1 /* 2 * Copyright (C) 2017 BlueKitchen GmbH 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the copyright holders nor the names of 14 * contributors may be used to endorse or promote products derived 15 * from this software without specific prior written permission. 16 * 4. Any redistribution, use, or modification is done solely for 17 * personal benefit and not for any commercial purpose or for 18 * monetary gain. 19 * 20 * THIS SOFTWARE IS PROVIDED BY BLUEKITCHEN GMBH AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MATTHIAS 24 * RINGWALD OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 26 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 27 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 28 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 29 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 30 * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * Please inquire about commercial licensing options at 34 * [email protected] 35 * 36 */ 37 38 #define __BTSTACK_FILE__ "provisioning_device.c" 39 40 #include <stdint.h> 41 #include <stdio.h> 42 #include <stdlib.h> 43 #include <string.h> 44 45 #include "btstack.h" 46 #include "btstack_memory.h" 47 48 #include "mesh/mesh_crypto.h" 49 #include "mesh/pb_adv.h" 50 #include "mesh/pb_gatt.h" 51 #include "mesh/provisioning.h" 52 53 static void prov_key_generated(void * arg); 54 55 // remote ecc 56 static uint8_t remote_ec_q[64]; 57 static uint8_t dhkey[32]; 58 59 static btstack_packet_handler_t prov_packet_handler; 60 61 static uint8_t prov_buffer_out[MESH_PROV_MAX_PROXY_PDU]; 62 // ConfirmationInputs = ProvisioningInvitePDUValue || ProvisioningCapabilitiesPDUValue || ProvisioningStartPDUValue || PublicKeyProvisioner || PublicKeyDevice 63 static uint8_t prov_confirmation_inputs[1 + 11 + 5 + 64 + 64]; 64 static uint8_t prov_authentication_method; 65 static uint8_t prov_public_key_oob_used; 66 static uint8_t prov_emit_public_key_oob_active; 67 static uint8_t prov_emit_output_oob_active; 68 static uint8_t prov_ec_q[64]; 69 70 static const uint8_t * prov_public_key_oob_q; 71 static const uint8_t * prov_public_key_oob_d; 72 73 // num elements 74 static uint8_t prov_num_elements = 1; 75 76 // capabilites 77 static const uint8_t * prov_static_oob_data; 78 79 static uint16_t prov_static_oob_len; 80 static uint16_t prov_output_oob_actions; 81 static uint16_t prov_input_oob_actions; 82 static uint8_t prov_public_key_oob_available; 83 static uint8_t prov_static_oob_available; 84 static uint8_t prov_output_oob_size; 85 static uint8_t prov_input_oob_size; 86 static uint8_t prov_error_code; 87 static uint8_t prov_waiting_for_outgoing_complete; 88 89 static uint8_t prov_attention_timer_timeout; 90 91 static btstack_timer_source_t prov_protocol_timer; 92 93 static btstack_crypto_aes128_cmac_t prov_cmac_request; 94 static btstack_crypto_random_t prov_random_request; 95 static btstack_crypto_ecc_p256_t prov_ecc_p256_request; 96 static btstack_crypto_ccm_t prov_ccm_request; 97 98 // ConfirmationDevice 99 static uint8_t confirmation_device[16]; 100 // ConfirmationSalt 101 static uint8_t confirmation_salt[16]; 102 // ConfirmationKey 103 static uint8_t confirmation_key[16]; 104 // RandomDevice 105 static uint8_t random_device[16]; 106 // ProvisioningSalt 107 static uint8_t provisioning_salt[16]; 108 // AuthValue 109 static uint8_t auth_value[16]; 110 // SessionKey 111 static uint8_t session_key[16]; 112 // SessionNonce 113 static uint8_t session_nonce[16]; 114 // EncProvisioningData 115 static uint8_t enc_provisioning_data[25]; 116 // ProvisioningData 117 static uint8_t provisioning_data[25]; 118 119 // received network_key 120 static mesh_network_key_t * network_key; 121 