1651 lines
40 KiB
C
1651 lines
40 KiB
C
/****************************************************************************
|
|
* wireless/bluetooth/bt_smp.c
|
|
* Security Manager Protocol implementation.
|
|
*
|
|
* Copyright (C) 2018 Gregory Nutt. All rights reserved.
|
|
* Author: Gregory Nutt <gnutt@nuttx.org>
|
|
*
|
|
* Ported from the Intel/Zephyr arduino101_firmware_source-v1.tar package
|
|
* where the code was released with a compatible 3-clause BSD license:
|
|
*
|
|
* Copyright (c) 2016, Intel Corporation
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions are met:
|
|
*
|
|
* 1. Redistributions of source code must retain the above copyright notice,
|
|
* this list of conditions and the following disclaimer.
|
|
*
|
|
* 2. Redistributions in binary form must reproduce the above copyright notice,
|
|
* this list of conditions and the following disclaimer in the documentation
|
|
* and/or other materials provided with the distribution.
|
|
*
|
|
* 3. Neither the name of the copyright holder nor the names of its
|
|
* contributors may be used to endorse or promote products derived from this
|
|
* software without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
|
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
|
|
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
* POSSIBILITY OF SUCH DAMAGE.
|
|
*
|
|
****************************************************************************/
|
|
|
|
/****************************************************************************
|
|
* Included Files
|
|
****************************************************************************/
|
|
|
|
#include <nuttx/config.h>
|
|
|
|
#include <stddef.h>
|
|
#include <errno.h>
|
|
#include <string.h>
|
|
|
|
#include <nuttx/wireless/bluetooth/bt_hci.h>
|
|
#include <nuttx/wireless/bluetooth/bt_core.h>
|
|
|
|
#include "bt_atomic.h"
|
|
#include "bt_hcicore.h"
|
|
#include "bt_keys.h"
|
|
#include "bt_conn.h"
|
|
#include "bt_l2cap.h"
|
|
#include "bt_smp.h"
|
|
|
|
/****************************************************************************
|
|
* Pre-processor Definitions
|
|
****************************************************************************/
|
|
|
|
#define RECV_KEYS (BT_SMP_DIST_ID_KEY | BT_SMP_DIST_ENC_KEY)
|
|
#define SEND_KEYS (BT_SMP_DIST_ENC_KEY)
|
|
|
|
#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
|
|
|
|
/****************************************************************************
|
|
* Private Types
|
|
****************************************************************************/
|
|
|
|
/* SMP channel specific context */
|
|
|
|
struct bt_smp_s
|
|
{
|
|
/* The connection this context is associated with */
|
|
|
|
FAR struct bt_conn_s *conn;
|
|
|
|
/* Commands that remote is allowed to send */
|
|
|
|
bt_atomic_t allowed_cmds;
|
|
|
|
/* If we're waiting for an encryption change event */
|
|
|
|
bool pending_encrypt;
|
|
|
|
/* Pairing Request PDU */
|
|
|
|
uint8_t preq[7];
|
|
|
|
/* Pairing Response PDU */
|
|
|
|
uint8_t prsp[7];
|
|
|
|
/* Pairing Confirm PDU */
|
|
|
|
uint8_t pcnf[16];
|
|
|
|
/* Local random number */
|
|
|
|
uint8_t prnd[16];
|
|
|
|
/* Remote random number */
|
|
|
|
uint8_t rrnd[16];
|
|
|
|
/* Temporary key */
|
|
|
|
uint8_t tk[16];
|
|
|
|
/* Local key distribution */
|
|
|
|
uint8_t local_dist;
|
|
|
|
/* Remote key distribution */
|
|
|
|
uint8_t remote_dist;
|
|
};
|
|
|
|
struct uint128_s
|
|
{
|
|
uint64_t a;
|
|
uint64_t b;
|
|
};
|
|
|
|
struct bt_smphandlers_s
|
|
{
|
|
CODE uint8_t(*func)(FAR struct bt_conn_s *conn, FAR struct bt_buf_s *buf);
|
|
uint8_t expect_len;
|
|
};
|
|
|
|
/****************************************************************************
|
|
* Private Function Prototypes
|
|
****************************************************************************/
|
|
|
|
#ifdef CONFIG_DEBUG_WIRELESS_INFO
|
|
static const char *h(FAR const void *buf, size_t len);
|
|
#endif
|
|
static void xor_128(FAR const struct uint128_s *p,
|
|
FAR const struct uint128_s *q, FAR struct uint128_s *r);
|
|
static int le_encrypt(const uint8_t key[16], const uint8_t plaintext[16],
|
|
uint8_t enc_data[16]);
|
|
static int le_rand(FAR void *buf, size_t len);
|
|
static int smp_ah(FAR const uint8_t irk[16], FAR const uint8_t r[3],
|
|
FAR uint8_t out[3]);
|
|
static int smp_c1(FAR const uint8_t k[16], FAR const uint8_t r[16],
|
|
FAR const uint8_t preq[7], FAR const uint8_t pres[7],
|
|
FAR const bt_addr_le_t *ia, FAR const bt_addr_le_t *ra,
|
|
FAR uint8_t enc_data[16]);
|
|
static int smp_s1(const uint8_t k[16], const uint8_t r1[16],
|
|
const uint8_t r2[16], uint8_t out[16]);
|
|
static FAR struct bt_buf_s *bt_smp_create_pdu(FAR struct bt_conn_s *conn,
|
|
uint8_t op, size_t len);
|
|
static void send_err_rsp(FAR struct bt_conn_s *conn, uint8_t reason);
|
|
static int smp_init(struct bt_smp_s *smp);
|
|
static uint8_t smp_pairing_req(FAR struct bt_conn_s *conn,
|
|
FAR struct bt_buf_s *buf);
|
|
static uint8_t smp_pairing_rsp(FAR struct bt_conn_s *conn,
|
|
FAR struct bt_buf_s *buf);
|
|
static uint8_t smp_send_pairing_random(FAR struct bt_conn_s *conn);
|
|
static uint8_t smp_pairing_confirm(FAR struct bt_conn_s *conn,
|
|
FAR struct bt_buf_s *buf);
|
|
static uint8_t smp_pairing_random(FAR struct bt_conn_s *conn,
|
|
FAR struct bt_buf_s *buf);
|
|
static uint8_t smp_pairing_failed(FAR struct bt_conn_s *conn,
|
|
FAR struct bt_buf_s *buf);
|
|
static void bt_smp_distribute_keys(FAR struct bt_conn_s *conn);
|
|
static uint8_t smp_encrypt_info(FAR struct bt_conn_s *conn,
|
|
FAR struct bt_buf_s *buf);
|
|
static uint8_t smp_master_ident(FAR struct bt_conn_s *conn,
|
|
FAR struct bt_buf_s *buf);
|
|
static uint8_t smp_ident_info(FAR struct bt_conn_s *conn,
|
|
FAR struct bt_buf_s *buf);
|
|
static uint8_t smp_ident_addr_info(FAR struct bt_conn_s *conn,
|
|
FAR struct bt_buf_s *buf);
|
|
static uint8_t smp_security_request(FAR struct bt_conn_s *conn,
|
|
FAR struct bt_buf_s *buf);
|
|
static void bt_smp_receive(FAR struct bt_conn_s *conn,
|
|
FAR struct bt_buf_s *buf, FAR void *context,
|
|
uint16_t cid);
|
|
static void bt_smp_connected(FAR struct bt_conn_s *conn,
|
|
FAR void *context, uint16_t cid);
|
|
static void bt_smp_disconnected(FAR struct bt_conn_s *conn,
|
|
FAR void *context, uint16_t cid);
|
|
static void bt_smp_encrypt_change(FAR FAR struct bt_conn_s *conn,
|
|
FAR void *context, uint16_t cid);
|
|
#ifdef CONFIG_BLUETOOTH_SMP_SELFTEST
|
|
static void swap_buf(FAR const uint8_t *src, FAR uint8_t *dst,
|
|
uint16_t len);
|
|
static void swap_in_place(FAR uint8_t * buf, uint16_t len);
|
|
static int cmac_subkey(FAR const uint8_t *key, FAR uint8_t *k1,
|
|
FAR uint8_t *k2);
|
|
