1 /****************************************************************************** 2 * 3 * Copyright 2003-2012 Broadcom Corporation 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19 #include <string.h> 20 #include "btif_common.h" 21 #include "device/include/interop.h" 22 #include "internal_include/bt_target.h" 23 #include "stack/btm/btm_int.h" 24 #include "stack/include/l2c_api.h" 25 #include "stack/smp/p_256_ecc_pp.h" 26 #include "stack/smp/smp_int.h" 27 #include "utils/include/bt_utils.h" 28 29 #define SMP_KEY_DIST_TYPE_MAX 4 30 31 const tSMP_ACT smp_distribute_act[] = { 32 smp_generate_ltk, /* SMP_SEC_KEY_TYPE_ENC - '1' bit index */ 33 smp_send_id_info, /* SMP_SEC_KEY_TYPE_ID - '1' bit index */ 34 smp_generate_csrk, /* SMP_SEC_KEY_TYPE_CSRK - '1' bit index */ 35 smp_set_derive_link_key /* SMP_SEC_KEY_TYPE_LK - '1' bit index */ 36 }; 37 38 static bool lmp_version_below(const RawAddress& bda, uint8_t version) { 39 tACL_CONN* acl = btm_bda_to_acl(bda, BT_TRANSPORT_LE); 40 if (acl == NULL || acl->lmp_version == 0) { 41 SMP_TRACE_WARNING("%s cannot retrieve LMP version...", __func__); 42 return false; 43 } 44 SMP_TRACE_WARNING("%s LMP version %d < %d", __func__, acl->lmp_version, 45 version); 46 return acl->lmp_version < version; 47 } 48 49 static bool pts_test_send_authentication_complete_failure(tSMP_CB* p_cb) { 50 uint8_t reason = p_cb->cert_failure; 51 if (reason == SMP_PAIR_AUTH_FAIL || reason == SMP_PAIR_FAIL_UNKNOWN || 52 reason == SMP_PAIR_NOT_SUPPORT || reason == SMP_PASSKEY_ENTRY_FAIL || 53 reason == SMP_REPEATED_ATTEMPTS) { 54 tSMP_INT_DATA smp_int_data; 55 smp_int_data.status = reason; 56 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); 57 return true; 58 } 59 return false; 60 } 61 62 /******************************************************************************* 63 * Function smp_update_key_mask 64 * Description This function updates the key mask for sending or receiving. 65 ******************************************************************************/ 66 static void smp_update_key_mask(tSMP_CB* p_cb, uint8_t key_type, bool recv) { 67 SMP_TRACE_DEBUG( 68 "%s before update role=%d recv=%d local_i_key = %02x, local_r_key = %02x", 69 __func__, p_cb->role, recv, p_cb->local_i_key, p_cb->local_r_key); 70 71 if (((p_cb->le_secure_connections_mode_is_used) || (p_cb->smp_over_br)) && 72 ((key_type == SMP_SEC_KEY_TYPE_ENC) || 73 (key_type == SMP_SEC_KEY_TYPE_LK))) { 74 /* in LE SC mode LTK, CSRK and BR/EDR LK are derived locally instead of 75 ** being exchanged with the peer */ 76 p_cb->local_i_key &= ~key_type; 77 p_cb->local_r_key &= ~key_type; 78 } else if (p_cb->role == HCI_ROLE_SLAVE) { 79 if (recv) 80 p_cb->local_i_key &= ~key_type; 81 else 82 p_cb->local_r_key &= ~key_type; 83 } else { 84 if (recv) 85 p_cb->local_r_key &= ~key_type; 86 else 87 p_cb->local_i_key &= ~key_type; 88 } 89 90 SMP_TRACE_DEBUG("updated local_i_key = %02x, local_r_key = %02x", 91 p_cb->local_i_key, p_cb->local_r_key); 92 } 93 94 /******************************************************************************* 95 * Function smp_send_app_cback 96 * Description notifies application about the events the application is 97 * interested in 98 ******************************************************************************/ 99 void smp_send_app_cback(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 100 tSMP_EVT_DATA cb_data; 101 tSMP_STATUS callback_rc; 102 SMP_TRACE_DEBUG("%s p_cb->cb_evt=%d", __func__, p_cb->cb_evt); 103 if (p_cb->p_callback && p_cb->cb_evt != 0) { 104 switch (p_cb->cb_evt) { 105 case SMP_IO_CAP_REQ_EVT: 106 cb_data.io_req.auth_req = p_cb->peer_auth_req; 107 cb_data.io_req.oob_data = SMP_OOB_NONE; 108 cb_data.io_req.io_cap = SMP_DEFAULT_IO_CAPS; 109 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE; 110 cb_data.io_req.init_keys = p_cb->local_i_key; 111 cb_data.io_req.resp_keys = p_cb->local_r_key; 112 SMP_TRACE_WARNING("io_cap = %d", cb_data.io_req.io_cap); 113 break; 114 115 case SMP_NC_REQ_EVT: 116 cb_data.passkey = p_data->passkey; 117 break; 118 case SMP_SC_OOB_REQ_EVT: 119 cb_data.req_oob_type = p_data->req_oob_type; 120 break; 121 case SMP_SC_LOC_OOB_DATA_UP_EVT: 122 cb_data.loc_oob_data = p_cb->sc_oob_data.loc_oob_data; 123 break; 124 125 case SMP_BR_KEYS_REQ_EVT: 126 cb_data.io_req.auth_req = 0; 127 cb_data.io_req.oob_data = SMP_OOB_NONE; 128 cb_data.io_req.io_cap = 0; 129 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE; 130 cb_data.io_req.init_keys = SMP_BR_SEC_DEFAULT_KEY; 131 cb_data.io_req.resp_keys = SMP_BR_SEC_DEFAULT_KEY; 132 break; 133 134 default: 135 break; 136 } 137 138 callback_rc = 139 (*p_cb->p_callback)(p_cb->cb_evt, p_cb->pairing_bda, &cb_data); 140 141 SMP_TRACE_DEBUG("%s: callback_rc=%d p_cb->cb_evt=%d", __func__, 142 callback_rc, p_cb->cb_evt); 143 144 if (callback_rc == SMP_SUCCESS) { 145 switch (p_cb->cb_evt) { 146 case SMP_IO_CAP_REQ_EVT: 147 p_cb->loc_auth_req = cb_data.io_req.auth_req; 148 p_cb->local_io_capability = cb_data.io_req.io_cap; 149 p_cb->loc_oob_flag = cb_data.io_req.oob_data; 150 p_cb->loc_enc_size = cb_data.io_req.max_key_size; 151 p_cb->local_i_key = cb_data.io_req.init_keys; 152 p_cb->local_r_key = cb_data.io_req.resp_keys; 153 154 if (!(p_cb->loc_auth_req & SMP_AUTH_BOND)) { 155 SMP_TRACE_WARNING("Non bonding: No keys will be exchanged"); 156 p_cb->local_i_key = 0; 157 p_cb->local_r_key = 0; 158 } 159 160 SMP_TRACE_WARNING( 161 "rcvd auth_req: 0x%02x, io_cap: %d " 162 "loc_oob_flag: %d loc_enc_size: %d, " 163 "local_i_key: 0x%02x, local_r_key: 0x%02x", 164 p_cb->loc_auth_req, p_cb->local_io_capability, p_cb->loc_oob_flag, 165 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key); 166 167 p_cb->secure_connections_only_mode_required = 168 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? true : false; 169 /* just for PTS, force SC bit */ 170 if (p_cb->secure_connections_only_mode_required) { 171 p_cb->loc_auth_req |= SMP_SC_SUPPORT_BIT; 172 } 173 174 if (!p_cb->secure_connections_only_mode_required && 175 (!(p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT) || 176 lmp_version_below(p_cb->pairing_bda, HCI_PROTO_VERSION_4_2) || 177 interop_match_addr(INTEROP_DISABLE_LE_SECURE_CONNECTIONS, 178 (const RawAddress*)&p_cb->pairing_bda))) { 179 p_cb->loc_auth_req &= ~SMP_SC_SUPPORT_BIT; 180 p_cb->loc_auth_req &= ~SMP_KP_SUPPORT_BIT; 181 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK; 182 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK; 183 } 184 185 if (lmp_version_below(p_cb->pairing_bda, HCI_PROTO_VERSION_5_0)) { 186 p_cb->loc_auth_req &= ~SMP_H7_SUPPORT_BIT; 187 } 188 189 SMP_TRACE_WARNING( 190 "set auth_req: 0x%02x, local_i_key: 0x%02x, local_r_key: 0x%02x", 191 p_cb->loc_auth_req, p_cb->local_i_key, p_cb->local_r_key); 192 193 smp_sm_event(p_cb, SMP_IO_RSP_EVT, NULL); 194 break; 195 196 case SMP_BR_KEYS_REQ_EVT: 197 p_cb->loc_enc_size = cb_data.io_req.max_key_size; 198 p_cb->local_i_key = cb_data.io_req.init_keys; 199 p_cb->local_r_key = cb_data.io_req.resp_keys; 200 p_cb->loc_auth_req |= SMP_H7_SUPPORT_BIT; 201 202 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK; 203 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK; 204 205 SMP_TRACE_WARNING( 206 "for SMP over BR max_key_size: 0x%02x, local_i_key: 0x%02x, " 207 "local_r_key: 0x%02x, p_cb->loc_auth_req: 0x%02x", 208 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key, 209 p_cb->loc_auth_req); 210 211 smp_br_state_machine_event(p_cb, SMP_BR_KEYS_RSP_EVT, NULL); 212 break; 213 } 214 } 215 } 216 217 if (!p_cb->cb_evt && p_cb->discard_sec_req) { 218 p_cb->discard_sec_req = false; 219 smp_sm_event(p_cb, SMP_DISCARD_SEC_REQ_EVT, NULL); 220 } 221 222 SMP_TRACE_DEBUG("%s: return", __func__); 223 } 224 225 /******************************************************************************* 226 * Function smp_send_pair_fail 227 * Description pairing failure to peer device if needed. 228 ******************************************************************************/ 229 void smp_send_pair_fail(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 230 p_cb->status = p_data->status; 231 p_cb->failure = p_data->status; 232 233 SMP_TRACE_DEBUG("%s: status=%d failure=%d ", __func__, p_cb->status, 234 p_cb->failure); 235 236 if (p_cb->status <= SMP_MAX_FAIL_RSN_PER_SPEC && 237 p_cb->status != SMP_SUCCESS) { 238 smp_send_cmd(SMP_OPCODE_PAIRING_FAILED, p_cb); 239 p_cb->wait_for_authorization_complete = true; 240 } 241 } 242 243 /******************************************************************************* 244 * Function smp_send_pair_req 245 * Description actions related to sending pairing request 246 ******************************************************************************/ 247 void smp_send_pair_req(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 248 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(p_cb->pairing_bda); 249 SMP_TRACE_DEBUG("%s", __func__); 250 251 /* erase all keys when master sends pairing req*/ 252 if (p_dev_rec) btm_sec_clear_ble_keys(p_dev_rec); 253 /* do not manipulate the key, let app decide, 254 leave out to BTM to mandate key distribution for bonding case */ 255 smp_send_cmd(SMP_OPCODE_PAIRING_REQ, p_cb); 256 } 257 258 /******************************************************************************* 259 * Function smp_send_pair_rsp 260 * Description actions related to sending pairing response 261 ******************************************************************************/ 262 void smp_send_pair_rsp(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 263 SMP_TRACE_DEBUG("%s", __func__); 264 265 p_cb->local_i_key &= p_cb->peer_i_key; 266 p_cb->local_r_key &= p_cb->peer_r_key; 267 268 if (smp_send_cmd(SMP_OPCODE_PAIRING_RSP, p_cb)) { 269 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) 270 smp_use_oob_private_key(p_cb, NULL); 271 else 272 smp_decide_association_model(p_cb, NULL); 273 } 274 } 275 276 /******************************************************************************* 277 * Function smp_send_confirm 278 * Description send confirmation to the peer 279 ******************************************************************************/ 280 void smp_send_confirm(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 