• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /******************************************************************************
2  *
3  *  Copyright (C) 2003-2012 Broadcom Corporation
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 #include "bt_target.h"
20 
21 #include <cutils/log.h>
22 #include <string.h>
23 #include "smp_int.h"
24 
25 const char* const smp_state_name[] = {
26     "SMP_STATE_IDLE",
27     "SMP_STATE_WAIT_APP_RSP",
28     "SMP_STATE_SEC_REQ_PENDING",
29     "SMP_STATE_PAIR_REQ_RSP",
30     "SMP_STATE_WAIT_CONFIRM",
31     "SMP_STATE_CONFIRM",
32     "SMP_STATE_RAND",
33     "SMP_STATE_PUBLIC_KEY_EXCH",
34     "SMP_STATE_SEC_CONN_PHS1_START",
35     "SMP_STATE_WAIT_COMMITMENT",
36     "SMP_STATE_WAIT_NONCE",
37     "SMP_STATE_SEC_CONN_PHS2_START",
38     "SMP_STATE_WAIT_DHK_CHECK",
39     "SMP_STATE_DHK_CHECK",
40     "SMP_STATE_ENCRYPTION_PENDING",
41     "SMP_STATE_BOND_PENDING",
42     "SMP_STATE_CREATE_LOCAL_SEC_CONN_OOB_DATA",
43     "SMP_STATE_MAX"};
44 
45 const char* const smp_event_name[] = {"PAIRING_REQ_EVT",
46                                       "PAIRING_RSP_EVT",
47                                       "CONFIRM_EVT",
48                                       "RAND_EVT",
49                                       "PAIRING_FAILED_EVT",
50                                       "ENC_INFO_EVT",
51                                       "MASTER_ID_EVT",
52                                       "ID_INFO_EVT",
53                                       "ID_ADDR_EVT",
54                                       "SIGN_INFO_EVT",
55                                       "SECURITY_REQ_EVT",
56                                       "PAIR_PUBLIC_KEY_EVT",
57                                       "PAIR_DHKEY_CHECK_EVT",
58                                       "PAIR_KEYPRESS_NOTIFICATION_EVT",
59                                       "PAIR_COMMITMENT_EVT",
60                                       "KEY_READY_EVT",
61                                       "ENCRYPTED_EVT",
62                                       "L2CAP_CONN_EVT",
63                                       "L2CAP_DISCONN_EVT",
64                                       "API_IO_RSP_EVT",
65                                       "API_SEC_GRANT_EVT",
66                                       "TK_REQ_EVT",
67                                       "AUTH_CMPL_EVT",
68                                       "ENC_REQ_EVT",
69                                       "BOND_REQ_EVT",
70                                       "DISCARD_SEC_REQ_EVT",
71                                       "PUBLIC_KEY_EXCHANGE_REQ_EVT",
72                                       "LOCAL_PUBLIC_KEY_CRTD_EVT",
73                                       "BOTH_PUBLIC_KEYS_RCVD_EVT",
74                                       "SEC_CONN_DHKEY_COMPLETE_EVT",
75                                       "HAVE_LOCAL_NONCE_EVT",
76                                       "SEC_CONN_PHASE1_CMPLT_EVT",
77                                       "SEC_CONN_CALC_NC_EVT",
78                                       "SEC_CONN_DISPLAY_NC_EVT",
79                                       "SEC_CONN_OK_EVT",
80                                       "SEC_CONN_2_DHCK_CHECKS_PRESENT_EVT",
81                                       "SEC_CONN_KEY_READY_EVT",
82                                       "KEYPRESS_NOTIFICATION_EVT",
83                                       "SEC_CONN_OOB_DATA_EVT",
84                                       "CREATE_LOCAL_SEC_CONN_OOB_DATA_EVT",
85                                       "OUT_OF_RANGE_EVT"};
86 
87 const char* smp_get_event_name(tSMP_EVENT event);
88 const char* smp_get_state_name(tSMP_STATE state);
89 
90 #define SMP_SM_IGNORE 0
91 #define SMP_NUM_ACTIONS 2
92 #define SMP_SME_NEXT_STATE 2
93 #define SMP_SM_NUM_COLS 3
94 
95 typedef const uint8_t (*tSMP_SM_TBL)[SMP_SM_NUM_COLS];
96 
97 enum {
98   SMP_PROC_SEC_REQ,
99   SMP_SEND_PAIR_REQ,
100   SMP_SEND_PAIR_RSP,
101   SMP_SEND_CONFIRM,
102   SMP_SEND_PAIR_FAIL,
103   SMP_SEND_RAND,
104   SMP_SEND_ENC_INFO,
105   SMP_SEND_ID_INFO,
106   SMP_SEND_LTK_REPLY,
107   SMP_PROC_PAIR_CMD,
108   SMP_PROC_PAIR_FAIL,
109   SMP_PROC_CONFIRM,
110   SMP_PROC_RAND,
111   SMP_PROC_ENC_INFO,
112   SMP_PROC_MASTER_ID,
113   SMP_PROC_ID_INFO,
114   SMP_PROC_ID_ADDR,
115   SMP_PROC_SRK_INFO,
116   SMP_PROC_SEC_GRANT,
117   SMP_PROC_SL_KEY,
118   SMP_PROC_COMPARE,
119   SMP_PROC_IO_RSP,
120   SMP_GENERATE_COMPARE,
121   SMP_GENERATE_CONFIRM,
122   SMP_GENERATE_STK,
123   SMP_KEY_DISTRIBUTE,
124   SMP_START_ENC,
125   SMP_PAIRING_CMPL,
126   SMP_DECIDE_ASSO_MODEL,
127   SMP_SEND_APP_CBACK,
128   SMP_CHECK_AUTH_REQ,
129   SMP_PAIR_TERMINATE,
130   SMP_ENC_CMPL,
131   SMP_PROC_DISCARD,
132   SMP_CREATE_PRIVATE_KEY,
133   SMP_USE_OOB_PRIVATE_KEY,
134   SMP_SEND_PAIR_PUBLIC_KEY,
135   SMP_PROCESS_PAIR_PUBLIC_KEY,
136   SMP_HAVE_BOTH_PUBLIC_KEYS,
137   SMP_START_SEC_CONN_PHASE1,
138   SMP_PROCESS_LOCAL_NONCE,
139   SMP_SEND_COMMITMENT,
140   SMP_PROCESS_PAIRING_COMMITMENT,
141   SMP_PROCESS_PEER_NONCE,
142   SMP_CALCULATE_LOCAL_DHKEY_CHECK,
143   SMP_SEND_DHKEY_CHECK,
144   SMP_PROCESS_DHKEY_CHECK,
145   SMP_CALCULATE_PEER_DHKEY_CHECK,
146   SMP_MATCH_DHKEY_CHECKS,
147   SMP_CALCULATE_NUMERIC_COMPARISON_DISPLAY_NUMBER,
148   SMP_MOVE_TO_SEC_CONN_PHASE2,
149   SMP_PH2_DHKEY_CHECKS_ARE_PRESENT,
150   SMP_WAIT_FOR_BOTH_PUBLIC_KEYS,
151   SMP_START_PASSKEY_VERIFICATION,
152   SMP_SEND_KEYPRESS_NOTIFICATION,
153   SMP_PROCESS_KEYPRESS_NOTIFICATION,
