prov.c
1 /* Bluetooth Mesh */ 2 3 /* 4 * Copyright (c) 2017 Intel Corporation 5 * Additional Copyright (c) 2018 Espressif Systems (Shanghai) PTE LTD 6 * 7 * SPDX-License-Identifier: Apache-2.0 8 */ 9 #include <errno.h> 10 #include <string.h> 11 12 #define BT_DBG_ENABLED IS_ENABLED(CONFIG_BLE_MESH_DEBUG_PROV) 13 14 #include "crypto.h" 15 #include "adv.h" 16 #include "mesh.h" 17 #include "access.h" 18 #include "foundation.h" 19 #include "mesh_common.h" 20 #include "mesh_proxy.h" 21 #include "proxy_server.h" 22 #include "prov.h" 23 24 #if CONFIG_BLE_MESH_NODE 25 26 /* 3 transmissions, 20ms interval */ 27 #define PROV_XMIT BLE_MESH_TRANSMIT(2, 20) 28 29 #define AUTH_METHOD_NO_OOB 0x00 30 #define AUTH_METHOD_STATIC 0x01 31 #define AUTH_METHOD_OUTPUT 0x02 32 #define AUTH_METHOD_INPUT 0x03 33 34 #define OUTPUT_OOB_BLINK 0x00 35 #define OUTPUT_OOB_BEEP 0x01 36 #define OUTPUT_OOB_VIBRATE 0x02 37 #define OUTPUT_OOB_NUMBER 0x03 38 #define OUTPUT_OOB_STRING 0x04 39 40 #define INPUT_OOB_PUSH 0x00 41 #define INPUT_OOB_TWIST 0x01 42 #define INPUT_OOB_NUMBER 0x02 43 #define INPUT_OOB_STRING 0x03 44 45 #define PUB_KEY_NO_OOB 0x00 46 #define PUB_KEY_OOB 0x01 47 48 #define PROV_ERR_NONE 0x00 49 #define PROV_ERR_NVAL_PDU 0x01 50 #define PROV_ERR_NVAL_FMT 0x02 51 #define PROV_ERR_UNEXP_PDU 0x03 52 #define PROV_ERR_CFM_FAILED 0x04 53 #define PROV_ERR_RESOURCES 0x05 54 #define PROV_ERR_DECRYPT 0x06 55 #define PROV_ERR_UNEXP_ERR 0x07 56 #define PROV_ERR_ADDR 0x08 57 58 #define PROV_INVITE 0x00 59 #define PROV_CAPABILITIES 0x01 60 #define PROV_START 0x02 61 #define PROV_PUB_KEY 0x03 62 #define PROV_INPUT_COMPLETE 0x04 63 #define PROV_CONFIRM 0x05 64 #define PROV_RANDOM 0x06 65 #define PROV_DATA 0x07 66 #define PROV_COMPLETE 0x08 67 #define PROV_FAILED 0x09 68 69 #define PROV_ALG_P256 0x00 70 71 #define GPCF(gpc) (gpc & 0x03) 72 #define GPC_START(last_seg) (((last_seg) << 2) | 0x00) 73 #define GPC_ACK 0x01 74 #define GPC_CONT(seg_id) (((seg_id) << 2) | 0x02) 75 #define GPC_CTL(op) (((op) << 2) | 0x03) 76 77 #define START_PAYLOAD_MAX 20 78 #define CONT_PAYLOAD_MAX 23 79 80 #define START_LAST_SEG(gpc) (gpc >> 2) 81 #define CONT_SEG_INDEX(gpc) (gpc >> 2) 82 83 #define BEARER_CTL(gpc) (gpc >> 2) 84 #define LINK_OPEN 0x00 85 #define LINK_ACK 0x01 86 #define LINK_CLOSE 0x02 87 88 #define CLOSE_REASON_SUCCESS 0x00 89 #define CLOSE_REASON_TIMEOUT 0x01 90 #define CLOSE_REASON_FAILED 0x02 91 92 #define XACT_SEG_DATA(_seg) (&link.rx.buf->data[20 + ((_seg - 1) * 23)]) 93 #define XACT_SEG_RECV(_seg) (link.rx.seg &= ~(1 << (_seg))) 94 95 #define XACT_NVAL 0xff 96 97 enum { 98 REMOTE_PUB_KEY, /* Remote key has been received */ 99 OOB_PUB_KEY, /* OOB public key is available */ 100 LINK_ACTIVE, /* Link has been opened */ 101 HAVE_DHKEY, /* DHKey has been calculated */ 102 SEND_CONFIRM, /* Waiting to send Confirm value */ 103 WAIT_NUMBER, /* Waiting for number input from user */ 104 WAIT_STRING, /* Waiting for string input from user */ 105 LINK_INVALID, /* Error occurred during provisioning */ 106 107 NUM_FLAGS, 108 }; 109 110 struct prov_link { 111 BLE_MESH_ATOMIC_DEFINE(flags, NUM_FLAGS); 112 #if defined(CONFIG_BLE_MESH_PB_GATT) 113 struct bt_mesh_conn *conn; /* GATT connection */ 114 #endif 115 u8_t dhkey[32]; /* Calculated DHKey */ 116 u8_t expect; /* Next expected PDU */ 117 118 bool oob_pk_flag; /* Flag indicates whether using OOB public key */ 119 120 u8_t oob_method; 121 u8_t oob_action; 122 u8_t oob_size; 123 124 u8_t conf[16]; /* Remote Confirmation */ 125 u8_t rand[16]; /* Local Random */ 126 u8_t auth[16]; /* Authentication Value */ 127 128 u8_t conf_salt[16]; /* ConfirmationSalt */ 129 u8_t conf_key[16]; /* ConfirmationKey */ 130 u8_t conf_inputs[145]; /* ConfirmationInputs */ 131 u8_t prov_salt[16]; /* Provisioning Salt */ 132 133 #if defined(CONFIG_BLE_MESH_PB_ADV) 134 u32_t id; /* Link ID */ 135 u8_t tx_pdu_type; /* The previously transmitted Provisioning PDU type */ 136 137 struct { 138 u8_t id; /* Transaction ID */ 139 u8_t prev_id; /* Previous Transaction ID */ 140 u8_t seg; /* Bit-field of unreceived segments */ 141 u8_t last_seg; /* Last segment (to check length) */ 142 u8_t fcs; /* Expected FCS value */ 143 struct net_buf_simple *buf; 144 } rx; 145 146 struct { 147 /* Start timestamp of the transaction */ 148 s64_t start; 149 150 /* Transaction id*/ 151 u8_t id; 152 153 /* Pending outgoing buffer(s) */ 154 struct net_buf *buf[3]; 155 156 /* Retransmit timer */ 157 struct k_delayed_work retransmit; 158 } tx; 159 #endif 160 161 struct k_delayed_work prot_timer; 162 }; 163 164 struct prov_rx { 165 u32_t link_id; 166 u8_t xact_id; 167 u8_t gpc; 168 }; 169 170 #define BUF_TIMEOUT K_MSEC(400) 171 172 #if defined(CONFIG_BLE_MESH_FAST_PROV) 173 #define RETRANSMIT_TIMEOUT K_MSEC(360) 174 #define TRANSACTION_TIMEOUT K_SECONDS(3) 175 #define PROTOCOL_TIMEOUT K_SECONDS(6) 176 #else 177 #define RETRANSMIT_TIMEOUT K_MSEC(500) 178 #define TRANSACTION_TIMEOUT K_SECONDS(30) 179 #define PROTOCOL_TIMEOUT K_SECONDS(60) 180 #endif /* CONFIG_BLE_MESH_FAST_PROV */ 181 182 #if defined(CONFIG_BLE_MESH_PB_GATT) 183 #define PROV_BUF_HEADROOM 5 184 #else 185 #define PROV_BUF_HEADROOM 0 186 NET_BUF_SIMPLE_DEFINE_STATIC(rx_buf, 65); 187 #endif 188 189 #define PROV_BUF(name, len) \ 190 NET_BUF_SIMPLE_DEFINE(name, PROV_BUF_HEADROOM + len) 191 192 static struct prov_link link; 193 194 static const struct bt_mesh_prov *prov; 195 196 #if defined(CONFIG_BLE_MESH_PB_ADV) 197 static bt_mesh_mutex_t pb_buf_lock; 198 199 static inline void bt_mesh_pb_buf_mutex_new(void) 200 { 201 if (!pb_buf_lock.mutex) { 202 bt_mesh_mutex_create(&pb_buf_lock); 203 } 204 } 205 206 #if CONFIG_BLE_MESH_DEINIT 207 static inline void bt_mesh_pb_buf_mutex_free(void) 208 { 209 bt_mesh_mutex_free(&pb_buf_lock); 210 } 211 #endif /* CONFIG_BLE_MESH_DEINIT */ 212 213 static inline void bt_mesh_pb_buf_lock(void) 214 { 215 bt_mesh_mutex_lock(&pb_buf_lock); 216 } 217 218 static inline void bt_mesh_pb_buf_unlock(void) 219 { 220 bt_mesh_mutex_unlock(&pb_buf_lock); 221 } 222 #endif /* CONFIG_BLE_MESH_PB_ADV */ 223 224 static void reset_state(void) 225 { 226 k_delayed_work_cancel(&link.prot_timer); 227 228 /* Disable Attention Timer if it was set */ 229 if (link.conf_inputs[0]) { 230 bt_mesh_attention(NULL, 0); 231 } 232 233 #if defined(CONFIG_BLE_MESH_PB_GATT) 234 if (link.conn) { 235 bt_mesh_conn_unref(link.conn); 236 } 237 #endif 238 239 #if defined(CONFIG_BLE_MESH_PB_ADV) 240 /* Clear everything except the retransmit and protocol timer 241 * delayed work objects. 