281 SMP_TRACE_DEBUG("%s", __func__); 282 smp_send_cmd(SMP_OPCODE_CONFIRM, p_cb); 283 } 284 285 /******************************************************************************* 286 * Function smp_send_init 287 * Description process pairing initializer to slave device 288 ******************************************************************************/ 289 void smp_send_init(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 290 SMP_TRACE_DEBUG("%s", __func__); 291 smp_send_cmd(SMP_OPCODE_INIT, p_cb); 292 } 293 294 /******************************************************************************* 295 * Function smp_send_rand 296 * Description send pairing random to the peer 297 ******************************************************************************/ 298 void smp_send_rand(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 299 SMP_TRACE_DEBUG("%s", __func__); 300 smp_send_cmd(SMP_OPCODE_RAND, p_cb); 301 } 302 303 /******************************************************************************* 304 * Function smp_send_pair_public_key 305 * Description send pairing public key command to the peer 306 ******************************************************************************/ 307 void smp_send_pair_public_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 308 SMP_TRACE_DEBUG("%s", __func__); 309 smp_send_cmd(SMP_OPCODE_PAIR_PUBLIC_KEY, p_cb); 310 } 311 312 /******************************************************************************* 313 * Function SMP_SEND_COMMITMENT 314 * Description send commitment command to the peer 315 ******************************************************************************/ 316 void smp_send_commitment(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 317 SMP_TRACE_DEBUG("%s", __func__); 318 smp_send_cmd(SMP_OPCODE_PAIR_COMMITM, p_cb); 319 } 320 321 /******************************************************************************* 322 * Function smp_send_dhkey_check 323 * Description send DHKey Check command to the peer 324 ******************************************************************************/ 325 void smp_send_dhkey_check(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 326 SMP_TRACE_DEBUG("%s", __func__); 327 smp_send_cmd(SMP_OPCODE_PAIR_DHKEY_CHECK, p_cb); 328 } 329 330 /******************************************************************************* 331 * Function smp_send_keypress_notification 332 * Description send Keypress Notification command to the peer 333 ******************************************************************************/ 334 void smp_send_keypress_notification(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 335 p_cb->local_keypress_notification = p_data->status; 336 smp_send_cmd(SMP_OPCODE_PAIR_KEYPR_NOTIF, p_cb); 337 } 338 339 /******************************************************************************* 340 * Function smp_send_enc_info 341 * Description send encryption information command. 342 ******************************************************************************/ 343 void smp_send_enc_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 344 tBTM_LE_LENC_KEYS le_key; 345 346 SMP_TRACE_DEBUG("%s: p_cb->loc_enc_size = %d", __func__, p_cb->loc_enc_size); 347 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ENC, false); 348 349 smp_send_cmd(SMP_OPCODE_ENCRYPT_INFO, p_cb); 350 smp_send_cmd(SMP_OPCODE_MASTER_ID, p_cb); 351 352 /* save the DIV and key size information when acting as slave device */ 353 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN); 354 le_key.div = p_cb->div; 355 le_key.key_size = p_cb->loc_enc_size; 356 le_key.sec_level = p_cb->sec_level; 357 358 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && 359 (p_cb->loc_auth_req & SMP_AUTH_BOND)) 360 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LENC, 361 (tBTM_LE_KEY_VALUE*)&le_key, true); 362 363 SMP_TRACE_WARNING("%s", __func__); 364 365 smp_key_distribution(p_cb, NULL); 366 } 367 368 /******************************************************************************* 369 * Function smp_send_id_info 370 * Description send ID information command. 371 ******************************************************************************/ 372 void smp_send_id_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 373 tBTM_LE_KEY_VALUE le_key; 374 SMP_TRACE_DEBUG("%s", __func__); 375 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ID, false); 376 377 smp_send_cmd(SMP_OPCODE_IDENTITY_INFO, p_cb); 378 smp_send_cmd(SMP_OPCODE_ID_ADDR, p_cb); 379 380 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && 381 (p_cb->loc_auth_req & SMP_AUTH_BOND)) 382 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LID, &le_key, true); 383 384 SMP_TRACE_WARNING("%s", __func__); 385 smp_key_distribution_by_transport(p_cb, NULL); 386 } 387 388 /******************************************************************************* 389 * Function smp_send_csrk_info 390 * Description send CSRK command. 391 ******************************************************************************/ 392 void smp_send_csrk_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 393 tBTM_LE_LCSRK_KEYS key; 394 SMP_TRACE_DEBUG("%s", __func__); 395 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_CSRK, false); 396 397 if (smp_send_cmd(SMP_OPCODE_SIGN_INFO, p_cb)) { 398 key.div = p_cb->div; 399 key.sec_level = p_cb->sec_level; 400 key.counter = 0; /* initialize the local counter */ 401 memcpy(key.csrk, p_cb->csrk, BT_OCTET16_LEN); 402 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LCSRK, 403 (tBTM_LE_KEY_VALUE*)&key, true); 404 } 405 406 smp_key_distribution_by_transport(p_cb, NULL); 407 } 408 409 /******************************************************************************* 410 * Function smp_send_ltk_reply 411 * Description send LTK reply 412 ******************************************************************************/ 413 void smp_send_ltk_reply(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 414 SMP_TRACE_DEBUG("%s", __func__); 415 /* send stk as LTK response */ 416 btm_ble_ltk_request_reply(p_cb->pairing_bda, true, p_data->key.p_data); 417 } 418 419 /******************************************************************************* 420 * Function smp_proc_sec_req 421 * Description process security request. 422 ******************************************************************************/ 423 void smp_proc_sec_req(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 424 tBTM_LE_AUTH_REQ auth_req = *(tBTM_LE_AUTH_REQ*)p_data; 425 tBTM_BLE_SEC_REQ_ACT sec_req_act; 426 427 SMP_TRACE_DEBUG("%s: auth_req=0x%x", __func__, auth_req); 428 429 p_cb->cb_evt = 0; 430 431 btm_ble_link_sec_check(p_cb->pairing_bda, auth_req, &sec_req_act); 432 433 SMP_TRACE_DEBUG("%s: sec_req_act=0x%x", __func__, sec_req_act); 434 435 switch (sec_req_act) { 436 case BTM_BLE_SEC_REQ_ACT_ENCRYPT: 437 SMP_TRACE_DEBUG("%s: BTM_BLE_SEC_REQ_ACT_ENCRYPT", __func__); 438 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL); 439 break; 440 441 case BTM_BLE_SEC_REQ_ACT_PAIR: 442 p_cb->secure_connections_only_mode_required = 443 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? true : false; 444 445 /* respond to non SC pairing request as failure in SC only mode */ 446 if (p_cb->secure_connections_only_mode_required && 447 (auth_req & SMP_SC_SUPPORT_BIT) == 0) { 448 tSMP_INT_DATA smp_int_data; 449 smp_int_data.status = SMP_PAIR_AUTH_FAIL; 450 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); 451 } else { 452 /* initialize local i/r key to be default keys */ 453 p_cb->peer_auth_req = auth_req; 454 p_cb->local_r_key = p_cb->local_i_key = SMP_SEC_DEFAULT_KEY; 455 p_cb->cb_evt = SMP_SEC_REQUEST_EVT; 456 } 457 break; 458 459 case BTM_BLE_SEC_REQ_ACT_DISCARD: 460 p_cb->discard_sec_req = true; 461 break; 462 463 default: 464 /* do nothing */ 465 break; 466 } 467 } 468 469 /******************************************************************************* 470 * Function smp_proc_sec_grant 471 * Description process security grant. 472 ******************************************************************************/ 473 void smp_proc_sec_grant(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 474 uint8_t res = p_data->status; 475 SMP_TRACE_DEBUG("%s", __func__); 476 if (res != SMP_SUCCESS) { 477 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, p_data); 478 } else /*otherwise, start pairing */ 479 { 480 /* send IO request callback */ 481 p_cb->cb_evt = SMP_IO_CAP_REQ_EVT; 482 } 483 } 484 485 /******************************************************************************* 486 * Function smp_proc_pair_fail 487 * Description process pairing failure from peer device 488 ******************************************************************************/ 489 void smp_proc_pair_fail(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 490 SMP_TRACE_DEBUG("%s", __func__); 491 p_cb->status = p_data->status; 492 493 /* Cancel pending auth complete timer if set */ 494 alarm_cancel(p_cb->delayed_auth_timer_ent); 495 } 496 497 /******************************************************************************* 498 * Function smp_proc_pair_cmd 499 * Description Process the SMP pairing request/response from peer device 500 ******************************************************************************/ 501 void smp_proc_pair_cmd(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 502 uint8_t* p = p_data->p_data; 503 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(p_cb->pairing_bda); 504 505 SMP_TRACE_DEBUG("%s: pairing_bda=%s", __func__, 506 p_cb->pairing_bda.ToString().c_str()); 507 508 /* erase all keys if it is slave proc pairing req */ 509 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE)) 510 btm_sec_clear_ble_keys(p_dev_rec); 511 512 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR; 513 514 STREAM_TO_UINT8(p_cb->peer_io_caps, p); 515 STREAM_TO_UINT8(p_cb->peer_oob_flag, p); 516 STREAM_TO_UINT8(p_cb->peer_auth_req, p); 517 STREAM_TO_UINT8(p_cb->peer_enc_size, p); 518 STREAM_TO_UINT8(p_cb->peer_i_key, p); 519 STREAM_TO_UINT8(p_cb->peer_r_key, p); 520 521 if (smp_command_has_invalid_parameters(p_cb)) { 522 tSMP_INT_DATA smp_int_data; 523 smp_int_data.status = SMP_INVALID_PARAMETERS; 524 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); 525 return; 526 } 527 528 // PTS Testing failure modes 529 if (pts_test_send_authentication_complete_failure(p_cb)) return; 530 531 if (p_cb->role == HCI_ROLE_SLAVE) { 532 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)) { 533 /* peer (master) started pairing sending Pairing Request */ 534 p_cb->local_i_key = p_cb->peer_i_key; 535 p_cb->local_r_key = p_cb->peer_r_key; 536 537 p_cb->cb_evt = SMP_SEC_REQUEST_EVT; 538 } else /* update local i/r key according to pairing request */ 539 { 540 /* pairing started with this side (slave) sending Security Request */ 541 p_cb->local_i_key &= p_cb->peer_i_key; 542 p_cb->local_r_key &= p_cb->peer_r_key; 543 p_cb->selected_association_model = smp_select_association_model(p_cb); 544 545 if (p_cb->secure_connections_only_mode_required && 546 (!