1 /******************************************************************************
2  *
3  *  Copyright 2003-2012 Broadcom Corporation
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 #define LOG_TAG "bluetooth"
20 
21 #include "bt_target.h"
22 
23 #include <string.h>
24 #include "smp_int.h"
25 
26 #include "osi/include/log.h"
27 
28 const char* const smp_state_name[] = {
29     "SMP_STATE_IDLE",
30     "SMP_STATE_WAIT_APP_RSP",
31     "SMP_STATE_SEC_REQ_PENDING",
32     "SMP_STATE_PAIR_REQ_RSP",
33     "SMP_STATE_WAIT_CONFIRM",
34     "SMP_STATE_CONFIRM",
35     "SMP_STATE_RAND",
36     "SMP_STATE_PUBLIC_KEY_EXCH",
37     "SMP_STATE_SEC_CONN_PHS1_START",
38     "SMP_STATE_WAIT_COMMITMENT",
39     "SMP_STATE_WAIT_NONCE",
40     "SMP_STATE_SEC_CONN_PHS2_START",
41     "SMP_STATE_WAIT_DHK_CHECK",
42     "SMP_STATE_DHK_CHECK",
43     "SMP_STATE_ENCRYPTION_PENDING",
44     "SMP_STATE_BOND_PENDING",
45     "SMP_STATE_CREATE_LOCAL_SEC_CONN_OOB_DATA",
46     "SMP_STATE_MAX"};
47 
48 const char* const smp_event_name[] = {"PAIRING_REQ_EVT",
49                                       "PAIRING_RSP_EVT",
50                                       "CONFIRM_EVT",
51                                       "RAND_EVT",
52                                       "PAIRING_FAILED_EVT",
53                                       "ENC_INFO_EVT",
54                                       "CENTRAL_ID_EVT",
55                                       "ID_INFO_EVT",
56                                       "ID_ADDR_EVT",
57                                       "SIGN_INFO_EVT",
58                                       "SECURITY_REQ_EVT",
59                                       "PAIR_PUBLIC_KEY_EVT",
60                                       "PAIR_DHKEY_CHECK_EVT",
61                                       "PAIR_KEYPRESS_NOTIFICATION_EVT",
62                                       "PAIR_COMMITMENT_EVT",
63                                       "KEY_READY_EVT",
64                                       "ENCRYPTED_EVT",
65                                       "L2CAP_CONN_EVT",
66                                       "L2CAP_DISCONN_EVT",
67                                       "API_IO_RSP_EVT",
68                                       "API_SEC_GRANT_EVT",
69                                       "TK_REQ_EVT",
70                                       "AUTH_CMPL_EVT",
71                                       "ENC_REQ_EVT",
72                                       "BOND_REQ_EVT",
73                                       "DISCARD_SEC_REQ_EVT",
74                                       "PUBLIC_KEY_EXCHANGE_REQ_EVT",
75                                       "LOCAL_PUBLIC_KEY_CRTD_EVT",
76                                       "BOTH_PUBLIC_KEYS_RCVD_EVT",
77                                       "SEC_CONN_DHKEY_COMPLETE_EVT",
78                                       "HAVE_LOCAL_NONCE_EVT",
79                                       "SEC_CONN_PHASE1_CMPLT_EVT",
80                                       "SEC_CONN_CALC_NC_EVT",
81                                       "SEC_CONN_DISPLAY_NC_EVT",
82                                       "SEC_CONN_OK_EVT",
83                                       "SEC_CONN_2_DHCK_CHECKS_PRESENT_EVT",
84                                       "SEC_CONN_KEY_READY_EVT",
85                                       "KEYPRESS_NOTIFICATION_EVT",
86                                       "SEC_CONN_OOB_DATA_EVT",
87                                       "CREATE_LOCAL_SEC_CONN_OOB_DATA_EVT",
88                                       "OUT_OF_RANGE_EVT"};
89 
90 const char* smp_get_event_name(tSMP_EVENT event);
91 const char* smp_get_state_name(tSMP_STATE state);
92 
93 #define SMP_SM_IGNORE 0
94 #define SMP_NUM_ACTIONS 2
95 #define SMP_SME_NEXT_STATE 2
96 #define SMP_SM_NUM_COLS 3
97 
98 typedef const uint8_t (*tSMP_SM_TBL)[SMP_SM_NUM_COLS];
99 
100 enum {
101   SMP_PROC_SEC_REQ,
102   SMP_SEND_PAIR_REQ,
103   SMP_SEND_PAIR_RSP,
104   SMP_SEND_CONFIRM,
105   SMP_SEND_PAIR_FAIL,
106   SMP_SEND_RAND,
107   SMP_SEND_ENC_INFO,
108   SMP_SEND_ID_INFO,
109   SMP_SEND_LTK_REPLY,
110   SMP_PROC_PAIR_CMD,
111   SMP_PROC_PAIR_FAIL,
112   SMP_PROC_CONFIRM,
113   SMP_PROC_RAND,
114   SMP_PROC_ENC_INFO,
115   SMP_PROC_CENTRAL_ID,
116   SMP_PROC_ID_INFO,
117   SMP_PROC_ID_ADDR,
118   SMP_PROC_SRK_INFO,
119   SMP_PROC_SEC_GRANT,
120   SMP_PROC_SL_KEY,
121   SMP_PROC_COMPARE,
122   SMP_PROC_IO_RSP,
123   SMP_GENERATE_COMPARE,
124   SMP_GENERATE_CONFIRM,
125   SMP_GENERATE_STK,
126   SMP_KEY_DISTRIBUTE,
127   SMP_START_ENC,
128   SMP_PAIRING_CMPL,
129   SMP_DECIDE_ASSO_MODEL,
130   SMP_SEND_APP_CBACK,
131   SMP_CHECK_AUTH_REQ,
132   SMP_PAIR_TERMINATE,
133   SMP_ENC_CMPL,
134   SMP_PROC_DISCARD,
135   SMP_CREATE_PRIVATE_KEY,
136   SMP_USE_OOB_PRIVATE_KEY,
137   SMP_SEND_PAIR_PUBLIC_KEY,
138   SMP_PROCESS_PAIR_PUBLIC_KEY,
139   SMP_HAVE_BOTH_PUBLIC_KEYS,
140   SMP_START_SEC_CONN_PHASE1,
141   SMP_PROCESS_LOCAL_NONCE,
142   SMP_SEND_COMMITMENT,
143   SMP_PROCESS_PAIRING_COMMITMENT,
144   SMP_PROCESS_PEER_NONCE,
145   SMP_CALCULATE_LOCAL_DHKEY_CHECK,
146   SMP_SEND_DHKEY_CHECK,
147   SMP_PROCESS_DHKEY_CHECK,
148   SMP_CALCULATE_PEER_DHKEY_CHECK,
149   SMP_MATCH_DHKEY_CHECKS,
150   SMP_CALCULATE_NUMERIC_COMPARISON_DISPLAY_NUMBER,
151   SMP_MOVE_TO_SEC_CONN_PHASE2,
152   SMP_PH2_DHKEY_CHECKS_ARE_PRESENT,
153   SMP_WAIT_FOR_BOTH_PUBLIC_KEYS,
154   SMP_START_PASSKEY_VERIFICATION,
155   SMP_SEND_KEYPRESS_NOTIFICATION,
156   SMP_PROCESS_KEYPRESS_NOTIFICATION,
157   SMP_PROCESS_SECURE_CONNECTION_OOB_DATA,
158   SMP_SET_LOCAL_OOB_KEYS,
