Blame - stack/smp/smp_act.cc - platform/system/bt

blob: 1239542225cc9abf4ebbd02676916ac064368225 [file] [log] [blame]

The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1	/******************************************************************************
				2	*
Jakub Pawlowski	5b790fe	2017-09-18 09:00:20 -0700	[diff] [blame]	3	* Copyright 2003-2012 Broadcom Corporation
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	4	*
				5	* Licensed under the Apache License, Version 2.0 (the "License");
				6	* you may not use this file except in compliance with the License.
				7	* You may obtain a copy of the License at:
				8	*
				9	* http://www.apache.org/licenses/LICENSE-2.0
				10	*
				11	* Unless required by applicable law or agreed to in writing, software
				12	* distributed under the License is distributed on an "AS IS" BASIS,
				13	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				14	* See the License for the specific language governing permissions and
				15	* limitations under the License.
				16	*
				17	******************************************************************************/
				18
Chienyuan	7f436b9	2018-11-29 23:19:27 +0800	[diff] [blame]	19	#include <cutils/log.h>
Jakub Pawlowski	e4f1378	2018-10-23 14:46:24 +0200	[diff] [blame]	20	#include <log/log.h>
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	21	#include <string.h>
Pulkit Bhuwalka	5a6b325	2017-02-17 16:25:22 -0800	[diff] [blame]	22	#include "btif_common.h"
Pulkit Bhuwalka	2bc59e5	2018-03-22 14:34:33 -0700	[diff] [blame]	23	#include "btif_storage.h"
Andre Eisenbach	7927f68	2015-07-02 16:14:28 -0700	[diff] [blame]	24	#include "device/include/interop.h"
Jakub Pawlowski	ecace46	2017-10-17 16:40:41 -0700	[diff] [blame]	25	#include "internal_include/bt_target.h"
Andre Eisenbach	7927f68	2015-07-02 16:14:28 -0700	[diff] [blame]	26	#include "stack/btm/btm_int.h"
				27	#include "stack/include/l2c_api.h"
Andre Eisenbach	9181ec2	2018-03-01 13:27:01 -0800	[diff] [blame]	28	#include "stack/smp/p_256_ecc_pp.h"
Andre Eisenbach	7927f68	2015-07-02 16:14:28 -0700	[diff] [blame]	29	#include "stack/smp/smp_int.h"
				30	#include "utils/include/bt_utils.h"
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	31
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	32	#define SMP_KEY_DIST_TYPE_MAX 4
ravishankar srivatsa	fd102ca	2017-05-04 10:13:58 +0530	[diff] [blame]	33
Stanley Tng	5af6aba	2017-09-29 09:01:25 -0700	[diff] [blame]	34	const tSMP_ACT smp_distribute_act[] = {
				35	smp_generate_ltk, /* SMP_SEC_KEY_TYPE_ENC - '1' bit index */
				36	smp_send_id_info, /* SMP_SEC_KEY_TYPE_ID - '1' bit index */
				37	smp_generate_csrk, /* SMP_SEC_KEY_TYPE_CSRK - '1' bit index */
				38	smp_set_derive_link_key /* SMP_SEC_KEY_TYPE_LK - '1' bit index */
				39	};
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	40
Jakub Pawlowski	a484a88	2017-06-24 17:30:18 -0700	[diff] [blame]	41	static bool lmp_version_below(const RawAddress& bda, uint8_t version) {
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	42	tACL_CONN* acl = btm_bda_to_acl(bda, BT_TRANSPORT_LE);
				43	if (acl == NULL \|\| acl->lmp_version == 0) {
				44	SMP_TRACE_WARNING("%s cannot retrieve LMP version...", __func__);
				45	return false;
				46	}
				47	SMP_TRACE_WARNING("%s LMP version %d < %d", __func__, acl->lmp_version,
				48	version);
				49	return acl->lmp_version < version;
Andre Eisenbach	27e239d	2015-10-26 13:49:17 -0700	[diff] [blame]	50	}
				51
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	52	static bool pts_test_send_authentication_complete_failure(tSMP_CB* p_cb) {
ravishankar srivatsa	fd102ca	2017-05-04 10:13:58 +0530	[diff] [blame]	53	uint8_t reason = p_cb->cert_failure;
				54	if (reason == SMP_PAIR_AUTH_FAIL \|\| reason == SMP_PAIR_FAIL_UNKNOWN \|\|
				55	reason == SMP_PAIR_NOT_SUPPORT \|\| reason == SMP_PASSKEY_ENTRY_FAIL \|\|
				56	reason == SMP_REPEATED_ATTEMPTS) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	57	tSMP_INT_DATA smp_int_data;
				58	smp_int_data.status = reason;
				59	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
ravishankar srivatsa	fd102ca	2017-05-04 10:13:58 +0530	[diff] [blame]	60	return true;
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	61	}
ravishankar srivatsa	fd102ca	2017-05-04 10:13:58 +0530	[diff] [blame]	62	return false;
Nitin Arora	0bd0c8f	2016-03-15 15:00:36 -0700	[diff] [blame]	63	}
				64
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	65	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	66	* Function smp_update_key_mask
				67	* Description This function updates the key mask for sending or receiving.
				68	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	69	static void smp_update_key_mask(tSMP_CB* p_cb, uint8_t key_type, bool recv) {
				70	SMP_TRACE_DEBUG(
				71	"%s before update role=%d recv=%d local_i_key = %02x, local_r_key = %02x",
				72	__func__, p_cb->role, recv, p_cb->local_i_key, p_cb->local_r_key);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	73
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	74	if (((p_cb->le_secure_connections_mode_is_used) \|\| (p_cb->smp_over_br)) &&
				75	((key_type == SMP_SEC_KEY_TYPE_ENC) \|\|
				76	(key_type == SMP_SEC_KEY_TYPE_LK))) {
				77	/* in LE SC mode LTK, CSRK and BR/EDR LK are derived locally instead of
				78	** being exchanged with the peer */
				79	p_cb->local_i_key &= ~key_type;
				80	p_cb->local_r_key &= ~key_type;
				81	} else if (p_cb->role == HCI_ROLE_SLAVE) {
				82	if (recv)
				83	p_cb->local_i_key &= ~key_type;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	84	else
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	85	p_cb->local_r_key &= ~key_type;
				86	} else {
				87	if (recv)
				88	p_cb->local_r_key &= ~key_type;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	89	else
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	90	p_cb->local_i_key &= ~key_type;
				91	}
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	92
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	93	SMP_TRACE_DEBUG("updated local_i_key = %02x, local_r_key = %02x",
				94	p_cb->local_i_key, p_cb->local_r_key);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	95	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	96
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	97	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	98	* Function smp_send_app_cback
Myles Watson	9ca0709	2016-11-28 16:41:53 -0800	[diff] [blame]	99	* Description notifies application about the events the application is
				100	* interested in
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	101	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	102	void smp_send_app_cback(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				103	tSMP_EVT_DATA cb_data;
				104	tSMP_STATUS callback_rc;
				105	SMP_TRACE_DEBUG("%s p_cb->cb_evt=%d", __func__, p_cb->cb_evt);
				106	if (p_cb->p_callback && p_cb->cb_evt != 0) {
				107	switch (p_cb->cb_evt) {
				108	case SMP_IO_CAP_REQ_EVT:
				109	cb_data.io_req.auth_req = p_cb->peer_auth_req;
				110	cb_data.io_req.oob_data = SMP_OOB_NONE;
Pulkit Bhuwalka	2bc59e5	2018-03-22 14:34:33 -0700	[diff] [blame]	111	cb_data.io_req.io_cap = btif_storage_get_local_io_caps_ble();
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	112	cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
				113	cb_data.io_req.init_keys = p_cb->local_i_key;
				114	cb_data.io_req.resp_keys = p_cb->local_r_key;
				115	SMP_TRACE_WARNING("io_cap = %d", cb_data.io_req.io_cap);
				116	break;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	117
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	118	case SMP_NC_REQ_EVT:
				119	cb_data.passkey = p_data->passkey;
				120	break;
				121	case SMP_SC_OOB_REQ_EVT:
				122	cb_data.req_oob_type = p_data->req_oob_type;
				123	break;
				124	case SMP_SC_LOC_OOB_DATA_UP_EVT:
				125	cb_data.loc_oob_data = p_cb->sc_oob_data.loc_oob_data;
				126	break;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	127
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	128	case SMP_BR_KEYS_REQ_EVT:
				129	cb_data.io_req.auth_req = 0;
				130	cb_data.io_req.oob_data = SMP_OOB_NONE;
				131	cb_data.io_req.io_cap = 0;
				132	cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
				133	cb_data.io_req.init_keys = SMP_BR_SEC_DEFAULT_KEY;
				134	cb_data.io_req.resp_keys = SMP_BR_SEC_DEFAULT_KEY;
				135	break;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	136
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	137	default:
				138	break;
				139	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	140
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	141	callback_rc =
				142	(*p_cb->p_callback)(p_cb->cb_evt, p_cb->pairing_bda, &cb_data);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	143
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	144	SMP_TRACE_DEBUG("%s: callback_rc=%d p_cb->cb_evt=%d", __func__,
				145	callback_rc, p_cb->cb_evt);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	146
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	147	if (callback_rc == SMP_SUCCESS) {
				148	switch (p_cb->cb_evt) {
				149	case SMP_IO_CAP_REQ_EVT:
				150	p_cb->loc_auth_req = cb_data.io_req.auth_req;
				151	p_cb->local_io_capability = cb_data.io_req.io_cap;
				152	p_cb->loc_oob_flag = cb_data.io_req.oob_data;
				153	p_cb->loc_enc_size = cb_data.io_req.max_key_size;
				154	p_cb->local_i_key = cb_data.io_req.init_keys;
				155	p_cb->local_r_key = cb_data.io_req.resp_keys;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	156
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	157	if (!(p_cb->loc_auth_req & SMP_AUTH_BOND)) {
				158	SMP_TRACE_WARNING("Non bonding: No keys will be exchanged");
				159	p_cb->local_i_key = 0;
				160	p_cb->local_r_key = 0;
				161	}
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	162
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	163	SMP_TRACE_WARNING(
johnshamoon	b2dadde	2017-05-31 11:32:24 -0700	[diff] [blame]	164	"rcvd auth_req: 0x%02x, io_cap: %d "
				165	"loc_oob_flag: %d loc_enc_size: %d, "
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	166	"local_i_key: 0x%02x, local_r_key: 0x%02x",
				167	p_cb->loc_auth_req, p_cb->local_io_capability, p_cb->loc_oob_flag,
				168	p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	169
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	170	p_cb->secure_connections_only_mode_required =
				171	(btm_cb.security_mode == BTM_SEC_MODE_SC) ? true : false;
Hemant Gupta	f37452a	2017-12-06 15:35:20 +0530	[diff] [blame]	172	/* just for PTS, force SC bit */
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	173	if (p_cb->secure_connections_only_mode_required) {
				174	p_cb->loc_auth_req \|= SMP_SC_SUPPORT_BIT;
				175	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	176
Hemant Gupta	f37452a	2017-12-06 15:35:20 +0530	[diff] [blame]	177	if (!p_cb->secure_connections_only_mode_required &&
				178	(!(p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT) \|\|
				179	lmp_version_below(p_cb->pairing_bda, HCI_PROTO_VERSION_4_2) \|\|
				180	interop_match_addr(INTEROP_DISABLE_LE_SECURE_CONNECTIONS,
				181	(const RawAddress*)&p_cb->pairing_bda))) {
				182	p_cb->loc_auth_req &= ~SMP_SC_SUPPORT_BIT;
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	183	p_cb->loc_auth_req &= ~SMP_KP_SUPPORT_BIT;
				184	p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
				185	p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
				186	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	187
Jakub Pawlowski	7a7f69b	2017-09-27 15:41:13 -0700	[diff] [blame]	188	if (lmp_version_below(p_cb->pairing_bda, HCI_PROTO_VERSION_5_0)) {
				189	p_cb->loc_auth_req &= ~SMP_H7_SUPPORT_BIT;
				190	}
				191
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	192	SMP_TRACE_WARNING(
				193	"set auth_req: 0x%02x, local_i_key: 0x%02x, local_r_key: 0x%02x",
				194	p_cb->loc_auth_req, p_cb->local_i_key, p_cb->local_r_key);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	195
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	196	smp_sm_event(p_cb, SMP_IO_RSP_EVT, NULL);
				197	break;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	198
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	199	case SMP_BR_KEYS_REQ_EVT:
				200	p_cb->loc_enc_size = cb_data.io_req.max_key_size;
				201	p_cb->local_i_key = cb_data.io_req.init_keys;
				202	p_cb->local_r_key = cb_data.io_req.resp_keys;
Jakub Pawlowski	e7f14a6	2017-03-20 15:38:56 -0700	[diff] [blame]	203	p_cb->loc_auth_req \|= SMP_H7_SUPPORT_BIT;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	204
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	205	p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
				206	p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	207
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	208	SMP_TRACE_WARNING(
johnshamoon	b2dadde	2017-05-31 11:32:24 -0700	[diff] [blame]	209	"for SMP over BR max_key_size: 0x%02x, local_i_key: 0x%02x, "
				210	"local_r_key: 0x%02x, p_cb->loc_auth_req: 0x%02x",
Jakub Pawlowski	e7f14a6	2017-03-20 15:38:56 -0700	[diff] [blame]	211	p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key,
				212	p_cb->loc_auth_req);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	213
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	214	smp_br_state_machine_event(p_cb, SMP_BR_KEYS_RSP_EVT, NULL);
				215	break;
				216	}
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	217	}
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	218	}
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	219
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	220	if (!p_cb->cb_evt && p_cb->discard_sec_req) {
				221	p_cb->discard_sec_req = false;
				222	smp_sm_event(p_cb, SMP_DISCARD_SEC_REQ_EVT, NULL);
				223	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	224
johnshamoon	b2dadde	2017-05-31 11:32:24 -0700	[diff] [blame]	225	SMP_TRACE_DEBUG("%s: return", __func__);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	226	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	227
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	228	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	229	* Function smp_send_pair_fail
				230	* Description pairing failure to peer device if needed.
