src/ble/sm.c

3deb3ec6SMatthias Ringwald/*
3deb3ec6SMatthias Ringwald * Copyright (C) 2014 BlueKitchen GmbH
3deb3ec6SMatthias Ringwald *
3deb3ec6SMatthias Ringwald * Redistribution and use in source and binary forms, with or without
3deb3ec6SMatthias Ringwald * modification, are permitted provided that the following conditions
3deb3ec6SMatthias Ringwald * are met:
3deb3ec6SMatthias Ringwald *
3deb3ec6SMatthias Ringwald * 1. Redistributions of source code must retain the above copyright
3deb3ec6SMatthias Ringwald *    notice, this list of conditions and the following disclaimer.
3deb3ec6SMatthias Ringwald * 2. Redistributions in binary form must reproduce the above copyright
3deb3ec6SMatthias Ringwald *    notice, this list of conditions and the following disclaimer in the
3deb3ec6SMatthias Ringwald *    documentation and/or other materials provided with the distribution.
3deb3ec6SMatthias Ringwald * 3. Neither the name of the copyright holders nor the names of
3deb3ec6SMatthias Ringwald *    contributors may be used to endorse or promote products derived
3deb3ec6SMatthias Ringwald *    from this software without specific prior written permission.
3deb3ec6SMatthias Ringwald * 4. Any redistribution, use, or modification is done solely for
3deb3ec6SMatthias Ringwald *    personal benefit and not for any commercial purpose or for
3deb3ec6SMatthias Ringwald *    monetary gain.
3deb3ec6SMatthias Ringwald *
3deb3ec6SMatthias Ringwald * THIS SOFTWARE IS PROVIDED BY BLUEKITCHEN GMBH AND CONTRIBUTORS
3deb3ec6SMatthias Ringwald * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
3deb3ec6SMatthias Ringwald * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
2fca4dadSMilanka Ringwald * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BLUEKITCHEN
2fca4dadSMilanka Ringwald * GMBH OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
3deb3ec6SMatthias Ringwald * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
3deb3ec6SMatthias Ringwald * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
3deb3ec6SMatthias Ringwald * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
3deb3ec6SMatthias Ringwald * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
3deb3ec6SMatthias Ringwald * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
3deb3ec6SMatthias Ringwald * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
3deb3ec6SMatthias Ringwald * SUCH DAMAGE.
3deb3ec6SMatthias Ringwald *
3deb3ec6SMatthias Ringwald * Please inquire about commercial licensing options at
3deb3ec6SMatthias Ringwald * [email protected]
3deb3ec6SMatthias Ringwald *
3deb3ec6SMatthias Ringwald */
ab2c6ae4SMatthias Ringwald
e501bae0SMatthias Ringwald#define BTSTACK_FILE__ "sm.c"
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald#include <string.h>
3deb3ec6SMatthias Ringwald#include <inttypes.h>
3deb3ec6SMatthias Ringwald
3edc84c5SMatthias Ringwald#include "ble/le_device_db.h"
59c6af15SMatthias Ringwald#include "ble/core.h"
3edc84c5SMatthias Ringwald#include "ble/sm.h"
61f37892SMatthias Ringwald#include "bluetooth_company_id.h"
d7f1c72eSMatthias Ringwald#include "btstack_bool.h"
d1a1f6a4SMatthias Ringwald#include "btstack_crypto.h"
0e2df43fSMatthias Ringwald#include "btstack_debug.h"
0e2df43fSMatthias Ringwald#include "btstack_event.h"
0e2df43fSMatthias Ringwald#include "btstack_linked_list.h"
0e2df43fSMatthias Ringwald#include "btstack_memory.h"
899e6e02SMatthias Ringwald#include "btstack_tlv.h"
f7a05cdaSMatthias Ringwald#include "gap.h"
0e2df43fSMatthias Ringwald#include "hci.h"
13377825SMatthias Ringwald#include "hci_dump.h"
0e2df43fSMatthias Ringwald#include "l2cap.h"
3deb3ec6SMatthias Ringwald
1a682202SMatthias Ringwald#if !defined(ENABLE_LE_PERIPHERAL) && !defined(ENABLE_LE_CENTRAL)
1a682202SMatthias Ringwald#error "LE Security Manager used, but neither ENABLE_LE_PERIPHERAL nor ENABLE_LE_CENTRAL defined. Please add at least one to btstack_config.h."
1a682202SMatthias Ringwald#endif
1a682202SMatthias Ringwald
7ece0eaaSMatthias Ringwald#if defined(ENABLE_CROSS_TRANSPORT_KEY_DERIVATION) && (!defined(ENABLE_CLASSIC) || !defined(ENABLE_LE_SECURE_CONNECTIONS))
7ece0eaaSMatthias Ringwald#error "Cross Transport Key Derivation requires support for LE Secure Connections and BR/EDR (Classic)"
6857ad8fSMatthias Ringwald#endif
6857ad8fSMatthias Ringwald
d1a1f6a4SMatthias Ringwald// assert SM Public Key can be sent/received
d1a1f6a4SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
d1a1f6a4SMatthias Ringwald#if HCI_ACL_PAYLOAD_SIZE < 69
d1a1f6a4SMatthias Ringwald#error "HCI_ACL_PAYLOAD_SIZE must be at least 69 bytes when using LE Secure Conection. Please increase HCI_ACL_PAYLOAD_SIZE or disable ENABLE_LE_SECURE_CONNECTIONS"
d1a1f6a4SMatthias Ringwald#endif
d1a1f6a4SMatthias Ringwald#endif
d1a1f6a4SMatthias Ringwald
42134bc6SMatthias Ringwald#if defined(ENABLE_LE_PERIPHERAL) && defined(ENABLE_LE_CENTRAL)
cd1176f5SMatthias Ringwald#define IS_RESPONDER(role) ((role) == HCI_ROLE_SLAVE)
42134bc6SMatthias Ringwald#else
42134bc6SMatthias Ringwald#ifdef ENABLE_LE_CENTRAL
42134bc6SMatthias Ringwald// only central - never responder (avoid 'unused variable' warnings)
cd1176f5SMatthias Ringwald#define IS_RESPONDER(role) (0 && ((role) == HCI_ROLE_SLAVE))
42134bc6SMatthias Ringwald#else
42134bc6SMatthias Ringwald// only peripheral - always responder (avoid 'unused variable' warnings)
cd1176f5SMatthias Ringwald#define IS_RESPONDER(role) (1 || ((role) == HCI_ROLE_SLAVE))
42134bc6SMatthias Ringwald#endif
42134bc6SMatthias Ringwald#endif
42134bc6SMatthias Ringwald
7a766ebfSMatthias Ringwald#if defined(ENABLE_LE_SIGNED_WRITE) || defined(ENABLE_LE_SECURE_CONNECTIONS)
d1a1f6a4SMatthias Ringwald#define USE_CMAC_ENGINE
7a766ebfSMatthias Ringwald#endif
