1 /****************************************************************************** 2 * 3 * Copyright 2023 The Android Open Source Project 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19 #pragma once 20 21 #include <base/functional/callback.h> 22 #include <bluetooth/log.h> 23 24 #include <cstdint> 25 26 #include "bta/include/bta_api_data_types.h" 27 #include "include/hardware/bluetooth.h" 28 #include "stack/include/bt_device_type.h" 29 #include "stack/include/bt_name.h" 30 #include "stack/include/bt_octets.h" 31 #include "stack/include/btm_ble_sec_api_types.h" 32 #include "stack/include/btm_sec_api_types.h" 33 #include "stack/include/hci_error_code.h" 34 #include "types/raw_address.h" 35 36 /* Security Setting Mask */ 37 #define BTA_SEC_AUTHENTICATE \ 38 (BTM_SEC_IN_AUTHENTICATE | BTM_SEC_OUT_AUTHENTICATE) /* Authentication required. */ 39 #define BTA_SEC_ENCRYPT (BTM_SEC_IN_ENCRYPT | BTM_SEC_OUT_ENCRYPT) /* Encryption required. */ 40 41 typedef uint16_t tBTA_SEC; 42 43 typedef enum : uint8_t { 44 /* Security Callback Events */ 45 BTA_DM_PIN_REQ_EVT = 2, /* PIN request. */ 46 BTA_DM_AUTH_CMPL_EVT = 3, /* Authentication complete indication. */ 47 BTA_DM_AUTHORIZE_EVT = 4, /* Authorization request. */ 48 BTA_DM_BOND_CANCEL_CMPL_EVT = 9, /* Bond cancel complete indication */ 49 BTA_DM_SP_CFM_REQ_EVT = 10, /* Simple Pairing User Confirmation request */ 50 BTA_DM_SP_KEY_NOTIF_EVT = 11, /* Simple Pairing Passkey Notification */ 51 BTA_DM_BLE_KEY_EVT = 15, /* BLE SMP key event for peer device keys */ 52 BTA_DM_BLE_SEC_REQ_EVT = 16, /* BLE SMP security request */ 53 BTA_DM_BLE_PASSKEY_NOTIF_EVT = 17, /* SMP passkey notification event */ 54 BTA_DM_BLE_PASSKEY_REQ_EVT = 18, /* SMP passkey request event */ 55 BTA_DM_BLE_OOB_REQ_EVT = 19, /* SMP OOB request event */ 56 BTA_DM_BLE_LOCAL_IR_EVT = 20, /* BLE local IR event */ 57 BTA_DM_BLE_LOCAL_ER_EVT = 21, /* BLE local ER event */ 58 BTA_DM_BLE_NC_REQ_EVT = 22, /* SMP Numeric Comparison request event */ 59 BTA_DM_SP_RMT_OOB_EXT_EVT = 23, /* Simple Pairing Remote OOB Extended Data request. */ 60 BTA_DM_BLE_AUTH_CMPL_EVT = 24, /* BLE Auth complete */ 61 BTA_DM_DEV_UNPAIRED_EVT = 25, 62 BTA_DM_ENER_INFO_READ = 28, /* Energy info read */ 63 BTA_DM_BLE_SC_OOB_REQ_EVT = 29, /* SMP SC OOB request event */ 64 BTA_DM_BLE_CONSENT_REQ_EVT = 30, /* SMP consent request event */ 65 BTA_DM_BLE_SC_CR_LOC_OOB_EVT = 31, /* SMP SC Create Local OOB request event */ 66 BTA_DM_REPORT_BONDING_EVT = 32, /*handle for pin or key missing*/ 67 BTA_DM_LE_ADDR_ASSOC_EVT = 33, /* identity address association event */ 68 BTA_DM_SIRK_VERIFICATION_REQ_EVT = 35, 69 BTA_DM_KEY_MISSING_EVT = 36, 70 BTA_DM_ENCRYPTION_CHANGE_EVT = 37, 71 } tBTA_DM_SEC_EVT; 72 73 /* Structure associated with BTA_DM_PIN_REQ_EVT */ 74 typedef struct { 75 /* Note: First 3 data members must be, bd_addr, dev_class, and bd_name in 76 * order */ 77 RawAddress bd_addr; /* BD address peer device. */ 78 DEV_CLASS dev_class; /* Class of Device */ 79 BD_NAME bd_name; /* Name of peer device. */ 80 81 bool min_16_digit; /* true if the pin returned must be at least 16 digits */ 82 } tBTA_DM_PIN_REQ; 83 84 /* BLE related definition */ 85 86 #define BTA_DM_AUTH_FAIL_BASE (HCI_ERR_MAX_ERR + 10) 87 88 /* Converts SMP error codes defined in smp_api.h to SMP auth fail reasons below. 