btm_ble.c revision 306bddadeec993013cfed6bf0e41a1a47a69367c
1/****************************************************************************** 2 * 3 * Copyright (C) 1999-2012 Broadcom Corporation 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19/****************************************************************************** 20 * 21 * This file contains functions for BLE device control utilities, and LE 22 * security functions. 23 * 24 ******************************************************************************/ 25 26#include <string.h> 27 28#include "bt_types.h" 29#include "hcimsgs.h" 30#include "btu.h" 31#include "btm_int.h" 32#include "btm_ble_api.h" 33#include "smp_api.h" 34#include "l2c_int.h" 35#include "gap_api.h" 36 37#if SMP_INCLUDED == TRUE 38extern BOOLEAN AES_CMAC ( BT_OCTET16 key, UINT8 *input, UINT16 length, UINT16 tlen, UINT8 *p_signature); 39extern void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable); 40extern BOOLEAN smp_proc_ltk_request(BD_ADDR bda); 41#endif 42extern void gatt_notify_enc_cmpl(BD_ADDR bd_addr); 43 44/*******************************************************************************/ 45/* External Function to be called by other modules */ 46/*******************************************************************************/ 47/******************************************************** 48** 49** Function BTM_SecAddBleDevice 50** 51** Description Add/modify device. This function will be normally called 52** during host startup to restore all required information 53** for a LE device stored in the NVRAM. 54** 55** Parameters: bd_addr - BD address of the peer 56** bd_name - Name of the peer device. NULL if unknown. 57** dev_type - Remote device's device type. 58** addr_type - LE device address type. 59** 60** Returns TRUE if added OK, else FALSE 61** 62*******************************************************************************/ 63BOOLEAN BTM_SecAddBleDevice (BD_ADDR bd_addr, BD_NAME bd_name, tBT_DEVICE_TYPE dev_type, 64 tBLE_ADDR_TYPE addr_type) 65{ 66#if BLE_INCLUDED == TRUE 67 tBTM_SEC_DEV_REC *p_dev_rec; 68 UINT8 i = 0; 69 tBTM_INQ_INFO *p_info=NULL; 70 71 BTM_TRACE_DEBUG1 ("BTM_SecAddBleDevice dev_type=0x%x", dev_type); 72 p_dev_rec = btm_find_dev (bd_addr); 73 74 if (!p_dev_rec) 75 { 76 BTM_TRACE_DEBUG0("Add a new device"); 77 78 /* There is no device record, allocate one. 79 * If we can not find an empty spot for this one, let it fail. */ 80 for (i = 0; i < BTM_SEC_MAX_DEVICE_RECORDS; i++) 81 { 82 if (!(btm_cb.sec_dev_rec[i].sec_flags & BTM_SEC_IN_USE)) 83 { 84 BTM_TRACE_DEBUG1 ("allocate a new dev rec idx=0x%x ", i ); 85 p_dev_rec = &btm_cb.sec_dev_rec[i]; 86 87 /* Mark this record as in use and initialize */ 88 memset (p_dev_rec, 0, sizeof (tBTM_SEC_DEV_REC)); 89 p_dev_rec->sec_flags = BTM_SEC_IN_USE; 90 memcpy (p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN); 91 p_dev_rec->hci_handle = BTM_GetHCIConnHandle (bd_addr); 92 93 /* update conn params, use default value for background connection params */ 94 p_dev_rec->conn_params.min_conn_int = 95 p_dev_rec->conn_params.max_conn_int = 96 p_dev_rec->conn_params.supervision_tout = 97 p_dev_rec->conn_params.slave_latency = BTM_BLE_CONN_PARAM_UNDEF; 98 99 BTM_TRACE_DEBUG1 ("hci_handl=0x%x ", p_dev_rec->hci_handle ); 100 break; 101 } 102 } 103 104 if (!p_dev_rec) 105 return(FALSE); 106 } 107 else 108 { 109 BTM_TRACE_DEBUG0("Device already exist"); 110 } 111 112 memset(p_dev_rec->sec_bd_name, 0, sizeof(tBTM_BD_NAME)); 113 114 if (bd_name && bd_name[0]) 115 { 116 p_dev_rec->sec_flags |= BTM_SEC_NAME_KNOWN; 117 BCM_STRNCPY_S ((char *)p_dev_rec->sec_bd_name, sizeof (p_dev_rec->sec_bd_name), 118 (char *)bd_name, BTM_MAX_REM_BD_NAME_LEN); 119 } 120 p_dev_rec->device_type = dev_type; 121 p_dev_rec->ble.ble_addr_type = addr_type; 122 BTM_TRACE_DEBUG3 ("p_dev_rec->device_type =0x%x addr_type=0x%x sec_flags=0x%x", 123 dev_type, addr_type, p_dev_rec->sec_flags); 124 125 /* sync up with the Inq Data base*/ 126 p_info = BTM_InqDbRead(bd_addr); 127 if (p_info) 128 { 129 p_info->results.ble_addr_type = p_dev_rec->ble.ble_addr_type ; 130 p_info->results.device_type = p_dev_rec->device_type; 131 BTM_TRACE_DEBUG2 ("InqDb device_type =0x%x addr_type=0x%x", 132 p_info->results.device_type, p_info->results.ble_addr_type); 133 } 134 135#endif 136 return(TRUE); 137} 138 139/******************************************************************************* 140** 141** Function BTM_SecAddBleKey 142** 143** Description Add/modify LE device information. This function will be 144** normally called during host startup to restore all required 145** information stored in the NVRAM. 146** 147** Parameters: bd_addr - BD address of the peer 148** p_le_key - LE key values. 149** key_type - LE SMP key type. 150* 151** Returns TRUE if added OK, else FALSE 152** 153*******************************************************************************/ 154BOOLEAN BTM_SecAddBleKey (BD_ADDR bd_addr, tBTM_LE_KEY_VALUE *p_le_key, tBTM_LE_KEY_TYPE key_type) 155{ 156#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) 157 tBTM_SEC_DEV_REC *p_dev_rec; 158 BTM_TRACE_DEBUG0 ("BTM_SecAddBleKey"); 159 p_dev_rec = btm_find_dev (bd_addr); 160 if (!p_dev_rec || !p_le_key || 161 (key_type != BTM_LE_KEY_PENC && key_type != BTM_LE_KEY_PID && 162 key_type != BTM_LE_KEY_PCSRK && key_type != BTM_LE_KEY_LENC && 163 key_type != BTM_LE_KEY_LCSRK)) 164 { 165 BTM_TRACE_WARNING3 ("BTM_SecAddBleKey() Wrong Type, or No Device record \ 166 for bdaddr: %08x%04x, Type: %d", 167 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3], 168 (bd_addr[4]<<8)+bd_addr[5], key_type); 169 return(FALSE); 170 } 171 172 BTM_TRACE_DEBUG3 ("BTM_SecAddLeKey() BDA: %08x%04x, Type: 0x%02x", 173 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3], 174 (bd_addr[4]<<8)+bd_addr[5], key_type); 175 176 if (key_type == BTM_LE_KEY_PENC || key_type == BTM_LE_KEY_PID || 177 key_type == BTM_LE_KEY_PCSRK || key_type == BTM_LE_KEY_LENC || 178 key_type == BTM_LE_KEY_LCSRK) 179 { 180 btm_sec_save_le_key (bd_addr, key_type, p_le_key, FALSE); 181 } 182 183#endif 184 185 return(TRUE); 186} 187 188/******************************************************************************* 189** 190** Function BTM_BleLoadLocalKeys 191** 192** Description Local local identity key, encryption root or sign counter. 193** 194** Parameters: key_type: type of key, can be BTM_BLE_KEY_TYPE_ID, BTM_BLE_KEY_TYPE_ER 195** or BTM_BLE_KEY_TYPE_COUNTER. 196** p_key: pointer to the key. 197* 198** Returns non2. 199** 200*******************************************************************************/ 201void BTM_BleLoadLocalKeys(UINT8 key_type, tBTM_BLE_LOCAL_KEYS *p_key) 202{ 203#if BLE_INCLUDED == TRUE 204 tBTM_DEVCB *p_devcb = &btm_cb.devcb; 205 BTM_TRACE_DEBUG0 ("BTM_BleLoadLocalKeys"); 206 if (p_key != NULL) 207 { 208 switch (key_type) 209 { 210 case BTM_BLE_KEY_TYPE_ID: 211 memcpy(&p_devcb->id_keys, &p_key->id_keys, sizeof(tBTM_BLE_LOCAL_ID_KEYS)); 212 break; 213 214 case BTM_BLE_KEY_TYPE_ER: 215 memcpy(p_devcb->er, p_key->er, sizeof(BT_OCTET16)); 216 break; 217 218 default: 219 BTM_TRACE_ERROR1("unknow local key type: %d", key_type); 220 break; 221 } 222 } 223#endif 224} 225 226/******************************************************************************* 227** 228** Function BTM_GetDeviceEncRoot 229** 230** Description This function is called to read the local device encryption 231** root. 232** 233** Returns void 234** the local device ER is copied into er 235** 236*******************************************************************************/ 237void BTM_GetDeviceEncRoot (BT_OCTET16 er) 238{ 239 BTM_TRACE_DEBUG0 ("BTM_GetDeviceEncRoot"); 240 241#if BLE_INCLUDED == TRUE 242 memcpy (er, btm_cb.devcb.er, BT_OCTET16_LEN); 243#endif 244} 245 246/******************************************************************************* 247** 248** Function BTM_GetDeviceIDRoot 249** 250** Description This function is called to read the local device identity 251** root. 252** 253** Returns void 254** the local device IR is copied into irk 255** 256*******************************************************************************/ 257void BTM_GetDeviceIDRoot (BT_OCTET16 irk) 258{ 259 BTM_TRACE_DEBUG0 ("BTM_GetDeviceIDRoot "); 260 261#if BLE_INCLUDED == TRUE 262 memcpy (irk, btm_cb.devcb.id_keys.irk, BT_OCTET16_LEN); 263#endif 264} 265 266/******************************************************************************* 267** 268** Function BTM_GetDeviceDHK 269** 270** Description This function is called to read the local device DHK. 271** 272** Returns void 273** the local device DHK is copied into dhk 274** 275*******************************************************************************/ 276void BTM_GetDeviceDHK (BT_OCTET16 dhk) 277{ 278#if BLE_INCLUDED == TRUE 279 BTM_TRACE_DEBUG0 ("BTM_GetDeviceDHK"); 280 memcpy (dhk, btm_cb.devcb.id_keys.dhk, BT_OCTET16_LEN); 281#endif 282} 283 284/******************************************************************************* 285** 286** Function BTM_ReadConnectionAddr 287** 288** Description This function is called to get the local device address information 289** . 