1 /******************************************************************************
2 *
3 * Copyright (C) 2003-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 #include <string.h>
20 #include "device/include/interop.h"
21 #include "include/bt_target.h"
22 #include "stack/btm/btm_int.h"
23 #include "stack/include/l2c_api.h"
24 #include "stack/smp/smp_int.h"
25 #include "utils/include/bt_utils.h"
26
27 #if SMP_INCLUDED == TRUE
28 const UINT8 smp_association_table[2][SMP_IO_CAP_MAX][SMP_IO_CAP_MAX] =
29 {
30 /* initiator */
31 {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* Display Only */
32 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* SMP_CAP_IO = 1 */
33 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* keyboard only */
34 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */
35 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}}, /* keyboard display */
36 /* responder */
37 {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* Display Only */
38 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* SMP_CAP_IO = 1 */
39 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* keyboard only */
40 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */
41 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}} /* keyboard display */
42 /* display only */ /*SMP_CAP_IO = 1 */ /* keyboard only */ /* No InputOutput */ /* keyboard display */
43 };
44
45 #define SMP_KEY_DIST_TYPE_MAX 4
46 const tSMP_ACT smp_distribute_act [] =
47 {
48 smp_generate_ltk,
49 smp_send_id_info,
50 smp_generate_csrk,
51 smp_set_derive_link_key
52 };
53
lmp_version_below(BD_ADDR bda,uint8_t version)54 static bool lmp_version_below(BD_ADDR bda, uint8_t version)
55 {
56 tACL_CONN *acl = btm_bda_to_acl(bda, BT_TRANSPORT_LE);
57 if (acl == NULL || acl->lmp_version == 0)
58 {
59 SMP_TRACE_WARNING("%s cannot retrieve LMP version...", __func__);
60 return false;
61 }
62 SMP_TRACE_WARNING("%s LMP version %d < %d", __func__, acl->lmp_version, version);
63 return acl->lmp_version < version;
64 }
65
pts_test_send_authentication_complete_failure(tSMP_CB * p_cb)66 static bool pts_test_send_authentication_complete_failure(tSMP_CB *p_cb)
67 {
68 uint8_t reason = 0;
69
70 if (p_cb->cert_failure < 2 || p_cb->cert_failure > 6)
71 return false;
72
73 SMP_TRACE_ERROR("%s failure case = %d", __func__, p_cb->cert_failure);
74
75 switch (p_cb->cert_failure)
76 {
77 case 2:
78 reason = SMP_PAIR_AUTH_FAIL;
79 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
80 break;
81 case 3:
82 reason = SMP_PAIR_FAIL_UNKNOWN;
83 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
84 break;
85 case 4:
86 reason = SMP_PAIR_NOT_SUPPORT;
87 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
88 break;
89 case 5:
90 reason = SMP_PASSKEY_ENTRY_FAIL;
91 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
92 break;
93 case 6:
94 reason = SMP_REPEATED_ATTEMPTS;
95 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
96 break;
97 }
98
99 return true;;
100 }
101
102 /*******************************************************************************
103 ** Function smp_update_key_mask
104 ** Description This function updates the key mask for sending or receiving.
105 *******************************************************************************/
smp_update_key_mask(tSMP_CB * p_cb,UINT8 key_type,BOOLEAN recv)106 static void smp_update_key_mask (tSMP_CB *p_cb, UINT8 key_type, BOOLEAN recv)
107 {
108 SMP_TRACE_DEBUG("%s before update role=%d recv=%d local_i_key = %02x, local_r_key = %02x",
109 __func__, p_cb->role, recv, p_cb->local_i_key, p_cb->local_r_key);
110
111 if (((p_cb->le_secure_connections_mode_is_used) ||
112 (p_cb->smp_over_br)) &&
113 ((key_type == SMP_SEC_KEY_TYPE_ENC) || (key_type == SMP_SEC_KEY_TYPE_LK)))
114 {
115 /* in LE SC mode LTK, CSRK and BR/EDR LK are derived locally instead of
116 ** being exchanged with the peer */
117 p_cb->local_i_key &= ~key_type;
118 p_cb->local_r_key &= ~key_type;
119 }
120 else
121 if (p_cb->role == HCI_ROLE_SLAVE)
122 {
123 if (recv)
124 p_cb->local_i_key &= ~key_type;
125 else
126 p_cb->local_r_key &= ~key_type;
127 }
128 else
129 {
130 if (recv)
131 p_cb->local_r_key &= ~key_type;
132 else
133 p_cb->local_i_key &= ~key_type;
134 }
135
136 SMP_TRACE_DEBUG("updated local_i_key = %02x, local_r_key = %02x", p_cb->local_i_key,
137 p_cb->local_r_key);
138 }
139
140 /*******************************************************************************
141 ** Function smp_send_app_cback
142 ** Description notifies application about the events the application is interested in
143 *******************************************************************************/
smp_send_app_cback(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)144 void smp_send_app_cback(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
145 {
146 tSMP_EVT_DATA cb_data;
147 tSMP_STATUS callback_rc;
148 SMP_TRACE_DEBUG("%s p_cb->cb_evt=%d", __func__, p_cb->cb_evt);
149 if (p_cb->p_callback && p_cb->cb_evt != 0)
150 {
151 switch (p_cb->cb_evt)
152 {
153 case SMP_IO_CAP_REQ_EVT:
154 cb_data.io_req.auth_req = p_cb->peer_auth_req;
155 cb_data.io_req.oob_data = SMP_OOB_NONE;
156 cb_data.io_req.io_cap = SMP_DEFAULT_IO_CAPS;
157 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
158 cb_data.io_req.init_keys = p_cb->local_i_key ;
159 cb_data.io_req.resp_keys = p_cb->local_r_key ;
160 SMP_TRACE_WARNING ( "io_cap = %d",cb_data.io_req.io_cap);
161 break;
162
163 case SMP_NC_REQ_EVT:
164 cb_data.passkey = p_data->passkey;
165 break;
166 case SMP_SC_OOB_REQ_EVT:
167 cb_data.req_oob_type = p_data->req_oob_type;
168 break;
169 case SMP_SC_LOC_OOB_DATA_UP_EVT:
170 cb_data.loc_oob_data = p_cb->sc_oob_data.loc_oob_data;
171 break;
172
173 case SMP_BR_KEYS_REQ_EVT:
174 cb_data.io_req.auth_req = 0;
175 cb_data.io_req.oob_data = SMP_OOB_NONE;
176 cb_data.io_req.io_cap = 0;
177 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
178 cb_data.io_req.init_keys = SMP_BR_SEC_DEFAULT_KEY;
179 cb_data.io_req.resp_keys = SMP_BR_SEC_DEFAULT_KEY;
180 break;
181
182 default:
183 break;
184 }
185
186 callback_rc = (*p_cb->p_callback)(p_cb->cb_evt, p_cb->pairing_bda, &cb_data);
187
188 SMP_TRACE_DEBUG("callback_rc=%d p_cb->cb_evt=%d",callback_rc, p_cb->cb_evt );
189
190 if (callback_rc == SMP_SUCCESS)
191 {
192 switch (p_cb->cb_evt)
193 {
194 case SMP_IO_CAP_REQ_EVT:
195 p_cb->loc_auth_req = cb_data.io_req.auth_req;
196 p_cb->local_io_capability = cb_data.io_req.io_cap;
197 p_cb->loc_oob_flag = cb_data.io_req.oob_data;
198 p_cb->loc_enc_size = cb_data.io_req.max_key_size;
199 p_cb->local_i_key = cb_data.io_req.init_keys;
200 p_cb->local_r_key = cb_data.io_req.resp_keys;
201
202 if (!(p_cb->loc_auth_req & SMP_AUTH_BOND))
203 {
204 SMP_TRACE_WARNING ("Non bonding: No keys will be exchanged");
205 p_cb->local_i_key = 0;
206 p_cb->local_r_key = 0;
207 }
208
209 SMP_TRACE_WARNING ( "rcvd auth_req: 0x%02x, io_cap: %d \
210 loc_oob_flag: %d loc_enc_size: %d,"
211 "local_i_key: 0x%02x, local_r_key: 0x%02x",
212 p_cb->loc_auth_req, p_cb->local_io_capability, p_cb->loc_oob_flag,
213 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key);
214
215 p_cb->secure_connections_only_mode_required =
216 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE;
217
218 if (p_cb->secure_connections_only_mode_required)
219 {
220 p_cb->loc_auth_req |= SMP_SC_SUPPORT_BIT;
221 }
222
223 if (!(p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT)
224 || lmp_version_below(p_cb->pairing_bda, HCI_PROTO_VERSION_4_2)
225 || interop_match_addr(INTEROP_DISABLE_LE_SECURE_CONNECTIONS,
226 (const bt_bdaddr_t *)&p_cb->pairing_bda))
227 {
228 p_cb->loc_auth_req &= ~SMP_KP_SUPPORT_BIT;
229 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
230 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
231 }
232
233 SMP_TRACE_WARNING("set auth_req: 0x%02x, local_i_key: 0x%02x, local_r_key: 0x%02x",
234 p_cb->loc_auth_req, p_cb->local_i_key, p_cb->local_r_key);
235
236 smp_sm_event(p_cb, SMP_IO_RSP_EVT, NULL);
237 break;
238
239 case SMP_BR_KEYS_REQ_EVT:
240 p_cb->loc_enc_size = cb_data.io_req.max_key_size;
241 p_cb->local_i_key = cb_data.io_req.init_keys;
242 p_cb->local_r_key = cb_data.io_req.resp_keys;
243
244 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
245 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
246
247 SMP_TRACE_WARNING ( "for SMP over BR max_key_size: 0x%02x,\
248 local_i_key: 0x%02x, local_r_key: 0x%02x",
249 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key);
250
251 smp_br_state_machine_event(p_cb, SMP_BR_KEYS_RSP_EVT, NULL);
252 break;
253 }
254 }
255 }
256
257 if (!p_cb->cb_evt && p_cb->discard_sec_req)
258 {
259 p_cb->discard_sec_req = FALSE;
260 smp_sm_event(p_cb, SMP_DISCARD_SEC_REQ_EVT, NULL);
261 }
262
263 SMP_TRACE_DEBUG("%s return", __func__);
264 }
265
266 /*******************************************************************************
267 ** Function smp_send_pair_fail
268 ** Description pairing failure to peer device if needed.
