1 /******************************************************************************
2 *
3 * Copyright (C) 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains functions for the SMP L2CAP utility functions
22 *
23 ******************************************************************************/
24 #include "common/bt_target.h"
25
26 #if SMP_INCLUDED == TRUE
27
28 #include "stack/bt_types.h"
29 //#include "bt_utils.h"
30 #include <string.h>
31 //#include <ctype.h>
32 #include "stack/hcidefs.h"
33 #include "stack/btm_ble_api.h"
34 #include "stack/l2c_api.h"
35 #include "l2c_int.h"
36 #include "smp_int.h"
37 #include "device/controller.h"
38 #include "btm_int.h"
39 #include "common/bte_appl.h"
40
41 #define SMP_PAIRING_REQ_SIZE 7
42 #define SMP_CONFIRM_CMD_SIZE (BT_OCTET16_LEN + 1)
43 #define SMP_RAND_CMD_SIZE (BT_OCTET16_LEN + 1)
44 #define SMP_INIT_CMD_SIZE (BT_OCTET16_LEN + 1)
45 #define SMP_ENC_INFO_SIZE (BT_OCTET16_LEN + 1)
46 #define SMP_MASTER_ID_SIZE (BT_OCTET8_LEN + 2 + 1)
47 #define SMP_ID_INFO_SIZE (BT_OCTET16_LEN + 1)
48 #define SMP_ID_ADDR_SIZE (BD_ADDR_LEN + 1 + 1)
49 #define SMP_SIGN_INFO_SIZE (BT_OCTET16_LEN + 1)
50 #define SMP_PAIR_FAIL_SIZE 2
51 #define SMP_SECURITY_REQUEST_SIZE 2
52 #define SMP_PAIR_PUBL_KEY_SIZE (1 /* opcode */ + (2*BT_OCTET32_LEN))
53 #define SMP_PAIR_COMMITM_SIZE (1 /* opcode */ + BT_OCTET16_LEN /*Commitment*/)
54 #define SMP_PAIR_DHKEY_CHECK_SIZE (1 /* opcode */ + BT_OCTET16_LEN /*DHKey Check*/)
55 #define SMP_PAIR_KEYPR_NOTIF_SIZE (1 /* opcode */ + 1 /*Notif Type*/)
56
57 /* SMP command sizes per spec */
58 static const UINT8 smp_cmd_size_per_spec[] = {
59 0,
60 SMP_PAIRING_REQ_SIZE, /* 0x01: pairing request */
61 SMP_PAIRING_REQ_SIZE, /* 0x02: pairing response */
62 SMP_CONFIRM_CMD_SIZE, /* 0x03: pairing confirm */
63 SMP_RAND_CMD_SIZE, /* 0x04: pairing random */
64 SMP_PAIR_FAIL_SIZE, /* 0x05: pairing failed */
65 SMP_ENC_INFO_SIZE, /* 0x06: encryption information */
66 SMP_MASTER_ID_SIZE, /* 0x07: master identification */
67 SMP_ID_INFO_SIZE, /* 0x08: identity information */
68 SMP_ID_ADDR_SIZE, /* 0x09: identity address information */
69 SMP_SIGN_INFO_SIZE, /* 0x0A: signing information */
70 SMP_SECURITY_REQUEST_SIZE, /* 0x0B: security request */
71 SMP_PAIR_PUBL_KEY_SIZE, /* 0x0C: pairing public key */
72 SMP_PAIR_DHKEY_CHECK_SIZE, /* 0x0D: pairing dhkey check */
73 SMP_PAIR_KEYPR_NOTIF_SIZE, /* 0x0E: pairing keypress notification */
74 SMP_PAIR_COMMITM_SIZE /* 0x0F: pairing commitment */
75 };
76
77 static BOOLEAN smp_parameter_unconditionally_valid(tSMP_CB *p_cb);
78 static BOOLEAN smp_parameter_unconditionally_invalid(tSMP_CB *p_cb);
79
80 /* type for SMP command length validation functions */
81 typedef BOOLEAN (*tSMP_CMD_LEN_VALID)(tSMP_CB *p_cb);
82
83 static BOOLEAN smp_command_has_valid_fixed_length(tSMP_CB *p_cb);
84
85 static const tSMP_CMD_LEN_VALID smp_cmd_len_is_valid[] = {
86 smp_parameter_unconditionally_invalid,
87 smp_command_has_valid_fixed_length, /* 0x01: pairing request */
88 smp_command_has_valid_fixed_length, /* 0x02: pairing response */
89 smp_command_has_valid_fixed_length, /* 0x03: pairing confirm */
90 smp_command_has_valid_fixed_length, /* 0x04: pairing random */
91 smp_command_has_valid_fixed_length, /* 0x05: pairing failed */
92 smp_command_has_valid_fixed_length, /* 0x06: encryption information */
93 smp_command_has_valid_fixed_length, /* 0x07: master identification */
94 smp_command_has_valid_fixed_length, /* 0x08: identity information */
95 smp_command_has_valid_fixed_length, /* 0x09: identity address information */
96 smp_command_has_valid_fixed_length, /* 0x0A: signing information */
97 smp_command_has_valid_fixed_length, /* 0x0B: security request */
98 smp_command_has_valid_fixed_length, /* 0x0C: pairing public key */
99 smp_command_has_valid_fixed_length, /* 0x0D: pairing dhkey check */
100 smp_command_has_valid_fixed_length, /* 0x0E: pairing keypress notification */
101 smp_command_has_valid_fixed_length /* 0x0F: pairing commitment */
102 };
103
104 /* type for SMP command parameter ranges validation functions */
105 typedef BOOLEAN (*tSMP_CMD_PARAM_RANGES_VALID)(tSMP_CB *p_cb);
106
107 static BOOLEAN smp_pairing_request_response_parameters_are_valid(tSMP_CB *p_cb);
108 static BOOLEAN smp_pairing_keypress_notification_is_valid(tSMP_CB *p_cb);
109
110 static const tSMP_CMD_PARAM_RANGES_VALID smp_cmd_param_ranges_are_valid[] = {
111 smp_parameter_unconditionally_invalid,
112 smp_pairing_request_response_parameters_are_valid, /* 0x01: pairing request */
113 smp_pairing_request_response_parameters_are_valid, /* 0x02: pairing response */
114 smp_parameter_unconditionally_valid, /* 0x03: pairing confirm */
115 smp_parameter_unconditionally_valid, /* 0x04: pairing random */
116 smp_parameter_unconditionally_valid, /* 0x05: pairing failed */
117 smp_parameter_unconditionally_valid, /* 0x06: encryption information */
118 smp_parameter_unconditionally_valid, /* 0x07: master identification */
119 smp_parameter_unconditionally_valid, /* 0x08: identity information */
120 smp_parameter_unconditionally_valid, /* 0x09: identity address information */
121 smp_parameter_unconditionally_valid, /* 0x0A: signing information */
122 smp_parameter_unconditionally_valid, /* 0x0B: security request */
123 smp_parameter_unconditionally_valid, /* 0x0C: pairing public key */
124 smp_parameter_unconditionally_valid, /* 0x0D: pairing dhkey check */
125 smp_pairing_keypress_notification_is_valid, /* 0x0E: pairing keypress notification */
126 smp_parameter_unconditionally_valid /* 0x0F: pairing commitment */
127 };
128
129 /* type for action functions */
130 typedef BT_HDR *(*tSMP_CMD_ACT)(UINT8 cmd_code, tSMP_CB *p_cb);
131
132 static BT_HDR *smp_build_pairing_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
133 static BT_HDR *smp_build_confirm_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
134 static BT_HDR *smp_build_rand_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
135 static BT_HDR *smp_build_pairing_fail(UINT8 cmd_code, tSMP_CB *p_cb);
136 static BT_HDR *smp_build_identity_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
137 static BT_HDR *smp_build_encrypt_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
138 static BT_HDR *smp_build_security_request(UINT8 cmd_code, tSMP_CB *p_cb);
139 static BT_HDR *smp_build_signing_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
140 static BT_HDR *smp_build_master_id_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
141 static BT_HDR *smp_build_id_addr_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
142 static BT_HDR *smp_build_pair_public_key_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
143 static BT_HDR *smp_build_pairing_commitment_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
144 static BT_HDR *smp_build_pair_dhkey_check_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
145 static BT_HDR *smp_build_pairing_keypress_notification_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
146
147 static const tSMP_CMD_ACT smp_cmd_build_act[] = {
148 NULL,
149 smp_build_pairing_cmd, /* 0x01: pairing request */
150 smp_build_pairing_cmd, /* 0x02: pairing response */
151 smp_build_confirm_cmd, /* 0x03: pairing confirm */
152 smp_build_rand_cmd, /* 0x04: pairing random */
153 smp_build_pairing_fail, /* 0x05: pairing failure */
154 smp_build_encrypt_info_cmd, /* 0x06: encryption information */
155 smp_build_master_id_cmd, /* 0x07: master identification */
156 smp_build_identity_info_cmd, /* 0x08: identity information */
157 smp_build_id_addr_cmd, /* 0x09: identity address information */
158 smp_build_signing_info_cmd, /* 0x0A: signing information */
159 smp_build_security_request, /* 0x0B: security request */
160 smp_build_pair_public_key_cmd, /* 0x0C: pairing public key */
161 smp_build_pair_dhkey_check_cmd, /* 0x0D: pairing DHKey check */
162 smp_build_pairing_keypress_notification_cmd, /* 0x0E: pairing keypress notification */
