public static NetworkKeyS2Flags ConvertToNetworkKeyMask(SecuritySchemes[] securitySchemes) { NetworkKeyS2Flags ret = NetworkKeyS2Flags.None; if (securitySchemes != null) { if (securitySchemes.Contains(SecuritySchemes.S0)) { ret |= NetworkKeyS2Flags.S0; } if (securitySchemes.Contains(SecuritySchemes.S2_ACCESS)) { ret |= NetworkKeyS2Flags.S2Class2; } if (securitySchemes.Contains(SecuritySchemes.S2_AUTHENTICATED)) { ret |= NetworkKeyS2Flags.S2Class1; } if (securitySchemes.Contains(SecuritySchemes.S2_UNAUTHENTICATED)) { ret |= NetworkKeyS2Flags.S2Class0; } } return(ret); }
public static SecuritySchemes[] ConvertToSecuritySchemes(NetworkKeyS2Flags keysMask) { List <SecuritySchemes> ret = new List <SecuritySchemes>(); if ((keysMask & NetworkKeyS2Flags.S0) > 0) { ret.Add(SecuritySchemes.S0); } if ((keysMask & NetworkKeyS2Flags.S2Class2) > 0) { ret.Add(SecuritySchemes.S2_ACCESS); } if ((keysMask & NetworkKeyS2Flags.S2Class1) > 0) { ret.Add(SecuritySchemes.S2_AUTHENTICATED); } if ((keysMask & NetworkKeyS2Flags.S2Class0) > 0) { ret.Add(SecuritySchemes.S2_UNAUTHENTICATED); } return(ret.ToArray()); }
internal static SecuritySchemes ConvertToSecurityScheme(NetworkKeyS2Flags verifyKey) { SecuritySchemes ret = SecuritySchemes.NONE; switch (verifyKey) { case NetworkKeyS2Flags.S2Class0: ret = SecuritySchemes.S2_UNAUTHENTICATED; break; case NetworkKeyS2Flags.S2Class1: ret = SecuritySchemes.S2_AUTHENTICATED; break; case NetworkKeyS2Flags.S2Class2: ret = SecuritySchemes.S2_ACCESS; break; case NetworkKeyS2Flags.S0: ret = SecuritySchemes.S0; break; } return(ret); }
public SecurityExtension(NetworkKeyS2Flags keyMask, byte[] commandClasses) { KeysValue = keyMask; CommandClasses = commandClasses; }
private void OnNKReport(ActionCompletedUnit ou) { if (_NKGetNKReport.Result) { if (_NKGetNKReport.SpecificResult.RxSecurityScheme == SecuritySchemes.S2_TEMP) { COMMAND_CLASS_SECURITY_2.SECURITY_2_NETWORK_KEY_GET get = _NKGetNKReport.Data; COMMAND_CLASS_SECURITY_2.SECURITY_2_NETWORK_KEY_REPORT rpt = _NKGetNKReport.SpecificResult.Command; if (rpt.grantedKey == get.requestedKey && rpt.networkKey != null && rpt.networkKey.Length == 16) { NetworkKeyS2Flags verifyKey = (NetworkKeyS2Flags)rpt.grantedKey; var scheme = SecurityManagerInfo.ConvertToSecurityScheme(verifyKey); if (scheme != SecuritySchemes.NONE) { _grantedSchemes.Add(scheme); SpecificResult.SecuritySchemes = _grantedSchemes.ToArray(); _securityManagerInfo.SetNetworkKey(rpt.networkKey, scheme); if (scheme == SecuritySchemes.S0) { _securityManagerInfo.ActivateNetworkKeyS0(); } _securityManagerInfo.ActivateNetworkKeyS2ForNode(_peerNodeId, scheme); _NKVerifyTransferEnd.NewToken(); _NKVerifyTransferEnd.DestNodeId = NodeId; _NKVerifyTransferEnd.SrcNodeId = VirtualNodeId; var cmd = new COMMAND_CLASS_SECURITY_2.SECURITY_2_NETWORK_KEY_VERIFY(); _NKVerifyTransferEnd.Data = cmd; #region TestFrame Section switch (scheme) { case SecuritySchemes.S0: #region NetworkKeyVerify_S0 _securityTestSettingsService.ActivateTestPropertiesForFrame(SecurityS2TestFrames.NetworkKeyVerify_S0, _NKVerifyTransferEnd); #endregion break; case SecuritySchemes.S2_UNAUTHENTICATED: #region NetworkKeyVerify_S2Unauthenticated _securityTestSettingsService.ActivateTestPropertiesForFrame(SecurityS2TestFrames.NetworkKeyVerify_S2Unauthenticated, _NKVerifyTransferEnd); #endregion break; case SecuritySchemes.S2_AUTHENTICATED: #region NetworkKeyVerify_S2Authenticated _securityTestSettingsService.ActivateTestPropertiesForFrame(SecurityS2TestFrames.NetworkKeyVerify_S2Authenticated, _NKVerifyTransferEnd); #endregion break; case SecuritySchemes.S2_ACCESS: #region NetworkKeyVerify_S2Access _securityTestSettingsService.ActivateTestPropertiesForFrame(SecurityS2TestFrames.NetworkKeyVerify_S2Access, _NKVerifyTransferEnd); #endregion