122 // DeviceKey 123 static uint8_t device_key[16]; 124 125 static uint8_t flags; 126 127 static uint32_t iv_index; 128 static uint16_t unicast_address; 129 130 typedef enum { 131 DEVICE_W4_INVITE, 132 DEVICE_SEND_CAPABILITIES, 133 DEVICE_W4_START, 134 DEVICE_W4_INPUT_OOK, 135 DEVICE_SEND_INPUT_COMPLETE, 136 DEVICE_W4_PUB_KEY, 137 DEVICE_SEND_PUB_KEY, 138 DEVICE_W4_CONFIRM, 139 DEVICE_SEND_CONFIRM, 140 DEVICE_W4_RANDOM, 141 DEVICE_SEND_RANDOM, 142 DEVICE_W4_DATA, 143 DEVICE_SEND_COMPLETE, 144 DEVICE_SEND_ERROR, 145 } device_state_t; 146 147 static device_state_t device_state; 148 static uint16_t pb_transport_cid; 149 static pb_type_t pb_type; 150 151 static void pb_send_pdu(uint16_t transport_cid, const uint8_t * buffer, uint16_t buffer_size){ 152 switch (pb_type){ 153 case PB_TYPE_ADV: 154 pb_adv_send_pdu(transport_cid, buffer, buffer_size); 155 break; 156 case PB_TYPE_GATT: 157 pb_gatt_send_pdu(transport_cid, buffer, buffer_size); 158 break; 159 } 160 } 161 162 static void pb_close_link(uint16_t transport_cid, uint8_t reason){ 163 switch (pb_type){ 164 case PB_TYPE_ADV: 165 pb_adv_close_link(transport_cid, reason); 166 break; 167 case PB_TYPE_GATT: 168 pb_gatt_close_link(transport_cid, reason); 169 break; 170 } 171 } 172 173 static void provisioning_emit_event(uint16_t pb_adv_cid, uint8_t mesh_subevent){ 174 if (!prov_packet_handler) return; 175 uint8_t event[5] = { HCI_EVENT_MESH_META, 3, mesh_subevent}; 176 little_endian_store_16(event, 3, pb_adv_cid); 177 prov_packet_handler(HCI_EVENT_PACKET, 0, event, sizeof(event)); 178 } 179 180 static void provisioning_emit_output_oob_event(uint16_t pb_adv_cid, uint32_t number){ 181 if (!prov_packet_handler) return; 182 uint8_t event[9] = { HCI_EVENT_MESH_META, 7, MESH_SUBEVENT_PB_PROV_START_EMIT_OUTPUT_OOB}; 183 little_endian_store_16(event, 3, pb_adv_cid); 184 little_endian_store_32(event, 5, number); 185 prov_packet_handler(HCI_EVENT_PACKET, 0, event, sizeof(event)); 186 } 187 188 static void provisioning_emit_attention_timer_event(uint16_t pb_adv_cid, uint8_t timer_s){ 189 if (!prov_packet_handler) return; 190 uint8_t event[6] = { HCI_EVENT_MESH_META, 4, MESH_SUBEVENT_PB_PROV_ATTENTION_TIMER}; 191 little_endian_store_16(event, 3, pb_adv_cid); 192 event[5] = timer_s; 193 prov_packet_handler(HCI_EVENT_PACKET, 0, event, sizeof(event)); 194 } 195 196 static void provisiong_timer_handler(btstack_timer_source_t * ts){ 197 UNUSED(ts); 198 printf("Provisioning Protocol Timeout -> Close Link!\n"); 199 pb_close_link(1, 1); 200 } 201 202 // The provisioning protocol shall have a minimum timeout of 60 seconds that is reset 203 // each time a provisioning protocol PDU is sent or received 204 static void provisioning_timer_start(void){ 205 btstack_run_loop_remove_timer(&prov_protocol_timer); 206 btstack_run_loop_set_timer_handler(&prov_protocol_timer, &provisiong_timer_handler); 207 btstack_run_loop_set_timer(&prov_protocol_timer, PROVISIONING_PROTOCOL_TIMEOUT_MS); 208 btstack_run_loop_add_timer(&prov_protocol_timer); 209 } 210 211 static void provisioning_timer_stop(void){ 212 btstack_run_loop_remove_timer(&prov_protocol_timer); 213 } 214 215 216 // Outgoing Provisioning PDUs 217 static void provisioning_send_provisioning_error(void){ 218 // setup response 219 prov_buffer_out[0] = MESH_PROV_FAILED; 220 prov_buffer_out[1] = prov_error_code; 221 pb_send_pdu(pb_transport_cid, prov_buffer_out, 2); 222 } 223 224 static void provisioning_send_capabilites(void){ 225 // setup response 226 prov_buffer_out[0] = MESH_PROV_CAPABILITIES; 227 228 /* Number of Elements supported */ 229 prov_buffer_out[1] = prov_num_elements; 230 231 /* Supported algorithms - FIPS P-256 Eliptic Curve */ 232 