1 /******************************************************************************
2 *
3 * Copyright (C) 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains security manager protocol utility functions
22 *
23 ******************************************************************************/
24 #include "bt_target.h"
25
26 #if SMP_INCLUDED == TRUE
27 #if SMP_DEBUG == TRUE
28 #include <stdio.h>
29 #endif
30 #include <string.h>
31 #include "bt_utils.h"
32 #include "btm_ble_api.h"
33 #include "smp_int.h"
34 #include "btm_int.h"
35 #include "btm_ble_int.h"
36 #include "hcimsgs.h"
37 #include "aes.h"
38 #include "p_256_ecc_pp.h"
39 #include "device/include/controller.h"
40
41 #ifndef SMP_MAX_ENC_REPEAT
42 #define SMP_MAX_ENC_REPEAT 3
43 #endif
44
45 static void smp_rand_back(tBTM_RAND_ENC *p);
46 static void smp_generate_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data);
47 static void smp_generate_ltk_cont(tSMP_CB *p_cb, tSMP_INT_DATA *p_data);
48 static void smp_generate_y(tSMP_CB *p_cb, tSMP_INT_DATA *p);
49 static void smp_generate_rand_vector (tSMP_CB *p_cb, tSMP_INT_DATA *p);
50 static void smp_process_stk(tSMP_CB *p_cb, tSMP_ENC *p);
51 static void smp_calculate_comfirm_cont(tSMP_CB *p_cb, tSMP_ENC *p);
52 static void smp_process_confirm(tSMP_CB *p_cb, tSMP_ENC *p);
53 static void smp_process_compare(tSMP_CB *p_cb, tSMP_ENC *p);
54 static void smp_process_ediv(tSMP_CB *p_cb, tSMP_ENC *p);
55 static BOOLEAN smp_calculate_legacy_short_term_key(tSMP_CB *p_cb, tSMP_ENC *output);
56 static void smp_continue_private_key_creation(tSMP_CB *p_cb, tBTM_RAND_ENC *p);
57 static void smp_process_private_key(tSMP_CB *p_cb);
58 static void smp_finish_nonce_generation(tSMP_CB *p_cb);
59 static void smp_process_new_nonce(tSMP_CB *p_cb);
60
61 static const tSMP_ACT smp_encrypt_action[] =
62 {
63 smp_generate_compare, /* SMP_GEN_COMPARE */
64 smp_generate_confirm, /* SMP_GEN_CONFIRM*/
65 smp_generate_stk, /* SMP_GEN_STK*/
66 smp_generate_ltk_cont, /* SMP_GEN_LTK */
67 smp_generate_ltk, /* SMP_GEN_DIV_LTK */
68 smp_generate_rand_vector, /* SMP_GEN_RAND_V */
69 smp_generate_y, /* SMP_GEN_EDIV */
70 smp_generate_passkey, /* SMP_GEN_TK */
71 smp_generate_srand_mrand_confirm, /* SMP_GEN_SRAND_MRAND */
72 smp_generate_rand_cont /* SMP_GEN_SRAND_MRAND_CONT */
73 };
74
75 #define SMP_PASSKEY_MASK 0xfff00000
76
smp_debug_print_nbyte_little_endian(UINT8 * p,const UINT8 * key_name,UINT8 len)77 void smp_debug_print_nbyte_little_endian(UINT8 *p, const UINT8 *key_name, UINT8 len)
78 {
79 #if SMP_DEBUG == TRUE
80 int ind, x;
81 int col_count = 32;
82 int row_count;
83 UINT8 p_buf[512];
84
85 SMP_TRACE_WARNING("%s(LSB ~ MSB):", key_name);
86 memset(p_buf, 0, sizeof(p_buf));
87 row_count = len % col_count ? len / col_count + 1: len / col_count;
88
89 ind = 0;
90 for (int row = 0; row < row_count; row++)
91 {
92 for (int column = 0, x = 0; (ind < len) && (column < col_count); column++, ind++)
93 {
94 x += sprintf((char *)&p_buf[x], "%02x ", p[ind]);
95 }
96 SMP_TRACE_WARNING(" [%03d]: %s", row * col_count, p_buf);
97 }
98 #endif
99 }
100
smp_debug_print_nbyte_big_endian(UINT8 * p,const UINT8 * key_name,UINT8 len)101 void smp_debug_print_nbyte_big_endian (UINT8 *p, const UINT8 *key_name, UINT8 len)
102 {
103 #if SMP_DEBUG == TRUE
104 UINT8 p_buf[512];
105
106 SMP_TRACE_WARNING("%s(MSB ~ LSB):", key_name);
107 memset(p_buf, 0, sizeof(p_buf));
108 nrows = len % ncols ? len / ncols + 1: len / ncols;
109
110 int ind = 0;
111 int ncols = 32; /* num entries in one line */
112 int nrows; /* num lines */
113 int x;
114
115 for (int row = 0; row < nrows; row++)
116 {
117 for (int col = 0, x = 0; (ind < len) && (col < ncols); col++, ind++)
118 {
119 x += sprintf ((char *)&p_buf[len-x-1], "%02x ", p[ind]);
120 }
121 SMP_TRACE_WARNING("[%03d]: %s", row * ncols, p_buf);
122 }
123 #endif
124 }
125
126 /*******************************************************************************
127 **
128 ** Function smp_encrypt_data
129 **
130 ** Description This function is called to encrypt data.
131 ** It uses AES-128 encryption algorithm.
132 ** Plain_text is encrypted using key, the result is at p_out.
133 **
134 ** Returns void
135 **
136 *******************************************************************************/
smp_encrypt_data(UINT8 * key,UINT8 key_len,UINT8 * plain_text,UINT8 pt_len,tSMP_ENC * p_out)137 BOOLEAN smp_encrypt_data (UINT8 *key, UINT8 key_len,
138 UINT8 *plain_text, UINT8 pt_len,
139 tSMP_ENC *p_out)
140 {
141 aes_context ctx;
142 UINT8 *p_start = NULL;
143 UINT8 *p = NULL;
144 UINT8 *p_rev_data = NULL; /* input data in big endilan format */
145 UINT8 *p_rev_key = NULL; /* input key in big endilan format */
146 UINT8 *p_rev_output = NULL; /* encrypted output in big endilan format */
147
148 SMP_TRACE_DEBUG ("%s", __func__);
149 if ( (p_out == NULL ) || (key_len != SMP_ENCRYT_KEY_SIZE) )
150 {
151 SMP_TRACE_ERROR ("%s failed", __func__);
152 return FALSE;
153 }
154
155 if ((p_start = (UINT8 *)GKI_getbuf((SMP_ENCRYT_DATA_SIZE*4))) == NULL)
156 {
157 SMP_TRACE_ERROR ("%s failed unable to allocate buffer", __func__);
158 return FALSE;
159 }
160
161 if (pt_len > SMP_ENCRYT_DATA_SIZE)
162 pt_len = SMP_ENCRYT_DATA_SIZE;
163
164 memset(p_start, 0, SMP_ENCRYT_DATA_SIZE * 4);
165 p = p_start;
166 ARRAY_TO_STREAM (p, plain_text, pt_len); /* byte 0 to byte 15 */
167 p_rev_data = p = p_start + SMP_ENCRYT_DATA_SIZE; /* start at byte 16 */
168 REVERSE_ARRAY_TO_STREAM (p, p_start, SMP_ENCRYT_DATA_SIZE); /* byte 16 to byte 31 */
169 p_rev_key = p; /* start at byte 32 */
170 REVERSE_ARRAY_TO_STREAM (p, key, SMP_ENCRYT_KEY_SIZE); /* byte 32 to byte 47 */
171
172 #if SMP_DEBUG == TRUE && SMP_DEBUG_VERBOSE == TRUE
173 smp_debug_print_nbyte_little_endian(key, (const UINT8 *)"Key", SMP_ENCRYT_KEY_SIZE);
174 smp_debug_print_nbyte_little_endian(p_start, (const UINT8 *)"Plain text", SMP_ENCRYT_DATA_SIZE);
175 #endif
176 p_rev_output = p;
177 aes_set_key(p_rev_key, SMP_ENCRYT_KEY_SIZE, &ctx);
178 aes_encrypt(p_rev_data, p, &ctx); /* outputs in byte 48 to byte 63 */
179
180 p = p_out->param_buf;
181 REVERSE_ARRAY_TO_STREAM (p, p_rev_output, SMP_ENCRYT_DATA_SIZE);
182 #if SMP_DEBUG == TRUE && SMP_DEBUG_VERBOSE == TRUE
183 smp_debug_print_nbyte_little_endian(p_out->param_buf, (const UINT8 *)"Encrypted text", SMP_ENCRYT_KEY_SIZE);
184 #endif
185
186 p_out->param_len = SMP_ENCRYT_KEY_SIZE;
187 p_out->status = HCI_SUCCESS;
188 p_out->opcode = HCI_BLE_ENCRYPT;
189
190 GKI_freebuf(p_start);
191
192 return TRUE;
193 }
194
195 /*******************************************************************************
196 **
197 ** Function smp_generate_passkey
198 **
199 ** Description This function is called to generate passkey.
200 **
201 ** Returns void
202 **
203 *******************************************************************************/
smp_generate_passkey(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)204 void smp_generate_passkey(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
205 {
206 UNUSED(p_data);
207
208 SMP_TRACE_DEBUG ("%s", __func__);
209 p_cb->rand_enc_proc_state = SMP_GEN_TK;
210
211 /* generate MRand or SRand */
212 if (!btsnd_hcic_ble_rand((void *)smp_rand_back))
213 smp_rand_back(NULL);
214 }
215
216 /*******************************************************************************
217 **
218 ** Function smp_proc_passkey
219 **
220 ** Description This function is called to process a passkey.
221 **
222 ** Returns void
223 **
224 *******************************************************************************/
smp_proc_passkey(tSMP_CB * p_cb,tBTM_RAND_ENC * p)225 void smp_proc_passkey(tSMP_CB *p_cb , tBTM_RAND_ENC *p)
226 {
227 UINT8 *tt = p_cb->tk;
228 tSMP_KEY key;
229 UINT32 passkey; /* 19655 test number; */
230 UINT8 *pp = p->param_buf;
231
232 SMP_TRACE_DEBUG ("%s", __func__);
233 STREAM_TO_UINT32(passkey, pp);
234 passkey &= ~SMP_PASSKEY_MASK;
235
236 /* truncate by maximum value */
237 while (passkey > BTM_MAX_PASSKEY_VAL)
238 passkey >>= 1;
239
240 /* save the TK */
241 memset(p_cb->tk, 0, BT_OCTET16_LEN);
242 UINT32_TO_STREAM(tt, passkey);
243
244 key.key_type = SMP_KEY_TYPE_TK;
245 key.p_data = p_cb->tk;
246
247 if (p_cb->p_callback)
248 {
249 (*p_cb->p_callback)(SMP_PASSKEY_NOTIF_EVT, p_cb->pairing_bda, (tSMP_EVT_DATA *)&passkey);
250 }
251
252 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_PASSKEY_DISP)
253 {
254 smp_sm_event(&smp_cb, SMP_KEY_READY_EVT, &passkey);
255 }
256 else
257 {
258 smp_sm_event(p_cb, SMP_KEY_READY_EVT, (tSMP_INT_DATA *)&key);
259 }
260 }
261
262 /*******************************************************************************
263 **
264 ** Function smp_generate_stk
265 **
266 ** Description This function is called to generate STK calculated by running
267 ** AES with the TK value as key and a concatenation of the random
268 ** values.
