1 /*
2 * Copyright 2023 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define LOG_TAG "bt_bta_dm_sec"
18
19 #include <bluetooth/log.h>
20
21 #include <cstdint>
22
23 #include "bta/dm/bta_dm_act.h"
24 #include "bta/dm/bta_dm_disc.h"
25 #include "bta/dm/bta_dm_int.h"
26 #include "bta/dm/bta_dm_sec_int.h"
27 #include "bta/include/bta_dm_ci.h" // bta_dm_ci_rmt_oob
28 #include "btif/include/btif_dm.h"
29 #include "btif/include/btif_storage.h"
30 #include "internal_include/bt_target.h"
31 #include "stack/include/bt_dev_class.h"
32 #include "stack/include/btm_ble_sec_api_types.h"
33 #include "stack/include/btm_client_interface.h"
34 #include "stack/include/btm_sec_api.h"
35 #include "stack/include/gatt_api.h"
36 #include "stack/include/security_client_callbacks.h"
37 #include "types/bt_transport.h"
38 #include "types/raw_address.h"
39
40 using namespace bluetooth;
41
42 static tBTM_STATUS bta_dm_sp_cback(tBTM_SP_EVT event, tBTM_SP_EVT_DATA* p_data);
43 static uint8_t bta_dm_ble_smp_cback(tBTM_LE_EVT event, const RawAddress& bda,
44 tBTM_LE_EVT_DATA* p_data);
45 static uint8_t bta_dm_new_link_key_cback(const RawAddress& bd_addr,
46 DEV_CLASS dev_class, BD_NAME bd_name,
47 const LinkKey& key, uint8_t key_type,
48 bool is_ctkd);
49 static uint8_t bta_dm_pin_cback(const RawAddress& bd_addr, DEV_CLASS dev_class,
50 const BD_NAME bd_name, bool min_16_digit);
51 static uint8_t bta_dm_sirk_verifiction_cback(const RawAddress& bd_addr);
52 static void bta_dm_authentication_complete_cback(const RawAddress& bd_addr,
53 DEV_CLASS dev_class,
54 BD_NAME bd_name,
55 tHCI_REASON result);
56 static void bta_dm_ble_id_key_cback(uint8_t key_type,
57 tBTM_BLE_LOCAL_KEYS* p_key);
58 static void bta_dm_bond_cancel_complete_cback(tBTM_STATUS result);
59 static void bta_dm_remove_sec_dev_entry(const RawAddress& remote_bd_addr);
60 static void bta_dm_reset_sec_dev_pending(const RawAddress& remote_bd_addr);
61
62 /* bta security callback */
63 const tBTM_APPL_INFO bta_security = {
64 .p_pin_callback = &bta_dm_pin_cback,
65 .p_link_key_callback = &bta_dm_new_link_key_cback,
66 .p_auth_complete_callback = &bta_dm_authentication_complete_cback,
67 .p_bond_cancel_cmpl_callback = &bta_dm_bond_cancel_complete_cback,
68 .p_sp_callback = &bta_dm_sp_cback,
69 .p_le_callback = &bta_dm_ble_smp_cback,
70 .p_le_key_callback = &bta_dm_ble_id_key_cback,
71 .p_sirk_verification_callback = &bta_dm_sirk_verifiction_cback};
72
btm_sec_on_hw_on()73 void btm_sec_on_hw_on() {
74 tBTA_DM_SEC_CBACK* temp_sec_cback = bta_dm_sec_cb.p_sec_cback;
75 bta_dm_sec_cb = {};
76 bta_dm_sec_cb.p_sec_cback = temp_sec_cback;
77 }
78
bta_dm_ble_sirk_sec_cb_register(tBTA_DM_SEC_CBACK * p_cback)79 void bta_dm_ble_sirk_sec_cb_register(tBTA_DM_SEC_CBACK* p_cback) {
80 /* Save the callback to be called when a request of member validation will be
81 * needed. */
82 bta_dm_sec_cb.p_sec_sirk_cback = p_cback;
83 }
84
bta_dm_ble_sirk_confirm_device_reply(const RawAddress & bd_addr,bool accept)85 void bta_dm_ble_sirk_confirm_device_reply(const RawAddress& bd_addr,
86 bool accept) {
87 log::debug("addr:{}", bd_addr);
88 get_btm_client_interface().security.BTM_BleSirkConfirmDeviceReply(
89 bd_addr, accept ? BTM_SUCCESS : BTM_NOT_AUTHORIZED);
90 }
91
bta_dm_consolidate(const RawAddress & identity_addr,const RawAddress & rpa)92 void bta_dm_consolidate(const RawAddress& identity_addr,
93 const RawAddress& rpa) {
94 for (auto i = 0; i < bta_dm_cb.device_list.count; i++) {
95 if (bta_dm_cb.device_list.peer_device[i].peer_bdaddr != rpa) continue;
96
97 log::info("consolidating bda_dm_cb record {} -> {}", rpa, identity_addr);
98 bta_dm_cb.device_list.peer_device[i].peer_bdaddr = identity_addr;
99 }
100 }
101
btm_dm_sec_init()102 void btm_dm_sec_init() {
103 get_btm_client_interface().security.BTM_SecRegister(&bta_security);
104 }
105
106 /** Initialises the BT device security manager */
bta_dm_sec_enable(tBTA_DM_SEC_CBACK * p_sec_cback)107 void bta_dm_sec_enable(tBTA_DM_SEC_CBACK* p_sec_cback) {
108 /* make sure security callback is saved - if no callback, do not erase the
109 previous one,
110 it could be an error recovery mechanism */
111 if (p_sec_cback != NULL) bta_dm_sec_cb.p_sec_cback = p_sec_cback;
112 }
113
bta_dm_remote_key_missing(const RawAddress bd_addr)114 void bta_dm_remote_key_missing(const RawAddress bd_addr) {
