/******************************************************************************
*
* Copyright (C) 2008-2012 Broadcom Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
******************************************************************************/
/******************************************************************************
*
* This file contains the implementation of the SMP interface used by
* applications that can run over an SMP.
*
******************************************************************************/
#include <string.h>
#include "bt_target.h"
#include "bt_utils.h"
#include "stack_config.h"
#if SMP_INCLUDED == TRUE
#include "smp_int.h"
#include "smp_api.h"
#include "l2cdefs.h"
#include "l2c_int.h"
#include "btm_int.h"
#include "hcimsgs.h"
#include "btu.h"
#include "p_256_ecc_pp.h"
/*******************************************************************************
**
** Function SMP_Init
**
** Description This function initializes the SMP unit.
**
** Returns void
**
*******************************************************************************/
void SMP_Init(void)
{
memset(&smp_cb, 0, sizeof(tSMP_CB));
smp_cb.smp_rsp_timer_ent = alarm_new("smp.smp_rsp_timer_ent");
#if defined(SMP_INITIAL_TRACE_LEVEL)
smp_cb.trace_level = SMP_INITIAL_TRACE_LEVEL;
#else
smp_cb.trace_level = BT_TRACE_LEVEL_NONE; /* No traces */
#endif
SMP_TRACE_EVENT ("%s", __FUNCTION__);
smp_l2cap_if_init();
/* initialization of P-256 parameters */
p_256_init_curve(KEY_LENGTH_DWORDS_P256);
/* Initialize failure case for certification */
smp_cb.cert_failure = stack_config_get_interface()->get_pts_smp_failure_case();
if (smp_cb.cert_failure)
SMP_TRACE_ERROR ("%s PTS FAILURE MODE IN EFFECT (CASE %d)", __func__, smp_cb.cert_failure);
}
/*******************************************************************************
**
** Function SMP_SetTraceLevel
**
** Description This function sets the trace level for SMP. If called with
** a value of 0xFF, it simply returns the current trace level.
**
** Input Parameters:
** level: The level to set the GATT tracing to:
** 0xff-returns the current setting.
** 0-turns off tracing.
** >= 1-Errors.
** >= 2-Warnings.
** >= 3-APIs.
** >= 4-Events.
** >= 5-Debug.
**
** Returns The new or current trace level
**
*******************************************************************************/
extern UINT8 SMP_SetTraceLevel (UINT8 new_level)
{
if (new_level != 0xFF)
smp_cb.trace_level = new_level;
return(smp_cb.trace_level);
}
/*******************************************************************************
**
** Function SMP_Register
**
** Description This function register for the SMP services callback.
**
** Returns void
**
*******************************************************************************/
BOOLEAN SMP_Register (tSMP_CALLBACK *p_cback)
{
SMP_TRACE_EVENT ("SMP_Register state=%d", smp_cb.state);
if (smp_cb.p_callback != NULL)
{
SMP_TRACE_ERROR ("SMP_Register: duplicate registration, overwrite it");
}
smp_cb.p_callback = p_cback;
return(TRUE);
}
/*******************************************************************************
**
** Function SMP_Pair
**
** Description This function call to perform a SMP pairing with peer device.
** Device support one SMP pairing at one time.
**
** Parameters bd_addr - peer device bd address.
**
** Returns None
**
*******************************************************************************/
tSMP_STATUS SMP_Pair (BD_ADDR bd_addr)
{
tSMP_CB *p_cb = &smp_cb;
UINT8 status = SMP_PAIR_INTERNAL_ERR;
SMP_TRACE_EVENT ("%s state=%d br_state=%d flag=0x%x ",
__FUNCTION__, p_cb->state, p_cb->br_state, p_cb->flags);
if (p_cb->state != SMP_STATE_IDLE || p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD ||
p_cb->smp_over_br)
{
/* pending security on going, reject this one */
return SMP_BUSY;
}
else
{
p_cb->flags = SMP_PAIR_FLAGS_WE_STARTED_DD;
memcpy (p_cb->pairing_bda, bd_addr, BD_ADDR_LEN);
if (!L2CA_ConnectFixedChnl (L2CAP_SMP_CID, bd_addr))
{
SMP_TRACE_ERROR("%s: L2C connect fixed channel failed.", __FUNCTION__);
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
return status;
}
return SMP_STARTED;
