1 /****************************************************************************** 2 * 3 * Copyright 2019 The Android Open Source Project 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19 #pragma once 20 21 #include <array> 22 #include <chrono> 23 #include <condition_variable> 24 #include <mutex> 25 #include <optional> 26 #include <queue> 27 #include <thread> 28 #include <variant> 29 30 #include "common/bind.h" 31 #include "crypto_toolbox/crypto_toolbox.h" 32 #include "hci/hci_packets.h" 33 #include "hci/le_security_interface.h" 34 #include "packet/packet_view.h" 35 #include "security/ecdh_keys.h" 36 #include "security/initial_informations.h" 37 #include "security/pairing_failure.h" 38 #include "security/smp_packets.h" 39 #include "security/ui.h" 40 41 // Code generated by PDL does not allow us ot do || and && operations on bits 42 // efficiently. Use those masks on fields requiring them until this is solved 43 constexpr uint8_t AuthReqMaskBondingFlag = 0x01; 44 constexpr uint8_t AuthReqMaskMitm = 0x04; 45 constexpr uint8_t AuthReqMaskSc = 0x08; 46 constexpr uint8_t AuthReqMaskKeypress = 0x10; 47 constexpr uint8_t AuthReqMaskCt2 = 0x20; 48 49 constexpr uint8_t KeyMaskEnc = 0x01; 50 constexpr uint8_t KeyMaskId = 0x02; 51 constexpr uint8_t KeyMaskSign = 0x04; 52 constexpr uint8_t KeyMaskLink = 0x08; 53 54 using bluetooth::hci::EncryptionChangeView; 55 using bluetooth::hci::EncryptionKeyRefreshCompleteView; 56 57 namespace bluetooth { 58 namespace security { 59 60 using crypto_toolbox::Octet16; 61 62 /* This class represents an event send from other subsystems into SMP Pairing Handler, 63 * i.e. user request from the UI, L2CAP or HCI interaction */ 64 class PairingEvent { 65 public: 66 enum TYPE { EXIT, L2CAP, HCI_EVENT, UI }; 67 TYPE type; 68 69 std::optional<CommandView> l2cap_packet; 70 71 std::optional<hci::EventView> hci_event; 72 73 enum UI_ACTION_TYPE { PAIRING_ACCEPTED, CONFIRM_YESNO, PASSKEY }; 74 UI_ACTION_TYPE ui_action; 75 uint32_t ui_value; 76 PairingEvent(TYPE type)77 PairingEvent(TYPE type) : type(type) {} PairingEvent(CommandView l2cap_packet)78 PairingEvent(CommandView l2cap_packet) : type(L2CAP), l2cap_packet(l2cap_packet) {} PairingEvent(UI_ACTION_TYPE ui_action,uint32_t ui_value)79 PairingEvent(UI_ACTION_TYPE ui_action, uint32_t ui_value) : type(UI), ui_action(ui_action), ui_value(ui_value) {} PairingEvent(hci::EventView hci_event)80 PairingEvent(hci::EventView hci_event) : type(HCI_EVENT), hci_event(hci_event) {} 81 }; 82 83 constexpr int SMP_TIMEOUT = 30; 84 85 using CommandViewOrFailure = std::variant<CommandView, PairingFailure>; 86 using Phase1Result = std::pair<PairingRequestView /* pairning_request*/, PairingResponseView /* pairing_response */>; 87 using Phase1ResultOrFailure = std::variant<PairingFailure, Phase1Result>; 88 using KeyExchangeResult = 89 std::tuple<EcdhPublicKey /* PKa */, EcdhPublicKey /* PKb */, std::array<uint8_t, 32> /*dhkey*/>; 90 using Stage1Result = std::tuple<Octet16, Octet16, Octet16, Octet16>; 91 using Stage1ResultOrFailure = std::variant<PairingFailure, Stage1Result>; 92 using Stage2ResultOrFailure = std::variant<PairingFailure, Octet16 /* LTK */>; 93 using DistributedKeysOrFailure = std::variant<PairingFailure, DistributedKeys, std::monostate>; 94 95 using LegacyStage1Result = Octet16 /*TK*/; 96 using LegacyStage1ResultOrFailure = std::variant<PairingFailure, LegacyStage1Result>; 97 using StkOrFailure = std::variant<PairingFailure, Octet16 /* STK */>; 98 99 /* PairingHandlerLe takes care of the Pairing process. Pairing is strictly defined 100 * exchange of messages and UI interactions, divided into PHASES. 