1 /******************************************************************************
2 *
3 * Copyright 2014-2015 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 #define LOG_TAG "smp"
20
21 #include <bluetooth/log.h>
22
23 #include "smp_int.h"
24 #include "types/hci_role.h"
25
26 using namespace bluetooth;
27
28 const char* const smp_br_state_name[SMP_BR_STATE_MAX + 1] = {
29 "SMP_BR_STATE_IDLE", "SMP_BR_STATE_WAIT_APP_RSP", "SMP_BR_STATE_PAIR_REQ_RSP",
30 "SMP_BR_STATE_BOND_PENDING", "SMP_BR_STATE_OUT_OF_RANGE"};
31
32 const char* const smp_br_event_name[SMP_BR_MAX_EVT] = {
33 "BR_PAIRING_REQ_EVT", "BR_PAIRING_RSP_EVT",
34 "BR_CONFIRM_EVT", "BR_RAND_EVT",
35 "BR_PAIRING_FAILED_EVT", "BR_ENCRPTION_INFO_EVT",
36 "BR_CENTRAL_ID_EVT", "BR_ID_INFO_EVT",
37 "BR_ID_ADDR_EVT", "BR_SIGN_INFO_EVT",
38 "BR_SECURITY_REQ_EVT", "BR_PAIR_PUBLIC_KEY_EVT",
39 "BR_PAIR_DHKEY_CHCK_EVT", "BR_PAIR_KEYPR_NOTIF_EVT",
40 "BR_KEY_READY_EVT", "BR_ENCRYPTED_EVT",
41 "BR_L2CAP_CONN_EVT", "BR_L2CAP_DISCONN_EVT",
42 "BR_KEYS_RSP_EVT", "BR_API_SEC_GRANT_EVT",
43 "BR_TK_REQ_EVT", "BR_AUTH_CMPL_EVT",
44 "BR_ENC_REQ_EVT", "BR_BOND_REQ_EVT",
45 "BR_DISCARD_SEC_REQ_EVT", "BR_OUT_OF_RANGE_EVT"};
46
47 const char* smp_get_br_event_name(tSMP_BR_EVENT event);
48 const char* smp_get_br_state_name(tSMP_BR_STATE state);
49
50 #define SMP_BR_SM_IGNORE 0
51 #define SMP_BR_NUM_ACTIONS 2
52 #define SMP_BR_SME_NEXT_STATE 2
53 #define SMP_BR_SM_NUM_COLS 3
54 typedef const uint8_t (*tSMP_BR_SM_TBL)[SMP_BR_SM_NUM_COLS];
55
56 enum {
57 SMP_SEND_PAIR_REQ,
58 SMP_BR_SEND_PAIR_RSP,
59 SMP_SEND_PAIR_FAIL,
60 SMP_SEND_ID_INFO,
61 SMP_BR_PROC_PAIR_CMD,
62 SMP_PROC_PAIR_FAIL,
63 SMP_PROC_ID_INFO,
64 SMP_PROC_ID_ADDR,
65 SMP_PROC_SRK_INFO,
66 SMP_BR_PROC_SEC_GRANT,
67 SMP_BR_PROC_SL_KEYS_RSP,
68 SMP_BR_KEY_DISTRIBUTION,
69 SMP_BR_PAIRING_COMPLETE,
70 SMP_SEND_APP_CBACK,
71 SMP_BR_CHECK_AUTH_REQ,
72 SMP_PAIR_TERMINATE,
73 SMP_IDLE_TERMINATE,
74 SMP_BR_SM_NO_ACTION
75 };
76
77 static const tSMP_ACT smp_br_sm_action[] = {
78 smp_send_pair_req, /* SMP_SEND_PAIR_REQ */
79 smp_br_send_pair_response, /* SMP_BR_SEND_PAIR_RSP */
80 smp_send_pair_fail, /* SMP_SEND_PAIR_FAIL */
81 smp_send_id_info, /* SMP_SEND_ID_INFO */
82 smp_br_process_pairing_command, /* SMP_BR_PROC_PAIR_CMD */
83 smp_proc_pair_fail, /* SMP_PROC_PAIR_FAIL */
84 smp_proc_id_info, /* SMP_PROC_ID_INFO */
85 smp_proc_id_addr, /* SMP_PROC_ID_ADDR */
86 smp_proc_srk_info, /* SMP_PROC_SRK_INFO */
87 smp_br_process_security_grant, /* SMP_BR_PROC_SEC_GRANT */
