1 /******************************************************************************
2 *
3 * Copyright (C) 2003-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 #include <string.h>
20 #include "device/include/interop.h"
21 #include "include/bt_target.h"
22 #include "stack/btm/btm_int.h"
23 #include "stack/include/l2c_api.h"
24 #include "stack/smp/smp_int.h"
25 #include "utils/include/bt_utils.h"
26
27 #if SMP_INCLUDED == TRUE
28 const UINT8 smp_association_table[2][SMP_IO_CAP_MAX][SMP_IO_CAP_MAX] =
29 {
30 /* initiator */
31 {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* Display Only */
32 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* SMP_CAP_IO = 1 */
33 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* keyboard only */
34 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */
35 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}}, /* keyboard display */
36 /* responder */
37 {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* Display Only */
38 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* SMP_CAP_IO = 1 */
39 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* keyboard only */
40 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */
41 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}} /* keyboard display */
42 /* display only */ /*SMP_CAP_IO = 1 */ /* keyboard only */ /* No InputOutput */ /* keyboard display */
43 };
44
45 #define SMP_KEY_DIST_TYPE_MAX 4
46 const tSMP_ACT smp_distribute_act [] =
47 {
48 smp_generate_ltk,
49 smp_send_id_info,
50 smp_generate_csrk,
51 smp_set_derive_link_key
52 };
53
lmp_version_below(BD_ADDR bda,uint8_t version)54 static bool lmp_version_below(BD_ADDR bda, uint8_t version)
55 {
56 tACL_CONN *acl = btm_bda_to_acl(bda, BT_TRANSPORT_LE);
57 if (acl == NULL || acl->lmp_version == 0)
58 {
59 SMP_TRACE_WARNING("%s cannot retrieve LMP version...", __func__);
60 return false;
61 }
62 SMP_TRACE_WARNING("%s LMP version %d < %d", __func__, acl->lmp_version, version);
63 return acl->lmp_version < version;
64 }
65
66 /*******************************************************************************
67 ** Function smp_update_key_mask
68 ** Description This function updates the key mask for sending or receiving.
69 *******************************************************************************/
smp_update_key_mask(tSMP_CB * p_cb,UINT8 key_type,BOOLEAN recv)70 static void smp_update_key_mask (tSMP_CB *p_cb, UINT8 key_type, BOOLEAN recv)
71 {
72 SMP_TRACE_DEBUG("%s before update role=%d recv=%d local_i_key = %02x, local_r_key = %02x",
73 __func__, p_cb->role, recv, p_cb->local_i_key, p_cb->local_r_key);
74
75 if (((p_cb->le_secure_connections_mode_is_used) ||
76 (p_cb->smp_over_br)) &&
77 ((key_type == SMP_SEC_KEY_TYPE_ENC) || (key_type == SMP_SEC_KEY_TYPE_LK)))
78 {
79 /* in LE SC mode LTK, CSRK and BR/EDR LK are derived locally instead of
80 ** being exchanged with the peer */
81 p_cb->local_i_key &= ~key_type;
82 p_cb->local_r_key &= ~key_type;
83 }
84 else
85 if (p_cb->role == HCI_ROLE_SLAVE)
86 {
87 if (recv)
88 p_cb->local_i_key &= ~key_type;
89 else
90 p_cb->local_r_key &= ~key_type;
91 }
92 else
93 {
94 if (recv)
95 p_cb->local_r_key &= ~key_type;
96 else
97 p_cb->local_i_key &= ~key_type;
98 }
99
100 SMP_TRACE_DEBUG("updated local_i_key = %02x, local_r_key = %02x", p_cb->local_i_key,
101 p_cb->local_r_key);
102 }
103
104 /*******************************************************************************
105 ** Function smp_send_app_cback
106 ** Description notifies application about the events the application is interested in
107 *******************************************************************************/
smp_send_app_cback(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)108 void smp_send_app_cback(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
109 {
110 tSMP_EVT_DATA cb_data;
111 tSMP_STATUS callback_rc;
112 SMP_TRACE_DEBUG("%s p_cb->cb_evt=%d", __func__, p_cb->cb_evt);
113 if (p_cb->p_callback && p_cb->cb_evt != 0)
114 {
115 switch (p_cb->cb_evt)
116 {
117 case SMP_IO_CAP_REQ_EVT:
118 cb_data.io_req.auth_req = p_cb->peer_auth_req;
119 cb_data.io_req.oob_data = SMP_OOB_NONE;
120 cb_data.io_req.io_cap = SMP_DEFAULT_IO_CAPS;
121 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
122 cb_data.io_req.init_keys = p_cb->local_i_key ;
123 cb_data.io_req.resp_keys = p_cb->local_r_key ;
124 SMP_TRACE_WARNING ( "io_cap = %d",cb_data.io_req.io_cap);
125 break;
126
127 case SMP_NC_REQ_EVT:
128 cb_data.passkey = p_data->passkey;
129 break;
130 case SMP_SC_OOB_REQ_EVT:
131 cb_data.req_oob_type = p_data->req_oob_type;
132 break;
133 case SMP_SC_LOC_OOB_DATA_UP_EVT:
134 cb_data.loc_oob_data = p_cb->sc_oob_data.loc_oob_data;
135 break;
136
137 case SMP_BR_KEYS_REQ_EVT:
138 cb_data.io_req.auth_req = 0;
139 cb_data.io_req.oob_data = SMP_OOB_NONE;
140 cb_data.io_req.io_cap = 0;
141 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
142 cb_data.io_req.init_keys = SMP_BR_SEC_DEFAULT_KEY;
143 cb_data.io_req.resp_keys = SMP_BR_SEC_DEFAULT_KEY;
144 break;
145
146 default:
147 break;
148 }
149
150 callback_rc = (*p_cb->p_callback)(p_cb->cb_evt, p_cb->pairing_bda, &cb_data);
151
152 SMP_TRACE_DEBUG("callback_rc=%d p_cb->cb_evt=%d",callback_rc, p_cb->cb_evt );
153
154 if (callback_rc == SMP_SUCCESS)
155 {
156 switch (p_cb->cb_evt)
157 {
158 case SMP_IO_CAP_REQ_EVT:
159 p_cb->loc_auth_req = cb_data.io_req.auth_req;
160 p_cb->local_io_capability = cb_data.io_req.io_cap;
161 p_cb->loc_oob_flag = cb_data.io_req.oob_data;
162 p_cb->loc_enc_size = cb_data.io_req.max_key_size;
163 p_cb->local_i_key = cb_data.io_req.init_keys;
164 p_cb->local_r_key = cb_data.io_req.resp_keys;
165
166 if (!(p_cb->loc_auth_req & SMP_AUTH_BOND))
167 {
168 SMP_TRACE_WARNING ("Non bonding: No keys will be exchanged");
169 p_cb->local_i_key = 0;
170 p_cb->local_r_key = 0;
171 }
172
173 SMP_TRACE_WARNING ( "rcvd auth_req: 0x%02x, io_cap: %d \
174 loc_oob_flag: %d loc_enc_size: %d,"
175 "local_i_key: 0x%02x, local_r_key: 0x%02x",
176 p_cb->loc_auth_req, p_cb->local_io_capability, p_cb->loc_oob_flag,
177 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key);
178
179 p_cb->secure_connections_only_mode_required =
180 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE;
181
182 if (p_cb->secure_connections_only_mode_required)
183 {
184 p_cb->loc_auth_req |= SMP_SC_SUPPORT_BIT;
185 }
186
187 if (!(p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT)
188 || lmp_version_below(p_cb->pairing_bda, HCI_PROTO_VERSION_4_2)
189 || interop_match(INTEROP_DISABLE_LE_SECURE_CONNECTIONS,
190 (const bt_bdaddr_t *)&p_cb->pairing_bda))
191 {
192 p_cb->loc_auth_req &= ~SMP_KP_SUPPORT_BIT;
193 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
194 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
195 }
196
197 SMP_TRACE_WARNING("set auth_req: 0x%02x, local_i_key: 0x%02x, local_r_key: 0x%02x",
198 p_cb->loc_auth_req, p_cb->local_i_key, p_cb->local_r_key);
199
200 smp_sm_event(p_cb, SMP_IO_RSP_EVT, NULL);
201 break;
202
203 case SMP_BR_KEYS_REQ_EVT:
204 p_cb->loc_enc_size = cb_data.io_req.max_key_size;
205 p_cb->local_i_key = cb_data.io_req.init_keys;
206 p_cb->local_r_key = cb_data.io_req.resp_keys;
207
208 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
209 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
210
211 SMP_TRACE_WARNING ( "for SMP over BR max_key_size: 0x%02x,\
212 local_i_key: 0x%02x, local_r_key: 0x%02x",
213 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key);
214
215 smp_br_state_machine_event(p_cb, SMP_BR_KEYS_RSP_EVT, NULL);
216 break;
217 }
218 }
219 }
220
221 if (!p_cb->cb_evt && p_cb->discard_sec_req)
222 {
223 p_cb->discard_sec_req = FALSE;
224 smp_sm_event(p_cb, SMP_DISCARD_SEC_REQ_EVT, NULL);
225 }
226
227 SMP_TRACE_DEBUG("%s return", __func__);
228 }
229
230 /*******************************************************************************
231 ** Function smp_send_pair_fail
232 ** Description pairing failure to peer device if needed.
