The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 1 | /****************************************************************************** |
| 2 | * |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 3 | * Copyright (C) 1999-2012 Broadcom Corporation |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 4 | * |
| 5 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 6 | * you may not use this file except in compliance with the License. |
| 7 | * You may obtain a copy of the License at: |
| 8 | * |
| 9 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | * |
| 11 | * Unless required by applicable law or agreed to in writing, software |
| 12 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | * See the License for the specific language governing permissions and |
| 15 | * limitations under the License. |
| 16 | * |
| 17 | ******************************************************************************/ |
| 18 | |
| 19 | /****************************************************************************** |
| 20 | * |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 21 | * This file contains security manager protocol utility functions |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 22 | * |
| 23 | ******************************************************************************/ |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 24 | #include "bt_target.h" |
| 25 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 26 | #if (SMP_INCLUDED == TRUE) |
| 27 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 28 | #include <stdio.h> |
| 29 | #endif |
| 30 | #include <string.h> |
| 31 | #include "bt_utils.h" |
| 32 | #include "btm_ble_api.h" |
| 33 | #include "smp_int.h" |
| 34 | #include "btm_int.h" |
| 35 | #include "btm_ble_int.h" |
| 36 | #include "hcimsgs.h" |
| 37 | #include "aes.h" |
| 38 | #include "p_256_ecc_pp.h" |
| 39 | #include "device/include/controller.h" |
Myles Watson | d7ffd64 | 2016-10-27 10:27:36 -0700 | [diff] [blame] | 40 | #include "osi/include/osi.h" |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 41 | |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 42 | #ifndef SMP_MAX_ENC_REPEAT |
| 43 | #define SMP_MAX_ENC_REPEAT 3 |
| 44 | #endif |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 45 | |
| 46 | static void smp_rand_back(tBTM_RAND_ENC *p); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 47 | static void smp_generate_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data); |
| 48 | static void smp_generate_ltk_cont(tSMP_CB *p_cb, tSMP_INT_DATA *p_data); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 49 | static void smp_generate_y(tSMP_CB *p_cb, tSMP_INT_DATA *p); |
| 50 | static void smp_generate_rand_vector (tSMP_CB *p_cb, tSMP_INT_DATA *p); |
| 51 | static void smp_process_stk(tSMP_CB *p_cb, tSMP_ENC *p); |
| 52 | static void smp_calculate_comfirm_cont(tSMP_CB *p_cb, tSMP_ENC *p); |
| 53 | static void smp_process_confirm(tSMP_CB *p_cb, tSMP_ENC *p); |
| 54 | static void smp_process_compare(tSMP_CB *p_cb, tSMP_ENC *p); |
| 55 | static void smp_process_ediv(tSMP_CB *p_cb, tSMP_ENC *p); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 56 | static bool smp_calculate_legacy_short_term_key(tSMP_CB *p_cb, tSMP_ENC *output); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 57 | static void smp_continue_private_key_creation(tSMP_CB *p_cb, tBTM_RAND_ENC *p); |
| 58 | static void smp_process_private_key(tSMP_CB *p_cb); |
| 59 | static void smp_finish_nonce_generation(tSMP_CB *p_cb); |
| 60 | static void smp_process_new_nonce(tSMP_CB *p_cb); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 61 | |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 62 | #define SMP_PASSKEY_MASK 0xfff00000 |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 63 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 64 | void smp_debug_print_nbyte_little_endian(uint8_t *p, const uint8_t *key_name, uint8_t len) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 65 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 66 | #if (SMP_DEBUG == TRUE) |
Jakub Pawlowski | ce83251 | 2016-07-28 06:11:36 -0700 | [diff] [blame] | 67 | int ind; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 68 | int col_count = 32; |
| 69 | int row_count; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 70 | uint8_t p_buf[512]; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 71 | |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 72 | SMP_TRACE_WARNING("%s(LSB ~ MSB):", key_name); |
| 73 | memset(p_buf, 0, sizeof(p_buf)); |
| 74 | row_count = len % col_count ? len / col_count + 1: len / col_count; |
| 75 | |
| 76 | ind = 0; |
| 77 | for (int row = 0; row < row_count; row++) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 78 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 79 | for (int column = 0, x = 0; (ind < len) && (column < col_count); column++, ind++) |
| 80 | { |
George Burgess IV | 80d7f60 | 2016-03-02 14:00:19 -0800 | [diff] [blame] | 81 | x += snprintf((char *)&p_buf[x], sizeof(p_buf) - x, "%02x ", p[ind]); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 82 | } |
| 83 | SMP_TRACE_WARNING(" [%03d]: %s", row * col_count, p_buf); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 84 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 85 | #endif |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 86 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 87 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 88 | void smp_debug_print_nbyte_big_endian (uint8_t *p, const uint8_t *key_name, uint8_t len) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 89 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 90 | #if (SMP_DEBUG == TRUE) |
| 91 | uint8_t p_buf[512]; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 92 | |
| 93 | SMP_TRACE_WARNING("%s(MSB ~ LSB):", key_name); |
| 94 | memset(p_buf, 0, sizeof(p_buf)); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 95 | |
| 96 | int ind = 0; |
| 97 | int ncols = 32; /* num entries in one line */ |
| 98 | int nrows; /* num lines */ |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 99 | |
Subramanian Srinivasan | 33bab32 | 2016-01-08 17:37:28 -0800 | [diff] [blame] | 100 | nrows = len % ncols ? len / ncols + 1: len / ncols; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 101 | for (int row = 0; row < nrows; row++) |
| 102 | { |
| 103 | for (int col = 0, x = 0; (ind < len) && (col < ncols); col++, ind++) |
| 104 | { |
George Burgess IV | 80d7f60 | 2016-03-02 14:00:19 -0800 | [diff] [blame] | 105 | x += snprintf ((char *)&p_buf[len-x-1], sizeof(p_buf) - (len-x-1), "%02x ", p[ind]); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 106 | } |
| 107 | SMP_TRACE_WARNING("[%03d]: %s", row * ncols, p_buf); |
| 108 | } |
| 109 | #endif |
| 110 | } |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 111 | |
| 112 | /******************************************************************************* |
| 113 | ** |
| 114 | ** Function smp_encrypt_data |
| 115 | ** |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 116 | ** Description This function is called to encrypt data. |
| 117 | ** It uses AES-128 encryption algorithm. |
| 118 | ** Plain_text is encrypted using key, the result is at p_out. |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 119 | ** |
| 120 | ** Returns void |
| 121 | ** |
| 122 | *******************************************************************************/ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 123 | bool smp_encrypt_data (uint8_t *key, uint8_t key_len, |
| 124 | uint8_t *plain_text, uint8_t pt_len, |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 125 | tSMP_ENC *p_out) |
| 126 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 127 | aes_context ctx; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 128 | uint8_t *p_start = NULL; |
| 129 | uint8_t *p = NULL; |
| 130 | uint8_t *p_rev_data = NULL; /* input data in big endilan format */ |
| 131 | uint8_t *p_rev_key = NULL; /* input key in big endilan format */ |
| 132 | uint8_t *p_rev_output = NULL; /* encrypted output in big endilan format */ |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 133 | |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 134 | SMP_TRACE_DEBUG ("%s", __func__); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 135 | if ( (p_out == NULL ) || (key_len != SMP_ENCRYT_KEY_SIZE) ) |
| 136 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 137 | SMP_TRACE_ERROR ("%s failed", __func__); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 138 | return false; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 139 | } |
| 140 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 141 | p_start = (uint8_t *)osi_calloc(SMP_ENCRYT_DATA_SIZE * 4); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 142 | |
| 143 | if (pt_len > SMP_ENCRYT_DATA_SIZE) |
| 144 | pt_len = SMP_ENCRYT_DATA_SIZE; |
| 145 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 146 | p = p_start; |
| 147 | ARRAY_TO_STREAM (p, plain_text, pt_len); /* byte 0 to byte 15 */ |
| 148 | p_rev_data = p = p_start + SMP_ENCRYT_DATA_SIZE; /* start at byte 16 */ |
| 149 | REVERSE_ARRAY_TO_STREAM (p, p_start, SMP_ENCRYT_DATA_SIZE); /* byte 16 to byte 31 */ |
| 150 | p_rev_key = p; /* start at byte 32 */ |
| 151 | REVERSE_ARRAY_TO_STREAM (p, key, SMP_ENCRYT_KEY_SIZE); /* byte 32 to byte 47 */ |
| 152 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 153 | #if (SMP_DEBUG == TRUE && SMP_DEBUG_VERBOSE == TRUE) |
| 154 | smp_debug_print_nbyte_little_endian(key, (const uint8_t *)"Key", SMP_ENCRYT_KEY_SIZE); |
| 155 | smp_debug_print_nbyte_little_endian(p_start, (const uint8_t *)"Plain text", SMP_ENCRYT_DATA_SIZE); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 156 | #endif |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 157 | p_rev_output = p; |
| 158 | aes_set_key(p_rev_key, SMP_ENCRYT_KEY_SIZE, &ctx); |
| 159 | aes_encrypt(p_rev_data, p, &ctx); /* outputs in byte 48 to byte 63 */ |
| 160 | |
| 161 | p = p_out->param_buf; |
| 162 | REVERSE_ARRAY_TO_STREAM (p, p_rev_output, SMP_ENCRYT_DATA_SIZE); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 163 | #if (SMP_DEBUG == TRUE && SMP_DEBUG_VERBOSE == TRUE) |
| 164 | smp_debug_print_nbyte_little_endian(p_out->param_buf, (const uint8_t *)"Encrypted text", SMP_ENCRYT_KEY_SIZE); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 165 | #endif |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 166 | |
| 167 | p_out->param_len = SMP_ENCRYT_KEY_SIZE; |
| 168 | p_out->status = HCI_SUCCESS; |
| 169 | p_out->opcode = HCI_BLE_ENCRYPT; |
| 170 | |
Pavlin Radoslavov | cceb430 | 2016-02-05 13:54:43 -0800 | [diff] [blame] | 171 | osi_free(p_start); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 172 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 173 | return true; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 174 | } |
| 175 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 176 | /******************************************************************************* |
| 177 | ** |
| 178 | ** Function smp_generate_passkey |
| 179 | ** |
| 180 | ** Description This function is called to generate passkey. |
| 181 | ** |
| 182 | ** Returns void |
| 183 | ** |
| 184 | *******************************************************************************/ |
Myles Watson | d35a648 | 2016-10-27 08:52:16 -0700 | [diff] [blame] | 185 | void smp_generate_passkey(tSMP_CB *p_cb, |
| 186 | UNUSED_ATTR tSMP_INT_DATA *p_data) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 187 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 188 | SMP_TRACE_DEBUG ("%s", __func__); |
| 189 | p_cb->rand_enc_proc_state = SMP_GEN_TK; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 190 | |
| 191 | /* generate MRand or SRand */ |
Jakub Pawlowski | b6ab9b3 | 2016-10-10 09:35:13 -0700 | [diff] [blame] | 192 | btsnd_hcic_ble_rand((void *)smp_rand_back); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 193 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 194 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 195 | /******************************************************************************* |
| 196 | ** |
| 197 | ** Function smp_proc_passkey |
| 198 | ** |
| 199 | ** Description This function is called to process a passkey. |
| 200 | ** |
| 201 | ** Returns void |
| 202 | ** |
| 203 | *******************************************************************************/ |
| 204 | void smp_proc_passkey(tSMP_CB *p_cb , tBTM_RAND_ENC *p) |
| 205 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 206 | uint8_t *tt = p_cb->tk; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 207 | tSMP_KEY key; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 208 | uint32_t passkey; /* 19655 test number; */ |
| 209 | uint8_t *pp = p->param_buf; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 210 | |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 211 | SMP_TRACE_DEBUG ("%s", __func__); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 212 | STREAM_TO_UINT32(passkey, pp); |
| 213 | passkey &= ~SMP_PASSKEY_MASK; |
| 214 | |
| 215 | /* truncate by maximum value */ |
| 216 | while (passkey > BTM_MAX_PASSKEY_VAL) |
| 217 | passkey >>= 1; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 218 | |
| 219 | /* save the TK */ |
| 220 | memset(p_cb->tk, 0, BT_OCTET16_LEN); |
| 221 | UINT32_TO_STREAM(tt, passkey); |
| 222 | |
| 223 | key.key_type = SMP_KEY_TYPE_TK; |
| 224 | key.p_data = p_cb->tk; |
| 225 | |
| 226 | if (p_cb->p_callback) |
| 227 | { |
| 228 | (*p_cb->p_callback)(SMP_PASSKEY_NOTIF_EVT, p_cb->pairing_bda, (tSMP_EVT_DATA *)&passkey); |
| 229 | } |
| 230 | |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 231 | if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_PASSKEY_DISP) |
| 232 | { |
| 233 | smp_sm_event(&smp_cb, SMP_KEY_READY_EVT, &passkey); |
| 234 | } |
| 235 | else |
| 236 | { |
| 237 | smp_sm_event(p_cb, SMP_KEY_READY_EVT, (tSMP_INT_DATA *)&key); |
| 238 | } |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 239 | } |
| 240 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 241 | /******************************************************************************* |
| 242 | ** |
| 243 | ** Function smp_generate_stk |
| 244 | ** |
| 245 | ** Description This function is called to generate STK calculated by running |
| 246 | ** AES with the TK value as key and a concatenation of the random |
| 247 | ** values. |
| 248 | ** |
| 249 | ** Returns void |
| 250 | ** |
| 251 | *******************************************************************************/ |
Myles Watson | d35a648 | 2016-10-27 08:52:16 -0700 | [diff] [blame] | 252 | void smp_generate_stk(tSMP_CB *p_cb, |
| 253 | UNUSED_ATTR tSMP_INT_DATA *p_data) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 254 | { |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 255 | |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 256 | tSMP_ENC output; |
| 257 | tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 258 | |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 259 | SMP_TRACE_DEBUG ("%s", __func__); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 260 | |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 261 | if (p_cb->le_secure_connections_mode_is_used) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 262 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 263 | SMP_TRACE_WARNING ("FOR LE SC LTK IS USED INSTEAD OF STK"); |