115 if (bta_dm_sec_cb.p_sec_cback) {
116 tBTA_DM_SEC sec_event;
117 sec_event.key_missing.bd_addr = bd_addr;
118 bta_dm_sec_cb.p_sec_cback(BTA_DM_KEY_MISSING_EVT, &sec_event);
119 }
120 }
121
122 /** Bonds with peer device */
bta_dm_bond(const RawAddress & bd_addr,tBLE_ADDR_TYPE addr_type,tBT_TRANSPORT transport,tBT_DEVICE_TYPE device_type)123 void bta_dm_bond(const RawAddress& bd_addr, tBLE_ADDR_TYPE addr_type,
124 tBT_TRANSPORT transport, tBT_DEVICE_TYPE device_type) {
125 log::debug("Bonding with peer device:{} type:{} transport:{} type:{}",
126 bd_addr, AddressTypeText(addr_type), bt_transport_text(transport),
127 DeviceTypeText(device_type));
128
129 tBTA_DM_SEC sec_event;
130
131 tBTM_STATUS status = get_btm_client_interface().security.BTM_SecBond(
132 bd_addr, addr_type, transport, device_type);
133
134 if (bta_dm_sec_cb.p_sec_cback && (status != BTM_CMD_STARTED)) {
135 memset(&sec_event, 0, sizeof(tBTA_DM_SEC));
136 sec_event.auth_cmpl.bd_addr = bd_addr;
137 bd_name_from_char_pointer(
138 sec_event.auth_cmpl.bd_name,
139 get_btm_client_interface().security.BTM_SecReadDevName(bd_addr));
140
141 /* taken care of by memset [above]
142 sec_event.auth_cmpl.key_present = false;
143 sec_event.auth_cmpl.success = false;
144 */
145 sec_event.auth_cmpl.fail_reason = HCI_ERR_ILLEGAL_COMMAND;
146 if (status == BTM_SUCCESS) {
147 sec_event.auth_cmpl.success = true;
148 } else {
149 /* delete this device entry from Sec Dev DB */
150 bta_dm_remove_sec_dev_entry(bd_addr);
151 }
152 bta_dm_sec_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event);
153 }
154 }
155
156 /** Cancels bonding with a peer device */
bta_dm_bond_cancel(const RawAddress & bd_addr)157 void bta_dm_bond_cancel(const RawAddress& bd_addr) {
158 tBTM_STATUS status;
159 tBTA_DM_SEC sec_event;
160
161 log::debug("addr:{}", bd_addr);
162
163 status = get_btm_client_interface().security.BTM_SecBondCancel(bd_addr);
164
165 if (bta_dm_sec_cb.p_sec_cback &&
166 (status != BTM_CMD_STARTED && status != BTM_SUCCESS)) {
167 sec_event.bond_cancel_cmpl.result = BTA_FAILURE;
168
169 bta_dm_sec_cb.p_sec_cback(BTA_DM_BOND_CANCEL_CMPL_EVT, &sec_event);
170 }
171 }
172
173 /** Send the pin_reply to a request from BTM */
bta_dm_pin_reply(std::unique_ptr<tBTA_DM_API_PIN_REPLY> msg)174 void bta_dm_pin_reply(std::unique_ptr<tBTA_DM_API_PIN_REPLY> msg) {
175 if (msg->accept) {
176 get_btm_client_interface().security.BTM_PINCodeReply(
177 msg->bd_addr, BTM_SUCCESS, msg->pin_len, msg->p_pin);
178 } else {
179 get_btm_client_interface().security.BTM_PINCodeReply(
180 msg->bd_addr, BTM_NOT_AUTHORIZED, 0, NULL);
181 }
182 }
183
184 /** Send the user confirm request reply in response to a request from BTM */
bta_dm_confirm(const RawAddress & bd_addr,bool accept)185 void bta_dm_confirm(const RawAddress& bd_addr, bool accept) {
186 get_btm_client_interface().security.BTM_SecConfirmReqReply(
187 accept ? BTM_SUCCESS : BTM_NOT_AUTHORIZED, BT_TRANSPORT_BR_EDR, bd_addr);
188 }
189
190 /** respond to the OOB data request for the remote device from BTM */
bta_dm_ci_rmt_oob_act(std::unique_ptr<tBTA_DM_CI_RMT_OOB> msg)191 void bta_dm_ci_rmt_oob_act(std::unique_ptr<tBTA_DM_CI_RMT_OOB> msg) {
192 get_btm_client_interface().security.BTM_RemoteOobDataReply(
193 msg->accept ? BTM_SUCCESS : BTM_NOT_AUTHORIZED, msg->bd_addr, msg->c,
194 msg->r);
195 }
196
197 /*******************************************************************************
198 *
199 * Function bta_dm_pinname_cback
200 *
201 * Description Callback requesting pin_key
202 *
203 * Returns void
204 *
205 ******************************************************************************/
bta_dm_pinname_cback(const tBTM_REMOTE_DEV_NAME * p_data)206 static void bta_dm_pinname_cback(const tBTM_REMOTE_DEV_NAME* p_data) {
207 tBTM_REMOTE_DEV_NAME* p_result = (tBTM_REMOTE_DEV_NAME*)p_data;
208 tBTA_DM_SEC sec_event;
209 tBTA_DM_SEC_EVT event = bta_dm_sec_cb.pin_evt;
210
211 if (BTA_DM_SP_CFM_REQ_EVT == event) {
212 /* Retrieved saved device class and bd_addr */
213 sec_event.cfm_req.bd_addr = bta_dm_sec_cb.pin_bd_addr;
214 sec_event.cfm_req.dev_class = bta_dm_sec_cb.pin_dev_class;
215
216 if (p_result && p_result->status == BTM_SUCCESS) {
217 bd_name_copy(sec_event.cfm_req.bd_name, p_result->remote_bd_name);