233 *******************************************************************************/
smp_send_pair_fail(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)234 void smp_send_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
235 {
236 p_cb->status = *(UINT8 *)p_data;
237 p_cb->failure = *(UINT8 *)p_data;
238
239 SMP_TRACE_DEBUG("%s status=%d failure=%d ", __func__, p_cb->status, p_cb->failure);
240
241 if (p_cb->status <= SMP_MAX_FAIL_RSN_PER_SPEC && p_cb->status != SMP_SUCCESS)
242 {
243 smp_send_cmd(SMP_OPCODE_PAIRING_FAILED, p_cb);
244 p_cb->wait_for_authorization_complete = TRUE;
245 }
246 }
247
248 /*******************************************************************************
249 ** Function smp_send_pair_req
250 ** Description actions related to sending pairing request
251 *******************************************************************************/
smp_send_pair_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)252 void smp_send_pair_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
253 {
254 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
255 SMP_TRACE_DEBUG("%s", __func__);
256
257 /* erase all keys when master sends pairing req*/
258 if (p_dev_rec)
259 btm_sec_clear_ble_keys(p_dev_rec);
260 /* do not manipulate the key, let app decide,
261 leave out to BTM to mandate key distribution for bonding case */
262 smp_send_cmd(SMP_OPCODE_PAIRING_REQ, p_cb);
263 }
264
265 /*******************************************************************************
266 ** Function smp_send_pair_rsp
267 ** Description actions related to sending pairing response
268 *******************************************************************************/
smp_send_pair_rsp(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)269 void smp_send_pair_rsp(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
270 {
271 SMP_TRACE_DEBUG("%s", __func__);
272
273 p_cb->local_i_key &= p_cb->peer_i_key;
274 p_cb->local_r_key &= p_cb->peer_r_key;
275
276 if (smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb))
277 {
278 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
279 smp_use_oob_private_key(p_cb, NULL);
280 else
281 smp_decide_association_model(p_cb, NULL);
282 }
283 }
284
285 /*******************************************************************************
286 ** Function smp_send_confirm
287 ** Description send confirmation to the peer
288 *******************************************************************************/
smp_send_confirm(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)289 void smp_send_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
290 {
291 SMP_TRACE_DEBUG("%s", __func__);
292 smp_send_cmd(SMP_OPCODE_CONFIRM, p_cb);
293 }
294
295 /*******************************************************************************
296 ** Function smp_send_init
297 ** Description process pairing initializer to slave device
298 *******************************************************************************/
smp_send_init(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)299 void smp_send_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
300 {
301 SMP_TRACE_DEBUG("%s", __func__);
302 smp_send_cmd(SMP_OPCODE_INIT, p_cb);
303 }
304
305 /*******************************************************************************
306 ** Function smp_send_rand
307 ** Description send pairing random to the peer
308 *******************************************************************************/
smp_send_rand(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)309 void smp_send_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
310 {
311 SMP_TRACE_DEBUG("%s", __func__);
312 smp_send_cmd(SMP_OPCODE_RAND, p_cb);
313 }
314
315 /*******************************************************************************
316 ** Function smp_send_pair_public_key
317 ** Description send pairing public key command to the peer
318 *******************************************************************************/
smp_send_pair_public_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)319 void smp_send_pair_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
320 {
321 SMP_TRACE_DEBUG("%s", __func__);
322 smp_send_cmd(SMP_OPCODE_PAIR_PUBLIC_KEY, p_cb);
323 }
324
325 /*******************************************************************************
326 ** Function SMP_SEND_COMMITMENT
327 ** Description send commitment command to the peer
328 *******************************************************************************/
smp_send_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)329 void smp_send_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
330 {
331 SMP_TRACE_DEBUG("%s", __func__);
332 smp_send_cmd(SMP_OPCODE_PAIR_COMMITM, p_cb);
333 }
334
335 /*******************************************************************************
336 ** Function smp_send_dhkey_check
337 ** Description send DHKey Check command to the peer
338 *******************************************************************************/
smp_send_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)339 void smp_send_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
340 {
341 SMP_TRACE_DEBUG("%s", __func__);
342 smp_send_cmd(SMP_OPCODE_PAIR_DHKEY_CHECK, p_cb);
343 }
344
345 /*******************************************************************************
346 ** Function smp_send_keypress_notification
347 ** Description send Keypress Notification command to the peer
348 *******************************************************************************/
smp_send_keypress_notification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)349 void smp_send_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
350 {
351 p_cb->local_keypress_notification = *(UINT8 *) p_data;
352 smp_send_cmd(SMP_OPCODE_PAIR_KEYPR_NOTIF, p_cb);
353 }
354
355 /*******************************************************************************
356 ** Function smp_send_enc_info
357 ** Description send encryption information command.
358 *******************************************************************************/
smp_send_enc_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)359 void smp_send_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
360 {
361 tBTM_LE_LENC_KEYS le_key;
362
363 SMP_TRACE_DEBUG("%s p_cb->loc_enc_size = %d", __func__, p_cb->loc_enc_size);
364 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
365
366 smp_send_cmd(SMP_OPCODE_ENCRYPT_INFO, p_cb);
367 smp_send_cmd(SMP_OPCODE_MASTER_ID, p_cb);
368
369 /* save the DIV and key size information when acting as slave device */
370 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
371 le_key.div = p_cb->div;
372 le_key.key_size = p_cb->loc_enc_size;
373 le_key.sec_level = p_cb->sec_level;
374
375 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
376 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LENC,
377 (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
378
379 SMP_TRACE_WARNING ("%s", __func__);
380
381 smp_key_distribution(p_cb, NULL);
382 }
383
384 /*******************************************************************************
385 ** Function smp_send_id_info
386 ** Description send ID information command.
387 *******************************************************************************/
smp_send_id_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)388 void smp_send_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
389 {
390 tBTM_LE_KEY_VALUE le_key;
391 SMP_TRACE_DEBUG("%s", __func__);
392 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, FALSE);
393
394 smp_send_cmd(SMP_OPCODE_IDENTITY_INFO, p_cb);
395 smp_send_cmd(SMP_OPCODE_ID_ADDR, p_cb);
396
397 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
398 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LID,
399 &le_key, TRUE);
400
401 SMP_TRACE_WARNING ("%s", __func__);
402 smp_key_distribution_by_transport(p_cb, NULL);
403 }
404
405 /*******************************************************************************
406 ** Function smp_send_csrk_info
407 ** Description send CSRK command.
408 *******************************************************************************/
smp_send_csrk_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)409 void smp_send_csrk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
410 {
411 tBTM_LE_LCSRK_KEYS key;
412 SMP_TRACE_DEBUG("%s", __func__);
413 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, FALSE);
414
415 if (smp_send_cmd(SMP_OPCODE_SIGN_INFO, p_cb))
416 {
417 key.div = p_cb->div;
418 key.sec_level = p_cb->sec_level;
419 key.counter = 0; /* initialize the local counter */
420 memcpy (key.csrk, p_cb->csrk, BT_OCTET16_LEN);
421 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LCSRK, (tBTM_LE_KEY_VALUE *)&key, TRUE);
422 }
423
424 smp_key_distribution_by_transport(p_cb, NULL);
425 }
426
427 /*******************************************************************************
428 ** Function smp_send_ltk_reply
429 ** Description send LTK reply
430 *******************************************************************************/
smp_send_ltk_reply(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)431 void smp_send_ltk_reply(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
432 {
433 SMP_TRACE_DEBUG("%s", __func__);
434 /* send stk as LTK response */
435 btm_ble_ltk_request_reply(p_cb->pairing_bda, TRUE, p_data->key.p_data);
436 }
437
438 /*******************************************************************************
439 ** Function smp_proc_sec_req
440 ** Description process security request.
441 *******************************************************************************/
smp_proc_sec_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)442 void smp_proc_sec_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
443 {
444 tBTM_LE_AUTH_REQ auth_req = *(tBTM_LE_AUTH_REQ *)p_data;
445 tBTM_BLE_SEC_REQ_ACT sec_req_act;
446 UINT8 reason;
447
448 SMP_TRACE_DEBUG("%s auth_req=0x%x", __func__, auth_req);
449
450 p_cb->cb_evt = 0;
451
452 btm_ble_link_sec_check(p_cb->pairing_bda, auth_req, &sec_req_act);
453
454 SMP_TRACE_DEBUG("%s sec_req_act=0x%x", __func__, sec_req_act);
455
456 switch (sec_req_act)
457 {
458 case BTM_BLE_SEC_REQ_ACT_ENCRYPT:
459 SMP_TRACE_DEBUG("%s BTM_BLE_SEC_REQ_ACT_ENCRYPT", __func__);
460 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
461 break;
462
463 case BTM_BLE_SEC_REQ_ACT_PAIR:
464 p_cb->secure_connections_only_mode_required =
465 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE;
466
467 /* respond to non SC pairing request as failure in SC only mode */
468 if (p_cb->secure_connections_only_mode_required &&
469 (auth_req & SMP_SC_SUPPORT_BIT) == 0)
470 {
471 reason = SMP_PAIR_AUTH_FAIL;
472 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
473 }
474 else
475 {
476 /* initialize local i/r key to be default keys */
477 p_cb->peer_auth_req = auth_req;
478 p_cb->local_r_key = p_cb->local_i_key = SMP_SEC_DEFAULT_KEY ;
479 p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
480 }
481 break;
482
483 case BTM_BLE_SEC_REQ_ACT_DISCARD:
484 p_cb->discard_sec_req = TRUE;
485 break;
486
487 default:
488 /* do nothing */
489 break;
490 }
491 }
492
493 /*******************************************************************************
494 ** Function smp_proc_sec_grant
495 ** Description process security grant.