159   SMP_SET_LOCAL_OOB_RAND_COMMITMENT,
160   SMP_IDLE_TERMINATE,
161   SMP_SM_NO_ACTION
162 };
163 
164 static const tSMP_ACT smp_sm_action[] = {
165     smp_proc_sec_req,
166     smp_send_pair_req,
167     smp_send_pair_rsp,
168     smp_send_confirm,
169     smp_send_pair_fail,
170     smp_send_rand,
171     smp_send_enc_info,
172     smp_send_id_info,
173     smp_send_ltk_reply,
174     smp_proc_pair_cmd,
175     smp_proc_pair_fail,
176     smp_proc_confirm,
177     smp_proc_rand,
178     smp_proc_enc_info,
179     smp_proc_central_id,
180     smp_proc_id_info,
181     smp_proc_id_addr,
182     smp_proc_srk_info,
183     smp_proc_sec_grant,
184     smp_proc_sl_key,
185     smp_proc_compare,
186     smp_process_io_response,
187     smp_generate_compare,
188     smp_generate_srand_mrand_confirm,
189     smp_generate_stk,
190     smp_key_distribution,
191     smp_start_enc,
192     smp_pairing_cmpl,
193     smp_decide_association_model,
194     smp_send_app_cback,
195     smp_check_auth_req,
196     smp_pair_terminate,
197     smp_enc_cmpl,
198     smp_proc_discard,
199     smp_create_private_key,
200     smp_use_oob_private_key,
201     smp_send_pair_public_key,
202     smp_process_pairing_public_key,
203     smp_both_have_public_keys,
204     smp_start_secure_connection_phase1,
205     smp_process_local_nonce,
206     smp_send_commitment,
207     smp_process_pairing_commitment,
208     smp_process_peer_nonce,
209     smp_calculate_local_dhkey_check,
210     smp_send_dhkey_check,
211     smp_process_dhkey_check,
212     smp_calculate_peer_dhkey_check,
213     smp_match_dhkey_checks,
214     smp_calculate_numeric_comparison_display_number,
215     smp_move_to_secure_connections_phase2,
216     smp_phase_2_dhkey_checks_are_present,
217     smp_wait_for_both_public_keys,
218     smp_start_passkey_verification,
219     smp_send_keypress_notification,
220     smp_process_keypress_notification,
221     smp_process_secure_connection_oob_data,
222     smp_set_local_oob_keys,
223     smp_set_local_oob_random_commitment,
224     smp_idle_terminate};
225 
226 /************ SMP Central FSM State/Event Indirection Table **************/
227 static const uint8_t smp_central_entry_map[][SMP_STATE_MAX] = {
228     /* state name: */
229     /* Idle, WaitApp Rsp, SecReq Pend, Pair ReqRsp, Wait Cfm, Confirm, Rand,
230        PublKey Exch, SCPhs1 Strt, Wait Cmtm, Wait Nonce, SCPhs2 Strt, Wait
231        DHKChk, DHKChk, Enc Pend, Bond Pend, CrLocSc OobData */
232     /* PAIR_REQ */
233     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
234     /* PAIR_RSP */
235     {0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
236     /* CONFIRM */
237     {0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
238     /* RAND */
239     {0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0},
240     /* PAIR_FAIL */
241     {0, 0x81, 0, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81,
242      0x81, 0, 0x81, 0},
243     /* ENC_INFO */
244     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0},
245     /* CENTRAL_ID */
246     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4, 0},
247     /* ID_INFO */
248     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0},
249     /* ID_ADDR */
250     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5, 0},
251     /* SIGN_INFO */
252     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0},
253     /* SEC_REQ */
254     {2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
255     /* PAIR_PUBLIC_KEY */
256     {0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0},
257     /* PAIR_DHKEY_CHCK */
258     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0},
259     /* PAIR_KEYPR_NOTIF */
260     {0, 8, 0, 0, 0, 0, 0, 0, 5, 2, 0, 0, 0, 0, 0, 0, 0},
261     /* PAIR_COMMITM */
262     {0, 0, 0, 0, 0, 0, 0, 0, 6, 1, 0, 0, 0, 0, 0, 0, 0},
263     /* KEY_READY */
264     {0, 3, 0, 3, 1, 0, 2, 0, 4, 0, 0, 0, 0, 0, 1, 6, 0},
265     /* ENC_CMPL */
266     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0},
267     /* L2C_CONN */
268     {1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
269     /* L2C_DISC */
270     {3, 0x83, 0, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83,
271      0x83, 0x83, 0x83, 0},
272     /* IO_RSP */
273     {0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
274     /* SEC_GRANT */
275     {0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
276     /* TK_REQ */
277     {0, 0, 0, 2, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 0},
278     /* AUTH_CMPL */
279     {4, 0x82, 0, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82,
280      0x82, 0x82, 0x82, 0},
281     /* ENC_REQ */
282     {0, 4, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0},
283     /* BOND_REQ */
284     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0, 0},
285     /* DISCARD_SEC_REQ */
286     {0, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0, 0},
287     /* PUBL_KEY_EXCH_REQ */
288     {0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
289     /* LOC_PUBL_KEY_CRTD */
290     {0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1},
291     /* BOTH_PUBL_KEYS_RCVD */
292     {0, 0, 0, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 0, 0},
293     /* SC_DHKEY_CMPLT */
294     {0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0},
295     /* HAVE_LOC_NONCE */
296     {0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 2},
297     /* SC_PHASE1_CMPLT */
298     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0},
299     /* SC_CALC_NC */