89 */ 90 #define BTA_DM_AUTH_CONVERT_SMP_CODE(x) (BTA_DM_AUTH_FAIL_BASE + (x)) 91 92 #define BTA_DM_AUTH_SMP_PAIR_AUTH_FAIL (BTA_DM_AUTH_FAIL_BASE + SMP_PAIR_AUTH_FAIL) 93 #define BTA_DM_AUTH_SMP_CONFIRM_VALUE_FAIL (BTA_DM_AUTH_FAIL_BASE + SMP_CONFIRM_VALUE_ERR) 94 #define BTA_DM_AUTH_SMP_PAIR_NOT_SUPPORT (BTA_DM_AUTH_FAIL_BASE + SMP_PAIR_NOT_SUPPORT) 95 #define BTA_DM_AUTH_SMP_UNKNOWN_ERR (BTA_DM_AUTH_FAIL_BASE + SMP_PAIR_FAIL_UNKNOWN) 96 #define BTA_DM_AUTH_SMP_CONN_TOUT (BTA_DM_AUTH_FAIL_BASE + SMP_CONN_TOUT) 97 98 typedef uint8_t tBTA_LE_KEY_TYPE; /* can be used as a bit mask */ 99 100 typedef union { 101 tBTM_LE_PENC_KEYS penc_key; /* received peer encryption key */ 102 tBTM_LE_PCSRK_KEYS psrk_key; /* received peer device SRK */ 103 tBTM_LE_PID_KEYS pid_key; /* peer device ID key */ 104 tBTM_LE_LENC_KEYS lenc_key; /* local encryption reproduction keys LTK = = d1(ER,DIV,0)*/ 105 tBTM_LE_LCSRK_KEYS lcsrk_key; /* local device CSRK = d1(ER,DIV,1)*/ 106 tBTM_LE_PID_KEYS lid_key; /* local device ID key for the particular remote */ 107 } tBTA_LE_KEY_VALUE; 108 109 #define BTA_BLE_LOCAL_KEY_TYPE_ID 1 110 #define BTA_BLE_LOCAL_KEY_TYPE_ER 2 111 typedef uint8_t tBTA_DM_BLE_LOCAL_KEY_MASK; 112 113 typedef struct { 114 Octet16 ir; 115 Octet16 irk; 116 Octet16 dhk; 117 } tBTA_BLE_LOCAL_ID_KEYS; 118 119 enum class tBTA_DM_BLE_SEC_GRANT { 120 BTA_DM_SEC_GRANTED = BTA_SUCCESS, 121 BTA_DM_SEC_PAIR_NOT_SPT = BTA_DM_AUTH_SMP_PAIR_NOT_SUPPORT 122 }; 123 124 /* Structure associated with BTA_DM_BLE_SEC_REQ_EVT */ 125 typedef struct { 126 /* Note: First 3 data members must be, bd_addr, dev_class, and bd_name in 127 * order */ 128 RawAddress bd_addr; /* peer address */ 129 DEV_CLASS dev_class; 130 BD_NAME bd_name; /* peer device name */ 131 } tBTA_DM_BLE_SEC_REQ; 132 133 typedef struct { 134 RawAddress bd_addr; /* peer address */ 135 tBTM_LE_KEY_TYPE key_type; 136 tBTM_LE_KEY_VALUE* p_key_value; 137 } tBTA_DM_BLE_KEY; 138 139 /* Structure associated with BTA_DM_AUTH_CMPL_EVT */ 140 typedef struct { 141 RawAddress bd_addr; /* BD address peer device. */ 142 BD_NAME bd_name; /* Name of peer device. */ 143 bool key_present; /* Valid link key value in key element */ 144 LinkKey key; /* Link key associated with peer device. */ 145 uint8_t key_type; /* The type of Link Key */ 146 bool success; /* true of authentication succeeded, false if failed. */ 147 tHCI_REASON fail_reason; /* The HCI reason/error code for when success=false */ 148 tBLE_ADDR_TYPE addr_type; /* Peer device address type */ 149 tBT_DEVICE_TYPE dev_type; 150 bool is_ctkd; /* True if key is derived using CTKD procedure */ 151 } tBTA_DM_AUTH_CMPL; 152 153 /* Structure associated with BTA_DM_DEV_UNPAIRED_EVT */ 154 typedef struct { 155 RawAddress bd_addr; /* BD address peer device. */ 156 tBT_TRANSPORT transport_link_type; 157 } tBTA_DM_UNPAIR; 158 159 #define BTA_AUTH_SP_YES \ 160 BTM_AUTH_SP_YES /* 1 MITM Protection Required - Single Profile/non-bonding \ 161 Use IO Capabilities to determine authentication procedure \ 162 */ 163 164 #define BTA_AUTH_DD_BOND BTM_AUTH_DD_BOND /* 2 this bit is set for dedicated bonding */ 165 #define BTA_AUTH_GEN_BOND BTM_AUTH_SPGB_NO /* 4 this bit is set for general bonding */ 166 #define BTA_AUTH_BONDS BTM_AUTH_BONDS /* 6 the general/dedicated bonding bits */ 167 168 #define BTA_LE_AUTH_REQ_SC_MITM_BOND BTM_LE_AUTH_REQ_SC_MITM_BOND /* 1101 */ 169 170 /* Structure associated with BTA_DM_SP_CFM_REQ_EVT */ 171 typedef struct { 172 /* Note: First 3 data members must be, bd_addr, dev_class, and bd_name in 173 * order */ 174 RawAddress bd_addr; /* peer address */ 175 DEV_CLASS dev_class; /* peer CoD */ 176 BD_NAME bd_name; /* peer device name */ 177 178 uint32_t num_val; /* the numeric value for comparison. If just_works, do not 179 show this number to UI */ 180 bool just_works; /* true, if "Just Works" association model */ 181 tBTM_AUTH_REQ loc_auth_req; /* Authentication required for local device */ 182 tBTM_AUTH_REQ rmt_auth_req; /* Authentication required for peer device */ 183 tBTM_IO_CAP loc_io_caps; /* IO Capabilities of local device */ 184 tBTM_IO_CAP rmt_io_caps; // IO Capabilities of remote device 185 } tBTA_DM_SP_CFM_REQ; 186 187 /* Structure associated with BTA_DM_SP_KEY_NOTIF_EVT */ 188 typedef struct { 189 /* Note: First 3 