1 /******************************************************************************
2 *
3 * Copyright (C) 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains functions for BLE device control utilities, and LE
22 * security functions.
23 *
24 ******************************************************************************/
25 #include "common/bt_target.h"
26
27 #include <string.h>
28
29 #include "stack/bt_types.h"
30 #include "stack/hcimsgs.h"
31 #include "stack/btu.h"
32 #include "btm_int.h"
33 #include "stack/btm_ble_api.h"
34 #include "stack/smp_api.h"
35 #include "l2c_int.h"
36 #include "stack/gap_api.h"
37 //#include "bt_utils.h"
38 #include "device/controller.h"
39
40 //#define LOG_TAG "bt_btm_ble"
41 //#include "osi/include/log.h"
42 #if BLE_INCLUDED == TRUE
43 #if SMP_INCLUDED == TRUE
44 // The temp variable to pass parameter between functions when in the connected event callback.
45 static BOOLEAN temp_enhanced = FALSE;
46 extern BOOLEAN aes_cipher_msg_auth_code(BT_OCTET16 key, UINT8 *input, UINT16 length,
47 UINT16 tlen, UINT8 *p_signature);
48 extern void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable);
49 extern BOOLEAN smp_proc_ltk_request(BD_ADDR bda);
50 #endif
51 extern void gatt_notify_enc_cmpl(BD_ADDR bd_addr);
52 /*******************************************************************************/
53 /* External Function to be called by other modules */
54 /*******************************************************************************/
55 /********************************************************
56 **
57 ** Function BTM_SecAddBleDevice
58 **
59 ** Description Add/modify device. This function will be normally called
60 ** during host startup to restore all required information
61 ** for a LE device stored in the NVRAM.
62 **
63 ** Parameters: bd_addr - BD address of the peer
64 ** bd_name - Name of the peer device. NULL if unknown.
65 ** dev_type - Remote device's device type.
66 ** addr_type - LE device address type.
67 ** auth_mode - auth mode
68 **
69 ** Returns TRUE if added OK, else FALSE
70 **
71 *******************************************************************************/
72 #if (SMP_INCLUDED == TRUE)
BTM_SecAddBleDevice(BD_ADDR bd_addr,BD_NAME bd_name,tBT_DEVICE_TYPE dev_type,tBLE_ADDR_TYPE addr_type,UINT32 auth_mode)73 BOOLEAN BTM_SecAddBleDevice (BD_ADDR bd_addr, BD_NAME bd_name, tBT_DEVICE_TYPE dev_type,
74 tBLE_ADDR_TYPE addr_type, UINT32 auth_mode)
75 {
76 tBTM_SEC_DEV_REC *p_dev_rec;
77 tBTM_INQ_INFO *p_info = NULL;
78
79 BTM_TRACE_DEBUG ("BTM_SecAddBleDevice dev_type=0x%x", dev_type);
80 p_dev_rec = btm_find_dev (bd_addr);
81
82 if (!p_dev_rec) {
83 BTM_TRACE_DEBUG("Add a new device");
84
85 /* There is no device record, allocate one.
86 * If we can not find an empty spot for this one, let it fail. */
87 if (list_length(btm_cb.p_sec_dev_rec_list) < BTM_SEC_MAX_DEVICE_RECORDS) {
88 p_dev_rec = (tBTM_SEC_DEV_REC *)osi_malloc(sizeof(tBTM_SEC_DEV_REC));
89 if(p_dev_rec) {
90 list_append(btm_cb.p_sec_dev_rec_list, p_dev_rec);
91 BTM_TRACE_DEBUG ("allocate a new dev rec idx=0x%x\n", list_length(btm_cb.p_sec_dev_rec_list));
92
93 /* Mark this record as in use and initialize */
94 memset (p_dev_rec, 0, sizeof (tBTM_SEC_DEV_REC));
95 p_dev_rec->sec_flags = BTM_SEC_IN_USE;
96 memcpy (p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN);
97 p_dev_rec->hci_handle = BTM_GetHCIConnHandle (bd_addr, BT_TRANSPORT_BR_EDR);
98 p_dev_rec->ble_hci_handle = BTM_GetHCIConnHandle (bd_addr, BT_TRANSPORT_LE);
99
100 /* update conn params, use default value for background connection params */
101 p_dev_rec->conn_params.min_conn_int =
102 p_dev_rec->conn_params.max_conn_int =
103 p_dev_rec->conn_params.supervision_tout =
104 p_dev_rec->conn_params.slave_latency = BTM_BLE_CONN_PARAM_UNDEF;
105
106 BTM_TRACE_DEBUG ("hci_handl=0x%x ", p_dev_rec->ble_hci_handle );
107 }
108 }
109
110 if (!p_dev_rec) {
111 return (FALSE);
112 }
113 } else {
114 BTM_TRACE_DEBUG("Device already exist");
115 }
116
117 memset(p_dev_rec->sec_bd_name, 0, sizeof(tBTM_BD_NAME));
118
119 if (bd_name && bd_name[0]) {
120 p_dev_rec->sec_flags |= BTM_SEC_NAME_KNOWN;
121 BCM_STRNCPY_S ((char *)p_dev_rec->sec_bd_name, (char *)bd_name, BTM_MAX_REM_BD_NAME_LEN);
122 }
123 p_dev_rec->device_type |= dev_type;
124 p_dev_rec->ble.ble_addr_type = addr_type;
125 p_dev_rec->ble.auth_mode = auth_mode;
126
127 memcpy (p_dev_rec->ble.pseudo_addr, bd_addr, BD_ADDR_LEN);
128 /* sync up with the Inq Data base*/
129 p_info = BTM_InqDbRead(bd_addr);
130 if (p_info) {
131 p_info->results.ble_addr_type = p_dev_rec->ble.ble_addr_type ;
132 p_info->results.device_type = p_dev_rec->device_type;
133 BTM_TRACE_DEBUG ("InqDb device_type =0x%x addr_type=0x%x",
134 p_info->results.device_type, p_info->results.ble_addr_type);
135 }
136 return (TRUE);
137 }
138 #endif ///SMP_INCLUDED == TRUE
139
140
141 /*******************************************************************************
142 **
143 ** Function BTM_SecAddBleKey
144 **
145 ** Description Add/modify LE device information. This function will be
146 ** normally called during host startup to restore all required
147 ** information stored in the NVRAM.
148 **
149 ** Parameters: bd_addr - BD address of the peer
150 ** p_le_key - LE key values.
151 ** key_type - LE SMP key type.
152 *
153 ** Returns TRUE if added OK, else FALSE
154 **
155 *******************************************************************************/
156 #if SMP_INCLUDED == TRUE
BTM_SecAddBleKey(BD_ADDR bd_addr,tBTM_LE_KEY_VALUE * p_le_key,tBTM_LE_KEY_TYPE key_type)157 BOOLEAN BTM_SecAddBleKey (BD_ADDR bd_addr, tBTM_LE_KEY_VALUE *p_le_key, tBTM_LE_KEY_TYPE key_type)
158 {
159 tBTM_SEC_DEV_REC *p_dev_rec;
160 BTM_TRACE_DEBUG ("BTM_SecAddBleKey");
161 p_dev_rec = btm_find_dev (bd_addr);
162 if (!p_dev_rec || !p_le_key ||
163 (key_type != BTM_LE_KEY_PENC && key_type != BTM_LE_KEY_PID &&
164 key_type != BTM_LE_KEY_PCSRK && key_type != BTM_LE_KEY_LENC &&
165 key_type != BTM_LE_KEY_LCSRK && key_type != BTM_LE_KEY_LID)) {
166 BTM_TRACE_WARNING ("BTM_SecAddBleKey() Wrong Type, or No Device record \
167 for bdaddr: %08x%04x, Type: %d",
168 (bd_addr[0] << 24) + (bd_addr[1] << 16) + (bd_addr[2] << 8) + bd_addr[3],
169 (bd_addr[4] << 8) + bd_addr[5], key_type);
170 return (FALSE);
171 }
172
173 BTM_TRACE_DEBUG ("BTM_SecAddLeKey() BDA: %08x%04x, Type: 0x%02x",
174 (bd_addr[0] << 24) + (bd_addr[1] << 16) + (bd_addr[2] << 8) + bd_addr[3],
175 (bd_addr[4] << 8) + bd_addr[5], key_type);
176
177 btm_sec_save_le_key (bd_addr, key_type, p_le_key, FALSE);
178
179 #if (BLE_PRIVACY_SPT == TRUE)
180 if (key_type == BTM_LE_KEY_PID || key_type == BTM_LE_KEY_LID) {
181 btm_ble_resolving_list_load_dev (p_dev_rec);
182 }
183 #endif
184
185
186 return (TRUE);
187 }
188 #endif
189
190
191 /*******************************************************************************
192 **
193 ** Function BTM_BleLoadLocalKeys
194 **
195 ** Description Local local identity key, encryption root or sign counter.
196 **
197 ** Parameters: key_type: type of key, can be BTM_BLE_KEY_TYPE_ID, BTM_BLE_KEY_TYPE_ER
198 ** or BTM_BLE_KEY_TYPE_COUNTER.
199 ** p_key: pointer to the key.
200 *
201 ** Returns non2.
202 **
203 *******************************************************************************/
BTM_BleLoadLocalKeys(UINT8 key_type,tBTM_BLE_LOCAL_KEYS * p_key)204 void BTM_BleLoadLocalKeys(UINT8 key_type, tBTM_BLE_LOCAL_KEYS *p_key)
205 {
206 tBTM_DEVCB *p_devcb = &btm_cb.devcb;
207 BTM_TRACE_DEBUG ("%s", __func__);
208 if (p_key != NULL) {
209 switch (key_type) {
210 case BTM_BLE_KEY_TYPE_ID:
211 memcpy(&p_devcb->id_keys, &p_key->id_keys, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
212 break;
213
214 case BTM_BLE_KEY_TYPE_ER:
215 memcpy(p_devcb->ble_encryption_key_value, p_key->er, sizeof(BT_OCTET16));
216 break;
217
218 default:
219 BTM_TRACE_ERROR("unknow local key type: %d", key_type);
220 break;
221 }
222 }
223 }
224
225 /*******************************************************************************
226 **
227 ** Function BTM_GetDeviceEncRoot
228 **
229 ** Description This function is called to read the local device encryption
230 ** root.
231 **
232 ** Returns void
233 ** the local device ER is copied into ble_encr_key_value
234 **
235 *******************************************************************************/
BTM_GetDeviceEncRoot(BT_OCTET16 ble_encr_key_value)236 void BTM_GetDeviceEncRoot (BT_OCTET16 ble_encr_key_value)
237 {
238 BTM_TRACE_DEBUG ("%s", __func__);
239 memcpy (ble_encr_key_value, btm_cb.devcb.ble_encryption_key_value, BT_OCTET16_LEN);
240 }
241
242 /*******************************************************************************
243 **
244 ** Function BTM_GetDeviceIDRoot
245 **
246 ** Description This function is called to read the local device identity
247 ** root.
248 **
249 ** Returns void
250 ** the local device IR is copied into irk
251 **
252 *******************************************************************************/
BTM_GetDeviceIDRoot(BT_OCTET16 irk)253 void BTM_GetDeviceIDRoot (BT_OCTET16 irk)
254 {
255 BTM_TRACE_DEBUG ("BTM_GetDeviceIDRoot ");
256
257 memcpy (irk, btm_cb.devcb.id_keys.irk, BT_OCTET16_LEN);
258 }
259
260 /*******************************************************************************
261 **
262 ** Function BTM_GetDeviceDHK
263 **
264 ** Description This function is called to read the local device DHK.
265 **
266 ** Returns void
267 ** the local device DHK is copied into dhk
268 **
269 *******************************************************************************/
BTM_GetDeviceDHK(BT_OCTET16 dhk)270 void BTM_GetDeviceDHK (BT_OCTET16 dhk)
271 {
272 BTM_TRACE_DEBUG ("BTM_GetDeviceDHK");
273 memcpy (dhk, btm_cb.devcb.id_keys.dhk, BT_OCTET16_LEN);
274 }
275
276 /*******************************************************************************
277 **
278 ** Function BTM_ReadConnectionAddr
279 **
280 ** Description This function is called to get the local device address information
281 ** .
282 **
283 ** Returns void
284 **
285 *******************************************************************************/
BTM_ReadConnectionAddr(BD_ADDR remote_bda,BD_ADDR local_conn_addr,tBLE_ADDR_TYPE * p_addr_type)286 void BTM_ReadConnectionAddr (BD_ADDR remote_bda, BD_ADDR local_conn_addr, tBLE_ADDR_TYPE *p_addr_type)
287 {
288 tACL_CONN *p_acl = btm_bda_to_acl(remote_bda, BT_TRANSPORT_LE);
289
290 if (p_acl == NULL) {
291 BTM_TRACE_ERROR("No connection exist!");
292 return;
293 }
294 memcpy(local_conn_addr, p_acl->conn_addr, BD_ADDR_LEN);
295 * p_addr_type = p_acl->conn_addr_type;
296
297 BTM_TRACE_DEBUG ("BTM_ReadConnectionAddr address type: %d addr: 0x%02x",
298 p_acl->conn_addr_type, p_acl->conn_addr[0]);
299 }
300
301 /*******************************************************************************
302 **
303 ** Function BTM_IsBleConnection
304 **
305 ** Description This function is called to check if the connection handle
306 ** for an LE link
307 **
308 ** Returns TRUE if connection is LE link, otherwise FALSE.
309 **
310 *******************************************************************************/
BTM_IsBleConnection(UINT16 conn_handle)311 BOOLEAN BTM_IsBleConnection (UINT16 conn_handle)
312 {
313 #if (BLE_INCLUDED == TRUE)
314 tACL_CONN *p;
315
316 BTM_TRACE_API ("BTM_IsBleConnection: conn_handle: %d", conn_handle);
317
318 p = btm_handle_to_acl(conn_handle);
319 if (!p) {
320 return FALSE;
321 }
322 return (p->transport == BT_TRANSPORT_LE);
323 #else
324 return FALSE;
325 #endif
326 }
327
328 /*******************************************************************************
329 **
330 ** Function BTM_ReadRemoteConnectionAddr
331 **
332 ** Description This function is read the remote device address currently used
333 **
334 ** Parameters pseudo_addr: pseudo random address available
335 ** conn_addr:connection address used
336 ** p_addr_type : BD Address type, Public or Random of the address used
337 **
338 ** Returns BOOLEAN , TRUE if connection to remote device exists, else FALSE
339 **
340 *******************************************************************************/
BTM_ReadRemoteConnectionAddr(BD_ADDR pseudo_addr,BD_ADDR conn_addr,tBLE_ADDR_TYPE * p_addr_type)341 BOOLEAN BTM_ReadRemoteConnectionAddr(BD_ADDR pseudo_addr, BD_ADDR conn_addr,
342 tBLE_ADDR_TYPE *p_addr_type)
343 {
344 BOOLEAN st = TRUE;
345 #if (BLE_PRIVACY_SPT == TRUE)
346 tACL_CONN *p = btm_bda_to_acl (pseudo_addr, BT_TRANSPORT_LE);
347
348 if (p == NULL) {
349 BTM_TRACE_ERROR("BTM_ReadRemoteConnectionAddr can not find connection"
350 " with matching address");
351 return FALSE;
352 }
353
354 memcpy(conn_addr, p->active_remote_addr, BD_ADDR_LEN);
355 *p_addr_type = p->active_remote_addr_type;
356 #else
357 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(pseudo_addr);
358
359 memcpy(conn_addr, pseudo_addr, BD_ADDR_LEN);
360 if (p_dev_rec != NULL) {
361 *p_addr_type = p_dev_rec->ble.ble_addr_type;
362 }
363 #endif
364 return st;
365
366 }
367 /*******************************************************************************
368 **
369 ** Function BTM_SecurityGrant
370 **
371 ** Description This function is called to grant security process.
372 **
373 ** Parameters bd_addr - peer device bd address.
374 ** res - result of the operation BTM_SUCCESS if success.
375 ** Otherwise, BTM_REPEATED_ATTEMPTS is too many attempts.
