1.. _bluetooth_mesh_provisioning: 2 3Provisioning 4############ 5 6Provisioning is the process of adding devices to a mesh network. It requires 7two devices operating in the following roles: 8 9* The *provisioner* represents the network owner, and is responsible for 10 adding new nodes to the mesh network. 11* The *provisionee* is the device that gets added to the network through the 12 Provisioning process. Before the provisioning process starts, the 13 provisionee is an *unprovisioned device*. 14 15The Provisioning module in the Zephyr Bluetooth Mesh stack supports both the 16Advertising and GATT Provisioning bearers for the provisionee role, as well as 17the Advertising Provisioning bearer for the provisioner role. 18 19The Provisioning process 20************************ 21 22All Bluetooth Mesh nodes must be provisioned before they can participate in a 23Bluetooth Mesh network. The Provisioning API provides all the functionality 24necessary for a device to become a provisioned mesh node. 25Provisioning is a five-step process, involving the following steps: 26 27* Beaconing 28* Invitation 29* Public key exchange 30* Authentication 31* Provisioning data transfer 32 33Beaconing 34========= 35 36To start the provisioning process, the unprovisioned device must first start 37broadcasting the Unprovisioned Beacon. This makes it visible to nearby 38provisioners, which can initiate the provisioning. To indicate that the device 39needs to be provisioned, call :c:func:`bt_mesh_prov_enable`. The device 40starts broadcasting the Unprovisioned Beacon with the device UUID and the 41``OOB information`` field, as specified in the ``prov`` parameter passed to 42:c:func:`bt_mesh_init`. Additionally, a Uniform Resource Identifier (URI) 43may be specified, which can point the provisioner to the location of some Out 44Of Band information, such as the device's public key or an authentication 45value database. The URI is advertised in a separate beacon, with a URI hash 46included in the unprovisioned beacon, to tie the two together. 47 48 49Uniform Resource Identifier 50--------------------------- 51 52The Uniform Resource Identifier shall follow the format specified in the 53Bluetooth Core Specification Supplement. The URI must start with a URI scheme, 54encoded as a single utf-8 data point, or the special ``none`` scheme, encoded 55as ``0x01``. The available schemes are listed on the `Bluetooth website 56<https://www.bluetooth.com/specifications/assigned-numbers/>`_. 57 58Examples of encoded URIs: 59 60.. list-table:: URI encoding examples 61 62 * - URI 63 - Encoded 64 * - ``http://example.com`` 65 - ``\x16//example.com`` 66 * - ``https://www.zephyrproject.org/`` 67 - ``\x17//www.zephyrproject.org/`` 68 * - ``just a string`` 69 - ``\x01just a string`` 70 71Provisioning invitation 72======================= 73 74The provisioner initiates the Provisioning process by sending a Provisioning 75invitation. The invitations prompts the provisionee to call attention to 76itself using the Health Server 77:ref:`bluetooth_mesh_models_health_srv_attention`, if available. 78 79The Unprovisioned device automatically responds to the invite by presenting a 80list of its capabilities, including the supported Out of Band Authentication 81methods and algorithms. 82 83Public key exchange 84=================== 85 86Before the provisioning process can begin, the provisioner and the unprovisioned 87device exchange public keys, either in-band or Out of Band (OOB). 88 89In-band public key exchange is a part of the provisioning process and always 90supported by the unprovisioned device and provisioner. 91 92If the application wants to support public key exchange via OOB, it needs to 93provide public and private keys to the mesh stack. The unprovisioned device 94will reflect this in its capabilities. The provisioner obtains the public key 95via any available OOB mechanism (e.g. the device may advertise a packet 96containing the public key or it can be encoded in a QR code printed on the 97device packaging). Note that even if the unprovisioned device has specified 98the public key for the Out of Band exchange, the provisioner may choose to 99exchange the public key in-band if it can't retrieve the public key via OOB 100mechanism. In this case, a new key pair will be generated by the mesh stack 101for each Provisioning process. 