• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /******************************************************************************
2  *
3  *  Copyright (C) 2003-2012 Broadcom Corporation
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 #include <string.h>
20 #include "device/include/interop.h"
21 #include "include/bt_target.h"
22 #include "stack/btm/btm_int.h"
23 #include "stack/include/l2c_api.h"
24 #include "stack/smp/smp_int.h"
25 #include "utils/include/bt_utils.h"
26 
27 extern fixed_queue_t *btu_general_alarm_queue;
28 
29 #if SMP_INCLUDED == TRUE
30 const UINT8 smp_association_table[2][SMP_IO_CAP_MAX][SMP_IO_CAP_MAX] =
31 {
32     /* initiator */
33     {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY,   SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* Display Only */
34         {SMP_MODEL_ENCRYPTION_ONLY,  SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* SMP_CAP_IO = 1 */
35         {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF,  SMP_MODEL_PASSKEY,   SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* keyboard only */
36         {SMP_MODEL_ENCRYPTION_ONLY,  SMP_MODEL_ENCRYPTION_ONLY,   SMP_MODEL_ENCRYPTION_ONLY,  SMP_MODEL_ENCRYPTION_ONLY,    SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */
37         {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF,  SMP_MODEL_PASSKEY,   SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}}, /* keyboard display */
38     /* responder */
39     {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY,   SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY,    SMP_MODEL_KEY_NOTIF}, /* Display Only */
40         {SMP_MODEL_ENCRYPTION_ONLY,  SMP_MODEL_ENCRYPTION_ONLY,   SMP_MODEL_KEY_NOTIF,   SMP_MODEL_ENCRYPTION_ONLY,    SMP_MODEL_KEY_NOTIF}, /* SMP_CAP_IO = 1 */
41         {SMP_MODEL_PASSKEY,   SMP_MODEL_PASSKEY,    SMP_MODEL_PASSKEY,   SMP_MODEL_ENCRYPTION_ONLY,    SMP_MODEL_PASSKEY}, /* keyboard only */
42         {SMP_MODEL_ENCRYPTION_ONLY,  SMP_MODEL_ENCRYPTION_ONLY,   SMP_MODEL_ENCRYPTION_ONLY,  SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */
43         {SMP_MODEL_PASSKEY,   SMP_MODEL_PASSKEY,    SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}} /* keyboard display */
44     /* display only */    /*SMP_CAP_IO = 1 */  /* keyboard only */   /* No InputOutput */  /* keyboard display */
45 };
46 
47 #define SMP_KEY_DIST_TYPE_MAX       4
48 const tSMP_ACT smp_distribute_act [] =
49 {
50     smp_generate_ltk,
51     smp_send_id_info,
52     smp_generate_csrk,
53     smp_set_derive_link_key
54 };
55 
lmp_version_below(BD_ADDR bda,uint8_t version)56 static bool lmp_version_below(BD_ADDR bda, uint8_t version)
57 {
58     tACL_CONN *acl = btm_bda_to_acl(bda, BT_TRANSPORT_LE);
59     if (acl == NULL || acl->lmp_version == 0)
60     {
61         SMP_TRACE_WARNING("%s cannot retrieve LMP version...", __func__);
62         return false;
63     }
64     SMP_TRACE_WARNING("%s LMP version %d < %d", __func__, acl->lmp_version, version);
65     return acl->lmp_version < version;
66 }
67 
pts_test_send_authentication_complete_failure(tSMP_CB * p_cb)68 static bool pts_test_send_authentication_complete_failure(tSMP_CB *p_cb)
69 {
70     uint8_t reason = 0;
71 
72     if (p_cb->cert_failure < 2 || p_cb->cert_failure > 6)
73         return false;
74 
75     SMP_TRACE_ERROR("%s failure case = %d", __func__, p_cb->cert_failure);
76 
77     switch (p_cb->cert_failure)
78     {
79         case 2:
80             reason = SMP_PAIR_AUTH_FAIL;
81             smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
82             break;
83         case 3:
84             reason = SMP_PAIR_FAIL_UNKNOWN;
85             smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
86             break;
87         case 4:
88             reason = SMP_PAIR_NOT_SUPPORT;
89             smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
90             break;
91         case 5:
92             reason = SMP_PASSKEY_ENTRY_FAIL;
93             smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
94             break;
95         case 6:
96             reason = SMP_REPEATED_ATTEMPTS;
97             smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
98             break;
99     }
100 
101     return true;;
102 }
103 
104 /*******************************************************************************
105 ** Function         smp_update_key_mask
106 ** Description      This function updates the key mask for sending or receiving.
107 *******************************************************************************/
smp_update_key_mask(tSMP_CB * p_cb,UINT8 key_type,BOOLEAN recv)108 static void smp_update_key_mask (tSMP_CB *p_cb, UINT8 key_type, BOOLEAN recv)
109 {
110     SMP_TRACE_DEBUG("%s before update role=%d recv=%d local_i_key = %02x, local_r_key = %02x",
111         __func__, p_cb->role, recv, p_cb->local_i_key, p_cb->local_r_key);
112 
113     if (((p_cb->le_secure_connections_mode_is_used) ||
114         (p_cb->smp_over_br)) &&
115         ((key_type == SMP_SEC_KEY_TYPE_ENC) || (key_type == SMP_SEC_KEY_TYPE_LK)))
116     {
117         /* in LE SC mode LTK, CSRK and BR/EDR LK are derived locally instead of
118         ** being exchanged with the peer */
119         p_cb->local_i_key &= ~key_type;
120         p_cb->local_r_key &= ~key_type;
121     }
122     else
123     if (p_cb->role == HCI_ROLE_SLAVE)
124     {
125         if (recv)
126             p_cb->local_i_key &= ~key_type;
127         else
128             p_cb->local_r_key &= ~key_type;
129     }
130     else
131     {
132         if (recv)
133             p_cb->local_r_key &= ~key_type;
134         else
135             p_cb->local_i_key &= ~key_type;
136     }
137 
138     SMP_TRACE_DEBUG("updated local_i_key = %02x, local_r_key = %02x", p_cb->local_i_key,
139                       p_cb->local_r_key);
140 }
141 
142 /*******************************************************************************
143 ** Function     smp_send_app_cback
144 ** Description  notifies application about the events the application is interested in
145 *******************************************************************************/
smp_send_app_cback(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)146 void smp_send_app_cback(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
147 {
148     tSMP_EVT_DATA   cb_data;
149     tSMP_STATUS callback_rc;
150     SMP_TRACE_DEBUG("%s p_cb->cb_evt=%d", __func__, p_cb->cb_evt);
151     if (p_cb->p_callback && p_cb->cb_evt != 0)
152     {
153         switch (p_cb->cb_evt)
154         {
155             case SMP_IO_CAP_REQ_EVT:
156                 cb_data.io_req.auth_req = p_cb->peer_auth_req;
157                 cb_data.io_req.oob_data = SMP_OOB_NONE;
158                 cb_data.io_req.io_cap = SMP_DEFAULT_IO_CAPS;
159                 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
160                 cb_data.io_req.init_keys = p_cb->local_i_key ;
161                 cb_data.io_req.resp_keys = p_cb->local_r_key ;
162                 SMP_TRACE_WARNING ( "io_cap = %d",cb_data.io_req.io_cap);
163                 break;
164 
165             case SMP_NC_REQ_EVT:
166                 cb_data.passkey = p_data->passkey;
167                 break;
168             case SMP_SC_OOB_REQ_EVT:
169                 cb_data.req_oob_type = p_data->req_oob_type;
170                 break;
171             case SMP_SC_LOC_OOB_DATA_UP_EVT:
172                 cb_data.loc_oob_data = p_cb->sc_oob_data.loc_oob_data;
173                 break;
174 
175             case SMP_BR_KEYS_REQ_EVT:
176                 cb_data.io_req.auth_req = 0;
177                 cb_data.io_req.oob_data = SMP_OOB_NONE;
178                 cb_data.io_req.io_cap = 0;
179                 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
180                 cb_data.io_req.init_keys = SMP_BR_SEC_DEFAULT_KEY;
181                 cb_data.io_req.resp_keys = SMP_BR_SEC_DEFAULT_KEY;
182                 break;
183 
184             default:
185                 break;
186         }
187 
188         callback_rc = (*p_cb->p_callback)(p_cb->cb_evt, p_cb->pairing_bda, &cb_data);
189 
190         SMP_TRACE_DEBUG("callback_rc=%d  p_cb->cb_evt=%d",callback_rc, p_cb->cb_evt );
191 
192         if (callback_rc == SMP_SUCCESS)
193         {
194             switch (p_cb->cb_evt)
195             {
196                 case SMP_IO_CAP_REQ_EVT:
197                     p_cb->loc_auth_req   = cb_data.io_req.auth_req;
198                     p_cb->local_io_capability  = cb_data.io_req.io_cap;
199                     p_cb->loc_oob_flag = cb_data.io_req.oob_data;
200                     p_cb->loc_enc_size = cb_data.io_req.max_key_size;
201                     p_cb->local_i_key = cb_data.io_req.init_keys;
202                     p_cb->local_r_key = cb_data.io_req.resp_keys;
203 
204                     if (!(p_cb->loc_auth_req & SMP_AUTH_BOND))
205                     {
206                         SMP_TRACE_WARNING ("Non bonding: No keys will be exchanged");
207                         p_cb->local_i_key = 0;
208                         p_cb->local_r_key = 0;
209                     }
210 
211                     SMP_TRACE_WARNING ( "rcvd auth_req: 0x%02x, io_cap: %d \
212                         loc_oob_flag: %d loc_enc_size: %d,"
213                         "local_i_key: 0x%02x, local_r_key: 0x%02x",
214                         p_cb->loc_auth_req, p_cb->local_io_capability, p_cb->loc_oob_flag,
215                         p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key);
216 
217                     p_cb->secure_connections_only_mode_required =
218                         (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE;
219 
220                     if (p_cb->secure_connections_only_mode_required)
221                     {
222                         p_cb->loc_auth_req |= SMP_SC_SUPPORT_BIT;
223                     }
224 
225                     if (!(p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT)
226                         || lmp_version_below(p_cb->pairing_bda, HCI_PROTO_VERSION_4_2)
227                         || interop_match_addr(INTEROP_DISABLE_LE_SECURE_CONNECTIONS,
228                             (const bt_bdaddr_t *)&p_cb->pairing_bda))
229                     {
230                         p_cb->loc_auth_req &= ~SMP_KP_SUPPORT_BIT;
231                         p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
232                         p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
233                     }
234 
235                     SMP_TRACE_WARNING("set auth_req: 0x%02x, local_i_key: 0x%02x, local_r_key: 0x%02x",
236                         p_cb->loc_auth_req, p_cb->local_i_key, p_cb->local_r_key);
237 
238                     smp_sm_event(p_cb, SMP_IO_RSP_EVT, NULL);
239                     break;
240 
241                 case SMP_BR_KEYS_REQ_EVT:
242                     p_cb->loc_enc_size = cb_data.io_req.max_key_size;
243                     p_cb->local_i_key = cb_data.io_req.init_keys;
244                     p_cb->local_r_key = cb_data.io_req.resp_keys;
245 
246                     p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
247                     p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
248 
249                     SMP_TRACE_WARNING ( "for SMP over BR max_key_size: 0x%02x,\
250                         local_i_key: 0x%02x, local_r_key: 0x%02x",
251                         p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key);
252 
253                     smp_br_state_machine_event(p_cb, SMP_BR_KEYS_RSP_EVT, NULL);
254                     break;
255             }
256         }
257     }
258 
259     if (!p_cb->cb_evt && p_cb->discard_sec_req)
260     {
261         p_cb->discard_sec_req = FALSE;
262         smp_sm_event(p_cb, SMP_DISCARD_SEC_REQ_EVT, NULL);
263     }
264 
265     SMP_TRACE_DEBUG("%s return", __func__);
266 }
267 
268 /*******************************************************************************
269 ** Function     smp_send_pair_fail
270 ** Description  pairing failure to peer device if needed.
