1 /****************************************************************************** 2 * 3 * Copyright (C) 1999-2012 Broadcom Corporation 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19 /****************************************************************************** 20 * 21 * This file contains functions for BLE device control utilities, and LE 22 * security functions. 23 * 24 ******************************************************************************/ 25 26 #define LOG_TAG "bt_btm_ble" 27 28 #include "bt_target.h" 29 30 #if BLE_INCLUDED == TRUE 31 32 #include <string.h> 33 34 #include "bt_types.h" 35 #include "bt_utils.h" 36 #include "btm_ble_api.h" 37 #include "btm_int.h" 38 #include "btu.h" 39 #include "device/include/controller.h" 40 #include "gap_api.h" 41 #include "hcimsgs.h" 42 #include "l2c_int.h" 43 #include "osi/include/log.h" 44 #include "smp_api.h" 45 46 #if SMP_INCLUDED == TRUE 47 extern BOOLEAN aes_cipher_msg_auth_code(BT_OCTET16 key, UINT8 *input, UINT16 length, 48 UINT16 tlen, UINT8 *p_signature); 49 extern void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable); 50 extern BOOLEAN smp_proc_ltk_request(BD_ADDR bda); 51 #endif 52 extern void gatt_notify_enc_cmpl(BD_ADDR bd_addr); 53 /*******************************************************************************/ 54 /* External Function to be called by other modules */ 55 /*******************************************************************************/ 56 /******************************************************** 57 ** 58 ** Function BTM_SecAddBleDevice 59 ** 60 ** Description Add/modify device. This function will be normally called 61 ** during host startup to restore all required information 62 ** for a LE device stored in the NVRAM. 63 ** 64 ** Parameters: bd_addr - BD address of the peer 65 ** bd_name - Name of the peer device. NULL if unknown. 66 ** dev_type - Remote device's device type. 67 ** addr_type - LE device address type. 68 ** 69 ** Returns TRUE if added OK, else FALSE 70 ** 71 *******************************************************************************/ 72 BOOLEAN BTM_SecAddBleDevice (BD_ADDR bd_addr, BD_NAME bd_name, tBT_DEVICE_TYPE dev_type, 73 tBLE_ADDR_TYPE addr_type) 74 { 75 BTM_TRACE_DEBUG ("%s: dev_type=0x%x", __func__, dev_type); 76 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bd_addr); 77 78 if (!p_dev_rec) { 79 if (list_length(btm_cb.sec_dev_rec) > BTM_SEC_MAX_DEVICE_RECORDS) { 80 BTM_TRACE_ERROR("%s: %d max devices reached!", __func__, BTM_SEC_MAX_DEVICE_RECORDS); 81 return FALSE; 82 } 83 84 p_dev_rec = osi_calloc(sizeof(tBTM_SEC_DEV_REC)); 85 list_append(btm_cb.sec_dev_rec, p_dev_rec); 86 87 memcpy(p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN); 88 p_dev_rec->hci_handle = BTM_GetHCIConnHandle(bd_addr, BT_TRANSPORT_BR_EDR); 89 p_dev_rec->ble_hci_handle = BTM_GetHCIConnHandle(bd_addr, BT_TRANSPORT_LE); 90 91 /* update conn params, use default value for background connection params */ 92 p_dev_rec->conn_params.min_conn_int = BTM_BLE_CONN_PARAM_UNDEF; 93 p_dev_rec->conn_params.max_conn_int = BTM_BLE_CONN_PARAM_UNDEF; 94 p_dev_rec->conn_params.supervision_tout = BTM_BLE_CONN_PARAM_UNDEF; 95 p_dev_rec->conn_params.slave_latency = BTM_BLE_CONN_PARAM_UNDEF; 96 97 BTM_TRACE_DEBUG("%s: Device added, handle=0x%x ", __func__, p_dev_rec->ble_hci_handle); 98 } 99 100 memset(p_dev_rec->sec_bd_name, 0, sizeof(tBTM_BD_NAME)); 101 102 if (bd_name && bd_name[0]) 103 { 104 p_dev_rec->sec_flags |= BTM_SEC_NAME_KNOWN; 105 strlcpy((char *)p_dev_rec->sec_bd_name, 106 (char *)bd_name, BTM_MAX_REM_BD_NAME_LEN); 107 } 108 p_dev_rec->device_type |= dev_type; 109 p_dev_rec->ble.ble_addr_type = addr_type; 110 111 memcpy(p_dev_rec->ble.pseudo_addr, bd_addr, BD_ADDR_LEN); 112 /* sync up with the Inq Data base*/ 113 tBTM_INQ_INFO *p_info = BTM_InqDbRead(bd_addr); 114 if (p_info) 115 { 116 p_info->results.ble_addr_type = p_dev_rec->ble.ble_addr_type ; 117 p_info->results.device_type = p_dev_rec->device_type; 118 BTM_TRACE_DEBUG("InqDb device_type =0x%x addr_type=0x%x", 119 p_info->results.device_type, p_info->results.ble_addr_type); 120 } 121 122 return TRUE; 123 } 124 125 /******************************************************************************* 126 ** 127 ** Function BTM_SecAddBleKey 128 ** 129 ** Description Add/modify LE device information. This function will be 130 ** normally called during host startup to restore all required 131 ** information stored in the NVRAM. 132 ** 133 ** Parameters: bd_addr - BD address of the peer 134 ** p_le_key - LE key values. 135 ** key_type - LE SMP key type. 136 * 137 ** Returns TRUE if added OK, else FALSE 138 ** 139 *******************************************************************************/ 140 BOOLEAN BTM_SecAddBleKey (BD_ADDR bd_addr, tBTM_LE_KEY_VALUE *p_le_key, tBTM_LE_KEY_TYPE key_type) 141 { 142 #if SMP_INCLUDED == TRUE 143 tBTM_SEC_DEV_REC *p_dev_rec; 144 BTM_TRACE_DEBUG ("BTM_SecAddBleKey"); 145 p_dev_rec = btm_find_dev (bd_addr); 146 if (!p_dev_rec || !p_le_key || 147 (key_type != BTM_LE_KEY_PENC && key_type != BTM_LE_KEY_PID && 148 key_type != BTM_LE_KEY_PCSRK && key_type != BTM_LE_KEY_LENC && 149 key_type != BTM_LE_KEY_LCSRK && key_type != BTM_LE_KEY_LID)) 150 { 151 BTM_TRACE_WARNING ("BTM_SecAddBleKey() Wrong Type, or No Device record \ 152 for bdaddr: %08x%04x, Type: %d", 153 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3], 154 (bd_addr[4]<<8)+bd_addr[5], key_type); 155 return(FALSE); 156 } 157 158 BTM_TRACE_DEBUG ("BTM_SecAddLeKey() BDA: %08x%04x, Type: 0x%02x", 159 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3], 160 (bd_addr[4]<<8)+bd_addr[5], key_type); 161 162 btm_sec_save_le_key (bd_addr, key_type, p_le_key, FALSE); 163 164 #if (BLE_PRIVACY_SPT == TRUE) 165 if (key_type == BTM_LE_KEY_PID || key_type == BTM_LE_KEY_LID) 166 btm_ble_resolving_list_load_dev (p_dev_rec); 167 #endif 168 169 #endif 170 171 return(TRUE); 172 } 173 174 /******************************************************************************* 175 ** 176 ** Function BTM_BleLoadLocalKeys 177 ** 178 ** Description Local local identity key, encryption root or sign counter. 179 ** 180 ** Parameters: key_type: type of key, can be BTM_BLE_KEY_TYPE_ID, BTM_BLE_KEY_TYPE_ER 181 ** or BTM_BLE_KEY_TYPE_COUNTER. 182 ** p_key: pointer to the key. 183 * 184 ** Returns non2. 185 ** 186 *******************************************************************************/ 187 void BTM_BleLoadLocalKeys(UINT8 key_type, tBTM_BLE_LOCAL_KEYS *p_key) 188 { 189 tBTM_DEVCB *p_devcb = &btm_cb.devcb; 190 BTM_TRACE_DEBUG ("%s", __func__); 191 if (p_key != NULL) 192 { 193 switch (key_type) 194 { 195 case BTM_BLE_KEY_TYPE_ID: 196 memcpy(&p_devcb->id_keys, &p_key->id_keys, sizeof(tBTM_BLE_LOCAL_ID_KEYS)); 197 break; 198 199 case BTM_BLE_KEY_TYPE_ER: 200 memcpy(p_devcb->ble_encryption_key_value, p_key->er, sizeof(BT_OCTET16)); 201 break; 202 203 default: 204 BTM_TRACE_ERROR("unknow local key type: %d", key_type); 205 break; 206 } 207 } 208 } 209 210 /******************************************************************************* 211 ** 212 ** Function BTM_GetDeviceEncRoot 213 ** 214 ** Description This function is called to read the local device encryption 215 ** root. 216 ** 217 ** Returns void 218 ** the local device ER is copied into ble_encr_key_value 219 ** 220 *******************************************************************************/ 221 void BTM_GetDeviceEncRoot (BT_OCTET16 ble_encr_key_value) 222 { 223 BTM_TRACE_DEBUG ("%s", __func__); 224 memcpy (ble_encr_key_value, btm_cb.devcb.ble_encryption_key_value, BT_OCTET16_LEN); 225 } 226 227 /******************************************************************************* 228 ** 229 ** Function BTM_GetDeviceIDRoot 230 ** 231 ** Description This function is called to read the local device identity 232 ** root. 233 ** 234 ** Returns void 235 ** the local device IR is copied into irk 236 ** 237 *******************************************************************************/ 238 void BTM_GetDeviceIDRoot (BT_OCTET16 irk) 239 { 240 BTM_TRACE_DEBUG ("BTM_GetDeviceIDRoot "); 241 242 memcpy (irk, btm_cb.devcb.id_keys.irk, BT_OCTET16_LEN); 243 } 244 245 /******************************************************************************* 246 ** 247 ** Function BTM_GetDeviceDHK 248 ** 249 ** Description This function is called to read the local device DHK. 250 ** 251 ** Returns void 252 ** the local device DHK is copied into dhk 253 ** 254 *******************************************************************************/ 255 void BTM_GetDeviceDHK (BT_OCTET16 dhk) 256 { 257 BTM_TRACE_DEBUG ("BTM_GetDeviceDHK"); 258 memcpy (dhk, btm_cb.devcb.id_keys.dhk, BT_OCTET16_LEN); 259 } 260 261 /******************************************************************************* 262 ** 263 ** Function BTM_ReadConnectionAddr 264 ** 265 ** Description This function is called to get the local device address information 266 ** . 267 ** 268 ** Returns void 269 ** 270 *******************************************************************************/ 271 void BTM_ReadConnectionAddr (BD_ADDR remote_bda, BD_ADDR local_conn_addr, tBLE_ADDR_TYPE *p_addr_type) 272 { 273 tACL_CONN *p_acl = btm_bda_to_acl(remote_bda, BT_TRANSPORT_LE); 274 275 if (p_acl == NULL) 276 { 277 BTM_TRACE_ERROR("No connection exist!"); 278 return; 279 } 280 memcpy(local_conn_addr, p_acl->conn_addr, BD_ADDR_LEN); 281 * p_addr_type = p_acl->conn_addr_type; 282 283 BTM_TRACE_DEBUG ("BTM_ReadConnectionAddr address type: %d addr: 0x%02x", 284 p_acl->conn_addr_type, p_acl->conn_addr[0]); 285 } 286 287 /******************************************************************************* 288 ** 289 ** Function BTM_IsBleConnection 290 ** 291 ** Description This function is called to check if the connection handle 292 ** for an LE link 293 ** 294 ** Returns TRUE if connection is LE link, otherwise FALSE. 295 ** 296 *******************************************************************************/ 297 BOOLEAN BTM_IsBleConnection (UINT16 conn_handle) 298 { 299 #if (BLE_INCLUDED == TRUE) 300 UINT8 xx; 301 tACL_CONN *p; 302 303 BTM_TRACE_API ("BTM_IsBleConnection: conn_handle: %d", conn_handle); 304 305 xx = btm_handle_to_acl_index (conn_handle); 306 if (xx >= MAX_L2CAP_LINKS) 307 return FALSE; 308 309 p = &btm_cb.acl_db[xx]; 310 311 return (p->transport == BT_TRANSPORT_LE); 312 #else 313 return FALSE; 314 #endif 315 } 316 317 /******************************************************************************* 318 ** 319 ** Function BTM_ReadRemoteConnectionAddr 320 ** 321 ** Description This function is read the remote device address currently used 322 ** 323 ** Parameters pseudo_addr: pseudo random address available 324 ** conn_addr:connection address used 325 ** p_addr_type : BD Address type, Public or Random of the address used 326 ** 327 ** Returns BOOLEAN , TRUE if connection to remote device exists, else FALSE 328 ** 329 *******************************************************************************/ 330 BOOLEAN BTM_ReadRemoteConnectionAddr(BD_ADDR pseudo_addr, BD_ADDR conn_addr, 331 tBLE_ADDR_TYPE *p_addr_type) 332 { 333 BOOLEAN st = TRUE; 334 #if (BLE_PRIVACY_SPT == TRUE) 335 tACL_CONN *p = btm_bda_to_acl (pseudo_addr, BT_TRANSPORT_LE); 336 337 if (p == NULL) 338 { 339 BTM_TRACE_ERROR("BTM_ReadRemoteConnectionAddr can not find connection" 340 " with matching address"); 341 return FALSE; 342 } 343 344 memcpy(conn_addr, p->active_remote_addr, BD_ADDR_LEN); 345 *p_addr_type = p->active_remote_addr_type; 346 #else 347 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(pseudo_addr); 348 349 memcpy(conn_addr, pseudo_addr, BD_ADDR_LEN); 350 if (p_dev_rec != NULL) 351 { 352 *p_addr_type = p_dev_rec->ble.ble_addr_type; 353 } 354 #endif 355 return st; 356 357 } 358 /******************************************************************************* 359 ** 360 ** Function BTM_SecurityGrant 361 ** 362 ** Description This function is called to grant security process. 