1 /****************************************************************************** 2 * 3 * Copyright (C) 2003-2012 Broadcom Corporation 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19 #include <string.h> 20 #include "device/include/interop.h" 21 #include "include/bt_target.h" 22 #include "stack/btm/btm_int.h" 23 #include "stack/include/l2c_api.h" 24 #include "stack/smp/smp_int.h" 25 #include "utils/include/bt_utils.h" 26 27 extern fixed_queue_t *btu_general_alarm_queue; 28 29 #if SMP_INCLUDED == TRUE 30 const UINT8 smp_association_table[2][SMP_IO_CAP_MAX][SMP_IO_CAP_MAX] = 31 { 32 /* initiator */ 33 {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* Display Only */ 34 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* SMP_CAP_IO = 1 */ 35 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* keyboard only */ 36 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */ 37 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}}, /* keyboard display */ 38 /* responder */ 39 {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* Display Only */ 40 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* SMP_CAP_IO = 1 */ 41 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* keyboard only */ 42 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */ 43 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}} /* keyboard display */ 44 /* display only */ /*SMP_CAP_IO = 1 */ /* keyboard only */ /* No InputOutput */ /* keyboard display */ 45 }; 46 47 #define SMP_KEY_DIST_TYPE_MAX 4 48 const tSMP_ACT smp_distribute_act [] = 49 { 50 smp_generate_ltk, 51 smp_send_id_info, 52 smp_generate_csrk, 53 smp_set_derive_link_key 54 }; 55 56 static bool lmp_version_below(BD_ADDR bda, uint8_t version) 57 { 58 tACL_CONN *acl = btm_bda_to_acl(bda, BT_TRANSPORT_LE); 59 if (acl == NULL || acl->lmp_version == 0) 60 { 61 SMP_TRACE_WARNING("%s cannot retrieve LMP version...", __func__); 62 return false; 63 } 64 SMP_TRACE_WARNING("%s LMP version %d < %d", __func__, acl->lmp_version, version); 65 return acl->lmp_version < version; 66 } 67 68 static bool pts_test_send_authentication_complete_failure(tSMP_CB *p_cb) 69 { 70 uint8_t reason = 0; 71 72 if (p_cb->cert_failure < 2 || p_cb->cert_failure > 6) 73 return false; 74 75 SMP_TRACE_ERROR("%s failure case = %d", __func__, p_cb->cert_failure); 76 77 switch (p_cb->cert_failure) 78 { 79 case 2: 80 reason = SMP_PAIR_AUTH_FAIL; 81 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 82 break; 83 case 3: 84 reason = SMP_PAIR_FAIL_UNKNOWN; 85 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 86 break; 87 case 4: 88 reason = SMP_PAIR_NOT_SUPPORT; 89 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 90 break; 91 case 5: 92 reason = SMP_PASSKEY_ENTRY_FAIL; 93 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 94 break; 95 case 6: 96 reason = SMP_REPEATED_ATTEMPTS; 97 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 98 break; 99 } 100 101 return true;; 102 } 103 104 /******************************************************************************* 105 ** Function smp_update_key_mask 106 ** Description This function updates the key mask for sending or receiving. 107 *******************************************************************************/ 108 static void smp_update_key_mask (tSMP_CB *p_cb, UINT8 key_type, BOOLEAN recv) 109 { 110 SMP_TRACE_DEBUG("%s before update role=%d recv=%d local_i_key = %02x, local_r_key = %02x", 111 __func__, p_cb->role, recv, p_cb->local_i_key, p_cb->local_r_key); 112 113 if (((p_cb->le_secure_connections_mode_is_used) || 114 (p_cb->smp_over_br)) && 115 ((key_type == SMP_SEC_KEY_TYPE_ENC) || (key_type == SMP_SEC_KEY_TYPE_LK))) 116 { 117 /* in LE SC mode LTK, CSRK and BR/EDR LK are derived locally instead of 118 ** being exchanged with the peer */ 119 p_cb->local_i_key &= ~key_type; 120 p_cb->local_r_key &= ~key_type; 121 } 122 else 123 if (p_cb->role == HCI_ROLE_SLAVE) 124 { 125 if (recv) 126 p_cb->local_i_key &= ~key_type; 127 else 128 p_cb->local_r_key &= ~key_type; 129 } 130 else 131 { 132 if (recv) 133 p_cb->local_r_key &= ~key_type; 134 else 135 p_cb->local_i_key &= ~key_type; 136 } 137 138 SMP_TRACE_DEBUG("updated local_i_key = %02x, local_r_key = %02x", p_cb->local_i_key, 139 p_cb->local_r_key); 140 } 141 142 /******************************************************************************* 143 ** Function smp_send_app_cback 144 ** Description notifies application about the events the application is interested in 145 *******************************************************************************/ 146 void smp_send_app_cback(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 147 { 148 tSMP_EVT_DATA cb_data; 149 tSMP_STATUS callback_rc; 150 SMP_TRACE_DEBUG("%s p_cb->cb_evt=%d", __func__, p_cb->cb_evt); 151 if (p_cb->p_callback && p_cb->cb_evt != 0) 152 { 153 switch (p_cb->cb_evt) 154 { 155 case SMP_IO_CAP_REQ_EVT: 156 cb_data.io_req.auth_req = p_cb->peer_auth_req; 157 cb_data.io_req.oob_data = SMP_OOB_NONE; 158 cb_data.io_req.io_cap = SMP_DEFAULT_IO_CAPS; 159 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE; 160 cb_data.io_req.init_keys = p_cb->local_i_key ; 161 cb_data.io_req.resp_keys = p_cb->local_r_key ; 162 SMP_TRACE_WARNING ( "io_cap = %d",cb_data.io_req.io_cap); 163 break; 164 165 case SMP_NC_REQ_EVT: 166 cb_data.passkey = p_data->passkey; 167 break; 168 case SMP_SC_OOB_REQ_EVT: 169 cb_data.req_oob_type = p_data->req_oob_type; 170 break; 171 case SMP_SC_LOC_OOB_DATA_UP_EVT: 172 cb_data.loc_oob_data = p_cb->sc_oob_data.loc_oob_data; 173 break; 174 175 case SMP_BR_KEYS_REQ_EVT: 176 cb_data.io_req.auth_req = 0; 177 cb_data.io_req.oob_data = SMP_OOB_NONE; 178 cb_data.io_req.io_cap = 0; 179 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE; 180 cb_data.io_req.init_keys = SMP_BR_SEC_DEFAULT_KEY; 181 cb_data.io_req.resp_keys = SMP_BR_SEC_DEFAULT_KEY; 182 break; 183 184 default: 185 break; 186 } 187 188 callback_rc = (*p_cb->p_callback)(p_cb->cb_evt, p_cb->pairing_bda, &cb_data); 189 190 SMP_TRACE_DEBUG("callback_rc=%d p_cb->cb_evt=%d",callback_rc, p_cb->cb_evt ); 191 192 if (callback_rc == SMP_SUCCESS) 193 { 194 switch (p_cb->cb_evt) 195 { 196 case SMP_IO_CAP_REQ_EVT: 197 p_cb->loc_auth_req = cb_data.io_req.auth_req; 198 p_cb->local_io_capability = cb_data.io_req.io_cap; 199 p_cb->loc_oob_flag = cb_data.io_req.oob_data; 200 p_cb->loc_enc_size = cb_data.io_req.max_key_size; 201 p_cb->local_i_key = cb_data.io_req.init_keys; 202 p_cb->local_r_key = cb_data.io_req.resp_keys; 203 204 if (!(p_cb->loc_auth_req & SMP_AUTH_BOND)) 205 { 206 SMP_TRACE_WARNING ("Non bonding: No keys will be exchanged"); 207 p_cb->local_i_key = 0; 208 p_cb->local_r_key = 0; 209 } 210 211 SMP_TRACE_WARNING ( "rcvd auth_req: 0x%02x, io_cap: %d \ 212 loc_oob_flag: %d loc_enc_size: %d," 213 "local_i_key: 0x%02x, local_r_key: 0x%02x", 214 p_cb->loc_auth_req, p_cb->local_io_capability, p_cb->loc_oob_flag, 215 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key); 216 217 p_cb->secure_connections_only_mode_required = 218 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE; 219 220 if (p_cb->secure_connections_only_mode_required) 221 { 222 p_cb->loc_auth_req |= SMP_SC_SUPPORT_BIT; 223 } 224 225 if (!(p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT) 226 || lmp_version_below(p_cb->pairing_bda, HCI_PROTO_VERSION_4_2) 227 || interop_match_addr(INTEROP_DISABLE_LE_SECURE_CONNECTIONS, 228 (const bt_bdaddr_t *)&p_cb->pairing_bda)) 229 { 230 p_cb->loc_auth_req &= ~SMP_KP_SUPPORT_BIT; 231 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK; 232 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK; 233 } 234 235 SMP_TRACE_WARNING("set auth_req: 0x%02x, local_i_key: 0x%02x, local_r_key: 0x%02x", 236 p_cb->loc_auth_req, p_cb->local_i_key, p_cb->local_r_key); 237 238 smp_sm_event(p_cb, SMP_IO_RSP_EVT, NULL); 239 break; 240 241 case SMP_BR_KEYS_REQ_EVT: 242 p_cb->loc_enc_size = cb_data.io_req.max_key_size; 243 p_cb->local_i_key = cb_data.io_req.init_keys; 244 p_cb->local_r_key = cb_data.io_req.resp_keys; 245 246 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK; 247 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK; 248 249 SMP_TRACE_WARNING ( "for SMP over BR max_key_size: 0x%02x,\ 250 local_i_key: 0x%02x, local_r_key: 0x%02x", 251 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key); 252 253 smp_br_state_machine_event(p_cb, SMP_BR_KEYS_RSP_EVT, NULL); 254 break; 255 } 256 } 257 } 258 259 if (!p_cb->cb_evt && p_cb->discard_sec_req) 260 { 261 p_cb->discard_sec_req = FALSE; 262 smp_sm_event(p_cb, SMP_DISCARD_SEC_REQ_EVT, NULL); 263 } 264 265 SMP_TRACE_DEBUG("%s return", __func__); 266 } 267 268 /******************************************************************************* 269 ** Function smp_send_pair_fail 270 ** Description pairing failure to peer device if needed. 