1 /****************************************************************************** 2 * 3 * Copyright 2023 The Android Open Source Project 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19 #pragma once 20 21 #include <base/functional/callback.h> 22 #include <base/strings/stringprintf.h> 23 #include <bluetooth/log.h> 24 25 #include <cstdint> 26 27 #include "bta/include/bta_api_data_types.h" 28 #include "include/hardware/bluetooth.h" 29 #include "stack/include/bt_device_type.h" 30 #include "stack/include/bt_name.h" 31 #include "stack/include/bt_octets.h" 32 #include "stack/include/btm_ble_sec_api_types.h" 33 #include "stack/include/btm_sec_api_types.h" 34 #include "stack/include/hci_error_code.h" 35 #include "types/raw_address.h" 36 37 /* Security Setting Mask */ 38 #define BTA_SEC_AUTHENTICATE \ 39 (BTM_SEC_IN_AUTHENTICATE | BTM_SEC_OUT_AUTHENTICATE) /* Authentication required. */ 40 #define BTA_SEC_ENCRYPT (BTM_SEC_IN_ENCRYPT | BTM_SEC_OUT_ENCRYPT) /* Encryption required. */ 41 42 typedef uint16_t tBTA_SEC; 43 44 typedef enum : uint8_t { 45 /* Security Callback Events */ 46 BTA_DM_PIN_REQ_EVT = 2, /* PIN request. */ 47 BTA_DM_AUTH_CMPL_EVT = 3, /* Authentication complete indication. */ 48 BTA_DM_AUTHORIZE_EVT = 4, /* Authorization request. */ 49 BTA_DM_BOND_CANCEL_CMPL_EVT = 9, /* Bond cancel complete indication */ 50 BTA_DM_SP_CFM_REQ_EVT = 10, /* Simple Pairing User Confirmation request */ 51 BTA_DM_SP_KEY_NOTIF_EVT = 11, /* Simple Pairing Passkey Notification */ 52 BTA_DM_BLE_KEY_EVT = 15, /* BLE SMP key event for peer device keys */ 53 BTA_DM_BLE_SEC_REQ_EVT = 16, /* BLE SMP security request */ 54 BTA_DM_BLE_PASSKEY_NOTIF_EVT = 17, /* SMP passkey notification event */ 55 BTA_DM_BLE_PASSKEY_REQ_EVT = 18, /* SMP passkey request event */ 56 BTA_DM_BLE_OOB_REQ_EVT = 19, /* SMP OOB request event */ 57 BTA_DM_BLE_LOCAL_IR_EVT = 20, /* BLE local IR event */ 58 BTA_DM_BLE_LOCAL_ER_EVT = 21, /* BLE local ER event */ 59 BTA_DM_BLE_NC_REQ_EVT = 22, /* SMP Numeric Comparison request event */ 60 BTA_DM_SP_RMT_OOB_EXT_EVT = 23, /* Simple Pairing Remote OOB Extended Data request. */ 61 BTA_DM_BLE_AUTH_CMPL_EVT = 24, /* BLE Auth complete */ 62 BTA_DM_DEV_UNPAIRED_EVT = 25, 63 BTA_DM_ENER_INFO_READ = 28, /* Energy info read */ 64 BTA_DM_BLE_SC_OOB_REQ_EVT = 29, /* SMP SC OOB request event */ 65 BTA_DM_BLE_CONSENT_REQ_EVT = 30, /* SMP consent request event */ 66 BTA_DM_BLE_SC_CR_LOC_OOB_EVT = 31, /* SMP SC Create Local OOB request event */ 67 BTA_DM_REPORT_BONDING_EVT = 32, /*handle for pin or key missing*/ 68 BTA_DM_LE_ADDR_ASSOC_EVT = 33, /* identity address association event */ 69 BTA_DM_SIRK_VERIFICATION_REQ_EVT = 35, 70 BTA_DM_KEY_MISSING_EVT = 36, 71 BTA_DM_ENCRYPTION_CHANGE_EVT = 37, 72 } tBTA_DM_SEC_EVT; 73 74 /* Structure associated with BTA_DM_PIN_REQ_EVT */ 75 typedef struct { 76 /* Note: First 3 data members must be, bd_addr, dev_class, and bd_name in 77 * order */ 78 RawAddress bd_addr; /* BD address peer device. */ 79 DEV_CLASS dev_class; /* Class of Device */ 80 BD_NAME bd_name; /* Name of peer device. */ 81 82 bool min_16_digit; /* true if the pin returned must be at least 16 digits */ 83 } tBTA_DM_PIN_REQ; 84 85 /* BLE related definition */ 86 87 #define BTA_DM_AUTH_FAIL_BASE (HCI_ERR_MAX_ERR + 10) 88 89 /* Converts SMP error codes defined in smp_api.h to SMP auth fail reasons below. 