1 /******************************************************************************
2 *
3 * Copyright 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains functions for BLE device control utilities, and LE
22 * security functions.
23 *
24 ******************************************************************************/
25
26 #define LOG_TAG "bt_btm_ble"
27
28 #include <cstdint>
29
30 #include "device/include/controller.h"
31 #include "main/shim/btm_api.h"
32 #include "main/shim/l2c_api.h"
33 #include "main/shim/shim.h"
34 #include "stack/btm/btm_dev.h"
35 #include "stack/btm/btm_int_types.h"
36 #include "stack/btm/security_device_record.h"
37 #include "stack/crypto_toolbox/crypto_toolbox.h"
38 #include "stack/include/acl_api.h"
39 #include "stack/include/bt_types.h"
40 #include "stack/include/btm_api.h"
41 #include "stack/include/btu.h"
42 #include "stack/include/gatt_api.h"
43 #include "stack/include/l2cap_security_interface.h"
44 #include "stack/include/l2cdefs.h"
45 #include "stack/include/smp_api.h"
46 #include "types/raw_address.h"
47
48 extern tBTM_CB btm_cb;
49
50 extern bool btm_ble_init_pseudo_addr(tBTM_SEC_DEV_REC* p_dev_rec,
51 const RawAddress& new_pseudo_addr);
52 extern void gatt_notify_phy_updated(tGATT_STATUS status, uint16_t handle,
53 uint8_t tx_phy, uint8_t rx_phy);
54
55 /******************************************************************************/
56 /* External Function to be called by other modules */
57 /******************************************************************************/
BTM_SecAddBleDevice(const RawAddress & bd_addr,tBT_DEVICE_TYPE dev_type,tBLE_ADDR_TYPE addr_type)58 void BTM_SecAddBleDevice(const RawAddress& bd_addr, tBT_DEVICE_TYPE dev_type,
59 tBLE_ADDR_TYPE addr_type) {
60 if (bluetooth::shim::is_gd_shim_enabled()) {
61 return bluetooth::shim::BTM_SecAddBleDevice(bd_addr, dev_type, addr_type);
62 }
63
64 BTM_TRACE_DEBUG("%s: dev_type=0x%x", __func__, dev_type);
65
66 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bd_addr);
67 if (!p_dev_rec) {
68 p_dev_rec = btm_sec_allocate_dev_rec();
69
70 p_dev_rec->bd_addr = bd_addr;
71 p_dev_rec->hci_handle = BTM_GetHCIConnHandle(bd_addr, BT_TRANSPORT_BR_EDR);
72 p_dev_rec->ble_hci_handle = BTM_GetHCIConnHandle(bd_addr, BT_TRANSPORT_LE);
73
74 /* update conn params, use default value for background connection params */
75 p_dev_rec->conn_params.min_conn_int = BTM_BLE_CONN_PARAM_UNDEF;
76 p_dev_rec->conn_params.max_conn_int = BTM_BLE_CONN_PARAM_UNDEF;
77 p_dev_rec->conn_params.supervision_tout = BTM_BLE_CONN_PARAM_UNDEF;
78 p_dev_rec->conn_params.peripheral_latency = BTM_BLE_CONN_PARAM_UNDEF;
79
80 BTM_TRACE_DEBUG("%s: Device added, handle=0x%x, p_dev_rec=%p, bd_addr=%s",
81 __func__, p_dev_rec->ble_hci_handle, p_dev_rec,
82 bd_addr.ToString().c_str());
83 }
84
85 memset(p_dev_rec->sec_bd_name, 0, sizeof(tBTM_BD_NAME));
86
87 p_dev_rec->device_type |= dev_type;
88 p_dev_rec->ble.ble_addr_type = addr_type;
89
90 p_dev_rec->ble.pseudo_addr = bd_addr;
91 /* sync up with the Inq Data base*/
92 tBTM_INQ_INFO* p_info = BTM_InqDbRead(bd_addr);
93 if (p_info) {
94 p_info->results.ble_addr_type = p_dev_rec->ble.ble_addr_type;
95 p_info->results.device_type = p_dev_rec->device_type;
96 BTM_TRACE_DEBUG("InqDb device_type =0x%x addr_type=0x%x",
97 p_info->results.device_type, p_info->results.ble_addr_type);
98 }
99 }
100
101 /*******************************************************************************
102 *
103 * Function BTM_SecAddBleKey
104 *
105 * Description Add/modify LE device information. This function will be
106 * normally called during host startup to restore all required
107 * information stored in the NVRAM.
108 *
109 * Parameters: bd_addr - BD address of the peer
110 * p_le_key - LE key values.
111 * key_type - LE SMP key type.
112 *
113 * Returns true if added OK, else false
114 *
115 ******************************************************************************/
BTM_SecAddBleKey(const RawAddress & bd_addr,tBTM_LE_KEY_VALUE * p_le_key,tBTM_LE_KEY_TYPE key_type)116 void BTM_SecAddBleKey(const RawAddress& bd_addr, tBTM_LE_KEY_VALUE* p_le_key,
117 tBTM_LE_KEY_TYPE key_type) {
118 if (bluetooth::shim::is_gd_shim_enabled()) {
119 return bluetooth::shim::BTM_SecAddBleKey(bd_addr, p_le_key, key_type);
120 }
121
122 tBTM_SEC_DEV_REC* p_dev_rec;
123 BTM_TRACE_DEBUG("BTM_SecAddBleKey");
124 p_dev_rec = btm_find_dev(bd_addr);
125 if (!p_dev_rec || !p_le_key ||
126 (key_type != BTM_LE_KEY_PENC && key_type != BTM_LE_KEY_PID &&
127 key_type != BTM_LE_KEY_PCSRK && key_type != BTM_LE_KEY_LENC &&
128 key_type != BTM_LE_KEY_LCSRK && key_type != BTM_LE_KEY_LID)) {
129 LOG(WARNING) << __func__
130 << " Wrong Type, or No Device record for bdaddr: " << bd_addr
131 << ", Type: " << key_type;
132 return;
133 }
134
135 VLOG(1) << __func__ << " BDA: " << bd_addr << ", Type: " << key_type;
136
137 btm_sec_save_le_key(bd_addr, key_type, p_le_key, false);
138
139 if (key_type == BTM_LE_KEY_PID || key_type == BTM_LE_KEY_LID) {
140 btm_ble_resolving_list_load_dev(p_dev_rec);
141 }
142 }
143
144 /*******************************************************************************
145 *
146 * Function BTM_BleLoadLocalKeys
147 *
148 * Description Local local identity key, encryption root or sign counter.
149 *
150 * Parameters: key_type: type of key, can be BTM_BLE_KEY_TYPE_ID,
151 * BTM_BLE_KEY_TYPE_ER
152 * or BTM_BLE_KEY_TYPE_COUNTER.
153 * p_key: pointer to the key.
154 *
155 * Returns non2.
156 *
157 ******************************************************************************/
BTM_BleLoadLocalKeys(uint8_t key_type,tBTM_BLE_LOCAL_KEYS * p_key)158 void BTM_BleLoadLocalKeys(uint8_t key_type, tBTM_BLE_LOCAL_KEYS* p_key) {
159 if (bluetooth::shim::is_gd_shim_enabled()) {
160 return bluetooth::shim::BTM_BleLoadLocalKeys(key_type, p_key);
161 }
162
163 tBTM_DEVCB* p_devcb = &btm_cb.devcb;
164 BTM_TRACE_DEBUG("%s", __func__);
165 if (p_key != NULL) {
166 switch (key_type) {
167 case BTM_BLE_KEY_TYPE_ID:
168 memcpy(&p_devcb->id_keys, &p_key->id_keys,
169 sizeof(tBTM_BLE_LOCAL_ID_KEYS));
170 break;
171
172 case BTM_BLE_KEY_TYPE_ER:
173 p_devcb->ble_encryption_key_value = p_key->er;
174 break;
175
176 default:
177 BTM_TRACE_ERROR("unknow local key type: %d", key_type);
178 break;
179 }
180 }
181 }
182
183 /** Returns local device encryption root (ER) */
BTM_GetDeviceEncRoot()184 const Octet16& BTM_GetDeviceEncRoot() {
185 if (bluetooth::shim::is_gd_shim_enabled()) {
186 return bluetooth::shim::BTM_GetDeviceEncRoot();
187 }
188 return btm_cb.devcb.ble_encryption_key_value;
189 }
190
191 /** Returns local device identity root (IR). */
BTM_GetDeviceIDRoot()192 const Octet16& BTM_GetDeviceIDRoot() {
193 if (bluetooth::shim::is_gd_shim_enabled()) {
194 return bluetooth::shim::BTM_GetDeviceIDRoot();
195 }
196 return btm_cb.devcb.id_keys.irk;
197 }
198
199 /** Return local device DHK. */
BTM_GetDeviceDHK()200 const Octet16& BTM_GetDeviceDHK() {
201 if (bluetooth::shim::is_gd_shim_enabled()) {
202 return bluetooth::shim::BTM_GetDeviceDHK();
203 }
204 return btm_cb.devcb.id_keys.dhk;
205 }
206
207
208 /*******************************************************************************
209 *
210 * Function BTM_SecurityGrant
211 *
212 * Description This function is called to grant security process.
213 *
214 * Parameters bd_addr - peer device bd address.
215 * res - result of the operation BTM_SUCCESS if success.
216 * Otherwise, BTM_REPEATED_ATTEMPTS if too many
217 * attempts.
218 *
219 * Returns None
220 *
221 ******************************************************************************/
BTM_SecurityGrant(const RawAddress & bd_addr,uint8_t res)222 void BTM_SecurityGrant(const RawAddress& bd_addr, uint8_t res) {
223 if (bluetooth::shim::is_gd_shim_enabled()) {
224 return bluetooth::shim::BTM_SecurityGrant(bd_addr, res);
225 }
226 tSMP_STATUS res_smp =
227 (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_REPEATED_ATTEMPTS;
228 BTM_TRACE_DEBUG("BTM_SecurityGrant");
229 SMP_SecurityGrant(bd_addr, res_smp);
230 }
231
232 /*******************************************************************************
233 *
234 * Function BTM_BlePasskeyReply
235 *
236 * Description This function is called after Security Manager submitted
237 * passkey request to the application.
238 *
239 * Parameters: bd_addr - Address of the device for which passkey was
240 * requested
241 * res - result of the operation BTM_SUCCESS if success
242 * key_len - length in bytes of the Passkey
243 * p_passkey - pointer to array with the passkey
244 *
245 ******************************************************************************/
BTM_BlePasskeyReply(const RawAddress & bd_addr,uint8_t res,uint32_t passkey)246 void BTM_BlePasskeyReply(const RawAddress& bd_addr, uint8_t res,
247 uint32_t passkey) {
248 if (bluetooth::shim::is_gd_shim_enabled()) {
249 ASSERT_LOG(false, "This should not be invoked from code path");
250 }
251 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bd_addr);
252 tSMP_STATUS res_smp =
253 (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_PASSKEY_ENTRY_FAIL;
254
255 if (p_dev_rec == NULL) {
256 BTM_TRACE_ERROR("Passkey reply to Unknown device");
257 return;
258 }
259
260 p_dev_rec->sec_flags |= BTM_SEC_LE_AUTHENTICATED;
261 BTM_TRACE_DEBUG("BTM_BlePasskeyReply");
262 SMP_PasskeyReply(bd_addr, res_smp, passkey);
263 }
264
265 /*******************************************************************************
266 *
267 * Function BTM_BleConfirmReply
268 *
269 * Description This function is called after Security Manager submitted
270 * numeric comparison request to the application.
271 *
272 * Parameters: bd_addr - Address of the device with which numeric
273 * comparison was requested
274 * res - comparison result BTM_SUCCESS if success
275 *
276 ******************************************************************************/
BTM_BleConfirmReply(const RawAddress & bd_addr,uint8_t res)277 void BTM_BleConfirmReply(const RawAddress& bd_addr, uint8_t res) {
278 if (bluetooth::shim::is_gd_shim_enabled()) {
279 ASSERT_LOG(false, "This should not be invoked from code path");
280 }
281 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bd_addr);
282 tSMP_STATUS res_smp =
283 (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_PASSKEY_ENTRY_FAIL;
284
285 if (p_dev_rec == NULL) {
286 BTM_TRACE_ERROR("Passkey reply to Unknown device");
287 return;
288 }
289
290 p_dev_rec->sec_flags |= BTM_SEC_LE_AUTHENTICATED;
291 BTM_TRACE_DEBUG("%s", __func__);
292 SMP_ConfirmReply(bd_addr, res_smp);
293 }
294
295 /*******************************************************************************
296 *
297 * Function BTM_BleOobDataReply
298 *
299 * Description This function is called to provide the OOB data for
300 * SMP in response to BTM_LE_OOB_REQ_EVT
301 *
302 * Parameters: bd_addr - Address of the peer device
303 * res - result of the operation SMP_SUCCESS if success
304 * p_data - oob data, depending on transport and
305 * capabilities.
