btm_ble.c revision ca22ac493ab777199084d87b3c7627e7f27555af
1/****************************************************************************** 2 * 3 * Copyright (C) 1999-2012 Broadcom Corporation 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19/****************************************************************************** 20 * 21 * This file contains functions for BLE device control utilities, and LE 22 * security functions. 23 * 24 ******************************************************************************/ 25 26#include <string.h> 27 28#include "bt_types.h" 29#include "hcimsgs.h" 30#include "btu.h" 31#include "btm_int.h" 32#include "btm_ble_api.h" 33#include "smp_api.h" 34#include "l2c_int.h" 35#include "gap_api.h" 36 37#if SMP_INCLUDED == TRUE 38extern BOOLEAN AES_CMAC ( BT_OCTET16 key, UINT8 *input, UINT16 length, UINT16 tlen, UINT8 *p_signature); 39extern void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable); 40extern BOOLEAN smp_proc_ltk_request(BD_ADDR bda); 41#endif 42extern void gatt_notify_enc_cmpl(BD_ADDR bd_addr); 43 44/*******************************************************************************/ 45/* External Function to be called by other modules */ 46/*******************************************************************************/ 47/******************************************************** 48** 49** Function BTM_SecAddBleDevice 50** 51** Description Add/modify device. This function will be normally called 52** during host startup to restore all required information 53** for a LE device stored in the NVRAM. 54** 55** Parameters: bd_addr - BD address of the peer 56** bd_name - Name of the peer device. NULL if unknown. 57** dev_type - Remote device's device type. 58** addr_type - LE device address type. 59** 60** Returns TRUE if added OK, else FALSE 61** 62*******************************************************************************/ 63BOOLEAN BTM_SecAddBleDevice (BD_ADDR bd_addr, BD_NAME bd_name, tBT_DEVICE_TYPE dev_type, 64 tBLE_ADDR_TYPE addr_type) 65{ 66#if BLE_INCLUDED == TRUE 67 tBTM_SEC_DEV_REC *p_dev_rec; 68 UINT8 i = 0; 69 tBTM_INQ_INFO *p_info=NULL; 70 71 BTM_TRACE_DEBUG1 ("BTM_SecAddBleDevice dev_type=0x%x", dev_type); 72 p_dev_rec = btm_find_dev (bd_addr); 73 74 if (!p_dev_rec) 75 { 76 BTM_TRACE_DEBUG0("Add a new device"); 77 78 /* There is no device record, allocate one. 79 * If we can not find an empty spot for this one, let it fail. */ 80 for (i = 0; i < BTM_SEC_MAX_DEVICE_RECORDS; i++) 81 { 82 if (!(btm_cb.sec_dev_rec[i].sec_flags & BTM_SEC_IN_USE)) 83 { 84 BTM_TRACE_DEBUG1 ("allocate a new dev rec idx=0x%x ", i ); 85 p_dev_rec = &btm_cb.sec_dev_rec[i]; 86 87 /* Mark this record as in use and initialize */ 88 memset (p_dev_rec, 0, sizeof (tBTM_SEC_DEV_REC)); 89 p_dev_rec->sec_flags = BTM_SEC_IN_USE; 90 memcpy (p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN); 91 p_dev_rec->hci_handle = BTM_GetHCIConnHandle (bd_addr); 92 93 /* update conn params, use default value for background connection params */ 94 p_dev_rec->conn_params.min_conn_int = 95 p_dev_rec->conn_params.max_conn_int = 96 p_dev_rec->conn_params.supervision_tout = 97 p_dev_rec->conn_params.slave_latency = BTM_BLE_CONN_PARAM_UNDEF; 98 99 BTM_TRACE_DEBUG1 ("hci_handl=0x%x ", p_dev_rec->hci_handle ); 100 break; 101 } 102 } 103 104 if (!p_dev_rec) 105 return(FALSE); 106 } 107 else 108 { 109 BTM_TRACE_DEBUG0("Device already exist"); 110 } 111 112 memset(p_dev_rec->sec_bd_name, 0, sizeof(tBTM_BD_NAME)); 113 114 if (bd_name && bd_name[0]) 115 { 116 p_dev_rec->sec_flags |= BTM_SEC_NAME_KNOWN; 117 BCM_STRNCPY_S ((char *)p_dev_rec->sec_bd_name, sizeof (p_dev_rec->sec_bd_name), 118 (char *)bd_name, BTM_MAX_REM_BD_NAME_LEN); 119 } 120 p_dev_rec->device_type = dev_type; 121 p_dev_rec->ble.ble_addr_type = addr_type; 122 BTM_TRACE_DEBUG3 ("p_dev_rec->device_type =0x%x addr_type=0x%x sec_flags=0x%x", 123 dev_type, addr_type, p_dev_rec->sec_flags); 124 125 /* sync up with the Inq Data base*/ 126 p_info = BTM_InqDbRead(bd_addr); 127 if (p_info) 128 { 129 p_info->results.ble_addr_type = p_dev_rec->ble.ble_addr_type ; 130 p_info->results.device_type = p_dev_rec->device_type; 131 BTM_TRACE_DEBUG2 ("InqDb device_type =0x%x addr_type=0x%x", 132 p_info->results.device_type, p_info->results.ble_addr_type); 133 } 134 135#endif 136 return(TRUE); 137} 138 139/******************************************************************************* 140** 141** Function BTM_SecAddBleKey 142** 143** Description Add/modify LE device information. This function will be 144** normally called during host startup to restore all required 145** information stored in the NVRAM. 146** 147** Parameters: bd_addr - BD address of the peer 148** p_le_key - LE key values. 149** key_type - LE SMP key type. 150* 151** Returns TRUE if added OK, else FALSE 152** 153*******************************************************************************/ 154BOOLEAN BTM_SecAddBleKey (BD_ADDR bd_addr, tBTM_LE_KEY_VALUE *p_le_key, tBTM_LE_KEY_TYPE key_type) 155{ 156#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) 157 tBTM_SEC_DEV_REC *p_dev_rec; 158 BTM_TRACE_DEBUG0 ("BTM_SecAddBleKey"); 159 p_dev_rec = btm_find_dev (bd_addr); 160 if (!p_dev_rec || !p_le_key || 161 (key_type != BTM_LE_KEY_PENC && key_type != BTM_LE_KEY_PID && 162 key_type != BTM_LE_KEY_PCSRK && key_type != BTM_LE_KEY_LENC && 163 key_type != BTM_LE_KEY_LCSRK)) 164 { 165 BTM_TRACE_WARNING3 ("BTM_SecAddBleKey() Wrong Type, or No Device record \ 166 for bdaddr: %08x%04x, Type: %d", 167 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3], 168 (bd_addr[4]<<8)+bd_addr[5], key_type); 169 return(FALSE); 170 } 171 172 BTM_TRACE_DEBUG3 ("BTM_SecAddLeKey() BDA: %08x%04x, Type: 0x%02x", 173 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3], 174 (bd_addr[4]<<8)+bd_addr[5], key_type); 175 176 if (key_type == BTM_LE_KEY_PENC || key_type == BTM_LE_KEY_PID || 177 key_type == BTM_LE_KEY_PCSRK || key_type == BTM_LE_KEY_LENC || 178 key_type == BTM_LE_KEY_LCSRK) 179 { 180 btm_sec_save_le_key (bd_addr, key_type, p_le_key, FALSE); 181 } 182 183#endif 184 185 return(TRUE); 186} 187 188/******************************************************************************* 189** 190** Function BTM_BleLoadLocalKeys 191** 192** Description Local local identity key, encryption root or sign counter. 193** 194** Parameters: key_type: type of key, can be BTM_BLE_KEY_TYPE_ID, BTM_BLE_KEY_TYPE_ER 195** or BTM_BLE_KEY_TYPE_COUNTER. 196** p_key: pointer to the key. 197* 198** Returns non2. 199** 200*******************************************************************************/ 201void BTM_BleLoadLocalKeys(UINT8 key_type, tBTM_BLE_LOCAL_KEYS *p_key) 202{ 203#if BLE_INCLUDED == TRUE 204 tBTM_DEVCB *p_devcb = &btm_cb.devcb; 205 BTM_TRACE_DEBUG0 ("BTM_BleLoadLocalKeys"); 206 if (p_key != NULL) 207 { 208 switch (key_type) 209 { 210 case BTM_BLE_KEY_TYPE_ID: 211 memcpy(&p_devcb->id_keys, &p_key->id_keys, sizeof(tBTM_BLE_LOCAL_ID_KEYS)); 212 break; 213 214 case BTM_BLE_KEY_TYPE_ER: 215 memcpy(p_devcb->er, p_key->er, sizeof(BT_OCTET16)); 216 break; 217 218 default: 219 BTM_TRACE_ERROR1("unknow local key type: %d", key_type); 220 break; 221 } 222 } 223#endif 224} 225 226/******************************************************************************* 227** 228** Function BTM_GetDeviceEncRoot 229** 230** Description This function is called to read the local device encryption 231** root. 232** 233** Returns void 234** the local device ER is copied into er 235** 236*******************************************************************************/ 237void BTM_GetDeviceEncRoot (BT_OCTET16 er) 238{ 239 BTM_TRACE_DEBUG0 ("BTM_GetDeviceEncRoot"); 240 241#if BLE_INCLUDED == TRUE 242 memcpy (er, btm_cb.devcb.er, BT_OCTET16_LEN); 243#endif 244} 245 246/******************************************************************************* 247** 248** Function BTM_GetDeviceIDRoot 249** 250** Description This function is called to read the local device identity 251** root. 252** 253** Returns void 254** the local device IR is copied into irk 255** 256*******************************************************************************/ 257void BTM_GetDeviceIDRoot (BT_OCTET16 irk) 258{ 259 BTM_TRACE_DEBUG0 ("BTM_GetDeviceIDRoot "); 260 261#if BLE_INCLUDED == TRUE 262 memcpy (irk, btm_cb.devcb.id_keys.irk, BT_OCTET16_LEN); 263#endif 264} 265 266/******************************************************************************* 267** 268** Function BTM_GetDeviceDHK 269** 270** Description This function is called to read the local device DHK. 271** 272** Returns void 273** the local device DHK is copied into dhk 274** 275*******************************************************************************/ 276void BTM_GetDeviceDHK (BT_OCTET16 dhk) 277{ 278#if BLE_INCLUDED == TRUE 279 BTM_TRACE_DEBUG0 ("BTM_GetDeviceDHK"); 280 memcpy (dhk, btm_cb.devcb.id_keys.dhk, BT_OCTET16_LEN); 281#endif 282} 283 284/******************************************************************************* 285** 286** Function BTM_ReadConnectionAddr 287** 288** Description This function is called to get the local device address information 289** . 