1 /******************************************************************************
3 * Copyright (C) 1999-2012 Broadcom Corporation
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 ******************************************************************************/
19 /******************************************************************************
21 * This file contains functions for the SMP L2CAP utility functions
23 ******************************************************************************/
24 #include "bt_target.h"
26 #if SMP_INCLUDED == TRUE
33 #include "btm_ble_api.h"
37 #include "device/include/controller.h"
40 #define SMP_PAIRING_REQ_SIZE 7
41 #define SMP_CONFIRM_CMD_SIZE (BT_OCTET16_LEN + 1)
42 #define SMP_RAND_CMD_SIZE (BT_OCTET16_LEN + 1)
43 #define SMP_INIT_CMD_SIZE (BT_OCTET16_LEN + 1)
44 #define SMP_ENC_INFO_SIZE (BT_OCTET16_LEN + 1)
45 #define SMP_MASTER_ID_SIZE (BT_OCTET8_LEN + 2 + 1)
46 #define SMP_ID_INFO_SIZE (BT_OCTET16_LEN + 1)
47 #define SMP_ID_ADDR_SIZE (BD_ADDR_LEN + 1 + 1)
48 #define SMP_SIGN_INFO_SIZE (BT_OCTET16_LEN + 1)
49 #define SMP_PAIR_FAIL_SIZE 2
50 #define SMP_SECURITY_REQUEST_SIZE 2
51 #define SMP_PAIR_PUBL_KEY_SIZE (1 /* opcode */ + (2*BT_OCTET32_LEN))
52 #define SMP_PAIR_COMMITM_SIZE (1 /* opcode */ + BT_OCTET16_LEN /*Commitment*/)
53 #define SMP_PAIR_DHKEY_CHECK_SIZE (1 /* opcode */ + BT_OCTET16_LEN /*DHKey Check*/)
54 #define SMP_PAIR_KEYPR_NOTIF_SIZE (1 /* opcode */ + 1 /*Notif Type*/)
56 /* SMP command sizes per spec */
57 static const UINT8 smp_cmd_size_per_spec[] =
60 SMP_PAIRING_REQ_SIZE, /* 0x01: pairing request */
61 SMP_PAIRING_REQ_SIZE, /* 0x02: pairing response */
62 SMP_CONFIRM_CMD_SIZE, /* 0x03: pairing confirm */
63 SMP_RAND_CMD_SIZE, /* 0x04: pairing random */
64 SMP_PAIR_FAIL_SIZE, /* 0x05: pairing failed */
65 SMP_ENC_INFO_SIZE, /* 0x06: encryption information */
66 SMP_MASTER_ID_SIZE, /* 0x07: master identification */
67 SMP_ID_INFO_SIZE, /* 0x08: identity information */
68 SMP_ID_ADDR_SIZE, /* 0x09: identity address information */
69 SMP_SIGN_INFO_SIZE, /* 0x0A: signing information */
70 SMP_SECURITY_REQUEST_SIZE, /* 0x0B: security request */
71 SMP_PAIR_PUBL_KEY_SIZE, /* 0x0C: pairing public key */
72 SMP_PAIR_DHKEY_CHECK_SIZE, /* 0x0D: pairing dhkey check */
73 SMP_PAIR_KEYPR_NOTIF_SIZE, /* 0x0E: pairing keypress notification */
74 SMP_PAIR_COMMITM_SIZE /* 0x0F: pairing commitment */
77 static BOOLEAN smp_parameter_unconditionally_valid(tSMP_CB *p_cb);
78 static BOOLEAN smp_parameter_unconditionally_invalid(tSMP_CB *p_cb);
80 /* type for SMP command length validation functions */
81 typedef BOOLEAN (*tSMP_CMD_LEN_VALID)(tSMP_CB *p_cb);
83 static BOOLEAN smp_command_has_valid_fixed_length(tSMP_CB *p_cb);
85 static const tSMP_CMD_LEN_VALID smp_cmd_len_is_valid[] =
87 smp_parameter_unconditionally_invalid,
88 smp_command_has_valid_fixed_length, /* 0x01: pairing request */
89 smp_command_has_valid_fixed_length, /* 0x02: pairing response */
90 smp_command_has_valid_fixed_length, /* 0x03: pairing confirm */
91 smp_command_has_valid_fixed_length, /* 0x04: pairing random */
92 smp_command_has_valid_fixed_length, /* 0x05: pairing failed */
93 smp_command_has_valid_fixed_length, /* 0x06: encryption information */
94 smp_command_has_valid_fixed_length, /* 0x07: master identification */
95 smp_command_has_valid_fixed_length, /* 0x08: identity information */
96 smp_command_has_valid_fixed_length, /* 0x09: identity address information */
97 smp_command_has_valid_fixed_length, /* 0x0A: signing information */
98 smp_command_has_valid_fixed_length, /* 0x0B: security request */
99 smp_command_has_valid_fixed_length, /* 0x0C: pairing public key */
100 smp_command_has_valid_fixed_length, /* 0x0D: pairing dhkey check */
101 smp_command_has_valid_fixed_length, /* 0x0E: pairing keypress notification */
102 smp_command_has_valid_fixed_length /* 0x0F: pairing commitment */
105 /* type for SMP command parameter ranges validation functions */
106 typedef BOOLEAN (*tSMP_CMD_PARAM_RANGES_VALID)(tSMP_CB *p_cb);
108 static BOOLEAN smp_pairing_request_response_parameters_are_valid(tSMP_CB *p_cb);
109 static BOOLEAN smp_pairing_keypress_notification_is_valid(tSMP_CB *p_cb);
111 static const tSMP_CMD_PARAM_RANGES_VALID smp_cmd_param_ranges_are_valid[] =
113 smp_parameter_unconditionally_invalid,
114 smp_pairing_request_response_parameters_are_valid, /* 0x01: pairing request */
115 smp_pairing_request_response_parameters_are_valid, /* 0x02: pairing response */
116 smp_parameter_unconditionally_valid, /* 0x03: pairing confirm */
117 smp_parameter_unconditionally_valid, /* 0x04: pairing random */
118 smp_parameter_unconditionally_valid, /* 0x05: pairing failed */
119 smp_parameter_unconditionally_valid, /* 0x06: encryption information */
120 smp_parameter_unconditionally_valid, /* 0x07: master identification */
121 smp_parameter_unconditionally_valid, /* 0x08: identity information */
122 smp_parameter_unconditionally_valid, /* 0x09: identity address information */
123 smp_parameter_unconditionally_valid, /* 0x0A: signing information */
124 smp_parameter_unconditionally_valid, /* 0x0B: security request */
125 smp_parameter_unconditionally_valid, /* 0x0C: pairing public key */
126 smp_parameter_unconditionally_valid, /* 0x0D: pairing dhkey check */
127 smp_pairing_keypress_notification_is_valid, /* 0x0E: pairing keypress notification */
128 smp_parameter_unconditionally_valid /* 0x0F: pairing commitment */
131 /* type for action functions */
132 typedef BT_HDR * (*tSMP_CMD_ACT)(UINT8 cmd_code, tSMP_CB *p_cb);
134 static BT_HDR *smp_build_pairing_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
135 static BT_HDR *smp_build_confirm_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
136 static BT_HDR *smp_build_rand_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
137 static BT_HDR *smp_build_pairing_fail(UINT8 cmd_code, tSMP_CB *p_cb);
138 static BT_HDR *smp_build_identity_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
139 static BT_HDR *smp_build_encrypt_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
140 static BT_HDR *smp_build_security_request(UINT8 cmd_code, tSMP_CB *p_cb);
141 static BT_HDR *smp_build_signing_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