376 **
377 ** Returns None
378 **
379 *******************************************************************************/
BTM_SecurityGrant(BD_ADDR bd_addr,UINT8 res)380 void BTM_SecurityGrant(BD_ADDR bd_addr, UINT8 res)
381 {
382 #if SMP_INCLUDED == TRUE
383 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_REPEATED_ATTEMPTS;
384 BTM_TRACE_DEBUG ("BTM_SecurityGrant");
385 SMP_SecurityGrant(bd_addr, res_smp);
386 #endif
387 }
388
389 /*******************************************************************************
390 **
391 ** Function BTM_BlePasskeyReply
392 **
393 ** Description This function is called after Security Manager submitted
394 ** passkey request to the application.
395 **
396 ** Parameters: bd_addr - Address of the device for which passkey was requested
397 ** res - result of the operation BTM_SUCCESS if success
398 ** key_len - length in bytes of the Passkey
399 ** p_passkey - pointer to array with the passkey
400 ** trusted_mask - bitwise OR of trusted services (array of UINT32)
401 **
402 *******************************************************************************/
BTM_BlePasskeyReply(BD_ADDR bd_addr,UINT8 res,UINT32 passkey)403 void BTM_BlePasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey)
404 {
405 #if SMP_INCLUDED == TRUE
406 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
407 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_PASSKEY_ENTRY_FAIL;
408
409 if (p_dev_rec == NULL) {
410 BTM_TRACE_ERROR("Passkey reply to Unknown device");
411 return;
412 }
413
414 p_dev_rec->sec_flags |= BTM_SEC_LE_AUTHENTICATED;
415 BTM_TRACE_DEBUG ("BTM_BlePasskeyReply");
416 SMP_PasskeyReply(bd_addr, res_smp, passkey);
417 #endif
418 }
419
420 /*******************************************************************************
421 **
422 ** Function BTM_BleSetStaticPasskey
423 **
424 ** Description This function is called to set static passkey
425 **
426 **
427 ** Parameters: add - set static passkey when add is TRUE
428 ** clear static passkey when add is FALSE
429 ** passkey - static passkey
430 **
431 **
432 *******************************************************************************/
BTM_BleSetStaticPasskey(BOOLEAN add,UINT32 passkey)433 void BTM_BleSetStaticPasskey(BOOLEAN add, UINT32 passkey)
434 {
435 #if SMP_INCLUDED == TRUE
436 SMP_SetStaticPasskey(add, passkey);
437 #endif
438 }
439
440 /*******************************************************************************
441 **
442 ** Function BTM_BleConfirmReply
443 **
444 ** Description This function is called after Security Manager submitted
445 ** numeric comparison request to the application.
446 **
447 ** Parameters: bd_addr - Address of the device with which numeric
448 ** comparison was requested
449 ** res - comparison result BTM_SUCCESS if success
450 **
451 *******************************************************************************/
452 #if (SMP_INCLUDED == TRUE)
BTM_BleConfirmReply(BD_ADDR bd_addr,UINT8 res)453 void BTM_BleConfirmReply (BD_ADDR bd_addr, UINT8 res)
454 {
455 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
456 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_PASSKEY_ENTRY_FAIL;
457
458 if (p_dev_rec == NULL) {
459 BTM_TRACE_ERROR("Passkey reply to Unknown device");
460 return;
461 }
462
463 p_dev_rec->sec_flags |= BTM_SEC_LE_AUTHENTICATED;
464 BTM_TRACE_DEBUG ("%s\n", __func__);
465 SMP_ConfirmReply(bd_addr, res_smp);
466 }
467 #endif ///SMP_INCLUDED == TRUE
468
469 /*******************************************************************************
470 **
471 ** Function BTM_BleOobDataReply
472 **
473 ** Description This function is called to provide the OOB data for
474 ** SMP in response to BTM_LE_OOB_REQ_EVT
475 **
476 ** Parameters: bd_addr - Address of the peer device
477 ** res - result of the operation SMP_SUCCESS if success
478 ** p_data - simple pairing Randomizer C.
479 **
480 *******************************************************************************/
BTM_BleOobDataReply(BD_ADDR bd_addr,UINT8 res,UINT8 len,UINT8 * p_data)481 void BTM_BleOobDataReply(BD_ADDR bd_addr, UINT8 res, UINT8 len, UINT8 *p_data)
482 {
483 #if SMP_INCLUDED == TRUE
484 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_OOB_FAIL;
485 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
486
487 BTM_TRACE_DEBUG ("BTM_BleOobDataReply");
488
489 if (p_dev_rec == NULL) {
490 BTM_TRACE_ERROR("BTM_BleOobDataReply() to Unknown device");
491 return;
492 }
493
494 p_dev_rec->sec_flags |= BTM_SEC_LE_AUTHENTICATED;
495 SMP_OobDataReply(bd_addr, res_smp, len, p_data);
496 #endif
497 }
498
499 /******************************************************************************
500 **
501 ** Function BTM_BleSetConnScanParams
502 **
503 ** Description Set scan parameter used in BLE connection request
504 **
505 ** Parameters: scan_interval: scan interval
506 ** scan_window: scan window
507 **
508 ** Returns void
509 **
510 *******************************************************************************/
BTM_BleSetConnScanParams(UINT32 scan_interval,UINT32 scan_window)511 void BTM_BleSetConnScanParams (UINT32 scan_interval, UINT32 scan_window)
512 {
513 #if SMP_INCLUDED == TRUE
514 tBTM_BLE_CB *p_ble_cb = &btm_cb.ble_ctr_cb;
515 BOOLEAN new_param = FALSE;
516
517 if (BTM_BLE_ISVALID_PARAM(scan_interval, BTM_BLE_SCAN_INT_MIN, BTM_BLE_SCAN_INT_MAX) &&
518 BTM_BLE_ISVALID_PARAM(scan_window, BTM_BLE_SCAN_WIN_MIN, BTM_BLE_SCAN_WIN_MAX)) {
519 if (p_ble_cb->scan_int != scan_interval) {
520 p_ble_cb->scan_int = scan_interval;
521 new_param = TRUE;
522 }
523
524 if (p_ble_cb->scan_win != scan_window) {
525 p_ble_cb->scan_win = scan_window;
526 new_param = TRUE;
527 }
528
529 if (new_param && p_ble_cb->conn_state == BLE_BG_CONN) {
530 btm_ble_suspend_bg_conn();
531 }
532 } else {
533 BTM_TRACE_ERROR("Illegal Connection Scan Parameters");
534 }
535 #endif
536 }
537
538 /********************************************************
539 **
540 ** Function BTM_BleSetPrefConnParams
541 **
542 ** Description Set a peripheral's preferred connection parameters
543 **
544 ** Parameters: bd_addr - BD address of the peripheral
545 ** scan_interval: scan interval
546 ** scan_window: scan window
547 ** min_conn_int - minimum preferred connection interval
548 ** max_conn_int - maximum preferred connection interval
549 ** slave_latency - preferred slave latency
550 ** supervision_tout - preferred supervision timeout
551 **
552 ** Returns void
553 **
554 *******************************************************************************/
BTM_BleSetPrefConnParams(BD_ADDR bd_addr,UINT16 min_conn_int,UINT16 max_conn_int,UINT16 slave_latency,UINT16 supervision_tout)555 void BTM_BleSetPrefConnParams (BD_ADDR bd_addr,
556 UINT16 min_conn_int, UINT16 max_conn_int,
557 UINT16 slave_latency, UINT16 supervision_tout)
558 {
559 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_or_alloc_dev (bd_addr);
560
561 BTM_TRACE_API ("BTM_BleSetPrefConnParams min: %u max: %u latency: %u \
562 tout: %u",
563 min_conn_int, max_conn_int, slave_latency, supervision_tout);
564
565 if (BTM_BLE_ISVALID_PARAM(min_conn_int, BTM_BLE_CONN_INT_MIN, BTM_BLE_CONN_INT_MAX) &&
566 BTM_BLE_ISVALID_PARAM(max_conn_int, BTM_BLE_CONN_INT_MIN, BTM_BLE_CONN_INT_MAX) &&
567 BTM_BLE_ISVALID_PARAM(supervision_tout, BTM_BLE_CONN_SUP_TOUT_MIN, BTM_BLE_CONN_SUP_TOUT_MAX) &&
568 (slave_latency <= BTM_BLE_CONN_LATENCY_MAX || slave_latency == BTM_BLE_CONN_PARAM_UNDEF)) {
569 if (p_dev_rec) {
570 /* expect conn int and stout and slave latency to be updated all together */
571 if (min_conn_int != BTM_BLE_CONN_PARAM_UNDEF || max_conn_int != BTM_BLE_CONN_PARAM_UNDEF) {
572 if (min_conn_int != BTM_BLE_CONN_PARAM_UNDEF) {
573 p_dev_rec->conn_params.min_conn_int = min_conn_int;
574 } else {
575 p_dev_rec->conn_params.min_conn_int = max_conn_int;
576 }
577
578 if (max_conn_int != BTM_BLE_CONN_PARAM_UNDEF) {
579 p_dev_rec->conn_params.max_conn_int = max_conn_int;
580 } else {
581 p_dev_rec->conn_params.max_conn_int = min_conn_int;
582 }
583
584 if (slave_latency != BTM_BLE_CONN_PARAM_UNDEF) {
585 p_dev_rec->conn_params.slave_latency = slave_latency;
586 } else {
587 p_dev_rec->conn_params.slave_latency = BTM_BLE_CONN_SLAVE_LATENCY_DEF;
588 }
589
590 if (supervision_tout != BTM_BLE_CONN_PARAM_UNDEF) {
591 p_dev_rec->conn_params.supervision_tout = supervision_tout;
592 } else {
593 p_dev_rec->conn_params.supervision_tout = BTM_BLE_CONN_TIMEOUT_DEF;
594 }
595
596 }
597
598 } else {
599 BTM_TRACE_ERROR("Unknown Device, setting rejected");
600 }
601 } else {
602 BTM_TRACE_ERROR("Illegal Connection Parameters");
603 }
604 }
605
606 /*******************************************************************************
607 **
608 ** Function BTM_ReadDevInfo
609 **
610 ** Description This function is called to read the device/address type
611 ** of BD address.
612 **
613 ** Parameter remote_bda: remote device address
614 ** p_dev_type: output parameter to read the device type.
615 ** p_addr_type: output parameter to read the address type.
616 **
617 *******************************************************************************/
BTM_ReadDevInfo(BD_ADDR remote_bda,tBT_DEVICE_TYPE * p_dev_type,tBLE_ADDR_TYPE * p_addr_type)618 void BTM_ReadDevInfo (BD_ADDR remote_bda, tBT_DEVICE_TYPE *p_dev_type, tBLE_ADDR_TYPE *p_addr_type)
619 {
620 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (remote_bda);
621 tBTM_INQ_INFO *p_inq_info = BTM_InqDbRead(remote_bda);
622 tBLE_ADDR_TYPE temp_addr_type = (*p_addr_type);
623
624 *p_addr_type = BLE_ADDR_PUBLIC;
625
626 if (!p_dev_rec) {
627 *p_dev_type = BT_DEVICE_TYPE_BREDR;
628 /* Check with the BT manager if details about remote device are known */
629 if (p_inq_info != NULL) {
630 *p_dev_type = p_inq_info->results.device_type ;
631 *p_addr_type = p_inq_info->results.ble_addr_type;
632 } else {
633 if(temp_addr_type <= BLE_ADDR_TYPE_MAX) {
634 *p_addr_type = temp_addr_type;
635 } else {
636 /* unknown device, assume BR/EDR */
637 BTM_TRACE_DEBUG ("btm_find_dev_type - unknown device, BR/EDR assumed");
638 }
639 }
640 } else { /* there is a security device record exisitng */
641 /* new inquiry result, overwrite device type in security device record */
642 if (p_inq_info) {
643 p_dev_rec->device_type = p_inq_info->results.device_type;
644 p_dev_rec->ble.ble_addr_type = p_inq_info->results.ble_addr_type;
645 }
646 if (memcmp(p_dev_rec->bd_addr, remote_bda, BD_ADDR_LEN) == 0 &&
647 memcmp(p_dev_rec->ble.pseudo_addr, remote_bda, BD_ADDR_LEN) == 0) {
648 *p_dev_type = p_dev_rec->device_type;
649 *p_addr_type = p_dev_rec->ble.ble_addr_type;
650 } else if (memcmp(p_dev_rec->ble.pseudo_addr, remote_bda, BD_ADDR_LEN) == 0) {
651 *p_dev_type = BT_DEVICE_TYPE_BLE;
652 *p_addr_type = p_dev_rec->ble.ble_addr_type;
653 } else { /* matching static adddress only */
654 *p_dev_type = BT_DEVICE_TYPE_BREDR;
655 *p_addr_type = BLE_ADDR_PUBLIC;
656 }
657
658 }
659
660 BTM_TRACE_DEBUG ("btm_find_dev_type - device_type = %d addr_type = %d", *p_dev_type , *p_addr_type);
661 }
662 #endif ///BLE_INCLUDED == TRUE
663
664 /*******************************************************************************
665 **
666 ** Function BTM_ReadConnectedTransportAddress
667 **
668 ** Description This function is called to read the paired device/address type of other device paired
669 ** corresponding to the BD_address
670 **
671 ** Parameter remote_bda: remote device address, carry out the transport address
672 ** transport: active transport
673 **
674 ** Return TRUE if an active link is identified; FALSE otherwise
675 **
676 *******************************************************************************/
BTM_ReadConnectedTransportAddress(BD_ADDR remote_bda,tBT_TRANSPORT transport)677 BOOLEAN BTM_ReadConnectedTransportAddress(BD_ADDR remote_bda, tBT_TRANSPORT transport)
678 {
679 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(remote_bda);
680
681 /* if no device can be located, return */
682 if (p_dev_rec == NULL) {
683 memset(remote_bda, 0, BD_ADDR_LEN);
684 return FALSE;
685 }
686
687 if (transport == BT_TRANSPORT_BR_EDR) {
688 if (btm_bda_to_acl(p_dev_rec->bd_addr, transport) != NULL) {
689 memcpy(remote_bda, p_dev_rec->bd_addr, BD_ADDR_LEN);
690 return TRUE;
691 } else if (p_dev_rec->device_type & BT_DEVICE_TYPE_BREDR) {
692 memcpy(remote_bda, p_dev_rec->bd_addr, BD_ADDR_LEN);
693 } else {
694 memset(remote_bda, 0, BD_ADDR_LEN);
695 }
696 return FALSE;
697 }
698 #if (BLE_INCLUDED == TRUE)
699 if (transport == BT_TRANSPORT_LE) {
700 memcpy(remote_bda, p_dev_rec->ble.pseudo_addr, BD_ADDR_LEN);
701 if (btm_bda_to_acl(p_dev_rec->ble.pseudo_addr, transport) != NULL) {
702 return TRUE;
703 } else {
704 return FALSE;
705 }
706 }
707 #endif ///BLE_INCLUDED == TRUE
708 return FALSE;
709 }
710
711 #if (BLE_INCLUDED == TRUE)
712 /*******************************************************************************
713 **
714 ** Function BTM_BleReceiverTest
715 **
716 ** Description This function is called to start the LE Receiver test
717 **
718 ** Parameter rx_freq - Frequency Range
719 ** p_cmd_cmpl_cback - Command Complete callback
720 **
721 *******************************************************************************/
BTM_BleReceiverTest(UINT8 rx_freq,tBTM_CMPL_CB * p_cmd_cmpl_cback)722 void BTM_BleReceiverTest(UINT8 rx_freq, tBTM_CMPL_CB *p_cmd_cmpl_cback)
723 {
724 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback;
725
726 if (btsnd_hcic_ble_receiver_test(rx_freq) == FALSE) {
727 BTM_TRACE_ERROR("%s: Unable to Trigger LE receiver test", __FUNCTION__);
728 }
729 }
730
731 /*******************************************************************************
732 **
733 ** Function BTM_BleTransmitterTest
734 **
735 ** Description This function is called to start the LE Transmitter test
736 **
737 ** Parameter tx_freq - Frequency Range
738 ** test_data_len - Length in bytes of payload data in each packet
739 ** packet_payload - Pattern to use in the payload
740 ** p_cmd_cmpl_cback - Command Complete callback
741 **
742 *******************************************************************************/
BTM_BleTransmitterTest(UINT8 tx_freq,UINT8 test_data_len,UINT8 packet_payload,tBTM_CMPL_CB * p_cmd_cmpl_cback)743 void BTM_BleTransmitterTest(UINT8 tx_freq, UINT8 test_data_len,
744 UINT8 packet_payload, tBTM_CMPL_CB *p_cmd_cmpl_cback)
745 {
746 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback;
747 if (btsnd_hcic_ble_transmitter_test(tx_freq, test_data_len, packet_payload) == FALSE) {
748 BTM_TRACE_ERROR("%s: Unable to Trigger LE transmitter test", __FUNCTION__);
749 }
750 }
751
752 /*******************************************************************************
753 **
754 ** Function BTM_BleTestEnd
755 **
756 ** Description This function is called to stop the in-progress TX or RX test
757 **
758 ** Parameter p_cmd_cmpl_cback - Command complete callback
759 **
760 *******************************************************************************/
BTM_BleTestEnd(tBTM_CMPL_CB * p_cmd_cmpl_cback)761 void BTM_BleTestEnd(tBTM_CMPL_CB *p_cmd_cmpl_cback)
762 {
763 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback;
764
765 if (btsnd_hcic_ble_test_end() == FALSE) {
766 BTM_TRACE_ERROR("%s: Unable to End the LE TX/RX test", __FUNCTION__);
767 }
768 }
769
770 /*******************************************************************************
771 ** Internal Functions
772 *******************************************************************************/
btm_ble_test_command_complete(UINT8 * p)773 void btm_ble_test_command_complete(UINT8 *p)
774 {
775 tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_le_test_cmd_cmpl_cb;
776
777 btm_cb.devcb.p_le_test_cmd_cmpl_cb = NULL;
778
779 if (p_cb) {
780 (*p_cb)(p);
781 }
782 }
783
784
785 #if (BLE_50_FEATURE_SUPPORT == TRUE)
786 /*******************************************************************************
787 **
788 ** Function BTM_BleEnhancedReceiverTest
789 **
790 ** Description This function is called to start the LE Enhanced Receiver test
791 **
792 ** Parameter rx_freq - Frequency Range
793 ** phy - The type of phy that receives data
794 ** modulation_index - modulation index
795 ** p_cmd_cmpl_cback - Command Complete callback
796 **
797 *******************************************************************************/
BTM_BleEnhancedReceiverTest(UINT8 rx_freq,UINT8 phy,UINT8 modulation_index,tBTM_CMPL_CB * p_cmd_cmpl_cback)798 void BTM_BleEnhancedReceiverTest(UINT8 rx_freq, UINT8 phy, UINT8 modulation_index, tBTM_CMPL_CB *p_cmd_cmpl_cback)
799 {
800 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback;
801
802 if (btsnd_hcic_ble_enhand_rx_test(rx_freq, phy, modulation_index) == FALSE) {
803 BTM_TRACE_ERROR("%s: Unable to Trigger LE enhanced receiver test", __FUNCTION__);
804 }
805 }
806
807 /*******************************************************************************
808 **
809 ** Function BTM_BleEnhancedTransmitterTest
810 **
811 ** Description This function is called to start the LE Enhanced Transmitter test
812 **
813 ** Parameter tx_freq - Frequency Range
814 ** test_data_len - Length in bytes of payload data in each packet
815 ** packet_payload - Pattern to use in the payload
816 ** phy - The type of phy that sends data
817 ** p_cmd_cmpl_cback - Command Complete callback
818 **
819 *******************************************************************************/
BTM_BleEnhancedTransmitterTest(UINT8 tx_freq,UINT8 test_data_len,UINT8 packet_payload,UINT8 phy,tBTM_CMPL_CB * p_cmd_cmpl_cback)820 void BTM_BleEnhancedTransmitterTest(UINT8 tx_freq, UINT8 test_data_len,
821 UINT8 packet_payload, UINT8 phy, tBTM_CMPL_CB *p_cmd_cmpl_cback)
822 {
823 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback;
824 if (btsnd_hcic_ble_enhand_tx_test(tx_freq, test_data_len, packet_payload, phy) == FALSE) {
825 BTM_TRACE_ERROR("%s: Unable to Trigger LE enhanced transmitter test", __FUNCTION__);
826 }
827 }
828 #endif // BLE_50_FEATURE_SUPPORT
829
830 /*******************************************************************************
831 **
832 ** Function BTM_UseLeLink
833 **
834 ** Description This function is to select the underneath physical link to use.
