1 /* Bluetooth Mesh */
2
3 /*
4 * SPDX-FileCopyrightText: 2017 Intel Corporation
5 * SPDX-FileContributor: 2018-2021 Espressif Systems (Shanghai) CO LTD
6 *
7 * SPDX-License-Identifier: Apache-2.0
8 */
9 #include <errno.h>
10 #include <string.h>
11
12 #include "crypto.h"
13 #include "adv.h"
14 #include "mesh.h"
15 #include "access.h"
16 #include "foundation.h"
17 #include "mesh_common.h"
18 #include "mesh_proxy.h"
19 #include "proxy_server.h"
20 #include "prov.h"
21
22 #if CONFIG_BLE_MESH_NODE
23
24 /* 3 transmissions, 20ms interval */
25 #define PROV_XMIT BLE_MESH_TRANSMIT(2, 20)
26
27 #define AUTH_METHOD_NO_OOB 0x00
28 #define AUTH_METHOD_STATIC 0x01
29 #define AUTH_METHOD_OUTPUT 0x02
30 #define AUTH_METHOD_INPUT 0x03
31
32 #define OUTPUT_OOB_BLINK 0x00
33 #define OUTPUT_OOB_BEEP 0x01
34 #define OUTPUT_OOB_VIBRATE 0x02
35 #define OUTPUT_OOB_NUMBER 0x03
36 #define OUTPUT_OOB_STRING 0x04
37
38 #define INPUT_OOB_PUSH 0x00
39 #define INPUT_OOB_TWIST 0x01
40 #define INPUT_OOB_NUMBER 0x02
41 #define INPUT_OOB_STRING 0x03
42
43 #define PUB_KEY_NO_OOB 0x00
44 #define PUB_KEY_OOB 0x01
45
46 #define PROV_ERR_NONE 0x00
47 #define PROV_ERR_NVAL_PDU 0x01
48 #define PROV_ERR_NVAL_FMT 0x02
49 #define PROV_ERR_UNEXP_PDU 0x03
50 #define PROV_ERR_CFM_FAILED 0x04
51 #define PROV_ERR_RESOURCES 0x05
52 #define PROV_ERR_DECRYPT 0x06
53 #define PROV_ERR_UNEXP_ERR 0x07
54 #define PROV_ERR_ADDR 0x08
55
56 #define PROV_INVITE 0x00
57 #define PROV_CAPABILITIES 0x01
58 #define PROV_START 0x02
59 #define PROV_PUB_KEY 0x03
60 #define PROV_INPUT_COMPLETE 0x04
61 #define PROV_CONFIRM 0x05
62 #define PROV_RANDOM 0x06
63 #define PROV_DATA 0x07
64 #define PROV_COMPLETE 0x08
65 #define PROV_FAILED 0x09
66
67 #define PROV_ALG_P256 0x00
68
69 #define GPCF(gpc) (gpc & 0x03)
70 #define GPC_START(last_seg) (((last_seg) << 2) | 0x00)
71 #define GPC_ACK 0x01
72 #define GPC_CONT(seg_id) (((seg_id) << 2) | 0x02)
73 #define GPC_CTL(op) (((op) << 2) | 0x03)
74
75 #define START_PAYLOAD_MAX 20
76 #define CONT_PAYLOAD_MAX 23
77 #define START_LAST_SEG_MAX 2
78
79 #define START_LAST_SEG(gpc) (gpc >> 2)
80 #define CONT_SEG_INDEX(gpc) (gpc >> 2)
81
82 #define BEARER_CTL(gpc) (gpc >> 2)
83 #define LINK_OPEN 0x00
84 #define LINK_ACK 0x01
85 #define LINK_CLOSE 0x02
86
87 #define CLOSE_REASON_SUCCESS 0x00
88 #define CLOSE_REASON_TIMEOUT 0x01
89 #define CLOSE_REASON_FAILED 0x02
90
91 #define XACT_SEG_DATA(_seg) (&link.rx.buf->data[20 + ((_seg - 1) * 23)])
92 #define XACT_SEG_RECV(_seg) (link.rx.seg &= ~(1 << (_seg)))
93
94 #define XACT_NVAL 0xff
95
96 enum {
97 REMOTE_PUB_KEY, /* Remote key has been received */
98 OOB_PUB_KEY, /* OOB public key is available */
99 LINK_ACTIVE, /* Link has been opened */
100 HAVE_DHKEY, /* DHKey has been calculated */
101 SEND_CONFIRM, /* Waiting to send Confirm value */
102 WAIT_NUMBER, /* Waiting for number input from user */
103 WAIT_STRING, /* Waiting for string input from user */
104 LINK_INVALID, /* Error occurred during provisioning */
105
106 NUM_FLAGS,
107 };
108
109 struct prov_link {
110 BLE_MESH_ATOMIC_DEFINE(flags, NUM_FLAGS);
111 #if defined(CONFIG_BLE_MESH_PB_GATT)
112 struct bt_mesh_conn *conn; /* GATT connection */
113 #endif
114 uint8_t dhkey[32]; /* Calculated DHKey */
115 uint8_t expect; /* Next expected PDU */
116
117 bool oob_pk_flag; /* Flag indicates whether using OOB public key */
118
119 uint8_t oob_method;
120 uint8_t oob_action;
121 uint8_t oob_size;
122
123 uint8_t conf[16]; /* Remote Confirmation */
124 uint8_t rand[16]; /* Local Random */
125 uint8_t auth[16]; /* Authentication Value */
126
127 uint8_t conf_salt[16]; /* ConfirmationSalt */
128 uint8_t conf_key[16]; /* ConfirmationKey */
129 uint8_t conf_inputs[145]; /* ConfirmationInputs */
130 uint8_t prov_salt[16]; /* Provisioning Salt */
131
132 #if defined(CONFIG_BLE_MESH_PB_ADV)
133 uint32_t id; /* Link ID */
134 uint8_t tx_pdu_type; /* The previously transmitted Provisioning PDU type */
135
136 struct {
137 uint8_t id; /* Transaction ID */
138 uint8_t prev_id; /* Previous Transaction ID */
139 uint8_t seg; /* Bit-field of unreceived segments */
140 uint8_t last_seg; /* Last segment (to check length) */
141 uint8_t fcs; /* Expected FCS value */
142 struct net_buf_simple *buf;
143 } rx;
144
145 struct {
146 /* Start timestamp of the transaction */
147 int64_t start;
148
149 /* Transaction id*/
150 uint8_t id;
151
152 /* Pending outgoing buffer(s) */
153 struct net_buf *buf[3];
154
155 /* Retransmit timer */
156 struct k_delayed_work retransmit;
157 } tx;
158 #endif
159
160 struct k_delayed_work prot_timer;
161 };
162
163 struct prov_rx {
164 uint32_t link_id;
165 uint8_t xact_id;
166 uint8_t gpc;
167 };
168
169 #define BUF_TIMEOUT K_MSEC(400)
170
171 #if defined(CONFIG_BLE_MESH_FAST_PROV)
172 #define RETRANSMIT_TIMEOUT K_MSEC(360)
173 #define TRANSACTION_TIMEOUT K_SECONDS(3)
174 #define PROTOCOL_TIMEOUT K_SECONDS(6)
175 #else
176 #define RETRANSMIT_TIMEOUT K_MSEC(500)
177 #define TRANSACTION_TIMEOUT K_SECONDS(30)
178 #define PROTOCOL_TIMEOUT K_SECONDS(60)
179 #endif /* CONFIG_BLE_MESH_FAST_PROV */
180
181 #if defined(CONFIG_BLE_MESH_PB_GATT)
182 #define PROV_BUF_HEADROOM 5
183 #else
184 #define PROV_BUF_HEADROOM 0
185 NET_BUF_SIMPLE_DEFINE_STATIC(rx_buf, 65);
186 #endif
187
188 #define PROV_BUF(name, len) \
189 NET_BUF_SIMPLE_DEFINE(name, PROV_BUF_HEADROOM + len)
190
191 static struct prov_link link;
192
193 static const struct bt_mesh_prov *prov;
194
195 #if defined(CONFIG_BLE_MESH_PB_ADV)
196 static bt_mesh_mutex_t pb_buf_lock;
197
bt_mesh_pb_buf_mutex_new(void)198 static inline void bt_mesh_pb_buf_mutex_new(void)
199 {
200 if (!pb_buf_lock.mutex) {
201 bt_mesh_mutex_create(&pb_buf_lock);
202 }
203 }
204
205 #if CONFIG_BLE_MESH_DEINIT
bt_mesh_pb_buf_mutex_free(void)206 static inline void bt_mesh_pb_buf_mutex_free(void)
207 {
208 bt_mesh_mutex_free(&pb_buf_lock);
209 }
210 #endif /* CONFIG_BLE_MESH_DEINIT */
211
bt_mesh_pb_buf_lock(void)212 static inline void bt_mesh_pb_buf_lock(void)
213 {
214 bt_mesh_mutex_lock(&pb_buf_lock);
215 }
216
bt_mesh_pb_buf_unlock(void)217 static inline void bt_mesh_pb_buf_unlock(void)
218 {
219 bt_mesh_mutex_unlock(&pb_buf_lock);
220 }
221 #endif /* CONFIG_BLE_MESH_PB_ADV */
222
reset_state(void)223 static void reset_state(void)
224 {
225 k_delayed_work_cancel(&link.prot_timer);
226
227 /* Disable Attention Timer if it was set */
228 if (link.conf_inputs[0]) {
229 bt_mesh_attention(NULL, 0);
230 }
231
232 #if defined(CONFIG_BLE_MESH_PB_GATT)
233 if (link.conn) {
234 bt_mesh_conn_unref(link.conn);
235 }
236 #endif
237
238 #if defined(CONFIG_BLE_MESH_PB_ADV)
239 /* Clear everything except the retransmit and protocol timer
240 * delayed work objects.