static void add_pad(FAR const uint8_t *in, FAR unsigned char *out,
|
|
int len);
|
|
static int bt_smp_aes_cmac(const uint8_t *key, const uint8_t *in,
|
|
size_t len, uint8_t *out);
|
|
static int aes_test(FAR const char *prefix, FAR const uint8_t *key,
|
|
FAR const uint8_t *m, uint16_t len,
|
|
FAR const uint8_t *mac);
|
|
static int smp_aes_cmac_test(void);
|
|
static int smp_self_test(void);
|
|
#else
|
|
# define smp_self_test() (0)
|
|
#endif
|
|
|
|
/****************************************************************************
|
|
* Private Data
|
|
****************************************************************************/
|
|
|
|
static struct bt_smp_s g_smp_pool[CONFIG_BLUETOOTH_MAX_CONN];
|
|
static const struct bt_smphandlers_s g_smp_handlers[] =
|
|
{
|
|
{
|
|
/* No op-code defined for 0x00 */
|
|
},
|
|
{
|
|
smp_pairing_req,
|
|
sizeof(struct bt_smp_pairing_s)
|
|
},
|
|
{
|
|
smp_pairing_rsp,
|
|
sizeof(struct bt_smp_pairing_s)
|
|
},
|
|
{
|
|
smp_pairing_confirm,
|
|
sizeof(struct bt_smp_pairing_confirm_s)
|
|
},
|
|
{
|
|
smp_pairing_random,
|
|
sizeof(struct bt_smp_pairing_random_s)
|
|
},
|
|
{
|
|
smp_pairing_failed,
|
|
sizeof(struct bt_smp_pairing_fail_s)
|
|
},
|
|
{
|
|
smp_encrypt_info,
|
|
sizeof(struct bt_smp_encrypt_info_s)
|
|
},
|
|
{
|
|
smp_master_ident,
|
|
sizeof(struct bt_smp_master_ident_s)
|
|
},
|
|
{
|
|
smp_ident_info,
|
|
sizeof(struct bt_smp_ident_info_s)
|
|
},
|
|
{
|
|
smp_ident_addr_info,
|
|
sizeof(struct bt_smp_ident_addr_info_s)
|
|
},
|
|
{
|
|
/* Signing Information - Not yet implemented */
|
|
},
|
|
{
|
|
smp_security_request,
|
|
sizeof(struct bt_smp_security_request_s)
|
|
}
|
|
};
|
|
|
|
#define NHANDLERS (sizeof(g_smp_handlers) / sizeof(struct bt_smphandlers_s))
|
|
|
|
#ifdef CONFIG_BLUETOOTH_SMP_SELFTEST
|
|
/* Test vectors are taken from RFC 4493
|
|
* https://tools.ietf.org/html/rfc4493
|
|
* Same mentioned in the Bluetooth Spec.
|
|
*/
|
|
|
|
static const uint8_t g_key[] =
|
|
{
|
|
0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
|
|
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
|
|
};
|
|
|
|
static const uint8_t g_M[] =
|
|
{
|
|
0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
|
|
0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
|
|
0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
|
|
0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
|
|
0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
|
|
0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
|
|
0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
|
|
0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
|
|
};
|
|
|
|
static const uint8_t g_mac1[] =
|
|
{
|
|
0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
|
|
0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46
|
|
};
|
|
|
|
static const uint8_t g_mac2[] =
|
|
{
|
|
0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
|
|
0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c
|
|
};
|
|
|
|
static const uint8_t g_mac3[] =
|
|
{
|
|
0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
|
|
0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27
|
|
};
|
|
|
|
static const uint8_t g_mac4[] =
|
|
{
|
|
0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
|
|
0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe
|
|
};
|
|
#endif
|
|
|
|
/****************************************************************************
|
|
* Private Functions
|
|
****************************************************************************/
|
|
|
|
/* Helper for syslog parameters to convert from binary to hex.
|
|
* We declare multiple buffers so the helper can be used multiple times
|
|
* in a single syslog call.
|
|
*/
|
|
|
|
#ifdef CONFIG_DEBUG_WIRELESS_INFO
|
|
static const char *h(FAR const void *buf, size_t len)
|
|
{
|
|
static const char hex[] = "0123456789abcdef";
|
|
static char hexbufs[4][129];
|
|
static uint8_t curbuf;
|
|
FAR const uint8_t *b = buf;
|
|
FAR char *str;
|
|
size_t maxlen;
|
|
int i;
|
|
|
|
str = hexbufs[curbuf++];
|
|
curbuf %= ARRAY_SIZE(hexbufs);
|
|
|
|
maxlen = (sizeof(hexbufs[0]) - 1) / 2;
|
|
if (len > maxlen)
|
|
{
|
|
len = maxlen;
|
|
}
|
|
|
|
for (i = 0; i < len; i++)
|
|
{
|
|
str[i * 2] = hex[b[i] >> 4];
|
|
str[i * 2 + 1] = hex[b[i] & 0xf];
|
|
}
|
|
|
|
str[i * 2] = '\0';
|
|
return str;
|
|
}
|
|
#endif
|
|
|
|
static void xor_128(FAR const struct uint128_s *p,
|
|
FAR const struct uint128_s *q,
|
|
FAR struct uint128_s *r)
|
|
{
|
|
r->a = p->a ^ q->a;
|
|
r->b = p->b ^ q->b;
|
|
}
|
|
|
|
static int le_encrypt(const uint8_t key[16], const uint8_t plaintext[16],
|
|
uint8_t enc_data[16])
|
|
{
|
|
FAR struct bt_hci_cp_le_encrypt_s *cp;
|
|
FAR struct bt_hci_rp_le_encrypt_s *rp;
|
|
FAR struct bt_buf_s *buf, *rsp;
|
|
int err;
|
|
|
|
wlinfo("key %s plaintext %s\n", h(key, 16), h(plaintext, 16));
|
|
|
|
buf = bt_hci_cmd_create(BT_HCI_OP_LE_ENCRYPT, sizeof(*cp));
|
|
if (!buf)
|
|
{
|
|
return -ENOBUFS;
|
|
}
|
|
|
|
cp = bt_buf_extend(buf, sizeof(*cp));
|
|
memcpy(cp->key, key, sizeof(cp->key));
|
|
memcpy(cp->plaintext, plaintext, sizeof(cp->plaintext));
|
|
|
|
err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_ENCRYPT, buf, &rsp);
|
|
if (err)
|
|
{
|
|
return err;
|
|
}
|
|
|
|
rp = (void *)rsp->data;
|
|
memcpy(enc_data, rp->enc_data, sizeof(rp->enc_data));
|
|
bt_buf_release(rsp);
|
|
|
|
wlinfo("enc_data %s\n", h(enc_data, 16));
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int le_rand(FAR void *buf, size_t len)
|
|
{
|
|
FAR uint8_t *ptr = buf;
|
|
|
|
while (len > 0)
|
|
{
|
|
FAR struct bt_hci_rp_le_rand_s *rp;
|
|
FAR struct bt_buf_s *rsp;
|
|
size_t copy;
|
|
int err;
|
|
|
|
err = bt_hci_cmd_send_sync(BT_HCI_OP_LE_RAND, NULL, &rsp);
|
|
if (err)
|
|
{
|
|
wlerr("ERROR: HCI_LE_Random failed (%d)\n", err);
|
|
return err;
|
|
}
|
|
|
|
rp = (FAR void *)rsp->data;
|
|
copy = len;
|
|
if (copy > sizeof(rp->rand))
|
|
{
|
|
copy = sizeof(rp->rand);
|
|
}
|
|
|
|
memcpy(ptr, rp->rand, copy);
|
|
bt_buf_release(rsp);
|
|
|
|
len -= copy;
|
|
ptr += copy;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int smp_ah(FAR const uint8_t irk[16], FAR const uint8_t r[3],
|
|
FAR uint8_t out[3])
|
|
{
|
|
uint8_t res[16];
|
|
int err;
|
|
|
|
wlinfo("irk %s\n, r %s", h(irk, 16), h(r, 3));
|
|
|
|
/* r' = padding || r */
|
|
|
|
memcpy(res, r, 3);
|
|
memset(res + 3, 0, 13);
|
|
|
|
err = le_encrypt(irk, res, res);
|
|
if (err)
|
|
{
|
|
return err;
|
|
}
|
|
|
|
/* The output of the random address function ah is: ah(h, r) = e(k, r') mod
|
|
* 2^24 The output of the security function e is then truncated to 24 bits by
|
|
* taking the least significant 24 bits of the output of e as the result of
|
|
* ah.
