1 /****************************************************************************** 2 * 3 * Copyright (C) 2003-2012 Broadcom Corporation 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19 #include "bt_target.h" 20 #include "bt_utils.h" 21 22 #if SMP_INCLUDED == TRUE 23 24 #include <string.h> 25 #include "btm_int.h" 26 #include "l2c_api.h" 27 #include "smp_int.h" 28 29 #define MAX_KEY_DISTRIBUTION_TYPES 3 30 31 const UINT8 smp_association_table[2][SMP_IO_CAP_MAX][SMP_IO_CAP_MAX] = 32 { 33 /* initiator */ 34 {{SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENC_ONLY, SMP_MODEL_PASSKEY}, /* Display Only */ 35 {SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENC_ONLY, SMP_MODEL_PASSKEY}, /* SMP_CAP_IO = 1 */ 36 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENC_ONLY, SMP_MODEL_KEY_NOTIF}, /* keyboard only */ 37 {SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY},/* No Input No Output */ 38 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENC_ONLY, SMP_MODEL_KEY_NOTIF}}, /* keyboard display */ 39 /* responder */ 40 {{SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENC_ONLY, SMP_MODEL_KEY_NOTIF}, /* Display Only */ 41 {SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENC_ONLY, SMP_MODEL_KEY_NOTIF}, /* SMP_CAP_IO = 1 */ 42 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_ENC_ONLY, SMP_MODEL_PASSKEY}, /* keyboard only */ 43 {SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY},/* No Input No Output */ 44 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENC_ONLY, SMP_MODEL_PASSKEY}} /* keyboard display */ 45 /* display only */ /*SMP_CAP_IO = 1 */ /* keyboard only */ /* No InputOutput */ /* keyboard display */ 46 }; 47 48 const tSMP_ACT smp_distribute_act [] = 49 { 50 smp_generate_ltk, 51 smp_send_id_info, 52 smp_generate_csrk 53 }; 54 55 /******************************************************************************* 56 ** Function smp_update_key_mask 57 ** Description This function updates the key mask for sending or receiving. 58 *******************************************************************************/ 59 static void smp_update_key_mask (tSMP_CB *p_cb, UINT8 key_type, BOOLEAN recv) 60 { 61 SMP_TRACE_DEBUG ("smp_update_key_mask "); 62 SMP_TRACE_DEBUG("before update role=%d recv=%d loc_i_key = %02x, loc_r_key = %02x", p_cb->role, recv, p_cb->loc_i_key, p_cb->loc_r_key); 63 if (p_cb->role == HCI_ROLE_SLAVE) 64 { 65 if (recv) 66 p_cb->loc_i_key &= ~key_type; 67 else 68 p_cb->loc_r_key &= ~key_type; 69 } 70 else 71 { 72 if (recv) 73 p_cb->loc_r_key &= ~key_type; 74 else 75 p_cb->loc_i_key &= ~key_type; 76 } 77 78 SMP_TRACE_DEBUG("updated loc_i_key = %02x, loc_r_key = %02x", p_cb->loc_i_key, p_cb->loc_r_key); 79 } 80 /******************************************************************************* 81 ** Function smp_io_cap_req 82 ** Description send SMP IO request 83 *******************************************************************************/ 84 void smp_send_app_cback(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 85 { 86 tSMP_EVT_DATA cb_data; 87 tSMP_STATUS callback_rc; 88 UNUSED(p_data); 89 90 SMP_TRACE_DEBUG ("smp_send_app_cback p_cb->cb_evt=%d", p_cb->cb_evt ); 91 if (p_cb->p_callback && p_cb->cb_evt != 0) 92 { 93 if (p_cb->cb_evt == SMP_IO_CAP_REQ_EVT) 94 { 95 cb_data.io_req.auth_req = p_cb->peer_auth_req; 96 cb_data.io_req.oob_data = SMP_OOB_NONE; 97 cb_data.io_req.io_cap = SMP_DEFAULT_IO_CAPS; 98 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE; 99 cb_data.io_req.init_keys = p_cb->loc_i_key ; 100 cb_data.io_req.resp_keys = p_cb->loc_r_key ; 101 102 SMP_TRACE_WARNING( "io_cap = %d",cb_data.io_req.io_cap); 103 } 104 callback_rc = (*p_cb->p_callback)(p_cb->cb_evt, p_cb->pairing_bda, &cb_data); 105 106 SMP_TRACE_DEBUG ("callback_rc=%d p_cb->cb_evt=%d",callback_rc, p_cb->cb_evt ); 107 108 if (callback_rc == SMP_SUCCESS && p_cb->cb_evt == SMP_IO_CAP_REQ_EVT) 109 { 110 p_cb->loc_auth_req = cb_data.io_req.auth_req; 111 p_cb->loc_io_caps = cb_data.io_req.io_cap; 112 p_cb->loc_oob_flag = cb_data.io_req.oob_data; 113 p_cb->loc_enc_size = cb_data.io_req.max_key_size; 114 p_cb->loc_i_key = cb_data.io_req.init_keys; 115 p_cb->loc_r_key = cb_data.io_req.resp_keys; 116 117 SMP_TRACE_WARNING( "new io_cap = %d p_cb->loc_enc_size = %d",p_cb->loc_io_caps, p_cb->loc_enc_size); 118 119 smp_sm_event(p_cb, SMP_IO_RSP_EVT, NULL); 120 } 121 } 122 123 if (!p_cb->cb_evt && p_cb->discard_sec_req) 124 { 125 p_cb->discard_sec_req = FALSE; 126 smp_sm_event(p_cb, SMP_DISCARD_SEC_REQ_EVT, NULL); 127 } 128 SMP_TRACE_DEBUG ("smp_send_app_cback return"); 129 } 130 /******************************************************************************* 131 ** Function smp_send_pair_fail 132 ** Description pairing failure to peer device if needed. 