				231	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	232	void smp_send_pair_fail(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	233	p_cb->status = p_data->status;
				234	p_cb->failure = p_data->status;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	235
johnshamoon	b2dadde	2017-05-31 11:32:24 -0700	[diff] [blame]	236	SMP_TRACE_DEBUG("%s: status=%d failure=%d ", __func__, p_cb->status,
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	237	p_cb->failure);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	238
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	239	if (p_cb->status <= SMP_MAX_FAIL_RSN_PER_SPEC &&
				240	p_cb->status != SMP_SUCCESS) {
				241	smp_send_cmd(SMP_OPCODE_PAIRING_FAILED, p_cb);
				242	p_cb->wait_for_authorization_complete = true;
				243	}
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	244	}
				245
				246	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	247	* Function smp_send_pair_req
				248	* Description actions related to sending pairing request
				249	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	250	void smp_send_pair_req(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				251	tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(p_cb->pairing_bda);
				252	SMP_TRACE_DEBUG("%s", __func__);
Andre Eisenbach	2d41fe1	2013-04-17 11:22:58 +0800	[diff] [blame]	253
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	254	/* erase all keys when master sends pairing req*/
				255	if (p_dev_rec) btm_sec_clear_ble_keys(p_dev_rec);
				256	/* do not manipulate the key, let app decide,
				257	leave out to BTM to mandate key distribution for bonding case */
				258	smp_send_cmd(SMP_OPCODE_PAIRING_REQ, p_cb);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	259	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	260
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	261	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	262	* Function smp_send_pair_rsp
				263	* Description actions related to sending pairing response
				264	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	265	void smp_send_pair_rsp(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				266	SMP_TRACE_DEBUG("%s", __func__);
Mike J. Chen	5cd8bff	2014-01-31 18:16:59 -0800	[diff] [blame]	267
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	268	p_cb->local_i_key &= p_cb->peer_i_key;
				269	p_cb->local_r_key &= p_cb->peer_r_key;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	270
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	271	if (smp_send_cmd(SMP_OPCODE_PAIRING_RSP, p_cb)) {
				272	if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
				273	smp_use_oob_private_key(p_cb, NULL);
				274	else
				275	smp_decide_association_model(p_cb, NULL);
				276	}
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	277	}
				278
				279	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	280	* Function smp_send_confirm
				281	* Description send confirmation to the peer
				282	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	283	void smp_send_confirm(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				284	SMP_TRACE_DEBUG("%s", __func__);
				285	smp_send_cmd(SMP_OPCODE_CONFIRM, p_cb);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	286	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	287
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	288	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	289	* Function smp_send_init
				290	* Description process pairing initializer to slave device
				291	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	292	void smp_send_init(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				293	SMP_TRACE_DEBUG("%s", __func__);
				294	smp_send_cmd(SMP_OPCODE_INIT, p_cb);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	295	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	296
				297	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	298	* Function smp_send_rand
				299	* Description send pairing random to the peer
				300	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	301	void smp_send_rand(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				302	SMP_TRACE_DEBUG("%s", __func__);
				303	smp_send_cmd(SMP_OPCODE_RAND, p_cb);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	304	}
				305
				306	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	307	* Function smp_send_pair_public_key
				308	* Description send pairing public key command to the peer
				309	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	310	void smp_send_pair_public_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				311	SMP_TRACE_DEBUG("%s", __func__);
				312	smp_send_cmd(SMP_OPCODE_PAIR_PUBLIC_KEY, p_cb);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	313	}
				314
				315	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	316	* Function SMP_SEND_COMMITMENT
				317	* Description send commitment command to the peer
				318	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	319	void smp_send_commitment(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				320	SMP_TRACE_DEBUG("%s", __func__);
				321	smp_send_cmd(SMP_OPCODE_PAIR_COMMITM, p_cb);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	322	}
				323
				324	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	325	* Function smp_send_dhkey_check
				326	* Description send DHKey Check command to the peer
				327	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	328	void smp_send_dhkey_check(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				329	SMP_TRACE_DEBUG("%s", __func__);
				330	smp_send_cmd(SMP_OPCODE_PAIR_DHKEY_CHECK, p_cb);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	331	}
				332
				333	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	334	* Function smp_send_keypress_notification
				335	* Description send Keypress Notification command to the peer
				336	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	337	void smp_send_keypress_notification(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	338	p_cb->local_keypress_notification = p_data->status;
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	339	smp_send_cmd(SMP_OPCODE_PAIR_KEYPR_NOTIF, p_cb);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	340	}
				341
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	342	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	343	* Function smp_send_enc_info
				344	* Description send encryption information command.
				345	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	346	void smp_send_enc_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
Jakub Pawlowski	b6d3e5b	2018-11-27 18:22:22 +0100	[diff] [blame]	347	tBTM_LE_KEY_VALUE le_key;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	348
johnshamoon	b2dadde	2017-05-31 11:32:24 -0700	[diff] [blame]	349	SMP_TRACE_DEBUG("%s: p_cb->loc_enc_size = %d", __func__, p_cb->loc_enc_size);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	350	smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ENC, false);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	351
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	352	smp_send_cmd(SMP_OPCODE_ENCRYPT_INFO, p_cb);
				353	smp_send_cmd(SMP_OPCODE_MASTER_ID, p_cb);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	354
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	355	/* save the DIV and key size information when acting as slave device */
Jakub Pawlowski	b6d3e5b	2018-11-27 18:22:22 +0100	[diff] [blame]	356	le_key.lenc_key.ltk = p_cb->ltk;
				357	le_key.lenc_key.div = p_cb->div;
				358	le_key.lenc_key.key_size = p_cb->loc_enc_size;
				359	le_key.lenc_key.sec_level = p_cb->sec_level;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	360
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	361	if ((p_cb->peer_auth_req & SMP_AUTH_BOND) &&
				362	(p_cb->loc_auth_req & SMP_AUTH_BOND))
Jakub Pawlowski	b6d3e5b	2018-11-27 18:22:22 +0100	[diff] [blame]	363	btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LENC, &le_key, true);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	364
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	365	SMP_TRACE_WARNING("%s", __func__);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	366
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	367	smp_key_distribution(p_cb, NULL);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	368	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	369
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	370	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	371	* Function smp_send_id_info
				372	* Description send ID information command.
				373	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	374	void smp_send_id_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				375	tBTM_LE_KEY_VALUE le_key;
				376	SMP_TRACE_DEBUG("%s", __func__);
				377	smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ID, false);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	378
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	379	smp_send_cmd(SMP_OPCODE_IDENTITY_INFO, p_cb);
				380	smp_send_cmd(SMP_OPCODE_ID_ADDR, p_cb);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	381
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	382	if ((p_cb->peer_auth_req & SMP_AUTH_BOND) &&
				383	(p_cb->loc_auth_req & SMP_AUTH_BOND))
				384	btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LID, &le_key, true);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	385
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	386	SMP_TRACE_WARNING("%s", __func__);
				387	smp_key_distribution_by_transport(p_cb, NULL);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	388	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	389
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	390	/** send CSRK command. */
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	391	void smp_send_csrk_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
Jakub Pawlowski	b6d3e5b	2018-11-27 18:22:22 +0100	[diff] [blame]	392	tBTM_LE_KEY_VALUE key;
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	393	SMP_TRACE_DEBUG("%s", __func__);
				394	smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_CSRK, false);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	395
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	396	if (smp_send_cmd(SMP_OPCODE_SIGN_INFO, p_cb)) {
Jakub Pawlowski	b6d3e5b	2018-11-27 18:22:22 +0100	[diff] [blame]	397	key.lcsrk_key.div = p_cb->div;
				398	key.lcsrk_key.sec_level = p_cb->sec_level;
				399	key.lcsrk_key.counter = 0; /* initialize the local counter */
				400	key.lcsrk_key.csrk = p_cb->csrk;
				401	btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LCSRK, &key, true);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	402	}
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	403
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	404	smp_key_distribution_by_transport(p_cb, NULL);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	405	}
				406
				407	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	408	* Function smp_send_ltk_reply
				409	* Description send LTK reply
				410	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	411	void smp_send_ltk_reply(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				412	SMP_TRACE_DEBUG("%s", __func__);
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	413
				414	Octet16 stk;
				415	memcpy(stk.data(), p_data->key.p_data, stk.size());
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	416	/* send stk as LTK response */
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	417	btm_ble_ltk_request_reply(p_cb->pairing_bda, true, stk);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	418	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	419
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	420	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	421	* Function smp_proc_sec_req
				422	* Description process security request.
				423	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	424	void smp_proc_sec_req(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
Manoj Babulal	4b35abd	2018-12-27 02:43:19 -0800	[diff] [blame]	425	tBTM_LE_AUTH_REQ auth_req = (tBTM_LE_AUTH_REQ)p_data->p_data;
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	426	tBTM_BLE_SEC_REQ_ACT sec_req_act;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	427
johnshamoon	b2dadde	2017-05-31 11:32:24 -0700	[diff] [blame]	428	SMP_TRACE_DEBUG("%s: auth_req=0x%x", __func__, auth_req);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	429
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	430	p_cb->cb_evt = 0;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	431
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	432	btm_ble_link_sec_check(p_cb->pairing_bda, auth_req, &sec_req_act);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	433
johnshamoon	b2dadde	2017-05-31 11:32:24 -0700	[diff] [blame]	434	SMP_TRACE_DEBUG("%s: sec_req_act=0x%x", __func__, sec_req_act);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	435
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	436	switch (sec_req_act) {
				437	case BTM_BLE_SEC_REQ_ACT_ENCRYPT:
johnshamoon	b2dadde	2017-05-31 11:32:24 -0700	[diff] [blame]	438	SMP_TRACE_DEBUG("%s: BTM_BLE_SEC_REQ_ACT_ENCRYPT", __func__);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	439	smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
				440	break;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	441
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	442	case BTM_BLE_SEC_REQ_ACT_PAIR:
				443	p_cb->secure_connections_only_mode_required =
				444	(btm_cb.security_mode == BTM_SEC_MODE_SC) ? true : false;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	445
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	446	/* respond to non SC pairing request as failure in SC only mode */
				447	if (p_cb->secure_connections_only_mode_required &&
				448	(auth_req & SMP_SC_SUPPORT_BIT) == 0) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	449	tSMP_INT_DATA smp_int_data;
				450	smp_int_data.status = SMP_PAIR_AUTH_FAIL;
				451	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	452	} else {
				453	/* initialize local i/r key to be default keys */
				454	p_cb->peer_auth_req = auth_req;
				455	p_cb->local_r_key = p_cb->local_i_key = SMP_SEC_DEFAULT_KEY;
				456	p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
				457	}
				458	break;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	459
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	460	case BTM_BLE_SEC_REQ_ACT_DISCARD:
				461	p_cb->discard_sec_req = true;
				462	break;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	463
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	464	default:
				465	/* do nothing */
				466	break;
				467	}
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	468	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	469
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	470	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	471	* Function smp_proc_sec_grant
				472	* Description process security grant.