290** 291** Returns void 292** 293*******************************************************************************/ 294void BTM_ReadConnectionAddr (BD_ADDR remote_bda, BD_ADDR local_conn_addr, tBLE_ADDR_TYPE *p_addr_type) 295{ 296#if BLE_INCLUDED == TRUE 297 tACL_CONN *p_acl = btm_bda_to_acl(remote_bda); 298 299 if (p_acl == NULL) 300 { 301 BTM_TRACE_ERROR0("No connection exist!"); 302 return; 303 } 304 memcpy(local_conn_addr, p_acl->conn_addr, BD_ADDR_LEN); 305 * p_addr_type = p_acl->conn_addr_type; 306 307 BTM_TRACE_DEBUG2 ("BTM_ReadConnectionAddr address type: %d addr: 0x%02x", 308 p_acl->conn_addr_type, p_acl->conn_addr[0]); 309 310#endif 311} 312/******************************************************************************* 313** 314** Function BTM_IsBleConnection 315** 316** Description This function is called to check if the connection handle 317** for an LE link 318** 319** Returns TRUE if connection is LE link, otherwise FALSE. 320** 321*******************************************************************************/ 322BOOLEAN BTM_IsBleConnection (UINT16 conn_handle) 323{ 324#if (BLE_INCLUDED == TRUE) 325 UINT8 xx; 326 tACL_CONN *p; 327 328 BTM_TRACE_API1 ("BTM_IsBleConnection: conn_handle: %d", conn_handle); 329 330 xx = btm_handle_to_acl_index (conn_handle); 331 if (xx >= MAX_L2CAP_LINKS) 332 return FALSE; 333 334 p = &btm_cb.acl_db[xx]; 335 336 return(p->is_le_link); 337#else 338 return FALSE; 339#endif 340} 341 342/******************************************************************************* 343** 344** Function BTM_ReadRemoteConnectionAddr 345** 346** Description This function is read the remote device address currently used 347** . 348** 349** Returns void 350** 351*******************************************************************************/ 352BOOLEAN BTM_ReadRemoteConnectionAddr(BD_ADDR pseudo_addr, BD_ADDR conn_addr, tBLE_ADDR_TYPE *p_addr_type) 353{ 354 BOOLEAN st = TRUE; 355#if BLE_INCLUDED == TRUE 356 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(pseudo_addr); 357 358 memcpy(conn_addr, pseudo_addr, BD_ADDR_LEN); 359 if (p_dev_rec != NULL) 360 { 361 *p_addr_type = p_dev_rec->ble.ble_addr_type; 362 } 363#endif 364 return st; 365} 366/******************************************************************************* 367** 368** Function BTM_SecurityGrant 369** 370** Description This function is called to grant security process. 371** 372** Parameters bd_addr - peer device bd address. 373** res - result of the operation BTM_SUCCESS if success. 374** Otherwise, BTM_REPEATED_ATTEMPTS is too many attempts. 375** 376** Returns None 377** 378*******************************************************************************/ 379void BTM_SecurityGrant(BD_ADDR bd_addr, UINT8 res) 380{ 381#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) 382 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_REPEATED_ATTEMPTS; 383 BTM_TRACE_DEBUG0 ("BTM_SecurityGrant"); 384 SMP_SecurityGrant(bd_addr, res_smp); 385#endif 386} 387 388/******************************************************************************* 389** 390** Function BTM_BlePasskeyReply 391** 392** Description This function is called after Security Manager submitted 393** passkey request to the application. 394** 395** Parameters: bd_addr - Address of the device for which passkey was requested 396** res - result of the operation BTM_SUCCESS if success 397** key_len - length in bytes of the Passkey 398** p_passkey - pointer to array with the passkey 399** trusted_mask - bitwise OR of trusted services (array of UINT32) 400** 401*******************************************************************************/ 402void BTM_BlePasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey) 403{ 404#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) 405 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 406 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_PASSKEY_ENTRY_FAIL; 407 408 if (p_dev_rec == NULL) 409 { 410 BTM_TRACE_ERROR0("Passkey reply to Unknown device"); 411 return; 412 } 413 414 p_dev_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED; 415 BTM_TRACE_DEBUG0 ("BTM_BlePasskeyReply"); 416 SMP_PasskeyReply(bd_addr, res_smp, passkey); 417#endif 418} 419 420/******************************************************************************* 421** 422** Function BTM_BleOobDataReply 423** 424** Description This function is called to provide the OOB data for 425** SMP in response to BTM_LE_OOB_REQ_EVT 426** 427** Parameters: bd_addr - Address of the peer device 428** res - result of the operation SMP_SUCCESS if success 429** p_data - simple pairing Randomizer C. 430** 431*******************************************************************************/ 432void BTM_BleOobDataReply(BD_ADDR bd_addr, UINT8 res, UINT8 len, UINT8 *p_data) 433{ 434#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) 435 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_OOB_FAIL; 436 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 437 438 BTM_TRACE_DEBUG0 ("BTM_BleOobDataReply"); 439 440 if (p_dev_rec == NULL) 441 { 442 BTM_TRACE_ERROR0("BTM_BleOobDataReply() to Unknown device"); 443 return; 444 } 445 446 p_dev_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED; 447 SMP_OobDataReply(bd_addr, res_smp, len, p_data); 448#endif 449} 450 451/****************************************************************************** 452** 453** Function BTM_BleSetConnScanParams 454** 455** Description Set scan parameter used in BLE connection request 456** 457** Parameters: scan_interval: scan interval 458** scan_window: scan window 459** 460** Returns void 461** 462*******************************************************************************/ 463void BTM_BleSetConnScanParams (UINT16 scan_interval, UINT16 scan_window) 464{ 465#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) 466 tBTM_BLE_CB *p_ble_cb = &btm_cb.ble_ctr_cb; 467 BOOLEAN new_param = FALSE; 468 469 if (BTM_BLE_VALID_PRAM(scan_interval, BTM_BLE_SCAN_INT_MIN, BTM_BLE_SCAN_INT_MAX) && 470 BTM_BLE_VALID_PRAM(scan_window, BTM_BLE_SCAN_WIN_MIN, BTM_BLE_SCAN_WIN_MAX)) 471 { 472 btu_stop_timer(&p_ble_cb->scan_param_idle_timer); 473 474 if (p_ble_cb->scan_int != scan_interval) 475 { 476 p_ble_cb->scan_int = scan_interval; 477 new_param = TRUE; 478 } 479 480 if (p_ble_cb->scan_win != scan_window) 481 { 482 p_ble_cb->scan_win = scan_window; 483 new_param = TRUE; 484 } 485 486 if (new_param && p_ble_cb->conn_state == BLE_BG_CONN) 487 { 488 btm_ble_suspend_bg_conn(); 489 } 490 } 491 else 492 { 493 BTM_TRACE_ERROR0("Illegal Connection Scan Parameters"); 494 } 495#endif 496} 497 498/******************************************************** 499** 500** Function BTM_BleSetPrefConnParams 501** 502** Description Set a peripheral's preferred connection parameters 503** 504** Parameters: bd_addr - BD address of the peripheral 505** scan_interval: scan interval 506** scan_window: scan window 507** min_conn_int - minimum preferred connection interval 508** max_conn_int - maximum preferred connection interval 509** slave_latency - preferred slave latency 510** supervision_tout - preferred supervision timeout 511** 512** Returns void 513** 514*******************************************************************************/ 515void BTM_BleSetPrefConnParams (BD_ADDR bd_addr, 516 UINT16 min_conn_int, UINT16 max_conn_int, 517 UINT16 slave_latency, UINT16 supervision_tout) 518{ 519#if BLE_INCLUDED == TRUE 520 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 521 522 BTM_TRACE_API4 ("BTM_BleSetPrefConnParams min: %u max: %u latency: %u \ 523 tout: %u", 524 min_conn_int, max_conn_int, slave_latency, supervision_tout); 525 526 if (BTM_BLE_VALID_PRAM(min_conn_int, BTM_BLE_CONN_INT_MIN, BTM_BLE_CONN_INT_MAX) && 527 BTM_BLE_VALID_PRAM(max_conn_int, BTM_BLE_CONN_INT_MIN, BTM_BLE_CONN_INT_MAX) && 528 BTM_BLE_VALID_PRAM(supervision_tout, BTM_BLE_CONN_SUP_TOUT_MIN, BTM_BLE_CONN_SUP_TOUT_MAX) && 529 (slave_latency <= BTM_BLE_CONN_LATENCY_MAX || slave_latency == BTM_BLE_CONN_PARAM_UNDEF)) 530 { 531 if (p_dev_rec) 532 { 533 /* expect conn int and stout and slave latency to be updated all together */ 534 if (min_conn_int != BTM_BLE_CONN_PARAM_UNDEF || max_conn_int != BTM_BLE_CONN_PARAM_UNDEF) 535 { 536 if (min_conn_int != BTM_BLE_CONN_PARAM_UNDEF) 537 p_dev_rec->conn_params.min_conn_int = min_conn_int; 538 else 539 p_dev_rec->conn_params.min_conn_int = max_conn_int; 540 541 if (max_conn_int != BTM_BLE_CONN_PARAM_UNDEF) 542 p_dev_rec->conn_params.max_conn_int = max_conn_int; 543 else 544 p_dev_rec->conn_params.max_conn_int = min_conn_int; 545 546 if (slave_latency != BTM_BLE_CONN_PARAM_UNDEF) 547 p_dev_rec->conn_params.slave_latency = slave_latency; 548 else 549 p_dev_rec->conn_params.slave_latency = BTM_BLE_CONN_SLAVE_LATENCY_DEF; 550 551 if (supervision_tout != BTM_BLE_CONN_PARAM_UNDEF) 552 p_dev_rec->conn_params.supervision_tout = supervision_tout; 553 else 554 p_dev_rec->conn_params.slave_latency = BTM_BLE_CONN_TIMEOUT_DEF; 555 556 } 557 558 } 559 else 560 { 561 BTM_TRACE_ERROR0("Unknown Device, setting rejected"); 562 } 563 } 564 else 565 { 566 BTM_TRACE_ERROR0("Illegal Connection Parameters"); 567 } 568#endif /* BLE_INCLUDED */ 569} 570 571/******************************************************************************* 572** 573** Function BTM_ReadDevInfo 574** 575** Description This function is called to read the device/address type 576** of BD address. 