290** 291** Returns void 292** 293*******************************************************************************/ 294void BTM_ReadConnectionAddr (BD_ADDR remote_bda, BD_ADDR local_conn_addr, tBLE_ADDR_TYPE *p_addr_type) 295{ 296#if BLE_INCLUDED == TRUE 297 tACL_CONN *p_acl = btm_bda_to_acl(remote_bda); 298 299 if (p_acl == NULL) 300 { 301 BTM_TRACE_ERROR0("No connection exist!"); 302 return; 303 } 304 memcpy(local_conn_addr, p_acl->conn_addr, BD_ADDR_LEN); 305 * p_addr_type = p_acl->conn_addr_type; 306 307 BTM_TRACE_DEBUG2 ("BTM_ReadConnectionAddr address type: %d addr: 0x%02x", 308 p_acl->conn_addr_type, p_acl->conn_addr[0]); 309 310#endif 311} 312 313/******************************************************************************* 314** 315** Function BTM_ReadRemoteConnectionAddr 316** 317** Description This function is read the remote device address currently used 318** . 319** 320** Returns void 321** 322*******************************************************************************/ 323BOOLEAN BTM_ReadRemoteConnectionAddr(BD_ADDR pseudo_addr, BD_ADDR conn_addr, tBLE_ADDR_TYPE *p_addr_type) 324{ 325 BOOLEAN st = TRUE; 326#if BLE_INCLUDED == TRUE 327 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(pseudo_addr); 328 329 memcpy(conn_addr, pseudo_addr, BD_ADDR_LEN); 330 *p_addr_type = p_dev_rec->ble.ble_addr_type; 331#endif 332 return st; 333} 334/******************************************************************************* 335** 336** Function BTM_SecurityGrant 337** 338** Description This function is called to grant security process. 339** 340** Parameters bd_addr - peer device bd address. 341** res - result of the operation BTM_SUCCESS if success. 342** Otherwise, BTM_REPEATED_ATTEMPTS is too many attempts. 343** 344** Returns None 345** 346*******************************************************************************/ 347void BTM_SecurityGrant(BD_ADDR bd_addr, UINT8 res) 348{ 349#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) 350 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_REPEATED_ATTEMPTS; 351 BTM_TRACE_DEBUG0 ("BTM_SecurityGrant"); 352 SMP_SecurityGrant(bd_addr, res_smp); 353#endif 354} 355 356/******************************************************************************* 357** 358** Function BTM_BlePasskeyReply 359** 360** Description This function is called after Security Manager submitted 361** passkey request to the application. 362** 363** Parameters: bd_addr - Address of the device for which passkey was requested 364** res - result of the operation BTM_SUCCESS if success 365** key_len - length in bytes of the Passkey 366** p_passkey - pointer to array with the passkey 367** trusted_mask - bitwise OR of trusted services (array of UINT32) 368** 369*******************************************************************************/ 370void BTM_BlePasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey) 371{ 372#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) 373 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 374 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_PASSKEY_ENTRY_FAIL; 375 376 if (p_dev_rec == NULL) 377 { 378 BTM_TRACE_ERROR0("Passkey reply to Unknown device"); 379 return; 380 } 381 382 p_dev_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED; 383 BTM_TRACE_DEBUG0 ("BTM_BlePasskeyReply"); 384 SMP_PasskeyReply(bd_addr, res_smp, passkey); 385#endif 386} 387 388/******************************************************************************* 389** 390** Function BTM_BleOobDataReply 391** 392** Description This function is called to provide the OOB data for 393** SMP in response to BTM_LE_OOB_REQ_EVT 394** 395** Parameters: bd_addr - Address of the peer device 396** res - result of the operation SMP_SUCCESS if success 397** p_data - simple pairing Randomizer C. 398** 399*******************************************************************************/ 400void BTM_BleOobDataReply(BD_ADDR bd_addr, UINT8 res, UINT8 len, UINT8 *p_data) 401{ 402#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) 403 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_OOB_FAIL; 404 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 405 406 BTM_TRACE_DEBUG0 ("BTM_BleOobDataReply"); 407 408 if (p_dev_rec == NULL) 409 { 410 BTM_TRACE_ERROR0("BTM_BleOobDataReply() to Unknown device"); 411 return; 412 } 413 414 p_dev_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED; 415 SMP_OobDataReply(bd_addr, res_smp, len, p_data); 416#endif 417} 418 419/****************************************************************************** 420** 421** Function BTM_BleSetConnScanParams 422** 423** Description Set scan parameter used in BLE connection request 424** 425** Parameters: scan_interval: scan interval 426** scan_window: scan window 427** 428** Returns void 429** 430*******************************************************************************/ 431void BTM_BleSetConnScanParams (UINT16 scan_interval, UINT16 scan_window) 432{ 433#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) 434 tBTM_BLE_CB *p_ble_cb = &btm_cb.ble_ctr_cb; 435 BOOLEAN new_param = FALSE; 436 437 if (BTM_BLE_VALID_PRAM(scan_interval, BTM_BLE_SCAN_INT_MIN, BTM_BLE_SCAN_INT_MAX) && 438 BTM_BLE_VALID_PRAM(scan_window, BTM_BLE_SCAN_WIN_MIN, BTM_BLE_SCAN_WIN_MAX)) 439 { 440 btu_stop_timer(&p_ble_cb->scan_param_idle_timer); 441 442 if (p_ble_cb->scan_int != scan_interval) 443 { 444 p_ble_cb->scan_int = scan_interval; 445 new_param = TRUE; 446 } 447 448 if (p_ble_cb->scan_win != scan_window) 449 { 450 p_ble_cb->scan_win = scan_window; 451 new_param = TRUE; 452 } 453 454 if (new_param && p_ble_cb->conn_state == BLE_BG_CONN) 455 { 456 btm_ble_suspend_bg_conn(); 457 } 458 } 459 else 460 { 461 BTM_TRACE_ERROR0("Illegal Connection Scan Parameters"); 462 } 463#endif 464} 465 466/******************************************************** 467** 468** Function BTM_BleSetPrefConnParams 469** 470** Description Set a peripheral's preferred connection parameters 471** 472** Parameters: bd_addr - BD address of the peripheral 473** scan_interval: scan interval 474** scan_window: scan window 475** min_conn_int - minimum preferred connection interval 476** max_conn_int - maximum preferred connection interval 477** slave_latency - preferred slave latency 478** supervision_tout - preferred supervision timeout 479** 480** Returns void 481** 482*******************************************************************************/ 483void BTM_BleSetPrefConnParams (BD_ADDR bd_addr, 484 UINT16 min_conn_int, UINT16 max_conn_int, 485 UINT16 slave_latency, UINT16 supervision_tout) 486{ 487#if BLE_INCLUDED == TRUE 488 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 489 490 BTM_TRACE_API4 ("BTM_BleSetPrefConnParams min: %u max: %u latency: %u \ 491 tout: %u", 492 min_conn_int, max_conn_int, slave_latency, supervision_tout); 493 494 if (BTM_BLE_VALID_PRAM(min_conn_int, BTM_BLE_CONN_INT_MIN, BTM_BLE_CONN_INT_MAX) && 495 BTM_BLE_VALID_PRAM(max_conn_int, BTM_BLE_CONN_INT_MIN, BTM_BLE_CONN_INT_MAX) && 496 BTM_BLE_VALID_PRAM(supervision_tout, BTM_BLE_CONN_SUP_TOUT_MIN, BTM_BLE_CONN_SUP_TOUT_MAX) && 497 (slave_latency <= BTM_BLE_CONN_LATENCY_MAX || slave_latency == BTM_BLE_CONN_PARAM_UNDEF)) 498 { 499 if (p_dev_rec) 500 { 501 /* expect conn int and stout and slave latency to be updated all together */ 502 if (min_conn_int != BTM_BLE_CONN_PARAM_UNDEF || max_conn_int != BTM_BLE_CONN_PARAM_UNDEF) 503 { 504 if (min_conn_int != BTM_BLE_CONN_PARAM_UNDEF) 505 p_dev_rec->conn_params.min_conn_int = min_conn_int; 506 else 507 p_dev_rec->conn_params.min_conn_int = max_conn_int; 508 509 if (max_conn_int != BTM_BLE_CONN_PARAM_UNDEF) 510 p_dev_rec->conn_params.max_conn_int = max_conn_int; 511 else 512 p_dev_rec->conn_params.max_conn_int = min_conn_int; 513 514 if (slave_latency != BTM_BLE_CONN_PARAM_UNDEF) 515 p_dev_rec->conn_params.slave_latency = slave_latency; 516 else 517 p_dev_rec->conn_params.slave_latency = BTM_BLE_CONN_SLAVE_LATENCY_DEF; 518 519 if (supervision_tout != BTM_BLE_CONN_PARAM_UNDEF) 520 p_dev_rec->conn_params.supervision_tout = supervision_tout; 521 else 522 p_dev_rec->conn_params.slave_latency = BTM_BLE_CONN_TIMEOUT_DEF; 523 524 } 525 526 } 527 else 528 { 529 BTM_TRACE_ERROR0("Unknown Device, setting rejected"); 530 } 531 } 532 else 533 { 534 BTM_TRACE_ERROR0("Illegal Connection Parameters"); 535 } 536#endif /* BLE_INCLUDED */ 537} 538 539/******************************************************************************* 540** 541** Function BTM_ReadDevInfo 542** 543** Description This function is called to read the device/address type 544** of BD address. 