1 /******************************************************************************
2 *
3 * Copyright (C) 2003-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 #include <string.h>
20 #include "btif_common.h"
21 #include "device/include/interop.h"
22 #include "include/bt_target.h"
23 #include "stack/btm/btm_int.h"
24 #include "stack/include/l2c_api.h"
25 #include "stack/smp/smp_int.h"
26 #include "utils/include/bt_utils.h"
27
28 extern fixed_queue_t* btu_general_alarm_queue;
29
30 #define SMP_KEY_DIST_TYPE_MAX 4
31 const tSMP_ACT smp_distribute_act[] = {smp_generate_ltk, smp_send_id_info,
32 smp_generate_csrk,
33 smp_set_derive_link_key};
34
lmp_version_below(BD_ADDR bda,uint8_t version)35 static bool lmp_version_below(BD_ADDR bda, uint8_t version) {
36 tACL_CONN* acl = btm_bda_to_acl(bda, BT_TRANSPORT_LE);
37 if (acl == NULL || acl->lmp_version == 0) {
38 SMP_TRACE_WARNING("%s cannot retrieve LMP version...", __func__);
39 return false;
40 }
41 SMP_TRACE_WARNING("%s LMP version %d < %d", __func__, acl->lmp_version,
42 version);
43 return acl->lmp_version < version;
44 }
45
pts_test_send_authentication_complete_failure(tSMP_CB * p_cb)46 static bool pts_test_send_authentication_complete_failure(tSMP_CB* p_cb) {
47 uint8_t reason = 0;
48
49 if (p_cb->cert_failure < 2 || p_cb->cert_failure > 6) return false;
50
51 SMP_TRACE_ERROR("%s failure case = %d", __func__, p_cb->cert_failure);
52
53 switch (p_cb->cert_failure) {
54 case 2:
55 reason = SMP_PAIR_AUTH_FAIL;
56 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
57 break;
58 case 3:
59 reason = SMP_PAIR_FAIL_UNKNOWN;
60 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
61 break;
62 case 4:
63 reason = SMP_PAIR_NOT_SUPPORT;
64 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
65 break;
66 case 5:
67 reason = SMP_PASSKEY_ENTRY_FAIL;
68 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
69 break;
70 case 6:
71 reason = SMP_REPEATED_ATTEMPTS;
72 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
73 break;
74 }
75
76 return true;
77 ;
78 }
79
80 /*******************************************************************************
81 * Function smp_update_key_mask
82 * Description This function updates the key mask for sending or receiving.
83 ******************************************************************************/
smp_update_key_mask(tSMP_CB * p_cb,uint8_t key_type,bool recv)84 static void smp_update_key_mask(tSMP_CB* p_cb, uint8_t key_type, bool recv) {
85 SMP_TRACE_DEBUG(
86 "%s before update role=%d recv=%d local_i_key = %02x, local_r_key = %02x",
87 __func__, p_cb->role, recv, p_cb->local_i_key, p_cb->local_r_key);
88
89 if (((p_cb->le_secure_connections_mode_is_used) || (p_cb->smp_over_br)) &&
90 ((key_type == SMP_SEC_KEY_TYPE_ENC) ||
91 (key_type == SMP_SEC_KEY_TYPE_LK))) {
92 /* in LE SC mode LTK, CSRK and BR/EDR LK are derived locally instead of
93 ** being exchanged with the peer */
94 p_cb->local_i_key &= ~key_type;
95 p_cb->local_r_key &= ~key_type;
96 } else if (p_cb->role == HCI_ROLE_SLAVE) {
97 if (recv)
98 p_cb->local_i_key &= ~key_type;
99 else
100 p_cb->local_r_key &= ~key_type;
101 } else {
102 if (recv)
103 p_cb->local_r_key &= ~key_type;
104 else
105 p_cb->local_i_key &= ~key_type;
106 }
107
108 SMP_TRACE_DEBUG("updated local_i_key = %02x, local_r_key = %02x",
109 p_cb->local_i_key, p_cb->local_r_key);
110 }
111
112 /*******************************************************************************
113 * Function smp_send_app_cback
114 * Description notifies application about the events the application is
115 * interested in
116 ******************************************************************************/
smp_send_app_cback(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)117 void smp_send_app_cback(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
118 tSMP_EVT_DATA cb_data;
119 tSMP_STATUS callback_rc;
120 SMP_TRACE_DEBUG("%s p_cb->cb_evt=%d", __func__, p_cb->cb_evt);
121 if (p_cb->p_callback && p_cb->cb_evt != 0) {
122 switch (p_cb->cb_evt) {
123 case SMP_IO_CAP_REQ_EVT:
124 cb_data.io_req.auth_req = p_cb->peer_auth_req;
125 cb_data.io_req.oob_data = SMP_OOB_NONE;
126 cb_data.io_req.io_cap = SMP_DEFAULT_IO_CAPS;
127 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
128 cb_data.io_req.init_keys = p_cb->local_i_key;
129 cb_data.io_req.resp_keys = p_cb->local_r_key;
130 SMP_TRACE_WARNING("io_cap = %d", cb_data.io_req.io_cap);
131 break;
132
133 case SMP_NC_REQ_EVT:
134 cb_data.passkey = p_data->passkey;
135 break;
136 case SMP_SC_OOB_REQ_EVT:
137 cb_data.req_oob_type = p_data->req_oob_type;
138 break;
139 case SMP_SC_LOC_OOB_DATA_UP_EVT:
140 cb_data.loc_oob_data = p_cb->sc_oob_data.loc_oob_data;
141 break;
142
143 case SMP_BR_KEYS_REQ_EVT:
144 cb_data.io_req.auth_req = 0;
145 cb_data.io_req.oob_data = SMP_OOB_NONE;
146 cb_data.io_req.io_cap = 0;
147 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
148 cb_data.io_req.init_keys = SMP_BR_SEC_DEFAULT_KEY;
149 cb_data.io_req.resp_keys = SMP_BR_SEC_DEFAULT_KEY;
150 break;
151
152 default:
153 break;
154 }
155
156 callback_rc =
157 (*p_cb->p_callback)(p_cb->cb_evt, p_cb->pairing_bda, &cb_data);
158
159 SMP_TRACE_DEBUG("%s: callback_rc=%d p_cb->cb_evt=%d", __func__,
160 callback_rc, p_cb->cb_evt);
161
162 if (callback_rc == SMP_SUCCESS) {
163 switch (p_cb->cb_evt) {
164 case SMP_IO_CAP_REQ_EVT:
165 p_cb->loc_auth_req = cb_data.io_req.auth_req;
166 p_cb->local_io_capability = cb_data.io_req.io_cap;
167 p_cb->loc_oob_flag = cb_data.io_req.oob_data;
168 p_cb->loc_enc_size = cb_data.io_req.max_key_size;
169 p_cb->local_i_key = cb_data.io_req.init_keys;
170 p_cb->local_r_key = cb_data.io_req.resp_keys;
171
172 if (!(p_cb->loc_auth_req & SMP_AUTH_BOND)) {
173 SMP_TRACE_WARNING("Non bonding: No keys will be exchanged");
174 p_cb->local_i_key = 0;
175 p_cb->local_r_key = 0;
176 }
177
178 SMP_TRACE_WARNING(
179 "rcvd auth_req: 0x%02x, io_cap: %d \
180 loc_oob_flag: %d loc_enc_size: %d,"
181 "local_i_key: 0x%02x, local_r_key: 0x%02x",
182 p_cb->loc_auth_req, p_cb->local_io_capability, p_cb->loc_oob_flag,
183 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key);
184
185 p_cb->secure_connections_only_mode_required =
186 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? true : false;
187
188 if (p_cb->secure_connections_only_mode_required) {
189 p_cb->loc_auth_req |= SMP_SC_SUPPORT_BIT;
190 }
191
192 if (!(p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT) ||
193 lmp_version_below(p_cb->pairing_bda, HCI_PROTO_VERSION_4_2) ||
194 interop_match_addr(INTEROP_DISABLE_LE_SECURE_CONNECTIONS,
195 (const bt_bdaddr_t*)&p_cb->pairing_bda)) {
196 p_cb->loc_auth_req &= ~SMP_KP_SUPPORT_BIT;
197 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
198 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
199 }
200
201 SMP_TRACE_WARNING(
202 "set auth_req: 0x%02x, local_i_key: 0x%02x, local_r_key: 0x%02x",
203 p_cb->loc_auth_req, p_cb->local_i_key, p_cb->local_r_key);
204
205 smp_sm_event(p_cb, SMP_IO_RSP_EVT, NULL);
206 break;
207
208 case SMP_BR_KEYS_REQ_EVT:
209 p_cb->loc_enc_size = cb_data.io_req.max_key_size;
210 p_cb->local_i_key = cb_data.io_req.init_keys;
211 p_cb->local_r_key = cb_data.io_req.resp_keys;
212 p_cb->loc_auth_req |= SMP_H7_SUPPORT_BIT;
213
214 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
215 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
216
217 SMP_TRACE_WARNING(
218 "for SMP over BR max_key_size: 0x%02x,\
219 local_i_key: 0x%02x, local_r_key: 0x%02x, p_cb->loc_auth_req: 0x%02x",
220 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key,
221 p_cb->loc_auth_req);
222
223 smp_br_state_machine_event(p_cb, SMP_BR_KEYS_RSP_EVT, NULL);
224 break;
225 }
226 }
227 }
228
229 if (!p_cb->cb_evt && p_cb->discard_sec_req) {
230 p_cb->discard_sec_req = false;
231 smp_sm_event(p_cb, SMP_DISCARD_SEC_REQ_EVT, NULL);
232 }
233
234 SMP_TRACE_DEBUG("%s return", __func__);
235 }
236
237 /*******************************************************************************
238 * Function smp_send_pair_fail
239 * Description pairing failure to peer device if needed.