271 *******************************************************************************/
smp_send_pair_fail(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)272 void smp_send_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
273 {
274     p_cb->status = *(UINT8 *)p_data;
275     p_cb->failure = *(UINT8 *)p_data;
276 
277     SMP_TRACE_DEBUG("%s status=%d failure=%d ", __func__, p_cb->status, p_cb->failure);
278 
279     if (p_cb->status <= SMP_MAX_FAIL_RSN_PER_SPEC && p_cb->status != SMP_SUCCESS)
280     {
281         smp_send_cmd(SMP_OPCODE_PAIRING_FAILED, p_cb);
282         p_cb->wait_for_authorization_complete = TRUE;
283     }
284 }
285 
286 /*******************************************************************************
287 ** Function     smp_send_pair_req
288 ** Description  actions related to sending pairing request
289 *******************************************************************************/
smp_send_pair_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)290 void smp_send_pair_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
291 {
292     tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
293     SMP_TRACE_DEBUG("%s", __func__);
294 
295     /* erase all keys when master sends pairing req*/
296     if (p_dev_rec)
297         btm_sec_clear_ble_keys(p_dev_rec);
298     /* do not manipulate the key, let app decide,
299        leave out to BTM to mandate key distribution for bonding case */
300     smp_send_cmd(SMP_OPCODE_PAIRING_REQ, p_cb);
301 }
302 
303 /*******************************************************************************
304 ** Function     smp_send_pair_rsp
305 ** Description  actions related to sending pairing response
306 *******************************************************************************/
smp_send_pair_rsp(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)307 void smp_send_pair_rsp(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
308 {
309     SMP_TRACE_DEBUG("%s", __func__);
310 
311     p_cb->local_i_key &= p_cb->peer_i_key;
312     p_cb->local_r_key &= p_cb->peer_r_key;
313 
314     if (smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb))
315     {
316         if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
317             smp_use_oob_private_key(p_cb, NULL);
318         else
319             smp_decide_association_model(p_cb, NULL);
320     }
321 }
322 
323 /*******************************************************************************
324 ** Function     smp_send_confirm
325 ** Description  send confirmation to the peer
326 *******************************************************************************/
smp_send_confirm(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)327 void smp_send_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
328 {
329     SMP_TRACE_DEBUG("%s", __func__);
330     smp_send_cmd(SMP_OPCODE_CONFIRM, p_cb);
331 }
332 
333 /*******************************************************************************
334 ** Function     smp_send_init
335 ** Description  process pairing initializer to slave device
336 *******************************************************************************/
smp_send_init(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)337 void smp_send_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
338 {
339     SMP_TRACE_DEBUG("%s", __func__);
340     smp_send_cmd(SMP_OPCODE_INIT, p_cb);
341 }
342 
343 /*******************************************************************************
344 ** Function     smp_send_rand
345 ** Description  send pairing random to the peer
346 *******************************************************************************/
smp_send_rand(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)347 void smp_send_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
348 {
349     SMP_TRACE_DEBUG("%s", __func__);
350     smp_send_cmd(SMP_OPCODE_RAND, p_cb);
351 }
352 
353 /*******************************************************************************
354 ** Function     smp_send_pair_public_key
355 ** Description  send pairing public key command to the peer
356 *******************************************************************************/
smp_send_pair_public_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)357 void smp_send_pair_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
358 {
359     SMP_TRACE_DEBUG("%s", __func__);
360     smp_send_cmd(SMP_OPCODE_PAIR_PUBLIC_KEY, p_cb);
361 }
362 
363 /*******************************************************************************
364 ** Function     SMP_SEND_COMMITMENT
365 ** Description send commitment command to the peer
366 *******************************************************************************/
smp_send_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)367 void smp_send_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
368 {
369     SMP_TRACE_DEBUG("%s", __func__);
370     smp_send_cmd(SMP_OPCODE_PAIR_COMMITM, p_cb);
371 }
372 
373 /*******************************************************************************
374 ** Function     smp_send_dhkey_check
375 ** Description send DHKey Check command to the peer
376 *******************************************************************************/
smp_send_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)377 void smp_send_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
378 {
379     SMP_TRACE_DEBUG("%s", __func__);
380     smp_send_cmd(SMP_OPCODE_PAIR_DHKEY_CHECK, p_cb);
381 }
382 
383 /*******************************************************************************
384 ** Function     smp_send_keypress_notification
385 ** Description send Keypress Notification command to the peer
386 *******************************************************************************/
smp_send_keypress_notification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)387 void smp_send_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
388 {
389     p_cb->local_keypress_notification = *(UINT8 *) p_data;
390     smp_send_cmd(SMP_OPCODE_PAIR_KEYPR_NOTIF, p_cb);
391 }
392 
393 /*******************************************************************************
394 ** Function     smp_send_enc_info
395 ** Description  send encryption information command.
396 *******************************************************************************/
smp_send_enc_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)397 void smp_send_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
398 {
399     tBTM_LE_LENC_KEYS   le_key;
400 
401     SMP_TRACE_DEBUG("%s p_cb->loc_enc_size = %d", __func__, p_cb->loc_enc_size);
402     smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
403 
404     smp_send_cmd(SMP_OPCODE_ENCRYPT_INFO, p_cb);
405     smp_send_cmd(SMP_OPCODE_MASTER_ID, p_cb);
406 
407     /* save the DIV and key size information when acting as slave device */
408     memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
409     le_key.div =  p_cb->div;
410     le_key.key_size = p_cb->loc_enc_size;
411     le_key.sec_level = p_cb->sec_level;
412 
413     if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
414         btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LENC,
415                             (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
416 
417     SMP_TRACE_WARNING ("%s", __func__);
418 
419     smp_key_distribution(p_cb, NULL);
420 }
421 
422 /*******************************************************************************
423 ** Function     smp_send_id_info
424 ** Description  send ID information command.
425 *******************************************************************************/
smp_send_id_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)426 void smp_send_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
427 {
428     tBTM_LE_KEY_VALUE   le_key;
429     SMP_TRACE_DEBUG("%s", __func__);
430     smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, FALSE);
431 
432     smp_send_cmd(SMP_OPCODE_IDENTITY_INFO, p_cb);
433     smp_send_cmd(SMP_OPCODE_ID_ADDR, p_cb);
434 
435     if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
436         btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LID,
437                             &le_key, TRUE);
438 
439     SMP_TRACE_WARNING ("%s", __func__);
440     smp_key_distribution_by_transport(p_cb, NULL);
441 }
442 
443 /*******************************************************************************
444 ** Function     smp_send_csrk_info
445 ** Description  send CSRK command.
446 *******************************************************************************/
smp_send_csrk_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)447 void smp_send_csrk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
448 {
449     tBTM_LE_LCSRK_KEYS  key;
450     SMP_TRACE_DEBUG("%s", __func__);
451     smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, FALSE);
452 
453     if (smp_send_cmd(SMP_OPCODE_SIGN_INFO, p_cb))
454     {
455         key.div = p_cb->div;
456         key.sec_level = p_cb->sec_level;
457         key.counter = 0; /* initialize the local counter */
458         memcpy (key.csrk, p_cb->csrk, BT_OCTET16_LEN);
459         btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LCSRK, (tBTM_LE_KEY_VALUE *)&key, TRUE);
460     }
461 
462     smp_key_distribution_by_transport(p_cb, NULL);
463 }
464 
465 /*******************************************************************************
466 ** Function     smp_send_ltk_reply
467 ** Description  send LTK reply
468 *******************************************************************************/
smp_send_ltk_reply(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)469 void smp_send_ltk_reply(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
470 {
471     SMP_TRACE_DEBUG("%s", __func__);
472     /* send stk as LTK response */
473     btm_ble_ltk_request_reply(p_cb->pairing_bda, TRUE, p_data->key.p_data);
474 }
475 
476 /*******************************************************************************
477 ** Function     smp_proc_sec_req
478 ** Description  process security request.
