1 /******************************************************************************
2 *
3 * Copyright 2003-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 #define LOG_TAG "bluetooth"
20
21 #include "bt_target.h"
22
23 #include <string.h>
24 #include "smp_int.h"
25
26 #include "osi/include/log.h"
27
28 namespace {
29
30 constexpr char kBtmLogTag[] = "SMP";
31
32 }
33
34 const char* const smp_state_name[] = {
35 "SMP_STATE_IDLE",
36 "SMP_STATE_WAIT_APP_RSP",
37 "SMP_STATE_SEC_REQ_PENDING",
38 "SMP_STATE_PAIR_REQ_RSP",
39 "SMP_STATE_WAIT_CONFIRM",
40 "SMP_STATE_CONFIRM",
41 "SMP_STATE_RAND",
42 "SMP_STATE_PUBLIC_KEY_EXCH",
43 "SMP_STATE_SEC_CONN_PHS1_START",
44 "SMP_STATE_WAIT_COMMITMENT",
45 "SMP_STATE_WAIT_NONCE",
46 "SMP_STATE_SEC_CONN_PHS2_START",
47 "SMP_STATE_WAIT_DHK_CHECK",
48 "SMP_STATE_DHK_CHECK",
49 "SMP_STATE_ENCRYPTION_PENDING",
50 "SMP_STATE_BOND_PENDING",
51 "SMP_STATE_CREATE_LOCAL_SEC_CONN_OOB_DATA",
52 "SMP_STATE_MAX"};
53
54 const char* const smp_event_name[] = {"PAIRING_REQ_EVT",
55 "PAIRING_RSP_EVT",
56 "CONFIRM_EVT",
57 "RAND_EVT",
58 "PAIRING_FAILED_EVT",
59 "ENC_INFO_EVT",
60 "CENTRAL_ID_EVT",
61 "ID_INFO_EVT",
62 "ID_ADDR_EVT",
63 "SIGN_INFO_EVT",
64 "SECURITY_REQ_EVT",
65 "PAIR_PUBLIC_KEY_EVT",
66 "PAIR_DHKEY_CHECK_EVT",
67 "PAIR_KEYPRESS_NOTIFICATION_EVT",
68 "PAIR_COMMITMENT_EVT",
69 "KEY_READY_EVT",
70 "ENCRYPTED_EVT",
71 "L2CAP_CONN_EVT",
72 "L2CAP_DISCONN_EVT",
73 "API_IO_RSP_EVT",
74 "API_SEC_GRANT_EVT",
75 "TK_REQ_EVT",
76 "AUTH_CMPL_EVT",
77 "ENC_REQ_EVT",
78 "BOND_REQ_EVT",
79 "DISCARD_SEC_REQ_EVT",
80 "PUBLIC_KEY_EXCHANGE_REQ_EVT",
81 "LOCAL_PUBLIC_KEY_CRTD_EVT",
82 "BOTH_PUBLIC_KEYS_RCVD_EVT",
83 "SEC_CONN_DHKEY_COMPLETE_EVT",
84 "HAVE_LOCAL_NONCE_EVT",
85 "SEC_CONN_PHASE1_CMPLT_EVT",
86 "SEC_CONN_CALC_NC_EVT",
87 "SEC_CONN_DISPLAY_NC_EVT",
88 "SEC_CONN_OK_EVT",
89 "SEC_CONN_2_DHCK_CHECKS_PRESENT_EVT",
90 "SEC_CONN_KEY_READY_EVT",
91 "KEYPRESS_NOTIFICATION_EVT",
92 "SEC_CONN_OOB_DATA_EVT",
93 "CREATE_LOCAL_SEC_CONN_OOB_DATA_EVT",
94 "OUT_OF_RANGE_EVT"};
95
96 const char* smp_get_event_name(tSMP_EVENT event);
97 const char* smp_get_state_name(tSMP_STATE state);
98
99 #define SMP_SM_IGNORE 0
100 #define SMP_NUM_ACTIONS 2
101 #define SMP_SME_NEXT_STATE 2
102 #define SMP_SM_NUM_COLS 3
103
104 typedef const uint8_t (*tSMP_SM_TBL)[SMP_SM_NUM_COLS];
105
106 enum {
107 SMP_PROC_SEC_REQ,
108 SMP_SEND_PAIR_REQ,
109 SMP_SEND_PAIR_RSP,
110 SMP_SEND_CONFIRM,
111 SMP_SEND_PAIR_FAIL,
112 SMP_SEND_RAND,
113 SMP_SEND_ENC_INFO,
114 SMP_SEND_ID_INFO,
115 SMP_SEND_LTK_REPLY,
116 SMP_PROC_PAIR_CMD,
117 SMP_PROC_PAIR_FAIL,
118 SMP_PROC_CONFIRM,
119 SMP_PROC_RAND,
120 SMP_PROC_ENC_INFO,
121 SMP_PROC_CENTRAL_ID,
122 SMP_PROC_ID_INFO,
123 SMP_PROC_ID_ADDR,
124 SMP_PROC_SRK_INFO,
125 SMP_PROC_SEC_GRANT,
126 SMP_PROC_SL_KEY,
127 SMP_PROC_COMPARE,
128 SMP_PROC_IO_RSP,
129 SMP_GENERATE_COMPARE,
130 SMP_GENERATE_CONFIRM,
131 SMP_GENERATE_STK,
132 SMP_KEY_DISTRIBUTE,
133 SMP_START_ENC,
134 SMP_PAIRING_CMPL,
135 SMP_DECIDE_ASSO_MODEL,
136 SMP_SEND_APP_CBACK,
137 SMP_CHECK_AUTH_REQ,
138 SMP_PAIR_TERMINATE,
139 SMP_ENC_CMPL,
140 SMP_PROC_DISCARD,
141 SMP_CREATE_PRIVATE_KEY,
142 SMP_USE_OOB_PRIVATE_KEY,
143 SMP_SEND_PAIR_PUBLIC_KEY,
144 SMP_PROCESS_PAIR_PUBLIC_KEY,
145 SMP_HAVE_BOTH_PUBLIC_KEYS,
146 SMP_START_SEC_CONN_PHASE1,
147 SMP_PROCESS_LOCAL_NONCE,
148 SMP_SEND_COMMITMENT,
149 SMP_PROCESS_PAIRING_COMMITMENT,
150 SMP_PROCESS_PEER_NONCE,
151 SMP_CALCULATE_LOCAL_DHKEY_CHECK,
152 SMP_SEND_DHKEY_CHECK,
153 SMP_PROCESS_DHKEY_CHECK,
154 SMP_CALCULATE_PEER_DHKEY_CHECK,
155 SMP_MATCH_DHKEY_CHECKS,
156 SMP_CALCULATE_NUMERIC_COMPARISON_DISPLAY_NUMBER,
157 SMP_MOVE_TO_SEC_CONN_PHASE2,
158 SMP_PH2_DHKEY_CHECKS_ARE_PRESENT,
159 SMP_WAIT_FOR_BOTH_PUBLIC_KEYS,
160 SMP_START_PASSKEY_VERIFICATION,
161 SMP_SEND_KEYPRESS_NOTIFICATION,
162 SMP_PROCESS_KEYPRESS_NOTIFICATION,
163 SMP_PROCESS_SECURE_CONNECTION_OOB_DATA,
164 SMP_SET_LOCAL_OOB_KEYS,
165 SMP_SET_LOCAL_OOB_RAND_COMMITMENT,
166 SMP_IDLE_TERMINATE,
167 SMP_SM_NO_ACTION
168 };
169
170 static const tSMP_ACT smp_sm_action[] = {
171 smp_proc_sec_req,
172 smp_send_pair_req,
173 smp_send_pair_rsp,
174 smp_send_confirm,
175 smp_send_pair_fail,
176 smp_send_rand,
177 smp_send_enc_info,
178 smp_send_id_info,
179 smp_send_ltk_reply,
180 smp_proc_pair_cmd,
181 smp_proc_pair_fail,
182 smp_proc_confirm,
183 smp_proc_rand,
184 smp_proc_enc_info,
185 smp_proc_central_id,
186 smp_proc_id_info,
187 smp_proc_id_addr,
188 smp_proc_srk_info,
189 smp_proc_sec_grant,
190 smp_proc_sl_key,
191 smp_proc_compare,
192 smp_process_io_response,
193 smp_generate_compare,
194 smp_generate_srand_mrand_confirm,
195 smp_generate_stk,
196 smp_key_distribution,
197 smp_start_enc,
198 smp_pairing_cmpl,
199 smp_decide_association_model,
200 smp_send_app_cback,
201 smp_check_auth_req,
202 smp_pair_terminate,
