1 /****************************************************************************** 2 * 3 * Copyright (C) 2003-2012 Broadcom Corporation 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19 #include <string.h> 20 #include "device/include/interop.h" 21 #include "include/bt_target.h" 22 #include "stack/btm/btm_int.h" 23 #include "stack/include/l2c_api.h" 24 #include "stack/smp/smp_int.h" 25 #include "utils/include/bt_utils.h" 26 27 extern fixed_queue_t *btu_general_alarm_queue; 28 29 #if SMP_INCLUDED == TRUE 30 const UINT8 smp_association_table[2][SMP_IO_CAP_MAX][SMP_IO_CAP_MAX] = 31 { 32 /* initiator */ 33 {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* Display Only */ 34 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* SMP_CAP_IO = 1 */ 35 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* keyboard only */ 36 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */ 37 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}}, /* keyboard display */ 38 /* responder */ 39 {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* Display Only */ 40 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* SMP_CAP_IO = 1 */ 41 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* keyboard only */ 42 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */ 43 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}} /* keyboard display */ 44 /* display only */ /*SMP_CAP_IO = 1 */ /* keyboard only */ /* No InputOutput */ /* keyboard display */ 45 }; 46 47 #define SMP_KEY_DIST_TYPE_MAX 4 48 const tSMP_ACT smp_distribute_act [] = 49 { 50 smp_generate_ltk, 51 smp_send_id_info, 52 smp_generate_csrk, 53 smp_set_derive_link_key 54 }; 55 56 static bool lmp_version_below(BD_ADDR bda, uint8_t version) 57 { 58 tACL_CONN *acl = btm_bda_to_acl(bda, BT_TRANSPORT_LE); 59 if (acl == NULL || acl->lmp_version == 0) 60 { 61 SMP_TRACE_WARNING("%s cannot retrieve LMP version...", __func__); 62 return false; 63 } 64 SMP_TRACE_WARNING("%s LMP version %d < %d", __func__, acl->lmp_version, version); 65 return acl->lmp_version < version; 66 } 67 68 static bool pts_test_send_authentication_complete_failure(tSMP_CB *p_cb) 69 { 70 uint8_t reason = 0; 71 72 if (p_cb->cert_failure < 2 || p_cb->cert_failure > 6) 73 return false; 74 75 SMP_TRACE_ERROR("%s failure case = %d", __func__, p_cb->cert_failure); 76 77 switch (p_cb->cert_failure) 78 { 79 case 2: 80 reason = SMP_PAIR_AUTH_FAIL; 81 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 82 break; 83 case 3: 84 reason = SMP_PAIR_FAIL_UNKNOWN; 85 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 86 break; 87 case 4: 88 reason = SMP_PAIR_NOT_SUPPORT; 89 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 90 break; 91 case 5: 92 reason = SMP_PASSKEY_ENTRY_FAIL; 93 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 94 break; 95 case 6: 96 reason = SMP_REPEATED_ATTEMPTS; 97 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 98 break; 99 } 100 101 return true;; 102 } 103 104 /******************************************************************************* 105 ** Function smp_update_key_mask 106 ** Description This function updates the key mask for sending or receiving. 107 *******************************************************************************/ 108 static void smp_update_key_mask (tSMP_CB *p_cb, UINT8 key_type, BOOLEAN recv) 109 { 110 SMP_TRACE_DEBUG("%s before update role=%d recv=%d local_i_key = %02x, local_r_key = %02x", 111 __func__, p_cb->role, recv, p_cb->local_i_key, p_cb->local_r_key); 112 113 if (((p_cb->le_secure_connections_mode_is_used) || 114 (p_cb->smp_over_br)) && 115 ((key_type == SMP_SEC_KEY_TYPE_ENC) || (key_type == SMP_SEC_KEY_TYPE_LK))) 116 { 117 /* in LE SC mode LTK, CSRK and BR/EDR LK are derived locally instead of 118 ** being exchanged with the peer */ 119 p_cb->local_i_key &= ~key_type; 120 p_cb->local_r_key &= ~key_type; 121 } 122 else 123 if (p_cb->role == HCI_ROLE_SLAVE) 124 { 125 if (recv) 126 p_cb->local_i_key &= ~key_type; 127 else 128 p_cb->local_r_key &= ~key_type; 129 } 130 else 131 { 132 if (recv) 133 p_cb->local_r_key &= ~key_type; 134 else 135 p_cb->local_i_key &= ~key_type; 136 } 137 138 SMP_TRACE_DEBUG("updated local_i_key = %02x, local_r_key = %02x", p_cb->local_i_key, 139 p_cb->local_r_key); 140 } 141 142 /******************************************************************************* 143 ** Function smp_send_app_cback 144 ** Description notifies application about the events the application is interested in 145 *******************************************************************************/ 146 void smp_send_app_cback(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 147 { 148 tSMP_EVT_DATA cb_data; 149 tSMP_STATUS callback_rc; 150 SMP_TRACE_DEBUG("%s p_cb->cb_evt=%d", __func__, p_cb->cb_evt); 151 if (p_cb->p_callback && p_cb->cb_evt != 0) 152 { 153 switch (p_cb->cb_evt) 154 { 155 case SMP_IO_CAP_REQ_EVT: 156 cb_data.io_req.auth_req = p_cb->peer_auth_req; 157 cb_data.io_req.oob_data = SMP_OOB_NONE; 158 cb_data.io_req.io_cap = SMP_DEFAULT_IO_CAPS; 159 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE; 160 cb_data.io_req.init_keys = p_cb->local_i_key ; 161 cb_data.io_req.resp_keys = p_cb->local_r_key ; 162 SMP_TRACE_WARNING ( "io_cap = %d",cb_data.io_req.io_cap); 163 break; 164 165 case SMP_NC_REQ_EVT: 166 cb_data.passkey = p_data->passkey; 167 break; 168 case SMP_SC_OOB_REQ_EVT: 169 cb_data.req_oob_type = p_data->req_oob_type; 170 break; 171 case SMP_SC_LOC_OOB_DATA_UP_EVT: 172 cb_data.loc_oob_data = p_cb->sc_oob_data.loc_oob_data; 173 break; 174 175 case SMP_BR_KEYS_REQ_EVT: 176 cb_data.io_req.auth_req = 0; 177 cb_data.io_req.oob_data = SMP_OOB_NONE; 178 cb_data.io_req.io_cap = 0; 179 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE; 180 cb_data.io_req.init_keys = SMP_BR_SEC_DEFAULT_KEY; 181 cb_data.io_req.resp_keys = SMP_BR_SEC_DEFAULT_KEY; 182 break; 183 184 default: 185 break; 186 } 187 188 callback_rc = (*p_cb->p_callback)(p_cb->cb_evt, p_cb->pairing_bda, &cb_data); 189 190 SMP_TRACE_DEBUG("callback_rc=%d p_cb->cb_evt=%d",callback_rc, p_cb->cb_evt ); 191 192 if (callback_rc == SMP_SUCCESS) 193 { 194 switch (p_cb->cb_evt) 195 { 196 case SMP_IO_CAP_REQ_EVT: 197 p_cb->loc_auth_req = cb_data.io_req.auth_req; 198 p_cb->local_io_capability = cb_data.io_req.io_cap; 199 p_cb->loc_oob_flag = cb_data.io_req.oob_data; 200 p_cb->loc_enc_size = cb_data.io_req.max_key_size; 201 p_cb->local_i_key = cb_data.io_req.init_keys; 202 p_cb->local_r_key = cb_data.io_req.resp_keys; 203 204 if (!(p_cb->loc_auth_req & SMP_AUTH_BOND)) 205 { 206 SMP_TRACE_WARNING ("Non bonding: No keys will be exchanged"); 207 p_cb->local_i_key = 0; 208 p_cb->local_r_key = 0; 209 } 210 211 SMP_TRACE_WARNING ( "rcvd auth_req: 0x%02x, io_cap: %d \ 212 loc_oob_flag: %d loc_enc_size: %d," 213 "local_i_key: 0x%02x, local_r_key: 0x%02x", 214 p_cb->loc_auth_req, p_cb->local_io_capability, p_cb->loc_oob_flag, 215 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key); 216 217 p_cb->secure_connections_only_mode_required = 218 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE; 219 220 if (p_cb->secure_connections_only_mode_required) 221 { 222 p_cb->loc_auth_req |= SMP_SC_SUPPORT_BIT; 223 } 224 225 if (!(p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT) 226 || lmp_version_below(p_cb->pairing_bda, HCI_PROTO_VERSION_4_2) 227 || interop_match_addr(INTEROP_DISABLE_LE_SECURE_CONNECTIONS, 228 (const bt_bdaddr_t *)&p_cb->pairing_bda)) 229 { 230 p_cb->loc_auth_req &= ~SMP_KP_SUPPORT_BIT; 231 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK; 232 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK; 233 } 234 235 SMP_TRACE_WARNING("set auth_req: 0x%02x, local_i_key: 0x%02x, local_r_key: 0x%02x", 236 p_cb->loc_auth_req, p_cb->local_i_key, p_cb->local_r_key); 237 238 smp_sm_event(p_cb, SMP_IO_RSP_EVT, NULL); 239 break; 240 241 case SMP_BR_KEYS_REQ_EVT: 242 p_cb->loc_enc_size = cb_data.io_req.max_key_size; 243 p_cb->local_i_key = cb_data.io_req.init_keys; 244 p_cb->local_r_key = cb_data.io_req.resp_keys; 245 246 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK; 247 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK; 248 249 SMP_TRACE_WARNING ( "for SMP over BR max_key_size: 0x%02x,\ 250 local_i_key: 0x%02x, local_r_key: 0x%02x", 251 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key); 252 253 smp_br_state_machine_event(p_cb, SMP_BR_KEYS_RSP_EVT, NULL); 254 break; 255 } 256 } 257 } 258 259 if (!p_cb->cb_evt && p_cb->discard_sec_req) 260 { 261 p_cb->discard_sec_req = FALSE; 262 smp_sm_event(p_cb, SMP_DISCARD_SEC_REQ_EVT, NULL); 263 } 264 265 SMP_TRACE_DEBUG("%s return", __func__); 266 } 267 268 /******************************************************************************* 269 ** Function smp_send_pair_fail 270 ** Description pairing failure to peer device if needed. 