1 /******************************************************************************
3 * Copyright (C) 2003-2012 Broadcom Corporation
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 ******************************************************************************/
20 #include "device/include/interop.h"
21 #include "include/bt_target.h"
22 #include "stack/btm/btm_int.h"
23 #include "stack/include/l2c_api.h"
24 #include "stack/smp/smp_int.h"
25 #include "utils/include/bt_utils.h"
27 #if SMP_INCLUDED == TRUE
28 const UINT8 smp_association_table[2][SMP_IO_CAP_MAX][SMP_IO_CAP_MAX] =
31 {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* Display Only */
32 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* SMP_CAP_IO = 1 */
33 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* keyboard only */
34 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */
35 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}}, /* keyboard display */
37 {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* Display Only */
38 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* SMP_CAP_IO = 1 */
39 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* keyboard only */
40 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */
41 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}} /* keyboard display */
42 /* display only */ /*SMP_CAP_IO = 1 */ /* keyboard only */ /* No InputOutput */ /* keyboard display */
45 #define SMP_KEY_DIST_TYPE_MAX 4
46 const tSMP_ACT smp_distribute_act [] =
51 smp_set_derive_link_key
54 static bool lmp_version_below(BD_ADDR bda, uint8_t version)
56 tACL_CONN *acl = btm_bda_to_acl(bda, BT_TRANSPORT_LE);
57 if (acl == NULL || acl->lmp_version == 0)
59 SMP_TRACE_WARNING("%s cannot retrieve LMP version...", __func__);
62 SMP_TRACE_WARNING("%s LMP version %d < %d", __func__, acl->lmp_version, version);
63 return acl->lmp_version < version;
66 /*******************************************************************************
67 ** Function smp_update_key_mask
68 ** Description This function updates the key mask for sending or receiving.
69 *******************************************************************************/
70 static void smp_update_key_mask (tSMP_CB *p_cb, UINT8 key_type, BOOLEAN recv)
72 SMP_TRACE_DEBUG("%s before update role=%d recv=%d local_i_key = %02x, local_r_key = %02x",
73 __func__, p_cb->role, recv, p_cb->local_i_key, p_cb->local_r_key);
75 if (((p_cb->le_secure_connections_mode_is_used) ||
76 (p_cb->smp_over_br)) &&
77 ((key_type == SMP_SEC_KEY_TYPE_ENC) || (key_type == SMP_SEC_KEY_TYPE_LK)))
79 /* in LE SC mode LTK, CSRK and BR/EDR LK are derived locally instead of
80 ** being exchanged with the peer */
81 p_cb->local_i_key &= ~key_type;
82 p_cb->local_r_key &= ~key_type;
85 if (p_cb->role == HCI_ROLE_SLAVE)
88 p_cb->local_i_key &= ~key_type;
90 p_cb->local_r_key &= ~key_type;
95 p_cb->local_r_key &= ~key_type;
97 p_cb->local_i_key &= ~key_type;
100 SMP_TRACE_DEBUG("updated local_i_key = %02x, local_r_key = %02x", p_cb->local_i_key,
104 /*******************************************************************************
105 ** Function smp_send_app_cback
106 ** Description notifies application about the events the application is interested in
107 *******************************************************************************/
108 void smp_send_app_cback(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
110 tSMP_EVT_DATA cb_data;
111 tSMP_STATUS callback_rc;
112 SMP_TRACE_DEBUG("%s p_cb->cb_evt=%d", __func__, p_cb->cb_evt);
113 if (p_cb->p_callback && p_cb->cb_evt != 0)
115 switch (p_cb->cb_evt)
117 case SMP_IO_CAP_REQ_EVT:
118 cb_data.io_req.auth_req = p_cb->peer_auth_req;
119 cb_data.io_req.oob_data = SMP_OOB_NONE;
120 cb_data.io_req.io_cap = SMP_DEFAULT_IO_CAPS;
121 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
122 cb_data.io_req.init_keys = p_cb->local_i_key ;
123 cb_data.io_req.resp_keys = p_cb->local_r_key ;
124 SMP_TRACE_WARNING ( "io_cap = %d",cb_data.io_req.io_cap);
128 cb_data.passkey = p_data->passkey;
130 case SMP_SC_OOB_REQ_EVT:
131 cb_data.req_oob_type = p_data->req_oob_type;
133 case SMP_SC_LOC_OOB_DATA_UP_EVT:
134 cb_data.loc_oob_data = p_cb->sc_oob_data.loc_oob_data;
137 case SMP_BR_KEYS_REQ_EVT:
138 cb_data.io_req.auth_req = 0;
139 cb_data.io_req.oob_data = SMP_OOB_NONE;
140 cb_data.io_req.io_cap = 0;
141 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
142 cb_data.io_req.init_keys = SMP_BR_SEC_DEFAULT_KEY;
143 cb_data.io_req.resp_keys = SMP_BR_SEC_DEFAULT_KEY;
150 callback_rc = (*p_cb->p_callback)(p_cb->cb_evt, p_cb->pairing_bda, &cb_data);
152 SMP_TRACE_DEBUG("callback_rc=%d p_cb->cb_evt=%d",callback_rc, p_cb->cb_evt );
154 if (callback_rc == SMP_SUCCESS)
156 switch (p_cb->cb_evt)
158 case SMP_IO_CAP_REQ_EVT:
159 p_cb->loc_auth_req = cb_data.io_req.auth_req;
160 p_cb->local_io_capability = cb_data.io_req.io_cap;
161 p_cb->loc_oob_flag = cb_data.io_req.oob_data;
162 p_cb->loc_enc_size = cb_data.io_req.max_key_size;
163 p_cb->local_i_key = cb_data.io_req.init_keys;
164 p_cb->local_r_key = cb_data.io_req.resp_keys;
166 if (!(p_cb->loc_auth_req & SMP_AUTH_BOND))
168 SMP_TRACE_WARNING ("Non bonding: No keys will be exchanged");
169 p_cb->local_i_key = 0;
170 p_cb->local_r_key = 0;
173 SMP_TRACE_WARNING ( "rcvd auth_req: 0x%02x, io_cap: %d \
174 loc_oob_flag: %d loc_enc_size: %d,"
175 "local_i_key: 0x%02x, local_r_key: 0x%02x",
176 p_cb->loc_auth_req, p_cb->local_io_capability, p_cb->loc_oob_flag,
177 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key);
179 p_cb->secure_connections_only_mode_required =
180 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE;
182 if (p_cb->secure_connections_only_mode_required)
184 p_cb->loc_auth_req |= SMP_SC_SUPPORT_BIT;
187 if (!(p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT)
188 || lmp_version_below(p_cb->pairing_bda, HCI_PROTO_VERSION_4_2)
189 || interop_match_addr(INTEROP_DISABLE_LE_SECURE_CONNECTIONS,
190 (const bt_bdaddr_t *)&p_cb->pairing_bda))
192 p_cb->loc_auth_req &= ~SMP_KP_SUPPORT_BIT;
193 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
194 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
197 SMP_TRACE_WARNING("set auth_req: 0x%02x, local_i_key: 0x%02x, local_r_key: 0x%02x",
198 p_cb->loc_auth_req, p_cb->local_i_key, p_cb->local_r_key);
200 smp_sm_event(p_cb, SMP_IO_RSP_EVT, NULL);
203 case SMP_BR_KEYS_REQ_EVT:
204 p_cb->loc_enc_size = cb_data.io_req.max_key_size;
205 p_cb->local_i_key = cb_data.io_req.init_keys;
206 p_cb->local_r_key = cb_data.io_req.resp_keys;
208 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
209 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
211 SMP_TRACE_WARNING ( "for SMP over BR max_key_size: 0x%02x,\
212 local_i_key: 0x%02x, local_r_key: 0x%02x",
213 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key);
215 smp_br_state_machine_event(p_cb, SMP_BR_KEYS_RSP_EVT, NULL);
221 if (!p_cb->cb_evt && p_cb->discard_sec_req)
223 p_cb->discard_sec_req = FALSE;
224 smp_sm_event(p_cb, SMP_DISCARD_SEC_REQ_EVT, NULL);
227 SMP_TRACE_DEBUG("%s return", __func__);
230 /*******************************************************************************
231 ** Function smp_send_pair_fail
232 ** Description pairing failure to peer device if needed.
