1 /******************************************************************************
2 *
3 * Copyright (C) 2003-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 #include <log/log.h>
20 #include <string.h>
21 #include "btif_common.h"
22 #include "device/include/interop.h"
23 #include "include/bt_target.h"
24 #include "stack/btm/btm_int.h"
25 #include "stack/include/l2c_api.h"
26 #include "stack/smp/p_256_ecc_pp.h"
27 #include "stack/smp/smp_int.h"
28 #include "utils/include/bt_utils.h"
29
30 #define SMP_KEY_DIST_TYPE_MAX 4
31
32 const tSMP_ACT smp_distribute_act[] = {smp_generate_ltk, smp_send_id_info,
33 smp_generate_csrk,
34 smp_set_derive_link_key};
35
lmp_version_below(const RawAddress & bda,uint8_t version)36 static bool lmp_version_below(const RawAddress& bda, uint8_t version) {
37 tACL_CONN* acl = btm_bda_to_acl(bda, BT_TRANSPORT_LE);
38 if (acl == NULL || acl->lmp_version == 0) {
39 SMP_TRACE_WARNING("%s cannot retrieve LMP version...", __func__);
40 return false;
41 }
42 SMP_TRACE_WARNING("%s LMP version %d < %d", __func__, acl->lmp_version,
43 version);
44 return acl->lmp_version < version;
45 }
46
pts_test_send_authentication_complete_failure(tSMP_CB * p_cb)47 static bool pts_test_send_authentication_complete_failure(tSMP_CB* p_cb) {
48 uint8_t reason = p_cb->cert_failure;
49 if (reason == SMP_PAIR_AUTH_FAIL || reason == SMP_PAIR_FAIL_UNKNOWN ||
50 reason == SMP_PAIR_NOT_SUPPORT || reason == SMP_PASSKEY_ENTRY_FAIL ||
51 reason == SMP_REPEATED_ATTEMPTS) {
52 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
53 return true;
54 }
55 return false;
56 }
57
58 /*******************************************************************************
59 * Function smp_update_key_mask
60 * Description This function updates the key mask for sending or receiving.
61 ******************************************************************************/
smp_update_key_mask(tSMP_CB * p_cb,uint8_t key_type,bool recv)62 static void smp_update_key_mask(tSMP_CB* p_cb, uint8_t key_type, bool recv) {
63 SMP_TRACE_DEBUG(
64 "%s before update role=%d recv=%d local_i_key = %02x, local_r_key = %02x",
65 __func__, p_cb->role, recv, p_cb->local_i_key, p_cb->local_r_key);
66
67 if (((p_cb->le_secure_connections_mode_is_used) || (p_cb->smp_over_br)) &&
68 ((key_type == SMP_SEC_KEY_TYPE_ENC) ||
69 (key_type == SMP_SEC_KEY_TYPE_LK))) {
70 /* in LE SC mode LTK, CSRK and BR/EDR LK are derived locally instead of
71 ** being exchanged with the peer */
72 p_cb->local_i_key &= ~key_type;
73 p_cb->local_r_key &= ~key_type;
74 } else if (p_cb->role == HCI_ROLE_SLAVE) {
75 if (recv)
76 p_cb->local_i_key &= ~key_type;
77 else
78 p_cb->local_r_key &= ~key_type;
79 } else {
80 if (recv)
81 p_cb->local_r_key &= ~key_type;
82 else
83 p_cb->local_i_key &= ~key_type;
84 }
85
86 SMP_TRACE_DEBUG("updated local_i_key = %02x, local_r_key = %02x",
87 p_cb->local_i_key, p_cb->local_r_key);
88 }
89
90 /*******************************************************************************
91 * Function smp_send_app_cback
92 * Description notifies application about the events the application is
93 * interested in
94 ******************************************************************************/
smp_send_app_cback(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)95 void smp_send_app_cback(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
96 tSMP_EVT_DATA cb_data;
97 tSMP_STATUS callback_rc;
98 SMP_TRACE_DEBUG("%s p_cb->cb_evt=%d", __func__, p_cb->cb_evt);
99 if (p_cb->p_callback && p_cb->cb_evt != 0) {
100 switch (p_cb->cb_evt) {
101 case SMP_IO_CAP_REQ_EVT:
102 cb_data.io_req.auth_req = p_cb->peer_auth_req;
103 cb_data.io_req.oob_data = SMP_OOB_NONE;
104 cb_data.io_req.io_cap = SMP_DEFAULT_IO_CAPS;
105 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
106 cb_data.io_req.init_keys = p_cb->local_i_key;
107 cb_data.io_req.resp_keys = p_cb->local_r_key;
108 SMP_TRACE_WARNING("io_cap = %d", cb_data.io_req.io_cap);
109 break;
110
111 case SMP_NC_REQ_EVT:
112 cb_data.passkey = p_data->passkey;
113 break;
114 case SMP_SC_OOB_REQ_EVT:
115 cb_data.req_oob_type = p_data->req_oob_type;
116 break;
117 case SMP_SC_LOC_OOB_DATA_UP_EVT:
118 cb_data.loc_oob_data = p_cb->sc_oob_data.loc_oob_data;
119 break;
120
121 case SMP_BR_KEYS_REQ_EVT:
122 cb_data.io_req.auth_req = 0;
123 cb_data.io_req.oob_data = SMP_OOB_NONE;
124 cb_data.io_req.io_cap = 0;
125 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
126 cb_data.io_req.init_keys = SMP_BR_SEC_DEFAULT_KEY;
127 cb_data.io_req.resp_keys = SMP_BR_SEC_DEFAULT_KEY;
128 break;
129
130 default:
131 break;
132 }
133
134 callback_rc =
135 (*p_cb->p_callback)(p_cb->cb_evt, p_cb->pairing_bda, &cb_data);
136
137 SMP_TRACE_DEBUG("%s: callback_rc=%d p_cb->cb_evt=%d", __func__,
138 callback_rc, p_cb->cb_evt);
139
140 if (callback_rc == SMP_SUCCESS) {
141 switch (p_cb->cb_evt) {
142 case SMP_IO_CAP_REQ_EVT:
143 p_cb->loc_auth_req = cb_data.io_req.auth_req;
144 p_cb->local_io_capability = cb_data.io_req.io_cap;
145 p_cb->loc_oob_flag = cb_data.io_req.oob_data;
146 p_cb->loc_enc_size = cb_data.io_req.max_key_size;
147 p_cb->local_i_key = cb_data.io_req.init_keys;
148 p_cb->local_r_key = cb_data.io_req.resp_keys;
149
150 if (!(p_cb->loc_auth_req & SMP_AUTH_BOND)) {
151 SMP_TRACE_WARNING("Non bonding: No keys will be exchanged");
152 p_cb->local_i_key = 0;
153 p_cb->local_r_key = 0;
154 }
155
156 SMP_TRACE_WARNING(
157 "rcvd auth_req: 0x%02x, io_cap: %d "
158 "loc_oob_flag: %d loc_enc_size: %d, "
159 "local_i_key: 0x%02x, local_r_key: 0x%02x",
160 p_cb->loc_auth_req, p_cb->local_io_capability, p_cb->loc_oob_flag,
161 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key);
162
163 p_cb->secure_connections_only_mode_required =
164 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? true : false;
165
166 if (p_cb->secure_connections_only_mode_required) {
167 p_cb->loc_auth_req |= SMP_SC_SUPPORT_BIT;
168 }
169
170 if (!(p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT) ||
171 lmp_version_below(p_cb->pairing_bda, HCI_PROTO_VERSION_4_2) ||
172 interop_match_addr(INTEROP_DISABLE_LE_SECURE_CONNECTIONS,
173 (const RawAddress*)&p_cb->pairing_bda)) {
174 p_cb->loc_auth_req &= ~SMP_KP_SUPPORT_BIT;
175 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
176 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
177 }
178
179 if (lmp_version_below(p_cb->pairing_bda, HCI_PROTO_VERSION_5_0)) {
180 p_cb->loc_auth_req &= ~SMP_H7_SUPPORT_BIT;
181 }
182
183 SMP_TRACE_WARNING(
184 "set auth_req: 0x%02x, local_i_key: 0x%02x, local_r_key: 0x%02x",
185 p_cb->loc_auth_req, p_cb->local_i_key, p_cb->local_r_key);
186
187 smp_sm_event(p_cb, SMP_IO_RSP_EVT, NULL);
188 break;
189
190 case SMP_BR_KEYS_REQ_EVT:
191 p_cb->loc_enc_size = cb_data.io_req.max_key_size;
192 p_cb->local_i_key = cb_data.io_req.init_keys;
193 p_cb->local_r_key = cb_data.io_req.resp_keys;
194 p_cb->loc_auth_req |= SMP_H7_SUPPORT_BIT;
195
196 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
197 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
198
199 SMP_TRACE_WARNING(
200 "for SMP over BR max_key_size: 0x%02x, local_i_key: 0x%02x, "
201 "local_r_key: 0x%02x, p_cb->loc_auth_req: 0x%02x",
202 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key,
203 p_cb->loc_auth_req);
204
205 smp_br_state_machine_event(p_cb, SMP_BR_KEYS_RSP_EVT, NULL);
206 break;
207 }
208 }
209 }
210
211 if (!p_cb->cb_evt && p_cb->discard_sec_req) {
212 p_cb->discard_sec_req = false;
213 smp_sm_event(p_cb, SMP_DISCARD_SEC_REQ_EVT, NULL);
214 }
215
216 SMP_TRACE_DEBUG("%s: return", __func__);
217 }
218
219 /*******************************************************************************
220 * Function smp_send_pair_fail
221 * Description pairing failure to peer device if needed.