data members must be, bd_addr, dev_class, and bd_name in 190 * order */ 191 RawAddress bd_addr; /* peer address */ 192 DEV_CLASS dev_class; /* peer CoD */ 193 BD_NAME bd_name; /* peer device name */ 194 195 uint32_t passkey; /* the numeric value for comparison. If just_works, do not 196 show this number to UI */ 197 } tBTA_DM_SP_KEY_NOTIF; 198 199 /* Structure associated with BTA_DM_SP_RMT_OOB_EVT */ 200 typedef struct { 201 /* Note: First 3 data members must be, bd_addr, dev_class, and bd_name in 202 * order */ 203 RawAddress bd_addr; /* peer address */ 204 DEV_CLASS dev_class; /* peer CoD */ 205 BD_NAME bd_name; /* peer device name */ 206 } tBTA_DM_SP_RMT_OOB; 207 208 /* Structure associated with BTA_DM_BOND_CANCEL_CMPL_EVT */ 209 typedef struct { 210 tBTA_STATUS result; /* true of bond cancel succeeded, false if failed. */ 211 } tBTA_DM_BOND_CANCEL_CMPL; 212 213 /* Add to remove bond of key missing RC */ 214 typedef struct { 215 RawAddress bd_addr; 216 } tBTA_DM_RC_UNPAIR; 217 218 typedef struct { 219 Octet16 local_oob_c; /* Local OOB Data Confirmation/Commitment */ 220 Octet16 local_oob_r; /* Local OOB Data Randomizer */ 221 } tBTA_DM_LOC_OOB_DATA; 222 223 /* Union of all security callback structures */ 224 typedef union { 225 tBTA_DM_PIN_REQ pin_req; /* PIN request. */ 226 tBTA_DM_AUTH_CMPL auth_cmpl; /* Authentication complete indication. */ 227 tBTA_DM_UNPAIR dev_unpair; /* Remove bonding complete indication */ 228 tBTA_DM_SP_CFM_REQ cfm_req; /* user confirm request */ 229 tBTA_DM_SP_KEY_NOTIF key_notif; /* passkey notification */ 230 tBTA_DM_SP_RMT_OOB rmt_oob; /* remote oob */ 231 tBTA_DM_BOND_CANCEL_CMPL bond_cancel_cmpl; /* Bond Cancel Complete indication */ 232 tBTA_DM_BLE_SEC_REQ ble_req; /* BLE SMP related request */ 233 tBTA_DM_BLE_KEY ble_key; /* BLE SMP keys used when pairing */ 234 tBTA_BLE_LOCAL_ID_KEYS ble_id_keys; /* IR event */ 235 Octet16 ble_er; /* ER event data */ 236 tBTA_DM_LOC_OOB_DATA local_oob_data; /* Local OOB data generated by us */ 237 tBTA_DM_RC_UNPAIR delete_key_RC_to_unpair; 238 tBTA_DM_PROC_ID_ADDR proc_id_addr; /* Identity address event */ 239 tBTA_DM_KEY_MISSING key_missing; 240 bt_encryption_change_evt encryption_change; 241 } tBTA_DM_SEC; 242 243 /* Security callback */ 244 typedef void(tBTA_DM_SEC_CBACK)(tBTA_DM_SEC_EVT event, tBTA_DM_SEC* p_data); 245 246 /* Encryption callback*/ 247 typedef void(tBTA_DM_ENCRYPT_CBACK)(const RawAddress& bd_addr, tBT_TRANSPORT transport, 248 tBTA_STATUS result); 249 250 /******************************************************************************* 251 * 252 * Function BTA_DmBond 253 * 254 * Description This function initiates a bonding procedure with a peer 255 * device by designated transport. The bonding procedure 256 * enables authentication and optionally encryption on the 257 * Bluetooth link. 258 * 259 * 260 * Returns void 261 * 262 ******************************************************************************/ 263 void BTA_DmBond(const RawAddress& bd_addr, tBLE_ADDR_TYPE addr_type, tBT_TRANSPORT transport, 264 tBT_DEVICE_TYPE device_type); 265 266 /******************************************************************************* 267 * 268 * Function BTA_DmBondCancel 269 * 270 * Description This function cancels a bonding procedure with a peer 271 * device. 272 * 273 * 274 * Returns void 275 * 276 ******************************************************************************/ 277 void BTA_DmBondCancel(const RawAddress& bd_addr); 278 279 /******************************************************************************* 280 * 281 * Function BTA_DmPinReply 282 * 283 * Description This function provides a PIN when one is requested by DM 284 * during a bonding procedure. The application should call 285 * this function after the security callback is called with 286 * a BTA_DM_PIN_REQ_EVT. 287 * 288 * 289 * Returns void 290 * 291 ******************************************************************************/ 292 void BTA_DmPinReply(const RawAddress& bd_addr, bool accept, uint8_t pin_len, uint8_t* p_pin); 293 294 /******************************************************************************* 295 * 296 * Function BTA_DmLocalOob 297 * 298 * Description This function retrieves the OOB data from local controller. 