269 **
270 ** Returns void
271 **
272 *******************************************************************************/
smp_generate_stk(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)273 void smp_generate_stk(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
274 {
275 UNUSED(p_data);
276
277 tSMP_ENC output;
278 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
279
280 SMP_TRACE_DEBUG ("%s", __func__);
281
282 if (p_cb->le_secure_connections_mode_is_used)
283 {
284 SMP_TRACE_WARNING ("FOR LE SC LTK IS USED INSTEAD OF STK");
285 output.param_len = SMP_ENCRYT_KEY_SIZE;
286 output.status = HCI_SUCCESS;
287 output.opcode = HCI_BLE_ENCRYPT;
288 memcpy(output.param_buf, p_cb->ltk, SMP_ENCRYT_DATA_SIZE);
289 }
290 else if (!smp_calculate_legacy_short_term_key(p_cb, &output))
291 {
292 SMP_TRACE_ERROR("%s failed", __func__);
293 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
294 return;
295 }
296
297 smp_process_stk(p_cb, &output);
298 }
299
300 /*******************************************************************************
301 **
302 ** Function smp_generate_srand_mrand_confirm
303 **
304 ** Description This function is called to start the second pairing phase by
305 ** start generating random number.
306 **
307 **
308 ** Returns void
309 **
310 *******************************************************************************/
smp_generate_srand_mrand_confirm(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)311 void smp_generate_srand_mrand_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
312 {
313 UNUSED(p_data);
314
315 SMP_TRACE_DEBUG ("%s", __func__);
316 p_cb->rand_enc_proc_state = SMP_GEN_SRAND_MRAND;
317 /* generate MRand or SRand */
318 if (!btsnd_hcic_ble_rand((void *)smp_rand_back))
319 smp_rand_back(NULL);
320 }
321
322 /*******************************************************************************
323 **
324 ** Function smp_generate_rand_cont
325 **
326 ** Description This function is called to generate another 64 bits random for
327 ** MRand or Srand.
328 **
329 ** Returns void
330 **
331 *******************************************************************************/
smp_generate_rand_cont(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)332 void smp_generate_rand_cont(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
333 {
334 UNUSED(p_data);
335
336 SMP_TRACE_DEBUG ("%s", __func__);
337 p_cb->rand_enc_proc_state = SMP_GEN_SRAND_MRAND_CONT;
338 /* generate 64 MSB of MRand or SRand */
339 if (!btsnd_hcic_ble_rand((void *)smp_rand_back))
340 smp_rand_back(NULL);
341 }
342
343 /*******************************************************************************
344 **
345 ** Function smp_generate_ltk
346 **
347 ** Description This function is called:
348 ** - in legacy pairing - to calculate LTK, starting with DIV
349 ** generation;
350 ** - in LE Secure Connections pairing over LE transport - to process LTK
351 ** already generated to encrypt LE link;
352 ** - in LE Secure Connections pairing over BR/EDR transport - to start
353 ** BR/EDR Link Key processing.
354 **
355 ** Returns void
356 **
357 *******************************************************************************/
smp_generate_ltk(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)358 void smp_generate_ltk(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
359 {
360 UNUSED(p_data);
361
362 BOOLEAN div_status;
363 SMP_TRACE_DEBUG ("%s", __FUNCTION__);
364 if (smp_get_br_state() == SMP_BR_STATE_BOND_PENDING)
365 {
366 smp_br_process_link_key(p_cb, NULL);
367 return;
368 }
369 else if (p_cb->le_secure_connections_mode_is_used)
370 {
371 smp_process_secure_connection_long_term_key();
372 return;
373 }
374
375 div_status = btm_get_local_div(p_cb->pairing_bda, &p_cb->div);
376
377 if (div_status)
378 {
379 smp_generate_ltk_cont(p_cb, NULL);
380 }
381 else
382 {
383 SMP_TRACE_DEBUG ("Generate DIV for LTK");
384 p_cb->rand_enc_proc_state = SMP_GEN_DIV_LTK;
385 /* generate MRand or SRand */
386 if (!btsnd_hcic_ble_rand((void *)smp_rand_back))
387 smp_rand_back(NULL);
388 }
389 }
390
391 /*******************************************************************************
392 **
393 ** Function smp_compute_csrk
394 **
395 ** Description This function is called to calculate CSRK
396 **
397 **
398 ** Returns void
399 **
400 *******************************************************************************/
smp_compute_csrk(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)401 void smp_compute_csrk(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
402 {
403 UNUSED(p_data);
404
405 BT_OCTET16 er;
406 UINT8 buffer[4]; /* for (r || DIV) r=1*/
407 UINT16 r=1;
408 UINT8 *p=buffer;
409 tSMP_ENC output;
410 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
411
412 SMP_TRACE_DEBUG ("smp_compute_csrk div=%x", p_cb->div);
413 BTM_GetDeviceEncRoot(er);
414 /* CSRK = d1(ER, DIV, 1) */
415 UINT16_TO_STREAM(p, p_cb->div);
416 UINT16_TO_STREAM(p, r);
417
418 if (!SMP_Encrypt(er, BT_OCTET16_LEN, buffer, 4, &output))
419 {
420 SMP_TRACE_ERROR("smp_generate_csrk failed");
421 if (p_cb->smp_over_br)
422 {
423 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &status);
424 }
425 else
426 {
427 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
428 }
429 }
430 else
431 {
432 memcpy((void *)p_cb->csrk, output.param_buf, BT_OCTET16_LEN);
433 smp_send_csrk_info(p_cb, NULL);
434 }
435 }
436
437 /*******************************************************************************
438 **
439 ** Function smp_generate_csrk
440 **
441 ** Description This function is called to calculate CSRK, starting with DIV
442 ** generation.
443 **
444 **
445 ** Returns void
446 **
447 *******************************************************************************/
smp_generate_csrk(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)448 void smp_generate_csrk(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
449 {
450 UNUSED(p_data);
451
452 BOOLEAN div_status;
453
454 SMP_TRACE_DEBUG ("smp_generate_csrk");
455
456 div_status = btm_get_local_div(p_cb->pairing_bda, &p_cb->div);
457 if (div_status)
458 {
459 smp_compute_csrk(p_cb, NULL);
460 }
461 else
462 {
463 SMP_TRACE_DEBUG ("Generate DIV for CSRK");
464 p_cb->rand_enc_proc_state = SMP_GEN_DIV_CSRK;
465 if (!btsnd_hcic_ble_rand((void *)smp_rand_back))
466 smp_rand_back(NULL);
467 }
468 }
469
470 /*******************************************************************************
471 ** Function smp_concatenate_peer
472 ** add pairing command sent from local device into p1.
473 *******************************************************************************/
smp_concatenate_local(tSMP_CB * p_cb,UINT8 ** p_data,UINT8 op_code)474 void smp_concatenate_local( tSMP_CB *p_cb, UINT8 **p_data, UINT8 op_code)
475 {
476 UINT8 *p = *p_data;
477
478 SMP_TRACE_DEBUG ("%s", __func__);
479 UINT8_TO_STREAM(p, op_code);
480 UINT8_TO_STREAM(p, p_cb->local_io_capability);
481 UINT8_TO_STREAM(p, p_cb->loc_oob_flag);
482 UINT8_TO_STREAM(p, p_cb->loc_auth_req);
483 UINT8_TO_STREAM(p, p_cb->loc_enc_size);
484 UINT8_TO_STREAM(p, p_cb->local_i_key);
485 UINT8_TO_STREAM(p, p_cb->local_r_key);
486
487 *p_data = p;
488 }
489
490 /*******************************************************************************
491 ** Function smp_concatenate_peer
492 ** add pairing command received from peer device into p1.
493 *******************************************************************************/
smp_concatenate_peer(tSMP_CB * p_cb,UINT8 ** p_data,UINT8 op_code)494 void smp_concatenate_peer( tSMP_CB *p_cb, UINT8 **p_data, UINT8 op_code)
495 {
496 UINT8 *p = *p_data;
497
498 SMP_TRACE_DEBUG ("smp_concatenate_peer ");
499 UINT8_TO_STREAM(p, op_code);
500 UINT8_TO_STREAM(p, p_cb->peer_io_caps);
501 UINT8_TO_STREAM(p, p_cb->peer_oob_flag);
502 UINT8_TO_STREAM(p, p_cb->peer_auth_req);
503 UINT8_TO_STREAM(p, p_cb->peer_enc_size);
504 UINT8_TO_STREAM(p, p_cb->peer_i_key);
505 UINT8_TO_STREAM(p, p_cb->peer_r_key);
506
507 *p_data = p;
508 }
509
510 /*******************************************************************************
511 **
512 ** Function smp_gen_p1_4_confirm
513 **
514 ** Description Generate Confirm/Compare Step1:
515 ** p1 = pres || preq || rat' || iat'
516 **
517 ** Returns void
518 **
519 *******************************************************************************/
smp_gen_p1_4_confirm(tSMP_CB * p_cb,BT_OCTET16 p1)520 void smp_gen_p1_4_confirm( tSMP_CB *p_cb, BT_OCTET16 p1)
521 {
522 UINT8 *p = (UINT8 *)p1;
523 tBLE_ADDR_TYPE addr_type = 0;
524 BD_ADDR remote_bda;
525
526 SMP_TRACE_DEBUG ("smp_gen_p1_4_confirm");
527
528 if (!BTM_ReadRemoteConnectionAddr(p_cb->pairing_bda, remote_bda, &addr_type))
529 {
530 SMP_TRACE_ERROR("can not generate confirm for unknown device");
531 return;
532 }
533
534 BTM_ReadConnectionAddr( p_cb->pairing_bda, p_cb->local_bda, &p_cb->addr_type);
535
536 if (p_cb->role == HCI_ROLE_MASTER)
537 {
538 /* LSB : rat': initiator's(local) address type */
539 UINT8_TO_STREAM(p, p_cb->addr_type);
540 /* LSB : iat': responder's address type */
541 UINT8_TO_STREAM(p, addr_type);
542 /* concatinate preq */
543 smp_concatenate_local(p_cb, &p, SMP_OPCODE_PAIRING_REQ);
544 /* concatinate pres */
545 smp_concatenate_peer(p_cb, &p, SMP_OPCODE_PAIRING_RSP);
546 }
547 else
548 {
549 /* LSB : iat': initiator's address type */
550 UINT8_TO_STREAM(p, addr_type);
551 /* LSB : rat': responder's(local) address type */
552 UINT8_TO_STREAM(p, p_cb->addr_type);
553 /* concatinate preq */
554 smp_concatenate_peer(p_cb, &p, SMP_OPCODE_PAIRING_REQ);
555 /* concatinate pres */
556 smp_concatenate_local(p_cb, &p, SMP_OPCODE_PAIRING_RSP);
557 }
558 #if SMP_DEBUG == TRUE
559 SMP_TRACE_DEBUG("p1 = pres || preq || rat' || iat'");
560 smp_debug_print_nbyte_little_endian ((UINT8 *)p1, (const UINT8 *)"P1", 16);
561 #endif
562 }
563
564 /*******************************************************************************
565 **
566 ** Function smp_gen_p2_4_confirm
567 **
568 ** Description Generate Confirm/Compare Step2:
569 ** p2 = padding || ia || ra
570 **
571 ** Returns void
572 **
573 *******************************************************************************/
smp_gen_p2_4_confirm(tSMP_CB * p_cb,BT_OCTET16 p2)574 void smp_gen_p2_4_confirm( tSMP_CB *p_cb, BT_OCTET16 p2)
575 {
576 UINT8 *p = (UINT8 *)p2;
577 BD_ADDR remote_bda;
578 tBLE_ADDR_TYPE addr_type = 0;
579
580 if (!BTM_ReadRemoteConnectionAddr(p_cb->pairing_bda, remote_bda, &addr_type))
581 {
582 SMP_TRACE_ERROR("can not generate confirm p2 for unknown device");
583 return;
584 }
585
586 SMP_TRACE_DEBUG ("smp_gen_p2_4_confirm");
587
588 memset(p, 0, sizeof(BT_OCTET16));
589
590 if (p_cb->role == HCI_ROLE_MASTER)
591 {
592 /* LSB ra */
593 BDADDR_TO_STREAM(p, remote_bda);
594 /* ia */
595 BDADDR_TO_STREAM(p, p_cb->local_bda);
596 }
597 else
598 {
599 /* LSB ra */
600 BDADDR_TO_STREAM(p, p_cb->local_bda);
601 /* ia */
602 BDADDR_TO_STREAM(p, remote_bda);
603 }
604 #if SMP_DEBUG == TRUE
605 SMP_TRACE_DEBUG("p2 = padding || ia || ra");
606 smp_debug_print_nbyte_little_endian(p2, (const UINT8 *)"p2", 16);
607 #endif
608 }
609
610 /*******************************************************************************
611 **
612 ** Function smp_calculate_comfirm
613 **
614 ** Description This function is called to calculate Confirm value.