133 *******************************************************************************/ 134 void smp_send_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 135 { 136 p_cb->status = *(UINT8 *)p_data; 137 p_cb->failure = *(UINT8 *)p_data; 138 139 SMP_TRACE_DEBUG ("smp_send_pair_fail status=%d failure=%d ",p_cb->status, p_cb->failure); 140 141 if (p_cb->status <= SMP_REPEATED_ATTEMPTS && p_cb->status != SMP_SUCCESS) 142 { 143 smp_send_cmd(SMP_OPCODE_PAIRING_FAILED, p_cb); 144 } 145 } 146 147 /******************************************************************************* 148 ** Function smp_send_pair_req 149 ** Description process pairing request to slave device 150 *******************************************************************************/ 151 void smp_send_pair_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 152 { 153 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda); 154 UNUSED(p_data); 155 156 SMP_TRACE_DEBUG ("smp_send_pair_req "); 157 158 #if BLE_INCLUDED == TRUE 159 /* Disable L2CAP connection parameter updates while bonding since 160 some peripherals are not able to revert to fast connection parameters 161 during the start of service discovery. Connection paramter updates 162 get enabled again once service discovery completes. */ 163 if (L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, FALSE) == FALSE) 164 { 165 SMP_TRACE_ERROR ("smp pair failed...!"); 166 return; 167 } 168 #endif 169 170 /* erase all keys when master sends pairing req*/ 171 if (p_dev_rec) 172 btm_sec_clear_ble_keys(p_dev_rec); 173 /* do not manipulate the key, let app decide, 174 leave out to BTM to mandate key distribution for bonding case */ 175 smp_send_cmd(SMP_OPCODE_PAIRING_REQ, p_cb); 176 } 177 /******************************************************************************* 178 ** Function smp_send_pair_rsp 179 ** Description process pairing response to slave device 180 *******************************************************************************/ 181 void smp_send_pair_rsp(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 182 { 183 UNUSED(p_data); 184 185 SMP_TRACE_DEBUG ("smp_send_pair_rsp "); 186 187 p_cb->loc_i_key &= p_cb->peer_i_key; 188 p_cb->loc_r_key &= p_cb->peer_r_key; 189 190 if (smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb)) 191 { 192 smp_decide_asso_model(p_cb, NULL); 193 } 194 } 195 196 /******************************************************************************* 197 ** Function smp_send_pair_request 198 ** Description process pairing request to slave device 199 *******************************************************************************/ 200 void smp_send_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 201 { 202 UNUSED(p_data); 203 204 SMP_TRACE_DEBUG ("smp_send_confirm "); 205 smp_send_cmd(SMP_OPCODE_CONFIRM, p_cb); 206 } 207 /******************************************************************************* 208 ** Function smp_send_init 209 ** Description process pairing initializer to slave device 210 *******************************************************************************/ 211 void smp_send_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 212 { 213 UNUSED(p_data); 214 215 SMP_TRACE_DEBUG ("smp_send_init "); 216 217 #if SMP_CONFORMANCE_TESTING == TRUE 218 if (p_cb->enable_test_rand_val) 219 { 220 SMP_TRACE_DEBUG ("Use rand value from script"); 221 memcpy(p_cb->rand, p_cb->test_rand, BT_OCTET16_LEN); 222 } 223 #endif 224 225 smp_send_cmd(SMP_OPCODE_INIT, p_cb); 226 } 227 /******************************************************************************* 228 ** Function smp_send_enc_info 229 ** Description send security information command. 230 *******************************************************************************/ 231 void smp_send_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 232 { 233 tBTM_LE_LENC_KEYS le_key; 234 UNUSED(p_data); 235 236 SMP_TRACE_DEBUG ("smp_send_enc_info p_cb->loc_enc_size = %d", p_cb->loc_enc_size); 237 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE); 238 239 smp_send_cmd(SMP_OPCODE_ENCRYPT_INFO, p_cb); 240 smp_send_cmd(SMP_OPCODE_MASTER_ID, p_cb); 241 242 /* save the DIV and key size information when acting as slave device */ 243 le_key.div = p_cb->div; 244 le_key.key_size = p_cb->loc_enc_size; 245 le_key.sec_level = p_cb->sec_level; 246 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LENC, (tBTM_LE_KEY_VALUE *)&le_key, TRUE); 247 248 SMP_TRACE_WARNING( "smp_send_enc_info"); 249 250 smp_key_distribution(p_cb, NULL); 251 } 252 /******************************************************************************* 253 ** Function smp_send_id_info 254 ** Description send ID information command. 