479 *******************************************************************************/
smp_proc_sec_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)480 void smp_proc_sec_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
481 {
482     tBTM_LE_AUTH_REQ auth_req = *(tBTM_LE_AUTH_REQ *)p_data;
483     tBTM_BLE_SEC_REQ_ACT sec_req_act;
484     UINT8 reason;
485 
486     SMP_TRACE_DEBUG("%s auth_req=0x%x", __func__, auth_req);
487 
488     p_cb->cb_evt = 0;
489 
490     btm_ble_link_sec_check(p_cb->pairing_bda, auth_req,  &sec_req_act);
491 
492     SMP_TRACE_DEBUG("%s sec_req_act=0x%x", __func__, sec_req_act);
493 
494     switch (sec_req_act)
495     {
496         case  BTM_BLE_SEC_REQ_ACT_ENCRYPT:
497             SMP_TRACE_DEBUG("%s BTM_BLE_SEC_REQ_ACT_ENCRYPT", __func__);
498             smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
499             break;
500 
501         case BTM_BLE_SEC_REQ_ACT_PAIR:
502             p_cb->secure_connections_only_mode_required =
503                     (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE;
504 
505             /* respond to non SC pairing request as failure in SC only mode */
506             if (p_cb->secure_connections_only_mode_required &&
507                 (auth_req & SMP_SC_SUPPORT_BIT) == 0)
508             {
509                 reason = SMP_PAIR_AUTH_FAIL;
510                 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
511             }
512             else
513             {
514                 /* initialize local i/r key to be default keys */
515                 p_cb->peer_auth_req = auth_req;
516                 p_cb->local_r_key = p_cb->local_i_key = SMP_SEC_DEFAULT_KEY ;
517                 p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
518             }
519             break;
520 
521         case BTM_BLE_SEC_REQ_ACT_DISCARD:
522             p_cb->discard_sec_req = TRUE;
523             break;
524 
525         default:
526             /* do nothing */
527             break;
528     }
529 }
530 
531 /*******************************************************************************
532 ** Function     smp_proc_sec_grant
533 ** Description  process security grant.
534 *******************************************************************************/
smp_proc_sec_grant(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)535 void smp_proc_sec_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
536 {
537     UINT8 res= *(UINT8 *)p_data;
538     SMP_TRACE_DEBUG("%s", __func__);
539     if (res != SMP_SUCCESS)
540     {
541         smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, p_data);
542     }
543     else /*otherwise, start pairing */
544     {
545         /* send IO request callback */
546         p_cb->cb_evt = SMP_IO_CAP_REQ_EVT;
547     }
548 }
549 
550 /*******************************************************************************
551 ** Function     smp_proc_pair_fail
552 ** Description  process pairing failure from peer device
553 *******************************************************************************/
smp_proc_pair_fail(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)554 void smp_proc_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
555 {
556     SMP_TRACE_DEBUG("%s", __func__);
557     p_cb->status = *(UINT8 *)p_data;
558 
559     /* Cancel pending auth complete timer if set */
560     alarm_cancel(p_cb->delayed_auth_timer_ent);
561 }
562 
563 /*******************************************************************************
564 ** Function     smp_proc_pair_cmd
565 ** Description  Process the SMP pairing request/response from peer device
566 *******************************************************************************/
smp_proc_pair_cmd(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)567 void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
568 {
569     UINT8   *p = (UINT8 *)p_data;
570     UINT8   reason = SMP_ENC_KEY_SIZE;
571     tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
572 
573     SMP_TRACE_DEBUG("%s", __func__);
574     /* erase all keys if it is slave proc pairing req*/
575     if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
576         btm_sec_clear_ble_keys(p_dev_rec);
577 
578     p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
579 
580     STREAM_TO_UINT8(p_cb->peer_io_caps, p);
581     STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
582     STREAM_TO_UINT8(p_cb->peer_auth_req, p);
583     STREAM_TO_UINT8(p_cb->peer_enc_size, p);
584     STREAM_TO_UINT8(p_cb->peer_i_key, p);
585     STREAM_TO_UINT8(p_cb->peer_r_key, p);
586 
587     if (smp_command_has_invalid_parameters(p_cb))
588     {
589         reason = SMP_INVALID_PARAMETERS;
590         smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
591         return;
592     }
593 
594     // PTS Testing failure modes
595     if (pts_test_send_authentication_complete_failure(p_cb))
596         return;
597 
598     if (p_cb->role == HCI_ROLE_SLAVE)
599     {
600         if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD))
601         {
602             /* peer (master) started pairing sending Pairing Request */
603             p_cb->local_i_key = p_cb->peer_i_key;
604             p_cb->local_r_key = p_cb->peer_r_key;
605 
606             p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
607         }
608         else /* update local i/r key according to pairing request */
609         {
610             /* pairing started with this side (slave) sending Security Request */
611             p_cb->local_i_key &= p_cb->peer_i_key;
612             p_cb->local_r_key &= p_cb->peer_r_key;
613             p_cb->selected_association_model = smp_select_association_model(p_cb);
614 
615             if (p_cb->secure_connections_only_mode_required &&
616                 (!(p_cb->le_secure_connections_mode_is_used) ||
617                (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
618             {
619                 SMP_TRACE_ERROR("%s pairing failed - slave requires secure connection only mode",
620                     __func__);
621                 reason = SMP_PAIR_AUTH_FAIL;
622                 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
623                 return;
624             }
625 
626             if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
627             {
628                 if (smp_request_oob_data(p_cb)) return;
629             }
630             else
631             {
632                 smp_send_pair_rsp(p_cb, NULL);
633             }
634         }
635     }
636     else /* Master receives pairing response */
637     {
638         p_cb->selected_association_model = smp_select_association_model(p_cb);
639 
640         if (p_cb->secure_connections_only_mode_required &&
641             (!(p_cb->le_secure_connections_mode_is_used) ||
642            (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
643         {
644             SMP_TRACE_ERROR ("Master requires secure connection only mode \
645                 but it can't be provided -> Master fails pairing");
646             reason = SMP_PAIR_AUTH_FAIL;
647             smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
648             return;
649         }
650 
651         if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
652         {
653             if (smp_request_oob_data(p_cb)) return;
654         }
655         else
656         {
657             smp_decide_association_model(p_cb, NULL);
658         }
659     }
660 }
661 
662 /*******************************************************************************
663 ** Function     smp_proc_confirm
664 ** Description  process pairing confirm from peer device
665 *******************************************************************************/
smp_proc_confirm(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)666 void smp_proc_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
667 {
668     UINT8 *p = (UINT8 *)p_data;
669     UINT8 reason = SMP_INVALID_PARAMETERS;
670 
671     SMP_TRACE_DEBUG("%s", __func__);
672 
673     if (smp_command_has_invalid_parameters(p_cb))
674     {
675         smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
676         return;
677     }
678 
679     if (p != NULL)
680     {
681         /* save the SConfirm for comparison later */
682         STREAM_TO_ARRAY(p_cb->rconfirm, p, BT_OCTET16_LEN);
683     }
684 
685     p_cb->flags |= SMP_PAIR_FLAGS_CMD_CONFIRM;
686 }
687 
688 /*******************************************************************************
689 ** Function     smp_proc_init
690 ** Description  process pairing initializer from peer device
691 *******************************************************************************/
smp_proc_init(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)692 void smp_proc_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
693 {
694     UINT8 *p = (UINT8 *)p_data;
695     UINT8 reason = SMP_INVALID_PARAMETERS;
696 
697     SMP_TRACE_DEBUG("%s", __func__);
698 
699     if (smp_command_has_invalid_parameters(p_cb))
700     {
701         smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
702         return;
703     }
704 
705     /* save the SRand for comparison */
706     STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
707 }
708 
709 /*******************************************************************************
710 ** Function     smp_proc_rand
711 ** Description  process pairing random (nonce) from peer device
712 *******************************************************************************/
smp_proc_rand(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)713 void smp_proc_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
714 {
715     UINT8 *p = (UINT8 *)p_data;
716     UINT8 reason = SMP_INVALID_PARAMETERS;
717 
718     SMP_TRACE_DEBUG("%s", __func__);
719 
720     if (smp_command_has_invalid_parameters(p_cb))
721     {
722         smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
723         return;
724     }
725 
726     /* save the SRand for comparison */
727     STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
728 }
729 
730 /*******************************************************************************
731 ** Function     smp_process_pairing_public_key
732 ** Description  process pairing public key command from the peer device
733 **              - saves the peer public key;
734 **              - sets the flag indicating that the peer public key is received;
735 **              - calls smp_wait_for_both_public_keys(...).
736 **
737 *******************************************************************************/
smp_process_pairing_public_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)738 void smp_process_pairing_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
739 {
740     UINT8 *p = (UINT8 *)p_data;
741     UINT8 reason = SMP_INVALID_PARAMETERS;
742 
743     SMP_TRACE_DEBUG("%s", __func__);
744 
745     if (smp_command_has_invalid_parameters(p_cb))
746     {
747         smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
748         return;
749     }
750 
751     STREAM_TO_ARRAY(p_cb->peer_publ_key.x, p, BT_OCTET32_LEN);
752     STREAM_TO_ARRAY(p_cb->peer_publ_key.y, p, BT_OCTET32_LEN);
753     p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY;
754 
755     smp_wait_for_both_public_keys(p_cb, NULL);
756 }
757 
758 /*******************************************************************************
759 ** Function     smp_process_pairing_commitment
760 ** Description  process pairing commitment from peer device
761 *******************************************************************************/
smp_process_pairing_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)762 void smp_process_pairing_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
763 {
764     UINT8 *p = (UINT8 *)p_data;
765     UINT8 reason = SMP_INVALID_PARAMETERS;
766 
767     SMP_TRACE_DEBUG("%s", __func__);
768 
769     if (smp_command_has_invalid_parameters(p_cb))
770     {
771         smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
772         return;
773     }
774 
775     p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_COMM;
776 
777     if (p != NULL)
778     {
779         STREAM_TO_ARRAY(p_cb->remote_commitment, p, BT_OCTET16_LEN);
780     }
781 }
782 
783 /*******************************************************************************
784 ** Function     smp_process_dhkey_check
785 ** Description  process DHKey Check from peer device
786 *******************************************************************************/
smp_process_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)787 void smp_process_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
788 {
789     UINT8 *p = (UINT8 *)p_data;
790     UINT8 reason = SMP_INVALID_PARAMETERS;
791 
792     SMP_TRACE_DEBUG("%s", __func__);
793 
794     if (smp_command_has_invalid_parameters(p_cb))
795     {
796         smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
797         return;
798     }
799 
800     if (p != NULL)
801     {
802         STREAM_TO_ARRAY(p_cb->remote_dhkey_check, p, BT_OCTET16_LEN);
803     }
804 
805     p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK;
806 }
807 
808 /*******************************************************************************
809 ** Function     smp_process_keypress_notification
810 ** Description  process pairing keypress notification from peer device
811 *******************************************************************************/
smp_process_keypress_notification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)812 void smp_process_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
813 {
814     UINT8 *p = (UINT8 *)p_data;
815     UINT8 reason = SMP_INVALID_PARAMETERS;
816 
817     SMP_TRACE_DEBUG("%s", __func__);
818     p_cb->status = *(UINT8 *)p_data;
819 
820     if (smp_command_has_invalid_parameters(p_cb))
821     {
822         smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
823         return;
824     }
825 
826     if (p != NULL)
827     {
828         STREAM_TO_UINT8(p_cb->peer_keypress_notification, p);
829     }
830     else
831     {
832         p_cb->peer_keypress_notification = BTM_SP_KEY_OUT_OF_RANGE;
833     }
834     p_cb->cb_evt = SMP_PEER_KEYPR_NOT_EVT;
835 }
836 
837 /*******************************************************************************
838 ** Function     smp_br_process_pairing_command
839 ** Description  Process the SMP pairing request/response from peer device via
840 **              BR/EDR transport.