577** 578** Parameter remote_bda: remote device address 579** p_dev_type: output parameter to read the device type. 580** p_addr_type: output parameter to read the address type. 581** 582*******************************************************************************/ 583void BTM_ReadDevInfo (BD_ADDR remote_bda, tBT_DEVICE_TYPE *p_dev_type, tBLE_ADDR_TYPE *p_addr_type) 584{ 585#if BLE_INCLUDED == TRUE 586 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (remote_bda); 587 tBTM_INQ_INFO *p_inq_info = BTM_InqDbRead(remote_bda); 588 589 *p_dev_type = BT_DEVICE_TYPE_BREDR; 590 *p_addr_type = BLE_ADDR_PUBLIC; 591 592 if (!p_dev_rec) 593 { 594 /* Check with the BT manager if details about remote device are known */ 595 if (p_inq_info != NULL) 596 { 597 *p_dev_type = p_inq_info->results.device_type ; 598 *p_addr_type = p_inq_info->results.ble_addr_type; 599 } else { 600 /* unknown device, assume BR/EDR */ 601 BTM_TRACE_DEBUG0 ("btm_find_dev_type - unknown device, BR/EDR assumed"); 602 } 603 } 604 else /* there is a security device record exisitng */ 605 { 606 /* new inquiry result, overwrite device type in security device record */ 607 if (p_inq_info) 608 { 609 p_dev_rec->device_type = p_inq_info->results.device_type; 610 p_dev_rec->ble.ble_addr_type = p_inq_info->results.ble_addr_type; 611 } 612 *p_dev_type = p_dev_rec->device_type; 613 *p_addr_type = p_dev_rec->ble.ble_addr_type; 614 615 } 616 617 BTM_TRACE_DEBUG2 ("btm_find_dev_type - device_type = %d addr_type = %d", *p_dev_type , *p_addr_type); 618#endif 619 620 return; 621} 622 623#if BLE_INCLUDED == TRUE 624 625/******************************************************************************* 626** 627** Function BTM_BleReceiverTest 628** 629** Description This function is called to start the LE Receiver test 630** 631** Parameter rx_freq - Frequency Range 632** p_cmd_cmpl_cback - Command Complete callback 633** 634*******************************************************************************/ 635void BTM_BleReceiverTest(UINT8 rx_freq, tBTM_CMPL_CB *p_cmd_cmpl_cback) 636{ 637 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback; 638 639 if (btsnd_hcic_ble_receiver_test(rx_freq) == FALSE) 640 { 641 BTM_TRACE_ERROR1("%s: Unable to Trigger LE receiver test", __FUNCTION__); 642 } 643} 644 645/******************************************************************************* 646** 647** Function BTM_BleTransmitterTest 648** 649** Description This function is called to start the LE Transmitter test 650** 651** Parameter tx_freq - Frequency Range 652** test_data_len - Length in bytes of payload data in each packet 653** packet_payload - Pattern to use in the payload 654** p_cmd_cmpl_cback - Command Complete callback 655** 656*******************************************************************************/ 657void BTM_BleTransmitterTest(UINT8 tx_freq, UINT8 test_data_len, 658 UINT8 packet_payload, tBTM_CMPL_CB *p_cmd_cmpl_cback) 659{ 660 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback; 661 if (btsnd_hcic_ble_transmitter_test(tx_freq, test_data_len, packet_payload) == FALSE) 662 { 663 BTM_TRACE_ERROR1("%s: Unable to Trigger LE transmitter test", __FUNCTION__); 664 } 665} 666 667/******************************************************************************* 668** 669** Function BTM_BleTestEnd 670** 671** Description This function is called to stop the in-progress TX or RX test 672** 673** Parameter p_cmd_cmpl_cback - Command complete callback 674** 675*******************************************************************************/ 676void BTM_BleTestEnd(tBTM_CMPL_CB *p_cmd_cmpl_cback) 677{ 678 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback; 679 680 if (btsnd_hcic_ble_test_end() == FALSE) 681 { 682 BTM_TRACE_ERROR1("%s: Unable to End the LE TX/RX test", __FUNCTION__); 683 } 684} 685 686#endif 687 688/******************************************************************************* 689** Internal Functions 690*******************************************************************************/ 691#if BLE_INCLUDED == TRUE 692 693void btm_ble_test_command_complete(UINT8 *p) 694{ 695 tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_le_test_cmd_cmpl_cb; 696 UINT8 status; 697 698 btm_cb.devcb.p_le_test_cmd_cmpl_cb = NULL; 699 700 if (p_cb) 701 { 702 (*p_cb)(p); 703 } 704} 705 706/******************************************************************************* 707** 708** Function BTM_IsBleLink 709** 710** Description This function is to check the link type is BLE or BR/EDR. 711** 712** Returns TRUE if BLE link; FALSE if BR/EDR. 713** 714*******************************************************************************/ 715BOOLEAN BTM_IsBleLink (BD_ADDR bd_addr) 716{ 717#if (BLE_INCLUDED == TRUE) 718 tACL_CONN *p; 719 BTM_TRACE_DEBUG0 ("BTM_IsBleLink"); 720 if ((p = btm_bda_to_acl(bd_addr)) != NULL) 721 return p->is_le_link; 722 else 723#endif 724 return FALSE; 725} 726/******************************************************************************* 727** 728** Function BTM_UseLeLink 729** 730** Description This function is to select the underneath physical link to use. 731** 732** Returns TRUE to use LE, FALSE use BR/EDR. 733** 734*******************************************************************************/ 735BOOLEAN BTM_UseLeLink (BD_ADDR bd_addr) 736{ 737 tACL_CONN *p; 738 tBT_DEVICE_TYPE dev_type; 739 tBLE_ADDR_TYPE addr_type; 740 BOOLEAN use_le = FALSE; 741 742 if ((p = btm_bda_to_acl(bd_addr)) != NULL) 743 { 744#if (BLE_INCLUDED == TRUE) 745 use_le = (p->is_le_link); 746#endif 747 } 748 else 749 { 750 BTM_ReadDevInfo(bd_addr, &dev_type, &addr_type); 751 use_le = (dev_type == BT_DEVICE_TYPE_BLE); 752 } 753 return use_le; 754} 755/******************************************************************************* 756** 757** Function btm_ble_rand_enc_complete 758** 759** Description This function is the callback functions for HCI_Rand command 760** and HCI_Encrypt command is completed. 761** This message is received from the HCI. 762** 763** Returns void 764** 765*******************************************************************************/ 766void btm_ble_rand_enc_complete (UINT8 *p, UINT16 op_code, tBTM_RAND_ENC_CB *p_enc_cplt_cback) 767{ 768 tBTM_RAND_ENC params; 769 UINT8 *p_dest = params.param_buf; 770 771 BTM_TRACE_DEBUG0 ("btm_ble_rand_enc_complete"); 772 773 memset(¶ms, 0, sizeof(tBTM_RAND_ENC)); 774 775 /* If there was a callback address for vcs complete, call it */ 776 if (p_enc_cplt_cback && p) 777 { 778 /* Pass paramters to the callback function */ 779 STREAM_TO_UINT8(params.status, p); /* command status */ 780 781 if (params.status == HCI_SUCCESS) 782 { 783 params.opcode = op_code; 784 785 if (op_code == HCI_BLE_RAND) 786 params.param_len = BT_OCTET8_LEN; 787 else 788 params.param_len = BT_OCTET16_LEN; 789 790 memcpy(p_dest, p, params.param_len); /* Fetch return info from HCI event message */ 791 } 792 if (p_enc_cplt_cback) 793 (*p_enc_cplt_cback)(¶ms); /* Call the Encryption complete callback function */ 794 } 795} 796 797 798 #if (SMP_INCLUDED == TRUE) 799 800/******************************************************************************* 801** 802** Function btm_ble_get_enc_key_type 803** 804** Description This function is to increment local sign counter 805** Returns None 806** 807*******************************************************************************/ 808void btm_ble_increment_sign_ctr(BD_ADDR bd_addr, BOOLEAN is_local ) 809{ 810 tBTM_SEC_DEV_REC *p_dev_rec; 811 812 BTM_TRACE_DEBUG1 ("btm_ble_increment_sign_ctr is_local=%d", is_local); 813 814 if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL) 815 { 816 if (is_local) 817 p_dev_rec->ble.keys.local_counter++; 818 else 819 p_dev_rec->ble.keys.counter++; 820 BTM_TRACE_DEBUG3 ("is_local=%d local sign counter=%d peer sign counter=%d", 821 is_local, 822 p_dev_rec->ble.keys.local_counter, 823 p_dev_rec->ble.keys.counter); 824 } 825} 826 827/******************************************************************************* 828** 829** Function btm_ble_get_enc_key_type 830** 831** Description This function is to get the BLE key type that has been exchanged 832** in betweem local device and peer device. 833** 834** Returns p_key_type: output parameter to carry the key type value. 