The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 1 | /****************************************************************************** |
| 2 | * |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 3 | * Copyright (C) 1999-2012 Broadcom Corporation |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 4 | * |
| 5 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 6 | * you may not use this file except in compliance with the License. |
| 7 | * You may obtain a copy of the License at: |
| 8 | * |
| 9 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | * |
| 11 | * Unless required by applicable law or agreed to in writing, software |
| 12 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | * See the License for the specific language governing permissions and |
| 15 | * limitations under the License. |
| 16 | * |
| 17 | ******************************************************************************/ |
| 18 | |
| 19 | /****************************************************************************** |
| 20 | * |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 21 | * This file contains security manager protocol utility functions |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 22 | * |
| 23 | ******************************************************************************/ |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 24 | #include "bt_target.h" |
| 25 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 26 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 27 | #include <stdio.h> |
| 28 | #endif |
| 29 | #include <string.h> |
| 30 | #include "bt_utils.h" |
| 31 | #include "btm_ble_api.h" |
| 32 | #include "smp_int.h" |
| 33 | #include "btm_int.h" |
| 34 | #include "btm_ble_int.h" |
| 35 | #include "hcimsgs.h" |
| 36 | #include "aes.h" |
| 37 | #include "p_256_ecc_pp.h" |
| 38 | #include "device/include/controller.h" |
Myles Watson | d7ffd64 | 2016-10-27 10:27:36 -0700 | [diff] [blame] | 39 | #include "osi/include/osi.h" |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 40 | |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 41 | #ifndef SMP_MAX_ENC_REPEAT |
| 42 | #define SMP_MAX_ENC_REPEAT 3 |
| 43 | #endif |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 44 | |
| 45 | static void smp_rand_back(tBTM_RAND_ENC *p); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 46 | static void smp_generate_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data); |
| 47 | static void smp_generate_ltk_cont(tSMP_CB *p_cb, tSMP_INT_DATA *p_data); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 48 | static void smp_generate_y(tSMP_CB *p_cb, tSMP_INT_DATA *p); |
| 49 | static void smp_generate_rand_vector (tSMP_CB *p_cb, tSMP_INT_DATA *p); |
| 50 | static void smp_process_stk(tSMP_CB *p_cb, tSMP_ENC *p); |
| 51 | static void smp_calculate_comfirm_cont(tSMP_CB *p_cb, tSMP_ENC *p); |
| 52 | static void smp_process_confirm(tSMP_CB *p_cb, tSMP_ENC *p); |
| 53 | static void smp_process_compare(tSMP_CB *p_cb, tSMP_ENC *p); |
| 54 | static void smp_process_ediv(tSMP_CB *p_cb, tSMP_ENC *p); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 55 | static bool smp_calculate_legacy_short_term_key(tSMP_CB *p_cb, tSMP_ENC *output); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 56 | static void smp_continue_private_key_creation(tSMP_CB *p_cb, tBTM_RAND_ENC *p); |
| 57 | static void smp_process_private_key(tSMP_CB *p_cb); |
| 58 | static void smp_finish_nonce_generation(tSMP_CB *p_cb); |
| 59 | static void smp_process_new_nonce(tSMP_CB *p_cb); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 60 | |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 61 | #define SMP_PASSKEY_MASK 0xfff00000 |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 62 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 63 | void smp_debug_print_nbyte_little_endian(uint8_t *p, const uint8_t *key_name, uint8_t len) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 64 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 65 | #if (SMP_DEBUG == TRUE) |
Jakub Pawlowski | ce83251 | 2016-07-28 06:11:36 -0700 | [diff] [blame] | 66 | int ind; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 67 | int col_count = 32; |
| 68 | int row_count; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 69 | uint8_t p_buf[512]; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 70 | |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 71 | SMP_TRACE_WARNING("%s(LSB ~ MSB):", key_name); |
| 72 | memset(p_buf, 0, sizeof(p_buf)); |
| 73 | row_count = len % col_count ? len / col_count + 1: len / col_count; |
| 74 | |
| 75 | ind = 0; |
| 76 | for (int row = 0; row < row_count; row++) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 77 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 78 | for (int column = 0, x = 0; (ind < len) && (column < col_count); column++, ind++) |
| 79 | { |
George Burgess IV | 80d7f60 | 2016-03-02 14:00:19 -0800 | [diff] [blame] | 80 | x += snprintf((char *)&p_buf[x], sizeof(p_buf) - x, "%02x ", p[ind]); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 81 | } |
| 82 | SMP_TRACE_WARNING(" [%03d]: %s", row * col_count, p_buf); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 83 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 84 | #endif |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 85 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 86 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 87 | void smp_debug_print_nbyte_big_endian (uint8_t *p, const uint8_t *key_name, uint8_t len) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 88 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 89 | #if (SMP_DEBUG == TRUE) |
| 90 | uint8_t p_buf[512]; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 91 | |
| 92 | SMP_TRACE_WARNING("%s(MSB ~ LSB):", key_name); |
| 93 | memset(p_buf, 0, sizeof(p_buf)); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 94 | |
| 95 | int ind = 0; |
| 96 | int ncols = 32; /* num entries in one line */ |
| 97 | int nrows; /* num lines */ |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 98 | |
Subramanian Srinivasan | 33bab32 | 2016-01-08 17:37:28 -0800 | [diff] [blame] | 99 | nrows = len % ncols ? len / ncols + 1: len / ncols; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 100 | for (int row = 0; row < nrows; row++) |
| 101 | { |
| 102 | for (int col = 0, x = 0; (ind < len) && (col < ncols); col++, ind++) |
| 103 | { |
George Burgess IV | 80d7f60 | 2016-03-02 14:00:19 -0800 | [diff] [blame] | 104 | x += snprintf ((char *)&p_buf[len-x-1], sizeof(p_buf) - (len-x-1), "%02x ", p[ind]); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 105 | } |
| 106 | SMP_TRACE_WARNING("[%03d]: %s", row * ncols, p_buf); |
| 107 | } |
| 108 | #endif |
| 109 | } |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 110 | |
| 111 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 112 | * |
| 113 | * Function smp_encrypt_data |
| 114 | * |
| 115 | * Description This function is called to encrypt data. |
| 116 | * It uses AES-128 encryption algorithm. |
| 117 | * Plain_text is encrypted using key, the result is at p_out. |
| 118 | * |
| 119 | * Returns void |
| 120 | * |
| 121 | ******************************************************************************/ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 122 | bool smp_encrypt_data (uint8_t *key, uint8_t key_len, |
| 123 | uint8_t *plain_text, uint8_t pt_len, |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 124 | tSMP_ENC *p_out) |
| 125 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 126 | aes_context ctx; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 127 | uint8_t *p_start = NULL; |
| 128 | uint8_t *p = NULL; |
| 129 | uint8_t *p_rev_data = NULL; /* input data in big endilan format */ |
| 130 | uint8_t *p_rev_key = NULL; /* input key in big endilan format */ |
| 131 | uint8_t *p_rev_output = NULL; /* encrypted output in big endilan format */ |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 132 | |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 133 | SMP_TRACE_DEBUG ("%s", __func__); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 134 | if ( (p_out == NULL ) || (key_len != SMP_ENCRYT_KEY_SIZE) ) |
| 135 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 136 | SMP_TRACE_ERROR ("%s failed", __func__); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 137 | return false; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 138 | } |
| 139 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 140 | p_start = (uint8_t *)osi_calloc(SMP_ENCRYT_DATA_SIZE * 4); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 141 | |
| 142 | if (pt_len > SMP_ENCRYT_DATA_SIZE) |
| 143 | pt_len = SMP_ENCRYT_DATA_SIZE; |
| 144 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 145 | p = p_start; |
| 146 | ARRAY_TO_STREAM (p, plain_text, pt_len); /* byte 0 to byte 15 */ |
| 147 | p_rev_data = p = p_start + SMP_ENCRYT_DATA_SIZE; /* start at byte 16 */ |
| 148 | REVERSE_ARRAY_TO_STREAM (p, p_start, SMP_ENCRYT_DATA_SIZE); /* byte 16 to byte 31 */ |
| 149 | p_rev_key = p; /* start at byte 32 */ |
| 150 | REVERSE_ARRAY_TO_STREAM (p, key, SMP_ENCRYT_KEY_SIZE); /* byte 32 to byte 47 */ |
| 151 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 152 | #if (SMP_DEBUG == TRUE && SMP_DEBUG_VERBOSE == TRUE) |
| 153 | smp_debug_print_nbyte_little_endian(key, (const uint8_t *)"Key", SMP_ENCRYT_KEY_SIZE); |
| 154 | smp_debug_print_nbyte_little_endian(p_start, (const uint8_t *)"Plain text", SMP_ENCRYT_DATA_SIZE); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 155 | #endif |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 156 | p_rev_output = p; |
| 157 | aes_set_key(p_rev_key, SMP_ENCRYT_KEY_SIZE, &ctx); |
| 158 | aes_encrypt(p_rev_data, p, &ctx); /* outputs in byte 48 to byte 63 */ |
| 159 | |
| 160 | p = p_out->param_buf; |
| 161 | REVERSE_ARRAY_TO_STREAM (p, p_rev_output, SMP_ENCRYT_DATA_SIZE); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 162 | #if (SMP_DEBUG == TRUE && SMP_DEBUG_VERBOSE == TRUE) |
| 163 | smp_debug_print_nbyte_little_endian(p_out->param_buf, (const uint8_t *)"Encrypted text", SMP_ENCRYT_KEY_SIZE); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 164 | #endif |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 165 | |
| 166 | p_out->param_len = SMP_ENCRYT_KEY_SIZE; |
| 167 | p_out->status = HCI_SUCCESS; |
| 168 | p_out->opcode = HCI_BLE_ENCRYPT; |
| 169 | |
Pavlin Radoslavov | cceb430 | 2016-02-05 13:54:43 -0800 | [diff] [blame] | 170 | osi_free(p_start); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 171 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 172 | return true; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 173 | } |
| 174 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 175 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 176 | * |
| 177 | * Function smp_generate_passkey |
| 178 | * |
| 179 | * Description This function is called to generate passkey. |
| 180 | * |
| 181 | * Returns void |
| 182 | * |
| 183 | ******************************************************************************/ |
Myles Watson | d35a648 | 2016-10-27 08:52:16 -0700 | [diff] [blame] | 184 | void smp_generate_passkey(tSMP_CB *p_cb, |
| 185 | UNUSED_ATTR tSMP_INT_DATA *p_data) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 186 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 187 | SMP_TRACE_DEBUG ("%s", __func__); |
| 188 | p_cb->rand_enc_proc_state = SMP_GEN_TK; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 189 | |
| 190 | /* generate MRand or SRand */ |
Jakub Pawlowski | b6ab9b3 | 2016-10-10 09:35:13 -0700 | [diff] [blame] | 191 | btsnd_hcic_ble_rand((void *)smp_rand_back); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 192 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 193 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 194 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 195 | * |
| 196 | * Function smp_proc_passkey |
| 197 | * |
| 198 | * Description This function is called to process a passkey. |
| 199 | * |
| 200 | * Returns void |
| 201 | * |
| 202 | ******************************************************************************/ |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 203 | void smp_proc_passkey(tSMP_CB *p_cb , tBTM_RAND_ENC *p) |
| 204 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 205 | uint8_t *tt = p_cb->tk; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 206 | tSMP_KEY key; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 207 | uint32_t passkey; /* 19655 test number; */ |
| 208 | uint8_t *pp = p->param_buf; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 209 | |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 210 | SMP_TRACE_DEBUG ("%s", __func__); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 211 | STREAM_TO_UINT32(passkey, pp); |
| 212 | passkey &= ~SMP_PASSKEY_MASK; |
| 213 | |
| 214 | /* truncate by maximum value */ |
| 215 | while (passkey > BTM_MAX_PASSKEY_VAL) |
| 216 | passkey >>= 1; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 217 | |
| 218 | /* save the TK */ |
| 219 | memset(p_cb->tk, 0, BT_OCTET16_LEN); |
| 220 | UINT32_TO_STREAM(tt, passkey); |
| 221 | |
| 222 | key.key_type = SMP_KEY_TYPE_TK; |
| 223 | key.p_data = p_cb->tk; |
| 224 | |
| 225 | if (p_cb->p_callback) |
| 226 | { |
| 227 | (*p_cb->p_callback)(SMP_PASSKEY_NOTIF_EVT, p_cb->pairing_bda, (tSMP_EVT_DATA *)&passkey); |
| 228 | } |
| 229 | |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 230 | if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_PASSKEY_DISP) |
| 231 | { |
| 232 | smp_sm_event(&smp_cb, SMP_KEY_READY_EVT, &passkey); |
| 233 | } |
| 234 | else |
| 235 | { |
| 236 | smp_sm_event(p_cb, SMP_KEY_READY_EVT, (tSMP_INT_DATA *)&key); |
| 237 | } |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 238 | } |
| 239 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 240 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 241 | * |
| 242 | * Function smp_generate_stk |
| 243 | * |
| 244 | * Description This function is called to generate STK calculated by running |
| 245 | * AES with the TK value as key and a concatenation of the random |
| 246 | * values. |
| 247 | * |
| 248 | * Returns void |
| 249 | * |
| 250 | ******************************************************************************/ |
Myles Watson | d35a648 | 2016-10-27 08:52:16 -0700 | [diff] [blame] | 251 | void smp_generate_stk(tSMP_CB *p_cb, |
| 252 | UNUSED_ATTR tSMP_INT_DATA *p_data) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 253 | { |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 254 | |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 255 | tSMP_ENC output; |
| 256 | tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 257 | |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 258 | SMP_TRACE_DEBUG ("%s", __func__); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 259 | |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 260 | if (p_cb->le_secure_connections_mode_is_used) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 261 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 262 | SMP_TRACE_WARNING ("FOR LE SC LTK IS USED INSTEAD OF STK"); |