255 *******************************************************************************/ 256 void smp_send_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 257 { 258 UNUSED(p_data); 259 260 SMP_TRACE_DEBUG ("smp_send_id_info "); 261 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, FALSE); 262 263 smp_send_cmd(SMP_OPCODE_IDENTITY_INFO, p_cb); 264 smp_send_cmd(SMP_OPCODE_ID_ADDR, p_cb); 265 266 SMP_TRACE_WARNING( "smp_send_id_info"); 267 268 smp_key_distribution(p_cb, NULL); 269 } 270 /******************************************************************************* 271 ** Function smp_send_csrk_info 272 ** Description send CSRK command. 273 *******************************************************************************/ 274 void smp_send_csrk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 275 { 276 tBTM_LE_KEY_VALUE key; 277 UNUSED(p_data); 278 279 SMP_TRACE_DEBUG ("smp_send_csrk_info "); 280 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, FALSE); 281 282 if (smp_send_cmd(SMP_OPCODE_SIGN_INFO, p_cb)) 283 { 284 key.lcsrk_key.div = p_cb->div; 285 key.lcsrk_key.sec_level = p_cb->sec_level; 286 key.lcsrk_key.counter = 0; /* initialize the local counter */ 287 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LCSRK, &key, TRUE); 288 } 289 290 smp_key_distribution(p_cb, NULL); 291 } 292 293 /******************************************************************************* 294 ** Function smp_send_ltk_reply 295 ** Description send LTK reply 296 *******************************************************************************/ 297 void smp_send_ltk_reply(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 298 { 299 SMP_TRACE_DEBUG ("smp_send_ltk_reply "); 300 /* send stk as LTK response */ 301 btm_ble_ltk_request_reply(p_cb->pairing_bda, TRUE, p_data->key.p_data); 302 } 303 /******************************************************************************* 304 ** Function smp_proc_sec_req 305 ** Description process security request. 306 *******************************************************************************/ 307 void smp_proc_sec_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 308 { 309 tBTM_LE_AUTH_REQ auth_req = *(tBTM_LE_AUTH_REQ *)p_data; 310 tBTM_BLE_SEC_REQ_ACT sec_req_act; 311 312 313 SMP_TRACE_DEBUG ("smp_proc_sec_req auth_req=0x%x",auth_req); 314 315 p_cb->cb_evt = 0; 316 317 btm_ble_link_sec_check(p_cb->pairing_bda, auth_req, &sec_req_act); 318 319 SMP_TRACE_DEBUG ("smp_proc_sec_req sec_req_act=0x%x",sec_req_act); 320 321 switch (sec_req_act) 322 { 323 case BTM_BLE_SEC_REQ_ACT_ENCRYPT: 324 SMP_TRACE_DEBUG ("smp_proc_sec_req BTM_BLE_SEC_REQ_ACT_ENCRYPT"); 325 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL); 326 break; 327 328 case BTM_BLE_SEC_REQ_ACT_PAIR: 329 /* initialize local i/r key to be default keys */ 330 SMP_TRACE_DEBUG ("smp_proc_sec_req BTM_BLE_SEC_REQ_ACT_PAIR"); 331 p_cb->peer_auth_req = auth_req; 332 p_cb->loc_r_key = p_cb->loc_i_key = SMP_SEC_DEFAULT_KEY ; 333 p_cb->cb_evt = SMP_SEC_REQUEST_EVT; 334 btu_stop_timer (&p_cb->rsp_timer_ent); 335 btu_start_timer (&p_cb->rsp_timer_ent, BTU_TTYPE_SMP_PAIRING_CMD, 336 SMP_WAIT_FOR_RSP_TOUT); 337 break; 338 339 case BTM_BLE_SEC_REQ_ACT_DISCARD: 340 p_cb->discard_sec_req = TRUE; 341 break; 342 343 default: 344 /* do nothing */ 345 break; 346 } 347 } 348 /******************************************************************************* 349 ** Function smp_proc_sec_grant 350 ** Description process security grant. 351 *******************************************************************************/ 352 void smp_proc_sec_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 353 { 354 UINT8 res= *(UINT8 *)p_data; 355 SMP_TRACE_DEBUG ("smp_proc_sec_grant "); 356 if (res != SMP_SUCCESS) 357 { 358 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, p_data); 359 } 360 else /*otherwise, start pairing */ 361 { 362 /* send IO request callback */ 363 p_cb->cb_evt = SMP_IO_CAP_REQ_EVT; 364 } 365 } 366 /******************************************************************************* 367 ** Function smp_proc_pair_fail 368 ** Description process pairing failure from peer device 369 *******************************************************************************/ 370 void smp_proc_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 371 { 372 SMP_TRACE_DEBUG ("smp_proc_pair_fail "); 373 p_cb->status = *(UINT8 *)p_data; 374 } 375 /******************************************************************************* 376 ** Function smp_proc_pair_cmd 377 ** Description Process the SMP pairing request/response from peer device 378 *******************************************************************************/ 379 void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 380 { 381 UINT8 *p = (UINT8 *)p_data; 382 UINT8 reason = SMP_ENC_KEY_SIZE; 