835** 836*******************************************************************************/ 837BOOLEAN btm_ble_get_enc_key_type(BD_ADDR bd_addr, UINT8 *p_key_types) 838{ 839 tBTM_SEC_DEV_REC *p_dev_rec; 840 841 BTM_TRACE_DEBUG0 ("btm_ble_get_enc_key_type"); 842 843 if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL) 844 { 845 *p_key_types = p_dev_rec->ble.key_type; 846 return TRUE; 847 } 848 return FALSE; 849} 850 851/******************************************************************************* 852** 853** Function btm_get_local_div 854** 855** Description This function is called to read the local DIV 856** 857** Returns TURE - if a valid DIV is availavle 858*******************************************************************************/ 859BOOLEAN btm_get_local_div (BD_ADDR bd_addr, UINT16 *p_div) 860{ 861 tBTM_SEC_DEV_REC *p_dev_rec; 862 BOOLEAN status = FALSE; 863 BTM_TRACE_DEBUG0 ("btm_get_local_div"); 864 865 BTM_TRACE_DEBUG6("bd_addr:%02x-%02x-%02x-%02x-%02x-%02x", 866 bd_addr[0],bd_addr[1], 867 bd_addr[2],bd_addr[3], 868 bd_addr[4],bd_addr[5]); 869 870 p_dev_rec = btm_find_dev (bd_addr); 871 872 if (p_dev_rec && p_dev_rec->ble.keys.div) 873 { 874 status = TRUE; 875 *p_div = p_dev_rec->ble.keys.div; 876 } 877 BTM_TRACE_DEBUG2 ("btm_get_local_div status=%d (1-OK) DIV=0x%x", status, *p_div); 878 return status; 879} 880 881/******************************************************************************* 882** 883** Function btm_sec_save_le_key 884** 885** Description This function is called by the SMP to update 886** an BLE key. SMP is internal, whereas all the keys shall 887** be sent to the application. The function is also called 888** when application passes ble key stored in NVRAM to the btm_sec. 889** pass_to_application parameter is false in this case. 890** 891** Returns void 892** 893*******************************************************************************/ 894void btm_sec_save_le_key(BD_ADDR bd_addr, tBTM_LE_KEY_TYPE key_type, tBTM_LE_KEY_VALUE *p_keys, 895 BOOLEAN pass_to_application) 896{ 897 tBTM_SEC_DEV_REC *p_rec; 898 tBTM_LE_EVT_DATA cb_data; 899 UINT8 i; 900 901 BTM_TRACE_DEBUG2 ("btm_sec_save_le_key key_type=0x%x pass_to_application=%d",key_type, pass_to_application); 902 /* Store the updated key in the device database */ 903 904 BTM_TRACE_DEBUG6("bd_addr:%02x-%02x-%02x-%02x-%02x-%02x", 905 bd_addr[0],bd_addr[1], 906 bd_addr[2],bd_addr[3], 907 bd_addr[4],bd_addr[5]); 908 909 if ((p_rec = btm_find_dev (bd_addr)) != NULL && p_keys) 910 { 911 switch (key_type) 912 { 913 case BTM_LE_KEY_PENC: 914 memcpy(p_rec->ble.keys.ltk, p_keys->penc_key.ltk, BT_OCTET16_LEN); 915 memcpy(p_rec->ble.keys.rand, p_keys->penc_key.rand, BT_OCTET8_LEN); 916 p_rec->ble.keys.sec_level = p_keys->penc_key.sec_level; 917 p_rec->ble.keys.ediv = p_keys->penc_key.ediv; 918 p_rec->ble.keys.key_size = p_keys->penc_key.key_size; 919 p_rec->ble.key_type |= BTM_LE_KEY_PENC; 920 p_rec->sec_flags |= BTM_SEC_LINK_KEY_KNOWN; 921 if (p_keys->penc_key.sec_level == SMP_SEC_AUTHENTICATED) 922 p_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED; 923 else 924 p_rec->sec_flags &= ~BTM_SEC_LINK_KEY_AUTHED; 925 BTM_TRACE_DEBUG3("BTM_LE_KEY_PENC key_type=0x%x sec_flags=0x%x sec_leve=0x%x", 926 p_rec->ble.key_type, 927 p_rec->sec_flags, 928 p_rec->ble.keys.sec_level); 929 break; 930 931 case BTM_LE_KEY_PID: 932 for (i=0; i<BT_OCTET16_LEN; i++) 933 { 934 p_rec->ble.keys.irk[i] = p_keys->pid_key.irk[i]; 935 } 936 937 //memcpy( p_rec->ble.keys.irk, p_keys->pid_key, BT_OCTET16_LEN); todo will crash the system 938 memcpy(p_rec->ble.static_addr, p_keys->pid_key.static_addr, BD_ADDR_LEN); 939 p_rec->ble.static_addr_type = p_keys->pid_key.addr_type; 940 p_rec->ble.key_type |= BTM_LE_KEY_PID; 941 BTM_TRACE_DEBUG1("BTM_LE_KEY_PID key_type=0x%x save peer IRK", p_rec->ble.key_type); 942 break; 943 944 case BTM_LE_KEY_PCSRK: 945 memcpy(p_rec->ble.keys.csrk, p_keys->pcsrk_key.csrk, BT_OCTET16_LEN); 946 p_rec->ble.keys.srk_sec_level = p_keys->pcsrk_key.sec_level; 947 p_rec->ble.keys.counter = p_keys->pcsrk_key.counter; 948 p_rec->ble.key_type |= BTM_LE_KEY_PCSRK; 949 p_rec->sec_flags |= BTM_SEC_LINK_KEY_KNOWN; 950 if ( p_keys->pcsrk_key.sec_level== SMP_SEC_AUTHENTICATED) 951 p_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED; 952 else 953 p_rec->sec_flags &= ~BTM_SEC_LINK_KEY_AUTHED; 954 955 BTM_TRACE_DEBUG4("BTM_LE_KEY_PCSRK key_type=0x%x sec_flags=0x%x sec_level=0x%x peer_counter=%d", 956 p_rec->ble.key_type, 957 p_rec->sec_flags, 958 p_rec->ble.keys.srk_sec_level, 959 p_rec->ble.keys.counter ); 960 break; 961 962 case BTM_LE_KEY_LENC: 963 p_rec->ble.keys.div = p_keys->lenc_key.div; /* update DIV */ 964 p_rec->ble.keys.sec_level = p_keys->lenc_key.sec_level; 965 p_rec->ble.keys.key_size = p_keys->lenc_key.key_size; 966 p_rec->ble.key_type |= BTM_LE_KEY_LENC; 967 968 BTM_TRACE_DEBUG4("BTM_LE_KEY_LENC key_type=0x%x DIV=0x%x key_size=0x%x sec_level=0x%x", 969 p_rec->ble.key_type, 970 p_rec->ble.keys.div, 971 p_rec->ble.keys.key_size, 972 p_rec->ble.keys.sec_level ); 973 break; 974 975 case BTM_LE_KEY_LCSRK:/* local CSRK has been delivered */ 976 p_rec->ble.keys.div = p_keys->lcsrk_key.div; /* update DIV */ 977 p_rec->ble.keys.local_csrk_sec_level = p_keys->lcsrk_key.sec_level; 978 p_rec->ble.keys.local_counter = p_keys->lcsrk_key.counter; 979 p_rec->ble.key_type |= BTM_LE_KEY_LCSRK; 980 BTM_TRACE_DEBUG4("BTM_LE_KEY_LCSRK key_type=0x%x DIV=0x%x scrk_sec_level=0x%x local_counter=%d", 981 p_rec->ble.key_type, 982 p_rec->ble.keys.div, 983 p_rec->ble.keys.local_csrk_sec_level, 984 p_rec->ble.keys.local_counter ); 985 break; 986 987 default: 988 BTM_TRACE_WARNING1("btm_sec_save_le_key (Bad key_type 0x%02x)", key_type); 989 return; 990 } 991 992 BTM_TRACE_DEBUG3 ("BLE key type 0x%02x updated for BDA: %08x%04x (btm_sec_save_le_key)", key_type, 993 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3], 994 (bd_addr[4]<<8)+bd_addr[5]); 995 996 /* Notify the application that one of the BLE keys has been updated 997 If link key is in progress, it will get sent later.*/ 998 if (pass_to_application && btm_cb.api.p_le_callback) 999 { 1000 cb_data.key.p_key_value = p_keys; 1001 cb_data.key.key_type = key_type; 1002 (*btm_cb.api.p_le_callback) (BTM_LE_KEY_EVT, bd_addr, &cb_data); 1003 } 1004 return; 1005 } 1006 1007 BTM_TRACE_WARNING3 ("BLE key type 0x%02x called for Unknown BDA or type: %08x%04x !! (btm_sec_save_le_key)", key_type, 1008 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3], 1009 (bd_addr[4]<<8)+bd_addr[5]); 1010 1011 if (p_rec) 1012 { 1013 BTM_TRACE_DEBUG1 ("sec_flags=0x%x", p_rec->sec_flags); 1014 } 1015} 1016 1017/******************************************************************************* 1018** 1019** Function btm_ble_update_sec_key_size 1020** 1021** Description update the current lin kencryption key size 1022** 1023** Returns void 1024** 1025*******************************************************************************/ 1026void btm_ble_update_sec_key_size(BD_ADDR bd_addr, UINT8 enc_key_size) 1027{ 1028 tBTM_SEC_DEV_REC *p_rec; 1029 1030 BTM_TRACE_DEBUG1("btm_ble_update_sec_key_size enc_key_size = %d", enc_key_size); 1031 1032 if ((p_rec = btm_find_dev (bd_addr)) != NULL ) 1033 { 1034 p_rec->enc_key_size = enc_key_size; 1035 } 1036} 1037 1038/******************************************************************************* 1039** 1040** Function btm_ble_read_sec_key_size 1041** 1042** Description update the current lin kencryption key size 1043** 1044** Returns void 1045** 1046*******************************************************************************/ 1047UINT8 btm_ble_read_sec_key_size(BD_ADDR bd_addr) 1048{ 1049 tBTM_SEC_DEV_REC *p_rec; 1050 1051 if ((p_rec = btm_find_dev (bd_addr)) != NULL ) 1052 { 1053 return p_rec->enc_key_size; 1054 } 1055 else 1056 return 0; 1057} 1058 1059/******************************************************************************* 1060** 1061** Function btm_ble_link_sec_check 1062** 1063** Description Check BLE link security level match. 