1 /******************************************************************************
3 * Copyright (C) 2003-2012 Broadcom Corporation
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 ******************************************************************************/
20 #include "device/include/interop.h"
21 #include "include/bt_target.h"
22 #include "stack/btm/btm_int.h"
23 #include "stack/include/l2c_api.h"
24 #include "stack/smp/smp_int.h"
25 #include "utils/include/bt_utils.h"
27 #if SMP_INCLUDED == TRUE
28 const UINT8 smp_association_table[2][SMP_IO_CAP_MAX][SMP_IO_CAP_MAX] =
31 {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* Display Only */
32 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* SMP_CAP_IO = 1 */
33 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* keyboard only */
34 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */
35 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}}, /* keyboard display */
37 {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* Display Only */
38 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* SMP_CAP_IO = 1 */
39 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* keyboard only */
40 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */
41 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}} /* keyboard display */
42 /* display only */ /*SMP_CAP_IO = 1 */ /* keyboard only */ /* No InputOutput */ /* keyboard display */
45 #define SMP_KEY_DIST_TYPE_MAX 4
46 const tSMP_ACT smp_distribute_act [] =
51 smp_set_derive_link_key
54 static bool lmp_version_below(BD_ADDR bda, uint8_t version)
56 tACL_CONN *acl = btm_bda_to_acl(bda, BT_TRANSPORT_LE);
57 if (acl == NULL || acl->lmp_version == 0)
59 SMP_TRACE_WARNING("%s cannot retrieve LMP version...", __func__);
62 SMP_TRACE_WARNING("%s LMP version %d < %d", __func__, acl->lmp_version, version);
63 return acl->lmp_version < version;
66 /*******************************************************************************
67 ** Function smp_update_key_mask
68 ** Description This function updates the key mask for sending or receiving.
69 *******************************************************************************/
70 static void smp_update_key_mask (tSMP_CB *p_cb, UINT8 key_type, BOOLEAN recv)
72 SMP_TRACE_DEBUG("%s before update role=%d recv=%d local_i_key = %02x, local_r_key = %02x",
73 __func__, p_cb->role, recv, p_cb->local_i_key, p_cb->local_r_key);
75 if (((p_cb->le_secure_connections_mode_is_used) ||
76 (p_cb->smp_over_br)) &&
77 ((key_type == SMP_SEC_KEY_TYPE_ENC) || (key_type == SMP_SEC_KEY_TYPE_LK)))
79 /* in LE SC mode LTK, CSRK and BR/EDR LK are derived locally instead of
80 ** being exchanged with the peer */
81 p_cb->local_i_key &= ~key_type;
82 p_cb->local_r_key &= ~key_type;
85 if (p_cb->role == HCI_ROLE_SLAVE)
88 p_cb->local_i_key &= ~key_type;
90 p_cb->local_r_key &= ~key_type;
95 p_cb->local_r_key &= ~key_type;
97 p_cb->local_i_key &= ~key_type;
100 SMP_TRACE_DEBUG("updated local_i_key = %02x, local_r_key = %02x", p_cb->local_i_key,
104 /*******************************************************************************
105 ** Function smp_send_app_cback
106 ** Description notifies application about the events the application is interested in
107 *******************************************************************************/
108 void smp_send_app_cback(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
110 tSMP_EVT_DATA cb_data;
111 tSMP_STATUS callback_rc;
112 SMP_TRACE_DEBUG("%s p_cb->cb_evt=%d", __func__, p_cb->cb_evt);
113 if (p_cb->p_callback && p_cb->cb_evt != 0)
115 switch (p_cb->cb_evt)
117 case SMP_IO_CAP_REQ_EVT:
118 cb_data.io_req.auth_req = p_cb->peer_auth_req;
119 cb_data.io_req.oob_data = SMP_OOB_NONE;
120 cb_data.io_req.io_cap = SMP_DEFAULT_IO_CAPS;
121 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
122 cb_data.io_req.init_keys = p_cb->local_i_key ;
123 cb_data.io_req.resp_keys = p_cb->local_r_key ;
124 SMP_TRACE_WARNING ( "io_cap = %d",cb_data.io_req.io_cap);
128 cb_data.passkey = p_data->passkey;
130 case SMP_SC_OOB_REQ_EVT:
131 cb_data.req_oob_type = p_data->req_oob_type;
133 case SMP_SC_LOC_OOB_DATA_UP_EVT:
134 cb_data.loc_oob_data = p_cb->sc_oob_data.loc_oob_data;
137 case SMP_BR_KEYS_REQ_EVT:
138 cb_data.io_req.auth_req = 0;
139 cb_data.io_req.oob_data = SMP_OOB_NONE;
140 cb_data.io_req.io_cap = 0;
141 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
142 cb_data.io_req.init_keys = SMP_BR_SEC_DEFAULT_KEY;
143 cb_data.io_req.resp_keys = SMP_BR_SEC_DEFAULT_KEY;
150 callback_rc = (*p_cb->p_callback)(p_cb->cb_evt, p_cb->pairing_bda, &cb_data);
152 SMP_TRACE_DEBUG("callback_rc=%d p_cb->cb_evt=%d",callback_rc, p_cb->cb_evt );
154 if (callback_rc == SMP_SUCCESS)
156 switch (p_cb->cb_evt)
158 case SMP_IO_CAP_REQ_EVT:
159 p_cb->loc_auth_req = cb_data.io_req.auth_req;
160 p_cb->local_io_capability = cb_data.io_req.io_cap;
161 p_cb->loc_oob_flag = cb_data.io_req.oob_data;
162 p_cb->loc_enc_size = cb_data.io_req.max_key_size;
163 p_cb->local_i_key = cb_data.io_req.init_keys;
164 p_cb->local_r_key = cb_data.io_req.resp_keys;
166 if (!(p_cb->loc_auth_req & SMP_AUTH_BOND))
168 SMP_TRACE_WARNING ("Non bonding: No keys will be exchanged");
169 p_cb->local_i_key = 0;
170 p_cb->local_r_key = 0;
173 SMP_TRACE_WARNING ( "rcvd auth_req: 0x%02x, io_cap: %d \
174 loc_oob_flag: %d loc_enc_size: %d,"
175 "local_i_key: 0x%02x, local_r_key: 0x%02x",
176 p_cb->loc_auth_req, p_cb->local_io_capability, p_cb->loc_oob_flag,
177 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key);
179 p_cb->secure_connections_only_mode_required =
180 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE;
182 if (p_cb->secure_connections_only_mode_required)
184 p_cb->loc_auth_req |= SMP_SC_SUPPORT_BIT;
187 if (!(p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT)
188 || lmp_version_below(p_cb->pairing_bda, HCI_PROTO_VERSION_4_2)
189 || interop_match(INTEROP_DISABLE_LE_SECURE_CONNECTIONS,
190 (const bt_bdaddr_t *)&p_cb->pairing_bda))
192 p_cb->loc_auth_req &= ~SMP_KP_SUPPORT_BIT;
193 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
194 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
197 SMP_TRACE_WARNING("set auth_req: 0x%02x, local_i_key: 0x%02x, local_r_key: 0x%02x",
198 p_cb->loc_auth_req, p_cb->local_i_key, p_cb->local_r_key);
200 smp_sm_event(p_cb, SMP_IO_RSP_EVT, NULL);
203 case SMP_BR_KEYS_REQ_EVT:
204 p_cb->loc_enc_size = cb_data.io_req.max_key_size;
205 p_cb->local_i_key = cb_data.io_req.init_keys;
206 p_cb->local_r_key = cb_data.io_req.resp_keys;
208 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
209 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
211 SMP_TRACE_WARNING ( "for SMP over BR max_key_size: 0x%02x,\
212 local_i_key: 0x%02x, local_r_key: 0x%02x",
213 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key);
215 smp_br_state_machine_event(p_cb, SMP_BR_KEYS_RSP_EVT, NULL);
221 if (!p_cb->cb_evt && p_cb->discard_sec_req)
223 p_cb->discard_sec_req = FALSE;
224 smp_sm_event(p_cb, SMP_DISCARD_SEC_REQ_EVT, NULL);
227 SMP_TRACE_DEBUG("%s return", __func__);
230 /*******************************************************************************
231 ** Function smp_send_pair_fail
232 ** Description pairing failure to peer device if needed.