142 static BT_HDR *smp_build_master_id_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
143 static BT_HDR *smp_build_id_addr_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
144 static BT_HDR *smp_build_pair_public_key_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
145 static BT_HDR *smp_build_pairing_commitment_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
146 static BT_HDR *smp_build_pair_dhkey_check_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
147 static BT_HDR *smp_build_pairing_keypress_notification_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
149 static const tSMP_CMD_ACT smp_cmd_build_act[] =
152 smp_build_pairing_cmd, /* 0x01: pairing request */
153 smp_build_pairing_cmd, /* 0x02: pairing response */
154 smp_build_confirm_cmd, /* 0x03: pairing confirm */
155 smp_build_rand_cmd, /* 0x04: pairing random */
156 smp_build_pairing_fail, /* 0x05: pairing failure */
157 smp_build_encrypt_info_cmd, /* 0x06: encryption information */
158 smp_build_master_id_cmd, /* 0x07: master identification */
159 smp_build_identity_info_cmd, /* 0x08: identity information */
160 smp_build_id_addr_cmd, /* 0x09: identity address information */
161 smp_build_signing_info_cmd, /* 0x0A: signing information */
162 smp_build_security_request, /* 0x0B: security request */
163 smp_build_pair_public_key_cmd, /* 0x0C: pairing public key */
164 smp_build_pair_dhkey_check_cmd, /* 0x0D: pairing DHKey check */
165 smp_build_pairing_keypress_notification_cmd, /* 0x0E: pairing keypress notification */
166 smp_build_pairing_commitment_cmd /* 0x0F: pairing commitment */
169 static const UINT8 smp_association_table[2][SMP_IO_CAP_MAX][SMP_IO_CAP_MAX] =
171 /* display only */ /* Display Yes/No */ /* keyboard only */
172 /* No Input/Output */ /* keyboard display */
175 /* model = tbl[peer_io_caps][loc_io_caps] */
177 {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY,
178 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY},
181 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY,
182 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY},
185 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY,
186 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF},
188 /* No Input No Output */
189 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY,
190 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY},
192 /* keyboard display */
193 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY,
194 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}},
197 /* model = tbl[loc_io_caps][peer_io_caps] */
199 {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF,
200 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF},
203 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF,
204 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF},
207 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY,
208 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY},
210 /* No Input No Output */
211 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY,
212 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY},
214 /* keyboard display */
215 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_KEY_NOTIF,
216 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}}
219 static const UINT8 smp_association_table_sc[2][SMP_IO_CAP_MAX][SMP_IO_CAP_MAX] =
221 /* display only */ /* Display Yes/No */ /* keyboard only */
222 /* No InputOutput */ /* keyboard display */
225 /* model = tbl[peer_io_caps][loc_io_caps] */
228 {{SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_PASSKEY_ENT,
229 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_PASSKEY_ENT},
232 {SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_NUM_COMP, SMP_MODEL_SEC_CONN_PASSKEY_ENT,
233 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_NUM_COMP},
236 {SMP_MODEL_SEC_CONN_PASSKEY_DISP, SMP_MODEL_SEC_CONN_PASSKEY_DISP, SMP_MODEL_SEC_CONN_PASSKEY_ENT,
237 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_PASSKEY_DISP},
239 /* No Input No Output */
240 {SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS,
241 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS},
243 /* keyboard display */
244 {SMP_MODEL_SEC_CONN_PASSKEY_DISP, SMP_MODEL_SEC_CONN_NUM_COMP, SMP_MODEL_SEC_CONN_PASSKEY_ENT,
245 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_NUM_COMP}},
248 /* model = tbl[loc_io_caps][peer_io_caps] */
251 {{SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_PASSKEY_DISP,
252 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_PASSKEY_DISP},
255 {SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_NUM_COMP, SMP_MODEL_SEC_CONN_PASSKEY_DISP,
256 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_NUM_COMP},
259 {SMP_MODEL_SEC_CONN_PASSKEY_ENT, SMP_MODEL_SEC_CONN_PASSKEY_ENT, SMP_MODEL_SEC_CONN_PASSKEY_ENT,
260 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_PASSKEY_ENT},
262 /* No Input No Output */
263 {SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS,
264 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS},
266 /* keyboard display */
267 {SMP_MODEL_SEC_CONN_PASSKEY_ENT, SMP_MODEL_SEC_CONN_NUM_COMP, SMP_MODEL_SEC_CONN_PASSKEY_DISP,
268 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_NUM_COMP}}
271 static tSMP_ASSO_MODEL smp_select_legacy_association_model(tSMP_CB *p_cb);
272 static tSMP_ASSO_MODEL smp_select_association_model_secure_connections(tSMP_CB *p_cb);
274 /*******************************************************************************
276 ** Function smp_send_msg_to_L2CAP
278 ** Description Send message to L2CAP.
280 *******************************************************************************/
281 BOOLEAN smp_send_msg_to_L2CAP(BD_ADDR rem_bda, BT_HDR *p_toL2CAP)
284 UINT16 fixed_cid = L2CAP_SMP_CID;
286 if (smp_cb.smp_over_br)
288 fixed_cid = L2CAP_SMP_BR_CID;
291 SMP_TRACE_EVENT("%s", __FUNCTION__);
292 smp_cb.total_tx_unacked += 1;
294 if ((l2cap_ret = L2CA_SendFixedChnlData (fixed_cid, rem_bda, p_toL2CAP)) == L2CAP_DW_FAILED)
296 smp_cb.total_tx_unacked -= 1;
297 SMP_TRACE_ERROR("SMP failed to pass msg to L2CAP");
304 /*******************************************************************************
306 ** Function smp_send_cmd
308 ** Description send a SMP command on L2CAP channel.
