1 /******************************************************************************
2 *
3 * Copyright 2019 The Android Open Source Project
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 #include "security/pairing_handler_le.h"
20
21 namespace bluetooth {
22 namespace security {
23
DoLegacyStage1(const InitialInformations & i,const PairingRequestView & pairing_request,const PairingResponseView & pairing_response)24 LegacyStage1ResultOrFailure PairingHandlerLe::DoLegacyStage1(const InitialInformations& i,
25 const PairingRequestView& pairing_request,
26 const PairingResponseView& pairing_response) {
27 if (((pairing_request.GetAuthReq() | pairing_response.GetAuthReq()) & AuthReqMaskMitm) == 0) {
28 // If both devices have not set MITM option, Just Works shall be used
29 return LegacyJustWorks();
30 }
31
32 if (pairing_request.GetOobDataFlag() == OobDataFlag::PRESENT &&
33 pairing_response.GetOobDataFlag() == OobDataFlag::PRESENT) {
34 // OobDataFlag remote_oob_flag = IAmMaster(i) ? pairing_response.GetOobDataFlag() :
35 // pairing_request.GetOobDataFlag(); OobDataFlag my_oob_flag = IAmMaster(i) ? pairing_request.GetOobDataFlag() :
36 // pairing_response.GetOobDataFlag();
37 return LegacyOutOfBand(i);
38 }
39
40 const auto& iom = pairing_request.GetIoCapability();
41 const auto& ios = pairing_response.GetIoCapability();
42
43 if (iom == IoCapability::NO_INPUT_NO_OUTPUT || ios == IoCapability::NO_INPUT_NO_OUTPUT) {
44 return LegacyJustWorks();
45 }
46
47 if ((iom == IoCapability::DISPLAY_ONLY || iom == IoCapability::DISPLAY_YES_NO) &&
48 (ios == IoCapability::DISPLAY_ONLY || ios == IoCapability::DISPLAY_YES_NO)) {
49 return LegacyJustWorks();
50 }
51
52 // This if() should not be needed, these are only combinations left.
53 if (iom == IoCapability::KEYBOARD_DISPLAY || iom == IoCapability::KEYBOARD_ONLY ||
54 ios == IoCapability::KEYBOARD_DISPLAY || ios == IoCapability::KEYBOARD_ONLY) {
55 IoCapability my_iocaps = IAmMaster(i) ? iom : ios;
56 IoCapability remote_iocaps = IAmMaster(i) ? ios : iom;
57 return LegacyPasskeyEntry(i, my_iocaps, remote_iocaps);
58 }
59
60 // We went through all possble combinations.
61 LOG_ALWAYS_FATAL("This should never happen");
62 }
63
LegacyJustWorks()64 LegacyStage1ResultOrFailure PairingHandlerLe::LegacyJustWorks() {
65 LOG_INFO("Legacy Just Works start");
66 return Octet16{0};
67 }
68
LegacyPasskeyEntry(const InitialInformations & i,const IoCapability & my_iocaps,const IoCapability & remote_iocaps)69 LegacyStage1ResultOrFailure PairingHandlerLe::LegacyPasskeyEntry(const InitialInformations& i,
70 const IoCapability& my_iocaps,
71 const IoCapability& remote_iocaps) {
72 bool i_am_displaying = false;
73 if (my_iocaps == IoCapability::DISPLAY_ONLY || my_iocaps == IoCapability::DISPLAY_YES_NO) {
74 i_am_displaying = true;
75 } else if (IAmMaster(i) && remote_iocaps == IoCapability::KEYBOARD_DISPLAY &&
76 my_iocaps == IoCapability::KEYBOARD_DISPLAY) {
77 i_am_displaying = true;
78 } else if (my_iocaps == IoCapability::KEYBOARD_DISPLAY && remote_iocaps == IoCapability::KEYBOARD_ONLY) {
79 i_am_displaying = true;
80 }
81
