1 /******************************************************************************
2 *
3 * Copyright (C) 2003-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 #include <string.h>
20 #include "device/interop.h"
21 #include "common/bt_target.h"
22 #include "btm_int.h"
23 #include "stack/l2c_api.h"
24 #include "smp_int.h"
25 #include "p_256_ecc_pp.h"
26 //#include "utils/include/bt_utils.h"
27
28 #if SMP_INCLUDED == TRUE
29 const UINT8 smp_association_table[2][SMP_IO_CAP_MAX][SMP_IO_CAP_MAX] = {
30 /* initiator */
31 { {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* Display Only */
32 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* SMP_CAP_IO = 1 */
33 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* keyboard only */
34 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */
35 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}
36 }, /* keyboard display */
37 /* responder */
38 { {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* Display Only */
39 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* SMP_CAP_IO = 1 */
40 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* keyboard only */
41 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */
42 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}
43 } /* keyboard display */
44 /* display only */ /*SMP_CAP_IO = 1 */ /* keyboard only */ /* No InputOutput */ /* keyboard display */
45 };
46
47 #define SMP_KEY_DIST_TYPE_MAX 4
48 const tSMP_ACT smp_distribute_act [] = {
49 #if (BLE_INCLUDED == TRUE)
50 smp_generate_ltk,
51 smp_send_id_info,
52 smp_generate_csrk,
53 smp_set_derive_link_key
54 #else
55 NULL,
56 NULL,
57 NULL,
58 NULL
59 #endif ///BLE_INCLUDED == TRUE
60 };
61
62 extern UINT8 bta_dm_co_ble_get_accept_auth_enable(void);
63 extern UINT8 bta_dm_co_ble_get_auth_req(void);
64
lmp_version_below(BD_ADDR bda,uint8_t version)65 static bool lmp_version_below(BD_ADDR bda, uint8_t version)
66 {
67 tACL_CONN *acl = btm_bda_to_acl(bda, BT_TRANSPORT_LE);
68 if (acl == NULL || acl->lmp_version == 0) {
69 SMP_TRACE_WARNING("%s cannot retrieve LMP version...", __func__);
70 return false;
71 }
72 SMP_TRACE_DEBUG("%s LMP version %d < %d", __func__, acl->lmp_version, version);
73 return acl->lmp_version < version;
74 }
75
76 /*******************************************************************************
77 ** Function smp_update_key_mask
78 ** Description This function updates the key mask for sending or receiving.
79 *******************************************************************************/
smp_update_key_mask(tSMP_CB * p_cb,UINT8 key_type,BOOLEAN recv)80 static void smp_update_key_mask (tSMP_CB *p_cb, UINT8 key_type, BOOLEAN recv)
81 {
82 SMP_TRACE_DEBUG("%s before update role=%d recv=%d local_i_key = %02x, local_r_key = %02x\n",
83 __func__, p_cb->role, recv, p_cb->local_i_key, p_cb->local_r_key);
84
85 if (((p_cb->le_secure_connections_mode_is_used) ||
86 (p_cb->smp_over_br)) &&
87 ((key_type == SMP_SEC_KEY_TYPE_ENC) || (key_type == SMP_SEC_KEY_TYPE_LK))) {
88 /* in LE SC mode LTK, CSRK and BR/EDR LK are derived locally instead of
89 ** being exchanged with the peer */
90 p_cb->local_i_key &= ~key_type;
91 p_cb->local_r_key &= ~key_type;
92 } else if (p_cb->role == HCI_ROLE_SLAVE) {
93 if (recv) {
94 p_cb->local_i_key &= ~key_type;
95 } else {
96 p_cb->local_r_key &= ~key_type;
97 }
98 } else {
99 if (recv) {
100 p_cb->local_r_key &= ~key_type;
101 } else {
102 p_cb->local_i_key &= ~key_type;
103 }
104 }
105
106 SMP_TRACE_DEBUG("updated local_i_key = %02x, local_r_key = %02x\n", p_cb->local_i_key,
107 p_cb->local_r_key);
108 }
109
110 /*******************************************************************************
111 ** Function smp_send_app_cback
112 ** Description notifies application about the events the application is interested in
113 *******************************************************************************/
smp_send_app_cback(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)114 void smp_send_app_cback(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
115 {
116 tSMP_EVT_DATA cb_data;
117 tSMP_STATUS callback_rc;
118 SMP_TRACE_DEBUG("%s p_cb->cb_evt=%d\n", __func__, p_cb->cb_evt);
119 if (p_cb->p_callback && p_cb->cb_evt != 0) {
120 switch (p_cb->cb_evt) {
121 case SMP_IO_CAP_REQ_EVT:
122 cb_data.io_req.auth_req = p_cb->peer_auth_req;
123 cb_data.io_req.oob_data = SMP_OOB_NONE;
124 cb_data.io_req.io_cap = SMP_DEFAULT_IO_CAPS;
125 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
126 cb_data.io_req.init_keys = p_cb->local_i_key ;
127 cb_data.io_req.resp_keys = p_cb->local_r_key ;
128 SMP_TRACE_DEBUG ( "io_cap = %d", cb_data.io_req.io_cap);
129 break;
130
131 case SMP_NC_REQ_EVT:
132 cb_data.passkey = p_data->passkey;
133 break;
134 case SMP_SC_OOB_REQ_EVT:
135 cb_data.req_oob_type = p_data->req_oob_type;
136 break;
137 case SMP_SC_LOC_OOB_DATA_UP_EVT:
138 cb_data.loc_oob_data = p_cb->sc_oob_data.loc_oob_data;
139 break;
140
141 case SMP_BR_KEYS_REQ_EVT:
142 cb_data.io_req.auth_req = 0;
143 cb_data.io_req.oob_data = SMP_OOB_NONE;
144 cb_data.io_req.io_cap = 0;
145 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
146 cb_data.io_req.init_keys = SMP_BR_SEC_DEFAULT_KEY;
147 cb_data.io_req.resp_keys = SMP_BR_SEC_DEFAULT_KEY;
148 break;
149
150 default:
151 break;
152 }
153
154 callback_rc = (*p_cb->p_callback)(p_cb->cb_evt, p_cb->pairing_bda, &cb_data);
155
156 SMP_TRACE_DEBUG("callback_rc=%d p_cb->cb_evt=%d\n", callback_rc, p_cb->cb_evt );
157
158 if (callback_rc == SMP_SUCCESS) {
159 switch (p_cb->cb_evt) {
160 case SMP_IO_CAP_REQ_EVT:
161 p_cb->loc_auth_req = cb_data.io_req.auth_req;
162 p_cb->local_io_capability = cb_data.io_req.io_cap;
163 p_cb->loc_oob_flag = cb_data.io_req.oob_data;
164 p_cb->loc_enc_size = cb_data.io_req.max_key_size;
165 p_cb->local_i_key = cb_data.io_req.init_keys;
166 p_cb->local_r_key = cb_data.io_req.resp_keys;
167
168 if (!(p_cb->loc_auth_req & SMP_AUTH_BOND)) {
169 SMP_TRACE_WARNING ("Non bonding: No keys will be exchanged");
170 p_cb->local_i_key = 0;
171 p_cb->local_r_key = 0;
172 }
173
174 SMP_TRACE_DEBUG ("rcvd auth_req: 0x%02x, io_cap: %d \
175 loc_oob_flag: %d loc_enc_size: %d,"
176 "local_i_key: 0x%02x, local_r_key: 0x%02x\n",
177 p_cb->loc_auth_req, p_cb->local_io_capability, p_cb->loc_oob_flag,
178 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key);
179
180 p_cb->secure_connections_only_mode_required =
181 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE;
182
183 if (p_cb->secure_connections_only_mode_required) {
184 p_cb->loc_auth_req |= SMP_SC_SUPPORT_BIT;
185 }
186
187 if (!(p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT)
188 || lmp_version_below(p_cb->pairing_bda, HCI_PROTO_VERSION_4_2)
189 || interop_match(INTEROP_DISABLE_LE_SECURE_CONNECTIONS,
190 (const bt_bdaddr_t *)&p_cb->pairing_bda)) {
191 p_cb->loc_auth_req &= ~SMP_KP_SUPPORT_BIT;
192 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
193 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
194 }
195
196 SMP_TRACE_DEBUG("set auth_req: 0x%02x, local_i_key: 0x%02x, local_r_key: 0x%02x\n",
197 p_cb->loc_auth_req, p_cb->local_i_key, p_cb->local_r_key);
198
199 smp_sm_event(p_cb, SMP_IO_RSP_EVT, NULL);
200 break;
201 #if (CLASSIC_BT_INCLUDED == TRUE)
202 case SMP_BR_KEYS_REQ_EVT:
203 p_cb->loc_enc_size = cb_data.io_req.max_key_size;
204 p_cb->local_i_key = cb_data.io_req.init_keys;
205 p_cb->local_r_key = cb_data.io_req.resp_keys;
206
207 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
208 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
209
210 SMP_TRACE_WARNING ( "for SMP over BR max_key_size: 0x%02x,\
211 local_i_key: 0x%02x, local_r_key: 0x%02x\n",
212 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key);
213
214 smp_br_state_machine_event(p_cb, SMP_BR_KEYS_RSP_EVT, NULL);
215 break;
216 #endif ///CLASSIC_BT_INCLUDED == TRUE
217 }
218 }
219 }
220
221 if (!p_cb->cb_evt && p_cb->discard_sec_req) {
222 p_cb->discard_sec_req = FALSE;
223 smp_sm_event(p_cb, SMP_DISCARD_SEC_REQ_EVT, NULL);
224 }
225
226 SMP_TRACE_DEBUG("%s return\n", __func__);
227 }
228
229 /*******************************************************************************
230 ** Function smp_send_pair_fail
231 ** Description pairing failure to peer device if needed.