383 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda); 384 385 SMP_TRACE_DEBUG ("smp_proc_pair_cmd "); 386 /* erase all keys if it is slave proc pairing req*/ 387 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE)) 388 btm_sec_clear_ble_keys(p_dev_rec); 389 390 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR; 391 392 STREAM_TO_UINT8(p_cb->peer_io_caps, p); 393 STREAM_TO_UINT8(p_cb->peer_oob_flag, p); 394 STREAM_TO_UINT8(p_cb->peer_auth_req, p); 395 STREAM_TO_UINT8(p_cb->peer_enc_size, p); 396 STREAM_TO_UINT8(p_cb->peer_i_key, p); 397 STREAM_TO_UINT8(p_cb->peer_r_key, p); 398 399 #if SMP_CONFORMANCE_TESTING == TRUE 400 if (p_cb->enable_test_pair_fail) 401 { 402 SMP_TRACE_DEBUG ("Forced pair fair"); 403 if (p_cb->peer_enc_size < SMP_MIN_ENC_KEY_SIZE) 404 { 405 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 406 } 407 else 408 { 409 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &(p_cb->pair_fail_status)); 410 } 411 return; 412 } 413 #endif 414 415 416 if (p_cb->peer_enc_size < SMP_MIN_ENC_KEY_SIZE) 417 { 418 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 419 } 420 else if (p_cb->role == HCI_ROLE_SLAVE) 421 { 422 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)) 423 { 424 p_cb->loc_i_key = p_cb->peer_i_key; 425 p_cb->loc_r_key = p_cb->peer_r_key; 426 } 427 else /* update local i/r key according to pairing request */ 428 { 429 p_cb->loc_i_key &= p_cb->peer_i_key; 430 p_cb->loc_r_key &= p_cb->peer_r_key; 431 } 432 433 p_cb->cb_evt = SMP_SEC_REQUEST_EVT; 434 } 435 } 436 /******************************************************************************* 437 ** Function smp_proc_confirm 438 ** Description process pairing confirm from peer device 439 *******************************************************************************/ 440 void smp_proc_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 441 { 442 UINT8 *p = (UINT8 *)p_data; 443 444 SMP_TRACE_DEBUG ("smp_proc_confirm "); 445 if (p != NULL) 446 { 447 /* save the SConfirm for comparison later */ 448 STREAM_TO_ARRAY(p_cb->rconfirm, p, BT_OCTET16_LEN); 449 } 450 451 p_cb->flags |= SMP_PAIR_FLAGS_CMD_CONFIRM; 452 } 453 454 /******************************************************************************* 455 ** Function smp_proc_init 456 ** Description process pairing initializer from peer device 457 *******************************************************************************/ 458 void smp_proc_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 459 { 460 UINT8 *p = (UINT8 *)p_data; 461 SMP_TRACE_DEBUG ("smp_proc_init "); 462 /* save the SRand for comparison */ 463 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN); 464 465 } 466 /******************************************************************************* 467 ** Function smp_proc_enc_info 468 ** Description process encryption information from peer device 469 *******************************************************************************/ 470 void smp_proc_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 471 { 472 UINT8 *p = (UINT8 *)p_data; 473 474 SMP_TRACE_DEBUG ("smp_proc_enc_info "); 475 STREAM_TO_ARRAY(p_cb->ltk, p, BT_OCTET16_LEN); 476 477 smp_key_distribution(p_cb, NULL); 478 } 479 /******************************************************************************* 480 ** Function smp_proc_master_id 481 ** Description process master ID from slave device 482 *******************************************************************************/ 483 void smp_proc_master_id(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 484 { 485 UINT8 *p = (UINT8 *)p_data; 486 tBTM_LE_PENC_KEYS le_key; 487 488 SMP_TRACE_DEBUG (" smp_proc_master_id"); 489 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, TRUE); 490 491 STREAM_TO_UINT16(le_key.ediv, p); 492 STREAM_TO_ARRAY(le_key.rand, p, BT_OCTET8_LEN ); 493 494 /* store the encryption keys from peer device */ 495 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN); 496 le_key.sec_level = p_cb->sec_level; 497 le_key.key_size = p_cb->loc_enc_size; 498 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PENC, (tBTM_LE_KEY_VALUE *)&le_key, TRUE); 499 500 smp_key_distribution(p_cb, NULL); 501 } 502 /******************************************************************************* 503 ** Function smp_proc_enc_info 504 ** Description process identity information from peer device 505 *******************************************************************************/ 506 void smp_proc_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 507 { 508 UINT8 *p = (UINT8 *)p_data; 509 510 SMP_TRACE_DEBUG ("smp_proc_id_info "); 511 STREAM_TO_ARRAY (p_cb->tk, p, BT_OCTET16_LEN); /* reuse TK for IRK */ 512 513 smp_key_distribution(p_cb, NULL); 514 } 515 /******************************************************************************* 516 ** Function smp_proc_id_addr 517 ** Description process identity address from peer device 518 *******************************************************************************/ 519 void smp_proc_id_addr(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 520 { 521 UINT8 *p = (UINT8 *)p_data; 522 tBTM_LE_PID_KEYS pid_key; 523 524 SMP_TRACE_DEBUG ("smp_proc_id_addr "); 525 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, TRUE); 526 527 STREAM_TO_UINT8(pid_key.addr_type, p); 528 STREAM_TO_BDADDR(pid_key.static_addr, p); 529 memcpy(pid_key.irk, p_cb->tk, BT_OCTET16_LEN); 530 531 /* store the ID key from peer device */ 532 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PID, (tBTM_LE_KEY_VALUE *)&pid_key, TRUE); 533 534 smp_key_distribution(p_cb, NULL); 535 } 536 /******************************************************************************* 537 ** Function smp_proc_srk_info 538 ** Description process security information from peer device 539 *******************************************************************************/ 540 void smp_proc_srk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 541 { 542 tBTM_LE_PCSRK_KEYS le_key; 543 544 SMP_TRACE_DEBUG ("smp_proc_srk_info "); 545 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, TRUE); 546 547 /* save CSRK to security record */ 548 le_key.sec_level = p_cb->sec_level; 549 memcpy (le_key.csrk, p_data, BT_OCTET16_LEN); /* get peer CSRK */ 550 le_key.counter = 0; /* initialize the peer counter */ 551 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PCSRK, (tBTM_LE_KEY_VALUE *)&le_key, TRUE); 552 553 smp_key_distribution(p_cb, NULL); 554 } 555 556 /******************************************************************************* 557 ** Function smp_proc_compare 558 ** Description process compare value 559 *******************************************************************************/ 560 void smp_proc_compare(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 561 { 562 UINT8 reason; 563 564 SMP_TRACE_DEBUG ("smp_proc_compare "); 565 if ( 566 #if SMP_CONFORMANCE_TESTING == TRUE 567 p_cb->skip_test_compare_check || 568 #endif 569 !memcmp(p_cb->rconfirm, p_data->key.p_data, BT_OCTET16_LEN)) 570 { 571 /* compare the max encryption key size, and save the smaller one for the link */ 572 if ( p_cb->peer_enc_size < p_cb->loc_enc_size) 573 p_cb->loc_enc_size = p_cb->peer_enc_size; 574 575 if (p_cb->role == HCI_ROLE_SLAVE) 576 smp_sm_event(p_cb, SMP_RAND_EVT, NULL); 577 else 578 { 579 /* master device always use received i/r key as keys to distribute */ 580 p_cb->loc_i_key = p_cb->peer_i_key; 581 p_cb->loc_r_key = p_cb->peer_r_key; 582 583 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL); 584 } 585 586 } 587 else 588 { 589 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR; 590 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 591 } 592 } 593 /******************************************************************************* 594 ** Function smp_proc_sl_key 595 ** Description process key ready events. 596 *******************************************************************************/ 597 void smp_proc_sl_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 598 { 599 UINT8 key_type = p_data->key.key_type; 600 601 SMP_TRACE_DEBUG ("smp_proc_sl_keysmp_proc_sl_key "); 602 if (key_type == SMP_KEY_TYPE_TK) 603 { 604 smp_generate_confirm(p_cb, NULL); 605 } 606 else if (key_type == SMP_KEY_TYPE_CFM) 607 { 608 smp_set_state(SMP_ST_WAIT_CONFIRM); 609 610 if (p_cb->flags & SMP_PAIR_FLAGS_CMD_CONFIRM) 611 smp_sm_event(p_cb, SMP_CONFIRM_EVT, NULL); 612 613 } 614 } 615 /******************************************************************************* 616 ** Function smp_start_enc 617 ** Description start encryption 618 *******************************************************************************/ 619 void smp_start_enc(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 620 { 621 tBTM_STATUS cmd; 622 UINT8 reason = SMP_ENC_FAIL; 623 624 SMP_TRACE_DEBUG ("smp_start_enc "); 625 if (p_data != NULL) 626 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, TRUE, p_data->key.p_data); 627 else 628 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, FALSE, NULL); 629 630 if (cmd != BTM_CMD_STARTED && cmd != BTM_BUSY) 631 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 632 633 } 634 635 /******************************************************************************* 636 ** Function smp_proc_discard 637 ** Description processing for discard security request 638 *******************************************************************************/ 639 void smp_proc_discard(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 640 { 641 