1 /****************************************************************************** 2 * 3 * Copyright (C) 2003-2012 Broadcom Corporation 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19 #include "bt_target.h" 20 21 #if SMP_INCLUDED == TRUE 22 23 #include <string.h> 24 #include "btm_int.h" 25 #include "l2c_api.h" 26 #include "smp_int.h" 27 28 29 const UINT8 smp_association_table[2][SMP_IO_CAP_MAX][SMP_IO_CAP_MAX] = 30 { 31 /* initiator */ 32 {{SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENC_ONLY, SMP_MODEL_PASSKEY}, /* Display Only */ 33 {SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENC_ONLY, SMP_MODEL_PASSKEY}, /* SMP_CAP_IO = 1 */ 34 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENC_ONLY, SMP_MODEL_KEY_NOTIF}, /* keyboard only */ 35 {SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY},/* No Input No Output */ 36 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENC_ONLY, SMP_MODEL_KEY_NOTIF}}, /* keyboard display */ 37 /* responder */ 38 {{SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENC_ONLY, SMP_MODEL_KEY_NOTIF}, /* Display Only */ 39 {SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENC_ONLY, SMP_MODEL_KEY_NOTIF}, /* SMP_CAP_IO = 1 */ 40 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_ENC_ONLY, SMP_MODEL_PASSKEY}, /* keyboard only */ 41 {SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY},/* No Input No Output */ 42 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENC_ONLY, SMP_MODEL_PASSKEY}} /* keyboard display */ 43 /* display only */ /*SMP_CAP_IO = 1 */ /* keyboard only */ /* No InputOutput */ /* keyboard display */ 44 }; 45 46 const tSMP_ACT smp_distribute_act [] = 47 { 48 smp_generate_ltk, 49 smp_send_id_info, 50 smp_generate_csrk 51 }; 52 53 /******************************************************************************* 54 ** Function smp_update_key_mask 55 ** Description This function updates the key mask for sending or receiving. 56 *******************************************************************************/ 57 static void smp_update_key_mask (tSMP_CB *p_cb, UINT8 key_type, BOOLEAN recv) 58 { 59 SMP_TRACE_DEBUG0 ("smp_update_key_mask "); 60 SMP_TRACE_DEBUG4("before update role=%d recv=%d loc_i_key = %02x, loc_r_key = %02x", p_cb->role, recv, p_cb->loc_i_key, p_cb->loc_r_key); 61 if (p_cb->role == HCI_ROLE_SLAVE) 62 { 63 if (recv) 64 p_cb->loc_i_key &= ~key_type; 65 else 66 p_cb->loc_r_key &= ~key_type; 67 } 68 else 69 { 70 if (recv) 71 p_cb->loc_r_key &= ~key_type; 72 else 73 p_cb->loc_i_key &= ~key_type; 74 } 75 76 SMP_TRACE_DEBUG2("updated loc_i_key = %02x, loc_r_key = %02x", p_cb->loc_i_key, p_cb->loc_r_key); 77 } 78 /******************************************************************************* 79 ** Function smp_io_cap_req 80 ** Description send SMP IO request 81 *******************************************************************************/ 82 void smp_send_app_cback(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 83 { 84 tSMP_EVT_DATA cb_data; 85 tSMP_STATUS callback_rc; 86 SMP_TRACE_DEBUG1 ("smp_send_app_cback p_cb->cb_evt=%d", p_cb->cb_evt ); 87 if (p_cb->p_callback && p_cb->cb_evt != 0) 88 { 89 if (p_cb->cb_evt == SMP_IO_CAP_REQ_EVT) 90 { 91 cb_data.io_req.auth_req = p_cb->peer_auth_req; 92 cb_data.io_req.oob_data = SMP_OOB_NONE; 93 cb_data.io_req.io_cap = SMP_DEFAULT_IO_CAPS; 94 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE; 95 cb_data.io_req.init_keys = p_cb->loc_i_key ; 96 cb_data.io_req.resp_keys = p_cb->loc_r_key ; 97 98 SMP_TRACE_WARNING1( "io_cap = %d",cb_data.io_req.io_cap); 99 } 100 callback_rc = (*p_cb->p_callback)(p_cb->cb_evt, p_cb->pairing_bda, &cb_data); 101 102 SMP_TRACE_DEBUG2 ("callback_rc=%d p_cb->cb_evt=%d",callback_rc, p_cb->cb_evt ); 103 104 if (callback_rc == SMP_SUCCESS && p_cb->cb_evt == SMP_IO_CAP_REQ_EVT) 105 { 106 p_cb->loc_auth_req = cb_data.io_req.auth_req; 107 p_cb->loc_io_caps = cb_data.io_req.io_cap; 108 p_cb->loc_oob_flag = cb_data.io_req.oob_data; 109 p_cb->loc_enc_size = cb_data.io_req.max_key_size; 110 p_cb->loc_i_key = cb_data.io_req.init_keys; 111 p_cb->loc_r_key = cb_data.io_req.resp_keys; 112 113 SMP_TRACE_WARNING2( "new io_cap = %d p_cb->loc_enc_size = %d",p_cb->loc_io_caps, p_cb->loc_enc_size); 114 115 smp_sm_event(p_cb, SMP_IO_RSP_EVT, NULL); 116 } 117 } 118 119 if (!p_cb->cb_evt && p_cb->discard_sec_req) 120 { 121 p_cb->discard_sec_req = FALSE; 122 smp_sm_event(p_cb, SMP_DISCARD_SEC_REQ_EVT, NULL); 123 } 124 SMP_TRACE_DEBUG0 ("smp_send_app_cback return"); 125 } 126 /******************************************************************************* 127 ** Function smp_send_pair_fail 128 ** Description pairing failure to peer device if needed. 