1 /******************************************************************************
3 * Copyright (C) 2003-2012 Broadcom Corporation
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 ******************************************************************************/
20 #include "btif_common.h"
21 #include "device/include/interop.h"
22 #include "include/bt_target.h"
23 #include "stack/btm/btm_int.h"
24 #include "stack/include/l2c_api.h"
25 #include "stack/smp/p_256_ecc_pp.h"
26 #include "stack/smp/smp_int.h"
27 #include "utils/include/bt_utils.h"
29 #define SMP_KEY_DIST_TYPE_MAX 4
31 const tSMP_ACT smp_distribute_act[] = {smp_generate_ltk, smp_send_id_info,
33 smp_set_derive_link_key};
35 static bool lmp_version_below(const RawAddress& bda, uint8_t version) {
36 tACL_CONN* acl = btm_bda_to_acl(bda, BT_TRANSPORT_LE);
37 if (acl == NULL || acl->lmp_version == 0) {
38 SMP_TRACE_WARNING("%s cannot retrieve LMP version...", __func__);
41 SMP_TRACE_WARNING("%s LMP version %d < %d", __func__, acl->lmp_version,
43 return acl->lmp_version < version;
46 static bool pts_test_send_authentication_complete_failure(tSMP_CB* p_cb) {
47 uint8_t reason = p_cb->cert_failure;
48 if (reason == SMP_PAIR_AUTH_FAIL || reason == SMP_PAIR_FAIL_UNKNOWN ||
49 reason == SMP_PAIR_NOT_SUPPORT || reason == SMP_PASSKEY_ENTRY_FAIL ||
50 reason == SMP_REPEATED_ATTEMPTS) {
51 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
57 /*******************************************************************************
58 * Function smp_update_key_mask
59 * Description This function updates the key mask for sending or receiving.
60 ******************************************************************************/
61 static void smp_update_key_mask(tSMP_CB* p_cb, uint8_t key_type, bool recv) {
63 "%s before update role=%d recv=%d local_i_key = %02x, local_r_key = %02x",
64 __func__, p_cb->role, recv, p_cb->local_i_key, p_cb->local_r_key);
66 if (((p_cb->le_secure_connections_mode_is_used) || (p_cb->smp_over_br)) &&
67 ((key_type == SMP_SEC_KEY_TYPE_ENC) ||
68 (key_type == SMP_SEC_KEY_TYPE_LK))) {
69 /* in LE SC mode LTK, CSRK and BR/EDR LK are derived locally instead of
70 ** being exchanged with the peer */
71 p_cb->local_i_key &= ~key_type;
72 p_cb->local_r_key &= ~key_type;
73 } else if (p_cb->role == HCI_ROLE_SLAVE) {
75 p_cb->local_i_key &= ~key_type;
77 p_cb->local_r_key &= ~key_type;
80 p_cb->local_r_key &= ~key_type;
82 p_cb->local_i_key &= ~key_type;
85 SMP_TRACE_DEBUG("updated local_i_key = %02x, local_r_key = %02x",
86 p_cb->local_i_key, p_cb->local_r_key);
89 /*******************************************************************************
90 * Function smp_send_app_cback
91 * Description notifies application about the events the application is
93 ******************************************************************************/
94 void smp_send_app_cback(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
95 tSMP_EVT_DATA cb_data;
96 tSMP_STATUS callback_rc;
97 SMP_TRACE_DEBUG("%s p_cb->cb_evt=%d", __func__, p_cb->cb_evt);
98 if (p_cb->p_callback && p_cb->cb_evt != 0) {
99 switch (p_cb->cb_evt) {
100 case SMP_IO_CAP_REQ_EVT:
101 cb_data.io_req.auth_req = p_cb->peer_auth_req;
102 cb_data.io_req.oob_data = SMP_OOB_NONE;
103 cb_data.io_req.io_cap = SMP_DEFAULT_IO_CAPS;
104 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
105 cb_data.io_req.init_keys = p_cb->local_i_key;
106 cb_data.io_req.resp_keys = p_cb->local_r_key;
107 SMP_TRACE_WARNING("io_cap = %d", cb_data.io_req.io_cap);
111 cb_data.passkey = p_data->passkey;
113 case SMP_SC_OOB_REQ_EVT:
114 cb_data.req_oob_type = p_data->req_oob_type;
116 case SMP_SC_LOC_OOB_DATA_UP_EVT:
117 cb_data.loc_oob_data = p_cb->sc_oob_data.loc_oob_data;
120 case SMP_BR_KEYS_REQ_EVT:
121 cb_data.io_req.auth_req = 0;
122 cb_data.io_req.oob_data = SMP_OOB_NONE;
123 cb_data.io_req.io_cap = 0;
124 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
125 cb_data.io_req.init_keys = SMP_BR_SEC_DEFAULT_KEY;
126 cb_data.io_req.resp_keys = SMP_BR_SEC_DEFAULT_KEY;
134 (*p_cb->p_callback)(p_cb->cb_evt, p_cb->pairing_bda, &cb_data);
136 SMP_TRACE_DEBUG("%s: callback_rc=%d p_cb->cb_evt=%d", __func__,
137 callback_rc, p_cb->cb_evt);
139 if (callback_rc == SMP_SUCCESS) {
140 switch (p_cb->cb_evt) {
141 case SMP_IO_CAP_REQ_EVT:
142 p_cb->loc_auth_req = cb_data.io_req.auth_req;
143 p_cb->local_io_capability = cb_data.io_req.io_cap;
144 p_cb->loc_oob_flag = cb_data.io_req.oob_data;
145 p_cb->loc_enc_size = cb_data.io_req.max_key_size;
146 p_cb->local_i_key = cb_data.io_req.init_keys;
147 p_cb->local_r_key = cb_data.io_req.resp_keys;
149 if (!(p_cb->loc_auth_req & SMP_AUTH_BOND)) {
150 SMP_TRACE_WARNING("Non bonding: No keys will be exchanged");
151 p_cb->local_i_key = 0;
152 p_cb->local_r_key = 0;
156 "rcvd auth_req: 0x%02x, io_cap: %d "
157 "loc_oob_flag: %d loc_enc_size: %d, "
158 "local_i_key: 0x%02x, local_r_key: 0x%02x",
159 p_cb->loc_auth_req, p_cb->local_io_capability, p_cb->loc_oob_flag,
160 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key);
162 p_cb->secure_connections_only_mode_required =
163 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? true : false;
165 if (p_cb->secure_connections_only_mode_required) {
166 p_cb->loc_auth_req |= SMP_SC_SUPPORT_BIT;
169 if (!(p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT) ||
170 lmp_version_below(p_cb->pairing_bda, HCI_PROTO_VERSION_4_2) ||
171 interop_match_addr(INTEROP_DISABLE_LE_SECURE_CONNECTIONS,
172 (const RawAddress*)&p_cb->pairing_bda)) {
173 p_cb->loc_auth_req &= ~SMP_KP_SUPPORT_BIT;
174 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
175 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
178 if (lmp_version_below(p_cb->pairing_bda, HCI_PROTO_VERSION_5_0)) {
179 p_cb->loc_auth_req &= ~SMP_H7_SUPPORT_BIT;
183 "set auth_req: 0x%02x, local_i_key: 0x%02x, local_r_key: 0x%02x",
184 p_cb->loc_auth_req, p_cb->local_i_key, p_cb->local_r_key);
186 smp_sm_event(p_cb, SMP_IO_RSP_EVT, NULL);
189 case SMP_BR_KEYS_REQ_EVT:
190 p_cb->loc_enc_size = cb_data.io_req.max_key_size;
191 p_cb->local_i_key = cb_data.io_req.init_keys;
192 p_cb->local_r_key = cb_data.io_req.resp_keys;
193 p_cb->loc_auth_req |= SMP_H7_SUPPORT_BIT;
195 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
196 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
199 "for SMP over BR max_key_size: 0x%02x, local_i_key: 0x%02x, "
200 "local_r_key: 0x%02x, p_cb->loc_auth_req: 0x%02x",
201 p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key,
204 smp_br_state_machine_event(p_cb, SMP_BR_KEYS_RSP_EVT, NULL);
210 if (!p_cb->cb_evt && p_cb->discard_sec_req) {
211 p_cb->discard_sec_req = false;
212 smp_sm_event(p_cb, SMP_DISCARD_SEC_REQ_EVT, NULL);
215 SMP_TRACE_DEBUG("%s: return", __func__);
218 /*******************************************************************************
219 * Function smp_send_pair_fail
220 * Description pairing failure to peer device if needed.
