btm_ble.cc revision d7ffd64accbd50a27289a388856e56244ccbb5da
1/****************************************************************************** 2 * 3 * Copyright (C) 1999-2012 Broadcom Corporation 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19/****************************************************************************** 20 * 21 * This file contains functions for BLE device control utilities, and LE 22 * security functions. 23 * 24 ******************************************************************************/ 25 26#define LOG_TAG "bt_btm_ble" 27 28#include "bt_target.h" 29 30#if (BLE_INCLUDED == TRUE) 31 32#include <string.h> 33 34#include "bt_types.h" 35#include "bt_utils.h" 36#include "btm_ble_api.h" 37#include "btm_int.h" 38#include "btu.h" 39#include "device/include/controller.h" 40#include "gap_api.h" 41#include "gatt_api.h" 42#include "hcimsgs.h" 43#include "l2c_int.h" 44#include "osi/include/log.h" 45#include "osi/include/osi.h" 46#include "smp_api.h" 47 48#if (SMP_INCLUDED == TRUE) 49extern bool aes_cipher_msg_auth_code(BT_OCTET16 key, uint8_t *input, uint16_t length, 50 uint16_t tlen, uint8_t *p_signature); 51#endif 52 53/*******************************************************************************/ 54/* External Function to be called by other modules */ 55/*******************************************************************************/ 56/******************************************************** 57** 58** Function BTM_SecAddBleDevice 59** 60** Description Add/modify device. This function will be normally called 61** during host startup to restore all required information 62** for a LE device stored in the NVRAM. 63** 64** Parameters: bd_addr - BD address of the peer 65** bd_name - Name of the peer device. NULL if unknown. 66** dev_type - Remote device's device type. 67** addr_type - LE device address type. 68** 69** Returns true if added OK, else false 70** 71*******************************************************************************/ 72bool BTM_SecAddBleDevice (BD_ADDR bd_addr, BD_NAME bd_name, tBT_DEVICE_TYPE dev_type, 73 tBLE_ADDR_TYPE addr_type) 74{ 75 BTM_TRACE_DEBUG ("%s: dev_type=0x%x", __func__, dev_type); 76 77 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bd_addr); 78 if (!p_dev_rec) 79 { 80 p_dev_rec = btm_sec_allocate_dev_rec(); 81 82 memcpy(p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN); 83 p_dev_rec->hci_handle = BTM_GetHCIConnHandle(bd_addr, BT_TRANSPORT_BR_EDR); 84 p_dev_rec->ble_hci_handle = BTM_GetHCIConnHandle(bd_addr, BT_TRANSPORT_LE); 85 86 /* update conn params, use default value for background connection params */ 87 p_dev_rec->conn_params.min_conn_int = BTM_BLE_CONN_PARAM_UNDEF; 88 p_dev_rec->conn_params.max_conn_int = BTM_BLE_CONN_PARAM_UNDEF; 89 p_dev_rec->conn_params.supervision_tout = BTM_BLE_CONN_PARAM_UNDEF; 90 p_dev_rec->conn_params.slave_latency = BTM_BLE_CONN_PARAM_UNDEF; 91 92 BTM_TRACE_DEBUG("%s: Device added, handle=0x%x ", __func__, p_dev_rec->ble_hci_handle); 93 } 94 95 memset(p_dev_rec->sec_bd_name, 0, sizeof(tBTM_BD_NAME)); 96 97 if (bd_name && bd_name[0]) 98 { 99 p_dev_rec->sec_flags |= BTM_SEC_NAME_KNOWN; 100 strlcpy((char *)p_dev_rec->sec_bd_name, 101 (char *)bd_name, BTM_MAX_REM_BD_NAME_LEN); 102 } 103 p_dev_rec->device_type |= dev_type; 104 p_dev_rec->ble.ble_addr_type = addr_type; 105 106 memcpy(p_dev_rec->ble.pseudo_addr, bd_addr, BD_ADDR_LEN); 107 /* sync up with the Inq Data base*/ 108 tBTM_INQ_INFO *p_info = BTM_InqDbRead(bd_addr); 109 if (p_info) 110 { 111 p_info->results.ble_addr_type = p_dev_rec->ble.ble_addr_type ; 112 p_info->results.device_type = p_dev_rec->device_type; 113 BTM_TRACE_DEBUG("InqDb device_type =0x%x addr_type=0x%x", 114 p_info->results.device_type, p_info->results.ble_addr_type); 115 } 116 117 return true; 118} 119 120/******************************************************************************* 121** 122** Function BTM_SecAddBleKey 123** 124** Description Add/modify LE device information. This function will be 125** normally called during host startup to restore all required 126** information stored in the NVRAM. 127** 128** Parameters: bd_addr - BD address of the peer 129** p_le_key - LE key values. 130** key_type - LE SMP key type. 131* 132** Returns true if added OK, else false 133** 134*******************************************************************************/ 135bool BTM_SecAddBleKey (BD_ADDR bd_addr, tBTM_LE_KEY_VALUE *p_le_key, tBTM_LE_KEY_TYPE key_type) 136{ 137#if (SMP_INCLUDED == TRUE) 138 tBTM_SEC_DEV_REC *p_dev_rec; 139 BTM_TRACE_DEBUG ("BTM_SecAddBleKey"); 140 p_dev_rec = btm_find_dev (bd_addr); 141 if (!p_dev_rec || !p_le_key || 142 (key_type != BTM_LE_KEY_PENC && key_type != BTM_LE_KEY_PID && 143 key_type != BTM_LE_KEY_PCSRK && key_type != BTM_LE_KEY_LENC && 144 key_type != BTM_LE_KEY_LCSRK && key_type != BTM_LE_KEY_LID)) 145 { 146 BTM_TRACE_WARNING ("BTM_SecAddBleKey() Wrong Type, or No Device record \ 147 for bdaddr: %08x%04x, Type: %d", 148 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3], 149 (bd_addr[4]<<8)+bd_addr[5], key_type); 150 return(false); 151 } 152 153 BTM_TRACE_DEBUG ("BTM_SecAddLeKey() BDA: %08x%04x, Type: 0x%02x", 154 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3], 155 (bd_addr[4]<<8)+bd_addr[5], key_type); 156 157 btm_sec_save_le_key (bd_addr, key_type, p_le_key, false); 158 159#if (BLE_PRIVACY_SPT == TRUE) 160 if (key_type == BTM_LE_KEY_PID || key_type == BTM_LE_KEY_LID) 161 btm_ble_resolving_list_load_dev (p_dev_rec); 162#endif 163 164#endif 165 166 return(true); 167} 168 169/******************************************************************************* 170** 171** Function BTM_BleLoadLocalKeys 172** 173** Description Local local identity key, encryption root or sign counter. 174** 175** Parameters: key_type: type of key, can be BTM_BLE_KEY_TYPE_ID, BTM_BLE_KEY_TYPE_ER 176** or BTM_BLE_KEY_TYPE_COUNTER. 177** p_key: pointer to the key. 178* 179** Returns non2. 180** 181*******************************************************************************/ 182void BTM_BleLoadLocalKeys(uint8_t key_type, tBTM_BLE_LOCAL_KEYS *p_key) 183{ 184 tBTM_DEVCB *p_devcb = &btm_cb.devcb; 185 BTM_TRACE_DEBUG ("%s", __func__); 186 if (p_key != NULL) 187 { 188 switch (key_type) 189 { 190 case BTM_BLE_KEY_TYPE_ID: 191 memcpy(&p_devcb->id_keys, &p_key->id_keys, sizeof(tBTM_BLE_LOCAL_ID_KEYS)); 192 break; 193 194 case BTM_BLE_KEY_TYPE_ER: 195 memcpy(p_devcb->ble_encryption_key_value, p_key->er, sizeof(BT_OCTET16)); 196 break; 197 198 default: 199 BTM_TRACE_ERROR("unknow local key type: %d", key_type); 200 break; 201 } 202 } 203} 204 205/******************************************************************************* 206** 207** Function BTM_GetDeviceEncRoot 208** 209** Description This function is called to read the local device encryption 210** root. 211** 212** Returns void 213** the local device ER is copied into ble_encr_key_value 214** 215*******************************************************************************/ 216void BTM_GetDeviceEncRoot (BT_OCTET16 ble_encr_key_value) 217{ 218 BTM_TRACE_DEBUG ("%s", __func__); 219 memcpy (ble_encr_key_value, btm_cb.devcb.ble_encryption_key_value, BT_OCTET16_LEN); 220} 221 222/******************************************************************************* 223** 224** Function BTM_GetDeviceIDRoot 225** 226** Description This function is called to read the local device identity 227** root. 228** 229** Returns void 230** the local device IR is copied into irk 231** 232*******************************************************************************/ 233void BTM_GetDeviceIDRoot (BT_OCTET16 irk) 234{ 235 BTM_TRACE_DEBUG ("BTM_GetDeviceIDRoot "); 236 237 memcpy (irk, btm_cb.devcb.id_keys.irk, BT_OCTET16_LEN); 238} 239 240/******************************************************************************* 241** 242** Function BTM_GetDeviceDHK 243** 244** Description This function is called to read the local device DHK. 245** 246** Returns void 247** the local device DHK is copied into dhk 248** 249*******************************************************************************/ 250void BTM_GetDeviceDHK (BT_OCTET16 dhk) 251{ 252 BTM_TRACE_DEBUG ("BTM_GetDeviceDHK"); 253 memcpy (dhk, btm_cb.devcb.id_keys.dhk, BT_OCTET16_LEN); 254} 255 256/******************************************************************************* 257** 258** Function BTM_ReadConnectionAddr 259** 260** Description This function is called to get the local device address information 261** . 262** 263** Returns void 264** 265*******************************************************************************/ 266void BTM_ReadConnectionAddr (BD_ADDR remote_bda, BD_ADDR local_conn_addr, tBLE_ADDR_TYPE *p_addr_type) 267{ 268 tACL_CONN *p_acl = btm_bda_to_acl(remote_bda, BT_TRANSPORT_LE); 269 270 if (p_acl == NULL) 271 { 272 BTM_TRACE_ERROR("No connection exist!"); 273 return; 274 } 275 memcpy(local_conn_addr, p_acl->conn_addr, BD_ADDR_LEN); 276 * p_addr_type = p_acl->conn_addr_type; 277 278 BTM_TRACE_DEBUG ("BTM_ReadConnectionAddr address type: %d addr: 0x%02x", 279 p_acl->conn_addr_type, p_acl->conn_addr[0]); 280} 281 282/******************************************************************************* 283** 284** Function BTM_IsBleConnection 285** 286** Description This function is called to check if the connection handle 287** for an LE link 288** 289** Returns true if connection is LE link, otherwise false. 290** 291*******************************************************************************/ 292bool BTM_IsBleConnection (uint16_t conn_handle) 293{ 294#if (BLE_INCLUDED == TRUE) 295 uint8_t xx; 296 tACL_CONN *p; 297 298 BTM_TRACE_API ("BTM_IsBleConnection: conn_handle: %d", conn_handle); 299 300 xx = btm_handle_to_acl_index (conn_handle); 301 if (xx >= MAX_L2CAP_LINKS) 302 return false; 303 304 p = &btm_cb.acl_db[xx]; 305 306 return (p->transport == BT_TRANSPORT_LE); 307#else 308 return false; 309#endif 310} 311 312/******************************************************************************* 313** 314** Function BTM_ReadRemoteConnectionAddr 315** 316** Description This function is read the remote device address currently used 317** 318** Parameters pseudo_addr: pseudo random address available 319** conn_addr:connection address used 320** p_addr_type : BD Address type, Public or Random of the address used 321** 322** Returns bool , true if connection to remote device exists, else false 323** 324*******************************************************************************/ 325bool BTM_ReadRemoteConnectionAddr(BD_ADDR pseudo_addr, BD_ADDR conn_addr, 326 tBLE_ADDR_TYPE *p_addr_type) 327{ 328 bool st = true; 329#if (BLE_PRIVACY_SPT == TRUE) 330 tACL_CONN *p = btm_bda_to_acl (pseudo_addr, BT_TRANSPORT_LE); 331 332 if (p == NULL) 333 { 334 BTM_TRACE_ERROR("BTM_ReadRemoteConnectionAddr can not find connection" 335 " with matching address"); 336 return false; 337 } 338 339 memcpy(conn_addr, p->active_remote_addr, BD_ADDR_LEN); 340 *p_addr_type = p->active_remote_addr_type; 341#else 342 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(pseudo_addr); 343 344 memcpy(conn_addr, pseudo_addr, BD_ADDR_LEN); 345 if (p_dev_rec != NULL) 346 { 347 *p_addr_type = p_dev_rec->ble.ble_addr_type; 348 } 349#endif 350 return st; 351 352} 353/******************************************************************************* 354** 355** Function BTM_SecurityGrant 356** 357** Description This function is called to grant security process. 