1 /******************************************************************************
2 *
3 * Copyright (C) 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains functions for the SMP L2CAP utility functions
22 *
23 ******************************************************************************/
24 #include "common/bt_target.h"
25
26 #if SMP_INCLUDED == TRUE
27
28 #include "stack/bt_types.h"
29 //#include "bt_utils.h"
30 #include <string.h>
31 //#include <ctype.h>
32 #include "stack/hcidefs.h"
33 #include "stack/btm_ble_api.h"
34 #include "stack/l2c_api.h"
35 #include "l2c_int.h"
36 #include "smp_int.h"
37 #include "device/controller.h"
38 #include "btm_int.h"
39 #include "common/bte_appl.h"
40
41 #define SMP_PAIRING_REQ_SIZE 7
42 #define SMP_CONFIRM_CMD_SIZE (BT_OCTET16_LEN + 1)
43 #define SMP_RAND_CMD_SIZE (BT_OCTET16_LEN + 1)
44 #define SMP_INIT_CMD_SIZE (BT_OCTET16_LEN + 1)
45 #define SMP_ENC_INFO_SIZE (BT_OCTET16_LEN + 1)
46 #define SMP_MASTER_ID_SIZE (BT_OCTET8_LEN + 2 + 1)
47 #define SMP_ID_INFO_SIZE (BT_OCTET16_LEN + 1)
48 #define SMP_ID_ADDR_SIZE (BD_ADDR_LEN + 1 + 1)
49 #define SMP_SIGN_INFO_SIZE (BT_OCTET16_LEN + 1)
50 #define SMP_PAIR_FAIL_SIZE 2
51 #define SMP_SECURITY_REQUEST_SIZE 2
52 #define SMP_PAIR_PUBL_KEY_SIZE (1 /* opcode */ + (2*BT_OCTET32_LEN))
53 #define SMP_PAIR_COMMITM_SIZE (1 /* opcode */ + BT_OCTET16_LEN /*Commitment*/)
54 #define SMP_PAIR_DHKEY_CHECK_SIZE (1 /* opcode */ + BT_OCTET16_LEN /*DHKey Check*/)
55 #define SMP_PAIR_KEYPR_NOTIF_SIZE (1 /* opcode */ + 1 /*Notif Type*/)
56
57 /* SMP command sizes per spec */
58 static const UINT8 smp_cmd_size_per_spec[] = {
59 0,
60 SMP_PAIRING_REQ_SIZE, /* 0x01: pairing request */
61 SMP_PAIRING_REQ_SIZE, /* 0x02: pairing response */
62 SMP_CONFIRM_CMD_SIZE, /* 0x03: pairing confirm */
63 SMP_RAND_CMD_SIZE, /* 0x04: pairing random */
64 SMP_PAIR_FAIL_SIZE, /* 0x05: pairing failed */
65 SMP_ENC_INFO_SIZE, /* 0x06: encryption information */
66 SMP_MASTER_ID_SIZE, /* 0x07: master identification */
67 SMP_ID_INFO_SIZE, /* 0x08: identity information */
68 SMP_ID_ADDR_SIZE, /* 0x09: identity address information */
69 SMP_SIGN_INFO_SIZE, /* 0x0A: signing information */
70 SMP_SECURITY_REQUEST_SIZE, /* 0x0B: security request */
71 SMP_PAIR_PUBL_KEY_SIZE, /* 0x0C: pairing public key */
72 SMP_PAIR_DHKEY_CHECK_SIZE, /* 0x0D: pairing dhkey check */
73 SMP_PAIR_KEYPR_NOTIF_SIZE, /* 0x0E: pairing keypress notification */
74 SMP_PAIR_COMMITM_SIZE /* 0x0F: pairing commitment */
75 };
76
77 static BOOLEAN smp_parameter_unconditionally_valid(tSMP_CB *p_cb);
78 static BOOLEAN smp_parameter_unconditionally_invalid(tSMP_CB *p_cb);
79
80 /* type for SMP command length validation functions */
81 typedef BOOLEAN (*tSMP_CMD_LEN_VALID)(tSMP_CB *p_cb);
82
83 static BOOLEAN smp_command_has_valid_fixed_length(tSMP_CB *p_cb);
84
85 static const tSMP_CMD_LEN_VALID smp_cmd_len_is_valid[] = {
86 smp_parameter_unconditionally_invalid,
87 smp_command_has_valid_fixed_length, /* 0x01: pairing request */
88 smp_command_has_valid_fixed_length, /* 0x02: pairing response */
89 smp_command_has_valid_fixed_length, /* 0x03: pairing confirm */
90 smp_command_has_valid_fixed_length, /* 0x04: pairing random */
91 smp_command_has_valid_fixed_length, /* 0x05: pairing failed */
92 smp_command_has_valid_fixed_length, /* 0x06: encryption information */
93 smp_command_has_valid_fixed_length, /* 0x07: master identification */
94 smp_command_has_valid_fixed_length, /* 0x08: identity information */
95 smp_command_has_valid_fixed_length, /* 0x09: identity address information */
96 smp_command_has_valid_fixed_length, /* 0x0A: signing information */
97 smp_command_has_valid_fixed_length, /* 0x0B: security request */
98 smp_command_has_valid_fixed_length, /* 0x0C: pairing public key */
99 smp_command_has_valid_fixed_length, /* 0x0D: pairing dhkey check */
100 smp_command_has_valid_fixed_length, /* 0x0E: pairing keypress notification */
101 smp_command_has_valid_fixed_length /* 0x0F: pairing commitment */
102 };
103
104 /* type for SMP command parameter ranges validation functions */
105 typedef BOOLEAN (*tSMP_CMD_PARAM_RANGES_VALID)(tSMP_CB *p_cb);
106
107 static BOOLEAN smp_pairing_request_response_parameters_are_valid(tSMP_CB *p_cb);
108 static BOOLEAN smp_pairing_keypress_notification_is_valid(tSMP_CB *p_cb);
109
110 static const tSMP_CMD_PARAM_RANGES_VALID smp_cmd_param_ranges_are_valid[] = {
111 smp_parameter_unconditionally_invalid,
112 smp_pairing_request_response_parameters_are_valid, /* 0x01: pairing request */
113 smp_pairing_request_response_parameters_are_valid, /* 0x02: pairing response */
114 smp_parameter_unconditionally_valid, /* 0x03: pairing confirm */
115 smp_parameter_unconditionally_valid, /* 0x04: pairing random */
116 smp_parameter_unconditionally_valid, /* 0x05: pairing failed */
117 smp_parameter_unconditionally_valid, /* 0x06: encryption information */
118 smp_parameter_unconditionally_valid, /* 0x07: master identification */
119 smp_parameter_unconditionally_valid, /* 0x08: identity information */
120 smp_parameter_unconditionally_valid, /* 0x09: identity address information */
121 smp_parameter_unconditionally_valid, /* 0x0A: signing information */
122 smp_parameter_unconditionally_valid, /* 0x0B: security request */
123 smp_parameter_unconditionally_valid, /* 0x0C: pairing public key */
124 smp_parameter_unconditionally_valid, /* 0x0D: pairing dhkey check */
125 smp_pairing_keypress_notification_is_valid, /* 0x0E: pairing keypress notification */
126 smp_parameter_unconditionally_valid /* 0x0F: pairing commitment */
127 };
128
129 /* type for action functions */
130 typedef BT_HDR *(*tSMP_CMD_ACT)(UINT8 cmd_code, tSMP_CB *p_cb);
131
132 static BT_HDR *smp_build_pairing_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
133 static BT_HDR *smp_build_confirm_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
134 static BT_HDR *smp_build_rand_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
135 static BT_HDR *smp_build_pairing_fail(UINT8 cmd_code, tSMP_CB *p_cb);
136 static BT_HDR *smp_build_identity_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
137 static BT_HDR *smp_build_encrypt_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
138 static BT_HDR *smp_build_security_request(UINT8 cmd_code, tSMP_CB *p_cb);
139 static BT_HDR *smp_build_signing_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
140 static BT_HDR *smp_build_master_id_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
141 static BT_HDR *smp_build_id_addr_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
142 static BT_HDR *smp_build_pair_public_key_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
143 static BT_HDR *smp_build_pairing_commitment_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
144 static BT_HDR *smp_build_pair_dhkey_check_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
145 static BT_HDR *smp_build_pairing_keypress_notification_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
146
147 static const tSMP_CMD_ACT smp_cmd_build_act[] = {
148 NULL,
149 smp_build_pairing_cmd, /* 0x01: pairing request */
150 smp_build_pairing_cmd, /* 0x02: pairing response */
151 smp_build_confirm_cmd, /* 0x03: pairing confirm */
152 smp_build_rand_cmd, /* 0x04: pairing random */
153 smp_build_pairing_fail, /* 0x05: pairing failure */
154 smp_build_encrypt_info_cmd, /* 0x06: encryption information */
155 smp_build_master_id_cmd, /* 0x07: master identification */
156 smp_build_identity_info_cmd, /* 0x08: identity information */
157 smp_build_id_addr_cmd, /* 0x09: identity address information */
158 smp_build_signing_info_cmd, /* 0x0A: signing information */
159 smp_build_security_request, /* 0x0B: security request */
160 smp_build_pair_public_key_cmd, /* 0x0C: pairing public key */
161 smp_build_pair_dhkey_check_cmd, /* 0x0D: pairing DHKey check */
162 smp_build_pairing_keypress_notification_cmd, /* 0x0E: pairing keypress notification */