545** 546** Parameter remote_bda: remote device address 547** p_dev_type: output parameter to read the device type. 548** p_addr_type: output parameter to read the address type. 549** 550*******************************************************************************/ 551void BTM_ReadDevInfo (BD_ADDR remote_bda, tBT_DEVICE_TYPE *p_dev_type, tBLE_ADDR_TYPE *p_addr_type) 552{ 553#if BLE_INCLUDED == TRUE 554 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (remote_bda); 555 tBTM_INQ_INFO *p_inq_info = BTM_InqDbRead(remote_bda); 556 557 *p_dev_type = BT_DEVICE_TYPE_BREDR; 558 *p_addr_type = BLE_ADDR_PUBLIC; 559 560 if (!p_dev_rec) 561 { 562 /* Check with the BT manager if details about remote device are known */ 563 if (p_inq_info != NULL) 564 { 565 *p_dev_type = p_inq_info->results.device_type ; 566 *p_addr_type = p_inq_info->results.ble_addr_type; 567 } 568 /* unknown device, assume BR/EDR */ 569 } 570 else /* there is a security device record exisitng */ 571 { 572 /* new inquiry result, overwrite device type in security device record */ 573 if (p_inq_info) 574 { 575 p_dev_rec->device_type = p_inq_info->results.device_type; 576 p_dev_rec->ble.ble_addr_type = p_inq_info->results.ble_addr_type; 577 } 578 *p_dev_type = p_dev_rec->device_type; 579 *p_addr_type = p_dev_rec->ble.ble_addr_type; 580 581 } 582 583 BTM_TRACE_DEBUG2 ("btm_find_dev_type - device_type = %d addr_type = %d", *p_dev_type , *p_addr_type); 584#endif 585 586 return; 587} 588 589/******************************************************************************* 590** 591** Function BTM_BleReceiverTest 592** 593** Description This function is called to start the LE Receiver test 594** 595** Parameter rx_freq - Frequency Range 596** p_cmd_cmpl_cback - Command Complete callback 597** 598*******************************************************************************/ 599void BTM_BleReceiverTest(UINT8 rx_freq, tBTM_CMPL_CB *p_cmd_cmpl_cback) 600{ 601 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback; 602 603 if (btsnd_hcic_ble_receiver_test(rx_freq) == FALSE) 604 { 605 BTM_TRACE_ERROR1("%s: Unable to Trigger LE receiver test", __FUNCTION__); 606 } 607} 608 609/******************************************************************************* 610** 611** Function BTM_BleTransmitterTest 612** 613** Description This function is called to start the LE Transmitter test 614** 615** Parameter tx_freq - Frequency Range 616** test_data_len - Length in bytes of payload data in each packet 617** packet_payload - Pattern to use in the payload 618** p_cmd_cmpl_cback - Command Complete callback 619** 620*******************************************************************************/ 621void BTM_BleTransmitterTest(UINT8 tx_freq, UINT8 test_data_len, 622 UINT8 packet_payload, tBTM_CMPL_CB *p_cmd_cmpl_cback) 623{ 624 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback; 625 if (btsnd_hcic_ble_transmitter_test(tx_freq, test_data_len, packet_payload) == FALSE) 626 { 627 BTM_TRACE_ERROR1("%s: Unable to Trigger LE transmitter test", __FUNCTION__); 628 } 629} 630 631/******************************************************************************* 632** 633** Function BTM_BleTestEnd 634** 635** Description This function is called to stop the in-progress TX or RX test 636** 637** Parameter p_cmd_cmpl_cback - Command complete callback 638** 639*******************************************************************************/ 640void BTM_BleTestEnd(tBTM_CMPL_CB *p_cmd_cmpl_cback) 641{ 642 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback; 643 644 if (btsnd_hcic_ble_test_end() == FALSE) 645 { 646 BTM_TRACE_ERROR1("%s: Unable to End the LE TX/RX test", __FUNCTION__); 647 } 648} 649 650/******************************************************************************* 651** Internal Functions 652*******************************************************************************/ 653#if BLE_INCLUDED == TRUE 654 655void btm_ble_test_command_complete(UINT8 *p) 656{ 657 tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_le_test_cmd_cmpl_cb; 658 UINT8 status; 659 660 btm_cb.devcb.p_le_test_cmd_cmpl_cb = NULL; 661 662 if (p_cb) 663 { 664 (*p_cb)(p); 665 } 666} 667 668/******************************************************************************* 669** 670** Function btm_ble_check_link_type 671** 672** Description This function is to check the link type is BLE or BR/EDR. 673** 674** Returns TRUE if BLE link; FALSE if BR/EDR. 675** 676*******************************************************************************/ 677BOOLEAN btm_ble_check_link_type (BD_ADDR bd_addr) 678{ 679 tACL_CONN *p; 680 BTM_TRACE_DEBUG0 ("btm_ble_check_link_type"); 681 if ((p = btm_bda_to_acl(bd_addr)) != NULL) 682 return p->is_le_link; 683 else 684 return FALSE; 685} 686 687/******************************************************************************* 688** 689** Function btm_ble_rand_enc_complete 690** 691** Description This function is the callback functions for HCI_Rand command 692** and HCI_Encrypt command is completed. 693** This message is received from the HCI. 694** 695** Returns void 696** 697*******************************************************************************/ 698void btm_ble_rand_enc_complete (UINT8 *p, UINT16 op_code, tBTM_RAND_ENC_CB *p_enc_cplt_cback) 699{ 700 tBTM_RAND_ENC params; 701 UINT8 *p_dest = params.param_buf; 702 703 BTM_TRACE_DEBUG0 ("btm_ble_rand_enc_complete"); 704 705 memset(¶ms, 0, sizeof(tBTM_RAND_ENC)); 706 707 /* If there was a callback address for vcs complete, call it */ 708 if (p_enc_cplt_cback && p) 709 { 710 /* Pass paramters to the callback function */ 711 STREAM_TO_UINT8(params.status, p); /* command status */ 712 713 if (params.status == HCI_SUCCESS) 714 { 715 params.opcode = op_code; 716 717 if (op_code == HCI_BLE_RAND) 718 params.param_len = BT_OCTET8_LEN; 719 else 720 params.param_len = BT_OCTET16_LEN; 721 722 memcpy(p_dest, p, params.param_len); /* Fetch return info from HCI event message */ 723 } 724 if (p_enc_cplt_cback) 725 (*p_enc_cplt_cback)(¶ms); /* Call the Encryption complete callback function */ 726 } 727} 728 729 730 #if (SMP_INCLUDED == TRUE) 731 732/******************************************************************************* 733** 734** Function btm_ble_get_enc_key_type 735** 736** Description This function is to increment local sign counter 737** Returns None 738** 739*******************************************************************************/ 740void btm_ble_increment_sign_ctr(BD_ADDR bd_addr, BOOLEAN is_local ) 741{ 742 tBTM_SEC_DEV_REC *p_dev_rec; 743 744 BTM_TRACE_DEBUG1 ("btm_ble_increment_sign_ctr is_local=%d", is_local); 745 746 if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL) 747 { 748 if (is_local) 749 p_dev_rec->ble.keys.local_counter++; 750 else 751 p_dev_rec->ble.keys.counter++; 752 BTM_TRACE_DEBUG3 ("is_local=%d local sign counter=%d peer sign counter=%d", 753 is_local, 754 p_dev_rec->ble.keys.local_counter, 755 p_dev_rec->ble.keys.counter); 756 } 757} 758 759/******************************************************************************* 760** 761** Function btm_ble_get_enc_key_type 762** 763** Description This function is to get the BLE key type that has been exchanged 764** in betweem local device and peer device. 765** 766** Returns p_key_type: output parameter to carry the key type value. 