269 *******************************************************************************/
smp_send_pair_fail(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)270 void smp_send_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
271 {
272 p_cb->status = *(UINT8 *)p_data;
273 p_cb->failure = *(UINT8 *)p_data;
274
275 SMP_TRACE_DEBUG("%s status=%d failure=%d ", __func__, p_cb->status, p_cb->failure);
276
277 if (p_cb->status <= SMP_MAX_FAIL_RSN_PER_SPEC && p_cb->status != SMP_SUCCESS)
278 {
279 smp_send_cmd(SMP_OPCODE_PAIRING_FAILED, p_cb);
280 p_cb->wait_for_authorization_complete = TRUE;
281 }
282 }
283
284 /*******************************************************************************
285 ** Function smp_send_pair_req
286 ** Description actions related to sending pairing request
287 *******************************************************************************/
smp_send_pair_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)288 void smp_send_pair_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
289 {
290 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
291 SMP_TRACE_DEBUG("%s", __func__);
292
293 /* erase all keys when master sends pairing req*/
294 if (p_dev_rec)
295 btm_sec_clear_ble_keys(p_dev_rec);
296 /* do not manipulate the key, let app decide,
297 leave out to BTM to mandate key distribution for bonding case */
298 smp_send_cmd(SMP_OPCODE_PAIRING_REQ, p_cb);
299 }
300
301 /*******************************************************************************
302 ** Function smp_send_pair_rsp
303 ** Description actions related to sending pairing response
304 *******************************************************************************/
smp_send_pair_rsp(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)305 void smp_send_pair_rsp(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
306 {
307 SMP_TRACE_DEBUG("%s", __func__);
308
309 p_cb->local_i_key &= p_cb->peer_i_key;
310 p_cb->local_r_key &= p_cb->peer_r_key;
311
312 if (smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb))
313 {
314 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
315 smp_use_oob_private_key(p_cb, NULL);
316 else
317 smp_decide_association_model(p_cb, NULL);
318 }
319 }
320
321 /*******************************************************************************
322 ** Function smp_send_confirm
323 ** Description send confirmation to the peer
324 *******************************************************************************/
smp_send_confirm(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)325 void smp_send_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
326 {
327 SMP_TRACE_DEBUG("%s", __func__);
328 smp_send_cmd(SMP_OPCODE_CONFIRM, p_cb);
329 }
330
331 /*******************************************************************************
332 ** Function smp_send_init
333 ** Description process pairing initializer to slave device
334 *******************************************************************************/
smp_send_init(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)335 void smp_send_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
336 {
337 SMP_TRACE_DEBUG("%s", __func__);
338 smp_send_cmd(SMP_OPCODE_INIT, p_cb);
339 }
340
341 /*******************************************************************************
342 ** Function smp_send_rand
343 ** Description send pairing random to the peer
344 *******************************************************************************/
smp_send_rand(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)345 void smp_send_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
346 {
347 SMP_TRACE_DEBUG("%s", __func__);
348 smp_send_cmd(SMP_OPCODE_RAND, p_cb);
349 }
350
351 /*******************************************************************************
352 ** Function smp_send_pair_public_key
353 ** Description send pairing public key command to the peer
354 *******************************************************************************/
smp_send_pair_public_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)355 void smp_send_pair_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
356 {
357 SMP_TRACE_DEBUG("%s", __func__);
358 smp_send_cmd(SMP_OPCODE_PAIR_PUBLIC_KEY, p_cb);
359 }
360
361 /*******************************************************************************
362 ** Function SMP_SEND_COMMITMENT
363 ** Description send commitment command to the peer
364 *******************************************************************************/
smp_send_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)365 void smp_send_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
366 {
367 SMP_TRACE_DEBUG("%s", __func__);
368 smp_send_cmd(SMP_OPCODE_PAIR_COMMITM, p_cb);
369 }
370
371 /*******************************************************************************
372 ** Function smp_send_dhkey_check
373 ** Description send DHKey Check command to the peer
374 *******************************************************************************/
smp_send_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)375 void smp_send_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
376 {
377 SMP_TRACE_DEBUG("%s", __func__);
378 smp_send_cmd(SMP_OPCODE_PAIR_DHKEY_CHECK, p_cb);
379 }
380
381 /*******************************************************************************
382 ** Function smp_send_keypress_notification
383 ** Description send Keypress Notification command to the peer
384 *******************************************************************************/
smp_send_keypress_notification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)385 void smp_send_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
386 {
387 p_cb->local_keypress_notification = *(UINT8 *) p_data;
388 smp_send_cmd(SMP_OPCODE_PAIR_KEYPR_NOTIF, p_cb);
389 }
390
391 /*******************************************************************************
392 ** Function smp_send_enc_info
393 ** Description send encryption information command.
394 *******************************************************************************/
smp_send_enc_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)395 void smp_send_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
396 {
397 tBTM_LE_LENC_KEYS le_key;
398
399 SMP_TRACE_DEBUG("%s p_cb->loc_enc_size = %d", __func__, p_cb->loc_enc_size);
400 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
401
402 smp_send_cmd(SMP_OPCODE_ENCRYPT_INFO, p_cb);
403 smp_send_cmd(SMP_OPCODE_MASTER_ID, p_cb);
404
405 /* save the DIV and key size information when acting as slave device */
406 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
407 le_key.div = p_cb->div;
408 le_key.key_size = p_cb->loc_enc_size;
409 le_key.sec_level = p_cb->sec_level;
410
411 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
412 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LENC,
413 (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
414
415 SMP_TRACE_WARNING ("%s", __func__);
416
417 smp_key_distribution(p_cb, NULL);
418 }
419
420 /*******************************************************************************
421 ** Function smp_send_id_info
422 ** Description send ID information command.
423 *******************************************************************************/
smp_send_id_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)424 void smp_send_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
425 {
426 tBTM_LE_KEY_VALUE le_key;
427 SMP_TRACE_DEBUG("%s", __func__);
428 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, FALSE);
429
430 smp_send_cmd(SMP_OPCODE_IDENTITY_INFO, p_cb);
431 smp_send_cmd(SMP_OPCODE_ID_ADDR, p_cb);
432
433 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
434 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LID,
435 &le_key, TRUE);
436
437 SMP_TRACE_WARNING ("%s", __func__);
438 smp_key_distribution_by_transport(p_cb, NULL);
439 }
440
441 /*******************************************************************************
442 ** Function smp_send_csrk_info
443 ** Description send CSRK command.
444 *******************************************************************************/
smp_send_csrk_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)445 void smp_send_csrk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
446 {
447 tBTM_LE_LCSRK_KEYS key;
448 SMP_TRACE_DEBUG("%s", __func__);
449 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, FALSE);
450
451 if (smp_send_cmd(SMP_OPCODE_SIGN_INFO, p_cb))
452 {
453 key.div = p_cb->div;
454 key.sec_level = p_cb->sec_level;
455 key.counter = 0; /* initialize the local counter */
456 memcpy (key.csrk, p_cb->csrk, BT_OCTET16_LEN);
457 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LCSRK, (tBTM_LE_KEY_VALUE *)&key, TRUE);
458 }
459
460 smp_key_distribution_by_transport(p_cb, NULL);
461 }
462
463 /*******************************************************************************
464 ** Function smp_send_ltk_reply
465 ** Description send LTK reply
466 *******************************************************************************/
smp_send_ltk_reply(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)467 void smp_send_ltk_reply(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
468 {
469 SMP_TRACE_DEBUG("%s", __func__);
470 /* send stk as LTK response */
471 btm_ble_ltk_request_reply(p_cb->pairing_bda, TRUE, p_data->key.p_data);
472 }
473
474 /*******************************************************************************
475 ** Function smp_proc_sec_req
476 ** Description process security request.
477 *******************************************************************************/
smp_proc_sec_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)478 void smp_proc_sec_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
479 {
480 tBTM_LE_AUTH_REQ auth_req = *(tBTM_LE_AUTH_REQ *)p_data;
481 tBTM_BLE_SEC_REQ_ACT sec_req_act;
482 UINT8 reason;
483
484 SMP_TRACE_DEBUG("%s auth_req=0x%x", __func__, auth_req);
485
486 p_cb->cb_evt = 0;
487
488 btm_ble_link_sec_check(p_cb->pairing_bda, auth_req, &sec_req_act);
489
490 SMP_TRACE_DEBUG("%s sec_req_act=0x%x", __func__, sec_req_act);
491
492 switch (sec_req_act)
493 {
494 case BTM_BLE_SEC_REQ_ACT_ENCRYPT:
495 SMP_TRACE_DEBUG("%s BTM_BLE_SEC_REQ_ACT_ENCRYPT", __func__);
496 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
497 break;
498
499 case BTM_BLE_SEC_REQ_ACT_PAIR:
500 p_cb->secure_connections_only_mode_required =
501 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE;
502
503 /* respond to non SC pairing request as failure in SC only mode */
504 if (p_cb->secure_connections_only_mode_required &&
505 (auth_req & SMP_SC_SUPPORT_BIT) == 0)
506 {
507 reason = SMP_PAIR_AUTH_FAIL;
508 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
509 }
510 else
511 {
512 /* initialize local i/r key to be default keys */
513 p_cb->peer_auth_req = auth_req;
514 p_cb->local_r_key = p_cb->local_i_key = SMP_SEC_DEFAULT_KEY ;
515 p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
516 }
517 break;
518
519 case BTM_BLE_SEC_REQ_ACT_DISCARD:
520 p_cb->discard_sec_req = TRUE;
521 break;
522
523 default:
524 /* do nothing */
525 break;
526 }
527 }
528
529 /*******************************************************************************
530 ** Function smp_proc_sec_grant
531 ** Description process security grant.