203 smp_enc_cmpl,
204 smp_proc_discard,
205 smp_create_private_key,
206 smp_use_oob_private_key,
207 smp_send_pair_public_key,
208 smp_process_pairing_public_key,
209 smp_both_have_public_keys,
210 smp_start_secure_connection_phase1,
211 smp_process_local_nonce,
212 smp_send_commitment,
213 smp_process_pairing_commitment,
214 smp_process_peer_nonce,
215 smp_calculate_local_dhkey_check,
216 smp_send_dhkey_check,
217 smp_process_dhkey_check,
218 smp_calculate_peer_dhkey_check,
219 smp_match_dhkey_checks,
220 smp_calculate_numeric_comparison_display_number,
221 smp_move_to_secure_connections_phase2,
222 smp_phase_2_dhkey_checks_are_present,
223 smp_wait_for_both_public_keys,
224 smp_start_passkey_verification,
225 smp_send_keypress_notification,
226 smp_process_keypress_notification,
227 smp_process_secure_connection_oob_data,
228 smp_set_local_oob_keys,
229 smp_set_local_oob_random_commitment,
230 smp_idle_terminate};
231
232 /************ SMP Central FSM State/Event Indirection Table **************/
233 static const uint8_t smp_central_entry_map[][SMP_STATE_MAX] = {
234 /* state name: */
235 /* Idle, WaitApp Rsp, SecReq Pend, Pair ReqRsp, Wait Cfm, Confirm, Rand,
236 PublKey Exch, SCPhs1 Strt, Wait Cmtm, Wait Nonce, SCPhs2 Strt, Wait
237 DHKChk, DHKChk, Enc Pend, Bond Pend, CrLocSc OobData */
238 /* PAIR_REQ */
239 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
240 /* PAIR_RSP */
241 {0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
242 /* CONFIRM */
243 {0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
244 /* RAND */
245 {0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0},
246 /* PAIR_FAIL */
247 {0, 0x81, 0, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81,
248 0x81, 0, 0x81, 0},
249 /* ENC_INFO */
250 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0},
251 /* CENTRAL_ID */
252 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4, 0},
253 /* ID_INFO */
254 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0},
255 /* ID_ADDR */
256 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5, 0},
257 /* SIGN_INFO */
258 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0},
259 /* SEC_REQ */
260 {2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
261 /* PAIR_PUBLIC_KEY */
262 {0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0},
263 /* PAIR_DHKEY_CHCK */
264 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0},
265 /* PAIR_KEYPR_NOTIF */
266 {0, 8, 0, 0, 0, 0, 0, 0, 5, 2, 0, 0, 0, 0, 0, 0, 0},
267 /* PAIR_COMMITM */
268 {0, 0, 0, 0, 0, 0, 0, 0, 6, 1, 0, 0, 0, 0, 0, 0, 0},
269 /* KEY_READY */
270 {0, 3, 0, 3, 1, 0, 2, 0, 4, 0, 0, 0, 0, 0, 1, 6, 0},
271 /* ENC_CMPL */
272 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0},
273 /* L2C_CONN */
274 {1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
275 /* L2C_DISC */
276 {3, 0x83, 0, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83,
277 0x83, 0x83, 0x83, 0},
278 /* IO_RSP */
279 {0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
280 /* SEC_GRANT */
281 {0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
282 /* TK_REQ */
283 {0, 0, 0, 2, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 0},
284 /* AUTH_CMPL */
285 {4, 0x82, 0, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82,
286 0x82, 0x82, 0x82, 0},
287 /* ENC_REQ */
288 {0, 4, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0},
289 /* BOND_REQ */
290 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0, 0},
291 /* DISCARD_SEC_REQ */
292 {0, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0, 0},
293 /* PUBL_KEY_EXCH_REQ */
294 {0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
295 /* LOC_PUBL_KEY_CRTD */
296 {0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1},
297 /* BOTH_PUBL_KEYS_RCVD */
298 {0, 0, 0, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 0, 0},
299 /* SC_DHKEY_CMPLT */
300 {0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0},
301 /* HAVE_LOC_NONCE */
302 {0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 2},
303 /* SC_PHASE1_CMPLT */
304 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0},
305 /* SC_CALC_NC */
306 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0},
307 /* SC_DSPL_NC */
308 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0},
309 /* SC_NC_OK */
310 {0, 6, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
311 /* SC_2_DHCK_CHKS_PRES */
312 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
313 /* SC_KEY_READY */
314 {0, 7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0},
315 /* KEYPR_NOTIF */
316 {0, 9, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
317 /* SC_OOB_DATA */
318 {0, 10, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
319 /* CR_LOC_SC_OOB_DATA */
320 {5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
321 };