101 * 102 * Each PairingHandlerLe have a thread executing |PairingMain| method. Thread is 103 * blocked when waiting for UI/L2CAP/HCI interactions, and moves through all the 104 * phases. 105 */ 106 class PairingHandlerLe { 107 public: 108 // This is the phase of pairing as defined in BT Spec (with exception of 109 // accept prompt) 110 // * ACCEPT_PROMPT - we're waiting for the user to accept remotely initiated pairing 111 // * PHASE1 - feature exchange 112 // * PHASE2 - authentication 113 // * PHASE3 - key exchange 114 enum PAIRING_PHASE { ACCEPT_PROMPT, PHASE1, PHASE2, PHASE3 }; 115 PAIRING_PHASE phase; 116 117 // All the knowledge to initiate the pairing process must be passed into this function PairingHandlerLe(PAIRING_PHASE phase,InitialInformations informations)118 PairingHandlerLe(PAIRING_PHASE phase, InitialInformations informations) 119 : phase(phase), queue_guard(), thread_(&PairingHandlerLe::PairingMain, this, informations) {} 120 ~PairingHandlerLe()121 ~PairingHandlerLe() { 122 SendExitSignal(); 123 // we need ot check if thread is joinable, because tests call join form 124 // within WaitUntilPairingFinished 125 if (thread_.joinable()) thread_.join(); 126 } 127 128 void PairingMain(InitialInformations i); 129 130 Phase1ResultOrFailure ExchangePairingFeature(const InitialInformations& i); 131 SendL2capPacket(const InitialInformations & i,std::unique_ptr<bluetooth::security::CommandBuilder> command)132 void SendL2capPacket(const InitialInformations& i, std::unique_ptr<bluetooth::security::CommandBuilder> command) { 133 i.proper_l2cap_interface->Enqueue(std::move(command), i.l2cap_handler); 134 } 135 SendHciLeStartEncryption(const InitialInformations & i,uint16_t conn_handle,const std::array<uint8_t,8> & rand,const uint16_t & ediv,const Octet16 & ltk)136 void SendHciLeStartEncryption(const InitialInformations& i, uint16_t conn_handle, const std::array<uint8_t, 8>& rand, 137 const uint16_t& ediv, const Octet16& ltk) { 138 i.le_security_interface->EnqueueCommand(hci::LeStartEncryptionBuilder::Create(conn_handle, rand, ediv, ltk), 139 i.l2cap_handler->BindOnce([](hci::CommandStatusView) { 140 // TODO: handle command status. It's important - can show we are not 141 // connected any more. 142 143 // TODO: if anything useful must be done there, use some sort of proper 144 // handler, wait/notify, and execute on the handler thread 145 })); 146 } 147 SendHciLeLongTermKeyReply(const InitialInformations & i,uint16_t conn_handle,const Octet16 & ltk)148 void SendHciLeLongTermKeyReply(const InitialInformations& i, uint16_t conn_handle, const Octet16& ltk) { 149 i.le_security_interface->EnqueueCommand( 150 hci::LeLongTermKeyRequestReplyBuilder::Create(conn_handle, ltk), 151 i.l2cap_handler->BindOnce([](hci::CommandCompleteView) {})); 152 } 153 WaitEncryptionChanged()154 std::variant<PairingFailure, EncryptionChangeView, EncryptionKeyRefreshCompleteView> WaitEncryptionChanged() { 155 PairingEvent e = WaitForEvent(); 156 if (e.type != PairingEvent::HCI_EVENT) return PairingFailure("Was expecting HCI event but received something else"); 157 158 if (!e.hci_event->IsValid()) return PairingFailure("Received invalid HCI event"); 159 160 if (e.hci_event->GetEventCode() == hci::EventCode::ENCRYPTION_CHANGE) { 161 EncryptionChangeView enc_chg_packet = EncryptionChangeView::Create(*e.hci_event); 162 if (!enc_chg_packet.IsValid()) { 163 return PairingFailure("Invalid Encryption Change packet received"); 164 } 165 return enc_chg_packet; 166 } 167 168 if (e.hci_event->GetEventCode() == hci::EventCode::ENCRYPTION_KEY_REFRESH_COMPLETE) { 169 hci::EncryptionKeyRefreshCompleteView enc_packet = EncryptionKeyRefreshCompleteView::Create(*e.hci_event); 170 if (!enc_packet.IsValid()) { 171 return PairingFailure("Invalid Key Refresh packet received"); 172 } 173 return enc_packet; 174 } 175 176 return PairingFailure("Was expecting Encryption Change or Key Refresh Complete but received something else"); 177 } 178 WaitLeLongTermKeyRequest()179 std::variant<PairingFailure, hci::LeLongTermKeyRequestView> WaitLeLongTermKeyRequest() { 180 PairingEvent e = WaitForEvent(); 181 if (e.type != PairingEvent::HCI_EVENT) return PairingFailure("Was expecting HCI event but received something else"); 182 183 if (!e.hci_event->IsValid()) return PairingFailure("Received invalid HCI event"); 184 185 if (e.hci_event->GetEventCode() != hci::EventCode::LE_META_EVENT) return PairingFailure("Was expecting LE event"); 186 187 hci::LeMetaEventView le_event = hci::LeMetaEventView::Create(*e.hci_event); 188 if (!le_event.IsValid()) { 189 return PairingFailure("Invalid LE Event received"); 190 } 191 192 if (le_event.GetSubeventCode() != hci::SubeventCode::LONG_TERM_KEY_REQUEST) { 193 return PairingFailure("Was expecting Long Term Key Request"); 194 } 195 196 hci::LeLongTermKeyRequestView ltk_req_packet = hci::LeLongTermKeyRequestView::Create(le_event); 197 if (!ltk_req_packet.IsValid()) { 198 return PairingFailure("Invalid LE Long Term Key Request received"); 199 } 200 201 return ltk_req_packet; 202 } 203 IAmCentral(const InitialInformations & i)204 inline bool IAmCentral(const InitialInformations& i) { 205 return i.my_role == hci::Role::CENTRAL; 206 } 207 208 /* This function generates data that should be passed to remote device, except 209 the private key. */ 210 static MyOobData GenerateOobData(); 211 212 std::variant<PairingFailure, KeyExchangeResult> ExchangePublicKeys(const InitialInformations& i, 213 OobDataFlag remote_have_oob_data); 214 215 Stage1ResultOrFailure DoSecureConnectionsStage1(const InitialInformations& i, const EcdhPublicKey& PKa, 216 const EcdhPublicKey& PKb, const PairingRequestView& pairing_request, 217 const PairingResponseView& pairing_response); 218 219 Stage1ResultOrFailure SecureConnectionsNumericComparison(const InitialInformations& i, const EcdhPublicKey& PKa, 220 const EcdhPublicKey& PKb); 221 222 Stage1ResultOrFailure SecureConnectionsJustWorks(const InitialInformations& i, const EcdhPublicKey& PKa, 223 const EcdhPublicKey& PKb); 224 225 Stage1ResultOrFailure SecureConnectionsPasskeyEntry(const InitialInformations& i, const EcdhPublicKey& PKa, 226 const EcdhPublicKey& PKb, IoCapability my_iocaps, 227 IoCapability remote_iocaps); 228 229 Stage1ResultOrFailure SecureConnectionsOutOfBand(const InitialInformations& i, const EcdhPublicKey& Pka, 230 const EcdhPublicKey& Pkb, OobDataFlag my_oob_flag, 231 OobDataFlag remote_oob_flag); 232 233 Stage2ResultOrFailure DoSecureConnectionsStage2(const InitialInformations& i, const EcdhPublicKey& PKa, 234 const EcdhPublicKey& PKb, const PairingRequestView& pairing_request, 235 const