1 /******************************************************************************
2 *
3 * Copyright 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains security manager protocol utility functions
22 *
23 ******************************************************************************/
24 #include <base/bind.h>
25 #include <base/callback.h>
26
27 #include <algorithm>
28 #include <cstring>
29
30 #include "bt_target.h"
31 #include "bt_utils.h"
32 #include "btm_ble_api.h"
33 #include "btm_ble_int.h"
34 #include "device/include/controller.h"
35 #include "osi/include/osi.h"
36 #include "p_256_ecc_pp.h"
37 #include "smp_int.h"
38 #include "stack/btm/btm_dev.h"
39 #include "stack/btm/btm_sec.h"
40 #include "stack/crypto_toolbox/crypto_toolbox.h"
41 #include "stack/include/acl_api.h"
42 #include "stack/include/bt_octets.h"
43 #include "types/raw_address.h"
44
45 extern tBTM_CB btm_cb; // TODO Remove
46
47 using base::Bind;
48 using crypto_toolbox::aes_128;
49
50 #ifndef SMP_MAX_ENC_REPEAT
51 #define SMP_MAX_ENC_REPEAT 3
52 #endif
53
54 static void smp_process_stk(tSMP_CB* p_cb, Octet16* p);
55 static Octet16 smp_calculate_legacy_short_term_key(tSMP_CB* p_cb);
56 static void smp_process_private_key(tSMP_CB* p_cb);
57
58 #define SMP_PASSKEY_MASK 0xfff00000
59
60 // If there is data saved here, then use its info instead
61 // This needs to be cleared on a successfult pairing using the oob data
62 static tSMP_LOC_OOB_DATA saved_local_oob_data = {};
63
smp_save_local_oob_data(tSMP_CB * p_cb)64 void smp_save_local_oob_data(tSMP_CB* p_cb) {
65 saved_local_oob_data = p_cb->sc_oob_data.loc_oob_data;
66 }
67
smp_clear_local_oob_data()68 void smp_clear_local_oob_data() { saved_local_oob_data = {}; }
69
is_empty(tSMP_LOC_OOB_DATA * data)70 static bool is_empty(tSMP_LOC_OOB_DATA* data) {
71 tSMP_LOC_OOB_DATA empty_data = {};
72 return memcmp(data, &empty_data, sizeof(tSMP_LOC_OOB_DATA)) == 0;
73 }
74
smp_has_local_oob_data()75 bool smp_has_local_oob_data() { return !is_empty(&saved_local_oob_data); }
76
smp_debug_print_nbyte_little_endian(uint8_t * p,const char * key_name,uint8_t len)77 void smp_debug_print_nbyte_little_endian(uint8_t* p, const char* key_name,
78 uint8_t len) {}
79
smp_debug_print_nbyte_little_endian(const Octet16 & p,const char * key_name,uint8_t len)80 inline void smp_debug_print_nbyte_little_endian(const Octet16& p,
81 const char* key_name,
82 uint8_t len) {
83 smp_debug_print_nbyte_little_endian(const_cast<uint8_t*>(p.data()), key_name,
84 len);
85 }
86
smp_debug_print_nbyte_big_endian(uint8_t * p,const char * key_name,uint8_t len)87 void smp_debug_print_nbyte_big_endian(uint8_t* p, const char* key_name,
88 uint8_t len) {}
89
90 /** This function is called to process a passkey. */
smp_proc_passkey(tSMP_CB * p_cb,BT_OCTET8 rand)91 void smp_proc_passkey(tSMP_CB* p_cb, BT_OCTET8 rand) {
92 uint8_t* tt = p_cb->tk.data();
93 uint32_t passkey; /* 19655 test number; */
94 uint8_t* pp = rand;
95
96 SMP_TRACE_DEBUG("%s", __func__);
97 STREAM_TO_UINT32(passkey, pp);
98 passkey &= ~SMP_PASSKEY_MASK;
99
100 /* truncate by maximum value */
101 while (passkey > BTM_MAX_PASSKEY_VAL) passkey >>= 1;
102
103 /* save the TK */
104 p_cb->tk = {0};
105 UINT32_TO_STREAM(tt, passkey);
106
107 if (p_cb->p_callback) {
108 tSMP_EVT_DATA smp_evt_data = {
109 .passkey = passkey,
110 };
111 (*p_cb->p_callback)(SMP_PASSKEY_NOTIF_EVT, p_cb->pairing_bda,
112 &smp_evt_data);
113 }
114
115 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_PASSKEY_DISP) {
116 tSMP_INT_DATA smp_int_data;
117 smp_int_data.passkey = passkey;
118 smp_sm_event(&smp_cb, SMP_KEY_READY_EVT, &smp_int_data);
119 } else {
120 tSMP_KEY key;
121 key.key_type = SMP_KEY_TYPE_TK;
122 key.p_data = p_cb->tk.data();
123 tSMP_INT_DATA smp_int_data;
124 smp_int_data.key = key;
125 smp_sm_event(p_cb, SMP_KEY_READY_EVT, &smp_int_data);
126 }
127 }
128
129 /*******************************************************************************
130 *
131 * Function smp_generate_passkey
132 *
133 * Description This function is called to generate passkey.
134 *
135 * Returns void
136 *
137 ******************************************************************************/
smp_generate_passkey(tSMP_CB * p_cb,UNUSED_ATTR tSMP_INT_DATA * p_data)138 void smp_generate_passkey(tSMP_CB* p_cb, UNUSED_ATTR tSMP_INT_DATA* p_data) {
139 SMP_TRACE_DEBUG("%s", __func__);
140 /* generate MRand or SRand */
141 btsnd_hcic_ble_rand(Bind(&smp_proc_passkey, p_cb));
142 }
143
144 /*******************************************************************************
145 *
146 * Function smp_generate_stk
147 *
148 * Description This function is called to generate STK calculated by
149 * running AES with the TK value as key and a concatenation of
150 * the random values.