271 *******************************************************************************/ 272 void smp_send_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 273 { 274 p_cb->status = *(UINT8 *)p_data; 275 p_cb->failure = *(UINT8 *)p_data; 276 277 SMP_TRACE_DEBUG("%s status=%d failure=%d ", __func__, p_cb->status, p_cb->failure); 278 279 if (p_cb->status <= SMP_MAX_FAIL_RSN_PER_SPEC && p_cb->status != SMP_SUCCESS) 280 { 281 smp_send_cmd(SMP_OPCODE_PAIRING_FAILED, p_cb); 282 p_cb->wait_for_authorization_complete = TRUE; 283 } 284 } 285 286 /******************************************************************************* 287 ** Function smp_send_pair_req 288 ** Description actions related to sending pairing request 289 *******************************************************************************/ 290 void smp_send_pair_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 291 { 292 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda); 293 SMP_TRACE_DEBUG("%s", __func__); 294 295 /* erase all keys when master sends pairing req*/ 296 if (p_dev_rec) 297 btm_sec_clear_ble_keys(p_dev_rec); 298 /* do not manipulate the key, let app decide, 299 leave out to BTM to mandate key distribution for bonding case */ 300 smp_send_cmd(SMP_OPCODE_PAIRING_REQ, p_cb); 301 } 302 303 /******************************************************************************* 304 ** Function smp_send_pair_rsp 305 ** Description actions related to sending pairing response 306 *******************************************************************************/ 307 void smp_send_pair_rsp(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 308 { 309 SMP_TRACE_DEBUG("%s", __func__); 310 311 p_cb->local_i_key &= p_cb->peer_i_key; 312 p_cb->local_r_key &= p_cb->peer_r_key; 313 314 if (smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb)) 315 { 316 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) 317 smp_use_oob_private_key(p_cb, NULL); 318 else 319 smp_decide_association_model(p_cb, NULL); 320 } 321 } 322 323 /******************************************************************************* 324 ** Function smp_send_confirm 325 ** Description send confirmation to the peer 326 *******************************************************************************/ 327 void smp_send_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 328 { 329 SMP_TRACE_DEBUG("%s", __func__); 330 smp_send_cmd(SMP_OPCODE_CONFIRM, p_cb); 331 } 332 333 /******************************************************************************* 334 ** Function smp_send_init 335 ** Description process pairing initializer to slave device 336 *******************************************************************************/ 337 void smp_send_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 338 { 339 SMP_TRACE_DEBUG("%s", __func__); 340 smp_send_cmd(SMP_OPCODE_INIT, p_cb); 341 } 342 343 /******************************************************************************* 344 ** Function smp_send_rand 345 ** Description send pairing random to the peer 346 *******************************************************************************/ 347 void smp_send_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 348 { 349 SMP_TRACE_DEBUG("%s", __func__); 350 smp_send_cmd(SMP_OPCODE_RAND, p_cb); 351 } 352 353 /******************************************************************************* 354 ** Function smp_send_pair_public_key 355 ** Description send pairing public key command to the peer 356 *******************************************************************************/ 357 void smp_send_pair_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 358 { 359 SMP_TRACE_DEBUG("%s", __func__); 360 smp_send_cmd(SMP_OPCODE_PAIR_PUBLIC_KEY, p_cb); 361 } 362 363 /******************************************************************************* 364 ** Function SMP_SEND_COMMITMENT 365 ** Description send commitment command to the peer 366 *******************************************************************************/ 367 void smp_send_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 368 { 369 SMP_TRACE_DEBUG("%s", __func__); 370 smp_send_cmd(SMP_OPCODE_PAIR_COMMITM, p_cb); 371 } 372 373 /******************************************************************************* 374 ** Function smp_send_dhkey_check 375 ** Description send DHKey Check command to the peer 376 *******************************************************************************/ 377 void smp_send_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 378 { 379 SMP_TRACE_DEBUG("%s", __func__); 380 smp_send_cmd(SMP_OPCODE_PAIR_DHKEY_CHECK, p_cb); 381 } 382 383 /******************************************************************************* 384 ** Function smp_send_keypress_notification 385 ** Description send Keypress Notification command to the peer 386 *******************************************************************************/ 387 void smp_send_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 388 { 389 p_cb->local_keypress_notification = *(UINT8 *) p_data; 390 smp_send_cmd(SMP_OPCODE_PAIR_KEYPR_NOTIF, p_cb); 391 } 392 393 /******************************************************************************* 394 ** Function smp_send_enc_info 395 ** Description send encryption information command. 396 *******************************************************************************/ 397 void smp_send_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 398 { 399 tBTM_LE_LENC_KEYS le_key; 400 401 SMP_TRACE_DEBUG("%s p_cb->loc_enc_size = %d", __func__, p_cb->loc_enc_size); 402 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE); 403 404 smp_send_cmd(SMP_OPCODE_ENCRYPT_INFO, p_cb); 405 smp_send_cmd(SMP_OPCODE_MASTER_ID, p_cb); 406 407 /* save the DIV and key size information when acting as slave device */ 408 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN); 409 le_key.div = p_cb->div; 410 le_key.key_size = p_cb->loc_enc_size; 411 le_key.sec_level = p_cb->sec_level; 412 413 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND)) 414 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LENC, 415 (tBTM_LE_KEY_VALUE *)&le_key, TRUE); 416 417 SMP_TRACE_WARNING ("%s", __func__); 418 419 smp_key_distribution(p_cb, NULL); 420 } 421 422 /******************************************************************************* 423 ** Function smp_send_id_info 424 ** Description send ID information command. 425 *******************************************************************************/ 426 void smp_send_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 427 { 428 tBTM_LE_KEY_VALUE le_key; 429 SMP_TRACE_DEBUG("%s", __func__); 430 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, FALSE); 431 432 smp_send_cmd(SMP_OPCODE_IDENTITY_INFO, p_cb); 433 smp_send_cmd(SMP_OPCODE_ID_ADDR, p_cb); 434 435 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND)) 436 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LID, 437 &le_key, TRUE); 438 439 SMP_TRACE_WARNING ("%s", __func__); 440 smp_key_distribution_by_transport(p_cb, NULL); 441 } 442 443 /******************************************************************************* 444 ** Function smp_send_csrk_info 445 ** Description send CSRK command. 446 *******************************************************************************/ 447 void smp_send_csrk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 448 { 449 tBTM_LE_LCSRK_KEYS key; 450 SMP_TRACE_DEBUG("%s", __func__); 451 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, FALSE); 452 453 if (smp_send_cmd(SMP_OPCODE_SIGN_INFO, p_cb)) 454 { 455 key.div = p_cb->div; 456 key.sec_level = p_cb->sec_level; 457 key.counter = 0; /* initialize the local counter */ 458 memcpy (key.csrk, p_cb->csrk, BT_OCTET16_LEN); 459 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LCSRK, (tBTM_LE_KEY_VALUE *)&key, TRUE); 460 } 461 462 smp_key_distribution_by_transport(p_cb, NULL); 463 } 464 465 /******************************************************************************* 466 ** Function smp_send_ltk_reply 467 ** Description send LTK reply 468 *******************************************************************************/ 469 void smp_send_ltk_reply(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 470 { 471 SMP_TRACE_DEBUG("%s", __func__); 472 /* send stk as LTK response */ 473 btm_ble_ltk_request_reply(p_cb->pairing_bda, TRUE, p_data->key.p_data); 474 } 475 476 /******************************************************************************* 477 ** Function smp_proc_sec_req 478 ** Description process security request. 479 *******************************************************************************/ 480 void smp_proc_sec_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 481 { 482 tBTM_LE_AUTH_REQ auth_req = *(tBTM_LE_AUTH_REQ *)p_data; 483 tBTM_BLE_SEC_REQ_ACT sec_req_act; 484 UINT8 reason; 485 486 SMP_TRACE_DEBUG("%s auth_req=0x%x", __func__, auth_req); 487 488 p_cb->cb_evt = 0; 489 490 btm_ble_link_sec_check(p_cb->pairing_bda, auth_req, &sec_req_act); 491 492 SMP_TRACE_DEBUG("%s sec_req_act=0x%x", __func__, sec_req_act); 493 494 switch (sec_req_act) 495 { 496 case BTM_BLE_SEC_REQ_ACT_ENCRYPT: 497 SMP_TRACE_DEBUG("%s BTM_BLE_SEC_REQ_ACT_ENCRYPT", __func__); 498 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL); 499 break; 500 501 case BTM_BLE_SEC_REQ_ACT_PAIR: 502 p_cb->secure_connections_only_mode_required = 503 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE; 504 505 /* respond to non SC pairing request as failure in SC only mode */ 506 if (p_cb->secure_connections_only_mode_required && 507 (auth_req & SMP_SC_SUPPORT_BIT) == 0) 508 { 509 reason = SMP_PAIR_AUTH_FAIL; 510 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 511 } 512 else 513 { 514 /* initialize local i/r key to be default keys */ 515 p_cb->peer_auth_req = auth_req; 516 p_cb->local_r_key = p_cb->local_i_key = SMP_SEC_DEFAULT_KEY ; 517 p_cb->cb_evt = SMP_SEC_REQUEST_EVT; 518 } 519 break; 520 521 case BTM_BLE_SEC_REQ_ACT_DISCARD: 522 p_cb->discard_sec_req = TRUE; 523 break; 524 525 default: 526 /* do nothing */ 527 break; 528 } 529 } 530 531 /******************************************************************************* 532 ** Function smp_proc_sec_grant 533 ** Description process security grant. 