1 /******************************************************************************
2 *
3 * Copyright 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains security manager protocol utility functions
22 *
23 ******************************************************************************/
24 #include <base/functional/bind.h>
25 #include <base/functional/callback.h>
26
27 #include <algorithm>
28 #include <cstring>
29
30 #include "bt_target.h"
31 #include "btm_ble_api.h"
32 #include "btm_ble_int.h"
33 #include "device/include/controller.h"
34 #include "osi/include/osi.h"
35 #include "p_256_ecc_pp.h"
36 #include "smp_int.h"
37 #include "stack/btm/btm_dev.h"
38 #include "stack/btm/btm_sec.h"
39 #include "stack/crypto_toolbox/crypto_toolbox.h"
40 #include "stack/include/acl_api.h"
41 #include "stack/include/bt_octets.h"
42 #include "types/raw_address.h"
43
44 extern tBTM_CB btm_cb; // TODO Remove
45
46 using base::Bind;
47 using crypto_toolbox::aes_128;
48
49 #ifndef SMP_MAX_ENC_REPEAT
50 #define SMP_MAX_ENC_REPEAT 3
51 #endif
52
53 static void smp_process_stk(tSMP_CB* p_cb, Octet16* p);
54 static Octet16 smp_calculate_legacy_short_term_key(tSMP_CB* p_cb);
55 static void smp_process_private_key(tSMP_CB* p_cb);
56
57 #define SMP_PASSKEY_MASK 0xfff00000
58
59 // If there is data saved here, then use its info instead
60 // This needs to be cleared on a successfult pairing using the oob data
61 static tSMP_LOC_OOB_DATA saved_local_oob_data = {};
62
smp_save_local_oob_data(tSMP_CB * p_cb)63 void smp_save_local_oob_data(tSMP_CB* p_cb) {
64 saved_local_oob_data = p_cb->sc_oob_data.loc_oob_data;
65 }
66
smp_clear_local_oob_data()67 void smp_clear_local_oob_data() { saved_local_oob_data = {}; }
68
is_empty(tSMP_LOC_OOB_DATA * data)69 static bool is_empty(tSMP_LOC_OOB_DATA* data) {
70 tSMP_LOC_OOB_DATA empty_data = {};
71 return memcmp(data, &empty_data, sizeof(tSMP_LOC_OOB_DATA)) == 0;
72 }
73
smp_has_local_oob_data()74 bool smp_has_local_oob_data() { return !is_empty(&saved_local_oob_data); }
75
smp_debug_print_nbyte_little_endian(uint8_t * p,const char * key_name,uint8_t len)76 void smp_debug_print_nbyte_little_endian(uint8_t* p, const char* key_name,
77 uint8_t len) {}
78
smp_debug_print_nbyte_little_endian(const Octet16 & p,const char * key_name,uint8_t len)79 inline void smp_debug_print_nbyte_little_endian(const Octet16& p,
80 const char* key_name,
81 uint8_t len) {
82 smp_debug_print_nbyte_little_endian(const_cast<uint8_t*>(p.data()), key_name,
83 len);
84 }
85
smp_debug_print_nbyte_big_endian(uint8_t * p,const char * key_name,uint8_t len)86 void smp_debug_print_nbyte_big_endian(uint8_t* p, const char* key_name,
87 uint8_t len) {}
88
89 /** This function is called to process a passkey. */
smp_proc_passkey(tSMP_CB * p_cb,BT_OCTET8 rand)90 void smp_proc_passkey(tSMP_CB* p_cb, BT_OCTET8 rand) {
91 uint8_t* tt = p_cb->tk.data();
92 uint32_t passkey; /* 19655 test number; */
93 uint8_t* pp = rand;
94
95 SMP_TRACE_DEBUG("%s", __func__);
96 STREAM_TO_UINT32(passkey, pp);
97 passkey &= ~SMP_PASSKEY_MASK;
98
99 /* truncate by maximum value */
100 while (passkey > BTM_MAX_PASSKEY_VAL) passkey >>= 1;
101
102 /* save the TK */
103 p_cb->tk = {0};
104 UINT32_TO_STREAM(tt, passkey);
105
106 if (p_cb->p_callback) {
107 tSMP_EVT_DATA smp_evt_data = {
108 .passkey = passkey,
109 };
110 (*p_cb->p_callback)(SMP_PASSKEY_NOTIF_EVT, p_cb->pairing_bda,
111 &smp_evt_data);
112 }
113
114 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_PASSKEY_DISP) {
115 tSMP_INT_DATA smp_int_data;
116 smp_int_data.passkey = passkey;
117 smp_sm_event(&smp_cb, SMP_KEY_READY_EVT, &smp_int_data);
118 } else {
119 tSMP_KEY key;
120 key.key_type = SMP_KEY_TYPE_TK;
121 key.p_data = p_cb->tk.data();
122 tSMP_INT_DATA smp_int_data;
123 smp_int_data.key = key;
124 smp_sm_event(p_cb, SMP_KEY_READY_EVT, &smp_int_data);
125 }
126 }
127
128 /*******************************************************************************
129 *
130 * Function smp_generate_passkey
131 *
132 * Description This function is called to generate passkey.
133 *
134 * Returns void
135 *
136 ******************************************************************************/
smp_generate_passkey(tSMP_CB * p_cb,UNUSED_ATTR tSMP_INT_DATA * p_data)137 void smp_generate_passkey(tSMP_CB* p_cb, UNUSED_ATTR tSMP_INT_DATA* p_data) {
138 SMP_TRACE_DEBUG("%s", __func__);
139 /* generate MRand or SRand */
140 btsnd_hcic_ble_rand(Bind(&smp_proc_passkey, p_cb));
141 }
142
143 /*******************************************************************************
144 *
145 * Function smp_generate_stk
146 *
147 * Description This function is called to generate STK calculated by
148 * running AES with the TK value as key and a concatenation of
149 * the random values.
