1 /* Bluetooth Mesh */
2
3 /*
4 * Copyright (c) 2017 Intel Corporation
5 *
6 * SPDX-License-Identifier: Apache-2.0
7 */
8 #include <ble_os.h>
9 #include <bt_errno.h>
10 #include <atomic.h>
11 #include <misc/util.h>
12 #include <misc/byteorder.h>
13
14 #include <net/buf.h>
15 #include <bluetooth/bluetooth.h>
16 #include <bluetooth/conn.h>
17 #include <api/mesh.h>
18 #include <api/mesh/proxy.h>
19
20 #include <bluetooth/uuid.h>
21
22 #define BT_DBG_ENABLED IS_ENABLED(CONFIG_BT_MESH_DEBUG_PROV)
23 #include "common/log.h"
24
25 #include "host/ecc.h"
26 #include "host/testing.h"
27
28 #include "crypto.h"
29 #include "adv.h"
30 #include "mesh.h"
31 #include "net.h"
32 #include "access.h"
33 #include "foundation.h"
34 #include "proxy.h"
35 #include "prov.h"
36 #ifdef CONFIG_BT_MESH_EVENT_CALLBACK
37 #include "mesh_event_port.h"
38 #endif
39
40 #ifdef CONFIG_GENIE_MESH_ENABLE
41 #include "genie_crypto.h"
42 #endif
43
44 #ifdef CONFIG_BT_MESH_PROVISIONER
45 #include "provisioner_prov.h"
46 #endif
47
48 #ifdef MESH_DEBUG_PROV
49 #ifdef CONFIG_GENIE_MESH_ENABLE
50 #define PROV_TAG "\t[ALI_PROV]"
51 #else
52 #define PROV_TAG "\t[SIG_PROV]"
53 #endif
54 #define PROV_D(f, ...) LOGI(PROV_TAG, "\033[0;33m %s " f "\033[0m\n", __func__, ##__VA_ARGS__)
55 #else
56 #define PROV_D(f, ...)
57 #endif
58
59 /* 3 transmissions, 20ms interval */
60 #define PROV_XMIT BT_MESH_TRANSMIT(2, 20)
61
62 #define AUTH_METHOD_NO_OOB 0x00
63 #define AUTH_METHOD_STATIC 0x01
64 #define AUTH_METHOD_OUTPUT 0x02
65 #define AUTH_METHOD_INPUT 0x03
66
67 #define OUTPUT_OOB_BLINK 0x00
68 #define OUTPUT_OOB_BEEP 0x01
69 #define OUTPUT_OOB_VIBRATE 0x02
70 #define OUTPUT_OOB_NUMBER 0x03
71 #define OUTPUT_OOB_STRING 0x04
72
73 #define INPUT_OOB_PUSH 0x00
74 #define INPUT_OOB_TWIST 0x01
75 #define INPUT_OOB_NUMBER 0x02
76 #define INPUT_OOB_STRING 0x03
77
78 #define PROV_ERR_NONE 0x00
79 #define PROV_ERR_NVAL_PDU 0x01
80 #define PROV_ERR_NVAL_FMT 0x02
81 #define PROV_ERR_UNEXP_PDU 0x03
82 #define PROV_ERR_CFM_FAILED 0x04
83 #define PROV_ERR_RESOURCES 0x05
84 #define PROV_ERR_DECRYPT 0x06
85 #define PROV_ERR_UNEXP_ERR 0x07
86 #define PROV_ERR_ADDR 0x08
87
88 #define PROV_INVITE 0x00
89 #define PROV_CAPABILITIES 0x01
90 #define PROV_START 0x02
91 #define PROV_PUB_KEY 0x03
92 #define PROV_INPUT_COMPLETE 0x04
93 #define PROV_CONFIRM 0x05
94 #define PROV_RANDOM 0x06
95 #define PROV_DATA 0x07
96 #define PROV_COMPLETE 0x08
97 #define PROV_FAILED 0x09
98
99 #define PROV_ALG_P256 0x00
100
101 #define GPCF(gpc) (gpc & 0x03)
102 #define GPC_START(last_seg) (((last_seg) << 2) | 0x00)
103 #define GPC_ACK 0x01
104 #define GPC_CONT(seg_id) (((seg_id) << 2) | 0x02)
105 #define GPC_CTL(op) (((op) << 2) | 0x03)
106
107 #define START_PAYLOAD_MAX 20
108 #define CONT_PAYLOAD_MAX 23
109
110 #define START_LAST_SEG(gpc) (gpc >> 2)
111 #define CONT_SEG_INDEX(gpc) (gpc >> 2)
112
113 #define BEARER_CTL(gpc) (gpc >> 2)
114 #define LINK_OPEN 0x00
115 #define LINK_ACK 0x01
116 #define LINK_CLOSE 0x02
117
118 #define CLOSE_REASON_SUCCESS 0x00
119 #define CLOSE_REASON_TIMEOUT 0x01
120 #define CLOSE_REASON_FAILED 0x02
121
122 #define XACT_SEG_DATA(_seg) (&plink.rx.buf->data[20 + ((_seg - 1) * 23)])
123 #define XACT_SEG_RECV(_seg) (plink.rx.seg &= ~(1 << (_seg)))
124
125 #define XACT_NVAL 0xFF
126
127 enum {
128 REMOTE_PUB_KEY, /* Remote key has been received */
129 LOCAL_PUB_KEY, /* Local public key is available */
130 LINK_ACTIVE, /* Link has been opened */
131 HAVE_DHKEY, /* DHKey has been calcualted */
132 SEND_CONFIRM, /* Waiting to send Confirm value */
133 WAIT_NUMBER, /* Waiting for number input from user */
134 WAIT_STRING, /* Waiting for string input from user */
135
136 NUM_FLAGS,
137 };
138
139 struct prov_link {
140 ATOMIC_DEFINE(flags, NUM_FLAGS);
141 #if defined(CONFIG_BT_MESH_PB_GATT)
142 struct bt_conn *conn; /* GATT connection */
143 #endif
144 u8_t dhkey[32]; /* Calculated DHKey */
145 u8_t expect; /* Next expected PDU */
146
147 u8_t oob_method;
148 u8_t oob_action;
149 u8_t oob_size;
150
151 u8_t conf[16]; /* Remote Confirmation */
152 u8_t rand[16]; /* Local Random */
153 u8_t auth[16]; /* Authentication Value */
154
155 u8_t conf_salt[16]; /* ConfirmationSalt */
156 u8_t conf_key[16]; /* ConfirmationKey */
157 u8_t conf_inputs[145]; /* ConfirmationInputs */
158 u8_t prov_salt[16]; /* Provisioning Salt */
159 #ifdef CONFIG_BT_MESH_PROVISIONER
160 u8_t remote_dev_key[16];
161 u16_t unicast_addr;
162 #endif
163
164 #if defined(CONFIG_BT_MESH_PB_ADV)
165 bt_u32_t id; /* Link ID */
166
167 struct {
168 u8_t id; /* Transaction ID */
169 u8_t prev_id; /* Previous Transaction ID */
170 u8_t seg; /* Bit-field of unreceived segments */
171 u8_t last_seg; /* Last segment (to check length) */
172 u8_t fcs; /* Expected FCS value */
173 struct net_buf_simple *buf;
174 } rx;
175
176 struct {
177 /* Start timestamp of the transaction */
178 s64_t start;
179
180 /* Transaction id*/
181 u8_t id;
182
183 /* Pending outgoing buffer(s) */
184 struct net_buf *buf[3];
185
186 /* Retransmit timer */
187 struct k_delayed_work retransmit;
188 } tx;
189 #endif
190 };
191
192 struct prov_rx {
193 bt_u32_t link_id;
194 u8_t xact_id;
195 u8_t gpc;
196 };
197
198 #define RETRANSMIT_TIMEOUT K_MSEC(500)
199 #define BUF_TIMEOUT K_MSEC(400)
200 #define TRANSACTION_TIMEOUT K_SECONDS(30)
201 #define PROV_TIMEOUT K_SECONDS(60)
202
203 #if defined(CONFIG_BT_MESH_PB_GATT)
204 #define PROV_BUF_HEADROOM 5
205 #else
206 #define PROV_BUF_HEADROOM 0
207 NET_BUF_SIMPLE_DEFINE_STATIC(rx_buf, 65);
208 #endif
209
210 #define PROV_BUF(name, len) NET_BUF_SIMPLE_DEFINE(name, PROV_BUF_HEADROOM + len)
211
212 static struct prov_link plink;
213
214 static const struct bt_mesh_prov *prov;
215
216 static u8_t prov_method = 0;
217
218 #ifndef CONFIG_BT_MESH_PROV_TIMEOUT
219 #define CONFIG_BT_MESH_PROV_TIMEOUT 1
220 #endif
221
222 #if CONFIG_BT_MESH_PROV_TIMEOUT