534 *******************************************************************************/ 535 void smp_proc_sec_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 536 { 537 UINT8 res= *(UINT8 *)p_data; 538 SMP_TRACE_DEBUG("%s", __func__); 539 if (res != SMP_SUCCESS) 540 { 541 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, p_data); 542 } 543 else /*otherwise, start pairing */ 544 { 545 /* send IO request callback */ 546 p_cb->cb_evt = SMP_IO_CAP_REQ_EVT; 547 } 548 } 549 550 /******************************************************************************* 551 ** Function smp_proc_pair_fail 552 ** Description process pairing failure from peer device 553 *******************************************************************************/ 554 void smp_proc_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 555 { 556 SMP_TRACE_DEBUG("%s", __func__); 557 p_cb->status = *(UINT8 *)p_data; 558 559 /* Cancel pending auth complete timer if set */ 560 alarm_cancel(p_cb->delayed_auth_timer_ent); 561 } 562 563 /******************************************************************************* 564 ** Function smp_proc_pair_cmd 565 ** Description Process the SMP pairing request/response from peer device 566 *******************************************************************************/ 567 void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 568 { 569 UINT8 *p = (UINT8 *)p_data; 570 UINT8 reason = SMP_ENC_KEY_SIZE; 571 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda); 572 573 SMP_TRACE_DEBUG("%s", __func__); 574 /* erase all keys if it is slave proc pairing req*/ 575 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE)) 576 btm_sec_clear_ble_keys(p_dev_rec); 577 578 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR; 579 580 STREAM_TO_UINT8(p_cb->peer_io_caps, p); 581 STREAM_TO_UINT8(p_cb->peer_oob_flag, p); 582 STREAM_TO_UINT8(p_cb->peer_auth_req, p); 583 STREAM_TO_UINT8(p_cb->peer_enc_size, p); 584 STREAM_TO_UINT8(p_cb->peer_i_key, p); 585 STREAM_TO_UINT8(p_cb->peer_r_key, p); 586 587 if (smp_command_has_invalid_parameters(p_cb)) 588 { 589 reason = SMP_INVALID_PARAMETERS; 590 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 591 return; 592 } 593 594 // PTS Testing failure modes 595 if (pts_test_send_authentication_complete_failure(p_cb)) 596 return; 597 598 if (p_cb->role == HCI_ROLE_SLAVE) 599 { 600 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)) 601 { 602 /* peer (master) started pairing sending Pairing Request */ 603 p_cb->local_i_key = p_cb->peer_i_key; 604 p_cb->local_r_key = p_cb->peer_r_key; 605 606 p_cb->cb_evt = SMP_SEC_REQUEST_EVT; 607 } 608 else /* update local i/r key according to pairing request */ 609 { 610 /* pairing started with this side (slave) sending Security Request */ 611 p_cb->local_i_key &= p_cb->peer_i_key; 612 p_cb->local_r_key &= p_cb->peer_r_key; 613 p_cb->selected_association_model = smp_select_association_model(p_cb); 614 615 if (p_cb->secure_connections_only_mode_required && 616 (!(p_cb->le_secure_connections_mode_is_used) || 617 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS))) 618 { 619 SMP_TRACE_ERROR("%s pairing failed - slave requires secure connection only mode", 620 __func__); 621 reason = SMP_PAIR_AUTH_FAIL; 622 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 623 return; 624 } 625 626 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) 627 { 628 if (smp_request_oob_data(p_cb)) return; 629 } 630 else 631 { 632 smp_send_pair_rsp(p_cb, NULL); 633 } 634 } 635 } 636 else /* Master receives pairing response */ 637 { 638 p_cb->selected_association_model = smp_select_association_model(p_cb); 639 640 if (p_cb->secure_connections_only_mode_required && 641 (!(p_cb->le_secure_connections_mode_is_used) || 642 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS))) 643 { 644 SMP_TRACE_ERROR ("Master requires secure connection only mode \ 645 but it can't be provided -> Master fails pairing"); 646 reason = SMP_PAIR_AUTH_FAIL; 647 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 648 return; 649 } 650 651 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) 652 { 653 if (smp_request_oob_data(p_cb)) return; 654 } 655 else 656 { 657 smp_decide_association_model(p_cb, NULL); 658 } 659 } 660 } 661 662 /******************************************************************************* 663 ** Function smp_proc_confirm 664 ** Description process pairing confirm from peer device 665 *******************************************************************************/ 666 void smp_proc_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 667 { 668 UINT8 *p = (UINT8 *)p_data; 669 UINT8 reason = SMP_INVALID_PARAMETERS; 670 671 SMP_TRACE_DEBUG("%s", __func__); 672 673 if (smp_command_has_invalid_parameters(p_cb)) 674 { 675 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 676 return; 677 } 678 679 if (p != NULL) 680 { 681 /* save the SConfirm for comparison later */ 682 STREAM_TO_ARRAY(p_cb->rconfirm, p, BT_OCTET16_LEN); 683 } 684 685 p_cb->flags |= SMP_PAIR_FLAGS_CMD_CONFIRM; 686 } 687 688 /******************************************************************************* 689 ** Function smp_proc_init 690 ** Description process pairing initializer from peer device 691 *******************************************************************************/ 692 void smp_proc_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 693 { 694 UINT8 *p = (UINT8 *)p_data; 695 UINT8 reason = SMP_INVALID_PARAMETERS; 696 697 SMP_TRACE_DEBUG("%s", __func__); 698 699 if (smp_command_has_invalid_parameters(p_cb)) 700 { 701 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 702 return; 703 } 704 705 /* save the SRand for comparison */ 706 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN); 707 } 708 709 /******************************************************************************* 710 ** Function smp_proc_rand 711 ** Description process pairing random (nonce) from peer device 712 *******************************************************************************/ 713 void smp_proc_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 714 { 715 UINT8 *p = (UINT8 *)p_data; 716 UINT8 reason = SMP_INVALID_PARAMETERS; 717 718 SMP_TRACE_DEBUG("%s", __func__); 719 720 if (smp_command_has_invalid_parameters(p_cb)) 721 { 722 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 723 return; 724 } 725 726 /* save the SRand for comparison */ 727 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN); 728 } 729 730 /******************************************************************************* 731 ** Function smp_process_pairing_public_key 732 ** Description process pairing public key command from the peer device 733 ** - saves the peer public key; 734 ** - sets the flag indicating that the peer public key is received; 735 ** - calls smp_wait_for_both_public_keys(...). 736 ** 737 *******************************************************************************/ 738 void smp_process_pairing_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 739 { 740 UINT8 *p = (UINT8 *)p_data; 741 UINT8 reason = SMP_INVALID_PARAMETERS; 742 743 SMP_TRACE_DEBUG("%s", __func__); 744 745 if (smp_command_has_invalid_parameters(p_cb)) 746 { 747 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 748 return; 749 } 750 751 STREAM_TO_ARRAY(p_cb->peer_publ_key.x, p, BT_OCTET32_LEN); 752 STREAM_TO_ARRAY(p_cb->peer_publ_key.y, p, BT_OCTET32_LEN); 753 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY; 754 755 smp_wait_for_both_public_keys(p_cb, NULL); 756 } 757 758 /******************************************************************************* 759 ** Function smp_process_pairing_commitment 760 ** Description process pairing commitment from peer device 761 *******************************************************************************/ 762 void smp_process_pairing_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 763 { 764 UINT8 *p = (UINT8 *)p_data; 765 UINT8 reason = SMP_INVALID_PARAMETERS; 766 767 SMP_TRACE_DEBUG("%s", __func__); 768 769 if (smp_command_has_invalid_parameters(p_cb)) 770 { 771 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 772 return; 773 } 774 775 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_COMM; 776 777 if (p != NULL) 778 { 779 STREAM_TO_ARRAY(p_cb->remote_commitment, p, BT_OCTET16_LEN); 780 } 781 } 782 783 /******************************************************************************* 784 ** Function smp_process_dhkey_check 785 ** Description process DHKey Check from peer device 786 *******************************************************************************/ 787 void smp_process_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 788 { 789 UINT8 *p = (UINT8 *)p_data; 790 UINT8 reason = SMP_INVALID_PARAMETERS; 791 792 SMP_TRACE_DEBUG("%s", __func__); 793 794 if (smp_command_has_invalid_parameters(p_cb)) 795 { 796 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 797 return; 798 } 799 800 if (p != NULL) 801 { 802 STREAM_TO_ARRAY(p_cb->remote_dhkey_check, p, BT_OCTET16_LEN); 803 } 804 805 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK; 806 } 807 808 /******************************************************************************* 809 ** Function smp_process_keypress_notification 810 ** Description process pairing keypress notification from peer device 811 *******************************************************************************/ 812 void smp_process_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 813 { 814 UINT8 *p = (UINT8 *)p_data; 815 UINT8 reason = SMP_INVALID_PARAMETERS; 816 817 SMP_TRACE_DEBUG("%s", __func__); 818 p_cb->status = *(UINT8 *)p_data; 819 820 if (smp_command_has_invalid_parameters(p_cb)) 821 { 822 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 823 return; 824 } 825 826 if (p != NULL) 827 { 828 STREAM_TO_UINT8(p_cb->peer_keypress_notification, p); 829 } 830 else 831 { 832 p_cb->peer_keypress_notification = BTM_SP_KEY_OUT_OF_RANGE; 833 } 834 p_cb->cb_evt = SMP_PEER_KEYPR_NOT_EVT; 835 } 836 837 /******************************************************************************* 838 ** Function smp_br_process_pairing_command 839 ** Description Process the SMP pairing request/response from peer device via 840 ** BR/EDR transport. 