221 ******************************************************************************/
222 void smp_send_pair_fail(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
223 p_cb->status = *(uint8_t*)p_data;
224 p_cb->failure = *(uint8_t*)p_data;
226 SMP_TRACE_DEBUG("%s: status=%d failure=%d ", __func__, p_cb->status,
229 if (p_cb->status <= SMP_MAX_FAIL_RSN_PER_SPEC &&
230 p_cb->status != SMP_SUCCESS) {
231 smp_send_cmd(SMP_OPCODE_PAIRING_FAILED, p_cb);
232 p_cb->wait_for_authorization_complete = true;
236 /*******************************************************************************
237 * Function smp_send_pair_req
238 * Description actions related to sending pairing request
239 ******************************************************************************/
240 void smp_send_pair_req(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
241 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(p_cb->pairing_bda);
242 SMP_TRACE_DEBUG("%s", __func__);
244 /* erase all keys when master sends pairing req*/
245 if (p_dev_rec) btm_sec_clear_ble_keys(p_dev_rec);
246 /* do not manipulate the key, let app decide,
247 leave out to BTM to mandate key distribution for bonding case */
248 smp_send_cmd(SMP_OPCODE_PAIRING_REQ, p_cb);
251 /*******************************************************************************
252 * Function smp_send_pair_rsp
253 * Description actions related to sending pairing response
254 ******************************************************************************/
255 void smp_send_pair_rsp(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
256 SMP_TRACE_DEBUG("%s", __func__);
258 p_cb->local_i_key &= p_cb->peer_i_key;
259 p_cb->local_r_key &= p_cb->peer_r_key;
261 if (smp_send_cmd(SMP_OPCODE_PAIRING_RSP, p_cb)) {
262 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
263 smp_use_oob_private_key(p_cb, NULL);
265 smp_decide_association_model(p_cb, NULL);
269 /*******************************************************************************
270 * Function smp_send_confirm
271 * Description send confirmation to the peer
272 ******************************************************************************/
273 void smp_send_confirm(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
274 SMP_TRACE_DEBUG("%s", __func__);
275 smp_send_cmd(SMP_OPCODE_CONFIRM, p_cb);
278 /*******************************************************************************
279 * Function smp_send_init
280 * Description process pairing initializer to slave device
281 ******************************************************************************/
282 void smp_send_init(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
283 SMP_TRACE_DEBUG("%s", __func__);
284 smp_send_cmd(SMP_OPCODE_INIT, p_cb);
287 /*******************************************************************************
288 * Function smp_send_rand
289 * Description send pairing random to the peer
290 ******************************************************************************/
291 void smp_send_rand(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
292 SMP_TRACE_DEBUG("%s", __func__);
293 smp_send_cmd(SMP_OPCODE_RAND, p_cb);
296 /*******************************************************************************
297 * Function smp_send_pair_public_key
298 * Description send pairing public key command to the peer
299 ******************************************************************************/
300 void smp_send_pair_public_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
301 SMP_TRACE_DEBUG("%s", __func__);
302 smp_send_cmd(SMP_OPCODE_PAIR_PUBLIC_KEY, p_cb);
305 /*******************************************************************************
306 * Function SMP_SEND_COMMITMENT
307 * Description send commitment command to the peer
308 ******************************************************************************/
309 void smp_send_commitment(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
310 SMP_TRACE_DEBUG("%s", __func__);
311 smp_send_cmd(SMP_OPCODE_PAIR_COMMITM, p_cb);
314 /*******************************************************************************
315 * Function smp_send_dhkey_check
316 * Description send DHKey Check command to the peer
317 ******************************************************************************/
318 void smp_send_dhkey_check(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
319 SMP_TRACE_DEBUG("%s", __func__);
320 smp_send_cmd(SMP_OPCODE_PAIR_DHKEY_CHECK, p_cb);
323 /*******************************************************************************
324 * Function smp_send_keypress_notification
325 * Description send Keypress Notification command to the peer
326 ******************************************************************************/
327 void smp_send_keypress_notification(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
328 p_cb->local_keypress_notification = *(uint8_t*)p_data;
329 smp_send_cmd(SMP_OPCODE_PAIR_KEYPR_NOTIF, p_cb);
332 /*******************************************************************************
333 * Function smp_send_enc_info
334 * Description send encryption information command.
335 ******************************************************************************/
336 void smp_send_enc_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
337 tBTM_LE_LENC_KEYS le_key;
339 SMP_TRACE_DEBUG("%s: p_cb->loc_enc_size = %d", __func__, p_cb->loc_enc_size);
340 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ENC, false);
342 smp_send_cmd(SMP_OPCODE_ENCRYPT_INFO, p_cb);
343 smp_send_cmd(SMP_OPCODE_MASTER_ID, p_cb);
345 /* save the DIV and key size information when acting as slave device */
346 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
347 le_key.div = p_cb->div;
348 le_key.key_size = p_cb->loc_enc_size;
349 le_key.sec_level = p_cb->sec_level;
351 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) &&
352 (p_cb->loc_auth_req & SMP_AUTH_BOND))
353 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LENC,
354 (tBTM_LE_KEY_VALUE*)&le_key, true);
356 SMP_TRACE_WARNING("%s", __func__);
358 smp_key_distribution(p_cb, NULL);
361 /*******************************************************************************
362 * Function smp_send_id_info
363 * Description send ID information command.
364 ******************************************************************************/
365 void smp_send_id_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
366 tBTM_LE_KEY_VALUE le_key;
367 SMP_TRACE_DEBUG("%s", __func__);
368 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ID, false);
370 smp_send_cmd(SMP_OPCODE_IDENTITY_INFO, p_cb);
371 smp_send_cmd(SMP_OPCODE_ID_ADDR, p_cb);
373 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) &&
374 (p_cb->loc_auth_req & SMP_AUTH_BOND))
375 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LID, &le_key, true);
377 SMP_TRACE_WARNING("%s", __func__);
378 smp_key_distribution_by_transport(p_cb, NULL);
381 /*******************************************************************************
382 * Function smp_send_csrk_info
383 * Description send CSRK command.
384 ******************************************************************************/
385 void smp_send_csrk_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
386 tBTM_LE_LCSRK_KEYS key;
387 SMP_TRACE_DEBUG("%s", __func__);
388 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_CSRK, false);
390 if (smp_send_cmd(SMP_OPCODE_SIGN_INFO, p_cb)) {
392 key.sec_level = p_cb->sec_level;
393 key.counter = 0; /* initialize the local counter */
394 memcpy(key.csrk, p_cb->csrk, BT_OCTET16_LEN);
395 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LCSRK,
396 (tBTM_LE_KEY_VALUE*)&key, true);
399 smp_key_distribution_by_transport(p_cb, NULL);
402 /*******************************************************************************
403 * Function smp_send_ltk_reply
404 * Description send LTK reply
405 ******************************************************************************/
406 void smp_send_ltk_reply(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
407 SMP_TRACE_DEBUG("%s", __func__);
408 /* send stk as LTK response */
409 btm_ble_ltk_request_reply(p_cb->pairing_bda, true, p_data->key.p_data);
412 /*******************************************************************************
413 * Function smp_proc_sec_req
414 * Description process security request.
415 ******************************************************************************/
416 void smp_proc_sec_req(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
417 tBTM_LE_AUTH_REQ auth_req = *(tBTM_LE_AUTH_REQ*)p_data;
418 tBTM_BLE_SEC_REQ_ACT sec_req_act;
421 SMP_TRACE_DEBUG("%s: auth_req=0x%x", __func__, auth_req);
425 btm_ble_link_sec_check(p_cb->pairing_bda, auth_req, &sec_req_act);
427 SMP_TRACE_DEBUG("%s: sec_req_act=0x%x", __func__, sec_req_act);
429 switch (sec_req_act) {
430 case BTM_BLE_SEC_REQ_ACT_ENCRYPT:
431 SMP_TRACE_DEBUG("%s: BTM_BLE_SEC_REQ_ACT_ENCRYPT", __func__);
432 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
435 case BTM_BLE_SEC_REQ_ACT_PAIR:
436 p_cb->secure_connections_only_mode_required =
437 (btm_cb.security_mode == BTM_SEC_MODE_SC) ? true : false;
439 /* respond to non SC pairing request as failure in SC only mode */
440 if (p_cb->secure_connections_only_mode_required &&
441 (auth_req & SMP_SC_SUPPORT_BIT) == 0) {
442 reason = SMP_PAIR_AUTH_FAIL;
443 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
445 /* initialize local i/r key to be default keys */
446 p_cb->peer_auth_req = auth_req;
447 p_cb->local_r_key = p_cb->local_i_key = SMP_SEC_DEFAULT_KEY;
448 p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
452 case BTM_BLE_SEC_REQ_ACT_DISCARD:
453 p_cb->discard_sec_req = true;
462 /*******************************************************************************
463 * Function smp_proc_sec_grant
464 * Description process security grant.
