michaelh/zephyr
1
0
Fork 0
Code Releases Activity

Bluetooth: Mesh: split prov.c into two separate modules

Browse source 
Currently all provisioning procedure into common source
files call `prov.c`, that will not compile separately.

Add `BT_MESH_NODE` to control whether nodes are supported
and device provisioning is supported, this will be used in
provisioner role.

Add more provisioner OOB authentication method.

Signed-off-by: Lingao Meng <mengabc1086@gmail.com>
This commit is contained in:
Lingao Meng 2020-09-17 13:47:37 +08:00 committed by Johan Hedberg
commit 5374245dd6
14 changed files with 1782 additions and 1072 deletions
Download patch file Download diff file Expand all files Collapse all files

125
include/bluetooth/mesh/main.h
View file

@ -63,6 +63,33 @@ typedef enum {
BT_MESH_PROV_OOB_ON_DEV = BIT(15),
} bt_mesh_prov_oob_info_t;
/** Device Capabilities. */
struct bt_mesh_dev_capabilities {
/** Number of elements supported by the device */
uint8_t elem_count;
/** Supported algorithms and other capabilities */
uint16_t algorithms;
/** Supported public key types */
uint8_t pub_key_type;
/** Supported static OOB Types */
uint8_t static_oob;
/** Supported Output OOB Actions */
bt_mesh_output_action_t output_actions;
/** Supported Input OOB Actions */
bt_mesh_input_action_t input_actions;
/** Maximum size of Output OOB supported */
uint8_t output_size;
/** Maximum size in octets of Input OOB supported */
uint8_t input_size;
};
/** Provisioning properties & capabilities. */
struct bt_mesh_prov {
/** The UUID that's used when advertising as unprovisioned */
@ -93,6 +120,21 @@ struct bt_mesh_prov {
/** Supported Input OOB Actions */
uint16_t input_actions;
/** @brief Provisioning Capabilities.
*
* This callback notifies the application that the provisioning capabilities
* of the unprovisioned device has been received.
*
* The application can consequently call bt_mesh_auth_method_set_<*> to
* select suitable provisioning oob authentication method.
*
* When this callback returns, the provisioner will start authentication with
* the chosen method.
*
* @param cap capabilities supported by device.
*/
void (*capabilities)(const struct bt_mesh_dev_capabilities *cap);
/** @brief Output of a number is requested.
*
* This callback notifies the application that it should
@ -230,6 +272,89 @@ int bt_mesh_input_string(const char *str);
*/
int bt_mesh_input_number(uint32_t num);
/** @brief Provide Device public key.
*
* @param public_key Device public key.
*
* @return Zero on success or (negative) error code otherwise.
*/
int bt_mesh_prov_remote_pub_key_set(const uint8_t public_key[64]);
/** @brief Use Input OOB authentication.
*
* Provisioner only.
*
* Instruct the unprovisioned device to use the specified Input OOB
* authentication action. When using @ref BT_MESH_PUSH, @ref BT_MESH_TWIST or
* @ref BT_MESH_ENTER_NUMBER, the @ref bt_mesh_prov::output_number callback is
* called with a random number that has to be entered on the unprovisioned
* device.
*
* When using @ref BT_MESH_ENTER_STRING, the @ref bt_mesh_prov::output_string
* callback is called with a random string that has to be entered on the
* unprovisioned device.
*
* @param action Authentication action used by the unprovisioned device.
* @param size Authentication size.
*
* @return Zero on success or (negative) error code otherwise.
*/
int bt_mesh_auth_method_set_input(bt_mesh_input_action_t action, uint8_t size);
/** @brief Use Output OOB authentication.
*
* Provisioner only.
*
* Instruct the unprovisioned device to use the specified Output OOB
* authentication action. The @ref bt_mesh_prov::input callback will
* be called.
*
* When using @ref BT_MESH_BLINK, @ref BT_MESH_BEEP, @ref BT_MESH_VIBRATE
* or @ref BT_MESH_DISPLAY_NUMBER, and the application has to call
* @ref bt_mesh_input_number with the random number indicated by
* the unprovisioned device.
*
* When using @ref BT_MESH_DISPLAY_STRING, the application has to call
* @ref bt_mesh_input_string with the random string displayed by the
* unprovisioned device.
*
* @param action Authentication action used by the unprovisioned device.
* @param size Authentication size.
*
* @return Zero on success or (negative) error code otherwise.
*/
int bt_mesh_auth_method_set_output(bt_mesh_output_action_t action, uint8_t size);
/** @brief Use static OOB authentication.
*
* Provisioner only.
*
* Instruct the unprovisioned device to use static OOB authentication, and use
* the given static authentication value when provisioning.
*
* @param static_val Static OOB value.
* @param size Static OOB value size.
*
* @return Zero on success or (negative) error code otherwise.
*/
int bt_mesh_auth_method_set_static(const uint8_t *static_val, uint8_t size);
/** @brief Don't use OOB authentication.
*
* Provisioner only.
*
* Don't use any authentication when provisioning new devices. This is the
* default behavior.
*
* @warning Not using any authentication exposes the mesh network to
* impersonation attacks, where attackers can pretend to be the
* unprovisioned device to gain access to the network. Authentication
* is strongly encouraged.
*
* @return Zero on success or (negative) error code otherwise.
*/
int bt_mesh_auth_method_set_none(void);
/** @brief Enable specific provisioning bearers
*
* Enable one or more provisioning bearers.

1
samples/bluetooth/mesh_provisioner/prj.conf
View file

@ -19,6 +19,7 @@ CONFIG_BT_MESH_CFG_CLI=y
CONFIG_BT_MESH_HEALTH_CLI=y
CONFIG_BT_MESH_PROVISIONER=y
CONFIG_BT_MESH_PROV_DEVICE=n
CONFIG_BT_MESH_CDB=y
CONFIG_BT_MESH_CDB_NODE_COUNT=3
CONFIG_BT_MESH_CDB_SUBNET_COUNT=3

4
subsys/bluetooth/mesh/CMakeLists.txt
View file

@ -26,6 +26,10 @@ zephyr_library_sources_ifdef(CONFIG_BT_MESH_FRIEND friend.c)
zephyr_library_sources_ifdef(CONFIG_BT_MESH_PROV prov.c)
zephyr_library_sources_ifdef(CONFIG_BT_MESH_PROV_DEVICE prov_device.c)
zephyr_library_sources_ifdef(CONFIG_BT_MESH_PROVISIONER provisioner.c)
zephyr_library_sources_ifdef(CONFIG_BT_MESH_PB_ADV pb_adv.c)
zephyr_library_sources_ifdef(CONFIG_BT_MESH_PB_GATT pb_gatt.c)

17
subsys/bluetooth/mesh/Kconfig
View file

@ -21,6 +21,13 @@ if BT_MESH
config BT_MESH_PROV
bool
config BT_MESH_PROV_DEVICE
bool "Provisioning device role support"
depends on BT_MESH_PROV
default y
help
Enable this option to allow the device to be provisioned into a mesh network.
config BT_MESH_PB_ADV
bool "Provisioning support using the advertising bearer (PB-ADV)"
select BT_MESH_PROV
@ -47,12 +54,14 @@ config BT_MESH_PB_ADV_RETRANS_TIMEOUT
config BT_MESH_PROVISIONER
bool "Provisioner support"
select BT_MESH_PROV
depends on BT_MESH_PROV
depends on BT_MESH_PB_ADV
help
Enable this option to have support for provisioning remote devices.
config BT_MESH_CDB
bool "Mesh Configuration Database [EXPERIMENTAL]"
default y if BT_MESH_PROVISIONER
if BT_MESH_CDB
@ -654,6 +663,12 @@ config BT_MESH_DEBUG_PROV
Use this option to enable Provisioning debug logs for the
Bluetooth Mesh functionality.
config BT_MESH_DEBUG_PROVISIONER
bool "Provisioner debug"
help
Use this option to enable Provisioner debug logs for the
Bluetooth Mesh functionality.
config BT_MESH_DEBUG_ACCESS
bool "Access layer debug"
help

2
subsys/bluetooth/mesh/beacon.c
View file

@ -233,7 +233,7 @@ static void update_beacon_observation(void)
static void beacon_send(struct k_work *work)
{
/* Don't send anything if we have an active provisioning link */
if (IS_ENABLED(CONFIG_BT_MESH_PB_ADV) && bt_prov_active()) {
if (IS_ENABLED(CONFIG_BT_MESH_PB_ADV) && bt_mesh_prov_active()) {
k_delayed_work_submit(&beacon_timer, K_SECONDS(CONFIG_BT_MESH_UNPROV_BEACON_INT));
return;
}

1
subsys/bluetooth/mesh/main.c
View file

@ -23,6 +23,7 @@
#include "test.h"
#include "adv.h"
#include "prov.h"
#include "provisioner.h"
#include "net.h"
#include "app_keys.h"
#include "rpl.h"

