1 /******************************************************************************
2 *
3 * Copyright (C) 2003-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 #include <string.h>
20 #include "device/include/interop.h"
21 #include "include/bt_target.h"
22 #include "stack/btm/btm_int.h"
23 #include "stack/include/l2c_api.h"
24 #include "stack/smp/smp_int.h"
25 #include "utils/include/bt_utils.h"
26
27 extern fixed_queue_t *btu_general_alarm_queue;
28
29 #if SMP_INCLUDED == TRUE
30 const UINT8 smp_association_table[2][SMP_IO_CAP_MAX][SMP_IO_CAP_MAX] =
31 {
32 /* initiator */
33 {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* Display Only */
34 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* SMP_CAP_IO = 1 */
35 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* keyboard only */
36 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */
37 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}}, /* keyboard display */
38 /* responder */
39 {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* Display Only */
40 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* SMP_CAP_IO = 1 */
41 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* keyboard only */
42 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */
43 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}} /* keyboard display */
44 /* display only */ /*SMP_CAP_IO = 1 */ /* keyboard only */ /* No InputOutput */ /* keyboard display */
45 };
46
47 #define SMP_KEY_DIST_TYPE_MAX 4
48 const tSMP_ACT smp_distribute_act [] =
49 {
50 smp_generate_ltk,
51 smp_send_id_info,
52 smp_generate_csrk,
53 smp_set_derive_link_key
54 };
55
lmp_version_below(BD_ADDR bda,uint8_t version)56 static bool lmp_version_below(BD_ADDR bda, uint8_t version)
57 {
58 tACL_CONN *acl = btm_bda_to_acl(bda, BT_TRANSPORT_LE);
59 if (acl == NULL || acl->lmp_version == 0)
60 {
61 SMP_TRACE_WARNING("%s cannot retrieve LMP version...", __func__);
62 return false;
63 }
64 SMP_TRACE_WARNING("%s LMP version %d < %d", __func__, acl->lmp_version, version);
65 return acl->lmp_version < version;
66 }
67
pts_test_send_authentication_complete_failure(tSMP_CB * p_cb)68 static bool pts_test_send_authentication_complete_failure(tSMP_CB *p_cb)
69 {
70 uint8_t reason = 0;
71
72 if (p_cb->cert_failure < 2 || p_cb->cert_failure > 6)
73 return false;
74
75 SMP_TRACE_ERROR("%s failure case = %d", __func__, p_cb->cert_failure);
76
77 switch (p_cb->cert_failure)
78 {
79 case 2:
80 reason = SMP_PAIR_AUTH_FAIL;
81 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
82 break;
83 case 3:
84 reason = SMP_PAIR_FAIL_UNKNOWN;
85 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
86 break;
87 case 4:
88 reason = SMP_PAIR_NOT_SUPPORT;
89 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
90 break;
91 case 5:
92 reason = SMP_PASSKEY_ENTRY_FAIL;
93 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
94 break;
95 case 6:
96 reason = SMP_REPEATED_ATTEMPTS;
97 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
98 break;
99 }
100
101 return true;;
102 }
103
104 /*******************************************************************************
105 ** Function smp_update_key_mask
106 ** Description This function updates the key mask for sending or receiving.
107 *******************************************************************************/
smp_update_key_mask(tSMP_CB * p_cb,UINT8 key_type,BOOLEAN recv)108 static void smp_update_key_mask (tSMP_CB *p_cb, UINT8 key_type, BOOLEAN recv)
109 {
110 SMP_TRACE_DEBUG("%s before update role=%d recv=%d local_i_key = %02x, local_r_key = %02x",
111 __func__, p_cb->role, recv, p_cb->local_i_key, p_cb->local_r_key);
112
113 if (((p_cb->le_secure_connections_mode_is_used) ||
114 (p_cb->smp_over_br)) &&
115 ((key_type == SMP_SEC_KEY_TYPE_ENC) || (key_type == SMP_SEC_KEY_TYPE_LK)))
116 {
117 /* in LE SC mode LTK, CSRK and BR/EDR LK are derived locally instead of
118 ** being exchanged with the peer */
119 p_cb->local_i_key &= ~key_type;
120 p_cb->local_r_key &= ~key_type;
121 }
122 else
123 if (p_cb->role == HCI_ROLE_SLAVE)
124 {
125 if (recv)
126 p_cb->local_i_key &= ~key_type;
127 else
128 p_cb->local_r_key &= ~key_type;
129 }
130 else
131 {
132 if (recv)
133 p_cb->local_r_key &= ~key_type;
134 else
135 p_cb->local_i_key &= ~key_type;
136 }
137
138 SMP_TRACE_DEBUG("updated local_i_key = %02x, local_r_key = %02x", p_cb->local_i_key,
139 p_cb->local_r_key);
140 }
141
142 /*******************************************************************************
143 ** Function smp_send_app_cback
144 ** Description notifies application about the events the application is interested in
145 *******************************************************************************/
smp_send_app_cback(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)146 void smp_send_app_cback(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
147 {
148 tSMP_EVT_DATA cb_data;
149 tSMP_STATUS callback_rc;
150 SMP_TRACE_DEBUG("%s p_cb->cb_evt=%d", __func__, p_cb->cb_evt);
151 if (p_cb->p_callback && p_cb->cb_evt != 0)
152 {
153 switch (p_cb->cb_evt)
154 {
155 case SMP_IO_CAP_REQ_EVT:
156 cb_data.io_req.auth_req = p_cb->peer_auth_req;
157 cb_data.io_req.oob_data = SMP_OOB_NONE;
158 cb_data.io_req.io_cap = SMP_DEFAULT_IO_CAPS;
159 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
160 cb_data.io_req.init_keys = p_cb->local_i_key ;
161 cb_data.io_req.resp_keys = p_cb->local_r_key ;
162 SMP_TRACE_WARNING ( "io_cap = %d",cb_data.io_req.io_cap);
163 break;
164
165 case SMP_NC_REQ_EVT:
166 cb_data.passkey = p_data->passkey;
167 break;
168 case SMP_SC_OOB_REQ_EVT:
169 cb_data.req_oob_type = p_data->req_oob_type;
170 break;
171 case SMP_SC_LOC_OOB_DATA_UP_EVT:
172 cb_data.loc_oob_data = p_cb->sc_oob_data.loc_oob_data;
173 break;
174
175 case SMP_BR_KEYS_REQ_EVT:
176 cb_data.io_req.auth_req = 0;
177 cb_data.io_req.oob_data = SMP_OOB_NONE;
178 cb_data.io_req.io_cap = 0;
179 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
180 cb_data.io_req.init_keys = SMP_BR_SEC_DEFAULT_KEY;
181 cb_data.io_req.resp_keys = SMP_BR_SEC_DEFAULT_KEY;
182 break;
183
184 default:
185 break;
186 }
187
188 callback_rc = (*p_cb->p_callback)(p_cb->cb_evt, p_cb->pairing_bda, &cb_data);
189
190 SMP_TRACE_DEBUG("callback_rc=%d p_cb->cb_evt=%d",callback_rc, p_cb->cb_evt );
191
192 if (callback_rc == SMP_SUCCESS)
193 {
194 switch (p_cb->cb_evt)
195 {
196 case SMP_IO_CAP_REQ_EVT:
197 p_cb->loc_auth_req = cb_data.io_req.auth_req;
198 p_cb->local_io_capability = cb_data.io_req.io_cap;
199 p_cb->loc_oob_flag = cb_data.io_req.oob_data;
200 p_cb->loc_enc_size = cb_data.io_req.max_key_size;
201 p_cb->local_i_key = cb_data.io_req.init_keys;
202 p_cb->local_r_key = cb_data.io_req.resp_keys;
203
204 if (!(p_cb->loc_auth_req & SMP_AUTH_BOND))
205 {
206 SMP_TRACE_WARNING ("Non bonding: No keys will be exchanged");
207 p_cb->local_i_key = 0;
208 p_cb->local_r_key = 0;
209 }
210
211 SMP_TRACE_WARNING ( "rcvd auth_req: 0x%02x, io_cap: %d \
212 loc_oob_flag: %d loc_enc_size: %d,"
213 "local_i_key: 0x%02x, local_r_key: 0x%02x",
214 p_cb->loc_auth_req, p_cb->local_io_capability, p_cb->loc_oob_flag,
215 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key);
216
217 p_cb->secure_connections_only_mode_required =
218 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE;
219
220 if (p_cb->secure_connections_only_mode_required)
221 {
222 p_cb->loc_auth_req |= SMP_SC_SUPPORT_BIT;
223 }
224
225 if (!(p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT)
226 || lmp_version_below(p_cb->pairing_bda, HCI_PROTO_VERSION_4_2)
227 || interop_match_addr(INTEROP_DISABLE_LE_SECURE_CONNECTIONS,
228 (const bt_bdaddr_t *)&p_cb->pairing_bda))
229 {
230 p_cb->loc_auth_req &= ~SMP_KP_SUPPORT_BIT;
231 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
232 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
233 }
234
235 SMP_TRACE_WARNING("set auth_req: 0x%02x, local_i_key: 0x%02x, local_r_key: 0x%02x",
236 p_cb->loc_auth_req, p_cb->local_i_key, p_cb->local_r_key);
237
238 smp_sm_event(p_cb, SMP_IO_RSP_EVT, NULL);
239 break;
240
241 case SMP_BR_KEYS_REQ_EVT:
242 p_cb->loc_enc_size = cb_data.io_req.max_key_size;
243 p_cb->local_i_key = cb_data.io_req.init_keys;
244 p_cb->local_r_key = cb_data.io_req.resp_keys;
245
246 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
247 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
248
249 SMP_TRACE_WARNING ( "for SMP over BR max_key_size: 0x%02x,\
250 local_i_key: 0x%02x, local_r_key: 0x%02x",
251 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key);
252
253 smp_br_state_machine_event(p_cb, SMP_BR_KEYS_RSP_EVT, NULL);
254 break;
255 }
256 }
257 }
258
259 if (!p_cb->cb_evt && p_cb->discard_sec_req)
260 {
261 p_cb->discard_sec_req = FALSE;
262 smp_sm_event(p_cb, SMP_DISCARD_SEC_REQ_EVT, NULL);
263 }
264
265 SMP_TRACE_DEBUG("%s return", __func__);
266 }
267
268 /*******************************************************************************
269 ** Function smp_send_pair_fail
270 ** Description pairing failure to peer device if needed.