465 ******************************************************************************/
466 void smp_proc_sec_grant(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
467 uint8_t res = *(uint8_t*)p_data;
468 SMP_TRACE_DEBUG("%s", __func__);
469 if (res != SMP_SUCCESS) {
470 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, p_data);
471 } else /*otherwise, start pairing */
473 /* send IO request callback */
474 p_cb->cb_evt = SMP_IO_CAP_REQ_EVT;
478 /*******************************************************************************
479 * Function smp_proc_pair_fail
480 * Description process pairing failure from peer device
481 ******************************************************************************/
482 void smp_proc_pair_fail(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
483 SMP_TRACE_DEBUG("%s", __func__);
484 p_cb->status = *(uint8_t*)p_data;
486 /* Cancel pending auth complete timer if set */
487 alarm_cancel(p_cb->delayed_auth_timer_ent);
490 /*******************************************************************************
491 * Function smp_proc_pair_cmd
492 * Description Process the SMP pairing request/response from peer device
493 ******************************************************************************/
494 void smp_proc_pair_cmd(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
495 uint8_t* p = (uint8_t*)p_data;
496 uint8_t reason = SMP_ENC_KEY_SIZE;
497 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(p_cb->pairing_bda);
499 SMP_TRACE_DEBUG("%s", __func__);
500 /* erase all keys if it is slave proc pairing req */
501 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
502 btm_sec_clear_ble_keys(p_dev_rec);
504 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
506 STREAM_TO_UINT8(p_cb->peer_io_caps, p);
507 STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
508 STREAM_TO_UINT8(p_cb->peer_auth_req, p);
509 STREAM_TO_UINT8(p_cb->peer_enc_size, p);
510 STREAM_TO_UINT8(p_cb->peer_i_key, p);
511 STREAM_TO_UINT8(p_cb->peer_r_key, p);
513 if (smp_command_has_invalid_parameters(p_cb)) {
514 reason = SMP_INVALID_PARAMETERS;
515 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
519 // PTS Testing failure modes
520 if (pts_test_send_authentication_complete_failure(p_cb)) return;
522 if (p_cb->role == HCI_ROLE_SLAVE) {
523 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)) {
524 /* peer (master) started pairing sending Pairing Request */
525 p_cb->local_i_key = p_cb->peer_i_key;
526 p_cb->local_r_key = p_cb->peer_r_key;
528 p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
529 } else /* update local i/r key according to pairing request */
531 /* pairing started with this side (slave) sending Security Request */
532 p_cb->local_i_key &= p_cb->peer_i_key;
533 p_cb->local_r_key &= p_cb->peer_r_key;
534 p_cb->selected_association_model = smp_select_association_model(p_cb);
536 if (p_cb->secure_connections_only_mode_required &&
537 (!(p_cb->le_secure_connections_mode_is_used) ||
538 (p_cb->selected_association_model ==
539 SMP_MODEL_SEC_CONN_JUSTWORKS))) {
541 "%s: pairing failed - slave requires secure connection only mode",
543 reason = SMP_PAIR_AUTH_FAIL;
544 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
548 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) {
549 if (smp_request_oob_data(p_cb)) return;
551 smp_send_pair_rsp(p_cb, NULL);
554 } else /* Master receives pairing response */
556 p_cb->selected_association_model = smp_select_association_model(p_cb);
558 if (p_cb->secure_connections_only_mode_required &&
559 (!(p_cb->le_secure_connections_mode_is_used) ||
560 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS))) {
562 "Master requires secure connection only mode "
563 "but it can't be provided -> Master fails pairing");
564 reason = SMP_PAIR_AUTH_FAIL;
565 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
569 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) {
570 if (smp_request_oob_data(p_cb)) return;
572 smp_decide_association_model(p_cb, NULL);
577 /*******************************************************************************
578 * Function smp_proc_confirm
579 * Description process pairing confirm from peer device
580 ******************************************************************************/
581 void smp_proc_confirm(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
582 uint8_t* p = (uint8_t*)p_data;
583 uint8_t reason = SMP_INVALID_PARAMETERS;
585 SMP_TRACE_DEBUG("%s", __func__);
587 if (smp_command_has_invalid_parameters(p_cb)) {
588 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
593 /* save the SConfirm for comparison later */
594 STREAM_TO_ARRAY(p_cb->rconfirm, p, BT_OCTET16_LEN);
597 p_cb->flags |= SMP_PAIR_FLAGS_CMD_CONFIRM;
600 /*******************************************************************************
601 * Function smp_proc_init
602 * Description process pairing initializer from peer device
603 ******************************************************************************/
604 void smp_proc_init(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
605 uint8_t* p = (uint8_t*)p_data;
606 uint8_t reason = SMP_INVALID_PARAMETERS;
608 SMP_TRACE_DEBUG("%s", __func__);
610 if (smp_command_has_invalid_parameters(p_cb)) {
611 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
615 /* save the SRand for comparison */
616 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
619 /*******************************************************************************
620 * Function smp_proc_rand
621 * Description process pairing random (nonce) from peer device
622 ******************************************************************************/
623 void smp_proc_rand(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
624 uint8_t* p = (uint8_t*)p_data;
625 uint8_t reason = SMP_INVALID_PARAMETERS;
627 SMP_TRACE_DEBUG("%s", __func__);
629 if (smp_command_has_invalid_parameters(p_cb)) {
630 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
634 /* save the SRand for comparison */
635 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
638 /*******************************************************************************
639 * Function smp_process_pairing_public_key
640 * Description process pairing public key command from the peer device
641 * - saves the peer public key;
642 * - sets the flag indicating that the peer public key is received;
643 * - calls smp_wait_for_both_public_keys(...).
645 ******************************************************************************/
646 void smp_process_pairing_public_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
647 uint8_t* p = (uint8_t*)p_data;
648 uint8_t reason = SMP_INVALID_PARAMETERS;
650 SMP_TRACE_DEBUG("%s", __func__);
652 if (smp_command_has_invalid_parameters(p_cb)) {
653 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
657 STREAM_TO_ARRAY(p_cb->peer_publ_key.x, p, BT_OCTET32_LEN);
658 STREAM_TO_ARRAY(p_cb->peer_publ_key.y, p, BT_OCTET32_LEN);
661 memcpy(pt.x, p_cb->peer_publ_key.x, BT_OCTET32_LEN);
662 memcpy(pt.y, p_cb->peer_publ_key.y, BT_OCTET32_LEN);
664 if (!ECC_ValidatePoint(pt)) {
665 android_errorWriteLog(0x534e4554, "72377774");
666 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
670 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY;
672 smp_wait_for_both_public_keys(p_cb, NULL);
675 /*******************************************************************************
676 * Function smp_process_pairing_commitment
677 * Description process pairing commitment from peer device
678 ******************************************************************************/
679 void smp_process_pairing_commitment(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
680 uint8_t* p = (uint8_t*)p_data;
681 uint8_t reason = SMP_INVALID_PARAMETERS;
683 SMP_TRACE_DEBUG("%s", __func__);
685 if (smp_command_has_invalid_parameters(p_cb)) {
686 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
690 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_COMM;
693 STREAM_TO_ARRAY(p_cb->remote_commitment, p, BT_OCTET16_LEN);
697 /*******************************************************************************
698 * Function smp_process_dhkey_check
699 * Description process DHKey Check from peer device
700 ******************************************************************************/
701 void smp_process_dhkey_check(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
702 uint8_t* p = (uint8_t*)p_data;
703 uint8_t reason = SMP_INVALID_PARAMETERS;
705 SMP_TRACE_DEBUG("%s", __func__);
707 if (smp_command_has_invalid_parameters(p_cb)) {
708 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
713 STREAM_TO_ARRAY(p_cb->remote_dhkey_check, p, BT_OCTET16_LEN);
716 p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK;
719 /*******************************************************************************
720 * Function smp_process_keypress_notification
721 * Description process pairing keypress notification from peer device
722 ******************************************************************************/
723 void smp_process_keypress_notification(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
724 uint8_t* p = (uint8_t*)p_data;
725 uint8_t reason = SMP_INVALID_PARAMETERS;
727 SMP_TRACE_DEBUG("%s", __func__);
728 p_cb->status = *(uint8_t*)p_data;
730 if (smp_command_has_invalid_parameters(p_cb)) {
731 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
736 STREAM_TO_UINT8(p_cb->peer_keypress_notification, p);
738 p_cb->peer_keypress_notification = BTM_SP_KEY_OUT_OF_RANGE;
740 p_cb->cb_evt = SMP_PEER_KEYPR_NOT_EVT;
743 /*******************************************************************************
744 * Function smp_br_process_pairing_command
745 * Description Process the SMP pairing request/response from peer device via
747 ******************************************************************************/
748 void smp_br_process_pairing_command(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
749 uint8_t* p = (uint8_t*)p_data;
750 uint8_t reason = SMP_ENC_KEY_SIZE;
751 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(p_cb->pairing_bda);
753 SMP_TRACE_DEBUG("%s", __func__);
754 /* rejecting BR pairing request over non-SC BR link */
755 if (!p_dev_rec->new_encryption_key_is_p256 && p_cb->role == HCI_ROLE_SLAVE) {
756 reason = SMP_XTRANS_DERIVE_NOT_ALLOW;
757 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
761 /* erase all keys if it is slave proc pairing req*/
762 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
763 btm_sec_clear_ble_keys(p_dev_rec);
765 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
767 STREAM_TO_UINT8(p_cb->peer_io_caps, p);
768 STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
769 STREAM_TO_UINT8(p_cb->peer_auth_req, p);
770 STREAM_TO_UINT8(p_cb->peer_enc_size, p);
771 STREAM_TO_UINT8(p_cb->peer_i_key, p);
772 STREAM_TO_UINT8(p_cb->peer_r_key, p);
774 if (smp_command_has_invalid_parameters(p_cb)) {
775 reason = SMP_INVALID_PARAMETERS;
776 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
780 /* peer (master) started pairing sending Pairing Request */
781 /* or being master device always use received i/r key as keys to distribute */
782 p_cb->local_i_key = p_cb->peer_i_key;
783 p_cb->local_r_key = p_cb->peer_r_key;
785 if (p_cb->role == HCI_ROLE_SLAVE) {
786 p_dev_rec->new_encryption_key_is_p256 = false;
787 /* shortcut to skip Security Grant step */
788 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
790 /* Master receives pairing response */
792 "%s master rcvs valid PAIRING RESPONSE."