| 263 | output.param_len = SMP_ENCRYT_KEY_SIZE; |
| 264 | output.status = HCI_SUCCESS; |
| 265 | output.opcode = HCI_BLE_ENCRYPT; |
| 266 | memcpy(output.param_buf, p_cb->ltk, SMP_ENCRYT_DATA_SIZE); |
| 267 | } |
| 268 | else if (!smp_calculate_legacy_short_term_key(p_cb, &output)) |
| 269 | { |
| 270 | SMP_TRACE_ERROR("%s failed", __func__); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 271 | smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 272 | return; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 273 | } |
| 274 | |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 275 | smp_process_stk(p_cb, &output); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 276 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 277 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 278 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 279 | * |
| 280 | * Function smp_generate_srand_mrand_confirm |
| 281 | * |
| 282 | * Description This function is called to start the second pairing phase by |
| 283 | * start generating random number. |
| 284 | * |
| 285 | * |
| 286 | * Returns void |
| 287 | * |
| 288 | ******************************************************************************/ |
Myles Watson | d35a648 | 2016-10-27 08:52:16 -0700 | [diff] [blame] | 289 | void smp_generate_srand_mrand_confirm(tSMP_CB *p_cb, |
| 290 | UNUSED_ATTR tSMP_INT_DATA *p_data) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 291 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 292 | SMP_TRACE_DEBUG ("%s", __func__); |
| 293 | p_cb->rand_enc_proc_state = SMP_GEN_SRAND_MRAND; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 294 | /* generate MRand or SRand */ |
Jakub Pawlowski | b6ab9b3 | 2016-10-10 09:35:13 -0700 | [diff] [blame] | 295 | btsnd_hcic_ble_rand((void *)smp_rand_back); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 296 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 297 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 298 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 299 | * |
| 300 | * Function smp_generate_rand_cont |
| 301 | * |
| 302 | * Description This function is called to generate another 64 bits random for |
| 303 | * MRand or Srand. |
| 304 | * |
| 305 | * Returns void |
| 306 | * |
| 307 | ******************************************************************************/ |
Myles Watson | d35a648 | 2016-10-27 08:52:16 -0700 | [diff] [blame] | 308 | void smp_generate_rand_cont(tSMP_CB *p_cb, |
| 309 | UNUSED_ATTR tSMP_INT_DATA *p_data) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 310 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 311 | SMP_TRACE_DEBUG ("%s", __func__); |
| 312 | p_cb->rand_enc_proc_state = SMP_GEN_SRAND_MRAND_CONT; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 313 | /* generate 64 MSB of MRand or SRand */ |
Jakub Pawlowski | b6ab9b3 | 2016-10-10 09:35:13 -0700 | [diff] [blame] | 314 | btsnd_hcic_ble_rand((void *)smp_rand_back); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 315 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 316 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 317 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 318 | * |
| 319 | * Function smp_generate_ltk |
| 320 | * |
| 321 | * Description This function is called: |
| 322 | * - in legacy pairing - to calculate LTK, starting with DIV |
| 323 | * generation; |
| 324 | * - in LE Secure Connections pairing over LE transport - to process LTK |
| 325 | * already generated to encrypt LE link; |
| 326 | * - in LE Secure Connections pairing over BR/EDR transport - to start |
| 327 | * BR/EDR Link Key processing. |
| 328 | * |
| 329 | * Returns void |
| 330 | * |
| 331 | ******************************************************************************/ |
Myles Watson | d35a648 | 2016-10-27 08:52:16 -0700 | [diff] [blame] | 332 | void smp_generate_ltk(tSMP_CB *p_cb, |
| 333 | UNUSED_ATTR tSMP_INT_DATA *p_data) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 334 | { |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 335 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 336 | bool div_status; |
| 337 | SMP_TRACE_DEBUG ("%s", __func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 338 | if (smp_get_br_state() == SMP_BR_STATE_BOND_PENDING) |
| 339 | { |
| 340 | smp_br_process_link_key(p_cb, NULL); |
| 341 | return; |
| 342 | } |
| 343 | else if (p_cb->le_secure_connections_mode_is_used) |
| 344 | { |
| 345 | smp_process_secure_connection_long_term_key(); |
| 346 | return; |
| 347 | } |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 348 | |
| 349 | div_status = btm_get_local_div(p_cb->pairing_bda, &p_cb->div); |
| 350 | |
| 351 | if (div_status) |
| 352 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 353 | smp_generate_ltk_cont(p_cb, NULL); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 354 | } |
| 355 | else |
| 356 | { |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 357 | SMP_TRACE_DEBUG ("Generate DIV for LTK"); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 358 | p_cb->rand_enc_proc_state = SMP_GEN_DIV_LTK; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 359 | /* generate MRand or SRand */ |
Jakub Pawlowski | b6ab9b3 | 2016-10-10 09:35:13 -0700 | [diff] [blame] | 360 | btsnd_hcic_ble_rand((void *)smp_rand_back); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 361 | } |
| 362 | } |
| 363 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 364 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 365 | * |
| 366 | * Function smp_compute_csrk |
| 367 | * |
| 368 | * Description This function is called to calculate CSRK |
| 369 | * |
| 370 | * |
| 371 | * Returns void |
| 372 | * |
| 373 | ******************************************************************************/ |
Myles Watson | d35a648 | 2016-10-27 08:52:16 -0700 | [diff] [blame] | 374 | void smp_compute_csrk(tSMP_CB *p_cb, |
| 375 | UNUSED_ATTR tSMP_INT_DATA *p_data) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 376 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 377 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 378 | BT_OCTET16 er; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 379 | uint8_t buffer[4]; /* for (r || DIV) r=1*/ |
| 380 | uint16_t r=1; |
| 381 | uint8_t *p=buffer; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 382 | tSMP_ENC output; |
| 383 | tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN; |
| 384 | |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 385 | SMP_TRACE_DEBUG ("smp_compute_csrk div=%x", p_cb->div); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 386 | BTM_GetDeviceEncRoot(er); |
| 387 | /* CSRK = d1(ER, DIV, 1) */ |
| 388 | UINT16_TO_STREAM(p, p_cb->div); |
| 389 | UINT16_TO_STREAM(p, r); |
| 390 | |
| 391 | if (!SMP_Encrypt(er, BT_OCTET16_LEN, buffer, 4, &output)) |
| 392 | { |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 393 | SMP_TRACE_ERROR("smp_generate_csrk failed"); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 394 | if (p_cb->smp_over_br) |
| 395 | { |
| 396 | smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &status); |
| 397 | } |
| 398 | else |
| 399 | { |
| 400 | smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status); |
| 401 | } |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 402 | } |
| 403 | else |
| 404 | { |
| 405 | memcpy((void *)p_cb->csrk, output.param_buf, BT_OCTET16_LEN); |
| 406 | smp_send_csrk_info(p_cb, NULL); |
| 407 | } |
| 408 | } |
| 409 | |
| 410 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 411 | * |
| 412 | * Function smp_generate_csrk |
| 413 | * |
| 414 | * Description This function is called to calculate CSRK, starting with DIV |
| 415 | * generation. |
| 416 | * |
| 417 | * |
| 418 | * Returns void |
| 419 | * |
| 420 | ******************************************************************************/ |
Myles Watson | d35a648 | 2016-10-27 08:52:16 -0700 | [diff] [blame] | 421 | void smp_generate_csrk(tSMP_CB *p_cb, |
| 422 | UNUSED_ATTR tSMP_INT_DATA *p_data) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 423 | { |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 424 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 425 | bool div_status; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 426 | |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 427 | SMP_TRACE_DEBUG ("smp_generate_csrk"); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 428 | |
| 429 | div_status = btm_get_local_div(p_cb->pairing_bda, &p_cb->div); |
| 430 | if (div_status) |
| 431 | { |
| 432 | smp_compute_csrk(p_cb, NULL); |
| 433 | } |
| 434 | else |
| 435 | { |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 436 | SMP_TRACE_DEBUG ("Generate DIV for CSRK"); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 437 | p_cb->rand_enc_proc_state = SMP_GEN_DIV_CSRK; |
Jakub Pawlowski | b6ab9b3 | 2016-10-10 09:35:13 -0700 | [diff] [blame] | 438 | btsnd_hcic_ble_rand((void *)smp_rand_back); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 439 | } |
| 440 | } |
| 441 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 442 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 443 | * Function smp_concatenate_peer |
| 444 | * add pairing command sent from local device into p1. |
| 445 | ******************************************************************************/ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 446 | void smp_concatenate_local( tSMP_CB *p_cb, uint8_t **p_data, uint8_t op_code) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 447 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 448 | uint8_t *p = *p_data; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 449 | |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 450 | SMP_TRACE_DEBUG ("%s", __func__); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 451 | UINT8_TO_STREAM(p, op_code); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 452 | UINT8_TO_STREAM(p, p_cb->local_io_capability); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 453 | UINT8_TO_STREAM(p, p_cb->loc_oob_flag); |
| 454 | UINT8_TO_STREAM(p, p_cb->loc_auth_req); |
| 455 | UINT8_TO_STREAM(p, p_cb->loc_enc_size); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 456 | UINT8_TO_STREAM(p, p_cb->local_i_key); |
| 457 | UINT8_TO_STREAM(p, p_cb->local_r_key); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 458 | |
| 459 | *p_data = p; |
| 460 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 461 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 462 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 463 | * Function smp_concatenate_peer |
| 464 | * add pairing command received from peer device into p1. |
| 465 | ******************************************************************************/ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 466 | void smp_concatenate_peer( tSMP_CB *p_cb, uint8_t **p_data, uint8_t op_code) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 467 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 468 | uint8_t *p = *p_data; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 469 | |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 470 | SMP_TRACE_DEBUG ("smp_concatenate_peer "); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 471 | UINT8_TO_STREAM(p, op_code); |
| 472 | UINT8_TO_STREAM(p, p_cb->peer_io_caps); |
| 473 | UINT8_TO_STREAM(p, p_cb->peer_oob_flag); |
| 474 | UINT8_TO_STREAM(p, p_cb->peer_auth_req); |
| 475 | UINT8_TO_STREAM(p, p_cb->peer_enc_size); |
| 476 | UINT8_TO_STREAM(p, p_cb->peer_i_key); |
| 477 | UINT8_TO_STREAM(p, p_cb->peer_r_key); |
| 478 | |
| 479 | *p_data = p; |
| 480 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 481 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 482 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 483 | * |
| 484 | * Function smp_gen_p1_4_confirm |
| 485 | * |
| 486 | * Description Generate Confirm/Compare Step1: |
| 487 | * p1 = pres || preq || rat' || iat' |
| 488 | * |
| 489 | * Returns void |
| 490 | * |
| 491 | ******************************************************************************/ |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 492 | void smp_gen_p1_4_confirm( tSMP_CB *p_cb, BT_OCTET16 p1) |
| 493 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 494 | uint8_t *p = (uint8_t *)p1; |
Ganesh Ganapathi Batta | ead3cde | 2013-02-05 15:22:31 -0800 | [diff] [blame] | 495 | tBLE_ADDR_TYPE addr_type = 0; |
| 496 | BD_ADDR remote_bda; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 497 | |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 498 | SMP_TRACE_DEBUG ("smp_gen_p1_4_confirm"); |
Ganesh Ganapathi Batta | ead3cde | 2013-02-05 15:22:31 -0800 | [diff] [blame] | 499 | |
| 500 | if (!BTM_ReadRemoteConnectionAddr(p_cb->pairing_bda, remote_bda, &addr_type)) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 501 | { |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 502 | SMP_TRACE_ERROR("can not generate confirm for unknown device"); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 503 | return; |
| 504 | } |
| 505 | |
Ganesh Ganapathi Batta | ead3cde | 2013-02-05 15:22:31 -0800 | [diff] [blame] | 506 | BTM_ReadConnectionAddr( p_cb->pairing_bda, p_cb->local_bda, &p_cb->addr_type); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 507 | |
| 508 | if (p_cb->role == HCI_ROLE_MASTER) |
| 509 | { |
| 510 | /* LSB : rat': initiator's(local) address type */ |
Ganesh Ganapathi Batta | ead3cde | 2013-02-05 15:22:31 -0800 | [diff] [blame] | 511 | UINT8_TO_STREAM(p, p_cb->addr_type); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 512 | /* LSB : iat': responder's address type */ |
Ganesh Ganapathi Batta | ead3cde | 2013-02-05 15:22:31 -0800 | [diff] [blame] | 513 | UINT8_TO_STREAM(p, addr_type); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 514 | /* concatinate preq */ |
| 515 | smp_concatenate_local(p_cb, &p, SMP_OPCODE_PAIRING_REQ); |
| 516 | /* concatinate pres */ |
| 517 | smp_concatenate_peer(p_cb, &p, SMP_OPCODE_PAIRING_RSP); |
| 518 | } |
| 519 | else |
| 520 | { |
| 521 | /* LSB : iat': initiator's address type */ |
Ganesh Ganapathi Batta | ead3cde | 2013-02-05 15:22:31 -0800 | [diff] [blame] | 522 | UINT8_TO_STREAM(p, addr_type); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 523 | /* LSB : rat': responder's(local) address type */ |
Ganesh Ganapathi Batta | ead3cde | 2013-02-05 15:22:31 -0800 | [diff] [blame] | 524 | UINT8_TO_STREAM(p, p_cb->addr_type); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 525 | /* concatinate preq */ |
| 526 | smp_concatenate_peer(p_cb, &p, SMP_OPCODE_PAIRING_REQ); |
| 527 | /* concatinate pres */ |
| 528 | smp_concatenate_local(p_cb, &p, SMP_OPCODE_PAIRING_RSP); |