151 *
152 * Returns void
153 *
154 ******************************************************************************/
smp_generate_stk(tSMP_CB * p_cb,UNUSED_ATTR tSMP_INT_DATA * p_data)155 void smp_generate_stk(tSMP_CB* p_cb, UNUSED_ATTR tSMP_INT_DATA* p_data) {
156 Octet16 output;
157
158 SMP_TRACE_DEBUG("%s", __func__);
159
160 if (p_cb->le_secure_connections_mode_is_used) {
161 SMP_TRACE_DEBUG("FOR LE SC LTK IS USED INSTEAD OF STK");
162 output = p_cb->ltk;
163 } else {
164 output = smp_calculate_legacy_short_term_key(p_cb);
165 }
166
167 smp_process_stk(p_cb, &output);
168 }
169
170 /**
171 * This function is called to calculate CSRK
172 */
smp_compute_csrk(uint16_t div,tSMP_CB * p_cb)173 void smp_compute_csrk(uint16_t div, tSMP_CB* p_cb) {
174 uint8_t buffer[4]; /* for (r || DIV) r=1*/
175 uint16_t r = 1;
176 uint8_t* p = buffer;
177
178 p_cb->div = div;
179
180 SMP_TRACE_DEBUG("%s: div=%x", __func__, p_cb->div);
181 const Octet16& er = BTM_GetDeviceEncRoot();
182 /* CSRK = d1(ER, DIV, 1) */
183 UINT16_TO_STREAM(p, p_cb->div);
184 UINT16_TO_STREAM(p, r);
185
186 p_cb->csrk = aes_128(er, buffer, 4);
187 smp_send_csrk_info(p_cb, NULL);
188 }
189
190 /**
191 * This function is called to calculate CSRK, starting with DIV generation.
192 */
smp_generate_csrk(tSMP_CB * p_cb,UNUSED_ATTR tSMP_INT_DATA * p_data)193 void smp_generate_csrk(tSMP_CB* p_cb, UNUSED_ATTR tSMP_INT_DATA* p_data) {
194 bool div_status;
195
196 SMP_TRACE_DEBUG("smp_generate_csrk");
197
198 div_status = btm_get_local_div(p_cb->pairing_bda, &p_cb->div);
199 if (div_status) {
200 smp_compute_csrk(p_cb->div, p_cb);
201 } else {
202 SMP_TRACE_DEBUG("Generate DIV for CSRK");
203 btsnd_hcic_ble_rand(Bind(
204 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
205 uint16_t div;
206 STREAM_TO_UINT16(div, rand);
207 smp_compute_csrk(div, p_cb);
208 },
209 p_cb));
210 }
211 }
212
213 /*******************************************************************************
214 * Function smp_concatenate_peer - LSB first
215 * add pairing command sent from local device into p1.
216 ******************************************************************************/
smp_concatenate_local(tSMP_CB * p_cb,uint8_t ** p_data,uint8_t op_code)217 void smp_concatenate_local(tSMP_CB* p_cb, uint8_t** p_data, uint8_t op_code) {
218 uint8_t* p = *p_data;
219
220 SMP_TRACE_DEBUG("%s", __func__);
221 UINT8_TO_STREAM(p, op_code);
222 UINT8_TO_STREAM(p, p_cb->local_io_capability);
223 UINT8_TO_STREAM(p, p_cb->loc_oob_flag);
224 UINT8_TO_STREAM(p, p_cb->loc_auth_req);
225 UINT8_TO_STREAM(p, p_cb->loc_enc_size);
226 UINT8_TO_STREAM(p, p_cb->local_i_key);
227 UINT8_TO_STREAM(p, p_cb->local_r_key);
228
229 *p_data = p;
230 }
231
232 /*******************************************************************************
233 * Function smp_concatenate_peer - LSB first
234 * add pairing command received from peer device into p1.
235 ******************************************************************************/
smp_concatenate_peer(tSMP_CB * p_cb,uint8_t ** p_data,uint8_t op_code)236 void smp_concatenate_peer(tSMP_CB* p_cb, uint8_t** p_data, uint8_t op_code) {
237 uint8_t* p = *p_data;
238
239 SMP_TRACE_DEBUG("smp_concatenate_peer ");
240 UINT8_TO_STREAM(p, op_code);
241 UINT8_TO_STREAM(p, p_cb->peer_io_caps);
242 UINT8_TO_STREAM(p, p_cb->peer_oob_flag);
243 UINT8_TO_STREAM(p, p_cb->peer_auth_req);
244 UINT8_TO_STREAM(p, p_cb->peer_enc_size);
245 UINT8_TO_STREAM(p, p_cb->peer_i_key);
246 UINT8_TO_STREAM(p, p_cb->peer_r_key);
247
248 *p_data = p;
249 }
250
251 /** Generate Confirm/Compare Step1:
252 * p1 = (MSB) pres || preq || rat' || iat' (LSB)
253 * Fill in values LSB first thus
254 * p1 = iat' || rat' || preq || pres
255 */
smp_gen_p1_4_confirm(tSMP_CB * p_cb,tBLE_ADDR_TYPE remote_bd_addr_type)256 Octet16 smp_gen_p1_4_confirm(tSMP_CB* p_cb,
257 tBLE_ADDR_TYPE remote_bd_addr_type) {
258 SMP_TRACE_DEBUG("%s", __func__);
259 Octet16 p1;
260 uint8_t* p = p1.data();
261 if (p_cb->role == HCI_ROLE_CENTRAL) {
262 /* iat': initiator's (local) address type */
263 UINT8_TO_STREAM(p, p_cb->addr_type);
264 /* rat': responder's (remote) address type */
265 UINT8_TO_STREAM(p, remote_bd_addr_type);
266 /* preq : Pairing Request (local) command */
267 smp_concatenate_local(p_cb, &p, SMP_OPCODE_PAIRING_REQ);
268 /* pres : Pairing Response (remote) command */
269 smp_concatenate_peer(p_cb, &p, SMP_OPCODE_PAIRING_RSP);
270 } else {
271 /* iat': initiator's (remote) address type */
272 UINT8_TO_STREAM(p, remote_bd_addr_type);
273 /* rat': responder's (local) address type */
274 UINT8_TO_STREAM(p, p_cb->addr_type);
275 /* preq : Pairing Request (remote) command */
