1 /****************************************************************************** 2 * 3 * Copyright (C) 2008-2012 Broadcom Corporation 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19 /****************************************************************************** 20 * 21 * This file contains the implementation of the SMP interface used by 22 * applications that can run over an SMP. 23 * 24 ******************************************************************************/ 25 #include <base/logging.h> 26 #include <string.h> 27 28 #include "bt_target.h" 29 #include "bt_utils.h" 30 #include "stack_config.h" 31 32 #include "btm_int.h" 33 #include "hcimsgs.h" 34 #include "l2c_int.h" 35 #include "l2cdefs.h" 36 #include "smp_api.h" 37 #include "smp_int.h" 38 39 #include "btu.h" 40 #include "p_256_ecc_pp.h" 41 42 /******************************************************************************* 43 * 44 * Function SMP_Init 45 * 46 * Description This function initializes the SMP unit. 47 * 48 * Returns void 49 * 50 ******************************************************************************/ 51 void SMP_Init(void) { 52 memset(&smp_cb, 0, sizeof(tSMP_CB)); 53 smp_cb.smp_rsp_timer_ent = alarm_new("smp.smp_rsp_timer_ent"); 54 smp_cb.delayed_auth_timer_ent = alarm_new("smp.delayed_auth_timer_ent"); 55 56 #if defined(SMP_INITIAL_TRACE_LEVEL) 57 smp_cb.trace_level = SMP_INITIAL_TRACE_LEVEL; 58 #else 59 smp_cb.trace_level = BT_TRACE_LEVEL_NONE; /* No traces */ 60 #endif 61 SMP_TRACE_EVENT("%s", __func__); 62 63 smp_l2cap_if_init(); 64 /* initialization of P-256 parameters */ 65 p_256_init_curve(KEY_LENGTH_DWORDS_P256); 66 67 /* Initialize failure case for certification */ 68 smp_cb.cert_failure = 69 stack_config_get_interface()->get_pts_smp_failure_case(); 70 if (smp_cb.cert_failure) 71 SMP_TRACE_ERROR("%s PTS FAILURE MODE IN EFFECT (CASE %d)", __func__, 72 smp_cb.cert_failure); 73 } 74 75 /******************************************************************************* 76 * 77 * Function SMP_SetTraceLevel 78 * 79 * Description This function sets the trace level for SMP. If called with 80 * a value of 0xFF, it simply returns the current trace level. 81 * 82 * Input Parameters: 83 * level: The level to set the GATT tracing to: 84 * 0xff-returns the current setting. 85 * 0-turns off tracing. 86 * >= 1-Errors. 87 * >= 2-Warnings. 88 * >= 3-APIs. 89 * >= 4-Events. 90 * >= 5-Debug. 91 * 92 * Returns The new or current trace level 93 * 94 ******************************************************************************/ 95 extern uint8_t SMP_SetTraceLevel(uint8_t new_level) { 96 if (new_level != 0xFF) smp_cb.trace_level = new_level; 97 98 return (smp_cb.trace_level); 99 } 100 101 /******************************************************************************* 102 * 103 * Function SMP_Register 104 * 105 * Description This function register for the SMP services callback. 106 * 107 * Returns void 108 * 109 ******************************************************************************/ 110 bool SMP_Register(tSMP_CALLBACK* p_cback) { 111 SMP_TRACE_EVENT("SMP_Register state=%d", smp_cb.state); 112 113 if (smp_cb.p_callback != NULL) { 114 SMP_TRACE_ERROR("SMP_Register: duplicate registration, overwrite it"); 115 } 116 smp_cb.p_callback = p_cback; 117 118 return (true); 119 } 120 121 /******************************************************************************* 122 * 123 * Function SMP_Pair 124 * 125 * Description This function call to perform a SMP pairing with peer 126 * device. Device support one SMP pairing at one time. 127 * 128 * Parameters bd_addr - peer device bd address. 