| 529 | } |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 530 | #if (SMP_DEBUG == TRUE) |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 531 | SMP_TRACE_DEBUG("p1 = pres || preq || rat' || iat'"); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 532 | smp_debug_print_nbyte_little_endian ((uint8_t *)p1, (const uint8_t *)"P1", 16); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 533 | #endif |
| 534 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 535 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 536 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 537 | * |
| 538 | * Function smp_gen_p2_4_confirm |
| 539 | * |
| 540 | * Description Generate Confirm/Compare Step2: |
| 541 | * p2 = padding || ia || ra |
| 542 | * |
| 543 | * Returns void |
| 544 | * |
| 545 | ******************************************************************************/ |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 546 | void smp_gen_p2_4_confirm( tSMP_CB *p_cb, BT_OCTET16 p2) |
| 547 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 548 | uint8_t *p = (uint8_t *)p2; |
Ganesh Ganapathi Batta | ead3cde | 2013-02-05 15:22:31 -0800 | [diff] [blame] | 549 | BD_ADDR remote_bda; |
| 550 | tBLE_ADDR_TYPE addr_type = 0; |
| 551 | |
| 552 | if (!BTM_ReadRemoteConnectionAddr(p_cb->pairing_bda, remote_bda, &addr_type)) |
| 553 | { |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 554 | SMP_TRACE_ERROR("can not generate confirm p2 for unknown device"); |
Ganesh Ganapathi Batta | ead3cde | 2013-02-05 15:22:31 -0800 | [diff] [blame] | 555 | return; |
| 556 | } |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 557 | |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 558 | SMP_TRACE_DEBUG ("smp_gen_p2_4_confirm"); |
Ganesh Ganapathi Batta | ead3cde | 2013-02-05 15:22:31 -0800 | [diff] [blame] | 559 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 560 | memset(p, 0, sizeof(BT_OCTET16)); |
| 561 | |
| 562 | if (p_cb->role == HCI_ROLE_MASTER) |
| 563 | { |
| 564 | /* LSB ra */ |
Ganesh Ganapathi Batta | ead3cde | 2013-02-05 15:22:31 -0800 | [diff] [blame] | 565 | BDADDR_TO_STREAM(p, remote_bda); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 566 | /* ia */ |
| 567 | BDADDR_TO_STREAM(p, p_cb->local_bda); |
| 568 | } |
| 569 | else |
| 570 | { |
| 571 | /* LSB ra */ |
| 572 | BDADDR_TO_STREAM(p, p_cb->local_bda); |
| 573 | /* ia */ |
Ganesh Ganapathi Batta | ead3cde | 2013-02-05 15:22:31 -0800 | [diff] [blame] | 574 | BDADDR_TO_STREAM(p, remote_bda); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 575 | } |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 576 | #if (SMP_DEBUG == TRUE) |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 577 | SMP_TRACE_DEBUG("p2 = padding || ia || ra"); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 578 | smp_debug_print_nbyte_little_endian(p2, (const uint8_t *)"p2", 16); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 579 | #endif |
| 580 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 581 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 582 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 583 | * |
| 584 | * Function smp_calculate_comfirm |
| 585 | * |
| 586 | * Description This function is called to calculate Confirm value. |
| 587 | * |
| 588 | * Returns void |
| 589 | * |
| 590 | ******************************************************************************/ |
Myles Watson | d35a648 | 2016-10-27 08:52:16 -0700 | [diff] [blame] | 591 | void smp_calculate_comfirm (tSMP_CB *p_cb, BT_OCTET16 rand, |
| 592 | UNUSED_ATTR BD_ADDR bda) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 593 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 594 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 595 | BT_OCTET16 p1; |
| 596 | tSMP_ENC output; |
| 597 | tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN; |
| 598 | |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 599 | SMP_TRACE_DEBUG ("smp_calculate_comfirm "); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 600 | /* generate p1 = pres || preq || rat' || iat' */ |
| 601 | smp_gen_p1_4_confirm(p_cb, p1); |
| 602 | |
| 603 | /* p1 = rand XOR p1 */ |
| 604 | smp_xor_128(p1, rand); |
| 605 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 606 | smp_debug_print_nbyte_little_endian ((uint8_t *)p1, (const uint8_t *)"P1' = r XOR p1", 16); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 607 | |
| 608 | /* calculate e(k, r XOR p1), where k = TK */ |
| 609 | if (!SMP_Encrypt(p_cb->tk, BT_OCTET16_LEN, p1, BT_OCTET16_LEN, &output)) |
| 610 | { |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 611 | SMP_TRACE_ERROR("smp_generate_csrk failed"); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 612 | smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status); |
| 613 | } |
| 614 | else |
| 615 | { |
| 616 | smp_calculate_comfirm_cont(p_cb, &output); |
| 617 | } |
| 618 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 619 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 620 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 621 | * |
| 622 | * Function smp_calculate_comfirm_cont |
| 623 | * |
| 624 | * Description This function is called when SConfirm/MConfirm is generated |
| 625 | * proceed to send the Confirm request/response to peer device. |
| 626 | * |
| 627 | * Returns void |
| 628 | * |
| 629 | ******************************************************************************/ |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 630 | static void smp_calculate_comfirm_cont(tSMP_CB *p_cb, tSMP_ENC *p) |
| 631 | { |
| 632 | BT_OCTET16 p2; |
| 633 | tSMP_ENC output; |
| 634 | tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN; |
| 635 | |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 636 | SMP_TRACE_DEBUG ("smp_calculate_comfirm_cont "); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 637 | #if (SMP_DEBUG == TRUE) |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 638 | SMP_TRACE_DEBUG("Confirm step 1 p1' = e(k, r XOR p1) Generated"); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 639 | smp_debug_print_nbyte_little_endian (p->param_buf, (const uint8_t *)"C1", 16); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 640 | #endif |
| 641 | |
| 642 | smp_gen_p2_4_confirm(p_cb, p2); |
| 643 | |
| 644 | /* calculate p2 = (p1' XOR p2) */ |
| 645 | smp_xor_128(p2, p->param_buf); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 646 | smp_debug_print_nbyte_little_endian ((uint8_t *)p2, (const uint8_t *)"p2' = C1 xor p2", 16); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 647 | |
| 648 | /* calculate: Confirm = E(k, p1' XOR p2) */ |
| 649 | if (!SMP_Encrypt(p_cb->tk, BT_OCTET16_LEN, p2, BT_OCTET16_LEN, &output)) |
| 650 | { |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 651 | SMP_TRACE_ERROR("smp_calculate_comfirm_cont failed"); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 652 | smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status); |
| 653 | } |
| 654 | else |
| 655 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 656 | switch (p_cb->rand_enc_proc_state) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 657 | { |
| 658 | case SMP_GEN_CONFIRM: |
| 659 | smp_process_confirm(p_cb, &output); |
| 660 | break; |
| 661 | |
| 662 | case SMP_GEN_COMPARE: |
| 663 | smp_process_compare(p_cb, &output); |
| 664 | break; |
| 665 | } |
| 666 | } |
| 667 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 668 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 669 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 670 | * |
| 671 | * Function smp_generate_confirm |
| 672 | * |
| 673 | * Description This function is called when a 48 bits random number is generated |
| 674 | * as SRand or MRand, continue to calculate Sconfirm or MConfirm. |
| 675 | * |
| 676 | * Returns void |
| 677 | * |
| 678 | ******************************************************************************/ |
Myles Watson | d35a648 | 2016-10-27 08:52:16 -0700 | [diff] [blame] | 679 | static void smp_generate_confirm(tSMP_CB *p_cb, |
| 680 | UNUSED_ATTR tSMP_INT_DATA *p_data) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 681 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 682 | SMP_TRACE_DEBUG ("%s", __func__); |
| 683 | p_cb->rand_enc_proc_state = SMP_GEN_CONFIRM; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 684 | smp_debug_print_nbyte_little_endian ((uint8_t *)p_cb->rand, (const uint8_t *)"local rand", 16); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 685 | smp_calculate_comfirm(p_cb, p_cb->rand, p_cb->pairing_bda); |
| 686 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 687 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 688 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 689 | * |
| 690 | * Function smp_generate_compare |
| 691 | * |
| 692 | * Description This function is called to generate SConfirm for Slave device, |
| 693 | * or MSlave for Master device. This function can be also used for |
| 694 | * generating Compare number for confirm value check. |
| 695 | * |
| 696 | * Returns void |
| 697 | * |
| 698 | ******************************************************************************/ |
Myles Watson | d35a648 | 2016-10-27 08:52:16 -0700 | [diff] [blame] | 699 | void smp_generate_compare (tSMP_CB *p_cb, |
| 700 | UNUSED_ATTR tSMP_INT_DATA *p_data) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 701 | { |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 702 | SMP_TRACE_DEBUG ("smp_generate_compare "); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 703 | p_cb->rand_enc_proc_state = SMP_GEN_COMPARE; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 704 | smp_debug_print_nbyte_little_endian ((uint8_t *)p_cb->rrand, (const uint8_t *)"peer rand", 16); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 705 | smp_calculate_comfirm(p_cb, p_cb->rrand, p_cb->local_bda); |
| 706 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 707 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 708 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 709 | * |
| 710 | * Function smp_process_confirm |
| 711 | * |
| 712 | * Description This function is called when SConfirm/MConfirm is generated |
| 713 | * proceed to send the Confirm request/response to peer device. |
| 714 | * |
| 715 | * Returns void |
| 716 | * |
| 717 | ******************************************************************************/ |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 718 | static void smp_process_confirm(tSMP_CB *p_cb, tSMP_ENC *p) |
| 719 | { |
| 720 | tSMP_KEY key; |
| 721 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 722 | SMP_TRACE_DEBUG ("%s", __func__); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 723 | memcpy(p_cb->confirm, p->param_buf, BT_OCTET16_LEN); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 724 | |
| 725 | #if (SMP_DEBUG == TRUE) |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 726 | SMP_TRACE_DEBUG("Confirm Generated"); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 727 | smp_debug_print_nbyte_little_endian ((uint8_t *)p_cb->confirm, (const uint8_t *)"Confirm", 16); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 728 | #endif |
| 729 | |
| 730 | key.key_type = SMP_KEY_TYPE_CFM; |
| 731 | key.p_data = p->param_buf; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 732 | smp_sm_event(p_cb, SMP_KEY_READY_EVT, &key); |
| 733 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 734 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 735 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 736 | * |
| 737 | * Function smp_process_compare |
| 738 | * |
| 739 | * Description This function is called when Compare is generated using the |
| 740 | * RRand and local BDA, TK information. |
| 741 | * |
| 742 | * Returns void |
| 743 | * |
| 744 | ******************************************************************************/ |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 745 | static void smp_process_compare(tSMP_CB *p_cb, tSMP_ENC *p) |
| 746 | { |
| 747 | tSMP_KEY key; |
| 748 | |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 749 | SMP_TRACE_DEBUG ("smp_process_compare "); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 750 | #if (SMP_DEBUG == TRUE) |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 751 | SMP_TRACE_DEBUG("Compare Generated"); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 752 | smp_debug_print_nbyte_little_endian (p->param_buf, (const uint8_t *)"Compare", 16); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 753 | #endif |
| 754 | key.key_type = SMP_KEY_TYPE_CMP; |
| 755 | key.p_data = p->param_buf; |
| 756 | |
| 757 | smp_sm_event(p_cb, SMP_KEY_READY_EVT, &key); |
| 758 | } |
| 759 | |
| 760 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 761 | * |
| 762 | * Function smp_process_stk |
| 763 | * |
| 764 | * Description This function is called when STK is generated |
| 765 | * proceed to send the encrypt the link using STK. |
| 766 | * |
| 767 | * Returns void |
| 768 | * |
| 769 | ******************************************************************************/ |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 770 | static void smp_process_stk(tSMP_CB *p_cb, tSMP_ENC *p) |
| 771 | { |
| 772 | tSMP_KEY key; |
| 773 | |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 774 | SMP_TRACE_DEBUG ("smp_process_stk "); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 775 | #if (SMP_DEBUG == TRUE) |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 776 | SMP_TRACE_ERROR("STK Generated"); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 777 | #endif |
| 778 | smp_mask_enc_key(p_cb->loc_enc_size, p->param_buf); |
| 779 | |
| 780 | key.key_type = SMP_KEY_TYPE_STK; |
| 781 | key.p_data = p->param_buf; |
| 782 | |
| 783 | smp_sm_event(p_cb, SMP_KEY_READY_EVT, &key); |
| 784 | } |
| 785 | |
| 786 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 787 | * |
| 788 | * Function smp_generate_ltk_cont |
| 789 | * |
| 790 | * Description This function is to calculate LTK = d1(ER, DIV, 0)= e(ER, DIV) |
| 791 | * |
| 792 | * Returns void |
| 793 | * |
| 794 | ******************************************************************************/ |
Myles Watson | d35a648 | 2016-10-27 08:52:16 -0700 | [diff] [blame] | 795 | static void smp_generate_ltk_cont(tSMP_CB *p_cb, |
| 796 | UNUSED_ATTR tSMP_INT_DATA *p_data) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 797 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 798 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 799 | BT_OCTET16 er; |
| 800 | tSMP_ENC output; |
| 801 | tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN; |
| 802 | |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 803 | SMP_TRACE_DEBUG ("%s", __func__); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 804 | BTM_GetDeviceEncRoot(er); |
| 805 | |
| 806 | /* LTK = d1(ER, DIV, 0)= e(ER, DIV)*/ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 807 | if (!SMP_Encrypt(er, BT_OCTET16_LEN, (uint8_t *)&p_cb->div, |