306 * Might be "Simple Pairing Randomizer", or
307 * "Security Manager TK Value".
308 *
309 ******************************************************************************/
BTM_BleOobDataReply(const RawAddress & bd_addr,uint8_t res,uint8_t len,uint8_t * p_data)310 void BTM_BleOobDataReply(const RawAddress& bd_addr, uint8_t res, uint8_t len,
311 uint8_t* p_data) {
312 if (bluetooth::shim::is_gd_shim_enabled()) {
313 return bluetooth::shim::BTM_BleOobDataReply(bd_addr, res, len, p_data);
314 }
315 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_OOB_FAIL;
316 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bd_addr);
317
318 BTM_TRACE_DEBUG("%s:", __func__);
319
320 if (p_dev_rec == NULL) {
321 BTM_TRACE_ERROR("%s: Unknown device", __func__);
322 return;
323 }
324
325 p_dev_rec->sec_flags |= BTM_SEC_LE_AUTHENTICATED;
326 SMP_OobDataReply(bd_addr, res_smp, len, p_data);
327 }
328
329 /*******************************************************************************
330 *
331 * Function BTM_BleSecureConnectionOobDataReply
332 *
333 * Description This function is called to provide the OOB data for
334 * SMP in response to BTM_LE_OOB_REQ_EVT when secure connection
335 * data is available
336 *
337 * Parameters: bd_addr - Address of the peer device
338 * p_c - pointer to Confirmation.
339 * p_r - pointer to Randomizer
340 *
341 ******************************************************************************/
BTM_BleSecureConnectionOobDataReply(const RawAddress & bd_addr,uint8_t * p_c,uint8_t * p_r)342 void BTM_BleSecureConnectionOobDataReply(const RawAddress& bd_addr,
343 uint8_t* p_c, uint8_t* p_r) {
344 if (bluetooth::shim::is_gd_shim_enabled()) {
345 return bluetooth::shim::BTM_BleSecureConnectionOobDataReply(bd_addr, p_c,
346 p_r);
347 }
348 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bd_addr);
349
350 BTM_TRACE_DEBUG("%s:", __func__);
351
352 if (p_dev_rec == NULL) {
353 BTM_TRACE_ERROR("%s: Unknown device", __func__);
354 return;
355 }
356
357 p_dev_rec->sec_flags |= BTM_SEC_LE_AUTHENTICATED;
358
359 tSMP_SC_OOB_DATA oob;
360 memset(&oob, 0, sizeof(tSMP_SC_OOB_DATA));
361
362 oob.peer_oob_data.present = true;
363 memcpy(&oob.peer_oob_data.randomizer, p_r, OCTET16_LEN);
364 memcpy(&oob.peer_oob_data.commitment, p_c, OCTET16_LEN);
365 oob.peer_oob_data.addr_rcvd_from.type = p_dev_rec->ble.ble_addr_type;
366 oob.peer_oob_data.addr_rcvd_from.bda = bd_addr;
367
368 SMP_SecureConnectionOobDataReply((uint8_t*)&oob);
369 }
370
371 /********************************************************
372 *
373 * Function BTM_BleSetPrefConnParams
374 *
375 * Description Set a peripheral's preferred connection parameters
376 *
377 * Parameters: bd_addr - BD address of the peripheral
378 * scan_interval: scan interval
379 * scan_window: scan window
380 * min_conn_int - minimum preferred connection interval
381 * max_conn_int - maximum preferred connection interval
382 * peripheral_latency - preferred peripheral latency
383 * supervision_tout - preferred supervision timeout
384 *
385 * Returns void
386 *
387 ******************************************************************************/
BTM_BleSetPrefConnParams(const RawAddress & bd_addr,uint16_t min_conn_int,uint16_t max_conn_int,uint16_t peripheral_latency,uint16_t supervision_tout)388 void BTM_BleSetPrefConnParams(const RawAddress& bd_addr, uint16_t min_conn_int,
389 uint16_t max_conn_int,
390 uint16_t peripheral_latency,
391 uint16_t supervision_tout) {
392 if (bluetooth::shim::is_gd_shim_enabled()) {
393 return bluetooth::shim::BTM_BleSetPrefConnParams(
394 bd_addr, min_conn_int, max_conn_int, peripheral_latency,
395 supervision_tout);
396 }
397 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bd_addr);
398
399 BTM_TRACE_API(
400 "BTM_BleSetPrefConnParams min: %u max: %u latency: %u \
401 tout: %u",
402 min_conn_int, max_conn_int, peripheral_latency, supervision_tout);
403
404 if (BTM_BLE_ISVALID_PARAM(min_conn_int, BTM_BLE_CONN_INT_MIN,
405 BTM_BLE_CONN_INT_MAX) &&
406 BTM_BLE_ISVALID_PARAM(max_conn_int, BTM_BLE_CONN_INT_MIN,
407 BTM_BLE_CONN_INT_MAX) &&
408 BTM_BLE_ISVALID_PARAM(supervision_tout, BTM_BLE_CONN_SUP_TOUT_MIN,
409 BTM_BLE_CONN_SUP_TOUT_MAX) &&
410 (peripheral_latency <= BTM_BLE_CONN_LATENCY_MAX ||
411 peripheral_latency == BTM_BLE_CONN_PARAM_UNDEF)) {
412 if (p_dev_rec) {
413 /* expect conn int and stout and peripheral latency to be updated all
414 * together
415 */
416 if (min_conn_int != BTM_BLE_CONN_PARAM_UNDEF ||
417 max_conn_int != BTM_BLE_CONN_PARAM_UNDEF) {
418 if (min_conn_int != BTM_BLE_CONN_PARAM_UNDEF)
419 p_dev_rec->conn_params.min_conn_int = min_conn_int;
420 else
421 p_dev_rec->conn_params.min_conn_int = max_conn_int;
422
423 if (max_conn_int != BTM_BLE_CONN_PARAM_UNDEF)
424 p_dev_rec->conn_params.max_conn_int = max_conn_int;
425 else
426 p_dev_rec->conn_params.max_conn_int = min_conn_int;
427
428 if (peripheral_latency != BTM_BLE_CONN_PARAM_UNDEF)
429 p_dev_rec->conn_params.peripheral_latency = peripheral_latency;
430 else
431 p_dev_rec->conn_params.peripheral_latency =
432 BTM_BLE_CONN_PERIPHERAL_LATENCY_DEF;
433
434 if (supervision_tout != BTM_BLE_CONN_PARAM_UNDEF)
435 p_dev_rec->conn_params.supervision_tout = supervision_tout;
436 else
437 p_dev_rec->conn_params.supervision_tout = BTM_BLE_CONN_TIMEOUT_DEF;
438 }
439
440 } else {
441 BTM_TRACE_ERROR("Unknown Device, setting rejected");
442 }
443 } else {
444 BTM_TRACE_ERROR("Illegal Connection Parameters");
445 }
446 }
447
448 /*******************************************************************************
449 *
450 * Function BTM_ReadDevInfo
451 *
452 * Description This function is called to read the device/address type
453 * of BD address.
454 *
455 * Parameter remote_bda: remote device address
456 * p_dev_type: output parameter to read the device type.
457 * p_addr_type: output parameter to read the address type.
458 *
459 ******************************************************************************/
BTM_ReadDevInfo(const RawAddress & remote_bda,tBT_DEVICE_TYPE * p_dev_type,tBLE_ADDR_TYPE * p_addr_type)460 void BTM_ReadDevInfo(const RawAddress& remote_bda, tBT_DEVICE_TYPE* p_dev_type,
461 tBLE_ADDR_TYPE* p_addr_type) {
462 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(remote_bda);
463 tBTM_INQ_INFO* p_inq_info = BTM_InqDbRead(remote_bda);
464
465 *p_addr_type = BLE_ADDR_PUBLIC;
466
467 if (!p_dev_rec) {
468 *p_dev_type = BT_DEVICE_TYPE_BREDR;
469 /* Check with the BT manager if details about remote device are known */
470 if (p_inq_info != NULL) {
471 *p_dev_type = p_inq_info->results.device_type;
472 *p_addr_type = p_inq_info->results.ble_addr_type;
473 } else {
474 /* unknown device, assume BR/EDR */
475 BTM_TRACE_DEBUG("btm_find_dev_type - unknown device, BR/EDR assumed");
476 }
477 } else /* there is a security device record exisitng */
478 {
479 /* new inquiry result, overwrite device type in security device record */
480 if (p_inq_info) {
481 p_dev_rec->device_type = p_inq_info->results.device_type;
482 p_dev_rec->ble.ble_addr_type = p_inq_info->results.ble_addr_type;
483 }
484 if (p_dev_rec->bd_addr == remote_bda &&
485 p_dev_rec->ble.pseudo_addr == remote_bda) {
486 *p_dev_type = p_dev_rec->device_type;
487 *p_addr_type = p_dev_rec->ble.ble_addr_type;
488 } else if (p_dev_rec->ble.pseudo_addr == remote_bda) {
489 *p_dev_type = BT_DEVICE_TYPE_BLE;
490 *p_addr_type = p_dev_rec->ble.ble_addr_type;
491 } else /* matching static adddress only */
492 {
493 *p_dev_type = BT_DEVICE_TYPE_BREDR;
494 *p_addr_type = BLE_ADDR_PUBLIC;
495 }
496 }
497
498 BTM_TRACE_DEBUG("btm_find_dev_type - device_type = %d addr_type = %d",
499 *p_dev_type, *p_addr_type);
500 }
501
502 /*******************************************************************************
503 *
504 * Function BTM_ReadConnectedTransportAddress
505 *
506 * Description This function is called to read the paired device/address
507 * type of other device paired corresponding to the BD_address
508 *
509 * Parameter remote_bda: remote device address, carry out the transport
510 * address
511 * transport: active transport
512 *
513 * Return true if an active link is identified; false otherwise
514 *
515 ******************************************************************************/
BTM_ReadConnectedTransportAddress(RawAddress * remote_bda,tBT_TRANSPORT transport)516 bool BTM_ReadConnectedTransportAddress(RawAddress* remote_bda,
517 tBT_TRANSPORT transport) {
518 if (bluetooth::shim::is_gd_shim_enabled()) {
519 return bluetooth::shim::BTM_ReadConnectedTransportAddress(remote_bda,
520 transport);
521 }
522 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(*remote_bda);
523
524 /* if no device can be located, return */
525 if (p_dev_rec == NULL) return false;
526
527 if (transport == BT_TRANSPORT_BR_EDR) {
528 if (BTM_IsAclConnectionUp(p_dev_rec->bd_addr, transport)) {
529 *remote_bda = p_dev_rec->bd_addr;
530 return true;
531 } else if (p_dev_rec->device_type & BT_DEVICE_TYPE_BREDR) {
532 *remote_bda = p_dev_rec->bd_addr;
533 } else
534 *remote_bda = RawAddress::kEmpty;
535 return false;
536 }
537
538 if (transport == BT_TRANSPORT_LE) {
539 *remote_bda = p_dev_rec->ble.pseudo_addr;
540 if (BTM_IsAclConnectionUp(p_dev_rec->ble.pseudo_addr, transport))
541 return true;
542 else
543 return false;
544 }
545
546 return false;
547 }
548
549 /*******************************************************************************
550 *
551 * Function BTM_BleReceiverTest
552 *
553 * Description This function is called to start the LE Receiver test
554 *
555 * Parameter rx_freq - Frequency Range
556 * p_cmd_cmpl_cback - Command Complete callback
557 *
558 ******************************************************************************/
BTM_BleReceiverTest(uint8_t rx_freq,tBTM_CMPL_CB * p_cmd_cmpl_cback)559 void BTM_BleReceiverTest(uint8_t rx_freq, tBTM_CMPL_CB* p_cmd_cmpl_cback) {
560 if (bluetooth::shim::is_gd_shim_enabled()) {
561 return bluetooth::shim::BTM_BleReceiverTest(rx_freq, p_cmd_cmpl_cback);
562 }
563 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback;
564
565 btsnd_hcic_ble_receiver_test(rx_freq);
566 }
567
568 /*******************************************************************************
569 *
570 * Function BTM_BleTransmitterTest
571 *
572 * Description This function is called to start the LE Transmitter test
573 *
574 * Parameter tx_freq - Frequency Range
575 * test_data_len - Length in bytes of payload data in each
576 * packet
577 * packet_payload - Pattern to use in the payload
578 * p_cmd_cmpl_cback - Command Complete callback
579 *
580 ******************************************************************************/
BTM_BleTransmitterTest(uint8_t tx_freq,uint8_t test_data_len,uint8_t packet_payload,tBTM_CMPL_CB * p_cmd_cmpl_cback)581 void BTM_BleTransmitterTest(uint8_t tx_freq, uint8_t test_data_len,
582 uint8_t packet_payload,
583 tBTM_CMPL_CB* p_cmd_cmpl_cback) {
584 if (bluetooth::shim::is_gd_shim_enabled()) {
585 return bluetooth::shim::BTM_BleTransmitterTest(
586 tx_freq, test_data_len, packet_payload, p_cmd_cmpl_cback);
587 }
588 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback;
589 btsnd_hcic_ble_transmitter_test(tx_freq, test_data_len, packet_payload);
590 }
591
592 /*******************************************************************************
593 *
594 * Function BTM_BleTestEnd
595 *
596 * Description This function is called to stop the in-progress TX or RX
597 * test
598 *
599 * Parameter p_cmd_cmpl_cback - Command complete callback
600 *
601 ******************************************************************************/
BTM_BleTestEnd(tBTM_CMPL_CB * p_cmd_cmpl_cback)602 void BTM_BleTestEnd(tBTM_CMPL_CB* p_cmd_cmpl_cback) {
603 if (bluetooth::shim::is_gd_shim_enabled()) {
604 return bluetooth::shim::BTM_BleTestEnd(p_cmd_cmpl_cback);
605 }
606 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback;
607
608 btsnd_hcic_ble_test_end();
609 }
610
611 /*******************************************************************************
612 * Internal Functions
613 ******************************************************************************/
btm_ble_test_command_complete(uint8_t * p)614 void btm_ble_test_command_complete(uint8_t* p) {
615 tBTM_CMPL_CB* p_cb = btm_cb.devcb.p_le_test_cmd_cmpl_cb;
616
617 btm_cb.devcb.p_le_test_cmd_cmpl_cb = NULL;
618
619 if (p_cb) {
620 (*p_cb)(p);
621 }
622 }
623
624 /*******************************************************************************
625 *
626 * Function BTM_UseLeLink
627 *
628 * Description This function is to select the underlying physical link to
629 * use.