222 ******************************************************************************/
smp_send_pair_fail(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)223 void smp_send_pair_fail(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
224 p_cb->status = *(uint8_t*)p_data;
225 p_cb->failure = *(uint8_t*)p_data;
226
227 SMP_TRACE_DEBUG("%s: status=%d failure=%d ", __func__, p_cb->status,
228 p_cb->failure);
229
230 if (p_cb->status <= SMP_MAX_FAIL_RSN_PER_SPEC &&
231 p_cb->status != SMP_SUCCESS) {
232 smp_send_cmd(SMP_OPCODE_PAIRING_FAILED, p_cb);
233 p_cb->wait_for_authorization_complete = true;
234 }
235 }
236
237 /*******************************************************************************
238 * Function smp_send_pair_req
239 * Description actions related to sending pairing request
240 ******************************************************************************/
smp_send_pair_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)241 void smp_send_pair_req(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
242 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(p_cb->pairing_bda);
243 SMP_TRACE_DEBUG("%s", __func__);
244
245 /* erase all keys when master sends pairing req*/
246 if (p_dev_rec) btm_sec_clear_ble_keys(p_dev_rec);
247 /* do not manipulate the key, let app decide,
248 leave out to BTM to mandate key distribution for bonding case */
249 smp_send_cmd(SMP_OPCODE_PAIRING_REQ, p_cb);
250 }
251
252 /*******************************************************************************
253 * Function smp_send_pair_rsp
254 * Description actions related to sending pairing response
255 ******************************************************************************/
smp_send_pair_rsp(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)256 void smp_send_pair_rsp(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
257 SMP_TRACE_DEBUG("%s", __func__);
258
259 p_cb->local_i_key &= p_cb->peer_i_key;
260 p_cb->local_r_key &= p_cb->peer_r_key;
261
262 if (smp_send_cmd(SMP_OPCODE_PAIRING_RSP, p_cb)) {
263 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
264 smp_use_oob_private_key(p_cb, NULL);
265 else
266 smp_decide_association_model(p_cb, NULL);
267 }
268 }
269
270 /*******************************************************************************
271 * Function smp_send_confirm
272 * Description send confirmation to the peer
273 ******************************************************************************/
smp_send_confirm(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)274 void smp_send_confirm(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
275 SMP_TRACE_DEBUG("%s", __func__);
276 smp_send_cmd(SMP_OPCODE_CONFIRM, p_cb);
277 }
278
279 /*******************************************************************************
280 * Function smp_send_init
281 * Description process pairing initializer to slave device
282 ******************************************************************************/
smp_send_init(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)283 void smp_send_init(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
284 SMP_TRACE_DEBUG("%s", __func__);
285 smp_send_cmd(SMP_OPCODE_INIT, p_cb);
286 }
287
288 /*******************************************************************************
289 * Function smp_send_rand
290 * Description send pairing random to the peer
291 ******************************************************************************/
smp_send_rand(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)292 void smp_send_rand(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
293 SMP_TRACE_DEBUG("%s", __func__);
294 smp_send_cmd(SMP_OPCODE_RAND, p_cb);
295 }
296
297 /*******************************************************************************
298 * Function smp_send_pair_public_key
299 * Description send pairing public key command to the peer
300 ******************************************************************************/
smp_send_pair_public_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)301 void smp_send_pair_public_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
302 SMP_TRACE_DEBUG("%s", __func__);
303 smp_send_cmd(SMP_OPCODE_PAIR_PUBLIC_KEY, p_cb);
304 }
305
306 /*******************************************************************************
307 * Function SMP_SEND_COMMITMENT
308 * Description send commitment command to the peer
309 ******************************************************************************/
smp_send_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)310 void smp_send_commitment(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
311 SMP_TRACE_DEBUG("%s", __func__);
312 smp_send_cmd(SMP_OPCODE_PAIR_COMMITM, p_cb);
313 }
314
315 /*******************************************************************************
316 * Function smp_send_dhkey_check
317 * Description send DHKey Check command to the peer
318 ******************************************************************************/
smp_send_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)319 void smp_send_dhkey_check(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
320 SMP_TRACE_DEBUG("%s", __func__);
321 smp_send_cmd(SMP_OPCODE_PAIR_DHKEY_CHECK, p_cb);
322 }
323
324 /*******************************************************************************
325 * Function smp_send_keypress_notification
326 * Description send Keypress Notification command to the peer
327 ******************************************************************************/
smp_send_keypress_notification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)328 void smp_send_keypress_notification(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
329 p_cb->local_keypress_notification = *(uint8_t*)p_data;
330 smp_send_cmd(SMP_OPCODE_PAIR_KEYPR_NOTIF, p_cb);
331 }
332
333 /*******************************************************************************
334 * Function smp_send_enc_info
335 * Description send encryption information command.
336 ******************************************************************************/
smp_send_enc_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)337 void smp_send_enc_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
338 tBTM_LE_KEY_VALUE le_key;
339
340 SMP_TRACE_DEBUG("%s: p_cb->loc_enc_size = %d", __func__, p_cb->loc_enc_size);
341 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ENC, false);
342
343 smp_send_cmd(SMP_OPCODE_ENCRYPT_INFO, p_cb);
344 smp_send_cmd(SMP_OPCODE_MASTER_ID, p_cb);
345
346 /* save the DIV and key size information when acting as slave device */
347 memcpy(le_key.lenc_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
348 le_key.lenc_key.div = p_cb->div;
349 le_key.lenc_key.key_size = p_cb->loc_enc_size;
350 le_key.lenc_key.sec_level = p_cb->sec_level;
351
352 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) &&
353 (p_cb->loc_auth_req & SMP_AUTH_BOND))
354 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LENC, &le_key, true);
355
356 SMP_TRACE_WARNING("%s", __func__);
357
358 smp_key_distribution(p_cb, NULL);
359 }
360
361 /*******************************************************************************
362 * Function smp_send_id_info
363 * Description send ID information command.
364 ******************************************************************************/
smp_send_id_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)365 void smp_send_id_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
366 tBTM_LE_KEY_VALUE le_key;
367 SMP_TRACE_DEBUG("%s", __func__);
368 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ID, false);
369
370 smp_send_cmd(SMP_OPCODE_IDENTITY_INFO, p_cb);
371 smp_send_cmd(SMP_OPCODE_ID_ADDR, p_cb);
372
373 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) &&
374 (p_cb->loc_auth_req & SMP_AUTH_BOND))
375 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LID, &le_key, true);
376
377 SMP_TRACE_WARNING("%s", __func__);
378 smp_key_distribution_by_transport(p_cb, NULL);
379 }
380
381 /*******************************************************************************
382 * Function smp_send_csrk_info
383 * Description send CSRK command.
384 ******************************************************************************/
smp_send_csrk_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)385 void smp_send_csrk_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
386 tBTM_LE_KEY_VALUE key;
387 SMP_TRACE_DEBUG("%s", __func__);
388 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_CSRK, false);
389
390 if (smp_send_cmd(SMP_OPCODE_SIGN_INFO, p_cb)) {
391 key.lcsrk_key.div = p_cb->div;
392 key.lcsrk_key.sec_level = p_cb->sec_level;
393 key.lcsrk_key.counter = 0; /* initialize the local counter */
394 memcpy(key.lcsrk_key.csrk, p_cb->csrk, BT_OCTET16_LEN);
395 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LCSRK, &key, true);
396 }
397
398 smp_key_distribution_by_transport(p_cb, NULL);
399 }
400
401 /*******************************************************************************
402 * Function smp_send_ltk_reply
403 * Description send LTK reply
404 ******************************************************************************/
smp_send_ltk_reply(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)405 void smp_send_ltk_reply(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
406 SMP_TRACE_DEBUG("%s", __func__);
407 /* send stk as LTK response */
408 btm_ble_ltk_request_reply(p_cb->pairing_bda, true, p_data->key.p_data);
409 }
410
411 /*******************************************************************************
412 * Function smp_proc_sec_req
413 * Description process security request.
414 ******************************************************************************/
smp_proc_sec_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)415 void smp_proc_sec_req(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
416 tBTM_LE_AUTH_REQ auth_req = *(tBTM_LE_AUTH_REQ*)p_data;
417 tBTM_BLE_SEC_REQ_ACT sec_req_act;
418 uint8_t reason;
419
420 SMP_TRACE_DEBUG("%s: auth_req=0x%x", __func__, auth_req);
421
422 p_cb->cb_evt = 0;
423
424 btm_ble_link_sec_check(p_cb->pairing_bda, auth_req, &sec_req_act);
425
426 SMP_TRACE_DEBUG("%s: sec_req_act=0x%x", __func__, sec_req_act);
427
428 switch (sec_req_act) {
429 case BTM_BLE_SEC_REQ_ACT_ENCRYPT:
430 SMP_TRACE_DEBUG("%s: BTM_BLE_SEC_REQ_ACT_ENCRYPT", __func__);
431 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
432 break;
433
434 case BTM_BLE_SEC_REQ_ACT_PAIR:
435 p_cb->secure_connections_only_mode_required =
436 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? true : false;
437
438 /* respond to non SC pairing request as failure in SC only mode */
439 if (p_cb->secure_connections_only_mode_required &&
440 (auth_req & SMP_SC_SUPPORT_BIT) == 0) {
441 reason = SMP_PAIR_AUTH_FAIL;
442 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
443 } else {
444 /* initialize local i/r key to be default keys */
445 p_cb->peer_auth_req = auth_req;
446 p_cb->local_r_key = p_cb->local_i_key = SMP_SEC_DEFAULT_KEY;
447 p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
448 }
449 break;
450
451 case BTM_BLE_SEC_REQ_ACT_DISCARD:
452 p_cb->discard_sec_req = true;
453 break;
454
455 default:
456 /* do nothing */
457 break;
458 }
459 }
460
461 /*******************************************************************************
462 * Function smp_proc_sec_grant
463 * Description process security grant.
