1 /******************************************************************************
3 * Copyright (C) 2003-2012 Broadcom Corporation
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 ******************************************************************************/
20 #include "device/include/interop.h"
21 #include "include/bt_target.h"
22 #include "stack/btm/btm_int.h"
23 #include "stack/include/l2c_api.h"
24 #include "stack/smp/smp_int.h"
25 #include "utils/include/bt_utils.h"
27 extern fixed_queue_t *btu_general_alarm_queue;
29 #if SMP_INCLUDED == TRUE
30 const UINT8 smp_association_table[2][SMP_IO_CAP_MAX][SMP_IO_CAP_MAX] =
33 {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* Display Only */
34 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* SMP_CAP_IO = 1 */
35 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* keyboard only */
36 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */
37 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}}, /* keyboard display */
39 {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* Display Only */
40 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* SMP_CAP_IO = 1 */
41 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* keyboard only */
42 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */
43 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}} /* keyboard display */
44 /* display only */ /*SMP_CAP_IO = 1 */ /* keyboard only */ /* No InputOutput */ /* keyboard display */
47 #define SMP_KEY_DIST_TYPE_MAX 4
48 const tSMP_ACT smp_distribute_act [] =
53 smp_set_derive_link_key
56 static bool lmp_version_below(BD_ADDR bda, uint8_t version)
58 tACL_CONN *acl = btm_bda_to_acl(bda, BT_TRANSPORT_LE);
59 if (acl == NULL || acl->lmp_version == 0)
61 SMP_TRACE_WARNING("%s cannot retrieve LMP version...", __func__);
64 SMP_TRACE_WARNING("%s LMP version %d < %d", __func__, acl->lmp_version, version);
65 return acl->lmp_version < version;
68 static bool pts_test_send_authentication_complete_failure(tSMP_CB *p_cb)
72 if (p_cb->cert_failure < 2 || p_cb->cert_failure > 6)
75 SMP_TRACE_ERROR("%s failure case = %d", __func__, p_cb->cert_failure);
77 switch (p_cb->cert_failure)
80 reason = SMP_PAIR_AUTH_FAIL;
81 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
84 reason = SMP_PAIR_FAIL_UNKNOWN;
85 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
88 reason = SMP_PAIR_NOT_SUPPORT;
89 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
92 reason = SMP_PASSKEY_ENTRY_FAIL;
93 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
96 reason = SMP_REPEATED_ATTEMPTS;
97 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
104 /*******************************************************************************
105 ** Function smp_update_key_mask
106 ** Description This function updates the key mask for sending or receiving.
107 *******************************************************************************/
108 static void smp_update_key_mask (tSMP_CB *p_cb, UINT8 key_type, BOOLEAN recv)
110 SMP_TRACE_DEBUG("%s before update role=%d recv=%d local_i_key = %02x, local_r_key = %02x",
111 __func__, p_cb->role, recv, p_cb->local_i_key, p_cb->local_r_key);
113 if (((p_cb->le_secure_connections_mode_is_used) ||
114 (p_cb->smp_over_br)) &&
115 ((key_type == SMP_SEC_KEY_TYPE_ENC) || (key_type == SMP_SEC_KEY_TYPE_LK)))
117 /* in LE SC mode LTK, CSRK and BR/EDR LK are derived locally instead of
118 ** being exchanged with the peer */
119 p_cb->local_i_key &= ~key_type;
120 p_cb->local_r_key &= ~key_type;
123 if (p_cb->role == HCI_ROLE_SLAVE)
126 p_cb->local_i_key &= ~key_type;
128 p_cb->local_r_key &= ~key_type;
133 p_cb->local_r_key &= ~key_type;
135 p_cb->local_i_key &= ~key_type;
138 SMP_TRACE_DEBUG("updated local_i_key = %02x, local_r_key = %02x", p_cb->local_i_key,
142 /*******************************************************************************
143 ** Function smp_send_app_cback
144 ** Description notifies application about the events the application is interested in
145 *******************************************************************************/
146 void smp_send_app_cback(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
148 tSMP_EVT_DATA cb_data;
149 tSMP_STATUS callback_rc;
150 SMP_TRACE_DEBUG("%s p_cb->cb_evt=%d", __func__, p_cb->cb_evt);
151 if (p_cb->p_callback && p_cb->cb_evt != 0)
153 switch (p_cb->cb_evt)
155 case SMP_IO_CAP_REQ_EVT:
156 cb_data.io_req.auth_req = p_cb->peer_auth_req;
157 cb_data.io_req.oob_data = SMP_OOB_NONE;
158 cb_data.io_req.io_cap = SMP_DEFAULT_IO_CAPS;
159 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
160 cb_data.io_req.init_keys = p_cb->local_i_key ;
161 cb_data.io_req.resp_keys = p_cb->local_r_key ;
162 SMP_TRACE_WARNING ( "io_cap = %d",cb_data.io_req.io_cap);
166 cb_data.passkey = p_data->passkey;
168 case SMP_SC_OOB_REQ_EVT:
169 cb_data.req_oob_type = p_data->req_oob_type;
171 case SMP_SC_LOC_OOB_DATA_UP_EVT:
172 cb_data.loc_oob_data = p_cb->sc_oob_data.loc_oob_data;
175 case SMP_BR_KEYS_REQ_EVT:
176 cb_data.io_req.auth_req = 0;
177 cb_data.io_req.oob_data = SMP_OOB_NONE;
178 cb_data.io_req.io_cap = 0;
179 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
180 cb_data.io_req.init_keys = SMP_BR_SEC_DEFAULT_KEY;
181 cb_data.io_req.resp_keys = SMP_BR_SEC_DEFAULT_KEY;
188 callback_rc = (*p_cb->p_callback)(p_cb->cb_evt, p_cb->pairing_bda, &cb_data);
190 SMP_TRACE_DEBUG("callback_rc=%d p_cb->cb_evt=%d",callback_rc, p_cb->cb_evt );
192 if (callback_rc == SMP_SUCCESS)
194 switch (p_cb->cb_evt)
196 case SMP_IO_CAP_REQ_EVT:
197 p_cb->loc_auth_req = cb_data.io_req.auth_req;
198 p_cb->local_io_capability = cb_data.io_req.io_cap;
199 p_cb->loc_oob_flag = cb_data.io_req.oob_data;
200 p_cb->loc_enc_size = cb_data.io_req.max_key_size;
201 p_cb->local_i_key = cb_data.io_req.init_keys;
202 p_cb->local_r_key = cb_data.io_req.resp_keys;
204 if (!(p_cb->loc_auth_req & SMP_AUTH_BOND))
206 SMP_TRACE_WARNING ("Non bonding: No keys will be exchanged");
207 p_cb->local_i_key = 0;
208 p_cb->local_r_key = 0;
211 SMP_TRACE_WARNING ( "rcvd auth_req: 0x%02x, io_cap: %d \
212 loc_oob_flag: %d loc_enc_size: %d,"
213 "local_i_key: 0x%02x, local_r_key: 0x%02x",
214 p_cb->loc_auth_req, p_cb->local_io_capability, p_cb->loc_oob_flag,
215 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key);
217 p_cb->secure_connections_only_mode_required =
218 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE;
220 if (p_cb->secure_connections_only_mode_required)
222 p_cb->loc_auth_req |= SMP_SC_SUPPORT_BIT;
225 if (!(p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT)
226 || lmp_version_below(p_cb->pairing_bda, HCI_PROTO_VERSION_4_2)
227 || interop_match_addr(INTEROP_DISABLE_LE_SECURE_CONNECTIONS,
228 (const bt_bdaddr_t *)&p_cb->pairing_bda))
230 p_cb->loc_auth_req &= ~SMP_KP_SUPPORT_BIT;
231 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
232 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
235 SMP_TRACE_WARNING("set auth_req: 0x%02x, local_i_key: 0x%02x, local_r_key: 0x%02x",
236 p_cb->loc_auth_req, p_cb->local_i_key, p_cb->local_r_key);
238 smp_sm_event(p_cb, SMP_IO_RSP_EVT, NULL);
241 case SMP_BR_KEYS_REQ_EVT:
242 p_cb->loc_enc_size = cb_data.io_req.max_key_size;
243 p_cb->local_i_key = cb_data.io_req.init_keys;
244 p_cb->local_r_key = cb_data.io_req.resp_keys;
246 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
247 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
249 SMP_TRACE_WARNING ( "for SMP over BR max_key_size: 0x%02x,\
250 local_i_key: 0x%02x, local_r_key: 0x%02x",
251 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key);
253 smp_br_state_machine_event(p_cb, SMP_BR_KEYS_RSP_EVT, NULL);
259 if (!p_cb->cb_evt && p_cb->discard_sec_req)
261 p_cb->discard_sec_req = FALSE;
262 smp_sm_event(p_cb, SMP_DISCARD_SEC_REQ_EVT, NULL);
265 SMP_TRACE_DEBUG("%s return", __func__);
268 /*******************************************************************************
269 ** Function smp_send_pair_fail
270 ** Description pairing failure to peer device if needed.