218 } else /* No name found */
219 sec_event.cfm_req.bd_name[0] = 0;
220
221 sec_event.key_notif.passkey =
222 bta_dm_sec_cb.num_val; /* get PIN code numeric number */
223
224 /* 1 additional event data fields for this event */
225 sec_event.cfm_req.just_works = bta_dm_sec_cb.just_works;
226 /* retrieve the loc and rmt caps */
227 sec_event.cfm_req.loc_io_caps = bta_dm_sec_cb.loc_io_caps;
228 sec_event.cfm_req.rmt_io_caps = bta_dm_sec_cb.rmt_io_caps;
229 sec_event.cfm_req.loc_auth_req = bta_dm_sec_cb.loc_auth_req;
230 sec_event.cfm_req.rmt_auth_req = bta_dm_sec_cb.rmt_auth_req;
231
232 } else {
233 /* Retrieved saved device class and bd_addr */
234 sec_event.pin_req.bd_addr = bta_dm_sec_cb.pin_bd_addr;
235 sec_event.pin_req.dev_class = bta_dm_sec_cb.pin_dev_class;
236
237 if (p_result && p_result->status == BTM_SUCCESS) {
238 bd_name_copy(sec_event.pin_req.bd_name, p_result->remote_bd_name);
239 } else /* No name found */
240 sec_event.pin_req.bd_name[0] = 0;
241
242 event = bta_dm_sec_cb.pin_evt;
243 sec_event.key_notif.passkey =
244 bta_dm_sec_cb.num_val; /* get PIN code numeric number */
245 }
246
247 if (bta_dm_sec_cb.p_sec_cback) bta_dm_sec_cb.p_sec_cback(event, &sec_event);
248 }
249
250 /*******************************************************************************
251 *
252 * Function bta_dm_pin_cback
253 *
254 * Description Callback requesting pin_key
255 *
256 * Returns void
257 *
258 ******************************************************************************/
bta_dm_pin_cback(const RawAddress & bd_addr,DEV_CLASS dev_class,const BD_NAME bd_name,bool min_16_digit)259 static uint8_t bta_dm_pin_cback(const RawAddress& bd_addr, DEV_CLASS dev_class,
260 const BD_NAME bd_name, bool min_16_digit) {
261 if (!bta_dm_sec_cb.p_sec_cback) return BTM_NOT_AUTHORIZED;
262
263 /* If the device name is not known, save bdaddr and devclass and initiate a
264 * name request */
265 if (bd_name[0] == 0) {
266 bta_dm_sec_cb.pin_evt = BTA_DM_PIN_REQ_EVT;
267 bta_dm_sec_cb.pin_bd_addr = bd_addr;
268 bta_dm_sec_cb.pin_dev_class = dev_class;
269 if ((get_btm_client_interface().peer.BTM_ReadRemoteDeviceName(
270 bd_addr, bta_dm_pinname_cback, BT_TRANSPORT_BR_EDR)) ==
271 BTM_CMD_STARTED)
272 return BTM_CMD_STARTED;
273
274 log::warn("Failed to start Remote Name Request, addr:{}", bd_addr);
275 }
276
277 tBTA_DM_SEC sec_event = {.pin_req = {
278 .bd_addr = bd_addr,
279 .dev_class = dev_class,
280 .bd_name = "",
281 .min_16_digit = min_16_digit,
282 }};
283 bd_name_copy(sec_event.pin_req.bd_name, bd_name);
284
285 bta_dm_sec_cb.p_sec_cback(BTA_DM_PIN_REQ_EVT, &sec_event);
286 return BTM_CMD_STARTED;
287 }
288
289 /*******************************************************************************
290 *
291 * Function bta_dm_new_link_key_cback
292 *
293 * Description Callback from BTM to notify new link key
294 *
295 * Returns void
296 *
297 ******************************************************************************/
bta_dm_new_link_key_cback(const RawAddress & bd_addr,DEV_CLASS,BD_NAME bd_name,const LinkKey & key,uint8_t key_type,bool is_ctkd)298 static uint8_t bta_dm_new_link_key_cback(const RawAddress& bd_addr,
299 DEV_CLASS /* dev_class */,
300 BD_NAME bd_name, const LinkKey& key,
301 uint8_t key_type, bool is_ctkd) {
302 tBTA_DM_SEC sec_event;
303 tBTA_DM_AUTH_CMPL* p_auth_cmpl;
304 tBTA_DM_SEC_EVT event = BTA_DM_AUTH_CMPL_EVT;
305
306 memset(&sec_event, 0, sizeof(tBTA_DM_SEC));
307
308 p_auth_cmpl = &sec_event.auth_cmpl;
309
310 p_auth_cmpl->bd_addr = bd_addr;
311
312 bd_name_copy(p_auth_cmpl->bd_name, bd_name);
313 p_auth_cmpl->key_present = true;
314 p_auth_cmpl->key_type = key_type;
315 p_auth_cmpl->success = true;
316 p_auth_cmpl->key = key;
317 p_auth_cmpl->is_ctkd = is_ctkd;
318
319 sec_event.auth_cmpl.fail_reason = HCI_SUCCESS;
320
321 // Report the BR link key based on the BR/EDR address and type
322 get_btm_client_interface().peer.BTM_ReadDevInfo(
323 bd_addr, &sec_event.auth_cmpl.dev_type, &sec_event.auth_cmpl.addr_type);
324 if (bta_dm_sec_cb.p_sec_cback) bta_dm_sec_cb.p_sec_cback(event, &sec_event);
325
326 // Setting remove_dev_pending flag to false, where it will avoid deleting
327 // the
328 // security device record when the ACL connection link goes down in case of
329 // reconnection.