| 808 | sizeof(uint16_t), &output)) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 809 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 810 | SMP_TRACE_ERROR("%s failed", __func__); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 811 | smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status); |
| 812 | } |
| 813 | else |
| 814 | { |
| 815 | /* mask the LTK */ |
| 816 | smp_mask_enc_key(p_cb->loc_enc_size, output.param_buf); |
| 817 | memcpy((void *)p_cb->ltk, output.param_buf, BT_OCTET16_LEN); |
| 818 | smp_generate_rand_vector(p_cb, NULL); |
| 819 | } |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 820 | } |
| 821 | |
| 822 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 823 | * |
| 824 | * Function smp_generate_y |
| 825 | * |
| 826 | * Description This function is to proceed generate Y = E(DHK, Rand) |
| 827 | * |
| 828 | * Returns void |
| 829 | * |
| 830 | ******************************************************************************/ |
Myles Watson | d35a648 | 2016-10-27 08:52:16 -0700 | [diff] [blame] | 831 | static void smp_generate_y(tSMP_CB *p_cb, |
| 832 | UNUSED_ATTR tSMP_INT_DATA *p) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 833 | { |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 834 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 835 | BT_OCTET16 dhk; |
| 836 | tSMP_ENC output; |
| 837 | tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 838 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 839 | |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 840 | SMP_TRACE_DEBUG ("smp_generate_y "); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 841 | BTM_GetDeviceDHK(dhk); |
| 842 | |
| 843 | if (!SMP_Encrypt(dhk, BT_OCTET16_LEN, p_cb->enc_rand, |
| 844 | BT_OCTET8_LEN, &output)) |
| 845 | { |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 846 | SMP_TRACE_ERROR("smp_generate_y failed"); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 847 | smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status); |
| 848 | } |
| 849 | else |
| 850 | { |
| 851 | smp_process_ediv(p_cb, &output); |
| 852 | } |
| 853 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 854 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 855 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 856 | * |
| 857 | * Function smp_generate_rand_vector |
| 858 | * |
| 859 | * Description This function is called when LTK is generated, send state machine |
| 860 | * event to SMP. |
| 861 | * |
| 862 | * Returns void |
| 863 | * |
| 864 | ******************************************************************************/ |
Myles Watson | d35a648 | 2016-10-27 08:52:16 -0700 | [diff] [blame] | 865 | static void smp_generate_rand_vector (tSMP_CB *p_cb, |
| 866 | UNUSED_ATTR tSMP_INT_DATA *p) |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 867 | { |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 868 | /* generate EDIV and rand now */ |
| 869 | /* generate random vector */ |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 870 | SMP_TRACE_DEBUG ("smp_generate_rand_vector "); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 871 | p_cb->rand_enc_proc_state = SMP_GEN_RAND_V; |
Jakub Pawlowski | b6ab9b3 | 2016-10-10 09:35:13 -0700 | [diff] [blame] | 872 | btsnd_hcic_ble_rand((void *)smp_rand_back); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 873 | } |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 874 | |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 875 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 876 | * |
| 877 | * Function smp_process_ediv |
| 878 | * |
| 879 | * Description This function is to calculate EDIV = Y xor DIV |
| 880 | * |
| 881 | * Returns void |
| 882 | * |
| 883 | ******************************************************************************/ |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 884 | static void smp_process_ediv(tSMP_CB *p_cb, tSMP_ENC *p) |
| 885 | { |
| 886 | tSMP_KEY key; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 887 | uint8_t *pp= p->param_buf; |
| 888 | uint16_t y; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 889 | |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 890 | SMP_TRACE_DEBUG ("smp_process_ediv "); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 891 | STREAM_TO_UINT16(y, pp); |
| 892 | |
| 893 | /* EDIV = Y xor DIV */ |
| 894 | p_cb->ediv = p_cb->div ^ y; |
| 895 | /* send LTK ready */ |
Sharvil Nanavati | b44cc59 | 2014-05-04 10:03:35 -0700 | [diff] [blame] | 896 | SMP_TRACE_ERROR("LTK ready"); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 897 | key.key_type = SMP_KEY_TYPE_LTK; |
| 898 | key.p_data = p->param_buf; |
| 899 | |
| 900 | smp_sm_event(p_cb, SMP_KEY_READY_EVT, &key); |
| 901 | } |
| 902 | |
| 903 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 904 | * |
| 905 | * Function smp_calculate_legacy_short_term_key |
| 906 | * |
| 907 | * Description The function calculates legacy STK. |
| 908 | * |
| 909 | * Returns false if out of resources, true in other cases. |
| 910 | * |
| 911 | ******************************************************************************/ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 912 | bool smp_calculate_legacy_short_term_key(tSMP_CB *p_cb, tSMP_ENC *output) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 913 | { |
| 914 | BT_OCTET16 ptext; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 915 | uint8_t *p = ptext; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 916 | |
| 917 | SMP_TRACE_DEBUG ("%s", __func__); |
| 918 | memset(p, 0, BT_OCTET16_LEN); |
| 919 | if (p_cb->role == HCI_ROLE_MASTER) |
| 920 | { |
| 921 | memcpy(p, p_cb->rand, BT_OCTET8_LEN); |
| 922 | memcpy(&p[BT_OCTET8_LEN], p_cb->rrand, BT_OCTET8_LEN); |
| 923 | } |
| 924 | else |
| 925 | { |
| 926 | memcpy(p, p_cb->rrand, BT_OCTET8_LEN); |
| 927 | memcpy(&p[BT_OCTET8_LEN], p_cb->rand, BT_OCTET8_LEN); |
| 928 | } |
| 929 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 930 | bool encrypted; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 931 | /* generate STK = Etk(rand|rrand)*/ |
| 932 | encrypted = SMP_Encrypt( p_cb->tk, BT_OCTET16_LEN, ptext, BT_OCTET16_LEN, output); |
| 933 | if (!encrypted) |
| 934 | { |
| 935 | SMP_TRACE_ERROR("%s failed", __func__); |
| 936 | } |
| 937 | return encrypted; |
| 938 | } |
| 939 | |
| 940 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 941 | * |
| 942 | * Function smp_create_private_key |
| 943 | * |
| 944 | * Description This function is called to create private key used to |
| 945 | * calculate public key and DHKey. |
| 946 | * The function starts private key creation requesting controller |
| 947 | * to generate [0-7] octets of private key. |
| 948 | * |
| 949 | * Returns void |
| 950 | * |
| 951 | ******************************************************************************/ |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 952 | void smp_create_private_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) |
| 953 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 954 | SMP_TRACE_DEBUG ("%s",__func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 955 | p_cb->rand_enc_proc_state = SMP_GENERATE_PRIVATE_KEY_0_7; |
Jakub Pawlowski | b6ab9b3 | 2016-10-10 09:35:13 -0700 | [diff] [blame] | 956 | btsnd_hcic_ble_rand((void *)smp_rand_back); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 957 | } |
| 958 | |
| 959 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 960 | * |
| 961 | * Function smp_use_oob_private_key |
| 962 | * |
| 963 | * Description This function is called |
| 964 | * - to save the secret key used to calculate the public key used |
| 965 | * in calculations of commitment sent OOB to a peer |
| 966 | * - to use this secret key to recalculate the public key and |
| 967 | * start the process of sending this public key to the peer |
| 968 | * if secret/public keys have to be reused. |
| 969 | * If the keys aren't supposed to be reused, continue from the |
| 970 | * point from which request for OOB data was issued. |
| 971 | * |
| 972 | * Returns void |
| 973 | * |
| 974 | ******************************************************************************/ |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 975 | void smp_use_oob_private_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) |
| 976 | { |
| 977 | SMP_TRACE_DEBUG ("%s req_oob_type: %d, role: %d", |
| 978 | __func__, p_cb->req_oob_type, p_cb->role); |
| 979 | |
| 980 | switch (p_cb->req_oob_type) |
| 981 | { |
| 982 | case SMP_OOB_BOTH: |
| 983 | case SMP_OOB_LOCAL: |
| 984 | SMP_TRACE_DEBUG("%s restore secret key", __func__) |
| 985 | memcpy(p_cb->private_key, p_cb->sc_oob_data.loc_oob_data.private_key_used, BT_OCTET32_LEN); |
| 986 | smp_process_private_key(p_cb); |
| 987 | break; |
| 988 | default: |
| 989 | SMP_TRACE_DEBUG("%s create secret key anew", __func__); |
| 990 | smp_set_state(SMP_STATE_PAIR_REQ_RSP); |
| 991 | smp_decide_association_model(p_cb, NULL); |
| 992 | break; |
| 993 | } |
| 994 | } |
| 995 | |
| 996 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 997 | * |
| 998 | * Function smp_continue_private_key_creation |
| 999 | * |
| 1000 | * Description This function is used to continue private key creation. |
| 1001 | * |
| 1002 | * Returns void |
| 1003 | * |
| 1004 | ******************************************************************************/ |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1005 | void smp_continue_private_key_creation (tSMP_CB *p_cb, tBTM_RAND_ENC *p) |
| 1006 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1007 | uint8_t state = p_cb->rand_enc_proc_state & ~0x80; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1008 | SMP_TRACE_DEBUG ("%s state=0x%x", __func__, state); |
| 1009 | |
| 1010 | switch (state) |
| 1011 | { |
| 1012 | case SMP_GENERATE_PRIVATE_KEY_0_7: |
| 1013 | memcpy((void *)p_cb->private_key, p->param_buf, p->param_len); |
| 1014 | p_cb->rand_enc_proc_state = SMP_GENERATE_PRIVATE_KEY_8_15; |
Jakub Pawlowski | b6ab9b3 | 2016-10-10 09:35:13 -0700 | [diff] [blame] | 1015 | btsnd_hcic_ble_rand((void *)smp_rand_back); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1016 | break; |
| 1017 | |
| 1018 | case SMP_GENERATE_PRIVATE_KEY_8_15: |
| 1019 | memcpy((void *)&p_cb->private_key[8], p->param_buf, p->param_len); |
| 1020 | p_cb->rand_enc_proc_state = SMP_GENERATE_PRIVATE_KEY_16_23; |
Jakub Pawlowski | b6ab9b3 | 2016-10-10 09:35:13 -0700 | [diff] [blame] | 1021 | btsnd_hcic_ble_rand((void *)smp_rand_back); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1022 | break; |
| 1023 | |
| 1024 | case SMP_GENERATE_PRIVATE_KEY_16_23: |
| 1025 | memcpy((void *)&p_cb->private_key[16], p->param_buf, p->param_len); |
| 1026 | p_cb->rand_enc_proc_state = SMP_GENERATE_PRIVATE_KEY_24_31; |
Jakub Pawlowski | b6ab9b3 | 2016-10-10 09:35:13 -0700 | [diff] [blame] | 1027 | btsnd_hcic_ble_rand((void *)smp_rand_back); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1028 | break; |
| 1029 | |
| 1030 | case SMP_GENERATE_PRIVATE_KEY_24_31: |
| 1031 | memcpy((void *)&p_cb->private_key[24], p->param_buf, p->param_len); |
| 1032 | smp_process_private_key (p_cb); |
| 1033 | break; |
| 1034 | |
| 1035 | default: |
| 1036 | break; |
| 1037 | } |
| 1038 | |
| 1039 | return; |
| 1040 | } |
| 1041 | |
| 1042 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 1043 | * |
| 1044 | * Function smp_process_private_key |
| 1045 | * |
| 1046 | * Description This function processes private key. |
| 1047 | * It calculates public key and notifies SM that private key / |
| 1048 | * public key pair is created. |
| 1049 | * |
| 1050 | * Returns void |
| 1051 | * |
| 1052 | ******************************************************************************/ |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1053 | void smp_process_private_key(tSMP_CB *p_cb) |
| 1054 | { |
| 1055 | Point public_key; |
| 1056 | BT_OCTET32 private_key; |
| 1057 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1058 | SMP_TRACE_DEBUG ("%s", __func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1059 | |
| 1060 | memcpy(private_key, p_cb->private_key, BT_OCTET32_LEN); |
Jakub Pawlowski | 28b20ff | 2016-11-03 14:18:55 -0700 | [diff] [blame] | 1061 | ECC_PointMult(&public_key, &(curve_p256.G), (uint32_t*) private_key, KEY_LENGTH_DWORDS_P256); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1062 | memcpy(p_cb->loc_publ_key.x, public_key.x, BT_OCTET32_LEN); |
| 1063 | memcpy(p_cb->loc_publ_key.y, public_key.y, BT_OCTET32_LEN); |
| 1064 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1065 | smp_debug_print_nbyte_little_endian (p_cb->private_key, (const uint8_t *)"private", |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1066 | BT_OCTET32_LEN); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1067 | smp_debug_print_nbyte_little_endian (p_cb->loc_publ_key.x, (const uint8_t *)"local public(x)", |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1068 | BT_OCTET32_LEN); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1069 | smp_debug_print_nbyte_little_endian (p_cb->loc_publ_key.y, (const uint8_t *)"local public(y)", |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1070 | BT_OCTET32_LEN); |
| 1071 | p_cb->flags |= SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY; |
| 1072 | smp_sm_event(p_cb, SMP_LOC_PUBL_KEY_CRTD_EVT, NULL); |
| 1073 | } |
| 1074 | |
| 1075 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 1076 | * |
| 1077 | * Function smp_compute_dhkey |
| 1078 | * |
| 1079 | * Description The function: |
| 1080 | * - calculates a new public key using as input local private |
| 1081 | * key and peer public key; |
| 1082 | * - saves the new public key x-coordinate as DHKey. |
| 1083 | * |
| 1084 | * Returns void |
| 1085 | * |
| 1086 | ******************************************************************************/ |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1087 | void smp_compute_dhkey (tSMP_CB *p_cb) |
| 1088 | { |
| 1089 | Point peer_publ_key, new_publ_key; |
| 1090 | BT_OCTET32 private_key; |
| 1091 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1092 | SMP_TRACE_DEBUG ("%s", __func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1093 | |
| 1094 | memcpy(private_key, p_cb->private_key, BT_OCTET32_LEN); |
| 1095 | memcpy(peer_publ_key.x, p_cb->peer_publ_key.x, BT_OCTET32_LEN); |
| 1096 | memcpy(peer_publ_key.y, p_cb->peer_publ_key.y, BT_OCTET32_LEN); |
| 1097 | |
Jakub Pawlowski | 28b20ff | 2016-11-03 14:18:55 -0700 | [diff] [blame] | 1098 | ECC_PointMult(&new_publ_key, &peer_publ_key, (uint32_t*) private_key, KEY_LENGTH_DWORDS_P256); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1099 | |
| 1100 | memcpy(p_cb->dhkey, new_publ_key.x, BT_OCTET32_LEN); |
| 1101 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1102 | smp_debug_print_nbyte_little_endian (p_cb->dhkey, (const uint8_t *)"Old DHKey", |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1103 | BT_OCTET32_LEN); |