271 *******************************************************************************/
272 void smp_send_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
274 p_cb->status = *(UINT8 *)p_data;
275 p_cb->failure = *(UINT8 *)p_data;
277 SMP_TRACE_DEBUG("%s status=%d failure=%d ", __func__, p_cb->status, p_cb->failure);
279 if (p_cb->status <= SMP_MAX_FAIL_RSN_PER_SPEC && p_cb->status != SMP_SUCCESS)
281 smp_send_cmd(SMP_OPCODE_PAIRING_FAILED, p_cb);
282 p_cb->wait_for_authorization_complete = TRUE;
286 /*******************************************************************************
287 ** Function smp_send_pair_req
288 ** Description actions related to sending pairing request
289 *******************************************************************************/
290 void smp_send_pair_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
292 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
293 SMP_TRACE_DEBUG("%s", __func__);
295 /* erase all keys when master sends pairing req*/
297 btm_sec_clear_ble_keys(p_dev_rec);
298 /* do not manipulate the key, let app decide,
299 leave out to BTM to mandate key distribution for bonding case */
300 smp_send_cmd(SMP_OPCODE_PAIRING_REQ, p_cb);
303 /*******************************************************************************
304 ** Function smp_send_pair_rsp
305 ** Description actions related to sending pairing response
306 *******************************************************************************/
307 void smp_send_pair_rsp(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
309 SMP_TRACE_DEBUG("%s", __func__);
311 p_cb->local_i_key &= p_cb->peer_i_key;
312 p_cb->local_r_key &= p_cb->peer_r_key;
314 if (smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb))
316 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
317 smp_use_oob_private_key(p_cb, NULL);
319 smp_decide_association_model(p_cb, NULL);
323 /*******************************************************************************
324 ** Function smp_send_confirm
325 ** Description send confirmation to the peer
326 *******************************************************************************/
327 void smp_send_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
329 SMP_TRACE_DEBUG("%s", __func__);
330 smp_send_cmd(SMP_OPCODE_CONFIRM, p_cb);
333 /*******************************************************************************
334 ** Function smp_send_init
335 ** Description process pairing initializer to slave device
336 *******************************************************************************/
337 void smp_send_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
339 SMP_TRACE_DEBUG("%s", __func__);
340 smp_send_cmd(SMP_OPCODE_INIT, p_cb);
343 /*******************************************************************************
344 ** Function smp_send_rand
345 ** Description send pairing random to the peer
346 *******************************************************************************/
347 void smp_send_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
349 SMP_TRACE_DEBUG("%s", __func__);
350 smp_send_cmd(SMP_OPCODE_RAND, p_cb);
353 /*******************************************************************************
354 ** Function smp_send_pair_public_key
355 ** Description send pairing public key command to the peer
356 *******************************************************************************/
357 void smp_send_pair_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
359 SMP_TRACE_DEBUG("%s", __func__);
360 smp_send_cmd(SMP_OPCODE_PAIR_PUBLIC_KEY, p_cb);
363 /*******************************************************************************
364 ** Function SMP_SEND_COMMITMENT
365 ** Description send commitment command to the peer
366 *******************************************************************************/
367 void smp_send_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
369 SMP_TRACE_DEBUG("%s", __func__);
370 smp_send_cmd(SMP_OPCODE_PAIR_COMMITM, p_cb);
373 /*******************************************************************************
374 ** Function smp_send_dhkey_check
375 ** Description send DHKey Check command to the peer
376 *******************************************************************************/
377 void smp_send_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
379 SMP_TRACE_DEBUG("%s", __func__);
380 smp_send_cmd(SMP_OPCODE_PAIR_DHKEY_CHECK, p_cb);
383 /*******************************************************************************
384 ** Function smp_send_keypress_notification
385 ** Description send Keypress Notification command to the peer
386 *******************************************************************************/
387 void smp_send_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
389 p_cb->local_keypress_notification = *(UINT8 *) p_data;
390 smp_send_cmd(SMP_OPCODE_PAIR_KEYPR_NOTIF, p_cb);
393 /*******************************************************************************
394 ** Function smp_send_enc_info
395 ** Description send encryption information command.
396 *******************************************************************************/
397 void smp_send_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
399 tBTM_LE_LENC_KEYS le_key;
401 SMP_TRACE_DEBUG("%s p_cb->loc_enc_size = %d", __func__, p_cb->loc_enc_size);
402 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
404 smp_send_cmd(SMP_OPCODE_ENCRYPT_INFO, p_cb);
405 smp_send_cmd(SMP_OPCODE_MASTER_ID, p_cb);
407 /* save the DIV and key size information when acting as slave device */
408 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
409 le_key.div = p_cb->div;
410 le_key.key_size = p_cb->loc_enc_size;
411 le_key.sec_level = p_cb->sec_level;
413 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
414 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LENC,
415 (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
417 SMP_TRACE_WARNING ("%s", __func__);
419 smp_key_distribution(p_cb, NULL);
422 /*******************************************************************************
423 ** Function smp_send_id_info
424 ** Description send ID information command.
425 *******************************************************************************/
426 void smp_send_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
428 tBTM_LE_KEY_VALUE le_key;
429 SMP_TRACE_DEBUG("%s", __func__);
430 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, FALSE);
432 smp_send_cmd(SMP_OPCODE_IDENTITY_INFO, p_cb);
433 smp_send_cmd(SMP_OPCODE_ID_ADDR, p_cb);
435 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
436 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LID,
439 SMP_TRACE_WARNING ("%s", __func__);
440 smp_key_distribution_by_transport(p_cb, NULL);
443 /*******************************************************************************
444 ** Function smp_send_csrk_info
445 ** Description send CSRK command.
446 *******************************************************************************/
447 void smp_send_csrk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
449 tBTM_LE_LCSRK_KEYS key;
450 SMP_TRACE_DEBUG("%s", __func__);
451 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, FALSE);
453 if (smp_send_cmd(SMP_OPCODE_SIGN_INFO, p_cb))
456 key.sec_level = p_cb->sec_level;
457 key.counter = 0; /* initialize the local counter */
458 memcpy (key.csrk, p_cb->csrk, BT_OCTET16_LEN);
459 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LCSRK, (tBTM_LE_KEY_VALUE *)&key, TRUE);
462 smp_key_distribution_by_transport(p_cb, NULL);
465 /*******************************************************************************
466 ** Function smp_send_ltk_reply
467 ** Description send LTK reply
468 *******************************************************************************/
469 void smp_send_ltk_reply(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
471 SMP_TRACE_DEBUG("%s", __func__);
472 /* send stk as LTK response */
473 btm_ble_ltk_request_reply(p_cb->pairing_bda, TRUE, p_data->key.p_data);
476 /*******************************************************************************
477 ** Function smp_proc_sec_req
478 ** Description process security request.
479 *******************************************************************************/
480 void smp_proc_sec_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
482 tBTM_LE_AUTH_REQ auth_req = *(tBTM_LE_AUTH_REQ *)p_data;
483 tBTM_BLE_SEC_REQ_ACT sec_req_act;
486 SMP_TRACE_DEBUG("%s auth_req=0x%x", __func__, auth_req);
490 btm_ble_link_sec_check(p_cb->pairing_bda, auth_req, &sec_req_act);
492 SMP_TRACE_DEBUG("%s sec_req_act=0x%x", __func__, sec_req_act);
496 case BTM_BLE_SEC_REQ_ACT_ENCRYPT:
497 SMP_TRACE_DEBUG("%s BTM_BLE_SEC_REQ_ACT_ENCRYPT", __func__);
498 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
501 case BTM_BLE_SEC_REQ_ACT_PAIR:
502 p_cb->secure_connections_only_mode_required =
503 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE;
505 /* respond to non SC pairing request as failure in SC only mode */
506 if (p_cb->secure_connections_only_mode_required &&
507 (auth_req & SMP_SC_SUPPORT_BIT) == 0)
509 reason = SMP_PAIR_AUTH_FAIL;
510 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
514 /* initialize local i/r key to be default keys */
515 p_cb->peer_auth_req = auth_req;
516 p_cb->local_r_key = p_cb->local_i_key = SMP_SEC_DEFAULT_KEY ;
517 p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
521 case BTM_BLE_SEC_REQ_ACT_DISCARD:
522 p_cb->discard_sec_req = TRUE;
531 /*******************************************************************************
532 ** Function smp_proc_sec_grant
533 ** Description process security grant.
