1 /******************************************************************************
2 *
3 * Copyright (C) 2003-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 #include <string.h>
20 #include "device/include/interop.h"
21 #include "include/bt_target.h"
22 #include "stack/btm/btm_int.h"
23 #include "stack/include/l2c_api.h"
24 #include "stack/smp/smp_int.h"
25 #include "utils/include/bt_utils.h"
26
27 extern fixed_queue_t *btu_general_alarm_queue;
28
29 #if SMP_INCLUDED == TRUE
30 const UINT8 smp_association_table[2][SMP_IO_CAP_MAX][SMP_IO_CAP_MAX] =
31 {
32 /* initiator */
33 {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* Display Only */
34 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* SMP_CAP_IO = 1 */
35 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* keyboard only */
36 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */
37 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}}, /* keyboard display */
38 /* responder */
39 {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* Display Only */
40 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* SMP_CAP_IO = 1 */
41 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* keyboard only */
42 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */
43 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}} /* keyboard display */
44 /* display only */ /*SMP_CAP_IO = 1 */ /* keyboard only */ /* No InputOutput */ /* keyboard display */
45 };
46
47 #define SMP_KEY_DIST_TYPE_MAX 4
48 const tSMP_ACT smp_distribute_act [] =
49 {
50 smp_generate_ltk,
51 smp_send_id_info,
52 smp_generate_csrk,
53 smp_set_derive_link_key
54 };
55
lmp_version_below(BD_ADDR bda,uint8_t version)56 static bool lmp_version_below(BD_ADDR bda, uint8_t version)
57 {
58 tACL_CONN *acl = btm_bda_to_acl(bda, BT_TRANSPORT_LE);
59 if (acl == NULL || acl->lmp_version == 0)
60 {
61 SMP_TRACE_WARNING("%s cannot retrieve LMP version...", __func__);
62 return false;
63 }
64 SMP_TRACE_WARNING("%s LMP version %d < %d", __func__, acl->lmp_version, version);
65 return acl->lmp_version < version;
66 }
67
pts_test_send_authentication_complete_failure(tSMP_CB * p_cb)68 static bool pts_test_send_authentication_complete_failure(tSMP_CB *p_cb)
69 {
70 uint8_t reason = 0;
71
72 if (p_cb->cert_failure < 2 || p_cb->cert_failure > 6)
73 return false;
74
75 SMP_TRACE_ERROR("%s failure case = %d", __func__, p_cb->cert_failure);
76
77 switch (p_cb->cert_failure)
78 {
79 case 2:
80 reason = SMP_PAIR_AUTH_FAIL;
81 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
82 break;
83 case 3:
84 reason = SMP_PAIR_FAIL_UNKNOWN;
85 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
86 break;
87 case 4:
88 reason = SMP_PAIR_NOT_SUPPORT;
89 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
90 break;
91 case 5:
92 reason = SMP_PASSKEY_ENTRY_FAIL;
93 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
94 break;
95 case 6:
96 reason = SMP_REPEATED_ATTEMPTS;
97 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
98 break;
99 }
100
101 return true;;
102 }
103
104 /*******************************************************************************
105 ** Function smp_update_key_mask
106 ** Description This function updates the key mask for sending or receiving.
107 *******************************************************************************/
smp_update_key_mask(tSMP_CB * p_cb,UINT8 key_type,BOOLEAN recv)108 static void smp_update_key_mask (tSMP_CB *p_cb, UINT8 key_type, BOOLEAN recv)
109 {
110 SMP_TRACE_DEBUG("%s before update role=%d recv=%d local_i_key = %02x, local_r_key = %02x",
111 __func__, p_cb->role, recv, p_cb->local_i_key, p_cb->local_r_key);
112
113 if (((p_cb->le_secure_connections_mode_is_used) ||
114 (p_cb->smp_over_br)) &&
115 ((key_type == SMP_SEC_KEY_TYPE_ENC) || (key_type == SMP_SEC_KEY_TYPE_LK)))
116 {
117 /* in LE SC mode LTK, CSRK and BR/EDR LK are derived locally instead of
118 ** being exchanged with the peer */
119 p_cb->local_i_key &= ~key_type;
120 p_cb->local_r_key &= ~key_type;
121 }
122 else
123 if (p_cb->role == HCI_ROLE_SLAVE)
124 {
125 if (recv)
126 p_cb->local_i_key &= ~key_type;
127 else
128 p_cb->local_r_key &= ~key_type;
129 }
130 else
131 {
132 if (recv)
133 p_cb->local_r_key &= ~key_type;
134 else
135 p_cb->local_i_key &= ~key_type;
136 }
137
138 SMP_TRACE_DEBUG("updated local_i_key = %02x, local_r_key = %02x", p_cb->local_i_key,
139 p_cb->local_r_key);
140 }
141
142 /*******************************************************************************
143 ** Function smp_send_app_cback
144 ** Description notifies application about the events the application is interested in
145 *******************************************************************************/
smp_send_app_cback(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)146 void smp_send_app_cback(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
147 {
148 tSMP_EVT_DATA cb_data;
149 tSMP_STATUS callback_rc;
150 SMP_TRACE_DEBUG("%s p_cb->cb_evt=%d", __func__, p_cb->cb_evt);
151 if (p_cb->p_callback && p_cb->cb_evt != 0)
152 {
153 switch (p_cb->cb_evt)
154 {
155 case SMP_IO_CAP_REQ_EVT:
156 cb_data.io_req.auth_req = p_cb->peer_auth_req;
157 cb_data.io_req.oob_data = SMP_OOB_NONE;
158 cb_data.io_req.io_cap = SMP_DEFAULT_IO_CAPS;
159 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
160 cb_data.io_req.init_keys = p_cb->local_i_key ;
161 cb_data.io_req.resp_keys = p_cb->local_r_key ;
162 SMP_TRACE_WARNING ( "io_cap = %d",cb_data.io_req.io_cap);
163 break;
164
165 case SMP_NC_REQ_EVT:
166 cb_data.passkey = p_data->passkey;
167 break;
168 case SMP_SC_OOB_REQ_EVT:
169 cb_data.req_oob_type = p_data->req_oob_type;
170 break;
171 case SMP_SC_LOC_OOB_DATA_UP_EVT:
172 cb_data.loc_oob_data = p_cb->sc_oob_data.loc_oob_data;
173 break;
174
175 case SMP_BR_KEYS_REQ_EVT:
176 cb_data.io_req.auth_req = 0;
177 cb_data.io_req.oob_data = SMP_OOB_NONE;
178 cb_data.io_req.io_cap = 0;
179 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
180 cb_data.io_req.init_keys = SMP_BR_SEC_DEFAULT_KEY;
181 cb_data.io_req.resp_keys = SMP_BR_SEC_DEFAULT_KEY;
182 break;
183
184 default:
185 break;
186 }
187
188 callback_rc = (*p_cb->p_callback)(p_cb->cb_evt, p_cb->pairing_bda, &cb_data);
189
190 SMP_TRACE_DEBUG("callback_rc=%d p_cb->cb_evt=%d",callback_rc, p_cb->cb_evt );
191
192 if (callback_rc == SMP_SUCCESS)
193 {
194 switch (p_cb->cb_evt)
195 {
196 case SMP_IO_CAP_REQ_EVT:
197 p_cb->loc_auth_req = cb_data.io_req.auth_req;
198 p_cb->local_io_capability = cb_data.io_req.io_cap;
199 p_cb->loc_oob_flag = cb_data.io_req.oob_data;
200 p_cb->loc_enc_size = cb_data.io_req.max_key_size;
201 p_cb->local_i_key = cb_data.io_req.init_keys;
202 p_cb->local_r_key = cb_data.io_req.resp_keys;
203
204 if (!(p_cb->loc_auth_req & SMP_AUTH_BOND))
205 {
206 SMP_TRACE_WARNING ("Non bonding: No keys will be exchanged");
207 p_cb->local_i_key = 0;
208 p_cb->local_r_key = 0;
209 }
210
211 SMP_TRACE_WARNING ( "rcvd auth_req: 0x%02x, io_cap: %d \
212 loc_oob_flag: %d loc_enc_size: %d,"
213 "local_i_key: 0x%02x, local_r_key: 0x%02x",
214 p_cb->loc_auth_req, p_cb->local_io_capability, p_cb->loc_oob_flag,
215 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key);
216
217 p_cb->secure_connections_only_mode_required =
218 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE;
219
220 if (p_cb->secure_connections_only_mode_required)
221 {
222 p_cb->loc_auth_req |= SMP_SC_SUPPORT_BIT;
223 }
224
225 if (!(p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT)
226 || lmp_version_below(p_cb->pairing_bda, HCI_PROTO_VERSION_4_2)
227 || interop_match_addr(INTEROP_DISABLE_LE_SECURE_CONNECTIONS,
228 (const bt_bdaddr_t *)&p_cb->pairing_bda))
229 {
230 p_cb->loc_auth_req &= ~SMP_KP_SUPPORT_BIT;
231 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
232 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
233 }
234
235 SMP_TRACE_WARNING("set auth_req: 0x%02x, local_i_key: 0x%02x, local_r_key: 0x%02x",
236 p_cb->loc_auth_req, p_cb->local_i_key, p_cb->local_r_key);
237
238 smp_sm_event(p_cb, SMP_IO_RSP_EVT, NULL);
239 break;
240
241 case SMP_BR_KEYS_REQ_EVT:
242 p_cb->loc_enc_size = cb_data.io_req.max_key_size;
243 p_cb->local_i_key = cb_data.io_req.init_keys;
244 p_cb->local_r_key = cb_data.io_req.resp_keys;
245
246 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
247 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
248
249 SMP_TRACE_WARNING ( "for SMP over BR max_key_size: 0x%02x,\
250 local_i_key: 0x%02x, local_r_key: 0x%02x",
251 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key);
252
253 smp_br_state_machine_event(p_cb, SMP_BR_KEYS_RSP_EVT, NULL);
254 break;
255 }
256 }
257 }
258
259 if (!p_cb->cb_evt && p_cb->discard_sec_req)
260 {
261 p_cb->discard_sec_req = FALSE;
262 smp_sm_event(p_cb, SMP_DISCARD_SEC_REQ_EVT, NULL);
263 }
264
265 SMP_TRACE_DEBUG("%s return", __func__);
266 }
267
268 /*******************************************************************************
269 ** Function smp_send_pair_fail
270 ** Description pairing failure to peer device if needed.