300     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0},
301     /* SC_DSPL_NC */
302     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0},
303     /* SC_NC_OK */
304     {0, 6, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
305     /* SC_2_DHCK_CHKS_PRES */
306     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
307     /* SC_KEY_READY */
308     {0, 7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0},
309     /* KEYPR_NOTIF */
310     {0, 9, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
311     /* SC_OOB_DATA */
312     {0, 10, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
313     /* CR_LOC_SC_OOB_DATA */
314     {5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
315 };
316 
317 static const uint8_t smp_all_table[][SMP_SM_NUM_COLS] = {
318     /* Event                  Action             Next State */
319     /* PAIR_FAIL */
320     {SMP_PROC_PAIR_FAIL, SMP_PAIRING_CMPL, SMP_STATE_IDLE},
321     /* AUTH_CMPL */
322     {SMP_SEND_PAIR_FAIL, SMP_PAIRING_CMPL, SMP_STATE_IDLE},
323     /* L2C_DISC */
324     {SMP_PAIR_TERMINATE, SMP_SM_NO_ACTION, SMP_STATE_IDLE}};
325 
326 static const uint8_t smp_central_idle_table[][SMP_SM_NUM_COLS] = {
327     /* Event                  Action               Next State */
328     /* L2C_CONN */
329     {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
330     /* SEC_REQ */
331     {SMP_PROC_SEC_REQ, SMP_SEND_APP_CBACK, SMP_STATE_WAIT_APP_RSP},
332     /* L2C_DISC */
333     {SMP_IDLE_TERMINATE, SMP_SM_NO_ACTION, SMP_STATE_IDLE},
334     /* AUTH_CMPL */
335     {SMP_PAIRING_CMPL, SMP_SM_NO_ACTION, SMP_STATE_IDLE},
336     /* CR_LOC_SC_OOB_DATA */
337     {SMP_CREATE_PRIVATE_KEY, SMP_SM_NO_ACTION,
338      SMP_STATE_CREATE_LOCAL_SEC_CONN_OOB_DATA}
339 
340 };
341 
342 static const uint8_t
343     smp_central_wait_for_app_response_table[][SMP_SM_NUM_COLS] = {
344         /* Event                Action               Next State */
345         /* SEC_GRANT */
346         {SMP_PROC_SEC_GRANT, SMP_SEND_APP_CBACK, SMP_STATE_WAIT_APP_RSP},
347         /* IO_RSP */
348         {SMP_SEND_PAIR_REQ, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
349 
350         /* TK ready */
351         /* KEY_READY */
352         {SMP_GENERATE_CONFIRM, SMP_SM_NO_ACTION, SMP_STATE_WAIT_CONFIRM},
353 
354         /* start enc mode setup */
355         /* ENC_REQ */
356         {SMP_START_ENC, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
357         /* DISCARD_SEC_REQ */
358         {SMP_PROC_DISCARD, SMP_SM_NO_ACTION, SMP_STATE_IDLE}
359         /* user confirms NC 'OK', i.e. phase 1 is completed */
360         /* SC_NC_OK */,
361         {SMP_MOVE_TO_SEC_CONN_PHASE2, SMP_SM_NO_ACTION,
362          SMP_STATE_SEC_CONN_PHS2_START},
363         /* user-provided passkey is rcvd */
364         /* SC_KEY_READY */
365         {SMP_START_PASSKEY_VERIFICATION, SMP_SM_NO_ACTION,
366          SMP_STATE_SEC_CONN_PHS1_START},
367         /* PAIR_KEYPR_NOTIF */
368         {SMP_PROCESS_KEYPRESS_NOTIFICATION, SMP_SEND_APP_CBACK,
369          SMP_STATE_WAIT_APP_RSP},
370         /* KEYPR_NOTIF */
371         {SMP_SEND_KEYPRESS_NOTIFICATION, SMP_SM_NO_ACTION,
372          SMP_STATE_WAIT_APP_RSP},
373         /* SC_OOB_DATA */
374         {SMP_USE_OOB_PRIVATE_KEY, SMP_SM_NO_ACTION, SMP_STATE_PUBLIC_KEY_EXCH}};
375 
376 static const uint8_t
377     smp_central_pair_request_response_table[][SMP_SM_NUM_COLS] = {
378         /* Event                  Action            Next State */
379         /* PAIR_RSP */
380         {SMP_PROC_PAIR_CMD, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
381         /* TK_REQ */
382         {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
383 
384         /* TK ready */
385         /* KEY_READY */
386         {SMP_GENERATE_CONFIRM, SMP_SM_NO_ACTION, SMP_STATE_WAIT_CONFIRM}
387         /* PUBL_KEY_EXCH_REQ */,
388         {SMP_CREATE_PRIVATE_KEY, SMP_SM_NO_ACTION, SMP_STATE_PUBLIC_KEY_EXCH}};
389 
390 static const uint8_t smp_central_wait_for_confirm_table[][SMP_SM_NUM_COLS] = {
391     /* Event                Action            Next State */
392     /* KEY_READY*/
393     /* CONFIRM ready */
394     {SMP_SEND_CONFIRM, SMP_SM_NO_ACTION, SMP_STATE_CONFIRM}};
395 
396 static const uint8_t smp_central_confirm_table[][SMP_SM_NUM_COLS] = {
397     /* Event            Action         Next State */
398     /* CONFIRM */
399     {SMP_PROC_CONFIRM, SMP_SEND_RAND, SMP_STATE_RAND}};
400 
401 static const uint8_t smp_central_rand_table[][SMP_SM_NUM_COLS] = {
402     /*               Event                  Action Next State */
403     /* RAND */
404     {SMP_PROC_RAND, SMP_GENERATE_COMPARE, SMP_STATE_RAND},
405     /* KEY_READY */
406     {SMP_PROC_COMPARE, SMP_SM_NO_ACTION, SMP_STATE_RAND}, /* Compare ready */
407     /* ENC_REQ */
408     {SMP_GENERATE_STK, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING}};
409 
410 static const uint8_t smp_central_public_key_exchange_table[][SMP_SM_NUM_COLS] =
411     {
412         /* Event                        Action              Next State */
413         /* LOC_PUBL_KEY_CRTD */
414         {SMP_SEND_PAIR_PUBLIC_KEY, SMP_SM_NO_ACTION, SMP_STATE_PUBLIC_KEY_EXCH},
415         /* PAIR_PUBLIC_KEY */
416         {SMP_PROCESS_PAIR_PUBLIC_KEY, SMP_SM_NO_ACTION,
417          SMP_STATE_PUBLIC_KEY_EXCH},
418         /* BOTH_PUBL_KEYS_RCVD */
419         {SMP_HAVE_BOTH_PUBLIC_KEYS, SMP_SM_NO_ACTION,
420          SMP_STATE_SEC_CONN_PHS1_START},
421 };
422 
423 static const uint8_t smp_central_sec_conn_phs1_start_table[][SMP_SM_NUM_COLS] =
424     {