150 *
151 * Returns void
152 *
153 ******************************************************************************/
smp_generate_stk(tSMP_CB * p_cb,UNUSED_ATTR tSMP_INT_DATA * p_data)154 void smp_generate_stk(tSMP_CB* p_cb, UNUSED_ATTR tSMP_INT_DATA* p_data) {
155 Octet16 output;
156
157 SMP_TRACE_DEBUG("%s", __func__);
158
159 if (p_cb->le_secure_connections_mode_is_used) {
160 SMP_TRACE_DEBUG("FOR LE SC LTK IS USED INSTEAD OF STK");
161 output = p_cb->ltk;
162 } else {
163 output = smp_calculate_legacy_short_term_key(p_cb);
164 }
165
166 smp_process_stk(p_cb, &output);
167 }
168
169 /**
170 * This function is called to calculate CSRK
171 */
smp_compute_csrk(uint16_t div,tSMP_CB * p_cb)172 void smp_compute_csrk(uint16_t div, tSMP_CB* p_cb) {
173 uint8_t buffer[4]; /* for (r || DIV) r=1*/
174 uint16_t r = 1;
175 uint8_t* p = buffer;
176
177 p_cb->div = div;
178
179 SMP_TRACE_DEBUG("%s: div=%x", __func__, p_cb->div);
180 const Octet16& er = BTM_GetDeviceEncRoot();
181 /* CSRK = d1(ER, DIV, 1) */
182 UINT16_TO_STREAM(p, p_cb->div);
183 UINT16_TO_STREAM(p, r);
184
185 p_cb->csrk = aes_128(er, buffer, 4);
186 smp_send_csrk_info(p_cb, NULL);
187 }
188
189 /**
190 * This function is called to calculate CSRK, starting with DIV generation.
191 */
smp_generate_csrk(tSMP_CB * p_cb,UNUSED_ATTR tSMP_INT_DATA * p_data)192 void smp_generate_csrk(tSMP_CB* p_cb, UNUSED_ATTR tSMP_INT_DATA* p_data) {
193 bool div_status;
194
195 SMP_TRACE_DEBUG("smp_generate_csrk");
196
197 div_status = btm_get_local_div(p_cb->pairing_bda, &p_cb->div);
198 if (div_status) {
199 smp_compute_csrk(p_cb->div, p_cb);
200 } else {
201 SMP_TRACE_DEBUG("Generate DIV for CSRK");
202 btsnd_hcic_ble_rand(Bind(
203 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
204 uint16_t div;
205 STREAM_TO_UINT16(div, rand);
206 smp_compute_csrk(div, p_cb);
207 },
208 p_cb));
209 }
210 }
211
212 /*******************************************************************************
213 * Function smp_concatenate_peer - LSB first
214 * add pairing command sent from local device into p1.
215 ******************************************************************************/
smp_concatenate_local(tSMP_CB * p_cb,uint8_t ** p_data,uint8_t op_code)216 void smp_concatenate_local(tSMP_CB* p_cb, uint8_t** p_data, uint8_t op_code) {
217 uint8_t* p = *p_data;
218
219 SMP_TRACE_DEBUG("%s", __func__);
220 UINT8_TO_STREAM(p, op_code);
221 UINT8_TO_STREAM(p, p_cb->local_io_capability);
222 UINT8_TO_STREAM(p, p_cb->loc_oob_flag);
223 UINT8_TO_STREAM(p, p_cb->loc_auth_req);
224 UINT8_TO_STREAM(p, p_cb->loc_enc_size);
225 UINT8_TO_STREAM(p, p_cb->local_i_key);
226 UINT8_TO_STREAM(p, p_cb->local_r_key);
227
228 *p_data = p;
229 }
230
231 /*******************************************************************************
232 * Function smp_concatenate_peer - LSB first
233 * add pairing command received from peer device into p1.
234 ******************************************************************************/
smp_concatenate_peer(tSMP_CB * p_cb,uint8_t ** p_data,uint8_t op_code)235 void smp_concatenate_peer(tSMP_CB* p_cb, uint8_t** p_data, uint8_t op_code) {
236 uint8_t* p = *p_data;
237
238 SMP_TRACE_DEBUG("smp_concatenate_peer ");
239 UINT8_TO_STREAM(p, op_code);
240 UINT8_TO_STREAM(p, p_cb->peer_io_caps);
241 UINT8_TO_STREAM(p, p_cb->peer_oob_flag);
242 UINT8_TO_STREAM(p, p_cb->peer_auth_req);
243 UINT8_TO_STREAM(p, p_cb->peer_enc_size);
244 UINT8_TO_STREAM(p, p_cb->peer_i_key);
245 UINT8_TO_STREAM(p, p_cb->peer_r_key);
246
247 *p_data = p;
248 }
249
250 /** Generate Confirm/Compare Step1:
251 * p1 = (MSB) pres || preq || rat' || iat' (LSB)
252 * Fill in values LSB first thus
253 * p1 = iat' || rat' || preq || pres
254 */
smp_gen_p1_4_confirm(tSMP_CB * p_cb,tBLE_ADDR_TYPE remote_bd_addr_type)255 Octet16 smp_gen_p1_4_confirm(tSMP_CB* p_cb,
256 tBLE_ADDR_TYPE remote_bd_addr_type) {
257 SMP_TRACE_DEBUG("%s", __func__);
258 Octet16 p1;
259 uint8_t* p = p1.data();
260 if (p_cb->role == HCI_ROLE_CENTRAL) {
261 /* iat': initiator's (local) address type */
262 UINT8_TO_STREAM(p, p_cb->addr_type);
263 /* rat': responder's (remote) address type */
264 UINT8_TO_STREAM(p, remote_bd_addr_type);
265 /* preq : Pairing Request (local) command */
266 smp_concatenate_local(p_cb, &p, SMP_OPCODE_PAIRING_REQ);
267 /* pres : Pairing Response (remote) command */
268 smp_concatenate_peer(p_cb, &p, SMP_OPCODE_PAIRING_RSP);
269 } else {
270 /* iat': initiator's (remote) address type */
271 UINT8_TO_STREAM(p, remote_bd_addr_type);
272 /* rat': responder's (local) address type */
273 UINT8_TO_STREAM(p, p_cb->addr_type);
274 /* preq : Pairing Request (remote) command */
