1 /******************************************************************************
2 *
3 * Copyright 2014-2015 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 #define LOG_TAG "smp"
20
21 #include <bluetooth/log.h>
22
23 #include "os/log.h"
24 #include "smp_int.h"
25 #include "types/hci_role.h"
26
27 using namespace bluetooth;
28
29 const char* const smp_br_state_name[SMP_BR_STATE_MAX + 1] = {
30 "SMP_BR_STATE_IDLE", "SMP_BR_STATE_WAIT_APP_RSP",
31 "SMP_BR_STATE_PAIR_REQ_RSP", "SMP_BR_STATE_BOND_PENDING",
32 "SMP_BR_STATE_OUT_OF_RANGE"};
33
34 const char* const smp_br_event_name[SMP_BR_MAX_EVT] = {
35 "BR_PAIRING_REQ_EVT", "BR_PAIRING_RSP_EVT",
36 "BR_CONFIRM_EVT", "BR_RAND_EVT",
37 "BR_PAIRING_FAILED_EVT", "BR_ENCRPTION_INFO_EVT",
38 "BR_CENTRAL_ID_EVT", "BR_ID_INFO_EVT",
39 "BR_ID_ADDR_EVT", "BR_SIGN_INFO_EVT",
40 "BR_SECURITY_REQ_EVT", "BR_PAIR_PUBLIC_KEY_EVT",
41 "BR_PAIR_DHKEY_CHCK_EVT", "BR_PAIR_KEYPR_NOTIF_EVT",
42 "BR_KEY_READY_EVT", "BR_ENCRYPTED_EVT",
43 "BR_L2CAP_CONN_EVT", "BR_L2CAP_DISCONN_EVT",
44 "BR_KEYS_RSP_EVT", "BR_API_SEC_GRANT_EVT",
45 "BR_TK_REQ_EVT", "BR_AUTH_CMPL_EVT",
46 "BR_ENC_REQ_EVT", "BR_BOND_REQ_EVT",
47 "BR_DISCARD_SEC_REQ_EVT", "BR_OUT_OF_RANGE_EVT"};
48
49 const char* smp_get_br_event_name(tSMP_BR_EVENT event);
50 const char* smp_get_br_state_name(tSMP_BR_STATE state);
51
52 #define SMP_BR_SM_IGNORE 0
53 #define SMP_BR_NUM_ACTIONS 2
54 #define SMP_BR_SME_NEXT_STATE 2
55 #define SMP_BR_SM_NUM_COLS 3
56 typedef const uint8_t (*tSMP_BR_SM_TBL)[SMP_BR_SM_NUM_COLS];
57
58 enum {
59 SMP_SEND_PAIR_REQ,
60 SMP_BR_SEND_PAIR_RSP,
61 SMP_SEND_PAIR_FAIL,
62 SMP_SEND_ID_INFO,
63 SMP_BR_PROC_PAIR_CMD,
64 SMP_PROC_PAIR_FAIL,
65 SMP_PROC_ID_INFO,
66 SMP_PROC_ID_ADDR,
67 SMP_PROC_SRK_INFO,
68 SMP_BR_PROC_SEC_GRANT,
69 SMP_BR_PROC_SL_KEYS_RSP,
70 SMP_BR_KEY_DISTRIBUTION,
71 SMP_BR_PAIRING_COMPLETE,
72 SMP_SEND_APP_CBACK,
73 SMP_BR_CHECK_AUTH_REQ,
74 SMP_PAIR_TERMINATE,
75 SMP_IDLE_TERMINATE,
76 SMP_BR_SM_NO_ACTION
77 };
78
79 static const tSMP_ACT smp_br_sm_action[] = {
80 smp_send_pair_req, /* SMP_SEND_PAIR_REQ */
81 smp_br_send_pair_response, /* SMP_BR_SEND_PAIR_RSP */
82 smp_send_pair_fail, /* SMP_SEND_PAIR_FAIL */
83 smp_send_id_info, /* SMP_SEND_ID_INFO */
84 smp_br_process_pairing_command, /* SMP_BR_PROC_PAIR_CMD */
85 smp_proc_pair_fail, /* SMP_PROC_PAIR_FAIL */
86 smp_proc_id_info, /* SMP_PROC_ID_INFO */
87 smp_proc_id_addr, /* SMP_PROC_ID_ADDR */
88 smp_proc_srk_info, /* SMP_PROC_SRK_INFO */
89 smp_br_process_security_grant, /* SMP_BR_PROC_SEC_GRANT */
