1 /******************************************************************************
2  *
3  *  Copyright 1999-2012 Broadcom Corporation
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 /******************************************************************************
20  *
21  *  This file contains security manager protocol utility functions
22  *
23  ******************************************************************************/
24 #include "bt_target.h"
25 
26 #include <base/bind.h>
27 #include <string.h>
28 #include "bt_utils.h"
29 #include "btm_ble_api.h"
30 #include "btm_ble_int.h"
31 #include "device/include/controller.h"
32 #include "hcimsgs.h"
33 #include "osi/include/osi.h"
34 #include "p_256_ecc_pp.h"
35 #include "smp_int.h"
36 #include "stack/btm/btm_dev.h"
37 #include "stack/btm/btm_sec.h"
38 #include "stack/crypto_toolbox/crypto_toolbox.h"
39 #include "stack/include/acl_api.h"
40 
41 #include <algorithm>
42 
43 extern tBTM_CB btm_cb;  // TODO Remove
44 
45 using base::Bind;
46 using crypto_toolbox::aes_128;
47 
48 #ifndef SMP_MAX_ENC_REPEAT
49 #define SMP_MAX_ENC_REPEAT 3
50 #endif
51 
52 static void smp_process_stk(tSMP_CB* p_cb, Octet16* p);
53 static Octet16 smp_calculate_legacy_short_term_key(tSMP_CB* p_cb);
54 static void smp_process_private_key(tSMP_CB* p_cb);
55 
56 #define SMP_PASSKEY_MASK 0xfff00000
57 
58 // If there is data saved here, then use its info instead
59 // This needs to be cleared on a successfult pairing using the oob data
60 static tSMP_LOC_OOB_DATA saved_local_oob_data = {};
61 
smp_save_local_oob_data(tSMP_CB * p_cb)62 void smp_save_local_oob_data(tSMP_CB* p_cb) {
63   saved_local_oob_data = p_cb->sc_oob_data.loc_oob_data;
64 }
65 
smp_clear_local_oob_data()66 void smp_clear_local_oob_data() { saved_local_oob_data = {}; }
67 
is_empty(tSMP_LOC_OOB_DATA * data)68 static bool is_empty(tSMP_LOC_OOB_DATA* data) {
69   tSMP_LOC_OOB_DATA empty_data = {};
70   return memcmp(data, &empty_data, sizeof(tSMP_LOC_OOB_DATA)) == 0;
71 }
72 
smp_debug_print_nbyte_little_endian(uint8_t * p,const char * key_name,uint8_t len)73 void smp_debug_print_nbyte_little_endian(uint8_t* p, const char* key_name,
74                                          uint8_t len) {
75 }
76 
smp_debug_print_nbyte_little_endian(const Octet16 & p,const char * key_name,uint8_t len)77 inline void smp_debug_print_nbyte_little_endian(const Octet16& p,
78                                                 const char* key_name,
79                                                 uint8_t len) {
80   smp_debug_print_nbyte_little_endian(const_cast<uint8_t*>(p.data()), key_name,
81                                       len);
82 }
83 
smp_debug_print_nbyte_big_endian(uint8_t * p,const char * key_name,uint8_t len)84 void smp_debug_print_nbyte_big_endian(uint8_t* p, const char* key_name,
85                                       uint8_t len) {
86 }
87 
88 /** This function is called to process a passkey. */
smp_proc_passkey(tSMP_CB * p_cb,BT_OCTET8 rand)89 void smp_proc_passkey(tSMP_CB* p_cb, BT_OCTET8 rand) {
90   uint8_t* tt = p_cb->tk.data();
91   uint32_t passkey; /* 19655 test number; */
92   uint8_t* pp = rand;
93 
94   SMP_TRACE_DEBUG("%s", __func__);
95   STREAM_TO_UINT32(passkey, pp);
96   passkey &= ~SMP_PASSKEY_MASK;
97 
98   /* truncate by maximum value */
99   while (passkey > BTM_MAX_PASSKEY_VAL) passkey >>= 1;
100 
101   /* save the TK */
102   p_cb->tk = {0};
103   UINT32_TO_STREAM(tt, passkey);
104 
105   if (p_cb->p_callback) {
106     tSMP_EVT_DATA smp_evt_data;
107     smp_evt_data.passkey = passkey;
108     (*p_cb->p_callback)(SMP_PASSKEY_NOTIF_EVT, p_cb->pairing_bda,
109                         &smp_evt_data);
110   }
111 
112   if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_PASSKEY_DISP) {
113     tSMP_INT_DATA smp_int_data;
114     smp_int_data.passkey = passkey;
115     smp_sm_event(&smp_cb, SMP_KEY_READY_EVT, &smp_int_data);
116   } else {
117     tSMP_KEY key;
118     key.key_type = SMP_KEY_TYPE_TK;
119     key.p_data = p_cb->tk.data();
120     tSMP_INT_DATA smp_int_data;
121     smp_int_data.key = key;
122     smp_sm_event(p_cb, SMP_KEY_READY_EVT, &smp_int_data);
123   }
124 }
125 
126 /*******************************************************************************
127  *
128  * Function         smp_generate_passkey
129  *
130  * Description      This function is called to generate passkey.
131  *
132  * Returns          void
133  *
134  ******************************************************************************/
smp_generate_passkey(tSMP_CB * p_cb,UNUSED_ATTR tSMP_INT_DATA * p_data)135 void smp_generate_passkey(tSMP_CB* p_cb, UNUSED_ATTR tSMP_INT_DATA* p_data) {
136   SMP_TRACE_DEBUG("%s", __func__);
137   /* generate MRand or SRand */
138   btsnd_hcic_ble_rand(Bind(&smp_proc_passkey, p_cb));
139 }
140 
141 /*******************************************************************************
142  *
143  * Function         smp_generate_stk
144  *
145  * Description      This function is called to generate STK calculated by
146  *                  running AES with the TK value as key and a concatenation of
147  *                  the random values.