275 smp_concatenate_peer(p_cb, &p, SMP_OPCODE_PAIRING_REQ);
276 /* pres : Pairing Response (local) command */
277 smp_concatenate_local(p_cb, &p, SMP_OPCODE_PAIRING_RSP);
278 }
279 smp_debug_print_nbyte_little_endian(p1, "p1 = iat' || rat' || preq || pres",
280 16);
281
282 return p1;
283 }
284
285 /** Generate Confirm/Compare Step2:
286 * p2 = (MSB) padding || ia || ra (LSB)
287 * Fill values LSB first and thus:
288 * p2 = ra || ia || padding
289 */
smp_gen_p2_4_confirm(tSMP_CB * p_cb,const RawAddress & remote_bda)290 Octet16 smp_gen_p2_4_confirm(tSMP_CB* p_cb, const RawAddress& remote_bda) {
291 SMP_TRACE_DEBUG("%s", __func__);
292 Octet16 p2{0};
293 uint8_t* p = p2.data();
294 /* 32-bit Padding */
295 memset(p, 0, OCTET16_LEN);
296 if (p_cb->role == HCI_ROLE_CENTRAL) {
297 /* ra : Responder's (remote) address */
298 BDADDR_TO_STREAM(p, remote_bda);
299 /* ia : Initiator's (local) address */
300 BDADDR_TO_STREAM(p, p_cb->local_bda);
301 } else {
302 /* ra : Responder's (local) address */
303 BDADDR_TO_STREAM(p, p_cb->local_bda);
304 /* ia : Initiator's (remote) address */
305 BDADDR_TO_STREAM(p, remote_bda);
306 }
307 smp_debug_print_nbyte_little_endian(p2, "p2 = ra || ia || padding", 16);
308 return p2;
309 }
310
311 /*******************************************************************************
312 *
313 * Function smp_calculate_comfirm
314 *
315 * Description This function (c1) is called to calculate Confirm value.
316 *
317 * Returns tSMP_STATUS status of confirmation calculation
318 *
319 ******************************************************************************/
smp_calculate_comfirm(tSMP_CB * p_cb,const Octet16 & rand,Octet16 * output)320 tSMP_STATUS smp_calculate_comfirm(tSMP_CB* p_cb, const Octet16& rand,
321 Octet16* output) {
322 SMP_TRACE_DEBUG("%s", __func__);
323 RawAddress remote_bda;
324 tBLE_ADDR_TYPE remote_bd_addr_type = BLE_ADDR_PUBLIC;
325 /* get remote connection specific bluetooth address */
326 if (!BTM_ReadRemoteConnectionAddr(p_cb->pairing_bda, remote_bda,
327 &remote_bd_addr_type)) {
328 SMP_TRACE_ERROR("%s: cannot obtain remote device address", __func__);
329 return SMP_PAIR_FAIL_UNKNOWN;
330 }
331 /* get local connection specific bluetooth address */
332 BTM_ReadConnectionAddr(p_cb->pairing_bda, p_cb->local_bda, &p_cb->addr_type);
333 /* generate p1 = pres || preq || rat' || iat' */
334 Octet16 p1 = smp_gen_p1_4_confirm(p_cb, remote_bd_addr_type);
335 /* p1' = rand XOR p1 */
336 smp_xor_128(&p1, rand);
337 smp_debug_print_nbyte_little_endian(p1, "p1' = p1 XOR r", 16);
338 /* calculate e1 = e(k, p1'), where k = TK */
339 smp_debug_print_nbyte_little_endian(p_cb->tk.data(), "TK", 16);
340 Octet16 e1 = aes_128(p_cb->tk, p1);
341 smp_debug_print_nbyte_little_endian(e1.data(), "e1 = e(k, p1')", 16);
342 /* generate p2 = padding || ia || ra */
343 Octet16 p2 = smp_gen_p2_4_confirm(p_cb, remote_bda);
344 /* calculate p2' = (p2 XOR e1) */
345 smp_xor_128(&p2, e1);
346 smp_debug_print_nbyte_little_endian(p2, "p2' = p2 XOR e1", 16);
347 /* calculate: c1 = e(k, p2') */
348 *output = aes_128(p_cb->tk, p2);
349 return SMP_SUCCESS;
350 }
351
352 /*******************************************************************************
353 *
354 * Function smp_generate_confirm
355 *
356 * Description This function is called when random number (MRand or SRand)
357 * is generated by the controller and the stack needs to
358 * calculate c1 value (MConfirm or SConfirm) for the first time
359 *
360 * Returns void
361 *
362 ******************************************************************************/
smp_generate_confirm(tSMP_CB * p_cb)363 static void smp_generate_confirm(tSMP_CB* p_cb) {
364 SMP_TRACE_DEBUG("%s", __func__);
365 smp_debug_print_nbyte_little_endian(p_cb->rand.data(), "local_rand", 16);
366 Octet16 output;
367 tSMP_STATUS status = smp_calculate_comfirm(p_cb, p_cb->rand, &output);
368 if (status != SMP_SUCCESS) {
369 tSMP_INT_DATA smp_int_data;
370 smp_int_data.status = status;
371 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
372 return;
373 }
374 tSMP_KEY key;
375 p_cb->confirm = output;
376 smp_debug_print_nbyte_little_endian(p_cb->confirm, "Local Confirm generated",
377 16);
378 key.key_type = SMP_KEY_TYPE_CFM;
379 key.p_data = output.data();
380 tSMP_INT_DATA smp_int_data;
381 smp_int_data.key = key;
382 smp_sm_event(p_cb, SMP_KEY_READY_EVT, &smp_int_data);
383 }
384
385 /*******************************************************************************
386 *
387 * Function smp_generate_srand_mrand_confirm
388 *
389 * Description This function is called to start the second pairing phase by
390 * start generating random number.
