1 /******************************************************************************
2 *
3 * Copyright (C) 2014-2015 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 #include "common/bt_target.h"
20
21 #include <string.h>
22 #include "smp_int.h"
23
24 #if ( CLASSIC_BT_INCLUDED== TRUE && SMP_INCLUDED == TRUE)
25
26 const char *const smp_br_state_name [SMP_BR_STATE_MAX + 1] = {
27 "SMP_BR_STATE_IDLE",
28 "SMP_BR_STATE_WAIT_APP_RSP",
29 "SMP_BR_STATE_PAIR_REQ_RSP",
30 "SMP_BR_STATE_BOND_PENDING",
31 "SMP_BR_STATE_OUT_OF_RANGE"
32 };
33
34 const char *const smp_br_event_name [SMP_BR_MAX_EVT] = {
35 "BR_PAIRING_REQ_EVT",
36 "BR_PAIRING_RSP_EVT",
37 "BR_CONFIRM_EVT",
38 "BR_RAND_EVT",
39 "BR_PAIRING_FAILED_EVT",
40 "BR_ENCRPTION_INFO_EVT",
41 "BR_MASTER_ID_EVT",
42 "BR_ID_INFO_EVT",
43 "BR_ID_ADDR_EVT",
44 "BR_SIGN_INFO_EVT",
45 "BR_SECURITY_REQ_EVT",
46 "BR_PAIR_PUBLIC_KEY_EVT",
47 "BR_PAIR_DHKEY_CHCK_EVT",
48 "BR_PAIR_KEYPR_NOTIF_EVT",
49 "BR_KEY_READY_EVT",
50 "BR_ENCRYPTED_EVT",
51 "BR_L2CAP_CONN_EVT",
52 "BR_L2CAP_DISCONN_EVT",
53 "BR_KEYS_RSP_EVT",
54 "BR_API_SEC_GRANT_EVT",
55 "BR_TK_REQ_EVT",
56 "BR_AUTH_CMPL_EVT",
57 "BR_ENC_REQ_EVT",
58 "BR_BOND_REQ_EVT",
59 "BR_DISCARD_SEC_REQ_EVT",
60 "BR_OUT_OF_RANGE_EVT"
61 };
62
63 const char *smp_get_br_event_name(tSMP_BR_EVENT event);
64 const char *smp_get_br_state_name(tSMP_BR_STATE state);
65
66 #define SMP_BR_SM_IGNORE 0
67 #define SMP_BR_NUM_ACTIONS 2
68 #define SMP_BR_SME_NEXT_STATE 2
69 #define SMP_BR_SM_NUM_COLS 3
70 typedef const UINT8 (*tSMP_BR_SM_TBL)[SMP_BR_SM_NUM_COLS];
71
72 enum {
73 SMP_SEND_PAIR_REQ,
74 SMP_BR_SEND_PAIR_RSP,
75 SMP_SEND_PAIR_FAIL,
76 SMP_SEND_ID_INFO,
77 SMP_BR_PROC_PAIR_CMD,
78 SMP_PROC_PAIR_FAIL,
79 SMP_PROC_ID_INFO,
80 SMP_PROC_ID_ADDR,
81 SMP_PROC_SRK_INFO,
82 SMP_BR_PROC_SEC_GRANT,
83 SMP_BR_PROC_SL_KEYS_RSP,
84 SMP_BR_KEY_DISTRIBUTION,
85 SMP_BR_PAIRING_COMPLETE,
86 SMP_SEND_APP_CBACK,
87 SMP_BR_CHECK_AUTH_REQ,
88 SMP_PAIR_TERMINATE,
89 SMP_IDLE_TERMINATE,
90 SMP_BR_SM_NO_ACTION
91 };
92
93 static const tSMP_ACT smp_br_sm_action[] = {
94 smp_send_pair_req,
95 smp_br_send_pair_response,
96 smp_send_pair_fail,
97 smp_send_id_info,
98 smp_br_process_pairing_command,
99 smp_proc_pair_fail,
100 smp_proc_id_info,
101 smp_proc_id_addr,
102 smp_proc_srk_info,
103 smp_br_process_security_grant,
104 smp_br_process_slave_keys_response,
105 smp_br_select_next_key,
106 smp_br_pairing_complete,
107 smp_send_app_cback,
108 smp_br_check_authorization_request,
109 smp_pair_terminate,
110 smp_idle_terminate
111 };
112