330 if (bta_dm_cb.device_list.count)
331 bta_dm_reset_sec_dev_pending(p_auth_cmpl->bd_addr);
332
333 return BTM_CMD_STARTED;
334 }
335
336 /*******************************************************************************
337 *
338 * Function bta_dm_authentication_complete_cback
339 *
340 * Description Authentication complete callback from BTM
341 *
342 * Returns void
343 *
344 ******************************************************************************/
bta_dm_authentication_complete_cback(const RawAddress & bd_addr,DEV_CLASS,BD_NAME bd_name,tHCI_REASON reason)345 static void bta_dm_authentication_complete_cback(const RawAddress& bd_addr,
346 DEV_CLASS /* dev_class */,
347 BD_NAME bd_name,
348 tHCI_REASON reason) {
349 if (reason != HCI_SUCCESS) {
350 if (bta_dm_sec_cb.p_sec_cback) {
351 // Build out the security event data structure
352 tBTA_DM_SEC sec_event = {
353 .auth_cmpl =
354 {
355 .bd_addr = bd_addr,
356 },
357 };
358 bd_name_copy(sec_event.auth_cmpl.bd_name, bd_name);
359
360 // Report the BR link key based on the BR/EDR address and type
361 get_btm_client_interface().peer.BTM_ReadDevInfo(
362 bd_addr, &sec_event.auth_cmpl.dev_type,
363 &sec_event.auth_cmpl.addr_type);
364 sec_event.auth_cmpl.fail_reason = reason;
365
366 bta_dm_sec_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event);
367 }
368
369 switch (reason) {
370 case HCI_ERR_AUTH_FAILURE:
371 case HCI_ERR_KEY_MISSING:
372 case HCI_ERR_HOST_REJECT_SECURITY:
373 case HCI_ERR_ENCRY_MODE_NOT_ACCEPTABLE:
374 log::warn("authentication failed entry:{}, reason:{}", bd_addr,
375 hci_reason_code_text(reason));
376 break;
377
378 default:
379 break;
380 }
381 }
382 }
383
384 /*******************************************************************************
385 *
386 * Function bta_dm_sp_cback
387 *
388 * Description simple pairing callback from BTM
389 *
390 * Returns void
391 *
392 ******************************************************************************/
bta_dm_sp_cback(tBTM_SP_EVT event,tBTM_SP_EVT_DATA * p_data)393 static tBTM_STATUS bta_dm_sp_cback(tBTM_SP_EVT event,
394 tBTM_SP_EVT_DATA* p_data) {
395 tBTM_STATUS status = BTM_CMD_STARTED;
396 tBTA_DM_SEC sec_event = {};
397 tBTA_DM_SEC_EVT pin_evt = BTA_DM_SP_KEY_NOTIF_EVT;
398
399 log::verbose("event:{}", sp_evt_to_text(event));
400 if (!bta_dm_sec_cb.p_sec_cback) return BTM_NOT_AUTHORIZED;
401
402 bool sp_rmt_result = false;
403 /* TODO_SP */
404 switch (event) {
405 case BTM_SP_IO_REQ_EVT:
406 /* translate auth_req */
407 btif_dm_set_oob_for_io_req(&p_data->io_req.oob_data);
408 btif_dm_proc_io_req(&p_data->io_req.auth_req, p_data->io_req.is_orig);
409 log::verbose("io mitm: {} oob_data:{}", p_data->io_req.auth_req,
410 p_data->io_req.oob_data);
411 break;
412 case BTM_SP_IO_RSP_EVT:
413 btif_dm_proc_io_rsp(p_data->io_rsp.bd_addr, p_data->io_rsp.io_cap,
414 p_data->io_rsp.oob_data, p_data->io_rsp.auth_req);
415 break;
416
417 case BTM_SP_CFM_REQ_EVT:
418 pin_evt = BTA_DM_SP_CFM_REQ_EVT;
419 bta_dm_sec_cb.just_works = sec_event.cfm_req.just_works =
420 p_data->cfm_req.just_works;
421 sec_event.cfm_req.loc_auth_req = p_data->cfm_req.loc_auth_req;
422 sec_event.cfm_req.rmt_auth_req = p_data->cfm_req.rmt_auth_req;
423 sec_event.cfm_req.loc_io_caps = p_data->cfm_req.loc_io_caps;
424 sec_event.cfm_req.rmt_io_caps = p_data->cfm_req.rmt_io_caps;
425
426 [[fallthrough]];
427 /* Passkey entry mode, mobile device with output capability is very
428 unlikely to receive key request, so skip this event */
429 /*case BTM_SP_KEY_REQ_EVT: */
430 case BTM_SP_KEY_NOTIF_EVT:
431 // TODO PleaseFix: This assignment only works with event
432 // BTM_SP_KEY_NOTIF_EVT
433 bta_dm_sec_cb.num_val = sec_event.key_notif.passkey =
434 p_data->key_notif.passkey;
435
436 if (BTM_SP_CFM_REQ_EVT == event) {
437 /* Due to the switch case falling through below to
438 BTM_SP_KEY_NOTIF_EVT,
439 copy these values into key_notif from cfm_req */
440 sec_event.key_notif.bd_addr = p_data->cfm_req.bd_addr;
441 sec_event.key_notif.dev_class = p_data->cfm_req.dev_class;
442 bd_name_copy(sec_event.key_notif.bd_name, p_data->cfm_req.bd_name);
443 /* Due to the switch case falling through below to BTM_SP_KEY_NOTIF_EVT,
444 call remote name request using values from cfm_req */
445 if (p_data->cfm_req.bd_name[0] == 0) {
446 bta_dm_sec_cb.pin_evt = pin_evt;
447 bta_dm_sec_cb.pin_bd_addr = p_data->cfm_req.bd_addr;
448 bta_dm_sec_cb.rmt_io_caps = sec_event.cfm_req.rmt_io_caps;
449 bta_dm_sec_cb.loc_io_caps = sec_event.cfm_req.loc_io_caps;
450 bta_dm_sec_cb.rmt_auth_req = sec_event.cfm_req.rmt_auth_req;
451 bta_dm_sec_cb.loc_auth_req = sec_event.cfm_req.loc_auth_req;
452
453 bta_dm_sec_cb.pin_dev_class = p_data->cfm_req.dev_class;
454 {
455 const tBTM_STATUS btm_status =
456 get_btm_client_interface().peer.BTM_ReadRemoteDeviceName(
457 p_data->cfm_req.bd_addr, bta_dm_pinname_cback,
458 BT_TRANSPORT_BR_EDR);
459 switch (btm_status) {
460 case BTM_CMD_STARTED:
461 return btm_status;
462 default:
463 // NOTE: This will issue callback on this failure path
464 log::warn("Failed to start Remote Name Request btm_status:{}",
465 btm_status_text(btm_status));
466 };
467 }
468 }
469 }
470
471 if (BTM_SP_KEY_NOTIF_EVT == event) {
472 /* If the device name is not known, save bdaddr and devclass
473 and initiate a name request with values from key_notif */
474 if (p_data->key_notif.bd_name[0] == 0) {
475 bta_dm_sec_cb.pin_evt = pin_evt;
476 bta_dm_sec_cb.pin_bd_addr = p_data->key_notif.bd_addr;
477 bta_dm_sec_cb.pin_dev_class = p_data->key_notif.dev_class;