391 *
392 *
393 * Returns void
394 *
395 ******************************************************************************/
smp_generate_srand_mrand_confirm(tSMP_CB * p_cb,UNUSED_ATTR tSMP_INT_DATA * p_data)396 void smp_generate_srand_mrand_confirm(tSMP_CB* p_cb,
397 UNUSED_ATTR tSMP_INT_DATA* p_data) {
398 SMP_TRACE_DEBUG("%s", __func__);
399 /* generate MRand or SRand */
400 btsnd_hcic_ble_rand(Bind(
401 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
402 memcpy(p_cb->rand.data(), rand, 8);
403
404 /* generate 64 MSB of MRand or SRand */
405 btsnd_hcic_ble_rand(Bind(
406 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
407 memcpy((void*)&p_cb->rand[8], rand, BT_OCTET8_LEN);
408 smp_generate_confirm(p_cb);
409 },
410 p_cb));
411 },
412 p_cb));
413 }
414
415 /*******************************************************************************
416 *
417 * Function smp_generate_compare
418 *
419 * Description This function is called when random number (MRand or SRand)
420 * is received from remote device and the c1 value (MConfirm
421 * or SConfirm) needs to be generated to authenticate remote
422 * device.
423 *
424 * Returns void
425 *
426 ******************************************************************************/
smp_generate_compare(tSMP_CB * p_cb,UNUSED_ATTR tSMP_INT_DATA * p_data)427 void smp_generate_compare(tSMP_CB* p_cb, UNUSED_ATTR tSMP_INT_DATA* p_data) {
428 SMP_TRACE_DEBUG("smp_generate_compare ");
429 smp_debug_print_nbyte_little_endian(p_cb->rrand, "peer rand", 16);
430 Octet16 output;
431 tSMP_STATUS status = smp_calculate_comfirm(p_cb, p_cb->rrand, &output);
432 if (status != SMP_SUCCESS) {
433 tSMP_INT_DATA smp_int_data;
434 smp_int_data.status = status;
435 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
436 return;
437 }
438 tSMP_KEY key;
439 smp_debug_print_nbyte_little_endian(output.data(), "Remote Confirm generated",
440 16);
441 key.key_type = SMP_KEY_TYPE_CMP;
442 key.p_data = output.data();
443 tSMP_INT_DATA smp_int_data;
444 smp_int_data.key = key;
445 smp_sm_event(p_cb, SMP_KEY_READY_EVT, &smp_int_data);
446 }
447
448 /** This function is called when STK is generated proceed to send the encrypt
449 * the link using STK. */
smp_process_stk(tSMP_CB * p_cb,Octet16 * p)450 static void smp_process_stk(tSMP_CB* p_cb, Octet16* p) {
451 tSMP_KEY key;
452
453 SMP_TRACE_DEBUG("smp_process_stk ");
454 smp_mask_enc_key(p_cb->loc_enc_size, p);
455
456 key.key_type = SMP_KEY_TYPE_STK;
457 key.p_data = p->data();
458
459 tSMP_INT_DATA smp_int_data;
460 smp_int_data.key = key;
461 smp_sm_event(p_cb, SMP_KEY_READY_EVT, &smp_int_data);
462 }
463
464 /** This function calculates EDIV = Y xor DIV */
smp_process_ediv(tSMP_CB * p_cb,Octet16 & p)465 static void smp_process_ediv(tSMP_CB* p_cb, Octet16& p) {
466 tSMP_KEY key;
467 uint8_t* pp = p.data();
468 uint16_t y;
469
470 SMP_TRACE_DEBUG("smp_process_ediv ");
471 STREAM_TO_UINT16(y, pp);
472
473 /* EDIV = Y xor DIV */
474 p_cb->ediv = p_cb->div ^ y;
475 /* send LTK ready */
476 SMP_TRACE_ERROR("LTK ready");
477 key.key_type = SMP_KEY_TYPE_LTK;
478 key.p_data = p.data();
479
480 tSMP_INT_DATA smp_int_data;
481 smp_int_data.key = key;
482 smp_sm_event(p_cb, SMP_KEY_READY_EVT, &smp_int_data);
483 }
484
485 /**
486 * This function is to proceed generate Y = E(DHK, Rand)
487 */
smp_generate_y(tSMP_CB * p_cb,BT_OCTET8 rand)488 static void smp_generate_y(tSMP_CB* p_cb, BT_OCTET8 rand) {
489 SMP_TRACE_DEBUG("%s ", __func__);
490
491 const Octet16& dhk = BTM_GetDeviceDHK();
492
493 memcpy(p_cb->enc_rand, rand, BT_OCTET8_LEN);
494 Octet16 output = aes_128(dhk, rand, BT_OCTET8_LEN);
495 smp_process_ediv(p_cb, output);
496 }
497
498 /**
499 * Calculate LTK = d1(ER, DIV, 0)= e(ER, DIV)
500 */
smp_generate_ltk_cont(uint16_t div,tSMP_CB * p_cb)501 static void smp_generate_ltk_cont(uint16_t div, tSMP_CB* p_cb) {
502 p_cb->div = div;
503
504 SMP_TRACE_DEBUG("%s", __func__);
505 const Octet16& er = BTM_GetDeviceEncRoot();
506
507 /* LTK = d1(ER, DIV, 0)= e(ER, DIV)*/
508 Octet16 ltk = aes_128(er, (uint8_t*)&p_cb->div, sizeof(uint16_t));
509 /* mask the LTK */
510 smp_mask_enc_key(p_cb->loc_enc_size, <k);
511 p_cb->ltk = ltk;
512
513 /* generate EDIV and rand now */
514 btsnd_hcic_ble_rand(Bind(&smp_generate_y, p_cb));
515 }
516
517 /*******************************************************************************
518 *
519 * Function smp_generate_ltk
520 *
521 * Description This function is called:
522 * - in legacy pairing - to calculate LTK, starting with DIV
523 * generation;
524 * - in LE Secure Connections pairing over LE transport - to
525 * process LTK already generated to encrypt LE link;
526 * - in LE Secure Connections pairing over BR/EDR transport -
527 * to start BR/EDR Link Key processing.