154   SMP_PROCESS_SECURE_CONNECTION_OOB_DATA,
155   SMP_SET_LOCAL_OOB_KEYS,
156   SMP_SET_LOCAL_OOB_RAND_COMMITMENT,
157   SMP_IDLE_TERMINATE,
158   SMP_FAST_CONN_PARAM,
159   SMP_SM_NO_ACTION
160 };
161 
162 static const tSMP_ACT smp_sm_action[] = {
163     smp_proc_sec_req,
164     smp_send_pair_req,
165     smp_send_pair_rsp,
166     smp_send_confirm,
167     smp_send_pair_fail,
168     smp_send_rand,
169     smp_send_enc_info,
170     smp_send_id_info,
171     smp_send_ltk_reply,
172     smp_proc_pair_cmd,
173     smp_proc_pair_fail,
174     smp_proc_confirm,
175     smp_proc_rand,
176     smp_proc_enc_info,
177     smp_proc_master_id,
178     smp_proc_id_info,
179     smp_proc_id_addr,
180     smp_proc_srk_info,
181     smp_proc_sec_grant,
182     smp_proc_sl_key,
183     smp_proc_compare,
184     smp_process_io_response,
185     smp_generate_compare,
186     smp_generate_srand_mrand_confirm,
187     smp_generate_stk,
188     smp_key_distribution,
189     smp_start_enc,
190     smp_pairing_cmpl,
191     smp_decide_association_model,
192     smp_send_app_cback,
193     smp_check_auth_req,
194     smp_pair_terminate,
195     smp_enc_cmpl,
196     smp_proc_discard,
197     smp_create_private_key,
198     smp_use_oob_private_key,
199     smp_send_pair_public_key,
200     smp_process_pairing_public_key,
201     smp_both_have_public_keys,
202     smp_start_secure_connection_phase1,
203     smp_process_local_nonce,
204     smp_send_commitment,
205     smp_process_pairing_commitment,
206     smp_process_peer_nonce,
207     smp_calculate_local_dhkey_check,
208     smp_send_dhkey_check,
209     smp_process_dhkey_check,
210     smp_calculate_peer_dhkey_check,
211     smp_match_dhkey_checks,
212     smp_calculate_numeric_comparison_display_number,
213     smp_move_to_secure_connections_phase2,
214     smp_phase_2_dhkey_checks_are_present,
215     smp_wait_for_both_public_keys,
216     smp_start_passkey_verification,
217     smp_send_keypress_notification,
218     smp_process_keypress_notification,
219     smp_process_secure_connection_oob_data,
220     smp_set_local_oob_keys,
221     smp_set_local_oob_random_commitment,
222     smp_idle_terminate,
223     smp_fast_conn_param};
224 
225 /************ SMP Master FSM State/Event Indirection Table **************/
226 static const uint8_t smp_master_entry_map[][SMP_STATE_MAX] = {
227     /* state name: */
228     /* Idle, WaitApp Rsp, SecReq Pend, Pair ReqRsp, Wait Cfm, Confirm, Rand,
229        PublKey Exch, SCPhs1 Strt, Wait Cmtm, Wait Nonce, SCPhs2 Strt, Wait
230        DHKChk, DHKChk, Enc Pend, Bond Pend, CrLocSc OobData */
231     /* PAIR_REQ */
232     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
233     /* PAIR_RSP */
234     {0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
235     /* CONFIRM */
236     {0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
237     /* RAND */
238     {0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0},
239     /* PAIR_FAIL */
240     {0, 0x81, 0, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81,
241      0x81, 0, 0x81, 0},
242     /* ENC_INFO */
243     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0},
244     /* MASTER_ID */
245     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4, 0},
246     /* ID_INFO */
247     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0},
248     /* ID_ADDR */
249     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5, 0},
250     /* SIGN_INFO */
251     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0},
252     /* SEC_REQ */
253     {2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
254     /* PAIR_PUBLIC_KEY */
255     {0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0},
256     /* PAIR_DHKEY_CHCK */
257     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0},
258     /* PAIR_KEYPR_NOTIF */
259     {0, 8, 0, 0, 0, 0, 0, 0, 5, 2, 0, 0, 0, 0, 0, 0, 0},
260     /* PAIR_COMMITM */
261     {0, 0, 0, 0, 0, 0, 0, 0, 6, 1, 0, 0, 0, 0, 0, 0, 0},
262     /* KEY_READY */
263     {0, 3, 0, 3, 1, 0, 2, 0, 4, 0, 0, 0, 0, 0, 1, 6, 0},
264     /* ENC_CMPL */
265     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0},
266     /* L2C_CONN */
267     {1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
268     /* L2C_DISC */
269     {3, 0x83, 0, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83,
270      0x83, 0x83, 0x83, 0},
271     /* IO_RSP */
272     {0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
273     /* SEC_GRANT */
274     {0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
275     /* TK_REQ */
276     {0, 0, 0, 2, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 0},
277     /* AUTH_CMPL */
278     {4, 0x82, 0, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82,
279      0x82, 0x82, 0x82, 0},
280     /* ENC_REQ */
281     {0, 4, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0},
282     /* BOND_REQ */
283     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0, 0},
284     /* DISCARD_SEC_REQ */
285     {0, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0, 0},
286     /* PUBL_KEY_EXCH_REQ */
287     {0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
288     /* LOC_PUBL_KEY_CRTD */
289     {0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1},
290     /* BOTH_PUBL_KEYS_RCVD */
291     {0, 0, 0, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 0, 0},
292     /* SC_DHKEY_CMPLT */
293     {0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0},
294     /* HAVE_LOC_NONCE */
