UNPKG

inventoresed

Version:

Z-Wave driver written entirely in JavaScript/TypeScript

github.com/LavonPrice/inventoresed.git

LavonPrice/inventoresed

389 lines (355 loc) 11.5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
/** Management class and utils for Security S2 */ import { getEnumMemberName } from "@zwave-js/shared"; import * as crypto from "crypto"; import { ZWaveError, ZWaveErrorCodes } from "../error/ZWaveError"; import { highResTimestamp } from "../util/date"; import { increment } from "./bufferUtils"; import { computeNoncePRK, deriveMEI, deriveNetworkKeys, encryptAES128ECB, } from "./crypto"; import { CtrDRBG } from "./ctr_drbg"; import { SecurityClass } from "./SecurityClass"; interface NetworkKeys { pnk: Buffer; keyCCM: Buffer; keyMPAN: Buffer; personalizationString: Buffer; } interface TempNetworkKeys { keyCCM: Buffer; personalizationString: Buffer; } export enum SPANState { /** No entry exists */ None = 0, /* The other node's receiver's entropy input is known but, but we didn't send it our sender's EI yet */ RemoteEI, /* We've sent the other node our receiver's entropy input, but we didn't receive its sender's EI yet */ LocalEI, /* An SPAN with the other node has been established */ SPAN, } export type SPANTableEntry = | { // We know the other node's receiver's entropy input, but we didn't send it our sender's EI yet type: SPANState.RemoteEI; receiverEI: Buffer; } | { // We've sent the other node our receiver's entropy input, but we didn't receive its sender's EI yet type: SPANState.LocalEI; receiverEI: Buffer; } | { // We've established an SPAN with the other node type: SPANState.SPAN; securityClass: SecurityClass; rng: CtrDRBG; /** The most recent generated SPAN */ currentSPAN?: { nonce: Buffer; expires: number; }; }; // How many sequence numbers are remembered for each node when checking for duplicates const SINGLECAST_MAX_SEQ_NUMS = 10; // How long a singlecast nonce used for encryption will be kept around to attempt decryption of in-flight messages const SINGLECAST_NONCE_EXPIRY_NS = 500 * 1000 * 1000; // 500 ms in nanoseconds export class SecurityManager2 { public constructor() { this.rng = new CtrDRBG( 128, false, crypto.randomBytes(32), undefined, Buffer.alloc(32, 0), ); } /** PRNG used to initialize the others */ private rng: CtrDRBG; /** A map of SPAN states for each node */ private spanTable = new Map<number, SPANTableEntry>(); /** A map of temporary keys for each node that are used for the key exchange */ public readonly tempKeys = new Map<number, TempNetworkKeys>(); /** A map of sequence numbers that were last used in communication with a node */ private ownSequenceNumbers = new Map<number, number>(); private peerSequenceNumbers = new Map<number, number[]>(); /** A map of MPAN states for each multicast group */ private mpanStates = new Map<number, Buffer>(); /** A map of permanent network keys per security class */ private networkKeys = new Map<SecurityClass, NetworkKeys>(); /** Which multicast group has been assigned which security class */ private groupClasses = new Map<number, SecurityClass>(); /** Sets the PNK for a given security class and derives the encryption keys from it */ public setKey(securityClass: SecurityClass, key: Buffer): void { if (key.length !== 16) { throw new ZWaveError( `The network key must consist of 16 bytes!`, ZWaveErrorCodes.Argument_Invalid, ); } else if ( !(securityClass in SecurityClass) || securityClass <= SecurityClass.None ) { throw new ZWaveError( `Invalid security class!