271 *******************************************************************************/ 272 void smp_send_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 273 { 274 p_cb->status = *(UINT8 *)p_data; 275 p_cb->failure = *(UINT8 *)p_data; 276 277 SMP_TRACE_DEBUG("%s status=%d failure=%d ", __func__, p_cb->status, p_cb->failure); 278 279 if (p_cb->status <= SMP_MAX_FAIL_RSN_PER_SPEC && p_cb->status != SMP_SUCCESS) 280 { 281 smp_send_cmd(SMP_OPCODE_PAIRING_FAILED, p_cb); 282 p_cb->wait_for_authorization_complete = TRUE; 283 } 284 } 285 286 /******************************************************************************* 287 ** Function smp_send_pair_req 288 ** Description actions related to sending pairing request 289 *******************************************************************************/ 290 void smp_send_pair_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 291 { 292 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda); 293 SMP_TRACE_DEBUG("%s", __func__); 294 295 /* erase all keys when master sends pairing req*/ 296 if (p_dev_rec) 297 btm_sec_clear_ble_keys(p_dev_rec); 298 /* do not manipulate the key, let app decide, 299 leave out to BTM to mandate key distribution for bonding case */ 300 smp_send_cmd(SMP_OPCODE_PAIRING_REQ, p_cb); 301 } 302 303 /******************************************************************************* 304 ** Function smp_send_pair_rsp 305 ** Description actions related to sending pairing response 306 *******************************************************************************/ 307 void smp_send_pair_rsp(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 308 { 309 SMP_TRACE_DEBUG("%s", __func__); 310 311 p_cb->local_i_key &= p_cb->peer_i_key; 312 p_cb->local_r_key &= p_cb->peer_r_key; 313 314 if (smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb)) 315 { 316 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) 317 smp_use_oob_private_key(p_cb, NULL); 318 else 319 smp_decide_association_model(p_cb, NULL); 320 } 321 } 322 323 /******************************************************************************* 324 ** Function smp_send_confirm 325 ** Description send confirmation to the peer 326 *******************************************************************************/ 327 void smp_send_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 328 { 329 SMP_TRACE_DEBUG("%s", __func__); 330 smp_send_cmd(SMP_OPCODE_CONFIRM, p_cb); 331 } 332 333 /******************************************************************************* 334 ** Function smp_send_init 335 ** Description process pairing initializer to slave device 336 *******************************************************************************/ 337 void smp_send_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 338 { 339 SMP_TRACE_DEBUG("%s", __func__); 340 smp_send_cmd(SMP_OPCODE_INIT, p_cb); 341 } 342 343 /******************************************************************************* 344 ** Function smp_send_rand 345 ** Description send pairing random to the peer 346 *******************************************************************************/ 347 void smp_send_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 348 { 349 SMP_TRACE_DEBUG("%s", __func__); 350 smp_send_cmd(SMP_OPCODE_RAND, p_cb); 351 } 352 353 /******************************************************************************* 354 ** Function smp_send_pair_public_key 355 ** Description send pairing public key command to the peer 356 *******************************************************************************/ 357 void smp_send_pair_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 358 { 359 SMP_TRACE_DEBUG("%s", __func__); 360 smp_send_cmd(SMP_OPCODE_PAIR_PUBLIC_KEY, p_cb); 361 } 362 363 /******************************************************************************* 364 ** Function SMP_SEND_COMMITMENT 365 ** Description send commitment command to the peer 366 *******************************************************************************/ 367 void smp_send_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 368 { 369 SMP_TRACE_DEBUG("%s", __func__); 370 smp_send_cmd(SMP_OPCODE_PAIR_COMMITM, p_cb); 371 } 372 373 /******************************************************************************* 374 ** Function smp_send_dhkey_check 375 ** Description send DHKey Check command to the peer 376 *******************************************************************************/ 377 void smp_send_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 378 { 379 SMP_TRACE_DEBUG("%s", __func__); 380 smp_send_cmd(SMP_OPCODE_PAIR_DHKEY_CHECK, p_cb); 381 } 382 383 /******************************************************************************* 384 ** Function smp_send_keypress_notification 385 ** Description send Keypress Notification command to the peer 386 *******************************************************************************/ 387 void smp_send_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 388 { 389 p_cb->local_keypress_notification = *(UINT8 *) p_data; 390 smp_send_cmd(SMP_OPCODE_PAIR_KEYPR_NOTIF, p_cb); 391 } 392 393 /******************************************************************************* 394 ** Function smp_send_enc_info 395 ** Description send encryption information command. 396 *******************************************************************************/ 397 void smp_send_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 398 { 399 tBTM_LE_LENC_KEYS le_key; 400 401 SMP_TRACE_DEBUG("%s p_cb->loc_enc_size = %d", __func__, p_cb->loc_enc_size); 402 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE); 403 404 smp_send_cmd(SMP_OPCODE_ENCRYPT_INFO, p_cb); 405 smp_send_cmd(SMP_OPCODE_MASTER_ID, p_cb); 406 407 /* save the DIV and key size information when acting as slave device */ 408 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN); 409 le_key.div = p_cb->div; 410 le_key.key_size = p_cb->loc_enc_size; 411 le_key.sec_level = p_cb->sec_level; 412 413 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND)) 414 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LENC, 415 (tBTM_LE_KEY_VALUE *)&le_key, TRUE); 416 417 SMP_TRACE_WARNING ("%s", __func__); 418 419 smp_key_distribution(p_cb, NULL); 420 } 421 422 /******************************************************************************* 423 ** Function smp_send_id_info 424 ** Description send ID information command. 425 *******************************************************************************/ 426 void smp_send_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 427 { 428 tBTM_LE_KEY_VALUE le_key; 429 SMP_TRACE_DEBUG("%s", __func__); 430 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, FALSE); 431 432 smp_send_cmd(SMP_OPCODE_IDENTITY_INFO, p_cb); 433 smp_send_cmd(SMP_OPCODE_ID_ADDR, p_cb); 434 435 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND)) 436 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LID, 437 &le_key, TRUE); 438 439 SMP_TRACE_WARNING ("%s", __func__); 440 smp_key_distribution_by_transport(p_cb, NULL); 441 } 442 443 /******************************************************************************* 444 ** Function smp_send_csrk_info 445 ** Description send CSRK command. 446 *******************************************************************************/ 447 void smp_send_csrk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 448 { 449 tBTM_LE_LCSRK_KEYS key; 450 SMP_TRACE_DEBUG("%s", __func__); 451 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, FALSE); 452 453 if (smp_send_cmd(SMP_OPCODE_SIGN_INFO, p_cb)) 454 { 455 key.div = p_cb->div; 456 key.sec_level = p_cb->sec_level; 457 key.counter = 0; /* initialize the local counter */ 458 memcpy (key.csrk, p_cb->csrk, BT_OCTET16_LEN); 459 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LCSRK, (tBTM_LE_KEY_VALUE *)&key, TRUE); 460 } 461 462 smp_key_distribution_by_transport(p_cb, NULL); 463 } 464 465 /******************************************************************************* 466 ** Function smp_send_ltk_reply 467 ** Description send LTK reply 468 *******************************************************************************/ 469 void smp_send_ltk_reply(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 470 { 471 SMP_TRACE_DEBUG("%s", __func__); 472 /* send stk as LTK response */ 473 btm_ble_ltk_request_reply(p_cb->pairing_bda, TRUE, p_data->key.p_data); 474 } 475 476 /******************************************************************************* 477 ** Function smp_proc_sec_req 478 ** Description process security request. 479 *******************************************************************************/ 480 void smp_proc_sec_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 481 { 482 tBTM_LE_AUTH_REQ auth_req = *(tBTM_LE_AUTH_REQ *)p_data; 483 tBTM_BLE_SEC_REQ_ACT sec_req_act; 484 UINT8 reason; 485 486 SMP_TRACE_DEBUG("%s auth_req=0x%x", __func__, auth_req); 487 488 p_cb->cb_evt = 0; 489 490 btm_ble_link_sec_check(p_cb->pairing_bda, auth_req, &sec_req_act); 491 492 SMP_TRACE_DEBUG("%s sec_req_act=0x%x", __func__, sec_req_act); 493 494 switch (sec_req_act) 495 { 496 case BTM_BLE_SEC_REQ_ACT_ENCRYPT: 497 SMP_TRACE_DEBUG("%s BTM_BLE_SEC_REQ_ACT_ENCRYPT", __func__); 498 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL); 499 break; 500 501 case BTM_BLE_SEC_REQ_ACT_PAIR: 502 p_cb->secure_connections_only_mode_required = 503 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE; 504 505 /* respond to non SC pairing request as failure in SC only mode */ 506 if (p_cb->secure_connections_only_mode_required && 507 (auth_req & SMP_SC_SUPPORT_BIT) == 0) 508 { 509 reason = SMP_PAIR_AUTH_FAIL; 510 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 511 } 512 else 513 { 514 /* initialize local i/r key to be default keys */ 515 p_cb->peer_auth_req = auth_req; 516 p_cb->local_r_key = p_cb->local_i_key = SMP_SEC_DEFAULT_KEY ; 517 p_cb->cb_evt = SMP_SEC_REQUEST_EVT; 518 } 519 break; 520 521 case BTM_BLE_SEC_REQ_ACT_DISCARD: 522 p_cb->discard_sec_req = TRUE; 523 break; 524 525 default: 526 /* do nothing */ 527 break; 528 } 529 } 530 531 /******************************************************************************* 532 ** Function smp_proc_sec_grant 533 ** Description process security grant. 