129 * 130 * Returns None 131 * 132 ******************************************************************************/ 133 tSMP_STATUS SMP_Pair(const RawAddress& bd_addr) { 134 tSMP_CB* p_cb = &smp_cb; 135 uint8_t status = SMP_PAIR_INTERNAL_ERR; 136 137 SMP_TRACE_EVENT("%s state=%d br_state=%d flag=0x%x ", __func__, p_cb->state, 138 p_cb->br_state, p_cb->flags); 139 if (p_cb->state != SMP_STATE_IDLE || 140 p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD || p_cb->smp_over_br) { 141 /* pending security on going, reject this one */ 142 return SMP_BUSY; 143 } else { 144 p_cb->flags = SMP_PAIR_FLAGS_WE_STARTED_DD; 145 p_cb->pairing_bda = bd_addr; 146 147 if (!L2CA_ConnectFixedChnl(L2CAP_SMP_CID, bd_addr)) { 148 SMP_TRACE_ERROR("%s: L2C connect fixed channel failed.", __func__); 149 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status); 150 return status; 151 } 152 153 return SMP_STARTED; 154 } 155 } 156 157 /******************************************************************************* 158 * 159 * Function SMP_BR_PairWith 160 * 161 * Description This function is called to start a SMP pairing over BR/EDR. 162 * Device support one SMP pairing at one time. 163 * 164 * Parameters bd_addr - peer device bd address. 165 * 166 * Returns SMP_STARTED if pairing started, otherwise the reason for 167 * failure. 168 * 169 ******************************************************************************/ 170 tSMP_STATUS SMP_BR_PairWith(const RawAddress& bd_addr) { 171 tSMP_CB* p_cb = &smp_cb; 172 uint8_t status = SMP_PAIR_INTERNAL_ERR; 173 174 SMP_TRACE_EVENT("%s state=%d br_state=%d flag=0x%x ", __func__, p_cb->state, 175 p_cb->br_state, p_cb->flags); 176 177 if (p_cb->state != SMP_STATE_IDLE || p_cb->smp_over_br || 178 p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD) { 179 /* pending security on going, reject this one */ 180 return SMP_BUSY; 181 } 182 183 p_cb->role = HCI_ROLE_MASTER; 184 p_cb->flags = SMP_PAIR_FLAGS_WE_STARTED_DD; 185 p_cb->smp_over_br = true; 186 p_cb->pairing_bda = bd_addr; 187 188 if (!L2CA_ConnectFixedChnl(L2CAP_SMP_BR_CID, bd_addr)) { 189 SMP_TRACE_ERROR("%s: L2C connect fixed channel failed.", __func__); 190 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &status); 191 return status; 192 } 193 194 return SMP_STARTED; 195 } 196 197 /******************************************************************************* 198 * 199 * Function SMP_PairCancel 200 * 201 * Description This function call to cancel a SMP pairing with peer device. 202 * 203 * Parameters bd_addr - peer device bd address. 204 * 205 * Returns true - Pairining is cancelled 206 * 207 ******************************************************************************/ 208 bool SMP_PairCancel(const RawAddress& bd_addr) { 209 tSMP_CB* p_cb = &smp_cb; 210 uint8_t err_code = SMP_PAIR_FAIL_UNKNOWN; 211 bool status = false; 212 213 // PTS SMP failure test cases 214 if (p_cb->cert_failure == SMP_PASSKEY_ENTRY_FAIL || 215 p_cb->cert_failure == SMP_NUMERIC_COMPAR_FAIL) 216 err_code = p_cb->cert_failure; 217 218 BTM_TRACE_EVENT("SMP_CancelPair state=%d flag=0x%x ", p_cb->state, 219 p_cb->flags); 220 if (p_cb->state != SMP_STATE_IDLE && p_cb->pairing_bda == bd_addr) { 221 p_cb->is_pair_cancel = true; 222 SMP_TRACE_DEBUG("Cancel Pairing: set fail reason Unknown"); 223 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &err_code); 224 status = true; 225 } 226 227 return status; 228 } 229 /******************************************************************************* 230 * 231 * Function SMP_SecurityGrant 232 * 233 * Description This function is called to grant security process. 234 * 235 * Parameters bd_addr - peer device bd address. 236 * res - result of the operation SMP_SUCCESS if success. 