496 *******************************************************************************/
smp_proc_sec_grant(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)497 void smp_proc_sec_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
498 {
499 UINT8 res= *(UINT8 *)p_data;
500 SMP_TRACE_DEBUG("%s", __func__);
501 if (res != SMP_SUCCESS)
502 {
503 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, p_data);
504 }
505 else /*otherwise, start pairing */
506 {
507 /* send IO request callback */
508 p_cb->cb_evt = SMP_IO_CAP_REQ_EVT;
509 }
510 }
511
512 /*******************************************************************************
513 ** Function smp_proc_pair_fail
514 ** Description process pairing failure from peer device
515 *******************************************************************************/
smp_proc_pair_fail(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)516 void smp_proc_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
517 {
518 SMP_TRACE_DEBUG("%s", __func__);
519 p_cb->status = *(UINT8 *)p_data;
520 }
521
522 /*******************************************************************************
523 ** Function smp_proc_pair_cmd
524 ** Description Process the SMP pairing request/response from peer device
525 *******************************************************************************/
smp_proc_pair_cmd(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)526 void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
527 {
528 UINT8 *p = (UINT8 *)p_data;
529 UINT8 reason = SMP_ENC_KEY_SIZE;
530 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
531
532 SMP_TRACE_DEBUG("%s", __func__);
533 /* erase all keys if it is slave proc pairing req*/
534 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
535 btm_sec_clear_ble_keys(p_dev_rec);
536
537 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
538
539 STREAM_TO_UINT8(p_cb->peer_io_caps, p);
540 STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
541 STREAM_TO_UINT8(p_cb->peer_auth_req, p);
542 STREAM_TO_UINT8(p_cb->peer_enc_size, p);
543 STREAM_TO_UINT8(p_cb->peer_i_key, p);
544 STREAM_TO_UINT8(p_cb->peer_r_key, p);
545
546 if (smp_command_has_invalid_parameters(p_cb))
547 {
548 reason = SMP_INVALID_PARAMETERS;
549 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
550 return;
551 }
552
553 if (p_cb->role == HCI_ROLE_SLAVE)
554 {
555 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD))
556 {
557 /* peer (master) started pairing sending Pairing Request */
558 p_cb->local_i_key = p_cb->peer_i_key;
559 p_cb->local_r_key = p_cb->peer_r_key;
560
561 p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
562 }
563 else /* update local i/r key according to pairing request */
564 {
565 /* pairing started with this side (slave) sending Security Request */
566 p_cb->local_i_key &= p_cb->peer_i_key;
567 p_cb->local_r_key &= p_cb->peer_r_key;
568 p_cb->selected_association_model = smp_select_association_model(p_cb);
569
570 if (p_cb->secure_connections_only_mode_required &&
571 (!(p_cb->le_secure_connections_mode_is_used) ||
572 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
573 {
574 SMP_TRACE_ERROR("%s pairing failed - slave requires secure connection only mode",
575 __func__);
576 reason = SMP_PAIR_AUTH_FAIL;
577 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
578 return;
579 }
580
581 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
582 {
583 if (smp_request_oob_data(p_cb)) return;
584 }
585 else
586 {
587 smp_send_pair_rsp(p_cb, NULL);
588 }
589 }
590 }
591 else /* Master receives pairing response */
592 {
593 p_cb->selected_association_model = smp_select_association_model(p_cb);
594
595 if (p_cb->secure_connections_only_mode_required &&
596 (!(p_cb->le_secure_connections_mode_is_used) ||
597 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
598 {
599 SMP_TRACE_ERROR ("Master requires secure connection only mode \
600 but it can't be provided -> Master fails pairing");
601 reason = SMP_PAIR_AUTH_FAIL;
602 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
603 return;
604 }
605
606 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
607 {
608 if (smp_request_oob_data(p_cb)) return;
609 }
610 else
611 {
612 smp_decide_association_model(p_cb, NULL);
613 }
614 }
615 }
616
617 /*******************************************************************************
618 ** Function smp_proc_confirm
619 ** Description process pairing confirm from peer device
620 *******************************************************************************/
smp_proc_confirm(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)621 void smp_proc_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
622 {
623 UINT8 *p = (UINT8 *)p_data;
624 UINT8 reason = SMP_INVALID_PARAMETERS;
625
626 SMP_TRACE_DEBUG("%s", __func__);
627
628 if (smp_command_has_invalid_parameters(p_cb))
629 {
630 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
631 return;
632 }
633
634 if (p != NULL)
635 {
636 /* save the SConfirm for comparison later */
637 STREAM_TO_ARRAY(p_cb->rconfirm, p, BT_OCTET16_LEN);
638 }
639
640 p_cb->flags |= SMP_PAIR_FLAGS_CMD_CONFIRM;
641 }
642
643 /*******************************************************************************
644 ** Function smp_proc_init
645 ** Description process pairing initializer from peer device
646 *******************************************************************************/
smp_proc_init(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)647 void smp_proc_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
648 {
649 UINT8 *p = (UINT8 *)p_data;
650 UINT8 reason = SMP_INVALID_PARAMETERS;
651
652 SMP_TRACE_DEBUG("%s", __func__);
653
654 if (smp_command_has_invalid_parameters(p_cb))
655 {
656 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
657 return;
658 }
659
660 /* save the SRand for comparison */
661 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
662 }
663
664 /*******************************************************************************
665 ** Function smp_proc_rand
666 ** Description process pairing random (nonce) from peer device
667 *******************************************************************************/
smp_proc_rand(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)668 void smp_proc_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
669 {
670 UINT8 *p = (UINT8 *)p_data;
671 UINT8 reason = SMP_INVALID_PARAMETERS;
672
673 SMP_TRACE_DEBUG("%s", __func__);
674
675 if (smp_command_has_invalid_parameters(p_cb))
676 {
677 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
678 return;
679 }
680
681 /* save the SRand for comparison */
682 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
683 }
684
685 /*******************************************************************************
686 ** Function smp_process_pairing_public_key
687 ** Description process pairing public key command from the peer device
688 ** - saves the peer public key;
689 ** - sets the flag indicating that the peer public key is received;
690 ** - calls smp_wait_for_both_public_keys(...).
691 **
692 *******************************************************************************/
smp_process_pairing_public_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)693 void smp_process_pairing_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
694 {
695 UINT8 *p = (UINT8 *)p_data;
696 UINT8 reason = SMP_INVALID_PARAMETERS;
697
698 SMP_TRACE_DEBUG("%s", __func__);
699
700 if (smp_command_has_invalid_parameters(p_cb))
701 {
702 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
703 return;
704 }
705
706 STREAM_TO_ARRAY(p_cb->peer_publ_key.x, p, BT_OCTET32_LEN);
707 STREAM_TO_ARRAY(p_cb->peer_publ_key.y, p, BT_OCTET32_LEN);
708 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY;
709
710 smp_wait_for_both_public_keys(p_cb, NULL);
711 }
712
713 /*******************************************************************************
714 ** Function smp_process_pairing_commitment
715 ** Description process pairing commitment from peer device
716 *******************************************************************************/
smp_process_pairing_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)717 void smp_process_pairing_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
718 {
719 UINT8 *p = (UINT8 *)p_data;
720 UINT8 reason = SMP_INVALID_PARAMETERS;
721
722 SMP_TRACE_DEBUG("%s", __func__);
723
724 if (smp_command_has_invalid_parameters(p_cb))
725 {
726 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
727 return;
728 }
729
730 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_COMM;
731
732 if (p != NULL)
733 {
734 STREAM_TO_ARRAY(p_cb->remote_commitment, p, BT_OCTET16_LEN);
735 }
736 }
737
738 /*******************************************************************************
739 ** Function smp_process_dhkey_check
740 ** Description process DHKey Check from peer device
741 *******************************************************************************/
smp_process_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)742 void smp_process_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
743 {
744 UINT8 *p = (UINT8 *)p_data;
745 UINT8 reason = SMP_INVALID_PARAMETERS;
746
747 SMP_TRACE_DEBUG("%s", __func__);
748
749 if (smp_command_has_invalid_parameters(p_cb))
750 {
751 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
752 return;
753 }
754
755 if (p != NULL)
756 {
757 STREAM_TO_ARRAY(p_cb->remote_dhkey_check, p, BT_OCTET16_LEN);
758 }
759
760 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK;
761 }
762
763 /*******************************************************************************
764 ** Function smp_process_keypress_notification
765 ** Description process pairing keypress notification from peer device
766 *******************************************************************************/
smp_process_keypress_notification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)767 void smp_process_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
768 {
769 UINT8 *p = (UINT8 *)p_data;
770 UINT8 reason = SMP_INVALID_PARAMETERS;
771
772 SMP_TRACE_DEBUG("%s", __func__);
773 p_cb->status = *(UINT8 *)p_data;
774
775 if (smp_command_has_invalid_parameters(p_cb))
776 {
777 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
778 return;
779 }
780
781 if (p != NULL)
782 {
783 STREAM_TO_UINT8(p_cb->peer_keypress_notification, p);
784 }
785 else
786 {
787 p_cb->peer_keypress_notification = BTM_SP_KEY_OUT_OF_RANGE;
788 }
789 p_cb->cb_evt = SMP_PEER_KEYPR_NOT_EVT;
790 }
791
792 /*******************************************************************************
793 ** Function smp_br_process_pairing_command
794 ** Description Process the SMP pairing request/response from peer device via
795 ** BR/EDR transport.