630 *
631 * Returns true to use LE, false use BR/EDR.
632 *
633 ******************************************************************************/
BTM_UseLeLink(const RawAddress & bd_addr)634 bool BTM_UseLeLink(const RawAddress& bd_addr) {
635 if (bluetooth::shim::is_gd_shim_enabled()) {
636 return bluetooth::shim::BTM_UseLeLink(bd_addr);
637 }
638
639 if (BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_BR_EDR)) {
640 return false;
641 } else if (BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_LE)) {
642 return true;
643 }
644
645 tBT_DEVICE_TYPE dev_type;
646 tBLE_ADDR_TYPE addr_type;
647 BTM_ReadDevInfo(bd_addr, &dev_type, &addr_type);
648 return (dev_type == BT_DEVICE_TYPE_BLE);
649 }
650
BTM_SetBleDataLength(const RawAddress & bd_addr,uint16_t tx_pdu_length)651 tBTM_STATUS BTM_SetBleDataLength(const RawAddress& bd_addr,
652 uint16_t tx_pdu_length) {
653 if (!controller_get_interface()->supports_ble_packet_extension()) {
654 LOG_INFO("Local controller unable to support le packet extension");
655 return BTM_ILLEGAL_VALUE;
656 }
657
658 if (tx_pdu_length > BTM_BLE_DATA_SIZE_MAX)
659 tx_pdu_length = BTM_BLE_DATA_SIZE_MAX;
660 else if (tx_pdu_length < BTM_BLE_DATA_SIZE_MIN)
661 tx_pdu_length = BTM_BLE_DATA_SIZE_MIN;
662
663 uint16_t tx_time = BTM_BLE_DATA_TX_TIME_MAX_LEGACY;
664
665 if (controller_get_interface()->get_bt_version()->hci_version >=
666 HCI_PROTO_VERSION_5_0)
667 tx_time = BTM_BLE_DATA_TX_TIME_MAX;
668
669 if (!BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_LE)) {
670 LOG_INFO(
671 "Unable to set data length because no le acl link connected to device");
672 return BTM_WRONG_MODE;
673 }
674
675 if (bluetooth::shim::is_gd_l2cap_enabled()) {
676 uint16_t handle = bluetooth::shim::L2CA_GetLeHandle(bd_addr);
677 btsnd_hcic_ble_set_data_length(handle, tx_pdu_length, tx_time);
678 return BTM_SUCCESS;
679 }
680
681 uint16_t hci_handle = BTM_GetHCIConnHandle(bd_addr, BT_TRANSPORT_LE);
682
683 if (!acl_peer_supports_ble_packet_extension(hci_handle)) {
684 LOG_INFO("Remote device unable to support le packet extension");
685 return BTM_ILLEGAL_VALUE;
686 }
687
688 tx_pdu_length = std::min<uint16_t>(
689 tx_pdu_length,
690 controller_get_interface()->get_ble_maximum_tx_data_length());
691 tx_time = std::min<uint16_t>(
692 tx_time, controller_get_interface()->get_ble_maximum_tx_time());
693
694 btsnd_hcic_ble_set_data_length(hci_handle, tx_pdu_length, tx_time);
695
696 return BTM_SUCCESS;
697 }
698
read_phy_cb(base::Callback<void (uint8_t tx_phy,uint8_t rx_phy,uint8_t status)> cb,uint8_t * data,uint16_t len)699 void read_phy_cb(
700 base::Callback<void(uint8_t tx_phy, uint8_t rx_phy, uint8_t status)> cb,
701 uint8_t* data, uint16_t len) {
702 uint8_t status, tx_phy, rx_phy;
703 uint16_t handle;
704
705 LOG_ASSERT(len == 5) << "Received bad response length: " << len;
706 uint8_t* pp = data;
707 STREAM_TO_UINT8(status, pp);
708 STREAM_TO_UINT16(handle, pp);
709 handle = handle & 0x0FFF;
710 STREAM_TO_UINT8(tx_phy, pp);
711 STREAM_TO_UINT8(rx_phy, pp);
712
713 DVLOG(1) << __func__ << " Received read_phy_cb";
714 cb.Run(tx_phy, rx_phy, status);
715 }
716
717 /*******************************************************************************
718 *
719 * Function BTM_BleReadPhy
720 *
721 * Description To read the current PHYs for specified LE connection
722 *
723 *
724 * Returns BTM_SUCCESS if command successfully sent to controller,
725 * BTM_MODE_UNSUPPORTED if local controller doesn't support LE
726 * 2M or LE Coded PHY,
727 * BTM_WRONG_MODE if Device in wrong mode for request.
728 *
729 ******************************************************************************/
BTM_BleReadPhy(const RawAddress & bd_addr,base::Callback<void (uint8_t tx_phy,uint8_t rx_phy,uint8_t status)> cb)730 void BTM_BleReadPhy(
731 const RawAddress& bd_addr,
732 base::Callback<void(uint8_t tx_phy, uint8_t rx_phy, uint8_t status)> cb) {
733 if (bluetooth::shim::is_gd_shim_enabled()) {
734 return bluetooth::shim::BTM_BleReadPhy(bd_addr, cb);
735 }
736 BTM_TRACE_DEBUG("%s", __func__);
737
738 if (!BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_LE)) {
739 BTM_TRACE_ERROR("%s: Wrong mode: no LE link exist or LE not supported",
740 __func__);
741 cb.Run(0, 0, HCI_ERR_NO_CONNECTION);
742 return;
743 }
744
745 // checking if local controller supports it!
746 if (!controller_get_interface()->supports_ble_2m_phy() &&
747 !controller_get_interface()->supports_ble_coded_phy()) {
748 BTM_TRACE_ERROR("%s failed, request not supported in local controller!",
749 __func__);
750 cb.Run(0, 0, GATT_REQ_NOT_SUPPORTED);
751 return;
752 }
753
754 uint16_t handle = BTM_GetHCIConnHandle(bd_addr, BT_TRANSPORT_LE);
755
756 const uint8_t len = HCIC_PARAM_SIZE_BLE_READ_PHY;
757 uint8_t data[len];
758 uint8_t* pp = data;
759 UINT16_TO_STREAM(pp, handle);
760 btu_hcif_send_cmd_with_cb(FROM_HERE, HCI_BLE_READ_PHY, data, len,
761 base::Bind(&read_phy_cb, std::move(cb)));
762 return;
763 }
764
doNothing(uint8_t * data,uint16_t len)765 void doNothing(uint8_t* data, uint16_t len) {}
766
BTM_BleSetPhy(const RawAddress & bd_addr,uint8_t tx_phys,uint8_t rx_phys,uint16_t phy_options)767 void BTM_BleSetPhy(const RawAddress& bd_addr, uint8_t tx_phys, uint8_t rx_phys,
768 uint16_t phy_options) {
769 if (bluetooth::shim::is_gd_shim_enabled()) {
770 return bluetooth::shim::BTM_BleSetPhy(bd_addr, tx_phys, rx_phys,
771 phy_options);
772 }
773 if (!BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_LE)) {
774 LOG_INFO(
775 "Unable to set phy preferences because no le acl is connected to "
776 "device");
777 return;
778 }
779
780 uint8_t all_phys = 0;
781 if (tx_phys == 0) all_phys &= 0x01;
782 if (rx_phys == 0) all_phys &= 0x02;
783
784 uint16_t handle = BTM_GetHCIConnHandle(bd_addr, BT_TRANSPORT_LE);
785
786 // checking if local controller supports it!
787 if (!controller_get_interface()->supports_ble_2m_phy() &&
788 !controller_get_interface()->supports_ble_coded_phy()) {
789 LOG_INFO("Local controller unable to support setting of le phy parameters");
790 gatt_notify_phy_updated(GATT_REQ_NOT_SUPPORTED, handle, tx_phys, rx_phys);
791 return;
792 }
793
794 if (!acl_peer_supports_ble_2m_phy(handle) &&
795 !acl_peer_supports_ble_coded_phy(handle)) {
796 LOG_INFO("Remote device unable to support setting of le phy parameter");
797 gatt_notify_phy_updated(GATT_REQ_NOT_SUPPORTED, handle, tx_phys, rx_phys);
798 return;
799 }
800
801 const uint8_t len = HCIC_PARAM_SIZE_BLE_SET_PHY;
802 uint8_t data[len];
803 uint8_t* pp = data;
804 UINT16_TO_STREAM(pp, handle);
805 UINT8_TO_STREAM(pp, all_phys);
806 UINT8_TO_STREAM(pp, tx_phys);
807 UINT8_TO_STREAM(pp, rx_phys);
808 UINT16_TO_STREAM(pp, phy_options);
809 btu_hcif_send_cmd_with_cb(FROM_HERE, HCI_BLE_SET_PHY, data, len,
810 base::Bind(doNothing));
811 }
812
813 /*******************************************************************************
814 *
815 * Function btm_ble_determine_security_act
816 *
817 * Description This function checks the security of current LE link
818 * and returns the appropriate action that needs to be
819 * taken to achieve the required security.
820 *
821 * Parameter is_originator - True if outgoing connection
822 * bdaddr: remote device address
823 * security_required: Security required for the service.
824 *
825 * Returns The appropriate security action required.
826 *
827 ******************************************************************************/
btm_ble_determine_security_act(bool is_originator,const RawAddress & bdaddr,uint16_t security_required)828 tBTM_SEC_ACTION btm_ble_determine_security_act(bool is_originator,
829 const RawAddress& bdaddr,
830 uint16_t security_required) {
831 tBTM_LE_AUTH_REQ auth_req = 0x00;
832
833 if (is_originator) {
834 if ((security_required & BTM_SEC_OUT_FLAGS) == 0 &&
835 (security_required & BTM_SEC_OUT_MITM) == 0) {
836 BTM_TRACE_DEBUG("%s No security required for outgoing connection",
837 __func__);
838 return BTM_SEC_OK;
839 }
840
841 if (security_required & BTM_SEC_OUT_MITM) auth_req |= BTM_LE_AUTH_REQ_MITM;
842 } else {
843 if ((security_required & BTM_SEC_IN_FLAGS) == 0 &&
844 (security_required & BTM_SEC_IN_MITM) == 0) {
845 BTM_TRACE_DEBUG("%s No security required for incoming connection",
846 __func__);
847 return BTM_SEC_OK;
848 }
849
850 if (security_required & BTM_SEC_IN_MITM) auth_req |= BTM_LE_AUTH_REQ_MITM;
851 }
852
853 tBTM_BLE_SEC_REQ_ACT ble_sec_act;
854 btm_ble_link_sec_check(bdaddr, auth_req, &ble_sec_act);
855
856 BTM_TRACE_DEBUG("%s ble_sec_act %d", __func__, ble_sec_act);
857
858 if (ble_sec_act == BTM_BLE_SEC_REQ_ACT_DISCARD) return BTM_SEC_ENC_PENDING;
859
860 if (ble_sec_act == BTM_BLE_SEC_REQ_ACT_NONE) return BTM_SEC_OK;
861
862 bool is_link_encrypted = BTM_IsEncrypted(bdaddr, BT_TRANSPORT_LE);
863 bool is_key_mitm = BTM_IsLinkKeyAuthed(bdaddr, BT_TRANSPORT_LE);
864
865 if (auth_req & BTM_LE_AUTH_REQ_MITM) {
866 if (!is_key_mitm) {
867 return BTM_SEC_ENCRYPT_MITM;
868 } else {
869 if (is_link_encrypted)
870 return BTM_SEC_OK;
871 else
872 return BTM_SEC_ENCRYPT;
873 }
874 } else {
875 if (is_link_encrypted)
876 return BTM_SEC_OK;
877 else
878 return BTM_SEC_ENCRYPT_NO_MITM;
879 }
880
881 return BTM_SEC_OK;
882 }
883
884 /*******************************************************************************
885 *
886 * Function btm_ble_start_sec_check
887 *
888 * Description This function is to check and set the security required for
889 * LE link for LE COC.
