1 /******************************************************************************
2 *
3 * Copyright 2003-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 #define LOG_TAG "smp"
20
21 #include <bluetooth/log.h>
22
23 #include "smp_int.h"
24 #include "stack/include/btm_log_history.h"
25
26 using namespace bluetooth;
27
28 namespace {
29
30 constexpr char kBtmLogTag[] = "SMP";
31
32 }
33
34 const char* const smp_state_name[] = {"SMP_STATE_IDLE",
35 "SMP_STATE_WAIT_APP_RSP",
36 "SMP_STATE_SEC_REQ_PENDING",
37 "SMP_STATE_PAIR_REQ_RSP",
38 "SMP_STATE_WAIT_CONFIRM",
39 "SMP_STATE_CONFIRM",
40 "SMP_STATE_RAND",
41 "SMP_STATE_PUBLIC_KEY_EXCH",
42 "SMP_STATE_SEC_CONN_PHS1_START",
43 "SMP_STATE_WAIT_COMMITMENT",
44 "SMP_STATE_WAIT_NONCE",
45 "SMP_STATE_SEC_CONN_PHS2_START",
46 "SMP_STATE_WAIT_DHK_CHECK",
47 "SMP_STATE_DHK_CHECK",
48 "SMP_STATE_ENCRYPTION_PENDING",
49 "SMP_STATE_BOND_PENDING",
50 "SMP_STATE_CREATE_LOCAL_SEC_CONN_OOB_DATA",
51 "SMP_STATE_MAX"};
52
53 const char* const smp_event_name[] = {"PAIRING_REQ_EVT",
54 "PAIRING_RSP_EVT",
55 "CONFIRM_EVT",
56 "RAND_EVT",
57 "PAIRING_FAILED_EVT",
58 "ENC_INFO_EVT",
59 "CENTRAL_ID_EVT",
60 "ID_INFO_EVT",
61 "ID_ADDR_EVT",
62 "SIGN_INFO_EVT",
63 "SECURITY_REQ_EVT",
64 "PAIR_PUBLIC_KEY_EVT",
65 "PAIR_DHKEY_CHECK_EVT",
66 "PAIR_KEYPRESS_NOTIFICATION_EVT",
67 "PAIR_COMMITMENT_EVT",
68 "KEY_READY_EVT",
69 "ENCRYPTED_EVT",
70 "L2CAP_CONN_EVT",
71 "L2CAP_DISCONN_EVT",
72 "API_IO_RSP_EVT",
73 "API_SEC_GRANT_EVT",
74 "TK_REQ_EVT",
75 "AUTH_CMPL_EVT",
76 "ENC_REQ_EVT",
77 "BOND_REQ_EVT",
78 "DISCARD_SEC_REQ_EVT",
79 "PUBLIC_KEY_EXCHANGE_REQ_EVT",
80 "LOCAL_PUBLIC_KEY_CRTD_EVT",
81 "BOTH_PUBLIC_KEYS_RCVD_EVT",
82 "SEC_CONN_DHKEY_COMPLETE_EVT",
83 "HAVE_LOCAL_NONCE_EVT",
84 "SEC_CONN_PHASE1_CMPLT_EVT",
85 "SEC_CONN_CALC_NC_EVT",
86 "SEC_CONN_DISPLAY_NC_EVT",
87 "SEC_CONN_OK_EVT",
88 "SEC_CONN_2_DHCK_CHECKS_PRESENT_EVT",
89 "SEC_CONN_KEY_READY_EVT",
90 "KEYPRESS_NOTIFICATION_EVT",
91 "SEC_CONN_OOB_DATA_EVT",
92 "CREATE_LOCAL_SEC_CONN_OOB_DATA_EVT",
93 "SIRK_DEVICE_VALID_EVT",
94 "OUT_OF_RANGE_EVT"};
95
96 const char* smp_get_event_name(tSMP_EVENT event);
97 const char* smp_get_state_name(tSMP_STATE state);
98
99 #define SMP_SM_IGNORE 0
100 #define SMP_NUM_ACTIONS 2
101 #define SMP_SME_NEXT_STATE 2
102 #define SMP_SM_NUM_COLS 3
103
104 typedef const uint8_t (*tSMP_SM_TBL)[SMP_SM_NUM_COLS];
105
106 enum {
107 SMP_PROC_SEC_REQ,
108 SMP_SEND_PAIR_REQ,
109 SMP_SEND_PAIR_RSP,
110 SMP_SEND_CONFIRM,
111 SMP_SEND_PAIR_FAIL,
112 SMP_SEND_RAND,
113 SMP_SEND_ENC_INFO,
114 SMP_SEND_ID_INFO,
115 SMP_SEND_LTK_REPLY,
116 SMP_PROC_PAIR_CMD,
117 SMP_PROC_PAIR_FAIL,
118 SMP_PROC_CONFIRM,
119 SMP_PROC_RAND,
120 SMP_PROC_ENC_INFO,
121 SMP_PROC_CENTRAL_ID,
122 SMP_PROC_ID_INFO,
123 SMP_PROC_ID_ADDR,
124 SMP_PROC_SRK_INFO,
125 SMP_PROC_SEC_GRANT,
126 SMP_PROC_SL_KEY,
127 SMP_PROC_COMPARE,
128 SMP_PROC_IO_RSP,
129 SMP_GENERATE_COMPARE,
130 SMP_GENERATE_CONFIRM,
131 SMP_GENERATE_STK,
132 SMP_KEY_DISTRIBUTE,
133 SMP_START_ENC,
134 SMP_PAIRING_CMPL,
135 SMP_DECIDE_ASSO_MODEL,
136 SMP_SEND_APP_CBACK,
137 SMP_CHECK_AUTH_REQ,
138 SMP_PAIR_TERMINATE,
139 SMP_ENC_CMPL,
140 SMP_SIRK_VERIFY,
141 SMP_PROC_DISCARD,
142 SMP_CREATE_PRIVATE_KEY,
143 SMP_USE_OOB_PRIVATE_KEY,
144 SMP_SEND_PAIR_PUBLIC_KEY,
145 SMP_PROCESS_PAIR_PUBLIC_KEY,
146 SMP_HAVE_BOTH_PUBLIC_KEYS,
147 SMP_START_SEC_CONN_PHASE1,
148 SMP_PROCESS_LOCAL_NONCE,
149 SMP_SEND_COMMITMENT,
150 SMP_PROCESS_PAIRING_COMMITMENT,
151 SMP_PROCESS_PEER_NONCE,
152 SMP_CALCULATE_LOCAL_DHKEY_CHECK,
153 SMP_SEND_DHKEY_CHECK,
154 SMP_PROCESS_DHKEY_CHECK,
155 SMP_CALCULATE_PEER_DHKEY_CHECK,
156 SMP_MATCH_DHKEY_CHECKS,
157 SMP_CALCULATE_NUMERIC_COMPARISON_DISPLAY_NUMBER,
158 SMP_MOVE_TO_SEC_CONN_PHASE2,
159 SMP_PH2_DHKEY_CHECKS_ARE_PRESENT,
160 SMP_WAIT_FOR_BOTH_PUBLIC_KEYS,
161 SMP_START_PASSKEY_VERIFICATION,
162 SMP_SEND_KEYPRESS_NOTIFICATION,
163 SMP_PROCESS_KEYPRESS_NOTIFICATION,
164 SMP_PROCESS_SECURE_CONNECTION_OOB_DATA,
165 SMP_SET_LOCAL_OOB_KEYS,
166 SMP_SET_LOCAL_OOB_RAND_COMMITMENT,
167 SMP_IDLE_TERMINATE,
168 SMP_SM_NO_ACTION
169 };
170
171 static const tSMP_ACT smp_sm_action[] = {smp_proc_sec_req,
172 smp_send_pair_req,
173 smp_send_pair_rsp,
174 smp_send_confirm,
175 smp_send_pair_fail,
176 smp_send_rand,
177 smp_send_enc_info,
178 smp_send_id_info,
179 smp_send_ltk_reply,
180 smp_proc_pair_cmd,
181 smp_proc_pair_fail,
182 smp_proc_confirm,
183 smp_proc_rand,
184 smp_proc_enc_info,
185 smp_proc_central_id,
186 smp_proc_id_info,
187 smp_proc_id_addr,
188 smp_proc_srk_info,
189 smp_proc_sec_grant,
190 smp_proc_sl_key,
191 smp_proc_compare,
192 smp_process_io_response,
193 smp_generate_compare,
194 smp_generate_srand_mrand_confirm,
195 smp_generate_stk,
196 smp_key_distribution,
197 smp_start_enc,
198 smp_pairing_cmpl,
199 smp_decide_association_model,
200 smp_send_app_cback,