69
subsys/bluetooth/mesh/pb_adv.c
View file

@ -13,11 +13,10 @@
#include <net/buf.h>
#include "host/testing.h"
#include "net.h"
#include "prov.h"
#include "adv.h"
#include "crypto.h"
#include "beacon.h"
#include "prov_bearer.h"
#include "prov.h"
#define BT_DBG_ENABLED IS_ENABLED(CONFIG_BT_MESH_DEBUG_PROV)
#define LOG_MODULE_NAME bt_mesh_pb_adv
@ -61,20 +60,20 @@
#define RETRANSMITS_ACK 2
enum {
LINK_ACTIVE, /* Link has been opened */
LINK_ACK_RECVD, /* Ack for link has been received */
LINK_CLOSING, /* Link is closing down */
LINK_INVALID, /* Error occurred during provisioning */
ACK_PENDING, /* An acknowledgment is being sent */
PROVISIONER, /* The link was opened as provisioner */
ADV_LINK_ACTIVE, /* Link has been opened */
ADV_LINK_ACK_RECVD, /* Ack for link has been received */
ADV_LINK_CLOSING, /* Link is closing down */
ADV_LINK_INVALID, /* Error occurred during provisioning */
ADV_ACK_PENDING, /* An acknowledgment is being sent */
ADV_PROVISIONER, /* The link was opened as provisioner */
NUM_FLAGS,
ADV_NUM_FLAGS,
};
struct pb_adv {
uint32_t id; /* Link ID */
ATOMIC_DEFINE(flags, NUM_FLAGS);
ATOMIC_DEFINE(flags, ADV_NUM_FLAGS);
const struct prov_bearer_cb *cb;
void *cb_data;
@ -190,7 +189,7 @@ static void reset_adv_link(void)
k_delayed_work_cancel(&link.prot_timer);
if (atomic_test_bit(link.flags, PROVISIONER)) {
if (atomic_test_bit(link.flags, ADV_PROVISIONER)) {
/* Clear everything except the retransmit and protocol timer
* delayed work objects.
*/
@ -236,19 +235,19 @@ static struct net_buf *adv_buf_create(uint8_t retransmits)
static void ack_complete(uint16_t duration, int err, void *user_data)
{
BT_DBG("xact 0x%x complete", (uint8_t)link.tx.pending_ack);
atomic_clear_bit(link.flags, ACK_PENDING);
atomic_clear_bit(link.flags, ADV_ACK_PENDING);
}
static bool ack_pending(void)
{
return atomic_test_bit(link.flags, ACK_PENDING);
return atomic_test_bit(link.flags, ADV_ACK_PENDING);
}
static void prov_failed(uint8_t err)
{
BT_DBG("%u", err);
link.cb->error(&pb_adv, link.cb_data, err);
atomic_set_bit(link.flags, LINK_INVALID);
atomic_set_bit(link.flags, ADV_LINK_INVALID);
}
static void prov_msg_recv(void)
@ -262,7 +261,7 @@ static void prov_msg_recv(void)
gen_prov_ack_send(link.rx.id);
if (atomic_test_bit(link.flags, LINK_INVALID)) {
if (atomic_test_bit(link.flags, ADV_LINK_INVALID)) {
BT_WARN("Unexpected msg 0x%02x on invalidated link",
link.rx.buf->data[0]);
prov_failed(PROV_ERR_UNEXP_PDU);
@ -290,7 +289,7 @@ static void gen_prov_ack_send(uint8_t xact_id)
};
const struct bt_mesh_send_cb *complete;
struct net_buf *buf;
bool pending = atomic_test_and_set_bit(link.flags, ACK_PENDING);
bool pending = atomic_test_and_set_bit(link.flags, ADV_ACK_PENDING);
BT_DBG("xact_id 0x%x", xact_id);
@ -301,7 +300,7 @@ static void gen_prov_ack_send(uint8_t xact_id)
buf = adv_buf_create(RETRANSMITS_ACK);
if (!buf) {
atomic_clear_bit(link.flags, ACK_PENDING);
atomic_clear_bit(link.flags, ADV_ACK_PENDING);
return;
}
@ -394,8 +393,8 @@ static void gen_prov_ack(struct prov_rx *rx, struct net_buf_simple *buf)
}
if (rx->xact_id == link.tx.id) {
/* Don't clear resending of LINK_CLOSE messages */
if (!atomic_test_bit(link.flags, LINK_CLOSING)) {
/* Don't clear resending of link_close messages */
if (!atomic_test_bit(link.flags, ADV_LINK_CLOSING)) {
prov_clear_tx();
}
@ -489,14 +488,14 @@ static void gen_prov_ctl(struct prov_rx *rx, struct net_buf_simple *buf)
link_open(rx, buf);
break;
case LINK_ACK:
if (!atomic_test_bit(link.flags, LINK_ACTIVE)) {
if (!atomic_test_bit(link.flags, ADV_LINK_ACTIVE)) {
return;
}
link_ack(rx, buf);
break;
case LINK_CLOSE:
if (!atomic_test_bit(link.flags, LINK_ACTIVE)) {
if (!atomic_test_bit(link.flags, ADV_LINK_ACTIVE)) {
return;
}
@ -531,7 +530,7 @@ static void gen_prov_recv(struct prov_rx *rx, struct net_buf_simple *buf)
return;
}
if (!atomic_test_bit(link.flags, LINK_ACTIVE) &&
if (!atomic_test_bit(link.flags, ADV_LINK_ACTIVE) &&
gen_prov[GPCF(rx->gpc)].require_link) {
BT_DBG("Ignoring message that requires active link");
return;
@ -572,24 +571,24 @@ static void prov_retransmit(struct k_work *work)
BT_DBG("");
if (!atomic_test_bit(link.flags, LINK_ACTIVE)) {
if (!atomic_test_bit(link.flags, ADV_LINK_ACTIVE)) {
BT_WARN("Link not active");
return;
}
/*
* According to mesh profile spec (5.3.1.4.3), the close message should
* be restransmitted at least three times. Retransmit the LINK_CLOSE
* be restransmitted at least three times. Retransmit the link_close
* message until CLOSING_TIMEOUT has elapsed.
*/
if (atomic_test_bit(link.flags, LINK_CLOSING)) {
if (atomic_test_bit(link.flags, ADV_LINK_CLOSING)) {
timeout_ms = CLOSING_TIMEOUT;
} else {
timeout_ms = TRANSACTION_TIMEOUT;
}
if (k_uptime_get() - link.tx.start > timeout_ms) {
if (atomic_test_bit(link.flags, LINK_CLOSING)) {
if (atomic_test_bit(link.flags, ADV_LINK_CLOSING)) {
close_link(PROV_BEARER_LINK_STATUS_SUCCESS);
} else {
BT_WARN("Giving up transaction");
@ -732,7 +731,7 @@ static void link_open(struct prov_rx *rx, struct net_buf_simple *buf)
return;
}
if (atomic_test_bit(link.flags, LINK_ACTIVE)) {
if (atomic_test_bit(link.flags, ADV_LINK_ACTIVE)) {
/* Send another link ack if the provisioner missed the last */
if (link.id == rx->link_id) {
BT_DBG("Resending link ack");
@ -750,7 +749,7 @@ static void link_open(struct prov_rx *rx, struct net_buf_simple *buf)
}
link.id = rx->link_id;
atomic_set_bit(link.flags, LINK_ACTIVE);
atomic_set_bit(link.flags, ADV_LINK_ACTIVE);
net_buf_simple_reset(link.rx.buf);
bearer_ctl_send(LINK_ACK, NULL, 0, false);
@ -762,8 +761,8 @@ static void link_ack(struct prov_rx *rx, struct net_buf_simple *buf)
{
BT_DBG("len %u", buf->len);
if (atomic_test_bit(link.flags, PROVISIONER)) {
if (atomic_test_and_set_bit(link.flags, LINK_ACK_RECVD)) {
if (atomic_test_bit(link.flags, ADV_PROVISIONER)) {
if (atomic_test_and_set_bit(link.flags, ADV_LINK_ACK_RECVD)) {
return;
}
@ -805,7 +804,7 @@ void bt_mesh_pb_adv_recv(struct net_buf_simple *buf)
rx.xact_id = net_buf_simple_pull_u8(buf);
rx.gpc = net_buf_simple_pull_u8(buf);
if (atomic_test_bit(link.flags, LINK_ACTIVE) && link.id != rx.link_id) {
if (atomic_test_bit(link.flags, ADV_LINK_ACTIVE) && link.id != rx.link_id) {
return;
}
@ -819,11 +818,11 @@ static int prov_link_open(const uint8_t uuid[16], k_timeout_t timeout,
{
BT_DBG("uuid %s", bt_hex(uuid, 16));
if (atomic_test_and_set_bit(link.flags, LINK_ACTIVE)) {
if (atomic_test_and_set_bit(link.flags, ADV_LINK_ACTIVE)) {
return -EBUSY;
}
atomic_set_bit(link.flags, PROVISIONER);
atomic_set_bit(link.flags, ADV_PROVISIONER);
bt_rand(&link.id, sizeof(link.id));
link.tx.id = XACT_ID_MAX;
@ -840,7 +839,7 @@ static int prov_link_open(const uint8_t uuid[16], k_timeout_t timeout,
static int prov_link_accept(const struct prov_bearer_cb *cb, void *cb_data)
{
if (atomic_test_bit(link.flags, LINK_ACTIVE)) {
if (atomic_test_bit(link.flags, ADV_LINK_ACTIVE)) {
return -EBUSY;
}
@ -859,7 +858,7 @@ static int prov_link_accept(const struct prov_bearer_cb *cb, void *cb_data)
static void prov_link_close(enum prov_bearer_link_status status)
{
if (atomic_test_and_set_bit(link.flags, LINK_CLOSING)) {
if (atomic_test_and_set_bit(link.flags, ADV_LINK_CLOSING)) {
return;
}