163 smp_build_pairing_commitment_cmd /* 0x0F: pairing commitment */
164 };
165
166 static const UINT8 smp_association_table[2][SMP_IO_CAP_MAX][SMP_IO_CAP_MAX] = {
167 /* display only */ /* Display Yes/No */ /* keyboard only */
168 /* No Input/Output */ /* keyboard display */
169
170 /* initiator */
171 /* model = tbl[peer_io_caps][loc_io_caps] */
172 /* Display Only */
173 { {
174 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY,
175 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY
176 },
177
178 /* Display Yes/No */
179 {
180 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY,
181 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY
182 },
183
184 /* Keyboard only */
185 {
186 SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY,
187 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF
188 },
189
190 /* No Input No Output */
191 {
192 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY,
193 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY
194 },
195
196 /* keyboard display */
197 {
198 SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY,
199 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF
200 }
201 },
202
203 /* responder */
204 /* model = tbl[loc_io_caps][peer_io_caps] */
205 /* Display Only */
206 { {
207 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF,
208 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF
209 },
210
211 /* Display Yes/No */
212 {
213 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF,
214 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF
215 },
216
217 /* keyboard only */
218 {
219 SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY,
220 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY
221 },
222
223 /* No Input No Output */
224 {
225 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY,
226 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY
227 },
228
229 /* keyboard display */
230 {
231 SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_KEY_NOTIF,
232 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY
233 }
234 }
235 };
236
237 static const UINT8 smp_association_table_sc[2][SMP_IO_CAP_MAX][SMP_IO_CAP_MAX] = {
238 /* display only */ /* Display Yes/No */ /* keyboard only */
239 /* No InputOutput */ /* keyboard display */
240
241 /* initiator */
242 /* model = tbl[peer_io_caps][loc_io_caps] */
243
244 /* Display Only */
245 { {
246 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_PASSKEY_ENT,
247 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_PASSKEY_ENT
248 },
249
250 /* Display Yes/No */
251 {
252 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_NUM_COMP, SMP_MODEL_SEC_CONN_PASSKEY_ENT,
253 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_NUM_COMP
254 },
255
256 /* keyboard only */
257 {
258 SMP_MODEL_SEC_CONN_PASSKEY_DISP, SMP_MODEL_SEC_CONN_PASSKEY_DISP, SMP_MODEL_SEC_CONN_PASSKEY_ENT,
259 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_PASSKEY_DISP
260 },
261
262 /* No Input No Output */
263 {
264 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS,
265 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS
266 },
267
268 /* keyboard display */
269 {
270 SMP_MODEL_SEC_CONN_PASSKEY_DISP, SMP_MODEL_SEC_CONN_NUM_COMP, SMP_MODEL_SEC_CONN_PASSKEY_ENT,
271 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_NUM_COMP
272 }
273 },
274
275 /* responder */
276 /* model = tbl[loc_io_caps][peer_io_caps] */
277
278 /* Display Only */
279 { {
280 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_PASSKEY_DISP,
281 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_PASSKEY_DISP
282 },
283
284 /* Display Yes/No */
285 {
286 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_NUM_COMP, SMP_MODEL_SEC_CONN_PASSKEY_DISP,
287 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_NUM_COMP
288 },
289
290 /* keyboard only */
291 {
292 SMP_MODEL_SEC_CONN_PASSKEY_ENT, SMP_MODEL_SEC_CONN_PASSKEY_ENT, SMP_MODEL_SEC_CONN_PASSKEY_ENT,
293 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_PASSKEY_ENT
294 },
295
296 /* No Input No Output */
297 {
298 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS,
299 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS
300 },
301
302 /* keyboard display */
303 {
304 SMP_MODEL_SEC_CONN_PASSKEY_ENT, SMP_MODEL_SEC_CONN_NUM_COMP, SMP_MODEL_SEC_CONN_PASSKEY_DISP,
305 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_NUM_COMP
306 }
307 }
308 };
309
310 static tSMP_ASSO_MODEL smp_select_legacy_association_model(tSMP_CB *p_cb);
311 static tSMP_ASSO_MODEL smp_select_association_model_secure_connections(tSMP_CB *p_cb);
312
313 /*******************************************************************************
314 **
315 ** Function smp_send_msg_to_L2CAP
316 **
317 ** Description Send message to L2CAP.
318 **
319 *******************************************************************************/
smp_send_msg_to_L2CAP(BD_ADDR rem_bda,BT_HDR * p_toL2CAP)320 BOOLEAN smp_send_msg_to_L2CAP(BD_ADDR rem_bda, BT_HDR *p_toL2CAP)
321 {
322 UINT16 l2cap_ret;
323 UINT16 fixed_cid = L2CAP_SMP_CID;
324
325 if (smp_cb.smp_over_br) {
326 fixed_cid = L2CAP_SMP_BR_CID;
327 }
328
329 SMP_TRACE_EVENT("%s", __FUNCTION__);
330 smp_cb.total_tx_unacked += 1;
331
332 if ((l2cap_ret = L2CA_SendFixedChnlData (fixed_cid, rem_bda, p_toL2CAP)) == L2CAP_DW_FAILED) {
333 smp_cb.total_tx_unacked -= 1;
334 SMP_TRACE_ERROR("SMP failed to pass msg:0x%0x to L2CAP",
335 *((UINT8 *)(p_toL2CAP + 1) + p_toL2CAP->offset));
336 return FALSE;
337 } else {
338 return TRUE;
339 }
340 }
341
342 /*******************************************************************************
343 **
344 ** Function smp_send_cmd
345 **
346 ** Description send a SMP command on L2CAP channel.
347 **
348 *******************************************************************************/
smp_send_cmd(UINT8 cmd_code,tSMP_CB * p_cb)349 BOOLEAN smp_send_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
350 {
351 BT_HDR *p_buf;
352 BOOLEAN sent = FALSE;
353 UINT8 failure = SMP_PAIR_INTERNAL_ERR;
354 SMP_TRACE_EVENT("smp_send_cmd on l2cap cmd_code=0x%x\n", cmd_code);
355 if ( cmd_code <= (SMP_OPCODE_MAX + 1 /* for SMP_OPCODE_PAIR_COMMITM */) &&
356 smp_cmd_build_act[cmd_code] != NULL) {
357 p_buf = (*smp_cmd_build_act[cmd_code])(cmd_code, p_cb);
358
359 if (p_buf != NULL &&
360 smp_send_msg_to_L2CAP(p_cb->pairing_bda, p_buf)) {
361 sent = TRUE;
362
363 btu_stop_timer (&p_cb->rsp_timer_ent);
364 btu_start_timer (&p_cb->rsp_timer_ent, BTU_TTYPE_SMP_PAIRING_CMD,
365 SMP_WAIT_FOR_RSP_TOUT);
366 }
367 }
368
369 if (!sent) {
370 if (p_cb->smp_over_br) {
371 #if (CLASSIC_BT_INCLUDED == TRUE)
372 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &failure);
373 #endif ///CLASSIC_BT_INCLUDED == TRUE
374 } else {
375 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &failure);
376 }
377 }
378 return sent;
379 }
380
381 /*******************************************************************************
382 **
383 ** Function smp_rsp_timeout
384 **
385 ** Description Called when SMP wait for SMP command response timer expires
386 **
387 ** Returns void
388 **
389 *******************************************************************************/
smp_rsp_timeout(TIMER_LIST_ENT * p_tle)390 void smp_rsp_timeout(TIMER_LIST_ENT *p_tle)
391 {
392 tSMP_CB *p_cb = &smp_cb;
393 UINT8 failure = SMP_RSP_TIMEOUT;
394 UNUSED(p_tle);
395
396 SMP_TRACE_EVENT("%s state:%d br_state:%d", __FUNCTION__, p_cb->state, p_cb->br_state);
397
398 if (p_cb->smp_over_br) {
399 #if (CLASSIC_BT_INCLUDED == TRUE)
400 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &failure);
401 #endif ///CLASSIC_BT_INCLUDED == TRUE
402 } else {
403 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &failure);
404 }
405 }
406
407 /*******************************************************************************
408 **
409 ** Function smp_build_pairing_req_cmd
410 **
411 ** Description Build pairing request command.