358** 359** Parameters bd_addr - peer device bd address. 360** res - result of the operation BTM_SUCCESS if success. 361** Otherwise, BTM_REPEATED_ATTEMPTS is too many attempts. 362** 363** Returns None 364** 365*******************************************************************************/ 366void BTM_SecurityGrant(BD_ADDR bd_addr, uint8_t res) 367{ 368#if (SMP_INCLUDED == TRUE) 369 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_REPEATED_ATTEMPTS; 370 BTM_TRACE_DEBUG ("BTM_SecurityGrant"); 371 SMP_SecurityGrant(bd_addr, res_smp); 372#endif 373} 374 375/******************************************************************************* 376** 377** Function BTM_BlePasskeyReply 378** 379** Description This function is called after Security Manager submitted 380** passkey request to the application. 381** 382** Parameters: bd_addr - Address of the device for which passkey was requested 383** res - result of the operation BTM_SUCCESS if success 384** key_len - length in bytes of the Passkey 385** p_passkey - pointer to array with the passkey 386** trusted_mask - bitwise OR of trusted services (array of uint32_t) 387** 388*******************************************************************************/ 389void BTM_BlePasskeyReply (BD_ADDR bd_addr, uint8_t res, uint32_t passkey) 390{ 391#if (SMP_INCLUDED == TRUE) 392 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 393 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_PASSKEY_ENTRY_FAIL; 394 395 if (p_dev_rec == NULL) 396 { 397 BTM_TRACE_ERROR("Passkey reply to Unknown device"); 398 return; 399 } 400 401 p_dev_rec->sec_flags |= BTM_SEC_LE_AUTHENTICATED; 402 BTM_TRACE_DEBUG ("BTM_BlePasskeyReply"); 403 SMP_PasskeyReply(bd_addr, res_smp, passkey); 404#endif 405} 406 407/******************************************************************************* 408** 409** Function BTM_BleConfirmReply 410** 411** Description This function is called after Security Manager submitted 412** numeric comparison request to the application. 413** 414** Parameters: bd_addr - Address of the device with which numeric 415** comparison was requested 416** res - comparison result BTM_SUCCESS if success 417** 418*******************************************************************************/ 419void BTM_BleConfirmReply (BD_ADDR bd_addr, uint8_t res) 420{ 421 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 422 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_PASSKEY_ENTRY_FAIL; 423 424 if (p_dev_rec == NULL) 425 { 426 BTM_TRACE_ERROR("Passkey reply to Unknown device"); 427 return; 428 } 429 430 p_dev_rec->sec_flags |= BTM_SEC_LE_AUTHENTICATED; 431 BTM_TRACE_DEBUG ("%s", __func__); 432 SMP_ConfirmReply(bd_addr, res_smp); 433} 434 435/******************************************************************************* 436** 437** Function BTM_BleOobDataReply 438** 439** Description This function is called to provide the OOB data for 440** SMP in response to BTM_LE_OOB_REQ_EVT 441** 442** Parameters: bd_addr - Address of the peer device 443** res - result of the operation SMP_SUCCESS if success 444** p_data - oob data, depending on transport and capabilities. 445** Might be "Simple Pairing Randomizer", or 446** "Security Manager TK Value". 447** 448*******************************************************************************/ 449void BTM_BleOobDataReply(BD_ADDR bd_addr, uint8_t res, uint8_t len, uint8_t *p_data) 450{ 451#if (SMP_INCLUDED == TRUE) 452 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_OOB_FAIL; 453 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 454 455 BTM_TRACE_DEBUG ("%s:", __func__); 456 457 if (p_dev_rec == NULL) { 458 BTM_TRACE_ERROR("%s: Unknown device", __func__); 459 return; 460 } 461 462 p_dev_rec->sec_flags |= BTM_SEC_LE_AUTHENTICATED; 463 SMP_OobDataReply(bd_addr, res_smp, len, p_data); 464#endif 465} 466 467/******************************************************************************* 468** 469** Function BTM_BleSecureConnectionOobDataReply 470** 471** Description This function is called to provide the OOB data for 472** SMP in response to BTM_LE_OOB_REQ_EVT when secure connection 473** data is available 474** 475** Parameters: bd_addr - Address of the peer device 476** p_c - pointer to Confirmation. 477** p_r - pointer to Randomizer 478** 479*******************************************************************************/ 480void BTM_BleSecureConnectionOobDataReply(BD_ADDR bd_addr, 481 uint8_t *p_c, uint8_t *p_r) 482{ 483#if SMP_INCLUDED == TRUE 484 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 485 486 BTM_TRACE_DEBUG ("%s:", __func__); 487 488 if (p_dev_rec == NULL) { 489 BTM_TRACE_ERROR("%s: Unknown device", __func__); 490 return; 491 } 492 493 p_dev_rec->sec_flags |= BTM_SEC_LE_AUTHENTICATED; 494 495 tSMP_SC_OOB_DATA oob; 496 memset(&oob, 0, sizeof(tSMP_SC_OOB_DATA)); 497 498 oob.peer_oob_data.present = true; 499 memcpy(&oob.peer_oob_data.randomizer, p_r, BT_OCTET16_LEN); 500 memcpy(&oob.peer_oob_data.commitment, p_c, BT_OCTET16_LEN); 501 oob.peer_oob_data.addr_rcvd_from.type = p_dev_rec->ble.ble_addr_type; 502 memcpy(&oob.peer_oob_data.addr_rcvd_from.bda, bd_addr, sizeof(BD_ADDR)); 503 504 SMP_SecureConnectionOobDataReply((uint8_t*)&oob); 505#endif 506} 507 508/****************************************************************************** 509** 510** Function BTM_BleSetConnScanParams 511** 512** Description Set scan parameter used in BLE connection request 513** 514** Parameters: scan_interval: scan interval 515** scan_window: scan window 516** 517** Returns void 518** 519*******************************************************************************/ 520void BTM_BleSetConnScanParams (uint32_t scan_interval, uint32_t scan_window) 521{ 522#if (SMP_INCLUDED == TRUE) 523 tBTM_BLE_CB *p_ble_cb = &btm_cb.ble_ctr_cb; 524 bool new_param = false; 525 526 if (BTM_BLE_ISVALID_PARAM(scan_interval, BTM_BLE_SCAN_INT_MIN, BTM_BLE_SCAN_INT_MAX) && 527 BTM_BLE_ISVALID_PARAM(scan_window, BTM_BLE_SCAN_WIN_MIN, BTM_BLE_SCAN_WIN_MAX)) 528 { 529 if (p_ble_cb->scan_int != scan_interval) 530 { 531 p_ble_cb->scan_int = scan_interval; 532 new_param = true; 533 } 534 535 if (p_ble_cb->scan_win != scan_window) 536 { 537 p_ble_cb->scan_win = scan_window; 538 new_param = true; 539 } 540 541 if (new_param && p_ble_cb->conn_state == BLE_BG_CONN) 542 { 543 btm_ble_suspend_bg_conn(); 544 } 545 } 546 else 547 { 548 BTM_TRACE_ERROR("Illegal Connection Scan Parameters"); 549 } 550#endif 551} 552 553/******************************************************** 554** 555** Function BTM_BleSetPrefConnParams 556** 557** Description Set a peripheral's preferred connection parameters 558** 559** Parameters: bd_addr - BD address of the peripheral 560** scan_interval: scan interval 561** scan_window: scan window 562** min_conn_int - minimum preferred connection interval 563** max_conn_int - maximum preferred connection interval 564** slave_latency - preferred slave latency 565** supervision_tout - preferred supervision timeout 566** 567** Returns void 568** 569*******************************************************************************/ 570void BTM_BleSetPrefConnParams (BD_ADDR bd_addr, 571 uint16_t min_conn_int, uint16_t max_conn_int, 572 uint16_t slave_latency, uint16_t supervision_tout) 573{ 574 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 575 576 BTM_TRACE_API ("BTM_BleSetPrefConnParams min: %u max: %u latency: %u \ 577 tout: %u", 578 min_conn_int, max_conn_int, slave_latency, supervision_tout); 579 580 if (BTM_BLE_ISVALID_PARAM(min_conn_int, BTM_BLE_CONN_INT_MIN, BTM_BLE_CONN_INT_MAX) && 581 BTM_BLE_ISVALID_PARAM(max_conn_int, BTM_BLE_CONN_INT_MIN, BTM_BLE_CONN_INT_MAX) && 582 BTM_BLE_ISVALID_PARAM(supervision_tout, BTM_BLE_CONN_SUP_TOUT_MIN, BTM_BLE_CONN_SUP_TOUT_MAX) && 583 (slave_latency <= BTM_BLE_CONN_LATENCY_MAX || slave_latency == BTM_BLE_CONN_PARAM_UNDEF)) 584 { 585 if (p_dev_rec) 586 { 587 /* expect conn int and stout and slave latency to be updated all together */ 588 if (min_conn_int != BTM_BLE_CONN_PARAM_UNDEF || max_conn_int != BTM_BLE_CONN_PARAM_UNDEF) 589 { 590 if (min_conn_int != BTM_BLE_CONN_PARAM_UNDEF) 591 p_dev_rec->conn_params.min_conn_int = min_conn_int; 592 else 593 p_dev_rec->conn_params.min_conn_int = max_conn_int; 594 595 if (max_conn_int != BTM_BLE_CONN_PARAM_UNDEF) 596 p_dev_rec->conn_params.max_conn_int = max_conn_int; 597 else 598 p_dev_rec->conn_params.max_conn_int = min_conn_int; 599 600 if (slave_latency != BTM_BLE_CONN_PARAM_UNDEF) 601 p_dev_rec->conn_params.slave_latency = slave_latency; 602 else 603 p_dev_rec->conn_params.slave_latency = BTM_BLE_CONN_SLAVE_LATENCY_DEF; 604 605 if (supervision_tout != BTM_BLE_CONN_PARAM_UNDEF) 606 p_dev_rec->conn_params.supervision_tout = supervision_tout; 607 else 608 p_dev_rec->conn_params.supervision_tout = BTM_BLE_CONN_TIMEOUT_DEF; 609 610 } 611 612 } 613 else 614 { 615 BTM_TRACE_ERROR("Unknown Device, setting rejected"); 616 } 617 } 618 else 619 { 620 BTM_TRACE_ERROR("Illegal Connection Parameters"); 621 } 622} 623 624/******************************************************************************* 625** 626** Function BTM_ReadDevInfo 627** 628** Description This function is called to read the device/address type 629** of BD address. 630** 631** Parameter remote_bda: remote device address 632** p_dev_type: output parameter to read the device type. 633** p_addr_type: output parameter to read the address type. 634** 635*******************************************************************************/ 636void BTM_ReadDevInfo (const BD_ADDR remote_bda, tBT_DEVICE_TYPE *p_dev_type, tBLE_ADDR_TYPE *p_addr_type) 637{ 638 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (remote_bda); 639 tBTM_INQ_INFO *p_inq_info = BTM_InqDbRead(remote_bda); 640 641 *p_addr_type = BLE_ADDR_PUBLIC; 642 643 if (!p_dev_rec) 644 { 645 *p_dev_type = BT_DEVICE_TYPE_BREDR; 646 /* Check with the BT manager if details about remote device are known */ 647 if (p_inq_info != NULL) 648 { 649 *p_dev_type = p_inq_info->results.device_type ; 650 *p_addr_type = p_inq_info->results.ble_addr_type; 651 } else { 652 /* unknown device, assume BR/EDR */ 653 BTM_TRACE_DEBUG ("btm_find_dev_type - unknown device, BR/EDR assumed"); 654 } 655 } 656 else /* there is a security device record exisitng */ 657 { 658 /* new inquiry result, overwrite device type in security device record */ 659 if (p_inq_info) 660 { 661 p_dev_rec->device_type = p_inq_info->results.device_type; 662 p_dev_rec->ble.ble_addr_type = p_inq_info->results.ble_addr_type; 663 } 664 if (memcmp(p_dev_rec->bd_addr, remote_bda, BD_ADDR_LEN) == 0 && 665 memcmp(p_dev_rec->ble.pseudo_addr, remote_bda, BD_ADDR_LEN) == 0) 666 { 667 *p_dev_type = p_dev_rec->device_type; 668 *p_addr_type = p_dev_rec->ble.ble_addr_type; 669 } 670 else if (memcmp(p_dev_rec->ble.pseudo_addr, remote_bda, BD_ADDR_LEN) == 0) 671 { 672 *p_dev_type = BT_DEVICE_TYPE_BLE; 673 *p_addr_type = p_dev_rec->ble.ble_addr_type; 674 } 675 else /* matching static adddress only */ 676 { 677 *p_dev_type = BT_DEVICE_TYPE_BREDR; 678 *p_addr_type = BLE_ADDR_PUBLIC; 679 } 680 681 } 682 683 BTM_TRACE_DEBUG ("btm_find_dev_type - device_type = %d addr_type = %d", *p_dev_type , *p_addr_type); 684} 685 686/******************************************************************************* 687** 