3
subsys/bluetooth/mesh/pb_gatt.c
View file

@ -8,11 +8,10 @@
*/
#include <bluetooth/mesh.h>
#include <bluetooth/conn.h>
#include "prov.h"
#include "net.h"
#include "proxy.h"
#include "adv.h"
#include "prov_bearer.h"
#include "prov.h"
#define BT_DBG_ENABLED IS_ENABLED(CONFIG_BT_MESH_DEBUG_PROV)
#define LOG_MODULE_NAME bt_mesh_pb_gatt

1138
subsys/bluetooth/mesh/prov.c
View file

File diff suppressed because it is too large Load diff

130
subsys/bluetooth/mesh/prov.h
View file

@ -2,10 +2,16 @@
/*
* Copyright (c) 2017 Intel Corporation
* Copyright (c) 2020 Lingao Meng
*
* SPDX-License-Identifier: Apache-2.0
*/
#ifndef ZEPHYR_SUBSYS_BLUETOOTH_MESH_PROV_H_
#define ZEPHYR_SUBSYS_BLUETOOTH_MESH_PROV_H_
#include "prov_bearer.h"
#define PROV_ERR_NONE 0x00
#define PROV_ERR_NVAL_PDU 0x01
#define PROV_ERR_NVAL_FMT 0x02
@ -16,12 +22,117 @@
#define PROV_ERR_UNEXP_ERR 0x07
#define PROV_ERR_ADDR 0x08
int bt_mesh_pb_adv_open(const uint8_t uuid[16], uint16_t net_idx, uint16_t addr,
uint8_t attention_duration);
#define AUTH_METHOD_NO_OOB 0x00
#define AUTH_METHOD_STATIC 0x01
#define AUTH_METHOD_OUTPUT 0x02
#define AUTH_METHOD_INPUT 0x03
void bt_mesh_pb_adv_recv(struct net_buf_simple *buf);
#define OUTPUT_OOB_BLINK 0x00
#define OUTPUT_OOB_BEEP 0x01
#define OUTPUT_OOB_VIBRATE 0x02
#define OUTPUT_OOB_NUMBER 0x03
#define OUTPUT_OOB_STRING 0x04
bool bt_prov_active(void);
#define INPUT_OOB_PUSH 0x00
#define INPUT_OOB_TWIST 0x01
#define INPUT_OOB_NUMBER 0x02
#define INPUT_OOB_STRING 0x03
#define PUB_KEY_NO_OOB 0x00
#define PUB_KEY_OOB 0x01
#define PROV_INVITE 0x00
#define PROV_CAPABILITIES 0x01
#define PROV_START 0x02
#define PROV_PUB_KEY 0x03
#define PROV_INPUT_COMPLETE 0x04
#define PROV_CONFIRM 0x05
#define PROV_RANDOM 0x06
#define PROV_DATA 0x07
#define PROV_COMPLETE 0x08
#define PROV_FAILED 0x09
#define PROV_NO_PDU 0xff
#define PROV_ALG_P256 0x00
#define PROV_BUF(name, len) \
NET_BUF_SIMPLE_DEFINE(name, PROV_BEARER_BUF_HEADROOM + len)
enum {
WAIT_PUB_KEY, /* Waiting for local PubKey to be generated */
LINK_ACTIVE, /* Link has been opened */
WAIT_NUMBER, /* Waiting for number input from user */
WAIT_STRING, /* Waiting for string input from user */
NOTIFY_INPUT_COMPLETE, /* Notify that input has been completed. */
PROVISIONER, /* The link was opened as provisioner */
OOB_PUB_KEY, /* OOB Public key used */
PUB_KEY_SENT, /* Public key has been sent */
REMOTE_PUB_KEY, /* Remote key has been received */
INPUT_COMPLETE, /* Device input completed */
WAIT_CONFIRM, /* Wait for send confirm */
WAIT_AUTH, /* Wait for auth response */
OOB_STATIC_KEY, /* OOB Static Authentication */
NUM_FLAGS,
};
/** Provisioning role */
struct bt_mesh_prov_role {
void (*link_opened)(void);
void (*link_closed)(void);
void (*error)(uint8_t reason);
void (*input_complete)(void);
void (*op[10])(const uint8_t *data);
};
struct bt_mesh_prov_link {
uint8_t oob_method; /* Authen method */
uint8_t oob_action; /* Authen action */
uint8_t oob_size; /* Authen size */
uint8_t auth[16]; /* Authen value */
uint8_t dhkey[32]; /* Calculated DHKey */
uint8_t expect; /* Next expected PDU */
uint8_t conf[16]; /* Remote Confirmation */
uint8_t rand[16]; /* Local Random */
uint8_t conf_salt[16]; /* ConfirmationSalt */
uint8_t conf_key[16]; /* ConfirmationKey */
uint8_t conf_inputs[145]; /* ConfirmationInputs */
uint8_t prov_salt[16]; /* Provisioning Salt */
const struct prov_bearer *bearer;
const struct bt_mesh_prov_role *role;
ATOMIC_DEFINE(flags, NUM_FLAGS);
};
extern struct bt_mesh_prov_link bt_mesh_prov_link;
extern const struct bt_mesh_prov *bt_mesh_prov;
static inline int bt_mesh_prov_send(struct net_buf_simple *buf,
prov_bearer_send_complete_t cb)
{
return bt_mesh_prov_link.bearer->send(buf, cb, NULL);
}
static inline void bt_mesh_prov_buf_init(struct net_buf_simple *buf, uint8_t type)
{
net_buf_simple_reserve(buf, PROV_BEARER_BUF_HEADROOM);
net_buf_simple_add_u8(buf, type);
}
int bt_mesh_prov_reset_state(void (*func)(const uint8_t key[64]));
bool bt_mesh_prov_active(void);
int bt_mesh_prov_auth(uint8_t method, uint8_t action, uint8_t size);
int bt_mesh_pb_gatt_open(struct bt_conn *conn);
int bt_mesh_pb_gatt_close(struct bt_conn *conn);
@ -29,8 +140,13 @@ int bt_mesh_pb_gatt_recv(struct bt_conn *conn, struct net_buf_simple *buf);
const struct bt_mesh_prov *bt_mesh_prov_get(void);
void bt_mesh_prov_complete(uint16_t net_idx, uint16_t addr);
void bt_mesh_prov_reset(void);
const struct prov_bearer_cb *bt_mesh_prov_bearer_cb_get(void);
void bt_mesh_pb_adv_recv(struct net_buf_simple *buf);
int bt_mesh_prov_init(const struct bt_mesh_prov *prov);
void bt_mesh_prov_complete(uint16_t net_idx, uint16_t addr);
void bt_mesh_prov_node_added(uint16_t net_idx, uint16_t addr, uint8_t num_elem);
void bt_mesh_prov_reset(void);
#endif /* ZEPHYR_SUBSYS_BLUETOOTH_MESH_PROV_H_ */

