1 /******************************************************************************
2 *
3 * Copyright (C) 2003-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 #include <string.h>
20 #include "device/include/interop.h"
21 #include "include/bt_target.h"
22 #include "stack/btm/btm_int.h"
23 #include "stack/include/l2c_api.h"
24 #include "stack/smp/smp_int.h"
25 #include "utils/include/bt_utils.h"
26
27 #if SMP_INCLUDED == TRUE
28 const UINT8 smp_association_table[2][SMP_IO_CAP_MAX][SMP_IO_CAP_MAX] =
29 {
30 /* initiator */
31 {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* Display Only */
32 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* SMP_CAP_IO = 1 */
33 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* keyboard only */
34 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */
35 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}}, /* keyboard display */
36 /* responder */
37 {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* Display Only */
38 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* SMP_CAP_IO = 1 */
39 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* keyboard only */
40 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */
41 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}} /* keyboard display */
42 /* display only */ /*SMP_CAP_IO = 1 */ /* keyboard only */ /* No InputOutput */ /* keyboard display */
43 };
44
45 #define SMP_KEY_DIST_TYPE_MAX 4
46 const tSMP_ACT smp_distribute_act [] =
47 {
48 smp_generate_ltk,
49 smp_send_id_info,
50 smp_generate_csrk,
51 smp_set_derive_link_key
52 };
53
54 /*******************************************************************************
55 ** Function smp_update_key_mask
56 ** Description This function updates the key mask for sending or receiving.
57 *******************************************************************************/
smp_update_key_mask(tSMP_CB * p_cb,UINT8 key_type,BOOLEAN recv)58 static void smp_update_key_mask (tSMP_CB *p_cb, UINT8 key_type, BOOLEAN recv)
59 {
60 SMP_TRACE_DEBUG("%s before update role=%d recv=%d local_i_key = %02x, local_r_key = %02x",
61 __func__, p_cb->role, recv, p_cb->local_i_key, p_cb->local_r_key);
62
63 if (((p_cb->le_secure_connections_mode_is_used) ||
64 (p_cb->smp_over_br)) &&
65 ((key_type == SMP_SEC_KEY_TYPE_ENC) || (key_type == SMP_SEC_KEY_TYPE_LK)))
66 {
67 /* in LE SC mode LTK, CSRK and BR/EDR LK are derived locally instead of
68 ** being exchanged with the peer */
69 p_cb->local_i_key &= ~key_type;
70 p_cb->local_r_key &= ~key_type;
71 }
72 else
73 if (p_cb->role == HCI_ROLE_SLAVE)
74 {
75 if (recv)
76 p_cb->local_i_key &= ~key_type;
77 else
78 p_cb->local_r_key &= ~key_type;
79 }
80 else
81 {
82 if (recv)
83 p_cb->local_r_key &= ~key_type;
84 else
85 p_cb->local_i_key &= ~key_type;
86 }
87
88 SMP_TRACE_DEBUG("updated local_i_key = %02x, local_r_key = %02x", p_cb->local_i_key,
89 p_cb->local_r_key);
90 }
91
92 /*******************************************************************************
93 ** Function smp_send_app_cback
94 ** Description notifies application about the events the application is interested in
95 *******************************************************************************/
smp_send_app_cback(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)96 void smp_send_app_cback(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
97 {
98 tSMP_EVT_DATA cb_data;
99 tSMP_STATUS callback_rc;
100 SMP_TRACE_DEBUG("%s p_cb->cb_evt=%d", __func__, p_cb->cb_evt);
101 if (p_cb->p_callback && p_cb->cb_evt != 0)
102 {
103 switch (p_cb->cb_evt)
104 {
105 case SMP_IO_CAP_REQ_EVT:
106 cb_data.io_req.auth_req = p_cb->peer_auth_req;
107 cb_data.io_req.oob_data = SMP_OOB_NONE;
108 cb_data.io_req.io_cap = SMP_DEFAULT_IO_CAPS;
109 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
110 cb_data.io_req.init_keys = p_cb->local_i_key ;
111 cb_data.io_req.resp_keys = p_cb->local_r_key ;
112 SMP_TRACE_WARNING ( "io_cap = %d",cb_data.io_req.io_cap);
113 break;
114
115 case SMP_NC_REQ_EVT:
116 cb_data.passkey = p_data->passkey;
117 break;
118 case SMP_SC_OOB_REQ_EVT:
119 cb_data.req_oob_type = p_data->req_oob_type;
120 break;
121 case SMP_SC_LOC_OOB_DATA_UP_EVT:
122 cb_data.loc_oob_data = p_cb->sc_oob_data.loc_oob_data;
123 break;
124
125 case SMP_BR_KEYS_REQ_EVT:
126 cb_data.io_req.auth_req = 0;
127 cb_data.io_req.oob_data = SMP_OOB_NONE;
128 cb_data.io_req.io_cap = 0;
129 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
130 cb_data.io_req.init_keys = SMP_BR_SEC_DEFAULT_KEY;
131 cb_data.io_req.resp_keys = SMP_BR_SEC_DEFAULT_KEY;
132 break;
133
134 default:
135 break;
136 }
137
138 callback_rc = (*p_cb->p_callback)(p_cb->cb_evt, p_cb->pairing_bda, &cb_data);
139
140 SMP_TRACE_DEBUG("callback_rc=%d p_cb->cb_evt=%d",callback_rc, p_cb->cb_evt );
141
142 if (callback_rc == SMP_SUCCESS)
143 {
144 switch (p_cb->cb_evt)
145 {
146 case SMP_IO_CAP_REQ_EVT:
147 p_cb->loc_auth_req = cb_data.io_req.auth_req;
148 p_cb->local_io_capability = cb_data.io_req.io_cap;
149 p_cb->loc_oob_flag = cb_data.io_req.oob_data;
150 p_cb->loc_enc_size = cb_data.io_req.max_key_size;
151 p_cb->local_i_key = cb_data.io_req.init_keys;
152 p_cb->local_r_key = cb_data.io_req.resp_keys;
153
154 if (!(p_cb->loc_auth_req & SMP_AUTH_BOND))
155 {
156 SMP_TRACE_WARNING ("Non bonding: No keys will be exchanged");
157 p_cb->local_i_key = 0;
158 p_cb->local_r_key = 0;
159 }
160
161 SMP_TRACE_WARNING ( "rcvd auth_req: 0x%02x, io_cap: %d \
162 loc_oob_flag: %d loc_enc_size: %d,"
163 "local_i_key: 0x%02x, local_r_key: 0x%02x",
164 p_cb->loc_auth_req, p_cb->local_io_capability, p_cb->loc_oob_flag,
165 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key);
166
167 p_cb->secure_connections_only_mode_required =
168 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE;
169
170 if (p_cb->secure_connections_only_mode_required)
171 {
172 p_cb->loc_auth_req |= SMP_SC_SUPPORT_BIT;
173 }
174
175 if (!(p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT)
176 || interop_match(INTEROP_DISABLE_LE_SECURE_CONNECTIONS,
177 (const bt_bdaddr_t *)&p_cb->pairing_bda))
178 {
179 p_cb->loc_auth_req &= ~SMP_KP_SUPPORT_BIT;
180 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
181 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
182 }
183
184 SMP_TRACE_WARNING("set auth_req: 0x%02x, local_i_key: 0x%02x, local_r_key: 0x%02x",
185 p_cb->loc_auth_req, p_cb->local_i_key, p_cb->local_r_key);
186
187 smp_sm_event(p_cb, SMP_IO_RSP_EVT, NULL);
188 break;
189
190 case SMP_BR_KEYS_REQ_EVT:
191 p_cb->loc_enc_size = cb_data.io_req.max_key_size;
192 p_cb->local_i_key = cb_data.io_req.init_keys;
193 p_cb->local_r_key = cb_data.io_req.resp_keys;
194
195 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
196 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
197
198 SMP_TRACE_WARNING ( "for SMP over BR max_key_size: 0x%02x,\
199 local_i_key: 0x%02x, local_r_key: 0x%02x",
200 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key);
201
202 smp_br_state_machine_event(p_cb, SMP_BR_KEYS_RSP_EVT, NULL);
203 break;
204 }
205 }
206 }
207
208 if (!p_cb->cb_evt && p_cb->discard_sec_req)
209 {
210 p_cb->discard_sec_req = FALSE;
211 smp_sm_event(p_cb, SMP_DISCARD_SEC_REQ_EVT, NULL);
212 }
213
214 SMP_TRACE_DEBUG("%s return", __func__);
215 }
216
217 /*******************************************************************************
218 ** Function smp_send_pair_fail
219 ** Description pairing failure to peer device if needed.