201 smp_check_auth_req,
202 smp_pair_terminate,
203 smp_enc_cmpl,
204 smp_sirk_verify,
205 smp_proc_discard,
206 smp_create_private_key,
207 smp_use_oob_private_key,
208 smp_send_pair_public_key,
209 smp_process_pairing_public_key,
210 smp_both_have_public_keys,
211 smp_start_secure_connection_phase1,
212 smp_process_local_nonce,
213 smp_send_commitment,
214 smp_process_pairing_commitment,
215 smp_process_peer_nonce,
216 smp_calculate_local_dhkey_check,
217 smp_send_dhkey_check,
218 smp_process_dhkey_check,
219 smp_calculate_peer_dhkey_check,
220 smp_match_dhkey_checks,
221 smp_calculate_numeric_comparison_display_number,
222 smp_move_to_secure_connections_phase2,
223 smp_phase_2_dhkey_checks_are_present,
224 smp_wait_for_both_public_keys,
225 smp_start_passkey_verification,
226 smp_send_keypress_notification,
227 smp_process_keypress_notification,
228 smp_process_secure_connection_oob_data,
229 smp_set_local_oob_keys,
230 smp_set_local_oob_random_commitment,
231 smp_idle_terminate};
232
233 /************ SMP Central FSM State/Event Indirection Table **************/
234 static const uint8_t smp_central_entry_map[][SMP_STATE_MAX] = {
235 /* state name: */
236 /* Idle, WaitApp Rsp, SecReq Pend, Pair ReqRsp, Wait Cfm,
237 Confirm, Rand, PublKey Exch, SCPhs1 Strt, Wait Cmtm, Wait Nonce,
238 SCPhs2 Strt, Wait DHKChk, DHKChk, Enc Pend, Bond Pend, CrLocSc OobData
239 */
240 /* PAIR_REQ */
241 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
242 /* PAIR_RSP */
243 {0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
244 /* CONFIRM */
245 {0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
246 /* RAND */
247 {0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0},
248 /* PAIR_FAIL */
249 {0, 0x81, 0, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0, 0x81, 0},
250 /* ENC_INFO */
251 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0},
252 /* CENTRAL_ID */
253 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4, 0},
254 /* ID_INFO */
255 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0},
256 /* ID_ADDR */
257 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5, 0},
258 /* SIGN_INFO */
259 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0},
260 /* SEC_REQ */
261 {2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
262 /* PAIR_PUBLIC_KEY */
263 {0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0},
264 /* PAIR_DHKEY_CHCK */
265 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0},
266 /* PAIR_KEYPR_NOTIF */
267 {0, 8, 0, 0, 0, 0, 0, 0, 5, 2, 0, 0, 0, 0, 0, 0, 0},
268 /* PAIR_COMMITM */
269 {0, 0, 0, 0, 0, 0, 0, 0, 6, 1, 0, 0, 0, 0, 0, 0, 0},
270 /* KEY_READY */
271 {0, 3, 0, 3, 1, 0, 2, 0, 4, 0, 0, 0, 0, 0, 1, 6, 0},
272 /* ENC_CMPL */
273 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0},
274 /* L2C_CONN */
275 {1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
276 /* L2C_DISC */
277 {3, 0x83, 0, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83,
278 0},
279 /* IO_RSP */
280 {0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
281 /* SEC_GRANT */
282 {0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
283 /* TK_REQ */
284 {0, 0, 0, 2, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 0},
285 /* AUTH_CMPL */
286 {4, 0x82, 0, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 7, 0},
287 /* ENC_REQ */
288 {0, 4, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0},
289 /* BOND_REQ */
290 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0, 0},
291 /* DISCARD_SEC_REQ */
292 {0, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0, 0},
293 /* PUBL_KEY_EXCH_REQ */
294 {0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
295 /* LOC_PUBL_KEY_CRTD */
296 {0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1},
297 /* BOTH_PUBL_KEYS_RCVD */
298 {0, 0, 0, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 0, 0},
299 /* SC_DHKEY_CMPLT */
300 {0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0},
301 /* HAVE_LOC_NONCE */
302 {0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 2},
303 /* SC_PHASE1_CMPLT */
304 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0},
305 /* SC_CALC_NC */
306 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0},
307 /* SC_DSPL_NC */
308 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0},
309 /* SC_NC_OK */
310 {0, 6, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
311 /* SC_2_DHCK_CHKS_PRES */
312 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
313 /* SC_KEY_READY */
314 {0, 7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0},
315 /* KEYPR_NOTIF */
316 {0, 9, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
317 /* SC_OOB_DATA */
318 {0, 10, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
319 /* CR_LOC_SC_OOB_DATA */
320 {5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