835 **
836 ** Returns TRUE to use LE, FALSE use BR/EDR.
837 **
838 *******************************************************************************/
BTM_UseLeLink(BD_ADDR bd_addr)839 BOOLEAN BTM_UseLeLink (BD_ADDR bd_addr)
840 {
841 tACL_CONN *p;
842 tBT_DEVICE_TYPE dev_type;
843 tBLE_ADDR_TYPE addr_type = 0;
844 BOOLEAN use_le = FALSE;
845
846 if ((p = btm_bda_to_acl(bd_addr, BT_TRANSPORT_BR_EDR)) != NULL) {
847 return use_le;
848 } else if ((p = btm_bda_to_acl(bd_addr, BT_TRANSPORT_LE)) != NULL) {
849 use_le = TRUE;
850 } else {
851 BTM_ReadDevInfo(bd_addr, &dev_type, &addr_type);
852 use_le = (dev_type == BT_DEVICE_TYPE_BLE);
853 }
854 return use_le;
855 }
856
857
858 /*******************************************************************************
859 **
860 ** Function BTM_SetBleDataLength
861 **
862 ** Description This function is to set maximum BLE transmission packet size
863 **
864 ** Returns BTM_SUCCESS if success; otherwise failed.
865 **
866 *******************************************************************************/
BTM_SetBleDataLength(BD_ADDR bd_addr,UINT16 tx_pdu_length)867 tBTM_STATUS BTM_SetBleDataLength(BD_ADDR bd_addr, UINT16 tx_pdu_length)
868 {
869 tACL_CONN *p_acl = btm_bda_to_acl(bd_addr, BT_TRANSPORT_LE);
870
871 BTM_TRACE_DEBUG("%s: tx_pdu_length =%d", __FUNCTION__, tx_pdu_length);
872
873 if (!controller_get_interface()->supports_ble_packet_extension()) {
874 BTM_TRACE_ERROR("%s failed, request not supported", __FUNCTION__);
875 return BTM_CONTROL_LE_DATA_LEN_UNSUPPORTED;
876 }
877
878 if (p_acl != NULL) {
879 if (!HCI_LE_DATA_LEN_EXT_SUPPORTED(p_acl->peer_le_features)) {
880 BTM_TRACE_ERROR("%s failed, peer does not support request", __FUNCTION__);
881 return BTM_PEER_LE_DATA_LEN_UNSUPPORTED;
882 }
883
884 if (tx_pdu_length > BTM_BLE_DATA_SIZE_MAX) {
885 tx_pdu_length = BTM_BLE_DATA_SIZE_MAX;
886 } else if (tx_pdu_length < BTM_BLE_DATA_SIZE_MIN) {
887 tx_pdu_length = BTM_BLE_DATA_SIZE_MIN;
888 }
889
890 /* always set the TxTime to be max, as controller does not care for now */
891 btsnd_hcic_ble_set_data_length(p_acl->hci_handle, tx_pdu_length,
892 BTM_BLE_DATA_TX_TIME_MAX);
893
894 return BTM_SUCCESS;
895 } else {
896 BTM_TRACE_ERROR("%s: Wrong mode: no LE link exist or LE not supported", __FUNCTION__);
897 return BTM_WRONG_MODE;
898 }
899 }
900
901 #if (SMP_INCLUDED == TRUE)
902 /*******************************************************************************
903 **
904 ** Function btm_ble_determine_security_act
905 **
906 ** Description This function checks the security of current LE link
907 ** and returns the appropriate action that needs to be
908 ** taken to achieve the required security.
909 **
910 ** Parameter is_originator - True if outgoing connection
911 ** bdaddr: remote device address
912 ** security_required: Security required for the service.
913 **
914 ** Returns The appropriate security action required.
915 **
916 *******************************************************************************/
btm_ble_determine_security_act(BOOLEAN is_originator,BD_ADDR bdaddr,UINT16 security_required)917 tBTM_SEC_ACTION btm_ble_determine_security_act(BOOLEAN is_originator, BD_ADDR bdaddr, UINT16 security_required)
918 {
919 tBTM_LE_AUTH_REQ auth_req = 0x00;
920
921 if (is_originator)
922 {
923 if ((security_required & BTM_SEC_OUT_FLAGS) == 0 &&
924 (security_required & BTM_SEC_OUT_MITM) == 0)
925 {
926 BTM_TRACE_DEBUG ("%s No security required for outgoing connection", __func__);
927 return BTM_SEC_OK;
928 }
929
930 if (security_required & BTM_SEC_OUT_MITM) {
931 auth_req |= BTM_LE_AUTH_REQ_MITM;
932 }
933 }
934 else
935 {
936 if ((security_required & BTM_SEC_IN_FLAGS) == 0&& (security_required & BTM_SEC_IN_MITM) == 0)
937 {
938 BTM_TRACE_DEBUG ("%s No security required for incoming connection", __func__);
939 return BTM_SEC_OK;
940 }
941
942 if (security_required & BTM_SEC_IN_MITM) {
943 auth_req |= BTM_LE_AUTH_REQ_MITM;
944 }
945 }
946
947 tBTM_BLE_SEC_REQ_ACT ble_sec_act = BTM_BLE_SEC_REQ_ACT_NONE;
948 btm_ble_link_sec_check(bdaddr, auth_req, &ble_sec_act);
949
950 BTM_TRACE_DEBUG ("%s ble_sec_act %d", __func__ , ble_sec_act);
951
952 if (ble_sec_act == BTM_BLE_SEC_REQ_ACT_DISCARD) {
953 return BTM_SEC_ENC_PENDING;
954 }
955
956 if (ble_sec_act == BTM_BLE_SEC_REQ_ACT_NONE) {
957 return BTM_SEC_OK;
958 }
959
960 UINT8 sec_flag = 0;
961 BTM_GetSecurityFlagsByTransport(bdaddr, &sec_flag, BT_TRANSPORT_LE);
962
963 BOOLEAN is_link_encrypted = FALSE;
964 BOOLEAN is_key_mitm = FALSE;
965 if (sec_flag & (BTM_SEC_FLAG_ENCRYPTED| BTM_SEC_FLAG_LKEY_KNOWN))
966 {
967 if (sec_flag & BTM_SEC_FLAG_ENCRYPTED) {
968 is_link_encrypted = TRUE;
969 }
970
971 if (sec_flag & BTM_SEC_FLAG_LKEY_AUTHED) {
972 is_key_mitm = TRUE;
973 }
974 }
975
976 if (auth_req & BTM_LE_AUTH_REQ_MITM)
977 {
978 if (!is_key_mitm)
979 {
980 return BTM_SEC_ENCRYPT_MITM;
981 } else {
982 if (is_link_encrypted) {
983 return BTM_SEC_OK;
984 } else {
985 return BTM_SEC_ENCRYPT;
986 }
987 }
988 } else {
989 if (is_link_encrypted) {
990 return BTM_SEC_OK;
991 } else {
992 return BTM_SEC_ENCRYPT_NO_MITM;
993 }
994 }
995
996 return BTM_SEC_OK;
997 }
998
999 /*******************************************************************************
1000 **
1001 ** Function btm_ble_start_sec_check
1002 **
1003 ** Description This function is to check and set the security required for
1004 ** LE link for LE COC.
1005 **
1006 ** Parameter bdaddr: remote device address.
1007 ** psm : PSM of the LE COC sevice.
1008 ** is_originator: TRUE if outgoing connection.
1009 ** p_callback : Pointer to the callback function.
1010 ** p_ref_data : Pointer to be returned along with the callback.
1011 **
1012 ** Returns TRUE if link already meets the required security; otherwise FALSE.
1013 **
1014 *******************************************************************************/
btm_ble_start_sec_check(BD_ADDR bd_addr,UINT16 psm,BOOLEAN is_originator,tBTM_SEC_CALLBACK * p_callback,void * p_ref_data)1015 BOOLEAN btm_ble_start_sec_check(BD_ADDR bd_addr, UINT16 psm, BOOLEAN is_originator,
1016 tBTM_SEC_CALLBACK *p_callback, void *p_ref_data)
1017 {
1018 /* Find the service record for the PSM */
1019 tBTM_SEC_SERV_REC *p_serv_rec = btm_sec_find_first_serv (is_originator, psm);
1020
1021 /* If there is no application registered with this PSM do not allow connection */
1022 if (!p_serv_rec)
1023 {
1024 BTM_TRACE_WARNING ("%s PSM: %d no application registerd", __func__, psm);
1025 (*p_callback) (bd_addr, BT_TRANSPORT_LE, p_ref_data, BTM_MODE_UNSUPPORTED);
1026 return FALSE;
1027 }
1028
1029 tBTM_SEC_ACTION sec_act = btm_ble_determine_security_act(is_originator,
1030 bd_addr, p_serv_rec->security_flags);
1031
1032 tBTM_BLE_SEC_ACT ble_sec_act = BTM_BLE_SEC_NONE;
1033 BOOLEAN status = FALSE;
1034
1035 switch (sec_act)
1036 {
1037 case BTM_SEC_OK:
1038 BTM_TRACE_DEBUG ("%s Security met", __func__);
1039 p_callback(bd_addr, BT_TRANSPORT_LE, p_ref_data, BTM_SUCCESS);
1040 status = TRUE;
1041 break;
1042
1043 case BTM_SEC_ENCRYPT:
1044 BTM_TRACE_DEBUG ("%s Encryption needs to be done", __func__);
1045 ble_sec_act = BTM_BLE_SEC_ENCRYPT;
1046 break;
1047
1048 case BTM_SEC_ENCRYPT_MITM:
1049 BTM_TRACE_DEBUG ("%s Pairing with MITM needs to be done", __func__);
1050 ble_sec_act = BTM_BLE_SEC_ENCRYPT_MITM;
1051 break;
1052
1053 case BTM_SEC_ENCRYPT_NO_MITM:
1054 BTM_TRACE_DEBUG ("%s Pairing with No MITM needs to be done", __func__);
1055 ble_sec_act = BTM_BLE_SEC_ENCRYPT_NO_MITM;
1056 break;
1057
1058 case BTM_SEC_ENC_PENDING:
1059 BTM_TRACE_DEBUG ("%s Ecryption pending", __func__);
1060 break;
1061 }
1062
1063 if (ble_sec_act == BTM_BLE_SEC_NONE) {
1064 return status;
1065 }
1066
1067 tL2C_LCB *p_lcb = l2cu_find_lcb_by_bd_addr(bd_addr, BT_TRANSPORT_LE);
1068 p_lcb->sec_act = sec_act;
1069 BTM_SetEncryption(bd_addr, BT_TRANSPORT_LE, p_callback, p_ref_data);
1070
1071 return FALSE;
1072 }
1073
1074
1075 /*******************************************************************************
1076 **
1077 ** Function btm_ble_rand_enc_complete
1078 **
1079 ** Description This function is the callback functions for HCI_Rand command
1080 ** and HCI_Encrypt command is completed.
1081 ** This message is received from the HCI.
