From 103d40f78446345f6f5b705139492418cf6ee953 Mon Sep 17 00:00:00 2001
From: Michael Gernoth <michael@gernoth.net>
Date: Fri, 11 Sep 2015 13:00:34 +0200
Subject: [PATCH] flash-ota: add AES-support for culfw-devices

---
 .gitignore  |   2 +
 Makefile    |   2 +-
 flash-ota.c |  56 +++++++++++++++++++-------
 hm.c        | 114 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 hm.h        |   7 +++-
 5 files changed, 163 insertions(+), 18 deletions(-)
 create mode 100644 hm.c

diff --git a/.gitignore b/.gitignore
index d1ea703..df1fea6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,6 +10,8 @@ flash-ota.d
 flash-ota.o
 firmware.d
 firmware.o
+hm.d
+hm.o
 hmcfgusb.d
 hmcfgusb.o
 hmland
diff --git a/Makefile b/Makefile
index 4af4fe7..bd8fbf7 100644
--- a/Makefile
+++ b/Makefile
@@ -6,7 +6,7 @@ CC=gcc
 HMLAN_OBJS=hmcfgusb.o hmland.o util.o
 HMSNIFF_OBJS=hmcfgusb.o hmsniff.o
 FLASH_HMCFGUSB_OBJS=hmcfgusb.o firmware.o util.o flash-hmcfgusb.o
-FLASH_OTA_OBJS=hmcfgusb.o culfw.o firmware.o util.o flash-ota.o
+FLASH_OTA_OBJS=hmcfgusb.o culfw.o firmware.o util.o flash-ota.o hm.o aes.o
 
 OBJS=$(HMLAN_OBJS) $(HMSNIFF_OBJS) $(FLASH_HMCFGUSB_OBJS) $(FLASH_OTA_OBJS)
 
diff --git a/flash-ota.c b/flash-ota.c
index 9ffdeb8..953ed34 100644
--- a/flash-ota.c
+++ b/flash-ota.c
@@ -1,6 +1,6 @@
 /* flasher for HomeMatic-devices supporting OTA updates
  *
- * Copyright (c) 2014 Michael Gernoth <michael@gernoth.net>
+ * Copyright (c) 2014-15 Michael Gernoth <michael@gernoth.net>
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to
@@ -51,7 +51,7 @@ extern char *optarg;
 
 uint32_t hmid = 0;
 uint32_t my_hmid = 0;
-char key[16] = {0};
+uint8_t key[16] = {0};
 int32_t kNo = -1;
 
 /* Maximum payloadlen supported by IO */
@@ -179,6 +179,13 @@ static int parse_culfw(uint8_t *buf, int buf_len, void *data)
 				rdata->version |= v;
 			}
 			break;
+		case 'E':
+			{
+				if (!strncmp((char*)buf, "ERR:CCA", 7)) {
+					fprintf(stderr, "CCA didn't complete, too much traffic\n");
+				}
+				break;
+			}
 		default:
 			fprintf(stderr, "Unknown response from CUL: %s", buf);
 			return 0;
@@ -270,7 +277,7 @@ int send_hm_message(struct ota_dev *dev, struct recv_data *rdata, uint8_t *msg)
 				}
 
 				if (msg[CTL] & 0x20) {
-					int cnt = 3;
+					int cnt = 5;
 					int pfd;
 					do {
 						errno = 0;
@@ -284,18 +291,44 @@ int send_hm_message(struct ota_dev *dev, struct recv_data *rdata, uint8_t *msg)
 						if (rdata->message_type == MESSAGE_TYPE_E) {
 							if (rdata->message[TYPE] == 0x02) {
 								if (rdata->message[PAYLOAD] == 0x04) {
-									printf("AES request received but not implemented for culfw!\n");
+									int32_t req_kNo;
+									uint8_t challenge[6];
+									uint8_t respbuf[16];
+									uint8_t *resp;
+
+									req_kNo = rdata->message[rdata->message[LEN]] / 2;
+									memcpy(challenge, &(rdata->message[PAYLOAD+1]), 6);
+
+									if (req_kNo != kNo) {
+										fprintf(stderr, "AES request for unknown key %d!\n", req_kNo);
+									} else {
+										resp = hm_sign(key, challenge, msg, NULL, respbuf);
+										if (resp) {
+											uint8_t rbuf[64];
+
+											memset(rbuf, 0, sizeof(rbuf));
+											rbuf[MSGID] = rdata->message[MSGID];
+											rbuf[CTL] = rdata->message[CTL];
+											rbuf[TYPE] = 0x03;
+											SET_SRC(rbuf, DST(rdata->message));
+											SET_DST(rbuf, SRC(rdata->message));
+											memcpy(&(rbuf[PAYLOAD]), resp, 16);
+											SET_LEN_FROM_PAYLOADLEN(rbuf, 16);
+
+											return send_hm_message(dev, rdata, rbuf);
+										}
+									}
 								} else if (rdata->message[PAYLOAD] >= 0x80 && rdata->message[PAYLOAD] <= 0x8f) {
-									printf("NACK\n");
+									fprintf(stderr, "NACK\n");
 								} else {	/* ACK or ACKinfo */
 									break;
 								}
 							} else {
-								printf("Unexpected message received: ");
+								fprintf(stderr, "Unexpected message received: ");
 								for (i = 0; i < rdata->message[LEN]; i++) {
-									printf("%02x", rdata->message[i+1]);
+									fprintf(stderr, "%02x", rdata->message[i+1]);
 								}
-								printf("\n");
+								fprintf(stderr, "\n");
 							}
 						}
 					} while(cnt--);
@@ -368,7 +401,6 @@ void flash_ota_syntax(char *prog)
 	fprintf(stderr, "\t-C\t\tHMID of central (3 hex-bytes, no prefix, e.g. ABCDEF)\n");
 	fprintf(stderr, "\t-D\t\tHMID of device (3 hex-bytes, no prefix, e.g. 123456)\n");
 	fprintf(stderr, "\t-K\t\tKNO:KEY AES key-number and key (hex) separated by colon (Fhem hmKey attribute)\n");
-	fprintf(stderr, "\t\t\tAES is currently not supported when using a culfw-device!\n");
 }
 
