btm_ble.c revision 51822b4229e4519a8e07838f52f858472ea36961
1/****************************************************************************** 2 * 3 * Copyright (C) 1999-2012 Broadcom Corporation 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19/****************************************************************************** 20 * 21 * This file contains functions for BLE device control utilities, and LE 22 * security functions. 23 * 24 ******************************************************************************/ 25 26#include <string.h> 27 28#include "bt_types.h" 29#include "hcimsgs.h" 30#include "btu.h" 31#include "btm_int.h" 32#include "btm_ble_api.h" 33#include "smp_api.h" 34#include "l2c_int.h" 35#include "gap_api.h" 36 37#if SMP_INCLUDED == TRUE 38extern BOOLEAN AES_CMAC ( BT_OCTET16 key, UINT8 *input, UINT16 length, UINT16 tlen, UINT8 *p_signature); 39extern void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable); 40extern BOOLEAN smp_proc_ltk_request(BD_ADDR bda); 41#endif 42extern void gatt_notify_enc_cmpl(BD_ADDR bd_addr); 43 44/*******************************************************************************/ 45/* External Function to be called by other modules */ 46/*******************************************************************************/ 47/******************************************************** 48** 49** Function BTM_SecAddBleDevice 50** 51** Description Add/modify device. This function will be normally called 52** during host startup to restore all required information 53** for a LE device stored in the NVRAM. 54** 55** Parameters: bd_addr - BD address of the peer 56** bd_name - Name of the peer device. NULL if unknown. 57** dev_type - Remote device's device type. 58** addr_type - LE device address type. 59** 60** Returns TRUE if added OK, else FALSE 61** 62*******************************************************************************/ 63BOOLEAN BTM_SecAddBleDevice (BD_ADDR bd_addr, BD_NAME bd_name, tBT_DEVICE_TYPE dev_type, 64 tBLE_ADDR_TYPE addr_type) 65{ 66#if BLE_INCLUDED == TRUE 67 tBTM_SEC_DEV_REC *p_dev_rec; 68 UINT8 i = 0; 69 tBTM_INQ_INFO *p_info=NULL; 70 71 BTM_TRACE_DEBUG1 ("BTM_SecAddBleDevice dev_type=0x%x", dev_type); 72 p_dev_rec = btm_find_dev (bd_addr); 73 74 if (!p_dev_rec) 75 { 76 BTM_TRACE_DEBUG0("Add a new device"); 77 78 /* There is no device record, allocate one. 79 * If we can not find an empty spot for this one, let it fail. */ 80 for (i = 0; i < BTM_SEC_MAX_DEVICE_RECORDS; i++) 81 { 82 if (!(btm_cb.sec_dev_rec[i].sec_flags & BTM_SEC_IN_USE)) 83 { 84 BTM_TRACE_DEBUG1 ("allocate a new dev rec idx=0x%x ", i ); 85 p_dev_rec = &btm_cb.sec_dev_rec[i]; 86 87 /* Mark this record as in use and initialize */ 88 memset (p_dev_rec, 0, sizeof (tBTM_SEC_DEV_REC)); 89 p_dev_rec->sec_flags = BTM_SEC_IN_USE; 90 memcpy (p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN); 91 p_dev_rec->hci_handle = BTM_GetHCIConnHandle (bd_addr); 92 93 /* update conn params, use default value for background connection params */ 94 p_dev_rec->conn_params.min_conn_int = 95 p_dev_rec->conn_params.max_conn_int = 96 p_dev_rec->conn_params.supervision_tout = 97 p_dev_rec->conn_params.slave_latency = BTM_BLE_CONN_PARAM_UNDEF; 98 99 BTM_TRACE_DEBUG1 ("hci_handl=0x%x ", p_dev_rec->hci_handle ); 100 break; 101 } 102 } 103 104 if (!p_dev_rec) 105 return(FALSE); 106 } 107 else 108 { 109 BTM_TRACE_DEBUG0("Device already exist"); 110 } 111 112 memset(p_dev_rec->sec_bd_name, 0, sizeof(tBTM_BD_NAME)); 113 114 if (bd_name && bd_name[0]) 115 { 116 p_dev_rec->sec_flags |= BTM_SEC_NAME_KNOWN; 117 BCM_STRNCPY_S ((char *)p_dev_rec->sec_bd_name, sizeof (p_dev_rec->sec_bd_name), 118 (char *)bd_name, BTM_MAX_REM_BD_NAME_LEN); 119 } 120 p_dev_rec->device_type = dev_type; 121 p_dev_rec->ble.ble_addr_type = addr_type; 122 BTM_TRACE_DEBUG3 ("p_dev_rec->device_type =0x%x addr_type=0x%x sec_flags=0x%x", 123 dev_type, addr_type, p_dev_rec->sec_flags); 124 125 /* sync up with the Inq Data base*/ 126 p_info = BTM_InqDbRead(bd_addr); 127 if (p_info) 128 { 129 p_info->results.ble_addr_type = p_dev_rec->ble.ble_addr_type ; 130 p_info->results.device_type = p_dev_rec->device_type; 131 BTM_TRACE_DEBUG2 ("InqDb device_type =0x%x addr_type=0x%x", 132 p_info->results.device_type, p_info->results.ble_addr_type); 133 } 134 135#endif 136 return(TRUE); 137} 138 139/******************************************************************************* 140** 141** Function BTM_SecAddBleKey 142** 143** Description Add/modify LE device information. This function will be 144** normally called during host startup to restore all required 145** information stored in the NVRAM. 146** 147** Parameters: bd_addr - BD address of the peer 148** p_le_key - LE key values. 149** key_type - LE SMP key type. 150* 151** Returns TRUE if added OK, else FALSE 152** 153*******************************************************************************/ 154BOOLEAN BTM_SecAddBleKey (BD_ADDR bd_addr, tBTM_LE_KEY_VALUE *p_le_key, tBTM_LE_KEY_TYPE key_type) 155{ 156#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) 157 tBTM_SEC_DEV_REC *p_dev_rec; 158 BTM_TRACE_DEBUG0 ("BTM_SecAddBleKey"); 159 p_dev_rec = btm_find_dev (bd_addr); 160 if (!p_dev_rec || !p_le_key || 161 (key_type != BTM_LE_KEY_PENC && key_type != BTM_LE_KEY_PID && 162 key_type != BTM_LE_KEY_PCSRK && key_type != BTM_LE_KEY_LENC && 163 key_type != BTM_LE_KEY_LCSRK)) 164 { 165 BTM_TRACE_WARNING3 ("BTM_SecAddBleKey() Wrong Type, or No Device record \ 166 for bdaddr: %08x%04x, Type: %d", 167 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3], 168 (bd_addr[4]<<8)+bd_addr[5], key_type); 169 return(FALSE); 170 } 171 172 BTM_TRACE_DEBUG3 ("BTM_SecAddLeKey() BDA: %08x%04x, Type: 0x%02x", 173 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3], 174 (bd_addr[4]<<8)+bd_addr[5], key_type); 175 176 if (key_type == BTM_LE_KEY_PENC || key_type == BTM_LE_KEY_PID || 177 key_type == BTM_LE_KEY_PCSRK || key_type == BTM_LE_KEY_LENC || 178 key_type == BTM_LE_KEY_LCSRK) 179 { 180 btm_sec_save_le_key (bd_addr, key_type, p_le_key, FALSE); 181 } 182 183#endif 184 185 return(TRUE); 186} 187 188/******************************************************************************* 189** 190** Function BTM_BleLoadLocalKeys 191** 192** Description Local local identity key, encryption root or sign counter. 193** 194** Parameters: key_type: type of key, can be BTM_BLE_KEY_TYPE_ID, BTM_BLE_KEY_TYPE_ER 195** or BTM_BLE_KEY_TYPE_COUNTER. 196** p_key: pointer to the key. 197* 198** Returns non2. 199** 200*******************************************************************************/ 201void BTM_BleLoadLocalKeys(UINT8 key_type, tBTM_BLE_LOCAL_KEYS *p_key) 202{ 203#if BLE_INCLUDED == TRUE 204 tBTM_DEVCB *p_devcb = &btm_cb.devcb; 205 BTM_TRACE_DEBUG0 ("BTM_BleLoadLocalKeys"); 206 if (p_key != NULL) 207 { 208 switch (key_type) 209 { 210 case BTM_BLE_KEY_TYPE_ID: 211 memcpy(&p_devcb->id_keys, &p_key->id_keys, sizeof(tBTM_BLE_LOCAL_ID_KEYS)); 212 break; 213 214 case BTM_BLE_KEY_TYPE_ER: 215 memcpy(p_devcb->er, p_key->er, sizeof(BT_OCTET16)); 216 break; 217 218 default: 219 BTM_TRACE_ERROR1("unknow local key type: %d", key_type); 220 break; 221 } 222 } 223#endif 224} 225 226/******************************************************************************* 227** 228** Function BTM_GetDeviceEncRoot 229** 230** Description This function is called to read the local device encryption 231** root. 232** 233** Returns void 234** the local device ER is copied into er 235** 236*******************************************************************************/ 237void BTM_GetDeviceEncRoot (BT_OCTET16 er) 238{ 239 BTM_TRACE_DEBUG0 ("BTM_GetDeviceEncRoot"); 240 241#if BLE_INCLUDED == TRUE 242 memcpy (er, btm_cb.devcb.er, BT_OCTET16_LEN); 243#endif 244} 245 246/******************************************************************************* 247** 248** Function BTM_GetDeviceIDRoot 249** 250** Description This function is called to read the local device identity 251** root. 252** 253** Returns void 254** the local device IR is copied into irk 255** 256*******************************************************************************/ 257void BTM_GetDeviceIDRoot (BT_OCTET16 irk) 258{ 259 BTM_TRACE_DEBUG0 ("BTM_GetDeviceIDRoot "); 260 261#if BLE_INCLUDED == TRUE 262 memcpy (irk, btm_cb.devcb.id_keys.irk, BT_OCTET16_LEN); 263#endif 264} 265 266/******************************************************************************* 267** 268** Function BTM_GetDeviceDHK 269** 270** Description This function is called to read the local device DHK. 271** 272** Returns void 273** the local device DHK is copied into dhk 274** 275*******************************************************************************/ 276void BTM_GetDeviceDHK (BT_OCTET16 dhk) 277{ 278#if BLE_INCLUDED == TRUE 279 BTM_TRACE_DEBUG0 ("BTM_GetDeviceDHK"); 280 memcpy (dhk, btm_cb.devcb.id_keys.dhk, BT_OCTET16_LEN); 281#endif 282} 283 284/******************************************************************************* 285** 286** Function BTM_ReadConnectionAddr 287** 288** Description This function is called to get the local device address information 289** . 