322
323 static const uint8_t smp_all_table[][SMP_SM_NUM_COLS] = {
324 /* Event Action Next State */
325 /* PAIR_FAIL */
326 {SMP_PROC_PAIR_FAIL, SMP_PAIRING_CMPL, SMP_STATE_IDLE},
327 /* AUTH_CMPL */
328 {SMP_SEND_PAIR_FAIL, SMP_PAIRING_CMPL, SMP_STATE_IDLE},
329 /* L2C_DISC */
330 {SMP_PAIR_TERMINATE, SMP_SM_NO_ACTION, SMP_STATE_IDLE}};
331
332 static const uint8_t smp_central_idle_table[][SMP_SM_NUM_COLS] = {
333 /* Event Action Next State */
334 /* L2C_CONN */
335 {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
336 /* SEC_REQ */
337 {SMP_PROC_SEC_REQ, SMP_SEND_APP_CBACK, SMP_STATE_WAIT_APP_RSP},
338 /* L2C_DISC */
339 {SMP_IDLE_TERMINATE, SMP_SM_NO_ACTION, SMP_STATE_IDLE},
340 /* AUTH_CMPL */
341 {SMP_PAIRING_CMPL, SMP_SM_NO_ACTION, SMP_STATE_IDLE},
342 /* CR_LOC_SC_OOB_DATA */
343 {SMP_CREATE_PRIVATE_KEY, SMP_SM_NO_ACTION,
344 SMP_STATE_CREATE_LOCAL_SEC_CONN_OOB_DATA}
345
346 };
347
348 static const uint8_t
349 smp_central_wait_for_app_response_table[][SMP_SM_NUM_COLS] = {
350 /* Event Action Next State */
351 /* SEC_GRANT */
352 {SMP_PROC_SEC_GRANT, SMP_SEND_APP_CBACK, SMP_STATE_WAIT_APP_RSP},
353 /* IO_RSP */
354 {SMP_SEND_PAIR_REQ, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
355
356 /* TK ready */
357 /* KEY_READY */
358 {SMP_GENERATE_CONFIRM, SMP_SM_NO_ACTION, SMP_STATE_WAIT_CONFIRM},
359
360 /* start enc mode setup */
361 /* ENC_REQ */
362 {SMP_START_ENC, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
363 /* DISCARD_SEC_REQ */
364 {SMP_PROC_DISCARD, SMP_SM_NO_ACTION, SMP_STATE_IDLE}
365 /* user confirms NC 'OK', i.e. phase 1 is completed */
366 /* SC_NC_OK */,
367 {SMP_MOVE_TO_SEC_CONN_PHASE2, SMP_SM_NO_ACTION,
368 SMP_STATE_SEC_CONN_PHS2_START},
369 /* user-provided passkey is rcvd */
370 /* SC_KEY_READY */
371 {SMP_START_PASSKEY_VERIFICATION, SMP_SM_NO_ACTION,
372 SMP_STATE_SEC_CONN_PHS1_START},
373 /* PAIR_KEYPR_NOTIF */
374 {SMP_PROCESS_KEYPRESS_NOTIFICATION, SMP_SEND_APP_CBACK,
375 SMP_STATE_WAIT_APP_RSP},
376 /* KEYPR_NOTIF */
377 {SMP_SEND_KEYPRESS_NOTIFICATION, SMP_SM_NO_ACTION,
378 SMP_STATE_WAIT_APP_RSP},
379 /* SC_OOB_DATA */
380 {SMP_USE_OOB_PRIVATE_KEY, SMP_SM_NO_ACTION, SMP_STATE_PUBLIC_KEY_EXCH}};
381
382 static const uint8_t
383 smp_central_pair_request_response_table[][SMP_SM_NUM_COLS] = {
384 /* Event Action Next State */
385 /* PAIR_RSP */
386 {SMP_PROC_PAIR_CMD, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
387 /* TK_REQ */
388 {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
389
390 /* TK ready */
391 /* KEY_READY */
392 {SMP_GENERATE_CONFIRM, SMP_SM_NO_ACTION, SMP_STATE_WAIT_CONFIRM}
393 /* PUBL_KEY_EXCH_REQ */,
394 {SMP_CREATE_PRIVATE_KEY, SMP_SM_NO_ACTION, SMP_STATE_PUBLIC_KEY_EXCH}};
395
396 static const uint8_t smp_central_wait_for_confirm_table[][SMP_SM_NUM_COLS] = {
397 /* Event Action Next State */
398 /* KEY_READY*/
399 /* CONFIRM ready */
400 {SMP_SEND_CONFIRM, SMP_SM_NO_ACTION, SMP_STATE_CONFIRM}};
401
402 static const uint8_t smp_central_confirm_table[][SMP_SM_NUM_COLS] = {
403 /* Event Action Next State */
404 /* CONFIRM */
405 {SMP_PROC_CONFIRM, SMP_SEND_RAND, SMP_STATE_RAND}};
406
407 static const uint8_t smp_central_rand_table[][SMP_SM_NUM_COLS] = {
408 /* Event Action Next State */
409 /* RAND */
410 {SMP_PROC_RAND, SMP_GENERATE_COMPARE, SMP_STATE_RAND},
411 /* KEY_READY */
412 {SMP_PROC_COMPARE, SMP_SM_NO_ACTION, SMP_STATE_RAND}, /* Compare ready */
413 /* ENC_REQ */
414 {SMP_GENERATE_STK, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING}};
415
416 static const uint8_t smp_central_public_key_exchange_table[][SMP_SM_NUM_COLS] =
417 {
418 /* Event Action Next State */
419 /* LOC_PUBL_KEY_CRTD */
420 {SMP_SEND_PAIR_PUBLIC_KEY, SMP_SM_NO_ACTION, SMP_STATE_PUBLIC_KEY_EXCH},
421 /* PAIR_PUBLIC_KEY */
422 {SMP_PROCESS_PAIR_PUBLIC_KEY, SMP_SM_NO_ACTION,
423 SMP_STATE_PUBLIC_KEY_EXCH},
424 /* BOTH_PUBL_KEYS_RCVD */
425 {SMP_HAVE_BOTH_PUBLIC_KEYS, SMP_SM_NO_ACTION,
426 SMP_STATE_SEC_CONN_PHS1_START},
427 };
428
429 static const uint8_t smp_central_sec_conn_phs1_start_table[][SMP_SM_NUM_COLS] =
430 {
431 /* Event Action Next State */
432 /* SC_DHKEY_CMPLT */
433 {SMP_START_SEC_CONN_PHASE1, SMP_SM_NO_ACTION,
434 SMP_STATE_SEC_CONN_PHS1_START},
435 /* HAVE_LOC_NONCE */
436 {SMP_PROCESS_LOCAL_NONCE, SMP_SM_NO_ACTION, SMP_STATE_WAIT_COMMITMENT},
437 /* TK_REQ */
438 {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
439 /* SMP_MODEL_SEC_CONN_PASSKEY_DISP model, passkey is sent up to
440 display,*/
441 /* It's time to start commitment calculation */
442 /* KEY_READY */
443 {SMP_START_PASSKEY_VERIFICATION, SMP_SM_NO_ACTION,
444 SMP_STATE_SEC_CONN_PHS1_START},
445 /* PAIR_KEYPR_NOTIF */
446 {SMP_PROCESS_KEYPRESS_NOTIFICATION, SMP_SEND_APP_CBACK,
447 SMP_STATE_SEC_CONN_PHS1_START},
448 /* PAIR_COMMITM */
449 {SMP_PROCESS_PAIRING_COMMITMENT, SMP_SM_NO_ACTION,