}
}
/*******************************************************************************
**
** Function SMP_BR_PairWith
**
** Description This function is called to start a SMP pairing over BR/EDR.
** Device support one SMP pairing at one time.
**
** Parameters bd_addr - peer device bd address.
**
** Returns SMP_STARTED if pairing started, otherwise reason for failure.
**
*******************************************************************************/
tSMP_STATUS SMP_BR_PairWith (BD_ADDR bd_addr)
{
tSMP_CB *p_cb = &smp_cb;
UINT8 status = SMP_PAIR_INTERNAL_ERR;
SMP_TRACE_EVENT ("%s state=%d br_state=%d flag=0x%x ",
__func__, p_cb->state, p_cb->br_state, p_cb->flags);
if (p_cb->state != SMP_STATE_IDLE ||
p_cb->smp_over_br ||
p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)
{
/* pending security on going, reject this one */
return SMP_BUSY;
}
p_cb->role = HCI_ROLE_MASTER;
p_cb->flags = SMP_PAIR_FLAGS_WE_STARTED_DD;
p_cb->smp_over_br = TRUE;
memcpy (p_cb->pairing_bda, bd_addr, BD_ADDR_LEN);
if (!L2CA_ConnectFixedChnl (L2CAP_SMP_BR_CID, bd_addr))
{
SMP_TRACE_ERROR("%s: L2C connect fixed channel failed.",__FUNCTION__);
smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &status);
return status;
}
return SMP_STARTED;
}
/*******************************************************************************
**
** Function SMP_PairCancel
**
** Description This function call to cancel a SMP pairing with peer device.
**
** Parameters bd_addr - peer device bd address.
**
** Returns TRUE - Pairining is cancelled
**
*******************************************************************************/
BOOLEAN SMP_PairCancel (BD_ADDR bd_addr)
{
tSMP_CB *p_cb = &smp_cb;
UINT8 err_code = SMP_PAIR_FAIL_UNKNOWN;
BOOLEAN status = FALSE;
// PTS SMP failure test cases
if (p_cb->cert_failure == 7)
err_code = SMP_PASSKEY_ENTRY_FAIL;
else if (p_cb->cert_failure == 8)
err_code = SMP_NUMERIC_COMPAR_FAIL;
BTM_TRACE_EVENT ("SMP_CancelPair state=%d flag=0x%x ", p_cb->state, p_cb->flags);
if ( (p_cb->state != SMP_STATE_IDLE) &&
(!memcmp (p_cb->pairing_bda, bd_addr, BD_ADDR_LEN)) )
{
p_cb->is_pair_cancel = TRUE;
SMP_TRACE_DEBUG("Cancel Pairing: set fail reason Unknown");
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &err_code);
status = TRUE;
}
return status;
