Skip to main content

Android Device Auth SDK

Current code location

The current repository does not yet contain a standalone DeviceAuthenticator.kt. BLE authentication is still mostly embedded in XTalkBleClient.authenticateAndInitializeDefaults(...), while UART authentication is mainly implemented in XTalkMeshUiApp.kt. This page defines what belongs to the authentication layer and maps it to the current code.

Current implementation location

BLE authentication

  • apps/android-ui/app/src/main/java/com/xtalk/mesh/uimock/ble/XTalkBleClient.kt
    • authenticateAndInitializeDefaults(...)
    • AT+CHALLENGE
    • challenge parsing / signature verification
    • DID wait/read

UART authentication

  • apps/android-ui/app/src/main/java/com/xtalk/mesh/uimock/XTalkMeshUiApp.kt
    • AT+CHALLENGE=<hex>
    • AT+EFUSESN?
    • fallback AT+SN?

What the Auth SDK should own

  • challenge generation for AT+CHALLENGE=<hex>
  • challenge send
  • challenge response parsing
  • signature verification
  • DID read
  • a structured authentication result

What the Auth SDK should not own

  • BLE scan/connect
  • AT+ADDTL / AT+FREQ / AT+RATE / AT+BCNID / AT+WORKMODE
  • UART vendor configuration such as AT+RFSW / AT+OEM / AT+TXP
  • mesh business orchestration
  • UI prompts and page state

Authentication semantics confirmed by current code

BLE

In the current XTalkBleClient.kt implementation:

  • the code waits for BLE readiness
  • sends AT+CHALLENGE
  • parses and verifies the challenge response
  • waits for DID
  • then continues to write default parameters

So the current BLE path is still a mixed “authentication + initialization” implementation, not a pure Auth SDK.

UART

In the current XTalkMeshUiApp.kt implementation:

  • AT+CHALLENGE is sent first
  • then AT+EFUSESN? is queried
  • then AT+SN? is used as a fallback
  • and after that AT+ADDTL=1 and AT+RFSW=1,6,1,1 continue running

So the current UART path is also a mixed “authentication + partial initialization” implementation.

object DeviceAuthenticator {
  fun authenticateBleAndReadDidExclusive(
    timeoutMs: Long = 30_000L,
    forceReauth: Boolean = false,
  ): Boolean

  fun authenticateUartAndReadDid(
    transport: AtCommandTransport,
    challengeTimeoutMs: Long = 10_000L,
    didTimeoutMs: Long = 6_000L,
  ): Result
}

Recommended result shape:

data class Result(
  val ok: Boolean,
  val deviceLongId: Long?,
  val reason: String,
)

The authentication layer should succeed only when:

  1. AT+CHALLENGE=<hex> has been sent
  2. the device returns a parseable challenge response
  3. signature verification succeeds
  4. DID read succeeds

The following should not be folded into auth success:

  • frequency write success
  • RATE / BCN / ADDTL / WORKMODE success
  • vendor hardware configuration success

Those belong to the Init SDK.

BLE

  1. XTalkBleClient.connect(...)
  2. DeviceAuthenticator.authenticateBleAndReadDidExclusive(...)
  3. DeviceInitializer.initializeBleWirelessDefaults(...)

UART

  1. XTalkUartClient.open(...)
  2. DeviceAuthenticator.authenticateUartAndReadDid(...)
  3. DeviceInitializer.initializeUartDefaultsAfterAuth(...)
  4. DeviceInitializer.initializeUartVendorConfigAfterAuth(...)

Target module location

Recommended extraction target:

  • Gradle module: apps/android-ui/device-auth-sdk
  • package: com.xtalk.mesh.sdk.auth

These do not exist in the repository yet.