793 " Supposed to move to key distribution phase. ",
797 /* auth_req received via BR/EDR SM channel is set to 0,
798 but everything derived/exchanged has to be saved */
799 p_cb->peer_auth_req |= SMP_AUTH_BOND;
800 p_cb->loc_auth_req |= SMP_AUTH_BOND;
803 /*******************************************************************************
804 * Function smp_br_process_security_grant
805 * Description process security grant in case of pairing over BR/EDR transport.
806 ******************************************************************************/
807 void smp_br_process_security_grant(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
808 uint8_t res = *(uint8_t*)p_data;
809 SMP_TRACE_DEBUG("%s", __func__);
810 if (res != SMP_SUCCESS) {
811 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, p_data);
813 /* otherwise, start pairing; send IO request callback */
814 p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
818 /*******************************************************************************
819 * Function smp_br_check_authorization_request
820 * Description sets the SMP kes to be derived/distribute over BR/EDR transport
821 * before starting the distribution/derivation
822 ******************************************************************************/
823 void smp_br_check_authorization_request(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
824 uint8_t reason = SMP_SUCCESS;
826 SMP_TRACE_DEBUG("%s rcvs i_keys=0x%x r_keys=0x%x (i-initiator r-responder)",
827 __func__, p_cb->local_i_key, p_cb->local_r_key);
829 /* In LE SC mode LK field is ignored when BR/EDR transport is used */
830 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
831 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
833 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
834 ** Set local_r_key on master to expect only these keys. */
835 if (p_cb->role == HCI_ROLE_MASTER) {
836 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
839 /* Check if H7 function needs to be used for key derivation*/
840 if ((p_cb->loc_auth_req & SMP_H7_SUPPORT_BIT) &&
841 (p_cb->peer_auth_req & SMP_H7_SUPPORT_BIT)) {
842 p_cb->key_derivation_h7_used = TRUE;
844 SMP_TRACE_DEBUG("%s: use h7 = %d", __func__, p_cb->key_derivation_h7_used);
847 "%s rcvs upgrades: i_keys=0x%x r_keys=0x%x (i-initiator r-responder)",
848 __func__, p_cb->local_i_key, p_cb->local_r_key);
850 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
851 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
852 (p_cb->local_i_key || p_cb->local_r_key)) {
853 smp_br_state_machine_event(p_cb, SMP_BR_BOND_REQ_EVT, NULL);
855 /* if no peer key is expected, start master key distribution */
856 if (p_cb->role == HCI_ROLE_MASTER && p_cb->local_r_key == 0)
857 smp_key_distribution_by_transport(p_cb, NULL);
859 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
863 /*******************************************************************************
864 * Function smp_br_select_next_key
865 * Description selects the next key to derive/send when BR/EDR transport is
867 ******************************************************************************/
868 void smp_br_select_next_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
869 uint8_t reason = SMP_SUCCESS;
870 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x", __func__,
871 p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
873 if (p_cb->role == HCI_ROLE_SLAVE ||
874 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER)) {
875 smp_key_pick_key(p_cb, p_data);
878 if (!p_cb->local_i_key && !p_cb->local_r_key) {
879 /* state check to prevent re-entrance */
880 if (smp_get_br_state() == SMP_BR_STATE_BOND_PENDING) {
881 if (p_cb->total_tx_unacked == 0)
882 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
884 p_cb->wait_for_authorization_complete = true;
889 /*******************************************************************************
890 * Function smp_proc_enc_info
891 * Description process encryption information from peer device
892 ******************************************************************************/
893 void smp_proc_enc_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
894 uint8_t* p = (uint8_t*)p_data;
896 SMP_TRACE_DEBUG("%s", __func__);
897 STREAM_TO_ARRAY(p_cb->ltk, p, BT_OCTET16_LEN);
899 smp_key_distribution(p_cb, NULL);
901 /*******************************************************************************
902 * Function smp_proc_master_id
903 * Description process master ID from slave device
904 ******************************************************************************/
905 void smp_proc_master_id(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
906 uint8_t* p = (uint8_t*)p_data;
907 tBTM_LE_PENC_KEYS le_key;
909 SMP_TRACE_DEBUG("%s", __func__);
910 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ENC, true);
912 STREAM_TO_UINT16(le_key.ediv, p);
913 STREAM_TO_ARRAY(le_key.rand, p, BT_OCTET8_LEN);
915 /* store the encryption keys from peer device */
916 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
917 le_key.sec_level = p_cb->sec_level;
918 le_key.key_size = p_cb->loc_enc_size;
920 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) &&
921 (p_cb->loc_auth_req & SMP_AUTH_BOND))
922 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PENC,
923 (tBTM_LE_KEY_VALUE*)&le_key, true);
925 smp_key_distribution(p_cb, NULL);
928 /*******************************************************************************
929 * Function smp_proc_enc_info
930 * Description process identity information from peer device
931 ******************************************************************************/
932 void smp_proc_id_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
933 uint8_t* p = (uint8_t*)p_data;
935 SMP_TRACE_DEBUG("%s", __func__);
936 STREAM_TO_ARRAY(p_cb->tk, p, BT_OCTET16_LEN); /* reuse TK for IRK */
937 smp_key_distribution_by_transport(p_cb, NULL);
940 /*******************************************************************************
941 * Function smp_proc_id_addr
942 * Description process identity address from peer device
943 ******************************************************************************/
944 void smp_proc_id_addr(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
945 uint8_t* p = (uint8_t*)p_data;
946 tBTM_LE_PID_KEYS pid_key;
948 SMP_TRACE_DEBUG("%s", __func__);
949 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ID, true);
951 STREAM_TO_UINT8(pid_key.addr_type, p);
952 STREAM_TO_BDADDR(pid_key.static_addr, p);
953 memcpy(pid_key.irk, p_cb->tk, BT_OCTET16_LEN);
955 /* to use as BD_ADDR for lk derived from ltk */
956 p_cb->id_addr_rcvd = true;
957 p_cb->id_addr_type = pid_key.addr_type;
958 p_cb->id_addr = pid_key.static_addr;
960 /* store the ID key from peer device */
961 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) &&
962 (p_cb->loc_auth_req & SMP_AUTH_BOND))
963 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PID,
964 (tBTM_LE_KEY_VALUE*)&pid_key, true);
965 smp_key_distribution_by_transport(p_cb, NULL);
968 /*******************************************************************************
969 * Function smp_proc_srk_info
970 * Description process security information from peer device
971 ******************************************************************************/
972 void smp_proc_srk_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
973 tBTM_LE_PCSRK_KEYS le_key;
975 SMP_TRACE_DEBUG("%s", __func__);
976 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_CSRK, true);
978 /* save CSRK to security record */
979 le_key.sec_level = p_cb->sec_level;
982 maybe_non_aligned_memcpy(le_key.csrk, p_data, BT_OCTET16_LEN);
984 /* initialize the peer counter */
987 if ((p_cb->peer_auth_req & SMP_AUTH_BOND) &&
988 (p_cb->loc_auth_req & SMP_AUTH_BOND))
989 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PCSRK,
990 (tBTM_LE_KEY_VALUE*)&le_key, true);
991 smp_key_distribution_by_transport(p_cb, NULL);
994 /*******************************************************************************
995 * Function smp_proc_compare
996 * Description process compare value
997 ******************************************************************************/
998 void smp_proc_compare(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1001 SMP_TRACE_DEBUG("%s", __func__);
1002 if (!memcmp(p_cb->rconfirm, p_data->key.p_data, BT_OCTET16_LEN)) {
1003 /* compare the max encryption key size, and save the smaller one for the
1005 if (p_cb->peer_enc_size < p_cb->loc_enc_size)
1006 p_cb->loc_enc_size = p_cb->peer_enc_size;
1008 if (p_cb->role == HCI_ROLE_SLAVE)
1009 smp_sm_event(p_cb, SMP_RAND_EVT, NULL);
1011 /* master device always use received i/r key as keys to distribute */
1012 p_cb->local_i_key = p_cb->peer_i_key;
1013 p_cb->local_r_key = p_cb->peer_r_key;
1015 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1019 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1020 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1024 /*******************************************************************************
1025 * Function smp_proc_sl_key
1026 * Description process key ready events.
