Pair using PIN implemented in test console. Fix stability of rapid include/exclude

Author: jdomnitz

TestConsole/TestConsole.cs

@@ -28,7 +28,7 @@ public class TestConsole
         private static readonly HashSet<ushort> ReadyList = new HashSet<ushort>();
         private static RFRegion region = RFRegion.Unknown;
         private static readonly LinkedList<string> Reports = new LinkedList<string>();
-        private enum Mode { Display, Inclusion, Exclusion};
+        private enum Mode { Display, Inclusion, Exclusion, UserInput};
         private static Mode currentMode = Mode.Display;
 
         static async Task Main(string[] args)
@@ -88,8 +88,17 @@ private static async Task InputLoop()
                 }
                 else if (key.Key == ConsoleKey.I)
                 {
+                    currentMode = Mode.UserInput;
+                    Console.Clear();
+                    Console.Write("Enter Inclusion Pin (or press enter to skip): ");
+                    string? pin = Console.ReadLine();
                     currentMode = Mode.Inclusion;
-                    await controller!.StartInclusion(InclusionStrategy.PreferS2, 12345);
+                    if (pin == null)
+                        return;
+                    if (pin == string.Empty)
+                        await controller!.StartInclusion(InclusionStrategy.PreferS2);
+                    else
+                        await controller!.StartInclusion(InclusionStrategy.PreferS2, ushort.Parse(pin));
                     PrintMain();
                 }
                 else if (key.Key == ConsoleKey.S)
@@ -170,6 +179,8 @@ private static async Task MainLoop()
 
         private static void PrintMain()
         {
+            if (currentMode == Mode.UserInput)
+                return;
             Console.Clear();
             Console.Write($"ZWaveDotNet v{Version} - Controller #{controller!.ControllerID} {(controller!.IsConnected ? "Connected" : "Disconnected")}");
             Console.Write($" - v{controller.APIVersion.Major} ({region})");
@@ -191,7 +202,7 @@ private static void PrintMain()
             }
             else if (currentMode == Mode.Inclusion)
             {
-                Console.WriteLine("- Inclusion Mode Active (Default PIN 12345) -");
+                Console.WriteLine("- Inclusion Mode Active -");
                 Console.WriteLine("Press the Pairing button on your device");
             }
             else

ZWaveDotNet/CommandClasses/Security2.cs

@@ -266,6 +266,9 @@ public async Task Encapsulate(List<byte> payload, SecurityManager.RecordType? ty
                 {
                     using (CancellationTokenSource cts = new CancellationTokenSource(3000))
                     await controller.Nodes[msg.SourceNodeID].GetCommandClass<Security2>()!.KexFail(KexFailType.KEX_FAIL_KEY_VERIFY).ConfigureAwait(false);
+                    if (networkKey.Key != SecurityManager.RecordType.ECDH_TEMP)
+                        controller.SecurityManager.RevokeKey(msg.SourceNodeID, networkKey.Key);
+                    return null;
                 }
                 else if (i == 2)
                 {

ZWaveDotNet/Entities/Controller.cs

@@ -558,6 +558,8 @@ private async Task<bool> BootstrapS2(Node node)
                     await sec2.KexFail(KexFailType.KEX_FAIL_KEX_SCHEME);
                     return false;
                 }
+                if (this.pin == 0)
+                    requestedKeys.Keys = requestedKeys.Keys & SecurityKey.S2Unauthenticated; //We need a pin for higher levels
                 SecurityManager!.StoreRequestedKeys(node.ID, requestedKeys);
                 Log.Information("Sending " + requestedKeys.ToString());
                 Memory<byte> pub;
@@ -585,6 +587,7 @@ private async Task<bool> BootstrapS2(Node node)
                 SecurityManager?.RevokeKey(node.ID, SecurityManager.RecordType.S2Access);
                 SecurityManager?.RevokeKey(node.ID, SecurityManager.RecordType.S2Auth);
                 SecurityManager?.RevokeKey(node.ID, SecurityManager.RecordType.S2UnAuth);
+                SecurityManager?.RevokeKey(node.ID, SecurityManager.RecordType.ECDH_TEMP);
                 return false;
             }
             await node.Interview(true).ConfigureAwait(false);
@@ -670,24 +673,18 @@ private async Task EventLoop()
                                 {
                                     Log.Information("Added " + node.ToString());
                                     if (SecurityManager != null)
-                                    {
-                                        if ((currentStrategy == InclusionStrategy.S2Only || currentStrategy == InclusionStrategy.PreferS2) && node.HasCommandClass(CommandClass.Security2))
-                                            _ = Task.Run(() => BootstrapS2(node));
-                                        else if ((currentStrategy == InclusionStrategy.PreferS2 || currentStrategy == InclusionStrategy.LegacyS0Only) && node.HasCommandClass(CommandClass.Security0))
-                                            _ = Task.Run(() => BootstrapS0(node));
-                                        else
-                                            _ = Task.Run(() => BootstrapUnsecure(node));
-                                    }
+                                        await Task.Factory.StartNew(() => ExecuteStrategy(node)).ConfigureAwait(false);
                                 }
                             }
                         }
                         else if (inc.Function == Function.RemoveNodeFromNetwork && inc.NodeID > 0)
                         {
                             if (Nodes.Remove(inc.NodeID, out Node? node))
                             {
+                                node.NodeFailed = true;
                                 if (NodeExcluded != null)
                                     NodeExcluded.Invoke(node, EventArgs.Empty);
-                                Log.Information($"Successfully exluded node {inc.NodeID}");
+                                Log.Information($"Successfully excluded node {inc.NodeID}");
                             }
                             if (inc.Status == InclusionExclusionStatus.OperationComplete)
                                 await StopExclusion();
@@ -701,6 +698,23 @@ private async Task EventLoop()
             }
         }
 
