android-6.0.0_r1/s

/******************************************************************************
 *
 *  Copyright (C) 2008-2012 Broadcom Corporation
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at:
 *
 *  http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
 ******************************************************************************/

/******************************************************************************
 *
 *  This file contains the implementation of the SMP interface used by
 *  applications that can run over an SMP.
 *
 ******************************************************************************/
#include <string.h>

#include "bt_target.h"
#include "bt_utils.h"
#if SMP_INCLUDED == TRUE
    #include "smp_int.h"
    #include "smp_api.h"
    #include "l2cdefs.h"
    #include "l2c_int.h"
    #include "btm_int.h"
    #include "hcimsgs.h"

    #include "btu.h"
    #include "p_256_ecc_pp.h"

/*******************************************************************************
**
** Function         SMP_Init
**
** Description      This function initializes the SMP unit.
**
** Returns          void
**
*******************************************************************************/
void SMP_Init(void)
{
    memset(&smp_cb, 0, sizeof(tSMP_CB));

#if defined(SMP_INITIAL_TRACE_LEVEL)
    smp_cb.trace_level = SMP_INITIAL_TRACE_LEVEL;
#else
    smp_cb.trace_level = BT_TRACE_LEVEL_NONE;    /* No traces */
#endif
    SMP_TRACE_EVENT ("%s", __FUNCTION__);

    smp_l2cap_if_init();
    /* initialization of P-256 parameters */
    p_256_init_curve(KEY_LENGTH_DWORDS_P256);
}


/*******************************************************************************
**
** Function         SMP_SetTraceLevel
**
** Description      This function sets the trace level for SMP.  If called with
**                  a value of 0xFF, it simply returns the current trace level.
**
**                  Input Parameters:
**                      level:  The level to set the GATT tracing to:
**                      0xff-returns the current setting.
**                      0-turns off tracing.
**                      >= 1-Errors.
**                      >= 2-Warnings.
**                      >= 3-APIs.
**                      >= 4-Events.
**                      >= 5-Debug.
**
** Returns          The new or current trace level
**
*******************************************************************************/
extern UINT8 SMP_SetTraceLevel (UINT8 new_level)
{
    if (new_level != 0xFF)
        smp_cb.trace_level = new_level;

    return(smp_cb.trace_level);
}


/*******************************************************************************
**
** Function         SMP_Register
**
** Description      This function register for the SMP services callback.
**
** Returns          void
**
*******************************************************************************/
BOOLEAN SMP_Register (tSMP_CALLBACK *p_cback)
{
    SMP_TRACE_EVENT ("SMP_Register state=%d", smp_cb.state);

    if (smp_cb.p_callback != NULL)
    {
        SMP_TRACE_ERROR ("SMP_Register: duplicate registration, overwrite it");
    }
    smp_cb.p_callback = p_cback;

    return(TRUE);

}

/*******************************************************************************
**
** Function         SMP_Pair
**
** Description      This function call to perform a SMP pairing with peer device.
**                  Device support one SMP pairing at one time.
**
** Parameters       bd_addr - peer device bd address.
**
** Returns          None
**
*******************************************************************************/
tSMP_STATUS SMP_Pair (BD_ADDR bd_addr)
{
    tSMP_CB   *p_cb = &smp_cb;
    UINT8     status = SMP_PAIR_INTERNAL_ERR;

    SMP_TRACE_EVENT ("%s state=%d br_state=%d flag=0x%x ",
                      __FUNCTION__, p_cb->state, p_cb->br_state, p_cb->flags);
    if (p_cb->state != SMP_STATE_IDLE || p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD ||
        p_cb->smp_over_br)
    {
        /* pending security on going, reject this one */
        return SMP_BUSY;
    }
    else
    {
        p_cb->flags = SMP_PAIR_FLAGS_WE_STARTED_DD;

        memcpy (p_cb->pairing_bda, bd_addr, BD_ADDR_LEN);