233 *******************************************************************************/
234 void smp_send_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
236 p_cb->status = *(UINT8 *)p_data;
237 p_cb->failure = *(UINT8 *)p_data;
239 SMP_TRACE_DEBUG("%s status=%d failure=%d ", __func__, p_cb->status, p_cb->failure);
241 if (p_cb->status <= SMP_MAX_FAIL_RSN_PER_SPEC && p_cb->status != SMP_SUCCESS)
243 smp_send_cmd(SMP_OPCODE_PAIRING_FAILED, p_cb);
244 p_cb->wait_for_authorization_complete = TRUE;
248 /*******************************************************************************
249 ** Function smp_send_pair_req
250 ** Description actions related to sending pairing request
251 *******************************************************************************/
252 void smp_send_pair_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
254 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
255 SMP_TRACE_DEBUG("%s", __func__);
257 /* erase all keys when master sends pairing req*/
259 btm_sec_clear_ble_keys(p_dev_rec);
260 /* do not manipulate the key, let app decide,
261 leave out to BTM to mandate key distribution for bonding case */
262 smp_send_cmd(SMP_OPCODE_PAIRING_REQ, p_cb);
265 /*******************************************************************************
266 ** Function smp_send_pair_rsp
267 ** Description actions related to sending pairing response
268 *******************************************************************************/
269 void smp_send_pair_rsp(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
271 SMP_TRACE_DEBUG("%s", __func__);
273 p_cb->local_i_key &= p_cb->peer_i_key;
274 p_cb->local_r_key &= p_cb->peer_r_key;
276 if (smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb))
278 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
279 smp_use_oob_private_key(p_cb, NULL);
281 smp_decide_association_model(p_cb, NULL);
285 /*******************************************************************************
286 ** Function smp_send_confirm
287 ** Description send confirmation to the peer
288 *******************************************************************************/
289 void smp_send_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
291 SMP_TRACE_DEBUG("%s", __func__);
292 smp_send_cmd(SMP_OPCODE_CONFIRM, p_cb);
295 /*******************************************************************************
296 ** Function smp_send_init
297 ** Description process pairing initializer to slave device
298 *******************************************************************************/
299 void smp_send_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
301 SMP_TRACE_DEBUG("%s", __func__);
302 smp_send_cmd(SMP_OPCODE_INIT, p_cb);
305 /*******************************************************************************
306 ** Function smp_send_rand
307 ** Description send pairing random to the peer
308 *******************************************************************************/
309 void smp_send_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
311 SMP_TRACE_DEBUG("%s", __func__);
312 smp_send_cmd(SMP_OPCODE_RAND, p_cb);
315 /*******************************************************************************
316 ** Function smp_send_pair_public_key
317 ** Description send pairing public key command to the peer
318 *******************************************************************************/
319 void smp_send_pair_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
321 SMP_TRACE_DEBUG("%s", __func__);
322 smp_send_cmd(SMP_OPCODE_PAIR_PUBLIC_KEY, p_cb);
325 /*******************************************************************************
326 ** Function SMP_SEND_COMMITMENT
327 ** Description send commitment command to the peer
328 *******************************************************************************/
329 void smp_send_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
331 SMP_TRACE_DEBUG("%s", __func__);
332 smp_send_cmd(SMP_OPCODE_PAIR_COMMITM, p_cb);
335 /*******************************************************************************
336 ** Function smp_send_dhkey_check
337 ** Description send DHKey Check command to the peer
338 *******************************************************************************/
339 void smp_send_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
341 SMP_TRACE_DEBUG("%s", __func__);
342 smp_send_cmd(SMP_OPCODE_PAIR_DHKEY_CHECK, p_cb);
345 /*******************************************************************************
346 ** Function smp_send_keypress_notification
347 ** Description send Keypress Notification command to the peer
348 *******************************************************************************/
349 void smp_send_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
351 p_cb->local_keypress_notification = *(UINT8 *) p_data;
352 smp_send_cmd(SMP_OPCODE_PAIR_KEYPR_NOTIF, p_cb);
355 /*******************************************************************************
356 ** Function smp_send_enc_info
357 ** Description send encryption information command.
358 *******************************************************************************/
359 void smp_send_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
361 tBTM_LE_LENC_KEYS le_key;
363 SMP_TRACE_DEBUG("%s p_cb->loc_enc_size = %d", __func__, p_cb->loc_enc_size);
364 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
366 smp_send_cmd(SMP_OPCODE_ENCRYPT_INFO, p_cb);
367 smp_send_cmd(SMP_OPCODE_MASTER_ID, p_cb);
369 /* save the DIV and key size information when acting as slave device */
370 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
371 le_key.div = p_cb->div;
372 le_key.key_size = p_cb->loc_enc_size;
373 le_key.sec_level = p_cb->sec_level;
375 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
376 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LENC,
377 (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
379 SMP_TRACE_WARNING ("%s", __func__);
381 smp_key_distribution(p_cb, NULL);
384 /*******************************************************************************
385 ** Function smp_send_id_info
386 ** Description send ID information command.
387 *******************************************************************************/
388 void smp_send_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
390 tBTM_LE_KEY_VALUE le_key;
391 SMP_TRACE_DEBUG("%s", __func__);
392 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, FALSE);
394 smp_send_cmd(SMP_OPCODE_IDENTITY_INFO, p_cb);
395 smp_send_cmd(SMP_OPCODE_ID_ADDR, p_cb);
397 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
398 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LID,
401 SMP_TRACE_WARNING ("%s", __func__);
402 smp_key_distribution_by_transport(p_cb, NULL);
405 /*******************************************************************************
406 ** Function smp_send_csrk_info
407 ** Description send CSRK command.
408 *******************************************************************************/
409 void smp_send_csrk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
411 tBTM_LE_LCSRK_KEYS key;
412 SMP_TRACE_DEBUG("%s", __func__);
413 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, FALSE);
415 if (smp_send_cmd(SMP_OPCODE_SIGN_INFO, p_cb))
418 key.sec_level = p_cb->sec_level;
419 key.counter = 0; /* initialize the local counter */
420 memcpy (key.csrk, p_cb->csrk, BT_OCTET16_LEN);
421 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LCSRK, (tBTM_LE_KEY_VALUE *)&key, TRUE);
424 smp_key_distribution_by_transport(p_cb, NULL);
427 /*******************************************************************************
428 ** Function smp_send_ltk_reply
429 ** Description send LTK reply
430 *******************************************************************************/
431 void smp_send_ltk_reply(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
433 SMP_TRACE_DEBUG("%s", __func__);
434 /* send stk as LTK response */
435 btm_ble_ltk_request_reply(p_cb->pairing_bda, TRUE, p_data->key.p_data);
438 /*******************************************************************************
439 ** Function smp_proc_sec_req
440 ** Description process security request.
441 *******************************************************************************/
442 void smp_proc_sec_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
444 tBTM_LE_AUTH_REQ auth_req = *(tBTM_LE_AUTH_REQ *)p_data;
445 tBTM_BLE_SEC_REQ_ACT sec_req_act;
448 SMP_TRACE_DEBUG("%s auth_req=0x%x", __func__, auth_req);
452 btm_ble_link_sec_check(p_cb->pairing_bda, auth_req, &sec_req_act);
454 SMP_TRACE_DEBUG("%s sec_req_act=0x%x", __func__, sec_req_act);
458 case BTM_BLE_SEC_REQ_ACT_ENCRYPT:
459 SMP_TRACE_DEBUG("%s BTM_BLE_SEC_REQ_ACT_ENCRYPT", __func__);
460 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
463 case BTM_BLE_SEC_REQ_ACT_PAIR:
464 p_cb->secure_connections_only_mode_required =
465 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE;
467 /* respond to non SC pairing request as failure in SC only mode */
468 if (p_cb->secure_connections_only_mode_required &&
469 (auth_req & SMP_SC_SUPPORT_BIT) == 0)
471 reason = SMP_PAIR_AUTH_FAIL;
472 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
476 /* initialize local i/r key to be default keys */
477 p_cb->peer_auth_req = auth_req;
478 p_cb->local_r_key = p_cb->local_i_key = SMP_SEC_DEFAULT_KEY ;
479 p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
483 case BTM_BLE_SEC_REQ_ACT_DISCARD:
484 p_cb->discard_sec_req = TRUE;
493 /*******************************************************************************
494 ** Function smp_proc_sec_grant
495 ** Description process security grant.