464 ******************************************************************************/
smp_proc_sec_grant(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)465 void smp_proc_sec_grant(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
466 uint8_t res = *(uint8_t*)p_data;
467 SMP_TRACE_DEBUG("%s", __func__);
468 if (res != SMP_SUCCESS) {
469 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, p_data);
470 } else /*otherwise, start pairing */
471 {
472 /* send IO request callback */
473 p_cb->cb_evt = SMP_IO_CAP_REQ_EVT;
474 }
475 }
476
477 /*******************************************************************************
478 * Function smp_proc_pair_fail
479 * Description process pairing failure from peer device
480 ******************************************************************************/
smp_proc_pair_fail(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)481 void smp_proc_pair_fail(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
482 SMP_TRACE_DEBUG("%s", __func__);
483 p_cb->status = *(uint8_t*)p_data;
484
485 /* Cancel pending auth complete timer if set */
486 alarm_cancel(p_cb->delayed_auth_timer_ent);
487 }
488
489 /*******************************************************************************
490 * Function smp_proc_pair_cmd
491 * Description Process the SMP pairing request/response from peer device
492 ******************************************************************************/
smp_proc_pair_cmd(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)493 void smp_proc_pair_cmd(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
494 uint8_t* p = (uint8_t*)p_data;
495 uint8_t reason = SMP_ENC_KEY_SIZE;
496 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(p_cb->pairing_bda);
497
498 SMP_TRACE_DEBUG("%s", __func__);
499 /* erase all keys if it is slave proc pairing req */
500 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
501 btm_sec_clear_ble_keys(p_dev_rec);
502
503 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
504
505 STREAM_TO_UINT8(p_cb->peer_io_caps, p);
506 STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
507 STREAM_TO_UINT8(p_cb->peer_auth_req, p);
508 STREAM_TO_UINT8(p_cb->peer_enc_size, p);
509 STREAM_TO_UINT8(p_cb->peer_i_key, p);
510 STREAM_TO_UINT8(p_cb->peer_r_key, p);
511
512 if (smp_command_has_invalid_parameters(p_cb)) {
513 reason = SMP_INVALID_PARAMETERS;
514 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
515 return;
516 }
517
518 // PTS Testing failure modes
519 if (pts_test_send_authentication_complete_failure(p_cb)) return;
520
521 if (p_cb->role == HCI_ROLE_SLAVE) {
522 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)) {
523 /* peer (master) started pairing sending Pairing Request */
524 p_cb->local_i_key = p_cb->peer_i_key;
525 p_cb->local_r_key = p_cb->peer_r_key;
526
527 p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
528 } else /* update local i/r key according to pairing request */
529 {
530 /* pairing started with this side (slave) sending Security Request */
531 p_cb->local_i_key &= p_cb->peer_i_key;
532 p_cb->local_r_key &= p_cb->peer_r_key;
533 p_cb->selected_association_model = smp_select_association_model(p_cb);
534
535 if (p_cb->secure_connections_only_mode_required &&
536 (!(p_cb->le_secure_connections_mode_is_used) ||
537 (p_cb->selected_association_model ==
538 SMP_MODEL_SEC_CONN_JUSTWORKS))) {
539 SMP_TRACE_ERROR(
540 "%s: pairing failed - slave requires secure connection only mode",
541 __func__);
542 reason = SMP_PAIR_AUTH_FAIL;
543 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
544 return;
545 }
546
547 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) {
548 if (smp_request_oob_data(p_cb)) return;
549 } else {
550 smp_send_pair_rsp(p_cb, NULL);
551 }
552 }
553 } else /* Master receives pairing response */
554 {
555 p_cb->selected_association_model = smp_select_association_model(p_cb);
556
557 if (p_cb->secure_connections_only_mode_required &&
558 (!(p_cb->le_secure_connections_mode_is_used) ||
559 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS))) {
560 SMP_TRACE_ERROR(
561 "Master requires secure connection only mode "
562 "but it can't be provided -> Master fails pairing");
563 reason = SMP_PAIR_AUTH_FAIL;
564 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
565 return;
566 }
567
568 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) {
569 if (smp_request_oob_data(p_cb)) return;
570 } else {
571 smp_decide_association_model(p_cb, NULL);
572 }
573 }
574 }
575
576 /*******************************************************************************
577 * Function smp_proc_confirm
578 * Description process pairing confirm from peer device
579 ******************************************************************************/
smp_proc_confirm(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)580 void smp_proc_confirm(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
581 uint8_t* p = (uint8_t*)p_data;
582 uint8_t reason = SMP_INVALID_PARAMETERS;
583
584 SMP_TRACE_DEBUG("%s", __func__);
585
586 if (smp_command_has_invalid_parameters(p_cb)) {
587 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
588 return;
589 }
590
591 if (p != NULL) {
592 /* save the SConfirm for comparison later */
593 STREAM_TO_ARRAY(p_cb->rconfirm, p, BT_OCTET16_LEN);
594 }
595
596 p_cb->flags |= SMP_PAIR_FLAGS_CMD_CONFIRM;
597 }
598
599 /*******************************************************************************
600 * Function smp_proc_init
601 * Description process pairing initializer from peer device
602 ******************************************************************************/
smp_proc_init(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)603 void smp_proc_init(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
604 uint8_t* p = (uint8_t*)p_data;
605 uint8_t reason = SMP_INVALID_PARAMETERS;
606
607 SMP_TRACE_DEBUG("%s", __func__);
608
609 if (smp_command_has_invalid_parameters(p_cb)) {
610 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
611 return;
612 }
613
614 /* save the SRand for comparison */
615 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
616 }
617
618 /*******************************************************************************
619 * Function smp_proc_rand
620 * Description process pairing random (nonce) from peer device
621 ******************************************************************************/
smp_proc_rand(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)622 void smp_proc_rand(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
623 uint8_t* p = (uint8_t*)p_data;
624 uint8_t reason = SMP_INVALID_PARAMETERS;
625
626 SMP_TRACE_DEBUG("%s", __func__);
627
628 if (smp_command_has_invalid_parameters(p_cb)) {
629 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
630 return;
631 }
632
633 /* save the SRand for comparison */
634 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
635 }
636
637 /*******************************************************************************
638 * Function smp_process_pairing_public_key
639 * Description process pairing public key command from the peer device
640 * - saves the peer public key;
641 * - sets the flag indicating that the peer public key is received;
642 * - calls smp_wait_for_both_public_keys(...).
643 *
644 ******************************************************************************/
smp_process_pairing_public_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)645 void smp_process_pairing_public_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
646 uint8_t* p = (uint8_t*)p_data;
647 uint8_t reason = SMP_INVALID_PARAMETERS;
648
649 SMP_TRACE_DEBUG("%s", __func__);
650
651 if (smp_command_has_invalid_parameters(p_cb)) {
652 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
653 return;
654 }
655
656 STREAM_TO_ARRAY(p_cb->peer_publ_key.x, p, BT_OCTET32_LEN);
657 STREAM_TO_ARRAY(p_cb->peer_publ_key.y, p, BT_OCTET32_LEN);
658
659 Point pt;
660 memcpy(pt.x, p_cb->peer_publ_key.x, BT_OCTET32_LEN);
661 memcpy(pt.y, p_cb->peer_publ_key.y, BT_OCTET32_LEN);
662
663 if (!ECC_ValidatePoint(pt)) {
664 android_errorWriteLog(0x534e4554, "72377774");
665 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
666 return;
667 }
668
669 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY;
670
671 smp_wait_for_both_public_keys(p_cb, NULL);
672 }
673
674 /*******************************************************************************
675 * Function smp_process_pairing_commitment
676 * Description process pairing commitment from peer device
677 ******************************************************************************/
smp_process_pairing_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)678 void smp_process_pairing_commitment(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
679 uint8_t* p = (uint8_t*)p_data;
680 uint8_t reason = SMP_INVALID_PARAMETERS;
681
682 SMP_TRACE_DEBUG("%s", __func__);
683
684 if (smp_command_has_invalid_parameters(p_cb)) {
685 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
686 return;
687 }
688
689 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_COMM;
690
691 if (p != NULL) {
692 STREAM_TO_ARRAY(p_cb->remote_commitment, p, BT_OCTET16_LEN);
693 }
694 }
695
696 /*******************************************************************************
697 * Function smp_process_dhkey_check
698 * Description process DHKey Check from peer device
699 ******************************************************************************/
smp_process_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)700 void smp_process_dhkey_check(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
701 uint8_t* p = (uint8_t*)p_data;
702 uint8_t reason = SMP_INVALID_PARAMETERS;
703
704 SMP_TRACE_DEBUG("%s", __func__);
705
706 if (smp_command_has_invalid_parameters(p_cb)) {
707 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
708 return;
709 }
710
711 if (p != NULL) {
712 STREAM_TO_ARRAY(p_cb->remote_dhkey_check, p, BT_OCTET16_LEN);
713 }
714
715 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK;
716 }
717
718 /*******************************************************************************
719 * Function smp_process_keypress_notification
720 * Description process pairing keypress notification from peer device
721 ******************************************************************************/
smp_process_keypress_notification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)722 void smp_process_keypress_notification(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
723 uint8_t* p = (uint8_t*)p_data;
724 uint8_t reason = SMP_INVALID_PARAMETERS;
725
726 SMP_TRACE_DEBUG("%s", __func__);
727
728 if (smp_command_has_invalid_parameters(p_cb)) {
729 if (p_cb->rcvd_cmd_len < 2) { // 1 (opcode) + 1 (Notif Type) bytes
730 android_errorWriteLog(0x534e4554, "111936834");
731 }
732 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
733 return;
734 }
735
736 p_cb->status = *(uint8_t*)p_data;
737
738 if (p != NULL) {
739 STREAM_TO_UINT8(p_cb->peer_keypress_notification, p);
740 } else {
741 p_cb->peer_keypress_notification = BTM_SP_KEY_OUT_OF_RANGE;
742 }
743 p_cb->cb_evt = SMP_PEER_KEYPR_NOT_EVT;
744 }
745
746 /*******************************************************************************
747 * Function smp_br_process_pairing_command
748 * Description Process the SMP pairing request/response from peer device via
749 * BR/EDR transport.