321 /* SIRK_VERIFY */
322 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x82, 0},
323 };
324
325 static const uint8_t smp_all_table[][SMP_SM_NUM_COLS] = {
326 /* Event Action Next State */
327 /* PAIR_FAIL */
328 {SMP_PROC_PAIR_FAIL, SMP_PAIRING_CMPL, SMP_STATE_IDLE},
329 /* AUTH_CMPL */
330 {SMP_SEND_PAIR_FAIL, SMP_PAIRING_CMPL, SMP_STATE_IDLE},
331 /* L2C_DISC */
332 {SMP_PAIR_TERMINATE, SMP_SM_NO_ACTION, SMP_STATE_IDLE},
333 };
334
335 static const uint8_t smp_central_idle_table[][SMP_SM_NUM_COLS] = {
336 /* Event Action Next State */
337 /* L2C_CONN */
338 {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
339 /* SEC_REQ */
340 {SMP_PROC_SEC_REQ, SMP_SEND_APP_CBACK, SMP_STATE_WAIT_APP_RSP},
341 /* L2C_DISC */
342 {SMP_IDLE_TERMINATE, SMP_SM_NO_ACTION, SMP_STATE_IDLE},
343 /* AUTH_CMPL */
344 {SMP_PAIRING_CMPL, SMP_SM_NO_ACTION, SMP_STATE_IDLE},
345 /* CR_LOC_SC_OOB_DATA */
346 {SMP_CREATE_PRIVATE_KEY, SMP_SM_NO_ACTION, SMP_STATE_CREATE_LOCAL_SEC_CONN_OOB_DATA},
347 };
348
349 static const uint8_t smp_central_wait_for_app_response_table[][SMP_SM_NUM_COLS] = {
350 /* Event Action Next State */
351 /* SEC_GRANT */
352 {SMP_PROC_SEC_GRANT, SMP_SEND_APP_CBACK, SMP_STATE_WAIT_APP_RSP},
353 /* IO_RSP */
354 {SMP_SEND_PAIR_REQ, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
355
356 /* TK ready */
357 /* KEY_READY */
358 {SMP_GENERATE_CONFIRM, SMP_SM_NO_ACTION, SMP_STATE_WAIT_CONFIRM},
359
360 /* start enc mode setup */
361 /* ENC_REQ */
362 {SMP_START_ENC, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
363 /* DISCARD_SEC_REQ */
364 {SMP_PROC_DISCARD, SMP_SM_NO_ACTION, SMP_STATE_IDLE}
365 /* user confirms NC 'OK', i.e. phase 1 is completed */
366 /* SC_NC_OK */,
367 {SMP_MOVE_TO_SEC_CONN_PHASE2, SMP_SM_NO_ACTION, SMP_STATE_SEC_CONN_PHS2_START},
368 /* user-provided passkey is rcvd */
369 /* SC_KEY_READY */
370 {SMP_START_PASSKEY_VERIFICATION, SMP_SM_NO_ACTION, SMP_STATE_SEC_CONN_PHS1_START},
371 /* PAIR_KEYPR_NOTIF */
372 {SMP_PROCESS_KEYPRESS_NOTIFICATION, SMP_SEND_APP_CBACK, SMP_STATE_WAIT_APP_RSP},
373 /* KEYPR_NOTIF */
374 {SMP_SEND_KEYPRESS_NOTIFICATION, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
375 /* SC_OOB_DATA */
376 {SMP_USE_OOB_PRIVATE_KEY, SMP_SM_NO_ACTION, SMP_STATE_PUBLIC_KEY_EXCH},
377 };
378
379 static const uint8_t smp_central_pair_request_response_table[][SMP_SM_NUM_COLS] = {
380 /* Event Action Next State */
381 /* PAIR_RSP */
382 {SMP_PROC_PAIR_CMD, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
383 /* TK_REQ */
384 {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
385
386 /* TK ready */
387 /* KEY_READY */
388 {SMP_GENERATE_CONFIRM, SMP_SM_NO_ACTION, SMP_STATE_WAIT_CONFIRM}
389 /* PUBL_KEY_EXCH_REQ */,
390 {SMP_CREATE_PRIVATE_KEY, SMP_SM_NO_ACTION, SMP_STATE_PUBLIC_KEY_EXCH},
391 };
392
393 static const uint8_t smp_central_wait_for_confirm_table[][SMP_SM_NUM_COLS] = {
394 /* Event Action Next State */
395 /* KEY_READY*/
396 /* CONFIRM ready */
397 {SMP_SEND_CONFIRM, SMP_SM_NO_ACTION, SMP_STATE_CONFIRM},
398 };
399
400 static const uint8_t smp_central_confirm_table[][SMP_SM_NUM_COLS] = {
401 /* Event Action Next State */
402 /* CONFIRM */
403 {SMP_PROC_CONFIRM, SMP_SEND_RAND, SMP_STATE_RAND},
404 };
405
406 static const uint8_t smp_central_rand_table[][SMP_SM_NUM_COLS] = {
407 /* Event Action Next State */
408 /* RAND */
409 {SMP_PROC_RAND, SMP_GENERATE_COMPARE, SMP_STATE_RAND},
410 /* KEY_READY */
411 {SMP_PROC_COMPARE, SMP_SM_NO_ACTION, SMP_STATE_RAND}, /* Compare ready */
412 /* ENC_REQ */
413 {SMP_GENERATE_STK, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
414 };
415
416 static const uint8_t smp_central_public_key_exchange_table[][SMP_SM_NUM_COLS] = {
417 /* Event Action Next State */
418 /* LOC_PUBL_KEY_CRTD */
419 {SMP_SEND_PAIR_PUBLIC_KEY, SMP_SM_NO_ACTION, SMP_STATE_PUBLIC_KEY_EXCH},
420 /* PAIR_PUBLIC_KEY */
421 {SMP_PROCESS_PAIR_PUBLIC_KEY, SMP_SM_NO_ACTION, SMP_STATE_PUBLIC_KEY_EXCH},
422 /* BOTH_PUBL_KEYS_RCVD */
423 {SMP_HAVE_BOTH_PUBLIC_KEYS, SMP_SM_NO_ACTION, SMP_STATE_SEC_CONN_PHS1_START},
424 };
425
426 static const uint8_t smp_central_sec_conn_phs1_start_table[][SMP_SM_NUM_COLS] = {
427 /* Event Action Next State */
428 /* SC_DHKEY_CMPLT */
429 {SMP_START_SEC_CONN_PHASE1, SMP_SM_NO_ACTION, SMP_STATE_SEC_CONN_PHS1_START},
430 /* HAVE_LOC_NONCE */
431 {SMP_PROCESS_LOCAL_NONCE, SMP_SM_NO_ACTION, SMP_STATE_WAIT_COMMITMENT},
432 /* TK_REQ */
433 {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
434 /* SMP_MODEL_SEC_CONN_PASSKEY_DISP model, passkey is sent up to
435 display,*/
436 /* It's time to start commitment calculation */
437 /* KEY_READY */
438 {SMP_START_PASSKEY_VERIFICATION, SMP_SM_NO_ACTION, SMP_STATE_SEC_CONN_PHS1_START},
439 /* PAIR_KEYPR_NOTIF */
440 {SMP_PROCESS_KEYPRESS_NOTIFICATION, SMP_SEND_APP_CBACK, SMP_STATE_SEC_CONN_PHS1_START},