688** Function BTM_ReadConnectedTransportAddress 689** 690** Description This function is called to read the paired device/address type of other device paired 691** corresponding to the BD_address 692** 693** Parameter remote_bda: remote device address, carry out the transport address 694** transport: active transport 695** 696** Return true if an active link is identified; false otherwise 697** 698*******************************************************************************/ 699bool BTM_ReadConnectedTransportAddress(BD_ADDR remote_bda, tBT_TRANSPORT transport) 700{ 701 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(remote_bda); 702 703 /* if no device can be located, return */ 704 if (p_dev_rec == NULL) 705 return false; 706 707 if (transport == BT_TRANSPORT_BR_EDR) 708 { 709 if (btm_bda_to_acl(p_dev_rec->bd_addr, transport) != NULL) 710 { 711 memcpy(remote_bda, p_dev_rec->bd_addr, BD_ADDR_LEN); 712 return true; 713 } 714 else if (p_dev_rec->device_type & BT_DEVICE_TYPE_BREDR) 715 { 716 memcpy(remote_bda, p_dev_rec->bd_addr, BD_ADDR_LEN); 717 } 718 else 719 memset(remote_bda, 0, BD_ADDR_LEN); 720 return false; 721 } 722 723 if (transport == BT_TRANSPORT_LE) 724 { 725 memcpy(remote_bda, p_dev_rec->ble.pseudo_addr, BD_ADDR_LEN); 726 if (btm_bda_to_acl(p_dev_rec->ble.pseudo_addr, transport) != NULL) 727 return true; 728 else 729 return false; 730 } 731 732 return false; 733} 734 735/******************************************************************************* 736** 737** Function BTM_BleReceiverTest 738** 739** Description This function is called to start the LE Receiver test 740** 741** Parameter rx_freq - Frequency Range 742** p_cmd_cmpl_cback - Command Complete callback 743** 744*******************************************************************************/ 745void BTM_BleReceiverTest(uint8_t rx_freq, tBTM_CMPL_CB *p_cmd_cmpl_cback) 746{ 747 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback; 748 749 btsnd_hcic_ble_receiver_test(rx_freq); 750} 751 752/******************************************************************************* 753** 754** Function BTM_BleTransmitterTest 755** 756** Description This function is called to start the LE Transmitter test 757** 758** Parameter tx_freq - Frequency Range 759** test_data_len - Length in bytes of payload data in each packet 760** packet_payload - Pattern to use in the payload 761** p_cmd_cmpl_cback - Command Complete callback 762** 763*******************************************************************************/ 764void BTM_BleTransmitterTest(uint8_t tx_freq, uint8_t test_data_len, 765 uint8_t packet_payload, tBTM_CMPL_CB *p_cmd_cmpl_cback) 766{ 767 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback; 768 btsnd_hcic_ble_transmitter_test(tx_freq, test_data_len, packet_payload); 769} 770 771/******************************************************************************* 772** 773** Function BTM_BleTestEnd 774** 775** Description This function is called to stop the in-progress TX or RX test 776** 777** Parameter p_cmd_cmpl_cback - Command complete callback 778** 779*******************************************************************************/ 780void BTM_BleTestEnd(tBTM_CMPL_CB *p_cmd_cmpl_cback) 781{ 782 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback; 783 784 btsnd_hcic_ble_test_end(); 785} 786 787/******************************************************************************* 788** Internal Functions 789*******************************************************************************/ 790void btm_ble_test_command_complete(uint8_t *p) 791{ 792 tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_le_test_cmd_cmpl_cb; 793 794 btm_cb.devcb.p_le_test_cmd_cmpl_cb = NULL; 795 796 if (p_cb) 797 { 798 (*p_cb)(p); 799 } 800} 801 802/******************************************************************************* 803** 804** Function BTM_UseLeLink 805** 806** Description This function is to select the underneath physical link to use. 807** 808** Returns true to use LE, false use BR/EDR. 809** 810*******************************************************************************/ 811bool BTM_UseLeLink (BD_ADDR bd_addr) 812{ 813 tACL_CONN *p; 814 tBT_DEVICE_TYPE dev_type; 815 tBLE_ADDR_TYPE addr_type; 816 bool use_le = false; 817 818 if ((p = btm_bda_to_acl(bd_addr, BT_TRANSPORT_BR_EDR)) != NULL) 819 { 820 return use_le; 821 } 822 else if ((p = btm_bda_to_acl(bd_addr, BT_TRANSPORT_LE)) != NULL) 823 { 824 use_le = true; 825 } 826 else 827 { 828 BTM_ReadDevInfo(bd_addr, &dev_type, &addr_type); 829 use_le = (dev_type == BT_DEVICE_TYPE_BLE); 830 } 831 return use_le; 832} 833 834/******************************************************************************* 835** 836** Function BTM_SetBleDataLength 837** 838** Description This function is to set maximum BLE transmission packet size 839** 840** Returns BTM_SUCCESS if success; otherwise failed. 841** 842*******************************************************************************/ 843tBTM_STATUS BTM_SetBleDataLength(BD_ADDR bd_addr, uint16_t tx_pdu_length) 844{ 845 tACL_CONN *p_acl = btm_bda_to_acl(bd_addr, BT_TRANSPORT_LE); 846 BTM_TRACE_DEBUG("%s: tx_pdu_length =%d", __func__, tx_pdu_length); 847 848 if (!controller_get_interface()->supports_ble_packet_extension()) 849 { 850 BTM_TRACE_ERROR("%s failed, request not supported", __func__); 851 return BTM_ILLEGAL_VALUE; 852 } 853 854 if (!HCI_LE_DATA_LEN_EXT_SUPPORTED(p_acl->peer_le_features)) 855 { 856 BTM_TRACE_ERROR("%s failed, peer does not support request", __func__); 857 return BTM_ILLEGAL_VALUE; 858 } 859 860 if (p_acl != NULL) 861 { 862 if (tx_pdu_length > BTM_BLE_DATA_SIZE_MAX) 863 tx_pdu_length = BTM_BLE_DATA_SIZE_MAX; 864 else if (tx_pdu_length < BTM_BLE_DATA_SIZE_MIN) 865 tx_pdu_length = BTM_BLE_DATA_SIZE_MIN; 866 867 /* always set the TxTime to be max, as controller does not care for now */ 868 btsnd_hcic_ble_set_data_length(p_acl->hci_handle, tx_pdu_length, 869 BTM_BLE_DATA_TX_TIME_MAX); 870 871 return BTM_SUCCESS; 872 } 873 else 874 { 875 BTM_TRACE_ERROR("%s: Wrong mode: no LE link exist or LE not supported",__func__); 876 return BTM_WRONG_MODE; 877 } 878} 879 880/******************************************************************************* 881** 882** Function btm_ble_determine_security_act 883** 884** Description This function checks the security of current LE link 885** and returns the appropriate action that needs to be 886** taken to achieve the required security. 887** 888** Parameter is_originator - True if outgoing connection 889** bdaddr: remote device address 890** security_required: Security required for the service. 891** 892** Returns The appropriate security action required. 893** 894*******************************************************************************/ 895tBTM_SEC_ACTION btm_ble_determine_security_act(bool is_originator, BD_ADDR bdaddr, uint16_t security_required) 896{ 897 tBTM_LE_AUTH_REQ auth_req = 0x00; 898 899 if (is_originator) 900 { 901 if ((security_required & BTM_SEC_OUT_FLAGS) == 0 && 902 (security_required & BTM_SEC_OUT_MITM) == 0) 903 { 904 BTM_TRACE_DEBUG ("%s No security required for outgoing connection", __func__); 905 return BTM_SEC_OK; 906 } 907 908 if (security_required & BTM_SEC_OUT_MITM) 909 auth_req |= BTM_LE_AUTH_REQ_MITM; 910 } 911 else 912 { 913 if ((security_required & BTM_SEC_IN_FLAGS) == 0&& (security_required & BTM_SEC_IN_MITM) == 0) 914 { 915 BTM_TRACE_DEBUG ("%s No security required for incoming connection", __func__); 916 return BTM_SEC_OK; 917 } 918 919 if (security_required & BTM_SEC_IN_MITM) 920 auth_req |= BTM_LE_AUTH_REQ_MITM; 921 } 922 923 tBTM_BLE_SEC_REQ_ACT ble_sec_act; 924 btm_ble_link_sec_check(bdaddr, auth_req, &ble_sec_act); 925 926 BTM_TRACE_DEBUG ("%s ble_sec_act %d", __func__ , ble_sec_act); 927 928 if (ble_sec_act == BTM_BLE_SEC_REQ_ACT_DISCARD) 929 return BTM_SEC_ENC_PENDING; 930 931 if (ble_sec_act == BTM_BLE_SEC_REQ_ACT_NONE) 932 return BTM_SEC_OK; 933 934 uint8_t sec_flag = 0; 935 BTM_GetSecurityFlagsByTransport(bdaddr, &sec_flag, BT_TRANSPORT_LE); 936 937 bool is_link_encrypted = false; 938 bool is_key_mitm = false; 939 if (sec_flag & (BTM_SEC_FLAG_ENCRYPTED| BTM_SEC_FLAG_LKEY_KNOWN)) 940 { 941 if (sec_flag & BTM_SEC_FLAG_ENCRYPTED) 942 is_link_encrypted = true; 943 944 if (sec_flag & BTM_SEC_FLAG_LKEY_AUTHED) 945 is_key_mitm = true; 946 } 947 948 if (auth_req & BTM_LE_AUTH_REQ_MITM) 949 { 950 if (!is_key_mitm) 951 { 952 return BTM_SEC_ENCRYPT_MITM; 953 } else { 954 if (is_link_encrypted) 955 return BTM_SEC_OK; 956 else 957 return BTM_SEC_ENCRYPT; 958 } 959 } else { 960 if (is_link_encrypted) 961 return BTM_SEC_OK; 962 else 963 return BTM_SEC_ENCRYPT_NO_MITM; 964 } 965 966 return BTM_SEC_OK; 967} 968 969/******************************************************************************* 970** 971** Function btm_ble_start_sec_check 972** 973** Description This function is to check and set the security required for 974** LE link for LE COC. 975** 976** Parameter bdaddr: remote device address. 977** psm : PSM of the LE COC sevice. 978** is_originator: true if outgoing connection. 979** p_callback : Pointer to the callback function. 980** p_ref_data : Pointer to be returned along with the callback. 981** 982** Returns true if link already meets the required security; otherwise false. 983** 984*******************************************************************************/ 985bool btm_ble_start_sec_check(BD_ADDR bd_addr, uint16_t psm, bool is_originator, 986 tBTM_SEC_CALLBACK *p_callback, void *p_ref_data) 987{ 988 /* Find the service record for the PSM */ 989 tBTM_SEC_SERV_REC *p_serv_rec = btm_sec_find_first_serv (is_originator, psm); 990 991 /* If there is no application registered with this PSM do not allow connection */ 992 if (!p_serv_rec) 993 { 994 BTM_TRACE_WARNING ("%s PSM: %d no application registerd", __func__, psm); 995 (*p_callback) (bd_addr, BT_TRANSPORT_LE, p_ref_data, BTM_MODE_UNSUPPORTED); 996 return false; 997 } 998 999 tBTM_SEC_ACTION sec_act = btm_ble_determine_security_act(is_originator, 1000 bd_addr, p_serv_rec->security_flags); 1001 1002 tBTM_BLE_SEC_ACT ble_sec_act = BTM_BLE_SEC_NONE; 1003 bool status = false; 1004 1005 switch (sec_act) 1006 { 1007 case BTM_SEC_OK: 1008 BTM_TRACE_DEBUG ("%s Security met", __func__); 1009 p_callback(bd_addr, BT_TRANSPORT_LE, p_ref_data, BTM_SUCCESS); 1010 status = true; 1011 break; 1012 1013 case BTM_SEC_ENCRYPT: 1014 BTM_TRACE_DEBUG ("%s Encryption needs to be done", __func__); 1015 ble_sec_act = BTM_BLE_SEC_ENCRYPT; 1016 break; 1017 1018 case BTM_SEC_ENCRYPT_MITM: 1019 BTM_TRACE_DEBUG ("%s Pairing with MITM needs to be done", __func__); 1020 ble_sec_act = BTM_BLE_SEC_ENCRYPT_MITM; 1021 break; 1022 1023 case BTM_SEC_ENCRYPT_NO_MITM: 1024 BTM_TRACE_DEBUG ("%s Pairing with No MITM needs to be done", __func__); 1025 ble_sec_act = BTM_BLE_SEC_ENCRYPT_NO_MITM; 1026 break; 1027 1028 case BTM_SEC_ENC_PENDING: 1029 BTM_TRACE_DEBUG ("%s Ecryption pending", __func__); 1030 break; 1031 } 1032 1033 if (ble_sec_act == BTM_BLE_SEC_NONE) 1034 return status; 1035 1036 tL2C_LCB *p_lcb = l2cu_find_lcb_by_bd_addr(bd_addr, BT_TRANSPORT_LE); 1037 p_lcb->sec_act = sec_act; 1038 BTM_SetEncryption(bd_addr, BT_TRANSPORT_LE, p_callback, p_ref_data, ble_sec_act); 1039 1040 return false; 1041} 1042 1043/******************************************************************************* 1044** 1045** Function btm_ble_rand_enc_complete 1046** 1047** Description This function is the callback functions for HCI_Rand command 1048** and HCI_Encrypt command is completed. 