532 *******************************************************************************/
smp_proc_sec_grant(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)533 void smp_proc_sec_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
534 {
535 UINT8 res= *(UINT8 *)p_data;
536 SMP_TRACE_DEBUG("%s", __func__);
537 if (res != SMP_SUCCESS)
538 {
539 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, p_data);
540 }
541 else /*otherwise, start pairing */
542 {
543 /* send IO request callback */
544 p_cb->cb_evt = SMP_IO_CAP_REQ_EVT;
545 }
546 }
547
548 /*******************************************************************************
549 ** Function smp_proc_pair_fail
550 ** Description process pairing failure from peer device
551 *******************************************************************************/
smp_proc_pair_fail(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)552 void smp_proc_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
553 {
554 SMP_TRACE_DEBUG("%s", __func__);
555 p_cb->status = *(UINT8 *)p_data;
556 }
557
558 /*******************************************************************************
559 ** Function smp_proc_pair_cmd
560 ** Description Process the SMP pairing request/response from peer device
561 *******************************************************************************/
smp_proc_pair_cmd(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)562 void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
563 {
564 UINT8 *p = (UINT8 *)p_data;
565 UINT8 reason = SMP_ENC_KEY_SIZE;
566 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
567
568 SMP_TRACE_DEBUG("%s", __func__);
569 /* erase all keys if it is slave proc pairing req*/
570 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
571 btm_sec_clear_ble_keys(p_dev_rec);
572
573 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
574
575 STREAM_TO_UINT8(p_cb->peer_io_caps, p);
576 STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
577 STREAM_TO_UINT8(p_cb->peer_auth_req, p);
578 STREAM_TO_UINT8(p_cb->peer_enc_size, p);
579 STREAM_TO_UINT8(p_cb->peer_i_key, p);
580 STREAM_TO_UINT8(p_cb->peer_r_key, p);
581
582 if (smp_command_has_invalid_parameters(p_cb))
583 {
584 reason = SMP_INVALID_PARAMETERS;
585 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
586 return;
587 }
588
589 // PTS Testing failure modes
590 if (pts_test_send_authentication_complete_failure(p_cb))
591 return;
592
593 if (p_cb->role == HCI_ROLE_SLAVE)
594 {
595 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD))
596 {
597 /* peer (master) started pairing sending Pairing Request */
598 p_cb->local_i_key = p_cb->peer_i_key;
599 p_cb->local_r_key = p_cb->peer_r_key;
600
601 p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
602 }
603 else /* update local i/r key according to pairing request */
604 {
605 /* pairing started with this side (slave) sending Security Request */
606 p_cb->local_i_key &= p_cb->peer_i_key;
607 p_cb->local_r_key &= p_cb->peer_r_key;
608 p_cb->selected_association_model = smp_select_association_model(p_cb);
609
610 if (p_cb->secure_connections_only_mode_required &&
611 (!(p_cb->le_secure_connections_mode_is_used) ||
612 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
613 {
614 SMP_TRACE_ERROR("%s pairing failed - slave requires secure connection only mode",
615 __func__);
616 reason = SMP_PAIR_AUTH_FAIL;
617 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
618 return;
619 }
620
621 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
622 {
623 if (smp_request_oob_data(p_cb)) return;
624 }
625 else
626 {
627 smp_send_pair_rsp(p_cb, NULL);
628 }
629 }
630 }
631 else /* Master receives pairing response */
632 {
633 p_cb->selected_association_model = smp_select_association_model(p_cb);
634
635 if (p_cb->secure_connections_only_mode_required &&
636 (!(p_cb->le_secure_connections_mode_is_used) ||
637 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
638 {
639 SMP_TRACE_ERROR ("Master requires secure connection only mode \
640 but it can't be provided -> Master fails pairing");
641 reason = SMP_PAIR_AUTH_FAIL;
642 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
643 return;
644 }
645
646 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
647 {
648 if (smp_request_oob_data(p_cb)) return;
649 }
650 else
651 {
652 smp_decide_association_model(p_cb, NULL);
653 }
654 }
655 }
656
657 /*******************************************************************************
658 ** Function smp_proc_confirm
659 ** Description process pairing confirm from peer device
660 *******************************************************************************/
smp_proc_confirm(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)661 void smp_proc_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
662 {
663 UINT8 *p = (UINT8 *)p_data;
664 UINT8 reason = SMP_INVALID_PARAMETERS;
665
666 SMP_TRACE_DEBUG("%s", __func__);
667
668 if (smp_command_has_invalid_parameters(p_cb))
669 {
670 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
671 return;
672 }
673
674 if (p != NULL)
675 {
676 /* save the SConfirm for comparison later */
677 STREAM_TO_ARRAY(p_cb->rconfirm, p, BT_OCTET16_LEN);
678 }
679
680 p_cb->flags |= SMP_PAIR_FLAGS_CMD_CONFIRM;
681 }
682
683 /*******************************************************************************
684 ** Function smp_proc_init
685 ** Description process pairing initializer from peer device
686 *******************************************************************************/
smp_proc_init(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)687 void smp_proc_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
688 {
689 UINT8 *p = (UINT8 *)p_data;
690 UINT8 reason = SMP_INVALID_PARAMETERS;
691
692 SMP_TRACE_DEBUG("%s", __func__);
693
694 if (smp_command_has_invalid_parameters(p_cb))
695 {
696 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
697 return;
698 }
699
700 /* save the SRand for comparison */
701 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
702 }
703
704 /*******************************************************************************
705 ** Function smp_proc_rand
706 ** Description process pairing random (nonce) from peer device
707 *******************************************************************************/
smp_proc_rand(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)708 void smp_proc_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
709 {
710 UINT8 *p = (UINT8 *)p_data;
711 UINT8 reason = SMP_INVALID_PARAMETERS;
712
713 SMP_TRACE_DEBUG("%s", __func__);
714
715 if (smp_command_has_invalid_parameters(p_cb))
716 {
717 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
718 return;
719 }
720
721 /* save the SRand for comparison */
722 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
723 }
724
725 /*******************************************************************************
726 ** Function smp_process_pairing_public_key
727 ** Description process pairing public key command from the peer device
728 ** - saves the peer public key;
729 ** - sets the flag indicating that the peer public key is received;
730 ** - calls smp_wait_for_both_public_keys(...).
731 **
732 *******************************************************************************/
smp_process_pairing_public_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)733 void smp_process_pairing_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
734 {
735 UINT8 *p = (UINT8 *)p_data;
736 UINT8 reason = SMP_INVALID_PARAMETERS;
737
738 SMP_TRACE_DEBUG("%s", __func__);
739
740 if (smp_command_has_invalid_parameters(p_cb))
741 {
742 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
743 return;
744 }
745
746 STREAM_TO_ARRAY(p_cb->peer_publ_key.x, p, BT_OCTET32_LEN);
747 STREAM_TO_ARRAY(p_cb->peer_publ_key.y, p, BT_OCTET32_LEN);
748 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY;
749
750 smp_wait_for_both_public_keys(p_cb, NULL);
751 }
752
753 /*******************************************************************************
754 ** Function smp_process_pairing_commitment
755 ** Description process pairing commitment from peer device
756 *******************************************************************************/
smp_process_pairing_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)757 void smp_process_pairing_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
758 {
759 UINT8 *p = (UINT8 *)p_data;
760 UINT8 reason = SMP_INVALID_PARAMETERS;
761
762 SMP_TRACE_DEBUG("%s", __func__);
763
764 if (smp_command_has_invalid_parameters(p_cb))
765 {
766 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
767 return;
768 }
769
770 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_COMM;
771
772 if (p != NULL)
773 {
774 STREAM_TO_ARRAY(p_cb->remote_commitment, p, BT_OCTET16_LEN);
775 }
776 }
777
778 /*******************************************************************************
779 ** Function smp_process_dhkey_check
780 ** Description process DHKey Check from peer device
781 *******************************************************************************/
smp_process_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)782 void smp_process_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
783 {
784 UINT8 *p = (UINT8 *)p_data;
785 UINT8 reason = SMP_INVALID_PARAMETERS;
786
787 SMP_TRACE_DEBUG("%s", __func__);
788
789 if (smp_command_has_invalid_parameters(p_cb))
790 {
791 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
792 return;
793 }
794
795 if (p != NULL)
796 {
797 STREAM_TO_ARRAY(p_cb->remote_dhkey_check, p, BT_OCTET16_LEN);
798 }
799
800 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK;
801 }
802
803 /*******************************************************************************
804 ** Function smp_process_keypress_notification
805 ** Description process pairing keypress notification from peer device
806 *******************************************************************************/
smp_process_keypress_notification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)807 void smp_process_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
808 {
809 UINT8 *p = (UINT8 *)p_data;
810 UINT8 reason = SMP_INVALID_PARAMETERS;
811
812 SMP_TRACE_DEBUG("%s", __func__);
813 p_cb->status = *(UINT8 *)p_data;
814
815 if (smp_command_has_invalid_parameters(p_cb))
816 {
817 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
818 return;
819 }
820
821 if (p != NULL)
822 {
823 STREAM_TO_UINT8(p_cb->peer_keypress_notification, p);
824 }
825 else
826 {
827 p_cb->peer_keypress_notification = BTM_SP_KEY_OUT_OF_RANGE;
828 }
829 p_cb->cb_evt = SMP_PEER_KEYPR_NOT_EVT;
830 }
831
832 /*******************************************************************************
833 ** Function smp_br_process_pairing_command
834 ** Description Process the SMP pairing request/response from peer device via
835 ** BR/EDR transport.