(p_cb->le_secure_connections_mode_is_used) || 547 (p_cb->selected_association_model == 548 SMP_MODEL_SEC_CONN_JUSTWORKS))) { 549 SMP_TRACE_ERROR( 550 "%s: pairing failed - slave requires secure connection only mode", 551 __func__); 552 tSMP_INT_DATA smp_int_data; 553 smp_int_data.status = SMP_PAIR_AUTH_FAIL; 554 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); 555 return; 556 } 557 558 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) { 559 if (smp_request_oob_data(p_cb)) return; 560 } else { 561 smp_send_pair_rsp(p_cb, NULL); 562 } 563 } 564 } else /* Master receives pairing response */ 565 { 566 p_cb->selected_association_model = smp_select_association_model(p_cb); 567 568 if (p_cb->secure_connections_only_mode_required && 569 (!(p_cb->le_secure_connections_mode_is_used) || 570 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS))) { 571 SMP_TRACE_ERROR( 572 "Master requires secure connection only mode " 573 "but it can't be provided -> Master fails pairing"); 574 tSMP_INT_DATA smp_int_data; 575 smp_int_data.status = SMP_PAIR_AUTH_FAIL; 576 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); 577 return; 578 } 579 580 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) { 581 if (smp_request_oob_data(p_cb)) return; 582 } else { 583 smp_decide_association_model(p_cb, NULL); 584 } 585 } 586 } 587 588 /******************************************************************************* 589 * Function smp_proc_confirm 590 * Description process pairing confirm from peer device 591 ******************************************************************************/ 592 void smp_proc_confirm(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 593 uint8_t* p = p_data->p_data; 594 595 SMP_TRACE_DEBUG("%s", __func__); 596 597 if (smp_command_has_invalid_parameters(p_cb)) { 598 tSMP_INT_DATA smp_int_data; 599 smp_int_data.status = SMP_INVALID_PARAMETERS; 600 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); 601 return; 602 } 603 604 if (p != NULL) { 605 /* save the SConfirm for comparison later */ 606 STREAM_TO_ARRAY(p_cb->rconfirm, p, BT_OCTET16_LEN); 607 } 608 609 p_cb->flags |= SMP_PAIR_FLAGS_CMD_CONFIRM; 610 } 611 612 /******************************************************************************* 613 * Function smp_proc_init 614 * Description process pairing initializer from peer device 615 ******************************************************************************/ 616 void smp_proc_init(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 617 uint8_t* p = p_data->p_data; 618 619 SMP_TRACE_DEBUG("%s", __func__); 620 621 if (smp_command_has_invalid_parameters(p_cb)) { 622 tSMP_INT_DATA smp_int_data; 623 smp_int_data.status = SMP_INVALID_PARAMETERS; 624 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); 625 return; 626 } 627 628 /* save the SRand for comparison */ 629 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN); 630 } 631 632 /******************************************************************************* 633 * Function smp_proc_rand 634 * Description process pairing random (nonce) from peer device 635 ******************************************************************************/ 636 void smp_proc_rand(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 637 uint8_t* p = p_data->p_data; 638 639 SMP_TRACE_DEBUG("%s", __func__); 640 641 if (smp_command_has_invalid_parameters(p_cb)) { 642 tSMP_INT_DATA smp_int_data; 643 smp_int_data.status = SMP_INVALID_PARAMETERS; 644 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); 645 return; 646 } 647 648 /* save the SRand for comparison */ 649 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN); 650 } 651 652 /******************************************************************************* 653 * Function smp_process_pairing_public_key 654 * Description process pairing public key command from the peer device 655 * - saves the peer public key; 656 * - sets the flag indicating that the peer public key is received; 657 * - calls smp_wait_for_both_public_keys(...). 658 * 659 ******************************************************************************/ 660 void smp_process_pairing_public_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 661 uint8_t* p = p_data->p_data; 662 663 SMP_TRACE_DEBUG("%s", __func__); 664 665 if (smp_command_has_invalid_parameters(p_cb)) { 666 tSMP_INT_DATA smp_int_data; 667 smp_int_data.status = SMP_INVALID_PARAMETERS; 668 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); 669 return; 670 } 671 672 STREAM_TO_ARRAY(p_cb->peer_publ_key.x, p, BT_OCTET32_LEN); 673 STREAM_TO_ARRAY(p_cb->peer_publ_key.y, p, BT_OCTET32_LEN); 674 675 Point pt; 676 memcpy(pt.x, p_cb->peer_publ_key.x, BT_OCTET32_LEN); 677 memcpy(pt.y, p_cb->peer_publ_key.y, BT_OCTET32_LEN); 678 679 if (!ECC_ValidatePoint(pt)) { 680 android_errorWriteLog(0x534e4554, "72377774"); 681 tSMP_INT_DATA smp; 682 smp.status = SMP_PAIR_AUTH_FAIL; 683 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp); 684 return; 685 } 686 687 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY; 688 689 smp_wait_for_both_public_keys(p_cb, NULL); 690 } 691 692 /******************************************************************************* 693 * Function smp_process_pairing_commitment 694 * Description process pairing commitment from peer device 695 ******************************************************************************/ 696 void smp_process_pairing_commitment(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 697 uint8_t* p = p_data->p_data; 698 699 SMP_TRACE_DEBUG("%s", __func__); 700 701 if (smp_command_has_invalid_parameters(p_cb)) { 702 tSMP_INT_DATA smp_int_data; 703 smp_int_data.status = SMP_INVALID_PARAMETERS; 704 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); 705 return; 706 } 707 708 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_COMM; 709 710 if (p != NULL) { 711 STREAM_TO_ARRAY(p_cb->remote_commitment, p, BT_OCTET16_LEN); 712 } 713 } 714 715 /******************************************************************************* 716 * Function smp_process_dhkey_check 717 * Description process DHKey Check from peer device 718 ******************************************************************************/ 719 void smp_process_dhkey_check(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 720 uint8_t* p = p_data->p_data; 721 722 SMP_TRACE_DEBUG("%s", __func__); 723 724 if (smp_command_has_invalid_parameters(p_cb)) { 725 tSMP_INT_DATA smp_int_data; 726 smp_int_data.status = SMP_INVALID_PARAMETERS; 727 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); 728 return; 729 } 730 731 if (p != NULL) { 732 STREAM_TO_ARRAY(p_cb->remote_dhkey_check, p, BT_OCTET16_LEN); 733 } 734 735 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK; 736 } 737 738 /******************************************************************************* 739 * Function smp_process_keypress_notification 740 * Description process pairing keypress notification from peer device 741 ******************************************************************************/ 742 void smp_process_keypress_notification(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 743 uint8_t* p = p_data->p_data; 744 745 SMP_TRACE_DEBUG("%s", __func__); 746 p_cb->status = p_data->status; 747 748 if (smp_command_has_invalid_parameters(p_cb)) { 749 tSMP_INT_DATA smp_int_data; 750 smp_int_data.status = SMP_INVALID_PARAMETERS; 751 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); 752 return; 753 } 754 755 if (p != NULL) { 756 STREAM_TO_UINT8(p_cb->peer_keypress_notification, p); 757 } else { 758 p_cb->peer_keypress_notification = BTM_SP_KEY_OUT_OF_RANGE; 759 } 760 p_cb->cb_evt = SMP_PEER_KEYPR_NOT_EVT; 761 } 762 763 /******************************************************************************* 764 * Function smp_br_process_pairing_command 765 * Description Process the SMP pairing request/response from peer device via 766 * BR/EDR transport. 767 ******************************************************************************/ 768 void smp_br_process_pairing_command(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 769 uint8_t* p = p_data->p_data; 770 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(p_cb->pairing_bda); 771 772 SMP_TRACE_DEBUG("%s", __func__); 773 /* rejecting BR pairing request over non-SC BR link */ 774 if (!p_dev_rec->new_encryption_key_is_p256 && p_cb->role == HCI_ROLE_SLAVE) { 775 tSMP_INT_DATA smp_int_data; 776 smp_int_data.status = SMP_XTRANS_DERIVE_NOT_ALLOW; 777 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &smp_int_data); 778 return; 779 } 780 781 /* erase all keys if it is slave proc pairing req*/ 782 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE)) 783 btm_sec_clear_ble_keys(p_dev_rec); 784 785 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR; 786 787 STREAM_TO_UINT8(p_cb->peer_io_caps, p); 788 STREAM_TO_UINT8(p_cb->peer_oob_flag, p); 789 STREAM_TO_UINT8(p_cb->peer_auth_req, p); 790 STREAM_TO_UINT8(p_cb->peer_enc_size, p); 791 STREAM_TO_UINT8(p_cb->peer_i_key, p); 792 STREAM_TO_UINT8(p_cb->peer_r_key, p); 793 794 if (smp_command_has_invalid_parameters(p_cb)) { 795 tSMP_INT_DATA smp_int_data; 796 smp_int_data.status = SMP_INVALID_PARAMETERS; 797 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &smp_int_data); 798 return; 799 } 800 801 /* peer (master) started pairing sending Pairing Request */ 802 /* or being master device always use received i/r key as keys to distribute */ 803 p_cb->local_i_key = p_cb->peer_i_key; 804 p_cb->local_r_key = p_cb->peer_r_key; 805 806 if (p_cb->role == HCI_ROLE_SLAVE) { 807 p_dev_rec->new_encryption_key_is_p256 = false; 808 /* shortcut to skip Security Grant step */ 809 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT; 810 } else { 811 /* Master receives pairing response */ 812 SMP_TRACE_DEBUG( 813 "%s master rcvs valid PAIRING RESPONSE." 