233 *******************************************************************************/
234 void smp_send_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
236 p_cb->status = *(UINT8 *)p_data;
237 p_cb->failure = *(UINT8 *)p_data;
239 SMP_TRACE_DEBUG("%s status=%d failure=%d ", __func__, p_cb->status, p_cb->failure);
241 if (p_cb->status <= SMP_MAX_FAIL_RSN_PER_SPEC && p_cb->status != SMP_SUCCESS)
243 smp_send_cmd(SMP_OPCODE_PAIRING_FAILED, p_cb);
244 p_cb->wait_for_authorization_complete = TRUE;
248 /*******************************************************************************
249 ** Function smp_send_pair_req
250 ** Description actions related to sending pairing request
251 *******************************************************************************/
252 void smp_send_pair_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
254 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
255 SMP_TRACE_DEBUG("%s", __func__);
257 /* erase all keys when master sends pairing req*/
259 btm_sec_clear_ble_keys(p_dev_rec);
260 /* do not manipulate the key, let app decide,
261 leave out to BTM to mandate key distribution for bonding case */
262 smp_send_cmd(SMP_OPCODE_PAIRING_REQ, p_cb);
265 /*******************************************************************************
266 ** Function smp_send_pair_rsp
267 ** Description actions related to sending pairing response
268 *******************************************************************************/
269 void smp_send_pair_rsp(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
271 SMP_TRACE_DEBUG("%s", __func__);
273 p_cb->local_i_key &= p_cb->peer_i_key;
274 p_cb->local_r_key &= p_cb->peer_r_key;
276 if (smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb))
278 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
279 smp_use_oob_private_key(p_cb, NULL);
281 smp_decide_association_model(p_cb, NULL);
285 /*******************************************************************************
286 ** Function smp_send_confirm
287 ** Description send confirmation to the peer
288 *******************************************************************************/
289 void smp_send_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
291 SMP_TRACE_DEBUG("%s", __func__);
292 smp_send_cmd(SMP_OPCODE_CONFIRM, p_cb);
295 /*******************************************************************************
296 ** Function smp_send_init
297 ** Description process pairing initializer to slave device
298 *******************************************************************************/
299 void smp_send_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
301 SMP_TRACE_DEBUG("%s", __func__);
302 smp_send_cmd(SMP_OPCODE_INIT, p_cb);
305 /*******************************************************************************
306 ** Function smp_send_rand
307 ** Description send pairing random to the peer
308 *******************************************************************************/
309 void smp_send_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
311 SMP_TRACE_DEBUG("%s", __func__);
312 smp_send_cmd(SMP_OPCODE_RAND, p_cb);
315 /*******************************************************************************
316 ** Function smp_send_pair_public_key
317 ** Description send pairing public key command to the peer
318 *******************************************************************************/
319 void smp_send_pair_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
321 SMP_TRACE_DEBUG("%s", __func__);
322 smp_send_cmd(SMP_OPCODE_PAIR_PUBLIC_KEY, p_cb);
325 /*******************************************************************************
326 ** Function SMP_SEND_COMMITMENT
327 ** Description send commitment command to the peer
328 *******************************************************************************/
329 void smp_send_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
331 SMP_TRACE_DEBUG("%s", __func__);
332 smp_send_cmd(SMP_OPCODE_PAIR_COMMITM, p_cb);
335 /*******************************************************************************
336 ** Function smp_send_dhkey_check
337 ** Description send DHKey Check command to the peer
338 *******************************************************************************/
339 void smp_send_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
341 SMP_TRACE_DEBUG("%s", __func__);
342 smp_send_cmd(SMP_OPCODE_PAIR_DHKEY_CHECK, p_cb);
345 /*******************************************************************************
346 ** Function smp_send_keypress_notification
347 ** Description send Keypress Notification command to the peer
348 *******************************************************************************/
349 void smp_send_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
351 p_cb->local_keypress_notification = *(UINT8 *) p_data;
352 smp_send_cmd(SMP_OPCODE_PAIR_KEYPR_NOTIF, p_cb);
355 /*******************************************************************************
356 ** Function smp_send_enc_info
357 ** Description send encryption information command.
358 *******************************************************************************/
359 void smp_send_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
361 tBTM_LE_LENC_KEYS le_key;
363 SMP_TRACE_DEBUG("%s p_cb->loc_enc_size = %d", __func__, p_cb->loc_enc_size);
364 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
366 smp_send_cmd(SMP_OPCODE_ENCRYPT_INFO, p_cb);
367 smp_send_cmd(SMP_OPCODE_MASTER_ID, p_cb);
369 /* save the DIV and key size information when acting as slave device */
370 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
371 le_key.div = p_cb->div;
372 le_key.key_size = p_cb->loc_enc_size;
373 le_key.sec_level = p_cb->sec_level;
375 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
376 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LENC,
377 (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
379 SMP_TRACE_WARNING ("%s", __func__);
381 smp_key_distribution(p_cb, NULL);
384 /*******************************************************************************
385 ** Function smp_send_id_info
386 ** Description send ID information command.
387 *******************************************************************************/
388 void smp_send_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
390 tBTM_LE_KEY_VALUE le_key;
391 SMP_TRACE_DEBUG("%s", __func__);
392 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, FALSE);
394 smp_send_cmd(SMP_OPCODE_IDENTITY_INFO, p_cb);
395 smp_send_cmd(SMP_OPCODE_ID_ADDR, p_cb);
397 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
398 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LID,
401 SMP_TRACE_WARNING ("%s", __func__);
402 smp_key_distribution_by_transport(p_cb, NULL);
405 /*******************************************************************************
406 ** Function smp_send_csrk_info
407 ** Description send CSRK command.
408 *******************************************************************************/
409 void smp_send_csrk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
411 tBTM_LE_LCSRK_KEYS key;
412 SMP_TRACE_DEBUG("%s", __func__);
413 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, FALSE);
415 if (smp_send_cmd(SMP_OPCODE_SIGN_INFO, p_cb))
418 key.sec_level = p_cb->sec_level;
419 key.counter = 0; /* initialize the local counter */
420 memcpy (key.csrk, p_cb->csrk, BT_OCTET16_LEN);
421 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LCSRK, (tBTM_LE_KEY_VALUE *)&key, TRUE);
424 smp_key_distribution_by_transport(p_cb, NULL);
427 /*******************************************************************************
428 ** Function smp_send_ltk_reply
429 ** Description send LTK reply
430 *******************************************************************************/
431 void smp_send_ltk_reply(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
433 SMP_TRACE_DEBUG("%s", __func__);
434 /* send stk as LTK response */
435 btm_ble_ltk_request_reply(p_cb->pairing_bda, TRUE, p_data->key.p_data);
438 /*******************************************************************************
439 ** Function smp_proc_sec_req
440 ** Description process security request.
441 *******************************************************************************/
442 void smp_proc_sec_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
444 tBTM_LE_AUTH_REQ auth_req = *(tBTM_LE_AUTH_REQ *)p_data;
445 tBTM_BLE_SEC_REQ_ACT sec_req_act;
448 SMP_TRACE_DEBUG("%s auth_req=0x%x", __func__, auth_req);
452 btm_ble_link_sec_check(p_cb->pairing_bda, auth_req, &sec_req_act);
454 SMP_TRACE_DEBUG("%s sec_req_act=0x%x", __func__, sec_req_act);
458 case BTM_BLE_SEC_REQ_ACT_ENCRYPT:
459 SMP_TRACE_DEBUG("%s BTM_BLE_SEC_REQ_ACT_ENCRYPT", __func__);
460 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
463 case BTM_BLE_SEC_REQ_ACT_PAIR:
464 p_cb->secure_connections_only_mode_required =
465 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE;
467 /* respond to non SC pairing request as failure in SC only mode */
468 if (p_cb->secure_connections_only_mode_required &&
469 (auth_req & SMP_SC_SUPPORT_BIT) == 0)
471 reason = SMP_PAIR_AUTH_FAIL;
472 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
476 /* initialize local i/r key to be default keys */
477 p_cb->peer_auth_req = auth_req;
478 p_cb->local_r_key = p_cb->local_i_key = SMP_SEC_DEFAULT_KEY ;
479 p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
483 case BTM_BLE_SEC_REQ_ACT_DISCARD:
484 p_cb->discard_sec_req = TRUE;
493 /*******************************************************************************
494 ** Function smp_proc_sec_grant
495 ** Description process security grant.