232 *******************************************************************************/
smp_send_pair_fail(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)233 void smp_send_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
234 {
235 p_cb->status = *(UINT8 *)p_data;
236 p_cb->failure = *(UINT8 *)p_data;
237
238 SMP_TRACE_DEBUG("%s status=%d failure=%d ", __func__, p_cb->status, p_cb->failure);
239
240 if (p_cb->status <= SMP_MAX_FAIL_RSN_PER_SPEC && p_cb->status != SMP_SUCCESS) {
241 smp_send_cmd(SMP_OPCODE_PAIRING_FAILED, p_cb);
242 p_cb->wait_for_authorization_complete = TRUE;
243 }
244 }
245
246 /*******************************************************************************
247 ** Function smp_send_pair_req
248 ** Description actions related to sending pairing request
249 *******************************************************************************/
smp_send_pair_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)250 void smp_send_pair_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
251 {
252 SMP_TRACE_DEBUG("%s\n", __func__);
253
254 #if (BLE_INCLUDED == TRUE)
255 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
256 /* erase all keys when master sends pairing req*/
257 if (p_dev_rec) {
258 btm_sec_clear_ble_keys(p_dev_rec);
259 }
260 #endif ///BLE_INCLUDED == TRUE
261 /* do not manipulate the key, let app decide,
262 leave out to BTM to mandate key distribution for bonding case */
263 smp_send_cmd(SMP_OPCODE_PAIRING_REQ, p_cb);
264 }
265
266 /*******************************************************************************
267 ** Function smp_send_pair_rsp
268 ** Description actions related to sending pairing response
269 *******************************************************************************/
smp_send_pair_rsp(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)270 void smp_send_pair_rsp(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
271 {
272 SMP_TRACE_DEBUG("%s\n", __func__);
273
274 #if (BLE_INCLUDED == TRUE)
275 p_cb->local_i_key &= p_cb->peer_i_key;
276 p_cb->local_r_key &= p_cb->peer_r_key;
277
278 if (smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb)) {
279 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) {
280 smp_use_oob_private_key(p_cb, NULL);
281 } else {
282 smp_decide_association_model(p_cb, NULL);
283 }
284 }
285 #endif ///BLE_INCLUDED == TRUE
286 }
287
288 /*******************************************************************************
289 ** Function smp_send_confirm
290 ** Description send confirmation to the peer
291 *******************************************************************************/
smp_send_confirm(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)292 void smp_send_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
293 {
294 SMP_TRACE_DEBUG("%s\n", __func__);
295 smp_send_cmd(SMP_OPCODE_CONFIRM, p_cb);
296 }
297
298 #if 0 //Unused
299 /*******************************************************************************
300 ** Function smp_send_init
301 ** Description process pairing initializer to slave device
302 *******************************************************************************/
303 void smp_send_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
304 {
305 SMP_TRACE_DEBUG("%s\n", __func__);
306 smp_send_cmd(SMP_OPCODE_INIT, p_cb);
307 }
308 #endif
309
310 /*******************************************************************************
311 ** Function smp_send_rand
312 ** Description send pairing random to the peer
313 *******************************************************************************/
smp_send_rand(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)314 void smp_send_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
315 {
316 SMP_TRACE_DEBUG("%s\n", __func__);
317 smp_send_cmd(SMP_OPCODE_RAND, p_cb);
318 }
319
320 /*******************************************************************************
321 ** Function smp_send_pair_public_key
322 ** Description send pairing public key command to the peer
323 *******************************************************************************/
smp_send_pair_public_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)324 void smp_send_pair_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
325 {
326 SMP_TRACE_DEBUG("%s\n", __func__);
327 smp_send_cmd(SMP_OPCODE_PAIR_PUBLIC_KEY, p_cb);
328 }
329
330 /*******************************************************************************
331 ** Function SMP_SEND_COMMITMENT
332 ** Description send commitment command to the peer
333 *******************************************************************************/
smp_send_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)334 void smp_send_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
335 {
336 SMP_TRACE_DEBUG("%s", __func__);
337 smp_send_cmd(SMP_OPCODE_PAIR_COMMITM, p_cb);
338 }
339
340 /*******************************************************************************
341 ** Function smp_send_dhkey_check
342 ** Description send DHKey Check command to the peer
343 *******************************************************************************/
smp_send_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)344 void smp_send_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
345 {
346 SMP_TRACE_DEBUG("%s", __func__);
347 smp_send_cmd(SMP_OPCODE_PAIR_DHKEY_CHECK, p_cb);
348 }
349
350 /*******************************************************************************
351 ** Function smp_send_keypress_notification
352 ** Description send Keypress Notification command to the peer
353 *******************************************************************************/
smp_send_keypress_notification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)354 void smp_send_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
355 {
356 p_cb->local_keypress_notification = *(UINT8 *) p_data;
357 smp_send_cmd(SMP_OPCODE_PAIR_KEYPR_NOTIF, p_cb);
358 }
359
360 /*******************************************************************************
361 ** Function smp_send_enc_info
362 ** Description send encryption information command.
363 *******************************************************************************/
smp_send_enc_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)364 void smp_send_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
365 {
366 tBTM_LE_LENC_KEYS le_key;
367
368 SMP_TRACE_DEBUG("%s p_cb->loc_enc_size = %d\n", __func__, p_cb->loc_enc_size);
369 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
370
371 smp_send_cmd(SMP_OPCODE_ENCRYPT_INFO, p_cb);
372 smp_send_cmd(SMP_OPCODE_MASTER_ID, p_cb);
373
374 /* save the DIV and key size information when acting as slave device */
375 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
376 le_key.div = p_cb->div;
377 le_key.key_size = p_cb->loc_enc_size;
378 le_key.sec_level = p_cb->sec_level;
379
380 #if (BLE_INCLUDED == TRUE)
381 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND)) {
382 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LENC,
383 (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
384 }
385
386 SMP_TRACE_DEBUG ("%s\n", __func__);
387
388 smp_key_distribution(p_cb, NULL);
389 #endif ///BLE_INCLUDED == TRUE
390 }
391
392 /*******************************************************************************
393 ** Function smp_send_id_info
394 ** Description send ID information command.
395 *******************************************************************************/
smp_send_id_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)396 void smp_send_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
397 {
398 SMP_TRACE_DEBUG("%s\n", __func__);
399 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, FALSE);
400
401 smp_send_cmd(SMP_OPCODE_IDENTITY_INFO, p_cb);
402 smp_send_cmd(SMP_OPCODE_ID_ADDR, p_cb);
403
404 #if (BLE_INCLUDED == TRUE)
405 tBTM_LE_KEY_VALUE le_key;
406 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND)) {
407 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LID,
408 &le_key, TRUE);
409 }
410 #endif ///BLE_INCLUDED == TRUE
411
412 smp_key_distribution_by_transport(p_cb, NULL);
413 }
414
415 #if (BLE_INCLUDED == TRUE)
416 /*******************************************************************************
417 ** Function smp_send_csrk_info
418 ** Description send CSRK command.
419 *******************************************************************************/
smp_send_csrk_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)420 void smp_send_csrk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
421 {
422 tBTM_LE_LCSRK_KEYS key;
423 SMP_TRACE_DEBUG("%s\n", __func__);
424 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, FALSE);
425
426 if (smp_send_cmd(SMP_OPCODE_SIGN_INFO, p_cb)) {
427 key.div = p_cb->div;
428 key.sec_level = p_cb->sec_level;
429 key.counter = 0; /* initialize the local counter */
430 memcpy (key.csrk, p_cb->csrk, BT_OCTET16_LEN);
431 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LCSRK, (tBTM_LE_KEY_VALUE *)&key, TRUE);
432 }
433
434 smp_key_distribution_by_transport(p_cb, NULL);
435 }
436
437 /*******************************************************************************
438 ** Function smp_send_ltk_reply
439 ** Description send LTK reply
440 *******************************************************************************/
smp_send_ltk_reply(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)441 void smp_send_ltk_reply(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
442 {
443 SMP_TRACE_DEBUG("%s", __func__);
444 /* send stk as LTK response */
445 btm_ble_ltk_request_reply(p_cb->pairing_bda, TRUE, p_data->key.p_data);
446 }
447
448 /*******************************************************************************
449 ** Function smp_proc_sec_req
450 ** Description process security request.
451 *******************************************************************************/
smp_proc_sec_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)452 void smp_proc_sec_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
453 {
454 tBTM_LE_AUTH_REQ auth_req = *(tBTM_LE_AUTH_REQ *)p_data;
455 tBTM_BLE_SEC_REQ_ACT sec_req_act;
456 UINT8 reason;
457
458 SMP_TRACE_DEBUG("%s auth_req=0x%x", __func__, auth_req);
459
460 p_cb->cb_evt = 0;
461 btm_ble_link_sec_check(p_cb->pairing_bda, auth_req, &sec_req_act);
462
463 SMP_TRACE_DEBUG("%s sec_req_act=0x%x", __func__, sec_req_act);
464
465 switch (sec_req_act) {
466 case BTM_BLE_SEC_REQ_ACT_ENCRYPT:
467 SMP_TRACE_DEBUG("%s BTM_BLE_SEC_REQ_ACT_ENCRYPT", __func__);
468 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
469 break;
470
471 case BTM_BLE_SEC_REQ_ACT_PAIR:
472 p_cb->secure_connections_only_mode_required =
473 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE;
474
475 /* respond to non SC pairing request as failure in SC only mode */
476 if (p_cb->secure_connections_only_mode_required &&
477 (auth_req & SMP_SC_SUPPORT_BIT) == 0) {
478 reason = SMP_PAIR_AUTH_FAIL;
479 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
480 } else {
481 /* initialize local i/r key to be default keys */
482 p_cb->peer_auth_req = auth_req;
483 p_cb->local_r_key = p_cb->local_i_key = SMP_SEC_DEFAULT_KEY ;
484 p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
485 }
486 break;
487
488 case BTM_BLE_SEC_REQ_ACT_DISCARD:
489 p_cb->discard_sec_req = TRUE;
490 break;
491
492 default:
493 /* do nothing */
494 break;
495 }
496 }
497 #endif ///BLE_INCLUDED == TRUE
498
499 /*******************************************************************************
500 ** Function smp_proc_sec_grant
501 ** Description process security grant.