1082 **
1083 ** Returns void
1084 **
1085 *******************************************************************************/
btm_ble_rand_enc_complete(UINT8 * p,UINT16 op_code,tBTM_RAND_ENC_CB * p_enc_cplt_cback)1086 void btm_ble_rand_enc_complete (UINT8 *p, UINT16 op_code, tBTM_RAND_ENC_CB *p_enc_cplt_cback)
1087 {
1088 tBTM_RAND_ENC params;
1089 UINT8 *p_dest = params.param_buf;
1090
1091 BTM_TRACE_DEBUG ("btm_ble_rand_enc_complete");
1092
1093 memset(¶ms, 0, sizeof(tBTM_RAND_ENC));
1094
1095 /* If there was a callback address for vcs complete, call it */
1096 if (p_enc_cplt_cback && p) {
1097 /* Pass paramters to the callback function */
1098 STREAM_TO_UINT8(params.status, p); /* command status */
1099
1100 if (params.status == HCI_SUCCESS) {
1101 params.opcode = op_code;
1102
1103 if (op_code == HCI_BLE_RAND) {
1104 params.param_len = BT_OCTET8_LEN;
1105 } else {
1106 params.param_len = BT_OCTET16_LEN;
1107 }
1108
1109 memcpy(p_dest, p, params.param_len); /* Fetch return info from HCI event message */
1110 }
1111 if (p_enc_cplt_cback) {
1112 (*p_enc_cplt_cback)(¶ms); /* Call the Encryption complete callback function */
1113 }
1114 }
1115 }
1116 #endif ///SMP_INCLUDED == TRUE
1117
1118
1119 /*******************************************************************************
1120 **
1121 ** Function btm_ble_get_enc_key_type
1122 **
1123 ** Description This function is to increment local sign counter
1124 ** Returns None
1125 **
1126 *******************************************************************************/
1127 #if (SMP_INCLUDED == TRUE)
btm_ble_increment_sign_ctr(BD_ADDR bd_addr,BOOLEAN is_local)1128 void btm_ble_increment_sign_ctr(BD_ADDR bd_addr, BOOLEAN is_local )
1129 {
1130 tBTM_SEC_DEV_REC *p_dev_rec;
1131
1132 BTM_TRACE_DEBUG ("btm_ble_increment_sign_ctr is_local=%d", is_local);
1133
1134 if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL) {
1135 if (is_local) {
1136 p_dev_rec->ble.keys.local_counter++;
1137 } else {
1138 p_dev_rec->ble.keys.counter++;
1139 }
1140 BTM_TRACE_DEBUG ("is_local=%d local sign counter=%d peer sign counter=%d",
1141 is_local,
1142 p_dev_rec->ble.keys.local_counter,
1143 p_dev_rec->ble.keys.counter);
1144 }
1145 }
1146 #endif ///SMP_INCLUDED == TRUE
1147 #endif ///BLE_INCLUDED == TRUE
1148
1149 /*******************************************************************************
1150 **
1151 ** Function btm_ble_get_enc_key_type
1152 **
1153 ** Description This function is to get the BLE key type that has been exchanged
1154 ** in betweem local device and peer device.
1155 **
1156 ** Returns p_key_type: output parameter to carry the key type value.
1157 **
1158 *******************************************************************************/
1159 #if (SMP_INCLUDED == TRUE)
1160 #if (BLE_INCLUDED == TRUE)
btm_ble_get_enc_key_type(BD_ADDR bd_addr,UINT8 * p_key_types)1161 BOOLEAN btm_ble_get_enc_key_type(BD_ADDR bd_addr, UINT8 *p_key_types)
1162 {
1163 tBTM_SEC_DEV_REC *p_dev_rec;
1164
1165 BTM_TRACE_DEBUG ("btm_ble_get_enc_key_type");
1166
1167 if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL) {
1168 *p_key_types = p_dev_rec->ble.key_type;
1169 return TRUE;
1170 }
1171
1172 return FALSE;
1173 }
1174
1175 /*******************************************************************************
1176 **
1177 ** Function btm_get_local_div
1178 **
1179 ** Description This function is called to read the local DIV
1180 **
1181 ** Returns TRUE - if a valid DIV is availavle
1182 *******************************************************************************/
btm_get_local_div(BD_ADDR bd_addr,UINT16 * p_div)1183 BOOLEAN btm_get_local_div (BD_ADDR bd_addr, UINT16 *p_div)
1184 {
1185 tBTM_SEC_DEV_REC *p_dev_rec;
1186 BOOLEAN status = FALSE;
1187 BTM_TRACE_DEBUG ("btm_get_local_div");
1188
1189 BTM_TRACE_DEBUG("bd_addr:%02x-%02x-%02x-%02x-%02x-%02x",
1190 bd_addr[0], bd_addr[1],
1191 bd_addr[2], bd_addr[3],
1192 bd_addr[4], bd_addr[5]);
1193
1194 *p_div = 0;
1195 p_dev_rec = btm_find_dev (bd_addr);
1196
1197 if (p_dev_rec && p_dev_rec->ble.keys.div) {
1198 status = TRUE;
1199 *p_div = p_dev_rec->ble.keys.div;
1200 }
1201 BTM_TRACE_DEBUG ("btm_get_local_div status=%d (1-OK) DIV=0x%x", status, *p_div);
1202 return status;
1203 }
1204
1205 /*******************************************************************************
1206 **
1207 ** Function btm_sec_save_le_key
1208 **
1209 ** Description This function is called by the SMP to update
1210 ** an BLE key. SMP is internal, whereas all the keys shall
1211 ** be sent to the application. The function is also called
1212 ** when application passes ble key stored in NVRAM to the btm_sec.
1213 ** pass_to_application parameter is false in this case.
1214 **
1215 ** Returns void
1216 **
1217 *******************************************************************************/
btm_sec_save_le_key(BD_ADDR bd_addr,tBTM_LE_KEY_TYPE key_type,tBTM_LE_KEY_VALUE * p_keys,BOOLEAN pass_to_application)1218 void btm_sec_save_le_key(BD_ADDR bd_addr, tBTM_LE_KEY_TYPE key_type, tBTM_LE_KEY_VALUE *p_keys,
1219 BOOLEAN pass_to_application)
1220 {
1221 tBTM_SEC_DEV_REC *p_rec;
1222 tBTM_LE_EVT_DATA cb_data;
1223 UINT8 i;
1224
1225 BTM_TRACE_DEBUG ("btm_sec_save_le_key key_type=0x%x pass_to_application=%d", key_type, pass_to_application);
1226 /* Store the updated key in the device database */
1227
1228 BTM_TRACE_DEBUG("bd_addr:%02x-%02x-%02x-%02x-%02x-%02x",
1229 bd_addr[0], bd_addr[1],
1230 bd_addr[2], bd_addr[3],
1231 bd_addr[4], bd_addr[5]);
1232
1233 if ((p_rec = btm_find_dev (bd_addr)) != NULL && (p_keys || key_type == BTM_LE_KEY_LID)) {
1234 btm_ble_init_pseudo_addr (p_rec, bd_addr);
1235
1236 switch (key_type) {
1237 case BTM_LE_KEY_PENC:
1238 memcpy(p_rec->ble.keys.pltk, p_keys->penc_key.ltk, BT_OCTET16_LEN);
1239 memcpy(p_rec->ble.keys.rand, p_keys->penc_key.rand, BT_OCTET8_LEN);
1240 p_rec->ble.keys.sec_level = p_keys->penc_key.sec_level;
1241 p_rec->ble.keys.ediv = p_keys->penc_key.ediv;
1242 p_rec->ble.keys.key_size = p_keys->penc_key.key_size;
1243 p_rec->ble.key_type |= BTM_LE_KEY_PENC;
1244 p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_KNOWN;
1245 if (p_keys->penc_key.sec_level == SMP_SEC_AUTHENTICATED) {
1246 p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_AUTHED;
1247 } else {
1248 p_rec->sec_flags &= ~BTM_SEC_LE_LINK_KEY_AUTHED;
1249 }
1250 BTM_TRACE_DEBUG("BTM_LE_KEY_PENC key_type=0x%x sec_flags=0x%x sec_leve=0x%x",
1251 p_rec->ble.key_type,
1252 p_rec->sec_flags,
1253 p_rec->ble.keys.sec_level);
1254 break;
1255
1256 case BTM_LE_KEY_PID:
1257 for (i = 0; i < BT_OCTET16_LEN; i++) {
1258 p_rec->ble.keys.irk[i] = p_keys->pid_key.irk[i];
1259 }
1260
1261 //memcpy( p_rec->ble.keys.irk, p_keys->pid_key, BT_OCTET16_LEN); todo will crash the system
1262 memcpy(p_rec->ble.static_addr, p_keys->pid_key.static_addr, BD_ADDR_LEN);
1263 p_rec->ble.static_addr_type = p_keys->pid_key.addr_type;
1264 p_rec->ble.key_type |= BTM_LE_KEY_PID;
1265 BTM_TRACE_DEBUG("BTM_LE_KEY_PID key_type=0x%x save peer IRK", p_rec->ble.key_type);
1266 /* update device record address as static address */
1267 memcpy(p_rec->bd_addr, p_keys->pid_key.static_addr, BD_ADDR_LEN);
1268 /* combine DUMO device security record if needed */
1269 btm_consolidate_dev(p_rec);
1270 break;
1271
1272 case BTM_LE_KEY_PCSRK:
1273 memcpy(p_rec->ble.keys.pcsrk, p_keys->pcsrk_key.csrk, BT_OCTET16_LEN);
1274 p_rec->ble.keys.srk_sec_level = p_keys->pcsrk_key.sec_level;
1275 p_rec->ble.keys.counter = p_keys->pcsrk_key.counter;
1276 p_rec->ble.key_type |= BTM_LE_KEY_PCSRK;
1277 p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_KNOWN;
1278 if ( p_keys->pcsrk_key.sec_level == SMP_SEC_AUTHENTICATED) {
1279 p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_AUTHED;
1280 } else {
1281 p_rec->sec_flags &= ~BTM_SEC_LE_LINK_KEY_AUTHED;
1282 }
1283
1284 BTM_TRACE_DEBUG("BTM_LE_KEY_PCSRK key_type=0x%x sec_flags=0x%x sec_level=0x%x peer_counter=%d",
1285 p_rec->ble.key_type,
1286 p_rec->sec_flags,
1287 p_rec->ble.keys.srk_sec_level,
1288 p_rec->ble.keys.counter );
1289 break;
1290
1291 case BTM_LE_KEY_LENC:
1292 memcpy(p_rec->ble.keys.lltk, p_keys->lenc_key.ltk, BT_OCTET16_LEN);
1293 p_rec->ble.keys.div = p_keys->lenc_key.div; /* update DIV */
1294 p_rec->ble.keys.sec_level = p_keys->lenc_key.sec_level;
1295 p_rec->ble.keys.key_size = p_keys->lenc_key.key_size;
1296 p_rec->ble.key_type |= BTM_LE_KEY_LENC;
1297
1298 /* Set that link key is known since this shares field with BTM_SEC_FLAG_LKEY_KNOWN flag in stack/btm_api.h*/
1299 p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_KNOWN;
1300 if ( p_keys->lenc_key.sec_level == SMP_SEC_AUTHENTICATED) {
1301 p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_AUTHED;
1302 } else {
1303 p_rec->sec_flags &= ~BTM_SEC_LE_LINK_KEY_AUTHED;
1304 }
1305
1306 BTM_TRACE_DEBUG("BTM_LE_KEY_LENC key_type=0x%x DIV=0x%x key_size=0x%x sec_level=0x%x",
1307 p_rec->ble.key_type,
1308 p_rec->ble.keys.div,
1309 p_rec->ble.keys.key_size,
1310 p_rec->ble.keys.sec_level );
1311 break;
1312
1313 case BTM_LE_KEY_LCSRK:/* local CSRK has been delivered */
1314 memcpy (p_rec->ble.keys.lcsrk, p_keys->lcsrk_key.csrk, BT_OCTET16_LEN);
1315 p_rec->ble.keys.div = p_keys->lcsrk_key.div; /* update DIV */
1316 p_rec->ble.keys.local_csrk_sec_level = p_keys->lcsrk_key.sec_level;
1317 p_rec->ble.keys.local_counter = p_keys->lcsrk_key.counter;
1318 p_rec->ble.key_type |= BTM_LE_KEY_LCSRK;
1319 BTM_TRACE_DEBUG("BTM_LE_KEY_LCSRK key_type=0x%x DIV=0x%x scrk_sec_level=0x%x local_counter=%d",
1320 p_rec->ble.key_type,
1321 p_rec->ble.keys.div,
1322 p_rec->ble.keys.local_csrk_sec_level,
1323 p_rec->ble.keys.local_counter );
1324 break;
1325
1326 case BTM_LE_KEY_LID:
1327 p_rec->ble.key_type |= BTM_LE_KEY_LID;
1328 break;
1329 default:
1330 BTM_TRACE_WARNING("btm_sec_save_le_key (Bad key_type 0x%02x)", key_type);
1331 return;
1332 }
1333
1334 BTM_TRACE_DEBUG ("BLE key type 0x%02x updated for BDA: %08x%04x (btm_sec_save_le_key)", key_type,
1335 (bd_addr[0] << 24) + (bd_addr[1] << 16) + (bd_addr[2] << 8) + bd_addr[3],
1336 (bd_addr[4] << 8) + bd_addr[5]);
1337
1338 /* Notify the application that one of the BLE keys has been updated
1339 If link key is in progress, it will get sent later.*/
1340 if (pass_to_application && btm_cb.api.p_le_callback) {
1341 cb_data.key.p_key_value = p_keys;
1342 cb_data.key.key_type = key_type;
1343
1344 (*btm_cb.api.p_le_callback) (BTM_LE_KEY_EVT, bd_addr, &cb_data);
1345 }
1346 return;
1347 }
1348
1349 BTM_TRACE_WARNING ("BLE key type 0x%02x called for Unknown BDA or type: %08x%04x !! (btm_sec_save_le_key)", key_type,
1350 (bd_addr[0] << 24) + (bd_addr[1] << 16) + (bd_addr[2] << 8) + bd_addr[3],
1351 (bd_addr[4] << 8) + bd_addr[5]);
1352
1353 if (p_rec) {
1354 BTM_TRACE_DEBUG ("sec_flags=0x%x", p_rec->sec_flags);
1355 }
1356 }
1357
1358 /*******************************************************************************
1359 **
1360 ** Function btm_ble_update_sec_key_size
1361 **
1362 ** Description update the current lin kencryption key size
1363 **
1364 ** Returns void
1365 **
1366 *******************************************************************************/
btm_ble_update_sec_key_size(BD_ADDR bd_addr,UINT8 enc_key_size)1367 void btm_ble_update_sec_key_size(BD_ADDR bd_addr, UINT8 enc_key_size)
1368 {
1369 tBTM_SEC_DEV_REC *p_rec;
1370
1371 BTM_TRACE_DEBUG("btm_ble_update_sec_key_size enc_key_size = %d", enc_key_size);
1372
1373 if ((p_rec = btm_find_dev (bd_addr)) != NULL ) {
1374 p_rec->enc_key_size = enc_key_size;
1375 }
1376 }
1377
1378
1379 /*******************************************************************************
1380 **
1381 ** Function btm_ble_read_sec_key_size
1382 **
1383 ** Description update the current lin kencryption key size
1384 **
1385 ** Returns void
1386 **
1387 *******************************************************************************/
btm_ble_read_sec_key_size(BD_ADDR bd_addr)1388 UINT8 btm_ble_read_sec_key_size(BD_ADDR bd_addr)
1389 {
1390 tBTM_SEC_DEV_REC *p_rec;
1391
1392 if ((p_rec = btm_find_dev (bd_addr)) != NULL ) {
1393 return p_rec->enc_key_size;
1394 } else {
1395 return 0;
1396 }
1397 return 0;
1398 }
1399
1400 /*******************************************************************************
1401 **
1402 ** Function btm_ble_link_sec_check
1403 **
1404 ** Description Check BLE link security level match.