88 smp_br_process_peripheral_keys_response, /* SMP_BR_PROC_SL_KEYS_RSP */
89 smp_br_select_next_key, /* SMP_BR_KEY_DISTRIBUTION */
90 smp_br_pairing_complete, /* SMP_BR_PAIRING_COMPLETE */
91 smp_send_app_cback, /* SMP_SEND_APP_CBACK */
92 smp_br_check_authorization_request, /* SMP_BR_CHECK_AUTH_REQ */
93 smp_pair_terminate, /* SMP_PAIR_TERMINATE */
94 smp_idle_terminate /* SMP_IDLE_TERMINATE */
95 };
96
97 static const uint8_t smp_br_all_table[][SMP_BR_SM_NUM_COLS] = {
98 /* Event Action Next State */
99 /* BR_PAIRING_FAILED */
100 {SMP_PROC_PAIR_FAIL, SMP_BR_PAIRING_COMPLETE, SMP_BR_STATE_IDLE},
101 /* BR_AUTH_CMPL */
102 {SMP_SEND_PAIR_FAIL, SMP_BR_PAIRING_COMPLETE, SMP_BR_STATE_IDLE},
103 /* BR_L2CAP_DISCONN */
104 {SMP_PAIR_TERMINATE, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_IDLE}};
105
106 /************ SMP Central FSM State/Event Indirection Table **************/
107 static const uint8_t smp_br_central_entry_map[][SMP_BR_STATE_MAX] = {
108 /* br_state name: Idle WaitApp Pair Bond
109 Rsp ReqRsp Pend */
110 /* BR_PAIRING_REQ */ {0, 0, 0, 0},
111 /* BR_PAIRING_RSP */ {0, 0, 1, 0},
112 /* BR_CONFIRM */ {0, 0, 0, 0},
113 /* BR_RAND */ {0, 0, 0, 0},
114 /* BR_PAIRING_FAILED */ {0, 0x81, 0x81, 0},
115 /* BR_ENCRPTION_INFO */ {0, 0, 0, 0},
116 /* BR_CENTRAL_ID */ {0, 0, 0, 0},
117 /* BR_ID_INFO */ {0, 0, 0, 1},
118 /* BR_ID_ADDR */ {0, 0, 0, 2},
119 /* BR_SIGN_INFO */ {0, 0, 0, 3},
120 /* BR_SECURITY_REQ */ {0, 0, 0, 0},
121 /* BR_PAIR_PUBLIC_KEY_EVT */ {0, 0, 0, 0},
122 /* BR_PAIR_DHKEY_CHCK_EVT */ {0, 0, 0, 0},
123 /* BR_PAIR_KEYPR_NOTIF_EVT */ {0, 0, 0, 0},
124 /* BR_KEY_READY */ {0, 0, 0, 0},
125 /* BR_ENCRYPTED */ {0, 0, 0, 0},
126 /* BR_L2CAP_CONN */ {1, 0, 0, 0},
127 /* BR_L2CAP_DISCONN */ {2, 0x83, 0x83, 0x83},
128 /* BR_KEYS_RSP */ {0, 1, 0, 0},
129 /* BR_API_SEC_GRANT */ {0, 0, 0, 0},
130 /* BR_TK_REQ */ {0, 0, 0, 0},
131 /* BR_AUTH_CMPL */ {0, 0x82, 0x82, 0x82},
132 /* BR_ENC_REQ */ {0, 0, 0, 0},
133 /* BR_BOND_REQ */ {0, 0, 2, 0},
134 /* BR_DISCARD_SEC_REQ */ {0, 0, 0, 0}};
135
136 static const uint8_t smp_br_central_idle_table[][SMP_BR_SM_NUM_COLS] = {
137 /* Event Action Next State */
138 /* BR_L2CAP_CONN */
139 {SMP_SEND_APP_CBACK, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_WAIT_APP_RSP},
140 /* BR_L2CAP_DISCONN */
141 {SMP_IDLE_TERMINATE, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_IDLE}};
142
143 static const uint8_t smp_br_central_wait_appln_response_table[][SMP_BR_SM_NUM_COLS] = {
144 /* Event Action Next State */