7a766ebfSMatthias Ringwald
6857ad8fSMatthias Ringwald
968b2eafSMatthias Ringwald#define BTSTACK_TAG32(A,B,C,D) (((A) << 24) | ((B) << 16) | ((C) << 8) | (D))
899e6e02SMatthias Ringwald
3deb3ec6SMatthias Ringwald//
3deb3ec6SMatthias Ringwald// SM internal types and globals
3deb3ec6SMatthias Ringwald//
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwaldtypedef enum {
3deb3ec6SMatthias Ringwald    DKG_W4_WORKING,
3deb3ec6SMatthias Ringwald    DKG_CALC_IRK,
3deb3ec6SMatthias Ringwald    DKG_CALC_DHK,
3deb3ec6SMatthias Ringwald    DKG_READY
3deb3ec6SMatthias Ringwald} derived_key_generation_t;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwaldtypedef enum {
3deb3ec6SMatthias Ringwald    RAU_IDLE,
fbd4e238SMatthias Ringwald    RAU_GET_RANDOM,
3deb3ec6SMatthias Ringwald    RAU_W4_RANDOM,
3deb3ec6SMatthias Ringwald    RAU_GET_ENC,
3deb3ec6SMatthias Ringwald    RAU_W4_ENC,
3deb3ec6SMatthias Ringwald} random_address_update_t;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwaldtypedef enum {
3deb3ec6SMatthias Ringwald    CMAC_IDLE,
3deb3ec6SMatthias Ringwald    CMAC_CALC_SUBKEYS,
3deb3ec6SMatthias Ringwald    CMAC_W4_SUBKEYS,
3deb3ec6SMatthias Ringwald    CMAC_CALC_MI,
3deb3ec6SMatthias Ringwald    CMAC_W4_MI,
3deb3ec6SMatthias Ringwald    CMAC_CALC_MLAST,
3deb3ec6SMatthias Ringwald    CMAC_W4_MLAST
3deb3ec6SMatthias Ringwald} cmac_state_t;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwaldtypedef enum {
3deb3ec6SMatthias Ringwald    JUST_WORKS,
27c32905SMatthias Ringwald    PK_RESP_INPUT,       // Initiator displays PK, responder inputs PK
27c32905SMatthias Ringwald    PK_INIT_INPUT,       // Responder displays PK, initiator inputs PK
47fb4255SMatthias Ringwald    PK_BOTH_INPUT,       // Only input on both, both input PK
47fb4255SMatthias Ringwald    NUMERIC_COMPARISON,  // Only numerical compparison (yes/no) on on both sides
47fb4255SMatthias Ringwald    OOB                  // OOB available on one (SC) or both sides (legacy)
3deb3ec6SMatthias Ringwald} stk_generation_method_t;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwaldtypedef enum {
3deb3ec6SMatthias Ringwald    SM_USER_RESPONSE_IDLE,
3deb3ec6SMatthias Ringwald    SM_USER_RESPONSE_PENDING,
3deb3ec6SMatthias Ringwald    SM_USER_RESPONSE_CONFIRM,
3deb3ec6SMatthias Ringwald    SM_USER_RESPONSE_PASSKEY,
3deb3ec6SMatthias Ringwald    SM_USER_RESPONSE_DECLINE
3deb3ec6SMatthias Ringwald} sm_user_response_t;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwaldtypedef enum {
3deb3ec6SMatthias Ringwald    SM_AES128_IDLE,
3deb3ec6SMatthias Ringwald    SM_AES128_ACTIVE
3deb3ec6SMatthias Ringwald} sm_aes128_state_t;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwaldtypedef enum {
3deb3ec6SMatthias Ringwald    ADDRESS_RESOLUTION_IDLE,
3deb3ec6SMatthias Ringwald    ADDRESS_RESOLUTION_GENERAL,
3deb3ec6SMatthias Ringwald    ADDRESS_RESOLUTION_FOR_CONNECTION,
3deb3ec6SMatthias Ringwald} address_resolution_mode_t;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwaldtypedef enum {
a66b030fSMatthias Ringwald    ADDRESS_RESOLUTION_SUCCEEDED,
3deb3ec6SMatthias Ringwald    ADDRESS_RESOLUTION_FAILED,
3deb3ec6SMatthias Ringwald} address_resolution_event_t;
901c000fSMatthias Ringwald
901c000fSMatthias Ringwaldtypedef enum {
34b6528fSMatthias Ringwald    EC_KEY_GENERATION_IDLE,
7df18c15SMatthias Ringwald    EC_KEY_GENERATION_ACTIVE,
7df18c15SMatthias Ringwald    EC_KEY_GENERATION_DONE,
7df18c15SMatthias Ringwald} ec_key_generation_state_t;
7df18c15SMatthias Ringwald
7df18c15SMatthias Ringwaldtypedef enum {
3cf37b8cSMatthias Ringwald    SM_STATE_VAR_DHKEY_NEEDED = 1 << 0,
3cf37b8cSMatthias Ringwald    SM_STATE_VAR_DHKEY_CALCULATED = 1 << 1,
3cf37b8cSMatthias Ringwald    SM_STATE_VAR_DHKEY_COMMAND_RECEIVED = 1 << 2,
901c000fSMatthias Ringwald} sm_state_var_t;
901c000fSMatthias Ringwald
c59d0c92SMatthias Ringwaldtypedef enum {
c59d0c92SMatthias Ringwald    SM_SC_OOB_IDLE,
d1a1f6a4SMatthias Ringwald    SM_SC_OOB_W4_RANDOM,
c59d0c92SMatthias Ringwald    SM_SC_OOB_W2_CALC_CONFIRM,
c59d0c92SMatthias Ringwald    SM_SC_OOB_W4_CONFIRM,
c59d0c92SMatthias Ringwald} sm_sc_oob_state_t;
c59d0c92SMatthias Ringwald
6420f61eSMatthias Ringwaldtypedef uint8_t sm_key24_t[3];
6420f61eSMatthias Ringwaldtypedef uint8_t sm_key56_t[7];
6420f61eSMatthias Ringwaldtypedef uint8_t sm_key256_t[32];
6420f61eSMatthias Ringwald
3deb3ec6SMatthias Ringwald//
3deb3ec6SMatthias Ringwald// GLOBAL DATA
3deb3ec6SMatthias Ringwald//
3deb3ec6SMatthias Ringwald
2d2d4d3cSMatthias Ringwaldstatic bool sm_initialized;
2d2d4d3cSMatthias Ringwald
841468bbSMatthias Ringwaldstatic bool test_use_fixed_local_csrk;
841468bbSMatthias Ringwaldstatic bool test_use_fixed_local_irk;
3deb3ec6SMatthias Ringwald
192365feSMatthias Ringwald#ifdef ENABLE_TESTING_SUPPORT
192365feSMatthias Ringwaldstatic uint8_t test_pairing_failure;
192365feSMatthias Ringwald#endif
192365feSMatthias Ringwald
3deb3ec6SMatthias Ringwald// configuration
3deb3ec6SMatthias Ringwaldstatic uint8_t sm_accepted_stk_generation_methods;
3deb3ec6SMatthias Ringwaldstatic uint8_t sm_max_encryption_key_size;
3deb3ec6SMatthias Ringwaldstatic uint8_t sm_min_encryption_key_size;
3deb3ec6SMatthias Ringwaldstatic uint8_t sm_auth_req = 0;
3deb3ec6SMatthias Ringwaldstatic uint8_t sm_io_capabilities = IO_CAPABILITY_NO_INPUT_NO_OUTPUT;
4b8c611fSMatthias Ringwaldstatic uint32_t sm_fixed_passkey_in_display_role;
1979f09cSMatthias Ringwaldstatic bool sm_reconstruct_ltk_without_le_device_db_entry;
3deb3ec6SMatthias Ringwald
b6f39a74SMatthias Ringwald#ifdef ENABLE_LE_PERIPHERAL
728f6757SMatthias Ringwaldstatic bool sm_slave_request_security;
b6f39a74SMatthias Ringwald#endif
b6f39a74SMatthias Ringwald
c59d0c92SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