129 *******************************************************************************/ 130 void smp_send_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 131 { 132 p_cb->status = *(UINT8 *)p_data; 133 p_cb->failure = *(UINT8 *)p_data; 134 135 SMP_TRACE_DEBUG2 ("smp_send_pair_fail status=%d failure=%d ",p_cb->status, p_cb->failure); 136 137 if (p_cb->status <= SMP_REPEATED_ATTEMPTS && p_cb->status != SMP_SUCCESS) 138 { 139 smp_send_cmd(SMP_OPCODE_PAIRING_FAILED, p_cb); 140 } 141 } 142 143 /******************************************************************************* 144 ** Function smp_send_pair_req 145 ** Description process pairing request to slave device 146 *******************************************************************************/ 147 void smp_send_pair_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 148 { 149 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda); 150 SMP_TRACE_DEBUG0 ("smp_send_pair_req "); 151 152 #if BLE_INCLUDED == TRUE 153 /* Disable L2CAP connection parameter updates while bonding since 154 some peripherals are not able to revert to fast connection parameters 155 during the start of service discovery. Connection paramter updates 156 get enabled again once service discovery completes. */ 157 L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, FALSE); 158 #endif 159 160 /* erase all keys when master sends pairing req*/ 161 if (p_dev_rec) 162 btm_sec_clear_ble_keys(p_dev_rec); 163 /* do not manipulate the key, let app decide, 164 leave out to BTM to mandate key distribution for bonding case */ 165 smp_send_cmd(SMP_OPCODE_PAIRING_REQ, p_cb); 166 } 167 /******************************************************************************* 168 ** Function smp_send_pair_rsp 169 ** Description process pairing response to slave device 170 *******************************************************************************/ 171 void smp_send_pair_rsp(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 172 { 173 SMP_TRACE_DEBUG0 ("smp_send_pair_rsp "); 174 175 p_cb->loc_i_key &= p_cb->peer_i_key; 176 p_cb->loc_r_key &= p_cb->peer_r_key; 177 178 if (smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb)) 179 { 180 smp_decide_asso_model(p_cb, NULL); 181 } 182 } 183 184 /******************************************************************************* 185 ** Function smp_send_pair_request 186 ** Description process pairing request to slave device 187 *******************************************************************************/ 188 void smp_send_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 189 { 190 SMP_TRACE_DEBUG0 ("smp_send_confirm "); 191 smp_send_cmd(SMP_OPCODE_CONFIRM, p_cb); 192 } 193 /******************************************************************************* 194 ** Function smp_send_init 195 ** Description process pairing initializer to slave device 196 *******************************************************************************/ 197 void smp_send_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 198 { 199 SMP_TRACE_DEBUG0 ("smp_send_init "); 200 201 #if SMP_CONFORMANCE_TESTING == TRUE 202 if (p_cb->enable_test_rand_val) 203 { 204 SMP_TRACE_DEBUG0 ("Use rand value from script"); 205 memcpy(p_cb->rand, p_cb->test_rand, BT_OCTET16_LEN); 206 } 207 #endif 208 209 smp_send_cmd(SMP_OPCODE_INIT, p_cb); 210 } 211 /******************************************************************************* 212 ** Function smp_send_enc_info 213 ** Description send security information command. 214 *******************************************************************************/ 215 void smp_send_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 216 { 217 tBTM_LE_LENC_KEYS le_key; 218 219 SMP_TRACE_DEBUG1 ("smp_send_enc_info p_cb->loc_enc_size = %d", p_cb->loc_enc_size); 220 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE); 221 222 smp_send_cmd(SMP_OPCODE_ENCRYPT_INFO, p_cb); 223 smp_send_cmd(SMP_OPCODE_MASTER_ID, p_cb); 224 225 /* save the DIV and key size information when acting as slave device */ 226 le_key.div = p_cb->div; 227 le_key.key_size = p_cb->loc_enc_size; 228 le_key.sec_level = p_cb->sec_level; 229 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LENC, (tBTM_LE_KEY_VALUE *)&le_key, TRUE); 230 231 SMP_TRACE_WARNING0( "smp_send_enc_info"); 232 233 smp_key_distribution(p_cb, NULL); 234 } 235 /******************************************************************************* 236 ** Function smp_send_id_info 237 ** Description send ID information command. 