				473	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	474	void smp_proc_sec_grant(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	475	uint8_t res = p_data->status;
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	476	SMP_TRACE_DEBUG("%s", __func__);
				477	if (res != SMP_SUCCESS) {
				478	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, p_data);
				479	} else /otherwise, start pairing /
				480	{
				481	/* send IO request callback */
				482	p_cb->cb_evt = SMP_IO_CAP_REQ_EVT;
				483	}
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	484	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	485
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	486	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	487	* Function smp_proc_pair_fail
				488	* Description process pairing failure from peer device
				489	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	490	void smp_proc_pair_fail(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				491	SMP_TRACE_DEBUG("%s", __func__);
Chienyuan	7f436b9	2018-11-29 23:19:27 +0800	[diff] [blame]	492
				493	if (p_cb->rcvd_cmd_len < 2) {
				494	android_errorWriteLog(0x534e4554, "111214739");
				495	SMP_TRACE_WARNING("%s: rcvd_cmd_len %d too short: must be at least 2",
				496	__func__, p_cb->rcvd_cmd_len);
				497	p_cb->status = SMP_INVALID_PARAMETERS;
				498	} else {
				499	p_cb->status = p_data->status;
				500	}
Jacky Cheung	373d928	2016-05-17 13:42:43 -0700	[diff] [blame]	501
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	502	/* Cancel pending auth complete timer if set */
				503	alarm_cancel(p_cb->delayed_auth_timer_ent);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	504	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	505
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	506	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	507	* Function smp_proc_pair_cmd
				508	* Description Process the SMP pairing request/response from peer device
				509	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	510	void smp_proc_pair_cmd(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	511	uint8_t* p = p_data->p_data;
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	512	tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(p_cb->pairing_bda);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	513
Stanley Tng	273ffd8	2018-02-08 12:26:51 -0800	[diff] [blame]	514	SMP_TRACE_DEBUG("%s: pairing_bda=%s", __func__,
				515	p_cb->pairing_bda.ToString().c_str());
				516
johnshamoon	b2dadde	2017-05-31 11:32:24 -0700	[diff] [blame]	517	/* erase all keys if it is slave proc pairing req */
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	518	if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
				519	btm_sec_clear_ble_keys(p_dev_rec);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	520
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	521	p_cb->flags \|= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	522
Ugo Yu	73aa4fa	2018-11-29 17:55:40 +0800	[diff] [blame]	523	if (smp_command_has_invalid_length(p_cb)) {
				524	tSMP_INT_DATA smp_int_data;
				525	smp_int_data.status = SMP_INVALID_PARAMETERS;
				526	android_errorWriteLog(0x534e4554, "111850706");
				527	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
				528	return;
				529	}
				530
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	531	STREAM_TO_UINT8(p_cb->peer_io_caps, p);
				532	STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
				533	STREAM_TO_UINT8(p_cb->peer_auth_req, p);
				534	STREAM_TO_UINT8(p_cb->peer_enc_size, p);
				535	STREAM_TO_UINT8(p_cb->peer_i_key, p);
				536	STREAM_TO_UINT8(p_cb->peer_r_key, p);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	537
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	538	if (smp_command_has_invalid_parameters(p_cb)) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	539	tSMP_INT_DATA smp_int_data;
				540	smp_int_data.status = SMP_INVALID_PARAMETERS;
				541	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	542	return;
				543	}
				544
				545	// PTS Testing failure modes
				546	if (pts_test_send_authentication_complete_failure(p_cb)) return;
				547
				548	if (p_cb->role == HCI_ROLE_SLAVE) {
				549	if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)) {
				550	/* peer (master) started pairing sending Pairing Request */
				551	p_cb->local_i_key = p_cb->peer_i_key;
				552	p_cb->local_r_key = p_cb->peer_r_key;
				553
				554	p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
				555	} else /* update local i/r key according to pairing request */
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	556	{
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	557	/* pairing started with this side (slave) sending Security Request */
				558	p_cb->local_i_key &= p_cb->peer_i_key;
				559	p_cb->local_r_key &= p_cb->peer_r_key;
				560	p_cb->selected_association_model = smp_select_association_model(p_cb);
				561
				562	if (p_cb->secure_connections_only_mode_required &&
				563	(!(p_cb->le_secure_connections_mode_is_used) \|\|
				564	(p_cb->selected_association_model ==
				565	SMP_MODEL_SEC_CONN_JUSTWORKS))) {
				566	SMP_TRACE_ERROR(
johnshamoon	b2dadde	2017-05-31 11:32:24 -0700	[diff] [blame]	567	"%s: pairing failed - slave requires secure connection only mode",
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	568	__func__);
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	569	tSMP_INT_DATA smp_int_data;
				570	smp_int_data.status = SMP_PAIR_AUTH_FAIL;
				571	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	572	return;
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	573	}
				574
				575	if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) {
				576	if (smp_request_oob_data(p_cb)) return;
				577	} else {
				578	smp_send_pair_rsp(p_cb, NULL);
				579	}
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	580	}
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	581	} else /* Master receives pairing response */
				582	{
				583	p_cb->selected_association_model = smp_select_association_model(p_cb);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	584
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	585	if (p_cb->secure_connections_only_mode_required &&
				586	(!(p_cb->le_secure_connections_mode_is_used) \|\|
				587	(p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS))) {
				588	SMP_TRACE_ERROR(
johnshamoon	b2dadde	2017-05-31 11:32:24 -0700	[diff] [blame]	589	"Master requires secure connection only mode "
				590	"but it can't be provided -> Master fails pairing");
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	591	tSMP_INT_DATA smp_int_data;
				592	smp_int_data.status = SMP_PAIR_AUTH_FAIL;
				593	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	594	return;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	595	}
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	596
				597	if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) {
				598	if (smp_request_oob_data(p_cb)) return;
				599	} else {
				600	smp_decide_association_model(p_cb, NULL);
				601	}
				602	}
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	603	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	604
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	605	/** process pairing confirm from peer device */
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	606	void smp_proc_confirm(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	607	SMP_TRACE_DEBUG("%s", __func__);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	608
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	609	if (smp_command_has_invalid_parameters(p_cb)) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	610	tSMP_INT_DATA smp_int_data;
				611	smp_int_data.status = SMP_INVALID_PARAMETERS;
				612	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	613	return;
				614	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	615
Jakub Pawlowski	3c3fbd8	2019-01-11 13:43:33 +0100	[diff] [blame]	616	if (p_data) {
				617	uint8_t* p = p_data->p_data;
				618	if (p != NULL) {
				619	/* save the SConfirm for comparison later */
				620	STREAM_TO_ARRAY(p_cb->rconfirm.data(), p, OCTET16_LEN);
				621	}
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	622	}
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	623
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	624	p_cb->flags \|= SMP_PAIR_FLAGS_CMD_CONFIRM;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	625	}
				626
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	627	/** process pairing initializer from peer device */
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	628	void smp_proc_init(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	629	uint8_t* p = p_data->p_data;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	630
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	631	SMP_TRACE_DEBUG("%s", __func__);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	632
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	633	if (smp_command_has_invalid_parameters(p_cb)) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	634	tSMP_INT_DATA smp_int_data;
				635	smp_int_data.status = SMP_INVALID_PARAMETERS;
				636	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	637	return;
				638	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	639
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	640	/* save the SRand for comparison */
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	641	STREAM_TO_ARRAY(p_cb->rrand.data(), p, OCTET16_LEN);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	642	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	643
				644	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	645	* Function smp_proc_rand
				646	* Description process pairing random (nonce) from peer device
				647	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	648	void smp_proc_rand(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	649	uint8_t* p = p_data->p_data;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	650
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	651	SMP_TRACE_DEBUG("%s", __func__);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	652
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	653	if (smp_command_has_invalid_parameters(p_cb)) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	654	tSMP_INT_DATA smp_int_data;
				655	smp_int_data.status = SMP_INVALID_PARAMETERS;
				656	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	657	return;
				658	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	659
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	660	/* save the SRand for comparison */
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	661	STREAM_TO_ARRAY(p_cb->rrand.data(), p, OCTET16_LEN);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	662	}
				663
				664	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	665	* Function smp_process_pairing_public_key
				666	* Description process pairing public key command from the peer device
				667	* - saves the peer public key;
				668	* - sets the flag indicating that the peer public key is received;
				669	* - calls smp_wait_for_both_public_keys(...).
				670	*
				671	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	672	void smp_process_pairing_public_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	673	uint8_t* p = p_data->p_data;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	674
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	675	SMP_TRACE_DEBUG("%s", __func__);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	676
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	677	if (smp_command_has_invalid_parameters(p_cb)) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	678	tSMP_INT_DATA smp_int_data;
				679	smp_int_data.status = SMP_INVALID_PARAMETERS;
				680	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	681	return;
				682	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	683
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	684	STREAM_TO_ARRAY(p_cb->peer_publ_key.x, p, BT_OCTET32_LEN);
				685	STREAM_TO_ARRAY(p_cb->peer_publ_key.y, p, BT_OCTET32_LEN);
Andre Eisenbach	9181ec2	2018-03-01 13:27:01 -0800	[diff] [blame]	686
				687	Point pt;
				688	memcpy(pt.x, p_cb->peer_publ_key.x, BT_OCTET32_LEN);
				689	memcpy(pt.y, p_cb->peer_publ_key.y, BT_OCTET32_LEN);
				690
				691	if (!ECC_ValidatePoint(pt)) {
				692	android_errorWriteLog(0x534e4554, "72377774");
				693	tSMP_INT_DATA smp;
				694	smp.status = SMP_PAIR_AUTH_FAIL;
				695	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp);
				696	return;
				697	}
				698
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	699	p_cb->flags \|= SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	700
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	701	smp_wait_for_both_public_keys(p_cb, NULL);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	702	}
				703
				704	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	705	* Function smp_process_pairing_commitment
				706	* Description process pairing commitment from peer device
				707	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	708	void smp_process_pairing_commitment(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	709	uint8_t* p = p_data->p_data;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	710
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	711	SMP_TRACE_DEBUG("%s", __func__);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	712
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	713	if (smp_command_has_invalid_parameters(p_cb)) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	714	tSMP_INT_DATA smp_int_data;
				715	smp_int_data.status = SMP_INVALID_PARAMETERS;
				716	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	717	return;
				718	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	719
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	720	p_cb->flags \|= SMP_PAIR_FLAG_HAVE_PEER_COMM;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	721
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	722	if (p != NULL) {
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	723	STREAM_TO_ARRAY(p_cb->remote_commitment.data(), p, OCTET16_LEN);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	724	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	725	}
				726
				727	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	728	* Function smp_process_dhkey_check
				729	* Description process DHKey Check from peer device
				730	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	731	void smp_process_dhkey_check(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	732	uint8_t* p = p_data->p_data;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	733
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	734	SMP_TRACE_DEBUG("%s", __func__);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	735
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	736	if (smp_command_has_invalid_parameters(p_cb)) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	737	tSMP_INT_DATA smp_int_data;
				738	smp_int_data.status = SMP_INVALID_PARAMETERS;
				739	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	740	return;
				741	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	742
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	743	if (p != NULL) {
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	744	STREAM_TO_ARRAY(p_cb->remote_dhkey_check.data(), p, OCTET16_LEN);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	745	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	746
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	747	p_cb->flags \|= SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	748	}
				749
				750	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	751	* Function smp_process_keypress_notification
				752	* Description process pairing keypress notification from peer device
				753	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	754	void smp_process_keypress_notification(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	755	uint8_t* p = p_data->p_data;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	756
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	757	SMP_TRACE_DEBUG("%s", __func__);
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	758	p_cb->status = p_data->status;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	759
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	760	if (smp_command_has_invalid_parameters(p_cb)) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	761	tSMP_INT_DATA smp_int_data;
				762	smp_int_data.status = SMP_INVALID_PARAMETERS;
				763	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	764	return;
				765	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	766
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	767	if (p != NULL) {
				768	STREAM_TO_UINT8(p_cb->peer_keypress_notification, p);
				769	} else {
				770	p_cb->peer_keypress_notification = BTM_SP_KEY_OUT_OF_RANGE;
				771	}
				772	p_cb->cb_evt = SMP_PEER_KEYPR_NOT_EVT;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	773	}
				774
				775	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	776	* Function smp_br_process_pairing_command
				777	* Description Process the SMP pairing request/response from peer device via
				778	* BR/EDR transport.
