1 /*
2 * Copyright (c) 2017 Intel Corporation
3 * Copyright (c) 2020 Lingao Meng
4 *
5 * SPDX-License-Identifier: Apache-2.0
6 */
7
8 #include <zephyr/kernel.h>
9 #include <errno.h>
10 #include <zephyr/sys/atomic.h>
11 #include <zephyr/sys/util.h>
12 #include <zephyr/sys/byteorder.h>
13
14 #include <zephyr/net_buf.h>
15 #include <zephyr/bluetooth/bluetooth.h>
16 #include <zephyr/bluetooth/conn.h>
17 #include <zephyr/bluetooth/mesh.h>
18 #include <zephyr/bluetooth/uuid.h>
19
20 #include "common/bt_str.h"
21
22 #include "crypto.h"
23 #include "mesh.h"
24 #include "net.h"
25 #include "rpl.h"
26 #include "beacon.h"
27 #include "access.h"
28 #include "foundation.h"
29 #include "proxy.h"
30 #include "pb_gatt_srv.h"
31 #include "prov.h"
32 #include "settings.h"
33 #include "rpr.h"
34
35 #define LOG_LEVEL CONFIG_BT_MESH_PROVISIONEE_LOG_LEVEL
36 #include <zephyr/logging/log.h>
37 LOG_MODULE_REGISTER(bt_mesh_provisionee);
38
39 static void reprovision_fail(void);
40
prov_send_fail_msg(uint8_t err)41 static void prov_send_fail_msg(uint8_t err)
42 {
43 PROV_BUF(buf, PDU_LEN_FAILED);
44
45 LOG_DBG("%u", err);
46
47 bt_mesh_prov_link.expect = PROV_NO_PDU;
48
49 bt_mesh_prov_buf_init(&buf, PROV_FAILED);
50 net_buf_simple_add_u8(&buf, err);
51
52 if (bt_mesh_prov_send(&buf, NULL)) {
53 LOG_ERR("Failed to send Provisioning Failed message");
54 }
55 }
56
prov_fail(uint8_t reason)57 static void prov_fail(uint8_t reason)
58 {
59 /* According to MshPRTv1.1: 5.4.4, the provisioner just closes the link when something
60 * fails, while the provisionee sends the fail message, and waits for the provisioner to
61 * close the link.
62 */
63 prov_send_fail_msg(reason);
64
65 if (IS_ENABLED(CONFIG_BT_MESH_RPR_SRV) &&
66 atomic_test_bit(bt_mesh_prov_link.flags, REPROVISION)) {
67 reprovision_fail();
68 }
69 }
70
prov_invite(const uint8_t * data)71 static void prov_invite(const uint8_t *data)
72 {
73 PROV_BUF(buf, PDU_LEN_CAPABILITIES);
74
75 LOG_DBG("Attention Duration: %u seconds", data[0]);
76
77 if (data[0]) {
78 bt_mesh_attention(NULL, data[0]);
79 }
80
81 memcpy(bt_mesh_prov_link.conf_inputs.invite, data, PDU_LEN_INVITE);
82
83 bt_mesh_prov_buf_init(&buf, PROV_CAPABILITIES);
84
85 /* Number of Elements supported */
86 net_buf_simple_add_u8(&buf, bt_mesh_elem_count());
87
88 uint16_t algorithm_bm = 0;
89 uint8_t oob_type = bt_mesh_prov->static_val ?