615 **
616 ** Returns void
617 **
618 *******************************************************************************/
smp_calculate_comfirm(tSMP_CB * p_cb,BT_OCTET16 rand,BD_ADDR bda)619 void smp_calculate_comfirm (tSMP_CB *p_cb, BT_OCTET16 rand, BD_ADDR bda)
620 {
621 UNUSED(bda);
622
623 BT_OCTET16 p1;
624 tSMP_ENC output;
625 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
626
627 SMP_TRACE_DEBUG ("smp_calculate_comfirm ");
628 /* generate p1 = pres || preq || rat' || iat' */
629 smp_gen_p1_4_confirm(p_cb, p1);
630
631 /* p1 = rand XOR p1 */
632 smp_xor_128(p1, rand);
633
634 smp_debug_print_nbyte_little_endian ((UINT8 *)p1, (const UINT8 *)"P1' = r XOR p1", 16);
635
636 /* calculate e(k, r XOR p1), where k = TK */
637 if (!SMP_Encrypt(p_cb->tk, BT_OCTET16_LEN, p1, BT_OCTET16_LEN, &output))
638 {
639 SMP_TRACE_ERROR("smp_generate_csrk failed");
640 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
641 }
642 else
643 {
644 smp_calculate_comfirm_cont(p_cb, &output);
645 }
646 }
647
648 /*******************************************************************************
649 **
650 ** Function smp_calculate_comfirm_cont
651 **
652 ** Description This function is called when SConfirm/MConfirm is generated
653 ** proceed to send the Confirm request/response to peer device.
654 **
655 ** Returns void
656 **
657 *******************************************************************************/
smp_calculate_comfirm_cont(tSMP_CB * p_cb,tSMP_ENC * p)658 static void smp_calculate_comfirm_cont(tSMP_CB *p_cb, tSMP_ENC *p)
659 {
660 BT_OCTET16 p2;
661 tSMP_ENC output;
662 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
663
664 SMP_TRACE_DEBUG ("smp_calculate_comfirm_cont ");
665 #if SMP_DEBUG == TRUE
666 SMP_TRACE_DEBUG("Confirm step 1 p1' = e(k, r XOR p1) Generated");
667 smp_debug_print_nbyte_little_endian (p->param_buf, (const UINT8 *)"C1", 16);
668 #endif
669
670 smp_gen_p2_4_confirm(p_cb, p2);
671
672 /* calculate p2 = (p1' XOR p2) */
673 smp_xor_128(p2, p->param_buf);
674 smp_debug_print_nbyte_little_endian ((UINT8 *)p2, (const UINT8 *)"p2' = C1 xor p2", 16);
675
676 /* calculate: Confirm = E(k, p1' XOR p2) */
677 if (!SMP_Encrypt(p_cb->tk, BT_OCTET16_LEN, p2, BT_OCTET16_LEN, &output))
678 {
679 SMP_TRACE_ERROR("smp_calculate_comfirm_cont failed");
680 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
681 }
682 else
683 {
684 switch (p_cb->rand_enc_proc_state)
685 {
686 case SMP_GEN_CONFIRM:
687 smp_process_confirm(p_cb, &output);
688 break;
689
690 case SMP_GEN_COMPARE:
691 smp_process_compare(p_cb, &output);
692 break;
693 }
694 }
695 }
696
697 /*******************************************************************************
698 **
699 ** Function smp_generate_confirm
700 **
701 ** Description This function is called when a 48 bits random number is generated
702 ** as SRand or MRand, continue to calculate Sconfirm or MConfirm.
703 **
704 ** Returns void
705 **
706 *******************************************************************************/
smp_generate_confirm(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)707 static void smp_generate_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
708 {
709 UNUSED(p_data);
710
711 SMP_TRACE_DEBUG ("%s", __func__);
712 p_cb->rand_enc_proc_state = SMP_GEN_CONFIRM;
713 smp_debug_print_nbyte_little_endian ((UINT8 *)p_cb->rand, (const UINT8 *)"local rand", 16);
714 smp_calculate_comfirm(p_cb, p_cb->rand, p_cb->pairing_bda);
715 }
716
717 /*******************************************************************************
718 **
719 ** Function smp_generate_compare
720 **
721 ** Description This function is called to generate SConfirm for Slave device,
722 ** or MSlave for Master device. This function can be also used for
723 ** generating Compare number for confirm value check.
724 **
725 ** Returns void
726 **
727 *******************************************************************************/
smp_generate_compare(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)728 void smp_generate_compare (tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
729 {
730 UNUSED(p_data);
731
732 SMP_TRACE_DEBUG ("smp_generate_compare ");
733 p_cb->rand_enc_proc_state = SMP_GEN_COMPARE;
734 smp_debug_print_nbyte_little_endian ((UINT8 *)p_cb->rrand, (const UINT8 *)"peer rand", 16);
735 smp_calculate_comfirm(p_cb, p_cb->rrand, p_cb->local_bda);
736 }
737
738 /*******************************************************************************
739 **
740 ** Function smp_process_confirm
741 **
742 ** Description This function is called when SConfirm/MConfirm is generated
743 ** proceed to send the Confirm request/response to peer device.
744 **
745 ** Returns void
746 **
747 *******************************************************************************/
smp_process_confirm(tSMP_CB * p_cb,tSMP_ENC * p)748 static void smp_process_confirm(tSMP_CB *p_cb, tSMP_ENC *p)
749 {
750 tSMP_KEY key;
751
752 SMP_TRACE_DEBUG ("%s", __FUNCTION__);
753 memcpy(p_cb->confirm, p->param_buf, BT_OCTET16_LEN);
754
755 #if (SMP_DEBUG == TRUE)
756 SMP_TRACE_DEBUG("Confirm Generated");
757 smp_debug_print_nbyte_little_endian ((UINT8 *)p_cb->confirm, (const UINT8 *)"Confirm", 16);
758 #endif
759
760 key.key_type = SMP_KEY_TYPE_CFM;
761 key.p_data = p->param_buf;
762 smp_sm_event(p_cb, SMP_KEY_READY_EVT, &key);
763 }
764
765 /*******************************************************************************
766 **
767 ** Function smp_process_compare
768 **
769 ** Description This function is called when Compare is generated using the
770 ** RRand and local BDA, TK information.
771 **
772 ** Returns void
773 **
774 *******************************************************************************/
smp_process_compare(tSMP_CB * p_cb,tSMP_ENC * p)775 static void smp_process_compare(tSMP_CB *p_cb, tSMP_ENC *p)
776 {
777 tSMP_KEY key;
778
779 SMP_TRACE_DEBUG ("smp_process_compare ");
780 #if (SMP_DEBUG == TRUE)
781 SMP_TRACE_DEBUG("Compare Generated");
782 smp_debug_print_nbyte_little_endian (p->param_buf, (const UINT8 *)"Compare", 16);
783 #endif
784 key.key_type = SMP_KEY_TYPE_CMP;
785 key.p_data = p->param_buf;
786
787 smp_sm_event(p_cb, SMP_KEY_READY_EVT, &key);
788 }
789
790 /*******************************************************************************
791 **
792 ** Function smp_process_stk
793 **
794 ** Description This function is called when STK is generated
795 ** proceed to send the encrypt the link using STK.
796 **
797 ** Returns void
798 **
799 *******************************************************************************/
smp_process_stk(tSMP_CB * p_cb,tSMP_ENC * p)800 static void smp_process_stk(tSMP_CB *p_cb, tSMP_ENC *p)
801 {
802 tSMP_KEY key;
803
804 SMP_TRACE_DEBUG ("smp_process_stk ");
805 #if (SMP_DEBUG == TRUE)
806 SMP_TRACE_ERROR("STK Generated");
807 #endif
808 smp_mask_enc_key(p_cb->loc_enc_size, p->param_buf);
809
810 key.key_type = SMP_KEY_TYPE_STK;
811 key.p_data = p->param_buf;
812
813 smp_sm_event(p_cb, SMP_KEY_READY_EVT, &key);
814 }
815
816 /*******************************************************************************
817 **
818 ** Function smp_generate_ltk_cont
819 **
820 ** Description This function is to calculate LTK = d1(ER, DIV, 0)= e(ER, DIV)
821 **
822 ** Returns void
823 **
824 *******************************************************************************/
smp_generate_ltk_cont(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)825 static void smp_generate_ltk_cont(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
826 {
827 UNUSED(p_data);
828
829 BT_OCTET16 er;
830 tSMP_ENC output;
831 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
832
833 SMP_TRACE_DEBUG ("%s", __func__);
834 BTM_GetDeviceEncRoot(er);
835
836 /* LTK = d1(ER, DIV, 0)= e(ER, DIV)*/
837 if (!SMP_Encrypt(er, BT_OCTET16_LEN, (UINT8 *)&p_cb->div,
838 sizeof(UINT16), &output))
839 {
840 SMP_TRACE_ERROR("%s failed", __func__);
841 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
842 }
843 else
844 {
845 /* mask the LTK */
846 smp_mask_enc_key(p_cb->loc_enc_size, output.param_buf);
847 memcpy((void *)p_cb->ltk, output.param_buf, BT_OCTET16_LEN);
848 smp_generate_rand_vector(p_cb, NULL);
849 }
850 }
851
852 /*******************************************************************************
853 **
854 ** Function smp_generate_y
855 **
856 ** Description This function is to proceed generate Y = E(DHK, Rand)
857 **
858 ** Returns void
859 **
860 *******************************************************************************/
smp_generate_y(tSMP_CB * p_cb,tSMP_INT_DATA * p)861 static void smp_generate_y(tSMP_CB *p_cb, tSMP_INT_DATA *p)
862 {
863 UNUSED(p);
864
865 BT_OCTET16 dhk;
866 tSMP_ENC output;
867 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
868
869
870 SMP_TRACE_DEBUG ("smp_generate_y ");
871 BTM_GetDeviceDHK(dhk);
872
873 if (!SMP_Encrypt(dhk, BT_OCTET16_LEN, p_cb->enc_rand,
874 BT_OCTET8_LEN, &output))
875 {
876 SMP_TRACE_ERROR("smp_generate_y failed");
877 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
878 }
879 else
880 {
881 smp_process_ediv(p_cb, &output);
882 }
883 }
884
885 /*******************************************************************************
886 **
887 ** Function smp_generate_rand_vector
888 **
889 ** Description This function is called when LTK is generated, send state machine
890 ** event to SMP.
891 **
892 ** Returns void
893 **
894 *******************************************************************************/
smp_generate_rand_vector(tSMP_CB * p_cb,tSMP_INT_DATA * p)895 static void smp_generate_rand_vector (tSMP_CB *p_cb, tSMP_INT_DATA *p)
896 {
897 UNUSED(p);
898
899 /* generate EDIV and rand now */
900 /* generate random vector */
901 SMP_TRACE_DEBUG ("smp_generate_rand_vector ");
902 p_cb->rand_enc_proc_state = SMP_GEN_RAND_V;
903 if (!btsnd_hcic_ble_rand((void *)smp_rand_back))
904 smp_rand_back(NULL);
905 }
906
907 /*******************************************************************************
908 **
909 ** Function smp_process_ediv
910 **
911 ** Description This function is to calculate EDIV = Y xor DIV
912 **
913 ** Returns void
914 **
915 *******************************************************************************/
smp_process_ediv(tSMP_CB * p_cb,tSMP_ENC * p)916 static void smp_process_ediv(tSMP_CB *p_cb, tSMP_ENC *p)
917 {
918 tSMP_KEY key;
919 UINT8 *pp= p->param_buf;
920 UINT16 y;
921
922 SMP_TRACE_DEBUG ("smp_process_ediv ");
923 STREAM_TO_UINT16(y, pp);
924
925 /* EDIV = Y xor DIV */
926 p_cb->ediv = p_cb->div ^ y;
927 /* send LTK ready */
928 SMP_TRACE_ERROR("LTK ready");
929 key.key_type = SMP_KEY_TYPE_LTK;
930 key.p_data = p->param_buf;
931
932 smp_sm_event(p_cb, SMP_KEY_READY_EVT, &key);
933 }
934
935 /*******************************************************************************
936 **
937 ** Function smp_calculate_legacy_short_term_key
938 **
939 ** Description The function calculates legacy STK.