big_endian_store_16(prov_buffer_out, 2, 1); 233 234 /* Public Key Type - Public Key OOB information available */ 235 prov_buffer_out[4] = prov_public_key_oob_available; 236 237 /* Static OOB Type - Static OOB information available */ 238 prov_buffer_out[5] = prov_static_oob_available; 239 240 /* Output OOB Size - max of 8 */ 241 prov_buffer_out[6] = prov_output_oob_size; 242 243 /* Output OOB Action */ 244 big_endian_store_16(prov_buffer_out, 7, prov_output_oob_actions); 245 246 /* Input OOB Size - max of 8*/ 247 prov_buffer_out[9] = prov_input_oob_size; 248 249 /* Input OOB Action */ 250 big_endian_store_16(prov_buffer_out, 10, prov_input_oob_actions); 251 252 // store for confirmation inputs: len 11 253 memcpy(&prov_confirmation_inputs[1], &prov_buffer_out[1], 11); 254 255 // send 256 257 pb_send_pdu(pb_transport_cid, prov_buffer_out, 12); 258 } 259 260 static void provisioning_send_public_key(void){ 261 // setup response 262 prov_buffer_out[0] = MESH_PROV_PUB_KEY; 263 memcpy(&prov_buffer_out[1], prov_ec_q, 64); 264 265 // store for confirmation inputs: len 64 266 memcpy(&prov_confirmation_inputs[81], &prov_buffer_out[1], 64); 267 268 // send 269 pb_send_pdu(pb_transport_cid, prov_buffer_out, 65); 270 } 271 272 static void provisioning_send_input_complete(void){ 273 // setup response 274 prov_buffer_out[0] = MESH_PROV_INPUT_COMPLETE; 275 276 // send 277 pb_send_pdu(pb_transport_cid, prov_buffer_out, 17); 278 } 279 static void provisioning_send_confirm(void){ 280 // setup response 281 prov_buffer_out[0] = MESH_PROV_CONFIRM; 282 memcpy(&prov_buffer_out[1], confirmation_device, 16); 283 284 // send 285 pb_send_pdu(pb_transport_cid, prov_buffer_out, 17); 286 } 287 288 static void provisioning_send_random(void){ 289 // setup response 290 prov_buffer_out[0] = MESH_PROV_RANDOM; 291 memcpy(&prov_buffer_out[1], random_device, 16); 292 293 // send pdu 294 pb_send_pdu(pb_transport_cid, prov_buffer_out, 17); 295 } 296 297 static void provisioning_send_complete(void){ 298 // setup response 299 prov_buffer_out[0] = MESH_PROV_COMPLETE; 300 301 // send pdu 302 pb_send_pdu(pb_transport_cid, prov_buffer_out, 1); 303 } 304 305 static void provisioning_done(void){ 306 if (prov_emit_public_key_oob_active){ 307 prov_emit_public_key_oob_active = 0; 308 provisioning_emit_event(1, MESH_SUBEVENT_PB_PROV_STOP_EMIT_PUBLIC_KEY_OOB); 309 } 310 if (prov_emit_output_oob_active){ 311 prov_emit_output_oob_active = 0; 312 provisioning_emit_event(1, MESH_SUBEVENT_PB_PROV_STOP_EMIT_OUTPUT_OOB); 313 } 314 if (prov_attention_timer_timeout){ 315 prov_attention_timer_timeout = 0; 316 provisioning_emit_attention_timer_event(1, 0); 317 } 318 device_state = DEVICE_W4_INVITE; 319 320 // generate new public key 321 printf("Generate new public key\n"); 322 btstack_crypto_ecc_p256_generate_key(&prov_ecc_p256_request, prov_ec_q, &prov_key_generated, NULL); 323 } 324 325 static void provisioning_handle_auth_value_output_oob(void * arg){ 326 UNUSED(arg); 327 // limit auth value to single digit 328 auth_value[15] = auth_value[15] % 9 + 1; 329 330 printf("Output OOB: %u\n", auth_value[15]); 331 332 // emit output oob value 333 provisioning_emit_output_oob_event(1, auth_value[15]); 334 prov_emit_output_oob_active = 1; 335 } 336 337 static void provisioning_public_key_exchange_complete(void){ 338 339 // reset auth_value 340 memset(auth_value, 0, sizeof(auth_value)); 341 342 // handle authentication method 343 switch (prov_authentication_method){ 344 case 0x00: 345 device_state = DEVICE_W4_CONFIRM; 346 break; 347 case 0x01: 348 memcpy(&auth_value[16-prov_static_oob_len], prov_static_oob_data, prov_static_oob_len); 349 device_state = DEVICE_W4_CONFIRM; 350 break; 351 case 0x02: 352 device_state = DEVICE_W4_CONFIRM; 353 printf("Generate random for auth_value\n"); 354 // generate single byte of random data to use for authentication 355 btstack_crypto_random_generate(&prov_random_request, &auth_value[15], 1, &provisioning_handle_auth_value_output_oob, NULL); 356 break; 357 case 0x03: 358 // Input OOB 359 printf("Input OOB requested\n"); 360 provisioning_emit_event(1, MESH_SUBEVENT_PB_PROV_INPUT_OOB_REQUEST); 361 device_state = DEVICE_W4_INPUT_OOK; 362 break; 363 default: 364 break; 365 } 366 } 367 368 static void provisioning_run(void){ 369 printf("provisioning_run: state %x, wait for outgoing complete %u\n", device_state, prov_waiting_for_outgoing_complete); 370 if (prov_waiting_for_outgoing_complete) return; 371 int start_timer = 1; 372 switch (device_state){ 373 case DEVICE_SEND_ERROR: 374 start_timer = 0; // game over 375 prov_waiting_for_outgoing_complete = 1; 376 provisioning_send_provisioning_error(); 377 provisioning_done(); 378 break; 379 case DEVICE_SEND_CAPABILITIES: 380 device_state = DEVICE_W4_START; 381 prov_waiting_for_outgoing_complete = 1; 382 provisioning_send_capabilites(); 383 break; 384 case DEVICE_SEND_INPUT_COMPLETE: 385 device_state = DEVICE_W4_CONFIRM; 386 prov_waiting_for_outgoing_complete = 1; 387 provisioning_send_input_complete(); 388 break; 389 case DEVICE_SEND_PUB_KEY: 390 prov_waiting_for_outgoing_complete = 1; 391 provisioning_send_public_key(); 392 provisioning_public_key_exchange_complete(); 393 break; 394 case DEVICE_SEND_CONFIRM: 395 device_state = DEVICE_W4_RANDOM; 396 prov_waiting_for_outgoing_complete = 1; 397 provisioning_send_confirm(); 398 break; 399 case DEVICE_SEND_RANDOM: 400 device_state = DEVICE_W4_DATA; 401 prov_waiting_for_outgoing_complete = 1; 402 provisioning_send_random(); 403 break; 404 case DEVICE_SEND_COMPLETE: 405 start_timer = 0; // last message 406 prov_waiting_for_outgoing_complete = 1; 407 provisioning_send_complete(); 408 provisioning_done(); 409 break; 410 default: 411 return; 412 } 413 if (start_timer){ 414 provisioning_timer_start(); 415 } 416 } 417 418 static void provisioning_handle_provisioning_error(uint8_t error_code){ 419 printf("PROVISIONING ERROR\n"); 420 provisioning_timer_stop(); 421 prov_error_code = error_code; 422 device_state = DEVICE_SEND_ERROR; 423 provisioning_run(); 424 } 425 426 static void provisioning_handle_invite(uint8_t *packet, uint16_t size){ 427 428 if (size != 1) return; 429 430 // store for confirmation inputs: len 1 431 memcpy(&prov_confirmation_inputs[0], packet, 1); 432 433 // handle invite message 434 prov_attention_timer_timeout = packet[0]; 435 if (prov_attention_timer_timeout){ 436 provisioning_emit_attention_timer_event(pb_transport_cid, prov_attention_timer_timeout); 437 } 438 439 device_state = DEVICE_SEND_CAPABILITIES; 440 provisioning_run(); 441 } 442 443 static void provisioning_handle_start(uint8_t * packet, uint16_t size){ 444 445 if (size != 5) return; 446 447 // validate Algorithm 448 int ok = 1; 449 if (packet[0] > 0x00){ 450 ok = 0; 451 } 452 // validate Publik Key 453 if (packet[1] > 0x01){ 454 ok = 0; 455 } 456 // validate Authentication Method 457 switch (packet[2]){ 458 case 0: 459 case 1: 460 if (packet[3] != 0 || packet[4] != 0){ 461 ok = 0; 462 break; 463 } 464 break; 465 case 2: 466 if (packet[3] > 0x04 || packet[4] == 0 || packet[4] > 0x08){ 467 ok = 0; 468 break; 469 } 470 break; 471 case 3: 472 if (packet[3] > 0x03 || packet[4] == 0 || packet[4] > 0x08){ 473 ok = 0; 474 break; 475 } 476 break; 477 } 478 if (!ok){ 479 printf("PROV_START arguments incorrect\n"); 480 provisioning_handle_provisioning_error(0x02); 481 return; 482 } 483 484 // store for confirmation inputs: len 5 485 