1405 **
1406 ** Returns TRUE: check is OK and the *p_sec_req_act contain the action
1407 **
1408 *******************************************************************************/
btm_ble_link_sec_check(BD_ADDR bd_addr,tBTM_LE_AUTH_REQ auth_req,tBTM_BLE_SEC_REQ_ACT * p_sec_req_act)1409 void btm_ble_link_sec_check(BD_ADDR bd_addr, tBTM_LE_AUTH_REQ auth_req, tBTM_BLE_SEC_REQ_ACT *p_sec_req_act)
1410 {
1411 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
1412 UINT8 req_sec_level = BTM_LE_SEC_NONE, cur_sec_level = BTM_LE_SEC_NONE;
1413
1414 BTM_TRACE_DEBUG ("btm_ble_link_sec_check auth_req =0x%x", auth_req);
1415
1416 if (p_dev_rec == NULL) {
1417 BTM_TRACE_ERROR ("btm_ble_link_sec_check received for unknown device");
1418 return;
1419 }
1420
1421 if (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING ||
1422 p_dev_rec->sec_state == BTM_SEC_STATE_AUTHENTICATING) {
1423 /* race condition: discard the security request while master is encrypting the link */
1424 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_DISCARD;
1425 } else {
1426 req_sec_level = BTM_LE_SEC_UNAUTHENTICATE;
1427 if (auth_req & BTM_LE_AUTH_REQ_MITM) {
1428 req_sec_level = BTM_LE_SEC_AUTHENTICATED;
1429 }
1430
1431 BTM_TRACE_DEBUG ("dev_rec sec_flags=0x%x", p_dev_rec->sec_flags);
1432
1433 /* currently encrpted */
1434 if (p_dev_rec->sec_flags & BTM_SEC_LE_ENCRYPTED) {
1435 if (p_dev_rec->sec_flags & BTM_SEC_LE_AUTHENTICATED) {
1436 cur_sec_level = BTM_LE_SEC_AUTHENTICATED;
1437 } else {
1438 cur_sec_level = BTM_LE_SEC_UNAUTHENTICATE;
1439 }
1440 } else { /* unencrypted link */
1441 /* if bonded, get the key security level */
1442 if (p_dev_rec->ble.key_type & BTM_LE_KEY_PENC) {
1443 cur_sec_level = p_dev_rec->ble.keys.sec_level;
1444 } else {
1445 cur_sec_level = BTM_LE_SEC_NONE;
1446 }
1447 }
1448
1449 if (cur_sec_level >= req_sec_level) {
1450 /* To avoid re-encryption on an encrypted link for an equal condition encryption */
1451 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_ENCRYPT;
1452 } else {
1453 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_PAIR; /* start the pariring process to upgrade the keys*/
1454 }
1455 }
1456
1457 BTM_TRACE_DEBUG("cur_sec_level=%d req_sec_level=%d sec_req_act=%d",
1458 cur_sec_level,
1459 req_sec_level,
1460 *p_sec_req_act);
1461
1462
1463 }
1464 #endif ///BLE_INCLUDED == TRUE
1465 #endif ///SMP_INCLUDED == TRUE
1466
1467 #if (BLE_INCLUDED == TRUE)
1468 /*******************************************************************************
1469 **
1470 ** Function btm_ble_set_encryption
1471 **
1472 ** Description This function is called to ensure that LE connection is
1473 ** encrypted. Should be called only on an open connection.
1474 ** Typically only needed for connections that first want to
1475 ** bring up unencrypted links, then later encrypt them.
1476 **
1477 ** Returns void
1478 ** the local device ER is copied into er
1479 **
1480 *******************************************************************************/
btm_ble_set_encryption(BD_ADDR bd_addr,void * p_ref_data,UINT8 link_role)1481 tBTM_STATUS btm_ble_set_encryption (BD_ADDR bd_addr, void *p_ref_data, UINT8 link_role)
1482 {
1483 tBTM_STATUS cmd = BTM_NO_RESOURCES;
1484 #if (SMP_INCLUDED == TRUE)
1485 tBTM_BLE_SEC_ACT sec_act = *(tBTM_BLE_SEC_ACT *)p_ref_data ;
1486 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr);
1487 tBTM_BLE_SEC_REQ_ACT sec_req_act;
1488 tBTM_LE_AUTH_REQ auth_req;
1489
1490 if (p_rec == NULL) {
1491 BTM_TRACE_WARNING ("btm_ble_set_encryption (NULL device record!! sec_act=0x%x", sec_act);
1492 return (BTM_WRONG_MODE);
1493 }
1494
1495 BTM_TRACE_DEBUG ("btm_ble_set_encryption sec_act=0x%x role_master=%d", sec_act, p_rec->role_master);
1496
1497 if (sec_act == BTM_BLE_SEC_ENCRYPT_MITM) {
1498 p_rec->security_required |= BTM_SEC_IN_MITM;
1499 }
1500
1501 switch (sec_act) {
1502 case BTM_BLE_SEC_ENCRYPT:
1503 if (link_role == BTM_ROLE_MASTER && (p_rec->ble.key_type & BTM_LE_KEY_PENC)) {
1504 /* start link layer encryption using the security info stored */
1505 cmd = btm_ble_start_encrypt(bd_addr, FALSE, NULL);
1506 break;
1507 }
1508 /* if salve role then fall through to call SMP_Pair below which will send a
1509 sec_request to request the master to encrypt the link */
1510 case BTM_BLE_SEC_ENCRYPT_NO_MITM:
1511 case BTM_BLE_SEC_ENCRYPT_MITM:
1512 if ((link_role == BTM_ROLE_MASTER) && (sec_act != BTM_BLE_SEC_ENCRYPT)) {
1513 auth_req = (sec_act == BTM_BLE_SEC_ENCRYPT_NO_MITM)
1514 ? SMP_AUTH_GEN_BOND : (SMP_AUTH_GEN_BOND | SMP_AUTH_YN_BIT);
1515 btm_ble_link_sec_check (bd_addr, auth_req, &sec_req_act);
1516
1517 if (sec_req_act == BTM_BLE_SEC_REQ_ACT_ENCRYPT) {
1518 cmd = btm_ble_start_encrypt(bd_addr, FALSE, NULL);
1519 break;
1520 }
1521 }
1522 #if (SMP_SLAVE_CON_PARAMS_UPD_ENABLE == TRUE)
1523 // already have encrypted information, do not need to update connection parameters
1524 if(link_role == BTM_ROLE_SLAVE && (p_rec->ble.key_type & BTM_LE_KEY_PENC)) {
1525 p_rec->ble.skip_update_conn_param = true;
1526 } else {
1527 p_rec->ble.skip_update_conn_param = false;
1528 }
1529 #endif
1530 if (SMP_Pair(bd_addr) == SMP_STARTED) {
1531 cmd = BTM_CMD_STARTED;
1532 p_rec->sec_state = BTM_SEC_STATE_AUTHENTICATING;
1533 }
1534 break;
1535
1536 default:
1537 cmd = BTM_WRONG_MODE;
1538 break;
1539 }
1540 #endif ///SMP_INCLUDED == TRUE
1541 return cmd;
1542 }
1543
1544 /*******************************************************************************
1545 **
1546 ** Function btm_ble_ltk_request
1547 **
1548 ** Description This function is called when encryption request is received
1549 ** on a slave device.
1550 **
1551 **
1552 ** Returns void
1553 **
1554 *******************************************************************************/
1555 #if (SMP_INCLUDED == TRUE)
btm_ble_ltk_request(UINT16 handle,UINT8 rand[8],UINT16 ediv)1556 void btm_ble_ltk_request(UINT16 handle, UINT8 rand[8], UINT16 ediv)
1557 {
1558 tBTM_CB *p_cb = &btm_cb;
1559 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev_by_handle (handle);
1560 BT_OCTET8 dummy_stk = {0};
1561
1562 BTM_TRACE_DEBUG ("btm_ble_ltk_request");
1563
1564 p_cb->ediv = ediv;
1565
1566 memcpy(p_cb->enc_rand, rand, BT_OCTET8_LEN);
1567
1568 if (p_dev_rec != NULL) {
1569 if (!smp_proc_ltk_request(p_dev_rec->bd_addr)) {
1570 btm_ble_ltk_request_reply(p_dev_rec->bd_addr, FALSE, dummy_stk);
1571 }
1572 }
1573
1574 }
1575 #endif ///SMP_INCLUDED == TRUE
1576
1577
1578 /*******************************************************************************
1579 **
1580 ** Function btm_ble_start_encrypt
1581 **
1582 ** Description This function is called to start LE encryption.
1583 **
1584 **
1585 ** Returns BTM_SUCCESS if encryption was started successfully
1586 **
1587 *******************************************************************************/
btm_ble_start_encrypt(BD_ADDR bda,BOOLEAN use_stk,BT_OCTET16 stk)1588 tBTM_STATUS btm_ble_start_encrypt(BD_ADDR bda, BOOLEAN use_stk, BT_OCTET16 stk)
1589 {
1590 #if (SMP_INCLUDED == TRUE)
1591 tBTM_CB *p_cb = &btm_cb;
1592 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bda);
1593 BT_OCTET8 dummy_rand = {0};
1594 #endif ///SMP_INCLUDED == TRUE
1595
1596 tBTM_STATUS rt = BTM_NO_RESOURCES;
1597 #if (SMP_INCLUDED == TRUE)
1598 BTM_TRACE_DEBUG ("btm_ble_start_encrypt");
1599
1600 if (!p_rec ) {
1601 BTM_TRACE_ERROR("Link is not active, can not encrypt!");
1602 return BTM_WRONG_MODE;
1603 }
1604
1605 if (p_rec->sec_state == BTM_SEC_STATE_ENCRYPTING) {
1606 BTM_TRACE_WARNING("Link Encryption is active, Busy!");
1607 return BTM_BUSY;
1608 }
1609
1610 p_cb->enc_handle = p_rec->ble_hci_handle;
1611
1612 if (use_stk) {
1613 if (btsnd_hcic_ble_start_enc(p_rec->ble_hci_handle, dummy_rand, 0, stk)) {
1614 rt = BTM_CMD_STARTED;
1615 }
1616 } else if (p_rec->ble.key_type & BTM_LE_KEY_PENC) {
1617 if (btsnd_hcic_ble_start_enc(p_rec->ble_hci_handle, p_rec->ble.keys.rand,
1618 p_rec->ble.keys.ediv, p_rec->ble.keys.pltk)) {
1619 rt = BTM_CMD_STARTED;
1620 }
1621 } else {
1622 BTM_TRACE_ERROR("No key available to encrypt the link");
1623 }
1624 if (rt == BTM_CMD_STARTED) {
1625 if (p_rec->sec_state == BTM_SEC_STATE_IDLE) {
1626 p_rec->sec_state = BTM_SEC_STATE_ENCRYPTING;
1627 }
1628 }
1629 #endif ///SMP_INCLUDED == TRUE
1630 return rt;
1631 }
1632
1633 /*******************************************************************************
1634 **
1635 ** Function btm_ble_link_encrypted
1636 **
1637 ** Description This function is called when LE link encrption status is changed.
1638 **
1639 ** Returns void
1640 **
1641 *******************************************************************************/
1642 #if (SMP_INCLUDED == TRUE)
btm_ble_link_encrypted(BD_ADDR bd_addr,UINT8 encr_enable)1643 void btm_ble_link_encrypted(BD_ADDR bd_addr, UINT8 encr_enable)
1644 {
1645 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
1646 BOOLEAN enc_cback;
1647
1648 if (!p_dev_rec) {
1649 BTM_TRACE_WARNING ("btm_ble_link_encrypted (No Device Found!) encr_enable=%d", encr_enable);
1650 return;
1651 }
1652
1653 BTM_TRACE_DEBUG ("btm_ble_link_encrypted encr_enable=%d", encr_enable);
1654
1655 enc_cback = (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING);
1656
1657 smp_link_encrypted(bd_addr, encr_enable);
1658
1659 BTM_TRACE_DEBUG(" p_dev_rec->sec_flags=0x%x", p_dev_rec->sec_flags);
1660
1661 if (encr_enable && p_dev_rec->enc_key_size == 0) {
1662 p_dev_rec->enc_key_size = p_dev_rec->ble.keys.key_size;
1663 }
1664
1665 p_dev_rec->sec_state = BTM_SEC_STATE_IDLE;
1666 if (p_dev_rec->p_callback && enc_cback) {
1667 if (encr_enable) {
1668 btm_sec_dev_rec_cback_event(p_dev_rec, BTM_SUCCESS, TRUE);
1669 } else if (p_dev_rec->role_master) {
1670 btm_sec_dev_rec_cback_event(p_dev_rec, BTM_ERR_PROCESSING, TRUE);
1671 }
1672
1673 }
1674 /* to notify GATT to send data if any request is pending */
1675 gatt_notify_enc_cmpl(p_dev_rec->ble.pseudo_addr);
1676 }
1677 #endif ///SMP_INCLUDED == TRUE
1678
1679
1680 /*******************************************************************************
1681 **
1682 ** Function btm_ble_ltk_request_reply
1683 **
1684 ** Description This function is called to send a LTK request reply on a slave
1685 ** device.
1686 **
1687 ** Returns void
1688 **
1689 *******************************************************************************/
1690 #if (SMP_INCLUDED == TRUE)
btm_ble_ltk_request_reply(BD_ADDR bda,BOOLEAN use_stk,BT_OCTET16 stk)1691 void btm_ble_ltk_request_reply(BD_ADDR bda, BOOLEAN use_stk, BT_OCTET16 stk)
1692 {
1693 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bda);
1694 tBTM_CB *p_cb = &btm_cb;
1695
1696 if (p_rec == NULL) {
1697 BTM_TRACE_ERROR("btm_ble_ltk_request_reply received for unknown device");
1698 return;
1699 }
1700
1701 BTM_TRACE_DEBUG ("btm_ble_ltk_request_reply");
1702 p_cb->enc_handle = p_rec->ble_hci_handle;
1703 p_cb->key_size = p_rec->ble.keys.key_size;
1704
1705 BTM_TRACE_DEBUG("key size = %d", p_rec->ble.keys.key_size);
1706 if (use_stk) {
1707 btsnd_hcic_ble_ltk_req_reply(btm_cb.enc_handle, stk);
1708 } else { /* calculate LTK using peer device */
1709 if (p_rec->ble.key_type & BTM_LE_KEY_LENC) {
1710 btsnd_hcic_ble_ltk_req_reply(btm_cb.enc_handle, p_rec->ble.keys.lltk);
1711 } else {
1712 btsnd_hcic_ble_ltk_req_neg_reply(btm_cb.enc_handle);
1713 }
1714 }
1715 }
1716
1717 /*******************************************************************************
1718 **
1719 ** Function btm_ble_io_capabilities_req
1720 **
1721 ** Description This function is called to handle SMP get IO capability request.
1722 **
1723 ** Returns void
1724 **
1725 *******************************************************************************/
btm_ble_io_capabilities_req(tBTM_SEC_DEV_REC * p_dev_rec,tBTM_LE_IO_REQ * p_data)1726 UINT8 btm_ble_io_capabilities_req(tBTM_SEC_DEV_REC *p_dev_rec, tBTM_LE_IO_REQ *p_data)
1727 {
1728 UINT8 callback_rc = BTM_SUCCESS;
1729 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req");
1730 if (btm_cb.api.p_le_callback) {
1731 /* the callback function implementation may change the IO capability... */
1732 callback_rc = (*btm_cb.api.p_le_callback) (BTM_LE_IO_REQ_EVT, p_dev_rec->bd_addr, (tBTM_LE_EVT_DATA *)p_data);
1733 }
1734 #if BTM_OOB_INCLUDED == TRUE
1735 if ((callback_rc == BTM_SUCCESS) || (BTM_OOB_UNKNOWN != p_data->oob_data))
1736 #else
1737 if (callback_rc == BTM_SUCCESS)
1738 #endif
1739 {
1740 #if BTM_BLE_CONFORMANCE_TESTING == TRUE
1741 if (btm_cb.devcb.keep_rfu_in_auth_req) {
1742 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req keep_rfu_in_auth_req = %u",
1743 btm_cb.devcb.keep_rfu_in_auth_req);
1744 p_data->auth_req &= BTM_LE_AUTH_REQ_MASK_KEEP_RFU;
1745 btm_cb.devcb.keep_rfu_in_auth_req = FALSE;
1746 } else {
1747 /* default */
1748 p_data->auth_req &= BTM_LE_AUTH_REQ_MASK;
1749 }
1750 #else
1751 p_data->auth_req &= BTM_LE_AUTH_REQ_MASK;
1752 #endif
1753
1754 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 1: p_dev_rec->security_required = %d auth_req:%d",
1755 p_dev_rec->security_required, p_data->auth_req);
1756 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 2: i_keys=0x%x r_keys=0x%x (bit 0-LTK 1-IRK 2-CSRK)",
1757 p_data->init_keys,
1758 p_data->resp_keys);
1759
1760 /* if authentication requires MITM protection, put on the mask */
1761 if (p_dev_rec->security_required & BTM_SEC_IN_MITM) {
1762 p_data->auth_req |= BTM_LE_AUTH_REQ_MITM;
1763 }
1764
1765 if (!(p_data->auth_req & SMP_AUTH_BOND)) {
1766 BTM_TRACE_DEBUG("Non bonding: No keys should be exchanged");
1767 p_data->init_keys = 0;
1768 p_data->resp_keys = 0;
1769 }
1770
1771 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 3: auth_req:%d\n", p_data->auth_req);
1772 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 4: i_keys=0x%x r_keys=0x%x\n",
1773 p_data->init_keys,
1774 p_data->resp_keys);
1775
1776 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 5: p_data->io_cap = %d auth_req:%d\n",
1777 p_data->io_cap, p_data->auth_req);
1778
1779 /* remove MITM protection requirement if IO cap does not allow it */
1780 if ((p_data->io_cap == BTM_IO_CAP_NONE) && p_data->oob_data == SMP_OOB_NONE) {
1781 p_data->auth_req &= ~BTM_LE_AUTH_REQ_MITM;
1782 }
1783
1784 if (!(p_data->auth_req & SMP_SC_SUPPORT_BIT)) {
1785 /* if Secure Connections are not supported then remove LK derivation,
1786 ** and keypress notifications.