534 *******************************************************************************/
535 void smp_proc_sec_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
537 UINT8 res= *(UINT8 *)p_data;
538 SMP_TRACE_DEBUG("%s", __func__);
539 if (res != SMP_SUCCESS)
541 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, p_data);
543 else /*otherwise, start pairing */
545 /* send IO request callback */
546 p_cb->cb_evt = SMP_IO_CAP_REQ_EVT;
550 /*******************************************************************************
551 ** Function smp_proc_pair_fail
552 ** Description process pairing failure from peer device
553 *******************************************************************************/
554 void smp_proc_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
556 SMP_TRACE_DEBUG("%s", __func__);
557 p_cb->status = *(UINT8 *)p_data;
559 /* Cancel pending auth complete timer if set */
560 alarm_cancel(p_cb->delayed_auth_timer_ent);
563 /*******************************************************************************
564 ** Function smp_proc_pair_cmd
565 ** Description Process the SMP pairing request/response from peer device
566 *******************************************************************************/
567 void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
569 UINT8 *p = (UINT8 *)p_data;
570 UINT8 reason = SMP_ENC_KEY_SIZE;
571 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
573 SMP_TRACE_DEBUG("%s", __func__);
574 /* erase all keys if it is slave proc pairing req*/
575 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
576 btm_sec_clear_ble_keys(p_dev_rec);
578 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
580 STREAM_TO_UINT8(p_cb->peer_io_caps, p);
581 STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
582 STREAM_TO_UINT8(p_cb->peer_auth_req, p);
583 STREAM_TO_UINT8(p_cb->peer_enc_size, p);
584 STREAM_TO_UINT8(p_cb->peer_i_key, p);
585 STREAM_TO_UINT8(p_cb->peer_r_key, p);
587 if (smp_command_has_invalid_parameters(p_cb))
589 reason = SMP_INVALID_PARAMETERS;
590 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
594 // PTS Testing failure modes
595 if (pts_test_send_authentication_complete_failure(p_cb))
598 if (p_cb->role == HCI_ROLE_SLAVE)
600 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD))
602 /* peer (master) started pairing sending Pairing Request */
603 p_cb->local_i_key = p_cb->peer_i_key;
604 p_cb->local_r_key = p_cb->peer_r_key;
606 p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
608 else /* update local i/r key according to pairing request */
610 /* pairing started with this side (slave) sending Security Request */
611 p_cb->local_i_key &= p_cb->peer_i_key;
612 p_cb->local_r_key &= p_cb->peer_r_key;
613 p_cb->selected_association_model = smp_select_association_model(p_cb);
615 if (p_cb->secure_connections_only_mode_required &&
616 (!(p_cb->le_secure_connections_mode_is_used) ||
617 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
619 SMP_TRACE_ERROR("%s pairing failed - slave requires secure connection only mode",
621 reason = SMP_PAIR_AUTH_FAIL;
622 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
626 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
628 if (smp_request_oob_data(p_cb)) return;
632 smp_send_pair_rsp(p_cb, NULL);
636 else /* Master receives pairing response */
638 p_cb->selected_association_model = smp_select_association_model(p_cb);
640 if (p_cb->secure_connections_only_mode_required &&
641 (!(p_cb->le_secure_connections_mode_is_used) ||
642 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
644 SMP_TRACE_ERROR ("Master requires secure connection only mode \
645 but it can't be provided -> Master fails pairing");
646 reason = SMP_PAIR_AUTH_FAIL;
647 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
651 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
653 if (smp_request_oob_data(p_cb)) return;
657 smp_decide_association_model(p_cb, NULL);
662 /*******************************************************************************
663 ** Function smp_proc_confirm
664 ** Description process pairing confirm from peer device
665 *******************************************************************************/
666 void smp_proc_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
668 UINT8 *p = (UINT8 *)p_data;
669 UINT8 reason = SMP_INVALID_PARAMETERS;
671 SMP_TRACE_DEBUG("%s", __func__);
673 if (smp_command_has_invalid_parameters(p_cb))
675 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
681 /* save the SConfirm for comparison later */
682 STREAM_TO_ARRAY(p_cb->rconfirm, p, BT_OCTET16_LEN);
685 p_cb->flags |= SMP_PAIR_FLAGS_CMD_CONFIRM;
688 /*******************************************************************************
689 ** Function smp_proc_init
690 ** Description process pairing initializer from peer device
691 *******************************************************************************/
692 void smp_proc_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
694 UINT8 *p = (UINT8 *)p_data;
695 UINT8 reason = SMP_INVALID_PARAMETERS;
697 SMP_TRACE_DEBUG("%s", __func__);
699 if (smp_command_has_invalid_parameters(p_cb))
701 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
705 /* save the SRand for comparison */
706 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
709 /*******************************************************************************
710 ** Function smp_proc_rand
711 ** Description process pairing random (nonce) from peer device
712 *******************************************************************************/
713 void smp_proc_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
715 UINT8 *p = (UINT8 *)p_data;
716 UINT8 reason = SMP_INVALID_PARAMETERS;
718 SMP_TRACE_DEBUG("%s", __func__);
720 if (smp_command_has_invalid_parameters(p_cb))
722 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
726 /* save the SRand for comparison */
727 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
730 /*******************************************************************************
731 ** Function smp_process_pairing_public_key
732 ** Description process pairing public key command from the peer device
733 ** - saves the peer public key;
734 ** - sets the flag indicating that the peer public key is received;
735 ** - calls smp_wait_for_both_public_keys(...).
737 *******************************************************************************/
738 void smp_process_pairing_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
740 UINT8 *p = (UINT8 *)p_data;
741 UINT8 reason = SMP_INVALID_PARAMETERS;
743 SMP_TRACE_DEBUG("%s", __func__);
745 if (smp_command_has_invalid_parameters(p_cb))
747 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
751 STREAM_TO_ARRAY(p_cb->peer_publ_key.x, p, BT_OCTET32_LEN);
752 STREAM_TO_ARRAY(p_cb->peer_publ_key.y, p, BT_OCTET32_LEN);
753 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY;
755 smp_wait_for_both_public_keys(p_cb, NULL);
758 /*******************************************************************************
759 ** Function smp_process_pairing_commitment
760 ** Description process pairing commitment from peer device
761 *******************************************************************************/
762 void smp_process_pairing_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
764 UINT8 *p = (UINT8 *)p_data;
765 UINT8 reason = SMP_INVALID_PARAMETERS;
767 SMP_TRACE_DEBUG("%s", __func__);
769 if (smp_command_has_invalid_parameters(p_cb))
771 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
775 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_COMM;
779 STREAM_TO_ARRAY(p_cb->remote_commitment, p, BT_OCTET16_LEN);
783 /*******************************************************************************
784 ** Function smp_process_dhkey_check
785 ** Description process DHKey Check from peer device
786 *******************************************************************************/
787 void smp_process_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
789 UINT8 *p = (UINT8 *)p_data;
790 UINT8 reason = SMP_INVALID_PARAMETERS;
792 SMP_TRACE_DEBUG("%s", __func__);
794 if (smp_command_has_invalid_parameters(p_cb))
796 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
802 STREAM_TO_ARRAY(p_cb->remote_dhkey_check, p, BT_OCTET16_LEN);
805 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK;
808 /*******************************************************************************
809 ** Function smp_process_keypress_notification
810 ** Description process pairing keypress notification from peer device
811 *******************************************************************************/
812 void smp_process_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
814 UINT8 *p = (UINT8 *)p_data;
815 UINT8 reason = SMP_INVALID_PARAMETERS;
817 SMP_TRACE_DEBUG("%s", __func__);
818 p_cb->status = *(UINT8 *)p_data;
820 if (smp_command_has_invalid_parameters(p_cb))
822 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
828 STREAM_TO_UINT8(p_cb->peer_keypress_notification, p);
832 p_cb->peer_keypress_notification = BTM_SP_KEY_OUT_OF_RANGE;
834 p_cb->cb_evt = SMP_PEER_KEYPR_NOT_EVT;
837 /*******************************************************************************
838 ** Function smp_br_process_pairing_command
839 ** Description Process the SMP pairing request/response from peer device via
841 *******************************************************************************/
842 void smp_br_process_pairing_command(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
844 UINT8 *p = (UINT8 *)p_data;
845 UINT8 reason = SMP_ENC_KEY_SIZE;
846 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
848 SMP_TRACE_DEBUG("%s", __func__);
849 /* rejecting BR pairing request over non-SC BR link */
850 if (!p_dev_rec->new_encryption_key_is_p256 && p_cb->role == HCI_ROLE_SLAVE)
852 reason = SMP_XTRANS_DERIVE_NOT_ALLOW;
853 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
857 /* erase all keys if it is slave proc pairing req*/
858 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
859 btm_sec_clear_ble_keys(p_dev_rec);
861 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
863 STREAM_TO_UINT8(p_cb->peer_io_caps, p);
864 STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
865 STREAM_TO_UINT8(p_cb->peer_auth_req, p);
866 STREAM_TO_UINT8(p_cb->peer_enc_size, p);
867 STREAM_TO_UINT8(p_cb->peer_i_key, p);
868 STREAM_TO_UINT8(p_cb->peer_r_key, p);
870 if (smp_command_has_invalid_parameters(p_cb))
872 reason = SMP_INVALID_PARAMETERS;
873 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
877 /* peer (master) started pairing sending Pairing Request */
878 /* or being master device always use received i/r key as keys to distribute */
879 p_cb->local_i_key = p_cb->peer_i_key;
880 p_cb->local_r_key = p_cb->peer_r_key;
882 if (p_cb->role == HCI_ROLE_SLAVE)
884 p_dev_rec->new_encryption_key_is_p256 = FALSE;