240 ******************************************************************************/
smp_send_pair_fail(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)241 void smp_send_pair_fail(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
242 p_cb->status = *(uint8_t*)p_data;
243 p_cb->failure = *(uint8_t*)p_data;
244
245 SMP_TRACE_DEBUG("%s status=%d failure=%d ", __func__, p_cb->status,
246 p_cb->failure);
247
248 if (p_cb->status <= SMP_MAX_FAIL_RSN_PER_SPEC &&
249 p_cb->status != SMP_SUCCESS) {
250 smp_send_cmd(SMP_OPCODE_PAIRING_FAILED, p_cb);
251 p_cb->wait_for_authorization_complete = true;
252 }
253 }
254
255 /*******************************************************************************
256 * Function smp_send_pair_req
257 * Description actions related to sending pairing request
258 ******************************************************************************/
smp_send_pair_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)259 void smp_send_pair_req(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
260 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(p_cb->pairing_bda);
261 SMP_TRACE_DEBUG("%s", __func__);
262
263 /* erase all keys when master sends pairing req*/
264 if (p_dev_rec) btm_sec_clear_ble_keys(p_dev_rec);
265 /* do not manipulate the key, let app decide,
266 leave out to BTM to mandate key distribution for bonding case */
267 smp_send_cmd(SMP_OPCODE_PAIRING_REQ, p_cb);
268 }
269
270 /*******************************************************************************
271 * Function smp_send_pair_rsp
272 * Description actions related to sending pairing response
273 ******************************************************************************/
smp_send_pair_rsp(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)274 void smp_send_pair_rsp(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
275 SMP_TRACE_DEBUG("%s", __func__);
276
277 p_cb->local_i_key &= p_cb->peer_i_key;
278 p_cb->local_r_key &= p_cb->peer_r_key;
279
280 if (smp_send_cmd(SMP_OPCODE_PAIRING_RSP, p_cb)) {
281 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
282 smp_use_oob_private_key(p_cb, NULL);
283 else
284 smp_decide_association_model(p_cb, NULL);
285 }
286 }
287
288 /*******************************************************************************
289 * Function smp_send_confirm
290 * Description send confirmation to the peer
291 ******************************************************************************/
smp_send_confirm(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)292 void smp_send_confirm(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
293 SMP_TRACE_DEBUG("%s", __func__);
294 smp_send_cmd(SMP_OPCODE_CONFIRM, p_cb);
295 }
296
297 /*******************************************************************************
298 * Function smp_send_init
299 * Description process pairing initializer to slave device
300 ******************************************************************************/
smp_send_init(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)301 void smp_send_init(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
302 SMP_TRACE_DEBUG("%s", __func__);
303 smp_send_cmd(SMP_OPCODE_INIT, p_cb);
304 }
305
306 /*******************************************************************************
307 * Function smp_send_rand
308 * Description send pairing random to the peer
309 ******************************************************************************/
smp_send_rand(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)310 void smp_send_rand(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
311 SMP_TRACE_DEBUG("%s", __func__);
312 smp_send_cmd(SMP_OPCODE_RAND, p_cb);
313 }
314
315 /*******************************************************************************
316 * Function smp_send_pair_public_key
317 * Description send pairing public key command to the peer
318 ******************************************************************************/
smp_send_pair_public_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)319 void smp_send_pair_public_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
320 SMP_TRACE_DEBUG("%s", __func__);
321 smp_send_cmd(SMP_OPCODE_PAIR_PUBLIC_KEY, p_cb);
322 }
323
324 /*******************************************************************************
325 * Function SMP_SEND_COMMITMENT
326 * Description send commitment command to the peer
327 ******************************************************************************/
smp_send_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)328 void smp_send_commitment(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
329 SMP_TRACE_DEBUG("%s", __func__);
330 smp_send_cmd(SMP_OPCODE_PAIR_COMMITM, p_cb);
331 }
332
333 /*******************************************************************************
334 * Function smp_send_dhkey_check
335 * Description send DHKey Check command to the peer
336 ******************************************************************************/
smp_send_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)337 void smp_send_dhkey_check(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
338 SMP_TRACE_DEBUG("%s", __func__);
339 smp_send_cmd(SMP_OPCODE_PAIR_DHKEY_CHECK, p_cb);
340 }
341
342 /*******************************************************************************
343 * Function smp_send_keypress_notification
344 * Description send Keypress Notification command to the peer
345 ******************************************************************************/
smp_send_keypress_notification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)346 void smp_send_keypress_notification(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
347 p_cb->local_keypress_notification = *(uint8_t*)p_data;
348 smp_send_cmd(SMP_OPCODE_PAIR_KEYPR_NOTIF, p_cb);
349 }
350
351 /*******************************************************************************
352 * Function smp_send_enc_info
353 * Description send encryption information command.
354 ******************************************************************************/
smp_send_enc_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)355 void smp_send_enc_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
356 tBTM_LE_LENC_KEYS le_key;
357
358 SMP_TRACE_DEBUG("%s p_cb->loc_enc_size = %d", __func__, p_cb->loc_enc_size);
359 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ENC, false);
360
361 smp_send_cmd(SMP_OPCODE_ENCRYPT_INFO, p_cb);
362 smp_send_cmd(SMP_OPCODE_MASTER_ID, p_cb);
363
364 /* save the DIV and key size information when acting as slave device */
365 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
366 le_key.div = p_cb->div;
367 le_key.key_size = p_cb->loc_enc_size;
368 le_key.sec_level = p_cb->sec_level;
369
370 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) &&
371 (p_cb->loc_auth_req & SMP_AUTH_BOND))
372 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LENC,
373 (tBTM_LE_KEY_VALUE*)&le_key, true);
374
375 SMP_TRACE_WARNING("%s", __func__);
376
377 smp_key_distribution(p_cb, NULL);
378 }
379
380 /*******************************************************************************
381 * Function smp_send_id_info
382 * Description send ID information command.
383 ******************************************************************************/
smp_send_id_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)384 void smp_send_id_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
385 tBTM_LE_KEY_VALUE le_key;
386 SMP_TRACE_DEBUG("%s", __func__);
387 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ID, false);
388
389 smp_send_cmd(SMP_OPCODE_IDENTITY_INFO, p_cb);
390 smp_send_cmd(SMP_OPCODE_ID_ADDR, p_cb);
391
392 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) &&
393 (p_cb->loc_auth_req & SMP_AUTH_BOND))
394 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LID, &le_key, true);
395
396 SMP_TRACE_WARNING("%s", __func__);
397 smp_key_distribution_by_transport(p_cb, NULL);
398 }
399
400 /*******************************************************************************
401 * Function smp_send_csrk_info
402 * Description send CSRK command.
403 ******************************************************************************/
smp_send_csrk_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)404 void smp_send_csrk_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
405 tBTM_LE_LCSRK_KEYS key;
406 SMP_TRACE_DEBUG("%s", __func__);
407 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_CSRK, false);
408
409 if (smp_send_cmd(SMP_OPCODE_SIGN_INFO, p_cb)) {
410 key.div = p_cb->div;
411 key.sec_level = p_cb->sec_level;
412 key.counter = 0; /* initialize the local counter */
413 memcpy(key.csrk, p_cb->csrk, BT_OCTET16_LEN);
414 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LCSRK,
415 (tBTM_LE_KEY_VALUE*)&key, true);
416 }
417
418 smp_key_distribution_by_transport(p_cb, NULL);
419 }
420
421 /*******************************************************************************
422 * Function smp_send_ltk_reply
423 * Description send LTK reply
424 ******************************************************************************/
smp_send_ltk_reply(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)425 void smp_send_ltk_reply(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
426 SMP_TRACE_DEBUG("%s", __func__);
427 /* send stk as LTK response */
428 btm_ble_ltk_request_reply(p_cb->pairing_bda, true, p_data->key.p_data);
429 }
430
431 /*******************************************************************************
432 * Function smp_proc_sec_req
433 * Description process security request.
434 ******************************************************************************/
smp_proc_sec_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)435 void smp_proc_sec_req(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
436 tBTM_LE_AUTH_REQ auth_req = *(tBTM_LE_AUTH_REQ*)p_data;
437 tBTM_BLE_SEC_REQ_ACT sec_req_act;
438 uint8_t reason;
439
440 SMP_TRACE_DEBUG("%s auth_req=0x%x", __func__, auth_req);
441
442 p_cb->cb_evt = 0;
443
444 btm_ble_link_sec_check(p_cb->pairing_bda, auth_req, &sec_req_act);
445
446 SMP_TRACE_DEBUG("%s sec_req_act=0x%x", __func__, sec_req_act);
447
448 switch (sec_req_act) {
449 case BTM_BLE_SEC_REQ_ACT_ENCRYPT:
450 SMP_TRACE_DEBUG("%s BTM_BLE_SEC_REQ_ACT_ENCRYPT", __func__);
451 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
452 break;
453
454 case BTM_BLE_SEC_REQ_ACT_PAIR:
455 p_cb->secure_connections_only_mode_required =
456 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? true : false;
457
458 /* respond to non SC pairing request as failure in SC only mode */
459 if (p_cb->secure_connections_only_mode_required &&
460 (auth_req & SMP_SC_SUPPORT_BIT) == 0) {
461 reason = SMP_PAIR_AUTH_FAIL;
462 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
463 } else {
464 /* initialize local i/r key to be default keys */
465 p_cb->peer_auth_req = auth_req;
466 p_cb->local_r_key = p_cb->local_i_key = SMP_SEC_DEFAULT_KEY;
467 p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
468 }
469 break;
470
471 case BTM_BLE_SEC_REQ_ACT_DISCARD:
472 p_cb->discard_sec_req = true;
473 break;
474
475 default:
476 /* do nothing */
477 break;
478 }
479 }
480
481 /*******************************************************************************
482 * Function smp_proc_sec_grant
483 * Description process security grant.