363 ** 364 ** Parameters bd_addr - peer device bd address. 365 ** res - result of the operation BTM_SUCCESS if success. 366 ** Otherwise, BTM_REPEATED_ATTEMPTS is too many attempts. 367 ** 368 ** Returns None 369 ** 370 *******************************************************************************/ 371 void BTM_SecurityGrant(BD_ADDR bd_addr, UINT8 res) 372 { 373 #if SMP_INCLUDED == TRUE 374 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_REPEATED_ATTEMPTS; 375 BTM_TRACE_DEBUG ("BTM_SecurityGrant"); 376 SMP_SecurityGrant(bd_addr, res_smp); 377 #endif 378 } 379 380 /******************************************************************************* 381 ** 382 ** Function BTM_BlePasskeyReply 383 ** 384 ** Description This function is called after Security Manager submitted 385 ** passkey request to the application. 386 ** 387 ** Parameters: bd_addr - Address of the device for which passkey was requested 388 ** res - result of the operation BTM_SUCCESS if success 389 ** key_len - length in bytes of the Passkey 390 ** p_passkey - pointer to array with the passkey 391 ** trusted_mask - bitwise OR of trusted services (array of UINT32) 392 ** 393 *******************************************************************************/ 394 void BTM_BlePasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey) 395 { 396 #if SMP_INCLUDED == TRUE 397 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 398 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_PASSKEY_ENTRY_FAIL; 399 400 if (p_dev_rec == NULL) 401 { 402 BTM_TRACE_ERROR("Passkey reply to Unknown device"); 403 return; 404 } 405 406 p_dev_rec->sec_flags |= BTM_SEC_LE_AUTHENTICATED; 407 BTM_TRACE_DEBUG ("BTM_BlePasskeyReply"); 408 SMP_PasskeyReply(bd_addr, res_smp, passkey); 409 #endif 410 } 411 412 /******************************************************************************* 413 ** 414 ** Function BTM_BleConfirmReply 415 ** 416 ** Description This function is called after Security Manager submitted 417 ** numeric comparison request to the application. 418 ** 419 ** Parameters: bd_addr - Address of the device with which numeric 420 ** comparison was requested 421 ** res - comparison result BTM_SUCCESS if success 422 ** 423 *******************************************************************************/ 424 void BTM_BleConfirmReply (BD_ADDR bd_addr, UINT8 res) 425 { 426 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 427 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_PASSKEY_ENTRY_FAIL; 428 429 if (p_dev_rec == NULL) 430 { 431 BTM_TRACE_ERROR("Passkey reply to Unknown device"); 432 return; 433 } 434 435 p_dev_rec->sec_flags |= BTM_SEC_LE_AUTHENTICATED; 436 BTM_TRACE_DEBUG ("%s", __func__); 437 SMP_ConfirmReply(bd_addr, res_smp); 438 } 439 440 /******************************************************************************* 441 ** 442 ** Function BTM_BleOobDataReply 443 ** 444 ** Description This function is called to provide the OOB data for 445 ** SMP in response to BTM_LE_OOB_REQ_EVT 446 ** 447 ** Parameters: bd_addr - Address of the peer device 448 ** res - result of the operation SMP_SUCCESS if success 449 ** p_data - oob data, depending on transport and capabilities. 450 ** Might be "Simple Pairing Randomizer", or 451 ** "Security Manager TK Value". 452 ** 453 *******************************************************************************/ 454 void BTM_BleOobDataReply(BD_ADDR bd_addr, UINT8 res, UINT8 len, UINT8 *p_data) 455 { 456 #if SMP_INCLUDED == TRUE 457 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_OOB_FAIL; 458 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 459 460 BTM_TRACE_DEBUG ("BTM_BleOobDataReply"); 461 462 if (p_dev_rec == NULL) 463 { 464 BTM_TRACE_ERROR("BTM_BleOobDataReply() to Unknown device"); 465 return; 466 } 467 468 p_dev_rec->sec_flags |= BTM_SEC_LE_AUTHENTICATED; 469 SMP_OobDataReply(bd_addr, res_smp, len, p_data); 470 #endif 471 } 472 473 /****************************************************************************** 474 ** 475 ** Function BTM_BleSetConnScanParams 476 ** 477 ** Description Set scan parameter used in BLE connection request 478 ** 479 ** Parameters: scan_interval: scan interval 480 ** scan_window: scan window 481 ** 482 ** Returns void 483 ** 484 *******************************************************************************/ 485 void BTM_BleSetConnScanParams (UINT32 scan_interval, UINT32 scan_window) 486 { 487 #if SMP_INCLUDED == TRUE 488 tBTM_BLE_CB *p_ble_cb = &btm_cb.ble_ctr_cb; 489 BOOLEAN new_param = FALSE; 490 491 if (BTM_BLE_ISVALID_PARAM(scan_interval, BTM_BLE_SCAN_INT_MIN, BTM_BLE_SCAN_INT_MAX) && 492 BTM_BLE_ISVALID_PARAM(scan_window, BTM_BLE_SCAN_WIN_MIN, BTM_BLE_SCAN_WIN_MAX)) 493 { 494 if (p_ble_cb->scan_int != scan_interval) 495 { 496 p_ble_cb->scan_int = scan_interval; 497 new_param = TRUE; 498 } 499 500 if (p_ble_cb->scan_win != scan_window) 501 { 502 p_ble_cb->scan_win = scan_window; 503 new_param = TRUE; 504 } 505 506 if (new_param && p_ble_cb->conn_state == BLE_BG_CONN) 507 { 508 btm_ble_suspend_bg_conn(); 509 } 510 } 511 else 512 { 513 BTM_TRACE_ERROR("Illegal Connection Scan Parameters"); 514 } 515 #endif 516 } 517 518 /******************************************************** 519 ** 520 ** Function BTM_BleSetPrefConnParams 521 ** 522 ** Description Set a peripheral's preferred connection parameters 523 ** 524 ** Parameters: bd_addr - BD address of the peripheral 525 ** scan_interval: scan interval 526 ** scan_window: scan window 527 ** min_conn_int - minimum preferred connection interval 528 ** max_conn_int - maximum preferred connection interval 529 ** slave_latency - preferred slave latency 530 ** supervision_tout - preferred supervision timeout 531 ** 532 ** Returns void 533 ** 534 *******************************************************************************/ 535 void BTM_BleSetPrefConnParams (BD_ADDR bd_addr, 536 UINT16 min_conn_int, UINT16 max_conn_int, 537 UINT16 slave_latency, UINT16 supervision_tout) 538 { 539 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 540 541 BTM_TRACE_API ("BTM_BleSetPrefConnParams min: %u max: %u latency: %u \ 542 tout: %u", 543 min_conn_int, max_conn_int, slave_latency, supervision_tout); 544 545 if (BTM_BLE_ISVALID_PARAM(min_conn_int, BTM_BLE_CONN_INT_MIN, BTM_BLE_CONN_INT_MAX) && 546 BTM_BLE_ISVALID_PARAM(max_conn_int, BTM_BLE_CONN_INT_MIN, BTM_BLE_CONN_INT_MAX) && 547 BTM_BLE_ISVALID_PARAM(supervision_tout, BTM_BLE_CONN_SUP_TOUT_MIN, BTM_BLE_CONN_SUP_TOUT_MAX) && 548 (slave_latency <= BTM_BLE_CONN_LATENCY_MAX || slave_latency == BTM_BLE_CONN_PARAM_UNDEF)) 549 { 550 if (p_dev_rec) 551 { 552 /* expect conn int and stout and slave latency to be updated all together */ 553 if (min_conn_int != BTM_BLE_CONN_PARAM_UNDEF || max_conn_int != BTM_BLE_CONN_PARAM_UNDEF) 554 { 555 if (min_conn_int != BTM_BLE_CONN_PARAM_UNDEF) 556 p_dev_rec->conn_params.min_conn_int = min_conn_int; 557 else 558 p_dev_rec->conn_params.min_conn_int = max_conn_int; 559 560 if (max_conn_int != BTM_BLE_CONN_PARAM_UNDEF) 561 p_dev_rec->conn_params.max_conn_int = max_conn_int; 562 else 563 p_dev_rec->conn_params.max_conn_int = min_conn_int; 564 565 if (slave_latency != BTM_BLE_CONN_PARAM_UNDEF) 566 p_dev_rec->conn_params.slave_latency = slave_latency; 567 else 568 p_dev_rec->conn_params.slave_latency = BTM_BLE_CONN_SLAVE_LATENCY_DEF; 569 570 if (supervision_tout != BTM_BLE_CONN_PARAM_UNDEF) 571 p_dev_rec->conn_params.supervision_tout = supervision_tout; 572 else 573 p_dev_rec->conn_params.supervision_tout = BTM_BLE_CONN_TIMEOUT_DEF; 574 575 } 576 577 } 578 else 579 { 580 BTM_TRACE_ERROR("Unknown Device, setting rejected"); 581 } 582 } 583 else 584 { 585 BTM_TRACE_ERROR("Illegal Connection Parameters"); 586 } 587 } 588 589 /******************************************************************************* 590 ** 591 ** Function BTM_ReadDevInfo 592 ** 593 ** Description This function is called to read the device/address type 594 ** of BD address. 595 ** 596 ** Parameter remote_bda: remote device address 597 ** p_dev_type: output parameter to read the device type. 598 ** p_addr_type: output parameter to read the address type. 599 ** 600 *******************************************************************************/ 601 void BTM_ReadDevInfo (BD_ADDR remote_bda, tBT_DEVICE_TYPE *p_dev_type, tBLE_ADDR_TYPE *p_addr_type) 602 { 603 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (remote_bda); 604 tBTM_INQ_INFO *p_inq_info = BTM_InqDbRead(remote_bda); 605 606 *p_addr_type = BLE_ADDR_PUBLIC; 607 608 if (!p_dev_rec) 609 { 610 *p_dev_type = BT_DEVICE_TYPE_BREDR; 611 /* Check with the BT manager if details about remote device are known */ 612 if (p_inq_info != NULL) 613 { 614 *p_dev_type = p_inq_info->results.device_type ; 615 *p_addr_type = p_inq_info->results.ble_addr_type; 616 } else { 617 /* unknown device, assume BR/EDR */ 618 BTM_TRACE_DEBUG ("btm_find_dev_type - unknown device, BR/EDR assumed"); 619 } 620 } 621 else /* there is a security device record exisitng */ 622 { 623 /* new inquiry result, overwrite device type in security device record */ 624 if (p_inq_info) 625 { 626 p_dev_rec->device_type = p_inq_info->results.device_type; 627 p_dev_rec->ble.ble_addr_type = p_inq_info->results.ble_addr_type; 628 } 629 if (memcmp(p_dev_rec->bd_addr, remote_bda, BD_ADDR_LEN) == 0 && 630 memcmp(p_dev_rec->ble.pseudo_addr, remote_bda, BD_ADDR_LEN) == 0) 631 { 632 *p_dev_type = p_dev_rec->device_type; 633 *p_addr_type = p_dev_rec->ble.ble_addr_type; 634 } 635 else if (memcmp(p_dev_rec->ble.pseudo_addr, remote_bda, BD_ADDR_LEN) == 0) 636 { 637 *p_dev_type = BT_DEVICE_TYPE_BLE; 638 *p_addr_type = p_dev_rec->ble.ble_addr_type; 639 } 640 else /* matching static adddress only */ 641 { 642 *p_dev_type = BT_DEVICE_TYPE_BREDR; 643 *p_addr_type = BLE_ADDR_PUBLIC; 644 } 645 646 } 647 648 BTM_TRACE_DEBUG ("btm_find_dev_type - device_type = %d addr_type = %d", *p_dev_type , *p_addr_type); 649 } 650 651 /******************************************************************************* 652 ** 653 ** Function BTM_ReadConnectedTransportAddress 654 ** 655 ** Description This function is called to read the paired device/address type of other device paired 656 ** corresponding to the BD_address 657 ** 658 ** Parameter remote_bda: remote device address, carry out the transport address 659 ** transport: active transport 660 ** 661 ** Return TRUE if an active link is identified; FALSE otherwise 662 ** 663 *******************************************************************************/ 664 BOOLEAN BTM_ReadConnectedTransportAddress(BD_ADDR remote_bda, tBT_TRANSPORT transport) 665 { 666 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(remote_bda); 667 668 /* if no device can be located, return */ 669 if (p_dev_rec == NULL) 670 return FALSE; 671 672 if (transport == BT_TRANSPORT_BR_EDR) 673 { 674 if (btm_bda_to_acl(p_dev_rec->bd_addr, transport) != NULL) 675 { 676 memcpy(remote_bda, p_dev_rec->bd_addr, BD_ADDR_LEN); 677 return TRUE; 678 } 679 else if (p_dev_rec->device_type & BT_DEVICE_TYPE_BREDR) 