switch (prov_authentication_method){
344         case 0x00:
345             device_state = DEVICE_W4_CONFIRM;
346             break;
347         case 0x01:
348             memcpy(&auth_value[16-prov_static_oob_len], prov_static_oob_data, prov_static_oob_len);
349             device_state = DEVICE_W4_CONFIRM;
350             break;
351         case 0x02:
352             device_state = DEVICE_W4_CONFIRM;
353             printf("Generate random for auth_value\n");
354             // generate single byte of random data to use for authentication
355             btstack_crypto_random_generate(&prov_random_request, &auth_value[15], 1, &provisioning_handle_auth_value_output_oob, NULL);
356             break;
357         case 0x03:
358             // Input OOB
359             printf("Input OOB requested\n");
360             provisioning_emit_event(1, MESH_SUBEVENT_PB_PROV_INPUT_OOB_REQUEST);
361             device_state = DEVICE_W4_INPUT_OOK;
362             break;
363         default:
364             break;
365     }
366 }
367 
368 static void provisioning_run(void){
369     printf("provisioning_run: state %x, wait for outgoing complete %u\n", device_state, prov_waiting_for_outgoing_complete);
370     if (prov_waiting_for_outgoing_complete) return;
371     int start_timer = 1;
372     switch (device_state){
373         case DEVICE_SEND_ERROR:
374             start_timer = 0;    // game over
375             prov_waiting_for_outgoing_complete = 1;
376             provisioning_send_provisioning_error();
377             provisioning_done();
378             break;
379         case DEVICE_SEND_CAPABILITIES:
380             device_state = DEVICE_W4_START;
381             prov_waiting_for_outgoing_complete = 1;
382             provisioning_send_capabilites();
383             break;
384         case DEVICE_SEND_INPUT_COMPLETE:
385             device_state = DEVICE_W4_CONFIRM;
386             prov_waiting_for_outgoing_complete = 1;
387             provisioning_send_input_complete();
388             break;
389         case DEVICE_SEND_PUB_KEY:
390             prov_waiting_for_outgoing_complete = 1;
391             provisioning_send_public_key();
392             provisioning_public_key_exchange_complete();
393             break;
394         case DEVICE_SEND_CONFIRM:
395             device_state = DEVICE_W4_RANDOM;
396             prov_waiting_for_outgoing_complete = 1;
397             provisioning_send_confirm();
398             break;
399         case DEVICE_SEND_RANDOM:
400             device_state = DEVICE_W4_DATA;
401             prov_waiting_for_outgoing_complete = 1;
402             provisioning_send_random();
403             break;
404         case DEVICE_SEND_COMPLETE:
405             start_timer = 0;    // last message
406             prov_waiting_for_outgoing_complete = 1;
407             provisioning_send_complete();
408             provisioning_done();
409             break;
410         default:
411             return;
412     }
413     if (start_timer){
414         provisioning_timer_start();
415     }
416 }
417 
418 static void provisioning_handle_provisioning_error(uint8_t error_code){
419     printf("PROVISIONING ERROR\n");
420     provisioning_timer_stop();
421     prov_error_code = error_code;
422     device_state = DEVICE_SEND_ERROR;
423     provisioning_run();
424 }
425 
426 static void provisioning_handle_invite(uint8_t *packet, uint16_t size){
427 
428     if (size != 1) return;
429 
430     // store for confirmation inputs: len 1
431     memcpy(&prov_confirmation_inputs[0], packet, 1);
432 
433     // handle invite message
434     prov_attention_timer_timeout = packet[0];
435     if (prov_attention_timer_timeout){