237 * Otherwise, SMP_REPEATED_ATTEMPTS if too many 238 * attempts. 239 * 240 * Returns None 241 * 242 ******************************************************************************/ 243 void SMP_SecurityGrant(const RawAddress& bd_addr, uint8_t res) { 244 SMP_TRACE_EVENT("SMP_SecurityGrant "); 245 246 if (smp_cb.smp_over_br) { 247 if (smp_cb.br_state != SMP_BR_STATE_WAIT_APP_RSP || 248 smp_cb.cb_evt != SMP_SEC_REQUEST_EVT || smp_cb.pairing_bda != bd_addr) { 249 return; 250 } 251 252 /* clear the SMP_SEC_REQUEST_EVT event after get grant */ 253 /* avoid generating duplicate pair request */ 254 smp_cb.cb_evt = 0; 255 smp_br_state_machine_event(&smp_cb, SMP_BR_API_SEC_GRANT_EVT, &res); 256 return; 257 } 258 259 if (smp_cb.state != SMP_STATE_WAIT_APP_RSP || 260 smp_cb.cb_evt != SMP_SEC_REQUEST_EVT || smp_cb.pairing_bda != bd_addr) 261 return; 262 /* clear the SMP_SEC_REQUEST_EVT event after get grant */ 263 /* avoid generate duplicate pair request */ 264 smp_cb.cb_evt = 0; 265 smp_sm_event(&smp_cb, SMP_API_SEC_GRANT_EVT, &res); 266 } 267 268 /******************************************************************************* 269 * 270 * Function SMP_PasskeyReply 271 * 272 * Description This function is called after Security Manager submitted 273 * passkey request to the application. 274 * 275 * Parameters: bd_addr - Address of the device for which passkey was 276 * requested 277 * res - result of the operation SMP_SUCCESS if success 278 * passkey - numeric value in the range of 279 * BTM_MIN_PASSKEY_VAL(0) - 280 * BTM_MAX_PASSKEY_VAL(999999(0xF423F)). 281 * 282 ******************************************************************************/ 283 void SMP_PasskeyReply(const RawAddress& bd_addr, uint8_t res, 284 uint32_t passkey) { 285 tSMP_CB* p_cb = &smp_cb; 286 uint8_t failure = SMP_PASSKEY_ENTRY_FAIL; 287 288 SMP_TRACE_EVENT("SMP_PasskeyReply: Key: %d Result:%d", passkey, res); 289 290 /* If timeout already expired or has been canceled, ignore the reply */ 291 if (p_cb->cb_evt != SMP_PASSKEY_REQ_EVT) { 292 SMP_TRACE_WARNING("SMP_PasskeyReply() - Wrong State: %d", p_cb->state); 293 return; 294 } 295 296 if (bd_addr != p_cb->pairing_bda) { 297 SMP_TRACE_ERROR("SMP_PasskeyReply() - Wrong BD Addr"); 298 return; 299 } 300 301 if (btm_find_dev(bd_addr) == NULL) { 302 SMP_TRACE_ERROR("SMP_PasskeyReply() - no dev CB"); 303 return; 304 } 305 306 if (passkey > BTM_MAX_PASSKEY_VAL || res != SMP_SUCCESS) { 307 SMP_TRACE_WARNING( 308 "SMP_PasskeyReply() - Wrong key len: %d or passkey entry fail", 309 passkey); 310 /* send pairing failure */ 311 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &failure); 312 313 } else if (p_cb->selected_association_model == 314 SMP_MODEL_SEC_CONN_PASSKEY_ENT) { 315 smp_sm_event(&smp_cb, SMP_SC_KEY_READY_EVT, &passkey); 316 } else { 317 smp_convert_string_to_tk(p_cb->tk, passkey); 318 } 319 320 return; 321 } 322 323 /******************************************************************************* 324 * 325 * Function SMP_ConfirmReply 326 * 327 * Description This function is called after Security Manager submitted 328 * numeric comparison request to the application. 