113 static const UINT8 smp_br_all_table[][SMP_BR_SM_NUM_COLS] = {
114 /* Event Action Next State */
115 /* BR_PAIRING_FAILED */ {SMP_PROC_PAIR_FAIL, SMP_BR_PAIRING_COMPLETE, SMP_BR_STATE_IDLE},
116 /* BR_AUTH_CMPL */ {SMP_SEND_PAIR_FAIL, SMP_BR_PAIRING_COMPLETE, SMP_BR_STATE_IDLE},
117 /* BR_L2CAP_DISCONN */ {SMP_PAIR_TERMINATE, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_IDLE}
118 };
119
120 /************ SMP Master FSM State/Event Indirection Table **************/
121 static const UINT8 smp_br_master_entry_map[][SMP_BR_STATE_MAX] = {
122 /* br_state name: Idle WaitApp Pair Bond
123 Rsp ReqRsp Pend */
124 /* BR_PAIRING_REQ */ { 0, 0, 0, 0 },
125 /* BR_PAIRING_RSP */ { 0, 0, 1, 0 },
126 /* BR_CONFIRM */ { 0, 0, 0, 0 },
127 /* BR_RAND */ { 0, 0, 0, 0 },
128 /* BR_PAIRING_FAILED */ { 0, 0x81, 0x81, 0 },
129 /* BR_ENCRPTION_INFO */ { 0, 0, 0, 0 },
130 /* BR_MASTER_ID */ { 0, 0, 0, 0 },
131 /* BR_ID_INFO */ { 0, 0, 0, 1 },
132 /* BR_ID_ADDR */ { 0, 0, 0, 2 },
133 /* BR_SIGN_INFO */ { 0, 0, 0, 3 },
134 /* BR_SECURITY_REQ */ { 0, 0, 0, 0 },
135 /* BR_PAIR_PUBLIC_KEY_EVT */ { 0, 0, 0, 0 },
136 /* BR_PAIR_DHKEY_CHCK_EVT */ { 0, 0, 0, 0 },
137 /* BR_PAIR_KEYPR_NOTIF_EVT */ { 0, 0, 0, 0 },
138 /* BR_KEY_READY */ { 0, 0, 0, 0 },
139 /* BR_ENCRYPTED */ { 0, 0, 0, 0 },
140 /* BR_L2CAP_CONN */ { 1, 0, 0, 0 },
141 /* BR_L2CAP_DISCONN */ { 2, 0x83, 0x83, 0x83 },
142 /* BR_KEYS_RSP */ { 0, 1, 0, 0 },
143 /* BR_API_SEC_GRANT */ { 0, 0, 0, 0 },
144 /* BR_TK_REQ */ { 0, 0, 0, 0 },
145 /* BR_AUTH_CMPL */ { 0, 0x82, 0x82, 0x82 },
146 /* BR_ENC_REQ */ { 0, 0, 0, 0 },
147 /* BR_BOND_REQ */ { 0, 0, 2, 0 },
148 /* BR_DISCARD_SEC_REQ */ { 0, 0, 0, 0 }
149 };
150
151 static const UINT8 smp_br_master_idle_table[][SMP_BR_SM_NUM_COLS] = {
152 /* Event Action Next State */
153 /* BR_L2CAP_CONN */ {SMP_SEND_APP_CBACK, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_WAIT_APP_RSP},
154 /* BR_L2CAP_DISCONN */ {SMP_IDLE_TERMINATE, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_IDLE}
155 };
156
157 static const UINT8 smp_br_master_wait_appln_response_table[][SMP_BR_SM_NUM_COLS] = {
158 /* Event Action Next State */
159 /* BR_KEYS_RSP */{SMP_SEND_PAIR_REQ, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_PAIR_REQ_RSP}
160 };
161
162 static const UINT8 smp_br_master_pair_request_response_table [][SMP_BR_SM_NUM_COLS] = {
163 /* Event Action Next State */
164 /* BR_PAIRING_RSP */ {SMP_BR_PROC_PAIR_CMD, SMP_BR_CHECK_AUTH_REQ, SMP_BR_STATE_PAIR_REQ_RSP},
165 /* BR_BOND_REQ */ {SMP_BR_SM_NO_ACTION, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING}
166 };