memcpy(&prov_confirmation_inputs[12], packet, 5); 486 487 // public key oob 488 prov_public_key_oob_used = packet[1]; 489 490 // authentication method 491 prov_authentication_method = packet[2]; 492 493 // start emit public OOK if specified 494 if (prov_public_key_oob_available && prov_public_key_oob_used){ 495 provisioning_emit_event(1, MESH_SUBEVENT_PB_PROV_START_EMIT_PUBLIC_KEY_OOB); 496 } 497 498 printf("PublicKey: %02x\n", prov_public_key_oob_used); 499 printf("AuthMethod: %02x\n", prov_authentication_method); 500 501 device_state = DEVICE_W4_PUB_KEY; 502 provisioning_run(); 503 } 504 505 static void provisioning_handle_public_key_dhkey(void * arg){ 506 UNUSED(arg); 507 508 printf("DHKEY: "); 509 printf_hexdump(dhkey, sizeof(dhkey)); 510 511 // skip sending own public key when public key oob is used 512 if (prov_public_key_oob_available && prov_public_key_oob_used){ 513 // just copy key for confirmation inputs 514 memcpy(&prov_confirmation_inputs[81], prov_ec_q, 64); 515 provisioning_public_key_exchange_complete(); 516 } else { 517 // queue public key pdu 518 printf("DEVICE_SEND_PUB_KEY\n"); 519 device_state = DEVICE_SEND_PUB_KEY; 520 } 521 provisioning_run(); 522 } 523 524 static void provisioning_handle_public_key(uint8_t *packet, uint16_t size){ 525 526 // validate public key 527 if (size != sizeof(remote_ec_q) || btstack_crypto_ecc_p256_validate_public_key(packet) != 0){ 528 printf("Public Key invalid, abort provisioning\n"); 529 provisioning_handle_provisioning_error(0x07); // Unexpected Error 530 return; 531 } 532 533 // stop emit public OOK if specified and send to crypto module 534 if (prov_public_key_oob_available && prov_public_key_oob_used){ 535 provisioning_emit_event(1, MESH_SUBEVENT_PB_PROV_STOP_EMIT_PUBLIC_KEY_OOB); 536 537 printf("Replace generated ECC with Public Key OOB:"); 538 memcpy(prov_ec_q, prov_public_key_oob_q, 64); 539 printf_hexdump(prov_ec_q, sizeof(prov_ec_q)); 540 btstack_crypto_ecc_p256_set_key(prov_public_key_oob_q, prov_public_key_oob_d); 541 } 542 543 // store for confirmation inputs: len 64 544 memcpy(&prov_confirmation_inputs[17], packet, 64); 545 546 // store remote q 547 memcpy(remote_ec_q, packet, sizeof(remote_ec_q)); 548 549 // calculate DHKey 550 btstack_crypto_ecc_p256_calculate_dhkey(&prov_ecc_p256_request, remote_ec_q, dhkey, provisioning_handle_public_key_dhkey, NULL); 551 } 552 553 static void provisioning_handle_confirmation_device_calculated(void * arg){ 554 UNUSED(arg); 555 556 printf("ConfirmationDevice: "); 557 printf_hexdump(confirmation_device, sizeof(confirmation_device)); 558 559 device_state = DEVICE_SEND_CONFIRM; 560 provisioning_run(); 561 } 562 563 static void provisioning_handle_confirmation_random_device(void * arg){ 564 UNUSED(arg); 565 566 // re-use prov_confirmation_inputs buffer 567 memcpy(&prov_confirmation_inputs[0], random_device, 16); 568 memcpy(&prov_confirmation_inputs[16], auth_value, 16); 569 570 // calc confirmation device 571 btstack_crypto_aes128_cmac_message(&prov_cmac_request, confirmation_key, 32, prov_confirmation_inputs, confirmation_device, &provisioning_handle_confirmation_device_calculated, NULL); 572 } 573 574 static void provisioning_handle_confirmation_k1_calculated(void * arg){ 575 UNUSED(arg); 576 577 printf("ConfirmationKey: "); 578 printf_hexdump(confirmation_key, sizeof(confirmation_key)); 579 580 printf("AuthValue: "); 581 printf_hexdump(auth_value, 16); 582 583 // generate random_device 584 btstack_crypto_random_generate(&prov_random_request,random_device, 16, &provisioning_handle_confirmation_random_device, NULL); 585 } 586 587 static void provisioning_handle_confirmation_s1_calculated(void * arg){ 588 UNUSED(arg); 589 590 // ConfirmationSalt 591 