1 /******************************************************************************
2 *
3 * Copyright (C) 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains security manager protocol utility functions
22 *
23 ******************************************************************************/
24 #include "common/bt_target.h"
25
26 #if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
27 #if SMP_DEBUG == TRUE
28 #include <stdio.h>
29 #endif
30 #include <string.h>
31 //#include "bt_utils.h"
32 #include "stack/btm_ble_api.h"
33 #include "smp_int.h"
34 #include "btm_int.h"
35 #include "btm_ble_int.h"
36 #include "stack/hcimsgs.h"
37 #include "aes.h"
38 #include "p_256_ecc_pp.h"
39 #include "device/controller.h"
40
41 #ifndef SMP_MAX_ENC_REPEAT
42 #define SMP_MAX_ENC_REPEAT 3
43 #endif
44
45 static void smp_rand_back(tBTM_RAND_ENC *p);
46 static void smp_generate_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data);
47 static void smp_generate_ltk_cont(tSMP_CB *p_cb, tSMP_INT_DATA *p_data);
48 static void smp_generate_y(tSMP_CB *p_cb, tSMP_INT_DATA *p);
49 static void smp_generate_rand_vector (tSMP_CB *p_cb, tSMP_INT_DATA *p);
50 static void smp_process_stk(tSMP_CB *p_cb, tSMP_ENC *p);
51 static void smp_calculate_comfirm_cont(tSMP_CB *p_cb, tSMP_ENC *p);
52 static void smp_process_confirm(tSMP_CB *p_cb, tSMP_ENC *p);
53 static void smp_process_compare(tSMP_CB *p_cb, tSMP_ENC *p);
54 static void smp_process_ediv(tSMP_CB *p_cb, tSMP_ENC *p);
55 static BOOLEAN smp_calculate_legacy_short_term_key(tSMP_CB *p_cb, tSMP_ENC *output);
56 static void smp_continue_private_key_creation(tSMP_CB *p_cb, tBTM_RAND_ENC *p);
57 static void smp_process_private_key(tSMP_CB *p_cb);
58 static void smp_finish_nonce_generation(tSMP_CB *p_cb);
59 static void smp_process_new_nonce(tSMP_CB *p_cb);
60
61 static const tSMP_ACT smp_encrypt_action[] = {
62 smp_generate_compare, /* SMP_GEN_COMPARE */
63 smp_generate_confirm, /* SMP_GEN_CONFIRM*/
64 smp_generate_stk, /* SMP_GEN_STK*/
65 smp_generate_ltk_cont, /* SMP_GEN_LTK */
66 smp_generate_ltk, /* SMP_GEN_DIV_LTK */
67 smp_generate_rand_vector, /* SMP_GEN_RAND_V */
68 smp_generate_y, /* SMP_GEN_EDIV */
69 smp_generate_passkey, /* SMP_GEN_TK */
70 smp_generate_srand_mrand_confirm, /* SMP_GEN_SRAND_MRAND */
71 smp_generate_rand_cont /* SMP_GEN_SRAND_MRAND_CONT */
72 };
73
smp_debug_print_nbyte_little_endian(UINT8 * p,const UINT8 * key_name,UINT8 len)74 void smp_debug_print_nbyte_little_endian(UINT8 *p, const UINT8 *key_name, UINT8 len)
75 {
76 #if SMP_DEBUG == TRUE
77 int ind, x;
78 int col_count = 32;
79 int row_count;
80 UINT8 p_buf[512];
81
82 SMP_TRACE_WARNING("%s(LSB ~ MSB):\n", key_name);
83 memset(p_buf, 0, sizeof(p_buf));
84 row_count = len % col_count ? len / col_count + 1 : len / col_count;
85
86 ind = 0;
87 for (int row = 0; row < row_count; row++) {
88 for (int column = 0, x = 0; (ind < len) && (column < col_count); column++, ind++) {
89 x += sprintf((char *)&p_buf[x], "%02x ", p[ind]);
90 }
91 SMP_TRACE_WARNING(" [%03d]: %s", row * col_count, p_buf);
92 }
93 #endif
94 }
95
96 #if 0 //Unused
97 void smp_debug_print_nbyte_big_endian (UINT8 *p, const UINT8 *key_name, UINT8 len)
98 {
99 #if SMP_DEBUG == TRUE
100 UINT8 p_buf[512];
101
102 SMP_TRACE_WARNING("%s(MSB ~ LSB):", key_name);
103 memset(p_buf, 0, sizeof(p_buf));
104 nrows = len % ncols ? len / ncols + 1 : len / ncols;
105
106 int ind = 0;
107 int ncols = 32; /* num entries in one line */
108 int nrows; /* num lines */
109 int x;
110
111 for (int row = 0; row < nrows; row++) {
112 for (int col = 0, x = 0; (ind < len) && (col < ncols); col++, ind++) {
113 x += sprintf ((char *)&p_buf[len - x - 1], "%02x ", p[ind]);
114 }
115 SMP_TRACE_WARNING("[%03d]: %s", row * ncols, p_buf);
116 }
117 #endif
118 }
119 #endif
120
121 /*******************************************************************************
122 **
123 ** Function smp_encrypt_data
124 **
125 ** Description This function is called to encrypt data.
126 ** It uses AES-128 encryption algorithm.
127 ** Plain_text is encrypted using key, the result is at p_out.
128 **
129 ** Returns void
130 **
131 *******************************************************************************/
smp_encrypt_data(UINT8 * key,UINT8 key_len,UINT8 * plain_text,UINT8 pt_len,tSMP_ENC * p_out)132 BOOLEAN smp_encrypt_data (UINT8 *key, UINT8 key_len,
133 UINT8 *plain_text, UINT8 pt_len,
134 tSMP_ENC *p_out)
135 {
136 aes_context ctx;
137 UINT8 *p_start = NULL;
138 UINT8 *p = NULL;
139 UINT8 *p_rev_data = NULL; /* input data in big endilan format */
140 UINT8 *p_rev_key = NULL; /* input key in big endilan format */
141 UINT8 *p_rev_output = NULL; /* encrypted output in big endilan format */
142
143 SMP_TRACE_DEBUG ("%s\n", __func__);
144 if ( (p_out == NULL ) || (key_len != SMP_ENCRYT_KEY_SIZE) ) {
145 SMP_TRACE_ERROR ("%s failed\n", __func__);
146 return FALSE;
147 }
148
149 if ((p_start = (UINT8 *)osi_malloc((SMP_ENCRYT_DATA_SIZE * 4))) == NULL) {
150 SMP_TRACE_ERROR ("%s failed unable to allocate buffer\n", __func__);
151 return FALSE;
152 }
153
154 if (pt_len > SMP_ENCRYT_DATA_SIZE) {
155 pt_len = SMP_ENCRYT_DATA_SIZE;
156 }
157
158 memset(p_start, 0, SMP_ENCRYT_DATA_SIZE * 4);
159 p = p_start;
160 ARRAY_TO_STREAM (p, plain_text, pt_len); /* byte 0 to byte 15 */
161 p_rev_data = p = p_start + SMP_ENCRYT_DATA_SIZE; /* start at byte 16 */
162 REVERSE_ARRAY_TO_STREAM (p, p_start, SMP_ENCRYT_DATA_SIZE); /* byte 16 to byte 31 */
163 p_rev_key = p; /* start at byte 32 */
164 REVERSE_ARRAY_TO_STREAM (p, key, SMP_ENCRYT_KEY_SIZE); /* byte 32 to byte 47 */
165
166 #if SMP_DEBUG == TRUE && SMP_DEBUG_VERBOSE == TRUE
167 smp_debug_print_nbyte_little_endian(key, (const UINT8 *)"Key", SMP_ENCRYT_KEY_SIZE);
168 smp_debug_print_nbyte_little_endian(p_start, (const UINT8 *)"Plain text", SMP_ENCRYT_DATA_SIZE);
169 #endif
170 p_rev_output = p;
171 aes_set_key(p_rev_key, SMP_ENCRYT_KEY_SIZE, &ctx);
172 bluedroid_aes_encrypt(p_rev_data, p, &ctx); /* outputs in byte 48 to byte 63 */
173
174 p = p_out->param_buf;
175 REVERSE_ARRAY_TO_STREAM (p, p_rev_output, SMP_ENCRYT_DATA_SIZE);
176 #if SMP_DEBUG == TRUE && SMP_DEBUG_VERBOSE == TRUE
177 smp_debug_print_nbyte_little_endian(p_out->param_buf, (const UINT8 *)"Encrypted text", SMP_ENCRYT_KEY_SIZE);
178 #endif
179
180 p_out->param_len = SMP_ENCRYT_KEY_SIZE;
181 p_out->status = HCI_SUCCESS;
182 p_out->opcode = HCI_BLE_ENCRYPT;
183
184 osi_free(p_start);
185
186 return TRUE;
187 }
188
smp_use_static_passkey(void)189 void smp_use_static_passkey(void)
190 {
191 tSMP_CB *p_cb = &smp_cb;
192 UINT8 *tt = p_cb->tk;
193 tSMP_KEY key;
194 UINT32 passkey = p_cb->static_passkey;
195 /* save the TK */
196 memset(p_cb->tk, 0, BT_OCTET16_LEN);
197 UINT32_TO_STREAM(tt, passkey);
198
199 key.key_type = SMP_KEY_TYPE_TK;
200 key.p_data = p_cb->tk;
201
202 if (p_cb->p_callback) {
203 (*p_cb->p_callback)(SMP_PASSKEY_NOTIF_EVT, p_cb->pairing_bda, (tSMP_EVT_DATA *)&passkey);
204 }
205
206 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_PASSKEY_DISP) {
207 smp_sm_event(&smp_cb, SMP_KEY_READY_EVT, &passkey);
208 } else {
209 smp_sm_event(p_cb, SMP_KEY_READY_EVT, (tSMP_INT_DATA *)&key);
210 }
211 }
212 /*******************************************************************************
213 **
214 ** Function smp_generate_passkey
215 **
216 ** Description This function is called to generate passkey.
217 **
218 ** Returns void
219 **
220 *******************************************************************************/
smp_generate_passkey(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)221 void smp_generate_passkey(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
222 {
223 UNUSED(p_data);
224
225 if(p_cb->use_static_passkey) {
226 SMP_TRACE_DEBUG ("%s use static passkey %6d", __func__, p_cb->static_passkey);
227 smp_use_static_passkey();
228 return;
229 }
230 SMP_TRACE_DEBUG ("%s generate rand passkey", __func__);
231 p_cb->rand_enc_proc_state = SMP_GEN_TK;
232
233 /* generate MRand or SRand */
234 if (!btsnd_hcic_ble_rand((void *)smp_rand_back)) {
235 smp_rand_back(NULL);
236 }
237 }
238
239 /*******************************************************************************
240 **
241 ** Function smp_proc_passkey
242 **
243 ** Description This function is called to process a passkey.
244 **
245 ** Returns void
246 **
247 *******************************************************************************/
smp_proc_passkey(tSMP_CB * p_cb,tBTM_RAND_ENC * p)248 void smp_proc_passkey(tSMP_CB *p_cb , tBTM_RAND_ENC *p)
249 {
250 UINT8 *tt = p_cb->tk;
251 tSMP_KEY key;
252 UINT32 passkey; /* 19655 test number; */
253 UINT8 *pp = p->param_buf;
254
255 SMP_TRACE_DEBUG ("%s", __func__);
256 STREAM_TO_UINT32(passkey, pp);
257 passkey &= ~SMP_PASSKEY_MASK;
258
259 /* truncate by maximum value */
260 while (passkey > BTM_MAX_PASSKEY_VAL) {
261 passkey >>= 1;
262 }
263
264 /* save the TK */
265 memset(p_cb->tk, 0, BT_OCTET16_LEN);
266 UINT32_TO_STREAM(tt, passkey);
267
268 key.key_type = SMP_KEY_TYPE_TK;
269 key.p_data = p_cb->tk;
270
271 if (p_cb->p_callback) {
272 (*p_cb->p_callback)(SMP_PASSKEY_NOTIF_EVT, p_cb->pairing_bda, (tSMP_EVT_DATA *)&passkey);
273 }
274
275 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_PASSKEY_DISP) {
276 smp_sm_event(&smp_cb, SMP_KEY_READY_EVT, &passkey);
277 } else {
278 smp_sm_event(p_cb, SMP_KEY_READY_EVT, (tSMP_INT_DATA *)&key);
279 }
280 }
281
282 /*******************************************************************************
283 **
284 ** Function smp_generate_stk
285 **
286 ** Description This function is called to generate STK calculated by running
287 ** AES with the TK value as key and a concatenation of the random
288 ** values.