241 */
242 (void)memset(&link, 0, offsetof(struct prov_link, tx.retransmit));
243 link.rx.prev_id = XACT_NVAL;
244
245 #if defined(CONFIG_BLE_MESH_PB_GATT)
246 link.rx.buf = bt_mesh_proxy_server_get_buf();
247 #else
248 net_buf_simple_reset(&rx_buf);
249 link.rx.buf = &rx_buf;
250 #endif /* PB_GATT */
251
252 #else /* !PB_ADV */
253 /* Clear everything except the protocol timer (k_delayed_work) */
254 (void)memset(&link, 0, offsetof(struct prov_link, prot_timer));
255 #endif /* PB_ADV */
256 }
257
258 #if defined(CONFIG_BLE_MESH_PB_ADV)
buf_sent(int err,void * user_data)259 static void buf_sent(int err, void *user_data)
260 {
261 if (!link.tx.buf[0]) {
262 return;
263 }
264
265 k_delayed_work_submit(&link.tx.retransmit, RETRANSMIT_TIMEOUT);
266 }
267
268 static struct bt_mesh_send_cb buf_sent_cb = {
269 .end = buf_sent,
270 };
271
free_segments(void)272 static void free_segments(void)
273 {
274 int i;
275
276 bt_mesh_pb_buf_lock();
277
278 for (i = 0; i < ARRAY_SIZE(link.tx.buf); i++) {
279 struct net_buf *buf = link.tx.buf[i];
280
281 if (!buf) {
282 break;
283 }
284
285 link.tx.buf[i] = NULL;
286 bt_mesh_adv_buf_ref_debug(__func__, buf, 3U, BLE_MESH_BUF_REF_SMALL);
287 /* Mark as canceled */
288 bt_mesh_atomic_set(&BLE_MESH_ADV_BUSY(buf), 0);
289 net_buf_unref(buf);
290 }
291
292 bt_mesh_pb_buf_unlock();
293 }
294
prov_clear_tx(void)295 static void prov_clear_tx(void)
296 {
297 BT_DBG("%s", __func__);
298
299 k_delayed_work_cancel(&link.tx.retransmit);
300
301 free_segments();
302 }
303
reset_adv_link(void)304 static void reset_adv_link(void)
305 {
306 prov_clear_tx();
307
308 if (prov->link_close) {
309 prov->link_close(BLE_MESH_PROV_ADV);
310 }
311
312 #if defined(CONFIG_BLE_MESH_USE_DUPLICATE_SCAN)
313 /* Remove the link id from exceptional list */
314 bt_mesh_update_exceptional_list(BLE_MESH_EXCEP_LIST_SUB_CODE_REMOVE,
315 BLE_MESH_EXCEP_LIST_TYPE_MESH_LINK_ID, &link.id);
316 #endif
317
318 reset_state();
319 }
320
adv_buf_create(void)321 static struct net_buf *adv_buf_create(void)
322 {
323 struct net_buf *buf = NULL;
324
325 buf = bt_mesh_adv_create(BLE_MESH_ADV_PROV, PROV_XMIT, BUF_TIMEOUT);
326 if (!buf) {
327 BT_ERR("Out of provisioning buffers");
328 return NULL;
329 }
330
331 return buf;
332 }
333
334 static uint8_t pending_ack = XACT_NVAL;
335
ack_complete(uint16_t duration,int err,void * user_data)336 static void ack_complete(uint16_t duration, int err, void *user_data)
337 {
338 BT_DBG("xact %u complete", (uint8_t)pending_ack);
339 pending_ack = XACT_NVAL;
340 }
341
gen_prov_ack_send(uint8_t xact_id)342 static void gen_prov_ack_send(uint8_t xact_id)
343 {
344 static const struct bt_mesh_send_cb cb = {
345 .start = ack_complete,
346 };
347 const struct bt_mesh_send_cb *complete = NULL;
348 struct net_buf *buf = NULL;
349
350 BT_DBG("xact_id %u", xact_id);
351
352 if (pending_ack == xact_id) {
353 BT_DBG("Not sending duplicate ack");
354 return;
355 }
356
357 buf = adv_buf_create();
358 if (!buf) {
359 return;
360 }
361
362 if (pending_ack == XACT_NVAL) {
363 pending_ack = xact_id;
364 complete = &cb;
365 } else {
366 complete = NULL;
367 }
368
369 net_buf_add_be32(buf, link.id);
370 net_buf_add_u8(buf, xact_id);
371 net_buf_add_u8(buf, GPC_ACK);
372
373 bt_mesh_adv_send(buf, complete, NULL);
374 net_buf_unref(buf);
375 }
376
send_reliable(void)377 static void send_reliable(void)
378 {
379 int i;
380
381 link.tx.start = k_uptime_get();
382
383 for (i = 0; i < ARRAY_SIZE(link.tx.buf); i++) {
384 struct net_buf *buf = link.tx.buf[i];
385
386 if (!buf) {
387 break;
388 }
389
390 if (i + 1 < ARRAY_SIZE(link.tx.buf) && link.tx.buf[i + 1]) {
391 bt_mesh_adv_send(buf, NULL, NULL);
392 } else {
393 bt_mesh_adv_send(buf, &buf_sent_cb, NULL);
394 }
395 }
396 }
397
bearer_ctl_send(uint8_t op,void * data,uint8_t data_len)398 static int bearer_ctl_send(uint8_t op, void *data, uint8_t data_len)
399 {
400 struct net_buf *buf = NULL;
401
402 BT_DBG("op 0x%02x data_len %u", op, data_len);
403
404 prov_clear_tx();
405
406 buf = adv_buf_create();
407 if (!buf) {
408 return -ENOBUFS;
409 }
410
411 net_buf_add_be32(buf, link.id);
412 /* Transaction ID, always 0 for Bearer messages */
413 net_buf_add_u8(buf, 0x00);
414 net_buf_add_u8(buf, GPC_CTL(op));
415 net_buf_add_mem(buf, data, data_len);
416
417 link.tx.buf[0] = buf;
418 send_reliable();
419
420 return 0;
421 }
422
last_seg(uint8_t len)423 static uint8_t last_seg(uint8_t len)
424 {
425 if (len <= START_PAYLOAD_MAX) {
426 return 0;
427 }
428
429 len -= START_PAYLOAD_MAX;
430
431 return 1 + (len / CONT_PAYLOAD_MAX);
432 }
433
next_transaction_id(void)434 static inline uint8_t next_transaction_id(void)
435 {
436 if (link.tx.id != 0U && link.tx.id != 0xFF) {
437 return ++link.tx.id;
438 }
439
440 link.tx.id = 0x80;
441 return link.tx.id;
442 }
443
prov_send_adv(struct net_buf_simple * msg)444 static int prov_send_adv(struct net_buf_simple *msg)
445 {
446 struct net_buf *start = NULL, *buf = NULL;
447 uint8_t seg_len = 0U, seg_id = 0U;
448 uint8_t xact_id = 0U;
449 int32_t timeout = PROTOCOL_TIMEOUT;
450
451 BT_DBG("len %u: %s", msg->len, bt_hex(msg->data, msg->len));
452
453 prov_clear_tx();
454
455 start = adv_buf_create();
456 if (!start) {
457 return -ENOBUFS;
458 }
459
460 xact_id = next_transaction_id();
461 net_buf_add_be32(start, link.id);
462 net_buf_add_u8(start, xact_id);
463
464 net_buf_add_u8(start, GPC_START(last_seg(msg->len)));
465 net_buf_add_be16(start, msg->len);
466 net_buf_add_u8(start, bt_mesh_fcs_calc(msg->data, msg->len));
467
468 link.tx.buf[0] = start;
469 /* Changed by Espressif, get message type */
470 link.tx_pdu_type = msg->data[0];
471
472 seg_len = MIN(msg->len, START_PAYLOAD_MAX);
473 BT_DBG("seg 0 len %u: %s", seg_len, bt_hex(msg->data, seg_len));
474 net_buf_add_mem(start, msg->data, seg_len);
475 net_buf_simple_pull(msg, seg_len);
476
477 buf = start;
478 for (seg_id = 1U; msg->len > 0; seg_id++) {
479 if (seg_id >= ARRAY_SIZE(link.tx.buf)) {
480 BT_ERR("Too big message (seg_id %d)", seg_id);
481 free_segments();
482 return -E2BIG;
483 }
484
485 buf = adv_buf_create();
486 if (!buf) {
487 free_segments();
488 return -ENOBUFS;
489 }
490
491 link.tx.buf[seg_id] = buf;
492
493 seg_len = MIN(msg->len, CONT_PAYLOAD_MAX);
494
495 BT_DBG("seg_id %u len %u: %s", seg_id, seg_len,
496 bt_hex(msg->data, seg_len));
497
498 net_buf_add_be32(buf, link.id);
499 net_buf_add_u8(buf, xact_id);
500 net_buf_add_u8(buf, GPC_CONT(seg_id));
501 net_buf_add_mem(buf, msg->data, seg_len);
502 net_buf_simple_pull(msg, seg_len);
503 }
504
505 send_reliable();
506
507 /* Changed by Espressif, add provisioning timeout timer operations.