167
168 static const UINT8 smp_br_master_bond_pending_table[][SMP_BR_SM_NUM_COLS] = {
169 /* Event Action Next State */
170 /* BR_ID_INFO */{SMP_PROC_ID_INFO, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING},
171 /* BR_ID_ADDR */{SMP_PROC_ID_ADDR, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING},
172 /* BR_SIGN_INFO */{SMP_PROC_SRK_INFO, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING}
173 };
174
175 static const UINT8 smp_br_slave_entry_map[][SMP_BR_STATE_MAX] = {
176 /* br_state name: Idle WaitApp Pair Bond
177 Rsp ReqRsp Pend */
178 /* BR_PAIRING_REQ */ { 1, 0, 0, 0 },
179 /* BR_PAIRING_RSP */ { 0, 0, 0, 0 },
180 /* BR_CONFIRM */ { 0, 0, 0, 0 },
181 /* BR_RAND */ { 0, 0, 0, 0 },
182 /* BR_PAIRING_FAILED */ { 0, 0x81, 0x81, 0x81 },
183 /* BR_ENCRPTION_INFO */ { 0, 0, 0, 0 },
184 /* BR_MASTER_ID */ { 0, 0, 0, 0 },
185 /* BR_ID_INFO */ { 0, 0, 0, 1 },
186 /* BR_ID_ADDR */ { 0, 0, 0, 2 },
187 /* BR_SIGN_INFO */ { 0, 0, 0, 3 },
188 /* BR_SECURITY_REQ */ { 0, 0, 0, 0 },
189 /* BR_PAIR_PUBLIC_KEY_EVT */ { 0, 0, 0, 0 },
190 /* BR_PAIR_DHKEY_CHCK_EVT */ { 0, 0, 0, 0 },
191 /* BR_PAIR_KEYPR_NOTIF_EVT */ { 0, 0, 0, 0 },
192 /* BR_KEY_READY */ { 0, 0, 0, 0 },
193 /* BR_ENCRYPTED */ { 0, 0, 0, 0 },
194 /* BR_L2CAP_CONN */ { 0, 0, 0, 0 },
195 /* BR_L2CAP_DISCONN */ { 0, 0x83, 0x83, 0x83 },
196 /* BR_KEYS_RSP */ { 0, 2, 0, 0 },
197 /* BR_API_SEC_GRANT */ { 0, 1, 0, 0 },
198 /* BR_TK_REQ */ { 0, 0, 0, 0 },
199 /* BR_AUTH_CMPL */ { 0, 0x82, 0x82, 0x82 },
200 /* BR_ENC_REQ */ { 0, 0, 0, 0 },
201 /* BR_BOND_REQ */ { 0, 3, 0, 0 },
202 /* BR_DISCARD_SEC_REQ */ { 0, 0, 0, 0 }
203 };
204
205 static const UINT8 smp_br_slave_idle_table[][SMP_BR_SM_NUM_COLS] = {
206 /* Event Action Next State */
207 /* BR_PAIRING_REQ */ {SMP_BR_PROC_PAIR_CMD, SMP_SEND_APP_CBACK, SMP_BR_STATE_WAIT_APP_RSP}
208 };
209
210 static const UINT8 smp_br_slave_wait_appln_response_table [][SMP_BR_SM_NUM_COLS] = {
211 /* Event Action Next State */
212 /* BR_API_SEC_GRANT */ {SMP_BR_PROC_SEC_GRANT, SMP_SEND_APP_CBACK, SMP_BR_STATE_WAIT_APP_RSP},
213 /* BR_KEYS_RSP */{SMP_BR_PROC_SL_KEYS_RSP, SMP_BR_CHECK_AUTH_REQ, SMP_BR_STATE_WAIT_APP_RSP},
214 /* BR_BOND_REQ */ {SMP_BR_KEY_DISTRIBUTION, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING}
215 };
216
217 static const UINT8 smp_br_slave_bond_pending_table[][SMP_BR_SM_NUM_COLS] = {
218 /* Event Action Next State */
219 /* BR_ID_INFO */ {SMP_PROC_ID_INFO, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING},
220 /* BR_ID_ADDR */ {SMP_PROC_ID_ADDR, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING},
