1 /******************************************************************************
2  *
3  *  Copyright (C) 2003-2012 Broadcom Corporation
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 #include <string.h>
20 #include "device/include/interop.h"
21 #include "include/bt_target.h"
22 #include "stack/btm/btm_int.h"
23 #include "stack/include/l2c_api.h"
24 #include "stack/smp/smp_int.h"
25 #include "utils/include/bt_utils.h"
26 
27 #if SMP_INCLUDED == TRUE
28 const UINT8 smp_association_table[2][SMP_IO_CAP_MAX][SMP_IO_CAP_MAX] =
29 {
30     /* initiator */
31     {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY,   SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* Display Only */
32         {SMP_MODEL_ENCRYPTION_ONLY,  SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* SMP_CAP_IO = 1 */
33         {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF,  SMP_MODEL_PASSKEY,   SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* keyboard only */
34         {SMP_MODEL_ENCRYPTION_ONLY,  SMP_MODEL_ENCRYPTION_ONLY,   SMP_MODEL_ENCRYPTION_ONLY,  SMP_MODEL_ENCRYPTION_ONLY,    SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */
35         {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF,  SMP_MODEL_PASSKEY,   SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}}, /* keyboard display */
36     /* responder */
37     {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY,   SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY,    SMP_MODEL_KEY_NOTIF}, /* Display Only */
38         {SMP_MODEL_ENCRYPTION_ONLY,  SMP_MODEL_ENCRYPTION_ONLY,   SMP_MODEL_KEY_NOTIF,   SMP_MODEL_ENCRYPTION_ONLY,    SMP_MODEL_KEY_NOTIF}, /* SMP_CAP_IO = 1 */
39         {SMP_MODEL_PASSKEY,   SMP_MODEL_PASSKEY,    SMP_MODEL_PASSKEY,   SMP_MODEL_ENCRYPTION_ONLY,    SMP_MODEL_PASSKEY}, /* keyboard only */
40         {SMP_MODEL_ENCRYPTION_ONLY,  SMP_MODEL_ENCRYPTION_ONLY,   SMP_MODEL_ENCRYPTION_ONLY,  SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */
41         {SMP_MODEL_PASSKEY,   SMP_MODEL_PASSKEY,    SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}} /* keyboard display */
42     /* display only */    /*SMP_CAP_IO = 1 */  /* keyboard only */   /* No InputOutput */  /* keyboard display */
43 };
44 
45 #define SMP_KEY_DIST_TYPE_MAX       4
46 const tSMP_ACT smp_distribute_act [] =
47 {
48     smp_generate_ltk,
49     smp_send_id_info,
50     smp_generate_csrk,
51     smp_set_derive_link_key
52 };
53 
54 /*******************************************************************************
55 ** Function         smp_update_key_mask
56 ** Description      This function updates the key mask for sending or receiving.
57 *******************************************************************************/
smp_update_key_mask(tSMP_CB * p_cb,UINT8 key_type,BOOLEAN recv)58 static void smp_update_key_mask (tSMP_CB *p_cb, UINT8 key_type, BOOLEAN recv)
59 {
60     SMP_TRACE_DEBUG("%s before update role=%d recv=%d local_i_key = %02x, local_r_key = %02x",
61         __func__, p_cb->role, recv, p_cb->local_i_key, p_cb->local_r_key);
62 
63     if (((p_cb->le_secure_connections_mode_is_used) ||
64         (p_cb->smp_over_br)) &&
65         ((key_type == SMP_SEC_KEY_TYPE_ENC) || (key_type == SMP_SEC_KEY_TYPE_LK)))
66     {
67         /* in LE SC mode LTK, CSRK and BR/EDR LK are derived locally instead of
68         ** being exchanged with the peer */
69         p_cb->local_i_key &= ~key_type;
70         p_cb->local_r_key &= ~key_type;
71     }
72     else
73     if (p_cb->role == HCI_ROLE_SLAVE)
74     {
75         if (recv)
76             p_cb->local_i_key &= ~key_type;
77         else
78             p_cb->local_r_key &= ~key_type;
79     }
80     else
81     {
82         if (recv)
83             p_cb->local_r_key &= ~key_type;
84         else
85             p_cb->local_i_key &= ~key_type;
86     }
87 
88     SMP_TRACE_DEBUG("updated local_i_key = %02x, local_r_key = %02x", p_cb->local_i_key,
89                       p_cb->local_r_key);
90 }
91 
92 /*******************************************************************************
93 ** Function     smp_send_app_cback
94 ** Description  notifies application about the events the application is interested in
95 *******************************************************************************/
smp_send_app_cback(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)96 void smp_send_app_cback(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
97 {
98     tSMP_EVT_DATA   cb_data;
99     tSMP_STATUS callback_rc;
100     SMP_TRACE_DEBUG("%s p_cb->cb_evt=%d", __func__, p_cb->cb_evt);
101     if (p_cb->p_callback && p_cb->cb_evt != 0)
102     {
103         switch (p_cb->cb_evt)
104         {
105             case SMP_IO_CAP_REQ_EVT:
106                 cb_data.io_req.auth_req = p_cb->peer_auth_req;
107                 cb_data.io_req.oob_data = SMP_OOB_NONE;
108                 cb_data.io_req.io_cap = SMP_DEFAULT_IO_CAPS;
109                 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
110                 cb_data.io_req.init_keys = p_cb->local_i_key ;
111                 cb_data.io_req.resp_keys = p_cb->local_r_key ;
112                 SMP_TRACE_WARNING ( "io_cap = %d",cb_data.io_req.io_cap);
113                 break;
114 
115             case SMP_NC_REQ_EVT:
116                 cb_data.passkey = p_data->passkey;
117                 break;
118             case SMP_SC_OOB_REQ_EVT:
119                 cb_data.req_oob_type = p_data->req_oob_type;
120                 break;
121             case SMP_SC_LOC_OOB_DATA_UP_EVT:
122                 cb_data.loc_oob_data = p_cb->sc_oob_data.loc_oob_data;
123                 break;
124 
125             case SMP_BR_KEYS_REQ_EVT:
126                 cb_data.io_req.auth_req = 0;
127                 cb_data.io_req.oob_data = SMP_OOB_NONE;
128                 cb_data.io_req.io_cap = 0;
129                 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
130                 cb_data.io_req.init_keys = SMP_BR_SEC_DEFAULT_KEY;
131                 cb_data.io_req.resp_keys = SMP_BR_SEC_DEFAULT_KEY;
132                 break;
133 
134             default:
135                 break;
136         }
137 
138         callback_rc = (*p_cb->p_callback)(p_cb->cb_evt, p_cb->pairing_bda, &cb_data);
139 
140         SMP_TRACE_DEBUG("callback_rc=%d  p_cb->cb_evt=%d",callback_rc, p_cb->cb_evt );
141 
142         if (callback_rc == SMP_SUCCESS)
143         {
144             switch (p_cb->cb_evt)
145             {
146                 case SMP_IO_CAP_REQ_EVT:
147                     p_cb->loc_auth_req   = cb_data.io_req.auth_req;
148                     p_cb->local_io_capability  = cb_data.io_req.io_cap;
149                     p_cb->loc_oob_flag = cb_data.io_req.oob_data;
150                     p_cb->loc_enc_size = cb_data.io_req.max_key_size;
151                     p_cb->local_i_key = cb_data.io_req.init_keys;
152                     p_cb->local_r_key = cb_data.io_req.resp_keys;
153 
154                     if (!(p_cb->loc_auth_req & SMP_AUTH_BOND))
155                     {
156                         SMP_TRACE_WARNING ("Non bonding: No keys will be exchanged");
157                         p_cb->local_i_key = 0;
158                         p_cb->local_r_key = 0;
159                     }
160 
161                     SMP_TRACE_WARNING ( "rcvd auth_req: 0x%02x, io_cap: %d \
162                         loc_oob_flag: %d loc_enc_size: %d,"
163                         "local_i_key: 0x%02x, local_r_key: 0x%02x",
164                         p_cb->loc_auth_req, p_cb->local_io_capability, p_cb->loc_oob_flag,
165                         p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key);
166 
167                     p_cb->secure_connections_only_mode_required =
168                         (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE;
169 
170                     if (p_cb->secure_connections_only_mode_required)
171                     {
172                         p_cb->loc_auth_req |= SMP_SC_SUPPORT_BIT;
173                     }
174 
175                     if (!(p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT)
176                         || interop_match(INTEROP_DISABLE_LE_SECURE_CONNECTIONS,
177                             (const bt_bdaddr_t *)&p_cb->pairing_bda))
178                     {
179                         p_cb->loc_auth_req &= ~SMP_KP_SUPPORT_BIT;
180                         p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
181                         p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
182                     }
183 
184                     SMP_TRACE_WARNING("set auth_req: 0x%02x, local_i_key: 0x%02x, local_r_key: 0x%02x",
185                         p_cb->loc_auth_req, p_cb->local_i_key, p_cb->local_r_key);
186 
187                     smp_sm_event(p_cb, SMP_IO_RSP_EVT, NULL);
188                     break;
189 
190                 case SMP_BR_KEYS_REQ_EVT:
191                     p_cb->loc_enc_size = cb_data.io_req.max_key_size;
192                     p_cb->local_i_key = cb_data.io_req.init_keys;
193                     p_cb->local_r_key = cb_data.io_req.resp_keys;
194 
195                     p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
196                     p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
197 
198                     SMP_TRACE_WARNING ( "for SMP over BR max_key_size: 0x%02x,\
199                         local_i_key: 0x%02x, local_r_key: 0x%02x",
200                         p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key);
201 
202                     smp_br_state_machine_event(p_cb, SMP_BR_KEYS_RSP_EVT, NULL);
203                     break;
204             }
205         }
206     }
207 
208     if (!p_cb->cb_evt && p_cb->discard_sec_req)
209     {
210         p_cb->discard_sec_req = FALSE;
211         smp_sm_event(p_cb, SMP_DISCARD_SEC_REQ_EVT, NULL);
212     }
213 
214     SMP_TRACE_DEBUG("%s return", __func__);
215 }
216 
217 /*******************************************************************************
218 ** Function     smp_send_pair_fail
219 ** Description  pairing failure to peer device if needed.