289 **
290 ** Returns void
291 **
292 *******************************************************************************/
smp_generate_stk(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)293 void smp_generate_stk(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
294 {
295 UNUSED(p_data);
296
297 tSMP_ENC output;
298 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
299
300 SMP_TRACE_DEBUG ("%s\n", __func__);
301
302 if (p_cb->le_secure_connections_mode_is_used) {
303 SMP_TRACE_WARNING ("FOR LE SC LTK IS USED INSTEAD OF STK");
304 output.param_len = SMP_ENCRYT_KEY_SIZE;
305 output.status = HCI_SUCCESS;
306 output.opcode = HCI_BLE_ENCRYPT;
307 memcpy(output.param_buf, p_cb->ltk, SMP_ENCRYT_DATA_SIZE);
308 } else if (!smp_calculate_legacy_short_term_key(p_cb, &output)) {
309 SMP_TRACE_ERROR("%s failed", __func__);
310 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
311 return;
312 }
313
314 smp_process_stk(p_cb, &output);
315 }
316
317 /*******************************************************************************
318 **
319 ** Function smp_generate_srand_mrand_confirm
320 **
321 ** Description This function is called to start the second pairing phase by
322 ** start generating random number.
323 **
324 **
325 ** Returns void
326 **
327 *******************************************************************************/
smp_generate_srand_mrand_confirm(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)328 void smp_generate_srand_mrand_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
329 {
330 UNUSED(p_data);
331
332 SMP_TRACE_DEBUG ("%s\n", __func__);
333 p_cb->rand_enc_proc_state = SMP_GEN_SRAND_MRAND;
334 /* generate MRand or SRand */
335 if (!btsnd_hcic_ble_rand((void *)smp_rand_back)) {
336 smp_rand_back(NULL);
337 }
338 }
339
340 /*******************************************************************************
341 **
342 ** Function smp_generate_rand_cont
343 **
344 ** Description This function is called to generate another 64 bits random for
345 ** MRand or Srand.
346 **
347 ** Returns void
348 **
349 *******************************************************************************/
smp_generate_rand_cont(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)350 void smp_generate_rand_cont(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
351 {
352 UNUSED(p_data);
353
354 SMP_TRACE_DEBUG ("%s\n", __func__);
355 p_cb->rand_enc_proc_state = SMP_GEN_SRAND_MRAND_CONT;
356 /* generate 64 MSB of MRand or SRand */
357 if (!btsnd_hcic_ble_rand((void *)smp_rand_back)) {
358 smp_rand_back(NULL);
359 }
360 }
361
362 /*******************************************************************************
363 **
364 ** Function smp_generate_ltk
365 **
366 ** Description This function is called:
367 ** - in legacy pairing - to calculate LTK, starting with DIV
368 ** generation;
369 ** - in LE Secure Connections pairing over LE transport - to process LTK
370 ** already generated to encrypt LE link;
371 ** - in LE Secure Connections pairing over BR/EDR transport - to start
372 ** BR/EDR Link Key processing.
373 **
374 ** Returns void
375 **
376 *******************************************************************************/
smp_generate_ltk(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)377 void smp_generate_ltk(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
378 {
379 UNUSED(p_data);
380
381 BOOLEAN div_status;
382 SMP_TRACE_DEBUG ("%s\n", __FUNCTION__);
383 #if (CLASSIC_BT_INCLUDED == TRUE)
384 if (smp_get_br_state() == SMP_BR_STATE_BOND_PENDING) {
385 smp_br_process_link_key(p_cb, NULL);
386 return;
387 }
388 #endif ///CLASSIC_BT_INCLUDED == TRUE
389 if (p_cb->le_secure_connections_mode_is_used) {
390 smp_process_secure_connection_long_term_key();
391 return;
392 }
393
394 div_status = btm_get_local_div(p_cb->pairing_bda, &p_cb->div);
395
396 if (div_status) {
397 smp_generate_ltk_cont(p_cb, NULL);
398 } else {
399 SMP_TRACE_DEBUG ("Generate DIV for LTK\n");
400 p_cb->rand_enc_proc_state = SMP_GEN_DIV_LTK;
401 /* generate MRand or SRand */
402 if (!btsnd_hcic_ble_rand((void *)smp_rand_back)) {
403 smp_rand_back(NULL);
404 }
405 }
406 }
407
408 /*******************************************************************************
409 **
410 ** Function smp_compute_csrk
411 **
412 ** Description This function is called to calculate CSRK
413 **
414 **
415 ** Returns void
416 **
417 *******************************************************************************/
smp_compute_csrk(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)418 void smp_compute_csrk(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
419 {
420 UNUSED(p_data);
421
422 BT_OCTET16 er;
423 UINT8 buffer[4]; /* for (r || DIV) r=1*/
424 UINT16 r = 1;
425 UINT8 *p = buffer;
426 tSMP_ENC output;
427 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
428
429 SMP_TRACE_DEBUG ("smp_compute_csrk div=%x\n", p_cb->div);
430 BTM_GetDeviceEncRoot(er);
431 /* CSRK = d1(ER, DIV, 1) */
432 UINT16_TO_STREAM(p, p_cb->div);
433 UINT16_TO_STREAM(p, r);
434
435 if (!SMP_Encrypt(er, BT_OCTET16_LEN, buffer, 4, &output)) {
436 SMP_TRACE_ERROR("smp_generate_csrk failed\n");
437 if (p_cb->smp_over_br) {
438 #if (CLASSIC_BT_INCLUDED == TRUE)
439 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &status);
440 #endif ///CLASSIC_BT_INCLUDED == TRUE
441 } else {
442 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
443 }
444 } else {
445 memcpy((void *)p_cb->csrk, output.param_buf, BT_OCTET16_LEN);
446 smp_send_csrk_info(p_cb, NULL);
447 }
448 }
449
450 /*******************************************************************************
451 **
452 ** Function smp_generate_csrk
453 **
454 ** Description This function is called to calculate CSRK, starting with DIV
455 ** generation.
456 **
457 **
458 ** Returns void
459 **
460 *******************************************************************************/
smp_generate_csrk(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)461 void smp_generate_csrk(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
462 {
463 UNUSED(p_data);
464
465 BOOLEAN div_status;
466
467 SMP_TRACE_DEBUG ("smp_generate_csrk");
468
469 div_status = btm_get_local_div(p_cb->pairing_bda, &p_cb->div);
470 if (div_status) {
471 smp_compute_csrk(p_cb, NULL);
472 } else {
473 SMP_TRACE_DEBUG ("Generate DIV for CSRK");
474 p_cb->rand_enc_proc_state = SMP_GEN_DIV_CSRK;
475 if (!btsnd_hcic_ble_rand((void *)smp_rand_back)) {
476 smp_rand_back(NULL);
477 }
478 }
479 }
480
481 /*******************************************************************************
482 ** Function smp_concatenate_peer
483 ** add pairing command sent from local device into p1.
484 *******************************************************************************/
smp_concatenate_local(tSMP_CB * p_cb,UINT8 ** p_data,UINT8 op_code)485 void smp_concatenate_local( tSMP_CB *p_cb, UINT8 **p_data, UINT8 op_code)
486 {
487 UINT8 *p = *p_data;
488
489 SMP_TRACE_DEBUG ("%s\n", __func__);
490 UINT8_TO_STREAM(p, op_code);
491 UINT8_TO_STREAM(p, p_cb->local_io_capability);
492 UINT8_TO_STREAM(p, p_cb->loc_oob_flag);
493 UINT8_TO_STREAM(p, p_cb->loc_auth_req);
494 UINT8_TO_STREAM(p, p_cb->loc_enc_size);
495 UINT8_TO_STREAM(p, p_cb->local_i_key);
496 UINT8_TO_STREAM(p, p_cb->local_r_key);
497
498 *p_data = p;
499 }
500
501 /*******************************************************************************
502 ** Function smp_concatenate_peer
503 ** add pairing command received from peer device into p1.
504 *******************************************************************************/
smp_concatenate_peer(tSMP_CB * p_cb,UINT8 ** p_data,UINT8 op_code)505 void smp_concatenate_peer( tSMP_CB *p_cb, UINT8 **p_data, UINT8 op_code)
506 {
507 UINT8 *p = *p_data;
508
509 SMP_TRACE_DEBUG ("smp_concatenate_peer \n");
510 UINT8_TO_STREAM(p, op_code);
511 UINT8_TO_STREAM(p, p_cb->peer_io_caps);
512 UINT8_TO_STREAM(p, p_cb->peer_oob_flag);
513 UINT8_TO_STREAM(p, p_cb->peer_auth_req);
514 UINT8_TO_STREAM(p, p_cb->peer_enc_size);
515 UINT8_TO_STREAM(p, p_cb->peer_i_key);
516 UINT8_TO_STREAM(p, p_cb->peer_r_key);
517
518 *p_data = p;
519 }
520
521 /*******************************************************************************
522 **
523 ** Function smp_gen_p1_4_confirm
524 **
525 ** Description Generate Confirm/Compare Step1:
526 ** p1 = pres || preq || rat' || iat'
527 **
528 ** Returns void
529 **
530 *******************************************************************************/
smp_gen_p1_4_confirm(tSMP_CB * p_cb,BT_OCTET16 p1)531 void smp_gen_p1_4_confirm( tSMP_CB *p_cb, BT_OCTET16 p1)
532 {
533 UINT8 *p = (UINT8 *)p1;
534 tBLE_ADDR_TYPE addr_type = 0;
535 BD_ADDR remote_bda;
536
537 SMP_TRACE_DEBUG ("smp_gen_p1_4_confirm\n");
538
539 if (!BTM_ReadRemoteConnectionAddr(p_cb->pairing_bda, remote_bda, &addr_type)) {
540 SMP_TRACE_ERROR("can not generate confirm for unknown device\n");
541 return;
542 }
543
544 BTM_ReadConnectionAddr( p_cb->pairing_bda, p_cb->local_bda, &p_cb->addr_type);
545
546 if (p_cb->role == HCI_ROLE_MASTER) {
547 /* LSB : rat': initiator's(local) address type */
548 UINT8_TO_STREAM(p, p_cb->addr_type);
549 /* LSB : iat': responder's address type */
550 UINT8_TO_STREAM(p, addr_type);
551 /* concatinate preq */
552 smp_concatenate_local(p_cb, &p, SMP_OPCODE_PAIRING_REQ);
553 /* concatinate pres */
554 smp_concatenate_peer(p_cb, &p, SMP_OPCODE_PAIRING_RSP);
555 } else {
556 /* LSB : iat': initiator's address type */
557 UINT8_TO_STREAM(p, addr_type);
558 /* LSB : rat': responder's(local) address type */
559 UINT8_TO_STREAM(p, p_cb->addr_type);
560 /* concatinate preq */
561 smp_concatenate_peer(p_cb, &p, SMP_OPCODE_PAIRING_REQ);
562 /* concatinate pres */
563 smp_concatenate_local(p_cb, &p, SMP_OPCODE_PAIRING_RSP);
564 }
565 #if SMP_DEBUG == TRUE
566 SMP_TRACE_DEBUG("p1 = pres || preq || rat' || iat'\n");
567 smp_debug_print_nbyte_little_endian ((UINT8 *)p1, (const UINT8 *)"P1", 16);
568 #endif
569 }
570
571 /*******************************************************************************
572 **
573 ** Function smp_gen_p2_4_confirm
574 **
575 ** Description Generate Confirm/Compare Step2:
576 ** p2 = padding || ia || ra
577 **
578 ** Returns void
579 **
580 *******************************************************************************/
smp_gen_p2_4_confirm(tSMP_CB * p_cb,BT_OCTET16 p2)581 void smp_gen_p2_4_confirm( tSMP_CB *p_cb, BT_OCTET16 p2)
582 {
583 UINT8 *p = (UINT8 *)p2;
584 BD_ADDR remote_bda;
585 tBLE_ADDR_TYPE addr_type = 0;
586 SMP_TRACE_DEBUG ("smp_gen_p2_4_confirm\n");
587 if (!BTM_ReadRemoteConnectionAddr(p_cb->pairing_bda, remote_bda, &addr_type)) {
588 SMP_TRACE_ERROR("can not generate confirm p2 for unknown device\n");
589 return;
590 }
591
592 SMP_TRACE_DEBUG ("smp_gen_p2_4_confirm\n");
593
594 memset(p, 0, sizeof(BT_OCTET16));
595
596 if (p_cb->role == HCI_ROLE_MASTER) {
597 /* LSB ra */
598 BDADDR_TO_STREAM(p, remote_bda);
599 /* ia */
600 BDADDR_TO_STREAM(p, p_cb->local_bda);
601 } else {
602 /* LSB ra */
603 BDADDR_TO_STREAM(p, p_cb->local_bda);
604 /* ia */
605 BDADDR_TO_STREAM(p, remote_bda);
606 }
607 #if SMP_DEBUG == TRUE
608 SMP_TRACE_DEBUG("p2 = padding || ia || ra");
609 smp_debug_print_nbyte_little_endian(p2, (const UINT8 *)"p2", 16);
610 #endif
611 }
612
613 /*******************************************************************************
614 **
615 ** Function smp_calculate_comfirm
616 **
617 ** Description This function is called to calculate Confirm value.