796 *******************************************************************************/
smp_br_process_pairing_command(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)797 void smp_br_process_pairing_command(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
798 {
799 UINT8 *p = (UINT8 *)p_data;
800 UINT8 reason = SMP_ENC_KEY_SIZE;
801 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
802
803 SMP_TRACE_DEBUG("%s", __func__);
804 /* rejecting BR pairing request over non-SC BR link */
805 if (!p_dev_rec->new_encryption_key_is_p256 && p_cb->role == HCI_ROLE_SLAVE)
806 {
807 reason = SMP_XTRANS_DERIVE_NOT_ALLOW;
808 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
809 return;
810 }
811
812 /* erase all keys if it is slave proc pairing req*/
813 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
814 btm_sec_clear_ble_keys(p_dev_rec);
815
816 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
817
818 STREAM_TO_UINT8(p_cb->peer_io_caps, p);
819 STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
820 STREAM_TO_UINT8(p_cb->peer_auth_req, p);
821 STREAM_TO_UINT8(p_cb->peer_enc_size, p);
822 STREAM_TO_UINT8(p_cb->peer_i_key, p);
823 STREAM_TO_UINT8(p_cb->peer_r_key, p);
824
825 if (smp_command_has_invalid_parameters(p_cb))
826 {
827 reason = SMP_INVALID_PARAMETERS;
828 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
829 return;
830 }
831
832 /* peer (master) started pairing sending Pairing Request */
833 /* or being master device always use received i/r key as keys to distribute */
834 p_cb->local_i_key = p_cb->peer_i_key;
835 p_cb->local_r_key = p_cb->peer_r_key;
836
837 if (p_cb->role == HCI_ROLE_SLAVE)
838 {
839 p_dev_rec->new_encryption_key_is_p256 = FALSE;
840 /* shortcut to skip Security Grant step */
841 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
842 }
843 else /* Master receives pairing response */
844 {
845 SMP_TRACE_DEBUG("%s master rcvs valid PAIRING RESPONSE."
846 " Supposed to move to key distribution phase. ", __func__);
847 }
848
849 /* auth_req received via BR/EDR SM channel is set to 0,
850 but everything derived/exchanged has to be saved */
851 p_cb->peer_auth_req |= SMP_AUTH_BOND;
852 p_cb->loc_auth_req |= SMP_AUTH_BOND;
853 }
854
855 /*******************************************************************************
856 ** Function smp_br_process_security_grant
857 ** Description process security grant in case of pairing over BR/EDR transport.
858 *******************************************************************************/
smp_br_process_security_grant(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)859 void smp_br_process_security_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
860 {
861 UINT8 res= *(UINT8 *)p_data;
862 SMP_TRACE_DEBUG("%s", __func__);
863 if (res != SMP_SUCCESS)
864 {
865 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, p_data);
866 }
867 else /*otherwise, start pairing */
868 {
869 /* send IO request callback */
870 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
871 }
872 }
873
874 /*******************************************************************************
875 ** Function smp_br_check_authorization_request
876 ** Description sets the SMP kes to be derived/distribute over BR/EDR transport
877 ** before starting the distribution/derivation
878 *******************************************************************************/
smp_br_check_authorization_request(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)879 void smp_br_check_authorization_request(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
880 {
881 UINT8 reason = SMP_SUCCESS;
882
883 SMP_TRACE_DEBUG("%s rcvs i_keys=0x%x r_keys=0x%x "
884 "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key,
885 p_cb->local_r_key);
886
887 /* In LE SC mode LK field is ignored when BR/EDR transport is used */
888 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
889 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
890
891 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
892 ** Set local_r_key on master to expect only these keys. */
893 if (p_cb->role == HCI_ROLE_MASTER)
894 {
895 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
896 }
897
898 SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x "
899 "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key,
900 p_cb->local_r_key);
901
902 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
903 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
904 (p_cb->local_i_key || p_cb->local_r_key))
905 {
906 smp_br_state_machine_event(p_cb, SMP_BR_BOND_REQ_EVT, NULL);
907
908 /* if no peer key is expected, start master key distribution */
909 if (p_cb->role == HCI_ROLE_MASTER && p_cb->local_r_key == 0)
910 smp_key_distribution_by_transport(p_cb, NULL);
911 }
912 else
913 {
914 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
915 }
916 }
917
918 /*******************************************************************************
919 ** Function smp_br_select_next_key
920 ** Description selects the next key to derive/send when BR/EDR transport is
921 ** used.
922 *******************************************************************************/
smp_br_select_next_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)923 void smp_br_select_next_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
924 {
925 UINT8 reason = SMP_SUCCESS;
926 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x",
927 __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
928
929 if (p_cb->role == HCI_ROLE_SLAVE||
930 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER))
931 {
932 smp_key_pick_key(p_cb, p_data);
933 }
934
935 if (!p_cb->local_i_key && !p_cb->local_r_key)
936 {
937 /* state check to prevent re-entrance */
938 if (smp_get_br_state() == SMP_BR_STATE_BOND_PENDING)
939 {
940 if (p_cb->total_tx_unacked == 0)
941 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
942 else
943 p_cb->wait_for_authorization_complete = TRUE;
944 }
945 }
946 }
947
948 /*******************************************************************************
949 ** Function smp_proc_enc_info
950 ** Description process encryption information from peer device
951 *******************************************************************************/
smp_proc_enc_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)952 void smp_proc_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
953 {
954 UINT8 *p = (UINT8 *)p_data;
955
956 SMP_TRACE_DEBUG("%s", __func__);
957 STREAM_TO_ARRAY(p_cb->ltk, p, BT_OCTET16_LEN);
958
959 smp_key_distribution(p_cb, NULL);
960 }
961 /*******************************************************************************
962 ** Function smp_proc_master_id
963 ** Description process master ID from slave device
964 *******************************************************************************/
smp_proc_master_id(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)965 void smp_proc_master_id(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
966 {
967 UINT8 *p = (UINT8 *)p_data;
968 tBTM_LE_PENC_KEYS le_key;
969
970 SMP_TRACE_DEBUG("%s", __func__);
971 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, TRUE);
972
973 STREAM_TO_UINT16(le_key.ediv, p);
974 STREAM_TO_ARRAY(le_key.rand, p, BT_OCTET8_LEN );
975
976 /* store the encryption keys from peer device */
977 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
978 le_key.sec_level = p_cb->sec_level;
979 le_key.key_size = p_cb->loc_enc_size;
980
981 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
982 btm_sec_save_le_key(p_cb->pairing_bda,
983 BTM_LE_KEY_PENC,
984 (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
985
986 smp_key_distribution(p_cb, NULL);
987 }
988
989 /*******************************************************************************
990 ** Function smp_proc_enc_info
991 ** Description process identity information from peer device
992 *******************************************************************************/
smp_proc_id_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)993 void smp_proc_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
994 {
995 UINT8 *p = (UINT8 *)p_data;
996
997 SMP_TRACE_DEBUG("%s", __func__);
998 STREAM_TO_ARRAY (p_cb->tk, p, BT_OCTET16_LEN); /* reuse TK for IRK */
999 smp_key_distribution_by_transport(p_cb, NULL);
1000 }
1001
1002 /*******************************************************************************
1003 ** Function smp_proc_id_addr
1004 ** Description process identity address from peer device
1005 *******************************************************************************/
smp_proc_id_addr(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1006 void smp_proc_id_addr(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1007 {
1008 UINT8 *p = (UINT8 *)p_data;
1009 tBTM_LE_PID_KEYS pid_key;
1010
1011 SMP_TRACE_DEBUG("%s", __func__);
1012 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, TRUE);
1013
1014 STREAM_TO_UINT8(pid_key.addr_type, p);
1015 STREAM_TO_BDADDR(pid_key.static_addr, p);
1016 memcpy(pid_key.irk, p_cb->tk, BT_OCTET16_LEN);
1017
1018 /* to use as BD_ADDR for lk derived from ltk */
1019 p_cb->id_addr_rcvd = TRUE;
1020 p_cb->id_addr_type = pid_key.addr_type;
1021 memcpy(p_cb->id_addr, pid_key.static_addr, BD_ADDR_LEN);
1022
1023 /* store the ID key from peer device */
1024 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
1025 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PID,
1026 (tBTM_LE_KEY_VALUE *)&pid_key, TRUE);
1027 smp_key_distribution_by_transport(p_cb, NULL);
1028 }
1029
1030 /*******************************************************************************
1031 ** Function smp_proc_srk_info
1032 ** Description process security information from peer device
1033 *******************************************************************************/
smp_proc_srk_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1034 void smp_proc_srk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1035 {
1036 tBTM_LE_PCSRK_KEYS le_key;
1037
1038 SMP_TRACE_DEBUG("%s", __func__);
1039 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, TRUE);
1040
1041 /* save CSRK to security record */
1042 le_key.sec_level = p_cb->sec_level;
1043 memcpy (le_key.csrk, p_data, BT_OCTET16_LEN); /* get peer CSRK */
1044 le_key.counter = 0; /* initialize the peer counter */
1045
1046 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
1047 btm_sec_save_le_key(p_cb->pairing_bda,
1048 BTM_LE_KEY_PCSRK,
1049 (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
1050 smp_key_distribution_by_transport(p_cb, NULL);
1051 }
1052
1053 /*******************************************************************************
1054 ** Function smp_proc_compare
1055 ** Description process compare value
1056 *******************************************************************************/
smp_proc_compare(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1057 void smp_proc_compare(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1058 {
1059 UINT8 reason;
1060
1061 SMP_TRACE_DEBUG("%s", __func__);
1062 if (!memcmp(p_cb->rconfirm, p_data->key.p_data, BT_OCTET16_LEN))
1063 {
1064 /* compare the max encryption key size, and save the smaller one for the link */
1065 if ( p_cb->peer_enc_size < p_cb->loc_enc_size)
1066 p_cb->loc_enc_size = p_cb->peer_enc_size;
1067
1068 if (p_cb->role == HCI_ROLE_SLAVE)
1069 smp_sm_event(p_cb, SMP_RAND_EVT, NULL);
1070 else
1071 {
1072 /* master device always use received i/r key as keys to distribute */
1073 p_cb->local_i_key = p_cb->peer_i_key;
1074 p_cb->local_r_key = p_cb->peer_r_key;
1075
1076 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1077 }
1078
1079 }
1080 else
1081 {
1082 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1083 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1084 }
1085 }
1086
1087 /*******************************************************************************
1088 ** Function smp_proc_sl_key
1089 ** Description process key ready events.
