Thread extension commission updates (#1870)

Author: Tero Heinonen

source/6LoWPAN/Thread/thread_extension.c

@@ -210,9 +210,7 @@ static void thread_extension_reset_timeout_cb(void *arg)
     // Delete all domain stuff and start discovery.
     thread_extension_bootstrap_network_certificate_set(cur, NULL, 0);
     thread_extension_bootstrap_network_private_key_set(cur, NULL, 0);
-    thread_nvm_store_active_configuration_remove();
     thread_nvm_store_mleid_rloc_map_remove();
-    thread_nvm_store_pending_configuration_remove();
     thread_nvm_store_link_info_clear();
     thread_joiner_application_link_configuration_delete(cur->id);
     thread_bootstrap_connection_error(cur->id, CON_ERROR_NETWORK_KICK, NULL);
@@ -295,8 +293,6 @@ static int thread_extension_reenroll_req_cb(int8_t service_id, uint8_t source_ad
         goto send_response;
     }
 
-
-
     thread_extension_bootstrap_reenrollment_start(cur, service_id, pbbr_addr);
 
 send_response:

source/6LoWPAN/Thread/thread_extension_bbr.c

@@ -69,6 +69,7 @@
 typedef struct {
     uint8_t pbbr_multicast_address[16];
     uint8_t tri_address[16];
+    uint8_t registrar_address[16];
     uint8_t domain_prefix[8];
     uint32_t mlr_timeout;
     uint32_t delay_timer;
@@ -317,6 +318,7 @@ static int thread_pbbr_data_req_recv_cb(int8_t service_id, uint8_t source_addres
     (void) source_port;
 
     uint8_t payload_ptr[18] = {0};
+    uint8_t *address_ptr;
     uint8_t *request_tlv_ptr;
     uint16_t request_tlv_len;
     uint8_t *ptr = payload_ptr;
@@ -326,6 +328,8 @@ static int thread_pbbr_data_req_recv_cb(int8_t service_id, uint8_t source_addres
         return -1;
     }
 
+    tr_debug("MGMT_BBR_GET.req received");
+
     request_tlv_len = thread_tmfcop_tlv_find(request_ptr->payload_ptr, request_ptr->payload_len, MESHCOP_TLV_GET, &request_tlv_ptr);
 
     if (0 == request_tlv_len) {
@@ -335,7 +339,14 @@ static int thread_pbbr_data_req_recv_cb(int8_t service_id, uint8_t source_addres
 
     if (thread_meshcop_tlv_list_type_available(request_tlv_ptr, request_tlv_len, MESHCOP_TLV_REGISTRAR_IPV6_ADDRESS)) {
         tr_debug("Registrar IPv6 address requested");
-        ptr = thread_meshcop_tlv_data_write(ptr, MESHCOP_TLV_REGISTRAR_IPV6_ADDRESS, 16, this->tri_address);
+        // If registrar address is not set, return TRI address
+        if (addr_is_ipv6_unspecified(this->registrar_address)) {
+            address_ptr = this->tri_address;
+        } else {
+            address_ptr = this->registrar_address;
+        }
+
+        ptr = thread_meshcop_tlv_data_write(ptr, MESHCOP_TLV_REGISTRAR_IPV6_ADDRESS, 16, address_ptr);
     }
 
     coap_service_response_send(this->coap_service_id, COAP_REQUEST_OPTIONS_NONE, request_ptr, COAP_MSG_CODE_RESPONSE_CHANGED, COAP_CT_OCTET_STREAM, payload_ptr, ptr - payload_ptr);
@@ -348,6 +359,35 @@ static int thread_pbbr_data_set_recv_cb(int8_t service_id, uint8_t source_addres
     (void) source_address;
     (void) source_port;
 
