1 /****************************************************************************** 2 * 3 * Copyright (C) 2003-2012 Broadcom Corporation 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19 #include <string.h> 20 #include "device/include/interop.h" 21 #include "include/bt_target.h" 22 #include "stack/btm/btm_int.h" 23 #include "stack/include/l2c_api.h" 24 #include "stack/smp/smp_int.h" 25 #include "utils/include/bt_utils.h" 26 27 #if SMP_INCLUDED == TRUE 28 const UINT8 smp_association_table[2][SMP_IO_CAP_MAX][SMP_IO_CAP_MAX] = 29 { 30 /* initiator */ 31 {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* Display Only */ 32 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* SMP_CAP_IO = 1 */ 33 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* keyboard only */ 34 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */ 35 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}}, /* keyboard display */ 36 /* responder */ 37 {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* Display Only */ 38 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* SMP_CAP_IO = 1 */ 39 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* keyboard only */ 40 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */ 41 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}} /* keyboard display */ 42 /* display only */ /*SMP_CAP_IO = 1 */ /* keyboard only */ /* No InputOutput */ /* keyboard display */ 43 }; 44 45 #define SMP_KEY_DIST_TYPE_MAX 4 46 const tSMP_ACT smp_distribute_act [] = 47 { 48 smp_generate_ltk, 49 smp_send_id_info, 50 smp_generate_csrk, 51 smp_set_derive_link_key 52 }; 53 54 /******************************************************************************* 55 ** Function smp_update_key_mask 56 ** Description This function updates the key mask for sending or receiving. 57 *******************************************************************************/ 58 static void smp_update_key_mask (tSMP_CB *p_cb, UINT8 key_type, BOOLEAN recv) 59 { 60 SMP_TRACE_DEBUG("%s before update role=%d recv=%d local_i_key = %02x, local_r_key = %02x", 61 __func__, p_cb->role, recv, p_cb->local_i_key, p_cb->local_r_key); 62 63 if (((p_cb->le_secure_connections_mode_is_used) || 64 (p_cb->smp_over_br)) && 65 ((key_type == SMP_SEC_KEY_TYPE_ENC) || (key_type == SMP_SEC_KEY_TYPE_LK))) 66 { 67 /* in LE SC mode LTK, CSRK and BR/EDR LK are derived locally instead of 68 ** being exchanged with the peer */ 69 p_cb->local_i_key &= ~key_type; 70 p_cb->local_r_key &= ~key_type; 71 } 72 else 73 if (p_cb->role == HCI_ROLE_SLAVE) 74 { 75 if (recv) 76 p_cb->local_i_key &= ~key_type; 77 else 78 p_cb->local_r_key &= ~key_type; 79 } 80 else 81 { 82 if (recv) 83 p_cb->local_r_key &= ~key_type; 84 else 85 p_cb->local_i_key &= ~key_type; 86 } 87 88 SMP_TRACE_DEBUG("updated local_i_key = %02x, local_r_key = %02x", p_cb->local_i_key, 89 p_cb->local_r_key); 90 } 91 92 /******************************************************************************* 93 ** Function smp_send_app_cback 94 ** Description notifies application about the events the application is interested in 95 *******************************************************************************/ 96 void smp_send_app_cback(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 97 { 98 tSMP_EVT_DATA cb_data; 99 tSMP_STATUS callback_rc; 100 SMP_TRACE_DEBUG("%s p_cb->cb_evt=%d", __func__, p_cb->cb_evt); 101 if (p_cb->p_callback && p_cb->cb_evt != 0) 102 { 103 switch (p_cb->cb_evt) 104 { 105 case SMP_IO_CAP_REQ_EVT: 106 cb_data.io_req.auth_req = p_cb->peer_auth_req; 107 cb_data.io_req.oob_data = SMP_OOB_NONE; 108 cb_data.io_req.io_cap = SMP_DEFAULT_IO_CAPS; 109 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE; 110 cb_data.io_req.init_keys = p_cb->local_i_key ; 111 cb_data.io_req.resp_keys = p_cb->local_r_key ; 112 SMP_TRACE_WARNING ( "io_cap = %d",cb_data.io_req.io_cap); 113 break; 114 115 case SMP_NC_REQ_EVT: 116 cb_data.passkey = p_data->passkey; 117 break; 118 case SMP_SC_OOB_REQ_EVT: 119 cb_data.req_oob_type = p_data->req_oob_type; 120 break; 121 case SMP_SC_LOC_OOB_DATA_UP_EVT: 122 cb_data.loc_oob_data = p_cb->sc_oob_data.loc_oob_data; 123 break; 124 125 case SMP_BR_KEYS_REQ_EVT: 126 cb_data.io_req.auth_req = 0; 127 cb_data.io_req.oob_data = SMP_OOB_NONE; 128 cb_data.io_req.io_cap = 0; 129 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE; 130 cb_data.io_req.init_keys = SMP_BR_SEC_DEFAULT_KEY; 131 cb_data.io_req.resp_keys = SMP_BR_SEC_DEFAULT_KEY; 132 break; 133 134 default: 135 break; 136 } 137 138 callback_rc = (*p_cb->p_callback)(p_cb->cb_evt, p_cb->pairing_bda, &cb_data); 139 140 SMP_TRACE_DEBUG("callback_rc=%d p_cb->cb_evt=%d",callback_rc, p_cb->cb_evt ); 141 142 if (callback_rc == SMP_SUCCESS) 143 { 144 switch (p_cb->cb_evt) 145 { 146 case SMP_IO_CAP_REQ_EVT: 147 p_cb->loc_auth_req = cb_data.io_req.auth_req; 148 p_cb->local_io_capability = cb_data.io_req.io_cap; 149 p_cb->loc_oob_flag = cb_data.io_req.oob_data; 150 p_cb->loc_enc_size = cb_data.io_req.max_key_size; 151 p_cb->local_i_key = cb_data.io_req.init_keys; 152 p_cb->local_r_key = cb_data.io_req.resp_keys; 153 154 if (!(p_cb->loc_auth_req & SMP_AUTH_BOND)) 155 { 156 SMP_TRACE_WARNING ("Non bonding: No keys will be exchanged"); 157 p_cb->local_i_key = 0; 158 p_cb->local_r_key = 0; 159 } 160 161 SMP_TRACE_WARNING ( "rcvd auth_req: 0x%02x, io_cap: %d \ 162 loc_oob_flag: %d loc_enc_size: %d," 163 "local_i_key: 0x%02x, local_r_key: 0x%02x", 164 p_cb->loc_auth_req, p_cb->local_io_capability, p_cb->loc_oob_flag, 165 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key); 166 167 p_cb->secure_connections_only_mode_required = 168 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE; 169 170 if (p_cb->secure_connections_only_mode_required) 171 { 172 p_cb->loc_auth_req |= SMP_SC_SUPPORT_BIT; 173 } 174 175 if (!(p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT) 176 || interop_match(INTEROP_DISABLE_LE_SECURE_CONNECTIONS, 177 (const bt_bdaddr_t *)&p_cb->pairing_bda)) 178 { 179 p_cb->loc_auth_req &= ~SMP_KP_SUPPORT_BIT; 180 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK; 181 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK; 182 } 183 184 SMP_TRACE_WARNING("set auth_req: 0x%02x, local_i_key: 0x%02x, local_r_key: 0x%02x", 185 p_cb->loc_auth_req, p_cb->local_i_key, p_cb->local_r_key); 186 187 smp_sm_event(p_cb, SMP_IO_RSP_EVT, NULL); 188 break; 189 190 case SMP_BR_KEYS_REQ_EVT: 191 p_cb->loc_enc_size = cb_data.io_req.max_key_size; 192 p_cb->local_i_key = cb_data.io_req.init_keys; 193 p_cb->local_r_key = cb_data.io_req.resp_keys; 194 195 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK; 196 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK; 197 198 SMP_TRACE_WARNING ( "for SMP over BR max_key_size: 0x%02x,\ 199 local_i_key: 0x%02x, local_r_key: 0x%02x", 200 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key); 201 202 smp_br_state_machine_event(p_cb, SMP_BR_KEYS_RSP_EVT, NULL); 203 break; 204 } 205 } 206 } 207 208 if (!p_cb->cb_evt && p_cb->discard_sec_req) 209 { 210 p_cb->discard_sec_req = FALSE; 211 smp_sm_event(p_cb, SMP_DISCARD_SEC_REQ_EVT, NULL); 212 } 213 214 SMP_TRACE_DEBUG("%s return", __func__); 215 } 216 217 /******************************************************************************* 218 ** Function smp_send_pair_fail 219 ** Description pairing failure to peer device if needed. 220 *******************************************************************************/ 221 void smp_send_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 222 { 223 p_cb->status = *(UINT8 *)p_data; 224 p_cb->failure = *(UINT8 *)p_data; 225 226 SMP_TRACE_DEBUG("%s status=%d failure=%d ", __func__, p_cb->status, p_cb->failure); 227 228 if (p_cb->status <= SMP_MAX_FAIL_RSN_PER_SPEC && p_cb->status != SMP_SUCCESS) 229 { 230 smp_send_cmd(SMP_OPCODE_PAIRING_FAILED, p_cb); 231 p_cb->wait_for_authorization_complete = TRUE; 232 } 233 } 234 235 /******************************************************************************* 236 ** Function smp_send_pair_req 237 ** Description actions related to sending pairing request 238 *******************************************************************************/ 239 void smp_send_pair_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 240 { 241 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda); 242 SMP_TRACE_DEBUG("%s", __func__); 243 244 /* erase all keys when master sends pairing req*/ 245 if (p_dev_rec) 246 btm_sec_clear_ble_keys(p_dev_rec); 247 /* do not manipulate the key, let app decide, 248 leave out to BTM to mandate key distribution for bonding case */ 249 smp_send_cmd(SMP_OPCODE_PAIRING_REQ, p_cb); 250 } 251 252 /******************************************************************************* 253 ** Function smp_send_pair_rsp 254 ** Description actions related to sending pairing response 255 *******************************************************************************/ 256 void smp_send_pair_rsp(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 257 { 258 SMP_TRACE_DEBUG("%s", __func__); 259 260 p_cb->local_i_key &= p_cb->peer_i_key; 261 p_cb->local_r_key &= p_cb->peer_r_key; 262 263 if (smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb)) 264 { 265 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) 266 smp_use_oob_private_key(p_cb, NULL); 267 else 268 smp_decide_association_model(p_cb, NULL); 269 } 270 } 271 272 /******************************************************************************* 273 ** Function smp_send_confirm 274 ** Description send confirmation to the peer 275 *******************************************************************************/ 276 void smp_send_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 