890 *
891 * Parameter bdaddr: remote device address.
892 * psm : PSM of the LE COC sevice.
893 * is_originator: true if outgoing connection.
894 * p_callback : Pointer to the callback function.
895 * p_ref_data : Pointer to be returned along with the callback.
896 *
897 * Returns Returns - L2CAP LE Connection Response Result Code.
898 *
899 ******************************************************************************/
btm_ble_start_sec_check(const RawAddress & bd_addr,uint16_t psm,bool is_originator,tBTM_SEC_CALLBACK * p_callback,void * p_ref_data)900 tL2CAP_LE_RESULT_CODE btm_ble_start_sec_check(const RawAddress& bd_addr,
901 uint16_t psm, bool is_originator,
902 tBTM_SEC_CALLBACK* p_callback,
903 void* p_ref_data) {
904 /* Find the service record for the PSM */
905 tBTM_SEC_SERV_REC* p_serv_rec = btm_sec_find_first_serv(is_originator, psm);
906
907 /* If there is no application registered with this PSM do not allow connection
908 */
909 if (!p_serv_rec) {
910 LOG_WARN("PSM: %d no application registered", psm);
911 (*p_callback)(&bd_addr, BT_TRANSPORT_LE, p_ref_data, BTM_MODE_UNSUPPORTED);
912 return L2CAP_LE_RESULT_NO_PSM;
913 }
914
915 bool is_encrypted = BTM_IsEncrypted(bd_addr, BT_TRANSPORT_LE);
916 bool is_link_key_authed = BTM_IsLinkKeyAuthed(bd_addr, BT_TRANSPORT_LE);
917 bool is_authenticated = BTM_IsAuthenticated(bd_addr, BT_TRANSPORT_LE);
918
919 if (!is_originator) {
920 if ((p_serv_rec->security_flags & BTM_SEC_IN_ENCRYPT) && !is_encrypted) {
921 LOG_ERROR(
922 "L2CAP_LE_RESULT_INSUFFICIENT_ENCRYP. service "
923 "security_flags=0x%x, ",
924 p_serv_rec->security_flags);
925 return L2CAP_LE_RESULT_INSUFFICIENT_ENCRYP;
926 } else if ((p_serv_rec->security_flags & BTM_SEC_IN_AUTHENTICATE) &&
927 !(is_link_key_authed || is_authenticated)) {
928 LOG_ERROR(
929 "L2CAP_LE_RESULT_INSUFFICIENT_AUTHENTICATION. service "
930 "security_flags=0x%x, ",
931 p_serv_rec->security_flags);
932 return L2CAP_LE_RESULT_INSUFFICIENT_AUTHENTICATION;
933 }
934 /* TODO: When security is required, then must check that the key size of our
935 service is equal or smaller than the incoming connection key size. */
936 }
937
938 tBTM_SEC_ACTION sec_act = btm_ble_determine_security_act(
939 is_originator, bd_addr, p_serv_rec->security_flags);
940
941 tBTM_BLE_SEC_ACT ble_sec_act = BTM_BLE_SEC_NONE;
942 tL2CAP_LE_RESULT_CODE result = L2CAP_LE_RESULT_CONN_OK;
943
944 switch (sec_act) {
945 case BTM_SEC_OK:
946 LOG_DEBUG("Security met");
947 p_callback(&bd_addr, BT_TRANSPORT_LE, p_ref_data, BTM_SUCCESS);
948 result = L2CAP_LE_RESULT_CONN_OK;
949 break;
950
951 case BTM_SEC_ENCRYPT:
952 LOG_DEBUG("Encryption needs to be done");
953 ble_sec_act = BTM_BLE_SEC_ENCRYPT;
954 break;
955
956 case BTM_SEC_ENCRYPT_MITM:
957 LOG_DEBUG("Pairing with MITM needs to be done");
958 ble_sec_act = BTM_BLE_SEC_ENCRYPT_MITM;
959 break;
960
961 case BTM_SEC_ENCRYPT_NO_MITM:
962 LOG_DEBUG("Pairing with No MITM needs to be done");
963 ble_sec_act = BTM_BLE_SEC_ENCRYPT_NO_MITM;
964 break;
965
966 case BTM_SEC_ENC_PENDING:
967 LOG_DEBUG("Ecryption pending");
968 break;
969 }
970
971 if (ble_sec_act == BTM_BLE_SEC_NONE) {
972 return result;
973 }
974
975 l2cble_update_sec_act(bd_addr, sec_act);
976 BTM_SetEncryption(bd_addr, BT_TRANSPORT_LE, p_callback, p_ref_data,
977 ble_sec_act);
978
979 return L2CAP_LE_RESULT_CONN_OK;
980 }
981
982 /*******************************************************************************
983 *
984 * Function btm_ble_rand_enc_complete
985 *
986 * Description This function is the callback functions for HCI_Rand command
987 * and HCI_Encrypt command is completed.
988 * This message is received from the HCI.
989 *
990 * Returns void
991 *
992 ******************************************************************************/
btm_ble_rand_enc_complete(uint8_t * p,uint16_t op_code,tBTM_RAND_ENC_CB * p_enc_cplt_cback)993 void btm_ble_rand_enc_complete(uint8_t* p, uint16_t op_code,
994 tBTM_RAND_ENC_CB* p_enc_cplt_cback) {
995 tBTM_RAND_ENC params;
996 uint8_t* p_dest = params.param_buf;
997
998 BTM_TRACE_DEBUG("btm_ble_rand_enc_complete");
999
1000 memset(¶ms, 0, sizeof(tBTM_RAND_ENC));
1001
1002 /* If there was a callback address for vcs complete, call it */
1003 if (p_enc_cplt_cback && p) {
1004 /* Pass paramters to the callback function */
1005 STREAM_TO_UINT8(params.status, p); /* command status */
1006
1007 if (params.status == HCI_SUCCESS) {
1008 params.opcode = op_code;
1009
1010 if (op_code == HCI_BLE_RAND)
1011 params.param_len = BT_OCTET8_LEN;
1012 else
1013 params.param_len = OCTET16_LEN;
1014
1015 /* Fetch return info from HCI event message */
1016 memcpy(p_dest, p, params.param_len);
1017 }
1018 if (p_enc_cplt_cback) /* Call the Encryption complete callback function */
1019 (*p_enc_cplt_cback)(¶ms);
1020 }
1021 }
1022
1023 /*******************************************************************************
1024 *
1025 * Function btm_ble_get_enc_key_type
1026 *
1027 * Description This function is to increment local sign counter
1028 * Returns None
1029 *
1030 ******************************************************************************/
btm_ble_increment_sign_ctr(const RawAddress & bd_addr,bool is_local)1031 void btm_ble_increment_sign_ctr(const RawAddress& bd_addr, bool is_local) {
1032 tBTM_SEC_DEV_REC* p_dev_rec;
1033
1034 BTM_TRACE_DEBUG("btm_ble_increment_sign_ctr is_local=%d", is_local);
1035
1036 p_dev_rec = btm_find_dev(bd_addr);
1037 if (p_dev_rec != NULL) {
1038 if (is_local)
1039 p_dev_rec->ble.keys.local_counter++;
1040 else
1041 p_dev_rec->ble.keys.counter++;
1042 BTM_TRACE_DEBUG("is_local=%d local sign counter=%d peer sign counter=%d",
1043 is_local, p_dev_rec->ble.keys.local_counter,
1044 p_dev_rec->ble.keys.counter);
1045 }
1046 }
1047
1048 /*******************************************************************************
1049 *
1050 * Function btm_ble_get_enc_key_type
1051 *
1052 * Description This function is to get the BLE key type that has been
1053 * exchanged betweem the local device and the peer device.
1054 *
1055 * Returns p_key_type: output parameter to carry the key type value.
1056 *
1057 ******************************************************************************/
btm_ble_get_enc_key_type(const RawAddress & bd_addr,uint8_t * p_key_types)1058 bool btm_ble_get_enc_key_type(const RawAddress& bd_addr, uint8_t* p_key_types) {
1059 tBTM_SEC_DEV_REC* p_dev_rec;
1060
1061 BTM_TRACE_DEBUG("btm_ble_get_enc_key_type");
1062
1063 p_dev_rec = btm_find_dev(bd_addr);
1064 if (p_dev_rec != NULL) {
1065 *p_key_types = p_dev_rec->ble.key_type;
1066 return true;
1067 }
1068 return false;
1069 }
1070
1071 /*******************************************************************************
1072 *
1073 * Function btm_get_local_div
1074 *
1075 * Description This function is called to read the local DIV
1076 *
1077 * Returns TURE - if a valid DIV is availavle
1078 ******************************************************************************/
btm_get_local_div(const RawAddress & bd_addr,uint16_t * p_div)1079 bool btm_get_local_div(const RawAddress& bd_addr, uint16_t* p_div) {
1080 tBTM_SEC_DEV_REC* p_dev_rec;
1081 bool status = false;
1082 VLOG(1) << __func__ << " bd_addr: " << bd_addr;
1083
1084 *p_div = 0;
1085 p_dev_rec = btm_find_dev(bd_addr);
1086
1087 if (p_dev_rec && p_dev_rec->ble.keys.div) {
1088 status = true;
1089 *p_div = p_dev_rec->ble.keys.div;
1090 }
1091 BTM_TRACE_DEBUG("btm_get_local_div status=%d (1-OK) DIV=0x%x", status,
1092 *p_div);
1093 return status;
1094 }
1095
1096 /*******************************************************************************
1097 *
1098 * Function btm_sec_save_le_key
1099 *
1100 * Description This function is called by the SMP to update
1101 * an BLE key. SMP is internal, whereas all the keys shall
1102 * be sent to the application. The function is also called
1103 * when application passes ble key stored in NVRAM to the
1104 * btm_sec.
1105 * pass_to_application parameter is false in this case.