220 *******************************************************************************/
smp_send_pair_fail(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)221 void smp_send_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
222 {
223     p_cb->status = *(UINT8 *)p_data;
224     p_cb->failure = *(UINT8 *)p_data;
225 
226     SMP_TRACE_DEBUG("%s status=%d failure=%d ", __func__, p_cb->status, p_cb->failure);
227 
228     if (p_cb->status <= SMP_MAX_FAIL_RSN_PER_SPEC && p_cb->status != SMP_SUCCESS)
229     {
230         smp_send_cmd(SMP_OPCODE_PAIRING_FAILED, p_cb);
231         p_cb->wait_for_authorization_complete = TRUE;
232     }
233 }
234 
235 /*******************************************************************************
236 ** Function     smp_send_pair_req
237 ** Description  actions related to sending pairing request
238 *******************************************************************************/
smp_send_pair_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)239 void smp_send_pair_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
240 {
241     tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
242     SMP_TRACE_DEBUG("%s", __func__);
243 
244     /* erase all keys when master sends pairing req*/
245     if (p_dev_rec)
246         btm_sec_clear_ble_keys(p_dev_rec);
247     /* do not manipulate the key, let app decide,
248        leave out to BTM to mandate key distribution for bonding case */
249     smp_send_cmd(SMP_OPCODE_PAIRING_REQ, p_cb);
250 }
251 
252 /*******************************************************************************
253 ** Function     smp_send_pair_rsp
254 ** Description  actions related to sending pairing response
255 *******************************************************************************/
smp_send_pair_rsp(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)256 void smp_send_pair_rsp(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
257 {
258     SMP_TRACE_DEBUG("%s", __func__);
259 
260     p_cb->local_i_key &= p_cb->peer_i_key;
261     p_cb->local_r_key &= p_cb->peer_r_key;
262 
263     if (smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb))
264     {
265         if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
266             smp_use_oob_private_key(p_cb, NULL);
267         else
268             smp_decide_association_model(p_cb, NULL);
269     }
270 }
271 
272 /*******************************************************************************
273 ** Function     smp_send_confirm
274 ** Description  send confirmation to the peer
275 *******************************************************************************/
smp_send_confirm(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)276 void smp_send_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
277 {
278     SMP_TRACE_DEBUG("%s", __func__);
279     smp_send_cmd(SMP_OPCODE_CONFIRM, p_cb);
280 }
281 
282 /*******************************************************************************
283 ** Function     smp_send_init
284 ** Description  process pairing initializer to slave device
285 *******************************************************************************/
smp_send_init(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)286 void smp_send_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
287 {
288     SMP_TRACE_DEBUG("%s", __func__);
289     smp_send_cmd(SMP_OPCODE_INIT, p_cb);
290 }
291 
292 /*******************************************************************************
293 ** Function     smp_send_rand
294 ** Description  send pairing random to the peer
295 *******************************************************************************/
smp_send_rand(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)296 void smp_send_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
297 {
298     SMP_TRACE_DEBUG("%s", __func__);
299     smp_send_cmd(SMP_OPCODE_RAND, p_cb);
300 }
301 
302 /*******************************************************************************
303 ** Function     smp_send_pair_public_key
304 ** Description  send pairing public key command to the peer
305 *******************************************************************************/
smp_send_pair_public_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)306 void smp_send_pair_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
307 {
308     SMP_TRACE_DEBUG("%s", __func__);
309     smp_send_cmd(SMP_OPCODE_PAIR_PUBLIC_KEY, p_cb);
310 }
311 
312 /*******************************************************************************
313 ** Function     SMP_SEND_COMMITMENT
314 ** Description send commitment command to the peer
315 *******************************************************************************/
smp_send_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)316 void smp_send_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
317 {
318     SMP_TRACE_DEBUG("%s", __func__);
319     smp_send_cmd(SMP_OPCODE_PAIR_COMMITM, p_cb);
320 }
321 
322 /*******************************************************************************
323 ** Function     smp_send_dhkey_check
324 ** Description send DHKey Check command to the peer
325 *******************************************************************************/
smp_send_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)326 void smp_send_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
327 {
328     SMP_TRACE_DEBUG("%s", __func__);
329     smp_send_cmd(SMP_OPCODE_PAIR_DHKEY_CHECK, p_cb);
330 }
331 
332 /*******************************************************************************
333 ** Function     smp_send_keypress_notification
334 ** Description send Keypress Notification command to the peer
335 *******************************************************************************/
smp_send_keypress_notification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)336 void smp_send_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
337 {
338     p_cb->local_keypress_notification = *(UINT8 *) p_data;
339     smp_send_cmd(SMP_OPCODE_PAIR_KEYPR_NOTIF, p_cb);
340 }
341 
342 /*******************************************************************************
343 ** Function     smp_send_enc_info
344 ** Description  send encryption information command.
345 *******************************************************************************/
smp_send_enc_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)346 void smp_send_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
347 {
348     tBTM_LE_LENC_KEYS   le_key;
349 
350     SMP_TRACE_DEBUG("%s p_cb->loc_enc_size = %d", __func__, p_cb->loc_enc_size);
351     smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
352 
353     smp_send_cmd(SMP_OPCODE_ENCRYPT_INFO, p_cb);
354     smp_send_cmd(SMP_OPCODE_MASTER_ID, p_cb);
355 
356     /* save the DIV and key size information when acting as slave device */
357     memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
358     le_key.div =  p_cb->div;
359     le_key.key_size = p_cb->loc_enc_size;
360     le_key.sec_level = p_cb->sec_level;
361 
362     if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
363         btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LENC,
364                             (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
365 
366     SMP_TRACE_WARNING ("%s", __func__);
367 
368     smp_key_distribution(p_cb, NULL);
369 }
370 
371 /*******************************************************************************
372 ** Function     smp_send_id_info
373 ** Description  send ID information command.
374 *******************************************************************************/
smp_send_id_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)375 void smp_send_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
376 {
377     tBTM_LE_KEY_VALUE   le_key;
378     SMP_TRACE_DEBUG("%s", __func__);
379     smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, FALSE);
380 
381     smp_send_cmd(SMP_OPCODE_IDENTITY_INFO, p_cb);
382     smp_send_cmd(SMP_OPCODE_ID_ADDR, p_cb);
383 
384     if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
385         btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LID,
386                             &le_key, TRUE);
387 
388     SMP_TRACE_WARNING ("%s", __func__);
389     smp_key_distribution_by_transport(p_cb, NULL);
390 }
391 
392 /*******************************************************************************
393 ** Function     smp_send_csrk_info
394 ** Description  send CSRK command.
395 *******************************************************************************/
smp_send_csrk_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)396 void smp_send_csrk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
397 {
398     tBTM_LE_LCSRK_KEYS  key;
399     SMP_TRACE_DEBUG("%s", __func__);
400     smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, FALSE);
401 
402     if (smp_send_cmd(SMP_OPCODE_SIGN_INFO, p_cb))
403     {
404         key.div = p_cb->div;
405         key.sec_level = p_cb->sec_level;
406         key.counter = 0; /* initialize the local counter */
407         memcpy (key.csrk, p_cb->csrk, BT_OCTET16_LEN);
408         btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LCSRK, (tBTM_LE_KEY_VALUE *)&key, TRUE);
409     }
410 
411     smp_key_distribution_by_transport(p_cb, NULL);
412 }
413 
414 /*******************************************************************************
415 ** Function     smp_send_ltk_reply
416 ** Description  send LTK reply
417 *******************************************************************************/
smp_send_ltk_reply(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)418 void smp_send_ltk_reply(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
419 {
420     SMP_TRACE_DEBUG("%s", __func__);
421     /* send stk as LTK response */
422     btm_ble_ltk_request_reply(p_cb->pairing_bda, TRUE, p_data->key.p_data);
423 }
424 
425 /*******************************************************************************
426 ** Function     smp_proc_sec_req
427 ** Description  process security request.
428 *******************************************************************************/
smp_proc_sec_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)429 void smp_proc_sec_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
430 {
431     tBTM_LE_AUTH_REQ auth_req = *(tBTM_LE_AUTH_REQ *)p_data;
432     tBTM_BLE_SEC_REQ_ACT sec_req_act;
433     UINT8 reason;
434 
435     SMP_TRACE_DEBUG("%s auth_req=0x%x", __func__, auth_req);
436 
437     p_cb->cb_evt = 0;
438 
439     btm_ble_link_sec_check(p_cb->pairing_bda, auth_req,  &sec_req_act);
440 
441     SMP_TRACE_DEBUG("%s sec_req_act=0x%x", __func__, sec_req_act);
442 
443     switch (sec_req_act)
444     {
445         case  BTM_BLE_SEC_REQ_ACT_ENCRYPT:
446             SMP_TRACE_DEBUG("%s BTM_BLE_SEC_REQ_ACT_ENCRYPT", __func__);
447             smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
448             break;
449 
450         case BTM_BLE_SEC_REQ_ACT_PAIR:
451             p_cb->secure_connections_only_mode_required =
452                     (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE;
453 
454             /* respond to non SC pairing request as failure in SC only mode */
455             if (p_cb->secure_connections_only_mode_required &&
456                 (auth_req & SMP_SC_SUPPORT_BIT) == 0)
457             {
458                 reason = SMP_PAIR_AUTH_FAIL;
459                 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
460             }
461             else
462             {
463                 /* initialize local i/r key to be default keys */
464                 p_cb->peer_auth_req = auth_req;
465                 p_cb->local_r_key = p_cb->local_i_key = SMP_SEC_DEFAULT_KEY ;
466                 p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
467             }
468             break;
469 
470         case BTM_BLE_SEC_REQ_ACT_DISCARD:
471             p_cb->discard_sec_req = TRUE;
472             break;
473 
474         default:
475             /* do nothing */
476             break;
477     }
478 }
479 
480 /*******************************************************************************
481 ** Function     smp_proc_sec_grant
482 ** Description  process security grant.