618 **
619 ** Returns void
620 **
621 *******************************************************************************/
smp_calculate_comfirm(tSMP_CB * p_cb,BT_OCTET16 rand,BD_ADDR bda)622 void smp_calculate_comfirm (tSMP_CB *p_cb, BT_OCTET16 rand, BD_ADDR bda)
623 {
624 UNUSED(bda);
625
626 BT_OCTET16 p1;
627 tSMP_ENC output;
628 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
629
630 SMP_TRACE_DEBUG ("smp_calculate_comfirm \n");
631 /* generate p1 = pres || preq || rat' || iat' */
632 smp_gen_p1_4_confirm(p_cb, p1);
633
634 /* p1 = rand XOR p1 */
635 smp_xor_128(p1, rand);
636
637 smp_debug_print_nbyte_little_endian ((UINT8 *)p1, (const UINT8 *)"P1' = r XOR p1", 16);
638
639 /* calculate e(k, r XOR p1), where k = TK */
640 if (!SMP_Encrypt(p_cb->tk, BT_OCTET16_LEN, p1, BT_OCTET16_LEN, &output)) {
641 SMP_TRACE_ERROR("smp_generate_csrk failed");
642 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
643 } else {
644 smp_calculate_comfirm_cont(p_cb, &output);
645 }
646 }
647
648 /*******************************************************************************
649 **
650 ** Function smp_calculate_comfirm_cont
651 **
652 ** Description This function is called when SConfirm/MConfirm is generated
653 ** proceed to send the Confirm request/response to peer device.
654 **
655 ** Returns void
656 **
657 *******************************************************************************/
smp_calculate_comfirm_cont(tSMP_CB * p_cb,tSMP_ENC * p)658 static void smp_calculate_comfirm_cont(tSMP_CB *p_cb, tSMP_ENC *p)
659 {
660 BT_OCTET16 p2;
661 tSMP_ENC output;
662 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
663
664 SMP_TRACE_DEBUG ("smp_calculate_comfirm_cont \n");
665 #if SMP_DEBUG == TRUE
666 SMP_TRACE_DEBUG("Confirm step 1 p1' = e(k, r XOR p1) Generated\n");
667 smp_debug_print_nbyte_little_endian (p->param_buf, (const UINT8 *)"C1", 16);
668 #endif
669
670 smp_gen_p2_4_confirm(p_cb, p2);
671
672 /* calculate p2 = (p1' XOR p2) */
673 smp_xor_128(p2, p->param_buf);
674 smp_debug_print_nbyte_little_endian ((UINT8 *)p2, (const UINT8 *)"p2' = C1 xor p2", 16);
675
676 /* calculate: Confirm = E(k, p1' XOR p2) */
677 if (!SMP_Encrypt(p_cb->tk, BT_OCTET16_LEN, p2, BT_OCTET16_LEN, &output)) {
678 SMP_TRACE_ERROR("smp_calculate_comfirm_cont failed\n");
679 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
680 } else {
681 SMP_TRACE_DEBUG("p_cb->rand_enc_proc_state=%d\n", p_cb->rand_enc_proc_state);
682 switch (p_cb->rand_enc_proc_state) {
683 case SMP_GEN_CONFIRM:
684 smp_process_confirm(p_cb, &output);
685 break;
686
687 case SMP_GEN_COMPARE:
688 smp_process_compare(p_cb, &output);
689 break;
690 }
691 }
692 }
693
694 /*******************************************************************************
695 **
696 ** Function smp_generate_confirm
697 **
698 ** Description This function is called when a 48 bits random number is generated
699 ** as SRand or MRand, continue to calculate Sconfirm or MConfirm.
700 **
701 ** Returns void
702 **
703 *******************************************************************************/
smp_generate_confirm(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)704 static void smp_generate_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
705 {
706 UNUSED(p_data);
707
708 SMP_TRACE_DEBUG ("%s\n", __func__);
709 p_cb->rand_enc_proc_state = SMP_GEN_CONFIRM;
710 smp_debug_print_nbyte_little_endian ((UINT8 *)p_cb->rand, (const UINT8 *)"local rand", 16);
711 smp_calculate_comfirm(p_cb, p_cb->rand, p_cb->pairing_bda);
712 }
713
714 /*******************************************************************************
715 **
716 ** Function smp_generate_compare
717 **
718 ** Description This function is called to generate SConfirm for Slave device,
719 ** or MSlave for Master device. This function can be also used for
720 ** generating Compare number for confirm value check.
721 **
722 ** Returns void
723 **
724 *******************************************************************************/
smp_generate_compare(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)725 void smp_generate_compare (tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
726 {
727 UNUSED(p_data);
728
729 SMP_TRACE_DEBUG ("smp_generate_compare \n");
730 p_cb->rand_enc_proc_state = SMP_GEN_COMPARE;
731 smp_debug_print_nbyte_little_endian ((UINT8 *)p_cb->rrand, (const UINT8 *)"peer rand", 16);
732 smp_calculate_comfirm(p_cb, p_cb->rrand, p_cb->local_bda);
733 }
734
735 /*******************************************************************************
736 **
737 ** Function smp_process_confirm
738 **
739 ** Description This function is called when SConfirm/MConfirm is generated
740 ** proceed to send the Confirm request/response to peer device.
741 **
742 ** Returns void
743 **
744 *******************************************************************************/
smp_process_confirm(tSMP_CB * p_cb,tSMP_ENC * p)745 static void smp_process_confirm(tSMP_CB *p_cb, tSMP_ENC *p)
746 {
747 tSMP_KEY key;
748
749 SMP_TRACE_DEBUG ("%s\n", __FUNCTION__);
750 memcpy(p_cb->confirm, p->param_buf, BT_OCTET16_LEN);
751
752 #if (SMP_DEBUG == TRUE)
753 SMP_TRACE_DEBUG("Confirm Generated");
754 smp_debug_print_nbyte_little_endian ((UINT8 *)p_cb->confirm, (const UINT8 *)"Confirm", 16);
755 #endif
756
757 key.key_type = SMP_KEY_TYPE_CFM;
758 key.p_data = p->param_buf;
759
760 smp_sm_event(p_cb, SMP_KEY_READY_EVT, &key);
761
762 }
763
764 /*******************************************************************************
765 **
766 ** Function smp_process_compare
767 **
768 ** Description This function is called when Compare is generated using the
769 ** RRand and local BDA, TK information.
770 **
771 ** Returns void
772 **
773 *******************************************************************************/
smp_process_compare(tSMP_CB * p_cb,tSMP_ENC * p)774 static void smp_process_compare(tSMP_CB *p_cb, tSMP_ENC *p)
775 {
776 tSMP_KEY key;
777
778 SMP_TRACE_DEBUG ("smp_process_compare \n");
779 #if (SMP_DEBUG == TRUE)
780 SMP_TRACE_DEBUG("Compare Generated\n");
781 smp_debug_print_nbyte_little_endian (p->param_buf, (const UINT8 *)"Compare", 16);
782 #endif
783 key.key_type = SMP_KEY_TYPE_CMP;
784 key.p_data = p->param_buf;
785 //smp_set_state(SMP_STATE_CONFIRM);
786 smp_sm_event(p_cb, SMP_KEY_READY_EVT, &key);
787 }
788
789 /*******************************************************************************
790 **
791 ** Function smp_process_stk
792 **
793 ** Description This function is called when STK is generated
794 ** proceed to send the encrypt the link using STK.
795 **
796 ** Returns void
797 **
798 *******************************************************************************/
smp_process_stk(tSMP_CB * p_cb,tSMP_ENC * p)799 static void smp_process_stk(tSMP_CB *p_cb, tSMP_ENC *p)
800 {
801 tSMP_KEY key;
802
803 SMP_TRACE_DEBUG ("smp_process_stk ");
804 #if (SMP_DEBUG == TRUE)
805 SMP_TRACE_ERROR("STK Generated");
806 #endif
807 smp_mask_enc_key(p_cb->loc_enc_size, p->param_buf);
808
809 key.key_type = SMP_KEY_TYPE_STK;
810 key.p_data = p->param_buf;
811
812 smp_sm_event(p_cb, SMP_KEY_READY_EVT, &key);
813 }
814
815 /*******************************************************************************
816 **
817 ** Function smp_generate_ltk_cont
818 **
819 ** Description This function is to calculate LTK = d1(ER, DIV, 0)= e(ER, DIV)
820 **
821 ** Returns void
822 **
823 *******************************************************************************/
smp_generate_ltk_cont(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)824 static void smp_generate_ltk_cont(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
825 {
826 UNUSED(p_data);
827
828 BT_OCTET16 er;
829 tSMP_ENC output;
830 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
831
832 SMP_TRACE_DEBUG ("%s\n", __func__);
833 BTM_GetDeviceEncRoot(er);
834
835 /* LTK = d1(ER, DIV, 0)= e(ER, DIV)*/
836 if (!SMP_Encrypt(er, BT_OCTET16_LEN, (UINT8 *)&p_cb->div,
837 sizeof(UINT16), &output)) {
838 SMP_TRACE_ERROR("%s failed\n", __func__);
839 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
840 } else {
841 /* mask the LTK */
842 smp_mask_enc_key(p_cb->loc_enc_size, output.param_buf);
843 memcpy((void *)p_cb->ltk, output.param_buf, BT_OCTET16_LEN);
844 smp_generate_rand_vector(p_cb, NULL);
845 }
846 }
847
848 /*******************************************************************************
849 **
850 ** Function smp_generate_y
851 **
852 ** Description This function is to proceed generate Y = E(DHK, Rand)
853 **
854 ** Returns void
855 **
856 *******************************************************************************/
smp_generate_y(tSMP_CB * p_cb,tSMP_INT_DATA * p)857 static void smp_generate_y(tSMP_CB *p_cb, tSMP_INT_DATA *p)
858 {
859 UNUSED(p);
860
861 BT_OCTET16 dhk;
862 tSMP_ENC output;
863 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
864
865
866 SMP_TRACE_DEBUG ("smp_generate_y \n");
867 BTM_GetDeviceDHK(dhk);
868
869 if (!SMP_Encrypt(dhk, BT_OCTET16_LEN, p_cb->enc_rand,
870 BT_OCTET8_LEN, &output)) {
871 SMP_TRACE_ERROR("smp_generate_y failed");
872 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
873 } else {
874 smp_process_ediv(p_cb, &output);
875 }
876 }
877
878 /*******************************************************************************
879 **
880 ** Function smp_generate_rand_vector
881 **
882 ** Description This function is called when LTK is generated, send state machine
883 ** event to SMP.