+    uint8_t response[3] = {0};
+    uint8_t *ptr = response;
+    int8_t response_code = -1;
+    uint8_t *registrar_addr = NULL;
+    thread_pbbr_t *this = thread_border_router_find_by_service(service_id);
+
+    if (!request_ptr || !this) {
+        return -1;
+    }
+
+    tr_debug("MGMT_BBR_SET.req received");
+
+    if (16 == thread_meshcop_tlv_find(request_ptr->payload_ptr, request_ptr->payload_len, MESHCOP_TLV_REGISTRAR_IPV6_ADDRESS, &registrar_addr)) {
+        memcpy(this->registrar_address, registrar_addr, 16);
+        response_code = 1;
+    }
+
+    ptr = thread_meshcop_tlv_data_write_uint8(response, MESHCOP_TLV_STATE, response_code);
+
+    coap_service_response_send(service_id, COAP_REQUEST_OPTIONS_NONE, request_ptr, COAP_MSG_CODE_RESPONSE_CHANGED, COAP_CT_OCTET_STREAM, response, ptr - response);
+
+    return 0;
+}
+
+static int thread_pbbr_sec_data_set_recv_cb(int8_t service_id, uint8_t source_address[static 16], uint16_t source_port, sn_coap_hdr_s *request_ptr)
+{
+    (void) source_address;
+    (void) source_port;
+
     uint8_t response[3] = {0};
     uint8_t *ptr = response;
 
@@ -1144,7 +1184,9 @@ static int thread_extension_bbr_pbbr_start(thread_pbbr_t *this)
     coap_service_register_uri(this->coap_service_id, THREAD_URI_BBR_NMK_RX_NTF, COAP_SERVICE_ACCESS_POST_ALLOWED, thread_pbbr_nmkp_relay_rx_recv_cb);
     // Register BBR data request URI
     coap_service_register_uri(this->coap_service_id, THREAD_URI_BBR_DATA_REQ, COAP_SERVICE_ACCESS_GET_ALLOWED, thread_pbbr_data_req_recv_cb);
-    coap_service_register_uri(this->coap_service_id, THREAD_URI_BBR_DATA_SET, COAP_SERVICE_ACCESS_GET_ALLOWED, thread_pbbr_data_set_recv_cb);
+    coap_service_register_uri(this->coap_service_id, THREAD_URI_BBR_DATA_SET, COAP_SERVICE_ACCESS_POST_ALLOWED, thread_pbbr_data_set_recv_cb);
+    coap_service_register_uri(this->coap_service_id, THREAD_URI_MGMT_SEC_PENDING_SET, COAP_SERVICE_ACCESS_POST_ALLOWED, thread_pbbr_sec_data_set_recv_cb);
+
 
     // create secure service for Network master key provisioning
     this->coap_nmkp_virtual_service_id = coap_service_initialize(this->interface_id, THREAD_MANAGEMENT_PORT, COAP_SERVICE_OPTIONS_SECURE | COAP_SERVICE_OPTIONS_VIRTUAL_SOCKET, thread_pbbr_pskd_security_start_cb, NULL);
@@ -1181,7 +1223,8 @@ int8_t thread_extension_bbr_init(int8_t interface_id, int8_t backbone_interface_
     this->delay_timer = THREAD_BBR_DUA_REGISTRATION_DELAY;
     this->pbbr_started = false;
     memcpy(this->pbbr_multicast_address, ADDR_LINK_LOCAL_ALL_ROUTERS, 16);
-    this->pbbr_port = THREAD_BBR_BACKBONE_PORT;
+    this->pbbr_port = THREAD_BBR_BACKBONE_PORT;    
+    memset(this->registrar_address, 0, 16);
     memcpy(this->tri_address, ADDR_LINK_LOCAL_ALL_ROUTERS, 16);
     this->tri_port = THREAD_BBR_BACKBONE_PORT;
     this->joiner_router_rloc = 0xffff;

source/6LoWPAN/Thread/thread_extension_bootstrap.c

@@ -46,6 +46,7 @@
 #include "6LoWPAN/Thread/thread_extension_bootstrap.h"
 #include "6LoWPAN/Thread/thread_extension_constants.h"
 #include "6LoWPAN/Thread/thread_management_server.h"
+#include "6LoWPAN/Thread/thread_nvm_store.h"
 