483 *******************************************************************************/
smp_proc_sec_grant(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)484 void smp_proc_sec_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
485 {
486     UINT8 res= *(UINT8 *)p_data;
487     SMP_TRACE_DEBUG("%s", __func__);
488     if (res != SMP_SUCCESS)
489     {
490         smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, p_data);
491     }
492     else /*otherwise, start pairing */
493     {
494         /* send IO request callback */
495         p_cb->cb_evt = SMP_IO_CAP_REQ_EVT;
496     }
497 }
498 
499 /*******************************************************************************
500 ** Function     smp_proc_pair_fail
501 ** Description  process pairing failure from peer device
502 *******************************************************************************/
smp_proc_pair_fail(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)503 void smp_proc_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
504 {
505     SMP_TRACE_DEBUG("%s", __func__);
506     p_cb->status = *(UINT8 *)p_data;
507 }
508 
509 /*******************************************************************************
510 ** Function     smp_proc_pair_cmd
511 ** Description  Process the SMP pairing request/response from peer device
512 *******************************************************************************/
smp_proc_pair_cmd(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)513 void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
514 {
515     UINT8   *p = (UINT8 *)p_data;
516     UINT8   reason = SMP_ENC_KEY_SIZE;
517     tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
518 
519     SMP_TRACE_DEBUG("%s", __func__);
520     /* erase all keys if it is slave proc pairing req*/
521     if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
522         btm_sec_clear_ble_keys(p_dev_rec);
523 
524     p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
525 
526     STREAM_TO_UINT8(p_cb->peer_io_caps, p);
527     STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
528     STREAM_TO_UINT8(p_cb->peer_auth_req, p);
529     STREAM_TO_UINT8(p_cb->peer_enc_size, p);
530     STREAM_TO_UINT8(p_cb->peer_i_key, p);
531     STREAM_TO_UINT8(p_cb->peer_r_key, p);
532 
533     if (smp_command_has_invalid_parameters(p_cb))
534     {
535         reason = SMP_INVALID_PARAMETERS;
536         smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
537         return;
538     }
539 
540     if (p_cb->role == HCI_ROLE_SLAVE)
541     {
542         if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD))
543         {
544             /* peer (master) started pairing sending Pairing Request */
545             p_cb->local_i_key = p_cb->peer_i_key;
546             p_cb->local_r_key = p_cb->peer_r_key;
547 
548             p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
549         }
550         else /* update local i/r key according to pairing request */
551         {
552             /* pairing started with this side (slave) sending Security Request */
553             p_cb->local_i_key &= p_cb->peer_i_key;
554             p_cb->local_r_key &= p_cb->peer_r_key;
555             p_cb->selected_association_model = smp_select_association_model(p_cb);
556 
557             if (p_cb->secure_connections_only_mode_required &&
558                 (!(p_cb->le_secure_connections_mode_is_used) ||
559                (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
560             {
561                 SMP_TRACE_ERROR("%s pairing failed - slave requires secure connection only mode",
562                     __func__);
563                 reason = SMP_PAIR_AUTH_FAIL;
564                 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
565                 return;
566             }
567 
568             if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
569             {
570                 if (smp_request_oob_data(p_cb)) return;
571             }
572             else
573             {
574                 smp_send_pair_rsp(p_cb, NULL);
575             }
576         }
577     }
578     else /* Master receives pairing response */
579     {
580         p_cb->selected_association_model = smp_select_association_model(p_cb);
581 
582         if (p_cb->secure_connections_only_mode_required &&
583             (!(p_cb->le_secure_connections_mode_is_used) ||
584            (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
585         {
586             SMP_TRACE_ERROR ("Master requires secure connection only mode \
587                 but it can't be provided -> Master fails pairing");
588             reason = SMP_PAIR_AUTH_FAIL;
589             smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
590             return;
591         }
592 
593         if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
594         {
595             if (smp_request_oob_data(p_cb)) return;
596         }
597         else
598         {
599             smp_decide_association_model(p_cb, NULL);
600         }
601     }
602 }
603 
604 /*******************************************************************************
605 ** Function     smp_proc_confirm
606 ** Description  process pairing confirm from peer device
607 *******************************************************************************/
smp_proc_confirm(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)608 void smp_proc_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
609 {
610     UINT8 *p = (UINT8 *)p_data;
611     UINT8 reason = SMP_INVALID_PARAMETERS;
612 
613     SMP_TRACE_DEBUG("%s", __func__);
614 
615     if (smp_command_has_invalid_parameters(p_cb))
616     {
617         smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
618         return;
619     }
620 
621     if (p != NULL)
622     {
623         /* save the SConfirm for comparison later */
624         STREAM_TO_ARRAY(p_cb->rconfirm, p, BT_OCTET16_LEN);
625     }
626 
627     p_cb->flags |= SMP_PAIR_FLAGS_CMD_CONFIRM;
628 }
629 
630 /*******************************************************************************
631 ** Function     smp_proc_init
632 ** Description  process pairing initializer from peer device
633 *******************************************************************************/
smp_proc_init(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)634 void smp_proc_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
635 {
636     UINT8 *p = (UINT8 *)p_data;
637     UINT8 reason = SMP_INVALID_PARAMETERS;
638 
639     SMP_TRACE_DEBUG("%s", __func__);
640 
641     if (smp_command_has_invalid_parameters(p_cb))
642     {
643         smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
644         return;
645     }
646 
647     /* save the SRand for comparison */
648     STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
649 }
650 
651 /*******************************************************************************
652 ** Function     smp_proc_rand
653 ** Description  process pairing random (nonce) from peer device
654 *******************************************************************************/
smp_proc_rand(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)655 void smp_proc_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
656 {
657     UINT8 *p = (UINT8 *)p_data;
658     UINT8 reason = SMP_INVALID_PARAMETERS;
659 
660     SMP_TRACE_DEBUG("%s", __func__);
661 
662     if (smp_command_has_invalid_parameters(p_cb))
663     {
664         smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
665         return;
666     }
667 
668     /* save the SRand for comparison */
669     STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
670 }
671 
672 /*******************************************************************************
673 ** Function     smp_process_pairing_public_key
674 ** Description  process pairing public key command from the peer device
675 **              - saves the peer public key;
676 **              - sets the flag indicating that the peer public key is received;
677 **              - calls smp_wait_for_both_public_keys(...).
678 **
679 *******************************************************************************/
smp_process_pairing_public_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)680 void smp_process_pairing_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
681 {
682     UINT8 *p = (UINT8 *)p_data;
683     UINT8 reason = SMP_INVALID_PARAMETERS;
684 
685     SMP_TRACE_DEBUG("%s", __func__);
686 
687     if (smp_command_has_invalid_parameters(p_cb))
688     {
689         smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
690         return;
691     }
692 
693     STREAM_TO_ARRAY(p_cb->peer_publ_key.x, p, BT_OCTET32_LEN);
694     STREAM_TO_ARRAY(p_cb->peer_publ_key.y, p, BT_OCTET32_LEN);
695     p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY;
696 
697     smp_wait_for_both_public_keys(p_cb, NULL);
698 }
699 
700 /*******************************************************************************
701 ** Function     smp_process_pairing_commitment
702 ** Description  process pairing commitment from peer device
703 *******************************************************************************/
smp_process_pairing_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)704 void smp_process_pairing_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
705 {
706     UINT8 *p = (UINT8 *)p_data;
707     UINT8 reason = SMP_INVALID_PARAMETERS;
708 
709     SMP_TRACE_DEBUG("%s", __func__);
710 
711     if (smp_command_has_invalid_parameters(p_cb))
712     {
713         smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
714         return;
715     }
716 
717     p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_COMM;
718 
719     if (p != NULL)
720     {
721         STREAM_TO_ARRAY(p_cb->remote_commitment, p, BT_OCTET16_LEN);
722     }
723 }
724 
725 /*******************************************************************************
726 ** Function     smp_process_dhkey_check
727 ** Description  process DHKey Check from peer device
728 *******************************************************************************/
smp_process_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)729 void smp_process_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
730 {
731     UINT8 *p = (UINT8 *)p_data;
732     UINT8 reason = SMP_INVALID_PARAMETERS;
733 
734     SMP_TRACE_DEBUG("%s", __func__);
735 
736     if (smp_command_has_invalid_parameters(p_cb))
737     {
738         smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
739         return;
740     }
741 
742     if (p != NULL)
743     {
744         STREAM_TO_ARRAY(p_cb->remote_dhkey_check, p, BT_OCTET16_LEN);
745     }
746 
747     p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK;
748 }
749 
750 /*******************************************************************************
751 ** Function     smp_process_keypress_notification
752 ** Description  process pairing keypress notification from peer device
753 *******************************************************************************/
smp_process_keypress_notification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)754 void smp_process_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
755 {
756     UINT8 *p = (UINT8 *)p_data;
757     UINT8 reason = SMP_INVALID_PARAMETERS;
758 
759     SMP_TRACE_DEBUG("%s", __func__);
760     p_cb->status = *(UINT8 *)p_data;
761 
762     if (smp_command_has_invalid_parameters(p_cb))
763     {
764         smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
765         return;
766     }
767 
768     if (p != NULL)
769     {
770         STREAM_TO_UINT8(p_cb->peer_keypress_notification, p);
771     }
772     else
773     {
774         p_cb->peer_keypress_notification = BTM_SP_KEY_OUT_OF_RANGE;
775     }
776     p_cb->cb_evt = SMP_PEER_KEYPR_NOT_EVT;
777 }
778 
779 /*******************************************************************************
780 ** Function     smp_br_process_pairing_command
781 ** Description  Process the SMP pairing request/response from peer device via
782 **              BR/EDR transport.