271 *******************************************************************************/
smp_send_pair_fail(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)272 void smp_send_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
273 {
274 p_cb->status = *(UINT8 *)p_data;
275 p_cb->failure = *(UINT8 *)p_data;
276
277 SMP_TRACE_DEBUG("%s status=%d failure=%d ", __func__, p_cb->status, p_cb->failure);
278
279 if (p_cb->status <= SMP_MAX_FAIL_RSN_PER_SPEC && p_cb->status != SMP_SUCCESS)
280 {
281 smp_send_cmd(SMP_OPCODE_PAIRING_FAILED, p_cb);
282 p_cb->wait_for_authorization_complete = TRUE;
283 }
284 }
285
286 /*******************************************************************************
287 ** Function smp_send_pair_req
288 ** Description actions related to sending pairing request
289 *******************************************************************************/
smp_send_pair_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)290 void smp_send_pair_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
291 {
292 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
293 SMP_TRACE_DEBUG("%s", __func__);
294
295 /* erase all keys when master sends pairing req*/
296 if (p_dev_rec)
297 btm_sec_clear_ble_keys(p_dev_rec);
298 /* do not manipulate the key, let app decide,
299 leave out to BTM to mandate key distribution for bonding case */
300 smp_send_cmd(SMP_OPCODE_PAIRING_REQ, p_cb);
301 }
302
303 /*******************************************************************************
304 ** Function smp_send_pair_rsp
305 ** Description actions related to sending pairing response
306 *******************************************************************************/
smp_send_pair_rsp(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)307 void smp_send_pair_rsp(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
308 {
309 SMP_TRACE_DEBUG("%s", __func__);
310
311 p_cb->local_i_key &= p_cb->peer_i_key;
312 p_cb->local_r_key &= p_cb->peer_r_key;
313
314 if (smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb))
315 {
316 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
317 smp_use_oob_private_key(p_cb, NULL);
318 else
319 smp_decide_association_model(p_cb, NULL);
320 }
321 }
322
323 /*******************************************************************************
324 ** Function smp_send_confirm
325 ** Description send confirmation to the peer
326 *******************************************************************************/
smp_send_confirm(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)327 void smp_send_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
328 {
329 SMP_TRACE_DEBUG("%s", __func__);
330 smp_send_cmd(SMP_OPCODE_CONFIRM, p_cb);
331 }
332
333 /*******************************************************************************
334 ** Function smp_send_init
335 ** Description process pairing initializer to slave device
336 *******************************************************************************/
smp_send_init(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)337 void smp_send_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
338 {
339 SMP_TRACE_DEBUG("%s", __func__);
340 smp_send_cmd(SMP_OPCODE_INIT, p_cb);
341 }
342
343 /*******************************************************************************
344 ** Function smp_send_rand
345 ** Description send pairing random to the peer
346 *******************************************************************************/
smp_send_rand(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)347 void smp_send_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
348 {
349 SMP_TRACE_DEBUG("%s", __func__);
350 smp_send_cmd(SMP_OPCODE_RAND, p_cb);
351 }
352
353 /*******************************************************************************
354 ** Function smp_send_pair_public_key
355 ** Description send pairing public key command to the peer
356 *******************************************************************************/
smp_send_pair_public_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)357 void smp_send_pair_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
358 {
359 SMP_TRACE_DEBUG("%s", __func__);
360 smp_send_cmd(SMP_OPCODE_PAIR_PUBLIC_KEY, p_cb);
361 }
362
363 /*******************************************************************************
364 ** Function SMP_SEND_COMMITMENT
365 ** Description send commitment command to the peer
366 *******************************************************************************/
smp_send_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)367 void smp_send_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
368 {
369 SMP_TRACE_DEBUG("%s", __func__);
370 smp_send_cmd(SMP_OPCODE_PAIR_COMMITM, p_cb);
371 }
372
373 /*******************************************************************************
374 ** Function smp_send_dhkey_check
375 ** Description send DHKey Check command to the peer
376 *******************************************************************************/
smp_send_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)377 void smp_send_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
378 {
379 SMP_TRACE_DEBUG("%s", __func__);
380 smp_send_cmd(SMP_OPCODE_PAIR_DHKEY_CHECK, p_cb);
381 }
382
383 /*******************************************************************************
384 ** Function smp_send_keypress_notification
385 ** Description send Keypress Notification command to the peer
386 *******************************************************************************/
smp_send_keypress_notification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)387 void smp_send_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
388 {
389 p_cb->local_keypress_notification = *(UINT8 *) p_data;
390 smp_send_cmd(SMP_OPCODE_PAIR_KEYPR_NOTIF, p_cb);
391 }
392
393 /*******************************************************************************
394 ** Function smp_send_enc_info
395 ** Description send encryption information command.
396 *******************************************************************************/
smp_send_enc_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)397 void smp_send_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
398 {
399 tBTM_LE_LENC_KEYS le_key;
400
401 SMP_TRACE_DEBUG("%s p_cb->loc_enc_size = %d", __func__, p_cb->loc_enc_size);
402 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
403
404 smp_send_cmd(SMP_OPCODE_ENCRYPT_INFO, p_cb);
405 smp_send_cmd(SMP_OPCODE_MASTER_ID, p_cb);
406
407 /* save the DIV and key size information when acting as slave device */
408 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
409 le_key.div = p_cb->div;
410 le_key.key_size = p_cb->loc_enc_size;
411 le_key.sec_level = p_cb->sec_level;
412
413 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
414 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LENC,
415 (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
416
417 SMP_TRACE_WARNING ("%s", __func__);
418
419 smp_key_distribution(p_cb, NULL);
420 }
421
422 /*******************************************************************************
423 ** Function smp_send_id_info
424 ** Description send ID information command.
425 *******************************************************************************/
smp_send_id_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)426 void smp_send_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
427 {
428 tBTM_LE_KEY_VALUE le_key;
429 SMP_TRACE_DEBUG("%s", __func__);
430 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, FALSE);
431
432 smp_send_cmd(SMP_OPCODE_IDENTITY_INFO, p_cb);
433 smp_send_cmd(SMP_OPCODE_ID_ADDR, p_cb);
434
435 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
436 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LID,
437 &le_key, TRUE);
438
439 SMP_TRACE_WARNING ("%s", __func__);
440 smp_key_distribution_by_transport(p_cb, NULL);
441 }
442
443 /*******************************************************************************
444 ** Function smp_send_csrk_info
445 ** Description send CSRK command.
446 *******************************************************************************/
smp_send_csrk_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)447 void smp_send_csrk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
448 {
449 tBTM_LE_LCSRK_KEYS key;
450 SMP_TRACE_DEBUG("%s", __func__);
451 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, FALSE);
452
453 if (smp_send_cmd(SMP_OPCODE_SIGN_INFO, p_cb))
454 {
455 key.div = p_cb->div;
456 key.sec_level = p_cb->sec_level;
457 key.counter = 0; /* initialize the local counter */
458 memcpy (key.csrk, p_cb->csrk, BT_OCTET16_LEN);
459 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LCSRK, (tBTM_LE_KEY_VALUE *)&key, TRUE);
460 }
461
462 smp_key_distribution_by_transport(p_cb, NULL);
463 }
464
465 /*******************************************************************************
466 ** Function smp_send_ltk_reply
467 ** Description send LTK reply
468 *******************************************************************************/
smp_send_ltk_reply(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)469 void smp_send_ltk_reply(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
470 {
471 SMP_TRACE_DEBUG("%s", __func__);
472 /* send stk as LTK response */
473 btm_ble_ltk_request_reply(p_cb->pairing_bda, TRUE, p_data->key.p_data);
474 }
475
476 /*******************************************************************************
477 ** Function smp_proc_sec_req
478 ** Description process security request.
479 *******************************************************************************/
smp_proc_sec_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)480 void smp_proc_sec_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
481 {
482 tBTM_LE_AUTH_REQ auth_req = *(tBTM_LE_AUTH_REQ *)p_data;
483 tBTM_BLE_SEC_REQ_ACT sec_req_act;
484 UINT8 reason;
485
486 SMP_TRACE_DEBUG("%s auth_req=0x%x", __func__, auth_req);
487
488 p_cb->cb_evt = 0;
489
490 btm_ble_link_sec_check(p_cb->pairing_bda, auth_req, &sec_req_act);
491
492 SMP_TRACE_DEBUG("%s sec_req_act=0x%x", __func__, sec_req_act);
493
494 switch (sec_req_act)
495 {
496 case BTM_BLE_SEC_REQ_ACT_ENCRYPT:
497 SMP_TRACE_DEBUG("%s BTM_BLE_SEC_REQ_ACT_ENCRYPT", __func__);
498 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
499 break;
500
501 case BTM_BLE_SEC_REQ_ACT_PAIR:
502 p_cb->secure_connections_only_mode_required =
503 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE;
504
505 /* respond to non SC pairing request as failure in SC only mode */
506 if (p_cb->secure_connections_only_mode_required &&
507 (auth_req & SMP_SC_SUPPORT_BIT) == 0)
508 {
509 reason = SMP_PAIR_AUTH_FAIL;
510 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
511 }
512 else
513 {
514 /* initialize local i/r key to be default keys */
515 p_cb->peer_auth_req = auth_req;
516 p_cb->local_r_key = p_cb->local_i_key = SMP_SEC_DEFAULT_KEY ;
517 p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
518 }
519 break;
520
521 case BTM_BLE_SEC_REQ_ACT_DISCARD:
522 p_cb->discard_sec_req = TRUE;
523 break;
524
525 default:
526 /* do nothing */
527 break;
528 }
529 }
530
531 /*******************************************************************************
532 ** Function smp_proc_sec_grant
533 ** Description process security grant.
