private void OnStart(StartActionUnit ou) { if (SendInclusionComplete.StepId == 0x01) { _securityTestSettingsService.ActivateTestPropertiesForFrame(SecurityS2TestFrames.InclusionComplete1, _sendInclusionComplete); } else if (SendInclusionComplete.StepId == 0x02) { _securityTestSettingsService.ActivateTestPropertiesForFrame(SecurityS2TestFrames.InclusionComplete2, _sendInclusionComplete); } }
private void OnStart(StartActionUnit ou) { if (RequestInclusionSupport.StepId == 0x01) { _securityTestSettingsService.ActivateTestPropertiesForFrame(SecurityS2TestFrames.InclusionInititate1, _requestInclusionSupport); } else if (RequestInclusionSupport.StepId == 0x02) { _securityTestSettingsService.ActivateTestPropertiesForFrame(SecurityS2TestFrames.InclusionInititate2, _requestInclusionSupport); } }
protected override void OnHandledInternal(DataReceivedUnit ou) { var destNodeId = ReceivedAchData.DestNodeId > 0 ? ReceivedAchData.DestNodeId : _securityManagerInfo.Network.NodeId; SecuritySchemes scheme = SecuritySchemes.NONE; InvariantPeerNodeId peerNodeId = new InvariantPeerNodeId(destNodeId, ReceivedAchData.SrcNodeId); ou.SetNextActionItems(); if (!ou.DataFrame.IsSkippedSecurity) { if (_securityManagerInfo.Network.HasSecurityScheme(SecuritySchemeSet.ALLS2) && _securityManagerInfo.IsActive) { byte[] command = ReceivedAchData.Command; bool isNonceReport = false; bool isSupportedReport = false; // Only for test frame Extensions extensions = null; SubstituteSettings substituteSettings = null; if (command != null && command.Length > 1) { bool isSubstituteDenied = false; byte[] dataToSend = null; bool isMulticastFrame = (ou.DataFrame.Data[2] & MULTICAST_MASK) == MULTICAST_MASK; bool isBroadcastFrame = (ou.DataFrame.Data[2] & BROADCAST_MASK) == BROADCAST_MASK; if (command[1] == COMMAND_CLASS_SECURITY_2.SECURITY_2_NONCE_GET.ID && (SecuritySchemes)ReceivedAchData.SecurityScheme == SecuritySchemes.NONE) { byte rxSequenceNumber = command[2]; if (!isMulticastFrame && !isBroadcastFrame) { if (handlingNonceGetFromNode != ReceivedAchData.SrcNodeId) { handlingNonceGetFromNode = ReceivedAchData.SrcNodeId; var currentTxSequenceNumber = _spanTable.GetTxSequenceNumber(peerNodeId); _spanTable.SetNonceFree(peerNodeId); //reset MPAN for owner Id foreach (byte groupId in _mpanTable.SelectGroupIds(ReceivedAchData.SrcNodeId)) { _mpanTable.RemoveRecord(new NodeGroupId(ReceivedAchData.SrcNodeId, groupId)); } dataToSend = _securityS2CryptoProvider.GenerateNonceReport(_spanTable, peerNodeId, ++currentTxSequenceNumber, rxSequenceNumber, true, false); isNonceReport = true; isSubstituteDenied = true; } } } else if (command[1] == COMMAND_CLASS_SECURITY_2.SECURITY_2_MESSAGE_ENCAPSULATION.ID) { byte rxSequenceNumber = command[2]; if (!isMulticastFrame && !isBroadcastFrame && ValidateS2MessageExtensions(command)) { var currentTxSequenceNumber = _spanTable.GetTxSequenceNumber(peerNodeId); _spanTable.SetNonceFree(peerNodeId); var isMos = _securityS2CryptoProvider.CheckMpanMosForOwnerNode(_mpanTable, ReceivedAchData.SrcNodeId); dataToSend = _securityS2CryptoProvider.GenerateNonceReport(_spanTable, peerNodeId, ++currentTxSequenceNumber, rxSequenceNumber, true, isMos); isNonceReport = true; isSubstituteDenied = true; } } else if (command[1] == COMMAND_CLASS_SECURITY_2.SECURITY_2_NONCE_REPORT.ID && (SecuritySchemes)ReceivedAchData.SecurityScheme == SecuritySchemes.NONE) { if (!isMulticastFrame && !isBroadcastFrame) { COMMAND_CLASS_SECURITY_2.SECURITY_2_NONCE_REPORT nonceReportCmd = command; if (_securityManagerInfo.InitializingNodeId != ReceivedAchData.SrcNodeId) // Node must be already initialized. { if (nonceReportCmd.properties1.sos > 0 && // Singlecast out of