783 *******************************************************************************/
smp_br_process_pairing_command(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)784 void smp_br_process_pairing_command(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
785 {
786     UINT8   *p = (UINT8 *)p_data;
787     UINT8   reason = SMP_ENC_KEY_SIZE;
788     tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
789 
790     SMP_TRACE_DEBUG("%s", __func__);
791     /* rejecting BR pairing request over non-SC BR link */
792     if (!p_dev_rec->new_encryption_key_is_p256 && p_cb->role == HCI_ROLE_SLAVE)
793     {
794         reason = SMP_XTRANS_DERIVE_NOT_ALLOW;
795         smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
796         return;
797     }
798 
799     /* erase all keys if it is slave proc pairing req*/
800     if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
801         btm_sec_clear_ble_keys(p_dev_rec);
802 
803     p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
804 
805     STREAM_TO_UINT8(p_cb->peer_io_caps, p);
806     STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
807     STREAM_TO_UINT8(p_cb->peer_auth_req, p);
808     STREAM_TO_UINT8(p_cb->peer_enc_size, p);
809     STREAM_TO_UINT8(p_cb->peer_i_key, p);
810     STREAM_TO_UINT8(p_cb->peer_r_key, p);
811 
812     if (smp_command_has_invalid_parameters(p_cb))
813     {
814         reason = SMP_INVALID_PARAMETERS;
815         smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
816         return;
817     }
818 
819     /* peer (master) started pairing sending Pairing Request */
820     /* or being master device always use received i/r key as keys to distribute */
821     p_cb->local_i_key = p_cb->peer_i_key;
822     p_cb->local_r_key = p_cb->peer_r_key;
823 
824     if (p_cb->role == HCI_ROLE_SLAVE)
825     {
826         p_dev_rec->new_encryption_key_is_p256 = FALSE;
827         /* shortcut to skip Security Grant step */
828         p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
829     }
830     else /* Master receives pairing response */
831     {
832         SMP_TRACE_DEBUG("%s master rcvs valid PAIRING RESPONSE."
833                           " Supposed to move to key distribution phase. ", __func__);
834     }
835 
836     /* auth_req received via BR/EDR SM channel is set to 0,
837        but everything derived/exchanged has to be saved */
838     p_cb->peer_auth_req |= SMP_AUTH_BOND;
839     p_cb->loc_auth_req |= SMP_AUTH_BOND;
840 }
841 
842 /*******************************************************************************
843 ** Function     smp_br_process_security_grant
844 ** Description  process security grant in case of pairing over BR/EDR transport.
845 *******************************************************************************/
smp_br_process_security_grant(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)846 void smp_br_process_security_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
847 {
848     UINT8 res= *(UINT8 *)p_data;
849     SMP_TRACE_DEBUG("%s", __func__);
850     if (res != SMP_SUCCESS)
851     {
852         smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, p_data);
853     }
854     else /*otherwise, start pairing */
855     {
856         /* send IO request callback */
857         p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
858     }
859 }
860 
861 /*******************************************************************************
862 ** Function     smp_br_check_authorization_request
863 ** Description  sets the SMP kes to be derived/distribute over BR/EDR transport
864 **              before starting the distribution/derivation
865 *******************************************************************************/
smp_br_check_authorization_request(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)866 void smp_br_check_authorization_request(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
867 {
868     UINT8 reason = SMP_SUCCESS;
869 
870     SMP_TRACE_DEBUG("%s rcvs i_keys=0x%x r_keys=0x%x "
871                       "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key,
872                       p_cb->local_r_key);
873 
874     /* In LE SC mode LK field is ignored when BR/EDR transport is used */
875     p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
876     p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
877 
878     /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
879     ** Set local_r_key on master to expect only these keys. */
880     if (p_cb->role == HCI_ROLE_MASTER)
881     {
882         p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
883     }
884 
885     SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x "
886                       "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key,
887                       p_cb->local_r_key);
888 
889     if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
890             (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
891         (p_cb->local_i_key || p_cb->local_r_key))
892     {
893         smp_br_state_machine_event(p_cb, SMP_BR_BOND_REQ_EVT, NULL);
894 
895         /* if no peer key is expected, start master key distribution */
896         if (p_cb->role == HCI_ROLE_MASTER && p_cb->local_r_key == 0)
897             smp_key_distribution_by_transport(p_cb, NULL);
898     }
899     else
900     {
901         smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
902     }
903 }
904 
905 /*******************************************************************************
906 ** Function     smp_br_select_next_key
907 ** Description  selects the next key to derive/send when BR/EDR transport is
908 **              used.
909 *******************************************************************************/
smp_br_select_next_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)910 void smp_br_select_next_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
911 {
912     UINT8   reason = SMP_SUCCESS;
913     SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x",
914                        __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
915 
916     if (p_cb->role == HCI_ROLE_SLAVE||
917         (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER))
918     {
919         smp_key_pick_key(p_cb, p_data);
920     }
921 
922     if (!p_cb->local_i_key && !p_cb->local_r_key)
923     {
924         /* state check to prevent re-entrance */
925         if (smp_get_br_state() == SMP_BR_STATE_BOND_PENDING)
926         {
927             if (p_cb->total_tx_unacked == 0)
928                 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
929             else
930                 p_cb->wait_for_authorization_complete = TRUE;
931         }
932     }
933 }
934 
935 /*******************************************************************************
936 ** Function     smp_proc_enc_info
937 ** Description  process encryption information from peer device
938 *******************************************************************************/
smp_proc_enc_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)939 void smp_proc_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
940 {
941     UINT8   *p = (UINT8 *)p_data;
942 
943     SMP_TRACE_DEBUG("%s", __func__);
944     STREAM_TO_ARRAY(p_cb->ltk, p, BT_OCTET16_LEN);
945 
946     smp_key_distribution(p_cb, NULL);
947 }
948 /*******************************************************************************
949 ** Function     smp_proc_master_id
950 ** Description  process master ID from slave device
951 *******************************************************************************/
smp_proc_master_id(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)952 void smp_proc_master_id(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
953 {
954     UINT8   *p = (UINT8 *)p_data;
955     tBTM_LE_PENC_KEYS   le_key;
956 
957     SMP_TRACE_DEBUG("%s", __func__);
958     smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, TRUE);
959 
960     STREAM_TO_UINT16(le_key.ediv, p);
961     STREAM_TO_ARRAY(le_key.rand, p, BT_OCTET8_LEN );
962 
963     /* store the encryption keys from peer device */
964     memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
965     le_key.sec_level = p_cb->sec_level;
966     le_key.key_size  = p_cb->loc_enc_size;
967 
968     if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
969         btm_sec_save_le_key(p_cb->pairing_bda,
970                             BTM_LE_KEY_PENC,
971                             (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
972 
973     smp_key_distribution(p_cb, NULL);
974 }
975 
976 /*******************************************************************************
977 ** Function     smp_proc_enc_info
978 ** Description  process identity information from peer device
979 *******************************************************************************/
smp_proc_id_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)980 void smp_proc_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
981 {
982     UINT8   *p = (UINT8 *)p_data;
983 
984     SMP_TRACE_DEBUG("%s", __func__);
985     STREAM_TO_ARRAY (p_cb->tk, p, BT_OCTET16_LEN);   /* reuse TK for IRK */
986     smp_key_distribution_by_transport(p_cb, NULL);
987 }
988 
989 /*******************************************************************************
990 ** Function     smp_proc_id_addr
991 ** Description  process identity address from peer device
992 *******************************************************************************/
smp_proc_id_addr(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)993 void smp_proc_id_addr(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
994 {
995     UINT8   *p = (UINT8 *)p_data;
996     tBTM_LE_PID_KEYS    pid_key;
997 
998     SMP_TRACE_DEBUG("%s", __func__);
999     smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, TRUE);
1000 
1001     STREAM_TO_UINT8(pid_key.addr_type, p);
1002     STREAM_TO_BDADDR(pid_key.static_addr, p);
1003     memcpy(pid_key.irk, p_cb->tk, BT_OCTET16_LEN);
1004 
1005     /* to use as BD_ADDR for lk derived from ltk */
1006     p_cb->id_addr_rcvd = TRUE;
1007     p_cb->id_addr_type = pid_key.addr_type;
1008     memcpy(p_cb->id_addr, pid_key.static_addr, BD_ADDR_LEN);
1009 
1010     /* store the ID key from peer device */
1011     if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
1012         btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PID,
1013                             (tBTM_LE_KEY_VALUE *)&pid_key, TRUE);
1014     smp_key_distribution_by_transport(p_cb, NULL);
1015 }
1016 
1017 /*******************************************************************************
1018 ** Function     smp_proc_srk_info
1019 ** Description  process security information from peer device
1020 *******************************************************************************/
smp_proc_srk_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1021 void smp_proc_srk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1022 {
1023     tBTM_LE_PCSRK_KEYS   le_key;
1024 
1025     SMP_TRACE_DEBUG("%s", __func__);
1026     smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, TRUE);
1027 
1028     /* save CSRK to security record */
1029     le_key.sec_level = p_cb->sec_level;
1030     memcpy (le_key.csrk, p_data, BT_OCTET16_LEN);   /* get peer CSRK */
1031     le_key.counter = 0; /* initialize the peer counter */
1032 
1033     if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
1034         btm_sec_save_le_key(p_cb->pairing_bda,
1035                             BTM_LE_KEY_PCSRK,
1036                             (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
1037     smp_key_distribution_by_transport(p_cb, NULL);
1038 }
1039 
1040 /*******************************************************************************
1041 ** Function     smp_proc_compare
1042 ** Description  process compare value
1043 *******************************************************************************/
smp_proc_compare(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1044 void smp_proc_compare(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1045 {
1046     UINT8   reason;
1047 
1048     SMP_TRACE_DEBUG("%s", __func__);
1049     if (!memcmp(p_cb->rconfirm, p_data->key.p_data, BT_OCTET16_LEN))
1050     {
1051         /* compare the max encryption key size, and save the smaller one for the link */
1052         if ( p_cb->peer_enc_size < p_cb->loc_enc_size)
1053             p_cb->loc_enc_size = p_cb->peer_enc_size;
1054 
1055         if (p_cb->role == HCI_ROLE_SLAVE)
1056             smp_sm_event(p_cb, SMP_RAND_EVT, NULL);
1057         else
1058         {
1059             /* master device always use received i/r key as keys to distribute */
1060             p_cb->local_i_key = p_cb->peer_i_key;
1061             p_cb->local_r_key = p_cb->peer_r_key;
1062 
1063             smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1064         }
1065 
1066     }
1067     else
1068     {
1069         reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1070         smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1071     }
1072 }
1073 
1074 /*******************************************************************************
1075 ** Function     smp_proc_sl_key
1076 ** Description  process key ready events.