        if (!L2CA_ConnectFixedChnl (L2CAP_SMP_CID, bd_addr))
        {
            SMP_TRACE_ERROR("%s: L2C connect fixed channel failed.", __FUNCTION__);
            smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
            return status;
        }

        return SMP_STARTED;
    }
}

/*******************************************************************************
**
** Function         SMP_BR_PairWith
**
** Description      This function is called to start a SMP pairing over BR/EDR.
**                  Device support one SMP pairing at one time.
**
** Parameters       bd_addr - peer device bd address.
**
** Returns          SMP_STARTED if pairing started, otherwise reason for failure.
**
*******************************************************************************/
tSMP_STATUS SMP_BR_PairWith (BD_ADDR bd_addr)
{
    tSMP_CB   *p_cb = &smp_cb;
    UINT8     status = SMP_PAIR_INTERNAL_ERR;

    SMP_TRACE_EVENT ("%s state=%d br_state=%d flag=0x%x ",
                      __func__, p_cb->state, p_cb->br_state, p_cb->flags);

    if (p_cb->state != SMP_STATE_IDLE ||
        p_cb->smp_over_br ||
        p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)
    {
        /* pending security on going, reject this one */
        return SMP_BUSY;
    }

    p_cb->role = HCI_ROLE_MASTER;
    p_cb->flags = SMP_PAIR_FLAGS_WE_STARTED_DD;
    p_cb->smp_over_br = TRUE;

    memcpy (p_cb->pairing_bda, bd_addr, BD_ADDR_LEN);

    if (!L2CA_ConnectFixedChnl (L2CAP_SMP_BR_CID, bd_addr))
    {
        SMP_TRACE_ERROR("%s: L2C connect fixed channel failed.",__FUNCTION__);
        smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &status);
        return status;
    }

    return SMP_STARTED;
}

/*******************************************************************************
**
** Function         SMP_PairCancel
**
** Description      This function call to cancel a SMP pairing with peer device.
**
** Parameters       bd_addr - peer device bd address.
**
** Returns          TRUE - Pairining is cancelled
**
*******************************************************************************/
BOOLEAN SMP_PairCancel (BD_ADDR bd_addr)
{
    tSMP_CB   *p_cb = &smp_cb;
    UINT8     err_code = SMP_PAIR_FAIL_UNKNOWN;
    BOOLEAN   status = FALSE;

    BTM_TRACE_EVENT ("SMP_CancelPair state=%d flag=0x%x ", p_cb->state, p_cb->flags);
    if ( (p_cb->state != SMP_STATE_IDLE)  &&
         (!memcmp (p_cb->pairing_bda, bd_addr, BD_ADDR_LEN)) )
    {
        p_cb->is_pair_cancel = TRUE;
        SMP_TRACE_DEBUG("Cancel Pairing: set fail reason Unknown");
        smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &err_code);
        status = TRUE;
    }

    return status;
}
/*******************************************************************************
**
** Function         SMP_SecurityGrant
**
** Description      This function is called to grant security process.
**
** Parameters       bd_addr - peer device bd address.
**                  res     - result of the operation SMP_SUCCESS if success.
**                            Otherwise, SMP_REPEATED_ATTEMPTS is too many attempts.
**
** Returns          None
**
*******************************************************************************/
void SMP_SecurityGrant(BD_ADDR bd_addr, UINT8 res)
{
    SMP_TRACE_EVENT ("SMP_SecurityGrant ");

    if (smp_cb.smp_over_br)
    {
        if (smp_cb.br_state != SMP_BR_STATE_WAIT_APP_RSP ||
            smp_cb.cb_evt != SMP_SEC_REQUEST_EVT ||
            memcmp (smp_cb.pairing_bda, bd_addr, BD_ADDR_LEN))
        {
            return;
        }