1049** This message is received from the HCI. 1050** 1051** Returns void 1052** 1053*******************************************************************************/ 1054void btm_ble_rand_enc_complete (uint8_t *p, uint16_t op_code, tBTM_RAND_ENC_CB *p_enc_cplt_cback) 1055{ 1056 tBTM_RAND_ENC params; 1057 uint8_t *p_dest = params.param_buf; 1058 1059 BTM_TRACE_DEBUG ("btm_ble_rand_enc_complete"); 1060 1061 memset(¶ms, 0, sizeof(tBTM_RAND_ENC)); 1062 1063 /* If there was a callback address for vcs complete, call it */ 1064 if (p_enc_cplt_cback && p) 1065 { 1066 /* Pass paramters to the callback function */ 1067 STREAM_TO_UINT8(params.status, p); /* command status */ 1068 1069 if (params.status == HCI_SUCCESS) 1070 { 1071 params.opcode = op_code; 1072 1073 if (op_code == HCI_BLE_RAND) 1074 params.param_len = BT_OCTET8_LEN; 1075 else 1076 params.param_len = BT_OCTET16_LEN; 1077 1078 memcpy(p_dest, p, params.param_len); /* Fetch return info from HCI event message */ 1079 } 1080 if (p_enc_cplt_cback) 1081 (*p_enc_cplt_cback)(¶ms); /* Call the Encryption complete callback function */ 1082 } 1083} 1084 1085 #if (SMP_INCLUDED == true) 1086 1087/******************************************************************************* 1088** 1089** Function btm_ble_get_enc_key_type 1090** 1091** Description This function is to increment local sign counter 1092** Returns None 1093** 1094*******************************************************************************/ 1095void btm_ble_increment_sign_ctr(BD_ADDR bd_addr, bool is_local ) 1096{ 1097 tBTM_SEC_DEV_REC *p_dev_rec; 1098 1099 BTM_TRACE_DEBUG ("btm_ble_increment_sign_ctr is_local=%d", is_local); 1100 1101 if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL) 1102 { 1103 if (is_local) 1104 p_dev_rec->ble.keys.local_counter++; 1105 else 1106 p_dev_rec->ble.keys.counter++; 1107 BTM_TRACE_DEBUG ("is_local=%d local sign counter=%d peer sign counter=%d", 1108 is_local, 1109 p_dev_rec->ble.keys.local_counter, 1110 p_dev_rec->ble.keys.counter); 1111 } 1112} 1113 1114/******************************************************************************* 1115** 1116** Function btm_ble_get_enc_key_type 1117** 1118** Description This function is to get the BLE key type that has been exchanged 1119** in betweem local device and peer device. 1120** 1121** Returns p_key_type: output parameter to carry the key type value. 1122** 1123*******************************************************************************/ 1124bool btm_ble_get_enc_key_type(BD_ADDR bd_addr, uint8_t *p_key_types) 1125{ 1126 tBTM_SEC_DEV_REC *p_dev_rec; 1127 1128 BTM_TRACE_DEBUG ("btm_ble_get_enc_key_type"); 1129 1130 if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL) 1131 { 1132 *p_key_types = p_dev_rec->ble.key_type; 1133 return true; 1134 } 1135 return false; 1136} 1137 1138/******************************************************************************* 1139** 1140** Function btm_get_local_div 1141** 1142** Description This function is called to read the local DIV 1143** 1144** Returns TURE - if a valid DIV is availavle 1145*******************************************************************************/ 1146bool btm_get_local_div (BD_ADDR bd_addr, uint16_t *p_div) 1147{ 1148 tBTM_SEC_DEV_REC *p_dev_rec; 1149 bool status = false; 1150 BTM_TRACE_DEBUG ("btm_get_local_div"); 1151 1152 BTM_TRACE_DEBUG("bd_addr:%02x-%02x-%02x-%02x-%02x-%02x", 1153 bd_addr[0],bd_addr[1], 1154 bd_addr[2],bd_addr[3], 1155 bd_addr[4],bd_addr[5]); 1156 1157 *p_div = 0; 1158 p_dev_rec = btm_find_dev (bd_addr); 1159 1160 if (p_dev_rec && p_dev_rec->ble.keys.div) 1161 { 1162 status = true; 1163 *p_div = p_dev_rec->ble.keys.div; 1164 } 1165 BTM_TRACE_DEBUG ("btm_get_local_div status=%d (1-OK) DIV=0x%x", status, *p_div); 1166 return status; 1167} 1168 1169/******************************************************************************* 1170** 1171** Function btm_sec_save_le_key 1172** 1173** Description This function is called by the SMP to update 1174** an BLE key. SMP is internal, whereas all the keys shall 1175** be sent to the application. The function is also called 1176** when application passes ble key stored in NVRAM to the btm_sec. 1177** pass_to_application parameter is false in this case. 1178** 1179** Returns void 1180** 1181*******************************************************************************/ 1182void btm_sec_save_le_key(BD_ADDR bd_addr, tBTM_LE_KEY_TYPE key_type, tBTM_LE_KEY_VALUE *p_keys, 1183 bool pass_to_application) 1184{ 1185 tBTM_SEC_DEV_REC *p_rec; 1186 tBTM_LE_EVT_DATA cb_data; 1187 uint8_t i; 1188 1189 BTM_TRACE_DEBUG ("btm_sec_save_le_key key_type=0x%x pass_to_application=%d",key_type, pass_to_application); 1190 /* Store the updated key in the device database */ 1191 1192 BTM_TRACE_DEBUG("bd_addr:%02x-%02x-%02x-%02x-%02x-%02x", 1193 bd_addr[0],bd_addr[1], 1194 bd_addr[2],bd_addr[3], 1195 bd_addr[4],bd_addr[5]); 1196 1197 if ((p_rec = btm_find_dev (bd_addr)) != NULL && (p_keys || key_type== BTM_LE_KEY_LID)) 1198 { 1199 btm_ble_init_pseudo_addr (p_rec, bd_addr); 1200 1201 switch (key_type) 1202 { 1203 case BTM_LE_KEY_PENC: 1204 memcpy(p_rec->ble.keys.pltk, p_keys->penc_key.ltk, BT_OCTET16_LEN); 1205 memcpy(p_rec->ble.keys.rand, p_keys->penc_key.rand, BT_OCTET8_LEN); 1206 p_rec->ble.keys.sec_level = p_keys->penc_key.sec_level; 1207 p_rec->ble.keys.ediv = p_keys->penc_key.ediv; 1208 p_rec->ble.keys.key_size = p_keys->penc_key.key_size; 1209 p_rec->ble.key_type |= BTM_LE_KEY_PENC; 1210 p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_KNOWN; 1211 if (p_keys->penc_key.sec_level == SMP_SEC_AUTHENTICATED) 1212 p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_AUTHED; 1213 else 1214 p_rec->sec_flags &= ~BTM_SEC_LE_LINK_KEY_AUTHED; 1215 BTM_TRACE_DEBUG("BTM_LE_KEY_PENC key_type=0x%x sec_flags=0x%x sec_leve=0x%x", 1216 p_rec->ble.key_type, 1217 p_rec->sec_flags, 1218 p_rec->ble.keys.sec_level); 1219 break; 1220 1221 case BTM_LE_KEY_PID: 1222 for (i=0; i<BT_OCTET16_LEN; i++) 1223 { 1224 p_rec->ble.keys.irk[i] = p_keys->pid_key.irk[i]; 1225 } 1226 1227 //memcpy( p_rec->ble.keys.irk, p_keys->pid_key, BT_OCTET16_LEN); todo will crash the system 1228 memcpy(p_rec->ble.static_addr, p_keys->pid_key.static_addr, BD_ADDR_LEN); 1229 p_rec->ble.static_addr_type = p_keys->pid_key.addr_type; 1230 p_rec->ble.key_type |= BTM_LE_KEY_PID; 1231 BTM_TRACE_DEBUG("BTM_LE_KEY_PID key_type=0x%x save peer IRK", p_rec->ble.key_type); 1232 /* update device record address as static address */ 1233 memcpy(p_rec->bd_addr, p_keys->pid_key.static_addr, BD_ADDR_LEN); 1234 /* combine DUMO device security record if needed */ 1235 btm_consolidate_dev(p_rec); 1236 break; 1237 1238 case BTM_LE_KEY_PCSRK: 1239 memcpy(p_rec->ble.keys.pcsrk, p_keys->pcsrk_key.csrk, BT_OCTET16_LEN); 1240 p_rec->ble.keys.srk_sec_level = p_keys->pcsrk_key.sec_level; 1241 p_rec->ble.keys.counter = p_keys->pcsrk_key.counter; 1242 p_rec->ble.key_type |= BTM_LE_KEY_PCSRK; 1243 p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_KNOWN; 1244 if ( p_keys->pcsrk_key.sec_level== SMP_SEC_AUTHENTICATED) 1245 p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_AUTHED; 1246 else 1247 p_rec->sec_flags &= ~BTM_SEC_LE_LINK_KEY_AUTHED; 1248 1249 BTM_TRACE_DEBUG("BTM_LE_KEY_PCSRK key_type=0x%x sec_flags=0x%x sec_level=0x%x peer_counter=%d", 1250 p_rec->ble.key_type, 1251 p_rec->sec_flags, 1252 p_rec->ble.keys.srk_sec_level, 1253 p_rec->ble.keys.counter ); 1254 break; 1255 1256 case BTM_LE_KEY_LENC: 1257 memcpy(p_rec->ble.keys.lltk, p_keys->lenc_key.ltk, BT_OCTET16_LEN); 1258 p_rec->ble.keys.div = p_keys->lenc_key.div; /* update DIV */ 1259 p_rec->ble.keys.sec_level = p_keys->lenc_key.sec_level; 1260 p_rec->ble.keys.key_size = p_keys->lenc_key.key_size; 1261 p_rec->ble.key_type |= BTM_LE_KEY_LENC; 1262 1263 BTM_TRACE_DEBUG("BTM_LE_KEY_LENC key_type=0x%x DIV=0x%x key_size=0x%x sec_level=0x%x", 1264 p_rec->ble.key_type, 1265 p_rec->ble.keys.div, 1266 p_rec->ble.keys.key_size, 1267 p_rec->ble.keys.sec_level ); 1268 break; 1269 1270 case BTM_LE_KEY_LCSRK:/* local CSRK has been delivered */ 1271 memcpy (p_rec->ble.keys.lcsrk, p_keys->lcsrk_key.csrk, BT_OCTET16_LEN); 1272 p_rec->ble.keys.div = p_keys->lcsrk_key.div; /* update DIV */ 1273 p_rec->ble.keys.local_csrk_sec_level = p_keys->lcsrk_key.sec_level; 1274 p_rec->ble.keys.local_counter = p_keys->lcsrk_key.counter; 1275 p_rec->ble.key_type |= BTM_LE_KEY_LCSRK; 1276 BTM_TRACE_DEBUG("BTM_LE_KEY_LCSRK key_type=0x%x DIV=0x%x scrk_sec_level=0x%x local_counter=%d", 1277 p_rec->ble.key_type, 1278 p_rec->ble.keys.div, 1279 p_rec->ble.keys.local_csrk_sec_level, 1280 p_rec->ble.keys.local_counter ); 1281 break; 1282 1283 case BTM_LE_KEY_LID: 1284 p_rec->ble.key_type |= BTM_LE_KEY_LID; 1285 break; 1286 default: 1287 BTM_TRACE_WARNING("btm_sec_save_le_key (Bad key_type 0x%02x)", key_type); 1288 return; 1289 } 1290 1291 BTM_TRACE_DEBUG ("BLE key type 0x%02x updated for BDA: %08x%04x (btm_sec_save_le_key)", key_type, 1292 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3], 1293 (bd_addr[4]<<8)+bd_addr[5]); 1294 1295 /* Notify the application that one of the BLE keys has been updated 1296 If link key is in progress, it will get sent later.*/ 1297 if (pass_to_application && btm_cb.api.p_le_callback) 1298 { 1299 cb_data.key.p_key_value = p_keys; 1300 cb_data.key.key_type = key_type; 1301 1302 (*btm_cb.api.p_le_callback) (BTM_LE_KEY_EVT, bd_addr, &cb_data); 1303 } 1304 return; 1305 } 1306 1307 BTM_TRACE_WARNING ("BLE key type 0x%02x called for Unknown BDA or type: %08x%04x !! (btm_sec_save_le_key)", key_type, 1308 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3], 1309 (bd_addr[4]<<8)+bd_addr[5]); 1310 1311 if (p_rec) 1312 { 1313 BTM_TRACE_DEBUG ("sec_flags=0x%x", p_rec->sec_flags); 1314 } 1315} 1316 1317/******************************************************************************* 1318** 1319** Function btm_ble_update_sec_key_size 1320** 1321** Description update the current lin kencryption key size 1322** 1323** Returns void 1324** 1325*******************************************************************************/ 1326void btm_ble_update_sec_key_size(BD_ADDR bd_addr, uint8_t enc_key_size) 1327{ 1328 tBTM_SEC_DEV_REC *p_rec; 1329 1330 BTM_TRACE_DEBUG("btm_ble_update_sec_key_size enc_key_size = %d", enc_key_size); 1331 1332 if ((p_rec = btm_find_dev (bd_addr)) != NULL ) 1333 { 1334 p_rec->enc_key_size = enc_key_size; 1335 } 1336} 1337 1338/******************************************************************************* 1339** 1340** Function btm_ble_read_sec_key_size 1341** 1342** Description update the current lin kencryption key size 1343** 1344** Returns void 1345** 1346*******************************************************************************/ 1347uint8_t btm_ble_read_sec_key_size(BD_ADDR bd_addr) 1348{ 1349 tBTM_SEC_DEV_REC *p_rec; 1350 1351 if ((p_rec = btm_find_dev (bd_addr)) != NULL ) 1352 { 1353 return p_rec->enc_key_size; 1354 } 1355 else 1356 return 0; 1357} 1358 1359/******************************************************************************* 1360** 1361** Function btm_ble_link_sec_check 1362** 1363** Description Check BLE link security level match. 