295     {0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 2},
296     /* SC_PHASE1_CMPLT */
297     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0},
298     /* SC_CALC_NC */
299     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0},
300     /* SC_DSPL_NC */
301     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0},
302     /* SC_NC_OK */
303     {0, 6, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
304     /* SC_2_DHCK_CHKS_PRES */
305     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
306     /* SC_KEY_READY */
307     {0, 7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0},
308     /* KEYPR_NOTIF */
309     {0, 9, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
310     /* SC_OOB_DATA */
311     {0, 10, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
312     /* CR_LOC_SC_OOB_DATA */
313     {5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
314 };
315 
316 static const uint8_t smp_all_table[][SMP_SM_NUM_COLS] = {
317     /* Event                  Action             Next State */
318     /* PAIR_FAIL */
319     {SMP_PROC_PAIR_FAIL, SMP_PAIRING_CMPL, SMP_STATE_IDLE},
320     /* AUTH_CMPL */
321     {SMP_SEND_PAIR_FAIL, SMP_PAIRING_CMPL, SMP_STATE_IDLE},
322     /* L2C_DISC */
323     {SMP_PAIR_TERMINATE, SMP_SM_NO_ACTION, SMP_STATE_IDLE}};
324 
325 static const uint8_t smp_master_idle_table[][SMP_SM_NUM_COLS] = {
326     /* Event                  Action               Next State */
327     /* L2C_CONN */
328     {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
329     /* SEC_REQ */
330     {SMP_PROC_SEC_REQ, SMP_SEND_APP_CBACK, SMP_STATE_WAIT_APP_RSP},
331     /* L2C_DISC */
332     {SMP_IDLE_TERMINATE, SMP_SM_NO_ACTION, SMP_STATE_IDLE},
333     /* AUTH_CMPL */
334     {SMP_PAIRING_CMPL, SMP_SM_NO_ACTION, SMP_STATE_IDLE},
335     /* CR_LOC_SC_OOB_DATA */
336     {SMP_CREATE_PRIVATE_KEY, SMP_SM_NO_ACTION,
337      SMP_STATE_CREATE_LOCAL_SEC_CONN_OOB_DATA}
338 
339 };
340 
341 static const uint8_t smp_master_wait_for_app_response_table[][SMP_SM_NUM_COLS] =
342     {
343         /* Event                Action               Next State */
344         /* SEC_GRANT */
345         {SMP_PROC_SEC_GRANT, SMP_SEND_APP_CBACK, SMP_STATE_WAIT_APP_RSP},
346         /* IO_RSP */
347         {SMP_SEND_PAIR_REQ, SMP_FAST_CONN_PARAM, SMP_STATE_PAIR_REQ_RSP},
348 
349         /* TK ready */
350         /* KEY_READY */
351         {SMP_GENERATE_CONFIRM, SMP_SM_NO_ACTION, SMP_STATE_WAIT_CONFIRM},
352 
353         /* start enc mode setup */
354         /* ENC_REQ */
355         {SMP_START_ENC, SMP_FAST_CONN_PARAM, SMP_STATE_ENCRYPTION_PENDING},
356         /* DISCARD_SEC_REQ */
357         {SMP_PROC_DISCARD, SMP_SM_NO_ACTION, SMP_STATE_IDLE}
358         /* user confirms NC 'OK', i.e. phase 1 is completed */
359         /* SC_NC_OK */,
360         {SMP_MOVE_TO_SEC_CONN_PHASE2, SMP_SM_NO_ACTION,
361          SMP_STATE_SEC_CONN_PHS2_START},
362         /* user-provided passkey is rcvd */
363         /* SC_KEY_READY */
364         {SMP_START_PASSKEY_VERIFICATION, SMP_SM_NO_ACTION,
365          SMP_STATE_SEC_CONN_PHS1_START},
366         /* PAIR_KEYPR_NOTIF */
367         {SMP_PROCESS_KEYPRESS_NOTIFICATION, SMP_SEND_APP_CBACK,
368          SMP_STATE_WAIT_APP_RSP},
369         /* KEYPR_NOTIF */
370         {SMP_SEND_KEYPRESS_NOTIFICATION, SMP_SM_NO_ACTION,
371          SMP_STATE_WAIT_APP_RSP},
372         /* SC_OOB_DATA */
373         {SMP_USE_OOB_PRIVATE_KEY, SMP_SM_NO_ACTION, SMP_STATE_PUBLIC_KEY_EXCH}};
374 
375 static const uint8_t smp_master_pair_request_response_table[][SMP_SM_NUM_COLS] =
376     {
377         /* Event                  Action            Next State */
378         /* PAIR_RSP */
379         {SMP_PROC_PAIR_CMD, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
380         /* TK_REQ */
381         {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
382 
383         /* TK ready */
384         /* KEY_READY */
385         {SMP_GENERATE_CONFIRM, SMP_SM_NO_ACTION, SMP_STATE_WAIT_CONFIRM}
386         /* PUBL_KEY_EXCH_REQ */,
387         {SMP_CREATE_PRIVATE_KEY, SMP_SM_NO_ACTION, SMP_STATE_PUBLIC_KEY_EXCH}};
388 
389 static const uint8_t smp_master_wait_for_confirm_table[][SMP_SM_NUM_COLS] = {
390     /* Event                Action            Next State */
391     /* KEY_READY*/
392     /* CONFIRM ready */
393     {SMP_SEND_CONFIRM, SMP_SM_NO_ACTION, SMP_STATE_CONFIRM}};
394 
395 static const uint8_t smp_master_confirm_table[][SMP_SM_NUM_COLS] = {
396     /* Event            Action         Next State */
397     /* CONFIRM */
398     {SMP_PROC_CONFIRM, SMP_SEND_RAND, SMP_STATE_RAND}};
399 
400 static const uint8_t smp_master_rand_table[][SMP_SM_NUM_COLS] = {
401     /*               Event                  Action Next State */
402     /* RAND */
403     {SMP_PROC_RAND, SMP_GENERATE_COMPARE, SMP_STATE_RAND},
404     /* KEY_READY */
405     {SMP_PROC_COMPARE, SMP_SM_NO_ACTION, SMP_STATE_RAND}, /* Compare ready */
406     /* ENC_REQ */
407     {SMP_GENERATE_STK, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING}};
408 
409 static const uint8_t smp_master_public_key_exchange_table[][SMP_SM_NUM_COLS] = {
410     /* Event                        Action              Next State */
411     /* LOC_PUBL_KEY_CRTD */
412     {SMP_SEND_PAIR_PUBLIC_KEY, SMP_SM_NO_ACTION, SMP_STATE_PUBLIC_KEY_EXCH},
413     /* PAIR_PUBLIC_KEY */
414     {SMP_PROCESS_PAIR_PUBLIC_KEY, SMP_SM_NO_ACTION, SMP_STATE_PUBLIC_KEY_EXCH},
415     /* BOTH_PUBL_KEYS_RCVD */