271 *******************************************************************************/
smp_send_pair_fail(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)272 void smp_send_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
273 {
274 p_cb->status = *(UINT8 *)p_data;
275 p_cb->failure = *(UINT8 *)p_data;
276
277 SMP_TRACE_DEBUG("%s status=%d failure=%d ", __func__, p_cb->status, p_cb->failure);
278
279 if (p_cb->status <= SMP_MAX_FAIL_RSN_PER_SPEC && p_cb->status != SMP_SUCCESS)
280 {
281 smp_send_cmd(SMP_OPCODE_PAIRING_FAILED, p_cb);
282 p_cb->wait_for_authorization_complete = TRUE;
283 }
284 }
285
286 /*******************************************************************************
287 ** Function smp_send_pair_req
288 ** Description actions related to sending pairing request
289 *******************************************************************************/
smp_send_pair_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)290 void smp_send_pair_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
291 {
292 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
293 SMP_TRACE_DEBUG("%s", __func__);
294
295 /* erase all keys when master sends pairing req*/
296 if (p_dev_rec)
297 btm_sec_clear_ble_keys(p_dev_rec);
298 /* do not manipulate the key, let app decide,
299 leave out to BTM to mandate key distribution for bonding case */
300 smp_send_cmd(SMP_OPCODE_PAIRING_REQ, p_cb);
301 }
302
303 /*******************************************************************************
304 ** Function smp_send_pair_rsp
305 ** Description actions related to sending pairing response
306 *******************************************************************************/
smp_send_pair_rsp(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)307 void smp_send_pair_rsp(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
308 {
309 SMP_TRACE_DEBUG("%s", __func__);
310
311 p_cb->local_i_key &= p_cb->peer_i_key;
312 p_cb->local_r_key &= p_cb->peer_r_key;
313
314 if (smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb))
315 {
316 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
317 smp_use_oob_private_key(p_cb, NULL);
318 else
319 smp_decide_association_model(p_cb, NULL);
320 }
321 }
322
323 /*******************************************************************************
324 ** Function smp_send_confirm
325 ** Description send confirmation to the peer
326 *******************************************************************************/
smp_send_confirm(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)327 void smp_send_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
328 {
329 SMP_TRACE_DEBUG("%s", __func__);
330 smp_send_cmd(SMP_OPCODE_CONFIRM, p_cb);
331 }
332
333 /*******************************************************************************
334 ** Function smp_send_init
335 ** Description process pairing initializer to slave device
336 *******************************************************************************/
smp_send_init(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)337 void smp_send_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
338 {
339 SMP_TRACE_DEBUG("%s", __func__);
340 smp_send_cmd(SMP_OPCODE_INIT, p_cb);
341 }
342
343 /*******************************************************************************
344 ** Function smp_send_rand
345 ** Description send pairing random to the peer
346 *******************************************************************************/
smp_send_rand(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)347 void smp_send_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
348 {
349 SMP_TRACE_DEBUG("%s", __func__);
350 smp_send_cmd(SMP_OPCODE_RAND, p_cb);
351 }
352
353 /*******************************************************************************
354 ** Function smp_send_pair_public_key
355 ** Description send pairing public key command to the peer
356 *******************************************************************************/
smp_send_pair_public_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)357 void smp_send_pair_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
358 {
359 SMP_TRACE_DEBUG("%s", __func__);
360 smp_send_cmd(SMP_OPCODE_PAIR_PUBLIC_KEY, p_cb);
361 }
362
363 /*******************************************************************************
364 ** Function SMP_SEND_COMMITMENT
365 ** Description send commitment command to the peer
366 *******************************************************************************/
smp_send_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)367 void smp_send_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
368 {
369 SMP_TRACE_DEBUG("%s", __func__);
370 smp_send_cmd(SMP_OPCODE_PAIR_COMMITM, p_cb);
371 }
372
373 /*******************************************************************************
374 ** Function smp_send_dhkey_check
375 ** Description send DHKey Check command to the peer
376 *******************************************************************************/
smp_send_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)377 void smp_send_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
378 {
379 SMP_TRACE_DEBUG("%s", __func__);
380 smp_send_cmd(SMP_OPCODE_PAIR_DHKEY_CHECK, p_cb);
381 }
382
383 /*******************************************************************************
384 ** Function smp_send_keypress_notification
385 ** Description send Keypress Notification command to the peer
386 *******************************************************************************/
smp_send_keypress_notification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)387 void smp_send_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
388 {
389 p_cb->local_keypress_notification = *(UINT8 *) p_data;
390 smp_send_cmd(SMP_OPCODE_PAIR_KEYPR_NOTIF, p_cb);
391 }
392
393 /*******************************************************************************
394 ** Function smp_send_enc_info
395 ** Description send encryption information command.
396 *******************************************************************************/
smp_send_enc_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)397 void smp_send_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
398 {
399 tBTM_LE_LENC_KEYS le_key;
400
401 SMP_TRACE_DEBUG("%s p_cb->loc_enc_size = %d", __func__, p_cb->loc_enc_size);
402 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
403
404 smp_send_cmd(SMP_OPCODE_ENCRYPT_INFO, p_cb);
405 smp_send_cmd(SMP_OPCODE_MASTER_ID, p_cb);
406
407 /* save the DIV and key size information when acting as slave device */
408 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
409 le_key.div = p_cb->div;
410 le_key.key_size = p_cb->loc_enc_size;
411 le_key.sec_level = p_cb->sec_level;
412
413 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
414 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LENC,
415 (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
416
417 SMP_TRACE_WARNING ("%s", __func__);
418
419 smp_key_distribution(p_cb, NULL);
420 }
421
422 /*******************************************************************************
423 ** Function smp_send_id_info
424 ** Description send ID information command.
425 *******************************************************************************/
smp_send_id_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)426 void smp_send_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
427 {
428 tBTM_LE_KEY_VALUE le_key;
429 SMP_TRACE_DEBUG("%s", __func__);
430 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, FALSE);
431
432 smp_send_cmd(SMP_OPCODE_IDENTITY_INFO, p_cb);
433 smp_send_cmd(SMP_OPCODE_ID_ADDR, p_cb);
434
435 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
436 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LID,
437 &le_key, TRUE);
438
439 SMP_TRACE_WARNING ("%s", __func__);
440 smp_key_distribution_by_transport(p_cb, NULL);
441 }
442
443 /*******************************************************************************
444 ** Function smp_send_csrk_info
445 ** Description send CSRK command.
446 *******************************************************************************/
smp_send_csrk_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)447 void smp_send_csrk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
448 {
449 tBTM_LE_LCSRK_KEYS key;
450 SMP_TRACE_DEBUG("%s", __func__);
451 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, FALSE);
452
453 if (smp_send_cmd(SMP_OPCODE_SIGN_INFO, p_cb))
454 {
455 key.div = p_cb->div;
456 key.sec_level = p_cb->sec_level;
457 key.counter = 0; /* initialize the local counter */
458 memcpy (key.csrk, p_cb->csrk, BT_OCTET16_LEN);
459 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LCSRK, (tBTM_LE_KEY_VALUE *)&key, TRUE);
460 }
461
462 smp_key_distribution_by_transport(p_cb, NULL);
463 }
464
465 /*******************************************************************************
466 ** Function smp_send_ltk_reply
467 ** Description send LTK reply
468 *******************************************************************************/
smp_send_ltk_reply(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)469 void smp_send_ltk_reply(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
470 {
471 SMP_TRACE_DEBUG("%s", __func__);
472 /* send stk as LTK response */
473 btm_ble_ltk_request_reply(p_cb->pairing_bda, TRUE, p_data->key.p_data);
474 }
475
476 /*******************************************************************************
477 ** Function smp_proc_sec_req
478 ** Description process security request.
479 *******************************************************************************/
smp_proc_sec_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)480 void smp_proc_sec_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
481 {
482 tBTM_LE_AUTH_REQ auth_req = *(tBTM_LE_AUTH_REQ *)p_data;
483 tBTM_BLE_SEC_REQ_ACT sec_req_act;
484 UINT8 reason;
485
486 SMP_TRACE_DEBUG("%s auth_req=0x%x", __func__, auth_req);
487
488 p_cb->cb_evt = 0;
489
490 btm_ble_link_sec_check(p_cb->pairing_bda, auth_req, &sec_req_act);
491
492 SMP_TRACE_DEBUG("%s sec_req_act=0x%x", __func__, sec_req_act);
493
494 switch (sec_req_act)
495 {
496 case BTM_BLE_SEC_REQ_ACT_ENCRYPT:
497 SMP_TRACE_DEBUG("%s BTM_BLE_SEC_REQ_ACT_ENCRYPT", __func__);
498 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
499 break;
500
501 case BTM_BLE_SEC_REQ_ACT_PAIR:
502 p_cb->secure_connections_only_mode_required =
503 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE;
504
505 /* respond to non SC pairing request as failure in SC only mode */
506 if (p_cb->secure_connections_only_mode_required &&
507 (auth_req & SMP_SC_SUPPORT_BIT) == 0)
508 {
509 reason = SMP_PAIR_AUTH_FAIL;
510 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
511 }
512 else
513 {
514 /* initialize local i/r key to be default keys */
515 p_cb->peer_auth_req = auth_req;
516 p_cb->local_r_key = p_cb->local_i_key = SMP_SEC_DEFAULT_KEY ;
517 p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
518 }
519 break;
520
521 case BTM_BLE_SEC_REQ_ACT_DISCARD:
522 p_cb->discard_sec_req = TRUE;
523 break;
524
525 default:
526 /* do nothing */
527 break;
528 }
529 }
530
531 /*******************************************************************************
532 ** Function smp_proc_sec_grant
533 ** Description process security grant.