| 264 | output.param_len = SMP_ENCRYT_KEY_SIZE; |
| 265 | output.status = HCI_SUCCESS; |
| 266 | output.opcode = HCI_BLE_ENCRYPT; |
| 267 | memcpy(output.param_buf, p_cb->ltk, SMP_ENCRYT_DATA_SIZE); |
| 268 | } |
| 269 | else if (!smp_calculate_legacy_short_term_key(p_cb, &output)) |
| 270 | { |
| 271 | SMP_TRACE_ERROR("%s failed", __func__); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 272 | smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 273 | return; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 274 | } |
| 275 | |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 276 | smp_process_stk(p_cb, &output); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 277 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 278 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 279 | /******************************************************************************* |
| 280 | ** |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 281 | ** Function smp_generate_srand_mrand_confirm |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 282 | ** |
| 283 | ** Description This function is called to start the second pairing phase by |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 284 | ** start generating random number. |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 285 | ** |
| 286 | ** |
| 287 | ** Returns void |
| 288 | ** |
| 289 | *******************************************************************************/ |
Myles Watson | d35a648 | 2016-10-27 08:52:16 -0700 | [diff] [blame] | 290 | void smp_generate_srand_mrand_confirm(tSMP_CB *p_cb, |
| 291 | UNUSED_ATTR tSMP_INT_DATA *p_data) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 292 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 293 | SMP_TRACE_DEBUG ("%s", __func__); |
| 294 | p_cb->rand_enc_proc_state = SMP_GEN_SRAND_MRAND; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 295 | /* generate MRand or SRand */ |
Jakub Pawlowski | b6ab9b3 | 2016-10-10 09:35:13 -0700 | [diff] [blame] | 296 | btsnd_hcic_ble_rand((void *)smp_rand_back); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 297 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 298 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 299 | /******************************************************************************* |
| 300 | ** |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 301 | ** Function smp_generate_rand_cont |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 302 | ** |
| 303 | ** Description This function is called to generate another 64 bits random for |
| 304 | ** MRand or Srand. |
| 305 | ** |
| 306 | ** Returns void |
| 307 | ** |
| 308 | *******************************************************************************/ |
Myles Watson | d35a648 | 2016-10-27 08:52:16 -0700 | [diff] [blame] | 309 | void smp_generate_rand_cont(tSMP_CB *p_cb, |
| 310 | UNUSED_ATTR tSMP_INT_DATA *p_data) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 311 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 312 | SMP_TRACE_DEBUG ("%s", __func__); |
| 313 | p_cb->rand_enc_proc_state = SMP_GEN_SRAND_MRAND_CONT; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 314 | /* generate 64 MSB of MRand or SRand */ |
Jakub Pawlowski | b6ab9b3 | 2016-10-10 09:35:13 -0700 | [diff] [blame] | 315 | btsnd_hcic_ble_rand((void *)smp_rand_back); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 316 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 317 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 318 | /******************************************************************************* |
| 319 | ** |
| 320 | ** Function smp_generate_ltk |
| 321 | ** |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 322 | ** Description This function is called: |
| 323 | ** - in legacy pairing - to calculate LTK, starting with DIV |
| 324 | ** generation; |
| 325 | ** - in LE Secure Connections pairing over LE transport - to process LTK |
| 326 | ** already generated to encrypt LE link; |
| 327 | ** - in LE Secure Connections pairing over BR/EDR transport - to start |
| 328 | ** BR/EDR Link Key processing. |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 329 | ** |
| 330 | ** Returns void |
| 331 | ** |
| 332 | *******************************************************************************/ |
Myles Watson | d35a648 | 2016-10-27 08:52:16 -0700 | [diff] [blame] | 333 | void smp_generate_ltk(tSMP_CB *p_cb, |
| 334 | UNUSED_ATTR tSMP_INT_DATA *p_data) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 335 | { |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 336 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 337 | bool div_status; |
| 338 | SMP_TRACE_DEBUG ("%s", __func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 339 | if (smp_get_br_state() == SMP_BR_STATE_BOND_PENDING) |
| 340 | { |
| 341 | smp_br_process_link_key(p_cb, NULL); |
| 342 | return; |
| 343 | } |
| 344 | else if (p_cb->le_secure_connections_mode_is_used) |
| 345 | { |
| 346 | smp_process_secure_connection_long_term_key(); |
| 347 | return; |
| 348 | } |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 349 | |
| 350 | div_status = btm_get_local_div(p_cb->pairing_bda, &p_cb->div); |
| 351 | |
| 352 | if (div_status) |
| 353 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 354 | smp_generate_ltk_cont(p_cb, NULL); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 355 | } |
| 356 | else |
| 357 | { |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 358 | SMP_TRACE_DEBUG ("Generate DIV for LTK"); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 359 | p_cb->rand_enc_proc_state = SMP_GEN_DIV_LTK; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 360 | /* generate MRand or SRand */ |
Jakub Pawlowski | b6ab9b3 | 2016-10-10 09:35:13 -0700 | [diff] [blame] | 361 | btsnd_hcic_ble_rand((void *)smp_rand_back); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 362 | } |
| 363 | } |
| 364 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 365 | /******************************************************************************* |
| 366 | ** |
| 367 | ** Function smp_compute_csrk |
| 368 | ** |
| 369 | ** Description This function is called to calculate CSRK |
| 370 | ** |
| 371 | ** |
| 372 | ** Returns void |
| 373 | ** |
| 374 | *******************************************************************************/ |
Myles Watson | d35a648 | 2016-10-27 08:52:16 -0700 | [diff] [blame] | 375 | void smp_compute_csrk(tSMP_CB *p_cb, |
| 376 | UNUSED_ATTR tSMP_INT_DATA *p_data) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 377 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 378 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 379 | BT_OCTET16 er; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 380 | uint8_t buffer[4]; /* for (r || DIV) r=1*/ |
| 381 | uint16_t r=1; |
| 382 | uint8_t *p=buffer; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 383 | tSMP_ENC output; |
| 384 | tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN; |
| 385 | |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 386 | SMP_TRACE_DEBUG ("smp_compute_csrk div=%x", p_cb->div); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 387 | BTM_GetDeviceEncRoot(er); |
| 388 | /* CSRK = d1(ER, DIV, 1) */ |
| 389 | UINT16_TO_STREAM(p, p_cb->div); |
| 390 | UINT16_TO_STREAM(p, r); |
| 391 | |
| 392 | if (!SMP_Encrypt(er, BT_OCTET16_LEN, buffer, 4, &output)) |
| 393 | { |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 394 | SMP_TRACE_ERROR("smp_generate_csrk failed"); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 395 | if (p_cb->smp_over_br) |
| 396 | { |
| 397 | smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &status); |
| 398 | } |
| 399 | else |
| 400 | { |
| 401 | smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status); |
| 402 | } |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 403 | } |
| 404 | else |
| 405 | { |
| 406 | memcpy((void *)p_cb->csrk, output.param_buf, BT_OCTET16_LEN); |
| 407 | smp_send_csrk_info(p_cb, NULL); |
| 408 | } |
| 409 | } |
| 410 | |
| 411 | /******************************************************************************* |
| 412 | ** |
| 413 | ** Function smp_generate_csrk |
| 414 | ** |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 415 | ** Description This function is called to calculate CSRK, starting with DIV |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 416 | ** generation. |
| 417 | ** |
| 418 | ** |
| 419 | ** Returns void |
| 420 | ** |
| 421 | *******************************************************************************/ |
Myles Watson | d35a648 | 2016-10-27 08:52:16 -0700 | [diff] [blame] | 422 | void smp_generate_csrk(tSMP_CB *p_cb, |
| 423 | UNUSED_ATTR tSMP_INT_DATA *p_data) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 424 | { |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 425 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 426 | bool div_status; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 427 | |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 428 | SMP_TRACE_DEBUG ("smp_generate_csrk"); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 429 | |
| 430 | div_status = btm_get_local_div(p_cb->pairing_bda, &p_cb->div); |
| 431 | if (div_status) |
| 432 | { |
| 433 | smp_compute_csrk(p_cb, NULL); |
| 434 | } |
| 435 | else |
| 436 | { |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 437 | SMP_TRACE_DEBUG ("Generate DIV for CSRK"); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 438 | p_cb->rand_enc_proc_state = SMP_GEN_DIV_CSRK; |
Jakub Pawlowski | b6ab9b3 | 2016-10-10 09:35:13 -0700 | [diff] [blame] | 439 | btsnd_hcic_ble_rand((void *)smp_rand_back); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 440 | } |
| 441 | } |
| 442 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 443 | /******************************************************************************* |
| 444 | ** Function smp_concatenate_peer |
| 445 | ** add pairing command sent from local device into p1. |
| 446 | *******************************************************************************/ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 447 | void smp_concatenate_local( tSMP_CB *p_cb, uint8_t **p_data, uint8_t op_code) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 448 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 449 | uint8_t *p = *p_data; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 450 | |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 451 | SMP_TRACE_DEBUG ("%s", __func__); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 452 | UINT8_TO_STREAM(p, op_code); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 453 | UINT8_TO_STREAM(p, p_cb->local_io_capability); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 454 | UINT8_TO_STREAM(p, p_cb->loc_oob_flag); |
| 455 | UINT8_TO_STREAM(p, p_cb->loc_auth_req); |
| 456 | UINT8_TO_STREAM(p, p_cb->loc_enc_size); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 457 | UINT8_TO_STREAM(p, p_cb->local_i_key); |
| 458 | UINT8_TO_STREAM(p, p_cb->local_r_key); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 459 | |
| 460 | *p_data = p; |
| 461 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 462 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 463 | /******************************************************************************* |
| 464 | ** Function smp_concatenate_peer |
| 465 | ** add pairing command received from peer device into p1. |
| 466 | *******************************************************************************/ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 467 | void smp_concatenate_peer( tSMP_CB *p_cb, uint8_t **p_data, uint8_t op_code) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 468 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 469 | uint8_t *p = *p_data; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 470 | |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 471 | SMP_TRACE_DEBUG ("smp_concatenate_peer "); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 472 | UINT8_TO_STREAM(p, op_code); |
| 473 | UINT8_TO_STREAM(p, p_cb->peer_io_caps); |
| 474 | UINT8_TO_STREAM(p, p_cb->peer_oob_flag); |
| 475 | UINT8_TO_STREAM(p, p_cb->peer_auth_req); |
| 476 | UINT8_TO_STREAM(p, p_cb->peer_enc_size); |
| 477 | UINT8_TO_STREAM(p, p_cb->peer_i_key); |
| 478 | UINT8_TO_STREAM(p, p_cb->peer_r_key); |
| 479 | |
| 480 | *p_data = p; |
| 481 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 482 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 483 | /******************************************************************************* |
| 484 | ** |
| 485 | ** Function smp_gen_p1_4_confirm |
| 486 | ** |
| 487 | ** Description Generate Confirm/Compare Step1: |
| 488 | ** p1 = pres || preq || rat' || iat' |
| 489 | ** |
| 490 | ** Returns void |
| 491 | ** |
| 492 | *******************************************************************************/ |
| 493 | void smp_gen_p1_4_confirm( tSMP_CB *p_cb, BT_OCTET16 p1) |
| 494 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 495 | uint8_t *p = (uint8_t *)p1; |
Ganesh Ganapathi Batta | ead3cde | 2013-02-05 15:22:31 -0800 | [diff] [blame] | 496 | tBLE_ADDR_TYPE addr_type = 0; |
| 497 | BD_ADDR remote_bda; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 498 | |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 499 | SMP_TRACE_DEBUG ("smp_gen_p1_4_confirm"); |
Ganesh Ganapathi Batta | ead3cde | 2013-02-05 15:22:31 -0800 | [diff] [blame] | 500 | |
| 501 | if (!BTM_ReadRemoteConnectionAddr(p_cb->pairing_bda, remote_bda, &addr_type)) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 502 | { |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 503 | SMP_TRACE_ERROR("can not generate confirm for unknown device"); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 504 | return; |
| 505 | } |
| 506 | |
Ganesh Ganapathi Batta | ead3cde | 2013-02-05 15:22:31 -0800 | [diff] [blame] | 507 | BTM_ReadConnectionAddr( p_cb->pairing_bda, p_cb->local_bda, &p_cb->addr_type); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 508 | |
| 509 | if (p_cb->role == HCI_ROLE_MASTER) |
| 510 | { |
| 511 | /* LSB : rat': initiator's(local) address type */ |
Ganesh Ganapathi Batta | ead3cde | 2013-02-05 15:22:31 -0800 | [diff] [blame] | 512 | UINT8_TO_STREAM(p, p_cb->addr_type); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 513 | /* LSB : iat': responder's address type */ |
Ganesh Ganapathi Batta | ead3cde | 2013-02-05 15:22:31 -0800 | [diff] [blame] | 514 | UINT8_TO_STREAM(p, addr_type); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 515 | /* concatinate preq */ |
| 516 | smp_concatenate_local(p_cb, &p, SMP_OPCODE_PAIRING_REQ); |
| 517 | /* concatinate pres */ |
| 518 | smp_concatenate_peer(p_cb, &p, SMP_OPCODE_PAIRING_RSP); |
| 519 | } |
| 520 | else |
| 521 | { |
| 522 | /* LSB : iat': initiator's address type */ |
Ganesh Ganapathi Batta | ead3cde | 2013-02-05 15:22:31 -0800 | [diff] [blame] | 523 | UINT8_TO_STREAM(p, addr_type); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 524 | /* LSB : rat': responder's(local) address type */ |