1364** 1365** Returns true: check is OK and the *p_sec_req_act contain the action 1366** 1367*******************************************************************************/ 1368void btm_ble_link_sec_check(BD_ADDR bd_addr, tBTM_LE_AUTH_REQ auth_req, tBTM_BLE_SEC_REQ_ACT *p_sec_req_act) 1369{ 1370 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 1371 uint8_t req_sec_level = BTM_LE_SEC_NONE, cur_sec_level = BTM_LE_SEC_NONE; 1372 1373 BTM_TRACE_DEBUG ("btm_ble_link_sec_check auth_req =0x%x", auth_req); 1374 1375 if (p_dev_rec == NULL) 1376 { 1377 BTM_TRACE_ERROR ("btm_ble_link_sec_check received for unknown device"); 1378 return; 1379 } 1380 1381 if (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING || 1382 p_dev_rec->sec_state == BTM_SEC_STATE_AUTHENTICATING) 1383 { 1384 /* race condition: discard the security request while master is encrypting the link */ 1385 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_DISCARD; 1386 } 1387 else 1388 { 1389 req_sec_level = BTM_LE_SEC_UNAUTHENTICATE; 1390 if (auth_req & BTM_LE_AUTH_REQ_MITM) 1391 { 1392 req_sec_level = BTM_LE_SEC_AUTHENTICATED; 1393 } 1394 1395 BTM_TRACE_DEBUG ("dev_rec sec_flags=0x%x", p_dev_rec->sec_flags); 1396 1397 /* currently encrpted */ 1398 if (p_dev_rec->sec_flags & BTM_SEC_LE_ENCRYPTED) 1399 { 1400 if (p_dev_rec->sec_flags & BTM_SEC_LE_AUTHENTICATED) 1401 cur_sec_level = BTM_LE_SEC_AUTHENTICATED; 1402 else 1403 cur_sec_level = BTM_LE_SEC_UNAUTHENTICATE; 1404 } 1405 else /* unencrypted link */ 1406 { 1407 /* if bonded, get the key security level */ 1408 if (p_dev_rec->ble.key_type & BTM_LE_KEY_PENC) 1409 cur_sec_level = p_dev_rec->ble.keys.sec_level; 1410 else 1411 cur_sec_level = BTM_LE_SEC_NONE; 1412 } 1413 1414 if (cur_sec_level >= req_sec_level) 1415 { 1416 /* To avoid re-encryption on an encrypted link for an equal condition encryption */ 1417 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_ENCRYPT; 1418 } 1419 else 1420 { 1421 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_PAIR; /* start the pariring process to upgrade the keys*/ 1422 } 1423 } 1424 1425 BTM_TRACE_DEBUG("cur_sec_level=%d req_sec_level=%d sec_req_act=%d", 1426 cur_sec_level, 1427 req_sec_level, 1428 *p_sec_req_act); 1429 1430} 1431 1432/******************************************************************************* 1433** 1434** Function btm_ble_set_encryption 1435** 1436** Description This function is called to ensure that LE connection is 1437** encrypted. Should be called only on an open connection. 1438** Typically only needed for connections that first want to 1439** bring up unencrypted links, then later encrypt them. 1440** 1441** Returns void 1442** the local device ER is copied into er 1443** 1444*******************************************************************************/ 1445tBTM_STATUS btm_ble_set_encryption (BD_ADDR bd_addr, tBTM_BLE_SEC_ACT sec_act, uint8_t link_role) 1446{ 1447 tBTM_STATUS cmd = BTM_NO_RESOURCES; 1448 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr); 1449 tBTM_BLE_SEC_REQ_ACT sec_req_act; 1450 tBTM_LE_AUTH_REQ auth_req; 1451 1452 if (p_rec == NULL) 1453 { 1454 BTM_TRACE_WARNING ("btm_ble_set_encryption (NULL device record!! sec_act=0x%x", sec_act); 1455 return(BTM_WRONG_MODE); 1456 } 1457 1458 BTM_TRACE_DEBUG ("btm_ble_set_encryption sec_act=0x%x role_master=%d", sec_act, p_rec->role_master); 1459 1460 if (sec_act == BTM_BLE_SEC_ENCRYPT_MITM) 1461 { 1462 p_rec->security_required |= BTM_SEC_IN_MITM; 1463 } 1464 1465 switch (sec_act) 1466 { 1467 case BTM_BLE_SEC_ENCRYPT: 1468 if (link_role == BTM_ROLE_MASTER) 1469 { 1470 /* start link layer encryption using the security info stored */ 1471 cmd = btm_ble_start_encrypt(bd_addr, false, NULL); 1472 break; 1473 } 1474 /* if salve role then fall through to call SMP_Pair below which will send a 1475 sec_request to request the master to encrypt the link */ 1476 case BTM_BLE_SEC_ENCRYPT_NO_MITM: 1477 case BTM_BLE_SEC_ENCRYPT_MITM: 1478 auth_req = (sec_act == BTM_BLE_SEC_ENCRYPT_NO_MITM) 1479 ? SMP_AUTH_GEN_BOND : (SMP_AUTH_GEN_BOND | SMP_AUTH_YN_BIT); 1480 btm_ble_link_sec_check (bd_addr, auth_req, &sec_req_act); 1481 if(sec_req_act == BTM_BLE_SEC_REQ_ACT_NONE || sec_req_act == BTM_BLE_SEC_REQ_ACT_DISCARD) 1482 { 1483 BTM_TRACE_DEBUG("%s, no action needed. Ignore", __func__); 1484 cmd = BTM_SUCCESS; 1485 break; 1486 } 1487 if (link_role == BTM_ROLE_MASTER) 1488 { 1489 1490 if (sec_req_act == BTM_BLE_SEC_REQ_ACT_ENCRYPT) 1491 { 1492 cmd = btm_ble_start_encrypt(bd_addr, false, NULL); 1493 break; 1494 } 1495 } 1496 1497 if (SMP_Pair(bd_addr) == SMP_STARTED) 1498 { 1499 cmd = BTM_CMD_STARTED; 1500 p_rec->sec_state = BTM_SEC_STATE_AUTHENTICATING; 1501 } 1502 break; 1503 1504 default: 1505 cmd = BTM_WRONG_MODE; 1506 break; 1507 } 1508 return cmd; 1509} 1510 1511/******************************************************************************* 1512** 1513** Function btm_ble_ltk_request 1514** 1515** Description This function is called when encryption request is received 1516** on a slave device. 1517** 1518** 1519** Returns void 1520** 1521*******************************************************************************/ 1522void btm_ble_ltk_request(uint16_t handle, uint8_t rand[8], uint16_t ediv) 1523{ 1524 tBTM_CB *p_cb = &btm_cb; 1525 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev_by_handle (handle); 1526 BT_OCTET8 dummy_stk = {0}; 1527 1528 BTM_TRACE_DEBUG ("btm_ble_ltk_request"); 1529 1530 p_cb->ediv = ediv; 1531 1532 memcpy(p_cb->enc_rand, rand, BT_OCTET8_LEN); 1533 1534 if (p_dev_rec != NULL) 1535 { 1536 if (!smp_proc_ltk_request(p_dev_rec->bd_addr)) 1537 btm_ble_ltk_request_reply(p_dev_rec->bd_addr, false, dummy_stk); 1538 } 1539 1540} 1541 1542/******************************************************************************* 1543** 1544** Function btm_ble_start_encrypt 1545** 1546** Description This function is called to start LE encryption. 1547** 1548** 1549** Returns BTM_SUCCESS if encryption was started successfully 1550** 1551*******************************************************************************/ 1552tBTM_STATUS btm_ble_start_encrypt(BD_ADDR bda, bool use_stk, BT_OCTET16 stk) 1553{ 1554 tBTM_CB *p_cb = &btm_cb; 1555 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bda); 1556 BT_OCTET8 dummy_rand = {0}; 1557 1558 BTM_TRACE_DEBUG ("btm_ble_start_encrypt"); 1559 1560 if (!p_rec ) 1561 { 1562 BTM_TRACE_ERROR("Link is not active, can not encrypt!"); 1563 return BTM_WRONG_MODE; 1564 } 1565 1566 if (p_rec->sec_state == BTM_SEC_STATE_ENCRYPTING) 1567 { 1568 BTM_TRACE_WARNING("Link Encryption is active, Busy!"); 1569 return BTM_BUSY; 1570 } 1571 1572 p_cb->enc_handle = p_rec->ble_hci_handle; 1573 1574 if (use_stk) 1575 { 1576 btsnd_hcic_ble_start_enc(p_rec->ble_hci_handle, dummy_rand, 0, stk); 1577 } 1578 else if (p_rec->ble.key_type & BTM_LE_KEY_PENC) 1579 { 1580 btsnd_hcic_ble_start_enc(p_rec->ble_hci_handle, p_rec->ble.keys.rand, 1581 p_rec->ble.keys.ediv, p_rec->ble.keys.pltk); 1582 } 1583 else 1584 { 1585 BTM_TRACE_ERROR("No key available to encrypt the link"); 1586 return BTM_NO_RESOURCES; 1587 } 1588 1589 if (p_rec->sec_state == BTM_SEC_STATE_IDLE) 1590 p_rec->sec_state = BTM_SEC_STATE_ENCRYPTING; 1591 1592 return BTM_CMD_STARTED; 1593} 1594 1595/******************************************************************************* 1596** 1597** Function btm_ble_link_encrypted 1598** 1599** Description This function is called when LE link encrption status is changed. 1600** 1601** Returns void 1602** 1603*******************************************************************************/ 1604void btm_ble_link_encrypted(BD_ADDR bd_addr, uint8_t encr_enable) 1605{ 1606 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 1607 bool enc_cback; 1608 1609 if (!p_dev_rec) 1610 { 1611 BTM_TRACE_WARNING ("btm_ble_link_encrypted (No Device Found!) encr_enable=%d", encr_enable); 1612 return; 1613 } 1614 1615 BTM_TRACE_DEBUG ("btm_ble_link_encrypted encr_enable=%d", encr_enable); 1616 1617 enc_cback = (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING); 1618 1619 smp_link_encrypted(bd_addr, encr_enable); 1620 1621 BTM_TRACE_DEBUG(" p_dev_rec->sec_flags=0x%x", p_dev_rec->sec_flags); 1622 1623 if (encr_enable && p_dev_rec->enc_key_size == 0) 1624 p_dev_rec->enc_key_size = p_dev_rec->ble.keys.key_size; 1625 1626 p_dev_rec->sec_state = BTM_SEC_STATE_IDLE; 1627 if (p_dev_rec->p_callback && enc_cback) 1628 { 1629 if (encr_enable) 1630 btm_sec_dev_rec_cback_event(p_dev_rec, BTM_SUCCESS, true); 1631 else if (p_dev_rec->role_master) 1632 btm_sec_dev_rec_cback_event(p_dev_rec, BTM_ERR_PROCESSING, true); 1633 1634 } 1635 /* to notify GATT to send data if any request is pending */ 1636 gatt_notify_enc_cmpl(p_dev_rec->ble.pseudo_addr); 1637} 1638 1639/******************************************************************************* 1640** 1641** Function btm_ble_ltk_request_reply 1642** 1643** Description This function is called to send a LTK request reply on a slave 1644** device. 1645** 1646** Returns void 1647** 1648*******************************************************************************/ 1649void btm_ble_ltk_request_reply(BD_ADDR bda, bool use_stk, BT_OCTET16 stk) 1650{ 1651 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bda); 1652 tBTM_CB *p_cb = &btm_cb; 1653 1654 if (p_rec == NULL) 1655 { 1656 BTM_TRACE_ERROR("btm_ble_ltk_request_reply received for unknown device"); 1657 return; 1658 } 1659 1660 BTM_TRACE_DEBUG ("btm_ble_ltk_request_reply"); 1661 p_cb->enc_handle = p_rec->ble_hci_handle; 1662 p_cb->key_size = p_rec->ble.keys.key_size; 1663 1664 BTM_TRACE_ERROR("key size = %d", p_rec->ble.keys.key_size); 1665 if (use_stk) 1666 { 1667 btsnd_hcic_ble_ltk_req_reply(btm_cb.enc_handle, stk); 1668 } 1669 else /* calculate LTK using peer device */ 1670 { 1671 if (p_rec->ble.key_type & BTM_LE_KEY_LENC) 1672 btsnd_hcic_ble_ltk_req_reply(btm_cb.enc_handle, p_rec->ble.keys.lltk); 1673 else 1674 btsnd_hcic_ble_ltk_req_neg_reply(btm_cb.enc_handle); 1675 } 1676} 1677 1678/******************************************************************************* 1679** 1680** Function btm_ble_io_capabilities_req 1681** 1682** Description This function is called to handle SMP get IO capability request. 1683** 1684** Returns void 1685** 1686*******************************************************************************/ 1687uint8_t btm_ble_io_capabilities_req(tBTM_SEC_DEV_REC *p_dev_rec, tBTM_LE_IO_REQ *p_data) 1688{ 1689 uint8_t callback_rc = BTM_SUCCESS; 1690 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req"); 1691 if (btm_cb.api.p_le_callback) 1692 { 1693 /* the callback function implementation may change the IO capability... */ 1694 callback_rc = (*btm_cb.api.p_le_callback) (BTM_LE_IO_REQ_EVT, p_dev_rec->bd_addr, (tBTM_LE_EVT_DATA *)p_data); 1695 } 1696 if ((callback_rc == BTM_SUCCESS) || (BTM_OOB_UNKNOWN != p_data->oob_data)) 1697 { 1698#if (BTM_BLE_CONFORMANCE_TESTING == TRUE) 1699 if (btm_cb.devcb.keep_rfu_in_auth_req) 1700 { 1701 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req keep_rfu_in_auth_req = %u", 1702 btm_cb.devcb.keep_rfu_in_auth_req); 1703 p_data->auth_req &= BTM_LE_AUTH_REQ_MASK_KEEP_RFU; 1704 btm_cb.devcb.keep_rfu_in_auth_req = false; 1705 } 1706 else 1707 { /* default */ 1708 p_data->auth_req &= BTM_LE_AUTH_REQ_MASK; 1709 } 1710#else 1711 p_data->auth_req &= BTM_LE_AUTH_REQ_MASK; 1712#endif 1713 1714 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 1: p_dev_rec->security_required = %d auth_req:%d", 1715 p_dev_rec->security_required, p_data->auth_req); 1716 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 2: i_keys=0x%x r_keys=0x%x (bit 0-LTK 1-IRK 2-CSRK)", 1717 p_data->init_keys, 1718 p_data->resp_keys); 1719 1720 /* if authentication requires MITM protection, put on the mask */ 1721 if (p_dev_rec->security_required & BTM_SEC_IN_MITM) 1722 p_data->auth_req |= BTM_LE_AUTH_REQ_MITM; 1723 1724 if (!