        /* clear the SMP_SEC_REQUEST_EVT event after get grant */
        /* avoid generating duplicate pair request */
        smp_cb.cb_evt = 0;
        smp_br_state_machine_event(&smp_cb, SMP_BR_API_SEC_GRANT_EVT, &res);
        return;
    }

    if (smp_cb.state != SMP_STATE_WAIT_APP_RSP ||
        smp_cb.cb_evt != SMP_SEC_REQUEST_EVT ||
        memcmp (smp_cb.pairing_bda, bd_addr, BD_ADDR_LEN))
        return;
    /* clear the SMP_SEC_REQUEST_EVT event after get grant */
    /* avoid generate duplicate pair request */
    smp_cb.cb_evt = 0;
    smp_sm_event(&smp_cb, SMP_API_SEC_GRANT_EVT, &res);
}

/*******************************************************************************
**
** Function         SMP_PasskeyReply
**
** Description      This function is called after Security Manager submitted
**                  passkey request to the application.
**
** Parameters:      bd_addr      - Address of the device for which passkey was requested
**                  res          - result of the operation SMP_SUCCESS if success
**                  passkey - numeric value in the range of
**                  BTM_MIN_PASSKEY_VAL(0) - BTM_MAX_PASSKEY_VAL(999999(0xF423F)).
**
*******************************************************************************/
void SMP_PasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey)
{
    tSMP_CB *p_cb = & smp_cb;
    UINT8   failure = SMP_PASSKEY_ENTRY_FAIL;

    SMP_TRACE_EVENT ("SMP_PasskeyReply: Key: %d  Result:%d",
                      passkey, res);

    /* If timeout already expired or has been canceled, ignore the reply */
    if (p_cb->cb_evt != SMP_PASSKEY_REQ_EVT)
    {
        SMP_TRACE_WARNING ("SMP_PasskeyReply() - Wrong State: %d", p_cb->state);
        return;
    }

    if (memcmp (bd_addr, p_cb->pairing_bda, BD_ADDR_LEN) != 0)
    {
        SMP_TRACE_ERROR ("SMP_PasskeyReply() - Wrong BD Addr");
        return;
    }

    if (btm_find_dev (bd_addr) == NULL)
    {
        SMP_TRACE_ERROR ("SMP_PasskeyReply() - no dev CB");
        return;
    }

    if (passkey > BTM_MAX_PASSKEY_VAL || res != SMP_SUCCESS)
    {
        SMP_TRACE_WARNING ("SMP_PasskeyReply() - Wrong key len: %d or passkey entry fail", passkey);
        /* send pairing failure */
        smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &failure);

    }
    else if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_PASSKEY_ENT)
    {
        smp_sm_event(&smp_cb, SMP_SC_KEY_READY_EVT, &passkey);
    }
    else
    {
        smp_convert_string_to_tk(p_cb->tk, passkey);
    }

    return;
}

/*******************************************************************************
**
** Function         SMP_ConfirmReply
**
** Description      This function is called after Security Manager submitted
**                  numeric comparison request to the application.
**
** Parameters:      bd_addr      - Address of the device with which numeric
**                                 comparison was requested
**                  res          - comparison result SMP_SUCCESS if success
**
*******************************************************************************/
void SMP_ConfirmReply (BD_ADDR bd_addr, UINT8 res)
{
    tSMP_CB *p_cb = & smp_cb;
    UINT8   failure = SMP_NUMERIC_COMPAR_FAIL;

    SMP_TRACE_EVENT ("%s: Result:%d", __FUNCTION__, res);

    /* If timeout already expired or has been canceled, ignore the reply */
    if (p_cb->cb_evt != SMP_NC_REQ_EVT)
    {
        SMP_TRACE_WARNING ("%s() - Wrong State: %d", __FUNCTION__,p_cb->state);
        return;
    }

    if (memcmp (bd_addr, p_cb->pairing_bda, BD_ADDR_LEN) != 0)
    {
        SMP_TRACE_ERROR ("%s() - Wrong BD Addr",__FUNCTION__);
        return;
    }

    if (btm_find_dev (bd_addr) == NULL)
    {
        SMP_TRACE_ERROR ("%s() - no dev CB",__FUNCTION__);
        return;
    }

    if (res != SMP_SUCCESS)
    {
        SMP_TRACE_WARNING ("%s() - Numeric Comparison fails",__FUNCTION__);
        /* send pairing failure */
        smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &failure);
    }
    else
    {
        smp_sm_event(p_cb, SMP_SC_NC_OK_EVT, NULL);
    }
}