| 1104 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1105 | smp_debug_print_nbyte_little_endian (p_cb->private_key, (const uint8_t *)"private", |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1106 | BT_OCTET32_LEN); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1107 | smp_debug_print_nbyte_little_endian (p_cb->peer_publ_key.x, (const uint8_t *)"rem public(x)", |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1108 | BT_OCTET32_LEN); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1109 | smp_debug_print_nbyte_little_endian (p_cb->peer_publ_key.y, (const uint8_t *)"rem public(y)", |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1110 | BT_OCTET32_LEN); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1111 | smp_debug_print_nbyte_little_endian (p_cb->dhkey, (const uint8_t *)"Reverted DHKey", |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1112 | BT_OCTET32_LEN); |
| 1113 | } |
| 1114 | |
| 1115 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 1116 | * |
| 1117 | * Function smp_calculate_local_commitment |
| 1118 | * |
| 1119 | * Description The function calculates and saves local commmitment in CB. |
| 1120 | * |
| 1121 | * Returns void |
| 1122 | * |
| 1123 | ******************************************************************************/ |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1124 | void smp_calculate_local_commitment(tSMP_CB *p_cb) |
| 1125 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1126 | uint8_t random_input; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1127 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1128 | SMP_TRACE_DEBUG("%s", __func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1129 | |
| 1130 | switch (p_cb->selected_association_model) |
| 1131 | { |
| 1132 | case SMP_MODEL_SEC_CONN_JUSTWORKS: |
| 1133 | case SMP_MODEL_SEC_CONN_NUM_COMP: |
| 1134 | if (p_cb->role == HCI_ROLE_MASTER) |
| 1135 | SMP_TRACE_WARNING ("local commitment calc on master is not expected \ |
| 1136 | for Just Works/Numeric Comparison models"); |
| 1137 | smp_calculate_f4(p_cb->loc_publ_key.x, p_cb->peer_publ_key.x, p_cb->rand, 0, |
| 1138 | p_cb->commitment); |
| 1139 | break; |
| 1140 | case SMP_MODEL_SEC_CONN_PASSKEY_ENT: |
| 1141 | case SMP_MODEL_SEC_CONN_PASSKEY_DISP: |
| 1142 | random_input = smp_calculate_random_input(p_cb->local_random, p_cb->round); |
| 1143 | smp_calculate_f4(p_cb->loc_publ_key.x, p_cb->peer_publ_key.x, p_cb->rand, |
| 1144 | random_input, p_cb->commitment); |
| 1145 | break; |
| 1146 | case SMP_MODEL_SEC_CONN_OOB: |
| 1147 | SMP_TRACE_WARNING ("local commitment calc is expected for OOB model BEFORE pairing"); |
| 1148 | smp_calculate_f4(p_cb->loc_publ_key.x, p_cb->loc_publ_key.x, p_cb->local_random, 0, |
| 1149 | p_cb->commitment); |
| 1150 | break; |
| 1151 | default: |
| 1152 | SMP_TRACE_ERROR("Association Model = %d is not used in LE SC", |
| 1153 | p_cb->selected_association_model); |
| 1154 | return; |
| 1155 | } |
| 1156 | |
| 1157 | SMP_TRACE_EVENT ("local commitment calculation is completed"); |
| 1158 | } |
| 1159 | |
| 1160 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 1161 | * |
| 1162 | * Function smp_calculate_peer_commitment |
| 1163 | * |
| 1164 | * Description The function calculates and saves peer commmitment at the |
| 1165 | * provided output buffer. |
| 1166 | * |
| 1167 | * Returns void |
| 1168 | * |
| 1169 | ******************************************************************************/ |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1170 | void smp_calculate_peer_commitment(tSMP_CB *p_cb, BT_OCTET16 output_buf) |
| 1171 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1172 | uint8_t ri; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1173 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1174 | SMP_TRACE_DEBUG ("%s", __func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1175 | |
| 1176 | switch (p_cb->selected_association_model) |
| 1177 | { |
| 1178 | case SMP_MODEL_SEC_CONN_JUSTWORKS: |
| 1179 | case SMP_MODEL_SEC_CONN_NUM_COMP: |
| 1180 | if (p_cb->role == HCI_ROLE_SLAVE) |
| 1181 | SMP_TRACE_WARNING ("peer commitment calc on slave is not expected \ |
| 1182 | for Just Works/Numeric Comparison models"); |
| 1183 | smp_calculate_f4(p_cb->peer_publ_key.x, p_cb->loc_publ_key.x, p_cb->rrand, 0, |
| 1184 | output_buf); |
| 1185 | break; |
| 1186 | case SMP_MODEL_SEC_CONN_PASSKEY_ENT: |
| 1187 | case SMP_MODEL_SEC_CONN_PASSKEY_DISP: |
| 1188 | ri = smp_calculate_random_input(p_cb->peer_random, p_cb->round); |
| 1189 | smp_calculate_f4(p_cb->peer_publ_key.x, p_cb->loc_publ_key.x, p_cb->rrand, ri, |
| 1190 | output_buf); |
| 1191 | break; |
| 1192 | case SMP_MODEL_SEC_CONN_OOB: |
| 1193 | smp_calculate_f4(p_cb->peer_publ_key.x, p_cb->peer_publ_key.x, p_cb->peer_random, 0, |
| 1194 | output_buf); |
| 1195 | break; |
| 1196 | default: |
| 1197 | SMP_TRACE_ERROR("Association Model = %d is not used in LE SC", |
| 1198 | p_cb->selected_association_model); |
| 1199 | return; |
| 1200 | } |
| 1201 | |
| 1202 | SMP_TRACE_EVENT ("peer commitment calculation is completed"); |
| 1203 | } |
| 1204 | |
| 1205 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 1206 | * |
| 1207 | * Function smp_calculate_f4 |
| 1208 | * |
| 1209 | * Description The function calculates |
| 1210 | * C = f4(U, V, X, Z) = AES-CMAC (U||V||Z) |
| 1211 | * X |
| 1212 | * where |
| 1213 | * input: U is 256 bit, |
| 1214 | * V is 256 bit, |
| 1215 | * X is 128 bit, |
| 1216 | * Z is 8 bit, |
| 1217 | * output: C is 128 bit. |
| 1218 | * |
| 1219 | * Returns void |
| 1220 | * |
| 1221 | * Note The LSB is the first octet, the MSB is the last octet of |
| 1222 | * the AES-CMAC input/output stream. |
| 1223 | * |
| 1224 | ******************************************************************************/ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1225 | void smp_calculate_f4(uint8_t *u, uint8_t *v, uint8_t *x, uint8_t z, uint8_t *c) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1226 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1227 | uint8_t msg_len = BT_OCTET32_LEN /* U size */ + BT_OCTET32_LEN /* V size */ + 1 /* Z size */; |
| 1228 | uint8_t msg[BT_OCTET32_LEN + BT_OCTET32_LEN + 1]; |
| 1229 | uint8_t key[BT_OCTET16_LEN]; |
| 1230 | uint8_t cmac[BT_OCTET16_LEN]; |
| 1231 | uint8_t *p = NULL; |
| 1232 | #if (SMP_DEBUG == TRUE) |
| 1233 | uint8_t *p_prnt = NULL; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1234 | #endif |
| 1235 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1236 | SMP_TRACE_DEBUG ("%s", __func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1237 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1238 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1239 | p_prnt = u; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1240 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"U", BT_OCTET32_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1241 | p_prnt = v; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1242 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"V", BT_OCTET32_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1243 | p_prnt = x; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1244 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"X", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1245 | p_prnt = &z; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1246 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"Z", 1); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1247 | #endif |
| 1248 | |
| 1249 | p = msg; |
| 1250 | UINT8_TO_STREAM(p, z); |
| 1251 | ARRAY_TO_STREAM(p, v, BT_OCTET32_LEN); |
| 1252 | ARRAY_TO_STREAM(p, u, BT_OCTET32_LEN); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1253 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1254 | p_prnt = msg; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1255 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"M", msg_len); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1256 | #endif |
| 1257 | |
| 1258 | p = key; |
| 1259 | ARRAY_TO_STREAM(p, x, BT_OCTET16_LEN); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1260 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1261 | p_prnt = key; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1262 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"K", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1263 | #endif |
| 1264 | |
| 1265 | aes_cipher_msg_auth_code(key, msg, msg_len, BT_OCTET16_LEN, cmac); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1266 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1267 | p_prnt = cmac; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1268 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"AES_CMAC", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1269 | #endif |
| 1270 | |
| 1271 | p = c; |
| 1272 | ARRAY_TO_STREAM(p, cmac, BT_OCTET16_LEN); |
| 1273 | } |
| 1274 | |
| 1275 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 1276 | * |
| 1277 | * Function smp_calculate_numeric_comparison_display_number |
| 1278 | * |
| 1279 | * Description The function calculates and saves number to display in numeric |
| 1280 | * comparison association mode. |
| 1281 | * |
| 1282 | * Returns void |
| 1283 | * |
| 1284 | ******************************************************************************/ |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1285 | void smp_calculate_numeric_comparison_display_number(tSMP_CB *p_cb, |
| 1286 | tSMP_INT_DATA *p_data) |
| 1287 | { |
| 1288 | SMP_TRACE_DEBUG ("%s", __func__); |
| 1289 | |
| 1290 | if (p_cb->role == HCI_ROLE_MASTER) |
| 1291 | { |
| 1292 | p_cb->number_to_display = |
| 1293 | smp_calculate_g2(p_cb->loc_publ_key.x, p_cb->peer_publ_key.x, p_cb->rand, |
| 1294 | p_cb->rrand); |
| 1295 | } |
| 1296 | else |
| 1297 | { |
| 1298 | p_cb->number_to_display = |
| 1299 | smp_calculate_g2(p_cb->peer_publ_key.x, p_cb->loc_publ_key.x, p_cb->rrand, |
| 1300 | p_cb->rand); |
| 1301 | } |
| 1302 | |
| 1303 | if (p_cb->number_to_display >= (BTM_MAX_PASSKEY_VAL + 1)) |
| 1304 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1305 | uint8_t reason; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1306 | reason = p_cb->failure = SMP_PAIR_FAIL_UNKNOWN; |
| 1307 | smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); |
| 1308 | return; |
| 1309 | } |
| 1310 | |
| 1311 | SMP_TRACE_EVENT("Number to display in numeric comparison = %d", p_cb->number_to_display); |
| 1312 | p_cb->cb_evt = SMP_NC_REQ_EVT; |
| 1313 | smp_sm_event(p_cb, SMP_SC_DSPL_NC_EVT, &p_cb->number_to_display); |
| 1314 | return; |
| 1315 | } |
| 1316 | |
| 1317 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 1318 | * |
| 1319 | * Function smp_calculate_g2 |
| 1320 | * |
| 1321 | * Description The function calculates |
| 1322 | * g2(U, V, X, Y) = AES-CMAC (U||V||Y) mod 2**32 mod 10**6 |
| 1323 | * X |
| 1324 | * and |
| 1325 | * Vres = g2(U, V, X, Y) mod 10**6 |
| 1326 | * where |
| 1327 | * input: U is 256 bit, |
| 1328 | * V is 256 bit, |
| 1329 | * X is 128 bit, |
| 1330 | * Y is 128 bit, |
| 1331 | * |
| 1332 | * Returns Vres. |
| 1333 | * Expected value has to be in the range [0 - 999999] i.e. [0 - 0xF423F]. |
| 1334 | * Vres = 1000000 means that the calculation fails. |
| 1335 | * |
| 1336 | * Note The LSB is the first octet, the MSB is the last octet of |
| 1337 | * the AES-CMAC input/output stream. |
| 1338 | * |
| 1339 | ******************************************************************************/ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1340 | uint32_t smp_calculate_g2(uint8_t *u, uint8_t *v, uint8_t *x, uint8_t *y) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1341 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1342 | uint8_t msg_len = BT_OCTET32_LEN /* U size */ + BT_OCTET32_LEN /* V size */ |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1343 | + BT_OCTET16_LEN /* Y size */; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1344 | uint8_t msg[BT_OCTET32_LEN + BT_OCTET32_LEN + BT_OCTET16_LEN]; |
| 1345 | uint8_t key[BT_OCTET16_LEN]; |
| 1346 | uint8_t cmac[BT_OCTET16_LEN]; |
| 1347 | uint8_t *p = NULL; |
| 1348 | uint32_t vres; |
| 1349 | #if (SMP_DEBUG == TRUE) |
| 1350 | uint8_t *p_prnt = NULL; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1351 | #endif |
| 1352 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1353 | SMP_TRACE_DEBUG ("%s", __func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1354 | |
| 1355 | p = msg; |
| 1356 | ARRAY_TO_STREAM(p, y, BT_OCTET16_LEN); |
| 1357 | ARRAY_TO_STREAM(p, v, BT_OCTET32_LEN); |
| 1358 | ARRAY_TO_STREAM(p, u, BT_OCTET32_LEN); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1359 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1360 | p_prnt = u; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1361 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"U", BT_OCTET32_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1362 | p_prnt = v; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1363 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"V", BT_OCTET32_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1364 | p_prnt = x; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1365 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"X", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1366 | p_prnt = y; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1367 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"Y", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1368 | #endif |
| 1369 | |
| 1370 | p = key; |
| 1371 | ARRAY_TO_STREAM(p, x, BT_OCTET16_LEN); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1372 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1373 | p_prnt = key; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1374 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"K", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1375 | #endif |
| 1376 | |
| 1377 | if(!aes_cipher_msg_auth_code(key, msg, msg_len, BT_OCTET16_LEN, cmac)) |
| 1378 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1379 | SMP_TRACE_ERROR("%s failed",__func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1380 | return (BTM_MAX_PASSKEY_VAL + 1); |
| 1381 | } |
| 1382 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1383 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1384 | p_prnt = cmac; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1385 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"AES-CMAC", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1386 | #endif |
| 1387 | |
| 1388 | /* vres = cmac mod 2**32 mod 10**6 */ |
| 1389 | p = &cmac[0]; |
| 1390 | STREAM_TO_UINT32(vres, p); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1391 | #if (SMP_DEBUG == TRUE) |
| 1392 | p_prnt = (uint8_t *) &vres; |
| 1393 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"cmac mod 2**32", 4); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1394 | #endif |
| 1395 | |
| 1396 | while (vres > BTM_MAX_PASSKEY_VAL) |
| 1397 | vres -= (BTM_MAX_PASSKEY_VAL + 1); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1398 | #if (SMP_DEBUG == TRUE) |
| 1399 | p_prnt = (uint8_t *) &vres; |