534 *******************************************************************************/
smp_proc_sec_grant(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)535 void smp_proc_sec_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
536 {
537 UINT8 res= *(UINT8 *)p_data;
538 SMP_TRACE_DEBUG("%s", __func__);
539 if (res != SMP_SUCCESS)
540 {
541 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, p_data);
542 }
543 else /*otherwise, start pairing */
544 {
545 /* send IO request callback */
546 p_cb->cb_evt = SMP_IO_CAP_REQ_EVT;
547 }
548 }
549
550 /*******************************************************************************
551 ** Function smp_proc_pair_fail
552 ** Description process pairing failure from peer device
553 *******************************************************************************/
smp_proc_pair_fail(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)554 void smp_proc_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
555 {
556 SMP_TRACE_DEBUG("%s", __func__);
557 p_cb->status = *(UINT8 *)p_data;
558
559 /* Cancel pending auth complete timer if set */
560 alarm_cancel(p_cb->delayed_auth_timer_ent);
561 }
562
563 /*******************************************************************************
564 ** Function smp_proc_pair_cmd
565 ** Description Process the SMP pairing request/response from peer device
566 *******************************************************************************/
smp_proc_pair_cmd(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)567 void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
568 {
569 UINT8 *p = (UINT8 *)p_data;
570 UINT8 reason = SMP_ENC_KEY_SIZE;
571 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
572
573 SMP_TRACE_DEBUG("%s", __func__);
574 /* erase all keys if it is slave proc pairing req*/
575 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
576 btm_sec_clear_ble_keys(p_dev_rec);
577
578 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
579
580 STREAM_TO_UINT8(p_cb->peer_io_caps, p);
581 STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
582 STREAM_TO_UINT8(p_cb->peer_auth_req, p);
583 STREAM_TO_UINT8(p_cb->peer_enc_size, p);
584 STREAM_TO_UINT8(p_cb->peer_i_key, p);
585 STREAM_TO_UINT8(p_cb->peer_r_key, p);
586
587 if (smp_command_has_invalid_parameters(p_cb))
588 {
589 reason = SMP_INVALID_PARAMETERS;
590 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
591 return;
592 }
593
594 // PTS Testing failure modes
595 if (pts_test_send_authentication_complete_failure(p_cb))
596 return;
597
598 if (p_cb->role == HCI_ROLE_SLAVE)
599 {
600 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD))
601 {
602 /* peer (master) started pairing sending Pairing Request */
603 p_cb->local_i_key = p_cb->peer_i_key;
604 p_cb->local_r_key = p_cb->peer_r_key;
605
606 p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
607 }
608 else /* update local i/r key according to pairing request */
609 {
610 /* pairing started with this side (slave) sending Security Request */
611 p_cb->local_i_key &= p_cb->peer_i_key;
612 p_cb->local_r_key &= p_cb->peer_r_key;
613 p_cb->selected_association_model = smp_select_association_model(p_cb);
614
615 if (p_cb->secure_connections_only_mode_required &&
616 (!(p_cb->le_secure_connections_mode_is_used) ||
617 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
618 {
619 SMP_TRACE_ERROR("%s pairing failed - slave requires secure connection only mode",
620 __func__);
621 reason = SMP_PAIR_AUTH_FAIL;
622 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
623 return;
624 }
625
626 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
627 {
628 if (smp_request_oob_data(p_cb)) return;
629 }
630 else
631 {
632 smp_send_pair_rsp(p_cb, NULL);
633 }
634 }
635 }
636 else /* Master receives pairing response */
637 {
638 p_cb->selected_association_model = smp_select_association_model(p_cb);
639
640 if (p_cb->secure_connections_only_mode_required &&
641 (!(p_cb->le_secure_connections_mode_is_used) ||
642 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
643 {
644 SMP_TRACE_ERROR ("Master requires secure connection only mode \
645 but it can't be provided -> Master fails pairing");
646 reason = SMP_PAIR_AUTH_FAIL;
647 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
648 return;
649 }
650
651 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
652 {
653 if (smp_request_oob_data(p_cb)) return;
654 }
655 else
656 {
657 smp_decide_association_model(p_cb, NULL);
658 }
659 }
660 }
661
662 /*******************************************************************************
663 ** Function smp_proc_confirm
664 ** Description process pairing confirm from peer device
665 *******************************************************************************/
smp_proc_confirm(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)666 void smp_proc_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
667 {
668 UINT8 *p = (UINT8 *)p_data;
669 UINT8 reason = SMP_INVALID_PARAMETERS;
670
671 SMP_TRACE_DEBUG("%s", __func__);
672
673 if (smp_command_has_invalid_parameters(p_cb))
674 {
675 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
676 return;
677 }
678
679 if (p != NULL)
680 {
681 /* save the SConfirm for comparison later */
682 STREAM_TO_ARRAY(p_cb->rconfirm, p, BT_OCTET16_LEN);
683 }
684
685 p_cb->flags |= SMP_PAIR_FLAGS_CMD_CONFIRM;
686 }
687
688 /*******************************************************************************
689 ** Function smp_proc_init
690 ** Description process pairing initializer from peer device
691 *******************************************************************************/
smp_proc_init(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)692 void smp_proc_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
693 {
694 UINT8 *p = (UINT8 *)p_data;
695 UINT8 reason = SMP_INVALID_PARAMETERS;
696
697 SMP_TRACE_DEBUG("%s", __func__);
698
699 if (smp_command_has_invalid_parameters(p_cb))
700 {
701 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
702 return;
703 }
704
705 /* save the SRand for comparison */
706 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
707 }
708
709 /*******************************************************************************
710 ** Function smp_proc_rand
711 ** Description process pairing random (nonce) from peer device
712 *******************************************************************************/
smp_proc_rand(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)713 void smp_proc_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
714 {
715 UINT8 *p = (UINT8 *)p_data;
716 UINT8 reason = SMP_INVALID_PARAMETERS;
717
718 SMP_TRACE_DEBUG("%s", __func__);
719
720 if (smp_command_has_invalid_parameters(p_cb))
721 {
722 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
723 return;
724 }
725
726 /* save the SRand for comparison */
727 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
728 }
729
730 /*******************************************************************************
731 ** Function smp_process_pairing_public_key
732 ** Description process pairing public key command from the peer device
733 ** - saves the peer public key;
734 ** - sets the flag indicating that the peer public key is received;
735 ** - calls smp_wait_for_both_public_keys(...).
736 **
737 *******************************************************************************/
smp_process_pairing_public_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)738 void smp_process_pairing_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
739 {
740 UINT8 *p = (UINT8 *)p_data;
741 UINT8 reason = SMP_INVALID_PARAMETERS;
742
743 SMP_TRACE_DEBUG("%s", __func__);
744
745 if (smp_command_has_invalid_parameters(p_cb))
746 {
747 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
748 return;
749 }
750
751 STREAM_TO_ARRAY(p_cb->peer_publ_key.x, p, BT_OCTET32_LEN);
752 STREAM_TO_ARRAY(p_cb->peer_publ_key.y, p, BT_OCTET32_LEN);
753 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY;
754
755 smp_wait_for_both_public_keys(p_cb, NULL);
756 }
757
758 /*******************************************************************************
759 ** Function smp_process_pairing_commitment
760 ** Description process pairing commitment from peer device
761 *******************************************************************************/
smp_process_pairing_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)762 void smp_process_pairing_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
763 {
764 UINT8 *p = (UINT8 *)p_data;
765 UINT8 reason = SMP_INVALID_PARAMETERS;
766
767 SMP_TRACE_DEBUG("%s", __func__);
768
769 if (smp_command_has_invalid_parameters(p_cb))
770 {
771 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
772 return;
773 }
774
775 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_COMM;
776
777 if (p != NULL)
778 {
779 STREAM_TO_ARRAY(p_cb->remote_commitment, p, BT_OCTET16_LEN);
780 }
781 }
782
783 /*******************************************************************************
784 ** Function smp_process_dhkey_check
785 ** Description process DHKey Check from peer device
786 *******************************************************************************/
smp_process_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)787 void smp_process_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
788 {
789 UINT8 *p = (UINT8 *)p_data;
790 UINT8 reason = SMP_INVALID_PARAMETERS;
791
792 SMP_TRACE_DEBUG("%s", __func__);
793
794 if (smp_command_has_invalid_parameters(p_cb))
795 {
796 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
797 return;
798 }
799
800 if (p != NULL)
801 {
802 STREAM_TO_ARRAY(p_cb->remote_dhkey_check, p, BT_OCTET16_LEN);
803 }
804
805 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK;
806 }
807
808 /*******************************************************************************
809 ** Function smp_process_keypress_notification
810 ** Description process pairing keypress notification from peer device
811 *******************************************************************************/
smp_process_keypress_notification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)812 void smp_process_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
813 {
814 UINT8 *p = (UINT8 *)p_data;
815 UINT8 reason = SMP_INVALID_PARAMETERS;
816
817 SMP_TRACE_DEBUG("%s", __func__);
818 p_cb->status = *(UINT8 *)p_data;
819
820 if (smp_command_has_invalid_parameters(p_cb))
821 {
822 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
823 return;
824 }
825
826 if (p != NULL)
827 {
828 STREAM_TO_UINT8(p_cb->peer_keypress_notification, p);
829 }
830 else
831 {
832 p_cb->peer_keypress_notification = BTM_SP_KEY_OUT_OF_RANGE;
833 }
834 p_cb->cb_evt = SMP_PEER_KEYPR_NOT_EVT;
835 }
836
837 /*******************************************************************************
838 ** Function smp_br_process_pairing_command
839 ** Description Process the SMP pairing request/response from peer device via
840 ** BR/EDR transport.