502 *******************************************************************************/
smp_proc_sec_grant(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)503 void smp_proc_sec_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
504 {
505 UINT8 res = *(UINT8 *)p_data;
506 SMP_TRACE_DEBUG("%s", __func__);
507 if (res != SMP_SUCCESS) {
508 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, p_data);
509 } else { /*otherwise, start pairing */
510 /* send IO request callback */
511 p_cb->cb_evt = SMP_IO_CAP_REQ_EVT;
512 }
513 }
514
515 /*******************************************************************************
516 ** Function smp_proc_pair_fail
517 ** Description process pairing failure from peer device
518 *******************************************************************************/
smp_proc_pair_fail(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)519 void smp_proc_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
520 {
521 SMP_TRACE_DEBUG("%s", __func__);
522 p_cb->status = *(UINT8 *)p_data;
523 }
524
525 /*******************************************************************************
526 ** Function smp_get_auth_mode
527 ** Description Get the SMP pairing auth mode
528 *******************************************************************************/
smp_get_auth_mode(tSMP_ASSO_MODEL model)529 uint16_t smp_get_auth_mode (tSMP_ASSO_MODEL model)
530 {
531 SMP_TRACE_DEBUG("%s model %d", __func__, model);
532 uint16_t auth = 0;
533 if (model == SMP_MODEL_ENCRYPTION_ONLY || model == SMP_MODEL_SEC_CONN_JUSTWORKS) {
534 //No MITM
535 if(model == SMP_MODEL_SEC_CONN_JUSTWORKS) {
536 //SC SMP_SC_SUPPORT_BIT
537 auth |= SMP_SC_SUPPORT_BIT;
538 }
539 } else if (model <= SMP_MODEL_KEY_NOTIF) {
540 //NO SC, MITM
541 auth |= SMP_AUTH_YN_BIT;
542 } else if (model <= SMP_MODEL_SEC_CONN_OOB) {
543 //SC, MITM
544 auth |= SMP_SC_SUPPORT_BIT;
545 auth |= SMP_AUTH_YN_BIT;
546 } else {
547 auth = 0;
548 }
549 return auth;
550 }
551
552 #if (BLE_INCLUDED == TRUE)
553 /*******************************************************************************
554 ** Function smp_proc_pair_cmd
555 ** Description Process the SMP pairing request/response from peer device
556 *******************************************************************************/
smp_proc_pair_cmd(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)557 void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
558 {
559 UINT8 *p = (UINT8 *)p_data;
560 UINT8 reason = SMP_ENC_KEY_SIZE;
561 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
562
563 SMP_TRACE_DEBUG("%s\n", __func__);
564 /* erase all keys if it is slave proc pairing req*/
565 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE)) {
566 btm_sec_clear_ble_keys(p_dev_rec);
567 }
568
569 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
570
571 STREAM_TO_UINT8(p_cb->peer_io_caps, p);
572 STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
573 STREAM_TO_UINT8(p_cb->peer_auth_req, p);
574 STREAM_TO_UINT8(p_cb->peer_enc_size, p);
575 STREAM_TO_UINT8(p_cb->peer_i_key, p);
576 STREAM_TO_UINT8(p_cb->peer_r_key, p);
577
578 if (smp_command_has_invalid_parameters(p_cb)) {
579 reason = SMP_INVALID_PARAMETERS;
580 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
581 return;
582 }
583 p_cb->accept_specified_sec_auth = bta_dm_co_ble_get_accept_auth_enable();
584 p_cb->origin_loc_auth_req = bta_dm_co_ble_get_auth_req();
585 if (p_cb->role == HCI_ROLE_SLAVE) {
586 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)) {
587 /* peer (master) started pairing sending Pairing Request */
588 p_cb->local_i_key = p_cb->peer_i_key;
589 p_cb->local_r_key = p_cb->peer_r_key;
590
591 p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
592 } else { /* update local i/r key according to pairing request */
593 /* pairing started with this side (slave) sending Security Request */
594 p_cb->local_i_key &= p_cb->peer_i_key;
595 p_cb->local_r_key &= p_cb->peer_r_key;
596 p_cb->selected_association_model = smp_select_association_model(p_cb);
597
598 if (p_cb->secure_connections_only_mode_required &&
599 (!(p_cb->le_secure_connections_mode_is_used) ||
600 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS))) {
601 SMP_TRACE_ERROR("%s pairing failed - slave requires secure connection only mode",
602 __func__);
603 reason = SMP_PAIR_AUTH_FAIL;
604 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
605 return;
606 }
607 uint16_t auth = smp_get_auth_mode(p_cb->selected_association_model);
608 if(p_cb->peer_auth_req & p_cb->loc_auth_req & SMP_AUTH_GEN_BOND) {
609 auth |= SMP_AUTH_GEN_BOND;
610 }
611 p_cb->auth_mode = auth;
612 if (p_cb->accept_specified_sec_auth) {
613 if ((auth & p_cb->origin_loc_auth_req) != p_cb->origin_loc_auth_req ) {
614 SMP_TRACE_ERROR("%s pairing failed - slave requires auth is 0x%x but peer auth is 0x%x local auth is 0x%x",
615 __func__, p_cb->origin_loc_auth_req, p_cb->peer_auth_req, p_cb->loc_auth_req);
616 if (BTM_IsAclConnectionUp(p_cb->pairing_bda, BT_TRANSPORT_LE)) {
617 btm_remove_acl (p_cb->pairing_bda, BT_TRANSPORT_LE);
618 }
619 reason = SMP_PAIR_AUTH_FAIL;
620 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
621 return;
622 }
623 }
624
625 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) {
626 if (smp_request_oob_data(p_cb)) {
627 return;
628 }
629 } else {
630 smp_send_pair_rsp(p_cb, NULL);
631 }
632 }
633 } else { /* Master receives pairing response */
634 p_cb->selected_association_model = smp_select_association_model(p_cb);
635
636 if (p_cb->secure_connections_only_mode_required &&
637 (!(p_cb->le_secure_connections_mode_is_used) ||
638 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS))) {
639 SMP_TRACE_ERROR ("Master requires secure connection only mode \
640 but it can't be provided -> Master fails pairing");
641 reason = SMP_PAIR_AUTH_FAIL;
642 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
643 return;
644 }
645
646 uint16_t auth = smp_get_auth_mode(p_cb->selected_association_model);
647 if(p_cb->peer_auth_req & p_cb->loc_auth_req & SMP_AUTH_GEN_BOND) {
648 auth |= SMP_AUTH_GEN_BOND;
649 }
650 p_cb->auth_mode = auth;
651 if (p_cb->accept_specified_sec_auth) {
652 if ((auth & p_cb->origin_loc_auth_req) != p_cb->origin_loc_auth_req ) {
653 SMP_TRACE_ERROR("%s pairing failed - master requires auth is 0x%x but peer auth is 0x%x local auth is 0x%x",
654 __func__, p_cb->origin_loc_auth_req, p_cb->peer_auth_req, p_cb->loc_auth_req);
655 if (BTM_IsAclConnectionUp(p_cb->pairing_bda, BT_TRANSPORT_LE)) {
656 btm_remove_acl (p_cb->pairing_bda, BT_TRANSPORT_LE);
657 }
658 reason = SMP_PAIR_AUTH_FAIL;
659 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
660 return;
661 }
662 }
663
664 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) {
665 if (smp_request_oob_data(p_cb)) {
666 return;
667 }
668 } else {
669 smp_decide_association_model(p_cb, NULL);
670 }
671 }
672 }
673 #endif ///BLE_INCLUDED == TRUE
674
675 /*******************************************************************************
676 ** Function smp_proc_confirm
677 ** Description process pairing confirm from peer device
678 *******************************************************************************/
smp_proc_confirm(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)679 void smp_proc_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
680 {
681 UINT8 *p = (UINT8 *)p_data;
682 UINT8 reason = SMP_INVALID_PARAMETERS;
683
684 SMP_TRACE_DEBUG("%s\n", __func__);
685
686 if (smp_command_has_invalid_parameters(p_cb)) {
687 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
688 return;
689 }
690
691 if (p != NULL) {
692 /* save the SConfirm for comparison later */
693 STREAM_TO_ARRAY(p_cb->rconfirm, p, BT_OCTET16_LEN);
694 }
695
696 p_cb->flags |= SMP_PAIR_FLAGS_CMD_CONFIRM;
697 }
698
699 #if 0 //Unused
700 /*******************************************************************************
701 ** Function smp_proc_init
702 ** Description process pairing initializer from peer device
703 *******************************************************************************/
704 void smp_proc_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
705 {
706 UINT8 *p = (UINT8 *)p_data;
707 UINT8 reason = SMP_INVALID_PARAMETERS;
708
709 SMP_TRACE_DEBUG("%s", __func__);
710
711 if (smp_command_has_invalid_parameters(p_cb)) {
712 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
713 return;
714 }
715
716 /* save the SRand for comparison */
717 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
718 }
719 #endif
720
721 /*******************************************************************************
722 ** Function smp_proc_rand
723 ** Description process pairing random (nonce) from peer device
724 *******************************************************************************/
smp_proc_rand(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)725 void smp_proc_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
726 {
727 UINT8 *p = (UINT8 *)p_data;
728 UINT8 reason = SMP_INVALID_PARAMETERS;
729
730 SMP_TRACE_DEBUG("%s\n", __func__);
731
732 if (smp_command_has_invalid_parameters(p_cb)) {
733 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
734 return;
735 }
736
737 /* save the SRand for comparison */
738 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
739 }
740
741 /*******************************************************************************
742 ** Function smp_process_pairing_public_key
743 ** Description process pairing public key command from the peer device
744 ** - saves the peer public key;
745 ** - sets the flag indicating that the peer public key is received;
746 ** - calls smp_wait_for_both_public_keys(...).
747 **
748 *******************************************************************************/
smp_process_pairing_public_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)749 void smp_process_pairing_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
750 {
751 UINT8 *p = (UINT8 *)p_data;
752 UINT8 reason = SMP_INVALID_PARAMETERS;
753
754 SMP_TRACE_DEBUG("%s", __func__);
755
756 if (smp_command_has_invalid_parameters(p_cb)) {
757 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
758 return;
759 }
760
761 STREAM_TO_ARRAY(p_cb->peer_publ_key.x, p, BT_OCTET32_LEN);
762 STREAM_TO_ARRAY(p_cb->peer_publ_key.y, p, BT_OCTET32_LEN);
763
764 /* Check if the peer device's and own public key are not same. If they are same then
765 * return pairing fail. This check is needed to avoid 'Impersonation in Passkey entry
766 * protocol' vulnerability (CVE-2020-26558).*/
767 if ((memcmp(p_cb->loc_publ_key.x, p_cb->peer_publ_key.x, sizeof(BT_OCTET32)) == 0) &&
768 (memcmp(p_cb->loc_publ_key.y, p_cb->peer_publ_key.y, sizeof(BT_OCTET32)) == 0)) {
769 p_cb->status = SMP_PAIR_AUTH_FAIL;
770 p_cb->failure = SMP_PAIR_AUTH_FAIL;
771 reason = SMP_PAIR_AUTH_FAIL;
772 SMP_TRACE_ERROR("%s, Peer and own device cannot have same public key.", __func__);
773 smp_sm_event(p_cb, SMP_PAIRING_FAILED_EVT, &reason);
774 return ;
775 }
776 /* In order to prevent the x and y coordinates of the public key from being modified,
777 we need to check whether the x and y coordinates are on the given elliptic curve. */
778 if (!ECC_CheckPointIsInElliCur_P256((Point *)&p_cb->peer_publ_key)) {
779 SMP_TRACE_ERROR("%s, Invalid Public key.", __func__);
780 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
781 }
782 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY;
783
784 smp_wait_for_both_public_keys(p_cb, NULL);
785 }
786
787 /*******************************************************************************
788 ** Function smp_process_pairing_commitment
789 ** Description process pairing commitment from peer device
790 *******************************************************************************/
smp_process_pairing_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)791 void smp_process_pairing_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
792 {
793 UINT8 *p = (UINT8 *)p_data;
794 UINT8 reason = SMP_INVALID_PARAMETERS;
795
796 SMP_TRACE_DEBUG("%s", __func__);
797
798 if (smp_command_has_invalid_parameters(p_cb)) {
799 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
800 return;
801 }
802
803 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_COMM;
804
805 if (p != NULL) {
806 STREAM_TO_ARRAY(p_cb->remote_commitment, p, BT_OCTET16_LEN);
807 }
808 }
809
810 /*******************************************************************************
811 ** Function smp_process_dhkey_check
812 ** Description process DHKey Check from peer device
813 *******************************************************************************/
smp_process_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)814 void smp_process_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
815 {
816 UINT8 *p = (UINT8 *)p_data;
817 UINT8 reason = SMP_INVALID_PARAMETERS;
818
819 SMP_TRACE_DEBUG("%s", __func__);
820
821 if (smp_command_has_invalid_parameters(p_cb)) {
822 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
823 return;
824 }
825
826 if (p != NULL) {
827 STREAM_TO_ARRAY(p_cb->remote_dhkey_check, p, BT_OCTET16_LEN);
828 }
829
830 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK;
831 }
832
833 /*******************************************************************************
834 ** Function smp_process_keypress_notification
835 ** Description process pairing keypress notification from peer device
836 *******************************************************************************/
smp_process_keypress_notification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)837 void smp_process_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
838 {
839 UINT8 *p = (UINT8 *)p_data;
840 UINT8 reason = SMP_INVALID_PARAMETERS;
841
842 SMP_TRACE_DEBUG("%s", __func__);
843 p_cb->status = *(UINT8 *)p_data;
844
845 if (smp_command_has_invalid_parameters(p_cb)) {
846 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
847 return;
848 }
849
850 if (p != NULL) {
851 STREAM_TO_UINT8(p_cb->peer_keypress_notification, p);
852 } else {
853 p_cb->peer_keypress_notification = BTM_SP_KEY_OUT_OF_RANGE;
854 }
855 p_cb->cb_evt = SMP_PEER_KEYPR_NOT_EVT;
856 }
857
858 #if (CLASSIC_BT_INCLUDED == TRUE)
859 /*******************************************************************************
860 ** Function smp_br_process_pairing_command
861 ** Description Process the SMP pairing request/response from peer device via
862 ** BR/EDR transport.