220 *******************************************************************************/
smp_send_pair_fail(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)221 void smp_send_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
222 {
223 p_cb->status = *(UINT8 *)p_data;
224 p_cb->failure = *(UINT8 *)p_data;
225
226 SMP_TRACE_DEBUG("%s status=%d failure=%d ", __func__, p_cb->status, p_cb->failure);
227
228 if (p_cb->status <= SMP_MAX_FAIL_RSN_PER_SPEC && p_cb->status != SMP_SUCCESS)
229 {
230 smp_send_cmd(SMP_OPCODE_PAIRING_FAILED, p_cb);
231 p_cb->wait_for_authorization_complete = TRUE;
232 }
233 }
234
235 /*******************************************************************************
236 ** Function smp_send_pair_req
237 ** Description actions related to sending pairing request
238 *******************************************************************************/
smp_send_pair_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)239 void smp_send_pair_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
240 {
241 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
242 SMP_TRACE_DEBUG("%s", __func__);
243
244 /* erase all keys when master sends pairing req*/
245 if (p_dev_rec)
246 btm_sec_clear_ble_keys(p_dev_rec);
247 /* do not manipulate the key, let app decide,
248 leave out to BTM to mandate key distribution for bonding case */
249 smp_send_cmd(SMP_OPCODE_PAIRING_REQ, p_cb);
250 }
251
252 /*******************************************************************************
253 ** Function smp_send_pair_rsp
254 ** Description actions related to sending pairing response
255 *******************************************************************************/
smp_send_pair_rsp(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)256 void smp_send_pair_rsp(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
257 {
258 SMP_TRACE_DEBUG("%s", __func__);
259
260 p_cb->local_i_key &= p_cb->peer_i_key;
261 p_cb->local_r_key &= p_cb->peer_r_key;
262
263 if (smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb))
264 {
265 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
266 smp_use_oob_private_key(p_cb, NULL);
267 else
268 smp_decide_association_model(p_cb, NULL);
269 }
270 }
271
272 /*******************************************************************************
273 ** Function smp_send_confirm
274 ** Description send confirmation to the peer
275 *******************************************************************************/
smp_send_confirm(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)276 void smp_send_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
277 {
278 SMP_TRACE_DEBUG("%s", __func__);
279 smp_send_cmd(SMP_OPCODE_CONFIRM, p_cb);
280 }
281
282 /*******************************************************************************
283 ** Function smp_send_init
284 ** Description process pairing initializer to slave device
285 *******************************************************************************/
smp_send_init(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)286 void smp_send_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
287 {
288 SMP_TRACE_DEBUG("%s", __func__);
289 smp_send_cmd(SMP_OPCODE_INIT, p_cb);
290 }
291
292 /*******************************************************************************
293 ** Function smp_send_rand
294 ** Description send pairing random to the peer
295 *******************************************************************************/
smp_send_rand(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)296 void smp_send_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
297 {
298 SMP_TRACE_DEBUG("%s", __func__);
299 smp_send_cmd(SMP_OPCODE_RAND, p_cb);
300 }
301
302 /*******************************************************************************
303 ** Function smp_send_pair_public_key
304 ** Description send pairing public key command to the peer
305 *******************************************************************************/
smp_send_pair_public_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)306 void smp_send_pair_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
307 {
308 SMP_TRACE_DEBUG("%s", __func__);
309 smp_send_cmd(SMP_OPCODE_PAIR_PUBLIC_KEY, p_cb);
310 }
311
312 /*******************************************************************************
313 ** Function SMP_SEND_COMMITMENT
314 ** Description send commitment command to the peer
315 *******************************************************************************/
smp_send_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)316 void smp_send_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
317 {
318 SMP_TRACE_DEBUG("%s", __func__);
319 smp_send_cmd(SMP_OPCODE_PAIR_COMMITM, p_cb);
320 }
321
322 /*******************************************************************************
323 ** Function smp_send_dhkey_check
324 ** Description send DHKey Check command to the peer
325 *******************************************************************************/
smp_send_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)326 void smp_send_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
327 {
328 SMP_TRACE_DEBUG("%s", __func__);
329 smp_send_cmd(SMP_OPCODE_PAIR_DHKEY_CHECK, p_cb);
330 }
331
332 /*******************************************************************************
333 ** Function smp_send_keypress_notification
334 ** Description send Keypress Notification command to the peer
335 *******************************************************************************/
smp_send_keypress_notification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)336 void smp_send_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
337 {
338 p_cb->local_keypress_notification = *(UINT8 *) p_data;
339 smp_send_cmd(SMP_OPCODE_PAIR_KEYPR_NOTIF, p_cb);
340 }
341
342 /*******************************************************************************
343 ** Function smp_send_enc_info
344 ** Description send encryption information command.
345 *******************************************************************************/
smp_send_enc_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)346 void smp_send_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
347 {
348 tBTM_LE_LENC_KEYS le_key;
349
350 SMP_TRACE_DEBUG("%s p_cb->loc_enc_size = %d", __func__, p_cb->loc_enc_size);
351 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
352
353 smp_send_cmd(SMP_OPCODE_ENCRYPT_INFO, p_cb);
354 smp_send_cmd(SMP_OPCODE_MASTER_ID, p_cb);
355
356 /* save the DIV and key size information when acting as slave device */
357 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
358 le_key.div = p_cb->div;
359 le_key.key_size = p_cb->loc_enc_size;
360 le_key.sec_level = p_cb->sec_level;
361
362 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
363 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LENC,
364 (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
365
366 SMP_TRACE_WARNING ("%s", __func__);
367
368 smp_key_distribution(p_cb, NULL);
369 }
370
371 /*******************************************************************************
372 ** Function smp_send_id_info
373 ** Description send ID information command.
374 *******************************************************************************/
smp_send_id_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)375 void smp_send_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
376 {
377 tBTM_LE_KEY_VALUE le_key;
378 SMP_TRACE_DEBUG("%s", __func__);
379 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, FALSE);
380
381 smp_send_cmd(SMP_OPCODE_IDENTITY_INFO, p_cb);
382 smp_send_cmd(SMP_OPCODE_ID_ADDR, p_cb);
383
384 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
385 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LID,
386 &le_key, TRUE);
387
388 SMP_TRACE_WARNING ("%s", __func__);
389 smp_key_distribution_by_transport(p_cb, NULL);
390 }
391
392 /*******************************************************************************
393 ** Function smp_send_csrk_info
394 ** Description send CSRK command.
395 *******************************************************************************/
smp_send_csrk_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)396 void smp_send_csrk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
397 {
398 tBTM_LE_LCSRK_KEYS key;
399 SMP_TRACE_DEBUG("%s", __func__);
400 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, FALSE);
401
402 if (smp_send_cmd(SMP_OPCODE_SIGN_INFO, p_cb))
403 {
404 key.div = p_cb->div;
405 key.sec_level = p_cb->sec_level;
406 key.counter = 0; /* initialize the local counter */
407 memcpy (key.csrk, p_cb->csrk, BT_OCTET16_LEN);
408 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LCSRK, (tBTM_LE_KEY_VALUE *)&key, TRUE);
409 }
410
411 smp_key_distribution_by_transport(p_cb, NULL);
412 }
413
414 /*******************************************************************************
415 ** Function smp_send_ltk_reply
416 ** Description send LTK reply
417 *******************************************************************************/
smp_send_ltk_reply(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)418 void smp_send_ltk_reply(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
419 {
420 SMP_TRACE_DEBUG("%s", __func__);
421 /* send stk as LTK response */
422 btm_ble_ltk_request_reply(p_cb->pairing_bda, TRUE, p_data->key.p_data);
423 }
424
425 /*******************************************************************************
426 ** Function smp_proc_sec_req
427 ** Description process security request.
428 *******************************************************************************/
smp_proc_sec_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)429 void smp_proc_sec_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
430 {
431 tBTM_LE_AUTH_REQ auth_req = *(tBTM_LE_AUTH_REQ *)p_data;
432 tBTM_BLE_SEC_REQ_ACT sec_req_act;
433 UINT8 reason;
434
435 SMP_TRACE_DEBUG("%s auth_req=0x%x", __func__, auth_req);
436
437 p_cb->cb_evt = 0;
438
439 btm_ble_link_sec_check(p_cb->pairing_bda, auth_req, &sec_req_act);
440
441 SMP_TRACE_DEBUG("%s sec_req_act=0x%x", __func__, sec_req_act);
442
443 switch (sec_req_act)
444 {
445 case BTM_BLE_SEC_REQ_ACT_ENCRYPT:
446 SMP_TRACE_DEBUG("%s BTM_BLE_SEC_REQ_ACT_ENCRYPT", __func__);
447 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
448 break;
449
450 case BTM_BLE_SEC_REQ_ACT_PAIR:
451 p_cb->secure_connections_only_mode_required =
452 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE;
453
454 /* respond to non SC pairing request as failure in SC only mode */
455 if (p_cb->secure_connections_only_mode_required &&
456 (auth_req & SMP_SC_SUPPORT_BIT) == 0)
457 {
458 reason = SMP_PAIR_AUTH_FAIL;
459 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
460 }
461 else
462 {
463 /* initialize local i/r key to be default keys */
464 p_cb->peer_auth_req = auth_req;
465 p_cb->local_r_key = p_cb->local_i_key = SMP_SEC_DEFAULT_KEY ;
466 p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
467 }
468 break;
469
470 case BTM_BLE_SEC_REQ_ACT_DISCARD:
471 p_cb->discard_sec_req = TRUE;
472 break;
473
474 default:
475 /* do nothing */
476 break;
477 }
478 }
479
480 /*******************************************************************************
481 ** Function smp_proc_sec_grant
482 ** Description process security grant.