`, ZWaveErrorCodes.Argument_Invalid, ); } this.networkKeys.set(securityClass, { pnk: key, ...deriveNetworkKeys(key), }); } public assignSecurityClassMulticast( group: number, securityClass: SecurityClass, ): void { this.groupClasses.set(group, securityClass); } public hasKeysForSecurityClass(securityClass: SecurityClass): boolean { return this.networkKeys.has(securityClass); } public getKeysForSecurityClass(securityClass: SecurityClass): NetworkKeys { const keys = this.networkKeys.get(securityClass); if (!keys) { throw new ZWaveError( `The network key for the security class ${getEnumMemberName( SecurityClass, securityClass, )} has not been set up yet!`, ZWaveErrorCodes.Security2CC_NotInitialized, ); } return { ...keys }; } public getKeysForNode(peerNodeID: number): NetworkKeys | TempNetworkKeys { const spanState = this.getSPANState(peerNodeID); // The keys we return must match the actual SPAN state (if we have one) // Meaning if an SPAN for the temporary inclusion key is established, // we need to return that temporary key if ( spanState.type === SPANState.SPAN && spanState.securityClass === SecurityClass.Temporary ) { if (this.tempKeys.has(peerNodeID)) return this.tempKeys.get(peerNodeID)!; throw new ZWaveError( `Temporary encryption key for node ${peerNodeID} is not known!`, ZWaveErrorCodes.Security2CC_NotInitialized, ); } else if (spanState.type !== SPANState.SPAN) { throw new ZWaveError( `Security class for node ${peerNodeID} is not yet known!`, ZWaveErrorCodes.Security2CC_NotInitialized, ); } return this.getKeysForSecurityClass(spanState.securityClass); } public getSPANState( peerNodeID: number, ): SPANTableEntry | { type: SPANState.None } { return this.spanTable.get(peerNodeID) ?? { type: SPANState.None }; } /** Tests whether the most recent secure command for a node has used the given security class */ public hasUsedSecurityClass( peerNodeID: number, securityClass: SecurityClass, ): boolean { const spanState = this.spanTable.get(peerNodeID); if (!spanState) return false; if (spanState.type !== SPANState.SPAN) return false; return spanState.securityClass === securityClass; } /** * Prepares the generation of a new SPAN by creating a random sequence number and (local) entropy input * @param receiver The node this nonce is for. If none is given, the nonce is not stored. */ public generateNonce(receiver: number | undefined): Buffer { const receiverEI = this.rng.generate(16); if (receiver != undefined) { this.spanTable.set(receiver, { type: SPANState.LocalEI, receiverEI, }); } return receiverEI; } /** * Stores the given SPAN state in the table. This should NEVER be called by user code. */ public setSPANState( peerNodeID: number, state: SPANTableEntry | { type: SPANState.None }, ): void { if (state.type === SPANState.None) { this.spanTable.delete(peerNodeID); } else { this.spanTable.set(peerNodeID, state); } } /** Invalidates the SPAN state for the given receiver */ public deleteNonce(receiver: number): void { this.spanTable.delete(receiver); this.peerSequenceNumbers.delete(receiver); // Keep our own sequence number } /** Initializes the singlecast PAN generator for a given node based on the given entropy inputs */ public initializeSPAN( peerNodeId: number, securityClass: SecurityClass, senderEI: Buffer, receiverEI: Buffer, ): void { if (senderEI.length !== 16 || receiverEI.length !== 16) { throw new ZWaveError( `The entropy input must consist of 16 bytes`, ZWaveErrorCodes.Argument_Invalid, ); } const keys = this.getKeysForSecurityClass(securityClass); const noncePRK = computeNoncePRK(senderEI, receiverEI); const MEI = deriveMEI(noncePRK); this.spanTable.set(peerNodeId, { securityClass, type: SPANState.SPAN, rng: new CtrDRBG( 128, false, MEI, undefined, keys.personalizationString, ), }); } /** Initializes the singlecast PAN generator for a given node based on the given entropy inputs */ public initializeTempSPAN( peerNodeId: number, senderEI: Buffer, receiverEI: Buffer, ): void { if (senderEI.length !