1090 *******************************************************************************/
smp_proc_sl_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1091 void smp_proc_sl_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1092 {
1093 UINT8 key_type = p_data->key.key_type;
1094
1095 SMP_TRACE_DEBUG("%s", __func__);
1096 if (key_type == SMP_KEY_TYPE_TK)
1097 {
1098 smp_generate_srand_mrand_confirm(p_cb, NULL);
1099 }
1100 else if (key_type == SMP_KEY_TYPE_CFM)
1101 {
1102 smp_set_state(SMP_STATE_WAIT_CONFIRM);
1103
1104 if (p_cb->flags & SMP_PAIR_FLAGS_CMD_CONFIRM)
1105 smp_sm_event(p_cb, SMP_CONFIRM_EVT, NULL);
1106 }
1107 }
1108
1109 /*******************************************************************************
1110 ** Function smp_start_enc
1111 ** Description start encryption
1112 *******************************************************************************/
smp_start_enc(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1113 void smp_start_enc(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1114 {
1115 tBTM_STATUS cmd;
1116 UINT8 reason = SMP_ENC_FAIL;
1117
1118 SMP_TRACE_DEBUG("%s", __func__);
1119 if (p_data != NULL)
1120 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, TRUE, p_data->key.p_data);
1121 else
1122 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, FALSE, NULL);
1123
1124 if (cmd != BTM_CMD_STARTED && cmd != BTM_BUSY)
1125 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1126 }
1127
1128 /*******************************************************************************
1129 ** Function smp_proc_discard
1130 ** Description processing for discard security request
1131 *******************************************************************************/
smp_proc_discard(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1132 void smp_proc_discard(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1133 {
1134 SMP_TRACE_DEBUG("%s", __func__);
1135 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD))
1136 smp_reset_control_value(p_cb);
1137 }
1138
1139 /*******************************************************************************
1140 ** Function smp_enc_cmpl
1141 ** Description encryption success
1142 *******************************************************************************/
smp_enc_cmpl(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1143 void smp_enc_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1144 {
1145 UINT8 enc_enable = *(UINT8 *)p_data;
1146 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1147
1148 SMP_TRACE_DEBUG("%s", __func__);
1149 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1150 }
1151
1152 /*******************************************************************************
1153 ** Function smp_check_auth_req
1154 ** Description check authentication request
1155 *******************************************************************************/
smp_check_auth_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1156 void smp_check_auth_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1157 {
1158 UINT8 enc_enable = *(UINT8 *)p_data;
1159 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1160
1161 SMP_TRACE_DEBUG("%s rcvs enc_enable=%d i_keys=0x%x r_keys=0x%x "
1162 "(i-initiator r-responder)",
1163 __func__, enc_enable, p_cb->local_i_key, p_cb->local_r_key);
1164 if (enc_enable == 1)
1165 {
1166 if (p_cb->le_secure_connections_mode_is_used)
1167 {
1168 /* In LE SC mode LTK is used instead of STK and has to be always saved */
1169 p_cb->local_i_key |= SMP_SEC_KEY_TYPE_ENC;
1170 p_cb->local_r_key |= SMP_SEC_KEY_TYPE_ENC;
1171
1172 /* In LE SC mode LK is derived from LTK only if both sides request it */
1173 if (!(p_cb->local_i_key & SMP_SEC_KEY_TYPE_LK) ||
1174 !(p_cb->local_r_key & SMP_SEC_KEY_TYPE_LK))
1175 {
1176 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1177 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1178 }
1179
1180 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
1181 ** Set local_r_key on master to expect only these keys.
1182 */
1183 if (p_cb->role == HCI_ROLE_MASTER)
1184 {
1185 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
1186 }
1187 }
1188 else
1189 {
1190 /* in legacy mode derivation of BR/EDR LK is not supported */
1191 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1192 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1193 }
1194 SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x "
1195 "(i-initiator r-responder)",
1196 __func__, p_cb->local_i_key, p_cb->local_r_key);
1197
1198 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
1199 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
1200 (p_cb->local_i_key || p_cb->local_r_key))
1201 {
1202 smp_sm_event(p_cb, SMP_BOND_REQ_EVT, NULL);
1203 }
1204 else
1205 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1206 }
1207 else if (enc_enable == 0)
1208 {
1209 /* if failed for encryption after pairing, send callback */
1210 if (p_cb->flags & SMP_PAIR_FLAG_ENC_AFTER_PAIR)
1211 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1212 /* if enc failed for old security information */
1213 /* if master device, clean up and abck to idle; slave device do nothing */
1214 else if (p_cb->role == HCI_ROLE_MASTER)
1215 {
1216 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1217 }
1218 }
1219 }
1220
1221 /*******************************************************************************
1222 ** Function smp_key_pick_key
1223 ** Description Pick a key distribution function based on the key mask.
1224 *******************************************************************************/
smp_key_pick_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1225 void smp_key_pick_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1226 {
1227 UINT8 key_to_dist = (p_cb->role == HCI_ROLE_SLAVE) ? p_cb->local_r_key : p_cb->local_i_key;
1228 UINT8 i = 0;
1229
1230 SMP_TRACE_DEBUG("%s key_to_dist=0x%x", __func__, key_to_dist);
1231 while (i < SMP_KEY_DIST_TYPE_MAX)
1232 {
1233 SMP_TRACE_DEBUG("key to send = %02x, i = %d", key_to_dist, i);
1234
1235 if (key_to_dist & (1 << i))
1236 {
1237 SMP_TRACE_DEBUG("smp_distribute_act[%d]", i);
1238 (* smp_distribute_act[i])(p_cb, p_data);
1239 break;
1240 }
1241 i ++;
1242 }
1243 }
1244 /*******************************************************************************
1245 ** Function smp_key_distribution
1246 ** Description start key distribution if required.
1247 *******************************************************************************/
smp_key_distribution(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1248 void smp_key_distribution(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1249 {
1250 UINT8 reason = SMP_SUCCESS;
1251 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x",
1252 __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
1253
1254 if (p_cb->role == HCI_ROLE_SLAVE ||
1255 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER))
1256 {
1257 smp_key_pick_key(p_cb, p_data);
1258 }
1259
1260 if (!p_cb->local_i_key && !p_cb->local_r_key)
1261 {
1262 /* state check to prevent re-entrant */
1263 if (smp_get_state() == SMP_STATE_BOND_PENDING)
1264 {
1265 if (p_cb->derive_lk)
1266 {
1267 smp_derive_link_key_from_long_term_key(p_cb, NULL);
1268 p_cb->derive_lk = FALSE;
1269 }
1270
1271 if (p_cb->total_tx_unacked == 0)
1272 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1273 else
1274 p_cb->wait_for_authorization_complete = TRUE;
1275 }
1276 }
1277 }
1278
1279 /*******************************************************************************
1280 ** Function smp_decide_association_model
1281 ** Description This function is called to select assoc model to be used for
1282 ** STK generation and to start STK generation process.
1283 **
1284 *******************************************************************************/
smp_decide_association_model(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1285 void smp_decide_association_model(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1286 {
1287 UINT8 failure = SMP_UNKNOWN_IO_CAP;
1288 UINT8 int_evt = 0;
1289 tSMP_KEY key;
1290 tSMP_INT_DATA *p = NULL;
1291
1292 SMP_TRACE_DEBUG("%s Association Model = %d", __func__, p_cb->selected_association_model);
1293
1294 switch (p_cb->selected_association_model)
1295 {
1296 case SMP_MODEL_ENCRYPTION_ONLY: /* TK = 0, go calculate Confirm */
1297 if (p_cb->role == HCI_ROLE_MASTER &&
1298 ((p_cb->peer_auth_req & SMP_AUTH_YN_BIT) != 0) &&
1299 ((p_cb->loc_auth_req & SMP_AUTH_YN_BIT) == 0))
1300 {
1301 SMP_TRACE_ERROR ("IO capability does not meet authentication requirement");
1302 failure = SMP_PAIR_AUTH_FAIL;
1303 p = (tSMP_INT_DATA *)&failure;
1304 int_evt = SMP_AUTH_CMPL_EVT;
1305 }
1306 else
1307 {
1308 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1309 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level );
1310
1311 key.key_type = SMP_KEY_TYPE_TK;
1312 key.p_data = p_cb->tk;
1313 p = (tSMP_INT_DATA *)&key;
1314
1315 memset(p_cb->tk, 0, BT_OCTET16_LEN);
1316 /* TK, ready */
1317 int_evt = SMP_KEY_READY_EVT;
1318 }
1319 break;
1320
1321 case SMP_MODEL_PASSKEY:
1322 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1323 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1324
1325 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1326 int_evt = SMP_TK_REQ_EVT;
1327 break;
1328
1329 case SMP_MODEL_OOB:
1330 SMP_TRACE_ERROR ("Association Model = SMP_MODEL_OOB");
1331 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1332 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1333
1334 p_cb->cb_evt = SMP_OOB_REQ_EVT;
1335 int_evt = SMP_TK_REQ_EVT;
1336 break;
1337
1338 case SMP_MODEL_KEY_NOTIF:
1339 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1340 SMP_TRACE_DEBUG("Need to generate Passkey");
1341
1342 /* generate passkey and notify application */
1343 smp_generate_passkey(p_cb, NULL);
1344 break;
1345
1346 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1347 case SMP_MODEL_SEC_CONN_NUM_COMP:
1348 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1349 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1350 case SMP_MODEL_SEC_CONN_OOB:
1351 int_evt = SMP_PUBL_KEY_EXCH_REQ_EVT;
1352 break;
1353
1354 case SMP_MODEL_OUT_OF_RANGE:
1355 SMP_TRACE_ERROR("Association Model = SMP_MODEL_OUT_OF_RANGE (failed)");
1356 p = (tSMP_INT_DATA *)&failure;
1357 int_evt = SMP_AUTH_CMPL_EVT;
1358 break;
1359
1360 default:
1361 SMP_TRACE_ERROR("Association Model = %d (SOMETHING IS WRONG WITH THE CODE)",
1362 p_cb->selected_association_model);
1363 p = (tSMP_INT_DATA *)&failure;
1364 int_evt = SMP_AUTH_CMPL_EVT;
1365 }
1366
1367 SMP_TRACE_EVENT ("sec_level=%d ", p_cb->sec_level );
1368 if (int_evt)
1369 smp_sm_event(p_cb, int_evt, p);
1370 }
1371
1372 /*******************************************************************************
1373 ** Function smp_process_io_response
1374 ** Description process IO response for a slave device.