238 *******************************************************************************/ 239 void smp_send_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 240 { 241 SMP_TRACE_DEBUG0 ("smp_send_id_info "); 242 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, FALSE); 243 244 smp_send_cmd(SMP_OPCODE_IDENTITY_INFO, p_cb); 245 smp_send_cmd(SMP_OPCODE_ID_ADDR, p_cb); 246 247 SMP_TRACE_WARNING0( "smp_send_id_info"); 248 249 smp_key_distribution(p_cb, NULL); 250 } 251 /******************************************************************************* 252 ** Function smp_send_csrk_info 253 ** Description send CSRK command. 254 *******************************************************************************/ 255 void smp_send_csrk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 256 { 257 tBTM_LE_KEY_VALUE key; 258 SMP_TRACE_DEBUG0 ("smp_send_csrk_info "); 259 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, FALSE); 260 261 if (smp_send_cmd(SMP_OPCODE_SIGN_INFO, p_cb)) 262 { 263 key.lcsrk_key.div = p_cb->div; 264 key.lcsrk_key.sec_level = p_cb->sec_level; 265 key.lcsrk_key.counter = 0; /* initialize the local counter */ 266 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LCSRK, &key, TRUE); 267 } 268 269 smp_key_distribution(p_cb, NULL); 270 } 271 272 /******************************************************************************* 273 ** Function smp_send_ltk_reply 274 ** Description send LTK reply 275 *******************************************************************************/ 276 void smp_send_ltk_reply(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 277 { 278 SMP_TRACE_DEBUG0 ("smp_send_ltk_reply "); 279 /* send stk as LTK response */ 280 btm_ble_ltk_request_reply(p_cb->pairing_bda, TRUE, p_data->key.p_data); 281 } 282 /******************************************************************************* 283 ** Function smp_proc_sec_req 284 ** Description process security request. 285 *******************************************************************************/ 286 void smp_proc_sec_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 287 { 288 tBTM_LE_AUTH_REQ auth_req = *(tBTM_LE_AUTH_REQ *)p_data; 289 tBTM_BLE_SEC_REQ_ACT sec_req_act; 290 291 292 SMP_TRACE_DEBUG1 ("smp_proc_sec_req auth_req=0x%x",auth_req); 293 294 p_cb->cb_evt = 0; 295 296 btm_ble_link_sec_check(p_cb->pairing_bda, auth_req, &sec_req_act); 297 298 SMP_TRACE_DEBUG1 ("smp_proc_sec_req sec_req_act=0x%x",sec_req_act); 299 300 switch (sec_req_act) 301 { 302 case BTM_BLE_SEC_REQ_ACT_ENCRYPT: 303 SMP_TRACE_DEBUG0 ("smp_proc_sec_req BTM_BLE_SEC_REQ_ACT_ENCRYPT"); 304 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL); 305 break; 306 307 case BTM_BLE_SEC_REQ_ACT_PAIR: 308 /* initialize local i/r key to be default keys */ 309 SMP_TRACE_DEBUG0 ("smp_proc_sec_req BTM_BLE_SEC_REQ_ACT_PAIR"); 310 p_cb->peer_auth_req = auth_req; 311 p_cb->loc_r_key = p_cb->loc_i_key = SMP_SEC_DEFAULT_KEY ; 312 p_cb->cb_evt = SMP_SEC_REQUEST_EVT; 313 break; 314 315 case BTM_BLE_SEC_REQ_ACT_DISCARD: 316 p_cb->discard_sec_req = TRUE; 317 break; 318 319 default: 320 /* do nothing */ 321 break; 322 } 323 } 324 /******************************************************************************* 325 ** Function smp_proc_sec_grant 326 ** Description process security grant. 327 *******************************************************************************/ 328 void smp_proc_sec_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 329 { 330 UINT8 res= *(UINT8 *)p_data; 331 SMP_TRACE_DEBUG0 ("smp_proc_sec_grant "); 332 if (res != SMP_SUCCESS) 333 { 334 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, p_data); 335 } 336 else /*otherwise, start pairing */ 337 { 338 /* send IO request callback */ 339 p_cb->cb_evt = SMP_IO_CAP_REQ_EVT; 340 } 341 } 342 /******************************************************************************* 343 ** Function smp_proc_pair_fail 344 ** Description process pairing failure from peer device 345 *******************************************************************************/ 346 void smp_proc_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 347 { 348 SMP_TRACE_DEBUG0 ("smp_proc_pair_fail "); 349 p_cb->status = *(UINT8 *)p_data; 350 } 351 /******************************************************************************* 352 ** Function smp_proc_pair_cmd 353 ** Description Process the SMP pairing request/response from peer device 354 *******************************************************************************/ 355 void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 356 { 357 UINT8 *p = (UINT8 *)p_data; 358 UINT8 reason = SMP_ENC_KEY_SIZE; 359 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda); 360 361 SMP_TRACE_DEBUG0 ("smp_proc_pair_cmd "); 362 /* erase all keys if it is slave proc pairing req*/ 363 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE)) 364 btm_sec_clear_ble_keys(p_dev_rec); 365 366 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR; 367 368 STREAM_TO_UINT8(p_cb->peer_io_caps, p); 369 STREAM_TO_UINT8(p_cb->peer_oob_flag, p); 370 STREAM_TO_UINT8(p_cb->peer_auth_req, p); 371 STREAM_TO_UINT8(p_cb->peer_enc_size, p); 372 STREAM_TO_UINT8(p_cb->peer_i_key, p); 373 STREAM_TO_UINT8(p_cb->peer_r_key, p); 374 375 #if SMP_CONFORMANCE_TESTING == TRUE 376 if (p_cb->enable_test_pair_fail) 377 { 378 SMP_TRACE_DEBUG0 ("Forced pair fair"); 379 if (p_cb->peer_enc_size < SMP_MIN_ENC_KEY_SIZE) 380 { 381 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 382 } 383 else 384 { 385 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &(p_cb->pair_fail_status)); 386 } 387 return; 388 } 389 #endif 390 391 392 if (p_cb->peer_enc_size < SMP_MIN_ENC_KEY_SIZE) 393 { 394 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 395 } 396 else if (p_cb->role == HCI_ROLE_SLAVE) 397 { 398 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)) 399 { 400 p_cb->loc_i_key = p_cb->peer_i_key; 401 p_cb->loc_r_key = p_cb->peer_r_key; 402 } 403 else /* update local i/r key according to pairing request */ 404 { 405 p_cb->loc_i_key &= p_cb->peer_i_key; 406 p_cb->loc_r_key &= p_cb->peer_r_key; 407 } 408 409 p_cb->cb_evt = SMP_SEC_REQUEST_EVT; 410 } 411 } 412 /******************************************************************************* 413 ** Function smp_proc_confirm 414 ** Description process pairing confirm from peer device 415 *******************************************************************************/ 416 void smp_proc_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 417 { 418 UINT8 *p = (UINT8 *)p_data; 419 420 SMP_TRACE_DEBUG0 ("smp_proc_confirm "); 421 if (p != NULL) 422 { 423 /* save the SConfirm for comparison later */ 424 STREAM_TO_ARRAY(p_cb->rconfirm, p, BT_OCTET16_LEN); 425 } 426 427 p_cb->flags |= SMP_PAIR_FLAGS_CMD_CONFIRM; 428 } 429 430 /******************************************************************************* 431 ** Function smp_proc_init 432 ** Description process pairing initializer from peer device 433 *******************************************************************************/ 434 void smp_proc_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 435 { 436 UINT8 *p = (UINT8 *)p_data; 437 SMP_TRACE_DEBUG0 ("smp_proc_init "); 438 /* save the SRand for comparison */ 439 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN); 440 441 } 442 /******************************************************************************* 443 ** Function smp_proc_enc_info 444 ** Description process encryption information from peer device 445 *******************************************************************************/ 446 void smp_proc_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 447 { 448 UINT8 *p = (UINT8 *)p_data; 449 450 SMP_TRACE_DEBUG0 ("smp_proc_enc_info "); 451 STREAM_TO_ARRAY(p_cb->ltk, p, BT_OCTET16_LEN); 452 453 smp_key_distribution(p_cb, NULL); 454 } 455 /******************************************************************************* 456 ** Function smp_proc_master_id 457 ** Description process master ID from slave device 458 *******************************************************************************/ 459 void smp_proc_master_id(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 460 { 461 UINT8 *p = (UINT8 *)p_data; 462 tBTM_LE_PENC_KEYS le_key; 463 464 SMP_TRACE_DEBUG0 (" smp_proc_master_id"); 465 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, TRUE); 466 467 STREAM_TO_UINT16(le_key.ediv, p); 468 STREAM_TO_ARRAY(le_key.rand, p, BT_OCTET8_LEN ); 469 470 /* store the encryption keys from peer device */ 471 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN); 472 le_key.sec_level = p_cb->sec_level; 473 le_key.key_size = p_cb->loc_enc_size; 474 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PENC, (tBTM_LE_KEY_VALUE *)&le_key, TRUE); 475 476 smp_key_distribution(p_cb, NULL); 477 } 478 /******************************************************************************* 479 ** Function smp_proc_enc_info 480 ** Description process identity information from peer device 481 *******************************************************************************/ 482 void smp_proc_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 483 { 484 UINT8 *p = (UINT8 *)p_data; 485 486 SMP_TRACE_DEBUG0 ("smp_proc_id_info "); 487 STREAM_TO_ARRAY (p_cb->tk, p, BT_OCTET16_LEN); /* reuse TK for IRK */ 488 489 smp_key_distribution(p_cb, NULL); 490 } 491 /******************************************************************************* 492 ** Function smp_proc_id_addr 493 ** Description process identity address from peer device 494 *******************************************************************************/ 495 void smp_proc_id_addr(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 496 { 497 UINT8 *p = (UINT8 *)p_data; 498 tBTM_LE_PID_KEYS pid_key; 499 500 SMP_TRACE_DEBUG0 ("smp_proc_id_addr "); 501 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, TRUE); 502 503 STREAM_TO_UINT8(pid_key.addr_type, p); 504 STREAM_TO_BDADDR(pid_key.static_addr, p); 505 memcpy(pid_key.irk, p_cb->tk, BT_OCTET16_LEN); 506 507 /* store the ID key from peer device */ 508 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PID, (tBTM_LE_KEY_VALUE *)&pid_key, TRUE); 509 510 smp_key_distribution(p_cb, NULL); 511 } 512 /******************************************************************************* 513 ** Function smp_proc_srk_info 514 ** Description process security information from peer device 515 *******************************************************************************/ 516 void smp_proc_srk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 517 { 518 tBTM_LE_PCSRK_KEYS le_key; 519 520 SMP_TRACE_DEBUG0 ("smp_proc_srk_info "); 521 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, TRUE); 522 523 /* save CSRK to security record */ 524 le_key.sec_level = p_cb->sec_level; 525 memcpy (le_key.csrk, p_data, BT_OCTET16_LEN); /* get peer CSRK */ 526 le_key.counter = 0; /* initialize the peer counter */ 527 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PCSRK, (tBTM_LE_KEY_VALUE *)&le_key, TRUE); 528 529 smp_key_distribution(p_cb, NULL); 530 } 531 532 /******************************************************************************* 533 ** Function smp_proc_compare 534 ** Description process compare value 535 *******************************************************************************/ 536 void smp_proc_compare(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 537 { 538 UINT8 reason; 539 540 SMP_TRACE_DEBUG0 ("smp_proc_compare "); 541 if ( 542 #if SMP_CONFORMANCE_TESTING == TRUE 543 p_cb->skip_test_compare_check || 544 #endif 545 !memcmp(p_cb->rconfirm, p_data->key.p_data, BT_OCTET16_LEN)) 546 { 547 /* compare the max encryption key size, and save the smaller one for the link */ 548 if ( p_cb->peer_enc_size < p_cb->loc_enc_size) 549 p_cb->loc_enc_size = p_cb->peer_enc_size; 550 551 if (p_cb->role == HCI_ROLE_SLAVE) 552 smp_sm_event(p_cb, SMP_RAND_EVT, NULL); 553 else 554 { 555 /* master device always use received i/r key as keys to distribute */ 556 p_cb->loc_i_key = p_cb->peer_i_key; 557 p_cb->loc_r_key = p_cb->peer_r_key; 558 559 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL); 560 } 561 562 } 563 else 564 { 565 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR; 566 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 567 } 568 } 569 /******************************************************************************* 570 ** Function smp_proc_sl_key 571 ** Description process key ready events. 572 *******************************************************************************/ 573 void smp_proc_sl_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 574 { 575 UINT8 key_type = p_data->key.key_type; 576 577 SMP_TRACE_DEBUG0 ("smp_proc_sl_keysmp_proc_sl_key "); 578 if (key_type == SMP_KEY_TYPE_TK) 579 { 580 smp_generate_confirm(p_cb, NULL); 581 } 582 else if (key_type == SMP_KEY_TYPE_CFM) 583 { 584 smp_set_state(SMP_ST_WAIT_CONFIRM); 585 586 if (p_cb->flags & SMP_PAIR_FLAGS_CMD_CONFIRM) 587 smp_sm_event(p_cb, SMP_CONFIRM_EVT, NULL); 588 589 } 590 } 591 /******************************************************************************* 592 ** Function smp_start_enc 593 ** Description start encryption 594 *******************************************************************************/ 595 void smp_start_enc(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 596 { 597 BOOLEAN cmd; 598 UINT8 reason = SMP_ENC_FAIL; 599 600 SMP_TRACE_DEBUG0 ("smp_start_enc "); 601 if (p_data != NULL) 602 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, TRUE, p_data->key.p_data); 603 else 604 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, FALSE, NULL); 605 606 if (!cmd) 607 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 608 609 } 610 611 /******************************************************************************* 