484 ******************************************************************************/
smp_proc_sec_grant(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)485 void smp_proc_sec_grant(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
486 uint8_t res = *(uint8_t*)p_data;
487 SMP_TRACE_DEBUG("%s", __func__);
488 if (res != SMP_SUCCESS) {
489 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, p_data);
490 } else /*otherwise, start pairing */
491 {
492 /* send IO request callback */
493 p_cb->cb_evt = SMP_IO_CAP_REQ_EVT;
494 }
495 }
496
497 /*******************************************************************************
498 * Function smp_proc_pair_fail
499 * Description process pairing failure from peer device
500 ******************************************************************************/
smp_proc_pair_fail(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)501 void smp_proc_pair_fail(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
502 SMP_TRACE_DEBUG("%s", __func__);
503 p_cb->status = *(uint8_t*)p_data;
504
505 /* Cancel pending auth complete timer if set */
506 alarm_cancel(p_cb->delayed_auth_timer_ent);
507 }
508
509 /*******************************************************************************
510 * Function smp_proc_pair_cmd
511 * Description Process the SMP pairing request/response from peer device
512 ******************************************************************************/
smp_proc_pair_cmd(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)513 void smp_proc_pair_cmd(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
514 uint8_t* p = (uint8_t*)p_data;
515 uint8_t reason = SMP_ENC_KEY_SIZE;
516 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(p_cb->pairing_bda);
517
518 SMP_TRACE_DEBUG("%s", __func__);
519 /* erase all keys if it is slave proc pairing req*/
520 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
521 btm_sec_clear_ble_keys(p_dev_rec);
522
523 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
524
525 STREAM_TO_UINT8(p_cb->peer_io_caps, p);
526 STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
527 STREAM_TO_UINT8(p_cb->peer_auth_req, p);
528 STREAM_TO_UINT8(p_cb->peer_enc_size, p);
529 STREAM_TO_UINT8(p_cb->peer_i_key, p);
530 STREAM_TO_UINT8(p_cb->peer_r_key, p);
531
532 if (smp_command_has_invalid_parameters(p_cb)) {
533 reason = SMP_INVALID_PARAMETERS;
534 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
535 return;
536 }
537
538 // PTS Testing failure modes
539 if (pts_test_send_authentication_complete_failure(p_cb)) return;
540
541 if (p_cb->role == HCI_ROLE_SLAVE) {
542 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)) {
543 /* peer (master) started pairing sending Pairing Request */
544 p_cb->local_i_key = p_cb->peer_i_key;
545 p_cb->local_r_key = p_cb->peer_r_key;
546
547 p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
548 } else /* update local i/r key according to pairing request */
549 {
550 /* pairing started with this side (slave) sending Security Request */
551 p_cb->local_i_key &= p_cb->peer_i_key;
552 p_cb->local_r_key &= p_cb->peer_r_key;
553 p_cb->selected_association_model = smp_select_association_model(p_cb);
554
555 if (p_cb->secure_connections_only_mode_required &&
556 (!(p_cb->le_secure_connections_mode_is_used) ||
557 (p_cb->selected_association_model ==
558 SMP_MODEL_SEC_CONN_JUSTWORKS))) {
559 SMP_TRACE_ERROR(
560 "%s pairing failed - slave requires secure connection only mode",
561 __func__);
562 reason = SMP_PAIR_AUTH_FAIL;
563 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
564 return;
565 }
566
567 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) {
568 if (smp_request_oob_data(p_cb)) return;
569 } else {
570 smp_send_pair_rsp(p_cb, NULL);
571 }
572 }
573 } else /* Master receives pairing response */
574 {
575 p_cb->selected_association_model = smp_select_association_model(p_cb);
576
577 if (p_cb->secure_connections_only_mode_required &&
578 (!(p_cb->le_secure_connections_mode_is_used) ||
579 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS))) {
580 SMP_TRACE_ERROR(
581 "Master requires secure connection only mode \
582 but it can't be provided -> Master fails pairing");
583 reason = SMP_PAIR_AUTH_FAIL;
584 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
585 return;
586 }
587
588 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) {
589 if (smp_request_oob_data(p_cb)) return;
590 } else {
591 smp_decide_association_model(p_cb, NULL);
592 }
593 }
594 }
595
596 /*******************************************************************************
597 * Function smp_proc_confirm
598 * Description process pairing confirm from peer device
599 ******************************************************************************/
smp_proc_confirm(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)600 void smp_proc_confirm(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
601 uint8_t* p = (uint8_t*)p_data;
602 uint8_t reason = SMP_INVALID_PARAMETERS;
603
604 SMP_TRACE_DEBUG("%s", __func__);
605
606 if (smp_command_has_invalid_parameters(p_cb)) {
607 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
608 return;
609 }
610
611 if (p != NULL) {
612 /* save the SConfirm for comparison later */
613 STREAM_TO_ARRAY(p_cb->rconfirm, p, BT_OCTET16_LEN);
614 }
615
616 p_cb->flags |= SMP_PAIR_FLAGS_CMD_CONFIRM;
617 }
618
619 /*******************************************************************************
620 * Function smp_proc_init
621 * Description process pairing initializer from peer device
622 ******************************************************************************/
smp_proc_init(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)623 void smp_proc_init(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
624 uint8_t* p = (uint8_t*)p_data;
625 uint8_t reason = SMP_INVALID_PARAMETERS;
626
627 SMP_TRACE_DEBUG("%s", __func__);
628
629 if (smp_command_has_invalid_parameters(p_cb)) {
630 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
631 return;
632 }
633
634 /* save the SRand for comparison */
635 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
636 }
637
638 /*******************************************************************************
639 * Function smp_proc_rand
640 * Description process pairing random (nonce) from peer device
641 ******************************************************************************/
smp_proc_rand(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)642 void smp_proc_rand(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
643 uint8_t* p = (uint8_t*)p_data;
644 uint8_t reason = SMP_INVALID_PARAMETERS;
645
646 SMP_TRACE_DEBUG("%s", __func__);
647
648 if (smp_command_has_invalid_parameters(p_cb)) {
649 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
650 return;
651 }
652
653 /* save the SRand for comparison */
654 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
655 }
656
657 /*******************************************************************************
658 * Function smp_process_pairing_public_key
659 * Description process pairing public key command from the peer device
660 * - saves the peer public key;
661 * - sets the flag indicating that the peer public key is received;
662 * - calls smp_wait_for_both_public_keys(...).
663 *
664 ******************************************************************************/
smp_process_pairing_public_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)665 void smp_process_pairing_public_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
666 uint8_t* p = (uint8_t*)p_data;
667 uint8_t reason = SMP_INVALID_PARAMETERS;
668
669 SMP_TRACE_DEBUG("%s", __func__);
670
671 if (smp_command_has_invalid_parameters(p_cb)) {
672 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
673 return;
674 }
675
676 STREAM_TO_ARRAY(p_cb->peer_publ_key.x, p, BT_OCTET32_LEN);
677 STREAM_TO_ARRAY(p_cb->peer_publ_key.y, p, BT_OCTET32_LEN);
678 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY;
679
680 smp_wait_for_both_public_keys(p_cb, NULL);
681 }
682
683 /*******************************************************************************
684 * Function smp_process_pairing_commitment
685 * Description process pairing commitment from peer device
686 ******************************************************************************/
smp_process_pairing_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)687 void smp_process_pairing_commitment(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
688 uint8_t* p = (uint8_t*)p_data;
689 uint8_t reason = SMP_INVALID_PARAMETERS;
690
691 SMP_TRACE_DEBUG("%s", __func__);
692
693 if (smp_command_has_invalid_parameters(p_cb)) {
694 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
695 return;
696 }
697
698 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_COMM;
699
700 if (p != NULL) {
701 STREAM_TO_ARRAY(p_cb->remote_commitment, p, BT_OCTET16_LEN);
702 }
703 }
704
705 /*******************************************************************************
706 * Function smp_process_dhkey_check
707 * Description process DHKey Check from peer device
708 ******************************************************************************/
smp_process_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)709 void smp_process_dhkey_check(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
710 uint8_t* p = (uint8_t*)p_data;
711 uint8_t reason = SMP_INVALID_PARAMETERS;
712
713 SMP_TRACE_DEBUG("%s", __func__);
714
715 if (smp_command_has_invalid_parameters(p_cb)) {
716 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
717 return;
718 }
719
720 if (p != NULL) {
721 STREAM_TO_ARRAY(p_cb->remote_dhkey_check, p, BT_OCTET16_LEN);
722 }
723
724 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK;
725 }
726
727 /*******************************************************************************
728 * Function smp_process_keypress_notification
729 * Description process pairing keypress notification from peer device
730 ******************************************************************************/
smp_process_keypress_notification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)731 void smp_process_keypress_notification(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
732 uint8_t* p = (uint8_t*)p_data;
733 uint8_t reason = SMP_INVALID_PARAMETERS;
734
735 SMP_TRACE_DEBUG("%s", __func__);
736 p_cb->status = *(uint8_t*)p_data;
737
738 if (smp_command_has_invalid_parameters(p_cb)) {
739 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
740 return;
741 }
742
743 if (p != NULL) {
744 STREAM_TO_UINT8(p_cb->peer_keypress_notification, p);
745 } else {
746 p_cb->peer_keypress_notification = BTM_SP_KEY_OUT_OF_RANGE;
747 }
748 p_cb->cb_evt = SMP_PEER_KEYPR_NOT_EVT;
749 }
750
751 /*******************************************************************************
752 * Function smp_br_process_pairing_command
753 * Description Process the SMP pairing request/response from peer device via
754 * BR/EDR transport.