299 * The result is reported by bta_dm_co_loc_oob(). 300 * 301 * Returns void 302 * 303 ******************************************************************************/ 304 void BTA_DmLocalOob(void); 305 306 /******************************************************************************* 307 * 308 * Function BTA_DmConfirm 309 * 310 * Description This function accepts or rejects the numerical value of the 311 * Simple Pairing process on BTA_DM_SP_CFM_REQ_EVT 312 * 313 * Returns void 314 * 315 ******************************************************************************/ 316 void BTA_DmConfirm(const RawAddress& bd_addr, bool accept); 317 318 /******************************************************************************* 319 * 320 * Function BTA_DmAddDevice 321 * 322 * Description This function adds a device to the security database list 323 * of peer devices. This function would typically be called 324 * at system startup to initialize the security database with 325 * known peer devices. This is a direct execution function 326 * that may lock task scheduling on some platforms. 327 * 328 * Returns void 329 * 330 ******************************************************************************/ 331 void BTA_DmAddDevice(RawAddress bd_addr, DEV_CLASS dev_class, LinkKey link_key, uint8_t key_type, 332 uint8_t pin_length); 333 334 /******************************************************************************* 335 * 336 * Function BTA_DmRemoveDevice 337 * 338 * Description This function removes a device from the security database. 339 * This is a direct execution function that may lock task 340 * scheduling on some platforms. 341 * 342 * 343 * Returns BTA_SUCCESS if successful. 344 * BTA_FAIL if operation failed. 345 * 346 ******************************************************************************/ 347 tBTA_STATUS BTA_DmRemoveDevice(const RawAddress& bd_addr); 348 349 /* BLE related API functions */ 350 /******************************************************************************* 351 * 352 * Function BTA_DmBleSecurityGrant 353 * 354 * Description Grant security request access. 355 * 356 * Parameters: bd_addr - BD address of the peer 357 * res - security grant status. 358 * 359 * Returns void 360 * 361 ******************************************************************************/ 362 void BTA_DmBleSecurityGrant(const RawAddress& bd_addr, tBTA_DM_BLE_SEC_GRANT res); 363 364 /******************************************************************************* 365 * 366 * Function BTA_DmBlePasskeyReply 367 * 368 * Description Send BLE SMP passkey reply. 369 * 370 * Parameters: bd_addr - BD address of the peer 371 * accept - passkey entry successful or declined. 372 * passkey - passkey value, must be a 6 digit number, 373 * can be lead by 0. 374 * 375 * Returns void 376 * 377 ******************************************************************************/ 378 void BTA_DmBlePasskeyReply(const RawAddress& bd_addr, bool accept, uint32_t passkey); 379 380 /******************************************************************************* 381 * 382 * Function BTA_DmBleConfirmReply 383 * 384 * Description Send BLE SMP SC user confirmation reply. 385 * 386 * Parameters: bd_addr - BD address of the peer 387 * accept - numbers to compare are the same or 388 * different. 