329 * 330 * Parameters: bd_addr - Address of the device with which numeric 331 * comparison was requested 332 * res - comparison result SMP_SUCCESS if success 333 * 334 ******************************************************************************/ 335 void SMP_ConfirmReply(const RawAddress& bd_addr, uint8_t res) { 336 tSMP_CB* p_cb = &smp_cb; 337 uint8_t failure = SMP_NUMERIC_COMPAR_FAIL; 338 339 SMP_TRACE_EVENT("%s: Result:%d", __func__, res); 340 341 /* If timeout already expired or has been canceled, ignore the reply */ 342 if (p_cb->cb_evt != SMP_NC_REQ_EVT) { 343 SMP_TRACE_WARNING("%s() - Wrong State: %d", __func__, p_cb->state); 344 return; 345 } 346 347 if (bd_addr != p_cb->pairing_bda) { 348 SMP_TRACE_ERROR("%s() - Wrong BD Addr", __func__); 349 return; 350 } 351 352 if (btm_find_dev(bd_addr) == NULL) { 353 SMP_TRACE_ERROR("%s() - no dev CB", __func__); 354 return; 355 } 356 357 if (res != SMP_SUCCESS) { 358 SMP_TRACE_WARNING("%s() - Numeric Comparison fails", __func__); 359 /* send pairing failure */ 360 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &failure); 361 } else { 362 smp_sm_event(p_cb, SMP_SC_NC_OK_EVT, NULL); 363 } 364 } 365 366 /******************************************************************************* 367 * 368 * Function SMP_OobDataReply 369 * 370 * Description This function is called to provide the OOB data for 371 * SMP in response to SMP_OOB_REQ_EVT 372 * 373 * Parameters: bd_addr - Address of the peer device 374 * res - result of the operation SMP_SUCCESS if success 375 * p_data - simple pairing Randomizer C. 376 * 377 ******************************************************************************/ 378 void SMP_OobDataReply(const RawAddress& bd_addr, tSMP_STATUS res, uint8_t len, 379 uint8_t* p_data) { 380 tSMP_CB* p_cb = &smp_cb; 381 uint8_t failure = SMP_OOB_FAIL; 382 tSMP_KEY key; 383 384 SMP_TRACE_EVENT("%s State: %d res:%d", __func__, smp_cb.state, res); 385 386 /* If timeout already expired or has been canceled, ignore the reply */ 387 if (p_cb->state != SMP_STATE_WAIT_APP_RSP || p_cb->cb_evt != SMP_OOB_REQ_EVT) 388 return; 389 390 if (res != SMP_SUCCESS || len == 0 || !p_data) { 391 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &failure); 392 } else { 393 if (len > BT_OCTET16_LEN) len = BT_OCTET16_LEN; 394 395 memcpy(p_cb->tk, p_data, len); 396 397 key.key_type = SMP_KEY_TYPE_TK; 398 key.p_data = p_cb->tk; 399 400 smp_sm_event(&smp_cb, SMP_KEY_READY_EVT, &key); 401 } 402 } 403 404 /******************************************************************************* 405 * 406 * Function SMP_SecureConnectionOobDataReply 407 * 408 * Description This function is called to provide the SC OOB data for 409 * SMP in response to SMP_SC_OOB_REQ_EVT 410 * 411 * Parameters: p_data - pointer to the data 412 * 413 ******************************************************************************/ 414 void SMP_SecureConnectionOobDataReply(uint8_t* p_data) { 415 tSMP_CB* p_cb = &smp_cb; 416 417 uint8_t failure = SMP_OOB_FAIL; 418 tSMP_SC_OOB_DATA* p_oob = (tSMP_SC_OOB_DATA*)p_data; 419 if (!p_oob) { 420 SMP_TRACE_ERROR("%s received no data", __func__); 421 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &failure); 422 return; 423 } 424 425 SMP_TRACE_EVENT( 426 "%s req_oob_type: %d, loc_oob_data.present: %d, " 427 "peer_oob_data.present: %d", 428 __func__, p_cb->req_oob_type, p_oob->loc_oob_data.present, 429 p_oob->peer_oob_data.present); 430 431 if (p_cb->state != SMP_STATE_WAIT_APP_RSP || 432 p_cb->cb_evt != SMP_SC_OOB_REQ_EVT) 433 return; 434 435 bool data_missing = false; 436 switch (p_cb->req_oob_type) { 437 case SMP_OOB_PEER: 438 if (!p_oob->peer_oob_data.present) data_missing = true; 439 break; 440 case SMP_OOB_LOCAL: 441 if (!p_oob->loc_oob_data.present) data_missing = true; 442 break; 443 case SMP_OOB_BOTH: 444 if (!p_oob->loc_oob_data.present || !p_oob->peer_oob_data.present) 445 data_missing = true; 446 break; 447 default: 448 SMP_TRACE_EVENT("Unexpected OOB data type requested. Fail OOB"); 449 data_missing = true; 450 break; 451 } 452 453 if (data_missing) { 454 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &failure); 455 return; 456 } 457 458 p_cb->sc_oob_data = *p_oob; 459 460 