1106 *
1107 * Returns void
1108 *
1109 ******************************************************************************/
btm_sec_save_le_key(const RawAddress & bd_addr,tBTM_LE_KEY_TYPE key_type,tBTM_LE_KEY_VALUE * p_keys,bool pass_to_application)1110 void btm_sec_save_le_key(const RawAddress& bd_addr, tBTM_LE_KEY_TYPE key_type,
1111 tBTM_LE_KEY_VALUE* p_keys, bool pass_to_application) {
1112 tBTM_SEC_DEV_REC* p_rec;
1113 tBTM_LE_EVT_DATA cb_data;
1114
1115 BTM_TRACE_DEBUG("btm_sec_save_le_key key_type=0x%x pass_to_application=%d",
1116 key_type, pass_to_application);
1117 /* Store the updated key in the device database */
1118
1119 VLOG(1) << "bd_addr:" << bd_addr;
1120
1121 if ((p_rec = btm_find_dev(bd_addr)) != NULL &&
1122 (p_keys || key_type == BTM_LE_KEY_LID)) {
1123 btm_ble_init_pseudo_addr(p_rec, bd_addr);
1124
1125 switch (key_type) {
1126 case BTM_LE_KEY_PENC:
1127 p_rec->ble.keys.pltk = p_keys->penc_key.ltk;
1128 memcpy(p_rec->ble.keys.rand, p_keys->penc_key.rand, BT_OCTET8_LEN);
1129 p_rec->ble.keys.sec_level = p_keys->penc_key.sec_level;
1130 p_rec->ble.keys.ediv = p_keys->penc_key.ediv;
1131 p_rec->ble.keys.key_size = p_keys->penc_key.key_size;
1132 p_rec->ble.key_type |= BTM_LE_KEY_PENC;
1133 p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_KNOWN;
1134 if (p_keys->penc_key.sec_level == SMP_SEC_AUTHENTICATED)
1135 p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_AUTHED;
1136 else
1137 p_rec->sec_flags &= ~BTM_SEC_LE_LINK_KEY_AUTHED;
1138 BTM_TRACE_DEBUG(
1139 "BTM_LE_KEY_PENC key_type=0x%x sec_flags=0x%x sec_leve=0x%x",
1140 p_rec->ble.key_type, p_rec->sec_flags, p_rec->ble.keys.sec_level);
1141 break;
1142
1143 case BTM_LE_KEY_PID:
1144 p_rec->ble.keys.irk = p_keys->pid_key.irk;
1145 p_rec->ble.identity_address_with_type.bda =
1146 p_keys->pid_key.identity_addr;
1147 p_rec->ble.identity_address_with_type.type =
1148 p_keys->pid_key.identity_addr_type;
1149 p_rec->ble.key_type |= BTM_LE_KEY_PID;
1150 BTM_TRACE_DEBUG(
1151 "%s: BTM_LE_KEY_PID key_type=0x%x save peer IRK, change bd_addr=%s "
1152 "to id_addr=%s id_addr_type=0x%x",
1153 __func__, p_rec->ble.key_type, p_rec->bd_addr.ToString().c_str(),
1154 p_keys->pid_key.identity_addr.ToString().c_str(),
1155 p_keys->pid_key.identity_addr_type);
1156 /* update device record address as identity address */
1157 p_rec->bd_addr = p_keys->pid_key.identity_addr;
1158 /* combine DUMO device security record if needed */
1159 btm_consolidate_dev(p_rec);
1160 break;
1161
1162 case BTM_LE_KEY_PCSRK:
1163 p_rec->ble.keys.pcsrk = p_keys->pcsrk_key.csrk;
1164 p_rec->ble.keys.srk_sec_level = p_keys->pcsrk_key.sec_level;
1165 p_rec->ble.keys.counter = p_keys->pcsrk_key.counter;
1166 p_rec->ble.key_type |= BTM_LE_KEY_PCSRK;
1167 p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_KNOWN;
1168 if (p_keys->pcsrk_key.sec_level == SMP_SEC_AUTHENTICATED)
1169 p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_AUTHED;
1170 else
1171 p_rec->sec_flags &= ~BTM_SEC_LE_LINK_KEY_AUTHED;
1172
1173 BTM_TRACE_DEBUG(
1174 "BTM_LE_KEY_PCSRK key_type=0x%x sec_flags=0x%x sec_level=0x%x "
1175 "peer_counter=%d",
1176 p_rec->ble.key_type, p_rec->sec_flags,
1177 p_rec->ble.keys.srk_sec_level, p_rec->ble.keys.counter);
1178 break;
1179
1180 case BTM_LE_KEY_LENC:
1181 p_rec->ble.keys.lltk = p_keys->lenc_key.ltk;
1182 p_rec->ble.keys.div = p_keys->lenc_key.div; /* update DIV */
1183 p_rec->ble.keys.sec_level = p_keys->lenc_key.sec_level;
1184 p_rec->ble.keys.key_size = p_keys->lenc_key.key_size;
1185 p_rec->ble.key_type |= BTM_LE_KEY_LENC;
1186
1187 BTM_TRACE_DEBUG(
1188 "BTM_LE_KEY_LENC key_type=0x%x DIV=0x%x key_size=0x%x "
1189 "sec_level=0x%x",
1190 p_rec->ble.key_type, p_rec->ble.keys.div, p_rec->ble.keys.key_size,
1191 p_rec->ble.keys.sec_level);
1192 break;
1193
1194 case BTM_LE_KEY_LCSRK: /* local CSRK has been delivered */
1195 p_rec->ble.keys.lcsrk = p_keys->lcsrk_key.csrk;
1196 p_rec->ble.keys.div = p_keys->lcsrk_key.div; /* update DIV */
1197 p_rec->ble.keys.local_csrk_sec_level = p_keys->lcsrk_key.sec_level;
1198 p_rec->ble.keys.local_counter = p_keys->lcsrk_key.counter;
1199 p_rec->ble.key_type |= BTM_LE_KEY_LCSRK;
1200 BTM_TRACE_DEBUG(
1201 "BTM_LE_KEY_LCSRK key_type=0x%x DIV=0x%x scrk_sec_level=0x%x "
1202 "local_counter=%d",
1203 p_rec->ble.key_type, p_rec->ble.keys.div,
1204 p_rec->ble.keys.local_csrk_sec_level,
1205 p_rec->ble.keys.local_counter);
1206 break;
1207
1208 case BTM_LE_KEY_LID:
1209 p_rec->ble.key_type |= BTM_LE_KEY_LID;
1210 break;
1211 default:
1212 BTM_TRACE_WARNING("btm_sec_save_le_key (Bad key_type 0x%02x)",
1213 key_type);
1214 return;
1215 }
1216
1217 VLOG(1) << "BLE key type 0x" << loghex(key_type)
1218 << " updated for BDA: " << bd_addr << " (btm_sec_save_le_key)";
1219
1220 /* Notify the application that one of the BLE keys has been updated
1221 If link key is in progress, it will get sent later.*/
1222 if (pass_to_application && btm_cb.api.p_le_callback) {
1223 cb_data.key.p_key_value = p_keys;
1224 cb_data.key.key_type = key_type;
1225
1226 (*btm_cb.api.p_le_callback)(BTM_LE_KEY_EVT, bd_addr, &cb_data);
1227 }
1228 return;
1229 }
1230
1231 LOG(WARNING) << "BLE key type 0x" << loghex(key_type)
1232 << " called for Unknown BDA or type: " << bd_addr
1233 << "(btm_sec_save_le_key)";
1234
1235 if (p_rec) {
1236 BTM_TRACE_DEBUG("sec_flags=0x%x", p_rec->sec_flags);
1237 }
1238 }
1239
1240 /*******************************************************************************
1241 *
1242 * Function btm_ble_update_sec_key_size
1243 *
1244 * Description update the current lin kencryption key size
1245 *
1246 * Returns void
1247 *
1248 ******************************************************************************/
btm_ble_update_sec_key_size(const RawAddress & bd_addr,uint8_t enc_key_size)1249 void btm_ble_update_sec_key_size(const RawAddress& bd_addr,
1250 uint8_t enc_key_size) {
1251 tBTM_SEC_DEV_REC* p_rec;
1252
1253 BTM_TRACE_DEBUG("btm_ble_update_sec_key_size enc_key_size = %d",
1254 enc_key_size);
1255
1256 p_rec = btm_find_dev(bd_addr);
1257 if (p_rec != NULL) {
1258 p_rec->enc_key_size = enc_key_size;
1259 }
1260 }
1261
1262 /*******************************************************************************
1263 *
1264 * Function btm_ble_read_sec_key_size
1265 *
1266 * Description update the current lin kencryption key size
1267 *
1268 * Returns void
1269 *
1270 ******************************************************************************/
btm_ble_read_sec_key_size(const RawAddress & bd_addr)1271 uint8_t btm_ble_read_sec_key_size(const RawAddress& bd_addr) {
1272 tBTM_SEC_DEV_REC* p_rec;
1273
1274 p_rec = btm_find_dev(bd_addr);
1275 if (p_rec != NULL) {
1276 return p_rec->enc_key_size;
1277 } else
1278 return 0;
1279 }
1280
1281 /*******************************************************************************
1282 *
1283 * Function btm_ble_link_sec_check
1284 *
1285 * Description Check BLE link security level match.
1286 *
1287 * Returns true: check is OK and the *p_sec_req_act contain the action
1288 *
1289 ******************************************************************************/
btm_ble_link_sec_check(const RawAddress & bd_addr,tBTM_LE_AUTH_REQ auth_req,tBTM_BLE_SEC_REQ_ACT * p_sec_req_act)1290 void btm_ble_link_sec_check(const RawAddress& bd_addr,
1291 tBTM_LE_AUTH_REQ auth_req,
1292 tBTM_BLE_SEC_REQ_ACT* p_sec_req_act) {
1293 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bd_addr);
1294 uint8_t req_sec_level = BTM_LE_SEC_NONE, cur_sec_level = BTM_LE_SEC_NONE;
1295
1296 BTM_TRACE_DEBUG("btm_ble_link_sec_check auth_req =0x%x", auth_req);
1297
1298 if (p_dev_rec == NULL) {
1299 BTM_TRACE_ERROR("btm_ble_link_sec_check received for unknown device");
1300 return;
1301 }
1302
1303 if (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING ||
1304 p_dev_rec->sec_state == BTM_SEC_STATE_AUTHENTICATING) {
1305 /* race condition: discard the security request while central is encrypting
1306 * the link */
1307 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_DISCARD;
1308 } else {
1309 req_sec_level = BTM_LE_SEC_UNAUTHENTICATE;
1310 if (auth_req & BTM_LE_AUTH_REQ_MITM) {
1311 req_sec_level = BTM_LE_SEC_AUTHENTICATED;
1312 }
1313
1314 BTM_TRACE_DEBUG("dev_rec sec_flags=0x%x", p_dev_rec->sec_flags);
1315
1316 /* currently encrpted */
1317 if (p_dev_rec->sec_flags & BTM_SEC_LE_ENCRYPTED) {
1318 if (p_dev_rec->sec_flags & BTM_SEC_LE_AUTHENTICATED)
1319 cur_sec_level = BTM_LE_SEC_AUTHENTICATED;
1320 else
1321 cur_sec_level = BTM_LE_SEC_UNAUTHENTICATE;
1322 } else /* unencrypted link */
1323 {
1324 /* if bonded, get the key security level */
1325 if (p_dev_rec->ble.key_type & BTM_LE_KEY_PENC)
1326 cur_sec_level = p_dev_rec->ble.keys.sec_level;
1327 else
1328 cur_sec_level = BTM_LE_SEC_NONE;
1329 }
1330
1331 if (cur_sec_level >= req_sec_level) {
1332 /* To avoid re-encryption on an encrypted link for an equal condition
1333 * encryption */
1334 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_ENCRYPT;
1335 } else {
1336 /* start the pariring process to upgrade the keys*/
1337 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_PAIR;
1338 }
1339 }
1340
1341 BTM_TRACE_DEBUG("cur_sec_level=%d req_sec_level=%d sec_req_act=%d",
1342 cur_sec_level, req_sec_level, *p_sec_req_act);
1343 }
1344
1345 /*******************************************************************************
1346 *
1347 * Function btm_ble_set_encryption
1348 *
1349 * Description This function is called to ensure that LE connection is
1350 * encrypted. Should be called only on an open connection.
1351 * Typically only needed for connections that first want to
1352 * bring up unencrypted links, then later encrypt them.
1353 *
1354 * Returns void
1355 * the local device ER is copied into er
1356 *
1357 ******************************************************************************/
btm_ble_set_encryption(const RawAddress & bd_addr,tBTM_BLE_SEC_ACT sec_act,uint8_t link_role)1358 tBTM_STATUS btm_ble_set_encryption(const RawAddress& bd_addr,
1359 tBTM_BLE_SEC_ACT sec_act,
1360 uint8_t link_role) {
1361 tBTM_STATUS cmd = BTM_NO_RESOURCES;
1362 tBTM_SEC_DEV_REC* p_rec = btm_find_dev(bd_addr);
1363 tBTM_BLE_SEC_REQ_ACT sec_req_act;
1364 tBTM_LE_AUTH_REQ auth_req;
1365
1366 if (p_rec == NULL) {
1367 BTM_TRACE_WARNING(
1368 "btm_ble_set_encryption (NULL device record!! sec_act=0x%x", sec_act);
1369 return (BTM_WRONG_MODE);
1370 }
1371
1372 BTM_TRACE_DEBUG("btm_ble_set_encryption sec_act=0x%x role_central=%d",
1373 sec_act, p_rec->role_central);
1374
1375 if (sec_act == BTM_BLE_SEC_ENCRYPT_MITM) {
1376 p_rec->security_required |= BTM_SEC_IN_MITM;
1377 }
1378
1379 switch (sec_act) {
1380 case BTM_BLE_SEC_ENCRYPT:
1381 if (link_role == HCI_ROLE_CENTRAL) {
1382 /* start link layer encryption using the security info stored */
1383 cmd = btm_ble_start_encrypt(bd_addr, false, NULL);
1384 break;
1385 }
1386 /* if salve role then fall through to call SMP_Pair below which will send
1387 a sec_request to request the central to encrypt the link */
1388 FALLTHROUGH_INTENDED; /* FALLTHROUGH */
1389 case BTM_BLE_SEC_ENCRYPT_NO_MITM:
1390 case BTM_BLE_SEC_ENCRYPT_MITM:
1391 auth_req = (sec_act == BTM_BLE_SEC_ENCRYPT_NO_MITM)
1392 ? SMP_AUTH_BOND
1393 : (SMP_AUTH_BOND | SMP_AUTH_YN_BIT);
1394 btm_ble_link_sec_check(bd_addr, auth_req, &sec_req_act);
1395 if (sec_req_act == BTM_BLE_SEC_REQ_ACT_NONE ||
1396 sec_req_act == BTM_BLE_SEC_REQ_ACT_DISCARD) {
1397 BTM_TRACE_DEBUG("%s, no action needed. Ignore", __func__);
1398 cmd = BTM_SUCCESS;
1399 break;
1400 }
1401 if (link_role == HCI_ROLE_CENTRAL) {
1402 if (sec_req_act == BTM_BLE_SEC_REQ_ACT_ENCRYPT) {
1403 cmd = btm_ble_start_encrypt(bd_addr, false, NULL);
1404 break;
1405 }
1406 }
1407
1408 if (SMP_Pair(bd_addr) == SMP_STARTED) {
1409 cmd = BTM_CMD_STARTED;
1410 p_rec->sec_state = BTM_SEC_STATE_AUTHENTICATING;
1411 }
1412 break;
1413
1414 default:
1415 cmd = BTM_WRONG_MODE;
1416 break;
1417 }
1418 return cmd;
1419 }
1420
1421 /*******************************************************************************
1422 *
1423 * Function btm_ble_ltk_request
1424 *
1425 * Description This function is called when encryption request is received
1426 * on a peripheral device.