940 **
941 ** Returns FALSE if out of resources, TRUE in other cases.
942 **
943 *******************************************************************************/
smp_calculate_legacy_short_term_key(tSMP_CB * p_cb,tSMP_ENC * output)944 BOOLEAN smp_calculate_legacy_short_term_key(tSMP_CB *p_cb, tSMP_ENC *output)
945 {
946 BT_OCTET16 ptext;
947 UINT8 *p = ptext;
948
949 SMP_TRACE_DEBUG ("%s", __func__);
950 memset(p, 0, BT_OCTET16_LEN);
951 if (p_cb->role == HCI_ROLE_MASTER)
952 {
953 memcpy(p, p_cb->rand, BT_OCTET8_LEN);
954 memcpy(&p[BT_OCTET8_LEN], p_cb->rrand, BT_OCTET8_LEN);
955 }
956 else
957 {
958 memcpy(p, p_cb->rrand, BT_OCTET8_LEN);
959 memcpy(&p[BT_OCTET8_LEN], p_cb->rand, BT_OCTET8_LEN);
960 }
961
962 BOOLEAN encrypted;
963 /* generate STK = Etk(rand|rrand)*/
964 encrypted = SMP_Encrypt( p_cb->tk, BT_OCTET16_LEN, ptext, BT_OCTET16_LEN, output);
965 if (!encrypted)
966 {
967 SMP_TRACE_ERROR("%s failed", __func__);
968 }
969 return encrypted;
970 }
971
972 /*******************************************************************************
973 **
974 ** Function smp_create_private_key
975 **
976 ** Description This function is called to create private key used to
977 ** calculate public key and DHKey.
978 ** The function starts private key creation requesting controller
979 ** to generate [0-7] octets of private key.
980 **
981 ** Returns void
982 **
983 *******************************************************************************/
smp_create_private_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)984 void smp_create_private_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
985 {
986 SMP_TRACE_DEBUG ("%s",__FUNCTION__);
987 p_cb->rand_enc_proc_state = SMP_GENERATE_PRIVATE_KEY_0_7;
988 if (!btsnd_hcic_ble_rand((void *)smp_rand_back))
989 smp_rand_back(NULL);
990 }
991
992 /*******************************************************************************
993 **
994 ** Function smp_use_oob_private_key
995 **
996 ** Description This function is called
997 ** - to save the secret key used to calculate the public key used
998 ** in calculations of commitment sent OOB to a peer
999 ** - to use this secret key to recalculate the public key and
1000 ** start the process of sending this public key to the peer
1001 ** if secret/public keys have to be reused.
1002 ** If the keys aren't supposed to be reused, continue from the
1003 ** point from which request for OOB data was issued.
1004 **
1005 ** Returns void
1006 **
1007 *******************************************************************************/
smp_use_oob_private_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1008 void smp_use_oob_private_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1009 {
1010 SMP_TRACE_DEBUG ("%s req_oob_type: %d, role: %d",
1011 __func__, p_cb->req_oob_type, p_cb->role);
1012
1013 switch (p_cb->req_oob_type)
1014 {
1015 case SMP_OOB_BOTH:
1016 case SMP_OOB_LOCAL:
1017 SMP_TRACE_DEBUG("%s restore secret key", __func__)
1018 memcpy(p_cb->private_key, p_cb->sc_oob_data.loc_oob_data.private_key_used, BT_OCTET32_LEN);
1019 smp_process_private_key(p_cb);
1020 break;
1021 default:
1022 SMP_TRACE_DEBUG("%s create secret key anew", __func__);
1023 smp_set_state(SMP_STATE_PAIR_REQ_RSP);
1024 smp_decide_association_model(p_cb, NULL);
1025 break;
1026 }
1027 }
1028
1029 /*******************************************************************************
1030 **
1031 ** Function smp_continue_private_key_creation
1032 **
1033 ** Description This function is used to continue private key creation.
1034 **
1035 ** Returns void
1036 **
1037 *******************************************************************************/
smp_continue_private_key_creation(tSMP_CB * p_cb,tBTM_RAND_ENC * p)1038 void smp_continue_private_key_creation (tSMP_CB *p_cb, tBTM_RAND_ENC *p)
1039 {
1040 UINT8 state = p_cb->rand_enc_proc_state & ~0x80;
1041 SMP_TRACE_DEBUG ("%s state=0x%x", __func__, state);
1042
1043 switch (state)
1044 {
1045 case SMP_GENERATE_PRIVATE_KEY_0_7:
1046 memcpy((void *)p_cb->private_key, p->param_buf, p->param_len);
1047 p_cb->rand_enc_proc_state = SMP_GENERATE_PRIVATE_KEY_8_15;
1048 if (!btsnd_hcic_ble_rand((void *)smp_rand_back))
1049 smp_rand_back(NULL);
1050 break;
1051
1052 case SMP_GENERATE_PRIVATE_KEY_8_15:
1053 memcpy((void *)&p_cb->private_key[8], p->param_buf, p->param_len);
1054 p_cb->rand_enc_proc_state = SMP_GENERATE_PRIVATE_KEY_16_23;
1055 if (!btsnd_hcic_ble_rand((void *)smp_rand_back))
1056 smp_rand_back(NULL);
1057 break;
1058
1059 case SMP_GENERATE_PRIVATE_KEY_16_23:
1060 memcpy((void *)&p_cb->private_key[16], p->param_buf, p->param_len);
1061 p_cb->rand_enc_proc_state = SMP_GENERATE_PRIVATE_KEY_24_31;
1062 if (!btsnd_hcic_ble_rand((void *)smp_rand_back))
1063 smp_rand_back(NULL);
1064 break;
1065
1066 case SMP_GENERATE_PRIVATE_KEY_24_31:
1067 memcpy((void *)&p_cb->private_key[24], p->param_buf, p->param_len);
1068 smp_process_private_key (p_cb);
1069 break;
1070
1071 default:
1072 break;
1073 }
1074
1075 return;
1076 }
1077
1078 /*******************************************************************************
1079 **
1080 ** Function smp_process_private_key
1081 **
1082 ** Description This function processes private key.
1083 ** It calculates public key and notifies SM that private key /
1084 ** public key pair is created.
1085 **
1086 ** Returns void
1087 **
1088 *******************************************************************************/
smp_process_private_key(tSMP_CB * p_cb)1089 void smp_process_private_key(tSMP_CB *p_cb)
1090 {
1091 Point public_key;
1092 BT_OCTET32 private_key;
1093
1094 SMP_TRACE_DEBUG ("%s", __FUNCTION__);
1095
1096 memcpy(private_key, p_cb->private_key, BT_OCTET32_LEN);
1097 ECC_PointMult(&public_key, &(curve_p256.G), (DWORD*) private_key, KEY_LENGTH_DWORDS_P256);
1098 memcpy(p_cb->loc_publ_key.x, public_key.x, BT_OCTET32_LEN);
1099 memcpy(p_cb->loc_publ_key.y, public_key.y, BT_OCTET32_LEN);
1100
1101 smp_debug_print_nbyte_little_endian (p_cb->private_key, (const UINT8 *)"private",
1102 BT_OCTET32_LEN);
1103 smp_debug_print_nbyte_little_endian (p_cb->loc_publ_key.x, (const UINT8 *)"local public(x)",
1104 BT_OCTET32_LEN);
1105 smp_debug_print_nbyte_little_endian (p_cb->loc_publ_key.y, (const UINT8 *)"local public(y)",
1106 BT_OCTET32_LEN);
1107 p_cb->flags |= SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY;
1108 smp_sm_event(p_cb, SMP_LOC_PUBL_KEY_CRTD_EVT, NULL);
1109 }
1110
1111 /*******************************************************************************
1112 **
1113 ** Function smp_compute_dhkey
1114 **
1115 ** Description The function:
1116 ** - calculates a new public key using as input local private
1117 ** key and peer public key;
1118 ** - saves the new public key x-coordinate as DHKey.
1119 **
1120 ** Returns void
1121 **
1122 *******************************************************************************/
smp_compute_dhkey(tSMP_CB * p_cb)1123 void smp_compute_dhkey (tSMP_CB *p_cb)
1124 {
1125 Point peer_publ_key, new_publ_key;
1126 BT_OCTET32 private_key;
1127
1128 SMP_TRACE_DEBUG ("%s", __FUNCTION__);
1129
1130 memcpy(private_key, p_cb->private_key, BT_OCTET32_LEN);
1131 memcpy(peer_publ_key.x, p_cb->peer_publ_key.x, BT_OCTET32_LEN);
1132 memcpy(peer_publ_key.y, p_cb->peer_publ_key.y, BT_OCTET32_LEN);
1133
1134 ECC_PointMult(&new_publ_key, &peer_publ_key, (DWORD*) private_key, KEY_LENGTH_DWORDS_P256);
1135
1136 memcpy(p_cb->dhkey, new_publ_key.x, BT_OCTET32_LEN);
1137
1138 smp_debug_print_nbyte_little_endian (p_cb->dhkey, (const UINT8 *)"Old DHKey",
1139 BT_OCTET32_LEN);
1140
1141 smp_debug_print_nbyte_little_endian (p_cb->private_key, (const UINT8 *)"private",
1142 BT_OCTET32_LEN);
1143 smp_debug_print_nbyte_little_endian (p_cb->peer_publ_key.x, (const UINT8 *)"rem public(x)",
1144 BT_OCTET32_LEN);
1145 smp_debug_print_nbyte_little_endian (p_cb->peer_publ_key.y, (const UINT8 *)"rem public(y)",
1146 BT_OCTET32_LEN);
1147 smp_debug_print_nbyte_little_endian (p_cb->dhkey, (const UINT8 *)"Reverted DHKey",
1148 BT_OCTET32_LEN);
1149 }
1150
1151 /*******************************************************************************
1152 **
1153 ** Function smp_calculate_local_commitment
1154 **
1155 ** Description The function calculates and saves local commmitment in CB.
1156 **
1157 ** Returns void
1158 **
1159 *******************************************************************************/
smp_calculate_local_commitment(tSMP_CB * p_cb)1160 void smp_calculate_local_commitment(tSMP_CB *p_cb)
1161 {
1162 UINT8 random_input;
1163
1164 SMP_TRACE_DEBUG("%s", __FUNCTION__);
1165
1166 switch (p_cb->selected_association_model)
1167 {
1168 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1169 case SMP_MODEL_SEC_CONN_NUM_COMP:
1170 if (p_cb->role == HCI_ROLE_MASTER)
1171 SMP_TRACE_WARNING ("local commitment calc on master is not expected \
1172 for Just Works/Numeric Comparison models");
1173 smp_calculate_f4(p_cb->loc_publ_key.x, p_cb->peer_publ_key.x, p_cb->rand, 0,
1174 p_cb->commitment);
1175 break;
1176 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1177 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1178 random_input = smp_calculate_random_input(p_cb->local_random, p_cb->round);
1179 smp_calculate_f4(p_cb->loc_publ_key.x, p_cb->peer_publ_key.x, p_cb->rand,
1180 random_input, p_cb->commitment);
1181 break;
1182 case SMP_MODEL_SEC_CONN_OOB:
1183 SMP_TRACE_WARNING ("local commitment calc is expected for OOB model BEFORE pairing");
1184 smp_calculate_f4(p_cb->loc_publ_key.x, p_cb->loc_publ_key.x, p_cb->local_random, 0,
1185 p_cb->commitment);
1186 break;
1187 default:
1188 SMP_TRACE_ERROR("Association Model = %d is not used in LE SC",
1189 p_cb->selected_association_model);
1190 return;
1191 }
1192
1193 SMP_TRACE_EVENT ("local commitment calculation is completed");
1194 }
1195
1196 /*******************************************************************************
1197 **
1198 ** Function smp_calculate_peer_commitment
1199 **
1200 ** Description The function calculates and saves peer commmitment at the
1201 ** provided output buffer.