163 smp_build_pairing_commitment_cmd /* 0x0F: pairing commitment */
164 };
165
166 static const UINT8 smp_association_table[2][SMP_IO_CAP_MAX][SMP_IO_CAP_MAX] = {
167 /* display only */ /* Display Yes/No */ /* keyboard only */
168 /* No Input/Output */ /* keyboard display */
169
170 /* initiator */
171 /* model = tbl[peer_io_caps][loc_io_caps] */
172 /* Display Only */
173 { {
174 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY,
175 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY
176 },
177
178 /* Display Yes/No */
179 {
180 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY,
181 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY
182 },
183
184 /* Keyboard only */
185 {
186 SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY,
187 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF
188 },
189
190 /* No Input No Output */
191 {
192 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY,
193 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY
194 },
195
196 /* keyboard display */
197 {
198 SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY,
199 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF
200 }
201 },
202
203 /* responder */
204 /* model = tbl[loc_io_caps][peer_io_caps] */
205 /* Display Only */
206 { {
207 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF,
208 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF
209 },
210
211 /* Display Yes/No */
212 {
213 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF,
214 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF
215 },
216
217 /* keyboard only */
218 {
219 SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY,
220 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY
221 },
222
223 /* No Input No Output */
224 {
225 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY,
226 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY
227 },
228
229 /* keyboard display */
230 {
231 SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_KEY_NOTIF,
232 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY
233 }
234 }
235 };
236
237 static const UINT8 smp_association_table_sc[2][SMP_IO_CAP_MAX][SMP_IO_CAP_MAX] = {
238 /* display only */ /* Display Yes/No */ /* keyboard only */
239 /* No InputOutput */ /* keyboard display */
240
241 /* initiator */
242 /* model = tbl[peer_io_caps][loc_io_caps] */
243
244 /* Display Only */
245 { {
246 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_PASSKEY_ENT,
247 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_PASSKEY_ENT
248 },
249
250 /* Display Yes/No */
251 {
252 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_NUM_COMP, SMP_MODEL_SEC_CONN_PASSKEY_ENT,
253 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_NUM_COMP
254 },
255
256 /* keyboard only */
257 {
258 SMP_MODEL_SEC_CONN_PASSKEY_DISP, SMP_MODEL_SEC_CONN_PASSKEY_DISP, SMP_MODEL_SEC_CONN_PASSKEY_ENT,
259 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_PASSKEY_DISP
260 },
261
262 /* No Input No Output */
263 {
264 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS,
265 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS
266 },
267
268 /* keyboard display */
269 {
270 SMP_MODEL_SEC_CONN_PASSKEY_DISP, SMP_MODEL_SEC_CONN_NUM_COMP, SMP_MODEL_SEC_CONN_PASSKEY_ENT,
271 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_NUM_COMP
272 }
273 },
274
275 /* responder */
276 /* model = tbl[loc_io_caps][peer_io_caps] */
277
278 /* Display Only */
279 { {
280 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_PASSKEY_DISP,
281 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_PASSKEY_DISP
282 },
283
284 /* Display Yes/No */
285 {
286 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_NUM_COMP, SMP_MODEL_SEC_CONN_PASSKEY_DISP,
287 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_NUM_COMP
288 },
289
290 /* keyboard only */
291 {
292 SMP_MODEL_SEC_CONN_PASSKEY_ENT, SMP_MODEL_SEC_CONN_PASSKEY_ENT, SMP_MODEL_SEC_CONN_PASSKEY_ENT,
293 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_PASSKEY_ENT
294 },
295
296 /* No Input No Output */
297 {
298 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS,
299 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS
300 },
301
302 /* keyboard display */
303 {
304 SMP_MODEL_SEC_CONN_PASSKEY_ENT, SMP_MODEL_SEC_CONN_NUM_COMP, SMP_MODEL_SEC_CONN_PASSKEY_DISP,
305 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_NUM_COMP
306 }
307 }
308 };
309
310 static tSMP_ASSO_MODEL smp_select_legacy_association_model(tSMP_CB *p_cb);
311 static tSMP_ASSO_MODEL smp_select_association_model_secure_connections(tSMP_CB *p_cb);
312
313 /*******************************************************************************
314 **
315 ** Function smp_send_msg_to_L2CAP
316 **
317 ** Description Send message to L2CAP.
318 **
319 *******************************************************************************/
smp_send_msg_to_L2CAP(BD_ADDR rem_bda,BT_HDR * p_toL2CAP)320 BOOLEAN smp_send_msg_to_L2CAP(BD_ADDR rem_bda, BT_HDR *p_toL2CAP)
321 {
322 UINT16 l2cap_ret;
323 UINT16 fixed_cid = L2CAP_SMP_CID;
324
325 if (smp_cb.smp_over_br) {
326 fixed_cid = L2CAP_SMP_BR_CID;
327 }
328
329 SMP_TRACE_EVENT("%s", __FUNCTION__);
330 smp_cb.total_tx_unacked += 1;
331
332 if ((l2cap_ret = L2CA_SendFixedChnlData (fixed_cid, rem_bda, p_toL2CAP)) == L2CAP_DW_FAILED) {
333 smp_cb.total_tx_unacked -= 1;
334 SMP_TRACE_ERROR("SMP failed to pass msg:0x%0x to L2CAP",
335 *((UINT8 *)(p_toL2CAP + 1) + p_toL2CAP->offset));
336 return FALSE;
337 } else {
338 return TRUE;
339 }
340 }
341
342 /*******************************************************************************
343 **
344 ** Function smp_send_cmd
345 **
346 ** Description send a SMP command on L2CAP channel.
347 **
348 *******************************************************************************/
smp_send_cmd(UINT8 cmd_code,tSMP_CB * p_cb)349 BOOLEAN smp_send_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
350 {
351 BT_HDR *p_buf;
352 BOOLEAN sent = FALSE;
353 UINT8 failure = SMP_PAIR_INTERNAL_ERR;
354 SMP_TRACE_EVENT("smp_send_cmd on l2cap cmd_code=0x%x\n", cmd_code);
355 if ( cmd_code <= (SMP_OPCODE_MAX + 1 /* for SMP_OPCODE_PAIR_COMMITM */) &&
356 smp_cmd_build_act[cmd_code] != NULL) {
357 p_buf = (*smp_cmd_build_act[cmd_code])(cmd_code, p_cb);
358
359 if (p_buf != NULL &&
360 smp_send_msg_to_L2CAP(p_cb->pairing_bda, p_buf)) {
361 sent = TRUE;
362
363 btu_stop_timer (&p_cb->rsp_timer_ent);
364 btu_start_timer (&p_cb->rsp_timer_ent, BTU_TTYPE_SMP_PAIRING_CMD,
365 SMP_WAIT_FOR_RSP_TOUT);
366 }
367 }
368
369 if (!sent) {
370 if (p_cb->smp_over_br) {
371 #if (CLASSIC_BT_INCLUDED == TRUE)
372 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &failure);
373 #endif ///CLASSIC_BT_INCLUDED == TRUE
374 } else {
375 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &failure);
376 }
377 }
378 return sent;
379 }
380
381 /*******************************************************************************
382 **
383 ** Function smp_rsp_timeout
384 **
385 ** Description Called when SMP wait for SMP command response timer expires
386 **
387 ** Returns void
388 **
389 *******************************************************************************/
smp_rsp_timeout(TIMER_LIST_ENT * p_tle)390 void smp_rsp_timeout(TIMER_LIST_ENT *p_tle)
391 {
392 tSMP_CB *p_cb = &smp_cb;
393 UINT8 failure = SMP_RSP_TIMEOUT;
394 UNUSED(p_tle);
395
396 SMP_TRACE_EVENT("%s state:%d br_state:%d", __FUNCTION__, p_cb->state, p_cb->br_state);
397
398 if (p_cb->smp_over_br) {
399 #if (CLASSIC_BT_INCLUDED == TRUE)
400 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &failure);
401 #endif ///CLASSIC_BT_INCLUDED == TRUE
402 } else {
403 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &failure);
404 }
405 }
406
407 /*******************************************************************************
408 **
409 ** Function smp_build_pairing_req_cmd
410 **
411 ** Description Build pairing request command.