PairingResponseView& pairing_response, 236 const Stage1Result stage1result, 237 const std::array<uint8_t, 32>& dhkey); 238 239 DistributedKeysOrFailure DistributeKeys(const InitialInformations& i, const PairingResponseView& pairing_response, 240 bool isSecureConnections); 241 242 DistributedKeysOrFailure ReceiveKeys(const uint8_t& keys_i_receive); 243 244 LegacyStage1ResultOrFailure DoLegacyStage1(const InitialInformations& i, const PairingRequestView& pairing_request, 245 const PairingResponseView& pairing_response); 246 LegacyStage1ResultOrFailure LegacyOutOfBand(const InitialInformations& i); 247 LegacyStage1ResultOrFailure LegacyJustWorks(); 248 LegacyStage1ResultOrFailure LegacyPasskeyEntry(const InitialInformations& i, const IoCapability& my_iocaps, 249 const IoCapability& remote_iocaps); 250 StkOrFailure DoLegacyStage2(const InitialInformations& i, const PairingRequestView& pairing_request, 251 const PairingResponseView& pairing_response, const Octet16& tk); 252 253 void SendKeys(const InitialInformations& i, const uint8_t& keys_i_send, Octet16 ltk, uint16_t ediv, 254 std::array<uint8_t, 8> rand, Octet16 irk, Address identity_address, AddrType identity_addres_type, 255 Octet16 signature_key); 256 257 /* This can be called from any thread to immediately finish the pairing in progress. */ SendExitSignal()258 void SendExitSignal() { 259 { 260 std::unique_lock<std::mutex> lock(queue_guard); 261 queue.push(PairingEvent(PairingEvent::EXIT)); 262 } 263 pairing_thread_blocker_.notify_one(); 264 } 265 266 /* SMP Command received from remote device */ OnCommandView(CommandView packet)267 void OnCommandView(CommandView packet) { 268 { 269 std::unique_lock<std::mutex> lock(queue_guard); 270 queue.push(PairingEvent(std::move(packet))); 271 } 272 pairing_thread_blocker_.notify_one(); 273 } 274 275 /* SMP Command received from remote device */ OnHciEvent(hci::EventView hci_event)276 void OnHciEvent(hci::EventView hci_event) { 277 { 278 std::unique_lock<std::mutex> lock(queue_guard); 279 queue.push(PairingEvent(std::move(hci_event))); 280 } 281 pairing_thread_blocker_.notify_one(); 282 } 283 284 /* Interaction from user */ OnUiAction(PairingEvent::UI_ACTION_TYPE ui_action,uint32_t ui_value)285 void OnUiAction(PairingEvent::UI_ACTION_TYPE ui_action, uint32_t ui_value) { 286 { 287 std::unique_lock<std::mutex> lock(queue_guard); 288 queue.push(PairingEvent(ui_action, ui_value)); 289 } 290 pairing_thread_blocker_.notify_one(); 291 } 292 293 /* HCI LE event received from remote device */ OnHciLeEvent(hci::LeMetaEventView hci_event)294 void OnHciLeEvent(hci::LeMetaEventView hci_event) { 295 { 296 std::unique_lock<std::mutex> lock(queue_guard); 297 queue.push(PairingEvent(std::move(hci_event))); 298 } 299 pairing_thread_blocker_.notify_one(); 300 } 301 302 /* Blocks the pairing process until some external interaction, or timeout happens */ WaitForEvent()303 PairingEvent WaitForEvent() { 304 std::unique_lock<std::mutex> lock(queue_guard); 305 do { 306 if (!queue.empty()) { 307 PairingEvent e = queue.front(); 308 queue.pop(); 309 return e; 310 } 311 // This releases the lock while blocking. 