c123d999SMatthias Ringwaldstatic bool sm_sc_only_mode;
c59d0c92SMatthias Ringwaldstatic uint8_t sm_sc_oob_random[16];
c59d0c92SMatthias Ringwaldstatic void (*sm_sc_oob_callback)(const uint8_t * confirm_value, const uint8_t * random_value);
c59d0c92SMatthias Ringwaldstatic sm_sc_oob_state_t sm_sc_oob_state;
db88441fSMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS_DEBUG_KEY
db88441fSMatthias Ringwaldstatic bool sm_sc_debug_keys_enabled;
db88441fSMatthias Ringwald#endif
c59d0c92SMatthias Ringwald#endif
c59d0c92SMatthias Ringwald
899e6e02SMatthias Ringwald
1979f09cSMatthias Ringwaldstatic bool                  sm_persistent_keys_random_active;
899e6e02SMatthias Ringwaldstatic const btstack_tlv_t * sm_tlv_impl;
899e6e02SMatthias Ringwaldstatic void *                sm_tlv_context;
899e6e02SMatthias Ringwald
3deb3ec6SMatthias Ringwald// Security Manager Master Keys, please use sm_set_er(er) and sm_set_ir(ir) with your own 128 bit random values
3deb3ec6SMatthias Ringwaldstatic sm_key_t sm_persistent_er;
3deb3ec6SMatthias Ringwaldstatic sm_key_t sm_persistent_ir;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald// derived from sm_persistent_ir
3deb3ec6SMatthias Ringwaldstatic sm_key_t sm_persistent_dhk;
3deb3ec6SMatthias Ringwaldstatic sm_key_t sm_persistent_irk;
3deb3ec6SMatthias Ringwaldstatic derived_key_generation_t dkg_state;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald// derived from sm_persistent_er
3deb3ec6SMatthias Ringwald// ..
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald// random address update
3deb3ec6SMatthias Ringwaldstatic random_address_update_t rau_state;
3deb3ec6SMatthias Ringwaldstatic bd_addr_t sm_random_address;
3deb3ec6SMatthias Ringwald
d1a1f6a4SMatthias Ringwald#ifdef USE_CMAC_ENGINE
514d35fcSMatthias Ringwald// CMAC Calculation: General
d1a1f6a4SMatthias Ringwaldstatic btstack_crypto_aes128_cmac_t sm_cmac_request;
d1a1f6a4SMatthias Ringwaldstatic void (*sm_cmac_done_callback)(uint8_t hash[8]);
d1a1f6a4SMatthias Ringwaldstatic uint8_t sm_cmac_active;
d1a1f6a4SMatthias Ringwaldstatic uint8_t sm_cmac_hash[16];
7a766ebfSMatthias Ringwald#endif
514d35fcSMatthias Ringwald
514d35fcSMatthias Ringwald// CMAC for ATT Signed Writes
7a766ebfSMatthias Ringwald#ifdef ENABLE_LE_SIGNED_WRITE
d1a1f6a4SMatthias Ringwaldstatic uint16_t        sm_cmac_signed_write_message_len;
d1a1f6a4SMatthias Ringwaldstatic uint8_t         sm_cmac_signed_write_header[3];
d1a1f6a4SMatthias Ringwaldstatic const uint8_t * sm_cmac_signed_write_message;
d1a1f6a4SMatthias Ringwaldstatic uint8_t         sm_cmac_signed_write_sign_counter[4];
7a766ebfSMatthias Ringwald#endif
514d35fcSMatthias Ringwald
514d35fcSMatthias Ringwald// CMAC for Secure Connection functions
514d35fcSMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
aec94140SMatthias Ringwaldstatic sm_connection_t * sm_cmac_connection;
514d35fcSMatthias Ringwaldstatic uint8_t           sm_cmac_sc_buffer[80];
514d35fcSMatthias Ringwald#endif
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald// resolvable private address lookup / CSRK calculation
3deb3ec6SMatthias Ringwaldstatic int       sm_address_resolution_test;
3deb3ec6SMatthias Ringwaldstatic uint8_t   sm_address_resolution_addr_type;
3deb3ec6SMatthias Ringwaldstatic bd_addr_t sm_address_resolution_address;
3deb3ec6SMatthias Ringwaldstatic void *    sm_address_resolution_context;
3deb3ec6SMatthias Ringwaldstatic address_resolution_mode_t sm_address_resolution_mode;
8f2a52f4SMatthias Ringwaldstatic btstack_linked_list_t sm_address_resolution_general_queue;
3deb3ec6SMatthias Ringwald
d1a1f6a4SMatthias Ringwald// aes128 crypto engine.
3deb3ec6SMatthias Ringwaldstatic sm_aes128_state_t  sm_aes128_state;
3deb3ec6SMatthias Ringwald
d1a1f6a4SMatthias Ringwald// crypto
d1a1f6a4SMatthias Ringwaldstatic btstack_crypto_random_t   sm_crypto_random_request;
d1a1f6a4SMatthias Ringwaldstatic btstack_crypto_aes128_t   sm_crypto_aes128_request;
d1a1f6a4SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
d1a1f6a4SMatthias Ringwaldstatic btstack_crypto_ecc_p256_t sm_crypto_ecc_p256_request;
7df1ef2fSMatthias Ringwald#endif
7df1ef2fSMatthias Ringwald
d1a1f6a4SMatthias Ringwald// temp storage for random data
d1a1f6a4SMatthias Ringwaldstatic uint8_t sm_random_data[8];
d1a1f6a4SMatthias Ringwaldstatic uint8_t sm_aes128_key[16];
d1a1f6a4SMatthias Ringwaldstatic uint8_t sm_aes128_plaintext[16];
d1a1f6a4SMatthias Ringwaldstatic uint8_t sm_aes128_ciphertext[16];
3deb3ec6SMatthias Ringwald
a036ae12SMatthias Ringwald// to receive events
e03e489aSMatthias Ringwaldstatic btstack_packet_callback_registration_t hci_event_callback_registration;
c5b6ce22SMatthias Ringwald#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
a036ae12SMatthias Ringwaldstatic btstack_packet_callback_registration_t l2cap_event_callback_registration;
c5b6ce22SMatthias Ringwald#endif
e03e489aSMatthias Ringwald
89a78d34SMatthias Ringwald/* to dispatch sm event */
89a78d34SMatthias Ringwaldstatic btstack_linked_list_t sm_event_handlers;
89a78d34SMatthias Ringwald
ece00d2dSMatthias Ringwald/* to schedule calls to sm_run */
ece00d2dSMatthias Ringwaldstatic btstack_timer_source_t sm_run_timer;
ece00d2dSMatthias Ringwald
09e4d397SMatthias Ringwald// LE Secure Connections
09e4d397SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
09e4d397SMatthias Ringwaldstatic ec_key_generation_state_t ec_key_generation_state;
fc5bff5fSMatthias Ringwaldstatic uint8_t ec_q[64];
09e4d397SMatthias Ringwald#endif
df86eb96SMatthias Ringwald
3deb3ec6SMatthias Ringwald//
3deb3ec6SMatthias Ringwald// Volume 3, Part H, Chapter 24
3deb3ec6SMatthias Ringwald// "Security shall be initiated by the Security Manager in the device in the master role.