750 ******************************************************************************/
smp_br_process_pairing_command(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)751 void smp_br_process_pairing_command(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
752 uint8_t* p = (uint8_t*)p_data;
753 uint8_t reason = SMP_ENC_KEY_SIZE;
754 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(p_cb->pairing_bda);
755
756 SMP_TRACE_DEBUG("%s", __func__);
757 /* rejecting BR pairing request over non-SC BR link */
758 if (!p_dev_rec->new_encryption_key_is_p256 && p_cb->role == HCI_ROLE_SLAVE) {
759 reason = SMP_XTRANS_DERIVE_NOT_ALLOW;
760 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
761 return;
762 }
763
764 /* erase all keys if it is slave proc pairing req*/
765 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
766 btm_sec_clear_ble_keys(p_dev_rec);
767
768 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
769
770 STREAM_TO_UINT8(p_cb->peer_io_caps, p);
771 STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
772 STREAM_TO_UINT8(p_cb->peer_auth_req, p);
773 STREAM_TO_UINT8(p_cb->peer_enc_size, p);
774 STREAM_TO_UINT8(p_cb->peer_i_key, p);
775 STREAM_TO_UINT8(p_cb->peer_r_key, p);
776
777 if (smp_command_has_invalid_parameters(p_cb)) {
778 reason = SMP_INVALID_PARAMETERS;
779 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
780 return;
781 }
782
783 /* peer (master) started pairing sending Pairing Request */
784 /* or being master device always use received i/r key as keys to distribute */
785 p_cb->local_i_key = p_cb->peer_i_key;
786 p_cb->local_r_key = p_cb->peer_r_key;
787
788 if (p_cb->role == HCI_ROLE_SLAVE) {
789 p_dev_rec->new_encryption_key_is_p256 = false;
790 /* shortcut to skip Security Grant step */
791 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
792 } else {
793 /* Master receives pairing response */
794 SMP_TRACE_DEBUG(
795 "%s master rcvs valid PAIRING RESPONSE."
796 " Supposed to move to key distribution phase. ",
797 __func__);
798 }
799
800 /* auth_req received via BR/EDR SM channel is set to 0,
801 but everything derived/exchanged has to be saved */
802 p_cb->peer_auth_req |= SMP_AUTH_BOND;
803 p_cb->loc_auth_req |= SMP_AUTH_BOND;
804 }
805
806 /*******************************************************************************
807 * Function smp_br_process_security_grant
808 * Description process security grant in case of pairing over BR/EDR transport.
809 ******************************************************************************/
smp_br_process_security_grant(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)810 void smp_br_process_security_grant(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
811 uint8_t res = *(uint8_t*)p_data;
812 SMP_TRACE_DEBUG("%s", __func__);
813 if (res != SMP_SUCCESS) {
814 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, p_data);
815 } else {
816 /* otherwise, start pairing; send IO request callback */
817 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
818 }
819 }
820
821 /*******************************************************************************
822 * Function smp_br_check_authorization_request
823 * Description sets the SMP kes to be derived/distribute over BR/EDR transport
824 * before starting the distribution/derivation
825 ******************************************************************************/
smp_br_check_authorization_request(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)826 void smp_br_check_authorization_request(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
827 uint8_t reason = SMP_SUCCESS;
828
829 SMP_TRACE_DEBUG("%s rcvs i_keys=0x%x r_keys=0x%x (i-initiator r-responder)",
830 __func__, p_cb->local_i_key, p_cb->local_r_key);
831
832 /* In LE SC mode LK field is ignored when BR/EDR transport is used */
833 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
834 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
835
836 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
837 ** Set local_r_key on master to expect only these keys. */
838 if (p_cb->role == HCI_ROLE_MASTER) {
839 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
840 }
841
842 /* Check if H7 function needs to be used for key derivation*/
843 if ((p_cb->loc_auth_req & SMP_H7_SUPPORT_BIT) &&
844 (p_cb->peer_auth_req & SMP_H7_SUPPORT_BIT)) {
845 p_cb->key_derivation_h7_used = TRUE;
846 }
847 SMP_TRACE_DEBUG("%s: use h7 = %d", __func__, p_cb->key_derivation_h7_used);
848
849 SMP_TRACE_DEBUG(
850 "%s rcvs upgrades: i_keys=0x%x r_keys=0x%x (i-initiator r-responder)",
851 __func__, p_cb->local_i_key, p_cb->local_r_key);
852
853 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
854 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
855 (p_cb->local_i_key || p_cb->local_r_key)) {
856 smp_br_state_machine_event(p_cb, SMP_BR_BOND_REQ_EVT, NULL);
857
858 /* if no peer key is expected, start master key distribution */
859 if (p_cb->role == HCI_ROLE_MASTER && p_cb->local_r_key == 0)
860 smp_key_distribution_by_transport(p_cb, NULL);
861 } else {
862 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
863 }
864 }
865
866 /*******************************************************************************
867 * Function smp_br_select_next_key
868 * Description selects the next key to derive/send when BR/EDR transport is
869 * used.
870 ******************************************************************************/
smp_br_select_next_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)871 void smp_br_select_next_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
872 uint8_t reason = SMP_SUCCESS;
873 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x", __func__,
874 p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
875
876 if (p_cb->role == HCI_ROLE_SLAVE ||
877 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER)) {
878 smp_key_pick_key(p_cb, p_data);
879 }
880
881 if (!p_cb->local_i_key && !p_cb->local_r_key) {
882 /* state check to prevent re-entrance */
883 if (smp_get_br_state() == SMP_BR_STATE_BOND_PENDING) {
884 if (p_cb->total_tx_unacked == 0)
885 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
886 else
887 p_cb->wait_for_authorization_complete = true;
888 }
889 }
890 }
891
892 /*******************************************************************************
893 * Function smp_proc_enc_info
894 * Description process encryption information from peer device
895 ******************************************************************************/
smp_proc_enc_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)896 void smp_proc_enc_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
897 uint8_t* p = (uint8_t*)p_data;
898
899 SMP_TRACE_DEBUG("%s", __func__);
900
901 if (smp_command_has_invalid_parameters(p_cb)) {
902 uint8_t reason = SMP_INVALID_PARAMETERS;
903 android_errorWriteLog(0x534e4554, "111937065");
904 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
905 return;
906 }
907
908 STREAM_TO_ARRAY(p_cb->ltk, p, BT_OCTET16_LEN);
909
910 smp_key_distribution(p_cb, NULL);
911 }
912 /*******************************************************************************
913 * Function smp_proc_master_id
914 * Description process master ID from slave device
915 ******************************************************************************/
smp_proc_master_id(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)916 void smp_proc_master_id(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
917 uint8_t* p = (uint8_t*)p_data;
918 tBTM_LE_KEY_VALUE le_key;
919
920 SMP_TRACE_DEBUG("%s", __func__);
921
922 if (p_cb->rcvd_cmd_len < 11) { // 1(Code) + 2(EDIV) + 8(Rand)
923 android_errorWriteLog(0x534e4554, "111937027");
924 SMP_TRACE_ERROR("%s: Invalid command length: %d, should be at least 11",
925 __func__, p_cb->rcvd_cmd_len);
926 return;
927 }
928
929 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ENC, true);
930
931 STREAM_TO_UINT16(le_key.penc_key.ediv, p);
932 STREAM_TO_ARRAY(le_key.penc_key.rand, p, BT_OCTET8_LEN);
933
934 /* store the encryption keys from peer device */
935 memcpy(le_key.penc_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
936 le_key.penc_key.sec_level = p_cb->sec_level;
937 le_key.penc_key.key_size = p_cb->loc_enc_size;
938
939 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) &&
940 (p_cb->loc_auth_req & SMP_AUTH_BOND))
941 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PENC, &le_key, true);
942
943 smp_key_distribution(p_cb, NULL);
944 }
945
946 /*******************************************************************************
947 * Function smp_proc_id_info
948 * Description process identity information from peer device
949 ******************************************************************************/
smp_proc_id_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)950 void smp_proc_id_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
951 uint8_t* p = (uint8_t*)p_data;
952
953 SMP_TRACE_DEBUG("%s", __func__);
954
955 if (smp_command_has_invalid_parameters(p_cb)) {
956 uint8_t reason = SMP_INVALID_PARAMETERS;
957 android_errorWriteLog(0x534e4554, "111937065");
958 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
959 return;
960 }
961
962 STREAM_TO_ARRAY(p_cb->tk, p, BT_OCTET16_LEN); /* reuse TK for IRK */
963 smp_key_distribution_by_transport(p_cb, NULL);
964 }
965
966 /*******************************************************************************
967 * Function smp_proc_id_addr
968 * Description process identity address from peer device
969 ******************************************************************************/
smp_proc_id_addr(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)970 void smp_proc_id_addr(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
971 uint8_t* p = (uint8_t*)p_data;
972 tBTM_LE_KEY_VALUE pid_key;
973
974 SMP_TRACE_DEBUG("%s", __func__);
975 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ID, true);
976
977 STREAM_TO_UINT8(pid_key.pid_key.addr_type, p);
978 STREAM_TO_BDADDR(pid_key.pid_key.static_addr, p);
979 memcpy(pid_key.pid_key.irk, p_cb->tk, BT_OCTET16_LEN);
980
981 /* to use as BD_ADDR for lk derived from ltk */
982 p_cb->id_addr_rcvd = true;
983 p_cb->id_addr_type = pid_key.pid_key.addr_type;
984 p_cb->id_addr = pid_key.pid_key.static_addr;
985
986 /* store the ID key from peer device */
987 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) &&
988 (p_cb->loc_auth_req & SMP_AUTH_BOND))
989 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PID, &pid_key, true);
990 smp_key_distribution_by_transport(p_cb, NULL);
991 }
992
993 /*******************************************************************************
994 * Function smp_proc_srk_info
995 * Description process security information from peer device
996 ******************************************************************************/
smp_proc_srk_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)997 void smp_proc_srk_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
998 tBTM_LE_KEY_VALUE le_key;
999
1000 SMP_TRACE_DEBUG("%s", __func__);
1001 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_CSRK, true);
1002
1003 /* save CSRK to security record */
1004 le_key.pcsrk_key.sec_level = p_cb->sec_level;
1005
1006 /* get peer CSRK */
1007 maybe_non_aligned_memcpy(le_key.pcsrk_key.csrk, p_data, BT_OCTET16_LEN);
1008
1009 /* initialize the peer counter */
1010 le_key.pcsrk_key.counter = 0;
1011
1012 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) &&
1013 (p_cb->loc_auth_req & SMP_AUTH_BOND))
1014 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PCSRK, &le_key, true);
1015 smp_key_distribution_by_transport(p_cb, NULL);
1016 }
1017
1018 /*******************************************************************************
1019 * Function smp_proc_compare
1020 * Description process compare value
1021 ******************************************************************************/
smp_proc_compare(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1022 void smp_proc_compare(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1023 uint8_t reason;
1024
1025 SMP_TRACE_DEBUG("%s", __func__);
1026 if (!memcmp(p_cb->rconfirm, p_data->key.p_data, BT_OCTET16_LEN)) {
1027 /* compare the max encryption key size, and save the smaller one for the
1028 * link */
1029 if (p_cb->peer_enc_size < p_cb->loc_enc_size)
1030 p_cb->loc_enc_size = p_cb->peer_enc_size;
1031
1032 if (p_cb->role == HCI_ROLE_SLAVE)
1033 smp_sm_event(p_cb, SMP_RAND_EVT, NULL);
1034 else {
1035 /* master device always use received i/r key as keys to distribute */
1036 p_cb->local_i_key = p_cb->peer_i_key;
1037 p_cb->local_r_key = p_cb->peer_r_key;
1038
1039 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1040 }
1041
1042 } else {
1043 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1044 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1045 }
1046 }
1047
1048 /*******************************************************************************
1049 * Function smp_proc_sl_key
1050 * Description process key ready events.