478 if ((get_btm_client_interface().peer.BTM_ReadRemoteDeviceName(
479 p_data->key_notif.bd_addr, bta_dm_pinname_cback,
480 BT_TRANSPORT_BR_EDR)) == BTM_CMD_STARTED)
481 return BTM_CMD_STARTED;
482 log::warn("Failed to start Remote Name Request, addr:{}",
483 p_data->key_notif.bd_addr);
484 } else {
485 sec_event.key_notif.bd_addr = p_data->key_notif.bd_addr;
486 sec_event.key_notif.dev_class = p_data->key_notif.dev_class;
487 bd_name_copy(sec_event.key_notif.bd_name, p_data->key_notif.bd_name);
488 sec_event.key_notif.bd_name[BD_NAME_LEN] = 0;
489 }
490 }
491
492 bta_dm_sec_cb.p_sec_cback(pin_evt, &sec_event);
493
494 break;
495
496 case BTM_SP_LOC_OOB_EVT:
497 // BR/EDR OOB pairing is not supported with Secure Connections
498 btif_dm_proc_loc_oob(BT_TRANSPORT_BR_EDR,
499 (bool)(p_data->loc_oob.status == BTM_SUCCESS),
500 p_data->loc_oob.c_192, p_data->loc_oob.r_192);
501 break;
502
503 case BTM_SP_RMT_OOB_EVT: {
504 Octet16 c;
505 Octet16 r;
506 sp_rmt_result = false;
507 sp_rmt_result = btif_dm_proc_rmt_oob(p_data->rmt_oob.bd_addr, &c, &r);
508 log::verbose("result={}", sp_rmt_result);
509 bta_dm_ci_rmt_oob(sp_rmt_result, p_data->rmt_oob.bd_addr, c, r);
510 break;
511 }
512
513 default:
514 status = BTM_NOT_AUTHORIZED;
515 break;
516 }
517 log::verbose("dm status:{}", status);
518 return status;
519 }
520
521 /*******************************************************************************
522 *
523 * Function bta_dm_reset_sec_dev_pending
524 *
525 * Description Setting the remove device pending status to false from
526 * security device DB, when the link key notification
527 * event comes.
528 *
529 * Returns void
530 *
531 ******************************************************************************/
bta_dm_reset_sec_dev_pending(const RawAddress & remote_bd_addr)532 static void bta_dm_reset_sec_dev_pending(const RawAddress& remote_bd_addr) {
533 for (size_t i = 0; i < bta_dm_cb.device_list.count; i++) {
534 auto& dev = bta_dm_cb.device_list.peer_device[i];
535 if (dev.peer_bdaddr == remote_bd_addr) {
536 if (dev.remove_dev_pending) {
537 log::info("Clearing remove_dev_pending for {}", dev.peer_bdaddr);
538 dev.remove_dev_pending = false;
539 }
540 return;
541 }
542 }
543 }
544
545 /*******************************************************************************
546 *
547 * Function bta_dm_remove_sec_dev_entry
548 *
549 * Description Removes device entry from Security device DB if ACL
550 connection with
551 * remtoe device does not exist, else schedule for dev entry
552 removal upon
553 ACL close
554 *
555 * Returns void
556 *
557 ******************************************************************************/
bta_dm_remove_sec_dev_entry(const RawAddress & remote_bd_addr)558 static void bta_dm_remove_sec_dev_entry(const RawAddress& remote_bd_addr) {
559 if (get_btm_client_interface().peer.BTM_IsAclConnectionUp(remote_bd_addr,
560 BT_TRANSPORT_LE) ||
561 get_btm_client_interface().peer.BTM_IsAclConnectionUp(
562 remote_bd_addr, BT_TRANSPORT_BR_EDR)) {
563 log::debug("ACL is not down. Schedule for Dev Removal when ACL closes:{}",
564 remote_bd_addr);
565 get_btm_client_interface().security.BTM_SecClearSecurityFlags(
566 remote_bd_addr);
567 for (int i = 0; i < bta_dm_cb.device_list.count; i++) {
568 auto& dev = bta_dm_cb.device_list.peer_device[i];
569 if (dev.peer_bdaddr == remote_bd_addr) {
570 log::info("Setting remove_dev_pending for {}", dev.peer_bdaddr);
571 dev.remove_dev_pending = TRUE;
572 break;
573 }
574 }
575 } else {
576 // remote_bd_addr comes from security record, which is removed in
577 // BTM_SecDeleteDevice.
578 RawAddress addr_copy = remote_bd_addr;
579 bta_dm_process_remove_device_no_callback(addr_copy);
580 }
581 }
582
583 /*******************************************************************************
584 *
585 * Function bta_dm_bond_cancel_complete_cback
586 *
587 * Description Authentication complete callback from BTM
588 *
589 * Returns void
590 *
591 ******************************************************************************/
bta_dm_bond_cancel_complete_cback(tBTM_STATUS result)592 static void bta_dm_bond_cancel_complete_cback(tBTM_STATUS result) {
593 tBTA_DM_SEC sec_event;
594
595 if (result == BTM_SUCCESS)
596 sec_event.bond_cancel_cmpl.result = BTA_SUCCESS;
597 else
598 sec_event.bond_cancel_cmpl.result = BTA_FAILURE;
599
600 if (bta_dm_sec_cb.p_sec_cback) {
601 bta_dm_sec_cb.p_sec_cback(BTA_DM_BOND_CANCEL_CMPL_EVT, &sec_event);
602 }
603 }
604
ble_io_req(const RawAddress & bd_addr,tBTM_IO_CAP * p_io_cap,tBTM_OOB_DATA * p_oob_data,tBTM_LE_AUTH_REQ * p_auth_req,uint8_t * p_max_key_size,tBTM_LE_KEY_TYPE * p_init_key,tBTM_LE_KEY_TYPE * p_resp_key)605 static void ble_io_req(const RawAddress& bd_addr, tBTM_IO_CAP* p_io_cap,
606 tBTM_OOB_DATA* p_oob_data, tBTM_LE_AUTH_REQ* p_auth_req,
607 uint8_t* p_max_key_size, tBTM_LE_KEY_TYPE* p_init_key,
608 tBTM_LE_KEY_TYPE* p_resp_key) {
609 /* Retrieve the properties from file system if possible */
610 tBTE_APPL_CFG nv_config;
611 if (btif_dm_get_smp_config(&nv_config)) bte_appl_cfg = nv_config;
612
613 /* *p_auth_req by default is false for devices with NoInputNoOutput; true for
614 * other devices. */
615
616 if (bte_appl_cfg.ble_auth_req)
617 *p_auth_req = bte_appl_cfg.ble_auth_req |
618 (bte_appl_cfg.ble_auth_req & 0x04) | ((*p_auth_req) & 0x04);
619
620 /* if OOB is not supported, this call-out function does not need to do
621 * anything
622 * otherwise, look for the OOB data associated with the address and set
623 * *p_oob_data accordingly.