884 **
885 ** Returns void
886 **
887 *******************************************************************************/
smp_generate_rand_vector(tSMP_CB * p_cb,tSMP_INT_DATA * p)888 static void smp_generate_rand_vector (tSMP_CB *p_cb, tSMP_INT_DATA *p)
889 {
890 UNUSED(p);
891
892 /* generate EDIV and rand now */
893 /* generate random vector */
894 SMP_TRACE_DEBUG ("smp_generate_rand_vector\n");
895 p_cb->rand_enc_proc_state = SMP_GEN_RAND_V;
896 if (!btsnd_hcic_ble_rand((void *)smp_rand_back)) {
897 smp_rand_back(NULL);
898 }
899 }
900
901 /*******************************************************************************
902 **
903 ** Function smp_process_ediv
904 **
905 ** Description This function is to calculate EDIV = Y xor DIV
906 **
907 ** Returns void
908 **
909 *******************************************************************************/
smp_process_ediv(tSMP_CB * p_cb,tSMP_ENC * p)910 static void smp_process_ediv(tSMP_CB *p_cb, tSMP_ENC *p)
911 {
912 tSMP_KEY key;
913 UINT8 *pp = p->param_buf;
914 UINT16 y;
915
916 SMP_TRACE_DEBUG ("smp_process_ediv ");
917 STREAM_TO_UINT16(y, pp);
918
919 /* EDIV = Y xor DIV */
920 p_cb->ediv = p_cb->div ^ y;
921 /* send LTK ready */
922 SMP_TRACE_DEBUG("LTK ready");
923 key.key_type = SMP_KEY_TYPE_LTK;
924 key.p_data = p->param_buf;
925
926 smp_sm_event(p_cb, SMP_KEY_READY_EVT, &key);
927 }
928
929 /*******************************************************************************
930 **
931 ** Function smp_calculate_legacy_short_term_key
932 **
933 ** Description The function calculates legacy STK.
934 **
935 ** Returns FALSE if out of resources, TRUE in other cases.
936 **
937 *******************************************************************************/
smp_calculate_legacy_short_term_key(tSMP_CB * p_cb,tSMP_ENC * output)938 BOOLEAN smp_calculate_legacy_short_term_key(tSMP_CB *p_cb, tSMP_ENC *output)
939 {
940 BT_OCTET16 ptext;
941 UINT8 *p = ptext;
942
943 SMP_TRACE_DEBUG ("%s\n", __func__);
944 memset(p, 0, BT_OCTET16_LEN);
945 if (p_cb->role == HCI_ROLE_MASTER) {
946 memcpy(p, p_cb->rand, BT_OCTET8_LEN);
947 memcpy(&p[BT_OCTET8_LEN], p_cb->rrand, BT_OCTET8_LEN);
948 } else {
949 memcpy(p, p_cb->rrand, BT_OCTET8_LEN);
950 memcpy(&p[BT_OCTET8_LEN], p_cb->rand, BT_OCTET8_LEN);
951 }
952
953 BOOLEAN encrypted;
954 /* generate STK = Etk(rand|rrand)*/
955 encrypted = SMP_Encrypt( p_cb->tk, BT_OCTET16_LEN, ptext, BT_OCTET16_LEN, output);
956 if (!encrypted) {
957 SMP_TRACE_ERROR("%s failed\n", __func__);
958 }
959 return encrypted;
960 }
961
962 /*******************************************************************************
963 **
964 ** Function smp_create_private_key
965 **
966 ** Description This function is called to create private key used to
967 ** calculate public key and DHKey.
968 ** The function starts private key creation requesting controller
969 ** to generate [0-7] octets of private key.
970 **
971 ** Returns void
972 **
973 *******************************************************************************/
smp_create_private_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)974 void smp_create_private_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
975 {
976 SMP_TRACE_DEBUG ("%s", __FUNCTION__);
977 p_cb->rand_enc_proc_state = SMP_GENERATE_PRIVATE_KEY_0_7;
978 if (!btsnd_hcic_ble_rand((void *)smp_rand_back)) {
979 smp_rand_back(NULL);
980 }
981 }
982
983 /*******************************************************************************
984 **
985 ** Function smp_use_oob_private_key
986 **
987 ** Description This function is called
988 ** - to save the secret key used to calculate the public key used
989 ** in calculations of commitment sent OOB to a peer
990 ** - to use this secret key to recalculate the public key and
991 ** start the process of sending this public key to the peer
992 ** if secret/public keys have to be reused.
993 ** If the keys aren't supposed to be reused, continue from the
994 ** point from which request for OOB data was issued.
995 **
996 ** Returns void
997 **
998 *******************************************************************************/
smp_use_oob_private_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)999 void smp_use_oob_private_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1000 {
1001 SMP_TRACE_DEBUG ("%s req_oob_type: %d, role: %d\n",
1002 __func__, p_cb->req_oob_type, p_cb->role);
1003
1004 switch (p_cb->req_oob_type) {
1005 case SMP_OOB_BOTH:
1006 case SMP_OOB_LOCAL:
1007 SMP_TRACE_DEBUG("%s restore secret key\n", __func__);
1008 memcpy(p_cb->private_key, p_cb->sc_oob_data.loc_oob_data.private_key_used, BT_OCTET32_LEN);
1009 smp_process_private_key(p_cb);
1010 break;
1011 default:
1012 SMP_TRACE_DEBUG("%s create secret key anew\n", __func__);
1013 smp_set_state(SMP_STATE_PAIR_REQ_RSP);
1014 smp_decide_association_model(p_cb, NULL);
1015 break;
1016 }
1017 }
1018
1019 /*******************************************************************************
1020 **
1021 ** Function smp_continue_private_key_creation
1022 **
1023 ** Description This function is used to continue private key creation.
1024 **
1025 ** Returns void
1026 **
1027 *******************************************************************************/
smp_continue_private_key_creation(tSMP_CB * p_cb,tBTM_RAND_ENC * p)1028 void smp_continue_private_key_creation (tSMP_CB *p_cb, tBTM_RAND_ENC *p)
1029 {
1030 UINT8 state = p_cb->rand_enc_proc_state & ~0x80;
1031 SMP_TRACE_DEBUG ("%s state=0x%x\n", __func__, state);
1032
1033 switch (state) {
1034 case SMP_GENERATE_PRIVATE_KEY_0_7:
1035 memcpy((void *)p_cb->private_key, p->param_buf, p->param_len);
1036 p_cb->rand_enc_proc_state = SMP_GENERATE_PRIVATE_KEY_8_15;
1037 if (!btsnd_hcic_ble_rand((void *)smp_rand_back)) {
1038 smp_rand_back(NULL);
1039 }
1040 break;
1041
1042 case SMP_GENERATE_PRIVATE_KEY_8_15:
1043 memcpy((void *)&p_cb->private_key[8], p->param_buf, p->param_len);
1044 p_cb->rand_enc_proc_state = SMP_GENERATE_PRIVATE_KEY_16_23;
1045 if (!btsnd_hcic_ble_rand((void *)smp_rand_back)) {
1046 smp_rand_back(NULL);
1047 }
1048 break;
1049
1050 case SMP_GENERATE_PRIVATE_KEY_16_23:
1051 memcpy((void *)&p_cb->private_key[16], p->param_buf, p->param_len);
1052 p_cb->rand_enc_proc_state = SMP_GENERATE_PRIVATE_KEY_24_31;
1053 if (!btsnd_hcic_ble_rand((void *)smp_rand_back)) {
1054 smp_rand_back(NULL);
1055 }
1056 break;
1057
1058 case SMP_GENERATE_PRIVATE_KEY_24_31:
1059 memcpy((void *)&p_cb->private_key[24], p->param_buf, p->param_len);
1060 smp_process_private_key (p_cb);
1061 break;
1062
1063 default:
1064 break;
1065 }
1066
1067 return;
1068 }
1069
1070 /*******************************************************************************
1071 **
1072 ** Function smp_process_private_key
1073 **
1074 ** Description This function processes private key.
1075 ** It calculates public key and notifies SM that private key /
1076 ** public key pair is created.
1077 **
1078 ** Returns void
1079 **
1080 *******************************************************************************/
smp_process_private_key(tSMP_CB * p_cb)1081 void smp_process_private_key(tSMP_CB *p_cb)
1082 {
1083 Point public_key;
1084 BT_OCTET32 private_key;
1085
1086 SMP_TRACE_DEBUG ("%s", __FUNCTION__);
1087
1088 memcpy(private_key, p_cb->private_key, BT_OCTET32_LEN);
1089 ECC_PointMult(&public_key, &(curve_p256.G), (DWORD *) private_key, KEY_LENGTH_DWORDS_P256);
1090 memcpy(p_cb->loc_publ_key.x, public_key.x, BT_OCTET32_LEN);
1091 memcpy(p_cb->loc_publ_key.y, public_key.y, BT_OCTET32_LEN);
1092
1093 smp_debug_print_nbyte_little_endian (p_cb->private_key, (const UINT8 *)"private",
1094 BT_OCTET32_LEN);
1095 smp_debug_print_nbyte_little_endian (p_cb->loc_publ_key.x, (const UINT8 *)"local public(x)",
1096 BT_OCTET32_LEN);
1097 smp_debug_print_nbyte_little_endian (p_cb->loc_publ_key.y, (const UINT8 *)"local public(y)",
1098 BT_OCTET32_LEN);
1099 p_cb->flags |= SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY;
1100 smp_sm_event(p_cb, SMP_LOC_PUBL_KEY_CRTD_EVT, NULL);
1101 }
1102
1103 /*******************************************************************************
1104 **
1105 ** Function smp_compute_dhkey
1106 **
1107 ** Description The function:
1108 ** - calculates a new public key using as input local private
1109 ** key and peer public key;
1110 ** - saves the new public key x-coordinate as DHKey.
1111 **
1112 ** Returns void
1113 **
1114 *******************************************************************************/
smp_compute_dhkey(tSMP_CB * p_cb)1115 void smp_compute_dhkey (tSMP_CB *p_cb)
1116 {
1117 Point peer_publ_key, new_publ_key;
1118 BT_OCTET32 private_key;
1119
1120 SMP_TRACE_DEBUG ("%s\n", __FUNCTION__);
1121
1122 memcpy(private_key, p_cb->private_key, BT_OCTET32_LEN);
1123 memcpy(peer_publ_key.x, p_cb->peer_publ_key.x, BT_OCTET32_LEN);
1124 memcpy(peer_publ_key.y, p_cb->peer_publ_key.y, BT_OCTET32_LEN);
1125
1126 ECC_PointMult(&new_publ_key, &peer_publ_key, (DWORD *) private_key, KEY_LENGTH_DWORDS_P256);
1127
1128 memcpy(p_cb->dhkey, new_publ_key.x, BT_OCTET32_LEN);
1129
1130 smp_debug_print_nbyte_little_endian (p_cb->dhkey, (const UINT8 *)"Old DHKey",
1131 BT_OCTET32_LEN);
1132
1133 smp_debug_print_nbyte_little_endian (p_cb->private_key, (const UINT8 *)"private",
1134 BT_OCTET32_LEN);
1135 smp_debug_print_nbyte_little_endian (p_cb->peer_publ_key.x, (const UINT8 *)"rem public(x)",
1136 BT_OCTET32_LEN);
1137 smp_debug_print_nbyte_little_endian (p_cb->peer_publ_key.y, (const UINT8 *)"rem public(y)",
1138 BT_OCTET32_LEN);
1139 smp_debug_print_nbyte_little_endian (p_cb->dhkey, (const UINT8 *)"Reverted DHKey",
1140 BT_OCTET32_LEN);
1141 }
1142
1143 /*******************************************************************************
1144 **
1145 ** Function smp_calculate_local_commitment
1146 **
1147 ** Description The function calculates and saves local commmitment in CB.