145 /* BR_KEYS_RSP */
146 {SMP_SEND_PAIR_REQ, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_PAIR_REQ_RSP}};
147
148 static const uint8_t smp_br_central_pair_request_response_table[][SMP_BR_SM_NUM_COLS] = {
149 /* Event Action Next State */
150 /* BR_PAIRING_RSP */
151 {SMP_BR_PROC_PAIR_CMD, SMP_BR_CHECK_AUTH_REQ, SMP_BR_STATE_PAIR_REQ_RSP},
152 /* BR_BOND_REQ */
153 {SMP_BR_SM_NO_ACTION, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING}};
154
155 static const uint8_t smp_br_central_bond_pending_table[][SMP_BR_SM_NUM_COLS] = {
156 /* Event Action Next State */
157 /* BR_ID_INFO */
158 {SMP_PROC_ID_INFO, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING},
159 /* BR_ID_ADDR */
160 {SMP_PROC_ID_ADDR, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING},
161 /* BR_SIGN_INFO */
162 {SMP_PROC_SRK_INFO, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING}};
163
164 static const uint8_t smp_br_peripheral_entry_map[][SMP_BR_STATE_MAX] = {
165 /* br_state name: Idle WaitApp Pair Bond
166 Rsp ReqRsp Pend */
167 /* BR_PAIRING_REQ */ {1, 0, 0, 0},
168 /* BR_PAIRING_RSP */ {0, 0, 0, 0},
169 /* BR_CONFIRM */ {0, 0, 0, 0},
170 /* BR_RAND */ {0, 0, 0, 0},
171 /* BR_PAIRING_FAILED */ {0, 0x81, 0x81, 0x81},
172 /* BR_ENCRPTION_INFO */ {0, 0, 0, 0},
173 /* BR_CENTRAL_ID */ {0, 0, 0, 0},
174 /* BR_ID_INFO */ {0, 0, 0, 1},
175 /* BR_ID_ADDR */ {0, 0, 0, 2},
176 /* BR_SIGN_INFO */ {0, 0, 0, 3},
177 /* BR_SECURITY_REQ */ {0, 0, 0, 0},
178 /* BR_PAIR_PUBLIC_KEY_EVT */ {0, 0, 0, 0},
179 /* BR_PAIR_DHKEY_CHCK_EVT */ {0, 0, 0, 0},
180 /* BR_PAIR_KEYPR_NOTIF_EVT */ {0, 0, 0, 0},
181 /* BR_KEY_READY */ {0, 0, 0, 0},
182 /* BR_ENCRYPTED */ {0, 0, 0, 0},
183 /* BR_L2CAP_CONN */ {0, 0, 0, 0},
184 /* BR_L2CAP_DISCONN */ {0, 0x83, 0x83, 0x83},
185 /* BR_KEYS_RSP */ {0, 2, 0, 0},
186 /* BR_API_SEC_GRANT */ {0, 1, 0, 0},
187 /* BR_TK_REQ */ {0, 0, 0, 0},
188 /* BR_AUTH_CMPL */ {0, 0x82, 0x82, 0x82},
189 /* BR_ENC_REQ */ {0, 0, 0, 0},
190 /* BR_BOND_REQ */ {0, 3, 0, 0},
191 /* BR_DISCARD_SEC_REQ */ {0, 0, 0, 0}};
192
193 static const uint8_t smp_br_peripheral_idle_table[][SMP_BR_SM_NUM_COLS] = {
194 /* Event Action Next State */
195 /* BR_PAIRING_REQ */
196 {SMP_BR_PROC_PAIR_CMD, SMP_SEND_APP_CBACK, SMP_BR_STATE_WAIT_APP_RSP}};
197
198 static const uint8_t smp_br_peripheral_wait_appln_response_table[][SMP_BR_SM_NUM_COLS] = {
199 /* Event Action Next State */
200 /* BR_API_SEC_GRANT */
201 {SMP_BR_PROC_SEC_GRANT, SMP_SEND_APP_CBACK, SMP_BR_STATE_WAIT_APP_RSP},