148  *
149  * Returns          void
150  *
151  ******************************************************************************/
smp_generate_stk(tSMP_CB * p_cb,UNUSED_ATTR tSMP_INT_DATA * p_data)152 void smp_generate_stk(tSMP_CB* p_cb, UNUSED_ATTR tSMP_INT_DATA* p_data) {
153   Octet16 output;
154 
155   SMP_TRACE_DEBUG("%s", __func__);
156 
157   if (p_cb->le_secure_connections_mode_is_used) {
158     SMP_TRACE_DEBUG("FOR LE SC LTK IS USED INSTEAD OF STK");
159     output = p_cb->ltk;
160   } else {
161     output = smp_calculate_legacy_short_term_key(p_cb);
162   }
163 
164   smp_process_stk(p_cb, &output);
165 }
166 
167 /**
168  * This function is called to calculate CSRK
169  */
smp_compute_csrk(uint16_t div,tSMP_CB * p_cb)170 void smp_compute_csrk(uint16_t div, tSMP_CB* p_cb) {
171   uint8_t buffer[4]; /* for (r || DIV)  r=1*/
172   uint16_t r = 1;
173   uint8_t* p = buffer;
174 
175   p_cb->div = div;
176 
177   SMP_TRACE_DEBUG("%s: div=%x", __func__, p_cb->div);
178   const Octet16& er = BTM_GetDeviceEncRoot();
179   /* CSRK = d1(ER, DIV, 1) */
180   UINT16_TO_STREAM(p, p_cb->div);
181   UINT16_TO_STREAM(p, r);
182 
183   p_cb->csrk = aes_128(er, buffer, 4);
184   smp_send_csrk_info(p_cb, NULL);
185 }
186 
187 /**
188  * This function is called to calculate CSRK, starting with DIV generation.
189  */
smp_generate_csrk(tSMP_CB * p_cb,UNUSED_ATTR tSMP_INT_DATA * p_data)190 void smp_generate_csrk(tSMP_CB* p_cb, UNUSED_ATTR tSMP_INT_DATA* p_data) {
191   bool div_status;
192 
193   SMP_TRACE_DEBUG("smp_generate_csrk");
194 
195   div_status = btm_get_local_div(p_cb->pairing_bda, &p_cb->div);
196   if (div_status) {
197     smp_compute_csrk(p_cb->div, p_cb);
198   } else {
199     SMP_TRACE_DEBUG("Generate DIV for CSRK");
200     btsnd_hcic_ble_rand(Bind(
201         [](tSMP_CB* p_cb, BT_OCTET8 rand) {
202           uint16_t div;
203           STREAM_TO_UINT16(div, rand);
204           smp_compute_csrk(div, p_cb);
205         },
206         p_cb));
207   }
208 }
209 
210 /*******************************************************************************
211  * Function         smp_concatenate_peer - LSB first
212  *                  add pairing command sent from local device into p1.
213  ******************************************************************************/
smp_concatenate_local(tSMP_CB * p_cb,uint8_t ** p_data,uint8_t op_code)214 void smp_concatenate_local(tSMP_CB* p_cb, uint8_t** p_data, uint8_t op_code) {
215   uint8_t* p = *p_data;
216 
217   SMP_TRACE_DEBUG("%s", __func__);
218   UINT8_TO_STREAM(p, op_code);
219   UINT8_TO_STREAM(p, p_cb->local_io_capability);
220   UINT8_TO_STREAM(p, p_cb->loc_oob_flag);
221   UINT8_TO_STREAM(p, p_cb->loc_auth_req);
222   UINT8_TO_STREAM(p, p_cb->loc_enc_size);
223   UINT8_TO_STREAM(p, p_cb->local_i_key);
224   UINT8_TO_STREAM(p, p_cb->local_r_key);
225 
226   *p_data = p;
227 }
228 
229 /*******************************************************************************
230  * Function         smp_concatenate_peer - LSB first
231  *                  add pairing command received from peer device into p1.
232  ******************************************************************************/
smp_concatenate_peer(tSMP_CB * p_cb,uint8_t ** p_data,uint8_t op_code)233 void smp_concatenate_peer(tSMP_CB* p_cb, uint8_t** p_data, uint8_t op_code) {
234   uint8_t* p = *p_data;
235 
236   SMP_TRACE_DEBUG("smp_concatenate_peer ");
237   UINT8_TO_STREAM(p, op_code);
238   UINT8_TO_STREAM(p, p_cb->peer_io_caps);
239   UINT8_TO_STREAM(p, p_cb->peer_oob_flag);
240   UINT8_TO_STREAM(p, p_cb->peer_auth_req);
241   UINT8_TO_STREAM(p, p_cb->peer_enc_size);
242   UINT8_TO_STREAM(p, p_cb->peer_i_key);
243   UINT8_TO_STREAM(p, p_cb->peer_r_key);
244 
245   *p_data = p;
246 }
247 
248 /** Generate Confirm/Compare Step1:
249  *                  p1 = (MSB) pres || preq || rat' || iat' (LSB)
250  *                  Fill in values LSB first thus
251  *                  p1 = iat' || rat' || preq || pres
252  */
smp_gen_p1_4_confirm(tSMP_CB * p_cb,tBLE_ADDR_TYPE remote_bd_addr_type)253 Octet16 smp_gen_p1_4_confirm(tSMP_CB* p_cb,
254                              tBLE_ADDR_TYPE remote_bd_addr_type) {
255   SMP_TRACE_DEBUG("%s", __func__);
256   Octet16 p1;
257   uint8_t* p = p1.data();
258   if (p_cb->role == HCI_ROLE_CENTRAL) {
259     /* iat': initiator's (local) address type */
260     UINT8_TO_STREAM(p, p_cb->addr_type);
261     /* rat': responder's (remote) address type */
262     UINT8_TO_STREAM(p, remote_bd_addr_type);
263     /* preq : Pairing Request (local) command */
264     smp_concatenate_local(p_cb, &p, SMP_OPCODE_PAIRING_REQ);
265     /* pres : Pairing Response (remote) command */
266     smp_concatenate_peer(p_cb, &p, SMP_OPCODE_PAIRING_RSP);
267   } else {
268     /* iat': initiator's (remote) address type */
269     UINT8_TO_STREAM(p, remote_bd_addr_type);
270     /* rat': responder's (local) address type */
271     UINT8_TO_STREAM(p, p_cb->addr_type);
272     /* preq : Pairing Request (remote) command */
273     smp_concatenate_peer(p_cb, &p, SMP_OPCODE_PAIRING_REQ);