624 * If the answer can not be obtained right away,
625 * set *p_oob_data to BTA_OOB_UNKNOWN and call bta_dm_ci_io_req() when the
626 * answer is available.
627 */
628
629 btif_dm_set_oob_for_le_io_req(bd_addr, p_oob_data, p_auth_req);
630
631 if (bte_appl_cfg.ble_io_cap <= 4)
632 *p_io_cap = static_cast<tBTM_IO_CAP>(bte_appl_cfg.ble_io_cap);
633
634 if (bte_appl_cfg.ble_init_key <= BTM_BLE_INITIATOR_KEY_SIZE)
635 *p_init_key = bte_appl_cfg.ble_init_key;
636
637 if (bte_appl_cfg.ble_resp_key <= BTM_BLE_RESPONDER_KEY_SIZE)
638 *p_resp_key = bte_appl_cfg.ble_resp_key;
639
640 if (bte_appl_cfg.ble_max_key_size > 7 && bte_appl_cfg.ble_max_key_size <= 16)
641 *p_max_key_size = bte_appl_cfg.ble_max_key_size;
642 }
643
644 /*******************************************************************************
645 *
646 * Function bta_dm_ble_smp_cback
647 *
648 * Description Callback for BLE SMP
649 *
650 *
651 * Returns void
652 *
653 ******************************************************************************/
bta_dm_ble_smp_cback(tBTM_LE_EVT event,const RawAddress & bda,tBTM_LE_EVT_DATA * p_data)654 static uint8_t bta_dm_ble_smp_cback(tBTM_LE_EVT event, const RawAddress& bda,
655 tBTM_LE_EVT_DATA* p_data) {
656 tBTM_STATUS status = BTM_SUCCESS;
657 tBTA_DM_SEC sec_event;
658
659 log::debug("addr:{},event:{}", bda, ble_evt_to_text(event));
660
661 if (!bta_dm_sec_cb.p_sec_cback) return BTM_NOT_AUTHORIZED;
662
663 memset(&sec_event, 0, sizeof(tBTA_DM_SEC));
664 switch (event) {
665 case BTM_LE_IO_REQ_EVT:
666 ble_io_req(bda, &p_data->io_req.io_cap, &p_data->io_req.oob_data,
667 &p_data->io_req.auth_req, &p_data->io_req.max_key_size,
668 &p_data->io_req.init_keys, &p_data->io_req.resp_keys);
669 log::info("io mitm:{} oob_data:{}", p_data->io_req.auth_req,
670 p_data->io_req.oob_data);
671 break;
672
673 case BTM_LE_CONSENT_REQ_EVT:
674 sec_event.ble_req.bd_addr = bda;
675 bd_name_from_char_pointer(
676 sec_event.ble_req.bd_name,
677 get_btm_client_interface().security.BTM_SecReadDevName(bda));
678 bta_dm_sec_cb.p_sec_cback(BTA_DM_BLE_CONSENT_REQ_EVT, &sec_event);
679 break;
680
681 case BTM_LE_SEC_REQUEST_EVT:
682 sec_event.ble_req.bd_addr = bda;
683 bd_name_from_char_pointer(
684 sec_event.ble_req.bd_name,
685 get_btm_client_interface().security.BTM_SecReadDevName(bda));
686 bta_dm_sec_cb.p_sec_cback(BTA_DM_BLE_SEC_REQ_EVT, &sec_event);
687 break;
688
689 case BTM_LE_KEY_NOTIF_EVT:
690 sec_event.key_notif.bd_addr = bda;
691 bd_name_from_char_pointer(
692 sec_event.key_notif.bd_name,
693 get_btm_client_interface().security.BTM_SecReadDevName(bda));
694 sec_event.key_notif.passkey = p_data->key_notif;
695 bta_dm_sec_cb.p_sec_cback(BTA_DM_BLE_PASSKEY_NOTIF_EVT, &sec_event);
696 break;
697
698 case BTM_LE_KEY_REQ_EVT:
699 sec_event.ble_req.bd_addr = bda;
700 bta_dm_sec_cb.p_sec_cback(BTA_DM_BLE_PASSKEY_REQ_EVT, &sec_event);
701 break;
702
703 case BTM_LE_OOB_REQ_EVT:
704 sec_event.ble_req.bd_addr = bda;
705 bta_dm_sec_cb.p_sec_cback(BTA_DM_BLE_OOB_REQ_EVT, &sec_event);
706 break;
707
708 case BTM_LE_NC_REQ_EVT:
709 sec_event.key_notif.bd_addr = bda;
710 bd_name_clear(sec_event.key_notif.bd_name);
711 sec_event.key_notif.passkey = p_data->key_notif;
712 bta_dm_sec_cb.p_sec_cback(BTA_DM_BLE_NC_REQ_EVT, &sec_event);
713 break;
714
715 case BTM_LE_SC_OOB_REQ_EVT:
716 sec_event.ble_req.bd_addr = bda;
717 bta_dm_sec_cb.p_sec_cback(BTA_DM_BLE_SC_OOB_REQ_EVT, &sec_event);
718 break;
719
720 case BTM_LE_SC_LOC_OOB_EVT:
721 tBTA_DM_LOC_OOB_DATA local_oob_data;
722 local_oob_data.local_oob_c = p_data->local_oob_data.commitment;
723 local_oob_data.local_oob_r = p_data->local_oob_data.randomizer;
724 sec_event.local_oob_data = local_oob_data;
725 bta_dm_sec_cb.p_sec_cback(BTA_DM_BLE_SC_CR_LOC_OOB_EVT, &sec_event);
726 break;
727
728 case BTM_LE_KEY_EVT:
729 sec_event.ble_key.bd_addr = bda;
730 sec_event.ble_key.key_type = p_data->key.key_type;
731 sec_event.ble_key.p_key_value = p_data->key.p_key_value;
732 bta_dm_sec_cb.p_sec_cback(BTA_DM_BLE_KEY_EVT, &sec_event);
733 break;
734
735 case BTM_LE_COMPLT_EVT:
736 sec_event.auth_cmpl.bd_addr = bda;
737 get_btm_client_interface().peer.BTM_ReadDevInfo(
738 bda, &sec_event.auth_cmpl.dev_type, &sec_event.auth_cmpl.addr_type);
739 bd_name_from_char_pointer(
740 sec_event.auth_cmpl.bd_name,
741 get_btm_client_interface().security.BTM_SecReadDevName(bda));
742
743 if (p_data->complt.reason != SMP_SUCCESS) {
744 // TODO This is not a proper use of this type
745 sec_event.auth_cmpl.fail_reason =
746 static_cast<tHCI_STATUS>(BTA_DM_AUTH_CONVERT_SMP_CODE(
747 (static_cast<uint8_t>(p_data->complt.reason))));
748
749 if (btm_sec_is_a_bonded_dev(bda) &&
750 p_data->complt.reason == SMP_CONN_TOUT &&
751 !p_data->complt.smp_over_br) {
752 // Bonded device failed to encrypt - to test this remove battery from
753 // HID device right after connection, but before encryption is
754 // established
755 log::warn(