276 smp_concatenate_peer(p_cb, &p, SMP_OPCODE_PAIRING_REQ);
277 /* pres : Pairing Response (local) command */
278 smp_concatenate_local(p_cb, &p, SMP_OPCODE_PAIRING_RSP);
279 }
280 smp_debug_print_nbyte_little_endian(p1, "p1 = iat' || rat' || preq || pres",
281 16);
282
283 return p1;
284 }
285
286 /** Generate Confirm/Compare Step2:
287 * p2 = (MSB) padding || ia || ra (LSB)
288 * Fill values LSB first and thus:
289 * p2 = ra || ia || padding
290 */
smp_gen_p2_4_confirm(tSMP_CB * p_cb,const RawAddress & remote_bda)291 Octet16 smp_gen_p2_4_confirm(tSMP_CB* p_cb, const RawAddress& remote_bda) {
292 SMP_TRACE_DEBUG("%s", __func__);
293 Octet16 p2{0};
294 uint8_t* p = p2.data();
295 /* 32-bit Padding */
296 memset(p, 0, OCTET16_LEN);
297 if (p_cb->role == HCI_ROLE_CENTRAL) {
298 /* ra : Responder's (remote) address */
299 BDADDR_TO_STREAM(p, remote_bda);
300 /* ia : Initiator's (local) address */
301 BDADDR_TO_STREAM(p, p_cb->local_bda);
302 } else {
303 /* ra : Responder's (local) address */
304 BDADDR_TO_STREAM(p, p_cb->local_bda);
305 /* ia : Initiator's (remote) address */
306 BDADDR_TO_STREAM(p, remote_bda);
307 }
308 smp_debug_print_nbyte_little_endian(p2, "p2 = ra || ia || padding", 16);
309 return p2;
310 }
311
312 /*******************************************************************************
313 *
314 * Function smp_calculate_comfirm
315 *
316 * Description This function (c1) is called to calculate Confirm value.
317 *
318 * Returns tSMP_STATUS status of confirmation calculation
319 *
320 ******************************************************************************/
smp_calculate_comfirm(tSMP_CB * p_cb,const Octet16 & rand,Octet16 * output)321 tSMP_STATUS smp_calculate_comfirm(tSMP_CB* p_cb, const Octet16& rand,
322 Octet16* output) {
323 SMP_TRACE_DEBUG("%s", __func__);
324 RawAddress remote_bda;
325 tBLE_ADDR_TYPE remote_bd_addr_type = BLE_ADDR_PUBLIC;
326 /* get remote connection specific bluetooth address */
327 if (!BTM_ReadRemoteConnectionAddr(p_cb->pairing_bda, remote_bda,
328 &remote_bd_addr_type)) {
329 SMP_TRACE_ERROR("%s: cannot obtain remote device address", __func__);
330 return SMP_PAIR_FAIL_UNKNOWN;
331 }
332 /* get local connection specific bluetooth address */
333 BTM_ReadConnectionAddr(p_cb->pairing_bda, p_cb->local_bda, &p_cb->addr_type);
334 /* generate p1 = pres || preq || rat' || iat' */
335 Octet16 p1 = smp_gen_p1_4_confirm(p_cb, remote_bd_addr_type);
336 /* p1' = rand XOR p1 */
337 smp_xor_128(&p1, rand);
338 smp_debug_print_nbyte_little_endian(p1, "p1' = p1 XOR r", 16);
339 /* calculate e1 = e(k, p1'), where k = TK */
340 smp_debug_print_nbyte_little_endian(p_cb->tk.data(), "TK", 16);
341 Octet16 e1 = aes_128(p_cb->tk, p1);
342 smp_debug_print_nbyte_little_endian(e1.data(), "e1 = e(k, p1')", 16);
343 /* generate p2 = padding || ia || ra */
344 Octet16 p2 = smp_gen_p2_4_confirm(p_cb, remote_bda);
345 /* calculate p2' = (p2 XOR e1) */
346 smp_xor_128(&p2, e1);
347 smp_debug_print_nbyte_little_endian(p2, "p2' = p2 XOR e1", 16);
348 /* calculate: c1 = e(k, p2') */
349 *output = aes_128(p_cb->tk, p2);
350 return SMP_SUCCESS;
351 }
352
353 /*******************************************************************************
354 *
355 * Function smp_generate_confirm
356 *
357 * Description This function is called when random number (MRand or SRand)
358 * is generated by the controller and the stack needs to
359 * calculate c1 value (MConfirm or SConfirm) for the first time
360 *
361 * Returns void
362 *
363 ******************************************************************************/
smp_generate_confirm(tSMP_CB * p_cb)364 static void smp_generate_confirm(tSMP_CB* p_cb) {
365 SMP_TRACE_DEBUG("%s", __func__);
366 smp_debug_print_nbyte_little_endian(p_cb->rand.data(), "local_rand", 16);
367 Octet16 output;
368 tSMP_STATUS status = smp_calculate_comfirm(p_cb, p_cb->rand, &output);
369 if (status != SMP_SUCCESS) {
370 tSMP_INT_DATA smp_int_data;
371 smp_int_data.status = status;
372 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
373 return;
374 }
375 tSMP_KEY key;
376 p_cb->confirm = output;
377 smp_debug_print_nbyte_little_endian(p_cb->confirm, "Local Confirm generated",
378 16);
379 key.key_type = SMP_KEY_TYPE_CFM;
380 key.p_data = output.data();
381 tSMP_INT_DATA smp_int_data;
382 smp_int_data.key = key;
383 smp_sm_event(p_cb, SMP_KEY_READY_EVT, &smp_int_data);
384 }
385
386 /*******************************************************************************
387 *
388 * Function smp_generate_srand_mrand_confirm
389 *
390 * Description This function is called to start the second pairing phase by
391 * start generating random number.