== 16 || receiverEI.length !== 16) { throw new ZWaveError( `The entropy input must consist of 16 bytes`, ZWaveErrorCodes.Argument_Invalid, ); } const keys = this.tempKeys.get(peerNodeId)!; const noncePRK = computeNoncePRK(senderEI, receiverEI); const MEI = deriveMEI(noncePRK); this.spanTable.set(peerNodeId, { securityClass: SecurityClass.Temporary, type: SPANState.SPAN, rng: new CtrDRBG( 128, false, MEI, undefined, keys.personalizationString, ), }); } /** Tests if the given combination of peer node ID and sequence number is a duplicate */ public isDuplicateSinglecast( peerNodeId: number, sequenceNumber: number, ): boolean { return ( this.peerSequenceNumbers .get(peerNodeId) ?.includes(sequenceNumber) ?? false ); } /** Stores the latest sequence number for the given peer node ID and returns the previous one */ public storeSequenceNumber( peerNodeId: number, sequenceNumber: number, ): number | undefined { if (this.peerSequenceNumbers.has(peerNodeId)) { // Store the last SINGLECAST_MAX_SEQ_NUMS sequence numbers const arr = this.peerSequenceNumbers.get(peerNodeId)!; const prev = arr[arr.length - 1]; arr.push(sequenceNumber); if (arr.length > SINGLECAST_MAX_SEQ_NUMS) arr.shift(); return prev; } else { this.peerSequenceNumbers.set(peerNodeId, [sequenceNumber]); } } public storeRemoteEI(peerNodeId: number, remoteEI: Buffer): void { if (remoteEI.length !== 16) { throw new ZWaveError( `The entropy input must consist of 16 bytes`, ZWaveErrorCodes.Argument_Invalid, ); } this.spanTable.set(peerNodeId, { type: SPANState.RemoteEI, receiverEI: remoteEI, }); } /** * Generates the next nonce for the given peer and returns it. * @param store - Whether the nonce should be stored/remembered as the current SPAN. */ public nextNonce(peerNodeId: number, store?: boolean): Buffer { const spanState = this.spanTable.get(peerNodeId); if (spanState?.type !== SPANState.SPAN) { throw new ZWaveError( `The Singlecast PAN has not been initialized for Node ${peerNodeId}`, ZWaveErrorCodes.Security2CC_NotInitialized, ); } const nonce = spanState.rng.generate(16).slice(0, 13); spanState.currentSPAN = store ? { nonce, expires: highResTimestamp() + SINGLECAST_NONCE_EXPIRY_NS, } : undefined; return nonce; } /** Returns the next sequence number to use for outgoing messages to the given node */ public nextSequenceNumber(peerNodeId: number): number { let seq = this.ownSequenceNumbers.get(peerNodeId); if (seq == undefined) { seq = crypto.randomInt(256); } else { seq = (seq + 1) & 0xff; } this.ownSequenceNumbers.set(peerNodeId, seq); return seq; } public initializeMPAN(group: number): void { this.mpanStates.set(group, this.rng.generate(16)); } public nextMPAN(group: number): Buffer { if (!this.mpanStates.has(group)) { throw new ZWaveError( `The MPAN state has not been initialized for multicast group ${group}`, ZWaveErrorCodes.Security2CC_NotInitialized, ); } else if (!this.groupClasses.has(group)) { throw new ZWaveError( `Multicast group ${group} has not been assigned to a security class yet!`, ZWaveErrorCodes.Security2CC_NotInitialized, ); } const keys = this.networkKeys.get(this.groupClasses.get(group)!); if (!keys) { throw new ZWaveError( `The network keys for the security class of multicast group ${group} have not been set up yet!`, ZWaveErrorCodes.Security2CC_NotInitialized, ); } // Compute the next MPAN const stateN = this.mpanStates.get(group)!; const ret = encryptAES128ECB(stateN, keys.keyMPAN); // Increment the inner state increment(stateN); return ret; } }