242 */ 243 (void)memset(&link, 0, offsetof(struct prov_link, tx.retransmit)); 244 link.rx.prev_id = XACT_NVAL; 245 246 #if defined(CONFIG_BLE_MESH_PB_GATT) 247 link.rx.buf = bt_mesh_proxy_server_get_buf(); 248 #else 249 net_buf_simple_reset(&rx_buf); 250 link.rx.buf = &rx_buf; 251 #endif /* PB_GATT */ 252 253 #else /* !PB_ADV */ 254 /* Clear everything except the protocol timer (k_delayed_work) */ 255 (void)memset(&link, 0, offsetof(struct prov_link, prot_timer)); 256 #endif /* PB_ADV */ 257 } 258 259 #if defined(CONFIG_BLE_MESH_PB_ADV) 260 static void buf_sent(int err, void *user_data) 261 { 262 if (!link.tx.buf[0]) { 263 return; 264 } 265 266 k_delayed_work_submit(&link.tx.retransmit, RETRANSMIT_TIMEOUT); 267 } 268 269 static struct bt_mesh_send_cb buf_sent_cb = { 270 .end = buf_sent, 271 }; 272 273 static void free_segments(void) 274 { 275 int i; 276 277 bt_mesh_pb_buf_lock(); 278 279 for (i = 0; i < ARRAY_SIZE(link.tx.buf); i++) { 280 struct net_buf *buf = link.tx.buf[i]; 281 282 if (!buf) { 283 break; 284 } 285 286 link.tx.buf[i] = NULL; 287 bt_mesh_adv_buf_ref_debug(__func__, buf, 3U, BLE_MESH_BUF_REF_SMALL); 288 /* Mark as canceled */ 289 BLE_MESH_ADV(buf)->busy = 0U; 290 net_buf_unref(buf); 291 } 292 293 bt_mesh_pb_buf_unlock(); 294 } 295 296 static void prov_clear_tx(void) 297 { 298 BT_DBG("%s", __func__); 299 300 k_delayed_work_cancel(&link.tx.retransmit); 301 302 free_segments(); 303 } 304 305 static void reset_adv_link(void) 306 { 307 prov_clear_tx(); 308 309 if (prov->link_close) { 310 prov->link_close(BLE_MESH_PROV_ADV); 311 } 312 313 #if defined(CONFIG_BLE_MESH_USE_DUPLICATE_SCAN) 314 /* Remove the link id from exceptional list */ 315 bt_mesh_update_exceptional_list(BLE_MESH_EXCEP_LIST_REMOVE, 316 BLE_MESH_EXCEP_INFO_MESH_LINK_ID, &link.id); 317 #endif 318 319 reset_state(); 320 } 321 322 static struct net_buf *adv_buf_create(void) 323 { 324 struct net_buf *buf = NULL; 325 326 buf = bt_mesh_adv_create(BLE_MESH_ADV_PROV, PROV_XMIT, BUF_TIMEOUT); 327 if (!buf) { 328 BT_ERR("Out of provisioning buffers"); 329 return NULL; 330 } 331 332 return buf; 333 } 334 335 static u8_t pending_ack = XACT_NVAL; 336 337 static void ack_complete(u16_t duration, int err, void *user_data) 338 { 339 BT_DBG("xact %u complete", (u8_t)pending_ack); 340 pending_ack = XACT_NVAL; 341 } 342 343 static void gen_prov_ack_send(u8_t xact_id) 344 { 345 static const struct bt_mesh_send_cb cb = { 346 .start = ack_complete, 347 }; 348 const struct bt_mesh_send_cb *complete = NULL; 349 struct net_buf *buf = NULL; 350 351 BT_DBG("xact_id %u", xact_id); 352 353 if (pending_ack == xact_id) { 354 BT_DBG("Not sending duplicate ack"); 355 return; 356 } 357 358 buf = adv_buf_create(); 359 if (!buf) { 360 return; 361 } 362 363 if (pending_ack == XACT_NVAL) { 364 pending_ack = xact_id; 365 complete = &cb; 366 } else { 367 complete = NULL; 368 } 369 370 net_buf_add_be32(buf, link.id); 371 net_buf_add_u8(buf, xact_id); 372 net_buf_add_u8(buf, GPC_ACK); 373 374 bt_mesh_adv_send(buf, complete, NULL); 375 net_buf_unref(buf); 376 } 377 378 static void send_reliable(void) 379 { 380 int i; 381 382 link.tx.start = k_uptime_get(); 383 384 for (i = 0; i < ARRAY_SIZE(link.tx.buf); i++) { 385 struct net_buf *buf = link.tx.buf[i]; 386 387 if (!buf) { 388 break; 389 } 390 391 if (i + 1 < ARRAY_SIZE(link.tx.buf) && link.tx.buf[i + 1]) { 392 bt_mesh_adv_send(buf, NULL, NULL); 393 } else { 394 bt_mesh_adv_send(buf, &buf_sent_cb, NULL); 395 } 396 } 397 } 398 399 static int bearer_ctl_send(u8_t op, void *data, u8_t data_len) 400 { 401 struct net_buf *buf = NULL; 402 403 BT_DBG("op 0x%02x data_len %u", op, data_len); 404 405 prov_clear_tx(); 406 407 buf = adv_buf_create(); 408 if (!buf) { 409 return -ENOBUFS; 410 } 411 412 net_buf_add_be32(buf, link.id); 413 /* Transaction ID, always 0 for Bearer messages */ 414 net_buf_add_u8(buf, 0x00); 415 net_buf_add_u8(buf, GPC_CTL(op)); 416 net_buf_add_mem(buf, data, data_len); 417 418 link.tx.buf[0] = buf; 419 send_reliable(); 420 421 return 0; 422 } 423 424 static u8_t last_seg(u8_t len) 425 { 426 if (len <= START_PAYLOAD_MAX) { 427 return 0; 428 } 429 430 len -= START_PAYLOAD_MAX; 431 432 return 1 + (len / CONT_PAYLOAD_MAX); 433 } 434 435 static inline u8_t next_transaction_id(void) 436 { 437 if (link.tx.id != 0U && link.tx.id != 0xFF) { 438 return ++link.tx.id; 439 } 440 441 link.tx.id = 0x80; 442 return link.tx.id; 443 } 444 445 static int prov_send_adv(struct net_buf_simple *msg) 446 { 447 struct net_buf *start = NULL, *buf = NULL; 448 u8_t seg_len = 0U, seg_id = 0U; 449 u8_t xact_id = 0U; 450 s32_t timeout = PROTOCOL_TIMEOUT; 451 452 BT_DBG("len %u: %s", msg->len, bt_hex(msg->data, msg->len)); 453 454 prov_clear_tx(); 455 456 start = adv_buf_create(); 457 if (!start) { 458 return -ENOBUFS; 459 } 460 461 xact_id = next_transaction_id(); 462 net_buf_add_be32(start, link.id); 463 net_buf_add_u8(start, xact_id); 464 465 net_buf_add_u8(start, GPC_START(last_seg(msg->len))); 466 net_buf_add_be16(start, msg->len); 467 net_buf_add_u8(start, bt_mesh_fcs_calc(msg->data, msg->len)); 468 469 link.tx.buf[0] = start; 470 /* Changed by Espressif, get message type */ 471 link.tx_pdu_type = msg->data[0]; 472 473 seg_len = MIN(msg->len, START_PAYLOAD_MAX); 