755 ******************************************************************************/
smp_br_process_pairing_command(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)756 void smp_br_process_pairing_command(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
757 uint8_t* p = (uint8_t*)p_data;
758 uint8_t reason = SMP_ENC_KEY_SIZE;
759 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(p_cb->pairing_bda);
760
761 SMP_TRACE_DEBUG("%s", __func__);
762 /* rejecting BR pairing request over non-SC BR link */
763 if (!p_dev_rec->new_encryption_key_is_p256 && p_cb->role == HCI_ROLE_SLAVE) {
764 reason = SMP_XTRANS_DERIVE_NOT_ALLOW;
765 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
766 return;
767 }
768
769 /* erase all keys if it is slave proc pairing req*/
770 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
771 btm_sec_clear_ble_keys(p_dev_rec);
772
773 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
774
775 STREAM_TO_UINT8(p_cb->peer_io_caps, p);
776 STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
777 STREAM_TO_UINT8(p_cb->peer_auth_req, p);
778 STREAM_TO_UINT8(p_cb->peer_enc_size, p);
779 STREAM_TO_UINT8(p_cb->peer_i_key, p);
780 STREAM_TO_UINT8(p_cb->peer_r_key, p);
781
782 if (smp_command_has_invalid_parameters(p_cb)) {
783 reason = SMP_INVALID_PARAMETERS;
784 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
785 return;
786 }
787
788 /* peer (master) started pairing sending Pairing Request */
789 /* or being master device always use received i/r key as keys to distribute */
790 p_cb->local_i_key = p_cb->peer_i_key;
791 p_cb->local_r_key = p_cb->peer_r_key;
792
793 if (p_cb->role == HCI_ROLE_SLAVE) {
794 p_dev_rec->new_encryption_key_is_p256 = false;
795 /* shortcut to skip Security Grant step */
796 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
797 } else /* Master receives pairing response */
798 {
799 SMP_TRACE_DEBUG(
800 "%s master rcvs valid PAIRING RESPONSE."
801 " Supposed to move to key distribution phase. ",
802 __func__);
803 }
804
805 /* auth_req received via BR/EDR SM channel is set to 0,
806 but everything derived/exchanged has to be saved */
807 p_cb->peer_auth_req |= SMP_AUTH_BOND;
808 p_cb->loc_auth_req |= SMP_AUTH_BOND;
809 }
810
811 /*******************************************************************************
812 * Function smp_br_process_security_grant
813 * Description process security grant in case of pairing over BR/EDR transport.
814 ******************************************************************************/
smp_br_process_security_grant(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)815 void smp_br_process_security_grant(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
816 uint8_t res = *(uint8_t*)p_data;
817 SMP_TRACE_DEBUG("%s", __func__);
818 if (res != SMP_SUCCESS) {
819 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, p_data);
820 } else /*otherwise, start pairing */
821 {
822 /* send IO request callback */
823 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
824 }
825 }
826
827 /*******************************************************************************
828 * Function smp_br_check_authorization_request
829 * Description sets the SMP kes to be derived/distribute over BR/EDR transport
830 * before starting the distribution/derivation
831 ******************************************************************************/
smp_br_check_authorization_request(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)832 void smp_br_check_authorization_request(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
833 uint8_t reason = SMP_SUCCESS;
834
835 SMP_TRACE_DEBUG(
836 "%s rcvs i_keys=0x%x r_keys=0x%x "
837 "(i-initiator r-responder)",
838 __func__, p_cb->local_i_key, p_cb->local_r_key);
839
840 /* In LE SC mode LK field is ignored when BR/EDR transport is used */
841 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
842 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
843
844 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
845 ** Set local_r_key on master to expect only these keys. */
846 if (p_cb->role == HCI_ROLE_MASTER) {
847 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
848 }
849
850 /* Check if H7 function needs to be used for key derivation*/
851 if ((p_cb->loc_auth_req & SMP_H7_SUPPORT_BIT) &&
852 (p_cb->peer_auth_req & SMP_H7_SUPPORT_BIT)) {
853 p_cb->key_derivation_h7_used = TRUE;
854 }
855 SMP_TRACE_DEBUG("%s: use h7 = %d", __func__, p_cb->key_derivation_h7_used);
856
857 SMP_TRACE_DEBUG(
858 "%s rcvs upgrades: i_keys=0x%x r_keys=0x%x "
859 "(i-initiator r-responder)",
860 __func__, p_cb->local_i_key, p_cb->local_r_key);
861
862 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
863 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
864 (p_cb->local_i_key || p_cb->local_r_key)) {
865 smp_br_state_machine_event(p_cb, SMP_BR_BOND_REQ_EVT, NULL);
866
867 /* if no peer key is expected, start master key distribution */
868 if (p_cb->role == HCI_ROLE_MASTER && p_cb->local_r_key == 0)
869 smp_key_distribution_by_transport(p_cb, NULL);
870 } else {
871 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
872 }
873 }
874
875 /*******************************************************************************
876 * Function smp_br_select_next_key
877 * Description selects the next key to derive/send when BR/EDR transport is
878 * used.
879 ******************************************************************************/
smp_br_select_next_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)880 void smp_br_select_next_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
881 uint8_t reason = SMP_SUCCESS;
882 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x", __func__,
883 p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
884
885 if (p_cb->role == HCI_ROLE_SLAVE ||
886 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER)) {
887 smp_key_pick_key(p_cb, p_data);
888 }
889
890 if (!p_cb->local_i_key && !p_cb->local_r_key) {
891 /* state check to prevent re-entrance */
892 if (smp_get_br_state() == SMP_BR_STATE_BOND_PENDING) {
893 if (p_cb->total_tx_unacked == 0)
894 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
895 else
896 p_cb->wait_for_authorization_complete = true;
897 }
898 }
899 }
900
901 /*******************************************************************************
902 * Function smp_proc_enc_info
903 * Description process encryption information from peer device
904 ******************************************************************************/
smp_proc_enc_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)905 void smp_proc_enc_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
906 uint8_t* p = (uint8_t*)p_data;
907
908 SMP_TRACE_DEBUG("%s", __func__);
909 STREAM_TO_ARRAY(p_cb->ltk, p, BT_OCTET16_LEN);
910
911 smp_key_distribution(p_cb, NULL);
912 }
913 /*******************************************************************************
914 * Function smp_proc_master_id
915 * Description process master ID from slave device
916 ******************************************************************************/
smp_proc_master_id(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)917 void smp_proc_master_id(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
918 uint8_t* p = (uint8_t*)p_data;
919 tBTM_LE_PENC_KEYS le_key;
920
921 SMP_TRACE_DEBUG("%s", __func__);
922 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ENC, true);
923
924 STREAM_TO_UINT16(le_key.ediv, p);
925 STREAM_TO_ARRAY(le_key.rand, p, BT_OCTET8_LEN);
926
927 /* store the encryption keys from peer device */
928 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
929 le_key.sec_level = p_cb->sec_level;
930 le_key.key_size = p_cb->loc_enc_size;
931
932 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) &&
933 (p_cb->loc_auth_req & SMP_AUTH_BOND))
934 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PENC,
935 (tBTM_LE_KEY_VALUE*)&le_key, true);
936
937 smp_key_distribution(p_cb, NULL);
938 }
939
940 /*******************************************************************************
941 * Function smp_proc_enc_info
942 * Description process identity information from peer device
943 ******************************************************************************/
smp_proc_id_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)944 void smp_proc_id_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
945 uint8_t* p = (uint8_t*)p_data;
946
947 SMP_TRACE_DEBUG("%s", __func__);
948 STREAM_TO_ARRAY(p_cb->tk, p, BT_OCTET16_LEN); /* reuse TK for IRK */
949 smp_key_distribution_by_transport(p_cb, NULL);
950 }
951
952 /*******************************************************************************
953 * Function smp_proc_id_addr
954 * Description process identity address from peer device
955 ******************************************************************************/
smp_proc_id_addr(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)956 void smp_proc_id_addr(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
957 uint8_t* p = (uint8_t*)p_data;
958 tBTM_LE_PID_KEYS pid_key;
959
960 SMP_TRACE_DEBUG("%s", __func__);
961 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ID, true);
962
963 STREAM_TO_UINT8(pid_key.addr_type, p);
964 STREAM_TO_BDADDR(pid_key.static_addr, p);
965 memcpy(pid_key.irk, p_cb->tk, BT_OCTET16_LEN);
966
967 /* to use as BD_ADDR for lk derived from ltk */
968 p_cb->id_addr_rcvd = true;
969 p_cb->id_addr_type = pid_key.addr_type;
970 memcpy(p_cb->id_addr, pid_key.static_addr, BD_ADDR_LEN);
971
972 /* store the ID key from peer device */
973 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) &&
974 (p_cb->loc_auth_req & SMP_AUTH_BOND))
975 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PID,
976 (tBTM_LE_KEY_VALUE*)&pid_key, true);
977 smp_key_distribution_by_transport(p_cb, NULL);
978 }
979
980 /*******************************************************************************
981 * Function smp_proc_srk_info
982 * Description process security information from peer device
983 ******************************************************************************/
smp_proc_srk_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)984 void smp_proc_srk_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
985 tBTM_LE_PCSRK_KEYS le_key;
986
987 SMP_TRACE_DEBUG("%s", __func__);
988 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_CSRK, true);
989
990 /* save CSRK to security record */
991 le_key.sec_level = p_cb->sec_level;
992 maybe_non_aligned_memcpy(le_key.csrk, p_data,
993 BT_OCTET16_LEN); /* get peer CSRK */
994 le_key.counter = 0; /* initialize the peer counter */
995
996 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) &&
997 (p_cb->loc_auth_req & SMP_AUTH_BOND))
998 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PCSRK,
999 (tBTM_LE_KEY_VALUE*)&le_key, true);
1000 smp_key_distribution_by_transport(p_cb, NULL);
1001 }
1002
1003 /*******************************************************************************
1004 * Function smp_proc_compare
1005 * Description process compare value
1006 ******************************************************************************/
smp_proc_compare(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1007 void smp_proc_compare(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1008 uint8_t reason;
1009
1010 SMP_TRACE_DEBUG("%s", __func__);
1011 if (!memcmp(p_cb->rconfirm, p_data->key.p_data, BT_OCTET16_LEN)) {
1012 /* compare the max encryption key size, and save the smaller one for the
1013 * link */
1014 if (p_cb->peer_enc_size < p_cb->loc_enc_size)
1015 p_cb->loc_enc_size = p_cb->peer_enc_size;
1016
1017 if (p_cb->role == HCI_ROLE_SLAVE)
1018 smp_sm_event(p_cb, SMP_RAND_EVT, NULL);
1019 else {
1020 /* master device always use received i/r key as keys to distribute */
1021 p_cb->local_i_key = p_cb->peer_i_key;
1022 p_cb->local_r_key = p_cb->peer_r_key;
1023
1024 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1025 }
1026
1027 } else {
1028 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1029 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1030 }
1031 }
1032
1033 /*******************************************************************************
1034 * Function smp_proc_sl_key
1035 * Description process key ready events.