885 /* shortcut to skip Security Grant step */
886 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
888 else /* Master receives pairing response */
890 SMP_TRACE_DEBUG("%s master rcvs valid PAIRING RESPONSE."
891 " Supposed to move to key distribution phase. ", __func__);
894 /* auth_req received via BR/EDR SM channel is set to 0,
895 but everything derived/exchanged has to be saved */
896 p_cb->peer_auth_req |= SMP_AUTH_BOND;
897 p_cb->loc_auth_req |= SMP_AUTH_BOND;
900 /*******************************************************************************
901 ** Function smp_br_process_security_grant
902 ** Description process security grant in case of pairing over BR/EDR transport.
903 *******************************************************************************/
904 void smp_br_process_security_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
906 UINT8 res= *(UINT8 *)p_data;
907 SMP_TRACE_DEBUG("%s", __func__);
908 if (res != SMP_SUCCESS)
910 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, p_data);
912 else /*otherwise, start pairing */
914 /* send IO request callback */
915 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
919 /*******************************************************************************
920 ** Function smp_br_check_authorization_request
921 ** Description sets the SMP kes to be derived/distribute over BR/EDR transport
922 ** before starting the distribution/derivation
923 *******************************************************************************/
924 void smp_br_check_authorization_request(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
926 UINT8 reason = SMP_SUCCESS;
928 SMP_TRACE_DEBUG("%s rcvs i_keys=0x%x r_keys=0x%x "
929 "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key,
932 /* In LE SC mode LK field is ignored when BR/EDR transport is used */
933 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
934 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
936 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
937 ** Set local_r_key on master to expect only these keys. */
938 if (p_cb->role == HCI_ROLE_MASTER)
940 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
943 SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x "
944 "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key,
947 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
948 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
949 (p_cb->local_i_key || p_cb->local_r_key))
951 smp_br_state_machine_event(p_cb, SMP_BR_BOND_REQ_EVT, NULL);
953 /* if no peer key is expected, start master key distribution */
954 if (p_cb->role == HCI_ROLE_MASTER && p_cb->local_r_key == 0)
955 smp_key_distribution_by_transport(p_cb, NULL);
959 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
963 /*******************************************************************************
964 ** Function smp_br_select_next_key
965 ** Description selects the next key to derive/send when BR/EDR transport is
967 *******************************************************************************/
968 void smp_br_select_next_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
970 UINT8 reason = SMP_SUCCESS;
971 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x",
972 __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
974 if (p_cb->role == HCI_ROLE_SLAVE||
975 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER))
977 smp_key_pick_key(p_cb, p_data);
980 if (!p_cb->local_i_key && !p_cb->local_r_key)
982 /* state check to prevent re-entrance */
983 if (smp_get_br_state() == SMP_BR_STATE_BOND_PENDING)
985 if (p_cb->total_tx_unacked == 0)
986 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
988 p_cb->wait_for_authorization_complete = TRUE;
993 /*******************************************************************************
994 ** Function smp_proc_enc_info
995 ** Description process encryption information from peer device
996 *******************************************************************************/
997 void smp_proc_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
999 UINT8 *p = (UINT8 *)p_data;
1001 SMP_TRACE_DEBUG("%s", __func__);
1002 STREAM_TO_ARRAY(p_cb->ltk, p, BT_OCTET16_LEN);
1004 smp_key_distribution(p_cb, NULL);
1006 /*******************************************************************************
1007 ** Function smp_proc_master_id
1008 ** Description process master ID from slave device
1009 *******************************************************************************/
1010 void smp_proc_master_id(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1012 UINT8 *p = (UINT8 *)p_data;
1013 tBTM_LE_PENC_KEYS le_key;
1015 SMP_TRACE_DEBUG("%s", __func__);
1016 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, TRUE);
1018 STREAM_TO_UINT16(le_key.ediv, p);
1019 STREAM_TO_ARRAY(le_key.rand, p, BT_OCTET8_LEN );
1021 /* store the encryption keys from peer device */
1022 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
1023 le_key.sec_level = p_cb->sec_level;
1024 le_key.key_size = p_cb->loc_enc_size;
1026 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
1027 btm_sec_save_le_key(p_cb->pairing_bda,
1029 (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
1031 smp_key_distribution(p_cb, NULL);
1034 /*******************************************************************************
1035 ** Function smp_proc_enc_info
1036 ** Description process identity information from peer device
1037 *******************************************************************************/
1038 void smp_proc_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1040 UINT8 *p = (UINT8 *)p_data;
1042 SMP_TRACE_DEBUG("%s", __func__);
1043 STREAM_TO_ARRAY (p_cb->tk, p, BT_OCTET16_LEN); /* reuse TK for IRK */
1044 smp_key_distribution_by_transport(p_cb, NULL);
1047 /*******************************************************************************
1048 ** Function smp_proc_id_addr
1049 ** Description process identity address from peer device
1050 *******************************************************************************/
1051 void smp_proc_id_addr(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1053 UINT8 *p = (UINT8 *)p_data;
1054 tBTM_LE_PID_KEYS pid_key;
1056 SMP_TRACE_DEBUG("%s", __func__);
1057 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, TRUE);
1059 STREAM_TO_UINT8(pid_key.addr_type, p);
1060 STREAM_TO_BDADDR(pid_key.static_addr, p);
1061 memcpy(pid_key.irk, p_cb->tk, BT_OCTET16_LEN);
1063 /* to use as BD_ADDR for lk derived from ltk */
1064 p_cb->id_addr_rcvd = TRUE;
1065 p_cb->id_addr_type = pid_key.addr_type;
1066 memcpy(p_cb->id_addr, pid_key.static_addr, BD_ADDR_LEN);
1068 /* store the ID key from peer device */
1069 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
1070 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PID,
1071 (tBTM_LE_KEY_VALUE *)&pid_key, TRUE);
1072 smp_key_distribution_by_transport(p_cb, NULL);
1075 /*******************************************************************************
1076 ** Function smp_proc_srk_info
1077 ** Description process security information from peer device
1078 *******************************************************************************/
1079 void smp_proc_srk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1081 tBTM_LE_PCSRK_KEYS le_key;
1083 SMP_TRACE_DEBUG("%s", __func__);
1084 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, TRUE);
1086 /* save CSRK to security record */
1087 le_key.sec_level = p_cb->sec_level;
1088 memcpy (le_key.csrk, p_data, BT_OCTET16_LEN); /* get peer CSRK */
1089 le_key.counter = 0; /* initialize the peer counter */
1091 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
1092 btm_sec_save_le_key(p_cb->pairing_bda,
1094 (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
1095 smp_key_distribution_by_transport(p_cb, NULL);
1098 /*******************************************************************************
1099 ** Function smp_proc_compare
1100 ** Description process compare value
1101 *******************************************************************************/
1102 void smp_proc_compare(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1106 SMP_TRACE_DEBUG("%s", __func__);
1107 if (!memcmp(p_cb->rconfirm, p_data->key.p_data, BT_OCTET16_LEN))
1109 /* compare the max encryption key size, and save the smaller one for the link */
1110 if ( p_cb->peer_enc_size < p_cb->loc_enc_size)
1111 p_cb->loc_enc_size = p_cb->peer_enc_size;
1113 if (p_cb->role == HCI_ROLE_SLAVE)
1114 smp_sm_event(p_cb, SMP_RAND_EVT, NULL);
1117 /* master device always use received i/r key as keys to distribute */
1118 p_cb->local_i_key = p_cb->peer_i_key;
1119 p_cb->local_r_key = p_cb->peer_r_key;
1121 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1127 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1128 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1132 /*******************************************************************************
1133 ** Function smp_proc_sl_key
1134 ** Description process key ready events.