}
/*******************************************************************************
**
** Function SMP_SecurityGrant
**
** Description This function is called to grant security process.
**
** Parameters bd_addr - peer device bd address.
** res - result of the operation SMP_SUCCESS if success.
** Otherwise, SMP_REPEATED_ATTEMPTS is too many attempts.
**
** Returns None
**
*******************************************************************************/
void SMP_SecurityGrant(BD_ADDR bd_addr, UINT8 res)
{
SMP_TRACE_EVENT ("SMP_SecurityGrant ");
if (smp_cb.smp_over_br)
{
if (smp_cb.br_state != SMP_BR_STATE_WAIT_APP_RSP ||
smp_cb.cb_evt != SMP_SEC_REQUEST_EVT ||
memcmp (smp_cb.pairing_bda, bd_addr, BD_ADDR_LEN))
{
return;
}
/* clear the SMP_SEC_REQUEST_EVT event after get grant */
/* avoid generating duplicate pair request */
smp_cb.cb_evt = 0;
smp_br_state_machine_event(&smp_cb, SMP_BR_API_SEC_GRANT_EVT, &res);
return;
}
if (smp_cb.state != SMP_STATE_WAIT_APP_RSP ||
smp_cb.cb_evt != SMP_SEC_REQUEST_EVT ||
memcmp (smp_cb.pairing_bda, bd_addr, BD_ADDR_LEN))
return;
/* clear the SMP_SEC_REQUEST_EVT event after get grant */
/* avoid generate duplicate pair request */
smp_cb.cb_evt = 0;
smp_sm_event(&smp_cb, SMP_API_SEC_GRANT_EVT, &res);
}
/*******************************************************************************
**
** Function SMP_PasskeyReply
**
** Description This function is called after Security Manager submitted
** passkey request to the application.
**
** Parameters: bd_addr - Address of the device for which passkey was requested
** res - result of the operation SMP_SUCCESS if success
** passkey - numeric value in the range of
** BTM_MIN_PASSKEY_VAL(0) - BTM_MAX_PASSKEY_VAL(999999(0xF423F)).
**
*******************************************************************************/
void SMP_PasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey)
{
tSMP_CB *p_cb = & smp_cb;
UINT8 failure = SMP_PASSKEY_ENTRY_FAIL;
SMP_TRACE_EVENT ("SMP_PasskeyReply: Key: %d Result:%d",
passkey, res);
/* If timeout already expired or has been canceled, ignore the reply */
if (p_cb->cb_evt != SMP_PASSKEY_REQ_EVT)
{
SMP_TRACE_WARNING ("SMP_PasskeyReply() - Wrong State: %d", p_cb->state);
return;
}
if (memcmp (bd_addr, p_cb->pairing_bda, BD_ADDR_LEN) != 0)
{
SMP_TRACE_ERROR ("SMP_PasskeyReply() - Wrong BD Addr");
return;
}
if (btm_find_dev (bd_addr) == NULL)
{
SMP_TRACE_ERROR ("SMP_PasskeyReply() - no dev CB");
return;
}
if (passkey > BTM_MAX_PASSKEY_VAL || res != SMP_SUCCESS)
{
SMP_TRACE_WARNING ("SMP_PasskeyReply() - Wrong key len: %d or passkey entry fail", passkey);
/* send pairing failure */
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &failure);
}
else if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_PASSKEY_ENT)
{
smp_sm_event(&smp_cb, SMP_SC_KEY_READY_EVT, &passkey);
}
else
{
smp_convert_string_to_tk(p_cb->tk, passkey);
}
return;
}
/*******************************************************************************
**
** Function SMP_ConfirmReply
**
** Description This function is called after Security Manager submitted
** numeric comparison request to the application.
**
** Parameters: bd_addr - Address of the device with which numeric
** comparison was requested
** res - comparison result SMP_SUCCESS if success
**
*******************************************************************************/
void SMP_ConfirmReply (BD_ADDR bd_addr, UINT8 res)
{
tSMP_CB *p_cb = & smp_cb;
UINT8 failure = SMP_NUMERIC_COMPAR_FAIL;
SMP_TRACE_EVENT ("%s: Result:%d", __FUNCTION__, res);
/* If timeout already expired or has been canceled, ignore the reply */
if (p_cb->cb_evt != SMP_NC_REQ_EVT)
{
SMP_TRACE_WARNING ("%s() - Wrong State: %d", __FUNCTION__,p_cb->state);
return;
}
if (memcmp (bd_addr, p_cb->pairing_bda, BD_ADDR_LEN) != 0)
{
SMP_TRACE_ERROR ("%s() - Wrong BD Addr",__FUNCTION__);
return;
}
if (btm_find_dev (bd_addr) == NULL)
{
SMP_TRACE_ERROR ("%s() - no dev CB",__FUNCTION__);
return;
}
if (res != SMP_SUCCESS)
{
SMP_TRACE_WARNING ("%s() - Numeric Comparison fails",__FUNCTION__);
/* send pairing failure */
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &failure);
}
else
{
smp_sm_event(p_cb, SMP_SC_NC_OK_EVT, NULL);