290** 291** Returns void 292** 293*******************************************************************************/ 294void BTM_ReadConnectionAddr (BD_ADDR remote_bda, BD_ADDR local_conn_addr, tBLE_ADDR_TYPE *p_addr_type) 295{ 296#if BLE_INCLUDED == TRUE 297 tACL_CONN *p_acl = btm_bda_to_acl(remote_bda); 298 299 if (p_acl == NULL) 300 { 301 BTM_TRACE_ERROR0("No connection exist!"); 302 return; 303 } 304 memcpy(local_conn_addr, p_acl->conn_addr, BD_ADDR_LEN); 305 * p_addr_type = p_acl->conn_addr_type; 306 307 BTM_TRACE_DEBUG2 ("BTM_ReadConnectionAddr address type: %d addr: 0x%02x", 308 p_acl->conn_addr_type, p_acl->conn_addr[0]); 309 310#endif 311} 312/******************************************************************************* 313** 314** Function BTM_IsBleConnection 315** 316** Description This function is called to check if the connection handle 317** for an LE link 318** 319** Returns TRUE if connection is LE link, otherwise FALSE. 320** 321*******************************************************************************/ 322BOOLEAN BTM_IsBleConnection (UINT16 conn_handle) 323{ 324#if (BLE_INCLUDED == TRUE) 325 UINT8 xx; 326 tACL_CONN *p; 327 328 BTM_TRACE_API1 ("BTM_IsBleConnection: conn_handle: %d", conn_handle); 329 330 xx = btm_handle_to_acl_index (conn_handle); 331 if (xx >= MAX_L2CAP_LINKS) 332 return FALSE; 333 334 p = &btm_cb.acl_db[xx]; 335 336 return(p->is_le_link); 337#else 338 return FALSE; 339#endif 340} 341 342/******************************************************************************* 343** 344** Function BTM_ReadRemoteConnectionAddr 345** 346** Description This function is read the remote device address currently used 347** . 348** 349** Returns void 350** 351*******************************************************************************/ 352BOOLEAN BTM_ReadRemoteConnectionAddr(BD_ADDR pseudo_addr, BD_ADDR conn_addr, tBLE_ADDR_TYPE *p_addr_type) 353{ 354 BOOLEAN st = TRUE; 355#if BLE_INCLUDED == TRUE 356 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(pseudo_addr); 357 358 memcpy(conn_addr, pseudo_addr, BD_ADDR_LEN); 359 if (p_dev_rec != NULL) 360 { 361 *p_addr_type = p_dev_rec->ble.ble_addr_type; 362 } 363#endif 364 return st; 365} 366/******************************************************************************* 367** 368** Function BTM_SecurityGrant 369** 370** Description This function is called to grant security process. 371** 372** Parameters bd_addr - peer device bd address. 373** res - result of the operation BTM_SUCCESS if success. 374** Otherwise, BTM_REPEATED_ATTEMPTS is too many attempts. 375** 376** Returns None 377** 378*******************************************************************************/ 379void BTM_SecurityGrant(BD_ADDR bd_addr, UINT8 res) 380{ 381#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) 382 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_REPEATED_ATTEMPTS; 383 BTM_TRACE_DEBUG0 ("BTM_SecurityGrant"); 384 SMP_SecurityGrant(bd_addr, res_smp); 385#endif 386} 387 388/******************************************************************************* 389** 390** Function BTM_BlePasskeyReply 391** 392** Description This function is called after Security Manager submitted 393** passkey request to the application. 394** 395** Parameters: bd_addr - Address of the device for which passkey was requested 396** res - result of the operation BTM_SUCCESS if success 397** key_len - length in bytes of the Passkey 398** p_passkey - pointer to array with the passkey 399** trusted_mask - bitwise OR of trusted services (array of UINT32) 400** 401*******************************************************************************/ 402void BTM_BlePasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey) 403{ 404#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) 405 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 406 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_PASSKEY_ENTRY_FAIL; 407 408 if (p_dev_rec == NULL) 409 { 410 BTM_TRACE_ERROR0("Passkey reply to Unknown device"); 411 return; 412 } 413 414 p_dev_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED; 415 BTM_TRACE_DEBUG0 ("BTM_BlePasskeyReply"); 416 SMP_PasskeyReply(bd_addr, res_smp, passkey); 417#endif 418} 419 420/******************************************************************************* 421** 422** Function BTM_BleOobDataReply 423** 424** Description This function is called to provide the OOB data for 425** SMP in response to BTM_LE_OOB_REQ_EVT 426** 427** Parameters: bd_addr - Address of the peer device 428** res - result of the operation SMP_SUCCESS if success 429** p_data - simple pairing Randomizer C. 430** 431*******************************************************************************/ 432void BTM_BleOobDataReply(BD_ADDR bd_addr, UINT8 res, UINT8 len, UINT8 *p_data) 433{ 434#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) 435 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_OOB_FAIL; 436 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 437 438 BTM_TRACE_DEBUG0 ("BTM_BleOobDataReply"); 439 440 if (p_dev_rec == NULL) 441 { 442 BTM_TRACE_ERROR0("BTM_BleOobDataReply() to Unknown device"); 443 return; 444 } 445 446 p_dev_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED; 447 SMP_OobDataReply(bd_addr, res_smp, len, p_data); 448#endif 449} 450 451/****************************************************************************** 452** 453** Function BTM_BleSetConnScanParams 454** 455** Description Set scan parameter used in BLE connection request 456** 457** Parameters: scan_interval: scan interval 458** scan_window: scan window 459** 460** Returns void 461** 462*******************************************************************************/ 463void BTM_BleSetConnScanParams (UINT16 scan_interval, UINT16 scan_window) 464{ 465#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) 466 tBTM_BLE_CB *p_ble_cb = &btm_cb.ble_ctr_cb; 467 BOOLEAN new_param = FALSE; 468 469 if (BTM_BLE_VALID_PRAM(scan_interval, BTM_BLE_SCAN_INT_MIN, BTM_BLE_SCAN_INT_MAX) && 470 BTM_BLE_VALID_PRAM(scan_window, BTM_BLE_SCAN_WIN_MIN, BTM_BLE_SCAN_WIN_MAX)) 471 { 472 btu_stop_timer(&p_ble_cb->scan_param_idle_timer); 473 474 if (p_ble_cb->scan_int != scan_interval) 475 { 476 p_ble_cb->scan_int = scan_interval; 477 new_param = TRUE; 478 } 479 480 if (p_ble_cb->scan_win != scan_window) 481 { 482 p_ble_cb->scan_win = scan_window; 483 new_param = TRUE; 484 } 485 486 if (new_param && p_ble_cb->conn_state == BLE_BG_CONN) 487 { 488 btm_ble_suspend_bg_conn(); 489 } 490 } 491 else 492 { 493 BTM_TRACE_ERROR0("Illegal Connection Scan Parameters"); 494 } 495#endif 496} 497 498/******************************************************** 499** 500** Function BTM_BleSetPrefConnParams 501** 502** Description Set a peripheral's preferred connection parameters 503** 504** Parameters: bd_addr - BD address of the peripheral 505** scan_interval: scan interval 506** scan_window: scan window 507** min_conn_int - minimum preferred connection interval 508** max_conn_int - maximum preferred connection interval 509** slave_latency - preferred slave latency 510** supervision_tout - preferred supervision timeout 511** 512** Returns void 513** 514*******************************************************************************/ 515void BTM_BleSetPrefConnParams (BD_ADDR bd_addr, 516 UINT16 min_conn_int, UINT16 max_conn_int, 517 UINT16 slave_latency, UINT16 supervision_tout) 518{ 519#if BLE_INCLUDED == TRUE 520 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 521 522 BTM_TRACE_API4 ("BTM_BleSetPrefConnParams min: %u max: %u latency: %u \ 523 tout: %u", 524 min_conn_int, max_conn_int, slave_latency, supervision_tout); 525 526 if (BTM_BLE_VALID_PRAM(min_conn_int, BTM_BLE_CONN_INT_MIN, BTM_BLE_CONN_INT_MAX) && 527 BTM_BLE_VALID_PRAM(max_conn_int, BTM_BLE_CONN_INT_MIN, BTM_BLE_CONN_INT_MAX) && 528 BTM_BLE_VALID_PRAM(supervision_tout, BTM_BLE_CONN_SUP_TOUT_MIN, BTM_BLE_CONN_SUP_TOUT_MAX) && 529 (slave_latency <= BTM_BLE_CONN_LATENCY_MAX || slave_latency == BTM_BLE_CONN_PARAM_UNDEF)) 530 { 531 if (p_dev_rec) 532 { 533 /* expect conn int and stout and slave latency to be updated all together */ 534 if (min_conn_int != BTM_BLE_CONN_PARAM_UNDEF || max_conn_int != BTM_BLE_CONN_PARAM_UNDEF) 535 { 536 if (min_conn_int != BTM_BLE_CONN_PARAM_UNDEF) 537 p_dev_rec->conn_params.min_conn_int = min_conn_int; 538 else 539 p_dev_rec->conn_params.min_conn_int = max_conn_int; 540 541 if (max_conn_int != BTM_BLE_CONN_PARAM_UNDEF) 542 p_dev_rec->conn_params.max_conn_int = max_conn_int; 543 else 544 p_dev_rec->conn_params.max_conn_int = min_conn_int; 545 546 if (slave_latency != BTM_BLE_CONN_PARAM_UNDEF) 547 p_dev_rec->conn_params.slave_latency = slave_latency; 548 else 549 p_dev_rec->conn_params.slave_latency = BTM_BLE_CONN_SLAVE_LATENCY_DEF; 550 551 if (supervision_tout != BTM_BLE_CONN_PARAM_UNDEF) 552 p_dev_rec->conn_params.supervision_tout = supervision_tout; 553 else 554 p_dev_rec->conn_params.slave_latency = BTM_BLE_CONN_TIMEOUT_DEF; 555 556 } 557 558 } 559 else 560 { 561 BTM_TRACE_ERROR0("Unknown Device, setting rejected"); 562 } 563 } 564 else 565 { 566 BTM_TRACE_ERROR0("Illegal Connection Parameters"); 567 } 568#endif /* BLE_INCLUDED */ 569} 570 571/******************************************************************************* 572** 573** Function BTM_ReadDevInfo 574** 575** Description This function is called to read the device/address type 576** of BD address. 