680 { 681 memcpy(remote_bda, p_dev_rec->bd_addr, BD_ADDR_LEN); 682 } 683 else 684 memset(remote_bda, 0, BD_ADDR_LEN); 685 return FALSE; 686 } 687 688 if (transport == BT_TRANSPORT_LE) 689 { 690 memcpy(remote_bda, p_dev_rec->ble.pseudo_addr, BD_ADDR_LEN); 691 if (btm_bda_to_acl(p_dev_rec->ble.pseudo_addr, transport) != NULL) 692 return TRUE; 693 else 694 return FALSE; 695 } 696 697 return FALSE; 698 } 699 700 /******************************************************************************* 701 ** 702 ** Function BTM_BleReceiverTest 703 ** 704 ** Description This function is called to start the LE Receiver test 705 ** 706 ** Parameter rx_freq - Frequency Range 707 ** p_cmd_cmpl_cback - Command Complete callback 708 ** 709 *******************************************************************************/ 710 void BTM_BleReceiverTest(UINT8 rx_freq, tBTM_CMPL_CB *p_cmd_cmpl_cback) 711 { 712 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback; 713 714 if (btsnd_hcic_ble_receiver_test(rx_freq) == FALSE) 715 { 716 BTM_TRACE_ERROR("%s: Unable to Trigger LE receiver test", __FUNCTION__); 717 } 718 } 719 720 /******************************************************************************* 721 ** 722 ** Function BTM_BleTransmitterTest 723 ** 724 ** Description This function is called to start the LE Transmitter test 725 ** 726 ** Parameter tx_freq - Frequency Range 727 ** test_data_len - Length in bytes of payload data in each packet 728 ** packet_payload - Pattern to use in the payload 729 ** p_cmd_cmpl_cback - Command Complete callback 730 ** 731 *******************************************************************************/ 732 void BTM_BleTransmitterTest(UINT8 tx_freq, UINT8 test_data_len, 733 UINT8 packet_payload, tBTM_CMPL_CB *p_cmd_cmpl_cback) 734 { 735 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback; 736 if (btsnd_hcic_ble_transmitter_test(tx_freq, test_data_len, packet_payload) == FALSE) 737 { 738 BTM_TRACE_ERROR("%s: Unable to Trigger LE transmitter test", __FUNCTION__); 739 } 740 } 741 742 /******************************************************************************* 743 ** 744 ** Function BTM_BleTestEnd 745 ** 746 ** Description This function is called to stop the in-progress TX or RX test 747 ** 748 ** Parameter p_cmd_cmpl_cback - Command complete callback 749 ** 750 *******************************************************************************/ 751 void BTM_BleTestEnd(tBTM_CMPL_CB *p_cmd_cmpl_cback) 752 { 753 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback; 754 755 if (btsnd_hcic_ble_test_end() == FALSE) 756 { 757 BTM_TRACE_ERROR("%s: Unable to End the LE TX/RX test", __FUNCTION__); 758 } 759 } 760 761 /******************************************************************************* 762 ** Internal Functions 763 *******************************************************************************/ 764 void btm_ble_test_command_complete(UINT8 *p) 765 { 766 tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_le_test_cmd_cmpl_cb; 767 768 btm_cb.devcb.p_le_test_cmd_cmpl_cb = NULL; 769 770 if (p_cb) 771 { 772 (*p_cb)(p); 773 } 774 } 775 776 /******************************************************************************* 777 ** 778 ** Function BTM_UseLeLink 779 ** 780 ** Description This function is to select the underneath physical link to use. 781 ** 782 ** Returns TRUE to use LE, FALSE use BR/EDR. 783 ** 784 *******************************************************************************/ 785 BOOLEAN BTM_UseLeLink (BD_ADDR bd_addr) 786 { 787 tACL_CONN *p; 788 tBT_DEVICE_TYPE dev_type; 789 tBLE_ADDR_TYPE addr_type; 790 BOOLEAN use_le = FALSE; 791 792 if ((p = btm_bda_to_acl(bd_addr, BT_TRANSPORT_BR_EDR)) != NULL) 793 { 794 return use_le; 795 } 796 else if ((p = btm_bda_to_acl(bd_addr, BT_TRANSPORT_LE)) != NULL) 797 { 798 use_le = TRUE; 799 } 800 else 801 { 802 BTM_ReadDevInfo(bd_addr, &dev_type, &addr_type); 803 use_le = (dev_type == BT_DEVICE_TYPE_BLE); 804 } 805 return use_le; 806 } 807 808 /******************************************************************************* 809 ** 810 ** Function BTM_SetBleDataLength 811 ** 812 ** Description This function is to set maximum BLE transmission packet size 813 ** 814 ** Returns BTM_SUCCESS if success; otherwise failed. 815 ** 816 *******************************************************************************/ 817 tBTM_STATUS BTM_SetBleDataLength(BD_ADDR bd_addr, UINT16 tx_pdu_length) 818 { 819 tACL_CONN *p_acl = btm_bda_to_acl(bd_addr, BT_TRANSPORT_LE); 820 BTM_TRACE_DEBUG("%s: tx_pdu_length =%d", __FUNCTION__, tx_pdu_length); 821 822 if (!controller_get_interface()->supports_ble_packet_extension()) 823 { 824 BTM_TRACE_ERROR("%s failed, request not supported", __FUNCTION__); 825 return BTM_ILLEGAL_VALUE; 826 } 827 828 if (!HCI_LE_DATA_LEN_EXT_SUPPORTED(p_acl->peer_le_features)) 829 { 830 BTM_TRACE_ERROR("%s failed, peer does not support request", __FUNCTION__); 831 return BTM_ILLEGAL_VALUE; 832 } 833 834 if (p_acl != NULL) 835 { 836 if (tx_pdu_length > BTM_BLE_DATA_SIZE_MAX) 837 tx_pdu_length = BTM_BLE_DATA_SIZE_MAX; 838 else if (tx_pdu_length < BTM_BLE_DATA_SIZE_MIN) 839 tx_pdu_length = BTM_BLE_DATA_SIZE_MIN; 840 841 /* always set the TxTime to be max, as controller does not care for now */ 842 btsnd_hcic_ble_set_data_length(p_acl->hci_handle, tx_pdu_length, 843 BTM_BLE_DATA_TX_TIME_MAX); 844 845 return BTM_SUCCESS; 846 } 847 else 848 { 849 BTM_TRACE_ERROR("%s: Wrong mode: no LE link exist or LE not supported",__FUNCTION__); 850 return BTM_WRONG_MODE; 851 } 852 } 853 854 /******************************************************************************* 855 ** 856 ** Function btm_ble_determine_security_act 857 ** 858 ** Description This function checks the security of current LE link 859 ** and returns the appropriate action that needs to be 860 ** taken to achieve the required security. 861 ** 862 ** Parameter is_originator - True if outgoing connection 863 ** bdaddr: remote device address 864 ** security_required: Security required for the service. 865 ** 866 ** Returns The appropriate security action required. 867 ** 868 *******************************************************************************/ 869 tBTM_SEC_ACTION btm_ble_determine_security_act(BOOLEAN is_originator, BD_ADDR bdaddr, UINT16 security_required) 870 { 871 tBTM_LE_AUTH_REQ auth_req = 0x00; 872 873 if (is_originator) 874 { 875 if ((security_required & BTM_SEC_OUT_FLAGS) == 0 && 876 (security_required & BTM_SEC_OUT_MITM) == 0) 877 { 878 BTM_TRACE_DEBUG ("%s No security required for outgoing connection", __func__); 879 return BTM_SEC_OK; 880 } 881 882 if (security_required & BTM_SEC_OUT_MITM) 883 auth_req |= BTM_LE_AUTH_REQ_MITM; 884 } 885 else 886 { 887 if ((security_required & BTM_SEC_IN_FLAGS) == 0&& (security_required & BTM_SEC_IN_MITM) == 0) 888 { 889 BTM_TRACE_DEBUG ("%s No security required for incoming connection", __func__); 890 return BTM_SEC_OK; 891 } 892 893 if (security_required & BTM_SEC_IN_MITM) 894 auth_req |= BTM_LE_AUTH_REQ_MITM; 895 } 896 897 tBTM_BLE_SEC_REQ_ACT ble_sec_act; 898 btm_ble_link_sec_check(bdaddr, auth_req, &ble_sec_act); 899 900 BTM_TRACE_DEBUG ("%s ble_sec_act %d", __func__ , ble_sec_act); 901 902 if (ble_sec_act == BTM_BLE_SEC_REQ_ACT_DISCARD) 903 return BTM_SEC_ENC_PENDING; 904 905 if (ble_sec_act == BTM_BLE_SEC_REQ_ACT_NONE) 906 return BTM_SEC_OK; 907 908 UINT8 sec_flag = 0; 909 BTM_GetSecurityFlagsByTransport(bdaddr, &sec_flag, BT_TRANSPORT_LE); 910 911 BOOLEAN is_link_encrypted = FALSE; 912 BOOLEAN is_key_mitm = FALSE; 913 if (sec_flag & (BTM_SEC_FLAG_ENCRYPTED| BTM_SEC_FLAG_LKEY_KNOWN)) 914 { 915 if (sec_flag & BTM_SEC_FLAG_ENCRYPTED) 916 is_link_encrypted = TRUE; 917 918 if (sec_flag & BTM_SEC_FLAG_LKEY_AUTHED) 919 is_key_mitm = TRUE; 920 } 921 922 if (auth_req & BTM_LE_AUTH_REQ_MITM) 923 { 924 if (!is_key_mitm) 925 { 926 return BTM_SEC_ENCRYPT_MITM; 927 } else { 928 if (is_link_encrypted) 929 return BTM_SEC_OK; 930 else 931 return BTM_SEC_ENCRYPT; 932 } 933 } else { 934 if (is_link_encrypted) 935 return BTM_SEC_OK; 936 else 937 return BTM_SEC_ENCRYPT_NO_MITM; 938 } 939 940 return BTM_SEC_OK; 941 } 942 943 /******************************************************************************* 944 ** 945 ** Function btm_ble_start_sec_check 946 ** 947 ** Description This function is to check and set the security required for 948 ** LE link for LE COC. 949 ** 950 ** Parameter bdaddr: remote device address. 951 ** psm : PSM of the LE COC sevice. 952 ** is_originator: TRUE if outgoing connection. 953 ** p_callback : Pointer to the callback function. 954 ** p_ref_data : Pointer to be returned along with the callback. 955 ** 956 ** Returns TRUE if link already meets the required security; otherwise FALSE. 957 ** 958 *******************************************************************************/ 959 BOOLEAN btm_ble_start_sec_check(BD_ADDR bd_addr, UINT16 psm, BOOLEAN is_originator, 960 tBTM_SEC_CALLBACK *p_callback, void *p_ref_data) 961 { 962 /* Find the service record for the PSM */ 963 tBTM_SEC_SERV_REC *p_serv_rec = btm_sec_find_first_serv (is_originator, psm); 964 965 /* If there is no application registered with this PSM do not allow connection */ 966 if (!p_serv_rec) 967 { 968 BTM_TRACE_WARNING ("%s PSM: %d no application registerd", __func__, psm); 969 (*p_callback) (bd_addr, BT_TRANSPORT_LE, p_ref_data, BTM_MODE_UNSUPPORTED); 970 return FALSE; 971 } 972 973 tBTM_SEC_ACTION sec_act = btm_ble_determine_security_act(is_originator, 974 bd_addr, p_serv_rec->security_flags); 975 976 tBTM_BLE_SEC_ACT ble_sec_act = BTM_BLE_SEC_NONE; 977 BOOLEAN status = FALSE; 978 979 switch (sec_act) 980 { 981 case BTM_SEC_OK: 982 BTM_TRACE_DEBUG ("%s Security met", __func__); 983 p_callback(bd_addr, BT_TRANSPORT_LE, p_ref_data, BTM_SUCCESS); 984 status = TRUE; 985 break; 986 987 case BTM_SEC_ENCRYPT: 988 BTM_TRACE_DEBUG ("%s Encryption needs to be done", __func__); 989 ble_sec_act = BTM_BLE_SEC_ENCRYPT; 990 break; 991 992 case BTM_SEC_ENCRYPT_MITM: 993 BTM_TRACE_DEBUG ("%s Pairing with MITM needs to be done", __func__); 994 ble_sec_act = BTM_BLE_SEC_ENCRYPT_MITM; 995 break; 996 997 case BTM_SEC_ENCRYPT_NO_MITM: 998 BTM_TRACE_DEBUG ("%s Pairing with No MITM needs to be done", __func__); 999 ble_sec_act = BTM_BLE_SEC_ENCRYPT_NO_MITM; 1000 break; 1001 1002 case BTM_SEC_ENC_PENDING: 1003 BTM_TRACE_DEBUG ("%s Ecryption pending", __func__); 1004 break; 1005 } 1006 1007 if (ble_sec_act == BTM_BLE_SEC_NONE) 1008 return status; 1009 1010 tL2C_LCB *p_lcb = l2cu_find_lcb_by_bd_addr(bd_addr, BT_TRANSPORT_LE); 1011 p_lcb->sec_act = sec_act; 1012 BTM_SetEncryption(bd_addr, BT_TRANSPORT_LE, p_callback, p_ref_data, ble_sec_act); 1013 1014 return FALSE; 1015 } 1016 1017 /******************************************************************************* 1018 ** 1019 ** Function btm_ble_rand_enc_complete 1020 ** 1021 ** Description This function is the callback functions for HCI_Rand command 1022 ** and HCI_Encrypt command is completed. 