1427 *
1428 *
1429 * Returns void
1430 *
1431 ******************************************************************************/
btm_ble_ltk_request(uint16_t handle,uint8_t rand[8],uint16_t ediv)1432 void btm_ble_ltk_request(uint16_t handle, uint8_t rand[8], uint16_t ediv) {
1433 tBTM_CB* p_cb = &btm_cb;
1434 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev_by_handle(handle);
1435
1436 BTM_TRACE_DEBUG("btm_ble_ltk_request");
1437
1438 p_cb->ediv = ediv;
1439
1440 memcpy(p_cb->enc_rand, rand, BT_OCTET8_LEN);
1441
1442 if (p_dev_rec != NULL) {
1443 if (!smp_proc_ltk_request(p_dev_rec->bd_addr)) {
1444 btm_ble_ltk_request_reply(p_dev_rec->bd_addr, false, Octet16{0});
1445 }
1446 }
1447 }
1448
1449 /** This function is called to start LE encryption.
1450 * Returns BTM_SUCCESS if encryption was started successfully
1451 */
btm_ble_start_encrypt(const RawAddress & bda,bool use_stk,Octet16 * p_stk)1452 tBTM_STATUS btm_ble_start_encrypt(const RawAddress& bda, bool use_stk,
1453 Octet16* p_stk) {
1454 tBTM_CB* p_cb = &btm_cb;
1455 tBTM_SEC_DEV_REC* p_rec = btm_find_dev(bda);
1456 BT_OCTET8 dummy_rand = {0};
1457
1458 BTM_TRACE_DEBUG("btm_ble_start_encrypt");
1459
1460 if (!p_rec) {
1461 BTM_TRACE_ERROR("Link is not active, can not encrypt!");
1462 return BTM_WRONG_MODE;
1463 }
1464
1465 if (p_rec->sec_state == BTM_SEC_STATE_ENCRYPTING) {
1466 BTM_TRACE_WARNING("Link Encryption is active, Busy!");
1467 return BTM_BUSY;
1468 }
1469
1470 p_cb->enc_handle = p_rec->ble_hci_handle;
1471
1472 if (use_stk) {
1473 btsnd_hcic_ble_start_enc(p_rec->ble_hci_handle, dummy_rand, 0, *p_stk);
1474 } else if (p_rec->ble.key_type & BTM_LE_KEY_PENC) {
1475 btsnd_hcic_ble_start_enc(p_rec->ble_hci_handle, p_rec->ble.keys.rand,
1476 p_rec->ble.keys.ediv, p_rec->ble.keys.pltk);
1477 } else {
1478 BTM_TRACE_ERROR("No key available to encrypt the link");
1479 return BTM_NO_RESOURCES;
1480 }
1481
1482 if (p_rec->sec_state == BTM_SEC_STATE_IDLE)
1483 p_rec->sec_state = BTM_SEC_STATE_ENCRYPTING;
1484
1485 return BTM_CMD_STARTED;
1486 }
1487
1488 /*******************************************************************************
1489 *
1490 * Function btm_ble_link_encrypted
1491 *
1492 * Description This function is called when LE link encrption status is
1493 * changed.
1494 *
1495 * Returns void
1496 *
1497 ******************************************************************************/
btm_ble_link_encrypted(const RawAddress & bd_addr,uint8_t encr_enable)1498 void btm_ble_link_encrypted(const RawAddress& bd_addr, uint8_t encr_enable) {
1499 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bd_addr);
1500 bool enc_cback;
1501
1502 if (!p_dev_rec) {
1503 BTM_TRACE_WARNING(
1504 "btm_ble_link_encrypted (No Device Found!) encr_enable=%d",
1505 encr_enable);
1506 return;
1507 }
1508
1509 BTM_TRACE_DEBUG("btm_ble_link_encrypted encr_enable=%d", encr_enable);
1510
1511 enc_cback = (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING);
1512
1513 smp_link_encrypted(bd_addr, encr_enable);
1514
1515 BTM_TRACE_DEBUG(" p_dev_rec->sec_flags=0x%x", p_dev_rec->sec_flags);
1516
1517 if (encr_enable && p_dev_rec->enc_key_size == 0)
1518 p_dev_rec->enc_key_size = p_dev_rec->ble.keys.key_size;
1519
1520 p_dev_rec->sec_state = BTM_SEC_STATE_IDLE;
1521 if (p_dev_rec->p_callback && enc_cback) {
1522 if (encr_enable)
1523 btm_sec_dev_rec_cback_event(p_dev_rec, BTM_SUCCESS, true);
1524 else if (p_dev_rec->sec_flags & ~BTM_SEC_LE_LINK_KEY_KNOWN) {
1525 btm_sec_dev_rec_cback_event(p_dev_rec, BTM_FAILED_ON_SECURITY, true);
1526 } else if (p_dev_rec->role_central)
1527 btm_sec_dev_rec_cback_event(p_dev_rec, BTM_ERR_PROCESSING, true);
1528 }
1529 /* to notify GATT to send data if any request is pending */
1530 gatt_notify_enc_cmpl(p_dev_rec->ble.pseudo_addr);
1531 }
1532
1533 /*******************************************************************************
1534 *
1535 * Function btm_ble_ltk_request_reply
1536 *
1537 * Description This function is called to send a LTK request reply on a
1538 * peripheral
1539 * device.
1540 *
1541 * Returns void
1542 *
1543 ******************************************************************************/
btm_ble_ltk_request_reply(const RawAddress & bda,bool use_stk,const Octet16 & stk)1544 void btm_ble_ltk_request_reply(const RawAddress& bda, bool use_stk,
1545 const Octet16& stk) {
1546 tBTM_SEC_DEV_REC* p_rec = btm_find_dev(bda);
1547 tBTM_CB* p_cb = &btm_cb;
1548
1549 if (p_rec == NULL) {
1550 BTM_TRACE_ERROR("btm_ble_ltk_request_reply received for unknown device");
1551 return;
1552 }
1553
1554 BTM_TRACE_DEBUG("btm_ble_ltk_request_reply");
1555 p_cb->enc_handle = p_rec->ble_hci_handle;
1556 p_cb->key_size = p_rec->ble.keys.key_size;
1557
1558 BTM_TRACE_ERROR("key size = %d", p_rec->ble.keys.key_size);
1559 if (use_stk) {
1560 btsnd_hcic_ble_ltk_req_reply(btm_cb.enc_handle, stk);
1561 } else /* calculate LTK using peer device */
1562 {
1563 if (p_rec->ble.key_type & BTM_LE_KEY_LENC)
1564 btsnd_hcic_ble_ltk_req_reply(btm_cb.enc_handle, p_rec->ble.keys.lltk);
1565 else
1566 btsnd_hcic_ble_ltk_req_neg_reply(btm_cb.enc_handle);
1567 }
1568 }
1569
1570 /*******************************************************************************
1571 *
1572 * Function btm_ble_io_capabilities_req
1573 *
1574 * Description This function is called to handle SMP get IO capability
1575 * request.
1576 *
1577 * Returns void
1578 *
1579 ******************************************************************************/
btm_ble_io_capabilities_req(tBTM_SEC_DEV_REC * p_dev_rec,tBTM_LE_IO_REQ * p_data)1580 uint8_t btm_ble_io_capabilities_req(tBTM_SEC_DEV_REC* p_dev_rec,
1581 tBTM_LE_IO_REQ* p_data) {
1582 uint8_t callback_rc = BTM_SUCCESS;
1583 BTM_TRACE_DEBUG("btm_ble_io_capabilities_req");
1584 if (btm_cb.api.p_le_callback) {
1585 /* the callback function implementation may change the IO capability... */
1586 callback_rc = (*btm_cb.api.p_le_callback)(
1587 BTM_LE_IO_REQ_EVT, p_dev_rec->bd_addr, (tBTM_LE_EVT_DATA*)p_data);
1588 }
1589 if ((callback_rc == BTM_SUCCESS) || (BTM_OOB_UNKNOWN != p_data->oob_data)) {
1590 #if (BTM_BLE_CONFORMANCE_TESTING == TRUE)
1591 if (btm_cb.devcb.keep_rfu_in_auth_req) {
1592 BTM_TRACE_DEBUG("btm_ble_io_capabilities_req keep_rfu_in_auth_req = %u",
1593 btm_cb.devcb.keep_rfu_in_auth_req);
1594 p_data->auth_req &= BTM_LE_AUTH_REQ_MASK_KEEP_RFU;
1595 btm_cb.devcb.keep_rfu_in_auth_req = false;
1596 } else { /* default */
1597 p_data->auth_req &= BTM_LE_AUTH_REQ_MASK;
1598 }
1599 #else
1600 p_data->auth_req &= BTM_LE_AUTH_REQ_MASK;
1601 #endif
1602
1603 BTM_TRACE_DEBUG(
1604 "btm_ble_io_capabilities_req 1: p_dev_rec->security_required = %d "
1605 "auth_req:%d",
1606 p_dev_rec->security_required, p_data->auth_req);
1607 BTM_TRACE_DEBUG(
1608 "btm_ble_io_capabilities_req 2: i_keys=0x%x r_keys=0x%x (bit 0-LTK "
1609 "1-IRK 2-CSRK)",
1610 p_data->init_keys, p_data->resp_keys);
1611
1612 /* if authentication requires MITM protection, put on the mask */
1613 if (p_dev_rec->security_required & BTM_SEC_IN_MITM)
1614 p_data->auth_req |= BTM_LE_AUTH_REQ_MITM;
1615
1616 if (!(p_data->auth_req & SMP_AUTH_BOND)) {
1617 BTM_TRACE_DEBUG("Non bonding: No keys should be exchanged");
1618 p_data->init_keys = 0;
1619 p_data->resp_keys = 0;
1620 }
1621
1622 BTM_TRACE_DEBUG("btm_ble_io_capabilities_req 3: auth_req:%d",
1623 p_data->auth_req);
1624 BTM_TRACE_DEBUG("btm_ble_io_capabilities_req 4: i_keys=0x%x r_keys=0x%x",
1625 p_data->init_keys, p_data->resp_keys);
1626
1627 BTM_TRACE_DEBUG(
1628 "btm_ble_io_capabilities_req 5: p_data->io_cap = %d auth_req:%d",
1629 p_data->io_cap, p_data->auth_req);
1630
1631 /* remove MITM protection requirement if IO cap does not allow it */
1632 if ((p_data->io_cap == BTM_IO_CAP_NONE) && p_data->oob_data == SMP_OOB_NONE)
1633 p_data->auth_req &= ~BTM_LE_AUTH_REQ_MITM;
1634
1635 if (!(p_data->auth_req & SMP_SC_SUPPORT_BIT)) {
1636 /* if Secure Connections are not supported then remove LK derivation,
1637 ** and keypress notifications.
1638 */
1639 BTM_TRACE_DEBUG(
1640 "%s-SC not supported -> No LK derivation, no keypress notifications",
1641 __func__);
1642 p_data->auth_req &= ~SMP_KP_SUPPORT_BIT;
1643 p_data->init_keys &= ~SMP_SEC_KEY_TYPE_LK;
1644 p_data->resp_keys &= ~SMP_SEC_KEY_TYPE_LK;
1645 }
1646
1647 BTM_TRACE_DEBUG(
1648 "btm_ble_io_capabilities_req 6: IO_CAP:%d oob_data:%d auth_req:0x%02x",
1649 p_data->io_cap, p_data->oob_data, p_data->auth_req);
1650 }
1651 return callback_rc;
1652 }
1653
1654 /*******************************************************************************
1655 *
1656 * Function btm_ble_br_keys_req
1657 *
1658 * Description This function is called to handle SMP request for keys sent
1659 * over BR/EDR.
1660 *
1661 * Returns void
1662 *
1663 ******************************************************************************/
btm_ble_br_keys_req(tBTM_SEC_DEV_REC * p_dev_rec,tBTM_LE_IO_REQ * p_data)1664 uint8_t btm_ble_br_keys_req(tBTM_SEC_DEV_REC* p_dev_rec,
1665 tBTM_LE_IO_REQ* p_data) {
1666 uint8_t callback_rc = BTM_SUCCESS;
1667 BTM_TRACE_DEBUG("%s", __func__);
1668 if (btm_cb.api.p_le_callback) {
1669 /* the callback function implementation may change the IO capability... */
1670 callback_rc = (*btm_cb.api.p_le_callback)(
1671 BTM_LE_IO_REQ_EVT, p_dev_rec->bd_addr, (tBTM_LE_EVT_DATA*)p_data);
1672 }
1673
1674 return callback_rc;
1675 }
1676
1677 /*******************************************************************************
1678 *
1679 * Function btm_ble_connected
1680 *
1681 * Description This function is when a LE connection to the peer device is
1682 * establsihed
1683 *
1684 * Returns void
1685 *
1686 ******************************************************************************/
btm_ble_connected(const RawAddress & bda,uint16_t handle,uint8_t enc_mode,uint8_t role,tBLE_ADDR_TYPE addr_type,bool addr_matched)1687 void btm_ble_connected(const RawAddress& bda, uint16_t handle, uint8_t enc_mode,
1688 uint8_t role, tBLE_ADDR_TYPE addr_type,
1689 bool addr_matched) {
1690 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bda);
1691 if (!p_dev_rec) {
1692 LOG_INFO("Creating new device record for new ble connection");
1693 p_dev_rec = btm_sec_alloc_dev(bda);
1694 if (p_dev_rec == nullptr) {
1695 LOG_WARN("Unable to create device record for new ble connection");
1696 return;
1697 }
1698 } else {
1699 LOG_INFO("Updating device record timestamp for existing ble connection");
1700 // TODO() Why is timestamp a counter ?