|
|
*/
|
|
|
|
memcpy(out, res, 3);
|
|
return 0;
|
|
}
|
|
|
|
static int smp_c1(FAR const uint8_t k[16], FAR const uint8_t r[16],
|
|
FAR const uint8_t preq[7], FAR const uint8_t pres[7],
|
|
FAR const bt_addr_le_t *ia, FAR const bt_addr_le_t *ra,
|
|
FAR uint8_t enc_data[16])
|
|
{
|
|
uint8_t p1[16];
|
|
uint8_t p2[16];
|
|
int err;
|
|
|
|
wlinfo("k %s r %s\n", h(k, 16), h(r, 16));
|
|
wlinfo("ia %s ra %s\n", bt_addr_le_str(ia), bt_addr_le_str(ra));
|
|
wlinfo("preq %s pres %s\n", h(preq, 7), h(pres, 7));
|
|
|
|
/* pres, preq, rat and iat are concatenated to generate p1 */
|
|
|
|
p1[0] = ia->type;
|
|
p1[1] = ra->type;
|
|
memcpy(p1 + 2, preq, 7);
|
|
memcpy(p1 + 9, pres, 7);
|
|
|
|
wlinfo("p1 %s\n", h(p1, 16));
|
|
|
|
/* c1 = e(k, e(k, r XOR p1) XOR p2) */
|
|
|
|
/* Using enc_data as temporary output buffer */
|
|
|
|
xor_128((FAR struct uint128_s *)r, (FAR struct uint128_s *)p1,
|
|
(FAR struct uint128_s *)enc_data);
|
|
|
|
err = le_encrypt(k, enc_data, enc_data);
|
|
if (err)
|
|
{
|
|
return err;
|
|
}
|
|
|
|
/* ra is concatenated with ia and padding to generate p2 */
|
|
|
|
memcpy(p2, ra->val, 6);
|
|
memcpy(p2 + 6, ia->val, 6);
|
|
memset(p2 + 12, 0, 4);
|
|
|
|
wlinfo("p2 %s\n", h(p2, 16));
|
|
|
|
xor_128((FAR struct uint128_s *)enc_data, (FAR struct uint128_s *)p2, (FAR struct uint128_s *)enc_data);
|
|
return le_encrypt(k, enc_data, enc_data);
|
|
}
|
|
|
|
static int smp_s1(const uint8_t k[16], const uint8_t r1[16],
|
|
const uint8_t r2[16], uint8_t out[16])
|
|
{
|
|
/* The most significant 64-bits of r1 are discarded to generate r1' and the
|
|
* most significant 64-bits of r2 are discarded to generate r2'. r1' is
|
|
* concatenated with r2' to generate r' which is used as the 128-bit input
|
|
* parameter plaintextData to security function e: r' = r1' || r2'
|
|
*/
|
|
|
|
memcpy(out, r2, 8);
|
|
memcpy(out + 8, r1, 8);
|
|
|
|
/* s1(k, r1 , r2) = e(k, r') */
|
|
|
|
return le_encrypt(k, out, out);
|
|
}
|
|
|
|
static FAR struct bt_buf_s *bt_smp_create_pdu(FAR struct bt_conn_s *conn,
|
|
uint8_t op, size_t len)
|
|
{
|
|
FAR struct bt_smp_hdr_s *hdr;
|
|
FAR struct bt_buf_s *buf;
|
|
|
|
buf = bt_l2cap_create_pdu(conn);
|
|
if (!buf)
|
|
{
|
|
return NULL;
|
|
}
|
|
|
|
hdr = bt_buf_extend(buf, sizeof(*hdr));
|
|
hdr->code = op;
|
|
|
|
return buf;
|
|
}
|
|
|
|
static void send_err_rsp(FAR struct bt_conn_s *conn, uint8_t reason)
|
|
{
|
|
FAR struct bt_smp_pairing_fail_s *rsp;
|
|
FAR struct bt_buf_s *buf;
|
|
|
|
buf = bt_smp_create_pdu(conn, BT_SMP_CMD_PAIRING_FAIL, sizeof(*rsp));
|
|
if (!buf)
|
|
{
|
|
return;
|
|
}
|
|
|
|
rsp = bt_buf_extend(buf, sizeof(*rsp));
|
|
rsp->reason = reason;
|
|
|
|
bt_l2cap_send(conn, BT_L2CAP_CID_SMP, buf);
|
|
}
|
|
|
|
static int smp_init(struct bt_smp_s *smp)
|
|
{
|
|
/* Initialize SMP context */
|
|
|
|
memset(smp, 0, sizeof(*smp));
|
|
|
|
/* Generate local random number */
|
|
|
|
if (le_rand(smp->prnd, 16))
|
|
{
|
|
return BT_SMP_ERR_UNSPECIFIED;
|
|
}
|
|
|
|
wlinfo("prnd %s\n", h(smp->prnd, 16));
|
|
|
|
return 0;
|
|
}
|
|
|
|
static uint8_t smp_pairing_req(FAR struct bt_conn_s *conn,
|
|
FAR struct bt_buf_s *buf)
|
|
{
|
|
FAR struct bt_smp_pairing_s *req = (void *)buf->data;
|
|
FAR struct bt_smp_pairing_s *rsp;
|
|
FAR struct bt_buf_s *rsp_buf;
|
|
FAR struct bt_smp_s *smp = conn->smp;
|
|
uint8_t auth;
|
|
int ret;
|
|
|
|
wlinfo("\n");
|
|
|
|
if ((req->max_key_size > BT_SMP_MAX_ENC_KEY_SIZE) ||
|
|
(req->max_key_size < BT_SMP_MIN_ENC_KEY_SIZE))
|
|
{
|
|
return BT_SMP_ERR_ENC_KEY_SIZE;
|
|
}
|
|
|
|
ret = smp_init(smp);
|
|
if (ret)
|
|
{
|
|
return ret;
|
|
}
|
|
|
|
rsp_buf = bt_smp_create_pdu(conn, BT_SMP_CMD_PAIRING_RSP, sizeof(*rsp));
|
|
if (!rsp_buf)
|
|
{
|
|
return BT_SMP_ERR_UNSPECIFIED;
|
|
}
|
|
|
|
rsp = bt_buf_extend(rsp_buf, sizeof(*rsp));
|
|
|
|
/* For JustWorks pairing simplify rsp parameters. TODO: needs to be reworked
|
|
* later on.