 int main(int argc, char **argv)
@@ -476,12 +508,6 @@ int main(int argc, char **argv)
 	memset(&dev, 0, sizeof(struct ota_dev));
 
 	if (culfw_dev) {
-		if (kNo != -1) {
-			fprintf(stderr, "\nAES currently not supported with culfw-device!\n");
-			flash_ota_syntax(argv[0]);
-			exit(EXIT_FAILURE);
-		}
-
 		printf("Opening culfw-device at path %s with speed %u\n", culfw_dev, bps);
 		dev.culfw = culfw_init(culfw_dev, bps, parse_culfw, &rdata);
 		if (!dev.culfw) {
diff --git a/hm.c b/hm.c
new file mode 100644
index 0000000..818081f
--- /dev/null
+++ b/hm.c
@@ -0,0 +1,114 @@
+/* HomeMatic protocol-functions
+ *
+ * Copyright (c) 2014-15 Michael Gernoth <michael@gernoth.net>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <stdint.h>
+#include <string.h>
+#include <strings.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/time.h>
+
+#include "aes.h"
+#include "hexdump.h"
+#include "hm.h"
+
+static int debug = 0;
+
+uint8_t* hm_sign(uint8_t *key, uint8_t *challenge, uint8_t *m_frame, uint8_t *exp_auth, uint8_t *resp)
+{
+	uint8_t signkey[16];
+	WORD ks[60];
+	struct timeval tv;
+	int i;
+
+	printf("AES-request with challenge: %02x%02x%02x%02x%02x%02x\n",
+			challenge[0], challenge[1], challenge[2],
+			challenge[3], challenge[4], challenge[5]);
+
+	/*
+	 * Build signing key by XORing the first 6 bytes of
+	 * the key with the challenge.
+	 */
+	memcpy(signkey, key, sizeof(signkey));
+	for (i = 0; i < 6; i++) {
+		signkey[i] ^= challenge[i];
+	}
+	aes_key_setup(signkey, ks, 128);
+
+	/*
+	 * Generate payload for first encryption.
+	 */
+	gettimeofday(&tv, NULL);
+	resp[0] = tv.tv_sec >> 24 & 0xff;
+	resp[1] = tv.tv_sec >> 16 & 0xff;
+	resp[2] = tv.tv_sec >> 8 & 0xff;
+	resp[3] = tv.tv_sec & 0xff;
+	resp[4] = tv.tv_usec >> 8 & 0xff;
+	resp[5] = tv.tv_usec & 0xff;
+	memcpy(&(resp[6]), &(m_frame[MSGID]), 10);
+
+	if (debug)
+		hexdump(resp, 16, "P   > ");
+
+	aes_encrypt(resp, resp, ks, 128);
+
+	if (debug)
+		hexdump(resp, 16, "Pe  > ");
+
+	/*
+	 * Device has to answer with the first 4 bytes of the
+	 * encrypted payload to authenticate, so pass them to
+	 * the caller.
+	 */
+
+	if (exp_auth) {
+		memcpy(exp_auth, resp, 4);
+	}
+
+	/*
+	 * XOR parameters of the m_frame to the payload.
+	 */
+	for (i = 0; i < PAYLOADLEN(m_frame) - 1; i++) {
+		if (i == 16) {
+			break;
+		}
+
+		resp[i] ^= m_frame[PAYLOAD + 1+ i];
+	}
+
+	if (debug)
+		hexdump(resp, 16, "Pe^ > ");
+
+	/*
+	 * Encrypt payload again
+	 */
+	aes_encrypt(resp, resp, ks, 128);
+
+	if (debug)
+		hexdump(resp, 16, "Pe^e> ");
+
+	return resp;
+}
diff --git a/hm.h b/hm.h
index d0d7147..af98626 100644
--- a/hm.h
+++ b/hm.h
@@ -1,6 +1,6 @@
-/* HomeMatic defines
+/* HomeMatic defines and functions
  *
- * Copyright (c) 2014 Michael Gernoth <michael@gernoth.net>
+ * Copyright (c) 2014-15 Michael Gernoth <michael@gernoth.net>
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to
@@ -34,3 +34,6 @@
 #define SET_DST(buf, dst)	do { buf[0x07] = (dst >> 16) & 0xff; buf[0x08] = (dst >> 8) & 0xff; buf[0x09] = dst & 0xff; } while(0)
 
 #define SET_LEN_FROM_PAYLOADLEN(buf, payloadlen)	do { buf[0x00] = payloadlen + 0x09; } while(0)
+#define PAYLOADLEN(buf)					(buf[0x00] - 0x09)
+
+uint8_t* hm_sign(uint8_t *key, uint8_t *challenge, uint8_t *m_frame, uint8_t *exp_auth, uint8_t *resp);
-- 
2.39.2