3deb3ec6SMatthias Ringwald// The device in the slave role shall be the responding device."
3deb3ec6SMatthias Ringwald// -> master := initiator, slave := responder
3deb3ec6SMatthias Ringwald//
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald// data needed for security setup
3deb3ec6SMatthias Ringwaldtypedef struct sm_setup_context {
3deb3ec6SMatthias Ringwald
ec820d77SMatthias Ringwald    btstack_timer_source_t sm_timeout;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald    // user response, (Phase 1 and/or 2)
3deb3ec6SMatthias Ringwald    uint8_t   sm_user_response;
dd4a08fbSMatthias Ringwald    uint8_t   sm_keypress_notification; // bitmap: passkey started, digit entered, digit erased, passkey cleared, passkey complete, 3 bit count
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald    // defines which keys will be send after connection is encrypted - calculated during Phase 1, used Phase 3
715a43d1SMatthias Ringwald    uint8_t   sm_key_distribution_send_set;
715a43d1SMatthias Ringwald    uint8_t   sm_key_distribution_sent_set;
9a90d41aSMatthias Ringwald    uint8_t   sm_key_distribution_expected_set;
715a43d1SMatthias Ringwald    uint8_t   sm_key_distribution_received_set;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald    // Phase 2 (Pairing over SMP)
3deb3ec6SMatthias Ringwald    stk_generation_method_t sm_stk_generation_method;
3deb3ec6SMatthias Ringwald    sm_key_t  sm_tk;
a680ba6bSMatthias Ringwald    uint8_t   sm_have_oob_data;
6777d8fdSMatthias Ringwald    bool      sm_use_secure_connections;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald    sm_key_t  sm_c1_t3_value;   // c1 calculation
3deb3ec6SMatthias Ringwald    sm_pairing_packet_t sm_m_preq; // pairing request - needed only for c1
3deb3ec6SMatthias Ringwald    sm_pairing_packet_t sm_s_pres; // pairing response - needed only for c1
3deb3ec6SMatthias Ringwald    sm_key_t  sm_local_random;
3deb3ec6SMatthias Ringwald    sm_key_t  sm_local_confirm;
3deb3ec6SMatthias Ringwald    sm_key_t  sm_peer_random;
3deb3ec6SMatthias Ringwald    sm_key_t  sm_peer_confirm;
3deb3ec6SMatthias Ringwald    uint8_t   sm_m_addr_type;   // address and type can be removed
3deb3ec6SMatthias Ringwald    uint8_t   sm_s_addr_type;   //  ''
3deb3ec6SMatthias Ringwald    bd_addr_t sm_m_address;     //  ''
3deb3ec6SMatthias Ringwald    bd_addr_t sm_s_address;     //  ''
3deb3ec6SMatthias Ringwald    sm_key_t  sm_ltk;
3deb3ec6SMatthias Ringwald
68437d83SMatthias Ringwald    uint8_t   sm_state_vars;
e53be891SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
fc5bff5fSMatthias Ringwald    uint8_t   sm_peer_q[64];    // also stores random for EC key generation during init
446a8c36SMatthias Ringwald    sm_key_t  sm_peer_nonce;    // might be combined with sm_peer_random
446a8c36SMatthias Ringwald    sm_key_t  sm_local_nonce;   // might be combined with sm_local_random
d08147dfSMatthias Ringwald    uint8_t   sm_dhkey[32];
e53be891SMatthias Ringwald    sm_key_t  sm_peer_dhkey_check;
e53be891SMatthias Ringwald    sm_key_t  sm_local_dhkey_check;
446a8c36SMatthias Ringwald    sm_key_t  sm_ra;
446a8c36SMatthias Ringwald    sm_key_t  sm_rb;
2bacf595SMatthias Ringwald    sm_key_t  sm_t;             // used for f5 and h6
a9f29768SMatthias Ringwald    sm_key_t  sm_mackey;
7df18c15SMatthias Ringwald    uint8_t   sm_passkey_bit;   // also stores number of generated random bytes for EC key generation
e53be891SMatthias Ringwald#endif
27c32905SMatthias Ringwald
3deb3ec6SMatthias Ringwald    // Phase 3
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald    // key distribution, we generate
3deb3ec6SMatthias Ringwald    uint16_t  sm_local_y;
3deb3ec6SMatthias Ringwald    uint16_t  sm_local_div;
3deb3ec6SMatthias Ringwald    uint16_t  sm_local_ediv;
3deb3ec6SMatthias Ringwald    uint8_t   sm_local_rand[8];
3deb3ec6SMatthias Ringwald    sm_key_t  sm_local_ltk;
3deb3ec6SMatthias Ringwald    sm_key_t  sm_local_csrk;
3deb3ec6SMatthias Ringwald    sm_key_t  sm_local_irk;
3deb3ec6SMatthias Ringwald    // sm_local_address/addr_type not needed
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald    // key distribution, received from peer
3deb3ec6SMatthias Ringwald    uint16_t  sm_peer_y;
3deb3ec6SMatthias Ringwald    uint16_t  sm_peer_div;
3deb3ec6SMatthias Ringwald    uint16_t  sm_peer_ediv;
3deb3ec6SMatthias Ringwald    uint8_t   sm_peer_rand[8];
3deb3ec6SMatthias Ringwald    sm_key_t  sm_peer_ltk;
3deb3ec6SMatthias Ringwald    sm_key_t  sm_peer_irk;
3deb3ec6SMatthias Ringwald    sm_key_t  sm_peer_csrk;
3deb3ec6SMatthias Ringwald    uint8_t   sm_peer_addr_type;
3deb3ec6SMatthias Ringwald    bd_addr_t sm_peer_address;
715a43d1SMatthias Ringwald#ifdef ENABLE_LE_SIGNED_WRITE
715a43d1SMatthias Ringwald    int       sm_le_device_index;
715a43d1SMatthias Ringwald#endif
e0a03c85SMatthias Ringwald#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
e0a03c85SMatthias Ringwald    link_key_t sm_link_key;
e0a03c85SMatthias Ringwald    link_key_type_t sm_link_key_type;
e0a03c85SMatthias Ringwald#endif
3deb3ec6SMatthias Ringwald} sm_setup_context_t;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald//
3deb3ec6SMatthias Ringwaldstatic sm_setup_context_t the_setup;
3deb3ec6SMatthias Ringwaldstatic sm_setup_context_t * setup = &the_setup;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald// active connection - the one for which the_setup is used for
7149bde5SMatthias Ringwaldstatic uint16_t sm_active_connection_handle = HCI_CON_HANDLE_INVALID;
3deb3ec6SMatthias Ringwald
6b65794dSMilanka Ringwald// @return 1 if oob data is available
3deb3ec6SMatthias Ringwald// stores oob data in provided 16 byte buffer if not null
3deb3ec6SMatthias Ringwaldstatic int (*sm_get_oob_data)(uint8_t addres_type, bd_addr_t addr, uint8_t * oob_data) = NULL;
4acf7b7bSMatthias Ringwaldstatic int (*sm_get_sc_oob_data)(uint8_t addres_type, bd_addr_t addr, uint8_t * oob_sc_peer_confirm, uint8_t * oob_sc_peer_random);
b96d60a6SMatthias Ringwaldstatic bool (*sm_get_ltk_callback)(hci_con_handle_t con_handle, uint8_t addres_type, bd_addr_t addr, uint8_t * ltk);