221 /* BR_SIGN_INFO */ {SMP_PROC_SRK_INFO, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING}
222 };
223
224 static const tSMP_BR_SM_TBL smp_br_state_table[][2] = {
225 /* SMP_BR_STATE_IDLE */
226 {smp_br_master_idle_table, smp_br_slave_idle_table},
227
228 /* SMP_BR_STATE_WAIT_APP_RSP */
229 {smp_br_master_wait_appln_response_table, smp_br_slave_wait_appln_response_table},
230
231 /* SMP_BR_STATE_PAIR_REQ_RSP */
232 {smp_br_master_pair_request_response_table, NULL},
233
234 /* SMP_BR_STATE_BOND_PENDING */
235 {smp_br_master_bond_pending_table, smp_br_slave_bond_pending_table},
236 };
237
238 typedef const UINT8 (*tSMP_BR_ENTRY_TBL)[SMP_BR_STATE_MAX];
239
240 static const tSMP_BR_ENTRY_TBL smp_br_entry_table[] = {
241 smp_br_master_entry_map,
242 smp_br_slave_entry_map
243 };
244
245 #define SMP_BR_ALL_TABLE_MASK 0x80
246
247 /*******************************************************************************
248 ** Function smp_set_br_state
249 ** Returns None
250 *******************************************************************************/
smp_set_br_state(tSMP_BR_STATE br_state)251 void smp_set_br_state(tSMP_BR_STATE br_state)
252 {
253 if (br_state < SMP_BR_STATE_MAX) {
254 SMP_TRACE_DEBUG( "BR_State change: %s(%d) ==> %s(%d)",
255 smp_get_br_state_name(smp_cb.br_state), smp_cb.br_state,
256 smp_get_br_state_name(br_state), br_state );
257 smp_cb.br_state = br_state;
258 } else {
259 SMP_TRACE_DEBUG("%s invalid br_state =%d", __FUNCTION__, br_state );
260 }
261 }
262
263 /*******************************************************************************
264 ** Function smp_get_br_state
265 ** Returns The smp_br state
266 *******************************************************************************/
smp_get_br_state(void)267 tSMP_BR_STATE smp_get_br_state(void)
268 {
269 return smp_cb.br_state;
270 }
271
272 /*******************************************************************************
273 ** Function smp_get_br_state_name
274 ** Returns The smp_br state name.
275 *******************************************************************************/
smp_get_br_state_name(tSMP_BR_STATE br_state)276 const char *smp_get_br_state_name(tSMP_BR_STATE br_state)
277 {
278 const char *p_str = smp_br_state_name[SMP_BR_STATE_MAX];
279
280 if (br_state < SMP_BR_STATE_MAX) {
281 p_str = smp_br_state_name[br_state];
282 }
283
284 return p_str;
285 }
286 /*******************************************************************************
287 ** Function smp_get_br_event_name
288 ** Returns The smp_br event name.