534 *******************************************************************************/ 535 void smp_proc_sec_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 536 { 537 UINT8 res= *(UINT8 *)p_data; 538 SMP_TRACE_DEBUG("%s", __func__); 539 if (res != SMP_SUCCESS) 540 { 541 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, p_data); 542 } 543 else /*otherwise, start pairing */ 544 { 545 /* send IO request callback */ 546 p_cb->cb_evt = SMP_IO_CAP_REQ_EVT; 547 } 548 } 549 550 /******************************************************************************* 551 ** Function smp_proc_pair_fail 552 ** Description process pairing failure from peer device 553 *******************************************************************************/ 554 void smp_proc_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 555 { 556 SMP_TRACE_DEBUG("%s", __func__); 557 p_cb->status = *(UINT8 *)p_data; 558 559 /* Cancel pending auth complete timer if set */ 560 alarm_cancel(p_cb->delayed_auth_timer_ent); 561 } 562 563 /******************************************************************************* 564 ** Function smp_proc_pair_cmd 565 ** Description Process the SMP pairing request/response from peer device 566 *******************************************************************************/ 567 void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 568 { 569 UINT8 *p = (UINT8 *)p_data; 570 UINT8 reason = SMP_ENC_KEY_SIZE; 571 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda); 572 573 SMP_TRACE_DEBUG("%s", __func__); 574 /* erase all keys if it is slave proc pairing req*/ 575 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE)) 576 btm_sec_clear_ble_keys(p_dev_rec); 577 578 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR; 579 580 STREAM_TO_UINT8(p_cb->peer_io_caps, p); 581 STREAM_TO_UINT8(p_cb->peer_oob_flag, p); 582 STREAM_TO_UINT8(p_cb->peer_auth_req, p); 583 STREAM_TO_UINT8(p_cb->peer_enc_size, p); 584 STREAM_TO_UINT8(p_cb->peer_i_key, p); 585 STREAM_TO_UINT8(p_cb->peer_r_key, p); 586 587 if (smp_command_has_invalid_parameters(p_cb)) 588 { 589 reason = SMP_INVALID_PARAMETERS; 590 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 591 return; 592 } 593 594 // PTS Testing failure modes 595 if (pts_test_send_authentication_complete_failure(p_cb)) 596 return; 597 598 if (p_cb->role == HCI_ROLE_SLAVE) 599 { 600 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)) 601 { 602 /* peer (master) started pairing sending Pairing Request */ 603 p_cb->local_i_key = p_cb->peer_i_key; 604 p_cb->local_r_key = p_cb->peer_r_key; 605 606 p_cb->cb_evt = SMP_SEC_REQUEST_EVT; 607 } 608 else /* update local i/r key according to pairing request */ 609 { 610 /* pairing started with this side (slave) sending Security Request */ 611 p_cb->local_i_key &= p_cb->peer_i_key; 612 p_cb->local_r_key &= p_cb->peer_r_key; 613 p_cb->selected_association_model = smp_select_association_model(p_cb); 614 615 if (p_cb->secure_connections_only_mode_required && 616 (!(p_cb->le_secure_connections_mode_is_used) || 617 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS))) 618 { 619 SMP_TRACE_ERROR("%s pairing failed - slave requires secure connection only mode", 620 __func__); 621 reason = SMP_PAIR_AUTH_FAIL; 622 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 623 return; 624 } 625 626 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) 627 { 628 if (smp_request_oob_data(p_cb)) return; 629 } 630 else 631 { 632 smp_send_pair_rsp(p_cb, NULL); 633 } 634 } 635 } 636 else /* Master receives pairing response */ 637 { 638 p_cb->selected_association_model = smp_select_association_model(p_cb); 639 640 if (p_cb->secure_connections_only_mode_required && 641 (!(p_cb->le_secure_connections_mode_is_used) || 642 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS))) 643 { 644 SMP_TRACE_ERROR ("Master requires secure connection only mode \ 645 but it can't be provided -> Master fails pairing"); 646 reason = SMP_PAIR_AUTH_FAIL; 647 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 648 return; 649 } 650 651 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) 652 { 653 if (smp_request_oob_data(p_cb)) return; 654 } 655 else 656 { 657 smp_decide_association_model(p_cb, NULL); 658 } 659 } 660 } 661 662 /******************************************************************************* 663 ** Function smp_proc_confirm 664 ** Description process pairing confirm from peer device 665 *******************************************************************************/ 666 void smp_proc_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 667 { 668 UINT8 *p = (UINT8 *)p_data; 669 UINT8 reason = SMP_INVALID_PARAMETERS; 670 671 SMP_TRACE_DEBUG("%s", __func__); 672 673 if (smp_command_has_invalid_parameters(p_cb)) 674 { 675 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 676 return; 677 } 678 679 if (p != NULL) 680 { 681 /* save the SConfirm for comparison later */ 682 STREAM_TO_ARRAY(p_cb->rconfirm, p, BT_OCTET16_LEN); 683 } 684 685 p_cb->flags |= SMP_PAIR_FLAGS_CMD_CONFIRM; 686 } 687 688 /******************************************************************************* 689 ** Function smp_proc_init 690 ** Description process pairing initializer from peer device 691 *******************************************************************************/ 692 void smp_proc_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 693 { 694 UINT8 *p = (UINT8 *)p_data; 695 UINT8 reason = SMP_INVALID_PARAMETERS; 696 697 SMP_TRACE_DEBUG("%s", __func__); 698 699 if (smp_command_has_invalid_parameters(p_cb)) 700 { 701 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 702 return; 703 } 704 705 /* save the SRand for comparison */ 706 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN); 707 } 708 709 /******************************************************************************* 710 ** Function smp_proc_rand 711 ** Description process pairing random (nonce) from peer device 712 *******************************************************************************/ 713 void smp_proc_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 714 { 715 UINT8 *p = (UINT8 *)p_data; 716 UINT8 reason = SMP_INVALID_PARAMETERS; 717 718 SMP_TRACE_DEBUG("%s", __func__); 719 720 if (smp_command_has_invalid_parameters(p_cb)) 721 { 722 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 723 return; 724 } 725 726 /* save the SRand for comparison */ 727 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN); 728 } 729 730 /******************************************************************************* 731 ** Function smp_process_pairing_public_key 732 ** Description process pairing public key command from the peer device 733 ** - saves the peer public key; 734 ** - sets the flag indicating that the peer public key is received; 735 ** - calls smp_wait_for_both_public_keys(...). 736 ** 737 *******************************************************************************/ 738 void smp_process_pairing_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 739 { 740 UINT8 *p = (UINT8 *)p_data; 741 UINT8 reason = SMP_INVALID_PARAMETERS; 742 743 SMP_TRACE_DEBUG("%s", __func__); 744 745 if (smp_command_has_invalid_parameters(p_cb)) 746 { 747 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 748 return; 749 } 750 751 STREAM_TO_ARRAY(p_cb->peer_publ_key.x, p, BT_OCTET32_LEN); 752 STREAM_TO_ARRAY(p_cb->peer_publ_key.y, p, BT_OCTET32_LEN); 753 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY; 754 755 smp_wait_for_both_public_keys(p_cb, NULL); 756 } 757 758 /******************************************************************************* 759 ** Function smp_process_pairing_commitment 760 ** Description process pairing commitment from peer device 761 *******************************************************************************/ 762 void smp_process_pairing_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 763 { 764 UINT8 *p = (UINT8 *)p_data; 765 UINT8 reason = SMP_INVALID_PARAMETERS; 766 767 SMP_TRACE_DEBUG("%s", __func__); 768 769 if (smp_command_has_invalid_parameters(p_cb)) 770 { 771 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 772 return; 773 } 774 775 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_COMM; 776 777 if (p != NULL) 778 { 779 STREAM_TO_ARRAY(p_cb->remote_commitment, p, BT_OCTET16_LEN); 780 } 781 } 782 783 /******************************************************************************* 784 ** Function smp_process_dhkey_check 785 ** Description process DHKey Check from peer device 786 *******************************************************************************/ 787 void smp_process_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 788 { 789 UINT8 *p = (UINT8 *)p_data; 790 UINT8 reason = SMP_INVALID_PARAMETERS; 791 792 SMP_TRACE_DEBUG("%s", __func__); 793 794 if (smp_command_has_invalid_parameters(p_cb)) 795 { 796 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 797 return; 798 } 799 800 if (p != NULL) 801 { 802 STREAM_TO_ARRAY(p_cb->remote_dhkey_check, p, BT_OCTET16_LEN); 803 } 804 805 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK; 806 } 807 808 /******************************************************************************* 809 ** Function smp_process_keypress_notification 810 ** Description process pairing keypress notification from peer device 811 *******************************************************************************/ 812 void smp_process_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 813 { 814 UINT8 *p = (UINT8 *)p_data; 815 UINT8 reason = SMP_INVALID_PARAMETERS; 816 817 SMP_TRACE_DEBUG("%s", __func__); 818 p_cb->status = *(UINT8 *)p_data; 819 820 if (smp_command_has_invalid_parameters(p_cb)) 821 { 822 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 823 return; 824 } 825 826 if (p != NULL) 827 { 828 STREAM_TO_UINT8(p_cb->peer_keypress_notification, p); 829 } 830 else 831 { 832 p_cb->peer_keypress_notification = BTM_SP_KEY_OUT_OF_RANGE; 833 } 834 p_cb->cb_evt = SMP_PEER_KEYPR_NOT_EVT; 835 } 836 837 /******************************************************************************* 838 ** Function smp_br_process_pairing_command 839 ** Description Process the SMP pairing request/response from peer device via 840 ** BR/EDR transport. 