274     /* pres : Pairing Response (local) command */
275     smp_concatenate_local(p_cb, &p, SMP_OPCODE_PAIRING_RSP);
276   }
277   smp_debug_print_nbyte_little_endian(p1, "p1 = iat' || rat' || preq || pres",
278                                       16);
279 
280   return p1;
281 }
282 
283 /** Generate Confirm/Compare Step2:
284  *                  p2 = (MSB) padding || ia || ra (LSB)
285  *                  Fill values LSB first and thus:
286  *                  p2 = ra || ia || padding
287  */
smp_gen_p2_4_confirm(tSMP_CB * p_cb,const RawAddress & remote_bda)288 Octet16 smp_gen_p2_4_confirm(tSMP_CB* p_cb, const RawAddress& remote_bda) {
289   SMP_TRACE_DEBUG("%s", __func__);
290   Octet16 p2{0};
291   uint8_t* p = p2.data();
292   /* 32-bit Padding */
293   memset(p, 0, OCTET16_LEN);
294   if (p_cb->role == HCI_ROLE_CENTRAL) {
295     /* ra : Responder's (remote) address */
296     BDADDR_TO_STREAM(p, remote_bda);
297     /* ia : Initiator's (local) address */
298     BDADDR_TO_STREAM(p, p_cb->local_bda);
299   } else {
300     /* ra : Responder's (local) address */
301     BDADDR_TO_STREAM(p, p_cb->local_bda);
302     /* ia : Initiator's (remote) address */
303     BDADDR_TO_STREAM(p, remote_bda);
304   }
305   smp_debug_print_nbyte_little_endian(p2, "p2 = ra || ia || padding", 16);
306   return p2;
307 }
308 
309 /*******************************************************************************
310  *
311  * Function         smp_calculate_comfirm
312  *
313  * Description      This function (c1) is called to calculate Confirm value.
314  *
315  * Returns          tSMP_STATUS status of confirmation calculation
316  *
317  ******************************************************************************/
smp_calculate_comfirm(tSMP_CB * p_cb,const Octet16 & rand,Octet16 * output)318 tSMP_STATUS smp_calculate_comfirm(tSMP_CB* p_cb, const Octet16& rand,
319                                   Octet16* output) {
320   SMP_TRACE_DEBUG("%s", __func__);
321   RawAddress remote_bda;
322   tBLE_ADDR_TYPE remote_bd_addr_type = BLE_ADDR_PUBLIC;
323   /* get remote connection specific bluetooth address */
324   if (!BTM_ReadRemoteConnectionAddr(p_cb->pairing_bda, remote_bda,
325                                     &remote_bd_addr_type)) {
326     SMP_TRACE_ERROR("%s: cannot obtain remote device address", __func__);
327     return SMP_PAIR_FAIL_UNKNOWN;
328   }
329   /* get local connection specific bluetooth address */
330   BTM_ReadConnectionAddr(p_cb->pairing_bda, p_cb->local_bda, &p_cb->addr_type);
331   /* generate p1 = pres || preq || rat' || iat' */
332   Octet16 p1 = smp_gen_p1_4_confirm(p_cb, remote_bd_addr_type);
333   /* p1' = rand XOR p1 */
334   smp_xor_128(&p1, rand);
335   smp_debug_print_nbyte_little_endian(p1, "p1' = p1 XOR r", 16);
336   /* calculate e1 = e(k, p1'), where k = TK */
337   smp_debug_print_nbyte_little_endian(p_cb->tk.data(), "TK", 16);
338   Octet16 e1 = aes_128(p_cb->tk, p1);
339   smp_debug_print_nbyte_little_endian(e1.data(), "e1 = e(k, p1')", 16);
340   /* generate p2 = padding || ia || ra */
341   Octet16 p2 = smp_gen_p2_4_confirm(p_cb, remote_bda);
342   /* calculate p2' = (p2 XOR e1) */
343   smp_xor_128(&p2, e1);
344   smp_debug_print_nbyte_little_endian(p2, "p2' = p2 XOR e1", 16);
345   /* calculate: c1 = e(k, p2') */
346   *output = aes_128(p_cb->tk, p2);
347   return SMP_SUCCESS;
348 }
349 
350 /*******************************************************************************
351  *
352  * Function         smp_generate_confirm
353  *
354  * Description      This function is called when random number (MRand or SRand)
355  *                  is generated by the controller and the stack needs to
356  *                  calculate c1 value (MConfirm or SConfirm) for the first time
357  *
358  * Returns          void
359  *
360  ******************************************************************************/
smp_generate_confirm(tSMP_CB * p_cb)361 static void smp_generate_confirm(tSMP_CB* p_cb) {
362   SMP_TRACE_DEBUG("%s", __func__);
363   smp_debug_print_nbyte_little_endian(p_cb->rand.data(), "local_rand", 16);
364   Octet16 output;
365   tSMP_STATUS status = smp_calculate_comfirm(p_cb, p_cb->rand, &output);
366   if (status != SMP_SUCCESS) {
367     tSMP_INT_DATA smp_int_data;
368     smp_int_data.status = status;
369     smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
370     return;
371   }
372   tSMP_KEY key;
373   p_cb->confirm = output;
374   smp_debug_print_nbyte_little_endian(p_cb->confirm, "Local Confirm generated",
375                                       16);
376   key.key_type = SMP_KEY_TYPE_CFM;
377   key.p_data = output.data();
378   tSMP_INT_DATA smp_int_data;
379   smp_int_data.key = key;
380   smp_sm_event(p_cb, SMP_KEY_READY_EVT, &smp_int_data);
381 }
382 
383 /*******************************************************************************
384  *
385  * Function         smp_generate_srand_mrand_confirm
386  *
387  * Description      This function is called to start the second pairing phase by
388  *                  start generating random number.