90 smp_br_process_peripheral_keys_response, /* SMP_BR_PROC_SL_KEYS_RSP */
91 smp_br_select_next_key, /* SMP_BR_KEY_DISTRIBUTION */
92 smp_br_pairing_complete, /* SMP_BR_PAIRING_COMPLETE */
93 smp_send_app_cback, /* SMP_SEND_APP_CBACK */
94 smp_br_check_authorization_request, /* SMP_BR_CHECK_AUTH_REQ */
95 smp_pair_terminate, /* SMP_PAIR_TERMINATE */
96 smp_idle_terminate /* SMP_IDLE_TERMINATE */
97 };
98
99 static const uint8_t smp_br_all_table[][SMP_BR_SM_NUM_COLS] = {
100 /* Event Action Next State */
101 /* BR_PAIRING_FAILED */
102 {SMP_PROC_PAIR_FAIL, SMP_BR_PAIRING_COMPLETE, SMP_BR_STATE_IDLE},
103 /* BR_AUTH_CMPL */
104 {SMP_SEND_PAIR_FAIL, SMP_BR_PAIRING_COMPLETE, SMP_BR_STATE_IDLE},
105 /* BR_L2CAP_DISCONN */
106 {SMP_PAIR_TERMINATE, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_IDLE}};
107
108 /************ SMP Central FSM State/Event Indirection Table **************/
109 static const uint8_t smp_br_central_entry_map[][SMP_BR_STATE_MAX] = {
110 /* br_state name: Idle WaitApp Pair Bond
111 Rsp ReqRsp Pend */
112 /* BR_PAIRING_REQ */ {0, 0, 0, 0},
113 /* BR_PAIRING_RSP */ {0, 0, 1, 0},
114 /* BR_CONFIRM */ {0, 0, 0, 0},
115 /* BR_RAND */ {0, 0, 0, 0},
116 /* BR_PAIRING_FAILED */ {0, 0x81, 0x81, 0},
117 /* BR_ENCRPTION_INFO */ {0, 0, 0, 0},
118 /* BR_CENTRAL_ID */ {0, 0, 0, 0},
119 /* BR_ID_INFO */ {0, 0, 0, 1},
120 /* BR_ID_ADDR */ {0, 0, 0, 2},
121 /* BR_SIGN_INFO */ {0, 0, 0, 3},
122 /* BR_SECURITY_REQ */ {0, 0, 0, 0},
123 /* BR_PAIR_PUBLIC_KEY_EVT */ {0, 0, 0, 0},
124 /* BR_PAIR_DHKEY_CHCK_EVT */ {0, 0, 0, 0},
125 /* BR_PAIR_KEYPR_NOTIF_EVT */ {0, 0, 0, 0},
126 /* BR_KEY_READY */ {0, 0, 0, 0},
127 /* BR_ENCRYPTED */ {0, 0, 0, 0},
128 /* BR_L2CAP_CONN */ {1, 0, 0, 0},
129 /* BR_L2CAP_DISCONN */ {2, 0x83, 0x83, 0x83},
130 /* BR_KEYS_RSP */ {0, 1, 0, 0},
131 /* BR_API_SEC_GRANT */ {0, 0, 0, 0},
132 /* BR_TK_REQ */ {0, 0, 0, 0},
133 /* BR_AUTH_CMPL */ {0, 0x82, 0x82, 0x82},
134 /* BR_ENC_REQ */ {0, 0, 0, 0},
135 /* BR_BOND_REQ */ {0, 0, 2, 0},
136 /* BR_DISCARD_SEC_REQ */ {0, 0, 0, 0}};
137
138 static const uint8_t smp_br_central_idle_table[][SMP_BR_SM_NUM_COLS] = {
139 /* Event Action Next State */
140 /* BR_L2CAP_CONN */
141 {SMP_SEND_APP_CBACK, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_WAIT_APP_RSP},
142 /* BR_L2CAP_DISCONN */
143 {SMP_IDLE_TERMINATE, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_IDLE}};
144
145 static const uint8_t
146 smp_br_central_wait_appln_response_table[][SMP_BR_SM_NUM_COLS] = {
147 /* Event Action Next State */