508 * When sending a provisioning PDU successfully, restart the 60s timer.
509 */
510 #if defined(CONFIG_BLE_MESH_FAST_PROV)
511 if (link.tx_pdu_type >= PROV_COMPLETE) {
512 timeout = K_SECONDS(60);
513 }
514 #endif
515 k_delayed_work_submit(&link.prot_timer, timeout);
516
517 return 0;
518 }
519
520 #endif /* CONFIG_BLE_MESH_PB_ADV */
521
522 #if defined(CONFIG_BLE_MESH_PB_GATT)
prov_send_gatt(struct net_buf_simple * msg)523 static int prov_send_gatt(struct net_buf_simple *msg)
524 {
525 int err = 0;
526
527 if (!link.conn) {
528 return -ENOTCONN;
529 }
530
531 /* Changed by Espressif, add provisioning timeout timer operations.
532 * When sending a provisioning PDU successfully, restart the 60s timer.
533 */
534 err = bt_mesh_proxy_server_send(link.conn, BLE_MESH_PROXY_PROV, msg);
535 if (err) {
536 BT_ERR("Failed to send provisioning PDU");
537 return err;
538 }
539
540 k_delayed_work_submit(&link.prot_timer, PROTOCOL_TIMEOUT);
541
542 return 0;
543 }
544 #endif /* CONFIG_BLE_MESH_PB_GATT */
545
prov_send(struct net_buf_simple * buf)546 static inline int prov_send(struct net_buf_simple *buf)
547 {
548 #if defined(CONFIG_BLE_MESH_PB_GATT)
549 if (link.conn) {
550 return prov_send_gatt(buf);
551 }
552 #endif
553 #if defined(CONFIG_BLE_MESH_PB_ADV)
554 return prov_send_adv(buf);
555 #else
556 return 0;
557 #endif
558 }
559
prov_buf_init(struct net_buf_simple * buf,uint8_t type)560 static void prov_buf_init(struct net_buf_simple *buf, uint8_t type)
561 {
562 net_buf_simple_reserve(buf, PROV_BUF_HEADROOM);
563 net_buf_simple_add_u8(buf, type);
564 }
565
prov_send_fail_msg(uint8_t err)566 static void prov_send_fail_msg(uint8_t err)
567 {
568 PROV_BUF(buf, 2);
569
570 prov_buf_init(&buf, PROV_FAILED);
571 net_buf_simple_add_u8(&buf, err);
572
573 if (prov_send(&buf)) {
574 BT_ERR("Failed to send Provisioning Failed message");
575 }
576
577 bt_mesh_atomic_set_bit(link.flags, LINK_INVALID);
578 }
579
prov_invite(const uint8_t * data)580 static void prov_invite(const uint8_t *data)
581 {
582 PROV_BUF(buf, 12);
583
584 BT_DBG("Attention Duration: %u seconds", data[0]);
585
586 if (data[0]) {
587 bt_mesh_attention(NULL, data[0]);
588 }
589
590 link.conf_inputs[0] = data[0];
591
592 prov_buf_init(&buf, PROV_CAPABILITIES);
593
594 /* Number of Elements supported */
595 net_buf_simple_add_u8(&buf, bt_mesh_elem_count());
596
597 /* Supported algorithms - FIPS P-256 Eliptic Curve */
598 net_buf_simple_add_be16(&buf, BIT(PROV_ALG_P256));
599
600 /* Public Key Type */
601 net_buf_simple_add_u8(&buf, prov->oob_pub_key);
602
603 /* Static OOB Type */
604 net_buf_simple_add_u8(&buf, prov->static_val ? BIT(0) : 0x00);
605
606 /* Output OOB Size */
607 net_buf_simple_add_u8(&buf, prov->output_size);
608
609 /* Output OOB Action */
610 net_buf_simple_add_be16(&buf, prov->output_actions);
611
612 /* Input OOB Size */
613 net_buf_simple_add_u8(&buf, prov->input_size);
614
615 /* Input OOB Action */
616 net_buf_simple_add_be16(&buf, prov->input_actions);
617
618 memcpy(&link.conf_inputs[1], &buf.data[1], 11);
619
620 if (prov_send(&buf)) {
621 BT_ERR("Failed to send capabilities");
622 return;
623 }
624
625 link.expect = PROV_START;
626 }
627
prov_capabilities(const uint8_t * data)628 static void prov_capabilities(const uint8_t *data)
629 {
630 uint16_t algorithms = 0U, output_action = 0U, input_action = 0U;
631
632 BT_DBG("Elements: %u", data[0]);
633
634 algorithms = sys_get_be16(&data[1]);
635 BT_DBG("Algorithms: %u", algorithms);
636
637 BT_DBG("Public Key Type: 0x%02x", data[3]);
638 BT_DBG("Static OOB Type: 0x%02x", data[4]);
639 BT_DBG("Output OOB Size: %u", data[5]);
640
641 output_action = sys_get_be16(&data[6]);
642 BT_DBG("Output OOB Action: 0x%04x", output_action);
643
644 BT_DBG("Input OOB Size: %u", data[8]);
645
646 input_action = sys_get_be16(&data[9]);
647 BT_DBG("Input OOB Action: 0x%04x", input_action);
648
649 ((void) algorithms);
650 ((void) output_action);
651 ((void) input_action);
652 }
653
output_action(uint8_t action)654 static bt_mesh_output_action_t output_action(uint8_t action)
655 {
656 switch (action) {
657 case OUTPUT_OOB_BLINK:
658 return BLE_MESH_BLINK;
659 case OUTPUT_OOB_BEEP:
660 return BLE_MESH_BEEP;
661 case OUTPUT_OOB_VIBRATE:
662 return BLE_MESH_VIBRATE;
663 case OUTPUT_OOB_NUMBER:
664 return BLE_MESH_DISPLAY_NUMBER;
665 case OUTPUT_OOB_STRING:
666 return BLE_MESH_DISPLAY_STRING;
667 default:
668 return BLE_MESH_NO_OUTPUT;
669 }
670 }
671
input_action(uint8_t action)672 static bt_mesh_input_action_t input_action(uint8_t action)
673 {
674 switch (action) {
675 case INPUT_OOB_PUSH:
676 return BLE_MESH_PUSH;
677 case INPUT_OOB_TWIST:
678 return BLE_MESH_TWIST;
679 case INPUT_OOB_NUMBER:
680 return BLE_MESH_ENTER_NUMBER;
681 case INPUT_OOB_STRING:
682 return BLE_MESH_ENTER_STRING;
683 default:
684 return BLE_MESH_NO_INPUT;
685 }
686 }
687
prov_auth(uint8_t method,uint8_t action,uint8_t size)688 static int prov_auth(uint8_t method, uint8_t action, uint8_t size)
689 {
690 bt_mesh_output_action_t output = 0U;
691 bt_mesh_input_action_t input = 0U;
692
693 switch (method) {
694 case AUTH_METHOD_NO_OOB:
695 if (action || size) {
696 return -EINVAL;
697 }
698
699 (void)memset(link.auth, 0, sizeof(link.auth));
700 return 0;
701 case AUTH_METHOD_STATIC:
702 if (action || size) {
703 return -EINVAL;
704 }
705
706 memcpy(link.auth + 16 - prov->static_val_len,
707 prov->static_val, prov->static_val_len);
708 (void)memset(link.auth, 0,
709 sizeof(link.auth) - prov->static_val_len);
710 return 0;
711
712 case AUTH_METHOD_OUTPUT:
713 output = output_action(action);
714 if (!output) {
715 return -EINVAL;
716 }
717
718 if (!(prov->output_actions & output)) {
719 return -EINVAL;
720 }
721
722 if (size > prov->output_size) {
723 return -EINVAL;
724 }
725
726 if (output == BLE_MESH_DISPLAY_STRING) {
727 unsigned char str[9] = {'\0'};
728 uint8_t i = 0U;
729
730 bt_mesh_rand(str, size);
731
732 /* Normalize to '0' .. '9' & 'A' .. 'Z' */
733 for (i = 0U; i < size; i++) {
734 str[i] %= 36;
735 if (str[i] < 10) {
736 str[i] += '0';
737 } else {
738 str[i] += 'A' - 10;
739 }
740 }
741 str[size] = '\0';
742
743 memcpy(link.auth, str, size);
744 (void)memset(link.auth + size, 0,
745 sizeof(link.auth) - size);
746
747 return prov->output_string((char *)str);
748 } else {
749 uint32_t div[8] = { 10, 100, 1000, 10000, 100000,
750 1000000, 10000000, 100000000
751 };
752 uint32_t num = 0U;
753
754 bt_mesh_rand(&num, sizeof(num));
755
756 if (output == BLE_MESH_BLINK ||
757 output == BLE_MESH_BEEP ||
758 output == BLE_MESH_VIBRATE) {
759 /** NOTE: According to the Bluetooth Mesh Profile Specification
760 * Section 5.4.2.4, blink, beep and vibrate should be a random
761 * integer between 0 and 10^size.