277 { 278 SMP_TRACE_DEBUG("%s", __func__); 279 smp_send_cmd(SMP_OPCODE_CONFIRM, p_cb); 280 } 281 282 /******************************************************************************* 283 ** Function smp_send_init 284 ** Description process pairing initializer to slave device 285 *******************************************************************************/ 286 void smp_send_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 287 { 288 SMP_TRACE_DEBUG("%s", __func__); 289 smp_send_cmd(SMP_OPCODE_INIT, p_cb); 290 } 291 292 /******************************************************************************* 293 ** Function smp_send_rand 294 ** Description send pairing random to the peer 295 *******************************************************************************/ 296 void smp_send_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 297 { 298 SMP_TRACE_DEBUG("%s", __func__); 299 smp_send_cmd(SMP_OPCODE_RAND, p_cb); 300 } 301 302 /******************************************************************************* 303 ** Function smp_send_pair_public_key 304 ** Description send pairing public key command to the peer 305 *******************************************************************************/ 306 void smp_send_pair_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 307 { 308 SMP_TRACE_DEBUG("%s", __func__); 309 smp_send_cmd(SMP_OPCODE_PAIR_PUBLIC_KEY, p_cb); 310 } 311 312 /******************************************************************************* 313 ** Function SMP_SEND_COMMITMENT 314 ** Description send commitment command to the peer 315 *******************************************************************************/ 316 void smp_send_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 317 { 318 SMP_TRACE_DEBUG("%s", __func__); 319 smp_send_cmd(SMP_OPCODE_PAIR_COMMITM, p_cb); 320 } 321 322 /******************************************************************************* 323 ** Function smp_send_dhkey_check 324 ** Description send DHKey Check command to the peer 325 *******************************************************************************/ 326 void smp_send_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 327 { 328 SMP_TRACE_DEBUG("%s", __func__); 329 smp_send_cmd(SMP_OPCODE_PAIR_DHKEY_CHECK, p_cb); 330 } 331 332 /******************************************************************************* 333 ** Function smp_send_keypress_notification 334 ** Description send Keypress Notification command to the peer 335 *******************************************************************************/ 336 void smp_send_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 337 { 338 p_cb->local_keypress_notification = *(UINT8 *) p_data; 339 smp_send_cmd(SMP_OPCODE_PAIR_KEYPR_NOTIF, p_cb); 340 } 341 342 /******************************************************************************* 343 ** Function smp_send_enc_info 344 ** Description send encryption information command. 345 *******************************************************************************/ 346 void smp_send_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 347 { 348 tBTM_LE_LENC_KEYS le_key; 349 350 SMP_TRACE_DEBUG("%s p_cb->loc_enc_size = %d", __func__, p_cb->loc_enc_size); 351 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE); 352 353 smp_send_cmd(SMP_OPCODE_ENCRYPT_INFO, p_cb); 354 smp_send_cmd(SMP_OPCODE_MASTER_ID, p_cb); 355 356 /* save the DIV and key size information when acting as slave device */ 357 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN); 358 le_key.div = p_cb->div; 359 le_key.key_size = p_cb->loc_enc_size; 360 le_key.sec_level = p_cb->sec_level; 361 362 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND)) 363 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LENC, 364 (tBTM_LE_KEY_VALUE *)&le_key, TRUE); 365 366 SMP_TRACE_WARNING ("%s", __func__); 367 368 smp_key_distribution(p_cb, NULL); 369 } 370 371 /******************************************************************************* 372 ** Function smp_send_id_info 373 ** Description send ID information command. 374 *******************************************************************************/ 375 void smp_send_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 376 { 377 tBTM_LE_KEY_VALUE le_key; 378 SMP_TRACE_DEBUG("%s", __func__); 379 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, FALSE); 380 381 smp_send_cmd(SMP_OPCODE_IDENTITY_INFO, p_cb); 382 smp_send_cmd(SMP_OPCODE_ID_ADDR, p_cb); 383 384 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND)) 385 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LID, 386 &le_key, TRUE); 387 388 SMP_TRACE_WARNING ("%s", __func__); 389 smp_key_distribution_by_transport(p_cb, NULL); 390 } 391 392 /******************************************************************************* 393 ** Function smp_send_csrk_info 394 ** Description send CSRK command. 395 *******************************************************************************/ 396 void smp_send_csrk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 397 { 398 tBTM_LE_LCSRK_KEYS key; 399 SMP_TRACE_DEBUG("%s", __func__); 400 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, FALSE); 401 402 if (smp_send_cmd(SMP_OPCODE_SIGN_INFO, p_cb)) 403 { 404 key.div = p_cb->div; 405 key.sec_level = p_cb->sec_level; 406 key.counter = 0; /* initialize the local counter */ 407 memcpy (key.csrk, p_cb->csrk, BT_OCTET16_LEN); 408 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LCSRK, (tBTM_LE_KEY_VALUE *)&key, TRUE); 409 } 410 411 smp_key_distribution_by_transport(p_cb, NULL); 412 } 413 414 /******************************************************************************* 415 ** Function smp_send_ltk_reply 416 ** Description send LTK reply 417 *******************************************************************************/ 418 void smp_send_ltk_reply(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 419 { 420 SMP_TRACE_DEBUG("%s", __func__); 421 /* send stk as LTK response */ 422 btm_ble_ltk_request_reply(p_cb->pairing_bda, TRUE, p_data->key.p_data); 423 } 424 425 /******************************************************************************* 426 ** Function smp_proc_sec_req 427 ** Description process security request. 428 *******************************************************************************/ 429 void smp_proc_sec_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 430 { 431 tBTM_LE_AUTH_REQ auth_req = *(tBTM_LE_AUTH_REQ *)p_data; 432 tBTM_BLE_SEC_REQ_ACT sec_req_act; 433 UINT8 reason; 434 435 SMP_TRACE_DEBUG("%s auth_req=0x%x", __func__, auth_req); 436 437 p_cb->cb_evt = 0; 438 439 btm_ble_link_sec_check(p_cb->pairing_bda, auth_req, &sec_req_act); 440 441 SMP_TRACE_DEBUG("%s sec_req_act=0x%x", __func__, sec_req_act); 442 443 switch (sec_req_act) 444 { 445 case BTM_BLE_SEC_REQ_ACT_ENCRYPT: 446 SMP_TRACE_DEBUG("%s BTM_BLE_SEC_REQ_ACT_ENCRYPT", __func__); 447 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL); 448 break; 449 450 case BTM_BLE_SEC_REQ_ACT_PAIR: 451 p_cb->secure_connections_only_mode_required = 452 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE; 453 454 /* respond to non SC pairing request as failure in SC only mode */ 455 if (p_cb->secure_connections_only_mode_required && 456 (auth_req & SMP_SC_SUPPORT_BIT) == 0) 457 { 458 reason = SMP_PAIR_AUTH_FAIL; 459 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 460 } 461 else 462 { 463 /* initialize local i/r key to be default keys */ 464 p_cb->peer_auth_req = auth_req; 465 p_cb->local_r_key = p_cb->local_i_key = SMP_SEC_DEFAULT_KEY ; 466 p_cb->cb_evt = SMP_SEC_REQUEST_EVT; 467 } 468 break; 469 470 case BTM_BLE_SEC_REQ_ACT_DISCARD: 471 p_cb->discard_sec_req = TRUE; 472 break; 473 474 default: 475 /* do nothing */ 476 break; 477 } 478 } 479 480 /******************************************************************************* 481 ** Function smp_proc_sec_grant 482 ** Description process security grant. 483 *******************************************************************************/ 484 void smp_proc_sec_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 485 { 486 UINT8 res= *(UINT8 *)p_data; 487 SMP_TRACE_DEBUG("%s", __func__); 488 if (res != SMP_SUCCESS) 489 { 490 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, p_data); 491 } 492 else /*otherwise, start pairing */ 493 { 494 /* send IO request callback */ 495 p_cb->cb_evt = SMP_IO_CAP_REQ_EVT; 496 } 497 } 498 499 /******************************************************************************* 500 ** Function smp_proc_pair_fail 501 ** Description process pairing failure from peer device 502 *******************************************************************************/ 503 void smp_proc_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 504 { 505 SMP_TRACE_DEBUG("%s", __func__); 506 p_cb->status = *(UINT8 *)p_data; 507 } 508 509 /******************************************************************************* 510 ** Function smp_proc_pair_cmd 511 ** Description Process the SMP pairing request/response from peer device 512 *******************************************************************************/ 513 void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 514 { 515 UINT8 *p = (UINT8 *)p_data; 516 UINT8 reason = SMP_ENC_KEY_SIZE; 517 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda); 518 519 SMP_TRACE_DEBUG("%s", __func__); 520 /* erase all keys if it is slave proc pairing req*/ 521 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE)) 522 btm_sec_clear_ble_keys(p_dev_rec); 523 524 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR; 525 526 STREAM_TO_UINT8(p_cb->peer_io_caps, p); 527 STREAM_TO_UINT8(p_cb->peer_oob_flag, p); 528 STREAM_TO_UINT8(p_cb->peer_auth_req, p); 529 STREAM_TO_UINT8(p_cb->peer_enc_size, p); 530 STREAM_TO_UINT8(p_cb->peer_i_key, p); 531 STREAM_TO_UINT8(p_cb->peer_r_key, p); 532 533 if (smp_command_has_invalid_parameters(p_cb)) 534 { 535 reason = SMP_INVALID_PARAMETERS; 536 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 537 return; 538 } 539 540 if (p_cb->role == HCI_ROLE_SLAVE) 541 { 542 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)) 543 { 544 /* peer (master) started pairing sending Pairing Request */ 545 p_cb->local_i_key = p_cb->peer_i_key; 546 p_cb->local_r_key = p_cb->peer_r_key; 547 548 p_cb->cb_evt = SMP_SEC_REQUEST_EVT; 549 } 550 else /* update local i/r key according to pairing request */ 551 { 552 /* pairing started with this side (slave) sending Security Request */ 553 p_cb->local_i_key &= p_cb->peer_i_key; 554 p_cb->local_r_key &= p_cb->peer_r_key; 555 p_cb->selected_association_model = smp_select_association_model(p_cb); 556 557 if (p_cb->secure_connections_only_mode_required && 558 (!