436         provisioning_emit_attention_timer_event(pb_transport_cid, prov_attention_timer_timeout);
437     }
438 
439     device_state = DEVICE_SEND_CAPABILITIES;
440     provisioning_run();
441 }
442 
443 static void provisioning_handle_start(uint8_t * packet, uint16_t size){
444 
445     if (size != 5) return;
446 
447     // validate Algorithm
448     int ok = 1;
449     if (packet[0] > 0x00){
450         ok = 0;
451     }
452     // validate Publik Key
453     if (packet[1] > 0x01){
454         ok = 0;
455     }
456     // validate Authentication Method
457     switch (packet[2]){
458         case 0:
459         case 1:
460             if (packet[3] != 0 || packet[4] != 0){
461                 ok = 0;
462                 break;
463             }
464             break;
465         case 2:
466             if (packet[3] > 0x04 || packet[4] == 0 || packet[4] > 0x08){
467                 ok = 0;
468                 break;
469             }
470             break;
471         case 3:
472             if (packet[3] > 0x03 || packet[4] == 0 || packet[4] > 0x08){
473                 ok = 0;
474                 break;
475             }
476             break;
477     }
478     if (!ok){
479         printf("PROV_START arguments incorrect\n");
480         provisioning_handle_provisioning_error(0x02);
481         return;
482     }
483 
484     // store for confirmation inputs: len 5
485     memcpy(&prov_confirmation_inputs[12], packet, 5);
486 
487     // public key oob
488     prov_public_key_oob_used = packet[1];
489 
490     // authentication method
491     prov_authentication_method = packet[2];
492 
493     // start emit public OOK if specified
494     if (prov_public_key_oob_available && prov_public_key_oob_used){
495         provisioning_emit_event(1, MESH_SUBEVENT_PB_PROV_START_EMIT_PUBLIC_KEY_OOB);
496     }
497 
498     printf("PublicKey:  %02x\n", prov_public_key_oob_used);
499     printf("AuthMethod: %02x\n", prov_authentication_method);
500 
501     device_state = DEVICE_W4_PUB_KEY;
502     provisioning_run();
503 }
504 
505 static void provisioning_handle_public_key_dhkey(void * arg){
506     UNUSED(arg);
507 
508     printf("DHKEY: ");
509     printf_hexdump(dhkey, sizeof(dhkey));
510 
511     // skip sending own public key when public key oob is used
512     if (prov_public_key_oob_available && prov_public_key_oob_used){
513         // just copy key for confirmation inputs
514         memcpy(&prov_confirmation_inputs[81], prov_ec_q, 64);
515         provisioning_public_key_exchange_complete();
516     } else {
517         // queue public key pdu
518         printf("DEVICE_SEND_PUB_KEY\n");
519         device_state = DEVICE_SEND_PUB_KEY;
520     }
521     provisioning_run();
522 }
523 
524 static void provisioning_handle_public_key(uint8_t *packet, uint16_t size){
525 
526     // validate public key
527     if (size != sizeof(remote_ec_q) || btstack_crypto_ecc_p256_validate_public_key(packet) != 0){
528         printf("Public Key invalid, abort provisioning\n");
529         provisioning_handle_provisioning_error(0x07);   // Unexpected Error
530         return;
531     }
532 
533     // stop emit public OOK if specified and send to crypto module
534     if (prov_public_key_oob_available && prov_public_key_oob_used){
535         provisioning_emit_event(1, MESH_SUBEVENT_PB_PROV_STOP_EMIT_PUBLIC_KEY_OOB);
536 
537         printf("Replace generated ECC with Public Key OOB:");
538         memcpy(prov_ec_q, prov_public_key_oob_q, 64);
539         printf_hexdump(prov_ec_q, sizeof(prov_ec_q));
540         btstack_crypto_ecc_p256_set_key(prov_public_key_oob_q, prov_public_key_oob_d);
541     }