841 *******************************************************************************/
smp_br_process_pairing_command(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)842 void smp_br_process_pairing_command(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
843 {
844 UINT8 *p = (UINT8 *)p_data;
845 UINT8 reason = SMP_ENC_KEY_SIZE;
846 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
847
848 SMP_TRACE_DEBUG("%s", __func__);
849 /* rejecting BR pairing request over non-SC BR link */
850 if (!p_dev_rec->new_encryption_key_is_p256 && p_cb->role == HCI_ROLE_SLAVE)
851 {
852 reason = SMP_XTRANS_DERIVE_NOT_ALLOW;
853 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
854 return;
855 }
856
857 /* erase all keys if it is slave proc pairing req*/
858 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
859 btm_sec_clear_ble_keys(p_dev_rec);
860
861 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
862
863 STREAM_TO_UINT8(p_cb->peer_io_caps, p);
864 STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
865 STREAM_TO_UINT8(p_cb->peer_auth_req, p);
866 STREAM_TO_UINT8(p_cb->peer_enc_size, p);
867 STREAM_TO_UINT8(p_cb->peer_i_key, p);
868 STREAM_TO_UINT8(p_cb->peer_r_key, p);
869
870 if (smp_command_has_invalid_parameters(p_cb))
871 {
872 reason = SMP_INVALID_PARAMETERS;
873 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
874 return;
875 }
876
877 /* peer (master) started pairing sending Pairing Request */
878 /* or being master device always use received i/r key as keys to distribute */
879 p_cb->local_i_key = p_cb->peer_i_key;
880 p_cb->local_r_key = p_cb->peer_r_key;
881
882 if (p_cb->role == HCI_ROLE_SLAVE)
883 {
884 p_dev_rec->new_encryption_key_is_p256 = FALSE;
885 /* shortcut to skip Security Grant step */
886 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
887 }
888 else /* Master receives pairing response */
889 {
890 SMP_TRACE_DEBUG("%s master rcvs valid PAIRING RESPONSE."
891 " Supposed to move to key distribution phase. ", __func__);
892 }
893
894 /* auth_req received via BR/EDR SM channel is set to 0,
895 but everything derived/exchanged has to be saved */
896 p_cb->peer_auth_req |= SMP_AUTH_BOND;
897 p_cb->loc_auth_req |= SMP_AUTH_BOND;
898 }
899
900 /*******************************************************************************
901 ** Function smp_br_process_security_grant
902 ** Description process security grant in case of pairing over BR/EDR transport.
903 *******************************************************************************/
smp_br_process_security_grant(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)904 void smp_br_process_security_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
905 {
906 UINT8 res= *(UINT8 *)p_data;
907 SMP_TRACE_DEBUG("%s", __func__);
908 if (res != SMP_SUCCESS)
909 {
910 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, p_data);
911 }
912 else /*otherwise, start pairing */
913 {
914 /* send IO request callback */
915 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
916 }
917 }
918
919 /*******************************************************************************
920 ** Function smp_br_check_authorization_request
921 ** Description sets the SMP kes to be derived/distribute over BR/EDR transport
922 ** before starting the distribution/derivation
923 *******************************************************************************/
smp_br_check_authorization_request(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)924 void smp_br_check_authorization_request(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
925 {
926 UINT8 reason = SMP_SUCCESS;
927
928 SMP_TRACE_DEBUG("%s rcvs i_keys=0x%x r_keys=0x%x "
929 "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key,
930 p_cb->local_r_key);
931
932 /* In LE SC mode LK field is ignored when BR/EDR transport is used */
933 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
934 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
935
936 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
937 ** Set local_r_key on master to expect only these keys. */
938 if (p_cb->role == HCI_ROLE_MASTER)
939 {
940 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
941 }
942
943 SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x "
944 "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key,
945 p_cb->local_r_key);
946
947 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
948 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
949 (p_cb->local_i_key || p_cb->local_r_key))
950 {
951 smp_br_state_machine_event(p_cb, SMP_BR_BOND_REQ_EVT, NULL);
952
953 /* if no peer key is expected, start master key distribution */
954 if (p_cb->role == HCI_ROLE_MASTER && p_cb->local_r_key == 0)
955 smp_key_distribution_by_transport(p_cb, NULL);
956 }
957 else
958 {
959 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
960 }
961 }
962
963 /*******************************************************************************
964 ** Function smp_br_select_next_key
965 ** Description selects the next key to derive/send when BR/EDR transport is
966 ** used.
967 *******************************************************************************/
smp_br_select_next_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)968 void smp_br_select_next_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
969 {
970 UINT8 reason = SMP_SUCCESS;
971 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x",
972 __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
973
974 if (p_cb->role == HCI_ROLE_SLAVE||
975 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER))
976 {
977 smp_key_pick_key(p_cb, p_data);
978 }
979
980 if (!p_cb->local_i_key && !p_cb->local_r_key)
981 {
982 /* state check to prevent re-entrance */
983 if (smp_get_br_state() == SMP_BR_STATE_BOND_PENDING)
984 {
985 if (p_cb->total_tx_unacked == 0)
986 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
987 else
988 p_cb->wait_for_authorization_complete = TRUE;
989 }
990 }
991 }
992
993 /*******************************************************************************
994 ** Function smp_proc_enc_info
995 ** Description process encryption information from peer device
996 *******************************************************************************/
smp_proc_enc_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)997 void smp_proc_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
998 {
999 UINT8 *p = (UINT8 *)p_data;
1000
1001 SMP_TRACE_DEBUG("%s", __func__);
1002 STREAM_TO_ARRAY(p_cb->ltk, p, BT_OCTET16_LEN);
1003
1004 smp_key_distribution(p_cb, NULL);
1005 }
1006 /*******************************************************************************
1007 ** Function smp_proc_master_id
1008 ** Description process master ID from slave device
1009 *******************************************************************************/
smp_proc_master_id(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1010 void smp_proc_master_id(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1011 {
1012 UINT8 *p = (UINT8 *)p_data;
1013 tBTM_LE_PENC_KEYS le_key;
1014
1015 SMP_TRACE_DEBUG("%s", __func__);
1016 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, TRUE);
1017
1018 STREAM_TO_UINT16(le_key.ediv, p);
1019 STREAM_TO_ARRAY(le_key.rand, p, BT_OCTET8_LEN );
1020
1021 /* store the encryption keys from peer device */
1022 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
1023 le_key.sec_level = p_cb->sec_level;
1024 le_key.key_size = p_cb->loc_enc_size;
1025
1026 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
1027 btm_sec_save_le_key(p_cb->pairing_bda,
1028 BTM_LE_KEY_PENC,
1029 (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
1030
1031 smp_key_distribution(p_cb, NULL);
1032 }
1033
1034 /*******************************************************************************
1035 ** Function smp_proc_enc_info
1036 ** Description process identity information from peer device
1037 *******************************************************************************/
smp_proc_id_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1038 void smp_proc_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1039 {
1040 UINT8 *p = (UINT8 *)p_data;
1041
1042 SMP_TRACE_DEBUG("%s", __func__);
1043 STREAM_TO_ARRAY (p_cb->tk, p, BT_OCTET16_LEN); /* reuse TK for IRK */
1044 smp_key_distribution_by_transport(p_cb, NULL);
1045 }
1046
1047 /*******************************************************************************
1048 ** Function smp_proc_id_addr
1049 ** Description process identity address from peer device
1050 *******************************************************************************/
smp_proc_id_addr(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1051 void smp_proc_id_addr(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1052 {
1053 UINT8 *p = (UINT8 *)p_data;
1054 tBTM_LE_PID_KEYS pid_key;
1055
1056 SMP_TRACE_DEBUG("%s", __func__);
1057 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, TRUE);
1058
1059 STREAM_TO_UINT8(pid_key.addr_type, p);
1060 STREAM_TO_BDADDR(pid_key.static_addr, p);
1061 memcpy(pid_key.irk, p_cb->tk, BT_OCTET16_LEN);
1062
1063 /* to use as BD_ADDR for lk derived from ltk */
1064 p_cb->id_addr_rcvd = TRUE;
1065 p_cb->id_addr_type = pid_key.addr_type;
1066 memcpy(p_cb->id_addr, pid_key.static_addr, BD_ADDR_LEN);
1067
1068 /* store the ID key from peer device */
1069 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
1070 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PID,
1071 (tBTM_LE_KEY_VALUE *)&pid_key, TRUE);
1072 smp_key_distribution_by_transport(p_cb, NULL);
1073 }
1074
1075 /*******************************************************************************
1076 ** Function smp_proc_srk_info
1077 ** Description process security information from peer device
1078 *******************************************************************************/
smp_proc_srk_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1079 void smp_proc_srk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1080 {
1081 tBTM_LE_PCSRK_KEYS le_key;
1082
1083 SMP_TRACE_DEBUG("%s", __func__);
1084 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, TRUE);
1085
1086 /* save CSRK to security record */
1087 le_key.sec_level = p_cb->sec_level;
1088 memcpy (le_key.csrk, p_data, BT_OCTET16_LEN); /* get peer CSRK */
1089 le_key.counter = 0; /* initialize the peer counter */
1090
1091 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
1092 btm_sec_save_le_key(p_cb->pairing_bda,
1093 BTM_LE_KEY_PCSRK,
1094 (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
1095 smp_key_distribution_by_transport(p_cb, NULL);
1096 }
1097
1098 /*******************************************************************************
1099 ** Function smp_proc_compare
1100 ** Description process compare value
1101 *******************************************************************************/
smp_proc_compare(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1102 void smp_proc_compare(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1103 {
1104 UINT8 reason;
1105
1106 SMP_TRACE_DEBUG("%s", __func__);
1107 if (!memcmp(p_cb->rconfirm, p_data->key.p_data, BT_OCTET16_LEN))
1108 {
1109 /* compare the max encryption key size, and save the smaller one for the link */
1110 if ( p_cb->peer_enc_size < p_cb->loc_enc_size)
1111 p_cb->loc_enc_size = p_cb->peer_enc_size;
1112
1113 if (p_cb->role == HCI_ROLE_SLAVE)
1114 smp_sm_event(p_cb, SMP_RAND_EVT, NULL);
1115 else
1116 {
1117 /* master device always use received i/r key as keys to distribute */
1118 p_cb->local_i_key = p_cb->peer_i_key;
1119 p_cb->local_r_key = p_cb->peer_r_key;
1120
1121 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1122 }
1123
1124 }
1125 else
1126 {
1127 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1128 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1129 }
1130 }
1131
1132 /*******************************************************************************
1133 ** Function smp_proc_sl_key
1134 ** Description process key ready events.