printf("ConfirmationSalt: "); 592 printf_hexdump(confirmation_salt, sizeof(confirmation_salt)); 593 594 // ConfirmationKey 595 mesh_k1(&prov_cmac_request, dhkey, sizeof(dhkey), confirmation_salt, (const uint8_t*) "prck", 4, confirmation_key, &provisioning_handle_confirmation_k1_calculated, NULL); 596 } 597 598 static void provisioning_handle_confirmation(uint8_t *packet, uint16_t size){ 599 UNUSED(size); 600 UNUSED(packet); 601 602 // 603 if (prov_emit_output_oob_active){ 604 prov_emit_output_oob_active = 0; 605 provisioning_emit_event(1, MESH_SUBEVENT_PB_PROV_STOP_EMIT_OUTPUT_OOB); 606 } 607 608 // CalculationInputs 609 printf("ConfirmationInputs: "); 610 printf_hexdump(prov_confirmation_inputs, sizeof(prov_confirmation_inputs)); 611 612 // calculate s1 613 btstack_crypto_aes128_cmac_zero(&prov_cmac_request, sizeof(prov_confirmation_inputs), prov_confirmation_inputs, confirmation_salt, &provisioning_handle_confirmation_s1_calculated, NULL); 614 } 615 616 // PROV_RANDOM 617 static void provisioning_handle_random_session_nonce_calculated(void * arg){ 618 UNUSED(arg); 619 620 // The nonce shall be the 13 least significant octets == zero most significant octets 621 uint8_t temp[13]; 622 memcpy(temp, &session_nonce[3], 13); 623 memcpy(session_nonce, temp, 13); 624 625 // SessionNonce 626 printf("SessionNonce: "); 627 printf_hexdump(session_nonce, 13); 628 629 device_state = DEVICE_SEND_RANDOM; 630 provisioning_run(); 631 } 632 633 static void provisioning_handle_random_session_key_calculated(void * arg){ 634 UNUSED(arg); 635 636 // SessionKey 637 printf("SessionKey: "); 638 printf_hexdump(session_key, sizeof(session_key)); 639 640 // SessionNonce 641 mesh_k1(&prov_cmac_request, dhkey, sizeof(dhkey), provisioning_salt, (const uint8_t*) "prsn", 4, session_nonce, &provisioning_handle_random_session_nonce_calculated, NULL); 642 } 643 644 static void provisioning_handle_random_s1_calculated(void * arg){ 645 646 UNUSED(arg); 647 648 // ProvisioningSalt 649 printf("ProvisioningSalt: "); 650 printf_hexdump(provisioning_salt, sizeof(provisioning_salt)); 651 652 // SessionKey 653 mesh_k1(&prov_cmac_request, dhkey, sizeof(dhkey), provisioning_salt, (const uint8_t*) "prsk", 4, session_key, &provisioning_handle_random_session_key_calculated, NULL); 654 } 655 656 static void provisioning_handle_random(uint8_t *packet, uint16_t size){ 657 658 UNUSED(size); 659 UNUSED(packet); 660 661 // TODO: validate Confirmation 662 663 // calc ProvisioningSalt = s1(ConfirmationSalt || RandomProvisioner || RandomDevice) 664 memcpy(&prov_confirmation_inputs[0], confirmation_salt, 16); 665 memcpy(&prov_confirmation_inputs[16], packet, 16); 666 memcpy(&prov_confirmation_inputs[32], random_device, 16); 667 btstack_crypto_aes128_cmac_zero(&prov_cmac_request, 48, prov_confirmation_inputs, provisioning_salt, &provisioning_handle_random_s1_calculated, NULL); 668 } 669 670 // PROV_DATA 671 static void provisioning_handle_network_dervived(void * arg){ 672 UNUSED(arg); 673 674 provisioning_timer_stop(); 675 676 // notify client 677 provisioning_emit_event(1, MESH_SUBEVENT_PB_PROV_COMPLETE); 678 679 device_state = DEVICE_SEND_COMPLETE; 680 provisioning_run(); 681 682 } 683 684 static void provisioning_handle_data_device_key(void * arg){ 685 UNUSED(arg); 686 687 // derive full network key 688 mesh_network_key_derive(&prov_cmac_request, network_key, &provisioning_handle_network_dervived, NULL); 689 } 690 691 static void provisioning_handle_data_ccm(void * arg){ 692 693 UNUSED(arg); 694 695 // TODO: validate MIC? 696 uint8_t mic[8]; 697 btstack_crypto_ccm_get_authentication_value(&prov_ccm_request, mic); 698 printf("MIC: "); 699 printf_hexdump(mic, 8); 700 701 // allocate