smp_sm_event(&smp_cb, SMP_SC_OOB_DATA_EVT, p_data); 461 } 462 463 /******************************************************************************* 464 * 465 * Function SMP_Encrypt 466 * 467 * Description This function is called to encrypt the data with the 468 * specified key 469 * 470 * Parameters: key - Pointer to key key[0] conatins the MSB 471 * key_len - key length 472 * plain_text - Pointer to data to be encrypted 473 * plain_text[0] conatins the MSB 474 * pt_len - plain text length 475 * p_out - output of the encrypted texts 476 * 477 * Returns Boolean - request is successful 478 ******************************************************************************/ 479 bool SMP_Encrypt(uint8_t* key, uint8_t key_len, uint8_t* plain_text, 480 uint8_t pt_len, tSMP_ENC* p_out) 481 482 { 483 bool status = false; 484 status = smp_encrypt_data(key, key_len, plain_text, pt_len, p_out); 485 return status; 486 } 487 488 /******************************************************************************* 489 * 490 * Function SMP_KeypressNotification 491 * 492 * Description This function is called to notify Security Manager about 493 * Keypress Notification. 494 * 495 * Parameters: bd_addr Address of the device to send keypress 496 * notification to 497 * value Keypress notification parameter value 498 * 499 ******************************************************************************/ 500 void SMP_KeypressNotification(const RawAddress& bd_addr, uint8_t value) { 501 tSMP_CB* p_cb = &smp_cb; 502 503 SMP_TRACE_EVENT("%s: Value: %d", __func__, value); 504 505 if (bd_addr != p_cb->pairing_bda) { 506 SMP_TRACE_ERROR("%s() - Wrong BD Addr", __func__); 507 return; 508 } 509 510 if (btm_find_dev(bd_addr) == NULL) { 511 SMP_TRACE_ERROR("%s() - no dev CB", __func__); 512 return; 513 } 514 515 /* Keypress Notification is used by a device with KeyboardOnly IO capabilities 516 * during the passkey entry protocol */ 517 if (p_cb->local_io_capability != SMP_IO_CAP_IN) { 518 SMP_TRACE_ERROR("%s() - wrong local IO capabilities %d", __func__, 519 p_cb->local_io_capability); 520 return; 521 } 522 523 if (p_cb->selected_association_model != SMP_MODEL_SEC_CONN_PASSKEY_ENT) { 524 SMP_TRACE_ERROR("%s() - wrong protocol %d", __func__, 525 p_cb->selected_association_model); 526 return; 527 } 528 529 smp_sm_event(p_cb, SMP_KEYPRESS_NOTIFICATION_EVENT, &value); 530 } 531 532 /******************************************************************************* 533 * 534 * Function SMP_CreateLocalSecureConnectionsOobData 535 * 536 * Description This function is called to start creation of local SC OOB 537 * data set (tSMP_LOC_OOB_DATA). 538 * 539 * Parameters: bd_addr - Address of the device to send OOB data block to 540 * 541 * Returns Boolean - true: creation of local SC OOB data set started. 542 ******************************************************************************/ 543 bool SMP_CreateLocalSecureConnectionsOobData(tBLE_BD_ADDR* addr_to_send_to) { 544 tSMP_CB* p_cb = &smp_cb; 545 546 if (addr_to_send_to == NULL) { 547 SMP_TRACE_ERROR("%s addr_to_send_to is not provided", __func__); 548 return false; 549 } 550 551 VLOG(2) << __func__ << " addr type:" << +addr_to_send_to->type 552 << ", BDA:" << addr_to_send_to->bda << ", state:" << p_cb->state 553 << ", br_state: " << p_cb->br_state; 554 555 if ((p_cb->state != SMP_STATE_IDLE) || (p_cb->smp_over_br)) { 556 SMP_TRACE_WARNING( 557 "%s creation of local OOB data set " 558 "starts only in IDLE state", 559 __func__); 560 return false; 561 } 562 563 p_cb->sc_oob_data.loc_oob_data.addr_sent_to = *addr_to_send_to; 564 smp_sm_event(p_cb, SMP_CR_LOC_SC_OOB_DATA_EVT, NULL); 565 566 return true; 567 } 568