863 *******************************************************************************/
smp_br_process_pairing_command(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)864 void smp_br_process_pairing_command(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
865 {
866 UINT8 *p = (UINT8 *)p_data;
867 UINT8 reason = SMP_ENC_KEY_SIZE;
868 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
869
870 SMP_TRACE_DEBUG("%s", __func__);
871 /* rejecting BR pairing request over non-SC BR link */
872 if (!p_dev_rec->new_encryption_key_is_p256 && p_cb->role == HCI_ROLE_SLAVE) {
873 reason = SMP_XTRANS_DERIVE_NOT_ALLOW;
874 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
875 return;
876 }
877
878 #if (BLE_INCLUDED == TRUE)
879 /* erase all keys if it is slave proc pairing req*/
880 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE)) {
881 btm_sec_clear_ble_keys(p_dev_rec);
882 }
883 #endif ///BLE_INCLUDED == TRUE
884
885 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
886
887 STREAM_TO_UINT8(p_cb->peer_io_caps, p);
888 STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
889 STREAM_TO_UINT8(p_cb->peer_auth_req, p);
890 STREAM_TO_UINT8(p_cb->peer_enc_size, p);
891 STREAM_TO_UINT8(p_cb->peer_i_key, p);
892 STREAM_TO_UINT8(p_cb->peer_r_key, p);
893
894 if (smp_command_has_invalid_parameters(p_cb)) {
895 reason = SMP_INVALID_PARAMETERS;
896 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
897 return;
898 }
899
900 /* peer (master) started pairing sending Pairing Request */
901 /* or being master device always use received i/r key as keys to distribute */
902 p_cb->local_i_key = p_cb->peer_i_key;
903 p_cb->local_r_key = p_cb->peer_r_key;
904
905 if (p_cb->role == HCI_ROLE_SLAVE) {
906 p_dev_rec->new_encryption_key_is_p256 = FALSE;
907 /* shortcut to skip Security Grant step */
908 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
909 } else { /* Master receives pairing response */
910 SMP_TRACE_DEBUG("%s master rcvs valid PAIRING RESPONSE."
911 " Supposed to move to key distribution phase. ", __func__);
912 }
913
914 /* auth_req received via BR/EDR SM channel is set to 0,
915 but everything derived/exchanged has to be saved */
916 p_cb->peer_auth_req |= SMP_AUTH_BOND;
917 p_cb->loc_auth_req |= SMP_AUTH_BOND;
918 }
919
920 /*******************************************************************************
921 ** Function smp_br_process_security_grant
922 ** Description process security grant in case of pairing over BR/EDR transport.
923 *******************************************************************************/
smp_br_process_security_grant(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)924 void smp_br_process_security_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
925 {
926 UINT8 res = *(UINT8 *)p_data;
927 SMP_TRACE_DEBUG("%s", __func__);
928 if (res != SMP_SUCCESS) {
929 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, p_data);
930 } else { /*otherwise, start pairing */
931 /* send IO request callback */
932 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
933 }
934 }
935
936 /*******************************************************************************
937 ** Function smp_br_check_authorization_request
938 ** Description sets the SMP kes to be derived/distribute over BR/EDR transport
939 ** before starting the distribution/derivation
940 *******************************************************************************/
smp_br_check_authorization_request(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)941 void smp_br_check_authorization_request(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
942 {
943 UINT8 reason = SMP_SUCCESS;
944
945 SMP_TRACE_DEBUG("%s rcvs i_keys=0x%x r_keys=0x%x "
946 "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key,
947 p_cb->local_r_key);
948
949 /* In LE SC mode LK field is ignored when BR/EDR transport is used */
950 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
951 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
952
953 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
954 ** Set local_r_key on master to expect only these keys. */
955 if (p_cb->role == HCI_ROLE_MASTER) {
956 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
957 }
958
959 SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x "
960 "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key,
961 p_cb->local_r_key);
962
963 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
964 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
965 (p_cb->local_i_key || p_cb->local_r_key)) {
966 smp_br_state_machine_event(p_cb, SMP_BR_BOND_REQ_EVT, NULL);
967
968 /* if no peer key is expected, start master key distribution */
969 if (p_cb->role == HCI_ROLE_MASTER && p_cb->local_r_key == 0) {
970 smp_key_distribution_by_transport(p_cb, NULL);
971 }
972 } else {
973 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
974 }
975 }
976
977 /*******************************************************************************
978 ** Function smp_br_select_next_key
979 ** Description selects the next key to derive/send when BR/EDR transport is
980 ** used.
981 *******************************************************************************/
smp_br_select_next_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)982 void smp_br_select_next_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
983 {
984 UINT8 reason = SMP_SUCCESS;
985 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x",
986 __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
987
988 if (p_cb->role == HCI_ROLE_SLAVE ||
989 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER)) {
990 smp_key_pick_key(p_cb, p_data);
991 }
992
993 if (!p_cb->local_i_key && !p_cb->local_r_key) {
994 /* state check to prevent re-entrance */
995 if (smp_get_br_state() == SMP_BR_STATE_BOND_PENDING) {
996 if (p_cb->total_tx_unacked == 0) {
997 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
998 } else {
999 p_cb->wait_for_authorization_complete = TRUE;
1000 }
1001 }
1002 }
1003 }
1004 #endif ///CLASSIC_BT_INCLUDED == TRUE
1005
1006 #if (BLE_INCLUDED == TRUE)
1007 /*******************************************************************************
1008 ** Function smp_proc_enc_info
1009 ** Description process encryption information from peer device
1010 *******************************************************************************/
smp_proc_enc_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1011 void smp_proc_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1012 {
1013 UINT8 *p = (UINT8 *)p_data;
1014
1015 SMP_TRACE_DEBUG("%s\n", __func__);
1016 STREAM_TO_ARRAY(p_cb->ltk, p, BT_OCTET16_LEN);
1017
1018 smp_key_distribution(p_cb, NULL);
1019 }
1020 #endif ///BLE_INCLUDED == TRUE
1021
1022 /*******************************************************************************
1023 ** Function smp_proc_master_id
1024 ** Description process master ID from slave device
1025 *******************************************************************************/
smp_proc_master_id(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1026 void smp_proc_master_id(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1027 {
1028 UINT8 *p = (UINT8 *)p_data;
1029 tBTM_LE_PENC_KEYS le_key;
1030
1031 SMP_TRACE_DEBUG("%s\np_cb->peer_auth_req = %d,p_cb->loc_auth_req= %d\n", __func__,
1032 p_cb->peer_auth_req, p_cb->loc_auth_req);
1033 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, TRUE);
1034
1035 STREAM_TO_UINT16(le_key.ediv, p);
1036 STREAM_TO_ARRAY(le_key.rand, p, BT_OCTET8_LEN );
1037
1038 /* store the encryption keys from peer device */
1039 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
1040 le_key.sec_level = p_cb->sec_level;
1041 le_key.key_size = p_cb->loc_enc_size;
1042
1043 #if (BLE_INCLUDED == TRUE)
1044 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND)) {
1045 btm_sec_save_le_key(p_cb->pairing_bda,
1046 BTM_LE_KEY_PENC,
1047 (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
1048 }
1049
1050 smp_key_distribution(p_cb, NULL);
1051 #endif ///BLE_INCLUDED == TRUE
1052 }
1053
1054 /*******************************************************************************
1055 ** Function smp_proc_enc_info
1056 ** Description process identity information from peer device
1057 *******************************************************************************/
smp_proc_id_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1058 void smp_proc_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1059 {
1060 UINT8 *p = (UINT8 *)p_data;
1061
1062 SMP_TRACE_DEBUG("%s", __func__);
1063 STREAM_TO_ARRAY (p_cb->tk, p, BT_OCTET16_LEN); /* reuse TK for IRK */
1064 smp_key_distribution_by_transport(p_cb, NULL);
1065 }
1066
1067 /*******************************************************************************
1068 ** Function smp_proc_id_addr
1069 ** Description process identity address from peer device
1070 *******************************************************************************/
smp_proc_id_addr(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1071 void smp_proc_id_addr(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1072 {
1073 UINT8 *p = (UINT8 *)p_data;
1074 tBTM_LE_PID_KEYS pid_key;
1075
1076 SMP_TRACE_DEBUG("%s", __func__);
1077 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, TRUE);
1078
1079 STREAM_TO_UINT8(pid_key.addr_type, p);
1080 STREAM_TO_BDADDR(pid_key.static_addr, p);
1081 memcpy(pid_key.irk, p_cb->tk, BT_OCTET16_LEN);
1082
1083 /* to use as BD_ADDR for lk derived from ltk */
1084 p_cb->id_addr_rcvd = TRUE;
1085 p_cb->id_addr_type = pid_key.addr_type;
1086 memcpy(p_cb->id_addr, pid_key.static_addr, BD_ADDR_LEN);
1087
1088 #if (BLE_INCLUDED == TRUE)
1089 /* store the ID key from peer device */
1090 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND)) {
1091 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PID,
1092 (tBTM_LE_KEY_VALUE *)&pid_key, TRUE);
1093 }
1094 #endif ///BLE_INCLUDED == TRUE
1095
1096 smp_key_distribution_by_transport(p_cb, NULL);
1097 }
1098
1099 /*******************************************************************************
1100 ** Function smp_proc_srk_info
1101 ** Description process security information from peer device
1102 *******************************************************************************/
smp_proc_srk_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1103 void smp_proc_srk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1104 {
1105 #if (BLE_INCLUDED == TRUE)
1106 tBTM_LE_PCSRK_KEYS le_key;
1107
1108 SMP_TRACE_DEBUG("%s", __func__);
1109 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, TRUE);
1110
1111 /* save CSRK to security record */
1112 le_key.sec_level = p_cb->sec_level;
1113 memcpy (le_key.csrk, p_data, BT_OCTET16_LEN); /* get peer CSRK */
1114 le_key.counter = 0; /* initialize the peer counter */
1115
1116 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND)) {
1117 btm_sec_save_le_key(p_cb->pairing_bda,
1118 BTM_LE_KEY_PCSRK,
1119 (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
1120 }
1121
1122 #endif ///BLE_INCLUDED == TRUE
1123 smp_key_distribution_by_transport(p_cb, NULL);
1124 }
1125
1126 /*******************************************************************************
1127 ** Function smp_proc_compare
1128 ** Description process compare value
1129 *******************************************************************************/
smp_proc_compare(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1130 void smp_proc_compare(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1131 {
1132 UINT8 reason;
1133
1134 SMP_TRACE_DEBUG("%s\n", __func__);
1135 if (!memcmp(p_cb->rconfirm, p_data->key.p_data, BT_OCTET16_LEN)) {
1136 /* compare the max encryption key size, and save the smaller one for the link */
1137 if ( p_cb->peer_enc_size < p_cb->loc_enc_size) {
1138 p_cb->loc_enc_size = p_cb->peer_enc_size;
1139 }
1140
1141 if (p_cb->role == HCI_ROLE_SLAVE) {
1142 smp_sm_event(p_cb, SMP_RAND_EVT, NULL);
1143 } else {
1144 /* master device always use received i/r key as keys to distribute */
1145 p_cb->local_i_key = p_cb->peer_i_key;
1146 p_cb->local_r_key = p_cb->peer_r_key;
1147
1148 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1149 }
1150
1151 } else {
1152 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1153 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1154 }
1155 }
1156
1157 #if (BLE_INCLUDED == TRUE)
1158 /*******************************************************************************
1159 ** Function smp_proc_sl_key
1160 ** Description process key ready events.
