1/****************************************************************************** 2 * 3 * Copyright 2014-2015 Broadcom Corporation 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19#include "bt_target.h" 20 21#include <string.h> 22#include "log/log.h" 23#include "smp_int.h" 24 25const char* const smp_br_state_name[SMP_BR_STATE_MAX + 1] = { 26 "SMP_BR_STATE_IDLE", "SMP_BR_STATE_WAIT_APP_RSP", 27 "SMP_BR_STATE_PAIR_REQ_RSP", "SMP_BR_STATE_BOND_PENDING", 28 "SMP_BR_STATE_OUT_OF_RANGE"}; 29 30const char* const smp_br_event_name[SMP_BR_MAX_EVT] = { 31 "BR_PAIRING_REQ_EVT", "BR_PAIRING_RSP_EVT", 32 "BR_CONFIRM_EVT", "BR_RAND_EVT", 33 "BR_PAIRING_FAILED_EVT", "BR_ENCRPTION_INFO_EVT", 34 "BR_MASTER_ID_EVT", "BR_ID_INFO_EVT", 35 "BR_ID_ADDR_EVT", "BR_SIGN_INFO_EVT", 36 "BR_SECURITY_REQ_EVT", "BR_PAIR_PUBLIC_KEY_EVT", 37 "BR_PAIR_DHKEY_CHCK_EVT", "BR_PAIR_KEYPR_NOTIF_EVT", 38 "BR_KEY_READY_EVT", "BR_ENCRYPTED_EVT", 39 "BR_L2CAP_CONN_EVT", "BR_L2CAP_DISCONN_EVT", 40 "BR_KEYS_RSP_EVT", "BR_API_SEC_GRANT_EVT", 41 "BR_TK_REQ_EVT", "BR_AUTH_CMPL_EVT", 42 "BR_ENC_REQ_EVT", "BR_BOND_REQ_EVT", 43 "BR_DISCARD_SEC_REQ_EVT", "BR_OUT_OF_RANGE_EVT"}; 44 45const char* smp_get_br_event_name(tSMP_BR_EVENT event); 46const char* smp_get_br_state_name(tSMP_BR_STATE state); 47 48#define SMP_BR_SM_IGNORE 0 49#define SMP_BR_NUM_ACTIONS 2 50#define SMP_BR_SME_NEXT_STATE 2 51#define SMP_BR_SM_NUM_COLS 3 52typedef const uint8_t (*tSMP_BR_SM_TBL)[SMP_BR_SM_NUM_COLS]; 53 54enum { 55 SMP_SEND_PAIR_REQ, 56 SMP_BR_SEND_PAIR_RSP, 57 SMP_SEND_PAIR_FAIL, 58 SMP_SEND_ID_INFO, 59 SMP_BR_PROC_PAIR_CMD, 60 SMP_PROC_PAIR_FAIL, 61 SMP_PROC_ID_INFO, 62 SMP_PROC_ID_ADDR, 63 SMP_PROC_SRK_INFO, 64 SMP_BR_PROC_SEC_GRANT, 65 SMP_BR_PROC_SL_KEYS_RSP, 66 SMP_BR_KEY_DISTRIBUTION, 67 SMP_BR_PAIRING_COMPLETE, 68 SMP_SEND_APP_CBACK, 69 SMP_BR_CHECK_AUTH_REQ, 70 SMP_PAIR_TERMINATE, 71 SMP_IDLE_TERMINATE, 72 SMP_BR_SM_NO_ACTION 73}; 74 75static const tSMP_ACT smp_br_sm_action[] = { 76 smp_send_pair_req, /* SMP_SEND_PAIR_REQ */ 77 smp_br_send_pair_response, /* SMP_BR_SEND_PAIR_RSP */ 78 smp_send_pair_fail, /* SMP_SEND_PAIR_FAIL */ 79 smp_send_id_info, /* SMP_SEND_ID_INFO */ 80 smp_br_process_pairing_command, /* SMP_BR_PROC_PAIR_CMD */ 81 smp_proc_pair_fail, /* SMP_PROC_PAIR_FAIL */ 82 smp_proc_id_info, /* SMP_PROC_ID_INFO */ 83 smp_proc_id_addr, /* SMP_PROC_ID_ADDR */ 84 smp_proc_srk_info, /* SMP_PROC_SRK_INFO */ 85 smp_br_process_security_grant, /* SMP_BR_PROC_SEC_GRANT */ 86 smp_br_process_slave_keys_response, /* SMP_BR_PROC_SL_KEYS_RSP */ 87 smp_br_select_next_key, /* SMP_BR_KEY_DISTRIBUTION */ 88 smp_br_pairing_complete, /* SMP_BR_PAIRING_COMPLETE */ 89 smp_send_app_cback, /* SMP_SEND_APP_CBACK */ 90 