Thread bootstrap improvements (ARMmbed#1699)

Tero Heinonen · web-flow · commit 44110a15b8d9 · 2018-05-11T14:21:47.000+03:00
Improvements for Thread bootstrap sequesnces.
diff --git a/source/6LoWPAN/Thread/thread_extension_bootstrap.c b/source/6LoWPAN/Thread/thread_extension_bootstrap.c
@@ -38,6 +38,7 @@
 #include "common_functions.h"
 #include "coap_service_api.h"
 #include "thread_meshcop_lib.h"
+#include "randLIB.h"
 #include "6LoWPAN/Thread/thread_common.h"
 #include "6LoWPAN/Thread/thread_bootstrap.h"
 #include "6LoWPAN/Thread/thread_joiner_application.h"
@@ -171,6 +172,25 @@ static int thread_joiner_application_simple_enroll_response_cb(int8_t service_id
 
     return 0;
 }
+
+static int thread_joiner_application_csrattrs_response_cb(int8_t service_id, uint8_t source_address[static 16], uint16_t source_port, sn_coap_hdr_s *response_ptr)
+{
+    (void) response_ptr;
+
+    protocol_interface_info_entry_t *cur = protocol_stack_interface_info_get_by_id(thread_extension_bootstrap_find_id_by_service(service_id));
+
+    if (!cur || !cur->thread_info) {
+        return -1;
+    }
+    tr_info("Receiving csrattrs response sending simpleenroll");
+
+    // TODO add certificate template to this message with included Private/Public key pair
+    coap_service_request_send(service_id, COAP_REQUEST_OPTIONS_SECURE_BYPASS, source_address, source_port,
+                              COAP_MSG_TYPE_CONFIRMABLE, COAP_MSG_CODE_REQUEST_POST, ".well-known/est/simpleenroll", THREAD_CONTENT_FORMAT_PKCS10, NULL, 0, thread_joiner_application_simple_enroll_response_cb);
+
+    return 0;
+}
+
 static int thread_joiner_application_rat_response_cb(int8_t service_id, uint8_t source_address[static 16], uint16_t source_port, sn_coap_hdr_s *response_ptr)
 {
     (void) response_ptr;
@@ -180,17 +200,52 @@ static int thread_joiner_application_rat_response_cb(int8_t service_id, uint8_t
     if (!cur || !cur->thread_info) {
         return -1;
     }
-    tr_info("Receiving RAT response sending simpleenroll");
+    tr_info("Receiving RAT response sending csrattrs request");
+    // TODO Parse CA certificate from RAT response
+
+    // TODO Verify nonce
 
     // TODO add certificate template to this message with included Private/Public key pair
     coap_service_request_send(service_id, COAP_REQUEST_OPTIONS_SECURE_BYPASS, source_address, source_port,
-                              COAP_MSG_TYPE_CONFIRMABLE, COAP_MSG_CODE_REQUEST_POST, ".well-known/est/simpleenroll", COAP_CT_OCTET_STREAM, NULL, 0, thread_joiner_application_simple_enroll_response_cb);
+                              COAP_MSG_TYPE_CONFIRMABLE, COAP_MSG_CODE_REQUEST_GET, ".well-known/est/csrattrs", COAP_CT_NONE, NULL, 0, thread_joiner_application_csrattrs_response_cb);
 
     return 0;
 }
+
+static int thread_joiner_application_rat_request_build(uint8_t *rat_payload, int length)
+{
+    uint8_t *ptr = rat_payload;
+
+    if (length < 25) {
+        return 0;
+    }
+
+    *rat_payload++ = 0xa2;      // map (2)
+
+    // text (7) "version" + unsigned (1) "1"
+    *rat_payload++ = 0x67;
+    memcpy(rat_payload, "version", 7);
+    rat_payload += 7;
+    *rat_payload++ = 0x01;
+
+    // text (5) "nonce" + bytes (8) random nonce
+    // todo: save nonce to verify response against reply.
+    *rat_payload++ = 0x65;
+    memcpy(rat_payload, "nonce", 5);
+    rat_payload += 5;
+
+    *rat_payload++ = 0x48;
+    common_write_64_bit(randLIB_get_64bit(), rat_payload);
+    rat_payload += 8;
+
+    return rat_payload - ptr;
+}
+
 static int thread_joiner_application_ae_commission_start(int8_t interface_id, uint8_t parent_address[16], uint16_t port, thread_joiner_application_commission_done_cb *done_cb)
 {
     protocol_interface_info_entry_t *cur = protocol_stack_interface_info_get_by_id(interface_id);
+    uint8_t rat_payload[25];
+    int rat_len;
 
     if (!done_cb || !cur) {
         return -1;
@@ -209,9 +264,15 @@ static int thread_joiner_application_ae_commission_start(int8_t interface_id, ui
     memcpy(thread_info(cur)->extension_credentials_ptr->ccm_addr, parent_address, 16);
     thread_info(cur)->extension_credentials_ptr->ccm_port = port;
 
+    rat_len = thread_joiner_application_rat_request_build(rat_payload, sizeof(rat_payload));
+    if (rat_len == 0) {
+        tr_debug("RAT request payload build failed");
+        return -1;
+    }
+
     // todo: This might not be needed if no extra certificate processing made by device and should directly call simpleenroll
     coap_service_request_send(thread_info(cur)->extension_credentials_ptr->coap_service_secure_session_id, COAP_REQUEST_OPTIONS_SECURE_BYPASS, parent_address, port,
-                              COAP_MSG_TYPE_CONFIRMABLE, COAP_MSG_CODE_REQUEST_POST, ".well-known/est/rat", COAP_CT_OCTET_STREAM, NULL, 0, thread_joiner_application_rat_response_cb);
+                              COAP_MSG_TYPE_CONFIRMABLE, COAP_MSG_CODE_REQUEST_POST, ".well-known/est/rat", THREAD_CONTENT_FORMAT_AUDITNONCE, rat_payload, rat_len, thread_joiner_application_rat_response_cb);
 
     return 0;
 }
diff --git a/source/6LoWPAN/Thread/thread_extension_constants.h b/source/6LoWPAN/Thread/thread_extension_constants.h
@@ -106,6 +106,8 @@ typedef struct discovery_additional_info {
 #define TMFCOP_TLV_SEQUENCE_NUMBER                         13
 #define TMFCOP_TLV_IPV6_ADDRESS                            14
 
+#define THREAD_CONTENT_FORMAT_AUDITNONCE                   (sn_coap_content_format_e)65000
+#define THREAD_CONTENT_FORMAT_PKCS10                       (sn_coap_content_format_e)65003
 
 #define THREAD_VERSION_1_2 3
 