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwaldstatic void sm_run(void);
7887cd92SMatthias Ringwaldstatic void sm_state_reset(void);
711e6c80SMatthias Ringwaldstatic void sm_done_for_handle(hci_con_handle_t con_handle);
711e6c80SMatthias Ringwaldstatic sm_connection_t * sm_get_connection_for_handle(hci_con_handle_t con_handle);
916ea5b2SMatthias Ringwaldstatic void sm_cache_ltk(sm_connection_t * connection, const sm_key_t ltk);
77e2e5edSMatthias Ringwald#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
77e2e5edSMatthias Ringwaldstatic sm_connection_t * sm_get_connection_for_bd_addr_and_type(bd_addr_t address, bd_addr_type_t addr_type);
77e2e5edSMatthias Ringwald#endif
3deb3ec6SMatthias Ringwaldstatic inline int sm_calc_actual_encryption_key_size(int other);
3deb3ec6SMatthias Ringwaldstatic int sm_validate_stk_generation_method(void);
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_encryption_result_address_resolution(void *arg);
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_encryption_result_dkg_dhk(void *arg);
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_encryption_result_dkg_irk(void *arg);
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_encryption_result_enc_a(void *arg);
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_encryption_result_enc_b(void *arg);
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_encryption_result_enc_c(void *arg);
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_encryption_result_enc_csrk(void *arg);
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_encryption_result_enc_d(void * arg);
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_encryption_result_enc_ph3_ltk(void *arg);
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_encryption_result_enc_ph3_y(void *arg);
2a526f21SMatthias Ringwald#ifdef ENABLE_LE_PERIPHERAL
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_encryption_result_enc_ph4_ltk(void *arg);
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_encryption_result_enc_ph4_y(void *arg);
2a526f21SMatthias Ringwald#endif
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_encryption_result_enc_stk(void *arg);
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_encryption_result_rau(void *arg);
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_random_result_ph2_tk(void * arg);
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_random_result_rau(void * arg);
d1a1f6a4SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
6d80b495SMatthias Ringwaldstatic void sm_cmac_message_start(const sm_key_t key, uint16_t message_len, const uint8_t * message, void (*done_callback)(uint8_t * hash));
34b6528fSMatthias Ringwaldstatic void sm_ec_generate_new_key(void);
6ca80073SMatthias Ringwaldstatic void sm_handle_random_result_sc_next_w2_cmac_for_confirmation(void * arg);
6ca80073SMatthias Ringwaldstatic void sm_handle_random_result_sc_next_send_pairing_random(void * arg);
6777d8fdSMatthias Ringwaldstatic bool sm_passkey_entry(stk_generation_method_t method);
d1a1f6a4SMatthias Ringwald#endif
0ccf6c9cSMatthias Ringwaldstatic void sm_pairing_complete(sm_connection_t * sm_conn, uint8_t status, uint8_t reason);
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwaldstatic void log_info_hex16(const char * name, uint16_t value){
cc95824cSDirk Helbig    UNUSED(name);
cc95824cSDirk Helbig    UNUSED(value);
3deb3ec6SMatthias Ringwald    log_info("%-6s 0x%04x", name, value);
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
1fbd72c5SMatthias Ringwald// static inline uint8_t sm_pairing_packet_get_code(sm_pairing_packet_t packet){
1fbd72c5SMatthias Ringwald//     return packet[0];
1fbd72c5SMatthias Ringwald// }
1fbd72c5SMatthias Ringwaldstatic inline uint8_t sm_pairing_packet_get_io_capability(sm_pairing_packet_t packet){
1fbd72c5SMatthias Ringwald    return packet[1];
1fbd72c5SMatthias Ringwald}
1fbd72c5SMatthias Ringwaldstatic inline uint8_t sm_pairing_packet_get_oob_data_flag(sm_pairing_packet_t packet){
1fbd72c5SMatthias Ringwald    return packet[2];
1fbd72c5SMatthias Ringwald}
1fbd72c5SMatthias Ringwaldstatic inline uint8_t sm_pairing_packet_get_auth_req(sm_pairing_packet_t packet){
1fbd72c5SMatthias Ringwald    return packet[3];
1fbd72c5SMatthias Ringwald}
1fbd72c5SMatthias Ringwaldstatic inline uint8_t sm_pairing_packet_get_max_encryption_key_size(sm_pairing_packet_t packet){
1fbd72c5SMatthias Ringwald    return packet[4];
1fbd72c5SMatthias Ringwald}
1fbd72c5SMatthias Ringwaldstatic inline uint8_t sm_pairing_packet_get_initiator_key_distribution(sm_pairing_packet_t packet){
1fbd72c5SMatthias Ringwald    return packet[5];
1fbd72c5SMatthias Ringwald}
1fbd72c5SMatthias Ringwaldstatic inline uint8_t sm_pairing_packet_get_responder_key_distribution(sm_pairing_packet_t packet){
1fbd72c5SMatthias Ringwald    return packet[6];
1fbd72c5SMatthias Ringwald}
1fbd72c5SMatthias Ringwald
1fbd72c5SMatthias Ringwaldstatic inline void sm_pairing_packet_set_code(sm_pairing_packet_t packet, uint8_t code){
1fbd72c5SMatthias Ringwald    packet[0] = code;
1fbd72c5SMatthias Ringwald}
1fbd72c5SMatthias Ringwaldstatic inline void sm_pairing_packet_set_io_capability(sm_pairing_packet_t packet, uint8_t io_capability){
1fbd72c5SMatthias Ringwald    packet[1] = io_capability;
1fbd72c5SMatthias Ringwald}
1fbd72c5SMatthias Ringwaldstatic inline void sm_pairing_packet_set_oob_data_flag(sm_pairing_packet_t packet, uint8_t oob_data_flag){
1fbd72c5SMatthias Ringwald    packet[2] = oob_data_flag;
1fbd72c5SMatthias Ringwald}
1fbd72c5SMatthias Ringwaldstatic inline void sm_pairing_packet_set_auth_req(sm_pairing_packet_t packet, uint8_t auth_req){
1fbd72c5SMatthias Ringwald    packet[3] = auth_req;
1fbd72c5SMatthias Ringwald}
1fbd72c5SMatthias Ringwaldstatic inline void sm_pairing_packet_set_max_encryption_key_size(sm_pairing_packet_t packet, uint8_t max_encryption_key_size){
1fbd72c5SMatthias Ringwald    packet[4] = max_encryption_key_size;
1fbd72c5SMatthias Ringwald}
1fbd72c5SMatthias Ringwaldstatic inline void sm_pairing_packet_set_initiator_key_distribution(sm_pairing_packet_t packet, uint8_t initiator_key_distribution){