841 *******************************************************************************/ 842 void smp_br_process_pairing_command(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 843 { 844 UINT8 *p = (UINT8 *)p_data; 845 UINT8 reason = SMP_ENC_KEY_SIZE; 846 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda); 847 848 SMP_TRACE_DEBUG("%s", __func__); 849 /* rejecting BR pairing request over non-SC BR link */ 850 if (!p_dev_rec->new_encryption_key_is_p256 && p_cb->role == HCI_ROLE_SLAVE) 851 { 852 reason = SMP_XTRANS_DERIVE_NOT_ALLOW; 853 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason); 854 return; 855 } 856 857 /* erase all keys if it is slave proc pairing req*/ 858 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE)) 859 btm_sec_clear_ble_keys(p_dev_rec); 860 861 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR; 862 863 STREAM_TO_UINT8(p_cb->peer_io_caps, p); 864 STREAM_TO_UINT8(p_cb->peer_oob_flag, p); 865 STREAM_TO_UINT8(p_cb->peer_auth_req, p); 866 STREAM_TO_UINT8(p_cb->peer_enc_size, p); 867 STREAM_TO_UINT8(p_cb->peer_i_key, p); 868 STREAM_TO_UINT8(p_cb->peer_r_key, p); 869 870 if (smp_command_has_invalid_parameters(p_cb)) 871 { 872 reason = SMP_INVALID_PARAMETERS; 873 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason); 874 return; 875 } 876 877 /* peer (master) started pairing sending Pairing Request */ 878 /* or being master device always use received i/r key as keys to distribute */ 879 p_cb->local_i_key = p_cb->peer_i_key; 880 p_cb->local_r_key = p_cb->peer_r_key; 881 882 if (p_cb->role == HCI_ROLE_SLAVE) 883 { 884 p_dev_rec->new_encryption_key_is_p256 = FALSE; 885 /* shortcut to skip Security Grant step */ 886 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT; 887 } 888 else /* Master receives pairing response */ 889 { 890 SMP_TRACE_DEBUG("%s master rcvs valid PAIRING RESPONSE." 891 " Supposed to move to key distribution phase. ", __func__); 892 } 893 894 /* auth_req received via BR/EDR SM channel is set to 0, 895 but everything derived/exchanged has to be saved */ 896 p_cb->peer_auth_req |= SMP_AUTH_BOND; 897 p_cb->loc_auth_req |= SMP_AUTH_BOND; 898 } 899 900 /******************************************************************************* 901 ** Function smp_br_process_security_grant 902 ** Description process security grant in case of pairing over BR/EDR transport. 903 *******************************************************************************/ 904 void smp_br_process_security_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 905 { 906 UINT8 res= *(UINT8 *)p_data; 907 SMP_TRACE_DEBUG("%s", __func__); 908 if (res != SMP_SUCCESS) 909 { 910 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, p_data); 911 } 912 else /*otherwise, start pairing */ 913 { 914 /* send IO request callback */ 915 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT; 916 } 917 } 918 919 /******************************************************************************* 920 ** Function smp_br_check_authorization_request 921 ** Description sets the SMP kes to be derived/distribute over BR/EDR transport 922 ** before starting the distribution/derivation 923 *******************************************************************************/ 924 void smp_br_check_authorization_request(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 925 { 926 UINT8 reason = SMP_SUCCESS; 927 928 SMP_TRACE_DEBUG("%s rcvs i_keys=0x%x r_keys=0x%x " 929 "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key, 930 p_cb->local_r_key); 931 932 /* In LE SC mode LK field is ignored when BR/EDR transport is used */ 933 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK; 934 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK; 935 936 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer. 937 ** Set local_r_key on master to expect only these keys. */ 938 if (p_cb->role == HCI_ROLE_MASTER) 939 { 940 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK); 941 } 942 943 SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x " 944 "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key, 945 p_cb->local_r_key); 946 947 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) || 948 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/ 949 (p_cb->local_i_key || p_cb->local_r_key)) 950 { 951 smp_br_state_machine_event(p_cb, SMP_BR_BOND_REQ_EVT, NULL); 952 953 /* if no peer key is expected, start master key distribution */ 954 if (p_cb->role == HCI_ROLE_MASTER && p_cb->local_r_key == 0) 955 smp_key_distribution_by_transport(p_cb, NULL); 956 } 957 else 958 { 959 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason); 960 } 961 } 962 963 /******************************************************************************* 964 ** Function smp_br_select_next_key 965 ** Description selects the next key to derive/send when BR/EDR transport is 966 ** used. 967 *******************************************************************************/ 968 void smp_br_select_next_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 969 { 970 UINT8 reason = SMP_SUCCESS; 971 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x", 972 __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key); 973 974 if (p_cb->role == HCI_ROLE_SLAVE|| 975 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER)) 976 { 977 smp_key_pick_key(p_cb, p_data); 978 } 979 980 if (!p_cb->local_i_key && !p_cb->local_r_key) 981 { 982 /* state check to prevent re-entrance */ 983 if (smp_get_br_state() == SMP_BR_STATE_BOND_PENDING) 984 { 985 if (p_cb->total_tx_unacked == 0) 986 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason); 987 else 988 p_cb->wait_for_authorization_complete = TRUE; 989 } 990 } 991 } 992 993 /******************************************************************************* 994 ** Function smp_proc_enc_info 995 ** Description process encryption information from peer device 996 *******************************************************************************/ 997 void smp_proc_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 998 { 999 UINT8 *p = (UINT8 *)p_data; 1000 1001 SMP_TRACE_DEBUG("%s", __func__); 1002 STREAM_TO_ARRAY(p_cb->ltk, p, BT_OCTET16_LEN); 1003 1004 smp_key_distribution(p_cb, NULL); 1005 } 1006 /******************************************************************************* 1007 ** Function smp_proc_master_id 1008 ** Description process master ID from slave device 1009 *******************************************************************************/ 1010 void smp_proc_master_id(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1011 { 1012 UINT8 *p = (UINT8 *)p_data; 1013 tBTM_LE_PENC_KEYS le_key; 1014 1015 SMP_TRACE_DEBUG("%s", __func__); 1016 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, TRUE); 1017 1018 STREAM_TO_UINT16(le_key.ediv, p); 1019 STREAM_TO_ARRAY(le_key.rand, p, BT_OCTET8_LEN ); 1020 1021 /* store the encryption keys from peer device */ 1022 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN); 1023 le_key.sec_level = p_cb->sec_level; 1024 le_key.key_size = p_cb->loc_enc_size; 1025 1026 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND)) 1027 btm_sec_save_le_key(p_cb->pairing_bda, 1028 BTM_LE_KEY_PENC, 1029 (tBTM_LE_KEY_VALUE *)&le_key, TRUE); 1030 1031 smp_key_distribution(p_cb, NULL); 1032 } 1033 1034 /******************************************************************************* 1035 ** Function smp_proc_enc_info 1036 ** Description process identity information from peer device 1037 *******************************************************************************/ 1038 void smp_proc_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1039 { 1040 UINT8 *p = (UINT8 *)p_data; 1041 1042 SMP_TRACE_DEBUG("%s", __func__); 1043 STREAM_TO_ARRAY (p_cb->tk, p, BT_OCTET16_LEN); /* reuse TK for IRK */ 1044 smp_key_distribution_by_transport(p_cb, NULL); 1045 } 1046 1047 /******************************************************************************* 1048 ** Function smp_proc_id_addr 1049 ** Description process identity address from peer device 1050 *******************************************************************************/ 1051 void smp_proc_id_addr(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1052 { 1053 UINT8 *p = (UINT8 *)p_data; 1054 tBTM_LE_PID_KEYS pid_key; 1055 1056 SMP_TRACE_DEBUG("%s", __func__); 1057 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, TRUE); 1058 1059 STREAM_TO_UINT8(pid_key.addr_type, p); 1060 STREAM_TO_BDADDR(pid_key.static_addr, p); 1061 memcpy(pid_key.irk, p_cb->tk, BT_OCTET16_LEN); 1062 1063 /* to use as BD_ADDR for lk derived from ltk */ 1064 p_cb->id_addr_rcvd = TRUE; 1065 p_cb->id_addr_type = pid_key.addr_type; 1066 memcpy(p_cb->id_addr, pid_key.static_addr, BD_ADDR_LEN); 1067 1068 /* store the ID key from peer device */ 1069 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND)) 1070 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PID, 1071 (tBTM_LE_KEY_VALUE *)&pid_key, TRUE); 1072 smp_key_distribution_by_transport(p_cb, NULL); 1073 } 1074 1075 /******************************************************************************* 1076 ** Function smp_proc_srk_info 1077 ** Description process security information from peer device 1078 *******************************************************************************/ 1079 void smp_proc_srk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1080 { 1081 tBTM_LE_PCSRK_KEYS le_key; 1082 1083 SMP_TRACE_DEBUG("%s", __func__); 1084 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, TRUE); 1085 1086 /* save CSRK to security record */ 1087 le_key.sec_level = p_cb->sec_level; 1088 memcpy (le_key.csrk, p_data, BT_OCTET16_LEN); /* get peer CSRK */ 1089 le_key.counter = 0; /* initialize the peer counter */ 1090 1091 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND)) 1092 btm_sec_save_le_key(p_cb->pairing_bda, 1093 BTM_LE_KEY_PCSRK, 1094 (tBTM_LE_KEY_VALUE *)&le_key, TRUE); 1095 smp_key_distribution_by_transport(p_cb, NULL); 1096 } 1097 1098 /******************************************************************************* 1099 ** Function smp_proc_compare 1100 ** Description process compare value 1101 *******************************************************************************/ 1102 void smp_proc_compare(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1103 { 1104 UINT8 reason; 1105 1106 SMP_TRACE_DEBUG("%s", __func__); 1107 if (!memcmp(p_cb->rconfirm, p_data->key.p_data, BT_OCTET16_LEN)) 1108 { 1109 /* compare the max encryption key size, and save the smaller one for the link */ 1110 if ( p_cb->peer_enc_size < p_cb->loc_enc_size) 1111 p_cb->loc_enc_size = p_cb->peer_enc_size; 1112 1113 if (p_cb->role == HCI_ROLE_SLAVE) 1114 smp_sm_event(p_cb, SMP_RAND_EVT, NULL); 1115 else 1116 { 1117 /* master device always use received i/r key as keys to distribute */ 1118 p_cb->local_i_key = p_cb->peer_i_key; 1119 p_cb->local_r_key = p_cb->peer_r_key; 1120 1121 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL); 1122 } 1123 1124 } 1125 else 1126 { 1127 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR; 1128 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1129 } 1130 } 1131 1132 /******************************************************************************* 1133 ** Function smp_proc_sl_key 1134 ** Description process key ready events. 