148 /* BR_KEYS_RSP */
149 {SMP_SEND_PAIR_REQ, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_PAIR_REQ_RSP}};
150
151 static const uint8_t
152 smp_br_central_pair_request_response_table[][SMP_BR_SM_NUM_COLS] = {
153 /* Event Action Next State */
154 /* BR_PAIRING_RSP */
155 {SMP_BR_PROC_PAIR_CMD, SMP_BR_CHECK_AUTH_REQ,
156 SMP_BR_STATE_PAIR_REQ_RSP},
157 /* BR_BOND_REQ */
158 {SMP_BR_SM_NO_ACTION, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING}};
159
160 static const uint8_t smp_br_central_bond_pending_table[][SMP_BR_SM_NUM_COLS] = {
161 /* Event Action Next State */
162 /* BR_ID_INFO */
163 {SMP_PROC_ID_INFO, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING},
164 /* BR_ID_ADDR */
165 {SMP_PROC_ID_ADDR, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING},
166 /* BR_SIGN_INFO */
167 {SMP_PROC_SRK_INFO, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING}};
168
169 static const uint8_t smp_br_peripheral_entry_map[][SMP_BR_STATE_MAX] = {
170 /* br_state name: Idle WaitApp Pair Bond
171 Rsp ReqRsp Pend */
172 /* BR_PAIRING_REQ */ {1, 0, 0, 0},
173 /* BR_PAIRING_RSP */ {0, 0, 0, 0},
174 /* BR_CONFIRM */ {0, 0, 0, 0},
175 /* BR_RAND */ {0, 0, 0, 0},
176 /* BR_PAIRING_FAILED */ {0, 0x81, 0x81, 0x81},
177 /* BR_ENCRPTION_INFO */ {0, 0, 0, 0},
178 /* BR_CENTRAL_ID */ {0, 0, 0, 0},
179 /* BR_ID_INFO */ {0, 0, 0, 1},
180 /* BR_ID_ADDR */ {0, 0, 0, 2},
181 /* BR_SIGN_INFO */ {0, 0, 0, 3},
182 /* BR_SECURITY_REQ */ {0, 0, 0, 0},
183 /* BR_PAIR_PUBLIC_KEY_EVT */ {0, 0, 0, 0},
184 /* BR_PAIR_DHKEY_CHCK_EVT */ {0, 0, 0, 0},
185 /* BR_PAIR_KEYPR_NOTIF_EVT */ {0, 0, 0, 0},
186 /* BR_KEY_READY */ {0, 0, 0, 0},
187 /* BR_ENCRYPTED */ {0, 0, 0, 0},
188 /* BR_L2CAP_CONN */ {0, 0, 0, 0},
189 /* BR_L2CAP_DISCONN */ {0, 0x83, 0x83, 0x83},
190 /* BR_KEYS_RSP */ {0, 2, 0, 0},
191 /* BR_API_SEC_GRANT */ {0, 1, 0, 0},
192 /* BR_TK_REQ */ {0, 0, 0, 0},
193 /* BR_AUTH_CMPL */ {0, 0x82, 0x82, 0x82},
194 /* BR_ENC_REQ */ {0, 0, 0, 0},
195 /* BR_BOND_REQ */ {0, 3, 0, 0},
196 /* BR_DISCARD_SEC_REQ */ {0, 0, 0, 0}};
197
198 static const uint8_t smp_br_peripheral_idle_table[][SMP_BR_SM_NUM_COLS] = {
199 /* Event Action Next State */
200 /* BR_PAIRING_REQ */
201 {SMP_BR_PROC_PAIR_CMD, SMP_SEND_APP_CBACK, SMP_BR_STATE_WAIT_APP_RSP}};
202
203 static const uint8_t
204 smp_br_peripheral_wait_appln_response_table[][SMP_BR_SM_NUM_COLS] = {
205 /* Event Action Next State */
206 /* BR_API_SEC_GRANT */
207 {SMP_BR_PROC_SEC_GRANT, SMP_SEND_APP_CBACK, SMP_BR_STATE_WAIT_APP_RSP},