82 LOG_INFO("Passkey Entry start %s", i_am_displaying ? "displaying" : "accepting");
83
84 uint32_t passkey;
85 if (i_am_displaying) {
86 // generate passkey in a valid range
87 passkey = GenerateRandom();
88 passkey &= 0x0fffff; /* maximum 20 significant bits */
89 constexpr uint32_t PASSKEY_MAX = 999999;
90 if (passkey > PASSKEY_MAX) passkey >>= 1;
91
92 i.user_interface_handler->Post(common::BindOnce(&UI::DisplayConfirmValue, common::Unretained(i.user_interface),
93 i.remote_connection_address, i.remote_name, passkey));
94 } else {
95 i.user_interface_handler->Post(common::BindOnce(&UI::DisplayEnterPasskeyDialog,
96 common::Unretained(i.user_interface), i.remote_connection_address,
97 i.remote_name));
98 std::optional<PairingEvent> response = WaitUiPasskey();
99 if (!response) return PairingFailure("Passkey did not arrive!");
100
101 passkey = response->ui_value;
102 }
103
104 Octet16 tk{0};
105 tk[0] = (uint8_t)(passkey);
106 tk[1] = (uint8_t)(passkey >> 8);
107 tk[2] = (uint8_t)(passkey >> 16);
108 tk[3] = (uint8_t)(passkey >> 24);
109
110 LOG_INFO("Passkey Entry finish");
111 return tk;
112 }
113
LegacyOutOfBand(const InitialInformations & i)114 LegacyStage1ResultOrFailure PairingHandlerLe::LegacyOutOfBand(const InitialInformations& i) {
115 return i.remote_oob_data->security_manager_tk_value;
116 }
117
DoLegacyStage2(const InitialInformations & i,const PairingRequestView & pairing_request,const PairingResponseView & pairing_response,const Octet16 & tk)118 StkOrFailure PairingHandlerLe::DoLegacyStage2(const InitialInformations& i, const PairingRequestView& pairing_request,
119 const PairingResponseView& pairing_response, const Octet16& tk) {
120 LOG_INFO("Legacy Step 2 start");
121 std::vector<uint8_t> preq(pairing_request.begin(), pairing_request.end());
122 std::vector<uint8_t> pres(pairing_response.begin(), pairing_response.end());
123
124 Octet16 mrand, srand;
125 if (IAmMaster(i)) {
126 mrand = GenerateRandom<16>();
127
128 // LOG(INFO) << +(IAmMaster(i)) << " tk = " << base::HexEncode(tk.data(), tk.size());
129 // LOG(INFO) << +(IAmMaster(i)) << " mrand = " << base::HexEncode(mrand.data(), mrand.size());
130 // LOG(INFO) << +(IAmMaster(i)) << " pres = " << base::HexEncode(pres.data(), pres.size());
131 // LOG(INFO) << +(IAmMaster(i)) << " preq = " << base::HexEncode(preq.data(), preq.size());
132
133 Octet16 mconfirm = crypto_toolbox::c1(
134 tk, mrand, preq.data(), pres.data(), (uint8_t)i.my_connection_address.GetAddressType(),
135 i.my_connection_address.GetAddress().address, (uint8_t)i.remote_connection_address.GetAddressType(),
136 i.remote_connection_address.GetAddress().address);
137
138 // LOG(INFO) << +(IAmMaster(i)) << " mconfirm = " << base::HexEncode(mconfirm.data(), mconfirm.size());
139
140 LOG_INFO("Master sends Mconfirm");
141 SendL2capPacket(i, PairingConfirmBuilder::Create(mconfirm));
142
143 LOG_INFO("Master waits for the Sconfirm");
144 auto sconfirm_pkt = WaitPairingConfirm();
145 if (std::holds_alternative<PairingFailure>(sconfirm_pkt)) {
146 return std::get<PairingFailure>(sconfirm_pkt);
147 }
148 Octet16 sconfirm = std::get<PairingConfirmView>(sconfirm_pkt).GetConfirmValue();