310 *******************************************************************************/
311 BOOLEAN smp_send_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
314 BOOLEAN sent = FALSE;
315 UINT8 failure = SMP_PAIR_INTERNAL_ERR;
316 SMP_TRACE_EVENT("smp_send_cmd on l2cap cmd_code=0x%x", cmd_code);
317 if ( cmd_code <= (SMP_OPCODE_MAX + 1 /* for SMP_OPCODE_PAIR_COMMITM */) &&
318 smp_cmd_build_act[cmd_code] != NULL)
320 p_buf = (*smp_cmd_build_act[cmd_code])(cmd_code, p_cb);
323 smp_send_msg_to_L2CAP(p_cb->pairing_bda, p_buf))
327 btu_stop_timer (&p_cb->rsp_timer_ent);
328 btu_start_timer (&p_cb->rsp_timer_ent, BTU_TTYPE_SMP_PAIRING_CMD,
329 SMP_WAIT_FOR_RSP_TOUT);
335 if (p_cb->smp_over_br)
337 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &failure);
341 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &failure);
347 /*******************************************************************************
349 ** Function smp_rsp_timeout
351 ** Description Called when SMP wait for SMP command response timer expires
355 *******************************************************************************/
356 void smp_rsp_timeout(TIMER_LIST_ENT *p_tle)
358 tSMP_CB *p_cb = &smp_cb;
359 UINT8 failure = SMP_RSP_TIMEOUT;
362 SMP_TRACE_EVENT("%s state:%d br_state:%d", __FUNCTION__, p_cb->state, p_cb->br_state);
364 if (p_cb->smp_over_br)
366 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &failure);
370 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &failure);
374 /*******************************************************************************
376 ** Function smp_build_pairing_req_cmd
378 ** Description Build pairing request command.
380 *******************************************************************************/
381 BT_HDR * smp_build_pairing_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
383 BT_HDR *p_buf = NULL ;
386 SMP_TRACE_EVENT("smp_build_pairing_cmd");
387 if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_PAIRING_REQ_SIZE + L2CAP_MIN_OFFSET)) != NULL)
389 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
391 UINT8_TO_STREAM (p, cmd_code);
392 UINT8_TO_STREAM (p, p_cb->local_io_capability);
393 UINT8_TO_STREAM (p, p_cb->loc_oob_flag);
394 UINT8_TO_STREAM (p, p_cb->loc_auth_req);
395 UINT8_TO_STREAM (p, p_cb->loc_enc_size);
396 UINT8_TO_STREAM (p, p_cb->local_i_key);
397 UINT8_TO_STREAM (p, p_cb->local_r_key);
399 p_buf->offset = L2CAP_MIN_OFFSET;
400 /* 1B ERR_RSP op code + 1B cmd_op_code + 2B handle + 1B status */
401 p_buf->len = SMP_PAIRING_REQ_SIZE;
407 /*******************************************************************************
409 ** Function smp_build_confirm_cmd
411 ** Description Build confirm request command.
413 *******************************************************************************/
414 static BT_HDR * smp_build_confirm_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
416 BT_HDR *p_buf = NULL ;
420 SMP_TRACE_EVENT("smp_build_confirm_cmd");
421 if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_CONFIRM_CMD_SIZE + L2CAP_MIN_OFFSET)) != NULL)
423 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
425 UINT8_TO_STREAM (p, SMP_OPCODE_CONFIRM);
426 ARRAY_TO_STREAM (p, p_cb->confirm, BT_OCTET16_LEN);
428 p_buf->offset = L2CAP_MIN_OFFSET;
429 p_buf->len = SMP_CONFIRM_CMD_SIZE;
434 /*******************************************************************************
436 ** Function smp_build_rand_cmd
438 ** Description Build Random command.
440 *******************************************************************************/
441 static BT_HDR * smp_build_rand_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
443 BT_HDR *p_buf = NULL ;
447 SMP_TRACE_EVENT("%s", __func__);
448 if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_RAND_CMD_SIZE + L2CAP_MIN_OFFSET))
451 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
453 UINT8_TO_STREAM (p, SMP_OPCODE_RAND);
454 ARRAY_TO_STREAM (p, p_cb->rand, BT_OCTET16_LEN);
456 p_buf->offset = L2CAP_MIN_OFFSET;
457 p_buf->len = SMP_RAND_CMD_SIZE;
462 /*******************************************************************************
464 ** Function smp_build_encrypt_info_cmd
466 ** Description Build security information command.
468 *******************************************************************************/
469 static BT_HDR * smp_build_encrypt_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
471 BT_HDR *p_buf = NULL ;
475 SMP_TRACE_EVENT("smp_build_encrypt_info_cmd");
476 if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_ENC_INFO_SIZE + L2CAP_MIN_OFFSET)) != NULL)
478 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
480 UINT8_TO_STREAM (p, SMP_OPCODE_ENCRYPT_INFO);
481 ARRAY_TO_STREAM (p, p_cb->ltk, BT_OCTET16_LEN);
483 p_buf->offset = L2CAP_MIN_OFFSET;
484 p_buf->len = SMP_ENC_INFO_SIZE;
490 /*******************************************************************************
492 ** Function smp_build_master_id_cmd
494 ** Description Build security information command.
496 *******************************************************************************/
497 static BT_HDR * smp_build_master_id_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
499 BT_HDR *p_buf = NULL ;
503 SMP_TRACE_EVENT("%s", __func__);
505 if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_MASTER_ID_SIZE + L2CAP_MIN_OFFSET)) != NULL)
507 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
509 UINT8_TO_STREAM (p, SMP_OPCODE_MASTER_ID);
510 UINT16_TO_STREAM (p, p_cb->ediv);
511 ARRAY_TO_STREAM (p, p_cb->enc_rand, BT_OCTET8_LEN);
513 p_buf->offset = L2CAP_MIN_OFFSET;
514 p_buf->len = SMP_MASTER_ID_SIZE;
520 /*******************************************************************************
522 ** Function smp_build_identity_info_cmd
524 ** Description Build identity information command.
526 *******************************************************************************/
527 static BT_HDR * smp_build_identity_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
529 BT_HDR *p_buf = NULL ;
535 SMP_TRACE_EVENT("smp_build_identity_info_cmd");
536 if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_ID_INFO_SIZE + L2CAP_MIN_OFFSET)) != NULL)
538 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
540 BTM_GetDeviceIDRoot(irk);
542 UINT8_TO_STREAM (p, SMP_OPCODE_IDENTITY_INFO);
543 ARRAY_TO_STREAM (p, irk, BT_OCTET16_LEN);
545 p_buf->offset = L2CAP_MIN_OFFSET;
546 p_buf->len = SMP_ID_INFO_SIZE;
552 /*******************************************************************************
554 ** Function smp_build_id_addr_cmd
556 ** Description Build identity address information command.