 
 /*
@@ -71,12 +72,14 @@ typedef struct thread_extension_credentials {
 
     int8_t coap_service_secure_session_id;
     int8_t interface_id;
+    bool reattach_ongoing;
 
     ns_list_link_t link;
 } thread_ccm_credentials_t;
 
 #ifdef HAVE_THREAD_V2
 
+#if 1
 /* Hardcoded CSR request */
 static const unsigned char csr_request[215] = {
     0x30, 0x81, 0xd4, 0x30, 0x7c, 0x02, 0x01, 0x00, 0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
@@ -94,6 +97,25 @@ static const unsigned char csr_request[215] = {
     0x63, 0xea, 0xe3, 0xd2, 0xf1, 0x50, 0x48, 0x56, 0xdf, 0x6b, 0xcf, 0xc4, 0x31, 0xc4, 0xcf, 0xbc,
     0x26, 0xe3, 0x5a, 0x74, 0x62, 0x0f, 0x70
 };
+#else
+/* CSR request with CBOR header*/
+static const unsigned char csr_request[244] = {
+    0x58, 0xf2, 0x30, 0x81, 0xef, 0x30, 0x81, 0x95, 0x02, 0x01, 0x01, 0x30, 0x33, 0x31, 0x1c, 0x30, 0x1a, 0x06,
+    0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x4c, 0x69, 0x67, 0x68, 0x74, 0x69, 0x66, 0x79, 0x20, 0x50, 0x72, 0x6f,
+    0x20, 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0a,
+    0x4f, 0x53, 0x52, 0x41, 0x4d, 0x20, 0x47, 0x6d, 0x62, 0x48, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
+    0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00,
+    0x04, 0xd8, 0x19, 0x64, 0x07, 0xca, 0x38, 0x01, 0x62, 0xfd, 0x7e, 0xe7, 0x07, 0x8d, 0x21, 0x50, 0x0b, 0x9f,
+    0x00, 0x71, 0x26, 0xaa, 0x55, 0x2a, 0x44, 0x9b, 0xe8, 0xfd, 0xfb, 0x0e, 0x8d, 0x41, 0x01, 0xf2, 0x7b, 0x2e,
+    0x7b, 0xe4, 0x4f, 0x35, 0x00, 0x0b, 0x1f, 0xbc, 0x86, 0x57, 0xa1, 0x69, 0x32, 0x49, 0xcf, 0xd7, 0x2f, 0x0b,
+    0xfa, 0x22, 0x44, 0x0b, 0x6f, 0xf4, 0xb5, 0xbd, 0x0f, 0x20, 0xab, 0xa0, 0x00, 0x30, 0x0a, 0x06, 0x08, 0x2a,
+    0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xb5, 0xa2, 0x8b,
+    0xf9, 0xbf, 0x7d, 0x2c, 0x72, 0x3e, 0xf0, 0xad, 0x1e, 0x38, 0x28, 0xc0, 0xa3, 0xe8, 0xd6, 0x70, 0x9a, 0x2a,
+    0xf8, 0x1d, 0x33, 0x9d, 0xbb, 0x6c, 0x4f, 0x7c, 0x81, 0xb6, 0x71, 0x02, 0x21, 0x00, 0xba, 0x74, 0x50, 0xad,
+    0x27, 0x2e, 0x00, 0x71, 0x68, 0x7f, 0xe0, 0x2c, 0x8c, 0x1b, 0x6f, 0x95, 0x8c, 0x58, 0x1e, 0xe7, 0xe3, 0xa5,
+    0x50, 0xca, 0x12, 0x0a, 0x60, 0x56, 0xd2, 0x3a, 0xe2, 0xeb
+}
+#endif
 