(p_data->auth_req & SMP_AUTH_BOND)) 1725 { 1726 BTM_TRACE_DEBUG("Non bonding: No keys should be exchanged"); 1727 p_data->init_keys = 0; 1728 p_data->resp_keys = 0; 1729 } 1730 1731 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 3: auth_req:%d", p_data->auth_req); 1732 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 4: i_keys=0x%x r_keys=0x%x", 1733 p_data->init_keys, 1734 p_data->resp_keys); 1735 1736 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 5: p_data->io_cap = %d auth_req:%d", 1737 p_data->io_cap, p_data->auth_req); 1738 1739 /* remove MITM protection requirement if IO cap does not allow it */ 1740 if ((p_data->io_cap == BTM_IO_CAP_NONE) && p_data->oob_data == SMP_OOB_NONE) 1741 p_data->auth_req &= ~BTM_LE_AUTH_REQ_MITM; 1742 1743 if (!(p_data->auth_req & SMP_SC_SUPPORT_BIT)) 1744 { 1745 /* if Secure Connections are not supported then remove LK derivation, 1746 ** and keypress notifications. 1747 */ 1748 BTM_TRACE_DEBUG("%s-SC not supported -> No LK derivation, no keypress notifications", 1749 __func__); 1750 p_data->auth_req &= ~SMP_KP_SUPPORT_BIT; 1751 p_data->init_keys &= ~SMP_SEC_KEY_TYPE_LK; 1752 p_data->resp_keys &= ~SMP_SEC_KEY_TYPE_LK; 1753 } 1754 1755 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 6: IO_CAP:%d oob_data:%d auth_req:0x%02x", 1756 p_data->io_cap, p_data->oob_data, p_data->auth_req); 1757 } 1758 return callback_rc; 1759} 1760 1761/******************************************************************************* 1762** 1763** Function btm_ble_br_keys_req 1764** 1765** Description This function is called to handle SMP request for keys sent 1766** over BR/EDR. 1767** 1768** Returns void 1769** 1770*******************************************************************************/ 1771uint8_t btm_ble_br_keys_req(tBTM_SEC_DEV_REC *p_dev_rec, tBTM_LE_IO_REQ *p_data) 1772{ 1773 uint8_t callback_rc = BTM_SUCCESS; 1774 BTM_TRACE_DEBUG ("%s", __func__); 1775 if (btm_cb.api.p_le_callback) 1776 { 1777 /* the callback function implementation may change the IO capability... */ 1778 callback_rc = (*btm_cb.api.p_le_callback) (BTM_LE_IO_REQ_EVT, p_dev_rec->bd_addr, 1779 (tBTM_LE_EVT_DATA *)p_data); 1780 } 1781 1782 return callback_rc; 1783} 1784 1785#if (BLE_PRIVACY_SPT == TRUE) 1786/******************************************************************************* 1787** 1788** Function btm_ble_resolve_random_addr_on_conn_cmpl 1789** 1790** Description resolve random address complete on connection complete event. 1791** 1792** Returns void 1793** 1794*******************************************************************************/ 1795static void btm_ble_resolve_random_addr_on_conn_cmpl(void * p_rec, void *p_data) 1796{ 1797 uint8_t *p = (uint8_t *)p_data; 1798 tBTM_SEC_DEV_REC *match_rec = (tBTM_SEC_DEV_REC *) p_rec; 1799 uint8_t role, bda_type; 1800 uint16_t handle; 1801 BD_ADDR bda; 1802 uint16_t conn_interval, conn_latency, conn_timeout; 1803 bool match = false; 1804 1805 ++p; 1806 STREAM_TO_UINT16 (handle, p); 1807 STREAM_TO_UINT8 (role, p); 1808 STREAM_TO_UINT8 (bda_type, p); 1809 STREAM_TO_BDADDR (bda, p); 1810 STREAM_TO_UINT16 (conn_interval, p); 1811 STREAM_TO_UINT16 (conn_latency, p); 1812 STREAM_TO_UINT16 (conn_timeout, p); 1813 1814 handle = HCID_GET_HANDLE (handle); 1815 1816 BTM_TRACE_EVENT ("%s", __func__); 1817 1818 if (match_rec) 1819 { 1820 LOG_INFO(LOG_TAG, "%s matched and resolved random address", __func__); 1821 match = true; 1822 match_rec->ble.active_addr_type = BTM_BLE_ADDR_RRA; 1823 memcpy(match_rec->ble.cur_rand_addr, bda, BD_ADDR_LEN); 1824 if (!btm_ble_init_pseudo_addr (match_rec, bda)) 1825 { 1826 /* assign the original address to be the current report address */ 1827 memcpy(bda, match_rec->ble.pseudo_addr, BD_ADDR_LEN); 1828 } 1829 else 1830 { 1831 memcpy(bda, match_rec->bd_addr, BD_ADDR_LEN); 1832 } 1833 } 1834 else 1835 { 1836 LOG_INFO(LOG_TAG, "%s unable to match and resolve random address", __func__); 1837 } 1838 1839 btm_ble_connected(bda, handle, HCI_ENCRYPT_MODE_DISABLED, role, bda_type, match); 1840 1841 l2cble_conn_comp (handle, role, bda, bda_type, conn_interval, 1842 conn_latency, conn_timeout); 1843 1844 return; 1845} 1846#endif 1847 1848/******************************************************************************* 1849** 1850** Function btm_ble_connected 1851** 1852** Description This function is when a LE connection to the peer device is 1853** establsihed 1854** 1855** Returns void 1856** 1857*******************************************************************************/ 1858void btm_ble_connected (uint8_t *bda, uint16_t handle, uint8_t enc_mode, uint8_t role, 1859 tBLE_ADDR_TYPE addr_type, 1860 UNUSED_ATTR bool addr_matched) 1861{ 1862 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bda); 1863 tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb; 1864 1865 BTM_TRACE_EVENT ("btm_ble_connected"); 1866 1867 /* Commenting out trace due to obf/compilation problems. 1868 */ 1869 if (p_dev_rec) 1870 { 1871 BTM_TRACE_EVENT ("Security Manager: btm_ble_connected : handle:%d enc_mode:%d bda:%x RName:%s", 1872 handle, enc_mode, 1873 (bda[2]<<24)+(bda[3]<<16)+(bda[4]<<8)+bda[5], 1874 p_dev_rec->sec_bd_name); 1875 1876 BTM_TRACE_DEBUG ("btm_ble_connected sec_flags=0x%x",p_dev_rec->sec_flags); 1877 } 1878 else 1879 { 1880 BTM_TRACE_EVENT ("Security Manager: btm_ble_connected: handle:%d enc_mode:%d bda:%x ", 1881 handle, enc_mode, 1882 (bda[2]<<24)+(bda[3]<<16)+(bda[4]<<8)+bda[5]); 1883 } 1884 1885 if (!p_dev_rec) 1886 { 1887 /* There is no device record for new connection. Allocate one */ 1888 if ((p_dev_rec = btm_sec_alloc_dev (bda)) == NULL) 1889 return; 1890 } 1891 else /* Update the timestamp for this device */ 1892 { 1893 p_dev_rec->timestamp = btm_cb.dev_rec_count++; 1894 } 1895 1896 /* update device information */ 1897 p_dev_rec->device_type |= BT_DEVICE_TYPE_BLE; 1898 p_dev_rec->ble_hci_handle = handle; 1899 p_dev_rec->ble.ble_addr_type = addr_type; 1900 /* update pseudo address */ 1901 memcpy(p_dev_rec->ble.pseudo_addr, bda, BD_ADDR_LEN); 1902 1903 p_dev_rec->role_master = false; 1904 if (role == HCI_ROLE_MASTER) 1905 p_dev_rec->role_master = true; 1906 1907#if (BLE_PRIVACY_SPT == TRUE) 1908 if (!addr_matched) 1909 p_dev_rec->ble.active_addr_type = BTM_BLE_ADDR_PSEUDO; 1910 1911 if (p_dev_rec->ble.ble_addr_type == BLE_ADDR_RANDOM && !addr_matched) 1912 memcpy(p_dev_rec->ble.cur_rand_addr, bda, BD_ADDR_LEN); 1913#endif 1914 1915 p_cb->inq_var.directed_conn = BTM_BLE_CONNECT_EVT; 1916 1917 return; 1918} 1919 1920/***************************************************************************** 1921** Function btm_ble_conn_complete 1922** 1923** Description LE connection complete. 1924** 1925******************************************************************************/ 1926void btm_ble_conn_complete(uint8_t *p, 1927 UNUSED_ATTR uint16_t evt_len, bool enhanced) 1928{ 1929#if (BLE_PRIVACY_SPT == TRUE) 1930 uint8_t *p_data = p, peer_addr_type; 1931 BD_ADDR local_rpa, peer_rpa; 1932#endif 1933 uint8_t role, status, bda_type; 1934 uint16_t handle; 1935 BD_ADDR bda; 1936 uint16_t conn_interval, conn_latency, conn_timeout; 1937 bool match = false; 1938 1939 STREAM_TO_UINT8 (status, p); 1940 STREAM_TO_UINT16 (handle, p); 1941 STREAM_TO_UINT8 (role, p); 1942 STREAM_TO_UINT8 (bda_type, p); 1943 STREAM_TO_BDADDR (bda, p); 1944 1945 if (status == 0) 1946 { 1947#if (BLE_PRIVACY_SPT == TRUE) 1948 peer_addr_type = bda_type; 1949 match = btm_identity_addr_to_random_pseudo (bda, &bda_type, true); 1950 1951 if (enhanced) 1952 { 1953 STREAM_TO_BDADDR (local_rpa, p); 1954 STREAM_TO_BDADDR (peer_rpa, p); 1955 } 1956 1957 /* possiblly receive connection complete with resolvable random while 1958 the device has been paired */ 1959 if (!match && BTM_BLE_IS_RESOLVE_BDA(bda)) 1960 { 1961 btm_ble_resolve_random_addr(bda, btm_ble_resolve_random_addr_on_conn_cmpl, p_data); 1962 } 1963 else 1964#endif 1965 { 1966 STREAM_TO_UINT16 (conn_interval, p); 1967 STREAM_TO_UINT16 (conn_latency, p); 1968 STREAM_TO_UINT16 (conn_timeout, p); 1969 handle = HCID_GET_HANDLE (handle); 1970 1971 btm_ble_connected(bda, handle, HCI_ENCRYPT_MODE_DISABLED, role, bda_type, match); 1972 1973 l2cble_conn_comp (handle, role, bda, bda_type, conn_interval, 1974 conn_latency, conn_timeout); 1975 1976#if (BLE_PRIVACY_SPT == TRUE) 1977 if (enhanced) 1978 { 1979 btm_ble_refresh_local_resolvable_private_addr(bda, local_rpa); 1980 1981 if (peer_addr_type & BLE_ADDR_TYPE_ID_BIT) 1982 btm_ble_refresh_peer_resolvable_private_addr(bda, peer_rpa, BLE_ADDR_RANDOM); 1983 } 1984#endif 1985 } 1986 } 1987 else 1988 { 1989 role = HCI_ROLE_UNKNOWN; 1990 if (status != HCI_ERR_DIRECTED_ADVERTISING_TIMEOUT) 1991 { 1992 btm_ble_set_conn_st(BLE_CONN_IDLE); 1993#if (BLE_PRIVACY_SPT == TRUE) 1994 btm_ble_disable_resolving_list(BTM_BLE_RL_INIT, true); 1995#endif 1996 } 1997 else 1998 { 1999#if (BLE_PRIVACY_SPT == TRUE) 2000 btm_cb.ble_ctr_cb.inq_var.adv_mode = BTM_BLE_ADV_DISABLE; 2001 btm_ble_disable_resolving_list(BTM_BLE_RL_ADV, true); 2002#endif 2003 } 2004 } 2005 2006 btm_ble_update_mode_operation(role, bda, status); 2007} 2008 2009/***************************************************************************** 2010** Function btm_ble_create_ll_conn_complete 2011** 2012** Description LE connection complete. 2013** 2014******************************************************************************/ 2015void btm_ble_create_ll_conn_complete (uint8_t status) 2016{ 2017 if (status != HCI_SUCCESS) 2018 { 2019 btm_ble_set_conn_st(BLE_CONN_IDLE); 2020 btm_ble_update_mode_operation(HCI_ROLE_UNKNOWN, NULL, status); 2021 } 2022} 2023/***************************************************************************** 2024** Function btm_proc_smp_cback 2025** 2026** Description This function is the SMP callback handler. 