1051 ******************************************************************************/
smp_proc_sl_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1052 void smp_proc_sl_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1053 uint8_t key_type = p_data->key.key_type;
1054
1055 SMP_TRACE_DEBUG("%s", __func__);
1056 if (key_type == SMP_KEY_TYPE_TK) {
1057 smp_generate_srand_mrand_confirm(p_cb, NULL);
1058 } else if (key_type == SMP_KEY_TYPE_CFM) {
1059 smp_set_state(SMP_STATE_WAIT_CONFIRM);
1060
1061 if (p_cb->flags & SMP_PAIR_FLAGS_CMD_CONFIRM)
1062 smp_sm_event(p_cb, SMP_CONFIRM_EVT, NULL);
1063 }
1064 }
1065
1066 /*******************************************************************************
1067 * Function smp_start_enc
1068 * Description start encryption
1069 ******************************************************************************/
smp_start_enc(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1070 void smp_start_enc(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1071 tBTM_STATUS cmd;
1072 uint8_t reason = SMP_ENC_FAIL;
1073
1074 SMP_TRACE_DEBUG("%s", __func__);
1075 if (p_data != NULL)
1076 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, true, p_data->key.p_data);
1077 else
1078 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, false, NULL);
1079
1080 if (cmd != BTM_CMD_STARTED && cmd != BTM_BUSY)
1081 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1082 }
1083
1084 /*******************************************************************************
1085 * Function smp_proc_discard
1086 * Description processing for discard security request
1087 ******************************************************************************/
smp_proc_discard(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1088 void smp_proc_discard(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1089 SMP_TRACE_DEBUG("%s", __func__);
1090 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD))
1091 smp_reset_control_value(p_cb);
1092 }
1093
1094 /*******************************************************************************
1095 * Function smp_enc_cmpl
1096 * Description encryption success
1097 ******************************************************************************/
smp_enc_cmpl(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1098 void smp_enc_cmpl(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1099 uint8_t enc_enable = *(uint8_t*)p_data;
1100 uint8_t reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1101
1102 SMP_TRACE_DEBUG("%s", __func__);
1103 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1104 }
1105
1106 /*******************************************************************************
1107 * Function smp_check_auth_req
1108 * Description check authentication request
1109 ******************************************************************************/
smp_check_auth_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1110 void smp_check_auth_req(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1111 uint8_t enc_enable = *(uint8_t*)p_data;
1112 uint8_t reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1113
1114 SMP_TRACE_DEBUG(
1115 "%s rcvs enc_enable=%d i_keys=0x%x r_keys=0x%x (i-initiator r-responder)",
1116 __func__, enc_enable, p_cb->local_i_key, p_cb->local_r_key);
1117 if (enc_enable == 1) {
1118 if (p_cb->le_secure_connections_mode_is_used) {
1119 /* In LE SC mode LTK is used instead of STK and has to be always saved */
1120 p_cb->local_i_key |= SMP_SEC_KEY_TYPE_ENC;
1121 p_cb->local_r_key |= SMP_SEC_KEY_TYPE_ENC;
1122
1123 /* In LE SC mode LK is derived from LTK only if both sides request it */
1124 if (!(p_cb->local_i_key & SMP_SEC_KEY_TYPE_LK) ||
1125 !(p_cb->local_r_key & SMP_SEC_KEY_TYPE_LK)) {
1126 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1127 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1128 }
1129
1130 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
1131 ** Set local_r_key on master to expect only these keys.
1132 */
1133 if (p_cb->role == HCI_ROLE_MASTER) {
1134 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
1135 }
1136 } else {
1137 /* in legacy mode derivation of BR/EDR LK is not supported */
1138 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1139 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1140 }
1141 SMP_TRACE_DEBUG(
1142 "%s rcvs upgrades: i_keys=0x%x r_keys=0x%x (i-initiator r-responder)",
1143 __func__, p_cb->local_i_key, p_cb->local_r_key);
1144
1145 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
1146 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
1147 (p_cb->local_i_key || p_cb->local_r_key)) {
1148 smp_sm_event(p_cb, SMP_BOND_REQ_EVT, NULL);
1149 } else
1150 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1151 } else if (enc_enable == 0) {
1152 /* if failed for encryption after pairing, send callback */
1153 if (p_cb->flags & SMP_PAIR_FLAG_ENC_AFTER_PAIR)
1154 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1155 /* if enc failed for old security information */
1156 /* if master device, clean up and abck to idle; slave device do nothing */
1157 else if (p_cb->role == HCI_ROLE_MASTER) {
1158 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1159 }
1160 }
1161 }
1162
1163 /*******************************************************************************
1164 * Function smp_key_pick_key
1165 * Description Pick a key distribution function based on the key mask.
1166 ******************************************************************************/
smp_key_pick_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1167 void smp_key_pick_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1168 uint8_t key_to_dist =
1169 (p_cb->role == HCI_ROLE_SLAVE) ? p_cb->local_r_key : p_cb->local_i_key;
1170 uint8_t i = 0;
1171
1172 SMP_TRACE_DEBUG("%s key_to_dist=0x%x", __func__, key_to_dist);
1173 while (i < SMP_KEY_DIST_TYPE_MAX) {
1174 SMP_TRACE_DEBUG("key to send = %02x, i = %d", key_to_dist, i);
1175
1176 if (key_to_dist & (1 << i)) {
1177 SMP_TRACE_DEBUG("smp_distribute_act[%d]", i);
1178 (*smp_distribute_act[i])(p_cb, p_data);
1179 break;
1180 }
1181 i++;
1182 }
1183 }
1184 /*******************************************************************************
1185 * Function smp_key_distribution
1186 * Description start key distribution if required.
1187 ******************************************************************************/
smp_key_distribution(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1188 void smp_key_distribution(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1189 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x", __func__,
1190 p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
1191
1192 if (p_cb->role == HCI_ROLE_SLAVE ||
1193 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER)) {
1194 smp_key_pick_key(p_cb, p_data);
1195 }
1196
1197 if (!p_cb->local_i_key && !p_cb->local_r_key) {
1198 /* state check to prevent re-entrant */
1199 if (smp_get_state() == SMP_STATE_BOND_PENDING) {
1200 if (p_cb->derive_lk) {
1201 smp_derive_link_key_from_long_term_key(p_cb, NULL);
1202 p_cb->derive_lk = false;
1203 }
1204
1205 if (p_cb->total_tx_unacked == 0) {
1206 /*
1207 * Instead of declaring authorization complete immediately,
1208 * delay the event from being sent by SMP_DELAYED_AUTH_TIMEOUT_MS.
1209 * This allows the slave to send over Pairing Failed if the
1210 * last key is rejected. During this waiting window, the
1211 * state should remain in SMP_STATE_BOND_PENDING.
1212 */
1213 if (!alarm_is_scheduled(p_cb->delayed_auth_timer_ent)) {
1214 SMP_TRACE_DEBUG("%s delaying auth complete.", __func__);
1215 alarm_set_on_mloop(p_cb->delayed_auth_timer_ent,
1216 SMP_DELAYED_AUTH_TIMEOUT_MS,
1217 smp_delayed_auth_complete_timeout, NULL);
1218 }
1219 } else {
1220 p_cb->wait_for_authorization_complete = true;
1221 }
1222 }
1223 }
1224 }
1225
1226 /*******************************************************************************
1227 * Function smp_decide_association_model
1228 * Description This function is called to select assoc model to be used for
1229 * STK generation and to start STK generation process.
1230 *
1231 ******************************************************************************/
smp_decide_association_model(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1232 void smp_decide_association_model(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1233 uint8_t failure = SMP_UNKNOWN_IO_CAP;
1234 uint8_t int_evt = 0;
1235 tSMP_KEY key;
1236 tSMP_INT_DATA* p = NULL;
1237
1238 SMP_TRACE_DEBUG("%s Association Model = %d", __func__,
1239 p_cb->selected_association_model);
1240
1241 switch (p_cb->selected_association_model) {
1242 case SMP_MODEL_ENCRYPTION_ONLY: /* TK = 0, go calculate Confirm */
1243 if (p_cb->role == HCI_ROLE_MASTER &&
1244 ((p_cb->peer_auth_req & SMP_AUTH_YN_BIT) != 0) &&
1245 ((p_cb->loc_auth_req & SMP_AUTH_YN_BIT) == 0)) {
1246 SMP_TRACE_ERROR(
1247 "IO capability does not meet authentication requirement");
1248 failure = SMP_PAIR_AUTH_FAIL;
1249 p = (tSMP_INT_DATA*)&failure;
1250 int_evt = SMP_AUTH_CMPL_EVT;
1251 } else {
1252 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1253 SMP_TRACE_EVENT("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ",
1254 p_cb->sec_level);
1255
1256 key.key_type = SMP_KEY_TYPE_TK;
1257 key.p_data = p_cb->tk;
1258 p = (tSMP_INT_DATA*)&key;
1259
1260 memset(p_cb->tk, 0, BT_OCTET16_LEN);
1261 /* TK, ready */
1262 int_evt = SMP_KEY_READY_EVT;
1263 }
1264 break;
1265
1266 case SMP_MODEL_PASSKEY:
1267 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1268 SMP_TRACE_EVENT("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ",
1269 p_cb->sec_level);
1270
1271 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1272 int_evt = SMP_TK_REQ_EVT;
1273 break;
1274
1275 case SMP_MODEL_OOB:
1276 SMP_TRACE_ERROR("Association Model = SMP_MODEL_OOB");
1277 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1278 SMP_TRACE_EVENT("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ",
1279 p_cb->sec_level);
1280
1281 p_cb->cb_evt = SMP_OOB_REQ_EVT;
1282 int_evt = SMP_TK_REQ_EVT;
1283 break;
1284
1285 case SMP_MODEL_KEY_NOTIF:
1286 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1287 SMP_TRACE_DEBUG("Need to generate Passkey");
1288
1289 /* generate passkey and notify application */
1290 smp_generate_passkey(p_cb, NULL);
1291 break;
1292
1293 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1294 case SMP_MODEL_SEC_CONN_NUM_COMP:
1295 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1296 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1297 case SMP_MODEL_SEC_CONN_OOB:
1298 int_evt = SMP_PUBL_KEY_EXCH_REQ_EVT;
1299 break;
1300
1301 case SMP_MODEL_OUT_OF_RANGE:
1302 SMP_TRACE_ERROR("Association Model = SMP_MODEL_OUT_OF_RANGE (failed)");
1303 p = (tSMP_INT_DATA*)&failure;
1304 int_evt = SMP_AUTH_CMPL_EVT;
1305 break;
1306
1307 default:
1308 SMP_TRACE_ERROR(
1309 "Association Model = %d (SOMETHING IS WRONG WITH THE CODE)",
1310 p_cb->selected_association_model);
1311 p = (tSMP_INT_DATA*)&failure;
1312 int_evt = SMP_AUTH_CMPL_EVT;
1313 }
1314
1315 SMP_TRACE_EVENT("sec_level=%d ", p_cb->sec_level);
1316 if (int_evt) smp_sm_event(p_cb, int_evt, p);
1317 }
1318
1319 /*******************************************************************************
1320 * Function smp_process_io_response
1321 * Description process IO response for a slave device.