496 *******************************************************************************/
497 void smp_proc_sec_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
499 UINT8 res= *(UINT8 *)p_data;
500 SMP_TRACE_DEBUG("%s", __func__);
501 if (res != SMP_SUCCESS)
503 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, p_data);
505 else /*otherwise, start pairing */
507 /* send IO request callback */
508 p_cb->cb_evt = SMP_IO_CAP_REQ_EVT;
512 /*******************************************************************************
513 ** Function smp_proc_pair_fail
514 ** Description process pairing failure from peer device
515 *******************************************************************************/
516 void smp_proc_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
518 SMP_TRACE_DEBUG("%s", __func__);
519 p_cb->status = *(UINT8 *)p_data;
521 /* Cancel pending auth complete timer if set */
522 if (p_cb->delayed_auth_timer_enabled) {
523 btu_stop_quick_timer(&p_cb->delayed_auth_timer_ent);
524 p_cb->delayed_auth_timer_enabled = FALSE;
528 /*******************************************************************************
529 ** Function smp_proc_pair_cmd
530 ** Description Process the SMP pairing request/response from peer device
531 *******************************************************************************/
532 void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
534 UINT8 *p = (UINT8 *)p_data;
535 UINT8 reason = SMP_ENC_KEY_SIZE;
536 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
538 SMP_TRACE_DEBUG("%s", __func__);
539 /* erase all keys if it is slave proc pairing req*/
540 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
541 btm_sec_clear_ble_keys(p_dev_rec);
543 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
545 STREAM_TO_UINT8(p_cb->peer_io_caps, p);
546 STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
547 STREAM_TO_UINT8(p_cb->peer_auth_req, p);
548 STREAM_TO_UINT8(p_cb->peer_enc_size, p);
549 STREAM_TO_UINT8(p_cb->peer_i_key, p);
550 STREAM_TO_UINT8(p_cb->peer_r_key, p);
552 if (smp_command_has_invalid_parameters(p_cb))
554 reason = SMP_INVALID_PARAMETERS;
555 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
559 if (p_cb->role == HCI_ROLE_SLAVE)
561 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD))
563 /* peer (master) started pairing sending Pairing Request */
564 p_cb->local_i_key = p_cb->peer_i_key;
565 p_cb->local_r_key = p_cb->peer_r_key;
567 p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
569 else /* update local i/r key according to pairing request */
571 /* pairing started with this side (slave) sending Security Request */
572 p_cb->local_i_key &= p_cb->peer_i_key;
573 p_cb->local_r_key &= p_cb->peer_r_key;
574 p_cb->selected_association_model = smp_select_association_model(p_cb);
576 if (p_cb->secure_connections_only_mode_required &&
577 (!(p_cb->le_secure_connections_mode_is_used) ||
578 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
580 SMP_TRACE_ERROR("%s pairing failed - slave requires secure connection only mode",
582 reason = SMP_PAIR_AUTH_FAIL;
583 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
587 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
589 if (smp_request_oob_data(p_cb)) return;
593 smp_send_pair_rsp(p_cb, NULL);
597 else /* Master receives pairing response */
599 p_cb->selected_association_model = smp_select_association_model(p_cb);
601 if (p_cb->secure_connections_only_mode_required &&
602 (!(p_cb->le_secure_connections_mode_is_used) ||
603 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
605 SMP_TRACE_ERROR ("Master requires secure connection only mode \
606 but it can't be provided -> Master fails pairing");
607 reason = SMP_PAIR_AUTH_FAIL;
608 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
612 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
614 if (smp_request_oob_data(p_cb)) return;
618 smp_decide_association_model(p_cb, NULL);
623 /*******************************************************************************
624 ** Function smp_proc_confirm
625 ** Description process pairing confirm from peer device
626 *******************************************************************************/
627 void smp_proc_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
629 UINT8 *p = (UINT8 *)p_data;
630 UINT8 reason = SMP_INVALID_PARAMETERS;
632 SMP_TRACE_DEBUG("%s", __func__);
634 if (smp_command_has_invalid_parameters(p_cb))
636 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
642 /* save the SConfirm for comparison later */
643 STREAM_TO_ARRAY(p_cb->rconfirm, p, BT_OCTET16_LEN);
646 p_cb->flags |= SMP_PAIR_FLAGS_CMD_CONFIRM;
649 /*******************************************************************************
650 ** Function smp_proc_init
651 ** Description process pairing initializer from peer device
652 *******************************************************************************/
653 void smp_proc_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
655 UINT8 *p = (UINT8 *)p_data;
656 UINT8 reason = SMP_INVALID_PARAMETERS;
658 SMP_TRACE_DEBUG("%s", __func__);
660 if (smp_command_has_invalid_parameters(p_cb))
662 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
666 /* save the SRand for comparison */
667 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
670 /*******************************************************************************
671 ** Function smp_proc_rand
672 ** Description process pairing random (nonce) from peer device
673 *******************************************************************************/
674 void smp_proc_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
676 UINT8 *p = (UINT8 *)p_data;
677 UINT8 reason = SMP_INVALID_PARAMETERS;
679 SMP_TRACE_DEBUG("%s", __func__);
681 if (smp_command_has_invalid_parameters(p_cb))
683 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
687 /* save the SRand for comparison */
688 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
691 /*******************************************************************************
692 ** Function smp_process_pairing_public_key
693 ** Description process pairing public key command from the peer device
694 ** - saves the peer public key;
695 ** - sets the flag indicating that the peer public key is received;
696 ** - calls smp_wait_for_both_public_keys(...).
698 *******************************************************************************/
699 void smp_process_pairing_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
701 UINT8 *p = (UINT8 *)p_data;
702 UINT8 reason = SMP_INVALID_PARAMETERS;
704 SMP_TRACE_DEBUG("%s", __func__);
706 if (smp_command_has_invalid_parameters(p_cb))
708 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
712 STREAM_TO_ARRAY(p_cb->peer_publ_key.x, p, BT_OCTET32_LEN);
713 STREAM_TO_ARRAY(p_cb->peer_publ_key.y, p, BT_OCTET32_LEN);
714 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY;
716 smp_wait_for_both_public_keys(p_cb, NULL);
719 /*******************************************************************************
720 ** Function smp_process_pairing_commitment
721 ** Description process pairing commitment from peer device
722 *******************************************************************************/
723 void smp_process_pairing_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
725 UINT8 *p = (UINT8 *)p_data;
726 UINT8 reason = SMP_INVALID_PARAMETERS;
728 SMP_TRACE_DEBUG("%s", __func__);
730 if (smp_command_has_invalid_parameters(p_cb))
732 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
736 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_COMM;
740 STREAM_TO_ARRAY(p_cb->remote_commitment, p, BT_OCTET16_LEN);
744 /*******************************************************************************
745 ** Function smp_process_dhkey_check
746 ** Description process DHKey Check from peer device
747 *******************************************************************************/
748 void smp_process_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
750 UINT8 *p = (UINT8 *)p_data;
751 UINT8 reason = SMP_INVALID_PARAMETERS;
753 SMP_TRACE_DEBUG("%s", __func__);
755 if (smp_command_has_invalid_parameters(p_cb))
757 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
763 STREAM_TO_ARRAY(p_cb->remote_dhkey_check, p, BT_OCTET16_LEN);
766 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK;
769 /*******************************************************************************
770 ** Function smp_process_keypress_notification
771 ** Description process pairing keypress notification from peer device
772 *******************************************************************************/
773 void smp_process_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
775 UINT8 *p = (UINT8 *)p_data;
776 UINT8 reason = SMP_INVALID_PARAMETERS;
778 SMP_TRACE_DEBUG("%s", __func__);
779 p_cb->status = *(UINT8 *)p_data;
781 if (smp_command_has_invalid_parameters(p_cb))
783 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
789 STREAM_TO_UINT8(p_cb->peer_keypress_notification, p);
793 p_cb->peer_keypress_notification = BTM_SP_KEY_OUT_OF_RANGE;
795 p_cb->cb_evt = SMP_PEER_KEYPR_NOT_EVT;
798 /*******************************************************************************
799 ** Function smp_br_process_pairing_command
800 ** Description Process the SMP pairing request/response from peer device via
802 *******************************************************************************/
803 void smp_br_process_pairing_command(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
805 UINT8 *p = (UINT8 *)p_data;
806 UINT8 reason = SMP_ENC_KEY_SIZE;
807 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
809 SMP_TRACE_DEBUG("%s", __func__);
810 /* rejecting BR pairing request over non-SC BR link */
811 if (!p_dev_rec->new_encryption_key_is_p256 && p_cb->role == HCI_ROLE_SLAVE)
813 reason = SMP_XTRANS_DERIVE_NOT_ALLOW;
814 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
818 /* erase all keys if it is slave proc pairing req*/
819 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
820 btm_sec_clear_ble_keys(p_dev_rec);
822 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
824 STREAM_TO_UINT8(p_cb->peer_io_caps, p);
825 STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
826 STREAM_TO_UINT8(p_cb->peer_auth_req, p);
827 STREAM_TO_UINT8(p_cb->peer_enc_size, p);
828 STREAM_TO_UINT8(p_cb->peer_i_key, p);
829 STREAM_TO_UINT8(p_cb->peer_r_key, p);
831 if (smp_command_has_invalid_parameters(p_cb))
833 reason = SMP_INVALID_PARAMETERS;
834 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
838 /* peer (master) started pairing sending Pairing Request */
839 /* or being master device always use received i/r key as keys to distribute */
840 p_cb->local_i_key = p_cb->peer_i_key;
841 p_cb->local_r_key = p_cb->peer_r_key;
843 if (p_cb->role == HCI_ROLE_SLAVE)
845 p_dev_rec->new_encryption_key_is_p256 = FALSE;