425         /* Event                  Action                Next State */
426         /* SC_DHKEY_CMPLT */
427         {SMP_START_SEC_CONN_PHASE1, SMP_SM_NO_ACTION,
428          SMP_STATE_SEC_CONN_PHS1_START},
429         /* HAVE_LOC_NONCE */
430         {SMP_PROCESS_LOCAL_NONCE, SMP_SM_NO_ACTION, SMP_STATE_WAIT_COMMITMENT},
431         /* TK_REQ */
432         {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
433         /* SMP_MODEL_SEC_CONN_PASSKEY_DISP model, passkey is sent up to
434            display,*/
435         /* It's time to start commitment calculation */
436         /* KEY_READY */
437         {SMP_START_PASSKEY_VERIFICATION, SMP_SM_NO_ACTION,
438          SMP_STATE_SEC_CONN_PHS1_START},
439         /* PAIR_KEYPR_NOTIF */
440         {SMP_PROCESS_KEYPRESS_NOTIFICATION, SMP_SEND_APP_CBACK,
441          SMP_STATE_SEC_CONN_PHS1_START},
442         /* PAIR_COMMITM */
443         {SMP_PROCESS_PAIRING_COMMITMENT, SMP_SM_NO_ACTION,
444          SMP_STATE_SEC_CONN_PHS1_START},
445 };
446 
447 static const uint8_t smp_central_wait_commitment_table[][SMP_SM_NUM_COLS] = {
448     /* Event                  Action                 Next State */
449     /* PAIR_COMMITM */
450     {SMP_PROCESS_PAIRING_COMMITMENT, SMP_SEND_RAND, SMP_STATE_WAIT_NONCE},
451     /* PAIR_KEYPR_NOTIF */
452     {SMP_PROCESS_KEYPRESS_NOTIFICATION, SMP_SEND_APP_CBACK,
453      SMP_STATE_WAIT_COMMITMENT},
454 };
455 
456 static const uint8_t smp_central_wait_nonce_table[][SMP_SM_NUM_COLS] = {
457     /* Event                  Action                 Next State */
458     /* peer nonce is received */
459     /* RAND */
460     {SMP_PROC_RAND, SMP_PROCESS_PEER_NONCE, SMP_STATE_SEC_CONN_PHS2_START},
461     /* NC model, time to calculate number for NC */
462     /* SC_CALC_NC */
463     {SMP_CALCULATE_NUMERIC_COMPARISON_DISPLAY_NUMBER, SMP_SM_NO_ACTION,
464      SMP_STATE_WAIT_NONCE},
465     /* NC model, time to display calculated number for NC to the user */
466     /* SC_DSPL_NC */
467     {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
468 };
469 
470 static const uint8_t smp_central_sec_conn_phs2_start_table[][SMP_SM_NUM_COLS] =
471     {
472         /* Event                           Action                 Next State */
473         /* SC_PHASE1_CMPLT */
474         {SMP_CALCULATE_LOCAL_DHKEY_CHECK, SMP_SEND_DHKEY_CHECK,
475          SMP_STATE_WAIT_DHK_CHECK},
476 };
477 
478 static const uint8_t smp_central_wait_dhk_check_table[][SMP_SM_NUM_COLS] = {
479     /* Event                  Action                          Next State */
480     /* PAIR_DHKEY_CHCK */
481     {SMP_PROCESS_DHKEY_CHECK, SMP_CALCULATE_PEER_DHKEY_CHECK,
482      SMP_STATE_DHK_CHECK},
483 };
484 
485 static const uint8_t smp_central_dhk_check_table[][SMP_SM_NUM_COLS] = {
486     /* Event                  Action                 Next State */
487     /* locally calculated peer dhkey check is ready -> compare it withs DHKey
488      * Check
489      * actually received from peer */
490     /* SC_KEY_READY */
491     {SMP_MATCH_DHKEY_CHECKS, SMP_SM_NO_ACTION, SMP_STATE_DHK_CHECK},
492     /* locally calculated peer dhkey check is ready -> calculate STK, go to
493      * sending
494      */
495     /* HCI LE Start Encryption command */
496     /* ENC_REQ */
497     {SMP_GENERATE_STK, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
498 };
499 
500 static const uint8_t smp_central_enc_pending_table[][SMP_SM_NUM_COLS] = {
501     /* Event                  Action                 Next State */
502     /* STK ready */
503     /* KEY_READY */
504     {SMP_START_ENC, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
505     /* ENCRYPTED */
506     {SMP_CHECK_AUTH_REQ, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
507     /* BOND_REQ */
508     {SMP_KEY_DISTRIBUTE, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING}};
509 static const uint8_t smp_central_bond_pending_table[][SMP_SM_NUM_COLS] = {
510     /* Event                  Action                 Next State */
511     /* ENC_INFO */
512     {SMP_PROC_ENC_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
513     /* ID_INFO */
514     {SMP_PROC_ID_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
515     /* SIGN_INFO */
516     {SMP_PROC_SRK_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
517     /* CENTRAL_ID */
518     {SMP_PROC_CENTRAL_ID, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
519     /* ID_ADDR */
520     {SMP_PROC_ID_ADDR, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
521     /* KEY_READY */
522     /* LTK ready */
523     {SMP_SEND_ENC_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING}};
524 
525 static const uint8_t
526     smp_central_create_local_sec_conn_oob_data[][SMP_SM_NUM_COLS] = {
527         /* Event                   Action            Next State */
528         /* LOC_PUBL_KEY_CRTD */
529         {SMP_SET_LOCAL_OOB_KEYS, SMP_SM_NO_ACTION,
530          SMP_STATE_CREATE_LOCAL_SEC_CONN_OOB_DATA},
531         /* HAVE_LOC_NONCE */
532         {SMP_SET_LOCAL_OOB_RAND_COMMITMENT, SMP_SM_NO_ACTION, SMP_STATE_IDLE}};
533 
534 /************ SMP Peripheral FSM State/Event Indirection Table **************/
535 static const uint8_t smp_peripheral_entry_map[][SMP_STATE_MAX] = {
536     /* state name: */
537     /* Idle, WaitApp Rsp, SecReq Pend, Pair ReqRsp, Wait Cfm, Confirm, Rand,
538        PublKey Exch, SCPhs1 Strt, Wait Cmtm, Wait Nonce, SCPhs2 Strt, Wait
539        DHKChk, DHKChk, Enc Pend, Bond Pend, CrLocSc OobData */
540     /* PAIR_REQ */
541     {2, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
542     /* PAIR_RSP */