1135 *******************************************************************************/ 1136 void smp_proc_sl_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1137 { 1138 UINT8 key_type = p_data->key.key_type; 1139 1140 SMP_TRACE_DEBUG("%s", __func__); 1141 if (key_type == SMP_KEY_TYPE_TK) 1142 { 1143 smp_generate_srand_mrand_confirm(p_cb, NULL); 1144 } 1145 else if (key_type == SMP_KEY_TYPE_CFM) 1146 { 1147 smp_set_state(SMP_STATE_WAIT_CONFIRM); 1148 1149 if (p_cb->flags & SMP_PAIR_FLAGS_CMD_CONFIRM) 1150 smp_sm_event(p_cb, SMP_CONFIRM_EVT, NULL); 1151 } 1152 } 1153 1154 /******************************************************************************* 1155 ** Function smp_start_enc 1156 ** Description start encryption 1157 *******************************************************************************/ 1158 void smp_start_enc(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1159 { 1160 tBTM_STATUS cmd; 1161 UINT8 reason = SMP_ENC_FAIL; 1162 1163 SMP_TRACE_DEBUG("%s", __func__); 1164 if (p_data != NULL) 1165 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, TRUE, p_data->key.p_data); 1166 else 1167 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, FALSE, NULL); 1168 1169 if (cmd != BTM_CMD_STARTED && cmd != BTM_BUSY) 1170 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1171 } 1172 1173 /******************************************************************************* 1174 ** Function smp_proc_discard 1175 ** Description processing for discard security request 1176 *******************************************************************************/ 1177 void smp_proc_discard(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1178 { 1179 SMP_TRACE_DEBUG("%s", __func__); 1180 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)) 1181 smp_reset_control_value(p_cb); 1182 } 1183 1184 /******************************************************************************* 1185 ** Function smp_enc_cmpl 1186 ** Description encryption success 1187 *******************************************************************************/ 1188 void smp_enc_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1189 { 1190 UINT8 enc_enable = *(UINT8 *)p_data; 1191 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL; 1192 1193 SMP_TRACE_DEBUG("%s", __func__); 1194 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1195 } 1196 1197 /******************************************************************************* 1198 ** Function smp_check_auth_req 1199 ** Description check authentication request 1200 *******************************************************************************/ 1201 void smp_check_auth_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1202 { 1203 UINT8 enc_enable = *(UINT8 *)p_data; 1204 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL; 1205 1206 SMP_TRACE_DEBUG("%s rcvs enc_enable=%d i_keys=0x%x r_keys=0x%x " 1207 "(i-initiator r-responder)", 1208 __func__, enc_enable, p_cb->local_i_key, p_cb->local_r_key); 1209 if (enc_enable == 1) 1210 { 1211 if (p_cb->le_secure_connections_mode_is_used) 1212 { 1213 /* In LE SC mode LTK is used instead of STK and has to be always saved */ 1214 p_cb->local_i_key |= SMP_SEC_KEY_TYPE_ENC; 1215 p_cb->local_r_key |= SMP_SEC_KEY_TYPE_ENC; 1216 1217 /* In LE SC mode LK is derived from LTK only if both sides request it */ 1218 if (!(p_cb->local_i_key & SMP_SEC_KEY_TYPE_LK) || 1219 !(p_cb->local_r_key & SMP_SEC_KEY_TYPE_LK)) 1220 { 1221 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK; 1222 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK; 1223 } 1224 1225 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer. 1226 ** Set local_r_key on master to expect only these keys. 1227 */ 1228 if (p_cb->role == HCI_ROLE_MASTER) 1229 { 1230 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK); 1231 } 1232 } 1233 else 1234 { 1235 /* in legacy mode derivation of BR/EDR LK is not supported */ 1236 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK; 1237 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK; 1238 } 1239 SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x " 1240 "(i-initiator r-responder)", 1241 __func__, p_cb->local_i_key, p_cb->local_r_key); 1242 1243 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) || 1244 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/ 1245 (p_cb->local_i_key || p_cb->local_r_key)) 1246 { 1247 smp_sm_event(p_cb, SMP_BOND_REQ_EVT, NULL); 1248 } 1249 else 1250 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1251 } 1252 else if (enc_enable == 0) 1253 { 1254 /* if failed for encryption after pairing, send callback */ 1255 if (p_cb->flags & SMP_PAIR_FLAG_ENC_AFTER_PAIR) 1256 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1257 /* if enc failed for old security information */ 1258 /* if master device, clean up and abck to idle; slave device do nothing */ 1259 else if (p_cb->role == HCI_ROLE_MASTER) 1260 { 1261 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1262 } 1263 } 1264 } 1265 1266 /******************************************************************************* 1267 ** Function smp_key_pick_key 1268 ** Description Pick a key distribution function based on the key mask. 1269 *******************************************************************************/ 1270 void smp_key_pick_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1271 { 1272 UINT8 key_to_dist = (p_cb->role == HCI_ROLE_SLAVE) ? p_cb->local_r_key : p_cb->local_i_key; 1273 UINT8 i = 0; 1274 1275 SMP_TRACE_DEBUG("%s key_to_dist=0x%x", __func__, key_to_dist); 1276 while (i < SMP_KEY_DIST_TYPE_MAX) 1277 { 1278 SMP_TRACE_DEBUG("key to send = %02x, i = %d", key_to_dist, i); 1279 1280 if (key_to_dist & (1 << i)) 1281 { 1282 SMP_TRACE_DEBUG("smp_distribute_act[%d]", i); 1283 (* smp_distribute_act[i])(p_cb, p_data); 1284 break; 1285 } 1286 i ++; 1287 } 1288 } 1289 /******************************************************************************* 1290 ** Function smp_key_distribution 1291 ** Description start key distribution if required. 1292 *******************************************************************************/ 1293 void smp_key_distribution(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1294 { 1295 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x", 1296 __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key); 1297 1298 if (p_cb->role == HCI_ROLE_SLAVE || 1299 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER)) 1300 { 1301 smp_key_pick_key(p_cb, p_data); 1302 } 1303 1304 if (!p_cb->local_i_key && !p_cb->local_r_key) 1305 { 1306 /* state check to prevent re-entrant */ 1307 if (smp_get_state() == SMP_STATE_BOND_PENDING) 1308 { 1309 if (p_cb->derive_lk) 1310 { 1311 smp_derive_link_key_from_long_term_key(p_cb, NULL); 1312 p_cb->derive_lk = FALSE; 1313 } 1314 1315 if (p_cb->total_tx_unacked == 0) 1316 { 1317 /* 1318 * Instead of declaring authorization complete immediately, 1319 * delay the event from being sent by SMP_DELAYED_AUTH_TIMEOUT_MS. 1320 * This allows the slave to send over Pairing Failed if the 1321 * last key is rejected. During this waiting window, the 1322 * state should remain in SMP_STATE_BOND_PENDING. 1323 */ 1324 if (!alarm_is_scheduled(p_cb->delayed_auth_timer_ent)) { 1325 SMP_TRACE_DEBUG("%s delaying auth complete.", __func__); 1326 alarm_set_on_queue(p_cb->delayed_auth_timer_ent, SMP_DELAYED_AUTH_TIMEOUT_MS, 1327 smp_delayed_auth_complete_timeout, NULL, btu_general_alarm_queue); 1328 } 1329 } else { 1330 p_cb->wait_for_authorization_complete = TRUE; 1331 } 1332 } 1333 } 1334 } 1335 1336 /******************************************************************************* 1337 ** Function smp_decide_association_model 1338 ** Description This function is called to select assoc model to be used for 1339 ** STK generation and to start STK generation process. 1340 ** 1341 *******************************************************************************/ 1342 void smp_decide_association_model(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1343 { 1344 UINT8 failure = SMP_UNKNOWN_IO_CAP; 1345 UINT8 int_evt = 0; 1346 tSMP_KEY key; 1347 tSMP_INT_DATA *p = NULL; 1348 1349 SMP_TRACE_DEBUG("%s Association Model = %d", __func__, p_cb->selected_association_model); 1350 1351 switch (p_cb->selected_association_model) 1352 { 1353 case SMP_MODEL_ENCRYPTION_ONLY: /* TK = 0, go calculate Confirm */ 1354 if (p_cb->role == HCI_ROLE_MASTER && 1355 ((p_cb->peer_auth_req & SMP_AUTH_YN_BIT) != 0) && 1356 ((p_cb->loc_auth_req & SMP_AUTH_YN_BIT) == 0)) 1357 { 1358 SMP_TRACE_ERROR ("IO capability does not meet authentication requirement"); 1359 failure = SMP_PAIR_AUTH_FAIL; 1360 p = (tSMP_INT_DATA *)&failure; 1361 int_evt = SMP_AUTH_CMPL_EVT; 1362 } 1363 else 1364 { 1365 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE; 1366 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level ); 1367 1368 key.key_type = SMP_KEY_TYPE_TK; 1369 key.p_data = p_cb->tk; 1370 p = (tSMP_INT_DATA *)&key; 1371 1372 memset(p_cb->tk, 0, BT_OCTET16_LEN); 1373 /* TK, ready */ 1374 int_evt = SMP_KEY_READY_EVT; 1375 } 1376 break; 1377 1378 case SMP_MODEL_PASSKEY: 1379 p_cb->sec_level = SMP_SEC_AUTHENTICATED; 1380 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level ); 1381 1382 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT; 1383 int_evt = SMP_TK_REQ_EVT; 1384 break; 1385 1386 case SMP_MODEL_OOB: 1387 SMP_TRACE_ERROR ("Association Model = SMP_MODEL_OOB"); 1388 p_cb->sec_level = SMP_SEC_AUTHENTICATED; 1389 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level ); 1390 1391 p_cb->cb_evt = SMP_OOB_REQ_EVT; 1392 int_evt = SMP_TK_REQ_EVT; 1393 break; 1394 1395 case SMP_MODEL_KEY_NOTIF: 1396 p_cb->sec_level = SMP_SEC_AUTHENTICATED; 1397 SMP_TRACE_DEBUG("Need to generate Passkey"); 1398 1399 /* generate passkey and notify application */ 1400 smp_generate_passkey(p_cb, NULL); 1401 break; 1402 1403 case SMP_MODEL_SEC_CONN_JUSTWORKS: 1404 case SMP_MODEL_SEC_CONN_NUM_COMP: 1405 case SMP_MODEL_SEC_CONN_PASSKEY_ENT: 1406 case SMP_MODEL_SEC_CONN_PASSKEY_DISP: 1407 case SMP_MODEL_SEC_CONN_OOB: 1408 int_evt = SMP_PUBL_KEY_EXCH_REQ_EVT; 1409 break; 1410 1411 case SMP_MODEL_OUT_OF_RANGE: 1412 SMP_TRACE_ERROR("Association Model = SMP_MODEL_OUT_OF_RANGE (failed)"); 1413 p = (tSMP_INT_DATA *)&failure; 1414 int_evt = SMP_AUTH_CMPL_EVT; 1415 break; 1416 1417 default: 1418 SMP_TRACE_ERROR("Association Model = %d (SOMETHING IS WRONG WITH THE CODE)", 1419 p_cb->selected_association_model); 1420 p = (tSMP_INT_DATA *)&failure; 1421 int_evt = SMP_AUTH_CMPL_EVT; 1422 } 1423 1424 SMP_TRACE_EVENT ("sec_level=%d ", p_cb->sec_level ); 1425 if (int_evt) 1426 smp_sm_event(p_cb, int_evt, p); 1427 } 1428 1429 /******************************************************************************* 1430 ** Function smp_process_io_response 1431 ** Description process IO response for a slave device. 