1148 **
1149 ** Returns void
1150 **
1151 *******************************************************************************/
smp_calculate_local_commitment(tSMP_CB * p_cb)1152 void smp_calculate_local_commitment(tSMP_CB *p_cb)
1153 {
1154 UINT8 random_input;
1155
1156 SMP_TRACE_DEBUG("%s\n", __FUNCTION__);
1157
1158 switch (p_cb->selected_association_model) {
1159 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1160 case SMP_MODEL_SEC_CONN_NUM_COMP:
1161 if (p_cb->role == HCI_ROLE_MASTER) {
1162 SMP_TRACE_WARNING ("local commitment calc on master is not expected \
1163 for Just Works/Numeric Comparison models\n");
1164 }
1165 smp_calculate_f4(p_cb->loc_publ_key.x, p_cb->peer_publ_key.x, p_cb->rand, 0,
1166 p_cb->commitment);
1167 break;
1168 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1169 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1170 random_input = smp_calculate_random_input(p_cb->local_random, p_cb->round);
1171 smp_calculate_f4(p_cb->loc_publ_key.x, p_cb->peer_publ_key.x, p_cb->rand,
1172 random_input, p_cb->commitment);
1173 break;
1174 case SMP_MODEL_SEC_CONN_OOB:
1175 SMP_TRACE_WARNING ("local commitment calc is expected for OOB model BEFORE pairing\n");
1176 smp_calculate_f4(p_cb->loc_publ_key.x, p_cb->loc_publ_key.x, p_cb->local_random, 0,
1177 p_cb->commitment);
1178 break;
1179 default:
1180 SMP_TRACE_ERROR("Association Model = %d is not used in LE SC\n",
1181 p_cb->selected_association_model);
1182 return;
1183 }
1184
1185 SMP_TRACE_EVENT ("local commitment calculation is completed");
1186 }
1187
1188 /*******************************************************************************
1189 **
1190 ** Function smp_calculate_peer_commitment
1191 **
1192 ** Description The function calculates and saves peer commmitment at the
1193 ** provided output buffer.
1194 **
1195 ** Returns void
1196 **
1197 *******************************************************************************/
smp_calculate_peer_commitment(tSMP_CB * p_cb,BT_OCTET16 output_buf)1198 void smp_calculate_peer_commitment(tSMP_CB *p_cb, BT_OCTET16 output_buf)
1199 {
1200 UINT8 ri;
1201
1202 SMP_TRACE_DEBUG ("%s", __FUNCTION__);
1203
1204 switch (p_cb->selected_association_model) {
1205 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1206 case SMP_MODEL_SEC_CONN_NUM_COMP:
1207 if (p_cb->role == HCI_ROLE_SLAVE) {
1208 SMP_TRACE_WARNING ("peer commitment calc on slave is not expected \
1209 for Just Works/Numeric Comparison models\n");
1210 }
1211 smp_calculate_f4(p_cb->peer_publ_key.x, p_cb->loc_publ_key.x, p_cb->rrand, 0,
1212 output_buf);
1213 break;
1214 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1215 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1216 ri = smp_calculate_random_input(p_cb->peer_random, p_cb->round);
1217 smp_calculate_f4(p_cb->peer_publ_key.x, p_cb->loc_publ_key.x, p_cb->rrand, ri,
1218 output_buf);
1219 break;
1220 case SMP_MODEL_SEC_CONN_OOB:
1221 smp_calculate_f4(p_cb->peer_publ_key.x, p_cb->peer_publ_key.x, p_cb->peer_random, 0,
1222 output_buf);
1223 break;
1224 default:
1225 SMP_TRACE_ERROR("Association Model = %d is not used in LE SC\n",
1226 p_cb->selected_association_model);
1227 return;
1228 }
1229
1230 SMP_TRACE_EVENT ("peer commitment calculation is completed\n");
1231 }
1232
1233 /*******************************************************************************
1234 **
1235 ** Function smp_calculate_f4
1236 **
1237 ** Description The function calculates
1238 ** C = f4(U, V, X, Z) = AES-CMAC (U||V||Z)
1239 ** X
1240 ** where
1241 ** input: U is 256 bit,
1242 ** V is 256 bit,
1243 ** X is 128 bit,
1244 ** Z is 8 bit,
1245 ** output: C is 128 bit.
1246 **
1247 ** Returns void
1248 **
1249 ** Note The LSB is the first octet, the MSB is the last octet of
1250 ** the AES-CMAC input/output stream.
1251 **
1252 *******************************************************************************/
smp_calculate_f4(UINT8 * u,UINT8 * v,UINT8 * x,UINT8 z,UINT8 * c)1253 void smp_calculate_f4(UINT8 *u, UINT8 *v, UINT8 *x, UINT8 z, UINT8 *c)
1254 {
1255 UINT8 msg_len = BT_OCTET32_LEN /* U size */ + BT_OCTET32_LEN /* V size */ + 1 /* Z size */;
1256 UINT8 msg[BT_OCTET32_LEN + BT_OCTET32_LEN + 1];
1257 UINT8 key[BT_OCTET16_LEN];
1258 UINT8 cmac[BT_OCTET16_LEN];
1259 UINT8 *p = NULL;
1260 #if SMP_DEBUG == TRUE
1261 UINT8 *p_prnt = NULL;
1262 #endif
1263
1264 SMP_TRACE_DEBUG ("%s", __FUNCTION__);
1265
1266 #if SMP_DEBUG == TRUE
1267 p_prnt = u;
1268 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"U", BT_OCTET32_LEN);
1269 p_prnt = v;
1270 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"V", BT_OCTET32_LEN);
1271 p_prnt = x;
1272 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"X", BT_OCTET16_LEN);
1273 p_prnt = &z;
1274 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"Z", 1);
1275 #endif
1276
1277 p = msg;
1278 UINT8_TO_STREAM(p, z);
1279 ARRAY_TO_STREAM(p, v, BT_OCTET32_LEN);
1280 ARRAY_TO_STREAM(p, u, BT_OCTET32_LEN);
1281 #if SMP_DEBUG == TRUE
1282 p_prnt = msg;
1283 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"M", msg_len);
1284 #endif
1285
1286 p = key;
1287 ARRAY_TO_STREAM(p, x, BT_OCTET16_LEN);
1288 #if SMP_DEBUG == TRUE
1289 p_prnt = key;
1290 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"K", BT_OCTET16_LEN);
1291 #endif
1292
1293 aes_cipher_msg_auth_code(key, msg, msg_len, BT_OCTET16_LEN, cmac);
1294 #if SMP_DEBUG == TRUE
1295 p_prnt = cmac;
1296 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"AES_CMAC", BT_OCTET16_LEN);
1297 #endif
1298
1299 p = c;
1300 ARRAY_TO_STREAM(p, cmac, BT_OCTET16_LEN);
1301 }
1302
1303 /*******************************************************************************
1304 **
1305 ** Function smp_calculate_numeric_comparison_display_number
1306 **
1307 ** Description The function calculates and saves number to display in numeric
1308 ** comparison association mode.
1309 **
1310 ** Returns void
1311 **
1312 *******************************************************************************/
smp_calculate_numeric_comparison_display_number(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1313 void smp_calculate_numeric_comparison_display_number(tSMP_CB *p_cb,
1314 tSMP_INT_DATA *p_data)
1315 {
1316 SMP_TRACE_DEBUG ("%s", __func__);
1317
1318 if (p_cb->role == HCI_ROLE_MASTER) {
1319 p_cb->number_to_display =
1320 smp_calculate_g2(p_cb->loc_publ_key.x, p_cb->peer_publ_key.x, p_cb->rand,
1321 p_cb->rrand);
1322 } else {
1323 p_cb->number_to_display =
1324 smp_calculate_g2(p_cb->peer_publ_key.x, p_cb->loc_publ_key.x, p_cb->rrand,
1325 p_cb->rand);
1326 }
1327
1328 if (p_cb->number_to_display >= (BTM_MAX_PASSKEY_VAL + 1)) {
1329 UINT8 reason;
1330 reason = p_cb->failure = SMP_PAIR_FAIL_UNKNOWN;
1331 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1332 return;
1333 }
1334
1335 SMP_TRACE_EVENT("Number to display in numeric comparison = %d", p_cb->number_to_display);
1336 p_cb->cb_evt = SMP_NC_REQ_EVT;
1337 smp_sm_event(p_cb, SMP_SC_DSPL_NC_EVT, &p_cb->number_to_display);
1338 return;
1339 }
1340
1341 /*******************************************************************************
1342 **
1343 ** Function smp_calculate_g2
1344 **
1345 ** Description The function calculates
1346 ** g2(U, V, X, Y) = AES-CMAC (U||V||Y) mod 2**32 mod 10**6
1347 ** X
1348 ** and
1349 ** Vres = g2(U, V, X, Y) mod 10**6
1350 ** where
1351 ** input: U is 256 bit,
1352 ** V is 256 bit,
1353 ** X is 128 bit,
1354 ** Y is 128 bit,
1355 **
1356 ** Returns Vres.
1357 ** Expected value has to be in the range [0 - 999999] i.e. [0 - 0xF423F].
1358 ** Vres = 1000000 means that the calculation fails.
1359 **
1360 ** Note The LSB is the first octet, the MSB is the last octet of
1361 ** the AES-CMAC input/output stream.
1362 **
1363 *******************************************************************************/
smp_calculate_g2(UINT8 * u,UINT8 * v,UINT8 * x,UINT8 * y)1364 UINT32 smp_calculate_g2(UINT8 *u, UINT8 *v, UINT8 *x, UINT8 *y)
1365 {
1366 UINT8 msg_len = BT_OCTET32_LEN /* U size */ + BT_OCTET32_LEN /* V size */
1367 + BT_OCTET16_LEN /* Y size */;
1368 UINT8 msg[BT_OCTET32_LEN + BT_OCTET32_LEN + BT_OCTET16_LEN];
1369 UINT8 key[BT_OCTET16_LEN];
1370 UINT8 cmac[BT_OCTET16_LEN];
1371 UINT8 *p = NULL;
1372 UINT32 vres;
1373 #if SMP_DEBUG == TRUE
1374 UINT8 *p_prnt = NULL;
1375 #endif
1376
1377 SMP_TRACE_DEBUG ("%s\n", __FUNCTION__);
1378
1379 p = msg;
1380 ARRAY_TO_STREAM(p, y, BT_OCTET16_LEN);
1381 ARRAY_TO_STREAM(p, v, BT_OCTET32_LEN);
1382 ARRAY_TO_STREAM(p, u, BT_OCTET32_LEN);
1383 #if SMP_DEBUG == TRUE
1384 p_prnt = u;
1385 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"U", BT_OCTET32_LEN);
1386 p_prnt = v;
1387 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"V", BT_OCTET32_LEN);
1388 p_prnt = x;
1389 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"X", BT_OCTET16_LEN);
1390 p_prnt = y;
1391 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"Y", BT_OCTET16_LEN);
1392 #endif
1393
1394 p = key;
1395 ARRAY_TO_STREAM(p, x, BT_OCTET16_LEN);
1396 #if SMP_DEBUG == TRUE
1397 p_prnt = key;
1398 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"K", BT_OCTET16_LEN);
1399 #endif
1400
1401 if (!aes_cipher_msg_auth_code(key, msg, msg_len, BT_OCTET16_LEN, cmac)) {
1402 SMP_TRACE_ERROR("%s failed", __FUNCTION__);
1403 return (BTM_MAX_PASSKEY_VAL + 1);
1404 }
1405
1406 #if SMP_DEBUG == TRUE
1407 p_prnt = cmac;
1408 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"AES-CMAC", BT_OCTET16_LEN);
1409 #endif
1410
1411 /* vres = cmac mod 2**32 mod 10**6 */
1412 p = &cmac[0];
1413 STREAM_TO_UINT32(vres, p);
1414 #if SMP_DEBUG == TRUE
1415 p_prnt = (UINT8 *) &vres;
1416 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"cmac mod 2**32", 4);
1417 #endif
1418
1419 while (vres > BTM_MAX_PASSKEY_VAL) {
1420 vres -= (BTM_MAX_PASSKEY_VAL + 1);
1421 }
1422 #if SMP_DEBUG == TRUE
1423 p_prnt = (UINT8 *) &vres;
1424 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"cmac mod 2**32 mod 10**6", 4);
1425 #endif
1426
1427 SMP_TRACE_ERROR("Value for numeric comparison = %d", vres);
1428 return vres;
1429 }
1430
1431 /*******************************************************************************
1432 **
1433 ** Function smp_calculate_f5
1434 **
1435 ** Description The function provides two AES-CMAC that are supposed to be used as
1436 ** - MacKey (MacKey is used in pairing DHKey check calculation);
1437 ** - LTK (LTK is used to ecrypt the link after completion of Phase 2
1438 ** and on reconnection, to derive BR/EDR LK).