528 *
529 * Returns void
530 *
531 ******************************************************************************/
smp_generate_ltk(tSMP_CB * p_cb,UNUSED_ATTR tSMP_INT_DATA * p_data)532 void smp_generate_ltk(tSMP_CB* p_cb, UNUSED_ATTR tSMP_INT_DATA* p_data) {
533 SMP_TRACE_DEBUG("%s", __func__);
534
535 if (smp_get_br_state() == SMP_BR_STATE_BOND_PENDING) {
536 smp_br_process_link_key(p_cb, NULL);
537 return;
538 } else if (p_cb->le_secure_connections_mode_is_used) {
539 smp_process_secure_connection_long_term_key();
540 return;
541 }
542
543 bool div_status = btm_get_local_div(p_cb->pairing_bda, &p_cb->div);
544
545 if (div_status) {
546 smp_generate_ltk_cont(p_cb->div, p_cb);
547 } else {
548 SMP_TRACE_DEBUG("%s: Generate DIV for LTK", __func__);
549
550 /* generate MRand or SRand */
551 btsnd_hcic_ble_rand(Bind(
552 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
553 uint16_t div;
554 STREAM_TO_UINT16(div, rand);
555 smp_generate_ltk_cont(div, p_cb);
556 },
557 p_cb));
558 }
559 }
560
561 /* The function calculates legacy STK */
smp_calculate_legacy_short_term_key(tSMP_CB * p_cb)562 Octet16 smp_calculate_legacy_short_term_key(tSMP_CB* p_cb) {
563 SMP_TRACE_DEBUG("%s", __func__);
564
565 Octet16 text{0};
566 if (p_cb->role == HCI_ROLE_CENTRAL) {
567 memcpy(text.data(), p_cb->rand.data(), BT_OCTET8_LEN);
568 memcpy(text.data() + BT_OCTET8_LEN, p_cb->rrand.data(), BT_OCTET8_LEN);
569 } else {
570 memcpy(text.data(), p_cb->rrand.data(), BT_OCTET8_LEN);
571 memcpy(text.data() + BT_OCTET8_LEN, p_cb->rand.data(), BT_OCTET8_LEN);
572 }
573
574 /* generate STK = Etk(rand|rrand)*/
575 return aes_128(p_cb->tk, text);
576 }
577
578 /*******************************************************************************
579 *
580 * Function smp_create_private_key
581 *
582 * Description This function is called to create private key used to
583 * calculate public key and DHKey.
584 * The function starts private key creation requesting
585 * for the controller to generate [0-7] octets of private key.
586 *
587 * Returns void
588 *
589 ******************************************************************************/
smp_create_private_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)590 void smp_create_private_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
591 SMP_TRACE_DEBUG("%s", __func__);
592
593 // Only use the stored OOB data if we are in an oob association model
594 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) {
595 LOG_WARN("OOB Association Model");
596 // Make sure our data isn't empty, otherwise we generate new and eventually
597 // pairing will fail Not much we can do about it at this point, just have to
598 // generate new data The data will be cleared after the advertiser times
599 // out, so if the advertiser times out we want the pairing to fail anyway.
600 if (!is_empty(&saved_local_oob_data)) {
601 LOG_WARN("Found OOB data, loading keys");
602 for (int i = 0; i < BT_OCTET32_LEN; i++) {
603 p_cb->private_key[i] = saved_local_oob_data.private_key_used[i];
604 p_cb->loc_publ_key.x[i] = saved_local_oob_data.publ_key_used.x[i];
605 p_cb->loc_publ_key.y[i] = saved_local_oob_data.publ_key_used.y[i];
606 }
607 p_cb->sc_oob_data.loc_oob_data = saved_local_oob_data;
608 p_cb->local_random = saved_local_oob_data.randomizer;
609 smp_process_private_key(p_cb);
610 return;
611 }
612 LOG_WARN("OOB Association Model with no saved data present");
613 }
614
615 btsnd_hcic_ble_rand(Bind(
616 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
617 memcpy((void*)p_cb->private_key, rand, BT_OCTET8_LEN);
618 btsnd_hcic_ble_rand(Bind(
619 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
620 memcpy((void*)&p_cb->private_key[8], rand, BT_OCTET8_LEN);
621 btsnd_hcic_ble_rand(Bind(
622 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
623 memcpy((void*)&p_cb->private_key[16], rand, BT_OCTET8_LEN);
624 btsnd_hcic_ble_rand(Bind(
625 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
626 memcpy((void*)&p_cb->private_key[24], rand,
627 BT_OCTET8_LEN);
628 smp_process_private_key(p_cb);
629 },
630 p_cb));
631 },
632 p_cb));
633 },
634 p_cb));
635 },
636 p_cb));
637 }
638
639 /*******************************************************************************
640 *
641 * Function smp_use_oob_private_key
642 *
643 * Description This function is called
644 * - to save the secret key used to calculate the public key
645 * used in calculations of commitment sent OOB to a peer
646 * - to use this secret key to recalculate the public key and
647 * start the process of sending this public key to the peer
648 * if secret/public keys have to be reused.
649 * If the keys aren't supposed to be reused, continue from the
650 * point from which request for OOB data was issued.
651 *
652 * Returns void
653 *
654 ******************************************************************************/
smp_use_oob_private_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)655 void smp_use_oob_private_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
656 LOG_INFO("req_oob_type: %d, role: %d", p_cb->req_oob_type, p_cb->role);
657
658 switch (p_cb->req_oob_type) {
659 case SMP_OOB_BOTH:
660 case SMP_OOB_LOCAL:
661 LOG_INFO("restore secret key");
662 // Only use the stored OOB data if we are in an oob association model
663 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) {
664 LOG_INFO("OOB Association Model");
665 // Make sure our data isn't empty, otherwise we generate new and
666 // eventually pairing will fail Not much we can do about it at this
667 // point, just have to generate new data The data will be cleared after
668 // the advertiser times out, so if the advertiser times out we want the
669 // pairing to fail anyway.