534 *******************************************************************************/
smp_proc_sec_grant(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)535 void smp_proc_sec_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
536 {
537 UINT8 res= *(UINT8 *)p_data;
538 SMP_TRACE_DEBUG("%s", __func__);
539 if (res != SMP_SUCCESS)
540 {
541 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, p_data);
542 }
543 else /*otherwise, start pairing */
544 {
545 /* send IO request callback */
546 p_cb->cb_evt = SMP_IO_CAP_REQ_EVT;
547 }
548 }
549
550 /*******************************************************************************
551 ** Function smp_proc_pair_fail
552 ** Description process pairing failure from peer device
553 *******************************************************************************/
smp_proc_pair_fail(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)554 void smp_proc_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
555 {
556 SMP_TRACE_DEBUG("%s", __func__);
557 p_cb->status = *(UINT8 *)p_data;
558
559 /* Cancel pending auth complete timer if set */
560 alarm_cancel(p_cb->delayed_auth_timer_ent);
561 }
562
563 /*******************************************************************************
564 ** Function smp_proc_pair_cmd
565 ** Description Process the SMP pairing request/response from peer device
566 *******************************************************************************/
smp_proc_pair_cmd(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)567 void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
568 {
569 UINT8 *p = (UINT8 *)p_data;
570 UINT8 reason = SMP_ENC_KEY_SIZE;
571 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
572
573 SMP_TRACE_DEBUG("%s", __func__);
574 /* erase all keys if it is slave proc pairing req*/
575 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
576 btm_sec_clear_ble_keys(p_dev_rec);
577
578 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
579
580 STREAM_TO_UINT8(p_cb->peer_io_caps, p);
581 STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
582 STREAM_TO_UINT8(p_cb->peer_auth_req, p);
583 STREAM_TO_UINT8(p_cb->peer_enc_size, p);
584 STREAM_TO_UINT8(p_cb->peer_i_key, p);
585 STREAM_TO_UINT8(p_cb->peer_r_key, p);
586
587 if (smp_command_has_invalid_parameters(p_cb))
588 {
589 reason = SMP_INVALID_PARAMETERS;
590 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
591 return;
592 }
593
594 // PTS Testing failure modes
595 if (pts_test_send_authentication_complete_failure(p_cb))
596 return;
597
598 if (p_cb->role == HCI_ROLE_SLAVE)
599 {
600 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD))
601 {
602 /* peer (master) started pairing sending Pairing Request */
603 p_cb->local_i_key = p_cb->peer_i_key;
604 p_cb->local_r_key = p_cb->peer_r_key;
605
606 p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
607 }
608 else /* update local i/r key according to pairing request */
609 {
610 /* pairing started with this side (slave) sending Security Request */
611 p_cb->local_i_key &= p_cb->peer_i_key;
612 p_cb->local_r_key &= p_cb->peer_r_key;
613 p_cb->selected_association_model = smp_select_association_model(p_cb);
614
615 if (p_cb->secure_connections_only_mode_required &&
616 (!(p_cb->le_secure_connections_mode_is_used) ||
617 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
618 {
619 SMP_TRACE_ERROR("%s pairing failed - slave requires secure connection only mode",
620 __func__);
621 reason = SMP_PAIR_AUTH_FAIL;
622 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
623 return;
624 }
625
626 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
627 {
628 if (smp_request_oob_data(p_cb)) return;
629 }
630 else
631 {
632 smp_send_pair_rsp(p_cb, NULL);
633 }
634 }
635 }
636 else /* Master receives pairing response */
637 {
638 p_cb->selected_association_model = smp_select_association_model(p_cb);
639
640 if (p_cb->secure_connections_only_mode_required &&
641 (!(p_cb->le_secure_connections_mode_is_used) ||
642 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
643 {
644 SMP_TRACE_ERROR ("Master requires secure connection only mode \
645 but it can't be provided -> Master fails pairing");
646 reason = SMP_PAIR_AUTH_FAIL;
647 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
648 return;
649 }
650
651 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
652 {
653 if (smp_request_oob_data(p_cb)) return;
654 }
655 else
656 {
657 smp_decide_association_model(p_cb, NULL);
658 }
659 }
660 }
661
662 /*******************************************************************************
663 ** Function smp_proc_confirm
664 ** Description process pairing confirm from peer device
665 *******************************************************************************/
smp_proc_confirm(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)666 void smp_proc_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
667 {
668 UINT8 *p = (UINT8 *)p_data;
669 UINT8 reason = SMP_INVALID_PARAMETERS;
670
671 SMP_TRACE_DEBUG("%s", __func__);
672
673 if (smp_command_has_invalid_parameters(p_cb))
674 {
675 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
676 return;
677 }
678
679 if (p != NULL)
680 {
681 /* save the SConfirm for comparison later */
682 STREAM_TO_ARRAY(p_cb->rconfirm, p, BT_OCTET16_LEN);
683 }
684
685 p_cb->flags |= SMP_PAIR_FLAGS_CMD_CONFIRM;
686 }
687
688 /*******************************************************************************
689 ** Function smp_proc_init
690 ** Description process pairing initializer from peer device
691 *******************************************************************************/
smp_proc_init(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)692 void smp_proc_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
693 {
694 UINT8 *p = (UINT8 *)p_data;
695 UINT8 reason = SMP_INVALID_PARAMETERS;
696
697 SMP_TRACE_DEBUG("%s", __func__);
698
699 if (smp_command_has_invalid_parameters(p_cb))
700 {
701 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
702 return;
703 }
704
705 /* save the SRand for comparison */
706 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
707 }
708
709 /*******************************************************************************
710 ** Function smp_proc_rand
711 ** Description process pairing random (nonce) from peer device
712 *******************************************************************************/
smp_proc_rand(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)713 void smp_proc_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
714 {
715 UINT8 *p = (UINT8 *)p_data;
716 UINT8 reason = SMP_INVALID_PARAMETERS;
717
718 SMP_TRACE_DEBUG("%s", __func__);
719
720 if (smp_command_has_invalid_parameters(p_cb))
721 {
722 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
723 return;
724 }
725
726 /* save the SRand for comparison */
727 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
728 }
729
730 /*******************************************************************************
731 ** Function smp_process_pairing_public_key
732 ** Description process pairing public key command from the peer device
733 ** - saves the peer public key;
734 ** - sets the flag indicating that the peer public key is received;
735 ** - calls smp_wait_for_both_public_keys(...).
736 **
737 *******************************************************************************/
smp_process_pairing_public_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)738 void smp_process_pairing_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
739 {
740 UINT8 *p = (UINT8 *)p_data;
741 UINT8 reason = SMP_INVALID_PARAMETERS;
742
743 SMP_TRACE_DEBUG("%s", __func__);
744
745 if (smp_command_has_invalid_parameters(p_cb))
746 {
747 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
748 return;
749 }
750
751 STREAM_TO_ARRAY(p_cb->peer_publ_key.x, p, BT_OCTET32_LEN);
752 STREAM_TO_ARRAY(p_cb->peer_publ_key.y, p, BT_OCTET32_LEN);
753 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY;
754
755 smp_wait_for_both_public_keys(p_cb, NULL);
756 }
757
758 /*******************************************************************************
759 ** Function smp_process_pairing_commitment
760 ** Description process pairing commitment from peer device
761 *******************************************************************************/
smp_process_pairing_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)762 void smp_process_pairing_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
763 {
764 UINT8 *p = (UINT8 *)p_data;
765 UINT8 reason = SMP_INVALID_PARAMETERS;
766
767 SMP_TRACE_DEBUG("%s", __func__);
768
769 if (smp_command_has_invalid_parameters(p_cb))
770 {
771 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
772 return;
773 }
774
775 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_COMM;
776
777 if (p != NULL)
778 {
779 STREAM_TO_ARRAY(p_cb->remote_commitment, p, BT_OCTET16_LEN);
780 }
781 }
782
783 /*******************************************************************************
784 ** Function smp_process_dhkey_check
785 ** Description process DHKey Check from peer device
786 *******************************************************************************/
smp_process_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)787 void smp_process_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
788 {
789 UINT8 *p = (UINT8 *)p_data;
790 UINT8 reason = SMP_INVALID_PARAMETERS;
791
792 SMP_TRACE_DEBUG("%s", __func__);
793
794 if (smp_command_has_invalid_parameters(p_cb))
795 {
796 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
797 return;
798 }
799
800 if (p != NULL)
801 {
802 STREAM_TO_ARRAY(p_cb->remote_dhkey_check, p, BT_OCTET16_LEN);
803 }
804
805 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK;
806 }
807
808 /*******************************************************************************
809 ** Function smp_process_keypress_notification
810 ** Description process pairing keypress notification from peer device
811 *******************************************************************************/
smp_process_keypress_notification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)812 void smp_process_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
813 {
814 UINT8 *p = (UINT8 *)p_data;
815 UINT8 reason = SMP_INVALID_PARAMETERS;
816
817 SMP_TRACE_DEBUG("%s", __func__);
818 p_cb->status = *(UINT8 *)p_data;
819
820 if (smp_command_has_invalid_parameters(p_cb))
821 {
822 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
823 return;
824 }
825
826 if (p != NULL)
827 {
828 STREAM_TO_UINT8(p_cb->peer_keypress_notification, p);
829 }
830 else
831 {
832 p_cb->peer_keypress_notification = BTM_SP_KEY_OUT_OF_RANGE;
833 }
834 p_cb->cb_evt = SMP_PEER_KEYPR_NOT_EVT;
835 }
836
837 /*******************************************************************************
838 ** Function smp_br_process_pairing_command
839 ** Description Process the SMP pairing request/response from peer device via
840 ** BR/EDR transport.