1439 ** The function inputs are W, N1, N2, A1, A2.
1440 ** F5 rules:
1441 ** - the value used as key in MacKey/LTK (T) is calculated
1442 ** (function smp_calculate_f5_key(...));
1443 ** The formula is:
1444 ** T = AES-CMAC (W)
1445 ** salt
1446 ** where salt is internal parameter of smp_calculate_f5_key(...).
1447 ** - MacKey and LTK are calculated as AES-MAC values received with the
1448 ** key T calculated in the previous step and the plaintext message
1449 ** built from the external parameters N1, N2, A1, A2 and the internal
1450 ** parameters counter, keyID, length.
1451 ** The function smp_calculate_f5_mackey_or_long_term_key(...) is used in the
1452 ** calculations.
1453 ** The same formula is used in calculation of MacKey and LTK and the
1454 ** same parameter values except the value of the internal parameter
1455 ** counter:
1456 ** - in MacKey calculations the value is 0;
1457 ** - in LTK calculations the value is 1.
1458 ** MacKey = AES-CMAC (Counter=0||keyID||N1||N2||A1||A2||Length=256)
1459 ** T
1460 ** LTK = AES-CMAC (Counter=1||keyID||N1||N2||A1||A2||Length=256)
1461 ** T
1462 ** The parameters are
1463 ** input:
1464 ** W is 256 bits,
1465 ** N1 is 128 bits,
1466 ** N2 is 128 bits,
1467 ** A1 is 56 bit,
1468 ** A2 is 56 bit.
1469 ** internal:
1470 ** Counter is 8 bits, its value is 0 for MacKey,
1471 ** 1 for LTK;
1472 ** KeyId is 32 bits, its value is
1473 ** 0x62746c65 (MSB~LSB);
1474 ** Length is 16 bits, its value is 0x0100
1475 ** (MSB~LSB).
1476 ** output:
1477 ** MacKey is 128 bits;
1478 ** LTK is 128 bits
1479 **
1480 ** Returns FALSE if out of resources, TRUE in other cases.
1481 **
1482 ** Note The LSB is the first octet, the MSB is the last octet of
1483 ** the AES-CMAC input/output stream.
1484 **
1485 *******************************************************************************/
smp_calculate_f5(UINT8 * w,UINT8 * n1,UINT8 * n2,UINT8 * a1,UINT8 * a2,UINT8 * mac_key,UINT8 * ltk)1486 BOOLEAN smp_calculate_f5(UINT8 *w, UINT8 *n1, UINT8 *n2, UINT8 *a1, UINT8 *a2,
1487 UINT8 *mac_key, UINT8 *ltk)
1488 {
1489 BT_OCTET16 t; /* AES-CMAC output in smp_calculate_f5_key(...), key in */
1490 /* smp_calculate_f5_mackey_or_long_term_key(...) */
1491 #if SMP_DEBUG == TRUE
1492 UINT8 *p_prnt = NULL;
1493 #endif
1494 /* internal parameters: */
1495
1496 /*
1497 counter is 0 for MacKey,
1498 is 1 for LTK
1499 */
1500 UINT8 counter_mac_key[1] = {0};
1501 UINT8 counter_ltk[1] = {1};
1502 /*
1503 keyID 62746c65
1504 */
1505 UINT8 key_id[4] = {0x65, 0x6c, 0x74, 0x62};
1506 /*
1507 length 0100
1508 */
1509 UINT8 length[2] = {0x00, 0x01};
1510
1511 SMP_TRACE_DEBUG ("%s", __FUNCTION__);
1512 #if SMP_DEBUG == TRUE
1513 p_prnt = w;
1514 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"W", BT_OCTET32_LEN);
1515 p_prnt = n1;
1516 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"N1", BT_OCTET16_LEN);
1517 p_prnt = n2;
1518 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"N2", BT_OCTET16_LEN);
1519 p_prnt = a1;
1520 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"A1", 7);
1521 p_prnt = a2;
1522 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *) "A2", 7);
1523 #endif
1524
1525 if (!smp_calculate_f5_key(w, t)) {
1526 SMP_TRACE_ERROR("%s failed to calc T", __FUNCTION__);
1527 return FALSE;
1528 }
1529 #if SMP_DEBUG == TRUE
1530 p_prnt = t;
1531 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"T", BT_OCTET16_LEN);
1532 #endif
1533
1534 if (!smp_calculate_f5_mackey_or_long_term_key(t, counter_mac_key, key_id, n1, n2, a1, a2,
1535 length, mac_key)) {
1536 SMP_TRACE_ERROR("%s failed to calc MacKey", __FUNCTION__);
1537 return FALSE;
1538 }
1539 #if SMP_DEBUG == TRUE
1540 p_prnt = mac_key;
1541 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"MacKey", BT_OCTET16_LEN);
1542 #endif
1543
1544 if (!smp_calculate_f5_mackey_or_long_term_key(t, counter_ltk, key_id, n1, n2, a1, a2,
1545 length, ltk)) {
1546 SMP_TRACE_ERROR("%s failed to calc LTK", __FUNCTION__);
1547 return FALSE;
1548 }
1549 #if SMP_DEBUG == TRUE
1550 p_prnt = ltk;
1551 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"LTK", BT_OCTET16_LEN);
1552 #endif
1553
1554 return TRUE;
1555 }
1556
1557 /*******************************************************************************
1558 **
1559 ** Function smp_calculate_f5_mackey_or_long_term_key
1560 **
1561 ** Description The function calculates the value of MacKey or LTK by the rules
1562 ** defined for f5 function.
1563 ** At the moment exactly the same formula is used to calculate
1564 ** LTK and MacKey.
1565 ** The difference is the value of input parameter Counter:
1566 ** - in MacKey calculations the value is 0;
1567 ** - in LTK calculations the value is 1.
1568 ** The formula:
1569 ** mac = AES-CMAC (Counter||keyID||N1||N2||A1||A2||Length)
1570 ** T
1571 ** where
1572 ** input: T is 256 bits;
1573 ** Counter is 8 bits, its value is 0 for MacKey,
1574 ** 1 for LTK;
1575 ** keyID is 32 bits, its value is 0x62746c65;
1576 ** N1 is 128 bits;
1577 ** N2 is 128 bits;
1578 ** A1 is 56 bits;
1579 ** A2 is 56 bits;
1580 ** Length is 16 bits, its value is 0x0100
1581 ** output: LTK is 128 bit.
1582 **
1583 ** Returns FALSE if out of resources, TRUE in other cases.
1584 **
1585 ** Note The LSB is the first octet, the MSB is the last octet of
1586 ** the AES-CMAC input/output stream.
1587 **
1588 *******************************************************************************/
smp_calculate_f5_mackey_or_long_term_key(UINT8 * t,UINT8 * counter,UINT8 * key_id,UINT8 * n1,UINT8 * n2,UINT8 * a1,UINT8 * a2,UINT8 * length,UINT8 * mac)1589 BOOLEAN smp_calculate_f5_mackey_or_long_term_key(UINT8 *t, UINT8 *counter,
1590 UINT8 *key_id, UINT8 *n1, UINT8 *n2, UINT8 *a1, UINT8 *a2,
1591 UINT8 *length, UINT8 *mac)
1592 {
1593 UINT8 *p = NULL;
1594 UINT8 cmac[BT_OCTET16_LEN];
1595 UINT8 key[BT_OCTET16_LEN];
1596 UINT8 msg_len = 1 /* Counter size */ + 4 /* keyID size */ +
1597 BT_OCTET16_LEN /* N1 size */ + BT_OCTET16_LEN /* N2 size */ +
1598 7 /* A1 size*/ + 7 /* A2 size*/ + 2 /* Length size */;
1599 UINT8 msg[1 + 4 + BT_OCTET16_LEN + BT_OCTET16_LEN + 7 + 7 + 2];
1600 BOOLEAN ret = TRUE;
1601 #if SMP_DEBUG == TRUE
1602 UINT8 *p_prnt = NULL;
1603 #endif
1604
1605 SMP_TRACE_DEBUG ("%s", __FUNCTION__);
1606 #if SMP_DEBUG == TRUE
1607 p_prnt = t;
1608 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"T", BT_OCTET16_LEN);
1609 p_prnt = counter;
1610 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"Counter", 1);
1611 p_prnt = key_id;
1612 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"KeyID", 4);
1613 p_prnt = n1;
1614 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"N1", BT_OCTET16_LEN);
1615 p_prnt = n2;
1616 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"N2", BT_OCTET16_LEN);
1617 p_prnt = a1;
1618 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"A1", 7);
1619 p_prnt = a2;
1620 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"A2", 7);
1621 p_prnt = length;
1622 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"Length", 2);
1623 #endif
1624
1625 p = key;
1626 ARRAY_TO_STREAM(p, t, BT_OCTET16_LEN);
1627 #if SMP_DEBUG == TRUE
1628 p_prnt = key;
1629 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"K", BT_OCTET16_LEN);
1630 #endif
1631 p = msg;
1632 ARRAY_TO_STREAM(p, length, 2);
1633 ARRAY_TO_STREAM(p, a2, 7);
1634 ARRAY_TO_STREAM(p, a1, 7);
1635 ARRAY_TO_STREAM(p, n2, BT_OCTET16_LEN);
1636 ARRAY_TO_STREAM(p, n1, BT_OCTET16_LEN);
1637 ARRAY_TO_STREAM(p, key_id, 4);
1638 ARRAY_TO_STREAM(p, counter, 1);
1639 #if SMP_DEBUG == TRUE
1640 p_prnt = msg;
1641 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"M", msg_len);
1642 #endif
1643
1644 if (!aes_cipher_msg_auth_code(key, msg, msg_len, BT_OCTET16_LEN, cmac)) {
1645 SMP_TRACE_ERROR("%s failed", __FUNCTION__);
1646 ret = FALSE;
1647 }
1648
1649 #if SMP_DEBUG == TRUE
1650 p_prnt = cmac;
1651 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"AES-CMAC", BT_OCTET16_LEN);
1652 #endif
1653
1654 p = mac;
1655 ARRAY_TO_STREAM(p, cmac, BT_OCTET16_LEN);
1656 return ret;
1657 }
1658
1659 /*******************************************************************************
1660 **
1661 ** Function smp_calculate_f5_key
1662 **
1663 ** Description The function calculates key T used in calculation of
1664 ** MacKey and LTK (f5 output is defined as MacKey || LTK).
1665 ** T = AES-CMAC (W)
1666 ** salt
1667 ** where
1668 ** Internal: salt is 128 bit.
1669 ** input: W is 256 bit.
1670 ** Output: T is 128 bit.
1671 **
1672 ** Returns FALSE if out of resources, TRUE in other cases.
1673 **
1674 ** Note The LSB is the first octet, the MSB is the last octet of
1675 ** the AES-CMAC input/output stream.