412 **
413 *******************************************************************************/
smp_build_pairing_cmd(UINT8 cmd_code,tSMP_CB * p_cb)414 BT_HDR *smp_build_pairing_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
415 {
416 BT_HDR *p_buf = NULL ;
417 UINT8 *p;
418
419 SMP_TRACE_EVENT("smp_build_pairing_cmd");
420 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR) + SMP_PAIRING_REQ_SIZE + L2CAP_MIN_OFFSET)) != NULL) {
421 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
422
423 UINT8_TO_STREAM (p, cmd_code);
424 UINT8_TO_STREAM (p, p_cb->local_io_capability);
425 UINT8_TO_STREAM (p, p_cb->loc_oob_flag);
426 UINT8_TO_STREAM (p, p_cb->loc_auth_req);
427 UINT8_TO_STREAM (p, p_cb->loc_enc_size);
428 UINT8_TO_STREAM (p, p_cb->local_i_key);
429 UINT8_TO_STREAM (p, p_cb->local_r_key);
430
431 p_buf->offset = L2CAP_MIN_OFFSET;
432 /* 1B ERR_RSP op code + 1B cmd_op_code + 2B handle + 1B status */
433 p_buf->len = SMP_PAIRING_REQ_SIZE;
434 }
435
436 return p_buf;
437 }
438
439 /*******************************************************************************
440 **
441 ** Function smp_build_confirm_cmd
442 **
443 ** Description Build confirm request command.
444 **
445 *******************************************************************************/
smp_build_confirm_cmd(UINT8 cmd_code,tSMP_CB * p_cb)446 static BT_HDR *smp_build_confirm_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
447 {
448 BT_HDR *p_buf = NULL ;
449 UINT8 *p;
450 UNUSED(cmd_code);
451
452 SMP_TRACE_EVENT("smp_build_confirm_cmd\n");
453 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR) + SMP_CONFIRM_CMD_SIZE + L2CAP_MIN_OFFSET)) != NULL) {
454 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
455
456 UINT8_TO_STREAM (p, SMP_OPCODE_CONFIRM);
457 ARRAY_TO_STREAM (p, p_cb->confirm, BT_OCTET16_LEN);
458
459 p_buf->offset = L2CAP_MIN_OFFSET;
460 p_buf->len = SMP_CONFIRM_CMD_SIZE;
461 }
462
463 return p_buf;
464 }
465 /*******************************************************************************
466 **
467 ** Function smp_build_rand_cmd
468 **
469 ** Description Build Random command.
470 **
471 *******************************************************************************/
smp_build_rand_cmd(UINT8 cmd_code,tSMP_CB * p_cb)472 static BT_HDR *smp_build_rand_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
473 {
474 BT_HDR *p_buf = NULL ;
475 UINT8 *p;
476 UNUSED(cmd_code);
477
478 SMP_TRACE_EVENT("%s\n", __func__);
479 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR) + SMP_RAND_CMD_SIZE + L2CAP_MIN_OFFSET))
480 != NULL) {
481 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
482
483 UINT8_TO_STREAM (p, SMP_OPCODE_RAND);
484 ARRAY_TO_STREAM (p, p_cb->rand, BT_OCTET16_LEN);
485
486 p_buf->offset = L2CAP_MIN_OFFSET;
487 p_buf->len = SMP_RAND_CMD_SIZE;
488 }
489
490 return p_buf;
491 }
492 /*******************************************************************************
493 **
494 ** Function smp_build_encrypt_info_cmd
495 **
496 ** Description Build security information command.
497 **
498 *******************************************************************************/
smp_build_encrypt_info_cmd(UINT8 cmd_code,tSMP_CB * p_cb)499 static BT_HDR *smp_build_encrypt_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
500 {
501 BT_HDR *p_buf = NULL ;
502 UINT8 *p;
503 UNUSED(cmd_code);
504
505 SMP_TRACE_EVENT("smp_build_encrypt_info_cmd\n");
506 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR) + SMP_ENC_INFO_SIZE + L2CAP_MIN_OFFSET)) != NULL) {
507 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
508
509 UINT8_TO_STREAM (p, SMP_OPCODE_ENCRYPT_INFO);
510 ARRAY_TO_STREAM (p, p_cb->ltk, BT_OCTET16_LEN);
511
512 p_buf->offset = L2CAP_MIN_OFFSET;
513 p_buf->len = SMP_ENC_INFO_SIZE;
514 }
515
516 return p_buf;
517 }
518
519 /*******************************************************************************
520 **
521 ** Function smp_build_master_id_cmd
522 **
523 ** Description Build security information command.
524 **
525 *******************************************************************************/
smp_build_master_id_cmd(UINT8 cmd_code,tSMP_CB * p_cb)526 static BT_HDR *smp_build_master_id_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
527 {
528 BT_HDR *p_buf = NULL ;
529 UINT8 *p;
530 UNUSED(cmd_code);
531
532 SMP_TRACE_EVENT("%s\n", __func__);
533
534 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR) + SMP_MASTER_ID_SIZE + L2CAP_MIN_OFFSET)) != NULL) {
535 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
536
537 UINT8_TO_STREAM (p, SMP_OPCODE_MASTER_ID);
538 UINT16_TO_STREAM (p, p_cb->ediv);
539 ARRAY_TO_STREAM (p, p_cb->enc_rand, BT_OCTET8_LEN);
540
541 p_buf->offset = L2CAP_MIN_OFFSET;
542 p_buf->len = SMP_MASTER_ID_SIZE;
543 }
544
545 return p_buf;
546 }
547
548 /*******************************************************************************
549 **
550 ** Function smp_build_identity_info_cmd
551 **
552 ** Description Build identity information command.
553 **
554 *******************************************************************************/
smp_build_identity_info_cmd(UINT8 cmd_code,tSMP_CB * p_cb)555 static BT_HDR *smp_build_identity_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
556 {
557 BT_HDR *p_buf = NULL ;
558 #if (BLE_INCLUDED == TRUE)
559 UINT8 *p;
560 BT_OCTET16 irk;
561 UNUSED(cmd_code);
562 UNUSED(p_cb);
563
564 SMP_TRACE_EVENT("smp_build_identity_info_cmd\n");
565 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR) + SMP_ID_INFO_SIZE + L2CAP_MIN_OFFSET)) != NULL) {
566 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
567
568 BTM_GetDeviceIDRoot(irk);
569
570 UINT8_TO_STREAM (p, SMP_OPCODE_IDENTITY_INFO);
571 ARRAY_TO_STREAM (p, irk, BT_OCTET16_LEN);
572
573 p_buf->offset = L2CAP_MIN_OFFSET;
574 p_buf->len = SMP_ID_INFO_SIZE;
575 }
576
577 #endif ///BLE_INCLUDED == TRUE
578 return p_buf;
579 }
580
581 /*******************************************************************************
582 **
583 ** Function smp_build_id_addr_cmd
584 **
585 ** Description Build identity address information command.
586 **
587 *******************************************************************************/
smp_build_id_addr_cmd(UINT8 cmd_code,tSMP_CB * p_cb)588 static BT_HDR *smp_build_id_addr_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
589 {
590 BT_HDR *p_buf = NULL;
591 UINT8 *p;
592
593 UNUSED(cmd_code);
594 UNUSED(p_cb);
595 SMP_TRACE_EVENT("smp_build_id_addr_cmd\n");
596 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR) + SMP_ID_ADDR_SIZE + L2CAP_MIN_OFFSET)) != NULL) {
597 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
598
599 UINT8_TO_STREAM (p, SMP_OPCODE_ID_ADDR);
600 /* Identity Address Information is used in the Transport Specific Key Distribution phase to distribute
601 its public device address or static random address. if slave using static random address is encrypted,
602 it should distribute its static random address */
603 #if (BLE_INCLUDED == TRUE)
604 if(btm_cb.ble_ctr_cb.addr_mgnt_cb.own_addr_type == BLE_ADDR_RANDOM && memcmp(btm_cb.ble_ctr_cb.addr_mgnt_cb.static_rand_addr, btm_cb.ble_ctr_cb.addr_mgnt_cb.private_addr,6) == 0) {
605 UINT8_TO_STREAM (p, 0x01);
606 BDADDR_TO_STREAM (p, btm_cb.ble_ctr_cb.addr_mgnt_cb.static_rand_addr);
607 } else
608 #endif ///BLE_INCLUDED == TRUE
609 {
610 UINT8_TO_STREAM (p, 0);
611 BDADDR_TO_STREAM (p, controller_get_interface()->get_address()->address);
612 }
613
614 p_buf->offset = L2CAP_MIN_OFFSET;
615 p_buf->len = SMP_ID_ADDR_SIZE;
616 }
617
618 return p_buf;
619 }
620
621 /*******************************************************************************
622 **
623 ** Function smp_build_signing_info_cmd
624 **
625 ** Description Build signing information command.