558 *******************************************************************************/
559 static BT_HDR * smp_build_id_addr_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
561 BT_HDR *p_buf = NULL;
566 SMP_TRACE_EVENT("smp_build_id_addr_cmd");
567 if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_ID_ADDR_SIZE + L2CAP_MIN_OFFSET)) != NULL)
569 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
571 UINT8_TO_STREAM (p, SMP_OPCODE_ID_ADDR);
572 UINT8_TO_STREAM (p, 0);
573 BDADDR_TO_STREAM (p, controller_get_interface()->get_address()->address);
575 p_buf->offset = L2CAP_MIN_OFFSET;
576 p_buf->len = SMP_ID_ADDR_SIZE;
582 /*******************************************************************************
584 ** Function smp_build_signing_info_cmd
586 ** Description Build signing information command.
588 *******************************************************************************/
589 static BT_HDR * smp_build_signing_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
591 BT_HDR *p_buf = NULL ;
595 SMP_TRACE_EVENT("smp_build_signing_info_cmd");
596 if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_SIGN_INFO_SIZE + L2CAP_MIN_OFFSET)) != NULL)
598 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
600 UINT8_TO_STREAM (p, SMP_OPCODE_SIGN_INFO);
601 ARRAY_TO_STREAM (p, p_cb->csrk, BT_OCTET16_LEN);
603 p_buf->offset = L2CAP_MIN_OFFSET;
604 p_buf->len = SMP_SIGN_INFO_SIZE;
610 /*******************************************************************************
612 ** Function smp_build_pairing_fail
614 ** Description Build Pairing Fail command.
616 *******************************************************************************/
617 static BT_HDR * smp_build_pairing_fail(UINT8 cmd_code, tSMP_CB *p_cb)
619 BT_HDR *p_buf = NULL ;
623 SMP_TRACE_EVENT("%s", __func__);
624 if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_PAIR_FAIL_SIZE + L2CAP_MIN_OFFSET)) != NULL)
626 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
628 UINT8_TO_STREAM (p, SMP_OPCODE_PAIRING_FAILED);
629 UINT8_TO_STREAM (p, p_cb->failure);
631 p_buf->offset = L2CAP_MIN_OFFSET;
632 p_buf->len = SMP_PAIR_FAIL_SIZE;
638 /*******************************************************************************
640 ** Function smp_build_security_request
642 ** Description Build security request command.
644 *******************************************************************************/
645 static BT_HDR *smp_build_security_request(UINT8 cmd_code, tSMP_CB *p_cb)
647 BT_HDR *p_buf = NULL ;
651 SMP_TRACE_EVENT("%s", __func__);
652 if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + 2 + L2CAP_MIN_OFFSET)) != NULL)
654 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
656 UINT8_TO_STREAM (p, SMP_OPCODE_SEC_REQ);
657 UINT8_TO_STREAM (p, p_cb->loc_auth_req);
659 p_buf->offset = L2CAP_MIN_OFFSET;
660 p_buf->len = SMP_SECURITY_REQUEST_SIZE;
662 SMP_TRACE_EVENT("opcode=%d auth_req=0x%x",SMP_OPCODE_SEC_REQ, p_cb->loc_auth_req );
669 /*******************************************************************************
671 ** Function smp_build_pair_public_key_cmd
673 ** Description Build pairing public key command.
675 *******************************************************************************/
676 static BT_HDR *smp_build_pair_public_key_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
678 BT_HDR *p_buf = NULL ;
680 UINT8 publ_key[2*BT_OCTET32_LEN];
681 UINT8 *p_publ_key = publ_key;
684 SMP_TRACE_EVENT("%s", __FUNCTION__);
686 memcpy(p_publ_key, p_cb->loc_publ_key.x, BT_OCTET32_LEN);
687 memcpy(p_publ_key + BT_OCTET32_LEN, p_cb->loc_publ_key.y, BT_OCTET32_LEN);
689 if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) +
690 SMP_PAIR_PUBL_KEY_SIZE + L2CAP_MIN_OFFSET)) != NULL)
692 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
694 UINT8_TO_STREAM (p, SMP_OPCODE_PAIR_PUBLIC_KEY);
695 ARRAY_TO_STREAM (p, p_publ_key, 2*BT_OCTET32_LEN);
697 p_buf->offset = L2CAP_MIN_OFFSET;
698 p_buf->len = SMP_PAIR_PUBL_KEY_SIZE;
704 /*******************************************************************************
706 ** Function smp_build_pairing_commitment_cmd
708 ** Description Build pairing commitment command.
710 *******************************************************************************/
711 static BT_HDR *smp_build_pairing_commitment_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
713 BT_HDR *p_buf = NULL;
717 SMP_TRACE_EVENT("%s", __func__);
718 if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_PAIR_COMMITM_SIZE + L2CAP_MIN_OFFSET))
721 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
723 UINT8_TO_STREAM (p, SMP_OPCODE_CONFIRM);
724 ARRAY_TO_STREAM (p, p_cb->commitment, BT_OCTET16_LEN);
726 p_buf->offset = L2CAP_MIN_OFFSET;
727 p_buf->len = SMP_PAIR_COMMITM_SIZE;
733 /*******************************************************************************
735 ** Function smp_build_pair_dhkey_check_cmd
737 ** Description Build pairing DHKey check command.
739 *******************************************************************************/
740 static BT_HDR *smp_build_pair_dhkey_check_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
742 BT_HDR *p_buf = NULL;
746 SMP_TRACE_EVENT("%s", __FUNCTION__);
747 if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) +
748 SMP_PAIR_DHKEY_CHECK_SIZE + L2CAP_MIN_OFFSET)) != NULL)
750 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
752 UINT8_TO_STREAM (p, SMP_OPCODE_PAIR_DHKEY_CHECK);
753 ARRAY_TO_STREAM (p, p_cb->dhkey_check, BT_OCTET16_LEN);
755 p_buf->offset = L2CAP_MIN_OFFSET;
756 p_buf->len = SMP_PAIR_DHKEY_CHECK_SIZE;
762 /*******************************************************************************
764 ** Function smp_build_pairing_keypress_notification_cmd
766 ** Description Build keypress notification command.
768 *******************************************************************************/
769 static BT_HDR * smp_build_pairing_keypress_notification_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
771 BT_HDR *p_buf = NULL ;
775 SMP_TRACE_EVENT("%s", __FUNCTION__);
776 if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR)\
777 + SMP_PAIR_KEYPR_NOTIF_SIZE + L2CAP_MIN_OFFSET)) != NULL)
779 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
781 UINT8_TO_STREAM (p, SMP_OPCODE_PAIR_KEYPR_NOTIF);
782 UINT8_TO_STREAM (p, p_cb->local_keypress_notification);
784 p_buf->offset = L2CAP_MIN_OFFSET;
785 p_buf->len = SMP_PAIR_KEYPR_NOTIF_SIZE;
791 /*******************************************************************************
793 ** Function smp_convert_string_to_tk
795 ** Description This function is called to convert a 6 to 16 digits numeric
796 ** character string into SMP TK.