1375 *******************************************************************************/
smp_process_io_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1376 void smp_process_io_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1377 {
1378 uint8_t reason = SMP_PAIR_AUTH_FAIL;
1379
1380 SMP_TRACE_DEBUG("%s", __func__);
1381 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)
1382 {
1383 /* pairing started by local (slave) Security Request */
1384 smp_set_state(SMP_STATE_SEC_REQ_PENDING);
1385 smp_send_cmd(SMP_OPCODE_SEC_REQ, p_cb);
1386 }
1387 else /* plan to send pairing respond */
1388 {
1389 /* pairing started by peer (master) Pairing Request */
1390 p_cb->selected_association_model = smp_select_association_model(p_cb);
1391
1392 if (p_cb->secure_connections_only_mode_required &&
1393 (!(p_cb->le_secure_connections_mode_is_used) ||
1394 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
1395 {
1396 SMP_TRACE_ERROR ("Slave requires secure connection only mode \
1397 but it can't be provided -> Slave fails pairing");
1398 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1399 return;
1400 }
1401
1402 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
1403 {
1404 if (smp_request_oob_data(p_cb)) return;
1405 }
1406 smp_send_pair_rsp(p_cb, NULL);
1407 }
1408 }
1409
1410 /*******************************************************************************
1411 ** Function smp_br_process_slave_keys_response
1412 ** Description process application keys response for a slave device
1413 ** (BR/EDR transport).
1414 *******************************************************************************/
smp_br_process_slave_keys_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1415 void smp_br_process_slave_keys_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1416 {
1417 smp_br_send_pair_response(p_cb, NULL);
1418 }
1419
1420 /*******************************************************************************
1421 ** Function smp_br_send_pair_response
1422 ** Description actions related to sending pairing response over BR/EDR transport.
1423 *******************************************************************************/
smp_br_send_pair_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1424 void smp_br_send_pair_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1425 {
1426 SMP_TRACE_DEBUG("%s", __func__);
1427
1428 p_cb->local_i_key &= p_cb->peer_i_key;
1429 p_cb->local_r_key &= p_cb->peer_r_key;
1430
1431 smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb);
1432 }
1433
1434 /*******************************************************************************
1435 ** Function smp_pairing_cmpl
1436 ** Description This function is called to send the pairing complete callback
1437 ** and remove the connection if needed.
1438 *******************************************************************************/
smp_pairing_cmpl(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1439 void smp_pairing_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1440 {
1441 if (p_cb->total_tx_unacked == 0)
1442 {
1443 /* update connection parameter to remote preferred */
1444 L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, TRUE);
1445 /* process the pairing complete */
1446 smp_proc_pairing_cmpl(p_cb);
1447 }
1448 }
1449
1450 /*******************************************************************************
1451 ** Function smp_pair_terminate
1452 ** Description This function is called to send the pairing complete callback
1453 ** and remove the connection if needed.
1454 *******************************************************************************/
smp_pair_terminate(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1455 void smp_pair_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1456 {
1457 SMP_TRACE_DEBUG("%s", __func__);
1458 p_cb->status = SMP_CONN_TOUT;
1459 smp_proc_pairing_cmpl(p_cb);
1460 }
1461
1462 /*******************************************************************************
1463 ** Function smp_idle_terminate
1464 ** Description This function calledin idle state to determine to send authentication
1465 ** complete or not.
1466 *******************************************************************************/
smp_idle_terminate(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1467 void smp_idle_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1468 {
1469 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)
1470 {
1471 SMP_TRACE_DEBUG("Pairing terminated at IDLE state.");
1472 p_cb->status = SMP_FAIL;
1473 smp_proc_pairing_cmpl(p_cb);
1474 }
1475 }
1476
1477 /*******************************************************************************
1478 ** Function smp_fast_conn_param
1479 ** Description apply default connection parameter for pairing process
1480 *******************************************************************************/
smp_fast_conn_param(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1481 void smp_fast_conn_param(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1482 {
1483 /* disable connection parameter update */
1484 L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, FALSE);
1485 }
1486
1487 /*******************************************************************************
1488 ** Function smp_both_have_public_keys
1489 ** Description The function is called when both local and peer public keys are
1490 ** saved.
1491 ** Actions:
1492 ** - invokes DHKey computation;
1493 ** - on slave side invokes sending local public key to the peer.
1494 ** - invokes SC phase 1 process.
1495 *******************************************************************************/
smp_both_have_public_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1496 void smp_both_have_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1497 {
1498 SMP_TRACE_DEBUG("%s",__func__);
1499
1500 /* invokes DHKey computation */
1501 smp_compute_dhkey(p_cb);
1502
1503 /* on slave side invokes sending local public key to the peer */
1504 if (p_cb->role == HCI_ROLE_SLAVE)
1505 smp_send_pair_public_key(p_cb, NULL);
1506
1507 smp_sm_event(p_cb, SMP_SC_DHKEY_CMPLT_EVT, NULL);
1508 }
1509
1510 /*******************************************************************************
1511 ** Function smp_start_secure_connection_phase1
1512 ** Description The function starts Secure Connection phase1 i.e. invokes initialization of Secure Connection
1513 ** phase 1 parameters and starts building/sending to the peer
1514 ** messages appropriate for the role and association model.
1515 *******************************************************************************/
smp_start_secure_connection_phase1(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1516 void smp_start_secure_connection_phase1(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1517 {
1518 SMP_TRACE_DEBUG("%s", __func__);
1519
1520 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)
1521 {
1522 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1523 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level );
1524 }
1525 else
1526 {
1527 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1528 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1529 }
1530
1531 switch(p_cb->selected_association_model)
1532 {
1533 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1534 case SMP_MODEL_SEC_CONN_NUM_COMP:
1535 memset(p_cb->local_random, 0, BT_OCTET16_LEN);
1536 smp_start_nonce_generation(p_cb);
1537 break;
1538 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1539 /* user has to provide passkey */
1540 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1541 smp_sm_event(p_cb, SMP_TK_REQ_EVT, NULL);
1542 break;
1543 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1544 /* passkey has to be provided to user */
1545 SMP_TRACE_DEBUG("Need to generate SC Passkey");
1546 smp_generate_passkey(p_cb, NULL);
1547 break;
1548 case SMP_MODEL_SEC_CONN_OOB:
1549 /* use the available OOB information */
1550 smp_process_secure_connection_oob_data(p_cb, NULL);
1551 break;
1552 default:
1553 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1554 p_cb->selected_association_model);
1555 break;
1556 }
1557 }
1558
1559 /*******************************************************************************
1560 ** Function smp_process_local_nonce
1561 ** Description The function processes new local nonce.
1562 **
1563 ** Note It is supposed to be called in SC phase1.
1564 *******************************************************************************/
smp_process_local_nonce(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1565 void smp_process_local_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1566 {
1567 SMP_TRACE_DEBUG("%s", __func__);
1568
1569 switch(p_cb->selected_association_model)
1570 {
1571 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1572 case SMP_MODEL_SEC_CONN_NUM_COMP:
1573 if (p_cb->role == HCI_ROLE_SLAVE)
1574 {
1575 /* slave calculates and sends local commitment */
1576 smp_calculate_local_commitment(p_cb);
1577 smp_send_commitment(p_cb, NULL);
1578 /* slave has to wait for peer nonce */
1579 smp_set_state(SMP_STATE_WAIT_NONCE);
1580 }
1581 else /* i.e. master */
1582 {
1583 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM)
1584 {
1585 /* slave commitment is already received, send local nonce, wait for remote nonce*/
1586 SMP_TRACE_DEBUG("master in assoc mode = %d \
1587 already rcvd slave commitment - race condition",
1588 p_cb->selected_association_model);
1589 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1590 smp_send_rand(p_cb, NULL);
1591 smp_set_state(SMP_STATE_WAIT_NONCE);
1592 }
1593 }
1594 break;
1595 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1596 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1597 smp_calculate_local_commitment(p_cb);
1598
1599 if (p_cb->role == HCI_ROLE_MASTER)
1600 {
1601 smp_send_commitment(p_cb, NULL);
1602 }
1603 else /* slave */
1604 {
1605 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM)
1606 {
1607 /* master commitment is already received */
1608 smp_send_commitment(p_cb, NULL);
1609 smp_set_state(SMP_STATE_WAIT_NONCE);
1610 }
1611 }
1612 break;
1613 case SMP_MODEL_SEC_CONN_OOB:
1614 if (p_cb->role == HCI_ROLE_MASTER)
1615 {
1616 smp_send_rand(p_cb, NULL);
1617 }
1618
1619 smp_set_state(SMP_STATE_WAIT_NONCE);
1620 break;
1621 default:
1622 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1623 p_cb->selected_association_model);
1624 break;
1625 }
1626 }
1627
1628 /*******************************************************************************
1629 ** Function smp_process_peer_nonce
1630 ** Description The function processes newly received and saved in CB peer nonce.