483 *******************************************************************************/
smp_proc_sec_grant(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)484 void smp_proc_sec_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
485 {
486 UINT8 res= *(UINT8 *)p_data;
487 SMP_TRACE_DEBUG("%s", __func__);
488 if (res != SMP_SUCCESS)
489 {
490 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, p_data);
491 }
492 else /*otherwise, start pairing */
493 {
494 /* send IO request callback */
495 p_cb->cb_evt = SMP_IO_CAP_REQ_EVT;
496 }
497 }
498
499 /*******************************************************************************
500 ** Function smp_proc_pair_fail
501 ** Description process pairing failure from peer device
502 *******************************************************************************/
smp_proc_pair_fail(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)503 void smp_proc_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
504 {
505 SMP_TRACE_DEBUG("%s", __func__);
506 p_cb->status = *(UINT8 *)p_data;
507 }
508
509 /*******************************************************************************
510 ** Function smp_proc_pair_cmd
511 ** Description Process the SMP pairing request/response from peer device
512 *******************************************************************************/
smp_proc_pair_cmd(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)513 void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
514 {
515 UINT8 *p = (UINT8 *)p_data;
516 UINT8 reason = SMP_ENC_KEY_SIZE;
517 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
518
519 SMP_TRACE_DEBUG("%s", __func__);
520 /* erase all keys if it is slave proc pairing req*/
521 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
522 btm_sec_clear_ble_keys(p_dev_rec);
523
524 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
525
526 STREAM_TO_UINT8(p_cb->peer_io_caps, p);
527 STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
528 STREAM_TO_UINT8(p_cb->peer_auth_req, p);
529 STREAM_TO_UINT8(p_cb->peer_enc_size, p);
530 STREAM_TO_UINT8(p_cb->peer_i_key, p);
531 STREAM_TO_UINT8(p_cb->peer_r_key, p);
532
533 if (smp_command_has_invalid_parameters(p_cb))
534 {
535 reason = SMP_INVALID_PARAMETERS;
536 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
537 return;
538 }
539
540 if (p_cb->role == HCI_ROLE_SLAVE)
541 {
542 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD))
543 {
544 /* peer (master) started pairing sending Pairing Request */
545 p_cb->local_i_key = p_cb->peer_i_key;
546 p_cb->local_r_key = p_cb->peer_r_key;
547
548 p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
549 }
550 else /* update local i/r key according to pairing request */
551 {
552 /* pairing started with this side (slave) sending Security Request */
553 p_cb->local_i_key &= p_cb->peer_i_key;
554 p_cb->local_r_key &= p_cb->peer_r_key;
555 p_cb->selected_association_model = smp_select_association_model(p_cb);
556
557 if (p_cb->secure_connections_only_mode_required &&
558 (!(p_cb->le_secure_connections_mode_is_used) ||
559 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
560 {
561 SMP_TRACE_ERROR("%s pairing failed - slave requires secure connection only mode",
562 __func__);
563 reason = SMP_PAIR_AUTH_FAIL;
564 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
565 return;
566 }
567
568 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
569 {
570 if (smp_request_oob_data(p_cb)) return;
571 }
572 else
573 {
574 smp_send_pair_rsp(p_cb, NULL);
575 }
576 }
577 }
578 else /* Master receives pairing response */
579 {
580 p_cb->selected_association_model = smp_select_association_model(p_cb);
581
582 if (p_cb->secure_connections_only_mode_required &&
583 (!(p_cb->le_secure_connections_mode_is_used) ||
584 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
585 {
586 SMP_TRACE_ERROR ("Master requires secure connection only mode \
587 but it can't be provided -> Master fails pairing");
588 reason = SMP_PAIR_AUTH_FAIL;
589 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
590 return;
591 }
592
593 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
594 {
595 if (smp_request_oob_data(p_cb)) return;
596 }
597 else
598 {
599 smp_decide_association_model(p_cb, NULL);
600 }
601 }
602 }
603
604 /*******************************************************************************
605 ** Function smp_proc_confirm
606 ** Description process pairing confirm from peer device
607 *******************************************************************************/
smp_proc_confirm(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)608 void smp_proc_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
609 {
610 UINT8 *p = (UINT8 *)p_data;
611 UINT8 reason = SMP_INVALID_PARAMETERS;
612
613 SMP_TRACE_DEBUG("%s", __func__);
614
615 if (smp_command_has_invalid_parameters(p_cb))
616 {
617 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
618 return;
619 }
620
621 if (p != NULL)
622 {
623 /* save the SConfirm for comparison later */
624 STREAM_TO_ARRAY(p_cb->rconfirm, p, BT_OCTET16_LEN);
625 }
626
627 p_cb->flags |= SMP_PAIR_FLAGS_CMD_CONFIRM;
628 }
629
630 /*******************************************************************************
631 ** Function smp_proc_init
632 ** Description process pairing initializer from peer device
633 *******************************************************************************/
smp_proc_init(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)634 void smp_proc_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
635 {
636 UINT8 *p = (UINT8 *)p_data;
637 UINT8 reason = SMP_INVALID_PARAMETERS;
638
639 SMP_TRACE_DEBUG("%s", __func__);
640
641 if (smp_command_has_invalid_parameters(p_cb))
642 {
643 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
644 return;
645 }
646
647 /* save the SRand for comparison */
648 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
649 }
650
651 /*******************************************************************************
652 ** Function smp_proc_rand
653 ** Description process pairing random (nonce) from peer device
654 *******************************************************************************/
smp_proc_rand(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)655 void smp_proc_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
656 {
657 UINT8 *p = (UINT8 *)p_data;
658 UINT8 reason = SMP_INVALID_PARAMETERS;
659
660 SMP_TRACE_DEBUG("%s", __func__);
661
662 if (smp_command_has_invalid_parameters(p_cb))
663 {
664 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
665 return;
666 }
667
668 /* save the SRand for comparison */
669 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
670 }
671
672 /*******************************************************************************
673 ** Function smp_process_pairing_public_key
674 ** Description process pairing public key command from the peer device
675 ** - saves the peer public key;
676 ** - sets the flag indicating that the peer public key is received;
677 ** - calls smp_wait_for_both_public_keys(...).
678 **
679 *******************************************************************************/
smp_process_pairing_public_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)680 void smp_process_pairing_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
681 {
682 UINT8 *p = (UINT8 *)p_data;
683 UINT8 reason = SMP_INVALID_PARAMETERS;
684
685 SMP_TRACE_DEBUG("%s", __func__);
686
687 if (smp_command_has_invalid_parameters(p_cb))
688 {
689 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
690 return;
691 }
692
693 STREAM_TO_ARRAY(p_cb->peer_publ_key.x, p, BT_OCTET32_LEN);
694 STREAM_TO_ARRAY(p_cb->peer_publ_key.y, p, BT_OCTET32_LEN);
695 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY;
696
697 smp_wait_for_both_public_keys(p_cb, NULL);
698 }
699
700 /*******************************************************************************
701 ** Function smp_process_pairing_commitment
702 ** Description process pairing commitment from peer device
703 *******************************************************************************/
smp_process_pairing_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)704 void smp_process_pairing_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
705 {
706 UINT8 *p = (UINT8 *)p_data;
707 UINT8 reason = SMP_INVALID_PARAMETERS;
708
709 SMP_TRACE_DEBUG("%s", __func__);
710
711 if (smp_command_has_invalid_parameters(p_cb))
712 {
713 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
714 return;
715 }
716
717 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_COMM;
718
719 if (p != NULL)
720 {
721 STREAM_TO_ARRAY(p_cb->remote_commitment, p, BT_OCTET16_LEN);
722 }
723 }
724
725 /*******************************************************************************
726 ** Function smp_process_dhkey_check
727 ** Description process DHKey Check from peer device
728 *******************************************************************************/
smp_process_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)729 void smp_process_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
730 {
731 UINT8 *p = (UINT8 *)p_data;
732 UINT8 reason = SMP_INVALID_PARAMETERS;
733
734 SMP_TRACE_DEBUG("%s", __func__);
735
736 if (smp_command_has_invalid_parameters(p_cb))
737 {
738 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
739 return;
740 }
741
742 if (p != NULL)
743 {
744 STREAM_TO_ARRAY(p_cb->remote_dhkey_check, p, BT_OCTET16_LEN);
745 }
746
747 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK;
748 }
749
750 /*******************************************************************************
751 ** Function smp_process_keypress_notification
752 ** Description process pairing keypress notification from peer device
753 *******************************************************************************/
smp_process_keypress_notification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)754 void smp_process_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
755 {
756 UINT8 *p = (UINT8 *)p_data;
757 UINT8 reason = SMP_INVALID_PARAMETERS;
758
759 SMP_TRACE_DEBUG("%s", __func__);
760 p_cb->status = *(UINT8 *)p_data;
761
762 if (smp_command_has_invalid_parameters(p_cb))
763 {
764 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
765 return;
766 }
767
768 if (p != NULL)
769 {
770 STREAM_TO_UINT8(p_cb->peer_keypress_notification, p);
771 }
772 else
773 {
774 p_cb->peer_keypress_notification = BTM_SP_KEY_OUT_OF_RANGE;
775 }
776 p_cb->cb_evt = SMP_PEER_KEYPR_NOT_EVT;
777 }
778
779 /*******************************************************************************
780 ** Function smp_br_process_pairing_command
781 ** Description Process the SMP pairing request/response from peer device via
782 ** BR/EDR transport.