841 *******************************************************************************/
smp_br_process_pairing_command(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)842 void smp_br_process_pairing_command(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
843 {
844 UINT8 *p = (UINT8 *)p_data;
845 UINT8 reason = SMP_ENC_KEY_SIZE;
846 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
847
848 SMP_TRACE_DEBUG("%s", __func__);
849 /* rejecting BR pairing request over non-SC BR link */
850 if (!p_dev_rec->new_encryption_key_is_p256 && p_cb->role == HCI_ROLE_SLAVE)
851 {
852 reason = SMP_XTRANS_DERIVE_NOT_ALLOW;
853 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
854 return;
855 }
856
857 /* erase all keys if it is slave proc pairing req*/
858 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
859 btm_sec_clear_ble_keys(p_dev_rec);
860
861 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
862
863 STREAM_TO_UINT8(p_cb->peer_io_caps, p);
864 STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
865 STREAM_TO_UINT8(p_cb->peer_auth_req, p);
866 STREAM_TO_UINT8(p_cb->peer_enc_size, p);
867 STREAM_TO_UINT8(p_cb->peer_i_key, p);
868 STREAM_TO_UINT8(p_cb->peer_r_key, p);
869
870 if (smp_command_has_invalid_parameters(p_cb))
871 {
872 reason = SMP_INVALID_PARAMETERS;
873 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
874 return;
875 }
876
877 /* peer (master) started pairing sending Pairing Request */
878 /* or being master device always use received i/r key as keys to distribute */
879 p_cb->local_i_key = p_cb->peer_i_key;
880 p_cb->local_r_key = p_cb->peer_r_key;
881
882 if (p_cb->role == HCI_ROLE_SLAVE)
883 {
884 p_dev_rec->new_encryption_key_is_p256 = FALSE;
885 /* shortcut to skip Security Grant step */
886 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
887 }
888 else /* Master receives pairing response */
889 {
890 SMP_TRACE_DEBUG("%s master rcvs valid PAIRING RESPONSE."
891 " Supposed to move to key distribution phase. ", __func__);
892 }
893
894 /* auth_req received via BR/EDR SM channel is set to 0,
895 but everything derived/exchanged has to be saved */
896 p_cb->peer_auth_req |= SMP_AUTH_BOND;
897 p_cb->loc_auth_req |= SMP_AUTH_BOND;
898 }
899
900 /*******************************************************************************
901 ** Function smp_br_process_security_grant
902 ** Description process security grant in case of pairing over BR/EDR transport.
903 *******************************************************************************/
smp_br_process_security_grant(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)904 void smp_br_process_security_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
905 {
906 UINT8 res= *(UINT8 *)p_data;
907 SMP_TRACE_DEBUG("%s", __func__);
908 if (res != SMP_SUCCESS)
909 {
910 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, p_data);
911 }
912 else /*otherwise, start pairing */
913 {
914 /* send IO request callback */
915 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
916 }
917 }
918
919 /*******************************************************************************
920 ** Function smp_br_check_authorization_request
921 ** Description sets the SMP kes to be derived/distribute over BR/EDR transport
922 ** before starting the distribution/derivation
923 *******************************************************************************/
smp_br_check_authorization_request(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)924 void smp_br_check_authorization_request(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
925 {
926 UINT8 reason = SMP_SUCCESS;
927
928 SMP_TRACE_DEBUG("%s rcvs i_keys=0x%x r_keys=0x%x "
929 "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key,
930 p_cb->local_r_key);
931
932 /* In LE SC mode LK field is ignored when BR/EDR transport is used */
933 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
934 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
935
936 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
937 ** Set local_r_key on master to expect only these keys. */
938 if (p_cb->role == HCI_ROLE_MASTER)
939 {
940 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
941 }
942
943 SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x "
944 "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key,
945 p_cb->local_r_key);
946
947 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
948 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
949 (p_cb->local_i_key || p_cb->local_r_key))
950 {
951 smp_br_state_machine_event(p_cb, SMP_BR_BOND_REQ_EVT, NULL);
952
953 /* if no peer key is expected, start master key distribution */
954 if (p_cb->role == HCI_ROLE_MASTER && p_cb->local_r_key == 0)
955 smp_key_distribution_by_transport(p_cb, NULL);
956 }
957 else
958 {
959 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
960 }
961 }
962
963 /*******************************************************************************
964 ** Function smp_br_select_next_key
965 ** Description selects the next key to derive/send when BR/EDR transport is
966 ** used.
967 *******************************************************************************/
smp_br_select_next_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)968 void smp_br_select_next_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
969 {
970 UINT8 reason = SMP_SUCCESS;
971 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x",
972 __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
973
974 if (p_cb->role == HCI_ROLE_SLAVE||
975 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER))
976 {
977 smp_key_pick_key(p_cb, p_data);
978 }
979
980 if (!p_cb->local_i_key && !p_cb->local_r_key)
981 {
982 /* state check to prevent re-entrance */
983 if (smp_get_br_state() == SMP_BR_STATE_BOND_PENDING)
984 {
985 if (p_cb->total_tx_unacked == 0)
986 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
987 else
988 p_cb->wait_for_authorization_complete = TRUE;
989 }
990 }
991 }
992
993 /*******************************************************************************
994 ** Function smp_proc_enc_info
995 ** Description process encryption information from peer device
996 *******************************************************************************/
smp_proc_enc_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)997 void smp_proc_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
998 {
999 UINT8 *p = (UINT8 *)p_data;
1000
1001 SMP_TRACE_DEBUG("%s", __func__);
1002 STREAM_TO_ARRAY(p_cb->ltk, p, BT_OCTET16_LEN);
1003
1004 smp_key_distribution(p_cb, NULL);
1005 }
1006 /*******************************************************************************
1007 ** Function smp_proc_master_id
1008 ** Description process master ID from slave device
1009 *******************************************************************************/
smp_proc_master_id(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1010 void smp_proc_master_id(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1011 {
1012 UINT8 *p = (UINT8 *)p_data;
1013 tBTM_LE_PENC_KEYS le_key;
1014
1015 SMP_TRACE_DEBUG("%s", __func__);
1016 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, TRUE);
1017
1018 STREAM_TO_UINT16(le_key.ediv, p);
1019 STREAM_TO_ARRAY(le_key.rand, p, BT_OCTET8_LEN );
1020
1021 /* store the encryption keys from peer device */
1022 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
1023 le_key.sec_level = p_cb->sec_level;
1024 le_key.key_size = p_cb->loc_enc_size;
1025
1026 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
1027 btm_sec_save_le_key(p_cb->pairing_bda,
1028 BTM_LE_KEY_PENC,
1029 (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
1030
1031 smp_key_distribution(p_cb, NULL);
1032 }
1033
1034 /*******************************************************************************
1035 ** Function smp_proc_enc_info
1036 ** Description process identity information from peer device
1037 *******************************************************************************/
smp_proc_id_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1038 void smp_proc_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1039 {
1040 UINT8 *p = (UINT8 *)p_data;
1041
1042 SMP_TRACE_DEBUG("%s", __func__);
1043 STREAM_TO_ARRAY (p_cb->tk, p, BT_OCTET16_LEN); /* reuse TK for IRK */
1044 smp_key_distribution_by_transport(p_cb, NULL);
1045 }
1046
1047 /*******************************************************************************
1048 ** Function smp_proc_id_addr
1049 ** Description process identity address from peer device
1050 *******************************************************************************/
smp_proc_id_addr(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1051 void smp_proc_id_addr(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1052 {
1053 UINT8 *p = (UINT8 *)p_data;
1054 tBTM_LE_PID_KEYS pid_key;
1055
1056 SMP_TRACE_DEBUG("%s", __func__);
1057 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, TRUE);
1058
1059 STREAM_TO_UINT8(pid_key.addr_type, p);
1060 STREAM_TO_BDADDR(pid_key.static_addr, p);
1061 memcpy(pid_key.irk, p_cb->tk, BT_OCTET16_LEN);
1062
1063 /* to use as BD_ADDR for lk derived from ltk */
1064 p_cb->id_addr_rcvd = TRUE;
1065 p_cb->id_addr_type = pid_key.addr_type;
1066 memcpy(p_cb->id_addr, pid_key.static_addr, BD_ADDR_LEN);
1067
1068 /* store the ID key from peer device */
1069 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
1070 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PID,
1071 (tBTM_LE_KEY_VALUE *)&pid_key, TRUE);
1072 smp_key_distribution_by_transport(p_cb, NULL);
1073 }
1074
1075 /*******************************************************************************
1076 ** Function smp_proc_srk_info
1077 ** Description process security information from peer device
1078 *******************************************************************************/
smp_proc_srk_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1079 void smp_proc_srk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1080 {
1081 tBTM_LE_PCSRK_KEYS le_key;
1082
1083 SMP_TRACE_DEBUG("%s", __func__);
1084 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, TRUE);
1085
1086 /* save CSRK to security record */
1087 le_key.sec_level = p_cb->sec_level;
1088 memcpy (le_key.csrk, p_data, BT_OCTET16_LEN); /* get peer CSRK */
1089 le_key.counter = 0; /* initialize the peer counter */
1090
1091 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
1092 btm_sec_save_le_key(p_cb->pairing_bda,
1093 BTM_LE_KEY_PCSRK,
1094 (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
1095 smp_key_distribution_by_transport(p_cb, NULL);
1096 }
1097
1098 /*******************************************************************************
1099 ** Function smp_proc_compare
1100 ** Description process compare value
1101 *******************************************************************************/
smp_proc_compare(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1102 void smp_proc_compare(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1103 {
1104 UINT8 reason;
1105
1106 SMP_TRACE_DEBUG("%s", __func__);
1107 if (!memcmp(p_cb->rconfirm, p_data->key.p_data, BT_OCTET16_LEN))
1108 {
1109 /* compare the max encryption key size, and save the smaller one for the link */
1110 if ( p_cb->peer_enc_size < p_cb->loc_enc_size)
1111 p_cb->loc_enc_size = p_cb->peer_enc_size;
1112
1113 if (p_cb->role == HCI_ROLE_SLAVE)
1114 smp_sm_event(p_cb, SMP_RAND_EVT, NULL);
1115 else
1116 {
1117 /* master device always use received i/r key as keys to distribute */
1118 p_cb->local_i_key = p_cb->peer_i_key;
1119 p_cb->local_r_key = p_cb->peer_r_key;
1120
1121 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1122 }
1123
1124 }
1125 else
1126 {
1127 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1128 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1129 }
1130 }
1131
1132 /*******************************************************************************
1133 ** Function smp_proc_sl_key
1134 ** Description process key ready events.