836 *******************************************************************************/
smp_br_process_pairing_command(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)837 void smp_br_process_pairing_command(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
838 {
839 UINT8 *p = (UINT8 *)p_data;
840 UINT8 reason = SMP_ENC_KEY_SIZE;
841 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
842
843 SMP_TRACE_DEBUG("%s", __func__);
844 /* rejecting BR pairing request over non-SC BR link */
845 if (!p_dev_rec->new_encryption_key_is_p256 && p_cb->role == HCI_ROLE_SLAVE)
846 {
847 reason = SMP_XTRANS_DERIVE_NOT_ALLOW;
848 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
849 return;
850 }
851
852 /* erase all keys if it is slave proc pairing req*/
853 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
854 btm_sec_clear_ble_keys(p_dev_rec);
855
856 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
857
858 STREAM_TO_UINT8(p_cb->peer_io_caps, p);
859 STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
860 STREAM_TO_UINT8(p_cb->peer_auth_req, p);
861 STREAM_TO_UINT8(p_cb->peer_enc_size, p);
862 STREAM_TO_UINT8(p_cb->peer_i_key, p);
863 STREAM_TO_UINT8(p_cb->peer_r_key, p);
864
865 if (smp_command_has_invalid_parameters(p_cb))
866 {
867 reason = SMP_INVALID_PARAMETERS;
868 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
869 return;
870 }
871
872 /* peer (master) started pairing sending Pairing Request */
873 /* or being master device always use received i/r key as keys to distribute */
874 p_cb->local_i_key = p_cb->peer_i_key;
875 p_cb->local_r_key = p_cb->peer_r_key;
876
877 if (p_cb->role == HCI_ROLE_SLAVE)
878 {
879 p_dev_rec->new_encryption_key_is_p256 = FALSE;
880 /* shortcut to skip Security Grant step */
881 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
882 }
883 else /* Master receives pairing response */
884 {
885 SMP_TRACE_DEBUG("%s master rcvs valid PAIRING RESPONSE."
886 " Supposed to move to key distribution phase. ", __func__);
887 }
888
889 /* auth_req received via BR/EDR SM channel is set to 0,
890 but everything derived/exchanged has to be saved */
891 p_cb->peer_auth_req |= SMP_AUTH_BOND;
892 p_cb->loc_auth_req |= SMP_AUTH_BOND;
893 }
894
895 /*******************************************************************************
896 ** Function smp_br_process_security_grant
897 ** Description process security grant in case of pairing over BR/EDR transport.
898 *******************************************************************************/
smp_br_process_security_grant(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)899 void smp_br_process_security_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
900 {
901 UINT8 res= *(UINT8 *)p_data;
902 SMP_TRACE_DEBUG("%s", __func__);
903 if (res != SMP_SUCCESS)
904 {
905 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, p_data);
906 }
907 else /*otherwise, start pairing */
908 {
909 /* send IO request callback */
910 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
911 }
912 }
913
914 /*******************************************************************************
915 ** Function smp_br_check_authorization_request
916 ** Description sets the SMP kes to be derived/distribute over BR/EDR transport
917 ** before starting the distribution/derivation
918 *******************************************************************************/
smp_br_check_authorization_request(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)919 void smp_br_check_authorization_request(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
920 {
921 UINT8 reason = SMP_SUCCESS;
922
923 SMP_TRACE_DEBUG("%s rcvs i_keys=0x%x r_keys=0x%x "
924 "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key,
925 p_cb->local_r_key);
926
927 /* In LE SC mode LK field is ignored when BR/EDR transport is used */
928 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
929 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
930
931 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
932 ** Set local_r_key on master to expect only these keys. */
933 if (p_cb->role == HCI_ROLE_MASTER)
934 {
935 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
936 }
937
938 SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x "
939 "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key,
940 p_cb->local_r_key);
941
942 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
943 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
944 (p_cb->local_i_key || p_cb->local_r_key))
945 {
946 smp_br_state_machine_event(p_cb, SMP_BR_BOND_REQ_EVT, NULL);
947
948 /* if no peer key is expected, start master key distribution */
949 if (p_cb->role == HCI_ROLE_MASTER && p_cb->local_r_key == 0)
950 smp_key_distribution_by_transport(p_cb, NULL);
951 }
952 else
953 {
954 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
955 }
956 }
957
958 /*******************************************************************************
959 ** Function smp_br_select_next_key
960 ** Description selects the next key to derive/send when BR/EDR transport is
961 ** used.
962 *******************************************************************************/
smp_br_select_next_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)963 void smp_br_select_next_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
964 {
965 UINT8 reason = SMP_SUCCESS;
966 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x",
967 __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
968
969 if (p_cb->role == HCI_ROLE_SLAVE||
970 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER))
971 {
972 smp_key_pick_key(p_cb, p_data);
973 }
974
975 if (!p_cb->local_i_key && !p_cb->local_r_key)
976 {
977 /* state check to prevent re-entrance */
978 if (smp_get_br_state() == SMP_BR_STATE_BOND_PENDING)
979 {
980 if (p_cb->total_tx_unacked == 0)
981 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
982 else
983 p_cb->wait_for_authorization_complete = TRUE;
984 }
985 }
986 }
987
988 /*******************************************************************************
989 ** Function smp_proc_enc_info
990 ** Description process encryption information from peer device
991 *******************************************************************************/
smp_proc_enc_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)992 void smp_proc_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
993 {
994 UINT8 *p = (UINT8 *)p_data;
995
996 SMP_TRACE_DEBUG("%s", __func__);
997 STREAM_TO_ARRAY(p_cb->ltk, p, BT_OCTET16_LEN);
998
999 smp_key_distribution(p_cb, NULL);
1000 }
1001 /*******************************************************************************
1002 ** Function smp_proc_master_id
1003 ** Description process master ID from slave device
1004 *******************************************************************************/
smp_proc_master_id(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1005 void smp_proc_master_id(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1006 {
1007 UINT8 *p = (UINT8 *)p_data;
1008 tBTM_LE_PENC_KEYS le_key;
1009
1010 SMP_TRACE_DEBUG("%s", __func__);
1011 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, TRUE);
1012
1013 STREAM_TO_UINT16(le_key.ediv, p);
1014 STREAM_TO_ARRAY(le_key.rand, p, BT_OCTET8_LEN );
1015
1016 /* store the encryption keys from peer device */
1017 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
1018 le_key.sec_level = p_cb->sec_level;
1019 le_key.key_size = p_cb->loc_enc_size;
1020
1021 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
1022 btm_sec_save_le_key(p_cb->pairing_bda,
1023 BTM_LE_KEY_PENC,
1024 (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
1025
1026 smp_key_distribution(p_cb, NULL);
1027 }
1028
1029 /*******************************************************************************
1030 ** Function smp_proc_enc_info
1031 ** Description process identity information from peer device
1032 *******************************************************************************/
smp_proc_id_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1033 void smp_proc_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1034 {
1035 UINT8 *p = (UINT8 *)p_data;
1036
1037 SMP_TRACE_DEBUG("%s", __func__);
1038 STREAM_TO_ARRAY (p_cb->tk, p, BT_OCTET16_LEN); /* reuse TK for IRK */
1039 smp_key_distribution_by_transport(p_cb, NULL);
1040 }
1041
1042 /*******************************************************************************
1043 ** Function smp_proc_id_addr
1044 ** Description process identity address from peer device
1045 *******************************************************************************/
smp_proc_id_addr(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1046 void smp_proc_id_addr(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1047 {
1048 UINT8 *p = (UINT8 *)p_data;
1049 tBTM_LE_PID_KEYS pid_key;
1050
1051 SMP_TRACE_DEBUG("%s", __func__);
1052 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, TRUE);
1053
1054 STREAM_TO_UINT8(pid_key.addr_type, p);
1055 STREAM_TO_BDADDR(pid_key.static_addr, p);
1056 memcpy(pid_key.irk, p_cb->tk, BT_OCTET16_LEN);
1057
1058 /* to use as BD_ADDR for lk derived from ltk */
1059 p_cb->id_addr_rcvd = TRUE;
1060 p_cb->id_addr_type = pid_key.addr_type;
1061 memcpy(p_cb->id_addr, pid_key.static_addr, BD_ADDR_LEN);
1062
1063 /* store the ID key from peer device */
1064 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
1065 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PID,
1066 (tBTM_LE_KEY_VALUE *)&pid_key, TRUE);
1067 smp_key_distribution_by_transport(p_cb, NULL);
1068 }
1069
1070 /*******************************************************************************
1071 ** Function smp_proc_srk_info
1072 ** Description process security information from peer device
1073 *******************************************************************************/
smp_proc_srk_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1074 void smp_proc_srk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1075 {
1076 tBTM_LE_PCSRK_KEYS le_key;
1077
1078 SMP_TRACE_DEBUG("%s", __func__);
1079 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, TRUE);
1080
1081 /* save CSRK to security record */
1082 le_key.sec_level = p_cb->sec_level;
1083 memcpy (le_key.csrk, p_data, BT_OCTET16_LEN); /* get peer CSRK */
1084 le_key.counter = 0; /* initialize the peer counter */
1085
1086 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
1087 btm_sec_save_le_key(p_cb->pairing_bda,
1088 BTM_LE_KEY_PCSRK,
1089 (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
1090 smp_key_distribution_by_transport(p_cb, NULL);
1091 }
1092
1093 /*******************************************************************************
1094 ** Function smp_proc_compare
1095 ** Description process compare value
1096 *******************************************************************************/
smp_proc_compare(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1097 void smp_proc_compare(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1098 {
1099 UINT8 reason;
1100
1101 SMP_TRACE_DEBUG("%s", __func__);
1102 if (!memcmp(p_cb->rconfirm, p_data->key.p_data, BT_OCTET16_LEN))
1103 {
1104 /* compare the max encryption key size, and save the smaller one for the link */
1105 if ( p_cb->peer_enc_size < p_cb->loc_enc_size)
1106 p_cb->loc_enc_size = p_cb->peer_enc_size;
1107
1108 if (p_cb->role == HCI_ROLE_SLAVE)
1109 smp_sm_event(p_cb, SMP_RAND_EVT, NULL);
1110 else
1111 {
1112 /* master device always use received i/r key as keys to distribute */
1113 p_cb->local_i_key = p_cb->peer_i_key;
1114 p_cb->local_r_key = p_cb->peer_r_key;
1115
1116 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1117 }
1118
1119 }
1120 else
1121 {
1122 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1123 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1124 }
1125 }
1126
1127 /*******************************************************************************
1128 ** Function smp_proc_sl_key
1129 ** Description process key ready events.