626 **
627 *******************************************************************************/
smp_build_signing_info_cmd(UINT8 cmd_code,tSMP_CB * p_cb)628 static BT_HDR *smp_build_signing_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
629 {
630 BT_HDR *p_buf = NULL ;
631 UINT8 *p;
632 UNUSED(cmd_code);
633
634 SMP_TRACE_EVENT("smp_build_signing_info_cmd\n");
635 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR) + SMP_SIGN_INFO_SIZE + L2CAP_MIN_OFFSET)) != NULL) {
636 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
637
638 UINT8_TO_STREAM (p, SMP_OPCODE_SIGN_INFO);
639 ARRAY_TO_STREAM (p, p_cb->csrk, BT_OCTET16_LEN);
640
641 p_buf->offset = L2CAP_MIN_OFFSET;
642 p_buf->len = SMP_SIGN_INFO_SIZE;
643 }
644
645 return p_buf;
646 }
647
648 /*******************************************************************************
649 **
650 ** Function smp_build_pairing_fail
651 **
652 ** Description Build Pairing Fail command.
653 **
654 *******************************************************************************/
smp_build_pairing_fail(UINT8 cmd_code,tSMP_CB * p_cb)655 static BT_HDR *smp_build_pairing_fail(UINT8 cmd_code, tSMP_CB *p_cb)
656 {
657 BT_HDR *p_buf = NULL ;
658 UINT8 *p;
659 UNUSED(cmd_code);
660
661 SMP_TRACE_EVENT("%s\n", __func__);
662 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR) + SMP_PAIR_FAIL_SIZE + L2CAP_MIN_OFFSET)) != NULL) {
663 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
664
665 UINT8_TO_STREAM (p, SMP_OPCODE_PAIRING_FAILED);
666 UINT8_TO_STREAM (p, p_cb->failure);
667
668 p_buf->offset = L2CAP_MIN_OFFSET;
669 p_buf->len = SMP_PAIR_FAIL_SIZE;
670 }
671
672 return p_buf;
673 }
674
675 /*******************************************************************************
676 **
677 ** Function smp_build_security_request
678 **
679 ** Description Build security request command.
680 **
681 *******************************************************************************/
smp_build_security_request(UINT8 cmd_code,tSMP_CB * p_cb)682 static BT_HDR *smp_build_security_request(UINT8 cmd_code, tSMP_CB *p_cb)
683 {
684 BT_HDR *p_buf = NULL ;
685 UINT8 *p;
686 UNUSED(cmd_code);
687
688 SMP_TRACE_EVENT("%s\n", __func__);
689 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR) + 2 + L2CAP_MIN_OFFSET)) != NULL) {
690 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
691
692 UINT8_TO_STREAM (p, SMP_OPCODE_SEC_REQ);
693 UINT8_TO_STREAM (p, p_cb->loc_auth_req);
694
695 p_buf->offset = L2CAP_MIN_OFFSET;
696 p_buf->len = SMP_SECURITY_REQUEST_SIZE;
697
698 SMP_TRACE_EVENT("opcode=%d auth_req=0x%x", SMP_OPCODE_SEC_REQ, p_cb->loc_auth_req );
699 }
700
701 return p_buf;
702
703 }
704
705 /*******************************************************************************
706 **
707 ** Function smp_build_pair_public_key_cmd
708 **
709 ** Description Build pairing public key command.
710 **
711 *******************************************************************************/
smp_build_pair_public_key_cmd(UINT8 cmd_code,tSMP_CB * p_cb)712 static BT_HDR *smp_build_pair_public_key_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
713 {
714 BT_HDR *p_buf = NULL ;
715 UINT8 *p;
716 UINT8 publ_key[2 * BT_OCTET32_LEN];
717 UINT8 *p_publ_key = publ_key;
718 UNUSED(cmd_code);
719
720 SMP_TRACE_EVENT("%s\n", __FUNCTION__);
721
722 memcpy(p_publ_key, p_cb->loc_publ_key.x, BT_OCTET32_LEN);
723 memcpy(p_publ_key + BT_OCTET32_LEN, p_cb->loc_publ_key.y, BT_OCTET32_LEN);
724
725 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR) +
726 SMP_PAIR_PUBL_KEY_SIZE + L2CAP_MIN_OFFSET)) != NULL) {
727 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
728
729 UINT8_TO_STREAM (p, SMP_OPCODE_PAIR_PUBLIC_KEY);
730 ARRAY_TO_STREAM (p, p_publ_key, 2 * BT_OCTET32_LEN);
731
732 p_buf->offset = L2CAP_MIN_OFFSET;
733 p_buf->len = SMP_PAIR_PUBL_KEY_SIZE;
734 }
735
736 return p_buf;
737 }
738
739 /*******************************************************************************
740 **
741 ** Function smp_build_pairing_commitment_cmd
742 **
743 ** Description Build pairing commitment command.
744 **
745 *******************************************************************************/
smp_build_pairing_commitment_cmd(UINT8 cmd_code,tSMP_CB * p_cb)746 static BT_HDR *smp_build_pairing_commitment_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
747 {
748 BT_HDR *p_buf = NULL;
749 UINT8 *p;
750 UNUSED(cmd_code);
751
752 SMP_TRACE_EVENT("%s\n", __func__);
753 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR) + SMP_PAIR_COMMITM_SIZE + L2CAP_MIN_OFFSET))
754 != NULL) {
755 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
756
757 UINT8_TO_STREAM (p, SMP_OPCODE_CONFIRM);
758 ARRAY_TO_STREAM (p, p_cb->commitment, BT_OCTET16_LEN);
759
760 p_buf->offset = L2CAP_MIN_OFFSET;
761 p_buf->len = SMP_PAIR_COMMITM_SIZE;
762 }
763
764 return p_buf;
765 }
766
767 /*******************************************************************************
768 **
769 ** Function smp_build_pair_dhkey_check_cmd
770 **
771 ** Description Build pairing DHKey check command.
772 **
773 *******************************************************************************/
smp_build_pair_dhkey_check_cmd(UINT8 cmd_code,tSMP_CB * p_cb)774 static BT_HDR *smp_build_pair_dhkey_check_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
775 {
776 BT_HDR *p_buf = NULL;
777 UINT8 *p;
778 UNUSED(cmd_code);
779
780 SMP_TRACE_EVENT("%s\n", __FUNCTION__);
781 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR) +
782 SMP_PAIR_DHKEY_CHECK_SIZE + L2CAP_MIN_OFFSET)) != NULL) {
783 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
784
785 UINT8_TO_STREAM (p, SMP_OPCODE_PAIR_DHKEY_CHECK);
786 ARRAY_TO_STREAM (p, p_cb->dhkey_check, BT_OCTET16_LEN);
787
788 p_buf->offset = L2CAP_MIN_OFFSET;
789 p_buf->len = SMP_PAIR_DHKEY_CHECK_SIZE;
790 }
791
792 return p_buf;
793 }
794
795 /*******************************************************************************
796 **
797 ** Function smp_build_pairing_keypress_notification_cmd
798 **
799 ** Description Build keypress notification command.
800 **
801 *******************************************************************************/
smp_build_pairing_keypress_notification_cmd(UINT8 cmd_code,tSMP_CB * p_cb)802 static BT_HDR *smp_build_pairing_keypress_notification_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
803 {
804 BT_HDR *p_buf = NULL ;
805 UINT8 *p;
806 UNUSED(cmd_code);
807
808 SMP_TRACE_EVENT("%s\n", __FUNCTION__);
809 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR)\
810 + SMP_PAIR_KEYPR_NOTIF_SIZE + L2CAP_MIN_OFFSET)) != NULL) {
811 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
812
813 UINT8_TO_STREAM (p, SMP_OPCODE_PAIR_KEYPR_NOTIF);
814 UINT8_TO_STREAM (p, p_cb->local_keypress_notification);
815
816 p_buf->offset = L2CAP_MIN_OFFSET;
817 p_buf->len = SMP_PAIR_KEYPR_NOTIF_SIZE;
818 }
819
820 return p_buf;
821 }
822
823 /*******************************************************************************
824 **
825 ** Function smp_convert_string_to_tk
826 **
827 ** Description This function is called to convert a 6 to 16 digits numeric
828 ** character string into SMP TK.
829 **
830 **
831 ** Returns void
832 **
833 *******************************************************************************/
smp_convert_string_to_tk(BT_OCTET16 tk,UINT32 passkey)834 void smp_convert_string_to_tk(BT_OCTET16 tk, UINT32 passkey)
835 {
836 UINT8 *p = tk;
837 tSMP_KEY key;
838 SMP_TRACE_EVENT("smp_convert_string_to_tk\n");
839 UINT32_TO_STREAM(p, passkey);
840
841 key.key_type = SMP_KEY_TYPE_TK;
842 key.p_data = tk;
843
844 smp_sm_event(&smp_cb, SMP_KEY_READY_EVT, &key);
845 }
846
847 /*******************************************************************************
848 **
849 ** Function smp_mask_enc_key
850 **
851 ** Description This function is called to mask off the encryption key based
852 ** on the maximum encryption key size.