				779	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	780	void smp_br_process_pairing_command(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	781	uint8_t* p = p_data->p_data;
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	782	tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(p_cb->pairing_bda);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	783
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	784	SMP_TRACE_DEBUG("%s", __func__);
				785	/* rejecting BR pairing request over non-SC BR link */
				786	if (!p_dev_rec->new_encryption_key_is_p256 && p_cb->role == HCI_ROLE_SLAVE) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	787	tSMP_INT_DATA smp_int_data;
				788	smp_int_data.status = SMP_XTRANS_DERIVE_NOT_ALLOW;
				789	smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &smp_int_data);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	790	return;
				791	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	792
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	793	/* erase all keys if it is slave proc pairing req*/
				794	if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
				795	btm_sec_clear_ble_keys(p_dev_rec);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	796
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	797	p_cb->flags \|= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	798
Ugo Yu	73aa4fa	2018-11-29 17:55:40 +0800	[diff] [blame]	799	if (smp_command_has_invalid_length(p_cb)) {
				800	tSMP_INT_DATA smp_int_data;
				801	smp_int_data.status = SMP_INVALID_PARAMETERS;
				802	android_errorWriteLog(0x534e4554, "111213909");
				803	smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &smp_int_data);
				804	return;
				805	}
				806
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	807	STREAM_TO_UINT8(p_cb->peer_io_caps, p);
				808	STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
				809	STREAM_TO_UINT8(p_cb->peer_auth_req, p);
				810	STREAM_TO_UINT8(p_cb->peer_enc_size, p);
				811	STREAM_TO_UINT8(p_cb->peer_i_key, p);
				812	STREAM_TO_UINT8(p_cb->peer_r_key, p);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	813
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	814	if (smp_command_has_invalid_parameters(p_cb)) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	815	tSMP_INT_DATA smp_int_data;
				816	smp_int_data.status = SMP_INVALID_PARAMETERS;
				817	smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &smp_int_data);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	818	return;
				819	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	820
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	821	/* peer (master) started pairing sending Pairing Request */
				822	/* or being master device always use received i/r key as keys to distribute */
				823	p_cb->local_i_key = p_cb->peer_i_key;
				824	p_cb->local_r_key = p_cb->peer_r_key;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	825
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	826	if (p_cb->role == HCI_ROLE_SLAVE) {
				827	p_dev_rec->new_encryption_key_is_p256 = false;
				828	/* shortcut to skip Security Grant step */
				829	p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
johnshamoon	b2dadde	2017-05-31 11:32:24 -0700	[diff] [blame]	830	} else {
				831	/* Master receives pairing response */
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	832	SMP_TRACE_DEBUG(
				833	"%s master rcvs valid PAIRING RESPONSE."
				834	" Supposed to move to key distribution phase. ",
				835	__func__);
				836	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	837
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	838	/* auth_req received via BR/EDR SM channel is set to 0,
				839	but everything derived/exchanged has to be saved */
				840	p_cb->peer_auth_req \|= SMP_AUTH_BOND;
				841	p_cb->loc_auth_req \|= SMP_AUTH_BOND;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	842	}
				843
				844	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	845	* Function smp_br_process_security_grant
				846	* Description process security grant in case of pairing over BR/EDR transport.
				847	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	848	void smp_br_process_security_grant(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	849	SMP_TRACE_DEBUG("%s", __func__);
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	850	if (p_data->status != SMP_SUCCESS) {
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	851	smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, p_data);
johnshamoon	b2dadde	2017-05-31 11:32:24 -0700	[diff] [blame]	852	} else {
				853	/* otherwise, start pairing; send IO request callback */
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	854	p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
				855	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	856	}
				857
				858	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	859	* Function smp_br_check_authorization_request
				860	* Description sets the SMP kes to be derived/distribute over BR/EDR transport
				861	* before starting the distribution/derivation
				862	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	863	void smp_br_check_authorization_request(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
johnshamoon	b2dadde	2017-05-31 11:32:24 -0700	[diff] [blame]	864	SMP_TRACE_DEBUG("%s rcvs i_keys=0x%x r_keys=0x%x (i-initiator r-responder)",
				865	__func__, p_cb->local_i_key, p_cb->local_r_key);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	866
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	867	/* In LE SC mode LK field is ignored when BR/EDR transport is used */
				868	p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
				869	p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	870
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	871	/* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
				872	** Set local_r_key on master to expect only these keys. */
				873	if (p_cb->role == HCI_ROLE_MASTER) {
				874	p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID \| SMP_SEC_KEY_TYPE_CSRK);
				875	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	876
Jakub Pawlowski	e7f14a6	2017-03-20 15:38:56 -0700	[diff] [blame]	877	/* Check if H7 function needs to be used for key derivation*/
				878	if ((p_cb->loc_auth_req & SMP_H7_SUPPORT_BIT) &&
				879	(p_cb->peer_auth_req & SMP_H7_SUPPORT_BIT)) {
				880	p_cb->key_derivation_h7_used = TRUE;
				881	}
				882	SMP_TRACE_DEBUG("%s: use h7 = %d", __func__, p_cb->key_derivation_h7_used);
				883
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	884	SMP_TRACE_DEBUG(
johnshamoon	b2dadde	2017-05-31 11:32:24 -0700	[diff] [blame]	885	"%s rcvs upgrades: i_keys=0x%x r_keys=0x%x (i-initiator r-responder)",
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	886	__func__, p_cb->local_i_key, p_cb->local_r_key);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	887
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	888	if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) \|\|
				889	(p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
				890	(p_cb->local_i_key \|\| p_cb->local_r_key)) {
				891	smp_br_state_machine_event(p_cb, SMP_BR_BOND_REQ_EVT, NULL);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	892
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	893	/* if no peer key is expected, start master key distribution */
				894	if (p_cb->role == HCI_ROLE_MASTER && p_cb->local_r_key == 0)
				895	smp_key_distribution_by_transport(p_cb, NULL);
				896	} else {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	897	tSMP_INT_DATA smp_int_data;
				898	smp_int_data.status = SMP_SUCCESS;
				899	smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &smp_int_data);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	900	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	901	}
				902
				903	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	904	* Function smp_br_select_next_key
				905	* Description selects the next key to derive/send when BR/EDR transport is
				906	* used.
				907	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	908	void smp_br_select_next_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	909	SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x", __func__,
				910	p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	911
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	912	if (p_cb->role == HCI_ROLE_SLAVE \|\|
				913	(!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER)) {
				914	smp_key_pick_key(p_cb, p_data);
				915	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	916
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	917	if (!p_cb->local_i_key && !p_cb->local_r_key) {
				918	/* state check to prevent re-entrance */
				919	if (smp_get_br_state() == SMP_BR_STATE_BOND_PENDING) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	920	if (p_cb->total_tx_unacked == 0) {
				921	tSMP_INT_DATA smp_int_data;
				922	smp_int_data.status = SMP_SUCCESS;
				923	smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &smp_int_data);
				924	} else {
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	925	p_cb->wait_for_authorization_complete = true;
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	926	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	927	}
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	928	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	929	}
				930
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	931	/** process encryption information from peer device */
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	932	void smp_proc_enc_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	933	uint8_t* p = p_data->p_data;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	934
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	935	SMP_TRACE_DEBUG("%s", __func__);
Cheney Ni	0e68a1c	2018-08-08 22:20:08 +0800	[diff] [blame]	936
				937	if (smp_command_has_invalid_parameters(p_cb)) {
				938	tSMP_INT_DATA smp_int_data;
				939	smp_int_data.status = SMP_INVALID_PARAMETERS;
				940	android_errorWriteLog(0x534e4554, "111937065");
				941	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
				942	return;
				943	}
				944
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	945	STREAM_TO_ARRAY(p_cb->ltk.data(), p, OCTET16_LEN);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	946
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	947	smp_key_distribution(p_cb, NULL);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	948	}
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	949
				950	/** process master ID from slave device */
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	951	void smp_proc_master_id(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	952	uint8_t* p = p_data->p_data;
Jakub Pawlowski	b6d3e5b	2018-11-27 18:22:22 +0100	[diff] [blame]	953	tBTM_LE_KEY_VALUE le_key;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	954
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	955	SMP_TRACE_DEBUG("%s", __func__);
Ugo Yu	c829466	2018-08-08 16:09:58 +0800	[diff] [blame]	956
				957	if (p_cb->rcvd_cmd_len < 11) { // 1(Code) + 2(EDIV) + 8(Rand)
				958	android_errorWriteLog(0x534e4554, "111937027");
				959	SMP_TRACE_ERROR("%s: Invalid command length: %d, should be at least 11",
				960	__func__, p_cb->rcvd_cmd_len);
				961	return;
				962	}
				963
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	964	smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ENC, true);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	965
Jakub Pawlowski	b6d3e5b	2018-11-27 18:22:22 +0100	[diff] [blame]	966	STREAM_TO_UINT16(le_key.penc_key.ediv, p);
				967	STREAM_TO_ARRAY(le_key.penc_key.rand, p, BT_OCTET8_LEN);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	968
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	969	/* store the encryption keys from peer device */
Jakub Pawlowski	b6d3e5b	2018-11-27 18:22:22 +0100	[diff] [blame]	970	le_key.penc_key.ltk = p_cb->ltk;
				971	le_key.penc_key.sec_level = p_cb->sec_level;
				972	le_key.penc_key.key_size = p_cb->loc_enc_size;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	973
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	974	if ((p_cb->peer_auth_req & SMP_AUTH_BOND) &&
				975	(p_cb->loc_auth_req & SMP_AUTH_BOND))
Jakub Pawlowski	b6d3e5b	2018-11-27 18:22:22 +0100	[diff] [blame]	976	btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PENC, &le_key, true);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	977
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	978	smp_key_distribution(p_cb, NULL);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	979	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	980
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	981	/** process identity information from peer device */
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	982	void smp_proc_id_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	983	uint8_t* p = p_data->p_data;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	984
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	985	SMP_TRACE_DEBUG("%s", __func__);
Cheney Ni	0e68a1c	2018-08-08 22:20:08 +0800	[diff] [blame]	986
				987	if (smp_command_has_invalid_parameters(p_cb)) {
				988	tSMP_INT_DATA smp_int_data;
				989	smp_int_data.status = SMP_INVALID_PARAMETERS;
				990	android_errorWriteLog(0x534e4554, "111937065");
				991	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
				992	return;
				993	}
				994
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	995	STREAM_TO_ARRAY(p_cb->tk.data(), p, OCTET16_LEN); /* reuse TK for IRK */
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	996	smp_key_distribution_by_transport(p_cb, NULL);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	997	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	998
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	999	/** process identity address from peer device */
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1000	void smp_proc_id_addr(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	1001	uint8_t* p = p_data->p_data;
Jakub Pawlowski	b6d3e5b	2018-11-27 18:22:22 +0100	[diff] [blame]	1002	tBTM_LE_KEY_VALUE pid_key;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1003
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1004	SMP_TRACE_DEBUG("%s", __func__);
Ugo Yu	73aa4fa	2018-11-29 17:55:40 +0800	[diff] [blame]	1005
				1006	if (smp_command_has_invalid_parameters(p_cb)) {
				1007	tSMP_INT_DATA smp_int_data;
				1008	smp_int_data.status = SMP_INVALID_PARAMETERS;
				1009	android_errorWriteLog(0x534e4554, "111214770");
				1010	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
				1011	return;
				1012	}
				1013
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1014	smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ID, true);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1015
Jakub Pawlowski	b6d3e5b	2018-11-27 18:22:22 +0100	[diff] [blame]	1016	STREAM_TO_UINT8(pid_key.pid_key.identity_addr_type, p);
				1017	STREAM_TO_BDADDR(pid_key.pid_key.identity_addr, p);
				1018	pid_key.pid_key.irk = p_cb->tk;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1019
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1020	/* to use as BD_ADDR for lk derived from ltk */
				1021	p_cb->id_addr_rcvd = true;
Jakub Pawlowski	b6d3e5b	2018-11-27 18:22:22 +0100	[diff] [blame]	1022	p_cb->id_addr_type = pid_key.pid_key.identity_addr_type;
				1023	p_cb->id_addr = pid_key.pid_key.identity_addr;
Chaojing Sun	e280553	2015-04-22 13:40:21 -0700	[diff] [blame]	1024
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1025	/* store the ID key from peer device */
				1026	if ((p_cb->peer_auth_req & SMP_AUTH_BOND) &&
				1027	(p_cb->loc_auth_req & SMP_AUTH_BOND))
Jakub Pawlowski	b6d3e5b	2018-11-27 18:22:22 +0100	[diff] [blame]	1028	btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PID, &pid_key, true);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1029	smp_key_distribution_by_transport(p_cb, NULL);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1030	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1031
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	1032	/* process security information from peer device */
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1033	void smp_proc_srk_info(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
Jakub Pawlowski	b6d3e5b	2018-11-27 18:22:22 +0100	[diff] [blame]	1034	tBTM_LE_KEY_VALUE le_key;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1035
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1036	SMP_TRACE_DEBUG("%s", __func__);
Ugo Yu	73aa4fa	2018-11-29 17:55:40 +0800	[diff] [blame]	1037
				1038	if (smp_command_has_invalid_parameters(p_cb)) {
				1039	tSMP_INT_DATA smp_int_data;
				1040	smp_int_data.status = SMP_INVALID_PARAMETERS;
				1041	android_errorWriteLog(0x534e4554, "111214470");
				1042	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
				1043	return;
				1044	}
				1045
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1046	smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_CSRK, true);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1047
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1048	/* save CSRK to security record */
Jakub Pawlowski	b6d3e5b	2018-11-27 18:22:22 +0100	[diff] [blame]	1049	le_key.pcsrk_key.sec_level = p_cb->sec_level;
johnshamoon	b2dadde	2017-05-31 11:32:24 -0700	[diff] [blame]	1050
				1051	/* get peer CSRK */
Jakub Pawlowski	b6d3e5b	2018-11-27 18:22:22 +0100	[diff] [blame]	1052	maybe_non_aligned_memcpy(le_key.pcsrk_key.csrk.data(), p_data->p_data,
				1053	OCTET16_LEN);
johnshamoon	b2dadde	2017-05-31 11:32:24 -0700	[diff] [blame]	1054
				1055	/* initialize the peer counter */
Jakub Pawlowski	b6d3e5b	2018-11-27 18:22:22 +0100	[diff] [blame]	1056	le_key.pcsrk_key.counter = 0;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1057
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1058	if ((p_cb->peer_auth_req & SMP_AUTH_BOND) &&
				1059	(p_cb->loc_auth_req & SMP_AUTH_BOND))
Jakub Pawlowski	b6d3e5b	2018-11-27 18:22:22 +0100	[diff] [blame]	1060	btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PCSRK, &le_key, true);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1061	smp_key_distribution_by_transport(p_cb, NULL);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1062	}
				1063
				1064	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1065	* Function smp_proc_compare
				1066	* Description process compare value
				1067	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1068	void smp_proc_compare(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1069	SMP_TRACE_DEBUG("%s", __func__);
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	1070	if (!memcmp(p_cb->rconfirm.data(), p_data->key.p_data, OCTET16_LEN)) {
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1071	/* compare the max encryption key size, and save the smaller one for the
				1072	* link */
				1073	if (p_cb->peer_enc_size < p_cb->loc_enc_size)
				1074	p_cb->loc_enc_size = p_cb->peer_enc_size;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1075
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1076	if (p_cb->role == HCI_ROLE_SLAVE)
				1077	smp_sm_event(p_cb, SMP_RAND_EVT, NULL);
				1078	else {
				1079	/* master device always use received i/r key as keys to distribute */
				1080	p_cb->local_i_key = p_cb->peer_i_key;
				1081	p_cb->local_r_key = p_cb->peer_r_key;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1082
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1083	smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1084	}
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1085
				1086	} else {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	1087	tSMP_INT_DATA smp_int_data;
				1088	smp_int_data.status = SMP_CONFIRM_VALUE_ERR;
				1089	p_cb->failure = SMP_CONFIRM_VALUE_ERR;
				1090	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1091	}
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1092	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1093
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1094	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1095	* Function smp_proc_sl_key
				1096	* Description process key ready events.