1130 *******************************************************************************/
smp_proc_sl_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1131 void smp_proc_sl_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1132 {
1133 UINT8 key_type = p_data->key.key_type;
1134
1135 SMP_TRACE_DEBUG("%s", __func__);
1136 if (key_type == SMP_KEY_TYPE_TK)
1137 {
1138 smp_generate_srand_mrand_confirm(p_cb, NULL);
1139 }
1140 else if (key_type == SMP_KEY_TYPE_CFM)
1141 {
1142 smp_set_state(SMP_STATE_WAIT_CONFIRM);
1143
1144 if (p_cb->flags & SMP_PAIR_FLAGS_CMD_CONFIRM)
1145 smp_sm_event(p_cb, SMP_CONFIRM_EVT, NULL);
1146 }
1147 }
1148
1149 /*******************************************************************************
1150 ** Function smp_start_enc
1151 ** Description start encryption
1152 *******************************************************************************/
smp_start_enc(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1153 void smp_start_enc(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1154 {
1155 tBTM_STATUS cmd;
1156 UINT8 reason = SMP_ENC_FAIL;
1157
1158 SMP_TRACE_DEBUG("%s", __func__);
1159 if (p_data != NULL)
1160 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, TRUE, p_data->key.p_data);
1161 else
1162 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, FALSE, NULL);
1163
1164 if (cmd != BTM_CMD_STARTED && cmd != BTM_BUSY)
1165 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1166 }
1167
1168 /*******************************************************************************
1169 ** Function smp_proc_discard
1170 ** Description processing for discard security request
1171 *******************************************************************************/
smp_proc_discard(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1172 void smp_proc_discard(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1173 {
1174 SMP_TRACE_DEBUG("%s", __func__);
1175 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD))
1176 smp_reset_control_value(p_cb);
1177 }
1178
1179 /*******************************************************************************
1180 ** Function smp_enc_cmpl
1181 ** Description encryption success
1182 *******************************************************************************/
smp_enc_cmpl(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1183 void smp_enc_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1184 {
1185 UINT8 enc_enable = *(UINT8 *)p_data;
1186 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1187
1188 SMP_TRACE_DEBUG("%s", __func__);
1189 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1190 }
1191
1192 /*******************************************************************************
1193 ** Function smp_check_auth_req
1194 ** Description check authentication request
1195 *******************************************************************************/
smp_check_auth_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1196 void smp_check_auth_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1197 {
1198 UINT8 enc_enable = *(UINT8 *)p_data;
1199 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1200
1201 SMP_TRACE_DEBUG("%s rcvs enc_enable=%d i_keys=0x%x r_keys=0x%x "
1202 "(i-initiator r-responder)",
1203 __func__, enc_enable, p_cb->local_i_key, p_cb->local_r_key);
1204 if (enc_enable == 1)
1205 {
1206 if (p_cb->le_secure_connections_mode_is_used)
1207 {
1208 /* In LE SC mode LTK is used instead of STK and has to be always saved */
1209 p_cb->local_i_key |= SMP_SEC_KEY_TYPE_ENC;
1210 p_cb->local_r_key |= SMP_SEC_KEY_TYPE_ENC;
1211
1212 /* In LE SC mode LK is derived from LTK only if both sides request it */
1213 if (!(p_cb->local_i_key & SMP_SEC_KEY_TYPE_LK) ||
1214 !(p_cb->local_r_key & SMP_SEC_KEY_TYPE_LK))
1215 {
1216 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1217 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1218 }
1219
1220 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
1221 ** Set local_r_key on master to expect only these keys.
1222 */
1223 if (p_cb->role == HCI_ROLE_MASTER)
1224 {
1225 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
1226 }
1227 }
1228 else
1229 {
1230 /* in legacy mode derivation of BR/EDR LK is not supported */
1231 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1232 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1233 }
1234 SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x "
1235 "(i-initiator r-responder)",
1236 __func__, p_cb->local_i_key, p_cb->local_r_key);
1237
1238 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
1239 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
1240 (p_cb->local_i_key || p_cb->local_r_key))
1241 {
1242 smp_sm_event(p_cb, SMP_BOND_REQ_EVT, NULL);
1243 }
1244 else
1245 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1246 }
1247 else if (enc_enable == 0)
1248 {
1249 /* if failed for encryption after pairing, send callback */
1250 if (p_cb->flags & SMP_PAIR_FLAG_ENC_AFTER_PAIR)
1251 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1252 /* if enc failed for old security information */
1253 /* if master device, clean up and abck to idle; slave device do nothing */
1254 else if (p_cb->role == HCI_ROLE_MASTER)
1255 {
1256 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1257 }
1258 }
1259 }
1260
1261 /*******************************************************************************
1262 ** Function smp_key_pick_key
1263 ** Description Pick a key distribution function based on the key mask.
1264 *******************************************************************************/
smp_key_pick_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1265 void smp_key_pick_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1266 {
1267 UINT8 key_to_dist = (p_cb->role == HCI_ROLE_SLAVE) ? p_cb->local_r_key : p_cb->local_i_key;
1268 UINT8 i = 0;
1269
1270 SMP_TRACE_DEBUG("%s key_to_dist=0x%x", __func__, key_to_dist);
1271 while (i < SMP_KEY_DIST_TYPE_MAX)
1272 {
1273 SMP_TRACE_DEBUG("key to send = %02x, i = %d", key_to_dist, i);
1274
1275 if (key_to_dist & (1 << i))
1276 {
1277 SMP_TRACE_DEBUG("smp_distribute_act[%d]", i);
1278 (* smp_distribute_act[i])(p_cb, p_data);
1279 break;
1280 }
1281 i ++;
1282 }
1283 }
1284 /*******************************************************************************
1285 ** Function smp_key_distribution
1286 ** Description start key distribution if required.
1287 *******************************************************************************/
smp_key_distribution(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1288 void smp_key_distribution(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1289 {
1290 UINT8 reason = SMP_SUCCESS;
1291 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x",
1292 __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
1293
1294 if (p_cb->role == HCI_ROLE_SLAVE ||
1295 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER))
1296 {
1297 smp_key_pick_key(p_cb, p_data);
1298 }
1299
1300 if (!p_cb->local_i_key && !p_cb->local_r_key)
1301 {
1302 /* state check to prevent re-entrant */
1303 if (smp_get_state() == SMP_STATE_BOND_PENDING)
1304 {
1305 if (p_cb->derive_lk)
1306 {
1307 smp_derive_link_key_from_long_term_key(p_cb, NULL);
1308 p_cb->derive_lk = FALSE;
1309 }
1310
1311 if (p_cb->total_tx_unacked == 0)
1312 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1313 else
1314 p_cb->wait_for_authorization_complete = TRUE;
1315 }
1316 }
1317 }
1318
1319 /*******************************************************************************
1320 ** Function smp_decide_association_model
1321 ** Description This function is called to select assoc model to be used for
1322 ** STK generation and to start STK generation process.
1323 **
1324 *******************************************************************************/
smp_decide_association_model(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1325 void smp_decide_association_model(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1326 {
1327 UINT8 failure = SMP_UNKNOWN_IO_CAP;
1328 UINT8 int_evt = 0;
1329 tSMP_KEY key;
1330 tSMP_INT_DATA *p = NULL;
1331
1332 SMP_TRACE_DEBUG("%s Association Model = %d", __func__, p_cb->selected_association_model);
1333
1334 switch (p_cb->selected_association_model)
1335 {
1336 case SMP_MODEL_ENCRYPTION_ONLY: /* TK = 0, go calculate Confirm */
1337 if (p_cb->role == HCI_ROLE_MASTER &&
1338 ((p_cb->peer_auth_req & SMP_AUTH_YN_BIT) != 0) &&
1339 ((p_cb->loc_auth_req & SMP_AUTH_YN_BIT) == 0))
1340 {
1341 SMP_TRACE_ERROR ("IO capability does not meet authentication requirement");
1342 failure = SMP_PAIR_AUTH_FAIL;
1343 p = (tSMP_INT_DATA *)&failure;
1344 int_evt = SMP_AUTH_CMPL_EVT;
1345 }
1346 else
1347 {
1348 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1349 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level );
1350
1351 key.key_type = SMP_KEY_TYPE_TK;
1352 key.p_data = p_cb->tk;
1353 p = (tSMP_INT_DATA *)&key;
1354
1355 memset(p_cb->tk, 0, BT_OCTET16_LEN);
1356 /* TK, ready */
1357 int_evt = SMP_KEY_READY_EVT;
1358 }
1359 break;
1360
1361 case SMP_MODEL_PASSKEY:
1362 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1363 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1364
1365 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1366 int_evt = SMP_TK_REQ_EVT;
1367 break;
1368
1369 case SMP_MODEL_OOB:
1370 SMP_TRACE_ERROR ("Association Model = SMP_MODEL_OOB");
1371 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1372 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1373
1374 p_cb->cb_evt = SMP_OOB_REQ_EVT;
1375 int_evt = SMP_TK_REQ_EVT;
1376 break;
1377
1378 case SMP_MODEL_KEY_NOTIF:
1379 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1380 SMP_TRACE_DEBUG("Need to generate Passkey");
1381
1382 /* generate passkey and notify application */
1383 smp_generate_passkey(p_cb, NULL);
1384 break;
1385
1386 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1387 case SMP_MODEL_SEC_CONN_NUM_COMP:
1388 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1389 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1390 case SMP_MODEL_SEC_CONN_OOB:
1391 int_evt = SMP_PUBL_KEY_EXCH_REQ_EVT;
1392 break;
1393
1394 case SMP_MODEL_OUT_OF_RANGE:
1395 SMP_TRACE_ERROR("Association Model = SMP_MODEL_OUT_OF_RANGE (failed)");
1396 p = (tSMP_INT_DATA *)&failure;
1397 int_evt = SMP_AUTH_CMPL_EVT;
1398 break;
1399
1400 default:
1401 SMP_TRACE_ERROR("Association Model = %d (SOMETHING IS WRONG WITH THE CODE)",
1402 p_cb->selected_association_model);
1403 p = (tSMP_INT_DATA *)&failure;
1404 int_evt = SMP_AUTH_CMPL_EVT;
1405 }
1406
1407 SMP_TRACE_EVENT ("sec_level=%d ", p_cb->sec_level );
1408 if (int_evt)
1409 smp_sm_event(p_cb, int_evt, p);
1410 }
1411
1412 /*******************************************************************************
1413 ** Function smp_process_io_response
1414 ** Description process IO response for a slave device.