1fbd72c5SMatthias Ringwald    packet[5] = initiator_key_distribution;
1fbd72c5SMatthias Ringwald}
1fbd72c5SMatthias Ringwaldstatic inline void sm_pairing_packet_set_responder_key_distribution(sm_pairing_packet_t packet, uint8_t responder_key_distribution){
1fbd72c5SMatthias Ringwald    packet[6] = responder_key_distribution;
1fbd72c5SMatthias Ringwald}
1fbd72c5SMatthias Ringwald
1979f09cSMatthias Ringwaldstatic bool sm_is_null_random(uint8_t random[8]){
24c4191dSMatthias Ringwald    return btstack_is_null(random, 8);
3764b551SMatthias Ringwald}
3764b551SMatthias Ringwald
1979f09cSMatthias Ringwaldstatic bool sm_is_null_key(uint8_t * key){
24c4191dSMatthias Ringwald    return btstack_is_null(key, 16);
3764b551SMatthias Ringwald}
3764b551SMatthias Ringwald
1c34405fSMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
1c34405fSMatthias Ringwaldstatic bool sm_is_ff(const uint8_t * buffer, uint16_t size){
1c34405fSMatthias Ringwald    uint16_t i;
1c34405fSMatthias Ringwald    for (i=0; i < size ; i++){
1c34405fSMatthias Ringwald        if (buffer[i] != 0xff) {
1c34405fSMatthias Ringwald            return false;
1c34405fSMatthias Ringwald        }
1c34405fSMatthias Ringwald    }
1c34405fSMatthias Ringwald    return true;
1c34405fSMatthias Ringwald}
1c34405fSMatthias Ringwald#endif
1c34405fSMatthias Ringwald
70b44dd4SMatthias Ringwald// sm_trigger_run allows to schedule callback from main run loop // reduces stack depth
70b44dd4SMatthias Ringwaldstatic void sm_run_timer_handler(btstack_timer_source_t * ts){
70b44dd4SMatthias Ringwald	UNUSED(ts);
70b44dd4SMatthias Ringwald	sm_run();
70b44dd4SMatthias Ringwald}
70b44dd4SMatthias Ringwaldstatic void sm_trigger_run(void){
2d2d4d3cSMatthias Ringwald    if (!sm_initialized) return;
84c0c5c7SMatthias Ringwald	(void)btstack_run_loop_remove_timer(&sm_run_timer);
70b44dd4SMatthias Ringwald	btstack_run_loop_set_timer(&sm_run_timer, 0);
70b44dd4SMatthias Ringwald	btstack_run_loop_add_timer(&sm_run_timer);
70b44dd4SMatthias Ringwald}
70b44dd4SMatthias Ringwald
3deb3ec6SMatthias Ringwald// Key utils
3deb3ec6SMatthias Ringwaldstatic void sm_reset_tk(void){
3deb3ec6SMatthias Ringwald    int i;
3deb3ec6SMatthias Ringwald    for (i=0;i<16;i++){
3deb3ec6SMatthias Ringwald        setup->sm_tk[i] = 0;
3deb3ec6SMatthias Ringwald    }
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald// "For example, if a 128-bit encryption key is 0x123456789ABCDEF0123456789ABCDEF0
3deb3ec6SMatthias Ringwald// and it is reduced to 7 octets (56 bits), then the resulting key is 0x0000000000000000003456789ABCDEF0.""
3deb3ec6SMatthias Ringwaldstatic void sm_truncate_key(sm_key_t key, int max_encryption_size){
3deb3ec6SMatthias Ringwald    int i;
3deb3ec6SMatthias Ringwald    for (i = max_encryption_size ; i < 16 ; i++){
3deb3ec6SMatthias Ringwald        key[15-i] = 0;
3deb3ec6SMatthias Ringwald    }
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
899e6e02SMatthias Ringwald// ER / IR checks
21045273SMatthias Ringwaldstatic void sm_er_ir_set_default(void){
899e6e02SMatthias Ringwald    int i;
899e6e02SMatthias Ringwald    for (i=0;i<16;i++){
899e6e02SMatthias Ringwald        sm_persistent_er[i] = 0x30 + i;
899e6e02SMatthias Ringwald        sm_persistent_ir[i] = 0x90 + i;
899e6e02SMatthias Ringwald    }
899e6e02SMatthias Ringwald}
899e6e02SMatthias Ringwald
1d80f1e6SMatthias Ringwaldstatic bool sm_er_is_default(void){
899e6e02SMatthias Ringwald    int i;
899e6e02SMatthias Ringwald    for (i=0;i<16;i++){
1d80f1e6SMatthias Ringwald        if (sm_persistent_er[i] != (0x30+i)) return true;
899e6e02SMatthias Ringwald    }
1d80f1e6SMatthias Ringwald    return false;
899e6e02SMatthias Ringwald}
899e6e02SMatthias Ringwald
1d80f1e6SMatthias Ringwaldstatic bool sm_ir_is_default(void){
899e6e02SMatthias Ringwald    int i;
899e6e02SMatthias Ringwald    for (i=0;i<16;i++){
1d80f1e6SMatthias Ringwald        if (sm_persistent_ir[i] != (0x90+i)) return true;
899e6e02SMatthias Ringwald    }
1d80f1e6SMatthias Ringwald    return false;
899e6e02SMatthias Ringwald}
899e6e02SMatthias Ringwald
73102768SMatthias Ringwaldstatic void sm_dispatch_event(uint8_t packet_type, uint16_t channel, uint8_t * packet, uint16_t size){
73102768SMatthias Ringwald    UNUSED(channel);
73102768SMatthias Ringwald
73102768SMatthias Ringwald    // log event
9da9850bSMatthias Ringwald    hci_dump_btstack_event(packet, size);
73102768SMatthias Ringwald    // dispatch to all event handlers
73102768SMatthias Ringwald    btstack_linked_list_iterator_t it;
73102768SMatthias Ringwald    btstack_linked_list_iterator_init(&it, &sm_event_handlers);
73102768SMatthias Ringwald    while (btstack_linked_list_iterator_has_next(&it)){
73102768SMatthias Ringwald        btstack_packet_callback_registration_t * entry = (btstack_packet_callback_registration_t*) btstack_linked_list_iterator_next(&it);
73102768SMatthias Ringwald        entry->callback(packet_type, 0, packet, size);
73102768SMatthias Ringwald    }
73102768SMatthias Ringwald}
73102768SMatthias Ringwald
73102768SMatthias Ringwaldstatic void sm_setup_event_base(uint8_t * event, int event_size, uint8_t type, hci_con_handle_t con_handle, uint8_t addr_type, bd_addr_t address){
73102768SMatthias Ringwald    event[0] = type;
73102768SMatthias Ringwald    event[1] = event_size - 2;
73102768SMatthias Ringwald    little_endian_store_16(event, 2, con_handle);
73102768SMatthias Ringwald    event[4] = addr_type;
73102768SMatthias Ringwald    reverse_bd_addr(address, &event[5]);
73102768SMatthias Ringwald}
73102768SMatthias Ringwald
73102768SMatthias Ringwaldstatic void sm_notify_client_base(uint8_t type, hci_con_handle_t con_handle, uint8_t addr_type, bd_addr_t address){
73102768SMatthias Ringwald    uint8_t event[11];
73102768SMatthias Ringwald    sm_setup_event_base(event, sizeof(event), type, con_handle, addr_type, address);
73102768SMatthias Ringwald    sm_dispatch_event(HCI_EVENT_PACKET, 0, event, sizeof(event));
73102768SMatthias Ringwald}
73102768SMatthias Ringwald
73102768SMatthias Ringwaldstatic void sm_notify_client_index(uint8_t type, hci_con_handle_t con_handle, uint8_t addr_type, bd_addr_t address, uint16_t index){
