1 /******************************************************************************
2 *
3 * Copyright (C) 2014-2015 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 #include "bt_target.h"
20
21 #include <string.h>
22 #include "smp_int.h"
23
24 const char* const smp_br_state_name[SMP_BR_STATE_MAX + 1] = {
25 "SMP_BR_STATE_IDLE", "SMP_BR_STATE_WAIT_APP_RSP",
26 "SMP_BR_STATE_PAIR_REQ_RSP", "SMP_BR_STATE_BOND_PENDING",
27 "SMP_BR_STATE_OUT_OF_RANGE"};
28
29 const char* const smp_br_event_name[SMP_BR_MAX_EVT] = {
30 "BR_PAIRING_REQ_EVT", "BR_PAIRING_RSP_EVT",
31 "BR_CONFIRM_EVT", "BR_RAND_EVT",
32 "BR_PAIRING_FAILED_EVT", "BR_ENCRPTION_INFO_EVT",
33 "BR_MASTER_ID_EVT", "BR_ID_INFO_EVT",
34 "BR_ID_ADDR_EVT", "BR_SIGN_INFO_EVT",
35 "BR_SECURITY_REQ_EVT", "BR_PAIR_PUBLIC_KEY_EVT",
36 "BR_PAIR_DHKEY_CHCK_EVT", "BR_PAIR_KEYPR_NOTIF_EVT",
37 "BR_KEY_READY_EVT", "BR_ENCRYPTED_EVT",
38 "BR_L2CAP_CONN_EVT", "BR_L2CAP_DISCONN_EVT",
39 "BR_KEYS_RSP_EVT", "BR_API_SEC_GRANT_EVT",
40 "BR_TK_REQ_EVT", "BR_AUTH_CMPL_EVT",
41 "BR_ENC_REQ_EVT", "BR_BOND_REQ_EVT",
42 "BR_DISCARD_SEC_REQ_EVT", "BR_OUT_OF_RANGE_EVT"};
43
44 const char* smp_get_br_event_name(tSMP_BR_EVENT event);
45 const char* smp_get_br_state_name(tSMP_BR_STATE state);
46
47 #define SMP_BR_SM_IGNORE 0
48 #define SMP_BR_NUM_ACTIONS 2
49 #define SMP_BR_SME_NEXT_STATE 2
50 #define SMP_BR_SM_NUM_COLS 3
51 typedef const uint8_t (*tSMP_BR_SM_TBL)[SMP_BR_SM_NUM_COLS];
52
53 enum {
54 SMP_SEND_PAIR_REQ,
55 SMP_BR_SEND_PAIR_RSP,
56 SMP_SEND_PAIR_FAIL,
57 SMP_SEND_ID_INFO,
58 SMP_BR_PROC_PAIR_CMD,
59 SMP_PROC_PAIR_FAIL,
60 SMP_PROC_ID_INFO,
61 SMP_PROC_ID_ADDR,
62 SMP_PROC_SRK_INFO,
63 SMP_BR_PROC_SEC_GRANT,
64 SMP_BR_PROC_SL_KEYS_RSP,
65 SMP_BR_KEY_DISTRIBUTION,
66 SMP_BR_PAIRING_COMPLETE,
67 SMP_SEND_APP_CBACK,
68 SMP_BR_CHECK_AUTH_REQ,
69 SMP_PAIR_TERMINATE,
70 SMP_IDLE_TERMINATE,
71 SMP_BR_SM_NO_ACTION
72 };
73
74 static const tSMP_ACT smp_br_sm_action[] = {smp_send_pair_req,
75 smp_br_send_pair_response,
76 smp_send_pair_fail,
77 smp_send_id_info,
78 smp_br_process_pairing_command,
79 smp_proc_pair_fail,
80 smp_proc_id_info,
81 smp_proc_id_addr,
82 smp_proc_srk_info,
83 smp_br_process_security_grant,
84 smp_br_process_slave_keys_response,
85 smp_br_select_next_key,
86 smp_br_pairing_complete,
87 smp_send_app_cback,
88 smp_br_check_authorization_request,
89 smp_pair_terminate,
90 smp_idle_terminate};
91
92 static const uint8_t smp_br_all_table[][SMP_BR_SM_NUM_COLS] = {
93 /* Event Action Next State */
94 /* BR_PAIRING_FAILED */
95 {SMP_PROC_PAIR_FAIL, SMP_BR_PAIRING_COMPLETE, SMP_BR_STATE_IDLE},
96 /* BR_AUTH_CMPL */
97 {SMP_SEND_PAIR_FAIL, SMP_BR_PAIRING_COMPLETE, SMP_BR_STATE_IDLE},
98 /* BR_L2CAP_DISCONN */
99 {SMP_PAIR_TERMINATE, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_IDLE}};
100
101 /************ SMP Master FSM State/Event Indirection Table **************/
102 static const uint8_t smp_br_master_entry_map[][SMP_BR_STATE_MAX] = {
103 /* br_state name: Idle WaitApp Pair Bond
104 Rsp ReqRsp Pend */
105 /* BR_PAIRING_REQ */ {0, 0, 0, 0},
106 /* BR_PAIRING_RSP */ {0, 0, 1, 0},
107 /* BR_CONFIRM */ {0, 0, 0, 0},
108 /* BR_RAND */ {0, 0, 0, 0},