1631 ** The actions depend on the selected association model and the role.
1632 **
1633 ** Note It is supposed to be called in SC phase1.
1634 *******************************************************************************/
smp_process_peer_nonce(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1635 void smp_process_peer_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1636 {
1637 UINT8 reason;
1638
1639 SMP_TRACE_DEBUG("%s start ", __func__);
1640
1641 switch(p_cb->selected_association_model)
1642 {
1643 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1644 case SMP_MODEL_SEC_CONN_NUM_COMP:
1645 /* in these models only master receives commitment */
1646 if (p_cb->role == HCI_ROLE_MASTER)
1647 {
1648 if (!smp_check_commitment(p_cb))
1649 {
1650 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1651 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1652 break;
1653 }
1654 }
1655 else
1656 {
1657 /* slave sends local nonce */
1658 smp_send_rand(p_cb, NULL);
1659 }
1660
1661 if(p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)
1662 {
1663 /* go directly to phase 2 */
1664 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1665 }
1666 else /* numeric comparison */
1667 {
1668 smp_set_state(SMP_STATE_WAIT_NONCE);
1669 smp_sm_event(p_cb, SMP_SC_CALC_NC_EVT, NULL);
1670 }
1671 break;
1672 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1673 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1674 if (!smp_check_commitment(p_cb))
1675 {
1676 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1677 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1678 break;
1679 }
1680
1681 if (p_cb->role == HCI_ROLE_SLAVE)
1682 {
1683 smp_send_rand(p_cb, NULL);
1684 }
1685
1686 if (++p_cb->round < 20)
1687 {
1688 smp_set_state(SMP_STATE_SEC_CONN_PHS1_START);
1689 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1690 smp_start_nonce_generation(p_cb);
1691 break;
1692 }
1693
1694 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1695 break;
1696 case SMP_MODEL_SEC_CONN_OOB:
1697 if (p_cb->role == HCI_ROLE_SLAVE)
1698 {
1699 smp_send_rand(p_cb, NULL);
1700 }
1701
1702 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1703 break;
1704 default:
1705 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1706 p_cb->selected_association_model);
1707 break;
1708 }
1709
1710 SMP_TRACE_DEBUG("%s end ",__FUNCTION__);
1711 }
1712
1713 /*******************************************************************************
1714 ** Function smp_match_dhkey_checks
1715 ** Description checks if the calculated peer DHKey Check value is the same as
1716 ** received from the peer DHKey check value.
1717 *******************************************************************************/
smp_match_dhkey_checks(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1718 void smp_match_dhkey_checks(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1719 {
1720 UINT8 reason = SMP_DHKEY_CHK_FAIL;
1721
1722 SMP_TRACE_DEBUG("%s", __func__);
1723
1724 if (memcmp(p_data->key.p_data, p_cb->remote_dhkey_check, BT_OCTET16_LEN))
1725 {
1726 SMP_TRACE_WARNING ("dhkey chcks do no match");
1727 p_cb->failure = reason;
1728 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1729 return;
1730 }
1731
1732 SMP_TRACE_EVENT ("dhkey chcks match");
1733
1734 /* compare the max encryption key size, and save the smaller one for the link */
1735 if (p_cb->peer_enc_size < p_cb->loc_enc_size)
1736 p_cb->loc_enc_size = p_cb->peer_enc_size;
1737
1738 if (p_cb->role == HCI_ROLE_SLAVE)
1739 {
1740 smp_sm_event(p_cb, SMP_PAIR_DHKEY_CHCK_EVT, NULL);
1741 }
1742 else
1743 {
1744 /* master device always use received i/r key as keys to distribute */
1745 p_cb->local_i_key = p_cb->peer_i_key;
1746 p_cb->local_r_key = p_cb->peer_r_key;
1747 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1748 }
1749 }
1750
1751 /*******************************************************************************
1752 ** Function smp_move_to_secure_connections_phase2
1753 ** Description Signal State Machine to start SC phase 2 initialization (to
1754 ** compute local DHKey Check value).
1755 **
1756 ** Note SM is supposed to be in the state SMP_STATE_SEC_CONN_PHS2_START.
1757 *******************************************************************************/
smp_move_to_secure_connections_phase2(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1758 void smp_move_to_secure_connections_phase2(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1759 {
1760 SMP_TRACE_DEBUG("%s",__func__);
1761 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1762 }
1763
1764 /*******************************************************************************
1765 ** Function smp_phase_2_dhkey_checks_are_present
1766 ** Description generates event if dhkey check from the peer is already received.
1767 **
1768 ** Note It is supposed to be used on slave to prevent race condition.
1769 ** It is supposed to be called after slave dhkey check is calculated.
1770 *******************************************************************************/
smp_phase_2_dhkey_checks_are_present(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1771 void smp_phase_2_dhkey_checks_are_present(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1772 {
1773 SMP_TRACE_DEBUG("%s",__func__);
1774
1775 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK)
1776 smp_sm_event(p_cb, SMP_SC_2_DHCK_CHKS_PRES_EVT, NULL);
1777 }
1778
1779 /*******************************************************************************
1780 ** Function smp_wait_for_both_public_keys
1781 ** Description generates SMP_BOTH_PUBL_KEYS_RCVD_EVT event when both local and master
1782 ** public keys are available.
1783 **
1784 ** Note on the slave it is used to prevent race condition.
1785 **
1786 *******************************************************************************/
smp_wait_for_both_public_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1787 void smp_wait_for_both_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1788 {
1789 SMP_TRACE_DEBUG("%s",__func__);
1790
1791 if ((p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY) &&
1792 (p_cb->flags & SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY))
1793 {
1794 if ((p_cb->role == HCI_ROLE_SLAVE) &&
1795 ((p_cb->req_oob_type == SMP_OOB_LOCAL) || (p_cb->req_oob_type == SMP_OOB_BOTH)))
1796 {
1797 smp_set_state(SMP_STATE_PUBLIC_KEY_EXCH);
1798 }
1799 smp_sm_event(p_cb, SMP_BOTH_PUBL_KEYS_RCVD_EVT, NULL);
1800 }
1801 }
1802
1803 /*******************************************************************************
1804 ** Function smp_start_passkey_verification
1805 ** Description Starts SC passkey entry verification.
1806 *******************************************************************************/
smp_start_passkey_verification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1807 void smp_start_passkey_verification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1808 {
1809 UINT8 *p = NULL;
1810
1811 SMP_TRACE_DEBUG("%s", __func__);
1812 p = p_cb->local_random;
1813 UINT32_TO_STREAM(p, p_data->passkey);
1814
1815 p = p_cb->peer_random;
1816 UINT32_TO_STREAM(p, p_data->passkey);
1817
1818 p_cb->round = 0;
1819 smp_start_nonce_generation(p_cb);
1820 }
1821
1822 /*******************************************************************************
1823 ** Function smp_process_secure_connection_oob_data
1824 ** Description Processes local/peer SC OOB data received from somewhere.
1825 *******************************************************************************/
smp_process_secure_connection_oob_data(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1826 void smp_process_secure_connection_oob_data(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1827 {
1828 SMP_TRACE_DEBUG("%s", __func__);
1829
1830 tSMP_SC_OOB_DATA *p_sc_oob_data = &p_cb->sc_oob_data;
1831 if (p_sc_oob_data->loc_oob_data.present)
1832 {
1833 memcpy(p_cb->local_random, p_sc_oob_data->loc_oob_data.randomizer,
1834 sizeof(p_cb->local_random));
1835 }
1836 else
1837 {
1838 SMP_TRACE_EVENT ("local OOB randomizer is absent");
1839 memset(p_cb->local_random, 0, sizeof (p_cb->local_random));
1840 }
1841
1842 if (!p_sc_oob_data->peer_oob_data.present)
1843 {
1844 SMP_TRACE_EVENT ("peer OOB data is absent");
1845 memset(p_cb->peer_random, 0, sizeof (p_cb->peer_random));
1846 }
1847 else
1848 {
1849 memcpy(p_cb->peer_random, p_sc_oob_data->peer_oob_data.randomizer,
1850 sizeof(p_cb->peer_random));
1851 memcpy(p_cb->remote_commitment, p_sc_oob_data->peer_oob_data.commitment,
1852 sizeof(p_cb->remote_commitment));
1853
1854 UINT8 reason = SMP_CONFIRM_VALUE_ERR;
1855 /* check commitment */
1856 if (!smp_check_commitment(p_cb))
1857 {
1858 p_cb->failure = reason;
1859 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1860 return;
1861 }
1862
1863 if (p_cb->peer_oob_flag != SMP_OOB_PRESENT)
1864 {
1865 /* the peer doesn't have local randomiser */
1866 SMP_TRACE_EVENT ("peer didn't receive local OOB data, set local randomizer to 0");
1867 memset(p_cb->local_random, 0, sizeof (p_cb->local_random));
1868 }
1869 }
1870
1871 print128(p_cb->local_random, (const UINT8 *)"local OOB randomizer");
1872 print128(p_cb->peer_random, (const UINT8 *)"peer OOB randomizer");
1873 smp_start_nonce_generation(p_cb);
1874 }
1875
1876 /*******************************************************************************
1877 ** Function smp_set_local_oob_keys
1878 ** Description Saves calculated private/public keys in sc_oob_data.loc_oob_data,
1879 ** starts nonce generation
1880 ** (to be saved in sc_oob_data.loc_oob_data.randomizer).