1036 ******************************************************************************/
smp_proc_sl_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1037 void smp_proc_sl_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1038 uint8_t key_type = p_data->key.key_type;
1039
1040 SMP_TRACE_DEBUG("%s", __func__);
1041 if (key_type == SMP_KEY_TYPE_TK) {
1042 smp_generate_srand_mrand_confirm(p_cb, NULL);
1043 } else if (key_type == SMP_KEY_TYPE_CFM) {
1044 smp_set_state(SMP_STATE_WAIT_CONFIRM);
1045
1046 if (p_cb->flags & SMP_PAIR_FLAGS_CMD_CONFIRM)
1047 smp_sm_event(p_cb, SMP_CONFIRM_EVT, NULL);
1048 }
1049 }
1050
1051 /*******************************************************************************
1052 * Function smp_start_enc
1053 * Description start encryption
1054 ******************************************************************************/
smp_start_enc(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1055 void smp_start_enc(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1056 tBTM_STATUS cmd;
1057 uint8_t reason = SMP_ENC_FAIL;
1058
1059 SMP_TRACE_DEBUG("%s", __func__);
1060 if (p_data != NULL)
1061 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, true, p_data->key.p_data);
1062 else
1063 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, false, NULL);
1064
1065 if (cmd != BTM_CMD_STARTED && cmd != BTM_BUSY)
1066 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1067 }
1068
1069 /*******************************************************************************
1070 * Function smp_proc_discard
1071 * Description processing for discard security request
1072 ******************************************************************************/
smp_proc_discard(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1073 void smp_proc_discard(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1074 SMP_TRACE_DEBUG("%s", __func__);
1075 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD))
1076 smp_reset_control_value(p_cb);
1077 }
1078
1079 /*******************************************************************************
1080 * Function smp_enc_cmpl
1081 * Description encryption success
1082 ******************************************************************************/
smp_enc_cmpl(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1083 void smp_enc_cmpl(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1084 uint8_t enc_enable = *(uint8_t*)p_data;
1085 uint8_t reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1086
1087 SMP_TRACE_DEBUG("%s", __func__);
1088 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1089 }
1090
1091 /*******************************************************************************
1092 * Function smp_check_auth_req
1093 * Description check authentication request
1094 ******************************************************************************/
smp_check_auth_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1095 void smp_check_auth_req(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1096 uint8_t enc_enable = *(uint8_t*)p_data;
1097 uint8_t reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1098
1099 SMP_TRACE_DEBUG(
1100 "%s rcvs enc_enable=%d i_keys=0x%x r_keys=0x%x "
1101 "(i-initiator r-responder)",
1102 __func__, enc_enable, p_cb->local_i_key, p_cb->local_r_key);
1103 if (enc_enable == 1) {
1104 if (p_cb->le_secure_connections_mode_is_used) {
1105 /* In LE SC mode LTK is used instead of STK and has to be always saved */
1106 p_cb->local_i_key |= SMP_SEC_KEY_TYPE_ENC;
1107 p_cb->local_r_key |= SMP_SEC_KEY_TYPE_ENC;
1108
1109 /* In LE SC mode LK is derived from LTK only if both sides request it */
1110 if (!(p_cb->local_i_key & SMP_SEC_KEY_TYPE_LK) ||
1111 !(p_cb->local_r_key & SMP_SEC_KEY_TYPE_LK)) {
1112 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1113 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1114 }
1115
1116 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
1117 ** Set local_r_key on master to expect only these keys.
1118 */
1119 if (p_cb->role == HCI_ROLE_MASTER) {
1120 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
1121 }
1122 } else {
1123 /* in legacy mode derivation of BR/EDR LK is not supported */
1124 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1125 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1126 }
1127 SMP_TRACE_DEBUG(
1128 "%s rcvs upgrades: i_keys=0x%x r_keys=0x%x "
1129 "(i-initiator r-responder)",
1130 __func__, p_cb->local_i_key, p_cb->local_r_key);
1131
1132 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
1133 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
1134 (p_cb->local_i_key || p_cb->local_r_key)) {
1135 smp_sm_event(p_cb, SMP_BOND_REQ_EVT, NULL);
1136 } else
1137 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1138 } else if (enc_enable == 0) {
1139 /* if failed for encryption after pairing, send callback */
1140 if (p_cb->flags & SMP_PAIR_FLAG_ENC_AFTER_PAIR)
1141 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1142 /* if enc failed for old security information */
1143 /* if master device, clean up and abck to idle; slave device do nothing */
1144 else if (p_cb->role == HCI_ROLE_MASTER) {
1145 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1146 }
1147 }
1148 }
1149
1150 /*******************************************************************************
1151 * Function smp_key_pick_key
1152 * Description Pick a key distribution function based on the key mask.
1153 ******************************************************************************/
smp_key_pick_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1154 void smp_key_pick_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1155 uint8_t key_to_dist =
1156 (p_cb->role == HCI_ROLE_SLAVE) ? p_cb->local_r_key : p_cb->local_i_key;
1157 uint8_t i = 0;
1158
1159 SMP_TRACE_DEBUG("%s key_to_dist=0x%x", __func__, key_to_dist);
1160 while (i < SMP_KEY_DIST_TYPE_MAX) {
1161 SMP_TRACE_DEBUG("key to send = %02x, i = %d", key_to_dist, i);
1162
1163 if (key_to_dist & (1 << i)) {
1164 SMP_TRACE_DEBUG("smp_distribute_act[%d]", i);
1165 (*smp_distribute_act[i])(p_cb, p_data);
1166 break;
1167 }
1168 i++;
1169 }
1170 }
1171 /*******************************************************************************
1172 * Function smp_key_distribution
1173 * Description start key distribution if required.
1174 ******************************************************************************/
smp_key_distribution(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1175 void smp_key_distribution(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1176 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x", __func__,
1177 p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
1178
1179 if (p_cb->role == HCI_ROLE_SLAVE ||
1180 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER)) {
1181 smp_key_pick_key(p_cb, p_data);
1182 }
1183
1184 if (!p_cb->local_i_key && !p_cb->local_r_key) {
1185 /* state check to prevent re-entrant */
1186 if (smp_get_state() == SMP_STATE_BOND_PENDING) {
1187 if (p_cb->derive_lk) {
1188 smp_derive_link_key_from_long_term_key(p_cb, NULL);
1189 p_cb->derive_lk = false;
1190 }
1191
1192 if (p_cb->total_tx_unacked == 0) {
1193 /*
1194 * Instead of declaring authorization complete immediately,
1195 * delay the event from being sent by SMP_DELAYED_AUTH_TIMEOUT_MS.
1196 * This allows the slave to send over Pairing Failed if the
1197 * last key is rejected. During this waiting window, the
1198 * state should remain in SMP_STATE_BOND_PENDING.
1199 */
1200 if (!alarm_is_scheduled(p_cb->delayed_auth_timer_ent)) {
1201 SMP_TRACE_DEBUG("%s delaying auth complete.", __func__);
1202 alarm_set_on_queue(
1203 p_cb->delayed_auth_timer_ent, SMP_DELAYED_AUTH_TIMEOUT_MS,
1204 smp_delayed_auth_complete_timeout, NULL, btu_general_alarm_queue);
1205 }
1206 } else {
1207 p_cb->wait_for_authorization_complete = true;
1208 }
1209 }
1210 }
1211 }
1212
1213 /*******************************************************************************
1214 * Function smp_decide_association_model
1215 * Description This function is called to select assoc model to be used for
1216 * STK generation and to start STK generation process.
1217 *
1218 ******************************************************************************/
smp_decide_association_model(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1219 void smp_decide_association_model(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1220 uint8_t failure = SMP_UNKNOWN_IO_CAP;
1221 uint8_t int_evt = 0;
1222 tSMP_KEY key;
1223 tSMP_INT_DATA* p = NULL;
1224
1225 SMP_TRACE_DEBUG("%s Association Model = %d", __func__,
1226 p_cb->selected_association_model);
1227
1228 switch (p_cb->selected_association_model) {
1229 case SMP_MODEL_ENCRYPTION_ONLY: /* TK = 0, go calculate Confirm */
1230 if (p_cb->role == HCI_ROLE_MASTER &&
1231 ((p_cb->peer_auth_req & SMP_AUTH_YN_BIT) != 0) &&
1232 ((p_cb->loc_auth_req & SMP_AUTH_YN_BIT) == 0)) {
1233 SMP_TRACE_ERROR(
1234 "IO capability does not meet authentication requirement");
1235 failure = SMP_PAIR_AUTH_FAIL;
1236 p = (tSMP_INT_DATA*)&failure;
1237 int_evt = SMP_AUTH_CMPL_EVT;
1238 } else {
1239 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1240 SMP_TRACE_EVENT("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ",
1241 p_cb->sec_level);
1242
1243 key.key_type = SMP_KEY_TYPE_TK;
1244 key.p_data = p_cb->tk;
1245 p = (tSMP_INT_DATA*)&key;
1246
1247 memset(p_cb->tk, 0, BT_OCTET16_LEN);
1248 /* TK, ready */
1249 int_evt = SMP_KEY_READY_EVT;
1250 }
1251 break;
1252
1253 case SMP_MODEL_PASSKEY:
1254 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1255 SMP_TRACE_EVENT("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ",
1256 p_cb->sec_level);
1257
1258 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1259 int_evt = SMP_TK_REQ_EVT;
1260 break;
1261
1262 case SMP_MODEL_OOB:
1263 SMP_TRACE_ERROR("Association Model = SMP_MODEL_OOB");
1264 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1265 SMP_TRACE_EVENT("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ",
1266 p_cb->sec_level);
1267
1268 p_cb->cb_evt = SMP_OOB_REQ_EVT;
1269 int_evt = SMP_TK_REQ_EVT;
1270 break;
1271
1272 case SMP_MODEL_KEY_NOTIF:
1273 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1274 SMP_TRACE_DEBUG("Need to generate Passkey");
1275
1276 /* generate passkey and notify application */
1277 smp_generate_passkey(p_cb, NULL);
1278 break;
1279
1280 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1281 case SMP_MODEL_SEC_CONN_NUM_COMP:
1282 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1283 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1284 case SMP_MODEL_SEC_CONN_OOB:
1285 int_evt = SMP_PUBL_KEY_EXCH_REQ_EVT;
1286 break;
1287
1288 case SMP_MODEL_OUT_OF_RANGE:
1289 SMP_TRACE_ERROR("Association Model = SMP_MODEL_OUT_OF_RANGE (failed)");
1290 p = (tSMP_INT_DATA*)&failure;
1291 int_evt = SMP_AUTH_CMPL_EVT;
1292 break;
1293
1294 default:
1295 SMP_TRACE_ERROR(
1296 "Association Model = %d (SOMETHING IS WRONG WITH THE CODE)",
1297 p_cb->selected_association_model);
1298 p = (tSMP_INT_DATA*)&failure;
1299 int_evt = SMP_AUTH_CMPL_EVT;
1300 }
1301
1302 SMP_TRACE_EVENT("sec_level=%d ", p_cb->sec_level);
1303 if (int_evt) smp_sm_event(p_cb, int_evt, p);
1304 }
1305
1306 /*******************************************************************************
1307 * Function smp_process_io_response
1308 * Description process IO response for a slave device.