}
}
/*******************************************************************************
**
** Function SMP_OobDataReply
**
** Description This function is called to provide the OOB data for
** SMP in response to SMP_OOB_REQ_EVT
**
** Parameters: bd_addr - Address of the peer device
** res - result of the operation SMP_SUCCESS if success
** p_data - simple pairing Randomizer C.
**
*******************************************************************************/
void SMP_OobDataReply(BD_ADDR bd_addr, tSMP_STATUS res, UINT8 len, UINT8 *p_data)
{
tSMP_CB *p_cb = & smp_cb;
UINT8 failure = SMP_OOB_FAIL;
tSMP_KEY key;
SMP_TRACE_EVENT ("%s State: %d res:%d", __FUNCTION__, smp_cb.state, res);
/* If timeout already expired or has been canceled, ignore the reply */
if (p_cb->state != SMP_STATE_WAIT_APP_RSP || p_cb->cb_evt != SMP_OOB_REQ_EVT)
return;
if (res != SMP_SUCCESS || len == 0 || !p_data)
{
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &failure);
}
else
{
if (len > BT_OCTET16_LEN)
len = BT_OCTET16_LEN;
memcpy(p_cb->tk, p_data, len);
key.key_type = SMP_KEY_TYPE_TK;
key.p_data = p_cb->tk;
smp_sm_event(&smp_cb, SMP_KEY_READY_EVT, &key);
}
}
/*******************************************************************************
**
** Function SMP_SecureConnectionOobDataReply
**
** Description This function is called to provide the SC OOB data for
** SMP in response to SMP_SC_OOB_REQ_EVT
**
** Parameters: p_data - pointer to the data
**
*******************************************************************************/
void SMP_SecureConnectionOobDataReply(UINT8 *p_data)
{
tSMP_CB *p_cb = &smp_cb;
UINT8 failure = SMP_OOB_FAIL;
tSMP_SC_OOB_DATA *p_oob = (tSMP_SC_OOB_DATA *) p_data;
if (!p_oob)
{
SMP_TRACE_ERROR("%s received no data",__FUNCTION__);
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &failure);
return;
}
SMP_TRACE_EVENT ("%s req_oob_type: %d, loc_oob_data.present: %d, "
"peer_oob_data.present: %d",
__FUNCTION__, p_cb->req_oob_type, p_oob->loc_oob_data.present,
p_oob->peer_oob_data.present);
if (p_cb->state != SMP_STATE_WAIT_APP_RSP || p_cb->cb_evt != SMP_SC_OOB_REQ_EVT)
return;
BOOLEAN data_missing = FALSE;
switch (p_cb->req_oob_type)
{
case SMP_OOB_PEER:
if (!p_oob->peer_oob_data.present)
data_missing = TRUE;
break;
case SMP_OOB_LOCAL:
if (!p_oob->loc_oob_data.present)
data_missing = TRUE;
break;
case SMP_OOB_BOTH:
if (!p_oob->loc_oob_data.present || !p_oob->peer_oob_data.present)
data_missing = TRUE;
break;
default:
SMP_TRACE_EVENT ("Unexpected OOB data type requested. Fail OOB");
data_missing = TRUE;
break;
}
if (data_missing)
{
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &failure);
return;
}
p_cb->sc_oob_data = *p_oob;
smp_sm_event(&smp_cb, SMP_SC_OOB_DATA_EVT, p_data);
}
/*******************************************************************************
**
** Function SMP_Encrypt
**
** Description This function is called to encrypt the data with the specified
** key
**
** Parameters: key - Pointer to key key[0] conatins the MSB
** key_len - key length
** plain_text - Pointer to data to be encrypted
** plain_text[0] conatins the MSB
** pt_len - plain text length
** p_out - output of the encrypted texts
**
** Returns Boolean - request is successful
*******************************************************************************/
BOOLEAN SMP_Encrypt (UINT8 *key, UINT8 key_len,
UINT8 *plain_text, UINT8 pt_len,
tSMP_ENC *p_out)
{
BOOLEAN status=FALSE;
status = smp_encrypt_data(key, key_len, plain_text, pt_len, p_out);
return status;