1135 *******************************************************************************/
1136 void smp_proc_sl_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1138 UINT8 key_type = p_data->key.key_type;
1140 SMP_TRACE_DEBUG("%s", __func__);
1141 if (key_type == SMP_KEY_TYPE_TK)
1143 smp_generate_srand_mrand_confirm(p_cb, NULL);
1145 else if (key_type == SMP_KEY_TYPE_CFM)
1147 smp_set_state(SMP_STATE_WAIT_CONFIRM);
1149 if (p_cb->flags & SMP_PAIR_FLAGS_CMD_CONFIRM)
1150 smp_sm_event(p_cb, SMP_CONFIRM_EVT, NULL);
1154 /*******************************************************************************
1155 ** Function smp_start_enc
1156 ** Description start encryption
1157 *******************************************************************************/
1158 void smp_start_enc(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1161 UINT8 reason = SMP_ENC_FAIL;
1163 SMP_TRACE_DEBUG("%s", __func__);
1165 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, TRUE, p_data->key.p_data);
1167 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, FALSE, NULL);
1169 if (cmd != BTM_CMD_STARTED && cmd != BTM_BUSY)
1170 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1173 /*******************************************************************************
1174 ** Function smp_proc_discard
1175 ** Description processing for discard security request
1176 *******************************************************************************/
1177 void smp_proc_discard(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1179 SMP_TRACE_DEBUG("%s", __func__);
1180 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD))
1181 smp_reset_control_value(p_cb);
1184 /*******************************************************************************
1185 ** Function smp_enc_cmpl
1186 ** Description encryption success
1187 *******************************************************************************/
1188 void smp_enc_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1190 UINT8 enc_enable = *(UINT8 *)p_data;
1191 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1193 SMP_TRACE_DEBUG("%s", __func__);
1194 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1197 /*******************************************************************************
1198 ** Function smp_check_auth_req
1199 ** Description check authentication request
1200 *******************************************************************************/
1201 void smp_check_auth_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1203 UINT8 enc_enable = *(UINT8 *)p_data;
1204 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1206 SMP_TRACE_DEBUG("%s rcvs enc_enable=%d i_keys=0x%x r_keys=0x%x "
1207 "(i-initiator r-responder)",
1208 __func__, enc_enable, p_cb->local_i_key, p_cb->local_r_key);
1209 if (enc_enable == 1)
1211 if (p_cb->le_secure_connections_mode_is_used)
1213 /* In LE SC mode LTK is used instead of STK and has to be always saved */
1214 p_cb->local_i_key |= SMP_SEC_KEY_TYPE_ENC;
1215 p_cb->local_r_key |= SMP_SEC_KEY_TYPE_ENC;
1217 /* In LE SC mode LK is derived from LTK only if both sides request it */
1218 if (!(p_cb->local_i_key & SMP_SEC_KEY_TYPE_LK) ||
1219 !(p_cb->local_r_key & SMP_SEC_KEY_TYPE_LK))
1221 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1222 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1225 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
1226 ** Set local_r_key on master to expect only these keys.
1228 if (p_cb->role == HCI_ROLE_MASTER)
1230 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
1235 /* in legacy mode derivation of BR/EDR LK is not supported */
1236 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1237 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1239 SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x "
1240 "(i-initiator r-responder)",
1241 __func__, p_cb->local_i_key, p_cb->local_r_key);
1243 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
1244 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
1245 (p_cb->local_i_key || p_cb->local_r_key))
1247 smp_sm_event(p_cb, SMP_BOND_REQ_EVT, NULL);
1250 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1252 else if (enc_enable == 0)
1254 /* if failed for encryption after pairing, send callback */
1255 if (p_cb->flags & SMP_PAIR_FLAG_ENC_AFTER_PAIR)
1256 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1257 /* if enc failed for old security information */
1258 /* if master device, clean up and abck to idle; slave device do nothing */
1259 else if (p_cb->role == HCI_ROLE_MASTER)
1261 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1266 /*******************************************************************************
1267 ** Function smp_key_pick_key
1268 ** Description Pick a key distribution function based on the key mask.
1269 *******************************************************************************/
1270 void smp_key_pick_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1272 UINT8 key_to_dist = (p_cb->role == HCI_ROLE_SLAVE) ? p_cb->local_r_key : p_cb->local_i_key;
1275 SMP_TRACE_DEBUG("%s key_to_dist=0x%x", __func__, key_to_dist);
1276 while (i < SMP_KEY_DIST_TYPE_MAX)
1278 SMP_TRACE_DEBUG("key to send = %02x, i = %d", key_to_dist, i);
1280 if (key_to_dist & (1 << i))
1282 SMP_TRACE_DEBUG("smp_distribute_act[%d]", i);
1283 (* smp_distribute_act[i])(p_cb, p_data);
1289 /*******************************************************************************
1290 ** Function smp_key_distribution
1291 ** Description start key distribution if required.
1292 *******************************************************************************/
1293 void smp_key_distribution(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1295 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x",
1296 __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
1298 if (p_cb->role == HCI_ROLE_SLAVE ||
1299 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER))
1301 smp_key_pick_key(p_cb, p_data);
1304 if (!p_cb->local_i_key && !p_cb->local_r_key)
1306 /* state check to prevent re-entrant */
1307 if (smp_get_state() == SMP_STATE_BOND_PENDING)
1309 if (p_cb->derive_lk)
1311 smp_derive_link_key_from_long_term_key(p_cb, NULL);
1312 p_cb->derive_lk = FALSE;
1315 if (p_cb->total_tx_unacked == 0)
1318 * Instead of declaring authorization complete immediately,
1319 * delay the event from being sent by SMP_DELAYED_AUTH_TIMEOUT_MS.
1320 * This allows the slave to send over Pairing Failed if the
1321 * last key is rejected. During this waiting window, the
1322 * state should remain in SMP_STATE_BOND_PENDING.
1324 if (!alarm_is_scheduled(p_cb->delayed_auth_timer_ent)) {
1325 SMP_TRACE_DEBUG("%s delaying auth complete.", __func__);
1326 alarm_set_on_queue(p_cb->delayed_auth_timer_ent, SMP_DELAYED_AUTH_TIMEOUT_MS,
1327 smp_delayed_auth_complete_timeout, NULL, btu_general_alarm_queue);
1330 p_cb->wait_for_authorization_complete = TRUE;
1336 /*******************************************************************************
1337 ** Function smp_decide_association_model
1338 ** Description This function is called to select assoc model to be used for
1339 ** STK generation and to start STK generation process.