589
subsys/bluetooth/mesh/prov_device.c Normal file
View file

@ -0,0 +1,589 @@
/* Bluetooth Mesh */
/*
* Copyright (c) 2017 Intel Corporation
* Copyright (c) 2020 Lingao Meng
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <zephyr.h>
#include <errno.h>
#include <sys/atomic.h>
#include <sys/util.h>
#include <sys/byteorder.h>
#include <net/buf.h>
#include <bluetooth/bluetooth.h>
#include <bluetooth/conn.h>
#include <bluetooth/mesh.h>
#include <bluetooth/uuid.h>
#define BT_DBG_ENABLED IS_ENABLED(CONFIG_BT_MESH_DEBUG_PROV)
#define LOG_MODULE_NAME bt_mesh_prov_device
#include "common/log.h"
#include "host/ecc.h"
#include "host/testing.h"
#include "crypto.h"
#include "adv.h"
#include "mesh.h"
#include "net.h"
#include "rpl.h"
#include "beacon.h"
#include "access.h"
#include "foundation.h"
#include "proxy.h"
#include "prov.h"
#include "settings.h"
static void send_pub_key(void);
static void pub_key_ready(const uint8_t *pkey);
static int reset_state(void)
{
return bt_mesh_prov_reset_state(pub_key_ready);
}
static void prov_send_fail_msg(uint8_t err)
{
PROV_BUF(buf, 2);
BT_DBG("%u", err);
bt_mesh_prov_link.expect = PROV_NO_PDU;
bt_mesh_prov_buf_init(&buf, PROV_FAILED);
net_buf_simple_add_u8(&buf, err);
if (bt_mesh_prov_send(&buf, NULL)) {
BT_ERR("Failed to send Provisioning Failed message");
}
}
static void prov_fail(uint8_t reason)
{
/* According to Bluetooth Mesh Specification v1.0.1, Section 5.4.4, the
* provisioner just closes the link when something fails, while the
* provisionee sends the fail message, and waits for the provisioner to
* close the link.
*/
prov_send_fail_msg(reason);
}
static void prov_invite(const uint8_t *data)
{
PROV_BUF(buf, 12);
BT_DBG("Attention Duration: %u seconds", data[0]);
if (data[0]) {
bt_mesh_attention(NULL, data[0]);
}
bt_mesh_prov_link.conf_inputs[0] = data[0];
bt_mesh_prov_buf_init(&buf, PROV_CAPABILITIES);
/* Number of Elements supported */
net_buf_simple_add_u8(&buf, bt_mesh_elem_count());
/* Supported algorithms - FIPS P-256 Eliptic Curve */
net_buf_simple_add_be16(&buf, BIT(PROV_ALG_P256));
/* Public Key Type, Only "No OOB" Public Key is supported */
net_buf_simple_add_u8(&buf, PUB_KEY_NO_OOB);
/* Static OOB Type */
net_buf_simple_add_u8(&buf, bt_mesh_prov->static_val ? BIT(0) : 0x00);
/* Output OOB Size */
net_buf_simple_add_u8(&buf, bt_mesh_prov->output_size);
/* Output OOB Action */
net_buf_simple_add_be16(&buf, bt_mesh_prov->output_actions);
/* Input OOB Size */
net_buf_simple_add_u8(&buf, bt_mesh_prov->input_size);
/* Input OOB Action */
net_buf_simple_add_be16(&buf, bt_mesh_prov->input_actions);
memcpy(&bt_mesh_prov_link.conf_inputs[1], &buf.data[1], 11);
if (bt_mesh_prov_send(&buf, NULL)) {
BT_ERR("Failed to send capabilities");
return;
}
bt_mesh_prov_link.expect = PROV_START;
}
static void prov_start(const uint8_t *data)
{
BT_DBG("Algorithm: 0x%02x", data[0]);
BT_DBG("Public Key: 0x%02x", data[1]);
BT_DBG("Auth Method: 0x%02x", data[2]);
BT_DBG("Auth Action: 0x%02x", data[3]);
BT_DBG("Auth Size: 0x%02x", data[4]);
if (data[0] != PROV_ALG_P256) {
BT_ERR("Unknown algorithm 0x%02x", data[0]);
prov_fail(PROV_ERR_NVAL_FMT);
return;
}
if (data[1] != PUB_KEY_NO_OOB) {
BT_ERR("Invalid public key type: 0x%02x", data[1]);
prov_fail(PROV_ERR_NVAL_FMT);
return;
}
memcpy(&bt_mesh_prov_link.conf_inputs[12], data, 5);
bt_mesh_prov_link.expect = PROV_PUB_KEY;
if (bt_mesh_prov_auth(data[2], data[3], data[4]) < 0) {
BT_ERR("Invalid authentication method: 0x%02x; "
"action: 0x%02x; size: 0x%02x", data[2], data[3],
data[4]);
prov_fail(PROV_ERR_NVAL_FMT);
}
if (atomic_test_bit(bt_mesh_prov_link.flags, OOB_STATIC_KEY)) {
memcpy(bt_mesh_prov_link.auth + 16 - bt_mesh_prov->static_val_len,
bt_mesh_prov->static_val, bt_mesh_prov->static_val_len);
(void)memset(bt_mesh_prov_link.auth, 0,
sizeof(bt_mesh_prov_link.auth) - bt_mesh_prov->static_val_len);
}
}
static void send_confirm(void)
{
PROV_BUF(cfm, 17);
BT_DBG("ConfInputs[0] %s", bt_hex(bt_mesh_prov_link.conf_inputs, 64));
BT_DBG("ConfInputs[64] %s", bt_hex(&bt_mesh_prov_link.conf_inputs[64], 64));
BT_DBG("ConfInputs[128] %s", bt_hex(&bt_mesh_prov_link.conf_inputs[128], 17));
if (bt_mesh_prov_conf_salt(bt_mesh_prov_link.conf_inputs,
bt_mesh_prov_link.conf_salt)) {
BT_ERR("Unable to generate confirmation salt");
prov_fail(PROV_ERR_UNEXP_ERR);
return;
}
BT_DBG("ConfirmationSalt: %s", bt_hex(bt_mesh_prov_link.conf_salt, 16));
if (bt_mesh_prov_conf_key(bt_mesh_prov_link.dhkey, bt_mesh_prov_link.conf_salt,
bt_mesh_prov_link.conf_key)) {
BT_ERR("Unable to generate confirmation key");
prov_fail(PROV_ERR_UNEXP_ERR);
return;
}
BT_DBG("ConfirmationKey: %s", bt_hex(bt_mesh_prov_link.conf_key, 16));
if (bt_rand(bt_mesh_prov_link.rand, 16)) {
BT_ERR("Unable to generate random number");
prov_fail(PROV_ERR_UNEXP_ERR);
return;
}
BT_DBG("LocalRandom: %s", bt_hex(bt_mesh_prov_link.rand, 16));
bt_mesh_prov_buf_init(&cfm, PROV_CONFIRM);
if (bt_mesh_prov_conf(bt_mesh_prov_link.conf_key, bt_mesh_prov_link.rand,
bt_mesh_prov_link.auth, net_buf_simple_add(&cfm, 16))) {
BT_ERR("Unable to generate confirmation value");
prov_fail(PROV_ERR_UNEXP_ERR);
return;
}
if (bt_mesh_prov_send(&cfm, NULL)) {
BT_ERR("Failed to send Provisioning Confirm");
return;
}
bt_mesh_prov_link.expect = PROV_RANDOM;
}
static void send_input_complete(void)
{
PROV_BUF(buf, 1);
bt_mesh_prov_buf_init(&buf, PROV_INPUT_COMPLETE);
if (bt_mesh_prov_send(&buf, NULL)) {
BT_ERR("Failed to send Provisioning Input Complete");
}
bt_mesh_prov_link.expect = PROV_CONFIRM;
}
static void public_key_sent(int err, void *cb_data)
{
atomic_set_bit(bt_mesh_prov_link.flags, PUB_KEY_SENT);
if (atomic_test_bit(bt_mesh_prov_link.flags, INPUT_COMPLETE)) {
send_input_complete();
return;
}
}
static void send_pub_key(void)
{
PROV_BUF(buf, 65);
const uint8_t *key;
key = bt_pub_key_get();
if (!key) {
BT_ERR("No public key available");
prov_fail(PROV_ERR_UNEXP_ERR);
return;
}
BT_DBG("Local Public Key: %s", bt_hex(key, 64));
bt_mesh_prov_buf_init(&buf, PROV_PUB_KEY);
/* Swap X and Y halves independently to big-endian */
sys_memcpy_swap(net_buf_simple_add(&buf, 32), key, 32);
sys_memcpy_swap(net_buf_simple_add(&buf, 32), &key[32], 32);
/* PublicKeyRemote */
memcpy(&bt_mesh_prov_link.conf_inputs[81], &buf.data[1], 64);
if (bt_mesh_prov_send(&buf, public_key_sent)) {
BT_ERR("Failed to send Public Key");
return;
}
if (atomic_test_bit(bt_mesh_prov_link.flags, WAIT_NUMBER) ||
atomic_test_bit(bt_mesh_prov_link.flags, WAIT_STRING)) {
bt_mesh_prov_link.expect = PROV_NO_PDU; /* Wait for input */
} else {
bt_mesh_prov_link.expect = PROV_CONFIRM;
}
}
static void prov_dh_key_cb(const uint8_t dhkey[32])
{
BT_DBG("%p", dhkey);
if (!dhkey) {
BT_ERR("DHKey generation failed");
prov_fail(PROV_ERR_UNEXP_ERR);
return;
}