814 " Supposed to move to key distribution phase. ", 815 __func__); 816 } 817 818 /* auth_req received via BR/EDR SM channel is set to 0, 819 but everything derived/exchanged has to be saved */ 820 p_cb->peer_auth_req |= SMP_AUTH_BOND; 821 p_cb->loc_auth_req |= SMP_AUTH_BOND; 822 } 823 824 /******************************************************************************* 825 * Function smp_br_process_security_grant 826 * Description process security grant in case of pairing over BR/EDR transport. 827 ******************************************************************************/ 828 void smp_br_process_security_grant(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 829 SMP_TRACE_DEBUG("%s", __func__); 830 if (p_data->status != SMP_SUCCESS) { 831 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, p_data); 832 } else { 833 /* otherwise, start pairing; send IO request callback */ 834 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT; 835 } 836 } 837 838 /******************************************************************************* 839 * Function smp_br_check_authorization_request 840 * Description sets the SMP kes to be derived/distribute over BR/EDR transport 841 * before starting the distribution/derivation 842 ******************************************************************************/ 843 void smp_br_check_authorization_request(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 844 SMP_TRACE_DEBUG("%s rcvs i_keys=0x%x r_keys=0x%x (i-initiator r-responder)", 845 __func__, p_cb->local_i_key, p_cb->local_r_key); 846 847 /* In LE SC mode LK field is ignored when BR/EDR transport is used */ 848 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK; 849 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK; 850 851 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer. 852 ** Set local_r_key on master to expect only these keys. */ 853 if (p_cb->role == HCI_ROLE_MASTER) { 854 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK); 855 } 856 857 /* Check if H7 function needs to be used for key derivation*/ 858 if ((p_cb->loc_auth_req & SMP_H7_SUPPORT_BIT) && 859 (p_cb->peer_auth_req & SMP_H7_SUPPORT_BIT)) { 860 p_cb->key_derivation_h7_used = TRUE; 861 } 862 SMP_TRACE_DEBUG("%s: use h7 = %d", __func__, p_cb->key_derivation_h7_used); 863 864 SMP_TRACE_DEBUG( 865 "%s rcvs upgrades: i_keys=0x%x r_keys=0x%x (i-initiator r-responder)", 866 __func__, p_cb->local_i_key, p_cb->local_r_key); 867 868 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) || 869 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/ 870 (p_cb->local_i_key || p_cb->local_r_key)) { 871 smp_br_state_machine_event(p_cb, SMP_BR_BOND_REQ_EVT, NULL); 872 873 /* if no peer key is expected, start master key distribution */ 874 if (p_cb->role == HCI_ROLE_MASTER && p_cb->local_r_key == 0) 875 smp_key_distribution_by_transport(p_cb, NULL); 876 } else { 877 tSMP_INT_DATA smp_int_data; 878 smp_int_data.status = SMP_SUCCESS; 879 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &smp_int_data); 880 } 881 } 882 883 /******************************************************************************* 884 * Function smp_br_select_next_key 885 * Description selects the next key to derive/send when BR/EDR transport is 886 * used. 887 ******************************************************************************/ 888 void smp_br_select_next_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 889 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x", __func__, 890 p_cb->role, p_cb->local_r_key, p_cb->local_i_key); 891 892 if (p_cb->role == HCI_ROLE_SLAVE || 893 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER)) { 894 smp_key_pick_key(p_cb, p_data); 895 } 896 897 if (!p_cb->local_i_key && !p_cb->local_r_key) { 898 /* state check to prevent re-entrance */ 899 if (smp_get_br_state() == SMP_BR_STATE_BOND_PENDING) { 900 if (p_cb->total_tx_unacked == 0) { 901 tSMP_INT_DATA smp_int_data; 902 smp_int_data.status = SMP_SUCCESS; 903 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &smp_int_data); 904 } else { 905 p_cb->wait_for_authorization_complete = true; 906 } 907 } 908 } 909 } 910 911 /******************************************************************************* 912 * Function smp_proc_enc_info 913 * Description process encryption information from peer device 914 ******************************************************************************/ 915 void smp_proc_enc_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 916 uint8_t* p = p_data->p_data; 917 918 SMP_TRACE_DEBUG("%s", __func__); 919 STREAM_TO_ARRAY(p_cb->ltk, p, BT_OCTET16_LEN); 920 921 smp_key_distribution(p_cb, NULL); 922 } 923 /******************************************************************************* 924 * Function smp_proc_master_id 925 * Description process master ID from slave device 926 ******************************************************************************/ 927 void smp_proc_master_id(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 928 uint8_t* p = p_data->p_data; 929 tBTM_LE_PENC_KEYS le_key; 930 931 SMP_TRACE_DEBUG("%s", __func__); 932 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ENC, true); 933 934 STREAM_TO_UINT16(le_key.ediv, p); 935 STREAM_TO_ARRAY(le_key.rand, p, BT_OCTET8_LEN); 936 937 /* store the encryption keys from peer device */ 938 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN); 939 le_key.sec_level = p_cb->sec_level; 940 le_key.key_size = p_cb->loc_enc_size; 941 942 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && 943 (p_cb->loc_auth_req & SMP_AUTH_BOND)) 944 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PENC, 945 (tBTM_LE_KEY_VALUE*)&le_key, true); 946 947 smp_key_distribution(p_cb, NULL); 948 } 949 950 /******************************************************************************* 951 * Function smp_proc_enc_info 952 * Description process identity information from peer device 953 ******************************************************************************/ 954 void smp_proc_id_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 955 uint8_t* p = p_data->p_data; 956 957 SMP_TRACE_DEBUG("%s", __func__); 958 STREAM_TO_ARRAY(p_cb->tk, p, BT_OCTET16_LEN); /* reuse TK for IRK */ 959 smp_key_distribution_by_transport(p_cb, NULL); 960 } 961 962 /******************************************************************************* 963 * Function smp_proc_id_addr 964 * Description process identity address from peer device 965 ******************************************************************************/ 966 void smp_proc_id_addr(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 967 uint8_t* p = p_data->p_data; 968 tBTM_LE_PID_KEYS pid_key; 969 970 SMP_TRACE_DEBUG("%s", __func__); 971 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ID, true); 972 973 STREAM_TO_UINT8(pid_key.addr_type, p); 974 STREAM_TO_BDADDR(pid_key.static_addr, p); 975 memcpy(pid_key.irk, p_cb->tk, BT_OCTET16_LEN); 976 977 /* to use as BD_ADDR for lk derived from ltk */ 978 p_cb->id_addr_rcvd = true; 979 p_cb->id_addr_type = pid_key.addr_type; 980 p_cb->id_addr = pid_key.static_addr; 981 982 /* store the ID key from peer device */ 983 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && 984 (p_cb->loc_auth_req & SMP_AUTH_BOND)) 985 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PID, 986 (tBTM_LE_KEY_VALUE*)&pid_key, true); 987 smp_key_distribution_by_transport(p_cb, NULL); 988 } 989 990 /******************************************************************************* 991 * Function smp_proc_srk_info 992 * Description process security information from peer device 993 ******************************************************************************/ 994 void smp_proc_srk_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 995 tBTM_LE_PCSRK_KEYS le_key; 996 997 SMP_TRACE_DEBUG("%s", __func__); 998 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_CSRK, true); 999 1000 /* save CSRK to security record */ 1001 le_key.sec_level = p_cb->sec_level; 1002 1003 /* get peer CSRK */ 1004 maybe_non_aligned_memcpy(le_key.csrk, p_data->p_data, BT_OCTET16_LEN); 1005 1006 /* initialize the peer counter */ 1007 le_key.counter = 0; 1008 1009 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && 1010 (p_cb->loc_auth_req & SMP_AUTH_BOND)) 1011 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PCSRK, 1012 (tBTM_LE_KEY_VALUE*)&le_key, true); 1013 smp_key_distribution_by_transport(p_cb, NULL); 1014 } 1015 1016 /******************************************************************************* 1017 * Function smp_proc_compare 1018 * Description process compare value 1019 ******************************************************************************/ 1020 void smp_proc_compare(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 1021 SMP_TRACE_DEBUG("%s", __func__); 1022 if (!memcmp(p_cb->rconfirm, p_data->key.p_data, BT_OCTET16_LEN)) { 1023 /* compare the max encryption key size, and save the smaller one for the 1024 * link */ 1025 if (p_cb->peer_enc_size < p_cb->loc_enc_size) 1026 p_cb->loc_enc_size = p_cb->peer_enc_size; 1027 1028 if (p_cb->role == HCI_ROLE_SLAVE) 1029 smp_sm_event(p_cb, SMP_RAND_EVT, NULL); 1030 else { 1031 /* master device always use received i/r key as keys to distribute */ 1032 p_cb->local_i_key = p_cb->peer_i_key; 1033 p_cb->local_r_key = p_cb->peer_r_key; 1034 1035 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL); 1036 } 1037 1038 } else { 1039 tSMP_INT_DATA smp_int_data; 1040 smp_int_data.status = SMP_CONFIRM_VALUE_ERR; 1041 p_cb->failure = SMP_CONFIRM_VALUE_ERR; 1042 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); 1043 } 1044 } 1045 1046 /******************************************************************************* 1047 * Function smp_proc_sl_key 1048 * Description process key ready events. 