223 static k_timer_t g_prov_timeout;
224 #endif
225
226 static void close_link(u8_t err, u8_t reason);
227
228 #ifdef CONFIG_MESH_GENIE_APP
genie_set_static_auth(uint8_t * link_auth,uint8_t * random)229 __attribute__((weak)) int genie_set_static_auth(uint8_t *link_auth, uint8_t *random)
230 {
231 (void)link_auth;
232 (void)random;
233 return 0;
234 }
235 #endif
236
237 #ifdef CONFIG_BT_BQB
reset_state_without_linkclose()238 static void reset_state_without_linkclose()
239 {
240 /* Disable Attention Timer if it was set */
241 if (plink.conf_inputs[0]) {
242 bt_mesh_attention(NULL, 0);
243 }
244 #if defined(CONFIG_BT_MESH_PB_ADV)
245 /* Clear everything except the retransmit delayed work config */
246 struct bt_conn *conn = plink.conn;
247 (void)memset(&plink, 0, offsetof(struct prov_link, tx.retransmit));
248 plink.rx.prev_id = XACT_NVAL;
249 plink.conn = conn;
250
251 #if defined(CONFIG_BT_MESH_PB_GATT)
252 plink.rx.buf = bt_mesh_proxy_get_buf();
253 #else
254 net_buf_simple_reset(&rx_buf);
255 plink.rx.buf = &rx_buf;
256 #endif /* PB_GATT */
257
258 #else
259 struct bt_conn *conn = plink.conn;
260 (void)memset(&plink, 0, sizeof(plink));
261 plink.conn = conn;
262 #endif /* PB_ADV */
263 }
264 #endif
265 extern int32_t csi_kernel_delay_ms(uint32_t ms);
reset_state(void)266 static void reset_state(void)
267 {
268 prov_method = 0;
269 #ifdef CONFIG_BT_BQB
270 int err;
271
272 /* wait dhkey gen complete */
273 csi_kernel_delay_ms(5000);
274 extern int bt_pub_key_regen();
275 err = bt_pub_key_regen();
276 if (err) {
277 BT_ERR("Failed to generate public key (%d)", err);
278 return;
279 }
280
281 #endif
282
283 /* Disable Attention Timer if it was set */
284 if (plink.conf_inputs[0]) {
285 bt_mesh_attention(NULL, 0);
286 }
287
288 #if defined(CONFIG_BT_MESH_PB_GATT)
289 if (plink.conn) {
290 bt_conn_unref(plink.conn);
291 }
292 #endif
293
294 #if defined(CONFIG_BT_MESH_PB_ADV)
295 /* Clear everything except the retransmit delayed work config */
296 (void)memset(&plink, 0, offsetof(struct prov_link, tx.retransmit));
297 plink.rx.prev_id = XACT_NVAL;
298
299 #if defined(CONFIG_BT_MESH_PB_GATT)
300 plink.rx.buf = bt_mesh_proxy_get_buf();
301 #else
302 net_buf_simple_reset(&rx_buf);
303 plink.rx.buf = &rx_buf;
304 #endif /* PB_GATT */
305
306 #else
307 (void)memset(&plink, 0, sizeof(plink));
308 #endif /* PB_ADV */
309 }
310
311 #if defined(CONFIG_BT_MESH_PB_ADV)
buf_sent(int err,void * user_data)312 static void buf_sent(int err, void *user_data)
313 {
314 if (!plink.tx.buf[0]) {
315 return;
316 }
317 k_delayed_work_submit(&plink.tx.retransmit, RETRANSMIT_TIMEOUT);
318 }
319
320 static struct bt_mesh_send_cb buf_sent_cb = {
321 .end = buf_sent,
322 };
323
free_segments(void)324 static void free_segments(void)
325 {
326 int i;
327
328 for (i = 0; i < ARRAY_SIZE(plink.tx.buf); i++) {
329 struct net_buf *buf = plink.tx.buf[i];
330
331 if (!buf) {
332 break;
333 }
334 plink.tx.buf[i] = NULL;
335 /* Mark as canceled */
336 BT_MESH_ADV(buf)->busy = 0;
337 net_buf_unref(buf);
338 }
339 }
340
prov_clear_tx(void)341 static void prov_clear_tx(void)
342 {
343 BT_DBG("");
344
345 k_delayed_work_cancel(&plink.tx.retransmit);
346
347 free_segments();
348 }
349
reset_link(void)350 void reset_link(void)
351 {
352 prov_clear_tx();
353
354 if (prov->link_close) {
355 prov->link_close(BT_MESH_PROV_ADV);
356 }
357
358 reset_state();
359 }
360
adv_buf_create(void)361 static struct net_buf *adv_buf_create(void)
362 {
363 struct net_buf *buf;
364 buf = bt_mesh_adv_create(BT_MESH_ADV_PROV, PROV_XMIT, BUF_TIMEOUT);
365 if (!buf) {
366 BT_ERR("Out of provisioning buffers");
367 return NULL;
368 }
369
370 return buf;
371 }
372
373 static atomic_t pending_ack = 0x00;
374
ack_complete(int err,void * user_data)375 static void ack_complete(int err, void *user_data)
376 {
377 struct net_buf *buf = (struct net_buf *)user_data;
378 uint32_t link_id = net_buf_pull_be32(buf);
379 uint8_t ack_index = net_buf_pull_u8(buf);
380 atomic_clear_bit(&pending_ack, ack_index);
381 BT_DBG("linkid: %d xact index %u send complete", link_id, ack_index);
382 net_buf_unref(buf);
383 (void)link_id;
384 }
385
gen_prov_ack_send(u8_t xact_id)386 static void gen_prov_ack_send(u8_t xact_id)
387 {
388 static const struct bt_mesh_send_cb cb = {
389 .end = ack_complete,
390 };
391 const struct bt_mesh_send_cb *complete = &cb;
392 struct net_buf *buf;
393
394 BT_DBG("xact_id %u %02x", xact_id, pending_ack);
395
396 if (atomic_test_and_set_bit(&pending_ack, xact_id)) {
397 BT_DBG("The xact_id aready exit int adv pool");
398 return;
399 }
400 buf = adv_buf_create();
401 if (!buf) {
402 return;
403 }
404 net_buf_add_be32(buf, plink.id);
405 net_buf_add_u8(buf, xact_id);
406 net_buf_add_u8(buf, GPC_ACK);
407 bt_mesh_adv_send(buf, complete, buf);
408 }
409
send_reliable(void)410 static void send_reliable(void)
411 {
412 int i;
413
414 plink.tx.start = k_uptime_get();
415
416 for (i = 0; i < ARRAY_SIZE(plink.tx.buf); i++) {
417 struct net_buf *buf = plink.tx.buf[i];
418
419 if (!buf) {
420 break;
421 }
422
423 if (i + 1 < ARRAY_SIZE(plink.tx.buf) && plink.tx.buf[i + 1]) {
424 bt_mesh_adv_send(buf, NULL, NULL);
425 } else {
426 bt_mesh_adv_send(buf, &buf_sent_cb, NULL);
427 }
428 }
429 }
430
bearer_ctl_send(u8_t op,void * data,u8_t data_len)431 static int bearer_ctl_send(u8_t op, void *data, u8_t data_len)
432 {
433 struct net_buf *buf;
434
435 BT_DBG("op 0x%02x data_len %u", op, data_len);
436
437 prov_clear_tx();
438
439 buf = adv_buf_create();
440 if (!buf) {
441 return -ENOBUFS;
442 }
443
444 net_buf_add_be32(buf, plink.id);
445 /* Transaction ID, always 0 for Bearer messages */
446 net_buf_add_u8(buf, 0x00);
447 net_buf_add_u8(buf, GPC_CTL(op));
448 net_buf_add_mem(buf, data, data_len);
449
450 plink.tx.buf[0] = buf;
451 send_reliable();
452
453 return 0;
454 }
455