612 ** Function smp_proc_discard 613 ** Description processing for discard security request 614 *******************************************************************************/ 615 void smp_proc_discard(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 616 { 617 SMP_TRACE_DEBUG0 ("smp_proc_discard "); 618 smp_reset_control_value(p_cb); 619 } 620 /******************************************************************************* 621 ** Function smp_proc_release_delay 622 ** Description process the release delay request 623 *******************************************************************************/ 624 void smp_proc_release_delay(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 625 { 626 SMP_TRACE_DEBUG0 ("smp_proc_release_delay "); 627 btu_stop_timer (&p_cb->rsp_timer_ent); 628 btu_start_timer (&p_cb->rsp_timer_ent, BTU_TTYPE_SMP_PAIRING_CMD, 629 SMP_WAIT_FOR_REL_DELAY_TOUT); 630 } 631 632 /******************************************************************************* 633 ** Function smp_proc_release_delay_tout 634 ** Description processing the release delay timeout 635 *******************************************************************************/ 636 void smp_proc_release_delay_tout(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 637 { 638 SMP_TRACE_DEBUG0 ("smp_proc_release_delay_tout "); 639 btu_stop_timer (&p_cb->rsp_timer_ent); 640 smp_proc_pairing_cmpl(p_cb); 641 } 642 643 644 /******************************************************************************* 645 ** Function smp_enc_cmpl 646 ** Description encryption success 647 *******************************************************************************/ 648 void smp_enc_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 649 { 650 UINT8 enc_enable = *(UINT8 *)p_data; 651 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL; 652 653 SMP_TRACE_DEBUG0 ("smp_enc_cmpl "); 654 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 655 } 656 657 658 /******************************************************************************* 659 ** Function smp_check_auth_req 660 ** Description check authentication request 661 *******************************************************************************/ 662 void smp_check_auth_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 663 { 664 UINT8 enc_enable = *(UINT8 *)p_data; 665 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL; 666 667 SMP_TRACE_DEBUG3 ("smp_check_auth_req enc_enable=%d i_keys=0x%x r_keys=0x%x (i-initiator r-responder)", 668 enc_enable, p_cb->loc_i_key, p_cb->loc_r_key); 669 if (enc_enable == 1) 670 { 671 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) || 672 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/ 673 (p_cb->loc_i_key || p_cb->loc_r_key)) 674 { 675 smp_sm_event(p_cb, SMP_BOND_REQ_EVT, NULL); 676 } 677 else 678 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 679 } 680 else if (enc_enable == 0) 681 { 682 /* if failed for encryption after pairing, send callback */ 683 if (p_cb->flags & SMP_PAIR_FLAG_ENC_AFTER_PAIR) 684 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 685 /* if enc failed for old security information */ 686 /* if master device, clean up and abck to idle; slave device do nothing */ 687 else if (p_cb->role == HCI_ROLE_MASTER) 688 { 689 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 690 } 691 } 692 } 693 694 /******************************************************************************* 695 ** Function smp_key_pick_key 696 ** Description Pick a key distribution function based on the key mask. 697 *******************************************************************************/ 698 void smp_key_pick_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 699 { 700 UINT8 key_to_dist = (p_cb->role == HCI_ROLE_SLAVE) ? p_cb->loc_r_key : p_cb->loc_i_key; 701 UINT8 i = 0; 702 703 SMP_TRACE_DEBUG1 ("smp_key_pick_key key_to_dist=0x%x", key_to_dist); 704 while (i < 3) 705 { 706 SMP_TRACE_DEBUG2("key to send = %02x, i = %d", key_to_dist, i); 707 708 if (key_to_dist & (1 << i)) 709 { 710 SMP_TRACE_DEBUG1 ("smp_distribute_act[%d]", i); 711 (* smp_distribute_act[i])(p_cb, p_data); 712 break; 713 } 714 i ++; 715 } 716 } 717 /******************************************************************************* 718 ** Function smp_key_distribution 719 ** Description start key distribution if required. 