783 *******************************************************************************/
smp_br_process_pairing_command(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)784 void smp_br_process_pairing_command(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
785 {
786 UINT8 *p = (UINT8 *)p_data;
787 UINT8 reason = SMP_ENC_KEY_SIZE;
788 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
789
790 SMP_TRACE_DEBUG("%s", __func__);
791 /* rejecting BR pairing request over non-SC BR link */
792 if (!p_dev_rec->new_encryption_key_is_p256 && p_cb->role == HCI_ROLE_SLAVE)
793 {
794 reason = SMP_XTRANS_DERIVE_NOT_ALLOW;
795 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
796 return;
797 }
798
799 /* erase all keys if it is slave proc pairing req*/
800 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
801 btm_sec_clear_ble_keys(p_dev_rec);
802
803 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
804
805 STREAM_TO_UINT8(p_cb->peer_io_caps, p);
806 STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
807 STREAM_TO_UINT8(p_cb->peer_auth_req, p);
808 STREAM_TO_UINT8(p_cb->peer_enc_size, p);
809 STREAM_TO_UINT8(p_cb->peer_i_key, p);
810 STREAM_TO_UINT8(p_cb->peer_r_key, p);
811
812 if (smp_command_has_invalid_parameters(p_cb))
813 {
814 reason = SMP_INVALID_PARAMETERS;
815 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
816 return;
817 }
818
819 /* peer (master) started pairing sending Pairing Request */
820 /* or being master device always use received i/r key as keys to distribute */
821 p_cb->local_i_key = p_cb->peer_i_key;
822 p_cb->local_r_key = p_cb->peer_r_key;
823
824 if (p_cb->role == HCI_ROLE_SLAVE)
825 {
826 p_dev_rec->new_encryption_key_is_p256 = FALSE;
827 /* shortcut to skip Security Grant step */
828 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
829 }
830 else /* Master receives pairing response */
831 {
832 SMP_TRACE_DEBUG("%s master rcvs valid PAIRING RESPONSE."
833 " Supposed to move to key distribution phase. ", __func__);
834 }
835
836 /* auth_req received via BR/EDR SM channel is set to 0,
837 but everything derived/exchanged has to be saved */
838 p_cb->peer_auth_req |= SMP_AUTH_BOND;
839 p_cb->loc_auth_req |= SMP_AUTH_BOND;
840 }
841
842 /*******************************************************************************
843 ** Function smp_br_process_security_grant
844 ** Description process security grant in case of pairing over BR/EDR transport.
845 *******************************************************************************/
smp_br_process_security_grant(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)846 void smp_br_process_security_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
847 {
848 UINT8 res= *(UINT8 *)p_data;
849 SMP_TRACE_DEBUG("%s", __func__);
850 if (res != SMP_SUCCESS)
851 {
852 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, p_data);
853 }
854 else /*otherwise, start pairing */
855 {
856 /* send IO request callback */
857 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
858 }
859 }
860
861 /*******************************************************************************
862 ** Function smp_br_check_authorization_request
863 ** Description sets the SMP kes to be derived/distribute over BR/EDR transport
864 ** before starting the distribution/derivation
865 *******************************************************************************/
smp_br_check_authorization_request(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)866 void smp_br_check_authorization_request(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
867 {
868 UINT8 reason = SMP_SUCCESS;
869
870 SMP_TRACE_DEBUG("%s rcvs i_keys=0x%x r_keys=0x%x "
871 "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key,
872 p_cb->local_r_key);
873
874 /* In LE SC mode LK field is ignored when BR/EDR transport is used */
875 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
876 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
877
878 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
879 ** Set local_r_key on master to expect only these keys. */
880 if (p_cb->role == HCI_ROLE_MASTER)
881 {
882 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
883 }
884
885 SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x "
886 "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key,
887 p_cb->local_r_key);
888
889 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
890 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
891 (p_cb->local_i_key || p_cb->local_r_key))
892 {
893 smp_br_state_machine_event(p_cb, SMP_BR_BOND_REQ_EVT, NULL);
894
895 /* if no peer key is expected, start master key distribution */
896 if (p_cb->role == HCI_ROLE_MASTER && p_cb->local_r_key == 0)
897 smp_key_distribution_by_transport(p_cb, NULL);
898 }
899 else
900 {
901 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
902 }
903 }
904
905 /*******************************************************************************
906 ** Function smp_br_select_next_key
907 ** Description selects the next key to derive/send when BR/EDR transport is
908 ** used.
909 *******************************************************************************/
smp_br_select_next_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)910 void smp_br_select_next_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
911 {
912 UINT8 reason = SMP_SUCCESS;
913 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x",
914 __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
915
916 if (p_cb->role == HCI_ROLE_SLAVE||
917 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER))
918 {
919 smp_key_pick_key(p_cb, p_data);
920 }
921
922 if (!p_cb->local_i_key && !p_cb->local_r_key)
923 {
924 /* state check to prevent re-entrance */
925 if (smp_get_br_state() == SMP_BR_STATE_BOND_PENDING)
926 {
927 if (p_cb->total_tx_unacked == 0)
928 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
929 else
930 p_cb->wait_for_authorization_complete = TRUE;
931 }
932 }
933 }
934
935 /*******************************************************************************
936 ** Function smp_proc_enc_info
937 ** Description process encryption information from peer device
938 *******************************************************************************/
smp_proc_enc_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)939 void smp_proc_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
940 {
941 UINT8 *p = (UINT8 *)p_data;
942
943 SMP_TRACE_DEBUG("%s", __func__);
944 STREAM_TO_ARRAY(p_cb->ltk, p, BT_OCTET16_LEN);
945
946 smp_key_distribution(p_cb, NULL);
947 }
948 /*******************************************************************************
949 ** Function smp_proc_master_id
950 ** Description process master ID from slave device
951 *******************************************************************************/
smp_proc_master_id(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)952 void smp_proc_master_id(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
953 {
954 UINT8 *p = (UINT8 *)p_data;
955 tBTM_LE_PENC_KEYS le_key;
956
957 SMP_TRACE_DEBUG("%s", __func__);
958 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, TRUE);
959
960 STREAM_TO_UINT16(le_key.ediv, p);
961 STREAM_TO_ARRAY(le_key.rand, p, BT_OCTET8_LEN );
962
963 /* store the encryption keys from peer device */
964 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
965 le_key.sec_level = p_cb->sec_level;
966 le_key.key_size = p_cb->loc_enc_size;
967
968 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
969 btm_sec_save_le_key(p_cb->pairing_bda,
970 BTM_LE_KEY_PENC,
971 (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
972
973 smp_key_distribution(p_cb, NULL);
974 }
975
976 /*******************************************************************************
977 ** Function smp_proc_enc_info
978 ** Description process identity information from peer device
979 *******************************************************************************/
smp_proc_id_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)980 void smp_proc_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
981 {
982 UINT8 *p = (UINT8 *)p_data;
983
984 SMP_TRACE_DEBUG("%s", __func__);
985 STREAM_TO_ARRAY (p_cb->tk, p, BT_OCTET16_LEN); /* reuse TK for IRK */
986 smp_key_distribution_by_transport(p_cb, NULL);
987 }
988
989 /*******************************************************************************
990 ** Function smp_proc_id_addr
991 ** Description process identity address from peer device
992 *******************************************************************************/
smp_proc_id_addr(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)993 void smp_proc_id_addr(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
994 {
995 UINT8 *p = (UINT8 *)p_data;
996 tBTM_LE_PID_KEYS pid_key;
997
998 SMP_TRACE_DEBUG("%s", __func__);
999 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, TRUE);
1000
1001 STREAM_TO_UINT8(pid_key.addr_type, p);
1002 STREAM_TO_BDADDR(pid_key.static_addr, p);
1003 memcpy(pid_key.irk, p_cb->tk, BT_OCTET16_LEN);
1004
1005 /* to use as BD_ADDR for lk derived from ltk */
1006 p_cb->id_addr_rcvd = TRUE;
1007 p_cb->id_addr_type = pid_key.addr_type;
1008 memcpy(p_cb->id_addr, pid_key.static_addr, BD_ADDR_LEN);
1009
1010 /* store the ID key from peer device */
1011 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
1012 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PID,
1013 (tBTM_LE_KEY_VALUE *)&pid_key, TRUE);
1014 smp_key_distribution_by_transport(p_cb, NULL);
1015 }
1016
1017 /*******************************************************************************
1018 ** Function smp_proc_srk_info
1019 ** Description process security information from peer device
1020 *******************************************************************************/
smp_proc_srk_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1021 void smp_proc_srk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1022 {
1023 tBTM_LE_PCSRK_KEYS le_key;
1024
1025 SMP_TRACE_DEBUG("%s", __func__);
1026 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, TRUE);
1027
1028 /* save CSRK to security record */
1029 le_key.sec_level = p_cb->sec_level;
1030 memcpy (le_key.csrk, p_data, BT_OCTET16_LEN); /* get peer CSRK */
1031 le_key.counter = 0; /* initialize the peer counter */
1032
1033 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
1034 btm_sec_save_le_key(p_cb->pairing_bda,
1035 BTM_LE_KEY_PCSRK,
1036 (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
1037 smp_key_distribution_by_transport(p_cb, NULL);
1038 }
1039
1040 /*******************************************************************************
1041 ** Function smp_proc_compare
1042 ** Description process compare value
1043 *******************************************************************************/
smp_proc_compare(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1044 void smp_proc_compare(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1045 {
1046 UINT8 reason;
1047
1048 SMP_TRACE_DEBUG("%s", __func__);
1049 if (!memcmp(p_cb->rconfirm, p_data->key.p_data, BT_OCTET16_LEN))
1050 {
1051 /* compare the max encryption key size, and save the smaller one for the link */
1052 if ( p_cb->peer_enc_size < p_cb->loc_enc_size)
1053 p_cb->loc_enc_size = p_cb->peer_enc_size;
1054
1055 if (p_cb->role == HCI_ROLE_SLAVE)
1056 smp_sm_event(p_cb, SMP_RAND_EVT, NULL);
1057 else
1058 {
1059 /* master device always use received i/r key as keys to distribute */
1060 p_cb->local_i_key = p_cb->peer_i_key;
1061 p_cb->local_r_key = p_cb->peer_r_key;
1062
1063 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1064 }
1065
1066 }
1067 else
1068 {
1069 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1070 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1071 }
1072 }
1073
1074 /*******************************************************************************
1075 ** Function smp_proc_sl_key
1076 ** Description process key ready events.