break; } #endregion _NKVerifyTransferEnd.SendDataSubstituteCallback = () => { _securityManagerInfo.ActivateNetworkKeyS2TempForNode(_peerNodeId); }; } else { _securityManagerInfo.ActivateNetworkKeyS2TempForNode(_peerNodeId); _KexFail.SubstituteSettings.ClearFlag(SubstituteFlags.DenySecurity); _KexFail.Data = new COMMAND_CLASS_SECURITY_2.KEX_FAIL { kexFailType = 0x0A }; // KEX_FAIL_KEY_REPORT _KexFail.NodeId = NodeId; _KexFail.BridgeNodeId = VirtualNodeId; ou.SetNextActionItems(_KexFail); } } else { _securityManagerInfo.ActivateNetworkKeyS2TempForNode(_peerNodeId); _KexFail.SubstituteSettings.ClearFlag(SubstituteFlags.DenySecurity); _KexFail.Data = new COMMAND_CLASS_SECURITY_2.KEX_FAIL { kexFailType = 0x0A }; // KEX_FAIL_KEY_REPORT _KexFail.NodeId = NodeId; _KexFail.BridgeNodeId = VirtualNodeId; ou.SetNextActionItems(_KexFail); } } else { _securityManagerInfo.ActivateNetworkKeyS2TempForNode(_peerNodeId); _KexFail.SubstituteSettings.ClearFlag(SubstituteFlags.DenySecurity); _KexFail.Data = new COMMAND_CLASS_SECURITY_2.KEX_FAIL { kexFailType = 0x07 }; // KEX_FAIL_AUTH _KexFail.NodeId = NodeId; _KexFail.BridgeNodeId = VirtualNodeId; ou.SetNextActionItems(_KexFail); } } else { SetStateCompletedSecurityFailed(ou); } }
private void OnKEXSet(ActionCompletedUnit ou) { if (_KEXReportKEXSet.Result && _KEXReportKEXSet.Result.State == ActionStates.Completed && _KEXReportKEXSet.SpecificResult.Command != null && _KEXReportKEXSet.SpecificResult.Command.Length > 2) { _grantedKeys.Clear(); _KEX_SET = _KEXReportKEXSet.SpecificResult.Command; if (_KEX_SET.properties1.echo == 0 && _KEX_SET.selectedKexScheme == 0x02 && _KEX_SET.selectedEcdhProfile == 0x01) { if (CheckIsCsaCorrectlyGranted() && ValidateKexSetKeys()) { bool hasHighKeys = false; NetworkKeyS2Flags grantedKeysMask = (NetworkKeyS2Flags)_KEX_SET.grantedKeys; if (grantedKeysMask.HasFlag(NetworkKeyS2Flags.S2Class2)) { _grantedKeys.Enqueue(NetworkKeyS2Flags.S2Class2); hasHighKeys = true; } if (grantedKeysMask.HasFlag(NetworkKeyS2Flags.S2Class1)) { _grantedKeys.Enqueue(NetworkKeyS2Flags.S2Class1); hasHighKeys = true; } if (grantedKeysMask.HasFlag(NetworkKeyS2Flags.S2Class0)) { _grantedKeys.Enqueue(NetworkKeyS2Flags.S2Class0); } if (grantedKeysMask.HasFlag(NetworkKeyS2Flags.S0)) { _grantedKeys.Enqueue(NetworkKeyS2Flags.S0); } _PKReportPKReport.DestNodeId = NodeId; _PKReportPKReport.SrcNodeId = VirtualNodeId; var cmd = new COMMAND_CLASS_SECURITY_2.PUBLIC_KEY_REPORT(); cmd.properties1 = 0; cmd.ecdhPublicKey = new List <byte>(_securityManagerInfo.GetJoinPublicKeyS2()); _isClientSideAuthGranted = _KEX_SET.properties1.requestCsa > 0 ? true : false; if (hasHighKeys && !_isClientSideAuthGranted && cmd.ecdhPublicKey.Count > 1) { cmd.ecdhPublicKey[0] = 0; cmd.ecdhPublicKey[1] = 0; if (_securityManagerInfo.DskPinCallback != null) { _securityManagerInfo.DskPinCallback(); } } _PKReportPKReport.Data = cmd; #region PublicKeyReportB _securityTestSettingsService.ActivateTestPropertiesForFrame(SecurityS2TestFrames.PublicKeyReportB, _PKReportPKReport); #endregion } else { _KexFail.Data = new COMMAND_CLASS_SECURITY_2.KEX_FAIL { kexFailType = 0x01 }; _KexFail.NodeId = NodeId; _KexFail.BridgeNodeId = VirtualNodeId; ou.SetNextActionItems(_KexFail); } } else { byte currentKexFailType = _KEX_SET.selectedKexScheme != 0x02 ? (byte)0x02 : (byte)0x00; if (currentKexFailType == 0x00) { currentKexFailType = _KEX_SET.selectedEcdhProfile != 0x01 ? (byte)0x03 : (byte)0x00; } _KexFail.Data = new COMMAND_CLASS_SECURITY_2.KEX_FAIL { kexFailType = currentKexFailType }; _KexFail.NodeId = NodeId; _KexFail.BridgeNodeId = VirtualNodeId; ou.SetNextActionItems(_KexFail); } } else { SetStateCompletedSecurityFailed(ou); } }