UNPKG

zigbee-on-host

Version:

Zigbee stack designed to run on a host and communicate with a radio co-processor (RCP)

github.com/Nerivec/zigbee-on-host

Nerivec/zigbee-on-host

322 lines 16.1 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.decodeZigbeeNWKGPFrameControl = decodeZigbeeNWKGPFrameControl; exports.decodeZigbeeNWKGPHeader = decodeZigbeeNWKGPHeader; exports.decodeZigbeeNWKGPPayload = decodeZigbeeNWKGPPayload; exports.encodeZigbeeNWKGPFrame = encodeZigbeeNWKGPFrame; const zigbee_js_1 = require("./zigbee.js"); /** * Decode Zigbee NWK GP frame control field. * HOT PATH: Called for every incoming Green Power frame. * 14-0563-19 Green Power, Table 25 (NWK frame control) * * SPEC COMPLIANCE NOTES: * - ✅ Parses auto-commissioning and frame-extension bits per GP network layer definition * - ✅ Extracts protocol version to gate GPv2+ logic for later layers * - ⚠️ Leaves direction-specific behaviour to extended control parsing * DEVICE SCOPE: Green Power proxies, Green Power sinks */ /* @__INLINE__ */ function decodeZigbeeNWKGPFrameControl(data, offset) { // HOT PATH: Extract NWKGP FCF fields with bitwise operations const fcf = data.readUInt8(offset); offset += 1; return [ { frameType: fcf & 3 /* ZigbeeNWKGPConsts.FCF_FRAME_TYPE */, protocolVersion: (fcf & 60 /* ZigbeeNWKGPConsts.FCF_VERSION */) >> 2, autoCommissioning: Boolean((fcf & 64 /* ZigbeeNWKGPConsts.FCF_AUTO_COMMISSIONING */) >> 6), nwkFrameControlExtension: Boolean((fcf & 128 /* ZigbeeNWKGPConsts.FCF_CONTROL_EXTENSION */) >> 7), }, offset, ]; } /** * 14-0563-19 Green Power, Table 25 (NWK frame control) * * SPEC COMPLIANCE NOTES: * - ✅ Encodes Green Power frame control bits respecting auto-commissioning flag semantics * - ✅ Keeps protocol version within Zigbee GP-defined range * - ⚠️ Assumes caller already validated combination of frame type and extension usage * DEVICE SCOPE: Green Power proxies, Green Power sinks */ function encodeZigbeeNWKGPFrameControl(data, offset, fcf) { offset = data.writeUInt8((fcf.frameType & 3 /* ZigbeeNWKGPConsts.FCF_FRAME_TYPE */) | ((fcf.protocolVersion << 2) & 60 /* ZigbeeNWKGPConsts.FCF_VERSION */) | (((fcf.autoCommissioning ? 1 : 0) << 6) & 64 /* ZigbeeNWKGPConsts.FCF_AUTO_COMMISSIONING */) | (((fcf.nwkFrameControlExtension ? 1 : 0) << 7) & 128 /* ZigbeeNWKGPConsts.FCF_CONTROL_EXTENSION */), offset); return offset; } /** * 14-0563-19 Green Power, Table 26 (Extended NWK frame control) * * SPEC COMPLIANCE NOTES: * - ✅ Extracts application ID, security level, and direction bits used by GP pairing flows * - ✅ Surfaces Rx-after-Tx flag for sink proxy logic * - ⚠️ Does not validate application ID mapping beyond specification bounds * DEVICE SCOPE: Green Power proxies, Green Power sinks */ function decodeZigbeeNWKGPFrameControlExt(data, offset) { const fcf = data.readUInt8(offset); offset += 1; return [ { appId: fcf & 7 /* ZigbeeNWKGPConsts.FCF_EXT_APP_ID */, securityLevel: (fcf & 24 /* ZigbeeNWKGPConsts.FCF_EXT_SECURITY_LEVEL */) >> 3, securityKey: Boolean((fcf & 32 /* ZigbeeNWKGPConsts.FCF_EXT_SECURITY_KEY */) >> 5), rxAfterTx: Boolean((fcf & 64 /* ZigbeeNWKGPConsts.FCF_EXT_RX_AFTER_TX */) >> 6), direction: (fcf & 128 /* ZigbeeNWKGPConsts.FCF_EXT_DIRECTION */) >> 7, }, offset, ]; } /** * 14-0563-19 Green Power, Table 26 (Extended NWK frame control) * * SPEC COMPLIANCE NOTES: * - ✅ Serialises appId, security level, and direction bits following GP spec bit layout * - ✅ Preserves Rx-after-Tx semantics for sink proxy operations * - ⚠️ Requires caller to ensure security level aligns with key type in use * DEVICE SCOPE: Green Power proxies, Green Power sinks */ function encodeZigbeeNWKGPFrameControlExt(data, offset, fcExt) { offset = data.writeUInt8((fcExt.appId & 7 /* ZigbeeNWKGPConsts.FCF_EXT_APP_ID */) | ((fcExt.securityLevel << 3) & 24 /* ZigbeeNWKGPConsts.FCF_EXT_SECURITY_LEVEL */) | (((fcExt.securityKey ? 