90 */ 91 #define BTA_DM_AUTH_CONVERT_SMP_CODE(x) (BTA_DM_AUTH_FAIL_BASE + (x)) 92 93 #define BTA_DM_AUTH_SMP_PAIR_AUTH_FAIL (BTA_DM_AUTH_FAIL_BASE + SMP_PAIR_AUTH_FAIL) 94 #define BTA_DM_AUTH_SMP_CONFIRM_VALUE_FAIL (BTA_DM_AUTH_FAIL_BASE + SMP_CONFIRM_VALUE_ERR) 95 #define BTA_DM_AUTH_SMP_PAIR_NOT_SUPPORT (BTA_DM_AUTH_FAIL_BASE + SMP_PAIR_NOT_SUPPORT) 96 #define BTA_DM_AUTH_SMP_UNKNOWN_ERR (BTA_DM_AUTH_FAIL_BASE + SMP_PAIR_FAIL_UNKNOWN) 97 #define BTA_DM_AUTH_SMP_CONN_TOUT (BTA_DM_AUTH_FAIL_BASE + SMP_CONN_TOUT) 98 99 typedef uint8_t tBTA_LE_KEY_TYPE; /* can be used as a bit mask */ 100 101 typedef union { 102 tBTM_LE_PENC_KEYS penc_key; /* received peer encryption key */ 103 tBTM_LE_PCSRK_KEYS psrk_key; /* received peer device SRK */ 104 tBTM_LE_PID_KEYS pid_key; /* peer device ID key */ 105 tBTM_LE_LENC_KEYS lenc_key; /* local encryption reproduction keys LTK = = d1(ER,DIV,0)*/ 106 tBTM_LE_LCSRK_KEYS lcsrk_key; /* local device CSRK = d1(ER,DIV,1)*/ 107 tBTM_LE_PID_KEYS lid_key; /* local device ID key for the particular remote */ 108 } tBTA_LE_KEY_VALUE; 109 110 #define BTA_BLE_LOCAL_KEY_TYPE_ID 1 111 #define BTA_BLE_LOCAL_KEY_TYPE_ER 2 112 typedef uint8_t tBTA_DM_BLE_LOCAL_KEY_MASK; 113 114 typedef struct { 115 Octet16 ir; 116 Octet16 irk; 117 Octet16 dhk; 118 } tBTA_BLE_LOCAL_ID_KEYS; 119 120 enum class tBTA_DM_BLE_SEC_GRANT { 121 BTA_DM_SEC_GRANTED = BTA_SUCCESS, 122 BTA_DM_SEC_PAIR_NOT_SPT = BTA_DM_AUTH_SMP_PAIR_NOT_SUPPORT 123 }; 124 125 /* Structure associated with BTA_DM_BLE_SEC_REQ_EVT */ 126 typedef struct { 127 /* Note: First 3 data members must be, bd_addr, dev_class, and bd_name in 128 * order */ 129 RawAddress bd_addr; /* peer address */ 130 DEV_CLASS dev_class; 131 BD_NAME bd_name; /* peer device name */ 132 } tBTA_DM_BLE_SEC_REQ; 133 134 typedef struct { 135 RawAddress bd_addr; /* peer address */ 136 tBTM_LE_KEY_TYPE key_type; 137 tBTM_LE_KEY_VALUE* p_key_value; 138 } tBTA_DM_BLE_KEY; 139 140 /* Structure associated with BTA_DM_AUTH_CMPL_EVT */ 141 typedef struct { 142 RawAddress bd_addr; /* BD address peer device. */ 143 BD_NAME bd_name; /* Name of peer device. */ 144 bool key_present; /* Valid link key value in key element */ 145 LinkKey key; /* Link key associated with peer device. */ 146 uint8_t key_type; /* The type of Link Key */ 147 bool success; /* true of authentication succeeded, false if failed. */ 148 tHCI_REASON fail_reason; /* The HCI reason/error code for when success=false */ 149 tBLE_ADDR_TYPE addr_type; /* Peer device address type */ 150 tBT_DEVICE_TYPE dev_type; 151 bool is_ctkd; /* True if key is derived using CTKD procedure */ 152 } tBTA_DM_AUTH_CMPL; 153 154 /* Structure associated with BTA_DM_DEV_UNPAIRED_EVT */ 155 typedef struct { 156 RawAddress bd_addr; /* BD address peer device. */ 157 tBT_TRANSPORT transport_link_type; 158 } tBTA_DM_UNPAIR; 159 160 #define BTA_AUTH_SP_YES \ 161 BTM_AUTH_SP_YES /* 1 MITM Protection Required - Single Profile/non-bonding \ 162 Use IO Capabilities to determine authentication procedure \ 163 */ 164 165 #define BTA_AUTH_DD_BOND BTM_AUTH_DD_BOND /* 2 this bit is set for dedicated bonding */ 166 #define BTA_AUTH_GEN_BOND BTM_AUTH_SPGB_NO /* 4 this bit is set for general bonding */ 167 #define BTA_AUTH_BONDS BTM_AUTH_BONDS /* 6 the general/dedicated bonding bits */ 168 169 #define BTA_LE_AUTH_REQ_SC_MITM_BOND BTM_LE_AUTH_REQ_SC_MITM_BOND /* 1101 */ 170 171 /* Structure associated with BTA_DM_SP_CFM_REQ_EVT */ 172 typedef struct { 173 /* Note: First 3 data members must be, bd_addr, dev_class, and bd_name in 174 * order */ 175 RawAddress bd_addr; /* peer address */ 176 DEV_CLASS dev_class; /* peer CoD */ 177 BD_NAME bd_name; /* peer device name */ 178 179 uint32_t num_val; /* the numeric value for comparison. If just_works, do not 180 show this number to UI */ 181 bool just_works; /* true, if "Just Works" association model */ 182 tBTM_AUTH_REQ loc_auth_req; /* Authentication required for local device */ 183 tBTM_AUTH_REQ rmt_auth_req; /* Authentication required for peer device */ 184 tBTM_IO_CAP loc_io_caps; /* IO Capabilities of local device */ 185 tBTM_IO_CAP rmt_io_caps; // IO Capabilities of remote device 186 } tBTA_DM_SP_CFM_REQ; 187 188 /* Structure associated with BTA_DM_SP_KEY_NOTIF_EVT */ 189 typedef struct { 190 /* Note: First 3 data members must be, bd_addr, dev_class, and bd_name in 191 * order */ 192 RawAddress bd_addr; /* peer address */ 193 DEV_CLASS dev_class; /* peer CoD */ 194 BD_NAME bd_name; /* peer device name */ 195 196 uint32_t passkey; /* the numeric value for comparison. If just_works, do not 197 show this number to UI */ 198 } tBTA_DM_SP_KEY_NOTIF; 199 200 /* Structure associated with BTA_DM_SP_RMT_OOB_EVT */ 201 typedef struct { 202 /* Note: First 3 data members must be, bd_addr, dev_class, and bd_name in 203 * order */ 204 RawAddress bd_addr; /* peer address */ 205 DEV_CLASS dev_class; /* peer CoD */ 206 BD_NAME bd_name; /* peer device name */ 207 } tBTA_DM_SP_RMT_OOB; 208 209 /* Structure associated with BTA_DM_BOND_CANCEL_CMPL_EVT */ 210 typedef struct { 211 tBTA_STATUS result; /* true of bond cancel succeeded, false if failed. */ 212 } tBTA_DM_BOND_CANCEL_CMPL; 213 214 /* Add to remove bond of key missing RC */ 215 typedef struct { 216 RawAddress bd_addr; 217 } tBTA_DM_RC_UNPAIR; 218 219 typedef struct { 220 Octet16 local_oob_c; /* Local OOB Data Confirmation/Commitment */ 221 Octet16 local_oob_r; /* Local OOB Data Randomizer */ 222 } tBTA_DM_LOC_OOB_DATA; 223 224 /* Union of all security callback structures */ 225 typedef union { 226 tBTA_DM_PIN_REQ pin_req; /* PIN request. */ 227 tBTA_DM_AUTH_CMPL auth_cmpl; /* Authentication complete indication. */ 228 tBTA_DM_UNPAIR dev_unpair; /* Remove bonding complete indication */ 229 tBTA_DM_SP_CFM_REQ cfm_req; /* user confirm request */ 230 tBTA_DM_SP_KEY_NOTIF key_notif; /* passkey notification */ 231 tBTA_DM_SP_RMT_OOB rmt_oob; /* remote oob */ 232 tBTA_DM_BOND_CANCEL_CMPL bond_cancel_cmpl; /* Bond Cancel Complete indication */ 233 tBTA_DM_BLE_SEC_REQ ble_req; /* BLE SMP related request */ 234 tBTA_DM_BLE_KEY ble_key; /* BLE SMP keys used when pairing */ 235 tBTA_BLE_LOCAL_ID_KEYS ble_id_keys; /* IR event */ 236 Octet16 ble_er; /* ER event data */ 237 tBTA_DM_LOC_OOB_DATA local_oob_data; /* Local OOB data generated by us */ 238 tBTA_DM_RC_UNPAIR delete_key_RC_to_unpair; 239 tBTA_DM_PROC_ID_ADDR proc_id_addr; /* Identity address event */ 240 tBTA_DM_KEY_MISSING key_missing; 241 bt_encryption_change_evt encryption_change; 242 } tBTA_DM_SEC; 243 244 /* Security callback */ 245 typedef void(tBTA_DM_SEC_CBACK)(tBTA_DM_SEC_EVT event, tBTA_DM_SEC* p_data); 246 247 /* Encryption callback*/ 248 typedef void(tBTA_DM_ENCRYPT_CBACK)(const RawAddress& bd_addr, tBT_TRANSPORT transport, 249 tBTA_STATUS result); 250 251 /******************************************************************************* 252 * 253 * Function BTA_DmBond 254 * 255 * Description This function initiates a bonding procedure with a peer 256 * device by designated transport. The bonding procedure 257 * enables authentication and optionally encryption on the 258 * Bluetooth link. 259 * 260 * 261 * Returns void 262 * 263 ******************************************************************************/ 264 void BTA_DmBond(const RawAddress& bd_addr, tBLE_ADDR_TYPE addr_type, tBT_TRANSPORT transport, 265 tBT_DEVICE_TYPE device_type); 266 267 /******************************************************************************* 268 * 269 * Function BTA_DmBondCancel 270 * 271 * Description This function cancels a bonding procedure with a peer 272 * device. 273 * 274 * 275 * Returns void 276 * 277 ******************************************************************************/ 278 void BTA_DmBondCancel(const RawAddress& bd_addr); 279 280 /******************************************************************************* 281 * 282 * Function BTA_DmPinReply 283 * 284 * Description This function provides a PIN when one is requested by DM 285 * during a bonding procedure. The application should call 286 * this function after the security callback is called with 287 * a BTA_DM_PIN_REQ_EVT. 288 * 289 * 290 * Returns void 291 * 292 ******************************************************************************/ 293 void BTA_DmPinReply(const RawAddress& bd_addr, bool accept, uint8_t pin_len, uint8_t* p_pin); 294 295 /******************************************************************************* 296 * 297 * Function BTA_DmLocalOob 298 * 299 * Description This function retrieves the OOB data from local controller. 