762 */
763 num = (num % (div[size - 1] - 1)) + 1;
764 } else {
765 num %= div[size - 1];
766 }
767
768 sys_put_be32(num, &link.auth[12]);
769 (void)memset(link.auth, 0, 12);
770
771 return prov->output_number(output, num);
772 }
773
774 case AUTH_METHOD_INPUT:
775 input = input_action(action);
776 if (!input) {
777 return -EINVAL;
778 }
779
780 if (!(prov->input_actions & input)) {
781 return -EINVAL;
782 }
783
784 if (size > prov->input_size) {
785 return -EINVAL;
786 }
787
788 if (input == BLE_MESH_ENTER_STRING) {
789 bt_mesh_atomic_set_bit(link.flags, WAIT_STRING);
790 } else {
791 bt_mesh_atomic_set_bit(link.flags, WAIT_NUMBER);
792 }
793
794 return prov->input(input, size);
795
796 default:
797 return -EINVAL;
798 }
799 }
800
prov_start(const uint8_t * data)801 static void prov_start(const uint8_t *data)
802 {
803 BT_INFO("Algorithm: 0x%02x", data[0]);
804 BT_INFO("Public Key: 0x%02x", data[1]);
805 BT_INFO("Auth Method: 0x%02x", data[2]);
806 BT_INFO("Auth Action: 0x%02x", data[3]);
807 BT_INFO("Auth Size: 0x%02x", data[4]);
808
809 if (data[0] != PROV_ALG_P256) {
810 BT_ERR("Unknown algorithm 0x%02x", data[0]);
811 prov_send_fail_msg(PROV_ERR_NVAL_FMT);
812 return;
813 }
814
815 if (data[1] != prov->oob_pub_key) {
816 BT_ERR("Invalid public key type: 0x%02x", data[1]);
817 prov_send_fail_msg(PROV_ERR_NVAL_FMT);
818 return;
819 }
820
821 memcpy(&link.conf_inputs[12], data, 5);
822
823 link.expect = PROV_PUB_KEY;
824
825 /* If Provisioning Start PDU indicates that provisioner chooses
826 * OOB public key, then callback to the application layer to let
827 * users input public & private key pair.
828 */
829 link.oob_pk_flag = data[1] ? true : false;
830 if (link.oob_pk_flag) {
831 prov->oob_pub_key_cb();
832 }
833
834 if (prov_auth(data[2], data[3], data[4]) < 0) {
835 BT_ERR("Invalid authentication method: 0x%02x; "
836 "action: 0x%02x; size: 0x%02x",
837 data[2], data[3], data[4]);
838 prov_send_fail_msg(PROV_ERR_NVAL_FMT);
839 }
840 }
841
send_confirm(void)842 static void send_confirm(void)
843 {
844 uint8_t *local_conf = NULL;
845 PROV_BUF(cfm, 17);
846
847 BT_DBG("ConfInputs[0] %s", bt_hex(link.conf_inputs, 64));
848 BT_DBG("ConfInputs[64] %s", bt_hex(&link.conf_inputs[64], 64));
849 BT_DBG("ConfInputs[128] %s", bt_hex(&link.conf_inputs[128], 17));
850
851 if (bt_mesh_prov_conf_salt(link.conf_inputs, link.conf_salt)) {
852 BT_ERR("Unable to generate confirmation salt");
853 prov_send_fail_msg(PROV_ERR_UNEXP_ERR);
854 return;
855 }
856
857 BT_DBG("ConfirmationSalt: %s", bt_hex(link.conf_salt, 16));
858
859 if (bt_mesh_prov_conf_key(link.dhkey, link.conf_salt, link.conf_key)) {
860 BT_ERR("Unable to generate confirmation key");
861 prov_send_fail_msg(PROV_ERR_UNEXP_ERR);
862 return;
863 }
864
865 BT_DBG("ConfirmationKey: %s", bt_hex(link.conf_key, 16));
866
867 if (bt_mesh_rand(link.rand, 16)) {
868 BT_ERR("Unable to generate random number");
869 prov_send_fail_msg(PROV_ERR_UNEXP_ERR);
870 return;
871 }
872
873 BT_DBG("LocalRandom: %s", bt_hex(link.rand, 16));
874
875 prov_buf_init(&cfm, PROV_CONFIRM);
876
877 local_conf = net_buf_simple_add(&cfm, 16);
878
879 if (bt_mesh_prov_conf(link.conf_key, link.rand, link.auth,
880 local_conf)) {
881 BT_ERR("Unable to generate confirmation value");
882 prov_send_fail_msg(PROV_ERR_UNEXP_ERR);
883 return;
884 }
885
886 if (!memcmp(link.conf, local_conf, 16)) {
887 BT_ERR("Confirmation value is identical to ours, rejecting.");
888 prov_send_fail_msg(PROV_ERR_NVAL_FMT);
889 return;
890 }
891
892 if (prov_send(&cfm)) {
893 BT_ERR("Unable to send Provisioning Confirm");
894 return;
895 }
896
897 link.expect = PROV_RANDOM;
898 }
899
send_input_complete(void)900 static void send_input_complete(void)
901 {
902 PROV_BUF(buf, 1);
903
904 prov_buf_init(&buf, PROV_INPUT_COMPLETE);
905 if (prov_send(&buf)) {
906 BT_ERR("Failed to send Provisioning Input Complete");
907 }
908 }
909
bt_mesh_input_number(uint32_t num)910 int bt_mesh_input_number(uint32_t num)
911 {
912 BT_INFO("%u", num);
913
914 if (!bt_mesh_atomic_test_and_clear_bit(link.flags, WAIT_NUMBER)) {
915 return -EINVAL;
916 }
917
918 sys_put_be32(num, &link.auth[12]);
919
920 send_input_complete();
921
922 if (!bt_mesh_atomic_test_bit(link.flags, HAVE_DHKEY)) {
923 return 0;
924 }
925
926 if (bt_mesh_atomic_test_and_clear_bit(link.flags, SEND_CONFIRM)) {
927 send_confirm();
928 }
929
930 return 0;
931 }
932
bt_mesh_input_string(const char * str)933 int bt_mesh_input_string(const char *str)
934 {
935 BT_INFO("%s", str);
936
937 if (!bt_mesh_atomic_test_and_clear_bit(link.flags, WAIT_STRING)) {
938 return -EINVAL;
939 }
940
941 (void)memcpy(link.auth, str, prov->input_size);
942
943 send_input_complete();
944
945 if (!bt_mesh_atomic_test_bit(link.flags, HAVE_DHKEY)) {
946 return 0;
947 }
948
949 if (bt_mesh_atomic_test_and_clear_bit(link.flags, SEND_CONFIRM)) {
950 send_confirm();
951 }
952
953 return 0;
954 }
955
prov_dh_key_cb(const uint8_t key[32],const uint8_t idx)956 static void prov_dh_key_cb(const uint8_t key[32], const uint8_t idx)
957 {
958 BT_DBG("%p", key);
959
960 if (!key) {
961 BT_ERR("DHKey generation failed");
962 prov_send_fail_msg(PROV_ERR_UNEXP_ERR);
963 return;
964 }
965
966 sys_memcpy_swap(link.dhkey, key, 32);
967
968 BT_DBG("DHkey: %s", bt_hex(link.dhkey, 32));
969
970 bt_mesh_atomic_set_bit(link.flags, HAVE_DHKEY);
971
972 if (bt_mesh_atomic_test_bit(link.flags, WAIT_NUMBER) ||
973 bt_mesh_atomic_test_bit(link.flags, WAIT_STRING)) {
974 return;
975 }
976
977 if (bt_mesh_atomic_test_and_clear_bit(link.flags, SEND_CONFIRM)) {
978 send_confirm();
979 }
980 }
981
send_pub_key(void)982 static void send_pub_key(void)
983 {
984 PROV_BUF(buf, 65);
985 const uint8_t *key = NULL;
986
987 /* Copy remote key in little-endian for bt_mesh_dh_key_gen().
988 * X and Y halves are swapped independently. Use response
989 * buffer as a temporary storage location. The validating of
990 * the remote public key is finished when it is received.