392 *
393 *
394 * Returns void
395 *
396 ******************************************************************************/
smp_generate_srand_mrand_confirm(tSMP_CB * p_cb,UNUSED_ATTR tSMP_INT_DATA * p_data)397 void smp_generate_srand_mrand_confirm(tSMP_CB* p_cb,
398 UNUSED_ATTR tSMP_INT_DATA* p_data) {
399 SMP_TRACE_DEBUG("%s", __func__);
400 /* generate MRand or SRand */
401 btsnd_hcic_ble_rand(Bind(
402 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
403 memcpy(p_cb->rand.data(), rand, 8);
404
405 /* generate 64 MSB of MRand or SRand */
406 btsnd_hcic_ble_rand(Bind(
407 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
408 memcpy((void*)&p_cb->rand[8], rand, BT_OCTET8_LEN);
409 smp_generate_confirm(p_cb);
410 },
411 p_cb));
412 },
413 p_cb));
414 }
415
416 /*******************************************************************************
417 *
418 * Function smp_generate_compare
419 *
420 * Description This function is called when random number (MRand or SRand)
421 * is received from remote device and the c1 value (MConfirm
422 * or SConfirm) needs to be generated to authenticate remote
423 * device.
424 *
425 * Returns void
426 *
427 ******************************************************************************/
smp_generate_compare(tSMP_CB * p_cb,UNUSED_ATTR tSMP_INT_DATA * p_data)428 void smp_generate_compare(tSMP_CB* p_cb, UNUSED_ATTR tSMP_INT_DATA* p_data) {
429 SMP_TRACE_DEBUG("smp_generate_compare ");
430 smp_debug_print_nbyte_little_endian(p_cb->rrand, "peer rand", 16);
431 Octet16 output;
432 tSMP_STATUS status = smp_calculate_comfirm(p_cb, p_cb->rrand, &output);
433 if (status != SMP_SUCCESS) {
434 tSMP_INT_DATA smp_int_data;
435 smp_int_data.status = status;
436 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
437 return;
438 }
439 tSMP_KEY key;
440 smp_debug_print_nbyte_little_endian(output.data(), "Remote Confirm generated",
441 16);
442 key.key_type = SMP_KEY_TYPE_CMP;
443 key.p_data = output.data();
444 tSMP_INT_DATA smp_int_data;
445 smp_int_data.key = key;
446 smp_sm_event(p_cb, SMP_KEY_READY_EVT, &smp_int_data);
447 }
448
449 /** This function is called when STK is generated proceed to send the encrypt
450 * the link using STK. */
smp_process_stk(tSMP_CB * p_cb,Octet16 * p)451 static void smp_process_stk(tSMP_CB* p_cb, Octet16* p) {
452 tSMP_KEY key;
453
454 SMP_TRACE_DEBUG("smp_process_stk ");
455 smp_mask_enc_key(p_cb->loc_enc_size, p);
456
457 key.key_type = SMP_KEY_TYPE_STK;
458 key.p_data = p->data();
459
460 tSMP_INT_DATA smp_int_data;
461 smp_int_data.key = key;
462 smp_sm_event(p_cb, SMP_KEY_READY_EVT, &smp_int_data);
463 }
464
465 /** This function calculates EDIV = Y xor DIV */
smp_process_ediv(tSMP_CB * p_cb,Octet16 & p)466 static void smp_process_ediv(tSMP_CB* p_cb, Octet16& p) {
467 tSMP_KEY key;
468 uint8_t* pp = p.data();
469 uint16_t y;
470
471 SMP_TRACE_DEBUG("smp_process_ediv ");
472 STREAM_TO_UINT16(y, pp);
473
474 /* EDIV = Y xor DIV */
475 p_cb->ediv = p_cb->div ^ y;
476 /* send LTK ready */
477 SMP_TRACE_ERROR("LTK ready");
478 key.key_type = SMP_KEY_TYPE_LTK;
479 key.p_data = p.data();
480
481 tSMP_INT_DATA smp_int_data;
482 smp_int_data.key = key;
483 smp_sm_event(p_cb, SMP_KEY_READY_EVT, &smp_int_data);
484 }
485
486 /**
487 * This function is to proceed generate Y = E(DHK, Rand)
488 */
smp_generate_y(tSMP_CB * p_cb,BT_OCTET8 rand)489 static void smp_generate_y(tSMP_CB* p_cb, BT_OCTET8 rand) {
490 SMP_TRACE_DEBUG("%s ", __func__);
491
492 const Octet16& dhk = BTM_GetDeviceDHK();
493
494 memcpy(p_cb->enc_rand, rand, BT_OCTET8_LEN);
495 Octet16 output = aes_128(dhk, rand, BT_OCTET8_LEN);
496 smp_process_ediv(p_cb, output);
497 }
498
499 /**
500 * Calculate LTK = d1(ER, DIV, 0)= e(ER, DIV)
501 */
smp_generate_ltk_cont(uint16_t div,tSMP_CB * p_cb)502 static void smp_generate_ltk_cont(uint16_t div, tSMP_CB* p_cb) {
503 p_cb->div = div;
504
505 SMP_TRACE_DEBUG("%s", __func__);
506 const Octet16& er = BTM_GetDeviceEncRoot();
507
508 /* LTK = d1(ER, DIV, 0)= e(ER, DIV)*/
509 Octet16 ltk = aes_128(er, (uint8_t*)&p_cb->div, sizeof(uint16_t));
510 /* mask the LTK */
511 smp_mask_enc_key(p_cb->loc_enc_size, <k);
512 p_cb->ltk = ltk;
513
514 /* generate EDIV and rand now */
515 btsnd_hcic_ble_rand(Bind(&smp_generate_y, p_cb));
516 }
517
518 /*******************************************************************************
519 *
520 * Function smp_generate_ltk
521 *
522 * Description This function is called:
523 * - in legacy pairing - to calculate LTK, starting with DIV
524 * generation;
525 * - in LE Secure Connections pairing over LE transport - to
526 * process LTK already generated to encrypt LE link;
527 * - in LE Secure Connections pairing over BR/EDR transport -
528 * to start BR/EDR Link Key processing.