1322 ******************************************************************************/
smp_process_io_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1323 void smp_process_io_response(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1324 uint8_t reason = SMP_PAIR_AUTH_FAIL;
1325
1326 SMP_TRACE_DEBUG("%s", __func__);
1327 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD) {
1328 /* pairing started by local (slave) Security Request */
1329 smp_set_state(SMP_STATE_SEC_REQ_PENDING);
1330 smp_send_cmd(SMP_OPCODE_SEC_REQ, p_cb);
1331 } else /* plan to send pairing respond */
1332 {
1333 /* pairing started by peer (master) Pairing Request */
1334 p_cb->selected_association_model = smp_select_association_model(p_cb);
1335
1336 if (p_cb->secure_connections_only_mode_required &&
1337 (!(p_cb->le_secure_connections_mode_is_used) ||
1338 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS))) {
1339 SMP_TRACE_ERROR(
1340 "Slave requires secure connection only mode "
1341 "but it can't be provided -> Slave fails pairing");
1342 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1343 return;
1344 }
1345
1346 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) {
1347 if (smp_request_oob_data(p_cb)) return;
1348 }
1349
1350 // PTS Testing failure modes
1351 if (pts_test_send_authentication_complete_failure(p_cb)) return;
1352
1353 smp_send_pair_rsp(p_cb, NULL);
1354 }
1355 }
1356
1357 /*******************************************************************************
1358 * Function smp_br_process_slave_keys_response
1359 * Description process application keys response for a slave device
1360 * (BR/EDR transport).
1361 ******************************************************************************/
smp_br_process_slave_keys_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1362 void smp_br_process_slave_keys_response(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1363 smp_br_send_pair_response(p_cb, NULL);
1364 }
1365
1366 /*******************************************************************************
1367 * Function smp_br_send_pair_response
1368 * Description actions related to sending pairing response over BR/EDR
1369 * transport.
1370 ******************************************************************************/
smp_br_send_pair_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1371 void smp_br_send_pair_response(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1372 SMP_TRACE_DEBUG("%s", __func__);
1373
1374 p_cb->local_i_key &= p_cb->peer_i_key;
1375 p_cb->local_r_key &= p_cb->peer_r_key;
1376
1377 smp_send_cmd(SMP_OPCODE_PAIRING_RSP, p_cb);
1378 }
1379
1380 /*******************************************************************************
1381 * Function smp_pairing_cmpl
1382 * Description This function is called to send the pairing complete
1383 * callback and remove the connection if needed.
1384 ******************************************************************************/
smp_pairing_cmpl(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1385 void smp_pairing_cmpl(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1386 if (p_cb->total_tx_unacked == 0) {
1387 /* process the pairing complete */
1388 smp_proc_pairing_cmpl(p_cb);
1389 }
1390 }
1391
1392 /*******************************************************************************
1393 * Function smp_pair_terminate
1394 * Description This function is called to send the pairing complete
1395 * callback and remove the connection if needed.
1396 ******************************************************************************/
smp_pair_terminate(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1397 void smp_pair_terminate(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1398 SMP_TRACE_DEBUG("%s", __func__);
1399 p_cb->status = SMP_CONN_TOUT;
1400 smp_proc_pairing_cmpl(p_cb);
1401 }
1402
1403 /*******************************************************************************
1404 * Function smp_idle_terminate
1405 * Description This function calledin idle state to determine to send
1406 * authentication complete or not.
1407 ******************************************************************************/
smp_idle_terminate(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1408 void smp_idle_terminate(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1409 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD) {
1410 SMP_TRACE_DEBUG("Pairing terminated at IDLE state.");
1411 p_cb->status = SMP_FAIL;
1412 smp_proc_pairing_cmpl(p_cb);
1413 }
1414 }
1415
1416 /*******************************************************************************
1417 * Function smp_fast_conn_param
1418 * Description apply default connection parameter for pairing process
1419 ******************************************************************************/
smp_fast_conn_param(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1420 void smp_fast_conn_param(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1421 /* Disable L2CAP connection parameter updates while bonding since
1422 some peripherals are not able to revert to fast connection parameters
1423 during the start of service discovery. Connection paramter updates
1424 get enabled again once service discovery completes. */
1425 L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, false);
1426 }
1427
1428 /*******************************************************************************
1429 * Function smp_both_have_public_keys
1430 * Description The function is called when both local and peer public keys are
1431 * saved.
1432 * Actions:
1433 * - invokes DHKey computation;
1434 * - on slave side invokes sending local public key to the peer.
1435 * - invokes SC phase 1 process.
1436 ******************************************************************************/
smp_both_have_public_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1437 void smp_both_have_public_keys(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1438 SMP_TRACE_DEBUG("%s", __func__);
1439
1440 /* invokes DHKey computation */
1441 smp_compute_dhkey(p_cb);
1442
1443 /* on slave side invokes sending local public key to the peer */
1444 if (p_cb->role == HCI_ROLE_SLAVE) smp_send_pair_public_key(p_cb, NULL);
1445
1446 smp_sm_event(p_cb, SMP_SC_DHKEY_CMPLT_EVT, NULL);
1447 }
1448
1449 /*******************************************************************************
1450 * Function smp_start_secure_connection_phase1
1451 * Description Start Secure Connection phase1 i.e. invokes initialization of
1452 * Secure Connection phase 1 parameters and starts building/sending
1453 * to the peer messages appropriate for the role and association
1454 * model.
1455 ******************************************************************************/
smp_start_secure_connection_phase1(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1456 void smp_start_secure_connection_phase1(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1457 SMP_TRACE_DEBUG("%s", __func__);
1458
1459 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS) {
1460 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1461 SMP_TRACE_EVENT("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ",
1462 p_cb->sec_level);
1463 } else {
1464 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1465 SMP_TRACE_EVENT("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ",
1466 p_cb->sec_level);
1467 }
1468
1469 switch (p_cb->selected_association_model) {
1470 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1471 case SMP_MODEL_SEC_CONN_NUM_COMP:
1472 memset(p_cb->local_random, 0, BT_OCTET16_LEN);
1473 smp_start_nonce_generation(p_cb);
1474 break;
1475 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1476 /* user has to provide passkey */
1477 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1478 smp_sm_event(p_cb, SMP_TK_REQ_EVT, NULL);
1479 break;
1480 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1481 /* passkey has to be provided to user */
1482 SMP_TRACE_DEBUG("Need to generate SC Passkey");
1483 smp_generate_passkey(p_cb, NULL);
1484 break;
1485 case SMP_MODEL_SEC_CONN_OOB:
1486 /* use the available OOB information */
1487 smp_process_secure_connection_oob_data(p_cb, NULL);
1488 break;
1489 default:
1490 SMP_TRACE_ERROR("Association Model = %d is not used in LE SC",
1491 p_cb->selected_association_model);
1492 break;
1493 }
1494 }
1495
1496 /*******************************************************************************
1497 * Function smp_process_local_nonce
1498 * Description The function processes new local nonce.
1499 *
1500 * Note It is supposed to be called in SC phase1.
1501 ******************************************************************************/
smp_process_local_nonce(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1502 void smp_process_local_nonce(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1503 SMP_TRACE_DEBUG("%s", __func__);
1504
1505 switch (p_cb->selected_association_model) {
1506 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1507 case SMP_MODEL_SEC_CONN_NUM_COMP:
1508 if (p_cb->role == HCI_ROLE_SLAVE) {
1509 /* slave calculates and sends local commitment */
1510 smp_calculate_local_commitment(p_cb);
1511 smp_send_commitment(p_cb, NULL);
1512 /* slave has to wait for peer nonce */
1513 smp_set_state(SMP_STATE_WAIT_NONCE);
1514 } else /* i.e. master */
1515 {
1516 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM) {
1517 /* slave commitment is already received, send local nonce, wait for
1518 * remote nonce*/
1519 SMP_TRACE_DEBUG(
1520 "master in assoc mode = %d "
1521 "already rcvd slave commitment - race condition",
1522 p_cb->selected_association_model);
1523 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1524 smp_send_rand(p_cb, NULL);
1525 smp_set_state(SMP_STATE_WAIT_NONCE);
1526 }
1527 }
1528 break;
1529 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1530 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1531 smp_calculate_local_commitment(p_cb);
1532
1533 if (p_cb->role == HCI_ROLE_MASTER) {
1534 smp_send_commitment(p_cb, NULL);
1535 } else /* slave */
1536 {
1537 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM) {
1538 /* master commitment is already received */
1539 smp_send_commitment(p_cb, NULL);
1540 smp_set_state(SMP_STATE_WAIT_NONCE);
1541 }
1542 }
1543 break;
1544 case SMP_MODEL_SEC_CONN_OOB:
1545 if (p_cb->role == HCI_ROLE_MASTER) {
1546 smp_send_rand(p_cb, NULL);
1547 }
1548
1549 smp_set_state(SMP_STATE_WAIT_NONCE);
1550 break;
1551 default:
1552 SMP_TRACE_ERROR("Association Model = %d is not used in LE SC",
1553 p_cb->selected_association_model);
1554 break;
1555 }
1556 }
1557
1558 /*******************************************************************************
1559 * Function smp_process_peer_nonce
1560 * Description The function processes newly received and saved in CB peer
1561 * nonce. The actions depend on the selected association model and
1562 * the role.