720 *******************************************************************************/ 721 void smp_key_distribution(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 722 { 723 UINT8 reason = SMP_SUCCESS; 724 SMP_TRACE_DEBUG3 ("smp_key_distribution role=%d (0-master) r_keys=0x%x i_keys=0x%x", 725 p_cb->role, p_cb->loc_r_key, p_cb->loc_i_key); 726 727 if (p_cb->role == HCI_ROLE_SLAVE|| 728 (!p_cb->loc_r_key && p_cb->role == HCI_ROLE_MASTER)) 729 { 730 smp_key_pick_key(p_cb, p_data); 731 } 732 733 if (!p_cb->loc_i_key && !p_cb->loc_r_key) 734 { 735 /* state check to prevent re-entrant */ 736 if (smp_get_state() == SMP_ST_BOND_PENDING) 737 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 738 } 739 } 740 /******************************************************************************* 741 ** Function smp_decide_asso_model 742 ** Description This function is called to compare both sides' io capability 743 ** oob data flag and authentication request, and decide the 744 ** association model to use for the authentication. 745 *******************************************************************************/ 746 void smp_decide_asso_model(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 747 { 748 UINT8 failure = SMP_UNKNOWN_IO_CAP; 749 tSMP_ASSO_MODEL model = SMP_MODEL_MAX; 750 UINT8 int_evt = 0; 751 tSMP_KEY key; 752 tSMP_INT_DATA *p = NULL; 753 754 SMP_TRACE_DEBUG3 ("smp_decide_asso_model p_cb->peer_io_caps = %d p_cb->loc_io_caps = %d \ 755 p_cb->peer_auth_req = %02x", 756 p_cb->peer_io_caps, p_cb->loc_io_caps, p_cb->peer_auth_req); 757 758 /* OOB data present on both devices, use OOB association model */ 759 if (p_cb->peer_oob_flag == SMP_OOB_PRESENT && p_cb->loc_oob_flag == SMP_OOB_PRESENT) 760 { 761 model = SMP_MODEL_OOB; 762 } 763 /* no MITM required, ignore IO cap, use encryption only */ 764 else if (SMP_NO_MITM_REQUIRED (p_cb->peer_auth_req) && 765 SMP_NO_MITM_REQUIRED(p_cb->loc_auth_req)) 766 { 767 model = SMP_MODEL_ENC_ONLY; 768 } 769 else/* use IO capability to decide assiciation model */ 770 { 771 if (p_cb->peer_io_caps < SMP_IO_CAP_MAX && p_cb->loc_io_caps < SMP_IO_CAP_MAX) 772 { 773 if (p_cb->role == HCI_ROLE_MASTER) 774 model = smp_association_table[p_cb->role][p_cb->peer_io_caps][p_cb->loc_io_caps]; 775 else 776 model = smp_association_table[p_cb->role][p_cb->loc_io_caps][p_cb->peer_io_caps]; 777 } 778 } 779 780 SMP_TRACE_DEBUG1("Association Model = %d", model); 781 782 if (model == SMP_MODEL_OOB) 783 { 784 SMP_TRACE_ERROR0("Association Model = SMP_MODEL_OOB"); 785 p_cb->sec_level = SMP_SEC_AUTHENTICATED; 786 SMP_TRACE_EVENT1 ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level ); 787 p_cb->cb_evt = SMP_OOB_REQ_EVT; 788 789 int_evt = SMP_TK_REQ_EVT; 790 } 791 else if (model == SMP_MODEL_PASSKEY) 792 { 793 p_cb->sec_level = SMP_SEC_AUTHENTICATED; 794 SMP_TRACE_EVENT1 ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level ); 795 796 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT; 797 int_evt = SMP_TK_REQ_EVT; 798 } 799 else if (model == SMP_MODEL_KEY_NOTIF) 800 { 801 p_cb->sec_level = SMP_SEC_AUTHENTICATED; 802 803 SMP_TRACE_DEBUG0("Need to generate Passkey"); 804 /* generate passkey and notify application */ 805 smp_generate_passkey(p_cb, NULL); 806 } 807 else if (model == SMP_MODEL_ENC_ONLY) /* TK = 0, go calculate Confirm */ 808 { 809 if (p_cb->role == HCI_ROLE_MASTER && 810 ((p_cb->peer_auth_req & SMP_AUTH_YN_BIT) != 0) && 811 ((p_cb->loc_auth_req & SMP_AUTH_YN_BIT) == 0)) 812 { 813 SMP_TRACE_ERROR0("IO capability does not meet authentication requirement"); 814 failure = SMP_PAIR_AUTH_FAIL; 815 p = (tSMP_INT_DATA *)&failure; 816 int_evt = SMP_AUTH_CMPL_EVT; 817 } 818 else 819 { 820 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE; 821 SMP_TRACE_EVENT1 ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level ); 822 823 key.key_type = SMP_KEY_TYPE_TK; 824 key.p_data = p_cb->tk; 825 p = (tSMP_INT_DATA *)&key; 826 827 memset(p_cb->tk, 0, BT_OCTET16_LEN); 828 /* TK, ready */ 829 int_evt = SMP_KEY_READY_EVT; 830 } 831 } 832 else if (model == SMP_MODEL_MAX) 833 { 834 SMP_TRACE_ERROR0("Association Model = SMP_MODEL_MAX (failed)"); 835 p = (tSMP_INT_DATA *)&failure; 836 int_evt = SMP_AUTH_CMPL_EVT; 837 } 838 839 SMP_TRACE_EVENT1 ("sec_level=%d ", p_cb->sec_level ); 840 if (int_evt) 841 smp_sm_event(p_cb, int_evt, p); 842 } 843 844 /******************************************************************************* 845 ** Function smp_proc_io_rsp 846 ** Description process IO response for a slave device. 