496 *******************************************************************************/
497 void smp_proc_sec_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
499 UINT8 res= *(UINT8 *)p_data;
500 SMP_TRACE_DEBUG("%s", __func__);
501 if (res != SMP_SUCCESS)
503 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, p_data);
505 else /*otherwise, start pairing */
507 /* send IO request callback */
508 p_cb->cb_evt = SMP_IO_CAP_REQ_EVT;
512 /*******************************************************************************
513 ** Function smp_proc_pair_fail
514 ** Description process pairing failure from peer device
515 *******************************************************************************/
516 void smp_proc_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
518 SMP_TRACE_DEBUG("%s", __func__);
519 p_cb->status = *(UINT8 *)p_data;
522 /*******************************************************************************
523 ** Function smp_proc_pair_cmd
524 ** Description Process the SMP pairing request/response from peer device
525 *******************************************************************************/
526 void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
528 UINT8 *p = (UINT8 *)p_data;
529 UINT8 reason = SMP_ENC_KEY_SIZE;
530 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
532 SMP_TRACE_DEBUG("%s", __func__);
533 /* erase all keys if it is slave proc pairing req*/
534 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
535 btm_sec_clear_ble_keys(p_dev_rec);
537 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
539 STREAM_TO_UINT8(p_cb->peer_io_caps, p);
540 STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
541 STREAM_TO_UINT8(p_cb->peer_auth_req, p);
542 STREAM_TO_UINT8(p_cb->peer_enc_size, p);
543 STREAM_TO_UINT8(p_cb->peer_i_key, p);
544 STREAM_TO_UINT8(p_cb->peer_r_key, p);
546 if (smp_command_has_invalid_parameters(p_cb))
548 reason = SMP_INVALID_PARAMETERS;
549 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
553 if (p_cb->role == HCI_ROLE_SLAVE)
555 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD))
557 /* peer (master) started pairing sending Pairing Request */
558 p_cb->local_i_key = p_cb->peer_i_key;
559 p_cb->local_r_key = p_cb->peer_r_key;
561 p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
563 else /* update local i/r key according to pairing request */
565 /* pairing started with this side (slave) sending Security Request */
566 p_cb->local_i_key &= p_cb->peer_i_key;
567 p_cb->local_r_key &= p_cb->peer_r_key;
568 p_cb->selected_association_model = smp_select_association_model(p_cb);
570 if (p_cb->secure_connections_only_mode_required &&
571 (!(p_cb->le_secure_connections_mode_is_used) ||
572 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
574 SMP_TRACE_ERROR("%s pairing failed - slave requires secure connection only mode",
576 reason = SMP_PAIR_AUTH_FAIL;
577 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
581 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
583 if (smp_request_oob_data(p_cb)) return;
587 smp_send_pair_rsp(p_cb, NULL);
591 else /* Master receives pairing response */
593 p_cb->selected_association_model = smp_select_association_model(p_cb);
595 if (p_cb->secure_connections_only_mode_required &&
596 (!(p_cb->le_secure_connections_mode_is_used) ||
597 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
599 SMP_TRACE_ERROR ("Master requires secure connection only mode \
600 but it can't be provided -> Master fails pairing");
601 reason = SMP_PAIR_AUTH_FAIL;
602 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
606 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
608 if (smp_request_oob_data(p_cb)) return;
612 smp_decide_association_model(p_cb, NULL);
617 /*******************************************************************************
618 ** Function smp_proc_confirm
619 ** Description process pairing confirm from peer device
620 *******************************************************************************/
621 void smp_proc_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
623 UINT8 *p = (UINT8 *)p_data;
624 UINT8 reason = SMP_INVALID_PARAMETERS;
626 SMP_TRACE_DEBUG("%s", __func__);
628 if (smp_command_has_invalid_parameters(p_cb))
630 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
636 /* save the SConfirm for comparison later */
637 STREAM_TO_ARRAY(p_cb->rconfirm, p, BT_OCTET16_LEN);
640 p_cb->flags |= SMP_PAIR_FLAGS_CMD_CONFIRM;
643 /*******************************************************************************
644 ** Function smp_proc_init
645 ** Description process pairing initializer from peer device
646 *******************************************************************************/
647 void smp_proc_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
649 UINT8 *p = (UINT8 *)p_data;
650 UINT8 reason = SMP_INVALID_PARAMETERS;
652 SMP_TRACE_DEBUG("%s", __func__);
654 if (smp_command_has_invalid_parameters(p_cb))
656 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
660 /* save the SRand for comparison */
661 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
664 /*******************************************************************************
665 ** Function smp_proc_rand
666 ** Description process pairing random (nonce) from peer device
667 *******************************************************************************/
668 void smp_proc_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
670 UINT8 *p = (UINT8 *)p_data;
671 UINT8 reason = SMP_INVALID_PARAMETERS;
673 SMP_TRACE_DEBUG("%s", __func__);
675 if (smp_command_has_invalid_parameters(p_cb))
677 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
681 /* save the SRand for comparison */
682 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
685 /*******************************************************************************
686 ** Function smp_process_pairing_public_key
687 ** Description process pairing public key command from the peer device
688 ** - saves the peer public key;
689 ** - sets the flag indicating that the peer public key is received;
690 ** - calls smp_wait_for_both_public_keys(...).
692 *******************************************************************************/
693 void smp_process_pairing_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
695 UINT8 *p = (UINT8 *)p_data;
696 UINT8 reason = SMP_INVALID_PARAMETERS;
698 SMP_TRACE_DEBUG("%s", __func__);
700 if (smp_command_has_invalid_parameters(p_cb))
702 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
706 STREAM_TO_ARRAY(p_cb->peer_publ_key.x, p, BT_OCTET32_LEN);
707 STREAM_TO_ARRAY(p_cb->peer_publ_key.y, p, BT_OCTET32_LEN);
708 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY;
710 smp_wait_for_both_public_keys(p_cb, NULL);
713 /*******************************************************************************
714 ** Function smp_process_pairing_commitment
715 ** Description process pairing commitment from peer device
716 *******************************************************************************/
717 void smp_process_pairing_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
719 UINT8 *p = (UINT8 *)p_data;
720 UINT8 reason = SMP_INVALID_PARAMETERS;
722 SMP_TRACE_DEBUG("%s", __func__);
724 if (smp_command_has_invalid_parameters(p_cb))
726 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
730 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_COMM;
734 STREAM_TO_ARRAY(p_cb->remote_commitment, p, BT_OCTET16_LEN);
738 /*******************************************************************************
739 ** Function smp_process_dhkey_check
740 ** Description process DHKey Check from peer device
741 *******************************************************************************/
742 void smp_process_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
744 UINT8 *p = (UINT8 *)p_data;
745 UINT8 reason = SMP_INVALID_PARAMETERS;
747 SMP_TRACE_DEBUG("%s", __func__);
749 if (smp_command_has_invalid_parameters(p_cb))
751 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
757 STREAM_TO_ARRAY(p_cb->remote_dhkey_check, p, BT_OCTET16_LEN);
760 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK;
763 /*******************************************************************************
764 ** Function smp_process_keypress_notification
765 ** Description process pairing keypress notification from peer device
766 *******************************************************************************/
767 void smp_process_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
769 UINT8 *p = (UINT8 *)p_data;
770 UINT8 reason = SMP_INVALID_PARAMETERS;
772 SMP_TRACE_DEBUG("%s", __func__);
773 p_cb->status = *(UINT8 *)p_data;
775 if (smp_command_has_invalid_parameters(p_cb))
777 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
783 STREAM_TO_UINT8(p_cb->peer_keypress_notification, p);
787 p_cb->peer_keypress_notification = BTM_SP_KEY_OUT_OF_RANGE;
789 p_cb->cb_evt = SMP_PEER_KEYPR_NOT_EVT;
792 /*******************************************************************************
793 ** Function smp_br_process_pairing_command
794 ** Description Process the SMP pairing request/response from peer device via
796 *******************************************************************************/
797 void smp_br_process_pairing_command(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
799 UINT8 *p = (UINT8 *)p_data;
800 UINT8 reason = SMP_ENC_KEY_SIZE;
801 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
803 SMP_TRACE_DEBUG("%s", __func__);
804 /* rejecting BR pairing request over non-SC BR link */
805 if (!p_dev_rec->new_encryption_key_is_p256 && p_cb->role == HCI_ROLE_SLAVE)
807 reason = SMP_XTRANS_DERIVE_NOT_ALLOW;
808 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
812 /* erase all keys if it is slave proc pairing req*/
813 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
814 btm_sec_clear_ble_keys(p_dev_rec);
816 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
818 STREAM_TO_UINT8(p_cb->peer_io_caps, p);
819 STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
820 STREAM_TO_UINT8(p_cb->peer_auth_req, p);
821 STREAM_TO_UINT8(p_cb->peer_enc_size, p);
822 STREAM_TO_UINT8(p_cb->peer_i_key, p);
823 STREAM_TO_UINT8(p_cb->peer_r_key, p);
825 if (smp_command_has_invalid_parameters(p_cb))
827 reason = SMP_INVALID_PARAMETERS;
828 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
832 /* peer (master) started pairing sending Pairing Request */
833 /* or being master device always use received i/r key as keys to distribute */
834 p_cb->local_i_key = p_cb->peer_i_key;
835 p_cb->local_r_key = p_cb->peer_r_key;
837 if (p_cb->role == HCI_ROLE_SLAVE)
839 p_dev_rec->new_encryption_key_is_p256 = FALSE;