577** 578** Parameter remote_bda: remote device address 579** p_dev_type: output parameter to read the device type. 580** p_addr_type: output parameter to read the address type. 581** 582*******************************************************************************/ 583void BTM_ReadDevInfo (BD_ADDR remote_bda, tBT_DEVICE_TYPE *p_dev_type, tBLE_ADDR_TYPE *p_addr_type) 584{ 585#if BLE_INCLUDED == TRUE 586 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (remote_bda); 587 tBTM_INQ_INFO *p_inq_info = BTM_InqDbRead(remote_bda); 588 589 *p_dev_type = BT_DEVICE_TYPE_BREDR; 590 *p_addr_type = BLE_ADDR_PUBLIC; 591 592 if (!p_dev_rec) 593 { 594 /* Check with the BT manager if details about remote device are known */ 595 if (p_inq_info != NULL) 596 { 597 *p_dev_type = p_inq_info->results.device_type ; 598 *p_addr_type = p_inq_info->results.ble_addr_type; 599 } 600 /* unknown device, assume BR/EDR */ 601 } 602 else /* there is a security device record exisitng */ 603 { 604 /* new inquiry result, overwrite device type in security device record */ 605 if (p_inq_info) 606 { 607 p_dev_rec->device_type = p_inq_info->results.device_type; 608 p_dev_rec->ble.ble_addr_type = p_inq_info->results.ble_addr_type; 609 } 610 *p_dev_type = p_dev_rec->device_type; 611 *p_addr_type = p_dev_rec->ble.ble_addr_type; 612 613 } 614 615 BTM_TRACE_DEBUG2 ("btm_find_dev_type - device_type = %d addr_type = %d", *p_dev_type , *p_addr_type); 616#endif 617 618 return; 619} 620 621#if BLE_INCLUDED == TRUE 622 623/******************************************************************************* 624** 625** Function BTM_BleReceiverTest 626** 627** Description This function is called to start the LE Receiver test 628** 629** Parameter rx_freq - Frequency Range 630** p_cmd_cmpl_cback - Command Complete callback 631** 632*******************************************************************************/ 633void BTM_BleReceiverTest(UINT8 rx_freq, tBTM_CMPL_CB *p_cmd_cmpl_cback) 634{ 635 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback; 636 637 if (btsnd_hcic_ble_receiver_test(rx_freq) == FALSE) 638 { 639 BTM_TRACE_ERROR1("%s: Unable to Trigger LE receiver test", __FUNCTION__); 640 } 641} 642 643/******************************************************************************* 644** 645** Function BTM_BleTransmitterTest 646** 647** Description This function is called to start the LE Transmitter test 648** 649** Parameter tx_freq - Frequency Range 650** test_data_len - Length in bytes of payload data in each packet 651** packet_payload - Pattern to use in the payload 652** p_cmd_cmpl_cback - Command Complete callback 653** 654*******************************************************************************/ 655void BTM_BleTransmitterTest(UINT8 tx_freq, UINT8 test_data_len, 656 UINT8 packet_payload, tBTM_CMPL_CB *p_cmd_cmpl_cback) 657{ 658 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback; 659 if (btsnd_hcic_ble_transmitter_test(tx_freq, test_data_len, packet_payload) == FALSE) 660 { 661 BTM_TRACE_ERROR1("%s: Unable to Trigger LE transmitter test", __FUNCTION__); 662 } 663} 664 665/******************************************************************************* 666** 667** Function BTM_BleTestEnd 668** 669** Description This function is called to stop the in-progress TX or RX test 670** 671** Parameter p_cmd_cmpl_cback - Command complete callback 672** 673*******************************************************************************/ 674void BTM_BleTestEnd(tBTM_CMPL_CB *p_cmd_cmpl_cback) 675{ 676 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback; 677 678 if (btsnd_hcic_ble_test_end() == FALSE) 679 { 680 BTM_TRACE_ERROR1("%s: Unable to End the LE TX/RX test", __FUNCTION__); 681 } 682} 683 684#endif 685 686/******************************************************************************* 687** Internal Functions 688*******************************************************************************/ 689#if BLE_INCLUDED == TRUE 690 691void btm_ble_test_command_complete(UINT8 *p) 692{ 693 tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_le_test_cmd_cmpl_cb; 694 UINT8 status; 695 696 btm_cb.devcb.p_le_test_cmd_cmpl_cb = NULL; 697 698 if (p_cb) 699 { 700 (*p_cb)(p); 701 } 702} 703 704/******************************************************************************* 705** 706** Function BTM_IsBleLink 707** 708** Description This function is to check the link type is BLE or BR/EDR. 709** 710** Returns TRUE if BLE link; FALSE if BR/EDR. 711** 712*******************************************************************************/ 713BOOLEAN BTM_IsBleLink (BD_ADDR bd_addr) 714{ 715#if (BLE_INCLUDED == TRUE) 716 tACL_CONN *p; 717 BTM_TRACE_DEBUG0 ("BTM_IsBleLink"); 718 if ((p = btm_bda_to_acl(bd_addr)) != NULL) 719 return p->is_le_link; 720 else 721#endif 722 return FALSE; 723} 724/******************************************************************************* 725** 726** Function BTM_UseLeLink 727** 728** Description This function is to select the underneath physical link to use. 729** 730** Returns TRUE to use LE, FALSE use BR/EDR. 731** 732*******************************************************************************/ 733BOOLEAN BTM_UseLeLink (BD_ADDR bd_addr) 734{ 735 tACL_CONN *p; 736 tBT_DEVICE_TYPE dev_type; 737 tBLE_ADDR_TYPE addr_type; 738 BOOLEAN use_le = FALSE; 739 740 if ((p = btm_bda_to_acl(bd_addr)) != NULL) 741 { 742#if (BLE_INCLUDED == TRUE) 743 use_le = (p->is_le_link); 744#endif 745 } 746 else 747 { 748 BTM_ReadDevInfo(bd_addr, &dev_type, &addr_type); 749 use_le = (dev_type == BT_DEVICE_TYPE_BLE); 750 } 751 return use_le; 752} 753/******************************************************************************* 754** 755** Function btm_ble_rand_enc_complete 756** 757** Description This function is the callback functions for HCI_Rand command 758** and HCI_Encrypt command is completed. 759** This message is received from the HCI. 760** 761** Returns void 762** 763*******************************************************************************/ 764void btm_ble_rand_enc_complete (UINT8 *p, UINT16 op_code, tBTM_RAND_ENC_CB *p_enc_cplt_cback) 765{ 766 tBTM_RAND_ENC params; 767 UINT8 *p_dest = params.param_buf; 768 769 BTM_TRACE_DEBUG0 ("btm_ble_rand_enc_complete"); 770 771 memset(¶ms, 0, sizeof(tBTM_RAND_ENC)); 772 773 /* If there was a callback address for vcs complete, call it */ 774 if (p_enc_cplt_cback && p) 775 { 776 /* Pass paramters to the callback function */ 777 STREAM_TO_UINT8(params.status, p); /* command status */ 778 779 if (params.status == HCI_SUCCESS) 780 { 781 params.opcode = op_code; 782 783 if (op_code == HCI_BLE_RAND) 784 params.param_len = BT_OCTET8_LEN; 785 else 786 params.param_len = BT_OCTET16_LEN; 787 788 memcpy(p_dest, p, params.param_len); /* Fetch return info from HCI event message */ 789 } 790 if (p_enc_cplt_cback) 791 (*p_enc_cplt_cback)(¶ms); /* Call the Encryption complete callback function */ 792 } 793} 794 795 796 #if (SMP_INCLUDED == TRUE) 797 798/******************************************************************************* 799** 800** Function btm_ble_get_enc_key_type 801** 802** Description This function is to increment local sign counter 803** Returns None 804** 805*******************************************************************************/ 806void btm_ble_increment_sign_ctr(BD_ADDR bd_addr, BOOLEAN is_local ) 807{ 808 tBTM_SEC_DEV_REC *p_dev_rec; 809 810 BTM_TRACE_DEBUG1 ("btm_ble_increment_sign_ctr is_local=%d", is_local); 811 812 if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL) 813 { 814 if (is_local) 815 p_dev_rec->ble.keys.local_counter++; 816 else 817 p_dev_rec->ble.keys.counter++; 818 BTM_TRACE_DEBUG3 ("is_local=%d local sign counter=%d peer sign counter=%d", 819 is_local, 820 p_dev_rec->ble.keys.local_counter, 821 p_dev_rec->ble.keys.counter); 822 } 823} 824 825/******************************************************************************* 826** 827** Function btm_ble_get_enc_key_type 828** 829** Description This function is to get the BLE key type that has been exchanged 830** in betweem local device and peer device. 831** 832** Returns p_key_type: output parameter to carry the key type value. 