1563 *
1564 * Note It is supposed to be called in SC phase1.
1565 ******************************************************************************/
smp_process_peer_nonce(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1566 void smp_process_peer_nonce(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1567 uint8_t reason;
1568
1569 SMP_TRACE_DEBUG("%s start ", __func__);
1570
1571 // PTS Testing failure modes
1572 if (p_cb->cert_failure == SMP_CONFIRM_VALUE_ERR) {
1573 SMP_TRACE_ERROR("%s failure case = %d", __func__, p_cb->cert_failure);
1574 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1575 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1576 return;
1577 }
1578 // PTS Testing failure modes (for LT)
1579 if ((p_cb->cert_failure == SMP_NUMERIC_COMPAR_FAIL) &&
1580 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS) &&
1581 (p_cb->role == HCI_ROLE_SLAVE)) {
1582 SMP_TRACE_ERROR("%s failure case = %d", __func__, p_cb->cert_failure);
1583 reason = p_cb->failure = SMP_NUMERIC_COMPAR_FAIL;
1584 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1585 return;
1586 }
1587
1588 switch (p_cb->selected_association_model) {
1589 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1590 case SMP_MODEL_SEC_CONN_NUM_COMP:
1591 /* in these models only master receives commitment */
1592 if (p_cb->role == HCI_ROLE_MASTER) {
1593 if (!smp_check_commitment(p_cb)) {
1594 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1595 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1596 break;
1597 }
1598 } else {
1599 /* slave sends local nonce */
1600 smp_send_rand(p_cb, NULL);
1601 }
1602
1603 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS) {
1604 /* go directly to phase 2 */
1605 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1606 } else /* numeric comparison */
1607 {
1608 smp_set_state(SMP_STATE_WAIT_NONCE);
1609 smp_sm_event(p_cb, SMP_SC_CALC_NC_EVT, NULL);
1610 }
1611 break;
1612 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1613 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1614 if (!smp_check_commitment(p_cb) &&
1615 p_cb->cert_failure != SMP_NUMERIC_COMPAR_FAIL) {
1616 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1617 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1618 break;
1619 }
1620
1621 if (p_cb->role == HCI_ROLE_SLAVE) {
1622 smp_send_rand(p_cb, NULL);
1623 }
1624
1625 if (++p_cb->round < 20) {
1626 smp_set_state(SMP_STATE_SEC_CONN_PHS1_START);
1627 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1628 smp_start_nonce_generation(p_cb);
1629 break;
1630 }
1631
1632 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1633 break;
1634 case SMP_MODEL_SEC_CONN_OOB:
1635 if (p_cb->role == HCI_ROLE_SLAVE) {
1636 smp_send_rand(p_cb, NULL);
1637 }
1638
1639 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1640 break;
1641 default:
1642 SMP_TRACE_ERROR("Association Model = %d is not used in LE SC",
1643 p_cb->selected_association_model);
1644 break;
1645 }
1646
1647 SMP_TRACE_DEBUG("%s end ", __func__);
1648 }
1649
1650 /*******************************************************************************
1651 * Function smp_match_dhkey_checks
1652 * Description checks if the calculated peer DHKey Check value is the same as
1653 * received from the peer DHKey check value.
1654 ******************************************************************************/
smp_match_dhkey_checks(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1655 void smp_match_dhkey_checks(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1656 uint8_t reason = SMP_DHKEY_CHK_FAIL;
1657
1658 SMP_TRACE_DEBUG("%s", __func__);
1659
1660 if (memcmp(p_data->key.p_data, p_cb->remote_dhkey_check, BT_OCTET16_LEN)) {
1661 SMP_TRACE_WARNING("dhkey chcks do no match");
1662 p_cb->failure = reason;
1663 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1664 return;
1665 }
1666
1667 SMP_TRACE_EVENT("dhkey chcks match");
1668
1669 /* compare the max encryption key size, and save the smaller one for the link
1670 */
1671 if (p_cb->peer_enc_size < p_cb->loc_enc_size)
1672 p_cb->loc_enc_size = p_cb->peer_enc_size;
1673
1674 if (p_cb->role == HCI_ROLE_SLAVE) {
1675 smp_sm_event(p_cb, SMP_PAIR_DHKEY_CHCK_EVT, NULL);
1676 } else {
1677 /* master device always use received i/r key as keys to distribute */
1678 p_cb->local_i_key = p_cb->peer_i_key;
1679 p_cb->local_r_key = p_cb->peer_r_key;
1680 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1681 }
1682 }
1683
1684 /*******************************************************************************
1685 * Function smp_move_to_secure_connections_phase2
1686 * Description Signal State Machine to start SC phase 2 initialization (to
1687 * compute local DHKey Check value).
1688 *
1689 * Note SM is supposed to be in the state SMP_STATE_SEC_CONN_PHS2_START.
1690 ******************************************************************************/
smp_move_to_secure_connections_phase2(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1691 void smp_move_to_secure_connections_phase2(tSMP_CB* p_cb,
1692 tSMP_INT_DATA* p_data) {
1693 SMP_TRACE_DEBUG("%s", __func__);
1694 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1695 }
1696
1697 /*******************************************************************************
1698 * Function smp_phase_2_dhkey_checks_are_present
1699 * Description generates event if dhkey check from the peer is already
1700 * received.
1701 *
1702 * Note It is supposed to be used on slave to prevent race condition.
1703 * It is supposed to be called after slave dhkey check is
1704 * calculated.
1705 ******************************************************************************/
smp_phase_2_dhkey_checks_are_present(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1706 void smp_phase_2_dhkey_checks_are_present(tSMP_CB* p_cb,
1707 tSMP_INT_DATA* p_data) {
1708 SMP_TRACE_DEBUG("%s", __func__);
1709
1710 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK)
1711 smp_sm_event(p_cb, SMP_SC_2_DHCK_CHKS_PRES_EVT, NULL);
1712 }
1713
1714 /*******************************************************************************
1715 * Function smp_wait_for_both_public_keys
1716 * Description generates SMP_BOTH_PUBL_KEYS_RCVD_EVT event when both local and
1717 * master public keys are available.
1718 *
1719 * Note on the slave it is used to prevent race condition.
1720 *
1721 ******************************************************************************/
smp_wait_for_both_public_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1722 void smp_wait_for_both_public_keys(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1723 SMP_TRACE_DEBUG("%s", __func__);
1724
1725 if ((p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY) &&
1726 (p_cb->flags & SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY)) {
1727 if ((p_cb->role == HCI_ROLE_SLAVE) &&
1728 ((p_cb->req_oob_type == SMP_OOB_LOCAL) ||
1729 (p_cb->req_oob_type == SMP_OOB_BOTH))) {
1730 smp_set_state(SMP_STATE_PUBLIC_KEY_EXCH);
1731 }
1732 smp_sm_event(p_cb, SMP_BOTH_PUBL_KEYS_RCVD_EVT, NULL);
1733 }
1734 }
1735
1736 /*******************************************************************************
1737 * Function smp_start_passkey_verification
1738 * Description Starts SC passkey entry verification.
1739 ******************************************************************************/
smp_start_passkey_verification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1740 void smp_start_passkey_verification(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1741 uint8_t* p = NULL;
1742
1743 SMP_TRACE_DEBUG("%s", __func__);
1744 p = p_cb->local_random;
1745 UINT32_TO_STREAM(p, p_data->passkey);
1746
1747 p = p_cb->peer_random;
1748 UINT32_TO_STREAM(p, p_data->passkey);
1749
1750 p_cb->round = 0;
1751 smp_start_nonce_generation(p_cb);
1752 }
1753
1754 /*******************************************************************************
1755 * Function smp_process_secure_connection_oob_data
1756 * Description Processes local/peer SC OOB data received from somewhere.
1757 ******************************************************************************/
smp_process_secure_connection_oob_data(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1758 void smp_process_secure_connection_oob_data(tSMP_CB* p_cb,
1759 tSMP_INT_DATA* p_data) {
1760 SMP_TRACE_DEBUG("%s", __func__);
1761
1762 tSMP_SC_OOB_DATA* p_sc_oob_data = &p_cb->sc_oob_data;
1763 if (p_sc_oob_data->loc_oob_data.present) {
1764 memcpy(p_cb->local_random, p_sc_oob_data->loc_oob_data.randomizer,
1765 sizeof(p_cb->local_random));
1766 } else {
1767 SMP_TRACE_EVENT("%s: local OOB randomizer is absent", __func__);
1768 memset(p_cb->local_random, 0, sizeof(p_cb->local_random));
1769 }
1770
1771 if (!p_sc_oob_data->peer_oob_data.present) {
1772 SMP_TRACE_EVENT("%s: peer OOB data is absent", __func__);
1773 memset(p_cb->peer_random, 0, sizeof(p_cb->peer_random));
1774 } else {
1775 memcpy(p_cb->peer_random, p_sc_oob_data->peer_oob_data.randomizer,
1776 sizeof(p_cb->peer_random));
1777 memcpy(p_cb->remote_commitment, p_sc_oob_data->peer_oob_data.commitment,
1778 sizeof(p_cb->remote_commitment));
1779
1780 uint8_t reason = SMP_CONFIRM_VALUE_ERR;
1781 /* check commitment */
1782 if (!smp_check_commitment(p_cb)) {
1783 p_cb->failure = reason;
1784 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1785 return;
1786 }
1787
1788 if (p_cb->peer_oob_flag != SMP_OOB_PRESENT) {
1789 /* the peer doesn't have local randomiser */
1790 SMP_TRACE_EVENT(
1791 "%s: peer didn't receive local OOB data, set local randomizer to 0",
1792 __func__);
1793 memset(p_cb->local_random, 0, sizeof(p_cb->local_random));
1794 }
1795 }
1796
1797 print128(p_cb->local_random, (const uint8_t*)"local OOB randomizer");
1798 print128(p_cb->peer_random, (const uint8_t*)"peer OOB randomizer");
1799 smp_start_nonce_generation(p_cb);
1800 }
1801
1802 /*******************************************************************************
1803 * Function smp_set_local_oob_keys
1804 * Description Saves calculated private/public keys in
1805 * sc_oob_data.loc_oob_data, starts nonce generation
1806 * (to be saved in sc_oob_data.loc_oob_data.randomizer).