670 if (!is_empty(&saved_local_oob_data)) {
671 LOG_INFO("Found OOB data, loading keys");
672 for (int i = 0; i < BT_OCTET32_LEN; i++) {
673 p_cb->private_key[i] = saved_local_oob_data.private_key_used[i];
674 p_cb->loc_publ_key.x[i] = saved_local_oob_data.publ_key_used.x[i];
675 p_cb->loc_publ_key.y[i] = saved_local_oob_data.publ_key_used.y[i];
676 }
677 p_cb->sc_oob_data.loc_oob_data = saved_local_oob_data;
678 p_cb->local_random = saved_local_oob_data.randomizer;
679 smp_process_private_key(p_cb);
680 return;
681 }
682 LOG_INFO("OOB Association Model with no saved data present");
683 }
684
685 memcpy(p_cb->private_key, p_cb->sc_oob_data.loc_oob_data.private_key_used,
686 BT_OCTET32_LEN);
687 smp_process_private_key(p_cb);
688 break;
689 default:
690 LOG_INFO("create secret key anew");
691 smp_set_state(SMP_STATE_PAIR_REQ_RSP);
692 smp_decide_association_model(p_cb, NULL);
693 break;
694 }
695 }
696
697 /*******************************************************************************
698 *
699 * Function smp_process_private_key
700 *
701 * Description This function processes private key.
702 * It calculates public key and notifies SM that private key /
703 * public key pair is created.
704 *
705 * Returns void
706 *
707 ******************************************************************************/
smp_process_private_key(tSMP_CB * p_cb)708 void smp_process_private_key(tSMP_CB* p_cb) {
709 Point public_key;
710 BT_OCTET32 private_key;
711
712 SMP_TRACE_DEBUG("%s", __func__);
713
714 memcpy(private_key, p_cb->private_key, BT_OCTET32_LEN);
715 ECC_PointMult(&public_key, &(curve_p256.G), (uint32_t*)private_key);
716 memcpy(p_cb->loc_publ_key.x, public_key.x, BT_OCTET32_LEN);
717 memcpy(p_cb->loc_publ_key.y, public_key.y, BT_OCTET32_LEN);
718
719 smp_debug_print_nbyte_little_endian(p_cb->private_key, "private",
720 BT_OCTET32_LEN);
721 smp_debug_print_nbyte_little_endian(p_cb->loc_publ_key.x, "local public(x)",
722 BT_OCTET32_LEN);
723 smp_debug_print_nbyte_little_endian(p_cb->loc_publ_key.y, "local public(y)",
724 BT_OCTET32_LEN);
725 p_cb->flags |= SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY;
726 smp_sm_event(p_cb, SMP_LOC_PUBL_KEY_CRTD_EVT, NULL);
727 }
728
729 /*******************************************************************************
730 *
731 * Function smp_compute_dhkey
732 *
733 * Description The function:
734 * - calculates a new public key using as input local private
735 * key and peer public key;
736 * - saves the new public key x-coordinate as DHKey.
737 *
738 * Returns void
739 *
740 ******************************************************************************/
smp_compute_dhkey(tSMP_CB * p_cb)741 void smp_compute_dhkey(tSMP_CB* p_cb) {
742 Point peer_publ_key, new_publ_key;
743 BT_OCTET32 private_key;
744
745 SMP_TRACE_DEBUG("%s", __func__);
746
747 memcpy(private_key, p_cb->private_key, BT_OCTET32_LEN);
748 memcpy(peer_publ_key.x, p_cb->peer_publ_key.x, BT_OCTET32_LEN);
749 memcpy(peer_publ_key.y, p_cb->peer_publ_key.y, BT_OCTET32_LEN);
750
751 ECC_PointMult(&new_publ_key, &peer_publ_key, (uint32_t*)private_key);
752
753 memcpy(p_cb->dhkey, new_publ_key.x, BT_OCTET32_LEN);
754
755 smp_debug_print_nbyte_little_endian(p_cb->dhkey, "Old DHKey", BT_OCTET32_LEN);
756
757 smp_debug_print_nbyte_little_endian(p_cb->private_key, "private",
758 BT_OCTET32_LEN);
759 smp_debug_print_nbyte_little_endian(p_cb->peer_publ_key.x, "rem public(x)",
760 BT_OCTET32_LEN);
761 smp_debug_print_nbyte_little_endian(p_cb->peer_publ_key.y, "rem public(y)",
762 BT_OCTET32_LEN);
763 smp_debug_print_nbyte_little_endian(p_cb->dhkey, "Reverted DHKey",
764 BT_OCTET32_LEN);
765 }
766
767 /** The function calculates and saves local commmitment in CB. */
smp_calculate_local_commitment(tSMP_CB * p_cb)768 void smp_calculate_local_commitment(tSMP_CB* p_cb) {
769 uint8_t random_input;
770
771 SMP_TRACE_DEBUG("%s", __func__);
772
773 switch (p_cb->selected_association_model) {
774 case SMP_MODEL_SEC_CONN_JUSTWORKS:
775 case SMP_MODEL_SEC_CONN_NUM_COMP:
776 if (p_cb->role == HCI_ROLE_CENTRAL)
777 SMP_TRACE_WARNING(
778 "local commitment calc on central is not expected "
779 "for Just Works/Numeric Comparison models");
780 p_cb->commitment = crypto_toolbox::f4(
781 p_cb->loc_publ_key.x, p_cb->peer_publ_key.x, p_cb->rand, 0);
782 break;
783 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
784 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
785 random_input =
786 smp_calculate_random_input(p_cb->local_random.data(), p_cb->round);
787 p_cb->commitment =
788 crypto_toolbox::f4(p_cb->loc_publ_key.x, p_cb->peer_publ_key.x,
789 p_cb->rand, random_input);
790 break;
791 case SMP_MODEL_SEC_CONN_OOB:
792 SMP_TRACE_WARNING(
793 "local commitment calc is expected for OOB model BEFORE pairing");
794 p_cb->commitment = crypto_toolbox::f4(
795 p_cb->loc_publ_key.x, p_cb->loc_publ_key.x, p_cb->local_random, 0);
796 break;
797 default:
798 SMP_TRACE_ERROR("Association Model = %d is not used in LE SC",
799 p_cb->selected_association_model);
800 return;
801 }
802
803 SMP_TRACE_EVENT("local commitment calculation is completed");
804 }
805
806 /** The function calculates peer commmitment */
smp_calculate_peer_commitment(tSMP_CB * p_cb)807 Octet16 smp_calculate_peer_commitment(tSMP_CB* p_cb) {
808 uint8_t ri;
809
810 SMP_TRACE_DEBUG("%s", __func__);
811 Octet16 output{0};
812 switch (p_cb->selected_association_model) {
813 case SMP_MODEL_SEC_CONN_JUSTWORKS:
814 case SMP_MODEL_SEC_CONN_NUM_COMP:
815 if (p_cb->role == HCI_ROLE_PERIPHERAL)
816 SMP_TRACE_WARNING(
817 "peer commitment calc on peripheral is not expected "
818 "for Just Works/Numeric Comparison models");
819 output = crypto_toolbox::f4(p_cb->peer_publ_key.x, p_cb->loc_publ_key.x,
820 p_cb->rrand, 0);
821 break;
822 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
823 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
824 ri = smp_calculate_random_input(p_cb->peer_random.data(), p_cb->round);
825 output = crypto_toolbox::f4(p_cb->peer_publ_key.x, p_cb->loc_publ_key.x,
826 p_cb->rrand, ri);
827 break;
828 case SMP_MODEL_SEC_CONN_OOB:
829 output = crypto_toolbox::f4(p_cb->peer_publ_key.x, p_cb->peer_publ_key.x,
830 p_cb->peer_random, 0);
831 break;
832 default:
833 SMP_TRACE_ERROR("Association Model = %d is not used in LE SC",
834 p_cb->selected_association_model);
835 return output;
836 }
837
838 SMP_TRACE_EVENT("peer commitment calculation is completed");
839 return output;
840 }
841
842 /*******************************************************************************
843 *
844 * Function smp_calculate_numeric_comparison_display_number
845 *
846 * Description The function calculates and saves number to display in
847 * numeric comparison association mode.