833** 834*******************************************************************************/ 835BOOLEAN btm_ble_get_enc_key_type(BD_ADDR bd_addr, UINT8 *p_key_types) 836{ 837 tBTM_SEC_DEV_REC *p_dev_rec; 838 839 BTM_TRACE_DEBUG0 ("btm_ble_get_enc_key_type"); 840 841 if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL) 842 { 843 *p_key_types = p_dev_rec->ble.key_type; 844 return TRUE; 845 } 846 return FALSE; 847} 848 849/******************************************************************************* 850** 851** Function btm_get_local_div 852** 853** Description This function is called to read the local DIV 854** 855** Returns TURE - if a valid DIV is availavle 856*******************************************************************************/ 857BOOLEAN btm_get_local_div (BD_ADDR bd_addr, UINT16 *p_div) 858{ 859 tBTM_SEC_DEV_REC *p_dev_rec; 860 BOOLEAN status = FALSE; 861 BTM_TRACE_DEBUG0 ("btm_get_local_div"); 862 863 BTM_TRACE_DEBUG6("bd_addr:%02x-%02x-%02x-%02x-%02x-%02x", 864 bd_addr[0],bd_addr[1], 865 bd_addr[2],bd_addr[3], 866 bd_addr[4],bd_addr[5]); 867 868 p_dev_rec = btm_find_dev (bd_addr); 869 870 if (p_dev_rec && p_dev_rec->ble.keys.div) 871 { 872 status = TRUE; 873 *p_div = p_dev_rec->ble.keys.div; 874 } 875 BTM_TRACE_DEBUG2 ("btm_get_local_div status=%d (1-OK) DIV=0x%x", status, *p_div); 876 return status; 877} 878 879/******************************************************************************* 880** 881** Function btm_sec_save_le_key 882** 883** Description This function is called by the SMP to update 884** an BLE key. SMP is internal, whereas all the keys shall 885** be sent to the application. The function is also called 886** when application passes ble key stored in NVRAM to the btm_sec. 887** pass_to_application parameter is false in this case. 888** 889** Returns void 890** 891*******************************************************************************/ 892void btm_sec_save_le_key(BD_ADDR bd_addr, tBTM_LE_KEY_TYPE key_type, tBTM_LE_KEY_VALUE *p_keys, 893 BOOLEAN pass_to_application) 894{ 895 tBTM_SEC_DEV_REC *p_rec; 896 tBTM_LE_EVT_DATA cb_data; 897 UINT8 i; 898 899 BTM_TRACE_DEBUG2 ("btm_sec_save_le_key key_type=0x%x pass_to_application=%d",key_type, pass_to_application); 900 /* Store the updated key in the device database */ 901 902 BTM_TRACE_DEBUG6("bd_addr:%02x-%02x-%02x-%02x-%02x-%02x", 903 bd_addr[0],bd_addr[1], 904 bd_addr[2],bd_addr[3], 905 bd_addr[4],bd_addr[5]); 906 907 if ((p_rec = btm_find_dev (bd_addr)) != NULL && p_keys) 908 { 909 switch (key_type) 910 { 911 case BTM_LE_KEY_PENC: 912 memcpy(p_rec->ble.keys.ltk, p_keys->penc_key.ltk, BT_OCTET16_LEN); 913 memcpy(p_rec->ble.keys.rand, p_keys->penc_key.rand, BT_OCTET8_LEN); 914 p_rec->ble.keys.sec_level = p_keys->penc_key.sec_level; 915 p_rec->ble.keys.ediv = p_keys->penc_key.ediv; 916 p_rec->ble.keys.key_size = p_keys->penc_key.key_size; 917 p_rec->ble.key_type |= BTM_LE_KEY_PENC; 918 p_rec->sec_flags |= BTM_SEC_LINK_KEY_KNOWN; 919 if (p_keys->penc_key.sec_level == SMP_SEC_AUTHENTICATED) 920 p_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED; 921 else 922 p_rec->sec_flags &= ~BTM_SEC_LINK_KEY_AUTHED; 923 BTM_TRACE_DEBUG3("BTM_LE_KEY_PENC key_type=0x%x sec_flags=0x%x sec_leve=0x%x", 924 p_rec->ble.key_type, 925 p_rec->sec_flags, 926 p_rec->ble.keys.sec_level); 927 break; 928 929 case BTM_LE_KEY_PID: 930 for (i=0; i<BT_OCTET16_LEN; i++) 931 { 932 p_rec->ble.keys.irk[i] = p_keys->pid_key.irk[i]; 933 } 934 935 //memcpy( p_rec->ble.keys.irk, p_keys->pid_key, BT_OCTET16_LEN); todo will crash the system 936 memcpy(p_rec->ble.static_addr, p_keys->pid_key.static_addr, BD_ADDR_LEN); 937 p_rec->ble.static_addr_type = p_keys->pid_key.addr_type; 938 p_rec->ble.key_type |= BTM_LE_KEY_PID; 939 BTM_TRACE_DEBUG1("BTM_LE_KEY_PID key_type=0x%x save peer IRK", p_rec->ble.key_type); 940 break; 941 942 case BTM_LE_KEY_PCSRK: 943 memcpy(p_rec->ble.keys.csrk, p_keys->pcsrk_key.csrk, BT_OCTET16_LEN); 944 p_rec->ble.keys.srk_sec_level = p_keys->pcsrk_key.sec_level; 945 p_rec->ble.keys.counter = p_keys->pcsrk_key.counter; 946 p_rec->ble.key_type |= BTM_LE_KEY_PCSRK; 947 p_rec->sec_flags |= BTM_SEC_LINK_KEY_KNOWN; 948 if ( p_keys->pcsrk_key.sec_level== SMP_SEC_AUTHENTICATED) 949 p_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED; 950 else 951 p_rec->sec_flags &= ~BTM_SEC_LINK_KEY_AUTHED; 952 953 BTM_TRACE_DEBUG4("BTM_LE_KEY_PCSRK key_type=0x%x sec_flags=0x%x sec_level=0x%x peer_counter=%d", 954 p_rec->ble.key_type, 955 p_rec->sec_flags, 956 p_rec->ble.keys.srk_sec_level, 957 p_rec->ble.keys.counter ); 958 break; 959 960 case BTM_LE_KEY_LENC: 961 p_rec->ble.keys.div = p_keys->lenc_key.div; /* update DIV */ 962 p_rec->ble.keys.sec_level = p_keys->lenc_key.sec_level; 963 p_rec->ble.keys.key_size = p_keys->lenc_key.key_size; 964 p_rec->ble.key_type |= BTM_LE_KEY_LENC; 965 966 BTM_TRACE_DEBUG4("BTM_LE_KEY_LENC key_type=0x%x DIV=0x%x key_size=0x%x sec_level=0x%x", 967 p_rec->ble.key_type, 968 p_rec->ble.keys.div, 969 p_rec->ble.keys.key_size, 970 p_rec->ble.keys.sec_level ); 971 break; 972 973 case BTM_LE_KEY_LCSRK:/* local CSRK has been delivered */ 974 p_rec->ble.keys.div = p_keys->lcsrk_key.div; /* update DIV */ 975 p_rec->ble.keys.local_csrk_sec_level = p_keys->lcsrk_key.sec_level; 976 p_rec->ble.keys.local_counter = p_keys->lcsrk_key.counter; 977 p_rec->ble.key_type |= BTM_LE_KEY_LCSRK; 978 BTM_TRACE_DEBUG4("BTM_LE_KEY_LCSRK key_type=0x%x DIV=0x%x scrk_sec_level=0x%x local_counter=%d", 979 p_rec->ble.key_type, 980 p_rec->ble.keys.div, 981 p_rec->ble.keys.local_csrk_sec_level, 982 p_rec->ble.keys.local_counter ); 983 break; 984 985 default: 986 BTM_TRACE_WARNING1("btm_sec_save_le_key (Bad key_type 0x%02x)", key_type); 987 return; 988 } 989 990 BTM_TRACE_DEBUG3 ("BLE key type 0x%02x updated for BDA: %08x%04x (btm_sec_save_le_key)", key_type, 991 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3], 992 (bd_addr[4]<<8)+bd_addr[5]); 993 994 /* Notify the application that one of the BLE keys has been updated 995 If link key is in progress, it will get sent later.*/ 996 if (pass_to_application && btm_cb.api.p_le_callback) 997 { 998 cb_data.key.p_key_value = p_keys; 999 cb_data.key.key_type = key_type; 1000 (*btm_cb.api.p_le_callback) (BTM_LE_KEY_EVT, bd_addr, &cb_data); 1001 } 1002 return; 1003 } 1004 1005 BTM_TRACE_WARNING3 ("BLE key type 0x%02x called for Unknown BDA or type: %08x%04x !! (btm_sec_save_le_key)", key_type, 1006 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3], 1007 (bd_addr[4]<<8)+bd_addr[5]); 1008 1009 if (p_rec) 1010 { 1011 BTM_TRACE_DEBUG1 ("sec_flags=0x%x", p_rec->sec_flags); 1012 } 1013} 1014 1015/******************************************************************************* 1016** 1017** Function btm_ble_update_sec_key_size 1018** 1019** Description update the current lin kencryption key size 1020** 1021** Returns void 1022** 1023*******************************************************************************/ 1024void btm_ble_update_sec_key_size(BD_ADDR bd_addr, UINT8 enc_key_size) 1025{ 1026 tBTM_SEC_DEV_REC *p_rec; 1027 1028 BTM_TRACE_DEBUG1("btm_ble_update_sec_key_size enc_key_size = %d", enc_key_size); 1029 1030 if ((p_rec = btm_find_dev (bd_addr)) != NULL ) 1031 { 1032 p_rec->enc_key_size = enc_key_size; 1033 } 1034} 1035 1036/******************************************************************************* 1037** 1038** Function btm_ble_read_sec_key_size 1039** 1040** Description update the current lin kencryption key size 1041** 1042** Returns void 1043** 1044*******************************************************************************/ 1045UINT8 btm_ble_read_sec_key_size(BD_ADDR bd_addr) 1046{ 1047 tBTM_SEC_DEV_REC *p_rec; 1048 1049 if ((p_rec = btm_find_dev (bd_addr)) != NULL ) 1050 { 1051 return p_rec->enc_key_size; 1052 } 1053 else 1054 return 0; 1055} 1056 1057/******************************************************************************* 1058** 1059** Function btm_ble_link_sec_check 1060** 1061** Description Check BLE link security level match. 