(p_cb->le_secure_connections_mode_is_used) || 559 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS))) 560 { 561 SMP_TRACE_ERROR("%s pairing failed - slave requires secure connection only mode", 562 __func__); 563 reason = SMP_PAIR_AUTH_FAIL; 564 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 565 return; 566 } 567 568 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) 569 { 570 if (smp_request_oob_data(p_cb)) return; 571 } 572 else 573 { 574 smp_send_pair_rsp(p_cb, NULL); 575 } 576 } 577 } 578 else /* Master receives pairing response */ 579 { 580 p_cb->selected_association_model = smp_select_association_model(p_cb); 581 582 if (p_cb->secure_connections_only_mode_required && 583 (!(p_cb->le_secure_connections_mode_is_used) || 584 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS))) 585 { 586 SMP_TRACE_ERROR ("Master requires secure connection only mode \ 587 but it can't be provided -> Master fails pairing"); 588 reason = SMP_PAIR_AUTH_FAIL; 589 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 590 return; 591 } 592 593 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) 594 { 595 if (smp_request_oob_data(p_cb)) return; 596 } 597 else 598 { 599 smp_decide_association_model(p_cb, NULL); 600 } 601 } 602 } 603 604 /******************************************************************************* 605 ** Function smp_proc_confirm 606 ** Description process pairing confirm from peer device 607 *******************************************************************************/ 608 void smp_proc_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 609 { 610 UINT8 *p = (UINT8 *)p_data; 611 UINT8 reason = SMP_INVALID_PARAMETERS; 612 613 SMP_TRACE_DEBUG("%s", __func__); 614 615 if (smp_command_has_invalid_parameters(p_cb)) 616 { 617 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 618 return; 619 } 620 621 if (p != NULL) 622 { 623 /* save the SConfirm for comparison later */ 624 STREAM_TO_ARRAY(p_cb->rconfirm, p, BT_OCTET16_LEN); 625 } 626 627 p_cb->flags |= SMP_PAIR_FLAGS_CMD_CONFIRM; 628 } 629 630 /******************************************************************************* 631 ** Function smp_proc_init 632 ** Description process pairing initializer from peer device 633 *******************************************************************************/ 634 void smp_proc_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 635 { 636 UINT8 *p = (UINT8 *)p_data; 637 UINT8 reason = SMP_INVALID_PARAMETERS; 638 639 SMP_TRACE_DEBUG("%s", __func__); 640 641 if (smp_command_has_invalid_parameters(p_cb)) 642 { 643 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 644 return; 645 } 646 647 /* save the SRand for comparison */ 648 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN); 649 } 650 651 /******************************************************************************* 652 ** Function smp_proc_rand 653 ** Description process pairing random (nonce) from peer device 654 *******************************************************************************/ 655 void smp_proc_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 656 { 657 UINT8 *p = (UINT8 *)p_data; 658 UINT8 reason = SMP_INVALID_PARAMETERS; 659 660 SMP_TRACE_DEBUG("%s", __func__); 661 662 if (smp_command_has_invalid_parameters(p_cb)) 663 { 664 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 665 return; 666 } 667 668 /* save the SRand for comparison */ 669 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN); 670 } 671 672 /******************************************************************************* 673 ** Function smp_process_pairing_public_key 674 ** Description process pairing public key command from the peer device 675 ** - saves the peer public key; 676 ** - sets the flag indicating that the peer public key is received; 677 ** - calls smp_wait_for_both_public_keys(...). 678 ** 679 *******************************************************************************/ 680 void smp_process_pairing_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 681 { 682 UINT8 *p = (UINT8 *)p_data; 683 UINT8 reason = SMP_INVALID_PARAMETERS; 684 685 SMP_TRACE_DEBUG("%s", __func__); 686 687 if (smp_command_has_invalid_parameters(p_cb)) 688 { 689 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 690 return; 691 } 692 693 STREAM_TO_ARRAY(p_cb->peer_publ_key.x, p, BT_OCTET32_LEN); 694 STREAM_TO_ARRAY(p_cb->peer_publ_key.y, p, BT_OCTET32_LEN); 695 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY; 696 697 smp_wait_for_both_public_keys(p_cb, NULL); 698 } 699 700 /******************************************************************************* 701 ** Function smp_process_pairing_commitment 702 ** Description process pairing commitment from peer device 703 *******************************************************************************/ 704 void smp_process_pairing_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 705 { 706 UINT8 *p = (UINT8 *)p_data; 707 UINT8 reason = SMP_INVALID_PARAMETERS; 708 709 SMP_TRACE_DEBUG("%s", __func__); 710 711 if (smp_command_has_invalid_parameters(p_cb)) 712 { 713 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 714 return; 715 } 716 717 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_COMM; 718 719 if (p != NULL) 720 { 721 STREAM_TO_ARRAY(p_cb->remote_commitment, p, BT_OCTET16_LEN); 722 } 723 } 724 725 /******************************************************************************* 726 ** Function smp_process_dhkey_check 727 ** Description process DHKey Check from peer device 728 *******************************************************************************/ 729 void smp_process_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 730 { 731 UINT8 *p = (UINT8 *)p_data; 732 UINT8 reason = SMP_INVALID_PARAMETERS; 733 734 SMP_TRACE_DEBUG("%s", __func__); 735 736 if (smp_command_has_invalid_parameters(p_cb)) 737 { 738 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 739 return; 740 } 741 742 if (p != NULL) 743 { 744 STREAM_TO_ARRAY(p_cb->remote_dhkey_check, p, BT_OCTET16_LEN); 745 } 746 747 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK; 748 } 749 750 /******************************************************************************* 751 ** Function smp_process_keypress_notification 752 ** Description process pairing keypress notification from peer device 753 *******************************************************************************/ 754 void smp_process_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 755 { 756 UINT8 *p = (UINT8 *)p_data; 757 UINT8 reason = SMP_INVALID_PARAMETERS; 758 759 SMP_TRACE_DEBUG("%s", __func__); 760 p_cb->status = *(UINT8 *)p_data; 761 762 if (smp_command_has_invalid_parameters(p_cb)) 763 { 764 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 765 return; 766 } 767 768 if (p != NULL) 769 { 770 STREAM_TO_UINT8(p_cb->peer_keypress_notification, p); 771 } 772 else 773 { 774 p_cb->peer_keypress_notification = BTM_SP_KEY_OUT_OF_RANGE; 775 } 776 p_cb->cb_evt = SMP_PEER_KEYPR_NOT_EVT; 777 } 778 779 /******************************************************************************* 780 ** Function smp_br_process_pairing_command 781 ** Description Process the SMP pairing request/response from peer device via 782 ** BR/EDR transport. 783 *******************************************************************************/ 784 void smp_br_process_pairing_command(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 785 { 786 UINT8 *p = (UINT8 *)p_data; 787 UINT8 reason = SMP_ENC_KEY_SIZE; 788 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda); 789 790 SMP_TRACE_DEBUG("%s", __func__); 791 /* rejecting BR pairing request over non-SC BR link */ 792 if (!p_dev_rec->new_encryption_key_is_p256 && p_cb->role == HCI_ROLE_SLAVE) 793 { 794 reason = SMP_XTRANS_DERIVE_NOT_ALLOW; 795 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason); 796 return; 797 } 798 799 /* erase all keys if it is slave proc pairing req*/ 800 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE)) 801 btm_sec_clear_ble_keys(p_dev_rec); 802 803 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR; 804 805 STREAM_TO_UINT8(p_cb->peer_io_caps, p); 806 STREAM_TO_UINT8(p_cb->peer_oob_flag, p); 807 STREAM_TO_UINT8(p_cb->peer_auth_req, p); 808 STREAM_TO_UINT8(p_cb->peer_enc_size, p); 809 STREAM_TO_UINT8(p_cb->peer_i_key, p); 810 STREAM_TO_UINT8(p_cb->peer_r_key, p); 811 812 if (smp_command_has_invalid_parameters(p_cb)) 813 { 814 reason = SMP_INVALID_PARAMETERS; 815 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason); 816 return; 817 } 818 819 /* peer (master) started pairing sending Pairing Request */ 820 /* or being master device always use received i/r key as keys to distribute */ 821 p_cb->local_i_key = p_cb->peer_i_key; 822 p_cb->local_r_key = p_cb->peer_r_key; 823 824 if (p_cb->role == HCI_ROLE_SLAVE) 825 { 826 p_dev_rec->new_encryption_key_is_p256 = FALSE; 827 /* shortcut to skip Security Grant step */ 828 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT; 829 } 830 else /* Master receives pairing response */ 831 { 832 SMP_TRACE_DEBUG("%s master rcvs valid PAIRING RESPONSE." 