289 *******************************************************************************/
smp_get_br_event_name(tSMP_BR_EVENT event)290 const char *smp_get_br_event_name(tSMP_BR_EVENT event)
291 {
292 const char *p_str = smp_br_event_name[SMP_BR_MAX_EVT - 1];
293
294 if (event < SMP_BR_MAX_EVT) {
295 p_str = smp_br_event_name[event - 1];
296 }
297 return p_str;
298 }
299
300 /*******************************************************************************
301 **
302 ** Function smp_br_state_machine_event
303 **
304 ** Description Handle events to the state machine. It looks up the entry
305 ** in the smp_br_entry_table array.
306 ** If it is a valid entry, it gets the state table.Set the next state,
307 ** if not NULL state. Execute the action function according to the
308 ** state table. If the state returned by action function is not NULL
309 ** state, adjust the new state to the returned state.
310 **
311 ** Returns void.
312 **
313 *******************************************************************************/
smp_br_state_machine_event(tSMP_CB * p_cb,tSMP_BR_EVENT event,void * p_data)314 void smp_br_state_machine_event(tSMP_CB *p_cb, tSMP_BR_EVENT event, void *p_data)
315 {
316 tSMP_BR_STATE curr_state = p_cb->br_state;
317 tSMP_BR_SM_TBL state_table;
318 UINT8 action, entry;
319 tSMP_BR_ENTRY_TBL entry_table = smp_br_entry_table[p_cb->role];
320
321 SMP_TRACE_EVENT("main %s", __func__);
322 if (curr_state >= SMP_BR_STATE_MAX) {
323 SMP_TRACE_DEBUG( "Invalid br_state: %d", curr_state) ;
324 return;
325 }
326
327 SMP_TRACE_DEBUG( "SMP Role: %s State: [%s (%d)], Event: [%s (%d)]",
328 (p_cb->role == HCI_ROLE_SLAVE) ? "Slave" : "Master",
329 smp_get_br_state_name( p_cb->br_state),
330 p_cb->br_state, smp_get_br_event_name(event), event) ;
331
332 /* look up the state table for the current state */
333 /* lookup entry / w event & curr_state */
334 /* If entry is ignore, return.
335 * Otherwise, get state table (according to curr_state or all_state) */
336 if ((event <= SMP_BR_MAX_EVT) && ( (entry = entry_table[event - 1][curr_state])
337 != SMP_BR_SM_IGNORE )) {
338 if (entry & SMP_BR_ALL_TABLE_MASK) {
339 entry &= ~SMP_BR_ALL_TABLE_MASK;
340 state_table = smp_br_all_table;
341 } else {
342 state_table = smp_br_state_table[curr_state][p_cb->role];
343 }
344 } else {
345 SMP_TRACE_DEBUG( "Ignore event [%s (%d)] in state [%s (%d)]",
346 smp_get_br_event_name(event), event,
347 smp_get_br_state_name(curr_state), curr_state);
348 return;
349 }
350
351 /* Get possible next state from state table. */
352
353 smp_set_br_state(state_table[entry - 1][SMP_BR_SME_NEXT_STATE]);
354
355 /* If action is not ignore, clear param, exec action and get next state.
356 * The action function may set the Param for cback.
357 * Depending on param, call cback or free buffer. */
358 /* execute action functions */
359 for (UINT8 i = 0; i < SMP_BR_NUM_ACTIONS; i++) {
360 if ((action = state_table[entry - 1][i]) != SMP_BR_SM_NO_ACTION) {
361 (*smp_br_sm_action[action])(p_cb, (tSMP_INT_DATA *)p_data);
362 } else {
363 break;
364 }
365 }
366 SMP_TRACE_DEBUG( "result state = %s", smp_get_br_state_name( p_cb->br_state ) ) ;
367 }
368
369 #endif
370