1062** 1063** Returns TRUE: check is OK and the *p_sec_req_act contain the action 1064** 1065*******************************************************************************/ 1066void btm_ble_link_sec_check(BD_ADDR bd_addr, tBTM_LE_AUTH_REQ auth_req, tBTM_BLE_SEC_REQ_ACT *p_sec_req_act) 1067{ 1068 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 1069 UINT8 req_sec_level = BTM_LE_SEC_NONE, cur_sec_level = BTM_LE_SEC_NONE; 1070 1071 BTM_TRACE_DEBUG1 ("btm_ble_link_sec_check auth_req =0x%x", auth_req); 1072 1073 if (p_dev_rec == NULL) 1074 { 1075 BTM_TRACE_ERROR0 ("btm_ble_link_sec_check received for unknown device"); 1076 return; 1077 } 1078 1079 if (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING || 1080 p_dev_rec->sec_state == BTM_SEC_STATE_AUTHENTICATING) 1081 { 1082 /* race condition: discard the security request while master is encrypting the link */ 1083 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_DISCARD; 1084 } 1085 else 1086 { 1087 req_sec_level = BTM_LE_SEC_UNAUTHENTICATE; 1088 if ((auth_req == (BTM_LE_AUTH_REQ_BOND|BTM_LE_AUTH_REQ_MITM)) || 1089 (auth_req == (BTM_LE_AUTH_REQ_MITM)) ) 1090 { 1091 req_sec_level = BTM_LE_SEC_AUTHENTICATED; 1092 } 1093 1094 BTM_TRACE_DEBUG1 ("dev_rec sec_flags=0x%x", p_dev_rec->sec_flags); 1095 1096 /* currently encrpted */ 1097 if (p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED) 1098 { 1099 if (p_dev_rec->sec_flags & BTM_SEC_LINK_KEY_AUTHED) 1100 cur_sec_level = BTM_LE_SEC_AUTHENTICATED; 1101 else 1102 cur_sec_level = BTM_LE_SEC_UNAUTHENTICATE; 1103 } 1104 else /* unencrypted link */ 1105 { 1106 /* if bonded, get the key security level */ 1107 if (p_dev_rec->ble.key_type & BTM_LE_KEY_PENC) 1108 cur_sec_level = p_dev_rec->ble.keys.sec_level; 1109 else 1110 cur_sec_level = BTM_LE_SEC_NONE; 1111 } 1112 1113 if (cur_sec_level >= req_sec_level) 1114 { 1115 if (cur_sec_level == BTM_LE_SEC_NONE) 1116 { 1117 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_NONE; 1118 } 1119 else 1120 { 1121 /* To avoid re-encryption on an encrypted link for an equal condition encryption */ 1122 /* if link has been encrypted, do nothing, go straight to furhter action 1123 if (p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED) 1124 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_DISCARD; 1125 else 1126 */ 1127 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_ENCRYPT; 1128 } 1129 } 1130 else 1131 { 1132 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_PAIR; /* start the pariring process to upgrade the keys*/ 1133 } 1134 } 1135 1136 BTM_TRACE_DEBUG3("cur_sec_level=%d req_sec_level=%d sec_req_act=%d", 1137 cur_sec_level, 1138 req_sec_level, 1139 *p_sec_req_act); 1140 1141} 1142 1143/******************************************************************************* 1144** 1145** Function btm_ble_set_encryption 1146** 1147** Description This function is called to ensure that LE connection is 1148** encrypted. Should be called only on an open connection. 1149** Typically only needed for connections that first want to 1150** bring up unencrypted links, then later encrypt them. 1151** 1152** Returns void 1153** the local device ER is copied into er 1154** 1155*******************************************************************************/ 1156tBTM_STATUS btm_ble_set_encryption (BD_ADDR bd_addr, void *p_ref_data, UINT8 link_role) 1157{ 1158 tBTM_STATUS cmd = BTM_NO_RESOURCES; 1159 tBTM_BLE_SEC_ACT sec_act = *(tBTM_BLE_SEC_ACT *)p_ref_data ; 1160 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr); 1161 1162 if (p_rec == NULL) 1163 { 1164 BTM_TRACE_WARNING1 ("btm_ble_set_encryption (NULL device record!! sec_act=0x%x", sec_act); 1165 return(BTM_WRONG_MODE); 1166 } 1167 1168 BTM_TRACE_DEBUG2 ("btm_ble_set_encryption sec_act=0x%x role_master=%d", sec_act, p_rec->role_master); 1169 1170 if (sec_act == BTM_BLE_SEC_ENCRYPT_MITM) 1171 { 1172 p_rec->security_required |= BTM_SEC_IN_MITM; 1173 } 1174 1175 switch (sec_act) 1176 { 1177 case BTM_BLE_SEC_ENCRYPT: 1178 if (link_role == BTM_ROLE_MASTER) 1179 { 1180 if(p_rec->sec_state == BTM_SEC_STATE_ENCRYPTING) { 1181 BTM_TRACE_DEBUG0 ("State is already encrypting::"); 1182 cmd = BTM_CMD_STARTED; 1183 } 1184 else { 1185 /* start link layer encryption using the security info stored */ 1186 if (btm_ble_start_encrypt(bd_addr, FALSE, NULL)) 1187 { 1188 p_rec->sec_state = BTM_SEC_STATE_ENCRYPTING; 1189 cmd = BTM_CMD_STARTED; 1190 } 1191 } 1192 break; 1193 } 1194 /* if salve role then fall through to call SMP_Pair below which will send a 1195 sec_request to request the master to encrypt the link */ 1196 case BTM_BLE_SEC_ENCRYPT_NO_MITM: 1197 case BTM_BLE_SEC_ENCRYPT_MITM: 1198 1199 if (SMP_Pair(bd_addr) == SMP_STARTED) 1200 { 1201 cmd = BTM_CMD_STARTED; 1202 p_rec->sec_state = BTM_SEC_STATE_AUTHENTICATING; 1203 } 1204 break; 1205 1206 default: 1207 cmd = BTM_SUCCESS; 1208 break; 1209 } 1210 return cmd; 1211} 1212 1213/******************************************************************************* 1214** 1215** Function btm_ble_ltk_request 1216** 1217** Description This function is called when encryption request is received 1218** on a slave device. 1219** 1220** 1221** Returns void 1222** 1223*******************************************************************************/ 1224void btm_ble_ltk_request(UINT16 handle, UINT8 rand[8], UINT16 ediv) 1225{ 1226 tBTM_CB *p_cb = &btm_cb; 1227 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev_by_handle (handle); 1228 BT_OCTET8 dummy_stk = {0}; 1229 1230 BTM_TRACE_DEBUG0 ("btm_ble_ltk_request"); 1231 1232 p_cb->ediv = ediv; 1233 1234 memcpy(p_cb->enc_rand, rand, BT_OCTET8_LEN); 1235 1236 if (p_dev_rec != NULL) 1237 { 1238 if (!smp_proc_ltk_request(p_dev_rec->bd_addr)) 1239 btm_ble_ltk_request_reply(p_dev_rec->bd_addr, FALSE, dummy_stk); 1240 } 1241 1242} 1243 1244/******************************************************************************* 1245** 1246** Function btm_ble_start_encrypt 1247** 1248** Description This function is called to start LE encryption. 1249** 1250** 1251** Returns void 1252** 1253*******************************************************************************/ 1254BOOLEAN btm_ble_start_encrypt(BD_ADDR bda, BOOLEAN use_stk, BT_OCTET16 stk) 1255{ 1256 tBTM_CB *p_cb = &btm_cb; 1257 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bda); 1258 BT_OCTET8 dummy_rand = {0}; 1259 BOOLEAN rt = FALSE; 1260 1261 BTM_TRACE_DEBUG0 ("btm_ble_start_encrypt"); 1262 1263 if (!p_rec || 1264 (p_rec && p_rec->sec_state == BTM_SEC_STATE_ENCRYPTING)) 1265 return FALSE; 1266 1267 p_cb->enc_handle = p_rec->hci_handle; 1268 1269 if (use_stk) 1270 { 1271 if (btsnd_hcic_ble_start_enc(p_rec->hci_handle, dummy_rand, 0, stk)) 1272 rt = TRUE; 1273 } 1274 else if (p_rec->ble.key_type & BTM_LE_KEY_PENC) 1275 { 1276 if (btsnd_hcic_ble_start_enc(p_rec->hci_handle, p_rec->ble.keys.rand, 1277 p_rec->ble.keys.ediv, p_rec->ble.keys.ltk)) 1278 rt = TRUE; 1279 } 1280 else 1281 { 1282 BTM_TRACE_ERROR0("No key available to encrypt the link"); 1283 } 1284 if (rt) 1285 { 1286 if (p_rec->sec_state == BTM_SEC_STATE_IDLE) 1287 p_rec->sec_state = BTM_SEC_STATE_ENCRYPTING; 1288 } 1289 1290 return rt; 1291} 1292 1293/******************************************************************************* 1294** 1295** Function btm_ble_link_encrypted 1296** 1297** Description This function is called when LE link encrption status is changed. 1298** 1299** Returns void 1300** 1301*******************************************************************************/ 1302void btm_ble_link_encrypted(BD_ADDR bd_addr, UINT8 encr_enable) 1303{ 1304 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 1305 BOOLEAN enc_cback; 1306 1307 if (!p_dev_rec) 1308 { 1309 BTM_TRACE_WARNING1 ("btm_ble_link_encrypted (No Device Found!) encr_enable=%d", encr_enable); 1310 return; 1311 } 1312 1313 BTM_TRACE_DEBUG1 ("btm_ble_link_encrypted encr_enable=%d", encr_enable); 1314 1315 enc_cback = (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING); 1316 1317 smp_link_encrypted(bd_addr, encr_enable); 1318 1319 BTM_TRACE_DEBUG1(" p_dev_rec->sec_flags=0x%x", p_dev_rec->sec_flags); 1320 1321 if (encr_enable && p_dev_rec->enc_key_size == 0) 1322 p_dev_rec->enc_key_size = p_dev_rec->ble.keys.key_size; 1323 1324 p_dev_rec->sec_state = BTM_SEC_STATE_IDLE; 1325 if (p_dev_rec->p_callback && enc_cback) 1326 { 1327 if (encr_enable) 1328 btm_sec_dev_rec_cback_event(p_dev_rec, BTM_SUCCESS); 1329 else if (p_dev_rec->role_master) 1330 btm_sec_dev_rec_cback_event(p_dev_rec, BTM_ERR_PROCESSING); 1331 1332 } 1333 /* to notify GATT to send data if any request is pending */ 1334 gatt_notify_enc_cmpl(p_dev_rec->bd_addr); 1335} 1336 1337/******************************************************************************* 1338** Function btm_enc_proc_ltk 1339** Description send LTK reply when it's ready. 1340*******************************************************************************/ 1341static void btm_enc_proc_ltk(tSMP_ENC *p) 1342{ 1343 UINT8 i; 1344 BTM_TRACE_DEBUG0 ("btm_enc_proc_ltk"); 1345 if (p && p->param_len == BT_OCTET16_LEN) 1346 { 1347 for (i = 0; i < (BT_OCTET16_LEN - btm_cb.key_size); i ++) 1348 p->param_buf[BT_OCTET16_LEN - i - 1] = 0; 1349 btsnd_hcic_ble_ltk_req_reply(btm_cb.enc_handle, p->param_buf); 1350 } 1351} 1352 1353/******************************************************************************* 1354** Function btm_enc_proc_slave_y 1355** Description calculate LTK when Y is ready 1356*******************************************************************************/ 1357static void btm_enc_proc_slave_y(tSMP_ENC *p) 1358{ 1359 UINT16 div, y; 1360 UINT8 *pp = p->param_buf; 1361 tBTM_CB *p_cb = &btm_cb; 1362 tSMP_ENC output; 1363 tBTM_SEC_DEV_REC *p_dev_rec; 1364 1365 BTM_TRACE_DEBUG0 ("btm_enc_proc_slave_y"); 1366 if (p != NULL) 1367 { 1368 STREAM_TO_UINT16(y, pp); 1369 1370 div = p_cb->ediv ^ y; 1371 p_dev_rec = btm_find_dev_by_handle (p_cb->enc_handle); 1372 1373 if ( p_dev_rec && 1374 p_dev_rec->ble.keys.div == div ) 1375 { 1376 BTM_TRACE_DEBUG0 ("LTK request OK"); 1377 /* calculating LTK , LTK = E er(div) */ 1378 SMP_Encrypt(p_cb->devcb.er, BT_OCTET16_LEN, (UINT8 *)&div, 2, &output); 1379 btm_enc_proc_ltk(&output); 1380 } 1381 else 1382 { 1383 BTM_TRACE_DEBUG0 ("LTK request failed - send negative reply"); 1384 btsnd_hcic_ble_ltk_req_neg_reply(p_cb->enc_handle); 1385 if (p_dev_rec) 1386 btm_ble_link_encrypted(p_dev_rec->bd_addr, 0); 1387 1388 } 1389 } 1390} 1391 1392/******************************************************************************* 1393** 1394** Function btm_ble_ltk_request_reply 1395** 1396** Description This function is called to send a LTK request reply on a slave 1397** device. 