853 **
854 **
855 ** Returns void
856 **
857 *******************************************************************************/
smp_mask_enc_key(UINT8 loc_enc_size,UINT8 * p_data)858 void smp_mask_enc_key(UINT8 loc_enc_size, UINT8 *p_data)
859 {
860 SMP_TRACE_EVENT("smp_mask_enc_key\n");
861 if (loc_enc_size < BT_OCTET16_LEN) {
862 for (; loc_enc_size < BT_OCTET16_LEN; loc_enc_size ++) {
863 * (p_data + loc_enc_size) = 0;
864 }
865 }
866 return;
867 }
868
869 /*******************************************************************************
870 **
871 ** Function smp_xor_128
872 **
873 ** Description utility function to do an biteise exclusive-OR of two bit
874 ** strings of the length of BT_OCTET16_LEN.
875 **
876 ** Returns void
877 **
878 *******************************************************************************/
smp_xor_128(BT_OCTET16 a,const BT_OCTET16 b)879 void smp_xor_128(BT_OCTET16 a, const BT_OCTET16 b)
880 {
881 UINT8 i, *aa = a;
882 const UINT8 *bb = b;
883
884 SMP_TRACE_EVENT("smp_xor_128\n");
885 for (i = 0; i < BT_OCTET16_LEN; i++) {
886 aa[i] = aa[i] ^ bb[i];
887 }
888 }
889
890 /*******************************************************************************
891 **
892 ** Function smp_cb_cleanup
893 **
894 ** Description Clean up SMP control block
895 **
896 ** Returns void
897 **
898 *******************************************************************************/
smp_cb_cleanup(tSMP_CB * p_cb)899 void smp_cb_cleanup(tSMP_CB *p_cb)
900 {
901 tSMP_CALLBACK *p_callback = p_cb->p_callback;
902 UINT8 trace_level = p_cb->trace_level;
903 UINT32 static_passkey = p_cb->static_passkey;
904 BOOLEAN use_static_passkey = p_cb->use_static_passkey;
905 SMP_TRACE_EVENT("smp_cb_cleanup\n");
906
907 memset(p_cb, 0, sizeof(tSMP_CB));
908 p_cb->p_callback = p_callback;
909 p_cb->trace_level = trace_level;
910 if(use_static_passkey) {
911 p_cb->use_static_passkey = use_static_passkey;
912 p_cb->static_passkey = static_passkey;
913 }
914 }
915
916 /*******************************************************************************
917 **
918 ** Function smp_remove_fixed_channel
919 **
920 ** Description This function is called to remove the fixed channel
921 **
922 ** Returns void
923 **
924 *******************************************************************************/
smp_remove_fixed_channel(tSMP_CB * p_cb)925 void smp_remove_fixed_channel(tSMP_CB *p_cb)
926 {
927 SMP_TRACE_DEBUG("%s\n", __func__);
928
929 if (p_cb->smp_over_br) {
930 L2CA_RemoveFixedChnl (L2CAP_SMP_BR_CID, p_cb->pairing_bda);
931 } else {
932 L2CA_RemoveFixedChnl (L2CAP_SMP_CID, p_cb->pairing_bda);
933 }
934 }
935
936 /*******************************************************************************
937 **
938 ** Function smp_reset_control_value
939 **
940 ** Description This function is called to reset the control block value when
941 ** pairing procedure finished.
942 **
943 **
944 ** Returns void
945 **
946 *******************************************************************************/
smp_reset_control_value(tSMP_CB * p_cb)947 void smp_reset_control_value(tSMP_CB *p_cb)
948 {
949 SMP_TRACE_EVENT("smp_reset_control_value\n");
950 btu_stop_timer (&p_cb->rsp_timer_ent);
951 p_cb->flags = 0;
952 /* set the link idle timer to drop the link when pairing is done
953 usually service discovery will follow authentication complete, to avoid
954 racing condition for a link down/up, set link idle timer to be
955 SMP_LINK_TOUT_MIN to guarantee SMP key exchange */
956 L2CA_SetIdleTimeoutByBdAddr(p_cb->pairing_bda, SMP_LINK_TOUT_MIN, BT_TRANSPORT_LE);
957
958 /* We can tell L2CAP to remove the fixed channel (if it has one) */
959 smp_remove_fixed_channel(p_cb);
960 smp_cb_cleanup(p_cb);
961 }
962
963 /*******************************************************************************
964 **
965 ** Function smp_proc_pairing_cmpl
966 **
967 ** Description This function is called to process pairing complete
968 **
969 **
970 ** Returns void
971 **
972 *******************************************************************************/
smp_proc_pairing_cmpl(tSMP_CB * p_cb)973 void smp_proc_pairing_cmpl(tSMP_CB *p_cb)
974 {
975 tSMP_EVT_DATA evt_data = {0};
976 tSMP_CALLBACK *p_callback = p_cb->p_callback;
977 BD_ADDR pairing_bda;
978
979 SMP_TRACE_DEBUG ("smp_proc_pairing_cmpl \n");
980
981 evt_data.cmplt.reason = p_cb->status;
982 evt_data.cmplt.smp_over_br = p_cb->smp_over_br;
983 evt_data.cmplt.auth_mode = 0;
984 #if (BLE_INCLUDED == TRUE)
985 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (p_cb->pairing_bda);
986 if (p_cb->status == SMP_SUCCESS) {
987 evt_data.cmplt.sec_level = p_cb->sec_level;
988 if (p_cb->auth_mode) { // the first encryption
989 evt_data.cmplt.auth_mode = p_cb->auth_mode;
990 if (p_rec) {
991 p_rec->ble.auth_mode = p_cb->auth_mode;
992 }
993 } else if (p_rec) {
994 evt_data.cmplt.auth_mode = p_rec->ble.auth_mode;
995 }
996 }
997 #else
998 if (p_cb->status == SMP_SUCCESS) {
999 evt_data.cmplt.sec_level = p_cb->sec_level;
1000 evt_data.cmplt.auth_mode = p_cb->auth_mode;
1001 }
1002 #endif
1003
1004 evt_data.cmplt.is_pair_cancel = FALSE;
1005
1006 if (p_cb->is_pair_cancel) {
1007 evt_data.cmplt.is_pair_cancel = TRUE;
1008 }
1009
1010
1011 SMP_TRACE_DEBUG ("send SMP_COMPLT_EVT reason=0x%0x sec_level=0x%0x\n",
1012 evt_data.cmplt.reason,
1013 evt_data.cmplt.sec_level );
1014
1015 memcpy (pairing_bda, p_cb->pairing_bda, BD_ADDR_LEN);
1016
1017 #if (BLE_INCLUDED == TRUE)
1018 #if (SMP_SLAVE_CON_PARAMS_UPD_ENABLE == TRUE)
1019 if (p_cb->role == HCI_ROLE_SLAVE) {
1020 if(p_rec && p_rec->ble.skip_update_conn_param) {
1021 //clear flag
1022 p_rec->ble.skip_update_conn_param = false;
1023 } else {
1024 #if (BT_MULTI_CONNECTION_ENBALE == FALSE)
1025 L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, TRUE);
1026 #endif
1027 }
1028 }
1029
1030 #endif
1031 #endif ///BLE_INCLUDED == TRUE
1032
1033 smp_reset_control_value(p_cb);
1034
1035 if (p_callback) {
1036 (*p_callback) (SMP_COMPLT_EVT, pairing_bda, &evt_data);
1037 }
1038 }
1039
1040 /*******************************************************************************
1041 **
1042 ** Function smp_command_has_invalid_parameters
1043 **
1044 ** Description Checks if the received SMP command has invalid parameters i.e.
1045 ** if the command length is valid and the command parameters are
1046 ** inside specified range.
1047 ** It returns TRUE if the command has invalid parameters.
1048 **
1049 ** Returns TRUE if the command has invalid parameters, FALSE otherwise.
1050 **
1051 *******************************************************************************/
smp_command_has_invalid_parameters(tSMP_CB * p_cb)1052 BOOLEAN smp_command_has_invalid_parameters(tSMP_CB *p_cb)
1053 {
1054 UINT8 cmd_code = p_cb->rcvd_cmd_code;
1055
1056 SMP_TRACE_DEBUG("%s for cmd code 0x%02x\n", __func__, cmd_code);
1057
1058 if ((cmd_code > (SMP_OPCODE_MAX + 1 /* for SMP_OPCODE_PAIR_COMMITM */)) ||
1059 (cmd_code < SMP_OPCODE_MIN)) {
1060 SMP_TRACE_WARNING("Somehow received command with the RESERVED code 0x%02x\n", cmd_code);
1061 return TRUE;
1062 }
1063
1064 if (!(*smp_cmd_len_is_valid[cmd_code])(p_cb)) {
1065 return TRUE;
1066 }
1067
1068 if (!(*smp_cmd_param_ranges_are_valid[cmd_code])(p_cb)) {
1069 return TRUE;
1070 }
1071
1072 return FALSE;
1073 }
1074
1075 /*******************************************************************************
1076 **
1077 ** Function smp_command_has_valid_fixed_length
1078 **
1079 ** Description Checks if the received command size is equal to the size
1080 ** according to specs.