sys_memcpy_swap(bt_mesh_prov_link.dhkey, dhkey, 32);
BT_DBG("DHkey: %s", bt_hex(bt_mesh_prov_link.dhkey, 32));
send_pub_key();
}
static void prov_dh_key_gen(void)
{
uint8_t remote_pk_le[64], *remote_pk;
remote_pk = &bt_mesh_prov_link.conf_inputs[17];
/* Copy remote key in little-endian for bt_dh_key_gen().
* X and Y halves are swapped independently. The bt_dh_key_gen()
* will also take care of validating the remote public key.
*/
sys_memcpy_swap(remote_pk_le, remote_pk, 32);
sys_memcpy_swap(&remote_pk_le[32], &remote_pk[32], 32);
if (bt_dh_key_gen(remote_pk_le, prov_dh_key_cb)) {
BT_ERR("Failed to generate DHKey");
prov_fail(PROV_ERR_UNEXP_ERR);
}
}
static void prov_pub_key(const uint8_t *data)
{
BT_DBG("Remote Public Key: %s", bt_hex(data, 64));
/* PublicKeyProvisioner */
memcpy(&bt_mesh_prov_link.conf_inputs[17], data, 64);
if (!bt_pub_key_get()) {
/* Clear retransmit timer */
bt_mesh_prov_link.bearer->clear_tx();
atomic_set_bit(bt_mesh_prov_link.flags, WAIT_PUB_KEY);
BT_WARN("Waiting for local public key");
return;
}
prov_dh_key_gen();
}
static void pub_key_ready(const uint8_t *pkey)
{
if (!pkey) {
BT_WARN("Public key not available");
return;
}
BT_DBG("Local public key ready");
if (atomic_test_and_clear_bit(bt_mesh_prov_link.flags, WAIT_PUB_KEY)) {
prov_dh_key_gen();
}
}
static void notify_input_complete(void)
{
if (atomic_test_and_clear_bit(bt_mesh_prov_link.flags,
NOTIFY_INPUT_COMPLETE) &&
bt_mesh_prov->input_complete) {
bt_mesh_prov->input_complete();
}
}
static void send_random(void)
{
PROV_BUF(rnd, 17);
bt_mesh_prov_buf_init(&rnd, PROV_RANDOM);
net_buf_simple_add_mem(&rnd, bt_mesh_prov_link.rand, 16);
if (bt_mesh_prov_send(&rnd, NULL)) {
BT_ERR("Failed to send Provisioning Random");
return;
}
bt_mesh_prov_link.expect = PROV_DATA;
}
static void prov_random(const uint8_t *data)
{
uint8_t conf_verify[16];
BT_DBG("Remote Random: %s", bt_hex(data, 16));
if (!memcmp(data, bt_mesh_prov_link.rand, 16)) {
BT_ERR("Random value is identical to ours, rejecting.");
prov_fail(PROV_ERR_CFM_FAILED);
return;
}
if (bt_mesh_prov_conf(bt_mesh_prov_link.conf_key, data,
bt_mesh_prov_link.auth, conf_verify)) {
BT_ERR("Unable to calculate confirmation verification");
prov_fail(PROV_ERR_UNEXP_ERR);
return;
}
if (memcmp(conf_verify, bt_mesh_prov_link.conf, 16)) {
BT_ERR("Invalid confirmation value");
BT_DBG("Received: %s", bt_hex(bt_mesh_prov_link.conf, 16));
BT_DBG("Calculated: %s", bt_hex(conf_verify, 16));
prov_fail(PROV_ERR_CFM_FAILED);
return;
}
if (bt_mesh_prov_salt(bt_mesh_prov_link.conf_salt, data,
bt_mesh_prov_link.rand, bt_mesh_prov_link.prov_salt)) {
BT_ERR("Failed to generate provisioning salt");
prov_fail(PROV_ERR_UNEXP_ERR);
return;
}
BT_DBG("ProvisioningSalt: %s", bt_hex(bt_mesh_prov_link.prov_salt, 16));
send_random();
}
static void prov_confirm(const uint8_t *data)
{
BT_DBG("Remote Confirm: %s", bt_hex(data, 16));
memcpy(bt_mesh_prov_link.conf, data, 16);
notify_input_complete();
send_confirm();
}
static inline bool is_pb_gatt(void)
{
return bt_mesh_prov_link.bearer &&
bt_mesh_prov_link.bearer->type == BT_MESH_PROV_GATT;
}
static void prov_data(const uint8_t *data)
{
PROV_BUF(msg, 1);
uint8_t session_key[16];
uint8_t nonce[13];
uint8_t dev_key[16];
uint8_t pdu[25];
uint8_t flags;
uint32_t iv_index;
uint16_t addr;
uint16_t net_idx;
int err;
bool identity_enable;
BT_DBG("");
err = bt_mesh_session_key(bt_mesh_prov_link.dhkey,
bt_mesh_prov_link.prov_salt, session_key);
if (err) {
BT_ERR("Unable to generate session key");
prov_fail(PROV_ERR_UNEXP_ERR);
return;
}
BT_DBG("SessionKey: %s", bt_hex(session_key, 16));
err = bt_mesh_prov_nonce(bt_mesh_prov_link.dhkey,
bt_mesh_prov_link.prov_salt, nonce);
if (err) {
BT_ERR("Unable to generate session nonce");
prov_fail(PROV_ERR_UNEXP_ERR);
return;
}
BT_DBG("Nonce: %s", bt_hex(nonce, 13));
err = bt_mesh_prov_decrypt(session_key, nonce, data, pdu);
if (err) {
BT_ERR("Unable to decrypt provisioning data");
prov_fail(PROV_ERR_DECRYPT);
return;
}
err = bt_mesh_dev_key(bt_mesh_prov_link.dhkey,
bt_mesh_prov_link.prov_salt, dev_key);
if (err) {
BT_ERR("Unable to generate device key");
prov_fail(PROV_ERR_UNEXP_ERR);
return;
}
BT_DBG("DevKey: %s", bt_hex(dev_key, 16));
net_idx = sys_get_be16(&pdu[16]);
flags = pdu[18];
iv_index = sys_get_be32(&pdu[19]);
addr = sys_get_be16(&pdu[23]);
BT_DBG("net_idx %u iv_index 0x%08x, addr 0x%04x",
net_idx, iv_index, addr);
bt_mesh_prov_buf_init(&msg, PROV_COMPLETE);
if (bt_mesh_prov_send(&msg, NULL)) {
BT_ERR("Failed to send Provisioning Complete");
return;
}
/* Ignore any further PDUs on this link */
bt_mesh_prov_link.expect = PROV_NO_PDU;
/* Store info, since bt_mesh_provision() will end up clearing it */
if (IS_ENABLED(CONFIG_BT_MESH_GATT_PROXY)) {
identity_enable = is_pb_gatt();
} else {
identity_enable = false;
}
err = bt_mesh_provision(pdu, net_idx, flags, iv_index, addr, dev_key);
if (err) {
BT_ERR("Failed to provision (err %d)", err);
return;
}
/* After PB-GATT provisioning we should start advertising
* using Node Identity.
*/
if (IS_ENABLED(CONFIG_BT_MESH_GATT_PROXY) && identity_enable) {
bt_mesh_proxy_identity_enable();
}
}
static void local_input_complete(void)
{
if (atomic_test_bit(bt_mesh_prov_link.flags, PUB_KEY_SENT)) {
send_input_complete();
} else {
atomic_set_bit(bt_mesh_prov_link.flags, INPUT_COMPLETE);
}
}
static void prov_link_closed(void)
{
reset_state();
}
static void prov_link_opened(void)
{
bt_mesh_prov_link.expect = PROV_INVITE;
}
static const struct bt_mesh_prov_role role_device = {
.input_complete = local_input_complete,
.link_opened = prov_link_opened,
.link_closed = prov_link_closed,
.error = prov_fail,
.op = {
[PROV_INVITE] = prov_invite,
[PROV_START] = prov_start,
[PROV_PUB_KEY] = prov_pub_key,
[PROV_CONFIRM] = prov_confirm,
[PROV_RANDOM] = prov_random,
[PROV_DATA] = prov_data,
},
};
int bt_mesh_prov_enable(bt_mesh_prov_bearer_t bearers)
{
if (bt_mesh_is_provisioned()) {
return -EALREADY;
}
if (IS_ENABLED(CONFIG_BT_DEBUG)) {
struct bt_uuid_128 uuid = { .uuid = { BT_UUID_TYPE_128 } };
memcpy(uuid.val, bt_mesh_prov->uuid, 16);
BT_INFO("Device UUID: %s", bt_uuid_str(&uuid.uuid));
}
if (IS_ENABLED(CONFIG_BT_MESH_PB_ADV) &&
(bearers & BT_MESH_PROV_ADV)) {
pb_adv.link_accept(bt_mesh_prov_bearer_cb_get(), NULL);
}
if (IS_ENABLED(CONFIG_BT_MESH_PB_GATT) &&
(bearers & BT_MESH_PROV_GATT)) {
pb_gatt.link_accept(bt_mesh_prov_bearer_cb_get(), NULL);
}
bt_mesh_prov_link.role = &role_device;
return 0;
}
int bt_mesh_prov_disable(bt_mesh_prov_bearer_t bearers)
{
if (bt_mesh_is_provisioned()) {
return -EALREADY;
}
if (IS_ENABLED(CONFIG_BT_MESH_PB_ADV) &&
(bearers & BT_MESH_PROV_ADV)) {
bt_mesh_beacon_disable();
bt_mesh_scan_disable();
}
if (IS_ENABLED(CONFIG_BT_MESH_PB_GATT) &&
(bearers & BT_MESH_PROV_GATT)) {
bt_mesh_proxy_prov_disable(true);
}
return 0;
}