90 BT_MESH_STATIC_OOB_AVAILABLE : 0;
91 bool oob_availability = bt_mesh_prov->output_size > 0 ||
92 bt_mesh_prov->input_size > 0 || bt_mesh_prov->static_val;
93
94 if (IS_ENABLED(CONFIG_BT_MESH_ECDH_P256_HMAC_SHA256_AES_CCM)) {
95 WRITE_BIT(algorithm_bm, BT_MESH_PROV_AUTH_HMAC_SHA256_AES_CCM, 1);
96 }
97
98 if (IS_ENABLED(CONFIG_BT_MESH_ECDH_P256_CMAC_AES128_AES_CCM)) {
99 WRITE_BIT(algorithm_bm, BT_MESH_PROV_AUTH_CMAC_AES128_AES_CCM, 1);
100 }
101
102 if (oob_availability && IS_ENABLED(CONFIG_BT_MESH_OOB_AUTH_REQUIRED)) {
103 oob_type |= BT_MESH_OOB_AUTH_REQUIRED;
104 WRITE_BIT(algorithm_bm, BT_MESH_PROV_AUTH_CMAC_AES128_AES_CCM, 0);
105 }
106
107 /* Supported algorithms */
108 net_buf_simple_add_be16(&buf, algorithm_bm);
109
110 /* Public Key Type */
111 net_buf_simple_add_u8(&buf,
112 bt_mesh_prov->public_key_be == NULL ? PUB_KEY_NO_OOB : PUB_KEY_OOB);
113
114 /* Static OOB Type */
115 net_buf_simple_add_u8(&buf, oob_type);
116
117 /* Output OOB Size */
118 net_buf_simple_add_u8(&buf, bt_mesh_prov->output_size);
119
120 /* Output OOB Action */
121 net_buf_simple_add_be16(&buf, bt_mesh_prov->output_actions);
122
123 /* Input OOB Size */
124 net_buf_simple_add_u8(&buf, bt_mesh_prov->input_size);
125
126 /* Input OOB Action */
127 net_buf_simple_add_be16(&buf, bt_mesh_prov->input_actions);
128
129 memcpy(bt_mesh_prov_link.conf_inputs.capabilities, &buf.data[1], PDU_LEN_CAPABILITIES);
130
131 if (bt_mesh_prov_send(&buf, NULL)) {
132 LOG_ERR("Failed to send capabilities");
133 return;
134 }
135
136 bt_mesh_prov_link.expect = PROV_START;
137 }
138
prov_start(const uint8_t * data)139 static void prov_start(const uint8_t *data)
140 {
141 LOG_DBG("Algorithm: 0x%02x", data[0]);
142 LOG_DBG("Public Key: 0x%02x", data[1]);
143 LOG_DBG("Auth Method: 0x%02x", data[2]);
144 LOG_DBG("Auth Action: 0x%02x", data[3]);
145 LOG_DBG("Auth Size: 0x%02x", data[4]);
146
147 if (IS_ENABLED(CONFIG_BT_MESH_ECDH_P256_HMAC_SHA256_AES_CCM) &&
148 data[0] == BT_MESH_PROV_AUTH_HMAC_SHA256_AES_CCM) {
149 bt_mesh_prov_link.algorithm = data[0];
150 } else if (IS_ENABLED(CONFIG_BT_MESH_ECDH_P256_CMAC_AES128_AES_CCM) &&
151 data[0] == BT_MESH_PROV_AUTH_CMAC_AES128_AES_CCM) {
152 bt_mesh_prov_link.algorithm = data[0];
153 } else {
154 LOG_ERR("Unknown algorithm 0x%02x", data[0]);
155 prov_fail(PROV_ERR_NVAL_FMT);
156 return;
157 }
158
159 uint8_t auth_size = bt_mesh_prov_auth_size_get();
160
161 if (data[1] > PUB_KEY_OOB ||
162 (data[1] == PUB_KEY_OOB &&
163 (!IS_ENABLED(CONFIG_BT_MESH_PROV_OOB_PUBLIC_KEY) || !bt_mesh_prov->public_key_be))) {
164 LOG_ERR("Invalid public key type: 0x%02x", data[1]);
165 prov_fail(PROV_ERR_NVAL_FMT);
166 return;
167 }
168
169 atomic_set_bit_to(bt_mesh_prov_link.flags, OOB_PUB_KEY, data[1] == PUB_KEY_OOB);
170
171 memcpy(bt_mesh_prov_link.conf_inputs.start, data, PDU_LEN_START);
172
173 bt_mesh_prov_link.expect = PROV_PUB_KEY;
174 bt_mesh_prov_link.oob_method = data[2];
175 bt_mesh_prov_link.oob_action = data[3];
176 bt_mesh_prov_link.oob_size = data[4];
177
178 if (IS_ENABLED(CONFIG_BT_MESH_OOB_AUTH_REQUIRED) &&
179 (bt_mesh_prov_link.oob_method == AUTH_METHOD_NO_OOB ||
180 bt_mesh_prov_link.algorithm == BT_MESH_PROV_AUTH_CMAC_AES128_AES_CCM)) {
181 prov_fail(PROV_ERR_NVAL_FMT);
182 return;
183 }
184
185 if (bt_mesh_prov_auth(false, data[2], data[3], data[4]) < 0) {