1309 ******************************************************************************/
smp_process_io_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1310 void smp_process_io_response(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1311 uint8_t reason = SMP_PAIR_AUTH_FAIL;
1312
1313 SMP_TRACE_DEBUG("%s", __func__);
1314 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD) {
1315 /* pairing started by local (slave) Security Request */
1316 smp_set_state(SMP_STATE_SEC_REQ_PENDING);
1317 smp_send_cmd(SMP_OPCODE_SEC_REQ, p_cb);
1318 } else /* plan to send pairing respond */
1319 {
1320 /* pairing started by peer (master) Pairing Request */
1321 p_cb->selected_association_model = smp_select_association_model(p_cb);
1322
1323 if (p_cb->secure_connections_only_mode_required &&
1324 (!(p_cb->le_secure_connections_mode_is_used) ||
1325 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS))) {
1326 SMP_TRACE_ERROR(
1327 "Slave requires secure connection only mode \
1328 but it can't be provided -> Slave fails pairing");
1329 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1330 return;
1331 }
1332
1333 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) {
1334 if (smp_request_oob_data(p_cb)) return;
1335 }
1336
1337 // PTS Testing failure modes
1338 if (pts_test_send_authentication_complete_failure(p_cb)) return;
1339
1340 smp_send_pair_rsp(p_cb, NULL);
1341 }
1342 }
1343
1344 /*******************************************************************************
1345 * Function smp_br_process_slave_keys_response
1346 * Description process application keys response for a slave device
1347 * (BR/EDR transport).
1348 ******************************************************************************/
smp_br_process_slave_keys_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1349 void smp_br_process_slave_keys_response(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1350 smp_br_send_pair_response(p_cb, NULL);
1351 }
1352
1353 /*******************************************************************************
1354 * Function smp_br_send_pair_response
1355 * Description actions related to sending pairing response over BR/EDR
1356 * transport.
1357 ******************************************************************************/
smp_br_send_pair_response(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1358 void smp_br_send_pair_response(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1359 SMP_TRACE_DEBUG("%s", __func__);
1360
1361 p_cb->local_i_key &= p_cb->peer_i_key;
1362 p_cb->local_r_key &= p_cb->peer_r_key;
1363
1364 smp_send_cmd(SMP_OPCODE_PAIRING_RSP, p_cb);
1365 }
1366
1367 /*******************************************************************************
1368 * Function smp_pairing_cmpl
1369 * Description This function is called to send the pairing complete
1370 * callback and remove the connection if needed.
1371 ******************************************************************************/
smp_pairing_cmpl(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1372 void smp_pairing_cmpl(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1373 if (p_cb->total_tx_unacked == 0) {
1374 /* process the pairing complete */
1375 smp_proc_pairing_cmpl(p_cb);
1376 }
1377 }
1378
1379 /*******************************************************************************
1380 * Function smp_pair_terminate
1381 * Description This function is called to send the pairing complete
1382 * callback and remove the connection if needed.
1383 ******************************************************************************/
smp_pair_terminate(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1384 void smp_pair_terminate(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1385 SMP_TRACE_DEBUG("%s", __func__);
1386 p_cb->status = SMP_CONN_TOUT;
1387 smp_proc_pairing_cmpl(p_cb);
1388 }
1389
1390 /*******************************************************************************
1391 * Function smp_idle_terminate
1392 * Description This function calledin idle state to determine to send
1393 * authentication complete or not.
1394 ******************************************************************************/
smp_idle_terminate(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1395 void smp_idle_terminate(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1396 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD) {
1397 SMP_TRACE_DEBUG("Pairing terminated at IDLE state.");
1398 p_cb->status = SMP_FAIL;
1399 smp_proc_pairing_cmpl(p_cb);
1400 }
1401 }
1402
1403 /*******************************************************************************
1404 * Function smp_fast_conn_param
1405 * Description apply default connection parameter for pairing process
1406 ******************************************************************************/
smp_fast_conn_param(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1407 void smp_fast_conn_param(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1408 /* Disable L2CAP connection parameter updates while bonding since
1409 some peripherals are not able to revert to fast connection parameters
1410 during the start of service discovery. Connection paramter updates
1411 get enabled again once service discovery completes. */
1412 L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, false);
1413 }
1414
1415 /*******************************************************************************
1416 * Function smp_both_have_public_keys
1417 * Description The function is called when both local and peer public keys are
1418 * saved.
1419 * Actions:
1420 * - invokes DHKey computation;
1421 * - on slave side invokes sending local public key to the peer.
1422 * - invokes SC phase 1 process.
1423 ******************************************************************************/
smp_both_have_public_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1424 void smp_both_have_public_keys(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1425 SMP_TRACE_DEBUG("%s", __func__);
1426
1427 /* invokes DHKey computation */
1428 smp_compute_dhkey(p_cb);
1429
1430 /* on slave side invokes sending local public key to the peer */
1431 if (p_cb->role == HCI_ROLE_SLAVE) smp_send_pair_public_key(p_cb, NULL);
1432
1433 smp_sm_event(p_cb, SMP_SC_DHKEY_CMPLT_EVT, NULL);
1434 }
1435
1436 /*******************************************************************************
1437 * Function smp_start_secure_connection_phase1
1438 * Description Start Secure Connection phase1 i.e. invokes initialization of
1439 * Secure Connection phase 1 parameters and starts building/sending
1440 * to the peer messages appropriate for the role and association
1441 * model.
1442 ******************************************************************************/
smp_start_secure_connection_phase1(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1443 void smp_start_secure_connection_phase1(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1444 SMP_TRACE_DEBUG("%s", __func__);
1445
1446 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS) {
1447 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1448 SMP_TRACE_EVENT("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ",
1449 p_cb->sec_level);
1450 } else {
1451 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1452 SMP_TRACE_EVENT("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ",
1453 p_cb->sec_level);
1454 }
1455
1456 switch (p_cb->selected_association_model) {
1457 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1458 case SMP_MODEL_SEC_CONN_NUM_COMP:
1459 memset(p_cb->local_random, 0, BT_OCTET16_LEN);
1460 smp_start_nonce_generation(p_cb);
1461 break;
1462 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1463 /* user has to provide passkey */
1464 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1465 smp_sm_event(p_cb, SMP_TK_REQ_EVT, NULL);
1466 break;
1467 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1468 /* passkey has to be provided to user */
1469 SMP_TRACE_DEBUG("Need to generate SC Passkey");
1470 smp_generate_passkey(p_cb, NULL);
1471 break;
1472 case SMP_MODEL_SEC_CONN_OOB:
1473 /* use the available OOB information */
1474 smp_process_secure_connection_oob_data(p_cb, NULL);
1475 break;
1476 default:
1477 SMP_TRACE_ERROR("Association Model = %d is not used in LE SC",
1478 p_cb->selected_association_model);
1479 break;
1480 }
1481 }
1482
1483 /*******************************************************************************
1484 * Function smp_process_local_nonce
1485 * Description The function processes new local nonce.
1486 *
1487 * Note It is supposed to be called in SC phase1.
1488 ******************************************************************************/
smp_process_local_nonce(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1489 void smp_process_local_nonce(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1490 SMP_TRACE_DEBUG("%s", __func__);
1491
1492 switch (p_cb->selected_association_model) {
1493 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1494 case SMP_MODEL_SEC_CONN_NUM_COMP:
1495 if (p_cb->role == HCI_ROLE_SLAVE) {
1496 /* slave calculates and sends local commitment */
1497 smp_calculate_local_commitment(p_cb);
1498 smp_send_commitment(p_cb, NULL);
1499 /* slave has to wait for peer nonce */
1500 smp_set_state(SMP_STATE_WAIT_NONCE);
1501 } else /* i.e. master */
1502 {
1503 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM) {
1504 /* slave commitment is already received, send local nonce, wait for
1505 * remote nonce*/
1506 SMP_TRACE_DEBUG(
1507 "master in assoc mode = %d \
1508 already rcvd slave commitment - race condition",
1509 p_cb->selected_association_model);
1510 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1511 smp_send_rand(p_cb, NULL);
1512 smp_set_state(SMP_STATE_WAIT_NONCE);
1513 }
1514 }
1515 break;
1516 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1517 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1518 smp_calculate_local_commitment(p_cb);
1519
1520 if (p_cb->role == HCI_ROLE_MASTER) {
1521 smp_send_commitment(p_cb, NULL);
1522 } else /* slave */
1523 {
1524 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM) {
1525 /* master commitment is already received */
1526 smp_send_commitment(p_cb, NULL);
1527 smp_set_state(SMP_STATE_WAIT_NONCE);
1528 }
1529 }
1530 break;
1531 case SMP_MODEL_SEC_CONN_OOB:
1532 if (p_cb->role == HCI_ROLE_MASTER) {
1533 smp_send_rand(p_cb, NULL);
1534 }
1535
1536 smp_set_state(SMP_STATE_WAIT_NONCE);
1537 break;
1538 default:
1539 SMP_TRACE_ERROR("Association Model = %d is not used in LE SC",
1540 p_cb->selected_association_model);
1541 break;
1542 }
1543 }
1544
1545 /*******************************************************************************
1546 * Function smp_process_peer_nonce
1547 * Description The function processes newly received and saved in CB peer
1548 * nonce. The actions depend on the selected association model and
1549 * the role.