1049 ******************************************************************************/ 1050 void smp_proc_sl_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 1051 uint8_t key_type = p_data->key.key_type; 1052 1053 SMP_TRACE_DEBUG("%s", __func__); 1054 if (key_type == SMP_KEY_TYPE_TK) { 1055 smp_generate_srand_mrand_confirm(p_cb, NULL); 1056 } else if (key_type == SMP_KEY_TYPE_CFM) { 1057 smp_set_state(SMP_STATE_WAIT_CONFIRM); 1058 1059 if (p_cb->flags & SMP_PAIR_FLAGS_CMD_CONFIRM) 1060 smp_sm_event(p_cb, SMP_CONFIRM_EVT, NULL); 1061 } 1062 } 1063 1064 /******************************************************************************* 1065 * Function smp_start_enc 1066 * Description start encryption 1067 ******************************************************************************/ 1068 void smp_start_enc(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 1069 tBTM_STATUS cmd; 1070 1071 SMP_TRACE_DEBUG("%s", __func__); 1072 if (p_data != NULL) 1073 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, true, p_data->key.p_data); 1074 else 1075 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, false, NULL); 1076 1077 if (cmd != BTM_CMD_STARTED && cmd != BTM_BUSY) { 1078 tSMP_INT_DATA smp_int_data; 1079 smp_int_data.status = SMP_ENC_FAIL; 1080 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); 1081 } 1082 } 1083 1084 /******************************************************************************* 1085 * Function smp_proc_discard 1086 * Description processing for discard security request 1087 ******************************************************************************/ 1088 void smp_proc_discard(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 1089 SMP_TRACE_DEBUG("%s", __func__); 1090 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)) 1091 smp_reset_control_value(p_cb); 1092 } 1093 1094 /******************************************************************************* 1095 * Function smp_enc_cmpl 1096 * Description encryption success 1097 ******************************************************************************/ 1098 void smp_enc_cmpl(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 1099 uint8_t enc_enable = p_data->status; 1100 1101 SMP_TRACE_DEBUG("%s", __func__); 1102 tSMP_INT_DATA smp_int_data; 1103 smp_int_data.status = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL; 1104 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); 1105 } 1106 1107 /******************************************************************************* 1108 * Function smp_check_auth_req 1109 * Description check authentication request 1110 ******************************************************************************/ 1111 void smp_check_auth_req(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 1112 uint8_t enc_enable = p_data->status; 1113 1114 SMP_TRACE_DEBUG( 1115 "%s rcvs enc_enable=%d i_keys=0x%x r_keys=0x%x (i-initiator r-responder)", 1116 __func__, enc_enable, p_cb->local_i_key, p_cb->local_r_key); 1117 if (enc_enable == 1) { 1118 if (p_cb->le_secure_connections_mode_is_used) { 1119 /* In LE SC mode LTK is used instead of STK and has to be always saved */ 1120 p_cb->local_i_key |= SMP_SEC_KEY_TYPE_ENC; 1121 p_cb->local_r_key |= SMP_SEC_KEY_TYPE_ENC; 1122 1123 /* In LE SC mode LK is derived from LTK only if both sides request it */ 1124 if (!(p_cb->local_i_key & SMP_SEC_KEY_TYPE_LK) || 1125 !(p_cb->local_r_key & SMP_SEC_KEY_TYPE_LK)) { 1126 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK; 1127 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK; 1128 } 1129 1130 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer. 1131 ** Set local_r_key on master to expect only these keys. 1132 */ 1133 if (p_cb->role == HCI_ROLE_MASTER) { 1134 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK); 1135 } 1136 } else { 1137 /* in legacy mode derivation of BR/EDR LK is not supported */ 1138 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK; 1139 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK; 1140 } 1141 SMP_TRACE_DEBUG( 1142 "%s rcvs upgrades: i_keys=0x%x r_keys=0x%x (i-initiator r-responder)", 1143 __func__, p_cb->local_i_key, p_cb->local_r_key); 1144 1145 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) || 1146 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/ 1147 (p_cb->local_i_key || p_cb->local_r_key)) { 1148 smp_sm_event(p_cb, SMP_BOND_REQ_EVT, NULL); 1149 } else { 1150 tSMP_INT_DATA smp_int_data; 1151 smp_int_data.status = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL; 1152 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); 1153 } 1154 } else if (enc_enable == 0) { 1155 tSMP_INT_DATA smp_int_data; 1156 smp_int_data.status = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL; 1157 /* if failed for encryption after pairing, send callback */ 1158 if (p_cb->flags & SMP_PAIR_FLAG_ENC_AFTER_PAIR) 1159 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); 1160 /* if enc failed for old security information */ 1161 /* if master device, clean up and abck to idle; slave device do nothing */ 1162 else if (p_cb->role == HCI_ROLE_MASTER) { 1163 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); 1164 } 1165 } 1166 } 1167 1168 /******************************************************************************* 1169 * Function smp_key_pick_key 1170 * Description Pick a key distribution function based on the key mask. 1171 ******************************************************************************/ 1172 void smp_key_pick_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 1173 uint8_t key_to_dist = 1174 (p_cb->role == HCI_ROLE_SLAVE) ? p_cb->local_r_key : p_cb->local_i_key; 1175 uint8_t i = 0; 1176 1177 SMP_TRACE_DEBUG("%s key_to_dist=0x%x", __func__, key_to_dist); 1178 while (i < SMP_KEY_DIST_TYPE_MAX) { 1179 SMP_TRACE_DEBUG("key to send = %02x, i = %d", key_to_dist, i); 1180 1181 if (key_to_dist & (1 << i)) { 1182 SMP_TRACE_DEBUG("smp_distribute_act[%d]", i); 1183 (*smp_distribute_act[i])(p_cb, p_data); 1184 break; 1185 } 1186 i++; 1187 } 1188 } 1189 /******************************************************************************* 1190 * Function smp_key_distribution 1191 * Description start key distribution if required. 1192 ******************************************************************************/ 1193 void smp_key_distribution(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 1194 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x", __func__, 1195 p_cb->role, p_cb->local_r_key, p_cb->local_i_key); 1196 1197 if (p_cb->role == HCI_ROLE_SLAVE || 1198 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER)) { 1199 smp_key_pick_key(p_cb, p_data); 1200 } 1201 1202 if (!p_cb->local_i_key && !p_cb->local_r_key) { 1203 /* state check to prevent re-entrant */ 1204 if (smp_get_state() == SMP_STATE_BOND_PENDING) { 1205 if (p_cb->derive_lk) { 1206 smp_derive_link_key_from_long_term_key(p_cb, NULL); 1207 p_cb->derive_lk = false; 1208 } 1209 1210 if (p_cb->total_tx_unacked == 0) { 1211 /* 1212 * Instead of declaring authorization complete immediately, 1213 * delay the event from being sent by SMP_DELAYED_AUTH_TIMEOUT_MS. 1214 * This allows the slave to send over Pairing Failed if the 1215 * last key is rejected. During this waiting window, the 1216 * state should remain in SMP_STATE_BOND_PENDING. 1217 */ 1218 if (!alarm_is_scheduled(p_cb->delayed_auth_timer_ent)) { 1219 SMP_TRACE_DEBUG("%s delaying auth complete.", __func__); 1220 alarm_set_on_mloop(p_cb->delayed_auth_timer_ent, 1221 SMP_DELAYED_AUTH_TIMEOUT_MS, 1222 smp_delayed_auth_complete_timeout, NULL); 1223 } 1224 } else { 1225 p_cb->wait_for_authorization_complete = true; 1226 } 1227 } 1228 } 1229 } 1230 1231 /******************************************************************************* 1232 * Function smp_decide_association_model 1233 * Description This function is called to select assoc model to be used for 1234 * STK generation and to start STK generation process. 1235 * 1236 ******************************************************************************/ 1237 void smp_decide_association_model(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 1238 uint8_t int_evt = 0; 1239 tSMP_INT_DATA smp_int_data; 1240 1241 SMP_TRACE_DEBUG("%s Association Model = %d", __func__, 1242 p_cb->selected_association_model); 1243 1244 switch (p_cb->selected_association_model) { 1245 case SMP_MODEL_ENCRYPTION_ONLY: /* TK = 0, go calculate Confirm */ 1246 if (p_cb->role == HCI_ROLE_MASTER && 1247 ((p_cb->peer_auth_req & SMP_AUTH_YN_BIT) != 0) && 1248 ((p_cb->loc_auth_req & SMP_AUTH_YN_BIT) == 0)) { 1249 SMP_TRACE_ERROR( 1250 "IO capability does not meet authentication requirement"); 1251 smp_int_data.status = SMP_PAIR_AUTH_FAIL; 1252 int_evt = SMP_AUTH_CMPL_EVT; 1253 } else { 1254 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE; 1255 SMP_TRACE_EVENT("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", 1256 p_cb->sec_level); 1257 1258 tSMP_KEY key; 1259 key.key_type = SMP_KEY_TYPE_TK; 1260 key.p_data = p_cb->tk; 1261 smp_int_data.key = key; 1262 1263 memset(p_cb->tk, 0, BT_OCTET16_LEN); 1264 /* TK, ready */ 1265 int_evt = SMP_KEY_READY_EVT; 1266 } 1267 break; 1268 1269 case SMP_MODEL_PASSKEY: 1270 p_cb->sec_level = SMP_SEC_AUTHENTICATED; 1271 SMP_TRACE_EVENT("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", 1272 p_cb->sec_level); 1273 1274 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT; 1275 int_evt = SMP_TK_REQ_EVT; 1276 break; 1277 1278 case SMP_MODEL_OOB: 1279 SMP_TRACE_ERROR("Association Model = SMP_MODEL_OOB"); 1280 p_cb->sec_level = SMP_SEC_AUTHENTICATED; 1281 SMP_TRACE_EVENT("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", 1282 p_cb->sec_level); 1283 1284 p_cb->cb_evt = SMP_OOB_REQ_EVT; 1285 int_evt = SMP_TK_REQ_EVT; 1286 break; 1287 1288 case SMP_MODEL_KEY_NOTIF: 1289 p_cb->sec_level = SMP_SEC_AUTHENTICATED; 1290 SMP_TRACE_DEBUG("Need to generate Passkey"); 1291 1292 /* generate passkey and notify application */ 1293 smp_generate_passkey(p_cb, NULL); 1294 break; 1295 1296 case SMP_MODEL_SEC_CONN_JUSTWORKS: 1297 case SMP_MODEL_SEC_CONN_NUM_COMP: 1298 case SMP_MODEL_SEC_CONN_PASSKEY_ENT: 1299 case SMP_MODEL_SEC_CONN_PASSKEY_DISP: 1300 case SMP_MODEL_SEC_CONN_OOB: 1301 int_evt = SMP_PUBL_KEY_EXCH_REQ_EVT; 1302 break; 1303 1304 case SMP_MODEL_OUT_OF_RANGE: 1305 SMP_TRACE_ERROR("Association Model = SMP_MODEL_OUT_OF_RANGE (failed)"); 1306 smp_int_data.status = SMP_UNKNOWN_IO_CAP; 1307 int_evt = SMP_AUTH_CMPL_EVT; 1308 break; 1309 1310 default: 1311 SMP_TRACE_ERROR( 1312 "Association Model = %d (SOMETHING IS WRONG WITH THE CODE)", 1313 p_cb->selected_association_model); 1314 smp_int_data.status = SMP_UNKNOWN_IO_CAP; 1315 int_evt = SMP_AUTH_CMPL_EVT; 1316 } 1317 1318 SMP_TRACE_EVENT("sec_level=%d ", p_cb->sec_level); 1319 if (int_evt) smp_sm_event(p_cb, int_evt, &smp_int_data); 1320 } 1321 1322 /******************************************************************************* 1323 * Function smp_process_io_response 1324 * Description process IO response for a slave device. 