1398** 1399** Returns void 1400** 1401*******************************************************************************/ 1402void btm_ble_ltk_request_reply(BD_ADDR bda, BOOLEAN use_stk, BT_OCTET16 stk) 1403{ 1404 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bda); 1405 tBTM_CB *p_cb = &btm_cb; 1406 tSMP_ENC output; 1407 1408 if (p_rec == NULL) 1409 { 1410 BTM_TRACE_ERROR0("btm_ble_ltk_request_reply received for unknown device"); 1411 return; 1412 } 1413 1414 BTM_TRACE_DEBUG0 ("btm_ble_ltk_request_reply"); 1415 p_cb->enc_handle = p_rec->hci_handle; 1416 p_cb->key_size = p_rec->ble.keys.key_size; 1417 1418 BTM_TRACE_ERROR1("key size = %d", p_rec->ble.keys.key_size); 1419 if (use_stk) 1420 { 1421 btsnd_hcic_ble_ltk_req_reply(btm_cb.enc_handle, stk); 1422 } 1423 else /* calculate LTK using peer device */ 1424 { 1425 /* generate Y= Encrypt(DHK, Rand) received from encrypt request */ 1426 SMP_Encrypt(p_cb->devcb.id_keys.dhk, BT_OCTET16_LEN, p_cb->enc_rand, 1427 BT_OCTET8_LEN, &output); 1428 btm_enc_proc_slave_y(&output); 1429 } 1430} 1431 1432/******************************************************************************* 1433** 1434** Function btm_ble_io_capabilities_req 1435** 1436** Description This function is called to handle SMP get IO capability request. 1437** 1438** Returns void 1439** 1440*******************************************************************************/ 1441UINT8 btm_ble_io_capabilities_req(tBTM_SEC_DEV_REC *p_dev_rec, tBTM_LE_IO_REQ *p_data) 1442{ 1443 UINT8 callback_rc = BTM_SUCCESS; 1444 BTM_TRACE_DEBUG0 ("btm_ble_io_capabilities_req"); 1445 if (btm_cb.api.p_le_callback) 1446 { 1447 /* the callback function implementation may change the IO capability... */ 1448 callback_rc = (*btm_cb.api.p_le_callback) (BTM_LE_IO_REQ_EVT, p_dev_rec->bd_addr, (tBTM_LE_EVT_DATA *)p_data); 1449 } 1450#if BTM_OOB_INCLUDED == TRUE 1451 if ((callback_rc == BTM_SUCCESS) || (BTM_OOB_UNKNOWN != p_data->oob_data)) 1452#else 1453 if (callback_rc == BTM_SUCCESS) 1454#endif 1455 { 1456 p_data->auth_req &= BTM_LE_AUTH_REQ_MASK; 1457 1458 BTM_TRACE_DEBUG2 ("btm_ble_io_capabilities_req 1: p_dev_rec->security_required = %d auth_req:%d", 1459 p_dev_rec->security_required, p_data->auth_req); 1460 BTM_TRACE_DEBUG2 ("btm_ble_io_capabilities_req 2: i_keys=0x%x r_keys=0x%x (bit 0-LTK 1-IRK 2-CSRK)", 1461 p_data->init_keys, 1462 p_data->resp_keys); 1463 1464 /* if authentication requires MITM protection, put on the mask */ 1465 if (p_dev_rec->security_required & BTM_SEC_IN_MITM) 1466 p_data->auth_req |= BTM_LE_AUTH_REQ_MITM; 1467 1468 if (!(p_data->auth_req & SMP_AUTH_BOND)) 1469 { 1470 BTM_TRACE_DEBUG0("Non bonding: No keys should be exchanged"); 1471 p_data->init_keys = 0; 1472 p_data->resp_keys = 0; 1473 } 1474 1475 BTM_TRACE_DEBUG1 ("btm_ble_io_capabilities_req 3: auth_req:%d", p_data->auth_req); 1476 BTM_TRACE_DEBUG2 ("btm_ble_io_capabilities_req 4: i_keys=0x%x r_keys=0x%x", 1477 p_data->init_keys, 1478 p_data->resp_keys); 1479 1480 BTM_TRACE_DEBUG2 ("btm_ble_io_capabilities_req 5: p_data->io_cap = %d auth_req:%d", 1481 p_data->io_cap, p_data->auth_req); 1482 1483 /* remove MITM protection requirement if IO cap does not allow it */ 1484 if ((p_data->io_cap == BTM_IO_CAP_NONE) && p_data->oob_data == SMP_OOB_NONE) 1485 p_data->auth_req &= ~BTM_LE_AUTH_REQ_MITM; 1486 1487 BTM_TRACE_DEBUG3 ("btm_ble_io_capabilities_req 6: IO_CAP:%d oob_data:%d auth_req:%d", 1488 p_data->io_cap, p_data->oob_data, p_data->auth_req); 1489 } 1490 return callback_rc; 1491} 1492 1493/******************************************************************************* 1494** 1495** Function btm_ble_connected 1496** 1497** Description This function is when a LE connection to the peer device is 1498** establsihed 1499** 1500** Returns void 1501** 1502*******************************************************************************/ 1503void btm_ble_connected (UINT8 *bda, UINT16 handle, UINT8 enc_mode, UINT8 role, 1504 tBLE_ADDR_TYPE addr_type, BOOLEAN addr_matched) 1505{ 1506 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bda); 1507 tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb; 1508 1509 BTM_TRACE_EVENT0 ("btm_ble_connected"); 1510 1511 /* Commenting out trace due to obf/compilation problems. 1512 */ 1513#if (BT_USE_TRACES == TRUE) 1514 if (p_dev_rec) 1515 { 1516 BTM_TRACE_EVENT4 ("Security Manager: btm_sec_connected : handle:%d enc_mode:%d bda:%x RName:%s", 1517 handle, enc_mode, 1518 (bda[2]<<24)+(bda[3]<<16)+(bda[4]<<8)+bda[5], 1519 p_dev_rec->sec_bd_name); 1520 1521 BTM_TRACE_DEBUG1 ("btm_ble_connected sec_flags=0x%x",p_dev_rec->sec_flags); 1522 } 1523 else 1524 { 1525 BTM_TRACE_EVENT3 ("Security Manager: btm_sec_connected: handle:%d enc_mode:%d bda:%x ", 1526 handle, enc_mode, 1527 (bda[2]<<24)+(bda[3]<<16)+(bda[4]<<8)+bda[5]); 1528 } 1529#endif 1530 1531 if (!p_dev_rec) 1532 { 1533 /* There is no device record for new connection. Allocate one */ 1534 p_dev_rec = btm_sec_alloc_dev (bda); 1535 } 1536 else /* Update the timestamp for this device */ 1537 { 1538 p_dev_rec->timestamp = btm_cb.dev_rec_count++; 1539 } 1540 1541 /* update device information */ 1542 p_dev_rec->device_type |= BT_DEVICE_TYPE_BLE; 1543 p_dev_rec->hci_handle = handle; 1544 p_dev_rec->ble.ble_addr_type = addr_type; 1545 1546 if (role == HCI_ROLE_MASTER) 1547 p_dev_rec->role_master = TRUE; 1548 1549 if (role == HCI_ROLE_SLAVE) 1550 p_cb->inq_var.adv_mode = BTM_BLE_ADV_DISABLE; 1551 p_cb->inq_var.directed_conn = FALSE; 1552 1553 return; 1554} 1555 1556/***************************************************************************** 1557** Function btm_ble_conn_complete 1558** 1559** Description LE connection complete. 1560** 1561******************************************************************************/ 1562void btm_ble_conn_complete(UINT8 *p, UINT16 evt_len) 1563{ 1564 UINT8 role, status, bda_type; 1565 UINT16 handle; 1566 BD_ADDR bda; 1567 UINT16 conn_interval, conn_latency, conn_timeout; 1568 BOOLEAN match = FALSE; 1569 1570 STREAM_TO_UINT8 (status, p); 1571 STREAM_TO_UINT16 (handle, p); 1572 STREAM_TO_UINT8 (role, p); 1573 STREAM_TO_UINT8 (bda_type, p); 1574 STREAM_TO_BDADDR (bda, p); 1575 1576 if (status == 0) 1577 { 1578 STREAM_TO_UINT16 (conn_interval, p); 1579 STREAM_TO_UINT16 (conn_latency, p); 1580 STREAM_TO_UINT16 (conn_timeout, p); 1581 handle = HCID_GET_HANDLE (handle); 1582 1583 btm_ble_connected(bda, handle, HCI_ENCRYPT_MODE_DISABLED, role, bda_type, match); 1584 l2cble_conn_comp (handle, role, bda, bda_type, conn_interval, 1585 conn_latency, conn_timeout); 1586 } 1587 else 1588 { 1589 role = HCI_ROLE_UNKNOWN; 1590 1591 if (status == HCI_ERR_DIRECTED_ADVERTISING_TIMEOUT) 1592 btm_ble_dir_adv_tout(); 1593 } 1594 1595 btm_ble_set_conn_st(BLE_CONN_IDLE); 1596 1597 btm_ble_update_mode_operation(role, bda, TRUE); 1598} 1599 1600/***************************************************************************** 1601** Function btm_proc_smp_cback 1602** 1603** Description This function is the SMP callback handler. 1604** 1605******************************************************************************/ 1606UINT8 btm_proc_smp_cback(tSMP_EVT event, BD_ADDR bd_addr, tSMP_EVT_DATA *p_data) 1607{ 1608 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 1609 UINT8 res = 0; 1610 1611 BTM_TRACE_DEBUG1 ("btm_proc_smp_cback event = %d", event); 1612 1613 if (p_dev_rec != NULL) 1614 { 1615 switch (event) 1616 { 1617 case SMP_IO_CAP_REQ_EVT: 1618 btm_ble_io_capabilities_req(p_dev_rec, (tBTM_LE_IO_REQ *)&p_data->io_req); 1619 break; 1620 1621 case SMP_PASSKEY_REQ_EVT: 1622 case SMP_PASSKEY_NOTIF_EVT: 1623 case SMP_OOB_REQ_EVT: 1624 p_dev_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED; 1625 case SMP_SEC_REQUEST_EVT: 1626 memcpy (btm_cb.pairing_bda, bd_addr, BD_ADDR_LEN); 1627 p_dev_rec->sec_state = BTM_SEC_STATE_AUTHENTICATING; 1628 /* fall through */ 1629 case SMP_COMPLT_EVT: 1630 if (btm_cb.api.p_le_callback) 1631 { 1632 /* the callback function implementation may change the IO capability... */ 1633 BTM_TRACE_DEBUG1 ("btm_cb.api.p_le_callback=0x%x", btm_cb.api.p_le_callback ); 1634 (*btm_cb.api.p_le_callback) (event, bd_addr, (tBTM_LE_EVT_DATA *)p_data); 1635 } 1636 1637 if (event == SMP_COMPLT_EVT) 1638 { 1639 BTM_TRACE_DEBUG2 ("evt=SMP_COMPLT_EVT before update sec_level=0x%x sec_flags=0x%x", p_data->cmplt.sec_level , p_dev_rec->sec_flags ); 1640 1641 res = (p_data->cmplt.reason == SMP_SUCCESS) ? BTM_SUCCESS : BTM_ERR_PROCESSING; 1642 1643 BTM_TRACE_DEBUG3 ("after update result=%d sec_level=0x%x sec_flags=0x%x", 1644 