1077 *******************************************************************************/
smp_proc_sl_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1078 void smp_proc_sl_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1079 {
1080 UINT8 key_type = p_data->key.key_type;
1081
1082 SMP_TRACE_DEBUG("%s", __func__);
1083 if (key_type == SMP_KEY_TYPE_TK)
1084 {
1085 smp_generate_srand_mrand_confirm(p_cb, NULL);
1086 }
1087 else if (key_type == SMP_KEY_TYPE_CFM)
1088 {
1089 smp_set_state(SMP_STATE_WAIT_CONFIRM);
1090
1091 if (p_cb->flags & SMP_PAIR_FLAGS_CMD_CONFIRM)
1092 smp_sm_event(p_cb, SMP_CONFIRM_EVT, NULL);
1093 }
1094 }
1095
1096 /*******************************************************************************
1097 ** Function smp_start_enc
1098 ** Description start encryption
1099 *******************************************************************************/
smp_start_enc(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1100 void smp_start_enc(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1101 {
1102 tBTM_STATUS cmd;
1103 UINT8 reason = SMP_ENC_FAIL;
1104
1105 SMP_TRACE_DEBUG("%s", __func__);
1106 if (p_data != NULL)
1107 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, TRUE, p_data->key.p_data);
1108 else
1109 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, FALSE, NULL);
1110
1111 if (cmd != BTM_CMD_STARTED && cmd != BTM_BUSY)
1112 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1113 }
1114
1115 /*******************************************************************************
1116 ** Function smp_proc_discard
1117 ** Description processing for discard security request
1118 *******************************************************************************/
smp_proc_discard(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1119 void smp_proc_discard(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1120 {
1121 SMP_TRACE_DEBUG("%s", __func__);
1122 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD))
1123 smp_reset_control_value(p_cb);
1124 }
1125
1126 /*******************************************************************************
1127 ** Function smp_enc_cmpl
1128 ** Description encryption success
1129 *******************************************************************************/
smp_enc_cmpl(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1130 void smp_enc_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1131 {
1132 UINT8 enc_enable = *(UINT8 *)p_data;
1133 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1134
1135 SMP_TRACE_DEBUG("%s", __func__);
1136 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1137 }
1138
1139 /*******************************************************************************
1140 ** Function smp_check_auth_req
1141 ** Description check authentication request
1142 *******************************************************************************/
smp_check_auth_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1143 void smp_check_auth_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1144 {
1145 UINT8 enc_enable = *(UINT8 *)p_data;
1146 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1147
1148 SMP_TRACE_DEBUG("%s rcvs enc_enable=%d i_keys=0x%x r_keys=0x%x "
1149 "(i-initiator r-responder)",
1150 __func__, enc_enable, p_cb->local_i_key, p_cb->local_r_key);
1151 if (enc_enable == 1)
1152 {
1153 if (p_cb->le_secure_connections_mode_is_used)
1154 {
1155 /* In LE SC mode LTK is used instead of STK and has to be always saved */
1156 p_cb->local_i_key |= SMP_SEC_KEY_TYPE_ENC;
1157 p_cb->local_r_key |= SMP_SEC_KEY_TYPE_ENC;
1158
1159 /* In LE SC mode LK is derived from LTK only if both sides request it */
1160 if (!(p_cb->local_i_key & SMP_SEC_KEY_TYPE_LK) ||
1161 !(p_cb->local_r_key & SMP_SEC_KEY_TYPE_LK))
1162 {
1163 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1164 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1165 }
1166
1167 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
1168 ** Set local_r_key on master to expect only these keys.
1169 */
1170 if (p_cb->role == HCI_ROLE_MASTER)
1171 {
1172 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
1173 }
1174 }
1175 else
1176 {
1177 /* in legacy mode derivation of BR/EDR LK is not supported */
1178 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1179 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1180 }
1181 SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x "
1182 "(i-initiator r-responder)",
1183 __func__, p_cb->local_i_key, p_cb->local_r_key);
1184
1185 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
1186 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
1187 (p_cb->local_i_key || p_cb->local_r_key))
1188 {
1189 smp_sm_event(p_cb, SMP_BOND_REQ_EVT, NULL);
1190 }
1191 else
1192 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1193 }
1194 else if (enc_enable == 0)
1195 {
1196 /* if failed for encryption after pairing, send callback */
1197 if (p_cb->flags & SMP_PAIR_FLAG_ENC_AFTER_PAIR)
1198 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1199 /* if enc failed for old security information */
1200 /* if master device, clean up and abck to idle; slave device do nothing */
1201 else if (p_cb->role == HCI_ROLE_MASTER)
1202 {
1203 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1204 }
1205 }
1206 }
1207
1208 /*******************************************************************************
1209 ** Function smp_key_pick_key
1210 ** Description Pick a key distribution function based on the key mask.
1211 *******************************************************************************/
smp_key_pick_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1212 void smp_key_pick_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1213 {
1214 UINT8 key_to_dist = (p_cb->role == HCI_ROLE_SLAVE) ? p_cb->local_r_key : p_cb->local_i_key;
1215 UINT8 i = 0;
1216
1217 SMP_TRACE_DEBUG("%s key_to_dist=0x%x", __func__, key_to_dist);
1218 while (i < SMP_KEY_DIST_TYPE_MAX)
1219 {
1220 SMP_TRACE_DEBUG("key to send = %02x, i = %d", key_to_dist, i);
1221
1222 if (key_to_dist & (1 << i))
1223 {
1224 SMP_TRACE_DEBUG("smp_distribute_act[%d]", i);
1225 (* smp_distribute_act[i])(p_cb, p_data);
1226 break;
1227 }
1228 i ++;
1229 }
1230 }
1231 /*******************************************************************************
1232 ** Function smp_key_distribution
1233 ** Description start key distribution if required.
1234 *******************************************************************************/
smp_key_distribution(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1235 void smp_key_distribution(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1236 {
1237 UINT8 reason = SMP_SUCCESS;
1238 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x",
1239 __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
1240
1241 if (p_cb->role == HCI_ROLE_SLAVE ||
1242 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER))
1243 {
1244 smp_key_pick_key(p_cb, p_data);
1245 }
1246
1247 if (!p_cb->local_i_key && !p_cb->local_r_key)
1248 {
1249 /* state check to prevent re-entrant */
1250 if (smp_get_state() == SMP_STATE_BOND_PENDING)
1251 {
1252 if (p_cb->derive_lk)
1253 {
1254 smp_derive_link_key_from_long_term_key(p_cb, NULL);
1255 p_cb->derive_lk = FALSE;
1256 }
1257
1258 if (p_cb->total_tx_unacked == 0)
1259 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1260 else
1261 p_cb->wait_for_authorization_complete = TRUE;
1262 }
1263 }
1264 }
1265
1266 /*******************************************************************************
1267 ** Function smp_decide_association_model
1268 ** Description This function is called to select assoc model to be used for
1269 ** STK generation and to start STK generation process.
1270 **
1271 *******************************************************************************/
smp_decide_association_model(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1272 void smp_decide_association_model(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1273 {
1274 UINT8 failure = SMP_UNKNOWN_IO_CAP;
1275 UINT8 int_evt = 0;
1276 tSMP_KEY key;
1277 tSMP_INT_DATA *p = NULL;
1278
1279 SMP_TRACE_DEBUG("%s Association Model = %d", __func__, p_cb->selected_association_model);
1280
1281 switch (p_cb->selected_association_model)
1282 {
1283 case SMP_MODEL_ENCRYPTION_ONLY: /* TK = 0, go calculate Confirm */
1284 if (p_cb->role == HCI_ROLE_MASTER &&
1285 ((p_cb->peer_auth_req & SMP_AUTH_YN_BIT) != 0) &&
1286 ((p_cb->loc_auth_req & SMP_AUTH_YN_BIT) == 0))
1287 {
1288 SMP_TRACE_ERROR ("IO capability does not meet authentication requirement");
1289 failure = SMP_PAIR_AUTH_FAIL;
1290 p = (tSMP_INT_DATA *)&failure;
1291 int_evt = SMP_AUTH_CMPL_EVT;
1292 }
1293 else
1294 {
1295 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1296 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level );
1297
1298 key.key_type = SMP_KEY_TYPE_TK;
1299 key.p_data = p_cb->tk;
1300 p = (tSMP_INT_DATA *)&key;
1301
1302 memset(p_cb->tk, 0, BT_OCTET16_LEN);
1303 /* TK, ready */
1304 int_evt = SMP_KEY_READY_EVT;
1305 }
1306 break;
1307
1308 case SMP_MODEL_PASSKEY:
1309 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1310 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1311
1312 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1313 int_evt = SMP_TK_REQ_EVT;
1314 break;
1315
1316 case SMP_MODEL_OOB:
1317 SMP_TRACE_ERROR ("Association Model = SMP_MODEL_OOB");
1318 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1319 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1320
1321 p_cb->cb_evt = SMP_OOB_REQ_EVT;
1322 int_evt = SMP_TK_REQ_EVT;
1323 break;
1324
1325 case SMP_MODEL_KEY_NOTIF:
1326 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1327 SMP_TRACE_DEBUG("Need to generate Passkey");
1328
1329 /* generate passkey and notify application */
1330 smp_generate_passkey(p_cb, NULL);
1331 break;
1332
1333 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1334 case SMP_MODEL_SEC_CONN_NUM_COMP:
1335 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1336 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1337 case SMP_MODEL_SEC_CONN_OOB:
1338 int_evt = SMP_PUBL_KEY_EXCH_REQ_EVT;
1339 break;
1340
1341 case SMP_MODEL_OUT_OF_RANGE:
1342 SMP_TRACE_ERROR("Association Model = SMP_MODEL_OUT_OF_RANGE (failed)");
1343 p = (tSMP_INT_DATA *)&failure;
1344 int_evt = SMP_AUTH_CMPL_EVT;
1345 break;
1346
1347 default:
1348 SMP_TRACE_ERROR("Association Model = %d (SOMETHING IS WRONG WITH THE CODE)",
1349 p_cb->selected_association_model);
1350 p = (tSMP_INT_DATA *)&failure;
1351 int_evt = SMP_AUTH_CMPL_EVT;
1352 }
1353
1354 SMP_TRACE_EVENT ("sec_level=%d ", p_cb->sec_level );
1355 if (int_evt)
1356 smp_sm_event(p_cb, int_evt, p);
1357 }
1358
1359 /*******************************************************************************
1360 ** Function smp_process_io_response
1361 ** Description process IO response for a slave device.