202 /* BR_KEYS_RSP */
203 {SMP_BR_PROC_SL_KEYS_RSP, SMP_BR_CHECK_AUTH_REQ, SMP_BR_STATE_WAIT_APP_RSP},
204 /* BR_BOND_REQ */
205 {SMP_BR_KEY_DISTRIBUTION, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING}};
206
207 static const uint8_t smp_br_peripheral_bond_pending_table[][SMP_BR_SM_NUM_COLS] = {
208 /* Event Action Next State */
209 /* BR_ID_INFO */
210 {SMP_PROC_ID_INFO, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING},
211 /* BR_ID_ADDR */
212 {SMP_PROC_ID_ADDR, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING},
213 /* BR_SIGN_INFO */
214 {SMP_PROC_SRK_INFO, SMP_BR_SM_NO_ACTION, SMP_BR_STATE_BOND_PENDING}};
215
216 static const tSMP_BR_SM_TBL smp_br_state_table[][2] = {
217 /* SMP_BR_STATE_IDLE */
218 {smp_br_central_idle_table, smp_br_peripheral_idle_table},
219
220 /* SMP_BR_STATE_WAIT_APP_RSP */
221 {smp_br_central_wait_appln_response_table, smp_br_peripheral_wait_appln_response_table},
222
223 /* SMP_BR_STATE_PAIR_REQ_RSP */
224 {smp_br_central_pair_request_response_table, NULL},
225
226 /* SMP_BR_STATE_BOND_PENDING */
227 {smp_br_central_bond_pending_table, smp_br_peripheral_bond_pending_table},
228 };
229
230 typedef const uint8_t (*tSMP_BR_ENTRY_TBL)[SMP_BR_STATE_MAX];
231
232 static const tSMP_BR_ENTRY_TBL smp_br_entry_table[] = {smp_br_central_entry_map,
233 smp_br_peripheral_entry_map};
234
235 #define SMP_BR_ALL_TABLE_MASK 0x80
236
237 /*******************************************************************************
238 * Function smp_set_br_state
239 * Returns None
240 ******************************************************************************/
smp_set_br_state(tSMP_BR_STATE br_state)241 void smp_set_br_state(tSMP_BR_STATE br_state) {
242 if (br_state < SMP_BR_STATE_MAX) {
243 log::verbose("BR_State change:{}({})==>{}({})", smp_get_br_state_name(smp_cb.br_state),
244 smp_cb.br_state, smp_get_br_state_name(br_state), br_state);
245 smp_cb.br_state = br_state;
246 } else {
247 log::verbose("invalid br_state={}", br_state);
248 }
249 }
250
251 /*******************************************************************************
252 * Function smp_get_br_state
253 * Returns The smp_br state
254 ******************************************************************************/
smp_get_br_state(void)255 tSMP_BR_STATE smp_get_br_state(void) { return smp_cb.br_state; }
256
257 /*******************************************************************************
258 * Function smp_get_br_state_name
259 * Returns The smp_br state name.