Ganesh Ganapathi Batta | ead3cde | 2013-02-05 15:22:31 -0800 | [diff] [blame] | 525 | UINT8_TO_STREAM(p, p_cb->addr_type); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 526 | /* concatinate preq */ |
| 527 | smp_concatenate_peer(p_cb, &p, SMP_OPCODE_PAIRING_REQ); |
| 528 | /* concatinate pres */ |
| 529 | smp_concatenate_local(p_cb, &p, SMP_OPCODE_PAIRING_RSP); |
| 530 | } |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 531 | #if (SMP_DEBUG == TRUE) |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 532 | SMP_TRACE_DEBUG("p1 = pres || preq || rat' || iat'"); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 533 | smp_debug_print_nbyte_little_endian ((uint8_t *)p1, (const uint8_t *)"P1", 16); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 534 | #endif |
| 535 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 536 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 537 | /******************************************************************************* |
| 538 | ** |
| 539 | ** Function smp_gen_p2_4_confirm |
| 540 | ** |
| 541 | ** Description Generate Confirm/Compare Step2: |
| 542 | ** p2 = padding || ia || ra |
| 543 | ** |
| 544 | ** Returns void |
| 545 | ** |
| 546 | *******************************************************************************/ |
| 547 | void smp_gen_p2_4_confirm( tSMP_CB *p_cb, BT_OCTET16 p2) |
| 548 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 549 | uint8_t *p = (uint8_t *)p2; |
Ganesh Ganapathi Batta | ead3cde | 2013-02-05 15:22:31 -0800 | [diff] [blame] | 550 | BD_ADDR remote_bda; |
| 551 | tBLE_ADDR_TYPE addr_type = 0; |
| 552 | |
| 553 | if (!BTM_ReadRemoteConnectionAddr(p_cb->pairing_bda, remote_bda, &addr_type)) |
| 554 | { |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 555 | SMP_TRACE_ERROR("can not generate confirm p2 for unknown device"); |
Ganesh Ganapathi Batta | ead3cde | 2013-02-05 15:22:31 -0800 | [diff] [blame] | 556 | return; |
| 557 | } |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 558 | |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 559 | SMP_TRACE_DEBUG ("smp_gen_p2_4_confirm"); |
Ganesh Ganapathi Batta | ead3cde | 2013-02-05 15:22:31 -0800 | [diff] [blame] | 560 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 561 | memset(p, 0, sizeof(BT_OCTET16)); |
| 562 | |
| 563 | if (p_cb->role == HCI_ROLE_MASTER) |
| 564 | { |
| 565 | /* LSB ra */ |
Ganesh Ganapathi Batta | ead3cde | 2013-02-05 15:22:31 -0800 | [diff] [blame] | 566 | BDADDR_TO_STREAM(p, remote_bda); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 567 | /* ia */ |
| 568 | BDADDR_TO_STREAM(p, p_cb->local_bda); |
| 569 | } |
| 570 | else |
| 571 | { |
| 572 | /* LSB ra */ |
| 573 | BDADDR_TO_STREAM(p, p_cb->local_bda); |
| 574 | /* ia */ |
Ganesh Ganapathi Batta | ead3cde | 2013-02-05 15:22:31 -0800 | [diff] [blame] | 575 | BDADDR_TO_STREAM(p, remote_bda); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 576 | } |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 577 | #if (SMP_DEBUG == TRUE) |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 578 | SMP_TRACE_DEBUG("p2 = padding || ia || ra"); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 579 | smp_debug_print_nbyte_little_endian(p2, (const uint8_t *)"p2", 16); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 580 | #endif |
| 581 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 582 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 583 | /******************************************************************************* |
| 584 | ** |
| 585 | ** Function smp_calculate_comfirm |
| 586 | ** |
| 587 | ** Description This function is called to calculate Confirm value. |
| 588 | ** |
| 589 | ** Returns void |
| 590 | ** |
| 591 | *******************************************************************************/ |
Myles Watson | d35a648 | 2016-10-27 08:52:16 -0700 | [diff] [blame] | 592 | void smp_calculate_comfirm (tSMP_CB *p_cb, BT_OCTET16 rand, |
| 593 | UNUSED_ATTR BD_ADDR bda) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 594 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 595 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 596 | BT_OCTET16 p1; |
| 597 | tSMP_ENC output; |
| 598 | tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN; |
| 599 | |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 600 | SMP_TRACE_DEBUG ("smp_calculate_comfirm "); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 601 | /* generate p1 = pres || preq || rat' || iat' */ |
| 602 | smp_gen_p1_4_confirm(p_cb, p1); |
| 603 | |
| 604 | /* p1 = rand XOR p1 */ |
| 605 | smp_xor_128(p1, rand); |
| 606 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 607 | smp_debug_print_nbyte_little_endian ((uint8_t *)p1, (const uint8_t *)"P1' = r XOR p1", 16); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 608 | |
| 609 | /* calculate e(k, r XOR p1), where k = TK */ |
| 610 | if (!SMP_Encrypt(p_cb->tk, BT_OCTET16_LEN, p1, BT_OCTET16_LEN, &output)) |
| 611 | { |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 612 | SMP_TRACE_ERROR("smp_generate_csrk failed"); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 613 | smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status); |
| 614 | } |
| 615 | else |
| 616 | { |
| 617 | smp_calculate_comfirm_cont(p_cb, &output); |
| 618 | } |
| 619 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 620 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 621 | /******************************************************************************* |
| 622 | ** |
| 623 | ** Function smp_calculate_comfirm_cont |
| 624 | ** |
| 625 | ** Description This function is called when SConfirm/MConfirm is generated |
| 626 | ** proceed to send the Confirm request/response to peer device. |
| 627 | ** |
| 628 | ** Returns void |
| 629 | ** |
| 630 | *******************************************************************************/ |
| 631 | static void smp_calculate_comfirm_cont(tSMP_CB *p_cb, tSMP_ENC *p) |
| 632 | { |
| 633 | BT_OCTET16 p2; |
| 634 | tSMP_ENC output; |
| 635 | tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN; |
| 636 | |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 637 | SMP_TRACE_DEBUG ("smp_calculate_comfirm_cont "); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 638 | #if (SMP_DEBUG == TRUE) |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 639 | SMP_TRACE_DEBUG("Confirm step 1 p1' = e(k, r XOR p1) Generated"); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 640 | smp_debug_print_nbyte_little_endian (p->param_buf, (const uint8_t *)"C1", 16); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 641 | #endif |
| 642 | |
| 643 | smp_gen_p2_4_confirm(p_cb, p2); |
| 644 | |
| 645 | /* calculate p2 = (p1' XOR p2) */ |
| 646 | smp_xor_128(p2, p->param_buf); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 647 | smp_debug_print_nbyte_little_endian ((uint8_t *)p2, (const uint8_t *)"p2' = C1 xor p2", 16); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 648 | |
| 649 | /* calculate: Confirm = E(k, p1' XOR p2) */ |
| 650 | if (!SMP_Encrypt(p_cb->tk, BT_OCTET16_LEN, p2, BT_OCTET16_LEN, &output)) |
| 651 | { |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 652 | SMP_TRACE_ERROR("smp_calculate_comfirm_cont failed"); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 653 | smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status); |
| 654 | } |
| 655 | else |
| 656 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 657 | switch (p_cb->rand_enc_proc_state) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 658 | { |
| 659 | case SMP_GEN_CONFIRM: |
| 660 | smp_process_confirm(p_cb, &output); |
| 661 | break; |
| 662 | |
| 663 | case SMP_GEN_COMPARE: |
| 664 | smp_process_compare(p_cb, &output); |
| 665 | break; |
| 666 | } |
| 667 | } |
| 668 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 669 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 670 | /******************************************************************************* |
| 671 | ** |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 672 | ** Function smp_generate_confirm |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 673 | ** |
| 674 | ** Description This function is called when a 48 bits random number is generated |
| 675 | ** as SRand or MRand, continue to calculate Sconfirm or MConfirm. |
| 676 | ** |
| 677 | ** Returns void |
| 678 | ** |
| 679 | *******************************************************************************/ |
Myles Watson | d35a648 | 2016-10-27 08:52:16 -0700 | [diff] [blame] | 680 | static void smp_generate_confirm(tSMP_CB *p_cb, |
| 681 | UNUSED_ATTR tSMP_INT_DATA *p_data) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 682 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 683 | SMP_TRACE_DEBUG ("%s", __func__); |
| 684 | p_cb->rand_enc_proc_state = SMP_GEN_CONFIRM; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 685 | smp_debug_print_nbyte_little_endian ((uint8_t *)p_cb->rand, (const uint8_t *)"local rand", 16); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 686 | smp_calculate_comfirm(p_cb, p_cb->rand, p_cb->pairing_bda); |
| 687 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 688 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 689 | /******************************************************************************* |
| 690 | ** |
| 691 | ** Function smp_generate_compare |
| 692 | ** |
| 693 | ** Description This function is called to generate SConfirm for Slave device, |
| 694 | ** or MSlave for Master device. This function can be also used for |
| 695 | ** generating Compare number for confirm value check. |
| 696 | ** |
| 697 | ** Returns void |
| 698 | ** |
| 699 | *******************************************************************************/ |
Myles Watson | d35a648 | 2016-10-27 08:52:16 -0700 | [diff] [blame] | 700 | void smp_generate_compare (tSMP_CB *p_cb, |
| 701 | UNUSED_ATTR tSMP_INT_DATA *p_data) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 702 | { |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 703 | SMP_TRACE_DEBUG ("smp_generate_compare "); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 704 | p_cb->rand_enc_proc_state = SMP_GEN_COMPARE; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 705 | smp_debug_print_nbyte_little_endian ((uint8_t *)p_cb->rrand, (const uint8_t *)"peer rand", 16); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 706 | smp_calculate_comfirm(p_cb, p_cb->rrand, p_cb->local_bda); |
| 707 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 708 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 709 | /******************************************************************************* |
| 710 | ** |
| 711 | ** Function smp_process_confirm |
| 712 | ** |
| 713 | ** Description This function is called when SConfirm/MConfirm is generated |
| 714 | ** proceed to send the Confirm request/response to peer device. |
| 715 | ** |
| 716 | ** Returns void |
| 717 | ** |
| 718 | *******************************************************************************/ |
| 719 | static void smp_process_confirm(tSMP_CB *p_cb, tSMP_ENC *p) |
| 720 | { |
| 721 | tSMP_KEY key; |
| 722 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 723 | SMP_TRACE_DEBUG ("%s", __func__); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 724 | memcpy(p_cb->confirm, p->param_buf, BT_OCTET16_LEN); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 725 | |
| 726 | #if (SMP_DEBUG == TRUE) |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 727 | SMP_TRACE_DEBUG("Confirm Generated"); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 728 | smp_debug_print_nbyte_little_endian ((uint8_t *)p_cb->confirm, (const uint8_t *)"Confirm", 16); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 729 | #endif |
| 730 | |
| 731 | key.key_type = SMP_KEY_TYPE_CFM; |
| 732 | key.p_data = p->param_buf; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 733 | smp_sm_event(p_cb, SMP_KEY_READY_EVT, &key); |
| 734 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 735 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 736 | /******************************************************************************* |
| 737 | ** |
| 738 | ** Function smp_process_compare |
| 739 | ** |
| 740 | ** Description This function is called when Compare is generated using the |
| 741 | ** RRand and local BDA, TK information. |
| 742 | ** |
| 743 | ** Returns void |
| 744 | ** |
| 745 | *******************************************************************************/ |
| 746 | static void smp_process_compare(tSMP_CB *p_cb, tSMP_ENC *p) |
| 747 | { |
| 748 | tSMP_KEY key; |
| 749 | |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 750 | SMP_TRACE_DEBUG ("smp_process_compare "); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 751 | #if (SMP_DEBUG == TRUE) |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 752 | SMP_TRACE_DEBUG("Compare Generated"); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 753 | smp_debug_print_nbyte_little_endian (p->param_buf, (const uint8_t *)"Compare", 16); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 754 | #endif |
| 755 | key.key_type = SMP_KEY_TYPE_CMP; |
| 756 | key.p_data = p->param_buf; |
| 757 | |
| 758 | smp_sm_event(p_cb, SMP_KEY_READY_EVT, &key); |
| 759 | } |
| 760 | |
| 761 | /******************************************************************************* |
| 762 | ** |
| 763 | ** Function smp_process_stk |
| 764 | ** |
| 765 | ** Description This function is called when STK is generated |
| 766 | ** proceed to send the encrypt the link using STK. |
| 767 | ** |
| 768 | ** Returns void |
| 769 | ** |
| 770 | *******************************************************************************/ |
| 771 | static void smp_process_stk(tSMP_CB *p_cb, tSMP_ENC *p) |
| 772 | { |
| 773 | tSMP_KEY key; |
| 774 | |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 775 | SMP_TRACE_DEBUG ("smp_process_stk "); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 776 | #if (SMP_DEBUG == TRUE) |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 777 | SMP_TRACE_ERROR("STK Generated"); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 778 | #endif |
| 779 | smp_mask_enc_key(p_cb->loc_enc_size, p->param_buf); |
| 780 | |
| 781 | key.key_type = SMP_KEY_TYPE_STK; |
| 782 | key.p_data = p->param_buf; |
| 783 | |
| 784 | smp_sm_event(p_cb, SMP_KEY_READY_EVT, &key); |
| 785 | } |
| 786 | |
| 787 | /******************************************************************************* |
| 788 | ** |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 789 | ** Function smp_generate_ltk_cont |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 790 | ** |
| 791 | ** Description This function is to calculate LTK = d1(ER, DIV, 0)= e(ER, DIV) |
| 792 | ** |
| 793 | ** Returns void |
| 794 | ** |
| 795 | *******************************************************************************/ |
Myles Watson | d35a648 | 2016-10-27 08:52:16 -0700 | [diff] [blame] | 796 | static void smp_generate_ltk_cont(tSMP_CB *p_cb, |
| 797 | UNUSED_ATTR tSMP_INT_DATA *p_data) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 798 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 799 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 800 | BT_OCTET16 er; |
| 801 | tSMP_ENC output; |
| 802 | tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN; |