				1097	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1098	void smp_proc_sl_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				1099	uint8_t key_type = p_data->key.key_type;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1100
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1101	SMP_TRACE_DEBUG("%s", __func__);
				1102	if (key_type == SMP_KEY_TYPE_TK) {
				1103	smp_generate_srand_mrand_confirm(p_cb, NULL);
				1104	} else if (key_type == SMP_KEY_TYPE_CFM) {
				1105	smp_set_state(SMP_STATE_WAIT_CONFIRM);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1106
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1107	if (p_cb->flags & SMP_PAIR_FLAGS_CMD_CONFIRM)
				1108	smp_sm_event(p_cb, SMP_CONFIRM_EVT, NULL);
				1109	}
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1110	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1111
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1112	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1113	* Function smp_start_enc
				1114	* Description start encryption
				1115	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1116	void smp_start_enc(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				1117	tBTM_STATUS cmd;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1118
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1119	SMP_TRACE_DEBUG("%s", __func__);
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	1120	if (p_data != NULL) {
				1121	cmd = btm_ble_start_encrypt(p_cb->pairing_bda, true,
				1122	(Octet16*)p_data->key.p_data);
				1123	} else {
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1124	cmd = btm_ble_start_encrypt(p_cb->pairing_bda, false, NULL);
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	1125	}
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1126
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	1127	if (cmd != BTM_CMD_STARTED && cmd != BTM_BUSY) {
				1128	tSMP_INT_DATA smp_int_data;
				1129	smp_int_data.status = SMP_ENC_FAIL;
				1130	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
				1131	}
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1132	}
				1133
				1134	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1135	* Function smp_proc_discard
				1136	* Description processing for discard security request
				1137	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1138	void smp_proc_discard(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				1139	SMP_TRACE_DEBUG("%s", __func__);
				1140	if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD))
				1141	smp_reset_control_value(p_cb);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1142	}
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1143
				1144	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1145	* Function smp_enc_cmpl
				1146	* Description encryption success
				1147	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1148	void smp_enc_cmpl(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	1149	uint8_t enc_enable = p_data->status;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1150
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1151	SMP_TRACE_DEBUG("%s", __func__);
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	1152	tSMP_INT_DATA smp_int_data;
				1153	smp_int_data.status = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
				1154	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1155	}
				1156
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1157	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1158	* Function smp_check_auth_req
				1159	* Description check authentication request
				1160	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1161	void smp_check_auth_req(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	1162	uint8_t enc_enable = p_data->status;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1163
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1164	SMP_TRACE_DEBUG(
johnshamoon	b2dadde	2017-05-31 11:32:24 -0700	[diff] [blame]	1165	"%s rcvs enc_enable=%d i_keys=0x%x r_keys=0x%x (i-initiator r-responder)",
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1166	__func__, enc_enable, p_cb->local_i_key, p_cb->local_r_key);
				1167	if (enc_enable == 1) {
				1168	if (p_cb->le_secure_connections_mode_is_used) {
				1169	/* In LE SC mode LTK is used instead of STK and has to be always saved */
				1170	p_cb->local_i_key \|= SMP_SEC_KEY_TYPE_ENC;
				1171	p_cb->local_r_key \|= SMP_SEC_KEY_TYPE_ENC;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1172
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1173	/* In LE SC mode LK is derived from LTK only if both sides request it */
				1174	if (!(p_cb->local_i_key & SMP_SEC_KEY_TYPE_LK) \|\|
				1175	!(p_cb->local_r_key & SMP_SEC_KEY_TYPE_LK)) {
				1176	p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
				1177	p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
				1178	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1179
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1180	/* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
				1181	** Set local_r_key on master to expect only these keys.
				1182	*/
				1183	if (p_cb->role == HCI_ROLE_MASTER) {
				1184	p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID \| SMP_SEC_KEY_TYPE_CSRK);
				1185	}
				1186	} else {
				1187	/* in legacy mode derivation of BR/EDR LK is not supported */
				1188	p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
				1189	p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1190	}
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1191	SMP_TRACE_DEBUG(
johnshamoon	b2dadde	2017-05-31 11:32:24 -0700	[diff] [blame]	1192	"%s rcvs upgrades: i_keys=0x%x r_keys=0x%x (i-initiator r-responder)",
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1193	__func__, p_cb->local_i_key, p_cb->local_r_key);
				1194
				1195	if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) \|\|
				1196	(p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
				1197	(p_cb->local_i_key \|\| p_cb->local_r_key)) {
				1198	smp_sm_event(p_cb, SMP_BOND_REQ_EVT, NULL);
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	1199	} else {
				1200	tSMP_INT_DATA smp_int_data;
				1201	smp_int_data.status = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
				1202	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
				1203	}
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1204	} else if (enc_enable == 0) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	1205	tSMP_INT_DATA smp_int_data;
				1206	smp_int_data.status = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1207	/* if failed for encryption after pairing, send callback */
				1208	if (p_cb->flags & SMP_PAIR_FLAG_ENC_AFTER_PAIR)
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	1209	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1210	/* if enc failed for old security information */
				1211	/* if master device, clean up and abck to idle; slave device do nothing */
				1212	else if (p_cb->role == HCI_ROLE_MASTER) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	1213	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1214	}
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1215	}
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1216	}
				1217
				1218	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1219	* Function smp_key_pick_key
				1220	* Description Pick a key distribution function based on the key mask.
				1221	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1222	void smp_key_pick_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				1223	uint8_t key_to_dist =
				1224	(p_cb->role == HCI_ROLE_SLAVE) ? p_cb->local_r_key : p_cb->local_i_key;
				1225	uint8_t i = 0;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1226
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1227	SMP_TRACE_DEBUG("%s key_to_dist=0x%x", __func__, key_to_dist);
				1228	while (i < SMP_KEY_DIST_TYPE_MAX) {
				1229	SMP_TRACE_DEBUG("key to send = %02x, i = %d", key_to_dist, i);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1230
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1231	if (key_to_dist & (1 << i)) {
				1232	SMP_TRACE_DEBUG("smp_distribute_act[%d]", i);
				1233	(*smp_distribute_act[i])(p_cb, p_data);
				1234	break;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1235	}
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1236	i++;
				1237	}
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1238	}
				1239	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1240	* Function smp_key_distribution
				1241	* Description start key distribution if required.
				1242	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1243	void smp_key_distribution(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				1244	SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x", __func__,
				1245	p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1246
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1247	if (p_cb->role == HCI_ROLE_SLAVE \|\|
				1248	(!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER)) {
				1249	smp_key_pick_key(p_cb, p_data);
				1250	}
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1251
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1252	if (!p_cb->local_i_key && !p_cb->local_r_key) {
				1253	/* state check to prevent re-entrant */
				1254	if (smp_get_state() == SMP_STATE_BOND_PENDING) {
				1255	if (p_cb->derive_lk) {
				1256	smp_derive_link_key_from_long_term_key(p_cb, NULL);
				1257	p_cb->derive_lk = false;
				1258	}
Chaojing Sun	e280553	2015-04-22 13:40:21 -0700	[diff] [blame]	1259
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1260	if (p_cb->total_tx_unacked == 0) {
				1261	/*
				1262	* Instead of declaring authorization complete immediately,
				1263	* delay the event from being sent by SMP_DELAYED_AUTH_TIMEOUT_MS.
				1264	* This allows the slave to send over Pairing Failed if the
				1265	* last key is rejected. During this waiting window, the
				1266	* state should remain in SMP_STATE_BOND_PENDING.
				1267	*/
				1268	if (!alarm_is_scheduled(p_cb->delayed_auth_timer_ent)) {
				1269	SMP_TRACE_DEBUG("%s delaying auth complete.", __func__);
Jakub Pawlowski	be8bbd7	2017-09-08 11:26:25 -0700	[diff] [blame]	1270	alarm_set_on_mloop(p_cb->delayed_auth_timer_ent,
				1271	SMP_DELAYED_AUTH_TIMEOUT_MS,
				1272	smp_delayed_auth_complete_timeout, NULL);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1273	}
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1274	} else {
				1275	p_cb->wait_for_authorization_complete = true;
				1276	}
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1277	}
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1278	}
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1279	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1280
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1281	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1282	* Function smp_decide_association_model
				1283	* Description This function is called to select assoc model to be used for
				1284	* STK generation and to start STK generation process.