300 * The result is reported by bta_dm_co_loc_oob(). 301 * 302 * Returns void 303 * 304 ******************************************************************************/ 305 void BTA_DmLocalOob(void); 306 307 /******************************************************************************* 308 * 309 * Function BTA_DmConfirm 310 * 311 * Description This function accepts or rejects the numerical value of the 312 * Simple Pairing process on BTA_DM_SP_CFM_REQ_EVT 313 * 314 * Returns void 315 * 316 ******************************************************************************/ 317 void BTA_DmConfirm(const RawAddress& bd_addr, bool accept); 318 319 /******************************************************************************* 320 * 321 * Function BTA_DmAddDevice 322 * 323 * Description This function adds a device to the security database list 324 * of peer devices. This function would typically be called 325 * at system startup to initialize the security database with 326 * known peer devices. This is a direct execution function 327 * that may lock task scheduling on some platforms. 328 * 329 * Returns void 330 * 331 ******************************************************************************/ 332 void BTA_DmAddDevice(RawAddress bd_addr, DEV_CLASS dev_class, LinkKey link_key, uint8_t key_type, 333 uint8_t pin_length); 334 335 /******************************************************************************* 336 * 337 * Function BTA_DmRemoveDevice 338 * 339 * Description This function removes a device from the security database. 340 * This is a direct execution function that may lock task 341 * scheduling on some platforms. 342 * 343 * 344 * Returns BTA_SUCCESS if successful. 345 * BTA_FAIL if operation failed. 346 * 347 ******************************************************************************/ 348 tBTA_STATUS BTA_DmRemoveDevice(const RawAddress& bd_addr); 349 350 /* BLE related API functions */ 351 /******************************************************************************* 352 * 353 * Function BTA_DmBleSecurityGrant 354 * 355 * Description Grant security request access. 356 * 357 * Parameters: bd_addr - BD address of the peer 358 * res - security grant status. 359 * 360 * Returns void 361 * 362 ******************************************************************************/ 363 void BTA_DmBleSecurityGrant(const RawAddress& bd_addr, tBTA_DM_BLE_SEC_GRANT res); 364 365 /******************************************************************************* 366 * 367 * Function BTA_DmBlePasskeyReply 368 * 369 * Description Send BLE SMP passkey reply. 370 * 371 * Parameters: bd_addr - BD address of the peer 372 * accept - passkey entry successful or declined. 373 * passkey - passkey value, must be a 6 digit number, 374 * can be lead by 0. 375 * 376 * Returns void 377 * 378 ******************************************************************************/ 379 void BTA_DmBlePasskeyReply(const RawAddress& bd_addr, bool accept, uint32_t passkey); 380 381 /******************************************************************************* 382 * 383 * Function BTA_DmBleConfirmReply 384 * 385 * Description Send BLE SMP SC user confirmation reply. 386 * 387 * Parameters: bd_addr - BD address of the peer 388 * accept - numbers to compare are the same or 389 * different. 