| 803 | |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 804 | SMP_TRACE_DEBUG ("%s", __func__); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 805 | BTM_GetDeviceEncRoot(er); |
| 806 | |
| 807 | /* LTK = d1(ER, DIV, 0)= e(ER, DIV)*/ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 808 | if (!SMP_Encrypt(er, BT_OCTET16_LEN, (uint8_t *)&p_cb->div, |
| 809 | sizeof(uint16_t), &output)) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 810 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 811 | SMP_TRACE_ERROR("%s failed", __func__); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 812 | smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status); |
| 813 | } |
| 814 | else |
| 815 | { |
| 816 | /* mask the LTK */ |
| 817 | smp_mask_enc_key(p_cb->loc_enc_size, output.param_buf); |
| 818 | memcpy((void *)p_cb->ltk, output.param_buf, BT_OCTET16_LEN); |
| 819 | smp_generate_rand_vector(p_cb, NULL); |
| 820 | } |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 821 | } |
| 822 | |
| 823 | /******************************************************************************* |
| 824 | ** |
| 825 | ** Function smp_generate_y |
| 826 | ** |
| 827 | ** Description This function is to proceed generate Y = E(DHK, Rand) |
| 828 | ** |
| 829 | ** Returns void |
| 830 | ** |
| 831 | *******************************************************************************/ |
Myles Watson | d35a648 | 2016-10-27 08:52:16 -0700 | [diff] [blame] | 832 | static void smp_generate_y(tSMP_CB *p_cb, |
| 833 | UNUSED_ATTR tSMP_INT_DATA *p) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 834 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 835 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 836 | BT_OCTET16 dhk; |
| 837 | tSMP_ENC output; |
| 838 | tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 839 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 840 | |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 841 | SMP_TRACE_DEBUG ("smp_generate_y "); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 842 | BTM_GetDeviceDHK(dhk); |
| 843 | |
| 844 | if (!SMP_Encrypt(dhk, BT_OCTET16_LEN, p_cb->enc_rand, |
| 845 | BT_OCTET8_LEN, &output)) |
| 846 | { |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 847 | SMP_TRACE_ERROR("smp_generate_y failed"); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 848 | smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status); |
| 849 | } |
| 850 | else |
| 851 | { |
| 852 | smp_process_ediv(p_cb, &output); |
| 853 | } |
| 854 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 855 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 856 | /******************************************************************************* |
| 857 | ** |
| 858 | ** Function smp_generate_rand_vector |
| 859 | ** |
| 860 | ** Description This function is called when LTK is generated, send state machine |
| 861 | ** event to SMP. |
| 862 | ** |
| 863 | ** Returns void |
| 864 | ** |
| 865 | *******************************************************************************/ |
Myles Watson | d35a648 | 2016-10-27 08:52:16 -0700 | [diff] [blame] | 866 | static void smp_generate_rand_vector (tSMP_CB *p_cb, |
| 867 | UNUSED_ATTR tSMP_INT_DATA *p) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 868 | { |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 869 | /* generate EDIV and rand now */ |
| 870 | /* generate random vector */ |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 871 | SMP_TRACE_DEBUG ("smp_generate_rand_vector "); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 872 | p_cb->rand_enc_proc_state = SMP_GEN_RAND_V; |
Jakub Pawlowski | b6ab9b3 | 2016-10-10 09:35:13 -0700 | [diff] [blame] | 873 | btsnd_hcic_ble_rand((void *)smp_rand_back); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 874 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 875 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 876 | /******************************************************************************* |
| 877 | ** |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 878 | ** Function smp_process_ediv |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 879 | ** |
| 880 | ** Description This function is to calculate EDIV = Y xor DIV |
| 881 | ** |
| 882 | ** Returns void |
| 883 | ** |
| 884 | *******************************************************************************/ |
| 885 | static void smp_process_ediv(tSMP_CB *p_cb, tSMP_ENC *p) |
| 886 | { |
| 887 | tSMP_KEY key; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 888 | uint8_t *pp= p->param_buf; |
| 889 | uint16_t y; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 890 | |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 891 | SMP_TRACE_DEBUG ("smp_process_ediv "); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 892 | STREAM_TO_UINT16(y, pp); |
| 893 | |
| 894 | /* EDIV = Y xor DIV */ |
| 895 | p_cb->ediv = p_cb->div ^ y; |
| 896 | /* send LTK ready */ |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 897 | SMP_TRACE_ERROR("LTK ready"); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 898 | key.key_type = SMP_KEY_TYPE_LTK; |
| 899 | key.p_data = p->param_buf; |
| 900 | |
| 901 | smp_sm_event(p_cb, SMP_KEY_READY_EVT, &key); |
| 902 | } |
| 903 | |
| 904 | /******************************************************************************* |
| 905 | ** |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 906 | ** Function smp_calculate_legacy_short_term_key |
| 907 | ** |
| 908 | ** Description The function calculates legacy STK. |
| 909 | ** |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 910 | ** Returns false if out of resources, true in other cases. |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 911 | ** |
| 912 | *******************************************************************************/ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 913 | bool smp_calculate_legacy_short_term_key(tSMP_CB *p_cb, tSMP_ENC *output) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 914 | { |
| 915 | BT_OCTET16 ptext; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 916 | uint8_t *p = ptext; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 917 | |
| 918 | SMP_TRACE_DEBUG ("%s", __func__); |
| 919 | memset(p, 0, BT_OCTET16_LEN); |
| 920 | if (p_cb->role == HCI_ROLE_MASTER) |
| 921 | { |
| 922 | memcpy(p, p_cb->rand, BT_OCTET8_LEN); |
| 923 | memcpy(&p[BT_OCTET8_LEN], p_cb->rrand, BT_OCTET8_LEN); |
| 924 | } |
| 925 | else |
| 926 | { |
| 927 | memcpy(p, p_cb->rrand, BT_OCTET8_LEN); |
| 928 | memcpy(&p[BT_OCTET8_LEN], p_cb->rand, BT_OCTET8_LEN); |
| 929 | } |
| 930 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 931 | bool encrypted; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 932 | /* generate STK = Etk(rand|rrand)*/ |
| 933 | encrypted = SMP_Encrypt( p_cb->tk, BT_OCTET16_LEN, ptext, BT_OCTET16_LEN, output); |
| 934 | if (!encrypted) |
| 935 | { |
| 936 | SMP_TRACE_ERROR("%s failed", __func__); |
| 937 | } |
| 938 | return encrypted; |
| 939 | } |
| 940 | |
| 941 | /******************************************************************************* |
| 942 | ** |
| 943 | ** Function smp_create_private_key |
| 944 | ** |
| 945 | ** Description This function is called to create private key used to |
| 946 | ** calculate public key and DHKey. |
| 947 | ** The function starts private key creation requesting controller |
| 948 | ** to generate [0-7] octets of private key. |
| 949 | ** |
| 950 | ** Returns void |
| 951 | ** |
| 952 | *******************************************************************************/ |
| 953 | void smp_create_private_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) |
| 954 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 955 | SMP_TRACE_DEBUG ("%s",__func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 956 | p_cb->rand_enc_proc_state = SMP_GENERATE_PRIVATE_KEY_0_7; |
Jakub Pawlowski | b6ab9b3 | 2016-10-10 09:35:13 -0700 | [diff] [blame] | 957 | btsnd_hcic_ble_rand((void *)smp_rand_back); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 958 | } |
| 959 | |
| 960 | /******************************************************************************* |
| 961 | ** |
| 962 | ** Function smp_use_oob_private_key |
| 963 | ** |
| 964 | ** Description This function is called |
| 965 | ** - to save the secret key used to calculate the public key used |
| 966 | ** in calculations of commitment sent OOB to a peer |
| 967 | ** - to use this secret key to recalculate the public key and |
| 968 | ** start the process of sending this public key to the peer |
| 969 | ** if secret/public keys have to be reused. |
| 970 | ** If the keys aren't supposed to be reused, continue from the |
| 971 | ** point from which request for OOB data was issued. |
| 972 | ** |
| 973 | ** Returns void |
| 974 | ** |
| 975 | *******************************************************************************/ |
| 976 | void smp_use_oob_private_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) |
| 977 | { |
| 978 | SMP_TRACE_DEBUG ("%s req_oob_type: %d, role: %d", |
| 979 | __func__, p_cb->req_oob_type, p_cb->role); |
| 980 | |
| 981 | switch (p_cb->req_oob_type) |
| 982 | { |
| 983 | case SMP_OOB_BOTH: |
| 984 | case SMP_OOB_LOCAL: |
| 985 | SMP_TRACE_DEBUG("%s restore secret key", __func__) |
| 986 | memcpy(p_cb->private_key, p_cb->sc_oob_data.loc_oob_data.private_key_used, BT_OCTET32_LEN); |
| 987 | smp_process_private_key(p_cb); |
| 988 | break; |
| 989 | default: |
| 990 | SMP_TRACE_DEBUG("%s create secret key anew", __func__); |
| 991 | smp_set_state(SMP_STATE_PAIR_REQ_RSP); |
| 992 | smp_decide_association_model(p_cb, NULL); |
| 993 | break; |
| 994 | } |
| 995 | } |
| 996 | |
| 997 | /******************************************************************************* |
| 998 | ** |
| 999 | ** Function smp_continue_private_key_creation |
| 1000 | ** |
| 1001 | ** Description This function is used to continue private key creation. |
| 1002 | ** |
| 1003 | ** Returns void |
| 1004 | ** |
| 1005 | *******************************************************************************/ |
| 1006 | void smp_continue_private_key_creation (tSMP_CB *p_cb, tBTM_RAND_ENC *p) |
| 1007 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1008 | uint8_t state = p_cb->rand_enc_proc_state & ~0x80; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1009 | SMP_TRACE_DEBUG ("%s state=0x%x", __func__, state); |
| 1010 | |
| 1011 | switch (state) |
| 1012 | { |
| 1013 | case SMP_GENERATE_PRIVATE_KEY_0_7: |
| 1014 | memcpy((void *)p_cb->private_key, p->param_buf, p->param_len); |
| 1015 | p_cb->rand_enc_proc_state = SMP_GENERATE_PRIVATE_KEY_8_15; |
Jakub Pawlowski | b6ab9b3 | 2016-10-10 09:35:13 -0700 | [diff] [blame] | 1016 | btsnd_hcic_ble_rand((void *)smp_rand_back); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1017 | break; |
| 1018 | |
| 1019 | case SMP_GENERATE_PRIVATE_KEY_8_15: |
| 1020 | memcpy((void *)&p_cb->private_key[8], p->param_buf, p->param_len); |
| 1021 | p_cb->rand_enc_proc_state = SMP_GENERATE_PRIVATE_KEY_16_23; |
Jakub Pawlowski | b6ab9b3 | 2016-10-10 09:35:13 -0700 | [diff] [blame] | 1022 | btsnd_hcic_ble_rand((void *)smp_rand_back); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1023 | break; |
| 1024 | |
| 1025 | case SMP_GENERATE_PRIVATE_KEY_16_23: |
| 1026 | memcpy((void *)&p_cb->private_key[16], p->param_buf, p->param_len); |
| 1027 | p_cb->rand_enc_proc_state = SMP_GENERATE_PRIVATE_KEY_24_31; |
Jakub Pawlowski | b6ab9b3 | 2016-10-10 09:35:13 -0700 | [diff] [blame] | 1028 | btsnd_hcic_ble_rand((void *)smp_rand_back); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1029 | break; |
| 1030 | |
| 1031 | case SMP_GENERATE_PRIVATE_KEY_24_31: |
| 1032 | memcpy((void *)&p_cb->private_key[24], p->param_buf, p->param_len); |
| 1033 | smp_process_private_key (p_cb); |
| 1034 | break; |
| 1035 | |
| 1036 | default: |
| 1037 | break; |
| 1038 | } |
| 1039 | |
| 1040 | return; |
| 1041 | } |
| 1042 | |
| 1043 | /******************************************************************************* |
| 1044 | ** |
| 1045 | ** Function smp_process_private_key |
| 1046 | ** |
| 1047 | ** Description This function processes private key. |
| 1048 | ** It calculates public key and notifies SM that private key / |
| 1049 | ** public key pair is created. |
| 1050 | ** |
| 1051 | ** Returns void |
| 1052 | ** |
| 1053 | *******************************************************************************/ |
| 1054 | void smp_process_private_key(tSMP_CB *p_cb) |
| 1055 | { |
| 1056 | Point public_key; |
| 1057 | BT_OCTET32 private_key; |
| 1058 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1059 | SMP_TRACE_DEBUG ("%s", __func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1060 | |
| 1061 | memcpy(private_key, p_cb->private_key, BT_OCTET32_LEN); |
Jakub Pawlowski | 28b20ff | 2016-11-03 14:18:55 -0700 | [diff] [blame^] | 1062 | ECC_PointMult(&public_key, &(curve_p256.G), (uint32_t*) private_key, KEY_LENGTH_DWORDS_P256); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1063 | memcpy(p_cb->loc_publ_key.x, public_key.x, BT_OCTET32_LEN); |
| 1064 | memcpy(p_cb->loc_publ_key.y, public_key.y, BT_OCTET32_LEN); |
| 1065 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1066 | smp_debug_print_nbyte_little_endian (p_cb->private_key, (const uint8_t *)"private", |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1067 | BT_OCTET32_LEN); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1068 | smp_debug_print_nbyte_little_endian (p_cb->loc_publ_key.x, (const uint8_t *)"local public(x)", |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1069 | BT_OCTET32_LEN); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1070 | smp_debug_print_nbyte_little_endian (p_cb->loc_publ_key.y, (const uint8_t *)"local public(y)", |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1071 | BT_OCTET32_LEN); |
| 1072 | p_cb->flags |= SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY; |
| 1073 | smp_sm_event(p_cb, SMP_LOC_PUBL_KEY_CRTD_EVT, NULL); |
| 1074 | } |
| 1075 | |
| 1076 | /******************************************************************************* |
| 1077 | ** |
| 1078 | ** Function smp_compute_dhkey |
| 1079 | ** |
| 1080 | ** Description The function: |
| 1081 | ** - calculates a new public key using as input local private |
| 1082 | ** key and peer public key; |
| 1083 | ** - saves the new public key x-coordinate as DHKey. |
| 1084 | ** |
| 1085 | ** Returns void |
| 1086 | ** |
| 1087 | *******************************************************************************/ |
| 1088 | void smp_compute_dhkey (tSMP_CB *p_cb) |
| 1089 | { |
| 1090 | Point peer_publ_key, new_publ_key; |
| 1091 | BT_OCTET32 private_key; |
| 1092 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1093 | SMP_TRACE_DEBUG ("%s", __func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1094 | |
| 1095 | memcpy(private_key, p_cb->private_key, BT_OCTET32_LEN); |
| 1096 | memcpy(peer_publ_key.x, p_cb->peer_publ_key.x, BT_OCTET32_LEN); |
| 1097 | memcpy(peer_publ_key.y, p_cb->peer_publ_key.y, BT_OCTET32_LEN); |
| 1098 | |
Jakub Pawlowski | 28b20ff | 2016-11-03 14:18:55 -0700 | [diff] [blame^] | 1099 | ECC_PointMult(&new_publ_key, &peer_publ_key, (uint32_t*) private_key, KEY_LENGTH_DWORDS_P256); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1100 | |