1341 *******************************************************************************/
1342 void smp_decide_association_model(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1344 UINT8 failure = SMP_UNKNOWN_IO_CAP;
1347 tSMP_INT_DATA *p = NULL;
1349 SMP_TRACE_DEBUG("%s Association Model = %d", __func__, p_cb->selected_association_model);
1351 switch (p_cb->selected_association_model)
1353 case SMP_MODEL_ENCRYPTION_ONLY: /* TK = 0, go calculate Confirm */
1354 if (p_cb->role == HCI_ROLE_MASTER &&
1355 ((p_cb->peer_auth_req & SMP_AUTH_YN_BIT) != 0) &&
1356 ((p_cb->loc_auth_req & SMP_AUTH_YN_BIT) == 0))
1358 SMP_TRACE_ERROR ("IO capability does not meet authentication requirement");
1359 failure = SMP_PAIR_AUTH_FAIL;
1360 p = (tSMP_INT_DATA *)&failure;
1361 int_evt = SMP_AUTH_CMPL_EVT;
1365 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1366 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level );
1368 key.key_type = SMP_KEY_TYPE_TK;
1369 key.p_data = p_cb->tk;
1370 p = (tSMP_INT_DATA *)&key;
1372 memset(p_cb->tk, 0, BT_OCTET16_LEN);
1374 int_evt = SMP_KEY_READY_EVT;
1378 case SMP_MODEL_PASSKEY:
1379 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1380 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1382 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1383 int_evt = SMP_TK_REQ_EVT;
1387 SMP_TRACE_ERROR ("Association Model = SMP_MODEL_OOB");
1388 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1389 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1391 p_cb->cb_evt = SMP_OOB_REQ_EVT;
1392 int_evt = SMP_TK_REQ_EVT;
1395 case SMP_MODEL_KEY_NOTIF:
1396 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1397 SMP_TRACE_DEBUG("Need to generate Passkey");
1399 /* generate passkey and notify application */
1400 smp_generate_passkey(p_cb, NULL);
1403 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1404 case SMP_MODEL_SEC_CONN_NUM_COMP:
1405 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1406 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1407 case SMP_MODEL_SEC_CONN_OOB:
1408 int_evt = SMP_PUBL_KEY_EXCH_REQ_EVT;
1411 case SMP_MODEL_OUT_OF_RANGE:
1412 SMP_TRACE_ERROR("Association Model = SMP_MODEL_OUT_OF_RANGE (failed)");
1413 p = (tSMP_INT_DATA *)&failure;
1414 int_evt = SMP_AUTH_CMPL_EVT;
1418 SMP_TRACE_ERROR("Association Model = %d (SOMETHING IS WRONG WITH THE CODE)",
1419 p_cb->selected_association_model);
1420 p = (tSMP_INT_DATA *)&failure;
1421 int_evt = SMP_AUTH_CMPL_EVT;
1424 SMP_TRACE_EVENT ("sec_level=%d ", p_cb->sec_level );
1426 smp_sm_event(p_cb, int_evt, p);
1429 /*******************************************************************************
1430 ** Function smp_process_io_response
1431 ** Description process IO response for a slave device.
1432 *******************************************************************************/
1433 void smp_process_io_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1435 uint8_t reason = SMP_PAIR_AUTH_FAIL;
1437 SMP_TRACE_DEBUG("%s", __func__);
1438 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)
1440 /* pairing started by local (slave) Security Request */
1441 smp_set_state(SMP_STATE_SEC_REQ_PENDING);
1442 smp_send_cmd(SMP_OPCODE_SEC_REQ, p_cb);
1444 else /* plan to send pairing respond */
1446 /* pairing started by peer (master) Pairing Request */
1447 p_cb->selected_association_model = smp_select_association_model(p_cb);
1449 if (p_cb->secure_connections_only_mode_required &&
1450 (!(p_cb->le_secure_connections_mode_is_used) ||
1451 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
1453 SMP_TRACE_ERROR ("Slave requires secure connection only mode \
1454 but it can't be provided -> Slave fails pairing");
1455 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1459 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
1461 if (smp_request_oob_data(p_cb)) return;
1464 // PTS Testing failure modes
1465 if (pts_test_send_authentication_complete_failure(p_cb))
1468 smp_send_pair_rsp(p_cb, NULL);
1472 /*******************************************************************************
1473 ** Function smp_br_process_slave_keys_response
1474 ** Description process application keys response for a slave device
1475 ** (BR/EDR transport).
1476 *******************************************************************************/
1477 void smp_br_process_slave_keys_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1479 smp_br_send_pair_response(p_cb, NULL);
1482 /*******************************************************************************
1483 ** Function smp_br_send_pair_response
1484 ** Description actions related to sending pairing response over BR/EDR transport.
1485 *******************************************************************************/
1486 void smp_br_send_pair_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1488 SMP_TRACE_DEBUG("%s", __func__);
1490 p_cb->local_i_key &= p_cb->peer_i_key;
1491 p_cb->local_r_key &= p_cb->peer_r_key;
1493 smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb);
1496 /*******************************************************************************
1497 ** Function smp_pairing_cmpl
1498 ** Description This function is called to send the pairing complete callback
1499 ** and remove the connection if needed.
1500 *******************************************************************************/
1501 void smp_pairing_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1503 if (p_cb->total_tx_unacked == 0)
1505 /* update connection parameter to remote preferred */
1506 L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, TRUE);
1507 /* process the pairing complete */
1508 smp_proc_pairing_cmpl(p_cb);
1512 /*******************************************************************************
1513 ** Function smp_pair_terminate
1514 ** Description This function is called to send the pairing complete callback
1515 ** and remove the connection if needed.
1516 *******************************************************************************/
1517 void smp_pair_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1519 SMP_TRACE_DEBUG("%s", __func__);
1520 p_cb->status = SMP_CONN_TOUT;
1521 smp_proc_pairing_cmpl(p_cb);
1524 /*******************************************************************************
1525 ** Function smp_idle_terminate
1526 ** Description This function calledin idle state to determine to send authentication
1528 *******************************************************************************/
1529 void smp_idle_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1531 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)
1533 SMP_TRACE_DEBUG("Pairing terminated at IDLE state.");
1534 p_cb->status = SMP_FAIL;
1535 smp_proc_pairing_cmpl(p_cb);
1539 /*******************************************************************************
1540 ** Function smp_fast_conn_param
1541 ** Description apply default connection parameter for pairing process
1542 *******************************************************************************/
1543 void smp_fast_conn_param(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1545 /* disable connection parameter update */
1546 L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, FALSE);
1549 /*******************************************************************************
1550 ** Function smp_both_have_public_keys
1551 ** Description The function is called when both local and peer public keys are
1554 ** - invokes DHKey computation;
1555 ** - on slave side invokes sending local public key to the peer.
1556 ** - invokes SC phase 1 process.
1557 *******************************************************************************/
1558 void smp_both_have_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1560 SMP_TRACE_DEBUG("%s",__func__);
1562 /* invokes DHKey computation */
1563 smp_compute_dhkey(p_cb);
1565 /* on slave side invokes sending local public key to the peer */
1566 if (p_cb->role == HCI_ROLE_SLAVE)
1567 smp_send_pair_public_key(p_cb, NULL);
1569 smp_sm_event(p_cb, SMP_SC_DHKEY_CMPLT_EVT, NULL);
1572 /*******************************************************************************
1573 ** Function smp_start_secure_connection_phase1
1574 ** Description The function starts Secure Connection phase1 i.e. invokes initialization of Secure Connection
1575 ** phase 1 parameters and starts building/sending to the peer
1576 ** messages appropriate for the role and association model.
1577 *******************************************************************************/
1578 void smp_start_secure_connection_phase1(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1580 SMP_TRACE_DEBUG("%s", __func__);
1582 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)
1584 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1585 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level );
1589 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1590 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1593 switch(p_cb->selected_association_model)
1595 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1596 case SMP_MODEL_SEC_CONN_NUM_COMP:
1597 memset(p_cb->local_random, 0, BT_OCTET16_LEN);
1598 smp_start_nonce_generation(p_cb);
1600 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1601 /* user has to provide passkey */
1602 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1603 smp_sm_event(p_cb, SMP_TK_REQ_EVT, NULL);
1605 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1606 /* passkey has to be provided to user */
1607 SMP_TRACE_DEBUG("Need to generate SC Passkey");
1608 smp_generate_passkey(p_cb, NULL);
1610 case SMP_MODEL_SEC_CONN_OOB:
1611 /* use the available OOB information */
1612 smp_process_secure_connection_oob_data(p_cb, NULL);
1615 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1616 p_cb->selected_association_model);
1621 /*******************************************************************************
1622 ** Function smp_process_local_nonce
1623 ** Description The function processes new local nonce.
1625 ** Note It is supposed to be called in SC phase1.