109 /* BR_PAIRING_FAILED */ {0, 0x81, 0x81, 0},
110 /* BR_ENCRPTION_INFO */ {0, 0, 0, 0},
111 /* BR_MASTER_ID */ {0, 0, 0, 0},
112 /* BR_ID_INFO */ {0, 0, 0, 1},
113 /* BR_ID_ADDR */ {0, 0, 0, 2},
114 /* BR_SIGN_INFO */ {0, 0, 0, 3},
115 /* BR_SECURITY_REQ */ {0, 0, 0, 0},
116 /* BR_PAIR_PUBLIC_KEY_EVT */ {0, 0, 0, 0},
117 /* BR_PAIR_DHKEY_CHCK_EVT */ {0, 0, 0, 0},
118 /* BR_PAIR_KEYPR_NOTIF_EVT */ {0, 0, 0, 0},
119 /* BR_KEY_READY */ {0, 0, 0, 0},
120 /* BR_ENCRYPTED */ {0, 0, 0, 0},
121 /* BR_L2CAP_CONN */ {1, 0, 0, 0},
122 /* BR_L2CAP_DISCONN */ {2, 0x83, 0x83, 0x83},
123 /* BR_KEYS_RSP */ {0, 1, 0, 0},
124 /* BR_API_SEC_GRANT */ {0, 0, 0, 0},
125 /* BR_TK_REQ */ {0, 0, 0, 0},
126 /* BR_AUTH_CMPL */ {0, 0x82, 0x82, 0x82},
127 /* BR_ENC_REQ */ {0, 0, 0, 0},
128 /* BR_BOND_REQ */ {0, 0, 2, 0},
129 /* BR_DISCARD_SEC_REQ */ {0, 0, 0, 0}};
130
131 static const uint8_t smp_br_master_idle_table[][SMP_BR_SM_NUM_COLS] = {
132 /* Event Action Next State */
133 /* BR_L2CAP_CONN */
134 {SMP_SEND_APP_CBACK, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_WAIT_APP_RSP},
135 /* BR_L2CAP_DISCONN */
136 {SMP_IDLE_TERMINATE, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_IDLE}};
137
138 static const uint8_t
139 smp_br_master_wait_appln_response_table[][SMP_BR_SM_NUM_COLS] = {
140 /* Event Action Next State */
141 /* BR_KEYS_RSP */
142 {SMP_SEND_PAIR_REQ, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_PAIR_REQ_RSP}};
143
144 static const uint8_t
145 smp_br_master_pair_request_response_table[][SMP_BR_SM_NUM_COLS] = {
146 /* Event Action Next State */
147 /* BR_PAIRING_RSP */
148 {SMP_BR_PROC_PAIR_CMD, SMP_BR_CHECK_AUTH_REQ,
149 SMP_BR_STATE_PAIR_REQ_RSP},
150 /* BR_BOND_REQ */
151 {SMP_BR_SM_NO_ACTION, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING}};
152
153 static const uint8_t smp_br_master_bond_pending_table[][SMP_BR_SM_NUM_COLS] = {
154 /* Event Action Next State */
155 /* BR_ID_INFO */
156 {SMP_PROC_ID_INFO, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING},
157 /* BR_ID_ADDR */
158 {SMP_PROC_ID_ADDR, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING},
159 /* BR_SIGN_INFO */
160 {SMP_PROC_SRK_INFO, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING}};
161
162 static const uint8_t smp_br_slave_entry_map[][SMP_BR_STATE_MAX] = {
163 /* br_state name: Idle WaitApp Pair Bond
164 Rsp ReqRsp Pend */
165 /* BR_PAIRING_REQ */ {1, 0, 0, 0},
166 /* BR_PAIRING_RSP */ {0, 0, 0, 0},
167 /* BR_CONFIRM */ {0, 0, 0, 0},
168 /* BR_RAND */ {0, 0, 0, 0},
169 /* BR_PAIRING_FAILED */ {0, 0x81, 0x81, 0x81},
170 /* BR_ENCRPTION_INFO */ {0, 0, 0, 0},
171 /* BR_MASTER_ID */ {0, 0, 0, 0},
172 /* BR_ID_INFO */ {0, 0, 0, 1},
173 /* BR_ID_ADDR */ {0, 0, 0, 2},
174 /* BR_SIGN_INFO */ {0, 0, 0, 3},
175 /* BR_SECURITY_REQ */ {0, 0, 0, 0},
176 /* BR_PAIR_PUBLIC_KEY_EVT */ {0, 0, 0, 0},
177 /* BR_PAIR_DHKEY_CHCK_EVT */ {0, 0, 0, 0},
178 /* BR_PAIR_KEYPR_NOTIF_EVT */ {0, 0, 0, 0},
179 /* BR_KEY_READY */ {0, 0, 0, 0},
180 /* BR_ENCRYPTED */ {0, 0, 0, 0},
181 /* BR_L2CAP_CONN */ {0, 0, 0, 0},
182 /* BR_L2CAP_DISCONN */ {0, 0x83, 0x83, 0x83},
183 /* BR_KEYS_RSP */ {0, 2, 0, 0},
184 /* BR_API_SEC_GRANT */ {0, 1, 0, 0},