1161 *******************************************************************************/
smp_proc_sl_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1162 void smp_proc_sl_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1163 {
1164 UINT8 key_type = p_data->key.key_type;
1165
1166 SMP_TRACE_DEBUG("%s\n", __func__);
1167 if (key_type == SMP_KEY_TYPE_TK) {
1168 smp_generate_srand_mrand_confirm(p_cb, NULL);
1169 } else if (key_type == SMP_KEY_TYPE_CFM) {
1170 smp_set_state(SMP_STATE_WAIT_CONFIRM);
1171
1172 if (p_cb->flags & SMP_PAIR_FLAGS_CMD_CONFIRM) {
1173 smp_sm_event(p_cb, SMP_CONFIRM_EVT, NULL);
1174 }
1175 }
1176 }
1177
1178 /*******************************************************************************
1179 ** Function smp_start_enc
1180 ** Description start encryption
1181 *******************************************************************************/
smp_start_enc(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1182 void smp_start_enc(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1183 {
1184 tBTM_STATUS cmd;
1185 UINT8 reason = SMP_ENC_FAIL;
1186
1187 SMP_TRACE_DEBUG("%s\n", __func__);
1188 if (p_data != NULL) {
1189 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, TRUE, p_data->key.p_data);
1190 } else {
1191 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, FALSE, NULL);
1192 }
1193
1194 if (cmd != BTM_CMD_STARTED && cmd != BTM_BUSY) {
1195 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1196 }
1197 }
1198 #endif ///BLE_INCLUDED == TRUE
1199
1200 /*******************************************************************************
1201 ** Function smp_proc_discard
1202 ** Description processing for discard security request
1203 *******************************************************************************/
smp_proc_discard(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1204 void smp_proc_discard(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1205 {
1206 SMP_TRACE_DEBUG("%s\n", __func__);
1207 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)) {
1208 smp_reset_control_value(p_cb);
1209 }
1210 }
1211
1212 /*******************************************************************************
1213 ** Function smp_enc_cmpl
1214 ** Description encryption success
1215 *******************************************************************************/
smp_enc_cmpl(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1216 void smp_enc_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1217 {
1218 UINT8 enc_enable = *(UINT8 *)p_data;
1219 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1220
1221 SMP_TRACE_DEBUG("%s\n", __func__);
1222 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1223 }
1224
1225 /*******************************************************************************
1226 ** Function smp_check_auth_req
1227 ** Description check authentication request
1228 *******************************************************************************/
smp_check_auth_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1229 void smp_check_auth_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1230 {
1231 UINT8 enc_enable = *(UINT8 *)p_data;
1232 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1233
1234 SMP_TRACE_DEBUG("%s rcvs enc_enable=%d i_keys=0x%x r_keys=0x%x "
1235 "(i-initiator r-responder)\n",
1236 __func__, enc_enable, p_cb->local_i_key, p_cb->local_r_key);
1237 if (enc_enable == 1) {
1238 if (p_cb->le_secure_connections_mode_is_used) {
1239 /* In LE SC mode LTK is used instead of STK and has to be always saved */
1240 p_cb->local_i_key |= SMP_SEC_KEY_TYPE_ENC;
1241 p_cb->local_r_key |= SMP_SEC_KEY_TYPE_ENC;
1242
1243 /* In LE SC mode LK is derived from LTK only if both sides request it */
1244 if (!(p_cb->local_i_key & SMP_SEC_KEY_TYPE_LK) ||
1245 !(p_cb->local_r_key & SMP_SEC_KEY_TYPE_LK)) {
1246 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1247 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1248 }
1249
1250 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
1251 ** Set local_r_key on master to expect only these keys.
1252 */
1253 if (p_cb->role == HCI_ROLE_MASTER) {
1254 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
1255 }
1256 } else {
1257 /* in legacy mode derivation of BR/EDR LK is not supported */
1258 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1259 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1260 }
1261 SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x "
1262 "(i-initiator r-responder)\n",
1263 __func__, p_cb->local_i_key, p_cb->local_r_key);
1264
1265 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
1266 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
1267 (p_cb->local_i_key || p_cb->local_r_key)) {
1268 smp_sm_event(p_cb, SMP_BOND_REQ_EVT, NULL);
1269 } else {
1270 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1271 }
1272 } else if (enc_enable == 0) {
1273 /* if failed for encryption after pairing, send callback */
1274 if (p_cb->flags & SMP_PAIR_FLAG_ENC_AFTER_PAIR) {
1275 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1276 }
1277 /* if enc failed for old security information */
1278 /* if master device, clean up and abck to idle; slave device do nothing */
1279 else if (p_cb->role == HCI_ROLE_MASTER) {
1280 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1281 }
1282 }
1283 }
1284
1285 /*******************************************************************************
1286 ** Function smp_key_pick_key
1287 ** Description Pick a key distribution function based on the key mask.
1288 *******************************************************************************/
smp_key_pick_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1289 void smp_key_pick_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1290 {
1291 UINT8 key_to_dist = (p_cb->role == HCI_ROLE_SLAVE) ? p_cb->local_r_key : p_cb->local_i_key;
1292 UINT8 i = 0;
1293
1294 SMP_TRACE_DEBUG("%s key_to_dist=0x%x\n", __func__, key_to_dist);
1295 while (i < SMP_KEY_DIST_TYPE_MAX) {
1296 SMP_TRACE_DEBUG("key to send = %02x, i = %d\n", key_to_dist, i);
1297
1298 if (key_to_dist & (1 << i) && smp_distribute_act[i] != NULL) {
1299 SMP_TRACE_DEBUG("smp_distribute_act[%d]\n", i);
1300 (* smp_distribute_act[i])(p_cb, p_data);
1301 break;
1302 }
1303 i ++;
1304 }
1305 }
1306
1307 #if (BLE_INCLUDED == TRUE)
1308 /*******************************************************************************
1309 ** Function smp_key_distribution
1310 ** Description start key distribution if required.
1311 *******************************************************************************/
smp_key_distribution(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1312 void smp_key_distribution(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1313 {
1314 UINT8 reason = SMP_SUCCESS;
1315 SMP_TRACE_DEBUG("\n%s role=%d (0-master) r_keys=0x%x i_keys=0x%x\n",
1316 __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
1317
1318 if (p_cb->role == HCI_ROLE_SLAVE ||
1319 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER)) {
1320 smp_key_pick_key(p_cb, p_data);
1321 }
1322
1323 if (!p_cb->local_i_key && !p_cb->local_r_key) {
1324 /* state check to prevent re-entrant */
1325 if (smp_get_state() == SMP_STATE_BOND_PENDING) {
1326 if (p_cb->derive_lk) {
1327 smp_derive_link_key_from_long_term_key(p_cb, NULL);
1328 p_cb->derive_lk = FALSE;
1329 }
1330
1331 if (p_cb->total_tx_unacked == 0) {
1332 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1333 } else {
1334 p_cb->wait_for_authorization_complete = TRUE;
1335 }
1336 }
1337 }
1338 }
1339
1340 /*******************************************************************************
1341 ** Function smp_decide_association_model
1342 ** Description This function is called to select assoc model to be used for
1343 ** STK generation and to start STK generation process.
1344 **
1345 *******************************************************************************/
smp_decide_association_model(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1346 void smp_decide_association_model(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1347 {
1348 UINT8 failure = SMP_UNKNOWN_IO_CAP;
1349 UINT8 int_evt = 0;
1350 tSMP_KEY key;
1351 tSMP_INT_DATA *p = NULL;
1352
1353 SMP_TRACE_DEBUG("%s Association Model = %d\n", __func__, p_cb->selected_association_model);
1354
1355 switch (p_cb->selected_association_model) {
1356 case SMP_MODEL_ENCRYPTION_ONLY: /* TK = 0, go calculate Confirm */
1357 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1358 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) \n", p_cb->sec_level );
1359
1360 key.key_type = SMP_KEY_TYPE_TK;
1361 key.p_data = p_cb->tk;
1362 p = (tSMP_INT_DATA *)&key;
1363
1364 memset(p_cb->tk, 0, BT_OCTET16_LEN);
1365 /* TK, ready */
1366 int_evt = SMP_KEY_READY_EVT;
1367 break;
1368
1369 case SMP_MODEL_PASSKEY:
1370 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1371 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) \n", p_cb->sec_level );
1372
1373 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1374 int_evt = SMP_TK_REQ_EVT;
1375 break;
1376
1377 case SMP_MODEL_OOB:
1378 SMP_TRACE_ERROR ("Association Model = SMP_MODEL_OOB\n");
1379 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1380 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) \n", p_cb->sec_level );
1381
1382 p_cb->cb_evt = SMP_OOB_REQ_EVT;
1383 int_evt = SMP_TK_REQ_EVT;
1384 break;
1385
1386 case SMP_MODEL_KEY_NOTIF:
1387 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1388 SMP_TRACE_DEBUG("Need to generate Passkey\n");
1389
1390 /* generate passkey and notify application */
1391 smp_generate_passkey(p_cb, NULL);
1392 break;
1393
1394 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1395 case SMP_MODEL_SEC_CONN_NUM_COMP:
1396 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1397 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1398 case SMP_MODEL_SEC_CONN_OOB:
1399 int_evt = SMP_PUBL_KEY_EXCH_REQ_EVT;
1400 break;
1401
1402 case SMP_MODEL_OUT_OF_RANGE:
1403 SMP_TRACE_ERROR("Association Model = SMP_MODEL_OUT_OF_RANGE (failed)\n");
1404 p = (tSMP_INT_DATA *)&failure;
1405 int_evt = SMP_AUTH_CMPL_EVT;
1406 break;
1407
1408 default:
1409 SMP_TRACE_ERROR("Association Model = %d (SOMETHING IS WRONG WITH THE CODE)\n",
1410 p_cb->selected_association_model);
1411 p = (tSMP_INT_DATA *)&failure;
1412 int_evt = SMP_AUTH_CMPL_EVT;
1413 }
1414
1415 SMP_TRACE_EVENT ("sec_level=%d \n", p_cb->sec_level );
1416 if (int_evt) {
1417 smp_sm_event(p_cb, int_evt, p);
1418 }
1419 }
1420
1421 /*******************************************************************************
1422 ** Function smp_process_io_response
1423 ** Description process IO response for a slave device.