| 1400 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"cmac mod 2**32 mod 10**6", 4); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1401 | #endif |
| 1402 | |
| 1403 | SMP_TRACE_ERROR("Value for numeric comparison = %d", vres); |
| 1404 | return vres; |
| 1405 | } |
| 1406 | |
| 1407 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 1408 | * |
| 1409 | * Function smp_calculate_f5 |
| 1410 | * |
| 1411 | * Description The function provides two AES-CMAC that are supposed to be used as |
| 1412 | * - MacKey (MacKey is used in pairing DHKey check calculation); |
| 1413 | * - LTK (LTK is used to ecrypt the link after completion of Phase 2 |
| 1414 | * and on reconnection, to derive BR/EDR LK). |
| 1415 | * The function inputs are W, N1, N2, A1, A2. |
| 1416 | * F5 rules: |
| 1417 | * - the value used as key in MacKey/LTK (T) is calculated |
| 1418 | * (function smp_calculate_f5_key(...)); |
| 1419 | * The formula is: |
| 1420 | * T = AES-CMAC (W) |
| 1421 | * salt |
| 1422 | * where salt is internal parameter of smp_calculate_f5_key(...). |
| 1423 | * - MacKey and LTK are calculated as AES-MAC values received with the |
| 1424 | * key T calculated in the previous step and the plaintext message |
| 1425 | * built from the external parameters N1, N2, A1, A2 and the internal |
| 1426 | * parameters counter, keyID, length. |
| 1427 | * The function smp_calculate_f5_mackey_or_long_term_key(...) is used in the |
| 1428 | * calculations. |
| 1429 | * The same formula is used in calculation of MacKey and LTK and the |
| 1430 | * same parameter values except the value of the internal parameter |
| 1431 | * counter: |
| 1432 | * - in MacKey calculations the value is 0; |
| 1433 | * - in LTK calculations the value is 1. |
| 1434 | * MacKey = AES-CMAC (Counter=0||keyID||N1||N2||A1||A2||Length=256) |
| 1435 | * T |
| 1436 | * LTK = AES-CMAC (Counter=1||keyID||N1||N2||A1||A2||Length=256) |
| 1437 | * T |
| 1438 | * The parameters are |
| 1439 | * input: |
| 1440 | * W is 256 bits, |
| 1441 | * N1 is 128 bits, |
| 1442 | * N2 is 128 bits, |
| 1443 | * A1 is 56 bit, |
| 1444 | * A2 is 56 bit. |
| 1445 | * internal: |
| 1446 | * Counter is 8 bits, its value is 0 for MacKey, |
| 1447 | * 1 for LTK; |
| 1448 | * KeyId is 32 bits, its value is |
| 1449 | * 0x62746c65 (MSB~LSB); |
| 1450 | * Length is 16 bits, its value is 0x0100 |
| 1451 | * (MSB~LSB). |
| 1452 | * output: |
| 1453 | * MacKey is 128 bits; |
| 1454 | * LTK is 128 bits |
| 1455 | * |
| 1456 | * Returns false if out of resources, true in other cases. |
| 1457 | * |
| 1458 | * Note The LSB is the first octet, the MSB is the last octet of |
| 1459 | * the AES-CMAC input/output stream. |
| 1460 | * |
| 1461 | ******************************************************************************/ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1462 | bool smp_calculate_f5(uint8_t *w, uint8_t *n1, uint8_t *n2, uint8_t *a1, uint8_t *a2, |
| 1463 | uint8_t *mac_key, uint8_t *ltk) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1464 | { |
| 1465 | BT_OCTET16 t; /* AES-CMAC output in smp_calculate_f5_key(...), key in */ |
| 1466 | /* smp_calculate_f5_mackey_or_long_term_key(...) */ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1467 | #if (SMP_DEBUG == TRUE) |
| 1468 | uint8_t *p_prnt = NULL; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1469 | #endif |
| 1470 | /* internal parameters: */ |
| 1471 | |
| 1472 | /* |
| 1473 | counter is 0 for MacKey, |
| 1474 | is 1 for LTK |
| 1475 | */ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1476 | uint8_t counter_mac_key[1] = {0}; |
| 1477 | uint8_t counter_ltk[1] = {1}; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1478 | /* |
| 1479 | keyID 62746c65 |
| 1480 | */ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1481 | uint8_t key_id[4] = {0x65, 0x6c, 0x74, 0x62}; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1482 | /* |
| 1483 | length 0100 |
| 1484 | */ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1485 | uint8_t length[2] = {0x00, 0x01}; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1486 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1487 | SMP_TRACE_DEBUG ("%s", __func__); |
| 1488 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1489 | p_prnt = w; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1490 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"W", BT_OCTET32_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1491 | p_prnt = n1; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1492 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"N1", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1493 | p_prnt = n2; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1494 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"N2", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1495 | p_prnt = a1; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1496 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"A1", 7); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1497 | p_prnt = a2; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1498 | smp_debug_print_nbyte_little_endian (p_prnt,(const uint8_t *) "A2", 7); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1499 | #endif |
| 1500 | |
| 1501 | if (!smp_calculate_f5_key(w, t)) |
| 1502 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1503 | SMP_TRACE_ERROR("%s failed to calc T",__func__); |
| 1504 | return false; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1505 | } |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1506 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1507 | p_prnt = t; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1508 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"T", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1509 | #endif |
| 1510 | |
| 1511 | if (!smp_calculate_f5_mackey_or_long_term_key(t, counter_mac_key, key_id, n1, n2, a1, a2, |
| 1512 | length, mac_key)) |
| 1513 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1514 | SMP_TRACE_ERROR("%s failed to calc MacKey", __func__); |
| 1515 | return false; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1516 | } |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1517 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1518 | p_prnt = mac_key; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1519 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"MacKey", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1520 | #endif |
| 1521 | |
| 1522 | if (!smp_calculate_f5_mackey_or_long_term_key(t, counter_ltk, key_id, n1, n2, a1, a2, |
| 1523 | length, ltk)) |
| 1524 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1525 | SMP_TRACE_ERROR("%s failed to calc LTK",__func__); |
| 1526 | return false; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1527 | } |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1528 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1529 | p_prnt = ltk; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1530 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"LTK", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1531 | #endif |
| 1532 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1533 | return true; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1534 | } |
| 1535 | |
| 1536 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 1537 | * |
| 1538 | * Function smp_calculate_f5_mackey_or_long_term_key |
| 1539 | * |
| 1540 | * Description The function calculates the value of MacKey or LTK by the rules |
| 1541 | * defined for f5 function. |
| 1542 | * At the moment exactly the same formula is used to calculate |
| 1543 | * LTK and MacKey. |
| 1544 | * The difference is the value of input parameter Counter: |
| 1545 | * - in MacKey calculations the value is 0; |
| 1546 | * - in LTK calculations the value is 1. |
| 1547 | * The formula: |
| 1548 | * mac = AES-CMAC (Counter||keyID||N1||N2||A1||A2||Length) |
| 1549 | * T |
| 1550 | * where |
| 1551 | * input: T is 256 bits; |
| 1552 | * Counter is 8 bits, its value is 0 for MacKey, |
| 1553 | * 1 for LTK; |
| 1554 | * keyID is 32 bits, its value is 0x62746c65; |
| 1555 | * N1 is 128 bits; |
| 1556 | * N2 is 128 bits; |
| 1557 | * A1 is 56 bits; |
| 1558 | * A2 is 56 bits; |
| 1559 | * Length is 16 bits, its value is 0x0100 |
| 1560 | * output: LTK is 128 bit. |
| 1561 | * |
| 1562 | * Returns false if out of resources, true in other cases. |
| 1563 | * |
| 1564 | * Note The LSB is the first octet, the MSB is the last octet of |
| 1565 | * the AES-CMAC input/output stream. |
| 1566 | * |
| 1567 | ******************************************************************************/ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1568 | bool smp_calculate_f5_mackey_or_long_term_key(uint8_t *t, uint8_t *counter, |
| 1569 | uint8_t *key_id, uint8_t *n1, uint8_t *n2, uint8_t *a1, uint8_t *a2, |
| 1570 | uint8_t *length, uint8_t *mac) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1571 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1572 | uint8_t *p = NULL; |
| 1573 | uint8_t cmac[BT_OCTET16_LEN]; |
| 1574 | uint8_t key[BT_OCTET16_LEN]; |
| 1575 | uint8_t msg_len = 1 /* Counter size */ + 4 /* keyID size */ + |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1576 | BT_OCTET16_LEN /* N1 size */ + BT_OCTET16_LEN /* N2 size */ + |
| 1577 | 7 /* A1 size*/ + 7 /* A2 size*/ + 2 /* Length size */; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1578 | uint8_t msg[1 + 4 + BT_OCTET16_LEN + BT_OCTET16_LEN + 7 + 7 + 2]; |
| 1579 | bool ret = true; |
| 1580 | #if (SMP_DEBUG == TRUE) |
| 1581 | uint8_t *p_prnt = NULL; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1582 | #endif |
| 1583 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1584 | SMP_TRACE_DEBUG ("%s", __func__); |
| 1585 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1586 | p_prnt = t; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1587 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"T", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1588 | p_prnt = counter; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1589 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"Counter", 1); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1590 | p_prnt = key_id; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1591 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"KeyID", 4); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1592 | p_prnt = n1; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1593 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"N1", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1594 | p_prnt = n2; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1595 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"N2", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1596 | p_prnt = a1; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1597 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"A1", 7); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1598 | p_prnt = a2; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1599 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"A2", 7); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1600 | p_prnt = length; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1601 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"Length", 2); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1602 | #endif |
| 1603 | |
| 1604 | p = key; |
| 1605 | ARRAY_TO_STREAM(p, t, BT_OCTET16_LEN); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1606 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1607 | p_prnt = key; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1608 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"K", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1609 | #endif |
| 1610 | p = msg; |
| 1611 | ARRAY_TO_STREAM(p, length, 2); |
| 1612 | ARRAY_TO_STREAM(p, a2, 7); |
| 1613 | ARRAY_TO_STREAM(p, a1, 7); |
| 1614 | ARRAY_TO_STREAM(p, n2, BT_OCTET16_LEN); |
| 1615 | ARRAY_TO_STREAM(p, n1, BT_OCTET16_LEN); |
| 1616 | ARRAY_TO_STREAM(p, key_id, 4); |
| 1617 | ARRAY_TO_STREAM(p, counter, 1); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1618 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1619 | p_prnt = msg; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1620 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"M", msg_len); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1621 | #endif |
| 1622 | |
| 1623 | if (!aes_cipher_msg_auth_code(key, msg, msg_len, BT_OCTET16_LEN, cmac)) |
| 1624 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1625 | SMP_TRACE_ERROR("%s failed", __func__); |
| 1626 | ret = false; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1627 | } |
| 1628 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1629 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1630 | p_prnt = cmac; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1631 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"AES-CMAC", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1632 | #endif |
| 1633 | |
| 1634 | p = mac; |
| 1635 | ARRAY_TO_STREAM(p, cmac, BT_OCTET16_LEN); |
| 1636 | return ret; |
| 1637 | } |
| 1638 | |
| 1639 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 1640 | * |
| 1641 | * Function smp_calculate_f5_key |
| 1642 | * |
| 1643 | * Description The function calculates key T used in calculation of |
| 1644 | * MacKey and LTK (f5 output is defined as MacKey || LTK). |
| 1645 | * T = AES-CMAC (W) |
| 1646 | * salt |
| 1647 | * where |
| 1648 | * Internal: salt is 128 bit. |
| 1649 | * input: W is 256 bit. |
| 1650 | * Output: T is 128 bit. |
| 1651 | * |
| 1652 | * Returns false if out of resources, true in other cases. |
| 1653 | * |
| 1654 | * Note The LSB is the first octet, the MSB is the last octet of |
| 1655 | * the AES-CMAC input/output stream. |
| 1656 | * |
| 1657 | ******************************************************************************/ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1658 | bool smp_calculate_f5_key(uint8_t *w, uint8_t *t) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1659 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1660 | uint8_t *p = NULL; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1661 | /* Please see 2.2.7 LE Secure Connections Key Generation Function f5 */ |
| 1662 | /* |
| 1663 | salt: 6C88 8391 AAF5 A538 6037 0BDB 5A60 83BE |
| 1664 | */ |
| 1665 | BT_OCTET16 salt = { |
| 1666 | 0xBE, 0x83, 0x60, 0x5A, 0xDB, 0x0B, 0x37, 0x60, |
| 1667 | 0x38, 0xA5, 0xF5, 0xAA, 0x91, 0x83, 0x88, 0x6C |
| 1668 | }; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1669 | #if (SMP_DEBUG == TRUE) |
| 1670 | uint8_t *p_prnt = NULL; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1671 | #endif |
| 1672 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1673 | SMP_TRACE_DEBUG ("%s", __func__); |