1077 *******************************************************************************/
smp_proc_sl_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1078 void smp_proc_sl_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1079 {
1080     UINT8 key_type = p_data->key.key_type;
1081 
1082     SMP_TRACE_DEBUG("%s", __func__);
1083     if (key_type == SMP_KEY_TYPE_TK)
1084     {
1085         smp_generate_srand_mrand_confirm(p_cb, NULL);
1086     }
1087     else if (key_type == SMP_KEY_TYPE_CFM)
1088     {
1089         smp_set_state(SMP_STATE_WAIT_CONFIRM);
1090 
1091         if (p_cb->flags & SMP_PAIR_FLAGS_CMD_CONFIRM)
1092             smp_sm_event(p_cb, SMP_CONFIRM_EVT, NULL);
1093     }
1094 }
1095 
1096 /*******************************************************************************
1097 ** Function     smp_start_enc
1098 ** Description  start encryption
1099 *******************************************************************************/
smp_start_enc(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1100 void smp_start_enc(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1101 {
1102     tBTM_STATUS cmd;
1103     UINT8 reason = SMP_ENC_FAIL;
1104 
1105     SMP_TRACE_DEBUG("%s", __func__);
1106     if (p_data != NULL)
1107         cmd = btm_ble_start_encrypt(p_cb->pairing_bda, TRUE, p_data->key.p_data);
1108     else
1109         cmd = btm_ble_start_encrypt(p_cb->pairing_bda, FALSE, NULL);
1110 
1111     if (cmd != BTM_CMD_STARTED && cmd != BTM_BUSY)
1112         smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1113 }
1114 
1115 /*******************************************************************************
1116 ** Function     smp_proc_discard
1117 ** Description   processing for discard security request
1118 *******************************************************************************/
smp_proc_discard(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1119 void smp_proc_discard(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1120 {
1121     SMP_TRACE_DEBUG("%s", __func__);
1122     if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD))
1123         smp_reset_control_value(p_cb);
1124 }
1125 
1126 /*******************************************************************************
1127 ** Function     smp_enc_cmpl
1128 ** Description   encryption success
1129 *******************************************************************************/
smp_enc_cmpl(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1130 void smp_enc_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1131 {
1132     UINT8 enc_enable = *(UINT8 *)p_data;
1133     UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1134 
1135     SMP_TRACE_DEBUG("%s", __func__);
1136     smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1137 }
1138 
1139 /*******************************************************************************
1140 ** Function     smp_check_auth_req
1141 ** Description  check authentication request
1142 *******************************************************************************/
smp_check_auth_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1143 void smp_check_auth_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1144 {
1145     UINT8 enc_enable = *(UINT8 *)p_data;
1146     UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1147 
1148     SMP_TRACE_DEBUG("%s rcvs enc_enable=%d i_keys=0x%x r_keys=0x%x "
1149                       "(i-initiator r-responder)",
1150                       __func__, enc_enable, p_cb->local_i_key, p_cb->local_r_key);
1151     if (enc_enable == 1)
1152     {
1153         if (p_cb->le_secure_connections_mode_is_used)
1154         {
1155             /* In LE SC mode LTK is used instead of STK and has to be always saved */
1156             p_cb->local_i_key |= SMP_SEC_KEY_TYPE_ENC;
1157             p_cb->local_r_key |= SMP_SEC_KEY_TYPE_ENC;
1158 
1159            /* In LE SC mode LK is derived from LTK only if both sides request it */
1160            if (!(p_cb->local_i_key & SMP_SEC_KEY_TYPE_LK) ||
1161                !(p_cb->local_r_key & SMP_SEC_KEY_TYPE_LK))
1162             {
1163                 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1164                 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1165             }
1166 
1167             /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
1168             ** Set local_r_key on master to expect only these keys.
1169             */
1170             if (p_cb->role == HCI_ROLE_MASTER)
1171             {
1172                 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
1173             }
1174         }
1175         else
1176         {
1177             /* in legacy mode derivation of BR/EDR LK is not supported */
1178             p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1179             p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1180         }
1181         SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x "
1182                           "(i-initiator r-responder)",
1183                           __func__, p_cb->local_i_key, p_cb->local_r_key);
1184 
1185         if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
1186              (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
1187             (p_cb->local_i_key || p_cb->local_r_key))
1188         {
1189             smp_sm_event(p_cb, SMP_BOND_REQ_EVT, NULL);
1190         }
1191         else
1192             smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1193     }
1194     else if (enc_enable == 0)
1195     {
1196         /* if failed for encryption after pairing, send callback */
1197         if (p_cb->flags & SMP_PAIR_FLAG_ENC_AFTER_PAIR)
1198             smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1199         /* if enc failed for old security information */
1200         /* if master device, clean up and abck to idle; slave device do nothing */
1201         else if (p_cb->role == HCI_ROLE_MASTER)
1202         {
1203             smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1204         }
1205     }
1206 }
1207 
1208 /*******************************************************************************
1209 ** Function     smp_key_pick_key
1210 ** Description  Pick a key distribution function based on the key mask.
1211 *******************************************************************************/
smp_key_pick_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1212 void smp_key_pick_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1213 {
1214     UINT8   key_to_dist = (p_cb->role == HCI_ROLE_SLAVE) ? p_cb->local_r_key : p_cb->local_i_key;
1215     UINT8   i = 0;
1216 
1217     SMP_TRACE_DEBUG("%s key_to_dist=0x%x", __func__, key_to_dist);
1218     while (i < SMP_KEY_DIST_TYPE_MAX)
1219     {
1220         SMP_TRACE_DEBUG("key to send = %02x, i = %d",  key_to_dist, i);
1221 
1222         if (key_to_dist & (1 << i))
1223         {
1224             SMP_TRACE_DEBUG("smp_distribute_act[%d]", i);
1225             (* smp_distribute_act[i])(p_cb, p_data);
1226             break;
1227         }
1228         i ++;
1229     }
1230 }
1231 /*******************************************************************************
1232 ** Function     smp_key_distribution
1233 ** Description  start key distribution if required.
1234 *******************************************************************************/
smp_key_distribution(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1235 void smp_key_distribution(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1236 {
1237     UINT8   reason = SMP_SUCCESS;
1238     SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x",
1239                       __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
1240 
1241     if (p_cb->role == HCI_ROLE_SLAVE ||
1242        (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER))
1243     {
1244         smp_key_pick_key(p_cb, p_data);
1245     }
1246 
1247     if (!p_cb->local_i_key && !p_cb->local_r_key)
1248     {
1249         /* state check to prevent re-entrant */
1250         if (smp_get_state() == SMP_STATE_BOND_PENDING)
1251         {
1252             if (p_cb->derive_lk)
1253             {
1254                 smp_derive_link_key_from_long_term_key(p_cb, NULL);
1255                 p_cb->derive_lk = FALSE;
1256             }
1257 
1258             if (p_cb->total_tx_unacked == 0)
1259                 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1260             else
1261                 p_cb->wait_for_authorization_complete = TRUE;
1262         }
1263     }
1264 }
1265 
1266 /*******************************************************************************
1267 ** Function         smp_decide_association_model
1268 ** Description      This function is called to select assoc model to be used for
1269 **                  STK generation and to start STK generation process.
1270 **
1271 *******************************************************************************/
smp_decide_association_model(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1272 void smp_decide_association_model(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1273 {
1274     UINT8   failure = SMP_UNKNOWN_IO_CAP;
1275     UINT8 int_evt = 0;
1276     tSMP_KEY key;
1277     tSMP_INT_DATA   *p = NULL;
1278 
1279     SMP_TRACE_DEBUG("%s Association Model = %d", __func__, p_cb->selected_association_model);
1280 
1281     switch (p_cb->selected_association_model)
1282     {
1283         case SMP_MODEL_ENCRYPTION_ONLY:  /* TK = 0, go calculate Confirm */
1284             if (p_cb->role == HCI_ROLE_MASTER &&
1285                 ((p_cb->peer_auth_req & SMP_AUTH_YN_BIT) != 0) &&
1286                 ((p_cb->loc_auth_req & SMP_AUTH_YN_BIT) == 0))
1287             {
1288                 SMP_TRACE_ERROR ("IO capability does not meet authentication requirement");
1289                 failure = SMP_PAIR_AUTH_FAIL;
1290                 p = (tSMP_INT_DATA *)&failure;
1291                 int_evt = SMP_AUTH_CMPL_EVT;
1292             }
1293             else
1294             {
1295                 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1296                 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level );
1297 
1298                 key.key_type = SMP_KEY_TYPE_TK;
1299                 key.p_data = p_cb->tk;
1300                 p = (tSMP_INT_DATA *)&key;
1301 
1302                 memset(p_cb->tk, 0, BT_OCTET16_LEN);
1303                 /* TK, ready  */
1304                 int_evt = SMP_KEY_READY_EVT;
1305             }
1306             break;
1307 
1308         case SMP_MODEL_PASSKEY:
1309             p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1310             SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1311 
1312             p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1313             int_evt = SMP_TK_REQ_EVT;
1314             break;
1315 
1316         case SMP_MODEL_OOB:
1317             SMP_TRACE_ERROR ("Association Model = SMP_MODEL_OOB");
1318             p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1319             SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1320 
1321             p_cb->cb_evt = SMP_OOB_REQ_EVT;
1322             int_evt = SMP_TK_REQ_EVT;
1323             break;
1324 
1325         case SMP_MODEL_KEY_NOTIF:
1326             p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1327             SMP_TRACE_DEBUG("Need to generate Passkey");
1328 
1329             /* generate passkey and notify application */
1330             smp_generate_passkey(p_cb, NULL);
1331             break;
1332 
1333         case SMP_MODEL_SEC_CONN_JUSTWORKS:
1334         case SMP_MODEL_SEC_CONN_NUM_COMP:
1335         case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1336         case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1337         case SMP_MODEL_SEC_CONN_OOB:
1338             int_evt = SMP_PUBL_KEY_EXCH_REQ_EVT;
1339             break;
1340 
1341         case SMP_MODEL_OUT_OF_RANGE:
1342             SMP_TRACE_ERROR("Association Model = SMP_MODEL_OUT_OF_RANGE (failed)");
1343             p = (tSMP_INT_DATA *)&failure;
1344             int_evt = SMP_AUTH_CMPL_EVT;
1345             break;
1346 
1347         default:
1348             SMP_TRACE_ERROR("Association Model = %d (SOMETHING IS WRONG WITH THE CODE)",
1349                              p_cb->selected_association_model);
1350             p = (tSMP_INT_DATA *)&failure;
1351             int_evt = SMP_AUTH_CMPL_EVT;
1352     }
1353 
1354     SMP_TRACE_EVENT ("sec_level=%d ", p_cb->sec_level );
1355     if (int_evt)
1356         smp_sm_event(p_cb, int_evt, p);
1357 }
1358 
1359 /*******************************************************************************
1360 ** Function     smp_process_io_response
1361 ** Description  process IO response for a slave device.