|
|
*/
|
|
|
|
auth = (req->auth_req & BT_SMP_AUTH_MASK);
|
|
auth &= ~(BT_SMP_AUTH_MITM | BT_SMP_AUTH_SC |
|
|
BT_SMP_AUTH_KEYPRESS);
|
|
rsp->auth_req = auth;
|
|
rsp->io_capability = BT_SMP_IO_NO_INPUT_OUTPUT;
|
|
rsp->oob_flag = BT_SMP_OOB_NOT_PRESENT;
|
|
rsp->max_key_size = req->max_key_size;
|
|
rsp->init_key_dist = (req->init_key_dist & RECV_KEYS);
|
|
rsp->resp_key_dist = (req->resp_key_dist & SEND_KEYS);
|
|
|
|
smp->local_dist = rsp->resp_key_dist;
|
|
smp->remote_dist = rsp->init_key_dist;
|
|
|
|
memset(smp->tk, 0, sizeof(smp->tk));
|
|
|
|
/* Store req/rsp for later use */
|
|
|
|
smp->preq[0] = BT_SMP_CMD_PAIRING_REQ;
|
|
memcpy(smp->preq + 1, req, sizeof(*req));
|
|
smp->prsp[0] = BT_SMP_CMD_PAIRING_RSP;
|
|
memcpy(smp->prsp + 1, rsp, sizeof(*rsp));
|
|
|
|
bt_l2cap_send(conn, BT_L2CAP_CID_SMP, rsp_buf);
|
|
|
|
bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
|
|
return 0;
|
|
}
|
|
|
|
static uint8_t smp_send_pairing_confirm(FAR struct bt_conn_s *conn)
|
|
{
|
|
FAR struct bt_smp_pairing_confirm_s *req;
|
|
FAR struct bt_smp_s *smp = conn->smp;
|
|
FAR const bt_addr_le_t *ra;
|
|
FAR const bt_addr_le_t *ia;
|
|
FAR struct bt_buf_s *rsp_buf;
|
|
int err;
|
|
|
|
rsp_buf = bt_smp_create_pdu(conn, BT_SMP_CMD_PAIRING_CONFIRM, sizeof(*req));
|
|
if (!rsp_buf)
|
|
{
|
|
return BT_SMP_ERR_UNSPECIFIED;
|
|
}
|
|
|
|
req = bt_buf_extend(rsp_buf, sizeof(*req));
|
|
|
|
if (conn->role == BT_HCI_ROLE_MASTER)
|
|
{
|
|
ra = &conn->dst;
|
|
ia = &conn->src;
|
|
}
|
|
else
|
|
{
|
|
ra = &conn->src;
|
|
ia = &conn->dst;
|
|
}
|
|
|
|
err = smp_c1(smp->tk, smp->prnd, smp->preq, smp->prsp, ia, ra, req->val);
|
|
if (err)
|
|
{
|
|
bt_buf_release(rsp_buf);
|
|
return BT_SMP_ERR_UNSPECIFIED;
|
|
}
|
|
|
|
bt_l2cap_send(conn, BT_L2CAP_CID_SMP, rsp_buf);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static uint8_t smp_pairing_rsp(FAR struct bt_conn_s *conn,
|
|
FAR struct bt_buf_s *buf)
|
|
{
|
|
struct bt_smp_pairing_s *rsp = (void *)buf->data;
|
|
struct bt_smp_s *smp = conn->smp;
|
|
|
|
wlinfo("\n");
|
|
|
|
if ((rsp->max_key_size > BT_SMP_MAX_ENC_KEY_SIZE) ||
|
|
(rsp->max_key_size < BT_SMP_MIN_ENC_KEY_SIZE))
|
|
{
|
|
return BT_SMP_ERR_ENC_KEY_SIZE;
|
|
}
|
|
|
|
smp->local_dist &= rsp->init_key_dist;
|
|
smp->remote_dist &= rsp->resp_key_dist;
|
|
|
|
/* Store rsp for later use */
|
|
smp->prsp[0] = BT_SMP_CMD_PAIRING_RSP;
|
|
memcpy(smp->prsp + 1, rsp, sizeof(*rsp));
|
|
|
|
bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_PAIRING_CONFIRM);
|
|
|
|
return smp_send_pairing_confirm(conn);
|
|
}
|
|
|
|
static uint8_t smp_send_pairing_random(FAR struct bt_conn_s *conn)
|
|
{
|
|
FAR struct bt_smp_pairing_random_s *req;
|
|
FAR struct bt_buf_s *rsp_buf;
|
|
FAR struct bt_smp_s *smp = conn->smp;
|
|
|
|
rsp_buf = bt_smp_create_pdu(conn, BT_SMP_CMD_PAIRING_RANDOM, sizeof(*req));
|
|
if (!rsp_buf)
|
|
{
|
|
return BT_SMP_ERR_UNSPECIFIED;
|
|
}
|
|
|
|
req = bt_buf_extend(rsp_buf, sizeof(*req));
|
|
memcpy(req->val, smp->prnd, sizeof(req->val));
|
|
|
|
bt_l2cap_send(conn, BT_L2CAP_CID_SMP, rsp_buf);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static uint8_t smp_pairing_confirm(FAR struct bt_conn_s *conn,
|
|
FAR struct bt_buf_s *buf)
|
|
{
|
|
struct bt_smp_pairing_confirm_s *req = (void *)buf->data;
|
|
struct bt_smp_s *smp = conn->smp;
|
|
|
|
wlinfo("\n");
|
|
|
|
memcpy(smp->pcnf, req->val, sizeof(smp->pcnf));
|
|
|
|
bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_PAIRING_RANDOM);
|
|
|
|
if (conn->role == BT_HCI_ROLE_SLAVE)
|
|
{
|
|
return smp_send_pairing_confirm(conn);
|
|
}
|
|
|
|
return smp_send_pairing_random(conn);
|
|
}
|
|
|
|
static uint8_t smp_pairing_random(FAR struct bt_conn_s *conn,
|
|
FAR struct bt_buf_s *buf)
|
|
{
|
|
FAR struct bt_smp_pairing_random_s *req = (void *)buf->data;
|
|
FAR const bt_addr_le_t *ra;
|
|
FAR const bt_addr_le_t *ia;
|
|
FAR struct bt_smp_s *smp = conn->smp;
|
|
FAR struct bt_keys_s *keys;
|
|
uint8_t cfm[16];
|
|
int err;
|
|
|
|
wlinfo("\n");
|
|
|
|
memcpy(smp->rrnd, req->val, sizeof(smp->rrnd));
|
|
|
|
if (conn->role == BT_HCI_ROLE_MASTER)
|
|
{
|
|
ra = &conn->dst;
|
|
ia = &conn->src;
|
|
}
|
|
else
|
|
{
|
|
ra = &conn->src;
|
|
ia = &conn->dst;
|
|
}
|
|
|
|
err = smp_c1(smp->tk, smp->rrnd, smp->preq, smp->prsp, ia, ra, cfm);
|
|
if (err)
|
|
{
|
|
return BT_SMP_ERR_UNSPECIFIED;
|
|
}
|
|
|
|
wlinfo("pcnf %s cfm %s\n", h(smp->pcnf, 16), h(cfm, 16));
|
|
|
|
if (memcmp(smp->pcnf, cfm, sizeof(smp->pcnf)))
|
|
{
|
|
return BT_SMP_ERR_CONFIRM_FAILED;
|
|
}
|
|
|
|
if (conn->role == BT_HCI_ROLE_MASTER)
|
|
{
|
|
uint8_t stk[16];
|
|
|
|
/* No need to store master STK */
|
|
err = smp_s1(smp->tk, smp->rrnd, smp->prnd, stk);
|
|
if (err)
|
|
{
|
|
return BT_SMP_ERR_UNSPECIFIED;
|
|