1081 **
1082 ** Returns TRUE if the command size is as expected, FALSE otherwise.
1083 **
1084 ** Note The command is expected to have fixed length.
1085 *******************************************************************************/
smp_command_has_valid_fixed_length(tSMP_CB * p_cb)1086 BOOLEAN smp_command_has_valid_fixed_length(tSMP_CB *p_cb)
1087 {
1088 UINT8 cmd_code = p_cb->rcvd_cmd_code;
1089
1090 SMP_TRACE_DEBUG("%s for cmd code 0x%02x\n", __func__, cmd_code);
1091
1092 if (p_cb->rcvd_cmd_len != smp_cmd_size_per_spec[cmd_code]) {
1093 SMP_TRACE_WARNING("Rcvd from the peer cmd 0x%02x with invalid length\
1094 0x%02x (per spec the length is 0x%02x).\n",
1095 cmd_code, p_cb->rcvd_cmd_len, smp_cmd_size_per_spec[cmd_code]);
1096 return FALSE;
1097 }
1098
1099 return TRUE;
1100 }
1101
1102 /*******************************************************************************
1103 **
1104 ** Function smp_pairing_request_response_parameters_are_valid
1105 **
1106 ** Description Validates parameter ranges in the received SMP command
1107 ** pairing request or pairing response.
1108 ** The parameters to validate:
1109 ** IO capability,
1110 ** OOB data flag,
1111 ** Bonding_flags in AuthReq
1112 ** Maximum encryption key size.
1113 ** Returns FALSE if at least one of these parameters is out of range.
1114 **
1115 *******************************************************************************/
smp_pairing_request_response_parameters_are_valid(tSMP_CB * p_cb)1116 BOOLEAN smp_pairing_request_response_parameters_are_valid(tSMP_CB *p_cb)
1117 {
1118 UINT8 io_caps = p_cb->peer_io_caps;
1119 UINT8 oob_flag = p_cb->peer_oob_flag;
1120 UINT8 bond_flag = p_cb->peer_auth_req & 0x03; //0x03 is gen bond with appropriate mask
1121 UINT8 enc_size = p_cb->peer_enc_size;
1122
1123 SMP_TRACE_DEBUG("%s for cmd code 0x%02x\n", __func__, p_cb->rcvd_cmd_code);
1124
1125 if (io_caps >= BTM_IO_CAP_MAX) {
1126 SMP_TRACE_WARNING("Rcvd from the peer cmd 0x%02x with IO Capabilty \
1127 value (0x%02x) out of range).\n",
1128 p_cb->rcvd_cmd_code, io_caps);
1129 return FALSE;
1130 }
1131
1132 if (!((oob_flag == SMP_OOB_NONE) || (oob_flag == SMP_OOB_PRESENT))) {
1133 SMP_TRACE_WARNING("Rcvd from the peer cmd 0x%02x with OOB data flag value \
1134 (0x%02x) out of range).\n",
1135 p_cb->rcvd_cmd_code, oob_flag);
1136 return FALSE;
1137 }
1138
1139 if (!((bond_flag == SMP_AUTH_NO_BOND) || (bond_flag == SMP_AUTH_BOND))) {
1140 SMP_TRACE_WARNING("Rcvd from the peer cmd 0x%02x with Bonding_Flags value (0x%02x)\
1141 out of range).\n",
1142 p_cb->rcvd_cmd_code, bond_flag);
1143 return FALSE;
1144 }
1145
1146 /* `bte_appl_cfg.ble_min_enc_key_size` will be `SMP_ENCR_KEY_SIZE_MIN` by
1147 * default if not set explicitly */
1148 #if (BLE_INCLUDED == TRUE)
1149 if (enc_size < bte_appl_cfg.ble_min_key_size) {
1150 SMP_TRACE_WARNING("Rcvd from the peer cmd 0x%02x with Maximum Encryption \
1151 Key value (0x%02x) less than minimum required key size).\n",
1152 p_cb->rcvd_cmd_code, enc_size);
1153 return FALSE;
1154 }
1155 #else
1156 if (enc_size < SMP_ENCR_KEY_SIZE_MIN) {
1157 SMP_TRACE_WARNING("Rcvd from the peer cmd 0x%02x with Maximum Encryption \
1158 Key value (0x%02x) less than minimum required key size).\n",
1159 p_cb->rcvd_cmd_code, enc_size);
1160 return FALSE;
1161 }
1162 #endif
1163
1164 if (enc_size > SMP_ENCR_KEY_SIZE_MAX) {
1165 SMP_TRACE_WARNING("Rcvd from the peer cmd 0x%02x with Maximum Encryption \
1166 Key value (0x%02x) greater than supported by stack).\n",
1167 p_cb->rcvd_cmd_code, enc_size);
1168 return FALSE;
1169 }
1170
1171 return TRUE;
1172 }
1173
1174 /*******************************************************************************
1175 **
1176 ** Function smp_pairing_keypress_notification_is_valid
1177 **
1178 ** Description Validates Notification Type parameter range in the received SMP command
1179 ** pairing keypress notification.
1180 ** Returns FALSE if this parameter is out of range.
1181 **
1182 *******************************************************************************/
smp_pairing_keypress_notification_is_valid(tSMP_CB * p_cb)1183 BOOLEAN smp_pairing_keypress_notification_is_valid(tSMP_CB *p_cb)
1184 {
1185 tBTM_SP_KEY_TYPE keypress_notification = p_cb->peer_keypress_notification;
1186
1187 SMP_TRACE_DEBUG("%s for cmd code 0x%02x\n", __func__, p_cb->rcvd_cmd_code);
1188
1189 if (keypress_notification >= BTM_SP_KEY_OUT_OF_RANGE) {
1190 SMP_TRACE_WARNING("Rcvd from the peer cmd 0x%02x with Pairing Keypress \
1191 Notification value (0x%02x) out of range).\n",
1192 p_cb->rcvd_cmd_code, keypress_notification);
1193 return FALSE;
1194 }
1195
1196 return TRUE;
1197 }
1198
1199 /*******************************************************************************
1200 **
1201 ** Function smp_parameter_unconditionally_valid
1202 **
1203 ** Description Always returns TRUE.
1204 **
1205 *******************************************************************************/
smp_parameter_unconditionally_valid(tSMP_CB * p_cb)1206 BOOLEAN smp_parameter_unconditionally_valid(tSMP_CB *p_cb)
1207 {
1208 return TRUE;
1209 }
1210
1211 /*******************************************************************************
1212 **
1213 ** Function smp_parameter_unconditionally_invalid
1214 **
1215 ** Description Always returns FALSE.
1216 **
1217 *******************************************************************************/
smp_parameter_unconditionally_invalid(tSMP_CB * p_cb)1218 BOOLEAN smp_parameter_unconditionally_invalid(tSMP_CB *p_cb)
1219 {
1220 return FALSE;
1221 }
1222
1223 /*******************************************************************************
1224 **
1225 ** Function smp_reject_unexpected_pairing_command
1226 **
1227 ** Description send pairing failure to an unexpected pairing command during
1228 ** an active pairing process.
1229 **
1230 ** Returns void
1231 **
1232 *******************************************************************************/
smp_reject_unexpected_pairing_command(BD_ADDR bd_addr)1233 void smp_reject_unexpected_pairing_command(BD_ADDR bd_addr)
1234 {
1235 BT_HDR *p_buf;
1236 UINT8 *p;
1237
1238 SMP_TRACE_DEBUG ("%s\n", __FUNCTION__);
1239
1240 if ((p_buf = (BT_HDR *)osi_malloc(sizeof(BT_HDR) + \
1241 SMP_PAIR_FAIL_SIZE + L2CAP_MIN_OFFSET)) != NULL) {
1242 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
1243
1244 UINT8_TO_STREAM (p, SMP_OPCODE_PAIRING_FAILED);
1245 UINT8_TO_STREAM (p, SMP_PAIR_NOT_SUPPORT);
1246
1247 p_buf->offset = L2CAP_MIN_OFFSET;
1248 p_buf->len = SMP_PAIR_FAIL_SIZE;
1249
1250 smp_send_msg_to_L2CAP(bd_addr, p_buf);
1251 }
1252 }
1253
1254 /*******************************************************************************
1255 ** Function smp_select_association_model
1256 **
1257 ** Description This function selects association model to use for STK
1258 ** generation. Selection is based on both sides' io capability,
1259 ** oob data flag and authentication request.