208 /* BR_KEYS_RSP */
209 {SMP_BR_PROC_SL_KEYS_RSP, SMP_BR_CHECK_AUTH_REQ,
210 SMP_BR_STATE_WAIT_APP_RSP},
211 /* BR_BOND_REQ */
212 {SMP_BR_KEY_DISTRIBUTION, SMP_BR_SM_NO_ACTION,
213 SMP_BR_STATE_BOND_PENDING}};
214
215 static const uint8_t
216 smp_br_peripheral_bond_pending_table[][SMP_BR_SM_NUM_COLS] = {
217 /* Event Action Next State */
218 /* BR_ID_INFO */
219 {SMP_PROC_ID_INFO, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING},
220 /* BR_ID_ADDR */
221 {SMP_PROC_ID_ADDR, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING},
222 /* BR_SIGN_INFO */
223 {SMP_PROC_SRK_INFO, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING}};
224
225 static const tSMP_BR_SM_TBL smp_br_state_table[][2] = {
226 /* SMP_BR_STATE_IDLE */
227 {smp_br_central_idle_table, smp_br_peripheral_idle_table},
228
229 /* SMP_BR_STATE_WAIT_APP_RSP */
230 {smp_br_central_wait_appln_response_table,
231 smp_br_peripheral_wait_appln_response_table},
232
233 /* SMP_BR_STATE_PAIR_REQ_RSP */
234 {smp_br_central_pair_request_response_table, NULL},
235
236 /* SMP_BR_STATE_BOND_PENDING */
237 {smp_br_central_bond_pending_table, smp_br_peripheral_bond_pending_table},
238 };
239
240 typedef const uint8_t (*tSMP_BR_ENTRY_TBL)[SMP_BR_STATE_MAX];
241
242 static const tSMP_BR_ENTRY_TBL smp_br_entry_table[] = {
243 smp_br_central_entry_map, smp_br_peripheral_entry_map};
244
245 #define SMP_BR_ALL_TABLE_MASK 0x80
246
247 /*******************************************************************************
248 * Function smp_set_br_state
249 * Returns None
250 ******************************************************************************/
smp_set_br_state(tSMP_BR_STATE br_state)251 void smp_set_br_state(tSMP_BR_STATE br_state) {
252 if (br_state < SMP_BR_STATE_MAX) {
253 log::verbose("BR_State change:{}({})==>{}({})",
254 smp_get_br_state_name(smp_cb.br_state), smp_cb.br_state,
255 smp_get_br_state_name(br_state), br_state);
256 smp_cb.br_state = br_state;
257 } else {
258 log::verbose("invalid br_state={}", br_state);
259 }
260 }
261
262 /*******************************************************************************
263 * Function smp_get_br_state
264 * Returns The smp_br state
265 ******************************************************************************/
smp_get_br_state(void)266 tSMP_BR_STATE smp_get_br_state(void) { return smp_cb.br_state; }
267
268 /*******************************************************************************
269 * Function smp_get_br_state_name
270 * Returns The smp_br state name.