1023 ** This message is received from the HCI. 1024 ** 1025 ** Returns void 1026 ** 1027 *******************************************************************************/ 1028 void btm_ble_rand_enc_complete (UINT8 *p, UINT16 op_code, tBTM_RAND_ENC_CB *p_enc_cplt_cback) 1029 { 1030 tBTM_RAND_ENC params; 1031 UINT8 *p_dest = params.param_buf; 1032 1033 BTM_TRACE_DEBUG ("btm_ble_rand_enc_complete"); 1034 1035 memset(¶ms, 0, sizeof(tBTM_RAND_ENC)); 1036 1037 /* If there was a callback address for vcs complete, call it */ 1038 if (p_enc_cplt_cback && p) 1039 { 1040 /* Pass paramters to the callback function */ 1041 STREAM_TO_UINT8(params.status, p); /* command status */ 1042 1043 if (params.status == HCI_SUCCESS) 1044 { 1045 params.opcode = op_code; 1046 1047 if (op_code == HCI_BLE_RAND) 1048 params.param_len = BT_OCTET8_LEN; 1049 else 1050 params.param_len = BT_OCTET16_LEN; 1051 1052 memcpy(p_dest, p, params.param_len); /* Fetch return info from HCI event message */ 1053 } 1054 if (p_enc_cplt_cback) 1055 (*p_enc_cplt_cback)(¶ms); /* Call the Encryption complete callback function */ 1056 } 1057 } 1058 1059 #if (SMP_INCLUDED == TRUE) 1060 1061 /******************************************************************************* 1062 ** 1063 ** Function btm_ble_get_enc_key_type 1064 ** 1065 ** Description This function is to increment local sign counter 1066 ** Returns None 1067 ** 1068 *******************************************************************************/ 1069 void btm_ble_increment_sign_ctr(BD_ADDR bd_addr, BOOLEAN is_local ) 1070 { 1071 tBTM_SEC_DEV_REC *p_dev_rec; 1072 1073 BTM_TRACE_DEBUG ("btm_ble_increment_sign_ctr is_local=%d", is_local); 1074 1075 if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL) 1076 { 1077 if (is_local) 1078 p_dev_rec->ble.keys.local_counter++; 1079 else 1080 p_dev_rec->ble.keys.counter++; 1081 BTM_TRACE_DEBUG ("is_local=%d local sign counter=%d peer sign counter=%d", 1082 is_local, 1083 p_dev_rec->ble.keys.local_counter, 1084 p_dev_rec->ble.keys.counter); 1085 } 1086 } 1087 1088 /******************************************************************************* 1089 ** 1090 ** Function btm_ble_get_enc_key_type 1091 ** 1092 ** Description This function is to get the BLE key type that has been exchanged 1093 ** in betweem local device and peer device. 1094 ** 1095 ** Returns p_key_type: output parameter to carry the key type value. 1096 ** 1097 *******************************************************************************/ 1098 BOOLEAN btm_ble_get_enc_key_type(BD_ADDR bd_addr, UINT8 *p_key_types) 1099 { 1100 tBTM_SEC_DEV_REC *p_dev_rec; 1101 1102 BTM_TRACE_DEBUG ("btm_ble_get_enc_key_type"); 1103 1104 if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL) 1105 { 1106 *p_key_types = p_dev_rec->ble.key_type; 1107 return TRUE; 1108 } 1109 return FALSE; 1110 } 1111 1112 /******************************************************************************* 1113 ** 1114 ** Function btm_get_local_div 1115 ** 1116 ** Description This function is called to read the local DIV 1117 ** 1118 ** Returns TURE - if a valid DIV is availavle 1119 *******************************************************************************/ 1120 BOOLEAN btm_get_local_div (BD_ADDR bd_addr, UINT16 *p_div) 1121 { 1122 tBTM_SEC_DEV_REC *p_dev_rec; 1123 BOOLEAN status = FALSE; 1124 BTM_TRACE_DEBUG ("btm_get_local_div"); 1125 1126 BTM_TRACE_DEBUG("bd_addr:%02x-%02x-%02x-%02x-%02x-%02x", 1127 bd_addr[0],bd_addr[1], 1128 bd_addr[2],bd_addr[3], 1129 bd_addr[4],bd_addr[5]); 1130 1131 *p_div = 0; 1132 p_dev_rec = btm_find_dev (bd_addr); 1133 1134 if (p_dev_rec && p_dev_rec->ble.keys.div) 1135 { 1136 status = TRUE; 1137 *p_div = p_dev_rec->ble.keys.div; 1138 } 1139 BTM_TRACE_DEBUG ("btm_get_local_div status=%d (1-OK) DIV=0x%x", status, *p_div); 1140 return status; 1141 } 1142 1143 /******************************************************************************* 1144 ** 1145 ** Function btm_sec_save_le_key 1146 ** 1147 ** Description This function is called by the SMP to update 1148 ** an BLE key. SMP is internal, whereas all the keys shall 1149 ** be sent to the application. The function is also called 1150 ** when application passes ble key stored in NVRAM to the btm_sec. 1151 ** pass_to_application parameter is false in this case. 1152 ** 1153 ** Returns void 1154 ** 1155 *******************************************************************************/ 1156 void btm_sec_save_le_key(BD_ADDR bd_addr, tBTM_LE_KEY_TYPE key_type, tBTM_LE_KEY_VALUE *p_keys, 1157 BOOLEAN pass_to_application) 1158 { 1159 tBTM_SEC_DEV_REC *p_rec; 1160 tBTM_LE_EVT_DATA cb_data; 1161 UINT8 i; 1162 1163 BTM_TRACE_DEBUG ("btm_sec_save_le_key key_type=0x%x pass_to_application=%d",key_type, pass_to_application); 1164 /* Store the updated key in the device database */ 1165 1166 BTM_TRACE_DEBUG("bd_addr:%02x-%02x-%02x-%02x-%02x-%02x", 1167 bd_addr[0],bd_addr[1], 1168 bd_addr[2],bd_addr[3], 1169 bd_addr[4],bd_addr[5]); 1170 1171 if ((p_rec = btm_find_dev (bd_addr)) != NULL && (p_keys || key_type== BTM_LE_KEY_LID)) 1172 { 1173 btm_ble_init_pseudo_addr (p_rec, bd_addr); 1174 1175 switch (key_type) 1176 { 1177 case BTM_LE_KEY_PENC: 1178 memcpy(p_rec->ble.keys.pltk, p_keys->penc_key.ltk, BT_OCTET16_LEN); 1179 memcpy(p_rec->ble.keys.rand, p_keys->penc_key.rand, BT_OCTET8_LEN); 1180 p_rec->ble.keys.sec_level = p_keys->penc_key.sec_level; 1181 p_rec->ble.keys.ediv = p_keys->penc_key.ediv; 1182 p_rec->ble.keys.key_size = p_keys->penc_key.key_size; 1183 p_rec->ble.key_type |= BTM_LE_KEY_PENC; 1184 p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_KNOWN; 1185 if (p_keys->penc_key.sec_level == SMP_SEC_AUTHENTICATED) 1186 p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_AUTHED; 1187 else 1188 p_rec->sec_flags &= ~BTM_SEC_LE_LINK_KEY_AUTHED; 1189 BTM_TRACE_DEBUG("BTM_LE_KEY_PENC key_type=0x%x sec_flags=0x%x sec_leve=0x%x", 1190 p_rec->ble.key_type, 1191 p_rec->sec_flags, 1192 p_rec->ble.keys.sec_level); 1193 break; 1194 1195 case BTM_LE_KEY_PID: 1196 for (i=0; i<BT_OCTET16_LEN; i++) 1197 { 1198 p_rec->ble.keys.irk[i] = p_keys->pid_key.irk[i]; 1199 } 1200 1201 //memcpy( p_rec->ble.keys.irk, p_keys->pid_key, BT_OCTET16_LEN); todo will crash the system 1202 memcpy(p_rec->ble.static_addr, p_keys->pid_key.static_addr, BD_ADDR_LEN); 1203 p_rec->ble.static_addr_type = p_keys->pid_key.addr_type; 1204 p_rec->ble.key_type |= BTM_LE_KEY_PID; 1205 BTM_TRACE_DEBUG("BTM_LE_KEY_PID key_type=0x%x save peer IRK", p_rec->ble.key_type); 1206 /* update device record address as static address */ 1207 memcpy(p_rec->bd_addr, p_keys->pid_key.static_addr, BD_ADDR_LEN); 1208 /* combine DUMO device security record if needed */ 1209 btm_consolidate_dev(p_rec); 1210 break; 1211 1212 case BTM_LE_KEY_PCSRK: 1213 memcpy(p_rec->ble.keys.pcsrk, p_keys->pcsrk_key.csrk, BT_OCTET16_LEN); 1214 p_rec->ble.keys.srk_sec_level = p_keys->pcsrk_key.sec_level; 1215 p_rec->ble.keys.counter = p_keys->pcsrk_key.counter; 1216 p_rec->ble.key_type |= BTM_LE_KEY_PCSRK; 1217 p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_KNOWN; 1218 if ( p_keys->pcsrk_key.sec_level== SMP_SEC_AUTHENTICATED) 1219 p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_AUTHED; 1220 else 1221 p_rec->sec_flags &= ~BTM_SEC_LE_LINK_KEY_AUTHED; 1222 1223 BTM_TRACE_DEBUG("BTM_LE_KEY_PCSRK key_type=0x%x sec_flags=0x%x sec_level=0x%x peer_counter=%d", 1224 p_rec->ble.key_type, 1225 p_rec->sec_flags, 1226 p_rec->ble.keys.srk_sec_level, 1227 p_rec->ble.keys.counter ); 1228 break; 1229 1230 case BTM_LE_KEY_LENC: 1231 memcpy(p_rec->ble.keys.lltk, p_keys->lenc_key.ltk, BT_OCTET16_LEN); 1232 p_rec->ble.keys.div = p_keys->lenc_key.div; /* update DIV */ 1233 p_rec->ble.keys.sec_level = p_keys->lenc_key.sec_level; 1234 p_rec->ble.keys.key_size = p_keys->lenc_key.key_size; 1235 p_rec->ble.key_type |= BTM_LE_KEY_LENC; 1236 1237 BTM_TRACE_DEBUG("BTM_LE_KEY_LENC key_type=0x%x DIV=0x%x key_size=0x%x sec_level=0x%x", 1238 p_rec->ble.key_type, 1239 p_rec->ble.keys.div, 1240 p_rec->ble.keys.key_size, 1241 p_rec->ble.keys.sec_level ); 1242 break; 1243 1244 case BTM_LE_KEY_LCSRK:/* local CSRK has been delivered */ 1245 memcpy (p_rec->ble.keys.lcsrk, p_keys->lcsrk_key.csrk, BT_OCTET16_LEN); 1246 p_rec->ble.keys.div = p_keys->lcsrk_key.div; /* update DIV */ 1247 p_rec->ble.keys.local_csrk_sec_level = p_keys->lcsrk_key.sec_level; 1248 p_rec->ble.keys.local_counter = p_keys->lcsrk_key.counter; 1249 p_rec->ble.key_type |= BTM_LE_KEY_LCSRK; 1250 BTM_TRACE_DEBUG("BTM_LE_KEY_LCSRK key_type=0x%x DIV=0x%x scrk_sec_level=0x%x local_counter=%d", 1251 p_rec->ble.key_type, 1252 p_rec->ble.keys.div, 1253 p_rec->ble.keys.local_csrk_sec_level, 1254 p_rec->ble.keys.local_counter ); 1255 break; 1256 1257 case BTM_LE_KEY_LID: 1258 p_rec->ble.key_type |= BTM_LE_KEY_LID; 1259 break; 1260 default: 1261 BTM_TRACE_WARNING("btm_sec_save_le_key (Bad key_type 0x%02x)", key_type); 1262 return; 1263 } 1264 1265 BTM_TRACE_DEBUG ("BLE key type 0x%02x updated for BDA: %08x%04x (btm_sec_save_le_key)", key_type, 1266 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3], 1267 (bd_addr[4]<<8)+bd_addr[5]); 1268 1269 /* Notify the application that one of the BLE keys has been updated 1270 If link key is in progress, it will get sent later.*/ 1271 if (pass_to_application && btm_cb.api.p_le_callback) 1272 { 1273 cb_data.key.p_key_value = p_keys; 1274 cb_data.key.key_type = key_type; 1275 1276 (*btm_cb.api.p_le_callback) (BTM_LE_KEY_EVT, bd_addr, &cb_data); 1277 } 1278 return; 1279 } 1280 1281 BTM_TRACE_WARNING ("BLE key type 0x%02x called for Unknown BDA or type: %08x%04x !! (btm_sec_save_le_key)", key_type, 1282 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3], 1283 (bd_addr[4]<<8)+bd_addr[5]); 1284 1285 if (p_rec) 1286 { 1287 BTM_TRACE_DEBUG ("sec_flags=0x%x", p_rec->sec_flags); 1288 } 1289 } 1290 1291 /******************************************************************************* 1292 ** 1293 ** Function btm_ble_update_sec_key_size 1294 ** 1295 ** Description update the current lin kencryption key size 1296 ** 1297 ** Returns void 1298 ** 1299 *******************************************************************************/ 1300 void btm_ble_update_sec_key_size(BD_ADDR bd_addr, UINT8 enc_key_size) 1301 { 1302 tBTM_SEC_DEV_REC *p_rec; 1303 1304 BTM_TRACE_DEBUG("btm_ble_update_sec_key_size enc_key_size = %d", enc_key_size); 1305 1306 if ((p_rec = btm_find_dev (bd_addr)) != NULL ) 1307 { 1308 p_rec->enc_key_size = enc_key_size; 1309 } 1310 } 1311 1312 /******************************************************************************* 1313 ** 1314 ** Function btm_ble_read_sec_key_size 1315 ** 1316 ** Description update the current lin kencryption key size 1317 ** 1318 ** Returns void 1319 ** 1320 *******************************************************************************/ 1321 UINT8 btm_ble_read_sec_key_size(BD_ADDR bd_addr) 1322 { 1323 tBTM_SEC_DEV_REC *p_rec; 1324 1325 if ((p_rec = btm_find_dev (bd_addr)) != NULL ) 1326 { 1327 return p_rec->enc_key_size; 1328 } 1329 else 1330 return 0; 1331 } 1332 1333 /******************************************************************************* 1334 ** 1335 ** Function btm_ble_link_sec_check 1336 ** 1337 ** Description Check BLE link security level match. 