186 LOG_ERR("Invalid authentication method: 0x%02x; "
187 "action: 0x%02x; size: 0x%02x", data[2], data[3], data[4]);
188 prov_fail(PROV_ERR_NVAL_FMT);
189 return;
190 }
191
192 if (atomic_test_bit(bt_mesh_prov_link.flags, OOB_STATIC_KEY)) {
193 /* Trim the Auth if it is longer than required length */
194 memcpy(bt_mesh_prov_link.auth, bt_mesh_prov->static_val,
195 bt_mesh_prov->static_val_len > auth_size ? auth_size
196 : bt_mesh_prov->static_val_len);
197
198 /* Pad with zeros if the Auth is shorter the required length */
199 if (bt_mesh_prov->static_val_len < auth_size) {
200 memset(bt_mesh_prov_link.auth + bt_mesh_prov->static_val_len, 0,
201 auth_size - bt_mesh_prov->static_val_len);
202 }
203 }
204 }
205
send_confirm(void)206 static void send_confirm(void)
207 {
208 PROV_BUF(cfm, PDU_LEN_CONFIRM);
209 uint8_t auth_size = bt_mesh_prov_auth_size_get();
210 uint8_t *inputs = (uint8_t *)&bt_mesh_prov_link.conf_inputs;
211 uint8_t conf_key_input[64];
212
213 LOG_DBG("ConfInputs[0] %s", bt_hex(inputs, 32));
214 LOG_DBG("ConfInputs[32] %s", bt_hex(&inputs[32], 32));
215 LOG_DBG("ConfInputs[64] %s", bt_hex(&inputs[64], 32));
216 LOG_DBG("ConfInputs[96] %s", bt_hex(&inputs[96], 32));
217 LOG_DBG("ConfInputs[128] %s", bt_hex(&inputs[128], 17));
218
219 if (bt_mesh_prov_conf_salt(bt_mesh_prov_link.algorithm, inputs,
220 bt_mesh_prov_link.conf_salt)) {
221 LOG_ERR("Unable to generate confirmation salt");
222 prov_fail(PROV_ERR_UNEXP_ERR);
223 return;
224 }
225
226 LOG_DBG("ConfirmationSalt: %s", bt_hex(bt_mesh_prov_link.conf_salt, auth_size));
227
228 memcpy(conf_key_input, bt_mesh_prov_link.dhkey, 32);
229
230 if (IS_ENABLED(CONFIG_BT_MESH_ECDH_P256_HMAC_SHA256_AES_CCM) &&
231 bt_mesh_prov_link.algorithm == BT_MESH_PROV_AUTH_HMAC_SHA256_AES_CCM) {
232 memcpy(&conf_key_input[32], bt_mesh_prov_link.auth, 32);
233 LOG_DBG("AuthValue %s", bt_hex(bt_mesh_prov_link.auth, 32));
234 }
235
236 if (bt_mesh_prov_conf_key(bt_mesh_prov_link.algorithm, conf_key_input,
237 bt_mesh_prov_link.conf_salt, bt_mesh_prov_link.conf_key)) {
238 LOG_ERR("Unable to generate confirmation key");
239 prov_fail(PROV_ERR_UNEXP_ERR);
240 return;
241 }
242
243 LOG_DBG("ConfirmationKey: %s", bt_hex(bt_mesh_prov_link.conf_key, auth_size));
244
245 if (bt_rand(bt_mesh_prov_link.rand, auth_size)) {
246 LOG_ERR("Unable to generate random number");
247 prov_fail(PROV_ERR_UNEXP_ERR);
248 return;
249 }
250
251 LOG_DBG("LocalRandom: %s", bt_hex(bt_mesh_prov_link.rand, auth_size));
252
253 bt_mesh_prov_buf_init(&cfm, PROV_CONFIRM);
254
255 if (bt_mesh_prov_conf(bt_mesh_prov_link.algorithm, bt_mesh_prov_link.conf_key,
256 bt_mesh_prov_link.rand, bt_mesh_prov_link.auth,
257 net_buf_simple_add(&cfm, auth_size))) {
258 LOG_ERR("Unable to generate confirmation value");
259 prov_fail(PROV_ERR_UNEXP_ERR);
260 return;
261 }
262
263 if (bt_mesh_prov_send(&cfm, NULL)) {
264 LOG_ERR("Failed to send Provisioning Confirm");
265 return;
266 }
267
268 bt_mesh_prov_link.expect = PROV_RANDOM;
269
270 }
271
send_input_complete(void)272 static void send_input_complete(void)
273 {
274 PROV_BUF(buf, PDU_LEN_INPUT_COMPLETE);
275
276 bt_mesh_prov_buf_init(&buf, PROV_INPUT_COMPLETE);
277 if (bt_mesh_prov_send(&buf, NULL)) {
278 LOG_ERR("Failed to send Provisioning Input Complete");
279 }
280 bt_mesh_prov_link.expect = PROV_CONFIRM;
281 }
282