389  *
390  *
391  * Returns          void
392  *
393  ******************************************************************************/
smp_generate_srand_mrand_confirm(tSMP_CB * p_cb,UNUSED_ATTR tSMP_INT_DATA * p_data)394 void smp_generate_srand_mrand_confirm(tSMP_CB* p_cb,
395                                       UNUSED_ATTR tSMP_INT_DATA* p_data) {
396   SMP_TRACE_DEBUG("%s", __func__);
397   /* generate MRand or SRand */
398   btsnd_hcic_ble_rand(Bind(
399       [](tSMP_CB* p_cb, BT_OCTET8 rand) {
400         memcpy(p_cb->rand.data(), rand, 8);
401 
402         /* generate 64 MSB of MRand or SRand */
403         btsnd_hcic_ble_rand(Bind(
404             [](tSMP_CB* p_cb, BT_OCTET8 rand) {
405               memcpy((void*)&p_cb->rand[8], rand, BT_OCTET8_LEN);
406               smp_generate_confirm(p_cb);
407             },
408             p_cb));
409       },
410       p_cb));
411 }
412 
413 /*******************************************************************************
414  *
415  * Function         smp_generate_compare
416  *
417  * Description      This function is called when random number (MRand or SRand)
418  *                  is received from remote device and the c1 value (MConfirm
419  *                  or SConfirm) needs to be generated to authenticate remote
420  *                  device.
421  *
422  * Returns          void
423  *
424  ******************************************************************************/
smp_generate_compare(tSMP_CB * p_cb,UNUSED_ATTR tSMP_INT_DATA * p_data)425 void smp_generate_compare(tSMP_CB* p_cb, UNUSED_ATTR tSMP_INT_DATA* p_data) {
426   SMP_TRACE_DEBUG("smp_generate_compare ");
427   smp_debug_print_nbyte_little_endian(p_cb->rrand, "peer rand", 16);
428   Octet16 output;
429   tSMP_STATUS status = smp_calculate_comfirm(p_cb, p_cb->rrand, &output);
430   if (status != SMP_SUCCESS) {
431     tSMP_INT_DATA smp_int_data;
432     smp_int_data.status = status;
433     smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
434     return;
435   }
436   tSMP_KEY key;
437   smp_debug_print_nbyte_little_endian(output.data(), "Remote Confirm generated",
438                                       16);
439   key.key_type = SMP_KEY_TYPE_CMP;
440   key.p_data = output.data();
441   tSMP_INT_DATA smp_int_data;
442   smp_int_data.key = key;
443   smp_sm_event(p_cb, SMP_KEY_READY_EVT, &smp_int_data);
444 }
445 
446 /** This function is called when STK is generated proceed to send the encrypt
447  * the link using STK. */
smp_process_stk(tSMP_CB * p_cb,Octet16 * p)448 static void smp_process_stk(tSMP_CB* p_cb, Octet16* p) {
449   tSMP_KEY key;
450 
451   SMP_TRACE_DEBUG("smp_process_stk ");
452   smp_mask_enc_key(p_cb->loc_enc_size, p);
453 
454   key.key_type = SMP_KEY_TYPE_STK;
455   key.p_data = p->data();
456 
457   tSMP_INT_DATA smp_int_data;
458   smp_int_data.key = key;
459   smp_sm_event(p_cb, SMP_KEY_READY_EVT, &smp_int_data);
460 }
461 
462 /** This function calculates EDIV = Y xor DIV */
smp_process_ediv(tSMP_CB * p_cb,Octet16 & p)463 static void smp_process_ediv(tSMP_CB* p_cb, Octet16& p) {
464   tSMP_KEY key;
465   uint8_t* pp = p.data();
466   uint16_t y;
467 
468   SMP_TRACE_DEBUG("smp_process_ediv ");
469   STREAM_TO_UINT16(y, pp);
470 
471   /* EDIV = Y xor DIV */
472   p_cb->ediv = p_cb->div ^ y;
473   /* send LTK ready */
474   SMP_TRACE_ERROR("LTK ready");
475   key.key_type = SMP_KEY_TYPE_LTK;
476   key.p_data = p.data();
477 
478   tSMP_INT_DATA smp_int_data;
479   smp_int_data.key = key;
480   smp_sm_event(p_cb, SMP_KEY_READY_EVT, &smp_int_data);
481 }
482 
483 /**
484  * This function is to proceed generate Y = E(DHK, Rand)
485  */
smp_generate_y(tSMP_CB * p_cb,BT_OCTET8 rand)486 static void smp_generate_y(tSMP_CB* p_cb, BT_OCTET8 rand) {
487   SMP_TRACE_DEBUG("%s ", __func__);
488 
489   const Octet16& dhk = BTM_GetDeviceDHK();
490 
491   memcpy(p_cb->enc_rand, rand, BT_OCTET8_LEN);
492   Octet16 output = aes_128(dhk, rand, BT_OCTET8_LEN);
493   smp_process_ediv(p_cb, output);
494 }
495 
496 /**
497  * Calculate LTK = d1(ER, DIV, 0)= e(ER, DIV)
498  */
smp_generate_ltk_cont(uint16_t div,tSMP_CB * p_cb)499 static void smp_generate_ltk_cont(uint16_t div, tSMP_CB* p_cb) {
500   p_cb->div = div;
501 
502   SMP_TRACE_DEBUG("%s", __func__);
503   const Octet16& er = BTM_GetDeviceEncRoot();
504 
505   /* LTK = d1(ER, DIV, 0)= e(ER, DIV)*/
506   Octet16 ltk = aes_128(er, (uint8_t*)&p_cb->div, sizeof(uint16_t));
507   /* mask the LTK */
508   smp_mask_enc_key(p_cb->loc_enc_size, &ltk);
509   p_cb->ltk = ltk;
510 
511   /* generate EDIV and rand now */
512   btsnd_hcic_ble_rand(Bind(&smp_generate_y, p_cb));
513 }
514 
515 /*******************************************************************************
516  *
517  * Function         smp_generate_ltk
518  *
519  * Description      This function is called:
520  *                  - in legacy pairing - to calculate LTK, starting with DIV
521  *                    generation;
522  *                  - in LE Secure Connections pairing over LE transport - to
523  *                    process LTK already generated to encrypt LE link;
524  *                  - in LE Secure Connections pairing over BR/EDR transport -
525  *                    to start BR/EDR Link Key processing.