543     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
544     /* CONFIRM */
545     {0, 4, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
546     /* RAND */
547     {0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0},
548     /* PAIR_FAIL */
549     {0, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81,
550      0x81, 0x81, 0, 0},
551     /* ENC_INFO */
552     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0},
553     /* CENTRAL_ID */
554     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5, 0},
555     /* ID_INFO */
556     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4, 0},
557     /* ID_ADDR */
558     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 6, 0},
559     /* SIGN_INFO */
560     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0},
561     /* SEC_REQ */
562     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
563     /* PAIR_PUBLIC_KEY */
564     {0, 0, 0, 5, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0},
565     /* PAIR_DHKEY_CHCK */
566     {0, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 1, 2, 0, 0, 0},
567     /* PAIR_KEYPR_NOTIF */
568     {0, 9, 0, 0, 0, 0, 0, 0, 5, 2, 0, 0, 0, 0, 0, 0, 0},
569     /* PAIR_COMMITM */
570     {0, 8, 0, 0, 0, 0, 0, 0, 6, 1, 0, 0, 0, 0, 0, 0, 0},
571     /* KEY_READY */
572     {0, 3, 0, 3, 2, 2, 1, 0, 4, 0, 0, 0, 0, 0, 2, 1, 0},
573     /* ENC_CMPL */
574     {0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0, 0},
575     /* L2C_CONN */
576     {1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
577     /* L2C_DISC */
578     {0, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83,
579      0x83, 0x83, 0x83, 0},
580     /* IO_RSP */
581     {0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
582     /* SEC_GRANT */
583     {0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
584     /* TK_REQ */
585     {0, 0, 0, 2, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 0},
586     /* AUTH_CMPL */
587     {0, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82,
588      0x82, 0x82, 0x82, 0},
589     /* ENC_REQ */
590     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0},
591     /* BOND_REQ */
592     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4, 0, 0},
593     /* DISCARD_SEC_REQ */
594     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
595     /* PUBL_KEY_EXCH_REQ */
596     {0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
597     /* LOC_PUBL_KEY_CRTD */
598     {0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1},
599     /* BOTH_PUBL_KEYS_RCVD */
600     {0, 0, 0, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 0, 0},
601     /* SC_DHKEY_CMPLT */
602     {0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0},
603     /* HAVE_LOC_NONCE */
604     {0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 2},
605     /* SC_PHASE1_CMPLT */
606     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0},
607     /* SC_CALC_NC */
608     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0},
609     /* SC_DSPL_NC */
610     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0},
611     /* SC_NC_OK */
612     {0, 6, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
613     /* SC_2_DHCK_CHKS_PRES */
614     {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0, 0},
615     /* SC_KEY_READY */
616     {0, 7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0},
617     /* KEYPR_NOTIF */
618     {0, 10, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
619     /* SC_OOB_DATA */
620     {0, 11, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
621     /* CR_LOC_SC_OOB_DATA */
622     {3, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
623 };
624 
625 static const uint8_t smp_peripheral_idle_table[][SMP_SM_NUM_COLS] = {
626     /* Event                 Action                Next State */
627     /* L2C_CONN */
628     {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
629     /* PAIR_REQ */
630     {SMP_PROC_PAIR_CMD, SMP_SEND_APP_CBACK, SMP_STATE_WAIT_APP_RSP},
631     /* CR_LOC_SC_OOB_DATA */
632     {SMP_CREATE_PRIVATE_KEY, SMP_SM_NO_ACTION,
633      SMP_STATE_CREATE_LOCAL_SEC_CONN_OOB_DATA}};
634 
635 static const uint8_t
636     smp_peripheral_wait_for_app_response_table[][SMP_SM_NUM_COLS] = {
637         /* Event                   Action                 Next State */
638         /* IO_RSP */
639         {SMP_PROC_IO_RSP, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
640         /* SEC_GRANT */
641         {SMP_PROC_SEC_GRANT, SMP_SEND_APP_CBACK, SMP_STATE_WAIT_APP_RSP},
642 
643         /* TK ready */
644         /* KEY_READY */
645         {SMP_PROC_SL_KEY, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
646         /* CONFIRM */
647         {SMP_PROC_CONFIRM, SMP_SM_NO_ACTION, SMP_STATE_CONFIRM},
648         /* DHKey Check from central is received before phase 1 is completed -
649            race */
650         /* PAIR_DHKEY_CHCK */
651         {SMP_PROCESS_DHKEY_CHECK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
652         /* user confirms NC 'OK', i.e. phase 1 is completed */
653         /* SC_NC_OK */
654         {SMP_MOVE_TO_SEC_CONN_PHASE2, SMP_SM_NO_ACTION,
655          SMP_STATE_SEC_CONN_PHS2_START},
656         /* user-provided passkey is rcvd */
657         /* SC_KEY_READY */
658         {SMP_START_PASSKEY_VERIFICATION, SMP_SM_NO_ACTION,
659          SMP_STATE_SEC_CONN_PHS1_START},
660         /* PAIR_COMMITM */
661         {SMP_PROCESS_PAIRING_COMMITMENT, SMP_SM_NO_ACTION,
662          SMP_STATE_WAIT_APP_RSP},
663         /* PAIR_KEYPR_NOTIF */