1432 *******************************************************************************/ 1433 void smp_process_io_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1434 { 1435 uint8_t reason = SMP_PAIR_AUTH_FAIL; 1436 1437 SMP_TRACE_DEBUG("%s", __func__); 1438 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD) 1439 { 1440 /* pairing started by local (slave) Security Request */ 1441 smp_set_state(SMP_STATE_SEC_REQ_PENDING); 1442 smp_send_cmd(SMP_OPCODE_SEC_REQ, p_cb); 1443 } 1444 else /* plan to send pairing respond */ 1445 { 1446 /* pairing started by peer (master) Pairing Request */ 1447 p_cb->selected_association_model = smp_select_association_model(p_cb); 1448 1449 if (p_cb->secure_connections_only_mode_required && 1450 (!(p_cb->le_secure_connections_mode_is_used) || 1451 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS))) 1452 { 1453 SMP_TRACE_ERROR ("Slave requires secure connection only mode \ 1454 but it can't be provided -> Slave fails pairing"); 1455 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1456 return; 1457 } 1458 1459 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) 1460 { 1461 if (smp_request_oob_data(p_cb)) return; 1462 } 1463 1464 // PTS Testing failure modes 1465 if (pts_test_send_authentication_complete_failure(p_cb)) 1466 return; 1467 1468 smp_send_pair_rsp(p_cb, NULL); 1469 } 1470 } 1471 1472 /******************************************************************************* 1473 ** Function smp_br_process_slave_keys_response 1474 ** Description process application keys response for a slave device 1475 ** (BR/EDR transport). 1476 *******************************************************************************/ 1477 void smp_br_process_slave_keys_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1478 { 1479 smp_br_send_pair_response(p_cb, NULL); 1480 } 1481 1482 /******************************************************************************* 1483 ** Function smp_br_send_pair_response 1484 ** Description actions related to sending pairing response over BR/EDR transport. 1485 *******************************************************************************/ 1486 void smp_br_send_pair_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1487 { 1488 SMP_TRACE_DEBUG("%s", __func__); 1489 1490 p_cb->local_i_key &= p_cb->peer_i_key; 1491 p_cb->local_r_key &= p_cb->peer_r_key; 1492 1493 smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb); 1494 } 1495 1496 /******************************************************************************* 1497 ** Function smp_pairing_cmpl 1498 ** Description This function is called to send the pairing complete callback 1499 ** and remove the connection if needed. 1500 *******************************************************************************/ 1501 void smp_pairing_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1502 { 1503 if (p_cb->total_tx_unacked == 0) 1504 { 1505 /* process the pairing complete */ 1506 smp_proc_pairing_cmpl(p_cb); 1507 } 1508 } 1509 1510 /******************************************************************************* 1511 ** Function smp_pair_terminate 1512 ** Description This function is called to send the pairing complete callback 1513 ** and remove the connection if needed. 1514 *******************************************************************************/ 1515 void smp_pair_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1516 { 1517 SMP_TRACE_DEBUG("%s", __func__); 1518 p_cb->status = SMP_CONN_TOUT; 1519 smp_proc_pairing_cmpl(p_cb); 1520 } 1521 1522 /******************************************************************************* 1523 ** Function smp_idle_terminate 1524 ** Description This function calledin idle state to determine to send authentication 1525 ** complete or not. 1526 *******************************************************************************/ 1527 void smp_idle_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1528 { 1529 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD) 1530 { 1531 SMP_TRACE_DEBUG("Pairing terminated at IDLE state."); 1532 p_cb->status = SMP_FAIL; 1533 smp_proc_pairing_cmpl(p_cb); 1534 } 1535 } 1536 1537 /******************************************************************************* 1538 ** Function smp_fast_conn_param 1539 ** Description apply default connection parameter for pairing process 1540 *******************************************************************************/ 1541 void smp_fast_conn_param(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1542 { 1543 /* Disable L2CAP connection parameter updates while bonding since 1544 some peripherals are not able to revert to fast connection parameters 1545 during the start of service discovery. Connection paramter updates 1546 get enabled again once service discovery completes. */ 1547 L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, false); 1548 } 1549 1550 /******************************************************************************* 1551 ** Function smp_both_have_public_keys 1552 ** Description The function is called when both local and peer public keys are 1553 ** saved. 1554 ** Actions: 1555 ** - invokes DHKey computation; 1556 ** - on slave side invokes sending local public key to the peer. 1557 ** - invokes SC phase 1 process. 1558 *******************************************************************************/ 1559 void smp_both_have_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1560 { 1561 SMP_TRACE_DEBUG("%s",__func__); 1562 1563 /* invokes DHKey computation */ 1564 smp_compute_dhkey(p_cb); 1565 1566 /* on slave side invokes sending local public key to the peer */ 1567 if (p_cb->role == HCI_ROLE_SLAVE) 1568 smp_send_pair_public_key(p_cb, NULL); 1569 1570 smp_sm_event(p_cb, SMP_SC_DHKEY_CMPLT_EVT, NULL); 1571 } 1572 1573 /******************************************************************************* 1574 ** Function smp_start_secure_connection_phase1 1575 ** Description The function starts Secure Connection phase1 i.e. invokes initialization of Secure Connection 1576 ** phase 1 parameters and starts building/sending to the peer 1577 ** messages appropriate for the role and association model. 1578 *******************************************************************************/ 1579 void smp_start_secure_connection_phase1(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1580 { 1581 SMP_TRACE_DEBUG("%s", __func__); 1582 1583 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS) 1584 { 1585 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE; 1586 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level ); 1587 } 1588 else 1589 { 1590 p_cb->sec_level = SMP_SEC_AUTHENTICATED; 1591 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level ); 1592 } 1593 1594 switch(p_cb->selected_association_model) 1595 { 1596 case SMP_MODEL_SEC_CONN_JUSTWORKS: 1597 case SMP_MODEL_SEC_CONN_NUM_COMP: 1598 memset(p_cb->local_random, 0, BT_OCTET16_LEN); 1599 smp_start_nonce_generation(p_cb); 1600 break; 1601 case SMP_MODEL_SEC_CONN_PASSKEY_ENT: 1602 /* user has to provide passkey */ 1603 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT; 1604 smp_sm_event(p_cb, SMP_TK_REQ_EVT, NULL); 1605 break; 1606 case SMP_MODEL_SEC_CONN_PASSKEY_DISP: 1607 /* passkey has to be provided to user */ 1608 SMP_TRACE_DEBUG("Need to generate SC Passkey"); 1609 smp_generate_passkey(p_cb, NULL); 1610 break; 1611 case SMP_MODEL_SEC_CONN_OOB: 1612 /* use the available OOB information */ 1613 smp_process_secure_connection_oob_data(p_cb, NULL); 1614 break; 1615 default: 1616 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC", 1617 p_cb->selected_association_model); 1618 break; 1619 } 1620 } 1621 1622 /******************************************************************************* 1623 ** Function smp_process_local_nonce 1624 ** Description The function processes new local nonce. 1625 ** 1626 ** Note It is supposed to be called in SC phase1. 