73102768SMatthias Ringwald    // fetch addr and addr type from db, only called for valid entries
73102768SMatthias Ringwald    bd_addr_t identity_address;
73102768SMatthias Ringwald    int identity_address_type;
73102768SMatthias Ringwald    le_device_db_info(index, &identity_address_type, identity_address, NULL);
73102768SMatthias Ringwald
73102768SMatthias Ringwald    uint8_t event[20];
73102768SMatthias Ringwald    sm_setup_event_base(event, sizeof(event), type, con_handle, addr_type, address);
73102768SMatthias Ringwald    event[11] = identity_address_type;
73102768SMatthias Ringwald    reverse_bd_addr(identity_address, &event[12]);
73102768SMatthias Ringwald    little_endian_store_16(event, 18, index);
73102768SMatthias Ringwald    sm_dispatch_event(HCI_EVENT_PACKET, 0, event, sizeof(event));
73102768SMatthias Ringwald}
73102768SMatthias Ringwald
73102768SMatthias Ringwaldstatic void sm_notify_client_status(uint8_t type, hci_con_handle_t con_handle, uint8_t addr_type, bd_addr_t address, uint8_t status){
73102768SMatthias Ringwald    uint8_t event[12];
73102768SMatthias Ringwald    sm_setup_event_base(event, sizeof(event), type, con_handle, addr_type, address);
73102768SMatthias Ringwald    event[11] = status;
73102768SMatthias Ringwald    sm_dispatch_event(HCI_EVENT_PACKET, 0, (uint8_t*) &event, sizeof(event));
73102768SMatthias Ringwald}
73102768SMatthias Ringwald
73102768SMatthias Ringwald
73102768SMatthias Ringwaldstatic void sm_reencryption_started(sm_connection_t * sm_conn){
73102768SMatthias Ringwald
3ab61f77SMatthias Ringwald    if (sm_conn->sm_reencryption_active) return;
3ab61f77SMatthias Ringwald
7b001f4eSMatthias Ringwald    sm_conn->sm_reencryption_active = true;
73102768SMatthias Ringwald
73102768SMatthias Ringwald    int       identity_addr_type;
73102768SMatthias Ringwald    bd_addr_t identity_addr;
3c0e26deSMatthias Ringwald    if (sm_conn->sm_le_db_index >= 0){
3c0e26deSMatthias Ringwald        // fetch addr and addr type from db, only called for valid entries
73102768SMatthias Ringwald        le_device_db_info(sm_conn->sm_le_db_index, &identity_addr_type, identity_addr, NULL);
3c0e26deSMatthias Ringwald    } else {
3c0e26deSMatthias Ringwald        // for legacy pairing with LTK re-construction, use current peer addr
3c0e26deSMatthias Ringwald        identity_addr_type = sm_conn->sm_peer_addr_type;
d5529700SMatthias Ringwald        // cppcheck-suppress uninitvar ; identity_addr is reported as uninitialized although it's the destination of the memcpy
3c0e26deSMatthias Ringwald        memcpy(identity_addr, sm_conn->sm_peer_address, 6);
3c0e26deSMatthias Ringwald    }
73102768SMatthias Ringwald
73102768SMatthias Ringwald    sm_notify_client_base(SM_EVENT_REENCRYPTION_STARTED, sm_conn->sm_handle, identity_addr_type, identity_addr);
73102768SMatthias Ringwald}
73102768SMatthias Ringwald
73102768SMatthias Ringwaldstatic void sm_reencryption_complete(sm_connection_t * sm_conn, uint8_t status){
73102768SMatthias Ringwald
60be5b21SMatthias Ringwald    if (!sm_conn->sm_reencryption_active) return;
60be5b21SMatthias Ringwald
7b001f4eSMatthias Ringwald    sm_conn->sm_reencryption_active = false;
73102768SMatthias Ringwald
73102768SMatthias Ringwald    int       identity_addr_type;
73102768SMatthias Ringwald    bd_addr_t identity_addr;
3c0e26deSMatthias Ringwald    if (sm_conn->sm_le_db_index >= 0){
3c0e26deSMatthias Ringwald        // fetch addr and addr type from db, only called for valid entries
73102768SMatthias Ringwald        le_device_db_info(sm_conn->sm_le_db_index, &identity_addr_type, identity_addr, NULL);
3c0e26deSMatthias Ringwald    } else {
3c0e26deSMatthias Ringwald        // for legacy pairing with LTK re-construction, use current peer addr
3c0e26deSMatthias Ringwald        identity_addr_type = sm_conn->sm_peer_addr_type;
d5529700SMatthias Ringwald        // cppcheck-suppress uninitvar ; identity_addr is reported as uninitialized although it's the destination of the memcpy
3c0e26deSMatthias Ringwald        memcpy(identity_addr, sm_conn->sm_peer_address, 6);
3c0e26deSMatthias Ringwald    }
73102768SMatthias Ringwald
73102768SMatthias Ringwald    sm_notify_client_status(SM_EVENT_REENCRYPTION_COMPLETE, sm_conn->sm_handle, identity_addr_type, identity_addr, status);
73102768SMatthias Ringwald}
73102768SMatthias Ringwald
d3c12277SMatthias Ringwaldstatic void sm_pairing_started(sm_connection_t * sm_conn){
d3c12277SMatthias Ringwald
d3c12277SMatthias Ringwald    if (sm_conn->sm_pairing_active) return;
d3c12277SMatthias Ringwald
d3c12277SMatthias Ringwald    sm_conn->sm_pairing_active = true;
d3c12277SMatthias Ringwald
d3c12277SMatthias Ringwald    uint8_t event[11];
d3c12277SMatthias Ringwald    sm_setup_event_base(event, sizeof(event), SM_EVENT_PAIRING_STARTED, sm_conn->sm_handle, setup->sm_peer_addr_type, setup->sm_peer_address);
d3c12277SMatthias Ringwald    sm_dispatch_event(HCI_EVENT_PACKET, 0, (uint8_t*) &event, sizeof(event));
d3c12277SMatthias Ringwald}
d3c12277SMatthias Ringwald
0ccf6c9cSMatthias Ringwaldstatic void sm_pairing_complete(sm_connection_t * sm_conn, uint8_t status, uint8_t reason){
f61072f5SMatthias Ringwald
d77906ffSMatthias Ringwald    if (!sm_conn->sm_pairing_active) return;
d77906ffSMatthias Ringwald
69f82ad8SMatthias Ringwald    sm_conn->sm_pairing_active = false;
69f82ad8SMatthias Ringwald
0ccf6c9cSMatthias Ringwald    uint8_t event[13];
0ccf6c9cSMatthias Ringwald    sm_setup_event_base(event, sizeof(event), SM_EVENT_PAIRING_COMPLETE, sm_conn->sm_handle, setup->sm_peer_addr_type, setup->sm_peer_address);
0ccf6c9cSMatthias Ringwald    event[11] = status;
0ccf6c9cSMatthias Ringwald    event[12] = reason;
0ccf6c9cSMatthias Ringwald    sm_dispatch_event(HCI_EVENT_PACKET, 0, (uint8_t*) &event, sizeof(event));
0ccf6c9cSMatthias Ringwald}
0ccf6c9cSMatthias Ringwald
3deb3ec6SMatthias Ringwald// SMP Timeout implementation
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald// Upon transmission of the Pairing Request command or reception of the Pairing Request command,
3deb3ec6SMatthias Ringwald// the Security Manager Timer shall be reset and started.
