1 /****************************************************************************** 2 * 3 * Copyright 2023 The Android Open Source Project 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19 #pragma once 20 21 #include <base/functional/callback.h> 22 #include <base/strings/stringprintf.h> 23 #include <bluetooth/log.h> 24 25 #include <cstdint> 26 27 #include "bta_api_data_types.h" 28 #include "internal_include/bt_target.h" 29 #include "stack/include/bt_device_type.h" 30 #include "stack/include/bt_name.h" 31 #include "stack/include/bt_octets.h" 32 #include "stack/include/btm_ble_sec_api_types.h" 33 #include "stack/include/btm_sec_api_types.h" 34 #include "stack/include/hci_error_code.h" 35 #include "types/ble_address_with_type.h" 36 #include "types/bt_transport.h" 37 #include "types/raw_address.h" 38 39 /* Security Setting Mask */ 40 #define BTA_SEC_AUTHENTICATE \ 41 (BTM_SEC_IN_AUTHENTICATE | \ 42 BTM_SEC_OUT_AUTHENTICATE) /* Authentication required. */ 43 #define BTA_SEC_ENCRYPT \ 44 (BTM_SEC_IN_ENCRYPT | BTM_SEC_OUT_ENCRYPT) /* Encryption required. */ 45 46 typedef uint16_t tBTA_SEC; 47 48 typedef enum : uint8_t { 49 /* Security Callback Events */ 50 BTA_DM_PIN_REQ_EVT = 2, /* PIN request. */ 51 BTA_DM_AUTH_CMPL_EVT = 3, /* Authentication complete indication. */ 52 BTA_DM_AUTHORIZE_EVT = 4, /* Authorization request. */ 53 BTA_DM_BOND_CANCEL_CMPL_EVT = 9, /* Bond cancel complete indication */ 54 BTA_DM_SP_CFM_REQ_EVT = 10, /* Simple Pairing User Confirmation request */ 55 BTA_DM_SP_KEY_NOTIF_EVT = 11, /* Simple Pairing Passkey Notification */ 56 BTA_DM_BLE_KEY_EVT = 15, /* BLE SMP key event for peer device keys */ 57 BTA_DM_BLE_SEC_REQ_EVT = 16, /* BLE SMP security request */ 58 BTA_DM_BLE_PASSKEY_NOTIF_EVT = 17, /* SMP passkey notification event */ 59 BTA_DM_BLE_PASSKEY_REQ_EVT = 18, /* SMP passkey request event */ 60 BTA_DM_BLE_OOB_REQ_EVT = 19, /* SMP OOB request event */ 61 BTA_DM_BLE_LOCAL_IR_EVT = 20, /* BLE local IR event */ 62 BTA_DM_BLE_LOCAL_ER_EVT = 21, /* BLE local ER event */ 63 BTA_DM_BLE_NC_REQ_EVT = 22, /* SMP Numeric Comparison request event */ 64 BTA_DM_SP_RMT_OOB_EXT_EVT = 65 23, /* Simple Pairing Remote OOB Extended Data request. */ 66 BTA_DM_BLE_AUTH_CMPL_EVT = 24, /* BLE Auth complete */ 67 BTA_DM_DEV_UNPAIRED_EVT = 25, 68 BTA_DM_ENER_INFO_READ = 28, /* Energy info read */ 69 BTA_DM_BLE_SC_OOB_REQ_EVT = 29, /* SMP SC OOB request event */ 70 BTA_DM_BLE_CONSENT_REQ_EVT = 30, /* SMP consent request event */ 71 BTA_DM_BLE_SC_CR_LOC_OOB_EVT = 31, /* SMP SC Create Local OOB request event */ 72 BTA_DM_REPORT_BONDING_EVT = 32, /*handle for pin or key missing*/ 73 BTA_DM_LE_ADDR_ASSOC_EVT = 33, /* identity address association event */ 74 BTA_DM_SIRK_VERIFICATION_REQ_EVT = 35, 75 BTA_DM_KEY_MISSING_EVT = 36, 76 } tBTA_DM_SEC_EVT; 77 78 /* Structure associated with BTA_DM_PIN_REQ_EVT */ 79 typedef struct { 80 /* Note: First 3 data members must be, bd_addr, dev_class, and bd_name in 81 * order */ 82 RawAddress bd_addr; /* BD address peer device. */ 83 DEV_CLASS dev_class; /* Class of Device */ 84 BD_NAME bd_name; /* Name of peer device. */ 85 bool min_16_digit; /* true if the pin returned must be at least 16 digits */ 86 } tBTA_DM_PIN_REQ; 87 88 /* BLE related definition */ 89 90 #define BTA_DM_AUTH_FAIL_BASE (HCI_ERR_MAX_ERR + 10) 91 92 /* Converts SMP error codes defined in smp_api.h to SMP auth fail reasons below. 