public_key_sent(int err,void * cb_data)283 static void public_key_sent(int err, void *cb_data)
284 {
285 atomic_set_bit(bt_mesh_prov_link.flags, PUB_KEY_SENT);
286
287 if (atomic_test_bit(bt_mesh_prov_link.flags, INPUT_COMPLETE)) {
288 send_input_complete();
289 return;
290 }
291 }
292
start_auth(void)293 static void start_auth(void)
294 {
295 if (atomic_test_bit(bt_mesh_prov_link.flags, WAIT_NUMBER) ||
296 atomic_test_bit(bt_mesh_prov_link.flags, WAIT_STRING)) {
297 bt_mesh_prov_link.expect = PROV_NO_PDU; /* Wait for input */
298 } else {
299 bt_mesh_prov_link.expect = PROV_CONFIRM;
300 }
301 }
302
send_pub_key(void)303 static void send_pub_key(void)
304 {
305 PROV_BUF(buf, PDU_LEN_PUB_KEY);
306 const uint8_t *key;
307
308 key = bt_mesh_pub_key_get();
309 if (!key) {
310 LOG_ERR("No public key available");
311 prov_fail(PROV_ERR_UNEXP_ERR);
312 return;
313 }
314
315 bt_mesh_prov_buf_init(&buf, PROV_PUB_KEY);
316 net_buf_simple_add_mem(&buf, key, PUB_KEY_SIZE);
317 LOG_DBG("Local Public Key: %s", bt_hex(buf.data + 1, PUB_KEY_SIZE));
318
319 /* PublicKeyDevice */
320 memcpy(bt_mesh_prov_link.conf_inputs.pub_key_device, &buf.data[1], PDU_LEN_PUB_KEY);
321
322 if (bt_mesh_prov_send(&buf, public_key_sent)) {
323 LOG_ERR("Failed to send Public Key");
324 return;
325 }
326
327 start_auth();
328 }
329
prov_dh_key_gen(void)330 static void prov_dh_key_gen(void)
331 {
332 const uint8_t *remote_pub_key;
333 const uint8_t *remote_priv_key;
334
335 remote_pub_key = bt_mesh_prov_link.conf_inputs.pub_key_provisioner;
336
337 if (IS_ENABLED(CONFIG_BT_MESH_PROV_OOB_PUBLIC_KEY) &&
338 atomic_test_bit(bt_mesh_prov_link.flags, OOB_PUB_KEY)) {
339 remote_priv_key = bt_mesh_prov->private_key_be;
340 } else {
341 remote_priv_key = NULL;
342 }
343
344 if (bt_mesh_dhkey_gen(remote_pub_key, remote_priv_key, bt_mesh_prov_link.dhkey)) {
345 LOG_ERR("Failed to generate DHKey");
346 prov_fail(PROV_ERR_UNEXP_ERR);
347 return;
348 }
349
350 LOG_DBG("DHkey: %s", bt_hex(bt_mesh_prov_link.dhkey, DH_KEY_SIZE));
351
352 if (atomic_test_bit(bt_mesh_prov_link.flags, OOB_PUB_KEY)) {
353 start_auth();
354 } else {
355 send_pub_key();
356 }
357 }
358
prov_dh_key_gen_handler(struct k_work * work)359 static void prov_dh_key_gen_handler(struct k_work *work)
360 {
361 prov_dh_key_gen();
362 }
363
364 static K_WORK_DEFINE(dh_gen_work, prov_dh_key_gen_handler);
365
prov_pub_key(const uint8_t * data)366 static void prov_pub_key(const uint8_t *data)
367 {
368 LOG_DBG("Remote Public Key: %s", bt_hex(data, PUB_KEY_SIZE));
369
370 /* PublicKeyProvisioner */
371 memcpy(bt_mesh_prov_link.conf_inputs.pub_key_provisioner, data, PDU_LEN_PUB_KEY);
372
373 if (IS_ENABLED(CONFIG_BT_MESH_PROV_OOB_PUBLIC_KEY) &&
374 atomic_test_bit(bt_mesh_prov_link.flags, OOB_PUB_KEY)) {
375 if (!bt_mesh_prov->public_key_be || !bt_mesh_prov->private_key_be) {
376 LOG_ERR("Public or private key is not ready");
377 prov_fail(PROV_ERR_UNEXP_ERR);
378 return;
379 }
380
381 if (!memcmp(bt_mesh_prov->public_key_be,
382 bt_mesh_prov_link.conf_inputs.pub_key_provisioner, PDU_LEN_PUB_KEY)) {
383 LOG_ERR("Public keys are identical");
384 prov_fail(PROV_ERR_NVAL_FMT);
385 return;
386 }
387
388 /* No swap needed since user provides public key in big-endian */
389 memcpy(bt_mesh_prov_link.conf_inputs.pub_key_device, bt_mesh_prov->public_key_be,
390 PDU_LEN_PUB_KEY);
391 }
392