271 ******************************************************************************/
smp_get_br_state_name(tSMP_BR_STATE br_state)272 const char* smp_get_br_state_name(tSMP_BR_STATE br_state) {
273 const char* p_str = smp_br_state_name[SMP_BR_STATE_MAX];
274
275 if (br_state < SMP_BR_STATE_MAX) p_str = smp_br_state_name[br_state];
276
277 return p_str;
278 }
279 /*******************************************************************************
280 * Function smp_get_br_event_name
281 * Returns The smp_br event name.
282 ******************************************************************************/
smp_get_br_event_name(tSMP_BR_EVENT event)283 const char* smp_get_br_event_name(tSMP_BR_EVENT event) {
284 const char* p_str = smp_br_event_name[SMP_BR_MAX_EVT - 1];
285
286 if (event < SMP_BR_MAX_EVT) {
287 p_str = smp_br_event_name[event - 1];
288 }
289 return p_str;
290 }
291
292 /*******************************************************************************
293 *
294 * Function smp_br_state_machine_event
295 *
296 * Description Handle events to the state machine. It looks up the entry
297 * in the smp_br_entry_table array.
298 * If it is a valid entry, it gets the state table. Set the next
299 * state, if not NULL state. Execute the action function according
300 * to the state table. If the state returned by action function is
301 * not NULL state, adjust the new state to the returned state.
302 *
303 * Returns void.
304 *
305 ******************************************************************************/
smp_br_state_machine_event(tSMP_CB * p_cb,tSMP_BR_EVENT event,tSMP_INT_DATA * p_data)306 void smp_br_state_machine_event(tSMP_CB* p_cb, tSMP_BR_EVENT event,
307 tSMP_INT_DATA* p_data) {
308 tSMP_BR_STATE curr_state = p_cb->br_state;
309 tSMP_BR_SM_TBL state_table;
310 uint8_t action, entry;
311
312 log::debug("addr:{}", p_cb->pairing_bda);
313 if (curr_state >= SMP_BR_STATE_MAX) {
314 log::error("Invalid br_state: {}", curr_state);
315 return;
316 }
317
318 if (p_cb->role > HCI_ROLE_PERIPHERAL) {
319 log::error("invalid role {}", p_cb->role);
320 return;
321 }
322
323 tSMP_BR_ENTRY_TBL entry_table = smp_br_entry_table[p_cb->role];
324
325 log::debug("Role:{} State:[{}({})], Event:[{}({})]",
326 hci_role_text(p_cb->role), smp_get_br_state_name(p_cb->br_state),
327 p_cb->br_state, smp_get_br_event_name(event), event);
328
329 /* look up the state table for the current state */
330 /* lookup entry / w event & curr_state */
331 /* If entry is ignore, return.
332 * Otherwise, get state table (according to curr_state or all_state) */
333 if ((event <= SMP_BR_MAX_EVT) &&
334 ((entry = entry_table[event - 1][curr_state]) != SMP_BR_SM_IGNORE)) {
335 if (entry & SMP_BR_ALL_TABLE_MASK) {
336 entry &= ~SMP_BR_ALL_TABLE_MASK;
337 state_table = smp_br_all_table;
338 } else {
339 state_table = smp_br_state_table[curr_state][p_cb->role];
340 }
341 } else {
342 log::verbose("Ignore event[{}({})] in state[{}({})]",
343 smp_get_br_event_name(event), event,
344 smp_get_br_state_name(curr_state), curr_state);
345 return;
346 }
347
348 /* Get possible next state from state table. */
349
350 smp_set_br_state(state_table[entry - 1][SMP_BR_SME_NEXT_STATE]);
351
352 /* If action is not ignore, clear param, exec action and get next state.
353 * The action function may set the Param for cback.
354 * Depending on param, call cback or free buffer. */
355 /* execute action functions */
356 for (uint8_t i = 0; i < SMP_BR_NUM_ACTIONS; i++) {
357 action = state_table[entry - 1][i];
358 if (action != SMP_BR_SM_NO_ACTION) {
359 (*smp_br_sm_action[action])(p_cb, p_data);
360 } else {
361 break;
362 }
363 }
364 log::verbose("result state={}", smp_get_br_state_name(p_cb->br_state));
365 }
366