441 /* PAIR_COMMITM */
442 {SMP_PROCESS_PAIRING_COMMITMENT, SMP_SM_NO_ACTION, SMP_STATE_SEC_CONN_PHS1_START},
443 };
444
445 static const uint8_t smp_central_wait_commitment_table[][SMP_SM_NUM_COLS] = {
446 /* Event Action Next State */
447 /* PAIR_COMMITM */
448 {SMP_PROCESS_PAIRING_COMMITMENT, SMP_SEND_RAND, SMP_STATE_WAIT_NONCE},
449 /* PAIR_KEYPR_NOTIF */
450 {SMP_PROCESS_KEYPRESS_NOTIFICATION, SMP_SEND_APP_CBACK, SMP_STATE_WAIT_COMMITMENT},
451 };
452
453 static const uint8_t smp_central_wait_nonce_table[][SMP_SM_NUM_COLS] = {
454 /* Event Action Next State */
455 /* peer nonce is received */
456 /* RAND */
457 {SMP_PROC_RAND, SMP_PROCESS_PEER_NONCE, SMP_STATE_SEC_CONN_PHS2_START},
458 /* NC model, time to calculate number for NC */
459 /* SC_CALC_NC */
460 {SMP_CALCULATE_NUMERIC_COMPARISON_DISPLAY_NUMBER, SMP_SM_NO_ACTION, SMP_STATE_WAIT_NONCE},
461 /* NC model, time to display calculated number for NC to the user */
462 /* SC_DSPL_NC */
463 {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
464 };
465
466 static const uint8_t smp_central_sec_conn_phs2_start_table[][SMP_SM_NUM_COLS] = {
467 /* Event Action Next State */
468 /* SC_PHASE1_CMPLT */
469 {SMP_CALCULATE_LOCAL_DHKEY_CHECK, SMP_SEND_DHKEY_CHECK, SMP_STATE_WAIT_DHK_CHECK},
470 };
471
472 static const uint8_t smp_central_wait_dhk_check_table[][SMP_SM_NUM_COLS] = {
473 /* Event Action Next State */
474 /* PAIR_DHKEY_CHCK */
475 {SMP_PROCESS_DHKEY_CHECK, SMP_CALCULATE_PEER_DHKEY_CHECK, SMP_STATE_DHK_CHECK},
476 };
477
478 static const uint8_t smp_central_dhk_check_table[][SMP_SM_NUM_COLS] = {
479 /* Event Action Next State */
480 /* locally calculated peer dhkey check is ready -> compare it withs DHKey
481 * Check
482 * actually received from peer */
483 /* SC_KEY_READY */
484 {SMP_MATCH_DHKEY_CHECKS, SMP_SM_NO_ACTION, SMP_STATE_DHK_CHECK},
485 /* locally calculated peer dhkey check is ready -> calculate STK, go to
486 * sending
487 */
488 /* HCI LE Start Encryption command */
489 /* ENC_REQ */
490 {SMP_GENERATE_STK, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
491 };
492
493 static const uint8_t smp_central_enc_pending_table[][SMP_SM_NUM_COLS] = {
494 /* Event Action Next State */
495 /* STK ready */
496 /* KEY_READY */
497 {SMP_START_ENC, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
498 /* ENCRYPTED */
499 {SMP_CHECK_AUTH_REQ, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
500 /* BOND_REQ */
501 {SMP_KEY_DISTRIBUTE, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
502 };
503
504 static const uint8_t smp_central_bond_pending_table[][SMP_SM_NUM_COLS] = {
505 /* Event Action Next State */
506 /* ENC_INFO */
507 {SMP_PROC_ENC_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
508 /* ID_INFO */
509 {SMP_PROC_ID_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
510 /* SIGN_INFO */
511 {SMP_PROC_SRK_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
512 /* CENTRAL_ID */
513 {SMP_PROC_CENTRAL_ID, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
514 /* ID_ADDR */
515 {SMP_PROC_ID_ADDR, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
516 /* KEY_READY */
517 /* LTK ready */
518 {SMP_SEND_ENC_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
519 /* AUTH_CMPL */
520 {SMP_SIRK_VERIFY, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
521 };
522
523 static const uint8_t smp_central_create_local_sec_conn_oob_data[][SMP_SM_NUM_COLS] = {
524 /* Event Action Next State */
525 /* LOC_PUBL_KEY_CRTD */
526 {SMP_SET_LOCAL_OOB_KEYS, SMP_SM_NO_ACTION, SMP_STATE_CREATE_LOCAL_SEC_CONN_OOB_DATA},
527 /* HAVE_LOC_NONCE */
528 {SMP_SET_LOCAL_OOB_RAND_COMMITMENT, SMP_SM_NO_ACTION, SMP_STATE_IDLE},
529 };
530
531 /************ SMP Peripheral FSM State/Event Indirection Table **************/
532 static const uint8_t smp_peripheral_entry_map[][SMP_STATE_MAX] = {
533 /* state name: */
534 /* Idle, WaitApp Rsp, SecReq Pend, Pair ReqRsp, Wait Cfm, Confirm, Rand,
535 PublKey Exch, SCPhs1 Strt, Wait Cmtm, Wait Nonce, SCPhs2 Strt, Wait
536 DHKChk, DHKChk, Enc Pend, Bond Pend, CrLocSc OobData */
537 /* PAIR_REQ */
538 {2, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
539 /* PAIR_RSP */
540 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
541 /* CONFIRM */
542 {0, 4, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
543 /* RAND */
544 {0, 0, 0, 0, 0, 1, 2, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0},
545 /* PAIR_FAIL */
546 {0, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0x81, 0,
547 0},
548 /* ENC_INFO */
549 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0},
550 /* CENTRAL_ID */
551 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5, 0},
552 /* ID_INFO */
553 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4, 0},
554 /* ID_ADDR */
555 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 6, 0},