833 " Supposed to move to key distribution phase. ", __func__); 834 } 835 836 /* auth_req received via BR/EDR SM channel is set to 0, 837 but everything derived/exchanged has to be saved */ 838 p_cb->peer_auth_req |= SMP_AUTH_BOND; 839 p_cb->loc_auth_req |= SMP_AUTH_BOND; 840 } 841 842 /******************************************************************************* 843 ** Function smp_br_process_security_grant 844 ** Description process security grant in case of pairing over BR/EDR transport. 845 *******************************************************************************/ 846 void smp_br_process_security_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 847 { 848 UINT8 res= *(UINT8 *)p_data; 849 SMP_TRACE_DEBUG("%s", __func__); 850 if (res != SMP_SUCCESS) 851 { 852 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, p_data); 853 } 854 else /*otherwise, start pairing */ 855 { 856 /* send IO request callback */ 857 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT; 858 } 859 } 860 861 /******************************************************************************* 862 ** Function smp_br_check_authorization_request 863 ** Description sets the SMP kes to be derived/distribute over BR/EDR transport 864 ** before starting the distribution/derivation 865 *******************************************************************************/ 866 void smp_br_check_authorization_request(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 867 { 868 UINT8 reason = SMP_SUCCESS; 869 870 SMP_TRACE_DEBUG("%s rcvs i_keys=0x%x r_keys=0x%x " 871 "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key, 872 p_cb->local_r_key); 873 874 /* In LE SC mode LK field is ignored when BR/EDR transport is used */ 875 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK; 876 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK; 877 878 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer. 879 ** Set local_r_key on master to expect only these keys. */ 880 if (p_cb->role == HCI_ROLE_MASTER) 881 { 882 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK); 883 } 884 885 SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x " 886 "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key, 887 p_cb->local_r_key); 888 889 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) || 890 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/ 891 (p_cb->local_i_key || p_cb->local_r_key)) 892 { 893 smp_br_state_machine_event(p_cb, SMP_BR_BOND_REQ_EVT, NULL); 894 895 /* if no peer key is expected, start master key distribution */ 896 if (p_cb->role == HCI_ROLE_MASTER && p_cb->local_r_key == 0) 897 smp_key_distribution_by_transport(p_cb, NULL); 898 } 899 else 900 { 901 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason); 902 } 903 } 904 905 /******************************************************************************* 906 ** Function smp_br_select_next_key 907 ** Description selects the next key to derive/send when BR/EDR transport is 908 ** used. 909 *******************************************************************************/ 910 void smp_br_select_next_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 911 { 912 UINT8 reason = SMP_SUCCESS; 913 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x", 914 __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key); 915 916 if (p_cb->role == HCI_ROLE_SLAVE|| 917 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER)) 918 { 919 smp_key_pick_key(p_cb, p_data); 920 } 921 922 if (!p_cb->local_i_key && !p_cb->local_r_key) 923 { 924 /* state check to prevent re-entrance */ 925 if (smp_get_br_state() == SMP_BR_STATE_BOND_PENDING) 926 { 927 if (p_cb->total_tx_unacked == 0) 928 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason); 929 else 930 p_cb->wait_for_authorization_complete = TRUE; 931 } 932 } 933 } 934 935 /******************************************************************************* 936 ** Function smp_proc_enc_info 937 ** Description process encryption information from peer device 938 *******************************************************************************/ 939 void smp_proc_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 940 { 941 UINT8 *p = (UINT8 *)p_data; 942 943 SMP_TRACE_DEBUG("%s", __func__); 944 STREAM_TO_ARRAY(p_cb->ltk, p, BT_OCTET16_LEN); 945 946 smp_key_distribution(p_cb, NULL); 947 } 948 /******************************************************************************* 949 ** Function smp_proc_master_id 950 ** Description process master ID from slave device 951 *******************************************************************************/ 952 void smp_proc_master_id(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 953 { 954 UINT8 *p = (UINT8 *)p_data; 955 tBTM_LE_PENC_KEYS le_key; 956 957 SMP_TRACE_DEBUG("%s", __func__); 958 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, TRUE); 959 960 STREAM_TO_UINT16(le_key.ediv, p); 961 STREAM_TO_ARRAY(le_key.rand, p, BT_OCTET8_LEN ); 962 963 /* store the encryption keys from peer device */ 964 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN); 965 le_key.sec_level = p_cb->sec_level; 966 le_key.key_size = p_cb->loc_enc_size; 967 968 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND)) 969 btm_sec_save_le_key(p_cb->pairing_bda, 970 BTM_LE_KEY_PENC, 971 (tBTM_LE_KEY_VALUE *)&le_key, TRUE); 972 973 smp_key_distribution(p_cb, NULL); 974 } 975 976 /******************************************************************************* 977 ** Function smp_proc_enc_info 978 ** Description process identity information from peer device 979 *******************************************************************************/ 980 void smp_proc_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 981 { 982 UINT8 *p = (UINT8 *)p_data; 983 984 SMP_TRACE_DEBUG("%s", __func__); 985 STREAM_TO_ARRAY (p_cb->tk, p, BT_OCTET16_LEN); /* reuse TK for IRK */ 986 smp_key_distribution_by_transport(p_cb, NULL); 987 } 988 989 /******************************************************************************* 990 ** Function smp_proc_id_addr 991 ** Description process identity address from peer device 992 *******************************************************************************/ 993 void smp_proc_id_addr(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 994 { 995 UINT8 *p = (UINT8 *)p_data; 996 tBTM_LE_PID_KEYS pid_key; 997 998 SMP_TRACE_DEBUG("%s", __func__); 999 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, TRUE); 1000 1001 STREAM_TO_UINT8(pid_key.addr_type, p); 1002 STREAM_TO_BDADDR(pid_key.static_addr, p); 1003 memcpy(pid_key.irk, p_cb->tk, BT_OCTET16_LEN); 1004 1005 /* to use as BD_ADDR for lk derived from ltk */ 1006 p_cb->id_addr_rcvd = TRUE; 1007 p_cb->id_addr_type = pid_key.addr_type; 1008 memcpy(p_cb->id_addr, pid_key.static_addr, BD_ADDR_LEN); 1009 1010 /* store the ID key from peer device */ 1011 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND)) 1012 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PID, 1013 (tBTM_LE_KEY_VALUE *)&pid_key, TRUE); 1014 smp_key_distribution_by_transport(p_cb, NULL); 1015 } 1016 1017 /******************************************************************************* 1018 ** Function smp_proc_srk_info 1019 ** Description process security information from peer device 1020 *******************************************************************************/ 1021 void smp_proc_srk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1022 { 1023 tBTM_LE_PCSRK_KEYS le_key; 1024 1025 SMP_TRACE_DEBUG("%s", __func__); 1026 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, TRUE); 1027 1028 /* save CSRK to security record */ 1029 le_key.sec_level = p_cb->sec_level; 1030 memcpy (le_key.csrk, p_data, BT_OCTET16_LEN); /* get peer CSRK */ 1031 le_key.counter = 0; /* initialize the peer counter */ 1032 1033 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND)) 1034 btm_sec_save_le_key(p_cb->pairing_bda, 1035 BTM_LE_KEY_PCSRK, 1036 (tBTM_LE_KEY_VALUE *)&le_key, TRUE); 1037 smp_key_distribution_by_transport(p_cb, NULL); 1038 } 1039 1040 /******************************************************************************* 1041 ** Function smp_proc_compare 1042 ** Description process compare value 1043 *******************************************************************************/ 1044 void smp_proc_compare(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1045 { 1046 UINT8 reason; 1047 1048 SMP_TRACE_DEBUG("%s", __func__); 1049 if (!memcmp(p_cb->rconfirm, p_data->key.p_data, BT_OCTET16_LEN)) 1050 { 1051 /* compare the max encryption key size, and save the smaller one for the link */ 1052 if ( p_cb->peer_enc_size < p_cb->loc_enc_size) 1053 p_cb->loc_enc_size = p_cb->peer_enc_size; 1054 1055 if (p_cb->role == HCI_ROLE_SLAVE) 1056 smp_sm_event(p_cb, SMP_RAND_EVT, NULL); 1057 else 1058 { 1059 /* master device always use received i/r key as keys to distribute */ 1060 p_cb->local_i_key = p_cb->peer_i_key; 1061 p_cb->local_r_key = p_cb->peer_r_key; 1062 1063 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL); 1064 } 1065 1066 } 1067 else 1068 { 1069 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR; 1070 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1071 } 1072 } 1073 1074 /******************************************************************************* 1075 ** Function smp_proc_sl_key 1076 ** Description process key ready events. 