}
|
|
|
|
/* Rand and EDiv are 0 for the STK */
|
|
if (bt_conn_le_start_encryption(conn, 0, 0, stk))
|
|
{
|
|
wlerr("ERROR: Failed to start encryption\n");
|
|
return BT_SMP_ERR_UNSPECIFIED;
|
|
}
|
|
|
|
smp->pending_encrypt = true;
|
|
|
|
return 0;
|
|
}
|
|
|
|
keys = bt_keys_get_type(BT_KEYS_SLAVE_LTK, &conn->dst);
|
|
if (keys == NULL)
|
|
{
|
|
wlerr("ERROR: Unable to create new keys\n");
|
|
return BT_SMP_ERR_UNSPECIFIED;
|
|
}
|
|
|
|
err = smp_s1(smp->tk, smp->prnd, smp->rrnd, keys->slave_ltk.val);
|
|
if (err)
|
|
{
|
|
bt_keys_clear(keys, BT_KEYS_SLAVE_LTK);
|
|
return BT_SMP_ERR_UNSPECIFIED;
|
|
}
|
|
|
|
/* Rand and EDiv are 0 for the STK */
|
|
keys->slave_ltk.rand = 0;
|
|
keys->slave_ltk.ediv = 0;
|
|
|
|
wlinfo("generated STK %s\n", h(keys->slave_ltk.val, 16));
|
|
|
|
smp->pending_encrypt = true;
|
|
|
|
smp_send_pairing_random(conn);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static uint8_t smp_pairing_failed(FAR struct bt_conn_s *conn,
|
|
FAR struct bt_buf_s *buf)
|
|
{
|
|
struct bt_smp_pairing_fail_s *req = (void *)buf->data;
|
|
struct bt_smp_s *smp = conn->smp;
|
|
|
|
wlerr("ERROR: reason 0x%x\n", req->reason);
|
|
UNUSED(req);
|
|
|
|
bt_atomic_set(&smp->allowed_cmds, 0);
|
|
bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_PAIRING_FAIL);
|
|
|
|
if (conn->role == BT_HCI_ROLE_MASTER)
|
|
{
|
|
bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_SECURITY_REQUEST);
|
|
}
|
|
else
|
|
{
|
|
bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_PAIRING_REQ);
|
|
}
|
|
|
|
/* return no error to avoid sending Pairing Failed in response */
|
|
return 0;
|
|
}
|
|
|
|
static void bt_smp_distribute_keys(FAR struct bt_conn_s *conn)
|
|
{
|
|
FAR struct bt_smp_s *smp = conn->smp;
|
|
FAR struct bt_keys_s *keys;
|
|
FAR struct bt_buf_s *buf;
|
|
|
|
keys = bt_keys_get_addr(&conn->dst);
|
|
if (!keys)
|
|
{
|
|
wlerr("ERROR: Unable to look up keys for %s\n", bt_addr_le_str(&conn->dst));
|
|
return;
|
|
}
|
|
|
|
if (!smp->local_dist)
|
|
{
|
|
bt_keys_clear(keys, BT_KEYS_ALL);
|
|
return;
|
|
}
|
|
|
|
if (smp->local_dist & BT_SMP_DIST_ENC_KEY)
|
|
{
|
|
struct bt_smp_encrypt_info_s *info;
|
|
struct bt_smp_master_ident_s *ident;
|
|
|
|
bt_keys_add_type(keys, BT_KEYS_SLAVE_LTK);
|
|
|
|
le_rand(keys->slave_ltk.val, sizeof(keys->slave_ltk.val));
|
|
le_rand(&keys->slave_ltk.rand, sizeof(keys->slave_ltk.rand));
|
|
le_rand(&keys->slave_ltk.ediv, sizeof(keys->slave_ltk.ediv));
|
|
|
|
buf = bt_smp_create_pdu(conn, BT_SMP_CMD_ENCRYPT_INFO,
|
|
sizeof(struct bt_smp_encrypt_info_s));
|
|
if (!buf)
|
|
{
|
|
wlerr("ERROR: Unable to allocate Encrypt Info buffer\n");
|
|
return;
|
|
}
|
|
|
|
info = bt_buf_extend(buf, sizeof(struct bt_smp_encrypt_info_s));
|
|
memcpy(info->ltk, keys->slave_ltk.val, sizeof(info->ltk));
|
|
|
|
bt_l2cap_send(conn, BT_L2CAP_CID_SMP, buf);
|
|
|
|
buf = bt_smp_create_pdu(conn, BT_SMP_CMD_MASTER_IDENT,
|
|
sizeof(struct bt_smp_master_ident_s));
|
|
if (!buf)
|
|
{
|
|
wlerr("ERROR: Unable to allocate Master Ident buffer\n");
|
|
return;
|
|
}
|
|
|
|
ident = bt_buf_extend(buf, sizeof(struct bt_smp_master_ident_s));
|
|
ident->rand = keys->slave_ltk.rand;
|
|
ident->ediv = keys->slave_ltk.ediv;
|
|
|
|
bt_l2cap_send(conn, BT_L2CAP_CID_SMP, buf);
|
|
}
|
|
}
|
|
|
|
static uint8_t smp_encrypt_info(FAR struct bt_conn_s *conn,
|
|
FAR struct bt_buf_s *buf)
|
|
{
|
|
FAR struct bt_smp_encrypt_info_s *req = (void *)buf->data;
|
|
FAR struct bt_smp_s *smp = conn->smp;
|
|
FAR struct bt_keys_s *keys;
|
|
|
|
wlinfo("\n");
|
|
|
|
keys = bt_keys_get_type(BT_KEYS_LTK, &conn->dst);
|
|
if (!keys)
|
|
{
|
|
wlerr("ERROR: Unable to get keys for %s\n", bt_addr_le_str(&conn->dst));
|
|
return BT_SMP_ERR_UNSPECIFIED;
|
|
}
|
|
|
|
memcpy(keys->ltk.val, req->ltk, 16);
|
|
|
|
bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_MASTER_IDENT);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static uint8_t smp_master_ident(FAR struct bt_conn_s *conn,
|
|
FAR struct bt_buf_s *buf)
|
|
{
|
|
FAR struct bt_smp_master_ident_s *req = (void *)buf->data;
|
|
FAR struct bt_smp_s *smp = conn->smp;
|
|
FAR struct bt_keys_s *keys;
|
|
|
|
wlinfo("\n");
|
|
|
|
keys = bt_keys_get_type(BT_KEYS_LTK, &conn->dst);
|
|
if (!keys)
|
|
{
|
|
wlerr("ERROR: Unable to get keys for %s\n", bt_addr_le_str(&conn->dst));
|
|
return BT_SMP_ERR_UNSPECIFIED;
|
|
}
|
|
|
|
keys->ltk.ediv = req->ediv;
|
|
keys->ltk.rand = req->rand;
|
|
|
|
if (conn->role == BT_HCI_ROLE_MASTER)
|
|
{
|
|
smp->remote_dist &= ~BT_SMP_DIST_ENC_KEY;
|
|
if (!smp->remote_dist)
|
|
{
|
|
bt_smp_distribute_keys(conn);
|
|
|
|
return 0;
|
|
}
|
|
}
|
|
|
|
if (smp->remote_dist & BT_SMP_DIST_ID_KEY)
|
|
{
|
|
bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_IDENT_INFO);