841 *******************************************************************************/
smp_br_process_pairing_command(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)842 void smp_br_process_pairing_command(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
843 {
844     UINT8   *p = (UINT8 *)p_data;
845     UINT8   reason = SMP_ENC_KEY_SIZE;
846     tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
847 
848     SMP_TRACE_DEBUG("%s", __func__);
849     /* rejecting BR pairing request over non-SC BR link */
850     if (!p_dev_rec->new_encryption_key_is_p256 && p_cb->role == HCI_ROLE_SLAVE)
851     {
852         reason = SMP_XTRANS_DERIVE_NOT_ALLOW;
853         smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
854         return;
855     }
856 
857     /* erase all keys if it is slave proc pairing req*/
858     if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
859         btm_sec_clear_ble_keys(p_dev_rec);
860 
861     p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
862 
863     STREAM_TO_UINT8(p_cb->peer_io_caps, p);
864     STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
865     STREAM_TO_UINT8(p_cb->peer_auth_req, p);
866     STREAM_TO_UINT8(p_cb->peer_enc_size, p);
867     STREAM_TO_UINT8(p_cb->peer_i_key, p);
868     STREAM_TO_UINT8(p_cb->peer_r_key, p);
869 
870     if (smp_command_has_invalid_parameters(p_cb))
871     {
872         reason = SMP_INVALID_PARAMETERS;
873         smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
874         return;
875     }
876 
877     /* peer (master) started pairing sending Pairing Request */
878     /* or being master device always use received i/r key as keys to distribute */
879     p_cb->local_i_key = p_cb->peer_i_key;
880     p_cb->local_r_key = p_cb->peer_r_key;
881 
882     if (p_cb->role == HCI_ROLE_SLAVE)
883     {
884         p_dev_rec->new_encryption_key_is_p256 = FALSE;
885         /* shortcut to skip Security Grant step */
886         p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
887     }
888     else /* Master receives pairing response */
889     {
890         SMP_TRACE_DEBUG("%s master rcvs valid PAIRING RESPONSE."
891                           " Supposed to move to key distribution phase. ", __func__);
892     }
893 
894     /* auth_req received via BR/EDR SM channel is set to 0,
895        but everything derived/exchanged has to be saved */
896     p_cb->peer_auth_req |= SMP_AUTH_BOND;
897     p_cb->loc_auth_req |= SMP_AUTH_BOND;
898 }
899 
900 /*******************************************************************************
901 ** Function     smp_br_process_security_grant
902 ** Description  process security grant in case of pairing over BR/EDR transport.
903 *******************************************************************************/
smp_br_process_security_grant(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)904 void smp_br_process_security_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
905 {
906     UINT8 res= *(UINT8 *)p_data;
907     SMP_TRACE_DEBUG("%s", __func__);
908     if (res != SMP_SUCCESS)
909     {
910         smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, p_data);
911     }
912     else /*otherwise, start pairing */
913     {
914         /* send IO request callback */
915         p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
916     }
917 }
918 
919 /*******************************************************************************
920 ** Function     smp_br_check_authorization_request
921 ** Description  sets the SMP kes to be derived/distribute over BR/EDR transport
922 **              before starting the distribution/derivation
923 *******************************************************************************/
smp_br_check_authorization_request(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)924 void smp_br_check_authorization_request(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
925 {
926     UINT8 reason = SMP_SUCCESS;
927 
928     SMP_TRACE_DEBUG("%s rcvs i_keys=0x%x r_keys=0x%x "
929                       "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key,
930                       p_cb->local_r_key);
931 
932     /* In LE SC mode LK field is ignored when BR/EDR transport is used */
933     p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
934     p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
935 
936     /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
937     ** Set local_r_key on master to expect only these keys. */
938     if (p_cb->role == HCI_ROLE_MASTER)
939     {
940         p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
941     }
942 
943     SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x "
944                       "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key,
945                       p_cb->local_r_key);
946 
947     if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
948             (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
949         (p_cb->local_i_key || p_cb->local_r_key))
950     {
951         smp_br_state_machine_event(p_cb, SMP_BR_BOND_REQ_EVT, NULL);
952 
953         /* if no peer key is expected, start master key distribution */
954         if (p_cb->role == HCI_ROLE_MASTER && p_cb->local_r_key == 0)
955             smp_key_distribution_by_transport(p_cb, NULL);
956     }
957     else
958     {
959         smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
960     }
961 }
962 
963 /*******************************************************************************
964 ** Function     smp_br_select_next_key
965 ** Description  selects the next key to derive/send when BR/EDR transport is
966 **              used.
967 *******************************************************************************/
smp_br_select_next_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)968 void smp_br_select_next_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
969 {
970     UINT8   reason = SMP_SUCCESS;
971     SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x",
972                        __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
973 
974     if (p_cb->role == HCI_ROLE_SLAVE||
975         (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER))
976     {
977         smp_key_pick_key(p_cb, p_data);
978     }
979 
980     if (!p_cb->local_i_key && !p_cb->local_r_key)
981     {
982         /* state check to prevent re-entrance */
983         if (smp_get_br_state() == SMP_BR_STATE_BOND_PENDING)
984         {
985             if (p_cb->total_tx_unacked == 0)
986                 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
987             else
988                 p_cb->wait_for_authorization_complete = TRUE;
989         }
990     }
991 }
992 
993 /*******************************************************************************
994 ** Function     smp_proc_enc_info
995 ** Description  process encryption information from peer device
996 *******************************************************************************/
smp_proc_enc_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)997 void smp_proc_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
998 {
999     UINT8   *p = (UINT8 *)p_data;
1000 
1001     SMP_TRACE_DEBUG("%s", __func__);
1002     STREAM_TO_ARRAY(p_cb->ltk, p, BT_OCTET16_LEN);
1003 
1004     smp_key_distribution(p_cb, NULL);
1005 }
1006 /*******************************************************************************
1007 ** Function     smp_proc_master_id
1008 ** Description  process master ID from slave device
1009 *******************************************************************************/
smp_proc_master_id(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1010 void smp_proc_master_id(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1011 {
1012     UINT8   *p = (UINT8 *)p_data;
1013     tBTM_LE_PENC_KEYS   le_key;
1014 
1015     SMP_TRACE_DEBUG("%s", __func__);
1016     smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, TRUE);
1017 
1018     STREAM_TO_UINT16(le_key.ediv, p);
1019     STREAM_TO_ARRAY(le_key.rand, p, BT_OCTET8_LEN );
1020 
1021     /* store the encryption keys from peer device */
1022     memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
1023     le_key.sec_level = p_cb->sec_level;
1024     le_key.key_size  = p_cb->loc_enc_size;
1025 
1026     if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
1027         btm_sec_save_le_key(p_cb->pairing_bda,
1028                             BTM_LE_KEY_PENC,
1029                             (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
1030 
1031     smp_key_distribution(p_cb, NULL);
1032 }
1033 
1034 /*******************************************************************************
1035 ** Function     smp_proc_enc_info
1036 ** Description  process identity information from peer device
1037 *******************************************************************************/
smp_proc_id_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1038 void smp_proc_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1039 {
1040     UINT8   *p = (UINT8 *)p_data;
1041 
1042     SMP_TRACE_DEBUG("%s", __func__);
1043     STREAM_TO_ARRAY (p_cb->tk, p, BT_OCTET16_LEN);   /* reuse TK for IRK */
1044     smp_key_distribution_by_transport(p_cb, NULL);
1045 }
1046 
1047 /*******************************************************************************
1048 ** Function     smp_proc_id_addr
1049 ** Description  process identity address from peer device
1050 *******************************************************************************/
smp_proc_id_addr(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1051 void smp_proc_id_addr(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1052 {
1053     UINT8   *p = (UINT8 *)p_data;
1054     tBTM_LE_PID_KEYS    pid_key;
1055 
1056     SMP_TRACE_DEBUG("%s", __func__);
1057     smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, TRUE);
1058 
1059     STREAM_TO_UINT8(pid_key.addr_type, p);
1060     STREAM_TO_BDADDR(pid_key.static_addr, p);
1061     memcpy(pid_key.irk, p_cb->tk, BT_OCTET16_LEN);
1062 
1063     /* to use as BD_ADDR for lk derived from ltk */
1064     p_cb->id_addr_rcvd = TRUE;
1065     p_cb->id_addr_type = pid_key.addr_type;
1066     memcpy(p_cb->id_addr, pid_key.static_addr, BD_ADDR_LEN);
1067 
1068     /* store the ID key from peer device */
1069     if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
1070         btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PID,
1071                             (tBTM_LE_KEY_VALUE *)&pid_key, TRUE);
1072     smp_key_distribution_by_transport(p_cb, NULL);
1073 }
1074 
1075 /*******************************************************************************
1076 ** Function     smp_proc_srk_info
1077 ** Description  process security information from peer device
1078 *******************************************************************************/
smp_proc_srk_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1079 void smp_proc_srk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1080 {
1081     tBTM_LE_PCSRK_KEYS   le_key;
1082 
1083     SMP_TRACE_DEBUG("%s", __func__);
1084     smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, TRUE);
1085 
1086     /* save CSRK to security record */
1087     le_key.sec_level = p_cb->sec_level;
1088     memcpy (le_key.csrk, p_data, BT_OCTET16_LEN);   /* get peer CSRK */
1089     le_key.counter = 0; /* initialize the peer counter */
1090 
1091     if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
1092         btm_sec_save_le_key(p_cb->pairing_bda,
1093                             BTM_LE_KEY_PCSRK,
1094                             (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
1095     smp_key_distribution_by_transport(p_cb, NULL);
1096 }
1097 
1098 /*******************************************************************************
1099 ** Function     smp_proc_compare
1100 ** Description  process compare value
1101 *******************************************************************************/
smp_proc_compare(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1102 void smp_proc_compare(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1103 {
1104     UINT8   reason;
1105 
1106     SMP_TRACE_DEBUG("%s", __func__);
1107     if (!memcmp(p_cb->rconfirm, p_data->key.p_data, BT_OCTET16_LEN))
1108     {
1109         /* compare the max encryption key size, and save the smaller one for the link */
1110         if ( p_cb->peer_enc_size < p_cb->loc_enc_size)
1111             p_cb->loc_enc_size = p_cb->peer_enc_size;
1112 
1113         if (p_cb->role == HCI_ROLE_SLAVE)
1114             smp_sm_event(p_cb, SMP_RAND_EVT, NULL);
1115         else
1116         {
1117             /* master device always use received i/r key as keys to distribute */
1118             p_cb->local_i_key = p_cb->peer_i_key;
1119             p_cb->local_r_key = p_cb->peer_r_key;
1120 
1121             smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1122         }
1123 
1124     }
1125     else
1126     {
1127         reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1128         smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1129     }
1130 }
1131 
1132 /*******************************************************************************
1133 ** Function     smp_proc_sl_key
1134 ** Description  process key ready events.