1135 *******************************************************************************/
smp_proc_sl_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1136 void smp_proc_sl_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1137 {
1138 UINT8 key_type = p_data->key.key_type;
1139
1140 SMP_TRACE_DEBUG("%s", __func__);
1141 if (key_type == SMP_KEY_TYPE_TK)
1142 {
1143 smp_generate_srand_mrand_confirm(p_cb, NULL);
1144 }
1145 else if (key_type == SMP_KEY_TYPE_CFM)
1146 {
1147 smp_set_state(SMP_STATE_WAIT_CONFIRM);
1148
1149 if (p_cb->flags & SMP_PAIR_FLAGS_CMD_CONFIRM)
1150 smp_sm_event(p_cb, SMP_CONFIRM_EVT, NULL);
1151 }
1152 }
1153
1154 /*******************************************************************************
1155 ** Function smp_start_enc
1156 ** Description start encryption
1157 *******************************************************************************/
smp_start_enc(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1158 void smp_start_enc(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1159 {
1160 tBTM_STATUS cmd;
1161 UINT8 reason = SMP_ENC_FAIL;
1162
1163 SMP_TRACE_DEBUG("%s", __func__);
1164 if (p_data != NULL)
1165 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, TRUE, p_data->key.p_data);
1166 else
1167 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, FALSE, NULL);
1168
1169 if (cmd != BTM_CMD_STARTED && cmd != BTM_BUSY)
1170 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1171 }
1172
1173 /*******************************************************************************
1174 ** Function smp_proc_discard
1175 ** Description processing for discard security request
1176 *******************************************************************************/
smp_proc_discard(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1177 void smp_proc_discard(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1178 {
1179 SMP_TRACE_DEBUG("%s", __func__);
1180 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD))
1181 smp_reset_control_value(p_cb);
1182 }
1183
1184 /*******************************************************************************
1185 ** Function smp_enc_cmpl
1186 ** Description encryption success
1187 *******************************************************************************/
smp_enc_cmpl(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1188 void smp_enc_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1189 {
1190 UINT8 enc_enable = *(UINT8 *)p_data;
1191 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1192
1193 SMP_TRACE_DEBUG("%s", __func__);
1194 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1195 }
1196
1197 /*******************************************************************************
1198 ** Function smp_check_auth_req
1199 ** Description check authentication request
1200 *******************************************************************************/
smp_check_auth_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1201 void smp_check_auth_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1202 {
1203 UINT8 enc_enable = *(UINT8 *)p_data;
1204 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1205
1206 SMP_TRACE_DEBUG("%s rcvs enc_enable=%d i_keys=0x%x r_keys=0x%x "
1207 "(i-initiator r-responder)",
1208 __func__, enc_enable, p_cb->local_i_key, p_cb->local_r_key);
1209 if (enc_enable == 1)
1210 {
1211 if (p_cb->le_secure_connections_mode_is_used)
1212 {
1213 /* In LE SC mode LTK is used instead of STK and has to be always saved */
1214 p_cb->local_i_key |= SMP_SEC_KEY_TYPE_ENC;
1215 p_cb->local_r_key |= SMP_SEC_KEY_TYPE_ENC;
1216
1217 /* In LE SC mode LK is derived from LTK only if both sides request it */
1218 if (!(p_cb->local_i_key & SMP_SEC_KEY_TYPE_LK) ||
1219 !(p_cb->local_r_key & SMP_SEC_KEY_TYPE_LK))
1220 {
1221 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1222 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1223 }
1224
1225 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
1226 ** Set local_r_key on master to expect only these keys.
1227 */
1228 if (p_cb->role == HCI_ROLE_MASTER)
1229 {
1230 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
1231 }
1232 }
1233 else
1234 {
1235 /* in legacy mode derivation of BR/EDR LK is not supported */
1236 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1237 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1238 }
1239 SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x "
1240 "(i-initiator r-responder)",
1241 __func__, p_cb->local_i_key, p_cb->local_r_key);
1242
1243 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
1244 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
1245 (p_cb->local_i_key || p_cb->local_r_key))
1246 {
1247 smp_sm_event(p_cb, SMP_BOND_REQ_EVT, NULL);
1248 }
1249 else
1250 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1251 }
1252 else if (enc_enable == 0)
1253 {
1254 /* if failed for encryption after pairing, send callback */
1255 if (p_cb->flags & SMP_PAIR_FLAG_ENC_AFTER_PAIR)
1256 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1257 /* if enc failed for old security information */
1258 /* if master device, clean up and abck to idle; slave device do nothing */
1259 else if (p_cb->role == HCI_ROLE_MASTER)
1260 {
1261 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1262 }
1263 }
1264 }
1265
1266 /*******************************************************************************
1267 ** Function smp_key_pick_key
1268 ** Description Pick a key distribution function based on the key mask.
1269 *******************************************************************************/
smp_key_pick_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1270 void smp_key_pick_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1271 {
1272 UINT8 key_to_dist = (p_cb->role == HCI_ROLE_SLAVE) ? p_cb->local_r_key : p_cb->local_i_key;
1273 UINT8 i = 0;
1274
1275 SMP_TRACE_DEBUG("%s key_to_dist=0x%x", __func__, key_to_dist);
1276 while (i < SMP_KEY_DIST_TYPE_MAX)
1277 {
1278 SMP_TRACE_DEBUG("key to send = %02x, i = %d", key_to_dist, i);
1279
1280 if (key_to_dist & (1 << i))
1281 {
1282 SMP_TRACE_DEBUG("smp_distribute_act[%d]", i);
1283 (* smp_distribute_act[i])(p_cb, p_data);
1284 break;
1285 }
1286 i ++;
1287 }
1288 }
1289 /*******************************************************************************
1290 ** Function smp_key_distribution
1291 ** Description start key distribution if required.
1292 *******************************************************************************/
smp_key_distribution(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1293 void smp_key_distribution(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1294 {
1295 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x",
1296 __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
1297
1298 if (p_cb->role == HCI_ROLE_SLAVE ||
1299 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER))
1300 {
1301 smp_key_pick_key(p_cb, p_data);
1302 }
1303
1304 if (!p_cb->local_i_key && !p_cb->local_r_key)
1305 {
1306 /* state check to prevent re-entrant */
1307 if (smp_get_state() == SMP_STATE_BOND_PENDING)
1308 {
1309 if (p_cb->derive_lk)
1310 {
1311 smp_derive_link_key_from_long_term_key(p_cb, NULL);
1312 p_cb->derive_lk = FALSE;
1313 }
1314
1315 if (p_cb->total_tx_unacked == 0)
1316 {
1317 /*
1318 * Instead of declaring authorization complete immediately,
1319 * delay the event from being sent by SMP_DELAYED_AUTH_TIMEOUT_MS.
1320 * This allows the slave to send over Pairing Failed if the
1321 * last key is rejected. During this waiting window, the
1322 * state should remain in SMP_STATE_BOND_PENDING.
1323 */
1324 if (!alarm_is_scheduled(p_cb->delayed_auth_timer_ent)) {
1325 SMP_TRACE_DEBUG("%s delaying auth complete.", __func__);
1326 alarm_set_on_queue(p_cb->delayed_auth_timer_ent, SMP_DELAYED_AUTH_TIMEOUT_MS,
1327 smp_delayed_auth_complete_timeout, NULL, btu_general_alarm_queue);
1328 }
1329 } else {
1330 p_cb->wait_for_authorization_complete = TRUE;
1331 }
1332 }
1333 }
1334 }
1335
1336 /*******************************************************************************
1337 ** Function smp_decide_association_model
1338 ** Description This function is called to select assoc model to be used for
1339 ** STK generation and to start STK generation process.
1340 **
1341 *******************************************************************************/
smp_decide_association_model(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1342 void smp_decide_association_model(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1343 {
1344 UINT8 failure = SMP_UNKNOWN_IO_CAP;
1345 UINT8 int_evt = 0;
1346 tSMP_KEY key;
1347 tSMP_INT_DATA *p = NULL;
1348
1349 SMP_TRACE_DEBUG("%s Association Model = %d", __func__, p_cb->selected_association_model);
1350
1351 switch (p_cb->selected_association_model)
1352 {
1353 case SMP_MODEL_ENCRYPTION_ONLY: /* TK = 0, go calculate Confirm */
1354 if (p_cb->role == HCI_ROLE_MASTER &&
1355 ((p_cb->peer_auth_req & SMP_AUTH_YN_BIT) != 0) &&
1356 ((p_cb->loc_auth_req & SMP_AUTH_YN_BIT) == 0))
1357 {
1358 SMP_TRACE_ERROR ("IO capability does not meet authentication requirement");
1359 failure = SMP_PAIR_AUTH_FAIL;
1360 p = (tSMP_INT_DATA *)&failure;
1361 int_evt = SMP_AUTH_CMPL_EVT;
1362 }
1363 else
1364 {
1365 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1366 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level );
1367
1368 key.key_type = SMP_KEY_TYPE_TK;
1369 key.p_data = p_cb->tk;
1370 p = (tSMP_INT_DATA *)&key;
1371
1372 memset(p_cb->tk, 0, BT_OCTET16_LEN);
1373 /* TK, ready */
1374 int_evt = SMP_KEY_READY_EVT;
1375 }
1376 break;
1377
1378 case SMP_MODEL_PASSKEY:
1379 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1380 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1381
1382 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1383 int_evt = SMP_TK_REQ_EVT;
1384 break;
1385
1386 case SMP_MODEL_OOB:
1387 SMP_TRACE_ERROR ("Association Model = SMP_MODEL_OOB");
1388 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1389 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1390
1391 p_cb->cb_evt = SMP_OOB_REQ_EVT;
1392 int_evt = SMP_TK_REQ_EVT;
1393 break;
1394
1395 case SMP_MODEL_KEY_NOTIF:
1396 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1397 SMP_TRACE_DEBUG("Need to generate Passkey");
1398
1399 /* generate passkey and notify application */
1400 smp_generate_passkey(p_cb, NULL);
1401 break;
1402
1403 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1404 case SMP_MODEL_SEC_CONN_NUM_COMP:
1405 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1406 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1407 case SMP_MODEL_SEC_CONN_OOB:
1408 int_evt = SMP_PUBL_KEY_EXCH_REQ_EVT;
1409 break;
1410
1411 case SMP_MODEL_OUT_OF_RANGE:
1412 SMP_TRACE_ERROR("Association Model = SMP_MODEL_OUT_OF_RANGE (failed)");
1413 p = (tSMP_INT_DATA *)&failure;
1414 int_evt = SMP_AUTH_CMPL_EVT;
1415 break;
1416
1417 default:
1418 SMP_TRACE_ERROR("Association Model = %d (SOMETHING IS WRONG WITH THE CODE)",
1419 p_cb->selected_association_model);
1420 p = (tSMP_INT_DATA *)&failure;
1421 int_evt = SMP_AUTH_CMPL_EVT;
1422 }
1423
1424 SMP_TRACE_EVENT ("sec_level=%d ", p_cb->sec_level );
1425 if (int_evt)
1426 smp_sm_event(p_cb, int_evt, p);
1427 }
1428
1429 /*******************************************************************************
1430 ** Function smp_process_io_response
1431 ** Description process IO response for a slave device.