1325 ******************************************************************************/ 1326 void smp_process_io_response(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 1327 1328 SMP_TRACE_DEBUG("%s", __func__); 1329 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD) { 1330 /* pairing started by local (slave) Security Request */ 1331 smp_set_state(SMP_STATE_SEC_REQ_PENDING); 1332 smp_send_cmd(SMP_OPCODE_SEC_REQ, p_cb); 1333 } else /* plan to send pairing respond */ 1334 { 1335 /* pairing started by peer (master) Pairing Request */ 1336 p_cb->selected_association_model = smp_select_association_model(p_cb); 1337 1338 if (p_cb->secure_connections_only_mode_required && 1339 (!(p_cb->le_secure_connections_mode_is_used) || 1340 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS))) { 1341 SMP_TRACE_ERROR( 1342 "Slave requires secure connection only mode " 1343 "but it can't be provided -> Slave fails pairing"); 1344 tSMP_INT_DATA smp_int_data; 1345 smp_int_data.status = SMP_PAIR_AUTH_FAIL; 1346 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); 1347 return; 1348 } 1349 1350 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) { 1351 if (smp_request_oob_data(p_cb)) return; 1352 } 1353 1354 // PTS Testing failure modes 1355 if (pts_test_send_authentication_complete_failure(p_cb)) return; 1356 1357 smp_send_pair_rsp(p_cb, NULL); 1358 } 1359 } 1360 1361 /******************************************************************************* 1362 * Function smp_br_process_slave_keys_response 1363 * Description process application keys response for a slave device 1364 * (BR/EDR transport). 1365 ******************************************************************************/ 1366 void smp_br_process_slave_keys_response(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 1367 smp_br_send_pair_response(p_cb, NULL); 1368 } 1369 1370 /******************************************************************************* 1371 * Function smp_br_send_pair_response 1372 * Description actions related to sending pairing response over BR/EDR 1373 * transport. 1374 ******************************************************************************/ 1375 void smp_br_send_pair_response(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 1376 SMP_TRACE_DEBUG("%s", __func__); 1377 1378 p_cb->local_i_key &= p_cb->peer_i_key; 1379 p_cb->local_r_key &= p_cb->peer_r_key; 1380 1381 smp_send_cmd(SMP_OPCODE_PAIRING_RSP, p_cb); 1382 } 1383 1384 /******************************************************************************* 1385 * Function smp_pairing_cmpl 1386 * Description This function is called to send the pairing complete 1387 * callback and remove the connection if needed. 1388 ******************************************************************************/ 1389 void smp_pairing_cmpl(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 1390 if (p_cb->total_tx_unacked == 0) { 1391 /* process the pairing complete */ 1392 smp_proc_pairing_cmpl(p_cb); 1393 } 1394 } 1395 1396 /******************************************************************************* 1397 * Function smp_pair_terminate 1398 * Description This function is called to send the pairing complete 1399 * callback and remove the connection if needed. 1400 ******************************************************************************/ 1401 void smp_pair_terminate(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 1402 SMP_TRACE_DEBUG("%s", __func__); 1403 p_cb->status = SMP_CONN_TOUT; 1404 smp_proc_pairing_cmpl(p_cb); 1405 } 1406 1407 /******************************************************************************* 1408 * Function smp_idle_terminate 1409 * Description This function calledin idle state to determine to send 1410 * authentication complete or not. 1411 ******************************************************************************/ 1412 void smp_idle_terminate(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 1413 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD) { 1414 SMP_TRACE_DEBUG("Pairing terminated at IDLE state."); 1415 p_cb->status = SMP_FAIL; 1416 smp_proc_pairing_cmpl(p_cb); 1417 } 1418 } 1419 1420 /******************************************************************************* 1421 * Function smp_fast_conn_param 1422 * Description apply default connection parameter for pairing process 1423 ******************************************************************************/ 1424 void smp_fast_conn_param(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 1425 /* Disable L2CAP connection parameter updates while bonding since 1426 some peripherals are not able to revert to fast connection parameters 1427 during the start of service discovery. Connection paramter updates 1428 get enabled again once service discovery completes. */ 1429 L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, false); 1430 } 1431 1432 /******************************************************************************* 1433 * Function smp_both_have_public_keys 1434 * Description The function is called when both local and peer public keys are 1435 * saved. 1436 * Actions: 1437 * - invokes DHKey computation; 1438 * - on slave side invokes sending local public key to the peer. 1439 * - invokes SC phase 1 process. 1440 ******************************************************************************/ 1441 void smp_both_have_public_keys(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 1442 SMP_TRACE_DEBUG("%s", __func__); 1443 1444 /* invokes DHKey computation */ 1445 smp_compute_dhkey(p_cb); 1446 1447 /* on slave side invokes sending local public key to the peer */ 1448 if (p_cb->role == HCI_ROLE_SLAVE) smp_send_pair_public_key(p_cb, NULL); 1449 1450 smp_sm_event(p_cb, SMP_SC_DHKEY_CMPLT_EVT, NULL); 1451 } 1452 1453 /******************************************************************************* 1454 * Function smp_start_secure_connection_phase1 1455 * Description Start Secure Connection phase1 i.e. invokes initialization of 1456 * Secure Connection phase 1 parameters and starts building/sending 1457 * to the peer messages appropriate for the role and association 1458 * model. 1459 ******************************************************************************/ 1460 void smp_start_secure_connection_phase1(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 1461 SMP_TRACE_DEBUG("%s", __func__); 1462 1463 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS) { 1464 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE; 1465 SMP_TRACE_EVENT("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", 1466 p_cb->sec_level); 1467 } else { 1468 p_cb->sec_level = SMP_SEC_AUTHENTICATED; 1469 SMP_TRACE_EVENT("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", 1470 p_cb->sec_level); 1471 } 1472 1473 switch (p_cb->selected_association_model) { 1474 case SMP_MODEL_SEC_CONN_JUSTWORKS: 1475 case SMP_MODEL_SEC_CONN_NUM_COMP: 1476 memset(p_cb->local_random, 0, BT_OCTET16_LEN); 1477 smp_start_nonce_generation(p_cb); 1478 break; 1479 case SMP_MODEL_SEC_CONN_PASSKEY_ENT: 1480 /* user has to provide passkey */ 1481 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT; 1482 smp_sm_event(p_cb, SMP_TK_REQ_EVT, NULL); 1483 break; 1484 case SMP_MODEL_SEC_CONN_PASSKEY_DISP: 1485 /* passkey has to be provided to user */ 1486 SMP_TRACE_DEBUG("Need to generate SC Passkey"); 1487 smp_generate_passkey(p_cb, NULL); 1488 break; 1489 case SMP_MODEL_SEC_CONN_OOB: 1490 /* use the available OOB information */ 1491 smp_process_secure_connection_oob_data(p_cb, NULL); 1492 break; 1493 default: 1494 SMP_TRACE_ERROR("Association Model = %d is not used in LE SC", 1495 p_cb->selected_association_model); 1496 break; 1497 } 1498 } 1499 1500 /******************************************************************************* 1501 * Function smp_process_local_nonce 1502 * Description The function processes new local nonce. 1503 * 1504 * Note It is supposed to be called in SC phase1. 1505 ******************************************************************************/ 1506 void smp_process_local_nonce(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 1507 SMP_TRACE_DEBUG("%s", __func__); 1508 1509 switch (p_cb->selected_association_model) { 1510 case SMP_MODEL_SEC_CONN_JUSTWORKS: 1511 case SMP_MODEL_SEC_CONN_NUM_COMP: 1512 if (p_cb->role == HCI_ROLE_SLAVE) { 1513 /* slave calculates and sends local commitment */ 1514 smp_calculate_local_commitment(p_cb); 1515 smp_send_commitment(p_cb, NULL); 1516 /* slave has to wait for peer nonce */ 1517 smp_set_state(SMP_STATE_WAIT_NONCE); 1518 } else /* i.e. master */ 1519 { 1520 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM) { 1521 /* slave commitment is already received, send local nonce, wait for 1522 * remote nonce*/ 1523 SMP_TRACE_DEBUG( 1524 "master in assoc mode = %d " 1525 "already rcvd slave commitment - race condition", 1526 p_cb->selected_association_model); 1527 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM; 1528 smp_send_rand(p_cb, NULL); 1529 smp_set_state(SMP_STATE_WAIT_NONCE); 1530 } 1531 } 1532 break; 1533 case SMP_MODEL_SEC_CONN_PASSKEY_ENT: 1534 case SMP_MODEL_SEC_CONN_PASSKEY_DISP: 1535 smp_calculate_local_commitment(p_cb); 1536 1537 if (p_cb->role == HCI_ROLE_MASTER) { 1538 smp_send_commitment(p_cb, NULL); 1539 } else /* slave */ 1540 { 1541 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM) { 1542 /* master commitment is already received */ 1543 smp_send_commitment(p_cb, NULL); 1544 smp_set_state(SMP_STATE_WAIT_NONCE); 1545 } 1546 } 1547 break; 1548 case SMP_MODEL_SEC_CONN_OOB: 1549 if (p_cb->role == HCI_ROLE_MASTER) { 1550 smp_send_rand(p_cb, NULL); 1551 } 1552 1553 smp_set_state(SMP_STATE_WAIT_NONCE); 1554 break; 1555 default: 1556 SMP_TRACE_ERROR("Association Model = %d is not used in LE SC", 1557 p_cb->selected_association_model); 1558 break; 1559 } 1560 } 1561 1562 /******************************************************************************* 1563 * Function smp_process_peer_nonce 1564 * Description The function processes newly received and saved in CB peer 1565 * nonce. The actions depend on the selected association model and 1566 * the role. 1567 * 1568 * Note It is supposed to be called in SC phase1. 