1362 *******************************************************************************/
smp_process_io_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1363 void smp_process_io_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1364 {
1365 uint8_t reason = SMP_PAIR_AUTH_FAIL;
1366
1367 SMP_TRACE_DEBUG("%s", __func__);
1368 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)
1369 {
1370 /* pairing started by local (slave) Security Request */
1371 smp_set_state(SMP_STATE_SEC_REQ_PENDING);
1372 smp_send_cmd(SMP_OPCODE_SEC_REQ, p_cb);
1373 }
1374 else /* plan to send pairing respond */
1375 {
1376 /* pairing started by peer (master) Pairing Request */
1377 p_cb->selected_association_model = smp_select_association_model(p_cb);
1378
1379 if (p_cb->secure_connections_only_mode_required &&
1380 (!(p_cb->le_secure_connections_mode_is_used) ||
1381 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
1382 {
1383 SMP_TRACE_ERROR ("Slave requires secure connection only mode \
1384 but it can't be provided -> Slave fails pairing");
1385 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1386 return;
1387 }
1388
1389 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
1390 {
1391 if (smp_request_oob_data(p_cb)) return;
1392 }
1393 smp_send_pair_rsp(p_cb, NULL);
1394 }
1395 }
1396
1397 /*******************************************************************************
1398 ** Function smp_br_process_slave_keys_response
1399 ** Description process application keys response for a slave device
1400 ** (BR/EDR transport).
1401 *******************************************************************************/
smp_br_process_slave_keys_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1402 void smp_br_process_slave_keys_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1403 {
1404 smp_br_send_pair_response(p_cb, NULL);
1405 }
1406
1407 /*******************************************************************************
1408 ** Function smp_br_send_pair_response
1409 ** Description actions related to sending pairing response over BR/EDR transport.
1410 *******************************************************************************/
smp_br_send_pair_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1411 void smp_br_send_pair_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1412 {
1413 SMP_TRACE_DEBUG("%s", __func__);
1414
1415 p_cb->local_i_key &= p_cb->peer_i_key;
1416 p_cb->local_r_key &= p_cb->peer_r_key;
1417
1418 smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb);
1419 }
1420
1421 /*******************************************************************************
1422 ** Function smp_pairing_cmpl
1423 ** Description This function is called to send the pairing complete callback
1424 ** and remove the connection if needed.
1425 *******************************************************************************/
smp_pairing_cmpl(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1426 void smp_pairing_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1427 {
1428 if (p_cb->total_tx_unacked == 0)
1429 {
1430 /* update connection parameter to remote preferred */
1431 L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, TRUE);
1432 /* process the pairing complete */
1433 smp_proc_pairing_cmpl(p_cb);
1434 }
1435 }
1436
1437 /*******************************************************************************
1438 ** Function smp_pair_terminate
1439 ** Description This function is called to send the pairing complete callback
1440 ** and remove the connection if needed.
1441 *******************************************************************************/
smp_pair_terminate(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1442 void smp_pair_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1443 {
1444 SMP_TRACE_DEBUG("%s", __func__);
1445 p_cb->status = SMP_CONN_TOUT;
1446 smp_proc_pairing_cmpl(p_cb);
1447 }
1448
1449 /*******************************************************************************
1450 ** Function smp_idle_terminate
1451 ** Description This function calledin idle state to determine to send authentication
1452 ** complete or not.
1453 *******************************************************************************/
smp_idle_terminate(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1454 void smp_idle_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1455 {
1456 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)
1457 {
1458 SMP_TRACE_DEBUG("Pairing terminated at IDLE state.");
1459 p_cb->status = SMP_FAIL;
1460 smp_proc_pairing_cmpl(p_cb);
1461 }
1462 }
1463
1464 /*******************************************************************************
1465 ** Function smp_fast_conn_param
1466 ** Description apply default connection parameter for pairing process
1467 *******************************************************************************/
smp_fast_conn_param(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1468 void smp_fast_conn_param(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1469 {
1470 /* disable connection parameter update */
1471 L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, FALSE);
1472 }
1473
1474 /*******************************************************************************
1475 ** Function smp_both_have_public_keys
1476 ** Description The function is called when both local and peer public keys are
1477 ** saved.
1478 ** Actions:
1479 ** - invokes DHKey computation;
1480 ** - on slave side invokes sending local public key to the peer.
1481 ** - invokes SC phase 1 process.
1482 *******************************************************************************/
smp_both_have_public_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1483 void smp_both_have_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1484 {
1485 SMP_TRACE_DEBUG("%s",__func__);
1486
1487 /* invokes DHKey computation */
1488 smp_compute_dhkey(p_cb);
1489
1490 /* on slave side invokes sending local public key to the peer */
1491 if (p_cb->role == HCI_ROLE_SLAVE)
1492 smp_send_pair_public_key(p_cb, NULL);
1493
1494 smp_sm_event(p_cb, SMP_SC_DHKEY_CMPLT_EVT, NULL);
1495 }
1496
1497 /*******************************************************************************
1498 ** Function smp_start_secure_connection_phase1
1499 ** Description The function starts Secure Connection phase1 i.e. invokes initialization of Secure Connection
1500 ** phase 1 parameters and starts building/sending to the peer
1501 ** messages appropriate for the role and association model.
1502 *******************************************************************************/
smp_start_secure_connection_phase1(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1503 void smp_start_secure_connection_phase1(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1504 {
1505 SMP_TRACE_DEBUG("%s", __func__);
1506
1507 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)
1508 {
1509 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1510 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level );
1511 }
1512 else
1513 {
1514 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1515 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1516 }
1517
1518 switch(p_cb->selected_association_model)
1519 {
1520 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1521 case SMP_MODEL_SEC_CONN_NUM_COMP:
1522 memset(p_cb->local_random, 0, BT_OCTET16_LEN);
1523 smp_start_nonce_generation(p_cb);
1524 break;
1525 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1526 /* user has to provide passkey */
1527 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1528 smp_sm_event(p_cb, SMP_TK_REQ_EVT, NULL);
1529 break;
1530 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1531 /* passkey has to be provided to user */
1532 SMP_TRACE_DEBUG("Need to generate SC Passkey");
1533 smp_generate_passkey(p_cb, NULL);
1534 break;
1535 case SMP_MODEL_SEC_CONN_OOB:
1536 /* use the available OOB information */
1537 smp_process_secure_connection_oob_data(p_cb, NULL);
1538 break;
1539 default:
1540 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1541 p_cb->selected_association_model);
1542 break;
1543 }
1544 }
1545
1546 /*******************************************************************************
1547 ** Function smp_process_local_nonce
1548 ** Description The function processes new local nonce.
1549 **
1550 ** Note It is supposed to be called in SC phase1.
1551 *******************************************************************************/
smp_process_local_nonce(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1552 void smp_process_local_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1553 {
1554 SMP_TRACE_DEBUG("%s", __func__);
1555
1556 switch(p_cb->selected_association_model)
1557 {
1558 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1559 case SMP_MODEL_SEC_CONN_NUM_COMP:
1560 if (p_cb->role == HCI_ROLE_SLAVE)
1561 {
1562 /* slave calculates and sends local commitment */
1563 smp_calculate_local_commitment(p_cb);
1564 smp_send_commitment(p_cb, NULL);
1565 /* slave has to wait for peer nonce */
1566 smp_set_state(SMP_STATE_WAIT_NONCE);
1567 }
1568 else /* i.e. master */
1569 {
1570 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM)
1571 {
1572 /* slave commitment is already received, send local nonce, wait for remote nonce*/
1573 SMP_TRACE_DEBUG("master in assoc mode = %d \
1574 already rcvd slave commitment - race condition",
1575 p_cb->selected_association_model);
1576 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1577 smp_send_rand(p_cb, NULL);
1578 smp_set_state(SMP_STATE_WAIT_NONCE);
1579 }
1580 }
1581 break;
1582 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1583 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1584 smp_calculate_local_commitment(p_cb);
1585
1586 if (p_cb->role == HCI_ROLE_MASTER)
1587 {
1588 smp_send_commitment(p_cb, NULL);
1589 }
1590 else /* slave */
1591 {
1592 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM)
1593 {
1594 /* master commitment is already received */
1595 smp_send_commitment(p_cb, NULL);
1596 smp_set_state(SMP_STATE_WAIT_NONCE);
1597 }
1598 }
1599 break;
1600 case SMP_MODEL_SEC_CONN_OOB:
1601 if (p_cb->role == HCI_ROLE_MASTER)
1602 {
1603 smp_send_rand(p_cb, NULL);
1604 }
1605
1606 smp_set_state(SMP_STATE_WAIT_NONCE);
1607 break;
1608 default:
1609 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1610 p_cb->selected_association_model);
1611 break;
1612 }
1613 }
1614
1615 /*******************************************************************************
1616 ** Function smp_process_peer_nonce
1617 ** Description The function processes newly received and saved in CB peer nonce.