762
subsys/bluetooth/mesh/provisioner.c Normal file
View file

@ -0,0 +1,762 @@
/* Bluetooth Mesh */
/*
* Copyright (c) 2017 Intel Corporation
* Copyright (c) 2020 Lingao Meng
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <zephyr.h>
#include <errno.h>
#include <sys/atomic.h>
#include <sys/util.h>
#include <sys/byteorder.h>
#include <net/buf.h>
#include <bluetooth/bluetooth.h>
#include <bluetooth/conn.h>
#include <bluetooth/mesh.h>
#include <bluetooth/uuid.h>
#define BT_DBG_ENABLED IS_ENABLED(CONFIG_BT_MESH_DEBUG_PROVISIONER)
#define LOG_MODULE_NAME bt_mesh_provisioner
#include "common/log.h"
#include "host/ecc.h"
#include "host/testing.h"
#include "crypto.h"
#include "adv.h"
#include "mesh.h"
#include "net.h"
#include "rpl.h"
#include "beacon.h"
#include "access.h"
#include "foundation.h"
#include "proxy.h"
#include "prov.h"
#include "settings.h"
static struct {
struct bt_mesh_cdb_node *node;
uint16_t addr;
uint16_t net_idx;
uint8_t attention_duration;
uint8_t uuid[16];
} prov_device;
static void send_pub_key(void);
static void prov_dh_key_gen(void);
static void pub_key_ready(const uint8_t *pkey);
static int reset_state(void)
{
if (prov_device.node != NULL) {
bt_mesh_cdb_node_del(prov_device.node, false);
}
return bt_mesh_prov_reset_state(pub_key_ready);
}
static void prov_link_close(enum prov_bearer_link_status status)
{
BT_DBG("%u", status);
bt_mesh_prov_link.expect = PROV_NO_PDU;
bt_mesh_prov_link.bearer->link_close(status);
}
static void prov_fail(uint8_t reason)
{
/* According to Bluetooth Mesh Specification v1.0.1, Section 5.4.4, the
* provisioner just closes the link when something fails, while the
* provisionee sends the fail message, and waits for the provisioner to
* close the link.
*/
prov_link_close(PROV_BEARER_LINK_STATUS_FAIL);
}
static void send_invite(void)
{
PROV_BUF(inv, 2);
BT_DBG("");
bt_mesh_prov_buf_init(&inv, PROV_INVITE);
net_buf_simple_add_u8(&inv, prov_device.attention_duration);
bt_mesh_prov_link.conf_inputs[0] = prov_device.attention_duration;
if (bt_mesh_prov_send(&inv, NULL)) {
BT_ERR("Failed to send invite");
return;
}
bt_mesh_prov_link.expect = PROV_CAPABILITIES;
}
static void start_sent(int err, void *cb_data)
{
if (!bt_pub_key_get()) {
atomic_set_bit(bt_mesh_prov_link.flags, WAIT_PUB_KEY);
BT_WARN("Waiting for local public key");
} else {
send_pub_key();
}
}
static void send_start(void)
{
BT_DBG("");
uint8_t method, action;
PROV_BUF(start, 6);
const uint8_t *data = &bt_mesh_prov_link.conf_inputs[1 + 3];
bt_mesh_prov_buf_init(&start, PROV_START);
net_buf_simple_add_u8(&start, PROV_ALG_P256);
if (atomic_test_bit(bt_mesh_prov_link.flags, REMOTE_PUB_KEY) &&
*data == PUB_KEY_OOB) {
net_buf_simple_add_u8(&start, PUB_KEY_OOB);
atomic_set_bit(bt_mesh_prov_link.flags, OOB_PUB_KEY);
} else {
net_buf_simple_add_u8(&start, PUB_KEY_NO_OOB);
}
if (bt_mesh_prov_link.oob_method == AUTH_METHOD_INPUT) {
method = AUTH_METHOD_OUTPUT;
if (bt_mesh_prov_link.oob_action == INPUT_OOB_STRING) {
action = OUTPUT_OOB_STRING;
} else {
action = OUTPUT_OOB_NUMBER;
}
} else if (bt_mesh_prov_link.oob_method == AUTH_METHOD_OUTPUT) {
method = AUTH_METHOD_INPUT;
if (bt_mesh_prov_link.oob_action == OUTPUT_OOB_STRING) {
action = INPUT_OOB_STRING;
} else {
action = INPUT_OOB_NUMBER;
}
} else {
method = bt_mesh_prov_link.oob_method;
action = 0x00;
}
net_buf_simple_add_u8(&start, bt_mesh_prov_link.oob_method);
net_buf_simple_add_u8(&start, bt_mesh_prov_link.oob_action);
net_buf_simple_add_u8(&start, bt_mesh_prov_link.oob_size);
memcpy(&bt_mesh_prov_link.conf_inputs[12], &start.data[1], 5);
if (bt_mesh_prov_auth(method, action, bt_mesh_prov_link.oob_size) < 0) {
BT_ERR("Invalid authentication method: 0x%02x; "
"action: 0x%02x; size: 0x%02x", method,
action, bt_mesh_prov_link.oob_size);
return;
}
if (bt_mesh_prov_send(&start, start_sent)) {
BT_ERR("Failed to send Provisioning Start");
return;
}
}
static bool prov_check_method(struct bt_mesh_dev_capabilities *caps)
{
if (bt_mesh_prov_link.oob_method == AUTH_METHOD_STATIC) {
if (!caps->static_oob) {
BT_WARN("Device not support OOB static authentication provisioning");
return false;
}
} else if (bt_mesh_prov_link.oob_method == AUTH_METHOD_INPUT) {
if (bt_mesh_prov_link.oob_size > caps->input_size) {
BT_WARN("The required input length (0x%02x) "
"exceeds the device capacity (0x%02x)",
bt_mesh_prov_link.oob_size, caps->input_size);
return false;
}
if (!(BIT(bt_mesh_prov_link.oob_action) & caps->input_actions)) {
BT_WARN("The required input action (0x%02x) "
"not supported by the device (0x%02x)",
bt_mesh_prov_link.oob_action, caps->input_actions);
return false;
}
if (bt_mesh_prov_link.oob_action == INPUT_OOB_STRING) {
if (!bt_mesh_prov->output_string) {
BT_WARN("Not support output string");
return false;
}
} else {
if (!bt_mesh_prov->output_number) {
BT_WARN("Not support output number");
return false;
}
}
} else if (bt_mesh_prov_link.oob_method == AUTH_METHOD_OUTPUT) {
if (bt_mesh_prov_link.oob_size > caps->output_size) {
BT_WARN("The required output length (0x%02x) "
"exceeds the device capacity (0x%02x)",
bt_mesh_prov_link.oob_size, caps->output_size);
return false;
}
if (!(BIT(bt_mesh_prov_link.oob_action) & caps->output_actions)) {
BT_WARN("The required output action (0x%02x) "
"not supported by the device (0x%02x)",
bt_mesh_prov_link.oob_action, caps->output_actions);
return false;
}
if (!bt_mesh_prov->input) {
BT_WARN("Not support input");
return false;
}
}
return true;
}
static void prov_capabilities(const uint8_t *data)
{
struct bt_mesh_dev_capabilities caps;
caps.elem_count = data[0];
BT_DBG("Elements: %u", caps.elem_count);
caps.algorithms = sys_get_be16(&data[1]);
BT_DBG("Algorithms: %u", caps.algorithms);
caps.pub_key_type = data[3];
caps.static_oob = data[4];
caps.output_size = data[5];
BT_DBG("Public Key Type: 0x%02x", caps.pub_key_type);
BT_DBG("Static OOB Type: 0x%02x", caps.static_oob);
BT_DBG("Output OOB Size: %u", caps.output_size);
caps.output_actions = (bt_mesh_output_action_t)data[6];
caps.input_size = data[8];
caps.input_actions = (bt_mesh_input_action_t)data[9];
BT_DBG("Output OOB Action: 0x%04x", caps.output_actions);
BT_DBG("Input OOB Size: %u", caps.input_size);
BT_DBG("Input OOB Action: 0x%04x", caps.input_actions);
if (data[0] == 0) {
BT_ERR("Invalid number of elements");