556 /* SIGN_INFO */
557 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0},
558 /* SEC_REQ */
559 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
560 /* PAIR_PUBLIC_KEY */
561 {0, 0, 0, 5, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0},
562 /* PAIR_DHKEY_CHCK */
563 {0, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 1, 2, 0, 0, 0},
564 /* PAIR_KEYPR_NOTIF */
565 {0, 9, 0, 0, 0, 0, 0, 0, 5, 2, 0, 0, 0, 0, 0, 0, 0},
566 /* PAIR_COMMITM */
567 {0, 8, 0, 0, 0, 0, 0, 0, 6, 1, 0, 0, 0, 0, 0, 0, 0},
568 /* KEY_READY */
569 {0, 3, 0, 3, 2, 2, 1, 0, 4, 0, 0, 0, 0, 0, 2, 1, 0},
570 /* ENC_CMPL */
571 {0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0, 0},
572 /* L2C_CONN */
573 {1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
574 /* L2C_DISC */
575 {0, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83, 0x83,
576 0x83, 0},
577 /* IO_RSP */
578 {0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
579 /* SEC_GRANT */
580 {0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
581 /* TK_REQ */
582 {0, 0, 0, 2, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 0},
583 /* AUTH_CMPL */
584 {0, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82, 0x82,
585 0x82, 0},
586 /* ENC_REQ */
587 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0},
588 /* BOND_REQ */
589 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4, 0, 1},
590 /* DISCARD_SEC_REQ */
591 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
592 /* PUBL_KEY_EXCH_REQ */
593 {0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
594 /* LOC_PUBL_KEY_CRTD */
595 {0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 1},
596 /* BOTH_PUBL_KEYS_RCVD */
597 {0, 0, 0, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 0, 0},
598 /* SC_DHKEY_CMPLT */
599 {0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0},
600 /* HAVE_LOC_NONCE */
601 {0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 2},
602 /* SC_PHASE1_CMPLT */
603 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0},
604 /* SC_CALC_NC */
605 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0},
606 /* SC_DSPL_NC */
607 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0},
608 /* SC_NC_OK */
609 {0, 6, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
610 /* SC_2_DHCK_CHKS_PRES */
611 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0, 0},
612 /* SC_KEY_READY */
613 {0, 7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0},
614 /* KEYPR_NOTIF */
615 {0, 10, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
616 /* SC_OOB_DATA */
617 {0, 11, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
618 /* CR_LOC_SC_OOB_DATA */
619 {3, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
620 /* SIRK_VERIFY */
621 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
622 };
623
624 static const uint8_t smp_peripheral_idle_table[][SMP_SM_NUM_COLS] = {
625 /* Event Action Next State */
626 /* L2C_CONN */
627 {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
628 /* PAIR_REQ */
629 {SMP_PROC_PAIR_CMD, SMP_SEND_APP_CBACK, SMP_STATE_WAIT_APP_RSP},
630 /* CR_LOC_SC_OOB_DATA */
631 {SMP_CREATE_PRIVATE_KEY, SMP_SM_NO_ACTION, SMP_STATE_CREATE_LOCAL_SEC_CONN_OOB_DATA},
632 };
633
634 static const uint8_t smp_peripheral_wait_for_app_response_table[][SMP_SM_NUM_COLS] = {
635 /* Event Action Next State */
636 /* IO_RSP */
637 {SMP_PROC_IO_RSP, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
638 /* SEC_GRANT */
639 {SMP_PROC_SEC_GRANT, SMP_SEND_APP_CBACK, SMP_STATE_WAIT_APP_RSP},
640
641 /* TK ready */
642 /* KEY_READY */
643 {SMP_PROC_SL_KEY, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
644 /* CONFIRM */
645 {SMP_PROC_CONFIRM, SMP_SM_NO_ACTION, SMP_STATE_CONFIRM},
646 /* DHKey Check from central is received before phase 1 is completed -
647 race */
648 /* PAIR_DHKEY_CHCK */
649 {SMP_PROCESS_DHKEY_CHECK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
650 /* user confirms NC 'OK', i.e. phase 1 is completed */
651 /* SC_NC_OK */
652 {SMP_MOVE_TO_SEC_CONN_PHASE2, SMP_SM_NO_ACTION, SMP_STATE_SEC_CONN_PHS2_START},
653 /* user-provided passkey is rcvd */
654 /* SC_KEY_READY */
655 {SMP_START_PASSKEY_VERIFICATION, SMP_SM_NO_ACTION, SMP_STATE_SEC_CONN_PHS1_START},
656 /* PAIR_COMMITM */
657 {SMP_PROCESS_PAIRING_COMMITMENT, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
658 /* PAIR_KEYPR_NOTIF */
659 {SMP_PROCESS_KEYPRESS_NOTIFICATION, SMP_SEND_APP_CBACK, SMP_STATE_WAIT_APP_RSP},
660 /* KEYPR_NOTIF */
661 {SMP_SEND_KEYPRESS_NOTIFICATION, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
662 /* SC_OOB_DATA */
663 {SMP_SEND_PAIR_RSP, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
664 };
665
666 static const uint8_t smp_peripheral_sec_request_table[][SMP_SM_NUM_COLS] = {
667 /* Event Action Next State */
668 /* PAIR_REQ */