93 */ 94 #define BTA_DM_AUTH_CONVERT_SMP_CODE(x) (BTA_DM_AUTH_FAIL_BASE + (x)) 95 96 #define BTA_DM_AUTH_SMP_PAIR_AUTH_FAIL \ 97 (BTA_DM_AUTH_FAIL_BASE + SMP_PAIR_AUTH_FAIL) 98 #define BTA_DM_AUTH_SMP_CONFIRM_VALUE_FAIL \ 99 (BTA_DM_AUTH_FAIL_BASE + SMP_CONFIRM_VALUE_ERR) 100 #define BTA_DM_AUTH_SMP_PAIR_NOT_SUPPORT \ 101 (BTA_DM_AUTH_FAIL_BASE + SMP_PAIR_NOT_SUPPORT) 102 #define BTA_DM_AUTH_SMP_UNKNOWN_ERR \ 103 (BTA_DM_AUTH_FAIL_BASE + SMP_PAIR_FAIL_UNKNOWN) 104 #define BTA_DM_AUTH_SMP_CONN_TOUT (BTA_DM_AUTH_FAIL_BASE + SMP_CONN_TOUT) 105 106 typedef uint8_t tBTA_LE_KEY_TYPE; /* can be used as a bit mask */ 107 108 typedef union { 109 tBTM_LE_PENC_KEYS penc_key; /* received peer encryption key */ 110 tBTM_LE_PCSRK_KEYS psrk_key; /* received peer device SRK */ 111 tBTM_LE_PID_KEYS pid_key; /* peer device ID key */ 112 tBTM_LE_LENC_KEYS 113 lenc_key; /* local encryption reproduction keys LTK = = d1(ER,DIV,0)*/ 114 tBTM_LE_LCSRK_KEYS lcsrk_key; /* local device CSRK = d1(ER,DIV,1)*/ 115 tBTM_LE_PID_KEYS lid_key; /* local device ID key for the particular remote */ 116 } tBTA_LE_KEY_VALUE; 117 118 #define BTA_BLE_LOCAL_KEY_TYPE_ID 1 119 #define BTA_BLE_LOCAL_KEY_TYPE_ER 2 120 typedef uint8_t tBTA_DM_BLE_LOCAL_KEY_MASK; 121 122 typedef struct { 123 Octet16 ir; 124 Octet16 irk; 125 Octet16 dhk; 126 } tBTA_BLE_LOCAL_ID_KEYS; 127 128 #define BTA_DM_SEC_GRANTED BTA_SUCCESS 129 #define BTA_DM_SEC_PAIR_NOT_SPT BTA_DM_AUTH_SMP_PAIR_NOT_SUPPORT 130 typedef uint8_t tBTA_DM_BLE_SEC_GRANT; 131 132 /* Structure associated with BTA_DM_BLE_SEC_REQ_EVT */ 133 typedef struct { 134 RawAddress bd_addr; /* peer address */ 135 BD_NAME bd_name; /* peer device name */ 136 } tBTA_DM_BLE_SEC_REQ; 137 138 typedef struct { 139 RawAddress bd_addr; /* peer address */ 140 tBTM_LE_KEY_TYPE key_type; 141 tBTM_LE_KEY_VALUE* p_key_value; 142 } tBTA_DM_BLE_KEY; 143 144 /* Structure associated with BTA_DM_AUTH_CMPL_EVT */ 145 typedef struct { 146 RawAddress bd_addr; /* BD address peer device. */ 147 BD_NAME bd_name; /* Name of peer device. */ 148 bool key_present; /* Valid link key value in key element */ 149 LinkKey key; /* Link key associated with peer device. */ 150 uint8_t key_type; /* The type of Link Key */ 151 bool success; /* true of authentication succeeded, false if failed. */ 152 tHCI_REASON 153 fail_reason; /* The HCI reason/error code for when success=false */ 154 tBLE_ADDR_TYPE addr_type; /* Peer device address type */ 155 tBT_DEVICE_TYPE dev_type; 156 bool is_ctkd; /* True if key is derived using CTKD procedure */ 157 } tBTA_DM_AUTH_CMPL; 158 159 /* Structure associated with BTA_DM_DEV_UNPAIRED_EVT */ 160 typedef struct { 161 RawAddress bd_addr; /* BD address peer device. */ 162 tBT_TRANSPORT transport_link_type; 163 } tBTA_DM_UNPAIR; 164 165 #define BTA_AUTH_SP_YES \ 166 BTM_AUTH_SP_YES /* 1 MITM Protection Required - Single Profile/non-bonding \ 167 Use IO Capabilities to determine authentication procedure \ 168 */ 169 170 #define BTA_AUTH_DD_BOND \ 171 BTM_AUTH_DD_BOND /* 2 this bit is set for dedicated bonding */ 172 #define BTA_AUTH_GEN_BOND \ 173 BTM_AUTH_SPGB_NO /* 4 this bit is set for general bonding */ 174 #define BTA_AUTH_BONDS \ 175 BTM_AUTH_BONDS /* 6 the general/dedicated bonding bits */ 176 177 #define BTA_LE_AUTH_REQ_SC_MITM_BOND BTM_LE_AUTH_REQ_SC_MITM_BOND /* 1101 */ 178 179 /* Structure associated with BTA_DM_SP_CFM_REQ_EVT */ 180 typedef struct { 181 /* Note: First 3 data members must be, bd_addr, dev_class, and bd_name in 182 * order */ 183 RawAddress bd_addr; /* peer address */ 184 DEV_CLASS dev_class; /* peer CoD */ 185 BD_NAME bd_name; /* peer device name */ 186 uint32_t num_val; /* the numeric value for comparison. If just_works, do not 187 show this number to UI */ 188 bool just_works; /* true, if "Just Works" association model */ 189 tBTM_AUTH_REQ loc_auth_req; /* Authentication required for local device */ 190 tBTM_AUTH_REQ rmt_auth_req; /* Authentication required for peer device */ 191 tBTM_IO_CAP loc_io_caps; /* IO Capabilities of local device */ 192 tBTM_IO_CAP rmt_io_caps; // IO Capabilities of remote device 193 } tBTA_DM_SP_CFM_REQ; 194 195 /* Structure associated with BTA_DM_SP_KEY_NOTIF_EVT */ 196 typedef struct { 