1027 ******************************************************************************/
1028 void smp_proc_sl_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1029 uint8_t key_type = p_data->key.key_type;
1031 SMP_TRACE_DEBUG("%s", __func__);
1032 if (key_type == SMP_KEY_TYPE_TK) {
1033 smp_generate_srand_mrand_confirm(p_cb, NULL);
1034 } else if (key_type == SMP_KEY_TYPE_CFM) {
1035 smp_set_state(SMP_STATE_WAIT_CONFIRM);
1037 if (p_cb->flags & SMP_PAIR_FLAGS_CMD_CONFIRM)
1038 smp_sm_event(p_cb, SMP_CONFIRM_EVT, NULL);
1042 /*******************************************************************************
1043 * Function smp_start_enc
1044 * Description start encryption
1045 ******************************************************************************/
1046 void smp_start_enc(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1048 uint8_t reason = SMP_ENC_FAIL;
1050 SMP_TRACE_DEBUG("%s", __func__);
1052 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, true, p_data->key.p_data);
1054 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, false, NULL);
1056 if (cmd != BTM_CMD_STARTED && cmd != BTM_BUSY)
1057 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1060 /*******************************************************************************
1061 * Function smp_proc_discard
1062 * Description processing for discard security request
1063 ******************************************************************************/
1064 void smp_proc_discard(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1065 SMP_TRACE_DEBUG("%s", __func__);
1066 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD))
1067 smp_reset_control_value(p_cb);
1070 /*******************************************************************************
1071 * Function smp_enc_cmpl
1072 * Description encryption success
1073 ******************************************************************************/
1074 void smp_enc_cmpl(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1075 uint8_t enc_enable = *(uint8_t*)p_data;
1076 uint8_t reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1078 SMP_TRACE_DEBUG("%s", __func__);
1079 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1082 /*******************************************************************************
1083 * Function smp_check_auth_req
1084 * Description check authentication request
1085 ******************************************************************************/
1086 void smp_check_auth_req(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1087 uint8_t enc_enable = *(uint8_t*)p_data;
1088 uint8_t reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1091 "%s rcvs enc_enable=%d i_keys=0x%x r_keys=0x%x (i-initiator r-responder)",
1092 __func__, enc_enable, p_cb->local_i_key, p_cb->local_r_key);
1093 if (enc_enable == 1) {
1094 if (p_cb->le_secure_connections_mode_is_used) {
1095 /* In LE SC mode LTK is used instead of STK and has to be always saved */
1096 p_cb->local_i_key |= SMP_SEC_KEY_TYPE_ENC;
1097 p_cb->local_r_key |= SMP_SEC_KEY_TYPE_ENC;
1099 /* In LE SC mode LK is derived from LTK only if both sides request it */
1100 if (!(p_cb->local_i_key & SMP_SEC_KEY_TYPE_LK) ||
1101 !(p_cb->local_r_key & SMP_SEC_KEY_TYPE_LK)) {
1102 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1103 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1106 /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
1107 ** Set local_r_key on master to expect only these keys.
1109 if (p_cb->role == HCI_ROLE_MASTER) {
1110 p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
1113 /* in legacy mode derivation of BR/EDR LK is not supported */
1114 p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1115 p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1118 "%s rcvs upgrades: i_keys=0x%x r_keys=0x%x (i-initiator r-responder)",
1119 __func__, p_cb->local_i_key, p_cb->local_r_key);
1121 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
1122 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
1123 (p_cb->local_i_key || p_cb->local_r_key)) {
1124 smp_sm_event(p_cb, SMP_BOND_REQ_EVT, NULL);
1126 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1127 } else if (enc_enable == 0) {
1128 /* if failed for encryption after pairing, send callback */
1129 if (p_cb->flags & SMP_PAIR_FLAG_ENC_AFTER_PAIR)
1130 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1131 /* if enc failed for old security information */
1132 /* if master device, clean up and abck to idle; slave device do nothing */
1133 else if (p_cb->role == HCI_ROLE_MASTER) {
1134 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1139 /*******************************************************************************
1140 * Function smp_key_pick_key
1141 * Description Pick a key distribution function based on the key mask.
1142 ******************************************************************************/
1143 void smp_key_pick_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1144 uint8_t key_to_dist =
1145 (p_cb->role == HCI_ROLE_SLAVE) ? p_cb->local_r_key : p_cb->local_i_key;
1148 SMP_TRACE_DEBUG("%s key_to_dist=0x%x", __func__, key_to_dist);
1149 while (i < SMP_KEY_DIST_TYPE_MAX) {
1150 SMP_TRACE_DEBUG("key to send = %02x, i = %d", key_to_dist, i);
1152 if (key_to_dist & (1 << i)) {
1153 SMP_TRACE_DEBUG("smp_distribute_act[%d]", i);
1154 (*smp_distribute_act[i])(p_cb, p_data);
1160 /*******************************************************************************
1161 * Function smp_key_distribution
1162 * Description start key distribution if required.
1163 ******************************************************************************/
1164 void smp_key_distribution(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1165 SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x", __func__,
1166 p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
1168 if (p_cb->role == HCI_ROLE_SLAVE ||
1169 (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER)) {
1170 smp_key_pick_key(p_cb, p_data);
1173 if (!p_cb->local_i_key && !p_cb->local_r_key) {
1174 /* state check to prevent re-entrant */
1175 if (smp_get_state() == SMP_STATE_BOND_PENDING) {
1176 if (p_cb->derive_lk) {
1177 smp_derive_link_key_from_long_term_key(p_cb, NULL);
1178 p_cb->derive_lk = false;
1181 if (p_cb->total_tx_unacked == 0) {
1183 * Instead of declaring authorization complete immediately,
1184 * delay the event from being sent by SMP_DELAYED_AUTH_TIMEOUT_MS.
1185 * This allows the slave to send over Pairing Failed if the
1186 * last key is rejected. During this waiting window, the
1187 * state should remain in SMP_STATE_BOND_PENDING.
1189 if (!alarm_is_scheduled(p_cb->delayed_auth_timer_ent)) {
1190 SMP_TRACE_DEBUG("%s delaying auth complete.", __func__);
1191 alarm_set_on_mloop(p_cb->delayed_auth_timer_ent,
1192 SMP_DELAYED_AUTH_TIMEOUT_MS,
1193 smp_delayed_auth_complete_timeout, NULL);
1196 p_cb->wait_for_authorization_complete = true;
1202 /*******************************************************************************
1203 * Function smp_decide_association_model
1204 * Description This function is called to select assoc model to be used for
1205 * STK generation and to start STK generation process.