1202 **
1203 ** Returns void
1204 **
1205 *******************************************************************************/
smp_calculate_peer_commitment(tSMP_CB * p_cb,BT_OCTET16 output_buf)1206 void smp_calculate_peer_commitment(tSMP_CB *p_cb, BT_OCTET16 output_buf)
1207 {
1208 UINT8 ri;
1209
1210 SMP_TRACE_DEBUG ("%s", __FUNCTION__);
1211
1212 switch (p_cb->selected_association_model)
1213 {
1214 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1215 case SMP_MODEL_SEC_CONN_NUM_COMP:
1216 if (p_cb->role == HCI_ROLE_SLAVE)
1217 SMP_TRACE_WARNING ("peer commitment calc on slave is not expected \
1218 for Just Works/Numeric Comparison models");
1219 smp_calculate_f4(p_cb->peer_publ_key.x, p_cb->loc_publ_key.x, p_cb->rrand, 0,
1220 output_buf);
1221 break;
1222 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1223 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1224 ri = smp_calculate_random_input(p_cb->peer_random, p_cb->round);
1225 smp_calculate_f4(p_cb->peer_publ_key.x, p_cb->loc_publ_key.x, p_cb->rrand, ri,
1226 output_buf);
1227 break;
1228 case SMP_MODEL_SEC_CONN_OOB:
1229 smp_calculate_f4(p_cb->peer_publ_key.x, p_cb->peer_publ_key.x, p_cb->peer_random, 0,
1230 output_buf);
1231 break;
1232 default:
1233 SMP_TRACE_ERROR("Association Model = %d is not used in LE SC",
1234 p_cb->selected_association_model);
1235 return;
1236 }
1237
1238 SMP_TRACE_EVENT ("peer commitment calculation is completed");
1239 }
1240
1241 /*******************************************************************************
1242 **
1243 ** Function smp_calculate_f4
1244 **
1245 ** Description The function calculates
1246 ** C = f4(U, V, X, Z) = AES-CMAC (U||V||Z)
1247 ** X
1248 ** where
1249 ** input: U is 256 bit,
1250 ** V is 256 bit,
1251 ** X is 128 bit,
1252 ** Z is 8 bit,
1253 ** output: C is 128 bit.
1254 **
1255 ** Returns void
1256 **
1257 ** Note The LSB is the first octet, the MSB is the last octet of
1258 ** the AES-CMAC input/output stream.
1259 **
1260 *******************************************************************************/
smp_calculate_f4(UINT8 * u,UINT8 * v,UINT8 * x,UINT8 z,UINT8 * c)1261 void smp_calculate_f4(UINT8 *u, UINT8 *v, UINT8 *x, UINT8 z, UINT8 *c)
1262 {
1263 UINT8 msg_len = BT_OCTET32_LEN /* U size */ + BT_OCTET32_LEN /* V size */ + 1 /* Z size */;
1264 UINT8 msg[BT_OCTET32_LEN + BT_OCTET32_LEN + 1];
1265 UINT8 key[BT_OCTET16_LEN];
1266 UINT8 cmac[BT_OCTET16_LEN];
1267 UINT8 *p = NULL;
1268 #if SMP_DEBUG == TRUE
1269 UINT8 *p_prnt = NULL;
1270 #endif
1271
1272 SMP_TRACE_DEBUG ("%s", __FUNCTION__);
1273
1274 #if SMP_DEBUG == TRUE
1275 p_prnt = u;
1276 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"U", BT_OCTET32_LEN);
1277 p_prnt = v;
1278 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"V", BT_OCTET32_LEN);
1279 p_prnt = x;
1280 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"X", BT_OCTET16_LEN);
1281 p_prnt = &z;
1282 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"Z", 1);
1283 #endif
1284
1285 p = msg;
1286 UINT8_TO_STREAM(p, z);
1287 ARRAY_TO_STREAM(p, v, BT_OCTET32_LEN);
1288 ARRAY_TO_STREAM(p, u, BT_OCTET32_LEN);
1289 #if SMP_DEBUG == TRUE
1290 p_prnt = msg;
1291 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"M", msg_len);
1292 #endif
1293
1294 p = key;
1295 ARRAY_TO_STREAM(p, x, BT_OCTET16_LEN);
1296 #if SMP_DEBUG == TRUE
1297 p_prnt = key;
1298 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"K", BT_OCTET16_LEN);
1299 #endif
1300
1301 aes_cipher_msg_auth_code(key, msg, msg_len, BT_OCTET16_LEN, cmac);
1302 #if SMP_DEBUG == TRUE
1303 p_prnt = cmac;
1304 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"AES_CMAC", BT_OCTET16_LEN);
1305 #endif
1306
1307 p = c;
1308 ARRAY_TO_STREAM(p, cmac, BT_OCTET16_LEN);
1309 }
1310
1311 /*******************************************************************************
1312 **
1313 ** Function smp_calculate_numeric_comparison_display_number
1314 **
1315 ** Description The function calculates and saves number to display in numeric
1316 ** comparison association mode.
1317 **
1318 ** Returns void
1319 **
1320 *******************************************************************************/
smp_calculate_numeric_comparison_display_number(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1321 void smp_calculate_numeric_comparison_display_number(tSMP_CB *p_cb,
1322 tSMP_INT_DATA *p_data)
1323 {
1324 SMP_TRACE_DEBUG ("%s", __func__);
1325
1326 if (p_cb->role == HCI_ROLE_MASTER)
1327 {
1328 p_cb->number_to_display =
1329 smp_calculate_g2(p_cb->loc_publ_key.x, p_cb->peer_publ_key.x, p_cb->rand,
1330 p_cb->rrand);
1331 }
1332 else
1333 {
1334 p_cb->number_to_display =
1335 smp_calculate_g2(p_cb->peer_publ_key.x, p_cb->loc_publ_key.x, p_cb->rrand,
1336 p_cb->rand);
1337 }
1338
1339 if (p_cb->number_to_display >= (BTM_MAX_PASSKEY_VAL + 1))
1340 {
1341 UINT8 reason;
1342 reason = p_cb->failure = SMP_PAIR_FAIL_UNKNOWN;
1343 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1344 return;
1345 }
1346
1347 SMP_TRACE_EVENT("Number to display in numeric comparison = %d", p_cb->number_to_display);
1348 p_cb->cb_evt = SMP_NC_REQ_EVT;
1349 smp_sm_event(p_cb, SMP_SC_DSPL_NC_EVT, &p_cb->number_to_display);
1350 return;
1351 }
1352
1353 /*******************************************************************************
1354 **
1355 ** Function smp_calculate_g2
1356 **
1357 ** Description The function calculates
1358 ** g2(U, V, X, Y) = AES-CMAC (U||V||Y) mod 2**32 mod 10**6
1359 ** X
1360 ** and
1361 ** Vres = g2(U, V, X, Y) mod 10**6
1362 ** where
1363 ** input: U is 256 bit,
1364 ** V is 256 bit,
1365 ** X is 128 bit,
1366 ** Y is 128 bit,
1367 **
1368 ** Returns Vres.
1369 ** Expected value has to be in the range [0 - 999999] i.e. [0 - 0xF423F].
1370 ** Vres = 1000000 means that the calculation fails.
1371 **
1372 ** Note The LSB is the first octet, the MSB is the last octet of
1373 ** the AES-CMAC input/output stream.
1374 **
1375 *******************************************************************************/
smp_calculate_g2(UINT8 * u,UINT8 * v,UINT8 * x,UINT8 * y)1376 UINT32 smp_calculate_g2(UINT8 *u, UINT8 *v, UINT8 *x, UINT8 *y)
1377 {
1378 UINT8 msg_len = BT_OCTET32_LEN /* U size */ + BT_OCTET32_LEN /* V size */
1379 + BT_OCTET16_LEN /* Y size */;
1380 UINT8 msg[BT_OCTET32_LEN + BT_OCTET32_LEN + BT_OCTET16_LEN];
1381 UINT8 key[BT_OCTET16_LEN];
1382 UINT8 cmac[BT_OCTET16_LEN];
1383 UINT8 *p = NULL;
1384 UINT32 vres;
1385 #if SMP_DEBUG == TRUE
1386 UINT8 *p_prnt = NULL;
1387 #endif
1388
1389 SMP_TRACE_DEBUG ("%s", __FUNCTION__);
1390
1391 p = msg;
1392 ARRAY_TO_STREAM(p, y, BT_OCTET16_LEN);
1393 ARRAY_TO_STREAM(p, v, BT_OCTET32_LEN);
1394 ARRAY_TO_STREAM(p, u, BT_OCTET32_LEN);
1395 #if SMP_DEBUG == TRUE
1396 p_prnt = u;
1397 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"U", BT_OCTET32_LEN);
1398 p_prnt = v;
1399 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"V", BT_OCTET32_LEN);
1400 p_prnt = x;
1401 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"X", BT_OCTET16_LEN);
1402 p_prnt = y;
1403 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"Y", BT_OCTET16_LEN);
1404 #endif
1405
1406 p = key;
1407 ARRAY_TO_STREAM(p, x, BT_OCTET16_LEN);
1408 #if SMP_DEBUG == TRUE
1409 p_prnt = key;
1410 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"K", BT_OCTET16_LEN);
1411 #endif
1412
1413 if(!aes_cipher_msg_auth_code(key, msg, msg_len, BT_OCTET16_LEN, cmac))
1414 {
1415 SMP_TRACE_ERROR("%s failed",__FUNCTION__);
1416 return (BTM_MAX_PASSKEY_VAL + 1);
1417 }
1418
1419 #if SMP_DEBUG == TRUE
1420 p_prnt = cmac;
1421 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"AES-CMAC", BT_OCTET16_LEN);
1422 #endif
1423
1424 /* vres = cmac mod 2**32 mod 10**6 */
1425 p = &cmac[0];
1426 STREAM_TO_UINT32(vres, p);
1427 #if SMP_DEBUG == TRUE
1428 p_prnt = (UINT8 *) &vres;
1429 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"cmac mod 2**32", 4);
1430 #endif
1431
1432 while (vres > BTM_MAX_PASSKEY_VAL)
1433 vres -= (BTM_MAX_PASSKEY_VAL + 1);
1434 #if SMP_DEBUG == TRUE
1435 p_prnt = (UINT8 *) &vres;
1436 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"cmac mod 2**32 mod 10**6", 4);
1437 #endif
1438
1439 SMP_TRACE_ERROR("Value for numeric comparison = %d", vres);
1440 return vres;
1441 }
1442
1443 /*******************************************************************************
1444 **
1445 ** Function smp_calculate_f5
1446 **
1447 ** Description The function provides two AES-CMAC that are supposed to be used as
1448 ** - MacKey (MacKey is used in pairing DHKey check calculation);
1449 ** - LTK (LTK is used to ecrypt the link after completion of Phase 2
1450 ** and on reconnection, to derive BR/EDR LK).
1451 ** The function inputs are W, N1, N2, A1, A2.
1452 ** F5 rules:
1453 ** - the value used as key in MacKey/LTK (T) is calculated
1454 ** (function smp_calculate_f5_key(...));
1455 ** The formula is:
1456 ** T = AES-CMAC (W)
1457 ** salt
1458 ** where salt is internal parameter of smp_calculate_f5_key(...).