529 *
530 * Returns void
531 *
532 ******************************************************************************/
smp_generate_ltk(tSMP_CB * p_cb,UNUSED_ATTR tSMP_INT_DATA * p_data)533 void smp_generate_ltk(tSMP_CB* p_cb, UNUSED_ATTR tSMP_INT_DATA* p_data) {
534 SMP_TRACE_DEBUG("%s", __func__);
535
536 if (smp_get_br_state() == SMP_BR_STATE_BOND_PENDING) {
537 smp_br_process_link_key(p_cb, NULL);
538 return;
539 } else if (p_cb->le_secure_connections_mode_is_used) {
540 smp_process_secure_connection_long_term_key();
541 return;
542 }
543
544 bool div_status = btm_get_local_div(p_cb->pairing_bda, &p_cb->div);
545
546 if (div_status) {
547 smp_generate_ltk_cont(p_cb->div, p_cb);
548 } else {
549 SMP_TRACE_DEBUG("%s: Generate DIV for LTK", __func__);
550
551 /* generate MRand or SRand */
552 btsnd_hcic_ble_rand(Bind(
553 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
554 uint16_t div;
555 STREAM_TO_UINT16(div, rand);
556 smp_generate_ltk_cont(div, p_cb);
557 },
558 p_cb));
559 }
560 }
561
562 /* The function calculates legacy STK */
smp_calculate_legacy_short_term_key(tSMP_CB * p_cb)563 Octet16 smp_calculate_legacy_short_term_key(tSMP_CB* p_cb) {
564 SMP_TRACE_DEBUG("%s", __func__);
565
566 Octet16 text{0};
567 if (p_cb->role == HCI_ROLE_CENTRAL) {
568 memcpy(text.data(), p_cb->rand.data(), BT_OCTET8_LEN);
569 memcpy(text.data() + BT_OCTET8_LEN, p_cb->rrand.data(), BT_OCTET8_LEN);
570 } else {
571 memcpy(text.data(), p_cb->rrand.data(), BT_OCTET8_LEN);
572 memcpy(text.data() + BT_OCTET8_LEN, p_cb->rand.data(), BT_OCTET8_LEN);
573 }
574
575 /* generate STK = Etk(rand|rrand)*/
576 return aes_128(p_cb->tk, text);
577 }
578
579 /*******************************************************************************
580 *
581 * Function smp_create_private_key
582 *
583 * Description This function is called to create private key used to
584 * calculate public key and DHKey.
585 * The function starts private key creation requesting
586 * for the controller to generate [0-7] octets of private key.
587 *
588 * Returns void
589 *
590 ******************************************************************************/
smp_create_private_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)591 void smp_create_private_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
592 SMP_TRACE_DEBUG("%s", __func__);
593
594 // Only use the stored OOB data if we are in an oob association model
595 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) {
596 LOG_WARN("OOB Association Model");
597 // Make sure our data isn't empty, otherwise we generate new and eventually
598 // pairing will fail Not much we can do about it at this point, just have to
599 // generate new data The data will be cleared after the advertiser times
600 // out, so if the advertiser times out we want the pairing to fail anyway.
601 if (!is_empty(&saved_local_oob_data)) {
602 LOG_WARN("Found OOB data, loading keys");
603 for (int i = 0; i < BT_OCTET32_LEN; i++) {
604 p_cb->private_key[i] = saved_local_oob_data.private_key_used[i];
605 p_cb->loc_publ_key.x[i] = saved_local_oob_data.publ_key_used.x[i];
606 p_cb->loc_publ_key.y[i] = saved_local_oob_data.publ_key_used.y[i];
607 }
608 p_cb->sc_oob_data.loc_oob_data = saved_local_oob_data;
609 p_cb->local_random = saved_local_oob_data.randomizer;
610 smp_process_private_key(p_cb);
611 return;
612 }
613 LOG_WARN("OOB Association Model with no saved data present");
614 }
615
616 btsnd_hcic_ble_rand(Bind(
617 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
618 memcpy((void*)p_cb->private_key, rand, BT_OCTET8_LEN);
619 btsnd_hcic_ble_rand(Bind(
620 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
621 memcpy((void*)&p_cb->private_key[8], rand, BT_OCTET8_LEN);
622 btsnd_hcic_ble_rand(Bind(
623 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
624 memcpy((void*)&p_cb->private_key[16], rand, BT_OCTET8_LEN);
625 btsnd_hcic_ble_rand(Bind(
626 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
627 memcpy((void*)&p_cb->private_key[24], rand,
628 BT_OCTET8_LEN);
629 smp_process_private_key(p_cb);
630 },
631 p_cb));
632 },
633 p_cb));
634 },
635 p_cb));
636 },
637 p_cb));
638 }
639
640 /*******************************************************************************
641 *
642 * Function smp_use_oob_private_key
643 *
644 * Description This function is called
645 * - to save the secret key used to calculate the public key
646 * used in calculations of commitment sent OOB to a peer
647 * - to use this secret key to recalculate the public key and
648 * start the process of sending this public key to the peer
649 * if secret/public keys have to be reused.
650 * If the keys aren't supposed to be reused, continue from the
651 * point from which request for OOB data was issued.
652 *
653 * Returns void
654 *
655 ******************************************************************************/
smp_use_oob_private_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)656 void smp_use_oob_private_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
657 LOG_INFO("req_oob_type: %d, role: %d", p_cb->req_oob_type, p_cb->role);
658
659 switch (p_cb->req_oob_type) {
660 case SMP_OOB_BOTH:
661 case SMP_OOB_LOCAL:
662 LOG_INFO("restore secret key");
663 // Only use the stored OOB data if we are in an oob association model
664 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) {
665 LOG_INFO("OOB Association Model");
666 // Make sure our data isn't empty, otherwise we generate new and
667 // eventually pairing will fail Not much we can do about it at this
668 // point, just have to generate new data The data will be cleared after
669 // the advertiser times out, so if the advertiser times out we want the
670 // pairing to fail anyway.
