1 /* 2 * Copyright (C) 2014 BlueKitchen GmbH 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. Neither the name of the copyright holders nor the names of 14 * contributors may be used to endorse or promote products derived 15 * from this software without specific prior written permission. 16 * 4. Any redistribution, use, or modification is done solely for 17 * personal benefit and not for any commercial purpose or for 18 * monetary gain. 19 * 20 * THIS SOFTWARE IS PROVIDED BY BLUEKITCHEN GMBH AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BLUEKITCHEN 24 * GMBH OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 26 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 27 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 28 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 29 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 30 * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * Please inquire about commercial licensing options at 34 * [email protected] 35 * 36 */ 37 38 /** 39 * @title Security Manager 40 * 41 */ 42 43 #ifndef SM_H 44 #define SM_H 45 46 #if defined __cplusplus 47 extern "C" { 48 #endif 49 50 #include <stdint.h> 51 #include "btstack_util.h" 52 #include "btstack_defines.h" 53 #include "hci.h" 54 55 typedef struct { 56 btstack_linked_item_t item; 57 bd_addr_t address; 58 bd_addr_type_t address_type; 59 } sm_lookup_entry_t; 60 61 /* API_START */ 62 63 /** 64 * @brief Initializes the Security Manager, connects to L2CAP 65 */ 66 void sm_init(void); 67 68 /** 69 * @brief Set secret ER key for key generation as described in Core V4.0, Vol 3, Part G, 5.2.2 70 * @note If not set and btstack_tlv is configured, ER key is generated and stored in TLV by SM 71 * @param er key 72 */ 73 void sm_set_er(sm_key_t er); 74 75 /** 76 * @brief Set secret IR key for key generation as described in Core V4.0, Vol 3, Part G, 5.2.2 77 * @note If not set and btstack_tlv is configured, IR key is generated and stored in TLV by SM 78 * @param ir key 79 */ 80 void sm_set_ir(sm_key_t ir); 81 82 /** 83 * @brief Registers OOB Data Callback. The callback should set the oob_data and return 1 if OOB data is availble 84 * @param get_oob_data_callback 85 */ 86 void sm_register_oob_data_callback( int (*get_oob_data_callback)(uint8_t address_type, bd_addr_t addr, uint8_t * oob_data)); 87 88 /** 89 * @brief Add event packet handler. 90 * @param callback_handler 91 */ 92 void sm_add_event_handler(btstack_packet_callback_registration_t * callback_handler); 93 94 /** 95 * @brief Remove event packet handler. 96 * @param callback_handler 97 */ 98 void sm_remove_event_handler(btstack_packet_callback_registration_t * callback_handler); 99 100 /** 101 * @brief Limit the STK generation methods. Bonding is stopped if the resulting one isn't in the list 102 * @param OR combination of SM_STK_GENERATION_METHOD_ 103 */ 104 void sm_set_accepted_stk_generation_methods(uint8_t accepted_stk_generation_methods); 105 106 /** 107 * @brief Set the accepted encryption key size range. Bonding is stopped if the result isn't within the range 108 * @param min_size (default 7) 109 * @param max_size (default 16) 110 */ 111 void sm_set_encryption_key_size_range(uint8_t min_size, uint8_t max_size); 112 113 /** 114 * @brief Sets the requested authentication requirements, bonding yes/no, MITM yes/no, SC yes/no, keypress yes/no 115 * @param OR combination of SM_AUTHREQ_ flags 116 */ 117 void sm_set_authentication_requirements(uint8_t auth_req); 118 119 /** 120 * @brief Sets the available IO Capabilities 121 * @param IO_CAPABILITY_ 122 */ 123 void sm_set_io_capabilities(io_capability_t io_capability); 124 125 /** 126 * @brief Enable/disable Secure Connections Mode only 127 * @param enable secure connections only mode 128 */ 129 void sm_set_secure_connections_only_mode(bool enable); 130 131 /** 132 * @brief Let Peripheral request an encrypted connection right after connecting 133 * @param enable 134 * @note Not used normally. Bonding is triggered by access to protected attributes in ATT Server 135 */ 136 void sm_set_request_security(bool enable); 137 138 /** 139 * @brief Trigger Security Request 140 * @deprecated please use sm_request_pairing instead 141 */ 142 void sm_send_security_request(hci_con_handle_t con_handle); 143 144 /** 145 * @brief Decline bonding triggered by event before 146 * @param con_handle 147 */ 148 void sm_bonding_decline(hci_con_handle_t con_handle); 149 150 /** 151 * @brief Confirm Just Works bonding 152 * @param con_handle 153 */ 154 void sm_just_works_confirm(hci_con_handle_t con_handle); 155 156 /** 157 * @brief Confirm value from SM_EVENT_NUMERIC_COMPARISON_REQUEST for Numeric Comparison bonding 158 * @param con_handle 159 */ 160 void sm_numeric_comparison_confirm(hci_con_handle_t con_handle); 161 162 /** 163 * @brief Reports passkey input by user 164 * @param con_handle 165 * @param passkey in [0..999999] 166 */ 167 void sm_passkey_input(hci_con_handle_t con_handle, uint32_t passkey); 168 169 /** 170 * @brief Send keypress notification for keyboard only devices 171 * @param con_handle 172 * @param action see SM_KEYPRESS_* in bluetooth.h 173 */ 174 void sm_keypress_notification(hci_con_handle_t con_handle, uint8_t action); 175 176 /** 177 * @brief Used by att_server.c and gatt_client.c to request user authentication 178 * @param con_handle 179 */ 180 void sm_request_pairing(hci_con_handle_t con_handle); 181 182 /** 183 * @brief Report user authorization decline. 