197 /* Note: First 3 data members must be, bd_addr, dev_class, and bd_name in 198 * order */ 199 RawAddress bd_addr; /* peer address */ 200 DEV_CLASS dev_class; /* peer CoD */ 201 BD_NAME bd_name; /* peer device name */ 202 uint32_t passkey; /* the numeric value for comparison. If just_works, do not 203 show this number to UI */ 204 } tBTA_DM_SP_KEY_NOTIF; 205 206 /* Structure associated with BTA_DM_SP_RMT_OOB_EVT */ 207 typedef struct { 208 /* Note: First 3 data members must be, bd_addr, dev_class, and bd_name in 209 * order */ 210 RawAddress bd_addr; /* peer address */ 211 DEV_CLASS dev_class; /* peer CoD */ 212 BD_NAME bd_name; /* peer device name */ 213 } tBTA_DM_SP_RMT_OOB; 214 215 /* Structure associated with BTA_DM_BOND_CANCEL_CMPL_EVT */ 216 typedef struct { 217 tBTA_STATUS result; /* true of bond cancel succeeded, false if failed. */ 218 } tBTA_DM_BOND_CANCEL_CMPL; 219 220 /* Add to remove bond of key missing RC */ 221 typedef struct { 222 RawAddress bd_addr; 223 } tBTA_DM_RC_UNPAIR; 224 225 typedef struct { 226 Octet16 local_oob_c; /* Local OOB Data Confirmation/Commitment */ 227 Octet16 local_oob_r; /* Local OOB Data Randomizer */ 228 } tBTA_DM_LOC_OOB_DATA; 229 230 /* Union of all security callback structures */ 231 typedef union { 232 tBTA_DM_PIN_REQ pin_req; /* PIN request. */ 233 tBTA_DM_AUTH_CMPL auth_cmpl; /* Authentication complete indication. */ 234 tBTA_DM_UNPAIR dev_unpair; /* Remove bonding complete indication */ 235 tBTA_DM_SP_CFM_REQ cfm_req; /* user confirm request */ 236 tBTA_DM_SP_KEY_NOTIF key_notif; /* passkey notification */ 237 tBTA_DM_SP_RMT_OOB rmt_oob; /* remote oob */ 238 tBTA_DM_BOND_CANCEL_CMPL 239 bond_cancel_cmpl; /* Bond Cancel Complete indication */ 240 tBTA_DM_BLE_SEC_REQ ble_req; /* BLE SMP related request */ 241 tBTA_DM_BLE_KEY ble_key; /* BLE SMP keys used when pairing */ 242 tBTA_BLE_LOCAL_ID_KEYS ble_id_keys; /* IR event */ 243 Octet16 ble_er; /* ER event data */ 244 tBTA_DM_LOC_OOB_DATA local_oob_data; /* Local OOB data generated by us */ 245 tBTA_DM_RC_UNPAIR delete_key_RC_to_unpair; 246 tBTA_DM_PROC_ID_ADDR proc_id_addr; /* Identity address event */ 247 tBTA_DM_KEY_MISSING key_missing; 248 } tBTA_DM_SEC; 249 250 /* Security callback */ 251 typedef void(tBTA_DM_SEC_CBACK)(tBTA_DM_SEC_EVT event, tBTA_DM_SEC* p_data); 252 253 /* Encryption callback*/ 254 typedef void(tBTA_DM_ENCRYPT_CBACK)(const RawAddress& bd_addr, 255 tBT_TRANSPORT transport, 256 tBTA_STATUS result); 257 258 /******************************************************************************* 259 * 260 * Function BTA_DmBond 261 * 262 * Description This function initiates a bonding procedure with a peer 263 * device by designated transport. The bonding procedure 264 * enables authentication and optionally encryption on the 265 * Bluetooth link. 266 * 267 * 268 * Returns void 269 * 270 ******************************************************************************/ 271 void BTA_DmBond(const RawAddress& bd_addr, tBLE_ADDR_TYPE addr_type, 272 tBT_TRANSPORT transport, tBT_DEVICE_TYPE device_type); 273 274 /******************************************************************************* 275 * 276 * Function BTA_DmBondCancel 277 * 278 * Description This function cancels a bonding procedure with a peer 279 * device. 280 * 281 * 282 * Returns void 283 * 284 ******************************************************************************/ 285 void BTA_DmBondCancel(const RawAddress& bd_addr); 286 287 /******************************************************************************* 288 * 289 * Function BTA_DmPinReply 290 * 291 * Description This function provides a PIN when one is requested by DM 292 * during a bonding procedure. The application should call 293 * this function after the security callback is called with 294 * a BTA_DM_PIN_REQ_EVT. 295 * 296 * 297 * Returns void 298 * 299 ******************************************************************************/ 300 void BTA_DmPinReply(const RawAddress& bd_addr, bool accept, uint8_t pin_len, 301 uint8_t* p_pin); 302 303 /******************************************************************************* 304 * 305 * Function BTA_DmLocalOob 306 * 307 * Description This function retrieves the OOB data from local controller. 