801 *******************************************************************************/
802 void smp_convert_string_to_tk(BT_OCTET16 tk, UINT32 passkey)
806 SMP_TRACE_EVENT("smp_convert_string_to_tk");
807 UINT32_TO_STREAM(p, passkey);
809 key.key_type = SMP_KEY_TYPE_TK;
812 smp_sm_event(&smp_cb, SMP_KEY_READY_EVT, &key);
815 /*******************************************************************************
817 ** Function smp_mask_enc_key
819 ** Description This function is called to mask off the encryption key based
820 ** on the maximum encryption key size.
825 *******************************************************************************/
826 void smp_mask_enc_key(UINT8 loc_enc_size, UINT8 * p_data)
828 SMP_TRACE_EVENT("smp_mask_enc_key");
829 if (loc_enc_size < BT_OCTET16_LEN)
831 for (; loc_enc_size < BT_OCTET16_LEN; loc_enc_size ++)
832 * (p_data + loc_enc_size) = 0;
837 /*******************************************************************************
839 ** Function smp_xor_128
841 ** Description utility function to do an biteise exclusive-OR of two bit
842 ** strings of the length of BT_OCTET16_LEN.
846 *******************************************************************************/
847 void smp_xor_128(BT_OCTET16 a, BT_OCTET16 b)
849 UINT8 i, *aa = a, *bb = b;
851 SMP_TRACE_EVENT("smp_xor_128");
852 for (i = 0; i < BT_OCTET16_LEN; i++)
854 aa[i] = aa[i] ^ bb[i];
858 /*******************************************************************************
860 ** Function smp_cb_cleanup
862 ** Description Clean up SMP control block
866 *******************************************************************************/
867 void smp_cb_cleanup(tSMP_CB *p_cb)
869 tSMP_CALLBACK *p_callback = p_cb->p_callback;
870 UINT8 trace_level = p_cb->trace_level;
872 SMP_TRACE_EVENT("smp_cb_cleanup");
874 memset(p_cb, 0, sizeof(tSMP_CB));
875 p_cb->p_callback = p_callback;
876 p_cb->trace_level = trace_level;
879 /*******************************************************************************
881 ** Function smp_remove_fixed_channel
883 ** Description This function is called to remove the fixed channel
887 *******************************************************************************/
888 void smp_remove_fixed_channel(tSMP_CB *p_cb)
890 SMP_TRACE_DEBUG("%s", __func__);
892 if (p_cb->smp_over_br)
893 L2CA_RemoveFixedChnl (L2CAP_SMP_BR_CID, p_cb->pairing_bda);
895 L2CA_RemoveFixedChnl (L2CAP_SMP_CID, p_cb->pairing_bda);
898 /*******************************************************************************
900 ** Function smp_reset_control_value
902 ** Description This function is called to reset the control block value when
903 ** pairing procedure finished.
908 *******************************************************************************/
909 void smp_reset_control_value(tSMP_CB *p_cb)
911 SMP_TRACE_EVENT("smp_reset_control_value");
912 btu_stop_timer (&p_cb->rsp_timer_ent);
914 /* set the link idle timer to drop the link when pairing is done
915 usually service discovery will follow authentication complete, to avoid
916 racing condition for a link down/up, set link idle timer to be
917 SMP_LINK_TOUT_MIN to guarantee SMP key exchange */
918 L2CA_SetIdleTimeoutByBdAddr(p_cb->pairing_bda, SMP_LINK_TOUT_MIN, BT_TRANSPORT_LE);
920 /* We can tell L2CAP to remove the fixed channel (if it has one) */
921 smp_remove_fixed_channel(p_cb);
922 smp_cb_cleanup(p_cb);
925 /*******************************************************************************
927 ** Function smp_proc_pairing_cmpl
929 ** Description This function is called to process pairing complete
934 *******************************************************************************/
935 void smp_proc_pairing_cmpl(tSMP_CB *p_cb)
937 tSMP_EVT_DATA evt_data = {0};
938 tSMP_CALLBACK *p_callback = p_cb->p_callback;
941 SMP_TRACE_DEBUG ("smp_proc_pairing_cmpl ");
943 evt_data.cmplt.reason = p_cb->status;
944 evt_data.cmplt.smp_over_br = p_cb->smp_over_br;
946 if (p_cb->status == SMP_SUCCESS)
947 evt_data.cmplt.sec_level = p_cb->sec_level;
949 evt_data.cmplt.is_pair_cancel = FALSE;
951 if (p_cb->is_pair_cancel)
952 evt_data.cmplt.is_pair_cancel = TRUE;
955 SMP_TRACE_DEBUG ("send SMP_COMPLT_EVT reason=0x%0x sec_level=0x%0x",
956 evt_data.cmplt.reason,
957 evt_data.cmplt.sec_level );
959 memcpy (pairing_bda, p_cb->pairing_bda, BD_ADDR_LEN);
961 smp_reset_control_value(p_cb);
964 (*p_callback) (SMP_COMPLT_EVT, pairing_bda, &evt_data);
967 /*******************************************************************************
969 ** Function smp_command_has_invalid_parameters
971 ** Description Checks if the received SMP command has invalid parameters i.e.
972 ** if the command length is valid and the command parameters are
973 ** inside specified range.
974 ** It returns TRUE if the command has invalid parameters.
976 ** Returns TRUE if the command has invalid parameters, FALSE otherwise.
978 *******************************************************************************/
979 BOOLEAN smp_command_has_invalid_parameters(tSMP_CB *p_cb)
981 UINT8 cmd_code = p_cb->rcvd_cmd_code;
983 SMP_TRACE_DEBUG("%s for cmd code 0x%02x", __func__, cmd_code);
985 if ((cmd_code > (SMP_OPCODE_MAX + 1 /* for SMP_OPCODE_PAIR_COMMITM */)) ||
986 (cmd_code < SMP_OPCODE_MIN))
988 SMP_TRACE_WARNING("Somehow received command with the RESERVED code 0x%02x", cmd_code);
992 if (!(*smp_cmd_len_is_valid[cmd_code])(p_cb))
995 if (!(*smp_cmd_param_ranges_are_valid[cmd_code])(p_cb))
1001 /*******************************************************************************
1003 ** Function smp_command_has_valid_fixed_length
1005 ** Description Checks if the received command size is equal to the size
1006 ** according to specs.