542 
543     // store for confirmation inputs: len 64
544     memcpy(&prov_confirmation_inputs[17], packet, 64);
545 
546     // store remote q
547     memcpy(remote_ec_q, packet, sizeof(remote_ec_q));
548 
549     // calculate DHKey
550     btstack_crypto_ecc_p256_calculate_dhkey(&prov_ecc_p256_request, remote_ec_q, dhkey, provisioning_handle_public_key_dhkey, NULL);
551 }
552 
553 static void provisioning_handle_confirmation_device_calculated(void * arg){
554     UNUSED(arg);
555 
556     printf("ConfirmationDevice: ");
557     printf_hexdump(confirmation_device, sizeof(confirmation_device));
558 
559     device_state = DEVICE_SEND_CONFIRM;
560     provisioning_run();
561 }
562 
563 static void provisioning_handle_confirmation_random_device(void * arg){
564     UNUSED(arg);
565 
566     // re-use prov_confirmation_inputs buffer
567     memcpy(&prov_confirmation_inputs[0],  random_device, 16);
568     memcpy(&prov_confirmation_inputs[16], auth_value, 16);
569 
570     // calc confirmation device
571     btstack_crypto_aes128_cmac_message(&prov_cmac_request, confirmation_key, 32, prov_confirmation_inputs, confirmation_device, &provisioning_handle_confirmation_device_calculated, NULL);
572 }
573 
574 static void provisioning_handle_confirmation_k1_calculated(void * arg){
575     UNUSED(arg);
576 
577     printf("ConfirmationKey:   ");
578     printf_hexdump(confirmation_key, sizeof(confirmation_key));
579 
580     printf("AuthValue: ");
581     printf_hexdump(auth_value, 16);
582 
583     // generate random_device
584     btstack_crypto_random_generate(&prov_random_request,random_device, 16, &provisioning_handle_confirmation_random_device, NULL);
585 }
586 
587 static void provisioning_handle_confirmation_s1_calculated(void * arg){
588     UNUSED(arg);
589 
590     // ConfirmationSalt
591     printf("ConfirmationSalt:   ");
592     printf_hexdump(confirmation_salt, sizeof(confirmation_salt));
593 
594     // ConfirmationKey
595     mesh_k1(&prov_cmac_request, dhkey, sizeof(dhkey), confirmation_salt, (const uint8_t*) "prck", 4, confirmation_key, &provisioning_handle_confirmation_k1_calculated, NULL);
596 }
597 
598 static void provisioning_handle_confirmation(uint8_t *packet, uint16_t size){
599     UNUSED(size);
600     UNUSED(packet);
601 
602     //
603     if (prov_emit_output_oob_active){
604         prov_emit_output_oob_active = 0;
605         provisioning_emit_event(1, MESH_SUBEVENT_PB_PROV_STOP_EMIT_OUTPUT_OOB);
606     }
607 
608     // CalculationInputs
609     printf("ConfirmationInputs: ");
610     printf_hexdump(prov_confirmation_inputs, sizeof(prov_confirmation_inputs));
611 
612     // calculate s1
613     btstack_crypto_aes128_cmac_zero(&prov_cmac_request, sizeof(prov_confirmation_inputs), prov_confirmation_inputs, confirmation_salt, &provisioning_handle_confirmation_s1_calculated, NULL);
614 }
615 
616 // PROV_RANDOM
617 static void provisioning_handle_random_session_nonce_calculated(void * arg){
618     UNUSED(arg);
619 
620     // The nonce shall be the 13 least significant octets == zero most significant octets
621     uint8_t temp[13];
622     memcpy(temp, &session_nonce[3], 13);
623     memcpy(session_nonce, temp, 13);
624 
625     // SessionNonce
626     printf("SessionNonce:   ");
627     printf_hexdump(session_nonce, 13);
628 
629     device_state = DEVICE_SEND_RANDOM;
630     provisioning_run();
631 }
632 
633 static void provisioning_handle_random_session_key_calculated(void * arg){
634     UNUSED(arg);
635 
636     // SessionKey
637     printf("SessionKey:   ");
638     printf_hexdump(session_key, sizeof(session_key));
639 
640     // SessionNonce