526  *
527  * Returns          void
528  *
529  ******************************************************************************/
smp_generate_ltk(tSMP_CB * p_cb,UNUSED_ATTR tSMP_INT_DATA * p_data)530 void smp_generate_ltk(tSMP_CB* p_cb, UNUSED_ATTR tSMP_INT_DATA* p_data) {
531   SMP_TRACE_DEBUG("%s", __func__);
532 
533   if (smp_get_br_state() == SMP_BR_STATE_BOND_PENDING) {
534     smp_br_process_link_key(p_cb, NULL);
535     return;
536   } else if (p_cb->le_secure_connections_mode_is_used) {
537     smp_process_secure_connection_long_term_key();
538     return;
539   }
540 
541   bool div_status = btm_get_local_div(p_cb->pairing_bda, &p_cb->div);
542 
543   if (div_status) {
544     smp_generate_ltk_cont(p_cb->div, p_cb);
545   } else {
546     SMP_TRACE_DEBUG("%s: Generate DIV for LTK", __func__);
547 
548     /* generate MRand or SRand */
549     btsnd_hcic_ble_rand(Bind(
550         [](tSMP_CB* p_cb, BT_OCTET8 rand) {
551           uint16_t div;
552           STREAM_TO_UINT16(div, rand);
553           smp_generate_ltk_cont(div, p_cb);
554         },
555         p_cb));
556   }
557 }
558 
559 /* The function calculates legacy STK */
smp_calculate_legacy_short_term_key(tSMP_CB * p_cb)560 Octet16 smp_calculate_legacy_short_term_key(tSMP_CB* p_cb) {
561   SMP_TRACE_DEBUG("%s", __func__);
562 
563   Octet16 text{0};
564   if (p_cb->role == HCI_ROLE_CENTRAL) {
565     memcpy(text.data(), p_cb->rand.data(), BT_OCTET8_LEN);
566     memcpy(text.data() + BT_OCTET8_LEN, p_cb->rrand.data(), BT_OCTET8_LEN);
567   } else {
568     memcpy(text.data(), p_cb->rrand.data(), BT_OCTET8_LEN);
569     memcpy(text.data() + BT_OCTET8_LEN, p_cb->rand.data(), BT_OCTET8_LEN);
570   }
571 
572   /* generate STK = Etk(rand|rrand)*/
573   return aes_128(p_cb->tk, text);
574 }
575 
576 /*******************************************************************************
577  *
578  * Function         smp_create_private_key
579  *
580  * Description      This function is called to create private key used to
581  *                  calculate public key and DHKey.
582  *                  The function starts private key creation requesting
583  *                  for the controller to generate [0-7] octets of private key.
584  *
585  * Returns          void
586  *
587  ******************************************************************************/
smp_create_private_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)588 void smp_create_private_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
589   SMP_TRACE_DEBUG("%s", __func__);
590 
591   // Only use the stored OOB data if we are in an oob association model
592   if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) {
593     LOG_WARN("OOB Association Model");
594     // Make sure our data isn't empty, otherwise we generate new and eventually
595     // pairing will fail Not much we can do about it at this point, just have to
596     // generate new data The data will be cleared after the advertiser times
597     // out, so if the advertiser times out we want the pairing to fail anyway.
598     if (!is_empty(&saved_local_oob_data)) {
599       LOG_WARN("Found OOB data, loading keys");
600       for (int i = 0; i < BT_OCTET32_LEN; i++) {
601         p_cb->private_key[i] = saved_local_oob_data.private_key_used[i];
602         p_cb->loc_publ_key.x[i] = saved_local_oob_data.publ_key_used.x[i];
603         p_cb->loc_publ_key.y[i] = saved_local_oob_data.publ_key_used.y[i];
604       }
605       p_cb->sc_oob_data.loc_oob_data = saved_local_oob_data;
606       p_cb->local_random = saved_local_oob_data.randomizer;
607       smp_process_private_key(p_cb);
608       return;
609     }
610     LOG_WARN("OOB Association Model with no saved data present");
611   }
612 
613   btsnd_hcic_ble_rand(Bind(
614       [](tSMP_CB* p_cb, BT_OCTET8 rand) {
615         memcpy((void*)p_cb->private_key, rand, BT_OCTET8_LEN);
616         btsnd_hcic_ble_rand(Bind(
617             [](tSMP_CB* p_cb, BT_OCTET8 rand) {
618               memcpy((void*)&p_cb->private_key[8], rand, BT_OCTET8_LEN);
619               btsnd_hcic_ble_rand(Bind(
620                   [](tSMP_CB* p_cb, BT_OCTET8 rand) {
621                     memcpy((void*)&p_cb->private_key[16], rand, BT_OCTET8_LEN);
622                     btsnd_hcic_ble_rand(Bind(
623                         [](tSMP_CB* p_cb, BT_OCTET8 rand) {
624                           memcpy((void*)&p_cb->private_key[24], rand,
625                                  BT_OCTET8_LEN);
626                           smp_process_private_key(p_cb);
627                         },
628                         p_cb));
629                   },
630                   p_cb));
631             },
632             p_cb));
633       },
634       p_cb));
635 }
636 
637 /*******************************************************************************
638  *
639  * Function         smp_use_oob_private_key
640  *
641  * Description      This function is called
642  *                  - to save the secret key used to calculate the public key
643  *                    used in calculations of commitment sent OOB to a peer
644  *                  - to use this secret key to recalculate the public key and
645  *                    start the process of sending this public key to the peer
646  *                  if secret/public keys have to be reused.
647  *                  If the keys aren't supposed to be reused, continue from the
648  *                  point from which request for OOB data was issued.
649  *
650  * Returns          void
651  *
652  ******************************************************************************/
smp_use_oob_private_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)653 void smp_use_oob_private_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
654   LOG_INFO("req_oob_type: %d, role: %d", p_cb->req_oob_type, p_cb->role);
655 
656   switch (p_cb->req_oob_type) {
657     case SMP_OOB_BOTH:
658     case SMP_OOB_LOCAL:
659       LOG_INFO("restore secret key");
660       memcpy(p_cb->private_key, p_cb->sc_oob_data.loc_oob_data.private_key_used,
661              BT_OCTET32_LEN);
662       smp_process_private_key(p_cb);
663       break;
664     default:
665       LOG_INFO("create secret key anew");
666       smp_set_state(SMP_STATE_PAIR_REQ_RSP);
667       smp_decide_association_model(p_cb, NULL);
668       break;
669   }
670 }
671 
672 /*******************************************************************************
673  *
674  * Function         smp_process_private_key
675  *
676  * Description      This function processes private key.