1362 *******************************************************************************/
smp_process_io_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1363 void smp_process_io_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1364 {
1365     uint8_t reason = SMP_PAIR_AUTH_FAIL;
1366 
1367     SMP_TRACE_DEBUG("%s", __func__);
1368     if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)
1369     {
1370         /* pairing started by local (slave) Security Request */
1371         smp_set_state(SMP_STATE_SEC_REQ_PENDING);
1372         smp_send_cmd(SMP_OPCODE_SEC_REQ, p_cb);
1373     }
1374     else /* plan to send pairing respond */
1375     {
1376         /* pairing started by peer (master) Pairing Request */
1377         p_cb->selected_association_model = smp_select_association_model(p_cb);
1378 
1379         if (p_cb->secure_connections_only_mode_required &&
1380             (!(p_cb->le_secure_connections_mode_is_used) ||
1381             (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
1382         {
1383             SMP_TRACE_ERROR ("Slave requires secure connection only mode \
1384                               but it can't be provided -> Slave fails pairing");
1385             smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1386             return;
1387         }
1388 
1389         if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
1390         {
1391             if (smp_request_oob_data(p_cb)) return;
1392         }
1393         smp_send_pair_rsp(p_cb, NULL);
1394     }
1395 }
1396 
1397 /*******************************************************************************
1398 ** Function     smp_br_process_slave_keys_response
1399 ** Description  process application keys response for a slave device
1400 **              (BR/EDR transport).
1401 *******************************************************************************/
smp_br_process_slave_keys_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1402 void smp_br_process_slave_keys_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1403 {
1404     smp_br_send_pair_response(p_cb, NULL);
1405 }
1406 
1407 /*******************************************************************************
1408 ** Function     smp_br_send_pair_response
1409 ** Description  actions related to sending pairing response over BR/EDR transport.
1410 *******************************************************************************/
smp_br_send_pair_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1411 void smp_br_send_pair_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1412 {
1413     SMP_TRACE_DEBUG("%s", __func__);
1414 
1415     p_cb->local_i_key &= p_cb->peer_i_key;
1416     p_cb->local_r_key &= p_cb->peer_r_key;
1417 
1418     smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb);
1419 }
1420 
1421 /*******************************************************************************
1422 ** Function         smp_pairing_cmpl
1423 ** Description      This function is called to send the pairing complete callback
1424 **                  and remove the connection if needed.
1425 *******************************************************************************/
smp_pairing_cmpl(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1426 void smp_pairing_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1427 {
1428     if (p_cb->total_tx_unacked == 0)
1429     {
1430         /* update connection parameter to remote preferred */
1431         L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, TRUE);
1432         /* process the pairing complete */
1433         smp_proc_pairing_cmpl(p_cb);
1434     }
1435 }
1436 
1437 /*******************************************************************************
1438 ** Function         smp_pair_terminate
1439 ** Description      This function is called to send the pairing complete callback
1440 **                  and remove the connection if needed.
1441 *******************************************************************************/
smp_pair_terminate(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1442 void smp_pair_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1443 {
1444     SMP_TRACE_DEBUG("%s", __func__);
1445     p_cb->status = SMP_CONN_TOUT;
1446     smp_proc_pairing_cmpl(p_cb);
1447 }
1448 
1449 /*******************************************************************************
1450 ** Function         smp_idle_terminate
1451 ** Description      This function calledin idle state to determine to send authentication
1452 **                  complete or not.
1453 *******************************************************************************/
smp_idle_terminate(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1454 void smp_idle_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1455 {
1456     if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)
1457     {
1458         SMP_TRACE_DEBUG("Pairing terminated at IDLE state.");
1459         p_cb->status = SMP_FAIL;
1460         smp_proc_pairing_cmpl(p_cb);
1461     }
1462 }
1463 
1464 /*******************************************************************************
1465 ** Function     smp_fast_conn_param
1466 ** Description  apply default connection parameter for pairing process
1467 *******************************************************************************/
smp_fast_conn_param(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1468 void smp_fast_conn_param(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1469 {
1470     /* disable connection parameter update */
1471     L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, FALSE);
1472 }
1473 
1474 /*******************************************************************************
1475 ** Function     smp_both_have_public_keys
1476 ** Description  The function is called when both local and peer public keys are
1477 **              saved.
1478 **              Actions:
1479 **              - invokes DHKey computation;
1480 **              - on slave side invokes sending local public key to the peer.
1481 **              - invokes SC phase 1 process.
1482 *******************************************************************************/
smp_both_have_public_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1483 void smp_both_have_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1484 {
1485     SMP_TRACE_DEBUG("%s",__func__);
1486 
1487     /* invokes DHKey computation */
1488     smp_compute_dhkey(p_cb);
1489 
1490     /* on slave side invokes sending local public key to the peer */
1491     if (p_cb->role == HCI_ROLE_SLAVE)
1492         smp_send_pair_public_key(p_cb, NULL);
1493 
1494     smp_sm_event(p_cb, SMP_SC_DHKEY_CMPLT_EVT, NULL);
1495 }
1496 
1497 /*******************************************************************************
1498 ** Function     smp_start_secure_connection_phase1
1499 ** Description  The function starts Secure Connection phase1 i.e. invokes initialization of Secure Connection
1500 **              phase 1 parameters and starts building/sending to the peer
1501 **              messages appropriate for the role and association model.
1502 *******************************************************************************/
smp_start_secure_connection_phase1(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1503 void smp_start_secure_connection_phase1(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1504 {
1505     SMP_TRACE_DEBUG("%s", __func__);
1506 
1507     if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)
1508     {
1509         p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1510         SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level );
1511     }
1512     else
1513     {
1514         p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1515         SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1516     }
1517 
1518     switch(p_cb->selected_association_model)
1519     {
1520         case SMP_MODEL_SEC_CONN_JUSTWORKS:
1521         case SMP_MODEL_SEC_CONN_NUM_COMP:
1522             memset(p_cb->local_random, 0, BT_OCTET16_LEN);
1523             smp_start_nonce_generation(p_cb);
1524             break;
1525         case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1526             /* user has to provide passkey */
1527             p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1528             smp_sm_event(p_cb, SMP_TK_REQ_EVT, NULL);
1529             break;
1530         case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1531             /* passkey has to be provided to user */
1532             SMP_TRACE_DEBUG("Need to generate SC Passkey");
1533             smp_generate_passkey(p_cb, NULL);
1534             break;
1535         case SMP_MODEL_SEC_CONN_OOB:
1536             /* use the available OOB information */
1537             smp_process_secure_connection_oob_data(p_cb, NULL);
1538             break;
1539         default:
1540             SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1541                               p_cb->selected_association_model);
1542             break;
1543     }
1544 }
1545 
1546 /*******************************************************************************
1547 ** Function     smp_process_local_nonce
1548 ** Description  The function processes new local nonce.
1549 **
1550 ** Note         It is supposed to be called in SC phase1.
1551 *******************************************************************************/
smp_process_local_nonce(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1552 void smp_process_local_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1553 {
1554     SMP_TRACE_DEBUG("%s", __func__);
1555 
1556     switch(p_cb->selected_association_model)
1557     {
1558         case SMP_MODEL_SEC_CONN_JUSTWORKS:
1559         case SMP_MODEL_SEC_CONN_NUM_COMP:
1560             if (p_cb->role == HCI_ROLE_SLAVE)
1561             {
1562                 /* slave calculates and sends local commitment */
1563                 smp_calculate_local_commitment(p_cb);
1564                 smp_send_commitment(p_cb, NULL);
1565                 /* slave has to wait for peer nonce */
1566                 smp_set_state(SMP_STATE_WAIT_NONCE);
1567             }
1568             else    /* i.e. master */
1569             {
1570                 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM)
1571                 {
1572                     /* slave commitment is already received, send local nonce, wait for remote nonce*/
1573                     SMP_TRACE_DEBUG("master in assoc mode = %d \
1574                     already rcvd slave commitment - race condition",
1575                                       p_cb->selected_association_model);
1576                     p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1577                     smp_send_rand(p_cb, NULL);
1578                     smp_set_state(SMP_STATE_WAIT_NONCE);
1579                 }
1580             }
1581             break;
1582         case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1583         case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1584             smp_calculate_local_commitment(p_cb);
1585 
1586             if (p_cb->role == HCI_ROLE_MASTER)
1587             {
1588                 smp_send_commitment(p_cb, NULL);
1589             }
1590             else    /* slave */
1591             {
1592                 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM)
1593                 {
1594                     /* master commitment is already received */
1595                     smp_send_commitment(p_cb, NULL);
1596                     smp_set_state(SMP_STATE_WAIT_NONCE);
1597                 }
1598             }
1599             break;
1600         case SMP_MODEL_SEC_CONN_OOB:
1601             if (p_cb->role == HCI_ROLE_MASTER)
1602             {
1603                 smp_send_rand(p_cb, NULL);
1604             }
1605 
1606             smp_set_state(SMP_STATE_WAIT_NONCE);
1607             break;
1608         default:
1609             SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1610                               p_cb->selected_association_model);
1611             break;
1612     }
1613 }
1614 
1615 /*******************************************************************************
1616 ** Function     smp_process_peer_nonce
1617 ** Description  The function processes newly received and saved in CB peer nonce.