| 1101 | memcpy(p_cb->dhkey, new_publ_key.x, BT_OCTET32_LEN); |
| 1102 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1103 | smp_debug_print_nbyte_little_endian (p_cb->dhkey, (const uint8_t *)"Old DHKey", |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1104 | BT_OCTET32_LEN); |
| 1105 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1106 | smp_debug_print_nbyte_little_endian (p_cb->private_key, (const uint8_t *)"private", |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1107 | BT_OCTET32_LEN); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1108 | smp_debug_print_nbyte_little_endian (p_cb->peer_publ_key.x, (const uint8_t *)"rem public(x)", |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1109 | BT_OCTET32_LEN); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1110 | smp_debug_print_nbyte_little_endian (p_cb->peer_publ_key.y, (const uint8_t *)"rem public(y)", |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1111 | BT_OCTET32_LEN); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1112 | smp_debug_print_nbyte_little_endian (p_cb->dhkey, (const uint8_t *)"Reverted DHKey", |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1113 | BT_OCTET32_LEN); |
| 1114 | } |
| 1115 | |
| 1116 | /******************************************************************************* |
| 1117 | ** |
| 1118 | ** Function smp_calculate_local_commitment |
| 1119 | ** |
| 1120 | ** Description The function calculates and saves local commmitment in CB. |
| 1121 | ** |
| 1122 | ** Returns void |
| 1123 | ** |
| 1124 | *******************************************************************************/ |
| 1125 | void smp_calculate_local_commitment(tSMP_CB *p_cb) |
| 1126 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1127 | uint8_t random_input; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1128 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1129 | SMP_TRACE_DEBUG("%s", __func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1130 | |
| 1131 | switch (p_cb->selected_association_model) |
| 1132 | { |
| 1133 | case SMP_MODEL_SEC_CONN_JUSTWORKS: |
| 1134 | case SMP_MODEL_SEC_CONN_NUM_COMP: |
| 1135 | if (p_cb->role == HCI_ROLE_MASTER) |
| 1136 | SMP_TRACE_WARNING ("local commitment calc on master is not expected \ |
| 1137 | for Just Works/Numeric Comparison models"); |
| 1138 | smp_calculate_f4(p_cb->loc_publ_key.x, p_cb->peer_publ_key.x, p_cb->rand, 0, |
| 1139 | p_cb->commitment); |
| 1140 | break; |
| 1141 | case SMP_MODEL_SEC_CONN_PASSKEY_ENT: |
| 1142 | case SMP_MODEL_SEC_CONN_PASSKEY_DISP: |
| 1143 | random_input = smp_calculate_random_input(p_cb->local_random, p_cb->round); |
| 1144 | smp_calculate_f4(p_cb->loc_publ_key.x, p_cb->peer_publ_key.x, p_cb->rand, |
| 1145 | random_input, p_cb->commitment); |
| 1146 | break; |
| 1147 | case SMP_MODEL_SEC_CONN_OOB: |
| 1148 | SMP_TRACE_WARNING ("local commitment calc is expected for OOB model BEFORE pairing"); |
| 1149 | smp_calculate_f4(p_cb->loc_publ_key.x, p_cb->loc_publ_key.x, p_cb->local_random, 0, |
| 1150 | p_cb->commitment); |
| 1151 | break; |
| 1152 | default: |
| 1153 | SMP_TRACE_ERROR("Association Model = %d is not used in LE SC", |
| 1154 | p_cb->selected_association_model); |
| 1155 | return; |
| 1156 | } |
| 1157 | |
| 1158 | SMP_TRACE_EVENT ("local commitment calculation is completed"); |
| 1159 | } |
| 1160 | |
| 1161 | /******************************************************************************* |
| 1162 | ** |
| 1163 | ** Function smp_calculate_peer_commitment |
| 1164 | ** |
| 1165 | ** Description The function calculates and saves peer commmitment at the |
| 1166 | ** provided output buffer. |
| 1167 | ** |
| 1168 | ** Returns void |
| 1169 | ** |
| 1170 | *******************************************************************************/ |
| 1171 | void smp_calculate_peer_commitment(tSMP_CB *p_cb, BT_OCTET16 output_buf) |
| 1172 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1173 | uint8_t ri; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1174 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1175 | SMP_TRACE_DEBUG ("%s", __func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1176 | |
| 1177 | switch (p_cb->selected_association_model) |
| 1178 | { |
| 1179 | case SMP_MODEL_SEC_CONN_JUSTWORKS: |
| 1180 | case SMP_MODEL_SEC_CONN_NUM_COMP: |
| 1181 | if (p_cb->role == HCI_ROLE_SLAVE) |
| 1182 | SMP_TRACE_WARNING ("peer commitment calc on slave is not expected \ |
| 1183 | for Just Works/Numeric Comparison models"); |
| 1184 | smp_calculate_f4(p_cb->peer_publ_key.x, p_cb->loc_publ_key.x, p_cb->rrand, 0, |
| 1185 | output_buf); |
| 1186 | break; |
| 1187 | case SMP_MODEL_SEC_CONN_PASSKEY_ENT: |
| 1188 | case SMP_MODEL_SEC_CONN_PASSKEY_DISP: |
| 1189 | ri = smp_calculate_random_input(p_cb->peer_random, p_cb->round); |
| 1190 | smp_calculate_f4(p_cb->peer_publ_key.x, p_cb->loc_publ_key.x, p_cb->rrand, ri, |
| 1191 | output_buf); |
| 1192 | break; |
| 1193 | case SMP_MODEL_SEC_CONN_OOB: |
| 1194 | smp_calculate_f4(p_cb->peer_publ_key.x, p_cb->peer_publ_key.x, p_cb->peer_random, 0, |
| 1195 | output_buf); |
| 1196 | break; |
| 1197 | default: |
| 1198 | SMP_TRACE_ERROR("Association Model = %d is not used in LE SC", |
| 1199 | p_cb->selected_association_model); |
| 1200 | return; |
| 1201 | } |
| 1202 | |
| 1203 | SMP_TRACE_EVENT ("peer commitment calculation is completed"); |
| 1204 | } |
| 1205 | |
| 1206 | /******************************************************************************* |
| 1207 | ** |
| 1208 | ** Function smp_calculate_f4 |
| 1209 | ** |
| 1210 | ** Description The function calculates |
| 1211 | ** C = f4(U, V, X, Z) = AES-CMAC (U||V||Z) |
| 1212 | ** X |
| 1213 | ** where |
| 1214 | ** input: U is 256 bit, |
| 1215 | ** V is 256 bit, |
| 1216 | ** X is 128 bit, |
| 1217 | ** Z is 8 bit, |
| 1218 | ** output: C is 128 bit. |
| 1219 | ** |
| 1220 | ** Returns void |
| 1221 | ** |
| 1222 | ** Note The LSB is the first octet, the MSB is the last octet of |
| 1223 | ** the AES-CMAC input/output stream. |
| 1224 | ** |
| 1225 | *******************************************************************************/ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1226 | void smp_calculate_f4(uint8_t *u, uint8_t *v, uint8_t *x, uint8_t z, uint8_t *c) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1227 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1228 | uint8_t msg_len = BT_OCTET32_LEN /* U size */ + BT_OCTET32_LEN /* V size */ + 1 /* Z size */; |
| 1229 | uint8_t msg[BT_OCTET32_LEN + BT_OCTET32_LEN + 1]; |
| 1230 | uint8_t key[BT_OCTET16_LEN]; |
| 1231 | uint8_t cmac[BT_OCTET16_LEN]; |
| 1232 | uint8_t *p = NULL; |
| 1233 | #if (SMP_DEBUG == TRUE) |
| 1234 | uint8_t *p_prnt = NULL; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1235 | #endif |
| 1236 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1237 | SMP_TRACE_DEBUG ("%s", __func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1238 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1239 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1240 | p_prnt = u; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1241 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"U", BT_OCTET32_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1242 | p_prnt = v; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1243 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"V", BT_OCTET32_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1244 | p_prnt = x; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1245 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"X", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1246 | p_prnt = &z; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1247 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"Z", 1); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1248 | #endif |
| 1249 | |
| 1250 | p = msg; |
| 1251 | UINT8_TO_STREAM(p, z); |
| 1252 | ARRAY_TO_STREAM(p, v, BT_OCTET32_LEN); |
| 1253 | ARRAY_TO_STREAM(p, u, BT_OCTET32_LEN); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1254 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1255 | p_prnt = msg; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1256 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"M", msg_len); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1257 | #endif |
| 1258 | |
| 1259 | p = key; |
| 1260 | ARRAY_TO_STREAM(p, x, BT_OCTET16_LEN); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1261 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1262 | p_prnt = key; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1263 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"K", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1264 | #endif |
| 1265 | |
| 1266 | aes_cipher_msg_auth_code(key, msg, msg_len, BT_OCTET16_LEN, cmac); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1267 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1268 | p_prnt = cmac; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1269 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"AES_CMAC", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1270 | #endif |
| 1271 | |
| 1272 | p = c; |
| 1273 | ARRAY_TO_STREAM(p, cmac, BT_OCTET16_LEN); |
| 1274 | } |
| 1275 | |
| 1276 | /******************************************************************************* |
| 1277 | ** |
| 1278 | ** Function smp_calculate_numeric_comparison_display_number |
| 1279 | ** |
| 1280 | ** Description The function calculates and saves number to display in numeric |
| 1281 | ** comparison association mode. |
| 1282 | ** |
| 1283 | ** Returns void |
| 1284 | ** |
| 1285 | *******************************************************************************/ |
| 1286 | void smp_calculate_numeric_comparison_display_number(tSMP_CB *p_cb, |
| 1287 | tSMP_INT_DATA *p_data) |
| 1288 | { |
| 1289 | SMP_TRACE_DEBUG ("%s", __func__); |
| 1290 | |
| 1291 | if (p_cb->role == HCI_ROLE_MASTER) |
| 1292 | { |
| 1293 | p_cb->number_to_display = |
| 1294 | smp_calculate_g2(p_cb->loc_publ_key.x, p_cb->peer_publ_key.x, p_cb->rand, |
| 1295 | p_cb->rrand); |
| 1296 | } |
| 1297 | else |
| 1298 | { |
| 1299 | p_cb->number_to_display = |
| 1300 | smp_calculate_g2(p_cb->peer_publ_key.x, p_cb->loc_publ_key.x, p_cb->rrand, |
| 1301 | p_cb->rand); |
| 1302 | } |
| 1303 | |
| 1304 | if (p_cb->number_to_display >= (BTM_MAX_PASSKEY_VAL + 1)) |
| 1305 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1306 | uint8_t reason; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1307 | reason = p_cb->failure = SMP_PAIR_FAIL_UNKNOWN; |
| 1308 | smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); |
| 1309 | return; |
| 1310 | } |
| 1311 | |
| 1312 | SMP_TRACE_EVENT("Number to display in numeric comparison = %d", p_cb->number_to_display); |
| 1313 | p_cb->cb_evt = SMP_NC_REQ_EVT; |
| 1314 | smp_sm_event(p_cb, SMP_SC_DSPL_NC_EVT, &p_cb->number_to_display); |
| 1315 | return; |
| 1316 | } |
| 1317 | |
| 1318 | /******************************************************************************* |
| 1319 | ** |
| 1320 | ** Function smp_calculate_g2 |
| 1321 | ** |
| 1322 | ** Description The function calculates |
| 1323 | ** g2(U, V, X, Y) = AES-CMAC (U||V||Y) mod 2**32 mod 10**6 |
| 1324 | ** X |
| 1325 | ** and |
| 1326 | ** Vres = g2(U, V, X, Y) mod 10**6 |
| 1327 | ** where |
| 1328 | ** input: U is 256 bit, |
| 1329 | ** V is 256 bit, |
| 1330 | ** X is 128 bit, |
| 1331 | ** Y is 128 bit, |
| 1332 | ** |
| 1333 | ** Returns Vres. |
| 1334 | ** Expected value has to be in the range [0 - 999999] i.e. [0 - 0xF423F]. |
| 1335 | ** Vres = 1000000 means that the calculation fails. |
| 1336 | ** |
| 1337 | ** Note The LSB is the first octet, the MSB is the last octet of |
| 1338 | ** the AES-CMAC input/output stream. |
| 1339 | ** |
| 1340 | *******************************************************************************/ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1341 | uint32_t smp_calculate_g2(uint8_t *u, uint8_t *v, uint8_t *x, uint8_t *y) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1342 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1343 | uint8_t msg_len = BT_OCTET32_LEN /* U size */ + BT_OCTET32_LEN /* V size */ |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1344 | + BT_OCTET16_LEN /* Y size */; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1345 | uint8_t msg[BT_OCTET32_LEN + BT_OCTET32_LEN + BT_OCTET16_LEN]; |
| 1346 | uint8_t key[BT_OCTET16_LEN]; |
| 1347 | uint8_t cmac[BT_OCTET16_LEN]; |
| 1348 | uint8_t *p = NULL; |
| 1349 | uint32_t vres; |
| 1350 | #if (SMP_DEBUG == TRUE) |
| 1351 | uint8_t *p_prnt = NULL; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1352 | #endif |
| 1353 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1354 | SMP_TRACE_DEBUG ("%s", __func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1355 | |
| 1356 | p = msg; |
| 1357 | ARRAY_TO_STREAM(p, y, BT_OCTET16_LEN); |
| 1358 | ARRAY_TO_STREAM(p, v, BT_OCTET32_LEN); |
| 1359 | ARRAY_TO_STREAM(p, u, BT_OCTET32_LEN); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1360 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1361 | p_prnt = u; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1362 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"U", BT_OCTET32_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1363 | p_prnt = v; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1364 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"V", BT_OCTET32_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1365 | p_prnt = x; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1366 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"X", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1367 | p_prnt = y; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1368 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"Y", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1369 | #endif |
| 1370 | |
| 1371 | p = key; |
| 1372 | ARRAY_TO_STREAM(p, x, BT_OCTET16_LEN); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1373 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1374 | p_prnt = key; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1375 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"K", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1376 | #endif |
| 1377 | |
| 1378 | if(!aes_cipher_msg_auth_code(key, msg, msg_len, BT_OCTET16_LEN, cmac)) |
| 1379 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1380 | SMP_TRACE_ERROR("%s failed",__func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1381 | return (BTM_MAX_PASSKEY_VAL + 1); |
| 1382 | } |
| 1383 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1384 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1385 | p_prnt = cmac; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1386 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"AES-CMAC", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1387 | #endif |
| 1388 | |
| 1389 | /* vres = cmac mod 2**32 mod 10**6 */ |
| 1390 | p = &cmac[0]; |
| 1391 | STREAM_TO_UINT32(vres, p); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1392 | #if (SMP_DEBUG == TRUE) |
| 1393 | p_prnt = (uint8_t *) &vres; |
| 1394 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"cmac mod 2**32", 4); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1395 | #endif |
| 1396 | |