1618 ** The actions depend on the selected association model and the role.
1619 **
1620 ** Note It is supposed to be called in SC phase1.
1621 *******************************************************************************/
smp_process_peer_nonce(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1622 void smp_process_peer_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1623 {
1624 UINT8 reason;
1625
1626 SMP_TRACE_DEBUG("%s start ", __func__);
1627
1628 switch(p_cb->selected_association_model)
1629 {
1630 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1631 case SMP_MODEL_SEC_CONN_NUM_COMP:
1632 /* in these models only master receives commitment */
1633 if (p_cb->role == HCI_ROLE_MASTER)
1634 {
1635 if (!smp_check_commitment(p_cb))
1636 {
1637 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1638 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1639 break;
1640 }
1641 }
1642 else
1643 {
1644 /* slave sends local nonce */
1645 smp_send_rand(p_cb, NULL);
1646 }
1647
1648 if(p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)
1649 {
1650 /* go directly to phase 2 */
1651 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1652 }
1653 else /* numeric comparison */
1654 {
1655 smp_set_state(SMP_STATE_WAIT_NONCE);
1656 smp_sm_event(p_cb, SMP_SC_CALC_NC_EVT, NULL);
1657 }
1658 break;
1659 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1660 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1661 if (!smp_check_commitment(p_cb))
1662 {
1663 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1664 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1665 break;
1666 }
1667
1668 if (p_cb->role == HCI_ROLE_SLAVE)
1669 {
1670 smp_send_rand(p_cb, NULL);
1671 }
1672
1673 if (++p_cb->round < 20)
1674 {
1675 smp_set_state(SMP_STATE_SEC_CONN_PHS1_START);
1676 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1677 smp_start_nonce_generation(p_cb);
1678 break;
1679 }
1680
1681 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1682 break;
1683 case SMP_MODEL_SEC_CONN_OOB:
1684 if (p_cb->role == HCI_ROLE_SLAVE)
1685 {
1686 smp_send_rand(p_cb, NULL);
1687 }
1688
1689 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1690 break;
1691 default:
1692 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1693 p_cb->selected_association_model);
1694 break;
1695 }
1696
1697 SMP_TRACE_DEBUG("%s end ",__FUNCTION__);
1698 }
1699
1700 /*******************************************************************************
1701 ** Function smp_match_dhkey_checks
1702 ** Description checks if the calculated peer DHKey Check value is the same as
1703 ** received from the peer DHKey check value.
1704 *******************************************************************************/
smp_match_dhkey_checks(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1705 void smp_match_dhkey_checks(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1706 {
1707 UINT8 reason = SMP_DHKEY_CHK_FAIL;
1708
1709 SMP_TRACE_DEBUG("%s", __func__);
1710
1711 if (memcmp(p_data->key.p_data, p_cb->remote_dhkey_check, BT_OCTET16_LEN))
1712 {
1713 SMP_TRACE_WARNING ("dhkey chcks do no match");
1714 p_cb->failure = reason;
1715 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1716 return;
1717 }
1718
1719 SMP_TRACE_EVENT ("dhkey chcks match");
1720
1721 /* compare the max encryption key size, and save the smaller one for the link */
1722 if (p_cb->peer_enc_size < p_cb->loc_enc_size)
1723 p_cb->loc_enc_size = p_cb->peer_enc_size;
1724
1725 if (p_cb->role == HCI_ROLE_SLAVE)
1726 {
1727 smp_sm_event(p_cb, SMP_PAIR_DHKEY_CHCK_EVT, NULL);
1728 }
1729 else
1730 {
1731 /* master device always use received i/r key as keys to distribute */
1732 p_cb->local_i_key = p_cb->peer_i_key;
1733 p_cb->local_r_key = p_cb->peer_r_key;
1734 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1735 }
1736 }
1737
1738 /*******************************************************************************
1739 ** Function smp_move_to_secure_connections_phase2
1740 ** Description Signal State Machine to start SC phase 2 initialization (to
1741 ** compute local DHKey Check value).
1742 **
1743 ** Note SM is supposed to be in the state SMP_STATE_SEC_CONN_PHS2_START.
1744 *******************************************************************************/
smp_move_to_secure_connections_phase2(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1745 void smp_move_to_secure_connections_phase2(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1746 {
1747 SMP_TRACE_DEBUG("%s",__func__);
1748 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1749 }
1750
1751 /*******************************************************************************
1752 ** Function smp_phase_2_dhkey_checks_are_present
1753 ** Description generates event if dhkey check from the peer is already received.
1754 **
1755 ** Note It is supposed to be used on slave to prevent race condition.
1756 ** It is supposed to be called after slave dhkey check is calculated.
1757 *******************************************************************************/
smp_phase_2_dhkey_checks_are_present(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1758 void smp_phase_2_dhkey_checks_are_present(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1759 {
1760 SMP_TRACE_DEBUG("%s",__func__);
1761
1762 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK)
1763 smp_sm_event(p_cb, SMP_SC_2_DHCK_CHKS_PRES_EVT, NULL);
1764 }
1765
1766 /*******************************************************************************
1767 ** Function smp_wait_for_both_public_keys
1768 ** Description generates SMP_BOTH_PUBL_KEYS_RCVD_EVT event when both local and master
1769 ** public keys are available.
1770 **
1771 ** Note on the slave it is used to prevent race condition.
1772 **
1773 *******************************************************************************/
smp_wait_for_both_public_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1774 void smp_wait_for_both_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1775 {
1776 SMP_TRACE_DEBUG("%s",__func__);
1777
1778 if ((p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY) &&
1779 (p_cb->flags & SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY))
1780 {
1781 if ((p_cb->role == HCI_ROLE_SLAVE) &&
1782 ((p_cb->req_oob_type == SMP_OOB_LOCAL) || (p_cb->req_oob_type == SMP_OOB_BOTH)))
1783 {
1784 smp_set_state(SMP_STATE_PUBLIC_KEY_EXCH);
1785 }
1786 smp_sm_event(p_cb, SMP_BOTH_PUBL_KEYS_RCVD_EVT, NULL);
1787 }
1788 }
1789
1790 /*******************************************************************************
1791 ** Function smp_start_passkey_verification
1792 ** Description Starts SC passkey entry verification.
1793 *******************************************************************************/
smp_start_passkey_verification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1794 void smp_start_passkey_verification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1795 {
1796 UINT8 *p = NULL;
1797
1798 SMP_TRACE_DEBUG("%s", __func__);
1799 p = p_cb->local_random;
1800 UINT32_TO_STREAM(p, p_data->passkey);
1801
1802 p = p_cb->peer_random;
1803 UINT32_TO_STREAM(p, p_data->passkey);
1804
1805 p_cb->round = 0;
1806 smp_start_nonce_generation(p_cb);
1807 }
1808
1809 /*******************************************************************************
1810 ** Function smp_process_secure_connection_oob_data
1811 ** Description Processes local/peer SC OOB data received from somewhere.
1812 *******************************************************************************/
smp_process_secure_connection_oob_data(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1813 void smp_process_secure_connection_oob_data(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1814 {
1815 SMP_TRACE_DEBUG("%s", __func__);
1816
1817 tSMP_SC_OOB_DATA *p_sc_oob_data = &p_cb->sc_oob_data;
1818 if (p_sc_oob_data->loc_oob_data.present)
1819 {
1820 memcpy(p_cb->local_random, p_sc_oob_data->loc_oob_data.randomizer,
1821 sizeof(p_cb->local_random));
1822 }
1823 else
1824 {
1825 SMP_TRACE_EVENT ("local OOB randomizer is absent");
1826 memset(p_cb->local_random, 0, sizeof (p_cb->local_random));
1827 }
1828
1829 if (!p_sc_oob_data->peer_oob_data.present)
1830 {
1831 SMP_TRACE_EVENT ("peer OOB data is absent");
1832 memset(p_cb->peer_random, 0, sizeof (p_cb->peer_random));
1833 }
1834 else
1835 {
1836 memcpy(p_cb->peer_random, p_sc_oob_data->peer_oob_data.randomizer,
1837 sizeof(p_cb->peer_random));
1838 memcpy(p_cb->remote_commitment, p_sc_oob_data->peer_oob_data.commitment,
1839 sizeof(p_cb->remote_commitment));
1840
1841 UINT8 reason = SMP_CONFIRM_VALUE_ERR;
1842 /* check commitment */
1843 if (!smp_check_commitment(p_cb))
1844 {
1845 p_cb->failure = reason;
1846 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1847 return;
1848 }
1849
1850 if (p_cb->peer_oob_flag != SMP_OOB_PRESENT)
1851 {
1852 /* the peer doesn't have local randomiser */
1853 SMP_TRACE_EVENT ("peer didn't receive local OOB data, set local randomizer to 0");
1854 memset(p_cb->local_random, 0, sizeof (p_cb->local_random));
1855 }
1856 }
1857
1858 print128(p_cb->local_random, (const UINT8 *)"local OOB randomizer");
1859 print128(p_cb->peer_random, (const UINT8 *)"peer OOB randomizer");
1860 smp_start_nonce_generation(p_cb);
1861 }
1862
1863 /*******************************************************************************
1864 ** Function smp_set_local_oob_keys
1865 ** Description Saves calculated private/public keys in sc_oob_data.loc_oob_data,
1866 ** starts nonce generation
1867 ** (to be saved in sc_oob_data.loc_oob_data.randomizer).