1459 ** - MacKey and LTK are calculated as AES-MAC values received with the
1460 ** key T calculated in the previous step and the plaintext message
1461 ** built from the external parameters N1, N2, A1, A2 and the internal
1462 ** parameters counter, keyID, length.
1463 ** The function smp_calculate_f5_mackey_or_long_term_key(...) is used in the
1464 ** calculations.
1465 ** The same formula is used in calculation of MacKey and LTK and the
1466 ** same parameter values except the value of the internal parameter
1467 ** counter:
1468 ** - in MacKey calculations the value is 0;
1469 ** - in LTK calculations the value is 1.
1470 ** MacKey = AES-CMAC (Counter=0||keyID||N1||N2||A1||A2||Length=256)
1471 ** T
1472 ** LTK = AES-CMAC (Counter=1||keyID||N1||N2||A1||A2||Length=256)
1473 ** T
1474 ** The parameters are
1475 ** input:
1476 ** W is 256 bits,
1477 ** N1 is 128 bits,
1478 ** N2 is 128 bits,
1479 ** A1 is 56 bit,
1480 ** A2 is 56 bit.
1481 ** internal:
1482 ** Counter is 8 bits, its value is 0 for MacKey,
1483 ** 1 for LTK;
1484 ** KeyId is 32 bits, its value is
1485 ** 0x62746c65 (MSB~LSB);
1486 ** Length is 16 bits, its value is 0x0100
1487 ** (MSB~LSB).
1488 ** output:
1489 ** MacKey is 128 bits;
1490 ** LTK is 128 bits
1491 **
1492 ** Returns FALSE if out of resources, TRUE in other cases.
1493 **
1494 ** Note The LSB is the first octet, the MSB is the last octet of
1495 ** the AES-CMAC input/output stream.
1496 **
1497 *******************************************************************************/
smp_calculate_f5(UINT8 * w,UINT8 * n1,UINT8 * n2,UINT8 * a1,UINT8 * a2,UINT8 * mac_key,UINT8 * ltk)1498 BOOLEAN smp_calculate_f5(UINT8 *w, UINT8 *n1, UINT8 *n2, UINT8 *a1, UINT8 *a2,
1499 UINT8 *mac_key, UINT8 *ltk)
1500 {
1501 BT_OCTET16 t; /* AES-CMAC output in smp_calculate_f5_key(...), key in */
1502 /* smp_calculate_f5_mackey_or_long_term_key(...) */
1503 #if SMP_DEBUG == TRUE
1504 UINT8 *p_prnt = NULL;
1505 #endif
1506 /* internal parameters: */
1507
1508 /*
1509 counter is 0 for MacKey,
1510 is 1 for LTK
1511 */
1512 UINT8 counter_mac_key[1] = {0};
1513 UINT8 counter_ltk[1] = {1};
1514 /*
1515 keyID 62746c65
1516 */
1517 UINT8 key_id[4] = {0x65, 0x6c, 0x74, 0x62};
1518 /*
1519 length 0100
1520 */
1521 UINT8 length[2] = {0x00, 0x01};
1522
1523 SMP_TRACE_DEBUG ("%s", __FUNCTION__);
1524 #if SMP_DEBUG == TRUE
1525 p_prnt = w;
1526 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"W", BT_OCTET32_LEN);
1527 p_prnt = n1;
1528 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"N1", BT_OCTET16_LEN);
1529 p_prnt = n2;
1530 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"N2", BT_OCTET16_LEN);
1531 p_prnt = a1;
1532 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"A1", 7);
1533 p_prnt = a2;
1534 smp_debug_print_nbyte_little_endian (p_prnt,(const UINT8 *) "A2", 7);
1535 #endif
1536
1537 if (!smp_calculate_f5_key(w, t))
1538 {
1539 SMP_TRACE_ERROR("%s failed to calc T",__FUNCTION__);
1540 return FALSE;
1541 }
1542 #if SMP_DEBUG == TRUE
1543 p_prnt = t;
1544 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"T", BT_OCTET16_LEN);
1545 #endif
1546
1547 if (!smp_calculate_f5_mackey_or_long_term_key(t, counter_mac_key, key_id, n1, n2, a1, a2,
1548 length, mac_key))
1549 {
1550 SMP_TRACE_ERROR("%s failed to calc MacKey", __FUNCTION__);
1551 return FALSE;
1552 }
1553 #if SMP_DEBUG == TRUE
1554 p_prnt = mac_key;
1555 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"MacKey", BT_OCTET16_LEN);
1556 #endif
1557
1558 if (!smp_calculate_f5_mackey_or_long_term_key(t, counter_ltk, key_id, n1, n2, a1, a2,
1559 length, ltk))
1560 {
1561 SMP_TRACE_ERROR("%s failed to calc LTK",__FUNCTION__);
1562 return FALSE;
1563 }
1564 #if SMP_DEBUG == TRUE
1565 p_prnt = ltk;
1566 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"LTK", BT_OCTET16_LEN);
1567 #endif
1568
1569 return TRUE;
1570 }
1571
1572 /*******************************************************************************
1573 **
1574 ** Function smp_calculate_f5_mackey_or_long_term_key
1575 **
1576 ** Description The function calculates the value of MacKey or LTK by the rules
1577 ** defined for f5 function.
1578 ** At the moment exactly the same formula is used to calculate
1579 ** LTK and MacKey.
1580 ** The difference is the value of input parameter Counter:
1581 ** - in MacKey calculations the value is 0;
1582 ** - in LTK calculations the value is 1.
1583 ** The formula:
1584 ** mac = AES-CMAC (Counter||keyID||N1||N2||A1||A2||Length)
1585 ** T
1586 ** where
1587 ** input: T is 256 bits;
1588 ** Counter is 8 bits, its value is 0 for MacKey,
1589 ** 1 for LTK;
1590 ** keyID is 32 bits, its value is 0x62746c65;
1591 ** N1 is 128 bits;
1592 ** N2 is 128 bits;
1593 ** A1 is 56 bits;
1594 ** A2 is 56 bits;
1595 ** Length is 16 bits, its value is 0x0100
1596 ** output: LTK is 128 bit.
1597 **
1598 ** Returns FALSE if out of resources, TRUE in other cases.
1599 **
1600 ** Note The LSB is the first octet, the MSB is the last octet of
1601 ** the AES-CMAC input/output stream.
1602 **
1603 *******************************************************************************/
smp_calculate_f5_mackey_or_long_term_key(UINT8 * t,UINT8 * counter,UINT8 * key_id,UINT8 * n1,UINT8 * n2,UINT8 * a1,UINT8 * a2,UINT8 * length,UINT8 * mac)1604 BOOLEAN smp_calculate_f5_mackey_or_long_term_key(UINT8 *t, UINT8 *counter,
1605 UINT8 *key_id, UINT8 *n1, UINT8 *n2, UINT8 *a1, UINT8 *a2,
1606 UINT8 *length, UINT8 *mac)
1607 {
1608 UINT8 *p = NULL;
1609 UINT8 cmac[BT_OCTET16_LEN];
1610 UINT8 key[BT_OCTET16_LEN];
1611 UINT8 msg_len = 1 /* Counter size */ + 4 /* keyID size */ +
1612 BT_OCTET16_LEN /* N1 size */ + BT_OCTET16_LEN /* N2 size */ +
1613 7 /* A1 size*/ + 7 /* A2 size*/ + 2 /* Length size */;
1614 UINT8 msg[1 + 4 + BT_OCTET16_LEN + BT_OCTET16_LEN + 7 + 7 + 2];
1615 BOOLEAN ret = TRUE;
1616 #if SMP_DEBUG == TRUE
1617 UINT8 *p_prnt = NULL;
1618 #endif
1619
1620 SMP_TRACE_DEBUG ("%s", __FUNCTION__);
1621 #if SMP_DEBUG == TRUE
1622 p_prnt = t;
1623 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"T", BT_OCTET16_LEN);
1624 p_prnt = counter;
1625 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"Counter", 1);
1626 p_prnt = key_id;
1627 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"KeyID", 4);
1628 p_prnt = n1;
1629 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"N1", BT_OCTET16_LEN);
1630 p_prnt = n2;
1631 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"N2", BT_OCTET16_LEN);
1632 p_prnt = a1;
1633 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"A1", 7);
1634 p_prnt = a2;
1635 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"A2", 7);
1636 p_prnt = length;
1637 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"Length", 2);
1638 #endif
1639
1640 p = key;
1641 ARRAY_TO_STREAM(p, t, BT_OCTET16_LEN);
1642 #if SMP_DEBUG == TRUE
1643 p_prnt = key;
1644 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"K", BT_OCTET16_LEN);
1645 #endif
1646 p = msg;
1647 ARRAY_TO_STREAM(p, length, 2);
1648 ARRAY_TO_STREAM(p, a2, 7);
1649 ARRAY_TO_STREAM(p, a1, 7);
1650 ARRAY_TO_STREAM(p, n2, BT_OCTET16_LEN);
1651 ARRAY_TO_STREAM(p, n1, BT_OCTET16_LEN);
1652 ARRAY_TO_STREAM(p, key_id, 4);
1653 ARRAY_TO_STREAM(p, counter, 1);
1654 #if SMP_DEBUG == TRUE
1655 p_prnt = msg;
1656 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"M", msg_len);
1657 #endif
1658
1659 if (!aes_cipher_msg_auth_code(key, msg, msg_len, BT_OCTET16_LEN, cmac))
1660 {
1661 SMP_TRACE_ERROR("%s failed", __FUNCTION__);
1662 ret = FALSE;
1663 }
1664
1665 #if SMP_DEBUG == TRUE
1666 p_prnt = cmac;
1667 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"AES-CMAC", BT_OCTET16_LEN);
1668 #endif
1669
1670 p = mac;
1671 ARRAY_TO_STREAM(p, cmac, BT_OCTET16_LEN);
1672 return ret;
1673 }
1674
1675 /*******************************************************************************
1676 **
1677 ** Function smp_calculate_f5_key
1678 **
1679 ** Description The function calculates key T used in calculation of
1680 ** MacKey and LTK (f5 output is defined as MacKey || LTK).
1681 ** T = AES-CMAC (W)
1682 ** salt
1683 ** where
1684 ** Internal: salt is 128 bit.
1685 ** input: W is 256 bit.
1686 ** Output: T is 128 bit.
1687 **
1688 ** Returns FALSE if out of resources, TRUE in other cases.
1689 **
1690 ** Note The LSB is the first octet, the MSB is the last octet of
1691 ** the AES-CMAC input/output stream.
1692 **
1693 *******************************************************************************/
smp_calculate_f5_key(UINT8 * w,UINT8 * t)1694 BOOLEAN smp_calculate_f5_key(UINT8 *w, UINT8 *t)
1695 {
1696 UINT8 *p = NULL;
1697 /* Please see 2.2.7 LE Secure Connections Key Generation Function f5 */
1698 /*
1699 salt: 6C88 8391 AAF5 A538 6037 0BDB 5A60 83BE
1700 */
1701 BT_OCTET16 salt = {
1702 0xBE, 0x83, 0x60, 0x5A, 0xDB, 0x0B, 0x37, 0x60,
1703 0x38, 0xA5, 0xF5, 0xAA, 0x91, 0x83, 0x88, 0x6C
1704 };
1705 #if SMP_DEBUG == TRUE
1706 UINT8 *p_prnt = NULL;
1707 #endif
1708
1709 SMP_TRACE_DEBUG ("%s", __FUNCTION__);
1710 #if SMP_DEBUG == TRUE
1711 p_prnt = salt;
1712 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"salt", BT_OCTET16_LEN);
1713 p_prnt = w;
1714 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"W", BT_OCTET32_LEN);
1715 #endif
1716
1717 BT_OCTET16 key;
1718 BT_OCTET32 msg;
1719
1720 p = key;
1721 ARRAY_TO_STREAM(p, salt, BT_OCTET16_LEN);
1722 p = msg;
1723 ARRAY_TO_STREAM(p, w, BT_OCTET32_LEN);
1724 #if SMP_DEBUG == TRUE
1725 p_prnt = key;
1726 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"K", BT_OCTET16_LEN);
1727 p_prnt = msg;
1728 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"M", BT_OCTET32_LEN);
1729 #endif
1730
1731 BT_OCTET16 cmac;
1732 BOOLEAN ret = TRUE;
1733 if (!aes_cipher_msg_auth_code(key, msg, BT_OCTET32_LEN, BT_OCTET16_LEN, cmac))
1734 {
1735 SMP_TRACE_ERROR("%s failed", __FUNCTION__);
1736 ret = FALSE;
1737 }
1738
1739 #if SMP_DEBUG == TRUE
1740 p_prnt = cmac;
1741 smp_debug_print_nbyte_little_endian (p_prnt, (const UINT8 *)"AES-CMAC", BT_OCTET16_LEN);
1742 #endif
1743
1744 p = t;
1745 ARRAY_TO_STREAM(p, cmac, BT_OCTET16_LEN);
1746 return ret;
1747 }
1748
1749 /*******************************************************************************
1750 **
1751 ** Function smp_calculate_local_dhkey_check
1752 **
1753 ** Description The function calculates and saves local device DHKey check
1754 ** value in CB.