671 if (!is_empty(&saved_local_oob_data)) {
672 LOG_INFO("Found OOB data, loading keys");
673 for (int i = 0; i < BT_OCTET32_LEN; i++) {
674 p_cb->private_key[i] = saved_local_oob_data.private_key_used[i];
675 p_cb->loc_publ_key.x[i] = saved_local_oob_data.publ_key_used.x[i];
676 p_cb->loc_publ_key.y[i] = saved_local_oob_data.publ_key_used.y[i];
677 }
678 p_cb->sc_oob_data.loc_oob_data = saved_local_oob_data;
679 p_cb->local_random = saved_local_oob_data.randomizer;
680 smp_process_private_key(p_cb);
681 return;
682 }
683 LOG_INFO("OOB Association Model with no saved data present");
684 }
685
686 memcpy(p_cb->private_key, p_cb->sc_oob_data.loc_oob_data.private_key_used,
687 BT_OCTET32_LEN);
688 smp_process_private_key(p_cb);
689 break;
690 default:
691 LOG_INFO("create secret key anew");
692 smp_set_state(SMP_STATE_PAIR_REQ_RSP);
693 smp_decide_association_model(p_cb, NULL);
694 break;
695 }
696 }
697
698 /*******************************************************************************
699 *
700 * Function smp_process_private_key
701 *
702 * Description This function processes private key.
703 * It calculates public key and notifies SM that private key /
704 * public key pair is created.
705 *
706 * Returns void
707 *
708 ******************************************************************************/
smp_process_private_key(tSMP_CB * p_cb)709 void smp_process_private_key(tSMP_CB* p_cb) {
710 Point public_key;
711 BT_OCTET32 private_key;
712
713 SMP_TRACE_DEBUG("%s", __func__);
714
715 memcpy(private_key, p_cb->private_key, BT_OCTET32_LEN);
716 ECC_PointMult(&public_key, &(curve_p256.G), (uint32_t*)private_key);
717 memcpy(p_cb->loc_publ_key.x, public_key.x, BT_OCTET32_LEN);
718 memcpy(p_cb->loc_publ_key.y, public_key.y, BT_OCTET32_LEN);
719
720 smp_debug_print_nbyte_little_endian(p_cb->private_key, "private",
721 BT_OCTET32_LEN);
722 smp_debug_print_nbyte_little_endian(p_cb->loc_publ_key.x, "local public(x)",
723 BT_OCTET32_LEN);
724 smp_debug_print_nbyte_little_endian(p_cb->loc_publ_key.y, "local public(y)",
725 BT_OCTET32_LEN);
726 p_cb->flags |= SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY;
727 smp_sm_event(p_cb, SMP_LOC_PUBL_KEY_CRTD_EVT, NULL);
728 }
729
730 /*******************************************************************************
731 *
732 * Function smp_compute_dhkey
733 *
734 * Description The function:
735 * - calculates a new public key using as input local private
736 * key and peer public key;
737 * - saves the new public key x-coordinate as DHKey.
738 *
739 * Returns void
740 *
741 ******************************************************************************/
smp_compute_dhkey(tSMP_CB * p_cb)742 void smp_compute_dhkey(tSMP_CB* p_cb) {
743 Point peer_publ_key, new_publ_key;
744 BT_OCTET32 private_key;
745
746 SMP_TRACE_DEBUG("%s", __func__);
747
748 memcpy(private_key, p_cb->private_key, BT_OCTET32_LEN);
749 memcpy(peer_publ_key.x, p_cb->peer_publ_key.x, BT_OCTET32_LEN);
750 memcpy(peer_publ_key.y, p_cb->peer_publ_key.y, BT_OCTET32_LEN);
751
752 ECC_PointMult(&new_publ_key, &peer_publ_key, (uint32_t*)private_key);
753
754 memcpy(p_cb->dhkey, new_publ_key.x, BT_OCTET32_LEN);
755
756 smp_debug_print_nbyte_little_endian(p_cb->dhkey, "Old DHKey", BT_OCTET32_LEN);
757
758 smp_debug_print_nbyte_little_endian(p_cb->private_key, "private",
759 BT_OCTET32_LEN);
760 smp_debug_print_nbyte_little_endian(p_cb->peer_publ_key.x, "rem public(x)",
761 BT_OCTET32_LEN);
762 smp_debug_print_nbyte_little_endian(p_cb->peer_publ_key.y, "rem public(y)",
763 BT_OCTET32_LEN);
764 smp_debug_print_nbyte_little_endian(p_cb->dhkey, "Reverted DHKey",
765 BT_OCTET32_LEN);
766 }
767
768 /** The function calculates and saves local commmitment in CB. */
smp_calculate_local_commitment(tSMP_CB * p_cb)769 void smp_calculate_local_commitment(tSMP_CB* p_cb) {
770 uint8_t random_input;
771
772 SMP_TRACE_DEBUG("%s", __func__);
773
774 switch (p_cb->selected_association_model) {
775 case SMP_MODEL_SEC_CONN_JUSTWORKS:
776 case SMP_MODEL_SEC_CONN_NUM_COMP:
777 if (p_cb->role == HCI_ROLE_CENTRAL)
778 SMP_TRACE_WARNING(
779 "local commitment calc on central is not expected "
780 "for Just Works/Numeric Comparison models");
781 p_cb->commitment = crypto_toolbox::f4(
782 p_cb->loc_publ_key.x, p_cb->peer_publ_key.x, p_cb->rand, 0);
783 break;
784 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
785 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
786 random_input =
787 smp_calculate_random_input(p_cb->local_random.data(), p_cb->round);
788 p_cb->commitment =
789 crypto_toolbox::f4(p_cb->loc_publ_key.x, p_cb->peer_publ_key.x,
790 p_cb->rand, random_input);
791 break;
792 case SMP_MODEL_SEC_CONN_OOB:
793 SMP_TRACE_WARNING(
794 "local commitment calc is expected for OOB model BEFORE pairing");
795 p_cb->commitment = crypto_toolbox::f4(
796 p_cb->loc_publ_key.x, p_cb->loc_publ_key.x, p_cb->local_random, 0);
797 break;
798 default:
799 SMP_TRACE_ERROR("Association Model = %d is not used in LE SC",
800 p_cb->selected_association_model);
801 return;
802 }
803
804 SMP_TRACE_EVENT("local commitment calculation is completed");
805 }
806
807 /** The function calculates peer commmitment */
smp_calculate_peer_commitment(tSMP_CB * p_cb)808 Octet16 smp_calculate_peer_commitment(tSMP_CB* p_cb) {
809 uint8_t ri;
810
811 SMP_TRACE_DEBUG("%s", __func__);
812 Octet16 output;
813 switch (p_cb->selected_association_model) {
814 case SMP_MODEL_SEC_CONN_JUSTWORKS:
815 case SMP_MODEL_SEC_CONN_NUM_COMP:
816 if (p_cb->role == HCI_ROLE_PERIPHERAL)
817 SMP_TRACE_WARNING(
818 "peer commitment calc on peripheral is not expected "
819 "for Just Works/Numeric Comparison models");
820 output = crypto_toolbox::f4(p_cb->peer_publ_key.x, p_cb->loc_publ_key.x,
821 p_cb->rrand, 0);
822 break;
823 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
824 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
825 ri = smp_calculate_random_input(p_cb->peer_random.data(), p_cb->round);
826 output = crypto_toolbox::f4(p_cb->peer_publ_key.x, p_cb->loc_publ_key.x,
827 p_cb->rrand, ri);
828 break;
829 case SMP_MODEL_SEC_CONN_OOB:
830 output = crypto_toolbox::f4(p_cb->peer_publ_key.x, p_cb->peer_publ_key.x,
831 p_cb->peer_random, 0);
832 break;
833 default:
834 SMP_TRACE_ERROR("Association Model = %d is not used in LE SC",
835 p_cb->selected_association_model);
836 return output;
837 }
838
839 SMP_TRACE_EVENT("peer commitment calculation is completed");
840 return output;
841 }
842
843 /*******************************************************************************
844 *
845 * Function smp_calculate_numeric_comparison_display_number
846 *
847 * Description The function calculates and saves number to display in
848 * numeric comparison association mode.