1008 ** Returns TRUE if the command size is as expected, FALSE otherwise.
1010 ** Note The command is expected to have fixed length.
1011 *******************************************************************************/
1012 BOOLEAN smp_command_has_valid_fixed_length(tSMP_CB *p_cb)
1014 UINT8 cmd_code = p_cb->rcvd_cmd_code;
1016 SMP_TRACE_DEBUG("%s for cmd code 0x%02x", __func__, cmd_code);
1018 if (p_cb->rcvd_cmd_len != smp_cmd_size_per_spec[cmd_code])
1020 SMP_TRACE_WARNING("Rcvd from the peer cmd 0x%02x with invalid length\
1021 0x%02x (per spec the length is 0x%02x).",
1022 cmd_code, p_cb->rcvd_cmd_len, smp_cmd_size_per_spec[cmd_code]);
1029 /*******************************************************************************
1031 ** Function smp_pairing_request_response_parameters_are_valid
1033 ** Description Validates parameter ranges in the received SMP command
1034 ** pairing request or pairing response.
1035 ** The parameters to validate:
1038 ** Bonding_flags in AuthReq
1039 ** Maximum encryption key size.
1040 ** Returns FALSE if at least one of these parameters is out of range.
1042 *******************************************************************************/
1043 BOOLEAN smp_pairing_request_response_parameters_are_valid(tSMP_CB *p_cb)
1045 UINT8 io_caps = p_cb->peer_io_caps;
1046 UINT8 oob_flag = p_cb->peer_oob_flag;
1047 UINT8 bond_flag = p_cb->peer_auth_req & 0x03; //0x03 is gen bond with appropriate mask
1048 UINT8 enc_size = p_cb->peer_enc_size;
1050 SMP_TRACE_DEBUG("%s for cmd code 0x%02x", __func__, p_cb->rcvd_cmd_code);
1052 if (io_caps >= BTM_IO_CAP_MAX)
1054 SMP_TRACE_WARNING("Rcvd from the peer cmd 0x%02x with IO Capabilty \
1055 value (0x%02x) out of range).",
1056 p_cb->rcvd_cmd_code, io_caps);
1060 if (!((oob_flag == SMP_OOB_NONE) || (oob_flag == SMP_OOB_PRESENT)))
1062 SMP_TRACE_WARNING("Rcvd from the peer cmd 0x%02x with OOB data flag value \
1063 (0x%02x) out of range).",
1064 p_cb->rcvd_cmd_code, oob_flag);
1068 if (!((bond_flag == SMP_AUTH_NO_BOND) || (bond_flag == SMP_AUTH_BOND)))
1070 SMP_TRACE_WARNING("Rcvd from the peer cmd 0x%02x with Bonding_Flags value (0x%02x)\
1072 p_cb->rcvd_cmd_code, bond_flag);
1076 if ((enc_size < SMP_ENCR_KEY_SIZE_MIN) || (enc_size > SMP_ENCR_KEY_SIZE_MAX))
1078 SMP_TRACE_WARNING("Rcvd from the peer cmd 0x%02x with Maximum Encryption \
1079 Key value (0x%02x) out of range).",
1080 p_cb->rcvd_cmd_code, enc_size);
1087 /*******************************************************************************
1089 ** Function smp_pairing_keypress_notification_is_valid
1091 ** Description Validates Notification Type parameter range in the received SMP command
1092 ** pairing keypress notification.
1093 ** Returns FALSE if this parameter is out of range.
1095 *******************************************************************************/
1096 BOOLEAN smp_pairing_keypress_notification_is_valid(tSMP_CB *p_cb)
1098 tBTM_SP_KEY_TYPE keypress_notification = p_cb->peer_keypress_notification;
1100 SMP_TRACE_DEBUG("%s for cmd code 0x%02x", __func__, p_cb->rcvd_cmd_code);
1102 if (keypress_notification >= BTM_SP_KEY_OUT_OF_RANGE)
1104 SMP_TRACE_WARNING("Rcvd from the peer cmd 0x%02x with Pairing Keypress \
1105 Notification value (0x%02x) out of range).",
1106 p_cb->rcvd_cmd_code, keypress_notification);
1113 /*******************************************************************************
1115 ** Function smp_parameter_unconditionally_valid
1117 ** Description Always returns TRUE.
1119 *******************************************************************************/
1120 BOOLEAN smp_parameter_unconditionally_valid(tSMP_CB *p_cb)
1125 /*******************************************************************************
1127 ** Function smp_parameter_unconditionally_invalid
1129 ** Description Always returns FALSE.
1131 *******************************************************************************/
1132 BOOLEAN smp_parameter_unconditionally_invalid(tSMP_CB *p_cb)
1137 /*******************************************************************************
1139 ** Function smp_reject_unexpected_pairing_command
1141 ** Description send pairing failure to an unexpected pairing command during
1142 ** an active pairing process.
1146 *******************************************************************************/
1147 void smp_reject_unexpected_pairing_command(BD_ADDR bd_addr)
1152 SMP_TRACE_DEBUG ("%s", __FUNCTION__);
1154 if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) +\
1155 SMP_PAIR_FAIL_SIZE + L2CAP_MIN_OFFSET)) != NULL)
1157 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
1159 UINT8_TO_STREAM (p, SMP_OPCODE_PAIRING_FAILED);
1160 UINT8_TO_STREAM (p, SMP_PAIR_NOT_SUPPORT);
1162 p_buf->offset = L2CAP_MIN_OFFSET;
1163 p_buf->len = SMP_PAIR_FAIL_SIZE;
1165 smp_send_msg_to_L2CAP(bd_addr, p_buf);
1169 /*******************************************************************************
1170 ** Function smp_select_association_model
1172 ** Description This function selects association model to use for STK
1173 ** generation. Selection is based on both sides' io capability,
1174 ** oob data flag and authentication request.