1 : 0) << 5) & 32 /* ZigbeeNWKGPConsts.FCF_EXT_SECURITY_KEY */) | (((fcExt.rxAfterTx ? 1 : 0) << 6) & 64 /* ZigbeeNWKGPConsts.FCF_EXT_RX_AFTER_TX */) | ((fcExt.direction << 7) & 128 /* ZigbeeNWKGPConsts.FCF_EXT_DIRECTION */), offset); return offset; } /** * 14-0563-19 Green Power, Tables 27/28 (NWK header formats) * * SPEC COMPLIANCE NOTES: * - ✅ Applies application ID rules to choose between SourceID, IEEE address, and endpoint fields * - ✅ Calculates payload length by subtracting MIC for CCM* authenticated payloads * - ⚠️ Channel configuration special case still relies on peek to differentiate default appId flow * DEVICE SCOPE: Green Power proxies, Green Power sinks */ function decodeZigbeeNWKGPHeader(data, offset, frameControl) { let frameControlExt; if (frameControl.nwkFrameControlExtension) { [frameControlExt, offset] = decodeZigbeeNWKGPFrameControlExt(data, offset); } let sourceId; let source64; let endpoint; let micSize = 0; let securityFrameCounter; let mic; if ((frameControl.frameType === 0 /* ZigbeeNWKGPFrameType.DATA */ && !frameControl.nwkFrameControlExtension) || (frameControl.frameType === 0 /* ZigbeeNWKGPFrameType.DATA */ && frameControl.nwkFrameControlExtension && frameControlExt.appId === 0 /* ZigbeeNWKGPAppId.DEFAULT */) || (frameControl.frameType === 1 /* ZigbeeNWKGPFrameType.MAINTENANCE */ && frameControl.nwkFrameControlExtension && frameControlExt.appId === 0 /* ZigbeeNWKGPAppId.DEFAULT */ && data.readUInt8(offset) !== 243 /* ZigbeeNWKGPCommandId.CHANNEL_CONFIGURATION */)) { sourceId = data.readUInt32LE(offset); offset += 4; } if (frameControl.nwkFrameControlExtension && frameControlExt.appId === 2 /* ZigbeeNWKGPAppId.ZGP */) { source64 = data.readBigUInt64LE(offset); offset += 8; endpoint = data.readUInt8(offset); offset += 1; } if (frameControl.nwkFrameControlExtension && (frameControlExt.appId === 0 /* ZigbeeNWKGPAppId.DEFAULT */ || frameControlExt.appId === 2 /* ZigbeeNWKGPAppId.ZGP */ || frameControlExt.appId === 1 /* ZigbeeNWKGPAppId.LPED */)) { if (frameControlExt.securityLevel === 1 /* ZigbeeNWKGPSecurityLevel.ONELSB */ && frameControlExt.appId !== 1 /* ZigbeeNWKGPAppId.LPED */) { micSize = 2; } else if (frameControlExt.securityLevel === 2 /* ZigbeeNWKGPSecurityLevel.FULL */ || frameControlExt.securityLevel === 3 /* ZigbeeNWKGPSecurityLevel.FULLENCR */) { micSize = 4; securityFrameCounter = data.readUInt32LE(offset); offset += 4; } } //-- here `offset` is "start of payload" const payloadLength = data.byteLength - offset - micSize; if (payloadLength <= 0) { throw new Error("Zigbee NWK GP frame without payload"); } if (micSize === 2) { mic = data.readUInt16LE(offset + payloadLength); // at end } else if (micSize === 4) { mic = data.readUInt32LE(offset + payloadLength); // at end } return [ { frameControl, frameControlExt, sourceId, source64, endpoint, micSize, securityFrameCounter, payloadLength, mic, }, offset, ]; } /** * 14-0563-19 Green Power, Tables 27/28 (NWK header formats) * * SPEC COMPLIANCE NOTES: * - ✅ Serialises SourceID/IEEE addressing per application ID requirements * - ✅ Writes security frame counter when security level mandates MIC generation * - ⚠️ Channel configuration peek mirrors decode path; assumes caller aligned payload accordingly * DEVICE SCOPE: Green Power proxies, Green Power sinks */ function encodeZigbeeNWKGPHeader(data, offset, header) { offset = encodeZigbeeNWKGPFrameControl(data, offset, header.frameControl); if (header.frameControl.nwkFrameControlExtension) { offset = encodeZigbeeNWKGPFrameControlExt(data, offset, header.frameControlExt); } if ((header.frameControl.frameType === 0 /* ZigbeeNWKGPFrameType.DATA */ && !header.frameControl.nwkFrameControlExtension) || (header.frameControl.frameType === 0 /* ZigbeeNWKGPFrameType.DATA */ && header.frameControl.nwkFrameControlExtension && header.frameControlExt.appId === 0 /* ZigbeeNWKGPAppId.DEFAULT */) || (header.frameControl.frameType === 1 /* ZigbeeNWKGPFrameType.MAINTENANCE */ && header.frameControl.nwkFrameControlExtension && header.frameControlExt.appId === 0 /* ZigbeeNWKGPAppId.DEFAULT */ && data.readUInt8(offset) !== 243 /* ZigbeeNWKGPCommandId.CHANNEL_CONFIGURATION */)) { offset = data.writeUInt32LE(header.sourceId, offset); } if (header.frameControl.nwkFrameControlExtension && header.frameControlExt.appId === 2 /* ZigbeeNWKGPAppId.ZGP */) { offset = data.writeBigUInt64LE(header.source64, offset); offset = data.writeUInt8(header.endpoint, offset); } if (header.frameControl.nwkFrameControlExtension && (header.frameControlExt.appId === 0 /* ZigbeeNWKGPAppId.DEFAULT */ || header.frameControlExt.appId === 2 /* ZigbeeNWKGPAppId.ZGP */ || header.frameControlExt.appId === 1 /* ZigbeeNWKGPAppId.LPED */)) { if (header.frameControlExt.securityLevel === 2 /* ZigbeeNWKGPSecurityLevel.FULL */ || header.frameControlExt.securityLevel === 3 /* ZigbeeNWKGPSecurityLevel.FULLENCR */) { offset = data.writeUInt32LE(header.securityFrameCounter, offset); } } //-- here `offset` is "start of payload" return offset; } /** * 14-0563-19 Green Power, 9.3.3 (Nonce construction for CCM*) * * SPEC COMPLIANCE NOTES: * - ✅ Builds nonce ordering using SourceID/IEEE address rules per security level * - ✅ Applies direction-dependent control byte per GP CCM* definition * - ⚠️ Requires caller to provide IEEE source for AppID=ZGP frames arriving via proxy * DEVICE SCOPE: Green Power proxies, Green Power sinks */ function makeGPNonce(header, macSource64) { const nonce = Buffer.alloc(13 /* ZigbeeConsts.SEC_NONCE_LEN */); let offset = 0; if (header.frameControlExt.appId === 0 /* ZigbeeNWKGPAppId.DEFAULT */) { if (header.frameControlExt.direction === 0 /* ZigbeeNWKGPDirection.DIRECTION_FROM_ZGPD */) { offset = nonce.writeUInt32LE(header.sourceId, offset); } offset = nonce.writeUInt32LE(header.sourceId, offset); } else if (header.frameControlExt.appId === 2 /* ZigbeeNWKGPAppId.ZGP */) { const ieeeSource = header.source64 ?? macSource64; if (ieeeSource === undefined) { throw new Error("Zigbee NWK GP frame missing IEEE source for AppId=ZGP"); } offset = nonce.writeBigUInt64LE(ieeeSource, offset); } offset = nonce.writeUInt32LE(header.securityFrameCounter, offset); if (header.frameControlExt.appId === 2 /* ZigbeeNWKGPAppId.ZGP */ && header.frameControlExt.direction === 0 /* ZigbeeNWKGPDirection.DIRECTION_FROM_ZGPD */) { // Security level = 0b101, Key Identifier = 0x00, Extended nonce = 0b0, Reserved = 0b00 offset = nonce.writeUInt8(0xc5, offset); } else { // Security level = 0b101, Key Identifier = 0x00, Extended nonce = 0b0, Reserved = 0b11 offset = nonce.writeUInt8(0x05, offset); } return nonce; } /** * 14-0563-19 Green Power, 9.3 (Green Power security processing) * * SPEC COMPLIANCE NOTES: * - ✅ Authenticates and decrypts FULLENCR payloads via CCM*, validating MIC before returning * - ✅ Supports FULL security by verifying MIC when available (TODO path highlighted) * - ⚠️ Leaves ONELSB handling as TODO; callers should avoid enabling unsupported mode * DEVICE SCOPE: Green Power proxies, Green Power sinks */ function decodeZigbeeNWKGPPayload(data, offset, decryptKey, macSource64, _frameControl, header) { let