767** 768*******************************************************************************/ 769BOOLEAN btm_ble_get_enc_key_type(BD_ADDR bd_addr, UINT8 *p_key_types) 770{ 771 tBTM_SEC_DEV_REC *p_dev_rec; 772 773 BTM_TRACE_DEBUG0 ("btm_ble_get_enc_key_type"); 774 775 if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL) 776 { 777 *p_key_types = p_dev_rec->ble.key_type; 778 return TRUE; 779 } 780 return FALSE; 781} 782 783/******************************************************************************* 784** 785** Function btm_get_local_div 786** 787** Description This function is called to read the local DIV 788** 789** Returns TURE - if a valid DIV is availavle 790*******************************************************************************/ 791BOOLEAN btm_get_local_div (BD_ADDR bd_addr, UINT16 *p_div) 792{ 793 tBTM_SEC_DEV_REC *p_dev_rec; 794 BOOLEAN status = FALSE; 795 BTM_TRACE_DEBUG0 ("btm_get_local_div"); 796 797 BTM_TRACE_DEBUG6("bd_addr:%02x-%02x-%02x-%02x-%02x-%02x", 798 bd_addr[0],bd_addr[1], 799 bd_addr[2],bd_addr[3], 800 bd_addr[4],bd_addr[5]); 801 802 p_dev_rec = btm_find_dev (bd_addr); 803 804 if (p_dev_rec && p_dev_rec->ble.keys.div) 805 { 806 status = TRUE; 807 *p_div = p_dev_rec->ble.keys.div; 808 } 809 BTM_TRACE_DEBUG2 ("btm_get_local_div status=%d (1-OK) DIV=0x%x", status, *p_div); 810 return status; 811} 812 813/******************************************************************************* 814** 815** Function btm_sec_save_le_key 816** 817** Description This function is called by the SMP to update 818** an BLE key. SMP is internal, whereas all the keys shall 819** be sent to the application. The function is also called 820** when application passes ble key stored in NVRAM to the btm_sec. 821** pass_to_application parameter is false in this case. 822** 823** Returns void 824** 825*******************************************************************************/ 826void btm_sec_save_le_key(BD_ADDR bd_addr, tBTM_LE_KEY_TYPE key_type, tBTM_LE_KEY_VALUE *p_keys, 827 BOOLEAN pass_to_application) 828{ 829 tBTM_SEC_DEV_REC *p_rec; 830 tBTM_LE_EVT_DATA cb_data; 831 UINT8 i; 832 833 BTM_TRACE_DEBUG2 ("btm_sec_save_le_key key_type=0x%x pass_to_application=%d",key_type, pass_to_application); 834 /* Store the updated key in the device database */ 835 836 BTM_TRACE_DEBUG6("bd_addr:%02x-%02x-%02x-%02x-%02x-%02x", 837 bd_addr[0],bd_addr[1], 838 bd_addr[2],bd_addr[3], 839 bd_addr[4],bd_addr[5]); 840 841 if ((p_rec = btm_find_dev (bd_addr)) != NULL && p_keys) 842 { 843 switch (key_type) 844 { 845 case BTM_LE_KEY_PENC: 846 memcpy(p_rec->ble.keys.ltk, p_keys->penc_key.ltk, BT_OCTET16_LEN); 847 memcpy(p_rec->ble.keys.rand, p_keys->penc_key.rand, BT_OCTET8_LEN); 848 p_rec->ble.keys.sec_level = p_keys->penc_key.sec_level; 849 p_rec->ble.keys.ediv = p_keys->penc_key.ediv; 850 p_rec->ble.keys.key_size = p_keys->penc_key.key_size; 851 p_rec->ble.key_type |= BTM_LE_KEY_PENC; 852 p_rec->sec_flags |= BTM_SEC_LINK_KEY_KNOWN; 853 if (p_keys->penc_key.sec_level == SMP_SEC_AUTHENTICATED) 854 p_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED; 855 else 856 p_rec->sec_flags &= ~BTM_SEC_LINK_KEY_AUTHED; 857 BTM_TRACE_DEBUG3("BTM_LE_KEY_PENC key_type=0x%x sec_flags=0x%x sec_leve=0x%x", 858 p_rec->ble.key_type, 859 p_rec->sec_flags, 860 p_rec->ble.keys.sec_level); 861 break; 862 863 case BTM_LE_KEY_PID: 864 for (i=0; i<BT_OCTET16_LEN; i++) 865 { 866 p_rec->ble.keys.irk[i] = p_keys->pid_key.irk[i]; 867 } 868 869 //memcpy( p_rec->ble.keys.irk, p_keys->pid_key, BT_OCTET16_LEN); todo will crash the system 870 memcpy(p_rec->ble.static_addr, p_keys->pid_key.static_addr, BD_ADDR_LEN); 871 p_rec->ble.static_addr_type = p_keys->pid_key.addr_type; 872 p_rec->ble.key_type |= BTM_LE_KEY_PID; 873 BTM_TRACE_DEBUG1("BTM_LE_KEY_PID key_type=0x%x save peer IRK", p_rec->ble.key_type); 874 break; 875 876 case BTM_LE_KEY_PCSRK: 877 memcpy(p_rec->ble.keys.csrk, p_keys->pcsrk_key.csrk, BT_OCTET16_LEN); 878 p_rec->ble.keys.srk_sec_level = p_keys->pcsrk_key.sec_level; 879 p_rec->ble.keys.counter = p_keys->pcsrk_key.counter; 880 p_rec->ble.key_type |= BTM_LE_KEY_PCSRK; 881 p_rec->sec_flags |= BTM_SEC_LINK_KEY_KNOWN; 882 if ( p_keys->pcsrk_key.sec_level== SMP_SEC_AUTHENTICATED) 883 p_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED; 884 else 885 p_rec->sec_flags &= ~BTM_SEC_LINK_KEY_AUTHED; 886 887 BTM_TRACE_DEBUG4("BTM_LE_KEY_PCSRK key_type=0x%x sec_flags=0x%x sec_level=0x%x peer_counter=%d", 888 p_rec->ble.key_type, 889 p_rec->sec_flags, 890 p_rec->ble.keys.srk_sec_level, 891 p_rec->ble.keys.counter ); 892 break; 893 894 case BTM_LE_KEY_LENC: 895 p_rec->ble.keys.div = p_keys->lenc_key.div; /* update DIV */ 896 p_rec->ble.keys.sec_level = p_keys->lenc_key.sec_level; 897 p_rec->ble.keys.key_size = p_keys->lenc_key.key_size; 898 p_rec->ble.key_type |= BTM_LE_KEY_LENC; 899 900 BTM_TRACE_DEBUG4("BTM_LE_KEY_LENC key_type=0x%x DIV=0x%x key_size=0x%x sec_level=0x%x", 901 p_rec->ble.key_type, 902 p_rec->ble.keys.div, 903 p_rec->ble.keys.key_size, 904 p_rec->ble.keys.sec_level ); 905 break; 906 907 case BTM_LE_KEY_LCSRK:/* local CSRK has been delivered */ 908 p_rec->ble.keys.div = p_keys->lcsrk_key.div; /* update DIV */ 909 p_rec->ble.keys.local_csrk_sec_level = p_keys->lcsrk_key.sec_level; 910 p_rec->ble.keys.local_counter = p_keys->lcsrk_key.counter; 911 p_rec->ble.key_type |= BTM_LE_KEY_LCSRK; 912 BTM_TRACE_DEBUG4("BTM_LE_KEY_LCSRK key_type=0x%x DIV=0x%x scrk_sec_level=0x%x local_counter=%d", 913 p_rec->ble.key_type, 914 p_rec->ble.keys.div, 915 p_rec->ble.keys.local_csrk_sec_level, 916 p_rec->ble.keys.local_counter ); 917 break; 918 919 default: 920 BTM_TRACE_WARNING1("btm_sec_save_le_key (Bad key_type 0x%02x)", key_type); 921 return; 922 } 923 924 BTM_TRACE_DEBUG3 ("BLE key type 0x%02x updated for BDA: %08x%04x (btm_sec_save_le_key)", key_type, 925 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3], 926 (bd_addr[4]<<8)+bd_addr[5]); 927 928 /* Notify the application that one of the BLE keys has been updated 929 If link key is in progress, it will get sent later.*/ 930 if (pass_to_application && btm_cb.api.p_le_callback) 931 { 932 cb_data.key.p_key_value = p_keys; 933 cb_data.key.key_type = key_type; 934 (*btm_cb.api.p_le_callback) (BTM_LE_KEY_EVT, bd_addr, &cb_data); 935 } 936 return; 937 } 938 939 BTM_TRACE_WARNING3 ("BLE key type 0x%02x called for Unknown BDA or type: %08x%04x !! (btm_sec_save_le_key)", key_type, 940 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3], 941 (bd_addr[4]<<8)+bd_addr[5]); 942 943 if (p_rec) 944 { 945 BTM_TRACE_DEBUG1 ("sec_flags=0x%x", p_rec->sec_flags); 946 } 947} 948 949/******************************************************************************* 950** 951** Function btm_ble_update_sec_key_size 952** 953** Description update the current lin kencryption key size 954** 955** Returns void 956** 957*******************************************************************************/ 958void btm_ble_update_sec_key_size(BD_ADDR bd_addr, UINT8 enc_key_size) 959{ 960 tBTM_SEC_DEV_REC *p_rec; 961 962 BTM_TRACE_DEBUG1("btm_ble_update_sec_key_size enc_key_size = %d", enc_key_size); 963 964 if ((p_rec = btm_find_dev (bd_addr)) != NULL ) 965 { 966 p_rec->enc_key_size = enc_key_size; 967 } 968} 969 970/******************************************************************************* 971** 972** Function btm_ble_read_sec_key_size 973** 974** Description update the current lin kencryption key size 975** 976** Returns void 977** 978*******************************************************************************/ 979UINT8 btm_ble_read_sec_key_size(BD_ADDR bd_addr) 980{ 981 tBTM_SEC_DEV_REC *p_rec; 982 983 if ((p_rec = btm_find_dev (bd_addr)) != NULL ) 984 { 985 return p_rec->enc_key_size; 986 } 987 else 988 return 0; 989} 990 991/******************************************************************************* 992** 993** Function btm_ble_link_sec_check 994** 995** Description Check BLE link security level match. 996** 997** Returns TRUE: check is OK and the *p_sec_req_act contain the action 998** 999*******************************************************************************/ 1000void btm_ble_link_sec_check(BD_ADDR bd_addr, tBTM_LE_AUTH_REQ auth_req, tBTM_BLE_SEC_REQ_ACT *p_sec_req_act) 1001{ 1002 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 1003 UINT8 req_sec_level, cur_sec_level; 1004 1005 BTM_TRACE_DEBUG1 ("btm_ble_link_sec_check auth_req =0x%x", auth_req); 1006 1007 if (p_dev_rec == NULL) 1008 { 1009 BTM_TRACE_ERROR0 ("btm_ble_link_sec_check received for unknown device"); 1010 return; 1011 } 1012 1013 if (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING || 1014 p_dev_rec->sec_state == BTM_SEC_STATE_AUTHENTICATING) 1015 { 1016 /* race condition: discard the security request while master is encrypting the link */ 1017 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_DISCARD; 1018 } 1019 else 1020 { 1021 req_sec_level = BTM_LE_SEC_UNAUTHENTICATE; 1022 if ((auth_req == (BTM_LE_AUTH_REQ_BOND|BTM_LE_AUTH_REQ_MITM)) || 1023 (auth_req == (BTM_LE_AUTH_REQ_MITM)) ) 1024 { 1025 req_sec_level = BTM_LE_SEC_AUTHENTICATED; 1026 } 1027 1028 BTM_TRACE_DEBUG1 ("dev_rec sec_flags=0x%x", p_dev_rec->sec_flags); 1029 1030 /* currently encrpted */ 1031 if (p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED) 1032 { 1033 if (p_dev_rec->sec_flags & BTM_SEC_LINK_KEY_AUTHED) 1034 cur_sec_level = BTM_LE_SEC_AUTHENTICATED; 1035 else 1036 cur_sec_level = BTM_LE_SEC_UNAUTHENTICATE; 1037 } 1038 else /* unencrypted link */ 1039 { 1040 /* if bonded, get the key security level */ 1041 if (p_dev_rec->ble.key_type & BTM_LE_KEY_PENC) 1042 cur_sec_level = p_dev_rec->ble.keys.sec_level; 1043 else 1044 cur_sec_level = BTM_LE_SEC_NONE; 1045 } 1046 1047 if (cur_sec_level >= req_sec_level) 1048 { 1049 if (cur_sec_level == BTM_LE_SEC_NONE) 1050 { 1051 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_NONE; 1052 } 1053 else 1054 { 1055 /* To avoid re-encryption on an encrypted link for an equal condition encryption */ 1056 /* if link has been encrypted, do nothing, go straight to furhter action 1057 if (p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED) 1058 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_DISCARD; 1059 else 1060 */ 1061 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_ENCRYPT; 1062 } 1063 } 1064 else 1065 { 1066 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_PAIR; /* start the pariring process to upgrade the keys*/ 1067 } 1068 } 1069 1070 BTM_TRACE_DEBUG3("cur_sec_level=%d req_sec_level=%d sec_req_act=%d", 1071 cur_sec_level, 1072 req_sec_level, 1073 *p_sec_req_act); 1074 1075} 1076 1077/******************************************************************************* 1078** 1079** Function btm_ble_set_encryption 1080** 1081** Description This function is called to ensure that LE connection is 1082** encrypted. Should be called only on an open connection. 