1135 *******************************************************************************/
smp_proc_sl_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1136 void smp_proc_sl_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1137 {
1138 UINT8 key_type = p_data->key.key_type;
1139
1140 SMP_TRACE_DEBUG("%s", __func__);
1141 if (key_type == SMP_KEY_TYPE_TK)
1142 {
1143 smp_generate_srand_mrand_confirm(p_cb, NULL);
1144 }
1145 else if (key_type == SMP_KEY_TYPE_CFM)
1146 {
1147 smp_set_state(SMP_STATE_WAIT_CONFIRM);
1148
1149 if (p_cb->flags & SMP_PAIR_FLAGS_CMD_CONFIRM)
1150 smp_sm_event(p_cb, SMP_CONFIRM_EVT, NULL);
1151 }
1152 }
1153
1154 /*******************************************************************************
1155 ** Function smp_start_enc
1156 ** Description start encryption
1157 *******************************************************************************/
smp_start_enc(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1158 void smp_start_enc(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1159 {
1160 tBTM_STATUS cmd;
1161 UINT8 reason = SMP_ENC_FAIL;
1162
1163 SMP_TRACE_DEBUG("%s", __func__);
1164 if (p_data != NULL)
1165 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, TRUE, p_data->key.p_data);
1166 else
1167 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, FALSE, NULL);
1168
1169 if (cmd != BTM_CMD_STARTED && cmd != BTM_BUSY)
1170 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1171 }
1172
1173 /*******************************************************************************
1174 ** Function smp_proc_discard
1175 ** Description processing for discard security request
1176 *******************************************************************************/
smp_proc_discard(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1177 void smp_proc_discard(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1178 {
1179 SMP_TRACE_DEBUG("%s", __func__);
1180 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD))
1181 smp_reset_control_value(p_cb);
1182 }
1183
1184 /*******************************************************************************
1185 ** Function smp_enc_cmpl
1186 ** Description encryption success
1187 *******************************************************************************/
smp_enc_cmpl(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1188 void smp_enc_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1189 {
1190 UINT8 enc_enable = *(UINT8 *)p_data;
1191 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1192
1193 SMP_TRACE_DEBUG("%s", __func__);
1194 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1195 }
1196
1197 /*******************************************************************************
1198 ** Function smp_check_auth_req
1199 ** Description check authentication request
1200 *******************************************************************************/
smp_check_auth_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1201 void smp_check_auth_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1202 {
1203 UINT8 enc_enable = *(UINT8 *)p_data;
1204 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1205
1206 SMP_TRACE_DEBUG("%s rcvs enc_enable=%d i_keys=0x%x r_keys=0x%x "
1207 "(i-initiator r-responder)",
1208 __func__, enc_enable, p_cb->local_i_key, p_cb->local_r_key);
1209 if (enc_enable == 1)
1210 {
1211 if (p_cb->le_secure_connections_mode_is_used)
1212 {
1213 /* In LE SC mode LTK is used instead of STK and has to be always saved */
1214 p_cb->local_i_key |= SMP_SEC_KEY_TYPE_ENC;
1215 p_cb->local_r_key |= SMP_SEC_KEY_TYPE_ENC;
1216
1217 /* In LE SC mode LK is derived from LTK only if both sides request it */
1218 if (!(p_cb->local_i_key & SMP_SEC_KEY_TYPE_LK) ||
1219 !(p_cb->local_r_key & SMP_SEC_KEY_TYPE_LK))
1220 {
1221 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1222 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1223 }
1224
1225 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
1226 ** Set local_r_key on master to expect only these keys.
1227 */
1228 if (p_cb->role == HCI_ROLE_MASTER)
1229 {
1230 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
1231 }
1232 }
1233 else
1234 {
1235 /* in legacy mode derivation of BR/EDR LK is not supported */
1236 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1237 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1238 }
1239 SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x "
1240 "(i-initiator r-responder)",
1241 __func__, p_cb->local_i_key, p_cb->local_r_key);
1242
1243 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
1244 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
1245 (p_cb->local_i_key || p_cb->local_r_key))
1246 {
1247 smp_sm_event(p_cb, SMP_BOND_REQ_EVT, NULL);
1248 }
1249 else
1250 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1251 }
1252 else if (enc_enable == 0)
1253 {
1254 /* if failed for encryption after pairing, send callback */
1255 if (p_cb->flags & SMP_PAIR_FLAG_ENC_AFTER_PAIR)
1256 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1257 /* if enc failed for old security information */
1258 /* if master device, clean up and abck to idle; slave device do nothing */
1259 else if (p_cb->role == HCI_ROLE_MASTER)
1260 {
1261 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1262 }
1263 }
1264 }
1265
1266 /*******************************************************************************
1267 ** Function smp_key_pick_key
1268 ** Description Pick a key distribution function based on the key mask.
1269 *******************************************************************************/
smp_key_pick_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1270 void smp_key_pick_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1271 {
1272 UINT8 key_to_dist = (p_cb->role == HCI_ROLE_SLAVE) ? p_cb->local_r_key : p_cb->local_i_key;
1273 UINT8 i = 0;
1274
1275 SMP_TRACE_DEBUG("%s key_to_dist=0x%x", __func__, key_to_dist);
1276 while (i < SMP_KEY_DIST_TYPE_MAX)
1277 {
1278 SMP_TRACE_DEBUG("key to send = %02x, i = %d", key_to_dist, i);
1279
1280 if (key_to_dist & (1 << i))
1281 {
1282 SMP_TRACE_DEBUG("smp_distribute_act[%d]", i);
1283 (* smp_distribute_act[i])(p_cb, p_data);
1284 break;
1285 }
1286 i ++;
1287 }
1288 }
1289 /*******************************************************************************
1290 ** Function smp_key_distribution
1291 ** Description start key distribution if required.
1292 *******************************************************************************/
smp_key_distribution(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1293 void smp_key_distribution(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1294 {
1295 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x",
1296 __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
1297
1298 if (p_cb->role == HCI_ROLE_SLAVE ||
1299 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER))
1300 {
1301 smp_key_pick_key(p_cb, p_data);
1302 }
1303
1304 if (!p_cb->local_i_key && !p_cb->local_r_key)
1305 {
1306 /* state check to prevent re-entrant */
1307 if (smp_get_state() == SMP_STATE_BOND_PENDING)
1308 {
1309 if (p_cb->derive_lk)
1310 {
1311 smp_derive_link_key_from_long_term_key(p_cb, NULL);
1312 p_cb->derive_lk = FALSE;
1313 }
1314
1315 if (p_cb->total_tx_unacked == 0)
1316 {
1317 /*
1318 * Instead of declaring authorization complete immediately,
1319 * delay the event from being sent by SMP_DELAYED_AUTH_TIMEOUT_MS.
1320 * This allows the slave to send over Pairing Failed if the
1321 * last key is rejected. During this waiting window, the
1322 * state should remain in SMP_STATE_BOND_PENDING.
1323 */
1324 if (!alarm_is_scheduled(p_cb->delayed_auth_timer_ent)) {
1325 SMP_TRACE_DEBUG("%s delaying auth complete.", __func__);
1326 alarm_set_on_queue(p_cb->delayed_auth_timer_ent, SMP_DELAYED_AUTH_TIMEOUT_MS,
1327 smp_delayed_auth_complete_timeout, NULL, btu_general_alarm_queue);
1328 }
1329 } else {
1330 p_cb->wait_for_authorization_complete = TRUE;
1331 }
1332 }
1333 }
1334 }
1335
1336 /*******************************************************************************
1337 ** Function smp_decide_association_model
1338 ** Description This function is called to select assoc model to be used for
1339 ** STK generation and to start STK generation process.
1340 **
1341 *******************************************************************************/
smp_decide_association_model(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1342 void smp_decide_association_model(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1343 {
1344 UINT8 failure = SMP_UNKNOWN_IO_CAP;
1345 UINT8 int_evt = 0;
1346 tSMP_KEY key;
1347 tSMP_INT_DATA *p = NULL;
1348
1349 SMP_TRACE_DEBUG("%s Association Model = %d", __func__, p_cb->selected_association_model);
1350
1351 switch (p_cb->selected_association_model)
1352 {
1353 case SMP_MODEL_ENCRYPTION_ONLY: /* TK = 0, go calculate Confirm */
1354 if (p_cb->role == HCI_ROLE_MASTER &&
1355 ((p_cb->peer_auth_req & SMP_AUTH_YN_BIT) != 0) &&
1356 ((p_cb->loc_auth_req & SMP_AUTH_YN_BIT) == 0))
1357 {
1358 SMP_TRACE_ERROR ("IO capability does not meet authentication requirement");
1359 failure = SMP_PAIR_AUTH_FAIL;
1360 p = (tSMP_INT_DATA *)&failure;
1361 int_evt = SMP_AUTH_CMPL_EVT;
1362 }
1363 else
1364 {
1365 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1366 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level );
1367
1368 key.key_type = SMP_KEY_TYPE_TK;
1369 key.p_data = p_cb->tk;
1370 p = (tSMP_INT_DATA *)&key;
1371
1372 memset(p_cb->tk, 0, BT_OCTET16_LEN);
1373 /* TK, ready */
1374 int_evt = SMP_KEY_READY_EVT;
1375 }
1376 break;
1377
1378 case SMP_MODEL_PASSKEY:
1379 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1380 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1381
1382 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1383 int_evt = SMP_TK_REQ_EVT;
1384 break;
1385
1386 case SMP_MODEL_OOB:
1387 SMP_TRACE_ERROR ("Association Model = SMP_MODEL_OOB");
1388 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1389 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1390
1391 p_cb->cb_evt = SMP_OOB_REQ_EVT;
1392 int_evt = SMP_TK_REQ_EVT;
1393 break;
1394
1395 case SMP_MODEL_KEY_NOTIF:
1396 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1397 SMP_TRACE_DEBUG("Need to generate Passkey");
1398
1399 /* generate passkey and notify application */
1400 smp_generate_passkey(p_cb, NULL);
1401 break;
1402
1403 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1404 case SMP_MODEL_SEC_CONN_NUM_COMP:
1405 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1406 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1407 case SMP_MODEL_SEC_CONN_OOB:
1408 int_evt = SMP_PUBL_KEY_EXCH_REQ_EVT;
1409 break;
1410
1411 case SMP_MODEL_OUT_OF_RANGE:
1412 SMP_TRACE_ERROR("Association Model = SMP_MODEL_OUT_OF_RANGE (failed)");
1413 p = (tSMP_INT_DATA *)&failure;
1414 int_evt = SMP_AUTH_CMPL_EVT;
1415 break;
1416
1417 default:
1418 SMP_TRACE_ERROR("Association Model = %d (SOMETHING IS WRONG WITH THE CODE)",
1419 p_cb->selected_association_model);
1420 p = (tSMP_INT_DATA *)&failure;
1421 int_evt = SMP_AUTH_CMPL_EVT;
1422 }
1423
1424 SMP_TRACE_EVENT ("sec_level=%d ", p_cb->sec_level );
1425 if (int_evt)
1426 smp_sm_event(p_cb, int_evt, p);
1427 }
1428
1429 /*******************************************************************************
1430 ** Function smp_process_io_response
1431 ** Description process IO response for a slave device.