1432 *******************************************************************************/
smp_process_io_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1433 void smp_process_io_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1434 {
1435 uint8_t reason = SMP_PAIR_AUTH_FAIL;
1436
1437 SMP_TRACE_DEBUG("%s", __func__);
1438 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)
1439 {
1440 /* pairing started by local (slave) Security Request */
1441 smp_set_state(SMP_STATE_SEC_REQ_PENDING);
1442 smp_send_cmd(SMP_OPCODE_SEC_REQ, p_cb);
1443 }
1444 else /* plan to send pairing respond */
1445 {
1446 /* pairing started by peer (master) Pairing Request */
1447 p_cb->selected_association_model = smp_select_association_model(p_cb);
1448
1449 if (p_cb->secure_connections_only_mode_required &&
1450 (!(p_cb->le_secure_connections_mode_is_used) ||
1451 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
1452 {
1453 SMP_TRACE_ERROR ("Slave requires secure connection only mode \
1454 but it can't be provided -> Slave fails pairing");
1455 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1456 return;
1457 }
1458
1459 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
1460 {
1461 if (smp_request_oob_data(p_cb)) return;
1462 }
1463
1464 // PTS Testing failure modes
1465 if (pts_test_send_authentication_complete_failure(p_cb))
1466 return;
1467
1468 smp_send_pair_rsp(p_cb, NULL);
1469 }
1470 }
1471
1472 /*******************************************************************************
1473 ** Function smp_br_process_slave_keys_response
1474 ** Description process application keys response for a slave device
1475 ** (BR/EDR transport).
1476 *******************************************************************************/
smp_br_process_slave_keys_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1477 void smp_br_process_slave_keys_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1478 {
1479 smp_br_send_pair_response(p_cb, NULL);
1480 }
1481
1482 /*******************************************************************************
1483 ** Function smp_br_send_pair_response
1484 ** Description actions related to sending pairing response over BR/EDR transport.
1485 *******************************************************************************/
smp_br_send_pair_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1486 void smp_br_send_pair_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1487 {
1488 SMP_TRACE_DEBUG("%s", __func__);
1489
1490 p_cb->local_i_key &= p_cb->peer_i_key;
1491 p_cb->local_r_key &= p_cb->peer_r_key;
1492
1493 smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb);
1494 }
1495
1496 /*******************************************************************************
1497 ** Function smp_pairing_cmpl
1498 ** Description This function is called to send the pairing complete callback
1499 ** and remove the connection if needed.
1500 *******************************************************************************/
smp_pairing_cmpl(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1501 void smp_pairing_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1502 {
1503 if (p_cb->total_tx_unacked == 0)
1504 {
1505 /* process the pairing complete */
1506 smp_proc_pairing_cmpl(p_cb);
1507 }
1508 }
1509
1510 /*******************************************************************************
1511 ** Function smp_pair_terminate
1512 ** Description This function is called to send the pairing complete callback
1513 ** and remove the connection if needed.
1514 *******************************************************************************/
smp_pair_terminate(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1515 void smp_pair_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1516 {
1517 SMP_TRACE_DEBUG("%s", __func__);
1518 p_cb->status = SMP_CONN_TOUT;
1519 smp_proc_pairing_cmpl(p_cb);
1520 }
1521
1522 /*******************************************************************************
1523 ** Function smp_idle_terminate
1524 ** Description This function calledin idle state to determine to send authentication
1525 ** complete or not.
1526 *******************************************************************************/
smp_idle_terminate(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1527 void smp_idle_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1528 {
1529 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)
1530 {
1531 SMP_TRACE_DEBUG("Pairing terminated at IDLE state.");
1532 p_cb->status = SMP_FAIL;
1533 smp_proc_pairing_cmpl(p_cb);
1534 }
1535 }
1536
1537 /*******************************************************************************
1538 ** Function smp_fast_conn_param
1539 ** Description apply default connection parameter for pairing process
1540 *******************************************************************************/
smp_fast_conn_param(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1541 void smp_fast_conn_param(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1542 {
1543 /* Disable L2CAP connection parameter updates while bonding since
1544 some peripherals are not able to revert to fast connection parameters
1545 during the start of service discovery. Connection paramter updates
1546 get enabled again once service discovery completes. */
1547 L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, false);
1548 }
1549
1550 /*******************************************************************************
1551 ** Function smp_both_have_public_keys
1552 ** Description The function is called when both local and peer public keys are
1553 ** saved.
1554 ** Actions:
1555 ** - invokes DHKey computation;
1556 ** - on slave side invokes sending local public key to the peer.
1557 ** - invokes SC phase 1 process.
1558 *******************************************************************************/
smp_both_have_public_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1559 void smp_both_have_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1560 {
1561 SMP_TRACE_DEBUG("%s",__func__);
1562
1563 /* invokes DHKey computation */
1564 smp_compute_dhkey(p_cb);
1565
1566 /* on slave side invokes sending local public key to the peer */
1567 if (p_cb->role == HCI_ROLE_SLAVE)
1568 smp_send_pair_public_key(p_cb, NULL);
1569
1570 smp_sm_event(p_cb, SMP_SC_DHKEY_CMPLT_EVT, NULL);
1571 }
1572
1573 /*******************************************************************************
1574 ** Function smp_start_secure_connection_phase1
1575 ** Description The function starts Secure Connection phase1 i.e. invokes initialization of Secure Connection
1576 ** phase 1 parameters and starts building/sending to the peer
1577 ** messages appropriate for the role and association model.
1578 *******************************************************************************/
smp_start_secure_connection_phase1(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1579 void smp_start_secure_connection_phase1(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1580 {
1581 SMP_TRACE_DEBUG("%s", __func__);
1582
1583 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)
1584 {
1585 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1586 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level );
1587 }
1588 else
1589 {
1590 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1591 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1592 }
1593
1594 switch(p_cb->selected_association_model)
1595 {
1596 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1597 case SMP_MODEL_SEC_CONN_NUM_COMP:
1598 memset(p_cb->local_random, 0, BT_OCTET16_LEN);
1599 smp_start_nonce_generation(p_cb);
1600 break;
1601 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1602 /* user has to provide passkey */
1603 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1604 smp_sm_event(p_cb, SMP_TK_REQ_EVT, NULL);
1605 break;
1606 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1607 /* passkey has to be provided to user */
1608 SMP_TRACE_DEBUG("Need to generate SC Passkey");
1609 smp_generate_passkey(p_cb, NULL);
1610 break;
1611 case SMP_MODEL_SEC_CONN_OOB:
1612 /* use the available OOB information */
1613 smp_process_secure_connection_oob_data(p_cb, NULL);
1614 break;
1615 default:
1616 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1617 p_cb->selected_association_model);
1618 break;
1619 }
1620 }
1621
1622 /*******************************************************************************
1623 ** Function smp_process_local_nonce
1624 ** Description The function processes new local nonce.
1625 **
1626 ** Note It is supposed to be called in SC phase1.
1627 *******************************************************************************/
smp_process_local_nonce(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1628 void smp_process_local_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1629 {
1630 SMP_TRACE_DEBUG("%s", __func__);
1631
1632 switch(p_cb->selected_association_model)
1633 {
1634 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1635 case SMP_MODEL_SEC_CONN_NUM_COMP:
1636 if (p_cb->role == HCI_ROLE_SLAVE)
1637 {
1638 /* slave calculates and sends local commitment */
1639 smp_calculate_local_commitment(p_cb);
1640 smp_send_commitment(p_cb, NULL);
1641 /* slave has to wait for peer nonce */
1642 smp_set_state(SMP_STATE_WAIT_NONCE);
1643 }
1644 else /* i.e. master */
1645 {
1646 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM)
1647 {
1648 /* slave commitment is already received, send local nonce, wait for remote nonce*/
1649 SMP_TRACE_DEBUG("master in assoc mode = %d \
1650 already rcvd slave commitment - race condition",
1651 p_cb->selected_association_model);
1652 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1653 smp_send_rand(p_cb, NULL);
1654 smp_set_state(SMP_STATE_WAIT_NONCE);
1655 }
1656 }
1657 break;
1658 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1659 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1660 smp_calculate_local_commitment(p_cb);
1661
1662 if (p_cb->role == HCI_ROLE_MASTER)
1663 {
1664 smp_send_commitment(p_cb, NULL);
1665 }
1666 else /* slave */
1667 {
1668 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM)
1669 {
1670 /* master commitment is already received */
1671 smp_send_commitment(p_cb, NULL);
1672 smp_set_state(SMP_STATE_WAIT_NONCE);
1673 }
1674 }
1675 break;
1676 case SMP_MODEL_SEC_CONN_OOB:
1677 if (p_cb->role == HCI_ROLE_MASTER)
1678 {
1679 smp_send_rand(p_cb, NULL);
1680 }
1681
1682 smp_set_state(SMP_STATE_WAIT_NONCE);
1683 break;
1684 default:
1685 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1686 p_cb->selected_association_model);
1687 break;
1688 }
1689 }
1690
1691 /*******************************************************************************
1692 ** Function smp_process_peer_nonce
1693 ** Description The function processes newly received and saved in CB peer nonce.