1424 *******************************************************************************/
smp_process_io_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1425 void smp_process_io_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1426 {
1427 uint8_t reason = SMP_PAIR_AUTH_FAIL;
1428 SMP_TRACE_DEBUG("%s\n", __func__);
1429 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD) {
1430 /* pairing started by local (slave) Security Request */
1431 smp_set_state(SMP_STATE_SEC_REQ_PENDING);
1432 smp_send_cmd(SMP_OPCODE_SEC_REQ, p_cb);
1433 } else { /* plan to send pairing respond */
1434 /* pairing started by peer (master) Pairing Request */
1435 p_cb->selected_association_model = smp_select_association_model(p_cb);
1436
1437 if (p_cb->secure_connections_only_mode_required &&
1438 (!(p_cb->le_secure_connections_mode_is_used) ||
1439 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS))) {
1440 SMP_TRACE_ERROR ("Slave requires secure connection only mode \
1441 but it can't be provided -> Slave fails pairing\n");
1442 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1443 return;
1444 }
1445 uint16_t auth = smp_get_auth_mode(p_cb->selected_association_model);
1446 if(p_cb->peer_auth_req & p_cb->loc_auth_req & SMP_AUTH_GEN_BOND) {
1447 auth |= SMP_AUTH_GEN_BOND;
1448 }
1449 p_cb->auth_mode = auth;
1450 if (p_cb->accept_specified_sec_auth) {
1451 if ((auth & p_cb->origin_loc_auth_req) != p_cb->origin_loc_auth_req ) {
1452 SMP_TRACE_ERROR("pairing failed - slave requires auth is 0x%x but peer auth is 0x%x local auth is 0x%x",
1453 p_cb->origin_loc_auth_req, p_cb->peer_auth_req, p_cb->loc_auth_req);
1454 if (BTM_IsAclConnectionUp(p_cb->pairing_bda, BT_TRANSPORT_LE)) {
1455 btm_remove_acl (p_cb->pairing_bda, BT_TRANSPORT_LE);
1456 }
1457 reason = SMP_PAIR_AUTH_FAIL;
1458 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1459 return;
1460 }
1461 }
1462
1463 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) {
1464 if (smp_request_oob_data(p_cb)) {
1465 return;
1466 }
1467 }
1468 smp_send_pair_rsp(p_cb, NULL);
1469 }
1470 }
1471 #endif ///BLE_INCLUDED == TRUE
1472
1473 /*******************************************************************************
1474 ** Function smp_br_process_slave_keys_response
1475 ** Description process application keys response for a slave device
1476 ** (BR/EDR transport).
1477 *******************************************************************************/
smp_br_process_slave_keys_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1478 void smp_br_process_slave_keys_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1479 {
1480 smp_br_send_pair_response(p_cb, NULL);
1481 }
1482
1483 /*******************************************************************************
1484 ** Function smp_br_send_pair_response
1485 ** Description actions related to sending pairing response over BR/EDR transport.
1486 *******************************************************************************/
smp_br_send_pair_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1487 void smp_br_send_pair_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1488 {
1489 SMP_TRACE_DEBUG("%s\n", __func__);
1490
1491 p_cb->local_i_key &= p_cb->peer_i_key;
1492 p_cb->local_r_key &= p_cb->peer_r_key;
1493
1494 smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb);
1495 }
1496
1497 /*******************************************************************************
1498 ** Function smp_pairing_cmpl
1499 ** Description This function is called to send the pairing complete callback
1500 ** and remove the connection if needed.
1501 *******************************************************************************/
smp_pairing_cmpl(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1502 void smp_pairing_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1503 {
1504 if (p_cb->total_tx_unacked == 0) {
1505 /* process the pairing complete */
1506 smp_proc_pairing_cmpl(p_cb);
1507 }
1508 }
1509
1510 /*******************************************************************************
1511 ** Function smp_pair_terminate
1512 ** Description This function is called to send the pairing complete callback
1513 ** and remove the connection if needed.
1514 *******************************************************************************/
smp_pair_terminate(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1515 void smp_pair_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1516 {
1517 SMP_TRACE_DEBUG("%s\n", __func__);
1518 p_cb->status = SMP_CONN_TOUT;
1519 smp_proc_pairing_cmpl(p_cb);
1520 }
1521
1522 /*******************************************************************************
1523 ** Function smp_idle_terminate
1524 ** Description This function calledin idle state to determine to send authentication
1525 ** complete or not.
1526 *******************************************************************************/
smp_idle_terminate(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1527 void smp_idle_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1528 {
1529 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD) {
1530 SMP_TRACE_DEBUG("Pairing terminated at IDLE state.\n");
1531 p_cb->status = SMP_FAIL;
1532 smp_proc_pairing_cmpl(p_cb);
1533 }
1534 }
1535
1536 #if (BLE_INCLUDED == TRUE)
1537 /*******************************************************************************
1538 ** Function smp_fast_conn_param
1539 ** Description apply default connection parameter for pairing process
1540 *******************************************************************************/
smp_fast_conn_param(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1541 void smp_fast_conn_param(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1542 {
1543 #if (BT_MULTI_CONNECTION_ENBALE == FALSE)
1544 if(p_cb->role == BTM_ROLE_MASTER) {
1545 L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, FALSE);
1546 }
1547 #endif
1548 #if (SMP_SLAVE_CON_PARAMS_UPD_ENABLE == TRUE)
1549 else {
1550 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (p_cb->pairing_bda);
1551 if(p_rec && p_rec->ble.skip_update_conn_param) {
1552 //do nothing
1553 return;
1554 }
1555 /* Disable L2CAP connection parameter updates while bonding since
1556 some peripherals are not able to revert to fast connection parameters
1557 during the start of service discovery. Connection paramter updates
1558 get enabled again once service discovery completes. */
1559 #if (BT_MULTI_CONNECTION_ENBALE == FALSE)
1560 L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, FALSE);
1561 #endif
1562 }
1563 #endif
1564 }
1565
1566 /*******************************************************************************
1567 ** Function smp_both_have_public_keys
1568 ** Description The function is called when both local and peer public keys are
1569 ** saved.
1570 ** Actions:
1571 ** - invokes DHKey computation;
1572 ** - on slave side invokes sending local public key to the peer.
1573 ** - invokes SC phase 1 process.
1574 *******************************************************************************/
smp_both_have_public_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1575 void smp_both_have_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1576 {
1577 SMP_TRACE_DEBUG("%s\n", __func__);
1578
1579 /* invokes DHKey computation */
1580 smp_compute_dhkey(p_cb);
1581
1582 /* on slave side invokes sending local public key to the peer */
1583 if (p_cb->role == HCI_ROLE_SLAVE) {
1584 smp_send_pair_public_key(p_cb, NULL);
1585 }
1586
1587 smp_sm_event(p_cb, SMP_SC_DHKEY_CMPLT_EVT, NULL);
1588 }
1589
1590 /*******************************************************************************
1591 ** Function smp_start_secure_connection_phase1
1592 ** Description The function starts Secure Connection phase1 i.e. invokes initialization of Secure Connection
1593 ** phase 1 parameters and starts building/sending to the peer
1594 ** messages appropriate for the role and association model.
1595 *******************************************************************************/
smp_start_secure_connection_phase1(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1596 void smp_start_secure_connection_phase1(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1597 {
1598 SMP_TRACE_DEBUG("%s\n", __func__);
1599
1600 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS) {
1601 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1602 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE)\n ", p_cb->sec_level );
1603 } else {
1604 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1605 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED)\n ", p_cb->sec_level );
1606 }
1607
1608 switch (p_cb->selected_association_model) {
1609 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1610 case SMP_MODEL_SEC_CONN_NUM_COMP:
1611 memset(p_cb->local_random, 0, BT_OCTET16_LEN);
1612 smp_start_nonce_generation(p_cb);
1613 break;
1614 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1615 /* user has to provide passkey */
1616 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1617 smp_sm_event(p_cb, SMP_TK_REQ_EVT, NULL);
1618 break;
1619 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1620 /* passkey has to be provided to user */
1621 SMP_TRACE_DEBUG("Need to generate SC Passkey\n");
1622 smp_generate_passkey(p_cb, NULL);
1623 break;
1624 case SMP_MODEL_SEC_CONN_OOB:
1625 /* use the available OOB information */
1626 smp_process_secure_connection_oob_data(p_cb, NULL);
1627 break;
1628 default:
1629 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC\n",
1630 p_cb->selected_association_model);
1631 break;
1632 }
1633 }
1634
1635 /*******************************************************************************
1636 ** Function smp_process_local_nonce
1637 ** Description The function processes new local nonce.
1638 **
1639 ** Note It is supposed to be called in SC phase1.