1064** 1065** Returns TRUE: check is OK and the *p_sec_req_act contain the action 1066** 1067*******************************************************************************/ 1068void btm_ble_link_sec_check(BD_ADDR bd_addr, tBTM_LE_AUTH_REQ auth_req, tBTM_BLE_SEC_REQ_ACT *p_sec_req_act) 1069{ 1070 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 1071 UINT8 req_sec_level = BTM_LE_SEC_NONE, cur_sec_level = BTM_LE_SEC_NONE; 1072 1073 BTM_TRACE_DEBUG1 ("btm_ble_link_sec_check auth_req =0x%x", auth_req); 1074 1075 if (p_dev_rec == NULL) 1076 { 1077 BTM_TRACE_ERROR0 ("btm_ble_link_sec_check received for unknown device"); 1078 return; 1079 } 1080 1081 if (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING || 1082 p_dev_rec->sec_state == BTM_SEC_STATE_AUTHENTICATING) 1083 { 1084 /* race condition: discard the security request while master is encrypting the link */ 1085 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_DISCARD; 1086 } 1087 else 1088 { 1089 req_sec_level = BTM_LE_SEC_UNAUTHENTICATE; 1090 if ((auth_req == (BTM_LE_AUTH_REQ_BOND|BTM_LE_AUTH_REQ_MITM)) || 1091 (auth_req == (BTM_LE_AUTH_REQ_MITM)) ) 1092 { 1093 req_sec_level = BTM_LE_SEC_AUTHENTICATED; 1094 } 1095 1096 BTM_TRACE_DEBUG1 ("dev_rec sec_flags=0x%x", p_dev_rec->sec_flags); 1097 1098 /* currently encrpted */ 1099 if (p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED) 1100 { 1101 if (p_dev_rec->sec_flags & BTM_SEC_LINK_KEY_AUTHED) 1102 cur_sec_level = BTM_LE_SEC_AUTHENTICATED; 1103 else 1104 cur_sec_level = BTM_LE_SEC_UNAUTHENTICATE; 1105 } 1106 else /* unencrypted link */ 1107 { 1108 /* if bonded, get the key security level */ 1109 if (p_dev_rec->ble.key_type & BTM_LE_KEY_PENC) 1110 cur_sec_level = p_dev_rec->ble.keys.sec_level; 1111 else 1112 cur_sec_level = BTM_LE_SEC_NONE; 1113 } 1114 1115 if (cur_sec_level >= req_sec_level) 1116 { 1117 if (cur_sec_level == BTM_LE_SEC_NONE) 1118 { 1119 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_NONE; 1120 } 1121 else 1122 { 1123 /* To avoid re-encryption on an encrypted link for an equal condition encryption */ 1124 /* if link has been encrypted, do nothing, go straight to furhter action 1125 if (p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED) 1126 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_DISCARD; 1127 else 1128 */ 1129 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_ENCRYPT; 1130 } 1131 } 1132 else 1133 { 1134 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_PAIR; /* start the pariring process to upgrade the keys*/ 1135 } 1136 } 1137 1138 BTM_TRACE_DEBUG3("cur_sec_level=%d req_sec_level=%d sec_req_act=%d", 1139 cur_sec_level, 1140 req_sec_level, 1141 *p_sec_req_act); 1142 1143} 1144 1145/******************************************************************************* 1146** 1147** Function btm_ble_set_encryption 1148** 1149** Description This function is called to ensure that LE connection is 1150** encrypted. Should be called only on an open connection. 1151** Typically only needed for connections that first want to 1152** bring up unencrypted links, then later encrypt them. 1153** 1154** Returns void 1155** the local device ER is copied into er 1156** 1157*******************************************************************************/ 1158tBTM_STATUS btm_ble_set_encryption (BD_ADDR bd_addr, void *p_ref_data, UINT8 link_role) 1159{ 1160 tBTM_STATUS cmd = BTM_NO_RESOURCES; 1161 tBTM_BLE_SEC_ACT sec_act = *(tBTM_BLE_SEC_ACT *)p_ref_data ; 1162 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr); 1163 1164 if (p_rec == NULL) 1165 { 1166 BTM_TRACE_WARNING1 ("btm_ble_set_encryption (NULL device record!! sec_act=0x%x", sec_act); 1167 return(BTM_WRONG_MODE); 1168 } 1169 1170 BTM_TRACE_DEBUG2 ("btm_ble_set_encryption sec_act=0x%x role_master=%d", sec_act, p_rec->role_master); 1171 1172 if (sec_act == BTM_BLE_SEC_ENCRYPT_MITM) 1173 { 1174 p_rec->security_required |= BTM_SEC_IN_MITM; 1175 } 1176 1177 switch (sec_act) 1178 { 1179 case BTM_BLE_SEC_ENCRYPT: 1180 if (link_role == BTM_ROLE_MASTER) 1181 { 1182 if(p_rec->sec_state == BTM_SEC_STATE_ENCRYPTING) { 1183 BTM_TRACE_DEBUG0 ("State is already encrypting::"); 1184 cmd = BTM_CMD_STARTED; 1185 } 1186 else { 1187 /* start link layer encryption using the security info stored */ 1188 if (btm_ble_start_encrypt(bd_addr, FALSE, NULL)) 1189 { 1190 p_rec->sec_state = BTM_SEC_STATE_ENCRYPTING; 1191 cmd = BTM_CMD_STARTED; 1192 } 1193 } 1194 break; 1195 } 1196 /* if salve role then fall through to call SMP_Pair below which will send a 1197 sec_request to request the master to encrypt the link */ 1198 case BTM_BLE_SEC_ENCRYPT_NO_MITM: 1199 case BTM_BLE_SEC_ENCRYPT_MITM: 1200 1201 if (SMP_Pair(bd_addr) == SMP_STARTED) 1202 { 1203 cmd = BTM_CMD_STARTED; 1204 p_rec->sec_state = BTM_SEC_STATE_AUTHENTICATING; 1205 } 1206 break; 1207 1208 default: 1209 cmd = BTM_SUCCESS; 1210 break; 1211 } 1212 return cmd; 1213} 1214 1215/******************************************************************************* 1216** 1217** Function btm_ble_ltk_request 1218** 1219** Description This function is called when encryption request is received 1220** on a slave device. 1221** 1222** 1223** Returns void 1224** 1225*******************************************************************************/ 1226void btm_ble_ltk_request(UINT16 handle, UINT8 rand[8], UINT16 ediv) 1227{ 1228 tBTM_CB *p_cb = &btm_cb; 1229 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev_by_handle (handle); 1230 BT_OCTET8 dummy_stk = {0}; 1231 1232 BTM_TRACE_DEBUG0 ("btm_ble_ltk_request"); 1233 1234 p_cb->ediv = ediv; 1235 1236 memcpy(p_cb->enc_rand, rand, BT_OCTET8_LEN); 1237 1238 if (p_dev_rec != NULL) 1239 { 1240 if (!smp_proc_ltk_request(p_dev_rec->bd_addr)) 1241 btm_ble_ltk_request_reply(p_dev_rec->bd_addr, FALSE, dummy_stk); 1242 } 1243 1244} 1245 1246/******************************************************************************* 1247** 1248** Function btm_ble_start_encrypt 1249** 1250** Description This function is called to start LE encryption. 1251** 1252** 1253** Returns void 1254** 1255*******************************************************************************/ 1256BOOLEAN btm_ble_start_encrypt(BD_ADDR bda, BOOLEAN use_stk, BT_OCTET16 stk) 1257{ 1258 tBTM_CB *p_cb = &btm_cb; 1259 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bda); 1260 BT_OCTET8 dummy_rand = {0}; 1261 BOOLEAN rt = FALSE; 1262 1263 BTM_TRACE_DEBUG0 ("btm_ble_start_encrypt"); 1264 1265 if (!p_rec || 1266 (p_rec && p_rec->sec_state == BTM_SEC_STATE_ENCRYPTING)) 1267 return FALSE; 1268 1269 p_cb->enc_handle = p_rec->hci_handle; 1270 1271 if (use_stk) 1272 { 1273 if (btsnd_hcic_ble_start_enc(p_rec->hci_handle, dummy_rand, 0, stk)) 1274 rt = TRUE; 1275 } 1276 else if (p_rec->ble.key_type & BTM_LE_KEY_PENC) 1277 { 1278 if (btsnd_hcic_ble_start_enc(p_rec->hci_handle, p_rec->ble.keys.rand, 1279 p_rec->ble.keys.ediv, p_rec->ble.keys.ltk)) 1280 rt = TRUE; 1281 } 1282 else 1283 { 1284 BTM_TRACE_ERROR0("No key available to encrypt the link"); 1285 } 1286 if (rt) 1287 { 1288 if (p_rec->sec_state == BTM_SEC_STATE_IDLE) 1289 p_rec->sec_state = BTM_SEC_STATE_ENCRYPTING; 1290 } 1291 1292 return rt; 1293} 1294 1295/******************************************************************************* 1296** 1297** Function btm_ble_link_encrypted 1298** 1299** Description This function is called when LE link encrption status is changed. 1300** 1301** Returns void 1302** 1303*******************************************************************************/ 1304void btm_ble_link_encrypted(BD_ADDR bd_addr, UINT8 encr_enable) 1305{ 1306 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 1307 BOOLEAN enc_cback; 1308 1309 if (!p_dev_rec) 1310 { 1311 BTM_TRACE_WARNING1 ("btm_ble_link_encrypted (No Device Found!) encr_enable=%d", encr_enable); 1312 return; 1313 } 1314 1315 BTM_TRACE_DEBUG1 ("btm_ble_link_encrypted encr_enable=%d", encr_enable); 1316 1317 enc_cback = (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING); 1318 1319 smp_link_encrypted(bd_addr, encr_enable); 1320 1321 BTM_TRACE_DEBUG1(" p_dev_rec->sec_flags=0x%x", p_dev_rec->sec_flags); 1322 1323 if (encr_enable && p_dev_rec->enc_key_size == 0) 1324 p_dev_rec->enc_key_size = p_dev_rec->ble.keys.key_size; 1325 1326 p_dev_rec->sec_state = BTM_SEC_STATE_IDLE; 1327 if (p_dev_rec->p_callback && enc_cback) 1328 { 1329 if (encr_enable) 1330 btm_sec_dev_rec_cback_event(p_dev_rec, BTM_SUCCESS); 1331 else if (p_dev_rec->role_master) 1332 btm_sec_dev_rec_cback_event(p_dev_rec, BTM_ERR_PROCESSING); 1333 1334 } 1335 /* to notify GATT to send data if any request is pending */ 1336 gatt_notify_enc_cmpl(p_dev_rec->bd_addr); 1337} 1338 1339/******************************************************************************* 1340** Function btm_enc_proc_ltk 1341** Description send LTK reply when it's ready. 1342*******************************************************************************/ 1343static void btm_enc_proc_ltk(tSMP_ENC *p) 1344{ 1345 UINT8 i; 1346 BTM_TRACE_DEBUG0 ("btm_enc_proc_ltk"); 1347 if (p && p->param_len == BT_OCTET16_LEN) 1348 { 1349 for (i = 0; i < (BT_OCTET16_LEN - btm_cb.key_size); i ++) 1350 p->param_buf[BT_OCTET16_LEN - i - 1] = 0; 1351 btsnd_hcic_ble_ltk_req_reply(btm_cb.enc_handle, p->param_buf); 1352 } 1353} 1354 1355/******************************************************************************* 1356** Function btm_enc_proc_slave_y 1357** Description calculate LTK when Y is ready 1358*******************************************************************************/ 1359static void btm_enc_proc_slave_y(tSMP_ENC *p) 1360{ 1361 UINT16 div, y; 1362 UINT8 *pp = p->param_buf; 1363 tBTM_CB *p_cb = &btm_cb; 1364 tSMP_ENC output; 1365 tBTM_SEC_DEV_REC *p_dev_rec; 1366 1367 BTM_TRACE_DEBUG0 ("btm_enc_proc_slave_y"); 1368 if (p != NULL) 1369 { 1370 STREAM_TO_UINT16(y, pp); 1371 1372 div = p_cb->ediv ^ y; 1373 p_dev_rec = btm_find_dev_by_handle (p_cb->enc_handle); 1374 1375 if ( p_dev_rec && 1376 p_dev_rec->ble.keys.div == div ) 1377 { 1378 BTM_TRACE_DEBUG0 ("LTK request OK"); 1379 /* calculating LTK , LTK = E er(div) */ 1380 SMP_Encrypt(p_cb->devcb.er, BT_OCTET16_LEN, (UINT8 *)&div, 2, &output); 1381 btm_enc_proc_ltk(&output); 1382 } 1383 else 1384 { 1385 BTM_TRACE_DEBUG0 ("LTK request failed - send negative reply"); 1386 btsnd_hcic_ble_ltk_req_neg_reply(p_cb->enc_handle); 1387 if (p_dev_rec) 1388 btm_ble_link_encrypted(p_dev_rec->bd_addr, 0); 1389 1390 } 1391 } 1392} 1393 1394/******************************************************************************* 1395** 1396** Function btm_ble_ltk_request_reply 1397** 1398** Description This function is called to send a LTK request reply on a slave 1399** device. 