1415 *******************************************************************************/
smp_process_io_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1416 void smp_process_io_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1417 {
1418 uint8_t reason = SMP_PAIR_AUTH_FAIL;
1419
1420 SMP_TRACE_DEBUG("%s", __func__);
1421 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)
1422 {
1423 /* pairing started by local (slave) Security Request */
1424 smp_set_state(SMP_STATE_SEC_REQ_PENDING);
1425 smp_send_cmd(SMP_OPCODE_SEC_REQ, p_cb);
1426 }
1427 else /* plan to send pairing respond */
1428 {
1429 /* pairing started by peer (master) Pairing Request */
1430 p_cb->selected_association_model = smp_select_association_model(p_cb);
1431
1432 if (p_cb->secure_connections_only_mode_required &&
1433 (!(p_cb->le_secure_connections_mode_is_used) ||
1434 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
1435 {
1436 SMP_TRACE_ERROR ("Slave requires secure connection only mode \
1437 but it can't be provided -> Slave fails pairing");
1438 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1439 return;
1440 }
1441
1442 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
1443 {
1444 if (smp_request_oob_data(p_cb)) return;
1445 }
1446
1447 // PTS Testing failure modes
1448 if (pts_test_send_authentication_complete_failure(p_cb))
1449 return;
1450
1451 smp_send_pair_rsp(p_cb, NULL);
1452 }
1453 }
1454
1455 /*******************************************************************************
1456 ** Function smp_br_process_slave_keys_response
1457 ** Description process application keys response for a slave device
1458 ** (BR/EDR transport).
1459 *******************************************************************************/
smp_br_process_slave_keys_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1460 void smp_br_process_slave_keys_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1461 {
1462 smp_br_send_pair_response(p_cb, NULL);
1463 }
1464
1465 /*******************************************************************************
1466 ** Function smp_br_send_pair_response
1467 ** Description actions related to sending pairing response over BR/EDR transport.
1468 *******************************************************************************/
smp_br_send_pair_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1469 void smp_br_send_pair_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1470 {
1471 SMP_TRACE_DEBUG("%s", __func__);
1472
1473 p_cb->local_i_key &= p_cb->peer_i_key;
1474 p_cb->local_r_key &= p_cb->peer_r_key;
1475
1476 smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb);
1477 }
1478
1479 /*******************************************************************************
1480 ** Function smp_pairing_cmpl
1481 ** Description This function is called to send the pairing complete callback
1482 ** and remove the connection if needed.
1483 *******************************************************************************/
smp_pairing_cmpl(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1484 void smp_pairing_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1485 {
1486 if (p_cb->total_tx_unacked == 0)
1487 {
1488 /* update connection parameter to remote preferred */
1489 L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, TRUE);
1490 /* process the pairing complete */
1491 smp_proc_pairing_cmpl(p_cb);
1492 }
1493 }
1494
1495 /*******************************************************************************
1496 ** Function smp_pair_terminate
1497 ** Description This function is called to send the pairing complete callback
1498 ** and remove the connection if needed.
1499 *******************************************************************************/
smp_pair_terminate(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1500 void smp_pair_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1501 {
1502 SMP_TRACE_DEBUG("%s", __func__);
1503 p_cb->status = SMP_CONN_TOUT;
1504 smp_proc_pairing_cmpl(p_cb);
1505 }
1506
1507 /*******************************************************************************
1508 ** Function smp_idle_terminate
1509 ** Description This function calledin idle state to determine to send authentication
1510 ** complete or not.
1511 *******************************************************************************/
smp_idle_terminate(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1512 void smp_idle_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1513 {
1514 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)
1515 {
1516 SMP_TRACE_DEBUG("Pairing terminated at IDLE state.");
1517 p_cb->status = SMP_FAIL;
1518 smp_proc_pairing_cmpl(p_cb);
1519 }
1520 }
1521
1522 /*******************************************************************************
1523 ** Function smp_fast_conn_param
1524 ** Description apply default connection parameter for pairing process
1525 *******************************************************************************/
smp_fast_conn_param(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1526 void smp_fast_conn_param(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1527 {
1528 /* disable connection parameter update */
1529 L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, FALSE);
1530 }
1531
1532 /*******************************************************************************
1533 ** Function smp_both_have_public_keys
1534 ** Description The function is called when both local and peer public keys are
1535 ** saved.
1536 ** Actions:
1537 ** - invokes DHKey computation;
1538 ** - on slave side invokes sending local public key to the peer.
1539 ** - invokes SC phase 1 process.
1540 *******************************************************************************/
smp_both_have_public_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1541 void smp_both_have_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1542 {
1543 SMP_TRACE_DEBUG("%s",__func__);
1544
1545 /* invokes DHKey computation */
1546 smp_compute_dhkey(p_cb);
1547
1548 /* on slave side invokes sending local public key to the peer */
1549 if (p_cb->role == HCI_ROLE_SLAVE)
1550 smp_send_pair_public_key(p_cb, NULL);
1551
1552 smp_sm_event(p_cb, SMP_SC_DHKEY_CMPLT_EVT, NULL);
1553 }
1554
1555 /*******************************************************************************
1556 ** Function smp_start_secure_connection_phase1
1557 ** Description The function starts Secure Connection phase1 i.e. invokes initialization of Secure Connection
1558 ** phase 1 parameters and starts building/sending to the peer
1559 ** messages appropriate for the role and association model.
1560 *******************************************************************************/
smp_start_secure_connection_phase1(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1561 void smp_start_secure_connection_phase1(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1562 {
1563 SMP_TRACE_DEBUG("%s", __func__);
1564
1565 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)
1566 {
1567 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1568 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level );
1569 }
1570 else
1571 {
1572 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1573 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1574 }
1575
1576 switch(p_cb->selected_association_model)
1577 {
1578 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1579 case SMP_MODEL_SEC_CONN_NUM_COMP:
1580 memset(p_cb->local_random, 0, BT_OCTET16_LEN);
1581 smp_start_nonce_generation(p_cb);
1582 break;
1583 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1584 /* user has to provide passkey */
1585 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1586 smp_sm_event(p_cb, SMP_TK_REQ_EVT, NULL);
1587 break;
1588 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1589 /* passkey has to be provided to user */
1590 SMP_TRACE_DEBUG("Need to generate SC Passkey");
1591 smp_generate_passkey(p_cb, NULL);
1592 break;
1593 case SMP_MODEL_SEC_CONN_OOB:
1594 /* use the available OOB information */
1595 smp_process_secure_connection_oob_data(p_cb, NULL);
1596 break;
1597 default:
1598 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1599 p_cb->selected_association_model);
1600 break;
1601 }
1602 }
1603
1604 /*******************************************************************************
1605 ** Function smp_process_local_nonce
1606 ** Description The function processes new local nonce.
1607 **
1608 ** Note It is supposed to be called in SC phase1.
1609 *******************************************************************************/
smp_process_local_nonce(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1610 void smp_process_local_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1611 {
1612 SMP_TRACE_DEBUG("%s", __func__);
1613
1614 switch(p_cb->selected_association_model)
1615 {
1616 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1617 case SMP_MODEL_SEC_CONN_NUM_COMP:
1618 if (p_cb->role == HCI_ROLE_SLAVE)
1619 {
1620 /* slave calculates and sends local commitment */
1621 smp_calculate_local_commitment(p_cb);
1622 smp_send_commitment(p_cb, NULL);
1623 /* slave has to wait for peer nonce */
1624 smp_set_state(SMP_STATE_WAIT_NONCE);
1625 }
1626 else /* i.e. master */
1627 {
1628 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM)
1629 {
1630 /* slave commitment is already received, send local nonce, wait for remote nonce*/
1631 SMP_TRACE_DEBUG("master in assoc mode = %d \
1632 already rcvd slave commitment - race condition",
1633 p_cb->selected_association_model);
1634 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1635 smp_send_rand(p_cb, NULL);
1636 smp_set_state(SMP_STATE_WAIT_NONCE);
1637 }
1638 }
1639 break;
1640 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1641 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1642 smp_calculate_local_commitment(p_cb);
1643
1644 if (p_cb->role == HCI_ROLE_MASTER)
1645 {
1646 smp_send_commitment(p_cb, NULL);
1647 }
1648 else /* slave */
1649 {
1650 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM)
1651 {
1652 /* master commitment is already received */
1653 smp_send_commitment(p_cb, NULL);
1654 smp_set_state(SMP_STATE_WAIT_NONCE);
1655 }
1656 }
1657 break;
1658 case SMP_MODEL_SEC_CONN_OOB:
1659 if (p_cb->role == HCI_ROLE_MASTER)
1660 {
1661 smp_send_rand(p_cb, NULL);
1662 }
1663
1664 smp_set_state(SMP_STATE_WAIT_NONCE);
1665 break;
1666 default:
1667 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1668 p_cb->selected_association_model);
1669 break;
1670 }
1671 }
1672
1673 /*******************************************************************************
1674 ** Function smp_process_peer_nonce
1675 ** Description The function processes newly received and saved in CB peer nonce.