}
/*******************************************************************************
**
** Function SMP_KeypressNotification
**
** Description This function is called to notify Security Manager about Keypress Notification.
**
** Parameters: bd_addr Address of the device to send keypress notification to
** value Keypress notification parameter value
**
*******************************************************************************/
void SMP_KeypressNotification (BD_ADDR bd_addr, UINT8 value)
{
tSMP_CB *p_cb = &smp_cb;
SMP_TRACE_EVENT ("%s: Value: %d", __FUNCTION__,value);
if (memcmp (bd_addr, p_cb->pairing_bda, BD_ADDR_LEN) != 0)
{
SMP_TRACE_ERROR ("%s() - Wrong BD Addr",__FUNCTION__);
return;
}
if (btm_find_dev (bd_addr) == NULL)
{
SMP_TRACE_ERROR ("%s() - no dev CB",__FUNCTION__);
return;
}
/* Keypress Notification is used by a device with KeyboardOnly IO capabilities */
/* during the passkey entry protocol */
if (p_cb->local_io_capability != SMP_IO_CAP_IN)
{
SMP_TRACE_ERROR ("%s() - wrong local IO capabilities %d",
__FUNCTION__, p_cb->local_io_capability);
return;
}
if (p_cb->selected_association_model != SMP_MODEL_SEC_CONN_PASSKEY_ENT)
{
SMP_TRACE_ERROR ("%s() - wrong protocol %d", __FUNCTION__,
p_cb->selected_association_model);
return;
}
smp_sm_event(p_cb, SMP_KEYPRESS_NOTIFICATION_EVENT, &value);
}
/*******************************************************************************
**
** Function SMP_CreateLocalSecureConnectionsOobData
**
** Description This function is called to start creation of local SC OOB
** data set (tSMP_LOC_OOB_DATA).
**
** Parameters: bd_addr - Address of the device to send OOB data block to
**
** Returns Boolean - TRUE: creation of local SC OOB data set started.
*******************************************************************************/
BOOLEAN SMP_CreateLocalSecureConnectionsOobData (tBLE_BD_ADDR *addr_to_send_to)
{
tSMP_CB *p_cb = &smp_cb;
UINT8 *bd_addr;
if (addr_to_send_to == NULL)
{
SMP_TRACE_ERROR ("%s addr_to_send_to is not provided",__FUNCTION__);
return FALSE;
}
bd_addr = addr_to_send_to->bda;
SMP_TRACE_EVENT ("%s addr type: %u, BDA: %08x%04x, state: %u, br_state: %u",
__FUNCTION__, addr_to_send_to->type,
(bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8) + bd_addr[3],
(bd_addr[4]<<8)+bd_addr[5],
p_cb->state,
p_cb->br_state);
if ((p_cb->state != SMP_STATE_IDLE) || (p_cb->smp_over_br))
{
SMP_TRACE_WARNING ("%s creation of local OOB data set "\
"starts only in IDLE state",__FUNCTION__);
return FALSE;
}
p_cb->sc_oob_data.loc_oob_data.addr_sent_to = *addr_to_send_to;
smp_sm_event(p_cb, SMP_CR_LOC_SC_OOB_DATA_EVT, NULL);
return TRUE;
}
#endif /* SMP_INCLUDED */