1627 *******************************************************************************/ 1628 void smp_process_local_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1629 { 1630 SMP_TRACE_DEBUG("%s", __func__); 1631 1632 switch(p_cb->selected_association_model) 1633 { 1634 case SMP_MODEL_SEC_CONN_JUSTWORKS: 1635 case SMP_MODEL_SEC_CONN_NUM_COMP: 1636 if (p_cb->role == HCI_ROLE_SLAVE) 1637 { 1638 /* slave calculates and sends local commitment */ 1639 smp_calculate_local_commitment(p_cb); 1640 smp_send_commitment(p_cb, NULL); 1641 /* slave has to wait for peer nonce */ 1642 smp_set_state(SMP_STATE_WAIT_NONCE); 1643 } 1644 else /* i.e. master */ 1645 { 1646 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM) 1647 { 1648 /* slave commitment is already received, send local nonce, wait for remote nonce*/ 1649 SMP_TRACE_DEBUG("master in assoc mode = %d \ 1650 already rcvd slave commitment - race condition", 1651 p_cb->selected_association_model); 1652 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM; 1653 smp_send_rand(p_cb, NULL); 1654 smp_set_state(SMP_STATE_WAIT_NONCE); 1655 } 1656 } 1657 break; 1658 case SMP_MODEL_SEC_CONN_PASSKEY_ENT: 1659 case SMP_MODEL_SEC_CONN_PASSKEY_DISP: 1660 smp_calculate_local_commitment(p_cb); 1661 1662 if (p_cb->role == HCI_ROLE_MASTER) 1663 { 1664 smp_send_commitment(p_cb, NULL); 1665 } 1666 else /* slave */ 1667 { 1668 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM) 1669 { 1670 /* master commitment is already received */ 1671 smp_send_commitment(p_cb, NULL); 1672 smp_set_state(SMP_STATE_WAIT_NONCE); 1673 } 1674 } 1675 break; 1676 case SMP_MODEL_SEC_CONN_OOB: 1677 if (p_cb->role == HCI_ROLE_MASTER) 1678 { 1679 smp_send_rand(p_cb, NULL); 1680 } 1681 1682 smp_set_state(SMP_STATE_WAIT_NONCE); 1683 break; 1684 default: 1685 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC", 1686 p_cb->selected_association_model); 1687 break; 1688 } 1689 } 1690 1691 /******************************************************************************* 1692 ** Function smp_process_peer_nonce 1693 ** Description The function processes newly received and saved in CB peer nonce. 1694 ** The actions depend on the selected association model and the role. 1695 ** 1696 ** Note It is supposed to be called in SC phase1. 1697 *******************************************************************************/ 1698 void smp_process_peer_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1699 { 1700 UINT8 reason; 1701 1702 SMP_TRACE_DEBUG("%s start ", __func__); 1703 1704 // PTS Testing failure modes 1705 if (p_cb->cert_failure == 1) { 1706 SMP_TRACE_ERROR("%s failure case = %d", __func__, p_cb->cert_failure); 1707 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR; 1708 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1709 return; 1710 } 1711 1712 switch(p_cb->selected_association_model) 1713 { 1714 case SMP_MODEL_SEC_CONN_JUSTWORKS: 1715 case SMP_MODEL_SEC_CONN_NUM_COMP: 1716 /* in these models only master receives commitment */ 1717 if (p_cb->role == HCI_ROLE_MASTER) 1718 { 1719 if (!smp_check_commitment(p_cb)) 1720 { 1721 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR; 1722 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1723 break; 1724 } 1725 } 1726 else 1727 { 1728 /* slave sends local nonce */ 1729 smp_send_rand(p_cb, NULL); 1730 } 1731 1732 if(p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS) 1733 { 1734 /* go directly to phase 2 */ 1735 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL); 1736 } 1737 else /* numeric comparison */ 1738 { 1739 smp_set_state(SMP_STATE_WAIT_NONCE); 1740 smp_sm_event(p_cb, SMP_SC_CALC_NC_EVT, NULL); 1741 } 1742 break; 1743 case SMP_MODEL_SEC_CONN_PASSKEY_ENT: 1744 case SMP_MODEL_SEC_CONN_PASSKEY_DISP: 1745 if (!smp_check_commitment(p_cb) && p_cb->cert_failure != 9) 1746 { 1747 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR; 1748 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1749 break; 1750 } 1751 1752 if (p_cb->role == HCI_ROLE_SLAVE) 1753 { 1754 smp_send_rand(p_cb, NULL); 1755 } 1756 1757 if (++p_cb->round < 20) 1758 { 1759 smp_set_state(SMP_STATE_SEC_CONN_PHS1_START); 1760 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM; 1761 smp_start_nonce_generation(p_cb); 1762 break; 1763 } 1764 1765 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL); 1766 break; 1767 case SMP_MODEL_SEC_CONN_OOB: 1768 if (p_cb->role == HCI_ROLE_SLAVE) 1769 { 1770 smp_send_rand(p_cb, NULL); 1771 } 1772 1773 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL); 1774 break; 1775 default: 1776 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC", 1777 p_cb->selected_association_model); 1778 break; 1779 } 1780 1781 SMP_TRACE_DEBUG("%s end ",__FUNCTION__); 1782 } 1783 1784 /******************************************************************************* 1785 ** Function smp_match_dhkey_checks 1786 ** Description checks if the calculated peer DHKey Check value is the same as 1787 ** received from the peer DHKey check value. 1788 *******************************************************************************/ 1789 void smp_match_dhkey_checks(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1790 { 1791 UINT8 reason = SMP_DHKEY_CHK_FAIL; 1792 1793 SMP_TRACE_DEBUG("%s", __func__); 1794 1795 if (memcmp(p_data->key.p_data, p_cb->remote_dhkey_check, BT_OCTET16_LEN)) 1796 { 1797 SMP_TRACE_WARNING ("dhkey chcks do no match"); 1798 p_cb->failure = reason; 1799 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1800 return; 1801 } 1802 1803 SMP_TRACE_EVENT ("dhkey chcks match"); 1804 1805 /* compare the max encryption key size, and save the smaller one for the link */ 1806 if (p_cb->peer_enc_size < p_cb->loc_enc_size) 1807 p_cb->loc_enc_size = p_cb->peer_enc_size; 1808 1809 if (p_cb->role == HCI_ROLE_SLAVE) 1810 { 1811 smp_sm_event(p_cb, SMP_PAIR_DHKEY_CHCK_EVT, NULL); 1812 } 1813 else 1814 { 1815 /* master device always use received i/r key as keys to distribute */ 1816 p_cb->local_i_key = p_cb->peer_i_key; 1817 p_cb->local_r_key = p_cb->peer_r_key; 1818 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL); 1819 } 1820 } 1821 1822 /******************************************************************************* 1823 ** Function smp_move_to_secure_connections_phase2 1824 ** Description Signal State Machine to start SC phase 2 initialization (to 1825 ** compute local DHKey Check value). 1826 ** 1827 ** Note SM is supposed to be in the state SMP_STATE_SEC_CONN_PHS2_START. 1828 *******************************************************************************/ 1829 void smp_move_to_secure_connections_phase2(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1830 { 1831 SMP_TRACE_DEBUG("%s",__func__); 1832 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL); 1833 } 1834 1835 /******************************************************************************* 1836 ** Function smp_phase_2_dhkey_checks_are_present 1837 ** Description generates event if dhkey check from the peer is already received. 1838 ** 1839 ** Note It is supposed to be used on slave to prevent race condition. 1840 ** It is supposed to be called after slave dhkey check is calculated. 1841 *******************************************************************************/ 1842 void smp_phase_2_dhkey_checks_are_present(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1843 { 1844 SMP_TRACE_DEBUG("%s",__func__); 1845 1846 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK) 1847 smp_sm_event(p_cb, SMP_SC_2_DHCK_CHKS_PRES_EVT, NULL); 1848 } 1849 1850 /******************************************************************************* 1851 ** Function smp_wait_for_both_public_keys 1852 ** Description generates SMP_BOTH_PUBL_KEYS_RCVD_EVT event when both local and master 1853 ** public keys are available. 1854 ** 1855 ** Note on the slave it is used to prevent race condition. 1856 ** 1857 *******************************************************************************/ 1858 void smp_wait_for_both_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1859 { 1860 SMP_TRACE_DEBUG("%s",__func__); 1861 1862 if ((p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY) && 1863 (p_cb->flags & SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY)) 1864 { 1865 if ((p_cb->role == HCI_ROLE_SLAVE) && 1866 ((p_cb->req_oob_type == SMP_OOB_LOCAL) || (p_cb->req_oob_type == SMP_OOB_BOTH))) 1867 { 1868 smp_set_state(SMP_STATE_PUBLIC_KEY_EXCH); 1869 } 1870 smp_sm_event(p_cb, SMP_BOTH_PUBL_KEYS_RCVD_EVT, NULL); 1871 } 1872 } 1873 1874 /******************************************************************************* 1875 ** Function smp_start_passkey_verification 1876 ** Description Starts SC passkey entry verification. 1877 *******************************************************************************/ 1878 void smp_start_passkey_verification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1879 { 1880 UINT8 *p = NULL; 1881 1882 SMP_TRACE_DEBUG("%s", __func__); 1883 p = p_cb->local_random; 1884 UINT32_TO_STREAM(p, p_data->passkey); 1885 1886 p = p_cb->peer_random; 1887 UINT32_TO_STREAM(p, p_data->passkey); 1888 1889 p_cb->round = 0; 1890 smp_start_nonce_generation(p_cb); 1891 } 1892 1893 /******************************************************************************* 1894 ** Function smp_process_secure_connection_oob_data 1895 ** Description Processes local/peer SC OOB data received from somewhere. 1896 *******************************************************************************/ 1897 void smp_process_secure_connection_oob_data(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1898 { 1899 SMP_TRACE_DEBUG("%s", __func__); 1900 1901 tSMP_SC_OOB_DATA *p_sc_oob_data = &p_cb->sc_oob_data; 1902 if (p_sc_oob_data->loc_oob_data.present) 1903 { 1904 memcpy(p_cb->local_random, p_sc_oob_data->loc_oob_data.randomizer, 1905 sizeof(p_cb->local_random)); 1906 } 1907 else 1908 { 1909 SMP_TRACE_EVENT ("local OOB randomizer is absent"); 1910 memset(p_cb->local_random, 0, sizeof (p_cb->local_random)); 1911 } 1912 1913 if (!p_sc_oob_data->peer_oob_data.present) 1914 { 1915 SMP_TRACE_EVENT ("peer OOB data is absent"); 1916 memset(p_cb->peer_random, 0, sizeof (p_cb->peer_random)); 1917 } 1918 else 1919 { 1920 memcpy(p_cb->peer_random, p_sc_oob_data->peer_oob_data.randomizer, 1921 sizeof(p_cb->peer_random)); 1922 memcpy(p_cb->remote_commitment, p_sc_oob_data->peer_oob_data.commitment, 1923 sizeof(p_cb->remote_commitment)); 1924 1925 UINT8 reason = SMP_CONFIRM_VALUE_ERR; 1926 /* check commitment */ 1927 if (!smp_check_commitment(p_cb)) 1928 { 1929 p_cb->failure = reason; 1930 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); 1931 return; 1932 } 1933 1934 if (p_cb->peer_oob_flag != SMP_OOB_PRESENT) 1935 { 1936 /* the peer doesn't have local randomiser */ 1937 SMP_TRACE_EVENT ("peer didn't receive local OOB data, set local randomizer to 0"); 1938 memset(p_cb->local_random, 0, sizeof (p_cb->local_random)); 1939 } 1940 } 1941 1942 print128(p_cb->local_random, (const UINT8 *)"local OOB randomizer"); 1943 print128(p_cb->peer_random, (const UINT8 *)"peer OOB randomizer"); 1944 smp_start_nonce_generation(p_cb); 1945 } 1946 1947 /******************************************************************************* 1948 ** Function smp_set_local_oob_keys 1949 ** Description Saves calculated private/public keys in sc_oob_data.loc_oob_data, 1950 ** starts nonce generation 1951 ** (to be saved in sc_oob_data.loc_oob_data.randomizer). 