/*******************************************************************************
**
** Function         SMP_OobDataReply
**
** Description      This function is called to provide the OOB data for
**                  SMP in response to SMP_OOB_REQ_EVT
**
** Parameters:      bd_addr     - Address of the peer device
**                  res         - result of the operation SMP_SUCCESS if success
**                  p_data      - simple pairing Randomizer  C.
**
*******************************************************************************/
void SMP_OobDataReply(BD_ADDR bd_addr, tSMP_STATUS res, UINT8 len, UINT8 *p_data)
{
    tSMP_CB *p_cb = & smp_cb;
    UINT8   failure = SMP_OOB_FAIL;
    tSMP_KEY        key;

    SMP_TRACE_EVENT ("%s State: %d  res:%d", __FUNCTION__, smp_cb.state, res);

    /* If timeout already expired or has been canceled, ignore the reply */
    if (p_cb->state != SMP_STATE_WAIT_APP_RSP || p_cb->cb_evt != SMP_OOB_REQ_EVT)
        return;

    if (res != SMP_SUCCESS || len == 0 || !p_data)
    {
        smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &failure);
    }
    else
    {
        if (len > BT_OCTET16_LEN)
            len = BT_OCTET16_LEN;

        memcpy(p_cb->tk, p_data, len);

        key.key_type    = SMP_KEY_TYPE_TK;
        key.p_data      = p_cb->tk;

        smp_sm_event(&smp_cb, SMP_KEY_READY_EVT, &key);
    }
}

/*******************************************************************************
**
** Function         SMP_SecureConnectionOobDataReply
**
** Description      This function is called to provide the SC OOB data for
**                  SMP in response to SMP_SC_OOB_REQ_EVT
**
** Parameters:      p_data      - pointer to the data
**
*******************************************************************************/
void SMP_SecureConnectionOobDataReply(UINT8 *p_data)
{
    tSMP_CB  *p_cb = &smp_cb;

    UINT8  failure = SMP_OOB_FAIL;
    tSMP_SC_OOB_DATA  *p_oob = (tSMP_SC_OOB_DATA *) p_data;
    if (!p_oob)
    {
        SMP_TRACE_ERROR("%s received no data",__FUNCTION__);
        smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &failure);
        return;
    }

    SMP_TRACE_EVENT ("%s req_oob_type: %d, loc_oob_data.present: %d, "
                       "peer_oob_data.present: %d",
                       __FUNCTION__, p_cb->req_oob_type, p_oob->loc_oob_data.present,
                       p_oob->peer_oob_data.present);

    if (p_cb->state != SMP_STATE_WAIT_APP_RSP || p_cb->cb_evt != SMP_SC_OOB_REQ_EVT)
        return;

    BOOLEAN  data_missing = FALSE;
    switch (p_cb->req_oob_type)
    {
        case SMP_OOB_PEER:
            if (!p_oob->peer_oob_data.present)
                data_missing = TRUE;
            break;
        case SMP_OOB_LOCAL:
            if (!p_oob->loc_oob_data.present)
                data_missing = TRUE;
            break;
        case SMP_OOB_BOTH:
            if (!p_oob->loc_oob_data.present || !p_oob->peer_oob_data.present)
                data_missing = TRUE;
            break;
        default:
            SMP_TRACE_EVENT ("Unexpected OOB data type requested. Fail OOB");
            data_missing = TRUE;
            break;
    }

    if (data_missing)
    {
        smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &failure);
        return;
    }

    p_cb->sc_oob_data = *p_oob;

    smp_sm_event(&smp_cb, SMP_SC_OOB_DATA_EVT, p_data);
}

/*******************************************************************************
**
** Function         SMP_Encrypt
**
** Description      This function is called to encrypt the data with the specified
**                  key
**
** Parameters:      key                 - Pointer to key key[0] conatins the MSB
**                  key_len             - key length
**                  plain_text          - Pointer to data to be encrypted
**                                        plain_text[0] conatins the MSB
**                  pt_len              - plain text length
**                  p_out                - output of the encrypted texts
**
**  Returns         Boolean - request is successful
*******************************************************************************/
BOOLEAN SMP_Encrypt (UINT8 *key, UINT8 key_len,
                     UINT8 *plain_text, UINT8 pt_len,
                     tSMP_ENC *p_out)