last_seg(u8_t len)456 static u8_t last_seg(u8_t len)
457 {
458 if (len <= START_PAYLOAD_MAX) {
459 return 0;
460 }
461
462 len -= START_PAYLOAD_MAX;
463
464 return 1 + (len / CONT_PAYLOAD_MAX);
465 }
466
next_transaction_id(void)467 static inline u8_t next_transaction_id(void)
468 {
469 if (plink.tx.id != 0 && plink.tx.id != 0xFF) {
470 return ++plink.tx.id;
471 }
472
473 plink.tx.id = 0x80;
474 return plink.tx.id;
475 }
476
prov_send_adv(struct net_buf_simple * msg)477 static int prov_send_adv(struct net_buf_simple *msg)
478 {
479 struct net_buf *start, *buf;
480 u8_t seg_len, seg_id;
481 u8_t xact_id;
482
483 BT_DBG("len %u: %s", msg->len, bt_hex(msg->data, msg->len));
484 // PROV_D("len %u: %s", msg->len, bt_hex(msg->data, msg->len));
485 PROV_D("len %u", msg->len);
486 prov_clear_tx();
487
488 start = adv_buf_create();
489 if (!start) {
490 return -ENOBUFS;
491 }
492
493 xact_id = next_transaction_id();
494 net_buf_add_be32(start, plink.id);
495 net_buf_add_u8(start, xact_id);
496
497 net_buf_add_u8(start, GPC_START(last_seg(msg->len)));
498 net_buf_add_be16(start, msg->len);
499 net_buf_add_u8(start, bt_mesh_fcs_calc(msg->data, msg->len));
500
501 plink.tx.buf[0] = start;
502
503 seg_len = MIN(msg->len, START_PAYLOAD_MAX);
504 BT_DBG("seg 0 len %u: %s", seg_len, bt_hex(msg->data, seg_len));
505 net_buf_add_mem(start, msg->data, seg_len);
506 net_buf_simple_pull(msg, seg_len);
507
508 buf = start;
509 for (seg_id = 1; msg->len > 0; seg_id++) {
510 if (seg_id >= ARRAY_SIZE(plink.tx.buf)) {
511 BT_ERR("Too big message");
512 free_segments();
513 return -E2BIG;
514 }
515
516 buf = adv_buf_create();
517 if (!buf) {
518 free_segments();
519 return -ENOBUFS;
520 }
521
522 plink.tx.buf[seg_id] = buf;
523
524 seg_len = MIN(msg->len, CONT_PAYLOAD_MAX);
525
526 BT_DBG("seg_id %u len %u: %s", seg_id, seg_len, bt_hex(msg->data, seg_len));
527
528 net_buf_add_be32(buf, plink.id);
529 net_buf_add_u8(buf, xact_id);
530 net_buf_add_u8(buf, GPC_CONT(seg_id));
531 net_buf_add_mem(buf, msg->data, seg_len);
532 net_buf_simple_pull(msg, seg_len);
533 }
534
535 send_reliable();
536
537 return 0;
538 }
539
540 #endif /* CONFIG_BT_MESH_PB_ADV */
541
542 #if defined(CONFIG_BT_MESH_PB_GATT)
prov_send_gatt(struct net_buf_simple * msg)543 static int prov_send_gatt(struct net_buf_simple *msg)
544 {
545 if (!plink.conn) {
546 return -ENOTCONN;
547 }
548
549 return bt_mesh_proxy_send(plink.conn, BT_MESH_PROXY_PROV, msg);
550 }
551 #endif /* CONFIG_BT_MESH_PB_GATT */
552
prov_send(struct net_buf_simple * buf)553 static inline int prov_send(struct net_buf_simple *buf)
554 {
555 #if defined(CONFIG_BT_MESH_PB_GATT)
556 if (plink.conn) {
557 return prov_send_gatt(buf);
558 }
559 #endif
560 #if defined(CONFIG_BT_MESH_PB_ADV)
561 return prov_send_adv(buf);
562 #else
563 return 0;
564 #endif
565 }
566
prov_buf_init(struct net_buf_simple * buf,u8_t type)567 static void prov_buf_init(struct net_buf_simple *buf, u8_t type)
568 {
569 net_buf_simple_reserve(buf, PROV_BUF_HEADROOM);
570 net_buf_simple_add_u8(buf, type);
571 }
572
prov_send_fail_msg(u8_t err)573 static void prov_send_fail_msg(u8_t err)
574 {
575 PROV_BUF(buf, 2);
576
577 prov_buf_init(&buf, PROV_FAILED);
578 net_buf_simple_add_u8(&buf, err);
579 prov_send(&buf);
580
581 #ifdef CONFIG_BT_BQB
582 reset_state_without_linkclose();
583 #endif
584 }
585
prov_invite(const u8_t * data)586 static void prov_invite(const u8_t *data)
587 {
588 PROV_BUF(buf, 12);
589
590 BT_DBG("Attention Duration: %u seconds", data[0]);
591 PROV_D(", 1--->2");
592
593 if (data[0]) {
594 bt_mesh_attention(NULL, data[0]);
595 }
596
597 plink.conf_inputs[0] = data[0];
598
599 prov_buf_init(&buf, PROV_CAPABILITIES);
600
601 /* Number of Elements supported */
602 net_buf_simple_add_u8(&buf, bt_mesh_elem_count());
603
604 /* Supported algorithms - FIPS P-256 Eliptic Curve */
605 net_buf_simple_add_be16(&buf, BIT(PROV_ALG_P256));
606
607 /* Public Key Type */
608 net_buf_simple_add_u8(&buf, 0x00);
609
610 /* Static OOB Type */
611 net_buf_simple_add_u8(&buf, prov->static_val && prov->static_val_len ? BIT(0) : 0x00);
612
613 /* Output OOB Size */
614 net_buf_simple_add_u8(&buf, prov->output_size);
615
616 /* Output OOB Action */
617 net_buf_simple_add_be16(&buf, prov->output_actions);
618
619 /* Input OOB Size */
620 net_buf_simple_add_u8(&buf, prov->input_size);
621
622 /* Input OOB Action */
623 net_buf_simple_add_be16(&buf, prov->input_actions);
624
625 memcpy(&plink.conf_inputs[1], &buf.data[1], 11);
626
627 if (prov_send(&buf)) {
628 BT_ERR("Failed to send capabilities");
629 close_link(PROV_ERR_RESOURCES, CLOSE_REASON_FAILED);
630 return;
631 }
632
633 plink.expect = PROV_START;
634 #ifdef CONFIG_BT_MESH_EVENT_CALLBACK
635 #if defined(CONFIG_BT_MESH_PB_GATT)
636 mesh_model_evt_cb event_cb = bt_mesh_event_get_cb_func();
637 if (plink.conn && event_cb) {
638 event_cb(BT_MESH_MODEL_EVT_PROV_START, NULL);
639 }
640 #endif
641 #endif
642 }
643
prov_capabilities(const u8_t * data)644 static void prov_capabilities(const u8_t *data)
645 {
646 BT_DBG("Elements: %u", data[0]);
647
648 BT_DBG("Algorithms: %u", sys_get_be16(&data[1]));
649
650 BT_DBG("Public Key Type: 0x%02x", data[3]);
651 BT_DBG("Static OOB Type: 0x%02x", data[4]);
652 BT_DBG("Output OOB Size: %u", data[5]);
653
654 BT_DBG("Output OOB Action: 0x%04x", sys_get_be16(&data[6]));
655
656 BT_DBG("Input OOB Size: %u", data[8]);
657
658 BT_DBG("Input OOB Action: 0x%04x", sys_get_be16(&data[9]));
659 }
660
output_action(u8_t action)661 static bt_mesh_output_action_t output_action(u8_t action)
662 {
663 switch (action) {
664 case OUTPUT_OOB_BLINK:
665 return BT_MESH_BLINK;
666 case OUTPUT_OOB_BEEP:
667 return BT_MESH_BEEP;
668 case OUTPUT_OOB_VIBRATE:
669 return BT_MESH_VIBRATE;
670 case OUTPUT_OOB_NUMBER:
671 return BT_MESH_DISPLAY_NUMBER;
672 case OUTPUT_OOB_STRING:
673 return BT_MESH_DISPLAY_STRING;
674 default:
675 return BT_MESH_NO_OUTPUT;
676 }
677 }
678
input_action(u8_t action)679 static bt_mesh_input_action_t input_action(u8_t action)
680 {
681 switch (action) {
682 case INPUT_OOB_PUSH:
683 return BT_MESH_PUSH;
684 case INPUT_OOB_TWIST:
685 return BT_MESH_TWIST;
686 case INPUT_OOB_NUMBER:
687 return BT_MESH_ENTER_NUMBER;
688 case INPUT_OOB_STRING:
689 return BT_MESH_ENTER_STRING;
690 default:
691 return BT_MESH_NO_INPUT;
692 }
693 }
694
prov_auth(u8_t method,u8_t action,u8_t size)695 static int prov_auth(u8_t method, u8_t action, u8_t size)
696 {
697 bt_mesh_output_action_t output;
698 bt_mesh_input_action_t input;
699 prov_method = method;
700
701 switch (method) {
702 case AUTH_METHOD_NO_OOB:
703 if (action || size) {
704 return -EINVAL;
705 }
706
707 memset(plink.auth, 0, sizeof(plink.auth));
708 return 0;
709 case AUTH_METHOD_STATIC:
710 if (action || size) {
711 return -EINVAL;
712 }
713
714 memcpy(plink.auth + 16 - prov->static_val_len, prov->static_val, prov->static_val_len);
715 (void)memset(plink.auth, 0, sizeof(plink.auth) - prov->static_val_len);
716 return 0;
717
718 case AUTH_METHOD_OUTPUT:
719 output = output_action(action);
720 if (!output) {
721 return -EINVAL;
722 }
723
724 if (!(prov->output_actions & output)) {
725 return -EINVAL;
726 }
727
728 if (size > prov->output_size) {
729 return -EINVAL;
730 }
731
732 if (output == BT_MESH_DISPLAY_STRING) {
733 unsigned char str[9];
734 u8_t i;
735
736 bt_rand(str, size);
737
738 /* Normalize to '0' .. '9' & 'A' .. 'Z' */
739 for (i = 0; i < size; i++) {
740 str[i] %= 36;
741 if (str[i] < 10) {
742 str[i] += '0';
743 } else {
744 str[i] += 'A' - 10;
745 }
746 }
747 str[size] = '\0';
748
749 memcpy(plink.auth, str, size);
750 (void)memset(plink.auth + size, 0, sizeof(plink.auth) - size);
751
752 return prov->output_string((char *)str);
753 } else {
754 bt_u32_t div[8] = { 10, 100, 1000, 10000, 100000, 1000000, 10000000, 100000000 };
755 bt_u32_t num;
756
757 bt_rand(&num, sizeof(num));
758 num %= div[size - 1];
759
760 sys_put_be32(num, &plink.auth[12]);
761 memset(plink.auth, 0, 12);
762
763 return prov->output_number(output, num);
764 }
765
766 case AUTH_METHOD_INPUT:
767 input = input_action(action);
768 if (!input) {
769 return -EINVAL;
770 }
771
772 if (!(prov->input_actions & input)) {
773 return -EINVAL;
774 }
775
776 if (size > prov->input_size) {
777 return -EINVAL;
778 }
779
780 if (input == BT_MESH_ENTER_STRING) {
781 atomic_set_bit(plink.flags, WAIT_STRING);
782 } else {
783 atomic_set_bit(plink.flags, WAIT_NUMBER);
784 }
785
786 return prov->input(input, size);
787
788 default:
789 return -EINVAL;
790 }
791 }
792
prov_start(const u8_t * data)793 static void prov_start(const u8_t *data)
794 {
795 BT_DBG("Algorithm: 0x%02x", data[0]);
796 BT_DBG("Public Key: 0x%02x", data[1]);
797 BT_DBG("Auth Method: 0x%02x", data[2]);
798 BT_DBG("Auth Action: 0x%02x", data[3]);
799 BT_DBG("Auth Size: 0x%02x", data[4]);
800 PROV_D(", 2--->3");
801
802 if (data[0] != PROV_ALG_P256) {
803 BT_ERR("Unknown algorithm 0x%02x", data[0]);
804 prov_send_fail_msg(PROV_ERR_NVAL_FMT);
805 return;
806 }
807
808 #ifdef CONFIG_BT_BQB
809 /* not support public key oob */
810 if (data[1] != 0x00) {
811 BT_ERR("Invalid public key value: 0x%02x", data[1]);
812 prov_send_fail_msg(PROV_ERR_NVAL_FMT);
813 return;
814 }
815 #else
816 if (data[1] > 0x01) {
817 BT_ERR("Invalid public key value: 0x%02x", data[1]);
818 prov_send_fail_msg(PROV_ERR_NVAL_FMT);
819 return;
820 }
821 #endif
822
823 memcpy(&plink.conf_inputs[12], data, 5);
824
825 plink.expect = PROV_PUB_KEY;
826
827 if (prov_auth(data[2], data[3], data[4]) < 0) {
828 BT_ERR("Invalid authentication method: 0x%02x; "
829 "action: 0x%02x; size: 0x%02x",
830 data[2], data[3], data[4]);
831 prov_send_fail_msg(PROV_ERR_NVAL_FMT);
832 }
833 }
834
send_confirm(void)835 static void send_confirm(void)
836 {
837 PROV_BUF(cfm, 17);
838
839 BT_DBG("ConfInputs[0] %s", bt_hex(plink.conf_inputs, 64));
840 BT_DBG("ConfInputs[64] %s", bt_hex(&plink.conf_inputs[64], 64));
841 BT_DBG("ConfInputs[128] %s", bt_hex(&plink.conf_inputs[128], 17));
842
843 if (bt_mesh_prov_conf_salt(plink.conf_inputs, plink.conf_salt)) {
844 BT_ERR("Unable to generate confirmation salt");
845 close_link(PROV_ERR_UNEXP_ERR, CLOSE_REASON_FAILED);
846 return;
847 }
848
849 BT_DBG("ConfirmationSalt: %s", bt_hex(plink.conf_salt, 16));
850
851 if (bt_mesh_prov_conf_key(plink.dhkey, plink.conf_salt, plink.conf_key)) {
852 BT_ERR("Unable to generate confirmation key");
853 close_link(PROV_ERR_UNEXP_ERR, CLOSE_REASON_FAILED);
854 return;
855 }
856
857 BT_DBG("ConfirmationKey: %s", bt_hex(plink.conf_key, 16));
858
859 if (bt_rand(plink.rand, 16)) {
860 BT_ERR("Unable to generate random number");
861 close_link(PROV_ERR_UNEXP_ERR, CLOSE_REASON_FAILED);
862 return;
863 }
864
865 BT_DBG("LocalRandom: %s", bt_hex(plink.rand, 16));
866
867 prov_buf_init(&cfm, PROV_CONFIRM);
868
869 #ifdef CONFIG_GENIE_MESH_ENABLE
870 if (prov_method == AUTH_METHOD_STATIC) {
871 memcpy(plink.auth, genie_crypto_get_auth(plink.rand), STATIC_OOB_LENGTH);
872 }
873 #endif
874
875 if (bt_mesh_prov_conf(plink.conf_key, plink.rand, plink.auth, net_buf_simple_add(&cfm, 16))) {
876 BT_ERR("Unable to generate confirmation value");
877 close_link(PROV_ERR_UNEXP_ERR, CLOSE_REASON_FAILED);
878 return;
879 }
880
881 if (prov_send(&cfm)) {
882 BT_ERR("Failed to send Provisioning Confirm");
883 close_link(PROV_ERR_RESOURCES, CLOSE_REASON_FAILED);
884 return;
885 }
886
887 plink.expect = PROV_RANDOM;
888 }
889
send_input_complete(void)890 static void send_input_complete(void)
891 {
892 PROV_BUF(buf, 1);
893
894 prov_buf_init(&buf, PROV_INPUT_COMPLETE);
895 prov_send(&buf);
896 }
897
bt_mesh_input_number(bt_u32_t num)898 int bt_mesh_input_number(bt_u32_t num)
899 {
900 BT_DBG("%u", num);
901
902 if (!atomic_test_and_clear_bit(plink.flags, WAIT_NUMBER)) {