184 * @param con_handle 185 */ 186 void sm_authorization_decline(hci_con_handle_t con_handle); 187 188 /** 189 * @brief Report user authorization grant. 190 * @param con_handle 191 */ 192 void sm_authorization_grant(hci_con_handle_t con_handle); 193 194 /** 195 * @brief Support for signed writes, used by att_server. 196 * @return ready 197 */ 198 int sm_cmac_ready(void); 199 200 /** 201 * @brief Support for signed writes, used by att_server. 202 * @note Message is in little endian to allows passing in ATT PDU without flipping. 203 * @note signing data: [opcode, attribute_handle, message, sign_counter] 204 * @note calculated hash in done_callback is big endian and has 16 byte. 205 * @param key 206 * @param opcde 207 * @param attribute_handle 208 * @param message_len 209 * @param message 210 * @param sign_counter 211 */ 212 void sm_cmac_signed_write_start(const sm_key_t key, uint8_t opcode, uint16_t attribute_handle, uint16_t message_len, const uint8_t * message, uint32_t sign_counter, void (*done_callback)(uint8_t * hash)); 213 214 /** 215 * @brief Match address against bonded devices 216 * @param address_type 217 * @param address 218 * @return 0 if successfully added to lookup queue 219 * @note Triggers SM_IDENTITY_RESOLVING_* events 220 */ 221 int sm_address_resolution_lookup(uint8_t address_type, bd_addr_t address); 222 223 /** 224 * @brief Get Identity Resolving state 225 * @param con_handle 226 * @return irk_lookup_state_t 227 * @note return IRK_LOOKUP_IDLE if connection does not exist 228 */ 229 irk_lookup_state_t sm_identity_resolving_state(hci_con_handle_t con_handle); 230 231 /** 232 * @brief Identify device in LE Device DB. 233 * @param con_handle 234 * @return index from le_device_db or -1 if not found/identified 235 */ 236 int sm_le_device_index(hci_con_handle_t con_handle); 237 238 /** 239 * @brief Get LTK for encrypted connection 240 * @param con_handle 241 * @param ltk buffer to store long term key 242 * @return ERROR_CODE_SUCCESS ok 243 * ERROR_CODE_UNKNOWN_CONNECTION_IDENTIFIER if no connection for this con handle exists 244 * ERROR_CODE_PIN_OR_KEY_MISSING if connection is not encrypted 245 */ 246 uint8_t sm_get_ltk(hci_con_handle_t con_handle, sm_key_t ltk); 247 248 /** 249 * @brief Use fixec passkey for Legacy and SC instead of generating a random number 250 * @note Can be used to improve security over Just Works if no keyboard or displary are present and 251 * individual random passkey can be printed on the device during production 252 * @param passkey 253 */ 254 void sm_use_fixed_passkey_in_display_role(uint32_t passkey); 255 256 /** 257 * @brief Allow connection re-encryption in Peripheral (Responder) role for LE Legacy Pairing 258 * without entry for Central device stored in LE Device DB 259 * @note BTstack in Peripheral Role (Responder) supports LE Legacy Pairing without a persistent LE Device DB as 260 * the LTK is reconstructed from a local secret IRK and EDIV + Random stored on Central (Initiator) device 261 * On the downside, it's not really possible to delete a pairing if this is enabled. 262 * @param allow encryption using reconstructed LTK without stored entry (Default: 1) 263 */ 264 void sm_allow_ltk_reconstruction_without_le_device_db_entry(int allow); 265 266 /** 267 * @brief Generate OOB data for LE Secure Connections 268 * @note This generates a 128 bit random number ra and then calculates Ca = f4(PKa, PKa, ra, 0) 269 * New OOB data should be generated for each pairing. Ra is used for subsequent OOB pairings 270 * @param callback 271 * @return status 272 */ 273 uint8_t sm_generate_sc_oob_data(void (*callback)(const uint8_t * confirm_value, const uint8_t * random_value)); 274 275 /** 276 * @brief Registers OOB Data Callback for LE Secure Conections. The callback should set all arguments and return 1 if OOB data is availble 277 * @note the oob_sc_local_random usually is the random_value returend by sm_generate_sc_oob_data 278 * @param get_oob_data_callback 279 */ 280 void sm_register_sc_oob_data_callback( int (*get_sc_oob_data_callback)(uint8_t address_type, bd_addr_t addr, uint8_t * oob_sc_peer_confirm, uint8_t * oob_sc_peer_random)); 281 282 /** 283 * @bbrief Register LTK Callback that allows to provide a custom LTK on re-encryption. The callback returns true if LTK was modified 284 * @param get_ltk_callback 285 */ 286 void sm_register_ltk_callback( bool (*get_ltk_callback)(hci_con_handle_t con_handle, uint8_t address_type, bd_addr_t addr, uint8_t * ltk)); 287 288 /* API_END */ 289 290 /** 291 * @brief De-Init SM 292 */ 293 void sm_deinit(void); 294 295 /** 296 * @brief Use Debug Keys for LE Secure Connections for testing until restart 297 * @note Requires ENABLE_LE_SECURE_CONNECTIONS and ENABLE_LE_SECURE_CONNECTIONS_DEBUG_KEY 298 */ 299 void sm_test_enable_secure_connections_debug_keys(void); 300 301 // PTS testing 302 void sm_test_set_irk(sm_key_t irk); 303 void sm_test_use_fixed_local_csrk(void); 304 305 306 #ifdef ENABLE_TESTING_SUPPORT 307 void sm_test_set_pairing_failure(int reason); 308 #endif 309 310 #if defined __cplusplus 311 } 312 #endif 313 314 #endif // SM_H 315