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static uint8_t smp_ident_info(FAR struct bt_conn_s *conn,
|
|
FAR struct bt_buf_s *buf)
|
|
{
|
|
FAR struct bt_smp_ident_info_s *req = (FAR void *)buf->data;
|
|
FAR struct bt_smp_s *smp = conn->smp;
|
|
FAR struct bt_keys_s *keys;
|
|
|
|
wlinfo("\n");
|
|
|
|
keys = bt_keys_get_type(BT_KEYS_IRK, &conn->dst);
|
|
if (!keys)
|
|
{
|
|
wlerr("ERROR: Unable to get keys for %s\n", bt_addr_le_str(&conn->dst));
|
|
return BT_SMP_ERR_UNSPECIFIED;
|
|
}
|
|
|
|
memcpy(keys->irk.val, req->irk, 16);
|
|
|
|
bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_IDENT_ADDR_INFO);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static uint8_t smp_ident_addr_info(FAR struct bt_conn_s *conn,
|
|
FAR struct bt_buf_s *buf)
|
|
{
|
|
FAR struct bt_smp_ident_addr_info_s *req = (void *)buf->data;
|
|
FAR struct bt_smp_s *smp = conn->smp;
|
|
FAR struct bt_keys_s *keys;
|
|
|
|
wlinfo("identity %s\n", bt_addr_le_str(&req->addr));
|
|
|
|
if (!bt_addr_le_is_identity(&req->addr))
|
|
{
|
|
wlerr("ERROR: Invalid identity %s for %s\n",
|
|
bt_addr_le_str(&req->addr), bt_addr_le_str(&conn->dst));
|
|
return BT_SMP_ERR_INVALID_PARAMS;
|
|
}
|
|
|
|
keys = bt_keys_get_type(BT_KEYS_IRK, &conn->dst);
|
|
if (!keys)
|
|
{
|
|
wlerr("ERROR: Unable to get keys for %s\n", bt_addr_le_str(&conn->dst));
|
|
return BT_SMP_ERR_UNSPECIFIED;
|
|
}
|
|
|
|
if (bt_addr_le_is_rpa(&conn->dst))
|
|
{
|
|
bt_addr_copy(&keys->irk.rpa, (bt_addr_t *) & conn->dst.val);
|
|
bt_addr_le_copy(&keys->addr, &req->addr);
|
|
bt_addr_le_copy(&conn->dst, &req->addr);
|
|
}
|
|
|
|
if (conn->role == BT_HCI_ROLE_MASTER)
|
|
{
|
|
smp->remote_dist &= ~BT_SMP_DIST_ID_KEY;
|
|
if (!smp->remote_dist)
|
|
{
|
|
bt_smp_distribute_keys(conn);
|
|
}
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static uint8_t smp_security_request(FAR struct bt_conn_s *conn,
|
|
FAR struct bt_buf_s *buf)
|
|
{
|
|
FAR struct bt_smp_security_request_s *req = (FAR void *)buf->data;
|
|
FAR struct bt_keys_s *keys;
|
|
uint8_t auth;
|
|
|
|
wlinfo("\n");
|
|
|
|
keys = bt_keys_find(BT_KEYS_LTK, &conn->dst);
|
|
if (!keys)
|
|
{
|
|
goto pair;
|
|
}
|
|
|
|
auth = req->auth_req & BT_SMP_AUTH_MASK;
|
|
if (auth & (BT_SMP_AUTH_MITM | BT_SMP_AUTH_SC))
|
|
{
|
|
wlwarn("Unsupported auth requirements: 0x%x, repairing", auth);
|
|
goto pair;
|
|
}
|
|
|
|
if (bt_conn_le_start_encryption(conn, keys->ltk.rand, keys->ltk.ediv,
|
|
keys->ltk.val) < 0)
|
|
{
|
|
return BT_SMP_ERR_UNSPECIFIED;
|
|
}
|
|
|
|
return 0;
|
|
pair:
|
|
if (bt_smp_send_pairing_req(conn) < 0)
|
|
{
|
|
return BT_SMP_ERR_UNSPECIFIED;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static void bt_smp_receive(FAR struct bt_conn_s *conn,
|
|
FAR struct bt_buf_s *buf, FAR void *context,
|
|
uint16_t cid)
|
|
{
|
|
FAR struct bt_smp_hdr_s *hdr = (FAR void *)buf->data;
|
|
FAR struct bt_smp_s *smp = conn->smp;
|
|
uint8_t err;
|
|
|
|
if (buf->len < sizeof(*hdr))
|
|
{
|
|
wlerr("ERROR: Too small SMP PDU received\n");
|
|
goto done;
|
|
}
|
|
|
|
wlinfo("Received SMP code 0x%02x len %u\n", hdr->code, buf->len);
|
|
|
|
bt_buf_consume(buf, sizeof(*hdr));
|
|
|
|
if (hdr->code >= NHANDLERS || !g_smp_handlers[hdr->code].func)
|
|
{
|
|
wlwarn("Unhandled SMP code 0x%02x\n", hdr->code);
|
|
err = BT_SMP_ERR_CMD_NOTSUPP;
|
|
}
|
|
else
|
|
{
|
|
if (!bt_atomic_testclrbit(&smp->allowed_cmds, hdr->code))
|
|
{
|
|
wlwarn("Unexpected SMP code 0x%02x\n", hdr->code);
|
|
goto done;
|
|
}
|
|
|
|
if (buf->len != g_smp_handlers[hdr->code].expect_len)
|
|
{
|
|
wlerr("ERROR: Invalid len %u for code 0x%02x\n", buf->len, hdr->code);
|
|
err = BT_SMP_ERR_INVALID_PARAMS;
|
|
}
|
|
else
|
|
{
|
|
err = g_smp_handlers[hdr->code].func(conn, buf);
|
|
}
|
|
}
|
|
|
|
if (err)
|
|
{
|
|
send_err_rsp(conn, err);
|
|
|
|
bt_atomic_set(&smp->allowed_cmds, 0);
|
|
|
|
if (conn->role == BT_HCI_ROLE_MASTER)
|
|
{
|
|
bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_SECURITY_REQUEST);
|
|
}
|
|
else
|
|
{
|
|
bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_PAIRING_REQ);
|
|
}
|
|
}
|
|
|
|
done:
|
|
bt_buf_release(buf);
|
|
}
|
|
|
|
static void bt_smp_connected(FAR struct bt_conn_s *conn, FAR void *context,
|
|
uint16_t cid)
|
|
{
|
|
int i;
|
|
|
|
wlinfo("conn %p handle %u\n", conn, conn->handle);
|
|
|
|
for (i = 0; i < CONFIG_BLUETOOTH_MAX_CONN; i++)
|
|
{
|
|
struct bt_smp_s *smp = &g_smp_pool[i];
|
|
|
|
if (smp->conn)
|
|
{
|
|
continue;
|
|
}
|
|
|
|
smp->conn = conn;
|
|
conn->smp = smp;
|
|
|
|
bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_PAIRING_FAIL);
|
|
|
|
if (conn->role == BT_HCI_ROLE_MASTER)
|
|
{
|
|
bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_SECURITY_REQUEST);
|
|
}
|
|
else
|
|
{
|
|
bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_PAIRING_REQ);
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
wlerr("ERROR: No available SMP context for conn %p\n", conn);
|
|
}
|
|
|
|
static void bt_smp_disconnected(FAR struct bt_conn_s *conn,
|
|
FAR void *context, uint16_t cid)
|
|
{
|
|
struct bt_smp_s *smp = conn->smp;
|
|
|
|
if (!smp)
|
|
{
|
|
return;
|
|
}
|
|
|
|
wlinfo("conn %p handle %u\n", conn, conn->handle);
|
|
|
|
conn->smp = NULL;
|
|
memset(smp, 0, sizeof(*smp));
|
|
}
|
|
|
|
static void bt_smp_encrypt_change(FAR FAR struct bt_conn_s *conn,
|
|
FAR void *context, uint16_t cid)
|
|
{
|
|
struct bt_smp_s *smp = conn->smp;
|
|
|
|
wlinfo("conn %p handle %u encrypt 0x%02x\n", conn, conn->handle,
|
|
conn->encrypt);
|
|
|
|
if (!smp || !conn->encrypt)
|
|
{
|
|
return;
|
|
}
|
|
|
|
if (!smp->pending_encrypt)
|
|
{
|
|
return;
|
|
}
|
|
|
|
smp->pending_encrypt = false;
|
|
|
|
if (smp->remote_dist & BT_SMP_DIST_ENC_KEY)
|
|
{
|
|
bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_ENCRYPT_INFO);
|
|
}
|
|
else if (smp->remote_dist & BT_SMP_DIST_ID_KEY)
|
|
{
|
|
bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_IDENT_INFO);
|
|
}
|
|
|
|
/* Slave distributes it's keys first */
|
|
|
|
if (conn->role == BT_HCI_ROLE_MASTER && smp->remote_dist)
|
|
{
|
|
return;
|
|
}
|
|
|
|
bt_smp_distribute_keys(conn);
|
|
}
|
|
|
|
#if defined(CONFIG_BLUETOOTH_SMP_SELFTEST)
|
|
/* spaw octets for LE encrypt */
|
|
|
|
static void swap_buf(FAR const uint8_t *src, FAR uint8_t *dst, uint16_t len)
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; i < len; i++)
|
|
{
|
|
dst[len - 1 - i] = src[i];
|
|
}
|
|
}
|
|
|
|
static void swap_in_place(FAR uint8_t * buf, uint16_t len)
|
|
{
|
|
int i;
|
|
int j;
|
|
|
|
for (i = 0, j = len - 1; i < j; i++, j--)
|
|
{
|
|
uint8_t tmp = buf[i];
|
|
|
|
buf[i] = buf[j];
|
|
buf[j] = tmp;
|
|
}
|
|
}
|
|
|
|
/* 1 bit left shift */
|
|
|
|
static void array_shift(FAR const uint8_t *in, FAR uint8_t *out)
|
|
{
|
|
uint8_t overflow = 0;
|
|
int i;
|
|
|
|
for (i = 15; i >= 0; i--)
|
|
{
|
|
out[i] = in[i] << 1;
|
|
/* previous byte */
|
|
out[i] |= overflow;
|
|
overflow = in[i] & 0x80 ? 1 : 0;
|
|
}
|
|
}
|
|
|
|
/* CMAC subkey generation algorithm */
|
|
|
|
static int cmac_subkey(FAR const uint8_t *key, FAR uint8_t *k1,
|
|
FAR uint8_t *k2)
|
|
{
|
|
const uint8_t rb[16] =
|
|
{
|
|
[0 ... 14] = 0x00,
|
|
[15] = 0x87,
|
|
};
|
|
uint8_t zero[16] = { 0 };
|
|
uint8_t *tmp = zero;
|
|
uint8_t l[16];
|
|
int err;
|
|
|
|
/* L := AES-128(K, const_Zero) */
|
|
err = le_encrypt(key, zero, tmp);
|
|
if (err)
|
|
{
|
|
return err;
|
|
}
|
|
|
|
swap_buf(tmp, l, 16);
|
|
|
|
wlinfo("l %s\n", h(l, 16));
|
|
|
|
/* if MSB(L) == 0 K1 = L << 1 */
|
|
if (!(l[0] & 0x80))
|
|
{
|
|
array_shift(l, k1);
|
|
/* else K1 = (L << 1) XOR rb */
|
|
}
|
|
else
|
|
{
|
|
array_shift(l, k1);
|
|
xor_128((FAR struct uint128_s *)k1, (FAR struct uint128_s *)rb, (FAR struct uint128_s *)k1);
|
|
}
|
|
|
|
/* if MSB(K1) == 0 K2 = K1 << 1 */
|
|
if (!(k1[0] & 0x80))
|
|
{
|
|
array_shift(k1, k2);
|
|
/* else K2 = (K1 << 1) XOR rb */
|
|
}
|
|
else
|
|
{
|
|
array_shift(k1, k2);
|
|
xor_128((FAR struct uint128_s *)k2, (struct uint128_s *FAR )rb, (FAR struct uint128_s *)k2);
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
/* padding(x) = x || 10^i where i is 128 - 8 * r - 1 */
|
|
|
|
static void add_pad(FAR const uint8_t *in, FAR unsigned char *out, int len)
|
|
{
|
|
memset(out, 0, 16);
|
|
memcpy(out, in, len);
|
|
out[len] = 0x80;
|
|
}
|
|
|
|
/* Cypher based Message Authentication Code (CMAC) with AES 128 bit
|
|
*
|
|
* Input : key ( 128-bit key )
|
|
* : in ( message to be authenticated )
|
|
* : len ( length of the message in octets )
|
|
* Output : out ( message authentication code )
|
|
*/
|
|
|
|
static int bt_smp_aes_cmac(FAR const uint8_t *key, FAR const uint8_t *in,
|
|
size_t len, FAR uint8_t *out)
|
|
{
|
|
uint8_t k1[16];
|
|
uint8_t k2[16];
|
|
uint8_t last_block[16];
|
|
FAR uint8_t *pad_block = last_block;
|
|
uint8_t key_s[16];
|
|
FAR uint8_t *x;
|
|
FAR uint8_t *y;
|
|
uint8_t flag;
|
|
uint8_t n;
|
|
int err;
|
|
int i;
|
|
|
|
swap_buf(key, key_s, 16);
|
|
|
|
/* (K1,K2) = Generate_Subkey(K) */
|
|
|
|
err = cmac_subkey(key_s, k1, k2);
|
|
if (err)
|
|
{
|
|
return err;
|
|
}
|
|
|
|
wlinfo("key %s subkeys k1 %s k2 %s\n", h(key, 16), h(k1, 16), h(k2, 16));
|
|
|
|
/* The number of blocks, n, is calculated, the block length is 16 bytes n =
|
|
* ceil(len/const_Bsize)
|
|
*/
|
|
|
|
n = (len + 15) / 16;
|
|
|
|
/* Check input length, flag indicate completed blocks */
|
|
|
|
if (n == 0)
|
|
{
|
|
/* if length is 0, the number of blocks to be processed shall be 1,and
|
|
* the flag shall be marked as not-complete-block false.