				1285	*
				1286	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1287	void smp_decide_association_model(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1288	uint8_t int_evt = 0;
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	1289	tSMP_INT_DATA smp_int_data;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1290
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1291	SMP_TRACE_DEBUG("%s Association Model = %d", __func__,
				1292	p_cb->selected_association_model);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1293
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1294	switch (p_cb->selected_association_model) {
				1295	case SMP_MODEL_ENCRYPTION_ONLY: /* TK = 0, go calculate Confirm */
				1296	if (p_cb->role == HCI_ROLE_MASTER &&
				1297	((p_cb->peer_auth_req & SMP_AUTH_YN_BIT) != 0) &&
				1298	((p_cb->loc_auth_req & SMP_AUTH_YN_BIT) == 0)) {
				1299	SMP_TRACE_ERROR(
				1300	"IO capability does not meet authentication requirement");
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	1301	smp_int_data.status = SMP_PAIR_AUTH_FAIL;
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1302	int_evt = SMP_AUTH_CMPL_EVT;
				1303	} else {
Rahul Sabnis	03580fc	2020-06-26 10:27:07 -0700	[diff] [blame]	1304	if (p_cb->local_io_capability != SMP_IO_CAP_NONE &&
				1305	p_cb->local_io_capability != SMP_IO_CAP_IN) {
				1306	/* display consent dialog if this device has a display */
				1307	SMP_TRACE_DEBUG("ENCRYPTION_ONLY showing Consent Dialog");
				1308	p_cb->cb_evt = SMP_CONSENT_REQ_EVT;
				1309	smp_set_state(SMP_STATE_WAIT_NONCE);
				1310	smp_sm_event(p_cb, SMP_SC_DSPL_NC_EVT, NULL);
				1311	} else {
				1312	p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
				1313	SMP_TRACE_EVENT("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ",
				1314	p_cb->sec_level);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1315
Rahul Sabnis	03580fc	2020-06-26 10:27:07 -0700	[diff] [blame]	1316	tSMP_KEY key;
				1317	key.key_type = SMP_KEY_TYPE_TK;
				1318	key.p_data = p_cb->tk.data();
				1319	smp_int_data.key = key;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1320
Rahul Sabnis	03580fc	2020-06-26 10:27:07 -0700	[diff] [blame]	1321	p_cb->tk = {0};
				1322	/* TK, ready */
				1323	int_evt = SMP_KEY_READY_EVT;
				1324	}
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1325	}
				1326	break;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1327
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1328	case SMP_MODEL_PASSKEY:
				1329	p_cb->sec_level = SMP_SEC_AUTHENTICATED;
				1330	SMP_TRACE_EVENT("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ",
				1331	p_cb->sec_level);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1332
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1333	p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
				1334	int_evt = SMP_TK_REQ_EVT;
				1335	break;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1336
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1337	case SMP_MODEL_OOB:
				1338	SMP_TRACE_ERROR("Association Model = SMP_MODEL_OOB");
				1339	p_cb->sec_level = SMP_SEC_AUTHENTICATED;
				1340	SMP_TRACE_EVENT("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ",
				1341	p_cb->sec_level);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1342
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1343	p_cb->cb_evt = SMP_OOB_REQ_EVT;
				1344	int_evt = SMP_TK_REQ_EVT;
				1345	break;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1346
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1347	case SMP_MODEL_KEY_NOTIF:
				1348	p_cb->sec_level = SMP_SEC_AUTHENTICATED;
				1349	SMP_TRACE_DEBUG("Need to generate Passkey");
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1350
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1351	/* generate passkey and notify application */
				1352	smp_generate_passkey(p_cb, NULL);
				1353	break;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1354
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1355	case SMP_MODEL_SEC_CONN_JUSTWORKS:
				1356	case SMP_MODEL_SEC_CONN_NUM_COMP:
				1357	case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
				1358	case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
				1359	case SMP_MODEL_SEC_CONN_OOB:
				1360	int_evt = SMP_PUBL_KEY_EXCH_REQ_EVT;
				1361	break;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1362
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1363	case SMP_MODEL_OUT_OF_RANGE:
				1364	SMP_TRACE_ERROR("Association Model = SMP_MODEL_OUT_OF_RANGE (failed)");
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	1365	smp_int_data.status = SMP_UNKNOWN_IO_CAP;
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1366	int_evt = SMP_AUTH_CMPL_EVT;
				1367	break;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1368
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1369	default:
				1370	SMP_TRACE_ERROR(
				1371	"Association Model = %d (SOMETHING IS WRONG WITH THE CODE)",
				1372	p_cb->selected_association_model);
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	1373	smp_int_data.status = SMP_UNKNOWN_IO_CAP;
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1374	int_evt = SMP_AUTH_CMPL_EVT;
				1375	}
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1376
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1377	SMP_TRACE_EVENT("sec_level=%d ", p_cb->sec_level);
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	1378	if (int_evt) smp_sm_event(p_cb, int_evt, &smp_int_data);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1379	}
				1380
				1381	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1382	* Function smp_process_io_response
				1383	* Description process IO response for a slave device.
				1384	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1385	void smp_process_io_response(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
Mike J. Chen	5cd8bff	2014-01-31 18:16:59 -0800	[diff] [blame]	1386
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1387	SMP_TRACE_DEBUG("%s", __func__);
				1388	if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD) {
				1389	/* pairing started by local (slave) Security Request */
				1390	smp_set_state(SMP_STATE_SEC_REQ_PENDING);
				1391	smp_send_cmd(SMP_OPCODE_SEC_REQ, p_cb);
				1392	} else /* plan to send pairing respond */
				1393	{
				1394	/* pairing started by peer (master) Pairing Request */
				1395	p_cb->selected_association_model = smp_select_association_model(p_cb);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1396
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1397	if (p_cb->secure_connections_only_mode_required &&
				1398	(!(p_cb->le_secure_connections_mode_is_used) \|\|
				1399	(p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS))) {
				1400	SMP_TRACE_ERROR(
johnshamoon	b2dadde	2017-05-31 11:32:24 -0700	[diff] [blame]	1401	"Slave requires secure connection only mode "
				1402	"but it can't be provided -> Slave fails pairing");
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	1403	tSMP_INT_DATA smp_int_data;
				1404	smp_int_data.status = SMP_PAIR_AUTH_FAIL;
				1405	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1406	return;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1407	}
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1408
				1409	if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) {
				1410	if (smp_request_oob_data(p_cb)) return;
				1411	}
				1412
				1413	// PTS Testing failure modes
				1414	if (pts_test_send_authentication_complete_failure(p_cb)) return;
				1415
				1416	smp_send_pair_rsp(p_cb, NULL);
				1417	}
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1418	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1419
				1420	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1421	* Function smp_br_process_slave_keys_response
				1422	* Description process application keys response for a slave device
				1423	* (BR/EDR transport).
				1424	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1425	void smp_br_process_slave_keys_response(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				1426	smp_br_send_pair_response(p_cb, NULL);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1427	}
				1428
				1429	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1430	* Function smp_br_send_pair_response
Myles Watson	9ca0709	2016-11-28 16:41:53 -0800	[diff] [blame]	1431	* Description actions related to sending pairing response over BR/EDR
				1432	* transport.
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1433	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1434	void smp_br_send_pair_response(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				1435	SMP_TRACE_DEBUG("%s", __func__);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1436
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1437	p_cb->local_i_key &= p_cb->peer_i_key;
				1438	p_cb->local_r_key &= p_cb->peer_r_key;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1439
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1440	smp_send_cmd(SMP_OPCODE_PAIRING_RSP, p_cb);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1441	}
				1442
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1443	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1444	* Function smp_pairing_cmpl
Myles Watson	9ca0709	2016-11-28 16:41:53 -0800	[diff] [blame]	1445	* Description This function is called to send the pairing complete
				1446	* callback and remove the connection if needed.
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1447	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1448	void smp_pairing_cmpl(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				1449	if (p_cb->total_tx_unacked == 0) {
				1450	/* process the pairing complete */
				1451	smp_proc_pairing_cmpl(p_cb);
				1452	}
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1453	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1454
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1455	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1456	* Function smp_pair_terminate
Myles Watson	9ca0709	2016-11-28 16:41:53 -0800	[diff] [blame]	1457	* Description This function is called to send the pairing complete
				1458	* callback and remove the connection if needed.
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1459	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1460	void smp_pair_terminate(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				1461	SMP_TRACE_DEBUG("%s", __func__);
				1462	p_cb->status = SMP_CONN_TOUT;
				1463	smp_proc_pairing_cmpl(p_cb);
Andre Eisenbach	6975b4d	2013-08-05 16:55:38 -0700	[diff] [blame]	1464	}
				1465
				1466	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1467	* Function smp_idle_terminate
Myles Watson	9ca0709	2016-11-28 16:41:53 -0800	[diff] [blame]	1468	* Description This function calledin idle state to determine to send
				1469	* authentication complete or not.
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1470	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1471	void smp_idle_terminate(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				1472	if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD) {
				1473	SMP_TRACE_DEBUG("Pairing terminated at IDLE state.");
				1474	p_cb->status = SMP_FAIL;
				1475	smp_proc_pairing_cmpl(p_cb);
				1476	}
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1477	}
Ganesh Ganapathi Batta	8fe5887	2014-04-16 16:50:09 -0700	[diff] [blame]	1478
				1479	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1480	* Function smp_both_have_public_keys
				1481	* Description The function is called when both local and peer public keys are
				1482	* saved.
				1483	* Actions:
				1484	* - invokes DHKey computation;
				1485	* - on slave side invokes sending local public key to the peer.
				1486	* - invokes SC phase 1 process.
				1487	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1488	void smp_both_have_public_keys(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				1489	SMP_TRACE_DEBUG("%s", __func__);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1490
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1491	/* invokes DHKey computation */
				1492	smp_compute_dhkey(p_cb);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1493
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1494	/* on slave side invokes sending local public key to the peer */
				1495	if (p_cb->role == HCI_ROLE_SLAVE) smp_send_pair_public_key(p_cb, NULL);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1496
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1497	smp_sm_event(p_cb, SMP_SC_DHKEY_CMPLT_EVT, NULL);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1498	}
				1499
				1500	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1501	* Function smp_start_secure_connection_phase1
Myles Watson	9ca0709	2016-11-28 16:41:53 -0800	[diff] [blame]	1502	* Description Start Secure Connection phase1 i.e. invokes initialization of
				1503	* Secure Connection phase 1 parameters and starts building/sending
				1504	* to the peer messages appropriate for the role and association
				1505	* model.
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1506	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1507	void smp_start_secure_connection_phase1(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				1508	SMP_TRACE_DEBUG("%s", __func__);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1509
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1510	if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS) {
				1511	p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
				1512	SMP_TRACE_EVENT("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ",
				1513	p_cb->sec_level);
				1514	} else {
				1515	p_cb->sec_level = SMP_SEC_AUTHENTICATED;
				1516	SMP_TRACE_EVENT("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ",
				1517	p_cb->sec_level);
				1518	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1519
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1520	switch (p_cb->selected_association_model) {
				1521	case SMP_MODEL_SEC_CONN_JUSTWORKS:
				1522	case SMP_MODEL_SEC_CONN_NUM_COMP:
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	1523	p_cb->local_random = {0};
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1524	smp_start_nonce_generation(p_cb);
				1525	break;
				1526	case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
				1527	/* user has to provide passkey */
				1528	p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
				1529	smp_sm_event(p_cb, SMP_TK_REQ_EVT, NULL);
				1530	break;
				1531	case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
				1532	/* passkey has to be provided to user */
				1533	SMP_TRACE_DEBUG("Need to generate SC Passkey");
				1534	smp_generate_passkey(p_cb, NULL);
				1535	break;
				1536	case SMP_MODEL_SEC_CONN_OOB:
				1537	/* use the available OOB information */
				1538	smp_process_secure_connection_oob_data(p_cb, NULL);
				1539	break;
				1540	default:
				1541	SMP_TRACE_ERROR("Association Model = %d is not used in LE SC",
				1542	p_cb->selected_association_model);
				1543	break;
				1544	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1545	}
				1546
				1547	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1548	* Function smp_process_local_nonce
				1549	* Description The function processes new local nonce.
				1550	*
				1551	* Note It is supposed to be called in SC phase1.
				1552	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1553	void smp_process_local_nonce(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				1554	SMP_TRACE_DEBUG("%s", __func__);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1555
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1556	switch (p_cb->selected_association_model) {
				1557	case SMP_MODEL_SEC_CONN_JUSTWORKS:
				1558	case SMP_MODEL_SEC_CONN_NUM_COMP:
				1559	if (p_cb->role == HCI_ROLE_SLAVE) {
				1560	/* slave calculates and sends local commitment */
				1561	smp_calculate_local_commitment(p_cb);
				1562	smp_send_commitment(p_cb, NULL);
				1563	/* slave has to wait for peer nonce */
				1564	smp_set_state(SMP_STATE_WAIT_NONCE);
				1565	} else /* i.e. master */
				1566	{
				1567	if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM) {
				1568	/* slave commitment is already received, send local nonce, wait for
				1569	* remote nonce*/
				1570	SMP_TRACE_DEBUG(
johnshamoon	b2dadde	2017-05-31 11:32:24 -0700	[diff] [blame]	1571	"master in assoc mode = %d "
				1572	"already rcvd slave commitment - race condition",
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1573	p_cb->selected_association_model);
				1574	p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
				1575	smp_send_rand(p_cb, NULL);
				1576	smp_set_state(SMP_STATE_WAIT_NONCE);
				1577	}
				1578	}
				1579	break;
				1580	case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
				1581	case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
				1582	smp_calculate_local_commitment(p_cb);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1583
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1584	if (p_cb->role == HCI_ROLE_MASTER) {
				1585	smp_send_commitment(p_cb, NULL);
				1586	} else /* slave */
				1587	{
				1588	if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM) {
				1589	/* master commitment is already received */
				1590	smp_send_commitment(p_cb, NULL);
				1591	smp_set_state(SMP_STATE_WAIT_NONCE);
				1592	}
				1593	}
				1594	break;
				1595	case SMP_MODEL_SEC_CONN_OOB:
				1596	if (p_cb->role == HCI_ROLE_MASTER) {
				1597	smp_send_rand(p_cb, NULL);
				1598	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1599
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1600	smp_set_state(SMP_STATE_WAIT_NONCE);
				1601	break;
				1602	default:
				1603	SMP_TRACE_ERROR("Association Model = %d is not used in LE SC",
				1604	p_cb->selected_association_model);
				1605	break;
				1606	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1607	}
				1608
				1609	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1610	* Function smp_process_peer_nonce
Myles Watson	9ca0709	2016-11-28 16:41:53 -0800	[diff] [blame]	1611	* Description The function processes newly received and saved in CB peer
				1612	* nonce. The actions depend on the selected association model and
				1613	* the role.
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1614	*
				1615	* Note It is supposed to be called in SC phase1.