393 k_work_submit(&dh_gen_work);
394 }
395
notify_input_complete(void)396 static void notify_input_complete(void)
397 {
398 if (atomic_test_and_clear_bit(bt_mesh_prov_link.flags,
399 NOTIFY_INPUT_COMPLETE) &&
400 bt_mesh_prov->input_complete) {
401 bt_mesh_prov->input_complete();
402 }
403 }
404
send_random(void)405 static void send_random(void)
406 {
407 PROV_BUF(rnd, PDU_LEN_RANDOM);
408
409 bt_mesh_prov_buf_init(&rnd, PROV_RANDOM);
410 net_buf_simple_add_mem(&rnd, bt_mesh_prov_link.rand, bt_mesh_prov_auth_size_get());
411
412 if (bt_mesh_prov_send(&rnd, NULL)) {
413 LOG_ERR("Failed to send Provisioning Random");
414 return;
415 }
416
417 bt_mesh_prov_link.expect = PROV_DATA;
418 }
419
prov_random(const uint8_t * data)420 static void prov_random(const uint8_t *data)
421 {
422 uint8_t rand_size = bt_mesh_prov_auth_size_get();
423 uint8_t conf_verify[PROV_AUTH_MAX_LEN];
424
425 LOG_DBG("Remote Random: %s", bt_hex(data, rand_size));
426 if (!memcmp(data, bt_mesh_prov_link.rand, rand_size)) {
427 LOG_ERR("Random value is identical to ours, rejecting.");
428 prov_fail(PROV_ERR_CFM_FAILED);
429 return;
430 }
431
432 if (bt_mesh_prov_conf(bt_mesh_prov_link.algorithm, bt_mesh_prov_link.conf_key,
433 data, bt_mesh_prov_link.auth, conf_verify)) {
434 LOG_ERR("Unable to calculate confirmation verification");
435 prov_fail(PROV_ERR_UNEXP_ERR);
436 return;
437 }
438
439 if (memcmp(conf_verify, bt_mesh_prov_link.conf, rand_size)) {
440 LOG_ERR("Invalid confirmation value");
441 LOG_DBG("Received: %s", bt_hex(bt_mesh_prov_link.conf, rand_size));
442 LOG_DBG("Calculated: %s", bt_hex(conf_verify, rand_size));
443 prov_fail(PROV_ERR_CFM_FAILED);
444 return;
445 }
446
447 if (bt_mesh_prov_salt(bt_mesh_prov_link.algorithm, bt_mesh_prov_link.conf_salt,
448 data, bt_mesh_prov_link.rand, bt_mesh_prov_link.prov_salt)) {
449 LOG_ERR("Failed to generate provisioning salt");
450 prov_fail(PROV_ERR_UNEXP_ERR);
451 return;
452 }
453
454 LOG_DBG("ProvisioningSalt: %s", bt_hex(bt_mesh_prov_link.prov_salt, 16));
455
456 send_random();
457 }
458
prov_confirm(const uint8_t * data)459 static void prov_confirm(const uint8_t *data)
460 {
461 uint8_t conf_size = bt_mesh_prov_auth_size_get();
462
463 LOG_DBG("Remote Confirm: %s", bt_hex(data, conf_size));
464
465 memcpy(bt_mesh_prov_link.conf, data, conf_size);
466 notify_input_complete();
467
468 send_confirm();
469 }
470
is_pb_gatt(void)471 static bool is_pb_gatt(void)
472 {
473 return bt_mesh_prov_link.bearer &&
474 bt_mesh_prov_link.bearer->type == BT_MESH_PROV_GATT;
475 }
476
is_pb_adv(void)477 static bool is_pb_adv(void)
478 {
479 return bt_mesh_prov_link.bearer &&
480 bt_mesh_prov_link.bearer->type == BT_MESH_PROV_ADV;
481 }
482
is_pb_remote(void)483 static bool is_pb_remote(void)
484 {
485 return bt_mesh_prov_link.bearer &&
486 bt_mesh_prov_link.bearer->type == BT_MESH_PROV_REMOTE;
487 }
488
refresh_is_valid(const uint8_t * netkey,uint16_t net_idx,uint32_t iv_index)489 static bool refresh_is_valid(const uint8_t *netkey, uint16_t net_idx,
490 uint32_t iv_index)
491 {
492 enum bt_mesh_rpr_node_refresh proc = bt_mesh_node_refresh_get();
493 struct bt_mesh_subnet *sub = bt_mesh_subnet_get(net_idx);
494 uint16_t old_addr = bt_mesh_primary_addr();
495 bool valid_addr;
496
497 if (iv_index != bt_mesh.iv_index) {
498 LOG_ERR("Invalid IV index");
499 return false;
500 }
501