res, p_data->cmplt.sec_level , p_dev_rec->sec_flags ); 1645 1646 btm_sec_dev_rec_cback_event(p_dev_rec, res); 1647 1648 if (p_data->cmplt.is_pair_cancel && btm_cb.api.p_bond_cancel_cmpl_callback ) 1649 { 1650 BTM_TRACE_DEBUG0 ("Pairing Cancel completed"); 1651 (*btm_cb.api.p_bond_cancel_cmpl_callback)(BTM_SUCCESS); 1652 } 1653#if BTM_BLE_CONFORMANCE_TESTING == TRUE 1654 if (res != BTM_SUCCESS) 1655 { 1656 if (!btm_cb.devcb.no_disc_if_pair_fail && p_data->cmplt.reason != SMP_CONN_TOUT) 1657 { 1658 BTM_TRACE_DEBUG0 ("Pairing failed - Remove ACL"); 1659 btm_remove_acl(bd_addr); 1660 } 1661 else 1662 { 1663 BTM_TRACE_DEBUG0 ("Pairing failed - Not Removing ACL"); 1664 p_dev_rec->sec_state = BTM_SEC_STATE_IDLE; 1665 } 1666 } 1667#else 1668 if (res != BTM_SUCCESS && p_data->cmplt.reason != SMP_CONN_TOUT) 1669 btm_remove_acl(bd_addr); 1670#endif 1671 1672 BTM_TRACE_DEBUG3 ("btm_cb pairing_state=%x pairing_flags=%x pin_code_len=%x", 1673 btm_cb.pairing_state, 1674 btm_cb.pairing_flags, 1675 btm_cb.pin_code_len ); 1676 BTM_TRACE_DEBUG6 ("btm_cb.pairing_bda %02x:%02x:%02x:%02x:%02x:%02x", 1677 btm_cb.pairing_bda[0], btm_cb.pairing_bda[1], btm_cb.pairing_bda[2], 1678 btm_cb.pairing_bda[3], btm_cb.pairing_bda[4], btm_cb.pairing_bda[5]); 1679 1680 memset (btm_cb.pairing_bda, 0xff, BD_ADDR_LEN); 1681 btm_cb.pairing_state = BTM_PAIR_STATE_IDLE; 1682 btm_cb.pairing_flags = 0; 1683 } 1684 break; 1685 1686 default: 1687 BTM_TRACE_DEBUG1 ("unknown event = %d", event); 1688 break; 1689 1690 1691 } 1692 } 1693 else 1694 { 1695 BTM_TRACE_ERROR0("btm_proc_smp_cback received for unknown device"); 1696 } 1697 1698 return 0; 1699} 1700 1701 #endif /* SMP_INCLUDED */ 1702#endif /* BLE_INCLUDED */ 1703 1704 1705/******************************************************************************* 1706** 1707** Function BTM_BleDataSignature 1708** 1709** Description This function is called to sign the data using AES128 CMAC 1710** algorith. 1711** 1712** Parameter bd_addr: target device the data to be signed for. 1713** p_text: singing data 1714** len: length of the data to be signed. 1715** signature: output parameter where data signature is going to 1716** be stored. 1717** 1718** Returns TRUE if signing sucessul, otherwise FALSE. 1719** 1720*******************************************************************************/ 1721BOOLEAN BTM_BleDataSignature (BD_ADDR bd_addr, UINT8 *p_text, UINT16 len, 1722 BLE_SIGNATURE signature) 1723{ 1724 BOOLEAN ret = FALSE; 1725#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) 1726 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr); 1727 UINT8 *p_buf, *pp; 1728 1729 BT_OCTET16 er; 1730 UINT16 div; 1731 UINT8 temp[4]; /* for (r || DIV) r=1*/ 1732 UINT16 r=1; 1733 UINT8 *p=temp, *p_mac = (UINT8 *)signature; 1734 tSMP_ENC output; 1735 BT_OCTET16 local_csrk; 1736 1737 BTM_TRACE_DEBUG0 ("BTM_BleDataSignature"); 1738 if (p_rec == NULL) 1739 { 1740 BTM_TRACE_ERROR0("data signing can not be done from unknow device"); 1741 } 1742 else 1743 { 1744 if ((p_buf = (UINT8 *)GKI_getbuf((UINT16)(len + 4))) != NULL) 1745 { 1746 BTM_TRACE_DEBUG0("Start to generate Local CSRK"); 1747 pp = p_buf; 1748 /* prepare plain text */ 1749 if (p_text) 1750 { 1751 memcpy(p_buf, p_text, len); 1752 pp = (p_buf + len); 1753 } 1754 1755#if BTM_BLE_CONFORMANCE_TESTING == TRUE 1756 if ( btm_cb.devcb.enable_test_local_sign_cntr) 1757 { 1758 BTM_TRACE_DEBUG1 ("Use Test local counter value from script counter_val=%d", btm_cb.devcb.test_local_sign_cntr); 1759 UINT32_TO_STREAM(pp, btm_cb.devcb.test_local_sign_cntr); 1760 } 1761 else 1762 { 1763 UINT32_TO_STREAM(pp, p_rec->ble.keys.local_counter); 1764 } 1765#else 1766 UINT32_TO_STREAM(pp, p_rec->ble.keys.local_counter); 1767#endif 1768 /* compute local csrk */ 1769 if (btm_get_local_div(bd_addr, &div)) 1770 { 1771 BTM_TRACE_DEBUG1 ("compute_csrk div=%x", div); 1772 BTM_GetDeviceEncRoot(er); 1773 1774 /* CSRK = d1(ER, DIV, 1) */ 1775 UINT16_TO_STREAM(p, div); 1776 UINT16_TO_STREAM(p, r); 1777 1778 if (!SMP_Encrypt(er, BT_OCTET16_LEN, temp, 4, &output)) 1779 { 1780 BTM_TRACE_ERROR0("Local CSRK generation failed "); 1781 } 1782 else 1783 { 1784 BTM_TRACE_DEBUG0("local CSRK generation success"); 1785 memcpy((void *)local_csrk, output.param_buf, BT_OCTET16_LEN); 1786 1787 1788#if BTM_BLE_CONFORMANCE_TESTING == TRUE 1789 if (btm_cb.devcb.enable_test_local_sign_cntr) 1790 { 1791 UINT32_TO_STREAM(p_mac, btm_cb.devcb.test_local_sign_cntr); 1792 } 1793 else 1794 { 1795 UINT32_TO_STREAM(p_mac, p_rec->ble.keys.local_counter); 1796 } 1797#else 1798 UINT32_TO_STREAM(p_mac, p_rec->ble.keys.local_counter); 1799#endif 1800 1801 if ((ret = AES_CMAC(local_csrk, p_buf, (UINT16)(len + 4), BTM_CMAC_TLEN_SIZE, p_mac)) == TRUE) 1802 { 1803 btm_ble_increment_sign_ctr(bd_addr, TRUE); 1804 1805#if BTM_BLE_CONFORMANCE_TESTING == TRUE 1806 if ( btm_cb.devcb.enable_test_mac_val) 1807 { 1808 BTM_TRACE_DEBUG0 ("Use MAC value from script"); 1809 memcpy(p_mac, btm_cb.devcb.test_mac, BTM_CMAC_TLEN_SIZE); 1810 } 1811#endif 1812 } 1813 BTM_TRACE_DEBUG1("BTM_BleDataSignature p_mac = %d", p_mac); 1814 BTM_TRACE_DEBUG4("p_mac[0] = 0x%02x p_mac[1] = 0x%02x p_mac[2] = 0x%02x p_mac[3] = 0x%02x", 1815 *p_mac, *(p_mac + 1), *(p_mac + 2), *(p_mac + 3)); 1816 BTM_TRACE_DEBUG4("p_mac[4] = 0x%02x p_mac[5] = 0x%02x p_mac[6] = 0x%02x p_mac[7] = 0x%02x", 1817 *(p_mac + 4), *(p_mac + 5), *(p_mac + 6), *(p_mac + 7)); 1818 1819 GKI_freebuf(p_buf); 1820 } 1821 } 1822 } 1823 } 1824#endif /* BLE_INCLUDED */ 1825 return ret; 1826} 1827 1828/******************************************************************************* 1829** 1830** Function BTM_BleVerifySignature 1831** 1832** Description This function is called to verify the data signature 1833** 1834** Parameter bd_addr: target device the data to be signed for. 1835** p_orig: original data before signature. 1836** len: length of the signing data 1837** counter: counter used when doing data signing 1838** p_comp: signature to be compared against. 1839 1840** Returns TRUE if signature verified correctly; otherwise FALSE. 1841** 1842*******************************************************************************/ 1843BOOLEAN BTM_BleVerifySignature (BD_ADDR bd_addr, UINT8 *p_orig, UINT16 len, UINT32 counter, 1844 UINT8 *p_comp) 1845{ 1846 BOOLEAN verified = FALSE; 1847#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) 1848 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr); 1849 UINT8 p_mac[BTM_CMAC_TLEN_SIZE]; 1850 1851 if (p_rec == NULL || (p_rec && !(p_rec->ble.key_type & BTM_LE_KEY_PCSRK))) 1852 { 1853 BTM_TRACE_ERROR0("can not verify signature for unknown device"); 1854 } 1855 else if (counter < p_rec->ble.keys.counter) 1856 { 1857 BTM_TRACE_ERROR0("signature received with out dated sign counter"); 1858 } 1859 else if (p_orig == NULL) 1860 { 1861 BTM_TRACE_ERROR0("No signature to verify"); 1862 } 1863 else 1864 { 1865 BTM_TRACE_DEBUG2 ("BTM_BleVerifySignature rcv_cnt=%d >= expected_cnt=%d", counter, p_rec->ble.keys.counter); 1866 1867 if (AES_CMAC(p_rec->ble.keys.csrk, p_orig, len, BTM_CMAC_TLEN_SIZE, p_mac)) 1868 { 1869 if (memcmp(p_mac, p_comp, BTM_CMAC_TLEN_SIZE) == 0) 1870 { 1871 btm_ble_increment_sign_ctr(bd_addr, FALSE); 1872 verified = TRUE; 1873 } 1874 } 1875 } 1876#endif /* BLE_INCLUDED */ 1877 return verified; 1878} 1879 1880#if BLE_INCLUDED == TRUE 1881/******************************************************************************* 1882** Utility functions for LE device IR/ER generation 1883*******************************************************************************/ 1884/******************************************************************************* 1885** 1886** Function btm_notify_new_key 1887** 1888** Description This function is to notify application new keys have been 1889** generated. 1890** 1891** Returns void 1892** 1893*******************************************************************************/ 1894static void btm_notify_new_key(UINT8 key_type) 1895{ 1896 tBTM_BLE_LOCAL_KEYS *p_locak_keys = NULL; 1897 1898 BTM_TRACE_DEBUG1 ("btm_notify_new_key key_type=%d", key_type); 1899 1900 if (btm_cb.api.p_le_key_callback) 1901 { 1902 switch (key_type) 1903 { 1904 case BTM_BLE_KEY_TYPE_ID: 1905 BTM_TRACE_DEBUG0 ("BTM_BLE_KEY_TYPE_ID"); 1906 p_locak_keys = (tBTM_BLE_LOCAL_KEYS *)&btm_cb.devcb.id_keys; 1907 break; 1908 1909 case BTM_BLE_KEY_TYPE_ER: 1910 BTM_TRACE_DEBUG0 ("BTM_BLE_KEY_TYPE_ER"); 1911 p_locak_keys = (tBTM_BLE_LOCAL_KEYS *)&btm_cb.devcb.er; 1912 break; 1913 1914 default: 1915 BTM_TRACE_ERROR1("unknown key type: %d", key_type); 1916 break; 1917 } 1918 if (p_locak_keys != NULL) 1919 (*btm_cb.api.p_le_key_callback) (key_type, p_locak_keys); 1920 } 1921} 1922 1923/******************************************************************************* 1924** 1925** Function btm_ble_process_er2 1926** 1927** Description This function is called when ER is generated, store it in 1928** local control block. 