474 BT_DBG("seg 0 len %u: %s", seg_len, bt_hex(msg->data, seg_len)); 475 net_buf_add_mem(start, msg->data, seg_len); 476 net_buf_simple_pull(msg, seg_len); 477 478 buf = start; 479 for (seg_id = 1U; msg->len > 0; seg_id++) { 480 if (seg_id >= ARRAY_SIZE(link.tx.buf)) { 481 BT_ERR("Too big message (seg_id %d)", seg_id); 482 free_segments(); 483 return -E2BIG; 484 } 485 486 buf = adv_buf_create(); 487 if (!buf) { 488 free_segments(); 489 return -ENOBUFS; 490 } 491 492 link.tx.buf[seg_id] = buf; 493 494 seg_len = MIN(msg->len, CONT_PAYLOAD_MAX); 495 496 BT_DBG("seg_id %u len %u: %s", seg_id, seg_len, 497 bt_hex(msg->data, seg_len)); 498 499 net_buf_add_be32(buf, link.id); 500 net_buf_add_u8(buf, xact_id); 501 net_buf_add_u8(buf, GPC_CONT(seg_id)); 502 net_buf_add_mem(buf, msg->data, seg_len); 503 net_buf_simple_pull(msg, seg_len); 504 } 505 506 send_reliable(); 507 508 /* Changed by Espressif, add provisioning timeout timer operations. 509 * When sending a provisioning PDU successfully, restart the 60s timer. 510 */ 511 #if defined(CONFIG_BLE_MESH_FAST_PROV) 512 if (link.tx_pdu_type >= PROV_COMPLETE) { 513 timeout = K_SECONDS(60); 514 } 515 #endif 516 k_delayed_work_submit(&link.prot_timer, timeout); 517 518 return 0; 519 } 520 521 #endif /* CONFIG_BLE_MESH_PB_ADV */ 522 523 #if defined(CONFIG_BLE_MESH_PB_GATT) 524 static int prov_send_gatt(struct net_buf_simple *msg) 525 { 526 int err = 0; 527 528 if (!link.conn) { 529 return -ENOTCONN; 530 } 531 532 /* Changed by Espressif, add provisioning timeout timer operations. 533 * When sending a provisioning PDU successfully, restart the 60s timer. 534 */ 535 err = bt_mesh_proxy_server_send(link.conn, BLE_MESH_PROXY_PROV, msg); 536 if (err) { 537 BT_ERR("Failed to send provisioning PDU"); 538 return err; 539 } 540 541 k_delayed_work_submit(&link.prot_timer, PROTOCOL_TIMEOUT); 542 543 return 0; 544 } 545 #endif /* CONFIG_BLE_MESH_PB_GATT */ 546 547 static inline int prov_send(struct net_buf_simple *buf) 548 { 549 #if defined(CONFIG_BLE_MESH_PB_GATT) 550 if (link.conn) { 551 return prov_send_gatt(buf); 552 } 553 #endif 554 #if defined(CONFIG_BLE_MESH_PB_ADV) 555 return prov_send_adv(buf); 556 #else 557 return 0; 558 #endif 559 } 560 561 static void prov_buf_init(struct net_buf_simple *buf, u8_t type) 562 { 563 net_buf_simple_reserve(buf, PROV_BUF_HEADROOM); 564 net_buf_simple_add_u8(buf, type); 565 } 566 567 static void prov_send_fail_msg(u8_t err) 568 { 569 PROV_BUF(buf, 2); 570 571 prov_buf_init(&buf, PROV_FAILED); 572 net_buf_simple_add_u8(&buf, err); 573 574 if (prov_send(&buf)) { 575 BT_ERR("Failed to send Provisioning Failed message"); 576 } 577 578 bt_mesh_atomic_set_bit(link.flags, LINK_INVALID); 579 } 580 581 static void prov_invite(const u8_t *data) 582 { 583 PROV_BUF(buf, 12); 584 585 BT_DBG("Attention Duration: %u seconds", data[0]); 586 587 if (data[0]) { 588 bt_mesh_attention(NULL, data[0]); 589 } 590 591 link.conf_inputs[0] = data[0]; 592 593 prov_buf_init(&buf, PROV_CAPABILITIES); 594 595 /* Number of Elements supported */ 596 net_buf_simple_add_u8(&buf, bt_mesh_elem_count()); 597 598 /* Supported algorithms - FIPS P-256 Eliptic Curve */ 599 net_buf_simple_add_be16(&buf, BIT(PROV_ALG_P256)); 600 601 /* Public Key Type */ 602 net_buf_simple_add_u8(&buf, prov->oob_pub_key); 603 604 /* Static OOB Type */ 605 net_buf_simple_add_u8(&buf, prov->static_val ? BIT(0) : 0x00); 606 607 /* Output OOB Size */ 608 net_buf_simple_add_u8(&buf, prov->output_size); 609 610 /* Output OOB Action */ 611 net_buf_simple_add_be16(&buf, prov->output_actions); 612 613 /* Input OOB Size */ 614 net_buf_simple_add_u8(&buf, prov->input_size); 615 616 /* Input OOB Action */ 617 net_buf_simple_add_be16(&buf, prov->input_actions); 618 619 memcpy(&link.conf_inputs[1], &buf.data[1], 11); 620 621 if (prov_send(&buf)) { 622 BT_ERR("Failed to send capabilities"); 623 return; 624 } 625 626 link.expect = PROV_START; 627 } 628 629 static void prov_capabilities(const u8_t *data) 630 { 631 u16_t algorithms = 0U, output_action = 0U, input_action = 0U; 632 633 BT_DBG("Elements: %u", data[0]); 634 635 algorithms = sys_get_be16(&data[1]); 636 BT_DBG("Algorithms: %u", algorithms); 637 638 BT_DBG("Public Key Type: 0x%02x", data[3]); 639 BT_DBG("Static OOB Type: 0x%02x", data[4]); 640 BT_DBG("Output OOB Size: %u", data[5]); 641 642 output_action = sys_get_be16(&data[6]); 643 BT_DBG("Output OOB Action: 0x%04x", output_action); 644 645 BT_DBG("Input OOB Size: %u", data[8]); 646 647 input_action = sys_get_be16(&data[9]); 648 BT_DBG("Input OOB Action: 0x%04x", input_action); 649 650 ((void) algorithms); 651 ((void) output_action); 652 ((void) input_action); 653 } 654 655 static bt_mesh_output_action_t output_action(u8_t action) 656 { 657 switch (action) { 658 case OUTPUT_OOB_BLINK: 659 return BLE_MESH_BLINK; 660 case OUTPUT_OOB_BEEP: 661 return BLE_MESH_BEEP; 662 case OUTPUT_OOB_VIBRATE: 663 return BLE_MESH_VIBRATE; 664 case OUTPUT_OOB_NUMBER: 665 return BLE_MESH_DISPLAY_NUMBER; 666 case OUTPUT_OOB_STRING: 667 return BLE_MESH_DISPLAY_STRING; 668 default: 669 return BLE_MESH_NO_OUTPUT; 670 } 671 } 672 673 static bt_mesh_input_action_t input_action(u8_t action) 674 { 675 switch (action) { 676 case INPUT_OOB_PUSH: 677 return BLE_MESH_PUSH; 678 case INPUT_OOB_TWIST: 679 return BLE_MESH_TWIST; 680 case INPUT_OOB_NUMBER: 681 return BLE_MESH_ENTER_NUMBER; 682 case INPUT_OOB_STRING: 683 return BLE_MESH_ENTER_STRING; 684 default: 685 return BLE_MESH_NO_INPUT; 686 } 687 } 688 689 static int prov_auth(u8_t method, u8_t action, u8_t size) 690 { 691 bt_mesh_output_action_t output = 0U; 692 bt_mesh_input_action_t input = 0U; 693 694 switch (method) { 695 case AUTH_METHOD_NO_OOB: 696 if (action || size) { 697 return -EINVAL; 698 } 699 700 (void)memset(link.auth, 0, sizeof(link.auth)); 701 return 0; 702 case AUTH_METHOD_STATIC: 703 if (action || size) { 704 return -EINVAL; 705 } 706 707 memcpy(link.auth + 16 - prov->static_val_len, 708 prov->static_val, prov->static_val_len); 709 (void)memset(link.auth, 0, 710 sizeof(link.auth) - prov->static_val_len); 711 return 0; 712 713 case AUTH_METHOD_OUTPUT: 714 output = output_action(action); 715 if (!output) { 716 return -EINVAL; 717 } 718 719 if (!