849 *
850 * Returns void
851 *
852 ******************************************************************************/
smp_calculate_numeric_comparison_display_number(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)853 void smp_calculate_numeric_comparison_display_number(tSMP_CB* p_cb,
854 tSMP_INT_DATA* p_data) {
855 SMP_TRACE_DEBUG("%s", __func__);
856
857 if (p_cb->role == HCI_ROLE_CENTRAL) {
858 p_cb->number_to_display = crypto_toolbox::g2(
859 p_cb->loc_publ_key.x, p_cb->peer_publ_key.x, p_cb->rand, p_cb->rrand);
860 } else {
861 p_cb->number_to_display = crypto_toolbox::g2(
862 p_cb->peer_publ_key.x, p_cb->loc_publ_key.x, p_cb->rrand, p_cb->rand);
863 }
864
865 if (p_cb->number_to_display >= (BTM_MAX_PASSKEY_VAL + 1)) {
866 tSMP_INT_DATA smp_int_data;
867 smp_int_data.status = SMP_PAIR_FAIL_UNKNOWN;
868 p_cb->failure = SMP_PAIR_FAIL_UNKNOWN;
869 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
870 return;
871 }
872
873 SMP_TRACE_EVENT("Number to display in numeric comparison = %d",
874 p_cb->number_to_display);
875 p_cb->cb_evt = SMP_NC_REQ_EVT;
876 tSMP_INT_DATA smp_int_data;
877 smp_int_data.passkey = p_cb->number_to_display;
878 smp_sm_event(p_cb, SMP_SC_DSPL_NC_EVT, &smp_int_data);
879 return;
880 }
881
882 /*******************************************************************************
883 *
884 * Function smp_calculate_local_dhkey_check
885 *
886 * Description The function calculates and saves local device DHKey check
887 * value in CB.
888 * Before doing this it calls
889 * smp_calculate_f5_mackey_and_long_term_key(...).
890 * to calculate MacKey and LTK.
891 * MacKey is used in dhkey calculation.
892 *
893 * Returns void
894 *
895 ******************************************************************************/
smp_calculate_local_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)896 void smp_calculate_local_dhkey_check(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
897 uint8_t iocap[3], a[7], b[7];
898
899 SMP_TRACE_DEBUG("%s", __func__);
900
901 smp_calculate_f5_mackey_and_long_term_key(p_cb);
902
903 smp_collect_local_io_capabilities(iocap, p_cb);
904
905 smp_collect_local_ble_address(a, p_cb);
906 smp_collect_peer_ble_address(b, p_cb);
907 p_cb->dhkey_check = crypto_toolbox::f6(p_cb->mac_key, p_cb->rand, p_cb->rrand,
908 p_cb->peer_random, iocap, a, b);
909
910 SMP_TRACE_EVENT("local DHKey check calculation is completed");
911 }
912
913 /*******************************************************************************
914 *
915 * Function smp_calculate_peer_dhkey_check
916 *
917 * Description The function calculates peer device DHKey check value.
918 *
919 * Returns void
920 *
921 ******************************************************************************/
smp_calculate_peer_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)922 void smp_calculate_peer_dhkey_check(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
923 uint8_t iocap[3], a[7], b[7];
924 tSMP_KEY key;
925
926 SMP_TRACE_DEBUG("%s", __func__);
927
928 smp_collect_peer_io_capabilities(iocap, p_cb);
929
930 smp_collect_local_ble_address(a, p_cb);
931 smp_collect_peer_ble_address(b, p_cb);
932 Octet16 param_buf = crypto_toolbox::f6(p_cb->mac_key, p_cb->rrand, p_cb->rand,
933 p_cb->local_random, iocap, b, a);
934
935 SMP_TRACE_EVENT("peer DHKey check calculation is completed");
936 key.key_type = SMP_KEY_TYPE_PEER_DHK_CHCK;
937 key.p_data = param_buf.data();
938 tSMP_INT_DATA smp_int_data;
939 smp_int_data.key = key;
940 smp_sm_event(p_cb, SMP_SC_KEY_READY_EVT, &smp_int_data);
941 }
942
943 /*******************************************************************************
944 *
945 * Function smp_calculate_link_key_from_long_term_key
946 *
947 * Description The function calculates and saves BR/EDR link key derived
948 * from LE SC LTK.
949 *
950 * Returns false if out of resources, true in other cases.