412 **
413 *******************************************************************************/
smp_build_pairing_cmd(UINT8 cmd_code,tSMP_CB * p_cb)414 BT_HDR *smp_build_pairing_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
415 {
416 BT_HDR *p_buf = NULL ;
417 UINT8 *p;
418
419 SMP_TRACE_EVENT("smp_build_pairing_cmd");
420 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR) + SMP_PAIRING_REQ_SIZE + L2CAP_MIN_OFFSET)) != NULL) {
421 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
422
423 UINT8_TO_STREAM (p, cmd_code);
424 UINT8_TO_STREAM (p, p_cb->local_io_capability);
425 UINT8_TO_STREAM (p, p_cb->loc_oob_flag);
426 UINT8_TO_STREAM (p, p_cb->loc_auth_req);
427 UINT8_TO_STREAM (p, p_cb->loc_enc_size);
428 UINT8_TO_STREAM (p, p_cb->local_i_key);
429 UINT8_TO_STREAM (p, p_cb->local_r_key);
430
431 p_buf->offset = L2CAP_MIN_OFFSET;
432 /* 1B ERR_RSP op code + 1B cmd_op_code + 2B handle + 1B status */
433 p_buf->len = SMP_PAIRING_REQ_SIZE;
434 }
435
436 return p_buf;
437 }
438
439 /*******************************************************************************
440 **
441 ** Function smp_build_confirm_cmd
442 **
443 ** Description Build confirm request command.
444 **
445 *******************************************************************************/
smp_build_confirm_cmd(UINT8 cmd_code,tSMP_CB * p_cb)446 static BT_HDR *smp_build_confirm_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
447 {
448 BT_HDR *p_buf = NULL ;
449 UINT8 *p;
450 UNUSED(cmd_code);
451
452 SMP_TRACE_EVENT("smp_build_confirm_cmd\n");
453 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR) + SMP_CONFIRM_CMD_SIZE + L2CAP_MIN_OFFSET)) != NULL) {
454 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
455
456 UINT8_TO_STREAM (p, SMP_OPCODE_CONFIRM);
457 ARRAY_TO_STREAM (p, p_cb->confirm, BT_OCTET16_LEN);
458
459 p_buf->offset = L2CAP_MIN_OFFSET;
460 p_buf->len = SMP_CONFIRM_CMD_SIZE;
461 }
462
463 return p_buf;
464 }
465 /*******************************************************************************
466 **
467 ** Function smp_build_rand_cmd
468 **
469 ** Description Build Random command.
470 **
471 *******************************************************************************/
smp_build_rand_cmd(UINT8 cmd_code,tSMP_CB * p_cb)472 static BT_HDR *smp_build_rand_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
473 {
474 BT_HDR *p_buf = NULL ;
475 UINT8 *p;
476 UNUSED(cmd_code);
477
478 SMP_TRACE_EVENT("%s\n", __func__);
479 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR) + SMP_RAND_CMD_SIZE + L2CAP_MIN_OFFSET))
480 != NULL) {
481 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
482
483 UINT8_TO_STREAM (p, SMP_OPCODE_RAND);
484 ARRAY_TO_STREAM (p, p_cb->rand, BT_OCTET16_LEN);
485
486 p_buf->offset = L2CAP_MIN_OFFSET;
487 p_buf->len = SMP_RAND_CMD_SIZE;
488 }
489
490 return p_buf;
491 }
492 /*******************************************************************************
493 **
494 ** Function smp_build_encrypt_info_cmd
495 **
496 ** Description Build security information command.
497 **
498 *******************************************************************************/
smp_build_encrypt_info_cmd(UINT8 cmd_code,tSMP_CB * p_cb)499 static BT_HDR *smp_build_encrypt_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
500 {
501 BT_HDR *p_buf = NULL ;
502 UINT8 *p;
503 UNUSED(cmd_code);
504
505 SMP_TRACE_EVENT("smp_build_encrypt_info_cmd\n");
506 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR) + SMP_ENC_INFO_SIZE + L2CAP_MIN_OFFSET)) != NULL) {
507 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
508
509 UINT8_TO_STREAM (p, SMP_OPCODE_ENCRYPT_INFO);
510 ARRAY_TO_STREAM (p, p_cb->ltk, BT_OCTET16_LEN);
511
512 p_buf->offset = L2CAP_MIN_OFFSET;
513 p_buf->len = SMP_ENC_INFO_SIZE;
514 }
515
516 return p_buf;
517 }
518
519 /*******************************************************************************
520 **
521 ** Function smp_build_master_id_cmd
522 **
523 ** Description Build security information command.
524 **
525 *******************************************************************************/
smp_build_master_id_cmd(UINT8 cmd_code,tSMP_CB * p_cb)526 static BT_HDR *smp_build_master_id_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
527 {
528 BT_HDR *p_buf = NULL ;
529 UINT8 *p;
530 UNUSED(cmd_code);
531
532 SMP_TRACE_EVENT("%s\n", __func__);
533
534 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR) + SMP_MASTER_ID_SIZE + L2CAP_MIN_OFFSET)) != NULL) {
535 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
536
537 UINT8_TO_STREAM (p, SMP_OPCODE_MASTER_ID);
538 UINT16_TO_STREAM (p, p_cb->ediv);
539 ARRAY_TO_STREAM (p, p_cb->enc_rand, BT_OCTET8_LEN);
540
541 p_buf->offset = L2CAP_MIN_OFFSET;
542 p_buf->len = SMP_MASTER_ID_SIZE;
543 }
544
545 return p_buf;
546 }
547
548 /*******************************************************************************
549 **
550 ** Function smp_build_identity_info_cmd
551 **
552 ** Description Build identity information command.
553 **
554 *******************************************************************************/
smp_build_identity_info_cmd(UINT8 cmd_code,tSMP_CB * p_cb)555 static BT_HDR *smp_build_identity_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
556 {
557 BT_HDR *p_buf = NULL ;
558 #if (BLE_INCLUDED == TRUE)
559 UINT8 *p;
560 BT_OCTET16 irk;
561 UNUSED(cmd_code);
562 UNUSED(p_cb);
563
564 SMP_TRACE_EVENT("smp_build_identity_info_cmd\n");
565 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR) + SMP_ID_INFO_SIZE + L2CAP_MIN_OFFSET)) != NULL) {
566 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
567
568 BTM_GetDeviceIDRoot(irk);
569
570 UINT8_TO_STREAM (p, SMP_OPCODE_IDENTITY_INFO);
571 ARRAY_TO_STREAM (p, irk, BT_OCTET16_LEN);
572
573 p_buf->offset = L2CAP_MIN_OFFSET;
574 p_buf->len = SMP_ID_INFO_SIZE;
575 }
576
577 #endif ///BLE_INCLUDED == TRUE
578 return p_buf;
579 }
580
581 /*******************************************************************************
582 **
583 ** Function smp_build_id_addr_cmd
584 **
585 ** Description Build identity address information command.
586 **
587 *******************************************************************************/
smp_build_id_addr_cmd(UINT8 cmd_code,tSMP_CB * p_cb)588 static BT_HDR *smp_build_id_addr_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
589 {
590 BT_HDR *p_buf = NULL;
591 UINT8 *p;
592
593 UNUSED(cmd_code);
594 UNUSED(p_cb);
595 SMP_TRACE_EVENT("smp_build_id_addr_cmd\n");
596 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR) + SMP_ID_ADDR_SIZE + L2CAP_MIN_OFFSET)) != NULL) {
597 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
598
599 UINT8_TO_STREAM (p, SMP_OPCODE_ID_ADDR);
600 /* Identity Address Information is used in the Transport Specific Key Distribution phase to distribute
601 its public device address or static random address. if slave using static random address is encrypted,
602 it should distribute its static random address */
603 #if (BLE_INCLUDED == TRUE)
604 if(btm_cb.ble_ctr_cb.addr_mgnt_cb.own_addr_type == BLE_ADDR_RANDOM && memcmp(btm_cb.ble_ctr_cb.addr_mgnt_cb.static_rand_addr, btm_cb.ble_ctr_cb.addr_mgnt_cb.private_addr,6) == 0) {
605 UINT8_TO_STREAM (p, 0x01);
606 BDADDR_TO_STREAM (p, btm_cb.ble_ctr_cb.addr_mgnt_cb.static_rand_addr);
607 } else
608 #endif ///BLE_INCLUDED == TRUE
609 {
610 UINT8_TO_STREAM (p, 0);
611 BDADDR_TO_STREAM (p, controller_get_interface()->get_address()->address);
612 }
613
614 p_buf->offset = L2CAP_MIN_OFFSET;
615 p_buf->len = SMP_ID_ADDR_SIZE;
616 }
617
618 return p_buf;
619 }
620
621 /*******************************************************************************
622 **
623 ** Function smp_build_signing_info_cmd
624 **
625 ** Description Build signing information command.