1787 */
1788 BTM_TRACE_DEBUG("%s-SC not supported -> No LK derivation, no keypress notifications",
1789 __func__);
1790 p_data->auth_req &= ~SMP_KP_SUPPORT_BIT;
1791 p_data->init_keys &= ~SMP_SEC_KEY_TYPE_LK;
1792 p_data->resp_keys &= ~SMP_SEC_KEY_TYPE_LK;
1793 }
1794
1795 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 6: IO_CAP:%d oob_data:%d auth_req:0x%02x\n",
1796 p_data->io_cap, p_data->oob_data, p_data->auth_req);
1797 }
1798 return callback_rc;
1799 }
1800 #endif ///SMP_INCLUDED == TRUE
1801
1802
1803 /*******************************************************************************
1804 **
1805 ** Function btm_ble_br_keys_req
1806 **
1807 ** Description This function is called to handle SMP request for keys sent
1808 ** over BR/EDR.
1809 **
1810 ** Returns void
1811 **
1812 *******************************************************************************/
1813 #if (SMP_INCLUDED == TRUE)
btm_ble_br_keys_req(tBTM_SEC_DEV_REC * p_dev_rec,tBTM_LE_IO_REQ * p_data)1814 UINT8 btm_ble_br_keys_req(tBTM_SEC_DEV_REC *p_dev_rec, tBTM_LE_IO_REQ *p_data)
1815 {
1816 UINT8 callback_rc = BTM_SUCCESS;
1817 BTM_TRACE_DEBUG ("%s\n", __func__);
1818 if (btm_cb.api.p_le_callback) {
1819 /* the callback function implementation may change the IO capability... */
1820 callback_rc = (*btm_cb.api.p_le_callback) (BTM_LE_IO_REQ_EVT, p_dev_rec->bd_addr,
1821 (tBTM_LE_EVT_DATA *)p_data);
1822 }
1823 return callback_rc;
1824 }
1825 #endif ///SMP_INCLUDED
1826
1827
1828 #if (BLE_PRIVACY_SPT == TRUE )
1829 /*******************************************************************************
1830 **
1831 ** Function btm_ble_resolve_random_addr_on_conn_cmpl
1832 **
1833 ** Description resolve random address complete on connection complete event.
1834 **
1835 ** Returns void
1836 **
1837 *******************************************************************************/
btm_ble_resolve_random_addr_on_conn_cmpl(void * p_rec,void * p_data)1838 static void btm_ble_resolve_random_addr_on_conn_cmpl(void *p_rec, void *p_data)
1839 {
1840 UINT8 *p = (UINT8 *)p_data;
1841 tBTM_SEC_DEV_REC *match_rec = (tBTM_SEC_DEV_REC *) p_rec;
1842 UINT8 role, bda_type;
1843 UINT16 handle;
1844 BD_ADDR bda, local_rpa, peer_rpa;
1845 UINT16 conn_interval, conn_latency, conn_timeout;
1846 BOOLEAN match = FALSE;
1847
1848 ++p;
1849 STREAM_TO_UINT16 (handle, p);
1850 STREAM_TO_UINT8 (role, p);
1851 STREAM_TO_UINT8 (bda_type, p);
1852 STREAM_TO_BDADDR (bda, p);
1853 // if the enhanced is true, means the connection is enhanced connect,
1854 // so the packet should include the local Resolvable Private Address and Peer Resolvable Private Address
1855 if(temp_enhanced) {
1856 STREAM_TO_BDADDR(local_rpa, p);
1857 STREAM_TO_BDADDR(peer_rpa, p);
1858 }
1859 STREAM_TO_UINT16 (conn_interval, p);
1860 STREAM_TO_UINT16 (conn_latency, p);
1861 STREAM_TO_UINT16 (conn_timeout, p);
1862
1863 handle = HCID_GET_HANDLE (handle);
1864 BTM_TRACE_EVENT ("%s\n", __func__);
1865
1866 if (match_rec) {
1867 BTM_TRACE_DEBUG("%s matched and resolved random address", __func__);
1868 match = TRUE;
1869 match_rec->ble.active_addr_type = BTM_BLE_ADDR_RRA;
1870 memcpy(match_rec->ble.cur_rand_addr, bda, BD_ADDR_LEN);
1871 if (!btm_ble_init_pseudo_addr (match_rec, bda)) {
1872 /* assign the original address to be the current report address */
1873 memcpy(bda, match_rec->ble.pseudo_addr, BD_ADDR_LEN);
1874 } else {
1875 memcpy(bda, match_rec->bd_addr, BD_ADDR_LEN);
1876 }
1877 } else {
1878 BTM_TRACE_DEBUG("%s unable to match and resolve random address", __func__);
1879 }
1880
1881 btm_ble_connected(bda, handle, HCI_ENCRYPT_MODE_DISABLED, role, bda_type, match);
1882
1883 l2cble_conn_comp (handle, role, bda, bda_type, conn_interval,
1884 conn_latency, conn_timeout);
1885
1886 return;
1887 }
1888 #endif
1889
1890 /*******************************************************************************
1891 **
1892 ** Function btm_ble_connected
1893 **
1894 ** Description This function is when a LE connection to the peer device is
1895 ** establsihed
1896 **
1897 ** Returns void
1898 **
1899 *******************************************************************************/
btm_ble_connected(UINT8 * bda,UINT16 handle,UINT8 enc_mode,UINT8 role,tBLE_ADDR_TYPE addr_type,BOOLEAN addr_matched)1900 void btm_ble_connected (UINT8 *bda, UINT16 handle, UINT8 enc_mode, UINT8 role,
1901 tBLE_ADDR_TYPE addr_type, BOOLEAN addr_matched)
1902 {
1903 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bda);
1904 tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb;
1905 UNUSED(addr_matched);
1906
1907 BTM_TRACE_EVENT ("btm_ble_connected");
1908
1909 /* Commenting out trace due to obf/compilation problems.
1910 */
1911 #if (BT_USE_TRACES == TRUE)
1912 if (p_dev_rec) {
1913 BTM_TRACE_EVENT ("Security Manager: btm_ble_connected : handle:%d enc_mode:%d bda:%x RName:%s",
1914 handle, enc_mode,
1915 (bda[2] << 24) + (bda[3] << 16) + (bda[4] << 8) + bda[5],
1916 p_dev_rec->sec_bd_name);
1917
1918 BTM_TRACE_DEBUG ("btm_ble_connected sec_flags=0x%x", p_dev_rec->sec_flags);
1919 } else {
1920 BTM_TRACE_EVENT ("Security Manager: btm_ble_connected: handle:%d enc_mode:%d bda:%x ",
1921 handle, enc_mode,
1922 (bda[2] << 24) + (bda[3] << 16) + (bda[4] << 8) + bda[5]);
1923 }
1924 #endif
1925
1926 if (!p_dev_rec) {
1927 /* There is no device record for new connection. Allocate one */
1928 if ((p_dev_rec = btm_sec_alloc_dev (bda)) == NULL) {
1929 return;
1930 }
1931 } else { /* Update the timestamp for this device */
1932 p_dev_rec->timestamp = btm_cb.dev_rec_count++;
1933 }
1934
1935 /* update device information */
1936 p_dev_rec->device_type |= BT_DEVICE_TYPE_BLE;
1937 p_dev_rec->ble_hci_handle = handle;
1938 p_dev_rec->ble.ble_addr_type = addr_type;
1939 /* update pseudo address */
1940 memcpy(p_dev_rec->ble.pseudo_addr, bda, BD_ADDR_LEN);
1941
1942 p_dev_rec->role_master = FALSE;
1943 if (role == HCI_ROLE_MASTER) {
1944 p_dev_rec->role_master = TRUE;
1945 }
1946
1947 #if (defined BLE_PRIVACY_SPT && BLE_PRIVACY_SPT == TRUE)
1948 if (!addr_matched) {
1949 p_dev_rec->ble.active_addr_type = BTM_BLE_ADDR_PSEUDO;
1950 }
1951
1952 if (p_dev_rec->ble.ble_addr_type == BLE_ADDR_RANDOM && !addr_matched) {
1953 memcpy(p_dev_rec->ble.cur_rand_addr, bda, BD_ADDR_LEN);
1954 }
1955 #endif
1956
1957 p_cb->inq_var.directed_conn = BTM_BLE_CONNECT_EVT;
1958
1959 return;
1960 }
1961
1962 /*****************************************************************************
1963 ** Function btm_ble_conn_complete
1964 **
1965 ** Description LE connection complete.
1966 **
1967 ******************************************************************************/
btm_ble_conn_complete(UINT8 * p,UINT16 evt_len,BOOLEAN enhanced)1968 void btm_ble_conn_complete(UINT8 *p, UINT16 evt_len, BOOLEAN enhanced)
1969 {
1970 #if (BLE_PRIVACY_SPT == TRUE )
1971 UINT8 *p_data = p, peer_addr_type;
1972 #endif ///BLE_PRIVACY_SPT == TRUE
1973 UINT8 role, status, bda_type;
1974 UINT16 handle;
1975 BD_ADDR bda;
1976 BD_ADDR local_rpa, peer_rpa;
1977 UINT16 conn_interval, conn_latency, conn_timeout;
1978 BOOLEAN match = FALSE;
1979 UNUSED(evt_len);
1980 STREAM_TO_UINT8 (status, p);
1981 STREAM_TO_UINT16 (handle, p);
1982 STREAM_TO_UINT8 (role, p);
1983 STREAM_TO_UINT8 (bda_type, p);
1984 STREAM_TO_BDADDR (bda, p);
1985 BTM_TRACE_DEBUG("status = %d, handle = %d, role = %d, bda_type = %d",status,handle,role,bda_type);
1986 if (status == 0) {
1987 if (enhanced) {
1988 STREAM_TO_BDADDR (local_rpa, p);
1989 STREAM_TO_BDADDR (peer_rpa, p);
1990 }
1991 #if (BLE_PRIVACY_SPT == TRUE )
1992 peer_addr_type = bda_type;
1993 match = btm_identity_addr_to_random_pseudo (bda, &bda_type, TRUE);
1994
1995 /* possiblly receive connection complete with resolvable random on
1996 slave role while the device has been paired */
1997
1998 /* It will cause that scanner doesn't send scan request to advertiser
1999 * which has sent IRK to us and we have stored the IRK in controller.
2000 * It is a hardware limitation. The preliminary solution is not to
2001 * send key to the controller, but to resolve the random address in host.
2002 * so we need send the real address information to controller to connect.
2003 * Once the connection is successful, resolve device address whether it is
2004 * slave or master*/
2005
2006 #if CONTROLLER_RPA_LIST_ENABLE
2007 if (!match && role == HCI_ROLE_SLAVE && bda_type != BLE_ADDR_PUBLIC && BTM_BLE_IS_RESOLVE_BDA(bda)) {
2008 #else
2009 if (!match && bda_type != BLE_ADDR_PUBLIC && BTM_BLE_IS_RESOLVE_BDA(bda)) {
2010 #endif
2011 // save the enhanced value to used in btm_ble_resolve_random_addr_on_conn_cmpl func.
2012 temp_enhanced = enhanced;
2013 btm_ble_resolve_random_addr(bda, btm_ble_resolve_random_addr_on_conn_cmpl, p_data);
2014 // set back the temp enhanced to default after used.
2015 temp_enhanced = FALSE;
2016 } else
2017 #endif
2018 {
2019 STREAM_TO_UINT16 (conn_interval, p);
2020 STREAM_TO_UINT16 (conn_latency, p);
2021 STREAM_TO_UINT16 (conn_timeout, p);
2022 handle = HCID_GET_HANDLE (handle);
2023
2024 btm_ble_connected(bda, handle, HCI_ENCRYPT_MODE_DISABLED, role, bda_type, match);
2025 l2cble_conn_comp (handle, role, bda, bda_type, conn_interval,
2026 conn_latency, conn_timeout);
2027
2028 #if (BLE_PRIVACY_SPT == TRUE)
2029 if (enhanced) {
2030 btm_ble_refresh_local_resolvable_private_addr(bda, local_rpa);
2031
2032 if (peer_addr_type & BLE_ADDR_TYPE_ID_BIT) {
2033 btm_ble_refresh_peer_resolvable_private_addr(bda, peer_rpa, BLE_ADDR_RANDOM);
2034 }
2035 }
2036 #endif
2037 }
2038 } else {
2039 role = HCI_ROLE_UNKNOWN;
2040 if (status != HCI_ERR_DIRECTED_ADVERTISING_TIMEOUT) {
2041 btm_ble_set_conn_st(BLE_CONN_IDLE);
2042 #if (defined BLE_PRIVACY_SPT && BLE_PRIVACY_SPT == TRUE)
2043 btm_ble_disable_resolving_list(BTM_BLE_RL_INIT, TRUE);
2044 #endif
2045 } else {
2046 #if (defined BLE_PRIVACY_SPT && BLE_PRIVACY_SPT == TRUE)
2047 btm_cb.ble_ctr_cb.inq_var.adv_mode = BTM_BLE_ADV_DISABLE;
2048 btm_ble_disable_resolving_list(BTM_BLE_RL_ADV, TRUE);
2049 #endif
2050 }
2051
2052 }
2053
2054 BOOLEAN bg_con = btm_ble_update_mode_operation(role, bda, status);
2055 if (status != HCI_SUCCESS && !bg_con) {
2056 // notify connection failed
2057 l2c_link_hci_disc_comp (handle, status);
2058 #if (SMP_INCLUDED == TRUE)
2059 /* Notify security manager */
2060 btm_sec_disconnected (handle, status);
2061 #endif ///SMP_INCLUDED == TRUE
2062 }
2063 }
2064
2065
2066
2067 /*****************************************************************************
2068 ** Function btm_ble_create_ll_conn_complete
2069 **
2070 ** Description LE connection complete.
2071 **
2072 ******************************************************************************/
2073 void btm_ble_create_ll_conn_complete (UINT8 status)
2074 {
2075 if (status != HCI_SUCCESS) {
2076 btm_ble_set_conn_st(BLE_CONN_IDLE);
2077 btm_ble_update_mode_operation(HCI_ROLE_UNKNOWN, NULL, status);
2078 }
2079 }
2080
2081 /*****************************************************************************
2082 ** Function btm_ble_create_conn_cancel_complete
2083 **
2084 ** Description LE connection cancel complete.