450 SMP_STATE_SEC_CONN_PHS1_START},
451 };
452
453 static const uint8_t smp_central_wait_commitment_table[][SMP_SM_NUM_COLS] = {
454 /* Event Action Next State */
455 /* PAIR_COMMITM */
456 {SMP_PROCESS_PAIRING_COMMITMENT, SMP_SEND_RAND, SMP_STATE_WAIT_NONCE},
457 /* PAIR_KEYPR_NOTIF */
458 {SMP_PROCESS_KEYPRESS_NOTIFICATION, SMP_SEND_APP_CBACK,
459 SMP_STATE_WAIT_COMMITMENT},
460 };
461
462 static const uint8_t smp_central_wait_nonce_table[][SMP_SM_NUM_COLS] = {
463 /* Event Action Next State */
464 /* peer nonce is received */
465 /* RAND */
466 {SMP_PROC_RAND, SMP_PROCESS_PEER_NONCE, SMP_STATE_SEC_CONN_PHS2_START},
467 /* NC model, time to calculate number for NC */
468 /* SC_CALC_NC */
469 {SMP_CALCULATE_NUMERIC_COMPARISON_DISPLAY_NUMBER, SMP_SM_NO_ACTION,
470 SMP_STATE_WAIT_NONCE},
471 /* NC model, time to display calculated number for NC to the user */
472 /* SC_DSPL_NC */
473 {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
474 };
475
476 static const uint8_t smp_central_sec_conn_phs2_start_table[][SMP_SM_NUM_COLS] =
477 {
478 /* Event Action Next State */
479 /* SC_PHASE1_CMPLT */
480 {SMP_CALCULATE_LOCAL_DHKEY_CHECK, SMP_SEND_DHKEY_CHECK,
481 SMP_STATE_WAIT_DHK_CHECK},
482 };
483
484 static const uint8_t smp_central_wait_dhk_check_table[][SMP_SM_NUM_COLS] = {
485 /* Event Action Next State */
486 /* PAIR_DHKEY_CHCK */
487 {SMP_PROCESS_DHKEY_CHECK, SMP_CALCULATE_PEER_DHKEY_CHECK,
488 SMP_STATE_DHK_CHECK},
489 };
490
491 static const uint8_t smp_central_dhk_check_table[][SMP_SM_NUM_COLS] = {
492 /* Event Action Next State */
493 /* locally calculated peer dhkey check is ready -> compare it withs DHKey
494 * Check
495 * actually received from peer */
496 /* SC_KEY_READY */
497 {SMP_MATCH_DHKEY_CHECKS, SMP_SM_NO_ACTION, SMP_STATE_DHK_CHECK},
498 /* locally calculated peer dhkey check is ready -> calculate STK, go to
499 * sending
500 */
501 /* HCI LE Start Encryption command */
502 /* ENC_REQ */
503 {SMP_GENERATE_STK, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
504 };
505
506 static const uint8_t smp_central_enc_pending_table[][SMP_SM_NUM_COLS] = {
507 /* Event Action Next State */
508 /* STK ready */
509 /* KEY_READY */
510 {SMP_START_ENC, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
511 /* ENCRYPTED */
512 {SMP_CHECK_AUTH_REQ, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
513 /* BOND_REQ */
514 {SMP_KEY_DISTRIBUTE, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING}};
515 static const uint8_t smp_central_bond_pending_table[][SMP_SM_NUM_COLS] = {
516 /* Event Action Next State */
517 /* ENC_INFO */
518 {SMP_PROC_ENC_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
519 /* ID_INFO */
520 {SMP_PROC_ID_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
521 /* SIGN_INFO */
522 {SMP_PROC_SRK_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
523 /* CENTRAL_ID */
524 {SMP_PROC_CENTRAL_ID, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
525 /* ID_ADDR */
526 {SMP_PROC_ID_ADDR, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
527 /* KEY_READY */
528 /* LTK ready */
529 {SMP_SEND_ENC_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING}};
530
531 static const uint8_t
532 smp_central_create_local_sec_conn_oob_data[][SMP_SM_NUM_COLS] = {
533 /* Event Action Next State */
534 /* LOC_PUBL_KEY_CRTD */
535 {SMP_SET_LOCAL_OOB_KEYS, SMP_SM_NO_ACTION,
536 SMP_STATE_CREATE_LOCAL_SEC_CONN_OOB_DATA},
537 /* HAVE_LOC_NONCE */
538 {SMP_SET_LOCAL_OOB_RAND_COMMITMENT, SMP_SM_NO_ACTION, SMP_STATE_IDLE}};
539
540 /************ SMP Peripheral FSM State/Event Indirection Table **************/
541 static const uint8_t smp_peripheral_entry_map[][SMP_STATE_MAX] = {
542 /* state name: */
543 /* Idle, WaitApp Rsp, SecReq Pend, Pair ReqRsp, Wait Cfm, Confirm, Rand,
544 PublKey Exch, SCPhs1 Strt, Wait Cmtm, Wait Nonce, SCPhs2 Strt, Wait
545 DHKChk, DHKChk, Enc Pend, Bond Pend, CrLocSc OobData */
546 /* PAIR_REQ */
547 {2, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
548 /* PAIR_RSP */
549 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
550 /* CONFIRM */
551 {0, 4, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
552 /* RAND */
553 {0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0},
554 /* PAIR_FAIL */
555 {0, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81,
556 0x81, 0x81, 0, 0},
557 /* ENC_INFO */
558 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0},
559 /* CENTRAL_ID */
560 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5, 0},
561 /* ID_INFO */
562 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4, 0},
563 /* ID_ADDR */
564 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 6, 0},
565 /* SIGN_INFO */
566 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0},
567 /* SEC_REQ */