669 {SMP_PROC_PAIR_CMD, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
670 /* ENCRYPTED*/
671 {SMP_ENC_CMPL, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
672 };
673
674 static const uint8_t smp_peripheral_pair_request_response_table[][SMP_SM_NUM_COLS] = {
675 /* Event Action Next State */
676 /* CONFIRM */
677 {SMP_PROC_CONFIRM, SMP_SM_NO_ACTION, SMP_STATE_CONFIRM},
678 /* TK_REQ */
679 {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
680
681 /* TK/Confirm ready */
682 /* KEY_READY */
683 {SMP_PROC_SL_KEY, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
684 /* PUBL_KEY_EXCH_REQ */
685 {SMP_CREATE_PRIVATE_KEY, SMP_SM_NO_ACTION, SMP_STATE_PUBLIC_KEY_EXCH},
686 /* PAIR_PUBLIC_KEY */
687 {SMP_PROCESS_PAIR_PUBLIC_KEY, SMP_SM_NO_ACTION, SMP_STATE_PAIR_REQ_RSP},
688 };
689
690 static const uint8_t smp_peripheral_wait_confirm_table[][SMP_SM_NUM_COLS] = {
691 /* Event Action Next State */
692 /* CONFIRM */
693 {SMP_PROC_CONFIRM, SMP_SEND_CONFIRM, SMP_STATE_CONFIRM},
694 /* KEY_READY*/
695 {SMP_PROC_SL_KEY, SMP_SM_NO_ACTION, SMP_STATE_WAIT_CONFIRM},
696 };
697
698 static const uint8_t smp_peripheral_confirm_table[][SMP_SM_NUM_COLS] = {
699 /* Event Action Next State */
700 /* RAND */
701 {SMP_PROC_RAND, SMP_GENERATE_COMPARE, SMP_STATE_RAND},
702
703 /* TK/Confirm ready */
704 /* KEY_READY*/
705 {SMP_PROC_SL_KEY, SMP_SM_NO_ACTION, SMP_STATE_CONFIRM},
706 };
707
708 static const uint8_t smp_peripheral_rand_table[][SMP_SM_NUM_COLS] = {
709 /* Event Action Next State */
710 /* KEY_READY */
711 {SMP_PROC_COMPARE, SMP_SM_NO_ACTION, SMP_STATE_RAND}, /* compare match */
712 /* RAND */
713 {SMP_SEND_RAND, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
714 };
715
716 static const uint8_t smp_peripheral_public_key_exch_table[][SMP_SM_NUM_COLS] = {
717 /* Event Action Next State */
718 /* LOC_PUBL_KEY_CRTD */
719 {SMP_WAIT_FOR_BOTH_PUBLIC_KEYS, SMP_SM_NO_ACTION, SMP_STATE_PUBLIC_KEY_EXCH},
720 /* PAIR_PUBLIC_KEY */
721 {SMP_PROCESS_PAIR_PUBLIC_KEY, SMP_SM_NO_ACTION, SMP_STATE_PUBLIC_KEY_EXCH},
722 /* BOTH_PUBL_KEYS_RCVD */
723 {SMP_HAVE_BOTH_PUBLIC_KEYS, SMP_SM_NO_ACTION, SMP_STATE_SEC_CONN_PHS1_START},
724 };
725
726 static const uint8_t smp_peripheral_sec_conn_phs1_start_table[][SMP_SM_NUM_COLS] = {
727 /* Event Action Next State */
728 /* SC_DHKEY_CMPLT */
729 {SMP_START_SEC_CONN_PHASE1, SMP_SM_NO_ACTION, SMP_STATE_SEC_CONN_PHS1_START},
730 /* HAVE_LOC_NONCE */
731 {SMP_PROCESS_LOCAL_NONCE, SMP_SM_NO_ACTION, SMP_STATE_WAIT_COMMITMENT},
732 /* TK_REQ */
733 {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
734 /* SMP_MODEL_SEC_CONN_PASSKEY_DISP model, passkey is sent up to display,
735 * it's
736 * time to start */
737 /* commitment calculation */
738 /* KEY_READY */
739 {SMP_START_PASSKEY_VERIFICATION, SMP_SM_NO_ACTION, SMP_STATE_SEC_CONN_PHS1_START},
740 /* PAIR_KEYPR_NOTIF */
741 {SMP_PROCESS_KEYPRESS_NOTIFICATION, SMP_SEND_APP_CBACK, SMP_STATE_SEC_CONN_PHS1_START},
742 /*COMMIT*/
743 {SMP_PROCESS_PAIRING_COMMITMENT, SMP_SM_NO_ACTION, SMP_STATE_SEC_CONN_PHS1_START},
744 };
745
746 static const uint8_t smp_peripheral_wait_commitment_table[][SMP_SM_NUM_COLS] = {
747 /* Event Action Next State */
748 /* PAIR_COMMITM */
749 {SMP_PROCESS_PAIRING_COMMITMENT, SMP_SEND_COMMITMENT, SMP_STATE_WAIT_NONCE},
750 /* PAIR_KEYPR_NOTIF */
751 {SMP_PROCESS_KEYPRESS_NOTIFICATION, SMP_SEND_APP_CBACK, SMP_STATE_WAIT_COMMITMENT},
752 };
753
754 static const uint8_t smp_peripheral_wait_nonce_table[][SMP_SM_NUM_COLS] = {
755 /* Event Action Next State */
756 /* peer nonce is received */
757 /* RAND */
758 {SMP_PROC_RAND, SMP_PROCESS_PEER_NONCE, SMP_STATE_SEC_CONN_PHS2_START},
759 /* NC model, time to calculate number for NC */
760 /* SC_CALC_NC */
761 {SMP_CALCULATE_NUMERIC_COMPARISON_DISPLAY_NUMBER, SMP_SM_NO_ACTION, SMP_STATE_WAIT_NONCE},
762 /* NC model, time to display calculated number for NC to the user */
763 /* SC_DSPL_NC */
764 {SMP_SEND_APP_CBACK, SMP_SM_NO_ACTION, SMP_STATE_WAIT_APP_RSP},
765 };
766
767 static const uint8_t smp_peripheral_sec_conn_phs2_start_table[][SMP_SM_NUM_COLS] = {
768 /* Event Action Next State */
769 /* SC_PHASE1_CMPLT */
770 {SMP_CALCULATE_LOCAL_DHKEY_CHECK, SMP_PH2_DHKEY_CHECKS_ARE_PRESENT,
771 SMP_STATE_WAIT_DHK_CHECK},
772 /* DHKey Check from central is received before peripheral DHKey
773 * calculation is completed - race */
774 /* PAIR_DHKEY_CHCK */
775 {SMP_PROCESS_DHKEY_CHECK, SMP_SM_NO_ACTION, SMP_STATE_SEC_CONN_PHS2_START},
776 };
777
778 static const uint8_t smp_peripheral_wait_dhk_check_table[][SMP_SM_NUM_COLS] = {
779 /* Event Action Next State */
780 /* PAIR_DHKEY_CHCK */
781 {SMP_PROCESS_DHKEY_CHECK, SMP_CALCULATE_PEER_DHKEY_CHECK, SMP_STATE_DHK_CHECK},
782 /* DHKey Check from central was received before peripheral came to this
783 state */
784 /* SC_2_DHCK_CHKS_PRES */