1260 **
1261 ** Note If Secure Connections Only mode is required locally then we
1262 ** come to this point only if both sides support Secure Connections
1263 ** mode, i.e. if p_cb->secure_connections_only_mode_required = TRUE then we come
1264 ** to this point only if
1265 ** (p_cb->peer_auth_req & SMP_SC_SUPPORT_BIT) ==
1266 ** (p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT) ==
1267 ** SMP_SC_SUPPORT_BIT
1268 **
1269 *******************************************************************************/
smp_select_association_model(tSMP_CB * p_cb)1270 tSMP_ASSO_MODEL smp_select_association_model(tSMP_CB *p_cb)
1271 {
1272 tSMP_ASSO_MODEL model = SMP_MODEL_OUT_OF_RANGE;
1273 p_cb->le_secure_connections_mode_is_used = FALSE;
1274
1275 SMP_TRACE_EVENT("%s\n", __FUNCTION__);
1276 SMP_TRACE_DEBUG("%s p_cb->peer_io_caps = %d p_cb->local_io_capability = %d\n",
1277 __FUNCTION__, p_cb->peer_io_caps, p_cb->local_io_capability);
1278 SMP_TRACE_DEBUG("%s p_cb->peer_oob_flag = %d p_cb->loc_oob_flag = %d\n",
1279 __FUNCTION__, p_cb->peer_oob_flag, p_cb->loc_oob_flag);
1280 SMP_TRACE_DEBUG("%s p_cb->peer_auth_req = 0x%02x p_cb->loc_auth_req = 0x%02x\n",
1281 __FUNCTION__, p_cb->peer_auth_req, p_cb->loc_auth_req);
1282 SMP_TRACE_DEBUG("%s p_cb->secure_connections_only_mode_required = %s\n",
1283 __FUNCTION__, p_cb->secure_connections_only_mode_required ?
1284 "TRUE" : "FALSE");
1285
1286 if ((p_cb->peer_auth_req & SMP_SC_SUPPORT_BIT) && (p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT)) {
1287 p_cb->le_secure_connections_mode_is_used = TRUE;
1288 }
1289
1290 SMP_TRACE_DEBUG("use_sc_process = %d\n", p_cb->le_secure_connections_mode_is_used);
1291
1292 if (p_cb->le_secure_connections_mode_is_used) {
1293 model = smp_select_association_model_secure_connections(p_cb);
1294 } else {
1295 model = smp_select_legacy_association_model(p_cb);
1296 }
1297 return model;
1298 }
1299
1300 /*******************************************************************************
1301 ** Function smp_select_legacy_association_model
1302 **
1303 ** Description This function is called to select association mode if at least
1304 ** one side doesn't support secure connections.
1305 **
1306 *******************************************************************************/
smp_select_legacy_association_model(tSMP_CB * p_cb)1307 tSMP_ASSO_MODEL smp_select_legacy_association_model(tSMP_CB *p_cb)
1308 {
1309 tSMP_ASSO_MODEL model = SMP_MODEL_OUT_OF_RANGE;
1310
1311 SMP_TRACE_DEBUG("%s\n", __func__);
1312 /* if OOB data is present on both devices, then use OOB association model */
1313 if (p_cb->peer_oob_flag == SMP_OOB_PRESENT && p_cb->loc_oob_flag == SMP_OOB_PRESENT) {
1314 return SMP_MODEL_OOB;
1315 }
1316
1317 /* else if neither device requires MITM, then use Just Works association model */
1318 if (SMP_NO_MITM_REQUIRED (p_cb->peer_auth_req) && SMP_NO_MITM_REQUIRED(p_cb->loc_auth_req)) {
1319 return SMP_MODEL_ENCRYPTION_ONLY;
1320 }
1321
1322 /* otherwise use IO capability to select association model */
1323 if (p_cb->peer_io_caps < SMP_IO_CAP_MAX && p_cb->local_io_capability < SMP_IO_CAP_MAX) {
1324 if (p_cb->role == HCI_ROLE_MASTER) {
1325 model = smp_association_table[p_cb->role][p_cb->peer_io_caps]
1326 [p_cb->local_io_capability];
1327 } else {
1328 model = smp_association_table[p_cb->role][p_cb->local_io_capability]
1329 [p_cb->peer_io_caps];
1330 }
1331 }
1332
1333 return model;
1334 }
1335
1336 /*******************************************************************************
1337 ** Function smp_select_association_model_secure_connections
1338 **
1339 ** Description This function is called to select association mode if both
1340 ** sides support secure connections.
1341 **
1342 *******************************************************************************/
smp_select_association_model_secure_connections(tSMP_CB * p_cb)1343 tSMP_ASSO_MODEL smp_select_association_model_secure_connections(tSMP_CB *p_cb)
1344 {
1345 tSMP_ASSO_MODEL model = SMP_MODEL_OUT_OF_RANGE;
1346
1347 SMP_TRACE_DEBUG("%s\n", __func__);
1348 /* if OOB data is present on at least one device, then use OOB association model */
1349 if (p_cb->peer_oob_flag == SMP_OOB_PRESENT || p_cb->loc_oob_flag == SMP_OOB_PRESENT) {
1350 return SMP_MODEL_SEC_CONN_OOB;
1351 }
1352
1353 /* else if neither device requires MITM, then use Just Works association model */
1354 if (SMP_NO_MITM_REQUIRED (p_cb->peer_auth_req) && SMP_NO_MITM_REQUIRED(p_cb->loc_auth_req)) {
1355 return SMP_MODEL_SEC_CONN_JUSTWORKS;
1356 }
1357
1358 /* otherwise use IO capability to select association model */
1359 if (p_cb->peer_io_caps < SMP_IO_CAP_MAX && p_cb->local_io_capability < SMP_IO_CAP_MAX) {
1360 if (p_cb->role == HCI_ROLE_MASTER) {
1361 model = smp_association_table_sc[p_cb->role][p_cb->peer_io_caps]
1362 [p_cb->local_io_capability];
1363 } else {
1364 model = smp_association_table_sc[p_cb->role][p_cb->local_io_capability]
1365 [p_cb->peer_io_caps];
1366 }
1367 }
1368
1369 return model;
1370 }
1371
1372 /*******************************************************************************
1373 ** Function smp_reverse_array
1374 **
1375 ** Description This function reverses array bytes
1376 **
1377 *******************************************************************************/
smp_reverse_array(UINT8 * arr,UINT8 len)1378 void smp_reverse_array(UINT8 *arr, UINT8 len)
1379 {
1380 UINT8 i = 0, tmp;
1381
1382 SMP_TRACE_DEBUG("smp_reverse_array\n");
1383
1384 for (i = 0; i < len / 2; i ++) {
1385 tmp = arr[i];
1386 arr[i] = arr[len - 1 - i];
1387 arr[len - 1 - i] = tmp;
1388 }
1389 }
1390
1391 /*******************************************************************************
1392 ** Function smp_calculate_random_input
1393 **
1394 ** Description This function returns random input value to be used in commitment
1395 ** calculation for SC passkey entry association mode
1396 ** (if bit["round"] in "random" array == 1 then returns 0x81
1397 ** else returns 0x80).
1398 **
1399 ** Returns ri value
1400 **
1401 *******************************************************************************/
smp_calculate_random_input(UINT8 * random,UINT8 round)1402 UINT8 smp_calculate_random_input(UINT8 *random, UINT8 round)
1403 {
1404 UINT8 i = round / 8;
1405 UINT8 j = round % 8;
1406 UINT8 ri;
1407
1408 SMP_TRACE_DEBUG("random: 0x%02x, round: %d, i: %d, j: %d\n", random[i], round, i, j);
1409 ri = ((random[i] >> j) & 1) | 0x80;
1410 SMP_TRACE_DEBUG("%s ri=0x%02x\n", __func__, ri);
1411 return ri;
1412 }
1413
1414 /*******************************************************************************
1415 ** Function smp_collect_local_io_capabilities
1416 **
1417 ** Description This function puts into IOcap array local device
1418 ** IOCapability, OOB data, AuthReq.
1419 **
1420 ** Returns void
1421 **
1422 *******************************************************************************/
smp_collect_local_io_capabilities(UINT8 * iocap,tSMP_CB * p_cb)1423 void smp_collect_local_io_capabilities(UINT8 *iocap, tSMP_CB *p_cb)
1424 {
1425 SMP_TRACE_DEBUG("%s\n", __func__);
1426
1427 iocap[0] = p_cb->local_io_capability;
1428 iocap[1] = p_cb->loc_oob_flag;
1429 iocap[2] = p_cb->loc_auth_req;
1430 }
1431
1432 /*******************************************************************************
1433 ** Function smp_collect_peer_io_capabilities
1434 **
1435 ** Description This function puts into IOcap array peer device
1436 ** IOCapability, OOB data, AuthReq.