416     {SMP_HAVE_BOTH_PUBLIC_KEYS, SMP_SM_NO_ACTION,
417      SMP_STATE_SEC_CONN_PHS1_START},
418 };
419 
420 static const uint8_t smp_master_sec_conn_phs1_start_table[][SMP_SM_NUM_COLS] = {
421     /* Event                  Action                Next State */
422     /* SC_DHKEY_CMPLT */
423     {SMP_START_SEC_CONN_PHASE1, SMP_SM_NO_ACTION,
424      SMP_STATE_SEC_CONN_PHS1_START},
425     /* HAVE_LOC_NONCE */
426     {SMP_PROCESS_LOCAL_NONCE, SMP_SM_NO_ACTION, SMP_STATE_WAIT_COMMITMENT},
427     /* TK_REQ */
428     {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
429     /* SMP_MODEL_SEC_CONN_PASSKEY_DISP model, passkey is sent up to display,*/
430     /* It's time to start commitment calculation */
431     /* KEY_READY */
432     {SMP_START_PASSKEY_VERIFICATION, SMP_SM_NO_ACTION,
433      SMP_STATE_SEC_CONN_PHS1_START},
434     /* PAIR_KEYPR_NOTIF */
435     {SMP_PROCESS_KEYPRESS_NOTIFICATION, SMP_SEND_APP_CBACK,
436      SMP_STATE_SEC_CONN_PHS1_START},
437     /* PAIR_COMMITM */
438     {SMP_PROCESS_PAIRING_COMMITMENT, SMP_SM_NO_ACTION,
439      SMP_STATE_SEC_CONN_PHS1_START},
440 };
441 
442 static const uint8_t smp_master_wait_commitment_table[][SMP_SM_NUM_COLS] = {
443     /* Event                  Action                 Next State */
444     /* PAIR_COMMITM */
445     {SMP_PROCESS_PAIRING_COMMITMENT, SMP_SEND_RAND, SMP_STATE_WAIT_NONCE},
446     /* PAIR_KEYPR_NOTIF */
447     {SMP_PROCESS_KEYPRESS_NOTIFICATION, SMP_SEND_APP_CBACK,
448      SMP_STATE_WAIT_COMMITMENT},
449 };
450 
451 static const uint8_t smp_master_wait_nonce_table[][SMP_SM_NUM_COLS] = {
452     /* Event                  Action                 Next State */
453     /* peer nonce is received */
454     /* RAND */
455     {SMP_PROC_RAND, SMP_PROCESS_PEER_NONCE, SMP_STATE_SEC_CONN_PHS2_START},
456     /* NC model, time to calculate number for NC */
457     /* SC_CALC_NC */
458     {SMP_CALCULATE_NUMERIC_COMPARISON_DISPLAY_NUMBER, SMP_SM_NO_ACTION,
459      SMP_STATE_WAIT_NONCE},
460     /* NC model, time to display calculated number for NC to the user */
461     /* SC_DSPL_NC */
462     {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
463 };
464 
465 static const uint8_t smp_master_sec_conn_phs2_start_table[][SMP_SM_NUM_COLS] = {
466     /* Event                           Action                 Next State */
467     /* SC_PHASE1_CMPLT */
468     {SMP_CALCULATE_LOCAL_DHKEY_CHECK, SMP_SEND_DHKEY_CHECK,
469      SMP_STATE_WAIT_DHK_CHECK},
470 };
471 
472 static const uint8_t smp_master_wait_dhk_check_table[][SMP_SM_NUM_COLS] = {
473     /* Event                  Action                          Next State */
474     /* PAIR_DHKEY_CHCK */
475     {SMP_PROCESS_DHKEY_CHECK, SMP_CALCULATE_PEER_DHKEY_CHECK,
476      SMP_STATE_DHK_CHECK},
477 };
478 
479 static const uint8_t smp_master_dhk_check_table[][SMP_SM_NUM_COLS] = {
480     /* Event                  Action                 Next State */
481     /* locally calculated peer dhkey check is ready -> compare it withs DHKey
482      * Check
483      * actually received from peer */
484     /* SC_KEY_READY */
485     {SMP_MATCH_DHKEY_CHECKS, SMP_SM_NO_ACTION, SMP_STATE_DHK_CHECK},
486     /* locally calculated peer dhkey check is ready -> calculate STK, go to
487      * sending
488      */
489     /* HCI LE Start Encryption command */
490     /* ENC_REQ */
491     {SMP_GENERATE_STK, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
492 };
493 
494 static const uint8_t smp_master_enc_pending_table[][SMP_SM_NUM_COLS] = {
495     /* Event                  Action                 Next State */
496     /* STK ready */
497     /* KEY_READY */
498     {SMP_START_ENC, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
499     /* ENCRYPTED */
500     {SMP_CHECK_AUTH_REQ, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
501     /* BOND_REQ */
502     {SMP_KEY_DISTRIBUTE, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING}};
503 static const uint8_t smp_master_bond_pending_table[][SMP_SM_NUM_COLS] = {
504     /* Event                  Action                 Next State */
505     /* ENC_INFO */
506     {SMP_PROC_ENC_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
507     /* ID_INFO */
508     {SMP_PROC_ID_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
509     /* SIGN_INFO */
510     {SMP_PROC_SRK_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
511     /* MASTER_ID */
512     {SMP_PROC_MASTER_ID, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
513     /* ID_ADDR */
514     {SMP_PROC_ID_ADDR, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
515     /* KEY_READY */
516     /* LTK ready */
517     {SMP_SEND_ENC_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING}};
518 
519 static const uint8_t
520     smp_master_create_local_sec_conn_oob_data[][SMP_SM_NUM_COLS] = {
521         /* Event                   Action            Next State */
522         /* LOC_PUBL_KEY_CRTD */
523         {SMP_SET_LOCAL_OOB_KEYS, SMP_SM_NO_ACTION,
524          SMP_STATE_CREATE_LOCAL_SEC_CONN_OOB_DATA},
525         /* HAVE_LOC_NONCE */
526         {SMP_SET_LOCAL_OOB_RAND_COMMITMENT, SMP_SM_NO_ACTION, SMP_STATE_IDLE}};
527 
528 /************ SMP Slave FSM State/Event Indirection Table **************/
529 static const uint8_t smp_slave_entry_map[][SMP_STATE_MAX] = {
530     /* state name: */
531     /* Idle, WaitApp Rsp, SecReq Pend, Pair ReqRsp, Wait Cfm, Confirm, Rand,
532        PublKey Exch, SCPhs1 Strt, Wait Cmtm, Wait Nonce, SCPhs2 Strt, Wait
533        DHKChk, DHKChk, Enc Pend, Bond Pend, CrLocSc OobData */