| 1674 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1675 | p_prnt = salt; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1676 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"salt", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1677 | p_prnt = w; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1678 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"W", BT_OCTET32_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1679 | #endif |
| 1680 | |
| 1681 | BT_OCTET16 key; |
| 1682 | BT_OCTET32 msg; |
| 1683 | |
| 1684 | p = key; |
| 1685 | ARRAY_TO_STREAM(p, salt, BT_OCTET16_LEN); |
| 1686 | p = msg; |
| 1687 | ARRAY_TO_STREAM(p, w, BT_OCTET32_LEN); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1688 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1689 | p_prnt = key; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1690 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"K", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1691 | p_prnt = msg; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1692 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"M", BT_OCTET32_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1693 | #endif |
| 1694 | |
| 1695 | BT_OCTET16 cmac; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1696 | bool ret = true; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1697 | if (!aes_cipher_msg_auth_code(key, msg, BT_OCTET32_LEN, BT_OCTET16_LEN, cmac)) |
| 1698 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1699 | SMP_TRACE_ERROR("%s failed", __func__); |
| 1700 | ret = false; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1701 | } |
| 1702 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1703 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1704 | p_prnt = cmac; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1705 | smp_debug_print_nbyte_little_endian (p_prnt, (const uint8_t *)"AES-CMAC", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1706 | #endif |
| 1707 | |
| 1708 | p = t; |
| 1709 | ARRAY_TO_STREAM(p, cmac, BT_OCTET16_LEN); |
| 1710 | return ret; |
| 1711 | } |
| 1712 | |
| 1713 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 1714 | * |
| 1715 | * Function smp_calculate_local_dhkey_check |
| 1716 | * |
| 1717 | * Description The function calculates and saves local device DHKey check |
| 1718 | * value in CB. |
| 1719 | * Before doing this it calls smp_calculate_f5_mackey_and_long_term_key(...). |
| 1720 | * to calculate MacKey and LTK. |
| 1721 | * MacKey is used in dhkey calculation. |
| 1722 | * |
| 1723 | * Returns void |
| 1724 | * |
| 1725 | ******************************************************************************/ |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1726 | void smp_calculate_local_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) |
| 1727 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1728 | uint8_t iocap[3], a[7], b[7]; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1729 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1730 | SMP_TRACE_DEBUG ("%s", __func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1731 | |
| 1732 | smp_calculate_f5_mackey_and_long_term_key(p_cb); |
| 1733 | |
| 1734 | smp_collect_local_io_capabilities(iocap, p_cb); |
| 1735 | |
| 1736 | smp_collect_local_ble_address(a, p_cb); |
| 1737 | smp_collect_peer_ble_address(b, p_cb); |
| 1738 | smp_calculate_f6(p_cb->mac_key, p_cb->rand, p_cb->rrand, p_cb->peer_random, iocap, a, b, |
| 1739 | p_cb->dhkey_check); |
| 1740 | |
| 1741 | SMP_TRACE_EVENT ("local DHKey check calculation is completed"); |
| 1742 | } |
| 1743 | |
| 1744 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 1745 | * |
| 1746 | * Function smp_calculate_peer_dhkey_check |
| 1747 | * |
| 1748 | * Description The function calculates peer device DHKey check value. |
| 1749 | * |
| 1750 | * Returns void |
| 1751 | * |
| 1752 | ******************************************************************************/ |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1753 | void smp_calculate_peer_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) |
| 1754 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1755 | uint8_t iocap[3], a[7], b[7]; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1756 | BT_OCTET16 param_buf; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1757 | bool ret; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1758 | tSMP_KEY key; |
| 1759 | tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN; |
| 1760 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1761 | SMP_TRACE_DEBUG ("%s", __func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1762 | |
| 1763 | smp_collect_peer_io_capabilities(iocap, p_cb); |
| 1764 | |
| 1765 | smp_collect_local_ble_address(a, p_cb); |
| 1766 | smp_collect_peer_ble_address(b, p_cb); |
| 1767 | ret = smp_calculate_f6(p_cb->mac_key, p_cb->rrand, p_cb->rand, p_cb->local_random, iocap, |
| 1768 | b, a, param_buf); |
| 1769 | |
| 1770 | if (ret) |
| 1771 | { |
| 1772 | SMP_TRACE_EVENT ("peer DHKey check calculation is completed"); |
| 1773 | #if (SMP_DEBUG == TRUE) |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1774 | smp_debug_print_nbyte_little_endian (param_buf, (const uint8_t *)"peer DHKey check", |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1775 | BT_OCTET16_LEN); |
| 1776 | #endif |
| 1777 | key.key_type = SMP_KEY_TYPE_PEER_DHK_CHCK; |
| 1778 | key.p_data = param_buf; |
| 1779 | smp_sm_event(p_cb, SMP_SC_KEY_READY_EVT, &key); |
| 1780 | } |
| 1781 | else |
| 1782 | { |
| 1783 | SMP_TRACE_EVENT ("peer DHKey check calculation failed"); |
| 1784 | smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status); |
| 1785 | } |
| 1786 | } |
| 1787 | |
| 1788 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 1789 | * |
| 1790 | * Function smp_calculate_f6 |
| 1791 | * |
| 1792 | * Description The function calculates |
| 1793 | * C = f6(W, N1, N2, R, IOcap, A1, A2) = AES-CMAC (N1||N2||R||IOcap||A1||A2) |
| 1794 | * W |
| 1795 | * where |
| 1796 | * input: W is 128 bit, |
| 1797 | * N1 is 128 bit, |
| 1798 | * N2 is 128 bit, |
| 1799 | * R is 128 bit, |
| 1800 | * IOcap is 24 bit, |
| 1801 | * A1 is 56 bit, |
| 1802 | * A2 is 56 bit, |
| 1803 | * output: C is 128 bit. |
| 1804 | * |
| 1805 | * Returns false if out of resources, true in other cases. |
| 1806 | * |
| 1807 | * Note The LSB is the first octet, the MSB is the last octet of |
| 1808 | * the AES-CMAC input/output stream. |
| 1809 | * |
| 1810 | ******************************************************************************/ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1811 | bool smp_calculate_f6(uint8_t *w, uint8_t *n1, uint8_t *n2, uint8_t *r, uint8_t *iocap, uint8_t *a1, |
| 1812 | uint8_t *a2, uint8_t *c) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1813 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1814 | uint8_t *p = NULL; |
| 1815 | uint8_t msg_len = BT_OCTET16_LEN /* N1 size */ + BT_OCTET16_LEN /* N2 size */ + |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1816 | BT_OCTET16_LEN /* R size */ + 3 /* IOcap size */ + 7 /* A1 size*/ |
| 1817 | + 7 /* A2 size*/; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1818 | uint8_t msg[BT_OCTET16_LEN + BT_OCTET16_LEN + BT_OCTET16_LEN + 3 + 7 + 7]; |
| 1819 | #if (SMP_DEBUG == TRUE) |
| 1820 | uint8_t *p_print = NULL; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1821 | #endif |
| 1822 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1823 | SMP_TRACE_DEBUG ("%s", __func__); |
| 1824 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1825 | p_print = w; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1826 | smp_debug_print_nbyte_little_endian (p_print, (const uint8_t *)"W", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1827 | p_print = n1; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1828 | smp_debug_print_nbyte_little_endian (p_print, (const uint8_t *)"N1", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1829 | p_print = n2; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1830 | smp_debug_print_nbyte_little_endian (p_print, (const uint8_t *)"N2", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1831 | p_print = r; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1832 | smp_debug_print_nbyte_little_endian (p_print, (const uint8_t *)"R", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1833 | p_print = iocap; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1834 | smp_debug_print_nbyte_little_endian (p_print, (const uint8_t *)"IOcap", 3); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1835 | p_print = a1; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1836 | smp_debug_print_nbyte_little_endian (p_print, (const uint8_t *)"A1", 7); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1837 | p_print = a2; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1838 | smp_debug_print_nbyte_little_endian (p_print, (const uint8_t *)"A2", 7); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1839 | #endif |
| 1840 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1841 | uint8_t cmac[BT_OCTET16_LEN]; |
| 1842 | uint8_t key[BT_OCTET16_LEN]; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1843 | |
| 1844 | p = key; |
| 1845 | ARRAY_TO_STREAM(p, w, BT_OCTET16_LEN); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1846 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1847 | p_print = key; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1848 | smp_debug_print_nbyte_little_endian (p_print, (const uint8_t *)"K", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1849 | #endif |
| 1850 | |
| 1851 | p = msg; |
| 1852 | ARRAY_TO_STREAM(p, a2, 7); |
| 1853 | ARRAY_TO_STREAM(p, a1, 7); |
| 1854 | ARRAY_TO_STREAM(p, iocap, 3); |
| 1855 | ARRAY_TO_STREAM(p, r, BT_OCTET16_LEN); |
| 1856 | ARRAY_TO_STREAM(p, n2, BT_OCTET16_LEN); |
| 1857 | ARRAY_TO_STREAM(p, n1, BT_OCTET16_LEN); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1858 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1859 | p_print = msg; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1860 | smp_debug_print_nbyte_little_endian (p_print, (const uint8_t *)"M", msg_len); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1861 | #endif |
| 1862 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1863 | bool ret = true; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1864 | if(!aes_cipher_msg_auth_code(key, msg, msg_len, BT_OCTET16_LEN, cmac)) |
| 1865 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1866 | SMP_TRACE_ERROR("%s failed", __func__); |
| 1867 | ret = false; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1868 | } |
| 1869 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1870 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1871 | p_print = cmac; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1872 | smp_debug_print_nbyte_little_endian (p_print, (const uint8_t *)"AES-CMAC", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1873 | #endif |
| 1874 | |
| 1875 | p = c; |
| 1876 | ARRAY_TO_STREAM(p, cmac, BT_OCTET16_LEN); |
| 1877 | return ret; |
| 1878 | } |
| 1879 | |
| 1880 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 1881 | * |
| 1882 | * Function smp_calculate_link_key_from_long_term_key |
| 1883 | * |
| 1884 | * Description The function calculates and saves BR/EDR link key derived from |
| 1885 | * LE SC LTK. |
| 1886 | * |
| 1887 | * Returns false if out of resources, true in other cases. |
| 1888 | * |
| 1889 | ******************************************************************************/ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1890 | bool smp_calculate_link_key_from_long_term_key(tSMP_CB *p_cb) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1891 | { |
| 1892 | tBTM_SEC_DEV_REC *p_dev_rec; |
Chaojing Sun | e280553 | 2015-04-22 13:40:21 -0700 | [diff] [blame] | 1893 | BD_ADDR bda_for_lk; |
| 1894 | tBLE_ADDR_TYPE conn_addr_type; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1895 | |
| 1896 | SMP_TRACE_DEBUG ("%s", __func__); |
| 1897 | |
Chaojing Sun | e280553 | 2015-04-22 13:40:21 -0700 | [diff] [blame] | 1898 | if (p_cb->id_addr_rcvd && p_cb->id_addr_type == BLE_ADDR_PUBLIC) |
| 1899 | { |
| 1900 | SMP_TRACE_DEBUG ("Use rcvd identity address as BD_ADDR of LK rcvd identity address"); |
| 1901 | memcpy(bda_for_lk, p_cb->id_addr, BD_ADDR_LEN); |
| 1902 | } |
| 1903 | else if ((BTM_ReadRemoteConnectionAddr(p_cb->pairing_bda, bda_for_lk, &conn_addr_type)) && |
| 1904 | conn_addr_type == BLE_ADDR_PUBLIC) |
| 1905 | { |
| 1906 | SMP_TRACE_DEBUG ("Use rcvd connection address as BD_ADDR of LK"); |
| 1907 | } |
| 1908 | else |
| 1909 | { |
| 1910 | SMP_TRACE_WARNING ("Don't have peer public address to associate with LK"); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1911 | return false; |
Chaojing Sun | e280553 | 2015-04-22 13:40:21 -0700 | [diff] [blame] | 1912 | } |
| 1913 | |
Marie Janssen | f33b6f4 | 2016-11-22 15:01:42 -0800 | [diff] [blame] | 1914 | p_dev_rec = btm_find_dev(p_cb->pairing_bda); |
| 1915 | if (p_dev_rec == NULL) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1916 | { |
| 1917 | SMP_TRACE_ERROR("%s failed to find Security Record", __func__); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1918 | return false; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1919 | } |
| 1920 | |
| 1921 | BT_OCTET16 intermediate_link_key; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1922 | bool ret = true; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1923 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1924 | ret = smp_calculate_h6(p_cb->ltk, (uint8_t *)"1pmt" /* reversed "tmp1" */,intermediate_link_key); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1925 | if (!ret) |
| 1926 | { |
| 1927 | SMP_TRACE_ERROR("%s failed to derive intermediate_link_key", __func__); |
| 1928 | return ret; |
| 1929 | } |
| 1930 | |
| 1931 | BT_OCTET16 link_key; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1932 | ret = smp_calculate_h6(intermediate_link_key, (uint8_t *) "rbel" /* reversed "lebr" */, link_key); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1933 | if (!ret) |
| 1934 | { |
| 1935 | SMP_TRACE_ERROR("%s failed", __func__); |
| 1936 | } |
| 1937 | else |
| 1938 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1939 | uint8_t link_key_type; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1940 | if (btm_cb.security_mode == BTM_SEC_MODE_SC) |
| 1941 | { |
| 1942 | /* Secure Connections Only Mode */ |
| 1943 | link_key_type = BTM_LKEY_TYPE_AUTH_COMB_P_256; |
| 1944 | } |
| 1945 | else if (controller_get_interface()->supports_secure_connections()) |
| 1946 | { |
| 1947 | /* both transports are SC capable */ |
| 1948 | if (p_cb->sec_level == SMP_SEC_AUTHENTICATED) |
| 1949 | link_key_type = BTM_LKEY_TYPE_AUTH_COMB_P_256; |
| 1950 | else |
| 1951 | link_key_type = BTM_LKEY_TYPE_UNAUTH_COMB_P_256; |
| 1952 | } |
| 1953 | else if (btm_cb.security_mode == BTM_SEC_MODE_SP) |
| 1954 | { |
| 1955 | /* BR/EDR transport is SSP capable */ |
| 1956 | if (p_cb->sec_level == SMP_SEC_AUTHENTICATED) |
| 1957 | link_key_type = BTM_LKEY_TYPE_AUTH_COMB; |
| 1958 | else |
| 1959 | link_key_type = BTM_LKEY_TYPE_UNAUTH_COMB; |
| 1960 | } |