				1616	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1617	void smp_process_peer_nonce(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1618	SMP_TRACE_DEBUG("%s start ", __func__);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1619
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1620	// PTS Testing failure modes
ravishankar srivatsa	fd102ca	2017-05-04 10:13:58 +0530	[diff] [blame]	1621	if (p_cb->cert_failure == SMP_CONFIRM_VALUE_ERR) {
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1622	SMP_TRACE_ERROR("%s failure case = %d", __func__, p_cb->cert_failure);
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	1623	tSMP_INT_DATA smp_int_data;
				1624	smp_int_data.status = SMP_CONFIRM_VALUE_ERR;
				1625	p_cb->failure = SMP_CONFIRM_VALUE_ERR;
				1626	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1627	return;
				1628	}
ravishankar srivatsa	fd102ca	2017-05-04 10:13:58 +0530	[diff] [blame]	1629	// PTS Testing failure modes (for LT)
				1630	if ((p_cb->cert_failure == SMP_NUMERIC_COMPAR_FAIL) &&
				1631	(p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS) &&
				1632	(p_cb->role == HCI_ROLE_SLAVE)) {
				1633	SMP_TRACE_ERROR("%s failure case = %d", __func__, p_cb->cert_failure);
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	1634	tSMP_INT_DATA smp_int_data;
				1635	smp_int_data.status = SMP_NUMERIC_COMPAR_FAIL;
				1636	p_cb->failure = SMP_NUMERIC_COMPAR_FAIL;
				1637	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
ravishankar srivatsa	fd102ca	2017-05-04 10:13:58 +0530	[diff] [blame]	1638	return;
				1639	}
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1640
				1641	switch (p_cb->selected_association_model) {
				1642	case SMP_MODEL_SEC_CONN_JUSTWORKS:
				1643	case SMP_MODEL_SEC_CONN_NUM_COMP:
				1644	/* in these models only master receives commitment */
				1645	if (p_cb->role == HCI_ROLE_MASTER) {
				1646	if (!smp_check_commitment(p_cb)) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	1647	tSMP_INT_DATA smp_int_data;
				1648	smp_int_data.status = SMP_CONFIRM_VALUE_ERR;
				1649	p_cb->failure = SMP_CONFIRM_VALUE_ERR;
				1650	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1651	break;
				1652	}
				1653	} else {
				1654	/* slave sends local nonce */
				1655	smp_send_rand(p_cb, NULL);
				1656	}
				1657
				1658	if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS) {
Rahul Sabnis	03580fc	2020-06-26 10:27:07 -0700	[diff] [blame]	1659	if (p_cb->local_io_capability != SMP_IO_CAP_NONE &&
				1660	p_cb->local_io_capability != SMP_IO_CAP_IN) {
				1661	/* display consent dialog */
				1662	SMP_TRACE_DEBUG("JUST WORKS showing Consent Dialog");
				1663	p_cb->cb_evt = SMP_CONSENT_REQ_EVT;
				1664	smp_set_state(SMP_STATE_WAIT_NONCE);
				1665	smp_sm_event(p_cb, SMP_SC_DSPL_NC_EVT, NULL);
				1666	} else {
				1667	/* go directly to phase 2 */
				1668	smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
				1669	}
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1670	} else /* numeric comparison */
				1671	{
				1672	smp_set_state(SMP_STATE_WAIT_NONCE);
				1673	smp_sm_event(p_cb, SMP_SC_CALC_NC_EVT, NULL);
				1674	}
				1675	break;
				1676	case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
				1677	case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
ravishankar srivatsa	fd102ca	2017-05-04 10:13:58 +0530	[diff] [blame]	1678	if (!smp_check_commitment(p_cb) &&
				1679	p_cb->cert_failure != SMP_NUMERIC_COMPAR_FAIL) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	1680	tSMP_INT_DATA smp_int_data;
				1681	smp_int_data.status = SMP_CONFIRM_VALUE_ERR;
				1682	p_cb->failure = SMP_CONFIRM_VALUE_ERR;
				1683	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1684	break;
				1685	}
Nitin Arora	0bd0c8f	2016-03-15 15:00:36 -0700	[diff] [blame]	1686
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1687	if (p_cb->role == HCI_ROLE_SLAVE) {
				1688	smp_send_rand(p_cb, NULL);
				1689	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1690
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1691	if (++p_cb->round < 20) {
				1692	smp_set_state(SMP_STATE_SEC_CONN_PHS1_START);
				1693	p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
				1694	smp_start_nonce_generation(p_cb);
				1695	break;
				1696	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1697
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1698	smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
				1699	break;
				1700	case SMP_MODEL_SEC_CONN_OOB:
				1701	if (p_cb->role == HCI_ROLE_SLAVE) {
				1702	smp_send_rand(p_cb, NULL);
				1703	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1704
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1705	smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
				1706	break;
				1707	default:
				1708	SMP_TRACE_ERROR("Association Model = %d is not used in LE SC",
				1709	p_cb->selected_association_model);
				1710	break;
				1711	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1712
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1713	SMP_TRACE_DEBUG("%s end ", __func__);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1714	}
				1715
				1716	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1717	* Function smp_match_dhkey_checks
				1718	* Description checks if the calculated peer DHKey Check value is the same as
				1719	* received from the peer DHKey check value.
				1720	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1721	void smp_match_dhkey_checks(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1722	SMP_TRACE_DEBUG("%s", __func__);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1723
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	1724	if (memcmp(p_data->key.p_data, p_cb->remote_dhkey_check.data(),
				1725	OCTET16_LEN)) {
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1726	SMP_TRACE_WARNING("dhkey chcks do no match");
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	1727	tSMP_INT_DATA smp_int_data;
				1728	smp_int_data.status = SMP_DHKEY_CHK_FAIL;
				1729	p_cb->failure = SMP_DHKEY_CHK_FAIL;
				1730	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1731	return;
				1732	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1733
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1734	SMP_TRACE_EVENT("dhkey chcks match");
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1735
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1736	/* compare the max encryption key size, and save the smaller one for the link
				1737	*/
				1738	if (p_cb->peer_enc_size < p_cb->loc_enc_size)
				1739	p_cb->loc_enc_size = p_cb->peer_enc_size;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1740
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1741	if (p_cb->role == HCI_ROLE_SLAVE) {
				1742	smp_sm_event(p_cb, SMP_PAIR_DHKEY_CHCK_EVT, NULL);
				1743	} else {
				1744	/* master device always use received i/r key as keys to distribute */
				1745	p_cb->local_i_key = p_cb->peer_i_key;
				1746	p_cb->local_r_key = p_cb->peer_r_key;
				1747	smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
				1748	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1749	}
				1750
				1751	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1752	* Function smp_move_to_secure_connections_phase2
				1753	* Description Signal State Machine to start SC phase 2 initialization (to
				1754	* compute local DHKey Check value).
				1755	*
				1756	* Note SM is supposed to be in the state SMP_STATE_SEC_CONN_PHS2_START.
				1757	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1758	void smp_move_to_secure_connections_phase2(tSMP_CB* p_cb,
				1759	tSMP_INT_DATA* p_data) {
				1760	SMP_TRACE_DEBUG("%s", __func__);
				1761	smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1762	}
				1763
				1764	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1765	* Function smp_phase_2_dhkey_checks_are_present
Myles Watson	9ca0709	2016-11-28 16:41:53 -0800	[diff] [blame]	1766	* Description generates event if dhkey check from the peer is already
				1767	* received.
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1768	*
				1769	* Note It is supposed to be used on slave to prevent race condition.
Myles Watson	9ca0709	2016-11-28 16:41:53 -0800	[diff] [blame]	1770	* It is supposed to be called after slave dhkey check is
				1771	* calculated.
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1772	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1773	void smp_phase_2_dhkey_checks_are_present(tSMP_CB* p_cb,
				1774	tSMP_INT_DATA* p_data) {
				1775	SMP_TRACE_DEBUG("%s", __func__);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1776
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1777	if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK)
				1778	smp_sm_event(p_cb, SMP_SC_2_DHCK_CHKS_PRES_EVT, NULL);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1779	}
				1780
				1781	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1782	* Function smp_wait_for_both_public_keys
Myles Watson	9ca0709	2016-11-28 16:41:53 -0800	[diff] [blame]	1783	* Description generates SMP_BOTH_PUBL_KEYS_RCVD_EVT event when both local and
				1784	* master public keys are available.
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1785	*
				1786	* Note on the slave it is used to prevent race condition.
				1787	*
				1788	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1789	void smp_wait_for_both_public_keys(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				1790	SMP_TRACE_DEBUG("%s", __func__);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1791
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1792	if ((p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY) &&
				1793	(p_cb->flags & SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY)) {
				1794	if ((p_cb->role == HCI_ROLE_SLAVE) &&
				1795	((p_cb->req_oob_type == SMP_OOB_LOCAL) \|\|
				1796	(p_cb->req_oob_type == SMP_OOB_BOTH))) {
				1797	smp_set_state(SMP_STATE_PUBLIC_KEY_EXCH);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1798	}
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1799	smp_sm_event(p_cb, SMP_BOTH_PUBL_KEYS_RCVD_EVT, NULL);
				1800	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1801	}
				1802
				1803	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1804	* Function smp_start_passkey_verification
				1805	* Description Starts SC passkey entry verification.
				1806	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1807	void smp_start_passkey_verification(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				1808	uint8_t* p = NULL;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1809
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1810	SMP_TRACE_DEBUG("%s", __func__);
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	1811	p = p_cb->local_random.data();
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1812	UINT32_TO_STREAM(p, p_data->passkey);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1813
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	1814	p = p_cb->peer_random.data();
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1815	UINT32_TO_STREAM(p, p_data->passkey);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1816
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1817	p_cb->round = 0;
				1818	smp_start_nonce_generation(p_cb);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1819	}
				1820
				1821	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1822	* Function smp_process_secure_connection_oob_data
				1823	* Description Processes local/peer SC OOB data received from somewhere.
				1824	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1825	void smp_process_secure_connection_oob_data(tSMP_CB* p_cb,
				1826	tSMP_INT_DATA* p_data) {
				1827	SMP_TRACE_DEBUG("%s", __func__);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1828
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1829	tSMP_SC_OOB_DATA* p_sc_oob_data = &p_cb->sc_oob_data;
				1830	if (p_sc_oob_data->loc_oob_data.present) {
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	1831	p_cb->local_random = p_sc_oob_data->loc_oob_data.randomizer;
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1832	} else {
				1833	SMP_TRACE_EVENT("%s: local OOB randomizer is absent", __func__);
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	1834	p_cb->local_random = {0};
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1835	}
				1836
				1837	if (!p_sc_oob_data->peer_oob_data.present) {
				1838	SMP_TRACE_EVENT("%s: peer OOB data is absent", __func__);
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	1839	p_cb->peer_random = {0};
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1840	} else {
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	1841	p_cb->peer_random = p_sc_oob_data->peer_oob_data.randomizer;
				1842	p_cb->remote_commitment = p_sc_oob_data->peer_oob_data.commitment;
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1843
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1844	/* check commitment */
				1845	if (!smp_check_commitment(p_cb)) {
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	1846	tSMP_INT_DATA smp_int_data;
				1847	smp_int_data.status = SMP_CONFIRM_VALUE_ERR;
				1848	p_cb->failure = SMP_CONFIRM_VALUE_ERR;
				1849	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1850	return;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1851	}
				1852
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1853	if (p_cb->peer_oob_flag != SMP_OOB_PRESENT) {
				1854	/* the peer doesn't have local randomiser */
				1855	SMP_TRACE_EVENT(
				1856	"%s: peer didn't receive local OOB data, set local randomizer to 0",
				1857	__func__);
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	1858	p_cb->local_random = {0};
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1859	}
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1860	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1861
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1862	print128(p_cb->local_random, (const uint8_t*)"local OOB randomizer");
				1863	print128(p_cb->peer_random, (const uint8_t*)"peer OOB randomizer");
				1864	smp_start_nonce_generation(p_cb);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1865	}
				1866
				1867	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1868	* Function smp_set_local_oob_keys
Myles Watson	9ca0709	2016-11-28 16:41:53 -0800	[diff] [blame]	1869	* Description Saves calculated private/public keys in
				1870	* sc_oob_data.loc_oob_data, starts nonce generation
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1871	* (to be saved in sc_oob_data.loc_oob_data.randomizer).
				1872	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1873	void smp_set_local_oob_keys(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				1874	SMP_TRACE_DEBUG("%s", __func__);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1875
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1876	memcpy(p_cb->sc_oob_data.loc_oob_data.private_key_used, p_cb->private_key,
				1877	BT_OCTET32_LEN);
				1878	p_cb->sc_oob_data.loc_oob_data.publ_key_used = p_cb->loc_publ_key;
				1879	smp_start_nonce_generation(p_cb);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1880	}
				1881
				1882	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1883	* Function smp_set_local_oob_random_commitment
Myles Watson	9ca0709	2016-11-28 16:41:53 -0800	[diff] [blame]	1884	* Description Saves calculated randomizer and commitment in
				1885	* sc_oob_data.loc_oob_data, passes sc_oob_data.loc_oob_data up
				1886	* for safekeeping.