 /*
  * Private key for certificate m_device_nxp_sn_and_8021ar.cert.pem -> test registrar will return this as default
@@ -155,19 +177,29 @@ static void thread_extension_bootstrap_attach_cb(void *arg)
     if (!this) {
         return;
     }
-    // Cleaning up the joining information
-    if (this->ccm_done_cb) {// This is successfull
-        this->ccm_done_cb(this->interface_id);
+    if (this->reattach_ongoing) {
+        this->reattach_ongoing = false;
+        thread_nvm_store_mleid_rloc_map_remove();
+        thread_nvm_store_link_info_clear();
+        thread_joiner_application_link_configuration_delete(this->interface_id);
+        thread_bootstrap_connection_error(this->interface_id, CON_ERROR_NETWORK_KICK, NULL);
+    } else {
+        // Cleaning up the joining information
+        if (this->ccm_done_cb) {// This is successfull
+            this->ccm_done_cb(this->interface_id);
+        }
     }
 }
 
-int8_t thread_extension_bootstrap_network_reattach(int8_t interface_id, uint16_t timeout)
+int8_t thread_extension_bootstrap_network_reattach(int8_t service_id, uint16_t timeout, bool clear_data)
 {
-    thread_ccm_credentials_t *this = thread_extension_bootstrap_find_by_service(interface_id);
+    thread_ccm_credentials_t *this = thread_extension_bootstrap_find_by_service(service_id);
     if (!this) {
         return -1;
     }
 
+    this->reattach_ongoing = clear_data;
+
     // re-attach in any case and close the secure connection
     this->attach_timeout = eventOS_timeout_ms(thread_extension_bootstrap_attach_cb, timeout, this);
 
@@ -185,26 +217,14 @@ static int commercial_bootstrap_security_start_cb(int8_t service_id, uint8_t add
 
     return 0;
 }
-static int thread_joiner_application_simple_enroll_response_cb(int8_t service_id, uint8_t source_address[static 16], uint16_t source_port, sn_coap_hdr_s *response_ptr)
+
+static int thread_extension_bootstrap_enroll_parse(protocol_interface_info_entry_t *cur, uint8_t *payload_ptr, uint16_t payload_len)
 {
-    (void) source_address;
-    (void) source_port;
     uint8_t *ptr;
     uint16_t len, flen;
 
-    // re-attach in any case and close the secure connection
-    thread_extension_bootstrap_network_reattach(service_id, 1000);
-    coap_service_close_secure_connection(service_id, source_address, source_port);
-
-    protocol_interface_info_entry_t *cur = protocol_stack_interface_info_get_by_id(thread_extension_bootstrap_find_id_by_service(service_id));
-
-    tr_debug("Simple enrollment received len:%d - %s", response_ptr->payload_len, trace_array(response_ptr->payload_ptr, response_ptr->payload_len));
-
-    if (!cur || !cur->thread_info || !response_ptr) {
-        return -1;
-    }
-    ptr = response_ptr->payload_ptr;
-    len = response_ptr->payload_len;
+    ptr = payload_ptr;
+    len = payload_len;
     // CBOR format check
     if (*ptr == 0x58) {
         flen = *(ptr + 1);
@@ -224,6 +244,27 @@ static int thread_joiner_application_simple_enroll_response_cb(int8_t service_id
         tr_warn("ae response parse failed, len %d != %d", len, flen);
     }
 