677  *                  It calculates public key and notifies SM that private key /
678  *                  public key pair is created.
679  *
680  * Returns          void
681  *
682  ******************************************************************************/
smp_process_private_key(tSMP_CB * p_cb)683 void smp_process_private_key(tSMP_CB* p_cb) {
684   Point public_key;
685   BT_OCTET32 private_key;
686 
687   SMP_TRACE_DEBUG("%s", __func__);
688 
689   memcpy(private_key, p_cb->private_key, BT_OCTET32_LEN);
690   ECC_PointMult(&public_key, &(curve_p256.G), (uint32_t*)private_key);
691   memcpy(p_cb->loc_publ_key.x, public_key.x, BT_OCTET32_LEN);
692   memcpy(p_cb->loc_publ_key.y, public_key.y, BT_OCTET32_LEN);
693 
694   smp_debug_print_nbyte_little_endian(p_cb->private_key, "private",
695                                       BT_OCTET32_LEN);
696   smp_debug_print_nbyte_little_endian(p_cb->loc_publ_key.x, "local public(x)",
697                                       BT_OCTET32_LEN);
698   smp_debug_print_nbyte_little_endian(p_cb->loc_publ_key.y, "local public(y)",
699                                       BT_OCTET32_LEN);
700   p_cb->flags |= SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY;
701   smp_sm_event(p_cb, SMP_LOC_PUBL_KEY_CRTD_EVT, NULL);
702 }
703 
704 /*******************************************************************************
705  *
706  * Function         smp_compute_dhkey
707  *
708  * Description      The function:
709  *                  - calculates a new public key using as input local private
710  *                    key and peer public key;
711  *                  - saves the new public key x-coordinate as DHKey.
712  *
713  * Returns          void
714  *
715  ******************************************************************************/
smp_compute_dhkey(tSMP_CB * p_cb)716 void smp_compute_dhkey(tSMP_CB* p_cb) {
717   Point peer_publ_key, new_publ_key;
718   BT_OCTET32 private_key;
719 
720   SMP_TRACE_DEBUG("%s", __func__);
721 
722   memcpy(private_key, p_cb->private_key, BT_OCTET32_LEN);
723   memcpy(peer_publ_key.x, p_cb->peer_publ_key.x, BT_OCTET32_LEN);
724   memcpy(peer_publ_key.y, p_cb->peer_publ_key.y, BT_OCTET32_LEN);
725 
726   ECC_PointMult(&new_publ_key, &peer_publ_key, (uint32_t*)private_key);
727 
728   memcpy(p_cb->dhkey, new_publ_key.x, BT_OCTET32_LEN);
729 
730   smp_debug_print_nbyte_little_endian(p_cb->dhkey, "Old DHKey", BT_OCTET32_LEN);
731 
732   smp_debug_print_nbyte_little_endian(p_cb->private_key, "private",
733                                       BT_OCTET32_LEN);
734   smp_debug_print_nbyte_little_endian(p_cb->peer_publ_key.x, "rem public(x)",
735                                       BT_OCTET32_LEN);
736   smp_debug_print_nbyte_little_endian(p_cb->peer_publ_key.y, "rem public(y)",
737                                       BT_OCTET32_LEN);
738   smp_debug_print_nbyte_little_endian(p_cb->dhkey, "Reverted DHKey",
739                                       BT_OCTET32_LEN);
740 }
741 
742 /** The function calculates and saves local commmitment in CB. */
smp_calculate_local_commitment(tSMP_CB * p_cb)743 void smp_calculate_local_commitment(tSMP_CB* p_cb) {
744   uint8_t random_input;
745 
746   SMP_TRACE_DEBUG("%s", __func__);
747 
748   switch (p_cb->selected_association_model) {
749     case SMP_MODEL_SEC_CONN_JUSTWORKS:
750     case SMP_MODEL_SEC_CONN_NUM_COMP:
751       if (p_cb->role == HCI_ROLE_CENTRAL)
752         SMP_TRACE_WARNING(
753             "local commitment calc on central is not expected "
754             "for Just Works/Numeric Comparison models");
755       p_cb->commitment = crypto_toolbox::f4(
756           p_cb->loc_publ_key.x, p_cb->peer_publ_key.x, p_cb->rand, 0);
757       break;
758     case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
759     case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
760       random_input =
761           smp_calculate_random_input(p_cb->local_random.data(), p_cb->round);
762       p_cb->commitment =
763           crypto_toolbox::f4(p_cb->loc_publ_key.x, p_cb->peer_publ_key.x,
764                              p_cb->rand, random_input);
765       break;
766     case SMP_MODEL_SEC_CONN_OOB:
767       SMP_TRACE_WARNING(
768           "local commitment calc is expected for OOB model BEFORE pairing");
769       p_cb->commitment = crypto_toolbox::f4(
770           p_cb->loc_publ_key.x, p_cb->loc_publ_key.x, p_cb->local_random, 0);
771       break;
772     default:
773       SMP_TRACE_ERROR("Association Model = %d is not used in LE SC",
774                       p_cb->selected_association_model);
775       return;
776   }
777 
778   SMP_TRACE_EVENT("local commitment calculation is completed");
779 }
780 
781 /** The function calculates peer commmitment */
smp_calculate_peer_commitment(tSMP_CB * p_cb)782 Octet16 smp_calculate_peer_commitment(tSMP_CB* p_cb) {
783   uint8_t ri;
784 
785   SMP_TRACE_DEBUG("%s", __func__);
786   Octet16 output;
787   switch (p_cb->selected_association_model) {
788     case SMP_MODEL_SEC_CONN_JUSTWORKS:
789     case SMP_MODEL_SEC_CONN_NUM_COMP:
790       if (p_cb->role == HCI_ROLE_PERIPHERAL)
791         SMP_TRACE_WARNING(
792             "peer commitment calc on peripheral is not expected "
793             "for Just Works/Numeric Comparison models");
794       output = crypto_toolbox::f4(p_cb->peer_publ_key.x, p_cb->loc_publ_key.x,
795                                   p_cb->rrand, 0);
796       break;
797     case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
798     case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
799       ri = smp_calculate_random_input(p_cb->peer_random.data(), p_cb->round);
800       output = crypto_toolbox::f4(p_cb->peer_publ_key.x, p_cb->loc_publ_key.x,
801                                   p_cb->rrand, ri);
802       break;
803     case SMP_MODEL_SEC_CONN_OOB:
804       output = crypto_toolbox::f4(p_cb->peer_publ_key.x, p_cb->peer_publ_key.x,
805                                   p_cb->peer_random, 0);
806       break;
807     default:
808       SMP_TRACE_ERROR("Association Model = %d is not used in LE SC",
809                       p_cb->selected_association_model);
810       return output;
811   }
812 
813   SMP_TRACE_EVENT("peer commitment calculation is completed");
814   return output;
815 }
816 
817 /*******************************************************************************
818  *
819  * Function         smp_calculate_numeric_comparison_display_number
820  *
821  * Description      The function calculates and saves number to display in
822  *                  numeric comparison association mode.