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1887	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1888	void smp_set_local_oob_random_commitment(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				1889	SMP_TRACE_DEBUG("%s", __func__);
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	1890	p_cb->sc_oob_data.loc_oob_data.randomizer = p_cb->rand;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1891
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	1892	p_cb->sc_oob_data.loc_oob_data.commitment =
Jakub Pawlowski	430e59d	2018-06-21 14:23:47 +0200	[diff] [blame]	1893	crypto_toolbox::f4(p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
				1894	p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
				1895	p_cb->sc_oob_data.loc_oob_data.randomizer, 0);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1896
Marie Janssen	d19e078	2016-07-15 12:48:27 -0700	[diff] [blame]	1897	#if (SMP_DEBUG == TRUE)
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1898	uint8_t* p_print = NULL;
				1899	SMP_TRACE_DEBUG("local SC OOB data set:");
				1900	p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.addr_sent_to;
Jack He	648d513	2016-12-15 10:56:55 -0800	[diff] [blame]	1901	smp_debug_print_nbyte_little_endian(p_print, "addr_sent_to",
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1902	sizeof(tBLE_BD_ADDR));
				1903	p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.private_key_used;
Jack He	648d513	2016-12-15 10:56:55 -0800	[diff] [blame]	1904	smp_debug_print_nbyte_little_endian(p_print, "private_key_used",
				1905	BT_OCTET32_LEN);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1906	p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.publ_key_used.x;
Jack He	648d513	2016-12-15 10:56:55 -0800	[diff] [blame]	1907	smp_debug_print_nbyte_little_endian(p_print, "publ_key_used.x",
				1908	BT_OCTET32_LEN);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1909	p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.publ_key_used.y;
Jack He	648d513	2016-12-15 10:56:55 -0800	[diff] [blame]	1910	smp_debug_print_nbyte_little_endian(p_print, "publ_key_used.y",
				1911	BT_OCTET32_LEN);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1912	p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.randomizer;
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	1913	smp_debug_print_nbyte_little_endian(p_print, "randomizer", OCTET16_LEN);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1914	p_print = (uint8_t*)&p_cb->sc_oob_data.loc_oob_data.commitment;
Jakub Pawlowski	ae57211	2018-06-14 17:40:34 -0700	[diff] [blame]	1915	smp_debug_print_nbyte_little_endian(p_print, "commitment", OCTET16_LEN);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1916	SMP_TRACE_DEBUG("");
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1917	#endif
				1918
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1919	/* pass created OOB data up */
				1920	p_cb->cb_evt = SMP_SC_LOC_OOB_DATA_UP_EVT;
				1921	smp_send_app_cback(p_cb, NULL);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1922
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1923	smp_cb_cleanup(p_cb);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1924	}
Ganesh Ganapathi Batta	8fe5887	2014-04-16 16:50:09 -0700	[diff] [blame]	1925
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1926	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1927	*
				1928	* Function smp_link_encrypted
				1929	*
Myles Watson	9ca0709	2016-11-28 16:41:53 -0800	[diff] [blame]	1930	* Description This function is called when link is encrypted and notified
				1931	* to the slave device. Proceed to to send LTK, DIV and ER to
				1932	* master if bonding the devices.
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1933	*
				1934	*
				1935	* Returns void
				1936	*
				1937	******************************************************************************/
Jakub Pawlowski	a484a88	2017-06-24 17:30:18 -0700	[diff] [blame]	1938	void smp_link_encrypted(const RawAddress& bda, uint8_t encr_enable) {
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1939	tSMP_CB* p_cb = &smp_cb;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1940
johnshamoon	b2dadde	2017-05-31 11:32:24 -0700	[diff] [blame]	1941	SMP_TRACE_DEBUG("%s: encr_enable=%d", __func__, encr_enable);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1942
Jakub Pawlowski	c2276b0	2017-06-09 16:00:25 -0700	[diff] [blame]	1943	if (smp_cb.pairing_bda == bda) {
johnshamoon	b2dadde	2017-05-31 11:32:24 -0700	[diff] [blame]	1944	/* encryption completed with STK, remember the key size now, could be
				1945	* overwritten when key exchange happens */
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1946	if (p_cb->loc_enc_size != 0 && encr_enable) {
				1947	/* update the link encryption key size if a SMP pairing just performed */
				1948	btm_ble_update_sec_key_size(bda, p_cb->loc_enc_size);
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1949	}
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1950
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	1951	tSMP_INT_DATA smp_int_data;
				1952	smp_int_data.status = encr_enable;
				1953	smp_sm_event(&smp_cb, SMP_ENCRYPTED_EVT, &smp_int_data);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1954	}
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1955	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1956
Jakub Pawlowski	d78b1dd	2018-10-01 13:25:11 +0200	[diff] [blame]	1957	void smp_cancel_start_encryption_attempt() {
				1958	SMP_TRACE_ERROR("%s: Encryption request cancelled", __func__);
				1959	smp_sm_event(&smp_cb, SMP_DISCARD_SEC_REQ_EVT, NULL);
				1960	}
				1961
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1962	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1963	*
				1964	* Function smp_proc_ltk_request
				1965	*
				1966	* Description This function is called when LTK request is received from
				1967	* controller.
				1968	*
				1969	* Returns void
				1970	*
				1971	******************************************************************************/
Jakub Pawlowski	a484a88	2017-06-24 17:30:18 -0700	[diff] [blame]	1972	bool smp_proc_ltk_request(const RawAddress& bda) {
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1973	SMP_TRACE_DEBUG("%s state = %d", __func__, smp_cb.state);
				1974	bool match = false;
Nitin Arora	1da48a3	2015-07-17 18:38:01 -0700	[diff] [blame]	1975
Jakub Pawlowski	c2276b0	2017-06-09 16:00:25 -0700	[diff] [blame]	1976	if (bda == smp_cb.pairing_bda) {
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1977	match = true;
				1978	} else {
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1979	tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bda);
Jakub Pawlowski	c2276b0	2017-06-09 16:00:25 -0700	[diff] [blame]	1980	if (p_dev_rec != NULL && p_dev_rec->ble.pseudo_addr == smp_cb.pairing_bda &&
Jakub Pawlowski	b707f44	2017-07-03 15:39:36 -0700	[diff] [blame]	1981	p_dev_rec->ble.pseudo_addr != RawAddress::kEmpty) {
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1982	match = true;
Nitin Arora	1da48a3	2015-07-17 18:38:01 -0700	[diff] [blame]	1983	}
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1984	}
Nitin Arora	1da48a3	2015-07-17 18:38:01 -0700	[diff] [blame]	1985
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1986	if (match && smp_cb.state == SMP_STATE_ENCRYPTION_PENDING) {
				1987	smp_sm_event(&smp_cb, SMP_ENC_REQ_EVT, NULL);
				1988	return true;
				1989	}
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1990
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	1991	return false;
The Android Open Source Project	5738f83	2012-12-12 16:00:35 -0800	[diff] [blame]	1992	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	1993
				1994	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	1995	*
				1996	* Function smp_process_secure_connection_long_term_key
				1997	*
				1998	* Description This function is called to process SC LTK.
				1999	* SC LTK is calculated and used instead of STK.
				2000	* Here SC LTK is saved in BLE DB.
				2001	*
				2002	* Returns void
				2003	*
				2004	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	2005	void smp_process_secure_connection_long_term_key(void) {
				2006	tSMP_CB* p_cb = &smp_cb;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	2007
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	2008	SMP_TRACE_DEBUG("%s", __func__);
				2009	smp_save_secure_connections_long_term_key(p_cb);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	2010
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	2011	smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ENC, false);
				2012	smp_key_distribution(p_cb, NULL);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	2013	}
				2014
				2015	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	2016	*
				2017	* Function smp_set_derive_link_key
				2018	*
				2019	* Description This function is called to set flag that indicates that
				2020	* BR/EDR LK has to be derived from LTK after all keys are
				2021	* distributed.
				2022	*
				2023	* Returns void
				2024	*
				2025	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	2026	void smp_set_derive_link_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				2027	SMP_TRACE_DEBUG("%s", __func__);
				2028	p_cb->derive_lk = true;
				2029	smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_LK, false);
				2030	smp_key_distribution(p_cb, NULL);
Chaojing Sun	e280553	2015-04-22 13:40:21 -0700	[diff] [blame]	2031	}
				2032
				2033	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	2034	*
				2035	* Function smp_derive_link_key_from_long_term_key
				2036	*
				2037	* Description This function is called to derive BR/EDR LK from LTK.
				2038	*
				2039	* Returns void
				2040	*
				2041	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	2042	void smp_derive_link_key_from_long_term_key(tSMP_CB* p_cb,
				2043	tSMP_INT_DATA* p_data) {
				2044	tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	2045
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	2046	SMP_TRACE_DEBUG("%s", __func__);
				2047	if (!smp_calculate_link_key_from_long_term_key(p_cb)) {
				2048	SMP_TRACE_ERROR("%s failed", __func__);
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	2049	tSMP_INT_DATA smp_int_data;
				2050	smp_int_data.status = status;
				2051	smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	2052	return;
				2053	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	2054	}
				2055
				2056	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	2057	*
				2058	* Function smp_br_process_link_key
				2059	*
				2060	* Description This function is called to process BR/EDR LK:
				2061	* - to derive SMP LTK from BR/EDR LK;
johnshamoon	b2dadde	2017-05-31 11:32:24 -0700	[diff] [blame]	2062	* - to save SMP LTK.
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	2063	*
				2064	* Returns void
				2065	*
				2066	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	2067	void smp_br_process_link_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				2068	tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	2069
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	2070	SMP_TRACE_DEBUG("%s", __func__);
				2071	if (!smp_calculate_long_term_key_from_link_key(p_cb)) {
johnshamoon	b2dadde	2017-05-31 11:32:24 -0700	[diff] [blame]	2072	SMP_TRACE_ERROR("%s: failed", __func__);
Myles Watson	5ce55bd	2017-09-20 16:41:19 -0700	[diff] [blame]	2073	tSMP_INT_DATA smp_int_data;
				2074	smp_int_data.status = status;
				2075	smp_sm_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &smp_int_data);
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	2076	return;
				2077	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	2078
Nitin Shivpure	96036cd	2018-03-13 12:01:48 +0530	[diff] [blame]	2079	tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(p_cb->pairing_bda);
				2080	if (p_dev_rec) {
				2081	SMP_TRACE_DEBUG("%s: dev_type = %d ", __func__, p_dev_rec->device_type);
				2082	p_dev_rec->device_type \|= BT_DEVICE_TYPE_BLE;
				2083	} else {
				2084	SMP_TRACE_ERROR("%s failed to find Security Record", __func__);
				2085	}
				2086
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	2087	SMP_TRACE_DEBUG("%s: LTK derivation from LK successfully completed",
				2088	__func__);
				2089	smp_save_secure_connections_long_term_key(p_cb);
				2090	smp_update_key_mask(p_cb, SMP_SEC_KEY_TYPE_ENC, false);
				2091	smp_br_select_next_key(p_cb, NULL);
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	2092	}
				2093
				2094	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	2095	* Function smp_key_distribution_by_transport
				2096	* Description depending on the transport used at the moment calls either
				2097	* smp_key_distribution(...) or smp_br_key_distribution(...).
				2098	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	2099	void smp_key_distribution_by_transport(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				2100	SMP_TRACE_DEBUG("%s", __func__);
				2101	if (p_cb->smp_over_br) {
				2102	smp_br_select_next_key(p_cb, NULL);
				2103	} else {
				2104	smp_key_distribution(p_cb, NULL);
				2105	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	2106	}
				2107
				2108	/*******************************************************************************
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	2109	* Function smp_br_pairing_complete
Myles Watson	9ca0709	2016-11-28 16:41:53 -0800	[diff] [blame]	2110	* Description This function is called to send the pairing complete
				2111	* callback and remove the connection if needed.
Myles Watson	ee96a3c	2016-11-23 14:49:54 -0800	[diff] [blame]	2112	******************************************************************************/
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	2113	void smp_br_pairing_complete(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
				2114	SMP_TRACE_DEBUG("%s", __func__);
Satya Calloji	d0aa8e5	2015-05-06 09:24:06 -0700	[diff] [blame]	2115
Myles Watson	911d1ae	2016-11-28 16:44:40 -0800	[diff] [blame]	2116	if (p_cb->total_tx_unacked == 0) {
				2117	/* process the pairing complete */
				2118	smp_proc_pairing_cmpl(p_cb);
				2119	}
Satya Calloji	444a8da	2015-03-06 10:38:22 -0800	[diff] [blame]	2120	}