def pack(self, network_key):
beacon = bitstring.pack(
self.BEACON_FORMAT,
self.iv_update,
self.key_refresh,
self.network_id,
self.iv_index,
).bytes
auth = aes_cmac(network_key.beacon_key, beacon)[:self.BEACON_AUTH_SIZE]
return beacon, auth
def confirmation_encrypt(secret, inputs, random, auth=None):
"""inputs = invite(attention) + capabilities(without opcode) + start(msg) + provisioner_key + device_key"""
confirmation_salt = s1(inputs)
confirmation_key = k1(secret, confirmation_salt, b"prck")
return (
confirmation_salt,
confirmation_key,
aes_cmac(confirmation_key,
random + struct.pack("16s", auth or b"")),
)
def confirmation_validate(confirmation_key,
confirmation,
random,
auth=None):
return confirmation == aes_cmac(
confirmation_key, random + struct.pack("16s", auth or b""))