1176 ** Note If Secure Connections Only mode is required locally then we
1177 ** come to this point only if both sides support Secure Connections
1178 ** mode, i.e. if p_cb->secure_connections_only_mode_required = TRUE then we come
1179 ** to this point only if
1180 ** (p_cb->peer_auth_req & SMP_SC_SUPPORT_BIT) ==
1181 ** (p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT) ==
1182 ** SMP_SC_SUPPORT_BIT
1184 *******************************************************************************/
1185 tSMP_ASSO_MODEL smp_select_association_model(tSMP_CB *p_cb)
1187 tSMP_ASSO_MODEL model = SMP_MODEL_OUT_OF_RANGE;
1188 p_cb->le_secure_connections_mode_is_used = FALSE;
1190 SMP_TRACE_EVENT("%s", __FUNCTION__);
1191 SMP_TRACE_DEBUG("%s p_cb->peer_io_caps = %d p_cb->local_io_capability = %d",
1192 __FUNCTION__, p_cb->peer_io_caps, p_cb->local_io_capability);
1193 SMP_TRACE_DEBUG("%s p_cb->peer_oob_flag = %d p_cb->loc_oob_flag = %d",
1194 __FUNCTION__, p_cb->peer_oob_flag, p_cb->loc_oob_flag);
1195 SMP_TRACE_DEBUG("%s p_cb->peer_auth_req = 0x%02x p_cb->loc_auth_req = 0x%02x",
1196 __FUNCTION__, p_cb->peer_auth_req, p_cb->loc_auth_req);
1197 SMP_TRACE_DEBUG("%s p_cb->secure_connections_only_mode_required = %s",
1198 __FUNCTION__, p_cb->secure_connections_only_mode_required ?
1201 if ((p_cb->peer_auth_req & SMP_SC_SUPPORT_BIT) && (p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT))
1203 p_cb->le_secure_connections_mode_is_used = TRUE;
1206 SMP_TRACE_DEBUG("use_sc_process = %d", p_cb->le_secure_connections_mode_is_used);
1208 if (p_cb->le_secure_connections_mode_is_used)
1210 model = smp_select_association_model_secure_connections(p_cb);
1214 model = smp_select_legacy_association_model(p_cb);
1219 /*******************************************************************************
1220 ** Function smp_select_legacy_association_model
1222 ** Description This function is called to select association mode if at least
1223 ** one side doesn't support secure connections.
1225 *******************************************************************************/
1226 tSMP_ASSO_MODEL smp_select_legacy_association_model(tSMP_CB *p_cb)
1228 tSMP_ASSO_MODEL model = SMP_MODEL_OUT_OF_RANGE;
1230 SMP_TRACE_DEBUG("%s", __func__);
1231 /* if OOB data is present on both devices, then use OOB association model */
1232 if (p_cb->peer_oob_flag == SMP_OOB_PRESENT && p_cb->loc_oob_flag == SMP_OOB_PRESENT)
1233 return SMP_MODEL_OOB;
1235 /* else if neither device requires MITM, then use Just Works association model */
1236 if (SMP_NO_MITM_REQUIRED (p_cb->peer_auth_req) && SMP_NO_MITM_REQUIRED(p_cb->loc_auth_req))
1237 return SMP_MODEL_ENCRYPTION_ONLY;
1239 /* otherwise use IO capability to select association model */
1240 if (p_cb->peer_io_caps < SMP_IO_CAP_MAX && p_cb->local_io_capability < SMP_IO_CAP_MAX)
1242 if (p_cb->role == HCI_ROLE_MASTER)
1244 model = smp_association_table[p_cb->role][p_cb->peer_io_caps]
1245 [p_cb->local_io_capability];
1249 model = smp_association_table[p_cb->role][p_cb->local_io_capability]
1250 [p_cb->peer_io_caps];
1257 /*******************************************************************************
1258 ** Function smp_select_association_model_secure_connections
1260 ** Description This function is called to select association mode if both
1261 ** sides support secure connections.
1263 *******************************************************************************/
1264 tSMP_ASSO_MODEL smp_select_association_model_secure_connections(tSMP_CB *p_cb)
1266 tSMP_ASSO_MODEL model = SMP_MODEL_OUT_OF_RANGE;
1268 SMP_TRACE_DEBUG("%s", __func__);
1269 /* if OOB data is present on at least one device, then use OOB association model */
1270 if (p_cb->peer_oob_flag == SMP_OOB_PRESENT || p_cb->loc_oob_flag == SMP_OOB_PRESENT)
1271 return SMP_MODEL_SEC_CONN_OOB;
1273 /* else if neither device requires MITM, then use Just Works association model */
1274 if (SMP_NO_MITM_REQUIRED (p_cb->peer_auth_req) && SMP_NO_MITM_REQUIRED(p_cb->loc_auth_req))
1275 return SMP_MODEL_SEC_CONN_JUSTWORKS;
1277 /* otherwise use IO capability to select association model */
1278 if (p_cb->peer_io_caps < SMP_IO_CAP_MAX && p_cb->local_io_capability < SMP_IO_CAP_MAX)
1280 if (p_cb->role == HCI_ROLE_MASTER)
1282 model = smp_association_table_sc[p_cb->role][p_cb->peer_io_caps]
1283 [p_cb->local_io_capability];
1287 model = smp_association_table_sc[p_cb->role][p_cb->local_io_capability]
1288 [p_cb->peer_io_caps];
1295 /*******************************************************************************
1296 ** Function smp_reverse_array
1298 ** Description This function reverses array bytes
1300 *******************************************************************************/
1301 void smp_reverse_array(UINT8 *arr, UINT8 len)
1305 SMP_TRACE_DEBUG("smp_reverse_array");
1307 for (i = 0; i < len/2; i ++)
1310 arr[i] = arr[len -1 - i];
1311 arr[len -1 - i] = tmp;
1315 /*******************************************************************************
1316 ** Function smp_calculate_random_input
1318 ** Description This function returns random input value to be used in commitment
1319 ** calculation for SC passkey entry association mode
1320 ** (if bit["round"] in "random" array == 1 then returns 0x81
1321 ** else returns 0x80).
1325 *******************************************************************************/
1326 UINT8 smp_calculate_random_input(UINT8 *random, UINT8 round)
1332 SMP_TRACE_DEBUG("random: 0x%02x, round: %d, i: %d, j: %d", random[i], round, i, j);
1333 ri = ((random[i] >> j) & 1) | 0x80;
1334 SMP_TRACE_DEBUG("%s ri=0x%02x", __func__, ri);
1338 /*******************************************************************************
1339 ** Function smp_collect_local_io_capabilities
1341 ** Description This function puts into IOcap array local device
1342 ** IOCapability, OOB data, AuthReq.
1346 *******************************************************************************/
1347 void smp_collect_local_io_capabilities(UINT8 *iocap, tSMP_CB *p_cb)
1349 SMP_TRACE_DEBUG("%s", __func__);
1351 iocap[0] = p_cb->local_io_capability;
1352 iocap[1] = p_cb->loc_oob_flag;
1353 iocap[2] = p_cb->loc_auth_req;
1356 /*******************************************************************************
1357 ** Function smp_collect_peer_io_capabilities
1359 ** Description This function puts into IOcap array peer device
1360 ** IOCapability, OOB data, AuthReq.