1676 ** The actions depend on the selected association model and the role.
1677 **
1678 ** Note It is supposed to be called in SC phase1.
1679 *******************************************************************************/
smp_process_peer_nonce(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1680 void smp_process_peer_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1681 {
1682 UINT8 reason;
1683
1684 SMP_TRACE_DEBUG("%s start ", __func__);
1685
1686 // PTS Testing failure modes
1687 if (p_cb->cert_failure == 1) {
1688 SMP_TRACE_ERROR("%s failure case = %d", __func__, p_cb->cert_failure);
1689 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1690 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1691 return;
1692 }
1693
1694 switch(p_cb->selected_association_model)
1695 {
1696 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1697 case SMP_MODEL_SEC_CONN_NUM_COMP:
1698 /* in these models only master receives commitment */
1699 if (p_cb->role == HCI_ROLE_MASTER)
1700 {
1701 if (!smp_check_commitment(p_cb))
1702 {
1703 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1704 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1705 break;
1706 }
1707 }
1708 else
1709 {
1710 /* slave sends local nonce */
1711 smp_send_rand(p_cb, NULL);
1712 }
1713
1714 if(p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)
1715 {
1716 /* go directly to phase 2 */
1717 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1718 }
1719 else /* numeric comparison */
1720 {
1721 smp_set_state(SMP_STATE_WAIT_NONCE);
1722 smp_sm_event(p_cb, SMP_SC_CALC_NC_EVT, NULL);
1723 }
1724 break;
1725 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1726 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1727 if (!smp_check_commitment(p_cb) && p_cb->cert_failure != 9)
1728 {
1729 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1730 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1731 break;
1732 }
1733
1734 if (p_cb->role == HCI_ROLE_SLAVE)
1735 {
1736 smp_send_rand(p_cb, NULL);
1737 }
1738
1739 if (++p_cb->round < 20)
1740 {
1741 smp_set_state(SMP_STATE_SEC_CONN_PHS1_START);
1742 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1743 smp_start_nonce_generation(p_cb);
1744 break;
1745 }
1746
1747 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1748 break;
1749 case SMP_MODEL_SEC_CONN_OOB:
1750 if (p_cb->role == HCI_ROLE_SLAVE)
1751 {
1752 smp_send_rand(p_cb, NULL);
1753 }
1754
1755 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1756 break;
1757 default:
1758 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1759 p_cb->selected_association_model);
1760 break;
1761 }
1762
1763 SMP_TRACE_DEBUG("%s end ",__FUNCTION__);
1764 }
1765
1766 /*******************************************************************************
1767 ** Function smp_match_dhkey_checks
1768 ** Description checks if the calculated peer DHKey Check value is the same as
1769 ** received from the peer DHKey check value.
1770 *******************************************************************************/
smp_match_dhkey_checks(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1771 void smp_match_dhkey_checks(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1772 {
1773 UINT8 reason = SMP_DHKEY_CHK_FAIL;
1774
1775 SMP_TRACE_DEBUG("%s", __func__);
1776
1777 if (memcmp(p_data->key.p_data, p_cb->remote_dhkey_check, BT_OCTET16_LEN))
1778 {
1779 SMP_TRACE_WARNING ("dhkey chcks do no match");
1780 p_cb->failure = reason;
1781 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1782 return;
1783 }
1784
1785 SMP_TRACE_EVENT ("dhkey chcks match");
1786
1787 /* compare the max encryption key size, and save the smaller one for the link */
1788 if (p_cb->peer_enc_size < p_cb->loc_enc_size)
1789 p_cb->loc_enc_size = p_cb->peer_enc_size;
1790
1791 if (p_cb->role == HCI_ROLE_SLAVE)
1792 {
1793 smp_sm_event(p_cb, SMP_PAIR_DHKEY_CHCK_EVT, NULL);
1794 }
1795 else
1796 {
1797 /* master device always use received i/r key as keys to distribute */
1798 p_cb->local_i_key = p_cb->peer_i_key;
1799 p_cb->local_r_key = p_cb->peer_r_key;
1800 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1801 }
1802 }
1803
1804 /*******************************************************************************
1805 ** Function smp_move_to_secure_connections_phase2
1806 ** Description Signal State Machine to start SC phase 2 initialization (to
1807 ** compute local DHKey Check value).
1808 **
1809 ** Note SM is supposed to be in the state SMP_STATE_SEC_CONN_PHS2_START.
1810 *******************************************************************************/
smp_move_to_secure_connections_phase2(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1811 void smp_move_to_secure_connections_phase2(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1812 {
1813 SMP_TRACE_DEBUG("%s",__func__);
1814 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1815 }
1816
1817 /*******************************************************************************
1818 ** Function smp_phase_2_dhkey_checks_are_present
1819 ** Description generates event if dhkey check from the peer is already received.
1820 **
1821 ** Note It is supposed to be used on slave to prevent race condition.
1822 ** It is supposed to be called after slave dhkey check is calculated.
1823 *******************************************************************************/
smp_phase_2_dhkey_checks_are_present(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1824 void smp_phase_2_dhkey_checks_are_present(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1825 {
1826 SMP_TRACE_DEBUG("%s",__func__);
1827
1828 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK)
1829 smp_sm_event(p_cb, SMP_SC_2_DHCK_CHKS_PRES_EVT, NULL);
1830 }
1831
1832 /*******************************************************************************
1833 ** Function smp_wait_for_both_public_keys
1834 ** Description generates SMP_BOTH_PUBL_KEYS_RCVD_EVT event when both local and master
1835 ** public keys are available.
1836 **
1837 ** Note on the slave it is used to prevent race condition.
1838 **
1839 *******************************************************************************/
smp_wait_for_both_public_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1840 void smp_wait_for_both_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1841 {
1842 SMP_TRACE_DEBUG("%s",__func__);
1843
1844 if ((p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY) &&
1845 (p_cb->flags & SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY))
1846 {
1847 if ((p_cb->role == HCI_ROLE_SLAVE) &&
1848 ((p_cb->req_oob_type == SMP_OOB_LOCAL) || (p_cb->req_oob_type == SMP_OOB_BOTH)))
1849 {
1850 smp_set_state(SMP_STATE_PUBLIC_KEY_EXCH);
1851 }
1852 smp_sm_event(p_cb, SMP_BOTH_PUBL_KEYS_RCVD_EVT, NULL);
1853 }
1854 }
1855
1856 /*******************************************************************************
1857 ** Function smp_start_passkey_verification
1858 ** Description Starts SC passkey entry verification.
1859 *******************************************************************************/
smp_start_passkey_verification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1860 void smp_start_passkey_verification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1861 {
1862 UINT8 *p = NULL;
1863
1864 SMP_TRACE_DEBUG("%s", __func__);
1865 p = p_cb->local_random;
1866 UINT32_TO_STREAM(p, p_data->passkey);
1867
1868 p = p_cb->peer_random;
1869 UINT32_TO_STREAM(p, p_data->passkey);
1870
1871 p_cb->round = 0;
1872 smp_start_nonce_generation(p_cb);
1873 }
1874
1875 /*******************************************************************************
1876 ** Function smp_process_secure_connection_oob_data
1877 ** Description Processes local/peer SC OOB data received from somewhere.
1878 *******************************************************************************/
smp_process_secure_connection_oob_data(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1879 void smp_process_secure_connection_oob_data(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1880 {
1881 SMP_TRACE_DEBUG("%s", __func__);
1882
1883 tSMP_SC_OOB_DATA *p_sc_oob_data = &p_cb->sc_oob_data;
1884 if (p_sc_oob_data->loc_oob_data.present)
1885 {
1886 memcpy(p_cb->local_random, p_sc_oob_data->loc_oob_data.randomizer,
1887 sizeof(p_cb->local_random));
1888 }
1889 else
1890 {
1891 SMP_TRACE_EVENT ("local OOB randomizer is absent");
1892 memset(p_cb->local_random, 0, sizeof (p_cb->local_random));
1893 }
1894
1895 if (!p_sc_oob_data->peer_oob_data.present)
1896 {
1897 SMP_TRACE_EVENT ("peer OOB data is absent");
1898 memset(p_cb->peer_random, 0, sizeof (p_cb->peer_random));
1899 }
1900 else
1901 {
1902 memcpy(p_cb->peer_random, p_sc_oob_data->peer_oob_data.randomizer,
1903 sizeof(p_cb->peer_random));
1904 memcpy(p_cb->remote_commitment, p_sc_oob_data->peer_oob_data.commitment,
1905 sizeof(p_cb->remote_commitment));
1906
1907 UINT8 reason = SMP_CONFIRM_VALUE_ERR;
1908 /* check commitment */
1909 if (!smp_check_commitment(p_cb))
1910 {
1911 p_cb->failure = reason;
1912 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1913 return;
1914 }
1915
1916 if (p_cb->peer_oob_flag != SMP_OOB_PRESENT)
1917 {
1918 /* the peer doesn't have local randomiser */
1919 SMP_TRACE_EVENT ("peer didn't receive local OOB data, set local randomizer to 0");
1920 memset(p_cb->local_random, 0, sizeof (p_cb->local_random));
1921 }
1922 }
1923
1924 print128(p_cb->local_random, (const UINT8 *)"local OOB randomizer");
1925 print128(p_cb->peer_random, (const UINT8 *)"peer OOB randomizer");
1926 smp_start_nonce_generation(p_cb);
1927 }
1928
1929 /*******************************************************************************
1930 ** Function smp_set_local_oob_keys
1931 ** Description Saves calculated private/public keys in sc_oob_data.loc_oob_data,
1932 ** starts nonce generation
1933 ** (to be saved in sc_oob_data.loc_oob_data.randomizer).