2085 **
2086 ******************************************************************************/
2087 void btm_ble_create_conn_cancel_complete (UINT8 *p)
2088 {
2089 UINT8 status;
2090
2091 STREAM_TO_UINT8 (status, p);
2092
2093 switch (status) {
2094 case HCI_SUCCESS:
2095 if (btm_ble_get_conn_st() == BLE_CONN_CANCEL) {
2096 btm_ble_set_conn_st (BLE_CONN_IDLE);
2097 }
2098 break;
2099 default:
2100 break;
2101 }
2102 }
2103
2104 /*****************************************************************************
2105 ** Function btm_proc_smp_cback
2106 **
2107 ** Description This function is the SMP callback handler.
2108 **
2109 ******************************************************************************/
2110 #if (SMP_INCLUDED == TRUE)
2111 UINT8 btm_proc_smp_cback(tSMP_EVT event, BD_ADDR bd_addr, tSMP_EVT_DATA *p_data)
2112 {
2113 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
2114 UINT8 res = 0;
2115
2116 BTM_TRACE_DEBUG ("btm_proc_smp_cback event = %d", event);
2117
2118 if (p_dev_rec != NULL) {
2119 switch (event) {
2120 case SMP_IO_CAP_REQ_EVT:
2121 btm_ble_io_capabilities_req(p_dev_rec, (tBTM_LE_IO_REQ *)&p_data->io_req);
2122 break;
2123
2124 case SMP_BR_KEYS_REQ_EVT:
2125 btm_ble_br_keys_req(p_dev_rec, (tBTM_LE_IO_REQ *)&p_data->io_req);
2126 break;
2127
2128 case SMP_PASSKEY_REQ_EVT:
2129 case SMP_PASSKEY_NOTIF_EVT:
2130 case SMP_OOB_REQ_EVT:
2131 case SMP_NC_REQ_EVT:
2132 case SMP_SC_OOB_REQ_EVT:
2133 /* fall through */
2134 p_dev_rec->sec_flags |= BTM_SEC_LE_AUTHENTICATED;
2135
2136 case SMP_SEC_REQUEST_EVT:
2137 if (event == SMP_SEC_REQUEST_EVT && btm_cb.pairing_state != BTM_PAIR_STATE_IDLE) {
2138 BTM_TRACE_DEBUG("%s: Ignoring SMP Security request", __func__);
2139 break;
2140 }
2141 memcpy (btm_cb.pairing_bda, bd_addr, BD_ADDR_LEN);
2142 p_dev_rec->sec_state = BTM_SEC_STATE_AUTHENTICATING;
2143 btm_cb.pairing_flags |= BTM_PAIR_FLAGS_LE_ACTIVE;
2144 /* fall through */
2145
2146 case SMP_COMPLT_EVT:
2147 if (btm_cb.api.p_le_callback) {
2148 /* the callback function implementation may change the IO capability... */
2149 BTM_TRACE_DEBUG ("btm_cb.api.p_le_callback=%p", btm_cb.api.p_le_callback );
2150 (*btm_cb.api.p_le_callback) (event, bd_addr, (tBTM_LE_EVT_DATA *)p_data);
2151 }
2152
2153 if (event == SMP_COMPLT_EVT) {
2154 BTM_TRACE_DEBUG ("evt=SMP_COMPLT_EVT before update sec_level=0x%x sec_flags=0x%x", p_data->cmplt.sec_level , p_dev_rec->sec_flags );
2155
2156 res = (p_data->cmplt.reason == SMP_SUCCESS) ? BTM_SUCCESS : BTM_ERR_PROCESSING;
2157
2158 BTM_TRACE_DEBUG ("after update result=%d sec_level=0x%x sec_flags=0x%x",
2159 res, p_data->cmplt.sec_level , p_dev_rec->sec_flags );
2160
2161 if (p_data->cmplt.is_pair_cancel && btm_cb.api.p_bond_cancel_cmpl_callback ) {
2162 BTM_TRACE_DEBUG ("Pairing Cancel completed");
2163 (*btm_cb.api.p_bond_cancel_cmpl_callback)(BTM_SUCCESS);
2164 }
2165 #if BTM_BLE_CONFORMANCE_TESTING == TRUE
2166 if (res != BTM_SUCCESS) {
2167 if (!btm_cb.devcb.no_disc_if_pair_fail && p_data->cmplt.reason != SMP_CONN_TOUT) {
2168 BTM_TRACE_DEBUG ("Pairing failed - prepare to remove ACL");
2169 l2cu_start_post_bond_timer(p_dev_rec->ble_hci_handle);
2170 } else {
2171 BTM_TRACE_DEBUG ("Pairing failed - Not Removing ACL");
2172 p_dev_rec->sec_state = BTM_SEC_STATE_IDLE;
2173 }
2174 }
2175 #else
2176 if (res != BTM_SUCCESS && p_data->cmplt.reason != SMP_CONN_TOUT) {
2177 BTM_TRACE_DEBUG ("Pairing failed - prepare to remove ACL");
2178 l2cu_start_post_bond_timer(p_dev_rec->ble_hci_handle);
2179 }
2180 #endif
2181
2182 BTM_TRACE_DEBUG ("btm_cb pairing_state=%x pairing_flags=%x",
2183 btm_cb.pairing_state,
2184 btm_cb.pairing_flags);
2185 BTM_TRACE_DEBUG ("btm_cb.pairing_bda %02x:%02x:%02x:%02x:%02x:%02x",
2186 btm_cb.pairing_bda[0], btm_cb.pairing_bda[1], btm_cb.pairing_bda[2],
2187 btm_cb.pairing_bda[3], btm_cb.pairing_bda[4], btm_cb.pairing_bda[5]);
2188
2189 /* Reset btm state only if the callback address matches pairing address*/
2190 if (memcmp(bd_addr, btm_cb.pairing_bda, BD_ADDR_LEN) == 0) {
2191 memset (btm_cb.pairing_bda, 0xff, BD_ADDR_LEN);
2192 btm_cb.pairing_state = BTM_PAIR_STATE_IDLE;
2193 btm_cb.pairing_flags = 0;
2194 }
2195
2196 if (res == BTM_SUCCESS) {
2197 p_dev_rec->sec_state = BTM_SEC_STATE_IDLE;
2198 #if (defined BLE_PRIVACY_SPT && BLE_PRIVACY_SPT == TRUE)
2199 /* add all bonded device into resolving list if IRK is available*/
2200 btm_ble_resolving_list_load_dev(p_dev_rec);
2201 #endif
2202 }
2203
2204 btm_sec_dev_rec_cback_event(p_dev_rec, res, TRUE);
2205 }
2206 break;
2207
2208 default:
2209 BTM_TRACE_DEBUG ("unknown event = %d", event);
2210 break;
2211
2212
2213 }
2214 } else {
2215 BTM_TRACE_ERROR("btm_proc_smp_cback received for unknown device");
2216 }
2217 return 0;
2218 }
2219 #endif ///SMP_INCLUDED == TRUE
2220
2221
2222 /*******************************************************************************
2223 **
2224 ** Function BTM_BleDataSignature
2225 **
2226 ** Description This function is called to sign the data using AES128 CMAC
2227 ** algorith.
2228 **
2229 ** Parameter bd_addr: target device the data to be signed for.
2230 ** p_text: singing data
2231 ** len: length of the data to be signed.
2232 ** signature: output parameter where data signature is going to
2233 ** be stored.
2234 **
2235 ** Returns TRUE if signing sucessul, otherwise FALSE.
2236 **
2237 *******************************************************************************/
2238 #if (SMP_INCLUDED == TRUE)
2239 BOOLEAN BTM_BleDataSignature (BD_ADDR bd_addr, UINT8 *p_text, UINT16 len,
2240 BLE_SIGNATURE signature)
2241 {
2242 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr);
2243
2244 BTM_TRACE_DEBUG ("%s", __func__);
2245 #endif ///SMP_INCLUDED == TRUE
2246 BOOLEAN ret = FALSE;
2247 #if (SMP_INCLUDED == TRUE)
2248 if (p_rec == NULL) {
2249 BTM_TRACE_ERROR("%s-data signing can not be done from unknown device", __func__);
2250 } else {
2251 UINT8 *p_mac = (UINT8 *)signature;
2252 UINT8 *p_buf, *pp;
2253 if ((p_buf = (UINT8 *)osi_malloc((UINT16)(len + 4))) != NULL) {
2254 BTM_TRACE_DEBUG("%s-Start to generate Local CSRK", __func__);
2255 pp = p_buf;
2256 /* prepare plain text */
2257 if (p_text) {
2258 memcpy(p_buf, p_text, len);
2259 pp = (p_buf + len);
2260 }
2261
2262 UINT32_TO_STREAM(pp, p_rec->ble.keys.local_counter);
2263 UINT32_TO_STREAM(p_mac, p_rec->ble.keys.local_counter);
2264
2265 if ((ret = aes_cipher_msg_auth_code(p_rec->ble.keys.lcsrk, p_buf, (UINT16)(len + 4),
2266 BTM_CMAC_TLEN_SIZE, p_mac)) == TRUE) {
2267 btm_ble_increment_sign_ctr(bd_addr, TRUE);
2268 }
2269
2270 BTM_TRACE_DEBUG("%s p_mac = %p", __func__, p_mac);
2271 BTM_TRACE_DEBUG("p_mac[0] = 0x%02x p_mac[1] = 0x%02x p_mac[2] = 0x%02x p_mac[3] = 0x%02x",
2272 *p_mac, *(p_mac + 1), *(p_mac + 2), *(p_mac + 3));
2273 BTM_TRACE_DEBUG("p_mac[4] = 0x%02x p_mac[5] = 0x%02x p_mac[6] = 0x%02x p_mac[7] = 0x%02x",
2274 *(p_mac + 4), *(p_mac + 5), *(p_mac + 6), *(p_mac + 7));
2275 osi_free(p_buf);
2276 }
2277 }
2278 return ret;
2279 }
2280
2281 /*******************************************************************************
2282 **
2283 ** Function BTM_BleVerifySignature
2284 **
2285 ** Description This function is called to verify the data signature
2286 **
2287 ** Parameter bd_addr: target device the data to be signed for.
2288 ** p_orig: original data before signature.
2289 ** len: length of the signing data
2290 ** counter: counter used when doing data signing
2291 ** p_comp: signature to be compared against.
2292
2293 ** Returns TRUE if signature verified correctly; otherwise FALSE.
2294 **
2295 *******************************************************************************/
2296 BOOLEAN BTM_BleVerifySignature (BD_ADDR bd_addr, UINT8 *p_orig, UINT16 len, UINT32 counter,
2297 UINT8 *p_comp)
2298 {
2299 BOOLEAN verified = FALSE;
2300 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr);
2301 UINT8 p_mac[BTM_CMAC_TLEN_SIZE];
2302
2303 if (p_rec == NULL || (p_rec && !(p_rec->ble.key_type & BTM_LE_KEY_PCSRK))) {
2304 BTM_TRACE_ERROR("can not verify signature for unknown device");
2305 } else if (counter < p_rec->ble.keys.counter) {
2306 BTM_TRACE_ERROR("signature received with out dated sign counter");
2307 } else if (p_orig == NULL) {
2308 BTM_TRACE_ERROR("No signature to verify");
2309 } else {
2310 BTM_TRACE_DEBUG ("%s rcv_cnt=%d >= expected_cnt=%d", __func__, counter,
2311 p_rec->ble.keys.counter);
2312
2313 if (aes_cipher_msg_auth_code(p_rec->ble.keys.pcsrk, p_orig, len, BTM_CMAC_TLEN_SIZE, p_mac)) {
2314 if (memcmp(p_mac, p_comp, BTM_CMAC_TLEN_SIZE) == 0) {
2315 btm_ble_increment_sign_ctr(bd_addr, FALSE);
2316 verified = TRUE;
2317 }
2318 }
2319 }
2320 return verified;
2321 }
2322 #endif /* SMP_INCLUDED */
2323
2324
2325 /*******************************************************************************
2326 **
2327 ** Function BTM_GetLeSecurityState
2328 **
2329 ** Description This function is called to get security mode 1 flags and
2330 ** encryption key size for LE peer.
2331 **
2332 ** Returns BOOLEAN TRUE if LE device is found, FALSE otherwise.
2333 **
2334 *******************************************************************************/
2335 BOOLEAN BTM_GetLeSecurityState (BD_ADDR bd_addr, UINT8 *p_le_dev_sec_flags, UINT8 *p_le_key_size)
2336 {
2337 #if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
2338 tBTM_SEC_DEV_REC *p_dev_rec;
2339 UINT16 dev_rec_sec_flags;
2340 #endif
2341
2342 *p_le_dev_sec_flags = 0;
2343 *p_le_key_size = 0;
2344
2345 #if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
2346 if ((p_dev_rec = btm_find_dev (bd_addr)) == NULL) {
2347 BTM_TRACE_ERROR ("%s fails", __func__);
2348 return (FALSE);
2349 }
2350
2351 if (p_dev_rec->ble_hci_handle == BTM_SEC_INVALID_HANDLE) {
2352 BTM_TRACE_ERROR ("%s-this is not LE device", __func__);
2353 return (FALSE);
2354 }
2355
2356 dev_rec_sec_flags = p_dev_rec->sec_flags;
2357
2358 if (dev_rec_sec_flags & BTM_SEC_LE_ENCRYPTED) {
2359 /* link is encrypted with LTK or STK */
2360 *p_le_key_size = p_dev_rec->enc_key_size;
2361 *p_le_dev_sec_flags |= BTM_SEC_LE_LINK_ENCRYPTED;
2362
2363 *p_le_dev_sec_flags |= (dev_rec_sec_flags & BTM_SEC_LE_AUTHENTICATED)
2364 ? BTM_SEC_LE_LINK_PAIRED_WITH_MITM /* set auth LTK flag */
2365 : BTM_SEC_LE_LINK_PAIRED_WITHOUT_MITM; /* set unauth LTK flag */
2366 } else if (p_dev_rec->ble.key_type & BTM_LE_KEY_PENC) {
2367 /* link is unencrypted, still LTK is available */
2368 *p_le_key_size = p_dev_rec->ble.keys.key_size;
2369
2370 *p_le_dev_sec_flags |= (dev_rec_sec_flags & BTM_SEC_LE_LINK_KEY_AUTHED)
2371 ? BTM_SEC_LE_LINK_PAIRED_WITH_MITM /* set auth LTK flag */
2372 : BTM_SEC_LE_LINK_PAIRED_WITHOUT_MITM; /* set unauth LTK flag */
2373 }
2374
2375 BTM_TRACE_DEBUG ("%s - le_dev_sec_flags: 0x%02x, le_key_size: %d",
2376 __func__, *p_le_dev_sec_flags, *p_le_key_size);
2377
2378 return TRUE;
2379 #else
2380 return FALSE;
2381 #endif
2382 }
2383
2384 /*******************************************************************************
2385 **
2386 ** Function BTM_BleSecurityProcedureIsRunning
2387 **
2388 ** Description This function indicates if LE security procedure is
2389 ** currently running with the peer.
2390 **
2391 ** Returns BOOLEAN TRUE if security procedure is running, FALSE otherwise.
2392 **
2393 *******************************************************************************/
2394 BOOLEAN BTM_BleSecurityProcedureIsRunning(BD_ADDR bd_addr)
2395 {
2396 #if (BLE_INCLUDED == TRUE)
2397 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
2398
2399 if (p_dev_rec == NULL) {
2400 BTM_TRACE_ERROR ("%s device with BDA: %08x%04x is not found",
2401 __func__, (bd_addr[0] << 24) + (bd_addr[1] << 16) + (bd_addr[2] << 8) + bd_addr[3],
2402 (bd_addr[4] << 8) + bd_addr[5]);
2403 return FALSE;
2404 }
2405
2406 return (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING ||
2407 p_dev_rec->sec_state == BTM_SEC_STATE_AUTHENTICATING);
2408 #else
2409 return FALSE;
2410 #endif
2411 }
2412
2413 /*******************************************************************************
2414 **
2415 ** Function BTM_BleGetSupportedKeySize
2416 **
2417 ** Description This function gets the maximum encryption key size in bytes
2418 ** the local device can suport.