1640 *******************************************************************************/
smp_process_local_nonce(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1641 void smp_process_local_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1642 {
1643 SMP_TRACE_DEBUG("%s\n", __func__);
1644
1645 switch (p_cb->selected_association_model) {
1646 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1647 case SMP_MODEL_SEC_CONN_NUM_COMP:
1648 if (p_cb->role == HCI_ROLE_SLAVE) {
1649 /* slave calculates and sends local commitment */
1650 smp_calculate_local_commitment(p_cb);
1651 smp_send_commitment(p_cb, NULL);
1652 /* slave has to wait for peer nonce */
1653 smp_set_state(SMP_STATE_WAIT_NONCE);
1654 } else { /* i.e. master */
1655 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM) {
1656 /* slave commitment is already received, send local nonce, wait for remote nonce*/
1657 SMP_TRACE_DEBUG("master in assoc mode = %d \
1658 already rcvd slave commitment - race condition\n",
1659 p_cb->selected_association_model);
1660 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1661 smp_send_rand(p_cb, NULL);
1662 smp_set_state(SMP_STATE_WAIT_NONCE);
1663 }
1664 }
1665 break;
1666 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1667 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1668 smp_calculate_local_commitment(p_cb);
1669
1670 if (p_cb->role == HCI_ROLE_MASTER) {
1671 smp_send_commitment(p_cb, NULL);
1672 } else { /* slave */
1673 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM) {
1674 /* master commitment is already received */
1675 smp_send_commitment(p_cb, NULL);
1676 smp_set_state(SMP_STATE_WAIT_NONCE);
1677 }
1678 }
1679 break;
1680 case SMP_MODEL_SEC_CONN_OOB:
1681 if (p_cb->role == HCI_ROLE_MASTER) {
1682 smp_send_rand(p_cb, NULL);
1683 }
1684
1685 smp_set_state(SMP_STATE_WAIT_NONCE);
1686 break;
1687 default:
1688 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC\n",
1689 p_cb->selected_association_model);
1690 break;
1691 }
1692 }
1693
1694 /*******************************************************************************
1695 ** Function smp_process_peer_nonce
1696 ** Description The function processes newly received and saved in CB peer nonce.
1697 ** The actions depend on the selected association model and the role.
1698 **
1699 ** Note It is supposed to be called in SC phase1.
1700 *******************************************************************************/
smp_process_peer_nonce(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1701 void smp_process_peer_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1702 {
1703 UINT8 reason;
1704
1705 SMP_TRACE_DEBUG("%s start \n", __func__);
1706
1707 switch (p_cb->selected_association_model) {
1708 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1709 case SMP_MODEL_SEC_CONN_NUM_COMP:
1710 /* in these models only master receives commitment */
1711 if (p_cb->role == HCI_ROLE_MASTER) {
1712 if (!smp_check_commitment(p_cb)) {
1713 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1714 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1715 break;
1716 }
1717 } else {
1718 /* slave sends local nonce */
1719 smp_send_rand(p_cb, NULL);
1720 }
1721
1722 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS) {
1723 /* go directly to phase 2 */
1724 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1725 } else { /* numeric comparison */
1726 smp_set_state(SMP_STATE_WAIT_NONCE);
1727 smp_sm_event(p_cb, SMP_SC_CALC_NC_EVT, NULL);
1728 }
1729 break;
1730 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1731 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1732 if (!smp_check_commitment(p_cb)) {
1733 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1734 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1735 break;
1736 }
1737
1738 if (p_cb->role == HCI_ROLE_SLAVE) {
1739 smp_send_rand(p_cb, NULL);
1740 }
1741
1742 if (++p_cb->round < 20) {
1743 smp_set_state(SMP_STATE_SEC_CONN_PHS1_START);
1744 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1745 smp_start_nonce_generation(p_cb);
1746 break;
1747 }
1748
1749 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1750 break;
1751 case SMP_MODEL_SEC_CONN_OOB:
1752 if (p_cb->role == HCI_ROLE_SLAVE) {
1753 smp_send_rand(p_cb, NULL);
1754 }
1755
1756 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1757 break;
1758 default:
1759 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC\n",
1760 p_cb->selected_association_model);
1761 break;
1762 }
1763
1764 SMP_TRACE_DEBUG("%s end\n ", __FUNCTION__);
1765 }
1766 #endif ///BLE_INCLUDED == TRUE
1767
1768 /*******************************************************************************
1769 ** Function smp_match_dhkey_checks
1770 ** Description checks if the calculated peer DHKey Check value is the same as
1771 ** received from the peer DHKey check value.
1772 *******************************************************************************/
smp_match_dhkey_checks(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1773 void smp_match_dhkey_checks(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1774 {
1775 UINT8 reason = SMP_DHKEY_CHK_FAIL;
1776
1777 SMP_TRACE_DEBUG("%s\n", __func__);
1778
1779 if (memcmp(p_data->key.p_data, p_cb->remote_dhkey_check, BT_OCTET16_LEN)) {
1780 SMP_TRACE_WARNING ("dhkey checks do no match\n");
1781 p_cb->failure = reason;
1782 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1783 return;
1784 }
1785
1786 SMP_TRACE_EVENT ("dhkey checks match\n");
1787
1788 /* compare the max encryption key size, and save the smaller one for the link */
1789 if (p_cb->peer_enc_size < p_cb->loc_enc_size) {
1790 p_cb->loc_enc_size = p_cb->peer_enc_size;
1791 }
1792
1793 if (p_cb->role == HCI_ROLE_SLAVE) {
1794 smp_sm_event(p_cb, SMP_PAIR_DHKEY_CHCK_EVT, NULL);
1795 } else {
1796 /* master device always use received i/r key as keys to distribute */
1797 p_cb->local_i_key = p_cb->peer_i_key;
1798 p_cb->local_r_key = p_cb->peer_r_key;
1799 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1800 }
1801 }
1802
1803 /*******************************************************************************
1804 ** Function smp_move_to_secure_connections_phase2
1805 ** Description Signal State Machine to start SC phase 2 initialization (to
1806 ** compute local DHKey Check value).
1807 **
1808 ** Note SM is supposed to be in the state SMP_STATE_SEC_CONN_PHS2_START.
1809 *******************************************************************************/
smp_move_to_secure_connections_phase2(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1810 void smp_move_to_secure_connections_phase2(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1811 {
1812 SMP_TRACE_DEBUG("%s\n", __func__);
1813 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1814 }
1815
1816 /*******************************************************************************
1817 ** Function smp_phase_2_dhkey_checks_are_present
1818 ** Description generates event if dhkey check from the peer is already received.
1819 **
1820 ** Note It is supposed to be used on slave to prevent race condition.
1821 ** It is supposed to be called after slave dhkey check is calculated.
1822 *******************************************************************************/
smp_phase_2_dhkey_checks_are_present(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1823 void smp_phase_2_dhkey_checks_are_present(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1824 {
1825 SMP_TRACE_DEBUG("%s\n", __func__);
1826
1827 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK) {
1828 smp_sm_event(p_cb, SMP_SC_2_DHCK_CHKS_PRES_EVT, NULL);
1829 }
1830 }
1831
1832 /*******************************************************************************
1833 ** Function smp_wait_for_both_public_keys
1834 ** Description generates SMP_BOTH_PUBL_KEYS_RCVD_EVT event when both local and master
1835 ** public keys are available.
1836 **
1837 ** Note on the slave it is used to prevent race condition.
1838 **
1839 *******************************************************************************/
smp_wait_for_both_public_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1840 void smp_wait_for_both_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1841 {
1842 SMP_TRACE_DEBUG("%s\n", __func__);
1843
1844 if ((p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY) &&
1845 (p_cb->flags & SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY)) {
1846 if ((p_cb->role == HCI_ROLE_SLAVE) &&
1847 ((p_cb->req_oob_type == SMP_OOB_LOCAL) || (p_cb->req_oob_type == SMP_OOB_BOTH))) {
1848 smp_set_state(SMP_STATE_PUBLIC_KEY_EXCH);
1849 }
1850 smp_sm_event(p_cb, SMP_BOTH_PUBL_KEYS_RCVD_EVT, NULL);
1851 }
1852 }
1853
1854 #if (BLE_INCLUDED == TRUE)
1855 /*******************************************************************************
1856 ** Function smp_start_passkey_verification
1857 ** Description Starts SC passkey entry verification.
1858 *******************************************************************************/
smp_start_passkey_verification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1859 void smp_start_passkey_verification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1860 {
1861 UINT8 *p = NULL;
1862
1863 SMP_TRACE_DEBUG("%s\n", __func__);
1864 p = p_cb->local_random;
1865 UINT32_TO_STREAM(p, p_data->passkey);
1866
1867 p = p_cb->peer_random;
1868 UINT32_TO_STREAM(p, p_data->passkey);
1869
1870 p_cb->round = 0;
1871 smp_start_nonce_generation(p_cb);
1872 }
1873
1874 /*******************************************************************************
1875 ** Function smp_process_secure_connection_oob_data
1876 ** Description Processes local/peer SC OOB data received from somewhere.
1877 *******************************************************************************/
smp_process_secure_connection_oob_data(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1878 void smp_process_secure_connection_oob_data(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1879 {
1880 SMP_TRACE_DEBUG("%s\n", __func__);
1881
1882 tSMP_SC_OOB_DATA *p_sc_oob_data = &p_cb->sc_oob_data;
1883 if (p_sc_oob_data->loc_oob_data.present) {
1884 memcpy(p_cb->local_random, p_sc_oob_data->loc_oob_data.randomizer,
1885 sizeof(p_cb->local_random));
1886 } else {
1887 SMP_TRACE_EVENT ("local OOB randomizer is absent\n");
1888 memset(p_cb->local_random, 0, sizeof (p_cb->local_random));
1889 }
1890
1891 if (!p_sc_oob_data->peer_oob_data.present) {
1892 SMP_TRACE_EVENT ("peer OOB data is absent\n");
1893 memset(p_cb->peer_random, 0, sizeof (p_cb->peer_random));
1894 } else {
1895 memcpy(p_cb->peer_random, p_sc_oob_data->peer_oob_data.randomizer,
1896 sizeof(p_cb->peer_random));
1897 memcpy(p_cb->remote_commitment, p_sc_oob_data->peer_oob_data.commitment,
1898 sizeof(p_cb->remote_commitment));
1899
1900 UINT8 reason = SMP_CONFIRM_VALUE_ERR;
1901 /* check commitment */
1902 if (!smp_check_commitment(p_cb)) {
1903 p_cb->failure = reason;
1904 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1905 return;
1906 }
1907
1908 if (p_cb->peer_oob_flag != SMP_OOB_PRESENT) {
1909 /* the peer doesn't have local randomiser */
1910 SMP_TRACE_EVENT ("peer didn't receive local OOB data, set local randomizer to 0\n");
1911 memset(p_cb->local_random, 0, sizeof (p_cb->local_random));
1912 }
1913 }
1914
1915 print128(p_cb->local_random, (const UINT8 *)"local OOB randomizer");
1916 print128(p_cb->peer_random, (const UINT8 *)"peer OOB randomizer");
1917 smp_start_nonce_generation(p_cb);
1918 }
1919
1920 /*******************************************************************************
1921 ** Function smp_set_local_oob_keys
1922 ** Description Saves calculated private/public keys in sc_oob_data.loc_oob_data,
1923 ** starts nonce generation
1924 ** (to be saved in sc_oob_data.loc_oob_data.randomizer).
1925 *******************************************************************************/
smp_set_local_oob_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1926 void smp_set_local_oob_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1927 {
1928 SMP_TRACE_DEBUG("%s\n", __func__);
1929
1930 memcpy(p_cb->sc_oob_data.loc_oob_data.private_key_used, p_cb->private_key,
1931 BT_OCTET32_LEN);
1932 p_cb->sc_oob_data.loc_oob_data.publ_key_used = p_cb->loc_publ_key;
1933 smp_start_nonce_generation(p_cb);
1934 }
1935
1936 /*******************************************************************************
1937 ** Function smp_set_local_oob_random_commitment
1938 ** Description Saves calculated randomizer and commitment in sc_oob_data.loc_oob_data,
1939 ** passes sc_oob_data.loc_oob_data up for safekeeping.