1083** Typically only needed for connections that first want to 1084** bring up unencrypted links, then later encrypt them. 1085** 1086** Returns void 1087** the local device ER is copied into er 1088** 1089*******************************************************************************/ 1090tBTM_STATUS btm_ble_set_encryption (BD_ADDR bd_addr, void *p_ref_data, UINT8 link_role) 1091{ 1092 tBTM_STATUS cmd = BTM_NO_RESOURCES; 1093 tBTM_BLE_SEC_ACT sec_act = *(tBTM_BLE_SEC_ACT *)p_ref_data ; 1094 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr); 1095 1096 if (p_rec == NULL) 1097 { 1098 BTM_TRACE_WARNING1 ("btm_ble_set_encryption (NULL device record!! sec_act=0x%x", sec_act); 1099 return(BTM_WRONG_MODE); 1100 } 1101 1102 BTM_TRACE_DEBUG2 ("btm_ble_set_encryption sec_act=0x%x role_master=%d", sec_act, p_rec->role_master); 1103 1104 if (sec_act == BTM_BLE_SEC_ENCRYPT_MITM) 1105 { 1106 p_rec->security_required |= BTM_SEC_IN_MITM; 1107 } 1108 1109 switch (sec_act) 1110 { 1111 case BTM_BLE_SEC_ENCRYPT: 1112 if (link_role == BTM_ROLE_MASTER) 1113 { 1114 /* start link layer encryption using the security info stored */ 1115 if (btm_ble_start_encrypt(bd_addr, FALSE, NULL)) 1116 { 1117 p_rec->sec_state = BTM_SEC_STATE_ENCRYPTING; 1118 cmd = BTM_CMD_STARTED; 1119 } 1120 break; 1121 } 1122 /* if salve role then fall through to call SMP_Pair below which will send a 1123 sec_request to request the master to encrypt the link */ 1124 case BTM_BLE_SEC_ENCRYPT_NO_MITM: 1125 case BTM_BLE_SEC_ENCRYPT_MITM: 1126 1127 if (SMP_Pair(bd_addr) == SMP_STARTED) 1128 { 1129 cmd = BTM_CMD_STARTED; 1130 p_rec->sec_state = BTM_SEC_STATE_AUTHENTICATING; 1131 } 1132 break; 1133 1134 default: 1135 cmd = BTM_SUCCESS; 1136 break; 1137 } 1138 return cmd; 1139} 1140 1141/******************************************************************************* 1142** 1143** Function btm_ble_ltk_request 1144** 1145** Description This function is called when encryption request is received 1146** on a slave device. 1147** 1148** 1149** Returns void 1150** 1151*******************************************************************************/ 1152void btm_ble_ltk_request(UINT16 handle, UINT8 rand[8], UINT16 ediv) 1153{ 1154 tBTM_CB *p_cb = &btm_cb; 1155 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev_by_handle (handle); 1156 BT_OCTET8 dummy_stk = {0}; 1157 1158 BTM_TRACE_DEBUG0 ("btm_ble_ltk_request"); 1159 1160 p_cb->ediv = ediv; 1161 1162 memcpy(p_cb->enc_rand, rand, BT_OCTET8_LEN); 1163 1164 if (!smp_proc_ltk_request(p_dev_rec->bd_addr)) 1165 btm_ble_ltk_request_reply(p_dev_rec->bd_addr, FALSE, dummy_stk); 1166 1167 1168} 1169 1170/******************************************************************************* 1171** 1172** Function btm_ble_start_encrypt 1173** 1174** Description This function is called to start LE encryption. 1175** 1176** 1177** Returns void 1178** 1179*******************************************************************************/ 1180BOOLEAN btm_ble_start_encrypt(BD_ADDR bda, BOOLEAN use_stk, BT_OCTET16 stk) 1181{ 1182 tBTM_CB *p_cb = &btm_cb; 1183 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bda); 1184 BT_OCTET8 dummy_rand = {0}; 1185 1186 BTM_TRACE_DEBUG0 ("btm_ble_start_encrypt"); 1187 1188 if (!p_rec || 1189 (p_rec && p_rec->sec_state == BTM_SEC_STATE_ENCRYPTING)) 1190 return FALSE; 1191 1192 if (p_rec->sec_state == BTM_SEC_STATE_IDLE) 1193 p_rec->sec_state = BTM_SEC_STATE_ENCRYPTING; 1194 p_cb->enc_handle = p_rec->hci_handle; 1195 1196 if (use_stk) 1197 { 1198 if (!btsnd_hcic_ble_start_enc(p_rec->hci_handle, dummy_rand, 0, stk)) 1199 return FALSE; 1200 } 1201 else if (p_rec->ble.key_type & BTM_LE_KEY_PENC) 1202 { 1203 if (!btsnd_hcic_ble_start_enc(p_rec->hci_handle, p_rec->ble.keys.rand, 1204 p_rec->ble.keys.ediv, p_rec->ble.keys.ltk)) 1205 return FALSE; 1206 } 1207 else 1208 { 1209 return FALSE; 1210 } 1211 1212 return TRUE; 1213} 1214 1215/******************************************************************************* 1216** 1217** Function btm_ble_link_encrypted 1218** 1219** Description This function is called when LE link encrption status is changed. 1220** 1221** Returns void 1222** 1223*******************************************************************************/ 1224void btm_ble_link_encrypted(BD_ADDR bd_addr, UINT8 encr_enable) 1225{ 1226 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 1227 BOOLEAN enc_cback; 1228 1229 if (!p_dev_rec) 1230 { 1231 BTM_TRACE_WARNING1 ("btm_ble_link_encrypted (No Device Found!) encr_enable=%d", encr_enable); 1232 return; 1233 } 1234 1235 BTM_TRACE_DEBUG1 ("btm_ble_link_encrypted encr_enable=%d", encr_enable); 1236 1237 enc_cback = (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING); 1238 1239 smp_link_encrypted(bd_addr, encr_enable); 1240 1241 BTM_TRACE_DEBUG1(" p_dev_rec->sec_flags=0x%x", p_dev_rec->sec_flags); 1242 1243 if (encr_enable && p_dev_rec->enc_key_size == 0) 1244 p_dev_rec->enc_key_size = p_dev_rec->ble.keys.key_size; 1245 1246 p_dev_rec->sec_state = BTM_SEC_STATE_IDLE; 1247 if (p_dev_rec->p_callback && enc_cback) 1248 { 1249 if (encr_enable) 1250 btm_sec_dev_rec_cback_event(p_dev_rec, BTM_SUCCESS); 1251 else if (p_dev_rec->role_master) 1252 btm_sec_dev_rec_cback_event(p_dev_rec, BTM_ERR_PROCESSING); 1253 1254 } 1255 /* to notify GATT to send data if any request is pending */ 1256 gatt_notify_enc_cmpl(p_dev_rec->bd_addr); 1257} 1258 1259/******************************************************************************* 1260** Function btm_enc_proc_ltk 1261** Description send LTK reply when it's ready. 1262*******************************************************************************/ 1263static void btm_enc_proc_ltk(tSMP_ENC *p) 1264{ 1265 UINT8 i; 1266 BTM_TRACE_DEBUG0 ("btm_enc_proc_ltk"); 1267 if (p && p->param_len == BT_OCTET16_LEN) 1268 { 1269 for (i = 0; i < (BT_OCTET16_LEN - btm_cb.key_size); i ++) 1270 p->param_buf[BT_OCTET16_LEN - i - 1] = 0; 1271 btsnd_hcic_ble_ltk_req_reply(btm_cb.enc_handle, p->param_buf); 1272 } 1273} 1274 1275/******************************************************************************* 1276** Function btm_enc_proc_slave_y 1277** Description calculate LTK when Y is ready 1278*******************************************************************************/ 1279static void btm_enc_proc_slave_y(tSMP_ENC *p) 1280{ 1281 UINT16 div, y; 1282 UINT8 *pp = p->param_buf; 1283 tBTM_CB *p_cb = &btm_cb; 1284 tSMP_ENC output; 1285 tBTM_SEC_DEV_REC *p_dev_rec; 1286 1287 BTM_TRACE_DEBUG0 ("btm_enc_proc_slave_y"); 1288 if (p != NULL) 1289 { 1290 STREAM_TO_UINT16(y, pp); 1291 1292 div = p_cb->ediv ^ y; 1293 p_dev_rec = btm_find_dev_by_handle (p_cb->enc_handle); 1294 1295 if ( p_dev_rec && 1296 p_dev_rec->ble.keys.div == div ) 1297 { 1298 BTM_TRACE_DEBUG0 ("LTK request OK"); 1299 /* calculating LTK , LTK = E er(div) */ 1300 SMP_Encrypt(p_cb->devcb.er, BT_OCTET16_LEN, (UINT8 *)&div, 2, &output); 1301 btm_enc_proc_ltk(&output); 1302 } 1303 else 1304 { 1305 BTM_TRACE_DEBUG0 ("LTK request failed - send negative reply"); 1306 btsnd_hcic_ble_ltk_req_neg_reply(p_cb->enc_handle); 1307 if (p_dev_rec) 1308 btm_ble_link_encrypted(p_dev_rec->bd_addr, 0); 1309 1310 } 1311 } 1312} 1313 1314/******************************************************************************* 1315** 1316** Function btm_ble_ltk_request_reply 1317** 1318** Description This function is called to send a LTK request reply on a slave 1319** device. 