951 *
952 ******************************************************************************/
smp_calculate_link_key_from_long_term_key(tSMP_CB * p_cb)953 bool smp_calculate_link_key_from_long_term_key(tSMP_CB* p_cb) {
954 tBTM_SEC_DEV_REC* p_dev_rec;
955 RawAddress bda_for_lk;
956 tBLE_ADDR_TYPE conn_addr_type;
957
958 SMP_TRACE_DEBUG("%s", __func__);
959
960 if (p_cb->id_addr_rcvd && p_cb->id_addr_type == BLE_ADDR_PUBLIC) {
961 SMP_TRACE_DEBUG(
962 "Use rcvd identity address as BD_ADDR of LK rcvd identity address");
963 bda_for_lk = p_cb->id_addr;
964 } else if ((BTM_ReadRemoteConnectionAddr(p_cb->pairing_bda, bda_for_lk,
965 &conn_addr_type)) &&
966 conn_addr_type == BLE_ADDR_PUBLIC) {
967 SMP_TRACE_DEBUG("Use rcvd connection address as BD_ADDR of LK");
968 } else {
969 SMP_TRACE_WARNING("Don't have peer public address to associate with LK");
970 return false;
971 }
972
973 p_dev_rec = btm_find_dev(p_cb->pairing_bda);
974 if (p_dev_rec == NULL) {
975 SMP_TRACE_ERROR("%s failed to find Security Record", __func__);
976 return false;
977 }
978
979 Octet16 link_key =
980 crypto_toolbox::ltk_to_link_key(p_cb->ltk, p_cb->key_derivation_h7_used);
981
982 uint8_t link_key_type;
983 if (btm_cb.security_mode == BTM_SEC_MODE_SC) {
984 /* Secure Connections Only Mode */
985 link_key_type = BTM_LKEY_TYPE_AUTH_COMB_P_256;
986 } else if (controller_get_interface()->supports_secure_connections()) {
987 /* both transports are SC capable */
988 if (p_cb->sec_level == SMP_SEC_AUTHENTICATED)
989 link_key_type = BTM_LKEY_TYPE_AUTH_COMB_P_256;
990 else
991 link_key_type = BTM_LKEY_TYPE_UNAUTH_COMB_P_256;
992 } else if (btm_cb.security_mode == BTM_SEC_MODE_SP) {
993 /* BR/EDR transport is SSP capable */
994 if (p_cb->sec_level == SMP_SEC_AUTHENTICATED)
995 link_key_type = BTM_LKEY_TYPE_AUTH_COMB;
996 else
997 link_key_type = BTM_LKEY_TYPE_UNAUTH_COMB;
998 } else {
999 SMP_TRACE_ERROR("%s failed to update link_key. Sec Mode = %d, sm4 = 0x%02x",
1000 __func__, btm_cb.security_mode, p_dev_rec->sm4);
1001 return false;
1002 }
1003
1004 link_key_type += BTM_LTK_DERIVED_LKEY_OFFSET;
1005
1006 Octet16 notif_link_key;
1007 std::reverse_copy(link_key.begin(), link_key.end(), notif_link_key.begin());
1008 btm_sec_link_key_notification(bda_for_lk, notif_link_key, link_key_type);
1009
1010 SMP_TRACE_EVENT("%s is completed", __func__);
1011
1012 return true;
1013 }
1014
1015 /** The function calculates and saves SC LTK derived from BR/EDR link key. */
smp_calculate_long_term_key_from_link_key(tSMP_CB * p_cb)1016 bool smp_calculate_long_term_key_from_link_key(tSMP_CB* p_cb) {
1017 tBTM_SEC_DEV_REC* p_dev_rec;
1018
1019 SMP_TRACE_DEBUG("%s", __func__);
1020
1021 p_dev_rec = btm_find_dev(p_cb->pairing_bda);
1022 if (p_dev_rec == NULL) {
1023 SMP_TRACE_ERROR("%s failed to find Security Record", __func__);
1024 return false;
1025 }
1026
1027 uint8_t br_link_key_type;
1028 br_link_key_type = BTM_SecGetDeviceLinkKeyType(p_cb->pairing_bda);
1029 if (br_link_key_type == BTM_LKEY_TYPE_IGNORE) {
1030 SMP_TRACE_ERROR("%s failed to retrieve BR link type", __func__);
1031 return false;
1032 }
1033
1034 if ((br_link_key_type != BTM_LKEY_TYPE_AUTH_COMB_P_256) &&
1035 (br_link_key_type != BTM_LKEY_TYPE_UNAUTH_COMB_P_256)) {
1036 SMP_TRACE_ERROR("%s LE SC LTK can't be derived from LK %d", __func__,
1037 br_link_key_type);
1038 return false;
1039 }
1040
1041 Octet16 rev_link_key;
1042 std::reverse_copy(p_dev_rec->link_key.begin(), p_dev_rec->link_key.end(),
1043 rev_link_key.begin());
1044 p_cb->ltk = crypto_toolbox::link_key_to_ltk(rev_link_key,
1045 p_cb->key_derivation_h7_used);
1046
1047 p_cb->sec_level = (br_link_key_type == BTM_LKEY_TYPE_AUTH_COMB_P_256)
1048 ? SMP_SEC_AUTHENTICATED
1049 : SMP_SEC_UNAUTHENTICATE;
1050 SMP_TRACE_EVENT("%s is completed", __func__);
1051 return true;
1052 }
1053
1054 /**
1055 * This function generates nonce.
1056 */
smp_start_nonce_generation(tSMP_CB * p_cb)1057 void smp_start_nonce_generation(tSMP_CB* p_cb) {
1058 SMP_TRACE_DEBUG("%s", __func__);
1059 btsnd_hcic_ble_rand(Bind(
1060 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
1061 memcpy(p_cb->rand.data(), rand, BT_OCTET8_LEN);
1062 btsnd_hcic_ble_rand(Bind(
1063 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
1064 memcpy(p_cb->rand.data() + 8, rand, BT_OCTET8_LEN);
1065 SMP_TRACE_DEBUG("%s round %d", __func__, p_cb->round);
1066 /* notifies SM that it has new nonce. */
1067 smp_sm_event(p_cb, SMP_HAVE_LOC_NONCE_EVT, NULL);
1068 },
1069 p_cb));
1070 },
1071 p_cb));
1072 }
1073