2027** 2028******************************************************************************/ 2029uint8_t btm_proc_smp_cback(tSMP_EVT event, BD_ADDR bd_addr, tSMP_EVT_DATA *p_data) 2030{ 2031 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 2032 uint8_t res = 0; 2033 2034 BTM_TRACE_DEBUG ("btm_proc_smp_cback event = %d", event); 2035 2036 if (p_dev_rec != NULL) 2037 { 2038 switch (event) 2039 { 2040 case SMP_IO_CAP_REQ_EVT: 2041 btm_ble_io_capabilities_req(p_dev_rec, (tBTM_LE_IO_REQ *)&p_data->io_req); 2042 break; 2043 2044 case SMP_BR_KEYS_REQ_EVT: 2045 btm_ble_br_keys_req(p_dev_rec, (tBTM_LE_IO_REQ *)&p_data->io_req); 2046 break; 2047 2048 case SMP_PASSKEY_REQ_EVT: 2049 case SMP_PASSKEY_NOTIF_EVT: 2050 case SMP_OOB_REQ_EVT: 2051 case SMP_NC_REQ_EVT: 2052 case SMP_SC_OOB_REQ_EVT: 2053 /* fall through */ 2054 p_dev_rec->sec_flags |= BTM_SEC_LE_AUTHENTICATED; 2055 2056 case SMP_SEC_REQUEST_EVT: 2057 if (event == SMP_SEC_REQUEST_EVT && btm_cb.pairing_state != BTM_PAIR_STATE_IDLE) 2058 { 2059 BTM_TRACE_DEBUG("%s: Ignoring SMP Security request", __func__); 2060 break; 2061 } 2062 memcpy (btm_cb.pairing_bda, bd_addr, BD_ADDR_LEN); 2063 p_dev_rec->sec_state = BTM_SEC_STATE_AUTHENTICATING; 2064 btm_cb.pairing_flags |= BTM_PAIR_FLAGS_LE_ACTIVE; 2065 /* fall through */ 2066 2067 case SMP_COMPLT_EVT: 2068 if (btm_cb.api.p_le_callback) 2069 { 2070 /* the callback function implementation may change the IO capability... */ 2071 BTM_TRACE_DEBUG ("btm_cb.api.p_le_callback=0x%x", btm_cb.api.p_le_callback ); 2072 (*btm_cb.api.p_le_callback) (event, bd_addr, (tBTM_LE_EVT_DATA *)p_data); 2073 } 2074 2075 if (event == SMP_COMPLT_EVT) 2076 { 2077 BTM_TRACE_DEBUG ("evt=SMP_COMPLT_EVT before update sec_level=0x%x sec_flags=0x%x", p_data->cmplt.sec_level , p_dev_rec->sec_flags ); 2078 2079 res = (p_data->cmplt.reason == SMP_SUCCESS) ? BTM_SUCCESS : BTM_ERR_PROCESSING; 2080 2081 BTM_TRACE_DEBUG ("after update result=%d sec_level=0x%x sec_flags=0x%x", 2082 res, p_data->cmplt.sec_level , p_dev_rec->sec_flags ); 2083 2084 if (p_data->cmplt.is_pair_cancel && btm_cb.api.p_bond_cancel_cmpl_callback ) 2085 { 2086 BTM_TRACE_DEBUG ("Pairing Cancel completed"); 2087 (*btm_cb.api.p_bond_cancel_cmpl_callback)(BTM_SUCCESS); 2088 } 2089#if (BTM_BLE_CONFORMANCE_TESTING == TRUE) 2090 if (res != BTM_SUCCESS) 2091 { 2092 if (!btm_cb.devcb.no_disc_if_pair_fail && p_data->cmplt.reason != SMP_CONN_TOUT) 2093 { 2094 BTM_TRACE_DEBUG ("Pairing failed - prepare to remove ACL"); 2095 l2cu_start_post_bond_timer(p_dev_rec->ble_hci_handle); 2096 } 2097 else 2098 { 2099 BTM_TRACE_DEBUG ("Pairing failed - Not Removing ACL"); 2100 p_dev_rec->sec_state = BTM_SEC_STATE_IDLE; 2101 } 2102 } 2103#else 2104 if (res != BTM_SUCCESS && p_data->cmplt.reason != SMP_CONN_TOUT) 2105 { 2106 BTM_TRACE_DEBUG ("Pairing failed - prepare to remove ACL"); 2107 l2cu_start_post_bond_timer(p_dev_rec->ble_hci_handle); 2108 } 2109#endif 2110 2111 BTM_TRACE_DEBUG ("btm_cb pairing_state=%x pairing_flags=%x pin_code_len=%x", 2112 btm_cb.pairing_state, 2113 btm_cb.pairing_flags, 2114 btm_cb.pin_code_len ); 2115 BTM_TRACE_DEBUG ("btm_cb.pairing_bda %02x:%02x:%02x:%02x:%02x:%02x", 2116 btm_cb.pairing_bda[0], btm_cb.pairing_bda[1], btm_cb.pairing_bda[2], 2117 btm_cb.pairing_bda[3], btm_cb.pairing_bda[4], btm_cb.pairing_bda[5]); 2118 2119 /* Reset btm state only if the callback address matches pairing address*/ 2120 if(memcmp(bd_addr, btm_cb.pairing_bda, BD_ADDR_LEN) == 0) 2121 { 2122 memset (btm_cb.pairing_bda, 0xff, BD_ADDR_LEN); 2123 btm_cb.pairing_state = BTM_PAIR_STATE_IDLE; 2124 btm_cb.pairing_flags = 0; 2125 } 2126 2127 if (res == BTM_SUCCESS) 2128 { 2129 p_dev_rec->sec_state = BTM_SEC_STATE_IDLE; 2130#if (BLE_PRIVACY_SPT == TRUE) 2131 /* add all bonded device into resolving list if IRK is available*/ 2132 btm_ble_resolving_list_load_dev(p_dev_rec); 2133#endif 2134 } 2135 2136 btm_sec_dev_rec_cback_event(p_dev_rec, res, true); 2137 } 2138 break; 2139 2140 default: 2141 BTM_TRACE_DEBUG ("unknown event = %d", event); 2142 break; 2143 2144 } 2145 } 2146 else 2147 { 2148 BTM_TRACE_ERROR("btm_proc_smp_cback received for unknown device"); 2149 } 2150 2151 return 0; 2152} 2153 2154 #endif /* SMP_INCLUDED */ 2155 2156/******************************************************************************* 2157** 2158** Function BTM_BleDataSignature 2159** 2160** Description This function is called to sign the data using AES128 CMAC 2161** algorith. 2162** 2163** Parameter bd_addr: target device the data to be signed for. 2164** p_text: singing data 2165** len: length of the data to be signed. 2166** signature: output parameter where data signature is going to 2167** be stored. 2168** 2169** Returns true if signing sucessul, otherwise false. 2170** 2171*******************************************************************************/ 2172bool BTM_BleDataSignature (BD_ADDR bd_addr, uint8_t *p_text, uint16_t len, 2173 BLE_SIGNATURE signature) 2174{ 2175 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr); 2176 2177 BTM_TRACE_DEBUG ("%s", __func__); 2178 bool ret = false; 2179 if (p_rec == NULL) 2180 { 2181 BTM_TRACE_ERROR("%s-data signing can not be done from unknown device", __func__); 2182 } 2183 else 2184 { 2185 uint8_t *p_mac = (uint8_t *)signature; 2186 uint8_t *pp; 2187 uint8_t *p_buf = (uint8_t *)osi_malloc(len + 4); 2188 2189 BTM_TRACE_DEBUG("%s-Start to generate Local CSRK", __func__); 2190 pp = p_buf; 2191 /* prepare plain text */ 2192 if (p_text) { 2193 memcpy(p_buf, p_text, len); 2194 pp = (p_buf + len); 2195 } 2196 2197 UINT32_TO_STREAM(pp, p_rec->ble.keys.local_counter); 2198 UINT32_TO_STREAM(p_mac, p_rec->ble.keys.local_counter); 2199 2200 if ((ret = aes_cipher_msg_auth_code(p_rec->ble.keys.lcsrk, p_buf, (uint16_t)(len + 4), 2201 BTM_CMAC_TLEN_SIZE, p_mac)) == true) { 2202 btm_ble_increment_sign_ctr(bd_addr, true); 2203 } 2204 2205 BTM_TRACE_DEBUG("%s p_mac = %d", __func__, p_mac); 2206 BTM_TRACE_DEBUG("p_mac[0] = 0x%02x p_mac[1] = 0x%02x p_mac[2] = 0x%02x p_mac[3] = 0x%02x", 2207 *p_mac, *(p_mac + 1), *(p_mac + 2), *(p_mac + 3)); 2208 BTM_TRACE_DEBUG("p_mac[4] = 0x%02x p_mac[5] = 0x%02x p_mac[6] = 0x%02x p_mac[7] = 0x%02x", 2209 *(p_mac + 4), *(p_mac + 5), *(p_mac + 6), *(p_mac + 7)); 2210 osi_free(p_buf); 2211 } 2212 return ret; 2213} 2214 2215/******************************************************************************* 2216** 2217** Function BTM_BleVerifySignature 2218** 2219** Description This function is called to verify the data signature 2220** 2221** Parameter bd_addr: target device the data to be signed for. 2222** p_orig: original data before signature. 2223** len: length of the signing data 2224** counter: counter used when doing data signing 2225** p_comp: signature to be compared against. 2226 2227** Returns true if signature verified correctly; otherwise false. 2228** 2229*******************************************************************************/ 2230bool BTM_BleVerifySignature (BD_ADDR bd_addr, uint8_t *p_orig, uint16_t len, uint32_t counter, 2231 uint8_t *p_comp) 2232{ 2233 bool verified = false; 2234#if (SMP_INCLUDED == TRUE) 2235 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr); 2236 uint8_t p_mac[BTM_CMAC_TLEN_SIZE]; 2237 2238 if (p_rec == NULL || (p_rec && !(p_rec->ble.key_type & BTM_LE_KEY_PCSRK))) 2239 { 2240 BTM_TRACE_ERROR("can not verify signature for unknown device"); 2241 } 2242 else if (counter < p_rec->ble.keys.counter) 2243 { 2244 BTM_TRACE_ERROR("signature received with out dated sign counter"); 2245 } 2246 else if (p_orig == NULL) 2247 { 2248 BTM_TRACE_ERROR("No signature to verify"); 2249 } 2250 else 2251 { 2252 BTM_TRACE_DEBUG ("%s rcv_cnt=%d >= expected_cnt=%d", __func__, counter, 2253 p_rec->ble.keys.counter); 2254 2255 if (aes_cipher_msg_auth_code(p_rec->ble.keys.pcsrk, p_orig, len, BTM_CMAC_TLEN_SIZE, p_mac)) 2256 { 2257 if (memcmp(p_mac, p_comp, BTM_CMAC_TLEN_SIZE) == 0) 2258 { 2259 btm_ble_increment_sign_ctr(bd_addr, false); 2260 verified = true; 2261 } 2262 } 2263 } 2264#endif /* SMP_INCLUDED */ 2265 return verified; 2266} 2267 2268/******************************************************************************* 2269** 2270** Function BTM_GetLeSecurityState 2271** 2272** Description This function is called to get security mode 1 flags and 2273** encryption key size for LE peer. 2274** 2275** Returns bool true if LE device is found, false otherwise. 2276** 2277*******************************************************************************/ 2278bool BTM_GetLeSecurityState (BD_ADDR bd_addr, uint8_t *p_le_dev_sec_flags, uint8_t *p_le_key_size) 2279{ 2280#if (BLE_INCLUDED == TRUE) 2281 tBTM_SEC_DEV_REC *p_dev_rec; 2282 uint16_t dev_rec_sec_flags; 2283#endif 2284 2285 *p_le_dev_sec_flags = 0; 2286 *p_le_key_size = 0; 2287 2288#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) 2289 if ((p_dev_rec = btm_find_dev (bd_addr)) == NULL) 2290 { 2291 BTM_TRACE_ERROR ("%s fails", __func__); 2292 return (false); 2293 } 2294 2295 if (p_dev_rec->ble_hci_handle == BTM_SEC_INVALID_HANDLE) { 2296 BTM_TRACE_ERROR ("%s-this is not LE device", __func__); 2297 return (false); 2298 } 2299 2300 dev_rec_sec_flags = p_dev_rec->sec_flags; 2301 2302 if (dev_rec_sec_flags & BTM_SEC_LE_ENCRYPTED) 2303 { 2304 /* link is encrypted with LTK or STK */ 2305 *p_le_key_size = p_dev_rec->enc_key_size; 2306 *p_le_dev_sec_flags |= BTM_SEC_LE_LINK_ENCRYPTED; 2307 2308 *p_le_dev_sec_flags |= (dev_rec_sec_flags & BTM_SEC_LE_AUTHENTICATED) 2309 ? BTM_SEC_LE_LINK_PAIRED_WITH_MITM /* set auth LTK flag */ 2310 : BTM_SEC_LE_LINK_PAIRED_WITHOUT_MITM; /* set unauth LTK flag */ 2311 } 2312 else if (p_dev_rec->ble.key_type & BTM_LE_KEY_PENC) 2313 { 2314 /* link is unencrypted, still LTK is available */ 2315 *p_le_key_size = p_dev_rec->ble.keys.key_size; 2316 2317 *p_le_dev_sec_flags |= (dev_rec_sec_flags & BTM_SEC_LE_LINK_KEY_AUTHED) 2318 ? BTM_SEC_LE_LINK_PAIRED_WITH_MITM /* set auth LTK flag */ 2319 : BTM_SEC_LE_LINK_PAIRED_WITHOUT_MITM; /* set unauth LTK flag */ 2320 } 2321 2322 BTM_TRACE_DEBUG ("%s - le_dev_sec_flags: 0x%02x, le_key_size: %d", 2323 __func__, *p_le_dev_sec_flags, *p_le_key_size); 2324 2325 return true; 2326#else 2327 return false; 2328#endif 2329} 2330 2331/******************************************************************************* 2332** 2333** Function BTM_BleSecurityProcedureIsRunning 2334** 2335** Description This function indicates if LE security procedure is 2336** currently running with the peer. 2337** 2338** Returns bool true if security procedure is running, false otherwise. 2339** 2340*******************************************************************************/ 2341bool BTM_BleSecurityProcedureIsRunning(BD_ADDR bd_addr) 2342{ 2343#if (BLE_INCLUDED == TRUE) 2344 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 2345 2346 if (p_dev_rec == NULL) 2347 { 2348 BTM_TRACE_ERROR ("%s device with BDA: %08x%04x is not found", 2349 __func__, (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3], 2350 (bd_addr[4]<<8)+bd_addr[5]); 2351 return false; 2352 } 2353 2354 return (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING || 2355 p_dev_rec->sec_state == BTM_SEC_STATE_AUTHENTICATING); 2356#else 2357 return false; 2358#endif 2359} 2360 2361/******************************************************************************* 2362** 2363** Function BTM_BleGetSupportedKeySize 2364** 2365** Description This function gets the maximum encryption key size in bytes 2366** the local device can suport. 2367** record. 2368** 2369** Returns the key size or 0 if the size can't be retrieved. 2370** 2371*******************************************************************************/ 2372extern uint8_t BTM_BleGetSupportedKeySize (BD_ADDR bd_addr) 2373{ 2374#if (BLE_INCLUDED == TRUE && L2CAP_LE_COC_INCLUDED == TRUE) 2375 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); 2376 tBTM_LE_IO_REQ dev_io_cfg; 2377 uint8_t callback_rc; 2378 2379 if (!p_dev_rec) 2380 { 2381 BTM_TRACE_ERROR ("%s device with BDA: %08x%04x is not found", 2382 __func__,(bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3], 2383 (bd_addr[4]<<8)+bd_addr[5]); 2384 return 0; 2385 } 2386 2387 if (btm_cb.api.p_le_callback == NULL) 2388 { 2389 BTM_TRACE_ERROR ("%s can't access supported key size",__func__); 2390 return 0; 2391 } 2392 2393 callback_rc = (*btm_cb.api.p_le_callback) (BTM_LE_IO_REQ_EVT, p_dev_rec->bd_addr, 2394 (tBTM_LE_EVT_DATA *) &dev_io_cfg); 2395 2396 if (callback_rc != BTM_SUCCESS) 2397 { 2398 BTM_TRACE_ERROR ("%s can't access supported key size",__func__); 2399 return 0; 2400 } 2401 2402 BTM_TRACE_DEBUG ("%s device supports key size = %d", __func__, dev_io_cfg.max_key_size); 2403 return (dev_io_cfg.max_key_size); 2404#else 2405 return 0; 2406#endif 2407} 2408 2409/******************************************************************************* 2410** Utility functions for LE device IR/ER generation 2411*******************************************************************************/ 2412/******************************************************************************* 2413** 2414** Function btm_notify_new_key 2415** 2416** Description This function is to notify application new keys have been 2417** generated. 