1952 *******************************************************************************/ 1953 void smp_set_local_oob_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1954 { 1955 SMP_TRACE_DEBUG("%s", __func__); 1956 1957 memcpy(p_cb->sc_oob_data.loc_oob_data.private_key_used, p_cb->private_key, 1958 BT_OCTET32_LEN); 1959 p_cb->sc_oob_data.loc_oob_data.publ_key_used = p_cb->loc_publ_key; 1960 smp_start_nonce_generation(p_cb); 1961 } 1962 1963 /******************************************************************************* 1964 ** Function smp_set_local_oob_random_commitment 1965 ** Description Saves calculated randomizer and commitment in sc_oob_data.loc_oob_data, 1966 ** passes sc_oob_data.loc_oob_data up for safekeeping. 1967 *******************************************************************************/ 1968 void smp_set_local_oob_random_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 1969 { 1970 SMP_TRACE_DEBUG("%s", __func__); 1971 memcpy(p_cb->sc_oob_data.loc_oob_data.randomizer, p_cb->rand, 1972 BT_OCTET16_LEN); 1973 1974 smp_calculate_f4(p_cb->sc_oob_data.loc_oob_data.publ_key_used.x, 1975 p_cb->sc_oob_data.loc_oob_data.publ_key_used.x, 1976 p_cb->sc_oob_data.loc_oob_data.randomizer, 0, 1977 p_cb->sc_oob_data.loc_oob_data.commitment); 1978 1979 #if SMP_DEBUG == TRUE 1980 UINT8 *p_print = NULL; 1981 SMP_TRACE_DEBUG("local SC OOB data set:"); 1982 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.addr_sent_to; 1983 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"addr_sent_to", 1984 sizeof(tBLE_BD_ADDR)); 1985 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.private_key_used; 1986 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"private_key_used", 1987 BT_OCTET32_LEN); 1988 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.x; 1989 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.x", 1990 BT_OCTET32_LEN); 1991 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.y; 1992 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.y", 1993 BT_OCTET32_LEN); 1994 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.randomizer; 1995 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"randomizer", 1996 BT_OCTET16_LEN); 1997 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.commitment; 1998 smp_debug_print_nbyte_little_endian (p_print,(const UINT8 *) "commitment", 1999 BT_OCTET16_LEN); 2000 SMP_TRACE_DEBUG(""); 2001 #endif 2002 2003 /* pass created OOB data up */ 2004 p_cb->cb_evt = SMP_SC_LOC_OOB_DATA_UP_EVT; 2005 smp_send_app_cback(p_cb, NULL); 2006 2007 smp_cb_cleanup(p_cb); 2008 } 2009 2010 /******************************************************************************* 2011 ** 2012 ** Function smp_link_encrypted 2013 ** 2014 ** Description This function is called when link is encrypted and notified to 2015 ** slave device. Proceed to to send LTK, DIV and ER to master if 2016 ** bonding the devices. 2017 ** 2018 ** 2019 ** Returns void 2020 ** 2021 *******************************************************************************/ 2022 void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable) 2023 { 2024 tSMP_CB *p_cb = &smp_cb; 2025 2026 SMP_TRACE_DEBUG("%s encr_enable=%d", __func__, encr_enable); 2027 2028 if (memcmp(&smp_cb.pairing_bda[0], bda, BD_ADDR_LEN) == 0) 2029 { 2030 /* encryption completed with STK, remmeber the key size now, could be overwite 2031 * when key exchange happens */ 2032 if (p_cb->loc_enc_size != 0 && encr_enable) 2033 { 2034 /* update the link encryption key size if a SMP pairing just performed */ 2035 btm_ble_update_sec_key_size(bda, p_cb->loc_enc_size); 2036 } 2037 2038 smp_sm_event(&smp_cb, SMP_ENCRYPTED_EVT, &encr_enable); 2039 } 2040 } 2041 2042 /******************************************************************************* 2043 ** 2044 ** Function smp_proc_ltk_request 2045 ** 2046 ** Description This function is called when LTK request is received from 2047 ** controller. 2048 ** 2049 ** Returns void 2050 ** 2051 *******************************************************************************/ 2052 BOOLEAN smp_proc_ltk_request(BD_ADDR bda) 2053 { 2054 SMP_TRACE_DEBUG("%s state = %d", __func__, smp_cb.state); 2055 BOOLEAN match = FALSE; 2056 2057 if (!memcmp(bda, smp_cb.pairing_bda, BD_ADDR_LEN)) 2058 { 2059 match = TRUE; 2060 } else { 2061 BD_ADDR dummy_bda = {0}; 2062 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bda); 2063 if (p_dev_rec != NULL && 2064 0 == memcmp(p_dev_rec->ble.pseudo_addr, smp_cb.pairing_bda, BD_ADDR_LEN) && 2065 0 != memcmp(p_dev_rec->ble.pseudo_addr, dummy_bda, BD_ADDR_LEN)) 2066 { 2067 match = TRUE; 2068 } 2069 } 2070 2071 if (match && smp_cb.state == SMP_STATE_ENCRYPTION_PENDING) 2072 { 2073 smp_sm_event(&smp_cb, SMP_ENC_REQ_EVT, NULL); 2074 return TRUE; 2075 } 2076 2077 return FALSE; 2078 } 2079 2080 /******************************************************************************* 2081 ** 2082 ** Function smp_process_secure_connection_long_term_key 2083 ** 2084 ** Description This function is called to process SC LTK. 2085 ** SC LTK is calculated and used instead of STK. 2086 ** Here SC LTK is saved in BLE DB. 2087 ** 2088 ** Returns void 2089 ** 2090 *******************************************************************************/ 2091 void smp_process_secure_connection_long_term_key(void) 2092 { 2093 tSMP_CB *p_cb = &smp_cb; 2094 2095 SMP_TRACE_DEBUG("%s", __func__); 2096 smp_save_secure_connections_long_term_key(p_cb); 2097 2098 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE); 2099 smp_key_distribution(p_cb, NULL); 2100 } 2101 2102 /******************************************************************************* 2103 ** 2104 ** Function smp_set_derive_link_key 2105 ** 2106 ** Description This function is called to set flag that indicates that 2107 ** BR/EDR LK has to be derived from LTK after all keys are 2108 ** distributed. 2109 ** 2110 ** Returns void 2111 ** 2112 *******************************************************************************/ 2113 void smp_set_derive_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 2114 { 2115 SMP_TRACE_DEBUG ("%s", __func__); 2116 p_cb->derive_lk = TRUE; 2117 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_LK, FALSE); 2118 smp_key_distribution(p_cb, NULL); 2119 } 2120 2121 /******************************************************************************* 2122 ** 2123 ** Function smp_derive_link_key_from_long_term_key 2124 ** 2125 ** Description This function is called to derive BR/EDR LK from LTK. 2126 ** 2127 ** Returns void 2128 ** 2129 *******************************************************************************/ 2130 void smp_derive_link_key_from_long_term_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 2131 { 2132 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN; 2133 2134 SMP_TRACE_DEBUG("%s", __func__); 2135 if (!smp_calculate_link_key_from_long_term_key(p_cb)) 2136 { 2137 SMP_TRACE_ERROR("%s failed", __FUNCTION__); 2138 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status); 2139 return; 2140 } 2141 } 2142 2143 /******************************************************************************* 2144 ** 2145 ** Function smp_br_process_link_key 2146 ** 2147 ** Description This function is called to process BR/EDR LK: 2148 ** - to derive SMP LTK from BR/EDR LK; 2149 *8 - to save SMP LTK. 2150 ** 2151 ** Returns void 2152 ** 2153 *******************************************************************************/ 2154 void smp_br_process_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 2155 { 2156 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN; 2157 2158 SMP_TRACE_DEBUG("%s", __func__); 2159 if (!smp_calculate_long_term_key_from_link_key(p_cb)) 2160 { 2161 SMP_TRACE_ERROR ("%s failed",__FUNCTION__); 2162 smp_sm_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &status); 2163 return; 2164 } 2165 2166 SMP_TRACE_DEBUG("%s: LTK derivation from LK successfully completed", __FUNCTION__); 2167 smp_save_secure_connections_long_term_key(p_cb); 2168 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE); 2169 smp_br_select_next_key(p_cb, NULL); 2170 } 2171 2172 /******************************************************************************* 2173 ** Function smp_key_distribution_by_transport 2174 ** Description depending on the transport used at the moment calls either 2175 ** smp_key_distribution(...) or smp_br_key_distribution(...). 2176 *******************************************************************************/ 2177 void smp_key_distribution_by_transport(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 2178 { 2179 SMP_TRACE_DEBUG("%s", __func__); 2180 if (p_cb->smp_over_br) 2181 { 2182 smp_br_select_next_key(p_cb, NULL); 2183 } 2184 else 2185 { 2186 smp_key_distribution(p_cb, NULL); 2187 } 2188 } 2189 2190 /******************************************************************************* 2191 ** Function smp_br_pairing_complete 2192 ** Description This function is called to send the pairing complete callback 2193 ** and remove the connection if needed. 2194 *******************************************************************************/ 2195 void smp_br_pairing_complete(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) 2196 { 2197 SMP_TRACE_DEBUG("%s", __func__); 2198 2199 if (p_cb->total_tx_unacked == 0) 2200 { 2201 /* process the pairing complete */ 2202 smp_proc_pairing_cmpl(p_cb); 2203 } 2204 } 2205 2206 #endif 2207