1077 *******************************************************************************/ 1078 void smp_proc_sl_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1079 { 1080 UINT8 key_type = p_data->key.key_type; 1081 1082 SMP_TRACE_DEBUG("%s", __func__); 1083 if (key_type == SMP_KEY_TYPE_TK) 1084 { 1085 smp_generate_srand_mrand_confirm(p_cb, NULL); 1086 } 1087 else if (key_type == SMP_KEY_TYPE_CFM) 1088 { 1089 smp_set_state(SMP_STATE_WAIT_CONFIRM); 1090 1091 if (p_cb->flags & SMP_PAIR_FLAGS_CMD_CONFIRM) 1092 smp_sm_event(p_cb, SMP_CONFIRM_EVT, NULL); 1093 } 1094 } 1095 1096 /******************************************************************************* 1097 ** Function smp_start_enc 1098 ** Description start encryption 1099 *******************************************************************************/ 1100 void smp_start_enc(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1101 { 1102 tBTM_STATUS cmd; 1103 UINT8 reason = SMP_ENC_FAIL; 1104 1105 SMP_TRACE_DEBUG("%s", __func__); 1106 if (p_data != NULL) 1107 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, TRUE, p_data->key.p_data); 1108 else 1109 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, FALSE, NULL); 1110 1111 if (cmd != BTM_CMD_STARTED && cmd != BTM_BUSY) 1112 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1113 } 1114 1115 /******************************************************************************* 1116 ** Function smp_proc_discard 1117 ** Description processing for discard security request 1118 *******************************************************************************/ 1119 void smp_proc_discard(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1120 { 1121 SMP_TRACE_DEBUG("%s", __func__); 1122 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)) 1123 smp_reset_control_value(p_cb); 1124 } 1125 1126 /******************************************************************************* 1127 ** Function smp_enc_cmpl 1128 ** Description encryption success 1129 *******************************************************************************/ 1130 void smp_enc_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1131 { 1132 UINT8 enc_enable = *(UINT8 *)p_data; 1133 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL; 1134 1135 SMP_TRACE_DEBUG("%s", __func__); 1136 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1137 } 1138 1139 /******************************************************************************* 1140 ** Function smp_check_auth_req 1141 ** Description check authentication request 1142 *******************************************************************************/ 1143 void smp_check_auth_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1144 { 1145 UINT8 enc_enable = *(UINT8 *)p_data; 1146 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL; 1147 1148 SMP_TRACE_DEBUG("%s rcvs enc_enable=%d i_keys=0x%x r_keys=0x%x " 1149 "(i-initiator r-responder)", 1150 __func__, enc_enable, p_cb->local_i_key, p_cb->local_r_key); 1151 if (enc_enable == 1) 1152 { 1153 if (p_cb->le_secure_connections_mode_is_used) 1154 { 1155 /* In LE SC mode LTK is used instead of STK and has to be always saved */ 1156 p_cb->local_i_key |= SMP_SEC_KEY_TYPE_ENC; 1157 p_cb->local_r_key |= SMP_SEC_KEY_TYPE_ENC; 1158 1159 /* In LE SC mode LK is derived from LTK only if both sides request it */ 1160 if (!(p_cb->local_i_key & SMP_SEC_KEY_TYPE_LK) || 1161 !(p_cb->local_r_key & SMP_SEC_KEY_TYPE_LK)) 1162 { 1163 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK; 1164 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK; 1165 } 1166 1167 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer. 1168 ** Set local_r_key on master to expect only these keys. 1169 */ 1170 if (p_cb->role == HCI_ROLE_MASTER) 1171 { 1172 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK); 1173 } 1174 } 1175 else 1176 { 1177 /* in legacy mode derivation of BR/EDR LK is not supported */ 1178 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK; 1179 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK; 1180 } 1181 SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x " 1182 "(i-initiator r-responder)", 1183 __func__, p_cb->local_i_key, p_cb->local_r_key); 1184 1185 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) || 1186 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/ 1187 (p_cb->local_i_key || p_cb->local_r_key)) 1188 { 1189 smp_sm_event(p_cb, SMP_BOND_REQ_EVT, NULL); 1190 } 1191 else 1192 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1193 } 1194 else if (enc_enable == 0) 1195 { 1196 /* if failed for encryption after pairing, send callback */ 1197 if (p_cb->flags & SMP_PAIR_FLAG_ENC_AFTER_PAIR) 1198 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1199 /* if enc failed for old security information */ 1200 /* if master device, clean up and abck to idle; slave device do nothing */ 1201 else if (p_cb->role == HCI_ROLE_MASTER) 1202 { 1203 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1204 } 1205 } 1206 } 1207 1208 /******************************************************************************* 1209 ** Function smp_key_pick_key 1210 ** Description Pick a key distribution function based on the key mask. 1211 *******************************************************************************/ 1212 void smp_key_pick_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1213 { 1214 UINT8 key_to_dist = (p_cb->role == HCI_ROLE_SLAVE) ? p_cb->local_r_key : p_cb->local_i_key; 1215 UINT8 i = 0; 1216 1217 SMP_TRACE_DEBUG("%s key_to_dist=0x%x", __func__, key_to_dist); 1218 while (i < SMP_KEY_DIST_TYPE_MAX) 1219 { 1220 SMP_TRACE_DEBUG("key to send = %02x, i = %d", key_to_dist, i); 1221 1222 if (key_to_dist & (1 << i)) 1223 { 1224 SMP_TRACE_DEBUG("smp_distribute_act[%d]", i); 1225 (* smp_distribute_act[i])(p_cb, p_data); 1226 break; 1227 } 1228 i ++; 1229 } 1230 } 1231 /******************************************************************************* 1232 ** Function smp_key_distribution 1233 ** Description start key distribution if required. 1234 *******************************************************************************/ 1235 void smp_key_distribution(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1236 { 1237 UINT8 reason = SMP_SUCCESS; 1238 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x", 1239 __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key); 1240 1241 if (p_cb->role == HCI_ROLE_SLAVE || 1242 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER)) 1243 { 1244 smp_key_pick_key(p_cb, p_data); 1245 } 1246 1247 if (!p_cb->local_i_key && !p_cb->local_r_key) 1248 { 1249 /* state check to prevent re-entrant */ 1250 if (smp_get_state() == SMP_STATE_BOND_PENDING) 1251 { 1252 if (p_cb->derive_lk) 1253 { 1254 smp_derive_link_key_from_long_term_key(p_cb, NULL); 1255 p_cb->derive_lk = FALSE; 1256 } 1257 1258 if (p_cb->total_tx_unacked == 0) 1259 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1260 else 1261 p_cb->wait_for_authorization_complete = TRUE; 1262 } 1263 } 1264 } 1265 1266 /******************************************************************************* 1267 ** Function smp_decide_association_model 1268 ** Description This function is called to select assoc model to be used for 1269 ** STK generation and to start STK generation process. 1270 ** 1271 *******************************************************************************/ 1272 void smp_decide_association_model(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1273 { 1274 UINT8 failure = SMP_UNKNOWN_IO_CAP; 1275 UINT8 int_evt = 0; 1276 tSMP_KEY key; 1277 tSMP_INT_DATA *p = NULL; 1278 1279 SMP_TRACE_DEBUG("%s Association Model = %d", __func__, p_cb->selected_association_model); 1280 1281 switch (p_cb->selected_association_model) 1282 { 1283 case SMP_MODEL_ENCRYPTION_ONLY: /* TK = 0, go calculate Confirm */ 1284 if (p_cb->role == HCI_ROLE_MASTER && 1285 ((p_cb->peer_auth_req & SMP_AUTH_YN_BIT) != 0) && 1286 ((p_cb->loc_auth_req & SMP_AUTH_YN_BIT) == 0)) 1287 { 1288 SMP_TRACE_ERROR ("IO capability does not meet authentication requirement"); 1289 failure = SMP_PAIR_AUTH_FAIL; 1290 p = (tSMP_INT_DATA *)&failure; 1291 int_evt = SMP_AUTH_CMPL_EVT; 1292 } 1293 else 1294 { 1295 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE; 1296 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level ); 1297 1298 key.key_type = SMP_KEY_TYPE_TK; 1299 key.p_data = p_cb->tk; 1300 p = (tSMP_INT_DATA *)&key; 1301 1302 memset(p_cb->tk, 0, BT_OCTET16_LEN); 1303 /* TK, ready */ 1304 int_evt = SMP_KEY_READY_EVT; 1305 } 1306 break; 1307 1308 case SMP_MODEL_PASSKEY: 1309 p_cb->sec_level = SMP_SEC_AUTHENTICATED; 1310 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level ); 1311 1312 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT; 1313 int_evt = SMP_TK_REQ_EVT; 1314 break; 1315 1316 case SMP_MODEL_OOB: 1317 SMP_TRACE_ERROR ("Association Model = SMP_MODEL_OOB"); 1318 p_cb->sec_level = SMP_SEC_AUTHENTICATED; 1319 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level ); 1320 1321 p_cb->cb_evt = SMP_OOB_REQ_EVT; 1322 int_evt = SMP_TK_REQ_EVT; 1323 break; 1324 1325 case SMP_MODEL_KEY_NOTIF: 1326 p_cb->sec_level = SMP_SEC_AUTHENTICATED; 1327 SMP_TRACE_DEBUG("Need to generate Passkey"); 1328 1329 /* generate passkey and notify application */ 1330 smp_generate_passkey(p_cb, NULL); 1331 break; 1332 1333 case SMP_MODEL_SEC_CONN_JUSTWORKS: 1334 case SMP_MODEL_SEC_CONN_NUM_COMP: 1335 case SMP_MODEL_SEC_CONN_PASSKEY_ENT: 1336 case SMP_MODEL_SEC_CONN_PASSKEY_DISP: 1337 case SMP_MODEL_SEC_CONN_OOB: 1338 int_evt = SMP_PUBL_KEY_EXCH_REQ_EVT; 1339 break; 1340 1341 case SMP_MODEL_OUT_OF_RANGE: 1342 SMP_TRACE_ERROR("Association Model = SMP_MODEL_OUT_OF_RANGE (failed)"); 1343 p = (tSMP_INT_DATA *)&failure; 1344 int_evt = SMP_AUTH_CMPL_EVT; 1345 break; 1346 1347 default: 1348 SMP_TRACE_ERROR("Association Model = %d (SOMETHING IS WRONG WITH THE CODE)", 1349 p_cb->selected_association_model); 1350 p = (tSMP_INT_DATA *)&failure; 1351 int_evt = SMP_AUTH_CMPL_EVT; 1352 } 1353 1354 SMP_TRACE_EVENT ("sec_level=%d ", p_cb->sec_level ); 1355 if (int_evt) 1356 smp_sm_event(p_cb, int_evt, p); 1357 } 1358 1359 /******************************************************************************* 1360 ** Function smp_process_io_response 1361 ** Description process IO response for a slave device. 