1135 *******************************************************************************/
smp_proc_sl_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1136 void smp_proc_sl_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1137 {
1138     UINT8 key_type = p_data->key.key_type;
1139 
1140     SMP_TRACE_DEBUG("%s", __func__);
1141     if (key_type == SMP_KEY_TYPE_TK)
1142     {
1143         smp_generate_srand_mrand_confirm(p_cb, NULL);
1144     }
1145     else if (key_type == SMP_KEY_TYPE_CFM)
1146     {
1147         smp_set_state(SMP_STATE_WAIT_CONFIRM);
1148 
1149         if (p_cb->flags & SMP_PAIR_FLAGS_CMD_CONFIRM)
1150             smp_sm_event(p_cb, SMP_CONFIRM_EVT, NULL);
1151     }
1152 }
1153 
1154 /*******************************************************************************
1155 ** Function     smp_start_enc
1156 ** Description  start encryption
1157 *******************************************************************************/
smp_start_enc(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1158 void smp_start_enc(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1159 {
1160     tBTM_STATUS cmd;
1161     UINT8 reason = SMP_ENC_FAIL;
1162 
1163     SMP_TRACE_DEBUG("%s", __func__);
1164     if (p_data != NULL)
1165         cmd = btm_ble_start_encrypt(p_cb->pairing_bda, TRUE, p_data->key.p_data);
1166     else
1167         cmd = btm_ble_start_encrypt(p_cb->pairing_bda, FALSE, NULL);
1168 
1169     if (cmd != BTM_CMD_STARTED && cmd != BTM_BUSY)
1170         smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1171 }
1172 
1173 /*******************************************************************************
1174 ** Function     smp_proc_discard
1175 ** Description   processing for discard security request
1176 *******************************************************************************/
smp_proc_discard(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1177 void smp_proc_discard(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1178 {
1179     SMP_TRACE_DEBUG("%s", __func__);
1180     if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD))
1181         smp_reset_control_value(p_cb);
1182 }
1183 
1184 /*******************************************************************************
1185 ** Function     smp_enc_cmpl
1186 ** Description   encryption success
1187 *******************************************************************************/
smp_enc_cmpl(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1188 void smp_enc_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1189 {
1190     UINT8 enc_enable = *(UINT8 *)p_data;
1191     UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1192 
1193     SMP_TRACE_DEBUG("%s", __func__);
1194     smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1195 }
1196 
1197 /*******************************************************************************
1198 ** Function     smp_check_auth_req
1199 ** Description  check authentication request
1200 *******************************************************************************/
smp_check_auth_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1201 void smp_check_auth_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1202 {
1203     UINT8 enc_enable = *(UINT8 *)p_data;
1204     UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1205 
1206     SMP_TRACE_DEBUG("%s rcvs enc_enable=%d i_keys=0x%x r_keys=0x%x "
1207                       "(i-initiator r-responder)",
1208                       __func__, enc_enable, p_cb->local_i_key, p_cb->local_r_key);
1209     if (enc_enable == 1)
1210     {
1211         if (p_cb->le_secure_connections_mode_is_used)
1212         {
1213             /* In LE SC mode LTK is used instead of STK and has to be always saved */
1214             p_cb->local_i_key |= SMP_SEC_KEY_TYPE_ENC;
1215             p_cb->local_r_key |= SMP_SEC_KEY_TYPE_ENC;
1216 
1217            /* In LE SC mode LK is derived from LTK only if both sides request it */
1218            if (!(p_cb->local_i_key & SMP_SEC_KEY_TYPE_LK) ||
1219                !(p_cb->local_r_key & SMP_SEC_KEY_TYPE_LK))
1220             {
1221                 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1222                 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1223             }
1224 
1225             /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
1226             ** Set local_r_key on master to expect only these keys.
1227             */
1228             if (p_cb->role == HCI_ROLE_MASTER)
1229             {
1230                 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
1231             }
1232         }
1233         else
1234         {
1235             /* in legacy mode derivation of BR/EDR LK is not supported */
1236             p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1237             p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1238         }
1239         SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x "
1240                           "(i-initiator r-responder)",
1241                           __func__, p_cb->local_i_key, p_cb->local_r_key);
1242 
1243         if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
1244              (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
1245             (p_cb->local_i_key || p_cb->local_r_key))
1246         {
1247             smp_sm_event(p_cb, SMP_BOND_REQ_EVT, NULL);
1248         }
1249         else
1250             smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1251     }
1252     else if (enc_enable == 0)
1253     {
1254         /* if failed for encryption after pairing, send callback */
1255         if (p_cb->flags & SMP_PAIR_FLAG_ENC_AFTER_PAIR)
1256             smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1257         /* if enc failed for old security information */
1258         /* if master device, clean up and abck to idle; slave device do nothing */
1259         else if (p_cb->role == HCI_ROLE_MASTER)
1260         {
1261             smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1262         }
1263     }
1264 }
1265 
1266 /*******************************************************************************
1267 ** Function     smp_key_pick_key
1268 ** Description  Pick a key distribution function based on the key mask.
1269 *******************************************************************************/
smp_key_pick_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1270 void smp_key_pick_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1271 {
1272     UINT8   key_to_dist = (p_cb->role == HCI_ROLE_SLAVE) ? p_cb->local_r_key : p_cb->local_i_key;
1273     UINT8   i = 0;
1274 
1275     SMP_TRACE_DEBUG("%s key_to_dist=0x%x", __func__, key_to_dist);
1276     while (i < SMP_KEY_DIST_TYPE_MAX)
1277     {
1278         SMP_TRACE_DEBUG("key to send = %02x, i = %d",  key_to_dist, i);
1279 
1280         if (key_to_dist & (1 << i))
1281         {
1282             SMP_TRACE_DEBUG("smp_distribute_act[%d]", i);
1283             (* smp_distribute_act[i])(p_cb, p_data);
1284             break;
1285         }
1286         i ++;
1287     }
1288 }
1289 /*******************************************************************************
1290 ** Function     smp_key_distribution
1291 ** Description  start key distribution if required.
1292 *******************************************************************************/
smp_key_distribution(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1293 void smp_key_distribution(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1294 {
1295     SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x",
1296                       __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
1297 
1298     if (p_cb->role == HCI_ROLE_SLAVE ||
1299        (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER))
1300     {
1301         smp_key_pick_key(p_cb, p_data);
1302     }
1303 
1304     if (!p_cb->local_i_key && !p_cb->local_r_key)
1305     {
1306         /* state check to prevent re-entrant */
1307         if (smp_get_state() == SMP_STATE_BOND_PENDING)
1308         {
1309             if (p_cb->derive_lk)
1310             {
1311                 smp_derive_link_key_from_long_term_key(p_cb, NULL);
1312                 p_cb->derive_lk = FALSE;
1313             }
1314 
1315             if (p_cb->total_tx_unacked == 0)
1316             {
1317                 /*
1318                  * Instead of declaring authorization complete immediately,
1319                  * delay the event from being sent by SMP_DELAYED_AUTH_TIMEOUT_MS.
1320                  * This allows the slave to send over Pairing Failed if the
1321                  * last key is rejected.  During this waiting window, the
1322                  * state should remain in SMP_STATE_BOND_PENDING.
1323                  */
1324                 if (!alarm_is_scheduled(p_cb->delayed_auth_timer_ent)) {
1325                     SMP_TRACE_DEBUG("%s delaying auth complete.", __func__);
1326                     alarm_set_on_queue(p_cb->delayed_auth_timer_ent, SMP_DELAYED_AUTH_TIMEOUT_MS,
1327                                        smp_delayed_auth_complete_timeout, NULL, btu_general_alarm_queue);
1328                 }
1329             } else {
1330                 p_cb->wait_for_authorization_complete = TRUE;
1331             }
1332         }
1333     }
1334 }
1335 
1336 /*******************************************************************************
1337 ** Function         smp_decide_association_model
1338 ** Description      This function is called to select assoc model to be used for
1339 **                  STK generation and to start STK generation process.