1755 ** Before doing this it calls smp_calculate_f5_mackey_and_long_term_key(...).
1756 ** to calculate MacKey and LTK.
1757 ** MacKey is used in dhkey calculation.
1758 **
1759 ** Returns void
1760 **
1761 *******************************************************************************/
smp_calculate_local_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1762 void smp_calculate_local_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1763 {
1764 UINT8 iocap[3], a[7], b[7];
1765
1766 SMP_TRACE_DEBUG ("%s", __FUNCTION__);
1767
1768 smp_calculate_f5_mackey_and_long_term_key(p_cb);
1769
1770 smp_collect_local_io_capabilities(iocap, p_cb);
1771
1772 smp_collect_local_ble_address(a, p_cb);
1773 smp_collect_peer_ble_address(b, p_cb);
1774 smp_calculate_f6(p_cb->mac_key, p_cb->rand, p_cb->rrand, p_cb->peer_random, iocap, a, b,
1775 p_cb->dhkey_check);
1776
1777 SMP_TRACE_EVENT ("local DHKey check calculation is completed");
1778 }
1779
1780 /*******************************************************************************
1781 **
1782 ** Function smp_calculate_peer_dhkey_check
1783 **
1784 ** Description The function calculates peer device DHKey check value.
1785 **
1786 ** Returns void
1787 **
1788 *******************************************************************************/
smp_calculate_peer_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1789 void smp_calculate_peer_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1790 {
1791 UINT8 iocap[3], a[7], b[7];
1792 BT_OCTET16 param_buf;
1793 BOOLEAN ret;
1794 tSMP_KEY key;
1795 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
1796
1797 SMP_TRACE_DEBUG ("%s", __FUNCTION__);
1798
1799 smp_collect_peer_io_capabilities(iocap, p_cb);
1800
1801 smp_collect_local_ble_address(a, p_cb);
1802 smp_collect_peer_ble_address(b, p_cb);
1803 ret = smp_calculate_f6(p_cb->mac_key, p_cb->rrand, p_cb->rand, p_cb->local_random, iocap,
1804 b, a, param_buf);
1805
1806 if (ret)
1807 {
1808 SMP_TRACE_EVENT ("peer DHKey check calculation is completed");
1809 #if (SMP_DEBUG == TRUE)
1810 smp_debug_print_nbyte_little_endian (param_buf, (const UINT8 *)"peer DHKey check",
1811 BT_OCTET16_LEN);
1812 #endif
1813 key.key_type = SMP_KEY_TYPE_PEER_DHK_CHCK;
1814 key.p_data = param_buf;
1815 smp_sm_event(p_cb, SMP_SC_KEY_READY_EVT, &key);
1816 }
1817 else
1818 {
1819 SMP_TRACE_EVENT ("peer DHKey check calculation failed");
1820 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
1821 }
1822 }
1823
1824 /*******************************************************************************
1825 **
1826 ** Function smp_calculate_f6
1827 **
1828 ** Description The function calculates
1829 ** C = f6(W, N1, N2, R, IOcap, A1, A2) = AES-CMAC (N1||N2||R||IOcap||A1||A2)
1830 ** W
1831 ** where
1832 ** input: W is 128 bit,
1833 ** N1 is 128 bit,
1834 ** N2 is 128 bit,
1835 ** R is 128 bit,
1836 ** IOcap is 24 bit,
1837 ** A1 is 56 bit,
1838 ** A2 is 56 bit,
1839 ** output: C is 128 bit.
1840 **
1841 ** Returns FALSE if out of resources, TRUE in other cases.
1842 **
1843 ** Note The LSB is the first octet, the MSB is the last octet of
1844 ** the AES-CMAC input/output stream.
1845 **
1846 *******************************************************************************/
smp_calculate_f6(UINT8 * w,UINT8 * n1,UINT8 * n2,UINT8 * r,UINT8 * iocap,UINT8 * a1,UINT8 * a2,UINT8 * c)1847 BOOLEAN smp_calculate_f6(UINT8 *w, UINT8 *n1, UINT8 *n2, UINT8 *r, UINT8 *iocap, UINT8 *a1,
1848 UINT8 *a2, UINT8 *c)
1849 {
1850 UINT8 *p = NULL;
1851 UINT8 msg_len = BT_OCTET16_LEN /* N1 size */ + BT_OCTET16_LEN /* N2 size */ +
1852 BT_OCTET16_LEN /* R size */ + 3 /* IOcap size */ + 7 /* A1 size*/
1853 + 7 /* A2 size*/;
1854 UINT8 msg[BT_OCTET16_LEN + BT_OCTET16_LEN + BT_OCTET16_LEN + 3 + 7 + 7];
1855 #if SMP_DEBUG == TRUE
1856 UINT8 *p_print = NULL;
1857 #endif
1858
1859 SMP_TRACE_DEBUG ("%s", __FUNCTION__);
1860 #if SMP_DEBUG == TRUE
1861 p_print = w;
1862 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"W", BT_OCTET16_LEN);
1863 p_print = n1;
1864 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"N1", BT_OCTET16_LEN);
1865 p_print = n2;
1866 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"N2", BT_OCTET16_LEN);
1867 p_print = r;
1868 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"R", BT_OCTET16_LEN);
1869 p_print = iocap;
1870 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"IOcap", 3);
1871 p_print = a1;
1872 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"A1", 7);
1873 p_print = a2;
1874 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"A2", 7);
1875 #endif
1876
1877 UINT8 cmac[BT_OCTET16_LEN];
1878 UINT8 key[BT_OCTET16_LEN];
1879
1880 p = key;
1881 ARRAY_TO_STREAM(p, w, BT_OCTET16_LEN);
1882 #if SMP_DEBUG == TRUE
1883 p_print = key;
1884 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"K", BT_OCTET16_LEN);
1885 #endif
1886
1887 p = msg;
1888 ARRAY_TO_STREAM(p, a2, 7);
1889 ARRAY_TO_STREAM(p, a1, 7);
1890 ARRAY_TO_STREAM(p, iocap, 3);
1891 ARRAY_TO_STREAM(p, r, BT_OCTET16_LEN);
1892 ARRAY_TO_STREAM(p, n2, BT_OCTET16_LEN);
1893 ARRAY_TO_STREAM(p, n1, BT_OCTET16_LEN);
1894 #if SMP_DEBUG == TRUE
1895 p_print = msg;
1896 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"M", msg_len);
1897 #endif
1898
1899 BOOLEAN ret = TRUE;
1900 if(!aes_cipher_msg_auth_code(key, msg, msg_len, BT_OCTET16_LEN, cmac))
1901 {
1902 SMP_TRACE_ERROR("%s failed", __FUNCTION__);
1903 ret = FALSE;
1904 }
1905
1906 #if SMP_DEBUG == TRUE
1907 p_print = cmac;
1908 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"AES-CMAC", BT_OCTET16_LEN);
1909 #endif
1910
1911 p = c;
1912 ARRAY_TO_STREAM(p, cmac, BT_OCTET16_LEN);
1913 return ret;
1914 }
1915
1916 /*******************************************************************************
1917 **
1918 ** Function smp_calculate_link_key_from_long_term_key
1919 **
1920 ** Description The function calculates and saves BR/EDR link key derived from
1921 ** LE SC LTK.
1922 **
1923 ** Returns FALSE if out of resources, TRUE in other cases.
1924 **
1925 *******************************************************************************/
smp_calculate_link_key_from_long_term_key(tSMP_CB * p_cb)1926 BOOLEAN smp_calculate_link_key_from_long_term_key(tSMP_CB *p_cb)
1927 {
1928 tBTM_SEC_DEV_REC *p_dev_rec;
1929 BD_ADDR bda_for_lk;
1930 tBLE_ADDR_TYPE conn_addr_type;
1931
1932 SMP_TRACE_DEBUG ("%s", __func__);
1933
1934 if (p_cb->id_addr_rcvd && p_cb->id_addr_type == BLE_ADDR_PUBLIC)
1935 {
1936 SMP_TRACE_DEBUG ("Use rcvd identity address as BD_ADDR of LK rcvd identity address");
1937 memcpy(bda_for_lk, p_cb->id_addr, BD_ADDR_LEN);
1938 }
1939 else if ((BTM_ReadRemoteConnectionAddr(p_cb->pairing_bda, bda_for_lk, &conn_addr_type)) &&
1940 conn_addr_type == BLE_ADDR_PUBLIC)
1941 {
1942 SMP_TRACE_DEBUG ("Use rcvd connection address as BD_ADDR of LK");
1943 }
1944 else
1945 {
1946 SMP_TRACE_WARNING ("Don't have peer public address to associate with LK");
1947 return FALSE;
1948 }
1949
1950 if ((p_dev_rec = btm_find_dev (p_cb->pairing_bda)) == NULL)
1951 {
1952 SMP_TRACE_ERROR("%s failed to find Security Record", __func__);
1953 return FALSE;
1954 }
1955
1956 BT_OCTET16 intermediate_link_key;
1957 BOOLEAN ret = TRUE;
1958
1959 ret = smp_calculate_h6(p_cb->ltk, (UINT8 *)"1pmt" /* reversed "tmp1" */,intermediate_link_key);
1960 if (!ret)
1961 {
1962 SMP_TRACE_ERROR("%s failed to derive intermediate_link_key", __func__);
1963 return ret;
1964 }
1965
1966 BT_OCTET16 link_key;
1967 ret = smp_calculate_h6(intermediate_link_key, (UINT8 *) "rbel" /* reversed "lebr" */, link_key);
1968 if (!ret)
1969 {
1970 SMP_TRACE_ERROR("%s failed", __func__);
1971 }
1972 else
1973 {
1974 UINT8 link_key_type;
1975 if (btm_cb.security_mode == BTM_SEC_MODE_SC)
1976 {
1977 /* Secure Connections Only Mode */
1978 link_key_type = BTM_LKEY_TYPE_AUTH_COMB_P_256;
1979 }
1980 else if (controller_get_interface()->supports_secure_connections())
1981 {
1982 /* both transports are SC capable */
1983 if (p_cb->sec_level == SMP_SEC_AUTHENTICATED)
1984 link_key_type = BTM_LKEY_TYPE_AUTH_COMB_P_256;
1985 else
1986 link_key_type = BTM_LKEY_TYPE_UNAUTH_COMB_P_256;
1987 }
1988 else if (btm_cb.security_mode == BTM_SEC_MODE_SP)
1989 {
1990 /* BR/EDR transport is SSP capable */
1991 if (p_cb->sec_level == SMP_SEC_AUTHENTICATED)
1992 link_key_type = BTM_LKEY_TYPE_AUTH_COMB;
1993 else
1994 link_key_type = BTM_LKEY_TYPE_UNAUTH_COMB;
1995 }
1996 else
1997 {
1998 SMP_TRACE_ERROR ("%s failed to update link_key. Sec Mode = %d, sm4 = 0x%02x",
1999 __func__, btm_cb.security_mode, p_dev_rec->sm4);
2000 return FALSE;
2001 }
2002
2003 link_key_type += BTM_LTK_DERIVED_LKEY_OFFSET;
2004
2005 UINT8 *p;
2006 BT_OCTET16 notif_link_key;
2007 p = notif_link_key;
2008 ARRAY16_TO_STREAM(p, link_key);
2009
2010 btm_sec_link_key_notification (bda_for_lk, notif_link_key, link_key_type);
2011
2012 SMP_TRACE_EVENT ("%s is completed", __func__);
2013 }
2014
2015 return ret;
2016 }
2017
2018 /*******************************************************************************
2019 **
2020 ** Function smp_calculate_long_term_key_from_link_key
2021 **
2022 ** Description The function calculates and saves SC LTK derived from BR/EDR
2023 ** link key.