1320** 1321** Returns void 1322** 1323*******************************************************************************/ 1324void btm_ble_ltk_request_reply(BD_ADDR bda, BOOLEAN use_stk, BT_OCTET16 stk) 1325{ 1326 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bda); 1327 tBTM_CB *p_cb = &btm_cb; 1328 tSMP_ENC output; 1329 1330 if (p_rec == NULL) 1331 { 1332 BTM_TRACE_ERROR0("btm_ble_ltk_request_reply received for unknown device"); 1333 return; 1334 } 1335 1336 BTM_TRACE_DEBUG0 ("btm_ble_ltk_request_reply"); 1337 p_cb->enc_handle = p_rec->hci_handle; 1338 p_cb->key_size = p_rec->ble.keys.key_size; 1339 1340 BTM_TRACE_ERROR1("key size = %d", p_rec->ble.keys.key_size); 1341 if (use_stk) 1342 { 1343 btsnd_hcic_ble_ltk_req_reply(btm_cb.enc_handle, stk); 1344 } 1345 else /* calculate LTK using peer device */ 1346 { 1347 /* generate Y= Encrypt(DHK, Rand) received from encrypt request */ 1348 SMP_Encrypt(p_cb->devcb.id_keys.dhk, BT_OCTET16_LEN, p_cb->enc_rand, 1349 BT_OCTET8_LEN, &output); 1350 btm_enc_proc_slave_y(&output); 1351 } 1352} 1353 1354/******************************************************************************* 1355** 1356** Function btm_ble_io_capabilities_req 1357** 1358** Description This function is called to handle SMP get IO capability request. 1359** 1360** Returns void 1361** 1362*******************************************************************************/ 1363UINT8 btm_ble_io_capabilities_req(tBTM_SEC_DEV_REC *p_dev_rec, tBTM_LE_IO_REQ *p_data) 1364{ 1365 UINT8 callback_rc = BTM_SUCCESS; 1366 BTM_TRACE_DEBUG0 ("btm_ble_io_capabilities_req"); 1367 if (btm_cb.api.p_le_callback) 1368 { 1369 /* the callback function implementation may change the IO capability... */ 1370 callback_rc = (*btm_cb.api.p_le_callback) (BTM_LE_IO_REQ_EVT, p_dev_rec->bd_addr, (tBTM_LE_EVT_DATA *)p_data); 1371 } 1372#if BTM_OOB_INCLUDED == TRUE 1373 if ((callback_rc == BTM_SUCCESS) || (BTM_OOB_UNKNOWN != p_data->oob_data)) 1374#else 1375 if (callback_rc == BTM_SUCCESS) 1376#endif 1377 { 1378 p_data->auth_req &= BTM_LE_AUTH_REQ_MASK; 1379 1380 BTM_TRACE_DEBUG2 ("btm_ble_io_capabilities_req 1: p_dev_rec->security_required = %d auth_req:%d", 1381 p_dev_rec->security_required, p_data->auth_req); 1382 BTM_TRACE_DEBUG2 ("btm_ble_io_capabilities_req 2: i_keys=0x%x r_keys=0x%x (bit 0-LTK 1-IRK 2-CSRK)", 1383 p_data->init_keys, 1384 p_data->resp_keys); 1385 1386 /* if authentication requires MITM protection, put on the mask */ 1387 if (p_dev_rec->security_required & BTM_SEC_IN_MITM) 1388 p_data->auth_req |= BTM_LE_AUTH_REQ_MITM; 1389 1390 if (!(p_data->auth_req & SMP_AUTH_BOND)) 1391 { 1392 BTM_TRACE_DEBUG0("Non bonding: No keys should be exchanged"); 1393 p_data->init_keys = 0; 1394 p_data->resp_keys = 0; 1395 } 1396 1397 BTM_TRACE_DEBUG1 ("btm_ble_io_capabilities_req 3: auth_req:%d", p_data->auth_req); 1398 BTM_TRACE_DEBUG2 ("btm_ble_io_capabilities_req 4: i_keys=0x%x r_keys=0x%x", 1399 p_data->init_keys, 1400 p_data->resp_keys); 1401 1402 BTM_TRACE_DEBUG2 ("btm_ble_io_capabilities_req 5: p_data->io_cap = %d auth_req:%d", 1403 p_data->io_cap, p_data->auth_req); 1404 1405 /* remove MITM protection requirement if IO cap does not allow it */ 1406 if ((p_data->io_cap == BTM_IO_CAP_NONE) && p_data->oob_data == SMP_OOB_NONE) 1407 p_data->auth_req &= ~BTM_LE_AUTH_REQ_MITM; 1408 1409 BTM_TRACE_DEBUG3 ("btm_ble_io_capabilities_req 6: IO_CAP:%d oob_data:%d auth_req:%d", 1410 p_data->io_cap, p_data->oob_data, p_data->auth_req); 1411 } 1412 return callback_rc; 1413} 1414 1415/******************************************************************************* 1416** 1417** Function btm_ble_connected 1418** 1419** Description This function is when a LE connection to the peer device is 1420** establsihed 1421** 1422** Returns void 1423** 1424*******************************************************************************/ 1425void btm_ble_connected (UINT8 *bda, UINT16 handle, UINT8 enc_mode, UINT8 role, 1426 tBLE_ADDR_TYPE addr_type, BOOLEAN addr_matched) 1427{ 1428 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bda); 1429 tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb; 1430 1431 BTM_TRACE_EVENT0 ("btm_ble_connected"); 1432 1433 /* Commenting out trace due to obf/compilation problems. 1434 */ 1435#if (BT_USE_TRACES == TRUE) 1436 if (p_dev_rec) 1437 { 1438 BTM_TRACE_EVENT4 ("Security Manager: btm_sec_connected : handle:%d enc_mode:%d bda:%x RName:%s", 1439 handle, enc_mode, 1440 (bda[2]<<24)+(bda[3]<<16)+(bda[4]<<8)+bda[5], 1441 p_dev_rec->sec_bd_name); 1442 1443 BTM_TRACE_DEBUG1 ("btm_ble_connected sec_flags=0x%x",p_dev_rec->sec_flags); 1444 } 1445 else 1446 { 1447 BTM_TRACE_EVENT3 ("Security Manager: btm_sec_connected: handle:%d enc_mode:%d bda:%x ", 1448 handle, enc_mode, 1449 (bda[2]<<24)+(bda[3]<<16)+(bda[4]<<8)+bda[5]); 1450 } 1451#endif 1452 1453 if (!p_dev_rec) 1454 { 1455 /* There is no device record for new connection. Allocate one */ 1456 p_dev_rec = btm_sec_alloc_dev (bda); 1457 } 1458 else /* Update the timestamp for this device */ 1459 { 1460 p_dev_rec->timestamp = btm_cb.dev_rec_count++; 1461 } 1462 1463 /* update device information */ 1464 p_dev_rec->device_type |= BT_DEVICE_TYPE_BLE; 1465 p_dev_rec->hci_handle = handle; 1466 p_dev_rec->ble.ble_addr_type = addr_type; 1467 1468 if (role == HCI_ROLE_MASTER) 1469 p_dev_rec->role_master = TRUE; 1470 1471 if (role == HCI_ROLE_SLAVE) 1472 p_cb->inq_var.adv_mode = BTM_BLE_ADV_DISABLE; 1473 p_cb->inq_var.directed_conn = FALSE; 1474 1475 return; 1476} 1477 1478/***************************************************************************** 1479** Function btm_ble_conn_complete 1480** 1481** Description LE connection complete. 1482** 1483******************************************************************************/ 1484void btm_ble_conn_complete(UINT8 *p, UINT16 evt_len) 1485{ 1486 UINT8 role, status, bda_type; 1487 UINT16 handle; 1488 BD_ADDR bda; 1489 UINT16 conn_interval, conn_latency, conn_timeout; 1490 BOOLEAN match = FALSE; 1491 1492 STREAM_TO_UINT8 (status, p); 1493 STREAM_TO_UINT16 (handle, p); 1494 STREAM_TO_UINT8 (role, p); 1495 STREAM_TO_UINT8 (bda_type, p); 1496 STREAM_TO_BDADDR (bda, p); 1497 1498 if (status == 0) 1499 { 1500 STREAM_TO_UINT16 (conn_interval, p); 1501 STREAM_TO_UINT16 (conn_latency, p); 1502 STREAM_TO_UINT16 (conn_timeout, p); 1503 handle = HCID_GET_HANDLE (handle); 1504 1505 btm_ble_connected(bda, handle, HCI_ENCRYPT_MODE_DISABLED, role, bda_type, match); 1506 l2cble_conn_comp (handle, role, bda, bda_type, conn_interval, 1507 conn_latency, conn_timeout); 1508 } 1509 else 1510 { 1511 role = HCI_ROLE_UNKNOWN; 1512 1513 if (status == HCI_ERR_DIRECTED_ADVERTISING_TIMEOUT) 1514 btm_ble_dir_adv_tout(); 1515 } 1516 btm_ble_update_mode_operation(role, bda, TRUE); 1517} 1518 1519/***************************************************************************** 1520** Function btm_proc_smp_cback 1521** 1522** Description This function is the SMP callback handler. 1523** 1524******************************************************************************/ 1525UINT8 btm_proc_smp_cback(tSMP_EVT event, BD_ADDR bd_addr, tSMP_EVT_DATA *p_data) 1526{ 1527 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 1528 UINT8 res = 0; 1529 1530 BTM_TRACE_DEBUG1 ("btm_proc_smp_cback event = %d", event); 1531 1532 if (p_dev_rec != NULL) 1533 { 1534 switch (event) 1535 { 1536 case SMP_IO_CAP_REQ_EVT: 1537 btm_ble_io_capabilities_req(p_dev_rec, (tBTM_LE_IO_REQ *)&p_data->io_req); 1538 break; 1539 1540 case SMP_PASSKEY_REQ_EVT: 1541 case SMP_PASSKEY_NOTIF_EVT: 1542 case SMP_OOB_REQ_EVT: 1543 p_dev_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED; 1544 case SMP_SEC_REQUEST_EVT: 1545 case SMP_COMPLT_EVT: 1546 if (btm_cb.api.p_le_callback) 1547 { 1548 /* the callback function implementation may change the IO capability... */ 1549 BTM_TRACE_DEBUG1 ("btm_cb.api.p_le_callback=0x%x", btm_cb.api.p_le_callback ); 1550 (*btm_cb.api.p_le_callback) (event, bd_addr, (tBTM_LE_EVT_DATA *)p_data); 1551 } 1552 1553 if (event == SMP_COMPLT_EVT) 1554 { 1555 BTM_TRACE_DEBUG2 ("evt=SMP_COMPLT_EVT before update sec_level=0x%x sec_flags=0x%x", p_data->cmplt.sec_level , p_dev_rec->sec_flags ); 1556 1557 res = (p_data->cmplt.reason == SMP_SUCCESS) ? BTM_SUCCESS : BTM_ERR_PROCESSING; 1558 1559 BTM_TRACE_DEBUG3 ("after update result=%d sec_level=0x%x sec_flags=0x%x", 1560 res, p_data->cmplt.sec_level , p_dev_rec->sec_flags ); 1561 1562 btm_sec_dev_rec_cback_event(p_dev_rec, res); 1563 1564 if (p_data->cmplt.is_pair_cancel && btm_cb.api.p_bond_cancel_cmpl_callback ) 1565 { 1566 BTM_TRACE_DEBUG0 ("Pairing Cancel completed"); 1567 (*btm_cb.api.p_bond_cancel_cmpl_callback)(BTM_SUCCESS); 1568 } 1569#if BTM_BLE_CONFORMANCE_TESTING == TRUE 1570 if (res != BTM_SUCCESS) 1571 { 1572 if (!btm_cb.devcb.no_disc_if_pair_fail) 