785 {SMP_CALCULATE_PEER_DHKEY_CHECK, SMP_SM_NO_ACTION, SMP_STATE_DHK_CHECK},
786 };
787
788 static const uint8_t smp_peripheral_dhk_check_table[][SMP_SM_NUM_COLS] = {
789 /* Event Action Next State */
790
791 /* locally calculated peer dhkey check is ready -> compare it withs DHKey
792 * Check
793 */
794 /* actually received from peer */
795 /* SC_KEY_READY */
796 {SMP_MATCH_DHKEY_CHECKS, SMP_SM_NO_ACTION, SMP_STATE_DHK_CHECK},
797
798 /* dhkey checks match -> send local dhkey check to central, go to wait for
799 * HCI LE
800 */
801 /* Long Term Key Request Event */
802 /* PAIR_DHKEY_CHCK */
803 {SMP_SEND_DHKEY_CHECK, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
804 };
805
806 static const uint8_t smp_peripheral_enc_pending_table[][SMP_SM_NUM_COLS] = {
807 /* Event Action Next State */
808 /* ENC_REQ */
809 {SMP_GENERATE_STK, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
810
811 /* STK ready */
812 /* KEY_READY */
813 {SMP_SEND_LTK_REPLY, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
814 /* ENCRYPTED */
815 {SMP_CHECK_AUTH_REQ, SMP_SM_NO_ACTION, SMP_STATE_ENCRYPTION_PENDING},
816 /* BOND_REQ */
817 {SMP_KEY_DISTRIBUTE, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
818 };
819
820 static const uint8_t smp_peripheral_bond_pending_table[][SMP_SM_NUM_COLS] = {
821 /* Event Action Next State */
822
823 /* LTK ready */
824 /* KEY_READY */
825 {SMP_SEND_ENC_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
826
827 /* rev SRK */
828 /* SIGN_INFO */
829 {SMP_PROC_SRK_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
830 /* ENC_INFO */
831 {SMP_PROC_ENC_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
832 /* ID_INFO */
833 {SMP_PROC_ID_INFO, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
834 /* CENTRAL_ID*/
835 {SMP_PROC_CENTRAL_ID, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
836 /* ID_ADDR */
837 {SMP_PROC_ID_ADDR, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
838 /* AUTH_CMPL */
839 {SMP_SIRK_VERIFY, SMP_SM_NO_ACTION, SMP_STATE_BOND_PENDING},
840 };
841
842 static const uint8_t smp_peripheral_create_local_sec_conn_oob_data[][SMP_SM_NUM_COLS] = {
843 /* Event Action Next State */
844 /* LOC_PUBL_KEY_CRTD */
845 {SMP_SET_LOCAL_OOB_KEYS, SMP_SM_NO_ACTION, SMP_STATE_CREATE_LOCAL_SEC_CONN_OOB_DATA},
846 /* HAVE_LOC_NONCE */
847 {SMP_SET_LOCAL_OOB_RAND_COMMITMENT, SMP_SM_NO_ACTION, SMP_STATE_IDLE},
848 };
849
850 static const tSMP_SM_TBL smp_state_table[][2] = {
851 /* SMP_STATE_IDLE */
852 {smp_central_idle_table, smp_peripheral_idle_table},
853
854 /* SMP_STATE_WAIT_APP_RSP */
855 {smp_central_wait_for_app_response_table, smp_peripheral_wait_for_app_response_table},
856
857 /* SMP_STATE_SEC_REQ_PENDING */
858 {NULL, smp_peripheral_sec_request_table},
859
860 /* SMP_STATE_PAIR_REQ_RSP */
861 {smp_central_pair_request_response_table, smp_peripheral_pair_request_response_table},
862
863 /* SMP_STATE_WAIT_CONFIRM */
864 {smp_central_wait_for_confirm_table, smp_peripheral_wait_confirm_table},
865
866 /* SMP_STATE_CONFIRM */
867 {smp_central_confirm_table, smp_peripheral_confirm_table},
868
869 /* SMP_STATE_RAND */
870 {smp_central_rand_table, smp_peripheral_rand_table},
871
872 /* SMP_STATE_PUBLIC_KEY_EXCH */
873 {smp_central_public_key_exchange_table, smp_peripheral_public_key_exch_table},
874
875 /* SMP_STATE_SEC_CONN_PHS1_START */
876 {smp_central_sec_conn_phs1_start_table, smp_peripheral_sec_conn_phs1_start_table},
877
878 /* SMP_STATE_WAIT_COMMITMENT */
879 {smp_central_wait_commitment_table, smp_peripheral_wait_commitment_table},
880
881 /* SMP_STATE_WAIT_NONCE */
882 {smp_central_wait_nonce_table, smp_peripheral_wait_nonce_table},
883
884 /* SMP_STATE_SEC_CONN_PHS2_START */
885 {smp_central_sec_conn_phs2_start_table, smp_peripheral_sec_conn_phs2_start_table},
886
887 /* SMP_STATE_WAIT_DHK_CHECK */
888 {smp_central_wait_dhk_check_table, smp_peripheral_wait_dhk_check_table},
889
890 /* SMP_STATE_DHK_CHECK */
891 {smp_central_dhk_check_table, smp_peripheral_dhk_check_table},
892
893 /* SMP_STATE_ENCRYPTION_PENDING */
894 {smp_central_enc_pending_table, smp_peripheral_enc_pending_table},
895
896 /* SMP_STATE_BOND_PENDING */
897 {smp_central_bond_pending_table, smp_peripheral_bond_pending_table},
898
899 /* SMP_STATE_CREATE_LOCAL_SEC_CONN_OOB_DATA */
900 {smp_central_create_local_sec_conn_oob_data, smp_peripheral_create_local_sec_conn_oob_data},
901 };
902
903 typedef const uint8_t (*tSMP_ENTRY_TBL)[SMP_STATE_MAX];
904 static const tSMP_ENTRY_TBL smp_entry_table[] = {smp_central_entry_map, smp_peripheral_entry_map};
905
906 tSMP_CB smp_cb;
907
908 #define SMP_ALL_TBL_MASK 0x80
909
910 /*******************************************************************************
911 * Function smp_set_state
912 * Returns None
913 ******************************************************************************/