823  *
824  * Returns          void
825  *
826  ******************************************************************************/
smp_calculate_numeric_comparison_display_number(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)827 void smp_calculate_numeric_comparison_display_number(tSMP_CB* p_cb,
828                                                      tSMP_INT_DATA* p_data) {
829   SMP_TRACE_DEBUG("%s", __func__);
830 
831   if (p_cb->role == HCI_ROLE_CENTRAL) {
832     p_cb->number_to_display = crypto_toolbox::g2(
833         p_cb->loc_publ_key.x, p_cb->peer_publ_key.x, p_cb->rand, p_cb->rrand);
834   } else {
835     p_cb->number_to_display = crypto_toolbox::g2(
836         p_cb->peer_publ_key.x, p_cb->loc_publ_key.x, p_cb->rrand, p_cb->rand);
837   }
838 
839   if (p_cb->number_to_display >= (BTM_MAX_PASSKEY_VAL + 1)) {
840     tSMP_INT_DATA smp_int_data;
841     smp_int_data.status = SMP_PAIR_FAIL_UNKNOWN;
842     p_cb->failure = SMP_PAIR_FAIL_UNKNOWN;
843     smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
844     return;
845   }
846 
847   SMP_TRACE_EVENT("Number to display in numeric comparison = %d",
848                   p_cb->number_to_display);
849   p_cb->cb_evt = SMP_NC_REQ_EVT;
850   tSMP_INT_DATA smp_int_data;
851   smp_int_data.passkey = p_cb->number_to_display;
852   smp_sm_event(p_cb, SMP_SC_DSPL_NC_EVT, &smp_int_data);
853   return;
854 }
855 
856 
857 /*******************************************************************************
858  *
859  * Function         smp_calculate_local_dhkey_check
860  *
861  * Description      The function calculates and saves local device DHKey check
862  *                  value in CB.
863  *                  Before doing this it calls
864  *                  smp_calculate_f5_mackey_and_long_term_key(...).
865  *                  to calculate MacKey and LTK.
866  *                  MacKey is used in dhkey calculation.
867  *
868  * Returns          void
869  *
870  ******************************************************************************/
smp_calculate_local_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)871 void smp_calculate_local_dhkey_check(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
872   uint8_t iocap[3], a[7], b[7];
873 
874   SMP_TRACE_DEBUG("%s", __func__);
875 
876   smp_calculate_f5_mackey_and_long_term_key(p_cb);
877 
878   smp_collect_local_io_capabilities(iocap, p_cb);
879 
880   smp_collect_local_ble_address(a, p_cb);
881   smp_collect_peer_ble_address(b, p_cb);
882   p_cb->dhkey_check = crypto_toolbox::f6(p_cb->mac_key, p_cb->rand, p_cb->rrand,
883                                          p_cb->peer_random, iocap, a, b);
884 
885   SMP_TRACE_EVENT("local DHKey check calculation is completed");
886 }
887 
888 /*******************************************************************************
889  *
890  * Function         smp_calculate_peer_dhkey_check
891  *
892  * Description      The function calculates peer device DHKey check value.
893  *
894  * Returns          void
895  *
896  ******************************************************************************/
smp_calculate_peer_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)897 void smp_calculate_peer_dhkey_check(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
898   uint8_t iocap[3], a[7], b[7];
899   tSMP_KEY key;
900 
901   SMP_TRACE_DEBUG("%s", __func__);
902 
903   smp_collect_peer_io_capabilities(iocap, p_cb);
904 
905   smp_collect_local_ble_address(a, p_cb);
906   smp_collect_peer_ble_address(b, p_cb);
907   Octet16 param_buf = crypto_toolbox::f6(p_cb->mac_key, p_cb->rrand, p_cb->rand,
908                                          p_cb->local_random, iocap, b, a);
909 
910   SMP_TRACE_EVENT("peer DHKey check calculation is completed");
911   key.key_type = SMP_KEY_TYPE_PEER_DHK_CHCK;
912   key.p_data = param_buf.data();
913   tSMP_INT_DATA smp_int_data;
914   smp_int_data.key = key;
915   smp_sm_event(p_cb, SMP_SC_KEY_READY_EVT, &smp_int_data);
916 }
917 
918 
919 /*******************************************************************************
920  *
921  * Function         smp_calculate_link_key_from_long_term_key
922  *
923  * Description      The function calculates and saves BR/EDR link key derived
924  *                  from LE SC LTK.
925  *
926  * Returns          false if out of resources, true in other cases.