846 /* shortcut to skip Security Grant step */
847 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
849 else /* Master receives pairing response */
851 SMP_TRACE_DEBUG("%s master rcvs valid PAIRING RESPONSE."
852 " Supposed to move to key distribution phase. ", __func__);
855 /* auth_req received via BR/EDR SM channel is set to 0,
856 but everything derived/exchanged has to be saved */
857 p_cb->peer_auth_req |= SMP_AUTH_BOND;
858 p_cb->loc_auth_req |= SMP_AUTH_BOND;
861 /*******************************************************************************
862 ** Function smp_br_process_security_grant
863 ** Description process security grant in case of pairing over BR/EDR transport.
864 *******************************************************************************/
865 void smp_br_process_security_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
867 UINT8 res= *(UINT8 *)p_data;
868 SMP_TRACE_DEBUG("%s", __func__);
869 if (res != SMP_SUCCESS)
871 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, p_data);
873 else /*otherwise, start pairing */
875 /* send IO request callback */
876 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
880 /*******************************************************************************
881 ** Function smp_br_check_authorization_request
882 ** Description sets the SMP kes to be derived/distribute over BR/EDR transport
883 ** before starting the distribution/derivation
884 *******************************************************************************/
885 void smp_br_check_authorization_request(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
887 UINT8 reason = SMP_SUCCESS;
889 SMP_TRACE_DEBUG("%s rcvs i_keys=0x%x r_keys=0x%x "
890 "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key,
893 /* In LE SC mode LK field is ignored when BR/EDR transport is used */
894 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
895 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
897 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
898 ** Set local_r_key on master to expect only these keys. */
899 if (p_cb->role == HCI_ROLE_MASTER)
901 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
904 SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x "
905 "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key,
908 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
909 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
910 (p_cb->local_i_key || p_cb->local_r_key))
912 smp_br_state_machine_event(p_cb, SMP_BR_BOND_REQ_EVT, NULL);
914 /* if no peer key is expected, start master key distribution */
915 if (p_cb->role == HCI_ROLE_MASTER && p_cb->local_r_key == 0)
916 smp_key_distribution_by_transport(p_cb, NULL);
920 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
924 /*******************************************************************************
925 ** Function smp_br_select_next_key
926 ** Description selects the next key to derive/send when BR/EDR transport is
928 *******************************************************************************/
929 void smp_br_select_next_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
931 UINT8 reason = SMP_SUCCESS;
932 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x",
933 __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
935 if (p_cb->role == HCI_ROLE_SLAVE||
936 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER))
938 smp_key_pick_key(p_cb, p_data);
941 if (!p_cb->local_i_key && !p_cb->local_r_key)
943 /* state check to prevent re-entrance */
944 if (smp_get_br_state() == SMP_BR_STATE_BOND_PENDING)
946 if (p_cb->total_tx_unacked == 0)
947 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
949 p_cb->wait_for_authorization_complete = TRUE;
954 /*******************************************************************************
955 ** Function smp_proc_enc_info
956 ** Description process encryption information from peer device
957 *******************************************************************************/
958 void smp_proc_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
960 UINT8 *p = (UINT8 *)p_data;
962 SMP_TRACE_DEBUG("%s", __func__);
963 STREAM_TO_ARRAY(p_cb->ltk, p, BT_OCTET16_LEN);
965 smp_key_distribution(p_cb, NULL);
967 /*******************************************************************************
968 ** Function smp_proc_master_id
969 ** Description process master ID from slave device
970 *******************************************************************************/
971 void smp_proc_master_id(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
973 UINT8 *p = (UINT8 *)p_data;
974 tBTM_LE_PENC_KEYS le_key;
976 SMP_TRACE_DEBUG("%s", __func__);
977 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, TRUE);
979 STREAM_TO_UINT16(le_key.ediv, p);
980 STREAM_TO_ARRAY(le_key.rand, p, BT_OCTET8_LEN );
982 /* store the encryption keys from peer device */
983 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
984 le_key.sec_level = p_cb->sec_level;
985 le_key.key_size = p_cb->loc_enc_size;
987 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
988 btm_sec_save_le_key(p_cb->pairing_bda,
990 (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
992 smp_key_distribution(p_cb, NULL);
995 /*******************************************************************************
996 ** Function smp_proc_enc_info
997 ** Description process identity information from peer device
998 *******************************************************************************/
999 void smp_proc_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1001 UINT8 *p = (UINT8 *)p_data;
1003 SMP_TRACE_DEBUG("%s", __func__);
1004 STREAM_TO_ARRAY (p_cb->tk, p, BT_OCTET16_LEN); /* reuse TK for IRK */
1005 smp_key_distribution_by_transport(p_cb, NULL);
1008 /*******************************************************************************
1009 ** Function smp_proc_id_addr
1010 ** Description process identity address from peer device
1011 *******************************************************************************/
1012 void smp_proc_id_addr(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1014 UINT8 *p = (UINT8 *)p_data;
1015 tBTM_LE_PID_KEYS pid_key;
1017 SMP_TRACE_DEBUG("%s", __func__);
1018 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, TRUE);
1020 STREAM_TO_UINT8(pid_key.addr_type, p);
1021 STREAM_TO_BDADDR(pid_key.static_addr, p);
1022 memcpy(pid_key.irk, p_cb->tk, BT_OCTET16_LEN);
1024 /* to use as BD_ADDR for lk derived from ltk */
1025 p_cb->id_addr_rcvd = TRUE;
1026 p_cb->id_addr_type = pid_key.addr_type;
1027 memcpy(p_cb->id_addr, pid_key.static_addr, BD_ADDR_LEN);
1029 /* store the ID key from peer device */
1030 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
1031 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PID,
1032 (tBTM_LE_KEY_VALUE *)&pid_key, TRUE);
1033 smp_key_distribution_by_transport(p_cb, NULL);
1036 /*******************************************************************************
1037 ** Function smp_proc_srk_info
1038 ** Description process security information from peer device
1039 *******************************************************************************/
1040 void smp_proc_srk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1042 tBTM_LE_PCSRK_KEYS le_key;
1044 SMP_TRACE_DEBUG("%s", __func__);
1045 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, TRUE);
1047 /* save CSRK to security record */
1048 le_key.sec_level = p_cb->sec_level;
1049 memcpy (le_key.csrk, p_data, BT_OCTET16_LEN); /* get peer CSRK */
1050 le_key.counter = 0; /* initialize the peer counter */
1052 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
1053 btm_sec_save_le_key(p_cb->pairing_bda,
1055 (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
1056 smp_key_distribution_by_transport(p_cb, NULL);
1059 /*******************************************************************************
1060 ** Function smp_proc_compare
1061 ** Description process compare value
1062 *******************************************************************************/
1063 void smp_proc_compare(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1067 SMP_TRACE_DEBUG("%s", __func__);
1068 if (!memcmp(p_cb->rconfirm, p_data->key.p_data, BT_OCTET16_LEN))
1070 /* compare the max encryption key size, and save the smaller one for the link */
1071 if ( p_cb->peer_enc_size < p_cb->loc_enc_size)
1072 p_cb->loc_enc_size = p_cb->peer_enc_size;
1074 if (p_cb->role == HCI_ROLE_SLAVE)
1075 smp_sm_event(p_cb, SMP_RAND_EVT, NULL);
1078 /* master device always use received i/r key as keys to distribute */
1079 p_cb->local_i_key = p_cb->peer_i_key;
1080 p_cb->local_r_key = p_cb->peer_r_key;
1082 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1088 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1089 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1093 /*******************************************************************************
1094 ** Function smp_proc_sl_key
1095 ** Description process key ready events.