smp_set_state(tSMP_STATE state)914 void smp_set_state(tSMP_STATE state) {
915 if (state < SMP_STATE_MAX) {
916 log::debug("State change: {}({})==>{}({})", smp_get_state_name(smp_cb.state), smp_cb.state,
917 smp_get_state_name(state), state);
918 if (smp_cb.state != state) {
919 BTM_LogHistory(kBtmLogTag, smp_cb.pairing_ble_bd_addr, "Security state changed",
920 base::StringPrintf("%s => %s", smp_get_state_name(smp_cb.state),
921 smp_get_state_name(state)));
922 }
923 smp_cb.state = state;
924 } else {
925 log::error("invalid state={}", state);
926 }
927 }
928
929 /*******************************************************************************
930 * Function smp_get_state
931 * Returns The smp state
932 ******************************************************************************/
smp_get_state(void)933 tSMP_STATE smp_get_state(void) { return smp_cb.state; }
934
935 /*******************************************************************************
936 *
937 * Function smp_sm_event
938 *
939 * Description Handle events to the state machine. It looks up the entry
940 * in the smp_entry_table array.
941 * If it is a valid entry, it gets the state table. Set the next
942 * state, if not NULL state. Execute the action function according
943 * to the state table. If the state returned by action function is
944 * not NULL state, adjust the new state to the returned state. If
945 * (api_evt != MAX), call callback function.
946 *
947 * Returns true if the event is executed and a state transition can be
948 * expected, false if the event is ignored, state is invalid, or
949 * the role is invalid for the control block.
950 *
951 ******************************************************************************/
smp_sm_event(tSMP_CB * p_cb,tSMP_EVENT event,tSMP_INT_DATA * p_data)952 bool smp_sm_event(tSMP_CB* p_cb, tSMP_EVENT event, tSMP_INT_DATA* p_data) {
953 uint8_t curr_state = p_cb->state;
954 tSMP_SM_TBL state_table;
955 uint8_t action, entry, i;
956
957 log::debug("addr:{}", p_cb->pairing_bda);
958 if (p_cb->role >= 2) {
959 log::error("Invalid role:{}", p_cb->role);
960 return false;
961 }
962
963 tSMP_ENTRY_TBL entry_table = smp_entry_table[p_cb->role];
964
965 if (curr_state >= SMP_STATE_MAX) {
966 log::error("Invalid state:{}", curr_state);
967 return false;
968 }
969
970 log::debug("Role:{}, State:[{}({})], Event:[{}({})]", hci_role_text(p_cb->role),
971 smp_get_state_name(p_cb->state), p_cb->state, smp_get_event_name(event), event);
972
973 /* look up the state table for the current state */
974 /* lookup entry /w event & curr_state */
975 /* If entry is ignore, return.
976 * Otherwise, get state table (according to curr_state or all_state) */
977 if ((event <= SMP_MAX_EVT) && ((entry = entry_table[event - 1][curr_state]) != SMP_SM_IGNORE)) {
978 if (entry & SMP_ALL_TBL_MASK) {
979 entry &= ~SMP_ALL_TBL_MASK;
980 state_table = smp_all_table;
981 } else {
982 state_table = smp_state_table[curr_state][p_cb->role];
983 }
984 } else {
985 log::warn("Ignore event[{}({})] in state[{}({})]", smp_get_event_name(event), event,
986 smp_get_state_name(curr_state), curr_state);
987 return false;
988 }
989
990 /* Get possible next state from state table. */
991 smp_set_state(state_table[entry - 1][SMP_SME_NEXT_STATE]);
992
993 /* If action is not ignore, clear param, exec action and get next state.
994 * The action function may set the Param for cback.
995 * Depending on param, call cback or free buffer. */
996 /* execute action */
997 /* execute action functions */
998 for (i = 0; i < SMP_NUM_ACTIONS; i++) {
999 action = state_table[entry - 1][i];
1000 if (action != SMP_SM_NO_ACTION) {
1001 (*smp_sm_action[action])(p_cb, p_data);
1002 } else {
1003 break;
1004 }
1005 }
1006 log::debug("result state={}", smp_get_state_name(p_cb->state));
1007 return true;
1008 }
1009
1010 /*******************************************************************************
1011 * Function smp_get_state_name
1012 * Returns The smp state name.
1013 ******************************************************************************/
smp_get_state_name(tSMP_STATE state)1014 const char* smp_get_state_name(tSMP_STATE state) {
1015 const char* p_str = smp_state_name[SMP_STATE_MAX];
1016
1017 if (state < SMP_STATE_MAX) {
1018 p_str = smp_state_name[state];
1019 }
1020 return p_str;
1021 }
1022
1023 /*******************************************************************************
1024 * Function smp_get_event_name
1025 * Returns The smp event name.
1026 ******************************************************************************/
smp_get_event_name(tSMP_EVENT event)1027 const char* smp_get_event_name(tSMP_EVENT event) {
1028 const char* p_str = smp_event_name[SMP_MAX_EVT];
1029
1030 if (event <= SMP_MAX_EVT) {
1031 p_str = smp_event_name[event - 1];
1032 }
1033 return p_str;
1034 }
1035