1868 *******************************************************************************/
smp_set_local_oob_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1869 void smp_set_local_oob_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1870 {
1871 SMP_TRACE_DEBUG("%s", __func__);
1872
1873 memcpy(p_cb->sc_oob_data.loc_oob_data.private_key_used, p_cb->private_key,
1874 BT_OCTET32_LEN);
1875 p_cb->sc_oob_data.loc_oob_data.publ_key_used = p_cb->loc_publ_key;
1876 smp_start_nonce_generation(p_cb);
1877 }
1878
1879 /*******************************************************************************
1880 ** Function smp_set_local_oob_random_commitment
1881 ** Description Saves calculated randomizer and commitment in sc_oob_data.loc_oob_data,
1882 ** passes sc_oob_data.loc_oob_data up for safekeeping.
1883 *******************************************************************************/
smp_set_local_oob_random_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1884 void smp_set_local_oob_random_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1885 {
1886 SMP_TRACE_DEBUG("%s", __func__);
1887 memcpy(p_cb->sc_oob_data.loc_oob_data.randomizer, p_cb->rand,
1888 BT_OCTET16_LEN);
1889
1890 smp_calculate_f4(p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1891 p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1892 p_cb->sc_oob_data.loc_oob_data.randomizer, 0,
1893 p_cb->sc_oob_data.loc_oob_data.commitment);
1894
1895 #if SMP_DEBUG == TRUE
1896 UINT8 *p_print = NULL;
1897 SMP_TRACE_DEBUG("local SC OOB data set:");
1898 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.addr_sent_to;
1899 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"addr_sent_to",
1900 sizeof(tBLE_BD_ADDR));
1901 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.private_key_used;
1902 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"private_key_used",
1903 BT_OCTET32_LEN);
1904 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.x;
1905 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.x",
1906 BT_OCTET32_LEN);
1907 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.y;
1908 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.y",
1909 BT_OCTET32_LEN);
1910 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.randomizer;
1911 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"randomizer",
1912 BT_OCTET16_LEN);
1913 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.commitment;
1914 smp_debug_print_nbyte_little_endian (p_print,(const UINT8 *) "commitment",
1915 BT_OCTET16_LEN);
1916 SMP_TRACE_DEBUG("");
1917 #endif
1918
1919 /* pass created OOB data up */
1920 p_cb->cb_evt = SMP_SC_LOC_OOB_DATA_UP_EVT;
1921 smp_send_app_cback(p_cb, NULL);
1922
1923 smp_cb_cleanup(p_cb);
1924 }
1925
1926 /*******************************************************************************
1927 **
1928 ** Function smp_link_encrypted
1929 **
1930 ** Description This function is called when link is encrypted and notified to
1931 ** slave device. Proceed to to send LTK, DIV and ER to master if
1932 ** bonding the devices.
1933 **
1934 **
1935 ** Returns void
1936 **
1937 *******************************************************************************/
smp_link_encrypted(BD_ADDR bda,UINT8 encr_enable)1938 void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable)
1939 {
1940 tSMP_CB *p_cb = &smp_cb;
1941
1942 SMP_TRACE_DEBUG("%s encr_enable=%d", __func__, encr_enable);
1943
1944 if (memcmp(&smp_cb.pairing_bda[0], bda, BD_ADDR_LEN) == 0)
1945 {
1946 /* encryption completed with STK, remmeber the key size now, could be overwite
1947 * when key exchange happens */
1948 if (p_cb->loc_enc_size != 0 && encr_enable)
1949 {
1950 /* update the link encryption key size if a SMP pairing just performed */
1951 btm_ble_update_sec_key_size(bda, p_cb->loc_enc_size);
1952 }
1953
1954 smp_sm_event(&smp_cb, SMP_ENCRYPTED_EVT, &encr_enable);
1955 }
1956 }
1957
1958 /*******************************************************************************
1959 **
1960 ** Function smp_proc_ltk_request
1961 **
1962 ** Description This function is called when LTK request is received from
1963 ** controller.
1964 **
1965 ** Returns void
1966 **
1967 *******************************************************************************/
smp_proc_ltk_request(BD_ADDR bda)1968 BOOLEAN smp_proc_ltk_request(BD_ADDR bda)
1969 {
1970 SMP_TRACE_DEBUG("%s state = %d", __func__, smp_cb.state);
1971 BOOLEAN match = FALSE;
1972
1973 if (!memcmp(bda, smp_cb.pairing_bda, BD_ADDR_LEN))
1974 {
1975 match = TRUE;
1976 } else {
1977 BD_ADDR dummy_bda = {0};
1978 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bda);
1979 if (p_dev_rec != NULL &&
1980 0 == memcmp(p_dev_rec->ble.pseudo_addr, smp_cb.pairing_bda, BD_ADDR_LEN) &&
1981 0 != memcmp(p_dev_rec->ble.pseudo_addr, dummy_bda, BD_ADDR_LEN))
1982 {
1983 match = TRUE;
1984 }
1985 }
1986
1987 if (match && smp_cb.state == SMP_STATE_ENCRYPTION_PENDING)
1988 {
1989 smp_sm_event(&smp_cb, SMP_ENC_REQ_EVT, NULL);
1990 return TRUE;
1991 }
1992
1993 return FALSE;
1994 }
1995
1996 /*******************************************************************************
1997 **
1998 ** Function smp_process_secure_connection_long_term_key
1999 **
2000 ** Description This function is called to process SC LTK.
2001 ** SC LTK is calculated and used instead of STK.
2002 ** Here SC LTK is saved in BLE DB.
2003 **
2004 ** Returns void
2005 **
2006 *******************************************************************************/
smp_process_secure_connection_long_term_key(void)2007 void smp_process_secure_connection_long_term_key(void)
2008 {
2009 tSMP_CB *p_cb = &smp_cb;
2010
2011 SMP_TRACE_DEBUG("%s", __func__);
2012 smp_save_secure_connections_long_term_key(p_cb);
2013
2014 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
2015 smp_key_distribution(p_cb, NULL);
2016 }
2017
2018 /*******************************************************************************
2019 **
2020 ** Function smp_set_derive_link_key
2021 **
2022 ** Description This function is called to set flag that indicates that
2023 ** BR/EDR LK has to be derived from LTK after all keys are
2024 ** distributed.
2025 **
2026 ** Returns void
2027 **
2028 *******************************************************************************/
smp_set_derive_link_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2029 void smp_set_derive_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2030 {
2031 SMP_TRACE_DEBUG ("%s", __func__);
2032 p_cb->derive_lk = TRUE;
2033 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_LK, FALSE);
2034 smp_key_distribution(p_cb, NULL);
2035 }
2036
2037 /*******************************************************************************
2038 **
2039 ** Function smp_derive_link_key_from_long_term_key
2040 **
2041 ** Description This function is called to derive BR/EDR LK from LTK.
2042 **
2043 ** Returns void
2044 **
2045 *******************************************************************************/
smp_derive_link_key_from_long_term_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2046 void smp_derive_link_key_from_long_term_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2047 {
2048 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
2049
2050 SMP_TRACE_DEBUG("%s", __func__);
2051 if (!smp_calculate_link_key_from_long_term_key(p_cb))
2052 {
2053 SMP_TRACE_ERROR("%s failed", __FUNCTION__);
2054 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
2055 return;
2056 }
2057 }
2058
2059 /*******************************************************************************
2060 **
2061 ** Function smp_br_process_link_key
2062 **
2063 ** Description This function is called to process BR/EDR LK:
2064 ** - to derive SMP LTK from BR/EDR LK;
2065 *8 - to save SMP LTK.
2066 **
2067 ** Returns void
2068 **
2069 *******************************************************************************/
smp_br_process_link_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2070 void smp_br_process_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2071 {
2072 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
2073
2074 SMP_TRACE_DEBUG("%s", __func__);
2075 if (!smp_calculate_long_term_key_from_link_key(p_cb))
2076 {
2077 SMP_TRACE_ERROR ("%s failed",__FUNCTION__);
2078 smp_sm_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &status);
2079 return;
2080 }
2081
2082 SMP_TRACE_DEBUG("%s: LTK derivation from LK successfully completed", __FUNCTION__);
2083 smp_save_secure_connections_long_term_key(p_cb);
2084 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
2085 smp_br_select_next_key(p_cb, NULL);
2086 }
2087
2088 /*******************************************************************************
2089 ** Function smp_key_distribution_by_transport
2090 ** Description depending on the transport used at the moment calls either
2091 ** smp_key_distribution(...) or smp_br_key_distribution(...).
2092 *******************************************************************************/
smp_key_distribution_by_transport(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2093 void smp_key_distribution_by_transport(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2094 {
2095 SMP_TRACE_DEBUG("%s", __func__);
2096 if (p_cb->smp_over_br)
2097 {
2098 smp_br_select_next_key(p_cb, NULL);
2099 }
2100 else
2101 {
2102 smp_key_distribution(p_cb, NULL);
2103 }
2104 }
2105
2106 /*******************************************************************************
2107 ** Function smp_br_pairing_complete
2108 ** Description This function is called to send the pairing complete callback
2109 ** and remove the connection if needed.
2110 *******************************************************************************/
smp_br_pairing_complete(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2111 void smp_br_pairing_complete(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2112 {
2113 SMP_TRACE_DEBUG("%s", __func__);
2114
2115 if (p_cb->total_tx_unacked == 0)
2116 {
2117 /* process the pairing complete */
2118 smp_proc_pairing_cmpl(p_cb);
2119 }
2120 }
2121
2122 #endif
2123