1362 *******************************************************************************/ 1363 void smp_process_io_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1364 { 1365 uint8_t reason = SMP_PAIR_AUTH_FAIL; 1366 1367 SMP_TRACE_DEBUG("%s", __func__); 1368 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD) 1369 { 1370 /* pairing started by local (slave) Security Request */ 1371 smp_set_state(SMP_STATE_SEC_REQ_PENDING); 1372 smp_send_cmd(SMP_OPCODE_SEC_REQ, p_cb); 1373 } 1374 else /* plan to send pairing respond */ 1375 { 1376 /* pairing started by peer (master) Pairing Request */ 1377 p_cb->selected_association_model = smp_select_association_model(p_cb); 1378 1379 if (p_cb->secure_connections_only_mode_required && 1380 (!(p_cb->le_secure_connections_mode_is_used) || 1381 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS))) 1382 { 1383 SMP_TRACE_ERROR ("Slave requires secure connection only mode \ 1384 but it can't be provided -> Slave fails pairing"); 1385 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1386 return; 1387 } 1388 1389 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) 1390 { 1391 if (smp_request_oob_data(p_cb)) return; 1392 } 1393 smp_send_pair_rsp(p_cb, NULL); 1394 } 1395 } 1396 1397 /******************************************************************************* 1398 ** Function smp_br_process_slave_keys_response 1399 ** Description process application keys response for a slave device 1400 ** (BR/EDR transport). 1401 *******************************************************************************/ 1402 void smp_br_process_slave_keys_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1403 { 1404 smp_br_send_pair_response(p_cb, NULL); 1405 } 1406 1407 /******************************************************************************* 1408 ** Function smp_br_send_pair_response 1409 ** Description actions related to sending pairing response over BR/EDR transport. 1410 *******************************************************************************/ 1411 void smp_br_send_pair_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1412 { 1413 SMP_TRACE_DEBUG("%s", __func__); 1414 1415 p_cb->local_i_key &= p_cb->peer_i_key; 1416 p_cb->local_r_key &= p_cb->peer_r_key; 1417 1418 smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb); 1419 } 1420 1421 /******************************************************************************* 1422 ** Function smp_pairing_cmpl 1423 ** Description This function is called to send the pairing complete callback 1424 ** and remove the connection if needed. 1425 *******************************************************************************/ 1426 void smp_pairing_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1427 { 1428 if (p_cb->total_tx_unacked == 0) 1429 { 1430 /* update connection parameter to remote preferred */ 1431 L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, TRUE); 1432 /* process the pairing complete */ 1433 smp_proc_pairing_cmpl(p_cb); 1434 } 1435 } 1436 1437 /******************************************************************************* 1438 ** Function smp_pair_terminate 1439 ** Description This function is called to send the pairing complete callback 1440 ** and remove the connection if needed. 1441 *******************************************************************************/ 1442 void smp_pair_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1443 { 1444 SMP_TRACE_DEBUG("%s", __func__); 1445 p_cb->status = SMP_CONN_TOUT; 1446 smp_proc_pairing_cmpl(p_cb); 1447 } 1448 1449 /******************************************************************************* 1450 ** Function smp_idle_terminate 1451 ** Description This function calledin idle state to determine to send authentication 1452 ** complete or not. 1453 *******************************************************************************/ 1454 void smp_idle_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1455 { 1456 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD) 1457 { 1458 SMP_TRACE_DEBUG("Pairing terminated at IDLE state."); 1459 p_cb->status = SMP_FAIL; 1460 smp_proc_pairing_cmpl(p_cb); 1461 } 1462 } 1463 1464 /******************************************************************************* 1465 ** Function smp_fast_conn_param 1466 ** Description apply default connection parameter for pairing process 1467 *******************************************************************************/ 1468 void smp_fast_conn_param(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1469 { 1470 /* disable connection parameter update */ 1471 L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, FALSE); 1472 } 1473 1474 /******************************************************************************* 1475 ** Function smp_both_have_public_keys 1476 ** Description The function is called when both local and peer public keys are 1477 ** saved. 1478 ** Actions: 1479 ** - invokes DHKey computation; 1480 ** - on slave side invokes sending local public key to the peer. 1481 ** - invokes SC phase 1 process. 1482 *******************************************************************************/ 1483 void smp_both_have_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1484 { 1485 SMP_TRACE_DEBUG("%s",__func__); 1486 1487 /* invokes DHKey computation */ 1488 smp_compute_dhkey(p_cb); 1489 1490 /* on slave side invokes sending local public key to the peer */ 1491 if (p_cb->role == HCI_ROLE_SLAVE) 1492 smp_send_pair_public_key(p_cb, NULL); 1493 1494 smp_sm_event(p_cb, SMP_SC_DHKEY_CMPLT_EVT, NULL); 1495 } 1496 1497 /******************************************************************************* 1498 ** Function smp_start_secure_connection_phase1 1499 ** Description The function starts Secure Connection phase1 i.e. invokes initialization of Secure Connection 1500 ** phase 1 parameters and starts building/sending to the peer 1501 ** messages appropriate for the role and association model. 1502 *******************************************************************************/ 1503 void smp_start_secure_connection_phase1(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1504 { 1505 SMP_TRACE_DEBUG("%s", __func__); 1506 1507 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS) 1508 { 1509 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE; 1510 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level ); 1511 } 1512 else 1513 { 1514 p_cb->sec_level = SMP_SEC_AUTHENTICATED; 1515 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level ); 1516 } 1517 1518 switch(p_cb->selected_association_model) 1519 { 1520 case SMP_MODEL_SEC_CONN_JUSTWORKS: 1521 case SMP_MODEL_SEC_CONN_NUM_COMP: 1522 memset(p_cb->local_random, 0, BT_OCTET16_LEN); 1523 smp_start_nonce_generation(p_cb); 1524 break; 1525 case SMP_MODEL_SEC_CONN_PASSKEY_ENT: 1526 /* user has to provide passkey */ 1527 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT; 1528 smp_sm_event(p_cb, SMP_TK_REQ_EVT, NULL); 1529 break; 1530 case SMP_MODEL_SEC_CONN_PASSKEY_DISP: 1531 /* passkey has to be provided to user */ 1532 SMP_TRACE_DEBUG("Need to generate SC Passkey"); 1533 smp_generate_passkey(p_cb, NULL); 1534 break; 1535 case SMP_MODEL_SEC_CONN_OOB: 1536 /* use the available OOB information */ 1537 smp_process_secure_connection_oob_data(p_cb, NULL); 1538 break; 1539 default: 1540 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC", 1541 p_cb->selected_association_model); 1542 break; 1543 } 1544 } 1545 1546 /******************************************************************************* 1547 ** Function smp_process_local_nonce 1548 ** Description The function processes new local nonce. 1549 ** 1550 ** Note It is supposed to be called in SC phase1. 1551 *******************************************************************************/ 1552 void smp_process_local_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1553 { 1554 SMP_TRACE_DEBUG("%s", __func__); 1555 1556 switch(p_cb->selected_association_model) 1557 { 1558 case SMP_MODEL_SEC_CONN_JUSTWORKS: 1559 case SMP_MODEL_SEC_CONN_NUM_COMP: 1560 if (p_cb->role == HCI_ROLE_SLAVE) 1561 { 1562 /* slave calculates and sends local commitment */ 1563 smp_calculate_local_commitment(p_cb); 1564 smp_send_commitment(p_cb, NULL); 1565 /* slave has to wait for peer nonce */ 1566 smp_set_state(SMP_STATE_WAIT_NONCE); 1567 } 1568 else /* i.e. master */ 1569 { 1570 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM) 1571 { 1572 /* slave commitment is already received, send local nonce, wait for remote nonce*/ 1573 SMP_TRACE_DEBUG("master in assoc mode = %d \ 1574 already rcvd slave commitment - race condition", 1575 p_cb->selected_association_model); 1576 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM; 1577 smp_send_rand(p_cb, NULL); 1578 smp_set_state(SMP_STATE_WAIT_NONCE); 1579 } 1580 } 1581 break; 1582 case SMP_MODEL_SEC_CONN_PASSKEY_ENT: 1583 case SMP_MODEL_SEC_CONN_PASSKEY_DISP: 1584 smp_calculate_local_commitment(p_cb); 1585 1586 if (p_cb->role == HCI_ROLE_MASTER) 1587 { 1588 smp_send_commitment(p_cb, NULL); 1589 } 1590 else /* slave */ 1591 { 1592 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM) 1593 { 1594 /* master commitment is already received */ 1595 smp_send_commitment(p_cb, NULL); 1596 smp_set_state(SMP_STATE_WAIT_NONCE); 1597 } 1598 } 1599 break; 1600 case SMP_MODEL_SEC_CONN_OOB: 1601 if (p_cb->role == HCI_ROLE_MASTER) 1602 { 1603 smp_send_rand(p_cb, NULL); 1604 } 1605 1606 smp_set_state(SMP_STATE_WAIT_NONCE); 1607 break; 1608 default: 1609 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC", 1610 p_cb->selected_association_model); 1611 break; 1612 } 1613 } 1614 1615 /******************************************************************************* 1616 ** Function smp_process_peer_nonce 1617 ** Description The function processes newly received and saved in CB peer nonce. 