502 if (!sub || bt_mesh_key_compare(netkey, &sub->keys[SUBNET_KEY_TX_IDX(sub)].net)) {
503 LOG_ERR("Invalid netkey");
504 return false;
505 }
506
507 if (proc == BT_MESH_RPR_NODE_REFRESH_ADDR) {
508 valid_addr = bt_mesh_prov_link.addr < old_addr ||
509 bt_mesh_prov_link.addr >= old_addr + bt_mesh_comp_get()->elem_count;
510 } else {
511 valid_addr = bt_mesh_prov_link.addr == bt_mesh_primary_addr();
512 }
513
514 if (!valid_addr) {
515 LOG_ERR("Invalid address");
516 }
517
518 return valid_addr;
519 }
520
prov_data(const uint8_t * data)521 static void prov_data(const uint8_t *data)
522 {
523 PROV_BUF(msg, PDU_LEN_COMPLETE);
524 struct bt_mesh_key session_key;
525 uint8_t nonce[13];
526 uint8_t dev_key[16];
527 uint8_t pdu[25];
528 uint8_t flags;
529 uint32_t iv_index;
530 uint16_t net_idx;
531 int err;
532 bool identity_enable;
533
534 LOG_DBG("");
535
536 err = bt_mesh_session_key(bt_mesh_prov_link.dhkey,
537 bt_mesh_prov_link.prov_salt, &session_key);
538 if (err) {
539 LOG_ERR("Unable to generate session key");
540 prov_fail(PROV_ERR_UNEXP_ERR);
541 return;
542 }
543
544 err = bt_mesh_prov_nonce(bt_mesh_prov_link.dhkey,
545 bt_mesh_prov_link.prov_salt, nonce);
546 if (err) {
547 LOG_ERR("Unable to generate session nonce");
548 prov_fail(PROV_ERR_UNEXP_ERR);
549 goto session_key_destructor;
550 }
551
552 LOG_DBG("Nonce: %s", bt_hex(nonce, 13));
553
554 err = bt_mesh_prov_decrypt(&session_key, nonce, data, pdu);
555 if (err) {
556 LOG_ERR("Unable to decrypt provisioning data");
557 prov_fail(PROV_ERR_DECRYPT);
558 goto session_key_destructor;
559 }
560
561 err = bt_mesh_dev_key(bt_mesh_prov_link.dhkey,
562 bt_mesh_prov_link.prov_salt, dev_key);
563 if (err) {
564 LOG_ERR("Unable to generate device key");
565 prov_fail(PROV_ERR_UNEXP_ERR);
566 goto session_key_destructor;
567 }
568
569 net_idx = sys_get_be16(&pdu[16]);
570 flags = pdu[18];
571 iv_index = sys_get_be32(&pdu[19]);
572 bt_mesh_prov_link.addr = sys_get_be16(&pdu[23]);
573
574 if (IS_ENABLED(CONFIG_BT_MESH_RPR_SRV) &&
575 atomic_test_bit(bt_mesh_prov_link.flags, REPROVISION) &&
576 !refresh_is_valid(pdu, net_idx, iv_index)) {
577 prov_send_fail_msg(PROV_ERR_INVALID_DATA);
578 goto session_key_destructor;
579 }
580
581 LOG_DBG("net_idx %u iv_index 0x%08x, addr 0x%04x",
582 net_idx, iv_index, bt_mesh_prov_link.addr);
583
584 bt_mesh_prov_buf_init(&msg, PROV_COMPLETE);
585 if (bt_mesh_prov_send(&msg, NULL)) {
586 LOG_ERR("Failed to send Provisioning Complete");
587 goto session_key_destructor;
588 }
589
590 /* Ignore any further PDUs on this link */
591 bt_mesh_prov_link.expect = PROV_NO_PDU;
592 atomic_set_bit(bt_mesh_prov_link.flags, COMPLETE);
593
594 if (IS_ENABLED(CONFIG_BT_MESH_RPR_SRV) &&
595 atomic_test_bit(bt_mesh_prov_link.flags, REPROVISION)) {
596 bt_mesh_dev_key_cand(dev_key);
597 goto session_key_destructor;
598 }
599
600 /* Store info, since bt_mesh_provision() will end up clearing it */
601 if (IS_ENABLED(CONFIG_BT_MESH_GATT_PROXY)) {
602 identity_enable = is_pb_gatt();
603 } else {
604 identity_enable = false;
605 }
606
607 err = bt_mesh_provision(pdu, net_idx, flags, iv_index, bt_mesh_prov_link.addr, dev_key);
608 if (err) {
609 LOG_ERR("Failed to provision (err %d)", err);
610 goto session_key_destructor;
611 }
612
613 /* After PB-GATT provisioning we should start advertising
614 * using Node Identity.