1207 ******************************************************************************/
1208 void smp_decide_association_model(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1209 uint8_t failure = SMP_UNKNOWN_IO_CAP;
1210 uint8_t int_evt = 0;
1212 tSMP_INT_DATA* p = NULL;
1214 SMP_TRACE_DEBUG("%s Association Model = %d", __func__,
1215 p_cb->selected_association_model);
1217 switch (p_cb->selected_association_model) {
1218 case SMP_MODEL_ENCRYPTION_ONLY: /* TK = 0, go calculate Confirm */
1219 if (p_cb->role == HCI_ROLE_MASTER &&
1220 ((p_cb->peer_auth_req & SMP_AUTH_YN_BIT) != 0) &&
1221 ((p_cb->loc_auth_req & SMP_AUTH_YN_BIT) == 0)) {
1223 "IO capability does not meet authentication requirement");
1224 failure = SMP_PAIR_AUTH_FAIL;
1225 p = (tSMP_INT_DATA*)&failure;
1226 int_evt = SMP_AUTH_CMPL_EVT;
1228 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1229 SMP_TRACE_EVENT("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ",
1232 key.key_type = SMP_KEY_TYPE_TK;
1233 key.p_data = p_cb->tk;
1234 p = (tSMP_INT_DATA*)&key;
1236 memset(p_cb->tk, 0, BT_OCTET16_LEN);
1238 int_evt = SMP_KEY_READY_EVT;
1242 case SMP_MODEL_PASSKEY:
1243 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1244 SMP_TRACE_EVENT("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ",
1247 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1248 int_evt = SMP_TK_REQ_EVT;
1252 SMP_TRACE_ERROR("Association Model = SMP_MODEL_OOB");
1253 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1254 SMP_TRACE_EVENT("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ",
1257 p_cb->cb_evt = SMP_OOB_REQ_EVT;
1258 int_evt = SMP_TK_REQ_EVT;
1261 case SMP_MODEL_KEY_NOTIF:
1262 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1263 SMP_TRACE_DEBUG("Need to generate Passkey");
1265 /* generate passkey and notify application */
1266 smp_generate_passkey(p_cb, NULL);
1269 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1270 case SMP_MODEL_SEC_CONN_NUM_COMP:
1271 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1272 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1273 case SMP_MODEL_SEC_CONN_OOB:
1274 int_evt = SMP_PUBL_KEY_EXCH_REQ_EVT;
1277 case SMP_MODEL_OUT_OF_RANGE:
1278 SMP_TRACE_ERROR("Association Model = SMP_MODEL_OUT_OF_RANGE (failed)");
1279 p = (tSMP_INT_DATA*)&failure;
1280 int_evt = SMP_AUTH_CMPL_EVT;
1285 "Association Model = %d (SOMETHING IS WRONG WITH THE CODE)",
1286 p_cb->selected_association_model);
1287 p = (tSMP_INT_DATA*)&failure;
1288 int_evt = SMP_AUTH_CMPL_EVT;
1291 SMP_TRACE_EVENT("sec_level=%d ", p_cb->sec_level);
1292 if (int_evt) smp_sm_event(p_cb, int_evt, p);
1295 /*******************************************************************************
1296 * Function smp_process_io_response
1297 * Description process IO response for a slave device.
1298 ******************************************************************************/
1299 void smp_process_io_response(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1300 uint8_t reason = SMP_PAIR_AUTH_FAIL;
1302 SMP_TRACE_DEBUG("%s", __func__);
1303 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD) {
1304 /* pairing started by local (slave) Security Request */
1305 smp_set_state(SMP_STATE_SEC_REQ_PENDING);
1306 smp_send_cmd(SMP_OPCODE_SEC_REQ, p_cb);
1307 } else /* plan to send pairing respond */
1309 /* pairing started by peer (master) Pairing Request */
1310 p_cb->selected_association_model = smp_select_association_model(p_cb);
1312 if (p_cb->secure_connections_only_mode_required &&
1313 (!(p_cb->le_secure_connections_mode_is_used) ||
1314 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS))) {
1316 "Slave requires secure connection only mode "
1317 "but it can't be provided -> Slave fails pairing");
1318 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1322 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) {
1323 if (smp_request_oob_data(p_cb)) return;
1326 // PTS Testing failure modes
1327 if (pts_test_send_authentication_complete_failure(p_cb)) return;
1329 smp_send_pair_rsp(p_cb, NULL);
1333 /*******************************************************************************
1334 * Function smp_br_process_slave_keys_response
1335 * Description process application keys response for a slave device
1336 * (BR/EDR transport).
1337 ******************************************************************************/
1338 void smp_br_process_slave_keys_response(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1339 smp_br_send_pair_response(p_cb, NULL);
1342 /*******************************************************************************
1343 * Function smp_br_send_pair_response
1344 * Description actions related to sending pairing response over BR/EDR
1346 ******************************************************************************/
1347 void smp_br_send_pair_response(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1348 SMP_TRACE_DEBUG("%s", __func__);
1350 p_cb->local_i_key &= p_cb->peer_i_key;
1351 p_cb->local_r_key &= p_cb->peer_r_key;
1353 smp_send_cmd(SMP_OPCODE_PAIRING_RSP, p_cb);
1356 /*******************************************************************************
1357 * Function smp_pairing_cmpl
1358 * Description This function is called to send the pairing complete
1359 * callback and remove the connection if needed.
1360 ******************************************************************************/
1361 void smp_pairing_cmpl(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1362 if (p_cb->total_tx_unacked == 0) {
1363 /* process the pairing complete */
1364 smp_proc_pairing_cmpl(p_cb);
1368 /*******************************************************************************
1369 * Function smp_pair_terminate
1370 * Description This function is called to send the pairing complete
1371 * callback and remove the connection if needed.
1372 ******************************************************************************/
1373 void smp_pair_terminate(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1374 SMP_TRACE_DEBUG("%s", __func__);
1375 p_cb->status = SMP_CONN_TOUT;
1376 smp_proc_pairing_cmpl(p_cb);
1379 /*******************************************************************************
1380 * Function smp_idle_terminate
1381 * Description This function calledin idle state to determine to send
1382 * authentication complete or not.
1383 ******************************************************************************/
1384 void smp_idle_terminate(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1385 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD) {
1386 SMP_TRACE_DEBUG("Pairing terminated at IDLE state.");
1387 p_cb->status = SMP_FAIL;
1388 smp_proc_pairing_cmpl(p_cb);
1392 /*******************************************************************************
1393 * Function smp_fast_conn_param
1394 * Description apply default connection parameter for pairing process
1395 ******************************************************************************/
1396 void smp_fast_conn_param(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1397 /* Disable L2CAP connection parameter updates while bonding since
1398 some peripherals are not able to revert to fast connection parameters
1399 during the start of service discovery. Connection paramter updates
1400 get enabled again once service discovery completes. */
1401 L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, false);
1404 /*******************************************************************************
1405 * Function smp_both_have_public_keys
1406 * Description The function is called when both local and peer public keys are
1409 * - invokes DHKey computation;
1410 * - on slave side invokes sending local public key to the peer.
1411 * - invokes SC phase 1 process.
1412 ******************************************************************************/
1413 void smp_both_have_public_keys(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1414 SMP_TRACE_DEBUG("%s", __func__);
1416 /* invokes DHKey computation */
1417 smp_compute_dhkey(p_cb);
1419 /* on slave side invokes sending local public key to the peer */
1420 if (p_cb->role == HCI_ROLE_SLAVE) smp_send_pair_public_key(p_cb, NULL);
1422 smp_sm_event(p_cb, SMP_SC_DHKEY_CMPLT_EVT, NULL);
1425 /*******************************************************************************
1426 * Function smp_start_secure_connection_phase1
1427 * Description Start Secure Connection phase1 i.e. invokes initialization of
1428 * Secure Connection phase 1 parameters and starts building/sending
1429 * to the peer messages appropriate for the role and association
1431 ******************************************************************************/
1432 void smp_start_secure_connection_phase1(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1433 SMP_TRACE_DEBUG("%s", __func__);
1435 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS) {
1436 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1437 SMP_TRACE_EVENT("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ",
1440 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1441 SMP_TRACE_EVENT("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ",
1445 switch (p_cb->selected_association_model) {
1446 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1447 case SMP_MODEL_SEC_CONN_NUM_COMP:
1448 memset(p_cb->local_random, 0, BT_OCTET16_LEN);
1449 smp_start_nonce_generation(p_cb);
1451 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1452 /* user has to provide passkey */
1453 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1454 smp_sm_event(p_cb, SMP_TK_REQ_EVT, NULL);
1456 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1457 /* passkey has to be provided to user */
1458 SMP_TRACE_DEBUG("Need to generate SC Passkey");
1459 smp_generate_passkey(p_cb, NULL);
1461 case SMP_MODEL_SEC_CONN_OOB:
1462 /* use the available OOB information */
1463 smp_process_secure_connection_oob_data(p_cb, NULL);
1466 SMP_TRACE_ERROR("Association Model = %d is not used in LE SC",
1467 p_cb->selected_association_model);
1472 /*******************************************************************************
1473 * Function smp_process_local_nonce
1474 * Description The function processes new local nonce.
1476 * Note It is supposed to be called in SC phase1.