903 return -EINVAL;
904 }
905
906 sys_put_be32(num, &plink.auth[12]);
907
908 send_input_complete();
909
910 if (!atomic_test_bit(plink.flags, HAVE_DHKEY)) {
911 return 0;
912 }
913
914 if (atomic_test_and_clear_bit(plink.flags, SEND_CONFIRM)) {
915 send_confirm();
916 }
917
918 return 0;
919 }
920
bt_mesh_input_string(const char * str)921 int bt_mesh_input_string(const char *str)
922 {
923 if (!str) {
924 return -EINVAL;
925 }
926
927 BT_DBG("%s", str);
928
929 if (!atomic_test_and_clear_bit(plink.flags, WAIT_STRING)) {
930 return -EINVAL;
931 }
932
933 strncpy((char *)plink.auth, str, prov->input_size);
934
935 send_input_complete();
936
937 if (!atomic_test_bit(plink.flags, HAVE_DHKEY)) {
938 return 0;
939 }
940
941 if (atomic_test_and_clear_bit(plink.flags, SEND_CONFIRM)) {
942 send_confirm();
943 }
944
945 return 0;
946 }
947
prov_dh_key_cb(const u8_t key[32])948 static void prov_dh_key_cb(const u8_t key[32])
949 {
950 BT_DBG("%p", key);
951
952 if (!key) {
953 BT_ERR("DHKey generation failed");
954 close_link(PROV_ERR_UNEXP_ERR, CLOSE_REASON_FAILED);
955 return;
956 }
957
958 sys_memcpy_swap(plink.dhkey, key, 32);
959
960 BT_DBG("DHkey: %s", bt_hex(plink.dhkey, 32));
961
962 atomic_set_bit(plink.flags, HAVE_DHKEY);
963
964 if (atomic_test_bit(plink.flags, WAIT_NUMBER) || atomic_test_bit(plink.flags, WAIT_STRING)) {
965 return;
966 }
967
968 if (atomic_test_and_clear_bit(plink.flags, SEND_CONFIRM)) {
969 send_confirm();
970 }
971 }
972
send_pub_key(void)973 static void send_pub_key(void)
974 {
975 PROV_BUF(buf, 65);
976 const u8_t *key;
977
978 key = bt_pub_key_get();
979 if (!key) {
980 BT_ERR("No public key available");
981 close_link(PROV_ERR_RESOURCES, CLOSE_REASON_FAILED);
982 return;
983 }
984
985 BT_DBG("Local Public Key: %s", bt_hex(key, 64));
986
987 prov_buf_init(&buf, PROV_PUB_KEY);
988
989 /* Swap X and Y halves independently to big-endian */
990 sys_memcpy_swap(net_buf_simple_add(&buf, 32), key, 32);
991 sys_memcpy_swap(net_buf_simple_add(&buf, 32), &key[32], 32);
992
993 memcpy(&plink.conf_inputs[81], &buf.data[1], 64);
994
995 prov_send(&buf);
996
997 /* Copy remote key in little-endian for bt_dh_key_gen().
998 * X and Y halves are swapped independently.
999 */
1000 net_buf_simple_reset(&buf);
1001 sys_memcpy_swap(buf.data, &plink.conf_inputs[17], 32);
1002 sys_memcpy_swap(&buf.data[32], &plink.conf_inputs[49], 32);
1003
1004 if (bt_dh_key_gen(buf.data, prov_dh_key_cb)) {
1005 BT_ERR("Failed to generate DHKey");
1006 close_link(PROV_ERR_UNEXP_ERR, CLOSE_REASON_FAILED);
1007 return;
1008 }
1009
1010 plink.expect = PROV_CONFIRM;
1011 }
1012
prov_pub_key(const u8_t * data)1013 static void prov_pub_key(const u8_t *data)
1014 {
1015 BT_DBG("Remote Public Key: %s", bt_hex(data, 64));
1016 PROV_D(", 3--->4");
1017
1018 memcpy(&plink.conf_inputs[17], data, 64);
1019
1020 if (!bt_pub_key_get()) {
1021 /* Clear retransmit timer */
1022 #if defined(CONFIG_BT_MESH_PB_ADV)
1023 prov_clear_tx();
1024 #endif
1025 atomic_set_bit(plink.flags, REMOTE_PUB_KEY);
1026 BT_WARN("Waiting for local public key");
1027 return;
1028 }
1029
1030 send_pub_key();
1031 }
1032
pub_key_ready(const u8_t * pkey)1033 static void pub_key_ready(const u8_t *pkey)
1034 {
1035 if (!pkey) {
1036 BT_WARN("Public key not available");
1037 return;
1038 }
1039
1040 BT_DBG("Local public key ready");
1041
1042 if (atomic_test_and_clear_bit(plink.flags, REMOTE_PUB_KEY)) {
1043 send_pub_key();
1044 }
1045 }
1046
prov_input_complete(const u8_t * data)1047 static void prov_input_complete(const u8_t *data)
1048 {
1049 BT_DBG("");
1050 }
1051
prov_confirm(const u8_t * data)1052 static void prov_confirm(const u8_t *data)
1053 {
1054 BT_DBG("Remote Confirm: %s", bt_hex(data, 16));
1055 PROV_D(", 4--->5");
1056
1057 memcpy(plink.conf, data, 16);
1058
1059 if (!atomic_test_bit(plink.flags, HAVE_DHKEY)) {
1060 #if defined(CONFIG_BT_MESH_PB_ADV)
1061 prov_clear_tx();
1062 #endif
1063 atomic_set_bit(plink.flags, SEND_CONFIRM);
1064 } else {
1065 send_confirm();
1066 }
1067 }
1068
prov_random(const u8_t * data)1069 static void prov_random(const u8_t *data)
1070 {
1071 PROV_BUF(rnd, 16);
1072 u8_t conf_verify[16];
1073 PROV_D(", 5--->6");
1074
1075 BT_DBG("Remote Random: %s", bt_hex(data, 16));
1076
1077 #ifdef CONFIG_GENIE_MESH_ENABLE
1078 if (prov_method == AUTH_METHOD_STATIC) {
1079 memcpy(plink.auth, genie_crypto_get_auth(data), STATIC_OOB_LENGTH);
1080 }
1081 #endif
1082
1083 if (bt_mesh_prov_conf(plink.conf_key, data, plink.auth, conf_verify)) {
1084 BT_ERR("Unable to calculate confirmation verification");
1085 close_link(PROV_ERR_UNEXP_ERR, CLOSE_REASON_FAILED);
1086 return;
1087 }
1088
1089 if (memcmp(conf_verify, plink.conf, 16)) {
1090 BT_ERR("Invalid confirmation value");
1091 BT_DBG("Received: %s", bt_hex(plink.conf, 16));
1092 BT_DBG("Calculated: %s", bt_hex(conf_verify, 16));
1093 close_link(PROV_ERR_CFM_FAILED, CLOSE_REASON_FAILED);
1094 return;
1095 }
1096
1097 prov_buf_init(&rnd, PROV_RANDOM);
1098 net_buf_simple_add_mem(&rnd, plink.rand, 16);
1099
1100 if (prov_send(&rnd)) {
1101 BT_ERR("Failed to send Provisioning Random");
1102 close_link(PROV_ERR_RESOURCES, CLOSE_REASON_FAILED);
1103 return;
1104 }
1105
1106 if (bt_mesh_prov_salt(plink.conf_salt, data, plink.rand, plink.prov_salt)) {
1107 BT_ERR("Failed to generate provisioning salt");
1108 close_link(PROV_ERR_UNEXP_ERR, CLOSE_REASON_FAILED);
1109 return;
1110 }
1111
1112 BT_DBG("ProvisioningSalt: %s", bt_hex(plink.prov_salt, 16));
1113
1114 plink.expect = PROV_DATA;
1115 }
1116
is_pb_gatt(void)1117 static inline bool is_pb_gatt(void)
1118 {
1119 #if defined(CONFIG_BT_MESH_PB_GATT)
1120 return !!plink.conn;
1121 #else
1122 return false;
1123 #endif
1124 }
1125
prov_data(const u8_t * data)1126 static void prov_data(const u8_t *data)
1127 {
1128 PROV_BUF(msg, 1);
1129 u8_t session_key[16];