308 * The result is reported by bta_dm_co_loc_oob(). 309 * 310 * Returns void 311 * 312 ******************************************************************************/ 313 void BTA_DmLocalOob(void); 314 315 /******************************************************************************* 316 * 317 * Function BTA_DmConfirm 318 * 319 * Description This function accepts or rejects the numerical value of the 320 * Simple Pairing process on BTA_DM_SP_CFM_REQ_EVT 321 * 322 * Returns void 323 * 324 ******************************************************************************/ 325 void BTA_DmConfirm(const RawAddress& bd_addr, bool accept); 326 327 /******************************************************************************* 328 * 329 * Function BTA_DmAddDevice 330 * 331 * Description This function adds a device to the security database list 332 * of peer devices. This function would typically be called 333 * at system startup to initialize the security database with 334 * known peer devices. This is a direct execution function 335 * that may lock task scheduling on some platforms. 336 * 337 * Returns void 338 * 339 ******************************************************************************/ 340 void BTA_DmAddDevice(RawAddress bd_addr, DEV_CLASS dev_class, LinkKey link_key, 341 uint8_t key_type, uint8_t pin_length); 342 343 /******************************************************************************* 344 * 345 * Function BTA_DmRemoveDevice 346 * 347 * Description This function removes a device from the security database. 348 * This is a direct execution function that may lock task 349 * scheduling on some platforms. 350 * 351 * 352 * Returns BTA_SUCCESS if successful. 353 * BTA_FAIL if operation failed. 354 * 355 ******************************************************************************/ 356 tBTA_STATUS BTA_DmRemoveDevice(const RawAddress& bd_addr); 357 358 359 /* BLE related API functions */ 360 /******************************************************************************* 361 * 362 * Function BTA_DmBleSecurityGrant 363 * 364 * Description Grant security request access. 365 * 366 * Parameters: bd_addr - BD address of the peer 367 * res - security grant status. 368 * 369 * Returns void 370 * 371 ******************************************************************************/ 372 void BTA_DmBleSecurityGrant(const RawAddress& bd_addr, 373 tBTA_DM_BLE_SEC_GRANT res); 374 375 /******************************************************************************* 376 * 377 * Function BTA_DmBlePasskeyReply 378 * 379 * Description Send BLE SMP passkey reply. 380 * 381 * Parameters: bd_addr - BD address of the peer 382 * accept - passkey entry successful or declined. 383 * passkey - passkey value, must be a 6 digit number, 384 * can be lead by 0. 385 * 386 * Returns void 387 * 388 ******************************************************************************/ 389 void BTA_DmBlePasskeyReply(const RawAddress& bd_addr, bool accept, 390 uint32_t passkey); 391 392 /******************************************************************************* 393 * 394 * Function BTA_DmBleConfirmReply 395 * 396 * Description Send BLE SMP SC user confirmation reply. 397 * 398 * Parameters: bd_addr - BD address of the peer 399 * accept - numbers to compare are the same or 400 * different. 