1573 { 1574 BTM_TRACE_DEBUG0 ("Pairing failed - Remove ACL"); 1575 btm_remove_acl(bd_addr); 1576 } 1577 else 1578 { 1579 BTM_TRACE_DEBUG0 ("Pairing failed - Not Removing ACL"); 1580 p_dev_rec->sec_state = BTM_SEC_STATE_IDLE; 1581 } 1582 } 1583#else 1584 if (res != BTM_SUCCESS) 1585 btm_remove_acl(bd_addr); 1586#endif 1587 1588 BTM_TRACE_DEBUG3 ("btm_cb pairing_state=%x pairing_flags=%x pin_code_len=%x", 1589 btm_cb.pairing_state, 1590 btm_cb.pairing_flags, 1591 btm_cb.pin_code_len ); 1592 BTM_TRACE_DEBUG6 ("btm_cb.pairing_bda %02x:%02x:%02x:%02x:%02x:%02x", 1593 btm_cb.pairing_bda[0], btm_cb.pairing_bda[1], btm_cb.pairing_bda[2], 1594 btm_cb.pairing_bda[3], btm_cb.pairing_bda[4], btm_cb.pairing_bda[5]); 1595 1596 memset (btm_cb.pairing_bda, 0xff, BD_ADDR_LEN); 1597 btm_cb.pairing_flags = 0; 1598 } 1599 break; 1600 1601 default: 1602 BTM_TRACE_DEBUG1 ("unknown event = %d", event); 1603 break; 1604 1605 1606 } 1607 } 1608 else 1609 { 1610 BTM_TRACE_ERROR0("btm_proc_smp_cback received for unknown device"); 1611 } 1612 1613 return 0; 1614} 1615 1616 #endif /* SMP_INCLUDED */ 1617#endif /* BLE_INCLUDED */ 1618 1619 1620/******************************************************************************* 1621** 1622** Function BTM_BleDataSignature 1623** 1624** Description This function is called to sign the data using AES128 CMAC 1625** algorith. 1626** 1627** Parameter bd_addr: target device the data to be signed for. 1628** p_text: singing data 1629** len: length of the data to be signed. 1630** signature: output parameter where data signature is going to 1631** be stored. 1632** 1633** Returns TRUE if signing sucessul, otherwise FALSE. 1634** 1635*******************************************************************************/ 1636BOOLEAN BTM_BleDataSignature (BD_ADDR bd_addr, UINT8 *p_text, UINT16 len, 1637 BLE_SIGNATURE signature) 1638{ 1639 BOOLEAN ret = FALSE; 1640#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) 1641 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr); 1642 UINT8 *p_buf, *pp; 1643 1644 BT_OCTET16 er; 1645 UINT16 div; 1646 UINT8 temp[4]; /* for (r || DIV) r=1*/ 1647 UINT16 r=1; 1648 UINT8 *p=temp, *p_mac = (UINT8 *)signature; 1649 tSMP_ENC output; 1650 BT_OCTET16 local_csrk; 1651 1652 BTM_TRACE_DEBUG0 ("BTM_BleDataSignature"); 1653 if (p_rec == NULL) 1654 { 1655 BTM_TRACE_ERROR0("data signing can not be done from unknow device"); 1656 } 1657 else 1658 { 1659 if ((p_buf = (UINT8 *)GKI_getbuf((UINT16)(len + 4))) != NULL) 1660 { 1661 BTM_TRACE_DEBUG0("Start to generate Local CSRK"); 1662 /* prepare plain text */ 1663 if (p_text) 1664 { 1665 memcpy(p_buf, p_text, len); 1666 pp = (p_buf + len); 1667 } 1668 1669#if BTM_BLE_CONFORMANCE_TESTING == TRUE 1670 if ( btm_cb.devcb.enable_test_local_sign_cntr) 1671 { 1672 BTM_TRACE_DEBUG1 ("Use Test local counter value from script counter_val=%d", btm_cb.devcb.test_local_sign_cntr); 1673 UINT32_TO_STREAM(pp, btm_cb.devcb.test_local_sign_cntr); 1674 } 1675 else 1676 { 1677 UINT32_TO_STREAM(pp, p_rec->ble.keys.local_counter); 1678 } 1679#else 1680 UINT32_TO_STREAM(pp, p_rec->ble.keys.local_counter); 1681#endif 1682 /* compute local csrk */ 1683 if (btm_get_local_div(bd_addr, &div)) 1684 { 1685 BTM_TRACE_DEBUG1 ("compute_csrk div=%x", div); 1686 BTM_GetDeviceEncRoot(er); 1687 1688 /* CSRK = d1(ER, DIV, 1) */ 1689 UINT16_TO_STREAM(p, div); 1690 UINT16_TO_STREAM(p, r); 1691 1692 if (!SMP_Encrypt(er, BT_OCTET16_LEN, temp, 4, &output)) 1693 { 1694 BTM_TRACE_ERROR0("Local CSRK generation failed "); 1695 } 1696 else 1697 { 1698 BTM_TRACE_DEBUG0("local CSRK generation success"); 1699 memcpy((void *)local_csrk, output.param_buf, BT_OCTET16_LEN); 1700 1701 1702#if BTM_BLE_CONFORMANCE_TESTING == TRUE 1703 if (btm_cb.devcb.enable_test_local_sign_cntr) 1704 { 1705 UINT32_TO_STREAM(p_mac, btm_cb.devcb.test_local_sign_cntr); 1706 } 1707 else 1708 { 1709 UINT32_TO_STREAM(p_mac, p_rec->ble.keys.local_counter); 1710 } 1711#else 1712 UINT32_TO_STREAM(p_mac, p_rec->ble.keys.local_counter); 1713#endif 1714 1715 if ((ret = AES_CMAC(local_csrk, p_buf, (UINT16)(len + 4), BTM_CMAC_TLEN_SIZE, p_mac)) == TRUE) 1716 { 1717 btm_ble_increment_sign_ctr(bd_addr, TRUE); 1718 1719#if BTM_BLE_CONFORMANCE_TESTING == TRUE 1720 if ( btm_cb.devcb.enable_test_mac_val) 1721 { 1722 BTM_TRACE_DEBUG0 ("Use MAC value from script"); 1723 memcpy(p_mac, btm_cb.devcb.test_mac, BTM_CMAC_TLEN_SIZE); 1724 } 1725#endif 1726 } 1727 BTM_TRACE_DEBUG1("BTM_BleDataSignature p_mac = %d", p_mac); 1728 BTM_TRACE_DEBUG4("p_mac[0] = 0x%02x p_mac[1] = 0x%02x p_mac[2] = 0x%02x p_mac[3] = 0x%02x", 1729 *p_mac, *(p_mac + 1), *(p_mac + 2), *(p_mac + 3)); 1730 BTM_TRACE_DEBUG4("p_mac[4] = 0x%02x p_mac[5] = 0x%02x p_mac[6] = 0x%02x p_mac[7] = 0x%02x", 1731 *(p_mac + 4), *(p_mac + 5), *(p_mac + 6), *(p_mac + 7)); 1732 1733 GKI_freebuf(p_buf); 1734 } 1735 } 1736 } 1737 } 1738#endif /* BLE_INCLUDED */ 1739 return ret; 1740} 1741 1742/******************************************************************************* 1743** 1744** Function BTM_BleVerifySignature 1745** 1746** Description This function is called to verify the data signature 1747** 1748** Parameter bd_addr: target device the data to be signed for. 1749** p_orig: original data before signature. 1750** len: length of the signing data 1751** counter: counter used when doing data signing 1752** p_comp: signature to be compared against. 1753 1754** Returns TRUE if signature verified correctly; otherwise FALSE. 1755** 1756*******************************************************************************/ 1757BOOLEAN BTM_BleVerifySignature (BD_ADDR bd_addr, UINT8 *p_orig, UINT16 len, UINT32 counter, 1758 UINT8 *p_comp) 1759{ 1760 BOOLEAN verified = FALSE; 1761#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) 1762 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr); 1763 UINT8 p_mac[BTM_CMAC_TLEN_SIZE]; 1764 1765 if (p_rec == NULL || (p_rec && !(p_rec->ble.key_type & BTM_LE_KEY_PCSRK))) 1766 { 1767 BTM_TRACE_ERROR0("can not verify signature for unknown device"); 1768 } 1769 else if (counter < p_rec->ble.keys.counter) 1770 { 1771 BTM_TRACE_ERROR0("signature received with out dated sign counter"); 1772 } 1773 else if (p_orig == NULL) 1774 { 1775 BTM_TRACE_ERROR0("No signature to verify"); 1776 } 1777 else 1778 { 1779 BTM_TRACE_DEBUG2 ("BTM_BleVerifySignature rcv_cnt=%d >= expected_cnt=%d", counter, p_rec->ble.keys.counter); 1780 1781 if (AES_CMAC(p_rec->ble.keys.csrk, p_orig, len, BTM_CMAC_TLEN_SIZE, p_mac)) 1782 { 1783 if (memcmp(p_mac, p_comp, BTM_CMAC_TLEN_SIZE) == 0) 1784 { 1785 btm_ble_increment_sign_ctr(bd_addr, FALSE); 1786 verified = TRUE; 1787 } 1788 } 1789 } 1790#endif /* BLE_INCLUDED */ 1791 return verified; 1792} 1793 1794#if BLE_INCLUDED == TRUE 1795/******************************************************************************* 1796** Utility functions for LE device IR/ER generation 1797*******************************************************************************/ 1798/******************************************************************************* 1799** 1800** Function btm_notify_new_key 1801** 1802** Description This function is to notify application new keys have been 1803** generated. 1804** 1805** Returns void 1806** 1807*******************************************************************************/ 1808static void btm_notify_new_key(UINT8 key_type) 1809{ 1810 tBTM_BLE_LOCAL_KEYS *p_locak_keys = NULL; 1811 1812 BTM_TRACE_DEBUG1 ("btm_notify_new_key key_type=%d", key_type); 1813 1814 if (btm_cb.api.p_le_key_callback) 1815 { 1816 switch (key_type) 1817 { 1818 case BTM_BLE_KEY_TYPE_ID: 1819 BTM_TRACE_DEBUG0 ("BTM_BLE_KEY_TYPE_ID"); 1820 p_locak_keys = (tBTM_BLE_LOCAL_KEYS *)&btm_cb.devcb.id_keys; 1821 break; 1822 1823 case BTM_BLE_KEY_TYPE_ER: 1824 BTM_TRACE_DEBUG0 ("BTM_BLE_KEY_TYPE_ER"); 1825 p_locak_keys = (tBTM_BLE_LOCAL_KEYS *)&btm_cb.devcb.er; 1826 break; 1827 1828 default: 1829 BTM_TRACE_ERROR1("unknown key type: %d", key_type); 1830 break; 1831 } 1832 if (p_locak_keys != NULL) 1833 (*btm_cb.api.p_le_key_callback) (key_type, p_locak_keys); 1834 } 1835} 1836 1837/******************************************************************************* 1838** 1839** Function btm_ble_process_er2 1840** 1841** Description This function is called when ER is generated, store it in 1842** local control block. 