756 "bonded device disconnected when encrypting - no reason to "
757 "unbond");
758 } else {
759 /* delete this device entry from Sec Dev DB */
760 bta_dm_remove_sec_dev_entry(bda);
761 }
762
763 } else {
764 sec_event.auth_cmpl.success = true;
765 if (!p_data->complt.smp_over_br)
766 GATT_ConfigServiceChangeCCC(bda, true, BT_TRANSPORT_LE);
767 }
768
769 if (bta_dm_sec_cb.p_sec_cback) {
770 // bta_dm_sec_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event);
771 bta_dm_sec_cb.p_sec_cback(BTA_DM_BLE_AUTH_CMPL_EVT, &sec_event);
772 }
773 break;
774
775 case BTM_LE_ADDR_ASSOC_EVT:
776 sec_event.proc_id_addr.pairing_bda = bda;
777 sec_event.proc_id_addr.id_addr = p_data->id_addr;
778 bta_dm_sec_cb.p_sec_cback(BTA_DM_LE_ADDR_ASSOC_EVT, &sec_event);
779 break;
780
781 default:
782 status = BTM_NOT_AUTHORIZED;
783 break;
784 }
785 return status;
786 }
787
788 /*******************************************************************************
789 *
790 * Function bta_dm_encrypt_cback
791 *
792 * Description link encryption complete callback.
793 *
794 * Returns None
795 *
796 ******************************************************************************/
bta_dm_encrypt_cback(RawAddress bd_addr,tBT_TRANSPORT transport,void *,tBTM_STATUS result)797 void bta_dm_encrypt_cback(RawAddress bd_addr, tBT_TRANSPORT transport,
798 void* /* p_ref_data */, tBTM_STATUS result) {
799 tBTA_DM_ENCRYPT_CBACK* p_callback = nullptr;
800 tBTA_DM_PEER_DEVICE* device = find_connected_device(bd_addr, transport);
801 if (device != nullptr) {
802 p_callback = device->p_encrypt_cback;
803 device->p_encrypt_cback = nullptr;
804 }
805
806 log::debug("Encrypted:{:c}, peer:{} transport:{} status:{} callback:{:c}",
807 result == BTM_SUCCESS ? 'T' : 'F', bd_addr,
808 bt_transport_text(transport), btm_status_text(result),
809 (p_callback) ? 'T' : 'F');
810
811 tBTA_STATUS bta_status = BTA_SUCCESS;
812 switch (result) {
813 case BTM_SUCCESS:
814 break;
815 case BTM_WRONG_MODE:
816 bta_status = BTA_WRONG_MODE;
817 break;
818 case BTM_NO_RESOURCES:
819 bta_status = BTA_NO_RESOURCES;
820 break;
821 case BTM_BUSY:
822 bta_status = BTA_BUSY;
823 break;
824 default:
825 bta_status = BTA_FAILURE;
826 break;
827 }
828
829 if (p_callback) {
830 (*p_callback)(bd_addr, transport, bta_status);
831 }
832 }
833
834 /**This function to encrypt the link */
bta_dm_set_encryption(const RawAddress & bd_addr,tBT_TRANSPORT transport,tBTA_DM_ENCRYPT_CBACK * p_callback,tBTM_BLE_SEC_ACT sec_act)835 void bta_dm_set_encryption(const RawAddress& bd_addr, tBT_TRANSPORT transport,
836 tBTA_DM_ENCRYPT_CBACK* p_callback,
837 tBTM_BLE_SEC_ACT sec_act) {
838 if (p_callback == nullptr) {
839 log::error("callback is not provided,addr:{}", bd_addr);
840 return;
841 }
842
843 tBTA_DM_PEER_DEVICE* device = find_connected_device(bd_addr, transport);
844 if (device == nullptr) {
845 log::error("Unable to find active ACL connection device:{} transport:{}",
846 bd_addr, bt_transport_text(transport));
847 return;
848 }
849
850 if (device->p_encrypt_cback) {
851 log::error(
852 "Unable to start encryption as already in progress peer:{} "
853 "transport:{}",
854 bd_addr, bt_transport_text(transport));
855 (*p_callback)(bd_addr, transport, BTA_BUSY);
856 return;
857 }
858
859 if (get_btm_client_interface().security.BTM_SetEncryption(
860 bd_addr, transport, bta_dm_encrypt_cback, NULL, sec_act) ==
861 BTM_CMD_STARTED) {
862 device->p_encrypt_cback = p_callback;
863 log::debug("Started encryption peer:{} transport:{}", bd_addr,
864 bt_transport_text(transport));
865 } else {
866 log::error("Unable to start encryption process peer:{} transport:{}",
867 bd_addr, bt_transport_text(transport));
868 }
869 }
870
871 /*******************************************************************************
872 *
873 * Function bta_dm_ble_id_key_cback
874 *
875 * Description Callback for BLE local ID keys
876 *
877 *
878 * Returns void
879 *
880 ******************************************************************************/
bta_dm_ble_id_key_cback(uint8_t key_type,tBTM_BLE_LOCAL_KEYS * p_key)881 static void bta_dm_ble_id_key_cback(uint8_t key_type,
882 tBTM_BLE_LOCAL_KEYS* p_key) {
883 switch (key_type) {
884 case BTM_BLE_KEY_TYPE_ID:
885 case BTM_BLE_KEY_TYPE_ER:
886 if (bta_dm_sec_cb.p_sec_cback) {
887 tBTA_DM_SEC dm_key = {
888 .ble_id_keys = {},
889 };
890 memcpy(&dm_key.ble_id_keys, p_key, sizeof(tBTM_BLE_LOCAL_KEYS));
891
892 tBTA_DM_SEC_EVT evt = (key_type == BTM_BLE_KEY_TYPE_ID)
893 ? BTA_DM_BLE_LOCAL_IR_EVT
894 : BTA_DM_BLE_LOCAL_ER_EVT;
895 bta_dm_sec_cb.p_sec_cback(evt, &dm_key);
896 }
897 break;
898
899 default:
900 log::verbose("Unknown key type {}", key_type);
901 break;
902 }
903 return;
904 }
905
906 /*******************************************************************************
907 *
908 * Function bta_dm_sirk_verifiction_cback
909 *
910 * Description SIRK verification when pairing CSIP set member.