1400** 1401** Returns void 1402** 1403*******************************************************************************/ 1404void btm_ble_ltk_request_reply(BD_ADDR bda, BOOLEAN use_stk, BT_OCTET16 stk) 1405{ 1406 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bda); 1407 tBTM_CB *p_cb = &btm_cb; 1408 tSMP_ENC output; 1409 1410 if (p_rec == NULL) 1411 { 1412 BTM_TRACE_ERROR0("btm_ble_ltk_request_reply received for unknown device"); 1413 return; 1414 } 1415 1416 BTM_TRACE_DEBUG0 ("btm_ble_ltk_request_reply"); 1417 p_cb->enc_handle = p_rec->hci_handle; 1418 p_cb->key_size = p_rec->ble.keys.key_size; 1419 1420 BTM_TRACE_ERROR1("key size = %d", p_rec->ble.keys.key_size); 1421 if (use_stk) 1422 { 1423 btsnd_hcic_ble_ltk_req_reply(btm_cb.enc_handle, stk); 1424 } 1425 else /* calculate LTK using peer device */ 1426 { 1427 /* generate Y= Encrypt(DHK, Rand) received from encrypt request */ 1428 SMP_Encrypt(p_cb->devcb.id_keys.dhk, BT_OCTET16_LEN, p_cb->enc_rand, 1429 BT_OCTET8_LEN, &output); 1430 btm_enc_proc_slave_y(&output); 1431 } 1432} 1433 1434/******************************************************************************* 1435** 1436** Function btm_ble_io_capabilities_req 1437** 1438** Description This function is called to handle SMP get IO capability request. 1439** 1440** Returns void 1441** 1442*******************************************************************************/ 1443UINT8 btm_ble_io_capabilities_req(tBTM_SEC_DEV_REC *p_dev_rec, tBTM_LE_IO_REQ *p_data) 1444{ 1445 UINT8 callback_rc = BTM_SUCCESS; 1446 BTM_TRACE_DEBUG0 ("btm_ble_io_capabilities_req"); 1447 if (btm_cb.api.p_le_callback) 1448 { 1449 /* the callback function implementation may change the IO capability... */ 1450 callback_rc = (*btm_cb.api.p_le_callback) (BTM_LE_IO_REQ_EVT, p_dev_rec->bd_addr, (tBTM_LE_EVT_DATA *)p_data); 1451 } 1452#if BTM_OOB_INCLUDED == TRUE 1453 if ((callback_rc == BTM_SUCCESS) || (BTM_OOB_UNKNOWN != p_data->oob_data)) 1454#else 1455 if (callback_rc == BTM_SUCCESS) 1456#endif 1457 { 1458 p_data->auth_req &= BTM_LE_AUTH_REQ_MASK; 1459 1460 BTM_TRACE_DEBUG2 ("btm_ble_io_capabilities_req 1: p_dev_rec->security_required = %d auth_req:%d", 1461 p_dev_rec->security_required, p_data->auth_req); 1462 BTM_TRACE_DEBUG2 ("btm_ble_io_capabilities_req 2: i_keys=0x%x r_keys=0x%x (bit 0-LTK 1-IRK 2-CSRK)", 1463 p_data->init_keys, 1464 p_data->resp_keys); 1465 1466 /* if authentication requires MITM protection, put on the mask */ 1467 if (p_dev_rec->security_required & BTM_SEC_IN_MITM) 1468 p_data->auth_req |= BTM_LE_AUTH_REQ_MITM; 1469 1470 if (!(p_data->auth_req & SMP_AUTH_BOND)) 1471 { 1472 BTM_TRACE_DEBUG0("Non bonding: No keys should be exchanged"); 1473 p_data->init_keys = 0; 1474 p_data->resp_keys = 0; 1475 } 1476 1477 BTM_TRACE_DEBUG1 ("btm_ble_io_capabilities_req 3: auth_req:%d", p_data->auth_req); 1478 BTM_TRACE_DEBUG2 ("btm_ble_io_capabilities_req 4: i_keys=0x%x r_keys=0x%x", 1479 p_data->init_keys, 1480 p_data->resp_keys); 1481 1482 BTM_TRACE_DEBUG2 ("btm_ble_io_capabilities_req 5: p_data->io_cap = %d auth_req:%d", 1483 p_data->io_cap, p_data->auth_req); 1484 1485 /* remove MITM protection requirement if IO cap does not allow it */ 1486 if ((p_data->io_cap == BTM_IO_CAP_NONE) && p_data->oob_data == SMP_OOB_NONE) 1487 p_data->auth_req &= ~BTM_LE_AUTH_REQ_MITM; 1488 1489 BTM_TRACE_DEBUG3 ("btm_ble_io_capabilities_req 6: IO_CAP:%d oob_data:%d auth_req:%d", 1490 p_data->io_cap, p_data->oob_data, p_data->auth_req); 1491 } 1492 return callback_rc; 1493} 1494 1495/******************************************************************************* 1496** 1497** Function btm_ble_connected 1498** 1499** Description This function is when a LE connection to the peer device is 1500** establsihed 1501** 1502** Returns void 1503** 1504*******************************************************************************/ 1505void btm_ble_connected (UINT8 *bda, UINT16 handle, UINT8 enc_mode, UINT8 role, 1506 tBLE_ADDR_TYPE addr_type, BOOLEAN addr_matched) 1507{ 1508 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bda); 1509 tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb; 1510 1511 BTM_TRACE_EVENT0 ("btm_ble_connected"); 1512 1513 /* Commenting out trace due to obf/compilation problems. 1514 */ 1515#if (BT_USE_TRACES == TRUE) 1516 if (p_dev_rec) 1517 { 1518 BTM_TRACE_EVENT4 ("Security Manager: btm_sec_connected : handle:%d enc_mode:%d bda:%x RName:%s", 1519 handle, enc_mode, 1520 (bda[2]<<24)+(bda[3]<<16)+(bda[4]<<8)+bda[5], 1521 p_dev_rec->sec_bd_name); 1522 1523 BTM_TRACE_DEBUG1 ("btm_ble_connected sec_flags=0x%x",p_dev_rec->sec_flags); 1524 } 1525 else 1526 { 1527 BTM_TRACE_EVENT3 ("Security Manager: btm_sec_connected: handle:%d enc_mode:%d bda:%x ", 1528 handle, enc_mode, 1529 (bda[2]<<24)+(bda[3]<<16)+(bda[4]<<8)+bda[5]); 1530 } 1531#endif 1532 1533 if (!p_dev_rec) 1534 { 1535 /* There is no device record for new connection. Allocate one */ 1536 p_dev_rec = btm_sec_alloc_dev (bda); 1537 } 1538 else /* Update the timestamp for this device */ 1539 { 1540 p_dev_rec->timestamp = btm_cb.dev_rec_count++; 1541 } 1542 1543 /* update device information */ 1544 p_dev_rec->device_type |= BT_DEVICE_TYPE_BLE; 1545 p_dev_rec->hci_handle = handle; 1546 p_dev_rec->ble.ble_addr_type = addr_type; 1547 1548 if (role == HCI_ROLE_MASTER) 1549 p_dev_rec->role_master = TRUE; 1550 1551 if (role == HCI_ROLE_SLAVE) 1552 p_cb->inq_var.adv_mode = BTM_BLE_ADV_DISABLE; 1553 p_cb->inq_var.directed_conn = FALSE; 1554 1555 return; 1556} 1557 1558/***************************************************************************** 1559** Function btm_ble_conn_complete 1560** 1561** Description LE connection complete. 1562** 1563******************************************************************************/ 1564void btm_ble_conn_complete(UINT8 *p, UINT16 evt_len) 1565{ 1566 UINT8 role, status, bda_type; 1567 UINT16 handle; 1568 BD_ADDR bda; 1569 UINT16 conn_interval, conn_latency, conn_timeout; 1570 BOOLEAN match = FALSE; 1571 1572 STREAM_TO_UINT8 (status, p); 1573 STREAM_TO_UINT16 (handle, p); 1574 STREAM_TO_UINT8 (role, p); 1575 STREAM_TO_UINT8 (bda_type, p); 1576 STREAM_TO_BDADDR (bda, p); 1577 1578 if (status == 0) 1579 { 1580 STREAM_TO_UINT16 (conn_interval, p); 1581 STREAM_TO_UINT16 (conn_latency, p); 1582 STREAM_TO_UINT16 (conn_timeout, p); 1583 handle = HCID_GET_HANDLE (handle); 1584 1585 btm_ble_connected(bda, handle, HCI_ENCRYPT_MODE_DISABLED, role, bda_type, match); 1586 l2cble_conn_comp (handle, role, bda, bda_type, conn_interval, 1587 conn_latency, conn_timeout); 1588 } 1589 else 1590 { 1591 role = HCI_ROLE_UNKNOWN; 1592 1593 if (status == HCI_ERR_DIRECTED_ADVERTISING_TIMEOUT) 1594 btm_ble_dir_adv_tout(); 1595 } 1596 1597 btm_ble_set_conn_st(BLE_CONN_IDLE); 1598 1599 btm_ble_update_mode_operation(role, bda, TRUE); 1600} 1601 1602/***************************************************************************** 1603** Function btm_proc_smp_cback 1604** 1605** Description This function is the SMP callback handler. 1606** 1607******************************************************************************/ 1608UINT8 btm_proc_smp_cback(tSMP_EVT event, BD_ADDR bd_addr, tSMP_EVT_DATA *p_data) 1609{ 1610 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 1611 UINT8 res = 0; 1612 1613 BTM_TRACE_DEBUG1 ("btm_proc_smp_cback event = %d", event); 1614 1615 if (p_dev_rec != NULL) 1616 { 1617 switch (event) 1618 { 1619 case SMP_IO_CAP_REQ_EVT: 1620 btm_ble_io_capabilities_req(p_dev_rec, (tBTM_LE_IO_REQ *)&p_data->io_req); 1621 break; 1622 1623 case SMP_PASSKEY_REQ_EVT: 1624 case SMP_PASSKEY_NOTIF_EVT: 1625 case SMP_OOB_REQ_EVT: 1626 p_dev_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED; 1627 case SMP_SEC_REQUEST_EVT: 1628 memcpy (btm_cb.pairing_bda, bd_addr, BD_ADDR_LEN); 1629 p_dev_rec->sec_state = BTM_SEC_STATE_AUTHENTICATING; 1630 /* fall through */ 1631 case SMP_COMPLT_EVT: 1632 if (btm_cb.api.p_le_callback) 1633 { 1634 /* the callback function implementation may change the IO capability... */ 1635 BTM_TRACE_DEBUG1 ("btm_cb.api.p_le_callback=0x%x", btm_cb.api.p_le_callback ); 1636 (*btm_cb.api.p_le_callback) (event, bd_addr, (tBTM_LE_EVT_DATA *)p_data); 1637 } 1638 1639 if (event == SMP_COMPLT_EVT) 1640 { 1641 BTM_TRACE_DEBUG2 ("evt=SMP_COMPLT_EVT before update sec_level=0x%x sec_flags=0x%x", p_data->cmplt.sec_level , p_dev_rec->sec_flags ); 1642 1643 res = (p_data->cmplt.reason == SMP_SUCCESS) ? BTM_SUCCESS : BTM_ERR_PROCESSING; 1644 1645 BTM_TRACE_DEBUG3 ("after update result=%d sec_level=0x%x