626 **
627 *******************************************************************************/
smp_build_signing_info_cmd(UINT8 cmd_code,tSMP_CB * p_cb)628 static BT_HDR *smp_build_signing_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
629 {
630 BT_HDR *p_buf = NULL ;
631 UINT8 *p;
632 UNUSED(cmd_code);
633
634 SMP_TRACE_EVENT("smp_build_signing_info_cmd\n");
635 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR) + SMP_SIGN_INFO_SIZE + L2CAP_MIN_OFFSET)) != NULL) {
636 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
637
638 UINT8_TO_STREAM (p, SMP_OPCODE_SIGN_INFO);
639 ARRAY_TO_STREAM (p, p_cb->csrk, BT_OCTET16_LEN);
640
641 p_buf->offset = L2CAP_MIN_OFFSET;
642 p_buf->len = SMP_SIGN_INFO_SIZE;
643 }
644
645 return p_buf;
646 }
647
648 /*******************************************************************************
649 **
650 ** Function smp_build_pairing_fail
651 **
652 ** Description Build Pairing Fail command.
653 **
654 *******************************************************************************/
smp_build_pairing_fail(UINT8 cmd_code,tSMP_CB * p_cb)655 static BT_HDR *smp_build_pairing_fail(UINT8 cmd_code, tSMP_CB *p_cb)
656 {
657 BT_HDR *p_buf = NULL ;
658 UINT8 *p;
659 UNUSED(cmd_code);
660
661 SMP_TRACE_EVENT("%s\n", __func__);
662 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR) + SMP_PAIR_FAIL_SIZE + L2CAP_MIN_OFFSET)) != NULL) {
663 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
664
665 UINT8_TO_STREAM (p, SMP_OPCODE_PAIRING_FAILED);
666 UINT8_TO_STREAM (p, p_cb->failure);
667
668 p_buf->offset = L2CAP_MIN_OFFSET;
669 p_buf->len = SMP_PAIR_FAIL_SIZE;
670 }
671
672 return p_buf;
673 }
674
675 /*******************************************************************************
676 **
677 ** Function smp_build_security_request
678 **
679 ** Description Build security request command.
680 **
681 *******************************************************************************/
smp_build_security_request(UINT8 cmd_code,tSMP_CB * p_cb)682 static BT_HDR *smp_build_security_request(UINT8 cmd_code, tSMP_CB *p_cb)
683 {
684 BT_HDR *p_buf = NULL ;
685 UINT8 *p;
686 UNUSED(cmd_code);
687
688 SMP_TRACE_EVENT("%s\n", __func__);
689 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR) + 2 + L2CAP_MIN_OFFSET)) != NULL) {
690 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
691
692 UINT8_TO_STREAM (p, SMP_OPCODE_SEC_REQ);
693 UINT8_TO_STREAM (p, p_cb->loc_auth_req);
694
695 p_buf->offset = L2CAP_MIN_OFFSET;
696 p_buf->len = SMP_SECURITY_REQUEST_SIZE;
697
698 SMP_TRACE_EVENT("opcode=%d auth_req=0x%x", SMP_OPCODE_SEC_REQ, p_cb->loc_auth_req );
699 }
700
701 return p_buf;
702
703 }
704
705 /*******************************************************************************
706 **
707 ** Function smp_build_pair_public_key_cmd
708 **
709 ** Description Build pairing public key command.
710 **
711 *******************************************************************************/
smp_build_pair_public_key_cmd(UINT8 cmd_code,tSMP_CB * p_cb)712 static BT_HDR *smp_build_pair_public_key_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
713 {
714 BT_HDR *p_buf = NULL ;
715 UINT8 *p;
716 UINT8 publ_key[2 * BT_OCTET32_LEN];
717 UINT8 *p_publ_key = publ_key;
718 UNUSED(cmd_code);
719
720 SMP_TRACE_EVENT("%s\n", __FUNCTION__);
721
722 memcpy(p_publ_key, p_cb->loc_publ_key.x, BT_OCTET32_LEN);
723 memcpy(p_publ_key + BT_OCTET32_LEN, p_cb->loc_publ_key.y, BT_OCTET32_LEN);
724
725 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR) +
726 SMP_PAIR_PUBL_KEY_SIZE + L2CAP_MIN_OFFSET)) != NULL) {
727 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
728
729 UINT8_TO_STREAM (p, SMP_OPCODE_PAIR_PUBLIC_KEY);
730 ARRAY_TO_STREAM (p, p_publ_key, 2 * BT_OCTET32_LEN);
731
732 p_buf->offset = L2CAP_MIN_OFFSET;
733 p_buf->len = SMP_PAIR_PUBL_KEY_SIZE;
734 }
735
736 return p_buf;
737 }
738
739 /*******************************************************************************
740 **
741 ** Function smp_build_pairing_commitment_cmd
742 **
743 ** Description Build pairing commitment command.
744 **
745 *******************************************************************************/
smp_build_pairing_commitment_cmd(UINT8 cmd_code,tSMP_CB * p_cb)746 static BT_HDR *smp_build_pairing_commitment_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
747 {
748 BT_HDR *p_buf = NULL;
749 UINT8 *p;
750 UNUSED(cmd_code);
751
752 SMP_TRACE_EVENT("%s\n", __func__);
753 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR) + SMP_PAIR_COMMITM_SIZE + L2CAP_MIN_OFFSET))
754 != NULL) {
755 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
756
757 UINT8_TO_STREAM (p, SMP_OPCODE_CONFIRM);
758 ARRAY_TO_STREAM (p, p_cb->commitment, BT_OCTET16_LEN);
759
760 p_buf->offset = L2CAP_MIN_OFFSET;
761 p_buf->len = SMP_PAIR_COMMITM_SIZE;
762 }
763
764 return p_buf;
765 }
766
767 /*******************************************************************************
768 **
769 ** Function smp_build_pair_dhkey_check_cmd
770 **
771 ** Description Build pairing DHKey check command.
772 **
773 *******************************************************************************/
smp_build_pair_dhkey_check_cmd(UINT8 cmd_code,tSMP_CB * p_cb)774 static BT_HDR *smp_build_pair_dhkey_check_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
775 {
776 BT_HDR *p_buf = NULL;
777 UINT8 *p;
778 UNUSED(cmd_code);
779
780 SMP_TRACE_EVENT("%s\n", __FUNCTION__);
781 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR) +
782 SMP_PAIR_DHKEY_CHECK_SIZE + L2CAP_MIN_OFFSET)) != NULL) {
783 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
784
785 UINT8_TO_STREAM (p, SMP_OPCODE_PAIR_DHKEY_CHECK);
786 ARRAY_TO_STREAM (p, p_cb->dhkey_check, BT_OCTET16_LEN);
787
788 p_buf->offset = L2CAP_MIN_OFFSET;
789 p_buf->len = SMP_PAIR_DHKEY_CHECK_SIZE;
790 }
791
792 return p_buf;
793 }
794
795 /*******************************************************************************
796 **
797 ** Function smp_build_pairing_keypress_notification_cmd
798 **
799 ** Description Build keypress notification command.
800 **
801 *******************************************************************************/
smp_build_pairing_keypress_notification_cmd(UINT8 cmd_code,tSMP_CB * p_cb)802 static BT_HDR *smp_build_pairing_keypress_notification_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
803 {
804 BT_HDR *p_buf = NULL ;
805 UINT8 *p;
806 UNUSED(cmd_code);
807
808 SMP_TRACE_EVENT("%s\n", __FUNCTION__);
809 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR)\
810 + SMP_PAIR_KEYPR_NOTIF_SIZE + L2CAP_MIN_OFFSET)) != NULL) {
811 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
812
813 UINT8_TO_STREAM (p, SMP_OPCODE_PAIR_KEYPR_NOTIF);
814 UINT8_TO_STREAM (p, p_cb->local_keypress_notification);
815
816 p_buf->offset = L2CAP_MIN_OFFSET;
817 p_buf->len = SMP_PAIR_KEYPR_NOTIF_SIZE;
818 }
819
820 return p_buf;
821 }
822
823 /*******************************************************************************
824 **
825 ** Function smp_convert_string_to_tk
826 **
827 ** Description This function is called to convert a 6 to 16 digits numeric
828 ** character string into SMP TK.
829 **
830 **
831 ** Returns void
832 **
833 *******************************************************************************/
smp_convert_string_to_tk(BT_OCTET16 tk,UINT32 passkey)834 void smp_convert_string_to_tk(BT_OCTET16 tk, UINT32 passkey)
835 {
836 UINT8 *p = tk;
837 tSMP_KEY key;
838 SMP_TRACE_EVENT("smp_convert_string_to_tk\n");
839 UINT32_TO_STREAM(p, passkey);
840
841 key.key_type = SMP_KEY_TYPE_TK;
842 key.p_data = tk;
843
844 smp_sm_event(&smp_cb, SMP_KEY_READY_EVT, &key);
845 }
846
847 /*******************************************************************************
848 **
849 ** Function smp_mask_enc_key
850 **
851 ** Description This function is called to mask off the encryption key based
852 ** on the maximum encryption key size.