network key 702 network_key = btstack_memory_mesh_network_key_get(); 703 704 // sort provisoning data 705 memcpy(network_key->net_key, provisioning_data, 16); 706 network_key->netkey_index = big_endian_read_16(provisioning_data, 16); 707 // assume free index available for very first network key 708 network_key->internal_index = mesh_network_key_get_free_index(); 709 flags = provisioning_data[18]; 710 iv_index = big_endian_read_32(provisioning_data, 19); 711 unicast_address = big_endian_read_16(provisioning_data, 23); 712 713 // DeviceKey 714 mesh_k1(&prov_cmac_request, dhkey, sizeof(dhkey), provisioning_salt, (const uint8_t*) "prdk", 4, device_key, &provisioning_handle_data_device_key, NULL); 715 } 716 717 static void provisioning_handle_data(uint8_t *packet, uint16_t size){ 718 719 UNUSED(size); 720 721 memcpy(enc_provisioning_data, packet, 25); 722 723 // decode response 724 btstack_crypto_ccm_init(&prov_ccm_request, session_key, session_nonce, 25, 0, 8); 725 btstack_crypto_ccm_decrypt_block(&prov_ccm_request, 25, enc_provisioning_data, provisioning_data, &provisioning_handle_data_ccm, NULL); 726 } 727 728 static void provisioning_handle_unexpected_pdu(uint8_t *packet, uint16_t size){ 729 UNUSED(size); 730 printf("Unexpected PDU #%u in state #%u\n", packet[0], (int) device_state); 731 provisioning_handle_provisioning_error(0x03); 732 } 733 734 static void provisioning_handle_pdu(uint8_t packet_type, uint16_t channel, uint8_t *packet, uint16_t size){ 735 UNUSED(channel); 736 737 if (size < 1) return; 738 739 switch (packet_type){ 740 case HCI_EVENT_PACKET: 741 if (packet[0] != HCI_EVENT_MESH_META) break; 742 switch (packet[2]){ 743 case MESH_SUBEVENT_PB_TRANSPORT_LINK_OPEN: 744 pb_transport_cid = mesh_subevent_pb_transport_link_open_get_pb_transport_cid(packet); 745 pb_type = mesh_subevent_pb_transport_link_open_get_pb_type(packet); 746 printf("Link opened, reset state, transport cid 0x%02x, PB type %d\n", pb_transport_cid, pb_type); 747 provisioning_done(); 748 break; 749 case MESH_SUBEVENT_PB_TRANSPORT_PDU_SENT: 750 printf("Outgoing packet acked\n"); 751 prov_waiting_for_outgoing_complete = 0; 752 break; 753 case MESH_SUBEVENT_PB_TRANSPORT_LINK_CLOSED: 754 printf("Link close, reset state\n"); 755 pb_transport_cid = MESH_PB_TRANSPORT_INVALID_CID; 756 provisioning_done(); 757 break; 758 } 759 break; 760 case PROVISIONING_DATA_PACKET: 761 // check state 762 switch (device_state){ 763 case DEVICE_W4_INVITE: 764 if (packet[0] != MESH_PROV_INVITE) provisioning_handle_unexpected_pdu(packet, size); 765 printf("MESH_PROV_INVITE: "); 766 printf_hexdump(&packet[1], size-1); 767 provisioning_handle_invite(&packet[1], size-1); 768 break; 769 case DEVICE_W4_START: 770 if (packet[0] != MESH_PROV_START) provisioning_handle_unexpected_pdu(packet, size); 771 printf("MESH_PROV_START: "); 772 printf_hexdump(&packet[1], size-1); 773 provisioning_handle_start(&packet[1], size-1); 774 break; 775 case DEVICE_W4_PUB_KEY: 776 if (packet[0] != MESH_PROV_PUB_KEY) provisioning_handle_unexpected_pdu(packet, size); 777 printf("MESH_PROV_PUB_KEY: "); 778 printf_hexdump(&packet[1], size-1); 779 provisioning_handle_public_key(&packet[1], size-1); 780 break; 781 case DEVICE_W4_CONFIRM: 782 if (packet[0] != MESH_PROV_CONFIRM) provisioning_handle_unexpected_pdu(packet, size); 783 printf("MESH_PROV_CONFIRM: "); 784 printf_hexdump(&packet[1], size-1); 785 provisioning_handle_confirmation(&packet[1], size-1); 786 break; 787 case DEVICE_W4_RANDOM: 788 if (packet[0] != MESH_PROV_RANDOM) provisioning_handle_unexpected_pdu(packet, size); 789 printf("MESH_PROV_RANDOM: "); 790 printf_hexdump(&packet[1], size-1); 791 provisioning_handle_random(&packet[1], size-1); 792 