|
|
*/
|
|
|
|
n = 1;
|
|
flag = 0;
|
|
}
|
|
else
|
|
{
|
|
if ((len % 16) == 0)
|
|
{
|
|
/* complete blocks */
|
|
flag = 1;
|
|
}
|
|
else
|
|
{
|
|
/* last block is not complete */
|
|
flag = 0;
|
|
}
|
|
}
|
|
|
|
wlinfo("len %u n %u flag %u\n", len, n, flag);
|
|
|
|
/* If flag is true then M_last = M_n XOR K1 */
|
|
|
|
if (flag)
|
|
{
|
|
xor_128((FAR struct uint128_s *)&in[16 * (n - 1)],
|
|
(FAR struct uint128_s *)k1,
|
|
(FAR struct uint128_s *)last_block);
|
|
|
|
/* else M_last = padding(M_n) XOR K2 */
|
|
}
|
|
else
|
|
{
|
|
add_pad(&in[16 * (n - 1)], pad_block, len % 16);
|
|
xor_128((FAR struct uint128_s *)pad_block,
|
|
(FAR struct uint128_s *)k2,
|
|
(FAR struct uint128_s *)last_block);
|
|
}
|
|
|
|
/* Reuse k1 and k2 buffers */
|
|
|
|
x = k1;
|
|
y = k2;
|
|
|
|
/* Zeroing x */
|
|
|
|
memset(x, 0, 16);
|
|
|
|
/* The basic CBC-MAC is applied to M_1,...,M_{n-1},M_last */
|
|
|
|
for (i = 0; i < n - 1; i++)
|
|
{
|
|
/* Y = X XOR M_i */
|
|
|
|
xor_128((FAR struct uint128_s *)x,
|
|
(FAR struct uint128_s *)&in[i * 16],
|
|
(FAR struct uint128_s *) y);
|
|
|
|
swap_in_place(y, 16);
|
|
|
|
/* X = AES-128(K,Y) */
|
|
|
|
err = le_encrypt(key_s, y, x);
|
|
if (err)
|
|
{
|
|
return err;
|
|
}
|
|
|
|
swap_in_place(x, 16);
|
|
}
|
|
|
|
/* Y = M_last XOR X */
|
|
|
|
xor_128((FAR struct uint128_s *)x,
|
|
(FAR struct uint128_s *)last_block,
|
|
(FAR struct uint128_s *)y);
|
|
|
|
swap_in_place(y, 16);
|
|
|
|
/* T = AES-128(K,Y) */
|
|
|
|
err = le_encrypt(key_s, y, out);
|
|
|
|
swap_in_place(out, 16);
|
|
|
|
return err;
|
|
}
|
|
|
|
static int aes_test(const char *prefix, const uint8_t *key, const uint8_t *m,
|
|
uint16_t len, const uint8_t * mac)
|
|
{
|
|
uint8_t out[16];
|
|
|
|
wlinfo("%s: AES CMAC of message with len %u\n", prefix, len);
|
|
|
|
bt_smp_aes_cmac(key, m, len, out);
|
|
if (!memcmp(out, mac, 16))
|
|
{
|
|
wlinfo("%s: Success\n", prefix);
|
|
}
|
|
else
|
|
{
|
|
wlerr("ERROR: %s: Failed\n", prefix);
|
|
return -1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int smp_aes_cmac_test(void)
|
|
{
|
|
int err;
|
|
|
|
err = aes_test("Test aes-cmac0", g_key, g_M, 0, g_mac1);
|
|
if (err)
|
|
{
|
|
return err;
|
|
}
|
|
|
|
err = aes_test("Test aes-cmac16", g_key, g_M, 16, g_mac2);
|
|
if (err)
|
|
{
|
|
return err;
|
|
}
|
|
|
|
err = aes_test("Test aes-cmac40", g_key, g_M, 40, g_mac3);
|
|
if (err)
|
|
{
|
|
return err;
|
|
}
|
|
|
|
err = aes_test("Test aes-cmac64", g_key, g_M, 64, g_mac4);
|
|
if (err)
|
|
{
|
|
return err;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int smp_self_test(void)
|
|
{
|
|
int err;
|
|
|
|
err = smp_aes_cmac_test();
|
|
if (err)
|
|
{
|
|
wlerr("ERROR: SMP AES-CMAC self tests failed\n");
|
|
return err;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
#endif
|
|
|
|
/****************************************************************************
|
|
* Public Functions
|
|
****************************************************************************/
|
|
|
|
int bt_smp_initialize(void)
|
|
{
|
|
static struct bt_l2cap_chan_s chan =
|
|
{
|
|
.cid = BT_L2CAP_CID_SMP,
|
|
.receive = bt_smp_receive,
|
|
.connected = bt_smp_connected,
|
|
.disconnected = bt_smp_disconnected,
|
|
.encrypt_change = bt_smp_encrypt_change,
|
|
};
|
|
|
|
bt_l2cap_chan_register(&chan);
|
|
|
|
return smp_self_test();
|
|
}
|
|
|
|
int bt_smp_send_security_req(FAR struct bt_conn_s *conn)
|
|
{
|
|
struct bt_smp_security_request_s *req;
|
|
FAR struct bt_buf_s *req_buf;
|
|
|
|
wlinfo("\n");
|
|
|
|
req_buf = bt_smp_create_pdu(conn, BT_SMP_CMD_SECURITY_REQUEST,
|
|
sizeof(struct bt_smp_security_request_s));
|
|
if (!req_buf)
|
|
{
|
|
return -ENOBUFS;
|
|
}
|
|
|
|
req = bt_buf_extend(req_buf, sizeof(struct bt_smp_security_request_s));
|
|
req->auth_req = BT_SMP_AUTH_BONDING;
|
|
bt_l2cap_send(conn, BT_L2CAP_CID_SMP, req_buf);
|
|
|
|
return 0;
|
|
}
|
|
|
|
int bt_smp_send_pairing_req(FAR struct bt_conn_s *conn)
|
|
{
|
|
FAR struct bt_smp_s *smp = conn->smp;
|
|
FAR struct bt_smp_pairing_s *req;
|
|
FAR struct bt_buf_s *req_buf;
|
|
|
|
wlinfo("\n");
|
|
|
|
if (smp_init(smp))
|
|
{
|
|
return -ENOBUFS;
|
|
}
|
|
|
|
req_buf = bt_smp_create_pdu(conn, BT_SMP_CMD_PAIRING_REQ, sizeof(*req));
|
|
if (!req_buf)
|
|
{
|
|
return -ENOBUFS;
|
|
}
|
|
|
|
req = bt_buf_extend(req_buf, sizeof(*req));
|
|
|
|
/* For JustWorks pairing simplify req parameters. TODO: needs to be reworked
|
|
* later on
|
|
*/
|
|
|
|
req->auth_req = BT_SMP_AUTH_BONDING;
|
|
req->io_capability = BT_SMP_IO_NO_INPUT_OUTPUT;
|
|
req->oob_flag = BT_SMP_OOB_NOT_PRESENT;
|
|
req->max_key_size = BT_SMP_MAX_ENC_KEY_SIZE;
|
|
req->init_key_dist = SEND_KEYS;
|
|
req->resp_key_dist = RECV_KEYS;
|
|
|
|
smp->local_dist = SEND_KEYS;
|
|
smp->remote_dist = RECV_KEYS;
|
|
|
|
memset(smp->tk, 0, sizeof(smp->tk));
|
|
|
|
/* Store req for later use */
|
|
smp->preq[0] = BT_SMP_CMD_PAIRING_REQ;
|
|
|
|
memcpy(smp->preq + 1, req, sizeof(*req));
|
|
|
|
bt_l2cap_send(conn, BT_L2CAP_CID_SMP, req_buf);
|
|
|
|
bt_atomic_setbit(&smp->allowed_cmds, BT_SMP_CMD_PAIRING_RSP);
|
|
return 0;
|
|
}
|
|
|
|
bool bt_smp_irk_matches(FAR const uint8_t irk[16], FAR const bt_addr_t *addr)
|
|
{
|
|
uint8_t hash[3];
|
|
int err;
|
|
|
|
wlinfo("IRK %s bdaddr %s", h(irk, 16), bt_addr_str(addr));
|
|
|
|
err = smp_ah(irk, addr->val + 3, hash);
|
|
if (err)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
return !memcmp(addr->val, hash, 3);
|
|
}
|