568 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
569 /* PAIR_PUBLIC_KEY */
570 {0, 0, 0, 5, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0},
571 /* PAIR_DHKEY_CHCK */
572 {0, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 1, 2, 0, 0, 0},
573 /* PAIR_KEYPR_NOTIF */
574 {0, 9, 0, 0, 0, 0, 0, 0, 5, 2, 0, 0, 0, 0, 0, 0, 0},
575 /* PAIR_COMMITM */
576 {0, 8, 0, 0, 0, 0, 0, 0, 6, 1, 0, 0, 0, 0, 0, 0, 0},
577 /* KEY_READY */
578 {0, 3, 0, 3, 2, 2, 1, 0, 4, 0, 0, 0, 0, 0, 2, 1, 0},
579 /* ENC_CMPL */
580 {0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0, 0},
581 /* L2C_CONN */
582 {1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
583 /* L2C_DISC */
584 {0, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83,
585 0x83, 0x83, 0x83, 0},
586 /* IO_RSP */
587 {0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
588 /* SEC_GRANT */
589 {0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
590 /* TK_REQ */
591 {0, 0, 0, 2, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 0},
592 /* AUTH_CMPL */
593 {0, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82,
594 0x82, 0x82, 0x82, 0},
595 /* ENC_REQ */
596 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0},
597 /* BOND_REQ */
598 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4, 0, 0},
599 /* DISCARD_SEC_REQ */
600 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
601 /* PUBL_KEY_EXCH_REQ */
602 {0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
603 /* LOC_PUBL_KEY_CRTD */
604 {0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1},
605 /* BOTH_PUBL_KEYS_RCVD */
606 {0, 0, 0, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 0, 0},
607 /* SC_DHKEY_CMPLT */
608 {0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0},
609 /* HAVE_LOC_NONCE */
610 {0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 2},
611 /* SC_PHASE1_CMPLT */
612 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0},
613 /* SC_CALC_NC */
614 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0},
615 /* SC_DSPL_NC */
616 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0},
617 /* SC_NC_OK */
618 {0, 6, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
619 /* SC_2_DHCK_CHKS_PRES */
620 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0, 0},
621 /* SC_KEY_READY */
622 {0, 7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0},
623 /* KEYPR_NOTIF */
624 {0, 10, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
625 /* SC_OOB_DATA */
626 {0, 11, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
627 /* CR_LOC_SC_OOB_DATA */
628 {3, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
629 };
630
631 static const uint8_t smp_peripheral_idle_table[][SMP_SM_NUM_COLS] = {
632 /* Event Action Next State */
633 /* L2C_CONN */
634 {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
635 /* PAIR_REQ */
636 {SMP_PROC_PAIR_CMD, SMP_SEND_APP_CBACK, SMP_STATE_WAIT_APP_RSP},
637 /* CR_LOC_SC_OOB_DATA */
638 {SMP_CREATE_PRIVATE_KEY, SMP_SM_NO_ACTION,
639 SMP_STATE_CREATE_LOCAL_SEC_CONN_OOB_DATA}};
640
641 static const uint8_t
642 smp_peripheral_wait_for_app_response_table[][SMP_SM_NUM_COLS] = {
643 /* Event Action Next State */
644 /* IO_RSP */
645 {SMP_PROC_IO_RSP, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
646 /* SEC_GRANT */
647 {SMP_PROC_SEC_GRANT, SMP_SEND_APP_CBACK, SMP_STATE_WAIT_APP_RSP},
648
649 /* TK ready */
650 /* KEY_READY */
651 {SMP_PROC_SL_KEY, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
652 /* CONFIRM */
653 {SMP_PROC_CONFIRM, SMP_SM_NO_ACTION, SMP_STATE_CONFIRM},
654 /* DHKey Check from central is received before phase 1 is completed -
655 race */
656 /* PAIR_DHKEY_CHCK */
657 {SMP_PROCESS_DHKEY_CHECK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
658 /* user confirms NC 'OK', i.e. phase 1 is completed */
659 /* SC_NC_OK */
660 {SMP_MOVE_TO_SEC_CONN_PHASE2, SMP_SM_NO_ACTION,
661 SMP_STATE_SEC_CONN_PHS2_START},
662 /* user-provided passkey is rcvd */
663 /* SC_KEY_READY */
664 {SMP_START_PASSKEY_VERIFICATION, SMP_SM_NO_ACTION,
665 SMP_STATE_SEC_CONN_PHS1_START},
666 /* PAIR_COMMITM */
667 {SMP_PROCESS_PAIRING_COMMITMENT, SMP_SM_NO_ACTION,
668 SMP_STATE_WAIT_APP_RSP},
669 /* PAIR_KEYPR_NOTIF */
670 {SMP_PROCESS_KEYPRESS_NOTIFICATION, SMP_SEND_APP_CBACK,
671 SMP_STATE_WAIT_APP_RSP},
672 /* KEYPR_NOTIF */
673 {SMP_SEND_KEYPRESS_NOTIFICATION, SMP_SM_NO_ACTION,
674 SMP_STATE_WAIT_APP_RSP},
675 /* SC_OOB_DATA */
676 {SMP_SEND_PAIR_RSP, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
677 };
678
679 static const uint8_t smp_peripheral_sec_request_table[][SMP_SM_NUM_COLS] = {
680 /* Event Action Next State */
681 /* PAIR_REQ */
682 {SMP_PROC_PAIR_CMD, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
683 /* ENCRYPTED*/
684 {SMP_ENC_CMPL, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
685 };
686