UNUSED(p_data); 642 643 SMP_TRACE_DEBUG ("smp_proc_discard "); 644 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)) 645 smp_reset_control_value(p_cb); 646 } 647 /******************************************************************************* 648 ** Function smp_proc_release_delay 649 ** Description process the release delay request 650 *******************************************************************************/ 651 void smp_proc_release_delay(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 652 { 653 UNUSED(p_data); 654 655 SMP_TRACE_DEBUG ("smp_proc_release_delay "); 656 btu_stop_timer (&p_cb->rsp_timer_ent); 657 btu_start_timer (&p_cb->rsp_timer_ent, BTU_TTYPE_SMP_PAIRING_CMD, 658 SMP_WAIT_FOR_REL_DELAY_TOUT); 659 } 660 661 /******************************************************************************* 662 ** Function smp_proc_release_delay_tout 663 ** Description processing the release delay timeout 664 *******************************************************************************/ 665 void smp_proc_release_delay_tout(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 666 { 667 UNUSED(p_data); 668 669 SMP_TRACE_DEBUG ("smp_proc_release_delay_tout "); 670 btu_stop_timer (&p_cb->rsp_timer_ent); 671 smp_proc_pairing_cmpl(p_cb); 672 } 673 674 675 /******************************************************************************* 676 ** Function smp_enc_cmpl 677 ** Description encryption success 678 *******************************************************************************/ 679 void smp_enc_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 680 { 681 UINT8 enc_enable = *(UINT8 *)p_data; 682 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL; 683 684 SMP_TRACE_DEBUG ("smp_enc_cmpl "); 685 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 686 } 687 688 689 /******************************************************************************* 690 ** Function smp_check_auth_req 691 ** Description check authentication request 692 *******************************************************************************/ 693 void smp_check_auth_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 694 { 695 UINT8 enc_enable = *(UINT8 *)p_data; 696 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL; 697 698 SMP_TRACE_DEBUG ("smp_check_auth_req enc_enable=%d i_keys=0x%x r_keys=0x%x (i-initiator r-responder)", 699 enc_enable, p_cb->loc_i_key, p_cb->loc_r_key); 700 if (enc_enable == 1) 701 { 702 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) || 703 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/ 704 (p_cb->loc_i_key || p_cb->loc_r_key)) 705 { 706 smp_sm_event(p_cb, SMP_BOND_REQ_EVT, NULL); 707 } 708 else 709 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 710 } 711 else if (enc_enable == 0) 712 { 713 /* if failed for encryption after pairing, send callback */ 714 if (p_cb->flags & SMP_PAIR_FLAG_ENC_AFTER_PAIR) 715 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 716 /* if enc failed for old security information */ 717 /* if master device, clean up and abck to idle; slave device do nothing */ 718 else if (p_cb->role == HCI_ROLE_MASTER) 719 { 720 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 721 } 722 } 723 } 724 725 /******************************************************************************* 726 ** Function smp_key_pick_key 727 ** Description Pick a key distribution function based on the key mask. 728 *******************************************************************************/ 729 void smp_key_pick_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 730 { 731 UINT8 key_to_dist = (p_cb->role == HCI_ROLE_SLAVE) ? p_cb->loc_r_key : p_cb->loc_i_key; 732 UINT8 i = 0; 733 734 SMP_TRACE_DEBUG ("smp_key_pick_key key_to_dist=0x%x", key_to_dist); 735 while (i < MAX_KEY_DISTRIBUTION_TYPES) 736 { 737 SMP_TRACE_DEBUG("key to send = %02x, i = %d", key_to_dist, i); 738 739 if (key_to_dist & (1 << i)) 740 { 741 SMP_TRACE_DEBUG ("smp_distribute_act[%d]", i); 742 (* smp_distribute_act[i])(p_cb, p_data); 743 break; 744 } 745 i ++; 746 } 747 } 748 /******************************************************************************* 749 ** Function smp_key_distribution 750 ** Description start key distribution if required. 751 *******************************************************************************/ 752 void smp_key_distribution(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 753 { 754 UINT8 reason = SMP_SUCCESS; 755 SMP_TRACE_DEBUG ("smp_key_distribution role=%d (0-master) r_keys=0x%x i_keys=0x%x", 756 p_cb->role, p_cb->loc_r_key, p_cb->loc_i_key); 757 758 if (p_cb->role == HCI_ROLE_SLAVE|| 759 (!p_cb->loc_r_key && p_cb->role == HCI_ROLE_MASTER)) 760 { 761 smp_key_pick_key(p_cb, p_data); 762 } 763 764 if (!p_cb->loc_i_key && !p_cb->loc_r_key) 765 { 766 /* state check to prevent re-entrant */ 767 if (smp_get_state() == SMP_ST_BOND_PENDING) 768 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 769 } 770 } 771 /******************************************************************************* 772 ** Function smp_decide_asso_model 773 ** Description This function is called to compare both sides' io capability 774 ** oob data flag and authentication request, and decide the 775 ** association model to use for the authentication. 