1626 *******************************************************************************/
1627 void smp_process_local_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1629 SMP_TRACE_DEBUG("%s", __func__);
1631 switch(p_cb->selected_association_model)
1633 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1634 case SMP_MODEL_SEC_CONN_NUM_COMP:
1635 if (p_cb->role == HCI_ROLE_SLAVE)
1637 /* slave calculates and sends local commitment */
1638 smp_calculate_local_commitment(p_cb);
1639 smp_send_commitment(p_cb, NULL);
1640 /* slave has to wait for peer nonce */
1641 smp_set_state(SMP_STATE_WAIT_NONCE);
1643 else /* i.e. master */
1645 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM)
1647 /* slave commitment is already received, send local nonce, wait for remote nonce*/
1648 SMP_TRACE_DEBUG("master in assoc mode = %d \
1649 already rcvd slave commitment - race condition",
1650 p_cb->selected_association_model);
1651 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1652 smp_send_rand(p_cb, NULL);
1653 smp_set_state(SMP_STATE_WAIT_NONCE);
1657 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1658 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1659 smp_calculate_local_commitment(p_cb);
1661 if (p_cb->role == HCI_ROLE_MASTER)
1663 smp_send_commitment(p_cb, NULL);
1667 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM)
1669 /* master commitment is already received */
1670 smp_send_commitment(p_cb, NULL);
1671 smp_set_state(SMP_STATE_WAIT_NONCE);
1675 case SMP_MODEL_SEC_CONN_OOB:
1676 if (p_cb->role == HCI_ROLE_MASTER)
1678 smp_send_rand(p_cb, NULL);
1681 smp_set_state(SMP_STATE_WAIT_NONCE);
1684 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1685 p_cb->selected_association_model);
1690 /*******************************************************************************
1691 ** Function smp_process_peer_nonce
1692 ** Description The function processes newly received and saved in CB peer nonce.
1693 ** The actions depend on the selected association model and the role.
1695 ** Note It is supposed to be called in SC phase1.
1696 *******************************************************************************/
1697 void smp_process_peer_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1701 SMP_TRACE_DEBUG("%s start ", __func__);
1703 // PTS Testing failure modes
1704 if (p_cb->cert_failure == 1) {
1705 SMP_TRACE_ERROR("%s failure case = %d", __func__, p_cb->cert_failure);
1706 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1707 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1711 switch(p_cb->selected_association_model)
1713 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1714 case SMP_MODEL_SEC_CONN_NUM_COMP:
1715 /* in these models only master receives commitment */
1716 if (p_cb->role == HCI_ROLE_MASTER)
1718 if (!smp_check_commitment(p_cb))
1720 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1721 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1727 /* slave sends local nonce */
1728 smp_send_rand(p_cb, NULL);
1731 if(p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)
1733 /* go directly to phase 2 */
1734 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1736 else /* numeric comparison */
1738 smp_set_state(SMP_STATE_WAIT_NONCE);
1739 smp_sm_event(p_cb, SMP_SC_CALC_NC_EVT, NULL);
1742 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1743 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1744 if (!smp_check_commitment(p_cb) && p_cb->cert_failure != 9)
1746 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1747 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1751 if (p_cb->role == HCI_ROLE_SLAVE)
1753 smp_send_rand(p_cb, NULL);
1756 if (++p_cb->round < 20)
1758 smp_set_state(SMP_STATE_SEC_CONN_PHS1_START);
1759 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1760 smp_start_nonce_generation(p_cb);
1764 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1766 case SMP_MODEL_SEC_CONN_OOB:
1767 if (p_cb->role == HCI_ROLE_SLAVE)
1769 smp_send_rand(p_cb, NULL);
1772 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1775 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1776 p_cb->selected_association_model);
1780 SMP_TRACE_DEBUG("%s end ",__FUNCTION__);
1783 /*******************************************************************************
1784 ** Function smp_match_dhkey_checks
1785 ** Description checks if the calculated peer DHKey Check value is the same as
1786 ** received from the peer DHKey check value.
1787 *******************************************************************************/
1788 void smp_match_dhkey_checks(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1790 UINT8 reason = SMP_DHKEY_CHK_FAIL;
1792 SMP_TRACE_DEBUG("%s", __func__);
1794 if (memcmp(p_data->key.p_data, p_cb->remote_dhkey_check, BT_OCTET16_LEN))
1796 SMP_TRACE_WARNING ("dhkey chcks do no match");
1797 p_cb->failure = reason;
1798 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1802 SMP_TRACE_EVENT ("dhkey chcks match");
1804 /* compare the max encryption key size, and save the smaller one for the link */
1805 if (p_cb->peer_enc_size < p_cb->loc_enc_size)
1806 p_cb->loc_enc_size = p_cb->peer_enc_size;
1808 if (p_cb->role == HCI_ROLE_SLAVE)
1810 smp_sm_event(p_cb, SMP_PAIR_DHKEY_CHCK_EVT, NULL);
1814 /* master device always use received i/r key as keys to distribute */
1815 p_cb->local_i_key = p_cb->peer_i_key;
1816 p_cb->local_r_key = p_cb->peer_r_key;
1817 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1821 /*******************************************************************************
1822 ** Function smp_move_to_secure_connections_phase2
1823 ** Description Signal State Machine to start SC phase 2 initialization (to
1824 ** compute local DHKey Check value).
1826 ** Note SM is supposed to be in the state SMP_STATE_SEC_CONN_PHS2_START.
1827 *******************************************************************************/
1828 void smp_move_to_secure_connections_phase2(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1830 SMP_TRACE_DEBUG("%s",__func__);
1831 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1834 /*******************************************************************************
1835 ** Function smp_phase_2_dhkey_checks_are_present
1836 ** Description generates event if dhkey check from the peer is already received.
1838 ** Note It is supposed to be used on slave to prevent race condition.
1839 ** It is supposed to be called after slave dhkey check is calculated.
1840 *******************************************************************************/
1841 void smp_phase_2_dhkey_checks_are_present(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1843 SMP_TRACE_DEBUG("%s",__func__);
1845 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK)
1846 smp_sm_event(p_cb, SMP_SC_2_DHCK_CHKS_PRES_EVT, NULL);
1849 /*******************************************************************************
1850 ** Function smp_wait_for_both_public_keys
1851 ** Description generates SMP_BOTH_PUBL_KEYS_RCVD_EVT event when both local and master
1852 ** public keys are available.
1854 ** Note on the slave it is used to prevent race condition.
1856 *******************************************************************************/
1857 void smp_wait_for_both_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1859 SMP_TRACE_DEBUG("%s",__func__);
1861 if ((p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY) &&
1862 (p_cb->flags & SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY))
1864 if ((p_cb->role == HCI_ROLE_SLAVE) &&
1865 ((p_cb->req_oob_type == SMP_OOB_LOCAL) || (p_cb->req_oob_type == SMP_OOB_BOTH)))
1867 smp_set_state(SMP_STATE_PUBLIC_KEY_EXCH);
1869 smp_sm_event(p_cb, SMP_BOTH_PUBL_KEYS_RCVD_EVT, NULL);
1873 /*******************************************************************************
1874 ** Function smp_start_passkey_verification
1875 ** Description Starts SC passkey entry verification.
1876 *******************************************************************************/
1877 void smp_start_passkey_verification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1881 SMP_TRACE_DEBUG("%s", __func__);
1882 p = p_cb->local_random;
1883 UINT32_TO_STREAM(p, p_data->passkey);
1885 p = p_cb->peer_random;
1886 UINT32_TO_STREAM(p, p_data->passkey);
1889 smp_start_nonce_generation(p_cb);
1892 /*******************************************************************************
1893 ** Function smp_process_secure_connection_oob_data
1894 ** Description Processes local/peer SC OOB data received from somewhere.
1895 *******************************************************************************/
1896 void smp_process_secure_connection_oob_data(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1898 SMP_TRACE_DEBUG("%s", __func__);
1900 tSMP_SC_OOB_DATA *p_sc_oob_data = &p_cb->sc_oob_data;
1901 if (p_sc_oob_data->loc_oob_data.present)
1903 memcpy(p_cb->local_random, p_sc_oob_data->loc_oob_data.randomizer,
1904 sizeof(p_cb->local_random));
1908 SMP_TRACE_EVENT ("local OOB randomizer is absent");
1909 memset(p_cb->local_random, 0, sizeof (p_cb->local_random));
1912 if (!p_sc_oob_data->peer_oob_data.present)
1914 SMP_TRACE_EVENT ("peer OOB data is absent");
1915 memset(p_cb->peer_random, 0, sizeof (p_cb->peer_random));
1919 memcpy(p_cb->peer_random, p_sc_oob_data->peer_oob_data.randomizer,
1920 sizeof(p_cb->peer_random));
1921 memcpy(p_cb->remote_commitment, p_sc_oob_data->peer_oob_data.commitment,
1922 sizeof(p_cb->remote_commitment));
1924 UINT8 reason = SMP_CONFIRM_VALUE_ERR;
1925 /* check commitment */
1926 if (!smp_check_commitment(p_cb))
1928 p_cb->failure = reason;
1929 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1933 if (p_cb->peer_oob_flag != SMP_OOB_PRESENT)
1935 /* the peer doesn't have local randomiser */
1936 SMP_TRACE_EVENT ("peer didn't receive local OOB data, set local randomizer to 0");
1937 memset(p_cb->local_random, 0, sizeof (p_cb->local_random));
1941 print128(p_cb->local_random, (const UINT8 *)"local OOB randomizer");
1942 print128(p_cb->peer_random, (const UINT8 *)"peer OOB randomizer");
1943 smp_start_nonce_generation(p_cb);
1946 /*******************************************************************************
1947 ** Function smp_set_local_oob_keys
1948 ** Description Saves calculated private/public keys in sc_oob_data.loc_oob_data,
1949 ** starts nonce generation
1950 ** (to be saved in sc_oob_data.loc_oob_data.randomizer).