2418** 2419** Returns void 2420** 2421*******************************************************************************/ 2422static void btm_notify_new_key(uint8_t key_type) 2423{ 2424 tBTM_BLE_LOCAL_KEYS *p_locak_keys = NULL; 2425 2426 BTM_TRACE_DEBUG ("btm_notify_new_key key_type=%d", key_type); 2427 2428 if (btm_cb.api.p_le_key_callback) 2429 { 2430 switch (key_type) 2431 { 2432 case BTM_BLE_KEY_TYPE_ID: 2433 BTM_TRACE_DEBUG ("BTM_BLE_KEY_TYPE_ID"); 2434 p_locak_keys = (tBTM_BLE_LOCAL_KEYS *)&btm_cb.devcb.id_keys; 2435 break; 2436 2437 case BTM_BLE_KEY_TYPE_ER: 2438 BTM_TRACE_DEBUG ("BTM_BLE_KEY_TYPE_ER"); 2439 p_locak_keys = (tBTM_BLE_LOCAL_KEYS *)&btm_cb.devcb.ble_encryption_key_value; 2440 break; 2441 2442 default: 2443 BTM_TRACE_ERROR("unknown key type: %d", key_type); 2444 break; 2445 } 2446 if (p_locak_keys != NULL) 2447 (*btm_cb.api.p_le_key_callback) (key_type, p_locak_keys); 2448 } 2449} 2450 2451/******************************************************************************* 2452** 2453** Function btm_ble_process_er2 2454** 2455** Description This function is called when ER is generated, store it in 2456** local control block. 2457** 2458** Returns void 2459** 2460*******************************************************************************/ 2461static void btm_ble_process_er2(tBTM_RAND_ENC *p) 2462{ 2463 BTM_TRACE_DEBUG ("btm_ble_process_er2"); 2464 2465 if (p &&p->opcode == HCI_BLE_RAND) 2466 { 2467 memcpy(&btm_cb.devcb.ble_encryption_key_value[8], p->param_buf, BT_OCTET8_LEN); 2468 btm_notify_new_key(BTM_BLE_KEY_TYPE_ER); 2469 } 2470 else 2471 { 2472 BTM_TRACE_ERROR("Generating ER2 exception."); 2473 memset(&btm_cb.devcb.ble_encryption_key_value, 0, sizeof(BT_OCTET16)); 2474 } 2475} 2476 2477/******************************************************************************* 2478** 2479** Function btm_ble_process_er 2480** 2481** Description This function is called when ER is generated, store it in 2482** local control block. 2483** 2484** Returns void 2485** 2486*******************************************************************************/ 2487static void btm_ble_process_er(tBTM_RAND_ENC *p) 2488{ 2489 BTM_TRACE_DEBUG ("btm_ble_process_er"); 2490 2491 if (p &&p->opcode == HCI_BLE_RAND) 2492 { 2493 memcpy(&btm_cb.devcb.ble_encryption_key_value[0], p->param_buf, BT_OCTET8_LEN); 2494 2495 btsnd_hcic_ble_rand((void *)btm_ble_process_er2); 2496 } 2497 else 2498 { 2499 BTM_TRACE_ERROR("Generating ER1 exception."); 2500 } 2501} 2502 2503/******************************************************************************* 2504** 2505** Function btm_ble_process_irk 2506** 2507** Description This function is called when IRK is generated, store it in 2508** local control block. 2509** 2510** Returns void 2511** 2512*******************************************************************************/ 2513static void btm_ble_process_irk(tSMP_ENC *p) 2514{ 2515 BTM_TRACE_DEBUG ("btm_ble_process_irk"); 2516 if (p &&p->opcode == HCI_BLE_ENCRYPT) 2517 { 2518 memcpy(btm_cb.devcb.id_keys.irk, p->param_buf, BT_OCTET16_LEN); 2519 btm_notify_new_key(BTM_BLE_KEY_TYPE_ID); 2520 2521#if (BLE_PRIVACY_SPT == TRUE) 2522 /* if privacy is enabled, new RPA should be calculated */ 2523 if (btm_cb.ble_ctr_cb.privacy_mode != BTM_PRIVACY_NONE) 2524 { 2525 btm_gen_resolvable_private_addr((void *)btm_gen_resolve_paddr_low); 2526 } 2527#endif 2528 } 2529 else 2530 { 2531 BTM_TRACE_ERROR("Generating IRK exception."); 2532 } 2533 2534 /* proceed generate ER */ 2535 btsnd_hcic_ble_rand((void *)btm_ble_process_er); 2536} 2537 2538/******************************************************************************* 2539** 2540** Function btm_ble_process_dhk 2541** 2542** Description This function is called when DHK is calculated, store it in 2543** local control block, and proceed to generate ER, a 128-bits 2544** random number. 2545** 2546** Returns void 2547** 2548*******************************************************************************/ 2549static void btm_ble_process_dhk(tSMP_ENC *p) 2550{ 2551#if (SMP_INCLUDED == TRUE) 2552 uint8_t btm_ble_irk_pt = 0x01; 2553 tSMP_ENC output; 2554 2555 BTM_TRACE_DEBUG ("btm_ble_process_dhk"); 2556 2557 if (p && p->opcode == HCI_BLE_ENCRYPT) 2558 { 2559 memcpy(btm_cb.devcb.id_keys.dhk, p->param_buf, BT_OCTET16_LEN); 2560 BTM_TRACE_DEBUG("BLE DHK generated."); 2561 2562 /* IRK = D1(IR, 1) */ 2563 if (!SMP_Encrypt(btm_cb.devcb.id_keys.ir, BT_OCTET16_LEN, &btm_ble_irk_pt, 2564 1, &output)) 2565 { 2566 /* reset all identity root related key */ 2567 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS)); 2568 } 2569 else 2570 { 2571 btm_ble_process_irk(&output); 2572 } 2573 } 2574 else 2575 { 2576 /* reset all identity root related key */ 2577 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS)); 2578 } 2579#endif 2580} 2581 2582/******************************************************************************* 2583** 2584** Function btm_ble_process_ir2 2585** 2586** Description This function is called when IR is generated, proceed to calculate 2587** DHK = Eir({0x03, 0, 0 ...}) 2588** 2589** 2590** Returns void 2591** 2592*******************************************************************************/ 2593static void btm_ble_process_ir2(tBTM_RAND_ENC *p) 2594{ 2595#if (SMP_INCLUDED == TRUE) 2596 uint8_t btm_ble_dhk_pt = 0x03; 2597 tSMP_ENC output; 2598 2599 BTM_TRACE_DEBUG ("btm_ble_process_ir2"); 2600 2601 if (p && p->opcode == HCI_BLE_RAND) 2602 { 2603 /* remembering in control block */ 2604 memcpy(&btm_cb.devcb.id_keys.ir[8], p->param_buf, BT_OCTET8_LEN); 2605 /* generate DHK= Eir({0x03, 0x00, 0x00 ...}) */ 2606 2607 SMP_Encrypt(btm_cb.devcb.id_keys.ir, BT_OCTET16_LEN, &btm_ble_dhk_pt, 2608 1, &output); 2609 btm_ble_process_dhk(&output); 2610 2611 BTM_TRACE_DEBUG("BLE IR generated."); 2612 } 2613 else 2614 { 2615 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS)); 2616 } 2617#endif 2618} 2619 2620/******************************************************************************* 2621** 2622** Function btm_ble_process_ir 2623** 2624** Description This function is called when IR is generated, proceed to calculate 2625** DHK = Eir({0x02, 0, 0 ...}) 2626** 2627** 2628** Returns void 2629** 2630*******************************************************************************/ 2631static void btm_ble_process_ir(tBTM_RAND_ENC *p) 2632{ 2633 BTM_TRACE_DEBUG ("btm_ble_process_ir"); 2634 2635 if (p && p->opcode == HCI_BLE_RAND) 2636 { 2637 /* remembering in control block */ 2638 memcpy(btm_cb.devcb.id_keys.ir, p->param_buf, BT_OCTET8_LEN); 2639 2640 btsnd_hcic_ble_rand((void *)btm_ble_process_ir2); 2641 } 2642} 2643 2644/******************************************************************************* 2645** 2646** Function btm_ble_reset_id 2647** 2648** Description This function is called to reset LE device identity. 2649** 2650** Returns void 2651** 2652*******************************************************************************/ 2653void btm_ble_reset_id( void ) 2654{ 2655 BTM_TRACE_DEBUG ("btm_ble_reset_id"); 2656 2657 /* regenrate Identity Root*/ 2658 btsnd_hcic_ble_rand((void *)btm_ble_process_ir); 2659} 2660 2661 #if BTM_BLE_CONFORMANCE_TESTING == true 2662/******************************************************************************* 2663** 2664** Function btm_ble_set_no_disc_if_pair_fail 2665** 2666** Description This function indicates that whether no disconnect of the ACL 2667** should be used if pairing failed 2668** 2669** Returns void 2670** 2671*******************************************************************************/ 2672void btm_ble_set_no_disc_if_pair_fail(bool disable_disc ) 2673{ 2674 BTM_TRACE_DEBUG ("btm_ble_set_disc_enable_if_pair_fail disable_disc=%d", disable_disc); 2675 btm_cb.devcb.no_disc_if_pair_fail = disable_disc; 2676} 2677 2678/******************************************************************************* 2679** 2680** Function btm_ble_set_test_mac_value 2681** 2682** Description This function set test MAC value 2683** 2684** Returns void 2685** 2686*******************************************************************************/ 2687void btm_ble_set_test_mac_value(bool enable, uint8_t *p_test_mac_val ) 2688{ 2689 BTM_TRACE_DEBUG ("btm_ble_set_test_mac_value enable=%d", enable); 2690 btm_cb.devcb.enable_test_mac_val = enable; 2691 memcpy(btm_cb.devcb.test_mac, p_test_mac_val, BT_OCTET8_LEN); 2692} 2693 2694/******************************************************************************* 2695** 2696** Function btm_ble_set_test_local_sign_cntr_value 2697** 2698** Description This function set test local sign counter value 2699** 2700** Returns void 2701** 2702*******************************************************************************/ 2703void btm_ble_set_test_local_sign_cntr_value(bool enable, uint32_t test_local_sign_cntr ) 2704{ 2705 BTM_TRACE_DEBUG ("btm_ble_set_test_local_sign_cntr_value enable=%d local_sign_cntr=%d", 2706 enable, test_local_sign_cntr); 2707 btm_cb.devcb.enable_test_local_sign_cntr = enable; 2708 btm_cb.devcb.test_local_sign_cntr = test_local_sign_cntr; 2709} 2710 2711/******************************************************************************* 2712** 2713** Function btm_set_random_address 2714** 2715** Description This function set a random address to local controller. 2716** 2717** Returns void 2718** 2719*******************************************************************************/ 2720void btm_set_random_address(BD_ADDR random_bda) 2721{ 2722 tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb; 2723 bool adv_mode = btm_cb.ble_ctr_cb.inq_var.adv_mode ; 2724 2725 BTM_TRACE_DEBUG ("btm_set_random_address"); 2726 2727 if (adv_mode == BTM_BLE_ADV_ENABLE) 2728 btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_DISABLE); 2729 2730 memcpy(p_cb->private_addr, random_bda, BD_ADDR_LEN); 2731 btsnd_hcic_ble_set_random_addr(p_cb->private_addr); 2732 2733 if (adv_mode == BTM_BLE_ADV_ENABLE) 2734 btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_ENABLE); 2735 2736} 2737 2738/******************************************************************************* 2739** 2740** Function btm_ble_set_keep_rfu_in_auth_req 2741** 2742** Description This function indicates if RFU bits have to be kept as is 2743** (by default they have to be set to 0 by the sender). 2744** 2745** Returns void 2746** 2747*******************************************************************************/ 2748void btm_ble_set_keep_rfu_in_auth_req(bool keep_rfu) 2749{ 2750 BTM_TRACE_DEBUG ("btm_ble_set_keep_rfu_in_auth_req keep_rfus=%d", keep_rfu); 2751 btm_cb.devcb.keep_rfu_in_auth_req = keep_rfu; 2752} 2753 2754#endif /* BTM_BLE_CONFORMANCE_TESTING */ 2755 2756#endif /* BLE_INCLUDED */ 2757