smp_br_check_authorization_request, /* SMP_BR_CHECK_AUTH_REQ */ 91 smp_pair_terminate, /* SMP_PAIR_TERMINATE */ 92 smp_idle_terminate /* SMP_IDLE_TERMINATE */ 93}; 94 95static const uint8_t smp_br_all_table[][SMP_BR_SM_NUM_COLS] = { 96 /* Event Action Next State */ 97 /* BR_PAIRING_FAILED */ 98 {SMP_PROC_PAIR_FAIL, SMP_BR_PAIRING_COMPLETE, SMP_BR_STATE_IDLE}, 99 /* BR_AUTH_CMPL */ 100 {SMP_SEND_PAIR_FAIL, SMP_BR_PAIRING_COMPLETE, SMP_BR_STATE_IDLE}, 101 /* BR_L2CAP_DISCONN */ 102 {SMP_PAIR_TERMINATE, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_IDLE}}; 103 104/************ SMP Master FSM State/Event Indirection Table **************/ 105static const uint8_t smp_br_master_entry_map[][SMP_BR_STATE_MAX] = { 106 /* br_state name: Idle WaitApp Pair Bond 107 Rsp ReqRsp Pend */ 108 /* BR_PAIRING_REQ */ {0, 0, 0, 0}, 109 /* BR_PAIRING_RSP */ {0, 0, 1, 0}, 110 /* BR_CONFIRM */ {0, 0, 0, 0}, 111 /* BR_RAND */ {0, 0, 0, 0}, 112 /* BR_PAIRING_FAILED */ {0, 0x81, 0x81, 0}, 113 /* BR_ENCRPTION_INFO */ {0, 0, 0, 0}, 114 /* BR_MASTER_ID */ {0, 0, 0, 0}, 115 /* BR_ID_INFO */ {0, 0, 0, 1}, 116 /* BR_ID_ADDR */ {0, 0, 0, 2}, 117 /* BR_SIGN_INFO */ {0, 0, 0, 3}, 118 /* BR_SECURITY_REQ */ {0, 0, 0, 0}, 119 /* BR_PAIR_PUBLIC_KEY_EVT */ {0, 0, 0, 0}, 120 /* BR_PAIR_DHKEY_CHCK_EVT */ {0, 0, 0, 0}, 121 /* BR_PAIR_KEYPR_NOTIF_EVT */ {0, 0, 0, 0}, 122 /* BR_KEY_READY */ {0, 0, 0, 0}, 123 /* BR_ENCRYPTED */ {0, 0, 0, 0}, 124 /* BR_L2CAP_CONN */ {1, 0, 0, 0}, 125 /* BR_L2CAP_DISCONN */ {2, 0x83, 0x83, 0x83}, 126 /* BR_KEYS_RSP */ {0, 1, 0, 0}, 127 /* BR_API_SEC_GRANT */ {0, 0, 0, 0}, 128 /* BR_TK_REQ */ {0, 0, 0, 0}, 129 /* BR_AUTH_CMPL */ {0, 0x82, 0x82, 0x82}, 130 /* BR_ENC_REQ */ {0, 0, 0, 0}, 131 /* BR_BOND_REQ */ {0, 0, 2, 0}, 132 /* BR_DISCARD_SEC_REQ */ {0, 0, 0, 0}}; 133 134static const uint8_t smp_br_master_idle_table[][SMP_BR_SM_NUM_COLS] = { 135 /* Event Action Next State */ 136 /* BR_L2CAP_CONN */ 137 {SMP_SEND_APP_CBACK, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_WAIT_APP_RSP}, 138 /* BR_L2CAP_DISCONN */ 139 {SMP_IDLE_TERMINATE, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_IDLE}}; 140 141static const uint8_t 142 smp_br_master_wait_appln_response_table[][SMP_BR_SM_NUM_COLS] = { 143 /* Event Action Next State */ 144 /* BR_KEYS_RSP */ 145 {SMP_SEND_PAIR_REQ, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_PAIR_REQ_RSP}}; 146 147static const uint8_t 148 smp_br_master_pair_request_response_table[][SMP_BR_SM_NUM_COLS] = { 149 /* Event Action Next State */ 150 /* BR_PAIRING_RSP */ 151 {SMP_BR_PROC_PAIR_CMD, SMP_BR_CHECK_AUTH_REQ, 152 SMP_BR_STATE_PAIR_REQ_RSP}, 153 /* BR_BOND_REQ */ 154 {SMP_BR_SM_NO_ACTION, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING}}; 