public static NetworkKeyS2Flags ConvertToNetworkKeyMask(SecuritySchemes[] securitySchemes)
{
NetworkKeyS2Flags ret = NetworkKeyS2Flags.None;
if (securitySchemes != null)
{
if (securitySchemes.Contains(SecuritySchemes.S0))
{
ret |= NetworkKeyS2Flags.S0;
}
if (securitySchemes.Contains(SecuritySchemes.S2_ACCESS))
{
ret |= NetworkKeyS2Flags.S2Class2;
}
if (securitySchemes.Contains(SecuritySchemes.S2_AUTHENTICATED))
{
ret |= NetworkKeyS2Flags.S2Class1;
}
if (securitySchemes.Contains(SecuritySchemes.S2_UNAUTHENTICATED))
{
ret |= NetworkKeyS2Flags.S2Class0;
}
}
return(ret);
}
public static SecuritySchemes[] ConvertToSecuritySchemes(NetworkKeyS2Flags keysMask)
{
List <SecuritySchemes> ret = new List <SecuritySchemes>();
if ((keysMask & NetworkKeyS2Flags.S0) > 0)
{
ret.Add(SecuritySchemes.S0);
}
if ((keysMask & NetworkKeyS2Flags.S2Class2) > 0)
{
ret.Add(SecuritySchemes.S2_ACCESS);
}
if ((keysMask & NetworkKeyS2Flags.S2Class1) > 0)
{
ret.Add(SecuritySchemes.S2_AUTHENTICATED);
}
if ((keysMask & NetworkKeyS2Flags.S2Class0) > 0)
{
ret.Add(SecuritySchemes.S2_UNAUTHENTICATED);
}
return(ret.ToArray());
}
internal static SecuritySchemes ConvertToSecurityScheme(NetworkKeyS2Flags verifyKey)
{
SecuritySchemes ret = SecuritySchemes.NONE;
switch (verifyKey)
{
case NetworkKeyS2Flags.S2Class0:
ret = SecuritySchemes.S2_UNAUTHENTICATED;
break;
case NetworkKeyS2Flags.S2Class1:
ret = SecuritySchemes.S2_AUTHENTICATED;
break;
case NetworkKeyS2Flags.S2Class2:
ret = SecuritySchemes.S2_ACCESS;
break;
case NetworkKeyS2Flags.S0:
ret = SecuritySchemes.S0;
break;
}
return(ret);
}
public SecurityExtension(NetworkKeyS2Flags keyMask, byte[] commandClasses)
{
KeysValue = keyMask;
CommandClasses = commandClasses;
}
private void OnNKReport(ActionCompletedUnit ou)
{
if (_NKGetNKReport.Result)
{
if (_NKGetNKReport.SpecificResult.RxSecurityScheme == SecuritySchemes.S2_TEMP)
{
COMMAND_CLASS_SECURITY_2.SECURITY_2_NETWORK_KEY_GET get = _NKGetNKReport.Data;
COMMAND_CLASS_SECURITY_2.SECURITY_2_NETWORK_KEY_REPORT rpt = _NKGetNKReport.SpecificResult.Command;
if (rpt.grantedKey == get.requestedKey && rpt.networkKey != null && rpt.networkKey.Length == 16)
{
NetworkKeyS2Flags verifyKey = (NetworkKeyS2Flags)rpt.grantedKey;
var scheme = SecurityManagerInfo.ConvertToSecurityScheme(verifyKey);
if (scheme != SecuritySchemes.NONE)
{
_grantedSchemes.Add(scheme);
SpecificResult.SecuritySchemes = _grantedSchemes.ToArray();
_securityManagerInfo.SetNetworkKey(rpt.networkKey, scheme);
if (scheme == SecuritySchemes.S0)
{
_securityManagerInfo.ActivateNetworkKeyS0();
}
_securityManagerInfo.ActivateNetworkKeyS2ForNode(_peerNodeId, scheme);
_NKVerifyTransferEnd.NewToken();
_NKVerifyTransferEnd.DestNodeId = NodeId;
_NKVerifyTransferEnd.SrcNodeId = VirtualNodeId;
var cmd = new COMMAND_CLASS_SECURITY_2.SECURITY_2_NETWORK_KEY_VERIFY();
_NKVerifyTransferEnd.Data = cmd;
#region TestFrame Section
switch (scheme)
{
case SecuritySchemes.S0:
#region NetworkKeyVerify_S0
_securityTestSettingsService.ActivateTestPropertiesForFrame(SecurityS2TestFrames.NetworkKeyVerify_S0, _NKVerifyTransferEnd);
#endregion
break;
case SecuritySchemes.S2_UNAUTHENTICATED:
#region NetworkKeyVerify_S2Unauthenticated
_securityTestSettingsService.ActivateTestPropertiesForFrame(SecurityS2TestFrames.NetworkKeyVerify_S2Unauthenticated, _NKVerifyTransferEnd);
#endregion
break;
case SecuritySchemes.S2_AUTHENTICATED:
#region NetworkKeyVerify_S2Authenticated
_securityTestSettingsService.ActivateTestPropertiesForFrame(SecurityS2TestFrames.NetworkKeyVerify_S2Authenticated, _NKVerifyTransferEnd);
#endregion
break;
case SecuritySchemes.S2_ACCESS:
#region NetworkKeyVerify_S2Access
_securityTestSettingsService.ActivateTestPropertiesForFrame(SecurityS2TestFrames.NetworkKeyVerify_S2Access, _NKVerifyTransferEnd);