1338 ** 1339 ** Returns TRUE: check is OK and the *p_sec_req_act contain the action 1340 ** 1341 *******************************************************************************/ 1342 void btm_ble_link_sec_check(BD_ADDR bd_addr, tBTM_LE_AUTH_REQ auth_req, tBTM_BLE_SEC_REQ_ACT *p_sec_req_act) 1343 { 1344 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 1345 UINT8 req_sec_level = BTM_LE_SEC_NONE, cur_sec_level = BTM_LE_SEC_NONE; 1346 1347 BTM_TRACE_DEBUG ("btm_ble_link_sec_check auth_req =0x%x", auth_req); 1348 1349 if (p_dev_rec == NULL) 1350 { 1351 BTM_TRACE_ERROR ("btm_ble_link_sec_check received for unknown device"); 1352 return; 1353 } 1354 1355 if (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING || 1356 p_dev_rec->sec_state == BTM_SEC_STATE_AUTHENTICATING) 1357 { 1358 /* race condition: discard the security request while master is encrypting the link */ 1359 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_DISCARD; 1360 } 1361 else 1362 { 1363 req_sec_level = BTM_LE_SEC_UNAUTHENTICATE; 1364 if (auth_req & BTM_LE_AUTH_REQ_MITM) 1365 { 1366 req_sec_level = BTM_LE_SEC_AUTHENTICATED; 1367 } 1368 1369 BTM_TRACE_DEBUG ("dev_rec sec_flags=0x%x", p_dev_rec->sec_flags); 1370 1371 /* currently encrpted */ 1372 if (p_dev_rec->sec_flags & BTM_SEC_LE_ENCRYPTED) 1373 { 1374 if (p_dev_rec->sec_flags & BTM_SEC_LE_AUTHENTICATED) 1375 cur_sec_level = BTM_LE_SEC_AUTHENTICATED; 1376 else 1377 cur_sec_level = BTM_LE_SEC_UNAUTHENTICATE; 1378 } 1379 else /* unencrypted link */ 1380 { 1381 /* if bonded, get the key security level */ 1382 if (p_dev_rec->ble.key_type & BTM_LE_KEY_PENC) 1383 cur_sec_level = p_dev_rec->ble.keys.sec_level; 1384 else 1385 cur_sec_level = BTM_LE_SEC_NONE; 1386 } 1387 1388 if (cur_sec_level >= req_sec_level) 1389 { 1390 /* To avoid re-encryption on an encrypted link for an equal condition encryption */ 1391 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_ENCRYPT; 1392 } 1393 else 1394 { 1395 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_PAIR; /* start the pariring process to upgrade the keys*/ 1396 } 1397 } 1398 1399 BTM_TRACE_DEBUG("cur_sec_level=%d req_sec_level=%d sec_req_act=%d", 1400 cur_sec_level, 1401 req_sec_level, 1402 *p_sec_req_act); 1403 1404 } 1405 1406 /******************************************************************************* 1407 ** 1408 ** Function btm_ble_set_encryption 1409 ** 1410 ** Description This function is called to ensure that LE connection is 1411 ** encrypted. Should be called only on an open connection. 1412 ** Typically only needed for connections that first want to 1413 ** bring up unencrypted links, then later encrypt them. 1414 ** 1415 ** Returns void 1416 ** the local device ER is copied into er 1417 ** 1418 *******************************************************************************/ 1419 tBTM_STATUS btm_ble_set_encryption (BD_ADDR bd_addr, tBTM_BLE_SEC_ACT sec_act, UINT8 link_role) 1420 { 1421 tBTM_STATUS cmd = BTM_NO_RESOURCES; 1422 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr); 1423 tBTM_BLE_SEC_REQ_ACT sec_req_act; 1424 tBTM_LE_AUTH_REQ auth_req; 1425 1426 if (p_rec == NULL) 1427 { 1428 BTM_TRACE_WARNING ("btm_ble_set_encryption (NULL device record!! sec_act=0x%x", sec_act); 1429 return(BTM_WRONG_MODE); 1430 } 1431 1432 BTM_TRACE_DEBUG ("btm_ble_set_encryption sec_act=0x%x role_master=%d", sec_act, p_rec->role_master); 1433 1434 if (sec_act == BTM_BLE_SEC_ENCRYPT_MITM) 1435 { 1436 p_rec->security_required |= BTM_SEC_IN_MITM; 1437 } 1438 1439 switch (sec_act) 1440 { 1441 case BTM_BLE_SEC_ENCRYPT: 1442 if (link_role == BTM_ROLE_MASTER) 1443 { 1444 /* start link layer encryption using the security info stored */ 1445 cmd = btm_ble_start_encrypt(bd_addr, FALSE, NULL); 1446 break; 1447 } 1448 /* if salve role then fall through to call SMP_Pair below which will send a 1449 sec_request to request the master to encrypt the link */ 1450 case BTM_BLE_SEC_ENCRYPT_NO_MITM: 1451 case BTM_BLE_SEC_ENCRYPT_MITM: 1452 auth_req = (sec_act == BTM_BLE_SEC_ENCRYPT_NO_MITM) 1453 ? SMP_AUTH_GEN_BOND : (SMP_AUTH_GEN_BOND | SMP_AUTH_YN_BIT); 1454 btm_ble_link_sec_check (bd_addr, auth_req, &sec_req_act); 1455 if(sec_req_act == BTM_BLE_SEC_REQ_ACT_NONE || sec_req_act == BTM_BLE_SEC_REQ_ACT_DISCARD) 1456 { 1457 BTM_TRACE_DEBUG("%s, no action needed. Ignore", __func__); 1458 cmd = BTM_SUCCESS; 1459 break; 1460 } 1461 if (link_role == BTM_ROLE_MASTER) 1462 { 1463 1464 if (sec_req_act == BTM_BLE_SEC_REQ_ACT_ENCRYPT) 1465 { 1466 cmd = btm_ble_start_encrypt(bd_addr, FALSE, NULL); 1467 break; 1468 } 1469 } 1470 1471 if (SMP_Pair(bd_addr) == SMP_STARTED) 1472 { 1473 cmd = BTM_CMD_STARTED; 1474 p_rec->sec_state = BTM_SEC_STATE_AUTHENTICATING; 1475 } 1476 break; 1477 1478 default: 1479 cmd = BTM_WRONG_MODE; 1480 break; 1481 } 1482 return cmd; 1483 } 1484 1485 /******************************************************************************* 1486 ** 1487 ** Function btm_ble_ltk_request 1488 ** 1489 ** Description This function is called when encryption request is received 1490 ** on a slave device. 1491 ** 1492 ** 1493 ** Returns void 1494 ** 1495 *******************************************************************************/ 1496 void btm_ble_ltk_request(UINT16 handle, UINT8 rand[8], UINT16 ediv) 1497 { 1498 tBTM_CB *p_cb = &btm_cb; 1499 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev_by_handle (handle); 1500 BT_OCTET8 dummy_stk = {0}; 1501 1502 BTM_TRACE_DEBUG ("btm_ble_ltk_request"); 1503 1504 p_cb->ediv = ediv; 1505 1506 memcpy(p_cb->enc_rand, rand, BT_OCTET8_LEN); 1507 1508 if (p_dev_rec != NULL) 1509 { 1510 if (!smp_proc_ltk_request(p_dev_rec->bd_addr)) 1511 btm_ble_ltk_request_reply(p_dev_rec->bd_addr, FALSE, dummy_stk); 1512 } 1513 1514 } 1515 1516 /******************************************************************************* 1517 ** 1518 ** Function btm_ble_start_encrypt 1519 ** 1520 ** Description This function is called to start LE encryption. 1521 ** 1522 ** 1523 ** Returns BTM_SUCCESS if encryption was started successfully 1524 ** 1525 *******************************************************************************/ 1526 tBTM_STATUS btm_ble_start_encrypt(BD_ADDR bda, BOOLEAN use_stk, BT_OCTET16 stk) 1527 { 1528 tBTM_CB *p_cb = &btm_cb; 1529 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bda); 1530 BT_OCTET8 dummy_rand = {0}; 1531 tBTM_STATUS rt = BTM_NO_RESOURCES; 1532 1533 BTM_TRACE_DEBUG ("btm_ble_start_encrypt"); 1534 1535 if (!p_rec ) 1536 { 1537 BTM_TRACE_ERROR("Link is not active, can not encrypt!"); 1538 return BTM_WRONG_MODE; 1539 } 1540 1541 if (p_rec->sec_state == BTM_SEC_STATE_ENCRYPTING) 1542 { 1543 BTM_TRACE_WARNING("Link Encryption is active, Busy!"); 1544 return BTM_BUSY; 1545 } 1546 1547 p_cb->enc_handle = p_rec->ble_hci_handle; 1548 1549 if (use_stk) 1550 { 1551 if (btsnd_hcic_ble_start_enc(p_rec->ble_hci_handle, dummy_rand, 0, stk)) 1552 rt = BTM_CMD_STARTED; 1553 } 1554 else if (p_rec->ble.key_type & BTM_LE_KEY_PENC) 1555 { 1556 if (btsnd_hcic_ble_start_enc(p_rec->ble_hci_handle, p_rec->ble.keys.rand, 1557 p_rec->ble.keys.ediv, p_rec->ble.keys.pltk)) 1558 rt = BTM_CMD_STARTED; 1559 } 1560 else 1561 { 1562 BTM_TRACE_ERROR("No key available to encrypt the link"); 1563 } 1564 if (rt == BTM_CMD_STARTED) 1565 { 1566 if (p_rec->sec_state == BTM_SEC_STATE_IDLE) 1567 p_rec->sec_state = BTM_SEC_STATE_ENCRYPTING; 1568 } 1569 1570 return rt; 1571 } 1572 1573 /******************************************************************************* 1574 ** 1575 ** Function btm_ble_link_encrypted 1576 ** 1577 ** Description This function is called when LE link encrption status is changed. 1578 ** 1579 ** Returns void 1580 ** 1581 *******************************************************************************/ 1582 void btm_ble_link_encrypted(BD_ADDR bd_addr, UINT8 encr_enable) 1583 { 1584 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 1585 BOOLEAN enc_cback; 1586 1587 if (!p_dev_rec) 1588 { 1589 BTM_TRACE_WARNING ("btm_ble_link_encrypted (No Device Found!) encr_enable=%d", encr_enable); 1590 return; 1591 } 1592 1593 BTM_TRACE_DEBUG ("btm_ble_link_encrypted encr_enable=%d", encr_enable); 1594 1595 enc_cback = (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING); 1596 1597 smp_link_encrypted(bd_addr, encr_enable); 1598 1599 BTM_TRACE_DEBUG(" p_dev_rec->sec_flags=0x%x", p_dev_rec->sec_flags); 1600 1601 if (encr_enable && p_dev_rec->enc_key_size == 0) 1602 p_dev_rec->enc_key_size = p_dev_rec->ble.keys.key_size; 1603 1604 p_dev_rec->sec_state = BTM_SEC_STATE_IDLE; 1605 if (p_dev_rec->p_callback && enc_cback) 1606 { 1607 if (encr_enable) 1608 btm_sec_dev_rec_cback_event(p_dev_rec, BTM_SUCCESS, TRUE); 1609 else if (p_dev_rec->role_master) 1610 btm_sec_dev_rec_cback_event(p_dev_rec, BTM_ERR_PROCESSING, TRUE); 1611 1612 } 1613 /* to notify GATT to send data if any request is pending */ 1614 gatt_notify_enc_cmpl(p_dev_rec->ble.pseudo_addr); 1615 } 1616 1617 /******************************************************************************* 1618 ** 1619 ** Function btm_ble_ltk_request_reply 1620 ** 1621 ** Description This function is called to send a LTK request reply on a slave 1622 ** device. 1623 ** 1624 ** Returns void 1625 ** 1626 *******************************************************************************/ 1627 void btm_ble_ltk_request_reply(BD_ADDR bda, BOOLEAN use_stk, BT_OCTET16 stk) 1628 { 1629 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bda); 1630 tBTM_CB *p_cb = &btm_cb; 1631 1632 if (p_rec == NULL) 1633 { 1634 BTM_TRACE_ERROR("btm_ble_ltk_request_reply received for unknown device"); 1635 return; 1636 } 1637 1638 BTM_TRACE_DEBUG ("btm_ble_ltk_request_reply"); 1639 p_cb->enc_handle = p_rec->ble_hci_handle; 1640 p_cb->key_size = p_rec->ble.keys.key_size; 1641 1642 BTM_TRACE_ERROR("key size = %d", p_rec->ble.keys.key_size); 1643 if (use_stk) 1644 { 1645 btsnd_hcic_ble_ltk_req_reply(btm_cb.enc_handle, stk); 1646 } 1647 else /* calculate LTK using peer device */ 1648 { 1649 if (p_rec->ble.key_type & BTM_LE_KEY_LENC) 1650 btsnd_hcic_ble_ltk_req_reply(btm_cb.enc_handle, p_rec->ble.keys.lltk); 1651 else 1652 btsnd_hcic_ble_ltk_req_neg_reply(btm_cb.enc_handle); 1653 } 1654 } 1655 1656 /******************************************************************************* 1657 ** 1658 ** Function btm_ble_io_capabilities_req 1659 ** 1660 ** Description This function is called to handle SMP get IO capability request. 1661 ** 1662 ** Returns void 1663 ** 1664 *******************************************************************************/ 1665 UINT8 btm_ble_io_capabilities_req(tBTM_SEC_DEV_REC *p_dev_rec, tBTM_LE_IO_REQ *p_data) 1666 { 1667 UINT8 callback_rc = BTM_SUCCESS; 1668 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req"); 1669 if (btm_cb.api.p_le_callback) 1670 { 1671 /* the callback function implementation may change the IO capability... */ 1672 callback_rc = (*btm_cb.api.p_le_callback) (BTM_LE_IO_REQ_EVT, p_dev_rec->bd_addr, (tBTM_LE_EVT_DATA *)p_data); 1673 } 1674 if ((callback_rc == BTM_SUCCESS) || (BTM_OOB_UNKNOWN != p_data->oob_data)) 1675 { 1676 #if BTM_BLE_CONFORMANCE_TESTING == TRUE 1677 if (btm_cb.devcb.keep_rfu_in_auth_req) 1678 { 1679 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req keep_rfu_in_auth_req = %u", 1680 btm_cb.devcb.keep_rfu_in_auth_req); 1681 p_data->auth_req &= BTM_LE_AUTH_REQ_MASK_KEEP_RFU; 1682 btm_cb.devcb.keep_rfu_in_auth_req = FALSE; 1683 } 1684 else 1685 { /* default */ 1686 p_data->auth_req &= BTM_LE_AUTH_REQ_MASK; 1687 } 1688 #else 1689 p_data->auth_req &= BTM_LE_AUTH_REQ_MASK; 1690 #endif 1691 1692 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 1: p_dev_rec->security_required = %d auth_req:%d", 1693 p_dev_rec->security_required, p_data->auth_req); 1694 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 2: i_keys=0x%x r_keys=0x%x (bit 0-LTK 1-IRK 2-CSRK)", 1695 p_data->init_keys, 1696 p_data->resp_keys); 1697 1698 /* if authentication requires MITM protection, put on the mask */ 1699 if (p_dev_rec->security_required & BTM_SEC_IN_MITM) 1700 p_data->auth_req |= BTM_LE_AUTH_REQ_MITM; 1701 1702 if (!