1934 *******************************************************************************/
smp_set_local_oob_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1935 void smp_set_local_oob_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1936 {
1937 SMP_TRACE_DEBUG("%s", __func__);
1938
1939 memcpy(p_cb->sc_oob_data.loc_oob_data.private_key_used, p_cb->private_key,
1940 BT_OCTET32_LEN);
1941 p_cb->sc_oob_data.loc_oob_data.publ_key_used = p_cb->loc_publ_key;
1942 smp_start_nonce_generation(p_cb);
1943 }
1944
1945 /*******************************************************************************
1946 ** Function smp_set_local_oob_random_commitment
1947 ** Description Saves calculated randomizer and commitment in sc_oob_data.loc_oob_data,
1948 ** passes sc_oob_data.loc_oob_data up for safekeeping.
1949 *******************************************************************************/
smp_set_local_oob_random_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1950 void smp_set_local_oob_random_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1951 {
1952 SMP_TRACE_DEBUG("%s", __func__);
1953 memcpy(p_cb->sc_oob_data.loc_oob_data.randomizer, p_cb->rand,
1954 BT_OCTET16_LEN);
1955
1956 smp_calculate_f4(p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1957 p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1958 p_cb->sc_oob_data.loc_oob_data.randomizer, 0,
1959 p_cb->sc_oob_data.loc_oob_data.commitment);
1960
1961 #if SMP_DEBUG == TRUE
1962 UINT8 *p_print = NULL;
1963 SMP_TRACE_DEBUG("local SC OOB data set:");
1964 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.addr_sent_to;
1965 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"addr_sent_to",
1966 sizeof(tBLE_BD_ADDR));
1967 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.private_key_used;
1968 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"private_key_used",
1969 BT_OCTET32_LEN);
1970 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.x;
1971 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.x",
1972 BT_OCTET32_LEN);
1973 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.y;
1974 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.y",
1975 BT_OCTET32_LEN);
1976 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.randomizer;
1977 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"randomizer",
1978 BT_OCTET16_LEN);
1979 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.commitment;
1980 smp_debug_print_nbyte_little_endian (p_print,(const UINT8 *) "commitment",
1981 BT_OCTET16_LEN);
1982 SMP_TRACE_DEBUG("");
1983 #endif
1984
1985 /* pass created OOB data up */
1986 p_cb->cb_evt = SMP_SC_LOC_OOB_DATA_UP_EVT;
1987 smp_send_app_cback(p_cb, NULL);
1988
1989 smp_cb_cleanup(p_cb);
1990 }
1991
1992 /*******************************************************************************
1993 **
1994 ** Function smp_link_encrypted
1995 **
1996 ** Description This function is called when link is encrypted and notified to
1997 ** slave device. Proceed to to send LTK, DIV and ER to master if
1998 ** bonding the devices.
1999 **
2000 **
2001 ** Returns void
2002 **
2003 *******************************************************************************/
smp_link_encrypted(BD_ADDR bda,UINT8 encr_enable)2004 void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable)
2005 {
2006 tSMP_CB *p_cb = &smp_cb;
2007
2008 SMP_TRACE_DEBUG("%s encr_enable=%d", __func__, encr_enable);
2009
2010 if (memcmp(&smp_cb.pairing_bda[0], bda, BD_ADDR_LEN) == 0)
2011 {
2012 /* encryption completed with STK, remmeber the key size now, could be overwite
2013 * when key exchange happens */
2014 if (p_cb->loc_enc_size != 0 && encr_enable)
2015 {
2016 /* update the link encryption key size if a SMP pairing just performed */
2017 btm_ble_update_sec_key_size(bda, p_cb->loc_enc_size);
2018 }
2019
2020 smp_sm_event(&smp_cb, SMP_ENCRYPTED_EVT, &encr_enable);
2021 }
2022 }
2023
2024 /*******************************************************************************
2025 **
2026 ** Function smp_proc_ltk_request
2027 **
2028 ** Description This function is called when LTK request is received from
2029 ** controller.
2030 **
2031 ** Returns void
2032 **
2033 *******************************************************************************/
smp_proc_ltk_request(BD_ADDR bda)2034 BOOLEAN smp_proc_ltk_request(BD_ADDR bda)
2035 {
2036 SMP_TRACE_DEBUG("%s state = %d", __func__, smp_cb.state);
2037 BOOLEAN match = FALSE;
2038
2039 if (!memcmp(bda, smp_cb.pairing_bda, BD_ADDR_LEN))
2040 {
2041 match = TRUE;
2042 } else {
2043 BD_ADDR dummy_bda = {0};
2044 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bda);
2045 if (p_dev_rec != NULL &&
2046 0 == memcmp(p_dev_rec->ble.pseudo_addr, smp_cb.pairing_bda, BD_ADDR_LEN) &&
2047 0 != memcmp(p_dev_rec->ble.pseudo_addr, dummy_bda, BD_ADDR_LEN))
2048 {
2049 match = TRUE;
2050 }
2051 }
2052
2053 if (match && smp_cb.state == SMP_STATE_ENCRYPTION_PENDING)
2054 {
2055 smp_sm_event(&smp_cb, SMP_ENC_REQ_EVT, NULL);
2056 return TRUE;
2057 }
2058
2059 return FALSE;
2060 }
2061
2062 /*******************************************************************************
2063 **
2064 ** Function smp_process_secure_connection_long_term_key
2065 **
2066 ** Description This function is called to process SC LTK.
2067 ** SC LTK is calculated and used instead of STK.
2068 ** Here SC LTK is saved in BLE DB.
2069 **
2070 ** Returns void
2071 **
2072 *******************************************************************************/
smp_process_secure_connection_long_term_key(void)2073 void smp_process_secure_connection_long_term_key(void)
2074 {
2075 tSMP_CB *p_cb = &smp_cb;
2076
2077 SMP_TRACE_DEBUG("%s", __func__);
2078 smp_save_secure_connections_long_term_key(p_cb);
2079
2080 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
2081 smp_key_distribution(p_cb, NULL);
2082 }
2083
2084 /*******************************************************************************
2085 **
2086 ** Function smp_set_derive_link_key
2087 **
2088 ** Description This function is called to set flag that indicates that
2089 ** BR/EDR LK has to be derived from LTK after all keys are
2090 ** distributed.
2091 **
2092 ** Returns void
2093 **
2094 *******************************************************************************/
smp_set_derive_link_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2095 void smp_set_derive_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2096 {
2097 SMP_TRACE_DEBUG ("%s", __func__);
2098 p_cb->derive_lk = TRUE;
2099 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_LK, FALSE);
2100 smp_key_distribution(p_cb, NULL);
2101 }
2102
2103 /*******************************************************************************
2104 **
2105 ** Function smp_derive_link_key_from_long_term_key
2106 **
2107 ** Description This function is called to derive BR/EDR LK from LTK.
2108 **
2109 ** Returns void
2110 **
2111 *******************************************************************************/
smp_derive_link_key_from_long_term_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2112 void smp_derive_link_key_from_long_term_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2113 {
2114 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
2115
2116 SMP_TRACE_DEBUG("%s", __func__);
2117 if (!smp_calculate_link_key_from_long_term_key(p_cb))
2118 {
2119 SMP_TRACE_ERROR("%s failed", __FUNCTION__);
2120 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
2121 return;
2122 }
2123 }
2124
2125 /*******************************************************************************
2126 **
2127 ** Function smp_br_process_link_key
2128 **
2129 ** Description This function is called to process BR/EDR LK:
2130 ** - to derive SMP LTK from BR/EDR LK;
2131 *8 - to save SMP LTK.
2132 **
2133 ** Returns void
2134 **
2135 *******************************************************************************/
smp_br_process_link_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2136 void smp_br_process_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2137 {
2138 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
2139
2140 SMP_TRACE_DEBUG("%s", __func__);
2141 if (!smp_calculate_long_term_key_from_link_key(p_cb))
2142 {
2143 SMP_TRACE_ERROR ("%s failed",__FUNCTION__);
2144 smp_sm_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &status);
2145 return;
2146 }
2147
2148 SMP_TRACE_DEBUG("%s: LTK derivation from LK successfully completed", __FUNCTION__);
2149 smp_save_secure_connections_long_term_key(p_cb);
2150 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
2151 smp_br_select_next_key(p_cb, NULL);
2152 }
2153
2154 /*******************************************************************************
2155 ** Function smp_key_distribution_by_transport
2156 ** Description depending on the transport used at the moment calls either
2157 ** smp_key_distribution(...) or smp_br_key_distribution(...).
2158 *******************************************************************************/
smp_key_distribution_by_transport(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2159 void smp_key_distribution_by_transport(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2160 {
2161 SMP_TRACE_DEBUG("%s", __func__);
2162 if (p_cb->smp_over_br)
2163 {
2164 smp_br_select_next_key(p_cb, NULL);
2165 }
2166 else
2167 {
2168 smp_key_distribution(p_cb, NULL);
2169 }
2170 }
2171
2172 /*******************************************************************************
2173 ** Function smp_br_pairing_complete
2174 ** Description This function is called to send the pairing complete callback
2175 ** and remove the connection if needed.
2176 *******************************************************************************/
smp_br_pairing_complete(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2177 void smp_br_pairing_complete(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2178 {
2179 SMP_TRACE_DEBUG("%s", __func__);
2180
2181 if (p_cb->total_tx_unacked == 0)
2182 {
2183 /* process the pairing complete */
2184 smp_proc_pairing_cmpl(p_cb);
2185 }
2186 }
2187
2188 #endif
2189