641     mesh_k1(&prov_cmac_request, dhkey, sizeof(dhkey), provisioning_salt, (const uint8_t*) "prsn", 4, session_nonce, &provisioning_handle_random_session_nonce_calculated, NULL);
642 }
643 
644 static void provisioning_handle_random_s1_calculated(void * arg){
645 
646     UNUSED(arg);
647 
648     // ProvisioningSalt
649     printf("ProvisioningSalt:   ");
650     printf_hexdump(provisioning_salt, sizeof(provisioning_salt));
651 
652     // SessionKey
653     mesh_k1(&prov_cmac_request, dhkey, sizeof(dhkey), provisioning_salt, (const uint8_t*) "prsk", 4, session_key, &provisioning_handle_random_session_key_calculated, NULL);
654 }
655 
656 static void provisioning_handle_random(uint8_t *packet, uint16_t size){
657 
658     UNUSED(size);
659     UNUSED(packet);
660 
661     // TODO: validate Confirmation
662 
663     // calc ProvisioningSalt = s1(ConfirmationSalt || RandomProvisioner || RandomDevice)
664     memcpy(&prov_confirmation_inputs[0], confirmation_salt, 16);
665     memcpy(&prov_confirmation_inputs[16], packet, 16);
666     memcpy(&prov_confirmation_inputs[32], random_device, 16);
667     btstack_crypto_aes128_cmac_zero(&prov_cmac_request, 48, prov_confirmation_inputs, provisioning_salt, &provisioning_handle_random_s1_calculated, NULL);
668 }
669 
670 // PROV_DATA
671 static void provisioning_handle_network_dervived(void * arg){
672     UNUSED(arg);
673 
674     provisioning_timer_stop();
675 
676     // notify client
677     provisioning_emit_event(1, MESH_SUBEVENT_PB_PROV_COMPLETE);
678 
679     device_state = DEVICE_SEND_COMPLETE;
680     provisioning_run();
681 
682 }
683 
684 static void provisioning_handle_data_device_key(void * arg){
685     UNUSED(arg);
686 
687     // derive full network key
688     mesh_network_key_derive(&prov_cmac_request, network_key, &provisioning_handle_network_dervived, NULL);
689 }
690 
691 static void provisioning_handle_data_ccm(void * arg){
692 
693     UNUSED(arg);
694 
695     // TODO: validate MIC?
696     uint8_t mic[8];
697     btstack_crypto_ccm_get_authentication_value(&prov_ccm_request, mic);
698     printf("MIC: ");
699     printf_hexdump(mic, 8);
700 
701     // allocate network key
702     network_key = btstack_memory_mesh_network_key_get();
703 
704     // sort provisoning data
705     memcpy(network_key->net_key, provisioning_data, 16);
706     network_key->netkey_index = big_endian_read_16(provisioning_data, 16);
707     // assume free index available for very first network key
708     network_key->internal_index = mesh_network_key_get_free_index();
709     flags = provisioning_data[18];
710     iv_index = big_endian_read_32(provisioning_data, 19);
711     unicast_address = big_endian_read_16(provisioning_data, 23);
712 
713     // DeviceKey
714     mesh_k1(&prov_cmac_request, dhkey, sizeof(dhkey), provisioning_salt, (const uint8_t*) "prdk", 4, device_key, &provisioning_handle_data_device_key, NULL);
715 }
716 
717 static void provisioning_handle_data(uint8_t *packet, uint16_t size){
718 
719     UNUSED(size);
720 
721     memcpy(enc_provisioning_data, packet, 25);
722 
723     // decode response
724     btstack_crypto_ccm_init(&prov_ccm_request, session_key, session_nonce, 25, 0, 8);
725     btstack_crypto_ccm_decrypt_block(&prov_ccm_request, 25, enc_provisioning_data, provisioning_data, &provisioning_handle_data_ccm, NULL);
726 }
727 
728 static void provisioning_handle_unexpected_pdu(uint8_t *packet, uint16_t size){
729     UNUSED(size);
730     printf("Unexpected PDU #%u in state #%u\n", packet[0], (int) device_state);
731     provisioning_handle_provisioning_error(0x03);
732 }
733 
734 static void provisioning_handle_pdu(uint8_t packet_type, uint16_t channel, uint8_t *packet, uint16_t size){