| 1397 | while (vres > BTM_MAX_PASSKEY_VAL) |
| 1398 | vres -= (BTM_MAX_PASSKEY_VAL + 1); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1399 | #if (SMP_DEBUG == TRUE) |
| 1400 | p_prnt = (uint8_t *) &vres; |
| 1401 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"cmac mod 2**32 mod 10**6", 4); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1402 | #endif |
| 1403 | |
| 1404 | SMP_TRACE_ERROR("Value for numeric comparison = %d", vres); |
| 1405 | return vres; |
| 1406 | } |
| 1407 | |
| 1408 | /******************************************************************************* |
| 1409 | ** |
| 1410 | ** Function smp_calculate_f5 |
| 1411 | ** |
| 1412 | ** Description The function provides two AES-CMAC that are supposed to be used as |
| 1413 | ** - MacKey (MacKey is used in pairing DHKey check calculation); |
| 1414 | ** - LTK (LTK is used to ecrypt the link after completion of Phase 2 |
| 1415 | ** and on reconnection, to derive BR/EDR LK). |
| 1416 | ** The function inputs are W, N1, N2, A1, A2. |
| 1417 | ** F5 rules: |
| 1418 | ** - the value used as key in MacKey/LTK (T) is calculated |
| 1419 | ** (function smp_calculate_f5_key(...)); |
| 1420 | ** The formula is: |
| 1421 | ** T = AES-CMAC (W) |
| 1422 | ** salt |
| 1423 | ** where salt is internal parameter of smp_calculate_f5_key(...). |
| 1424 | ** - MacKey and LTK are calculated as AES-MAC values received with the |
| 1425 | ** key T calculated in the previous step and the plaintext message |
| 1426 | ** built from the external parameters N1, N2, A1, A2 and the internal |
| 1427 | ** parameters counter, keyID, length. |
| 1428 | ** The function smp_calculate_f5_mackey_or_long_term_key(...) is used in the |
| 1429 | ** calculations. |
| 1430 | ** The same formula is used in calculation of MacKey and LTK and the |
| 1431 | ** same parameter values except the value of the internal parameter |
| 1432 | ** counter: |
| 1433 | ** - in MacKey calculations the value is 0; |
| 1434 | ** - in LTK calculations the value is 1. |
| 1435 | ** MacKey = AES-CMAC (Counter=0||keyID||N1||N2||A1||A2||Length=256) |
| 1436 | ** T |
| 1437 | ** LTK = AES-CMAC (Counter=1||keyID||N1||N2||A1||A2||Length=256) |
| 1438 | ** T |
| 1439 | ** The parameters are |
| 1440 | ** input: |
| 1441 | ** W is 256 bits, |
| 1442 | ** N1 is 128 bits, |
| 1443 | ** N2 is 128 bits, |
| 1444 | ** A1 is 56 bit, |
| 1445 | ** A2 is 56 bit. |
| 1446 | ** internal: |
| 1447 | ** Counter is 8 bits, its value is 0 for MacKey, |
| 1448 | ** 1 for LTK; |
| 1449 | ** KeyId is 32 bits, its value is |
| 1450 | ** 0x62746c65 (MSB~LSB); |
| 1451 | ** Length is 16 bits, its value is 0x0100 |
| 1452 | ** (MSB~LSB). |
| 1453 | ** output: |
| 1454 | ** MacKey is 128 bits; |
| 1455 | ** LTK is 128 bits |
| 1456 | ** |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1457 | ** Returns false if out of resources, true in other cases. |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1458 | ** |
| 1459 | ** Note The LSB is the first octet, the MSB is the last octet of |
| 1460 | ** the AES-CMAC input/output stream. |
| 1461 | ** |
| 1462 | *******************************************************************************/ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1463 | bool smp_calculate_f5(uint8_t *w, uint8_t *n1, uint8_t *n2, uint8_t *a1, uint8_t *a2, |
| 1464 | uint8_t *mac_key, uint8_t *ltk) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1465 | { |
| 1466 | BT_OCTET16 t; /* AES-CMAC output in smp_calculate_f5_key(...), key in */ |
| 1467 | /* smp_calculate_f5_mackey_or_long_term_key(...) */ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1468 | #if (SMP_DEBUG == TRUE) |
| 1469 | uint8_t *p_prnt = NULL; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1470 | #endif |
| 1471 | /* internal parameters: */ |
| 1472 | |
| 1473 | /* |
| 1474 | counter is 0 for MacKey, |
| 1475 | is 1 for LTK |
| 1476 | */ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1477 | uint8_t counter_mac_key[1] = {0}; |
| 1478 | uint8_t counter_ltk[1] = {1}; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1479 | /* |
| 1480 | keyID 62746c65 |
| 1481 | */ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1482 | uint8_t key_id[4] = {0x65, 0x6c, 0x74, 0x62}; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1483 | /* |
| 1484 | length 0100 |
| 1485 | */ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1486 | uint8_t length[2] = {0x00, 0x01}; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1487 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1488 | SMP_TRACE_DEBUG ("%s", __func__); |
| 1489 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1490 | p_prnt = w; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1491 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"W", BT_OCTET32_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1492 | p_prnt = n1; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1493 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"N1", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1494 | p_prnt = n2; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1495 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"N2", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1496 | p_prnt = a1; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1497 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"A1", 7); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1498 | p_prnt = a2; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1499 | smp_debug_print_nbyte_little_endian (p_prnt,(const uint8_t *) "A2", 7); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1500 | #endif |
| 1501 | |
| 1502 | if (!smp_calculate_f5_key(w, t)) |
| 1503 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1504 | SMP_TRACE_ERROR("%s failed to calc T",__func__); |
| 1505 | return false; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1506 | } |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1507 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1508 | p_prnt = t; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1509 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"T", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1510 | #endif |
| 1511 | |
| 1512 | if (!smp_calculate_f5_mackey_or_long_term_key(t, counter_mac_key, key_id, n1, n2, a1, a2, |
| 1513 | length, mac_key)) |
| 1514 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1515 | SMP_TRACE_ERROR("%s failed to calc MacKey", __func__); |
| 1516 | return false; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1517 | } |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1518 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1519 | p_prnt = mac_key; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1520 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"MacKey", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1521 | #endif |
| 1522 | |
| 1523 | if (!smp_calculate_f5_mackey_or_long_term_key(t, counter_ltk, key_id, n1, n2, a1, a2, |
| 1524 | length, ltk)) |
| 1525 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1526 | SMP_TRACE_ERROR("%s failed to calc LTK",__func__); |
| 1527 | return false; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1528 | } |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1529 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1530 | p_prnt = ltk; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1531 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"LTK", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1532 | #endif |
| 1533 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1534 | return true; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1535 | } |
| 1536 | |
| 1537 | /******************************************************************************* |
| 1538 | ** |
| 1539 | ** Function smp_calculate_f5_mackey_or_long_term_key |
| 1540 | ** |
| 1541 | ** Description The function calculates the value of MacKey or LTK by the rules |
| 1542 | ** defined for f5 function. |
| 1543 | ** At the moment exactly the same formula is used to calculate |
| 1544 | ** LTK and MacKey. |
| 1545 | ** The difference is the value of input parameter Counter: |
| 1546 | ** - in MacKey calculations the value is 0; |
| 1547 | ** - in LTK calculations the value is 1. |
| 1548 | ** The formula: |
| 1549 | ** mac = AES-CMAC (Counter||keyID||N1||N2||A1||A2||Length) |
| 1550 | ** T |
| 1551 | ** where |
| 1552 | ** input: T is 256 bits; |
| 1553 | ** Counter is 8 bits, its value is 0 for MacKey, |
| 1554 | ** 1 for LTK; |
| 1555 | ** keyID is 32 bits, its value is 0x62746c65; |
| 1556 | ** N1 is 128 bits; |
| 1557 | ** N2 is 128 bits; |
| 1558 | ** A1 is 56 bits; |
| 1559 | ** A2 is 56 bits; |
| 1560 | ** Length is 16 bits, its value is 0x0100 |
| 1561 | ** output: LTK is 128 bit. |
| 1562 | ** |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1563 | ** Returns false if out of resources, true in other cases. |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1564 | ** |
| 1565 | ** Note The LSB is the first octet, the MSB is the last octet of |
| 1566 | ** the AES-CMAC input/output stream. |
| 1567 | ** |
| 1568 | *******************************************************************************/ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1569 | bool smp_calculate_f5_mackey_or_long_term_key(uint8_t *t, uint8_t *counter, |
| 1570 | uint8_t *key_id, uint8_t *n1, uint8_t *n2, uint8_t *a1, uint8_t *a2, |
| 1571 | uint8_t *length, uint8_t *mac) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1572 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1573 | uint8_t *p = NULL; |
| 1574 | uint8_t cmac[BT_OCTET16_LEN]; |
| 1575 | uint8_t key[BT_OCTET16_LEN]; |
| 1576 | uint8_t msg_len = 1 /* Counter size */ + 4 /* keyID size */ + |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1577 | BT_OCTET16_LEN /* N1 size */ + BT_OCTET16_LEN /* N2 size */ + |
| 1578 | 7 /* A1 size*/ + 7 /* A2 size*/ + 2 /* Length size */; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1579 | uint8_t msg[1 + 4 + BT_OCTET16_LEN + BT_OCTET16_LEN + 7 + 7 + 2]; |
| 1580 | bool ret = true; |
| 1581 | #if (SMP_DEBUG == TRUE) |
| 1582 | uint8_t *p_prnt = NULL; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1583 | #endif |
| 1584 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1585 | SMP_TRACE_DEBUG ("%s", __func__); |
| 1586 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1587 | p_prnt = t; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1588 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"T", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1589 | p_prnt = counter; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1590 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"Counter", 1); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1591 | p_prnt = key_id; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1592 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"KeyID", 4); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1593 | p_prnt = n1; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1594 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"N1", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1595 | p_prnt = n2; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1596 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"N2", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1597 | p_prnt = a1; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1598 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"A1", 7); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1599 | p_prnt = a2; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1600 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"A2", 7); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1601 | p_prnt = length; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1602 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"Length", 2); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1603 | #endif |
| 1604 | |
| 1605 | p = key; |
| 1606 | ARRAY_TO_STREAM(p, t, BT_OCTET16_LEN); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1607 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1608 | p_prnt = key; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1609 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"K", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1610 | #endif |
| 1611 | p = msg; |
| 1612 | ARRAY_TO_STREAM(p, length, 2); |
| 1613 | ARRAY_TO_STREAM(p, a2, 7); |
| 1614 | ARRAY_TO_STREAM(p, a1, 7); |
| 1615 | ARRAY_TO_STREAM(p, n2, BT_OCTET16_LEN); |
| 1616 | ARRAY_TO_STREAM(p, n1, BT_OCTET16_LEN); |
| 1617 | ARRAY_TO_STREAM(p, key_id, 4); |
| 1618 | ARRAY_TO_STREAM(p, counter, 1); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1619 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1620 | p_prnt = msg; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1621 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"M", msg_len); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1622 | #endif |
| 1623 | |
| 1624 | if (!aes_cipher_msg_auth_code(key, msg, msg_len, BT_OCTET16_LEN, cmac)) |
| 1625 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1626 | SMP_TRACE_ERROR("%s failed", __func__); |
| 1627 | ret = false; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1628 | } |
| 1629 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1630 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1631 | p_prnt = cmac; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1632 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"AES-CMAC", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1633 | #endif |
| 1634 | |
| 1635 | p = mac; |
| 1636 | ARRAY_TO_STREAM(p, cmac, BT_OCTET16_LEN); |
| 1637 | return ret; |
| 1638 | } |
| 1639 | |
| 1640 | /******************************************************************************* |
| 1641 | ** |
| 1642 | ** Function smp_calculate_f5_key |
| 1643 | ** |
| 1644 | ** Description The function calculates key T used in calculation of |
| 1645 | ** MacKey and LTK (f5 output is defined as MacKey || LTK). |
| 1646 | ** T = AES-CMAC (W) |
| 1647 | ** salt |
| 1648 | ** where |
| 1649 | ** Internal: salt is 128 bit. |
| 1650 | ** input: W is 256 bit. |
| 1651 | ** Output: T is 128 bit. |
| 1652 | ** |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1653 | ** Returns false if out of resources, true in other cases. |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1654 | ** |
| 1655 | ** Note The LSB is the first octet, the MSB is the last octet of |
| 1656 | ** the AES-CMAC input/output stream. |
| 1657 | ** |
| 1658 | *******************************************************************************/ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1659 | bool smp_calculate_f5_key(uint8_t *w, uint8_t *t) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1660 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1661 | uint8_t *p = NULL; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1662 | /* Please see 2.2.7 LE Secure Connections Key Generation Function f5 */ |
| 1663 | /* |
| 1664 | salt: 6C88 8391 AAF5 A538 6037 0BDB 5A60 83BE |
| 1665 | */ |
| 1666 | BT_OCTET16 salt = { |
| 1667 | 0xBE, 0x83, 0x60, 0x5A, 0xDB, 0x0B, 0x37, 0x60, |
| 1668 | 0x38, 0xA5, 0xF5, 0xAA, 0x91, 0x83, 0x88, 0x6C |
| 1669 | }; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1670 | #if (SMP_DEBUG == TRUE) |