1437 **
1438 ** Returns void
1439 **
1440 *******************************************************************************/
smp_collect_peer_io_capabilities(UINT8 * iocap,tSMP_CB * p_cb)1441 void smp_collect_peer_io_capabilities(UINT8 *iocap, tSMP_CB *p_cb)
1442 {
1443 SMP_TRACE_DEBUG("%s\n", __func__);
1444
1445 iocap[0] = p_cb->peer_io_caps;
1446 iocap[1] = p_cb->peer_oob_flag;
1447 iocap[2] = p_cb->peer_auth_req;
1448 }
1449 #if (BLE_INCLUDED == TRUE)
1450 /*******************************************************************************
1451 ** Function smp_collect_local_ble_address
1452 **
1453 ** Description This function puts into le_addr array local device le address:
1454 ** le_addr[0-5] = local BD ADDR,
1455 ** le_addr[6] = local le address type (PUBLIC/RANDOM).
1456 **
1457 ** Returns void
1458 **
1459 *******************************************************************************/
smp_collect_local_ble_address(UINT8 * le_addr,tSMP_CB * p_cb)1460 void smp_collect_local_ble_address(UINT8 *le_addr, tSMP_CB *p_cb)
1461 {
1462 tBLE_ADDR_TYPE addr_type = 0;
1463 BD_ADDR bda;
1464 UINT8 *p = le_addr;
1465
1466 SMP_TRACE_DEBUG("%s\n", __func__);
1467
1468 BTM_ReadConnectionAddr( p_cb->pairing_bda, bda, &addr_type);
1469 BDADDR_TO_STREAM(p, bda);
1470 UINT8_TO_STREAM(p, addr_type);
1471 }
1472
1473 /*******************************************************************************
1474 ** Function smp_collect_peer_ble_address
1475 **
1476 ** Description This function puts into le_addr array peer device le address:
1477 ** le_addr[0-5] = peer BD ADDR,
1478 ** le_addr[6] = peer le address type (PUBLIC/RANDOM).
1479 **
1480 ** Returns void
1481 **
1482 *******************************************************************************/
smp_collect_peer_ble_address(UINT8 * le_addr,tSMP_CB * p_cb)1483 void smp_collect_peer_ble_address(UINT8 *le_addr, tSMP_CB *p_cb)
1484 {
1485 tBLE_ADDR_TYPE addr_type = 0;
1486 BD_ADDR bda;
1487 UINT8 *p = le_addr;
1488
1489 SMP_TRACE_DEBUG("%s\n", __func__);
1490
1491 if (!BTM_ReadRemoteConnectionAddr(p_cb->pairing_bda, bda, &addr_type)) {
1492 SMP_TRACE_ERROR("can not collect peer le addr information for unknown device\n");
1493 return;
1494 }
1495
1496 BDADDR_TO_STREAM(p, bda);
1497 UINT8_TO_STREAM(p, addr_type);
1498 }
1499
1500 /*******************************************************************************
1501 ** Function smp_check_commitment
1502 **
1503 ** Description This function compares peer commitment values:
1504 ** - expected (i.e. calculated locally),
1505 ** - received from the peer.
1506 **
1507 ** Returns TRUE if the values are the same
1508 ** FALSE otherwise
1509 **
1510 *******************************************************************************/
smp_check_commitment(tSMP_CB * p_cb)1511 BOOLEAN smp_check_commitment(tSMP_CB *p_cb)
1512 {
1513 BT_OCTET16 expected;
1514
1515 SMP_TRACE_DEBUG("%s\n", __func__);
1516
1517 smp_calculate_peer_commitment(p_cb, expected);
1518 print128(expected, (const UINT8 *)"calculated peer commitment");
1519 print128(p_cb->remote_commitment, (const UINT8 *)"received peer commitment");
1520
1521 if (memcmp(p_cb->remote_commitment, expected, BT_OCTET16_LEN)) {
1522 SMP_TRACE_WARNING("Commitment check fails\n");
1523 return FALSE;
1524 }
1525
1526 SMP_TRACE_DEBUG("Commitment check succeeds\n");
1527 return TRUE;
1528 }
1529
1530 /*******************************************************************************
1531 **
1532 ** Function smp_save_secure_connections_long_term_key
1533 **
1534 ** Description The function saves SC LTK as BLE key for future use as local
1535 ** and/or peer key.
1536 **
1537 ** Returns void
1538 **
1539 *******************************************************************************/
smp_save_secure_connections_long_term_key(tSMP_CB * p_cb)1540 void smp_save_secure_connections_long_term_key(tSMP_CB *p_cb)
1541 {
1542 tBTM_LE_LENC_KEYS lle_key;
1543 tBTM_LE_PENC_KEYS ple_key;
1544
1545 SMP_TRACE_DEBUG("%s-Save LTK as local LTK key\n", __func__);
1546 memcpy(lle_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
1547 lle_key.div = 0;
1548 lle_key.key_size = p_cb->loc_enc_size;
1549 lle_key.sec_level = p_cb->sec_level;
1550 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LENC, (tBTM_LE_KEY_VALUE *)&lle_key, TRUE);
1551
1552 SMP_TRACE_DEBUG("%s-Save LTK as peer LTK key\n", __func__);
1553 ple_key.ediv = 0;
1554 memset(ple_key.rand, 0, BT_OCTET8_LEN);
1555 memcpy(ple_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
1556 ple_key.sec_level = p_cb->sec_level;
1557 ple_key.key_size = p_cb->loc_enc_size;
1558 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PENC, (tBTM_LE_KEY_VALUE *)&ple_key, TRUE);
1559 }
1560
1561 /*******************************************************************************
1562 **
1563 ** Function smp_calculate_f5_mackey_and_long_term_key
1564 **
1565 ** Description The function calculates MacKey and LTK and saves them in CB.
1566 ** To calculate MacKey and LTK it calls smp_calc_f5(...).
1567 ** MacKey is used in dhkey calculation, LTK is used to encrypt
1568 ** the link.
1569 **
1570 ** Returns FALSE if out of resources, TRUE otherwise.
1571 **
1572 *******************************************************************************/
smp_calculate_f5_mackey_and_long_term_key(tSMP_CB * p_cb)1573 BOOLEAN smp_calculate_f5_mackey_and_long_term_key(tSMP_CB *p_cb)
1574 {
1575 UINT8 a[7];
1576 UINT8 b[7];
1577 UINT8 *p_na;
1578 UINT8 *p_nb;
1579
1580 SMP_TRACE_DEBUG("%s\n", __func__);
1581
1582 if (p_cb->role == HCI_ROLE_MASTER) {
1583 smp_collect_local_ble_address(a, p_cb);
1584 smp_collect_peer_ble_address(b, p_cb);
1585 p_na = p_cb->rand;
1586 p_nb = p_cb->rrand;
1587 } else {
1588 smp_collect_local_ble_address(b, p_cb);
1589 smp_collect_peer_ble_address(a, p_cb);
1590 p_na = p_cb->rrand;
1591 p_nb = p_cb->rand;
1592 }
1593
1594 if (!smp_calculate_f5(p_cb->dhkey, p_na, p_nb, a, b, p_cb->mac_key, p_cb->ltk)) {
1595 SMP_TRACE_ERROR("%s failed\n", __func__);
1596 return FALSE;
1597 }
1598
1599 SMP_TRACE_EVENT ("%s is completed\n", __func__);
1600 return TRUE;
1601 }
1602 #endif ///BLE_INCLUDED == TRUE
1603 /*******************************************************************************
1604 **
1605 ** Function smp_request_oob_data
1606 **
1607 ** Description Requests application to provide OOB data.
1608 **
1609 ** Returns TRUE - OOB data has to be provided by application
1610 ** FALSE - otherwise (unexpected)
1611 **
1612 *******************************************************************************/
smp_request_oob_data(tSMP_CB * p_cb)1613 BOOLEAN smp_request_oob_data(tSMP_CB *p_cb)
1614 {
1615 tSMP_OOB_DATA_TYPE req_oob_type = SMP_OOB_INVALID_TYPE;
1616
1617 SMP_TRACE_DEBUG("%s\n", __func__);
1618
1619 if (p_cb->peer_oob_flag == SMP_OOB_PRESENT && p_cb->loc_oob_flag == SMP_OOB_PRESENT) {
1620 /* both local and peer rcvd data OOB */
1621 req_oob_type = SMP_OOB_BOTH;
1622 } else if (p_cb->peer_oob_flag == SMP_OOB_PRESENT) {
1623 /* peer rcvd OOB local data, local didn't receive OOB peer data */
1624 req_oob_type = SMP_OOB_LOCAL;
1625 } else if (p_cb->loc_oob_flag == SMP_OOB_PRESENT) {
1626 req_oob_type = SMP_OOB_PEER;
1627 }
1628
1629 SMP_TRACE_DEBUG("req_oob_type = %d\n", req_oob_type);
1630
1631 if (req_oob_type == SMP_OOB_INVALID_TYPE) {
1632 return FALSE;
1633 }
1634
1635 p_cb->req_oob_type = req_oob_type;
1636 p_cb->cb_evt = SMP_SC_OOB_REQ_EVT;
1637 smp_sm_event(p_cb, SMP_TK_REQ_EVT, &req_oob_type);
1638
1639 return TRUE;
1640 }
1641
1642
1643 #endif
1644