840 /* shortcut to skip Security Grant step */
841 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
843 else /* Master receives pairing response */
845 SMP_TRACE_DEBUG("%s master rcvs valid PAIRING RESPONSE."
846 " Supposed to move to key distribution phase. ", __func__);
849 /* auth_req received via BR/EDR SM channel is set to 0,
850 but everything derived/exchanged has to be saved */
851 p_cb->peer_auth_req |= SMP_AUTH_BOND;
852 p_cb->loc_auth_req |= SMP_AUTH_BOND;
855 /*******************************************************************************
856 ** Function smp_br_process_security_grant
857 ** Description process security grant in case of pairing over BR/EDR transport.
858 *******************************************************************************/
859 void smp_br_process_security_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
861 UINT8 res= *(UINT8 *)p_data;
862 SMP_TRACE_DEBUG("%s", __func__);
863 if (res != SMP_SUCCESS)
865 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, p_data);
867 else /*otherwise, start pairing */
869 /* send IO request callback */
870 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
874 /*******************************************************************************
875 ** Function smp_br_check_authorization_request
876 ** Description sets the SMP kes to be derived/distribute over BR/EDR transport
877 ** before starting the distribution/derivation
878 *******************************************************************************/
879 void smp_br_check_authorization_request(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
881 UINT8 reason = SMP_SUCCESS;
883 SMP_TRACE_DEBUG("%s rcvs i_keys=0x%x r_keys=0x%x "
884 "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key,
887 /* In LE SC mode LK field is ignored when BR/EDR transport is used */
888 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
889 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
891 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
892 ** Set local_r_key on master to expect only these keys. */
893 if (p_cb->role == HCI_ROLE_MASTER)
895 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
898 SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x "
899 "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key,
902 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
903 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
904 (p_cb->local_i_key || p_cb->local_r_key))
906 smp_br_state_machine_event(p_cb, SMP_BR_BOND_REQ_EVT, NULL);
908 /* if no peer key is expected, start master key distribution */
909 if (p_cb->role == HCI_ROLE_MASTER && p_cb->local_r_key == 0)
910 smp_key_distribution_by_transport(p_cb, NULL);
914 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
918 /*******************************************************************************
919 ** Function smp_br_select_next_key
920 ** Description selects the next key to derive/send when BR/EDR transport is
922 *******************************************************************************/
923 void smp_br_select_next_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
925 UINT8 reason = SMP_SUCCESS;
926 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x",
927 __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
929 if (p_cb->role == HCI_ROLE_SLAVE||
930 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER))
932 smp_key_pick_key(p_cb, p_data);
935 if (!p_cb->local_i_key && !p_cb->local_r_key)
937 /* state check to prevent re-entrance */
938 if (smp_get_br_state() == SMP_BR_STATE_BOND_PENDING)
940 if (p_cb->total_tx_unacked == 0)
941 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
943 p_cb->wait_for_authorization_complete = TRUE;
948 /*******************************************************************************
949 ** Function smp_proc_enc_info
950 ** Description process encryption information from peer device
951 *******************************************************************************/
952 void smp_proc_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
954 UINT8 *p = (UINT8 *)p_data;
956 SMP_TRACE_DEBUG("%s", __func__);
957 STREAM_TO_ARRAY(p_cb->ltk, p, BT_OCTET16_LEN);
959 smp_key_distribution(p_cb, NULL);
961 /*******************************************************************************
962 ** Function smp_proc_master_id
963 ** Description process master ID from slave device
964 *******************************************************************************/
965 void smp_proc_master_id(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
967 UINT8 *p = (UINT8 *)p_data;
968 tBTM_LE_PENC_KEYS le_key;
970 SMP_TRACE_DEBUG("%s", __func__);
971 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, TRUE);
973 STREAM_TO_UINT16(le_key.ediv, p);
974 STREAM_TO_ARRAY(le_key.rand, p, BT_OCTET8_LEN );
976 /* store the encryption keys from peer device */
977 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
978 le_key.sec_level = p_cb->sec_level;
979 le_key.key_size = p_cb->loc_enc_size;
981 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
982 btm_sec_save_le_key(p_cb->pairing_bda,
984 (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
986 smp_key_distribution(p_cb, NULL);
989 /*******************************************************************************
990 ** Function smp_proc_enc_info
991 ** Description process identity information from peer device
992 *******************************************************************************/
993 void smp_proc_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
995 UINT8 *p = (UINT8 *)p_data;
997 SMP_TRACE_DEBUG("%s", __func__);
998 STREAM_TO_ARRAY (p_cb->tk, p, BT_OCTET16_LEN); /* reuse TK for IRK */
999 smp_key_distribution_by_transport(p_cb, NULL);
1002 /*******************************************************************************
1003 ** Function smp_proc_id_addr
1004 ** Description process identity address from peer device
1005 *******************************************************************************/
1006 void smp_proc_id_addr(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1008 UINT8 *p = (UINT8 *)p_data;
1009 tBTM_LE_PID_KEYS pid_key;
1011 SMP_TRACE_DEBUG("%s", __func__);
1012 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, TRUE);
1014 STREAM_TO_UINT8(pid_key.addr_type, p);
1015 STREAM_TO_BDADDR(pid_key.static_addr, p);
1016 memcpy(pid_key.irk, p_cb->tk, BT_OCTET16_LEN);
1018 /* to use as BD_ADDR for lk derived from ltk */
1019 p_cb->id_addr_rcvd = TRUE;
1020 p_cb->id_addr_type = pid_key.addr_type;
1021 memcpy(p_cb->id_addr, pid_key.static_addr, BD_ADDR_LEN);
1023 /* store the ID key from peer device */
1024 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
1025 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PID,
1026 (tBTM_LE_KEY_VALUE *)&pid_key, TRUE);
1027 smp_key_distribution_by_transport(p_cb, NULL);
1030 /*******************************************************************************
1031 ** Function smp_proc_srk_info
1032 ** Description process security information from peer device
1033 *******************************************************************************/
1034 void smp_proc_srk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1036 tBTM_LE_PCSRK_KEYS le_key;
1038 SMP_TRACE_DEBUG("%s", __func__);
1039 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, TRUE);
1041 /* save CSRK to security record */
1042 le_key.sec_level = p_cb->sec_level;
1043 memcpy (le_key.csrk, p_data, BT_OCTET16_LEN); /* get peer CSRK */
1044 le_key.counter = 0; /* initialize the peer counter */
1046 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
1047 btm_sec_save_le_key(p_cb->pairing_bda,
1049 (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
1050 smp_key_distribution_by_transport(p_cb, NULL);
1053 /*******************************************************************************
1054 ** Function smp_proc_compare
1055 ** Description process compare value
1056 *******************************************************************************/
1057 void smp_proc_compare(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1061 SMP_TRACE_DEBUG("%s", __func__);
1062 if (!memcmp(p_cb->rconfirm, p_data->key.p_data, BT_OCTET16_LEN))
1064 /* compare the max encryption key size, and save the smaller one for the link */
1065 if ( p_cb->peer_enc_size < p_cb->loc_enc_size)
1066 p_cb->loc_enc_size = p_cb->peer_enc_size;
1068 if (p_cb->role == HCI_ROLE_SLAVE)
1069 smp_sm_event(p_cb, SMP_RAND_EVT, NULL);
1072 /* master device always use received i/r key as keys to distribute */
1073 p_cb->local_i_key = p_cb->peer_i_key;
1074 p_cb->local_r_key = p_cb->peer_r_key;
1076 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1082 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1083 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1087 /*******************************************************************************
1088 ** Function smp_proc_sl_key
1089 ** Description process key ready events.