#endregion
break;
}
#endregion
_NKVerifyTransferEnd.SendDataSubstituteCallback = () =>
{
_securityManagerInfo.ActivateNetworkKeyS2TempForNode(_peerNodeId);
};
}
else
{
_securityManagerInfo.ActivateNetworkKeyS2TempForNode(_peerNodeId);
_KexFail.SubstituteSettings.ClearFlag(SubstituteFlags.DenySecurity);
_KexFail.Data = new COMMAND_CLASS_SECURITY_2.KEX_FAIL {
kexFailType = 0x0A
}; // KEX_FAIL_KEY_REPORT
_KexFail.NodeId = NodeId;
_KexFail.BridgeNodeId = VirtualNodeId;
ou.SetNextActionItems(_KexFail);
}
}
else
{
_securityManagerInfo.ActivateNetworkKeyS2TempForNode(_peerNodeId);
_KexFail.SubstituteSettings.ClearFlag(SubstituteFlags.DenySecurity);
_KexFail.Data = new COMMAND_CLASS_SECURITY_2.KEX_FAIL {
kexFailType = 0x0A
}; // KEX_FAIL_KEY_REPORT
_KexFail.NodeId = NodeId;
_KexFail.BridgeNodeId = VirtualNodeId;
ou.SetNextActionItems(_KexFail);
}
}
else
{
_securityManagerInfo.ActivateNetworkKeyS2TempForNode(_peerNodeId);
_KexFail.SubstituteSettings.ClearFlag(SubstituteFlags.DenySecurity);
_KexFail.Data = new COMMAND_CLASS_SECURITY_2.KEX_FAIL {
kexFailType = 0x07
}; // KEX_FAIL_AUTH
_KexFail.NodeId = NodeId;
_KexFail.BridgeNodeId = VirtualNodeId;
ou.SetNextActionItems(_KexFail);
}
}
else
{
SetStateCompletedSecurityFailed(ou);
}
}
private void OnKEXSet(ActionCompletedUnit ou)
{
if (_KEXReportKEXSet.Result &&
_KEXReportKEXSet.Result.State == ActionStates.Completed &&
_KEXReportKEXSet.SpecificResult.Command != null &&
_KEXReportKEXSet.SpecificResult.Command.Length > 2)
{
_grantedKeys.Clear();
_KEX_SET = _KEXReportKEXSet.SpecificResult.Command;
if (_KEX_SET.properties1.echo == 0 && _KEX_SET.selectedKexScheme == 0x02 && _KEX_SET.selectedEcdhProfile == 0x01)
{
if (CheckIsCsaCorrectlyGranted() && ValidateKexSetKeys())
{
bool hasHighKeys = false;
NetworkKeyS2Flags grantedKeysMask = (NetworkKeyS2Flags)_KEX_SET.grantedKeys;
if (grantedKeysMask.HasFlag(NetworkKeyS2Flags.S2Class2))
{
_grantedKeys.Enqueue(NetworkKeyS2Flags.S2Class2);
hasHighKeys = true;
}
if (grantedKeysMask.HasFlag(NetworkKeyS2Flags.S2Class1))
{
_grantedKeys.Enqueue(NetworkKeyS2Flags.S2Class1);
hasHighKeys = true;
}
if (grantedKeysMask.HasFlag(NetworkKeyS2Flags.S2Class0))
{
_grantedKeys.Enqueue(NetworkKeyS2Flags.S2Class0);
}
if (grantedKeysMask.HasFlag(NetworkKeyS2Flags.S0))
{
_grantedKeys.Enqueue(NetworkKeyS2Flags.S0);
}
_PKReportPKReport.DestNodeId = NodeId;
_PKReportPKReport.SrcNodeId = VirtualNodeId;
var cmd = new COMMAND_CLASS_SECURITY_2.PUBLIC_KEY_REPORT();
cmd.properties1 = 0;
cmd.ecdhPublicKey = new List <byte>(_securityManagerInfo.GetJoinPublicKeyS2());
_isClientSideAuthGranted = _KEX_SET.properties1.requestCsa > 0 ? true : false;
if (hasHighKeys && !_isClientSideAuthGranted && cmd.ecdhPublicKey.Count > 1)
{
cmd.ecdhPublicKey[0] = 0;
cmd.ecdhPublicKey[1] = 0;
if (_securityManagerInfo.DskPinCallback != null)
{
_securityManagerInfo.DskPinCallback();
}
}
_PKReportPKReport.Data = cmd;
#region PublicKeyReportB
_securityTestSettingsService.ActivateTestPropertiesForFrame(SecurityS2TestFrames.PublicKeyReportB, _PKReportPKReport);
#endregion
}
else
{
_KexFail.Data = new COMMAND_CLASS_SECURITY_2.KEX_FAIL {
kexFailType = 0x01
};
_KexFail.NodeId = NodeId;
_KexFail.BridgeNodeId = VirtualNodeId;
ou.SetNextActionItems(_KexFail);
}
}
else
{
byte currentKexFailType = _KEX_SET.selectedKexScheme != 0x02 ? (byte)0x02 : (byte)0x00;
if (currentKexFailType == 0x00)
{
currentKexFailType = _KEX_SET.selectedEcdhProfile != 0x01 ? (byte)0x03 : (byte)0x00;
}
_KexFail.Data = new COMMAND_CLASS_SECURITY_2.KEX_FAIL {
kexFailType = currentKexFailType
};
_KexFail.NodeId = NodeId;
_KexFail.BridgeNodeId = VirtualNodeId;
ou.SetNextActionItems(_KexFail);
}
}
else
{
SetStateCompletedSecurityFailed(ou);
}
}