401 * 402 * Returns void 403 * 404 ******************************************************************************/ 405 void BTA_DmBleConfirmReply(const RawAddress& bd_addr, bool accept); 406 407 /******************************************************************************* 408 * 409 * Function BTA_DmAddBleDevice 410 * 411 * Description Add a BLE device. This function will be normally called 412 * during host startup to restore all required information 413 * for a LE device stored in the NVRAM. 414 * 415 * Parameters: bd_addr - BD address of the peer 416 * dev_type - Remote device's device type. 417 * addr_type - LE device address type. 418 * 419 * Returns void 420 * 421 ******************************************************************************/ 422 void BTA_DmAddBleDevice(const RawAddress& bd_addr, tBLE_ADDR_TYPE addr_type, 423 tBT_DEVICE_TYPE dev_type); 424 425 /******************************************************************************* 426 * 427 * Function BTA_DmAddBleKey 428 * 429 * Description Add/modify LE device information. This function will be 430 * normally called during host startup to restore all required 431 * information stored in the NVRAM. 432 * 433 * Parameters: bd_addr - BD address of the peer 434 * p_le_key - LE key values. 435 * key_type - LE SMP key type. 436 * 437 * Returns void 438 * 439 ******************************************************************************/ 440 void BTA_DmAddBleKey(const RawAddress& bd_addr, tBTA_LE_KEY_VALUE* p_le_key, 441 tBTM_LE_KEY_TYPE key_type); 442 443 /******************************************************************************* 444 * 445 * Function BTA_DmSetEncryption 446 * 447 * Description This function is called to ensure that connection is 448 * encrypted. Should be called only on an open connection. 449 * Typically only needed for connections that first want to 450 * bring up unencrypted links, then later encrypt them. 451 * 452 * Parameters: bd_addr - Address of the peer device 453 * transport - transport of the link to be encruypted 454 * p_callback - Pointer to callback function to indicat the 455 * link encryption status 456 * sec_act - This is the security action to indicate 457 * what kind of BLE security level is required 458 * for the BLE link if BLE is supported 459 * Note: This parameter is ignored for 460 * BR/EDR or if BLE is not supported. 461 * 462 * Returns void 463 * 464 * 465 ******************************************************************************/ 466 void BTA_DmSetEncryption(const RawAddress& bd_addr, tBT_TRANSPORT transport, 467 tBTA_DM_ENCRYPT_CBACK* p_callback, 468 tBTM_BLE_SEC_ACT sec_act); 469 470 /******************************************************************************* 471 * 472 * Function BTA_DmSirkSecCbRegister 473 * 474 * Description This procedure registeres in requested a callback for 475 * verification by CSIS potential set member. 476 * 477 * Parameters p_cback - callback to member verificator 478 * 479 * Returns void 480 * 481 ******************************************************************************/ 482 void BTA_DmSirkSecCbRegister(tBTA_DM_SEC_CBACK* p_cback); 483 484 /******************************************************************************* 485 * 486 * Function BTA_DmSirkConfirmDeviceReply 487 * 488 * Description This procedure confirms requested to validate set device. 489 * 490 * Parameters bd_addr - BD address of the peer 491 * accept - True if device is authorized by CSIS, false 492 * otherwise. 493 * 494 * Returns void 495 * 496 ******************************************************************************/ 497 void BTA_DmSirkConfirmDeviceReply(const RawAddress& bd_addr, bool accept); 498 499 namespace fmt { 500 template <> 501 struct formatter<tBTA_DM_SEC_EVT> : enum_formatter<tBTA_DM_SEC_EVT> {}; 502 } // namespace fmt 503