1090 *******************************************************************************/
1091 void smp_proc_sl_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1093 UINT8 key_type = p_data->key.key_type;
1095 SMP_TRACE_DEBUG("%s", __func__);
1096 if (key_type == SMP_KEY_TYPE_TK)
1098 smp_generate_srand_mrand_confirm(p_cb, NULL);
1100 else if (key_type == SMP_KEY_TYPE_CFM)
1102 smp_set_state(SMP_STATE_WAIT_CONFIRM);
1104 if (p_cb->flags & SMP_PAIR_FLAGS_CMD_CONFIRM)
1105 smp_sm_event(p_cb, SMP_CONFIRM_EVT, NULL);
1109 /*******************************************************************************
1110 ** Function smp_start_enc
1111 ** Description start encryption
1112 *******************************************************************************/
1113 void smp_start_enc(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1116 UINT8 reason = SMP_ENC_FAIL;
1118 SMP_TRACE_DEBUG("%s", __func__);
1120 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, TRUE, p_data->key.p_data);
1122 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, FALSE, NULL);
1124 if (cmd != BTM_CMD_STARTED && cmd != BTM_BUSY)
1125 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1128 /*******************************************************************************
1129 ** Function smp_proc_discard
1130 ** Description processing for discard security request
1131 *******************************************************************************/
1132 void smp_proc_discard(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1134 SMP_TRACE_DEBUG("%s", __func__);
1135 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD))
1136 smp_reset_control_value(p_cb);
1139 /*******************************************************************************
1140 ** Function smp_enc_cmpl
1141 ** Description encryption success
1142 *******************************************************************************/
1143 void smp_enc_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1145 UINT8 enc_enable = *(UINT8 *)p_data;
1146 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1148 SMP_TRACE_DEBUG("%s", __func__);
1149 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1152 /*******************************************************************************
1153 ** Function smp_check_auth_req
1154 ** Description check authentication request
1155 *******************************************************************************/
1156 void smp_check_auth_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1158 UINT8 enc_enable = *(UINT8 *)p_data;
1159 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1161 SMP_TRACE_DEBUG("%s rcvs enc_enable=%d i_keys=0x%x r_keys=0x%x "
1162 "(i-initiator r-responder)",
1163 __func__, enc_enable, p_cb->local_i_key, p_cb->local_r_key);
1164 if (enc_enable == 1)
1166 if (p_cb->le_secure_connections_mode_is_used)
1168 /* In LE SC mode LTK is used instead of STK and has to be always saved */
1169 p_cb->local_i_key |= SMP_SEC_KEY_TYPE_ENC;
1170 p_cb->local_r_key |= SMP_SEC_KEY_TYPE_ENC;
1172 /* In LE SC mode LK is derived from LTK only if both sides request it */
1173 if (!(p_cb->local_i_key & SMP_SEC_KEY_TYPE_LK) ||
1174 !(p_cb->local_r_key & SMP_SEC_KEY_TYPE_LK))
1176 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1177 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1180 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
1181 ** Set local_r_key on master to expect only these keys.
1183 if (p_cb->role == HCI_ROLE_MASTER)
1185 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
1190 /* in legacy mode derivation of BR/EDR LK is not supported */
1191 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1192 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1194 SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x "
1195 "(i-initiator r-responder)",
1196 __func__, p_cb->local_i_key, p_cb->local_r_key);
1198 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
1199 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
1200 (p_cb->local_i_key || p_cb->local_r_key))
1202 smp_sm_event(p_cb, SMP_BOND_REQ_EVT, NULL);
1205 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1207 else if (enc_enable == 0)
1209 /* if failed for encryption after pairing, send callback */
1210 if (p_cb->flags & SMP_PAIR_FLAG_ENC_AFTER_PAIR)
1211 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1212 /* if enc failed for old security information */
1213 /* if master device, clean up and abck to idle; slave device do nothing */
1214 else if (p_cb->role == HCI_ROLE_MASTER)
1216 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1221 /*******************************************************************************
1222 ** Function smp_key_pick_key
1223 ** Description Pick a key distribution function based on the key mask.
1224 *******************************************************************************/
1225 void smp_key_pick_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1227 UINT8 key_to_dist = (p_cb->role == HCI_ROLE_SLAVE) ? p_cb->local_r_key : p_cb->local_i_key;
1230 SMP_TRACE_DEBUG("%s key_to_dist=0x%x", __func__, key_to_dist);
1231 while (i < SMP_KEY_DIST_TYPE_MAX)
1233 SMP_TRACE_DEBUG("key to send = %02x, i = %d", key_to_dist, i);
1235 if (key_to_dist & (1 << i))
1237 SMP_TRACE_DEBUG("smp_distribute_act[%d]", i);
1238 (* smp_distribute_act[i])(p_cb, p_data);
1244 /*******************************************************************************
1245 ** Function smp_key_distribution
1246 ** Description start key distribution if required.
1247 *******************************************************************************/
1248 void smp_key_distribution(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1250 UINT8 reason = SMP_SUCCESS;
1251 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x",
1252 __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
1254 if (p_cb->role == HCI_ROLE_SLAVE ||
1255 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER))
1257 smp_key_pick_key(p_cb, p_data);
1260 if (!p_cb->local_i_key && !p_cb->local_r_key)
1262 /* state check to prevent re-entrant */
1263 if (smp_get_state() == SMP_STATE_BOND_PENDING)
1265 if (p_cb->derive_lk)
1267 smp_derive_link_key_from_long_term_key(p_cb, NULL);
1268 p_cb->derive_lk = FALSE;
1271 if (p_cb->total_tx_unacked == 0)
1272 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1274 p_cb->wait_for_authorization_complete = TRUE;
1279 /*******************************************************************************
1280 ** Function smp_decide_association_model
1281 ** Description This function is called to select assoc model to be used for
1282 ** STK generation and to start STK generation process.