+        private async Task ExecuteStrategy(Node node)
+        {
+            if ((currentStrategy == InclusionStrategy.S2Only || currentStrategy == InclusionStrategy.AnySecure || currentStrategy == InclusionStrategy.PreferS2) && node.HasCommandClass(CommandClass.Security2))
+            {
+                if (await BootstrapS2(node) || currentStrategy == InclusionStrategy.S2Only)
+                    return; //Successful S2 or abort if failed with S2 only strategy
+                if ((node.HasCommandClass(CommandClass.Security0) && await BootstrapS0(node)) || currentStrategy == InclusionStrategy.AnySecure)
+                    return; //Successful S0 or abort if secure required
+            }
+            else if ((currentStrategy == InclusionStrategy.PreferS2 || currentStrategy == InclusionStrategy.AnySecure || currentStrategy == InclusionStrategy.LegacyS0Only) && node.HasCommandClass(CommandClass.Security0))
+            {
+                if (await BootstrapS0(node) || currentStrategy == InclusionStrategy.LegacyS0Only || currentStrategy == InclusionStrategy.AnySecure)
+                    return; //Successful S0 or abort if failed with S0 only or any secure strategy
+            }
+            await BootstrapUnsecure(node);
+        }
+
         private byte[] NodeIDToBytes(ushort nodeId)
         {
             if (WideID)

ZWaveDotNet/Entities/Enums/InclusionStrategy.cs

@@ -30,5 +30,9 @@ public enum InclusionStrategy
         /// Only S2 security will be attempted
         /// </summary>
         S2Only = 0x3,
+        /// <summary>
+        /// Prefer S2 first, fallback to S0. Do not attempt insecure inclusion
+        /// </summary>
+        AnySecure = 0x4
     }
 }

ZWaveDotNet/Entities/Node.cs

@@ -307,8 +307,11 @@ await Task.Run(async () =>
                         while (!commandClasses.ContainsKey(CommandClass.WakeUp))
                             await Task.Delay(3000).ConfigureAwait(false); //TODO - Improve this
                         await ((WakeUp)commandClasses[CommandClass.WakeUp]).WaitForAwake().ConfigureAwait(false);
-                        using (CancellationTokenSource cts = new CancellationTokenSource(90000))
-                            await Interview(newlyIncluded, key, cts.Token).ConfigureAwait(false);
+                        using (CancellationTokenSource timeout = new CancellationTokenSource(90000))
+                        {
+                            using (CancellationTokenSource cts = CancellationTokenSource.CreateLinkedTokenSource(cancellationToken, timeout.Token))
+                                await Interview(newlyIncluded, key, cts.Token).ConfigureAwait(false);
+                        }
                         await ((WakeUp)commandClasses[CommandClass.WakeUp]).NoMoreInformation().ConfigureAwait(false);
                     }
                     catch(Exception ex)
@@ -320,7 +323,7 @@ await Task.Run(async () =>
 
         private async Task Interview(bool newlyIncluded, SecurityManager.NetworkKey? key, CancellationToken cancellationToken)
         {
-            if (controller.SecurityManager != null)
+            if (controller.SecurityManager != null && !failed)
             {
                 if (!newlyIncluded && key == null)
                 {
@@ -333,6 +336,8 @@ private async Task Interview(bool newlyIncluded, SecurityManager.NetworkKey? key
                         {
                             for (int i = 0; i < 3; i++)
                             {
+                                if (failed)
+                                    return;
                                 try
                                 {
                                     using (CancellationTokenSource timeout = new CancellationTokenSource(5000))
@@ -363,6 +368,8 @@ private async Task Interview(bool newlyIncluded, SecurityManager.NetworkKey? key
                         {
                             for (int i = 0; i < 3; i++)
                             {
+                                if (failed)
+                                    return;
                                 try
                                 {
                                     using (CancellationTokenSource timeout = new CancellationTokenSource(5000))
@@ -390,6 +397,8 @@ private async Task Interview(bool newlyIncluded, SecurityManager.NetworkKey? key
                         {
                             for (int i = 0; i < 3; i++)
                             {
+                                if (failed)
+                                    return;
                                 try
                                 {
                                     using (CancellationTokenSource timeout = new CancellationTokenSource(5000))
@@ -417,6 +426,8 @@ private async Task Interview(bool newlyIncluded, SecurityManager.NetworkKey? key
                         {
                             for (int i = 0; i < 3; i++)
                             {
+                                if (failed)
+                                    return;
                                 try
                                 {
                                     using (CancellationTokenSource timeout = new CancellationTokenSource(5000))
@@ -464,6 +475,8 @@ private async Task Interview(bool newlyIncluded, SecurityManager.NetworkKey? key
                 CommandClasses.Version version = (CommandClasses.Version)commandClasses[CommandClass.Version];
                 foreach (CommandClassBase cc in commandClasses.Values)
                 {
+                    if (failed)
+                        return;
                     CCVersion? ccVersion = (CCVersion?)cc.GetType().GetCustomAttribute(typeof(CCVersion));
                     if ((ccVersion == null || ccVersion.maxVersion > 1) && (cc.CommandClass >= CommandClass.Basic))
                     {