389 * 390 * Returns void 391 * 392 ******************************************************************************/ 393 void BTA_DmBleConfirmReply(const RawAddress& bd_addr, bool accept); 394 395 /******************************************************************************* 396 * 397 * Function BTA_DmAddBleDevice 398 * 399 * Description Add a BLE device. This function will be normally called 400 * during host startup to restore all required information 401 * for a LE device stored in the NVRAM. 402 * 403 * Parameters: bd_addr - BD address of the peer 404 * dev_type - Remote device's device type. 405 * addr_type - LE device address type. 406 * 407 * Returns void 408 * 409 ******************************************************************************/ 410 void BTA_DmAddBleDevice(const RawAddress& bd_addr, tBLE_ADDR_TYPE addr_type, 411 tBT_DEVICE_TYPE dev_type); 412 413 /******************************************************************************* 414 * 415 * Function BTA_DmAddBleKey 416 * 417 * Description Add/modify LE device information. This function will be 418 * normally called during host startup to restore all required 419 * information stored in the NVRAM. 420 * 421 * Parameters: bd_addr - BD address of the peer 422 * p_le_key - LE key values. 423 * key_type - LE SMP key type. 424 * 425 * Returns void 426 * 427 ******************************************************************************/ 428 void BTA_DmAddBleKey(const RawAddress& bd_addr, tBTA_LE_KEY_VALUE* p_le_key, 429 tBTM_LE_KEY_TYPE key_type); 430 431 /******************************************************************************* 432 * 433 * Function BTA_DmSetEncryption 434 * 435 * Description This function is called to ensure that connection is 436 * encrypted. Should be called only on an open connection. 437 * Typically only needed for connections that first want to 438 * bring up unencrypted links, then later encrypt them. 439 * 440 * Parameters: bd_addr - Address of the peer device 441 * transport - transport of the link to be encruypted 442 * p_callback - Pointer to callback function to indicat the 443 * link encryption status 444 * sec_act - This is the security action to indicate 445 * what kind of BLE security level is required 446 * for the BLE link if BLE is supported 447 * Note: This parameter is ignored for 448 * BR/EDR or if BLE is not supported. 449 * 450 * Returns void 451 * 452 * 453 ******************************************************************************/ 454 void BTA_DmSetEncryption(const RawAddress& bd_addr, tBT_TRANSPORT transport, 455 tBTA_DM_ENCRYPT_CBACK* p_callback, tBTM_BLE_SEC_ACT sec_act); 456 457 /******************************************************************************* 458 * 459 * Function BTA_DmSirkSecCbRegister 460 * 461 * Description This procedure registeres in requested a callback for 462 * verification by CSIS potential set member. 463 * 464 * Parameters p_cback - callback to member verificator 465 * 466 * Returns void 467 * 468 ******************************************************************************/ 469 void BTA_DmSirkSecCbRegister(tBTA_DM_SEC_CBACK* p_cback); 470 471 /******************************************************************************* 472 * 473 * Function BTA_DmSirkConfirmDeviceReply 474 * 475 * Description This procedure confirms requested to validate set device. 476 * 477 * Parameters bd_addr - BD address of the peer 478 * accept - True if device is authorized by CSIS, false 479 * otherwise. 480 * 481 * Returns void 482 * 483 ******************************************************************************/ 484 void BTA_DmSirkConfirmDeviceReply(const RawAddress& bd_addr, bool accept); 485 486 namespace std { 487 template <> 488 struct formatter<tBTA_DM_SEC_EVT> : enum_formatter<tBTA_DM_SEC_EVT> {}; 489 } // namespace std 490