687 static const uint8_t
688 smp_peripheral_pair_request_response_table[][SMP_SM_NUM_COLS] = {
689 /* Event Action Next State */
690 /* CONFIRM */
691 {SMP_PROC_CONFIRM, SMP_SM_NO_ACTION, SMP_STATE_CONFIRM},
692 /* TK_REQ */
693 {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
694
695 /* TK/Confirm ready */
696 /* KEY_READY */
697 {SMP_PROC_SL_KEY, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
698 /* PUBL_KEY_EXCH_REQ */
699 {SMP_CREATE_PRIVATE_KEY, SMP_SM_NO_ACTION, SMP_STATE_PUBLIC_KEY_EXCH},
700 /* PAIR_PUBLIC_KEY */
701 {SMP_PROCESS_PAIR_PUBLIC_KEY, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
702 };
703
704 static const uint8_t smp_peripheral_wait_confirm_table[][SMP_SM_NUM_COLS] = {
705 /* Event Action Next State */
706 /* CONFIRM */
707 {SMP_PROC_CONFIRM, SMP_SEND_CONFIRM, SMP_STATE_CONFIRM},
708 /* KEY_READY*/
709 {SMP_PROC_SL_KEY, SMP_SM_NO_ACTION, SMP_STATE_WAIT_CONFIRM}};
710
711 static const uint8_t smp_peripheral_confirm_table[][SMP_SM_NUM_COLS] = {
712 /* Event Action Next State */
713 /* RAND */
714 {SMP_PROC_RAND, SMP_GENERATE_COMPARE, SMP_STATE_RAND},
715
716 /* TK/Confirm ready */
717 /* KEY_READY*/
718 {SMP_PROC_SL_KEY, SMP_SM_NO_ACTION, SMP_STATE_CONFIRM}};
719
720 static const uint8_t smp_peripheral_rand_table[][SMP_SM_NUM_COLS] = {
721 /* Event Action Next State */
722 /* KEY_READY */
723 {SMP_PROC_COMPARE, SMP_SM_NO_ACTION, SMP_STATE_RAND}, /* compare match */
724 /* RAND */
725 {SMP_SEND_RAND, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING}};
726
727 static const uint8_t smp_peripheral_public_key_exch_table[][SMP_SM_NUM_COLS] = {
728 /* Event Action Next State */
729 /* LOC_PUBL_KEY_CRTD */
730 {SMP_WAIT_FOR_BOTH_PUBLIC_KEYS, SMP_SM_NO_ACTION,
731 SMP_STATE_PUBLIC_KEY_EXCH},
732 /* PAIR_PUBLIC_KEY */
733 {SMP_PROCESS_PAIR_PUBLIC_KEY, SMP_SM_NO_ACTION, SMP_STATE_PUBLIC_KEY_EXCH},
734 /* BOTH_PUBL_KEYS_RCVD */
735 {SMP_HAVE_BOTH_PUBLIC_KEYS, SMP_SM_NO_ACTION,
736 SMP_STATE_SEC_CONN_PHS1_START},
737 };
738
739 static const uint8_t
740 smp_peripheral_sec_conn_phs1_start_table[][SMP_SM_NUM_COLS] = {
741 /* Event Action Next State */
742 /* SC_DHKEY_CMPLT */
743 {SMP_START_SEC_CONN_PHASE1, SMP_SM_NO_ACTION,
744 SMP_STATE_SEC_CONN_PHS1_START},
745 /* HAVE_LOC_NONCE */
746 {SMP_PROCESS_LOCAL_NONCE, SMP_SM_NO_ACTION, SMP_STATE_WAIT_COMMITMENT},
747 /* TK_REQ */
748 {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
749 /* SMP_MODEL_SEC_CONN_PASSKEY_DISP model, passkey is sent up to display,
750 * it's
751 * time to start */
752 /* commitment calculation */
753 /* KEY_READY */
754 {SMP_START_PASSKEY_VERIFICATION, SMP_SM_NO_ACTION,
755 SMP_STATE_SEC_CONN_PHS1_START},
756 /* PAIR_KEYPR_NOTIF */
757 {SMP_PROCESS_KEYPRESS_NOTIFICATION, SMP_SEND_APP_CBACK,
758 SMP_STATE_SEC_CONN_PHS1_START},
759 /*COMMIT*/
760 {SMP_PROCESS_PAIRING_COMMITMENT, SMP_SM_NO_ACTION,
761 SMP_STATE_SEC_CONN_PHS1_START},
762 };
763
764 static const uint8_t smp_peripheral_wait_commitment_table[][SMP_SM_NUM_COLS] = {
765 /* Event Action Next State */
766 /* PAIR_COMMITM */
767 {SMP_PROCESS_PAIRING_COMMITMENT, SMP_SEND_COMMITMENT, SMP_STATE_WAIT_NONCE},
768 /* PAIR_KEYPR_NOTIF */
769 {SMP_PROCESS_KEYPRESS_NOTIFICATION, SMP_SEND_APP_CBACK,
770 SMP_STATE_WAIT_COMMITMENT},
771 };
772
773 static const uint8_t smp_peripheral_wait_nonce_table[][SMP_SM_NUM_COLS] = {
774 /* Event Action Next State */
775 /* peer nonce is received */
776 /* RAND */
777 {SMP_PROC_RAND, SMP_PROCESS_PEER_NONCE, SMP_STATE_SEC_CONN_PHS2_START},
778 /* NC model, time to calculate number for NC */
779 /* SC_CALC_NC */
780 {SMP_CALCULATE_NUMERIC_COMPARISON_DISPLAY_NUMBER, SMP_SM_NO_ACTION,
781 SMP_STATE_WAIT_NONCE},
782 /* NC model, time to display calculated number for NC to the user */
783 /* SC_DSPL_NC */
784 {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
785 };
786
787 static const uint8_t
788 smp_peripheral_sec_conn_phs2_start_table[][SMP_SM_NUM_COLS] = {
789 /* Event Action Next State */
790 /* SC_PHASE1_CMPLT */
791 {SMP_CALCULATE_LOCAL_DHKEY_CHECK, SMP_PH2_DHKEY_CHECKS_ARE_PRESENT,
792 SMP_STATE_WAIT_DHK_CHECK},
793 /* DHKey Check from central is received before peripheral DHKey
794 * calculation is completed - race */
795 /* PAIR_DHKEY_CHCK */
796 {SMP_PROCESS_DHKEY_CHECK, SMP_SM_NO_ACTION,
797 SMP_STATE_SEC_CONN_PHS2_START},
798 };
799
800 static const uint8_t smp_peripheral_wait_dhk_check_table[][SMP_SM_NUM_COLS] = {
801 /* Event Action Next State */
802 /* PAIR_DHKEY_CHCK */
803 {SMP_PROCESS_DHKEY_CHECK, SMP_CALCULATE_PEER_DHKEY_CHECK,
804 SMP_STATE_DHK_CHECK},
805 /* DHKey Check from central was received before peripheral came to this
806 state */
807 /* SC_2_DHCK_CHKS_PRES */
808 {SMP_CALCULATE_PEER_DHKEY_CHECK, SMP_SM_NO_ACTION, SMP_STATE_DHK_CHECK},
809 };
810
811 static const uint8_t smp_peripheral_dhk_check_table[][SMP_SM_NUM_COLS] = {