+    return 0;
+}
+
+static int thread_joiner_application_simple_enroll_response_cb(int8_t service_id, uint8_t source_address[static 16], uint16_t source_port, sn_coap_hdr_s *response_ptr)
+{
+    (void) source_address;
+    (void) source_port;
+
+    // re-attach in any case and close the secure connection
+    thread_extension_bootstrap_network_reattach(service_id, 1000, false);
+    coap_service_close_secure_connection(service_id, source_address, source_port);
+
+    protocol_interface_info_entry_t *cur = protocol_stack_interface_info_get_by_id(thread_extension_bootstrap_find_id_by_service(service_id));
+
+    tr_debug("Simple enrollment received len:%d - %s",response_ptr->payload_len,trace_array(response_ptr->payload_ptr, response_ptr->payload_len));
+
+    if (!cur || !cur->thread_info || !response_ptr) {
+        return -1;
+    }
+
+    thread_extension_bootstrap_enroll_parse(cur, response_ptr->payload_ptr, response_ptr->payload_len);
 
     return 0;
 }
@@ -398,7 +439,7 @@ static int thread_joiner_application_nmkp_response_cb(int8_t service_id, uint8_t
     tr_debug("nmkp provisioning done");
 
     // re-attach in any case and close the secure connection
-    thread_extension_bootstrap_network_reattach(service_id, 1000);
+    thread_extension_bootstrap_network_reattach(service_id, 1000, false);
     coap_service_close_secure_connection(service_id, source_address, source_port);
 
     // CoAP message failed - try to reattach
@@ -682,18 +723,24 @@ static int thread_extension_reenroll_resp_cb(int8_t service_id, uint8_t source_a
     (void) service_id;
     (void) source_address;
     (void) source_port;
+    protocol_interface_info_entry_t *cur = protocol_stack_interface_info_get_by_id(thread_extension_bootstrap_find_id_by_service(service_id));
 
-    if (!response_ptr) {
-        tr_debug("No response to re-enroll req");
+    // Close secure connection
+    coap_service_close_secure_connection(service_id, source_address, source_port);
+
+    if (!response_ptr || !cur) {
+        tr_debug("re-enroll failed");
         return -1;
     }
 
     tr_debug("re-enroll resp len %d", response_ptr->payload_len);
 
-    // todo:check & update new certificate
-
-    // Close secure connection
-    coap_service_close_secure_connection(service_id, source_address, source_port);
+    // todo:check new certificate
+    // Update certificate
+    if (0 == thread_extension_bootstrap_enroll_parse(cur, response_ptr->payload_ptr, response_ptr->payload_len)) {
+        // start NMKP with new certificates
+        thread_extension_bootstrap_network_reattach(service_id, 5000, true);
+    }
 
     return 0;
 }

source/6LoWPAN/Thread/thread_extension_bootstrap.h

@@ -58,8 +58,6 @@ int thread_extension_bootstrap_network_certificate_enable(protocol_interface_inf
 
 int thread_extension_bootstrap_reenrollment_start(protocol_interface_info_entry_t *cur, int8_t service_id, uint8_t *pbbr_addr);
 
-int8_t thread_extension_bootstrap_network_reattach(int8_t interface_id, uint16_t timeout);
-
 #else
 #define thread_extension_bootstrap_free(cur);
 #define thread_extension_bootstrap_device_certificate_set(cur, device_certificate_ptr, device_certificate_len, priv_key_ptr, priv_key_len) (-1)

source/6LoWPAN/Thread/thread_extension_constants.h

@@ -69,6 +69,7 @@ typedef struct discovery_additional_info {
 #define THREAD_URI_BBR_BB_QRY_NTF               "b/bq"  //<* Backbone border router
 #define THREAD_URI_BBR_BB_ANS_NTF               "b/ba"  //<* Backbone border router
 #define THREAD_URI_BBR_NMKP_REQ                 "c/cjf"  //<* Backbone border router
+#define THREAD_URI_MGMT_SEC_PENDING_SET         "c/sp"   //<* Secure Dissemination of Pending Operational Dataset
 
 #define THREAD_URI_REENROLL_REQ                 "c/re"  //<* Device re-enrollment request
 #define THREAD_URI_RESET_REQ                    "c/rt"  //<* Device reset request - instruct to remove itself from Thread domain