(prov->output_actions & output)) { 720 return -EINVAL; 721 } 722 723 if (size > prov->output_size) { 724 return -EINVAL; 725 } 726 727 if (output == BLE_MESH_DISPLAY_STRING) { 728 unsigned char str[9] = {'\0'}; 729 u8_t i = 0U; 730 731 bt_mesh_rand(str, size); 732 733 /* Normalize to '0' .. '9' & 'A' .. 'Z' */ 734 for (i = 0U; i < size; i++) { 735 str[i] %= 36; 736 if (str[i] < 10) { 737 str[i] += '0'; 738 } else { 739 str[i] += 'A' - 10; 740 } 741 } 742 str[size] = '\0'; 743 744 memcpy(link.auth, str, size); 745 (void)memset(link.auth + size, 0, 746 sizeof(link.auth) - size); 747 748 return prov->output_string((char *)str); 749 } else { 750 u32_t div[8] = { 10, 100, 1000, 10000, 100000, 751 1000000, 10000000, 100000000 752 }; 753 u32_t num = 0U; 754 755 bt_mesh_rand(&num, sizeof(num)); 756 num %= div[size - 1]; 757 758 sys_put_be32(num, &link.auth[12]); 759 (void)memset(link.auth, 0, 12); 760 761 return prov->output_number(output, num); 762 } 763 764 case AUTH_METHOD_INPUT: 765 input = input_action(action); 766 if (!input) { 767 return -EINVAL; 768 } 769 770 if (!(prov->input_actions & input)) { 771 return -EINVAL; 772 } 773 774 if (size > prov->input_size) { 775 return -EINVAL; 776 } 777 778 if (input == BLE_MESH_ENTER_STRING) { 779 bt_mesh_atomic_set_bit(link.flags, WAIT_STRING); 780 } else { 781 bt_mesh_atomic_set_bit(link.flags, WAIT_NUMBER); 782 } 783 784 return prov->input(input, size); 785 786 default: 787 return -EINVAL; 788 } 789 } 790 791 static void prov_start(const u8_t *data) 792 { 793 BT_INFO("Algorithm: 0x%02x", data[0]); 794 BT_INFO("Public Key: 0x%02x", data[1]); 795 BT_INFO("Auth Method: 0x%02x", data[2]); 796 BT_INFO("Auth Action: 0x%02x", data[3]); 797 BT_INFO("Auth Size: 0x%02x", data[4]); 798 799 if (data[0] != PROV_ALG_P256) { 800 BT_ERR("Unknown algorithm 0x%02x", data[0]); 801 prov_send_fail_msg(PROV_ERR_NVAL_FMT); 802 return; 803 } 804 805 if (data[1] != prov->oob_pub_key) { 806 BT_ERR("Invalid public key type: 0x%02x", data[1]); 807 prov_send_fail_msg(PROV_ERR_NVAL_FMT); 808 return; 809 } 810 811 memcpy(&link.conf_inputs[12], data, 5); 812 813 link.expect = PROV_PUB_KEY; 814 815 /* If Provisioning Start PDU indicates that provisioner chooses 816 * OOB public key, then callback to the application layer to let 817 * users input public & private key pair. 818 */ 819 link.oob_pk_flag = data[1] ? true : false; 820 if (link.oob_pk_flag) { 821 prov->oob_pub_key_cb(); 822 } 823 824 if (prov_auth(data[2], data[3], data[4]) < 0) { 825 BT_ERR("Invalid authentication method: 0x%02x; " 826 "action: 0x%02x; size: 0x%02x", 827 data[2], data[3], data[4]); 828 prov_send_fail_msg(PROV_ERR_NVAL_FMT); 829 } 830 } 831 832 static void send_confirm(void) 833 { 834 PROV_BUF(cfm, 17); 835 836 BT_DBG("ConfInputs[0] %s", bt_hex(link.conf_inputs, 64)); 837 BT_DBG("ConfInputs[64] %s", bt_hex(&link.conf_inputs[64], 64)); 838 BT_DBG("ConfInputs[128] %s", bt_hex(&link.conf_inputs[128], 17)); 839 840 if (bt_mesh_prov_conf_salt(link.conf_inputs, link.conf_salt)) { 841 BT_ERR("Unable to generate confirmation salt"); 842 prov_send_fail_msg(PROV_ERR_UNEXP_ERR); 843 return; 844 } 845 846 BT_DBG("ConfirmationSalt: %s", bt_hex(link.conf_salt, 16)); 847 848 if (bt_mesh_prov_conf_key(link.dhkey, link.conf_salt, link.conf_key)) { 849 BT_ERR("Unable to generate confirmation key"); 850 prov_send_fail_msg(PROV_ERR_UNEXP_ERR); 851 return; 852 } 853 854 BT_DBG("ConfirmationKey: %s", bt_hex(link.conf_key, 16)); 855 856 if (bt_mesh_rand(link.rand, 16)) { 857 BT_ERR("Unable to generate random number"); 858 prov_send_fail_msg(PROV_ERR_UNEXP_ERR); 859 return; 860 } 861 862 BT_DBG("LocalRandom: %s", bt_hex(link.rand, 16)); 863 864 prov_buf_init(&cfm, PROV_CONFIRM); 865 866 if (bt_mesh_prov_conf(link.conf_key, link.rand, link.auth, 867 net_buf_simple_add(&cfm, 16))) { 868 BT_ERR("Unable to generate confirmation value"); 869 prov_send_fail_msg(PROV_ERR_UNEXP_ERR); 870 return; 871 } 872 873 if (prov_send(&cfm)) { 874 BT_ERR("Unable to send Provisioning Confirm"); 875 return; 876 } 877 878 link.expect = PROV_RANDOM; 879 } 880 881 static void send_input_complete(void) 882 { 883 PROV_BUF(buf, 1); 884 885 prov_buf_init(&buf, PROV_INPUT_COMPLETE); 886 if (prov_send(&buf)) { 887 BT_ERR("Failed to send Provisioning Input Complete"); 888 } 889 } 890 891 int bt_mesh_input_number(u32_t num) 892 { 893 BT_INFO("%u", num); 894 895 if (!bt_mesh_atomic_test_and_clear_bit(link.flags, WAIT_NUMBER)) { 896 return -EINVAL; 897 } 898 899 sys_put_be32(num, &link.auth[12]); 900 901 send_input_complete(); 902 903 if (!bt_mesh_atomic_test_bit(link.flags, HAVE_DHKEY)) { 904 return 0; 905 } 906 907 if (bt_mesh_atomic_test_and_clear_bit(link.flags, SEND_CONFIRM)) { 908 send_confirm(); 909 } 910 911 return 0; 912 } 913 914 int bt_mesh_input_string(const char *str) 915 { 916 BT_INFO("%s", str); 917 918 if (!bt_mesh_atomic_test_and_clear_bit(link.flags, WAIT_STRING)) { 919 return -EINVAL; 920 } 921 922 (void)memcpy(link.auth, str, prov->input_size); 923 924 send_input_complete(); 925 926 if (!bt_mesh_atomic_test_bit(link.flags, HAVE_DHKEY)) { 927 return 0; 928 } 929 930 if (bt_mesh_atomic_test_and_clear_bit(link.flags, SEND_CONFIRM)) { 931 send_confirm(); 932 } 933 934 return 0; 935 } 936 937 static void prov_dh_key_cb(const u8_t key[32], const u8_t idx) 938 { 939 BT_DBG("%p", key); 940 941 if (!key) { 942 BT_ERR("DHKey generation failed"); 943 prov_send_fail_msg(PROV_ERR_UNEXP_ERR); 944 return; 945 } 946 947 sys_memcpy_swap(link.dhkey, key, 32); 948 949 BT_DBG("DHkey: %s", bt_hex(link.dhkey, 32)); 950 951 bt_mesh_atomic_set_bit(link.flags, HAVE_DHKEY); 952 953 if (bt_mesh_atomic_test_bit(link.flags, WAIT_NUMBER) || 954 bt_mesh_atomic_test_bit(link.flags, WAIT_STRING)) { 955 return; 956 } 957 958 if (bt_mesh_atomic_test_and_clear_bit(link.flags, SEND_CONFIRM)) { 959 send_confirm(); 960 } 961 } 962 963 static void send_pub_key(void) 964 { 965 PROV_BUF(buf, 65); 966 const u8_t *key = NULL; 967 968 /* Copy remote key in little-endian for bt_mesh_dh_key_gen(). 