1694 ** The actions depend on the selected association model and the role.
1695 **
1696 ** Note It is supposed to be called in SC phase1.
1697 *******************************************************************************/
smp_process_peer_nonce(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1698 void smp_process_peer_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1699 {
1700 UINT8 reason;
1701
1702 SMP_TRACE_DEBUG("%s start ", __func__);
1703
1704 // PTS Testing failure modes
1705 if (p_cb->cert_failure == 1) {
1706 SMP_TRACE_ERROR("%s failure case = %d", __func__, p_cb->cert_failure);
1707 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1708 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1709 return;
1710 }
1711
1712 switch(p_cb->selected_association_model)
1713 {
1714 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1715 case SMP_MODEL_SEC_CONN_NUM_COMP:
1716 /* in these models only master receives commitment */
1717 if (p_cb->role == HCI_ROLE_MASTER)
1718 {
1719 if (!smp_check_commitment(p_cb))
1720 {
1721 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1722 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1723 break;
1724 }
1725 }
1726 else
1727 {
1728 /* slave sends local nonce */
1729 smp_send_rand(p_cb, NULL);
1730 }
1731
1732 if(p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)
1733 {
1734 /* go directly to phase 2 */
1735 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1736 }
1737 else /* numeric comparison */
1738 {
1739 smp_set_state(SMP_STATE_WAIT_NONCE);
1740 smp_sm_event(p_cb, SMP_SC_CALC_NC_EVT, NULL);
1741 }
1742 break;
1743 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1744 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1745 if (!smp_check_commitment(p_cb) && p_cb->cert_failure != 9)
1746 {
1747 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1748 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1749 break;
1750 }
1751
1752 if (p_cb->role == HCI_ROLE_SLAVE)
1753 {
1754 smp_send_rand(p_cb, NULL);
1755 }
1756
1757 if (++p_cb->round < 20)
1758 {
1759 smp_set_state(SMP_STATE_SEC_CONN_PHS1_START);
1760 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1761 smp_start_nonce_generation(p_cb);
1762 break;
1763 }
1764
1765 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1766 break;
1767 case SMP_MODEL_SEC_CONN_OOB:
1768 if (p_cb->role == HCI_ROLE_SLAVE)
1769 {
1770 smp_send_rand(p_cb, NULL);
1771 }
1772
1773 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1774 break;
1775 default:
1776 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1777 p_cb->selected_association_model);
1778 break;
1779 }
1780
1781 SMP_TRACE_DEBUG("%s end ",__FUNCTION__);
1782 }
1783
1784 /*******************************************************************************
1785 ** Function smp_match_dhkey_checks
1786 ** Description checks if the calculated peer DHKey Check value is the same as
1787 ** received from the peer DHKey check value.
1788 *******************************************************************************/
smp_match_dhkey_checks(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1789 void smp_match_dhkey_checks(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1790 {
1791 UINT8 reason = SMP_DHKEY_CHK_FAIL;
1792
1793 SMP_TRACE_DEBUG("%s", __func__);
1794
1795 if (memcmp(p_data->key.p_data, p_cb->remote_dhkey_check, BT_OCTET16_LEN))
1796 {
1797 SMP_TRACE_WARNING ("dhkey chcks do no match");
1798 p_cb->failure = reason;
1799 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1800 return;
1801 }
1802
1803 SMP_TRACE_EVENT ("dhkey chcks match");
1804
1805 /* compare the max encryption key size, and save the smaller one for the link */
1806 if (p_cb->peer_enc_size < p_cb->loc_enc_size)
1807 p_cb->loc_enc_size = p_cb->peer_enc_size;
1808
1809 if (p_cb->role == HCI_ROLE_SLAVE)
1810 {
1811 smp_sm_event(p_cb, SMP_PAIR_DHKEY_CHCK_EVT, NULL);
1812 }
1813 else
1814 {
1815 /* master device always use received i/r key as keys to distribute */
1816 p_cb->local_i_key = p_cb->peer_i_key;
1817 p_cb->local_r_key = p_cb->peer_r_key;
1818 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1819 }
1820 }
1821
1822 /*******************************************************************************
1823 ** Function smp_move_to_secure_connections_phase2
1824 ** Description Signal State Machine to start SC phase 2 initialization (to
1825 ** compute local DHKey Check value).
1826 **
1827 ** Note SM is supposed to be in the state SMP_STATE_SEC_CONN_PHS2_START.
1828 *******************************************************************************/
smp_move_to_secure_connections_phase2(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1829 void smp_move_to_secure_connections_phase2(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1830 {
1831 SMP_TRACE_DEBUG("%s",__func__);
1832 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1833 }
1834
1835 /*******************************************************************************
1836 ** Function smp_phase_2_dhkey_checks_are_present
1837 ** Description generates event if dhkey check from the peer is already received.
1838 **
1839 ** Note It is supposed to be used on slave to prevent race condition.
1840 ** It is supposed to be called after slave dhkey check is calculated.
1841 *******************************************************************************/
smp_phase_2_dhkey_checks_are_present(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1842 void smp_phase_2_dhkey_checks_are_present(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1843 {
1844 SMP_TRACE_DEBUG("%s",__func__);
1845
1846 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK)
1847 smp_sm_event(p_cb, SMP_SC_2_DHCK_CHKS_PRES_EVT, NULL);
1848 }
1849
1850 /*******************************************************************************
1851 ** Function smp_wait_for_both_public_keys
1852 ** Description generates SMP_BOTH_PUBL_KEYS_RCVD_EVT event when both local and master
1853 ** public keys are available.
1854 **
1855 ** Note on the slave it is used to prevent race condition.
1856 **
1857 *******************************************************************************/
smp_wait_for_both_public_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1858 void smp_wait_for_both_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1859 {
1860 SMP_TRACE_DEBUG("%s",__func__);
1861
1862 if ((p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY) &&
1863 (p_cb->flags & SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY))
1864 {
1865 if ((p_cb->role == HCI_ROLE_SLAVE) &&
1866 ((p_cb->req_oob_type == SMP_OOB_LOCAL) || (p_cb->req_oob_type == SMP_OOB_BOTH)))
1867 {
1868 smp_set_state(SMP_STATE_PUBLIC_KEY_EXCH);
1869 }
1870 smp_sm_event(p_cb, SMP_BOTH_PUBL_KEYS_RCVD_EVT, NULL);
1871 }
1872 }
1873
1874 /*******************************************************************************
1875 ** Function smp_start_passkey_verification
1876 ** Description Starts SC passkey entry verification.
1877 *******************************************************************************/
smp_start_passkey_verification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1878 void smp_start_passkey_verification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1879 {
1880 UINT8 *p = NULL;
1881
1882 SMP_TRACE_DEBUG("%s", __func__);
1883 p = p_cb->local_random;
1884 UINT32_TO_STREAM(p, p_data->passkey);
1885
1886 p = p_cb->peer_random;
1887 UINT32_TO_STREAM(p, p_data->passkey);
1888
1889 p_cb->round = 0;
1890 smp_start_nonce_generation(p_cb);
1891 }
1892
1893 /*******************************************************************************
1894 ** Function smp_process_secure_connection_oob_data
1895 ** Description Processes local/peer SC OOB data received from somewhere.
1896 *******************************************************************************/
smp_process_secure_connection_oob_data(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1897 void smp_process_secure_connection_oob_data(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1898 {
1899 SMP_TRACE_DEBUG("%s", __func__);
1900
1901 tSMP_SC_OOB_DATA *p_sc_oob_data = &p_cb->sc_oob_data;
1902 if (p_sc_oob_data->loc_oob_data.present)
1903 {
1904 memcpy(p_cb->local_random, p_sc_oob_data->loc_oob_data.randomizer,
1905 sizeof(p_cb->local_random));
1906 }
1907 else
1908 {
1909 SMP_TRACE_EVENT ("local OOB randomizer is absent");
1910 memset(p_cb->local_random, 0, sizeof (p_cb->local_random));
1911 }
1912
1913 if (!p_sc_oob_data->peer_oob_data.present)
1914 {
1915 SMP_TRACE_EVENT ("peer OOB data is absent");
1916 memset(p_cb->peer_random, 0, sizeof (p_cb->peer_random));
1917 }
1918 else
1919 {
1920 memcpy(p_cb->peer_random, p_sc_oob_data->peer_oob_data.randomizer,
1921 sizeof(p_cb->peer_random));
1922 memcpy(p_cb->remote_commitment, p_sc_oob_data->peer_oob_data.commitment,
1923 sizeof(p_cb->remote_commitment));
1924
1925 UINT8 reason = SMP_CONFIRM_VALUE_ERR;
1926 /* check commitment */
1927 if (!smp_check_commitment(p_cb))
1928 {
1929 p_cb->failure = reason;
1930 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1931 return;
1932 }
1933
1934 if (p_cb->peer_oob_flag != SMP_OOB_PRESENT)
1935 {
1936 /* the peer doesn't have local randomiser */
1937 SMP_TRACE_EVENT ("peer didn't receive local OOB data, set local randomizer to 0");
1938 memset(p_cb->local_random, 0, sizeof (p_cb->local_random));
1939 }
1940 }
1941
1942 print128(p_cb->local_random, (const UINT8 *)"local OOB randomizer");
1943 print128(p_cb->peer_random, (const UINT8 *)"peer OOB randomizer");
1944 smp_start_nonce_generation(p_cb);
1945 }
1946
1947 /*******************************************************************************
1948 ** Function smp_set_local_oob_keys
1949 ** Description Saves calculated private/public keys in sc_oob_data.loc_oob_data,
1950 ** starts nonce generation
1951 ** (to be saved in sc_oob_data.loc_oob_data.randomizer).