155 156static const uint8_t smp_br_master_bond_pending_table[][SMP_BR_SM_NUM_COLS] = { 157 /* Event Action Next State */ 158 /* BR_ID_INFO */ 159 {SMP_PROC_ID_INFO, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING}, 160 /* BR_ID_ADDR */ 161 {SMP_PROC_ID_ADDR, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING}, 162 /* BR_SIGN_INFO */ 163 {SMP_PROC_SRK_INFO, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING}}; 164 165static const uint8_t smp_br_slave_entry_map[][SMP_BR_STATE_MAX] = { 166 /* br_state name: Idle WaitApp Pair Bond 167 Rsp ReqRsp Pend */ 168 /* BR_PAIRING_REQ */ {1, 0, 0, 0}, 169 /* BR_PAIRING_RSP */ {0, 0, 0, 0}, 170 /* BR_CONFIRM */ {0, 0, 0, 0}, 171 /* BR_RAND */ {0, 0, 0, 0}, 172 /* BR_PAIRING_FAILED */ {0, 0x81, 0x81, 0x81}, 173 /* BR_ENCRPTION_INFO */ {0, 0, 0, 0}, 174 /* BR_MASTER_ID */ {0, 0, 0, 0}, 175 /* BR_ID_INFO */ {0, 0, 0, 1}, 176 /* BR_ID_ADDR */ {0, 0, 0, 2}, 177 /* BR_SIGN_INFO */ {0, 0, 0, 3}, 178 /* BR_SECURITY_REQ */ {0, 0, 0, 0}, 179 /* BR_PAIR_PUBLIC_KEY_EVT */ {0, 0, 0, 0}, 180 /* BR_PAIR_DHKEY_CHCK_EVT */ {0, 0, 0, 0}, 181 /* BR_PAIR_KEYPR_NOTIF_EVT */ {0, 0, 0, 0}, 182 /* BR_KEY_READY */ {0, 0, 0, 0}, 183 /* BR_ENCRYPTED */ {0, 0, 0, 0}, 184 /* BR_L2CAP_CONN */ {0, 0, 0, 0}, 185 /* BR_L2CAP_DISCONN */ {0, 0x83, 0x83, 0x83}, 186 /* BR_KEYS_RSP */ {0, 2, 0, 0}, 187 /* BR_API_SEC_GRANT */ {0, 1, 0, 0}, 188 /* BR_TK_REQ */ {0, 0, 0, 0}, 189 /* BR_AUTH_CMPL */ {0, 0x82, 0x82, 0x82}, 190 /* BR_ENC_REQ */ {0, 0, 0, 0}, 191 /* BR_BOND_REQ */ {0, 3, 0, 0}, 192 /* BR_DISCARD_SEC_REQ */ {0, 0, 0, 0}}; 193 194static const uint8_t smp_br_slave_idle_table[][SMP_BR_SM_NUM_COLS] = { 195 /* Event Action Next State */ 196 /* BR_PAIRING_REQ */ 197 {SMP_BR_PROC_PAIR_CMD, SMP_SEND_APP_CBACK, SMP_BR_STATE_WAIT_APP_RSP}}; 198 199static const uint8_t 200 smp_br_slave_wait_appln_response_table[][SMP_BR_SM_NUM_COLS] = { 201 /* Event Action Next State */ 202 /* BR_API_SEC_GRANT */ 203 {SMP_BR_PROC_SEC_GRANT, SMP_SEND_APP_CBACK, SMP_BR_STATE_WAIT_APP_RSP}, 204 /* BR_KEYS_RSP */ 205 {SMP_BR_PROC_SL_KEYS_RSP, SMP_BR_CHECK_AUTH_REQ, 206 SMP_BR_STATE_WAIT_APP_RSP}, 207 /* BR_BOND_REQ */ 208 {SMP_BR_KEY_DISTRIBUTION, SMP_BR_SM_NO_ACTION, 209 SMP_BR_STATE_BOND_PENDING}}; 210 211static const uint8_t smp_br_slave_bond_pending_table[][SMP_BR_SM_NUM_COLS] = { 212 /* Event Action Next State */ 213 /* BR_ID_INFO */ 214 {SMP_PROC_ID_INFO, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING}, 215 /* BR_ID_ADDR */ 216 {SMP_PROC_ID_ADDR, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING}, 217 /* BR_SIGN_INFO */ 218 {SMP_PROC_SRK_INFO, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING}}; 219 220static const tSMP_BR_SM_TBL