149
150 LOG_INFO("Master sends Mrand");
151 SendL2capPacket(i, PairingRandomBuilder::Create(mrand));
152
153 LOG_INFO("Master waits for Srand");
154 auto random_pkt = WaitPairingRandom();
155 if (std::holds_alternative<PairingFailure>(random_pkt)) {
156 return std::get<PairingFailure>(random_pkt);
157 }
158 srand = std::get<PairingRandomView>(random_pkt).GetRandomValue();
159
160 // LOG(INFO) << +(IAmMaster(i)) << " srand = " << base::HexEncode(srand.data(), srand.size());
161
162 Octet16 sconfirm_generated = crypto_toolbox::c1(
163 tk, srand, preq.data(), pres.data(), (uint8_t)i.my_connection_address.GetAddressType(),
164 i.my_connection_address.GetAddress().address, (uint8_t)i.remote_connection_address.GetAddressType(),
165 i.remote_connection_address.GetAddress().address);
166
167 if (sconfirm != sconfirm_generated) {
168 LOG_INFO("sconfirm does not match generated value");
169
170 SendL2capPacket(i, PairingFailedBuilder::Create(PairingFailedReason::CONFIRM_VALUE_FAILED));
171 return PairingFailure("sconfirm does not match generated value");
172 }
173 } else {
174 srand = GenerateRandom<16>();
175
176 std::vector<uint8_t> preq(pairing_request.begin(), pairing_request.end());
177 std::vector<uint8_t> pres(pairing_response.begin(), pairing_response.end());
178
179 Octet16 sconfirm = crypto_toolbox::c1(
180 tk, srand, preq.data(), pres.data(), (uint8_t)i.remote_connection_address.GetAddressType(),
181 i.remote_connection_address.GetAddress().address, (uint8_t)i.my_connection_address.GetAddressType(),
182 i.my_connection_address.GetAddress().address);
183
184 LOG_INFO("Slave waits for the Mconfirm");
185 auto mconfirm_pkt = WaitPairingConfirm();
186 if (std::holds_alternative<PairingFailure>(mconfirm_pkt)) {
187 return std::get<PairingFailure>(mconfirm_pkt);
188 }
189 Octet16 mconfirm = std::get<PairingConfirmView>(mconfirm_pkt).GetConfirmValue();
190
191 LOG_INFO("Slave sends Sconfirm");
192 SendL2capPacket(i, PairingConfirmBuilder::Create(sconfirm));
193
194 LOG_INFO("Slave waits for Mrand");
195 auto random_pkt = WaitPairingRandom();
196 if (std::holds_alternative<PairingFailure>(random_pkt)) {
197 return std::get<PairingFailure>(random_pkt);
198 }
199 mrand = std::get<PairingRandomView>(random_pkt).GetRandomValue();
200
201 Octet16 mconfirm_generated = crypto_toolbox::c1(
202 tk, mrand, preq.data(), pres.data(), (uint8_t)i.remote_connection_address.GetAddressType(),
203 i.remote_connection_address.GetAddress().address, (uint8_t)i.my_connection_address.GetAddressType(),
204 i.my_connection_address.GetAddress().address);
205
206 if (mconfirm != mconfirm_generated) {
207 LOG_INFO("mconfirm does not match generated value");
208 SendL2capPacket(i, PairingFailedBuilder::Create(PairingFailedReason::CONFIRM_VALUE_FAILED));
209 return PairingFailure("mconfirm does not match generated value");
210 }
211
212 LOG_INFO("Slave sends Srand");
213 SendL2capPacket(i, PairingRandomBuilder::Create(srand));
214 }
215
216 LOG_INFO("Legacy stage 2 finish");
217
218 /* STK */
219 return crypto_toolbox::s1(tk, mrand, srand);
220 }
221 } // namespace security
222 } // namespace bluetooth