1569 ******************************************************************************/ 1570 void smp_process_peer_nonce(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 1571 SMP_TRACE_DEBUG("%s start ", __func__); 1572 1573 // PTS Testing failure modes 1574 if (p_cb->cert_failure == SMP_CONFIRM_VALUE_ERR) { 1575 SMP_TRACE_ERROR("%s failure case = %d", __func__, p_cb->cert_failure); 1576 tSMP_INT_DATA smp_int_data; 1577 smp_int_data.status = SMP_CONFIRM_VALUE_ERR; 1578 p_cb->failure = SMP_CONFIRM_VALUE_ERR; 1579 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); 1580 return; 1581 } 1582 // PTS Testing failure modes (for LT) 1583 if ((p_cb->cert_failure == SMP_NUMERIC_COMPAR_FAIL) && 1584 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS) && 1585 (p_cb->role == HCI_ROLE_SLAVE)) { 1586 SMP_TRACE_ERROR("%s failure case = %d", __func__, p_cb->cert_failure); 1587 tSMP_INT_DATA smp_int_data; 1588 smp_int_data.status = SMP_NUMERIC_COMPAR_FAIL; 1589 p_cb->failure = SMP_NUMERIC_COMPAR_FAIL; 1590 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); 1591 return; 1592 } 1593 1594 switch (p_cb->selected_association_model) { 1595 case SMP_MODEL_SEC_CONN_JUSTWORKS: 1596 case SMP_MODEL_SEC_CONN_NUM_COMP: 1597 /* in these models only master receives commitment */ 1598 if (p_cb->role == HCI_ROLE_MASTER) { 1599 if (!smp_check_commitment(p_cb)) { 1600 tSMP_INT_DATA smp_int_data; 1601 smp_int_data.status = SMP_CONFIRM_VALUE_ERR; 1602 p_cb->failure = SMP_CONFIRM_VALUE_ERR; 1603 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); 1604 break; 1605 } 1606 } else { 1607 /* slave sends local nonce */ 1608 smp_send_rand(p_cb, NULL); 1609 } 1610 1611 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS) { 1612 /* go directly to phase 2 */ 1613 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL); 1614 } else /* numeric comparison */ 1615 { 1616 smp_set_state(SMP_STATE_WAIT_NONCE); 1617 smp_sm_event(p_cb, SMP_SC_CALC_NC_EVT, NULL); 1618 } 1619 break; 1620 case SMP_MODEL_SEC_CONN_PASSKEY_ENT: 1621 case SMP_MODEL_SEC_CONN_PASSKEY_DISP: 1622 if (!smp_check_commitment(p_cb) && 1623 p_cb->cert_failure != SMP_NUMERIC_COMPAR_FAIL) { 1624 tSMP_INT_DATA smp_int_data; 1625 smp_int_data.status = SMP_CONFIRM_VALUE_ERR; 1626 p_cb->failure = SMP_CONFIRM_VALUE_ERR; 1627 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); 1628 break; 1629 } 1630 1631 if (p_cb->role == HCI_ROLE_SLAVE) { 1632 smp_send_rand(p_cb, NULL); 1633 } 1634 1635 if (++p_cb->round < 20) { 1636 smp_set_state(SMP_STATE_SEC_CONN_PHS1_START); 1637 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM; 1638 smp_start_nonce_generation(p_cb); 1639 break; 1640 } 1641 1642 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL); 1643 break; 1644 case SMP_MODEL_SEC_CONN_OOB: 1645 if (p_cb->role == HCI_ROLE_SLAVE) { 1646 smp_send_rand(p_cb, NULL); 1647 } 1648 1649 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL); 1650 break; 1651 default: 1652 SMP_TRACE_ERROR("Association Model = %d is not used in LE SC", 1653 p_cb->selected_association_model); 1654 break; 1655 } 1656 1657 SMP_TRACE_DEBUG("%s end ", __func__); 1658 } 1659 1660 /******************************************************************************* 1661 * Function smp_match_dhkey_checks 1662 * Description checks if the calculated peer DHKey Check value is the same as 1663 * received from the peer DHKey check value. 1664 ******************************************************************************/ 1665 void smp_match_dhkey_checks(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 1666 1667 SMP_TRACE_DEBUG("%s", __func__); 1668 1669 if (memcmp(p_data->key.p_data, p_cb->remote_dhkey_check, BT_OCTET16_LEN)) { 1670 SMP_TRACE_WARNING("dhkey chcks do no match"); 1671 tSMP_INT_DATA smp_int_data; 1672 smp_int_data.status = SMP_DHKEY_CHK_FAIL; 1673 p_cb->failure = SMP_DHKEY_CHK_FAIL; 1674 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); 1675 return; 1676 } 1677 1678 SMP_TRACE_EVENT("dhkey chcks match"); 1679 1680 /* compare the max encryption key size, and save the smaller one for the link 1681 */ 1682 if (p_cb->peer_enc_size < p_cb->loc_enc_size) 1683 p_cb->loc_enc_size = p_cb->peer_enc_size; 1684 1685 if (p_cb->role == HCI_ROLE_SLAVE) { 1686 smp_sm_event(p_cb, SMP_PAIR_DHKEY_CHCK_EVT, NULL); 1687 } else { 1688 /* master device always use received i/r key as keys to distribute */ 1689 p_cb->local_i_key = p_cb->peer_i_key; 1690 p_cb->local_r_key = p_cb->peer_r_key; 1691 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL); 1692 } 1693 } 1694 1695 /******************************************************************************* 1696 * Function smp_move_to_secure_connections_phase2 1697 * Description Signal State Machine to start SC phase 2 initialization (to 1698 * compute local DHKey Check value). 1699 * 1700 * Note SM is supposed to be in the state SMP_STATE_SEC_CONN_PHS2_START. 1701 ******************************************************************************/ 1702 void smp_move_to_secure_connections_phase2(tSMP_CB* p_cb, 1703 tSMP_INT_DATA* p_data) { 1704 SMP_TRACE_DEBUG("%s", __func__); 1705 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL); 1706 } 1707 1708 /******************************************************************************* 1709 * Function smp_phase_2_dhkey_checks_are_present 1710 * Description generates event if dhkey check from the peer is already 1711 * received. 1712 * 1713 * Note It is supposed to be used on slave to prevent race condition. 1714 * It is supposed to be called after slave dhkey check is 1715 * calculated. 1716 ******************************************************************************/ 1717 void smp_phase_2_dhkey_checks_are_present(tSMP_CB* p_cb, 1718 tSMP_INT_DATA* p_data) { 1719 SMP_TRACE_DEBUG("%s", __func__); 1720 1721 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK) 1722 smp_sm_event(p_cb, SMP_SC_2_DHCK_CHKS_PRES_EVT, NULL); 1723 } 1724 1725 /******************************************************************************* 1726 * Function smp_wait_for_both_public_keys 1727 * Description generates SMP_BOTH_PUBL_KEYS_RCVD_EVT event when both local and 1728 * master public keys are available. 1729 * 1730 * Note on the slave it is used to prevent race condition. 1731 * 1732 ******************************************************************************/ 1733 void smp_wait_for_both_public_keys(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 1734 SMP_TRACE_DEBUG("%s", __func__); 1735 1736 if ((p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY) && 1737 (p_cb->flags & SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY)) { 1738 if ((p_cb->role == HCI_ROLE_SLAVE) && 1739 ((p_cb->req_oob_type == SMP_OOB_LOCAL) || 1740 (p_cb->req_oob_type == SMP_OOB_BOTH))) { 1741 smp_set_state(SMP_STATE_PUBLIC_KEY_EXCH); 1742 } 1743 smp_sm_event(p_cb, SMP_BOTH_PUBL_KEYS_RCVD_EVT, NULL); 1744 } 1745 } 1746 1747 /******************************************************************************* 1748 * Function smp_start_passkey_verification 1749 * Description Starts SC passkey entry verification. 1750 ******************************************************************************/ 1751 void smp_start_passkey_verification(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 1752 uint8_t* p = NULL; 1753 1754 SMP_TRACE_DEBUG("%s", __func__); 1755 p = p_cb->local_random; 1756 UINT32_TO_STREAM(p, p_data->passkey); 1757 1758 p = p_cb->peer_random; 1759 UINT32_TO_STREAM(p, p_data->passkey); 1760 1761 p_cb->round = 0; 1762 smp_start_nonce_generation(p_cb); 1763 } 1764 1765 /******************************************************************************* 1766 * Function smp_process_secure_connection_oob_data 1767 * Description Processes local/peer SC OOB data received from somewhere. 1768 ******************************************************************************/ 1769 void smp_process_secure_connection_oob_data(tSMP_CB* p_cb, 1770 tSMP_INT_DATA* p_data) { 1771 SMP_TRACE_DEBUG("%s", __func__); 1772 1773 tSMP_SC_OOB_DATA* p_sc_oob_data = &p_cb->sc_oob_data; 1774 if (p_sc_oob_data->loc_oob_data.present) { 1775 memcpy(p_cb->local_random, p_sc_oob_data->loc_oob_data.randomizer, 1776 sizeof(p_cb->local_random)); 1777 } else { 1778 SMP_TRACE_EVENT("%s: local OOB randomizer is absent", __func__); 1779 memset(p_cb->local_random, 0, sizeof(p_cb->local_random)); 1780 } 1781 1782 if (!p_sc_oob_data->peer_oob_data.present) { 1783 SMP_TRACE_EVENT("%s: peer OOB data is absent", __func__); 1784 memset(p_cb->peer_random, 0, sizeof(p_cb->peer_random)); 1785 } else { 1786 memcpy(p_cb->peer_random, p_sc_oob_data->peer_oob_data.randomizer, 1787 sizeof(p_cb->peer_random)); 1788 memcpy(p_cb->remote_commitment, p_sc_oob_data->peer_oob_data.commitment, 1789 sizeof(p_cb->remote_commitment)); 1790 1791 /* check commitment */ 1792 if (!smp_check_commitment(p_cb)) { 1793 tSMP_INT_DATA smp_int_data; 1794 smp_int_data.status = SMP_CONFIRM_VALUE_ERR; 1795 p_cb->failure = SMP_CONFIRM_VALUE_ERR; 1796 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); 1797 return; 1798 } 1799 1800 if (p_cb->peer_oob_flag != SMP_OOB_PRESENT) { 1801 /* the peer doesn't have local randomiser */ 1802 SMP_TRACE_EVENT( 1803 "%s: peer didn't receive local OOB data, set local randomizer to 0", 1804 __func__); 1805 memset(p_cb->local_random, 0, sizeof(p_cb->local_random)); 1806 } 1807 } 1808 1809 print128(p_cb->local_random, (const uint8_t*)"local OOB randomizer"); 1810 print128(p_cb->peer_random, (const uint8_t*)"peer OOB randomizer"); 1811 smp_start_nonce_generation(p_cb); 1812 } 1813 1814 /******************************************************************************* 1815 * Function smp_set_local_oob_keys 1816 * Description Saves calculated private/public keys in 1817 * sc_oob_data.loc_oob_data, starts nonce generation 1818 * (to be saved in sc_oob_data.loc_oob_data.randomizer). 