feat(gateway): add KNX Data Secure support and related configurations

Signed-off-by: Tony <tonylu@tony-cloud.com>
2026-05-12 12:48:18 +08:00
parent 626f86ec4e
commit e58115d303
9 changed files with 340 additions and 2 deletions
@@ -0,0 +1,181 @@
+#include "openknx_idf/security_storage.h"
+
+#include "esp_log.h"
+#include "esp_mac.h"
+#include "esp_random.h"
+#include "nvs.h"
+#include "nvs_flash.h"
+
+#include <algorithm>
+#include <array>
+#include <cstddef>
+#include <cstdint>
+#include <string>
+
+namespace {
+
+constexpr const char* kTag = "openknx_sec";
+constexpr const char* kNamespace = "knx_sec";
+constexpr const char* kFactoryFdskKey = "factory_fdsk";
+constexpr size_t kFdskSize = 16;
+constexpr size_t kSerialSize = 6;
+constexpr size_t kFdskQrSize = 36;
+constexpr uint8_t kCrc4Tab[16] = {
+  0x0, 0x3, 0x6, 0x5, 0xc, 0xf, 0xa, 0x9,
+  0xb, 0x8, 0xd, 0xe, 0x7, 0x4, 0x1, 0x2,
+};
+constexpr char kBase32Alphabet[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
+constexpr char kHexAlphabet[] = "0123456789ABCDEF";
+
+bool ensureNvsReady() {
+  const esp_err_t err = nvs_flash_init();
+  if (err == ESP_ERR_NVS_NO_FREE_PAGES || err == ESP_ERR_NVS_NEW_VERSION_FOUND) {
+    if (nvs_flash_erase() != ESP_OK) {
+      return false;
+    }
+    return nvs_flash_init() == ESP_OK;
+  }
+  return err == ESP_OK || err == ESP_ERR_INVALID_STATE;
+}
+
+bool plausibleKey(const uint8_t* data) {
+  const bool all_zero = std::all_of(data, data + kFdskSize, [](uint8_t value) {
+    return value == 0x00;
+  });
+  const bool all_ff = std::all_of(data, data + kFdskSize, [](uint8_t value) {
+    return value == 0xff;
+  });
+  return !all_zero && !all_ff;
+}
+
+void generateKey(uint8_t* data) {
+  do {
+    esp_fill_random(data, kFdskSize);
+  } while (!plausibleKey(data));
+}
+
+uint8_t crc4Array(const uint8_t* data, size_t len) {
+  uint8_t crc = 0;
+  for (size_t i = 0; i < len; ++i) {
+    crc = kCrc4Tab[crc ^ (data[i] >> 4)];
+    crc = kCrc4Tab[crc ^ (data[i] & 0x0f)];
+  }
+  return crc;
+}
+
+std::string toBase32NoPadding(const uint8_t* data, size_t len) {
+  std::string result;
+  result.reserve(((len * 8) + 4) / 5);
+
+  uint32_t buffer = 0;
+  int bits_left = 0;
+  for (size_t i = 0; i < len; ++i) {
+    buffer = (buffer << 8) | data[i];
+    bits_left += 8;
+    while (bits_left >= 5) {
+      const uint8_t index = static_cast<uint8_t>((buffer >> (bits_left - 5)) & 0x1f);
+      result.push_back(kBase32Alphabet[index]);
+      bits_left -= 5;
+    }
+  }
+
+  if (bits_left > 0) {
+    const uint8_t index = static_cast<uint8_t>((buffer << (5 - bits_left)) & 0x1f);
+    result.push_back(kBase32Alphabet[index]);
+  }
+  return result;
+}
+
+std::string toHex(const uint8_t* data, size_t len) {
+  std::string result;
+  result.reserve(len * 2);
+  for (size_t i = 0; i < len; ++i) {
+    result.push_back(kHexAlphabet[(data[i] >> 4) & 0x0f]);
+    result.push_back(kHexAlphabet[data[i] & 0x0f]);
+  }
+  return result;
+}
+
+std::string generateFdskQrCode(const uint8_t* serial, const uint8_t* key) {
+  std::array<uint8_t, kSerialSize + kFdskSize + 1> buffer{};
+  std::copy(serial, serial + kSerialSize, buffer.begin());
+  std::copy(key, key + kFdskSize, buffer.begin() + kSerialSize);
+  buffer[kSerialSize + kFdskSize] = static_cast<uint8_t>((crc4Array(buffer.data(), buffer.size() - 1) << 4) & 0xff);
+
+  std::string encoded = toBase32NoPadding(buffer.data(), buffer.size());
+  if (encoded.size() > kFdskQrSize) {
+    encoded.resize(kFdskQrSize);
+  }
+  return encoded;
+}
+
+std::string formatFdskLabel(const std::string& qr_code) {
+  std::string label;
+  label.reserve(qr_code.size() + (qr_code.size() / 6));
+  for (size_t i = 0; i < qr_code.size(); ++i) {
+    if (i != 0 && (i % 6) == 0) {
+      label.push_back('-');
+    }
+    label.push_back(qr_code[i]);
+  }
+  return label;
+}
+
+}  // namespace
+
+namespace gateway::openknx {
+
+bool LoadFactoryFdsk(uint8_t* data, size_t len) {
+  if (data == nullptr || len < kFdskSize || !ensureNvsReady()) {
+    return false;
+  }
+
+  nvs_handle_t handle = 0;
+  esp_err_t err = nvs_open(kNamespace, NVS_READWRITE, &handle);
+  if (err != ESP_OK) {
+    ESP_LOGW(kTag, "failed to open KNX security NVS namespace: %s", esp_err_to_name(err));
+    return false;
+  }
+
+  size_t stored_size = kFdskSize;
+  err = nvs_get_blob(handle, kFactoryFdskKey, data, &stored_size);
+  if (err == ESP_OK && stored_size == kFdskSize && plausibleKey(data)) {
+    nvs_close(handle);
+    return true;
+  }
+
+  generateKey(data);
+  err = nvs_set_blob(handle, kFactoryFdskKey, data, kFdskSize);
+  if (err == ESP_OK) {
+    err = nvs_commit(handle);
+  }
+  nvs_close(handle);
+
+  if (err != ESP_OK) {
+    ESP_LOGW(kTag, "failed to store generated KNX factory FDSK: %s", esp_err_to_name(err));
+    return false;
+  }
+  return true;
+}
+
+FactoryFdskInfo LoadFactoryFdskInfo() {
+  FactoryFdskInfo info;
+  std::array<uint8_t, kFdskSize> key{};
+  std::array<uint8_t, kSerialSize> serial{};
+  if (!LoadFactoryFdsk(key.data(), key.size()) ||
+      esp_read_mac(serial.data(), ESP_MAC_WIFI_STA) != ESP_OK) {
+    return info;
+  }
+
+  info.available = true;
+  info.serialNumber = toHex(serial.data(), serial.size());
+  info.qrCode = generateFdskQrCode(serial.data(), key.data());
+  info.label = formatFdskLabel(info.qrCode);
+  return info;
+}
+
+}  // namespace gateway::openknx
+
+extern "C" bool knx_platform_get_fdsk(uint8_t* data, size_t len) {
+  return gateway::openknx::LoadFactoryFdsk(data, len);
+}