735     UNUSED(channel);
736 
737     if (size < 1) return;
738 
739     switch (packet_type){
740         case HCI_EVENT_PACKET:
741             if (packet[0] != HCI_EVENT_MESH_META)  break;
742             switch (packet[2]){
743                 case MESH_SUBEVENT_PB_TRANSPORT_LINK_OPEN:
744                     pb_transport_cid = mesh_subevent_pb_transport_link_open_get_pb_transport_cid(packet);
745                     pb_type = mesh_subevent_pb_transport_link_open_get_pb_type(packet);
746                     printf("Link opened, reset state, transport cid 0x%02x, PB type %d\n", pb_transport_cid, pb_type);
747                     provisioning_done();
748                     break;
749                 case MESH_SUBEVENT_PB_TRANSPORT_PDU_SENT:
750                     printf("Outgoing packet acked\n");
751                     prov_waiting_for_outgoing_complete = 0;
752                     break;
753                 case MESH_SUBEVENT_PB_TRANSPORT_LINK_CLOSED:
754                     printf("Link close, reset state\n");
755                     pb_transport_cid = MESH_PB_TRANSPORT_INVALID_CID;
756                     provisioning_done();
757                     break;
758             }
759             break;
760         case PROVISIONING_DATA_PACKET:
761             // check state
762             switch (device_state){
763                 case DEVICE_W4_INVITE:
764                     if (packet[0] != MESH_PROV_INVITE) provisioning_handle_unexpected_pdu(packet, size);
765                     printf("MESH_PROV_INVITE: ");
766                     printf_hexdump(&packet[1], size-1);
767                     provisioning_handle_invite(&packet[1], size-1);
768                     break;
769                 case DEVICE_W4_START:
770                     if (packet[0] != MESH_PROV_START) provisioning_handle_unexpected_pdu(packet, size);
771                     printf("MESH_PROV_START:  ");
772                     printf_hexdump(&packet[1], size-1);
773                     provisioning_handle_start(&packet[1], size-1);
774                     break;
775                 case DEVICE_W4_PUB_KEY:
776                     if (packet[0] != MESH_PROV_PUB_KEY) provisioning_handle_unexpected_pdu(packet, size);
777                     printf("MESH_PROV_PUB_KEY: ");
778                     printf_hexdump(&packet[1], size-1);
779                     provisioning_handle_public_key(&packet[1], size-1);
780                     break;
781                 case DEVICE_W4_CONFIRM:
782                     if (packet[0] != MESH_PROV_CONFIRM) provisioning_handle_unexpected_pdu(packet, size);
783                     printf("MESH_PROV_CONFIRM: ");
784                     printf_hexdump(&packet[1], size-1);
785                     provisioning_handle_confirmation(&packet[1], size-1);
786                     break;
787                 case DEVICE_W4_RANDOM:
788                     if (packet[0] != MESH_PROV_RANDOM) provisioning_handle_unexpected_pdu(packet, size);
789                     printf("MESH_PROV_RANDOM:  ");
790                     printf_hexdump(&packet[1], size-1);
791                     provisioning_handle_random(&packet[1], size-1);
792                     break;
793                 case DEVICE_W4_DATA:
794                     if (packet[0] != MESH_PROV_DATA) provisioning_handle_unexpected_pdu(packet, size);
795                     printf("MESH_PROV_DATA:  ");
796                     provisioning_handle_data(&packet[1], size-1);
797                     break;
798                 default:
799                     break;
800             }
801             break;
802         default:
803             break;