1618 **              The actions depend on the selected association model and the role.
1619 **
1620 ** Note         It is supposed to be called in SC phase1.
1621 *******************************************************************************/
smp_process_peer_nonce(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1622 void smp_process_peer_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1623 {
1624     UINT8   reason;
1625 
1626     SMP_TRACE_DEBUG("%s start ", __func__);
1627 
1628     switch(p_cb->selected_association_model)
1629     {
1630         case SMP_MODEL_SEC_CONN_JUSTWORKS:
1631         case SMP_MODEL_SEC_CONN_NUM_COMP:
1632             /* in these models only master receives commitment */
1633             if (p_cb->role == HCI_ROLE_MASTER)
1634             {
1635                 if (!smp_check_commitment(p_cb))
1636                 {
1637                     reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1638                     smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1639                     break;
1640                 }
1641             }
1642             else
1643             {
1644                 /* slave sends local nonce */
1645                 smp_send_rand(p_cb, NULL);
1646             }
1647 
1648             if(p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)
1649             {
1650                 /* go directly to phase 2 */
1651                 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1652             }
1653             else    /* numeric comparison */
1654             {
1655                 smp_set_state(SMP_STATE_WAIT_NONCE);
1656                 smp_sm_event(p_cb, SMP_SC_CALC_NC_EVT, NULL);
1657             }
1658             break;
1659         case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1660         case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1661             if (!smp_check_commitment(p_cb))
1662             {
1663                 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1664                 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1665                 break;
1666             }
1667 
1668             if (p_cb->role == HCI_ROLE_SLAVE)
1669             {
1670                 smp_send_rand(p_cb, NULL);
1671             }
1672 
1673             if (++p_cb->round < 20)
1674             {
1675                 smp_set_state(SMP_STATE_SEC_CONN_PHS1_START);
1676                 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1677                 smp_start_nonce_generation(p_cb);
1678                 break;
1679             }
1680 
1681             smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1682             break;
1683         case SMP_MODEL_SEC_CONN_OOB:
1684             if (p_cb->role == HCI_ROLE_SLAVE)
1685             {
1686                 smp_send_rand(p_cb, NULL);
1687             }
1688 
1689             smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1690             break;
1691         default:
1692             SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1693                               p_cb->selected_association_model);
1694             break;
1695     }
1696 
1697     SMP_TRACE_DEBUG("%s end ",__FUNCTION__);
1698 }
1699 
1700 /*******************************************************************************
1701 ** Function     smp_match_dhkey_checks
1702 ** Description  checks if the calculated peer DHKey Check value is the same as
1703 **              received from the peer DHKey check value.
1704 *******************************************************************************/
smp_match_dhkey_checks(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1705 void smp_match_dhkey_checks(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1706 {
1707     UINT8 reason = SMP_DHKEY_CHK_FAIL;
1708 
1709     SMP_TRACE_DEBUG("%s", __func__);
1710 
1711     if (memcmp(p_data->key.p_data, p_cb->remote_dhkey_check, BT_OCTET16_LEN))
1712     {
1713         SMP_TRACE_WARNING ("dhkey chcks do no match");
1714         p_cb->failure = reason;
1715         smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1716         return;
1717     }
1718 
1719     SMP_TRACE_EVENT ("dhkey chcks match");
1720 
1721     /* compare the max encryption key size, and save the smaller one for the link */
1722     if (p_cb->peer_enc_size < p_cb->loc_enc_size)
1723         p_cb->loc_enc_size = p_cb->peer_enc_size;
1724 
1725     if (p_cb->role == HCI_ROLE_SLAVE)
1726     {
1727         smp_sm_event(p_cb, SMP_PAIR_DHKEY_CHCK_EVT, NULL);
1728     }
1729     else
1730     {
1731         /* master device always use received i/r key as keys to distribute */
1732         p_cb->local_i_key = p_cb->peer_i_key;
1733         p_cb->local_r_key = p_cb->peer_r_key;
1734         smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1735     }
1736 }
1737 
1738 /*******************************************************************************
1739 ** Function     smp_move_to_secure_connections_phase2
1740 ** Description  Signal State Machine to start SC phase 2 initialization (to
1741 **              compute local DHKey Check value).
1742 **
1743 ** Note         SM is supposed to be in the state SMP_STATE_SEC_CONN_PHS2_START.
1744 *******************************************************************************/
smp_move_to_secure_connections_phase2(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1745 void smp_move_to_secure_connections_phase2(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1746 {
1747     SMP_TRACE_DEBUG("%s",__func__);
1748     smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1749 }
1750 
1751 /*******************************************************************************
1752 ** Function     smp_phase_2_dhkey_checks_are_present
1753 ** Description  generates event if dhkey check from the peer is already received.
1754 **
1755 ** Note         It is supposed to be used on slave to prevent race condition.
1756 **              It is supposed to be called after slave dhkey check is calculated.
1757 *******************************************************************************/
smp_phase_2_dhkey_checks_are_present(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1758 void smp_phase_2_dhkey_checks_are_present(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1759 {
1760     SMP_TRACE_DEBUG("%s",__func__);
1761 
1762     if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK)
1763         smp_sm_event(p_cb, SMP_SC_2_DHCK_CHKS_PRES_EVT, NULL);
1764 }
1765 
1766 /*******************************************************************************
1767 ** Function     smp_wait_for_both_public_keys
1768 ** Description  generates SMP_BOTH_PUBL_KEYS_RCVD_EVT event when both local and master
1769 **              public keys are available.
1770 **
1771 ** Note         on the slave it is used to prevent race condition.
1772 **
1773 *******************************************************************************/
smp_wait_for_both_public_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1774 void smp_wait_for_both_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1775 {
1776     SMP_TRACE_DEBUG("%s",__func__);
1777 
1778     if ((p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY) &&
1779         (p_cb->flags & SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY))
1780     {
1781         if ((p_cb->role == HCI_ROLE_SLAVE) &&
1782             ((p_cb->req_oob_type == SMP_OOB_LOCAL) || (p_cb->req_oob_type == SMP_OOB_BOTH)))
1783         {
1784             smp_set_state(SMP_STATE_PUBLIC_KEY_EXCH);
1785         }
1786         smp_sm_event(p_cb, SMP_BOTH_PUBL_KEYS_RCVD_EVT, NULL);
1787     }
1788 }
1789 
1790 /*******************************************************************************
1791 ** Function     smp_start_passkey_verification
1792 ** Description  Starts SC passkey entry verification.
1793 *******************************************************************************/
smp_start_passkey_verification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1794 void smp_start_passkey_verification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1795 {
1796     UINT8 *p = NULL;
1797 
1798     SMP_TRACE_DEBUG("%s", __func__);
1799     p = p_cb->local_random;
1800     UINT32_TO_STREAM(p, p_data->passkey);
1801 
1802     p = p_cb->peer_random;
1803     UINT32_TO_STREAM(p, p_data->passkey);
1804 
1805     p_cb->round = 0;
1806     smp_start_nonce_generation(p_cb);
1807 }
1808 
1809 /*******************************************************************************
1810 ** Function     smp_process_secure_connection_oob_data
1811 ** Description  Processes local/peer SC OOB data received from somewhere.
1812 *******************************************************************************/
smp_process_secure_connection_oob_data(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1813 void smp_process_secure_connection_oob_data(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1814 {
1815     SMP_TRACE_DEBUG("%s", __func__);
1816 
1817     tSMP_SC_OOB_DATA *p_sc_oob_data = &p_cb->sc_oob_data;
1818     if (p_sc_oob_data->loc_oob_data.present)
1819     {
1820         memcpy(p_cb->local_random, p_sc_oob_data->loc_oob_data.randomizer,
1821                sizeof(p_cb->local_random));
1822     }
1823     else
1824     {
1825         SMP_TRACE_EVENT ("local OOB randomizer is absent");
1826         memset(p_cb->local_random, 0, sizeof (p_cb->local_random));
1827     }
1828 
1829     if (!p_sc_oob_data->peer_oob_data.present)
1830     {
1831         SMP_TRACE_EVENT ("peer OOB data is absent");
1832         memset(p_cb->peer_random, 0, sizeof (p_cb->peer_random));
1833     }
1834     else
1835     {
1836         memcpy(p_cb->peer_random, p_sc_oob_data->peer_oob_data.randomizer,
1837                sizeof(p_cb->peer_random));
1838         memcpy(p_cb->remote_commitment, p_sc_oob_data->peer_oob_data.commitment,
1839                sizeof(p_cb->remote_commitment));
1840 
1841         UINT8 reason = SMP_CONFIRM_VALUE_ERR;
1842         /* check commitment */
1843         if (!smp_check_commitment(p_cb))
1844         {
1845             p_cb->failure = reason;
1846             smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1847             return;
1848         }
1849 
1850         if (p_cb->peer_oob_flag != SMP_OOB_PRESENT)
1851         {
1852             /* the peer doesn't have local randomiser */
1853             SMP_TRACE_EVENT ("peer didn't receive local OOB data, set local randomizer to 0");
1854             memset(p_cb->local_random, 0, sizeof (p_cb->local_random));
1855         }
1856     }
1857 
1858     print128(p_cb->local_random, (const UINT8 *)"local OOB randomizer");
1859     print128(p_cb->peer_random, (const UINT8 *)"peer OOB randomizer");
1860     smp_start_nonce_generation(p_cb);
1861 }
1862 
1863 /*******************************************************************************
1864 ** Function     smp_set_local_oob_keys
1865 ** Description  Saves calculated private/public keys in sc_oob_data.loc_oob_data,
1866 **              starts nonce generation
1867 **              (to be saved in sc_oob_data.loc_oob_data.randomizer).