1701 p_dev_rec->timestamp = btm_cb.dev_rec_count++;
1702 }
1703
1704 p_dev_rec->ble.ble_addr_type = addr_type;
1705 p_dev_rec->ble.pseudo_addr = bda;
1706 p_dev_rec->ble_hci_handle = handle;
1707 p_dev_rec->device_type |= BT_DEVICE_TYPE_BLE;
1708 p_dev_rec->role_central = (role == HCI_ROLE_CENTRAL) ? true : false;
1709
1710 if (!addr_matched) {
1711 p_dev_rec->ble.active_addr_type = tBTM_SEC_BLE::BTM_BLE_ADDR_PSEUDO;
1712 if (p_dev_rec->ble.ble_addr_type == BLE_ADDR_RANDOM) {
1713 p_dev_rec->ble.cur_rand_addr = bda;
1714 }
1715 }
1716 btm_cb.ble_ctr_cb.inq_var.directed_conn = BTM_BLE_ADV_IND_EVT;
1717 }
1718
btm_ble_connected_from_address_with_type(const tBLE_BD_ADDR & address_with_type,uint16_t handle,uint8_t enc_mode,uint8_t role,bool addr_matched)1719 void btm_ble_connected_from_address_with_type(
1720 const tBLE_BD_ADDR& address_with_type, uint16_t handle, uint8_t enc_mode,
1721 uint8_t role, bool addr_matched) {
1722 btm_ble_connected(address_with_type.bda, handle, enc_mode, role,
1723 address_with_type.type, addr_matched);
1724 }
1725
1726 /*****************************************************************************
1727 * Function btm_proc_smp_cback
1728 *
1729 * Description This function is the SMP callback handler.
1730 *
1731 *****************************************************************************/
btm_proc_smp_cback(tSMP_EVT event,const RawAddress & bd_addr,tSMP_EVT_DATA * p_data)1732 tBTM_STATUS btm_proc_smp_cback(tSMP_EVT event, const RawAddress& bd_addr,
1733 tSMP_EVT_DATA* p_data) {
1734 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bd_addr);
1735 tBTM_STATUS res = BTM_SUCCESS;
1736
1737 BTM_TRACE_DEBUG("btm_proc_smp_cback event = %d", event);
1738
1739 if (p_dev_rec != NULL) {
1740 switch (event) {
1741 case SMP_IO_CAP_REQ_EVT:
1742 btm_ble_io_capabilities_req(p_dev_rec,
1743 (tBTM_LE_IO_REQ*)&p_data->io_req);
1744 break;
1745
1746 case SMP_BR_KEYS_REQ_EVT:
1747 btm_ble_br_keys_req(p_dev_rec, (tBTM_LE_IO_REQ*)&p_data->io_req);
1748 break;
1749
1750 case SMP_PASSKEY_REQ_EVT:
1751 case SMP_PASSKEY_NOTIF_EVT:
1752 case SMP_OOB_REQ_EVT:
1753 case SMP_NC_REQ_EVT:
1754 case SMP_SC_OOB_REQ_EVT:
1755 p_dev_rec->sec_flags |= BTM_SEC_LE_AUTHENTICATED;
1756 FALLTHROUGH_INTENDED; /* FALLTHROUGH */
1757
1758 case SMP_CONSENT_REQ_EVT:
1759 case SMP_SEC_REQUEST_EVT:
1760 if (event == SMP_SEC_REQUEST_EVT &&
1761 btm_cb.pairing_state != BTM_PAIR_STATE_IDLE) {
1762 BTM_TRACE_DEBUG("%s: Ignoring SMP Security request", __func__);
1763 break;
1764 }
1765 btm_cb.pairing_bda = bd_addr;
1766 if (event != SMP_CONSENT_REQ_EVT) {
1767 p_dev_rec->sec_state = BTM_SEC_STATE_AUTHENTICATING;
1768 }
1769 btm_cb.pairing_flags |= BTM_PAIR_FLAGS_LE_ACTIVE;
1770 FALLTHROUGH_INTENDED; /* FALLTHROUGH */
1771
1772 case SMP_COMPLT_EVT:
1773 if (btm_cb.api.p_le_callback) {
1774 /* the callback function implementation may change the IO
1775 * capability... */
1776 BTM_TRACE_DEBUG("btm_cb.api.p_le_callback=0x%x",
1777 btm_cb.api.p_le_callback);
1778 (*btm_cb.api.p_le_callback)(event, bd_addr,
1779 (tBTM_LE_EVT_DATA*)p_data);
1780 }
1781
1782 if (event == SMP_COMPLT_EVT) {
1783 p_dev_rec = btm_find_dev(bd_addr);
1784 if (p_dev_rec == NULL) {
1785 BTM_TRACE_ERROR("%s: p_dev_rec is NULL", __func__);
1786 android_errorWriteLog(0x534e4554, "120612744");
1787 return BTM_SUCCESS;
1788 }
1789 BTM_TRACE_DEBUG(
1790 "evt=SMP_COMPLT_EVT before update sec_level=0x%x sec_flags=0x%x",
1791 p_data->cmplt.sec_level, p_dev_rec->sec_flags);
1792
1793 res = (p_data->cmplt.reason == SMP_SUCCESS) ? BTM_SUCCESS
1794 : BTM_ERR_PROCESSING;
1795
1796 BTM_TRACE_DEBUG(
1797 "after update result=%d sec_level=0x%x sec_flags=0x%x", res,
1798 p_data->cmplt.sec_level, p_dev_rec->sec_flags);
1799
1800 if (p_data->cmplt.is_pair_cancel &&
1801 btm_cb.api.p_bond_cancel_cmpl_callback) {
1802 BTM_TRACE_DEBUG("Pairing Cancel completed");
1803 (*btm_cb.api.p_bond_cancel_cmpl_callback)(BTM_SUCCESS);
1804 }
1805 #if (BTM_BLE_CONFORMANCE_TESTING == TRUE)
1806 if (res != BTM_SUCCESS) {
1807 if (!btm_cb.devcb.no_disc_if_pair_fail &&
1808 p_data->cmplt.reason != SMP_CONN_TOUT) {
1809 BTM_TRACE_DEBUG("Pairing failed - prepare to remove ACL");
1810 l2cu_start_post_bond_timer(p_dev_rec->ble_hci_handle);
1811 } else {
1812 BTM_TRACE_DEBUG("Pairing failed - Not Removing ACL");
1813 p_dev_rec->sec_state = BTM_SEC_STATE_IDLE;
1814 }
1815 }
1816 #else
1817 if (res != BTM_SUCCESS && p_data->cmplt.reason != SMP_CONN_TOUT) {
1818 BTM_TRACE_DEBUG("Pairing failed - prepare to remove ACL");
1819 l2cu_start_post_bond_timer(p_dev_rec->ble_hci_handle);
1820 }
1821 #endif
1822
1823 BTM_TRACE_DEBUG(
1824 "btm_cb pairing_state=%x pairing_flags=%x pin_code_len=%x",
1825 btm_cb.pairing_state, btm_cb.pairing_flags, btm_cb.pin_code_len);
1826 VLOG(1) << "btm_cb.pairing_bda: " << btm_cb.pairing_bda;
1827
1828 /* Reset btm state only if the callback address matches pairing
1829 * address*/
1830 if (bd_addr == btm_cb.pairing_bda) {
1831 btm_cb.pairing_bda = RawAddress::kAny;
1832 btm_cb.pairing_state = BTM_PAIR_STATE_IDLE;
1833 btm_cb.pairing_flags = 0;
1834 }
1835
1836 if (res == BTM_SUCCESS) {
1837 p_dev_rec->sec_state = BTM_SEC_STATE_IDLE;
1838 /* add all bonded device into resolving list if IRK is available*/
1839 btm_ble_resolving_list_load_dev(p_dev_rec);
1840 }
1841
1842 btm_sec_dev_rec_cback_event(p_dev_rec, res, true);
1843 }
1844 break;
1845
1846 default:
1847 BTM_TRACE_DEBUG("unknown event = %d", event);
1848 break;
1849 }
1850 } else {
1851 // If we are being paired with via OOB we haven't created a dev rec for
1852 // the device yet
1853 if (event == SMP_SC_LOC_OOB_DATA_UP_EVT) {
1854 btm_sec_cr_loc_oob_data_cback_event(bd_addr, p_data->loc_oob_data);
1855 } else {
1856 LOG_WARN("Unexpected event '%d' without p_dev_rec", event);
1857 }
1858 }
1859
1860 return BTM_SUCCESS;
1861 }
1862
1863 /*******************************************************************************
1864 *
1865 * Function BTM_BleDataSignature
1866 *
1867 * Description This function is called to sign the data using AES128 CMAC
1868 * algorith.
1869 *
1870 * Parameter bd_addr: target device the data to be signed for.
1871 * p_text: singing data
1872 * len: length of the data to be signed.
1873 * signature: output parameter where data signature is going to
1874 * be stored.
1875 *
1876 * Returns true if signing sucessul, otherwise false.
1877 *
1878 ******************************************************************************/
BTM_BleDataSignature(const RawAddress & bd_addr,uint8_t * p_text,uint16_t len,BLE_SIGNATURE signature)1879 bool BTM_BleDataSignature(const RawAddress& bd_addr, uint8_t* p_text,
1880 uint16_t len, BLE_SIGNATURE signature) {
1881 if (bluetooth::shim::is_gd_shim_enabled()) {
1882 return bluetooth::shim::BTM_BleDataSignature(bd_addr, p_text, len,
1883 signature);
1884 }
1885 tBTM_SEC_DEV_REC* p_rec = btm_find_dev(bd_addr);
1886
1887 BTM_TRACE_DEBUG("%s", __func__);
1888 if (p_rec == NULL) {
1889 BTM_TRACE_ERROR("%s-data signing can not be done from unknown device",
1890 __func__);
1891 return false;
1892 }
1893
1894 uint8_t* p_mac = (uint8_t*)signature;
1895 uint8_t* pp;
1896 uint8_t* p_buf = (uint8_t*)osi_malloc(len + 4);
1897
1898 BTM_TRACE_DEBUG("%s-Start to generate Local CSRK", __func__);
1899 pp = p_buf;
1900 /* prepare plain text */
1901 if (p_text) {
1902 memcpy(p_buf, p_text, len);
1903 pp = (p_buf + len);
1904 }
1905
1906 UINT32_TO_STREAM(pp, p_rec->ble.keys.local_counter);
1907 UINT32_TO_STREAM(p_mac, p_rec->ble.keys.local_counter);
1908
1909 crypto_toolbox::aes_cmac(p_rec->ble.keys.lcsrk, p_buf, (uint16_t)(len + 4),
1910 BTM_CMAC_TLEN_SIZE, p_mac);
1911 btm_ble_increment_sign_ctr(bd_addr, true);
1912
1913 BTM_TRACE_DEBUG("%s p_mac = %d", __func__, p_mac);
1914 BTM_TRACE_DEBUG(
1915 "p_mac[0] = 0x%02x p_mac[1] = 0x%02x p_mac[2] = 0x%02x p_mac[3] = "
1916 "0x%02x",
1917 *p_mac, *(p_mac + 1), *(p_mac + 2), *(p_mac + 3));
1918 BTM_TRACE_DEBUG(
1919 "p_mac[4] = 0x%02x p_mac[5] = 0x%02x p_mac[6] = 0x%02x p_mac[7] = "
1920 "0x%02x",
1921 *(p_mac + 4), *(p_mac + 5), *(p_mac + 6), *(p_mac + 7));
1922 osi_free(p_buf);
1923 return true;
1924 }
1925
1926 /*******************************************************************************
1927 *
1928 * Function BTM_BleVerifySignature
1929 *
1930 * Description This function is called to verify the data signature
1931 *
1932 * Parameter bd_addr: target device the data to be signed for.
1933 * p_orig: original data before signature.
1934 * len: length of the signing data
1935 * counter: counter used when doing data signing
1936 * p_comp: signature to be compared against.
1937
1938 * Returns true if signature verified correctly; otherwise false.