853 **
854 **
855 ** Returns void
856 **
857 *******************************************************************************/
smp_mask_enc_key(UINT8 loc_enc_size,UINT8 * p_data)858 void smp_mask_enc_key(UINT8 loc_enc_size, UINT8 *p_data)
859 {
860 SMP_TRACE_EVENT("smp_mask_enc_key\n");
861 if (loc_enc_size < BT_OCTET16_LEN) {
862 for (; loc_enc_size < BT_OCTET16_LEN; loc_enc_size ++) {
863 * (p_data + loc_enc_size) = 0;
864 }
865 }
866 return;
867 }
868
869 /*******************************************************************************
870 **
871 ** Function smp_xor_128
872 **
873 ** Description utility function to do an biteise exclusive-OR of two bit
874 ** strings of the length of BT_OCTET16_LEN.
875 **
876 ** Returns void
877 **
878 *******************************************************************************/
smp_xor_128(BT_OCTET16 a,const BT_OCTET16 b)879 void smp_xor_128(BT_OCTET16 a, const BT_OCTET16 b)
880 {
881 UINT8 i, *aa = a;
882 const UINT8 *bb = b;
883
884 SMP_TRACE_EVENT("smp_xor_128\n");
885 for (i = 0; i < BT_OCTET16_LEN; i++) {
886 aa[i] = aa[i] ^ bb[i];
887 }
888 }
889
890 /*******************************************************************************
891 **
892 ** Function smp_cb_cleanup
893 **
894 ** Description Clean up SMP control block
895 **
896 ** Returns void
897 **
898 *******************************************************************************/
smp_cb_cleanup(tSMP_CB * p_cb)899 void smp_cb_cleanup(tSMP_CB *p_cb)
900 {
901 tSMP_CALLBACK *p_callback = p_cb->p_callback;
902 UINT8 trace_level = p_cb->trace_level;
903 UINT32 static_passkey = p_cb->static_passkey;
904 BOOLEAN use_static_passkey = p_cb->use_static_passkey;
905 SMP_TRACE_EVENT("smp_cb_cleanup\n");
906
907 memset(p_cb, 0, sizeof(tSMP_CB));
908 p_cb->p_callback = p_callback;
909 p_cb->trace_level = trace_level;
910 if(use_static_passkey) {
911 p_cb->use_static_passkey = use_static_passkey;
912 p_cb->static_passkey = static_passkey;
913 }
914 }
915
916 /*******************************************************************************
917 **
918 ** Function smp_remove_fixed_channel
919 **
920 ** Description This function is called to remove the fixed channel
921 **
922 ** Returns void
923 **
924 *******************************************************************************/
smp_remove_fixed_channel(tSMP_CB * p_cb)925 void smp_remove_fixed_channel(tSMP_CB *p_cb)
926 {
927 SMP_TRACE_DEBUG("%s\n", __func__);
928
929 if (p_cb->smp_over_br) {
930 L2CA_RemoveFixedChnl (L2CAP_SMP_BR_CID, p_cb->pairing_bda);
931 } else {
932 L2CA_RemoveFixedChnl (L2CAP_SMP_CID, p_cb->pairing_bda);
933 }
934 }
935
936 /*******************************************************************************
937 **
938 ** Function smp_reset_control_value
939 **
940 ** Description This function is called to reset the control block value when
941 ** pairing procedure finished.
942 **
943 **
944 ** Returns void
945 **
946 *******************************************************************************/
smp_reset_control_value(tSMP_CB * p_cb)947 void smp_reset_control_value(tSMP_CB *p_cb)
948 {
949 SMP_TRACE_EVENT("smp_reset_control_value\n");
950 btu_stop_timer (&p_cb->rsp_timer_ent);
951 p_cb->flags = 0;
952 /* set the link idle timer to drop the link when pairing is done
953 usually service discovery will follow authentication complete, to avoid
954 racing condition for a link down/up, set link idle timer to be
955 SMP_LINK_TOUT_MIN to guarantee SMP key exchange */
956 L2CA_SetIdleTimeoutByBdAddr(p_cb->pairing_bda, SMP_LINK_TOUT_MIN, BT_TRANSPORT_LE);
957
958 /* We can tell L2CAP to remove the fixed channel (if it has one) */
959 smp_remove_fixed_channel(p_cb);
960 smp_cb_cleanup(p_cb);
961 }
962
963 /*******************************************************************************
964 **
965 ** Function smp_proc_pairing_cmpl
966 **
967 ** Description This function is called to process pairing complete
968 **
969 **
970 ** Returns void
971 **
972 *******************************************************************************/
smp_proc_pairing_cmpl(tSMP_CB * p_cb)973 void smp_proc_pairing_cmpl(tSMP_CB *p_cb)
974 {
975 tSMP_EVT_DATA evt_data = {0};
976 tSMP_CALLBACK *p_callback = p_cb->p_callback;
977 BD_ADDR pairing_bda;
978
979 SMP_TRACE_DEBUG ("smp_proc_pairing_cmpl \n");
980
981 evt_data.cmplt.reason = p_cb->status;
982 evt_data.cmplt.smp_over_br = p_cb->smp_over_br;
983 evt_data.cmplt.auth_mode = 0;
984 #if (BLE_INCLUDED == TRUE)
985 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (p_cb->pairing_bda);
986 if (p_cb->status == SMP_SUCCESS) {
987 evt_data.cmplt.sec_level = p_cb->sec_level;
988 if (p_cb->auth_mode) { // the first encryption
989 evt_data.cmplt.auth_mode = p_cb->auth_mode;
990 if (p_rec) {
991 p_rec->ble.auth_mode = p_cb->auth_mode;
992 }
993 } else if (p_rec) {
994 evt_data.cmplt.auth_mode = p_rec->ble.auth_mode;
995 }
996 }
997 #else
998 if (p_cb->status == SMP_SUCCESS) {
999 evt_data.cmplt.sec_level = p_cb->sec_level;
1000 evt_data.cmplt.auth_mode = p_cb->auth_mode;
1001 }
1002 #endif
1003
1004 evt_data.cmplt.is_pair_cancel = FALSE;
1005
1006 if (p_cb->is_pair_cancel) {
1007 evt_data.cmplt.is_pair_cancel = TRUE;
1008 }
1009
1010
1011 SMP_TRACE_DEBUG ("send SMP_COMPLT_EVT reason=0x%0x sec_level=0x%0x\n",
1012 evt_data.cmplt.reason,
1013 evt_data.cmplt.sec_level );
1014
1015 memcpy (pairing_bda, p_cb->pairing_bda, BD_ADDR_LEN);
1016
1017 #if (BLE_INCLUDED == TRUE)
1018 #if (SMP_SLAVE_CON_PARAMS_UPD_ENABLE == TRUE)
1019 if (p_cb->role == HCI_ROLE_SLAVE) {
1020 if(p_rec && p_rec->ble.skip_update_conn_param) {
1021 //clear flag
1022 p_rec->ble.skip_update_conn_param = false;
1023 } else {
1024 #if (BT_MULTI_CONNECTION_ENBALE == FALSE)
1025 L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, TRUE);
1026 #endif
1027 }
1028 }
1029
1030 #endif
1031 #endif ///BLE_INCLUDED == TRUE
1032
1033 smp_reset_control_value(p_cb);
1034 // TODO: clear local oob data when start advertising
1035 smp_clear_local_oob_data();
1036
1037 if (p_callback) {
1038 (*p_callback) (SMP_COMPLT_EVT, pairing_bda, &evt_data);
1039 }
1040 }
1041
1042 /*******************************************************************************
1043 **
1044 ** Function smp_command_has_invalid_parameters
1045 **
1046 ** Description Checks if the received SMP command has invalid parameters i.e.
1047 ** if the command length is valid and the command parameters are
1048 ** inside specified range.
1049 ** It returns TRUE if the command has invalid parameters.
1050 **
1051 ** Returns TRUE if the command has invalid parameters, FALSE otherwise.
1052 **
1053 *******************************************************************************/
smp_command_has_invalid_parameters(tSMP_CB * p_cb)1054 BOOLEAN smp_command_has_invalid_parameters(tSMP_CB *p_cb)
1055 {
1056 UINT8 cmd_code = p_cb->rcvd_cmd_code;
1057
1058 SMP_TRACE_DEBUG("%s for cmd code 0x%02x\n", __func__, cmd_code);
1059
1060 if ((cmd_code > (SMP_OPCODE_MAX + 1 /* for SMP_OPCODE_PAIR_COMMITM */)) ||
1061 (cmd_code < SMP_OPCODE_MIN)) {
1062 SMP_TRACE_WARNING("Somehow received command with the RESERVED code 0x%02x\n", cmd_code);
1063 return TRUE;
1064 }
1065
1066 if (!(*smp_cmd_len_is_valid[cmd_code])(p_cb)) {
1067 return TRUE;
1068 }
1069
1070 if (!(*smp_cmd_param_ranges_are_valid[cmd_code])(p_cb)) {
1071 return TRUE;
1072 }
1073
1074 return FALSE;
1075 }
1076
1077 /*******************************************************************************
1078 **
1079 ** Function smp_command_has_valid_fixed_length
1080 **
1081 ** Description Checks if the received command size is equal to the size
1082 ** according to specs.