break; 793 case DEVICE_W4_DATA: 794 if (packet[0] != MESH_PROV_DATA) provisioning_handle_unexpected_pdu(packet, size); 795 printf("MESH_PROV_DATA: "); 796 provisioning_handle_data(&packet[1], size-1); 797 break; 798 default: 799 break; 800 } 801 break; 802 default: 803 break; 804 } 805 provisioning_run(); 806 } 807 808 static void prov_key_generated(void * arg){ 809 UNUSED(arg); 810 printf("ECC-P256: "); 811 printf_hexdump(prov_ec_q, sizeof(prov_ec_q)); 812 // allow override 813 if (prov_public_key_oob_available){ 814 printf("Replace generated ECC with Public Key OOB:"); 815 memcpy(prov_ec_q, prov_public_key_oob_q, 64); 816 printf_hexdump(prov_ec_q, sizeof(prov_ec_q)); 817 btstack_crypto_ecc_p256_set_key(prov_public_key_oob_q, prov_public_key_oob_d); 818 } 819 } 820 821 void provisioning_device_init(void){ 822 // setup PB ADV 823 pb_adv_init(); 824 pb_adv_register_packet_handler(&provisioning_handle_pdu); 825 // setup PB GATT 826 pb_gatt_init(); 827 pb_gatt_register_packet_handler(&provisioning_handle_pdu); 828 829 pb_transport_cid = MESH_PB_TRANSPORT_INVALID_CID; 830 831 // init provisioning state 832 provisioning_done(); 833 834 // generate public key 835 btstack_crypto_ecc_p256_generate_key(&prov_ecc_p256_request, prov_ec_q, &prov_key_generated, NULL); 836 } 837 838 void provisioning_device_register_packet_handler(btstack_packet_handler_t packet_handler){ 839 prov_packet_handler = packet_handler; 840 } 841 842 void provisioning_device_set_public_key_oob(const uint8_t * public_key, const uint8_t * private_key){ 843 prov_public_key_oob_q = public_key; 844 prov_public_key_oob_d = private_key; 845 prov_public_key_oob_available = 1; 846 btstack_crypto_ecc_p256_set_key(prov_public_key_oob_q, prov_public_key_oob_d); 847 } 848 849 void provisioning_device_set_static_oob(uint16_t static_oob_len, const uint8_t * static_oob_data){ 850 prov_static_oob_available = 1; 851 prov_static_oob_data = static_oob_data; 852 prov_static_oob_len = btstack_min(static_oob_len, 16); 853 } 854 855 void provisioning_device_set_output_oob_actions(uint16_t supported_output_oob_action_types, uint8_t max_oob_output_size){ 856 prov_output_oob_actions = supported_output_oob_action_types; 857 prov_output_oob_size = max_oob_output_size; 858 } 859 860 void provisioning_device_set_input_oob_actions(uint16_t supported_input_oob_action_types, uint8_t max_oob_input_size){ 861 prov_input_oob_actions = supported_input_oob_action_types; 862 prov_input_oob_size = max_oob_input_size; 863 } 864 865 void provisioning_device_input_oob_complete_numeric(uint16_t pb_adv_cid, uint32_t input_oob){ 866 UNUSED(pb_adv_cid); 867 if (device_state != DEVICE_W4_INPUT_OOK) return; 868 869 // store input_oob as auth value 870 big_endian_store_32(auth_value, 12, input_oob); 871 device_state = DEVICE_SEND_INPUT_COMPLETE; 872 provisioning_run(); 873 } 874 875 void provisioning_device_input_oob_complete_alphanumeric(uint16_t pb_adv_cid, const uint8_t * input_oob_data, uint16_t input_oob_len){ 876 UNUSED(pb_adv_cid); 877 if (device_state != DEVICE_W4_INPUT_OOK) return; 878 879 // store input_oob and fillup with zeros 880 input_oob_len = btstack_min(input_oob_len, 16); 881 memset(auth_value, 0, 16); 882 memcpy(auth_value, input_oob_data, input_oob_len); 883 device_state = DEVICE_SEND_INPUT_COMPLETE; 884 provisioning_run(); 885 } 886 887 void provisioning_device_data_get(mesh_provisioning_data_t * the_provisioning_data){ 888 the_provisioning_data->unicast_address = unicast_address; 889 the_provisioning_data->iv_index = iv_index; 890 the_provisioning_data->flags = flags; 891 memcpy(the_provisioning_data->device_key, device_key, 16); 892 the_provisioning_data->network_key = network_key; 893 } 894