1096 *******************************************************************************/
1097 void smp_proc_sl_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1099 UINT8 key_type = p_data->key.key_type;
1101 SMP_TRACE_DEBUG("%s", __func__);
1102 if (key_type == SMP_KEY_TYPE_TK)
1104 smp_generate_srand_mrand_confirm(p_cb, NULL);
1106 else if (key_type == SMP_KEY_TYPE_CFM)
1108 smp_set_state(SMP_STATE_WAIT_CONFIRM);
1110 if (p_cb->flags & SMP_PAIR_FLAGS_CMD_CONFIRM)
1111 smp_sm_event(p_cb, SMP_CONFIRM_EVT, NULL);
1115 /*******************************************************************************
1116 ** Function smp_start_enc
1117 ** Description start encryption
1118 *******************************************************************************/
1119 void smp_start_enc(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1122 UINT8 reason = SMP_ENC_FAIL;
1124 SMP_TRACE_DEBUG("%s", __func__);
1126 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, TRUE, p_data->key.p_data);
1128 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, FALSE, NULL);
1130 if (cmd != BTM_CMD_STARTED && cmd != BTM_BUSY)
1131 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1134 /*******************************************************************************
1135 ** Function smp_proc_discard
1136 ** Description processing for discard security request
1137 *******************************************************************************/
1138 void smp_proc_discard(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1140 SMP_TRACE_DEBUG("%s", __func__);
1141 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD))
1142 smp_reset_control_value(p_cb);
1145 /*******************************************************************************
1146 ** Function smp_enc_cmpl
1147 ** Description encryption success
1148 *******************************************************************************/
1149 void smp_enc_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1151 UINT8 enc_enable = *(UINT8 *)p_data;
1152 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1154 SMP_TRACE_DEBUG("%s", __func__);
1155 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1158 /*******************************************************************************
1159 ** Function smp_check_auth_req
1160 ** Description check authentication request
1161 *******************************************************************************/
1162 void smp_check_auth_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1164 UINT8 enc_enable = *(UINT8 *)p_data;
1165 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1167 SMP_TRACE_DEBUG("%s rcvs enc_enable=%d i_keys=0x%x r_keys=0x%x "
1168 "(i-initiator r-responder)",
1169 __func__, enc_enable, p_cb->local_i_key, p_cb->local_r_key);
1170 if (enc_enable == 1)
1172 if (p_cb->le_secure_connections_mode_is_used)
1174 /* In LE SC mode LTK is used instead of STK and has to be always saved */
1175 p_cb->local_i_key |= SMP_SEC_KEY_TYPE_ENC;
1176 p_cb->local_r_key |= SMP_SEC_KEY_TYPE_ENC;
1178 /* In LE SC mode LK is derived from LTK only if both sides request it */
1179 if (!(p_cb->local_i_key & SMP_SEC_KEY_TYPE_LK) ||
1180 !(p_cb->local_r_key & SMP_SEC_KEY_TYPE_LK))
1182 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1183 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1186 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
1187 ** Set local_r_key on master to expect only these keys.
1189 if (p_cb->role == HCI_ROLE_MASTER)
1191 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
1196 /* in legacy mode derivation of BR/EDR LK is not supported */
1197 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1198 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1200 SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x "
1201 "(i-initiator r-responder)",
1202 __func__, p_cb->local_i_key, p_cb->local_r_key);
1204 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
1205 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
1206 (p_cb->local_i_key || p_cb->local_r_key))
1208 smp_sm_event(p_cb, SMP_BOND_REQ_EVT, NULL);
1211 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1213 else if (enc_enable == 0)
1215 /* if failed for encryption after pairing, send callback */
1216 if (p_cb->flags & SMP_PAIR_FLAG_ENC_AFTER_PAIR)
1217 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1218 /* if enc failed for old security information */
1219 /* if master device, clean up and abck to idle; slave device do nothing */
1220 else if (p_cb->role == HCI_ROLE_MASTER)
1222 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1227 /*******************************************************************************
1228 ** Function smp_key_pick_key
1229 ** Description Pick a key distribution function based on the key mask.
1230 *******************************************************************************/
1231 void smp_key_pick_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1233 UINT8 key_to_dist = (p_cb->role == HCI_ROLE_SLAVE) ? p_cb->local_r_key : p_cb->local_i_key;
1236 SMP_TRACE_DEBUG("%s key_to_dist=0x%x", __func__, key_to_dist);
1237 while (i < SMP_KEY_DIST_TYPE_MAX)
1239 SMP_TRACE_DEBUG("key to send = %02x, i = %d", key_to_dist, i);
1241 if (key_to_dist & (1 << i))
1243 SMP_TRACE_DEBUG("smp_distribute_act[%d]", i);
1244 (* smp_distribute_act[i])(p_cb, p_data);
1250 /*******************************************************************************
1251 ** Function smp_key_distribution
1252 ** Description start key distribution if required.
1253 *******************************************************************************/
1254 void smp_key_distribution(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1256 UINT8 reason = SMP_SUCCESS;
1257 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x",
1258 __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
1260 if (p_cb->role == HCI_ROLE_SLAVE ||
1261 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER))
1263 smp_key_pick_key(p_cb, p_data);
1266 if (!p_cb->local_i_key && !p_cb->local_r_key)
1268 /* state check to prevent re-entrant */
1269 if (smp_get_state() == SMP_STATE_BOND_PENDING)
1271 if (p_cb->derive_lk)
1273 smp_derive_link_key_from_long_term_key(p_cb, NULL);
1274 p_cb->derive_lk = FALSE;
1277 if (p_cb->total_tx_unacked == 0)
1280 * Instead of declaring authorization complete immediately,
1281 * delay the event from being sent until 500ms later.
1282 * This allows the slave to send over Pairing Failed if the
1283 * last key is rejected. During this waiting window, the
1284 * state should remain in SMP_STATE_BOND_PENDING.
1286 if (!p_cb->delayed_auth_timer_enabled)
1288 SMP_TRACE_DEBUG("%s delaying auth complete.", __func__);
1289 btu_start_quick_timer(&p_cb->delayed_auth_timer_ent,
1290 BTU_TTYPE_SMP_DELAYED_AUTH,
1291 SMP_DELAYED_AUTH_TOUT);
1292 p_cb->delayed_auth_timer_enabled = TRUE;
1295 p_cb->wait_for_authorization_complete = TRUE;
1301 /*******************************************************************************
1302 ** Function smp_decide_association_model
1303 ** Description This function is called to select assoc model to be used for
1304 ** STK generation and to start STK generation process.