1929** 1930** Returns void 1931** 1932*******************************************************************************/ 1933static void btm_ble_process_er2(tBTM_RAND_ENC *p) 1934{ 1935 BTM_TRACE_DEBUG0 ("btm_ble_process_er2"); 1936 1937 if (p &&p->opcode == HCI_BLE_RAND) 1938 { 1939 memcpy(&btm_cb.devcb.er[8], p->param_buf, BT_OCTET8_LEN); 1940 btm_notify_new_key(BTM_BLE_KEY_TYPE_ER); 1941 } 1942 else 1943 { 1944 BTM_TRACE_ERROR0("Generating ER2 exception."); 1945 memset(&btm_cb.devcb.er, 0, sizeof(BT_OCTET16)); 1946 } 1947} 1948 1949/******************************************************************************* 1950** 1951** Function btm_ble_process_er 1952** 1953** Description This function is called when ER is generated, store it in 1954** local control block. 1955** 1956** Returns void 1957** 1958*******************************************************************************/ 1959static void btm_ble_process_er(tBTM_RAND_ENC *p) 1960{ 1961 BTM_TRACE_DEBUG0 ("btm_ble_process_er"); 1962 1963 if (p &&p->opcode == HCI_BLE_RAND) 1964 { 1965 memcpy(&btm_cb.devcb.er[0], p->param_buf, BT_OCTET8_LEN); 1966 1967 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_er2)) 1968 { 1969 memset(&btm_cb.devcb.er, 0, sizeof(BT_OCTET16)); 1970 BTM_TRACE_ERROR0("Generating ER2 failed."); 1971 } 1972 } 1973 else 1974 { 1975 BTM_TRACE_ERROR0("Generating ER1 exception."); 1976 } 1977} 1978 1979/******************************************************************************* 1980** 1981** Function btm_ble_process_irk 1982** 1983** Description This function is called when IRK is generated, store it in 1984** local control block. 1985** 1986** Returns void 1987** 1988*******************************************************************************/ 1989static void btm_ble_process_irk(tSMP_ENC *p) 1990{ 1991 BTM_TRACE_DEBUG0 ("btm_ble_process_irk"); 1992 if (p &&p->opcode == HCI_BLE_ENCRYPT) 1993 { 1994 memcpy(btm_cb.devcb.id_keys.irk, p->param_buf, BT_OCTET16_LEN); 1995 btm_notify_new_key(BTM_BLE_KEY_TYPE_ID); 1996 } 1997 else 1998 { 1999 BTM_TRACE_ERROR0("Generating IRK exception."); 2000 } 2001 2002 /* proceed generate ER */ 2003 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_er)) 2004 { 2005 BTM_TRACE_ERROR0("Generating ER failed."); 2006 } 2007} 2008 2009/******************************************************************************* 2010** 2011** Function btm_ble_process_dhk 2012** 2013** Description This function is called when DHK is calculated, store it in 2014** local control block, and proceed to generate ER, a 128-bits 2015** random number. 2016** 2017** Returns void 2018** 2019*******************************************************************************/ 2020static void btm_ble_process_dhk(tSMP_ENC *p) 2021{ 2022#if SMP_INCLUDED == TRUE 2023 UINT8 btm_ble_irk_pt = 0x01; 2024 tSMP_ENC output; 2025 2026 BTM_TRACE_DEBUG0 ("btm_ble_process_dhk"); 2027 2028 if (p && p->opcode == HCI_BLE_ENCRYPT) 2029 { 2030 memcpy(btm_cb.devcb.id_keys.dhk, p->param_buf, BT_OCTET16_LEN); 2031 BTM_TRACE_DEBUG0("BLE DHK generated."); 2032 2033 /* IRK = D1(IR, 1) */ 2034 if (!SMP_Encrypt(btm_cb.devcb.id_keys.ir, BT_OCTET16_LEN, &btm_ble_irk_pt, 2035 1, &output)) 2036 { 2037 /* reset all identity root related key */ 2038 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS)); 2039 } 2040 else 2041 { 2042 btm_ble_process_irk(&output); 2043 } 2044 } 2045 else 2046 { 2047 /* reset all identity root related key */ 2048 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS)); 2049 } 2050#endif 2051} 2052 2053/******************************************************************************* 2054** 2055** Function btm_ble_process_ir2 2056** 2057** Description This function is called when IR is generated, proceed to calculate 2058** DHK = Eir({0x03, 0, 0 ...}) 2059** 2060** 2061** Returns void 2062** 2063*******************************************************************************/ 2064static void btm_ble_process_ir2(tBTM_RAND_ENC *p) 2065{ 2066#if SMP_INCLUDED == TRUE 2067 UINT8 btm_ble_dhk_pt = 0x03; 2068 tSMP_ENC output; 2069 2070 BTM_TRACE_DEBUG0 ("btm_ble_process_ir2"); 2071 2072 if (p && p->opcode == HCI_BLE_RAND) 2073 { 2074 /* remembering in control block */ 2075 memcpy(&btm_cb.devcb.id_keys.ir[8], p->param_buf, BT_OCTET8_LEN); 2076 /* generate DHK= Eir({0x03, 0x00, 0x00 ...}) */ 2077 2078 2079 SMP_Encrypt(btm_cb.devcb.id_keys.ir, BT_OCTET16_LEN, &btm_ble_dhk_pt, 2080 1, &output); 2081 btm_ble_process_dhk(&output); 2082 2083 BTM_TRACE_DEBUG0("BLE IR generated."); 2084 } 2085 else 2086 { 2087 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS)); 2088 } 2089#endif 2090} 2091 2092/******************************************************************************* 2093** 2094** Function btm_ble_process_ir 2095** 2096** Description This function is called when IR is generated, proceed to calculate 2097** DHK = Eir({0x02, 0, 0 ...}) 2098** 2099** 2100** Returns void 2101** 2102*******************************************************************************/ 2103static void btm_ble_process_ir(tBTM_RAND_ENC *p) 2104{ 2105 BTM_TRACE_DEBUG0 ("btm_ble_process_ir"); 2106 2107 if (p && p->opcode == HCI_BLE_RAND) 2108 { 2109 /* remembering in control block */ 2110 memcpy(btm_cb.devcb.id_keys.ir, p->param_buf, BT_OCTET8_LEN); 2111 2112 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_ir2)) 2113 { 2114 BTM_TRACE_ERROR0("Generating IR2 failed."); 2115 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS)); 2116 } 2117 } 2118} 2119 2120/******************************************************************************* 2121** 2122** Function btm_ble_reset_id 2123** 2124** Description This function is called to reset LE device identity. 2125** 2126** Returns void 2127** 2128*******************************************************************************/ 2129void btm_ble_reset_id( void ) 2130{ 2131 BTM_TRACE_DEBUG0 ("btm_ble_reset_id"); 2132 2133 /* regenrate Identity Root*/ 2134 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_ir)) 2135 { 2136 BTM_TRACE_DEBUG0("Generating IR failed."); 2137 } 2138} 2139 2140 #if BTM_BLE_CONFORMANCE_TESTING == TRUE 2141/******************************************************************************* 2142** 2143** Function btm_ble_set_no_disc_if_pair_fail 2144** 2145** Description This function indicates that whether no disconnect of the ACL 2146** should be used if pairing failed 2147** 2148** Returns void 2149** 2150*******************************************************************************/ 2151void btm_ble_set_no_disc_if_pair_fail(BOOLEAN disable_disc ) 2152{ 2153 BTM_TRACE_DEBUG1 ("btm_ble_set_disc_enable_if_pair_fail disable_disc=%d", disable_disc); 2154 btm_cb.devcb.no_disc_if_pair_fail = disable_disc; 2155} 2156 2157/******************************************************************************* 2158** 2159** Function btm_ble_set_test_mac_value 2160** 2161** Description This function set test MAC value 2162** 2163** Returns void 2164** 2165*******************************************************************************/ 2166void btm_ble_set_test_mac_value(BOOLEAN enable, UINT8 *p_test_mac_val ) 2167{ 2168 BTM_TRACE_DEBUG1 ("btm_ble_set_test_mac_value enable=%d", enable); 2169 btm_cb.devcb.enable_test_mac_val = enable; 2170 memcpy(btm_cb.devcb.test_mac, p_test_mac_val, BT_OCTET8_LEN); 2171} 2172 2173/******************************************************************************* 2174** 2175** Function btm_ble_set_test_local_sign_cntr_value 2176** 2177** Description This function set test local sign counter value 2178** 2179** Returns void 2180** 2181*******************************************************************************/ 2182void btm_ble_set_test_local_sign_cntr_value(BOOLEAN enable, UINT32 test_local_sign_cntr ) 2183{ 2184 BTM_TRACE_DEBUG2 ("btm_ble_set_test_local_sign_cntr_value enable=%d local_sign_cntr=%d", 2185 enable, test_local_sign_cntr); 2186 btm_cb.devcb.enable_test_local_sign_cntr = enable; 2187 btm_cb.devcb.test_local_sign_cntr = test_local_sign_cntr; 2188} 2189 2190/******************************************************************************* 2191** 2192** Function btm_set_random_address 2193** 2194** Description This function set a random address to local controller. 2195** 2196** Returns void 2197** 2198*******************************************************************************/ 2199void btm_set_random_address(BD_ADDR random_bda) 2200{ 2201 tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb; 2202 BOOLEAN adv_mode = btm_cb.ble_ctr_cb.inq_var.adv_mode ; 2203 2204 BTM_TRACE_DEBUG0 ("btm_set_random_address"); 2205 2206 if (adv_mode == BTM_BLE_ADV_ENABLE) 2207 btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_DISABLE); 2208 2209 memcpy(p_cb->private_addr, random_bda, BD_ADDR_LEN); 2210 btsnd_hcic_ble_set_random_addr(p_cb->private_addr); 2211 2212 if (adv_mode == BTM_BLE_ADV_ENABLE) 2213 btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_ENABLE); 2214 2215 2216} 2217#endif /* BTM_BLE_CONFORMANCE_TESTING */ 2218 2219 2220#endif /* BLE_INCLUDED */ 2221