{
    BOOLEAN status=FALSE;
    status = smp_encrypt_data(key, key_len, plain_text, pt_len, p_out);
    return status;
}

/*******************************************************************************
**
** Function         SMP_KeypressNotification
**
** Description      This function is called to notify Security Manager about Keypress Notification.
**
** Parameters:     bd_addr      Address of the device to send keypress notification to
**                 value        Keypress notification parameter value
**
*******************************************************************************/
void SMP_KeypressNotification (BD_ADDR bd_addr, UINT8 value)
{
    tSMP_CB   *p_cb = &smp_cb;

    SMP_TRACE_EVENT ("%s: Value: %d", __FUNCTION__,value);

    if (memcmp (bd_addr, p_cb->pairing_bda, BD_ADDR_LEN) != 0)
    {
        SMP_TRACE_ERROR ("%s() - Wrong BD Addr",__FUNCTION__);
        return;
    }

    if (btm_find_dev (bd_addr) == NULL)
    {
        SMP_TRACE_ERROR ("%s() - no dev CB",__FUNCTION__);
        return;
    }

    /* Keypress Notification is used by a device with KeyboardOnly IO capabilities */
    /* during the passkey entry protocol */
    if (p_cb->local_io_capability != SMP_IO_CAP_IN)
    {
        SMP_TRACE_ERROR ("%s() - wrong local IO capabilities %d",
                          __FUNCTION__, p_cb->local_io_capability);
        return;
    }

    if (p_cb->selected_association_model != SMP_MODEL_SEC_CONN_PASSKEY_ENT)
    {
        SMP_TRACE_ERROR ("%s() - wrong protocol %d", __FUNCTION__,
                         p_cb->selected_association_model);
        return;
    }

    smp_sm_event(p_cb, SMP_KEYPRESS_NOTIFICATION_EVENT, &value);
}

/*******************************************************************************
**
** Function         SMP_CreateLocalSecureConnectionsOobData
**
** Description      This function is called to start creation of local SC OOB
**                  data set (tSMP_LOC_OOB_DATA).
**
** Parameters:      bd_addr      - Address of the device to send OOB data block to
**
**  Returns         Boolean - TRUE: creation of local SC OOB data set started.
*******************************************************************************/
BOOLEAN SMP_CreateLocalSecureConnectionsOobData (tBLE_BD_ADDR *addr_to_send_to)
{
    tSMP_CB *p_cb = &smp_cb;
    UINT8   *bd_addr;

    if (addr_to_send_to == NULL)
    {
        SMP_TRACE_ERROR ("%s addr_to_send_to is not provided",__FUNCTION__);
        return FALSE;
    }

    bd_addr = addr_to_send_to->bda;

    SMP_TRACE_EVENT ("%s addr type: %u,  BDA: %08x%04x,  state: %u, br_state: %u",
                      __FUNCTION__, addr_to_send_to->type,
                      (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8) + bd_addr[3],
                      (bd_addr[4]<<8)+bd_addr[5],
                      p_cb->state,
                      p_cb->br_state);

    if ((p_cb->state != SMP_STATE_IDLE) || (p_cb->smp_over_br))
    {
        SMP_TRACE_WARNING ("%s creation of local OOB data set "\
            "starts only in IDLE state",__FUNCTION__);
        return FALSE;
    }

    p_cb->sc_oob_data.loc_oob_data.addr_sent_to = *addr_to_send_to;
    smp_sm_event(p_cb, SMP_CR_LOC_SC_OOB_DATA_EVT, NULL);

    return TRUE;
}

#endif /* SMP_INCLUDED */