(p_data->auth_req & SMP_AUTH_BOND)) 1703 { 1704 BTM_TRACE_DEBUG("Non bonding: No keys should be exchanged"); 1705 p_data->init_keys = 0; 1706 p_data->resp_keys = 0; 1707 } 1708 1709 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 3: auth_req:%d", p_data->auth_req); 1710 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 4: i_keys=0x%x r_keys=0x%x", 1711 p_data->init_keys, 1712 p_data->resp_keys); 1713 1714 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 5: p_data->io_cap = %d auth_req:%d", 1715 p_data->io_cap, p_data->auth_req); 1716 1717 /* remove MITM protection requirement if IO cap does not allow it */ 1718 if ((p_data->io_cap == BTM_IO_CAP_NONE) && p_data->oob_data == SMP_OOB_NONE) 1719 p_data->auth_req &= ~BTM_LE_AUTH_REQ_MITM; 1720 1721 if (!(p_data->auth_req & SMP_SC_SUPPORT_BIT)) 1722 { 1723 /* if Secure Connections are not supported then remove LK derivation, 1724 ** and keypress notifications. 1725 */ 1726 BTM_TRACE_DEBUG("%s-SC not supported -> No LK derivation, no keypress notifications", 1727 __func__); 1728 p_data->auth_req &= ~SMP_KP_SUPPORT_BIT; 1729 p_data->init_keys &= ~SMP_SEC_KEY_TYPE_LK; 1730 p_data->resp_keys &= ~SMP_SEC_KEY_TYPE_LK; 1731 } 1732 1733 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 6: IO_CAP:%d oob_data:%d auth_req:0x%02x", 1734 p_data->io_cap, p_data->oob_data, p_data->auth_req); 1735 } 1736 return callback_rc; 1737 } 1738 1739 /******************************************************************************* 1740 ** 1741 ** Function btm_ble_br_keys_req 1742 ** 1743 ** Description This function is called to handle SMP request for keys sent 1744 ** over BR/EDR. 1745 ** 1746 ** Returns void 1747 ** 1748 *******************************************************************************/ 1749 UINT8 btm_ble_br_keys_req(tBTM_SEC_DEV_REC *p_dev_rec, tBTM_LE_IO_REQ *p_data) 1750 { 1751 UINT8 callback_rc = BTM_SUCCESS; 1752 BTM_TRACE_DEBUG ("%s", __func__); 1753 if (btm_cb.api.p_le_callback) 1754 { 1755 /* the callback function implementation may change the IO capability... */ 1756 callback_rc = (*btm_cb.api.p_le_callback) (BTM_LE_IO_REQ_EVT, p_dev_rec->bd_addr, 1757 (tBTM_LE_EVT_DATA *)p_data); 1758 } 1759 1760 return callback_rc; 1761 } 1762 1763 #if (BLE_PRIVACY_SPT == TRUE ) 1764 /******************************************************************************* 1765 ** 1766 ** Function btm_ble_resolve_random_addr_on_conn_cmpl 1767 ** 1768 ** Description resolve random address complete on connection complete event. 1769 ** 1770 ** Returns void 1771 ** 1772 *******************************************************************************/ 1773 static void btm_ble_resolve_random_addr_on_conn_cmpl(void * p_rec, void *p_data) 1774 { 1775 UINT8 *p = (UINT8 *)p_data; 1776 tBTM_SEC_DEV_REC *match_rec = (tBTM_SEC_DEV_REC *) p_rec; 1777 UINT8 role, bda_type; 1778 UINT16 handle; 1779 BD_ADDR bda; 1780 UINT16 conn_interval, conn_latency, conn_timeout; 1781 BOOLEAN match = FALSE; 1782 1783 ++p; 1784 STREAM_TO_UINT16 (handle, p); 1785 STREAM_TO_UINT8 (role, p); 1786 STREAM_TO_UINT8 (bda_type, p); 1787 STREAM_TO_BDADDR (bda, p); 1788 STREAM_TO_UINT16 (conn_interval, p); 1789 STREAM_TO_UINT16 (conn_latency, p); 1790 STREAM_TO_UINT16 (conn_timeout, p); 1791 1792 handle = HCID_GET_HANDLE (handle); 1793 1794 BTM_TRACE_EVENT ("%s", __func__); 1795 1796 if (match_rec) 1797 { 1798 LOG_INFO(LOG_TAG, "%s matched and resolved random address", __func__); 1799 match = TRUE; 1800 match_rec->ble.active_addr_type = BTM_BLE_ADDR_RRA; 1801 memcpy(match_rec->ble.cur_rand_addr, bda, BD_ADDR_LEN); 1802 if (!btm_ble_init_pseudo_addr (match_rec, bda)) 1803 { 1804 /* assign the original address to be the current report address */ 1805 memcpy(bda, match_rec->ble.pseudo_addr, BD_ADDR_LEN); 1806 } 1807 else 1808 { 1809 memcpy(bda, match_rec->bd_addr, BD_ADDR_LEN); 1810 } 1811 } 1812 else 1813 { 1814 LOG_INFO(LOG_TAG, "%s unable to match and resolve random address", __func__); 1815 } 1816 1817 btm_ble_connected(bda, handle, HCI_ENCRYPT_MODE_DISABLED, role, bda_type, match); 1818 1819 l2cble_conn_comp (handle, role, bda, bda_type, conn_interval, 1820 conn_latency, conn_timeout); 1821 1822 return; 1823 } 1824 #endif 1825 1826 /******************************************************************************* 1827 ** 1828 ** Function btm_ble_connected 1829 ** 1830 ** Description This function is when a LE connection to the peer device is 1831 ** establsihed 1832 ** 1833 ** Returns void 1834 ** 1835 *******************************************************************************/ 1836 void btm_ble_connected (UINT8 *bda, UINT16 handle, UINT8 enc_mode, UINT8 role, 1837 tBLE_ADDR_TYPE addr_type, BOOLEAN addr_matched) 1838 { 1839 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bda); 1840 tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb; 1841 UNUSED(addr_matched); 1842 1843 BTM_TRACE_EVENT ("btm_ble_connected"); 1844 1845 /* Commenting out trace due to obf/compilation problems. 1846 */ 1847 #if (BT_USE_TRACES == TRUE) 1848 if (p_dev_rec) 1849 { 1850 BTM_TRACE_EVENT ("Security Manager: btm_ble_connected : handle:%d enc_mode:%d bda:%x RName:%s", 1851 handle, enc_mode, 1852 (bda[2]<<24)+(bda[3]<<16)+(bda[4]<<8)+bda[5], 1853 p_dev_rec->sec_bd_name); 1854 1855 BTM_TRACE_DEBUG ("btm_ble_connected sec_flags=0x%x",p_dev_rec->sec_flags); 1856 } 1857 else 1858 { 1859 BTM_TRACE_EVENT ("Security Manager: btm_ble_connected: handle:%d enc_mode:%d bda:%x ", 1860 handle, enc_mode, 1861 (bda[2]<<24)+(bda[3]<<16)+(bda[4]<<8)+bda[5]); 1862 } 1863 #endif 1864 1865 if (!p_dev_rec) 1866 { 1867 /* There is no device record for new connection. Allocate one */ 1868 if ((p_dev_rec = btm_sec_alloc_dev (bda)) == NULL) 1869 return; 1870 } 1871 else /* Update the timestamp for this device */ 1872 { 1873 p_dev_rec->timestamp = btm_cb.dev_rec_count++; 1874 } 1875 1876 /* update device information */ 1877 p_dev_rec->device_type |= BT_DEVICE_TYPE_BLE; 1878 p_dev_rec->ble_hci_handle = handle; 1879 p_dev_rec->ble.ble_addr_type = addr_type; 1880 /* update pseudo address */ 1881 memcpy(p_dev_rec->ble.pseudo_addr, bda, BD_ADDR_LEN); 1882 1883 p_dev_rec->role_master = FALSE; 1884 if (role == HCI_ROLE_MASTER) 1885 p_dev_rec->role_master = TRUE; 1886 1887 #if (defined BLE_PRIVACY_SPT && BLE_PRIVACY_SPT == TRUE) 1888 if (!addr_matched) 1889 p_dev_rec->ble.active_addr_type = BTM_BLE_ADDR_PSEUDO; 1890 1891 if (p_dev_rec->ble.ble_addr_type == BLE_ADDR_RANDOM && !addr_matched) 1892 memcpy(p_dev_rec->ble.cur_rand_addr, bda, BD_ADDR_LEN); 1893 #endif 1894 1895 p_cb->inq_var.directed_conn = BTM_BLE_CONNECT_EVT; 1896 1897 return; 1898 } 1899 1900 /***************************************************************************** 1901 ** Function btm_ble_conn_complete 1902 ** 1903 ** Description LE connection complete. 1904 ** 1905 ******************************************************************************/ 1906 void btm_ble_conn_complete(UINT8 *p, UINT16 evt_len, BOOLEAN enhanced) 1907 { 1908 #if (BLE_PRIVACY_SPT == TRUE ) 1909 UINT8 *p_data = p, peer_addr_type; 1910 BD_ADDR local_rpa, peer_rpa; 1911 #endif 1912 UINT8 role, status, bda_type; 1913 UINT16 handle; 1914 BD_ADDR bda; 1915 UINT16 conn_interval, conn_latency, conn_timeout; 1916 BOOLEAN match = FALSE; 1917 UNUSED(evt_len); 1918 1919 STREAM_TO_UINT8 (status, p); 1920 STREAM_TO_UINT16 (handle, p); 1921 STREAM_TO_UINT8 (role, p); 1922 STREAM_TO_UINT8 (bda_type, p); 1923 STREAM_TO_BDADDR (bda, p); 1924 1925 if (status == 0) 1926 { 1927 #if (BLE_PRIVACY_SPT == TRUE ) 1928 peer_addr_type = bda_type; 1929 match = btm_identity_addr_to_random_pseudo (bda, &bda_type, TRUE); 1930 1931 if (enhanced) 1932 { 1933 STREAM_TO_BDADDR (local_rpa, p); 1934 STREAM_TO_BDADDR (peer_rpa, p); 1935 } 1936 1937 /* possiblly receive connection complete with resolvable random while 1938 the device has been paired */ 1939 if (!match && BTM_BLE_IS_RESOLVE_BDA(bda)) 1940 { 1941 btm_ble_resolve_random_addr(bda, btm_ble_resolve_random_addr_on_conn_cmpl, p_data); 1942 } 1943 else 1944 #endif 1945 { 1946 STREAM_TO_UINT16 (conn_interval, p); 1947 STREAM_TO_UINT16 (conn_latency, p); 1948 STREAM_TO_UINT16 (conn_timeout, p); 1949 handle = HCID_GET_HANDLE (handle); 1950 1951 btm_ble_connected(bda, handle, HCI_ENCRYPT_MODE_DISABLED, role, bda_type, match); 1952 1953 l2cble_conn_comp (handle, role, bda, bda_type, conn_interval, 1954 conn_latency, conn_timeout); 1955 1956 #if (BLE_PRIVACY_SPT == TRUE) 1957 if (enhanced) 1958 { 1959 btm_ble_refresh_local_resolvable_private_addr(bda, local_rpa); 1960 1961 if (peer_addr_type & BLE_ADDR_TYPE_ID_BIT) 1962 btm_ble_refresh_peer_resolvable_private_addr(bda, peer_rpa, BLE_ADDR_RANDOM); 1963 } 1964 #endif 1965 } 1966 } 1967 else 1968 { 1969 role = HCI_ROLE_UNKNOWN; 1970 if (status != HCI_ERR_DIRECTED_ADVERTISING_TIMEOUT) 1971 { 1972 btm_ble_set_conn_st(BLE_CONN_IDLE); 1973 #if (defined BLE_PRIVACY_SPT && BLE_PRIVACY_SPT == TRUE) 1974 btm_ble_disable_resolving_list(BTM_BLE_RL_INIT, TRUE); 1975 #endif 1976 } 1977 else 1978 { 1979 #if (defined BLE_PRIVACY_SPT && BLE_PRIVACY_SPT == TRUE) 1980 btm_cb.ble_ctr_cb.inq_var.adv_mode = BTM_BLE_ADV_DISABLE; 1981 btm_ble_disable_resolving_list(BTM_BLE_RL_ADV, TRUE); 1982 #endif 1983 } 1984 } 1985 1986 btm_ble_update_mode_operation(role, bda, status); 1987 } 1988 1989 /***************************************************************************** 1990 ** Function btm_ble_create_ll_conn_complete 1991 ** 1992 ** Description LE connection complete. 1993 ** 1994 ******************************************************************************/ 1995 void btm_ble_create_ll_conn_complete (UINT8 status) 1996 { 1997 if (status != HCI_SUCCESS) 1998 { 1999 btm_ble_set_conn_st(BLE_CONN_IDLE); 2000 btm_ble_update_mode_operation(HCI_ROLE_UNKNOWN, NULL, status); 2001 } 2002 } 2003 /***************************************************************************** 2004 ** Function btm_proc_smp_cback 2005 ** 2006 ** Description This function is the SMP callback handler. 