991 */
992 sys_memcpy_swap(buf.data, &link.conf_inputs[17], 32);
993 sys_memcpy_swap(&buf.data[32], &link.conf_inputs[49], 32);
994
995 if (bt_mesh_dh_key_gen(buf.data, prov_dh_key_cb, 0)) {
996 BT_ERR("Unable to generate DHKey");
997 prov_send_fail_msg(PROV_ERR_UNEXP_ERR);
998 return;
999 }
1000
1001 key = bt_mesh_pub_key_get();
1002 if (!key) {
1003 BT_ERR("No public key available");
1004 prov_send_fail_msg(PROV_ERR_UNEXP_ERR);
1005 return;
1006 }
1007
1008 BT_DBG("Local Public Key: %s", bt_hex(key, 64));
1009
1010 prov_buf_init(&buf, PROV_PUB_KEY);
1011
1012 /* Swap X and Y halves independently to big-endian */
1013 sys_memcpy_swap(net_buf_simple_add(&buf, 32), key, 32);
1014 sys_memcpy_swap(net_buf_simple_add(&buf, 32), &key[32], 32);
1015
1016 memcpy(&link.conf_inputs[81], &buf.data[1], 64);
1017
1018 if (prov_send(&buf)) {
1019 BT_ERR("Failed to send Public Key");
1020 return;
1021 }
1022
1023 link.expect = PROV_CONFIRM;
1024 }
1025
bt_mesh_calc_dh_key(void)1026 static int bt_mesh_calc_dh_key(void)
1027 {
1028 NET_BUF_SIMPLE_DEFINE(buf, 64);
1029
1030 /* Copy remote key in little-endian for bt_mesh_dh_key_gen().
1031 * X and Y halves are swapped independently.
1032 */
1033 net_buf_simple_reset(&buf);
1034 sys_memcpy_swap(buf.data, &link.conf_inputs[17], 32);
1035 sys_memcpy_swap(&buf.data[32], &link.conf_inputs[49], 32);
1036
1037 if (bt_mesh_dh_key_gen(buf.data, prov_dh_key_cb, 0)) {
1038 BT_ERR("Unable to generate DHKey");
1039 prov_send_fail_msg(PROV_ERR_UNEXP_ERR);
1040 return -EIO;
1041 }
1042
1043 return 0;
1044 }
1045
bt_mesh_set_oob_pub_key(const uint8_t pub_key_x[32],const uint8_t pub_key_y[32],const uint8_t pri_key[32])1046 int bt_mesh_set_oob_pub_key(const uint8_t pub_key_x[32], const uint8_t pub_key_y[32],
1047 const uint8_t pri_key[32])
1048 {
1049 if (!pub_key_x || !pub_key_y || !pri_key) {
1050 BT_ERR("%s, Invalid parameter", __func__);
1051 return -EINVAL;
1052 }
1053
1054 /* Copy OOB public key in big-endian to Provisioning ConfirmationInputs,
1055 * X and Y halves are swapped independently.
1056 * And set input private key to mesh_bearer_adapt.c
1057 */
1058 sys_memcpy_swap(&link.conf_inputs[81], pub_key_x, 32);
1059 sys_memcpy_swap(&link.conf_inputs[81] + 32, pub_key_y, 32);
1060 bt_mesh_set_private_key(pri_key);
1061
1062 bt_mesh_atomic_set_bit(link.flags, OOB_PUB_KEY);
1063
1064 /* If remote public key is not got, just return */
1065 if (!bt_mesh_atomic_test_bit(link.flags, REMOTE_PUB_KEY)) {
1066 return 0;
1067 }
1068
1069 return bt_mesh_calc_dh_key();
1070 }
1071
prov_pub_key(const uint8_t * data)1072 static void prov_pub_key(const uint8_t *data)
1073 {
1074 BT_DBG("Remote Public Key: %s", bt_hex(data, 64));
1075
1076 /* BLE Mesh BQB test case MESH/NODE/PROV/UPD/BI-13-C needs to
1077 * check the public key using the following rules:
1078 * (1) X > 0, Y > 0
1079 * (2) X > 0, Y = 0
1080 * (3) X = 0, Y = 0
1081 */
1082 if (!bt_mesh_check_public_key(data)) {
1083 BT_ERR("Invalid public key");
1084 prov_send_fail_msg(PROV_ERR_UNEXP_PDU);
1085 return;
1086 }
1087
1088 memcpy(&link.conf_inputs[17], data, 64);
1089 bt_mesh_atomic_set_bit(link.flags, REMOTE_PUB_KEY);
1090
1091 if (!bt_mesh_pub_key_get()) {
1092 /* Clear retransmit timer */
1093 #if defined(CONFIG_BLE_MESH_PB_ADV)
1094 prov_clear_tx();
1095 #endif
1096 BT_WARN("Waiting for a local public key");
1097 return;
1098 }
1099
1100 if (!link.oob_pk_flag) {
1101 send_pub_key();
1102 } else {
1103 link.expect = PROV_CONFIRM;
1104 }
1105 }
1106
prov_input_complete(const uint8_t * data)1107 static void prov_input_complete(const uint8_t *data)
1108 {
1109 BT_DBG("%s", __func__);
1110 }
1111
prov_confirm(const uint8_t * data)1112 static void prov_confirm(const uint8_t *data)
1113 {
1114 BT_DBG("Remote Confirm: %s", bt_hex(data, 16));
1115
1116 memcpy(link.conf, data, 16);
1117
1118 if (!bt_mesh_atomic_test_bit(link.flags, HAVE_DHKEY)) {
1119 #if defined(CONFIG_BLE_MESH_PB_ADV)
1120 prov_clear_tx();
1121 #endif
1122 bt_mesh_atomic_set_bit(link.flags, SEND_CONFIRM);
1123 /* If using OOB public key and it has already got, calculates dhkey */
1124 if (link.oob_pk_flag && bt_mesh_atomic_test_bit(link.flags, OOB_PUB_KEY)) {
1125 bt_mesh_calc_dh_key();
1126 }
1127 } else {
1128 send_confirm();
1129 }
1130 }
1131
prov_random(const uint8_t * data)1132 static void prov_random(const uint8_t *data)
1133 {
1134 PROV_BUF(rnd, 17);
1135 uint8_t conf_verify[16] = {0};
1136
1137 BT_DBG("Remote Random: %s", bt_hex(data, 16));
1138
1139 if (bt_mesh_prov_conf(link.conf_key, data, link.auth, conf_verify)) {
1140 BT_ERR("Unable to calculate confirmation verification");
1141 prov_send_fail_msg(PROV_ERR_UNEXP_ERR);
1142 return;
1143 }
1144
1145 if (memcmp(conf_verify, link.conf, 16)) {
1146 BT_ERR("Invalid confirmation value");
1147 BT_DBG("Received: %s", bt_hex(link.conf, 16));
1148 BT_DBG("Calculated: %s", bt_hex(conf_verify, 16));
1149 prov_send_fail_msg(PROV_ERR_CFM_FAILED);
1150 return;
1151 }
1152
1153 prov_buf_init(&rnd, PROV_RANDOM);
1154 net_buf_simple_add_mem(&rnd, link.rand, 16);
1155
1156 if (prov_send(&rnd)) {
1157 BT_ERR("Failed to send Provisioning Random");
1158 return;
1159 }
1160
1161 if (bt_mesh_prov_salt(link.conf_salt, data, link.rand,
1162 link.prov_salt)) {
1163 BT_ERR("Failed to generate provisioning salt");
1164 prov_send_fail_msg(PROV_ERR_UNEXP_ERR);
1165 return;
1166 }
1167
1168 BT_DBG("ProvisioningSalt: %s", bt_hex(link.prov_salt, 16));
1169
1170 link.expect = PROV_DATA;
1171 }
1172
is_pb_gatt(void)1173 static inline bool is_pb_gatt(void)
1174 {
1175 #if defined(CONFIG_BLE_MESH_PB_GATT)
1176 return !!link.conn;
1177 #else
1178 return false;
1179 #endif
1180 }
1181
prov_data(const uint8_t * data)1182 static void prov_data(const uint8_t *data)
1183 {
1184 PROV_BUF(msg, 1);
1185 uint8_t session_key[16] = {0};
1186 uint8_t nonce[13] = {0};
1187 uint8_t dev_key[16] = {0};
1188 uint8_t pdu[25] = {0};
1189 uint8_t flags = 0U;
1190 uint32_t iv_index = 0U;
1191 uint16_t addr = 0U;
1192 uint16_t net_idx = 0U;
1193 int err = 0;
1194 bool identity_enable = false;
1195
1196 BT_DBG("%s", __func__);
1197
1198 err = bt_mesh_session_key(link.dhkey, link.prov_salt, session_key);
1199 if (err) {
1200 BT_ERR("Unable to generate session key");
1201 prov_send_fail_msg(PROV_ERR_UNEXP_ERR);
1202 return;
1203 }
1204
1205 BT_DBG("SessionKey: %s", bt_hex(session_key, 16));
1206
1207 err = bt_mesh_prov_nonce(link.dhkey, link.prov_salt, nonce);
1208 if (err) {
1209 BT_ERR("Unable to generate session nonce");
1210 prov_send_fail_msg(PROV_ERR_UNEXP_ERR);
1211 return;
1212 }
1213
1214 BT_DBG("Nonce: %s", bt_hex(nonce, 13));
1215
1216 err = bt_mesh_prov_decrypt(session_key, nonce, data, pdu);
1217 if (err) {
1218 BT_ERR("Unable to decrypt provisioning data");
1219 prov_send_fail_msg(PROV_ERR_DECRYPT);
1220 return;
1221 }
1222
1223 err = bt_mesh_dev_key(link.dhkey, link.prov_salt, dev_key);
1224 if (err) {
1225 BT_ERR("Unable to generate device key");
1226 prov_send_fail_msg(PROV_ERR_UNEXP_ERR);
1227 return;
1228 }
1229
1230 BT_DBG("DevKey: %s", bt_hex(dev_key, 16));
1231
1232 net_idx = sys_get_be16(&pdu[16]);
1233 flags = pdu[18];
1234 iv_index = sys_get_be32(&pdu[19]);
1235 addr = sys_get_be16(&pdu[23]);
1236
1237 BT_DBG("net_idx %u iv_index 0x%08x, addr 0x%04x",
1238 net_idx, iv_index, addr);
1239
1240 prov_buf_init(&msg, PROV_COMPLETE);
1241 if (prov_send(&msg)) {
1242 BT_ERR("Failed to send Provisioning Complete");
1243 return;
1244 }
1245
1246 /* Ignore any further PDUs on this link */
1247 link.expect = 0U;
1248
1249 /* Store info, since bt_mesh_provision() will end up clearing it */
1250 if (IS_ENABLED(CONFIG_BLE_MESH_GATT_PROXY_SERVER)) {
1251 identity_enable = is_pb_gatt();
1252 } else {
1253 identity_enable = false;
1254 }
1255
1256 err = bt_mesh_provision(pdu, net_idx, flags, iv_index, addr, dev_key);
1257 if (err) {
1258 BT_ERR("Failed to provision (err %d)", err);
1259 return;
1260 }
1261
1262 /* After PB-GATT provisioning we should start advertising
1263 * using Node Identity.