841 *******************************************************************************/ 842 void smp_br_process_pairing_command(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 843 { 844 UINT8 *p = (UINT8 *)p_data; 845 UINT8 reason = SMP_ENC_KEY_SIZE; 846 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda); 847 848 SMP_TRACE_DEBUG("%s", __func__); 849 /* rejecting BR pairing request over non-SC BR link */ 850 if (!p_dev_rec->new_encryption_key_is_p256 && p_cb->role == HCI_ROLE_SLAVE) 851 { 852 reason = SMP_XTRANS_DERIVE_NOT_ALLOW; 853 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason); 854 return; 855 } 856 857 /* erase all keys if it is slave proc pairing req*/ 858 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE)) 859 btm_sec_clear_ble_keys(p_dev_rec); 860 861 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR; 862 863 STREAM_TO_UINT8(p_cb->peer_io_caps, p); 864 STREAM_TO_UINT8(p_cb->peer_oob_flag, p); 865 STREAM_TO_UINT8(p_cb->peer_auth_req, p); 866 STREAM_TO_UINT8(p_cb->peer_enc_size, p); 867 STREAM_TO_UINT8(p_cb->peer_i_key, p); 868 STREAM_TO_UINT8(p_cb->peer_r_key, p); 869 870 if (smp_command_has_invalid_parameters(p_cb)) 871 { 872 reason = SMP_INVALID_PARAMETERS; 873 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason); 874 return; 875 } 876 877 /* peer (master) started pairing sending Pairing Request */ 878 /* or being master device always use received i/r key as keys to distribute */ 879 p_cb->local_i_key = p_cb->peer_i_key; 880 p_cb->local_r_key = p_cb->peer_r_key; 881 882 if (p_cb->role == HCI_ROLE_SLAVE) 883 { 884 p_dev_rec->new_encryption_key_is_p256 = FALSE; 885 /* shortcut to skip Security Grant step */ 886 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT; 887 } 888 else /* Master receives pairing response */ 889 { 890 SMP_TRACE_DEBUG("%s master rcvs valid PAIRING RESPONSE." 891 " Supposed to move to key distribution phase. ", __func__); 892 } 893 894 /* auth_req received via BR/EDR SM channel is set to 0, 895 but everything derived/exchanged has to be saved */ 896 p_cb->peer_auth_req |= SMP_AUTH_BOND; 897 p_cb->loc_auth_req |= SMP_AUTH_BOND; 898 } 899 900 /******************************************************************************* 901 ** Function smp_br_process_security_grant 902 ** Description process security grant in case of pairing over BR/EDR transport. 903 *******************************************************************************/ 904 void smp_br_process_security_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 905 { 906 UINT8 res= *(UINT8 *)p_data; 907 SMP_TRACE_DEBUG("%s", __func__); 908 if (res != SMP_SUCCESS) 909 { 910 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, p_data); 911 } 912 else /*otherwise, start pairing */ 913 { 914 /* send IO request callback */ 915 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT; 916 } 917 } 918 919 /******************************************************************************* 920 ** Function smp_br_check_authorization_request 921 ** Description sets the SMP kes to be derived/distribute over BR/EDR transport 922 ** before starting the distribution/derivation 923 *******************************************************************************/ 924 void smp_br_check_authorization_request(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 925 { 926 UINT8 reason = SMP_SUCCESS; 927 928 SMP_TRACE_DEBUG("%s rcvs i_keys=0x%x r_keys=0x%x " 929 "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key, 930 p_cb->local_r_key); 931 932 /* In LE SC mode LK field is ignored when BR/EDR transport is used */ 933 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK; 934 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK; 935 936 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer. 937 ** Set local_r_key on master to expect only these keys. */ 938 if (p_cb->role == HCI_ROLE_MASTER) 939 { 940 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK); 941 } 942 943 SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x " 944 "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key, 945 p_cb->local_r_key); 946 947 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) || 948 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/ 949 (p_cb->local_i_key || p_cb->local_r_key)) 950 { 951 smp_br_state_machine_event(p_cb, SMP_BR_BOND_REQ_EVT, NULL); 952 953 /* if no peer key is expected, start master key distribution */ 954 if (p_cb->role == HCI_ROLE_MASTER && p_cb->local_r_key == 0) 955 smp_key_distribution_by_transport(p_cb, NULL); 956 } 957 else 958 { 959 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason); 960 } 961 } 962 963 /******************************************************************************* 964 ** Function smp_br_select_next_key 965 ** Description selects the next key to derive/send when BR/EDR transport is 966 ** used. 967 *******************************************************************************/ 968 void smp_br_select_next_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 969 { 970 UINT8 reason = SMP_SUCCESS; 971 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x", 972 __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key); 973 974 if (p_cb->role == HCI_ROLE_SLAVE|| 975 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER)) 976 { 977 smp_key_pick_key(p_cb, p_data); 978 } 979 980 if (!p_cb->local_i_key && !p_cb->local_r_key) 981 { 982 /* state check to prevent re-entrance */ 983 if (smp_get_br_state() == SMP_BR_STATE_BOND_PENDING) 984 { 985 if (p_cb->total_tx_unacked == 0) 986 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason); 987 else 988 p_cb->wait_for_authorization_complete = TRUE; 989 } 990 } 991 } 992 993 /******************************************************************************* 994 ** Function smp_proc_enc_info 995 ** Description process encryption information from peer device 996 *******************************************************************************/ 997 void smp_proc_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 998 { 999 UINT8 *p = (UINT8 *)p_data; 1000 1001 SMP_TRACE_DEBUG("%s", __func__); 1002 STREAM_TO_ARRAY(p_cb->ltk, p, BT_OCTET16_LEN); 1003 1004 smp_key_distribution(p_cb, NULL); 1005 } 1006 /******************************************************************************* 1007 ** Function smp_proc_master_id 1008 ** Description process master ID from slave device 1009 *******************************************************************************/ 1010 void smp_proc_master_id(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1011 { 1012 UINT8 *p = (UINT8 *)p_data; 1013 tBTM_LE_PENC_KEYS le_key; 1014 1015 SMP_TRACE_DEBUG("%s", __func__); 1016 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, TRUE); 1017 1018 STREAM_TO_UINT16(le_key.ediv, p); 1019 STREAM_TO_ARRAY(le_key.rand, p, BT_OCTET8_LEN ); 1020 1021 /* store the encryption keys from peer device */ 1022 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN); 1023 le_key.sec_level = p_cb->sec_level; 1024 le_key.key_size = p_cb->loc_enc_size; 1025 1026 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND)) 1027 btm_sec_save_le_key(p_cb->pairing_bda, 1028 BTM_LE_KEY_PENC, 1029 (tBTM_LE_KEY_VALUE *)&le_key, TRUE); 1030 1031 smp_key_distribution(p_cb, NULL); 1032 } 1033 1034 /******************************************************************************* 1035 ** Function smp_proc_enc_info 1036 ** Description process identity information from peer device 1037 *******************************************************************************/ 1038 void smp_proc_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1039 { 1040 UINT8 *p = (UINT8 *)p_data; 1041 1042 SMP_TRACE_DEBUG("%s", __func__); 1043 STREAM_TO_ARRAY (p_cb->tk, p, BT_OCTET16_LEN); /* reuse TK for IRK */ 1044 smp_key_distribution_by_transport(p_cb, NULL); 1045 } 1046 1047 /******************************************************************************* 1048 ** Function smp_proc_id_addr 1049 ** Description process identity address from peer device 1050 *******************************************************************************/ 1051 void smp_proc_id_addr(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1052 { 1053 UINT8 *p = (UINT8 *)p_data; 1054 tBTM_LE_PID_KEYS pid_key; 1055 1056 SMP_TRACE_DEBUG("%s", __func__); 1057 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, TRUE); 1058 1059 STREAM_TO_UINT8(pid_key.addr_type, p); 1060 STREAM_TO_BDADDR(pid_key.static_addr, p); 1061 memcpy(pid_key.irk, p_cb->tk, BT_OCTET16_LEN); 1062 1063 /* to use as BD_ADDR for lk derived from ltk */ 1064 p_cb->id_addr_rcvd = TRUE; 1065 p_cb->id_addr_type = pid_key.addr_type; 1066 memcpy(p_cb->id_addr, pid_key.static_addr, BD_ADDR_LEN); 1067 1068 /* store the ID key from peer device */ 1069 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND)) 1070 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PID, 1071 (tBTM_LE_KEY_VALUE *)&pid_key, TRUE); 1072 smp_key_distribution_by_transport(p_cb, NULL); 1073 } 1074 1075 /******************************************************************************* 1076 ** Function smp_proc_srk_info 1077 ** Description process security information from peer device 1078 *******************************************************************************/ 1079 void smp_proc_srk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1080 { 1081 tBTM_LE_PCSRK_KEYS le_key; 1082 1083 SMP_TRACE_DEBUG("%s", __func__); 1084 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, TRUE); 1085 1086 /* save CSRK to security record */ 1087 le_key.sec_level = p_cb->sec_level; 1088 memcpy (le_key.csrk, p_data, BT_OCTET16_LEN); /* get peer CSRK */ 1089 le_key.counter = 0; /* initialize the peer counter */ 1090 1091 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND)) 1092 btm_sec_save_le_key(p_cb->pairing_bda, 1093 BTM_LE_KEY_PCSRK, 1094 (tBTM_LE_KEY_VALUE *)&le_key, TRUE); 1095 smp_key_distribution_by_transport(p_cb, NULL); 1096 } 1097 1098 /******************************************************************************* 1099 ** Function smp_proc_compare 1100 ** Description process compare value 1101 *******************************************************************************/ 1102 void smp_proc_compare(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1103 { 1104 UINT8 reason; 1105 1106 SMP_TRACE_DEBUG("%s", __func__); 1107 if (!memcmp(p_cb->rconfirm, p_data->key.p_data, BT_OCTET16_LEN)) 1108 { 1109 /* compare the max encryption key size, and save the smaller one for the link */ 1110 if ( p_cb->peer_enc_size < p_cb->loc_enc_size) 1111 p_cb->loc_enc_size = p_cb->peer_enc_size; 1112 1113 if (p_cb->role == HCI_ROLE_SLAVE) 1114 smp_sm_event(p_cb, SMP_RAND_EVT, NULL); 1115 else 1116 { 1117 /* master device always use received i/r key as keys to distribute */ 1118 p_cb->local_i_key = p_cb->peer_i_key; 1119 p_cb->local_r_key = p_cb->peer_r_key; 1120 1121 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL); 1122 } 1123 1124 } 1125 else 1126 { 1127 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR; 1128 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1129 } 1130 } 1131 1132 /******************************************************************************* 1133 ** Function smp_proc_sl_key 1134 ** Description process key ready events. 