185 /* BR_TK_REQ */ {0, 0, 0, 0},
186 /* BR_AUTH_CMPL */ {0, 0x82, 0x82, 0x82},
187 /* BR_ENC_REQ */ {0, 0, 0, 0},
188 /* BR_BOND_REQ */ {0, 3, 0, 0},
189 /* BR_DISCARD_SEC_REQ */ {0, 0, 0, 0}};
190
191 static const uint8_t smp_br_slave_idle_table[][SMP_BR_SM_NUM_COLS] = {
192 /* Event Action Next State */
193 /* BR_PAIRING_REQ */
194 {SMP_BR_PROC_PAIR_CMD, SMP_SEND_APP_CBACK, SMP_BR_STATE_WAIT_APP_RSP}};
195
196 static const uint8_t
197 smp_br_slave_wait_appln_response_table[][SMP_BR_SM_NUM_COLS] = {
198 /* Event Action Next State */
199 /* BR_API_SEC_GRANT */
200 {SMP_BR_PROC_SEC_GRANT, SMP_SEND_APP_CBACK, SMP_BR_STATE_WAIT_APP_RSP},
201 /* BR_KEYS_RSP */
202 {SMP_BR_PROC_SL_KEYS_RSP, SMP_BR_CHECK_AUTH_REQ,
203 SMP_BR_STATE_WAIT_APP_RSP},
204 /* BR_BOND_REQ */
205 {SMP_BR_KEY_DISTRIBUTION, SMP_BR_SM_NO_ACTION,
206 SMP_BR_STATE_BOND_PENDING}};
207
208 static const uint8_t smp_br_slave_bond_pending_table[][SMP_BR_SM_NUM_COLS] = {
209 /* Event Action Next State */
210 /* BR_ID_INFO */
211 {SMP_PROC_ID_INFO, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING},
212 /* BR_ID_ADDR */
213 {SMP_PROC_ID_ADDR, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING},
214 /* BR_SIGN_INFO */
215 {SMP_PROC_SRK_INFO, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING}};
216
217 static const tSMP_BR_SM_TBL smp_br_state_table[][2] = {
218 /* SMP_BR_STATE_IDLE */
219 {smp_br_master_idle_table, smp_br_slave_idle_table},
220
221 /* SMP_BR_STATE_WAIT_APP_RSP */
222 {smp_br_master_wait_appln_response_table,
223 smp_br_slave_wait_appln_response_table},
224
225 /* SMP_BR_STATE_PAIR_REQ_RSP */
226 {smp_br_master_pair_request_response_table, NULL},
227
228 /* SMP_BR_STATE_BOND_PENDING */
229 {smp_br_master_bond_pending_table, smp_br_slave_bond_pending_table},
230 };
231
232 typedef const uint8_t (*tSMP_BR_ENTRY_TBL)[SMP_BR_STATE_MAX];
233
234 static const tSMP_BR_ENTRY_TBL smp_br_entry_table[] = {smp_br_master_entry_map,
235 smp_br_slave_entry_map};
236
237 #define SMP_BR_ALL_TABLE_MASK 0x80
238
239 /*******************************************************************************
240 * Function smp_set_br_state
241 * Returns None
242 ******************************************************************************/
smp_set_br_state(tSMP_BR_STATE br_state)243 void smp_set_br_state(tSMP_BR_STATE br_state) {
244 if (br_state < SMP_BR_STATE_MAX) {
245 SMP_TRACE_DEBUG("BR_State change: %s(%d) ==> %s(%d)",
246 smp_get_br_state_name(smp_cb.br_state), smp_cb.br_state,
247 smp_get_br_state_name(br_state), br_state);
248 smp_cb.br_state = br_state;
249 } else {
250 SMP_TRACE_DEBUG("%s invalid br_state =%d", __func__, br_state);
251 }
252 }
253
254 /*******************************************************************************
255 * Function smp_get_br_state
256 * Returns The smp_br state
257 ******************************************************************************/
smp_get_br_state(void)258 tSMP_BR_STATE smp_get_br_state(void) { return smp_cb.br_state; }
259
260 /*******************************************************************************
261 * Function smp_get_br_state_name
262 * Returns The smp_br state name.