812 /* Event Action Next State */
813
814 /* locally calculated peer dhkey check is ready -> compare it withs DHKey
815 * Check
816 */
817 /* actually received from peer */
818 /* SC_KEY_READY */
819 {SMP_MATCH_DHKEY_CHECKS, SMP_SM_NO_ACTION, SMP_STATE_DHK_CHECK},
820
821 /* dhkey checks match -> send local dhkey check to central, go to wait for
822 * HCI LE
823 */
824 /* Long Term Key Request Event */
825 /* PAIR_DHKEY_CHCK */
826 {SMP_SEND_DHKEY_CHECK, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
827 };
828
829 static const uint8_t smp_peripheral_enc_pending_table[][SMP_SM_NUM_COLS] = {
830 /* Event Action Next State */
831 /* ENC_REQ */
832 {SMP_GENERATE_STK, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
833
834 /* STK ready */
835 /* KEY_READY */
836 {SMP_SEND_LTK_REPLY, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
837 /* ENCRYPTED */
838 {SMP_CHECK_AUTH_REQ, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
839 /* BOND_REQ */
840 {SMP_KEY_DISTRIBUTE, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING}};
841 static const uint8_t smp_peripheral_bond_pending_table[][SMP_SM_NUM_COLS] = {
842 /* Event Action Next State */
843
844 /* LTK ready */
845 /* KEY_READY */
846 {SMP_SEND_ENC_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
847
848 /* rev SRK */
849 /* SIGN_INFO */
850 {SMP_PROC_SRK_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
851 /* ENC_INFO */
852 {SMP_PROC_ENC_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
853 /* ID_INFO */
854 {SMP_PROC_ID_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
855 /* CENTRAL_ID*/
856 {SMP_PROC_CENTRAL_ID, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
857 /* ID_ADDR */
858 {SMP_PROC_ID_ADDR, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING}
859
860 };
861
862 static const uint8_t
863 smp_peripheral_create_local_sec_conn_oob_data[][SMP_SM_NUM_COLS] = {
864 /* Event Action Next State */
865 /* LOC_PUBL_KEY_CRTD */
866 {SMP_SET_LOCAL_OOB_KEYS, SMP_SM_NO_ACTION,
867 SMP_STATE_CREATE_LOCAL_SEC_CONN_OOB_DATA},
868 /* HAVE_LOC_NONCE */
869 {SMP_SET_LOCAL_OOB_RAND_COMMITMENT, SMP_SM_NO_ACTION, SMP_STATE_IDLE}};
870
871 static const tSMP_SM_TBL smp_state_table[][2] = {
872 /* SMP_STATE_IDLE */
873 {smp_central_idle_table, smp_peripheral_idle_table},
874
875 /* SMP_STATE_WAIT_APP_RSP */
876 {smp_central_wait_for_app_response_table,
877 smp_peripheral_wait_for_app_response_table},
878
879 /* SMP_STATE_SEC_REQ_PENDING */
880 {NULL, smp_peripheral_sec_request_table},
881
882 /* SMP_STATE_PAIR_REQ_RSP */
883 {smp_central_pair_request_response_table,
884 smp_peripheral_pair_request_response_table},
885
886 /* SMP_STATE_WAIT_CONFIRM */
887 {smp_central_wait_for_confirm_table, smp_peripheral_wait_confirm_table},
888
889 /* SMP_STATE_CONFIRM */
890 {smp_central_confirm_table, smp_peripheral_confirm_table},
891
892 /* SMP_STATE_RAND */
893 {smp_central_rand_table, smp_peripheral_rand_table},
894
895 /* SMP_STATE_PUBLIC_KEY_EXCH */
896 {smp_central_public_key_exchange_table,
897 smp_peripheral_public_key_exch_table},
898
899 /* SMP_STATE_SEC_CONN_PHS1_START */
900 {smp_central_sec_conn_phs1_start_table,
901 smp_peripheral_sec_conn_phs1_start_table},
902
903 /* SMP_STATE_WAIT_COMMITMENT */
904 {smp_central_wait_commitment_table, smp_peripheral_wait_commitment_table},
905
906 /* SMP_STATE_WAIT_NONCE */
907 {smp_central_wait_nonce_table, smp_peripheral_wait_nonce_table},
908
909 /* SMP_STATE_SEC_CONN_PHS2_START */
910 {smp_central_sec_conn_phs2_start_table,
911 smp_peripheral_sec_conn_phs2_start_table},
912
913 /* SMP_STATE_WAIT_DHK_CHECK */
914 {smp_central_wait_dhk_check_table, smp_peripheral_wait_dhk_check_table},
915
916 /* SMP_STATE_DHK_CHECK */
917 {smp_central_dhk_check_table, smp_peripheral_dhk_check_table},
918
919 /* SMP_STATE_ENCRYPTION_PENDING */
920 {smp_central_enc_pending_table, smp_peripheral_enc_pending_table},
921
922 /* SMP_STATE_BOND_PENDING */
923 {smp_central_bond_pending_table, smp_peripheral_bond_pending_table},
924
925 /* SMP_STATE_CREATE_LOCAL_SEC_CONN_OOB_DATA */
926 {smp_central_create_local_sec_conn_oob_data,
927 smp_peripheral_create_local_sec_conn_oob_data}};
928
929 typedef const uint8_t (*tSMP_ENTRY_TBL)[SMP_STATE_MAX];
930 static const tSMP_ENTRY_TBL smp_entry_table[] = {smp_central_entry_map,
931 smp_peripheral_entry_map};
932
933 tSMP_CB smp_cb;
934
935 #define SMP_ALL_TBL_MASK 0x80
936
937 /*******************************************************************************
938 * Function smp_set_state
939 * Returns None
940 ******************************************************************************/
smp_set_state(tSMP_STATE state)941 void smp_set_state(tSMP_STATE state) {
942 if (state < SMP_STATE_MAX) {
943 SMP_TRACE_DEBUG("State change: %s(%d) ==> %s(%d)",