1135 *******************************************************************************/ 1136 void smp_proc_sl_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1137 { 1138 UINT8 key_type = p_data->key.key_type; 1139 1140 SMP_TRACE_DEBUG("%s", __func__); 1141 if (key_type == SMP_KEY_TYPE_TK) 1142 { 1143 smp_generate_srand_mrand_confirm(p_cb, NULL); 1144 } 1145 else if (key_type == SMP_KEY_TYPE_CFM) 1146 { 1147 smp_set_state(SMP_STATE_WAIT_CONFIRM); 1148 1149 if (p_cb->flags & SMP_PAIR_FLAGS_CMD_CONFIRM) 1150 smp_sm_event(p_cb, SMP_CONFIRM_EVT, NULL); 1151 } 1152 } 1153 1154 /******************************************************************************* 1155 ** Function smp_start_enc 1156 ** Description start encryption 1157 *******************************************************************************/ 1158 void smp_start_enc(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1159 { 1160 tBTM_STATUS cmd; 1161 UINT8 reason = SMP_ENC_FAIL; 1162 1163 SMP_TRACE_DEBUG("%s", __func__); 1164 if (p_data != NULL) 1165 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, TRUE, p_data->key.p_data); 1166 else 1167 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, FALSE, NULL); 1168 1169 if (cmd != BTM_CMD_STARTED && cmd != BTM_BUSY) 1170 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1171 } 1172 1173 /******************************************************************************* 1174 ** Function smp_proc_discard 1175 ** Description processing for discard security request 1176 *******************************************************************************/ 1177 void smp_proc_discard(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1178 { 1179 SMP_TRACE_DEBUG("%s", __func__); 1180 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)) 1181 smp_reset_control_value(p_cb); 1182 } 1183 1184 /******************************************************************************* 1185 ** Function smp_enc_cmpl 1186 ** Description encryption success 1187 *******************************************************************************/ 1188 void smp_enc_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1189 { 1190 UINT8 enc_enable = *(UINT8 *)p_data; 1191 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL; 1192 1193 SMP_TRACE_DEBUG("%s", __func__); 1194 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1195 } 1196 1197 /******************************************************************************* 1198 ** Function smp_check_auth_req 1199 ** Description check authentication request 1200 *******************************************************************************/ 1201 void smp_check_auth_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1202 { 1203 UINT8 enc_enable = *(UINT8 *)p_data; 1204 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL; 1205 1206 SMP_TRACE_DEBUG("%s rcvs enc_enable=%d i_keys=0x%x r_keys=0x%x " 1207 "(i-initiator r-responder)", 1208 __func__, enc_enable, p_cb->local_i_key, p_cb->local_r_key); 1209 if (enc_enable == 1) 1210 { 1211 if (p_cb->le_secure_connections_mode_is_used) 1212 { 1213 /* In LE SC mode LTK is used instead of STK and has to be always saved */ 1214 p_cb->local_i_key |= SMP_SEC_KEY_TYPE_ENC; 1215 p_cb->local_r_key |= SMP_SEC_KEY_TYPE_ENC; 1216 1217 /* In LE SC mode LK is derived from LTK only if both sides request it */ 1218 if (!(p_cb->local_i_key & SMP_SEC_KEY_TYPE_LK) || 1219 !(p_cb->local_r_key & SMP_SEC_KEY_TYPE_LK)) 1220 { 1221 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK; 1222 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK; 1223 } 1224 1225 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer. 1226 ** Set local_r_key on master to expect only these keys. 1227 */ 1228 if (p_cb->role == HCI_ROLE_MASTER) 1229 { 1230 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK); 1231 } 1232 } 1233 else 1234 { 1235 /* in legacy mode derivation of BR/EDR LK is not supported */ 1236 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK; 1237 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK; 1238 } 1239 SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x " 1240 "(i-initiator r-responder)", 1241 __func__, p_cb->local_i_key, p_cb->local_r_key); 1242 1243 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) || 1244 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/ 1245 (p_cb->local_i_key || p_cb->local_r_key)) 1246 { 1247 smp_sm_event(p_cb, SMP_BOND_REQ_EVT, NULL); 1248 } 1249 else 1250 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1251 } 1252 else if (enc_enable == 0) 1253 { 1254 /* if failed for encryption after pairing, send callback */ 1255 if (p_cb->flags & SMP_PAIR_FLAG_ENC_AFTER_PAIR) 1256 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1257 /* if enc failed for old security information */ 1258 /* if master device, clean up and abck to idle; slave device do nothing */ 1259 else if (p_cb->role == HCI_ROLE_MASTER) 1260 { 1261 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1262 } 1263 } 1264 } 1265 1266 /******************************************************************************* 1267 ** Function smp_key_pick_key 1268 ** Description Pick a key distribution function based on the key mask. 1269 *******************************************************************************/ 1270 void smp_key_pick_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1271 { 1272 UINT8 key_to_dist = (p_cb->role == HCI_ROLE_SLAVE) ? p_cb->local_r_key : p_cb->local_i_key; 1273 UINT8 i = 0; 1274 1275 SMP_TRACE_DEBUG("%s key_to_dist=0x%x", __func__, key_to_dist); 1276 while (i < SMP_KEY_DIST_TYPE_MAX) 1277 { 1278 SMP_TRACE_DEBUG("key to send = %02x, i = %d", key_to_dist, i); 1279 1280 if (key_to_dist & (1 << i)) 1281 { 1282 SMP_TRACE_DEBUG("smp_distribute_act[%d]", i); 1283 (* smp_distribute_act[i])(p_cb, p_data); 1284 break; 1285 } 1286 i ++; 1287 } 1288 } 1289 /******************************************************************************* 1290 ** Function smp_key_distribution 1291 ** Description start key distribution if required. 1292 *******************************************************************************/ 1293 void smp_key_distribution(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1294 { 1295 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x", 1296 __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key); 1297 1298 if (p_cb->role == HCI_ROLE_SLAVE || 1299 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER)) 1300 { 1301 smp_key_pick_key(p_cb, p_data); 1302 } 1303 1304 if (!p_cb->local_i_key && !p_cb->local_r_key) 1305 { 1306 /* state check to prevent re-entrant */ 1307 if (smp_get_state() == SMP_STATE_BOND_PENDING) 1308 { 1309 if (p_cb->derive_lk) 1310 { 1311 smp_derive_link_key_from_long_term_key(p_cb, NULL); 1312 p_cb->derive_lk = FALSE; 1313 } 1314 1315 if (p_cb->total_tx_unacked == 0) 1316 { 1317 /* 1318 * Instead of declaring authorization complete immediately, 1319 * delay the event from being sent by SMP_DELAYED_AUTH_TIMEOUT_MS. 1320 * This allows the slave to send over Pairing Failed if the 1321 * last key is rejected. During this waiting window, the 1322 * state should remain in SMP_STATE_BOND_PENDING. 1323 */ 1324 if (!alarm_is_scheduled(p_cb->delayed_auth_timer_ent)) { 1325 SMP_TRACE_DEBUG("%s delaying auth complete.", __func__); 1326 alarm_set_on_queue(p_cb->delayed_auth_timer_ent, SMP_DELAYED_AUTH_TIMEOUT_MS, 1327 smp_delayed_auth_complete_timeout, NULL, btu_general_alarm_queue); 1328 } 1329 } else { 1330 p_cb->wait_for_authorization_complete = TRUE; 1331 } 1332 } 1333 } 1334 } 1335 1336 /******************************************************************************* 1337 ** Function smp_decide_association_model 1338 ** Description This function is called to select assoc model to be used for 1339 ** STK generation and to start STK generation process. 1340 ** 1341 *******************************************************************************/ 1342 void smp_decide_association_model(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1343 { 1344 UINT8 failure = SMP_UNKNOWN_IO_CAP; 1345 UINT8 int_evt = 0; 1346 tSMP_KEY key; 1347 tSMP_INT_DATA *p = NULL; 1348 1349 SMP_TRACE_DEBUG("%s Association Model = %d", __func__, p_cb->selected_association_model); 1350 1351 switch (p_cb->selected_association_model) 1352 { 1353 case SMP_MODEL_ENCRYPTION_ONLY: /* TK = 0, go calculate Confirm */ 1354 if (p_cb->role == HCI_ROLE_MASTER && 1355 ((p_cb->peer_auth_req & SMP_AUTH_YN_BIT) != 0) && 1356 ((p_cb->loc_auth_req & SMP_AUTH_YN_BIT) == 0)) 1357 { 1358 SMP_TRACE_ERROR ("IO capability does not meet authentication requirement"); 1359 failure = SMP_PAIR_AUTH_FAIL; 1360 p = (tSMP_INT_DATA *)&failure; 1361 int_evt = SMP_AUTH_CMPL_EVT; 1362 } 1363 else 1364 { 1365 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE; 1366 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level ); 1367 1368 key.key_type = SMP_KEY_TYPE_TK; 1369 key.p_data = p_cb->tk; 1370 p = (tSMP_INT_DATA *)&key; 1371 1372 memset(p_cb->tk, 0, BT_OCTET16_LEN); 1373 /* TK, ready */ 1374 int_evt = SMP_KEY_READY_EVT; 1375 } 1376 break; 1377 1378 case SMP_MODEL_PASSKEY: 1379 p_cb->sec_level = SMP_SEC_AUTHENTICATED; 1380 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level ); 1381 1382 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT; 1383 int_evt = SMP_TK_REQ_EVT; 1384 break; 1385 1386 case SMP_MODEL_OOB: 1387 SMP_TRACE_ERROR ("Association Model = SMP_MODEL_OOB"); 1388 p_cb->sec_level = SMP_SEC_AUTHENTICATED; 1389 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level ); 1390 1391 p_cb->cb_evt = SMP_OOB_REQ_EVT; 1392 int_evt = SMP_TK_REQ_EVT; 1393 break; 1394 1395 case SMP_MODEL_KEY_NOTIF: 1396 p_cb->sec_level = SMP_SEC_AUTHENTICATED; 1397 SMP_TRACE_DEBUG("Need to generate Passkey"); 1398 1399 /* generate passkey and notify application */ 1400 smp_generate_passkey(p_cb, NULL); 1401 break; 1402 1403 case SMP_MODEL_SEC_CONN_JUSTWORKS: 1404 case SMP_MODEL_SEC_CONN_NUM_COMP: 1405 case SMP_MODEL_SEC_CONN_PASSKEY_ENT: 1406 case SMP_MODEL_SEC_CONN_PASSKEY_DISP: 1407 case SMP_MODEL_SEC_CONN_OOB: 1408 int_evt = SMP_PUBL_KEY_EXCH_REQ_EVT; 1409 break; 1410 1411 case SMP_MODEL_OUT_OF_RANGE: 1412 SMP_TRACE_ERROR("Association Model = SMP_MODEL_OUT_OF_RANGE (failed)"); 1413 p = (tSMP_INT_DATA *)&failure; 1414 int_evt = SMP_AUTH_CMPL_EVT; 1415 break; 1416 1417 default: 1418 SMP_TRACE_ERROR("Association Model = %d (SOMETHING IS WRONG WITH THE CODE)", 1419 p_cb->selected_association_model); 1420 p = (tSMP_INT_DATA *)&failure; 1421 int_evt = SMP_AUTH_CMPL_EVT; 1422 } 1423 1424 SMP_TRACE_EVENT ("sec_level=%d ", p_cb->sec_level ); 1425 if (int_evt) 1426 smp_sm_event(p_cb, int_evt, p); 1427 } 1428 1429 /******************************************************************************* 1430 ** Function smp_process_io_response 1431 ** Description process IO response for a slave device. 