| 1671 | uint8_t *p_prnt = NULL; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1672 | #endif |
| 1673 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1674 | SMP_TRACE_DEBUG ("%s", __func__); |
| 1675 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1676 | p_prnt = salt; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1677 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"salt", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1678 | p_prnt = w; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1679 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"W", BT_OCTET32_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1680 | #endif |
| 1681 | |
| 1682 | BT_OCTET16 key; |
| 1683 | BT_OCTET32 msg; |
| 1684 | |
| 1685 | p = key; |
| 1686 | ARRAY_TO_STREAM(p, salt, BT_OCTET16_LEN); |
| 1687 | p = msg; |
| 1688 | ARRAY_TO_STREAM(p, w, BT_OCTET32_LEN); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1689 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1690 | p_prnt = key; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1691 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"K", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1692 | p_prnt = msg; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1693 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"M", BT_OCTET32_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1694 | #endif |
| 1695 | |
| 1696 | BT_OCTET16 cmac; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1697 | bool ret = true; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1698 | if (!aes_cipher_msg_auth_code(key, msg, BT_OCTET32_LEN, BT_OCTET16_LEN, cmac)) |
| 1699 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1700 | SMP_TRACE_ERROR("%s failed", __func__); |
| 1701 | ret = false; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1702 | } |
| 1703 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1704 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1705 | p_prnt = cmac; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1706 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"AES-CMAC", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1707 | #endif |
| 1708 | |
| 1709 | p = t; |
| 1710 | ARRAY_TO_STREAM(p, cmac, BT_OCTET16_LEN); |
| 1711 | return ret; |
| 1712 | } |
| 1713 | |
| 1714 | /******************************************************************************* |
| 1715 | ** |
| 1716 | ** Function smp_calculate_local_dhkey_check |
| 1717 | ** |
| 1718 | ** Description The function calculates and saves local device DHKey check |
| 1719 | ** value in CB. |
| 1720 | ** Before doing this it calls smp_calculate_f5_mackey_and_long_term_key(...). |
| 1721 | ** to calculate MacKey and LTK. |
| 1722 | ** MacKey is used in dhkey calculation. |
| 1723 | ** |
| 1724 | ** Returns void |
| 1725 | ** |
| 1726 | *******************************************************************************/ |
| 1727 | void smp_calculate_local_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) |
| 1728 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1729 | uint8_t iocap[3], a[7], b[7]; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1730 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1731 | SMP_TRACE_DEBUG ("%s", __func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1732 | |
| 1733 | smp_calculate_f5_mackey_and_long_term_key(p_cb); |
| 1734 | |
| 1735 | smp_collect_local_io_capabilities(iocap, p_cb); |
| 1736 | |
| 1737 | smp_collect_local_ble_address(a, p_cb); |
| 1738 | smp_collect_peer_ble_address(b, p_cb); |
| 1739 | smp_calculate_f6(p_cb->mac_key, p_cb->rand, p_cb->rrand, p_cb->peer_random, iocap, a, b, |
| 1740 | p_cb->dhkey_check); |
| 1741 | |
| 1742 | SMP_TRACE_EVENT ("local DHKey check calculation is completed"); |
| 1743 | } |
| 1744 | |
| 1745 | /******************************************************************************* |
| 1746 | ** |
| 1747 | ** Function smp_calculate_peer_dhkey_check |
| 1748 | ** |
| 1749 | ** Description The function calculates peer device DHKey check value. |
| 1750 | ** |
| 1751 | ** Returns void |
| 1752 | ** |
| 1753 | *******************************************************************************/ |
| 1754 | void smp_calculate_peer_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) |
| 1755 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1756 | uint8_t iocap[3], a[7], b[7]; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1757 | BT_OCTET16 param_buf; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1758 | bool ret; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1759 | tSMP_KEY key; |
| 1760 | tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN; |
| 1761 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1762 | SMP_TRACE_DEBUG ("%s", __func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1763 | |
| 1764 | smp_collect_peer_io_capabilities(iocap, p_cb); |
| 1765 | |
| 1766 | smp_collect_local_ble_address(a, p_cb); |
| 1767 | smp_collect_peer_ble_address(b, p_cb); |
| 1768 | ret = smp_calculate_f6(p_cb->mac_key, p_cb->rrand, p_cb->rand, p_cb->local_random, iocap, |
| 1769 | b, a, param_buf); |
| 1770 | |
| 1771 | if (ret) |
| 1772 | { |
| 1773 | SMP_TRACE_EVENT ("peer DHKey check calculation is completed"); |
| 1774 | #if (SMP_DEBUG == TRUE) |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1775 | smp_debug_print_nbyte_little_endian (param_buf, (const uint8_t *)"peer DHKey check", |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1776 | BT_OCTET16_LEN); |
| 1777 | #endif |
| 1778 | key.key_type = SMP_KEY_TYPE_PEER_DHK_CHCK; |
| 1779 | key.p_data = param_buf; |
| 1780 | smp_sm_event(p_cb, SMP_SC_KEY_READY_EVT, &key); |
| 1781 | } |
| 1782 | else |
| 1783 | { |
| 1784 | SMP_TRACE_EVENT ("peer DHKey check calculation failed"); |
| 1785 | smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status); |
| 1786 | } |
| 1787 | } |
| 1788 | |
| 1789 | /******************************************************************************* |
| 1790 | ** |
| 1791 | ** Function smp_calculate_f6 |
| 1792 | ** |
| 1793 | ** Description The function calculates |
| 1794 | ** C = f6(W, N1, N2, R, IOcap, A1, A2) = AES-CMAC (N1||N2||R||IOcap||A1||A2) |
| 1795 | ** W |
| 1796 | ** where |
| 1797 | ** input: W is 128 bit, |
| 1798 | ** N1 is 128 bit, |
| 1799 | ** N2 is 128 bit, |
| 1800 | ** R is 128 bit, |
| 1801 | ** IOcap is 24 bit, |
| 1802 | ** A1 is 56 bit, |
| 1803 | ** A2 is 56 bit, |
| 1804 | ** output: C is 128 bit. |
| 1805 | ** |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1806 | ** Returns false if out of resources, true in other cases. |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1807 | ** |
| 1808 | ** Note The LSB is the first octet, the MSB is the last octet of |
| 1809 | ** the AES-CMAC input/output stream. |
| 1810 | ** |
| 1811 | *******************************************************************************/ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1812 | bool smp_calculate_f6(uint8_t *w, uint8_t *n1, uint8_t *n2, uint8_t *r, uint8_t *iocap, uint8_t *a1, |
| 1813 | uint8_t *a2, uint8_t *c) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1814 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1815 | uint8_t *p = NULL; |
| 1816 | uint8_t msg_len = BT_OCTET16_LEN /* N1 size */ + BT_OCTET16_LEN /* N2 size */ + |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1817 | BT_OCTET16_LEN /* R size */ + 3 /* IOcap size */ + 7 /* A1 size*/ |
| 1818 | + 7 /* A2 size*/; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1819 | uint8_t msg[BT_OCTET16_LEN + BT_OCTET16_LEN + BT_OCTET16_LEN + 3 + 7 + 7]; |
| 1820 | #if (SMP_DEBUG == TRUE) |
| 1821 | uint8_t *p_print = NULL; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1822 | #endif |
| 1823 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1824 | SMP_TRACE_DEBUG ("%s", __func__); |
| 1825 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1826 | p_print = w; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1827 | smp_debug_print_nbyte_little_endian (p_print, (const uint8_t *)"W", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1828 | p_print = n1; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1829 | smp_debug_print_nbyte_little_endian (p_print, (const uint8_t *)"N1", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1830 | p_print = n2; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1831 | smp_debug_print_nbyte_little_endian (p_print, (const uint8_t *)"N2", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1832 | p_print = r; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1833 | smp_debug_print_nbyte_little_endian (p_print, (const uint8_t *)"R", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1834 | p_print = iocap; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1835 | smp_debug_print_nbyte_little_endian (p_print, (const uint8_t *)"IOcap", 3); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1836 | p_print = a1; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1837 | smp_debug_print_nbyte_little_endian (p_print, (const uint8_t *)"A1", 7); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1838 | p_print = a2; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1839 | smp_debug_print_nbyte_little_endian (p_print, (const uint8_t *)"A2", 7); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1840 | #endif |
| 1841 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1842 | uint8_t cmac[BT_OCTET16_LEN]; |
| 1843 | uint8_t key[BT_OCTET16_LEN]; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1844 | |
| 1845 | p = key; |
| 1846 | ARRAY_TO_STREAM(p, w, BT_OCTET16_LEN); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1847 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1848 | p_print = key; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1849 | smp_debug_print_nbyte_little_endian (p_print, (const uint8_t *)"K", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1850 | #endif |
| 1851 | |
| 1852 | p = msg; |
| 1853 | ARRAY_TO_STREAM(p, a2, 7); |
| 1854 | ARRAY_TO_STREAM(p, a1, 7); |
| 1855 | ARRAY_TO_STREAM(p, iocap, 3); |
| 1856 | ARRAY_TO_STREAM(p, r, BT_OCTET16_LEN); |
| 1857 | ARRAY_TO_STREAM(p, n2, BT_OCTET16_LEN); |
| 1858 | ARRAY_TO_STREAM(p, n1, BT_OCTET16_LEN); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1859 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1860 | p_print = msg; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1861 | smp_debug_print_nbyte_little_endian (p_print, (const uint8_t *)"M", msg_len); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1862 | #endif |
| 1863 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1864 | bool ret = true; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1865 | if(!aes_cipher_msg_auth_code(key, msg, msg_len, BT_OCTET16_LEN, cmac)) |
| 1866 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1867 | SMP_TRACE_ERROR("%s failed", __func__); |
| 1868 | ret = false; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1869 | } |
| 1870 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1871 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1872 | p_print = cmac; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1873 | smp_debug_print_nbyte_little_endian (p_print, (const uint8_t *)"AES-CMAC", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1874 | #endif |
| 1875 | |
| 1876 | p = c; |
| 1877 | ARRAY_TO_STREAM(p, cmac, BT_OCTET16_LEN); |
| 1878 | return ret; |
| 1879 | } |
| 1880 | |
| 1881 | /******************************************************************************* |
| 1882 | ** |
| 1883 | ** Function smp_calculate_link_key_from_long_term_key |
| 1884 | ** |
| 1885 | ** Description The function calculates and saves BR/EDR link key derived from |
| 1886 | ** LE SC LTK. |
| 1887 | ** |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1888 | ** Returns false if out of resources, true in other cases. |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1889 | ** |
| 1890 | *******************************************************************************/ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1891 | bool smp_calculate_link_key_from_long_term_key(tSMP_CB *p_cb) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1892 | { |
| 1893 | tBTM_SEC_DEV_REC *p_dev_rec; |
Chaojing Sun | e280553 | 2015-04-22 13:40:21 -0700 | [diff] [blame] | 1894 | BD_ADDR bda_for_lk; |
| 1895 | tBLE_ADDR_TYPE conn_addr_type; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1896 | |
| 1897 | SMP_TRACE_DEBUG ("%s", __func__); |
| 1898 | |
Chaojing Sun | e280553 | 2015-04-22 13:40:21 -0700 | [diff] [blame] | 1899 | if (p_cb->id_addr_rcvd && p_cb->id_addr_type == BLE_ADDR_PUBLIC) |
| 1900 | { |
| 1901 | SMP_TRACE_DEBUG ("Use rcvd identity address as BD_ADDR of LK rcvd identity address"); |
| 1902 | memcpy(bda_for_lk, p_cb->id_addr, BD_ADDR_LEN); |
| 1903 | } |
| 1904 | else if ((BTM_ReadRemoteConnectionAddr(p_cb->pairing_bda, bda_for_lk, &conn_addr_type)) && |
| 1905 | conn_addr_type == BLE_ADDR_PUBLIC) |
| 1906 | { |
| 1907 | SMP_TRACE_DEBUG ("Use rcvd connection address as BD_ADDR of LK"); |
| 1908 | } |
| 1909 | else |
| 1910 | { |
| 1911 | SMP_TRACE_WARNING ("Don't have peer public address to associate with LK"); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1912 | return false; |
Chaojing Sun | e280553 | 2015-04-22 13:40:21 -0700 | [diff] [blame] | 1913 | } |
| 1914 | |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1915 | if ((p_dev_rec = btm_find_dev (p_cb->pairing_bda)) == NULL) |
| 1916 | { |
| 1917 | SMP_TRACE_ERROR("%s failed to find Security Record", __func__); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1918 | return false; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1919 | } |
| 1920 | |
| 1921 | BT_OCTET16 intermediate_link_key; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1922 | bool ret = true; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1923 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1924 | ret = smp_calculate_h6(p_cb->ltk, (uint8_t *)"1pmt" /* reversed "tmp1" */,intermediate_link_key); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1925 | if (!ret) |
| 1926 | { |
| 1927 | SMP_TRACE_ERROR("%s failed to derive intermediate_link_key", __func__); |
| 1928 | return ret; |
| 1929 | } |
| 1930 | |
| 1931 | BT_OCTET16 link_key; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1932 | ret = smp_calculate_h6(intermediate_link_key, (uint8_t *) "rbel" /* reversed "lebr" */, link_key); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1933 | if (!ret) |
| 1934 | { |
| 1935 | SMP_TRACE_ERROR("%s failed", __func__); |
| 1936 | } |
| 1937 | else |
| 1938 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1939 | uint8_t link_key_type; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1940 | if (btm_cb.security_mode == BTM_SEC_MODE_SC) |
| 1941 | { |
| 1942 | /* Secure Connections Only Mode */ |
| 1943 | link_key_type = BTM_LKEY_TYPE_AUTH_COMB_P_256; |
| 1944 | } |
| 1945 | else if (controller_get_interface()->supports_secure_connections()) |
| 1946 | { |
| 1947 | /* both transports are SC capable */ |
| 1948 | if (p_cb->sec_level == SMP_SEC_AUTHENTICATED) |
| 1949 | link_key_type = BTM_LKEY_TYPE_AUTH_COMB_P_256; |
| 1950 | else |
| 1951 | link_key_type = BTM_LKEY_TYPE_UNAUTH_COMB_P_256; |