1952 *******************************************************************************/
smp_set_local_oob_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1953 void smp_set_local_oob_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1954 {
1955 SMP_TRACE_DEBUG("%s", __func__);
1956
1957 memcpy(p_cb->sc_oob_data.loc_oob_data.private_key_used, p_cb->private_key,
1958 BT_OCTET32_LEN);
1959 p_cb->sc_oob_data.loc_oob_data.publ_key_used = p_cb->loc_publ_key;
1960 smp_start_nonce_generation(p_cb);
1961 }
1962
1963 /*******************************************************************************
1964 ** Function smp_set_local_oob_random_commitment
1965 ** Description Saves calculated randomizer and commitment in sc_oob_data.loc_oob_data,
1966 ** passes sc_oob_data.loc_oob_data up for safekeeping.
1967 *******************************************************************************/
smp_set_local_oob_random_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1968 void smp_set_local_oob_random_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1969 {
1970 SMP_TRACE_DEBUG("%s", __func__);
1971 memcpy(p_cb->sc_oob_data.loc_oob_data.randomizer, p_cb->rand,
1972 BT_OCTET16_LEN);
1973
1974 smp_calculate_f4(p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1975 p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1976 p_cb->sc_oob_data.loc_oob_data.randomizer, 0,
1977 p_cb->sc_oob_data.loc_oob_data.commitment);
1978
1979 #if SMP_DEBUG == TRUE
1980 UINT8 *p_print = NULL;
1981 SMP_TRACE_DEBUG("local SC OOB data set:");
1982 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.addr_sent_to;
1983 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"addr_sent_to",
1984 sizeof(tBLE_BD_ADDR));
1985 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.private_key_used;
1986 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"private_key_used",
1987 BT_OCTET32_LEN);
1988 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.x;
1989 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.x",
1990 BT_OCTET32_LEN);
1991 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.y;
1992 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.y",
1993 BT_OCTET32_LEN);
1994 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.randomizer;
1995 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"randomizer",
1996 BT_OCTET16_LEN);
1997 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.commitment;
1998 smp_debug_print_nbyte_little_endian (p_print,(const UINT8 *) "commitment",
1999 BT_OCTET16_LEN);
2000 SMP_TRACE_DEBUG("");
2001 #endif
2002
2003 /* pass created OOB data up */
2004 p_cb->cb_evt = SMP_SC_LOC_OOB_DATA_UP_EVT;
2005 smp_send_app_cback(p_cb, NULL);
2006
2007 smp_cb_cleanup(p_cb);
2008 }
2009
2010 /*******************************************************************************
2011 **
2012 ** Function smp_link_encrypted
2013 **
2014 ** Description This function is called when link is encrypted and notified to
2015 ** slave device. Proceed to to send LTK, DIV and ER to master if
2016 ** bonding the devices.
2017 **
2018 **
2019 ** Returns void
2020 **
2021 *******************************************************************************/
smp_link_encrypted(BD_ADDR bda,UINT8 encr_enable)2022 void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable)
2023 {
2024 tSMP_CB *p_cb = &smp_cb;
2025
2026 SMP_TRACE_DEBUG("%s encr_enable=%d", __func__, encr_enable);
2027
2028 if (memcmp(&smp_cb.pairing_bda[0], bda, BD_ADDR_LEN) == 0)
2029 {
2030 /* encryption completed with STK, remmeber the key size now, could be overwite
2031 * when key exchange happens */
2032 if (p_cb->loc_enc_size != 0 && encr_enable)
2033 {
2034 /* update the link encryption key size if a SMP pairing just performed */
2035 btm_ble_update_sec_key_size(bda, p_cb->loc_enc_size);
2036 }
2037
2038 smp_sm_event(&smp_cb, SMP_ENCRYPTED_EVT, &encr_enable);
2039 }
2040 }
2041
2042 /*******************************************************************************
2043 **
2044 ** Function smp_proc_ltk_request
2045 **
2046 ** Description This function is called when LTK request is received from
2047 ** controller.
2048 **
2049 ** Returns void
2050 **
2051 *******************************************************************************/
smp_proc_ltk_request(BD_ADDR bda)2052 BOOLEAN smp_proc_ltk_request(BD_ADDR bda)
2053 {
2054 SMP_TRACE_DEBUG("%s state = %d", __func__, smp_cb.state);
2055 BOOLEAN match = FALSE;
2056
2057 if (!memcmp(bda, smp_cb.pairing_bda, BD_ADDR_LEN))
2058 {
2059 match = TRUE;
2060 } else {
2061 BD_ADDR dummy_bda = {0};
2062 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bda);
2063 if (p_dev_rec != NULL &&
2064 0 == memcmp(p_dev_rec->ble.pseudo_addr, smp_cb.pairing_bda, BD_ADDR_LEN) &&
2065 0 != memcmp(p_dev_rec->ble.pseudo_addr, dummy_bda, BD_ADDR_LEN))
2066 {
2067 match = TRUE;
2068 }
2069 }
2070
2071 if (match && smp_cb.state == SMP_STATE_ENCRYPTION_PENDING)
2072 {
2073 smp_sm_event(&smp_cb, SMP_ENC_REQ_EVT, NULL);
2074 return TRUE;
2075 }
2076
2077 return FALSE;
2078 }
2079
2080 /*******************************************************************************
2081 **
2082 ** Function smp_process_secure_connection_long_term_key
2083 **
2084 ** Description This function is called to process SC LTK.
2085 ** SC LTK is calculated and used instead of STK.
2086 ** Here SC LTK is saved in BLE DB.
2087 **
2088 ** Returns void
2089 **
2090 *******************************************************************************/
smp_process_secure_connection_long_term_key(void)2091 void smp_process_secure_connection_long_term_key(void)
2092 {
2093 tSMP_CB *p_cb = &smp_cb;
2094
2095 SMP_TRACE_DEBUG("%s", __func__);
2096 smp_save_secure_connections_long_term_key(p_cb);
2097
2098 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
2099 smp_key_distribution(p_cb, NULL);
2100 }
2101
2102 /*******************************************************************************
2103 **
2104 ** Function smp_set_derive_link_key
2105 **
2106 ** Description This function is called to set flag that indicates that
2107 ** BR/EDR LK has to be derived from LTK after all keys are
2108 ** distributed.
2109 **
2110 ** Returns void
2111 **
2112 *******************************************************************************/
smp_set_derive_link_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2113 void smp_set_derive_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2114 {
2115 SMP_TRACE_DEBUG ("%s", __func__);
2116 p_cb->derive_lk = TRUE;
2117 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_LK, FALSE);
2118 smp_key_distribution(p_cb, NULL);
2119 }
2120
2121 /*******************************************************************************
2122 **
2123 ** Function smp_derive_link_key_from_long_term_key
2124 **
2125 ** Description This function is called to derive BR/EDR LK from LTK.
2126 **
2127 ** Returns void
2128 **
2129 *******************************************************************************/
smp_derive_link_key_from_long_term_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2130 void smp_derive_link_key_from_long_term_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2131 {
2132 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
2133
2134 SMP_TRACE_DEBUG("%s", __func__);
2135 if (!smp_calculate_link_key_from_long_term_key(p_cb))
2136 {
2137 SMP_TRACE_ERROR("%s failed", __FUNCTION__);
2138 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
2139 return;
2140 }
2141 }
2142
2143 /*******************************************************************************
2144 **
2145 ** Function smp_br_process_link_key
2146 **
2147 ** Description This function is called to process BR/EDR LK:
2148 ** - to derive SMP LTK from BR/EDR LK;
2149 *8 - to save SMP LTK.
2150 **
2151 ** Returns void
2152 **
2153 *******************************************************************************/
smp_br_process_link_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2154 void smp_br_process_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2155 {
2156 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
2157
2158 SMP_TRACE_DEBUG("%s", __func__);
2159 if (!smp_calculate_long_term_key_from_link_key(p_cb))
2160 {
2161 SMP_TRACE_ERROR ("%s failed",__FUNCTION__);
2162 smp_sm_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &status);
2163 return;
2164 }
2165
2166 SMP_TRACE_DEBUG("%s: LTK derivation from LK successfully completed", __FUNCTION__);
2167 smp_save_secure_connections_long_term_key(p_cb);
2168 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
2169 smp_br_select_next_key(p_cb, NULL);
2170 }
2171
2172 /*******************************************************************************
2173 ** Function smp_key_distribution_by_transport
2174 ** Description depending on the transport used at the moment calls either
2175 ** smp_key_distribution(...) or smp_br_key_distribution(...).
2176 *******************************************************************************/
smp_key_distribution_by_transport(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2177 void smp_key_distribution_by_transport(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2178 {
2179 SMP_TRACE_DEBUG("%s", __func__);
2180 if (p_cb->smp_over_br)
2181 {
2182 smp_br_select_next_key(p_cb, NULL);
2183 }
2184 else
2185 {
2186 smp_key_distribution(p_cb, NULL);
2187 }
2188 }
2189
2190 /*******************************************************************************
2191 ** Function smp_br_pairing_complete
2192 ** Description This function is called to send the pairing complete callback
2193 ** and remove the connection if needed.
2194 *******************************************************************************/
smp_br_pairing_complete(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2195 void smp_br_pairing_complete(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2196 {
2197 SMP_TRACE_DEBUG("%s", __func__);
2198
2199 if (p_cb->total_tx_unacked == 0)
2200 {
2201 /* process the pairing complete */
2202 smp_proc_pairing_cmpl(p_cb);
2203 }
2204 }
2205
2206 #endif
2207