848 *
849 * Returns void
850 *
851 ******************************************************************************/
smp_calculate_numeric_comparison_display_number(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)852 void smp_calculate_numeric_comparison_display_number(tSMP_CB* p_cb,
853 tSMP_INT_DATA* p_data) {
854 SMP_TRACE_DEBUG("%s", __func__);
855
856 if (p_cb->role == HCI_ROLE_CENTRAL) {
857 p_cb->number_to_display = crypto_toolbox::g2(
858 p_cb->loc_publ_key.x, p_cb->peer_publ_key.x, p_cb->rand, p_cb->rrand);
859 } else {
860 p_cb->number_to_display = crypto_toolbox::g2(
861 p_cb->peer_publ_key.x, p_cb->loc_publ_key.x, p_cb->rrand, p_cb->rand);
862 }
863
864 if (p_cb->number_to_display >= (BTM_MAX_PASSKEY_VAL + 1)) {
865 tSMP_INT_DATA smp_int_data;
866 smp_int_data.status = SMP_PAIR_FAIL_UNKNOWN;
867 p_cb->failure = SMP_PAIR_FAIL_UNKNOWN;
868 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
869 return;
870 }
871
872 SMP_TRACE_EVENT("Number to display in numeric comparison = %d",
873 p_cb->number_to_display);
874 p_cb->cb_evt = SMP_NC_REQ_EVT;
875 tSMP_INT_DATA smp_int_data;
876 smp_int_data.passkey = p_cb->number_to_display;
877 smp_sm_event(p_cb, SMP_SC_DSPL_NC_EVT, &smp_int_data);
878 return;
879 }
880
881 /*******************************************************************************
882 *
883 * Function smp_calculate_local_dhkey_check
884 *
885 * Description The function calculates and saves local device DHKey check
886 * value in CB.
887 * Before doing this it calls
888 * smp_calculate_f5_mackey_and_long_term_key(...).
889 * to calculate MacKey and LTK.
890 * MacKey is used in dhkey calculation.
891 *
892 * Returns void
893 *
894 ******************************************************************************/
smp_calculate_local_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)895 void smp_calculate_local_dhkey_check(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
896 uint8_t iocap[3], a[7], b[7];
897
898 SMP_TRACE_DEBUG("%s", __func__);
899
900 smp_calculate_f5_mackey_and_long_term_key(p_cb);
901
902 smp_collect_local_io_capabilities(iocap, p_cb);
903
904 smp_collect_local_ble_address(a, p_cb);
905 smp_collect_peer_ble_address(b, p_cb);
906 p_cb->dhkey_check = crypto_toolbox::f6(p_cb->mac_key, p_cb->rand, p_cb->rrand,
907 p_cb->peer_random, iocap, a, b);
908
909 SMP_TRACE_EVENT("local DHKey check calculation is completed");
910 }
911
912 /*******************************************************************************
913 *
914 * Function smp_calculate_peer_dhkey_check
915 *
916 * Description The function calculates peer device DHKey check value.
917 *
918 * Returns void
919 *
920 ******************************************************************************/
smp_calculate_peer_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)921 void smp_calculate_peer_dhkey_check(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
922 uint8_t iocap[3], a[7], b[7];
923 tSMP_KEY key;
924
925 SMP_TRACE_DEBUG("%s", __func__);
926
927 smp_collect_peer_io_capabilities(iocap, p_cb);
928
929 smp_collect_local_ble_address(a, p_cb);
930 smp_collect_peer_ble_address(b, p_cb);
931 Octet16 param_buf = crypto_toolbox::f6(p_cb->mac_key, p_cb->rrand, p_cb->rand,
932 p_cb->local_random, iocap, b, a);
933
934 SMP_TRACE_EVENT("peer DHKey check calculation is completed");
935 key.key_type = SMP_KEY_TYPE_PEER_DHK_CHCK;
936 key.p_data = param_buf.data();
937 tSMP_INT_DATA smp_int_data;
938 smp_int_data.key = key;
939 smp_sm_event(p_cb, SMP_SC_KEY_READY_EVT, &smp_int_data);
940 }
941
942 /*******************************************************************************
943 *
944 * Function smp_calculate_link_key_from_long_term_key
945 *
946 * Description The function calculates and saves BR/EDR link key derived
947 * from LE SC LTK.
948 *
949 * Returns false if out of resources, true in other cases.