1130 u8_t nonce[13];
1131 u8_t dev_key[16];
1132 u8_t pdu[25];
1133 u8_t flags;
1134 bt_u32_t iv_index;
1135 u16_t addr;
1136 u16_t net_idx;
1137 int err;
1138 bool identity_enable;
1139
1140 BT_DBG("");
1141 PROV_D(", 6--->7");
1142
1143 err = bt_mesh_session_key(plink.dhkey, plink.prov_salt, session_key);
1144 if (err) {
1145 BT_ERR("Unable to generate session key");
1146 close_link(PROV_ERR_UNEXP_ERR, CLOSE_REASON_FAILED);
1147 return;
1148 }
1149
1150 BT_DBG("SessionKey: %s", bt_hex(session_key, 16));
1151
1152 err = bt_mesh_prov_nonce(plink.dhkey, plink.prov_salt, nonce);
1153 if (err) {
1154 BT_ERR("Unable to generate session nonce");
1155 close_link(PROV_ERR_UNEXP_ERR, CLOSE_REASON_FAILED);
1156 return;
1157 }
1158
1159 BT_DBG("Nonce: %s", bt_hex(nonce, 13));
1160
1161 err = bt_mesh_prov_decrypt(session_key, nonce, data, pdu);
1162 if (err) {
1163 BT_ERR("Unable to decrypt provisioning data");
1164 close_link(PROV_ERR_DECRYPT, CLOSE_REASON_FAILED);
1165 return;
1166 }
1167
1168 err = bt_mesh_dev_key(plink.dhkey, plink.prov_salt, dev_key);
1169 if (err) {
1170 BT_ERR("Unable to generate device key");
1171 close_link(PROV_ERR_UNEXP_ERR, CLOSE_REASON_FAILED);
1172 return;
1173 }
1174
1175 BT_DBG("DevKey: %s", bt_hex(dev_key, 16));
1176
1177 net_idx = sys_get_be16(&pdu[16]);
1178 flags = pdu[18];
1179 iv_index = sys_get_be32(&pdu[19]);
1180 addr = sys_get_be16(&pdu[23]);
1181
1182 BT_DBG("net_idx %u iv_index 0x%08x, addr 0x%04x", net_idx, iv_index, addr);
1183
1184 #ifdef CONFIG_BT_MESH_EVENT_CALLBACK
1185 mesh_model_evt_cb event_cb = bt_mesh_event_get_cb_func();
1186 if (event_cb) {
1187 event_cb(BT_MESH_MODEL_EVT_PROV_DATA, &addr);
1188 }
1189 #endif
1190
1191 prov_buf_init(&msg, PROV_COMPLETE);
1192 prov_send(&msg);
1193
1194 /* Ignore any further PDUs on this plink */
1195 plink.expect = 0;
1196
1197 /* Store info, since bt_mesh_provision() will end up clearing it */
1198 if (IS_ENABLED(CONFIG_BT_MESH_GATT_PROXY)) {
1199 identity_enable = is_pb_gatt();
1200 } else {
1201 identity_enable = false;
1202 }
1203
1204 err = bt_mesh_provision(pdu, net_idx, flags, iv_index, addr, dev_key);
1205 if (err) {
1206 BT_ERR("Failed to provision (err %d)", err);
1207 return;
1208 }
1209
1210 #ifdef CONFIG_BT_MESH_PROVISIONER
1211 bt_mesh.p_net_idx_next = net_idx;
1212 struct node_info node_info;
1213 struct bt_le_oob oob;
1214 bt_le_oob_get_local(0, &oob);
1215 memcpy(&node_info.addr, &oob.addr, sizeof(bt_addr_le_t));
1216 memcpy(node_info.uuid, prov->uuid, 16);
1217 node_info.oob_info = prov->oob_info;
1218 node_info.element_num = bt_mesh_elem_count();
1219 node_info.unicast_addr = addr;
1220 node_info.net_idx = net_idx;
1221 node_info.flags = flags;
1222 node_info.iv_index = iv_index;
1223 bt_mesh_provisioner_add_node(&node_info, dev_key);
1224 #endif
1225
1226 /* After PB-GATT provisioning we should start advertising
1227 * using Node Identity.
1228 */
1229 if (IS_ENABLED(CONFIG_BT_MESH_GATT_PROXY) && identity_enable) {
1230 bt_mesh_proxy_identity_enable();
1231 }
1232 }
1233
prov_complete(const u8_t * data)1234 static void prov_complete(const u8_t *data)
1235 {
1236 BT_DBG("");
1237 PROV_D(", 9--->10");
1238 }
1239
prov_failed(const u8_t * data)1240 static void prov_failed(const u8_t *data)
1241 {
1242 BT_WARN("Error: 0x%02x", data[0]);
1243 }
1244
1245 static const struct {
1246 void (*func)(const u8_t *data);
1247 u16_t len;
1248 } prov_handlers[] = {
1249 { prov_invite, 1 },
1250 { prov_capabilities, 11 },
1251 {
1252 prov_start,
1253 5,
1254 },
1255 { prov_pub_key, 64 },
1256 { prov_input_complete, 0 },
1257 { prov_confirm, 16 },
1258 { prov_random, 16 },
1259 { prov_data, 33 },
1260 { prov_complete, 0 },
1261 { prov_failed, 1 },
1262 };
1263
close_link(u8_t err,u8_t reason)1264 static void close_link(u8_t err, u8_t reason)
1265 {
1266 #if defined(CONFIG_BT_MESH_PB_GATT)
1267 if (plink.conn) {
1268 if (err) {
1269 prov_send_fail_msg(err);
1270 }
1271 #ifndef CONFIG_BT_BQB
1272 bt_mesh_pb_gatt_close(plink.conn);
1273 #endif
1274 return;
1275 }
1276 #endif
1277
1278 #if defined(CONFIG_BT_MESH_PB_ADV)
1279 if (err) {
1280 prov_send_fail_msg(err);
1281 }
1282
1283 plink.rx.seg = 0;
1284 bearer_ctl_send(LINK_CLOSE, &reason, sizeof(reason));
1285 #endif
1286
1287 reset_state();
1288 }
1289
1290 #if defined(CONFIG_BT_MESH_PB_ADV)
prov_retransmit(struct k_work * work)1291 static void prov_retransmit(struct k_work *work)
1292 {
1293 int i;
1294
1295 BT_DBG("");
1296
1297 if (!atomic_test_bit(plink.flags, LINK_ACTIVE)) {
1298 BT_WARN("Link not active");
1299 return;
1300 }
1301
1302 if (k_uptime_get() - plink.tx.start > TRANSACTION_TIMEOUT) {
1303 BT_WARN("Giving up transaction");
1304 #if CONFIG_BT_MESH_PROV_TIMEOUT
1305 k_timer_stop(&g_prov_timeout);
1306 #endif
1307 reset_link();
1308 return;
1309 }
1310
1311 for (i = 0; i < ARRAY_SIZE(plink.tx.buf); i++) {
1312 struct net_buf *buf = plink.tx.buf[i];
1313
1314 if (!buf) {
1315 break;
1316 }
1317
1318 if (BT_MESH_ADV(buf)->busy) {
1319 continue;
1320 }
1321
1322 BT_DBG("%u bytes: %s", buf->len, bt_hex(buf->data, buf->len));
1323
1324 if (i + 1 < ARRAY_SIZE(plink.tx.buf) && plink.tx.buf[i + 1]) {
1325 bt_mesh_adv_send(buf, NULL, NULL);
1326 } else {
1327 bt_mesh_adv_send(buf, &buf_sent_cb, NULL);
1328 }
1329 }
1330 }
1331
link_open(struct prov_rx * rx,struct net_buf_simple * buf)1332 static void link_open(struct prov_rx *rx, struct net_buf_simple *buf)
1333 {
1334 BT_DBG("len %u", buf->len);
1335
1336 if (buf->len < 16) {
1337 BT_ERR("Too short bearer open message (len %u)", buf->len);
1338 return;
1339 }
1340
1341 if (atomic_test_bit(plink.flags, LINK_ACTIVE)) {
1342 /* Send another plink ack if the provisioner missed the last */
1343 if (plink.id == rx->link_id && plink.expect == PROV_INVITE) {
1344 BT_DBG("Resending link ack");
1345 bearer_ctl_send(LINK_ACK, NULL, 0);
1346 } else {