263 ******************************************************************************/
smp_get_br_state_name(tSMP_BR_STATE br_state)264 const char* smp_get_br_state_name(tSMP_BR_STATE br_state) {
265 const char* p_str = smp_br_state_name[SMP_BR_STATE_MAX];
266
267 if (br_state < SMP_BR_STATE_MAX) p_str = smp_br_state_name[br_state];
268
269 return p_str;
270 }
271 /*******************************************************************************
272 * Function smp_get_br_event_name
273 * Returns The smp_br event name.
274 ******************************************************************************/
smp_get_br_event_name(tSMP_BR_EVENT event)275 const char* smp_get_br_event_name(tSMP_BR_EVENT event) {
276 const char* p_str = smp_br_event_name[SMP_BR_MAX_EVT - 1];
277
278 if (event < SMP_BR_MAX_EVT) {
279 p_str = smp_br_event_name[event - 1];
280 }
281 return p_str;
282 }
283
284 /*******************************************************************************
285 *
286 * Function smp_br_state_machine_event
287 *
288 * Description Handle events to the state machine. It looks up the entry
289 * in the smp_br_entry_table array.
290 * If it is a valid entry, it gets the state table. Set the next
291 * state, if not NULL state. Execute the action function according
292 * to the state table. If the state returned by action function is
293 * not NULL state, adjust the new state to the returned state.
294 *
295 * Returns void.
296 *
297 ******************************************************************************/
smp_br_state_machine_event(tSMP_CB * p_cb,tSMP_BR_EVENT event,void * p_data)298 void smp_br_state_machine_event(tSMP_CB* p_cb, tSMP_BR_EVENT event,
299 void* p_data) {
300 tSMP_BR_STATE curr_state = p_cb->br_state;
301 tSMP_BR_SM_TBL state_table;
302 uint8_t action, entry;
303 tSMP_BR_ENTRY_TBL entry_table = smp_br_entry_table[p_cb->role];
304
305 SMP_TRACE_EVENT("main %s", __func__);
306 if (curr_state >= SMP_BR_STATE_MAX) {
307 SMP_TRACE_DEBUG("Invalid br_state: %d", curr_state);
308 return;
309 }
310
311 SMP_TRACE_DEBUG("SMP Role: %s State: [%s (%d)], Event: [%s (%d)]",
312 (p_cb->role == HCI_ROLE_SLAVE) ? "Slave" : "Master",
313 smp_get_br_state_name(p_cb->br_state), p_cb->br_state,
314 smp_get_br_event_name(event), event);
315
316 /* look up the state table for the current state */
317 /* lookup entry / w event & curr_state */
318 /* If entry is ignore, return.
319 * Otherwise, get state table (according to curr_state or all_state) */
320 if ((event <= SMP_BR_MAX_EVT) &&
321 ((entry = entry_table[event - 1][curr_state]) != SMP_BR_SM_IGNORE)) {
322 if (entry & SMP_BR_ALL_TABLE_MASK) {
323 entry &= ~SMP_BR_ALL_TABLE_MASK;
324 state_table = smp_br_all_table;
325 } else {
326 state_table = smp_br_state_table[curr_state][p_cb->role];
327 }
328 } else {
329 SMP_TRACE_DEBUG("Ignore event [%s (%d)] in state [%s (%d)]",
330 smp_get_br_event_name(event), event,
331 smp_get_br_state_name(curr_state), curr_state);
332 return;
333 }
334
335 /* Get possible next state from state table. */
336
337 smp_set_br_state(state_table[entry - 1][SMP_BR_SME_NEXT_STATE]);
338
339 /* If action is not ignore, clear param, exec action and get next state.
340 * The action function may set the Param for cback.
341 * Depending on param, call cback or free buffer. */
342 /* execute action functions */
343 for (uint8_t i = 0; i < SMP_BR_NUM_ACTIONS; i++) {
344 action = state_table[entry - 1][i];
345 if (action != SMP_BR_SM_NO_ACTION) {
346 (*smp_br_sm_action[action])(p_cb, (tSMP_INT_DATA*)p_data);
347 } else {
348 break;
349 }
350 }
351 SMP_TRACE_DEBUG("result state = %s", smp_get_br_state_name(p_cb->br_state));
352 }
353