1284 *******************************************************************************/
1285 void smp_decide_association_model(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1287 UINT8 failure = SMP_UNKNOWN_IO_CAP;
1290 tSMP_INT_DATA *p = NULL;
1292 SMP_TRACE_DEBUG("%s Association Model = %d", __func__, p_cb->selected_association_model);
1294 switch (p_cb->selected_association_model)
1296 case SMP_MODEL_ENCRYPTION_ONLY: /* TK = 0, go calculate Confirm */
1297 if (p_cb->role == HCI_ROLE_MASTER &&
1298 ((p_cb->peer_auth_req & SMP_AUTH_YN_BIT) != 0) &&
1299 ((p_cb->loc_auth_req & SMP_AUTH_YN_BIT) == 0))
1301 SMP_TRACE_ERROR ("IO capability does not meet authentication requirement");
1302 failure = SMP_PAIR_AUTH_FAIL;
1303 p = (tSMP_INT_DATA *)&failure;
1304 int_evt = SMP_AUTH_CMPL_EVT;
1308 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1309 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level );
1311 key.key_type = SMP_KEY_TYPE_TK;
1312 key.p_data = p_cb->tk;
1313 p = (tSMP_INT_DATA *)&key;
1315 memset(p_cb->tk, 0, BT_OCTET16_LEN);
1317 int_evt = SMP_KEY_READY_EVT;
1321 case SMP_MODEL_PASSKEY:
1322 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1323 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1325 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1326 int_evt = SMP_TK_REQ_EVT;
1330 SMP_TRACE_ERROR ("Association Model = SMP_MODEL_OOB");
1331 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1332 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1334 p_cb->cb_evt = SMP_OOB_REQ_EVT;
1335 int_evt = SMP_TK_REQ_EVT;
1338 case SMP_MODEL_KEY_NOTIF:
1339 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1340 SMP_TRACE_DEBUG("Need to generate Passkey");
1342 /* generate passkey and notify application */
1343 smp_generate_passkey(p_cb, NULL);
1346 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1347 case SMP_MODEL_SEC_CONN_NUM_COMP:
1348 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1349 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1350 case SMP_MODEL_SEC_CONN_OOB:
1351 int_evt = SMP_PUBL_KEY_EXCH_REQ_EVT;
1354 case SMP_MODEL_OUT_OF_RANGE:
1355 SMP_TRACE_ERROR("Association Model = SMP_MODEL_OUT_OF_RANGE (failed)");
1356 p = (tSMP_INT_DATA *)&failure;
1357 int_evt = SMP_AUTH_CMPL_EVT;
1361 SMP_TRACE_ERROR("Association Model = %d (SOMETHING IS WRONG WITH THE CODE)",
1362 p_cb->selected_association_model);
1363 p = (tSMP_INT_DATA *)&failure;
1364 int_evt = SMP_AUTH_CMPL_EVT;
1367 SMP_TRACE_EVENT ("sec_level=%d ", p_cb->sec_level );
1369 smp_sm_event(p_cb, int_evt, p);
1372 /*******************************************************************************
1373 ** Function smp_process_io_response
1374 ** Description process IO response for a slave device.
1375 *******************************************************************************/
1376 void smp_process_io_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1378 uint8_t reason = SMP_PAIR_AUTH_FAIL;
1380 SMP_TRACE_DEBUG("%s", __func__);
1381 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)
1383 /* pairing started by local (slave) Security Request */
1384 smp_set_state(SMP_STATE_SEC_REQ_PENDING);
1385 smp_send_cmd(SMP_OPCODE_SEC_REQ, p_cb);
1387 else /* plan to send pairing respond */
1389 /* pairing started by peer (master) Pairing Request */
1390 p_cb->selected_association_model = smp_select_association_model(p_cb);
1392 if (p_cb->secure_connections_only_mode_required &&
1393 (!(p_cb->le_secure_connections_mode_is_used) ||
1394 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
1396 SMP_TRACE_ERROR ("Slave requires secure connection only mode \
1397 but it can't be provided -> Slave fails pairing");
1398 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1402 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
1404 if (smp_request_oob_data(p_cb)) return;
1406 smp_send_pair_rsp(p_cb, NULL);
1410 /*******************************************************************************
1411 ** Function smp_br_process_slave_keys_response
1412 ** Description process application keys response for a slave device
1413 ** (BR/EDR transport).
1414 *******************************************************************************/
1415 void smp_br_process_slave_keys_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1417 smp_br_send_pair_response(p_cb, NULL);
1420 /*******************************************************************************
1421 ** Function smp_br_send_pair_response
1422 ** Description actions related to sending pairing response over BR/EDR transport.
1423 *******************************************************************************/
1424 void smp_br_send_pair_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1426 SMP_TRACE_DEBUG("%s", __func__);
1428 p_cb->local_i_key &= p_cb->peer_i_key;
1429 p_cb->local_r_key &= p_cb->peer_r_key;
1431 smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb);
1434 /*******************************************************************************
1435 ** Function smp_pairing_cmpl
1436 ** Description This function is called to send the pairing complete callback
1437 ** and remove the connection if needed.
1438 *******************************************************************************/
1439 void smp_pairing_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1441 if (p_cb->total_tx_unacked == 0)
1443 /* update connection parameter to remote preferred */
1444 L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, TRUE);
1445 /* process the pairing complete */
1446 smp_proc_pairing_cmpl(p_cb);
1450 /*******************************************************************************
1451 ** Function smp_pair_terminate
1452 ** Description This function is called to send the pairing complete callback
1453 ** and remove the connection if needed.
1454 *******************************************************************************/
1455 void smp_pair_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1457 SMP_TRACE_DEBUG("%s", __func__);
1458 p_cb->status = SMP_CONN_TOUT;
1459 smp_proc_pairing_cmpl(p_cb);
1462 /*******************************************************************************
1463 ** Function smp_idle_terminate
1464 ** Description This function calledin idle state to determine to send authentication
1466 *******************************************************************************/
1467 void smp_idle_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1469 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)
1471 SMP_TRACE_DEBUG("Pairing terminated at IDLE state.");
1472 p_cb->status = SMP_FAIL;
1473 smp_proc_pairing_cmpl(p_cb);
1477 /*******************************************************************************
1478 ** Function smp_fast_conn_param
1479 ** Description apply default connection parameter for pairing process
1480 *******************************************************************************/
1481 void smp_fast_conn_param(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1483 /* disable connection parameter update */
1484 L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, FALSE);
1487 /*******************************************************************************
1488 ** Function smp_both_have_public_keys
1489 ** Description The function is called when both local and peer public keys are
1492 ** - invokes DHKey computation;
1493 ** - on slave side invokes sending local public key to the peer.
1494 ** - invokes SC phase 1 process.
1495 *******************************************************************************/
1496 void smp_both_have_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1498 SMP_TRACE_DEBUG("%s",__func__);
1500 /* invokes DHKey computation */
1501 smp_compute_dhkey(p_cb);
1503 /* on slave side invokes sending local public key to the peer */
1504 if (p_cb->role == HCI_ROLE_SLAVE)
1505 smp_send_pair_public_key(p_cb, NULL);
1507 smp_sm_event(p_cb, SMP_SC_DHKEY_CMPLT_EVT, NULL);
1510 /*******************************************************************************
1511 ** Function smp_start_secure_connection_phase1
1512 ** Description The function starts Secure Connection phase1 i.e. invokes initialization of Secure Connection
1513 ** phase 1 parameters and starts building/sending to the peer
1514 ** messages appropriate for the role and association model.
1515 *******************************************************************************/
1516 void smp_start_secure_connection_phase1(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1518 SMP_TRACE_DEBUG("%s", __func__);
1520 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)
1522 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1523 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level );
1527 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1528 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1531 switch(p_cb->selected_association_model)
1533 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1534 case SMP_MODEL_SEC_CONN_NUM_COMP:
1535 memset(p_cb->local_random, 0, BT_OCTET16_LEN);
1536 smp_start_nonce_generation(p_cb);
1538 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1539 /* user has to provide passkey */
1540 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1541 smp_sm_event(p_cb, SMP_TK_REQ_EVT, NULL);
1543 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1544 /* passkey has to be provided to user */
1545 SMP_TRACE_DEBUG("Need to generate SC Passkey");
1546 smp_generate_passkey(p_cb, NULL);
1548 case SMP_MODEL_SEC_CONN_OOB:
1549 /* use the available OOB information */
1550 smp_process_secure_connection_oob_data(p_cb, NULL);
1553 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1554 p_cb->selected_association_model);
1559 /*******************************************************************************
1560 ** Function smp_process_local_nonce
1561 ** Description The function processes new local nonce.
1563 ** Note It is supposed to be called in SC phase1.