1083 **
1084 ** Returns TRUE if the command size is as expected, FALSE otherwise.
1085 **
1086 ** Note The command is expected to have fixed length.
1087 *******************************************************************************/
smp_command_has_valid_fixed_length(tSMP_CB * p_cb)1088 BOOLEAN smp_command_has_valid_fixed_length(tSMP_CB *p_cb)
1089 {
1090 UINT8 cmd_code = p_cb->rcvd_cmd_code;
1091
1092 SMP_TRACE_DEBUG("%s for cmd code 0x%02x\n", __func__, cmd_code);
1093
1094 if (p_cb->rcvd_cmd_len != smp_cmd_size_per_spec[cmd_code]) {
1095 SMP_TRACE_WARNING("Rcvd from the peer cmd 0x%02x with invalid length\
1096 0x%02x (per spec the length is 0x%02x).\n",
1097 cmd_code, p_cb->rcvd_cmd_len, smp_cmd_size_per_spec[cmd_code]);
1098 return FALSE;
1099 }
1100
1101 return TRUE;
1102 }
1103
1104 /*******************************************************************************
1105 **
1106 ** Function smp_pairing_request_response_parameters_are_valid
1107 **
1108 ** Description Validates parameter ranges in the received SMP command
1109 ** pairing request or pairing response.
1110 ** The parameters to validate:
1111 ** IO capability,
1112 ** OOB data flag,
1113 ** Bonding_flags in AuthReq
1114 ** Maximum encryption key size.
1115 ** Returns FALSE if at least one of these parameters is out of range.
1116 **
1117 *******************************************************************************/
smp_pairing_request_response_parameters_are_valid(tSMP_CB * p_cb)1118 BOOLEAN smp_pairing_request_response_parameters_are_valid(tSMP_CB *p_cb)
1119 {
1120 UINT8 io_caps = p_cb->peer_io_caps;
1121 UINT8 oob_flag = p_cb->peer_oob_flag;
1122 UINT8 bond_flag = p_cb->peer_auth_req & 0x03; //0x03 is gen bond with appropriate mask
1123 UINT8 enc_size = p_cb->peer_enc_size;
1124
1125 SMP_TRACE_DEBUG("%s for cmd code 0x%02x\n", __func__, p_cb->rcvd_cmd_code);
1126
1127 if (io_caps >= BTM_IO_CAP_MAX) {
1128 SMP_TRACE_WARNING("Rcvd from the peer cmd 0x%02x with IO Capabilty \
1129 value (0x%02x) out of range).\n",
1130 p_cb->rcvd_cmd_code, io_caps);
1131 return FALSE;
1132 }
1133
1134 if (!((oob_flag == SMP_OOB_NONE) || (oob_flag == SMP_OOB_PRESENT))) {
1135 SMP_TRACE_WARNING("Rcvd from the peer cmd 0x%02x with OOB data flag value \
1136 (0x%02x) out of range).\n",
1137 p_cb->rcvd_cmd_code, oob_flag);
1138 return FALSE;
1139 }
1140
1141 if (!((bond_flag == SMP_AUTH_NO_BOND) || (bond_flag == SMP_AUTH_BOND))) {
1142 SMP_TRACE_WARNING("Rcvd from the peer cmd 0x%02x with Bonding_Flags value (0x%02x)\
1143 out of range).\n",
1144 p_cb->rcvd_cmd_code, bond_flag);
1145 return FALSE;
1146 }
1147
1148 /* `bte_appl_cfg.ble_min_enc_key_size` will be `SMP_ENCR_KEY_SIZE_MIN` by
1149 * default if not set explicitly */
1150 #if (BLE_INCLUDED == TRUE)
1151 if (enc_size < bte_appl_cfg.ble_min_key_size) {
1152 SMP_TRACE_WARNING("Rcvd from the peer cmd 0x%02x with Maximum Encryption \
1153 Key value (0x%02x) less than minimum required key size).\n",
1154 p_cb->rcvd_cmd_code, enc_size);
1155 return FALSE;
1156 }
1157 #else
1158 if (enc_size < SMP_ENCR_KEY_SIZE_MIN) {
1159 SMP_TRACE_WARNING("Rcvd from the peer cmd 0x%02x with Maximum Encryption \
1160 Key value (0x%02x) less than minimum required key size).\n",
1161 p_cb->rcvd_cmd_code, enc_size);
1162 return FALSE;
1163 }
1164 #endif
1165
1166 if (enc_size > SMP_ENCR_KEY_SIZE_MAX) {
1167 SMP_TRACE_WARNING("Rcvd from the peer cmd 0x%02x with Maximum Encryption \
1168 Key value (0x%02x) greater than supported by stack).\n",
1169 p_cb->rcvd_cmd_code, enc_size);
1170 return FALSE;
1171 }
1172
1173 return TRUE;
1174 }
1175
1176 /*******************************************************************************
1177 **
1178 ** Function smp_pairing_keypress_notification_is_valid
1179 **
1180 ** Description Validates Notification Type parameter range in the received SMP command
1181 ** pairing keypress notification.
1182 ** Returns FALSE if this parameter is out of range.
1183 **
1184 *******************************************************************************/
smp_pairing_keypress_notification_is_valid(tSMP_CB * p_cb)1185 BOOLEAN smp_pairing_keypress_notification_is_valid(tSMP_CB *p_cb)
1186 {
1187 tBTM_SP_KEY_TYPE keypress_notification = p_cb->peer_keypress_notification;
1188
1189 SMP_TRACE_DEBUG("%s for cmd code 0x%02x\n", __func__, p_cb->rcvd_cmd_code);
1190
1191 if (keypress_notification >= BTM_SP_KEY_OUT_OF_RANGE) {
1192 SMP_TRACE_WARNING("Rcvd from the peer cmd 0x%02x with Pairing Keypress \
1193 Notification value (0x%02x) out of range).\n",
1194 p_cb->rcvd_cmd_code, keypress_notification);
1195 return FALSE;
1196 }
1197
1198 return TRUE;
1199 }
1200
1201 /*******************************************************************************
1202 **
1203 ** Function smp_parameter_unconditionally_valid
1204 **
1205 ** Description Always returns TRUE.
1206 **
1207 *******************************************************************************/
smp_parameter_unconditionally_valid(tSMP_CB * p_cb)1208 BOOLEAN smp_parameter_unconditionally_valid(tSMP_CB *p_cb)
1209 {
1210 return TRUE;
1211 }
1212
1213 /*******************************************************************************
1214 **
1215 ** Function smp_parameter_unconditionally_invalid
1216 **
1217 ** Description Always returns FALSE.
1218 **
1219 *******************************************************************************/
smp_parameter_unconditionally_invalid(tSMP_CB * p_cb)1220 BOOLEAN smp_parameter_unconditionally_invalid(tSMP_CB *p_cb)
1221 {
1222 return FALSE;
1223 }
1224
1225 /*******************************************************************************
1226 **
1227 ** Function smp_reject_unexpected_pairing_command
1228 **
1229 ** Description send pairing failure to an unexpected pairing command during
1230 ** an active pairing process.
1231 **
1232 ** Returns void
1233 **
1234 *******************************************************************************/
smp_reject_unexpected_pairing_command(BD_ADDR bd_addr)1235 void smp_reject_unexpected_pairing_command(BD_ADDR bd_addr)
1236 {
1237 BT_HDR *p_buf;
1238 UINT8 *p;
1239
1240 SMP_TRACE_DEBUG ("%s\n", __FUNCTION__);
1241
1242 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR) + \
1243 SMP_PAIR_FAIL_SIZE + L2CAP_MIN_OFFSET)) != NULL) {
1244 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
1245
1246 UINT8_TO_STREAM (p, SMP_OPCODE_PAIRING_FAILED);
1247 UINT8_TO_STREAM (p, SMP_PAIR_NOT_SUPPORT);
1248
1249 p_buf->offset = L2CAP_MIN_OFFSET;
1250 p_buf->len = SMP_PAIR_FAIL_SIZE;
1251
1252 smp_send_msg_to_L2CAP(bd_addr, p_buf);
1253 }
1254 }
1255
1256 /*******************************************************************************
1257 ** Function smp_select_association_model
1258 **
1259 ** Description This function selects association model to use for STK
1260 ** generation. Selection is based on both sides' io capability,
1261 ** oob data flag and authentication request.