1432 *******************************************************************************/ 1433 void smp_process_io_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1434 { 1435 uint8_t reason = SMP_PAIR_AUTH_FAIL; 1436 1437 SMP_TRACE_DEBUG("%s", __func__); 1438 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD) 1439 { 1440 /* pairing started by local (slave) Security Request */ 1441 smp_set_state(SMP_STATE_SEC_REQ_PENDING); 1442 smp_send_cmd(SMP_OPCODE_SEC_REQ, p_cb); 1443 } 1444 else /* plan to send pairing respond */ 1445 { 1446 /* pairing started by peer (master) Pairing Request */ 1447 p_cb->selected_association_model = smp_select_association_model(p_cb); 1448 1449 if (p_cb->secure_connections_only_mode_required && 1450 (!(p_cb->le_secure_connections_mode_is_used) || 1451 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS))) 1452 { 1453 SMP_TRACE_ERROR ("Slave requires secure connection only mode \ 1454 but it can't be provided -> Slave fails pairing"); 1455 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1456 return; 1457 } 1458 1459 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) 1460 { 1461 if (smp_request_oob_data(p_cb)) return; 1462 } 1463 1464 // PTS Testing failure modes 1465 if (pts_test_send_authentication_complete_failure(p_cb)) 1466 return; 1467 1468 smp_send_pair_rsp(p_cb, NULL); 1469 } 1470 } 1471 1472 /******************************************************************************* 1473 ** Function smp_br_process_slave_keys_response 1474 ** Description process application keys response for a slave device 1475 ** (BR/EDR transport). 1476 *******************************************************************************/ 1477 void smp_br_process_slave_keys_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1478 { 1479 smp_br_send_pair_response(p_cb, NULL); 1480 } 1481 1482 /******************************************************************************* 1483 ** Function smp_br_send_pair_response 1484 ** Description actions related to sending pairing response over BR/EDR transport. 1485 *******************************************************************************/ 1486 void smp_br_send_pair_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1487 { 1488 SMP_TRACE_DEBUG("%s", __func__); 1489 1490 p_cb->local_i_key &= p_cb->peer_i_key; 1491 p_cb->local_r_key &= p_cb->peer_r_key; 1492 1493 smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb); 1494 } 1495 1496 /******************************************************************************* 1497 ** Function smp_pairing_cmpl 1498 ** Description This function is called to send the pairing complete callback 1499 ** and remove the connection if needed. 1500 *******************************************************************************/ 1501 void smp_pairing_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1502 { 1503 if (p_cb->total_tx_unacked == 0) 1504 { 1505 /* update connection parameter to remote preferred */ 1506 L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, TRUE); 1507 /* process the pairing complete */ 1508 smp_proc_pairing_cmpl(p_cb); 1509 } 1510 } 1511 1512 /******************************************************************************* 1513 ** Function smp_pair_terminate 1514 ** Description This function is called to send the pairing complete callback 1515 ** and remove the connection if needed. 1516 *******************************************************************************/ 1517 void smp_pair_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1518 { 1519 SMP_TRACE_DEBUG("%s", __func__); 1520 p_cb->status = SMP_CONN_TOUT; 1521 smp_proc_pairing_cmpl(p_cb); 1522 } 1523 1524 /******************************************************************************* 1525 ** Function smp_idle_terminate 1526 ** Description This function calledin idle state to determine to send authentication 1527 ** complete or not. 1528 *******************************************************************************/ 1529 void smp_idle_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1530 { 1531 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD) 1532 { 1533 SMP_TRACE_DEBUG("Pairing terminated at IDLE state."); 1534 p_cb->status = SMP_FAIL; 1535 smp_proc_pairing_cmpl(p_cb); 1536 } 1537 } 1538 1539 /******************************************************************************* 1540 ** Function smp_fast_conn_param 1541 ** Description apply default connection parameter for pairing process 1542 *******************************************************************************/ 1543 void smp_fast_conn_param(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1544 { 1545 /* disable connection parameter update */ 1546 L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, FALSE); 1547 } 1548 1549 /******************************************************************************* 1550 ** Function smp_both_have_public_keys 1551 ** Description The function is called when both local and peer public keys are 1552 ** saved. 1553 ** Actions: 1554 ** - invokes DHKey computation; 1555 ** - on slave side invokes sending local public key to the peer. 1556 ** - invokes SC phase 1 process. 1557 *******************************************************************************/ 1558 void smp_both_have_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1559 { 1560 SMP_TRACE_DEBUG("%s",__func__); 1561 1562 /* invokes DHKey computation */ 1563 smp_compute_dhkey(p_cb); 1564 1565 /* on slave side invokes sending local public key to the peer */ 1566 if (p_cb->role == HCI_ROLE_SLAVE) 1567 smp_send_pair_public_key(p_cb, NULL); 1568 1569 smp_sm_event(p_cb, SMP_SC_DHKEY_CMPLT_EVT, NULL); 1570 } 1571 1572 /******************************************************************************* 1573 ** Function smp_start_secure_connection_phase1 1574 ** Description The function starts Secure Connection phase1 i.e. invokes initialization of Secure Connection 1575 ** phase 1 parameters and starts building/sending to the peer 1576 ** messages appropriate for the role and association model. 1577 *******************************************************************************/ 1578 void smp_start_secure_connection_phase1(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1579 { 1580 SMP_TRACE_DEBUG("%s", __func__); 1581 1582 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS) 1583 { 1584 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE; 1585 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level ); 1586 } 1587 else 1588 { 1589 p_cb->sec_level = SMP_SEC_AUTHENTICATED; 1590 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level ); 1591 } 1592 1593 switch(p_cb->selected_association_model) 1594 { 1595 case SMP_MODEL_SEC_CONN_JUSTWORKS: 1596 case SMP_MODEL_SEC_CONN_NUM_COMP: 1597 memset(p_cb->local_random, 0, BT_OCTET16_LEN); 1598 smp_start_nonce_generation(p_cb); 1599 break; 1600 case SMP_MODEL_SEC_CONN_PASSKEY_ENT: 1601 /* user has to provide passkey */ 1602 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT; 1603 smp_sm_event(p_cb, SMP_TK_REQ_EVT, NULL); 1604 break; 1605 case SMP_MODEL_SEC_CONN_PASSKEY_DISP: 1606 /* passkey has to be provided to user */ 1607 SMP_TRACE_DEBUG("Need to generate SC Passkey"); 1608 smp_generate_passkey(p_cb, NULL); 1609 break; 1610 case SMP_MODEL_SEC_CONN_OOB: 1611 /* use the available OOB information */ 1612 smp_process_secure_connection_oob_data(p_cb, NULL); 1613 break; 1614 default: 1615 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC", 1616 p_cb->selected_association_model); 1617 break; 1618 } 1619 } 1620 1621 /******************************************************************************* 1622 ** Function smp_process_local_nonce 1623 ** Description The function processes new local nonce. 1624 ** 1625 ** Note It is supposed to be called in SC phase1. 