1564 *******************************************************************************/
1565 void smp_process_local_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1567 SMP_TRACE_DEBUG("%s", __func__);
1569 switch(p_cb->selected_association_model)
1571 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1572 case SMP_MODEL_SEC_CONN_NUM_COMP:
1573 if (p_cb->role == HCI_ROLE_SLAVE)
1575 /* slave calculates and sends local commitment */
1576 smp_calculate_local_commitment(p_cb);
1577 smp_send_commitment(p_cb, NULL);
1578 /* slave has to wait for peer nonce */
1579 smp_set_state(SMP_STATE_WAIT_NONCE);
1581 else /* i.e. master */
1583 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM)
1585 /* slave commitment is already received, send local nonce, wait for remote nonce*/
1586 SMP_TRACE_DEBUG("master in assoc mode = %d \
1587 already rcvd slave commitment - race condition",
1588 p_cb->selected_association_model);
1589 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1590 smp_send_rand(p_cb, NULL);
1591 smp_set_state(SMP_STATE_WAIT_NONCE);
1595 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1596 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1597 smp_calculate_local_commitment(p_cb);
1599 if (p_cb->role == HCI_ROLE_MASTER)
1601 smp_send_commitment(p_cb, NULL);
1605 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM)
1607 /* master commitment is already received */
1608 smp_send_commitment(p_cb, NULL);
1609 smp_set_state(SMP_STATE_WAIT_NONCE);
1613 case SMP_MODEL_SEC_CONN_OOB:
1614 if (p_cb->role == HCI_ROLE_MASTER)
1616 smp_send_rand(p_cb, NULL);
1619 smp_set_state(SMP_STATE_WAIT_NONCE);
1622 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1623 p_cb->selected_association_model);
1628 /*******************************************************************************
1629 ** Function smp_process_peer_nonce
1630 ** Description The function processes newly received and saved in CB peer nonce.
1631 ** The actions depend on the selected association model and the role.
1633 ** Note It is supposed to be called in SC phase1.
1634 *******************************************************************************/
1635 void smp_process_peer_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1639 SMP_TRACE_DEBUG("%s start ", __func__);
1641 switch(p_cb->selected_association_model)
1643 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1644 case SMP_MODEL_SEC_CONN_NUM_COMP:
1645 /* in these models only master receives commitment */
1646 if (p_cb->role == HCI_ROLE_MASTER)
1648 if (!smp_check_commitment(p_cb))
1650 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1651 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1657 /* slave sends local nonce */
1658 smp_send_rand(p_cb, NULL);
1661 if(p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)
1663 /* go directly to phase 2 */
1664 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1666 else /* numeric comparison */
1668 smp_set_state(SMP_STATE_WAIT_NONCE);
1669 smp_sm_event(p_cb, SMP_SC_CALC_NC_EVT, NULL);
1672 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1673 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1674 if (!smp_check_commitment(p_cb))
1676 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1677 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1681 if (p_cb->role == HCI_ROLE_SLAVE)
1683 smp_send_rand(p_cb, NULL);
1686 if (++p_cb->round < 20)
1688 smp_set_state(SMP_STATE_SEC_CONN_PHS1_START);
1689 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1690 smp_start_nonce_generation(p_cb);
1694 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1696 case SMP_MODEL_SEC_CONN_OOB:
1697 if (p_cb->role == HCI_ROLE_SLAVE)
1699 smp_send_rand(p_cb, NULL);
1702 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1705 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1706 p_cb->selected_association_model);
1710 SMP_TRACE_DEBUG("%s end ",__FUNCTION__);
1713 /*******************************************************************************
1714 ** Function smp_match_dhkey_checks
1715 ** Description checks if the calculated peer DHKey Check value is the same as
1716 ** received from the peer DHKey check value.
1717 *******************************************************************************/
1718 void smp_match_dhkey_checks(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1720 UINT8 reason = SMP_DHKEY_CHK_FAIL;
1722 SMP_TRACE_DEBUG("%s", __func__);
1724 if (memcmp(p_data->key.p_data, p_cb->remote_dhkey_check, BT_OCTET16_LEN))
1726 SMP_TRACE_WARNING ("dhkey chcks do no match");
1727 p_cb->failure = reason;
1728 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1732 SMP_TRACE_EVENT ("dhkey chcks match");
1734 /* compare the max encryption key size, and save the smaller one for the link */
1735 if (p_cb->peer_enc_size < p_cb->loc_enc_size)
1736 p_cb->loc_enc_size = p_cb->peer_enc_size;
1738 if (p_cb->role == HCI_ROLE_SLAVE)
1740 smp_sm_event(p_cb, SMP_PAIR_DHKEY_CHCK_EVT, NULL);
1744 /* master device always use received i/r key as keys to distribute */
1745 p_cb->local_i_key = p_cb->peer_i_key;
1746 p_cb->local_r_key = p_cb->peer_r_key;
1747 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1751 /*******************************************************************************
1752 ** Function smp_move_to_secure_connections_phase2
1753 ** Description Signal State Machine to start SC phase 2 initialization (to
1754 ** compute local DHKey Check value).
1756 ** Note SM is supposed to be in the state SMP_STATE_SEC_CONN_PHS2_START.
1757 *******************************************************************************/
1758 void smp_move_to_secure_connections_phase2(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1760 SMP_TRACE_DEBUG("%s",__func__);
1761 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1764 /*******************************************************************************
1765 ** Function smp_phase_2_dhkey_checks_are_present
1766 ** Description generates event if dhkey check from the peer is already received.
1768 ** Note It is supposed to be used on slave to prevent race condition.
1769 ** It is supposed to be called after slave dhkey check is calculated.
1770 *******************************************************************************/
1771 void smp_phase_2_dhkey_checks_are_present(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1773 SMP_TRACE_DEBUG("%s",__func__);
1775 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK)
1776 smp_sm_event(p_cb, SMP_SC_2_DHCK_CHKS_PRES_EVT, NULL);
1779 /*******************************************************************************
1780 ** Function smp_wait_for_both_public_keys
1781 ** Description generates SMP_BOTH_PUBL_KEYS_RCVD_EVT event when both local and master
1782 ** public keys are available.
1784 ** Note on the slave it is used to prevent race condition.
1786 *******************************************************************************/
1787 void smp_wait_for_both_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1789 SMP_TRACE_DEBUG("%s",__func__);
1791 if ((p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY) &&
1792 (p_cb->flags & SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY))
1794 if ((p_cb->role == HCI_ROLE_SLAVE) &&
1795 ((p_cb->req_oob_type == SMP_OOB_LOCAL) || (p_cb->req_oob_type == SMP_OOB_BOTH)))
1797 smp_set_state(SMP_STATE_PUBLIC_KEY_EXCH);
1799 smp_sm_event(p_cb, SMP_BOTH_PUBL_KEYS_RCVD_EVT, NULL);
1803 /*******************************************************************************
1804 ** Function smp_start_passkey_verification
1805 ** Description Starts SC passkey entry verification.
1806 *******************************************************************************/
1807 void smp_start_passkey_verification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1811 SMP_TRACE_DEBUG("%s", __func__);
1812 p = p_cb->local_random;
1813 UINT32_TO_STREAM(p, p_data->passkey);
1815 p = p_cb->peer_random;
1816 UINT32_TO_STREAM(p, p_data->passkey);
1819 smp_start_nonce_generation(p_cb);
1822 /*******************************************************************************
1823 ** Function smp_process_secure_connection_oob_data
1824 ** Description Processes local/peer SC OOB data received from somewhere.
1825 *******************************************************************************/
1826 void smp_process_secure_connection_oob_data(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1828 SMP_TRACE_DEBUG("%s", __func__);
1830 tSMP_SC_OOB_DATA *p_sc_oob_data = &p_cb->sc_oob_data;
1831 if (p_sc_oob_data->loc_oob_data.present)
1833 memcpy(p_cb->local_random, p_sc_oob_data->loc_oob_data.randomizer,
1834 sizeof(p_cb->local_random));
1838 SMP_TRACE_EVENT ("local OOB randomizer is absent");
1839 memset(p_cb->local_random, 0, sizeof (p_cb->local_random));
1842 if (!p_sc_oob_data->peer_oob_data.present)
1844 SMP_TRACE_EVENT ("peer OOB data is absent");
1845 memset(p_cb->peer_random, 0, sizeof (p_cb->peer_random));
1849 memcpy(p_cb->peer_random, p_sc_oob_data->peer_oob_data.randomizer,
1850 sizeof(p_cb->peer_random));
1851 memcpy(p_cb->remote_commitment, p_sc_oob_data->peer_oob_data.commitment,
1852 sizeof(p_cb->remote_commitment));
1854 UINT8 reason = SMP_CONFIRM_VALUE_ERR;
1855 /* check commitment */
1856 if (!smp_check_commitment(p_cb))
1858 p_cb->failure = reason;
1859 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1863 if (p_cb->peer_oob_flag != SMP_OOB_PRESENT)
1865 /* the peer doesn't have local randomiser */
1866 SMP_TRACE_EVENT ("peer didn't receive local OOB data, set local randomizer to 0");
1867 memset(p_cb->local_random, 0, sizeof (p_cb->local_random));
1871 print128(p_cb->local_random, (const UINT8 *)"local OOB randomizer");
1872 print128(p_cb->peer_random, (const UINT8 *)"peer OOB randomizer");
1873 smp_start_nonce_generation(p_cb);
1876 /*******************************************************************************
1877 ** Function smp_set_local_oob_keys
1878 ** Description Saves calculated private/public keys in sc_oob_data.loc_oob_data,
1879 ** starts nonce generation
1880 ** (to be saved in sc_oob_data.loc_oob_data.randomizer).