390 * 391 * Returns void 392 * 393 ******************************************************************************/ 394 void BTA_DmBleConfirmReply(const RawAddress& bd_addr, bool accept); 395 396 /******************************************************************************* 397 * 398 * Function BTA_DmAddBleDevice 399 * 400 * Description Add a BLE device. This function will be normally called 401 * during host startup to restore all required information 402 * for a LE device stored in the NVRAM. 403 * 404 * Parameters: bd_addr - BD address of the peer 405 * dev_type - Remote device's device type. 406 * addr_type - LE device address type. 407 * 408 * Returns void 409 * 410 ******************************************************************************/ 411 void BTA_DmAddBleDevice(const RawAddress& bd_addr, tBLE_ADDR_TYPE addr_type, 412 tBT_DEVICE_TYPE dev_type); 413 414 /******************************************************************************* 415 * 416 * Function BTA_DmAddBleKey 417 * 418 * Description Add/modify LE device information. This function will be 419 * normally called during host startup to restore all required 420 * information stored in the NVRAM. 421 * 422 * Parameters: bd_addr - BD address of the peer 423 * p_le_key - LE key values. 424 * key_type - LE SMP key type. 425 * 426 * Returns void 427 * 428 ******************************************************************************/ 429 void BTA_DmAddBleKey(const RawAddress& bd_addr, tBTA_LE_KEY_VALUE* p_le_key, 430 tBTM_LE_KEY_TYPE key_type); 431 432 /******************************************************************************* 433 * 434 * Function BTA_DmSetEncryption 435 * 436 * Description This function is called to ensure that connection is 437 * encrypted. Should be called only on an open connection. 438 * Typically only needed for connections that first want to 439 * bring up unencrypted links, then later encrypt them. 440 * 441 * Parameters: bd_addr - Address of the peer device 442 * transport - transport of the link to be encruypted 443 * p_callback - Pointer to callback function to indicat the 444 * link encryption status 445 * sec_act - This is the security action to indicate 446 * what kind of BLE security level is required 447 * for the BLE link if BLE is supported 448 * Note: This parameter is ignored for 449 * BR/EDR or if BLE is not supported. 450 * 451 * Returns void 452 * 453 * 454 ******************************************************************************/ 455 void BTA_DmSetEncryption(const RawAddress& bd_addr, tBT_TRANSPORT transport, 456 tBTA_DM_ENCRYPT_CBACK* p_callback, tBTM_BLE_SEC_ACT sec_act); 457 458 /******************************************************************************* 459 * 460 * Function BTA_DmSirkSecCbRegister 461 * 462 * Description This procedure registeres in requested a callback for 463 * verification by CSIS potential set member. 464 * 465 * Parameters p_cback - callback to member verificator 466 * 467 * Returns void 468 * 469 ******************************************************************************/ 470 void BTA_DmSirkSecCbRegister(tBTA_DM_SEC_CBACK* p_cback); 471 472 /******************************************************************************* 473 * 474 * Function BTA_DmSirkConfirmDeviceReply 475 * 476 * Description This procedure confirms requested to validate set device. 477 * 478 * Parameters bd_addr - BD address of the peer 479 * accept - True if device is authorized by CSIS, false 480 * otherwise. 481 * 482 * Returns void 483 * 484 ******************************************************************************/ 485 void BTA_DmSirkConfirmDeviceReply(const RawAddress& bd_addr, bool accept); 486 487 namespace std { 488 template <> 489 struct formatter<tBTA_DM_SEC_EVT> : enum_formatter<tBTA_DM_SEC_EVT> {}; 490 } // namespace std 491