| 1961 | else |
| 1962 | { |
| 1963 | SMP_TRACE_ERROR ("%s failed to update link_key. Sec Mode = %d, sm4 = 0x%02x", |
| 1964 | __func__, btm_cb.security_mode, p_dev_rec->sm4); |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1965 | return false; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1966 | } |
| 1967 | |
| 1968 | link_key_type += BTM_LTK_DERIVED_LKEY_OFFSET; |
| 1969 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1970 | uint8_t *p; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1971 | BT_OCTET16 notif_link_key; |
| 1972 | p = notif_link_key; |
| 1973 | ARRAY16_TO_STREAM(p, link_key); |
| 1974 | |
Chaojing Sun | e280553 | 2015-04-22 13:40:21 -0700 | [diff] [blame] | 1975 | btm_sec_link_key_notification (bda_for_lk, notif_link_key, link_key_type); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1976 | |
| 1977 | SMP_TRACE_EVENT ("%s is completed", __func__); |
| 1978 | } |
| 1979 | |
| 1980 | return ret; |
| 1981 | } |
| 1982 | |
| 1983 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 1984 | * |
| 1985 | * Function smp_calculate_long_term_key_from_link_key |
| 1986 | * |
| 1987 | * Description The function calculates and saves SC LTK derived from BR/EDR |
| 1988 | * link key. |
| 1989 | * |
| 1990 | * Returns false if out of resources, true in other cases. |
| 1991 | * |
| 1992 | ******************************************************************************/ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1993 | bool smp_calculate_long_term_key_from_link_key(tSMP_CB *p_cb) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1994 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1995 | bool ret = true; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1996 | tBTM_SEC_DEV_REC *p_dev_rec; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1997 | uint8_t rev_link_key[16]; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 1998 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 1999 | SMP_TRACE_DEBUG ("%s", __func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2000 | |
Marie Janssen | f33b6f4 | 2016-11-22 15:01:42 -0800 | [diff] [blame] | 2001 | p_dev_rec = btm_find_dev(p_cb->pairing_bda); |
| 2002 | if (p_dev_rec == NULL) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2003 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2004 | SMP_TRACE_ERROR("%s failed to find Security Record",__func__); |
| 2005 | return false; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2006 | } |
| 2007 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2008 | uint8_t br_link_key_type; |
Marie Janssen | f33b6f4 | 2016-11-22 15:01:42 -0800 | [diff] [blame] | 2009 | br_link_key_type = BTM_SecGetDeviceLinkKeyType(p_cb->pairing_bda); |
| 2010 | if (br_link_key_type == BTM_LKEY_TYPE_IGNORE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2011 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2012 | SMP_TRACE_ERROR("%s failed to retrieve BR link type",__func__); |
| 2013 | return false; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2014 | } |
| 2015 | |
| 2016 | if ((br_link_key_type != BTM_LKEY_TYPE_AUTH_COMB_P_256) && |
| 2017 | (br_link_key_type != BTM_LKEY_TYPE_UNAUTH_COMB_P_256)) |
| 2018 | { |
| 2019 | SMP_TRACE_ERROR("%s LE SC LTK can't be derived from LK %d", |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2020 | __func__, br_link_key_type); |
| 2021 | return false; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2022 | } |
| 2023 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2024 | uint8_t *p1; |
| 2025 | uint8_t *p2; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2026 | p1 = rev_link_key; |
| 2027 | p2 = p_dev_rec->link_key; |
| 2028 | REVERSE_ARRAY_TO_STREAM(p1, p2, 16); |
| 2029 | |
| 2030 | BT_OCTET16 intermediate_long_term_key; |
| 2031 | /* "tmp2" obtained from the spec */ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2032 | ret = smp_calculate_h6(rev_link_key, (uint8_t *) "2pmt" /* reversed "tmp2" */, |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2033 | intermediate_long_term_key); |
| 2034 | |
| 2035 | if (!ret) |
| 2036 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2037 | SMP_TRACE_ERROR("%s failed to derive intermediate_long_term_key",__func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2038 | return ret; |
| 2039 | } |
| 2040 | |
| 2041 | /* "brle" obtained from the spec */ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2042 | ret = smp_calculate_h6(intermediate_long_term_key, (uint8_t *) "elrb" /* reversed "brle" */, |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2043 | p_cb->ltk); |
| 2044 | |
| 2045 | if (!ret) |
| 2046 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2047 | SMP_TRACE_ERROR("%s failed",__func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2048 | } |
| 2049 | else |
| 2050 | { |
| 2051 | p_cb->sec_level = (br_link_key_type == BTM_LKEY_TYPE_AUTH_COMB_P_256) |
| 2052 | ? SMP_SEC_AUTHENTICATED : SMP_SEC_UNAUTHENTICATE; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2053 | SMP_TRACE_EVENT ("%s is completed",__func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2054 | } |
| 2055 | |
| 2056 | return ret; |
| 2057 | } |
| 2058 | |
| 2059 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 2060 | * |
| 2061 | * Function smp_calculate_h6 |
| 2062 | * |
| 2063 | * Description The function calculates |
| 2064 | * C = h6(W, KeyID) = AES-CMAC (KeyID) |
| 2065 | * W |
| 2066 | * where |
| 2067 | * input: W is 128 bit, |
| 2068 | * KeyId is 32 bit, |
| 2069 | * output: C is 128 bit. |
| 2070 | * |
| 2071 | * Returns false if out of resources, true in other cases. |
| 2072 | * |
| 2073 | * Note The LSB is the first octet, the MSB is the last octet of |
| 2074 | * the AES-CMAC input/output stream. |
| 2075 | * |
| 2076 | ******************************************************************************/ |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2077 | bool smp_calculate_h6(uint8_t *w, uint8_t *keyid, uint8_t *c) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2078 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2079 | #if (SMP_DEBUG == TRUE) |
| 2080 | uint8_t *p_print = NULL; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2081 | #endif |
| 2082 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2083 | SMP_TRACE_DEBUG ("%s",__func__); |
| 2084 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2085 | p_print = w; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2086 | smp_debug_print_nbyte_little_endian (p_print, (const uint8_t *)"W", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2087 | p_print = keyid; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2088 | smp_debug_print_nbyte_little_endian (p_print, (const uint8_t *)"keyID", 4); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2089 | #endif |
| 2090 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2091 | uint8_t *p = NULL; |
| 2092 | uint8_t key[BT_OCTET16_LEN]; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2093 | |
| 2094 | p = key; |
| 2095 | ARRAY_TO_STREAM(p, w, BT_OCTET16_LEN); |
| 2096 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2097 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2098 | p_print = key; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2099 | smp_debug_print_nbyte_little_endian (p_print, (const uint8_t *)"K", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2100 | #endif |
| 2101 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2102 | uint8_t msg_len = 4 /* KeyID size */; |
| 2103 | uint8_t msg[4]; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2104 | |
| 2105 | p = msg; |
| 2106 | ARRAY_TO_STREAM(p, keyid, 4); |
| 2107 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2108 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2109 | p_print = msg; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2110 | smp_debug_print_nbyte_little_endian (p_print,(const uint8_t *) "M", msg_len); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2111 | #endif |
| 2112 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2113 | bool ret = true; |
| 2114 | uint8_t cmac[BT_OCTET16_LEN]; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2115 | if (!aes_cipher_msg_auth_code(key, msg, msg_len, BT_OCTET16_LEN, cmac)) |
| 2116 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2117 | SMP_TRACE_ERROR("%s failed",__func__); |
| 2118 | ret = false; |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2119 | } |
| 2120 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2121 | #if (SMP_DEBUG == TRUE) |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2122 | p_print = cmac; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2123 | smp_debug_print_nbyte_little_endian (p_print, (const uint8_t *)"AES-CMAC", BT_OCTET16_LEN); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2124 | #endif |
| 2125 | |
| 2126 | p = c; |
| 2127 | ARRAY_TO_STREAM(p, cmac, BT_OCTET16_LEN); |
| 2128 | return ret; |
| 2129 | } |
| 2130 | |
| 2131 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 2132 | * |
| 2133 | * Function smp_start_nonce_generation |
| 2134 | * |
| 2135 | * Description This function starts nonce generation. |
| 2136 | * |
| 2137 | * Returns void |
| 2138 | * |
| 2139 | ******************************************************************************/ |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2140 | void smp_start_nonce_generation(tSMP_CB *p_cb) |
| 2141 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2142 | SMP_TRACE_DEBUG("%s", __func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2143 | p_cb->rand_enc_proc_state = SMP_GEN_NONCE_0_7; |
Jakub Pawlowski | b6ab9b3 | 2016-10-10 09:35:13 -0700 | [diff] [blame] | 2144 | btsnd_hcic_ble_rand((void *)smp_rand_back); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2145 | } |
| 2146 | |
| 2147 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 2148 | * |
| 2149 | * Function smp_finish_nonce_generation |
| 2150 | * |
| 2151 | * Description This function finishes nonce generation. |
| 2152 | * |
| 2153 | * Returns void |
| 2154 | * |
| 2155 | ******************************************************************************/ |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2156 | void smp_finish_nonce_generation(tSMP_CB *p_cb) |
| 2157 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2158 | SMP_TRACE_DEBUG("%s", __func__); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2159 | p_cb->rand_enc_proc_state = SMP_GEN_NONCE_8_15; |
Jakub Pawlowski | b6ab9b3 | 2016-10-10 09:35:13 -0700 | [diff] [blame] | 2160 | btsnd_hcic_ble_rand((void *)smp_rand_back); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2161 | } |
| 2162 | |
| 2163 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 2164 | * |
| 2165 | * Function smp_process_new_nonce |
| 2166 | * |
| 2167 | * Description This function notifies SM that it has new nonce. |
| 2168 | * |
| 2169 | * Returns void |
| 2170 | * |
| 2171 | ******************************************************************************/ |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2172 | void smp_process_new_nonce(tSMP_CB *p_cb) |
| 2173 | { |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2174 | SMP_TRACE_DEBUG ("%s round %d", __func__, p_cb->round); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2175 | smp_sm_event(p_cb, SMP_HAVE_LOC_NONCE_EVT, NULL); |
| 2176 | } |
| 2177 | |
| 2178 | /******************************************************************************* |
Myles Watson | ee96a3c | 2016-11-23 14:49:54 -0800 | [diff] [blame^] | 2179 | * |
| 2180 | * Function smp_rand_back |
| 2181 | * |
| 2182 | * Description This function is to process the rand command finished, |
| 2183 | * process the random/encrypted number for further action. |
| 2184 | * |
| 2185 | * Returns void |
| 2186 | * |
| 2187 | ******************************************************************************/ |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 2188 | static void smp_rand_back(tBTM_RAND_ENC *p) |
| 2189 | { |
| 2190 | tSMP_CB *p_cb = &smp_cb; |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2191 | uint8_t *pp = p->param_buf; |
| 2192 | uint8_t failure = SMP_PAIR_FAIL_UNKNOWN; |
| 2193 | uint8_t state = p_cb->rand_enc_proc_state & ~0x80; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 2194 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2195 | SMP_TRACE_DEBUG ("%s state=0x%x", __func__, state); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 2196 | if (p && p->status == HCI_SUCCESS) |
| 2197 | { |
| 2198 | switch (state) |
| 2199 | { |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 2200 | case SMP_GEN_SRAND_MRAND: |
| 2201 | memcpy((void *)p_cb->rand, p->param_buf, p->param_len); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2202 | smp_generate_rand_cont(p_cb, NULL); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 2203 | break; |
| 2204 | |
| 2205 | case SMP_GEN_SRAND_MRAND_CONT: |
| 2206 | memcpy((void *)&p_cb->rand[8], p->param_buf, p->param_len); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2207 | smp_generate_confirm(p_cb, NULL); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 2208 | break; |
| 2209 | |
| 2210 | case SMP_GEN_DIV_LTK: |
| 2211 | STREAM_TO_UINT16(p_cb->div, pp); |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2212 | smp_generate_ltk_cont(p_cb, NULL); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 2213 | break; |
| 2214 | |
| 2215 | case SMP_GEN_DIV_CSRK: |
| 2216 | STREAM_TO_UINT16(p_cb->div, pp); |
| 2217 | smp_compute_csrk(p_cb, NULL); |
| 2218 | break; |
| 2219 | |
| 2220 | case SMP_GEN_TK: |
| 2221 | smp_proc_passkey(p_cb, p); |
| 2222 | break; |
| 2223 | |
| 2224 | case SMP_GEN_RAND_V: |
| 2225 | memcpy(p_cb->enc_rand, p->param_buf, BT_OCTET8_LEN); |
| 2226 | smp_generate_y(p_cb, NULL); |
| 2227 | break; |
| 2228 | |
Satya Calloji | 444a8da | 2015-03-06 10:38:22 -0800 | [diff] [blame] | 2229 | case SMP_GENERATE_PRIVATE_KEY_0_7: |
| 2230 | case SMP_GENERATE_PRIVATE_KEY_8_15: |
| 2231 | case SMP_GENERATE_PRIVATE_KEY_16_23: |
| 2232 | case SMP_GENERATE_PRIVATE_KEY_24_31: |
| 2233 | smp_continue_private_key_creation(p_cb, p); |
| 2234 | break; |
| 2235 | |
| 2236 | case SMP_GEN_NONCE_0_7: |
| 2237 | memcpy((void *)p_cb->rand, p->param_buf, p->param_len); |
| 2238 | smp_finish_nonce_generation(p_cb); |
| 2239 | break; |
| 2240 | |
| 2241 | case SMP_GEN_NONCE_8_15: |
| 2242 | memcpy((void *)&p_cb->rand[8], p->param_buf, p->param_len); |
| 2243 | smp_process_new_nonce(p_cb); |
| 2244 | break; |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 2245 | } |
| 2246 | |
| 2247 | return; |
| 2248 | } |
| 2249 | |
Marie Janssen | d19e078 | 2016-07-15 12:48:27 -0700 | [diff] [blame] | 2250 | SMP_TRACE_ERROR("%s key generation failed: (%d)", __func__, p_cb->rand_enc_proc_state); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 2251 | smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &failure); |
The Android Open Source Project | 5738f83 | 2012-12-12 16:00:35 -0800 | [diff] [blame] | 2252 | } |