1626 *******************************************************************************/ 1627 void smp_process_local_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1628 { 1629 SMP_TRACE_DEBUG("%s", __func__); 1630 1631 switch(p_cb->selected_association_model) 1632 { 1633 case SMP_MODEL_SEC_CONN_JUSTWORKS: 1634 case SMP_MODEL_SEC_CONN_NUM_COMP: 1635 if (p_cb->role == HCI_ROLE_SLAVE) 1636 { 1637 /* slave calculates and sends local commitment */ 1638 smp_calculate_local_commitment(p_cb); 1639 smp_send_commitment(p_cb, NULL); 1640 /* slave has to wait for peer nonce */ 1641 smp_set_state(SMP_STATE_WAIT_NONCE); 1642 } 1643 else /* i.e. master */ 1644 { 1645 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM) 1646 { 1647 /* slave commitment is already received, send local nonce, wait for remote nonce*/ 1648 SMP_TRACE_DEBUG("master in assoc mode = %d \ 1649 already rcvd slave commitment - race condition", 1650 p_cb->selected_association_model); 1651 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM; 1652 smp_send_rand(p_cb, NULL); 1653 smp_set_state(SMP_STATE_WAIT_NONCE); 1654 } 1655 } 1656 break; 1657 case SMP_MODEL_SEC_CONN_PASSKEY_ENT: 1658 case SMP_MODEL_SEC_CONN_PASSKEY_DISP: 1659 smp_calculate_local_commitment(p_cb); 1660 1661 if (p_cb->role == HCI_ROLE_MASTER) 1662 { 1663 smp_send_commitment(p_cb, NULL); 1664 } 1665 else /* slave */ 1666 { 1667 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM) 1668 { 1669 /* master commitment is already received */ 1670 smp_send_commitment(p_cb, NULL); 1671 smp_set_state(SMP_STATE_WAIT_NONCE); 1672 } 1673 } 1674 break; 1675 case SMP_MODEL_SEC_CONN_OOB: 1676 if (p_cb->role == HCI_ROLE_MASTER) 1677 { 1678 smp_send_rand(p_cb, NULL); 1679 } 1680 1681 smp_set_state(SMP_STATE_WAIT_NONCE); 1682 break; 1683 default: 1684 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC", 1685 p_cb->selected_association_model); 1686 break; 1687 } 1688 } 1689 1690 /******************************************************************************* 1691 ** Function smp_process_peer_nonce 1692 ** Description The function processes newly received and saved in CB peer nonce. 1693 ** The actions depend on the selected association model and the role. 1694 ** 1695 ** Note It is supposed to be called in SC phase1. 1696 *******************************************************************************/ 1697 void smp_process_peer_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1698 { 1699 UINT8 reason; 1700 1701 SMP_TRACE_DEBUG("%s start ", __func__); 1702 1703 // PTS Testing failure modes 1704 if (p_cb->cert_failure == 1) { 1705 SMP_TRACE_ERROR("%s failure case = %d", __func__, p_cb->cert_failure); 1706 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR; 1707 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1708 return; 1709 } 1710 1711 switch(p_cb->selected_association_model) 1712 { 1713 case SMP_MODEL_SEC_CONN_JUSTWORKS: 1714 case SMP_MODEL_SEC_CONN_NUM_COMP: 1715 /* in these models only master receives commitment */ 1716 if (p_cb->role == HCI_ROLE_MASTER) 1717 { 1718 if (!smp_check_commitment(p_cb)) 1719 { 1720 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR; 1721 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1722 break; 1723 } 1724 } 1725 else 1726 { 1727 /* slave sends local nonce */ 1728 smp_send_rand(p_cb, NULL); 1729 } 1730 1731 if(p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS) 1732 { 1733 /* go directly to phase 2 */ 1734 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL); 1735 } 1736 else /* numeric comparison */ 1737 { 1738 smp_set_state(SMP_STATE_WAIT_NONCE); 1739 smp_sm_event(p_cb, SMP_SC_CALC_NC_EVT, NULL); 1740 } 1741 break; 1742 case SMP_MODEL_SEC_CONN_PASSKEY_ENT: 1743 case SMP_MODEL_SEC_CONN_PASSKEY_DISP: 1744 if (!smp_check_commitment(p_cb) && p_cb->cert_failure != 9) 1745 { 1746 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR; 1747 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1748 break; 1749 } 1750 1751 if (p_cb->role == HCI_ROLE_SLAVE) 1752 { 1753 smp_send_rand(p_cb, NULL); 1754 } 1755 1756 if (++p_cb->round < 20) 1757 { 1758 smp_set_state(SMP_STATE_SEC_CONN_PHS1_START); 1759 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM; 1760 smp_start_nonce_generation(p_cb); 1761 break; 1762 } 1763 1764 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL); 1765 break; 1766 case SMP_MODEL_SEC_CONN_OOB: 1767 if (p_cb->role == HCI_ROLE_SLAVE) 1768 { 1769 smp_send_rand(p_cb, NULL); 1770 } 1771 1772 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL); 1773 break; 1774 default: 1775 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC", 1776 p_cb->selected_association_model); 1777 break; 1778 } 1779 1780 SMP_TRACE_DEBUG("%s end ",__FUNCTION__); 1781 } 1782 1783 /******************************************************************************* 1784 ** Function smp_match_dhkey_checks 1785 ** Description checks if the calculated peer DHKey Check value is the same as 1786 ** received from the peer DHKey check value. 1787 *******************************************************************************/ 1788 void smp_match_dhkey_checks(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1789 { 1790 UINT8 reason = SMP_DHKEY_CHK_FAIL; 1791 1792 SMP_TRACE_DEBUG("%s", __func__); 1793 1794 if (memcmp(p_data->key.p_data, p_cb->remote_dhkey_check, BT_OCTET16_LEN)) 1795 { 1796 SMP_TRACE_WARNING ("dhkey chcks do no match"); 1797 p_cb->failure = reason; 1798 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1799 return; 1800 } 1801 1802 SMP_TRACE_EVENT ("dhkey chcks match"); 1803 1804 /* compare the max encryption key size, and save the smaller one for the link */ 1805 if (p_cb->peer_enc_size < p_cb->loc_enc_size) 1806 p_cb->loc_enc_size = p_cb->peer_enc_size; 1807 1808 if (p_cb->role == HCI_ROLE_SLAVE) 1809 { 1810 smp_sm_event(p_cb, SMP_PAIR_DHKEY_CHCK_EVT, NULL); 1811 } 1812 else 1813 { 1814 /* master device always use received i/r key as keys to distribute */ 1815 p_cb->local_i_key = p_cb->peer_i_key; 1816 p_cb->local_r_key = p_cb->peer_r_key; 1817 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL); 1818 } 1819 } 1820 1821 /******************************************************************************* 1822 ** Function smp_move_to_secure_connections_phase2 1823 ** Description Signal State Machine to start SC phase 2 initialization (to 1824 ** compute local DHKey Check value). 1825 ** 1826 ** Note SM is supposed to be in the state SMP_STATE_SEC_CONN_PHS2_START. 1827 *******************************************************************************/ 1828 void smp_move_to_secure_connections_phase2(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1829 { 1830 SMP_TRACE_DEBUG("%s",__func__); 1831 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL); 1832 } 1833 1834 /******************************************************************************* 1835 ** Function smp_phase_2_dhkey_checks_are_present 1836 ** Description generates event if dhkey check from the peer is already received. 1837 ** 1838 ** Note It is supposed to be used on slave to prevent race condition. 1839 ** It is supposed to be called after slave dhkey check is calculated. 1840 *******************************************************************************/ 1841 void smp_phase_2_dhkey_checks_are_present(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1842 { 1843 SMP_TRACE_DEBUG("%s",__func__); 1844 1845 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK) 1846 smp_sm_event(p_cb, SMP_SC_2_DHCK_CHKS_PRES_EVT, NULL); 1847 } 1848 1849 /******************************************************************************* 1850 ** Function smp_wait_for_both_public_keys 1851 ** Description generates SMP_BOTH_PUBL_KEYS_RCVD_EVT event when both local and master 1852 ** public keys are available. 1853 ** 1854 ** Note on the slave it is used to prevent race condition. 1855 ** 1856 *******************************************************************************/ 1857 void smp_wait_for_both_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1858 { 1859 SMP_TRACE_DEBUG("%s",__func__); 1860 1861 if ((p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY) && 1862 (p_cb->flags & SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY)) 1863 { 1864 if ((p_cb->role == HCI_ROLE_SLAVE) && 1865 ((p_cb->req_oob_type == SMP_OOB_LOCAL) || (p_cb->req_oob_type == SMP_OOB_BOTH))) 1866 { 1867 smp_set_state(SMP_STATE_PUBLIC_KEY_EXCH); 1868 } 1869 smp_sm_event(p_cb, SMP_BOTH_PUBL_KEYS_RCVD_EVT, NULL); 1870 } 1871 } 1872 1873 /******************************************************************************* 1874 ** Function smp_start_passkey_verification 1875 ** Description Starts SC passkey entry verification. 1876 *******************************************************************************/ 1877 void smp_start_passkey_verification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1878 { 1879 UINT8 *p = NULL; 1880 1881 SMP_TRACE_DEBUG("%s", __func__); 1882 p = p_cb->local_random; 1883 UINT32_TO_STREAM(p, p_data->passkey); 1884 1885 p = p_cb->peer_random; 1886 UINT32_TO_STREAM(p, p_data->passkey); 1887 1888 p_cb->round = 0; 1889 smp_start_nonce_generation(p_cb); 1890 } 1891 1892 /******************************************************************************* 1893 ** Function smp_process_secure_connection_oob_data 1894 ** Description Processes local/peer SC OOB data received from somewhere. 1895 *******************************************************************************/ 1896 void smp_process_secure_connection_oob_data(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1897 { 1898 SMP_TRACE_DEBUG("%s", __func__); 1899 1900 tSMP_SC_OOB_DATA *p_sc_oob_data = &p_cb->sc_oob_data; 1901 if (p_sc_oob_data->loc_oob_data.present) 1902 { 1903 memcpy(p_cb->local_random, p_sc_oob_data->loc_oob_data.randomizer, 1904 sizeof(p_cb->local_random)); 1905 } 1906 else 1907 { 1908 SMP_TRACE_EVENT ("local OOB randomizer is absent"); 1909 memset(p_cb->local_random, 0, sizeof (p_cb->local_random)); 1910 } 1911 1912 if (!p_sc_oob_data->peer_oob_data.present) 1913 { 1914 SMP_TRACE_EVENT ("peer OOB data is absent"); 1915 memset(p_cb->peer_random, 0, sizeof (p_cb->peer_random)); 1916 } 1917 else 1918 { 1919 memcpy(p_cb->peer_random, p_sc_oob_data->peer_oob_data.randomizer, 1920 sizeof(p_cb->peer_random)); 1921 memcpy(p_cb->remote_commitment, p_sc_oob_data->peer_oob_data.commitment, 1922 sizeof(p_cb->remote_commitment)); 1923 1924 UINT8 reason = SMP_CONFIRM_VALUE_ERR; 1925 /* check commitment */ 1926 if (!smp_check_commitment(p_cb)) 1927 { 1928 p_cb->failure = reason; 1929 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1930 return; 1931 } 1932 1933 if (p_cb->peer_oob_flag != SMP_OOB_PRESENT) 1934 { 1935 /* the peer doesn't have local randomiser */ 1936 SMP_TRACE_EVENT ("peer didn't receive local OOB data, set local randomizer to 0"); 1937 memset(p_cb->local_random, 0, sizeof (p_cb->local_random)); 1938 } 1939 } 1940 1941 print128(p_cb->local_random, (const UINT8 *)"local OOB randomizer"); 1942 print128(p_cb->peer_random, (const UINT8 *)"peer OOB randomizer"); 1943 smp_start_nonce_generation(p_cb); 1944 } 1945 1946 /******************************************************************************* 1947 ** Function smp_set_local_oob_keys 1948 ** Description Saves calculated private/public keys in sc_oob_data.loc_oob_data, 1949 ** starts nonce generation 1950 ** (to be saved in sc_oob_data.loc_oob_data.randomizer). 