847 *******************************************************************************/ 848 void smp_proc_io_rsp(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 849 { 850 SMP_TRACE_DEBUG0 ("smp_proc_io_rsp "); 851 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD) 852 { 853 smp_set_state(SMP_ST_SEC_REQ_PENDING); 854 smp_send_cmd(SMP_OPCODE_SEC_REQ, p_cb); 855 } 856 else /* respond to pairing request */ 857 { 858 smp_send_pair_rsp(p_cb, NULL); 859 } 860 } 861 /******************************************************************************* 862 ** Function smp_pairing_cmpl 863 ** Description This function is called to send the pairing complete callback 864 ** and remove the connection if needed. 865 *******************************************************************************/ 866 void smp_pairing_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 867 { 868 869 SMP_TRACE_DEBUG0 ("smp_pairing_cmpl "); 870 871 if ((p_cb->status == SMP_SUCCESS) || 872 (p_cb->status <= SMP_REPEATED_ATTEMPTS && p_cb->status != SMP_SUCCESS)) 873 { 874 smp_sm_event(p_cb, SMP_RELEASE_DELAY_EVT, p_data); 875 } 876 else 877 { 878 /* this will transition to idle state right away */ 879 smp_sm_event(p_cb, SMP_RELEASE_DELAY_TOUT_EVT, p_data); 880 } 881 882 } 883 /******************************************************************************* 884 ** Function smp_pair_terminate 885 ** Description This function is called to send the pairing complete callback 886 ** and remove the connection if needed. 887 *******************************************************************************/ 888 void smp_pair_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 889 { 890 SMP_TRACE_DEBUG0 ("smp_pair_terminate "); 891 892 p_cb->status = SMP_CONN_TOUT; 893 894 smp_proc_pairing_cmpl(p_cb); 895 } 896 897 /******************************************************************************* 898 ** Function smp_delay_terminate 899 ** Description This function is called when connection dropped when smp delay 900 ** timer is still active. 901 *******************************************************************************/ 902 void smp_delay_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 903 { 904 SMP_TRACE_DEBUG0 ("smp_delay_terminate "); 905 906 btu_stop_timer (&p_cb->rsp_timer_ent); 907 908 /* if remote user terminate connection, finish SMP pairing as normal */ 909 if (p_data->reason == HCI_ERR_PEER_USER) 910 p_cb->status = SMP_SUCCESS; 911 else 912 p_cb->status = SMP_CONN_TOUT; 913 914 smp_proc_pairing_cmpl(p_cb); 915 } 916 /******************************************************************************* 917 ** Function smp_idle_terminate 918 ** Description This function calledin idle state to determine to send authentication 919 ** complete or not. 920 *******************************************************************************/ 921 void smp_idle_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 922 { 923 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD) 924 { 925 SMP_TRACE_DEBUG0("Pairing terminated at IDLE state."); 926 p_cb->status = SMP_FAIL; 927 smp_proc_pairing_cmpl(p_cb); 928 } 929 } 930 /******************************************************************************* 931 ** 932 ** Function smp_link_encrypted 933 ** 934 ** Description This function is called when link is encrypted and notified to 935 ** slave device. Proceed to to send LTK, DIV and ER to master if 936 ** bonding the devices. 937 ** 938 ** 939 ** Returns void 940 ** 941 *******************************************************************************/ 942 void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable) 943 { 944 tSMP_CB *p_cb = &smp_cb; 945 946 SMP_TRACE_DEBUG1 ("smp_link_encrypted encr_enable=%d",encr_enable); 947 948 if (memcmp(&smp_cb.pairing_bda[0], bda, BD_ADDR_LEN) == 0) 949 { 950 /* encryption completed with STK, remmeber the key size now, could be overwite 951 * when key exchange happens */ 952 if (p_cb->loc_enc_size != 0 && encr_enable) 953 { 954 /* update the link encryption key size if a SMP pairing just performed */ 955 btm_ble_update_sec_key_size(bda, p_cb->loc_enc_size); 956 } 957 958 smp_sm_event(&smp_cb, SMP_ENCRYPTED_EVT, &encr_enable); 959 } 960 } 961 /******************************************************************************* 962 ** 963 ** Function smp_proc_ltk_request 964 ** 965 ** Description This function is called when LTK request is received from 966 ** controller. 967 ** 968 ** Returns void 969 ** 970 *******************************************************************************/ 971 BOOLEAN smp_proc_ltk_request(BD_ADDR bda) 972 { 973 SMP_TRACE_DEBUG1 ("smp_proc_ltk_request state = %d", smp_cb.state); 974 if ( smp_cb.state == SMP_ST_ENC_PENDING && 975 !memcmp(bda, smp_cb.pairing_bda, BD_ADDR_LEN)) 976 { 977 smp_sm_event(&smp_cb, SMP_ENC_REQ_EVT, NULL); 978 979 return TRUE; 980 } 981 982 return FALSE; 983 } 984 #endif 985 986
