Package org.openremote.agent.protocol.bluetooth.mesh.utils

Class SecureUtils

java.lang.Object
org.openremote.agent.protocol.bluetooth.mesh.utils.SecureUtils
public class SecureUtils extends Object

  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Class
    Description
    static class 
    SecureUtils.K2Output
     

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final int
    ENC_K4_OUTPUT_MASK
    Output mask for K4
    static final byte[]
    K2_MASTER_INPUT
    K2 Master input
    static final Logger
    LOG
     
    protected static final byte[]
    NONCE_PADDING
     
    static int
    NRF_MESH_KEY_SIZE
     
    static final byte[]
    PRCK
    Used to calculate the confirmation key
    static final byte[]
    PRDK
    Used to calculate the device key
    static final byte[]
    PRSK
    Used to calculate the session key
    static final byte[]
    PRSN
    Used to calculate the session nonce
    protected static final byte[]
    SALT_KEY
     
    static final byte[]
    SMK2
    Salt input for K2
    static final byte[]
    SMK3
    Salt input for K3
    static final byte[]
    SMK3_DATA
    Input for K3 data
    static final byte[]
    SMK4
    Salt input for K4
    static final byte[]
    SMK4_DATA
    Input for K4 data

  • Constructor Summary

    Constructors
    Constructor
    Description
    SecureUtils()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    static byte[]
    calculateAuthValueSecureNetBeacon(byte[] n, int flags, byte[] networkId, int ivIndex)
    Calculates the authentication value of secure network beacon
    static byte[]
    calculateBeaconKey(byte[] n)
    Calculates the beacon key
    static byte[]
    calculateCMAC(byte[] data, byte[] key)
     
    static byte[]
    calculateHash(byte[] identityKey, byte[] random, byte[] src)
    Calculates hash value for advertising with node id
    static byte[]
    calculateIdentityKey(byte[] n)
    Calculates the identity key
    static byte[]
    calculateK1(byte[] ecdh, byte[] confirmationSalt, byte[] text)
     
    static SecureUtils.K2Output
    calculateK2(byte[] data, byte[] p)
    Calculate k2
    static byte[]
    calculateK3(byte[] n)
    Calculate k3
    static byte
    calculateK4(byte[] n)
    Calculate k4
    static byte[]
    calculateSalt(byte[] data)
     
    static byte[]
    calculateSecureNetworkBeacon(byte[] n, int beaconType, int flags, byte[] networkId, int ivIndex)
    Calculates the secure network beacon
    static SecureNetworkBeacon
    createSecureNetworkBeacon(byte[] n, int flags, byte[] networkId, int ivIndex)
    Creates the secure network beacon
    static byte[]
    decryptCCM(@jakarta.validation.constraints.NotNull byte[] data, @jakarta.validation.constraints.NotNull byte[] key, @jakarta.validation.constraints.NotNull byte[] nonce, @jakarta.validation.constraints.NotNull byte[] additionalData, int micSize)
     
    static byte[]
    decryptCCM(@jakarta.validation.constraints.NotNull byte[] data, @jakarta.validation.constraints.NotNull byte[] key, @jakarta.validation.constraints.NotNull byte[] nonce, int micSize)
     
    static byte[]
    encryptCCM(@jakarta.validation.constraints.NotNull byte[] data, @jakarta.validation.constraints.NotNull byte[] key, @jakarta.validation.constraints.NotNull byte[] nonce, @jakarta.validation.constraints.NotNull byte[] additionalData, int micSize)
     
    static byte[]
    encryptCCM(@jakarta.validation.constraints.NotNull byte[] data, @jakarta.validation.constraints.NotNull byte[] key, @jakarta.validation.constraints.NotNull byte[] nonce, int micSize)
     
    static byte[]
    encryptWithAES(byte[] data, byte[] key)
     
    static String
    generateRandomApplicationKey()
     
    static String
    generateRandomNetworkKey()
     
    static byte[]
    generateRandomNumber()
     
    static int
    getNetMicLength(int ctl)
     
    static int
    getTransMicLength(int aszmic)
    Gets the transport MIC length based on the aszmic value

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • LOG

      public static final Logger LOG

    • PRCK

      public static final byte[] PRCK
      Used to calculate the confirmation key

    • PRSK

      public static final byte[] PRSK
      Used to calculate the session key

    • PRSN

      public static final byte[] PRSN
      Used to calculate the session nonce

    • PRDK

      public static final byte[] PRDK
      Used to calculate the device key

    • K2_MASTER_INPUT

      public static final byte[] K2_MASTER_INPUT
      K2 Master input

    • SMK2

      public static final byte[] SMK2
      Salt input for K2

    • SMK3

      public static final byte[] SMK3
      Salt input for K3

    • SMK3_DATA

      public static final byte[] SMK3_DATA
      Input for K3 data

    • SMK4

      public static final byte[] SMK4
      Salt input for K4

    • SMK4_DATA

      public static final byte[] SMK4_DATA
      Input for K4 data

    • ENC_K4_OUTPUT_MASK

      public static final int ENC_K4_OUTPUT_MASK
      Output mask for K4
      See Also:

    • SALT_KEY

      protected static final byte[] SALT_KEY

    • NONCE_PADDING

      protected static final byte[] NONCE_PADDING

    • NRF_MESH_KEY_SIZE

      public static int NRF_MESH_KEY_SIZE

  • Constructor Details

    • SecureUtils

      public SecureUtils()

  • Method Details

    • generateRandomNumber

      public static byte[] generateRandomNumber()

    • generateRandomNetworkKey

      public static String generateRandomNetworkKey()

    • generateRandomApplicationKey

      public static String generateRandomApplicationKey()

    • calculateSalt

      public static byte[] calculateSalt(byte[] data)

    • calculateCMAC

      public static byte[] calculateCMAC(byte[] data, byte[] key)

    • encryptCCM

      public static byte[] encryptCCM(@NotNull @jakarta.validation.constraints.NotNull byte[] data, @NotNull @jakarta.validation.constraints.NotNull byte[] key, @NotNull @jakarta.validation.constraints.NotNull byte[] nonce, int micSize)

    • encryptCCM

      public static byte[] encryptCCM(@NotNull @jakarta.validation.constraints.NotNull byte[] data, @NotNull @jakarta.validation.constraints.NotNull byte[] key, @NotNull @jakarta.validation.constraints.NotNull byte[] nonce, @NotNull @jakarta.validation.constraints.NotNull byte[] additionalData, int micSize)

    • decryptCCM

      public static byte[] decryptCCM(@NotNull @jakarta.validation.constraints.NotNull byte[] data, @NotNull @jakarta.validation.constraints.NotNull byte[] key, @NotNull @jakarta.validation.constraints.NotNull byte[] nonce, int micSize) throws org.bouncycastle.crypto.InvalidCipherTextException
      Throws:
      org.bouncycastle.crypto.InvalidCipherTextException

    • decryptCCM

      public static byte[] decryptCCM(@NotNull @jakarta.validation.constraints.NotNull byte[] data, @NotNull @jakarta.validation.constraints.NotNull byte[] key, @NotNull @jakarta.validation.constraints.NotNull byte[] nonce, @NotNull @jakarta.validation.constraints.NotNull byte[] additionalData, int micSize) throws org.bouncycastle.crypto.InvalidCipherTextException
      Throws:
      org.bouncycastle.crypto.InvalidCipherTextException

    • calculateK1

      public static byte[] calculateK1(byte[] ecdh, byte[] confirmationSalt, byte[] text)

    • calculateK2

      public static SecureUtils.K2Output calculateK2(byte[] data, byte[] p)
      Calculate k2
      Parameters:
      data - network key
      p - master input

    • calculateK3

      public static byte[] calculateK3(byte[] n)
      Calculate k3
      Parameters:
      n - network key

    • calculateK4

      public static byte calculateK4(byte[] n)
      Calculate k4
      Parameters:
      n - key

    • calculateIdentityKey

      public static byte[] calculateIdentityKey(byte[] n)
      Calculates the identity key
      Parameters:
      n - network key
      Returns:
      hash value

    • calculateBeaconKey

      public static byte[] calculateBeaconKey(byte[] n)
      Calculates the beacon key
      Parameters:
      n - network key
      Returns:
      hash value

    • calculateAuthValueSecureNetBeacon

      public static byte[] calculateAuthValueSecureNetBeacon(byte[] n, int flags, byte[] networkId, int ivIndex)
      Calculates the authentication value of secure network beacon
      Parameters:
      n - network key
      flags - flags
      networkId - network id of the network
      ivIndex - ivindex of the network

    • createSecureNetworkBeacon

      public static SecureNetworkBeacon createSecureNetworkBeacon(byte[] n, int flags, byte[] networkId, int ivIndex)
      Creates the secure network beacon
      Parameters:
      n - network key
      flags - network flags, this represents the current state of hte network if key refresh/iv update is ongoing or complete
      networkId - unique id of the network
      ivIndex - iv index of the network

    • calculateSecureNetworkBeacon

      public static byte[] calculateSecureNetworkBeacon(byte[] n, int beaconType, int flags, byte[] networkId, int ivIndex)
      Calculates the secure network beacon
      Parameters:
      n - network key
      flags - network flags, this represents the current state of hte network if key refresh/iv update is ongoing or complete
      networkId - unique id of the network
      ivIndex - iv index of the network

    • calculateHash

      public static byte[] calculateHash(byte[] identityKey, byte[] random, byte[] src)
      Calculates hash value for advertising with node id
      Parameters:
      identityKey - resolving identity key
      random - 64-bit random value
      src - unicast address of the node
      Returns:
      hash value

    • encryptWithAES

      public static byte[] encryptWithAES(byte[] data, byte[] key)

    • getNetMicLength

      public static int getNetMicLength(int ctl)

    • getTransMicLength

      public static int getTransMicLength(int aszmic)
      Gets the transport MIC length based on the aszmic value
      Parameters:
      aszmic - application size message integrity check