1477 ******************************************************************************/
1478 void smp_process_local_nonce(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1479 SMP_TRACE_DEBUG("%s", __func__);
1481 switch (p_cb->selected_association_model) {
1482 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1483 case SMP_MODEL_SEC_CONN_NUM_COMP:
1484 if (p_cb->role == HCI_ROLE_SLAVE) {
1485 /* slave calculates and sends local commitment */
1486 smp_calculate_local_commitment(p_cb);
1487 smp_send_commitment(p_cb, NULL);
1488 /* slave has to wait for peer nonce */
1489 smp_set_state(SMP_STATE_WAIT_NONCE);
1490 } else /* i.e. master */
1492 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM) {
1493 /* slave commitment is already received, send local nonce, wait for
1496 "master in assoc mode = %d "
1497 "already rcvd slave commitment - race condition",
1498 p_cb->selected_association_model);
1499 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1500 smp_send_rand(p_cb, NULL);
1501 smp_set_state(SMP_STATE_WAIT_NONCE);
1505 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1506 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1507 smp_calculate_local_commitment(p_cb);
1509 if (p_cb->role == HCI_ROLE_MASTER) {
1510 smp_send_commitment(p_cb, NULL);
1513 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM) {
1514 /* master commitment is already received */
1515 smp_send_commitment(p_cb, NULL);
1516 smp_set_state(SMP_STATE_WAIT_NONCE);
1520 case SMP_MODEL_SEC_CONN_OOB:
1521 if (p_cb->role == HCI_ROLE_MASTER) {
1522 smp_send_rand(p_cb, NULL);
1525 smp_set_state(SMP_STATE_WAIT_NONCE);
1528 SMP_TRACE_ERROR("Association Model = %d is not used in LE SC",
1529 p_cb->selected_association_model);
1534 /*******************************************************************************
1535 * Function smp_process_peer_nonce
1536 * Description The function processes newly received and saved in CB peer
1537 * nonce. The actions depend on the selected association model and
1540 * Note It is supposed to be called in SC phase1.
1541 ******************************************************************************/
1542 void smp_process_peer_nonce(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1545 SMP_TRACE_DEBUG("%s start ", __func__);
1547 // PTS Testing failure modes
1548 if (p_cb->cert_failure == SMP_CONFIRM_VALUE_ERR) {
1549 SMP_TRACE_ERROR("%s failure case = %d", __func__, p_cb->cert_failure);
1550 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1551 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1554 // PTS Testing failure modes (for LT)
1555 if ((p_cb->cert_failure == SMP_NUMERIC_COMPAR_FAIL) &&
1556 (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS) &&
1557 (p_cb->role == HCI_ROLE_SLAVE)) {
1558 SMP_TRACE_ERROR("%s failure case = %d", __func__, p_cb->cert_failure);
1559 reason = p_cb->failure = SMP_NUMERIC_COMPAR_FAIL;
1560 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1564 switch (p_cb->selected_association_model) {
1565 case SMP_MODEL_SEC_CONN_JUSTWORKS:
1566 case SMP_MODEL_SEC_CONN_NUM_COMP:
1567 /* in these models only master receives commitment */
1568 if (p_cb->role == HCI_ROLE_MASTER) {
1569 if (!smp_check_commitment(p_cb)) {
1570 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1571 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1575 /* slave sends local nonce */
1576 smp_send_rand(p_cb, NULL);
1579 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS) {
1580 /* go directly to phase 2 */
1581 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1582 } else /* numeric comparison */
1584 smp_set_state(SMP_STATE_WAIT_NONCE);
1585 smp_sm_event(p_cb, SMP_SC_CALC_NC_EVT, NULL);
1588 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1589 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1590 if (!smp_check_commitment(p_cb) &&
1591 p_cb->cert_failure != SMP_NUMERIC_COMPAR_FAIL) {
1592 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1593 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1597 if (p_cb->role == HCI_ROLE_SLAVE) {
1598 smp_send_rand(p_cb, NULL);
1601 if (++p_cb->round < 20) {
1602 smp_set_state(SMP_STATE_SEC_CONN_PHS1_START);
1603 p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1604 smp_start_nonce_generation(p_cb);
1608 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1610 case SMP_MODEL_SEC_CONN_OOB:
1611 if (p_cb->role == HCI_ROLE_SLAVE) {
1612 smp_send_rand(p_cb, NULL);
1615 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1618 SMP_TRACE_ERROR("Association Model = %d is not used in LE SC",
1619 p_cb->selected_association_model);
1623 SMP_TRACE_DEBUG("%s end ", __func__);
1626 /*******************************************************************************
1627 * Function smp_match_dhkey_checks
1628 * Description checks if the calculated peer DHKey Check value is the same as
1629 * received from the peer DHKey check value.
1630 ******************************************************************************/
1631 void smp_match_dhkey_checks(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1632 uint8_t reason = SMP_DHKEY_CHK_FAIL;
1634 SMP_TRACE_DEBUG("%s", __func__);
1636 if (memcmp(p_data->key.p_data, p_cb->remote_dhkey_check, BT_OCTET16_LEN)) {
1637 SMP_TRACE_WARNING("dhkey chcks do no match");
1638 p_cb->failure = reason;
1639 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1643 SMP_TRACE_EVENT("dhkey chcks match");
1645 /* compare the max encryption key size, and save the smaller one for the link
1647 if (p_cb->peer_enc_size < p_cb->loc_enc_size)
1648 p_cb->loc_enc_size = p_cb->peer_enc_size;
1650 if (p_cb->role == HCI_ROLE_SLAVE) {
1651 smp_sm_event(p_cb, SMP_PAIR_DHKEY_CHCK_EVT, NULL);
1653 /* master device always use received i/r key as keys to distribute */
1654 p_cb->local_i_key = p_cb->peer_i_key;
1655 p_cb->local_r_key = p_cb->peer_r_key;
1656 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1660 /*******************************************************************************
1661 * Function smp_move_to_secure_connections_phase2
1662 * Description Signal State Machine to start SC phase 2 initialization (to
1663 * compute local DHKey Check value).
1665 * Note SM is supposed to be in the state SMP_STATE_SEC_CONN_PHS2_START.
1666 ******************************************************************************/
1667 void smp_move_to_secure_connections_phase2(tSMP_CB* p_cb,
1668 tSMP_INT_DATA* p_data) {
1669 SMP_TRACE_DEBUG("%s", __func__);
1670 smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1673 /*******************************************************************************
1674 * Function smp_phase_2_dhkey_checks_are_present
1675 * Description generates event if dhkey check from the peer is already
1678 * Note It is supposed to be used on slave to prevent race condition.
1679 * It is supposed to be called after slave dhkey check is
1681 ******************************************************************************/
1682 void smp_phase_2_dhkey_checks_are_present(tSMP_CB* p_cb,
1683 tSMP_INT_DATA* p_data) {
1684 SMP_TRACE_DEBUG("%s", __func__);
1686 if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK)
1687 smp_sm_event(p_cb, SMP_SC_2_DHCK_CHKS_PRES_EVT, NULL);
1690 /*******************************************************************************
1691 * Function smp_wait_for_both_public_keys
1692 * Description generates SMP_BOTH_PUBL_KEYS_RCVD_EVT event when both local and
1693 * master public keys are available.
1695 * Note on the slave it is used to prevent race condition.
1697 ******************************************************************************/
1698 void smp_wait_for_both_public_keys(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1699 SMP_TRACE_DEBUG("%s", __func__);
1701 if ((p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY) &&
1702 (p_cb->flags & SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY)) {
1703 if ((p_cb->role == HCI_ROLE_SLAVE) &&
1704 ((p_cb->req_oob_type == SMP_OOB_LOCAL) ||
1705 (p_cb->req_oob_type == SMP_OOB_BOTH))) {
1706 smp_set_state(SMP_STATE_PUBLIC_KEY_EXCH);
1708 smp_sm_event(p_cb, SMP_BOTH_PUBL_KEYS_RCVD_EVT, NULL);
1712 /*******************************************************************************
1713 * Function smp_start_passkey_verification
1714 * Description Starts SC passkey entry verification.
1715 ******************************************************************************/
1716 void smp_start_passkey_verification(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1719 SMP_TRACE_DEBUG("%s", __func__);
1720 p = p_cb->local_random;
1721 UINT32_TO_STREAM(p, p_data->passkey);
1723 p = p_cb->peer_random;
1724 UINT32_TO_STREAM(p, p_data->passkey);
1727 smp_start_nonce_generation(p_cb);
1730 /*******************************************************************************
1731 * Function smp_process_secure_connection_oob_data
1732 * Description Processes local/peer SC OOB data received from somewhere.