1340 **
1341 *******************************************************************************/
smp_decide_association_model(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1342 void smp_decide_association_model(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1343 {
1344     UINT8   failure = SMP_UNKNOWN_IO_CAP;
1345     UINT8 int_evt = 0;
1346     tSMP_KEY key;
1347     tSMP_INT_DATA   *p = NULL;
1348 
1349     SMP_TRACE_DEBUG("%s Association Model = %d", __func__, p_cb->selected_association_model);
1350 
1351     switch (p_cb->selected_association_model)
1352     {
1353         case SMP_MODEL_ENCRYPTION_ONLY:  /* TK = 0, go calculate Confirm */
1354             if (p_cb->role == HCI_ROLE_MASTER &&
1355                 ((p_cb->peer_auth_req & SMP_AUTH_YN_BIT) != 0) &&
1356                 ((p_cb->loc_auth_req & SMP_AUTH_YN_BIT) == 0))
1357             {
1358                 SMP_TRACE_ERROR ("IO capability does not meet authentication requirement");
1359                 failure = SMP_PAIR_AUTH_FAIL;
1360                 p = (tSMP_INT_DATA *)&failure;
1361                 int_evt = SMP_AUTH_CMPL_EVT;
1362             }
1363             else
1364             {
1365                 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1366                 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level );
1367 
1368                 key.key_type = SMP_KEY_TYPE_TK;
1369                 key.p_data = p_cb->tk;
1370                 p = (tSMP_INT_DATA *)&key;
1371 
1372                 memset(p_cb->tk, 0, BT_OCTET16_LEN);
1373                 /* TK, ready  */
1374                 int_evt = SMP_KEY_READY_EVT;
1375             }
1376             break;
1377 
1378         case SMP_MODEL_PASSKEY:
1379             p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1380             SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1381 
1382             p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1383             int_evt = SMP_TK_REQ_EVT;
1384             break;
1385 
1386         case SMP_MODEL_OOB:
1387             SMP_TRACE_ERROR ("Association Model = SMP_MODEL_OOB");
1388             p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1389             SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1390 
1391             p_cb->cb_evt = SMP_OOB_REQ_EVT;
1392             int_evt = SMP_TK_REQ_EVT;
1393             break;
1394 
1395         case SMP_MODEL_KEY_NOTIF:
1396             p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1397             SMP_TRACE_DEBUG("Need to generate Passkey");
1398 
1399             /* generate passkey and notify application */
1400             smp_generate_passkey(p_cb, NULL);
1401             break;
1402 
1403         case SMP_MODEL_SEC_CONN_JUSTWORKS:
1404         case SMP_MODEL_SEC_CONN_NUM_COMP:
1405         case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1406         case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1407         case SMP_MODEL_SEC_CONN_OOB:
1408             int_evt = SMP_PUBL_KEY_EXCH_REQ_EVT;
1409             break;
1410 
1411         case SMP_MODEL_OUT_OF_RANGE:
1412             SMP_TRACE_ERROR("Association Model = SMP_MODEL_OUT_OF_RANGE (failed)");
1413             p = (tSMP_INT_DATA *)&failure;
1414             int_evt = SMP_AUTH_CMPL_EVT;
1415             break;
1416 
1417         default:
1418             SMP_TRACE_ERROR("Association Model = %d (SOMETHING IS WRONG WITH THE CODE)",
1419                              p_cb->selected_association_model);
1420             p = (tSMP_INT_DATA *)&failure;
1421             int_evt = SMP_AUTH_CMPL_EVT;
1422     }
1423 
1424     SMP_TRACE_EVENT ("sec_level=%d ", p_cb->sec_level );
1425     if (int_evt)
1426         smp_sm_event(p_cb, int_evt, p);
1427 }
1428 
1429 /*******************************************************************************
1430 ** Function     smp_process_io_response
1431 ** Description  process IO response for a slave device.
1432 *******************************************************************************/
smp_process_io_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1433 void smp_process_io_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1434 {
1435     uint8_t reason = SMP_PAIR_AUTH_FAIL;
1436 
1437     SMP_TRACE_DEBUG("%s", __func__);
1438     if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)
1439     {
1440         /* pairing started by local (slave) Security Request */
1441         smp_set_state(SMP_STATE_SEC_REQ_PENDING);
1442         smp_send_cmd(SMP_OPCODE_SEC_REQ, p_cb);
1443     }
1444     else /* plan to send pairing respond */
1445     {
1446         /* pairing started by peer (master) Pairing Request */
1447         p_cb->selected_association_model = smp_select_association_model(p_cb);
1448 
1449         if (p_cb->secure_connections_only_mode_required &&
1450             (!(p_cb->le_secure_connections_mode_is_used) ||
1451             (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
1452         {
1453             SMP_TRACE_ERROR ("Slave requires secure connection only mode \
1454                               but it can't be provided -> Slave fails pairing");
1455             smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1456             return;
1457         }
1458 
1459         if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
1460         {
1461             if (smp_request_oob_data(p_cb)) return;
1462         }
1463 
1464         // PTS Testing failure modes
1465         if (pts_test_send_authentication_complete_failure(p_cb))
1466             return;
1467 
1468         smp_send_pair_rsp(p_cb, NULL);
1469     }
1470 }
1471 
1472 /*******************************************************************************
1473 ** Function     smp_br_process_slave_keys_response
1474 ** Description  process application keys response for a slave device
1475 **              (BR/EDR transport).
1476 *******************************************************************************/
smp_br_process_slave_keys_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1477 void smp_br_process_slave_keys_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1478 {
1479     smp_br_send_pair_response(p_cb, NULL);
1480 }
1481 
1482 /*******************************************************************************
1483 ** Function     smp_br_send_pair_response
1484 ** Description  actions related to sending pairing response over BR/EDR transport.
1485 *******************************************************************************/
smp_br_send_pair_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1486 void smp_br_send_pair_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1487 {
1488     SMP_TRACE_DEBUG("%s", __func__);
1489 
1490     p_cb->local_i_key &= p_cb->peer_i_key;
1491     p_cb->local_r_key &= p_cb->peer_r_key;
1492 
1493     smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb);
1494 }
1495 
1496 /*******************************************************************************
1497 ** Function         smp_pairing_cmpl
1498 ** Description      This function is called to send the pairing complete callback
1499 **                  and remove the connection if needed.
1500 *******************************************************************************/
smp_pairing_cmpl(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1501 void smp_pairing_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1502 {
1503     if (p_cb->total_tx_unacked == 0)
1504     {
1505         /* update connection parameter to remote preferred */
1506         L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, TRUE);
1507         /* process the pairing complete */
1508         smp_proc_pairing_cmpl(p_cb);
1509     }
1510 }
1511 
1512 /*******************************************************************************
1513 ** Function         smp_pair_terminate
1514 ** Description      This function is called to send the pairing complete callback
1515 **                  and remove the connection if needed.
1516 *******************************************************************************/
smp_pair_terminate(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1517 void smp_pair_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1518 {
1519     SMP_TRACE_DEBUG("%s", __func__);
1520     p_cb->status = SMP_CONN_TOUT;
1521     smp_proc_pairing_cmpl(p_cb);
1522 }
1523 
1524 /*******************************************************************************
1525 ** Function         smp_idle_terminate
1526 ** Description      This function calledin idle state to determine to send authentication
1527 **                  complete or not.
1528 *******************************************************************************/
smp_idle_terminate(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1529 void smp_idle_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1530 {
1531     if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)
1532     {
1533         SMP_TRACE_DEBUG("Pairing terminated at IDLE state.");
1534         p_cb->status = SMP_FAIL;
1535         smp_proc_pairing_cmpl(p_cb);
1536     }
1537 }
1538 
1539 /*******************************************************************************
1540 ** Function     smp_fast_conn_param
1541 ** Description  apply default connection parameter for pairing process
1542 *******************************************************************************/
smp_fast_conn_param(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1543 void smp_fast_conn_param(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1544 {
1545     /* disable connection parameter update */
1546     L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, FALSE);
1547 }
1548 
1549 /*******************************************************************************
1550 ** Function     smp_both_have_public_keys
1551 ** Description  The function is called when both local and peer public keys are
1552 **              saved.
1553 **              Actions:
1554 **              - invokes DHKey computation;
1555 **              - on slave side invokes sending local public key to the peer.
1556 **              - invokes SC phase 1 process.
1557 *******************************************************************************/
smp_both_have_public_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1558 void smp_both_have_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1559 {
1560     SMP_TRACE_DEBUG("%s",__func__);
1561 
1562     /* invokes DHKey computation */
1563     smp_compute_dhkey(p_cb);
1564 
1565     /* on slave side invokes sending local public key to the peer */
1566     if (p_cb->role == HCI_ROLE_SLAVE)
1567         smp_send_pair_public_key(p_cb, NULL);
1568 
1569     smp_sm_event(p_cb, SMP_SC_DHKEY_CMPLT_EVT, NULL);
1570 }
1571 
1572 /*******************************************************************************
1573 ** Function     smp_start_secure_connection_phase1
1574 ** Description  The function starts Secure Connection phase1 i.e. invokes initialization of Secure Connection
1575 **              phase 1 parameters and starts building/sending to the peer
1576 **              messages appropriate for the role and association model.
1577 *******************************************************************************/
smp_start_secure_connection_phase1(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1578 void smp_start_secure_connection_phase1(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1579 {
1580     SMP_TRACE_DEBUG("%s", __func__);
1581 
1582     if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)
1583     {
1584         p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1585         SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level );
1586     }
1587     else
1588     {
1589         p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1590         SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1591     }
1592 
1593     switch(p_cb->selected_association_model)
1594     {
1595         case SMP_MODEL_SEC_CONN_JUSTWORKS:
1596         case SMP_MODEL_SEC_CONN_NUM_COMP:
1597             memset(p_cb->local_random, 0, BT_OCTET16_LEN);
1598             smp_start_nonce_generation(p_cb);
1599             break;
1600         case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1601             /* user has to provide passkey */
1602             p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1603             smp_sm_event(p_cb, SMP_TK_REQ_EVT, NULL);
1604             break;
1605         case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1606             /* passkey has to be provided to user */
1607             SMP_TRACE_DEBUG("Need to generate SC Passkey");
1608             smp_generate_passkey(p_cb, NULL);
1609             break;
1610         case SMP_MODEL_SEC_CONN_OOB:
1611             /* use the available OOB information */
1612             smp_process_secure_connection_oob_data(p_cb, NULL);
1613             break;
1614         default:
1615             SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1616                               p_cb->selected_association_model);
1617             break;
1618     }
1619 }
1620 
1621 /*******************************************************************************
1622 ** Function     smp_process_local_nonce
1623 ** Description  The function processes new local nonce.
1624 **
1625 ** Note         It is supposed to be called in SC phase1.