969 * X and Y halves are swapped independently. Use response 970 * buffer as a temporary storage location. The validating of 971 * the remote public key is finished when it is received. 972 */ 973 sys_memcpy_swap(buf.data, &link.conf_inputs[17], 32); 974 sys_memcpy_swap(&buf.data[32], &link.conf_inputs[49], 32); 975 976 if (bt_mesh_dh_key_gen(buf.data, prov_dh_key_cb, 0)) { 977 BT_ERR("Unable to generate DHKey"); 978 prov_send_fail_msg(PROV_ERR_UNEXP_ERR); 979 return; 980 } 981 982 key = bt_mesh_pub_key_get(); 983 if (!key) { 984 BT_ERR("No public key available"); 985 prov_send_fail_msg(PROV_ERR_UNEXP_ERR); 986 return; 987 } 988 989 BT_DBG("Local Public Key: %s", bt_hex(key, 64)); 990 991 prov_buf_init(&buf, PROV_PUB_KEY); 992 993 /* Swap X and Y halves independently to big-endian */ 994 sys_memcpy_swap(net_buf_simple_add(&buf, 32), key, 32); 995 sys_memcpy_swap(net_buf_simple_add(&buf, 32), &key[32], 32); 996 997 memcpy(&link.conf_inputs[81], &buf.data[1], 64); 998 999 if (prov_send(&buf)) { 1000 BT_ERR("Failed to send Public Key"); 1001 return; 1002 } 1003 1004 link.expect = PROV_CONFIRM; 1005 } 1006 1007 static int bt_mesh_calc_dh_key(void) 1008 { 1009 NET_BUF_SIMPLE_DEFINE(buf, 64); 1010 1011 /* Copy remote key in little-endian for bt_mesh_dh_key_gen(). 1012 * X and Y halves are swapped independently. 1013 */ 1014 net_buf_simple_reset(&buf); 1015 sys_memcpy_swap(buf.data, &link.conf_inputs[17], 32); 1016 sys_memcpy_swap(&buf.data[32], &link.conf_inputs[49], 32); 1017 1018 if (bt_mesh_dh_key_gen(buf.data, prov_dh_key_cb, 0)) { 1019 BT_ERR("Unable to generate DHKey"); 1020 prov_send_fail_msg(PROV_ERR_UNEXP_ERR); 1021 return -EIO; 1022 } 1023 1024 return 0; 1025 } 1026 1027 int bt_mesh_set_oob_pub_key(const u8_t pub_key_x[32], const u8_t pub_key_y[32], 1028 const u8_t pri_key[32]) 1029 { 1030 if (!pub_key_x || !pub_key_y || !pri_key) { 1031 BT_ERR("%s, Invalid parameter", __func__); 1032 return -EINVAL; 1033 } 1034 1035 /* Copy OOB public key in big-endian to Provisioning ConfirmationInputs, 1036 * X and Y halves are swapped independently. 1037 * And set input private key to mesh_bearer_adapt.c 1038 */ 1039 sys_memcpy_swap(&link.conf_inputs[81], pub_key_x, 32); 1040 sys_memcpy_swap(&link.conf_inputs[81] + 32, pub_key_y, 32); 1041 bt_mesh_set_private_key(pri_key); 1042 1043 bt_mesh_atomic_set_bit(link.flags, OOB_PUB_KEY); 1044 1045 /* If remote public key is not got, just return */ 1046 if (!bt_mesh_atomic_test_bit(link.flags, REMOTE_PUB_KEY)) { 1047 return 0; 1048 } 1049 1050 return bt_mesh_calc_dh_key(); 1051 } 1052 1053 static void prov_pub_key(const u8_t *data) 1054 { 1055 BT_DBG("Remote Public Key: %s", bt_hex(data, 64)); 1056 1057 /* BLE Mesh BQB test case MESH/NODE/PROV/UPD/BI-13-C needs to 1058 * check the public key using the following rules: 1059 * (1) X > 0, Y > 0 1060 * (2) X > 0, Y = 0 1061 * (3) X = 0, Y = 0 1062 */ 1063 if (!bt_mesh_check_public_key(data)) { 1064 BT_ERR("Invalid public key"); 1065 prov_send_fail_msg(PROV_ERR_UNEXP_PDU); 1066 return; 1067 } 1068 1069 memcpy(&link.conf_inputs[17], data, 64); 1070 bt_mesh_atomic_set_bit(link.flags, REMOTE_PUB_KEY); 1071 1072 if (!bt_mesh_pub_key_get()) { 1073 /* Clear retransmit timer */ 1074 #if defined(CONFIG_BLE_MESH_PB_ADV) 1075 prov_clear_tx(); 1076 #endif 1077 BT_WARN("Waiting for a local public key"); 1078 return; 1079 } 1080 1081 if (!link.oob_pk_flag) { 1082 send_pub_key(); 1083 } else { 1084 link.expect = PROV_CONFIRM; 1085 } 1086 } 1087 1088 static void prov_input_complete(const u8_t *data) 1089 { 1090 BT_DBG("%s", __func__); 1091 } 1092 1093 static void prov_confirm(const u8_t *data) 1094 { 1095 BT_DBG("Remote Confirm: %s", bt_hex(data, 16)); 1096 1097 memcpy(link.conf, data, 16); 1098 1099 if (!bt_mesh_atomic_test_bit(link.flags, HAVE_DHKEY)) { 1100 #if defined(CONFIG_BLE_MESH_PB_ADV) 1101 prov_clear_tx(); 1102 #endif 1103 bt_mesh_atomic_set_bit(link.flags, SEND_CONFIRM); 1104 /* If using OOB public key and it has already got, calculates dhkey */ 1105 if (link.oob_pk_flag && bt_mesh_atomic_test_bit(link.flags, OOB_PUB_KEY)) { 1106 bt_mesh_calc_dh_key(); 1107 } 1108 } else { 1109 send_confirm(); 1110 } 1111 } 1112 1113 static void prov_random(const u8_t *data) 1114 { 1115 PROV_BUF(rnd, 17); 1116 u8_t conf_verify[16] = {0}; 1117 1118 BT_DBG("Remote Random: %s", bt_hex(data, 16)); 1119 1120 if (bt_mesh_prov_conf(link.conf_key, data, link.auth, conf_verify)) { 1121 BT_ERR("Unable to calculate confirmation verification"); 1122 prov_send_fail_msg(PROV_ERR_UNEXP_ERR); 1123 return; 1124 } 1125 1126 if (memcmp(conf_verify, link.conf, 16)) { 1127 BT_ERR("Invalid confirmation value"); 1128 BT_DBG("Received: %s", bt_hex(link.conf, 16)); 1129 BT_DBG("Calculated: %s", bt_hex(conf_verify, 16)); 1130 prov_send_fail_msg(PROV_ERR_CFM_FAILED); 1131 return; 1132 } 1133 1134 prov_buf_init(&rnd, PROV_RANDOM); 1135 net_buf_simple_add_mem(&rnd, link.rand, 16); 1136 1137 if (prov_send(&rnd)) { 1138 BT_ERR("Failed to send Provisioning Random"); 1139 return; 1140 } 1141 1142 if (bt_mesh_prov_salt(link.conf_salt, data, link.rand, 1143 link.prov_salt)) { 1144 BT_ERR("Failed to generate provisioning salt"); 1145 prov_send_fail_msg(PROV_ERR_UNEXP_ERR); 1146 return; 1147 } 1148 1149 BT_DBG("ProvisioningSalt: %s", bt_hex(link.prov_salt, 16)); 1150 1151 link.expect = PROV_DATA; 1152 } 1153 1154 static inline bool is_pb_gatt(void) 1155 { 1156 #if defined(CONFIG_BLE_MESH_PB_GATT) 1157 return !!link.conn; 1158 #else 1159 return false; 1160 #endif 1161 } 1162 1163 static void prov_data(const u8_t *data) 1164 { 1165 PROV_BUF(msg, 1); 1166 u8_t session_key[16] = {0}; 1167 u8_t nonce[13] = {0}; 1168 u8_t dev_key[16] = {0}; 1169 u8_t pdu[25] = {0}; 1170 u8_t flags = 0U; 1171 u32_t iv_index = 0U; 1172 u16_t addr = 0U; 1173 u16_t net_idx = 0U; 1174 int err = 0; 1175 bool identity_enable = false; 1176 1177 BT_DBG("%s", __func__); 1178 1179 err = bt_mesh_session_key(link.dhkey, link.prov_salt, session_key); 1180 if (err) { 1181 BT_ERR("Unable to generate session key"); 1182 prov_send_fail_msg(PROV_ERR_UNEXP_ERR); 1183 return; 1184 } 1185 1186 BT_DBG("SessionKey: %s", bt_hex(session_key, 16)); 1187 1188 err = bt_mesh_prov_nonce(link.dhkey, link.prov_salt, nonce); 1189 if (err) { 1190 BT_ERR("Unable to generate session nonce"); 1191 prov_send_fail_msg(PROV_ERR_UNEXP_ERR); 1192 return; 1193 } 1194 1195 BT_DBG("Nonce: %s", bt_hex(nonce, 13)); 1196 1197 err = bt_mesh_prov_decrypt(session_key, nonce, data, pdu); 1198 if (err) { 1199 BT_ERR("Unable to decrypt provisioning data"); 1200 prov_send_fail_msg(PROV_ERR_DECRYPT); 1201 return; 1202 } 1203 1204 err = bt_mesh_dev_key(link.dhkey, link.prov_salt, dev_key); 1205 if (err) { 1206 BT_ERR("Unable to generate device key"); 1207 prov_send_fail_msg(PROV_ERR_UNEXP_ERR); 1208 return; 1209 } 1210 1211 BT_DBG("DevKey: %s", bt_hex(dev_key, 16)); 1212 1213 net_idx = sys_get_be16(&pdu[16]); 1214 flags = pdu[18]; 1215 iv_index = sys_get_be32(&pdu[19]); 1216 addr = sys_get_be16(&pdu[23]); 1217 1218 BT_DBG("net_idx %u iv_index 0x%08x, addr 0x%04x", 1219 net_idx, iv_index, addr); 1220 1221 prov_buf_init(&msg, PROV_COMPLETE); 1222 if (prov_send(&msg)) { 1223 BT_ERR("Failed to send Provisioning Complete"); 1224 return; 1225 } 1226 1227 /* Ignore any further PDUs on this link */ 1228 link.expect = 0U; 1229 1230 /* Store info, since bt_mesh_provision() will end up clearing it */ 1231 if (IS_ENABLED(CONFIG_BLE_MESH_GATT_PROXY_SERVER)) { 1232 identity_enable = is_pb_gatt(); 1233 } else { 1234 identity_enable = false; 1235 } 1236 1237 err = bt_mesh_provision(pdu, net_idx, flags, iv_index, addr, dev_key); 1238 if (err) { 1239 BT_ERR("Failed to provision (err %d)", err); 1240 return; 1241 } 1242 1243 /* After PB-GATT provisioning we should start advertising 1244 * using Node Identity. 1245 */ 1246 if (IS_ENABLED(CONFIG_BLE_MESH_GATT_PROXY_SERVER) && identity_enable) { 1247 bt_mesh_proxy_identity_enable(); 1248 } 1249 } 1250 1251 static void prov_complete(const u8_t *data) 1252 { 1253 BT_DBG("%s", __func__); 1254 } 1255 1256 static void prov_failed(const u8_t *data) 1257 { 1258 BT_WARN("Error: 0x%02x", data[0]); 1259 } 1260 1261 static const struct { 1262 void (*func)(const u8_t *data); 1263 u16_t len; 1264 } prov_handlers[] = { 1265 { prov_invite, 1 }, 1266 { prov_capabilities, 11 }, 1267 { prov_start, 5, }, 1268 { prov_pub_key, 64 }, 1269 { prov_input_complete, 0 }, 1270 { prov_confirm, 16 }, 1271 { prov_random, 16 }, 1272 { prov_data, 33 }, 1273 { prov_complete, 0 }, 1274 { prov_failed, 1 }, 1275 }; 1276 1277 #if defined(CONFIG_BLE_MESH_PB_ADV) 1278 static void prov_retransmit(struct k_work *work) 1279 { 1280 s64_t timeout = TRANSACTION_TIMEOUT; 1281 int i; 1282 1283 BT_DBG("%s", __func__); 1284 1285 if (!bt_mesh_atomic_test_bit(link.flags, LINK_ACTIVE)) { 1286 BT_WARN("Link not active"); 1287 return; 1288 } 1289 1290 #if defined(CONFIG_BLE_MESH_FAST_PROV) 1291 /* When Provisioning Failed PDU is sent, 3s may be used here. */ 1292 if (link.tx_pdu_type >= PROV_COMPLETE) { 1293 timeout = K_SECONDS(30); 1294 } 1295 #endif 1296 if (k_uptime_get() - link.tx.start > timeout) { 1297 BT_WARN("Node timeout, giving up transaction"); 1298 reset_adv_link(); 1299 return; 1300 } 1301 1302 bt_mesh_pb_buf_lock(); 1303 1304 for (i = 0; i < ARRAY_SIZE(link.tx.buf); i++) { 1305 struct net_buf *buf = link.tx.buf[i]; 1306 1307 if (!buf) { 1308 break; 1309 } 1310 1311 if (BLE_MESH_ADV(buf)->busy) { 1312 continue; 1313 } 1314 1315 BT_DBG("%u bytes: %s", buf->len, bt_hex(buf->data, buf->len)); 1316 1317 if (i + 1 < ARRAY_SIZE(link.tx.buf) && link.tx.buf[i + 1]) { 1318 bt_mesh_adv_send(buf, NULL, NULL); 1319 } else { 1320 bt_mesh_adv_send(buf, &buf_sent_cb, NULL); 1321 } 1322 1323 } 1324 1325 bt_mesh_pb_buf_unlock(); 1326 } 1327 1328 static void link_open(struct prov_rx *rx, struct net_buf_simple *buf) 1329 { 1330 BT_DBG("len %u", buf->len); 1331 1332 if (buf->len < 16) { 1333 BT_ERR("Too short bearer open message (len %u)", buf->len); 1334 return; 1335 } 1336 1337 if (bt_mesh_atomic_test_bit(link.flags, LINK_ACTIVE)) { 1338 /* Send another link ack if the provisioner missed the last */ 1339 if (link.id == rx->link_id && link.expect == PROV_INVITE) { 1340 BT_DBG("Resending link ack"); 1341 bearer_ctl_send(LINK_ACK, NULL, 0); 1342 } else { 1343 BT_INFO("Ignoring bearer open: link already active"); 1344 } 1345 1346 return; 1347 } 1348 1349 if (memcmp(buf->data, prov->uuid, 16)) { 1350 BT_DBG("Bearer open message not for us"); 1351 return; 1352 } 1353 1354 if (prov->link_open) { 1355 prov->link_open(BLE_MESH_PROV_ADV); 1356 } 1357 1358 link.id = rx->link_id; 1359 bt_mesh_atomic_set_bit(link.flags, LINK_ACTIVE); 1360 net_buf_simple_reset(link.rx.buf); 1361 1362 #if defined(CONFIG_BLE_MESH_USE_DUPLICATE_SCAN) 1363 /* Add the link id into exceptional list */ 1364 bt_mesh_update_exceptional_list(BLE_MESH_EXCEP_LIST_ADD, 1365 BLE_MESH_EXCEP_INFO_MESH_LINK_ID, &link.id); 1366 #endif 1367 1368 bearer_ctl_send(LINK_ACK, NULL, 0); 1369 1370 link.expect = PROV_INVITE; 1371 } 1372 1373 static void link_ack(struct prov_rx *rx, struct net_buf_simple *buf) 1374 { 1375 BT_DBG("len %u", buf->len); 1376 } 1377 1378 static void link_close(struct prov_rx *rx, struct net_buf_simple *buf) 1379 { 1380 BT_DBG("len %u", buf->len); 1381 1382 reset_adv_link(); 1383 } 1384 1385 static void gen_prov_ctl(struct prov_rx *rx, struct net_buf_simple *buf) 1386 { 1387 BT_DBG("op 0x%02x len %u", BEARER_CTL(rx->gpc), buf->len); 1388 1389 switch (BEARER_CTL(rx->gpc)) { 1390 case LINK_OPEN: 1391 link_open(rx, buf); 1392 break; 1393 case LINK_ACK: 1394 if (!bt_mesh_atomic_test_bit(link.flags, LINK_ACTIVE)) { 1395 return; 1396 } 1397 1398 link_ack(rx, buf); 1399 break; 1400 case LINK_CLOSE: 1401 if (!bt_mesh_atomic_test_bit(link.flags, LINK_ACTIVE)) { 1402 return; 1403 } 1404 1405 link_close(rx, buf); 1406 break; 1407 default: 1408 BT_ERR("Unknown bearer opcode: 0x%02x", BEARER_CTL(rx->gpc)); 1409 return; 1410 } 1411 } 1412 1413 static void prov_msg_recv(void) 1414 { 1415 u8_t type = link.rx.buf->data[0]; 1416 1417 BT_DBG("type 0x%02x len %u", type, link.rx.buf->len); 1418 1419 if (!bt_mesh_fcs_check(link.rx.buf, link.rx.fcs)) { 1420 BT_ERR("Incorrect FCS"); 1421 return; 1422 } 1423 1424 gen_prov_ack_send(link.rx.id); 1425 link.rx.prev_id = link.rx.id; 1426 link.rx.id = 0U; 1427 1428 if (bt_mesh_atomic_test_bit(link.flags, LINK_INVALID)) { 1429 BT_WARN("Unexpected msg 0x%02x on invalidated link", type); 1430 prov_send_fail_msg(PROV_ERR_UNEXP_PDU); 1431 return; 1432 } 1433 1434 if (type != PROV_FAILED && type != link.expect) { 1435 BT_WARN("Unexpected msg 0x%02x != 0x%02x", type, link.expect); 1436 prov_send_fail_msg(PROV_ERR_UNEXP_PDU); 1437 return; 1438 } 1439 1440 if (type >= ARRAY_SIZE(prov_handlers)) { 1441 BT_ERR("Unknown provisioning PDU type 0x%02x", type); 1442 prov_send_fail_msg(PROV_ERR_NVAL_PDU); 1443 return; 1444 } 1445 1446 if (1 + prov_handlers[type].len != link.rx.buf->len) { 1447 BT_ERR("Invalid length %u for type 0x%02x", 1448 link.rx.buf->len, type); 1449 prov_send_fail_msg(PROV_ERR_NVAL_FMT); 1450 return; 1451 } 1452 1453 /* Changed by Espressif, add provisioning timeout timer operations. 1454 * When received a provisioning PDU, restart the 60s timer. 1455 */ 1456 k_delayed_work_submit(&link.prot_timer, PROTOCOL_TIMEOUT); 1457 1458 prov_handlers[type].func(&link.rx.buf->data[1]); 1459 } 1460 1461 static void gen_prov_cont(struct prov_rx *rx, struct net_buf_simple *buf) 1462 { 1463 u8_t seg = CONT_SEG_INDEX(rx->gpc); 1464 1465 BT_DBG("len %u, seg_index %u", buf->len, seg); 1466 1467 if (!link.rx.seg && link.rx.prev_id == rx->xact_id) { 1468 BT_INFO("Resending ack"); 1469 gen_prov_ack_send(rx->xact_id); 1470 return; 1471 } 1472 1473 if (rx->xact_id != link.rx.id) { 1474 BT_WARN("Data for unknown transaction (%u != %u)", 1475 rx->xact_id, link.rx.id); 1476 return; 1477 } 1478 1479 if (seg > link.rx.last_seg) { 1480 BT_ERR("Invalid segment index %u", seg); 1481 prov_send_fail_msg(PROV_ERR_NVAL_FMT); 1482 return; 1483 } else if (seg == link.rx.last_seg) { 1484 u8_t expect_len = 0U; 1485 1486 expect_len = (link.rx.buf->len - 20U - 1487 ((link.rx.last_seg - 1) * 23U)); 1488 if (expect_len != buf->len) { 1489 BT_ERR("Incorrect last seg len: %u != %u", 1490 expect_len, buf->len); 1491 prov_send_fail_msg(PROV_ERR_NVAL_FMT); 1492 return; 1493 } 1494 } 1495 1496 if (!(link.rx.seg & BIT(seg))) { 1497 BT_INFO("Ignoring already received segment"); 1498 return; 1499 } 1500 1501 memcpy(XACT_SEG_DATA(seg), buf->data, buf->len); 1502 XACT_SEG_RECV(seg); 1503 1504 if (!link.rx.seg) { 1505 prov_msg_recv(); 1506 } 1507 } 1508 1509 static void gen_prov_ack(struct prov_rx *rx, struct net_buf_simple *buf) 1510 { 1511 BT_DBG("len %u", buf->len); 1512 1513 if (!link.tx.buf[0]) { 1514 return; 1515 } 1516 1517 if (rx->xact_id == link.tx.id) { 1518 prov_clear_tx(); 1519 } 1520 } 1521 1522 static void gen_prov_start(struct prov_rx *rx, struct net_buf_simple *buf) 1523 { 1524 if (link.rx.seg) { 1525 BT_INFO("Got Start while there are unreceived segments"); 1526 return; 1527 } 1528 1529 if (link.rx.prev_id == rx->xact_id) { 1530 BT_INFO("Resending ack"); 1531 gen_prov_ack_send(rx->xact_id); 1532 return; 1533 } 1534 1535 link.rx.buf->len = net_buf_simple_pull_be16(buf); 1536 link.rx.id = rx->xact_id; 1537 link.rx.fcs = net_buf_simple_pull_u8(buf); 1538 1539 BT_DBG("len %u last_seg %u total_len %u fcs 0x%02x", buf->len, 1540 START_LAST_SEG(rx->gpc), link.rx.buf->len, link.rx.fcs); 1541 1542 if (link.rx.buf->len < 1) { 1543 BT_ERR("Ignoring zero-length provisioning PDU"); 1544 prov_send_fail_msg(PROV_ERR_NVAL_FMT); 1545 return; 1546 } 1547 1548 if (link.rx.buf->len > link.rx.buf->size) { 1549 BT_ERR("Too large provisioning PDU (%u bytes)", 1550 link.rx.buf->len); 1551 prov_send_fail_msg(PROV_ERR_NVAL_FMT); 1552 return; 1553 } 1554 1555 if (START_LAST_SEG(rx->gpc) > 0 && link.rx.buf->len <= 20U) { 1556 BT_ERR("Too small total length for multi-segment PDU"); 1557 prov_send_fail_msg(PROV_ERR_NVAL_FMT); 1558 return; 1559 } 1560 1561 link.rx.seg = (1 << (START_LAST_SEG(rx->gpc) + 1)) - 1; 1562 link.rx.last_seg = START_LAST_SEG(rx->gpc); 1563 memcpy(link.rx.buf->data, buf->data, buf->len); 1564 XACT_SEG_RECV(0); 1565 1566 if (!link.rx.seg) { 1567 prov_msg_recv(); 1568 } 1569 } 1570 1571 static const struct { 1572 void (*func)(struct prov_rx *rx, struct net_buf_simple *buf); 1573 bool require_link; 1574 u8_t min_len; 1575 } gen_prov[] = { 1576 { gen_prov_start, true, 3 }, 1577 { gen_prov_ack, true, 0 }, 1578 { gen_prov_cont, true, 0 }, 1579 { gen_prov_ctl, false, 0 }, 1580 }; 1581 1582 static void gen_prov_recv(struct prov_rx *rx, struct net_buf_simple *buf) 1583 { 1584 if (buf->len < gen_prov[GPCF(rx->gpc)].min_len) { 1585 BT_ERR("Too short GPC message type %u", GPCF(rx->gpc)); 1586 return; 1587 } 1588 1589 if (!bt_mesh_atomic_test_bit(link.flags, LINK_ACTIVE) && 1590 gen_prov[GPCF(rx->gpc)].require_link) { 1591 BT_DBG("Ignoring message that requires active link"); 1592 return; 1593 } 1594 1595 gen_prov[GPCF(rx->gpc)].func(rx, buf); 1596 } 1597 1598 void bt_mesh_pb_adv_recv(struct net_buf_simple *buf) 1599 { 1600 struct prov_rx rx = {0}; 1601 1602 if (!bt_prov_active() && bt_mesh_is_provisioned()) { 1603 BT_DBG("Ignoring provisioning PDU - already provisioned"); 1604 return; 1605 } 1606 1607 if (buf->len < 6) { 1608 BT_WARN("Too short provisioning packet (len %u)", buf->len); 1609 return; 1610 } 1611 1612 rx.link_id = net_buf_simple_pull_be32(buf); 1613 rx.xact_id = net_buf_simple_pull_u8(buf); 1614 rx.gpc = net_buf_simple_pull_u8(buf); 1615 1616 BT_DBG("link_id 0x%08x xact_id %u", rx.link_id, rx.xact_id); 1617 1618 if (bt_mesh_atomic_test_bit(link.flags, LINK_ACTIVE) && link.id != rx.link_id) { 1619 BT_DBG("Ignoring mesh beacon for unknown link"); 1620 return; 1621 } 1622 1623 gen_prov_recv(&rx, buf); 1624 } 1625 #endif /* CONFIG_BLE_MESH_PB_ADV */ 1626 1627 #if defined(CONFIG_BLE_MESH_PB_GATT) 1628 int bt_mesh_pb_gatt_recv(struct bt_mesh_conn *conn, struct net_buf_simple *buf) 1629 { 1630 u8_t type = 0U; 1631 1632 BT_DBG("%u bytes: %s", buf->len, bt_hex(buf->data, buf->len)); 1633 1634 if (link.conn != conn) { 1635 BT_WARN("Data for unexpected connection"); 1636 return -ENOTCONN; 1637 } 1638 1639 if (buf->len < 1) { 1640 BT_WARN("Too short provisioning packet (len %u)", buf->len); 1641 return -EINVAL; 1642 } 1643 1644 type = net_buf_simple_pull_u8(buf); 1645 if (type != PROV_FAILED && type != link.expect) { 1646 BT_WARN("Unexpected msg 0x%02x != 0x%02x", type, link.expect); 1647 prov_send_fail_msg(PROV_ERR_UNEXP_PDU); 1648 return -EINVAL; 1649 } 1650 1651 if (type >= ARRAY_SIZE(prov_handlers)) { 1652 BT_ERR("Unknown provisioning PDU type 0x%02x", type); 1653 return -EINVAL; 1654 } 1655 1656 if (prov_handlers[type].len != buf->len) { 1657 BT_ERR("Invalid length %u for type 0x%02x", buf->len, type); 1658 return -EINVAL; 1659 } 1660 1661 /* Changed by Espressif, add provisioning timeout timer operations. 1662 * When received a provisioning PDU, restart the 60s timer. 1663 */ 1664 k_delayed_work_submit(&link.prot_timer, PROTOCOL_TIMEOUT); 1665 1666 prov_handlers[type].func(buf->data); 1667 1668 return 0; 1669 } 1670 1671 int bt_mesh_pb_gatt_open(struct bt_mesh_conn *conn) 1672 { 1673 BT_DBG("conn %p", conn); 1674 1675 if (bt_mesh_atomic_test_and_set_bit(link.flags, LINK_ACTIVE)) { 1676 return -EBUSY; 1677 } 1678 1679 link.conn = bt_mesh_conn_ref(conn); 1680 link.expect = PROV_INVITE; 1681 1682 if (prov->link_open) { 1683 prov->link_open(BLE_MESH_PROV_GATT); 1684 } 1685 1686 return 0; 1687 } 1688 1689 int bt_mesh_pb_gatt_close(struct bt_mesh_conn *conn) 1690 { 1691 BT_DBG("conn %p", conn); 1692 1693 if (link.conn != conn) { 1694 BT_ERR("Not connected"); 1695 return -ENOTCONN; 1696 } 1697 1698 if (prov->link_close) { 1699 prov->link_close(BLE_MESH_PROV_GATT); 1700 } 1701 1702 reset_state(); 1703 1704 return 0; 1705 } 1706 #endif /* CONFIG_BLE_MESH_PB_GATT */ 1707 1708 const struct bt_mesh_prov *bt_mesh_prov_get(void) 1709 { 1710 return prov; 1711 } 1712 1713 bool bt_prov_active(void) 1714 { 1715 return bt_mesh_atomic_test_bit(link.flags, LINK_ACTIVE); 1716 } 1717 1718 static void protocol_timeout(struct k_work *work) 1719 { 1720 BT_WARN("Protocol timeout"); 1721 1722 #if defined(CONFIG_BLE_MESH_PB_GATT) 1723 if (link.conn) { 1724 bt_mesh_pb_gatt_close(link.conn); 1725 return; 1726 } 1727 #endif 1728 1729 #if defined(CONFIG_BLE_MESH_PB_ADV) 1730 u8_t reason = CLOSE_REASON_TIMEOUT; 1731 1732 link.rx.seg = 0U; 1733 bearer_ctl_send(LINK_CLOSE, &reason, sizeof(reason)); 1734 1735 reset_state(); 1736 #endif 1737 } 1738 1739 int bt_mesh_prov_init(const struct bt_mesh_prov *prov_info) 1740 { 1741 const u8_t *key = NULL; 1742 1743 if (!prov_info) { 1744 BT_ERR("No provisioning context provided"); 1745 return -EINVAL; 1746 } 1747 1748 if (prov_info->static_val_len > BLE_MESH_PROV_STATIC_OOB_MAX_LEN || 1749 prov_info->output_size > BLE_MESH_PROV_OUTPUT_OOB_MAX_LEN || 1750 prov_info->input_size > BLE_MESH_PROV_INPUT_OOB_MAX_LEN) { 1751 BT_ERR("Invalid authentication oob length"); 1752 return -EINVAL; 1753 } 1754 1755 __ASSERT(prov_info->uuid, "Device UUID not initialized"); 1756 1757 /* Changed by Espressif. Use micro-ecc to generate public key now. */ 1758 key = bt_mesh_pub_key_get(); 1759 if (!key) { 1760 BT_ERR("Failed to generate public key"); 1761 return -EIO; 1762 } 1763 1764 k_delayed_work_init(&link.prot_timer, protocol_timeout); 1765 1766 prov = prov_info; 1767 1768 #if defined(CONFIG_BLE_MESH_PB_ADV) 1769 k_delayed_work_init(&link.tx.retransmit, prov_retransmit); 1770 #endif 1771 1772 reset_state(); 1773 1774 #if defined(CONFIG_BLE_MESH_PB_ADV) 1775 bt_mesh_pb_buf_mutex_new(); 1776 #endif 1777 1778 return 0; 1779 } 1780 1781 #if CONFIG_BLE_MESH_DEINIT 1782 int bt_mesh_prov_deinit(void) 1783 { 1784 if (prov == NULL) { 1785 BT_ERR("No provisioning context provided"); 1786 return -EINVAL; 1787 } 1788 1789 k_delayed_work_free(&link.prot_timer); 1790 1791 #if defined(CONFIG_BLE_MESH_PB_ADV) 1792 prov_clear_tx(); 1793 k_delayed_work_free(&link.tx.retransmit); 1794 #if defined(CONFIG_BLE_MESH_USE_DUPLICATE_SCAN) 1795 /* Remove the link id from exceptional list */ 1796 bt_mesh_update_exceptional_list(BLE_MESH_EXCEP_LIST_REMOVE, 1797 BLE_MESH_EXCEP_INFO_MESH_LINK_ID, &link.id); 1798 #endif /* CONFIG_BLE_MESH_USE_DUPLICATE_SCAN */ 1799 #endif /* CONFIG_BLE_MESH_PB_ADV */ 1800 1801 (void)memset(&link, 0, sizeof(link)); 1802 1803 #if defined(CONFIG_BLE_MESH_PB_ADV) 1804 bt_mesh_pb_buf_mutex_free(); 1805 #endif 1806 1807 prov = NULL; 1808 1809 return 0; 1810 } 1811 #endif /* CONFIG_BLE_MESH_DEINIT */ 1812 1813 void bt_mesh_prov_complete(u16_t net_idx, const u8_t net_key[16], 1814 u16_t addr, u8_t flags, u32_t iv_index) 1815 { 1816 if (prov->complete) { 1817 prov->complete(net_idx, net_key, addr, flags, iv_index); 1818 } 1819 } 1820 1821 void bt_mesh_prov_reset(void) 1822 { 1823 if (prov->reset) { 1824 prov->reset(); 1825 } 1826 } 1827 1828 #endif /* CONFIG_BLE_MESH_NODE */