sync. nonceReportCmd.receiversEntropyInput != null && nonceReportCmd.receiversEntropyInput.Count == 16 ) { var rTable = _securityManagerInfo.RetransmissionTableS2; if (rTable.ContainsKey(peerNodeId)) { if (rTable[peerNodeId].Counter > 0) { _spanTable.AddOrReplace(peerNodeId, nonceReportCmd.receiversEntropyInput.ToArray(), _spanTable.GetTxSequenceNumber(peerNodeId), nonceReportCmd.sequenceNumber); dataToSend = rTable[peerNodeId].Data; scheme = rTable[peerNodeId].SecurityScheme; substituteSettings = rTable[peerNodeId].SubstituteSettings; rTable[peerNodeId].Counter--; } else { rTable.Remove(peerNodeId); _spanTable.SetNonceFree(peerNodeId); } } else { _spanTable.SetNonceFree(peerNodeId); } } if (nonceReportCmd.properties1.mos > 0) // Mutlicast out of sync. { var groupId = _securityS2CryptoProvider.LastSentMulticastGroupId; extensions = new Extensions(); var nodeGroupId = new NodeGroupId(destNodeId, groupId); if (!_mpanTable.CheckMpanExists(nodeGroupId)) { _mpanTable.AddOrReplace(nodeGroupId, 0x55, null, _securityS2CryptoProvider.GetRandomData()); } extensions.AddMpanExtension(_mpanTable.GetContainer(nodeGroupId).MpanState, groupId); } } } } else if (command[1] == COMMAND_CLASS_SECURITY_2.SECURITY_2_COMMANDS_SUPPORTED_GET.ID) { if (!isMulticastFrame && !isBroadcastFrame) { scheme = (SecuritySchemes)ReceivedAchData.SecurityScheme; if (scheme != SecuritySchemes.NONE && scheme != SecuritySchemes.S0 && _securityManagerInfo.Network.HasSecurityScheme(scheme)) { if (!_securityManagerInfo.Network.HasSecurityScheme(ReceivedAchData.SrcNodeId, SecuritySchemeSet.ALLS2) && !_securityManagerInfo.Network.IsSecuritySchemesSpecified(ReceivedAchData.SrcNodeId)) { _securityManagerInfo.Network.SetSecuritySchemes(ReceivedAchData.SrcNodeId, SecuritySchemeSet.ALL); } isSupportedReport = true; var ccReport = new COMMAND_CLASS_SECURITY_2.SECURITY_2_COMMANDS_SUPPORTED_REPORT(); if (ReceivedAchData.CommandType == CommandTypes.CmdApplicationCommandHandler_Bridge && ReceivedAchData.DestNodeId != _securityManagerInfo.Network.NodeId) { ccReport.commandClass = new List <byte>(_securityManagerInfo.Network.GetVirtualSecureCommandClasses()); } else { var secureCommandClasses = _securityManagerInfo.Network.GetSecureCommandClasses(); if (secureCommandClasses != null) { switch (scheme) { case SecuritySchemes.S2_UNAUTHENTICATED: if (!_securityManagerInfo.Network.HasSecurityScheme(SecuritySchemes.S2_ACCESS) && !_securityManagerInfo.Network.HasSecurityScheme(SecuritySchemes.S2_AUTHENTICATED)) { ccReport.commandClass = new List <byte>(_securityManagerInfo.Network.GetSecureCommandClasses()); } break; case SecuritySchemes.S2_AUTHENTICATED: if (!_securityManagerInfo.Network.HasSecurityScheme(SecuritySchemes.S2_ACCESS)) { ccReport.commandClass = new List <byte>(_securityManagerInfo.Network.GetSecureCommandClasses()); } break; case SecuritySchemes.S2_ACCESS: ccReport.commandClass = new List <byte>(secureCommandClasses); break; default: break; } } } dataToSend = ccReport; } } } if (dataToSend != null || extensions != null) { ApiOperation sendData = null; if (SecuritySchemeSet.ALLS2.Contains(scheme)) { sendData = new SendDataExOperation(ReceivedAchData.DestNodeId, ReceivedAchData.SrcNodeId, dataToSend, _securityManagerInfo.TxOptions, scheme); } else { if (ReceivedAchData.DestNodeId > 0) { sendData = new SendDataBridgeOperation(ReceivedAchData.DestNodeId, ReceivedAchData.SrcNodeId, dataToSend, _securityManagerInfo.TxOptions); if (extensions != null) { ((SendDataBridgeOperation)sendData).Extensions = extensions; } } else { sendData = new SendDataOperation(ReceivedAchData.SrcNodeId, dataToSend, _securityManagerInfo.TxOptions); if (extensions != null) { ((SendDataOperation)sendData).Extensions = extensions; } } } if (substituteSettings != null) { sendData.SubstituteSettings = substituteSettings; } if (isSubstituteDenied) { sendData.SubstituteSettings.SetFlag(SubstituteFlags.DenySecurity); } sendData.CompletedCallback = (x) => { var action = x as ActionBase; if (action != null) { handlingNonceGetFromNode = 0; SpecificResult.TotalCount++; if (action.Result.State != ActionStates.Completed) { SpecificResult.FailCount++; } } }; #region TestFrames if (isNonceReport) { _securityTestSettingsService.ActivateTestPropertiesForFrame(SecurityS2TestFrames.NonceReport, sendData); } else if (isSupportedReport) { _securityTestSettingsService.ActivateTestPropertiesForFrame(SecurityS2TestFrames.CommandsSupportedReport, sendData); } #endregion ou.SetNextActionItems(sendData); } else { ou.SetNextActionItems(); } } } else { "REJECT, {0}, {1} (IsNodeSecureS2={2}, IsActive={3}"._DLOG( _securityManagerInfo.IsInclusion, _securityManagerInfo.Network.HasSecurityScheme(ReceivedAchData.SrcNodeId, SecuritySchemeSet.ALLS2), _securityManagerInfo.Network.HasSecurityScheme(SecuritySchemeSet.ALLS2), _securityManagerInfo.IsActive); } } }
private void OnStart(StartActionUnit taskUnit) { #region NonceGet _securityTestSettingsService.ActivateTestPropertiesForFrame(SecurityS2TestFrames.NonceGet, _requestNonce); #endregion }
private void OnKEXGet(StartActionUnit ou) { kexReportStart = DateTime.Now; SpecificResult.SubstituteStatus = SubstituteStatuses.Failed; _securityManagerInfo.IsInclusion = true; _KexFailCancel.NodeId = NodeId; _KexFailCancel.BridgeNodeId = VirtualNodeId; _KEXReportKEXSet.DestNodeId = NodeId; _KEXReportKEXSet.SrcNodeId = VirtualNodeId; if (VirtualNodeId == 0) { _peerNodeId = new InvariantPeerNodeId(_securityManagerInfo.Network.NodeId, NodeId); } else { _peerNodeId = new InvariantPeerNodeId(VirtualNodeId, NodeId); } var cmd = new COMMAND_CLASS_SECURITY_2.KEX_REPORT(); _isClientSideAuthRequested = _securityManagerInfo.TestEnableClientSideAuthS2; cmd.properties1 = new COMMAND_CLASS_SECURITY_2.KEX_REPORT.Tproperties1() { requestCsa = _isClientSideAuthRequested ? (byte)1 : (byte)0 }; byte keysToRequest = (byte)(NetworkKeyS2Flags.S2Class0 | NetworkKeyS2Flags.S2Class1 | NetworkKeyS2Flags.S2Class2 | NetworkKeyS2Flags.S0); if (!_securityManagerInfo.Network.IsEnabledS0) { keysToRequest = (byte)(keysToRequest & ~(byte)(NetworkKeyS2Flags.S0)); } if (!_securityManagerInfo.Network.IsEnabledS2_UNAUTHENTICATED) { keysToRequest = (byte)(keysToRequest & ~(byte)(NetworkKeyS2Flags.S2Class0)); } if (!_securityManagerInfo.Network.IsEnabledS2_AUTHENTICATED) { keysToRequest = (byte)(keysToRequest & ~(byte)(NetworkKeyS2Flags.S2Class1)); } if (!_securityManagerInfo.Network.IsEnabledS2_ACCESS) { keysToRequest = (byte)(keysToRequest & ~(byte)(NetworkKeyS2Flags.S2Class2)); } cmd.requestedKeys = keysToRequest; cmd.supportedEcdhProfiles = 1; cmd.supportedKexSchemes = 2; _KEXReportKEXSet.Data = cmd; #region KEXReport if (_securityManagerInfo.TestFramesS2.ContainsKey(SecurityS2TestFrames.KEXReport)) { var testFrame = _securityManagerInfo.TestFramesS2[SecurityS2TestFrames.KEXReport]; if (testFrame.Command != null && testFrame.Command.Length > 5 && testFrame.Command[0] == COMMAND_CLASS_SECURITY_2.ID && testFrame.Command[1] == COMMAND_CLASS_SECURITY_2.KEX_REPORT.ID) { COMMAND_CLASS_SECURITY_2.KEX_REPORT tmp = testFrame.Command; keysToRequest = tmp.requestedKeys; } _securityTestSettingsService.ActivateTestPropertiesForFrame(SecurityS2TestFrames.KEXReport, _KEXReportKEXSet); } #endregion var duration = (int)(DateTime.Now - kexReportStart).TotalMilliseconds; if (duration > InclusionS2TimeoutConstants.Joining.PublicKeyReport) { _KEXReportKEXSet.SetNewExpectTimeout(100); } }