1432 *******************************************************************************/
smp_process_io_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1433 void smp_process_io_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1434 {
1435 uint8_t reason = SMP_PAIR_AUTH_FAIL;
1436
1437 SMP_TRACE_DEBUG("%s", __func__);
1438 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)
1439 {
1440 /* pairing started by local (slave) Security Request */
1441 smp_set_state(SMP_STATE_SEC_REQ_PENDING);
1442 smp_send_cmd(SMP_OPCODE_SEC_REQ, p_cb);
1443 }
1444 else /* plan to send pairing respond */
1445 {
1446 /* pairing started by peer (master) Pairing Request */
1447 p_cb->selected_association_model = smp_select_association_model(p_cb);
1448
1449 if (p_cb->secure_connections_only_mode_required &&
1450 (!(p_cb->le_secure_connections_mode_is_used) ||
1451 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
1452 {
1453 SMP_TRACE_ERROR ("Slave requires secure connection only mode \
1454 but it can't be provided -> Slave fails pairing");
1455 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1456 return;
1457 }
1458
1459 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
1460 {
1461 if (smp_request_oob_data(p_cb)) return;
1462 }
1463
1464 // PTS Testing failure modes
1465 if (pts_test_send_authentication_complete_failure(p_cb))
1466 return;
1467
1468 smp_send_pair_rsp(p_cb, NULL);
1469 }
1470 }
1471
1472 /*******************************************************************************
1473 ** Function smp_br_process_slave_keys_response
1474 ** Description process application keys response for a slave device
1475 ** (BR/EDR transport).
1476 *******************************************************************************/
smp_br_process_slave_keys_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1477 void smp_br_process_slave_keys_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1478 {
1479 smp_br_send_pair_response(p_cb, NULL);
1480 }
1481
1482 /*******************************************************************************
1483 ** Function smp_br_send_pair_response
1484 ** Description actions related to sending pairing response over BR/EDR transport.
1485 *******************************************************************************/
smp_br_send_pair_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1486 void smp_br_send_pair_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1487 {
1488 SMP_TRACE_DEBUG("%s", __func__);
1489
1490 p_cb->local_i_key &= p_cb->peer_i_key;
1491 p_cb->local_r_key &= p_cb->peer_r_key;
1492
1493 smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb);
1494 }
1495
1496 /*******************************************************************************
1497 ** Function smp_pairing_cmpl
1498 ** Description This function is called to send the pairing complete callback
1499 ** and remove the connection if needed.
1500 *******************************************************************************/
smp_pairing_cmpl(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1501 void smp_pairing_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1502 {
1503 if (p_cb->total_tx_unacked == 0)
1504 {
1505 /* update connection parameter to remote preferred */
1506 L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, TRUE);
1507 /* process the pairing complete */
1508 smp_proc_pairing_cmpl(p_cb);
1509 }
1510 }
1511
1512 /*******************************************************************************
1513 ** Function smp_pair_terminate
1514 ** Description This function is called to send the pairing complete callback
1515 ** and remove the connection if needed.
1516 *******************************************************************************/
smp_pair_terminate(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1517 void smp_pair_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1518 {
1519 SMP_TRACE_DEBUG("%s", __func__);
1520 p_cb->status = SMP_CONN_TOUT;
1521 smp_proc_pairing_cmpl(p_cb);
1522 }
1523
1524 /*******************************************************************************
1525 ** Function smp_idle_terminate
1526 ** Description This function calledin idle state to determine to send authentication
1527 ** complete or not.
1528 *******************************************************************************/
smp_idle_terminate(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1529 void smp_idle_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1530 {
1531 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)
1532 {
1533 SMP_TRACE_DEBUG("Pairing terminated at IDLE state.");
1534 p_cb->status = SMP_FAIL;
1535 smp_proc_pairing_cmpl(p_cb);
1536 }
1537 }
1538
1539 /*******************************************************************************
1540 ** Function smp_fast_conn_param
1541 ** Description apply default connection parameter for pairing process
1542 *******************************************************************************/
smp_fast_conn_param(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1543 void smp_fast_conn_param(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1544 {
1545 /* disable connection parameter update */
1546 L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, FALSE);
1547 }
1548
1549 /*******************************************************************************
1550 ** Function smp_both_have_public_keys
1551 ** Description The function is called when both local and peer public keys are
1552 ** saved.
1553 ** Actions:
1554 ** - invokes DHKey computation;
1555 ** - on slave side invokes sending local public key to the peer.
1556 ** - invokes SC phase 1 process.
1557 *******************************************************************************/
smp_both_have_public_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1558 void smp_both_have_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1559 {
1560 SMP_TRACE_DEBUG("%s",__func__);
1561
1562 /* invokes DHKey computation */
1563 smp_compute_dhkey(p_cb);
1564
1565 /* on slave side invokes sending local public key to the peer */
1566 if (p_cb->role == HCI_ROLE_SLAVE)
1567 smp_send_pair_public_key(p_cb, NULL);
1568
1569 smp_sm_event(p_cb, SMP_SC_DHKEY_CMPLT_EVT, NULL);
1570 }
1571
1572 /*******************************************************************************
1573 ** Function smp_start_secure_connection_phase1
1574 ** Description The function starts Secure Connection phase1 i.e. invokes initialization of Secure Connection
1575 ** phase 1 parameters and starts building/sending to the peer
1576 ** messages appropriate for the role and association model.
1577 *******************************************************************************/
smp_start_secure_connection_phase1(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1578 void smp_start_secure_connection_phase1(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1579 {
1580 SMP_TRACE_DEBUG("%s", __func__);
1581
1582 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)
1583 {
1584 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1585 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level );
1586 }
1587 else
1588 {
1589 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1590 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1591 }
1592
1593 switch(p_cb->selected_association_model)
1594 {
1595 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1596 case SMP_MODEL_SEC_CONN_NUM_COMP:
1597 memset(p_cb->local_random, 0, BT_OCTET16_LEN);
1598 smp_start_nonce_generation(p_cb);
1599 break;
1600 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1601 /* user has to provide passkey */
1602 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1603 smp_sm_event(p_cb, SMP_TK_REQ_EVT, NULL);
1604 break;
1605 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1606 /* passkey has to be provided to user */
1607 SMP_TRACE_DEBUG("Need to generate SC Passkey");
1608 smp_generate_passkey(p_cb, NULL);
1609 break;
1610 case SMP_MODEL_SEC_CONN_OOB:
1611 /* use the available OOB information */
1612 smp_process_secure_connection_oob_data(p_cb, NULL);
1613 break;
1614 default:
1615 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1616 p_cb->selected_association_model);
1617 break;
1618 }
1619 }
1620
1621 /*******************************************************************************
1622 ** Function smp_process_local_nonce
1623 ** Description The function processes new local nonce.
1624 **
1625 ** Note It is supposed to be called in SC phase1.
1626 *******************************************************************************/
smp_process_local_nonce(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1627 void smp_process_local_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1628 {
1629 SMP_TRACE_DEBUG("%s", __func__);
1630
1631 switch(p_cb->selected_association_model)
1632 {
1633 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1634 case SMP_MODEL_SEC_CONN_NUM_COMP:
1635 if (p_cb->role == HCI_ROLE_SLAVE)
1636 {
1637 /* slave calculates and sends local commitment */
1638 smp_calculate_local_commitment(p_cb);
1639 smp_send_commitment(p_cb, NULL);
1640 /* slave has to wait for peer nonce */
1641 smp_set_state(SMP_STATE_WAIT_NONCE);
1642 }
1643 else /* i.e. master */
1644 {
1645 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM)
1646 {
1647 /* slave commitment is already received, send local nonce, wait for remote nonce*/
1648 SMP_TRACE_DEBUG("master in assoc mode = %d \
1649 already rcvd slave commitment - race condition",
1650 p_cb->selected_association_model);
1651 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1652 smp_send_rand(p_cb, NULL);
1653 smp_set_state(SMP_STATE_WAIT_NONCE);
1654 }
1655 }
1656 break;
1657 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1658 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1659 smp_calculate_local_commitment(p_cb);
1660
1661 if (p_cb->role == HCI_ROLE_MASTER)
1662 {
1663 smp_send_commitment(p_cb, NULL);
1664 }
1665 else /* slave */
1666 {
1667 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM)
1668 {
1669 /* master commitment is already received */
1670 smp_send_commitment(p_cb, NULL);
1671 smp_set_state(SMP_STATE_WAIT_NONCE);
1672 }
1673 }
1674 break;
1675 case SMP_MODEL_SEC_CONN_OOB:
1676 if (p_cb->role == HCI_ROLE_MASTER)
1677 {
1678 smp_send_rand(p_cb, NULL);
1679 }
1680
1681 smp_set_state(SMP_STATE_WAIT_NONCE);
1682 break;
1683 default:
1684 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1685 p_cb->selected_association_model);
1686 break;
1687 }
1688 }
1689
1690 /*******************************************************************************
1691 ** Function smp_process_peer_nonce
1692 ** Description The function processes newly received and saved in CB peer nonce.