sec_flags=0x%x", 1646 res, p_data->cmplt.sec_level , p_dev_rec->sec_flags ); 1647 1648 btm_sec_dev_rec_cback_event(p_dev_rec, res); 1649 1650 if (p_data->cmplt.is_pair_cancel && btm_cb.api.p_bond_cancel_cmpl_callback ) 1651 { 1652 BTM_TRACE_DEBUG0 ("Pairing Cancel completed"); 1653 (*btm_cb.api.p_bond_cancel_cmpl_callback)(BTM_SUCCESS); 1654 } 1655#if BTM_BLE_CONFORMANCE_TESTING == TRUE 1656 if (res != BTM_SUCCESS) 1657 { 1658 if (!btm_cb.devcb.no_disc_if_pair_fail && p_data->cmplt.reason != SMP_CONN_TOUT) 1659 { 1660 BTM_TRACE_DEBUG0 ("Pairing failed - Remove ACL"); 1661 btm_remove_acl(bd_addr); 1662 } 1663 else 1664 { 1665 BTM_TRACE_DEBUG0 ("Pairing failed - Not Removing ACL"); 1666 p_dev_rec->sec_state = BTM_SEC_STATE_IDLE; 1667 } 1668 } 1669#else 1670 if (res != BTM_SUCCESS && p_data->cmplt.reason != SMP_CONN_TOUT) 1671 btm_remove_acl(bd_addr); 1672#endif 1673 1674 BTM_TRACE_DEBUG3 ("btm_cb pairing_state=%x pairing_flags=%x pin_code_len=%x", 1675 btm_cb.pairing_state, 1676 btm_cb.pairing_flags, 1677 btm_cb.pin_code_len ); 1678 BTM_TRACE_DEBUG6 ("btm_cb.pairing_bda %02x:%02x:%02x:%02x:%02x:%02x", 1679 btm_cb.pairing_bda[0], btm_cb.pairing_bda[1], btm_cb.pairing_bda[2], 1680 btm_cb.pairing_bda[3], btm_cb.pairing_bda[4], btm_cb.pairing_bda[5]); 1681 1682 memset (btm_cb.pairing_bda, 0xff, BD_ADDR_LEN); 1683 btm_cb.pairing_state = BTM_PAIR_STATE_IDLE; 1684 btm_cb.pairing_flags = 0; 1685 } 1686 break; 1687 1688 default: 1689 BTM_TRACE_DEBUG1 ("unknown event = %d", event); 1690 break; 1691 1692 1693 } 1694 } 1695 else 1696 { 1697 BTM_TRACE_ERROR0("btm_proc_smp_cback received for unknown device"); 1698 } 1699 1700 return 0; 1701} 1702 1703 #endif /* SMP_INCLUDED */ 1704#endif /* BLE_INCLUDED */ 1705 1706 1707/******************************************************************************* 1708** 1709** Function BTM_BleDataSignature 1710** 1711** Description This function is called to sign the data using AES128 CMAC 1712** algorith. 1713** 1714** Parameter bd_addr: target device the data to be signed for. 1715** p_text: singing data 1716** len: length of the data to be signed. 1717** signature: output parameter where data signature is going to 1718** be stored. 1719** 1720** Returns TRUE if signing sucessul, otherwise FALSE. 1721** 1722*******************************************************************************/ 1723BOOLEAN BTM_BleDataSignature (BD_ADDR bd_addr, UINT8 *p_text, UINT16 len, 1724 BLE_SIGNATURE signature) 1725{ 1726 BOOLEAN ret = FALSE; 1727#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) 1728 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr); 1729 UINT8 *p_buf, *pp; 1730 1731 BT_OCTET16 er; 1732 UINT16 div; 1733 UINT8 temp[4]; /* for (r || DIV) r=1*/ 1734 UINT16 r=1; 1735 UINT8 *p=temp, *p_mac = (UINT8 *)signature; 1736 tSMP_ENC output; 1737 BT_OCTET16 local_csrk; 1738 1739 BTM_TRACE_DEBUG0 ("BTM_BleDataSignature"); 1740 if (p_rec == NULL) 1741 { 1742 BTM_TRACE_ERROR0("data signing can not be done from unknow device"); 1743 } 1744 else 1745 { 1746 if ((p_buf = (UINT8 *)GKI_getbuf((UINT16)(len + 4))) != NULL) 1747 { 1748 BTM_TRACE_DEBUG0("Start to generate Local CSRK"); 1749 pp = p_buf; 1750 /* prepare plain text */ 1751 if (p_text) 1752 { 1753 memcpy(p_buf, p_text, len); 1754 pp = (p_buf + len); 1755 } 1756 1757#if BTM_BLE_CONFORMANCE_TESTING == TRUE 1758 if ( btm_cb.devcb.enable_test_local_sign_cntr) 1759 { 1760 BTM_TRACE_DEBUG1 ("Use Test local counter value from script counter_val=%d", btm_cb.devcb.test_local_sign_cntr); 1761 UINT32_TO_STREAM(pp, btm_cb.devcb.test_local_sign_cntr); 1762 } 1763 else 1764 { 1765 UINT32_TO_STREAM(pp, p_rec->ble.keys.local_counter); 1766 } 1767#else 1768 UINT32_TO_STREAM(pp, p_rec->ble.keys.local_counter); 1769#endif 1770 /* compute local csrk */ 1771 if (btm_get_local_div(bd_addr, &div)) 1772 { 1773 BTM_TRACE_DEBUG1 ("compute_csrk div=%x", div); 1774 BTM_GetDeviceEncRoot(er); 1775 1776 /* CSRK = d1(ER, DIV, 1) */ 1777 UINT16_TO_STREAM(p, div); 1778 UINT16_TO_STREAM(p, r); 1779 1780 if (!SMP_Encrypt(er, BT_OCTET16_LEN, temp, 4, &output)) 1781 { 1782 BTM_TRACE_ERROR0("Local CSRK generation failed "); 1783 } 1784 else 1785 { 1786 BTM_TRACE_DEBUG0("local CSRK generation success"); 1787 memcpy((void *)local_csrk, output.param_buf, BT_OCTET16_LEN); 1788 1789 1790#if BTM_BLE_CONFORMANCE_TESTING == TRUE 1791 if (btm_cb.devcb.enable_test_local_sign_cntr) 1792 { 1793 UINT32_TO_STREAM(p_mac, btm_cb.devcb.test_local_sign_cntr); 1794 } 1795 else 1796 { 1797 UINT32_TO_STREAM(p_mac, p_rec->ble.keys.local_counter); 1798 } 1799#else 1800 UINT32_TO_STREAM(p_mac, p_rec->ble.keys.local_counter); 1801#endif 1802 1803 if ((ret = AES_CMAC(local_csrk, p_buf, (UINT16)(len + 4), BTM_CMAC_TLEN_SIZE, p_mac)) == TRUE) 1804 { 1805 btm_ble_increment_sign_ctr(bd_addr, TRUE); 1806 1807#if BTM_BLE_CONFORMANCE_TESTING == TRUE 1808 if ( btm_cb.devcb.enable_test_mac_val) 1809 { 1810 BTM_TRACE_DEBUG0 ("Use MAC value from script"); 1811 memcpy(p_mac, btm_cb.devcb.test_mac, BTM_CMAC_TLEN_SIZE); 1812 } 1813#endif 1814 } 1815 BTM_TRACE_DEBUG1("BTM_BleDataSignature p_mac = %d", p_mac); 1816 BTM_TRACE_DEBUG4("p_mac[0] = 0x%02x p_mac[1] = 0x%02x p_mac[2] = 0x%02x p_mac[3] = 0x%02x", 1817 *p_mac, *(p_mac + 1), *(p_mac + 2), *(p_mac + 3)); 1818 BTM_TRACE_DEBUG4("p_mac[4] = 0x%02x p_mac[5] = 0x%02x p_mac[6] = 0x%02x p_mac[7] = 0x%02x", 1819 *(p_mac + 4), *(p_mac + 5), *(p_mac + 6), *(p_mac + 7)); 1820 1821 GKI_freebuf(p_buf); 1822 } 1823 } 1824 } 1825 } 1826#endif /* BLE_INCLUDED */ 1827 return ret; 1828} 1829 1830/******************************************************************************* 1831** 1832** Function BTM_BleVerifySignature 1833** 1834** Description This function is called to verify the data signature 1835** 1836** Parameter bd_addr: target device the data to be signed for. 1837** p_orig: original data before signature. 1838** len: length of the signing data 1839** counter: counter used when doing data signing 1840** p_comp: signature to be compared against. 1841 1842** Returns TRUE if signature verified correctly; otherwise FALSE. 1843** 1844*******************************************************************************/ 1845BOOLEAN BTM_BleVerifySignature (BD_ADDR bd_addr, UINT8 *p_orig, UINT16 len, UINT32 counter, 1846 UINT8 *p_comp) 1847{ 1848 BOOLEAN verified = FALSE; 1849#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) 1850 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr); 1851 UINT8 p_mac[BTM_CMAC_TLEN_SIZE]; 1852 1853 if (p_rec == NULL || (p_rec && !(p_rec->ble.key_type & BTM_LE_KEY_PCSRK))) 1854 { 1855 BTM_TRACE_ERROR0("can not verify signature for unknown device"); 1856 } 1857 else if (counter < p_rec->ble.keys.counter) 1858 { 1859 BTM_TRACE_ERROR0("signature received with out dated sign counter"); 1860 } 1861 else if (p_orig == NULL) 1862 { 1863 BTM_TRACE_ERROR0("No signature to verify"); 1864 } 1865 else 1866 { 1867 BTM_TRACE_DEBUG2 ("BTM_BleVerifySignature rcv_cnt=%d >= expected_cnt=%d", counter, p_rec->ble.keys.counter); 1868 1869 if (AES_CMAC(p_rec->ble.keys.csrk, p_orig, len, BTM_CMAC_TLEN_SIZE, p_mac)) 1870 { 1871 if (memcmp(p_mac, p_comp, BTM_CMAC_TLEN_SIZE) == 0) 1872 { 1873 btm_ble_increment_sign_ctr(bd_addr, FALSE); 1874 verified = TRUE; 1875 } 1876 } 1877 } 1878#endif /* BLE_INCLUDED */ 1879 return verified; 1880} 1881 1882#if BLE_INCLUDED == TRUE 1883/******************************************************************************* 1884** Utility functions for LE device IR/ER generation 1885*******************************************************************************/ 1886/******************************************************************************* 1887** 1888** Function btm_notify_new_key 1889** 1890** Description This function is to notify application new keys have been 1891** generated. 1892** 1893** Returns void 1894** 1895*******************************************************************************/ 1896static void btm_notify_new_key(UINT8 key_type) 1897{ 1898 tBTM_BLE_LOCAL_KEYS *p_locak_keys = NULL; 1899 1900 BTM_TRACE_DEBUG1 ("btm_notify_new_key key_type=%d", key_type); 1901 1902 if (btm_cb.api.p_le_key_callback) 1903 { 1904 switch (key_type) 1905 { 1906 case BTM_BLE_KEY_TYPE_ID: 1907 BTM_TRACE_DEBUG0 ("BTM_BLE_KEY_TYPE_ID"); 1908 p_locak_keys = (tBTM_BLE_LOCAL_KEYS *)&btm_cb.devcb.id_keys; 1909 break; 1910 1911 case BTM_BLE_KEY_TYPE_ER: 1912 BTM_TRACE_DEBUG0 ("BTM_BLE_KEY_TYPE_ER"); 1913 p_locak_keys = (tBTM_BLE_LOCAL_KEYS *)&btm_cb.devcb.er; 1914 break; 1915 1916 default: 1917 BTM_TRACE_ERROR1("unknown key type: %d", key_type); 1918 break; 1919 } 1920 if (p_locak_keys != NULL) 1921 (*btm_cb.api.p_le_key_callback) (key_type, p_locak_keys); 1922 } 1923} 1924 1925/******************************************************************************* 1926** 1927** Function btm_ble_process_er2 1928** 1929** Description This function is called when ER is generated, store it in 1930** local control block. 