| 1952 | } |
| 1953 | else if (btm_cb.security_mode == BTM_SEC_MODE_SP) |
| 1954 | { |
| 1955 | /* BR/EDR transport is SSP capable */ |
| 1956 | if (p_cb->sec_level == SMP_SEC_AUTHENTICATED) |
| 1957 | link_key_type = BTM_LKEY_TYPE_AUTH_COMB; |
| 1958 | else |
| 1959 | link_key_type = BTM_LKEY_TYPE_UNAUTH_COMB; |
| 1960 | } |
| 1961 | else |
| 1962 | { |
| 1963 | SMP_TRACE_ERROR ("%s failed to update link_key. Sec Mode = %d, sm4 = 0x%02x", |
| 1964 | __func__, btm_cb.security_mode, p_dev_rec->sm4); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1965 | return false; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1966 | } |
| 1967 | |
| 1968 | link_key_type += BTM_LTK_DERIVED_LKEY_OFFSET; |
| 1969 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1970 | uint8_t *p; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1971 | BT_OCTET16 notif_link_key; |
| 1972 | p = notif_link_key; |
| 1973 | ARRAY16_TO_STREAM(p, link_key); |
| 1974 | |
Chaojing Sun | e280553 | 2015-04-22 13:40:21 -0700 | [diff] [blame] | 1975 | btm_sec_link_key_notification (bda_for_lk, notif_link_key, link_key_type); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1976 | |
| 1977 | SMP_TRACE_EVENT ("%s is completed", __func__); |
| 1978 | } |
| 1979 | |
| 1980 | return ret; |
| 1981 | } |
| 1982 | |
| 1983 | /******************************************************************************* |
| 1984 | ** |
| 1985 | ** Function smp_calculate_long_term_key_from_link_key |
| 1986 | ** |
| 1987 | ** Description The function calculates and saves SC LTK derived from BR/EDR |
| 1988 | ** link key. |
| 1989 | ** |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1990 | ** Returns false if out of resources, true in other cases. |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1991 | ** |
| 1992 | *******************************************************************************/ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1993 | bool smp_calculate_long_term_key_from_link_key(tSMP_CB *p_cb) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1994 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1995 | bool ret = true; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1996 | tBTM_SEC_DEV_REC *p_dev_rec; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1997 | uint8_t rev_link_key[16]; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1998 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1999 | SMP_TRACE_DEBUG ("%s", __func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2000 | |
| 2001 | if ((p_dev_rec = btm_find_dev (p_cb->pairing_bda)) == NULL) |
| 2002 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2003 | SMP_TRACE_ERROR("%s failed to find Security Record",__func__); |
| 2004 | return false; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2005 | } |
| 2006 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2007 | uint8_t br_link_key_type; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2008 | if ((br_link_key_type = BTM_SecGetDeviceLinkKeyType (p_cb->pairing_bda)) |
| 2009 | == BTM_LKEY_TYPE_IGNORE) |
| 2010 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2011 | SMP_TRACE_ERROR("%s failed to retrieve BR link type",__func__); |
| 2012 | return false; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2013 | } |
| 2014 | |
| 2015 | if ((br_link_key_type != BTM_LKEY_TYPE_AUTH_COMB_P_256) && |
| 2016 | (br_link_key_type != BTM_LKEY_TYPE_UNAUTH_COMB_P_256)) |
| 2017 | { |
| 2018 | SMP_TRACE_ERROR("%s LE SC LTK can't be derived from LK %d", |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2019 | __func__, br_link_key_type); |
| 2020 | return false; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2021 | } |
| 2022 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2023 | uint8_t *p1; |
| 2024 | uint8_t *p2; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2025 | p1 = rev_link_key; |
| 2026 | p2 = p_dev_rec->link_key; |
| 2027 | REVERSE_ARRAY_TO_STREAM(p1, p2, 16); |
| 2028 | |
| 2029 | BT_OCTET16 intermediate_long_term_key; |
| 2030 | /* "tmp2" obtained from the spec */ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2031 | ret = smp_calculate_h6(rev_link_key, (uint8_t *) "2pmt" /* reversed "tmp2" */, |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2032 | intermediate_long_term_key); |
| 2033 | |
| 2034 | if (!ret) |
| 2035 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2036 | SMP_TRACE_ERROR("%s failed to derive intermediate_long_term_key",__func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2037 | return ret; |
| 2038 | } |
| 2039 | |
| 2040 | /* "brle" obtained from the spec */ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2041 | ret = smp_calculate_h6(intermediate_long_term_key, (uint8_t *) "elrb" /* reversed "brle" */, |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2042 | p_cb->ltk); |
| 2043 | |
| 2044 | if (!ret) |
| 2045 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2046 | SMP_TRACE_ERROR("%s failed",__func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2047 | } |
| 2048 | else |
| 2049 | { |
| 2050 | p_cb->sec_level = (br_link_key_type == BTM_LKEY_TYPE_AUTH_COMB_P_256) |
| 2051 | ? SMP_SEC_AUTHENTICATED : SMP_SEC_UNAUTHENTICATE; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2052 | SMP_TRACE_EVENT ("%s is completed",__func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2053 | } |
| 2054 | |
| 2055 | return ret; |
| 2056 | } |
| 2057 | |
| 2058 | /******************************************************************************* |
| 2059 | ** |
| 2060 | ** Function smp_calculate_h6 |
| 2061 | ** |
| 2062 | ** Description The function calculates |
| 2063 | ** C = h6(W, KeyID) = AES-CMAC (KeyID) |
| 2064 | ** W |
| 2065 | ** where |
| 2066 | ** input: W is 128 bit, |
| 2067 | ** KeyId is 32 bit, |
| 2068 | ** output: C is 128 bit. |
| 2069 | ** |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2070 | ** Returns false if out of resources, true in other cases. |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2071 | ** |
| 2072 | ** Note The LSB is the first octet, the MSB is the last octet of |
| 2073 | ** the AES-CMAC input/output stream. |
| 2074 | ** |
| 2075 | *******************************************************************************/ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2076 | bool smp_calculate_h6(uint8_t *w, uint8_t *keyid, uint8_t *c) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2077 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2078 | #if (SMP_DEBUG == TRUE) |
| 2079 | uint8_t *p_print = NULL; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2080 | #endif |
| 2081 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2082 | SMP_TRACE_DEBUG ("%s",__func__); |
| 2083 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2084 | p_print = w; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2085 | smp_debug_print_nbyte_little_endian (p_print, (const uint8_t *)"W", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2086 | p_print = keyid; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2087 | smp_debug_print_nbyte_little_endian (p_print, (const uint8_t *)"keyID", 4); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2088 | #endif |
| 2089 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2090 | uint8_t *p = NULL; |
| 2091 | uint8_t key[BT_OCTET16_LEN]; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2092 | |
| 2093 | p = key; |
| 2094 | ARRAY_TO_STREAM(p, w, BT_OCTET16_LEN); |
| 2095 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2096 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2097 | p_print = key; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2098 | smp_debug_print_nbyte_little_endian (p_print, (const uint8_t *)"K", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2099 | #endif |
| 2100 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2101 | uint8_t msg_len = 4 /* KeyID size */; |
| 2102 | uint8_t msg[4]; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2103 | |
| 2104 | p = msg; |
| 2105 | ARRAY_TO_STREAM(p, keyid, 4); |
| 2106 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2107 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2108 | p_print = msg; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2109 | smp_debug_print_nbyte_little_endian (p_print,(const uint8_t *) "M", msg_len); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2110 | #endif |
| 2111 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2112 | bool ret = true; |
| 2113 | uint8_t cmac[BT_OCTET16_LEN]; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2114 | if (!aes_cipher_msg_auth_code(key, msg, msg_len, BT_OCTET16_LEN, cmac)) |
| 2115 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2116 | SMP_TRACE_ERROR("%s failed",__func__); |
| 2117 | ret = false; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2118 | } |
| 2119 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2120 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2121 | p_print = cmac; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2122 | smp_debug_print_nbyte_little_endian (p_print, (const uint8_t *)"AES-CMAC", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2123 | #endif |
| 2124 | |
| 2125 | p = c; |
| 2126 | ARRAY_TO_STREAM(p, cmac, BT_OCTET16_LEN); |
| 2127 | return ret; |
| 2128 | } |
| 2129 | |
| 2130 | /******************************************************************************* |
| 2131 | ** |
| 2132 | ** Function smp_start_nonce_generation |
| 2133 | ** |
| 2134 | ** Description This function starts nonce generation. |
| 2135 | ** |
| 2136 | ** Returns void |
| 2137 | ** |
| 2138 | *******************************************************************************/ |
| 2139 | void smp_start_nonce_generation(tSMP_CB *p_cb) |
| 2140 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2141 | SMP_TRACE_DEBUG("%s", __func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2142 | p_cb->rand_enc_proc_state = SMP_GEN_NONCE_0_7; |
Jakub Pawlowski | b6ab9b3 | 2016-10-10 09:35:13 -0700 | [diff] [blame] | 2143 | btsnd_hcic_ble_rand((void *)smp_rand_back); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2144 | } |
| 2145 | |
| 2146 | /******************************************************************************* |
| 2147 | ** |
| 2148 | ** Function smp_finish_nonce_generation |
| 2149 | ** |
| 2150 | ** Description This function finishes nonce generation. |
| 2151 | ** |
| 2152 | ** Returns void |
| 2153 | ** |
| 2154 | *******************************************************************************/ |
| 2155 | void smp_finish_nonce_generation(tSMP_CB *p_cb) |
| 2156 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2157 | SMP_TRACE_DEBUG("%s", __func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2158 | p_cb->rand_enc_proc_state = SMP_GEN_NONCE_8_15; |
Jakub Pawlowski | b6ab9b3 | 2016-10-10 09:35:13 -0700 | [diff] [blame] | 2159 | btsnd_hcic_ble_rand((void *)smp_rand_back); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2160 | } |
| 2161 | |
| 2162 | /******************************************************************************* |
| 2163 | ** |
| 2164 | ** Function smp_process_new_nonce |
| 2165 | ** |
| 2166 | ** Description This function notifies SM that it has new nonce. |
| 2167 | ** |
| 2168 | ** Returns void |
| 2169 | ** |
| 2170 | *******************************************************************************/ |
| 2171 | void smp_process_new_nonce(tSMP_CB *p_cb) |
| 2172 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2173 | SMP_TRACE_DEBUG ("%s round %d", __func__, p_cb->round); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2174 | smp_sm_event(p_cb, SMP_HAVE_LOC_NONCE_EVT, NULL); |
| 2175 | } |
| 2176 | |
| 2177 | /******************************************************************************* |
| 2178 | ** |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 2179 | ** Function smp_rand_back |
| 2180 | ** |
| 2181 | ** Description This function is to process the rand command finished, |
| 2182 | ** process the random/encrypted number for further action. |
| 2183 | ** |
| 2184 | ** Returns void |
| 2185 | ** |
| 2186 | *******************************************************************************/ |
| 2187 | static void smp_rand_back(tBTM_RAND_ENC *p) |
| 2188 | { |
| 2189 | tSMP_CB *p_cb = &smp_cb; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2190 | uint8_t *pp = p->param_buf; |
| 2191 | uint8_t failure = SMP_PAIR_FAIL_UNKNOWN; |
| 2192 | uint8_t state = p_cb->rand_enc_proc_state & ~0x80; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 2193 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2194 | SMP_TRACE_DEBUG ("%s state=0x%x", __func__, state); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 2195 | if (p && p->status == HCI_SUCCESS) |
| 2196 | { |
| 2197 | switch (state) |
| 2198 | { |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 2199 | case SMP_GEN_SRAND_MRAND: |
| 2200 | memcpy((void *)p_cb->rand, p->param_buf, p->param_len); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2201 | smp_generate_rand_cont(p_cb, NULL); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 2202 | break; |
| 2203 | |
| 2204 | case SMP_GEN_SRAND_MRAND_CONT: |
| 2205 | memcpy((void *)&p_cb->rand[8], p->param_buf, p->param_len); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2206 | smp_generate_confirm(p_cb, NULL); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 2207 | break; |
| 2208 | |
| 2209 | case SMP_GEN_DIV_LTK: |
| 2210 | STREAM_TO_UINT16(p_cb->div, pp); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2211 | smp_generate_ltk_cont(p_cb, NULL); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 2212 | break; |
| 2213 | |
| 2214 | case SMP_GEN_DIV_CSRK: |
| 2215 | STREAM_TO_UINT16(p_cb->div, pp); |
| 2216 | smp_compute_csrk(p_cb, NULL); |
| 2217 | break; |
| 2218 | |
| 2219 | case SMP_GEN_TK: |
| 2220 | smp_proc_passkey(p_cb, p); |
| 2221 | break; |
| 2222 | |
| 2223 | case SMP_GEN_RAND_V: |
| 2224 | memcpy(p_cb->enc_rand, p->param_buf, BT_OCTET8_LEN); |
| 2225 | smp_generate_y(p_cb, NULL); |
| 2226 | break; |
| 2227 | |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2228 | case SMP_GENERATE_PRIVATE_KEY_0_7: |
| 2229 | case SMP_GENERATE_PRIVATE_KEY_8_15: |
| 2230 | case SMP_GENERATE_PRIVATE_KEY_16_23: |
| 2231 | case SMP_GENERATE_PRIVATE_KEY_24_31: |
| 2232 | smp_continue_private_key_creation(p_cb, p); |
| 2233 | break; |
| 2234 | |
| 2235 | case SMP_GEN_NONCE_0_7: |
| 2236 | memcpy((void *)p_cb->rand, p->param_buf, p->param_len); |
| 2237 | smp_finish_nonce_generation(p_cb); |
| 2238 | break; |
| 2239 | |
| 2240 | case SMP_GEN_NONCE_8_15: |
| 2241 | memcpy((void *)&p_cb->rand[8], p->param_buf, p->param_len); |
| 2242 | smp_process_new_nonce(p_cb); |
| 2243 | break; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 2244 | } |
| 2245 | |
| 2246 | return; |
| 2247 | } |
| 2248 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2249 | SMP_TRACE_ERROR("%s key generation failed: (%d)", __func__, p_cb->rand_enc_proc_state); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 2250 | smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &failure); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 2251 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2252 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 2253 | #endif |
| 2254 | |