smp_br_state_table[][2] = { 221 /* SMP_BR_STATE_IDLE */ 222 {smp_br_master_idle_table, smp_br_slave_idle_table}, 223 224 /* SMP_BR_STATE_WAIT_APP_RSP */ 225 {smp_br_master_wait_appln_response_table, 226 smp_br_slave_wait_appln_response_table}, 227 228 /* SMP_BR_STATE_PAIR_REQ_RSP */ 229 {smp_br_master_pair_request_response_table, NULL}, 230 231 /* SMP_BR_STATE_BOND_PENDING */ 232 {smp_br_master_bond_pending_table, smp_br_slave_bond_pending_table}, 233}; 234 235typedef const uint8_t (*tSMP_BR_ENTRY_TBL)[SMP_BR_STATE_MAX]; 236 237static const tSMP_BR_ENTRY_TBL smp_br_entry_table[] = {smp_br_master_entry_map, 238 smp_br_slave_entry_map}; 239 240#define SMP_BR_ALL_TABLE_MASK 0x80 241 242/******************************************************************************* 243 * Function smp_set_br_state 244 * Returns None 245 ******************************************************************************/ 246void smp_set_br_state(tSMP_BR_STATE br_state) { 247 if (br_state < SMP_BR_STATE_MAX) { 248 SMP_TRACE_DEBUG("BR_State change: %s(%d) ==> %s(%d)", 249 smp_get_br_state_name(smp_cb.br_state), smp_cb.br_state, 250 smp_get_br_state_name(br_state), br_state); 251 smp_cb.br_state = br_state; 252 } else { 253 SMP_TRACE_DEBUG("%s invalid br_state =%d", __func__, br_state); 254 } 255} 256 257/******************************************************************************* 258 * Function smp_get_br_state 259 * Returns The smp_br state 260 ******************************************************************************/ 261tSMP_BR_STATE smp_get_br_state(void) { return smp_cb.br_state; } 262 263/******************************************************************************* 264 * Function smp_get_br_state_name 265 * Returns The smp_br state name. 266 ******************************************************************************/ 267const char* smp_get_br_state_name(tSMP_BR_STATE br_state) { 268 const char* p_str = smp_br_state_name[SMP_BR_STATE_MAX]; 269 270 if (br_state < SMP_BR_STATE_MAX) p_str = smp_br_state_name[br_state]; 271 272 return p_str; 273} 274/******************************************************************************* 275 * Function smp_get_br_event_name 276 * Returns The smp_br event name. 277 ******************************************************************************/ 278const char* smp_get_br_event_name(tSMP_BR_EVENT event) { 279 const char* p_str = smp_br_event_name[SMP_BR_MAX_EVT - 1]; 280 281 if (event < SMP_BR_MAX_EVT) { 282 p_str = smp_br_event_name[event - 1]; 283 } 284 return p_str; 285} 286 287/******************************************************************************* 288 * 289 * Function smp_br_state_machine_event 290 * 291 * Description Handle events to the state machine. It looks up the entry 292 * in the smp_br_entry_table array. 