1626 *******************************************************************************/
smp_process_local_nonce(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1627 void smp_process_local_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1628 {
1629     SMP_TRACE_DEBUG("%s", __func__);
1630 
1631     switch(p_cb->selected_association_model)
1632     {
1633         case SMP_MODEL_SEC_CONN_JUSTWORKS:
1634         case SMP_MODEL_SEC_CONN_NUM_COMP:
1635             if (p_cb->role == HCI_ROLE_SLAVE)
1636             {
1637                 /* slave calculates and sends local commitment */
1638                 smp_calculate_local_commitment(p_cb);
1639                 smp_send_commitment(p_cb, NULL);
1640                 /* slave has to wait for peer nonce */
1641                 smp_set_state(SMP_STATE_WAIT_NONCE);
1642             }
1643             else    /* i.e. master */
1644             {
1645                 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM)
1646                 {
1647                     /* slave commitment is already received, send local nonce, wait for remote nonce*/
1648                     SMP_TRACE_DEBUG("master in assoc mode = %d \
1649                     already rcvd slave commitment - race condition",
1650                                       p_cb->selected_association_model);
1651                     p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1652                     smp_send_rand(p_cb, NULL);
1653                     smp_set_state(SMP_STATE_WAIT_NONCE);
1654                 }
1655             }
1656             break;
1657         case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1658         case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1659             smp_calculate_local_commitment(p_cb);
1660 
1661             if (p_cb->role == HCI_ROLE_MASTER)
1662             {
1663                 smp_send_commitment(p_cb, NULL);
1664             }
1665             else    /* slave */
1666             {
1667                 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM)
1668                 {
1669                     /* master commitment is already received */
1670                     smp_send_commitment(p_cb, NULL);
1671                     smp_set_state(SMP_STATE_WAIT_NONCE);
1672                 }
1673             }
1674             break;
1675         case SMP_MODEL_SEC_CONN_OOB:
1676             if (p_cb->role == HCI_ROLE_MASTER)
1677             {
1678                 smp_send_rand(p_cb, NULL);
1679             }
1680 
1681             smp_set_state(SMP_STATE_WAIT_NONCE);
1682             break;
1683         default:
1684             SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1685                               p_cb->selected_association_model);
1686             break;
1687     }
1688 }
1689 
1690 /*******************************************************************************
1691 ** Function     smp_process_peer_nonce
1692 ** Description  The function processes newly received and saved in CB peer nonce.
1693 **              The actions depend on the selected association model and the role.
1694 **
1695 ** Note         It is supposed to be called in SC phase1.
1696 *******************************************************************************/
smp_process_peer_nonce(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1697 void smp_process_peer_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1698 {
1699     UINT8   reason;
1700 
1701     SMP_TRACE_DEBUG("%s start ", __func__);
1702 
1703     // PTS Testing failure modes
1704     if (p_cb->cert_failure == 1) {
1705         SMP_TRACE_ERROR("%s failure case = %d", __func__, p_cb->cert_failure);
1706         reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1707         smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1708         return;
1709     }
1710 
1711     switch(p_cb->selected_association_model)
1712     {
1713         case SMP_MODEL_SEC_CONN_JUSTWORKS:
1714         case SMP_MODEL_SEC_CONN_NUM_COMP:
1715             /* in these models only master receives commitment */
1716             if (p_cb->role == HCI_ROLE_MASTER)
1717             {
1718                 if (!smp_check_commitment(p_cb))
1719                 {
1720                     reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1721                     smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1722                     break;
1723                 }
1724             }
1725             else
1726             {
1727                 /* slave sends local nonce */
1728                 smp_send_rand(p_cb, NULL);
1729             }
1730 
1731             if(p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)
1732             {
1733                 /* go directly to phase 2 */
1734                 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1735             }
1736             else    /* numeric comparison */
1737             {
1738                 smp_set_state(SMP_STATE_WAIT_NONCE);
1739                 smp_sm_event(p_cb, SMP_SC_CALC_NC_EVT, NULL);
1740             }
1741             break;
1742         case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1743         case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1744             if (!smp_check_commitment(p_cb) && p_cb->cert_failure != 9)
1745             {
1746                 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1747                 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1748                 break;
1749             }
1750 
1751             if (p_cb->role == HCI_ROLE_SLAVE)
1752             {
1753                 smp_send_rand(p_cb, NULL);
1754             }
1755 
1756             if (++p_cb->round < 20)
1757             {
1758                 smp_set_state(SMP_STATE_SEC_CONN_PHS1_START);
1759                 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1760                 smp_start_nonce_generation(p_cb);
1761                 break;
1762             }
1763 
1764             smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1765             break;
1766         case SMP_MODEL_SEC_CONN_OOB:
1767             if (p_cb->role == HCI_ROLE_SLAVE)
1768             {
1769                 smp_send_rand(p_cb, NULL);
1770             }
1771 
1772             smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1773             break;
1774         default:
1775             SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1776                               p_cb->selected_association_model);
1777             break;
1778     }
1779 
1780     SMP_TRACE_DEBUG("%s end ",__FUNCTION__);
1781 }
1782 
1783 /*******************************************************************************
1784 ** Function     smp_match_dhkey_checks
1785 ** Description  checks if the calculated peer DHKey Check value is the same as
1786 **              received from the peer DHKey check value.
1787 *******************************************************************************/
smp_match_dhkey_checks(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1788 void smp_match_dhkey_checks(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1789 {
1790     UINT8 reason = SMP_DHKEY_CHK_FAIL;
1791 
1792     SMP_TRACE_DEBUG("%s", __func__);
1793 
1794     if (memcmp(p_data->key.p_data, p_cb->remote_dhkey_check, BT_OCTET16_LEN))
1795     {
1796         SMP_TRACE_WARNING ("dhkey chcks do no match");
1797         p_cb->failure = reason;
1798         smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1799         return;
1800     }
1801 
1802     SMP_TRACE_EVENT ("dhkey chcks match");
1803 
1804     /* compare the max encryption key size, and save the smaller one for the link */
1805     if (p_cb->peer_enc_size < p_cb->loc_enc_size)
1806         p_cb->loc_enc_size = p_cb->peer_enc_size;
1807 
1808     if (p_cb->role == HCI_ROLE_SLAVE)
1809     {
1810         smp_sm_event(p_cb, SMP_PAIR_DHKEY_CHCK_EVT, NULL);
1811     }
1812     else
1813     {
1814         /* master device always use received i/r key as keys to distribute */
1815         p_cb->local_i_key = p_cb->peer_i_key;
1816         p_cb->local_r_key = p_cb->peer_r_key;
1817         smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1818     }
1819 }
1820 
1821 /*******************************************************************************
1822 ** Function     smp_move_to_secure_connections_phase2
1823 ** Description  Signal State Machine to start SC phase 2 initialization (to
1824 **              compute local DHKey Check value).
1825 **
1826 ** Note         SM is supposed to be in the state SMP_STATE_SEC_CONN_PHS2_START.
1827 *******************************************************************************/
smp_move_to_secure_connections_phase2(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1828 void smp_move_to_secure_connections_phase2(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1829 {
1830     SMP_TRACE_DEBUG("%s",__func__);
1831     smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1832 }
1833 
1834 /*******************************************************************************
1835 ** Function     smp_phase_2_dhkey_checks_are_present
1836 ** Description  generates event if dhkey check from the peer is already received.
1837 **
1838 ** Note         It is supposed to be used on slave to prevent race condition.
1839 **              It is supposed to be called after slave dhkey check is calculated.
1840 *******************************************************************************/
smp_phase_2_dhkey_checks_are_present(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1841 void smp_phase_2_dhkey_checks_are_present(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1842 {
1843     SMP_TRACE_DEBUG("%s",__func__);
1844 
1845     if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK)
1846         smp_sm_event(p_cb, SMP_SC_2_DHCK_CHKS_PRES_EVT, NULL);
1847 }
1848 
1849 /*******************************************************************************
1850 ** Function     smp_wait_for_both_public_keys
1851 ** Description  generates SMP_BOTH_PUBL_KEYS_RCVD_EVT event when both local and master
1852 **              public keys are available.
1853 **
1854 ** Note         on the slave it is used to prevent race condition.
1855 **
1856 *******************************************************************************/
smp_wait_for_both_public_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1857 void smp_wait_for_both_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1858 {
1859     SMP_TRACE_DEBUG("%s",__func__);
1860 
1861     if ((p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY) &&
1862         (p_cb->flags & SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY))
1863     {
1864         if ((p_cb->role == HCI_ROLE_SLAVE) &&
1865             ((p_cb->req_oob_type == SMP_OOB_LOCAL) || (p_cb->req_oob_type == SMP_OOB_BOTH)))
1866         {
1867             smp_set_state(SMP_STATE_PUBLIC_KEY_EXCH);
1868         }
1869         smp_sm_event(p_cb, SMP_BOTH_PUBL_KEYS_RCVD_EVT, NULL);
1870     }
1871 }
1872 
1873 /*******************************************************************************
1874 ** Function     smp_start_passkey_verification
1875 ** Description  Starts SC passkey entry verification.
1876 *******************************************************************************/
smp_start_passkey_verification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1877 void smp_start_passkey_verification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1878 {
1879     UINT8 *p = NULL;
1880 
1881     SMP_TRACE_DEBUG("%s", __func__);
1882     p = p_cb->local_random;
1883     UINT32_TO_STREAM(p, p_data->passkey);
1884 
1885     p = p_cb->peer_random;
1886     UINT32_TO_STREAM(p, p_data->passkey);
1887 
1888     p_cb->round = 0;
1889     smp_start_nonce_generation(p_cb);
1890 }
1891 
1892 /*******************************************************************************
1893 ** Function     smp_process_secure_connection_oob_data
1894 ** Description  Processes local/peer SC OOB data received from somewhere.
1895 *******************************************************************************/
smp_process_secure_connection_oob_data(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1896 void smp_process_secure_connection_oob_data(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1897 {
1898     SMP_TRACE_DEBUG("%s", __func__);
1899 
1900     tSMP_SC_OOB_DATA *p_sc_oob_data = &p_cb->sc_oob_data;
1901     if (p_sc_oob_data->loc_oob_data.present)
1902     {
1903         memcpy(p_cb->local_random, p_sc_oob_data->loc_oob_data.randomizer,
1904                sizeof(p_cb->local_random));
1905     }
1906     else
1907     {
1908         SMP_TRACE_EVENT ("local OOB randomizer is absent");
1909         memset(p_cb->local_random, 0, sizeof (p_cb->local_random));
1910     }
1911 
1912     if (!p_sc_oob_data->peer_oob_data.present)
1913     {
1914         SMP_TRACE_EVENT ("peer OOB data is absent");
1915         memset(p_cb->peer_random, 0, sizeof (p_cb->peer_random));
1916     }
1917     else
1918     {
1919         memcpy(p_cb->peer_random, p_sc_oob_data->peer_oob_data.randomizer,
1920                sizeof(p_cb->peer_random));
1921         memcpy(p_cb->remote_commitment, p_sc_oob_data->peer_oob_data.commitment,
1922                sizeof(p_cb->remote_commitment));
1923 
1924         UINT8 reason = SMP_CONFIRM_VALUE_ERR;
1925         /* check commitment */
1926         if (!smp_check_commitment(p_cb))
1927         {
1928             p_cb->failure = reason;
1929             smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1930             return;
1931         }
1932 
1933         if (p_cb->peer_oob_flag != SMP_OOB_PRESENT)
1934         {
1935             /* the peer doesn't have local randomiser */
1936             SMP_TRACE_EVENT ("peer didn't receive local OOB data, set local randomizer to 0");
1937             memset(p_cb->local_random, 0, sizeof (p_cb->local_random));
1938         }
1939     }
1940 
1941     print128(p_cb->local_random, (const UINT8 *)"local OOB randomizer");
1942     print128(p_cb->peer_random, (const UINT8 *)"peer OOB randomizer");
1943     smp_start_nonce_generation(p_cb);
1944 }
1945 
1946 /*******************************************************************************
1947 ** Function     smp_set_local_oob_keys
1948 ** Description  Saves calculated private/public keys in sc_oob_data.loc_oob_data,
1949 **              starts nonce generation
1950 **              (to be saved in sc_oob_data.loc_oob_data.randomizer).