312 if (pairing_thread_blocker_.wait_for(lock, std::chrono::seconds(SMP_TIMEOUT)) == std::cv_status::timeout) { 313 return PairingEvent(PairingEvent::EXIT); 314 } 315 316 } while (true); 317 } 318 WaitUiPairingAccept()319 std::optional<PairingEvent> WaitUiPairingAccept() { 320 PairingEvent e = WaitForEvent(); 321 if (e.type == PairingEvent::UI & e.ui_action == PairingEvent::PAIRING_ACCEPTED) { 322 return e; 323 } else { 324 return std::nullopt; 325 } 326 } 327 WaitUiConfirmYesNo()328 std::optional<PairingEvent> WaitUiConfirmYesNo() { 329 PairingEvent e = WaitForEvent(); 330 if (e.type == PairingEvent::UI & e.ui_action == PairingEvent::CONFIRM_YESNO) { 331 return e; 332 } else { 333 return std::nullopt; 334 } 335 } 336 WaitUiPasskey()337 std::optional<PairingEvent> WaitUiPasskey() { 338 PairingEvent e = WaitForEvent(); 339 340 // It's possible to receive PAIRING_CONFIRM from remote device while waiting for the passkey. 341 // Store it until it's needed. 342 if (e.type == PairingEvent::L2CAP) { 343 auto l2cap_packet = e.l2cap_packet.value(); 344 if (!l2cap_packet.IsValid()) { 345 LOG_WARN("Malformed L2CAP packet received!"); 346 return std::nullopt; 347 } 348 349 const auto& received_code = l2cap_packet.GetCode(); 350 if (received_code != Code::PAIRING_CONFIRM) { 351 LOG_WARN("Was waiting for passkey, received bad packet instead!"); 352 return std::nullopt; 353 } 354 355 auto pkt = PairingConfirmView::Create(l2cap_packet); 356 if (!pkt.IsValid()) { 357 LOG_WARN("Malformed PAIRING_CONFIRM packet"); 358 return std::nullopt; 359 } 360 361 cached_pariring_confirm_view = std::make_unique<PairingConfirmView>(pkt); 362 e = WaitForEvent(); 363 } 364 365 if (e.type == PairingEvent::UI & e.ui_action == PairingEvent::PASSKEY) { 366 return e; 367 } else { 368 return std::nullopt; 369 } 370 } 371 372 template <Code C> 373 struct CodeToPacketView; 374 template <> 375 struct CodeToPacketView<Code::PAIRING_REQUEST> { 376 typedef PairingRequestView type; 377 }; 378 template <> 379 struct CodeToPacketView<Code::PAIRING_RESPONSE> { 380 typedef PairingResponseView type; 381 }; 382 template <> 383 struct CodeToPacketView<Code::PAIRING_CONFIRM> { 384 typedef PairingConfirmView type; 385 }; 386 template <> 387 struct CodeToPacketView<Code::PAIRING_RANDOM> { 388 typedef PairingRandomView type; 389 }; 390 template <> 391 struct CodeToPacketView<Code::PAIRING_FAILED> { 392 typedef PairingFailedView type; 393 }; 394 template <> 395 struct CodeToPacketView<Code::ENCRYPTION_INFORMATION> { 396 typedef EncryptionInformationView type; 397 }; 398 template <> 399 struct CodeToPacketView<Code::CENTRAL_IDENTIFICATION> { 400 typedef CentralIdentificationView type; 401 }; 402 template <> 403 struct CodeToPacketView<Code::IDENTITY_INFORMATION> { 404 typedef IdentityInformationView type; 405 }; 406 template <> 407 struct CodeToPacketView<Code::IDENTITY_ADDRESS_INFORMATION> { 408 typedef IdentityAddressInformationView type; 409 }; 410 template <> 411 struct CodeToPacketView<Code::SIGNING_INFORMATION> { 412 typedef SigningInformationView type; 413 }; 414 template <> 415 struct CodeToPacketView<Code::SECURITY_REQUEST> { 416 typedef SecurityRequestView type; 417 }; 418 template <> 419 struct CodeToPacketView<Code::PAIRING_PUBLIC_KEY> { 420 typedef PairingPublicKeyView type; 421 }; 422 template <> 423 struct CodeToPacketView<Code::PAIRING_DH_KEY_CHECK> { 424 typedef PairingDhKeyCheckView type; 425 }; 426 template <> 427 struct CodeToPacketView<Code::PAIRING_KEYPRESS_NOTIFICATION> { 428 typedef PairingKeypressNotificationView type; 429 }; 430 431 template <Code CODE> 432 std::variant<typename CodeToPacketView<CODE>::type, PairingFailure> WaitPacket() { 433 PairingEvent e = WaitForEvent(); 434 switch (e.type) { 435 case PairingEvent::EXIT: 436 return PairingFailure( 437 /*FROM_HERE,*/ "Was expecting L2CAP Packet " + CodeText(CODE) + ", but received EXIT instead"); 438 439 case PairingEvent::HCI_EVENT: 440 return PairingFailure( 441 /*FROM_HERE,*/ "Was expecting L2CAP Packet " + CodeText(CODE) + ", but received HCI_EVENT instead"); 442 443 case PairingEvent::UI: 444 return PairingFailure( 445 /*FROM_HERE,*/ "Was expecting L2CAP Packet " + CodeText(CODE) + ", but received UI instead"); 446 447 case PairingEvent::L2CAP: { 448 auto l2cap_packet = e.l2cap_packet.value(); 449 if (!l2cap_packet.IsValid()) { 450 return PairingFailure("Malformed L2CAP packet received!"); 451 } 452 453 const auto& received_code = l2cap_packet.GetCode(); 454 if (received_code != CODE) { 455 if (received_code == Code::PAIRING_FAILED) { 456 auto pkt = PairingFailedView::Create(l2cap_packet); 457 if (!pkt.IsValid()) return PairingFailure("Malformed " + CodeText(CODE) + " packet"); 458 return PairingFailure(/*FROM_HERE,*/ 459 "Was expecting " + CodeText(CODE) + ", but received PAIRING_FAILED instead", 460 pkt.GetReason()); 461 } 462 463 return PairingFailure(/*FROM_HERE,*/ 464 "Was expecting " + CodeText(CODE) + ", but received " + CodeText(received_code) + 465 " instead", 466 received_code); 467 } 468 469 auto pkt = CodeToPacketView<CODE>::type::Create(l2cap_packet); 470 if (!pkt.IsValid()) return PairingFailure("Malformed " + CodeText(CODE) + " packet"); 471 return pkt; 472 } 473 } 474 } 475 476 auto WaitPairingRequest() { 477 return WaitPacket<Code::PAIRING_REQUEST>(); 478 } 479 480 auto WaitPairingResponse() { 481 return WaitPacket<Code::PAIRING_RESPONSE>(); 482 } 483 484 std::variant<bluetooth::security::PairingConfirmView, bluetooth::security::PairingFailure> WaitPairingConfirm() { 485 if (cached_pariring_confirm_view) { 486 PairingConfirmView pkt = *cached_pariring_confirm_view; 487 cached_pariring_confirm_view.release(); 488 return pkt; 489 } 490 return WaitPacket<Code::PAIRING_CONFIRM>(); 491 } 492 493 auto WaitPairingRandom() { 494 return WaitPacket<Code::PAIRING_RANDOM>(); 495 } 496 497 auto WaitPairingPublicKey() { 498 return WaitPacket<Code::PAIRING_PUBLIC_KEY>(); 499 } 500 501 auto WaitPairingDHKeyCheck() { 502 return WaitPacket<Code::PAIRING_DH_KEY_CHECK>(); 503 } 504 505 auto WaitEncryptionInformationRequest() { 506 return WaitPacket<Code::ENCRYPTION_INFORMATION>(); 507 } 508 509 auto WaitEncryptionInformation() { 510 return WaitPacket<Code::ENCRYPTION_INFORMATION>(); 511 } 512 513 auto WaitCentralIdentification() { 514 return WaitPacket<Code::CENTRAL_IDENTIFICATION>(); 515 } 516 517 auto WaitIdentityInformation() { 518 return WaitPacket<Code::IDENTITY_INFORMATION>(); 519 } 520 521 auto WaitIdentityAddressInformation() { 522 return WaitPacket<Code::IDENTITY_ADDRESS_INFORMATION>(); 523 } 524 525 auto WaitSigningInformation() { 526 return WaitPacket<Code::SIGNING_INFORMATION>(); 527 } 528 529 /* This is just for test, never use in production code! */ 530 void WaitUntilPairingFinished() { 531 thread_.join(); 532 } 533 534 private: 535 std::condition_variable pairing_thread_blocker_; 536 537 std::mutex queue_guard; 538 std::queue<PairingEvent> queue; 539 540 std::thread thread_; 541 542 // holds pairing_confirm, if received out of order 543 std::unique_ptr<PairingConfirmView> cached_pariring_confirm_view; 544 }; 545 } // namespace security 546 } // namespace bluetooth 547