102 103To enable support of OOB public key on the unprovisioned device side, 104:kconfig:option:`CONFIG_BT_MESH_PROV_OOB_PUBLIC_KEY` needs to be enabled. The 105application must provide public and private keys before the Provisioning 106process is started by initializing pointers to 107:c:member:`bt_mesh_prov.public_key_be` 108and :c:member:`bt_mesh_prov.private_key_be`. The keys needs to be 109provided in big-endian bytes order. 110 111To provide the device's public key obtained via OOB, 112call :c:func:`bt_mesh_prov_remote_pub_key_set` on the provisioner side. 113 114Authentication 115============== 116 117After the initial exchange, the provisioner selects an Out of Band (OOB) 118Authentication method. This allows the user to confirm that the device the 119provisioner connected to is actually the device they intended, and not a 120malicious third party. 121 122The Provisioning API supports the following authentication methods for the 123provisionee: 124 125* **Static OOB:** An authentication value is assigned to the device in 126 production, which the provisioner can query in some application specific 127 way. 128* **Input OOB:** The user inputs the authentication value. The available input 129 actions are listed in :c:enum:`bt_mesh_input_action_t`. 130* **Output OOB:** Show the user the authentication value. The available output 131 actions are listed in :c:enum:`bt_mesh_output_action_t`. 132 133The application must provide callbacks for the supported authentication 134methods in :c:struct:`bt_mesh_prov`, as well as enabling the supported actions 135in :c:member:`bt_mesh_prov.output_actions` and 136:c:member:`bt_mesh_prov.input_actions`. 137 138When an Output OOB action is selected, the authentication value should be 139presented to the user when the output callback is called, and remain until the 140:c:member:`bt_mesh_prov.input_complete` or :c:member:`bt_mesh_prov.complete` 141callback is called. If the action is ``blink``, ``beep`` or ``vibrate``, the 142sequence should be repeated after a delay of three seconds or more. 143 144When an Input OOB action is selected, the user should be prompted when the 145application receives the :c:member:`bt_mesh_prov.input` callback. The user 146response should be fed back to the Provisioning API through 147:c:func:`bt_mesh_input_string` or :c:func:`bt_mesh_input_number`. If 148no user response is recorded within 60 seconds, the Provisioning process is 149aborted. 150 151If Provisionee wants to mandate OOB authentication, it is mandatory to use 152the BT_MESH_ECDH_P256_HMAC_SHA256_AES_CCM algorithm. 153 154Data transfer 155============= 156 157After the device has been successfully authenticated, the provisioner 158transfers the Provisioning data: 159 160* Unicast address 161* A network key 162* IV index 163* Network flags 164 165 * Key refresh 166 * IV update 167 168Additionally, a device key is generated for the node. All this data is stored 169by the mesh stack, and the provisioning :c:member:`bt_mesh_prov.complete` 170callback gets called. 171 172Provisioning security 173********************* 174 175Depending on the choice of public key exchange mechanism and authentication method, 176the provisioning process can be secure or insecure. 177 178On May 24th 2021, ANSSI `disclosed <https://kb.cert.org/vuls/id/799380>`_ 179a set of vulnerabilities in the Bluetooth Mesh provisioning protocol that showcased 180how the low entropy provided by the Blink, Vibrate, Push, Twist and 181Input/Output numeric OOB methods could be exploited in impersonation and MITM 182attacks. In response, the Bluetooth SIG has reclassified these OOB methods as 183insecure in the Bluetooth Mesh Profile Specification v1.0.1 `erratum 16350 <https://www.bluetooth.org/docman/handlers/DownloadDoc.ashx?doc_id=516072>`_, 184as AuthValue may be brute forced in real time. To ensure secure provisioning, applications 185should use a static OOB value and OOB public key transfer. 186 187API reference 188************* 189 190.. doxygengroup:: bt_mesh_prov 191