1618 ** The actions depend on the selected association model and the role. 1619 ** 1620 ** Note It is supposed to be called in SC phase1. 1621 *******************************************************************************/ 1622 void smp_process_peer_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1623 { 1624 UINT8 reason; 1625 1626 SMP_TRACE_DEBUG("%s start ", __func__); 1627 1628 switch(p_cb->selected_association_model) 1629 { 1630 case SMP_MODEL_SEC_CONN_JUSTWORKS: 1631 case SMP_MODEL_SEC_CONN_NUM_COMP: 1632 /* in these models only master receives commitment */ 1633 if (p_cb->role == HCI_ROLE_MASTER) 1634 { 1635 if (!smp_check_commitment(p_cb)) 1636 { 1637 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR; 1638 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1639 break; 1640 } 1641 } 1642 else 1643 { 1644 /* slave sends local nonce */ 1645 smp_send_rand(p_cb, NULL); 1646 } 1647 1648 if(p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS) 1649 { 1650 /* go directly to phase 2 */ 1651 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL); 1652 } 1653 else /* numeric comparison */ 1654 { 1655 smp_set_state(SMP_STATE_WAIT_NONCE); 1656 smp_sm_event(p_cb, SMP_SC_CALC_NC_EVT, NULL); 1657 } 1658 break; 1659 case SMP_MODEL_SEC_CONN_PASSKEY_ENT: 1660 case SMP_MODEL_SEC_CONN_PASSKEY_DISP: 1661 if (!smp_check_commitment(p_cb)) 1662 { 1663 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR; 1664 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1665 break; 1666 } 1667 1668 if (p_cb->role == HCI_ROLE_SLAVE) 1669 { 1670 smp_send_rand(p_cb, NULL); 1671 } 1672 1673 if (++p_cb->round < 20) 1674 { 1675 smp_set_state(SMP_STATE_SEC_CONN_PHS1_START); 1676 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM; 1677 smp_start_nonce_generation(p_cb); 1678 break; 1679 } 1680 1681 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL); 1682 break; 1683 case SMP_MODEL_SEC_CONN_OOB: 1684 if (p_cb->role == HCI_ROLE_SLAVE) 1685 { 1686 smp_send_rand(p_cb, NULL); 1687 } 1688 1689 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL); 1690 break; 1691 default: 1692 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC", 1693 p_cb->selected_association_model); 1694 break; 1695 } 1696 1697 SMP_TRACE_DEBUG("%s end ",__FUNCTION__); 1698 } 1699 1700 /******************************************************************************* 1701 ** Function smp_match_dhkey_checks 1702 ** Description checks if the calculated peer DHKey Check value is the same as 1703 ** received from the peer DHKey check value. 1704 *******************************************************************************/ 1705 void smp_match_dhkey_checks(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1706 { 1707 UINT8 reason = SMP_DHKEY_CHK_FAIL; 1708 1709 SMP_TRACE_DEBUG("%s", __func__); 1710 1711 if (memcmp(p_data->key.p_data, p_cb->remote_dhkey_check, BT_OCTET16_LEN)) 1712 { 1713 SMP_TRACE_WARNING ("dhkey chcks do no match"); 1714 p_cb->failure = reason; 1715 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1716 return; 1717 } 1718 1719 SMP_TRACE_EVENT ("dhkey chcks match"); 1720 1721 /* compare the max encryption key size, and save the smaller one for the link */ 1722 if (p_cb->peer_enc_size < p_cb->loc_enc_size) 1723 p_cb->loc_enc_size = p_cb->peer_enc_size; 1724 1725 if (p_cb->role == HCI_ROLE_SLAVE) 1726 { 1727 smp_sm_event(p_cb, SMP_PAIR_DHKEY_CHCK_EVT, NULL); 1728 } 1729 else 1730 { 1731 /* master device always use received i/r key as keys to distribute */ 1732 p_cb->local_i_key = p_cb->peer_i_key; 1733 p_cb->local_r_key = p_cb->peer_r_key; 1734 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL); 1735 } 1736 } 1737 1738 /******************************************************************************* 1739 ** Function smp_move_to_secure_connections_phase2 1740 ** Description Signal State Machine to start SC phase 2 initialization (to 1741 ** compute local DHKey Check value). 1742 ** 1743 ** Note SM is supposed to be in the state SMP_STATE_SEC_CONN_PHS2_START. 1744 *******************************************************************************/ 1745 void smp_move_to_secure_connections_phase2(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1746 { 1747 SMP_TRACE_DEBUG("%s",__func__); 1748 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL); 1749 } 1750 1751 /******************************************************************************* 1752 ** Function smp_phase_2_dhkey_checks_are_present 1753 ** Description generates event if dhkey check from the peer is already received. 1754 ** 1755 ** Note It is supposed to be used on slave to prevent race condition. 1756 ** It is supposed to be called after slave dhkey check is calculated. 1757 *******************************************************************************/ 1758 void smp_phase_2_dhkey_checks_are_present(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1759 { 1760 SMP_TRACE_DEBUG("%s",__func__); 1761 1762 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK) 1763 smp_sm_event(p_cb, SMP_SC_2_DHCK_CHKS_PRES_EVT, NULL); 1764 } 1765 1766 /******************************************************************************* 1767 ** Function smp_wait_for_both_public_keys 1768 ** Description generates SMP_BOTH_PUBL_KEYS_RCVD_EVT event when both local and master 1769 ** public keys are available. 1770 ** 1771 ** Note on the slave it is used to prevent race condition. 1772 ** 1773 *******************************************************************************/ 1774 void smp_wait_for_both_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1775 { 1776 SMP_TRACE_DEBUG("%s",__func__); 1777 1778 if ((p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY) && 1779 (p_cb->flags & SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY)) 1780 { 1781 if ((p_cb->role == HCI_ROLE_SLAVE) && 1782 ((p_cb->req_oob_type == SMP_OOB_LOCAL) || (p_cb->req_oob_type == SMP_OOB_BOTH))) 1783 { 1784 smp_set_state(SMP_STATE_PUBLIC_KEY_EXCH); 1785 } 1786 smp_sm_event(p_cb, SMP_BOTH_PUBL_KEYS_RCVD_EVT, NULL); 1787 } 1788 } 1789 1790 /******************************************************************************* 1791 ** Function smp_start_passkey_verification 1792 ** Description Starts SC passkey entry verification. 1793 *******************************************************************************/ 1794 void smp_start_passkey_verification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1795 { 1796 UINT8 *p = NULL; 1797 1798 SMP_TRACE_DEBUG("%s", __func__); 1799 p = p_cb->local_random; 1800 UINT32_TO_STREAM(p, p_data->passkey); 1801 1802 p = p_cb->peer_random; 1803 UINT32_TO_STREAM(p, p_data->passkey); 1804 1805 p_cb->round = 0; 1806 smp_start_nonce_generation(p_cb); 1807 } 1808 1809 /******************************************************************************* 1810 ** Function smp_process_secure_connection_oob_data 1811 ** Description Processes local/peer SC OOB data received from somewhere. 1812 *******************************************************************************/ 1813 void smp_process_secure_connection_oob_data(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1814 { 1815 SMP_TRACE_DEBUG("%s", __func__); 1816 1817 tSMP_SC_OOB_DATA *p_sc_oob_data = &p_cb->sc_oob_data; 1818 if (p_sc_oob_data->loc_oob_data.present) 1819 { 1820 memcpy(p_cb->local_random, p_sc_oob_data->loc_oob_data.randomizer, 1821 sizeof(p_cb->local_random)); 1822 } 1823 else 1824 { 1825 SMP_TRACE_EVENT ("local OOB randomizer is absent"); 1826 memset(p_cb->local_random, 0, sizeof (p_cb->local_random)); 1827 } 1828 1829 if (!p_sc_oob_data->peer_oob_data.present) 1830 { 1831 SMP_TRACE_EVENT ("peer OOB data is absent"); 1832 memset(p_cb->peer_random, 0, sizeof (p_cb->peer_random)); 1833 } 1834 else 1835 { 1836 memcpy(p_cb->peer_random, p_sc_oob_data->peer_oob_data.randomizer, 1837 sizeof(p_cb->peer_random)); 1838 memcpy(p_cb->remote_commitment, p_sc_oob_data->peer_oob_data.commitment, 1839 sizeof(p_cb->remote_commitment)); 1840 1841 UINT8 reason = SMP_CONFIRM_VALUE_ERR; 1842 /* check commitment */ 1843 if (!smp_check_commitment(p_cb)) 1844 { 1845 p_cb->failure = reason; 1846 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1847 return; 1848 } 1849 1850 if (p_cb->peer_oob_flag != SMP_OOB_PRESENT) 1851 { 1852 /* the peer doesn't have local randomiser */ 1853 SMP_TRACE_EVENT ("peer didn't receive local OOB data, set local randomizer to 0"); 1854 memset(p_cb->local_random, 0, sizeof (p_cb->local_random)); 1855 } 1856 } 1857 1858 print128(p_cb->local_random, (const UINT8 *)"local OOB randomizer"); 1859 print128(p_cb->peer_random, (const UINT8 *)"peer OOB randomizer"); 1860 smp_start_nonce_generation(p_cb); 1861 } 1862 1863 /******************************************************************************* 1864 ** Function smp_set_local_oob_keys 1865 ** Description Saves calculated private/public keys in sc_oob_data.loc_oob_data, 1866 ** starts nonce generation 1867 ** (to be saved in sc_oob_data.loc_oob_data.randomizer). 