1550 *
1551 * Note It is supposed to be called in SC phase1.
1552 ******************************************************************************/
smp_process_peer_nonce(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1553 void smp_process_peer_nonce(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1554 uint8_t reason;
1555
1556 SMP_TRACE_DEBUG("%s start ", __func__);
1557
1558 // PTS Testing failure modes
1559 if (p_cb->cert_failure == 1) {
1560 SMP_TRACE_ERROR("%s failure case = %d", __func__, p_cb->cert_failure);
1561 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1562 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1563 return;
1564 }
1565
1566 switch (p_cb->selected_association_model) {
1567 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1568 case SMP_MODEL_SEC_CONN_NUM_COMP:
1569 /* in these models only master receives commitment */
1570 if (p_cb->role == HCI_ROLE_MASTER) {
1571 if (!smp_check_commitment(p_cb)) {
1572 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1573 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1574 break;
1575 }
1576 } else {
1577 /* slave sends local nonce */
1578 smp_send_rand(p_cb, NULL);
1579 }
1580
1581 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS) {
1582 /* go directly to phase 2 */
1583 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1584 } else /* numeric comparison */
1585 {
1586 smp_set_state(SMP_STATE_WAIT_NONCE);
1587 smp_sm_event(p_cb, SMP_SC_CALC_NC_EVT, NULL);
1588 }
1589 break;
1590 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1591 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1592 if (!smp_check_commitment(p_cb) && p_cb->cert_failure != 9) {
1593 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1594 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1595 break;
1596 }
1597
1598 if (p_cb->role == HCI_ROLE_SLAVE) {
1599 smp_send_rand(p_cb, NULL);
1600 }
1601
1602 if (++p_cb->round < 20) {
1603 smp_set_state(SMP_STATE_SEC_CONN_PHS1_START);
1604 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1605 smp_start_nonce_generation(p_cb);
1606 break;
1607 }
1608
1609 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1610 break;
1611 case SMP_MODEL_SEC_CONN_OOB:
1612 if (p_cb->role == HCI_ROLE_SLAVE) {
1613 smp_send_rand(p_cb, NULL);
1614 }
1615
1616 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1617 break;
1618 default:
1619 SMP_TRACE_ERROR("Association Model = %d is not used in LE SC",
1620 p_cb->selected_association_model);
1621 break;
1622 }
1623
1624 SMP_TRACE_DEBUG("%s end ", __func__);
1625 }
1626
1627 /*******************************************************************************
1628 * Function smp_match_dhkey_checks
1629 * Description checks if the calculated peer DHKey Check value is the same as
1630 * received from the peer DHKey check value.
1631 ******************************************************************************/
smp_match_dhkey_checks(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1632 void smp_match_dhkey_checks(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1633 uint8_t reason = SMP_DHKEY_CHK_FAIL;
1634
1635 SMP_TRACE_DEBUG("%s", __func__);
1636
1637 if (memcmp(p_data->key.p_data, p_cb->remote_dhkey_check, BT_OCTET16_LEN)) {
1638 SMP_TRACE_WARNING("dhkey chcks do no match");
1639 p_cb->failure = reason;
1640 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1641 return;
1642 }
1643
1644 SMP_TRACE_EVENT("dhkey chcks match");
1645
1646 /* compare the max encryption key size, and save the smaller one for the link
1647 */
1648 if (p_cb->peer_enc_size < p_cb->loc_enc_size)
1649 p_cb->loc_enc_size = p_cb->peer_enc_size;
1650
1651 if (p_cb->role == HCI_ROLE_SLAVE) {
1652 smp_sm_event(p_cb, SMP_PAIR_DHKEY_CHCK_EVT, NULL);
1653 } else {
1654 /* master device always use received i/r key as keys to distribute */
1655 p_cb->local_i_key = p_cb->peer_i_key;
1656 p_cb->local_r_key = p_cb->peer_r_key;
1657 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1658 }
1659 }
1660
1661 /*******************************************************************************
1662 * Function smp_move_to_secure_connections_phase2
1663 * Description Signal State Machine to start SC phase 2 initialization (to
1664 * compute local DHKey Check value).
1665 *
1666 * Note SM is supposed to be in the state SMP_STATE_SEC_CONN_PHS2_START.
1667 ******************************************************************************/
smp_move_to_secure_connections_phase2(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1668 void smp_move_to_secure_connections_phase2(tSMP_CB* p_cb,
1669 tSMP_INT_DATA* p_data) {
1670 SMP_TRACE_DEBUG("%s", __func__);
1671 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1672 }
1673
1674 /*******************************************************************************
1675 * Function smp_phase_2_dhkey_checks_are_present
1676 * Description generates event if dhkey check from the peer is already
1677 * received.
1678 *
1679 * Note It is supposed to be used on slave to prevent race condition.
1680 * It is supposed to be called after slave dhkey check is
1681 * calculated.
1682 ******************************************************************************/
smp_phase_2_dhkey_checks_are_present(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1683 void smp_phase_2_dhkey_checks_are_present(tSMP_CB* p_cb,
1684 tSMP_INT_DATA* p_data) {
1685 SMP_TRACE_DEBUG("%s", __func__);
1686
1687 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK)
1688 smp_sm_event(p_cb, SMP_SC_2_DHCK_CHKS_PRES_EVT, NULL);
1689 }
1690
1691 /*******************************************************************************
1692 * Function smp_wait_for_both_public_keys
1693 * Description generates SMP_BOTH_PUBL_KEYS_RCVD_EVT event when both local and
1694 * master public keys are available.
1695 *
1696 * Note on the slave it is used to prevent race condition.
1697 *
1698 ******************************************************************************/
smp_wait_for_both_public_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1699 void smp_wait_for_both_public_keys(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1700 SMP_TRACE_DEBUG("%s", __func__);
1701
1702 if ((p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY) &&
1703 (p_cb->flags & SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY)) {
1704 if ((p_cb->role == HCI_ROLE_SLAVE) &&
1705 ((p_cb->req_oob_type == SMP_OOB_LOCAL) ||
1706 (p_cb->req_oob_type == SMP_OOB_BOTH))) {
1707 smp_set_state(SMP_STATE_PUBLIC_KEY_EXCH);
1708 }
1709 smp_sm_event(p_cb, SMP_BOTH_PUBL_KEYS_RCVD_EVT, NULL);
1710 }
1711 }
1712
1713 /*******************************************************************************
1714 * Function smp_start_passkey_verification
1715 * Description Starts SC passkey entry verification.
1716 ******************************************************************************/
smp_start_passkey_verification(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1717 void smp_start_passkey_verification(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1718 uint8_t* p = NULL;
1719
1720 SMP_TRACE_DEBUG("%s", __func__);
1721 p = p_cb->local_random;
1722 UINT32_TO_STREAM(p, p_data->passkey);
1723
1724 p = p_cb->peer_random;
1725 UINT32_TO_STREAM(p, p_data->passkey);
1726
1727 p_cb->round = 0;
1728 smp_start_nonce_generation(p_cb);
1729 }
1730
1731 /*******************************************************************************
1732 * Function smp_process_secure_connection_oob_data
1733 * Description Processes local/peer SC OOB data received from somewhere.
1734 ******************************************************************************/
smp_process_secure_connection_oob_data(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1735 void smp_process_secure_connection_oob_data(tSMP_CB* p_cb,
1736 tSMP_INT_DATA* p_data) {
1737 SMP_TRACE_DEBUG("%s", __func__);
1738
1739 tSMP_SC_OOB_DATA* p_sc_oob_data = &p_cb->sc_oob_data;
1740 if (p_sc_oob_data->loc_oob_data.present) {
1741 memcpy(p_cb->local_random, p_sc_oob_data->loc_oob_data.randomizer,
1742 sizeof(p_cb->local_random));
1743 } else {
1744 SMP_TRACE_EVENT("%s: local OOB randomizer is absent", __func__);
1745 memset(p_cb->local_random, 0, sizeof(p_cb->local_random));
1746 }
1747
1748 if (!p_sc_oob_data->peer_oob_data.present) {
1749 SMP_TRACE_EVENT("%s: peer OOB data is absent", __func__);
1750 memset(p_cb->peer_random, 0, sizeof(p_cb->peer_random));
1751 } else {
1752 memcpy(p_cb->peer_random, p_sc_oob_data->peer_oob_data.randomizer,
1753 sizeof(p_cb->peer_random));
1754 memcpy(p_cb->remote_commitment, p_sc_oob_data->peer_oob_data.commitment,
1755 sizeof(p_cb->remote_commitment));
1756
1757 uint8_t reason = SMP_CONFIRM_VALUE_ERR;
1758 /* check commitment */
1759 if (!smp_check_commitment(p_cb)) {
1760 p_cb->failure = reason;
1761 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1762 return;
1763 }
1764
1765 if (p_cb->peer_oob_flag != SMP_OOB_PRESENT) {
1766 /* the peer doesn't have local randomiser */
1767 SMP_TRACE_EVENT(
1768 "%s: peer didn't receive local OOB data, set local randomizer to 0",
1769 __func__);
1770 memset(p_cb->local_random, 0, sizeof(p_cb->local_random));
1771 }
1772 }
1773
1774 print128(p_cb->local_random, (const uint8_t*)"local OOB randomizer");
1775 print128(p_cb->peer_random, (const uint8_t*)"peer OOB randomizer");
1776 smp_start_nonce_generation(p_cb);
1777 }
1778
1779 /*******************************************************************************
1780 * Function smp_set_local_oob_keys
1781 * Description Saves calculated private/public keys in
1782 * sc_oob_data.loc_oob_data, starts nonce generation
1783 * (to be saved in sc_oob_data.loc_oob_data.randomizer).