1347 BT_WARN("Ignoring bearer open: plink already active");
1348 }
1349
1350 return;
1351 }
1352
1353 if (memcmp(buf->data, prov->uuid, 16)) {
1354 BT_DBG("Bearer open message not for us");
1355 return;
1356 }
1357
1358 if (prov->link_open) {
1359 prov->link_open(BT_MESH_PROV_ADV);
1360 }
1361
1362 plink.id = rx->link_id;
1363 atomic_set_bit(plink.flags, LINK_ACTIVE);
1364 #if CONFIG_BT_MESH_PROV_TIMEOUT
1365 k_timer_start(&g_prov_timeout, PROV_TIMEOUT);
1366 #endif
1367 net_buf_simple_reset(plink.rx.buf);
1368
1369 bearer_ctl_send(LINK_ACK, NULL, 0);
1370
1371 #ifdef CONFIG_BT_MESH_EVENT_CALLBACK
1372 mesh_model_evt_cb event_cb = bt_mesh_event_get_cb_func();
1373 if (event_cb) {
1374 event_cb(BT_MESH_MODEL_EVT_PROV_START, &plink.id);
1375 }
1376 #endif
1377
1378 plink.expect = PROV_INVITE;
1379 }
1380
link_ack(struct prov_rx * rx,struct net_buf_simple * buf)1381 static void link_ack(struct prov_rx *rx, struct net_buf_simple *buf)
1382 {
1383 BT_DBG("len %u", buf->len);
1384 }
1385
link_close(struct prov_rx * rx,struct net_buf_simple * buf)1386 static void link_close(struct prov_rx *rx, struct net_buf_simple *buf)
1387 {
1388 BT_DBG("len %u", buf->len);
1389 #if CONFIG_BT_MESH_PROV_TIMEOUT
1390 k_timer_stop(&g_prov_timeout);
1391 #endif
1392 reset_link();
1393 }
1394
gen_prov_ctl(struct prov_rx * rx,struct net_buf_simple * buf)1395 static void gen_prov_ctl(struct prov_rx *rx, struct net_buf_simple *buf)
1396 {
1397 BT_DBG("op 0x%02x len %u", BEARER_CTL(rx->gpc), buf->len);
1398
1399 switch (BEARER_CTL(rx->gpc)) {
1400 case LINK_OPEN:
1401 link_open(rx, buf);
1402 break;
1403 case LINK_ACK:
1404 if (!atomic_test_bit(plink.flags, LINK_ACTIVE)) {
1405 return;
1406 }
1407
1408 link_ack(rx, buf);
1409 break;
1410 case LINK_CLOSE:
1411 if (!atomic_test_bit(plink.flags, LINK_ACTIVE)) {
1412 return;
1413 }
1414 link_close(rx, buf);
1415 break;
1416 default:
1417 BT_ERR("Unknown bearer opcode: 0x%02x", BEARER_CTL(rx->gpc));
1418
1419 if (IS_ENABLED(CONFIG_BT_TESTING)) {
1420 bt_test_mesh_prov_invalid_bearer(BEARER_CTL(rx->gpc));
1421 }
1422
1423 return;
1424 }
1425 }
1426
prov_msg_recv(void)1427 static void prov_msg_recv(void)
1428 {
1429 u8_t type = plink.rx.buf->data[0];
1430
1431 BT_DBG("type 0x%02x len %u", type, plink.rx.buf->len);
1432
1433 if (!bt_mesh_fcs_check(plink.rx.buf, plink.rx.fcs)) {
1434 BT_ERR("Incorrect FCS");
1435 return;
1436 }
1437 gen_prov_ack_send(plink.rx.id);
1438 plink.rx.prev_id = plink.rx.id;
1439 plink.rx.id = 0;
1440
1441 if (type != PROV_FAILED && type != plink.expect) {
1442 BT_WARN("Unexpected msg 0x%02x != 0x%02x", type, plink.expect);
1443 prov_send_fail_msg(PROV_ERR_UNEXP_PDU);
1444 return;
1445 }
1446
1447 if (type >= ARRAY_SIZE(prov_handlers)) {
1448 BT_ERR("Unknown provisioning PDU type 0x%02x", type);
1449 close_link(PROV_ERR_NVAL_PDU, CLOSE_REASON_FAILED);
1450 return;
1451 }
1452
1453 if (1 + prov_handlers[type].len != plink.rx.buf->len) {
1454 BT_ERR("Invalid length %u for type 0x%02x", plink.rx.buf->len, type);
1455 close_link(PROV_ERR_NVAL_FMT, CLOSE_REASON_FAILED);
1456 return;
1457 }
1458
1459 prov_handlers[type].func(&plink.rx.buf->data[1]);
1460 }
1461
gen_prov_cont(struct prov_rx * rx,struct net_buf_simple * buf)1462 static void gen_prov_cont(struct prov_rx *rx, struct net_buf_simple *buf)
1463 {
1464 u8_t seg = CONT_SEG_INDEX(rx->gpc);
1465
1466 BT_DBG("len %u, seg_index %u", buf->len, seg);
1467
1468 if (!plink.rx.seg && plink.rx.prev_id == rx->xact_id) {
1469 BT_DBG("Resending ack");
1470 gen_prov_ack_send(rx->xact_id);
1471 return;
1472 }
1473
1474 if (rx->xact_id != plink.rx.id) {
1475 BT_WARN("Data for unknown transaction (%u != %u)", rx->xact_id, plink.rx.id);
1476 return;
1477 }
1478
1479 if (seg > plink.rx.last_seg) {
1480 BT_ERR("Invalid segment index %u", seg);
1481 close_link(PROV_ERR_NVAL_FMT, CLOSE_REASON_FAILED);
1482 return;
1483 } else if (seg == plink.rx.last_seg) {
1484 u8_t expect_len;
1485
1486 expect_len = (plink.rx.buf->len - 20U - ((plink.rx.last_seg - 1) * 23U));
1487 if (expect_len != buf->len) {
1488 BT_ERR("Incorrect last seg len: %u != %u", expect_len, buf->len);
1489 close_link(PROV_ERR_NVAL_FMT, CLOSE_REASON_FAILED);
1490 return;
1491 }
1492 }
1493
1494 if (!(plink.rx.seg & BIT(seg))) {
1495 BT_DBG("Ignoring already received segment");
1496 return;
1497 }
1498
1499 memcpy(XACT_SEG_DATA(seg), buf->data, buf->len);
1500 XACT_SEG_RECV(seg);
1501
1502 if (!plink.rx.seg) {
1503 prov_msg_recv();
1504 }
1505 }
1506
gen_prov_ack(struct prov_rx * rx,struct net_buf_simple * buf)1507 static void gen_prov_ack(struct prov_rx *rx, struct net_buf_simple *buf)
1508 {
1509 BT_DBG("len %u", buf->len);
1510 if (!plink.tx.buf[0]) {
1511 return;
1512 }
1513
1514 if (rx->xact_id == plink.tx.id) {
1515 prov_clear_tx();
1516 }
1517 }
1518
gen_prov_start(struct prov_rx * rx,struct net_buf_simple * buf)1519 static void gen_prov_start(struct prov_rx *rx, struct net_buf_simple *buf)
1520 {
1521 if (plink.rx.seg) {
1522 BT_WARN("Got Start while there are unreceived segments");
1523 return;
1524 }
1525
1526 if (plink.rx.prev_id == rx->xact_id) {
1527 BT_DBG("Resending ack");
1528 gen_prov_ack_send(rx->xact_id);
1529 return;
1530 }
1531
1532 plink.rx.buf->len = net_buf_simple_pull_be16(buf);
1533 plink.rx.id = rx->xact_id;
1534 plink.rx.fcs = net_buf_simple_pull_u8(buf);
1535
1536 BT_DBG("len %u last_seg %u total_len %u fcs 0x%02x", buf->len, START_LAST_SEG(rx->gpc), plink.rx.buf->len,
1537 plink.rx.fcs);
1538
1539 if (plink.rx.buf->len < 1) {
1540 BT_ERR("Ignoring zero-length provisioning PDU");
1541 close_link(PROV_ERR_NVAL_FMT, CLOSE_REASON_FAILED);
1542 return;
1543 }
1544
1545 if (plink.rx.buf->len > plink.rx.buf->size) {
1546 BT_ERR("Too large provisioning PDU (%u bytes)", plink.rx.buf->len);
1547 close_link(PROV_ERR_NVAL_FMT, CLOSE_REASON_FAILED);
1548 return;
1549 }
1550