664         {SMP_PROCESS_KEYPRESS_NOTIFICATION, SMP_SEND_APP_CBACK,
665          SMP_STATE_WAIT_APP_RSP},
666         /* KEYPR_NOTIF */
667         {SMP_SEND_KEYPRESS_NOTIFICATION, SMP_SM_NO_ACTION,
668          SMP_STATE_WAIT_APP_RSP},
669         /* SC_OOB_DATA */
670         {SMP_SEND_PAIR_RSP, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
671 };
672 
673 static const uint8_t smp_peripheral_sec_request_table[][SMP_SM_NUM_COLS] = {
674     /* Event                  Action                 Next State */
675     /* PAIR_REQ */
676     {SMP_PROC_PAIR_CMD, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
677     /* ENCRYPTED*/
678     {SMP_ENC_CMPL, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
679 };
680 
681 static const uint8_t
682     smp_peripheral_pair_request_response_table[][SMP_SM_NUM_COLS] = {
683         /* Event                  Action                 Next State */
684         /* CONFIRM */
685         {SMP_PROC_CONFIRM, SMP_SM_NO_ACTION, SMP_STATE_CONFIRM},
686         /* TK_REQ */
687         {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
688 
689         /* TK/Confirm ready */
690         /* KEY_READY */
691         {SMP_PROC_SL_KEY, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
692         /* PUBL_KEY_EXCH_REQ */
693         {SMP_CREATE_PRIVATE_KEY, SMP_SM_NO_ACTION, SMP_STATE_PUBLIC_KEY_EXCH},
694         /* PAIR_PUBLIC_KEY */
695         {SMP_PROCESS_PAIR_PUBLIC_KEY, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
696 };
697 
698 static const uint8_t smp_peripheral_wait_confirm_table[][SMP_SM_NUM_COLS] = {
699     /* Event                  Action                 Next State */
700     /* CONFIRM */
701     {SMP_PROC_CONFIRM, SMP_SEND_CONFIRM, SMP_STATE_CONFIRM},
702     /* KEY_READY*/
703     {SMP_PROC_SL_KEY, SMP_SM_NO_ACTION, SMP_STATE_WAIT_CONFIRM}};
704 
705 static const uint8_t smp_peripheral_confirm_table[][SMP_SM_NUM_COLS] = {
706     /* Event                  Action                 Next State */
707     /* RAND */
708     {SMP_PROC_RAND, SMP_GENERATE_COMPARE, SMP_STATE_RAND},
709 
710     /* TK/Confirm ready */
711     /* KEY_READY*/
712     {SMP_PROC_SL_KEY, SMP_SM_NO_ACTION, SMP_STATE_CONFIRM}};
713 
714 static const uint8_t smp_peripheral_rand_table[][SMP_SM_NUM_COLS] = {
715     /* Event                  Action                 Next State */
716     /* KEY_READY */
717     {SMP_PROC_COMPARE, SMP_SM_NO_ACTION, SMP_STATE_RAND}, /* compare match */
718     /* RAND */
719     {SMP_SEND_RAND, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING}};
720 
721 static const uint8_t smp_peripheral_public_key_exch_table[][SMP_SM_NUM_COLS] = {
722     /* Event                  Action                 Next State */
723     /* LOC_PUBL_KEY_CRTD */
724     {SMP_WAIT_FOR_BOTH_PUBLIC_KEYS, SMP_SM_NO_ACTION,
725      SMP_STATE_PUBLIC_KEY_EXCH},
726     /* PAIR_PUBLIC_KEY */
727     {SMP_PROCESS_PAIR_PUBLIC_KEY, SMP_SM_NO_ACTION, SMP_STATE_PUBLIC_KEY_EXCH},
728     /* BOTH_PUBL_KEYS_RCVD */
729     {SMP_HAVE_BOTH_PUBLIC_KEYS, SMP_SM_NO_ACTION,
730      SMP_STATE_SEC_CONN_PHS1_START},
731 };
732 
733 static const uint8_t
734     smp_peripheral_sec_conn_phs1_start_table[][SMP_SM_NUM_COLS] = {
735         /* Event                  Action                 Next State */
736         /* SC_DHKEY_CMPLT */
737         {SMP_START_SEC_CONN_PHASE1, SMP_SM_NO_ACTION,
738          SMP_STATE_SEC_CONN_PHS1_START},
739         /* HAVE_LOC_NONCE */
740         {SMP_PROCESS_LOCAL_NONCE, SMP_SM_NO_ACTION, SMP_STATE_WAIT_COMMITMENT},
741         /* TK_REQ */
742         {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
743         /* SMP_MODEL_SEC_CONN_PASSKEY_DISP model, passkey is sent up to display,
744          * it's
745          * time to start */
746         /* commitment calculation */
747         /* KEY_READY */
748         {SMP_START_PASSKEY_VERIFICATION, SMP_SM_NO_ACTION,
749          SMP_STATE_SEC_CONN_PHS1_START},
750         /* PAIR_KEYPR_NOTIF */
751         {SMP_PROCESS_KEYPRESS_NOTIFICATION, SMP_SEND_APP_CBACK,
752          SMP_STATE_SEC_CONN_PHS1_START},
753         /*COMMIT*/
754         {SMP_PROCESS_PAIRING_COMMITMENT, SMP_SM_NO_ACTION,
755          SMP_STATE_SEC_CONN_PHS1_START},
756 };
757 
758 static const uint8_t smp_peripheral_wait_commitment_table[][SMP_SM_NUM_COLS] = {
759     /* Event                  Action                 Next State */
760     /* PAIR_COMMITM */
761     {SMP_PROCESS_PAIRING_COMMITMENT, SMP_SEND_COMMITMENT, SMP_STATE_WAIT_NONCE},
762     /* PAIR_KEYPR_NOTIF */
763     {SMP_PROCESS_KEYPRESS_NOTIFICATION, SMP_SEND_APP_CBACK,
764      SMP_STATE_WAIT_COMMITMENT},
765 };
766 
767 static const uint8_t smp_peripheral_wait_nonce_table[][SMP_SM_NUM_COLS] = {
768     /* Event                  Action                 Next State */
769     /* peer nonce is received */
770     /* RAND */
771     {SMP_PROC_RAND, SMP_PROCESS_PEER_NONCE, SMP_STATE_SEC_CONN_PHS2_START},
772     /* NC model, time to calculate number for NC */
773     /* SC_CALC_NC */
774     {SMP_CALCULATE_NUMERIC_COMPARISON_DISPLAY_NUMBER, SMP_SM_NO_ACTION,
775      SMP_STATE_WAIT_NONCE},
776     /* NC model, time to display calculated number for NC to the user */
777     /* SC_DSPL_NC */
778     {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
779 };
780 
781 static const uint8_t
782     smp_peripheral_sec_conn_phs2_start_table[][SMP_SM_NUM_COLS] = {
783         /* Event                  Action                 Next State */
784         /* SC_PHASE1_CMPLT */
785         {SMP_CALCULATE_LOCAL_DHKEY_CHECK, SMP_PH2_DHKEY_CHECKS_ARE_PRESENT,
