Merge pull request #7 from te-johan/install_mode

Add support for install mode

Author: ryanhz

osdp/_bus.py

@@ -44,12 +44,12 @@ def send_command(self, command: Command):
 		else:
 			log.warning("Device not found with address %s", command.address)
 
-	def add_device(self, address: int, use_crc: bool, use_secure_channel: bool) -> Device:
+	def add_device(self, address: int, use_crc: bool, use_secure_channel: bool, master_key: bytes) -> Device:
 		found_device = self._configured_devices.get(address)
 		self._configured_devices_lock.acquire()
 		if found_device is not None:
 			self._configured_devices.pop(address)
-		self._configured_devices[address] = Device(address, use_crc, use_secure_channel)
+		self._configured_devices[address] = Device(address, use_crc, use_secure_channel, master_key)
 		self._configured_devices_lock.release()
 		return self._configured_devices[address]
 
@@ -132,6 +132,9 @@ def process_reply(self, reply: Reply, device: Device):
 			if device.validate_secure_channel_establishment(reply):
 				log.debug("Secure session established.")
 
+		if device.reset_security_after_reply == True:
+			device.reset_security()
+
 		if self._on_reply_received is not None:
 			self._on_reply_received(reply)
 

osdp/_command.py

@@ -391,10 +391,5 @@ def custom_command_update(self, command_buffer: bytearray):
 		pass
 
 	def keyset_data(self):
-		header = []
-		type = 0x01
-		length = 0x10
-		scbk = [0x41, 0x02, 0x31, 0x84, 0xF1, 0xA2, 0xDE, 0x7C, 0x32, 0x98, 0x01, 0xB8, 0x7B, 0x56, 0xB3, 0x60]
-		header.append(type)
-		header.append(length)
-		return bytes(header + scbk)
+		header = bytes([0x01, 0x10])
+		return bytes(header + self.scbk)

osdp/_control_panel.py

@@ -23,10 +23,11 @@
 
 class ControlPanel:
 
-	def __init__(self):
+	def __init__(self, master_key: bytes = None):
 		self._buses = {}
 		self._reply_handlers = []
 		self._reply_timeout = 5.0
+		self._master_key = master_key
 
 	def start_connection(self, connection: OsdpConnection) -> UUID:
 		bus = Bus(connection, self.on_reply_received)
@@ -100,7 +101,7 @@ def shutdown(self):
 	def add_device(self, connection_id: UUID, address: int, use_crc: bool, use_secure_channel: bool):
 		bus = self._buses.get(connection_id)
 		if bus is not None:
-			bus.add_device(address, use_crc, use_secure_channel)
+			bus.add_device(address, use_crc, use_secure_channel, self._master_key)
 
 	def remove_device(self, connection_id: UUID, address: int):
 		bus = self._buses.get(connection_id)

osdp/_device.py

@@ -2,9 +2,9 @@
 import queue
 import datetime
 
-from ._types import Control
+from ._types import Control, SecurityBlockType
 from ._command import (
-	PollCommand, SecurityInitializationRequestCommand, ServerCryptogramCommand
+	PollCommand, SecurityInitializationRequestCommand, ServerCryptogramCommand, KeySetCommand
 )
 from ._secure_channel import SecureChannel
 
@@ -13,14 +13,15 @@
 
 class Device(object):
 
-	def __init__(self, address: int, use_crc: bool, use_secure_channel: bool):
+	def __init__(self, address: int, use_crc: bool, use_secure_channel: bool, master_key: bytes):
 		self._use_secure_channel = use_secure_channel
 		self.address = address
 		self.message_control = Control(0, use_crc, use_secure_channel)
 
 		self._commands = queue.Queue()
-		self._secure_channel = SecureChannel()
+		self._secure_channel = SecureChannel(master_key)
 		self._last_valid_reply = datetime.datetime.utcfromtimestamp(0)
+		self.reset_security_after_reply = False
 