1264 */
1265 if (IS_ENABLED(CONFIG_BLE_MESH_GATT_PROXY_SERVER) && identity_enable) {
1266 bt_mesh_proxy_identity_enable();
1267 }
1268 }
1269
prov_complete(const uint8_t * data)1270 static void prov_complete(const uint8_t *data)
1271 {
1272 BT_DBG("%s", __func__);
1273 }
1274
prov_failed(const uint8_t * data)1275 static void prov_failed(const uint8_t *data)
1276 {
1277 BT_WARN("Error: 0x%02x", data[0]);
1278 }
1279
1280 static const struct {
1281 void (*func)(const uint8_t *data);
1282 uint16_t len;
1283 } prov_handlers[] = {
1284 { prov_invite, 1 },
1285 { prov_capabilities, 11 },
1286 { prov_start, 5, },
1287 { prov_pub_key, 64 },
1288 { prov_input_complete, 0 },
1289 { prov_confirm, 16 },
1290 { prov_random, 16 },
1291 { prov_data, 33 },
1292 { prov_complete, 0 },
1293 { prov_failed, 1 },
1294 };
1295
1296 #if defined(CONFIG_BLE_MESH_PB_ADV)
prov_retransmit(struct k_work * work)1297 static void prov_retransmit(struct k_work *work)
1298 {
1299 int64_t timeout = TRANSACTION_TIMEOUT;
1300 int i;
1301
1302 BT_DBG("%s", __func__);
1303
1304 if (!bt_mesh_atomic_test_bit(link.flags, LINK_ACTIVE)) {
1305 BT_WARN("Link not active");
1306 return;
1307 }
1308
1309 #if defined(CONFIG_BLE_MESH_FAST_PROV)
1310 /* When Provisioning Failed PDU is sent, 3s may be used here. */
1311 if (link.tx_pdu_type >= PROV_COMPLETE) {
1312 timeout = K_SECONDS(30);
1313 }
1314 #endif
1315 if (k_uptime_get() - link.tx.start > timeout) {
1316 BT_WARN("Node timeout, giving up transaction");
1317 reset_adv_link();
1318 return;
1319 }
1320
1321 bt_mesh_pb_buf_lock();
1322
1323 for (i = 0; i < ARRAY_SIZE(link.tx.buf); i++) {
1324 struct net_buf *buf = link.tx.buf[i];
1325
1326 if (!buf) {
1327 break;
1328 }
1329
1330 if (bt_mesh_atomic_get(&BLE_MESH_ADV_BUSY(buf))) {
1331 continue;
1332 }
1333
1334 BT_DBG("%u bytes: %s", buf->len, bt_hex(buf->data, buf->len));
1335
1336 if (i + 1 < ARRAY_SIZE(link.tx.buf) && link.tx.buf[i + 1]) {
1337 bt_mesh_adv_send(buf, NULL, NULL);
1338 } else {
1339 bt_mesh_adv_send(buf, &buf_sent_cb, NULL);
1340 }
1341
1342 }
1343
1344 bt_mesh_pb_buf_unlock();
1345 }
1346
link_open(struct prov_rx * rx,struct net_buf_simple * buf)1347 static void link_open(struct prov_rx *rx, struct net_buf_simple *buf)
1348 {
1349 BT_DBG("len %u", buf->len);
1350
1351 if (buf->len < 16) {
1352 BT_ERR("Too short bearer open message (len %u)", buf->len);
1353 return;
1354 }
1355
1356 if (bt_mesh_atomic_test_bit(link.flags, LINK_ACTIVE)) {
1357 /* Send another link ack if the provisioner missed the last */
1358 if (link.id == rx->link_id && link.expect == PROV_INVITE) {
1359 BT_DBG("Resending link ack");
1360 bearer_ctl_send(LINK_ACK, NULL, 0);
1361 } else {
1362 BT_INFO("Ignoring bearer open: link already active");
1363 }
1364
1365 return;
1366 }
1367
1368 if (memcmp(buf->data, prov->uuid, 16)) {
1369 BT_DBG("Bearer open message not for us");
1370 return;
1371 }
1372
1373 if (prov->link_open) {
1374 prov->link_open(BLE_MESH_PROV_ADV);
1375 }
1376
1377 link.id = rx->link_id;
1378 bt_mesh_atomic_set_bit(link.flags, LINK_ACTIVE);
1379 net_buf_simple_reset(link.rx.buf);
1380
1381 #if defined(CONFIG_BLE_MESH_USE_DUPLICATE_SCAN)
1382 /* Add the link id into exceptional list */
1383 bt_mesh_update_exceptional_list(BLE_MESH_EXCEP_LIST_SUB_CODE_ADD,
1384 BLE_MESH_EXCEP_LIST_TYPE_MESH_LINK_ID, &link.id);
1385 #endif
1386
1387 bearer_ctl_send(LINK_ACK, NULL, 0);
1388
1389 link.expect = PROV_INVITE;
1390 }
1391
link_ack(struct prov_rx * rx,struct net_buf_simple * buf)1392 static void link_ack(struct prov_rx *rx, struct net_buf_simple *buf)
1393 {
1394 BT_DBG("len %u", buf->len);
1395 }
1396
link_close(struct prov_rx * rx,struct net_buf_simple * buf)1397 static void link_close(struct prov_rx *rx, struct net_buf_simple *buf)
1398 {
1399 BT_DBG("len %u", buf->len);
1400
1401 reset_adv_link();
1402 }
1403
gen_prov_ctl(struct prov_rx * rx,struct net_buf_simple * buf)1404 static void gen_prov_ctl(struct prov_rx *rx, struct net_buf_simple *buf)
1405 {
1406 BT_DBG("op 0x%02x len %u", BEARER_CTL(rx->gpc), buf->len);
1407
1408 switch (BEARER_CTL(rx->gpc)) {
1409 case LINK_OPEN:
1410 link_open(rx, buf);
1411 break;
1412 case LINK_ACK:
1413 if (!bt_mesh_atomic_test_bit(link.flags, LINK_ACTIVE)) {
1414 return;
1415 }
1416
1417 link_ack(rx, buf);
1418 break;
1419 case LINK_CLOSE:
1420 if (!bt_mesh_atomic_test_bit(link.flags, LINK_ACTIVE)) {
1421 return;
1422 }
1423
1424 link_close(rx, buf);
1425 break;
1426 default:
1427 BT_ERR("Unknown bearer opcode: 0x%02x", BEARER_CTL(rx->gpc));
1428 return;
1429 }
1430 }
1431
prov_msg_recv(void)1432 static void prov_msg_recv(void)
1433 {
1434 uint8_t type = link.rx.buf->data[0];
1435
1436 BT_DBG("type 0x%02x len %u", type, link.rx.buf->len);
1437
1438 if (!bt_mesh_fcs_check(link.rx.buf, link.rx.fcs)) {
1439 BT_ERR("Incorrect FCS");
1440 return;
1441 }
1442
1443 gen_prov_ack_send(link.rx.id);
1444 link.rx.prev_id = link.rx.id;
1445 link.rx.id = 0U;
1446
1447 if (bt_mesh_atomic_test_bit(link.flags, LINK_INVALID)) {
1448 BT_WARN("Unexpected msg 0x%02x on invalidated link", type);
1449 prov_send_fail_msg(PROV_ERR_UNEXP_PDU);
1450 return;
1451 }
1452
1453 /* For case MESH/NODE/PROV/BI-15-C, when the node receive a Provisioning PDU
1454 * with the Type field set to the lowest unsupported or RFU value, it sends a
1455 * Provisioning Failed PDU with the Error Code field set to Invalid PDU(0x01).