776 *******************************************************************************/ 777 void smp_decide_asso_model(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 778 { 779 UINT8 failure = SMP_UNKNOWN_IO_CAP; 780 tSMP_ASSO_MODEL model = SMP_MODEL_MAX; 781 UINT8 int_evt = 0; 782 tSMP_KEY key; 783 tSMP_INT_DATA *p = NULL; 784 UNUSED(p_data); 785 786 SMP_TRACE_DEBUG ("smp_decide_asso_model p_cb->peer_io_caps = %d p_cb->loc_io_caps = %d \ 787 p_cb->peer_auth_req = %02x", 788 p_cb->peer_io_caps, p_cb->loc_io_caps, p_cb->peer_auth_req); 789 790 /* OOB data present on both devices, use OOB association model */ 791 if (p_cb->peer_oob_flag == SMP_OOB_PRESENT && p_cb->loc_oob_flag == SMP_OOB_PRESENT) 792 { 793 model = SMP_MODEL_OOB; 794 } 795 /* no MITM required, ignore IO cap, use encryption only */ 796 else if (SMP_NO_MITM_REQUIRED (p_cb->peer_auth_req) && 797 SMP_NO_MITM_REQUIRED(p_cb->loc_auth_req)) 798 { 799 model = SMP_MODEL_ENC_ONLY; 800 } 801 else/* use IO capability to decide assiciation model */ 802 { 803 if (p_cb->peer_io_caps < SMP_IO_CAP_MAX && p_cb->loc_io_caps < SMP_IO_CAP_MAX) 804 { 805 if (p_cb->role == HCI_ROLE_MASTER) 806 model = smp_association_table[p_cb->role][p_cb->peer_io_caps][p_cb->loc_io_caps]; 807 else 808 model = smp_association_table[p_cb->role][p_cb->loc_io_caps][p_cb->peer_io_caps]; 809 } 810 } 811 812 SMP_TRACE_DEBUG("Association Model = %d", model); 813 814 if (model == SMP_MODEL_OOB) 815 { 816 SMP_TRACE_ERROR("Association Model = SMP_MODEL_OOB"); 817 p_cb->sec_level = SMP_SEC_AUTHENTICATED; 818 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level ); 819 p_cb->cb_evt = SMP_OOB_REQ_EVT; 820 821 int_evt = SMP_TK_REQ_EVT; 822 } 823 else if (model == SMP_MODEL_PASSKEY) 824 { 825 p_cb->sec_level = SMP_SEC_AUTHENTICATED; 826 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level ); 827 828 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT; 829 int_evt = SMP_TK_REQ_EVT; 830 } 831 else if (model == SMP_MODEL_KEY_NOTIF) 832 { 833 p_cb->sec_level = SMP_SEC_AUTHENTICATED; 834 835 SMP_TRACE_DEBUG("Need to generate Passkey"); 836 /* generate passkey and notify application */ 837 smp_generate_passkey(p_cb, NULL); 838 } 839 else if (model == SMP_MODEL_ENC_ONLY) /* TK = 0, go calculate Confirm */ 840 { 841 if (p_cb->role == HCI_ROLE_MASTER && 842 ((p_cb->peer_auth_req & SMP_AUTH_YN_BIT) != 0) && 843 ((p_cb->loc_auth_req & SMP_AUTH_YN_BIT) == 0)) 844 { 845 SMP_TRACE_ERROR("IO capability does not meet authentication requirement"); 846 failure = SMP_PAIR_AUTH_FAIL; 847 p = (tSMP_INT_DATA *)&failure; 848 int_evt = SMP_AUTH_CMPL_EVT; 849 } 850 else 851 { 852 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE; 853 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level ); 854 855 key.key_type = SMP_KEY_TYPE_TK; 856 key.p_data = p_cb->tk; 857 p = (tSMP_INT_DATA *)&key; 858 859 memset(p_cb->tk, 0, BT_OCTET16_LEN); 860 /* TK, ready */ 861 int_evt = SMP_KEY_READY_EVT; 862 } 863 } 864 else if (model == SMP_MODEL_MAX) 865 { 866 SMP_TRACE_ERROR("Association Model = SMP_MODEL_MAX (failed)"); 867 p = (tSMP_INT_DATA *)&failure; 868 int_evt = SMP_AUTH_CMPL_EVT; 869 } 870 871 SMP_TRACE_EVENT ("sec_level=%d ", p_cb->sec_level ); 872 if (int_evt) 873 smp_sm_event(p_cb, int_evt, p); 874 } 875 876 /******************************************************************************* 877 ** Function smp_proc_io_rsp 878 ** Description process IO response for a slave device. 879 *******************************************************************************/ 880 void smp_proc_io_rsp(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 881 { 882 UNUSED(p_data); 883 884 SMP_TRACE_DEBUG ("smp_proc_io_rsp "); 885 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD) 886 { 887 smp_set_state(SMP_ST_SEC_REQ_PENDING); 888 smp_send_cmd(SMP_OPCODE_SEC_REQ, p_cb); 889 } 890 else /* respond to pairing request */ 891 { 892 smp_send_pair_rsp(p_cb, NULL); 893 } 894 } 895 /******************************************************************************* 896 ** Function smp_pairing_cmpl 897 ** Description This function is called to send the pairing complete callback 898 ** and remove the connection if needed. 