1693 ** The actions depend on the selected association model and the role.
1694 **
1695 ** Note It is supposed to be called in SC phase1.
1696 *******************************************************************************/
smp_process_peer_nonce(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1697 void smp_process_peer_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1698 {
1699 UINT8 reason;
1700
1701 SMP_TRACE_DEBUG("%s start ", __func__);
1702
1703 // PTS Testing failure modes
1704 if (p_cb->cert_failure == 1) {
1705 SMP_TRACE_ERROR("%s failure case = %d", __func__, p_cb->cert_failure);
1706 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1707 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1708 return;
1709 }
1710
1711 switch(p_cb->selected_association_model)
1712 {
1713 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1714 case SMP_MODEL_SEC_CONN_NUM_COMP:
1715 /* in these models only master receives commitment */
1716 if (p_cb->role == HCI_ROLE_MASTER)
1717 {
1718 if (!smp_check_commitment(p_cb))
1719 {
1720 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1721 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1722 break;
1723 }
1724 }
1725 else
1726 {
1727 /* slave sends local nonce */
1728 smp_send_rand(p_cb, NULL);
1729 }
1730
1731 if(p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)
1732 {
1733 /* go directly to phase 2 */
1734 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1735 }
1736 else /* numeric comparison */
1737 {
1738 smp_set_state(SMP_STATE_WAIT_NONCE);
1739 smp_sm_event(p_cb, SMP_SC_CALC_NC_EVT, NULL);
1740 }
1741 break;
1742 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1743 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1744 if (!smp_check_commitment(p_cb) && p_cb->cert_failure != 9)
1745 {
1746 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1747 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1748 break;
1749 }
1750
1751 if (p_cb->role == HCI_ROLE_SLAVE)
1752 {
1753 smp_send_rand(p_cb, NULL);
1754 }
1755
1756 if (++p_cb->round < 20)
1757 {
1758 smp_set_state(SMP_STATE_SEC_CONN_PHS1_START);
1759 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1760 smp_start_nonce_generation(p_cb);
1761 break;
1762 }
1763
1764 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1765 break;
1766 case SMP_MODEL_SEC_CONN_OOB:
1767 if (p_cb->role == HCI_ROLE_SLAVE)
1768 {
1769 smp_send_rand(p_cb, NULL);
1770 }
1771
1772 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1773 break;
1774 default:
1775 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1776 p_cb->selected_association_model);
1777 break;
1778 }
1779
1780 SMP_TRACE_DEBUG("%s end ",__FUNCTION__);
1781 }
1782
1783 /*******************************************************************************
1784 ** Function smp_match_dhkey_checks
1785 ** Description checks if the calculated peer DHKey Check value is the same as
1786 ** received from the peer DHKey check value.
1787 *******************************************************************************/
smp_match_dhkey_checks(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1788 void smp_match_dhkey_checks(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1789 {
1790 UINT8 reason = SMP_DHKEY_CHK_FAIL;
1791
1792 SMP_TRACE_DEBUG("%s", __func__);
1793
1794 if (memcmp(p_data->key.p_data, p_cb->remote_dhkey_check, BT_OCTET16_LEN))
1795 {
1796 SMP_TRACE_WARNING ("dhkey chcks do no match");
1797 p_cb->failure = reason;
1798 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1799 return;
1800 }
1801
1802 SMP_TRACE_EVENT ("dhkey chcks match");
1803
1804 /* compare the max encryption key size, and save the smaller one for the link */
1805 if (p_cb->peer_enc_size < p_cb->loc_enc_size)
1806 p_cb->loc_enc_size = p_cb->peer_enc_size;
1807
1808 if (p_cb->role == HCI_ROLE_SLAVE)
1809 {
1810 smp_sm_event(p_cb, SMP_PAIR_DHKEY_CHCK_EVT, NULL);
1811 }
1812 else
1813 {
1814 /* master device always use received i/r key as keys to distribute */
1815 p_cb->local_i_key = p_cb->peer_i_key;
1816 p_cb->local_r_key = p_cb->peer_r_key;
1817 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1818 }
1819 }
1820
1821 /*******************************************************************************
1822 ** Function smp_move_to_secure_connections_phase2
1823 ** Description Signal State Machine to start SC phase 2 initialization (to
1824 ** compute local DHKey Check value).
1825 **
1826 ** Note SM is supposed to be in the state SMP_STATE_SEC_CONN_PHS2_START.
1827 *******************************************************************************/
smp_move_to_secure_connections_phase2(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1828 void smp_move_to_secure_connections_phase2(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1829 {
1830 SMP_TRACE_DEBUG("%s",__func__);
1831 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1832 }
1833
1834 /*******************************************************************************
1835 ** Function smp_phase_2_dhkey_checks_are_present
1836 ** Description generates event if dhkey check from the peer is already received.
1837 **
1838 ** Note It is supposed to be used on slave to prevent race condition.
1839 ** It is supposed to be called after slave dhkey check is calculated.
1840 *******************************************************************************/
smp_phase_2_dhkey_checks_are_present(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1841 void smp_phase_2_dhkey_checks_are_present(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1842 {
1843 SMP_TRACE_DEBUG("%s",__func__);
1844
1845 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK)
1846 smp_sm_event(p_cb, SMP_SC_2_DHCK_CHKS_PRES_EVT, NULL);
1847 }
1848
1849 /*******************************************************************************
1850 ** Function smp_wait_for_both_public_keys
1851 ** Description generates SMP_BOTH_PUBL_KEYS_RCVD_EVT event when both local and master
1852 ** public keys are available.
1853 **
1854 ** Note on the slave it is used to prevent race condition.
1855 **
1856 *******************************************************************************/
smp_wait_for_both_public_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1857 void smp_wait_for_both_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1858 {
1859 SMP_TRACE_DEBUG("%s",__func__);
1860
1861 if ((p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY) &&
1862 (p_cb->flags & SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY))
1863 {
1864 if ((p_cb->role == HCI_ROLE_SLAVE) &&
1865 ((p_cb->req_oob_type == SMP_OOB_LOCAL) || (p_cb->req_oob_type == SMP_OOB_BOTH)))
1866 {
1867 smp_set_state(SMP_STATE_PUBLIC_KEY_EXCH);
1868 }
1869 smp_sm_event(p_cb, SMP_BOTH_PUBL_KEYS_RCVD_EVT, NULL);
1870 }
1871 }
1872
1873 /*******************************************************************************
1874 ** Function smp_start_passkey_verification
1875 ** Description Starts SC passkey entry verification.
1876 *******************************************************************************/
smp_start_passkey_verification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1877 void smp_start_passkey_verification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1878 {
1879 UINT8 *p = NULL;
1880
1881 SMP_TRACE_DEBUG("%s", __func__);
1882 p = p_cb->local_random;
1883 UINT32_TO_STREAM(p, p_data->passkey);
1884
1885 p = p_cb->peer_random;
1886 UINT32_TO_STREAM(p, p_data->passkey);
1887
1888 p_cb->round = 0;
1889 smp_start_nonce_generation(p_cb);
1890 }
1891
1892 /*******************************************************************************
1893 ** Function smp_process_secure_connection_oob_data
1894 ** Description Processes local/peer SC OOB data received from somewhere.
1895 *******************************************************************************/
smp_process_secure_connection_oob_data(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1896 void smp_process_secure_connection_oob_data(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1897 {
1898 SMP_TRACE_DEBUG("%s", __func__);
1899
1900 tSMP_SC_OOB_DATA *p_sc_oob_data = &p_cb->sc_oob_data;
1901 if (p_sc_oob_data->loc_oob_data.present)
1902 {
1903 memcpy(p_cb->local_random, p_sc_oob_data->loc_oob_data.randomizer,
1904 sizeof(p_cb->local_random));
1905 }
1906 else
1907 {
1908 SMP_TRACE_EVENT ("local OOB randomizer is absent");
1909 memset(p_cb->local_random, 0, sizeof (p_cb->local_random));
1910 }
1911
1912 if (!p_sc_oob_data->peer_oob_data.present)
1913 {
1914 SMP_TRACE_EVENT ("peer OOB data is absent");
1915 memset(p_cb->peer_random, 0, sizeof (p_cb->peer_random));
1916 }
1917 else
1918 {
1919 memcpy(p_cb->peer_random, p_sc_oob_data->peer_oob_data.randomizer,
1920 sizeof(p_cb->peer_random));
1921 memcpy(p_cb->remote_commitment, p_sc_oob_data->peer_oob_data.commitment,
1922 sizeof(p_cb->remote_commitment));
1923
1924 UINT8 reason = SMP_CONFIRM_VALUE_ERR;
1925 /* check commitment */
1926 if (!smp_check_commitment(p_cb))
1927 {
1928 p_cb->failure = reason;
1929 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1930 return;
1931 }
1932
1933 if (p_cb->peer_oob_flag != SMP_OOB_PRESENT)
1934 {
1935 /* the peer doesn't have local randomiser */
1936 SMP_TRACE_EVENT ("peer didn't receive local OOB data, set local randomizer to 0");
1937 memset(p_cb->local_random, 0, sizeof (p_cb->local_random));
1938 }
1939 }
1940
1941 print128(p_cb->local_random, (const UINT8 *)"local OOB randomizer");
1942 print128(p_cb->peer_random, (const UINT8 *)"peer OOB randomizer");
1943 smp_start_nonce_generation(p_cb);
1944 }
1945
1946 /*******************************************************************************
1947 ** Function smp_set_local_oob_keys
1948 ** Description Saves calculated private/public keys in sc_oob_data.loc_oob_data,
1949 ** starts nonce generation
1950 ** (to be saved in sc_oob_data.loc_oob_data.randomizer).