1676 **
1677 *******************************************************************************/
smp_calculate_f5_key(UINT8 * w,UINT8 * t)1678 BOOLEAN smp_calculate_f5_key(UINT8 *w, UINT8 *t)
1679 {
1680 UINT8 *p = NULL;
1681 /* Please see 2.2.7 LE Secure Connections Key Generation Function f5 */
1682 /*
1683 salt: 6C88 8391 AAF5 A538 6037 0BDB 5A60 83BE
1684 */
1685 BT_OCTET16 salt = {
1686 0xBE, 0x83, 0x60, 0x5A, 0xDB, 0x0B, 0x37, 0x60,
1687 0x38, 0xA5, 0xF5, 0xAA, 0x91, 0x83, 0x88, 0x6C
1688 };
1689 #if SMP_DEBUG == TRUE
1690 UINT8 *p_prnt = NULL;
1691 #endif
1692
1693 SMP_TRACE_DEBUG ("%s", __FUNCTION__);
1694 #if SMP_DEBUG == TRUE
1695 p_prnt = salt;
1696 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"salt", BT_OCTET16_LEN);
1697 p_prnt = w;
1698 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"W", BT_OCTET32_LEN);
1699 #endif
1700
1701 BT_OCTET16 key;
1702 BT_OCTET32 msg;
1703
1704 p = key;
1705 ARRAY_TO_STREAM(p, salt, BT_OCTET16_LEN);
1706 p = msg;
1707 ARRAY_TO_STREAM(p, w, BT_OCTET32_LEN);
1708 #if SMP_DEBUG == TRUE
1709 p_prnt = key;
1710 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"K", BT_OCTET16_LEN);
1711 p_prnt = msg;
1712 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"M", BT_OCTET32_LEN);
1713 #endif
1714
1715 BT_OCTET16 cmac;
1716 BOOLEAN ret = TRUE;
1717 if (!aes_cipher_msg_auth_code(key, msg, BT_OCTET32_LEN, BT_OCTET16_LEN, cmac)) {
1718 SMP_TRACE_ERROR("%s failed", __FUNCTION__);
1719 ret = FALSE;
1720 }
1721
1722 #if SMP_DEBUG == TRUE
1723 p_prnt = cmac;
1724 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"AES-CMAC", BT_OCTET16_LEN);
1725 #endif
1726
1727 p = t;
1728 ARRAY_TO_STREAM(p, cmac, BT_OCTET16_LEN);
1729 return ret;
1730 }
1731
1732 /*******************************************************************************
1733 **
1734 ** Function smp_calculate_local_dhkey_check
1735 **
1736 ** Description The function calculates and saves local device DHKey check
1737 ** value in CB.
1738 ** Before doing this it calls smp_calculate_f5_mackey_and_long_term_key(...).
1739 ** to calculate MacKey and LTK.
1740 ** MacKey is used in dhkey calculation.
1741 **
1742 ** Returns void
1743 **
1744 *******************************************************************************/
smp_calculate_local_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1745 void smp_calculate_local_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1746 {
1747 UINT8 iocap[3], a[7], b[7];
1748
1749 SMP_TRACE_DEBUG ("%s", __FUNCTION__);
1750
1751 smp_calculate_f5_mackey_and_long_term_key(p_cb);
1752
1753 smp_collect_local_io_capabilities(iocap, p_cb);
1754
1755 smp_collect_local_ble_address(a, p_cb);
1756 smp_collect_peer_ble_address(b, p_cb);
1757 smp_calculate_f6(p_cb->mac_key, p_cb->rand, p_cb->rrand, p_cb->peer_random, iocap, a, b,
1758 p_cb->dhkey_check);
1759
1760 SMP_TRACE_EVENT ("local DHKey check calculation is completed");
1761 }
1762
1763 /*******************************************************************************
1764 **
1765 ** Function smp_calculate_peer_dhkey_check
1766 **
1767 ** Description The function calculates peer device DHKey check value.
1768 **
1769 ** Returns void
1770 **
1771 *******************************************************************************/
smp_calculate_peer_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1772 void smp_calculate_peer_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1773 {
1774 UINT8 iocap[3], a[7], b[7];
1775 BT_OCTET16 param_buf;
1776 BOOLEAN ret;
1777 tSMP_KEY key;
1778 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
1779
1780 SMP_TRACE_DEBUG ("%s", __FUNCTION__);
1781
1782 smp_collect_peer_io_capabilities(iocap, p_cb);
1783
1784 smp_collect_local_ble_address(a, p_cb);
1785 smp_collect_peer_ble_address(b, p_cb);
1786 ret = smp_calculate_f6(p_cb->mac_key, p_cb->rrand, p_cb->rand, p_cb->local_random, iocap,
1787 b, a, param_buf);
1788
1789 if (ret) {
1790 SMP_TRACE_EVENT ("peer DHKey check calculation is completed");
1791 #if (SMP_DEBUG == TRUE)
1792 smp_debug_print_nbyte_little_endian (param_buf, (const UINT8 *)"peer DHKey check",
1793 BT_OCTET16_LEN);
1794 #endif
1795 key.key_type = SMP_KEY_TYPE_PEER_DHK_CHCK;
1796 key.p_data = param_buf;
1797 smp_sm_event(p_cb, SMP_SC_KEY_READY_EVT, &key);
1798 } else {
1799 SMP_TRACE_EVENT ("peer DHKey check calculation failed");
1800 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
1801 }
1802 }
1803
1804 /*******************************************************************************
1805 **
1806 ** Function smp_calculate_f6
1807 **
1808 ** Description The function calculates
1809 ** C = f6(W, N1, N2, R, IOcap, A1, A2) = AES-CMAC (N1||N2||R||IOcap||A1||A2)
1810 ** W
1811 ** where
1812 ** input: W is 128 bit,
1813 ** N1 is 128 bit,
1814 ** N2 is 128 bit,
1815 ** R is 128 bit,
1816 ** IOcap is 24 bit,
1817 ** A1 is 56 bit,
1818 ** A2 is 56 bit,
1819 ** output: C is 128 bit.
1820 **
1821 ** Returns FALSE if out of resources, TRUE in other cases.
1822 **
1823 ** Note The LSB is the first octet, the MSB is the last octet of
1824 ** the AES-CMAC input/output stream.
1825 **
1826 *******************************************************************************/
smp_calculate_f6(UINT8 * w,UINT8 * n1,UINT8 * n2,UINT8 * r,UINT8 * iocap,UINT8 * a1,UINT8 * a2,UINT8 * c)1827 BOOLEAN smp_calculate_f6(UINT8 *w, UINT8 *n1, UINT8 *n2, UINT8 *r, UINT8 *iocap, UINT8 *a1,
1828 UINT8 *a2, UINT8 *c)
1829 {
1830 UINT8 *p = NULL;
1831 UINT8 msg_len = BT_OCTET16_LEN /* N1 size */ + BT_OCTET16_LEN /* N2 size */ +
1832 BT_OCTET16_LEN /* R size */ + 3 /* IOcap size */ + 7 /* A1 size*/
1833 + 7 /* A2 size*/;
1834 UINT8 msg[BT_OCTET16_LEN + BT_OCTET16_LEN + BT_OCTET16_LEN + 3 + 7 + 7];
1835 #if SMP_DEBUG == TRUE
1836 UINT8 *p_print = NULL;
1837 #endif
1838
1839 SMP_TRACE_DEBUG ("%s", __FUNCTION__);
1840 #if SMP_DEBUG == TRUE
1841 p_print = w;
1842 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"W", BT_OCTET16_LEN);
1843 p_print = n1;
1844 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"N1", BT_OCTET16_LEN);
1845 p_print = n2;
1846 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"N2", BT_OCTET16_LEN);
1847 p_print = r;
1848 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"R", BT_OCTET16_LEN);
1849 p_print = iocap;
1850 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"IOcap", 3);
1851 p_print = a1;
1852 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"A1", 7);
1853 p_print = a2;
1854 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"A2", 7);
1855 #endif
1856
1857 UINT8 cmac[BT_OCTET16_LEN];
1858 UINT8 key[BT_OCTET16_LEN];
1859
1860 p = key;
1861 ARRAY_TO_STREAM(p, w, BT_OCTET16_LEN);
1862 #if SMP_DEBUG == TRUE
1863 p_print = key;
1864 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"K", BT_OCTET16_LEN);
1865 #endif
1866
1867 p = msg;
1868 ARRAY_TO_STREAM(p, a2, 7);
1869 ARRAY_TO_STREAM(p, a1, 7);
1870 ARRAY_TO_STREAM(p, iocap, 3);
1871 ARRAY_TO_STREAM(p, r, BT_OCTET16_LEN);
1872 ARRAY_TO_STREAM(p, n2, BT_OCTET16_LEN);
1873 ARRAY_TO_STREAM(p, n1, BT_OCTET16_LEN);
1874 #if SMP_DEBUG == TRUE
1875 p_print = msg;
1876 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"M", msg_len);
1877 #endif
1878
1879 BOOLEAN ret = TRUE;
1880 if (!aes_cipher_msg_auth_code(key, msg, msg_len, BT_OCTET16_LEN, cmac)) {
1881 SMP_TRACE_ERROR("%s failed", __FUNCTION__);
1882 ret = FALSE;
1883 }
1884
1885 #if SMP_DEBUG == TRUE
1886 p_print = cmac;
1887 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"AES-CMAC", BT_OCTET16_LEN);
1888 #endif
1889
1890 p = c;
1891 ARRAY_TO_STREAM(p, cmac, BT_OCTET16_LEN);
1892 return ret;
1893 }
1894
1895 /*******************************************************************************
1896 **
1897 ** Function smp_calculate_link_key_from_long_term_key
1898 **
1899 ** Description The function calculates and saves BR/EDR link key derived from
1900 ** LE SC LTK.
1901 **
1902 ** Returns FALSE if out of resources, TRUE in other cases.
1903 **
1904 *******************************************************************************/
smp_calculate_link_key_from_long_term_key(tSMP_CB * p_cb)1905 BOOLEAN smp_calculate_link_key_from_long_term_key(tSMP_CB *p_cb)
1906 {
1907 tBTM_SEC_DEV_REC *p_dev_rec;
1908 BD_ADDR bda_for_lk;
1909 tBLE_ADDR_TYPE conn_addr_type;
1910
1911 SMP_TRACE_DEBUG ("%s", __func__);
1912
1913 if (p_cb->id_addr_rcvd && p_cb->id_addr_type == BLE_ADDR_PUBLIC) {
1914 SMP_TRACE_DEBUG ("Use rcvd identity address as BD_ADDR of LK rcvd identity address");
1915 memcpy(bda_for_lk, p_cb->id_addr, BD_ADDR_LEN);
1916 } else if ((BTM_ReadRemoteConnectionAddr(p_cb->pairing_bda, bda_for_lk, &conn_addr_type)) &&
1917 conn_addr_type == BLE_ADDR_PUBLIC) {
1918 SMP_TRACE_DEBUG ("Use rcvd connection address as BD_ADDR of LK");
1919 } else {
1920 SMP_TRACE_WARNING ("Don't have peer public address to associate with LK");
1921 return FALSE;
1922 }
1923
1924 if ((p_dev_rec = btm_find_dev (p_cb->pairing_bda)) == NULL) {
1925 SMP_TRACE_ERROR("%s failed to find Security Record", __func__);
1926 return FALSE;
1927 }
1928
1929 BT_OCTET16 intermediate_link_key;
1930 BOOLEAN ret = TRUE;
1931
1932 ret = smp_calculate_h6(p_cb->ltk, (UINT8 *)"1pmt" /* reversed "tmp1" */, intermediate_link_key);
1933 if (!ret) {
1934 SMP_TRACE_ERROR("%s failed to derive intermediate_link_key", __func__);
1935 return ret;
1936 }
1937
1938 BT_OCTET16 link_key;
1939 ret = smp_calculate_h6(intermediate_link_key, (UINT8 *) "rbel" /* reversed "lebr" */, link_key);
1940 if (!ret) {
1941 SMP_TRACE_ERROR("%s failed", __func__);
1942 } else {
1943 UINT8 link_key_type;
1944 if (btm_cb.security_mode == BTM_SEC_MODE_SC) {
1945 /* Secure Connections Only Mode */
1946 link_key_type = BTM_LKEY_TYPE_AUTH_COMB_P_256;
1947 } else if (controller_get_interface()->supports_secure_connections()) {
1948 /* both transports are SC capable */
1949 if (p_cb->sec_level == SMP_SEC_AUTHENTICATED) {
1950 link_key_type = BTM_LKEY_TYPE_AUTH_COMB_P_256;
1951 } else {
1952 link_key_type = BTM_LKEY_TYPE_UNAUTH_COMB_P_256;
1953 }
1954 } else if (btm_cb.security_mode == BTM_SEC_MODE_SP) {
1955 /* BR/EDR transport is SSP capable */
1956 if (p_cb->sec_level == SMP_SEC_AUTHENTICATED) {
1957 link_key_type = BTM_LKEY_TYPE_AUTH_COMB;
1958 } else {
1959 link_key_type = BTM_LKEY_TYPE_UNAUTH_COMB;
1960 }
1961 } else {
1962 SMP_TRACE_ERROR ("%s failed to update link_key. Sec Mode = %d, sm4 = 0x%02x",
1963 __func__, btm_cb.security_mode, p_dev_rec->sm4);
1964 return FALSE;
1965 }
1966
1967 link_key_type += BTM_LTK_DERIVED_LKEY_OFFSET;
1968
1969 UINT8 *p;
1970 BT_OCTET16 notif_link_key;
1971 p = notif_link_key;
1972 ARRAY16_TO_STREAM(p, link_key);
1973
1974 btm_sec_link_key_notification (bda_for_lk, notif_link_key, link_key_type);
1975
1976 SMP_TRACE_EVENT ("%s is completed", __func__);
1977 }
1978
1979 return ret;
1980 }
1981
1982 /*******************************************************************************
1983 **
1984 ** Function smp_calculate_long_term_key_from_link_key
1985 **
1986 ** Description The function calculates and saves SC LTK derived from BR/EDR
1987 ** link key.