prov_fail(PROV_ERR_NVAL_FMT);
return;
}
prov_device.node =
bt_mesh_cdb_node_alloc(prov_device.uuid,
prov_device.addr, data[0],
prov_device.net_idx);
if (prov_device.node == NULL) {
BT_ERR("Failed allocating node 0x%04x", prov_device.addr);
prov_fail(PROV_ERR_RESOURCES);
return;
}
memcpy(&bt_mesh_prov_link.conf_inputs[1], data, 11);
if (bt_mesh_prov->capabilities) {
bt_mesh_prov->capabilities(&caps);
}
if (!prov_check_method(&caps)) {
prov_fail(PROV_ERR_UNEXP_ERR);
return;
}
send_start();
}
static void send_confirm(void)
{
PROV_BUF(cfm, 17);
BT_DBG("ConfInputs[0] %s", bt_hex(bt_mesh_prov_link.conf_inputs, 64));
BT_DBG("ConfInputs[64] %s", bt_hex(&bt_mesh_prov_link.conf_inputs[64], 64));
BT_DBG("ConfInputs[128] %s", bt_hex(&bt_mesh_prov_link.conf_inputs[128], 17));
if (bt_mesh_prov_conf_salt(bt_mesh_prov_link.conf_inputs,
bt_mesh_prov_link.conf_salt)) {
BT_ERR("Unable to generate confirmation salt");
prov_fail(PROV_ERR_UNEXP_ERR);
return;
}
BT_DBG("ConfirmationSalt: %s", bt_hex(bt_mesh_prov_link.conf_salt, 16));
if (bt_mesh_prov_conf_key(bt_mesh_prov_link.dhkey,
bt_mesh_prov_link.conf_salt, bt_mesh_prov_link.conf_key)) {
BT_ERR("Unable to generate confirmation key");
prov_fail(PROV_ERR_UNEXP_ERR);
return;
}
BT_DBG("ConfirmationKey: %s", bt_hex(bt_mesh_prov_link.conf_key, 16));
if (bt_rand(bt_mesh_prov_link.rand, 16)) {
BT_ERR("Unable to generate random number");
prov_fail(PROV_ERR_UNEXP_ERR);
return;
}
BT_DBG("LocalRandom: %s", bt_hex(bt_mesh_prov_link.rand, 16));
bt_mesh_prov_buf_init(&cfm, PROV_CONFIRM);
if (bt_mesh_prov_conf(bt_mesh_prov_link.conf_key,
bt_mesh_prov_link.rand, bt_mesh_prov_link.auth,
net_buf_simple_add(&cfm, 16))) {
BT_ERR("Unable to generate confirmation value");
prov_fail(PROV_ERR_UNEXP_ERR);
return;
}
if (bt_mesh_prov_send(&cfm, NULL)) {
BT_ERR("Failed to send Provisioning Confirm");
return;
}
bt_mesh_prov_link.expect = PROV_CONFIRM;
}
static void public_key_sent(int err, void *cb_data)
{
atomic_set_bit(bt_mesh_prov_link.flags, PUB_KEY_SENT);
if (atomic_test_bit(bt_mesh_prov_link.flags, OOB_PUB_KEY) &&
atomic_test_bit(bt_mesh_prov_link.flags, REMOTE_PUB_KEY)) {
prov_dh_key_gen();
return;
}
bt_mesh_prov_link.expect = PROV_PUB_KEY;
}
static void send_pub_key(void)
{
PROV_BUF(buf, 65);
const uint8_t *key;
key = bt_pub_key_get();
if (!key) {
BT_ERR("No public key available");
prov_fail(PROV_ERR_UNEXP_ERR);
return;
}
BT_DBG("Local Public Key: %s", bt_hex(key, 64));
bt_mesh_prov_buf_init(&buf, PROV_PUB_KEY);
/* Swap X and Y halves independently to big-endian */
sys_memcpy_swap(net_buf_simple_add(&buf, 32), key, 32);
sys_memcpy_swap(net_buf_simple_add(&buf, 32), &key[32], 32);
/* PublicKeyProvisioner */
memcpy(&bt_mesh_prov_link.conf_inputs[17], &buf.data[1], 64);
if (bt_mesh_prov_send(&buf, public_key_sent)) {
BT_ERR("Failed to send Public Key");
return;
}
}
static void prov_dh_key_cb(const uint8_t dhkey[32])
{
BT_DBG("%p", dhkey);
if (!dhkey) {
BT_ERR("DHKey generation failed");
prov_fail(PROV_ERR_UNEXP_ERR);
return;
}
sys_memcpy_swap(bt_mesh_prov_link.dhkey, dhkey, 32);
BT_DBG("DHkey: %s", bt_hex(bt_mesh_prov_link.dhkey, 32));
if (atomic_test_bit(bt_mesh_prov_link.flags, WAIT_STRING) ||
atomic_test_bit(bt_mesh_prov_link.flags, WAIT_NUMBER) ||
atomic_test_bit(bt_mesh_prov_link.flags, NOTIFY_INPUT_COMPLETE)) {
atomic_set_bit(bt_mesh_prov_link.flags, WAIT_CONFIRM);
return;
}
send_confirm();
}
static void prov_dh_key_gen(void)
{
uint8_t remote_pk_le[64], *remote_pk;
remote_pk = &bt_mesh_prov_link.conf_inputs[81];
/* Copy remote key in little-endian for bt_dh_key_gen().
* X and Y halves are swapped independently. The bt_dh_key_gen()
* will also take care of validating the remote public key.
*/
sys_memcpy_swap(remote_pk_le, remote_pk, 32);
sys_memcpy_swap(&remote_pk_le[32], &remote_pk[32], 32);
if (bt_dh_key_gen(remote_pk_le, prov_dh_key_cb)) {
BT_ERR("Failed to generate DHKey");
prov_fail(PROV_ERR_UNEXP_ERR);
}
if (atomic_test_bit(bt_mesh_prov_link.flags, NOTIFY_INPUT_COMPLETE)) {
bt_mesh_prov_link.expect = PROV_INPUT_COMPLETE;
}
}
static void prov_pub_key(const uint8_t *data)
{
BT_DBG("Remote Public Key: %s", bt_hex(data, 64));
atomic_set_bit(bt_mesh_prov_link.flags, REMOTE_PUB_KEY);
/* PublicKeyDevice */
memcpy(&bt_mesh_prov_link.conf_inputs[81], data, 64);
bt_mesh_prov_link.bearer->clear_tx();
prov_dh_key_gen();
}
static void pub_key_ready(const uint8_t *pkey)
{
if (!pkey) {
BT_WARN("Public key not available");
return;
}
BT_DBG("Local public key ready");
if (atomic_test_and_clear_bit(bt_mesh_prov_link.flags, WAIT_PUB_KEY)) {
send_pub_key();
}
}
static void notify_input_complete(void)
{
if (atomic_test_and_clear_bit(bt_mesh_prov_link.flags,
NOTIFY_INPUT_COMPLETE) &&
bt_mesh_prov->input_complete) {
bt_mesh_prov->input_complete();
}
}
static void prov_input_complete(const uint8_t *data)
{
BT_DBG("");
notify_input_complete();
if (atomic_test_and_clear_bit(bt_mesh_prov_link.flags, WAIT_CONFIRM)) {
send_confirm();
}
}
static void send_prov_data(void)
{
PROV_BUF(pdu, 34);
struct bt_mesh_cdb_subnet *sub;
uint8_t session_key[16];
uint8_t nonce[13];
int err;
err = bt_mesh_session_key(bt_mesh_prov_link.dhkey,
bt_mesh_prov_link.prov_salt, session_key);
if (err) {
BT_ERR("Unable to generate session key");
prov_fail(PROV_ERR_UNEXP_ERR);
return;
}
BT_DBG("SessionKey: %s", bt_hex(session_key, 16));
err = bt_mesh_prov_nonce(bt_mesh_prov_link.dhkey,
bt_mesh_prov_link.prov_salt, nonce);
if (err) {
BT_ERR("Unable to generate session nonce");
prov_fail(PROV_ERR_UNEXP_ERR);
return;
}
BT_DBG("Nonce: %s", bt_hex(nonce, 13));
err = bt_mesh_dev_key(bt_mesh_prov_link.dhkey,
bt_mesh_prov_link.prov_salt, prov_device.node->dev_key);
if (err) {
BT_ERR("Unable to generate device key");
prov_fail(PROV_ERR_UNEXP_ERR);
return;
}
BT_DBG("DevKey: %s", bt_hex(prov_device.node->dev_key, 16));
sub = bt_mesh_cdb_subnet_get(prov_device.node->net_idx);
if (sub == NULL) {
BT_ERR("No subnet with net_idx %u",
prov_device.node->net_idx);
prov_fail(PROV_ERR_UNEXP_ERR);
return;
}
bt_mesh_prov_buf_init(&pdu, PROV_DATA);
net_buf_simple_add_mem(&pdu, sub->keys[sub->kr_flag].net_key, 16);
net_buf_simple_add_be16(&pdu, prov_device.node->net_idx);
net_buf_simple_add_u8(&pdu, bt_mesh_cdb_subnet_flags(sub));
net_buf_simple_add_be32(&pdu, bt_mesh_cdb.iv_index);