899 *******************************************************************************/ 900 void smp_pairing_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 901 { 902 903 SMP_TRACE_DEBUG ("smp_pairing_cmpl "); 904 905 if ((p_cb->status == SMP_SUCCESS) || 906 (p_cb->status <= SMP_REPEATED_ATTEMPTS && p_cb->status != SMP_SUCCESS)) 907 { 908 smp_sm_event(p_cb, SMP_RELEASE_DELAY_EVT, p_data); 909 } 910 else 911 { 912 /* this will transition to idle state right away */ 913 smp_sm_event(p_cb, SMP_RELEASE_DELAY_TOUT_EVT, p_data); 914 } 915 916 } 917 /******************************************************************************* 918 ** Function smp_pair_terminate 919 ** Description This function is called to send the pairing complete callback 920 ** and remove the connection if needed. 921 *******************************************************************************/ 922 void smp_pair_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 923 { 924 UNUSED(p_data); 925 926 SMP_TRACE_DEBUG ("smp_pair_terminate "); 927 928 p_cb->status = SMP_CONN_TOUT; 929 930 smp_proc_pairing_cmpl(p_cb); 931 } 932 933 /******************************************************************************* 934 ** Function smp_delay_terminate 935 ** Description This function is called when connection dropped when smp delay 936 ** timer is still active. 937 *******************************************************************************/ 938 void smp_delay_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 939 { 940 SMP_TRACE_DEBUG ("smp_delay_terminate "); 941 942 btu_stop_timer (&p_cb->rsp_timer_ent); 943 944 /* if remote user terminate connection, keep the previous status */ 945 /* this is to avoid reporting reverse status to uplayer */ 946 if (p_data->reason != HCI_ERR_PEER_USER) 947 p_cb->status = SMP_CONN_TOUT; 948 949 smp_proc_pairing_cmpl(p_cb); 950 } 951 /******************************************************************************* 952 ** Function smp_idle_terminate 953 ** Description This function called in idle state to determine to send authentication 954 ** complete or not. 955 *******************************************************************************/ 956 void smp_idle_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 957 { 958 UNUSED(p_data); 959 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD) 960 { 961 SMP_TRACE_DEBUG("Pairing terminated at IDLE state."); 962 p_cb->status = SMP_FAIL; 963 smp_proc_pairing_cmpl(p_cb); 964 } 965 } 966 967 /******************************************************************************* 968 ** Function smp_fast_conn_param 969 ** Description apply default connection parameter for pairing process 970 *******************************************************************************/ 971 void smp_fast_conn_param(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 972 { 973 /* disable connection parameter update */ 974 (void)L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, FALSE); 975 } 976 977 978 /******************************************************************************* 979 ** 980 ** Function smp_link_encrypted 981 ** 982 ** Description This function is called when link is encrypted and notified to 983 ** slave device. Proceed to to send LTK, DIV and ER to master if 984 ** bonding the devices. 985 ** 986 ** 987 ** Returns void 988 ** 989 *******************************************************************************/ 990 void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable) 991 { 992 tSMP_CB *p_cb = &smp_cb; 993 994 SMP_TRACE_DEBUG ("smp_link_encrypted encr_enable=%d",encr_enable); 995 996 if (memcmp(&smp_cb.pairing_bda[0], bda, BD_ADDR_LEN) == 0) 997 { 998 /* encryption completed with STK, remmeber the key size now, could be overwite 999 * when key exchange happens */ 1000 if (p_cb->loc_enc_size != 0 && encr_enable) 1001 { 1002 /* update the link encryption key size if a SMP pairing just performed */ 1003 btm_ble_update_sec_key_size(bda, p_cb->loc_enc_size); 1004 } 1005 1006 smp_sm_event(&smp_cb, SMP_ENCRYPTED_EVT, &encr_enable); 1007 } 1008 } 1009 /******************************************************************************* 1010 ** 1011 ** Function smp_proc_ltk_request 1012 ** 1013 ** Description This function is called when LTK request is received from 1014 ** controller. 1015 ** 1016 ** Returns void 1017 ** 1018 *******************************************************************************/ 1019 BOOLEAN smp_proc_ltk_request(BD_ADDR bda) 1020 { 1021 SMP_TRACE_DEBUG ("smp_proc_ltk_request state = %d", smp_cb.state); 1022 if ( smp_cb.state == SMP_ST_ENC_PENDING && 1023 !memcmp(bda, smp_cb.pairing_bda, BD_ADDR_LEN)) 1024 { 1025 smp_sm_event(&smp_cb, SMP_ENC_REQ_EVT, NULL); 1026 1027 return TRUE; 1028 } 1029 1030 return FALSE; 1031 } 1032 #endif 1033 1034