2024 **
2025 ** Returns FALSE if out of resources, TRUE in other cases.
2026 **
2027 *******************************************************************************/
smp_calculate_long_term_key_from_link_key(tSMP_CB * p_cb)2028 BOOLEAN smp_calculate_long_term_key_from_link_key(tSMP_CB *p_cb)
2029 {
2030 BOOLEAN ret = TRUE;
2031 tBTM_SEC_DEV_REC *p_dev_rec;
2032 UINT8 rev_link_key[16];
2033
2034 SMP_TRACE_DEBUG ("%s", __FUNCTION__);
2035
2036 if ((p_dev_rec = btm_find_dev (p_cb->pairing_bda)) == NULL)
2037 {
2038 SMP_TRACE_ERROR("%s failed to find Security Record",__FUNCTION__);
2039 return FALSE;
2040 }
2041
2042 UINT8 br_link_key_type;
2043 if ((br_link_key_type = BTM_SecGetDeviceLinkKeyType (p_cb->pairing_bda))
2044 == BTM_LKEY_TYPE_IGNORE)
2045 {
2046 SMP_TRACE_ERROR("%s failed to retrieve BR link type",__FUNCTION__);
2047 return FALSE;
2048 }
2049
2050 if ((br_link_key_type != BTM_LKEY_TYPE_AUTH_COMB_P_256) &&
2051 (br_link_key_type != BTM_LKEY_TYPE_UNAUTH_COMB_P_256))
2052 {
2053 SMP_TRACE_ERROR("%s LE SC LTK can't be derived from LK %d",
2054 __FUNCTION__, br_link_key_type);
2055 return FALSE;
2056 }
2057
2058 UINT8 *p1;
2059 UINT8 *p2;
2060 p1 = rev_link_key;
2061 p2 = p_dev_rec->link_key;
2062 REVERSE_ARRAY_TO_STREAM(p1, p2, 16);
2063
2064 BT_OCTET16 intermediate_long_term_key;
2065 /* "tmp2" obtained from the spec */
2066 ret = smp_calculate_h6(rev_link_key, (UINT8 *) "2pmt" /* reversed "tmp2" */,
2067 intermediate_long_term_key);
2068
2069 if (!ret)
2070 {
2071 SMP_TRACE_ERROR("%s failed to derive intermediate_long_term_key",__FUNCTION__);
2072 return ret;
2073 }
2074
2075 /* "brle" obtained from the spec */
2076 ret = smp_calculate_h6(intermediate_long_term_key, (UINT8 *) "elrb" /* reversed "brle" */,
2077 p_cb->ltk);
2078
2079 if (!ret)
2080 {
2081 SMP_TRACE_ERROR("%s failed",__FUNCTION__);
2082 }
2083 else
2084 {
2085 p_cb->sec_level = (br_link_key_type == BTM_LKEY_TYPE_AUTH_COMB_P_256)
2086 ? SMP_SEC_AUTHENTICATED : SMP_SEC_UNAUTHENTICATE;
2087 SMP_TRACE_EVENT ("%s is completed",__FUNCTION__);
2088 }
2089
2090 return ret;
2091 }
2092
2093 /*******************************************************************************
2094 **
2095 ** Function smp_calculate_h6
2096 **
2097 ** Description The function calculates
2098 ** C = h6(W, KeyID) = AES-CMAC (KeyID)
2099 ** W
2100 ** where
2101 ** input: W is 128 bit,
2102 ** KeyId is 32 bit,
2103 ** output: C is 128 bit.
2104 **
2105 ** Returns FALSE if out of resources, TRUE in other cases.
2106 **
2107 ** Note The LSB is the first octet, the MSB is the last octet of
2108 ** the AES-CMAC input/output stream.
2109 **
2110 *******************************************************************************/
smp_calculate_h6(UINT8 * w,UINT8 * keyid,UINT8 * c)2111 BOOLEAN smp_calculate_h6(UINT8 *w, UINT8 *keyid, UINT8 *c)
2112 {
2113 #if SMP_DEBUG == TRUE
2114 UINT8 *p_print = NULL;
2115 #endif
2116
2117 SMP_TRACE_DEBUG ("%s",__FUNCTION__);
2118 #if SMP_DEBUG == TRUE
2119 p_print = w;
2120 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"W", BT_OCTET16_LEN);
2121 p_print = keyid;
2122 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"keyID", 4);
2123 #endif
2124
2125 UINT8 *p = NULL;
2126 UINT8 key[BT_OCTET16_LEN];
2127
2128 p = key;
2129 ARRAY_TO_STREAM(p, w, BT_OCTET16_LEN);
2130
2131 #if SMP_DEBUG == TRUE
2132 p_print = key;
2133 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"K", BT_OCTET16_LEN);
2134 #endif
2135
2136 UINT8 msg_len = 4 /* KeyID size */;
2137 UINT8 msg[4];
2138
2139 p = msg;
2140 ARRAY_TO_STREAM(p, keyid, 4);
2141
2142 #if SMP_DEBUG == TRUE
2143 p_print = msg;
2144 smp_debug_print_nbyte_little_endian (p_print,(const UINT8 *) "M", msg_len);
2145 #endif
2146
2147 BOOLEAN ret = TRUE;
2148 UINT8 cmac[BT_OCTET16_LEN];
2149 if (!aes_cipher_msg_auth_code(key, msg, msg_len, BT_OCTET16_LEN, cmac))
2150 {
2151 SMP_TRACE_ERROR("%s failed",__FUNCTION__);
2152 ret = FALSE;
2153 }
2154
2155 #if SMP_DEBUG == TRUE
2156 p_print = cmac;
2157 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"AES-CMAC", BT_OCTET16_LEN);
2158 #endif
2159
2160 p = c;
2161 ARRAY_TO_STREAM(p, cmac, BT_OCTET16_LEN);
2162 return ret;
2163 }
2164
2165 /*******************************************************************************
2166 **
2167 ** Function smp_start_nonce_generation
2168 **
2169 ** Description This function starts nonce generation.
2170 **
2171 ** Returns void
2172 **
2173 *******************************************************************************/
smp_start_nonce_generation(tSMP_CB * p_cb)2174 void smp_start_nonce_generation(tSMP_CB *p_cb)
2175 {
2176 SMP_TRACE_DEBUG("%s", __FUNCTION__);
2177 p_cb->rand_enc_proc_state = SMP_GEN_NONCE_0_7;
2178 if (!btsnd_hcic_ble_rand((void *)smp_rand_back))
2179 smp_rand_back(NULL);
2180 }
2181
2182 /*******************************************************************************
2183 **
2184 ** Function smp_finish_nonce_generation
2185 **
2186 ** Description This function finishes nonce generation.
2187 **
2188 ** Returns void
2189 **
2190 *******************************************************************************/
smp_finish_nonce_generation(tSMP_CB * p_cb)2191 void smp_finish_nonce_generation(tSMP_CB *p_cb)
2192 {
2193 SMP_TRACE_DEBUG("%s", __FUNCTION__);
2194 p_cb->rand_enc_proc_state = SMP_GEN_NONCE_8_15;
2195 if (!btsnd_hcic_ble_rand((void *)smp_rand_back))
2196 smp_rand_back(NULL);
2197 }
2198
2199 /*******************************************************************************
2200 **
2201 ** Function smp_process_new_nonce
2202 **
2203 ** Description This function notifies SM that it has new nonce.
2204 **
2205 ** Returns void
2206 **
2207 *******************************************************************************/
smp_process_new_nonce(tSMP_CB * p_cb)2208 void smp_process_new_nonce(tSMP_CB *p_cb)
2209 {
2210 SMP_TRACE_DEBUG ("%s round %d", __FUNCTION__, p_cb->round);
2211 smp_sm_event(p_cb, SMP_HAVE_LOC_NONCE_EVT, NULL);
2212 }
2213
2214 /*******************************************************************************
2215 **
2216 ** Function smp_rand_back
2217 **
2218 ** Description This function is to process the rand command finished,
2219 ** process the random/encrypted number for further action.
2220 **
2221 ** Returns void
2222 **
2223 *******************************************************************************/
smp_rand_back(tBTM_RAND_ENC * p)2224 static void smp_rand_back(tBTM_RAND_ENC *p)
2225 {
2226 tSMP_CB *p_cb = &smp_cb;
2227 UINT8 *pp = p->param_buf;
2228 UINT8 failure = SMP_PAIR_FAIL_UNKNOWN;
2229 UINT8 state = p_cb->rand_enc_proc_state & ~0x80;
2230
2231 SMP_TRACE_DEBUG ("%s state=0x%x", __FUNCTION__, state);
2232 if (p && p->status == HCI_SUCCESS)
2233 {
2234 switch (state)
2235 {
2236 case SMP_GEN_SRAND_MRAND:
2237 memcpy((void *)p_cb->rand, p->param_buf, p->param_len);
2238 smp_generate_rand_cont(p_cb, NULL);
2239 break;
2240
2241 case SMP_GEN_SRAND_MRAND_CONT:
2242 memcpy((void *)&p_cb->rand[8], p->param_buf, p->param_len);
2243 smp_generate_confirm(p_cb, NULL);
2244 break;
2245
2246 case SMP_GEN_DIV_LTK:
2247 STREAM_TO_UINT16(p_cb->div, pp);
2248 smp_generate_ltk_cont(p_cb, NULL);
2249 break;
2250
2251 case SMP_GEN_DIV_CSRK:
2252 STREAM_TO_UINT16(p_cb->div, pp);
2253 smp_compute_csrk(p_cb, NULL);
2254 break;
2255
2256 case SMP_GEN_TK:
2257 smp_proc_passkey(p_cb, p);
2258 break;
2259
2260 case SMP_GEN_RAND_V:
2261 memcpy(p_cb->enc_rand, p->param_buf, BT_OCTET8_LEN);
2262 smp_generate_y(p_cb, NULL);
2263 break;
2264
2265 case SMP_GENERATE_PRIVATE_KEY_0_7:
2266 case SMP_GENERATE_PRIVATE_KEY_8_15:
2267 case SMP_GENERATE_PRIVATE_KEY_16_23:
2268 case SMP_GENERATE_PRIVATE_KEY_24_31:
2269 smp_continue_private_key_creation(p_cb, p);
2270 break;
2271
2272 case SMP_GEN_NONCE_0_7:
2273 memcpy((void *)p_cb->rand, p->param_buf, p->param_len);
2274 smp_finish_nonce_generation(p_cb);
2275 break;
2276
2277 case SMP_GEN_NONCE_8_15:
2278 memcpy((void *)&p_cb->rand[8], p->param_buf, p->param_len);
2279 smp_process_new_nonce(p_cb);
2280 break;
2281 }
2282
2283 return;
2284 }
2285
2286 SMP_TRACE_ERROR("%s key generation failed: (%d)", __FUNCTION__, p_cb->rand_enc_proc_state);
2287 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &failure);
2288 }
2289
2290 #endif
2291
2292