1306 *******************************************************************************/
1307 void smp_decide_association_model(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1309 UINT8 failure = SMP_UNKNOWN_IO_CAP;
1312 tSMP_INT_DATA *p = NULL;
1314 SMP_TRACE_DEBUG("%s Association Model = %d", __func__, p_cb->selected_association_model);
1316 switch (p_cb->selected_association_model)
1318 case SMP_MODEL_ENCRYPTION_ONLY: /* TK = 0, go calculate Confirm */
1319 if (p_cb->role == HCI_ROLE_MASTER &&
1320 ((p_cb->peer_auth_req & SMP_AUTH_YN_BIT) != 0) &&
1321 ((p_cb->loc_auth_req & SMP_AUTH_YN_BIT) == 0))
1323 SMP_TRACE_ERROR ("IO capability does not meet authentication requirement");
1324 failure = SMP_PAIR_AUTH_FAIL;
1325 p = (tSMP_INT_DATA *)&failure;
1326 int_evt = SMP_AUTH_CMPL_EVT;
1330 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1331 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level );
1333 key.key_type = SMP_KEY_TYPE_TK;
1334 key.p_data = p_cb->tk;
1335 p = (tSMP_INT_DATA *)&key;
1337 memset(p_cb->tk, 0, BT_OCTET16_LEN);
1339 int_evt = SMP_KEY_READY_EVT;
1343 case SMP_MODEL_PASSKEY:
1344 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1345 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1347 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1348 int_evt = SMP_TK_REQ_EVT;
1352 SMP_TRACE_ERROR ("Association Model = SMP_MODEL_OOB");
1353 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1354 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1356 p_cb->cb_evt = SMP_OOB_REQ_EVT;
1357 int_evt = SMP_TK_REQ_EVT;
1360 case SMP_MODEL_KEY_NOTIF:
1361 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1362 SMP_TRACE_DEBUG("Need to generate Passkey");
1364 /* generate passkey and notify application */
1365 smp_generate_passkey(p_cb, NULL);
1368 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1369 case SMP_MODEL_SEC_CONN_NUM_COMP:
1370 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1371 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1372 case SMP_MODEL_SEC_CONN_OOB:
1373 int_evt = SMP_PUBL_KEY_EXCH_REQ_EVT;
1376 case SMP_MODEL_OUT_OF_RANGE:
1377 SMP_TRACE_ERROR("Association Model = SMP_MODEL_OUT_OF_RANGE (failed)");
1378 p = (tSMP_INT_DATA *)&failure;
1379 int_evt = SMP_AUTH_CMPL_EVT;
1383 SMP_TRACE_ERROR("Association Model = %d (SOMETHING IS WRONG WITH THE CODE)",
1384 p_cb->selected_association_model);
1385 p = (tSMP_INT_DATA *)&failure;
1386 int_evt = SMP_AUTH_CMPL_EVT;
1389 SMP_TRACE_EVENT ("sec_level=%d ", p_cb->sec_level );
1391 smp_sm_event(p_cb, int_evt, p);
1394 /*******************************************************************************
1395 ** Function smp_process_io_response
1396 ** Description process IO response for a slave device.
1397 *******************************************************************************/
1398 void smp_process_io_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1400 uint8_t reason = SMP_PAIR_AUTH_FAIL;
1402 SMP_TRACE_DEBUG("%s", __func__);
1403 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)
1405 /* pairing started by local (slave) Security Request */
1406 smp_set_state(SMP_STATE_SEC_REQ_PENDING);
1407 smp_send_cmd(SMP_OPCODE_SEC_REQ, p_cb);
1409 else /* plan to send pairing respond */
1411 /* pairing started by peer (master) Pairing Request */
1412 p_cb->selected_association_model = smp_select_association_model(p_cb);
1414 if (p_cb->secure_connections_only_mode_required &&
1415 (!(p_cb->le_secure_connections_mode_is_used) ||
1416 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
1418 SMP_TRACE_ERROR ("Slave requires secure connection only mode \
1419 but it can't be provided -> Slave fails pairing");
1420 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1424 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
1426 if (smp_request_oob_data(p_cb)) return;
1428 smp_send_pair_rsp(p_cb, NULL);
1432 /*******************************************************************************
1433 ** Function smp_br_process_slave_keys_response
1434 ** Description process application keys response for a slave device
1435 ** (BR/EDR transport).
1436 *******************************************************************************/
1437 void smp_br_process_slave_keys_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1439 smp_br_send_pair_response(p_cb, NULL);
1442 /*******************************************************************************
1443 ** Function smp_br_send_pair_response
1444 ** Description actions related to sending pairing response over BR/EDR transport.
1445 *******************************************************************************/
1446 void smp_br_send_pair_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1448 SMP_TRACE_DEBUG("%s", __func__);
1450 p_cb->local_i_key &= p_cb->peer_i_key;
1451 p_cb->local_r_key &= p_cb->peer_r_key;
1453 smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb);
1456 /*******************************************************************************
1457 ** Function smp_pairing_cmpl
1458 ** Description This function is called to send the pairing complete callback
1459 ** and remove the connection if needed.
1460 *******************************************************************************/
1461 void smp_pairing_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1463 if (p_cb->total_tx_unacked == 0)
1465 /* update connection parameter to remote preferred */
1466 L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, TRUE);
1467 /* process the pairing complete */
1468 smp_proc_pairing_cmpl(p_cb);
1472 /*******************************************************************************
1473 ** Function smp_pair_terminate
1474 ** Description This function is called to send the pairing complete callback
1475 ** and remove the connection if needed.
1476 *******************************************************************************/
1477 void smp_pair_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1479 SMP_TRACE_DEBUG("%s", __func__);
1480 p_cb->status = SMP_CONN_TOUT;
1481 smp_proc_pairing_cmpl(p_cb);
1484 /*******************************************************************************
1485 ** Function smp_idle_terminate
1486 ** Description This function calledin idle state to determine to send authentication
1488 *******************************************************************************/
1489 void smp_idle_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1491 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)
1493 SMP_TRACE_DEBUG("Pairing terminated at IDLE state.");
1494 p_cb->status = SMP_FAIL;
1495 smp_proc_pairing_cmpl(p_cb);
1499 /*******************************************************************************
1500 ** Function smp_fast_conn_param
1501 ** Description apply default connection parameter for pairing process
1502 *******************************************************************************/
1503 void smp_fast_conn_param(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1505 /* disable connection parameter update */
1506 L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, FALSE);
1509 /*******************************************************************************
1510 ** Function smp_both_have_public_keys
1511 ** Description The function is called when both local and peer public keys are
1514 ** - invokes DHKey computation;
1515 ** - on slave side invokes sending local public key to the peer.
1516 ** - invokes SC phase 1 process.
1517 *******************************************************************************/
1518 void smp_both_have_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1520 SMP_TRACE_DEBUG("%s",__func__);
1522 /* invokes DHKey computation */
1523 smp_compute_dhkey(p_cb);
1525 /* on slave side invokes sending local public key to the peer */
1526 if (p_cb->role == HCI_ROLE_SLAVE)
1527 smp_send_pair_public_key(p_cb, NULL);
1529 smp_sm_event(p_cb, SMP_SC_DHKEY_CMPLT_EVT, NULL);
1532 /*******************************************************************************
1533 ** Function smp_start_secure_connection_phase1
1534 ** Description The function starts Secure Connection phase1 i.e. invokes initialization of Secure Connection
1535 ** phase 1 parameters and starts building/sending to the peer
1536 ** messages appropriate for the role and association model.
1537 *******************************************************************************/
1538 void smp_start_secure_connection_phase1(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1540 SMP_TRACE_DEBUG("%s", __func__);
1542 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)
1544 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1545 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level );
1549 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1550 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1553 switch(p_cb->selected_association_model)
1555 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1556 case SMP_MODEL_SEC_CONN_NUM_COMP:
1557 memset(p_cb->local_random, 0, BT_OCTET16_LEN);
1558 smp_start_nonce_generation(p_cb);
1560 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1561 /* user has to provide passkey */
1562 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1563 smp_sm_event(p_cb, SMP_TK_REQ_EVT, NULL);
1565 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1566 /* passkey has to be provided to user */
1567 SMP_TRACE_DEBUG("Need to generate SC Passkey");
1568 smp_generate_passkey(p_cb, NULL);
1570 case SMP_MODEL_SEC_CONN_OOB:
1571 /* use the available OOB information */
1572 smp_process_secure_connection_oob_data(p_cb, NULL);
1575 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1576 p_cb->selected_association_model);
1581 /*******************************************************************************
1582 ** Function smp_process_local_nonce
1583 ** Description The function processes new local nonce.
1585 ** Note It is supposed to be called in SC phase1.