950 *
951 ******************************************************************************/
smp_calculate_link_key_from_long_term_key(tSMP_CB * p_cb)952 bool smp_calculate_link_key_from_long_term_key(tSMP_CB* p_cb) {
953 tBTM_SEC_DEV_REC* p_dev_rec;
954 RawAddress bda_for_lk;
955 tBLE_ADDR_TYPE conn_addr_type;
956
957 SMP_TRACE_DEBUG("%s", __func__);
958
959 if (p_cb->id_addr_rcvd && p_cb->id_addr_type == BLE_ADDR_PUBLIC) {
960 SMP_TRACE_DEBUG(
961 "Use rcvd identity address as BD_ADDR of LK rcvd identity address");
962 bda_for_lk = p_cb->id_addr;
963 } else if ((BTM_ReadRemoteConnectionAddr(p_cb->pairing_bda, bda_for_lk,
964 &conn_addr_type)) &&
965 conn_addr_type == BLE_ADDR_PUBLIC) {
966 SMP_TRACE_DEBUG("Use rcvd connection address as BD_ADDR of LK");
967 } else {
968 SMP_TRACE_WARNING("Don't have peer public address to associate with LK");
969 return false;
970 }
971
972 p_dev_rec = btm_find_dev(p_cb->pairing_bda);
973 if (p_dev_rec == NULL) {
974 SMP_TRACE_ERROR("%s failed to find Security Record", __func__);
975 return false;
976 }
977
978 Octet16 link_key =
979 crypto_toolbox::ltk_to_link_key(p_cb->ltk, p_cb->key_derivation_h7_used);
980
981 uint8_t link_key_type;
982 if (btm_cb.security_mode == BTM_SEC_MODE_SC) {
983 /* Secure Connections Only Mode */
984 link_key_type = BTM_LKEY_TYPE_AUTH_COMB_P_256;
985 } else if (controller_get_interface()->supports_secure_connections()) {
986 /* both transports are SC capable */
987 if (p_cb->sec_level == SMP_SEC_AUTHENTICATED)
988 link_key_type = BTM_LKEY_TYPE_AUTH_COMB_P_256;
989 else
990 link_key_type = BTM_LKEY_TYPE_UNAUTH_COMB_P_256;
991 } else if (btm_cb.security_mode == BTM_SEC_MODE_SP) {
992 /* BR/EDR transport is SSP capable */
993 if (p_cb->sec_level == SMP_SEC_AUTHENTICATED)
994 link_key_type = BTM_LKEY_TYPE_AUTH_COMB;
995 else
996 link_key_type = BTM_LKEY_TYPE_UNAUTH_COMB;
997 } else {
998 SMP_TRACE_ERROR("%s failed to update link_key. Sec Mode = %d, sm4 = 0x%02x",
999 __func__, btm_cb.security_mode, p_dev_rec->sm4);
1000 return false;
1001 }
1002
1003 link_key_type += BTM_LTK_DERIVED_LKEY_OFFSET;
1004
1005 Octet16 notif_link_key;
1006 std::reverse_copy(link_key.begin(), link_key.end(), notif_link_key.begin());
1007 btm_sec_link_key_notification(bda_for_lk, notif_link_key, link_key_type);
1008
1009 SMP_TRACE_EVENT("%s is completed", __func__);
1010
1011 return true;
1012 }
1013
1014 /** The function calculates and saves SC LTK derived from BR/EDR link key. */
smp_calculate_long_term_key_from_link_key(tSMP_CB * p_cb)1015 bool smp_calculate_long_term_key_from_link_key(tSMP_CB* p_cb) {
1016 tBTM_SEC_DEV_REC* p_dev_rec;
1017
1018 SMP_TRACE_DEBUG("%s", __func__);
1019
1020 p_dev_rec = btm_find_dev(p_cb->pairing_bda);
1021 if (p_dev_rec == NULL) {
1022 SMP_TRACE_ERROR("%s failed to find Security Record", __func__);
1023 return false;
1024 }
1025
1026 uint8_t br_link_key_type;
1027 br_link_key_type = BTM_SecGetDeviceLinkKeyType(p_cb->pairing_bda);
1028 if (br_link_key_type == BTM_LKEY_TYPE_IGNORE) {
1029 SMP_TRACE_ERROR("%s failed to retrieve BR link type", __func__);
1030 return false;
1031 }
1032
1033 if ((br_link_key_type != BTM_LKEY_TYPE_AUTH_COMB_P_256) &&
1034 (br_link_key_type != BTM_LKEY_TYPE_UNAUTH_COMB_P_256)) {
1035 SMP_TRACE_ERROR("%s LE SC LTK can't be derived from LK %d", __func__,
1036 br_link_key_type);
1037 return false;
1038 }
1039
1040 Octet16 rev_link_key;
1041 std::reverse_copy(p_dev_rec->link_key.begin(), p_dev_rec->link_key.end(),
1042 rev_link_key.begin());
1043 p_cb->ltk = crypto_toolbox::link_key_to_ltk(rev_link_key,
1044 p_cb->key_derivation_h7_used);
1045
1046 p_cb->sec_level = (br_link_key_type == BTM_LKEY_TYPE_AUTH_COMB_P_256)
1047 ? SMP_SEC_AUTHENTICATED
1048 : SMP_SEC_UNAUTHENTICATE;
1049 SMP_TRACE_EVENT("%s is completed", __func__);
1050 return true;
1051 }
1052
1053 /**
1054 * This function generates nonce.
1055 */
smp_start_nonce_generation(tSMP_CB * p_cb)1056 void smp_start_nonce_generation(tSMP_CB* p_cb) {
1057 SMP_TRACE_DEBUG("%s", __func__);
1058 btsnd_hcic_ble_rand(Bind(
1059 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
1060 memcpy(p_cb->rand.data(), rand, BT_OCTET8_LEN);
1061 btsnd_hcic_ble_rand(Bind(
1062 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
1063 memcpy(p_cb->rand.data() + 8, rand, BT_OCTET8_LEN);
1064 SMP_TRACE_DEBUG("%s round %d", __func__, p_cb->round);
1065 /* notifies SM that it has new nonce. */
1066 smp_sm_event(p_cb, SMP_HAVE_LOC_NONCE_EVT, NULL);
1067 },
1068 p_cb));
1069 },
1070 p_cb));
1071 }
1072