2419 ** record.
2420 **
2421 ** Returns the key size or 0 if the size can't be retrieved.
2422 **
2423 *******************************************************************************/
2424 extern UINT8 BTM_BleGetSupportedKeySize (BD_ADDR bd_addr)
2425 {
2426 #ifndef L2CAP_LE_COC_INCLUDED
2427 #define L2CAP_LE_COC_INCLUDED FALSE
2428 #endif
2429 #if ((BLE_INCLUDED == TRUE) && (L2CAP_LE_COC_INCLUDED == TRUE))
2430 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
2431 tBTM_LE_IO_REQ dev_io_cfg;
2432 UINT8 callback_rc;
2433
2434 if (!p_dev_rec) {
2435 BTM_TRACE_ERROR ("%s device with BDA: %08x%04x is not found",
2436 __func__, (bd_addr[0] << 24) + (bd_addr[1] << 16) + (bd_addr[2] << 8) + bd_addr[3],
2437 (bd_addr[4] << 8) + bd_addr[5]);
2438 return 0;
2439 }
2440
2441 if (btm_cb.api.p_le_callback == NULL) {
2442 BTM_TRACE_ERROR ("%s can't access supported key size", __func__);
2443 return 0;
2444 }
2445
2446 callback_rc = (*btm_cb.api.p_le_callback) (BTM_LE_IO_REQ_EVT, p_dev_rec->bd_addr,
2447 (tBTM_LE_EVT_DATA *) &dev_io_cfg);
2448
2449 if (callback_rc != BTM_SUCCESS) {
2450 BTM_TRACE_ERROR ("%s can't access supported key size", __func__);
2451 return 0;
2452 }
2453
2454 BTM_TRACE_DEBUG ("%s device supports key size = %d", __func__, dev_io_cfg.max_key_size);
2455 return (dev_io_cfg.max_key_size);
2456 #else
2457 return 0;
2458 #endif
2459 }
2460
2461 /*******************************************************************************
2462 ** Utility functions for LE device IR/ER generation
2463 *******************************************************************************/
2464 /*******************************************************************************
2465 **
2466 ** Function btm_notify_new_key
2467 **
2468 ** Description This function is to notify application new keys have been
2469 ** generated.
2470 **
2471 ** Returns void
2472 **
2473 *******************************************************************************/
2474 #if (SMP_INCLUDED == TRUE)
2475 static void btm_notify_new_key(UINT8 key_type)
2476 {
2477 tBTM_BLE_LOCAL_KEYS *p_locak_keys = NULL;
2478
2479 BTM_TRACE_DEBUG ("btm_notify_new_key key_type=%d", key_type);
2480
2481 if (btm_cb.api.p_le_key_callback) {
2482 switch (key_type) {
2483 case BTM_BLE_KEY_TYPE_ID:
2484 BTM_TRACE_DEBUG ("BTM_BLE_KEY_TYPE_ID");
2485 p_locak_keys = (tBTM_BLE_LOCAL_KEYS *)&btm_cb.devcb.id_keys;
2486 break;
2487
2488 case BTM_BLE_KEY_TYPE_ER:
2489 BTM_TRACE_DEBUG ("BTM_BLE_KEY_TYPE_ER");
2490 p_locak_keys = (tBTM_BLE_LOCAL_KEYS *)&btm_cb.devcb.ble_encryption_key_value;
2491 break;
2492
2493 default:
2494 BTM_TRACE_ERROR("unknown key type: %d", key_type);
2495 break;
2496 }
2497 if (p_locak_keys != NULL) {
2498 (*btm_cb.api.p_le_key_callback) (key_type, p_locak_keys);
2499 }
2500 }
2501 }
2502
2503 /*******************************************************************************
2504 **
2505 ** Function btm_ble_process_er2
2506 **
2507 ** Description This function is called when ER is generated, store it in
2508 ** local control block.
2509 **
2510 ** Returns void
2511 **
2512 *******************************************************************************/
2513 static void btm_ble_process_er2(tBTM_RAND_ENC *p)
2514 {
2515 BTM_TRACE_DEBUG ("btm_ble_process_er2");
2516
2517 if (p && p->opcode == HCI_BLE_RAND) {
2518 memcpy(&btm_cb.devcb.ble_encryption_key_value[8], p->param_buf, BT_OCTET8_LEN);
2519 btm_notify_new_key(BTM_BLE_KEY_TYPE_ER);
2520 } else {
2521 BTM_TRACE_ERROR("Generating ER2 exception.");
2522 memset(&btm_cb.devcb.ble_encryption_key_value, 0, sizeof(BT_OCTET16));
2523 }
2524 }
2525
2526 /*******************************************************************************
2527 **
2528 ** Function btm_ble_process_er
2529 **
2530 ** Description This function is called when ER is generated, store it in
2531 ** local control block.
2532 **
2533 ** Returns void
2534 **
2535 *******************************************************************************/
2536 static void btm_ble_process_er(tBTM_RAND_ENC *p)
2537 {
2538 BTM_TRACE_DEBUG ("btm_ble_process_er");
2539
2540 if (p && p->opcode == HCI_BLE_RAND) {
2541 memcpy(&btm_cb.devcb.ble_encryption_key_value[0], p->param_buf, BT_OCTET8_LEN);
2542
2543 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_er2)) {
2544 memset(&btm_cb.devcb.ble_encryption_key_value, 0, sizeof(BT_OCTET16));
2545 BTM_TRACE_ERROR("Generating ER2 failed.");
2546 }
2547 } else {
2548 BTM_TRACE_ERROR("Generating ER1 exception.");
2549 }
2550 }
2551
2552 /*******************************************************************************
2553 **
2554 ** Function btm_ble_process_irk
2555 **
2556 ** Description This function is called when IRK is generated, store it in
2557 ** local control block.
2558 **
2559 ** Returns void
2560 **
2561 *******************************************************************************/
2562 static void btm_ble_process_irk(tSMP_ENC *p)
2563 {
2564 BTM_TRACE_DEBUG ("btm_ble_process_irk");
2565 if (p && p->opcode == HCI_BLE_ENCRYPT) {
2566 memcpy(btm_cb.devcb.id_keys.irk, p->param_buf, BT_OCTET16_LEN);
2567 btm_notify_new_key(BTM_BLE_KEY_TYPE_ID);
2568
2569 #if BLE_PRIVACY_SPT == TRUE
2570 /* if privacy is enabled, new RPA should be calculated */
2571 if (btm_cb.ble_ctr_cb.privacy_mode != BTM_PRIVACY_NONE) {
2572 btm_gen_resolvable_private_addr((void *)btm_gen_resolve_paddr_low);
2573 }
2574 #endif
2575 } else {
2576 BTM_TRACE_ERROR("Generating IRK exception.");
2577 }
2578
2579 /* proceed generate ER */
2580 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_er)) {
2581 BTM_TRACE_ERROR("Generating ER failed.");
2582 }
2583 }
2584
2585
2586 /*******************************************************************************
2587 **
2588 ** Function btm_ble_process_dhk
2589 **
2590 ** Description This function is called when DHK is calculated, store it in
2591 ** local control block, and proceed to generate ER, a 128-bits
2592 ** random number.
2593 **
2594 ** Returns void
2595 **
2596 *******************************************************************************/
2597 static void btm_ble_process_dhk(tSMP_ENC *p)
2598 {
2599 UINT8 btm_ble_irk_pt = 0x01;
2600 tSMP_ENC output;
2601
2602 BTM_TRACE_DEBUG ("btm_ble_process_dhk");
2603
2604 if (p && p->opcode == HCI_BLE_ENCRYPT) {
2605 memcpy(btm_cb.devcb.id_keys.dhk, p->param_buf, BT_OCTET16_LEN);
2606 BTM_TRACE_DEBUG("BLE DHK generated.");
2607
2608 /* IRK = D1(IR, 1) */
2609 if (!SMP_Encrypt(btm_cb.devcb.id_keys.ir, BT_OCTET16_LEN, &btm_ble_irk_pt,
2610 1, &output)) {
2611 /* reset all identity root related key */
2612 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
2613 } else {
2614 btm_ble_process_irk(&output);
2615 }
2616 } else {
2617 /* reset all identity root related key */
2618 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
2619 }
2620 }
2621
2622 /*******************************************************************************
2623 **
2624 ** Function btm_ble_process_ir2
2625 **
2626 ** Description This function is called when IR is generated, proceed to calculate
2627 ** DHK = Eir({0x03, 0, 0 ...})
2628 **
2629 **
2630 ** Returns void
2631 **
2632 *******************************************************************************/
2633 static void btm_ble_process_ir2(tBTM_RAND_ENC *p)
2634 {
2635 UINT8 btm_ble_dhk_pt = 0x03;
2636 tSMP_ENC output;
2637
2638 BTM_TRACE_DEBUG ("btm_ble_process_ir2");
2639
2640 if (p && p->opcode == HCI_BLE_RAND) {
2641 /* remembering in control block */
2642 memcpy(&btm_cb.devcb.id_keys.ir[8], p->param_buf, BT_OCTET8_LEN);
2643 /* generate DHK= Eir({0x03, 0x00, 0x00 ...}) */
2644
2645
2646 SMP_Encrypt(btm_cb.devcb.id_keys.ir, BT_OCTET16_LEN, &btm_ble_dhk_pt,
2647 1, &output);
2648 btm_ble_process_dhk(&output);
2649
2650 BTM_TRACE_DEBUG("BLE IR generated.");
2651 } else {
2652 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
2653 }
2654 }
2655
2656 /*******************************************************************************
2657 **
2658 ** Function btm_ble_process_ir
2659 **
2660 ** Description This function is called when IR is generated, proceed to calculate
2661 ** DHK = Eir({0x02, 0, 0 ...})
2662 **
2663 **
2664 ** Returns void
2665 **
2666 *******************************************************************************/
2667 static void btm_ble_process_ir(tBTM_RAND_ENC *p)
2668 {
2669 BTM_TRACE_DEBUG ("btm_ble_process_ir");
2670
2671 if (p && p->opcode == HCI_BLE_RAND) {
2672 /* remembering in control block */
2673 memcpy(btm_cb.devcb.id_keys.ir, p->param_buf, BT_OCTET8_LEN);
2674
2675 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_ir2)) {
2676 BTM_TRACE_ERROR("Generating IR2 failed.");
2677 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
2678 }
2679 }
2680 }
2681
2682 /*******************************************************************************
2683 **
2684 ** Function btm_ble_reset_id
2685 **
2686 ** Description This function is called to reset LE device identity.
2687 **
2688 ** Returns void
2689 **
2690 *******************************************************************************/
2691 void btm_ble_reset_id( void )
2692 {
2693 BTM_TRACE_DEBUG ("btm_ble_reset_id");
2694
2695 /* regenrate Identity Root*/
2696 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_ir)) {
2697 BTM_TRACE_DEBUG("Generating IR failed.");
2698 }
2699 }
2700 #endif ///SMP_INCLUDED == TRUE
2701
2702 #if BTM_BLE_CONFORMANCE_TESTING == TRUE
2703 /*******************************************************************************
2704 **
2705 ** Function btm_ble_set_no_disc_if_pair_fail
2706 **
2707 ** Description This function indicates that whether no disconnect of the ACL
2708 ** should be used if pairing failed
2709 **
2710 ** Returns void
2711 **
2712 *******************************************************************************/
2713 void btm_ble_set_no_disc_if_pair_fail(BOOLEAN disable_disc )
2714 {
2715 BTM_TRACE_DEBUG ("btm_ble_set_disc_enable_if_pair_fail disable_disc=%d", disable_disc);
2716 btm_cb.devcb.no_disc_if_pair_fail = disable_disc;
2717 }
2718
2719 /*******************************************************************************
2720 **
2721 ** Function btm_ble_set_test_mac_value
2722 **
2723 ** Description This function set test MAC value
2724 **
2725 ** Returns void
2726 **
2727 *******************************************************************************/
2728 void btm_ble_set_test_mac_value(BOOLEAN enable, UINT8 *p_test_mac_val )
2729 {
2730 BTM_TRACE_DEBUG ("btm_ble_set_test_mac_value enable=%d", enable);
2731 btm_cb.devcb.enable_test_mac_val = enable;
2732 memcpy(btm_cb.devcb.test_mac, p_test_mac_val, BT_OCTET8_LEN);
2733 }
2734
2735 /*******************************************************************************
2736 **
2737 ** Function btm_ble_set_test_local_sign_cntr_value
2738 **
2739 ** Description This function set test local sign counter value
2740 **
2741 ** Returns void
2742 **
2743 *******************************************************************************/
2744 void btm_ble_set_test_local_sign_cntr_value(BOOLEAN enable, UINT32 test_local_sign_cntr )
2745 {
2746 BTM_TRACE_DEBUG ("btm_ble_set_test_local_sign_cntr_value enable=%d local_sign_cntr=%d",
2747 enable, test_local_sign_cntr);
2748 btm_cb.devcb.enable_test_local_sign_cntr = enable;
2749 btm_cb.devcb.test_local_sign_cntr = test_local_sign_cntr;
2750 }
2751
2752 /*******************************************************************************
2753 **
2754 ** Function btm_set_random_address
2755 **
2756 ** Description This function set a random address to local controller.
2757 **
2758 ** Returns void
2759 **
2760 *******************************************************************************/
2761 void btm_set_random_address(BD_ADDR random_bda)
2762 {
2763 tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
2764 BOOLEAN adv_mode = btm_cb.ble_ctr_cb.inq_var.adv_mode ;
2765
2766 BTM_TRACE_DEBUG ("btm_set_random_address");
2767
2768 if (adv_mode == BTM_BLE_ADV_ENABLE) {
2769 btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_DISABLE);
2770 }
2771
2772 memcpy(p_cb->private_addr, random_bda, BD_ADDR_LEN);
2773 btsnd_hcic_ble_set_random_addr(p_cb->private_addr);
2774
2775 if (adv_mode == BTM_BLE_ADV_ENABLE) {
2776 btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_ENABLE);
2777 }
2778
2779
2780 }
2781
2782 /*******************************************************************************
2783 **
2784 ** Function btm_ble_set_keep_rfu_in_auth_req
2785 **
2786 ** Description This function indicates if RFU bits have to be kept as is
2787 ** (by default they have to be set to 0 by the sender).
2788 **
2789 ** Returns void
2790 **
2791 *******************************************************************************/
2792 void btm_ble_set_keep_rfu_in_auth_req(BOOLEAN keep_rfu)
2793 {
2794 BTM_TRACE_DEBUG ("btm_ble_set_keep_rfu_in_auth_req keep_rfus=%d", keep_rfu);
2795 btm_cb.devcb.keep_rfu_in_auth_req = keep_rfu;
2796 }
2797
2798 #endif /* BTM_BLE_CONFORMANCE_TESTING */
2799
2800 /*******************************************************************************
2801 **
2802 ** Function btm_get_current_conn_params
2803 **
2804 ** Description This function is called to get current connection parameters
2805 ** information of the device
2806 **
2807 ** Returns TRUE if the information is geted, else FALSE
2808 **
2809 *******************************************************************************/
2810
2811 BOOLEAN btm_get_current_conn_params(BD_ADDR bda, UINT16 *interval, UINT16 *latency, UINT16 *timeout)
2812 {
2813 if( (interval == NULL) || (latency == NULL) || (timeout == NULL) ) {
2814 BTM_TRACE_ERROR("%s invalid parameters ", __func__);
2815 return FALSE;
2816 }
2817
2818 tL2C_LCB *p_lcb = l2cu_find_lcb_by_bd_addr(bda, BT_TRANSPORT_LE);
2819 if(p_lcb != NULL) {
2820 (*interval) = p_lcb->current_used_conn_interval;
2821 (*latency) = p_lcb->current_used_conn_latency;
2822 (*timeout) = p_lcb->current_used_conn_timeout;
2823 return TRUE;
2824 }
2825 BTM_TRACE_WARNING("%s Device is not connected", __func__);
2826
2827 return FALSE;
2828 }
2829
2830
2831 #endif /* BLE_INCLUDED */
2832