944 smp_get_state_name(smp_cb.state), smp_cb.state,
945 smp_get_state_name(state), state);
946 if (smp_cb.state != state) {
947 BTM_LogHistory(
948 kBtmLogTag, smp_cb.pairing_ble_bd_addr, "Security state changed",
949 base::StringPrintf("%s => %s", smp_get_state_name(smp_cb.state),
950 smp_get_state_name(state)));
951 }
952 smp_cb.state = state;
953 } else {
954 SMP_TRACE_DEBUG("smp_set_state invalid state =%d", state);
955 }
956 }
957
958 /*******************************************************************************
959 * Function smp_get_state
960 * Returns The smp state
961 ******************************************************************************/
smp_get_state(void)962 tSMP_STATE smp_get_state(void) { return smp_cb.state; }
963
964 /*******************************************************************************
965 *
966 * Function smp_sm_event
967 *
968 * Description Handle events to the state machine. It looks up the entry
969 * in the smp_entry_table array.
970 * If it is a valid entry, it gets the state table. Set the next
971 * state, if not NULL state. Execute the action function according
972 * to the state table. If the state returned by action function is
973 * not NULL state, adjust the new state to the returned state. If
974 * (api_evt != MAX), call callback function.
975 *
976 * Returns true if the event is executed and a state transition can be
977 * expected, false if the event is ignored, state is invalid, or
978 * the role is invalid for the control block.
979 *
980 ******************************************************************************/
smp_sm_event(tSMP_CB * p_cb,tSMP_EVENT event,tSMP_INT_DATA * p_data)981 bool smp_sm_event(tSMP_CB* p_cb, tSMP_EVENT event, tSMP_INT_DATA* p_data) {
982 uint8_t curr_state = p_cb->state;
983 tSMP_SM_TBL state_table;
984 uint8_t action, entry, i;
985
986 if (p_cb->role >= 2) {
987 SMP_TRACE_DEBUG("Invalid role: %d", p_cb->role);
988 return false;
989 }
990
991 tSMP_ENTRY_TBL entry_table = smp_entry_table[p_cb->role];
992
993 SMP_TRACE_EVENT("main smp_sm_event");
994 if (curr_state >= SMP_STATE_MAX) {
995 SMP_TRACE_DEBUG("Invalid state: %d", curr_state);
996 return false;
997 }
998
999 SMP_TRACE_DEBUG("SMP Role: %s State: [%s (%d)], Event: [%s (%d)]",
1000 (p_cb->role == 0x01) ? "Peripheral" : "Central",
1001 smp_get_state_name(p_cb->state), p_cb->state,
1002 smp_get_event_name(event), event);
1003
1004 /* look up the state table for the current state */
1005 /* lookup entry /w event & curr_state */
1006 /* If entry is ignore, return.
1007 * Otherwise, get state table (according to curr_state or all_state) */
1008 if ((event <= SMP_MAX_EVT) &&
1009 ((entry = entry_table[event - 1][curr_state]) != SMP_SM_IGNORE)) {
1010 if (entry & SMP_ALL_TBL_MASK) {
1011 entry &= ~SMP_ALL_TBL_MASK;
1012 state_table = smp_all_table;
1013 } else
1014 state_table = smp_state_table[curr_state][p_cb->role];
1015 } else {
1016 SMP_TRACE_DEBUG("Ignore event [%s (%d)] in state [%s (%d)]",
1017 smp_get_event_name(event), event,
1018 smp_get_state_name(curr_state), curr_state);
1019 return false;
1020 }
1021
1022 /* Get possible next state from state table. */
1023
1024 smp_set_state(state_table[entry - 1][SMP_SME_NEXT_STATE]);
1025
1026 /* If action is not ignore, clear param, exec action and get next state.
1027 * The action function may set the Param for cback.
1028 * Depending on param, call cback or free buffer. */
1029 /* execute action */
1030 /* execute action functions */
1031 for (i = 0; i < SMP_NUM_ACTIONS; i++) {
1032 action = state_table[entry - 1][i];
1033 if (action != SMP_SM_NO_ACTION) {
1034 (*smp_sm_action[action])(p_cb, p_data);
1035 } else {
1036 break;
1037 }
1038 }
1039 SMP_TRACE_DEBUG("result state = %s", smp_get_state_name(p_cb->state));
1040 return true;
1041 }
1042
1043 /*******************************************************************************
1044 * Function smp_get_state_name
1045 * Returns The smp state name.
1046 ******************************************************************************/
smp_get_state_name(tSMP_STATE state)1047 const char* smp_get_state_name(tSMP_STATE state) {
1048 const char* p_str = smp_state_name[SMP_STATE_MAX];
1049
1050 if (state < SMP_STATE_MAX) {
1051 p_str = smp_state_name[state];
1052 }
1053 return p_str;
1054 }
1055
1056 /*******************************************************************************
1057 * Function smp_get_event_name
1058 * Returns The smp event name.
1059 ******************************************************************************/
smp_get_event_name(tSMP_EVENT event)1060 const char* smp_get_event_name(tSMP_EVENT event) {
1061 const char* p_str = smp_event_name[SMP_MAX_EVT];
1062
1063 if (event <= SMP_MAX_EVT) {
1064 p_str = smp_event_name[event - 1];
1065 }
1066 return p_str;
1067 }
1068