1784 ******************************************************************************/
smp_set_local_oob_keys(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1785 void smp_set_local_oob_keys(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1786 SMP_TRACE_DEBUG("%s", __func__);
1787
1788 memcpy(p_cb->sc_oob_data.loc_oob_data.private_key_used, p_cb->private_key,
1789 BT_OCTET32_LEN);
1790 p_cb->sc_oob_data.loc_oob_data.publ_key_used = p_cb->loc_publ_key;
1791 smp_start_nonce_generation(p_cb);
1792 }
1793
1794 /*******************************************************************************
1795 * Function smp_set_local_oob_random_commitment
1796 * Description Saves calculated randomizer and commitment in
1797 * sc_oob_data.loc_oob_data, passes sc_oob_data.loc_oob_data up
1798 * for safekeeping.
1799 ******************************************************************************/
smp_set_local_oob_random_commitment(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1800 void smp_set_local_oob_random_commitment(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1801 SMP_TRACE_DEBUG("%s", __func__);
1802 memcpy(p_cb->sc_oob_data.loc_oob_data.randomizer, p_cb->rand, BT_OCTET16_LEN);
1803
1804 smp_calculate_f4(p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1805 p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1806 p_cb->sc_oob_data.loc_oob_data.randomizer, 0,
1807 p_cb->sc_oob_data.loc_oob_data.commitment);
1808
1809 #if (SMP_DEBUG == TRUE)
1810 uint8_t* p_print = NULL;
1811 SMP_TRACE_DEBUG("local SC OOB data set:");
1812 p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.addr_sent_to;
1813 smp_debug_print_nbyte_little_endian(p_print, "addr_sent_to",
1814 sizeof(tBLE_BD_ADDR));
1815 p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.private_key_used;
1816 smp_debug_print_nbyte_little_endian(p_print, "private_key_used",
1817 BT_OCTET32_LEN);
1818 p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.publ_key_used.x;
1819 smp_debug_print_nbyte_little_endian(p_print, "publ_key_used.x",
1820 BT_OCTET32_LEN);
1821 p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.publ_key_used.y;
1822 smp_debug_print_nbyte_little_endian(p_print, "publ_key_used.y",
1823 BT_OCTET32_LEN);
1824 p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.randomizer;
1825 smp_debug_print_nbyte_little_endian(p_print, "randomizer", BT_OCTET16_LEN);
1826 p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.commitment;
1827 smp_debug_print_nbyte_little_endian(p_print, "commitment", BT_OCTET16_LEN);
1828 SMP_TRACE_DEBUG("");
1829 #endif
1830
1831 /* pass created OOB data up */
1832 p_cb->cb_evt = SMP_SC_LOC_OOB_DATA_UP_EVT;
1833 smp_send_app_cback(p_cb, NULL);
1834
1835 smp_cb_cleanup(p_cb);
1836 }
1837
1838 /*******************************************************************************
1839 *
1840 * Function smp_link_encrypted
1841 *
1842 * Description This function is called when link is encrypted and notified
1843 * to the slave device. Proceed to to send LTK, DIV and ER to
1844 * master if bonding the devices.
1845 *
1846 *
1847 * Returns void
1848 *
1849 ******************************************************************************/
smp_link_encrypted(BD_ADDR bda,uint8_t encr_enable)1850 void smp_link_encrypted(BD_ADDR bda, uint8_t encr_enable) {
1851 tSMP_CB* p_cb = &smp_cb;
1852
1853 SMP_TRACE_DEBUG("%s encr_enable=%d", __func__, encr_enable);
1854
1855 if (memcmp(&smp_cb.pairing_bda[0], bda, BD_ADDR_LEN) == 0) {
1856 /* encryption completed with STK, remmeber the key size now, could be
1857 * overwite
1858 * when key exchange happens */
1859 if (p_cb->loc_enc_size != 0 && encr_enable) {
1860 /* update the link encryption key size if a SMP pairing just performed */
1861 btm_ble_update_sec_key_size(bda, p_cb->loc_enc_size);
1862 }
1863
1864 smp_sm_event(&smp_cb, SMP_ENCRYPTED_EVT, &encr_enable);
1865 }
1866 }
1867
1868 /*******************************************************************************
1869 *
1870 * Function smp_proc_ltk_request
1871 *
1872 * Description This function is called when LTK request is received from
1873 * controller.
1874 *
1875 * Returns void
1876 *
1877 ******************************************************************************/
smp_proc_ltk_request(BD_ADDR bda)1878 bool smp_proc_ltk_request(BD_ADDR bda) {
1879 SMP_TRACE_DEBUG("%s state = %d", __func__, smp_cb.state);
1880 bool match = false;
1881
1882 if (!memcmp(bda, smp_cb.pairing_bda, BD_ADDR_LEN)) {
1883 match = true;
1884 } else {
1885 BD_ADDR dummy_bda = {0};
1886 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bda);
1887 if (p_dev_rec != NULL &&
1888 0 == memcmp(p_dev_rec->ble.pseudo_addr, smp_cb.pairing_bda,
1889 BD_ADDR_LEN) &&
1890 0 != memcmp(p_dev_rec->ble.pseudo_addr, dummy_bda, BD_ADDR_LEN)) {
1891 match = true;
1892 }
1893 }
1894
1895 if (match && smp_cb.state == SMP_STATE_ENCRYPTION_PENDING) {
1896 smp_sm_event(&smp_cb, SMP_ENC_REQ_EVT, NULL);
1897 return true;
1898 }
1899
1900 return false;
1901 }
1902
1903 /*******************************************************************************
1904 *
1905 * Function smp_process_secure_connection_long_term_key
1906 *
1907 * Description This function is called to process SC LTK.
1908 * SC LTK is calculated and used instead of STK.
1909 * Here SC LTK is saved in BLE DB.
1910 *
1911 * Returns void
1912 *
1913 ******************************************************************************/
smp_process_secure_connection_long_term_key(void)1914 void smp_process_secure_connection_long_term_key(void) {
1915 tSMP_CB* p_cb = &smp_cb;
1916
1917 SMP_TRACE_DEBUG("%s", __func__);
1918 smp_save_secure_connections_long_term_key(p_cb);
1919
1920 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ENC, false);
1921 smp_key_distribution(p_cb, NULL);
1922 }
1923
1924 /*******************************************************************************
1925 *
1926 * Function smp_set_derive_link_key
1927 *
1928 * Description This function is called to set flag that indicates that
1929 * BR/EDR LK has to be derived from LTK after all keys are
1930 * distributed.
1931 *
1932 * Returns void
1933 *
1934 ******************************************************************************/
smp_set_derive_link_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1935 void smp_set_derive_link_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1936 SMP_TRACE_DEBUG("%s", __func__);
1937 p_cb->derive_lk = true;
1938 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_LK, false);
1939 smp_key_distribution(p_cb, NULL);
1940 }
1941
1942 /*******************************************************************************
1943 *
1944 * Function smp_derive_link_key_from_long_term_key
1945 *
1946 * Description This function is called to derive BR/EDR LK from LTK.
1947 *
1948 * Returns void
1949 *
1950 ******************************************************************************/
smp_derive_link_key_from_long_term_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1951 void smp_derive_link_key_from_long_term_key(tSMP_CB* p_cb,
1952 tSMP_INT_DATA* p_data) {
1953 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
1954
1955 SMP_TRACE_DEBUG("%s", __func__);
1956 if (!smp_calculate_link_key_from_long_term_key(p_cb)) {
1957 SMP_TRACE_ERROR("%s failed", __func__);
1958 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
1959 return;
1960 }
1961 }
1962
1963 /*******************************************************************************
1964 *
1965 * Function smp_br_process_link_key
1966 *
1967 * Description This function is called to process BR/EDR LK:
1968 * - to derive SMP LTK from BR/EDR LK;
1969 *8 - to save SMP LTK.
1970 *
1971 * Returns void
1972 *
1973 ******************************************************************************/
smp_br_process_link_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1974 void smp_br_process_link_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1975 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
1976
1977 SMP_TRACE_DEBUG("%s", __func__);
1978 if (!smp_calculate_long_term_key_from_link_key(p_cb)) {
1979 SMP_TRACE_ERROR("%s failed", __func__);
1980 smp_sm_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &status);
1981 return;
1982 }
1983
1984 SMP_TRACE_DEBUG("%s: LTK derivation from LK successfully completed",
1985 __func__);
1986 smp_save_secure_connections_long_term_key(p_cb);
1987 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ENC, false);
1988 smp_br_select_next_key(p_cb, NULL);
1989 }
1990
1991 /*******************************************************************************
1992 * Function smp_key_distribution_by_transport
1993 * Description depending on the transport used at the moment calls either
1994 * smp_key_distribution(...) or smp_br_key_distribution(...).
1995 ******************************************************************************/
smp_key_distribution_by_transport(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)1996 void smp_key_distribution_by_transport(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1997 SMP_TRACE_DEBUG("%s", __func__);
1998 if (p_cb->smp_over_br) {
1999 smp_br_select_next_key(p_cb, NULL);
2000 } else {
2001 smp_key_distribution(p_cb, NULL);
2002 }
2003 }
2004
2005 /*******************************************************************************
2006 * Function smp_br_pairing_complete
2007 * Description This function is called to send the pairing complete
2008 * callback and remove the connection if needed.
2009 ******************************************************************************/
smp_br_pairing_complete(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)2010 void smp_br_pairing_complete(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
2011 SMP_TRACE_DEBUG("%s", __func__);
2012
2013 if (p_cb->total_tx_unacked == 0) {
2014 /* process the pairing complete */
2015 smp_proc_pairing_cmpl(p_cb);
2016 }
2017 }
2018