786          SMP_STATE_WAIT_DHK_CHECK},
787         /* DHKey Check from central is received before peripheral DHKey
788          * calculation is completed - race */
789         /* PAIR_DHKEY_CHCK */
790         {SMP_PROCESS_DHKEY_CHECK, SMP_SM_NO_ACTION,
791          SMP_STATE_SEC_CONN_PHS2_START},
792 };
793 
794 static const uint8_t smp_peripheral_wait_dhk_check_table[][SMP_SM_NUM_COLS] = {
795     /* Event                  Action                 Next State */
796     /* PAIR_DHKEY_CHCK */
797     {SMP_PROCESS_DHKEY_CHECK, SMP_CALCULATE_PEER_DHKEY_CHECK,
798      SMP_STATE_DHK_CHECK},
799     /* DHKey Check from central was received before peripheral came to this
800        state */
801     /* SC_2_DHCK_CHKS_PRES */
802     {SMP_CALCULATE_PEER_DHKEY_CHECK, SMP_SM_NO_ACTION, SMP_STATE_DHK_CHECK},
803 };
804 
805 static const uint8_t smp_peripheral_dhk_check_table[][SMP_SM_NUM_COLS] = {
806     /* Event                  Action                 Next State */
807 
808     /* locally calculated peer dhkey check is ready -> compare it withs DHKey
809      * Check
810      */
811     /* actually received from peer */
812     /* SC_KEY_READY */
813     {SMP_MATCH_DHKEY_CHECKS, SMP_SM_NO_ACTION, SMP_STATE_DHK_CHECK},
814 
815     /* dhkey checks match -> send local dhkey check to central, go to wait for
816      * HCI LE
817      */
818     /* Long Term Key Request Event */
819     /* PAIR_DHKEY_CHCK */
820     {SMP_SEND_DHKEY_CHECK, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
821 };
822 
823 static const uint8_t smp_peripheral_enc_pending_table[][SMP_SM_NUM_COLS] = {
824     /* Event                  Action                 Next State */
825     /* ENC_REQ */
826     {SMP_GENERATE_STK, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
827 
828     /* STK ready */
829     /* KEY_READY */
830     {SMP_SEND_LTK_REPLY, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
831     /* ENCRYPTED */
832     {SMP_CHECK_AUTH_REQ, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
833     /* BOND_REQ */
834     {SMP_KEY_DISTRIBUTE, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING}};
835 static const uint8_t smp_peripheral_bond_pending_table[][SMP_SM_NUM_COLS] = {
836     /* Event                  Action                 Next State */
837 
838     /* LTK ready */
839     /* KEY_READY */
840     {SMP_SEND_ENC_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
841 
842     /* rev SRK */
843     /* SIGN_INFO */
844     {SMP_PROC_SRK_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
845     /* ENC_INFO */
846     {SMP_PROC_ENC_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
847     /* ID_INFO */
848     {SMP_PROC_ID_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
849     /* CENTRAL_ID*/
850     {SMP_PROC_CENTRAL_ID, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
851     /* ID_ADDR */
852     {SMP_PROC_ID_ADDR, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING}
853 
854 };
855 
856 static const uint8_t
857     smp_peripheral_create_local_sec_conn_oob_data[][SMP_SM_NUM_COLS] = {
858         /* Event                  Action                 Next State */
859         /* LOC_PUBL_KEY_CRTD */
860         {SMP_SET_LOCAL_OOB_KEYS, SMP_SM_NO_ACTION,
861          SMP_STATE_CREATE_LOCAL_SEC_CONN_OOB_DATA},
862         /* HAVE_LOC_NONCE */
863         {SMP_SET_LOCAL_OOB_RAND_COMMITMENT, SMP_SM_NO_ACTION, SMP_STATE_IDLE}};
864 
865 static const tSMP_SM_TBL smp_state_table[][2] = {
866     /* SMP_STATE_IDLE */
867     {smp_central_idle_table, smp_peripheral_idle_table},
868 
869     /* SMP_STATE_WAIT_APP_RSP */
870     {smp_central_wait_for_app_response_table,
871      smp_peripheral_wait_for_app_response_table},
872 
873     /* SMP_STATE_SEC_REQ_PENDING */
874     {NULL, smp_peripheral_sec_request_table},
875 
876     /* SMP_STATE_PAIR_REQ_RSP */
877     {smp_central_pair_request_response_table,
878      smp_peripheral_pair_request_response_table},
879 
880     /* SMP_STATE_WAIT_CONFIRM */
881     {smp_central_wait_for_confirm_table, smp_peripheral_wait_confirm_table},
882 
883     /* SMP_STATE_CONFIRM */
884     {smp_central_confirm_table, smp_peripheral_confirm_table},
885 
886     /* SMP_STATE_RAND */
887     {smp_central_rand_table, smp_peripheral_rand_table},
888 
889     /* SMP_STATE_PUBLIC_KEY_EXCH */
890     {smp_central_public_key_exchange_table,
891      smp_peripheral_public_key_exch_table},
892 
893     /* SMP_STATE_SEC_CONN_PHS1_START */
894     {smp_central_sec_conn_phs1_start_table,
895      smp_peripheral_sec_conn_phs1_start_table},
896 
897     /* SMP_STATE_WAIT_COMMITMENT */
898     {smp_central_wait_commitment_table, smp_peripheral_wait_commitment_table},
899 
900     /* SMP_STATE_WAIT_NONCE */
901     {smp_central_wait_nonce_table, smp_peripheral_wait_nonce_table},
902 
903     /* SMP_STATE_SEC_CONN_PHS2_START */
904     {smp_central_sec_conn_phs2_start_table,
905      smp_peripheral_sec_conn_phs2_start_table},
906 
907     /* SMP_STATE_WAIT_DHK_CHECK */
908     {smp_central_wait_dhk_check_table, smp_peripheral_wait_dhk_check_table},
909 
910     /* SMP_STATE_DHK_CHECK */
911     {smp_central_dhk_check_table, smp_peripheral_dhk_check_table},
912 
913     /* SMP_STATE_ENCRYPTION_PENDING */
914     {smp_central_enc_pending_table, smp_peripheral_enc_pending_table},
915 
916     /* SMP_STATE_BOND_PENDING */
917     {smp_central_bond_pending_table, smp_peripheral_bond_pending_table},
918 
919     /* SMP_STATE_CREATE_LOCAL_SEC_CONN_OOB_DATA */
920     {smp_central_create_local_sec_conn_oob_data,
921      smp_peripheral_create_local_sec_conn_oob_data}};