293 * If it is a valid entry, it gets the state table. Set the next 294 * state, if not NULL state. Execute the action function according 295 * to the state table. If the state returned by action function is 296 * not NULL state, adjust the new state to the returned state. 297 * 298 * Returns void. 299 * 300 ******************************************************************************/ 301void smp_br_state_machine_event(tSMP_CB* p_cb, tSMP_BR_EVENT event, 302 tSMP_INT_DATA* p_data) { 303 tSMP_BR_STATE curr_state = p_cb->br_state; 304 tSMP_BR_SM_TBL state_table; 305 uint8_t action, entry; 306 tSMP_BR_ENTRY_TBL entry_table = smp_br_entry_table[p_cb->role]; 307 308 SMP_TRACE_EVENT("main %s", __func__); 309 if (curr_state >= SMP_BR_STATE_MAX) { 310 SMP_TRACE_DEBUG("Invalid br_state: %d", curr_state); 311 return; 312 } 313 314 if (p_cb->role > HCI_ROLE_SLAVE) { 315 SMP_TRACE_ERROR("%s: invalid role %d", __func__, p_cb->role); 316 android_errorWriteLog(0x534e4554, "80145946"); 317 return; 318 } 319 320 SMP_TRACE_DEBUG("SMP Role: %s State: [%s (%d)], Event: [%s (%d)]", 321 (p_cb->role == HCI_ROLE_SLAVE) ? "Slave" : "Master", 322 smp_get_br_state_name(p_cb->br_state), p_cb->br_state, 323 smp_get_br_event_name(event), event); 324 325 /* look up the state table for the current state */ 326 /* lookup entry / w event & curr_state */ 327 /* If entry is ignore, return. 328 * Otherwise, get state table (according to curr_state or all_state) */ 329 if ((event <= SMP_BR_MAX_EVT) && 330 ((entry = entry_table[event - 1][curr_state]) != SMP_BR_SM_IGNORE)) { 331 if (entry & SMP_BR_ALL_TABLE_MASK) { 332 entry &= ~SMP_BR_ALL_TABLE_MASK; 333 state_table = smp_br_all_table; 334 } else { 335 state_table = smp_br_state_table[curr_state][p_cb->role]; 336 } 337 } else { 338 SMP_TRACE_DEBUG("Ignore event [%s (%d)] in state [%s (%d)]", 339 smp_get_br_event_name(event), event, 340 smp_get_br_state_name(curr_state), curr_state); 341 return; 342 } 343 344 /* Get possible next state from state table. */ 345 346 smp_set_br_state(state_table[entry - 1][SMP_BR_SME_NEXT_STATE]); 347 348 /* If action is not ignore, clear param, exec action and get next state. 349 * The action function may set the Param for cback. 350 * Depending on param, call cback or free buffer. */ 351 /* execute action functions */ 352 for (uint8_t i = 0; i < SMP_BR_NUM_ACTIONS; i++) { 353 action = state_table[entry - 1][i]; 354 if (action != SMP_BR_SM_NO_ACTION) { 355 (*smp_br_sm_action[action])(p_cb, p_data); 356 } else { 357 break; 358 } 359 } 360 SMP_TRACE_DEBUG("result state = %s", smp_get_br_state_name(p_cb->br_state)); 361} 362