1551 if (START_LAST_SEG(rx->gpc) > 0 && plink.rx.buf->len <= 20) {
1552 BT_ERR("Too small total length for multi-segment PDU");
1553 close_link(PROV_ERR_NVAL_FMT, CLOSE_REASON_FAILED);
1554 return;
1555 }
1556
1557 plink.rx.seg = (1 << (START_LAST_SEG(rx->gpc) + 1)) - 1;
1558 plink.rx.last_seg = START_LAST_SEG(rx->gpc);
1559 memcpy(plink.rx.buf->data, buf->data, buf->len);
1560 XACT_SEG_RECV(0);
1561
1562 if (!plink.rx.seg) {
1563 prov_msg_recv();
1564 }
1565 }
1566
1567 static const struct {
1568 void (*func)(struct prov_rx *rx, struct net_buf_simple *buf);
1569 bool require_link;
1570 u8_t min_len;
1571 } gen_prov[] = {
1572 { gen_prov_start, true, 3 },
1573 { gen_prov_ack, true, 0 },
1574 { gen_prov_cont, true, 0 },
1575 { gen_prov_ctl, false, 0 },
1576 };
1577
gen_prov_recv(struct prov_rx * rx,struct net_buf_simple * buf)1578 static void gen_prov_recv(struct prov_rx *rx, struct net_buf_simple *buf)
1579 {
1580 if (buf->len < gen_prov[GPCF(rx->gpc)].min_len) {
1581 BT_ERR("Too short GPC message type %u", GPCF(rx->gpc));
1582 return;
1583 }
1584
1585 if (!atomic_test_bit(plink.flags, LINK_ACTIVE) && gen_prov[GPCF(rx->gpc)].require_link) {
1586 BT_DBG("Ignoring message that requires active plink");
1587 return;
1588 }
1589
1590 gen_prov[GPCF(rx->gpc)].func(rx, buf);
1591 }
1592
bt_mesh_pb_adv_recv(struct net_buf_simple * buf)1593 void bt_mesh_pb_adv_recv(struct net_buf_simple *buf)
1594 {
1595 struct prov_rx rx;
1596
1597 if (!bt_prov_active() && bt_mesh_is_provisioned()) {
1598 BT_DBG("Ignoring provisioning PDU - already provisioned");
1599 return;
1600 }
1601
1602 if (buf->len < 6) {
1603 BT_WARN("Too short provisioning packet (len %u)", buf->len);
1604 return;
1605 }
1606
1607 rx.link_id = net_buf_simple_pull_be32(buf);
1608 rx.xact_id = net_buf_simple_pull_u8(buf);
1609 rx.gpc = net_buf_simple_pull_u8(buf);
1610
1611 BT_DBG("link_id 0x%08x xact_id %u", rx.link_id, rx.xact_id);
1612
1613 if (atomic_test_bit(plink.flags, LINK_ACTIVE) && plink.id != rx.link_id) {
1614 BT_DBG("Ignoring mesh beacon for unknown plink");
1615 return;
1616 }
1617
1618 gen_prov_recv(&rx, buf);
1619 }
1620 #endif /* CONFIG_BT_MESH_PB_ADV */
1621
1622 #if defined(CONFIG_BT_MESH_PB_GATT)
bt_mesh_pb_gatt_recv(struct bt_conn * conn,struct net_buf_simple * buf)1623 int bt_mesh_pb_gatt_recv(struct bt_conn *conn, struct net_buf_simple *buf)
1624 {
1625 u8_t type;
1626
1627 BT_DBG("%u bytes: %s", buf->len, bt_hex(buf->data, buf->len));
1628
1629 if (plink.conn != conn) {
1630 BT_WARN("Data for unexpected connection");
1631 return -ENOTCONN;
1632 }
1633
1634 if (buf->len < 1) {
1635 BT_WARN("Too short provisioning packet (len %u)", buf->len);
1636 return -EINVAL;
1637 }
1638
1639 type = net_buf_simple_pull_u8(buf);
1640 if (type != PROV_FAILED && type != plink.expect) {
1641 BT_WARN("Unexpected msg 0x%02x != 0x%02x", type, plink.expect);
1642 prov_send_fail_msg(PROV_ERR_UNEXP_PDU);
1643 plink.expect = 0xFF;
1644 return -EINVAL;
1645 }
1646
1647 if (type >= ARRAY_SIZE(prov_handlers)) {
1648 BT_ERR("Unknown provisioning PDU type 0x%02x", type);
1649 return -EINVAL;
1650 }
1651
1652 if (prov_handlers[type].len != buf->len) {
1653 BT_ERR("Invalid length %u for type 0x%02x", buf->len, type);
1654 return -EINVAL;
1655 }
1656
1657 prov_handlers[type].func(buf->data);
1658
1659 return 0;
1660 }
1661
bt_mesh_pb_gatt_open(struct bt_conn * conn)1662 int bt_mesh_pb_gatt_open(struct bt_conn *conn)
1663 {
1664 BT_DBG("conn %p", conn);
1665
1666 if (atomic_test_and_set_bit(plink.flags, LINK_ACTIVE)) {
1667 return -EBUSY;
1668 }
1669 #if CONFIG_BT_MESH_PROV_TIMEOUT
1670 k_timer_start(&g_prov_timeout, PROV_TIMEOUT);
1671 #endif
1672 plink.conn = bt_conn_ref(conn);
1673 plink.expect = PROV_INVITE;
1674
1675 if (prov->link_open) {
1676 prov->link_open(BT_MESH_PROV_GATT);
1677 }
1678
1679 return 0;
1680 }
1681
bt_mesh_pb_gatt_close(struct bt_conn * conn)1682 int bt_mesh_pb_gatt_close(struct bt_conn *conn)
1683 {
1684 BT_DBG("conn %p", conn);
1685
1686 if (plink.conn != conn) {
1687 BT_ERR("Not connected");
1688 return -ENOTCONN;
1689 }
1690 #if CONFIG_BT_MESH_PROV_TIMEOUT
1691 k_timer_stop(&g_prov_timeout);
1692 #endif
1693 if (prov->link_close) {
1694 prov->link_close(BT_MESH_PROV_GATT);
1695 }
1696
1697 reset_state();
1698
1699 return 0;
1700 }
1701 #endif /* CONFIG_BT_MESH_PB_GATT */
1702
bt_mesh_prov_get(void)1703 const struct bt_mesh_prov *bt_mesh_prov_get(void)
1704 {
1705 return prov;
1706 }
1707
bt_prov_active(void)1708 bool bt_prov_active(void)
1709 {
1710 return atomic_test_bit(plink.flags, LINK_ACTIVE);
1711 }
1712
1713 #if CONFIG_BT_MESH_PROV_TIMEOUT
prov_timeout(void * timer,void * arg)1714 static void prov_timeout(void *timer, void *arg)
1715 {
1716 reset_link();
1717 }
1718 #endif
1719
bt_mesh_prov_init(const struct bt_mesh_prov * prov_info)1720 int bt_mesh_prov_init(const struct bt_mesh_prov *prov_info)
1721 {
1722 static struct bt_pub_key_cb pub_key_cb = {
1723 .func = pub_key_ready,
1724 };
1725 int err;
1726
1727 if (!prov_info) {
1728 BT_ERR("No provisioning context provided");
1729 return -EINVAL;
1730 }
1731
1732 err = bt_pub_key_gen(&pub_key_cb);
1733 if (err) {
1734 BT_ERR("Failed to generate public key (%d)", err);
1735 return err;
1736 }
1737
1738 prov = prov_info;
1739
1740 #if defined(CONFIG_BT_MESH_PB_ADV)
1741 k_delayed_work_init(&plink.tx.retransmit, prov_retransmit);
1742 #endif
1743
1744 #if CONFIG_BT_MESH_PROV_TIMEOUT
1745 k_timer_init(&g_prov_timeout, prov_timeout, NULL);
1746 #endif
1747 reset_state();
1748
1749 return 0;
1750 }
1751
bt_mesh_prov_complete(u16_t net_idx,u16_t addr)1752 void bt_mesh_prov_complete(u16_t net_idx, u16_t addr)
1753 {
1754 if (prov->complete) {
1755 prov->complete(net_idx, addr);
1756 }
1757 }
1758
bt_mesh_prov_reset(void)1759 void bt_mesh_prov_reset(void)
1760 {
1761 if (prov->reset) {
1762 prov->reset();
1763 }
1764 }
1765