534     /* PAIR_REQ */
535     {2, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
536     /* PAIR_RSP */
537     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
538     /* CONFIRM */
539     {0, 4, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
540     /* RAND */
541     {0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0},
542     /* PAIR_FAIL */
543     {0, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81,
544      0x81, 0x81, 0, 0},
545     /* ENC_INFO */
546     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0},
547     /* MASTER_ID */
548     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5, 0},
549     /* ID_INFO */
550     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4, 0},
551     /* ID_ADDR */
552     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 6, 0},
553     /* SIGN_INFO */
554     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0},
555     /* SEC_REQ */
556     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
557     /* PAIR_PUBLIC_KEY */
558     {0, 0, 0, 5, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0},
559     /* PAIR_DHKEY_CHCK */
560     {0, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 1, 2, 0, 0, 0},
561     /* PAIR_KEYPR_NOTIF */
562     {0, 9, 0, 0, 0, 0, 0, 0, 5, 2, 0, 0, 0, 0, 0, 0, 0},
563     /* PAIR_COMMITM */
564     {0, 8, 0, 0, 0, 0, 0, 0, 6, 1, 0, 0, 0, 0, 0, 0, 0},
565     /* KEY_READY */
566     {0, 3, 0, 3, 2, 2, 1, 0, 4, 0, 0, 0, 0, 0, 2, 1, 0},
567     /* ENC_CMPL */
568     {0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0, 0},
569     /* L2C_CONN */
570     {1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
571     /* L2C_DISC */
572     {0, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83,
573      0x83, 0x83, 0x83, 0},
574     /* IO_RSP */
575     {0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
576     /* SEC_GRANT */
577     {0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
578     /* TK_REQ */
579     {0, 0, 0, 2, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 0},
580     /* AUTH_CMPL */
581     {0, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82,
582      0x82, 0x82, 0x82, 0},
583     /* ENC_REQ */
584     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0},
585     /* BOND_REQ */
586     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4, 0, 0},
587     /* DISCARD_SEC_REQ */
588     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
589     /* PUBL_KEY_EXCH_REQ */
590     {0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
591     /* LOC_PUBL_KEY_CRTD */
592     {0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1},
593     /* BOTH_PUBL_KEYS_RCVD */
594     {0, 0, 0, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 0, 0},
595     /* SC_DHKEY_CMPLT */
596     {0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0},
597     /* HAVE_LOC_NONCE */
598     {0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 2},
599     /* SC_PHASE1_CMPLT */
600     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0},
601     /* SC_CALC_NC */
602     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0},
603     /* SC_DSPL_NC */
604     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0},
605     /* SC_NC_OK */
606     {0, 6, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
607     /* SC_2_DHCK_CHKS_PRES */
608     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0, 0},
609     /* SC_KEY_READY */
610     {0, 7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0},
611     /* KEYPR_NOTIF */
612     {0, 10, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
613     /* SC_OOB_DATA */
614     {0, 11, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
615     /* CR_LOC_SC_OOB_DATA */
616     {3, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
617 };
618 
619 static const uint8_t smp_slave_idle_table[][SMP_SM_NUM_COLS] = {
620     /* Event                 Action                Next State */
621     /* L2C_CONN */
622     {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
623     /* PAIR_REQ */
624     {SMP_PROC_PAIR_CMD, SMP_SEND_APP_CBACK, SMP_STATE_WAIT_APP_RSP},
625     /* CR_LOC_SC_OOB_DATA */
626     {SMP_CREATE_PRIVATE_KEY, SMP_SM_NO_ACTION,
627      SMP_STATE_CREATE_LOCAL_SEC_CONN_OOB_DATA}};
628 
629 static const uint8_t smp_slave_wait_for_app_response_table[][SMP_SM_NUM_COLS] =
630     {
631         /* Event                   Action                 Next State */
632         /* IO_RSP */
633         {SMP_PROC_IO_RSP, SMP_FAST_CONN_PARAM, SMP_STATE_PAIR_REQ_RSP},
634         /* SEC_GRANT */
635         {SMP_PROC_SEC_GRANT, SMP_SEND_APP_CBACK, SMP_STATE_WAIT_APP_RSP},
636 
637         /* TK ready */
638         /* KEY_READY */
639         {SMP_PROC_SL_KEY, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
640         /* CONFIRM */
641         {SMP_PROC_CONFIRM, SMP_SM_NO_ACTION, SMP_STATE_CONFIRM},
642         /* DHKey Check from master is received before phase 1 is completed -
643            race */
644         /* PAIR_DHKEY_CHCK */
645         {SMP_PROCESS_DHKEY_CHECK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
646         /* user confirms NC 'OK', i.e. phase 1 is completed */
647         /* SC_NC_OK */
648         {SMP_MOVE_TO_SEC_CONN_PHASE2, SMP_SM_NO_ACTION,
649          SMP_STATE_SEC_CONN_PHS2_START},
650         /* user-provided passkey is rcvd */
651         /* SC_KEY_READY */
652         {SMP_START_PASSKEY_VERIFICATION, SMP_SM_NO_ACTION,