1843** 1844** Returns void 1845** 1846*******************************************************************************/ 1847static void btm_ble_process_er2(tBTM_RAND_ENC *p) 1848{ 1849 BTM_TRACE_DEBUG0 ("btm_ble_process_er2"); 1850 1851 if (p &&p->opcode == HCI_BLE_RAND) 1852 { 1853 memcpy(&btm_cb.devcb.er[8], p->param_buf, BT_OCTET8_LEN); 1854 btm_notify_new_key(BTM_BLE_KEY_TYPE_ER); 1855 } 1856 else 1857 { 1858 BTM_TRACE_ERROR0("Generating ER2 exception."); 1859 memset(&btm_cb.devcb.er, 0, sizeof(BT_OCTET16)); 1860 } 1861} 1862 1863/******************************************************************************* 1864** 1865** Function btm_ble_process_er 1866** 1867** Description This function is called when ER is generated, store it in 1868** local control block. 1869** 1870** Returns void 1871** 1872*******************************************************************************/ 1873static void btm_ble_process_er(tBTM_RAND_ENC *p) 1874{ 1875 BTM_TRACE_DEBUG0 ("btm_ble_process_er"); 1876 1877 if (p &&p->opcode == HCI_BLE_RAND) 1878 { 1879 memcpy(&btm_cb.devcb.er[0], p->param_buf, BT_OCTET8_LEN); 1880 1881 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_er2)) 1882 { 1883 memset(&btm_cb.devcb.er, 0, sizeof(BT_OCTET16)); 1884 BTM_TRACE_ERROR0("Generating ER2 failed."); 1885 } 1886 } 1887 else 1888 { 1889 BTM_TRACE_ERROR0("Generating ER1 exception."); 1890 } 1891} 1892 1893/******************************************************************************* 1894** 1895** Function btm_ble_process_irk 1896** 1897** Description This function is called when IRK is generated, store it in 1898** local control block. 1899** 1900** Returns void 1901** 1902*******************************************************************************/ 1903static void btm_ble_process_irk(tSMP_ENC *p) 1904{ 1905 BTM_TRACE_DEBUG0 ("btm_ble_process_irk"); 1906 if (p &&p->opcode == HCI_BLE_ENCRYPT) 1907 { 1908 memcpy(btm_cb.devcb.id_keys.irk, p->param_buf, BT_OCTET16_LEN); 1909 btm_notify_new_key(BTM_BLE_KEY_TYPE_ID); 1910 } 1911 else 1912 { 1913 BTM_TRACE_ERROR0("Generating IRK exception."); 1914 } 1915 1916 /* proceed generate ER */ 1917 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_er)) 1918 { 1919 BTM_TRACE_ERROR0("Generating ER failed."); 1920 } 1921} 1922 1923/******************************************************************************* 1924** 1925** Function btm_ble_process_dhk 1926** 1927** Description This function is called when DHK is calculated, store it in 1928** local control block, and proceed to generate ER, a 128-bits 1929** random number. 1930** 1931** Returns void 1932** 1933*******************************************************************************/ 1934static void btm_ble_process_dhk(tSMP_ENC *p) 1935{ 1936#if SMP_INCLUDED == TRUE 1937 UINT8 btm_ble_irk_pt = 0x01; 1938 tSMP_ENC output; 1939 1940 BTM_TRACE_DEBUG0 ("btm_ble_process_dhk"); 1941 1942 if (p && p->opcode == HCI_BLE_ENCRYPT) 1943 { 1944 memcpy(btm_cb.devcb.id_keys.dhk, p->param_buf, BT_OCTET16_LEN); 1945 BTM_TRACE_DEBUG0("BLE DHK generated."); 1946 1947 /* IRK = D1(IR, 1) */ 1948 if (!SMP_Encrypt(btm_cb.devcb.id_keys.ir, BT_OCTET16_LEN, &btm_ble_irk_pt, 1949 1, &output)) 1950 { 1951 /* reset all identity root related key */ 1952 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS)); 1953 } 1954 else 1955 { 1956 btm_ble_process_irk(&output); 1957 } 1958 } 1959 else 1960 { 1961 /* reset all identity root related key */ 1962 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS)); 1963 } 1964#endif 1965} 1966 1967/******************************************************************************* 1968** 1969** Function btm_ble_process_ir2 1970** 1971** Description This function is called when IR is generated, proceed to calculate 1972** DHK = Eir({0x03, 0, 0 ...}) 1973** 1974** 1975** Returns void 1976** 1977*******************************************************************************/ 1978static void btm_ble_process_ir2(tBTM_RAND_ENC *p) 1979{ 1980#if SMP_INCLUDED == TRUE 1981 UINT8 btm_ble_dhk_pt = 0x03; 1982 tSMP_ENC output; 1983 1984 BTM_TRACE_DEBUG0 ("btm_ble_process_ir2"); 1985 1986 if (p && p->opcode == HCI_BLE_RAND) 1987 { 1988 /* remembering in control block */ 1989 memcpy(&btm_cb.devcb.id_keys.ir[8], p->param_buf, BT_OCTET8_LEN); 1990 /* generate DHK= Eir({0x03, 0x00, 0x00 ...}) */ 1991 1992 1993 SMP_Encrypt(btm_cb.devcb.id_keys.ir, BT_OCTET16_LEN, &btm_ble_dhk_pt, 1994 1, &output); 1995 btm_ble_process_dhk(&output); 1996 1997 BTM_TRACE_DEBUG0("BLE IR generated."); 1998 } 1999 else 2000 { 2001 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS)); 2002 } 2003#endif 2004} 2005 2006/******************************************************************************* 2007** 2008** Function btm_ble_process_ir 2009** 2010** Description This function is called when IR is generated, proceed to calculate 2011** DHK = Eir({0x02, 0, 0 ...}) 2012** 2013** 2014** Returns void 2015** 2016*******************************************************************************/ 2017static void btm_ble_process_ir(tBTM_RAND_ENC *p) 2018{ 2019 BTM_TRACE_DEBUG0 ("btm_ble_process_ir"); 2020 2021 if (p && p->opcode == HCI_BLE_RAND) 2022 { 2023 /* remembering in control block */ 2024 memcpy(btm_cb.devcb.id_keys.ir, p->param_buf, BT_OCTET8_LEN); 2025 2026 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_ir2)) 2027 { 2028 BTM_TRACE_ERROR0("Generating IR2 failed."); 2029 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS)); 2030 } 2031 } 2032} 2033 2034/******************************************************************************* 2035** 2036** Function btm_ble_reset_id 2037** 2038** Description This function is called to reset LE device identity. 2039** 2040** Returns void 2041** 2042*******************************************************************************/ 2043void btm_ble_reset_id( void ) 2044{ 2045 BTM_TRACE_DEBUG0 ("btm_ble_reset_id"); 2046 2047 /* regenrate Identity Root*/ 2048 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_ir)) 2049 { 2050 BTM_TRACE_DEBUG0("Generating IR failed."); 2051 } 2052} 2053 2054 #if BTM_BLE_CONFORMANCE_TESTING == TRUE 2055/******************************************************************************* 2056** 2057** Function btm_ble_set_no_disc_if_pair_fail 2058** 2059** Description This function indicates that whether no disconnect of the ACL 2060** should be used if pairing failed 2061** 2062** Returns void 2063** 2064*******************************************************************************/ 2065void btm_ble_set_no_disc_if_pair_fail(BOOLEAN disable_disc ) 2066{ 2067 BTM_TRACE_DEBUG1 ("btm_ble_set_disc_enable_if_pair_fail disable_disc=%d", disable_disc); 2068 btm_cb.devcb.no_disc_if_pair_fail = disable_disc; 2069} 2070 2071/******************************************************************************* 2072** 2073** Function btm_ble_set_test_mac_value 2074** 2075** Description This function set test MAC value 2076** 2077** Returns void 2078** 2079*******************************************************************************/ 2080void btm_ble_set_test_mac_value(BOOLEAN enable, UINT8 *p_test_mac_val ) 2081{ 2082 BTM_TRACE_DEBUG1 ("btm_ble_set_test_mac_value enable=%d", enable); 2083 btm_cb.devcb.enable_test_mac_val = enable; 2084 memcpy(btm_cb.devcb.test_mac, p_test_mac_val, BT_OCTET8_LEN); 2085} 2086 2087/******************************************************************************* 2088** 2089** Function btm_ble_set_test_local_sign_cntr_value 2090** 2091** Description This function set test local sign counter value 2092** 2093** Returns void 2094** 2095*******************************************************************************/ 2096void btm_ble_set_test_local_sign_cntr_value(BOOLEAN enable, UINT32 test_local_sign_cntr ) 2097{ 2098 BTM_TRACE_DEBUG2 ("btm_ble_set_test_local_sign_cntr_value enable=%d local_sign_cntr=%d", 2099 enable, test_local_sign_cntr); 2100 btm_cb.devcb.enable_test_local_sign_cntr = enable; 2101 btm_cb.devcb.test_local_sign_cntr = test_local_sign_cntr; 2102} 2103 2104/******************************************************************************* 2105** 2106** Function btm_set_random_address 2107** 2108** Description This function set a random address to local controller. 2109** 2110** Returns void 2111** 2112*******************************************************************************/ 2113void btm_set_random_address(BD_ADDR random_bda) 2114{ 2115 tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb; 2116 BOOLEAN adv_mode = btm_cb.ble_ctr_cb.inq_var.adv_mode ; 2117 2118 BTM_TRACE_DEBUG0 ("btm_set_random_address"); 2119 2120 if (adv_mode == BTM_BLE_ADV_ENABLE) 2121 btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_DISABLE); 2122 2123 memcpy(p_cb->private_addr, random_bda, BD_ADDR_LEN); 2124 btsnd_hcic_ble_set_random_addr(p_cb->private_addr); 2125 2126 if (adv_mode == BTM_BLE_ADV_ENABLE) 2127 btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_ENABLE); 2128 2129 2130} 2131#endif /* BTM_BLE_CONFORMANCE_TESTING */ 2132 2133 2134#endif /* BLE_INCLUDED */ 2135