922 
923 typedef const uint8_t (*tSMP_ENTRY_TBL)[SMP_STATE_MAX];
924 static const tSMP_ENTRY_TBL smp_entry_table[] = {smp_central_entry_map,
925                                                  smp_peripheral_entry_map};
926 
927 tSMP_CB smp_cb;
928 
929 #define SMP_ALL_TBL_MASK 0x80
930 
931 /*******************************************************************************
932  * Function     smp_set_state
933  * Returns      None
934  ******************************************************************************/
smp_set_state(tSMP_STATE state)935 void smp_set_state(tSMP_STATE state) {
936   if (state < SMP_STATE_MAX) {
937     SMP_TRACE_DEBUG("State change: %s(%d) ==> %s(%d)",
938                     smp_get_state_name(smp_cb.state), smp_cb.state,
939                     smp_get_state_name(state), state);
940     smp_cb.state = state;
941   } else {
942     SMP_TRACE_DEBUG("smp_set_state invalid state =%d", state);
943   }
944 }
945 
946 /*******************************************************************************
947  * Function     smp_get_state
948  * Returns      The smp state
949  ******************************************************************************/
smp_get_state(void)950 tSMP_STATE smp_get_state(void) { return smp_cb.state; }
951 
952 /*******************************************************************************
953  *
954  * Function     smp_sm_event
955  *
956  * Description  Handle events to the state machine. It looks up the entry
957  *              in the smp_entry_table array.
958  *              If it is a valid entry, it gets the state table. Set the next
959  *              state, if not NULL state. Execute the action function according
960  *              to the state table. If the state returned by action function is
961  *              not NULL state, adjust the new state to the returned state. If
962  *              (api_evt != MAX), call callback function.
963  *
964  * Returns      void.
965  *
966  ******************************************************************************/
smp_sm_event(tSMP_CB * p_cb,tSMP_EVENT event,tSMP_INT_DATA * p_data)967 void smp_sm_event(tSMP_CB* p_cb, tSMP_EVENT event, tSMP_INT_DATA* p_data) {
968   uint8_t curr_state = p_cb->state;
969   tSMP_SM_TBL state_table;
970   uint8_t action, entry, i;
971 
972   if (p_cb->role >= 2) {
973     SMP_TRACE_DEBUG("Invalid role: %d", p_cb->role);
974     android_errorWriteLog(0x534e4554, "74121126");
975     return;
976   }
977 
978   tSMP_ENTRY_TBL entry_table = smp_entry_table[p_cb->role];
979 
980   SMP_TRACE_EVENT("main smp_sm_event");
981   if (curr_state >= SMP_STATE_MAX) {
982     SMP_TRACE_DEBUG("Invalid state: %d", curr_state);
983     return;
984   }
985 
986   SMP_TRACE_DEBUG("SMP Role: %s State: [%s (%d)], Event: [%s (%d)]",
987                   (p_cb->role == 0x01) ? "Peripheral" : "Central",
988                   smp_get_state_name(p_cb->state), p_cb->state,
989                   smp_get_event_name(event), event);
990 
991   /* look up the state table for the current state */
992   /* lookup entry /w event & curr_state */
993   /* If entry is ignore, return.
994    * Otherwise, get state table (according to curr_state or all_state) */
995   if ((event <= SMP_MAX_EVT) &&
996       ((entry = entry_table[event - 1][curr_state]) != SMP_SM_IGNORE)) {
997     if (entry & SMP_ALL_TBL_MASK) {
998       entry &= ~SMP_ALL_TBL_MASK;
999       state_table = smp_all_table;
1000     } else
1001       state_table = smp_state_table[curr_state][p_cb->role];
1002   } else {
1003     SMP_TRACE_DEBUG("Ignore event [%s (%d)] in state [%s (%d)]",
1004                     smp_get_event_name(event), event,
1005                     smp_get_state_name(curr_state), curr_state);
1006     return;
1007   }
1008 
1009   /* Get possible next state from state table. */
1010 
1011   smp_set_state(state_table[entry - 1][SMP_SME_NEXT_STATE]);
1012 
1013   /* If action is not ignore, clear param, exec action and get next state.
1014    * The action function may set the Param for cback.
1015    * Depending on param, call cback or free buffer. */
1016   /* execute action */
1017   /* execute action functions */
1018   for (i = 0; i < SMP_NUM_ACTIONS; i++) {
1019     action = state_table[entry - 1][i];
1020     if (action != SMP_SM_NO_ACTION) {
1021       (*smp_sm_action[action])(p_cb, p_data);
1022     } else {
1023       break;
1024     }
1025   }
1026   SMP_TRACE_DEBUG("result state = %s", smp_get_state_name(p_cb->state));
1027 }
1028 
1029 /*******************************************************************************
1030  * Function     smp_get_state_name
1031  * Returns      The smp state name.
1032  ******************************************************************************/
smp_get_state_name(tSMP_STATE state)1033 const char* smp_get_state_name(tSMP_STATE state) {
1034   const char* p_str = smp_state_name[SMP_STATE_MAX];
1035 
1036   if (state < SMP_STATE_MAX) {
1037     p_str = smp_state_name[state];
1038   }
1039   return p_str;
1040 }
1041 
1042 /*******************************************************************************
1043  * Function     smp_get_event_name
1044  * Returns      The smp event name.
1045  ******************************************************************************/
smp_get_event_name(tSMP_EVENT event)1046 const char* smp_get_event_name(tSMP_EVENT event) {
1047   const char* p_str = smp_event_name[SMP_MAX_EVT];
1048 
1049   if (event <= SMP_MAX_EVT) {
1050     p_str = smp_event_name[event - 1];
1051   }
1052   return p_str;
1053 }
1054