1951 *******************************************************************************/
1952 void smp_set_local_oob_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1954 SMP_TRACE_DEBUG("%s", __func__);
1956 memcpy(p_cb->sc_oob_data.loc_oob_data.private_key_used, p_cb->private_key,
1958 p_cb->sc_oob_data.loc_oob_data.publ_key_used = p_cb->loc_publ_key;
1959 smp_start_nonce_generation(p_cb);
1962 /*******************************************************************************
1963 ** Function smp_set_local_oob_random_commitment
1964 ** Description Saves calculated randomizer and commitment in sc_oob_data.loc_oob_data,
1965 ** passes sc_oob_data.loc_oob_data up for safekeeping.
1966 *******************************************************************************/
1967 void smp_set_local_oob_random_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1969 SMP_TRACE_DEBUG("%s", __func__);
1970 memcpy(p_cb->sc_oob_data.loc_oob_data.randomizer, p_cb->rand,
1973 smp_calculate_f4(p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1974 p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1975 p_cb->sc_oob_data.loc_oob_data.randomizer, 0,
1976 p_cb->sc_oob_data.loc_oob_data.commitment);
1978 #if SMP_DEBUG == TRUE
1979 UINT8 *p_print = NULL;
1980 SMP_TRACE_DEBUG("local SC OOB data set:");
1981 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.addr_sent_to;
1982 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"addr_sent_to",
1983 sizeof(tBLE_BD_ADDR));
1984 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.private_key_used;
1985 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"private_key_used",
1987 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.x;
1988 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.x",
1990 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.y;
1991 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.y",
1993 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.randomizer;
1994 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"randomizer",
1996 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.commitment;
1997 smp_debug_print_nbyte_little_endian (p_print,(const UINT8 *) "commitment",
1999 SMP_TRACE_DEBUG("");
2002 /* pass created OOB data up */
2003 p_cb->cb_evt = SMP_SC_LOC_OOB_DATA_UP_EVT;
2004 smp_send_app_cback(p_cb, NULL);
2006 smp_cb_cleanup(p_cb);
2009 /*******************************************************************************
2011 ** Function smp_link_encrypted
2013 ** Description This function is called when link is encrypted and notified to
2014 ** slave device. Proceed to to send LTK, DIV and ER to master if
2015 ** bonding the devices.
2020 *******************************************************************************/
2021 void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable)
2023 tSMP_CB *p_cb = &smp_cb;
2025 SMP_TRACE_DEBUG("%s encr_enable=%d", __func__, encr_enable);
2027 if (memcmp(&smp_cb.pairing_bda[0], bda, BD_ADDR_LEN) == 0)
2029 /* encryption completed with STK, remmeber the key size now, could be overwite
2030 * when key exchange happens */
2031 if (p_cb->loc_enc_size != 0 && encr_enable)
2033 /* update the link encryption key size if a SMP pairing just performed */
2034 btm_ble_update_sec_key_size(bda, p_cb->loc_enc_size);
2037 smp_sm_event(&smp_cb, SMP_ENCRYPTED_EVT, &encr_enable);
2041 /*******************************************************************************
2043 ** Function smp_proc_ltk_request
2045 ** Description This function is called when LTK request is received from
2050 *******************************************************************************/
2051 BOOLEAN smp_proc_ltk_request(BD_ADDR bda)
2053 SMP_TRACE_DEBUG("%s state = %d", __func__, smp_cb.state);
2054 BOOLEAN match = FALSE;
2056 if (!memcmp(bda, smp_cb.pairing_bda, BD_ADDR_LEN))
2060 BD_ADDR dummy_bda = {0};
2061 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bda);
2062 if (p_dev_rec != NULL &&
2063 0 == memcmp(p_dev_rec->ble.pseudo_addr, smp_cb.pairing_bda, BD_ADDR_LEN) &&
2064 0 != memcmp(p_dev_rec->ble.pseudo_addr, dummy_bda, BD_ADDR_LEN))
2070 if (match && smp_cb.state == SMP_STATE_ENCRYPTION_PENDING)
2072 smp_sm_event(&smp_cb, SMP_ENC_REQ_EVT, NULL);
2079 /*******************************************************************************
2081 ** Function smp_process_secure_connection_long_term_key
2083 ** Description This function is called to process SC LTK.
2084 ** SC LTK is calculated and used instead of STK.
2085 ** Here SC LTK is saved in BLE DB.
2089 *******************************************************************************/
2090 void smp_process_secure_connection_long_term_key(void)
2092 tSMP_CB *p_cb = &smp_cb;
2094 SMP_TRACE_DEBUG("%s", __func__);
2095 smp_save_secure_connections_long_term_key(p_cb);
2097 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
2098 smp_key_distribution(p_cb, NULL);
2101 /*******************************************************************************
2103 ** Function smp_set_derive_link_key
2105 ** Description This function is called to set flag that indicates that
2106 ** BR/EDR LK has to be derived from LTK after all keys are
2111 *******************************************************************************/
2112 void smp_set_derive_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2114 SMP_TRACE_DEBUG ("%s", __func__);
2115 p_cb->derive_lk = TRUE;
2116 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_LK, FALSE);
2117 smp_key_distribution(p_cb, NULL);
2120 /*******************************************************************************
2122 ** Function smp_derive_link_key_from_long_term_key
2124 ** Description This function is called to derive BR/EDR LK from LTK.
2128 *******************************************************************************/
2129 void smp_derive_link_key_from_long_term_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2131 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
2133 SMP_TRACE_DEBUG("%s", __func__);
2134 if (!smp_calculate_link_key_from_long_term_key(p_cb))
2136 SMP_TRACE_ERROR("%s failed", __FUNCTION__);
2137 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
2142 /*******************************************************************************
2144 ** Function smp_br_process_link_key
2146 ** Description This function is called to process BR/EDR LK:
2147 ** - to derive SMP LTK from BR/EDR LK;
2148 *8 - to save SMP LTK.
2152 *******************************************************************************/
2153 void smp_br_process_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2155 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
2157 SMP_TRACE_DEBUG("%s", __func__);
2158 if (!smp_calculate_long_term_key_from_link_key(p_cb))
2160 SMP_TRACE_ERROR ("%s failed",__FUNCTION__);
2161 smp_sm_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &status);
2165 SMP_TRACE_DEBUG("%s: LTK derivation from LK successfully completed", __FUNCTION__);
2166 smp_save_secure_connections_long_term_key(p_cb);
2167 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
2168 smp_br_select_next_key(p_cb, NULL);
2171 /*******************************************************************************
2172 ** Function smp_key_distribution_by_transport
2173 ** Description depending on the transport used at the moment calls either
2174 ** smp_key_distribution(...) or smp_br_key_distribution(...).
2175 *******************************************************************************/
2176 void smp_key_distribution_by_transport(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2178 SMP_TRACE_DEBUG("%s", __func__);
2179 if (p_cb->smp_over_br)
2181 smp_br_select_next_key(p_cb, NULL);
2185 smp_key_distribution(p_cb, NULL);
2189 /*******************************************************************************
2190 ** Function smp_br_pairing_complete
2191 ** Description This function is called to send the pairing complete callback
2192 ** and remove the connection if needed.
2193 *******************************************************************************/
2194 void smp_br_pairing_complete(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2196 SMP_TRACE_DEBUG("%s", __func__);
2198 if (p_cb->total_tx_unacked == 0)
2200 /* process the pairing complete */
2201 smp_proc_pairing_cmpl(p_cb);