653          SMP_STATE_SEC_CONN_PHS1_START},
654         /* PAIR_COMMITM */
655         {SMP_PROCESS_PAIRING_COMMITMENT, SMP_SM_NO_ACTION,
656          SMP_STATE_WAIT_APP_RSP},
657         /* PAIR_KEYPR_NOTIF */
658         {SMP_PROCESS_KEYPRESS_NOTIFICATION, SMP_SEND_APP_CBACK,
659          SMP_STATE_WAIT_APP_RSP},
660         /* KEYPR_NOTIF */
661         {SMP_SEND_KEYPRESS_NOTIFICATION, SMP_SM_NO_ACTION,
662          SMP_STATE_WAIT_APP_RSP},
663         /* SC_OOB_DATA */
664         {SMP_SEND_PAIR_RSP, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
665 };
666 
667 static const uint8_t smp_slave_sec_request_table[][SMP_SM_NUM_COLS] = {
668     /* Event                  Action                 Next State */
669     /* PAIR_REQ */
670     {SMP_PROC_PAIR_CMD, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
671     /* ENCRYPTED*/
672     {SMP_ENC_CMPL, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
673 };
674 
675 static const uint8_t smp_slave_pair_request_response_table[][SMP_SM_NUM_COLS] =
676     {
677         /* Event                  Action                 Next State */
678         /* CONFIRM */
679         {SMP_PROC_CONFIRM, SMP_SM_NO_ACTION, SMP_STATE_CONFIRM},
680         /* TK_REQ */
681         {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
682 
683         /* TK/Confirm ready */
684         /* KEY_READY */
685         {SMP_PROC_SL_KEY, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
686         /* PUBL_KEY_EXCH_REQ */
687         {SMP_CREATE_PRIVATE_KEY, SMP_SM_NO_ACTION, SMP_STATE_PUBLIC_KEY_EXCH},
688         /* PAIR_PUBLIC_KEY */
689         {SMP_PROCESS_PAIR_PUBLIC_KEY, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
690 };
691 
692 static const uint8_t smp_slave_wait_confirm_table[][SMP_SM_NUM_COLS] = {
693     /* Event                  Action                 Next State */
694     /* CONFIRM */
695     {SMP_PROC_CONFIRM, SMP_SEND_CONFIRM, SMP_STATE_CONFIRM},
696     /* KEY_READY*/
697     {SMP_PROC_SL_KEY, SMP_SM_NO_ACTION, SMP_STATE_WAIT_CONFIRM}};
698 
699 static const uint8_t smp_slave_confirm_table[][SMP_SM_NUM_COLS] = {
700     /* Event                  Action                 Next State */
701     /* RAND */
702     {SMP_PROC_RAND, SMP_GENERATE_COMPARE, SMP_STATE_RAND},
703 
704     /* TK/Confirm ready */
705     /* KEY_READY*/
706     {SMP_PROC_SL_KEY, SMP_SM_NO_ACTION, SMP_STATE_CONFIRM}};
707 
708 static const uint8_t smp_slave_rand_table[][SMP_SM_NUM_COLS] = {
709     /* Event                  Action                 Next State */
710     /* KEY_READY */
711     {SMP_PROC_COMPARE, SMP_SM_NO_ACTION, SMP_STATE_RAND}, /* compare match */
712     /* RAND */
713     {SMP_SEND_RAND, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING}};
714 
715 static const uint8_t smp_slave_public_key_exch_table[][SMP_SM_NUM_COLS] = {
716     /* Event                  Action                 Next State */
717     /* LOC_PUBL_KEY_CRTD */
718     {SMP_WAIT_FOR_BOTH_PUBLIC_KEYS, SMP_SM_NO_ACTION,
719      SMP_STATE_PUBLIC_KEY_EXCH},
720     /* PAIR_PUBLIC_KEY */
721     {SMP_PROCESS_PAIR_PUBLIC_KEY, SMP_SM_NO_ACTION, SMP_STATE_PUBLIC_KEY_EXCH},
722     /* BOTH_PUBL_KEYS_RCVD */
723     {SMP_HAVE_BOTH_PUBLIC_KEYS, SMP_SM_NO_ACTION,
724      SMP_STATE_SEC_CONN_PHS1_START},
725 };
726 
727 static const uint8_t smp_slave_sec_conn_phs1_start_table[][SMP_SM_NUM_COLS] = {
728     /* Event                  Action                 Next State */
729     /* SC_DHKEY_CMPLT */
730     {SMP_START_SEC_CONN_PHASE1, SMP_SM_NO_ACTION,
731      SMP_STATE_SEC_CONN_PHS1_START},
732     /* HAVE_LOC_NONCE */
733     {SMP_PROCESS_LOCAL_NONCE, SMP_SM_NO_ACTION, SMP_STATE_WAIT_COMMITMENT},
734     /* TK_REQ */
735     {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
736     /* SMP_MODEL_SEC_CONN_PASSKEY_DISP model, passkey is sent up to display,
737      * it's
738      * time to start */
739     /* commitment calculation */
740     /* KEY_READY */
741     {SMP_START_PASSKEY_VERIFICATION, SMP_SM_NO_ACTION,
742      SMP_STATE_SEC_CONN_PHS1_START},
743     /* PAIR_KEYPR_NOTIF */
744     {SMP_PROCESS_KEYPRESS_NOTIFICATION, SMP_SEND_APP_CBACK,
745      SMP_STATE_SEC_CONN_PHS1_START},
746     /*COMMIT*/
747     {SMP_PROCESS_PAIRING_COMMITMENT, SMP_SM_NO_ACTION,
748      SMP_STATE_SEC_CONN_PHS1_START},
749 };
750 
751 static const uint8_t smp_slave_wait_commitment_table[][SMP_SM_NUM_COLS] = {
752     /* Event                  Action                 Next State */
753     /* PAIR_COMMITM */
754     {SMP_PROCESS_PAIRING_COMMITMENT, SMP_SEND_COMMITMENT, SMP_STATE_WAIT_NONCE},
755     /* PAIR_KEYPR_NOTIF */
756     {SMP_PROCESS_KEYPRESS_NOTIFICATION, SMP_SEND_APP_CBACK,
757      SMP_STATE_WAIT_COMMITMENT},
758 };
759 
760 static const uint8_t smp_slave_wait_nonce_table[][SMP_SM_NUM_COLS] = {
761     /* Event                  Action                 Next State */
762     /* peer nonce is received */
763     /* RAND */
764     {SMP_PROC_RAND, SMP_PROCESS_PEER_NONCE, SMP_STATE_SEC_CONN_PHS2_START},
765     /* NC model, time to calculate number for NC */
766     /* SC_CALC_NC */
767     {SMP_CALCULATE_NUMERIC_COMPARISON_DISPLAY_NUMBER, SMP_SM_NO_ACTION,
768      SMP_STATE_WAIT_NONCE},
769     /* NC model, time to display calculated number for NC to the user */
770     /* SC_DSPL_NC */
771     {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
772 };
773 
774 static const uint8_t smp_slave_sec_conn_phs2_start_table[][SMP_SM_NUM_COLS] = {
775     /* Event                  Action                 Next State */