1988 **
1989 ** Returns FALSE if out of resources, TRUE in other cases.
1990 **
1991 *******************************************************************************/
smp_calculate_long_term_key_from_link_key(tSMP_CB * p_cb)1992 BOOLEAN smp_calculate_long_term_key_from_link_key(tSMP_CB *p_cb)
1993 {
1994 BOOLEAN ret = TRUE;
1995 tBTM_SEC_DEV_REC *p_dev_rec;
1996 UINT8 rev_link_key[16];
1997
1998 SMP_TRACE_DEBUG ("%s", __FUNCTION__);
1999
2000 if ((p_dev_rec = btm_find_dev (p_cb->pairing_bda)) == NULL) {
2001 SMP_TRACE_ERROR("%s failed to find Security Record", __FUNCTION__);
2002 return FALSE;
2003 }
2004
2005 UINT8 br_link_key_type;
2006 if ((br_link_key_type = BTM_SecGetDeviceLinkKeyType (p_cb->pairing_bda))
2007 == BTM_LKEY_TYPE_IGNORE) {
2008 SMP_TRACE_ERROR("%s failed to retrieve BR link type", __FUNCTION__);
2009 return FALSE;
2010 }
2011
2012 if ((br_link_key_type != BTM_LKEY_TYPE_AUTH_COMB_P_256) &&
2013 (br_link_key_type != BTM_LKEY_TYPE_UNAUTH_COMB_P_256)) {
2014 SMP_TRACE_ERROR("%s LE SC LTK can't be derived from LK %d",
2015 __FUNCTION__, br_link_key_type);
2016 return FALSE;
2017 }
2018
2019 UINT8 *p1;
2020 UINT8 *p2;
2021 p1 = rev_link_key;
2022 p2 = p_dev_rec->link_key;
2023 REVERSE_ARRAY_TO_STREAM(p1, p2, 16);
2024
2025 BT_OCTET16 intermediate_long_term_key;
2026 /* "tmp2" obtained from the spec */
2027 ret = smp_calculate_h6(rev_link_key, (UINT8 *) "2pmt" /* reversed "tmp2" */,
2028 intermediate_long_term_key);
2029
2030 if (!ret) {
2031 SMP_TRACE_ERROR("%s failed to derive intermediate_long_term_key", __FUNCTION__);
2032 return ret;
2033 }
2034
2035 /* "brle" obtained from the spec */
2036 ret = smp_calculate_h6(intermediate_long_term_key, (UINT8 *) "elrb" /* reversed "brle" */,
2037 p_cb->ltk);
2038
2039 if (!ret) {
2040 SMP_TRACE_ERROR("%s failed", __FUNCTION__);
2041 } else {
2042 p_cb->sec_level = (br_link_key_type == BTM_LKEY_TYPE_AUTH_COMB_P_256)
2043 ? SMP_SEC_AUTHENTICATED : SMP_SEC_UNAUTHENTICATE;
2044 SMP_TRACE_EVENT ("%s is completed", __FUNCTION__);
2045 }
2046
2047 return ret;
2048 }
2049
2050 /*******************************************************************************
2051 **
2052 ** Function smp_calculate_h6
2053 **
2054 ** Description The function calculates
2055 ** C = h6(W, KeyID) = AES-CMAC (KeyID)
2056 ** W
2057 ** where
2058 ** input: W is 128 bit,
2059 ** KeyId is 32 bit,
2060 ** output: C is 128 bit.
2061 **
2062 ** Returns FALSE if out of resources, TRUE in other cases.
2063 **
2064 ** Note The LSB is the first octet, the MSB is the last octet of
2065 ** the AES-CMAC input/output stream.
2066 **
2067 *******************************************************************************/
smp_calculate_h6(UINT8 * w,UINT8 * keyid,UINT8 * c)2068 BOOLEAN smp_calculate_h6(UINT8 *w, UINT8 *keyid, UINT8 *c)
2069 {
2070 #if SMP_DEBUG == TRUE
2071 UINT8 *p_print = NULL;
2072 #endif
2073
2074 SMP_TRACE_DEBUG ("%s", __FUNCTION__);
2075 #if SMP_DEBUG == TRUE
2076 p_print = w;
2077 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"W", BT_OCTET16_LEN);
2078 p_print = keyid;
2079 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"keyID", 4);
2080 #endif
2081
2082 UINT8 *p = NULL;
2083 UINT8 key[BT_OCTET16_LEN];
2084
2085 p = key;
2086 ARRAY_TO_STREAM(p, w, BT_OCTET16_LEN);
2087
2088 #if SMP_DEBUG == TRUE
2089 p_print = key;
2090 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"K", BT_OCTET16_LEN);
2091 #endif
2092
2093 UINT8 msg_len = 4 /* KeyID size */;
2094 UINT8 msg[4];
2095
2096 p = msg;
2097 ARRAY_TO_STREAM(p, keyid, 4);
2098
2099 #if SMP_DEBUG == TRUE
2100 p_print = msg;
2101 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *) "M", msg_len);
2102 #endif
2103
2104 BOOLEAN ret = TRUE;
2105 UINT8 cmac[BT_OCTET16_LEN];
2106 if (!aes_cipher_msg_auth_code(key, msg, msg_len, BT_OCTET16_LEN, cmac)) {
2107 SMP_TRACE_ERROR("%s failed", __FUNCTION__);
2108 ret = FALSE;
2109 }
2110
2111 #if SMP_DEBUG == TRUE
2112 p_print = cmac;
2113 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"AES-CMAC", BT_OCTET16_LEN);
2114 #endif
2115
2116 p = c;
2117 ARRAY_TO_STREAM(p, cmac, BT_OCTET16_LEN);
2118 return ret;
2119 }
2120
2121 /*******************************************************************************
2122 **
2123 ** Function smp_start_nonce_generation
2124 **
2125 ** Description This function starts nonce generation.
2126 **
2127 ** Returns void
2128 **
2129 *******************************************************************************/
smp_start_nonce_generation(tSMP_CB * p_cb)2130 void smp_start_nonce_generation(tSMP_CB *p_cb)
2131 {
2132 SMP_TRACE_DEBUG("%s", __FUNCTION__);
2133 p_cb->rand_enc_proc_state = SMP_GEN_NONCE_0_7;
2134 if (!btsnd_hcic_ble_rand((void *)smp_rand_back)) {
2135 smp_rand_back(NULL);
2136 }
2137 }
2138
2139 /*******************************************************************************
2140 **
2141 ** Function smp_finish_nonce_generation
2142 **
2143 ** Description This function finishes nonce generation.
2144 **
2145 ** Returns void
2146 **
2147 *******************************************************************************/
smp_finish_nonce_generation(tSMP_CB * p_cb)2148 void smp_finish_nonce_generation(tSMP_CB *p_cb)
2149 {
2150 SMP_TRACE_DEBUG("%s", __FUNCTION__);
2151 p_cb->rand_enc_proc_state = SMP_GEN_NONCE_8_15;
2152 if (!btsnd_hcic_ble_rand((void *)smp_rand_back)) {
2153 smp_rand_back(NULL);
2154 }
2155 }
2156
2157 /*******************************************************************************
2158 **
2159 ** Function smp_process_new_nonce
2160 **
2161 ** Description This function notifies SM that it has new nonce.
2162 **
2163 ** Returns void
2164 **
2165 *******************************************************************************/
smp_process_new_nonce(tSMP_CB * p_cb)2166 void smp_process_new_nonce(tSMP_CB *p_cb)
2167 {
2168 SMP_TRACE_DEBUG ("%s round %d", __FUNCTION__, p_cb->round);
2169 smp_sm_event(p_cb, SMP_HAVE_LOC_NONCE_EVT, NULL);
2170 }
2171
2172 /*******************************************************************************
2173 **
2174 ** Function smp_rand_back
2175 **
2176 ** Description This function is to process the rand command finished,
2177 ** process the random/encrypted number for further action.
2178 **
2179 ** Returns void
2180 **
2181 *******************************************************************************/
smp_rand_back(tBTM_RAND_ENC * p)2182 static void smp_rand_back(tBTM_RAND_ENC *p)
2183 {
2184 tSMP_CB *p_cb = &smp_cb;
2185 UINT8 *pp = p->param_buf;
2186 UINT8 failure = SMP_PAIR_FAIL_UNKNOWN;
2187 UINT8 state = p_cb->rand_enc_proc_state & ~0x80;
2188
2189 SMP_TRACE_DEBUG ("%s state=0x%x", __FUNCTION__, state);
2190 if (p && p->status == HCI_SUCCESS) {
2191 switch (state) {
2192 case SMP_GEN_SRAND_MRAND:
2193 memcpy((void *)p_cb->rand, p->param_buf, p->param_len);
2194 smp_generate_rand_cont(p_cb, NULL);
2195 break;
2196
2197 case SMP_GEN_SRAND_MRAND_CONT:
2198 memcpy((void *)&p_cb->rand[8], p->param_buf, p->param_len);
2199 smp_generate_confirm(p_cb, NULL);
2200 break;
2201
2202 case SMP_GEN_DIV_LTK:
2203 STREAM_TO_UINT16(p_cb->div, pp);
2204 smp_generate_ltk_cont(p_cb, NULL);
2205 break;
2206
2207 case SMP_GEN_DIV_CSRK:
2208 STREAM_TO_UINT16(p_cb->div, pp);
2209 smp_compute_csrk(p_cb, NULL);
2210 break;
2211
2212 case SMP_GEN_TK:
2213 smp_proc_passkey(p_cb, p);
2214 break;
2215
2216 case SMP_GEN_RAND_V:
2217 memcpy(p_cb->enc_rand, p->param_buf, BT_OCTET8_LEN);
2218 smp_generate_y(p_cb, NULL);
2219 break;
2220
2221 case SMP_GENERATE_PRIVATE_KEY_0_7:
2222 case SMP_GENERATE_PRIVATE_KEY_8_15:
2223 case SMP_GENERATE_PRIVATE_KEY_16_23:
2224 case SMP_GENERATE_PRIVATE_KEY_24_31:
2225 smp_continue_private_key_creation(p_cb, p);
2226 break;
2227
2228 case SMP_GEN_NONCE_0_7:
2229 memcpy((void *)p_cb->rand, p->param_buf, p->param_len);
2230 smp_finish_nonce_generation(p_cb);
2231 break;
2232
2233 case SMP_GEN_NONCE_8_15:
2234 memcpy((void *)&p_cb->rand[8], p->param_buf, p->param_len);
2235 smp_process_new_nonce(p_cb);
2236 break;
2237 }
2238
2239 return;
2240 }
2241
2242 SMP_TRACE_ERROR("%s key generation failed: (%d)", __FUNCTION__, p_cb->rand_enc_proc_state);
2243 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &failure);
2244 }
2245
2246 #endif
2247