1586 *******************************************************************************/
1587 void smp_process_local_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1589 SMP_TRACE_DEBUG("%s", __func__);
1591 switch(p_cb->selected_association_model)
1593 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1594 case SMP_MODEL_SEC_CONN_NUM_COMP:
1595 if (p_cb->role == HCI_ROLE_SLAVE)
1597 /* slave calculates and sends local commitment */
1598 smp_calculate_local_commitment(p_cb);
1599 smp_send_commitment(p_cb, NULL);
1600 /* slave has to wait for peer nonce */
1601 smp_set_state(SMP_STATE_WAIT_NONCE);
1603 else /* i.e. master */
1605 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM)
1607 /* slave commitment is already received, send local nonce, wait for remote nonce*/
1608 SMP_TRACE_DEBUG("master in assoc mode = %d \
1609 already rcvd slave commitment - race condition",
1610 p_cb->selected_association_model);
1611 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1612 smp_send_rand(p_cb, NULL);
1613 smp_set_state(SMP_STATE_WAIT_NONCE);
1617 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1618 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1619 smp_calculate_local_commitment(p_cb);
1621 if (p_cb->role == HCI_ROLE_MASTER)
1623 smp_send_commitment(p_cb, NULL);
1627 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM)
1629 /* master commitment is already received */
1630 smp_send_commitment(p_cb, NULL);
1631 smp_set_state(SMP_STATE_WAIT_NONCE);
1635 case SMP_MODEL_SEC_CONN_OOB:
1636 if (p_cb->role == HCI_ROLE_MASTER)
1638 smp_send_rand(p_cb, NULL);
1641 smp_set_state(SMP_STATE_WAIT_NONCE);
1644 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1645 p_cb->selected_association_model);
1650 /*******************************************************************************
1651 ** Function smp_process_peer_nonce
1652 ** Description The function processes newly received and saved in CB peer nonce.
1653 ** The actions depend on the selected association model and the role.
1655 ** Note It is supposed to be called in SC phase1.
1656 *******************************************************************************/
1657 void smp_process_peer_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1661 SMP_TRACE_DEBUG("%s start ", __func__);
1663 switch(p_cb->selected_association_model)
1665 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1666 case SMP_MODEL_SEC_CONN_NUM_COMP:
1667 /* in these models only master receives commitment */
1668 if (p_cb->role == HCI_ROLE_MASTER)
1670 if (!smp_check_commitment(p_cb))
1672 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1673 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1679 /* slave sends local nonce */
1680 smp_send_rand(p_cb, NULL);
1683 if(p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)
1685 /* go directly to phase 2 */
1686 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1688 else /* numeric comparison */
1690 smp_set_state(SMP_STATE_WAIT_NONCE);
1691 smp_sm_event(p_cb, SMP_SC_CALC_NC_EVT, NULL);
1694 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1695 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1696 if (!smp_check_commitment(p_cb))
1698 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1699 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1703 if (p_cb->role == HCI_ROLE_SLAVE)
1705 smp_send_rand(p_cb, NULL);
1708 if (++p_cb->round < 20)
1710 smp_set_state(SMP_STATE_SEC_CONN_PHS1_START);
1711 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1712 smp_start_nonce_generation(p_cb);
1716 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1718 case SMP_MODEL_SEC_CONN_OOB:
1719 if (p_cb->role == HCI_ROLE_SLAVE)
1721 smp_send_rand(p_cb, NULL);
1724 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1727 SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1728 p_cb->selected_association_model);
1732 SMP_TRACE_DEBUG("%s end ",__FUNCTION__);
1735 /*******************************************************************************
1736 ** Function smp_match_dhkey_checks
1737 ** Description checks if the calculated peer DHKey Check value is the same as
1738 ** received from the peer DHKey check value.
1739 *******************************************************************************/
1740 void smp_match_dhkey_checks(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1742 UINT8 reason = SMP_DHKEY_CHK_FAIL;
1744 SMP_TRACE_DEBUG("%s", __func__);
1746 if (memcmp(p_data->key.p_data, p_cb->remote_dhkey_check, BT_OCTET16_LEN))
1748 SMP_TRACE_WARNING ("dhkey chcks do no match");
1749 p_cb->failure = reason;
1750 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1754 SMP_TRACE_EVENT ("dhkey chcks match");
1756 /* compare the max encryption key size, and save the smaller one for the link */
1757 if (p_cb->peer_enc_size < p_cb->loc_enc_size)
1758 p_cb->loc_enc_size = p_cb->peer_enc_size;
1760 if (p_cb->role == HCI_ROLE_SLAVE)
1762 smp_sm_event(p_cb, SMP_PAIR_DHKEY_CHCK_EVT, NULL);
1766 /* master device always use received i/r key as keys to distribute */
1767 p_cb->local_i_key = p_cb->peer_i_key;
1768 p_cb->local_r_key = p_cb->peer_r_key;
1769 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1773 /*******************************************************************************
1774 ** Function smp_move_to_secure_connections_phase2
1775 ** Description Signal State Machine to start SC phase 2 initialization (to
1776 ** compute local DHKey Check value).
1778 ** Note SM is supposed to be in the state SMP_STATE_SEC_CONN_PHS2_START.
1779 *******************************************************************************/
1780 void smp_move_to_secure_connections_phase2(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1782 SMP_TRACE_DEBUG("%s",__func__);
1783 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1786 /*******************************************************************************
1787 ** Function smp_phase_2_dhkey_checks_are_present
1788 ** Description generates event if dhkey check from the peer is already received.
1790 ** Note It is supposed to be used on slave to prevent race condition.
1791 ** It is supposed to be called after slave dhkey check is calculated.
1792 *******************************************************************************/
1793 void smp_phase_2_dhkey_checks_are_present(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1795 SMP_TRACE_DEBUG("%s",__func__);
1797 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK)
1798 smp_sm_event(p_cb, SMP_SC_2_DHCK_CHKS_PRES_EVT, NULL);
1801 /*******************************************************************************
1802 ** Function smp_wait_for_both_public_keys
1803 ** Description generates SMP_BOTH_PUBL_KEYS_RCVD_EVT event when both local and master
1804 ** public keys are available.
1806 ** Note on the slave it is used to prevent race condition.
1808 *******************************************************************************/
1809 void smp_wait_for_both_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1811 SMP_TRACE_DEBUG("%s",__func__);
1813 if ((p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY) &&
1814 (p_cb->flags & SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY))
1816 if ((p_cb->role == HCI_ROLE_SLAVE) &&
1817 ((p_cb->req_oob_type == SMP_OOB_LOCAL) || (p_cb->req_oob_type == SMP_OOB_BOTH)))
1819 smp_set_state(SMP_STATE_PUBLIC_KEY_EXCH);
1821 smp_sm_event(p_cb, SMP_BOTH_PUBL_KEYS_RCVD_EVT, NULL);
1825 /*******************************************************************************
1826 ** Function smp_start_passkey_verification
1827 ** Description Starts SC passkey entry verification.
1828 *******************************************************************************/
1829 void smp_start_passkey_verification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1833 SMP_TRACE_DEBUG("%s", __func__);
1834 p = p_cb->local_random;
1835 UINT32_TO_STREAM(p, p_data->passkey);
1837 p = p_cb->peer_random;
1838 UINT32_TO_STREAM(p, p_data->passkey);
1841 smp_start_nonce_generation(p_cb);
1844 /*******************************************************************************
1845 ** Function smp_process_secure_connection_oob_data
1846 ** Description Processes local/peer SC OOB data received from somewhere.
1847 *******************************************************************************/
1848 void smp_process_secure_connection_oob_data(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1850 SMP_TRACE_DEBUG("%s", __func__);
1852 tSMP_SC_OOB_DATA *p_sc_oob_data = &p_cb->sc_oob_data;
1853 if (p_sc_oob_data->loc_oob_data.present)
1855 memcpy(p_cb->local_random, p_sc_oob_data->loc_oob_data.randomizer,
1856 sizeof(p_cb->local_random));
1860 SMP_TRACE_EVENT ("local OOB randomizer is absent");
1861 memset(p_cb->local_random, 0, sizeof (p_cb->local_random));
1864 if (!p_sc_oob_data->peer_oob_data.present)
1866 SMP_TRACE_EVENT ("peer OOB data is absent");
1867 memset(p_cb->peer_random, 0, sizeof (p_cb->peer_random));
1871 memcpy(p_cb->peer_random, p_sc_oob_data->peer_oob_data.randomizer,
1872 sizeof(p_cb->peer_random));
1873 memcpy(p_cb->remote_commitment, p_sc_oob_data->peer_oob_data.commitment,
1874 sizeof(p_cb->remote_commitment));
1876 UINT8 reason = SMP_CONFIRM_VALUE_ERR;
1877 /* check commitment */
1878 if (!smp_check_commitment(p_cb))
1880 p_cb->failure = reason;
1881 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1885 if (p_cb->peer_oob_flag != SMP_OOB_PRESENT)
1887 /* the peer doesn't have local randomiser */
1888 SMP_TRACE_EVENT ("peer didn't receive local OOB data, set local randomizer to 0");
1889 memset(p_cb->local_random, 0, sizeof (p_cb->local_random));
1893 print128(p_cb->local_random, (const UINT8 *)"local OOB randomizer");
1894 print128(p_cb->peer_random, (const UINT8 *)"peer OOB randomizer");
1895 smp_start_nonce_generation(p_cb);
1898 /*******************************************************************************
1899 ** Function smp_set_local_oob_keys
1900 ** Description Saves calculated private/public keys in sc_oob_data.loc_oob_data,
1901 ** starts nonce generation
1902 ** (to be saved in sc_oob_data.loc_oob_data.randomizer).