1881 *******************************************************************************/
smp_set_local_oob_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1882 void smp_set_local_oob_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1883 {
1884 SMP_TRACE_DEBUG("%s", __func__);
1885
1886 memcpy(p_cb->sc_oob_data.loc_oob_data.private_key_used, p_cb->private_key,
1887 BT_OCTET32_LEN);
1888 p_cb->sc_oob_data.loc_oob_data.publ_key_used = p_cb->loc_publ_key;
1889 smp_start_nonce_generation(p_cb);
1890 }
1891
1892 /*******************************************************************************
1893 ** Function smp_set_local_oob_random_commitment
1894 ** Description Saves calculated randomizer and commitment in sc_oob_data.loc_oob_data,
1895 ** passes sc_oob_data.loc_oob_data up for safekeeping.
1896 *******************************************************************************/
smp_set_local_oob_random_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1897 void smp_set_local_oob_random_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1898 {
1899 SMP_TRACE_DEBUG("%s", __func__);
1900 memcpy(p_cb->sc_oob_data.loc_oob_data.randomizer, p_cb->rand,
1901 BT_OCTET16_LEN);
1902
1903 smp_calculate_f4(p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1904 p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1905 p_cb->sc_oob_data.loc_oob_data.randomizer, 0,
1906 p_cb->sc_oob_data.loc_oob_data.commitment);
1907
1908 #if SMP_DEBUG == TRUE
1909 UINT8 *p_print = NULL;
1910 SMP_TRACE_DEBUG("local SC OOB data set:");
1911 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.addr_sent_to;
1912 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"addr_sent_to",
1913 sizeof(tBLE_BD_ADDR));
1914 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.private_key_used;
1915 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"private_key_used",
1916 BT_OCTET32_LEN);
1917 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.x;
1918 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.x",
1919 BT_OCTET32_LEN);
1920 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.y;
1921 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.y",
1922 BT_OCTET32_LEN);
1923 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.randomizer;
1924 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"randomizer",
1925 BT_OCTET16_LEN);
1926 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.commitment;
1927 smp_debug_print_nbyte_little_endian (p_print,(const UINT8 *) "commitment",
1928 BT_OCTET16_LEN);
1929 SMP_TRACE_DEBUG("");
1930 #endif
1931
1932 /* pass created OOB data up */
1933 p_cb->cb_evt = SMP_SC_LOC_OOB_DATA_UP_EVT;
1934 smp_send_app_cback(p_cb, NULL);
1935
1936 smp_cb_cleanup(p_cb);
1937 }
1938
1939 /*******************************************************************************
1940 **
1941 ** Function smp_link_encrypted
1942 **
1943 ** Description This function is called when link is encrypted and notified to
1944 ** slave device. Proceed to to send LTK, DIV and ER to master if
1945 ** bonding the devices.
1946 **
1947 **
1948 ** Returns void
1949 **
1950 *******************************************************************************/
smp_link_encrypted(BD_ADDR bda,UINT8 encr_enable)1951 void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable)
1952 {
1953 tSMP_CB *p_cb = &smp_cb;
1954
1955 SMP_TRACE_DEBUG("%s encr_enable=%d", __func__, encr_enable);
1956
1957 if (memcmp(&smp_cb.pairing_bda[0], bda, BD_ADDR_LEN) == 0)
1958 {
1959 /* encryption completed with STK, remmeber the key size now, could be overwite
1960 * when key exchange happens */
1961 if (p_cb->loc_enc_size != 0 && encr_enable)
1962 {
1963 /* update the link encryption key size if a SMP pairing just performed */
1964 btm_ble_update_sec_key_size(bda, p_cb->loc_enc_size);
1965 }
1966
1967 smp_sm_event(&smp_cb, SMP_ENCRYPTED_EVT, &encr_enable);
1968 }
1969 }
1970
1971 /*******************************************************************************
1972 **
1973 ** Function smp_proc_ltk_request
1974 **
1975 ** Description This function is called when LTK request is received from
1976 ** controller.
1977 **
1978 ** Returns void
1979 **
1980 *******************************************************************************/
smp_proc_ltk_request(BD_ADDR bda)1981 BOOLEAN smp_proc_ltk_request(BD_ADDR bda)
1982 {
1983 SMP_TRACE_DEBUG("%s state = %d", __func__, smp_cb.state);
1984 BOOLEAN match = FALSE;
1985
1986 if (!memcmp(bda, smp_cb.pairing_bda, BD_ADDR_LEN))
1987 {
1988 match = TRUE;
1989 } else {
1990 BD_ADDR dummy_bda = {0};
1991 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bda);
1992 if (p_dev_rec != NULL &&
1993 0 == memcmp(p_dev_rec->ble.pseudo_addr, smp_cb.pairing_bda, BD_ADDR_LEN) &&
1994 0 != memcmp(p_dev_rec->ble.pseudo_addr, dummy_bda, BD_ADDR_LEN))
1995 {
1996 match = TRUE;
1997 }
1998 }
1999
2000 if (match && smp_cb.state == SMP_STATE_ENCRYPTION_PENDING)
2001 {
2002 smp_sm_event(&smp_cb, SMP_ENC_REQ_EVT, NULL);
2003 return TRUE;
2004 }
2005
2006 return FALSE;
2007 }
2008
2009 /*******************************************************************************
2010 **
2011 ** Function smp_process_secure_connection_long_term_key
2012 **
2013 ** Description This function is called to process SC LTK.
2014 ** SC LTK is calculated and used instead of STK.
2015 ** Here SC LTK is saved in BLE DB.
2016 **
2017 ** Returns void
2018 **
2019 *******************************************************************************/
smp_process_secure_connection_long_term_key(void)2020 void smp_process_secure_connection_long_term_key(void)
2021 {
2022 tSMP_CB *p_cb = &smp_cb;
2023
2024 SMP_TRACE_DEBUG("%s", __func__);
2025 smp_save_secure_connections_long_term_key(p_cb);
2026
2027 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
2028 smp_key_distribution(p_cb, NULL);
2029 }
2030
2031 /*******************************************************************************
2032 **
2033 ** Function smp_set_derive_link_key
2034 **
2035 ** Description This function is called to set flag that indicates that
2036 ** BR/EDR LK has to be derived from LTK after all keys are
2037 ** distributed.
2038 **
2039 ** Returns void
2040 **
2041 *******************************************************************************/
smp_set_derive_link_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2042 void smp_set_derive_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2043 {
2044 SMP_TRACE_DEBUG ("%s", __func__);
2045 p_cb->derive_lk = TRUE;
2046 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_LK, FALSE);
2047 smp_key_distribution(p_cb, NULL);
2048 }
2049
2050 /*******************************************************************************
2051 **
2052 ** Function smp_derive_link_key_from_long_term_key
2053 **
2054 ** Description This function is called to derive BR/EDR LK from LTK.
2055 **
2056 ** Returns void
2057 **
2058 *******************************************************************************/
smp_derive_link_key_from_long_term_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2059 void smp_derive_link_key_from_long_term_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2060 {
2061 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
2062
2063 SMP_TRACE_DEBUG("%s", __func__);
2064 if (!smp_calculate_link_key_from_long_term_key(p_cb))
2065 {
2066 SMP_TRACE_ERROR("%s failed", __FUNCTION__);
2067 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
2068 return;
2069 }
2070 }
2071
2072 /*******************************************************************************
2073 **
2074 ** Function smp_br_process_link_key
2075 **
2076 ** Description This function is called to process BR/EDR LK:
2077 ** - to derive SMP LTK from BR/EDR LK;
2078 *8 - to save SMP LTK.
2079 **
2080 ** Returns void
2081 **
2082 *******************************************************************************/
smp_br_process_link_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2083 void smp_br_process_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2084 {
2085 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
2086
2087 SMP_TRACE_DEBUG("%s", __func__);
2088 if (!smp_calculate_long_term_key_from_link_key(p_cb))
2089 {
2090 SMP_TRACE_ERROR ("%s failed",__FUNCTION__);
2091 smp_sm_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &status);
2092 return;
2093 }
2094
2095 SMP_TRACE_DEBUG("%s: LTK derivation from LK successfully completed", __FUNCTION__);
2096 smp_save_secure_connections_long_term_key(p_cb);
2097 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
2098 smp_br_select_next_key(p_cb, NULL);
2099 }
2100
2101 /*******************************************************************************
2102 ** Function smp_key_distribution_by_transport
2103 ** Description depending on the transport used at the moment calls either
2104 ** smp_key_distribution(...) or smp_br_key_distribution(...).
2105 *******************************************************************************/
smp_key_distribution_by_transport(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2106 void smp_key_distribution_by_transport(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2107 {
2108 SMP_TRACE_DEBUG("%s", __func__);
2109 if (p_cb->smp_over_br)
2110 {
2111 smp_br_select_next_key(p_cb, NULL);
2112 }
2113 else
2114 {
2115 smp_key_distribution(p_cb, NULL);
2116 }
2117 }
2118
2119 /*******************************************************************************
2120 ** Function smp_br_pairing_complete
2121 ** Description This function is called to send the pairing complete callback
2122 ** and remove the connection if needed.
2123 *******************************************************************************/
smp_br_pairing_complete(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2124 void smp_br_pairing_complete(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2125 {
2126 SMP_TRACE_DEBUG("%s", __func__);
2127
2128 if (p_cb->total_tx_unacked == 0)
2129 {
2130 /* process the pairing complete */
2131 smp_proc_pairing_cmpl(p_cb);
2132 }
2133 }
2134
2135 #endif
2136