1364 *******************************************************************************/
1365 void smp_collect_peer_io_capabilities(UINT8 *iocap, tSMP_CB *p_cb)
1367 SMP_TRACE_DEBUG("%s", __func__);
1369 iocap[0] = p_cb->peer_io_caps;
1370 iocap[1] = p_cb->peer_oob_flag;
1371 iocap[2] = p_cb->peer_auth_req;
1374 /*******************************************************************************
1375 ** Function smp_collect_local_ble_address
1377 ** Description This function puts into le_addr array local device le address:
1378 ** le_addr[0-5] = local BD ADDR,
1379 ** le_addr[6] = local le address type (PUBLIC/RANDOM).
1383 *******************************************************************************/
1384 void smp_collect_local_ble_address(UINT8 *le_addr, tSMP_CB *p_cb)
1386 tBLE_ADDR_TYPE addr_type = 0;
1390 SMP_TRACE_DEBUG("%s", __func__);
1392 BTM_ReadConnectionAddr( p_cb->pairing_bda, bda, &addr_type);
1393 BDADDR_TO_STREAM(p, bda);
1394 UINT8_TO_STREAM(p, addr_type);
1397 /*******************************************************************************
1398 ** Function smp_collect_peer_ble_address
1400 ** Description This function puts into le_addr array peer device le address:
1401 ** le_addr[0-5] = peer BD ADDR,
1402 ** le_addr[6] = peer le address type (PUBLIC/RANDOM).
1406 *******************************************************************************/
1407 void smp_collect_peer_ble_address(UINT8 *le_addr, tSMP_CB *p_cb)
1409 tBLE_ADDR_TYPE addr_type = 0;
1413 SMP_TRACE_DEBUG("%s", __func__);
1415 if (!BTM_ReadRemoteConnectionAddr(p_cb->pairing_bda, bda, &addr_type))
1417 SMP_TRACE_ERROR("can not collect peer le addr information for unknown device");
1421 BDADDR_TO_STREAM(p, bda);
1422 UINT8_TO_STREAM(p, addr_type);
1425 /*******************************************************************************
1426 ** Function smp_check_commitment
1428 ** Description This function compares peer commitment values:
1429 ** - expected (i.e. calculated locally),
1430 ** - received from the peer.
1432 ** Returns TRUE if the values are the same
1435 *******************************************************************************/
1436 BOOLEAN smp_check_commitment(tSMP_CB *p_cb)
1438 BT_OCTET16 expected;
1440 SMP_TRACE_DEBUG("%s", __func__);
1442 smp_calculate_peer_commitment(p_cb, expected);
1443 print128(expected, (const UINT8 *)"calculated peer commitment");
1444 print128(p_cb->remote_commitment, (const UINT8 *)"received peer commitment");
1446 if (memcmp(p_cb->remote_commitment, expected, BT_OCTET16_LEN))
1448 SMP_TRACE_WARNING("Commitment check fails");
1452 SMP_TRACE_DEBUG("Commitment check succeeds");
1456 /*******************************************************************************
1458 ** Function smp_save_secure_connections_long_term_key
1460 ** Description The function saves SC LTK as BLE key for future use as local
1465 *******************************************************************************/
1466 void smp_save_secure_connections_long_term_key(tSMP_CB *p_cb)
1468 tBTM_LE_LENC_KEYS lle_key;
1469 tBTM_LE_PENC_KEYS ple_key;
1471 SMP_TRACE_DEBUG("%s-Save LTK as local LTK key", __func__);
1472 memcpy(lle_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
1474 lle_key.key_size = p_cb->loc_enc_size;
1475 lle_key.sec_level = p_cb->sec_level;
1476 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LENC, (tBTM_LE_KEY_VALUE *)&lle_key, TRUE);
1478 SMP_TRACE_DEBUG("%s-Save LTK as peer LTK key", __func__);
1480 memset(ple_key.rand, 0, BT_OCTET8_LEN);
1481 memcpy(ple_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
1482 ple_key.sec_level = p_cb->sec_level;
1483 ple_key.key_size = p_cb->loc_enc_size;
1484 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PENC, (tBTM_LE_KEY_VALUE *)&ple_key, TRUE);
1487 /*******************************************************************************
1489 ** Function smp_calculate_f5_mackey_and_long_term_key
1491 ** Description The function calculates MacKey and LTK and saves them in CB.
1492 ** To calculate MacKey and LTK it calls smp_calc_f5(...).
1493 ** MacKey is used in dhkey calculation, LTK is used to encrypt
1496 ** Returns FALSE if out of resources, TRUE otherwise.
1498 *******************************************************************************/
1499 BOOLEAN smp_calculate_f5_mackey_and_long_term_key(tSMP_CB *p_cb)
1506 SMP_TRACE_DEBUG("%s", __func__);
1508 if (p_cb->role == HCI_ROLE_MASTER)
1510 smp_collect_local_ble_address(a, p_cb);
1511 smp_collect_peer_ble_address(b, p_cb);
1517 smp_collect_local_ble_address(b, p_cb);
1518 smp_collect_peer_ble_address(a, p_cb);
1523 if(!smp_calculate_f5(p_cb->dhkey, p_na, p_nb, a, b, p_cb->mac_key, p_cb->ltk))
1525 SMP_TRACE_ERROR("%s failed", __func__);
1529 SMP_TRACE_EVENT ("%s is completed", __func__);
1533 /*******************************************************************************
1535 ** Function smp_request_oob_data
1537 ** Description Requests application to provide OOB data.
1539 ** Returns TRUE - OOB data has to be provided by application
1540 ** FALSE - otherwise (unexpected)
1542 *******************************************************************************/
1543 BOOLEAN smp_request_oob_data(tSMP_CB *p_cb)
1545 tSMP_OOB_DATA_TYPE req_oob_type = SMP_OOB_INVALID_TYPE;
1547 SMP_TRACE_DEBUG("%s", __func__);
1549 if (p_cb->peer_oob_flag == SMP_OOB_PRESENT && p_cb->loc_oob_flag == SMP_OOB_PRESENT)
1551 /* both local and peer rcvd data OOB */
1552 req_oob_type = SMP_OOB_BOTH;
1554 else if (p_cb->peer_oob_flag == SMP_OOB_PRESENT)
1556 /* peer rcvd OOB local data, local didn't receive OOB peer data */
1557 req_oob_type = SMP_OOB_LOCAL;
1559 else if (p_cb->loc_oob_flag == SMP_OOB_PRESENT)
1561 req_oob_type = SMP_OOB_PEER;
1564 SMP_TRACE_DEBUG("req_oob_type = %d", req_oob_type);
1566 if (req_oob_type == SMP_OOB_INVALID_TYPE)
1569 p_cb->req_oob_type = req_oob_type;
1570 p_cb->cb_evt = SMP_SC_OOB_REQ_EVT;
1571 smp_sm_event(p_cb, SMP_TK_REQ_EVT, &req_oob_type);
OSDN Git Service