net_buf_simple_add_be16(&pdu, prov_device.node->addr);
net_buf_simple_add(&pdu, 8); /* For MIC */
BT_DBG("net_idx %u, iv_index 0x%08x, addr 0x%04x",
prov_device.node->net_idx, bt_mesh.iv_index,
prov_device.node->addr);
err = bt_mesh_prov_encrypt(session_key, nonce, &pdu.data[1],
&pdu.data[1]);
if (err) {
BT_ERR("Unable to encrypt provisioning data");
prov_fail(PROV_ERR_DECRYPT);
return;
}
if (bt_mesh_prov_send(&pdu, NULL)) {
BT_ERR("Failed to send Provisioning Data");
return;
}
bt_mesh_prov_link.expect = PROV_COMPLETE;
}
static void prov_complete(const uint8_t *data)
{
struct bt_mesh_cdb_node *node = prov_device.node;
BT_DBG("key %s, net_idx %u, num_elem %u, addr 0x%04x",
bt_hex(node->dev_key, 16), node->net_idx, node->num_elem,
node->addr);
if (IS_ENABLED(CONFIG_BT_SETTINGS)) {
bt_mesh_store_cdb_node(node);
}
prov_device.node = NULL;
prov_link_close(PROV_BEARER_LINK_STATUS_SUCCESS);
if (bt_mesh_prov->node_added) {
bt_mesh_prov->node_added(node->net_idx, node->uuid, node->addr,
node->num_elem);
}
}
static void send_random(void)
{
PROV_BUF(rnd, 17);
bt_mesh_prov_buf_init(&rnd, PROV_RANDOM);
net_buf_simple_add_mem(&rnd, bt_mesh_prov_link.rand, 16);
if (bt_mesh_prov_send(&rnd, NULL)) {
BT_ERR("Failed to send Provisioning Random");
return;
}
bt_mesh_prov_link.expect = PROV_RANDOM;
}
static void prov_random(const uint8_t *data)
{
uint8_t conf_verify[16];
BT_DBG("Remote Random: %s", bt_hex(data, 16));
if (!memcmp(data, bt_mesh_prov_link.rand, 16)) {
BT_ERR("Random value is identical to ours, rejecting.");
prov_fail(PROV_ERR_CFM_FAILED);
return;
}
if (bt_mesh_prov_conf(bt_mesh_prov_link.conf_key,
data, bt_mesh_prov_link.auth, conf_verify)) {
BT_ERR("Unable to calculate confirmation verification");
prov_fail(PROV_ERR_UNEXP_ERR);
return;
}
if (memcmp(conf_verify, bt_mesh_prov_link.conf, 16)) {
BT_ERR("Invalid confirmation value");
BT_DBG("Received: %s", bt_hex(bt_mesh_prov_link.conf, 16));
BT_DBG("Calculated: %s", bt_hex(conf_verify, 16));
prov_fail(PROV_ERR_CFM_FAILED);
return;
}
if (bt_mesh_prov_salt(bt_mesh_prov_link.conf_salt,
bt_mesh_prov_link.rand, data, bt_mesh_prov_link.prov_salt)) {
BT_ERR("Failed to generate provisioning salt");
prov_fail(PROV_ERR_UNEXP_ERR);
return;
}
BT_DBG("ProvisioningSalt: %s", bt_hex(bt_mesh_prov_link.prov_salt, 16));
send_prov_data();
}
static void prov_confirm(const uint8_t *data)
{
BT_DBG("Remote Confirm: %s", bt_hex(data, 16));
memcpy(bt_mesh_prov_link.conf, data, 16);
send_random();
}
static void prov_failed(const uint8_t *data)
{
BT_WARN("Error: 0x%02x", data[0]);
reset_state();
}
static void local_input_complete(void)
{
if (atomic_test_and_clear_bit(bt_mesh_prov_link.flags, WAIT_CONFIRM)) {
send_confirm();
}
}
static void prov_link_closed(void)
{
reset_state();
}
static void prov_link_opened(void)
{
send_invite();
}
static const struct bt_mesh_prov_role role_provisioner = {
.input_complete = local_input_complete,
.link_opened = prov_link_opened,
.link_closed = prov_link_closed,
.error = prov_fail,
.op = {
[PROV_CAPABILITIES] = prov_capabilities,
[PROV_PUB_KEY] = prov_pub_key,
[PROV_INPUT_COMPLETE] = prov_input_complete,
[PROV_CONFIRM] = prov_confirm,
[PROV_RANDOM] = prov_random,
[PROV_COMPLETE] = prov_complete,
[PROV_FAILED] = prov_failed,
},
};
static void prov_set_method(uint8_t method, uint8_t action, uint8_t size)
{
bt_mesh_prov_link.oob_method = method;
bt_mesh_prov_link.oob_action = action;
bt_mesh_prov_link.oob_size = size;
}
int bt_mesh_auth_method_set_input(bt_mesh_input_action_t action, uint8_t size)
{
if (!action || !size || size > 8) {
return -EINVAL;
}
prov_set_method(AUTH_METHOD_INPUT, find_msb_set(action) - 1, size);
return 0;
}
int bt_mesh_auth_method_set_output(bt_mesh_output_action_t action, uint8_t size)
{
if (!action || !size || size > 8) {
return -EINVAL;
}
prov_set_method(AUTH_METHOD_OUTPUT, find_msb_set(action) - 1, size);
return 0;
}
int bt_mesh_auth_method_set_static(const uint8_t *static_val, uint8_t size)
{
if (!size || !static_val || size > 16) {
return -EINVAL;
}
prov_set_method(AUTH_METHOD_STATIC, 0, 0);
memcpy(bt_mesh_prov_link.auth + 16 - size, static_val, size);
if (size < 16) {
(void)memset(bt_mesh_prov_link.auth, 0,
sizeof(bt_mesh_prov_link.auth) - size);
}
return 0;
}
int bt_mesh_auth_method_set_none(void)
{
prov_set_method(AUTH_METHOD_NO_OOB, 0, 0);
return 0;
}
int bt_mesh_prov_remote_pub_key_set(const uint8_t public_key[64])
{
if (public_key == NULL) {
return -EINVAL;
}
if (atomic_test_and_set_bit(bt_mesh_prov_link.flags, REMOTE_PUB_KEY)) {
return -EALREADY;
}
/* Swap X and Y halves independently to big-endian */
memcpy(&bt_mesh_prov_link.conf_inputs[81], public_key, 32);
memcpy(&bt_mesh_prov_link.conf_inputs[81 + 32], &public_key[32], 32);
return 0;
}
#if defined(CONFIG_BT_MESH_PB_ADV)
int bt_mesh_pb_adv_open(const uint8_t uuid[16], uint16_t net_idx, uint16_t addr,
uint8_t attention_duration)
{
int err;
if (atomic_test_and_set_bit(bt_mesh_prov_link.flags, LINK_ACTIVE)) {
return -EBUSY;
}
struct bt_uuid_128 uuid_repr = { .uuid = { BT_UUID_TYPE_128 } };
memcpy(uuid_repr.val, uuid, 16);
BT_DBG("Provisioning %s", bt_uuid_str(&uuid_repr.uuid));
atomic_set_bit(bt_mesh_prov_link.flags, PROVISIONER);
memcpy(prov_device.uuid, uuid, 16);
prov_device.addr = addr;
prov_device.net_idx = net_idx;
prov_device.attention_duration = attention_duration;
bt_mesh_prov_link.bearer = &pb_adv;
bt_mesh_prov_link.role = &role_provisioner;
err = bt_mesh_prov_link.bearer->link_open(prov_device.uuid, PROTOCOL_TIMEOUT,
bt_mesh_prov_bearer_cb_get(), NULL);
if (err) {
atomic_clear_bit(bt_mesh_prov_link.flags, LINK_ACTIVE);
}
return err;
}
#endif

11
subsys/bluetooth/mesh/provisioner.h Normal file
View file

@ -0,0 +1,11 @@
/* Bluetooth Mesh */
/*
* Copyright (c) 2017 Intel Corporation
* Copyright (c) 2020 Lingao Meng
*
* SPDX-License-Identifier: Apache-2.0
*/
int bt_mesh_pb_adv_open(const uint8_t uuid[16], uint16_t net_idx, uint16_t addr,
uint8_t attention_duration);

2
subsys/bluetooth/mesh/shell.c
View file

@ -1868,7 +1868,7 @@ static int cmd_hb_pub(const struct shell *shell, size_t argc, char *argv[])
}
}
#if defined(CONFIG_BT_MESH_PROV)
#if defined(CONFIG_BT_MESH_PROV_DEVICE)
static int cmd_pb(bt_mesh_prov_bearer_t bearer, const struct shell *shell,
size_t argc, char *argv[])
{