776     /* SC_PHASE1_CMPLT */
777     {SMP_CALCULATE_LOCAL_DHKEY_CHECK, SMP_PH2_DHKEY_CHECKS_ARE_PRESENT,
778      SMP_STATE_WAIT_DHK_CHECK},
779     /* DHKey Check from master is received before slave DHKey calculation is
780      * completed - race */
781     /* PAIR_DHKEY_CHCK */
782     {SMP_PROCESS_DHKEY_CHECK, SMP_SM_NO_ACTION, SMP_STATE_SEC_CONN_PHS2_START},
783 };
784 
785 static const uint8_t smp_slave_wait_dhk_check_table[][SMP_SM_NUM_COLS] = {
786     /* Event                  Action                 Next State */
787     /* PAIR_DHKEY_CHCK */
788     {SMP_PROCESS_DHKEY_CHECK, SMP_CALCULATE_PEER_DHKEY_CHECK,
789      SMP_STATE_DHK_CHECK},
790     /* DHKey Check from master was received before slave came to this state */
791     /* SC_2_DHCK_CHKS_PRES */
792     {SMP_CALCULATE_PEER_DHKEY_CHECK, SMP_SM_NO_ACTION, SMP_STATE_DHK_CHECK},
793 };
794 
795 static const uint8_t smp_slave_dhk_check_table[][SMP_SM_NUM_COLS] = {
796     /* Event                  Action                 Next State */
797 
798     /* locally calculated peer dhkey check is ready -> compare it withs DHKey
799      * Check
800      */
801     /* actually received from peer */
802     /* SC_KEY_READY */
803     {SMP_MATCH_DHKEY_CHECKS, SMP_SM_NO_ACTION, SMP_STATE_DHK_CHECK},
804 
805     /* dhkey checks match -> send local dhkey check to master, go to wait for
806      * HCI LE
807      */
808     /* Long Term Key Request Event */
809     /* PAIR_DHKEY_CHCK */
810     {SMP_SEND_DHKEY_CHECK, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
811 };
812 
813 static const uint8_t smp_slave_enc_pending_table[][SMP_SM_NUM_COLS] = {
814     /* Event                  Action                 Next State */
815     /* ENC_REQ */
816     {SMP_GENERATE_STK, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
817 
818     /* STK ready */
819     /* KEY_READY */
820     {SMP_SEND_LTK_REPLY, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
821     /* ENCRYPTED */
822     {SMP_CHECK_AUTH_REQ, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
823     /* BOND_REQ */
824     {SMP_KEY_DISTRIBUTE, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING}};
825 static const uint8_t smp_slave_bond_pending_table[][SMP_SM_NUM_COLS] = {
826     /* Event                  Action                 Next State */
827 
828     /* LTK ready */
829     /* KEY_READY */
830     {SMP_SEND_ENC_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
831 
832     /* rev SRK */
833     /* SIGN_INFO */
834     {SMP_PROC_SRK_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
835     /* ENC_INFO */
836     {SMP_PROC_ENC_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
837     /* ID_INFO */
838     {SMP_PROC_ID_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
839     /* MASTER_ID*/
840     {SMP_PROC_MASTER_ID, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
841     /* ID_ADDR */
842     {SMP_PROC_ID_ADDR, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING}
843 
844 };
845 
846 static const uint8_t
847     smp_slave_create_local_sec_conn_oob_data[][SMP_SM_NUM_COLS] = {
848         /* Event                  Action                 Next State */
849         /* LOC_PUBL_KEY_CRTD */
850         {SMP_SET_LOCAL_OOB_KEYS, SMP_SM_NO_ACTION,
851          SMP_STATE_CREATE_LOCAL_SEC_CONN_OOB_DATA},
852         /* HAVE_LOC_NONCE */
853         {SMP_SET_LOCAL_OOB_RAND_COMMITMENT, SMP_SM_NO_ACTION, SMP_STATE_IDLE}};
854 
855 static const tSMP_SM_TBL smp_state_table[][2] = {
856     /* SMP_STATE_IDLE */
857     {smp_master_idle_table, smp_slave_idle_table},
858 
859     /* SMP_STATE_WAIT_APP_RSP */
860     {smp_master_wait_for_app_response_table,
861      smp_slave_wait_for_app_response_table},
862 
863     /* SMP_STATE_SEC_REQ_PENDING */
864     {NULL, smp_slave_sec_request_table},
865 
866     /* SMP_STATE_PAIR_REQ_RSP */
867     {smp_master_pair_request_response_table,
868      smp_slave_pair_request_response_table},
869 
870     /* SMP_STATE_WAIT_CONFIRM */
871     {smp_master_wait_for_confirm_table, smp_slave_wait_confirm_table},
872 
873     /* SMP_STATE_CONFIRM */
874     {smp_master_confirm_table, smp_slave_confirm_table},
875 
876     /* SMP_STATE_RAND */
877     {smp_master_rand_table, smp_slave_rand_table},
878 
879     /* SMP_STATE_PUBLIC_KEY_EXCH */
880     {smp_master_public_key_exchange_table, smp_slave_public_key_exch_table},
881 
882     /* SMP_STATE_SEC_CONN_PHS1_START */
883     {smp_master_sec_conn_phs1_start_table, smp_slave_sec_conn_phs1_start_table},
884 
885     /* SMP_STATE_WAIT_COMMITMENT */
886     {smp_master_wait_commitment_table, smp_slave_wait_commitment_table},
887 
888     /* SMP_STATE_WAIT_NONCE */
889     {smp_master_wait_nonce_table, smp_slave_wait_nonce_table},
890 
891     /* SMP_STATE_SEC_CONN_PHS2_START */
892     {smp_master_sec_conn_phs2_start_table, smp_slave_sec_conn_phs2_start_table},
893 
894     /* SMP_STATE_WAIT_DHK_CHECK */
895     {smp_master_wait_dhk_check_table, smp_slave_wait_dhk_check_table},
896 
897     /* SMP_STATE_DHK_CHECK */
898     {smp_master_dhk_check_table, smp_slave_dhk_check_table},
899 
900     /* SMP_STATE_ENCRYPTION_PENDING */
901     {smp_master_enc_pending_table, smp_slave_enc_pending_table},
902 
903     /* SMP_STATE_BOND_PENDING */
904     {smp_master_bond_pending_table, smp_slave_bond_pending_table},
905 
906     /* SMP_STATE_CREATE_LOCAL_SEC_CONN_OOB_DATA */
907     {smp_master_create_local_sec_conn_oob_data,
908      smp_slave_create_local_sec_conn_oob_data}};
909 