1733 ******************************************************************************/
1734 void smp_process_secure_connection_oob_data(tSMP_CB* p_cb,
1735 tSMP_INT_DATA* p_data) {
1736 SMP_TRACE_DEBUG("%s", __func__);
1738 tSMP_SC_OOB_DATA* p_sc_oob_data = &p_cb->sc_oob_data;
1739 if (p_sc_oob_data->loc_oob_data.present) {
1740 memcpy(p_cb->local_random, p_sc_oob_data->loc_oob_data.randomizer,
1741 sizeof(p_cb->local_random));
1743 SMP_TRACE_EVENT("%s: local OOB randomizer is absent", __func__);
1744 memset(p_cb->local_random, 0, sizeof(p_cb->local_random));
1747 if (!p_sc_oob_data->peer_oob_data.present) {
1748 SMP_TRACE_EVENT("%s: peer OOB data is absent", __func__);
1749 memset(p_cb->peer_random, 0, sizeof(p_cb->peer_random));
1751 memcpy(p_cb->peer_random, p_sc_oob_data->peer_oob_data.randomizer,
1752 sizeof(p_cb->peer_random));
1753 memcpy(p_cb->remote_commitment, p_sc_oob_data->peer_oob_data.commitment,
1754 sizeof(p_cb->remote_commitment));
1756 uint8_t reason = SMP_CONFIRM_VALUE_ERR;
1757 /* check commitment */
1758 if (!smp_check_commitment(p_cb)) {
1759 p_cb->failure = reason;
1760 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1764 if (p_cb->peer_oob_flag != SMP_OOB_PRESENT) {
1765 /* the peer doesn't have local randomiser */
1767 "%s: peer didn't receive local OOB data, set local randomizer to 0",
1769 memset(p_cb->local_random, 0, sizeof(p_cb->local_random));
1773 print128(p_cb->local_random, (const uint8_t*)"local OOB randomizer");
1774 print128(p_cb->peer_random, (const uint8_t*)"peer OOB randomizer");
1775 smp_start_nonce_generation(p_cb);
1778 /*******************************************************************************
1779 * Function smp_set_local_oob_keys
1780 * Description Saves calculated private/public keys in
1781 * sc_oob_data.loc_oob_data, starts nonce generation
1782 * (to be saved in sc_oob_data.loc_oob_data.randomizer).
1783 ******************************************************************************/
1784 void smp_set_local_oob_keys(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1785 SMP_TRACE_DEBUG("%s", __func__);
1787 memcpy(p_cb->sc_oob_data.loc_oob_data.private_key_used, p_cb->private_key,
1789 p_cb->sc_oob_data.loc_oob_data.publ_key_used = p_cb->loc_publ_key;
1790 smp_start_nonce_generation(p_cb);
1793 /*******************************************************************************
1794 * Function smp_set_local_oob_random_commitment
1795 * Description Saves calculated randomizer and commitment in
1796 * sc_oob_data.loc_oob_data, passes sc_oob_data.loc_oob_data up
1798 ******************************************************************************/
1799 void smp_set_local_oob_random_commitment(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1800 SMP_TRACE_DEBUG("%s", __func__);
1801 memcpy(p_cb->sc_oob_data.loc_oob_data.randomizer, p_cb->rand, BT_OCTET16_LEN);
1803 smp_calculate_f4(p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1804 p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1805 p_cb->sc_oob_data.loc_oob_data.randomizer, 0,
1806 p_cb->sc_oob_data.loc_oob_data.commitment);
1808 #if (SMP_DEBUG == TRUE)
1809 uint8_t* p_print = NULL;
1810 SMP_TRACE_DEBUG("local SC OOB data set:");
1811 p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.addr_sent_to;
1812 smp_debug_print_nbyte_little_endian(p_print, "addr_sent_to",
1813 sizeof(tBLE_BD_ADDR));
1814 p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.private_key_used;
1815 smp_debug_print_nbyte_little_endian(p_print, "private_key_used",
1817 p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.publ_key_used.x;
1818 smp_debug_print_nbyte_little_endian(p_print, "publ_key_used.x",
1820 p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.publ_key_used.y;
1821 smp_debug_print_nbyte_little_endian(p_print, "publ_key_used.y",
1823 p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.randomizer;
1824 smp_debug_print_nbyte_little_endian(p_print, "randomizer", BT_OCTET16_LEN);
1825 p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.commitment;
1826 smp_debug_print_nbyte_little_endian(p_print, "commitment", BT_OCTET16_LEN);
1827 SMP_TRACE_DEBUG("");
1830 /* pass created OOB data up */
1831 p_cb->cb_evt = SMP_SC_LOC_OOB_DATA_UP_EVT;
1832 smp_send_app_cback(p_cb, NULL);
1834 smp_cb_cleanup(p_cb);
1837 /*******************************************************************************
1839 * Function smp_link_encrypted
1841 * Description This function is called when link is encrypted and notified
1842 * to the slave device. Proceed to to send LTK, DIV and ER to
1843 * master if bonding the devices.
1848 ******************************************************************************/
1849 void smp_link_encrypted(const RawAddress& bda, uint8_t encr_enable) {
1850 tSMP_CB* p_cb = &smp_cb;
1852 SMP_TRACE_DEBUG("%s: encr_enable=%d", __func__, encr_enable);
1854 if (smp_cb.pairing_bda == bda) {
1855 /* encryption completed with STK, remember the key size now, could be
1856 * overwritten when key exchange happens */
1857 if (p_cb->loc_enc_size != 0 && encr_enable) {
1858 /* update the link encryption key size if a SMP pairing just performed */
1859 btm_ble_update_sec_key_size(bda, p_cb->loc_enc_size);
1862 smp_sm_event(&smp_cb, SMP_ENCRYPTED_EVT, &encr_enable);
1866 /*******************************************************************************
1868 * Function smp_proc_ltk_request
1870 * Description This function is called when LTK request is received from
1875 ******************************************************************************/
1876 bool smp_proc_ltk_request(const RawAddress& bda) {
1877 SMP_TRACE_DEBUG("%s state = %d", __func__, smp_cb.state);
1880 if (bda == smp_cb.pairing_bda) {
1883 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bda);
1884 if (p_dev_rec != NULL && p_dev_rec->ble.pseudo_addr == smp_cb.pairing_bda &&
1885 p_dev_rec->ble.pseudo_addr != RawAddress::kEmpty) {
1890 if (match && smp_cb.state == SMP_STATE_ENCRYPTION_PENDING) {
1891 smp_sm_event(&smp_cb, SMP_ENC_REQ_EVT, NULL);
1898 /*******************************************************************************
1900 * Function smp_process_secure_connection_long_term_key
1902 * Description This function is called to process SC LTK.
1903 * SC LTK is calculated and used instead of STK.
1904 * Here SC LTK is saved in BLE DB.
1908 ******************************************************************************/
1909 void smp_process_secure_connection_long_term_key(void) {
1910 tSMP_CB* p_cb = &smp_cb;
1912 SMP_TRACE_DEBUG("%s", __func__);
1913 smp_save_secure_connections_long_term_key(p_cb);
1915 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ENC, false);
1916 smp_key_distribution(p_cb, NULL);
1919 /*******************************************************************************
1921 * Function smp_set_derive_link_key
1923 * Description This function is called to set flag that indicates that
1924 * BR/EDR LK has to be derived from LTK after all keys are
1929 ******************************************************************************/
1930 void smp_set_derive_link_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1931 SMP_TRACE_DEBUG("%s", __func__);
1932 p_cb->derive_lk = true;
1933 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_LK, false);
1934 smp_key_distribution(p_cb, NULL);
1937 /*******************************************************************************
1939 * Function smp_derive_link_key_from_long_term_key
1941 * Description This function is called to derive BR/EDR LK from LTK.
1945 ******************************************************************************/
1946 void smp_derive_link_key_from_long_term_key(tSMP_CB* p_cb,
1947 tSMP_INT_DATA* p_data) {
1948 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
1950 SMP_TRACE_DEBUG("%s", __func__);
1951 if (!smp_calculate_link_key_from_long_term_key(p_cb)) {
1952 SMP_TRACE_ERROR("%s failed", __func__);
1953 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
1958 /*******************************************************************************
1960 * Function smp_br_process_link_key
1962 * Description This function is called to process BR/EDR LK:
1963 * - to derive SMP LTK from BR/EDR LK;
1964 * - to save SMP LTK.
1968 ******************************************************************************/
1969 void smp_br_process_link_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1970 tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
1972 SMP_TRACE_DEBUG("%s", __func__);
1973 if (!smp_calculate_long_term_key_from_link_key(p_cb)) {
1974 SMP_TRACE_ERROR("%s: failed", __func__);
1975 smp_sm_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &status);
1979 SMP_TRACE_DEBUG("%s: LTK derivation from LK successfully completed",
1981 smp_save_secure_connections_long_term_key(p_cb);
1982 smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ENC, false);
1983 smp_br_select_next_key(p_cb, NULL);
1986 /*******************************************************************************
1987 * Function smp_key_distribution_by_transport
1988 * Description depending on the transport used at the moment calls either
1989 * smp_key_distribution(...) or smp_br_key_distribution(...).
1990 ******************************************************************************/
1991 void smp_key_distribution_by_transport(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
1992 SMP_TRACE_DEBUG("%s", __func__);
1993 if (p_cb->smp_over_br) {
1994 smp_br_select_next_key(p_cb, NULL);
1996 smp_key_distribution(p_cb, NULL);
2000 /*******************************************************************************
2001 * Function smp_br_pairing_complete
2002 * Description This function is called to send the pairing complete
2003 * callback and remove the connection if needed.
2004 ******************************************************************************/
2005 void smp_br_pairing_complete(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
2006 SMP_TRACE_DEBUG("%s", __func__);
2008 if (p_cb->total_tx_unacked == 0) {
2009 /* process the pairing complete */
2010 smp_proc_pairing_cmpl(p_cb);