1456 */
1457 if (type >= ARRAY_SIZE(prov_handlers)) {
1458 BT_ERR("Unknown provisioning PDU type 0x%02x", type);
1459 prov_send_fail_msg(PROV_ERR_NVAL_PDU);
1460 return;
1461 }
1462
1463 if (type != PROV_FAILED && type != link.expect) {
1464 BT_WARN("Unexpected msg 0x%02x != 0x%02x", type, link.expect);
1465 prov_send_fail_msg(PROV_ERR_UNEXP_PDU);
1466 return;
1467 }
1468
1469 if (1 + prov_handlers[type].len != link.rx.buf->len) {
1470 BT_ERR("Invalid length %u for type 0x%02x",
1471 link.rx.buf->len, type);
1472 prov_send_fail_msg(PROV_ERR_NVAL_FMT);
1473 return;
1474 }
1475
1476 /* Changed by Espressif, add provisioning timeout timer operations.
1477 * When received a provisioning PDU, restart the 60s timer.
1478 */
1479 k_delayed_work_submit(&link.prot_timer, PROTOCOL_TIMEOUT);
1480
1481 prov_handlers[type].func(&link.rx.buf->data[1]);
1482 }
1483
gen_prov_cont(struct prov_rx * rx,struct net_buf_simple * buf)1484 static void gen_prov_cont(struct prov_rx *rx, struct net_buf_simple *buf)
1485 {
1486 uint8_t seg = CONT_SEG_INDEX(rx->gpc);
1487
1488 BT_DBG("len %u, seg_index %u", buf->len, seg);
1489
1490 if (!link.rx.seg && link.rx.prev_id == rx->xact_id) {
1491 BT_INFO("Resending ack");
1492 gen_prov_ack_send(rx->xact_id);
1493 return;
1494 }
1495
1496 if (rx->xact_id != link.rx.id) {
1497 BT_WARN("Data for unknown transaction (%u != %u)",
1498 rx->xact_id, link.rx.id);
1499 return;
1500 }
1501
1502 if (seg > link.rx.last_seg) {
1503 BT_ERR("Invalid segment index %u", seg);
1504 prov_send_fail_msg(PROV_ERR_NVAL_FMT);
1505 return;
1506 } else if (seg == link.rx.last_seg) {
1507 uint8_t expect_len = 0U;
1508
1509 expect_len = (link.rx.buf->len - 20U -
1510 ((link.rx.last_seg - 1) * 23U));
1511 if (expect_len != buf->len) {
1512 BT_ERR("Incorrect last seg len: %u != %u",
1513 expect_len, buf->len);
1514 prov_send_fail_msg(PROV_ERR_NVAL_FMT);
1515 return;
1516 }
1517 }
1518
1519 if (!(link.rx.seg & BIT(seg))) {
1520 BT_INFO("Ignoring already received segment");
1521 return;
1522 }
1523
1524 memcpy(XACT_SEG_DATA(seg), buf->data, buf->len);
1525 XACT_SEG_RECV(seg);
1526
1527 if (!link.rx.seg) {
1528 prov_msg_recv();
1529 }
1530 }
1531
gen_prov_ack(struct prov_rx * rx,struct net_buf_simple * buf)1532 static void gen_prov_ack(struct prov_rx *rx, struct net_buf_simple *buf)
1533 {
1534 BT_DBG("len %u", buf->len);
1535
1536 if (!link.tx.buf[0]) {
1537 return;
1538 }
1539
1540 if (rx->xact_id == link.tx.id) {
1541 prov_clear_tx();
1542 }
1543 }
1544
gen_prov_start(struct prov_rx * rx,struct net_buf_simple * buf)1545 static void gen_prov_start(struct prov_rx *rx, struct net_buf_simple *buf)
1546 {
1547 if (link.rx.seg) {
1548 BT_INFO("Got Start while there are unreceived segments");
1549 return;
1550 }
1551
1552 if (link.rx.prev_id == rx->xact_id) {
1553 BT_INFO("Resending ack");
1554 gen_prov_ack_send(rx->xact_id);
1555 return;
1556 }
1557
1558 link.rx.buf->len = net_buf_simple_pull_be16(buf);
1559 link.rx.id = rx->xact_id;
1560 link.rx.fcs = net_buf_simple_pull_u8(buf);
1561
1562 BT_DBG("len %u last_seg %u total_len %u fcs 0x%02x", buf->len,
1563 START_LAST_SEG(rx->gpc), link.rx.buf->len, link.rx.fcs);
1564
1565 if (link.rx.buf->len < 1) {
1566 BT_ERR("Ignoring zero-length provisioning PDU");
1567 prov_send_fail_msg(PROV_ERR_NVAL_FMT);
1568 return;
1569 }
1570
1571 if (START_LAST_SEG(rx->gpc) > START_LAST_SEG_MAX) {
1572 BT_ERR("Invalid SegN 0x%02x", START_LAST_SEG(rx->gpc));
1573 prov_send_fail_msg(PROV_ERR_UNEXP_ERR);
1574 return;
1575 }
1576
1577 if (link.rx.buf->len > link.rx.buf->size) {
1578 BT_ERR("Too large provisioning PDU (%u bytes)",
1579 link.rx.buf->len);
1580 prov_send_fail_msg(PROV_ERR_NVAL_FMT);
1581 return;
1582 }
1583
1584 if (START_LAST_SEG(rx->gpc) > 0 && link.rx.buf->len <= 20U) {
1585 BT_ERR("Too small total length for multi-segment PDU");
1586 prov_send_fail_msg(PROV_ERR_NVAL_FMT);
1587 return;
1588 }
1589
1590 link.rx.seg = (1 << (START_LAST_SEG(rx->gpc) + 1)) - 1;
1591 link.rx.last_seg = START_LAST_SEG(rx->gpc);
1592 memcpy(link.rx.buf->data, buf->data, buf->len);
1593 XACT_SEG_RECV(0);
1594
1595 if (!link.rx.seg) {
1596 prov_msg_recv();
1597 }
1598 }
1599
1600 static const struct {
1601 void (*func)(struct prov_rx *rx, struct net_buf_simple *buf);
1602 bool require_link;
1603 uint8_t min_len;
1604 } gen_prov[] = {
1605 { gen_prov_start, true, 3 },
1606 { gen_prov_ack, true, 0 },
1607 { gen_prov_cont, true, 0 },
1608 { gen_prov_ctl, false, 0 },
1609 };
1610
gen_prov_recv(struct prov_rx * rx,struct net_buf_simple * buf)1611 static void gen_prov_recv(struct prov_rx *rx, struct net_buf_simple *buf)
1612 {
1613 if (buf->len < gen_prov[GPCF(rx->gpc)].min_len) {
1614 BT_ERR("Too short GPC message type %u", GPCF(rx->gpc));
1615 return;
1616 }
1617
1618 if (!bt_mesh_atomic_test_bit(link.flags, LINK_ACTIVE) &&
1619 gen_prov[GPCF(rx->gpc)].require_link) {
1620 BT_DBG("Ignoring message that requires active link");
1621 return;
1622 }
1623
1624 gen_prov[GPCF(rx->gpc)].func(rx, buf);
1625 }
1626
bt_mesh_pb_adv_recv(struct net_buf_simple * buf)1627 void bt_mesh_pb_adv_recv(struct net_buf_simple *buf)
1628 {
1629 struct prov_rx rx = {0};
1630
1631 if (!bt_prov_active() && bt_mesh_is_provisioned()) {
1632 BT_DBG("Ignoring provisioning PDU - already provisioned");
1633 return;
1634 }
1635
1636 if (buf->len < 6) {
1637 BT_WARN("Too short provisioning packet (len %u)", buf->len);
1638 return;
1639 }
1640
1641 rx.link_id = net_buf_simple_pull_be32(buf);
1642 rx.xact_id = net_buf_simple_pull_u8(buf);
1643 rx.gpc = net_buf_simple_pull_u8(buf);
1644
1645 BT_DBG("link_id 0x%08x xact_id %u", rx.link_id, rx.xact_id);
1646
1647 if (bt_mesh_atomic_test_bit(link.flags, LINK_ACTIVE) && link.id != rx.link_id) {
1648 BT_DBG("Ignoring mesh beacon for unknown link");
1649 return;
1650 }
1651
1652 gen_prov_recv(&rx, buf);
1653 }
1654 #endif /* CONFIG_BLE_MESH_PB_ADV */
1655
1656 #if defined(CONFIG_BLE_MESH_PB_GATT)
bt_mesh_pb_gatt_recv(struct bt_mesh_conn * conn,struct net_buf_simple * buf)1657 int bt_mesh_pb_gatt_recv(struct bt_mesh_conn *conn, struct net_buf_simple *buf)
1658 {
1659 uint8_t type = 0U;
1660
1661 BT_DBG("%u bytes: %s", buf->len, bt_hex(buf->data, buf->len));
1662
1663 if (link.conn != conn) {
1664 BT_WARN("Data for unexpected connection");
1665 return -ENOTCONN;
1666 }
1667
1668 if (buf->len < 1) {
1669 BT_WARN("Too short provisioning packet (len %u)", buf->len);
1670 return -EINVAL;
1671 }
1672
1673 /* For case MESH/NODE/PROV/BI-03-C, if the link is closed, when the node receive
1674 * a Provisioning PDU , it will send a Provisioning Failed PDU with the Error Code
1675 * field set to Unexpected PDU(0x03).