910 typedef const uint8_t (*tSMP_ENTRY_TBL)[SMP_STATE_MAX];
911 static const tSMP_ENTRY_TBL smp_entry_table[] = {smp_master_entry_map,
912                                                  smp_slave_entry_map};
913 
914 tSMP_CB smp_cb;
915 
916 #define SMP_ALL_TBL_MASK 0x80
917 
918 /*******************************************************************************
919  * Function     smp_set_state
920  * Returns      None
921  ******************************************************************************/
smp_set_state(tSMP_STATE state)922 void smp_set_state(tSMP_STATE state) {
923   if (state < SMP_STATE_MAX) {
924     SMP_TRACE_DEBUG("State change: %s(%d) ==> %s(%d)",
925                     smp_get_state_name(smp_cb.state), smp_cb.state,
926                     smp_get_state_name(state), state);
927     smp_cb.state = state;
928   } else {
929     SMP_TRACE_DEBUG("smp_set_state invalid state =%d", state);
930   }
931 }
932 
933 /*******************************************************************************
934  * Function     smp_get_state
935  * Returns      The smp state
936  ******************************************************************************/
smp_get_state(void)937 tSMP_STATE smp_get_state(void) { return smp_cb.state; }
938 
939 /*******************************************************************************
940  *
941  * Function     smp_sm_event
942  *
943  * Description  Handle events to the state machine. It looks up the entry
944  *              in the smp_entry_table array.
945  *              If it is a valid entry, it gets the state table. Set the next
946  *              state, if not NULL state. Execute the action function according
947  *              to the state table. If the state returned by action function is
948  *              not NULL state, adjust the new state to the returned state. If
949  *              (api_evt != MAX), call callback function.
950  *
951  * Returns      void.
952  *
953  ******************************************************************************/
smp_sm_event(tSMP_CB * p_cb,tSMP_EVENT event,void * p_data)954 void smp_sm_event(tSMP_CB* p_cb, tSMP_EVENT event, void* p_data) {
955   uint8_t curr_state = p_cb->state;
956   tSMP_SM_TBL state_table;
957   uint8_t action, entry, i;
958 
959   if (p_cb->role >= 2) {
960     SMP_TRACE_DEBUG("Invalid role: %d", p_cb->role);
961     android_errorWriteLog(0x534e4554, "74121126");
962     return;
963   }
964 
965   tSMP_ENTRY_TBL entry_table = smp_entry_table[p_cb->role];
966 
967   SMP_TRACE_EVENT("main smp_sm_event");
968   if (curr_state >= SMP_STATE_MAX) {
969     SMP_TRACE_DEBUG("Invalid state: %d", curr_state);
970     return;
971   }
972 
973   SMP_TRACE_DEBUG("SMP Role: %s State: [%s (%d)], Event: [%s (%d)]",
974                   (p_cb->role == 0x01) ? "Slave" : "Master",
975                   smp_get_state_name(p_cb->state), p_cb->state,
976                   smp_get_event_name(event), event);
977 
978   /* look up the state table for the current state */
979   /* lookup entry /w event & curr_state */
980   /* If entry is ignore, return.
981    * Otherwise, get state table (according to curr_state or all_state) */
982   if ((event <= SMP_MAX_EVT) &&
983       ((entry = entry_table[event - 1][curr_state]) != SMP_SM_IGNORE)) {
984     if (entry & SMP_ALL_TBL_MASK) {
985       entry &= ~SMP_ALL_TBL_MASK;
986       state_table = smp_all_table;
987     } else
988       state_table = smp_state_table[curr_state][p_cb->role];
989   } else {
990     SMP_TRACE_DEBUG("Ignore event [%s (%d)] in state [%s (%d)]",
991                     smp_get_event_name(event), event,
992                     smp_get_state_name(curr_state), curr_state);
993     return;
994   }
995 
996   /* Get possible next state from state table. */
997 
998   smp_set_state(state_table[entry - 1][SMP_SME_NEXT_STATE]);
999 
1000   /* If action is not ignore, clear param, exec action and get next state.
1001    * The action function may set the Param for cback.
1002    * Depending on param, call cback or free buffer. */
1003   /* execute action */
1004   /* execute action functions */
1005   for (i = 0; i < SMP_NUM_ACTIONS; i++) {
1006     action = state_table[entry - 1][i];
1007     if (action != SMP_SM_NO_ACTION) {
1008       (*smp_sm_action[action])(p_cb, (tSMP_INT_DATA*)p_data);
1009     } else {
1010       break;
1011     }
1012   }
1013   SMP_TRACE_DEBUG("result state = %s", smp_get_state_name(p_cb->state));
1014 }
1015 
1016 /*******************************************************************************
1017  * Function     smp_get_state_name
1018  * Returns      The smp state name.
1019  ******************************************************************************/
smp_get_state_name(tSMP_STATE state)1020 const char* smp_get_state_name(tSMP_STATE state) {
1021   const char* p_str = smp_state_name[SMP_STATE_MAX];
1022 
1023   if (state < SMP_STATE_MAX) {
1024     p_str = smp_state_name[state];
1025   }
1026   return p_str;
1027 }
1028 
1029 /*******************************************************************************
1030  * Function     smp_get_event_name
1031  * Returns      The smp event name.
1032  ******************************************************************************/
smp_get_event_name(tSMP_EVENT event)1033 const char* smp_get_event_name(tSMP_EVENT event) {
1034   const char* p_str = smp_event_name[SMP_MAX_EVT];
1035 
1036   if (event <= SMP_MAX_EVT) {
1037     p_str = smp_event_name[event - 1];
1038   }
1039   return p_str;
1040 }
1041