1951 *******************************************************************************/
smp_set_local_oob_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1952 void smp_set_local_oob_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1953 {
1954 SMP_TRACE_DEBUG("%s", __func__);
1955
1956 memcpy(p_cb->sc_oob_data.loc_oob_data.private_key_used, p_cb->private_key,
1957 BT_OCTET32_LEN);
1958 p_cb->sc_oob_data.loc_oob_data.publ_key_used = p_cb->loc_publ_key;
1959 smp_start_nonce_generation(p_cb);
1960 }
1961
1962 /*******************************************************************************
1963 ** Function smp_set_local_oob_random_commitment
1964 ** Description Saves calculated randomizer and commitment in sc_oob_data.loc_oob_data,
1965 ** passes sc_oob_data.loc_oob_data up for safekeeping.
1966 *******************************************************************************/
smp_set_local_oob_random_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1967 void smp_set_local_oob_random_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1968 {
1969 SMP_TRACE_DEBUG("%s", __func__);
1970 memcpy(p_cb->sc_oob_data.loc_oob_data.randomizer, p_cb->rand,
1971 BT_OCTET16_LEN);
1972
1973 smp_calculate_f4(p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1974 p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1975 p_cb->sc_oob_data.loc_oob_data.randomizer, 0,
1976 p_cb->sc_oob_data.loc_oob_data.commitment);
1977
1978 #if SMP_DEBUG == TRUE
1979 UINT8 *p_print = NULL;
1980 SMP_TRACE_DEBUG("local SC OOB data set:");
1981 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.addr_sent_to;
1982 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"addr_sent_to",
1983 sizeof(tBLE_BD_ADDR));
1984 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.private_key_used;
1985 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"private_key_used",
1986 BT_OCTET32_LEN);
1987 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.x;
1988 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.x",
1989 BT_OCTET32_LEN);
1990 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.y;
1991 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.y",
1992 BT_OCTET32_LEN);
1993 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.randomizer;
1994 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"randomizer",
1995 BT_OCTET16_LEN);
1996 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.commitment;
1997 smp_debug_print_nbyte_little_endian (p_print,(const UINT8 *) "commitment",
1998 BT_OCTET16_LEN);
1999 SMP_TRACE_DEBUG("");
2000 #endif
2001
2002 /* pass created OOB data up */
2003 p_cb->cb_evt = SMP_SC_LOC_OOB_DATA_UP_EVT;
2004 smp_send_app_cback(p_cb, NULL);
2005
2006 smp_cb_cleanup(p_cb);
2007 }
2008
2009 /*******************************************************************************
2010 **
2011 ** Function smp_link_encrypted
2012 **
2013 ** Description This function is called when link is encrypted and notified to
2014 ** slave device. Proceed to to send LTK, DIV and ER to master if
2015 ** bonding the devices.
2016 **
2017 **
2018 ** Returns void
2019 **
2020 *******************************************************************************/
smp_link_encrypted(BD_ADDR bda,UINT8 encr_enable)2021 void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable)
2022 {
2023 tSMP_CB *p_cb = &smp_cb;
2024
2025 SMP_TRACE_DEBUG("%s encr_enable=%d", __func__, encr_enable);
2026
2027 if (memcmp(&smp_cb.pairing_bda[0], bda, BD_ADDR_LEN) == 0)
2028 {
2029 /* encryption completed with STK, remmeber the key size now, could be overwite
2030 * when key exchange happens */
2031 if (p_cb->loc_enc_size != 0 && encr_enable)
2032 {
2033 /* update the link encryption key size if a SMP pairing just performed */
2034 btm_ble_update_sec_key_size(bda, p_cb->loc_enc_size);
2035 }
2036
2037 smp_sm_event(&smp_cb, SMP_ENCRYPTED_EVT, &encr_enable);
2038 }
2039 }
2040
2041 /*******************************************************************************
2042 **
2043 ** Function smp_proc_ltk_request
2044 **
2045 ** Description This function is called when LTK request is received from
2046 ** controller.
2047 **
2048 ** Returns void
2049 **
2050 *******************************************************************************/
smp_proc_ltk_request(BD_ADDR bda)2051 BOOLEAN smp_proc_ltk_request(BD_ADDR bda)
2052 {
2053 SMP_TRACE_DEBUG("%s state = %d", __func__, smp_cb.state);
2054 BOOLEAN match = FALSE;
2055
2056 if (!memcmp(bda, smp_cb.pairing_bda, BD_ADDR_LEN))
2057 {
2058 match = TRUE;
2059 } else {
2060 BD_ADDR dummy_bda = {0};
2061 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bda);
2062 if (p_dev_rec != NULL &&
2063 0 == memcmp(p_dev_rec->ble.pseudo_addr, smp_cb.pairing_bda, BD_ADDR_LEN) &&
2064 0 != memcmp(p_dev_rec->ble.pseudo_addr, dummy_bda, BD_ADDR_LEN))
2065 {
2066 match = TRUE;
2067 }
2068 }
2069
2070 if (match && smp_cb.state == SMP_STATE_ENCRYPTION_PENDING)
2071 {
2072 smp_sm_event(&smp_cb, SMP_ENC_REQ_EVT, NULL);
2073 return TRUE;
2074 }
2075
2076 return FALSE;
2077 }
2078
2079 /*******************************************************************************
2080 **
2081 ** Function smp_process_secure_connection_long_term_key
2082 **
2083 ** Description This function is called to process SC LTK.
2084 ** SC LTK is calculated and used instead of STK.
2085 ** Here SC LTK is saved in BLE DB.
2086 **
2087 ** Returns void
2088 **
2089 *******************************************************************************/
smp_process_secure_connection_long_term_key(void)2090 void smp_process_secure_connection_long_term_key(void)
2091 {
2092 tSMP_CB *p_cb = &smp_cb;
2093
2094 SMP_TRACE_DEBUG("%s", __func__);
2095 smp_save_secure_connections_long_term_key(p_cb);
2096
2097 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
2098 smp_key_distribution(p_cb, NULL);
2099 }
2100
2101 /*******************************************************************************
2102 **
2103 ** Function smp_set_derive_link_key
2104 **
2105 ** Description This function is called to set flag that indicates that
2106 ** BR/EDR LK has to be derived from LTK after all keys are
2107 ** distributed.
2108 **
2109 ** Returns void
2110 **
2111 *******************************************************************************/
smp_set_derive_link_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2112 void smp_set_derive_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2113 {
2114 SMP_TRACE_DEBUG ("%s", __func__);
2115 p_cb->derive_lk = TRUE;
2116 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_LK, FALSE);
2117 smp_key_distribution(p_cb, NULL);
2118 }
2119
2120 /*******************************************************************************
2121 **
2122 ** Function smp_derive_link_key_from_long_term_key
2123 **
2124 ** Description This function is called to derive BR/EDR LK from LTK.
2125 **
2126 ** Returns void
2127 **
2128 *******************************************************************************/
smp_derive_link_key_from_long_term_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2129 void smp_derive_link_key_from_long_term_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2130 {
2131 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
2132
2133 SMP_TRACE_DEBUG("%s", __func__);
2134 if (!smp_calculate_link_key_from_long_term_key(p_cb))
2135 {
2136 SMP_TRACE_ERROR("%s failed", __FUNCTION__);
2137 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
2138 return;
2139 }
2140 }
2141
2142 /*******************************************************************************
2143 **
2144 ** Function smp_br_process_link_key
2145 **
2146 ** Description This function is called to process BR/EDR LK:
2147 ** - to derive SMP LTK from BR/EDR LK;
2148 *8 - to save SMP LTK.
2149 **
2150 ** Returns void
2151 **
2152 *******************************************************************************/
smp_br_process_link_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2153 void smp_br_process_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2154 {
2155 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
2156
2157 SMP_TRACE_DEBUG("%s", __func__);
2158 if (!smp_calculate_long_term_key_from_link_key(p_cb))
2159 {
2160 SMP_TRACE_ERROR ("%s failed",__FUNCTION__);
2161 smp_sm_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &status);
2162 return;
2163 }
2164
2165 SMP_TRACE_DEBUG("%s: LTK derivation from LK successfully completed", __FUNCTION__);
2166 smp_save_secure_connections_long_term_key(p_cb);
2167 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
2168 smp_br_select_next_key(p_cb, NULL);
2169 }
2170
2171 /*******************************************************************************
2172 ** Function smp_key_distribution_by_transport
2173 ** Description depending on the transport used at the moment calls either
2174 ** smp_key_distribution(...) or smp_br_key_distribution(...).
2175 *******************************************************************************/
smp_key_distribution_by_transport(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2176 void smp_key_distribution_by_transport(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2177 {
2178 SMP_TRACE_DEBUG("%s", __func__);
2179 if (p_cb->smp_over_br)
2180 {
2181 smp_br_select_next_key(p_cb, NULL);
2182 }
2183 else
2184 {
2185 smp_key_distribution(p_cb, NULL);
2186 }
2187 }
2188
2189 /*******************************************************************************
2190 ** Function smp_br_pairing_complete
2191 ** Description This function is called to send the pairing complete callback
2192 ** and remove the connection if needed.
2193 *******************************************************************************/
smp_br_pairing_complete(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2194 void smp_br_pairing_complete(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2195 {
2196 SMP_TRACE_DEBUG("%s", __func__);
2197
2198 if (p_cb->total_tx_unacked == 0)
2199 {
2200 /* process the pairing complete */
2201 smp_proc_pairing_cmpl(p_cb);
2202 }
2203 }
2204
2205 #endif
2206