1940 *******************************************************************************/
smp_set_local_oob_random_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1941 void smp_set_local_oob_random_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1942 {
1943 SMP_TRACE_DEBUG("%s\n", __func__);
1944 memcpy(p_cb->sc_oob_data.loc_oob_data.randomizer, p_cb->rand,
1945 BT_OCTET16_LEN);
1946
1947 smp_calculate_f4(p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1948 p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1949 p_cb->sc_oob_data.loc_oob_data.randomizer, 0,
1950 p_cb->sc_oob_data.loc_oob_data.commitment);
1951
1952 #if SMP_DEBUG == TRUE
1953 UINT8 *p_print = NULL;
1954 SMP_TRACE_DEBUG("local SC OOB data set:\n");
1955 p_print = (UINT8 *) &p_cb->sc_oob_data.loc_oob_data.addr_sent_to;
1956 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"addr_sent_to",
1957 sizeof(tBLE_BD_ADDR));
1958 p_print = (UINT8 *) &p_cb->sc_oob_data.loc_oob_data.private_key_used;
1959 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"private_key_used",
1960 BT_OCTET32_LEN);
1961 p_print = (UINT8 *) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.x;
1962 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.x",
1963 BT_OCTET32_LEN);
1964 p_print = (UINT8 *) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.y;
1965 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.y",
1966 BT_OCTET32_LEN);
1967 p_print = (UINT8 *) &p_cb->sc_oob_data.loc_oob_data.randomizer;
1968 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"randomizer",
1969 BT_OCTET16_LEN);
1970 p_print = (UINT8 *) &p_cb->sc_oob_data.loc_oob_data.commitment;
1971 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *) "commitment",
1972 BT_OCTET16_LEN);
1973 SMP_TRACE_DEBUG("");
1974 #endif
1975
1976 /* pass created OOB data up */
1977 p_cb->cb_evt = SMP_SC_LOC_OOB_DATA_UP_EVT;
1978 smp_send_app_cback(p_cb, NULL);
1979
1980 smp_cb_cleanup(p_cb);
1981 }
1982
1983 /*******************************************************************************
1984 **
1985 ** Function smp_link_encrypted
1986 **
1987 ** Description This function is called when link is encrypted and notified to
1988 ** slave device. Proceed to to send LTK, DIV and ER to master if
1989 ** bonding the devices.
1990 **
1991 **
1992 ** Returns void
1993 **
1994 *******************************************************************************/
smp_link_encrypted(BD_ADDR bda,UINT8 encr_enable)1995 void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable)
1996 {
1997 tSMP_CB *p_cb = &smp_cb;
1998 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bda);
1999 SMP_TRACE_DEBUG("%s encr_enable=%d\n", __func__, encr_enable);
2000
2001 if (memcmp(&smp_cb.pairing_bda[0], bda, BD_ADDR_LEN) == 0) {
2002 /* encryption completed with STK, remmeber the key size now, could be overwite
2003 * when key exchange happens */
2004 if (p_cb->loc_enc_size != 0 && encr_enable) {
2005 /* update the link encryption key size if a SMP pairing just performed */
2006 btm_ble_update_sec_key_size(bda, p_cb->loc_enc_size);
2007 }
2008
2009 smp_sm_event(&smp_cb, SMP_ENCRYPTED_EVT, &encr_enable);
2010 } else if (p_dev_rec && !p_dev_rec->role_master && !p_dev_rec->enc_init_by_we ){
2011 /*
2012 if enc_init_by_we is false, it means that client initiates encryption before slave calls esp_ble_set_encryption()
2013 we need initiate pairing_bda and p_cb->role then encryption, for example iPhones
2014 */
2015 memcpy(&smp_cb.pairing_bda[0], bda, BD_ADDR_LEN);
2016 p_cb->state = SMP_STATE_ENCRYPTION_PENDING;
2017 p_cb->role = HCI_ROLE_SLAVE;
2018 p_dev_rec->enc_init_by_we = FALSE;
2019 smp_sm_event(&smp_cb, SMP_ENCRYPTED_EVT, &encr_enable);
2020 } else if (p_dev_rec && p_dev_rec->role_master && p_dev_rec->enc_init_by_we){
2021 memcpy(&smp_cb.pairing_bda[0], bda, BD_ADDR_LEN);
2022 p_cb->state = SMP_STATE_ENCRYPTION_PENDING;
2023 p_cb->role = HCI_ROLE_MASTER;
2024 p_dev_rec->enc_init_by_we = FALSE;
2025 smp_sm_event(&smp_cb, SMP_ENCRYPTED_EVT, &encr_enable);
2026 }
2027 }
2028
2029 /*******************************************************************************
2030 **
2031 ** Function smp_proc_ltk_request
2032 **
2033 ** Description This function is called when LTK request is received from
2034 ** controller.
2035 **
2036 ** Returns void
2037 **
2038 *******************************************************************************/
smp_proc_ltk_request(BD_ADDR bda)2039 BOOLEAN smp_proc_ltk_request(BD_ADDR bda)
2040 {
2041 SMP_TRACE_DEBUG("%s state = %d\n", __func__, smp_cb.state);
2042 BOOLEAN match = FALSE;
2043
2044 if (!memcmp(bda, smp_cb.pairing_bda, BD_ADDR_LEN)) {
2045 match = TRUE;
2046 } else {
2047 BD_ADDR dummy_bda = {0};
2048 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bda);
2049 if (p_dev_rec != NULL &&
2050 0 == memcmp(p_dev_rec->ble.pseudo_addr, smp_cb.pairing_bda, BD_ADDR_LEN) &&
2051 0 != memcmp(p_dev_rec->ble.pseudo_addr, dummy_bda, BD_ADDR_LEN)) {
2052 match = TRUE;
2053 }
2054 }
2055
2056 if (match && smp_cb.state == SMP_STATE_ENCRYPTION_PENDING) {
2057 smp_sm_event(&smp_cb, SMP_ENC_REQ_EVT, NULL);
2058 return TRUE;
2059 }
2060
2061 return FALSE;
2062 }
2063
2064 /*******************************************************************************
2065 **
2066 ** Function smp_process_secure_connection_long_term_key
2067 **
2068 ** Description This function is called to process SC LTK.
2069 ** SC LTK is calculated and used instead of STK.
2070 ** Here SC LTK is saved in BLE DB.
2071 **
2072 ** Returns void
2073 **
2074 *******************************************************************************/
smp_process_secure_connection_long_term_key(void)2075 void smp_process_secure_connection_long_term_key(void)
2076 {
2077 tSMP_CB *p_cb = &smp_cb;
2078
2079 SMP_TRACE_DEBUG("%s\n", __func__);
2080 smp_save_secure_connections_long_term_key(p_cb);
2081
2082 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
2083 smp_key_distribution(p_cb, NULL);
2084 }
2085
2086 /*******************************************************************************
2087 **
2088 ** Function smp_set_derive_link_key
2089 **
2090 ** Description This function is called to set flag that indicates that
2091 ** BR/EDR LK has to be derived from LTK after all keys are
2092 ** distributed.
2093 **
2094 ** Returns void
2095 **
2096 *******************************************************************************/
smp_set_derive_link_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2097 void smp_set_derive_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2098 {
2099 SMP_TRACE_DEBUG ("%s\n", __func__);
2100 p_cb->derive_lk = TRUE;
2101 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_LK, FALSE);
2102 smp_key_distribution(p_cb, NULL);
2103 }
2104
2105 /*******************************************************************************
2106 **
2107 ** Function smp_derive_link_key_from_long_term_key
2108 **
2109 ** Description This function is called to derive BR/EDR LK from LTK.
2110 **
2111 ** Returns void
2112 **
2113 *******************************************************************************/
smp_derive_link_key_from_long_term_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2114 void smp_derive_link_key_from_long_term_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2115 {
2116 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
2117
2118 SMP_TRACE_DEBUG("%s\n", __func__);
2119 if (!smp_calculate_link_key_from_long_term_key(p_cb)) {
2120 SMP_TRACE_ERROR("%s failed\n", __FUNCTION__);
2121 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
2122 return;
2123 }
2124 }
2125 #endif ///BLE_INCLUDED == TRUE
2126
2127 #if (CLASSIC_BT_INCLUDED == TRUE)
2128 /*******************************************************************************
2129 **
2130 ** Function smp_br_process_link_key
2131 **
2132 ** Description This function is called to process BR/EDR LK:
2133 ** - to derive SMP LTK from BR/EDR LK;
2134 *8 - to save SMP LTK.
2135 **
2136 ** Returns void
2137 **
2138 *******************************************************************************/
smp_br_process_link_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2139 void smp_br_process_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2140 {
2141 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
2142
2143 SMP_TRACE_DEBUG("%s\n", __func__);
2144 if (!smp_calculate_long_term_key_from_link_key(p_cb)) {
2145 SMP_TRACE_ERROR ("%s failed\n", __FUNCTION__);
2146 smp_sm_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &status);
2147 return;
2148 }
2149
2150 SMP_TRACE_DEBUG("%s: LTK derivation from LK successfully completed\n", __FUNCTION__);
2151 smp_save_secure_connections_long_term_key(p_cb);
2152 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
2153 smp_br_select_next_key(p_cb, NULL);
2154 }
2155 #endif ///CLASSIC_BT_INCLUDED == TRUE
2156
2157 /*******************************************************************************
2158 ** Function smp_key_distribution_by_transport
2159 ** Description depending on the transport used at the moment calls either
2160 ** smp_key_distribution(...) or smp_br_key_distribution(...).
2161 *******************************************************************************/
smp_key_distribution_by_transport(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2162 void smp_key_distribution_by_transport(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2163 {
2164 SMP_TRACE_DEBUG("%s\n", __func__);
2165 if (p_cb->smp_over_br) {
2166 #if (CLASSIC_BT_INCLUDED == TRUE)
2167 smp_br_select_next_key(p_cb, NULL);
2168 #endif ///CLASSIC_BT_INCLUDED == TRUE
2169 } else {
2170 #if (BLE_INCLUDED == TRUE)
2171 smp_key_distribution(p_cb, NULL);
2172 #endif ///BLE_INCLUDED == TRUE
2173 }
2174 }
2175
2176 /*******************************************************************************
2177 ** Function smp_br_pairing_complete
2178 ** Description This function is called to send the pairing complete callback
2179 ** and remove the connection if needed.
2180 *******************************************************************************/
smp_br_pairing_complete(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2181 void smp_br_pairing_complete(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2182 {
2183 SMP_TRACE_DEBUG("%s\n", __func__);
2184
2185 if (p_cb->total_tx_unacked == 0) {
2186 /* process the pairing complete */
2187 smp_proc_pairing_cmpl(p_cb);
2188 }
2189 }
2190
2191 #endif
2192