1951 *******************************************************************************/ 1952 void smp_set_local_oob_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1953 { 1954 SMP_TRACE_DEBUG("%s", __func__); 1955 1956 memcpy(p_cb->sc_oob_data.loc_oob_data.private_key_used, p_cb->private_key, 1957 BT_OCTET32_LEN); 1958 p_cb->sc_oob_data.loc_oob_data.publ_key_used = p_cb->loc_publ_key; 1959 smp_start_nonce_generation(p_cb); 1960 } 1961 1962 /******************************************************************************* 1963 ** Function smp_set_local_oob_random_commitment 1964 ** Description Saves calculated randomizer and commitment in sc_oob_data.loc_oob_data, 1965 ** passes sc_oob_data.loc_oob_data up for safekeeping. 1966 *******************************************************************************/ 1967 void smp_set_local_oob_random_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1968 { 1969 SMP_TRACE_DEBUG("%s", __func__); 1970 memcpy(p_cb->sc_oob_data.loc_oob_data.randomizer, p_cb->rand, 1971 BT_OCTET16_LEN); 1972 1973 smp_calculate_f4(p_cb->sc_oob_data.loc_oob_data.publ_key_used.x, 1974 p_cb->sc_oob_data.loc_oob_data.publ_key_used.x, 1975 p_cb->sc_oob_data.loc_oob_data.randomizer, 0, 1976 p_cb->sc_oob_data.loc_oob_data.commitment); 1977 1978 #if SMP_DEBUG == TRUE 1979 UINT8 *p_print = NULL; 1980 SMP_TRACE_DEBUG("local SC OOB data set:"); 1981 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.addr_sent_to; 1982 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"addr_sent_to", 1983 sizeof(tBLE_BD_ADDR)); 1984 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.private_key_used; 1985 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"private_key_used", 1986 BT_OCTET32_LEN); 1987 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.x; 1988 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.x", 1989 BT_OCTET32_LEN); 1990 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.y; 1991 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.y", 1992 BT_OCTET32_LEN); 1993 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.randomizer; 1994 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"randomizer", 1995 BT_OCTET16_LEN); 1996 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.commitment; 1997 smp_debug_print_nbyte_little_endian (p_print,(const UINT8 *) "commitment", 1998 BT_OCTET16_LEN); 1999 SMP_TRACE_DEBUG(""); 2000 #endif 2001 2002 /* pass created OOB data up */ 2003 p_cb->cb_evt = SMP_SC_LOC_OOB_DATA_UP_EVT; 2004 smp_send_app_cback(p_cb, NULL); 2005 2006 smp_cb_cleanup(p_cb); 2007 } 2008 2009 /******************************************************************************* 2010 ** 2011 ** Function smp_link_encrypted 2012 ** 2013 ** Description This function is called when link is encrypted and notified to 2014 ** slave device. Proceed to to send LTK, DIV and ER to master if 2015 ** bonding the devices. 2016 ** 2017 ** 2018 ** Returns void 2019 ** 2020 *******************************************************************************/ 2021 void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable) 2022 { 2023 tSMP_CB *p_cb = &smp_cb; 2024 2025 SMP_TRACE_DEBUG("%s encr_enable=%d", __func__, encr_enable); 2026 2027 if (memcmp(&smp_cb.pairing_bda[0], bda, BD_ADDR_LEN) == 0) 2028 { 2029 /* encryption completed with STK, remmeber the key size now, could be overwite 2030 * when key exchange happens */ 2031 if (p_cb->loc_enc_size != 0 && encr_enable) 2032 { 2033 /* update the link encryption key size if a SMP pairing just performed */ 2034 btm_ble_update_sec_key_size(bda, p_cb->loc_enc_size); 2035 } 2036 2037 smp_sm_event(&smp_cb, SMP_ENCRYPTED_EVT, &encr_enable); 2038 } 2039 } 2040 2041 /******************************************************************************* 2042 ** 2043 ** Function smp_proc_ltk_request 2044 ** 2045 ** Description This function is called when LTK request is received from 2046 ** controller. 2047 ** 2048 ** Returns void 2049 ** 2050 *******************************************************************************/ 2051 BOOLEAN smp_proc_ltk_request(BD_ADDR bda) 2052 { 2053 SMP_TRACE_DEBUG("%s state = %d", __func__, smp_cb.state); 2054 BOOLEAN match = FALSE; 2055 2056 if (!memcmp(bda, smp_cb.pairing_bda, BD_ADDR_LEN)) 2057 { 2058 match = TRUE; 2059 } else { 2060 BD_ADDR dummy_bda = {0}; 2061 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bda); 2062 if (p_dev_rec != NULL && 2063 0 == memcmp(p_dev_rec->ble.pseudo_addr, smp_cb.pairing_bda, BD_ADDR_LEN) && 2064 0 != memcmp(p_dev_rec->ble.pseudo_addr, dummy_bda, BD_ADDR_LEN)) 2065 { 2066 match = TRUE; 2067 } 2068 } 2069 2070 if (match && smp_cb.state == SMP_STATE_ENCRYPTION_PENDING) 2071 { 2072 smp_sm_event(&smp_cb, SMP_ENC_REQ_EVT, NULL); 2073 return TRUE; 2074 } 2075 2076 return FALSE; 2077 } 2078 2079 /******************************************************************************* 2080 ** 2081 ** Function smp_process_secure_connection_long_term_key 2082 ** 2083 ** Description This function is called to process SC LTK. 2084 ** SC LTK is calculated and used instead of STK. 2085 ** Here SC LTK is saved in BLE DB. 2086 ** 2087 ** Returns void 2088 ** 2089 *******************************************************************************/ 2090 void smp_process_secure_connection_long_term_key(void) 2091 { 2092 tSMP_CB *p_cb = &smp_cb; 2093 2094 SMP_TRACE_DEBUG("%s", __func__); 2095 smp_save_secure_connections_long_term_key(p_cb); 2096 2097 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE); 2098 smp_key_distribution(p_cb, NULL); 2099 } 2100 2101 /******************************************************************************* 2102 ** 2103 ** Function smp_set_derive_link_key 2104 ** 2105 ** Description This function is called to set flag that indicates that 2106 ** BR/EDR LK has to be derived from LTK after all keys are 2107 ** distributed. 2108 ** 2109 ** Returns void 2110 ** 2111 *******************************************************************************/ 2112 void smp_set_derive_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 2113 { 2114 SMP_TRACE_DEBUG ("%s", __func__); 2115 p_cb->derive_lk = TRUE; 2116 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_LK, FALSE); 2117 smp_key_distribution(p_cb, NULL); 2118 } 2119 2120 /******************************************************************************* 2121 ** 2122 ** Function smp_derive_link_key_from_long_term_key 2123 ** 2124 ** Description This function is called to derive BR/EDR LK from LTK. 2125 ** 2126 ** Returns void 2127 ** 2128 *******************************************************************************/ 2129 void smp_derive_link_key_from_long_term_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 2130 { 2131 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN; 2132 2133 SMP_TRACE_DEBUG("%s", __func__); 2134 if (!smp_calculate_link_key_from_long_term_key(p_cb)) 2135 { 2136 SMP_TRACE_ERROR("%s failed", __FUNCTION__); 2137 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status); 2138 return; 2139 } 2140 } 2141 2142 /******************************************************************************* 2143 ** 2144 ** Function smp_br_process_link_key 2145 ** 2146 ** Description This function is called to process BR/EDR LK: 2147 ** - to derive SMP LTK from BR/EDR LK; 2148 *8 - to save SMP LTK. 2149 ** 2150 ** Returns void 2151 ** 2152 *******************************************************************************/ 2153 void smp_br_process_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 2154 { 2155 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN; 2156 2157 SMP_TRACE_DEBUG("%s", __func__); 2158 if (!smp_calculate_long_term_key_from_link_key(p_cb)) 2159 { 2160 SMP_TRACE_ERROR ("%s failed",__FUNCTION__); 2161 smp_sm_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &status); 2162 return; 2163 } 2164 2165 SMP_TRACE_DEBUG("%s: LTK derivation from LK successfully completed", __FUNCTION__); 2166 smp_save_secure_connections_long_term_key(p_cb); 2167 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE); 2168 smp_br_select_next_key(p_cb, NULL); 2169 } 2170 2171 /******************************************************************************* 2172 ** Function smp_key_distribution_by_transport 2173 ** Description depending on the transport used at the moment calls either 2174 ** smp_key_distribution(...) or smp_br_key_distribution(...). 2175 *******************************************************************************/ 2176 void smp_key_distribution_by_transport(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 2177 { 2178 SMP_TRACE_DEBUG("%s", __func__); 2179 if (p_cb->smp_over_br) 2180 { 2181 smp_br_select_next_key(p_cb, NULL); 2182 } 2183 else 2184 { 2185 smp_key_distribution(p_cb, NULL); 2186 } 2187 } 2188 2189 /******************************************************************************* 2190 ** Function smp_br_pairing_complete 2191 ** Description This function is called to send the pairing complete callback 2192 ** and remove the connection if needed. 2193 *******************************************************************************/ 2194 void smp_br_pairing_complete(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 2195 { 2196 SMP_TRACE_DEBUG("%s", __func__); 2197 2198 if (p_cb->total_tx_unacked == 0) 2199 { 2200 /* process the pairing complete */ 2201 smp_proc_pairing_cmpl(p_cb); 2202 } 2203 } 2204 2205 #endif 2206