2007 ** 2008 ******************************************************************************/ 2009 UINT8 btm_proc_smp_cback(tSMP_EVT event, BD_ADDR bd_addr, tSMP_EVT_DATA *p_data) 2010 { 2011 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 2012 UINT8 res = 0; 2013 2014 BTM_TRACE_DEBUG ("btm_proc_smp_cback event = %d", event); 2015 2016 if (p_dev_rec != NULL) 2017 { 2018 switch (event) 2019 { 2020 case SMP_IO_CAP_REQ_EVT: 2021 btm_ble_io_capabilities_req(p_dev_rec, (tBTM_LE_IO_REQ *)&p_data->io_req); 2022 break; 2023 2024 case SMP_BR_KEYS_REQ_EVT: 2025 btm_ble_br_keys_req(p_dev_rec, (tBTM_LE_IO_REQ *)&p_data->io_req); 2026 break; 2027 2028 case SMP_PASSKEY_REQ_EVT: 2029 case SMP_PASSKEY_NOTIF_EVT: 2030 case SMP_OOB_REQ_EVT: 2031 case SMP_NC_REQ_EVT: 2032 case SMP_SC_OOB_REQ_EVT: 2033 /* fall through */ 2034 p_dev_rec->sec_flags |= BTM_SEC_LE_AUTHENTICATED; 2035 2036 case SMP_SEC_REQUEST_EVT: 2037 if (event == SMP_SEC_REQUEST_EVT && btm_cb.pairing_state != BTM_PAIR_STATE_IDLE) 2038 { 2039 BTM_TRACE_DEBUG("%s: Ignoring SMP Security request", __func__); 2040 break; 2041 } 2042 memcpy (btm_cb.pairing_bda, bd_addr, BD_ADDR_LEN); 2043 p_dev_rec->sec_state = BTM_SEC_STATE_AUTHENTICATING; 2044 btm_cb.pairing_flags |= BTM_PAIR_FLAGS_LE_ACTIVE; 2045 /* fall through */ 2046 2047 case SMP_COMPLT_EVT: 2048 if (btm_cb.api.p_le_callback) 2049 { 2050 /* the callback function implementation may change the IO capability... */ 2051 BTM_TRACE_DEBUG ("btm_cb.api.p_le_callback=0x%x", btm_cb.api.p_le_callback ); 2052 (*btm_cb.api.p_le_callback) (event, bd_addr, (tBTM_LE_EVT_DATA *)p_data); 2053 } 2054 2055 if (event == SMP_COMPLT_EVT) 2056 { 2057 BTM_TRACE_DEBUG ("evt=SMP_COMPLT_EVT before update sec_level=0x%x sec_flags=0x%x", p_data->cmplt.sec_level , p_dev_rec->sec_flags ); 2058 2059 res = (p_data->cmplt.reason == SMP_SUCCESS) ? BTM_SUCCESS : BTM_ERR_PROCESSING; 2060 2061 BTM_TRACE_DEBUG ("after update result=%d sec_level=0x%x sec_flags=0x%x", 2062 res, p_data->cmplt.sec_level , p_dev_rec->sec_flags ); 2063 2064 if (p_data->cmplt.is_pair_cancel && btm_cb.api.p_bond_cancel_cmpl_callback ) 2065 { 2066 BTM_TRACE_DEBUG ("Pairing Cancel completed"); 2067 (*btm_cb.api.p_bond_cancel_cmpl_callback)(BTM_SUCCESS); 2068 } 2069 #if BTM_BLE_CONFORMANCE_TESTING == TRUE 2070 if (res != BTM_SUCCESS) 2071 { 2072 if (!btm_cb.devcb.no_disc_if_pair_fail && p_data->cmplt.reason != SMP_CONN_TOUT) 2073 { 2074 BTM_TRACE_DEBUG ("Pairing failed - prepare to remove ACL"); 2075 l2cu_start_post_bond_timer(p_dev_rec->ble_hci_handle); 2076 } 2077 else 2078 { 2079 BTM_TRACE_DEBUG ("Pairing failed - Not Removing ACL"); 2080 p_dev_rec->sec_state = BTM_SEC_STATE_IDLE; 2081 } 2082 } 2083 #else 2084 if (res != BTM_SUCCESS && p_data->cmplt.reason != SMP_CONN_TOUT) 2085 { 2086 BTM_TRACE_DEBUG ("Pairing failed - prepare to remove ACL"); 2087 l2cu_start_post_bond_timer(p_dev_rec->ble_hci_handle); 2088 } 2089 #endif 2090 2091 BTM_TRACE_DEBUG ("btm_cb pairing_state=%x pairing_flags=%x pin_code_len=%x", 2092 btm_cb.pairing_state, 2093 btm_cb.pairing_flags, 2094 btm_cb.pin_code_len ); 2095 BTM_TRACE_DEBUG ("btm_cb.pairing_bda %02x:%02x:%02x:%02x:%02x:%02x", 2096 btm_cb.pairing_bda[0], btm_cb.pairing_bda[1], btm_cb.pairing_bda[2], 2097 btm_cb.pairing_bda[3], btm_cb.pairing_bda[4], btm_cb.pairing_bda[5]); 2098 2099 /* Reset btm state only if the callback address matches pairing address*/ 2100 if(memcmp(bd_addr, btm_cb.pairing_bda, BD_ADDR_LEN) == 0) 2101 { 2102 memset (btm_cb.pairing_bda, 0xff, BD_ADDR_LEN); 2103 btm_cb.pairing_state = BTM_PAIR_STATE_IDLE; 2104 btm_cb.pairing_flags = 0; 2105 } 2106 2107 if (res == BTM_SUCCESS) 2108 { 2109 p_dev_rec->sec_state = BTM_SEC_STATE_IDLE; 2110 #if (defined BLE_PRIVACY_SPT && BLE_PRIVACY_SPT == TRUE) 2111 /* add all bonded device into resolving list if IRK is available*/ 2112 btm_ble_resolving_list_load_dev(p_dev_rec); 2113 #endif 2114 } 2115 2116 btm_sec_dev_rec_cback_event(p_dev_rec, res, TRUE); 2117 } 2118 break; 2119 2120 default: 2121 BTM_TRACE_DEBUG ("unknown event = %d", event); 2122 break; 2123 2124 } 2125 } 2126 else 2127 { 2128 BTM_TRACE_ERROR("btm_proc_smp_cback received for unknown device"); 2129 } 2130 2131 return 0; 2132 } 2133 2134 #endif /* SMP_INCLUDED */ 2135 2136 /******************************************************************************* 2137 ** 2138 ** Function BTM_BleDataSignature 2139 ** 2140 ** Description This function is called to sign the data using AES128 CMAC 2141 ** algorith. 2142 ** 2143 ** Parameter bd_addr: target device the data to be signed for. 2144 ** p_text: singing data 2145 ** len: length of the data to be signed. 2146 ** signature: output parameter where data signature is going to 2147 ** be stored. 2148 ** 2149 ** Returns TRUE if signing sucessul, otherwise FALSE. 2150 ** 2151 *******************************************************************************/ 2152 BOOLEAN BTM_BleDataSignature (BD_ADDR bd_addr, UINT8 *p_text, UINT16 len, 2153 BLE_SIGNATURE signature) 2154 { 2155 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr); 2156 2157 BTM_TRACE_DEBUG ("%s", __func__); 2158 BOOLEAN ret = FALSE; 2159 if (p_rec == NULL) 2160 { 2161 BTM_TRACE_ERROR("%s-data signing can not be done from unknown device", __func__); 2162 } 2163 else 2164 { 2165 UINT8 *p_mac = (UINT8 *)signature; 2166 UINT8 *pp; 2167 UINT8 *p_buf = (UINT8 *)osi_malloc(len + 4); 2168 2169 BTM_TRACE_DEBUG("%s-Start to generate Local CSRK", __func__); 2170 pp = p_buf; 2171 /* prepare plain text */ 2172 if (p_text) { 2173 memcpy(p_buf, p_text, len); 2174 pp = (p_buf + len); 2175 } 2176 2177 UINT32_TO_STREAM(pp, p_rec->ble.keys.local_counter); 2178 UINT32_TO_STREAM(p_mac, p_rec->ble.keys.local_counter); 2179 2180 if ((ret = aes_cipher_msg_auth_code(p_rec->ble.keys.lcsrk, p_buf, (UINT16)(len + 4), 2181 BTM_CMAC_TLEN_SIZE, p_mac)) == TRUE) { 2182 btm_ble_increment_sign_ctr(bd_addr, TRUE); 2183 } 2184 2185 BTM_TRACE_DEBUG("%s p_mac = %d", __func__, p_mac); 2186 BTM_TRACE_DEBUG("p_mac[0] = 0x%02x p_mac[1] = 0x%02x p_mac[2] = 0x%02x p_mac[3] = 0x%02x", 2187 *p_mac, *(p_mac + 1), *(p_mac + 2), *(p_mac + 3)); 2188 BTM_TRACE_DEBUG("p_mac[4] = 0x%02x p_mac[5] = 0x%02x p_mac[6] = 0x%02x p_mac[7] = 0x%02x", 2189 *(p_mac + 4), *(p_mac + 5), *(p_mac + 6), *(p_mac + 7)); 2190 osi_free(p_buf); 2191 } 2192 return ret; 2193 } 2194 2195 /******************************************************************************* 2196 ** 2197 ** Function BTM_BleVerifySignature 2198 ** 2199 ** Description This function is called to verify the data signature 2200 ** 2201 ** Parameter bd_addr: target device the data to be signed for. 2202 ** p_orig: original data before signature. 2203 ** len: length of the signing data 2204 ** counter: counter used when doing data signing 2205 ** p_comp: signature to be compared against. 2206 2207 ** Returns TRUE if signature verified correctly; otherwise FALSE. 2208 ** 2209 *******************************************************************************/ 2210 BOOLEAN BTM_BleVerifySignature (BD_ADDR bd_addr, UINT8 *p_orig, UINT16 len, UINT32 counter, 2211 UINT8 *p_comp) 2212 { 2213 BOOLEAN verified = FALSE; 2214 #if SMP_INCLUDED == TRUE 2215 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr); 2216 UINT8 p_mac[BTM_CMAC_TLEN_SIZE]; 2217 2218 if (p_rec == NULL || (p_rec && !(p_rec->ble.key_type & BTM_LE_KEY_PCSRK))) 2219 { 2220 BTM_TRACE_ERROR("can not verify signature for unknown device"); 2221 } 2222 else if (counter < p_rec->ble.keys.counter) 2223 { 2224 BTM_TRACE_ERROR("signature received with out dated sign counter"); 2225 } 2226 else if (p_orig == NULL) 2227 { 2228 BTM_TRACE_ERROR("No signature to verify"); 2229 } 2230 else 2231 { 2232 BTM_TRACE_DEBUG ("%s rcv_cnt=%d >= expected_cnt=%d", __func__, counter, 2233 p_rec->ble.keys.counter); 2234 2235 if (aes_cipher_msg_auth_code(p_rec->ble.keys.pcsrk, p_orig, len, BTM_CMAC_TLEN_SIZE, p_mac)) 2236 { 2237 if (memcmp(p_mac, p_comp, BTM_CMAC_TLEN_SIZE) == 0) 2238 { 2239 btm_ble_increment_sign_ctr(bd_addr, FALSE); 2240 verified = TRUE; 2241 } 2242 } 2243 } 2244 #endif /* SMP_INCLUDED */ 2245 return verified; 2246 } 2247 2248 /******************************************************************************* 2249 ** 2250 ** Function BTM_GetLeSecurityState 2251 ** 2252 ** Description This function is called to get security mode 1 flags and 2253 ** encryption key size for LE peer. 2254 ** 2255 ** Returns BOOLEAN TRUE if LE device is found, FALSE otherwise. 2256 ** 2257 *******************************************************************************/ 2258 BOOLEAN BTM_GetLeSecurityState (BD_ADDR bd_addr, UINT8 *p_le_dev_sec_flags, UINT8 *p_le_key_size) 2259 { 2260 #if (BLE_INCLUDED == TRUE) 2261 tBTM_SEC_DEV_REC *p_dev_rec; 2262 UINT16 dev_rec_sec_flags; 2263 #endif 2264 2265 *p_le_dev_sec_flags = 0; 2266 *p_le_key_size = 0; 2267 2268 #if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) 2269 if ((p_dev_rec = btm_find_dev (bd_addr)) == NULL) 2270 { 2271 BTM_TRACE_ERROR ("%s fails", __func__); 2272 return (FALSE); 2273 } 2274 2275 if (p_dev_rec->ble_hci_handle == BTM_SEC_INVALID_HANDLE) { 2276 BTM_TRACE_ERROR ("%s-this is not LE device", __func__); 2277 return (FALSE); 2278 } 2279 2280 dev_rec_sec_flags = p_dev_rec->sec_flags; 2281 2282 if (dev_rec_sec_flags & BTM_SEC_LE_ENCRYPTED) 2283 { 2284 /* link is encrypted with LTK or STK */ 2285 *p_le_key_size = p_dev_rec->enc_key_size; 2286 *p_le_dev_sec_flags |= BTM_SEC_LE_LINK_ENCRYPTED; 2287 2288 *p_le_dev_sec_flags |= (dev_rec_sec_flags & BTM_SEC_LE_AUTHENTICATED) 2289 ? BTM_SEC_LE_LINK_PAIRED_WITH_MITM /* set auth LTK flag */ 2290 : BTM_SEC_LE_LINK_PAIRED_WITHOUT_MITM; /* set unauth LTK flag */ 2291 } 2292 else if (p_dev_rec->ble.key_type & BTM_LE_KEY_PENC) 2293 { 2294 /* link is unencrypted, still LTK is available */ 2295 *p_le_key_size = p_dev_rec->ble.keys.key_size; 2296 2297 *p_le_dev_sec_flags |= (dev_rec_sec_flags & BTM_SEC_LE_LINK_KEY_AUTHED) 2298 ? BTM_SEC_LE_LINK_PAIRED_WITH_MITM /* set auth LTK flag */ 2299 : BTM_SEC_LE_LINK_PAIRED_WITHOUT_MITM; /* set unauth LTK flag */ 2300 } 2301 2302 BTM_TRACE_DEBUG ("%s - le_dev_sec_flags: 0x%02x, le_key_size: %d", 2303 __func__, *p_le_dev_sec_flags, *p_le_key_size); 2304 2305 return TRUE; 2306 #else 2307 return FALSE; 2308 #endif 2309 } 2310 2311 /******************************************************************************* 2312 ** 2313 ** Function BTM_BleSecurityProcedureIsRunning 2314 ** 2315 ** Description This function indicates if LE security procedure is 2316 ** currently running with the peer. 2317 ** 2318 ** Returns BOOLEAN TRUE if security procedure is running, FALSE otherwise. 2319 ** 2320 *******************************************************************************/ 2321 BOOLEAN BTM_BleSecurityProcedureIsRunning(BD_ADDR bd_addr) 2322 { 2323 #if (BLE_INCLUDED == TRUE) 2324 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 2325 2326 if (p_dev_rec == NULL) 2327 { 2328 BTM_TRACE_ERROR ("%s device with BDA: %08x%04x is not found", 2329 __func__, (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3], 2330 (bd_addr[4]<<8)+bd_addr[5]); 2331 return FALSE; 2332 } 2333 2334 return (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING || 2335 p_dev_rec->sec_state == BTM_SEC_STATE_AUTHENTICATING); 2336 #else 2337 return FALSE; 2338 #endif 2339 } 2340 2341 /******************************************************************************* 2342 ** 2343 ** Function BTM_BleGetSupportedKeySize 2344 ** 2345 ** Description This function gets the maximum encryption key size in bytes 2346 ** the local device can suport. 2347 ** record. 2348 ** 2349 ** Returns the key size or 0 if the size can't be retrieved. 2350 ** 2351 *******************************************************************************/ 2352 extern UINT8 BTM_BleGetSupportedKeySize (BD_ADDR bd_addr) 2353 { 2354 #if ((BLE_INCLUDED == TRUE) && (L2CAP_LE_COC_INCLUDED == TRUE)) 2355 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 2356 tBTM_LE_IO_REQ dev_io_cfg; 2357 UINT8 callback_rc; 2358 2359 if (!p_dev_rec) 2360 { 2361 BTM_TRACE_ERROR ("%s device with BDA: %08x%04x is not found", 2362 __func__,(bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3], 2363 (bd_addr[4]<<8)+bd_addr[5]); 2364 return 0; 2365 } 2366 2367 if (btm_cb.api.p_le_callback == NULL) 2368 { 2369 BTM_TRACE_ERROR ("%s can't access supported key size",__func__); 2370 return 0; 2371 } 2372 2373 callback_rc = (*btm_cb.api.p_le_callback) (BTM_LE_IO_REQ_EVT, p_dev_rec->bd_addr, 2374 (tBTM_LE_EVT_DATA *) &dev_io_cfg); 2375 2376 if (callback_rc != BTM_SUCCESS) 2377 { 2378 BTM_TRACE_ERROR ("%s can't access supported key size",__func__); 2379 return 0; 2380 } 2381 2382 BTM_TRACE_DEBUG ("%s device supports key size = %d", __func__, dev_io_cfg.max_key_size); 2383 return (dev_io_cfg.max_key_size); 2384 #else 2385 return 0; 2386 #endif 2387 } 2388 2389 /******************************************************************************* 2390 ** Utility functions for LE device IR/ER generation 2391 *******************************************************************************/ 2392 /******************************************************************************* 2393 ** 2394 ** Function btm_notify_new_key 2395 ** 2396 ** Description This function is to notify application new keys have been 2397 ** generated. 