1868 *******************************************************************************/ 1869 void smp_set_local_oob_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1870 { 1871 SMP_TRACE_DEBUG("%s", __func__); 1872 1873 memcpy(p_cb->sc_oob_data.loc_oob_data.private_key_used, p_cb->private_key, 1874 BT_OCTET32_LEN); 1875 p_cb->sc_oob_data.loc_oob_data.publ_key_used = p_cb->loc_publ_key; 1876 smp_start_nonce_generation(p_cb); 1877 } 1878 1879 /******************************************************************************* 1880 ** Function smp_set_local_oob_random_commitment 1881 ** Description Saves calculated randomizer and commitment in sc_oob_data.loc_oob_data, 1882 ** passes sc_oob_data.loc_oob_data up for safekeeping. 1883 *******************************************************************************/ 1884 void smp_set_local_oob_random_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1885 { 1886 SMP_TRACE_DEBUG("%s", __func__); 1887 memcpy(p_cb->sc_oob_data.loc_oob_data.randomizer, p_cb->rand, 1888 BT_OCTET16_LEN); 1889 1890 smp_calculate_f4(p_cb->sc_oob_data.loc_oob_data.publ_key_used.x, 1891 p_cb->sc_oob_data.loc_oob_data.publ_key_used.x, 1892 p_cb->sc_oob_data.loc_oob_data.randomizer, 0, 1893 p_cb->sc_oob_data.loc_oob_data.commitment); 1894 1895 #if SMP_DEBUG == TRUE 1896 UINT8 *p_print = NULL; 1897 SMP_TRACE_DEBUG("local SC OOB data set:"); 1898 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.addr_sent_to; 1899 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"addr_sent_to", 1900 sizeof(tBLE_BD_ADDR)); 1901 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.private_key_used; 1902 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"private_key_used", 1903 BT_OCTET32_LEN); 1904 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.x; 1905 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.x", 1906 BT_OCTET32_LEN); 1907 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.y; 1908 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.y", 1909 BT_OCTET32_LEN); 1910 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.randomizer; 1911 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"randomizer", 1912 BT_OCTET16_LEN); 1913 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.commitment; 1914 smp_debug_print_nbyte_little_endian (p_print,(const UINT8 *) "commitment", 1915 BT_OCTET16_LEN); 1916 SMP_TRACE_DEBUG(""); 1917 #endif 1918 1919 /* pass created OOB data up */ 1920 p_cb->cb_evt = SMP_SC_LOC_OOB_DATA_UP_EVT; 1921 smp_send_app_cback(p_cb, NULL); 1922 1923 smp_cb_cleanup(p_cb); 1924 } 1925 1926 /******************************************************************************* 1927 ** 1928 ** Function smp_link_encrypted 1929 ** 1930 ** Description This function is called when link is encrypted and notified to 1931 ** slave device. Proceed to to send LTK, DIV and ER to master if 1932 ** bonding the devices. 1933 ** 1934 ** 1935 ** Returns void 1936 ** 1937 *******************************************************************************/ 1938 void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable) 1939 { 1940 tSMP_CB *p_cb = &smp_cb; 1941 1942 SMP_TRACE_DEBUG("%s encr_enable=%d", __func__, encr_enable); 1943 1944 if (memcmp(&smp_cb.pairing_bda[0], bda, BD_ADDR_LEN) == 0) 1945 { 1946 /* encryption completed with STK, remmeber the key size now, could be overwite 1947 * when key exchange happens */ 1948 if (p_cb->loc_enc_size != 0 && encr_enable) 1949 { 1950 /* update the link encryption key size if a SMP pairing just performed */ 1951 btm_ble_update_sec_key_size(bda, p_cb->loc_enc_size); 1952 } 1953 1954 smp_sm_event(&smp_cb, SMP_ENCRYPTED_EVT, &encr_enable); 1955 } 1956 } 1957 1958 /******************************************************************************* 1959 ** 1960 ** Function smp_proc_ltk_request 1961 ** 1962 ** Description This function is called when LTK request is received from 1963 ** controller. 1964 ** 1965 ** Returns void 1966 ** 1967 *******************************************************************************/ 1968 BOOLEAN smp_proc_ltk_request(BD_ADDR bda) 1969 { 1970 SMP_TRACE_DEBUG("%s state = %d", __func__, smp_cb.state); 1971 BOOLEAN match = FALSE; 1972 1973 if (!memcmp(bda, smp_cb.pairing_bda, BD_ADDR_LEN)) 1974 { 1975 match = TRUE; 1976 } else { 1977 BD_ADDR dummy_bda = {0}; 1978 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bda); 1979 if (p_dev_rec != NULL && 1980 0 == memcmp(p_dev_rec->ble.pseudo_addr, smp_cb.pairing_bda, BD_ADDR_LEN) && 1981 0 != memcmp(p_dev_rec->ble.pseudo_addr, dummy_bda, BD_ADDR_LEN)) 1982 { 1983 match = TRUE; 1984 } 1985 } 1986 1987 if (match && smp_cb.state == SMP_STATE_ENCRYPTION_PENDING) 1988 { 1989 smp_sm_event(&smp_cb, SMP_ENC_REQ_EVT, NULL); 1990 return TRUE; 1991 } 1992 1993 return FALSE; 1994 } 1995 1996 /******************************************************************************* 1997 ** 1998 ** Function smp_process_secure_connection_long_term_key 1999 ** 2000 ** Description This function is called to process SC LTK. 2001 ** SC LTK is calculated and used instead of STK. 2002 ** Here SC LTK is saved in BLE DB. 2003 ** 2004 ** Returns void 2005 ** 2006 *******************************************************************************/ 2007 void smp_process_secure_connection_long_term_key(void) 2008 { 2009 tSMP_CB *p_cb = &smp_cb; 2010 2011 SMP_TRACE_DEBUG("%s", __func__); 2012 smp_save_secure_connections_long_term_key(p_cb); 2013 2014 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE); 2015 smp_key_distribution(p_cb, NULL); 2016 } 2017 2018 /******************************************************************************* 2019 ** 2020 ** Function smp_set_derive_link_key 2021 ** 2022 ** Description This function is called to set flag that indicates that 2023 ** BR/EDR LK has to be derived from LTK after all keys are 2024 ** distributed. 2025 ** 2026 ** Returns void 2027 ** 2028 *******************************************************************************/ 2029 void smp_set_derive_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 2030 { 2031 SMP_TRACE_DEBUG ("%s", __func__); 2032 p_cb->derive_lk = TRUE; 2033 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_LK, FALSE); 2034 smp_key_distribution(p_cb, NULL); 2035 } 2036 2037 /******************************************************************************* 2038 ** 2039 ** Function smp_derive_link_key_from_long_term_key 2040 ** 2041 ** Description This function is called to derive BR/EDR LK from LTK. 2042 ** 2043 ** Returns void 2044 ** 2045 *******************************************************************************/ 2046 void smp_derive_link_key_from_long_term_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 2047 { 2048 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN; 2049 2050 SMP_TRACE_DEBUG("%s", __func__); 2051 if (!smp_calculate_link_key_from_long_term_key(p_cb)) 2052 { 2053 SMP_TRACE_ERROR("%s failed", __FUNCTION__); 2054 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status); 2055 return; 2056 } 2057 } 2058 2059 /******************************************************************************* 2060 ** 2061 ** Function smp_br_process_link_key 2062 ** 2063 ** Description This function is called to process BR/EDR LK: 2064 ** - to derive SMP LTK from BR/EDR LK; 2065 *8 - to save SMP LTK. 2066 ** 2067 ** Returns void 2068 ** 2069 *******************************************************************************/ 2070 void smp_br_process_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 2071 { 2072 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN; 2073 2074 SMP_TRACE_DEBUG("%s", __func__); 2075 if (!smp_calculate_long_term_key_from_link_key(p_cb)) 2076 { 2077 SMP_TRACE_ERROR ("%s failed",__FUNCTION__); 2078 smp_sm_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &status); 2079 return; 2080 } 2081 2082 SMP_TRACE_DEBUG("%s: LTK derivation from LK successfully completed", __FUNCTION__); 2083 smp_save_secure_connections_long_term_key(p_cb); 2084 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE); 2085 smp_br_select_next_key(p_cb, NULL); 2086 } 2087 2088 /******************************************************************************* 2089 ** Function smp_key_distribution_by_transport 2090 ** Description depending on the transport used at the moment calls either 2091 ** smp_key_distribution(...) or smp_br_key_distribution(...). 2092 *******************************************************************************/ 2093 void smp_key_distribution_by_transport(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 2094 { 2095 SMP_TRACE_DEBUG("%s", __func__); 2096 if (p_cb->smp_over_br) 2097 { 2098 smp_br_select_next_key(p_cb, NULL); 2099 } 2100 else 2101 { 2102 smp_key_distribution(p_cb, NULL); 2103 } 2104 } 2105 2106 /******************************************************************************* 2107 ** Function smp_br_pairing_complete 2108 ** Description This function is called to send the pairing complete callback 2109 ** and remove the connection if needed. 2110 *******************************************************************************/ 2111 void smp_br_pairing_complete(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 2112 { 2113 SMP_TRACE_DEBUG("%s", __func__); 2114 2115 if (p_cb->total_tx_unacked == 0) 2116 { 2117 /* process the pairing complete */ 2118 smp_proc_pairing_cmpl(p_cb); 2119 } 2120 } 2121 2122 #endif 2123