1939 *
1940 ******************************************************************************/
BTM_BleVerifySignature(const RawAddress & bd_addr,uint8_t * p_orig,uint16_t len,uint32_t counter,uint8_t * p_comp)1941 bool BTM_BleVerifySignature(const RawAddress& bd_addr, uint8_t* p_orig,
1942 uint16_t len, uint32_t counter, uint8_t* p_comp) {
1943 if (bluetooth::shim::is_gd_shim_enabled()) {
1944 return bluetooth::shim::BTM_BleVerifySignature(bd_addr, p_orig, len,
1945 counter, p_comp);
1946 }
1947 bool verified = false;
1948 tBTM_SEC_DEV_REC* p_rec = btm_find_dev(bd_addr);
1949 uint8_t p_mac[BTM_CMAC_TLEN_SIZE];
1950
1951 if (p_rec == NULL || (p_rec && !(p_rec->ble.key_type & BTM_LE_KEY_PCSRK))) {
1952 BTM_TRACE_ERROR("can not verify signature for unknown device");
1953 } else if (counter < p_rec->ble.keys.counter) {
1954 BTM_TRACE_ERROR("signature received with out dated sign counter");
1955 } else if (p_orig == NULL) {
1956 BTM_TRACE_ERROR("No signature to verify");
1957 } else {
1958 BTM_TRACE_DEBUG("%s rcv_cnt=%d >= expected_cnt=%d", __func__, counter,
1959 p_rec->ble.keys.counter);
1960
1961 crypto_toolbox::aes_cmac(p_rec->ble.keys.pcsrk, p_orig, len,
1962 BTM_CMAC_TLEN_SIZE, p_mac);
1963 if (memcmp(p_mac, p_comp, BTM_CMAC_TLEN_SIZE) == 0) {
1964 btm_ble_increment_sign_ctr(bd_addr, false);
1965 verified = true;
1966 }
1967 }
1968 return verified;
1969 }
1970
1971 /*******************************************************************************
1972 * Utility functions for LE device IR/ER generation
1973 ******************************************************************************/
1974 /** This function is to notify application new keys have been generated. */
btm_notify_new_key(uint8_t key_type)1975 static void btm_notify_new_key(uint8_t key_type) {
1976 tBTM_BLE_LOCAL_KEYS* p_local_keys = NULL;
1977
1978 BTM_TRACE_DEBUG("btm_notify_new_key key_type=%d", key_type);
1979
1980 if (btm_cb.api.p_le_key_callback) {
1981 switch (key_type) {
1982 case BTM_BLE_KEY_TYPE_ID:
1983 BTM_TRACE_DEBUG("BTM_BLE_KEY_TYPE_ID");
1984 p_local_keys = (tBTM_BLE_LOCAL_KEYS*)&btm_cb.devcb.id_keys;
1985 break;
1986
1987 case BTM_BLE_KEY_TYPE_ER:
1988 BTM_TRACE_DEBUG("BTM_BLE_KEY_TYPE_ER");
1989 p_local_keys =
1990 (tBTM_BLE_LOCAL_KEYS*)&btm_cb.devcb.ble_encryption_key_value;
1991 break;
1992
1993 default:
1994 BTM_TRACE_ERROR("unknown key type: %d", key_type);
1995 break;
1996 }
1997 if (p_local_keys != NULL)
1998 (*btm_cb.api.p_le_key_callback)(key_type, p_local_keys);
1999 }
2000 }
2001
2002 /** implementation of btm_ble_reset_id */
btm_ble_reset_id_impl(const Octet16 & rand1,const Octet16 & rand2)2003 static void btm_ble_reset_id_impl(const Octet16& rand1, const Octet16& rand2) {
2004 /* Regenerate Identity Root */
2005 btm_cb.devcb.id_keys.ir = rand1;
2006 uint8_t btm_ble_dhk_pt = 0x03;
2007
2008 /* generate DHK= Eir({0x03, 0x00, 0x00 ...}) */
2009 btm_cb.devcb.id_keys.dhk =
2010 crypto_toolbox::aes_128(btm_cb.devcb.id_keys.ir, &btm_ble_dhk_pt, 1);
2011
2012 uint8_t btm_ble_irk_pt = 0x01;
2013 /* IRK = D1(IR, 1) */
2014 btm_cb.devcb.id_keys.irk =
2015 crypto_toolbox::aes_128(btm_cb.devcb.id_keys.ir, &btm_ble_irk_pt, 1);
2016
2017 btm_notify_new_key(BTM_BLE_KEY_TYPE_ID);
2018
2019 /* if privacy is enabled, new RPA should be calculated */
2020 if (btm_cb.ble_ctr_cb.privacy_mode != BTM_PRIVACY_NONE) {
2021 btm_gen_resolvable_private_addr(base::Bind(&btm_gen_resolve_paddr_low));
2022 }
2023
2024 /* proceed generate ER */
2025 btm_cb.devcb.ble_encryption_key_value = rand2;
2026 btm_notify_new_key(BTM_BLE_KEY_TYPE_ER);
2027 }
2028
2029 struct reset_id_data {
2030 Octet16 rand1;
2031 Octet16 rand2;
2032 };
2033
2034 /** This function is called to reset LE device identity. */
btm_ble_reset_id(void)2035 void btm_ble_reset_id(void) {
2036 BTM_TRACE_DEBUG("btm_ble_reset_id");
2037
2038 /* In order to reset identity, we need four random numbers. Make four nested
2039 * calls to generate them first, then proceed to perform the actual reset in
2040 * btm_ble_reset_id_impl. */
2041 btsnd_hcic_ble_rand(base::Bind([](BT_OCTET8 rand) {
2042 reset_id_data tmp;
2043 memcpy(tmp.rand1.data(), rand, BT_OCTET8_LEN);
2044 btsnd_hcic_ble_rand(base::Bind(
2045 [](reset_id_data tmp, BT_OCTET8 rand) {
2046 memcpy(tmp.rand1.data() + 8, rand, BT_OCTET8_LEN);
2047 btsnd_hcic_ble_rand(base::Bind(
2048 [](reset_id_data tmp, BT_OCTET8 rand) {
2049 memcpy(tmp.rand2.data(), rand, BT_OCTET8_LEN);
2050 btsnd_hcic_ble_rand(base::Bind(
2051 [](reset_id_data tmp, BT_OCTET8 rand) {
2052 memcpy(tmp.rand2.data() + 8, rand, BT_OCTET8_LEN);
2053 // when all random numbers are ready, do the actual reset.
2054 btm_ble_reset_id_impl(tmp.rand1, tmp.rand2);
2055 },
2056 tmp));
2057 },
2058 tmp));
2059 },
2060 tmp));
2061 }));
2062 }
2063
2064 /* This function set a random address to local controller. It also temporarily
2065 * disable scans and adv before sending the command to the controller. */
btm_ble_set_random_address(const RawAddress & random_bda)2066 void btm_ble_set_random_address(const RawAddress& random_bda) {
2067 tBTM_LE_RANDOM_CB* p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
2068 tBTM_BLE_CB* p_ble_cb = &btm_cb.ble_ctr_cb;
2069 const bool adv_mode = btm_cb.ble_ctr_cb.inq_var.adv_mode;
2070
2071 if (adv_mode == BTM_BLE_ADV_ENABLE)
2072 btsnd_hcic_ble_set_adv_enable(BTM_BLE_ADV_DISABLE);
2073 if (p_ble_cb->is_ble_scan_active()) {
2074 btm_ble_stop_scan();
2075 }
2076 btm_ble_suspend_bg_conn();
2077
2078 p_cb->private_addr = random_bda;
2079 btsnd_hcic_ble_set_random_addr(p_cb->private_addr);
2080 LOG_DEBUG("Updating local random address:%s", PRIVATE_ADDRESS(random_bda));
2081
2082 if (adv_mode == BTM_BLE_ADV_ENABLE)
2083 btsnd_hcic_ble_set_adv_enable(BTM_BLE_ADV_ENABLE);
2084 if (p_ble_cb->is_ble_scan_active()) {
2085 btm_ble_start_scan();
2086 }
2087 btm_ble_resume_bg_conn();
2088 }
2089
2090 /*******************************************************************************
2091 *
2092 * Function btm_ble_get_acl_remote_addr
2093 *
2094 * Description This function reads the active remote address used for the
2095 * connection.
2096 *
2097 * Returns success return true, otherwise false.
2098 *
2099 ******************************************************************************/
btm_ble_get_acl_remote_addr(uint16_t hci_handle,RawAddress & conn_addr,tBLE_ADDR_TYPE * p_addr_type)2100 bool btm_ble_get_acl_remote_addr(uint16_t hci_handle, RawAddress& conn_addr,
2101 tBLE_ADDR_TYPE* p_addr_type) {
2102 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev_by_handle(hci_handle);
2103 if (p_dev_rec == nullptr) {
2104 LOG_WARN("Unable to find security device record hci_handle:%hu",
2105 hci_handle);
2106 // TODO Release acl resource
2107 return false;
2108 }
2109
2110 bool st = true;
2111
2112 switch (p_dev_rec->ble.active_addr_type) {
2113 case tBTM_SEC_BLE::BTM_BLE_ADDR_PSEUDO:
2114 conn_addr = p_dev_rec->bd_addr;
2115 *p_addr_type = p_dev_rec->ble.ble_addr_type;
2116 break;
2117
2118 case tBTM_SEC_BLE::BTM_BLE_ADDR_RRA:
2119 conn_addr = p_dev_rec->ble.cur_rand_addr;
2120 *p_addr_type = BLE_ADDR_RANDOM;
2121 break;
2122
2123 case tBTM_SEC_BLE::BTM_BLE_ADDR_STATIC:
2124 conn_addr = p_dev_rec->ble.identity_address_with_type.bda;
2125 *p_addr_type = p_dev_rec->ble.identity_address_with_type.type;
2126 break;
2127
2128 default:
2129 LOG_WARN("Unable to find record with active address type: %d",
2130 p_dev_rec->ble.active_addr_type);
2131 st = false;
2132 break;
2133 }
2134 return st;
2135 }
2136
2137 #if BTM_BLE_CONFORMANCE_TESTING == TRUE
2138 /*******************************************************************************
2139 *
2140 * Function btm_ble_set_no_disc_if_pair_fail
2141 *
2142 * Description This function indicates whether no disconnect of the ACL
2143 * should be used if pairing failed
2144 *
2145 * Returns void
2146 *
2147 ******************************************************************************/
btm_ble_set_no_disc_if_pair_fail(bool disable_disc)2148 void btm_ble_set_no_disc_if_pair_fail(bool disable_disc) {
2149 BTM_TRACE_DEBUG("btm_ble_set_disc_enable_if_pair_fail disable_disc=%d",
2150 disable_disc);
2151 btm_cb.devcb.no_disc_if_pair_fail = disable_disc;
2152 }
2153
2154 /*******************************************************************************
2155 *
2156 * Function btm_ble_set_test_mac_value
2157 *
2158 * Description This function set test MAC value
2159 *
2160 * Returns void
2161 *
2162 ******************************************************************************/
btm_ble_set_test_mac_value(bool enable,uint8_t * p_test_mac_val)2163 void btm_ble_set_test_mac_value(bool enable, uint8_t* p_test_mac_val) {
2164 BTM_TRACE_DEBUG("btm_ble_set_test_mac_value enable=%d", enable);
2165 btm_cb.devcb.enable_test_mac_val = enable;
2166 memcpy(btm_cb.devcb.test_mac, p_test_mac_val, BT_OCTET8_LEN);
2167 }
2168
2169 /*******************************************************************************
2170 *
2171 * Function btm_ble_set_test_local_sign_cntr_value
2172 *
2173 * Description This function set test local sign counter value
2174 *
2175 * Returns void
2176 *
2177 ******************************************************************************/
btm_ble_set_test_local_sign_cntr_value(bool enable,uint32_t test_local_sign_cntr)2178 void btm_ble_set_test_local_sign_cntr_value(bool enable,
2179 uint32_t test_local_sign_cntr) {
2180 BTM_TRACE_DEBUG(
2181 "btm_ble_set_test_local_sign_cntr_value enable=%d local_sign_cntr=%d",
2182 enable, test_local_sign_cntr);
2183 btm_cb.devcb.enable_test_local_sign_cntr = enable;
2184 btm_cb.devcb.test_local_sign_cntr = test_local_sign_cntr;
2185 }
2186
2187 /*******************************************************************************
2188 *
2189 * Function btm_ble_set_keep_rfu_in_auth_req
2190 *
2191 * Description This function indicates if RFU bits have to be kept as is
2192 * (by default they have to be set to 0 by the sender).
2193 *
2194 * Returns void
2195 *
2196 ******************************************************************************/
btm_ble_set_keep_rfu_in_auth_req(bool keep_rfu)2197 void btm_ble_set_keep_rfu_in_auth_req(bool keep_rfu) {
2198 BTM_TRACE_DEBUG("btm_ble_set_keep_rfu_in_auth_req keep_rfus=%d", keep_rfu);
2199 btm_cb.devcb.keep_rfu_in_auth_req = keep_rfu;
2200 }
2201
2202 #endif /* BTM_BLE_CONFORMANCE_TESTING */
2203