2398 ** 2399 ** Returns void 2400 ** 2401 *******************************************************************************/ 2402 static void btm_notify_new_key(UINT8 key_type) 2403 { 2404 tBTM_BLE_LOCAL_KEYS *p_locak_keys = NULL; 2405 2406 BTM_TRACE_DEBUG ("btm_notify_new_key key_type=%d", key_type); 2407 2408 if (btm_cb.api.p_le_key_callback) 2409 { 2410 switch (key_type) 2411 { 2412 case BTM_BLE_KEY_TYPE_ID: 2413 BTM_TRACE_DEBUG ("BTM_BLE_KEY_TYPE_ID"); 2414 p_locak_keys = (tBTM_BLE_LOCAL_KEYS *)&btm_cb.devcb.id_keys; 2415 break; 2416 2417 case BTM_BLE_KEY_TYPE_ER: 2418 BTM_TRACE_DEBUG ("BTM_BLE_KEY_TYPE_ER"); 2419 p_locak_keys = (tBTM_BLE_LOCAL_KEYS *)&btm_cb.devcb.ble_encryption_key_value; 2420 break; 2421 2422 default: 2423 BTM_TRACE_ERROR("unknown key type: %d", key_type); 2424 break; 2425 } 2426 if (p_locak_keys != NULL) 2427 (*btm_cb.api.p_le_key_callback) (key_type, p_locak_keys); 2428 } 2429 } 2430 2431 /******************************************************************************* 2432 ** 2433 ** Function btm_ble_process_er2 2434 ** 2435 ** Description This function is called when ER is generated, store it in 2436 ** local control block. 2437 ** 2438 ** Returns void 2439 ** 2440 *******************************************************************************/ 2441 static void btm_ble_process_er2(tBTM_RAND_ENC *p) 2442 { 2443 BTM_TRACE_DEBUG ("btm_ble_process_er2"); 2444 2445 if (p &&p->opcode == HCI_BLE_RAND) 2446 { 2447 memcpy(&btm_cb.devcb.ble_encryption_key_value[8], p->param_buf, BT_OCTET8_LEN); 2448 btm_notify_new_key(BTM_BLE_KEY_TYPE_ER); 2449 } 2450 else 2451 { 2452 BTM_TRACE_ERROR("Generating ER2 exception."); 2453 memset(&btm_cb.devcb.ble_encryption_key_value, 0, sizeof(BT_OCTET16)); 2454 } 2455 } 2456 2457 /******************************************************************************* 2458 ** 2459 ** Function btm_ble_process_er 2460 ** 2461 ** Description This function is called when ER is generated, store it in 2462 ** local control block. 2463 ** 2464 ** Returns void 2465 ** 2466 *******************************************************************************/ 2467 static void btm_ble_process_er(tBTM_RAND_ENC *p) 2468 { 2469 BTM_TRACE_DEBUG ("btm_ble_process_er"); 2470 2471 if (p &&p->opcode == HCI_BLE_RAND) 2472 { 2473 memcpy(&btm_cb.devcb.ble_encryption_key_value[0], p->param_buf, BT_OCTET8_LEN); 2474 2475 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_er2)) 2476 { 2477 memset(&btm_cb.devcb.ble_encryption_key_value, 0, sizeof(BT_OCTET16)); 2478 BTM_TRACE_ERROR("Generating ER2 failed."); 2479 } 2480 } 2481 else 2482 { 2483 BTM_TRACE_ERROR("Generating ER1 exception."); 2484 } 2485 } 2486 2487 /******************************************************************************* 2488 ** 2489 ** Function btm_ble_process_irk 2490 ** 2491 ** Description This function is called when IRK is generated, store it in 2492 ** local control block. 2493 ** 2494 ** Returns void 2495 ** 2496 *******************************************************************************/ 2497 static void btm_ble_process_irk(tSMP_ENC *p) 2498 { 2499 BTM_TRACE_DEBUG ("btm_ble_process_irk"); 2500 if (p &&p->opcode == HCI_BLE_ENCRYPT) 2501 { 2502 memcpy(btm_cb.devcb.id_keys.irk, p->param_buf, BT_OCTET16_LEN); 2503 btm_notify_new_key(BTM_BLE_KEY_TYPE_ID); 2504 2505 #if BLE_PRIVACY_SPT == TRUE 2506 /* if privacy is enabled, new RPA should be calculated */ 2507 if (btm_cb.ble_ctr_cb.privacy_mode != BTM_PRIVACY_NONE) 2508 { 2509 btm_gen_resolvable_private_addr((void *)btm_gen_resolve_paddr_low); 2510 } 2511 #endif 2512 } 2513 else 2514 { 2515 BTM_TRACE_ERROR("Generating IRK exception."); 2516 } 2517 2518 /* proceed generate ER */ 2519 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_er)) 2520 { 2521 BTM_TRACE_ERROR("Generating ER failed."); 2522 } 2523 } 2524 2525 /******************************************************************************* 2526 ** 2527 ** Function btm_ble_process_dhk 2528 ** 2529 ** Description This function is called when DHK is calculated, store it in 2530 ** local control block, and proceed to generate ER, a 128-bits 2531 ** random number. 2532 ** 2533 ** Returns void 2534 ** 2535 *******************************************************************************/ 2536 static void btm_ble_process_dhk(tSMP_ENC *p) 2537 { 2538 #if SMP_INCLUDED == TRUE 2539 UINT8 btm_ble_irk_pt = 0x01; 2540 tSMP_ENC output; 2541 2542 BTM_TRACE_DEBUG ("btm_ble_process_dhk"); 2543 2544 if (p && p->opcode == HCI_BLE_ENCRYPT) 2545 { 2546 memcpy(btm_cb.devcb.id_keys.dhk, p->param_buf, BT_OCTET16_LEN); 2547 BTM_TRACE_DEBUG("BLE DHK generated."); 2548 2549 /* IRK = D1(IR, 1) */ 2550 if (!SMP_Encrypt(btm_cb.devcb.id_keys.ir, BT_OCTET16_LEN, &btm_ble_irk_pt, 2551 1, &output)) 2552 { 2553 /* reset all identity root related key */ 2554 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS)); 2555 } 2556 else 2557 { 2558 btm_ble_process_irk(&output); 2559 } 2560 } 2561 else 2562 { 2563 /* reset all identity root related key */ 2564 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS)); 2565 } 2566 #endif 2567 } 2568 2569 /******************************************************************************* 2570 ** 2571 ** Function btm_ble_process_ir2 2572 ** 2573 ** Description This function is called when IR is generated, proceed to calculate 2574 ** DHK = Eir({0x03, 0, 0 ...}) 2575 ** 2576 ** 2577 ** Returns void 2578 ** 2579 *******************************************************************************/ 2580 static void btm_ble_process_ir2(tBTM_RAND_ENC *p) 2581 { 2582 #if SMP_INCLUDED == TRUE 2583 UINT8 btm_ble_dhk_pt = 0x03; 2584 tSMP_ENC output; 2585 2586 BTM_TRACE_DEBUG ("btm_ble_process_ir2"); 2587 2588 if (p && p->opcode == HCI_BLE_RAND) 2589 { 2590 /* remembering in control block */ 2591 memcpy(&btm_cb.devcb.id_keys.ir[8], p->param_buf, BT_OCTET8_LEN); 2592 /* generate DHK= Eir({0x03, 0x00, 0x00 ...}) */ 2593 2594 SMP_Encrypt(btm_cb.devcb.id_keys.ir, BT_OCTET16_LEN, &btm_ble_dhk_pt, 2595 1, &output); 2596 btm_ble_process_dhk(&output); 2597 2598 BTM_TRACE_DEBUG("BLE IR generated."); 2599 } 2600 else 2601 { 2602 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS)); 2603 } 2604 #endif 2605 } 2606 2607 /******************************************************************************* 2608 ** 2609 ** Function btm_ble_process_ir 2610 ** 2611 ** Description This function is called when IR is generated, proceed to calculate 2612 ** DHK = Eir({0x02, 0, 0 ...}) 2613 ** 2614 ** 2615 ** Returns void 2616 ** 2617 *******************************************************************************/ 2618 static void btm_ble_process_ir(tBTM_RAND_ENC *p) 2619 { 2620 BTM_TRACE_DEBUG ("btm_ble_process_ir"); 2621 2622 if (p && p->opcode == HCI_BLE_RAND) 2623 { 2624 /* remembering in control block */ 2625 memcpy(btm_cb.devcb.id_keys.ir, p->param_buf, BT_OCTET8_LEN); 2626 2627 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_ir2)) 2628 { 2629 BTM_TRACE_ERROR("Generating IR2 failed."); 2630 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS)); 2631 } 2632 } 2633 } 2634 2635 /******************************************************************************* 2636 ** 2637 ** Function btm_ble_reset_id 2638 ** 2639 ** Description This function is called to reset LE device identity. 2640 ** 2641 ** Returns void 2642 ** 2643 *******************************************************************************/ 2644 void btm_ble_reset_id( void ) 2645 { 2646 BTM_TRACE_DEBUG ("btm_ble_reset_id"); 2647 2648 /* regenrate Identity Root*/ 2649 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_ir)) 2650 { 2651 BTM_TRACE_DEBUG("Generating IR failed."); 2652 } 2653 } 2654 2655 #if BTM_BLE_CONFORMANCE_TESTING == TRUE 2656 /******************************************************************************* 2657 ** 2658 ** Function btm_ble_set_no_disc_if_pair_fail 2659 ** 2660 ** Description This function indicates that whether no disconnect of the ACL 2661 ** should be used if pairing failed 2662 ** 2663 ** Returns void 2664 ** 2665 *******************************************************************************/ 2666 void btm_ble_set_no_disc_if_pair_fail(BOOLEAN disable_disc ) 2667 { 2668 BTM_TRACE_DEBUG ("btm_ble_set_disc_enable_if_pair_fail disable_disc=%d", disable_disc); 2669 btm_cb.devcb.no_disc_if_pair_fail = disable_disc; 2670 } 2671 2672 /******************************************************************************* 2673 ** 2674 ** Function btm_ble_set_test_mac_value 2675 ** 2676 ** Description This function set test MAC value 2677 ** 2678 ** Returns void 2679 ** 2680 *******************************************************************************/ 2681 void btm_ble_set_test_mac_value(BOOLEAN enable, UINT8 *p_test_mac_val ) 2682 { 2683 BTM_TRACE_DEBUG ("btm_ble_set_test_mac_value enable=%d", enable); 2684 btm_cb.devcb.enable_test_mac_val = enable; 2685 memcpy(btm_cb.devcb.test_mac, p_test_mac_val, BT_OCTET8_LEN); 2686 } 2687 2688 /******************************************************************************* 2689 ** 2690 ** Function btm_ble_set_test_local_sign_cntr_value 2691 ** 2692 ** Description This function set test local sign counter value 2693 ** 2694 ** Returns void 2695 ** 2696 *******************************************************************************/ 2697 void btm_ble_set_test_local_sign_cntr_value(BOOLEAN enable, UINT32 test_local_sign_cntr ) 2698 { 2699 BTM_TRACE_DEBUG ("btm_ble_set_test_local_sign_cntr_value enable=%d local_sign_cntr=%d", 2700 enable, test_local_sign_cntr); 2701 btm_cb.devcb.enable_test_local_sign_cntr = enable; 2702 btm_cb.devcb.test_local_sign_cntr = test_local_sign_cntr; 2703 } 2704 2705 /******************************************************************************* 2706 ** 2707 ** Function btm_set_random_address 2708 ** 2709 ** Description This function set a random address to local controller. 2710 ** 2711 ** Returns void 2712 ** 2713 *******************************************************************************/ 2714 void btm_set_random_address(BD_ADDR random_bda) 2715 { 2716 tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb; 2717 BOOLEAN adv_mode = btm_cb.ble_ctr_cb.inq_var.adv_mode ; 2718 2719 BTM_TRACE_DEBUG ("btm_set_random_address"); 2720 2721 if (adv_mode == BTM_BLE_ADV_ENABLE) 2722 btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_DISABLE); 2723 2724 memcpy(p_cb->private_addr, random_bda, BD_ADDR_LEN); 2725 btsnd_hcic_ble_set_random_addr(p_cb->private_addr); 2726 2727 if (adv_mode == BTM_BLE_ADV_ENABLE) 2728 btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_ENABLE); 2729 2730 } 2731 2732 /******************************************************************************* 2733 ** 2734 ** Function btm_ble_set_keep_rfu_in_auth_req 2735 ** 2736 ** Description This function indicates if RFU bits have to be kept as is 2737 ** (by default they have to be set to 0 by the sender). 2738 ** 2739 ** Returns void 2740 ** 2741 *******************************************************************************/ 2742 void btm_ble_set_keep_rfu_in_auth_req(BOOLEAN keep_rfu) 2743 { 2744 BTM_TRACE_DEBUG ("btm_ble_set_keep_rfu_in_auth_req keep_rfus=%d", keep_rfu); 2745 btm_cb.devcb.keep_rfu_in_auth_req = keep_rfu; 2746 } 2747 2748 #endif /* BTM_BLE_CONFORMANCE_TESTING */ 2749 2750 #endif /* BLE_INCLUDED */ 2751