615 */
616 if (IS_ENABLED(CONFIG_BT_MESH_GATT_PROXY) && identity_enable) {
617 bt_mesh_proxy_identity_enable();
618 }
619
620 session_key_destructor:
621 bt_mesh_key_destroy(&session_key);
622 }
623
reprovision_complete(void)624 static void reprovision_complete(void)
625 {
626 bt_mesh_reprovision(bt_mesh_prov_link.addr);
627
628 /* When performing the refresh composition procedure,
629 * the device key will be activated after the first
630 * successful decryption with the new key.
631 */
632 if (bt_mesh_node_refresh_get() == BT_MESH_RPR_NODE_REFRESH_ADDR) {
633 bt_mesh_dev_key_cand_activate();
634 }
635
636 if (bt_mesh_prov->reprovisioned) {
637 bt_mesh_prov->reprovisioned(bt_mesh_primary_addr());
638 }
639 }
640
reprovision_fail(void)641 static void reprovision_fail(void)
642 {
643 bt_mesh_dev_key_cand_remove();
644 }
645
local_input_complete(void)646 static void local_input_complete(void)
647 {
648 if (atomic_test_bit(bt_mesh_prov_link.flags, PUB_KEY_SENT) ||
649 atomic_test_bit(bt_mesh_prov_link.flags, OOB_PUB_KEY)) {
650 send_input_complete();
651 } else {
652 atomic_set_bit(bt_mesh_prov_link.flags, INPUT_COMPLETE);
653 }
654 }
655
656 static bt_mesh_prov_bearer_t active_bearers;
657
prov_link_closed(enum prov_bearer_link_status status)658 static void prov_link_closed(enum prov_bearer_link_status status)
659 {
660 if (IS_ENABLED(CONFIG_BT_MESH_RPR_SRV) &&
661 atomic_test_bit(bt_mesh_prov_link.flags, REPROVISION)) {
662 if (atomic_test_bit(bt_mesh_prov_link.flags, COMPLETE) &&
663 status == PROV_BEARER_LINK_STATUS_SUCCESS) {
664 reprovision_complete();
665 } else {
666 reprovision_fail();
667 }
668 } else if (bt_mesh_prov_link.conf_inputs.invite[0]) {
669 /* Disable Attention Timer if it was set */
670 bt_mesh_attention(NULL, 0);
671 }
672
673 bt_mesh_prov_reset_state();
674
675 /* Restore provisioning bearers stopped in prov_link_opened. If the device was provisioned,
676 * only re-enable the PB-Remote bearer.