804     }
805     provisioning_run();
806 }
807 
808 static void prov_key_generated(void * arg){
809     UNUSED(arg);
810     printf("ECC-P256: ");
811     printf_hexdump(prov_ec_q, sizeof(prov_ec_q));
812     // allow override
813     if (prov_public_key_oob_available){
814         printf("Replace generated ECC with Public Key OOB:");
815         memcpy(prov_ec_q, prov_public_key_oob_q, 64);
816         printf_hexdump(prov_ec_q, sizeof(prov_ec_q));
817         btstack_crypto_ecc_p256_set_key(prov_public_key_oob_q, prov_public_key_oob_d);
818     }
819 }
820 
821 void provisioning_device_init(void){
822     // setup PB ADV
823     pb_adv_init();
824     pb_adv_register_packet_handler(&provisioning_handle_pdu);
825     // setup PB GATT
826     pb_gatt_init();
827     pb_gatt_register_packet_handler(&provisioning_handle_pdu);
828 
829     pb_transport_cid = MESH_PB_TRANSPORT_INVALID_CID;
830 
831     // init provisioning state
832     provisioning_done();
833 
834     // generate public key
835     btstack_crypto_ecc_p256_generate_key(&prov_ecc_p256_request, prov_ec_q, &prov_key_generated, NULL);
836 }
837 
838 void provisioning_device_register_packet_handler(btstack_packet_handler_t packet_handler){
839     prov_packet_handler = packet_handler;
840 }
841 
842 void provisioning_device_set_public_key_oob(const uint8_t * public_key, const uint8_t * private_key){
843     prov_public_key_oob_q = public_key;
844     prov_public_key_oob_d = private_key;
845     prov_public_key_oob_available = 1;
846     btstack_crypto_ecc_p256_set_key(prov_public_key_oob_q, prov_public_key_oob_d);
847 }
848 
849 void provisioning_device_set_static_oob(uint16_t static_oob_len, const uint8_t * static_oob_data){
850     prov_static_oob_available = 1;
851     prov_static_oob_data = static_oob_data;
852     prov_static_oob_len  = btstack_min(static_oob_len, 16);
853 }
854 
855 void provisioning_device_set_output_oob_actions(uint16_t supported_output_oob_action_types, uint8_t max_oob_output_size){
856     prov_output_oob_actions = supported_output_oob_action_types;
857     prov_output_oob_size    = max_oob_output_size;
858 }
859 
860 void provisioning_device_set_input_oob_actions(uint16_t supported_input_oob_action_types, uint8_t max_oob_input_size){
861     prov_input_oob_actions = supported_input_oob_action_types;
862     prov_input_oob_size    = max_oob_input_size;
863 }
864 
865 void provisioning_device_input_oob_complete_numeric(uint16_t pb_adv_cid, uint32_t input_oob){
866     UNUSED(pb_adv_cid);
867     if (device_state != DEVICE_W4_INPUT_OOK) return;
868 
869     // store input_oob as auth value
870     big_endian_store_32(auth_value, 12, input_oob);
871     device_state = DEVICE_SEND_INPUT_COMPLETE;
872     provisioning_run();
873 }
874 
875 void provisioning_device_input_oob_complete_alphanumeric(uint16_t pb_adv_cid, const uint8_t * input_oob_data, uint16_t input_oob_len){
876     UNUSED(pb_adv_cid);
877     if (device_state != DEVICE_W4_INPUT_OOK) return;
878 
879     // store input_oob and fillup with zeros
880     input_oob_len = btstack_min(input_oob_len, 16);
881     memset(auth_value, 0, 16);
882     memcpy(auth_value, input_oob_data, input_oob_len);
883     device_state = DEVICE_SEND_INPUT_COMPLETE;
884     provisioning_run();
885 }
886 
887 void provisioning_device_data_get(mesh_provisioning_data_t * the_provisioning_data){
888     the_provisioning_data->unicast_address = unicast_address;
889     the_provisioning_data->iv_index = iv_index;
890     the_provisioning_data->flags = flags;
891     memcpy(the_provisioning_data->device_key, device_key, 16);
892     the_provisioning_data->network_key = network_key;
893 }
894