1262 **
1263 ** Note If Secure Connections Only mode is required locally then we
1264 ** come to this point only if both sides support Secure Connections
1265 ** mode, i.e. if p_cb->secure_connections_only_mode_required = TRUE then we come
1266 ** to this point only if
1267 ** (p_cb->peer_auth_req & SMP_SC_SUPPORT_BIT) ==
1268 ** (p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT) ==
1269 ** SMP_SC_SUPPORT_BIT
1270 **
1271 *******************************************************************************/
smp_select_association_model(tSMP_CB * p_cb)1272 tSMP_ASSO_MODEL smp_select_association_model(tSMP_CB *p_cb)
1273 {
1274 tSMP_ASSO_MODEL model = SMP_MODEL_OUT_OF_RANGE;
1275 p_cb->le_secure_connections_mode_is_used = FALSE;
1276
1277 SMP_TRACE_EVENT("%s\n", __FUNCTION__);
1278 SMP_TRACE_DEBUG("%s p_cb->peer_io_caps = %d p_cb->local_io_capability = %d\n",
1279 __FUNCTION__, p_cb->peer_io_caps, p_cb->local_io_capability);
1280 SMP_TRACE_DEBUG("%s p_cb->peer_oob_flag = %d p_cb->loc_oob_flag = %d\n",
1281 __FUNCTION__, p_cb->peer_oob_flag, p_cb->loc_oob_flag);
1282 SMP_TRACE_DEBUG("%s p_cb->peer_auth_req = 0x%02x p_cb->loc_auth_req = 0x%02x\n",
1283 __FUNCTION__, p_cb->peer_auth_req, p_cb->loc_auth_req);
1284 SMP_TRACE_DEBUG("%s p_cb->secure_connections_only_mode_required = %s\n",
1285 __FUNCTION__, p_cb->secure_connections_only_mode_required ?
1286 "TRUE" : "FALSE");
1287
1288 if ((p_cb->peer_auth_req & SMP_SC_SUPPORT_BIT) && (p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT)) {
1289 p_cb->le_secure_connections_mode_is_used = TRUE;
1290 }
1291
1292 SMP_TRACE_DEBUG("use_sc_process = %d\n", p_cb->le_secure_connections_mode_is_used);
1293
1294 if (p_cb->le_secure_connections_mode_is_used) {
1295 model = smp_select_association_model_secure_connections(p_cb);
1296 } else {
1297 model = smp_select_legacy_association_model(p_cb);
1298 }
1299 return model;
1300 }
1301
1302 /*******************************************************************************
1303 ** Function smp_select_legacy_association_model
1304 **
1305 ** Description This function is called to select association mode if at least
1306 ** one side doesn't support secure connections.
1307 **
1308 *******************************************************************************/
smp_select_legacy_association_model(tSMP_CB * p_cb)1309 tSMP_ASSO_MODEL smp_select_legacy_association_model(tSMP_CB *p_cb)
1310 {
1311 tSMP_ASSO_MODEL model = SMP_MODEL_OUT_OF_RANGE;
1312
1313 SMP_TRACE_DEBUG("%s\n", __func__);
1314 /* if OOB data is present on both devices, then use OOB association model */
1315 if (p_cb->peer_oob_flag == SMP_OOB_PRESENT && p_cb->loc_oob_flag == SMP_OOB_PRESENT) {
1316 return SMP_MODEL_OOB;
1317 }
1318
1319 /* else if neither device requires MITM, then use Just Works association model */
1320 if (SMP_NO_MITM_REQUIRED (p_cb->peer_auth_req) && SMP_NO_MITM_REQUIRED(p_cb->loc_auth_req)) {
1321 return SMP_MODEL_ENCRYPTION_ONLY;
1322 }
1323
1324 /* otherwise use IO capability to select association model */
1325 if (p_cb->peer_io_caps < SMP_IO_CAP_MAX && p_cb->local_io_capability < SMP_IO_CAP_MAX) {
1326 if (p_cb->role == HCI_ROLE_MASTER) {
1327 model = smp_association_table[p_cb->role][p_cb->peer_io_caps]
1328 [p_cb->local_io_capability];
1329 } else {
1330 model = smp_association_table[p_cb->role][p_cb->local_io_capability]
1331 [p_cb->peer_io_caps];
1332 }
1333 }
1334
1335 return model;
1336 }
1337
1338 /*******************************************************************************
1339 ** Function smp_select_association_model_secure_connections
1340 **
1341 ** Description This function is called to select association mode if both
1342 ** sides support secure connections.
1343 **
1344 *******************************************************************************/
smp_select_association_model_secure_connections(tSMP_CB * p_cb)1345 tSMP_ASSO_MODEL smp_select_association_model_secure_connections(tSMP_CB *p_cb)
1346 {
1347 tSMP_ASSO_MODEL model = SMP_MODEL_OUT_OF_RANGE;
1348
1349 SMP_TRACE_DEBUG("%s\n", __func__);
1350 /* if OOB data is present on at least one device, then use OOB association model */
1351 if (p_cb->peer_oob_flag == SMP_OOB_PRESENT || p_cb->loc_oob_flag == SMP_OOB_PRESENT) {
1352 return SMP_MODEL_SEC_CONN_OOB;
1353 }
1354
1355 /* else if neither device requires MITM, then use Just Works association model */
1356 if (SMP_NO_MITM_REQUIRED (p_cb->peer_auth_req) && SMP_NO_MITM_REQUIRED(p_cb->loc_auth_req)) {
1357 return SMP_MODEL_SEC_CONN_JUSTWORKS;
1358 }
1359
1360 /* otherwise use IO capability to select association model */
1361 if (p_cb->peer_io_caps < SMP_IO_CAP_MAX && p_cb->local_io_capability < SMP_IO_CAP_MAX) {
1362 if (p_cb->role == HCI_ROLE_MASTER) {
1363 model = smp_association_table_sc[p_cb->role][p_cb->peer_io_caps]
1364 [p_cb->local_io_capability];
1365 } else {
1366 model = smp_association_table_sc[p_cb->role][p_cb->local_io_capability]
1367 [p_cb->peer_io_caps];
1368 }
1369 }
1370
1371 return model;
1372 }
1373
1374 /*******************************************************************************
1375 ** Function smp_reverse_array
1376 **
1377 ** Description This function reverses array bytes
1378 **
1379 *******************************************************************************/
smp_reverse_array(UINT8 * arr,UINT8 len)1380 void smp_reverse_array(UINT8 *arr, UINT8 len)
1381 {
1382 UINT8 i = 0, tmp;
1383
1384 SMP_TRACE_DEBUG("smp_reverse_array\n");
1385
1386 for (i = 0; i < len / 2; i ++) {
1387 tmp = arr[i];
1388 arr[i] = arr[len - 1 - i];
1389 arr[len - 1 - i] = tmp;
1390 }
1391 }
1392
1393 /*******************************************************************************
1394 ** Function smp_calculate_random_input
1395 **
1396 ** Description This function returns random input value to be used in commitment
1397 ** calculation for SC passkey entry association mode
1398 ** (if bit["round"] in "random" array == 1 then returns 0x81
1399 ** else returns 0x80).
1400 **
1401 ** Returns ri value
1402 **
1403 *******************************************************************************/
smp_calculate_random_input(UINT8 * random,UINT8 round)1404 UINT8 smp_calculate_random_input(UINT8 *random, UINT8 round)
1405 {
1406 UINT8 i = round / 8;
1407 UINT8 j = round % 8;
1408 UINT8 ri;
1409
1410 SMP_TRACE_DEBUG("random: 0x%02x, round: %d, i: %d, j: %d\n", random[i], round, i, j);
1411 ri = ((random[i] >> j) & 1) | 0x80;
1412 SMP_TRACE_DEBUG("%s ri=0x%02x\n", __func__, ri);
1413 return ri;
1414 }
1415
1416 /*******************************************************************************
1417 ** Function smp_collect_local_io_capabilities
1418 **
1419 ** Description This function puts into IOcap array local device
1420 ** IOCapability, OOB data, AuthReq.
1421 **
1422 ** Returns void
1423 **
1424 *******************************************************************************/
smp_collect_local_io_capabilities(UINT8 * iocap,tSMP_CB * p_cb)1425 void smp_collect_local_io_capabilities(UINT8 *iocap, tSMP_CB *p_cb)
1426 {
1427 SMP_TRACE_DEBUG("%s\n", __func__);
1428
1429 iocap[0] = p_cb->local_io_capability;
1430 iocap[1] = p_cb->loc_oob_flag;
1431 iocap[2] = p_cb->loc_auth_req;
1432 }
1433
1434 /*******************************************************************************
1435 ** Function smp_collect_peer_io_capabilities
1436 **
1437 ** Description This function puts into IOcap array peer device
1438 ** IOCapability, OOB data, AuthReq.