1881 *******************************************************************************/
1882 void smp_set_local_oob_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1884 SMP_TRACE_DEBUG("%s", __func__);
1886 memcpy(p_cb->sc_oob_data.loc_oob_data.private_key_used, p_cb->private_key,
1888 p_cb->sc_oob_data.loc_oob_data.publ_key_used = p_cb->loc_publ_key;
1889 smp_start_nonce_generation(p_cb);
1892 /*******************************************************************************
1893 ** Function smp_set_local_oob_random_commitment
1894 ** Description Saves calculated randomizer and commitment in sc_oob_data.loc_oob_data,
1895 ** passes sc_oob_data.loc_oob_data up for safekeeping.
1896 *******************************************************************************/
1897 void smp_set_local_oob_random_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1899 SMP_TRACE_DEBUG("%s", __func__);
1900 memcpy(p_cb->sc_oob_data.loc_oob_data.randomizer, p_cb->rand,
1903 smp_calculate_f4(p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1904 p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1905 p_cb->sc_oob_data.loc_oob_data.randomizer, 0,
1906 p_cb->sc_oob_data.loc_oob_data.commitment);
1908 #if SMP_DEBUG == TRUE
1909 UINT8 *p_print = NULL;
1910 SMP_TRACE_DEBUG("local SC OOB data set:");
1911 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.addr_sent_to;
1912 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"addr_sent_to",
1913 sizeof(tBLE_BD_ADDR));
1914 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.private_key_used;
1915 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"private_key_used",
1917 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.x;
1918 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.x",
1920 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.y;
1921 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.y",
1923 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.randomizer;
1924 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"randomizer",
1926 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.commitment;
1927 smp_debug_print_nbyte_little_endian (p_print,(const UINT8 *) "commitment",
1929 SMP_TRACE_DEBUG("");
1932 /* pass created OOB data up */
1933 p_cb->cb_evt = SMP_SC_LOC_OOB_DATA_UP_EVT;
1934 smp_send_app_cback(p_cb, NULL);
1936 smp_cb_cleanup(p_cb);
1939 /*******************************************************************************
1941 ** Function smp_link_encrypted
1943 ** Description This function is called when link is encrypted and notified to
1944 ** slave device. Proceed to to send LTK, DIV and ER to master if
1945 ** bonding the devices.
1950 *******************************************************************************/
1951 void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable)
1953 tSMP_CB *p_cb = &smp_cb;
1955 SMP_TRACE_DEBUG("%s encr_enable=%d", __func__, encr_enable);
1957 if (memcmp(&smp_cb.pairing_bda[0], bda, BD_ADDR_LEN) == 0)
1959 /* encryption completed with STK, remmeber the key size now, could be overwite
1960 * when key exchange happens */
1961 if (p_cb->loc_enc_size != 0 && encr_enable)
1963 /* update the link encryption key size if a SMP pairing just performed */
1964 btm_ble_update_sec_key_size(bda, p_cb->loc_enc_size);
1967 smp_sm_event(&smp_cb, SMP_ENCRYPTED_EVT, &encr_enable);
1971 /*******************************************************************************
1973 ** Function smp_proc_ltk_request
1975 ** Description This function is called when LTK request is received from
1980 *******************************************************************************/
1981 BOOLEAN smp_proc_ltk_request(BD_ADDR bda)
1983 SMP_TRACE_DEBUG("%s state = %d", __func__, smp_cb.state);
1984 BOOLEAN match = FALSE;
1986 if (!memcmp(bda, smp_cb.pairing_bda, BD_ADDR_LEN))
1990 BD_ADDR dummy_bda = {0};
1991 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bda);
1992 if (p_dev_rec != NULL &&
1993 0 == memcmp(p_dev_rec->ble.pseudo_addr, smp_cb.pairing_bda, BD_ADDR_LEN) &&
1994 0 != memcmp(p_dev_rec->ble.pseudo_addr, dummy_bda, BD_ADDR_LEN))
2000 if (match && smp_cb.state == SMP_STATE_ENCRYPTION_PENDING)
2002 smp_sm_event(&smp_cb, SMP_ENC_REQ_EVT, NULL);
2009 /*******************************************************************************
2011 ** Function smp_process_secure_connection_long_term_key
2013 ** Description This function is called to process SC LTK.
2014 ** SC LTK is calculated and used instead of STK.
2015 ** Here SC LTK is saved in BLE DB.
2019 *******************************************************************************/
2020 void smp_process_secure_connection_long_term_key(void)
2022 tSMP_CB *p_cb = &smp_cb;
2024 SMP_TRACE_DEBUG("%s", __func__);
2025 smp_save_secure_connections_long_term_key(p_cb);
2027 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
2028 smp_key_distribution(p_cb, NULL);
2031 /*******************************************************************************
2033 ** Function smp_set_derive_link_key
2035 ** Description This function is called to set flag that indicates that
2036 ** BR/EDR LK has to be derived from LTK after all keys are
2041 *******************************************************************************/
2042 void smp_set_derive_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2044 SMP_TRACE_DEBUG ("%s", __func__);
2045 p_cb->derive_lk = TRUE;
2046 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_LK, FALSE);
2047 smp_key_distribution(p_cb, NULL);
2050 /*******************************************************************************
2052 ** Function smp_derive_link_key_from_long_term_key
2054 ** Description This function is called to derive BR/EDR LK from LTK.
2058 *******************************************************************************/
2059 void smp_derive_link_key_from_long_term_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2061 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
2063 SMP_TRACE_DEBUG("%s", __func__);
2064 if (!smp_calculate_link_key_from_long_term_key(p_cb))
2066 SMP_TRACE_ERROR("%s failed", __FUNCTION__);
2067 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
2072 /*******************************************************************************
2074 ** Function smp_br_process_link_key
2076 ** Description This function is called to process BR/EDR LK:
2077 ** - to derive SMP LTK from BR/EDR LK;
2078 *8 - to save SMP LTK.
2082 *******************************************************************************/
2083 void smp_br_process_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2085 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
2087 SMP_TRACE_DEBUG("%s", __func__);
2088 if (!smp_calculate_long_term_key_from_link_key(p_cb))
2090 SMP_TRACE_ERROR ("%s failed",__FUNCTION__);
2091 smp_sm_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &status);
2095 SMP_TRACE_DEBUG("%s: LTK derivation from LK successfully completed", __FUNCTION__);
2096 smp_save_secure_connections_long_term_key(p_cb);
2097 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
2098 smp_br_select_next_key(p_cb, NULL);
2101 /*******************************************************************************
2102 ** Function smp_key_distribution_by_transport
2103 ** Description depending on the transport used at the moment calls either
2104 ** smp_key_distribution(...) or smp_br_key_distribution(...).
2105 *******************************************************************************/
2106 void smp_key_distribution_by_transport(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2108 SMP_TRACE_DEBUG("%s", __func__);
2109 if (p_cb->smp_over_br)
2111 smp_br_select_next_key(p_cb, NULL);
2115 smp_key_distribution(p_cb, NULL);
2119 /*******************************************************************************
2120 ** Function smp_br_pairing_complete
2121 ** Description This function is called to send the pairing complete callback
2122 ** and remove the connection if needed.
2123 *******************************************************************************/
2124 void smp_br_pairing_complete(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2126 SMP_TRACE_DEBUG("%s", __func__);
2128 if (p_cb->total_tx_unacked == 0)
2130 /* process the pairing complete */
2131 smp_proc_pairing_cmpl(p_cb);