1868 *******************************************************************************/
smp_set_local_oob_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1869 void smp_set_local_oob_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1870 {
1871     SMP_TRACE_DEBUG("%s", __func__);
1872 
1873     memcpy(p_cb->sc_oob_data.loc_oob_data.private_key_used, p_cb->private_key,
1874            BT_OCTET32_LEN);
1875     p_cb->sc_oob_data.loc_oob_data.publ_key_used = p_cb->loc_publ_key;
1876     smp_start_nonce_generation(p_cb);
1877 }
1878 
1879 /*******************************************************************************
1880 ** Function     smp_set_local_oob_random_commitment
1881 ** Description  Saves calculated randomizer and commitment in sc_oob_data.loc_oob_data,
1882 **              passes sc_oob_data.loc_oob_data up for safekeeping.
1883 *******************************************************************************/
smp_set_local_oob_random_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1884 void smp_set_local_oob_random_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1885 {
1886     SMP_TRACE_DEBUG("%s", __func__);
1887     memcpy(p_cb->sc_oob_data.loc_oob_data.randomizer, p_cb->rand,
1888            BT_OCTET16_LEN);
1889 
1890     smp_calculate_f4(p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1891                      p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1892                      p_cb->sc_oob_data.loc_oob_data.randomizer, 0,
1893                      p_cb->sc_oob_data.loc_oob_data.commitment);
1894 
1895 #if SMP_DEBUG == TRUE
1896     UINT8   *p_print = NULL;
1897     SMP_TRACE_DEBUG("local SC OOB data set:");
1898     p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.addr_sent_to;
1899     smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"addr_sent_to",
1900                                          sizeof(tBLE_BD_ADDR));
1901     p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.private_key_used;
1902     smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"private_key_used",
1903                                          BT_OCTET32_LEN);
1904     p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.x;
1905     smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.x",
1906                                          BT_OCTET32_LEN);
1907     p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.y;
1908     smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.y",
1909                                          BT_OCTET32_LEN);
1910     p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.randomizer;
1911     smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"randomizer",
1912                                          BT_OCTET16_LEN);
1913     p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.commitment;
1914     smp_debug_print_nbyte_little_endian (p_print,(const UINT8 *) "commitment",
1915                                          BT_OCTET16_LEN);
1916     SMP_TRACE_DEBUG("");
1917 #endif
1918 
1919     /* pass created OOB data up */
1920     p_cb->cb_evt = SMP_SC_LOC_OOB_DATA_UP_EVT;
1921     smp_send_app_cback(p_cb, NULL);
1922 
1923     smp_cb_cleanup(p_cb);
1924 }
1925 
1926 /*******************************************************************************
1927 **
1928 ** Function         smp_link_encrypted
1929 **
1930 ** Description      This function is called when link is encrypted and notified to
1931 **                  slave device. Proceed to to send LTK, DIV and ER to master if
1932 **                  bonding the devices.
1933 **
1934 **
1935 ** Returns          void
1936 **
1937 *******************************************************************************/
smp_link_encrypted(BD_ADDR bda,UINT8 encr_enable)1938 void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable)
1939 {
1940     tSMP_CB *p_cb = &smp_cb;
1941 
1942     SMP_TRACE_DEBUG("%s encr_enable=%d", __func__, encr_enable);
1943 
1944     if (memcmp(&smp_cb.pairing_bda[0], bda, BD_ADDR_LEN) == 0)
1945     {
1946         /* encryption completed with STK, remmeber the key size now, could be overwite
1947         *  when key exchange happens                                        */
1948         if (p_cb->loc_enc_size != 0 && encr_enable)
1949         {
1950             /* update the link encryption key size if a SMP pairing just performed */
1951             btm_ble_update_sec_key_size(bda, p_cb->loc_enc_size);
1952         }
1953 
1954         smp_sm_event(&smp_cb, SMP_ENCRYPTED_EVT, &encr_enable);
1955     }
1956 }
1957 
1958 /*******************************************************************************
1959 **
1960 ** Function         smp_proc_ltk_request
1961 **
1962 ** Description      This function is called when LTK request is received from
1963 **                  controller.
1964 **
1965 ** Returns          void
1966 **
1967 *******************************************************************************/
smp_proc_ltk_request(BD_ADDR bda)1968 BOOLEAN smp_proc_ltk_request(BD_ADDR bda)
1969 {
1970     SMP_TRACE_DEBUG("%s state = %d",  __func__, smp_cb.state);
1971     BOOLEAN match = FALSE;
1972 
1973     if (!memcmp(bda, smp_cb.pairing_bda, BD_ADDR_LEN))
1974     {
1975         match = TRUE;
1976     } else {
1977         BD_ADDR dummy_bda = {0};
1978         tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bda);
1979         if (p_dev_rec != NULL &&
1980             0 == memcmp(p_dev_rec->ble.pseudo_addr, smp_cb.pairing_bda, BD_ADDR_LEN) &&
1981             0 != memcmp(p_dev_rec->ble.pseudo_addr, dummy_bda, BD_ADDR_LEN))
1982         {
1983             match = TRUE;
1984         }
1985     }
1986 
1987     if (match && smp_cb.state == SMP_STATE_ENCRYPTION_PENDING)
1988     {
1989         smp_sm_event(&smp_cb, SMP_ENC_REQ_EVT, NULL);
1990         return TRUE;
1991     }
1992 
1993     return FALSE;
1994 }
1995 
1996 /*******************************************************************************
1997 **
1998 ** Function         smp_process_secure_connection_long_term_key
1999 **
2000 ** Description      This function is called to process SC LTK.
2001 **                  SC LTK is calculated and used instead of STK.
2002 **                  Here SC LTK is saved in BLE DB.
2003 **
2004 ** Returns          void
2005 **
2006 *******************************************************************************/
smp_process_secure_connection_long_term_key(void)2007 void smp_process_secure_connection_long_term_key(void)
2008 {
2009     tSMP_CB     *p_cb = &smp_cb;
2010 
2011     SMP_TRACE_DEBUG("%s", __func__);
2012     smp_save_secure_connections_long_term_key(p_cb);
2013 
2014     smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
2015     smp_key_distribution(p_cb, NULL);
2016 }
2017 
2018 /*******************************************************************************
2019 **
2020 ** Function         smp_set_derive_link_key
2021 **
2022 ** Description      This function is called to set flag that indicates that
2023 **                  BR/EDR LK has to be derived from LTK after all keys are
2024 **                  distributed.
2025 **
2026 ** Returns          void
2027 **
2028 *******************************************************************************/
smp_set_derive_link_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2029 void smp_set_derive_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2030 {
2031     SMP_TRACE_DEBUG ("%s", __func__);
2032     p_cb->derive_lk = TRUE;
2033     smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_LK, FALSE);
2034     smp_key_distribution(p_cb, NULL);
2035 }
2036 
2037 /*******************************************************************************
2038 **
2039 ** Function         smp_derive_link_key_from_long_term_key
2040 **
2041 ** Description      This function is called to derive BR/EDR LK from LTK.
2042 **
2043 ** Returns          void
2044 **
2045 *******************************************************************************/
smp_derive_link_key_from_long_term_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2046 void smp_derive_link_key_from_long_term_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2047 {
2048     tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
2049 
2050     SMP_TRACE_DEBUG("%s", __func__);
2051     if (!smp_calculate_link_key_from_long_term_key(p_cb))
2052     {
2053         SMP_TRACE_ERROR("%s failed", __FUNCTION__);
2054         smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
2055         return;
2056     }
2057 }
2058 
2059 /*******************************************************************************
2060 **
2061 ** Function         smp_br_process_link_key
2062 **
2063 ** Description      This function is called to process BR/EDR LK:
2064 **                  - to derive SMP LTK from BR/EDR LK;
2065 *8                  - to save SMP LTK.
2066 **
2067 ** Returns          void
2068 **
2069 *******************************************************************************/
smp_br_process_link_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2070 void smp_br_process_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2071 {
2072     tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
2073 
2074     SMP_TRACE_DEBUG("%s", __func__);
2075     if (!smp_calculate_long_term_key_from_link_key(p_cb))
2076     {
2077         SMP_TRACE_ERROR ("%s failed",__FUNCTION__);
2078         smp_sm_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &status);
2079         return;
2080     }
2081 
2082     SMP_TRACE_DEBUG("%s: LTK derivation from LK successfully completed", __FUNCTION__);
2083     smp_save_secure_connections_long_term_key(p_cb);
2084     smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
2085     smp_br_select_next_key(p_cb, NULL);
2086 }
2087 
2088 /*******************************************************************************
2089 ** Function     smp_key_distribution_by_transport
2090 ** Description  depending on the transport used at the moment calls either
2091 **              smp_key_distribution(...) or smp_br_key_distribution(...).
2092 *******************************************************************************/
smp_key_distribution_by_transport(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2093 void smp_key_distribution_by_transport(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2094 {
2095     SMP_TRACE_DEBUG("%s", __func__);
2096     if (p_cb->smp_over_br)
2097     {
2098         smp_br_select_next_key(p_cb, NULL);
2099     }
2100     else
2101     {
2102         smp_key_distribution(p_cb, NULL);
2103     }
2104 }
2105 
2106 /*******************************************************************************
2107 ** Function         smp_br_pairing_complete
2108 ** Description      This function is called to send the pairing complete callback
2109 **                  and remove the connection if needed.
2110 *******************************************************************************/
smp_br_pairing_complete(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2111 void smp_br_pairing_complete(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2112 {
2113     SMP_TRACE_DEBUG("%s", __func__);
2114 
2115     if (p_cb->total_tx_unacked == 0)
2116     {
2117         /* process the pairing complete */
2118         smp_proc_pairing_cmpl(p_cb);
2119     }
2120 }
2121 
2122 #endif
2123