1676 */
1677 if (bt_mesh_atomic_test_bit(link.flags, LINK_INVALID)) {
1678 BT_WARN("Unexpected msg 0x%02x on invalid link", type);
1679 prov_send_fail_msg(PROV_ERR_UNEXP_PDU);
1680 return -EINVAL;
1681 }
1682
1683 /* For case MESH/NODE/PROV/BI-15-C, when the node receive a Provisioning PDU
1684 * with the Type field set to the lowest unsupported or RFU value, it sends a
1685 * Provisioning Failed PDU with the Error Code field set to Invalid PDU(0x01).
1686 */
1687 type = net_buf_simple_pull_u8(buf);
1688 if (type >= ARRAY_SIZE(prov_handlers)) {
1689 BT_ERR("Unknown provisioning PDU type 0x%02x", type);
1690 prov_send_fail_msg(PROV_ERR_NVAL_PDU);
1691 return -EINVAL;
1692 }
1693
1694 if (type != PROV_FAILED && type != link.expect) {
1695 BT_WARN("Unexpected msg 0x%02x != 0x%02x", type, link.expect);
1696 prov_send_fail_msg(PROV_ERR_UNEXP_PDU);
1697 return -EINVAL;
1698 }
1699
1700 if (prov_handlers[type].len != buf->len) {
1701 BT_ERR("Invalid length %u for type 0x%02x", buf->len, type);
1702 return -EINVAL;
1703 }
1704
1705 /* Changed by Espressif, add provisioning timeout timer operations.
1706 * When received a provisioning PDU, restart the 60s timer.
1707 */
1708 k_delayed_work_submit(&link.prot_timer, PROTOCOL_TIMEOUT);
1709
1710 prov_handlers[type].func(buf->data);
1711
1712 return 0;
1713 }
1714
bt_mesh_pb_gatt_open(struct bt_mesh_conn * conn)1715 int bt_mesh_pb_gatt_open(struct bt_mesh_conn *conn)
1716 {
1717 BT_DBG("conn %p", conn);
1718
1719 if (bt_mesh_atomic_test_and_set_bit(link.flags, LINK_ACTIVE)) {
1720 return -EBUSY;
1721 }
1722
1723 link.conn = bt_mesh_conn_ref(conn);
1724 link.expect = PROV_INVITE;
1725
1726 if (prov->link_open) {
1727 prov->link_open(BLE_MESH_PROV_GATT);
1728 }
1729
1730 return 0;
1731 }
1732
bt_mesh_pb_gatt_close(struct bt_mesh_conn * conn)1733 int bt_mesh_pb_gatt_close(struct bt_mesh_conn *conn)
1734 {
1735 BT_DBG("conn %p", conn);
1736
1737 if (link.conn != conn) {
1738 BT_ERR("Not connected");
1739 return -ENOTCONN;
1740 }
1741
1742 if (prov->link_close) {
1743 prov->link_close(BLE_MESH_PROV_GATT);
1744 }
1745
1746 reset_state();
1747
1748 return 0;
1749 }
1750 #endif /* CONFIG_BLE_MESH_PB_GATT */
1751
bt_mesh_prov_get(void)1752 const struct bt_mesh_prov *bt_mesh_prov_get(void)
1753 {
1754 return prov;
1755 }
1756
bt_prov_active(void)1757 bool bt_prov_active(void)
1758 {
1759 return bt_mesh_atomic_test_bit(link.flags, LINK_ACTIVE);
1760 }
1761
protocol_timeout(struct k_work * work)1762 static void protocol_timeout(struct k_work *work)
1763 {
1764 BT_WARN("Protocol timeout");
1765
1766 #if defined(CONFIG_BLE_MESH_PB_GATT)
1767 if (link.conn) {
1768 bt_mesh_pb_gatt_close(link.conn);
1769 return;
1770 }
1771 #endif
1772
1773 #if defined(CONFIG_BLE_MESH_PB_ADV)
1774 uint8_t reason = CLOSE_REASON_TIMEOUT;
1775
1776 link.rx.seg = 0U;
1777 bearer_ctl_send(LINK_CLOSE, &reason, sizeof(reason));
1778
1779 reset_state();
1780 #endif
1781 }
1782
bt_mesh_prov_init(const struct bt_mesh_prov * prov_info)1783 int bt_mesh_prov_init(const struct bt_mesh_prov *prov_info)
1784 {
1785 const uint8_t *key = NULL;
1786
1787 if (!prov_info) {
1788 BT_ERR("No provisioning context provided");
1789 return -EINVAL;
1790 }
1791
1792 if (prov_info->static_val_len > BLE_MESH_PROV_STATIC_OOB_MAX_LEN ||
1793 prov_info->output_size > BLE_MESH_PROV_OUTPUT_OOB_MAX_LEN ||
1794 prov_info->input_size > BLE_MESH_PROV_INPUT_OOB_MAX_LEN) {
1795 BT_ERR("Invalid authentication oob length");
1796 return -EINVAL;
1797 }
1798
1799 __ASSERT(prov_info->uuid, "Device UUID not initialized");
1800
1801 /* Changed by Espressif. Use micro-ecc to generate public key now. */
1802 key = bt_mesh_pub_key_get();
1803 if (!key) {
1804 BT_ERR("Failed to generate public key");
1805 return -EIO;
1806 }
1807
1808 k_delayed_work_init(&link.prot_timer, protocol_timeout);
1809
1810 prov = prov_info;
1811
1812 #if defined(CONFIG_BLE_MESH_PB_ADV)
1813 k_delayed_work_init(&link.tx.retransmit, prov_retransmit);
1814 #endif
1815
1816 reset_state();
1817
1818 #if defined(CONFIG_BLE_MESH_PB_ADV)
1819 bt_mesh_pb_buf_mutex_new();
1820 #endif
1821
1822 return 0;
1823 }
1824
1825 #if CONFIG_BLE_MESH_DEINIT
bt_mesh_prov_deinit(void)1826 int bt_mesh_prov_deinit(void)
1827 {
1828 if (prov == NULL) {
1829 BT_ERR("No provisioning context provided");
1830 return -EINVAL;
1831 }
1832
1833 k_delayed_work_free(&link.prot_timer);
1834
1835 #if defined(CONFIG_BLE_MESH_PB_ADV)
1836 prov_clear_tx();
1837 k_delayed_work_free(&link.tx.retransmit);
1838 #if defined(CONFIG_BLE_MESH_USE_DUPLICATE_SCAN)
1839 /* Remove the link id from exceptional list */
1840 bt_mesh_update_exceptional_list(BLE_MESH_EXCEP_LIST_SUB_CODE_REMOVE,
1841 BLE_MESH_EXCEP_LIST_TYPE_MESH_LINK_ID, &link.id);
1842 #endif /* CONFIG_BLE_MESH_USE_DUPLICATE_SCAN */
1843 #endif /* CONFIG_BLE_MESH_PB_ADV */
1844
1845 (void)memset(&link, 0, sizeof(link));
1846
1847 #if defined(CONFIG_BLE_MESH_PB_ADV)
1848 bt_mesh_pb_buf_mutex_free();
1849 #endif
1850
1851 prov = NULL;
1852
1853 return 0;
1854 }
1855 #endif /* CONFIG_BLE_MESH_DEINIT */
1856
bt_mesh_prov_complete(uint16_t net_idx,const uint8_t net_key[16],uint16_t addr,uint8_t flags,uint32_t iv_index)1857 void bt_mesh_prov_complete(uint16_t net_idx, const uint8_t net_key[16],
1858 uint16_t addr, uint8_t flags, uint32_t iv_index)
1859 {
1860 if (prov->complete) {
1861 prov->complete(net_idx, net_key, addr, flags, iv_index);
1862 }
1863 }
1864
bt_mesh_prov_reset(void)1865 void bt_mesh_prov_reset(void)
1866 {
1867 if (prov->reset) {
1868 prov->reset();
1869 }
1870 }
1871
1872 #endif /* CONFIG_BLE_MESH_NODE */
1873