1807 ******************************************************************************/
smp_set_local_oob_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1808 void smp_set_local_oob_keys(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1809 SMP_TRACE_DEBUG("%s", __func__);
1810
1811 memcpy(p_cb->sc_oob_data.loc_oob_data.private_key_used, p_cb->private_key,
1812 BT_OCTET32_LEN);
1813 p_cb->sc_oob_data.loc_oob_data.publ_key_used = p_cb->loc_publ_key;
1814 smp_start_nonce_generation(p_cb);
1815 }
1816
1817 /*******************************************************************************
1818 * Function smp_set_local_oob_random_commitment
1819 * Description Saves calculated randomizer and commitment in
1820 * sc_oob_data.loc_oob_data, passes sc_oob_data.loc_oob_data up
1821 * for safekeeping.
1822 ******************************************************************************/
smp_set_local_oob_random_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1823 void smp_set_local_oob_random_commitment(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1824 SMP_TRACE_DEBUG("%s", __func__);
1825 memcpy(p_cb->sc_oob_data.loc_oob_data.randomizer, p_cb->rand, BT_OCTET16_LEN);
1826
1827 smp_calculate_f4(p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1828 p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1829 p_cb->sc_oob_data.loc_oob_data.randomizer, 0,
1830 p_cb->sc_oob_data.loc_oob_data.commitment);
1831
1832 #if (SMP_DEBUG == TRUE)
1833 uint8_t* p_print = NULL;
1834 SMP_TRACE_DEBUG("local SC OOB data set:");
1835 p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.addr_sent_to;
1836 smp_debug_print_nbyte_little_endian(p_print, "addr_sent_to",
1837 sizeof(tBLE_BD_ADDR));
1838 p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.private_key_used;
1839 smp_debug_print_nbyte_little_endian(p_print, "private_key_used",
1840 BT_OCTET32_LEN);
1841 p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.publ_key_used.x;
1842 smp_debug_print_nbyte_little_endian(p_print, "publ_key_used.x",
1843 BT_OCTET32_LEN);
1844 p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.publ_key_used.y;
1845 smp_debug_print_nbyte_little_endian(p_print, "publ_key_used.y",
1846 BT_OCTET32_LEN);
1847 p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.randomizer;
1848 smp_debug_print_nbyte_little_endian(p_print, "randomizer", BT_OCTET16_LEN);
1849 p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.commitment;
1850 smp_debug_print_nbyte_little_endian(p_print, "commitment", BT_OCTET16_LEN);
1851 SMP_TRACE_DEBUG("");
1852 #endif
1853
1854 /* pass created OOB data up */
1855 p_cb->cb_evt = SMP_SC_LOC_OOB_DATA_UP_EVT;
1856 smp_send_app_cback(p_cb, NULL);
1857
1858 smp_cb_cleanup(p_cb);
1859 }
1860
1861 /*******************************************************************************
1862 *
1863 * Function smp_link_encrypted
1864 *
1865 * Description This function is called when link is encrypted and notified
1866 * to the slave device. Proceed to to send LTK, DIV and ER to
1867 * master if bonding the devices.
1868 *
1869 *
1870 * Returns void
1871 *
1872 ******************************************************************************/
smp_link_encrypted(const RawAddress & bda,uint8_t encr_enable)1873 void smp_link_encrypted(const RawAddress& bda, uint8_t encr_enable) {
1874 tSMP_CB* p_cb = &smp_cb;
1875
1876 SMP_TRACE_DEBUG("%s: encr_enable=%d", __func__, encr_enable);
1877
1878 if (smp_cb.pairing_bda == bda) {
1879 /* encryption completed with STK, remember the key size now, could be
1880 * overwritten when key exchange happens */
1881 if (p_cb->loc_enc_size != 0 && encr_enable) {
1882 /* update the link encryption key size if a SMP pairing just performed */
1883 btm_ble_update_sec_key_size(bda, p_cb->loc_enc_size);
1884 }
1885
1886 smp_sm_event(&smp_cb, SMP_ENCRYPTED_EVT, &encr_enable);
1887 }
1888 }
1889
1890 /*******************************************************************************
1891 *
1892 * Function smp_proc_ltk_request
1893 *
1894 * Description This function is called when LTK request is received from
1895 * controller.
1896 *
1897 * Returns void
1898 *
1899 ******************************************************************************/
smp_proc_ltk_request(const RawAddress & bda)1900 bool smp_proc_ltk_request(const RawAddress& bda) {
1901 SMP_TRACE_DEBUG("%s state = %d", __func__, smp_cb.state);
1902 bool match = false;
1903
1904 if (bda == smp_cb.pairing_bda) {
1905 match = true;
1906 } else {
1907 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bda);
1908 if (p_dev_rec != NULL && p_dev_rec->ble.pseudo_addr == smp_cb.pairing_bda &&
1909 p_dev_rec->ble.pseudo_addr != RawAddress::kEmpty) {
1910 match = true;
1911 }
1912 }
1913
1914 if (match && smp_cb.state == SMP_STATE_ENCRYPTION_PENDING) {
1915 smp_sm_event(&smp_cb, SMP_ENC_REQ_EVT, NULL);
1916 return true;
1917 }
1918
1919 return false;
1920 }
1921
1922 /*******************************************************************************
1923 *
1924 * Function smp_process_secure_connection_long_term_key
1925 *
1926 * Description This function is called to process SC LTK.
1927 * SC LTK is calculated and used instead of STK.
1928 * Here SC LTK is saved in BLE DB.
1929 *
1930 * Returns void
1931 *
1932 ******************************************************************************/
smp_process_secure_connection_long_term_key(void)1933 void smp_process_secure_connection_long_term_key(void) {
1934 tSMP_CB* p_cb = &smp_cb;
1935
1936 SMP_TRACE_DEBUG("%s", __func__);
1937 smp_save_secure_connections_long_term_key(p_cb);
1938
1939 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ENC, false);
1940 smp_key_distribution(p_cb, NULL);
1941 }
1942
1943 /*******************************************************************************
1944 *
1945 * Function smp_set_derive_link_key
1946 *
1947 * Description This function is called to set flag that indicates that
1948 * BR/EDR LK has to be derived from LTK after all keys are
1949 * distributed.
1950 *
1951 * Returns void
1952 *
1953 ******************************************************************************/
smp_set_derive_link_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1954 void smp_set_derive_link_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1955 SMP_TRACE_DEBUG("%s", __func__);
1956 p_cb->derive_lk = true;
1957 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_LK, false);
1958 smp_key_distribution(p_cb, NULL);
1959 }
1960
1961 /*******************************************************************************
1962 *
1963 * Function smp_derive_link_key_from_long_term_key
1964 *
1965 * Description This function is called to derive BR/EDR LK from LTK.
1966 *
1967 * Returns void
1968 *
1969 ******************************************************************************/
smp_derive_link_key_from_long_term_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1970 void smp_derive_link_key_from_long_term_key(tSMP_CB* p_cb,
1971 tSMP_INT_DATA* p_data) {
1972 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
1973
1974 SMP_TRACE_DEBUG("%s", __func__);
1975 if (!smp_calculate_link_key_from_long_term_key(p_cb)) {
1976 SMP_TRACE_ERROR("%s failed", __func__);
1977 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
1978 return;
1979 }
1980 }
1981
1982 /*******************************************************************************
1983 *
1984 * Function smp_br_process_link_key
1985 *
1986 * Description This function is called to process BR/EDR LK:
1987 * - to derive SMP LTK from BR/EDR LK;
1988 * - to save SMP LTK.
1989 *
1990 * Returns void
1991 *
1992 ******************************************************************************/
smp_br_process_link_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1993 void smp_br_process_link_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1994 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
1995
1996 SMP_TRACE_DEBUG("%s", __func__);
1997 if (!smp_calculate_long_term_key_from_link_key(p_cb)) {
1998 SMP_TRACE_ERROR("%s: failed", __func__);
1999 smp_sm_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &status);
2000 return;
2001 }
2002
2003 SMP_TRACE_DEBUG("%s: LTK derivation from LK successfully completed",
2004 __func__);
2005 smp_save_secure_connections_long_term_key(p_cb);
2006 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ENC, false);
2007 smp_br_select_next_key(p_cb, NULL);
2008 }
2009
2010 /*******************************************************************************
2011 * Function smp_key_distribution_by_transport
2012 * Description depending on the transport used at the moment calls either
2013 * smp_key_distribution(...) or smp_br_key_distribution(...).
2014 ******************************************************************************/
smp_key_distribution_by_transport(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2015 void smp_key_distribution_by_transport(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
2016 SMP_TRACE_DEBUG("%s", __func__);
2017 if (p_cb->smp_over_br) {
2018 smp_br_select_next_key(p_cb, NULL);
2019 } else {
2020 smp_key_distribution(p_cb, NULL);
2021 }
2022 }
2023
2024 /*******************************************************************************
2025 * Function smp_br_pairing_complete
2026 * Description This function is called to send the pairing complete
2027 * callback and remove the connection if needed.
2028 ******************************************************************************/
smp_br_pairing_complete(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2029 void smp_br_pairing_complete(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
2030 SMP_TRACE_DEBUG("%s", __func__);
2031
2032 if (p_cb->total_tx_unacked == 0) {
2033 /* process the pairing complete */
2034 smp_proc_pairing_cmpl(p_cb);
2035 }
2036 }
2037