911 *
912 * Returns void
913 *
914 ******************************************************************************/
bta_dm_sirk_verifiction_cback(const RawAddress & bd_addr)915 static uint8_t bta_dm_sirk_verifiction_cback(const RawAddress& bd_addr) {
916 tBTA_DM_SEC sec_event = {.ble_req = {
917 .bd_addr = bd_addr,
918 }};
919
920 if (bta_dm_sec_cb.p_sec_sirk_cback) {
921 log::debug("callback called");
922 bta_dm_sec_cb.p_sec_sirk_cback(BTA_DM_SIRK_VERIFICATION_REQ_EVT, &sec_event);
923 return BTM_CMD_STARTED;
924 }
925
926 log::debug("no callback registered");
927
928 return BTM_SUCCESS_NO_SECURITY;
929 }
930
931 /*******************************************************************************
932 *
933 * Function bta_dm_add_blekey
934 *
935 * Description This function adds a BLE Key to an security database entry.
936 * This function shall only be called AFTER BTA_DmAddBleDevice
937 * has been called.
938 * It is normally called during host startup to restore all
939 * required information stored in the NVRAM.
940 *
941 * Parameters:
942 *
943 ******************************************************************************/
bta_dm_add_blekey(const RawAddress & bd_addr,tBTA_LE_KEY_VALUE blekey,tBTM_LE_KEY_TYPE key_type)944 void bta_dm_add_blekey(const RawAddress& bd_addr, tBTA_LE_KEY_VALUE blekey,
945 tBTM_LE_KEY_TYPE key_type) {
946 get_btm_client_interface().security.BTM_SecAddBleKey(
947 bd_addr, (tBTM_LE_KEY_VALUE*)&blekey, key_type);
948 }
949
950 /*******************************************************************************
951 *
952 * Function bta_dm_add_ble_device
953 *
954 * Description This function adds a BLE device to an security database
955 * entry.
956 * It is normally called during host startup to restore all
957 * required information stored in the NVRAM.
958 *
959 * Parameters:
960 *
961 ******************************************************************************/
bta_dm_add_ble_device(const RawAddress & bd_addr,tBLE_ADDR_TYPE addr_type,tBT_DEVICE_TYPE dev_type)962 void bta_dm_add_ble_device(const RawAddress& bd_addr, tBLE_ADDR_TYPE addr_type,
963 tBT_DEVICE_TYPE dev_type) {
964 get_btm_client_interface().security.BTM_SecAddBleDevice(bd_addr, dev_type,
965 addr_type);
966 }
967
968 /*******************************************************************************
969 *
970 * Function bta_dm_add_ble_device
971 *
972 * Description This function adds a BLE device to an security database
973 * entry.
974 * It is normally called during host startup to restore all
975 * required information stored in the NVRAM.
976 *
977 * Parameters:
978 *
979 ******************************************************************************/
bta_dm_ble_passkey_reply(const RawAddress & bd_addr,bool accept,uint32_t passkey)980 void bta_dm_ble_passkey_reply(const RawAddress& bd_addr, bool accept,
981 uint32_t passkey) {
982 get_btm_client_interface().security.BTM_BlePasskeyReply(
983 bd_addr, accept ? BTM_SUCCESS : BTM_NOT_AUTHORIZED, passkey);
984 }
985
986 /** This is response to SM numeric comparison request submitted to application.
987 */
bta_dm_ble_confirm_reply(const RawAddress & bd_addr,bool accept)988 void bta_dm_ble_confirm_reply(const RawAddress& bd_addr, bool accept) {
989 get_btm_client_interface().security.BTM_SecConfirmReqReply(
990 accept ? BTM_SUCCESS : BTM_NOT_AUTHORIZED, BT_TRANSPORT_LE, bd_addr);
991 }
992
993 /** This function set the local device LE privacy settings. */
bta_dm_ble_config_local_privacy(bool privacy_enable)994 void bta_dm_ble_config_local_privacy(bool privacy_enable) {
995 BTM_BleConfigPrivacy(privacy_enable);
996 }
997
998 namespace bluetooth {
999 namespace legacy {
1000 namespace testing {
bta_dm_sp_cback(tBTM_SP_EVT event,tBTM_SP_EVT_DATA * p_data)1001 tBTM_STATUS bta_dm_sp_cback(tBTM_SP_EVT event, tBTM_SP_EVT_DATA* p_data) {
1002 return ::bta_dm_sp_cback(event, p_data);
1003 }
1004
1005 } // namespace testing
1006 } // namespace legacy
1007 } // namespace bluetooth
1008