927  *
928  ******************************************************************************/
smp_calculate_link_key_from_long_term_key(tSMP_CB * p_cb)929 bool smp_calculate_link_key_from_long_term_key(tSMP_CB* p_cb) {
930   tBTM_SEC_DEV_REC* p_dev_rec;
931   RawAddress bda_for_lk;
932   tBLE_ADDR_TYPE conn_addr_type;
933 
934   SMP_TRACE_DEBUG("%s", __func__);
935 
936   if (p_cb->id_addr_rcvd && p_cb->id_addr_type == BLE_ADDR_PUBLIC) {
937     SMP_TRACE_DEBUG(
938         "Use rcvd identity address as BD_ADDR of LK rcvd identity address");
939     bda_for_lk = p_cb->id_addr;
940   } else if ((BTM_ReadRemoteConnectionAddr(p_cb->pairing_bda, bda_for_lk,
941                                            &conn_addr_type)) &&
942              conn_addr_type == BLE_ADDR_PUBLIC) {
943     SMP_TRACE_DEBUG("Use rcvd connection address as BD_ADDR of LK");
944   } else {
945     SMP_TRACE_WARNING("Don't have peer public address to associate with LK");
946     return false;
947   }
948 
949   p_dev_rec = btm_find_dev(p_cb->pairing_bda);
950   if (p_dev_rec == NULL) {
951     SMP_TRACE_ERROR("%s failed to find Security Record", __func__);
952     return false;
953   }
954 
955   Octet16 link_key =
956       crypto_toolbox::ltk_to_link_key(p_cb->ltk, p_cb->key_derivation_h7_used);
957 
958   uint8_t link_key_type;
959   if (btm_cb.security_mode == BTM_SEC_MODE_SC) {
960     /* Secure Connections Only Mode */
961     link_key_type = BTM_LKEY_TYPE_AUTH_COMB_P_256;
962   } else if (controller_get_interface()->supports_secure_connections()) {
963     /* both transports are SC capable */
964     if (p_cb->sec_level == SMP_SEC_AUTHENTICATED)
965       link_key_type = BTM_LKEY_TYPE_AUTH_COMB_P_256;
966     else
967       link_key_type = BTM_LKEY_TYPE_UNAUTH_COMB_P_256;
968   } else if (btm_cb.security_mode == BTM_SEC_MODE_SP) {
969     /* BR/EDR transport is SSP capable */
970     if (p_cb->sec_level == SMP_SEC_AUTHENTICATED)
971       link_key_type = BTM_LKEY_TYPE_AUTH_COMB;
972     else
973       link_key_type = BTM_LKEY_TYPE_UNAUTH_COMB;
974   } else {
975     SMP_TRACE_ERROR("%s failed to update link_key. Sec Mode = %d, sm4 = 0x%02x",
976                     __func__, btm_cb.security_mode, p_dev_rec->sm4);
977     return false;
978   }
979 
980   link_key_type += BTM_LTK_DERIVED_LKEY_OFFSET;
981 
982   Octet16 notif_link_key;
983   std::reverse_copy(link_key.begin(), link_key.end(), notif_link_key.begin());
984   btm_sec_link_key_notification(bda_for_lk, notif_link_key, link_key_type);
985 
986   SMP_TRACE_EVENT("%s is completed", __func__);
987 
988   return true;
989 }
990 
991 /** The function calculates and saves SC LTK derived from BR/EDR link key. */
smp_calculate_long_term_key_from_link_key(tSMP_CB * p_cb)992 bool smp_calculate_long_term_key_from_link_key(tSMP_CB* p_cb) {
993   tBTM_SEC_DEV_REC* p_dev_rec;
994 
995   SMP_TRACE_DEBUG("%s", __func__);
996 
997   p_dev_rec = btm_find_dev(p_cb->pairing_bda);
998   if (p_dev_rec == NULL) {
999     SMP_TRACE_ERROR("%s failed to find Security Record", __func__);
1000     return false;
1001   }
1002 
1003   uint8_t br_link_key_type;
1004   br_link_key_type = BTM_SecGetDeviceLinkKeyType(p_cb->pairing_bda);
1005   if (br_link_key_type == BTM_LKEY_TYPE_IGNORE) {
1006     SMP_TRACE_ERROR("%s failed to retrieve BR link type", __func__);
1007     return false;
1008   }
1009 
1010   if ((br_link_key_type != BTM_LKEY_TYPE_AUTH_COMB_P_256) &&
1011       (br_link_key_type != BTM_LKEY_TYPE_UNAUTH_COMB_P_256)) {
1012     SMP_TRACE_ERROR("%s LE SC LTK can't be derived from LK %d", __func__,
1013                     br_link_key_type);
1014     return false;
1015   }
1016 
1017   Octet16 rev_link_key;
1018   std::reverse_copy(p_dev_rec->link_key.begin(), p_dev_rec->link_key.end(),
1019                     rev_link_key.begin());
1020   p_cb->ltk = crypto_toolbox::link_key_to_ltk(rev_link_key,
1021                                               p_cb->key_derivation_h7_used);
1022 
1023   p_cb->sec_level = (br_link_key_type == BTM_LKEY_TYPE_AUTH_COMB_P_256)
1024                         ? SMP_SEC_AUTHENTICATED
1025                         : SMP_SEC_UNAUTHENTICATE;
1026   SMP_TRACE_EVENT("%s is completed", __func__);
1027   return true;
1028 }
1029 
1030 /**
1031  * This function generates nonce.
1032  */
smp_start_nonce_generation(tSMP_CB * p_cb)1033 void smp_start_nonce_generation(tSMP_CB* p_cb) {
1034   SMP_TRACE_DEBUG("%s", __func__);
1035   btsnd_hcic_ble_rand(Bind(
1036       [](tSMP_CB* p_cb, BT_OCTET8 rand) {
1037         memcpy(p_cb->rand.data(), rand, BT_OCTET8_LEN);
1038         btsnd_hcic_ble_rand(Bind(
1039             [](tSMP_CB* p_cb, BT_OCTET8 rand) {
1040               memcpy(p_cb->rand.data() + 8, rand, BT_OCTET8_LEN);
1041               SMP_TRACE_DEBUG("%s round %d", __func__, p_cb->round);
1042               /* notifies SM that it has new nonce. */
1043               smp_sm_event(p_cb, SMP_HAVE_LOC_NONCE_EVT, NULL);
1044             },
1045             p_cb));
1046       },
1047       p_cb));
1048 }
1049