authTag; let decryptedPayload; if (header.frameControlExt?.securityLevel === 3 /* ZigbeeNWKGPSecurityLevel.FULLENCR */) { const nonce = makeGPNonce(header, macSource64); [authTag, decryptedPayload] = (0, zigbee_js_1.aes128CcmStar)(header.micSize, decryptKey, nonce, data.subarray(offset)); const computedAuthTag = (0, zigbee_js_1.computeAuthTag)(data.subarray(0, offset), header.micSize, decryptKey, nonce, decryptedPayload); if (!computedAuthTag.equals(authTag)) { throw new Error("Auth tag mismatch while decrypting Zigbee NWK GP payload with FULLENCR security level"); } } else if (header.frameControlExt?.securityLevel === 2 /* ZigbeeNWKGPSecurityLevel.FULL */) { // TODO: Works against spec test vectors but not actual sniffed frame... // const nonce = makeGPNonce(header, macSource64); // [authTag] = aes128CcmStar(header.micSize, decryptKey, nonce, data.subarray(offset)); // const computedAuthTag = computeAuthTag(data.subarray(0, offset + header.payloadLength), header.micSize!, decryptKey, nonce, Buffer.alloc(0)); // if (!computedAuthTag.equals(authTag)) { // throw new Error("Auth tag mismatch while decrypting Zigbee NWK GP payload with FULL security level"); // } decryptedPayload = data.subarray(offset, offset + header.payloadLength); // no MIC } else { decryptedPayload = data.subarray(offset, offset + header.payloadLength); // no MIC // TODO mic/authTag? } if (!decryptedPayload) { throw new Error("Unable to decrypt Zigbee NWK GP payload"); } return decryptedPayload; } /** * 14-0563-19 Green Power, 9.3 (Green Power security processing) * * SPEC COMPLIANCE NOTES: * - ✅ Generates MIC and performs CCM* encryption for FULLENCR/FULL levels per spec * - ✅ Preserves payload ordering ahead of MIC bytes as required by GP sink behaviour * - ⚠️ Expects caller to preconfigure frameControlExt/securityFrameCounter correctly for nonce derivation * DEVICE SCOPE: Green Power proxies, Green Power sinks */ function encodeZigbeeNWKGPFrame(header, payload, decryptKey, macSource64) { let offset = 0; const data = Buffer.alloc(116 /* ZigbeeNWKGPConsts.FRAME_MAX_SIZE */); offset = encodeZigbeeNWKGPHeader(data, offset, header); if (header.frameControlExt?.securityLevel === 3 /* ZigbeeNWKGPSecurityLevel.FULLENCR */) { const nonce = makeGPNonce(header, macSource64); const decryptedData = Buffer.alloc(payload.byteLength + header.micSize); // payload + auth tag payload.copy(decryptedData, 0); const computedAuthTag = (0, zigbee_js_1.computeAuthTag)(data.subarray(0, offset), header.micSize, decryptKey, nonce, payload); computedAuthTag.copy(decryptedData, payload.byteLength); const [authTag, encryptedPayload] = (0, zigbee_js_1.aes128CcmStar)(header.micSize, decryptKey, nonce, decryptedData); offset += encryptedPayload.copy(data, offset); authTag.copy(data, offset); // at end offset += header.micSize; } else if (header.frameControlExt?.securityLevel === 2 /* ZigbeeNWKGPSecurityLevel.FULL */) { const nonce = makeGPNonce(header, macSource64); const decryptedData = Buffer.alloc(payload.byteLength + header.micSize); // payload + auth tag payload.copy(decryptedData, 0); offset += payload.copy(data, offset); const computedAuthTag = (0, zigbee_js_1.computeAuthTag)(data.subarray(0, offset), header.micSize, decryptKey, nonce, Buffer.alloc(0)); computedAuthTag.copy(decryptedData, payload.byteLength); const [authTag] = (0, zigbee_js_1.aes128CcmStar)(header.micSize, decryptKey, nonce, decryptedData); authTag.copy(data, offset); // at end offset += header.micSize; } else { offset += payload.copy(data, offset); } return data.subarray(0, offset); } //# sourceMappingURL=zigbee-nwkgp.js.map