 	@property
 	def is_security_established(self) -> bool:
@@ -40,6 +41,10 @@ def get_next_command_data(self):
 		if self._use_secure_channel and not self._secure_channel.is_established:
 			return ServerCryptogramCommand(self.address, self._secure_channel.server_cryptogram)
 
+		if self._use_secure_channel and self._secure_channel.is_scbkd:
+			self.reset_security_after_reply = True
+			return KeySetCommand(self.address, self._secure_channel.calculate_scbk())
+
 		if self._commands.empty():
 			return PollCommand(self.address)
 		else:
@@ -54,6 +59,9 @@ def valid_reply_has_been_received(self):
 		self._last_valid_reply = datetime.datetime.now()
 
 	def initialize_secure_channel(self, reply):
+		if reply.security_block_type == SecurityBlockType.SecureConnectionSequenceStep2.value:
+			self._secure_channel.select_scbk(reply.secure_block_data[0])
+
 		reply_data = reply.extract_reply_data
 		self._secure_channel.initialize(reply_data[:8], reply_data[8:16], reply_data[16:32])
 
@@ -69,6 +77,7 @@ def generate_mac(self, message: bytes, is_command: bool):
 		return self._secure_channel.generate_mac(message, is_command)
 
 	def reset_security(self):
+		self.reset_security_after_reply = False
 		self._secure_channel.reset()
 
 	def encrypt_data(self, data: bytes):

osdp/_secure_channel.py

@@ -10,7 +10,7 @@ class SecureChannel:
 		0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x3E, 0x3F
 	])
 
-	def __init__(self):
+	def __init__(self, master_key: bytes):
 		self._cmac = None
 		self._enc = None
 		self._rmac = None
@@ -21,17 +21,26 @@ def __init__(self):
 		self.server_cryptogram = None
 		self.is_initialized = False
 		self.is_established = False
+		self.master_key = master_key
+		self.is_scbkd = False
+		self.cuid = None
+		self.scbk = None
 		self.reset()
 
 	def initialize(self, cuid: bytes, client_random_number: bytes, client_cryptogram: bytes):
+		self.cuid = cuid
+		if self.is_scbkd == True:
+			self.scbk = self.default_secure_channel_key
+		else:
+			self.scbk = self.calculate_scbk()
 		self._enc = self.generate_key(
 			bytes([
 				0x01, 0x82,
 				self.server_random_number[0], self.server_random_number[1], self.server_random_number[2],
 				self.server_random_number[3], self.server_random_number[4], self.server_random_number[5]
 			]),
 			bytes([0x00] * 8),
-			self.default_secure_channel_key
+			self.scbk
 		)
 
 		if client_cryptogram != self.generate_key(self.server_random_number, client_random_number, self._enc):
@@ -44,7 +53,7 @@ def initialize(self, cuid: bytes, client_random_number: bytes, client_cryptogram
 				self.server_random_number[3], self.server_random_number[4], self.server_random_number[5]
 			]),
 			bytes([0x00] * 8),
-			self.default_secure_channel_key
+			self.scbk
 		)
 		self._smac2 = self.generate_key(
 			bytes([
@@ -54,7 +63,7 @@ def initialize(self, cuid: bytes, client_random_number: bytes, client_cryptogram
 				self.server_random_number[4], self.server_random_number[5]
 			]),
 			bytes([0x00] * 8),
-			self.default_secure_channel_key
+			self.scbk
 		)
 		self.server_cryptogram = self.generate_key(
 			client_random_number,
@@ -132,3 +141,19 @@ def reset(self):
 	def generate_key(self, first: bytes, second: bytes, key: bytes) -> bytes:
 		cipher = AES.new(key, AES.MODE_ECB)
 		return cipher.encrypt(first + second)
+
+	def select_scbk(self, byte):
+		if byte == 0x0:
+			self.is_scbkd = True
+		else:
+			self.is_scbkd = False
+
+	def calculate_scbk(self):
+		inv_cuid = bytes([(~b) & 0xFF for b in self.cuid])
+		scbk = self.generate_key(
+			self.cuid,
+			inv_cuid,
+			self.master_key
+		)
+
+		return scbk