1819 ******************************************************************************/ 1820 void smp_set_local_oob_keys(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 1821 SMP_TRACE_DEBUG("%s", __func__); 1822 1823 memcpy(p_cb->sc_oob_data.loc_oob_data.private_key_used, p_cb->private_key, 1824 BT_OCTET32_LEN); 1825 p_cb->sc_oob_data.loc_oob_data.publ_key_used = p_cb->loc_publ_key; 1826 smp_start_nonce_generation(p_cb); 1827 } 1828 1829 /******************************************************************************* 1830 * Function smp_set_local_oob_random_commitment 1831 * Description Saves calculated randomizer and commitment in 1832 * sc_oob_data.loc_oob_data, passes sc_oob_data.loc_oob_data up 1833 * for safekeeping. 1834 ******************************************************************************/ 1835 void smp_set_local_oob_random_commitment(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 1836 SMP_TRACE_DEBUG("%s", __func__); 1837 memcpy(p_cb->sc_oob_data.loc_oob_data.randomizer, p_cb->rand, BT_OCTET16_LEN); 1838 1839 smp_calculate_f4(p_cb->sc_oob_data.loc_oob_data.publ_key_used.x, 1840 p_cb->sc_oob_data.loc_oob_data.publ_key_used.x, 1841 p_cb->sc_oob_data.loc_oob_data.randomizer, 0, 1842 p_cb->sc_oob_data.loc_oob_data.commitment); 1843 1844 #if (SMP_DEBUG == TRUE) 1845 uint8_t* p_print = NULL; 1846 SMP_TRACE_DEBUG("local SC OOB data set:"); 1847 p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.addr_sent_to; 1848 smp_debug_print_nbyte_little_endian(p_print, "addr_sent_to", 1849 sizeof(tBLE_BD_ADDR)); 1850 p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.private_key_used; 1851 smp_debug_print_nbyte_little_endian(p_print, "private_key_used", 1852 BT_OCTET32_LEN); 1853 p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.publ_key_used.x; 1854 smp_debug_print_nbyte_little_endian(p_print, "publ_key_used.x", 1855 BT_OCTET32_LEN); 1856 p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.publ_key_used.y; 1857 smp_debug_print_nbyte_little_endian(p_print, "publ_key_used.y", 1858 BT_OCTET32_LEN); 1859 p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.randomizer; 1860 smp_debug_print_nbyte_little_endian(p_print, "randomizer", BT_OCTET16_LEN); 1861 p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.commitment; 1862 smp_debug_print_nbyte_little_endian(p_print, "commitment", BT_OCTET16_LEN); 1863 SMP_TRACE_DEBUG(""); 1864 #endif 1865 1866 /* pass created OOB data up */ 1867 p_cb->cb_evt = SMP_SC_LOC_OOB_DATA_UP_EVT; 1868 smp_send_app_cback(p_cb, NULL); 1869 1870 smp_cb_cleanup(p_cb); 1871 } 1872 1873 /******************************************************************************* 1874 * 1875 * Function smp_link_encrypted 1876 * 1877 * Description This function is called when link is encrypted and notified 1878 * to the slave device. Proceed to to send LTK, DIV and ER to 1879 * master if bonding the devices. 1880 * 1881 * 1882 * Returns void 1883 * 1884 ******************************************************************************/ 1885 void smp_link_encrypted(const RawAddress& bda, uint8_t encr_enable) { 1886 tSMP_CB* p_cb = &smp_cb; 1887 1888 SMP_TRACE_DEBUG("%s: encr_enable=%d", __func__, encr_enable); 1889 1890 if (smp_cb.pairing_bda == bda) { 1891 /* encryption completed with STK, remember the key size now, could be 1892 * overwritten when key exchange happens */ 1893 if (p_cb->loc_enc_size != 0 && encr_enable) { 1894 /* update the link encryption key size if a SMP pairing just performed */ 1895 btm_ble_update_sec_key_size(bda, p_cb->loc_enc_size); 1896 } 1897 1898 tSMP_INT_DATA smp_int_data; 1899 smp_int_data.status = encr_enable; 1900 smp_sm_event(&smp_cb, SMP_ENCRYPTED_EVT, &smp_int_data); 1901 } 1902 } 1903 1904 /******************************************************************************* 1905 * 1906 * Function smp_proc_ltk_request 1907 * 1908 * Description This function is called when LTK request is received from 1909 * controller. 1910 * 1911 * Returns void 1912 * 1913 ******************************************************************************/ 1914 bool smp_proc_ltk_request(const RawAddress& bda) { 1915 SMP_TRACE_DEBUG("%s state = %d", __func__, smp_cb.state); 1916 bool match = false; 1917 1918 if (bda == smp_cb.pairing_bda) { 1919 match = true; 1920 } else { 1921 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bda); 1922 if (p_dev_rec != NULL && p_dev_rec->ble.pseudo_addr == smp_cb.pairing_bda && 1923 p_dev_rec->ble.pseudo_addr != RawAddress::kEmpty) { 1924 match = true; 1925 } 1926 } 1927 1928 if (match && smp_cb.state == SMP_STATE_ENCRYPTION_PENDING) { 1929 smp_sm_event(&smp_cb, SMP_ENC_REQ_EVT, NULL); 1930 return true; 1931 } 1932 1933 return false; 1934 } 1935 1936 /******************************************************************************* 1937 * 1938 * Function smp_process_secure_connection_long_term_key 1939 * 1940 * Description This function is called to process SC LTK. 1941 * SC LTK is calculated and used instead of STK. 1942 * Here SC LTK is saved in BLE DB. 1943 * 1944 * Returns void 1945 * 1946 ******************************************************************************/ 1947 void smp_process_secure_connection_long_term_key(void) { 1948 tSMP_CB* p_cb = &smp_cb; 1949 1950 SMP_TRACE_DEBUG("%s", __func__); 1951 smp_save_secure_connections_long_term_key(p_cb); 1952 1953 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ENC, false); 1954 smp_key_distribution(p_cb, NULL); 1955 } 1956 1957 /******************************************************************************* 1958 * 1959 * Function smp_set_derive_link_key 1960 * 1961 * Description This function is called to set flag that indicates that 1962 * BR/EDR LK has to be derived from LTK after all keys are 1963 * distributed. 1964 * 1965 * Returns void 1966 * 1967 ******************************************************************************/ 1968 void smp_set_derive_link_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 1969 SMP_TRACE_DEBUG("%s", __func__); 1970 p_cb->derive_lk = true; 1971 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_LK, false); 1972 smp_key_distribution(p_cb, NULL); 1973 } 1974 1975 /******************************************************************************* 1976 * 1977 * Function smp_derive_link_key_from_long_term_key 1978 * 1979 * Description This function is called to derive BR/EDR LK from LTK. 1980 * 1981 * Returns void 1982 * 1983 ******************************************************************************/ 1984 void smp_derive_link_key_from_long_term_key(tSMP_CB* p_cb, 1985 tSMP_INT_DATA* p_data) { 1986 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN; 1987 1988 SMP_TRACE_DEBUG("%s", __func__); 1989 if (!smp_calculate_link_key_from_long_term_key(p_cb)) { 1990 SMP_TRACE_ERROR("%s failed", __func__); 1991 tSMP_INT_DATA smp_int_data; 1992 smp_int_data.status = status; 1993 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data); 1994 return; 1995 } 1996 } 1997 1998 /******************************************************************************* 1999 * 2000 * Function smp_br_process_link_key 2001 * 2002 * Description This function is called to process BR/EDR LK: 2003 * - to derive SMP LTK from BR/EDR LK; 2004 * - to save SMP LTK. 2005 * 2006 * Returns void 2007 * 2008 ******************************************************************************/ 2009 void smp_br_process_link_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 2010 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN; 2011 2012 SMP_TRACE_DEBUG("%s", __func__); 2013 if (!smp_calculate_long_term_key_from_link_key(p_cb)) { 2014 SMP_TRACE_ERROR("%s: failed", __func__); 2015 tSMP_INT_DATA smp_int_data; 2016 smp_int_data.status = status; 2017 smp_sm_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &smp_int_data); 2018 return; 2019 } 2020 2021 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(p_cb->pairing_bda); 2022 if (p_dev_rec) { 2023 SMP_TRACE_DEBUG("%s: dev_type = %d ", __func__, p_dev_rec->device_type); 2024 p_dev_rec->device_type |= BT_DEVICE_TYPE_BLE; 2025 } else { 2026 SMP_TRACE_ERROR("%s failed to find Security Record", __func__); 2027 } 2028 2029 SMP_TRACE_DEBUG("%s: LTK derivation from LK successfully completed", 2030 __func__); 2031 smp_save_secure_connections_long_term_key(p_cb); 2032 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ENC, false); 2033 smp_br_select_next_key(p_cb, NULL); 2034 } 2035 2036 /******************************************************************************* 2037 * Function smp_key_distribution_by_transport 2038 * Description depending on the transport used at the moment calls either 2039 * smp_key_distribution(...) or smp_br_key_distribution(...). 2040 ******************************************************************************/ 2041 void smp_key_distribution_by_transport(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 2042 SMP_TRACE_DEBUG("%s", __func__); 2043 if (p_cb->smp_over_br) { 2044 smp_br_select_next_key(p_cb, NULL); 2045 } else { 2046 smp_key_distribution(p_cb, NULL); 2047 } 2048 } 2049 2050 /******************************************************************************* 2051 * Function smp_br_pairing_complete 2052 * Description This function is called to send the pairing complete 2053 * callback and remove the connection if needed. 2054 ******************************************************************************/ 2055 void smp_br_pairing_complete(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) { 2056 SMP_TRACE_DEBUG("%s", __func__); 2057 2058 if (p_cb->total_tx_unacked == 0) { 2059 /* process the pairing complete */ 2060 smp_proc_pairing_cmpl(p_cb); 2061 } 2062 } 2063