1951 *******************************************************************************/
smp_set_local_oob_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1952 void smp_set_local_oob_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1953 {
1954     SMP_TRACE_DEBUG("%s", __func__);
1955 
1956     memcpy(p_cb->sc_oob_data.loc_oob_data.private_key_used, p_cb->private_key,
1957            BT_OCTET32_LEN);
1958     p_cb->sc_oob_data.loc_oob_data.publ_key_used = p_cb->loc_publ_key;
1959     smp_start_nonce_generation(p_cb);
1960 }
1961 
1962 /*******************************************************************************
1963 ** Function     smp_set_local_oob_random_commitment
1964 ** Description  Saves calculated randomizer and commitment in sc_oob_data.loc_oob_data,
1965 **              passes sc_oob_data.loc_oob_data up for safekeeping.
1966 *******************************************************************************/
smp_set_local_oob_random_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1967 void smp_set_local_oob_random_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1968 {
1969     SMP_TRACE_DEBUG("%s", __func__);
1970     memcpy(p_cb->sc_oob_data.loc_oob_data.randomizer, p_cb->rand,
1971            BT_OCTET16_LEN);
1972 
1973     smp_calculate_f4(p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1974                      p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1975                      p_cb->sc_oob_data.loc_oob_data.randomizer, 0,
1976                      p_cb->sc_oob_data.loc_oob_data.commitment);
1977 
1978 #if SMP_DEBUG == TRUE
1979     UINT8   *p_print = NULL;
1980     SMP_TRACE_DEBUG("local SC OOB data set:");
1981     p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.addr_sent_to;
1982     smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"addr_sent_to",
1983                                          sizeof(tBLE_BD_ADDR));
1984     p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.private_key_used;
1985     smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"private_key_used",
1986                                          BT_OCTET32_LEN);
1987     p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.x;
1988     smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.x",
1989                                          BT_OCTET32_LEN);
1990     p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.y;
1991     smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.y",
1992                                          BT_OCTET32_LEN);
1993     p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.randomizer;
1994     smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"randomizer",
1995                                          BT_OCTET16_LEN);
1996     p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.commitment;
1997     smp_debug_print_nbyte_little_endian (p_print,(const UINT8 *) "commitment",
1998                                          BT_OCTET16_LEN);
1999     SMP_TRACE_DEBUG("");
2000 #endif
2001 
2002     /* pass created OOB data up */
2003     p_cb->cb_evt = SMP_SC_LOC_OOB_DATA_UP_EVT;
2004     smp_send_app_cback(p_cb, NULL);
2005 
2006     smp_cb_cleanup(p_cb);
2007 }
2008 
2009 /*******************************************************************************
2010 **
2011 ** Function         smp_link_encrypted
2012 **
2013 ** Description      This function is called when link is encrypted and notified to
2014 **                  slave device. Proceed to to send LTK, DIV and ER to master if
2015 **                  bonding the devices.
2016 **
2017 **
2018 ** Returns          void
2019 **
2020 *******************************************************************************/
smp_link_encrypted(BD_ADDR bda,UINT8 encr_enable)2021 void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable)
2022 {
2023     tSMP_CB *p_cb = &smp_cb;
2024 
2025     SMP_TRACE_DEBUG("%s encr_enable=%d", __func__, encr_enable);
2026 
2027     if (memcmp(&smp_cb.pairing_bda[0], bda, BD_ADDR_LEN) == 0)
2028     {
2029         /* encryption completed with STK, remmeber the key size now, could be overwite
2030         *  when key exchange happens                                        */
2031         if (p_cb->loc_enc_size != 0 && encr_enable)
2032         {
2033             /* update the link encryption key size if a SMP pairing just performed */
2034             btm_ble_update_sec_key_size(bda, p_cb->loc_enc_size);
2035         }
2036 
2037         smp_sm_event(&smp_cb, SMP_ENCRYPTED_EVT, &encr_enable);
2038     }
2039 }
2040 
2041 /*******************************************************************************
2042 **
2043 ** Function         smp_proc_ltk_request
2044 **
2045 ** Description      This function is called when LTK request is received from
2046 **                  controller.
2047 **
2048 ** Returns          void
2049 **
2050 *******************************************************************************/
smp_proc_ltk_request(BD_ADDR bda)2051 BOOLEAN smp_proc_ltk_request(BD_ADDR bda)
2052 {
2053     SMP_TRACE_DEBUG("%s state = %d",  __func__, smp_cb.state);
2054     BOOLEAN match = FALSE;
2055 
2056     if (!memcmp(bda, smp_cb.pairing_bda, BD_ADDR_LEN))
2057     {
2058         match = TRUE;
2059     } else {
2060         BD_ADDR dummy_bda = {0};
2061         tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bda);
2062         if (p_dev_rec != NULL &&
2063             0 == memcmp(p_dev_rec->ble.pseudo_addr, smp_cb.pairing_bda, BD_ADDR_LEN) &&
2064             0 != memcmp(p_dev_rec->ble.pseudo_addr, dummy_bda, BD_ADDR_LEN))
2065         {
2066             match = TRUE;
2067         }
2068     }
2069 
2070     if (match && smp_cb.state == SMP_STATE_ENCRYPTION_PENDING)
2071     {
2072         smp_sm_event(&smp_cb, SMP_ENC_REQ_EVT, NULL);
2073         return TRUE;
2074     }
2075 
2076     return FALSE;
2077 }
2078 
2079 /*******************************************************************************
2080 **
2081 ** Function         smp_process_secure_connection_long_term_key
2082 **
2083 ** Description      This function is called to process SC LTK.
2084 **                  SC LTK is calculated and used instead of STK.
2085 **                  Here SC LTK is saved in BLE DB.
2086 **
2087 ** Returns          void
2088 **
2089 *******************************************************************************/
smp_process_secure_connection_long_term_key(void)2090 void smp_process_secure_connection_long_term_key(void)
2091 {
2092     tSMP_CB     *p_cb = &smp_cb;
2093 
2094     SMP_TRACE_DEBUG("%s", __func__);
2095     smp_save_secure_connections_long_term_key(p_cb);
2096 
2097     smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
2098     smp_key_distribution(p_cb, NULL);
2099 }
2100 
2101 /*******************************************************************************
2102 **
2103 ** Function         smp_set_derive_link_key
2104 **
2105 ** Description      This function is called to set flag that indicates that
2106 **                  BR/EDR LK has to be derived from LTK after all keys are
2107 **                  distributed.
2108 **
2109 ** Returns          void
2110 **
2111 *******************************************************************************/
smp_set_derive_link_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2112 void smp_set_derive_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2113 {
2114     SMP_TRACE_DEBUG ("%s", __func__);
2115     p_cb->derive_lk = TRUE;
2116     smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_LK, FALSE);
2117     smp_key_distribution(p_cb, NULL);
2118 }
2119 
2120 /*******************************************************************************
2121 **
2122 ** Function         smp_derive_link_key_from_long_term_key
2123 **
2124 ** Description      This function is called to derive BR/EDR LK from LTK.
2125 **
2126 ** Returns          void
2127 **
2128 *******************************************************************************/
smp_derive_link_key_from_long_term_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2129 void smp_derive_link_key_from_long_term_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2130 {
2131     tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
2132 
2133     SMP_TRACE_DEBUG("%s", __func__);
2134     if (!smp_calculate_link_key_from_long_term_key(p_cb))
2135     {
2136         SMP_TRACE_ERROR("%s failed", __FUNCTION__);
2137         smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
2138         return;
2139     }
2140 }
2141 
2142 /*******************************************************************************
2143 **
2144 ** Function         smp_br_process_link_key
2145 **
2146 ** Description      This function is called to process BR/EDR LK:
2147 **                  - to derive SMP LTK from BR/EDR LK;
2148 *8                  - to save SMP LTK.
2149 **
2150 ** Returns          void
2151 **
2152 *******************************************************************************/
smp_br_process_link_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2153 void smp_br_process_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2154 {
2155     tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
2156 
2157     SMP_TRACE_DEBUG("%s", __func__);
2158     if (!smp_calculate_long_term_key_from_link_key(p_cb))
2159     {
2160         SMP_TRACE_ERROR ("%s failed",__FUNCTION__);
2161         smp_sm_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &status);
2162         return;
2163     }
2164 
2165     SMP_TRACE_DEBUG("%s: LTK derivation from LK successfully completed", __FUNCTION__);
2166     smp_save_secure_connections_long_term_key(p_cb);
2167     smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
2168     smp_br_select_next_key(p_cb, NULL);
2169 }
2170 
2171 /*******************************************************************************
2172 ** Function     smp_key_distribution_by_transport
2173 ** Description  depending on the transport used at the moment calls either
2174 **              smp_key_distribution(...) or smp_br_key_distribution(...).
2175 *******************************************************************************/
smp_key_distribution_by_transport(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2176 void smp_key_distribution_by_transport(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2177 {
2178     SMP_TRACE_DEBUG("%s", __func__);
2179     if (p_cb->smp_over_br)
2180     {
2181         smp_br_select_next_key(p_cb, NULL);
2182     }
2183     else
2184     {
2185         smp_key_distribution(p_cb, NULL);
2186     }
2187 }
2188 
2189 /*******************************************************************************
2190 ** Function         smp_br_pairing_complete
2191 ** Description      This function is called to send the pairing complete callback
2192 **                  and remove the connection if needed.
2193 *******************************************************************************/
smp_br_pairing_complete(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2194 void smp_br_pairing_complete(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2195 {
2196     SMP_TRACE_DEBUG("%s", __func__);
2197 
2198     if (p_cb->total_tx_unacked == 0)
2199     {
2200         /* process the pairing complete */
2201         smp_proc_pairing_cmpl(p_cb);
2202     }
2203 }
2204 
2205 #endif
2206