1903 *******************************************************************************/
1904 void smp_set_local_oob_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1906 SMP_TRACE_DEBUG("%s", __func__);
1908 memcpy(p_cb->sc_oob_data.loc_oob_data.private_key_used, p_cb->private_key,
1910 p_cb->sc_oob_data.loc_oob_data.publ_key_used = p_cb->loc_publ_key;
1911 smp_start_nonce_generation(p_cb);
1914 /*******************************************************************************
1915 ** Function smp_set_local_oob_random_commitment
1916 ** Description Saves calculated randomizer and commitment in sc_oob_data.loc_oob_data,
1917 ** passes sc_oob_data.loc_oob_data up for safekeeping.
1918 *******************************************************************************/
1919 void smp_set_local_oob_random_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1921 SMP_TRACE_DEBUG("%s", __func__);
1922 memcpy(p_cb->sc_oob_data.loc_oob_data.randomizer, p_cb->rand,
1925 smp_calculate_f4(p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1926 p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1927 p_cb->sc_oob_data.loc_oob_data.randomizer, 0,
1928 p_cb->sc_oob_data.loc_oob_data.commitment);
1930 #if SMP_DEBUG == TRUE
1931 UINT8 *p_print = NULL;
1932 SMP_TRACE_DEBUG("local SC OOB data set:");
1933 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.addr_sent_to;
1934 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"addr_sent_to",
1935 sizeof(tBLE_BD_ADDR));
1936 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.private_key_used;
1937 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"private_key_used",
1939 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.x;
1940 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.x",
1942 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.y;
1943 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.y",
1945 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.randomizer;
1946 smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"randomizer",
1948 p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.commitment;
1949 smp_debug_print_nbyte_little_endian (p_print,(const UINT8 *) "commitment",
1951 SMP_TRACE_DEBUG("");
1954 /* pass created OOB data up */
1955 p_cb->cb_evt = SMP_SC_LOC_OOB_DATA_UP_EVT;
1956 smp_send_app_cback(p_cb, NULL);
1958 smp_cb_cleanup(p_cb);
1961 /*******************************************************************************
1963 ** Function smp_link_encrypted
1965 ** Description This function is called when link is encrypted and notified to
1966 ** slave device. Proceed to to send LTK, DIV and ER to master if
1967 ** bonding the devices.
1972 *******************************************************************************/
1973 void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable)
1975 tSMP_CB *p_cb = &smp_cb;
1977 SMP_TRACE_DEBUG("%s encr_enable=%d", __func__, encr_enable);
1979 if (memcmp(&smp_cb.pairing_bda[0], bda, BD_ADDR_LEN) == 0)
1981 /* encryption completed with STK, remmeber the key size now, could be overwite
1982 * when key exchange happens */
1983 if (p_cb->loc_enc_size != 0 && encr_enable)
1985 /* update the link encryption key size if a SMP pairing just performed */
1986 btm_ble_update_sec_key_size(bda, p_cb->loc_enc_size);
1989 smp_sm_event(&smp_cb, SMP_ENCRYPTED_EVT, &encr_enable);
1993 /*******************************************************************************
1995 ** Function smp_proc_ltk_request
1997 ** Description This function is called when LTK request is received from
2002 *******************************************************************************/
2003 BOOLEAN smp_proc_ltk_request(BD_ADDR bda)
2005 SMP_TRACE_DEBUG("%s state = %d", __func__, smp_cb.state);
2006 BOOLEAN match = FALSE;
2008 if (!memcmp(bda, smp_cb.pairing_bda, BD_ADDR_LEN))
2012 BD_ADDR dummy_bda = {0};
2013 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bda);
2014 if (p_dev_rec != NULL &&
2015 0 == memcmp(p_dev_rec->ble.pseudo_addr, smp_cb.pairing_bda, BD_ADDR_LEN) &&
2016 0 != memcmp(p_dev_rec->ble.pseudo_addr, dummy_bda, BD_ADDR_LEN))
2022 if (match && smp_cb.state == SMP_STATE_ENCRYPTION_PENDING)
2024 smp_sm_event(&smp_cb, SMP_ENC_REQ_EVT, NULL);
2031 /*******************************************************************************
2033 ** Function smp_process_secure_connection_long_term_key
2035 ** Description This function is called to process SC LTK.
2036 ** SC LTK is calculated and used instead of STK.
2037 ** Here SC LTK is saved in BLE DB.
2041 *******************************************************************************/
2042 void smp_process_secure_connection_long_term_key(void)
2044 tSMP_CB *p_cb = &smp_cb;
2046 SMP_TRACE_DEBUG("%s", __func__);
2047 smp_save_secure_connections_long_term_key(p_cb);
2049 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
2050 smp_key_distribution(p_cb, NULL);
2053 /*******************************************************************************
2055 ** Function smp_set_derive_link_key
2057 ** Description This function is called to set flag that indicates that
2058 ** BR/EDR LK has to be derived from LTK after all keys are
2063 *******************************************************************************/
2064 void smp_set_derive_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2066 SMP_TRACE_DEBUG ("%s", __func__);
2067 p_cb->derive_lk = TRUE;
2068 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_LK, FALSE);
2069 smp_key_distribution(p_cb, NULL);
2072 /*******************************************************************************
2074 ** Function smp_derive_link_key_from_long_term_key
2076 ** Description This function is called to derive BR/EDR LK from LTK.
2080 *******************************************************************************/
2081 void smp_derive_link_key_from_long_term_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2083 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
2085 SMP_TRACE_DEBUG("%s", __func__);
2086 if (!smp_calculate_link_key_from_long_term_key(p_cb))
2088 SMP_TRACE_ERROR("%s failed", __FUNCTION__);
2089 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
2094 /*******************************************************************************
2096 ** Function smp_br_process_link_key
2098 ** Description This function is called to process BR/EDR LK:
2099 ** - to derive SMP LTK from BR/EDR LK;
2100 *8 - to save SMP LTK.
2104 *******************************************************************************/
2105 void smp_br_process_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2107 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
2109 SMP_TRACE_DEBUG("%s", __func__);
2110 if (!smp_calculate_long_term_key_from_link_key(p_cb))
2112 SMP_TRACE_ERROR ("%s failed",__FUNCTION__);
2113 smp_sm_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &status);
2117 SMP_TRACE_DEBUG("%s: LTK derivation from LK successfully completed", __FUNCTION__);
2118 smp_save_secure_connections_long_term_key(p_cb);
2119 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
2120 smp_br_select_next_key(p_cb, NULL);
2123 /*******************************************************************************
2124 ** Function smp_key_distribution_by_transport
2125 ** Description depending on the transport used at the moment calls either
2126 ** smp_key_distribution(...) or smp_br_key_distribution(...).
2127 *******************************************************************************/
2128 void smp_key_distribution_by_transport(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2130 SMP_TRACE_DEBUG("%s", __func__);
2131 if (p_cb->smp_over_br)
2133 smp_br_select_next_key(p_cb, NULL);
2137 smp_key_distribution(p_cb, NULL);
2141 /*******************************************************************************
2142 ** Function smp_br_pairing_complete
2143 ** Description This function is called to send the pairing complete callback
2144 ** and remove the connection if needed.
2145 *******************************************************************************/
2146 void smp_br_pairing_complete(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2148 SMP_TRACE_DEBUG("%s", __func__);
2150 if (p_cb->total_tx_unacked == 0)
2152 /* process the pairing complete */
2153 smp_proc_pairing_cmpl(p_cb);