1439 **
1440 ** Returns void
1441 **
1442 *******************************************************************************/
smp_collect_peer_io_capabilities(UINT8 * iocap,tSMP_CB * p_cb)1443 void smp_collect_peer_io_capabilities(UINT8 *iocap, tSMP_CB *p_cb)
1444 {
1445 SMP_TRACE_DEBUG("%s\n", __func__);
1446
1447 iocap[0] = p_cb->peer_io_caps;
1448 iocap[1] = p_cb->peer_oob_flag;
1449 iocap[2] = p_cb->peer_auth_req;
1450 }
1451 #if (BLE_INCLUDED == TRUE)
1452 /*******************************************************************************
1453 ** Function smp_collect_local_ble_address
1454 **
1455 ** Description This function puts into le_addr array local device le address:
1456 ** le_addr[0-5] = local BD ADDR,
1457 ** le_addr[6] = local le address type (PUBLIC/RANDOM).
1458 **
1459 ** Returns void
1460 **
1461 *******************************************************************************/
smp_collect_local_ble_address(UINT8 * le_addr,tSMP_CB * p_cb)1462 void smp_collect_local_ble_address(UINT8 *le_addr, tSMP_CB *p_cb)
1463 {
1464 tBLE_ADDR_TYPE addr_type = 0;
1465 BD_ADDR bda;
1466 UINT8 *p = le_addr;
1467
1468 SMP_TRACE_DEBUG("%s\n", __func__);
1469
1470 BTM_ReadConnectionAddr( p_cb->pairing_bda, bda, &addr_type);
1471 BDADDR_TO_STREAM(p, bda);
1472 UINT8_TO_STREAM(p, addr_type);
1473 }
1474
1475 /*******************************************************************************
1476 ** Function smp_collect_peer_ble_address
1477 **
1478 ** Description This function puts into le_addr array peer device le address:
1479 ** le_addr[0-5] = peer BD ADDR,
1480 ** le_addr[6] = peer le address type (PUBLIC/RANDOM).
1481 **
1482 ** Returns void
1483 **
1484 *******************************************************************************/
smp_collect_peer_ble_address(UINT8 * le_addr,tSMP_CB * p_cb)1485 void smp_collect_peer_ble_address(UINT8 *le_addr, tSMP_CB *p_cb)
1486 {
1487 tBLE_ADDR_TYPE addr_type = 0;
1488 BD_ADDR bda;
1489 UINT8 *p = le_addr;
1490
1491 SMP_TRACE_DEBUG("%s\n", __func__);
1492
1493 if (!BTM_ReadRemoteConnectionAddr(p_cb->pairing_bda, bda, &addr_type)) {
1494 SMP_TRACE_ERROR("can not collect peer le addr information for unknown device\n");
1495 return;
1496 }
1497
1498 BDADDR_TO_STREAM(p, bda);
1499 UINT8_TO_STREAM(p, addr_type);
1500 }
1501
1502 /*******************************************************************************
1503 ** Function smp_check_commitment
1504 **
1505 ** Description This function compares peer commitment values:
1506 ** - expected (i.e. calculated locally),
1507 ** - received from the peer.
1508 **
1509 ** Returns TRUE if the values are the same
1510 ** FALSE otherwise
1511 **
1512 *******************************************************************************/
smp_check_commitment(tSMP_CB * p_cb)1513 BOOLEAN smp_check_commitment(tSMP_CB *p_cb)
1514 {
1515 BT_OCTET16 expected;
1516
1517 SMP_TRACE_DEBUG("%s\n", __func__);
1518
1519 smp_calculate_peer_commitment(p_cb, expected);
1520 print128(expected, (const UINT8 *)"calculated peer commitment");
1521 print128(p_cb->remote_commitment, (const UINT8 *)"received peer commitment");
1522
1523 if (memcmp(p_cb->remote_commitment, expected, BT_OCTET16_LEN)) {
1524 SMP_TRACE_WARNING("Commitment check fails\n");
1525 return FALSE;
1526 }
1527
1528 SMP_TRACE_DEBUG("Commitment check succeeds\n");
1529 return TRUE;
1530 }
1531
1532 /*******************************************************************************
1533 **
1534 ** Function smp_save_secure_connections_long_term_key
1535 **
1536 ** Description The function saves SC LTK as BLE key for future use as local
1537 ** and/or peer key.
1538 **
1539 ** Returns void
1540 **
1541 *******************************************************************************/
smp_save_secure_connections_long_term_key(tSMP_CB * p_cb)1542 void smp_save_secure_connections_long_term_key(tSMP_CB *p_cb)
1543 {
1544 tBTM_LE_LENC_KEYS lle_key;
1545 tBTM_LE_PENC_KEYS ple_key;
1546
1547 SMP_TRACE_DEBUG("%s-Save LTK as local LTK key\n", __func__);
1548 memcpy(lle_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
1549 lle_key.div = 0;
1550 lle_key.key_size = p_cb->loc_enc_size;
1551 lle_key.sec_level = p_cb->sec_level;
1552 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LENC, (tBTM_LE_KEY_VALUE *)&lle_key, TRUE);
1553
1554 SMP_TRACE_DEBUG("%s-Save LTK as peer LTK key\n", __func__);
1555 ple_key.ediv = 0;
1556 memset(ple_key.rand, 0, BT_OCTET8_LEN);
1557 memcpy(ple_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
1558 ple_key.sec_level = p_cb->sec_level;
1559 ple_key.key_size = p_cb->loc_enc_size;
1560 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PENC, (tBTM_LE_KEY_VALUE *)&ple_key, TRUE);
1561 }
1562
1563 /*******************************************************************************
1564 **
1565 ** Function smp_calculate_f5_mackey_and_long_term_key
1566 **
1567 ** Description The function calculates MacKey and LTK and saves them in CB.
1568 ** To calculate MacKey and LTK it calls smp_calc_f5(...).
1569 ** MacKey is used in dhkey calculation, LTK is used to encrypt
1570 ** the link.
1571 **
1572 ** Returns FALSE if out of resources, TRUE otherwise.
1573 **
1574 *******************************************************************************/
smp_calculate_f5_mackey_and_long_term_key(tSMP_CB * p_cb)1575 BOOLEAN smp_calculate_f5_mackey_and_long_term_key(tSMP_CB *p_cb)
1576 {
1577 UINT8 a[7];
1578 UINT8 b[7];
1579 UINT8 *p_na;
1580 UINT8 *p_nb;
1581
1582 SMP_TRACE_DEBUG("%s\n", __func__);
1583
1584 if (p_cb->role == HCI_ROLE_MASTER) {
1585 smp_collect_local_ble_address(a, p_cb);
1586 smp_collect_peer_ble_address(b, p_cb);
1587 p_na = p_cb->rand;
1588 p_nb = p_cb->rrand;
1589 } else {
1590 smp_collect_local_ble_address(b, p_cb);
1591 smp_collect_peer_ble_address(a, p_cb);
1592 p_na = p_cb->rrand;
1593 p_nb = p_cb->rand;
1594 }
1595
1596 if (!smp_calculate_f5(p_cb->dhkey, p_na, p_nb, a, b, p_cb->mac_key, p_cb->ltk)) {
1597 SMP_TRACE_ERROR("%s failed\n", __func__);
1598 return FALSE;
1599 }
1600
1601 SMP_TRACE_EVENT ("%s is completed\n", __func__);
1602 return TRUE;
1603 }
1604 #endif ///BLE_INCLUDED == TRUE
1605 /*******************************************************************************
1606 **
1607 ** Function smp_request_oob_data
1608 **
1609 ** Description Requests application to provide OOB data.
1610 **
1611 ** Returns TRUE - OOB data has to be provided by application
1612 ** FALSE - otherwise (unexpected)
1613 **
1614 *******************************************************************************/
smp_request_oob_data(tSMP_CB * p_cb)1615 BOOLEAN smp_request_oob_data(tSMP_CB *p_cb)
1616 {
1617 tSMP_OOB_DATA_TYPE req_oob_type = SMP_OOB_INVALID_TYPE;
1618
1619 SMP_TRACE_DEBUG("%s\n", __func__);
1620
1621 if (p_cb->peer_oob_flag == SMP_OOB_PRESENT && p_cb->loc_oob_flag == SMP_OOB_PRESENT) {
1622 /* both local and peer rcvd data OOB */
1623 req_oob_type = SMP_OOB_BOTH;
1624 } else if (p_cb->peer_oob_flag == SMP_OOB_PRESENT) {
1625 /* peer rcvd OOB local data, local didn't receive OOB peer data */
1626 req_oob_type = SMP_OOB_LOCAL;
1627 } else if (p_cb->loc_oob_flag == SMP_OOB_PRESENT) {
1628 req_oob_type = SMP_OOB_PEER;
1629 }
1630
1631 SMP_TRACE_DEBUG("req_oob_type = %d\n", req_oob_type);
1632
1633 if (req_oob_type == SMP_OOB_INVALID_TYPE) {
1634 return FALSE;
1635 }
1636
1637 p_cb->req_oob_type = req_oob_type;
1638 p_cb->cb_evt = SMP_SC_OOB_REQ_EVT;
1639 smp_sm_event(p_cb, SMP_TK_REQ_EVT, &req_oob_type);
1640
1641 return TRUE;
1642 }
1643
1644
1645 #endif
1646