260 ******************************************************************************/
smp_get_br_state_name(tSMP_BR_STATE br_state)261 const char* smp_get_br_state_name(tSMP_BR_STATE br_state) {
262 const char* p_str = smp_br_state_name[SMP_BR_STATE_MAX];
263
264 if (br_state < SMP_BR_STATE_MAX) {
265 p_str = smp_br_state_name[br_state];
266 }
267
268 return p_str;
269 }
270 /*******************************************************************************
271 * Function smp_get_br_event_name
272 * Returns The smp_br event name.
273 ******************************************************************************/
smp_get_br_event_name(tSMP_BR_EVENT event)274 const char* smp_get_br_event_name(tSMP_BR_EVENT event) {
275 const char* p_str = smp_br_event_name[SMP_BR_MAX_EVT - 1];
276
277 if (event < SMP_BR_MAX_EVT) {
278 p_str = smp_br_event_name[event - 1];
279 }
280 return p_str;
281 }
282
283 /*******************************************************************************
284 *
285 * Function smp_br_state_machine_event
286 *
287 * Description Handle events to the state machine. It looks up the entry
288 * in the smp_br_entry_table array.
289 * If it is a valid entry, it gets the state table. Set the next
290 * state, if not NULL state. Execute the action function according
291 * to the state table. If the state returned by action function is
292 * not NULL state, adjust the new state to the returned state.
293 *
294 * Returns void.
295 *
296 ******************************************************************************/
smp_br_state_machine_event(tSMP_CB * p_cb,tSMP_BR_EVENT event,tSMP_INT_DATA * p_data)297 void smp_br_state_machine_event(tSMP_CB* p_cb, tSMP_BR_EVENT event, tSMP_INT_DATA* p_data) {
298 tSMP_BR_STATE curr_state = p_cb->br_state;
299 tSMP_BR_SM_TBL state_table;
300 uint8_t action, entry;
301
302 log::debug("addr:{}", p_cb->pairing_bda);
303 if (curr_state >= SMP_BR_STATE_MAX) {
304 log::error("Invalid br_state: {}", curr_state);
305 return;
306 }
307
308 if (p_cb->role > HCI_ROLE_PERIPHERAL) {
309 log::error("invalid role {}", p_cb->role);
310 return;
311 }
312
313 tSMP_BR_ENTRY_TBL entry_table = smp_br_entry_table[p_cb->role];
314
315 log::debug("Role:{} State:[{}({})], Event:[{}({})]", hci_role_text(p_cb->role),
316 smp_get_br_state_name(p_cb->br_state), p_cb->br_state, smp_get_br_event_name(event),
317 event);
318
319 /* look up the state table for the current state */
320 /* lookup entry / w event & curr_state */
321 /* If entry is ignore, return.
322 * Otherwise, get state table (according to curr_state or all_state) */
323 if ((event <= SMP_BR_MAX_EVT) &&
324 ((entry = entry_table[event - 1][curr_state]) != SMP_BR_SM_IGNORE)) {
325 if (entry & SMP_BR_ALL_TABLE_MASK) {
326 entry &= ~SMP_BR_ALL_TABLE_MASK;
327 state_table = smp_br_all_table;
328 } else {
329 state_table = smp_br_state_table[curr_state][p_cb->role];
330 }
331 } else {
332 log::verbose("Ignore event[{}({})] in state[{}({})]", smp_get_br_event_name(event), event,
333 smp_get_br_state_name(curr_state), curr_state);
334 return;
335 }
336
337 /* Get possible next state from state table. */
338
339 smp_set_br_state(state_table[entry - 1][SMP_BR_SME_NEXT_STATE]);
340
341 /* If action is not ignore, clear param, exec action and get next state.
342 * The action function may set the Param for cback.
343 * Depending on param, call cback or free buffer. */
344 /* execute action functions */
345 for (uint8_t i = 0; i < SMP_BR_NUM_ACTIONS; i++) {
346 action = state_table[entry - 1][i];
347 if (action != SMP_BR_SM_NO_ACTION) {
348 (*smp_br_sm_action[action])(p_cb, p_data);
349 } else {
350 break;
351 }
352 }
353 log::verbose("result state={}", smp_get_br_state_name(p_cb->br_state));
354 }
355