677 */
678 if (IS_ENABLED(CONFIG_BT_MESH_RPR_SRV) && !is_pb_remote() &&
679 (active_bearers & BT_MESH_PROV_REMOTE)) {
680 pb_remote_srv.link_accept(bt_mesh_prov_bearer_cb_get(), NULL);
681 }
682
683 if (bt_mesh_is_provisioned()) {
684 return;
685 }
686
687 if (IS_ENABLED(CONFIG_BT_MESH_PB_GATT) && !is_pb_gatt() &&
688 (active_bearers & BT_MESH_PROV_GATT)) {
689 bt_mesh_pb_gatt.link_accept(bt_mesh_prov_bearer_cb_get(), NULL);
690 }
691
692 if (IS_ENABLED(CONFIG_BT_MESH_PB_ADV) && !is_pb_adv() &&
693 (active_bearers & BT_MESH_PROV_ADV)) {
694 bt_mesh_pb_adv.link_accept(bt_mesh_prov_bearer_cb_get(), NULL);
695 }
696 }
697
prov_link_opened(void)698 static void prov_link_opened(void)
699 {
700 bt_mesh_prov_link.expect = PROV_INVITE;
701 if (IS_ENABLED(CONFIG_BT_MESH_RPR_SRV) && bt_mesh_is_provisioned()) {
702 atomic_set_bit(bt_mesh_prov_link.flags, REPROVISION);
703 }
704
705 /* Stop other provisioning bearers for the duration of the prov link. */
706 if (IS_ENABLED(CONFIG_BT_MESH_PB_GATT) && is_pb_adv() &&
707 (active_bearers & BT_MESH_PROV_GATT)) {
708 bt_mesh_pb_gatt.link_cancel();
709 }
710
711 if (IS_ENABLED(CONFIG_BT_MESH_PB_ADV) && is_pb_gatt() &&
712 (active_bearers & BT_MESH_PROV_ADV)) {
713 bt_mesh_pb_adv.link_cancel();
714 }
715
716 if (IS_ENABLED(CONFIG_BT_MESH_RPR_SRV) && !is_pb_remote() &&
717 (active_bearers & BT_MESH_PROV_REMOTE)) {
718 pb_remote_srv.link_cancel();
719 }
720 }
721
722 static const struct bt_mesh_prov_role role_device = {
723 .input_complete = local_input_complete,
724 .link_opened = prov_link_opened,
725 .link_closed = prov_link_closed,
726 .error = prov_fail,
727 .op = {
728 [PROV_INVITE] = prov_invite,
729 [PROV_START] = prov_start,
730 [PROV_PUB_KEY] = prov_pub_key,
731 [PROV_CONFIRM] = prov_confirm,
732 [PROV_RANDOM] = prov_random,
733 [PROV_DATA] = prov_data,
734 },
735 };
736
bt_mesh_prov_enable(bt_mesh_prov_bearer_t bearers)737 int bt_mesh_prov_enable(bt_mesh_prov_bearer_t bearers)
738 {
739 if (IS_ENABLED(CONFIG_BT_MESH_RPR_SRV) &&
740 (bearers & BT_MESH_PROV_REMOTE)) {
741 pb_remote_srv.link_accept(bt_mesh_prov_bearer_cb_get(), NULL);
742
743 /* Only PB-Remote supports reprovisioning */
744 if (bt_mesh_is_provisioned()) {
745 goto role_init;
746 }
747 } else if (bt_mesh_is_provisioned()) {
748 return -EALREADY;
749 }
750
751 #if defined(CONFIG_BT_MESH_PROVISIONEE_LOG_LEVEL)
752 if (CONFIG_BT_MESH_PROVISIONEE_LOG_LEVEL > 2) {
753 struct bt_uuid_128 uuid = { .uuid = { BT_UUID_TYPE_128 } };
754
755 sys_memcpy_swap(uuid.val, bt_mesh_prov->uuid, 16);
756 LOG_INF("Device UUID: %s", bt_uuid_str(&uuid.uuid));
757 }
758 #endif
759
760 if (IS_ENABLED(CONFIG_BT_MESH_PB_ADV) &&
761 (bearers & BT_MESH_PROV_ADV)) {
762 bt_mesh_pb_adv.link_accept(bt_mesh_prov_bearer_cb_get(), NULL);
763 }
764
765 if (IS_ENABLED(CONFIG_BT_MESH_PB_GATT) &&
766 (bearers & BT_MESH_PROV_GATT)) {
767 bt_mesh_pb_gatt.link_accept(bt_mesh_prov_bearer_cb_get(), NULL);
768 }
769
770 role_init:
771 bt_mesh_prov_link.role = &role_device;
772 active_bearers |= bearers;
773
774 return 0;
775 }
776
bt_mesh_prov_disable(bt_mesh_prov_bearer_t bearers)777 int bt_mesh_prov_disable(bt_mesh_prov_bearer_t bearers)
778 {
779 if (bt_mesh_is_provisioned()) {
780 return -EALREADY;
781 }
782
783 if (bt_mesh_prov_active()) {
784 return -EBUSY;
785 }
786
787 if (IS_ENABLED(CONFIG_BT_MESH_PB_ADV) &&
788 (bearers & BT_MESH_PROV_ADV)) {
789 bt_mesh_pb_adv.link_cancel();
790 }
791
792 if (IS_ENABLED(CONFIG_BT_MESH_PB_GATT) &&
793 (bearers & BT_MESH_PROV_GATT)) {
794 bt_mesh_pb_gatt.link_cancel();
795 }
796
797 if (IS_ENABLED(CONFIG_BT_MESH_RPR_SRV) &&
798 (bearers & BT_MESH_PROV_REMOTE)) {
799 pb_remote_srv.link_cancel();
800 }
801
802 active_bearers &= ~bearers;
803
804 return 0;
805 }
806