1931** 1932** Returns void 1933** 1934*******************************************************************************/ 1935static void btm_ble_process_er2(tBTM_RAND_ENC *p) 1936{ 1937 BTM_TRACE_DEBUG0 ("btm_ble_process_er2"); 1938 1939 if (p &&p->opcode == HCI_BLE_RAND) 1940 { 1941 memcpy(&btm_cb.devcb.er[8], p->param_buf, BT_OCTET8_LEN); 1942 btm_notify_new_key(BTM_BLE_KEY_TYPE_ER); 1943 } 1944 else 1945 { 1946 BTM_TRACE_ERROR0("Generating ER2 exception."); 1947 memset(&btm_cb.devcb.er, 0, sizeof(BT_OCTET16)); 1948 } 1949} 1950 1951/******************************************************************************* 1952** 1953** Function btm_ble_process_er 1954** 1955** Description This function is called when ER is generated, store it in 1956** local control block. 1957** 1958** Returns void 1959** 1960*******************************************************************************/ 1961static void btm_ble_process_er(tBTM_RAND_ENC *p) 1962{ 1963 BTM_TRACE_DEBUG0 ("btm_ble_process_er"); 1964 1965 if (p &&p->opcode == HCI_BLE_RAND) 1966 { 1967 memcpy(&btm_cb.devcb.er[0], p->param_buf, BT_OCTET8_LEN); 1968 1969 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_er2)) 1970 { 1971 memset(&btm_cb.devcb.er, 0, sizeof(BT_OCTET16)); 1972 BTM_TRACE_ERROR0("Generating ER2 failed."); 1973 } 1974 } 1975 else 1976 { 1977 BTM_TRACE_ERROR0("Generating ER1 exception."); 1978 } 1979} 1980 1981/******************************************************************************* 1982** 1983** Function btm_ble_process_irk 1984** 1985** Description This function is called when IRK is generated, store it in 1986** local control block. 1987** 1988** Returns void 1989** 1990*******************************************************************************/ 1991static void btm_ble_process_irk(tSMP_ENC *p) 1992{ 1993 BTM_TRACE_DEBUG0 ("btm_ble_process_irk"); 1994 if (p &&p->opcode == HCI_BLE_ENCRYPT) 1995 { 1996 memcpy(btm_cb.devcb.id_keys.irk, p->param_buf, BT_OCTET16_LEN); 1997 btm_notify_new_key(BTM_BLE_KEY_TYPE_ID); 1998 } 1999 else 2000 { 2001 BTM_TRACE_ERROR0("Generating IRK exception."); 2002 } 2003 2004 /* proceed generate ER */ 2005 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_er)) 2006 { 2007 BTM_TRACE_ERROR0("Generating ER failed."); 2008 } 2009} 2010 2011/******************************************************************************* 2012** 2013** Function btm_ble_process_dhk 2014** 2015** Description This function is called when DHK is calculated, store it in 2016** local control block, and proceed to generate ER, a 128-bits 2017** random number. 2018** 2019** Returns void 2020** 2021*******************************************************************************/ 2022static void btm_ble_process_dhk(tSMP_ENC *p) 2023{ 2024#if SMP_INCLUDED == TRUE 2025 UINT8 btm_ble_irk_pt = 0x01; 2026 tSMP_ENC output; 2027 2028 BTM_TRACE_DEBUG0 ("btm_ble_process_dhk"); 2029 2030 if (p && p->opcode == HCI_BLE_ENCRYPT) 2031 { 2032 memcpy(btm_cb.devcb.id_keys.dhk, p->param_buf, BT_OCTET16_LEN); 2033 BTM_TRACE_DEBUG0("BLE DHK generated."); 2034 2035 /* IRK = D1(IR, 1) */ 2036 if (!SMP_Encrypt(btm_cb.devcb.id_keys.ir, BT_OCTET16_LEN, &btm_ble_irk_pt, 2037 1, &output)) 2038 { 2039 /* reset all identity root related key */ 2040 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS)); 2041 } 2042 else 2043 { 2044 btm_ble_process_irk(&output); 2045 } 2046 } 2047 else 2048 { 2049 /* reset all identity root related key */ 2050 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS)); 2051 } 2052#endif 2053} 2054 2055/******************************************************************************* 2056** 2057** Function btm_ble_process_ir2 2058** 2059** Description This function is called when IR is generated, proceed to calculate 2060** DHK = Eir({0x03, 0, 0 ...}) 2061** 2062** 2063** Returns void 2064** 2065*******************************************************************************/ 2066static void btm_ble_process_ir2(tBTM_RAND_ENC *p) 2067{ 2068#if SMP_INCLUDED == TRUE 2069 UINT8 btm_ble_dhk_pt = 0x03; 2070 tSMP_ENC output; 2071 2072 BTM_TRACE_DEBUG0 ("btm_ble_process_ir2"); 2073 2074 if (p && p->opcode == HCI_BLE_RAND) 2075 { 2076 /* remembering in control block */ 2077 memcpy(&btm_cb.devcb.id_keys.ir[8], p->param_buf, BT_OCTET8_LEN); 2078 /* generate DHK= Eir({0x03, 0x00, 0x00 ...}) */ 2079 2080 2081 SMP_Encrypt(btm_cb.devcb.id_keys.ir, BT_OCTET16_LEN, &btm_ble_dhk_pt, 2082 1, &output); 2083 btm_ble_process_dhk(&output); 2084 2085 BTM_TRACE_DEBUG0("BLE IR generated."); 2086 } 2087 else 2088 { 2089 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS)); 2090 } 2091#endif 2092} 2093 2094/******************************************************************************* 2095** 2096** Function btm_ble_process_ir 2097** 2098** Description This function is called when IR is generated, proceed to calculate 2099** DHK = Eir({0x02, 0, 0 ...}) 2100** 2101** 2102** Returns void 2103** 2104*******************************************************************************/ 2105static void btm_ble_process_ir(tBTM_RAND_ENC *p) 2106{ 2107 BTM_TRACE_DEBUG0 ("btm_ble_process_ir"); 2108 2109 if (p && p->opcode == HCI_BLE_RAND) 2110 { 2111 /* remembering in control block */ 2112 memcpy(btm_cb.devcb.id_keys.ir, p->param_buf, BT_OCTET8_LEN); 2113 2114 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_ir2)) 2115 { 2116 BTM_TRACE_ERROR0("Generating IR2 failed."); 2117 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS)); 2118 } 2119 } 2120} 2121 2122/******************************************************************************* 2123** 2124** Function btm_ble_reset_id 2125** 2126** Description This function is called to reset LE device identity. 2127** 2128** Returns void 2129** 2130*******************************************************************************/ 2131void btm_ble_reset_id( void ) 2132{ 2133 BTM_TRACE_DEBUG0 ("btm_ble_reset_id"); 2134 2135 /* regenrate Identity Root*/ 2136 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_ir)) 2137 { 2138 BTM_TRACE_DEBUG0("Generating IR failed."); 2139 } 2140} 2141 2142 #if BTM_BLE_CONFORMANCE_TESTING == TRUE 2143/******************************************************************************* 2144** 2145** Function btm_ble_set_no_disc_if_pair_fail 2146** 2147** Description This function indicates that whether no disconnect of the ACL 2148** should be used if pairing failed 2149** 2150** Returns void 2151** 2152*******************************************************************************/ 2153void btm_ble_set_no_disc_if_pair_fail(BOOLEAN disable_disc ) 2154{ 2155 BTM_TRACE_DEBUG1 ("btm_ble_set_disc_enable_if_pair_fail disable_disc=%d", disable_disc); 2156 btm_cb.devcb.no_disc_if_pair_fail = disable_disc; 2157} 2158 2159/******************************************************************************* 2160** 2161** Function btm_ble_set_test_mac_value 2162** 2163** Description This function set test MAC value 2164** 2165** Returns void 2166** 2167*******************************************************************************/ 2168void btm_ble_set_test_mac_value(BOOLEAN enable, UINT8 *p_test_mac_val ) 2169{ 2170 BTM_TRACE_DEBUG1 ("btm_ble_set_test_mac_value enable=%d", enable); 2171 btm_cb.devcb.enable_test_mac_val = enable; 2172 memcpy(btm_cb.devcb.test_mac, p_test_mac_val, BT_OCTET8_LEN); 2173} 2174 2175/******************************************************************************* 2176** 2177** Function btm_ble_set_test_local_sign_cntr_value 2178** 2179** Description This function set test local sign counter value 2180** 2181** Returns void 2182** 2183*******************************************************************************/ 2184void btm_ble_set_test_local_sign_cntr_value(BOOLEAN enable, UINT32 test_local_sign_cntr ) 2185{ 2186 BTM_TRACE_DEBUG2 ("btm_ble_set_test_local_sign_cntr_value enable=%d local_sign_cntr=%d", 2187 enable, test_local_sign_cntr); 2188 btm_cb.devcb.enable_test_local_sign_cntr = enable; 2189 btm_cb.devcb.test_local_sign_cntr = test_local_sign_cntr; 2190} 2191 2192/******************************************************************************* 2193** 2194** Function btm_set_random_address 2195** 2196** Description This function set a random address to local controller. 2197** 2198** Returns void 2199** 2200*******************************************************************************/ 2201void btm_set_random_address(BD_ADDR random_bda) 2202{ 2203 tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb; 2204 BOOLEAN adv_mode = btm_cb.ble_ctr_cb.inq_var.adv_mode ; 2205 2206 BTM_TRACE_DEBUG0 ("btm_set_random_address"); 2207 2208 if (adv_mode == BTM_BLE_ADV_ENABLE) 2209 btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_DISABLE); 2210 2211 memcpy(p_cb->private_addr, random_bda, BD_ADDR_LEN); 2212 btsnd_hcic_ble_set_random_addr(p_cb->private_addr); 2213 2214 if (adv_mode == BTM_BLE_ADV_ENABLE) 2215 btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_ENABLE); 2216 2217 2218} 2219#endif /* BTM_BLE_CONFORMANCE_TESTING */ 2220 2221 2222#endif /* BLE_INCLUDED */ 2223