3deb3ec6SMatthias Ringwald//
3deb3ec6SMatthias Ringwald// The Security Manager Timer shall be reset when an L2CAP SMP command is queued for transmission.
3deb3ec6SMatthias Ringwald//
3deb3ec6SMatthias Ringwald// If the Security Manager Timer reaches 30 seconds, the procedure shall be considered to have failed,
3deb3ec6SMatthias Ringwald// and the local higher layer shall be notified. No further SMP commands shall be sent over the L2CAP
3deb3ec6SMatthias Ringwald// Security Manager Channel. A new SM procedure shall only be performed when a new physical link has been
3deb3ec6SMatthias Ringwald// established.
3deb3ec6SMatthias Ringwald
ec820d77SMatthias Ringwaldstatic void sm_timeout_handler(btstack_timer_source_t * timer){
3deb3ec6SMatthias Ringwald    log_info("SM timeout");
c5b64319SMatthias Ringwald    sm_connection_t * sm_conn = (sm_connection_t*) btstack_run_loop_get_timer_context(timer);
3deb3ec6SMatthias Ringwald    sm_conn->sm_engine_state = SM_GENERAL_TIMEOUT;
68a18fb9SMatthias Ringwald    sm_reencryption_complete(sm_conn, ERROR_CODE_CONNECTION_TIMEOUT);
0ccf6c9cSMatthias Ringwald    sm_pairing_complete(sm_conn, ERROR_CODE_CONNECTION_TIMEOUT, 0);
3deb3ec6SMatthias Ringwald    sm_done_for_handle(sm_conn->sm_handle);
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald    // trigger handling of next ready connection
3deb3ec6SMatthias Ringwald    sm_run();
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwaldstatic void sm_timeout_start(sm_connection_t * sm_conn){
528a4a3bSMatthias Ringwald    btstack_run_loop_remove_timer(&setup->sm_timeout);
91a977e8SMatthias Ringwald    btstack_run_loop_set_timer_context(&setup->sm_timeout, sm_conn);
528a4a3bSMatthias Ringwald    btstack_run_loop_set_timer_handler(&setup->sm_timeout, sm_timeout_handler);
528a4a3bSMatthias Ringwald    btstack_run_loop_set_timer(&setup->sm_timeout, 30000); // 30 seconds sm timeout
528a4a3bSMatthias Ringwald    btstack_run_loop_add_timer(&setup->sm_timeout);
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwaldstatic void sm_timeout_stop(void){
528a4a3bSMatthias Ringwald    btstack_run_loop_remove_timer(&setup->sm_timeout);
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwaldstatic void sm_timeout_reset(sm_connection_t * sm_conn){
3deb3ec6SMatthias Ringwald    sm_timeout_stop();
3deb3ec6SMatthias Ringwald    sm_timeout_start(sm_conn);
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald// end of sm timeout
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald// GAP Random Address updates
3deb3ec6SMatthias Ringwaldstatic gap_random_address_type_t gap_random_adress_type;
ec820d77SMatthias Ringwaldstatic btstack_timer_source_t gap_random_address_update_timer;
3deb3ec6SMatthias Ringwaldstatic uint32_t gap_random_adress_update_period;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwaldstatic void gap_random_address_trigger(void){
899e6e02SMatthias Ringwald    log_info("gap_random_address_trigger, state %u", rau_state);
d1a1f6a4SMatthias Ringwald    if (rau_state != RAU_IDLE) return;
fbd4e238SMatthias Ringwald    rau_state = RAU_GET_RANDOM;
70b44dd4SMatthias Ringwald    sm_trigger_run();
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
ec820d77SMatthias Ringwaldstatic void gap_random_address_update_handler(btstack_timer_source_t * timer){
9ec2630cSMatthias Ringwald    UNUSED(timer);
9ec2630cSMatthias Ringwald
3deb3ec6SMatthias Ringwald    log_info("GAP Random Address Update due");
528a4a3bSMatthias Ringwald    btstack_run_loop_set_timer(&gap_random_address_update_timer, gap_random_adress_update_period);
528a4a3bSMatthias Ringwald    btstack_run_loop_add_timer(&gap_random_address_update_timer);
3deb3ec6SMatthias Ringwald    gap_random_address_trigger();
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwaldstatic void gap_random_address_update_start(void){
528a4a3bSMatthias Ringwald    btstack_run_loop_set_timer_handler(&gap_random_address_update_timer, gap_random_address_update_handler);
528a4a3bSMatthias Ringwald    btstack_run_loop_set_timer(&gap_random_address_update_timer, gap_random_adress_update_period);
528a4a3bSMatthias Ringwald    btstack_run_loop_add_timer(&gap_random_address_update_timer);
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwaldstatic void gap_random_address_update_stop(void){
528a4a3bSMatthias Ringwald    btstack_run_loop_remove_timer(&gap_random_address_update_timer);
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald// ah(k,r) helper
3deb3ec6SMatthias Ringwald// r = padding || r
3deb3ec6SMatthias Ringwald// r - 24 bit value
4a6806f3SMatthias Ringwaldstatic void sm_ah_r_prime(uint8_t r[3], uint8_t * r_prime){
3deb3ec6SMatthias Ringwald    // r'= padding || r
3deb3ec6SMatthias Ringwald    memset(r_prime, 0, 16);
6535961aSMatthias Ringwald    (void)memcpy(&r_prime[13], r, 3);
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald// d1 helper
3deb3ec6SMatthias Ringwald// d' = padding || r || d
3deb3ec6SMatthias Ringwald// d,r - 16 bit values
4a6806f3SMatthias Ringwaldstatic void sm_d1_d_prime(uint16_t d, uint16_t r, uint8_t * d1_prime){
3deb3ec6SMatthias Ringwald    // d'= padding || r || d
3deb3ec6SMatthias Ringwald    memset(d1_prime, 0, 16);
f8fbdce0SMatthias Ringwald    big_endian_store_16(d1_prime, 12, r);
f8fbdce0SMatthias Ringwald    big_endian_store_16(d1_prime, 14, d);
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald// calculate arguments for first AES128 operation in C1 function
4a6806f3SMatthias Ringwaldstatic void sm_c1_t1(sm_key_t r, uint8_t preq[7], uint8_t pres[7], uint8_t iat, uint8_t rat, uint8_t * t1){
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald    // p1 = pres || preq || rat’ || iat’
3deb3ec6SMatthias Ringwald    // "The octet of iat’ becomes the least significant octet of p1 and the most signifi-
3deb3ec6SMatthias Ringwald    // cant octet of pres becomes the most significant octet of p1.
3deb3ec6SMatthias Ringwald    // For example, if the 8-bit iat’ is 0x01, the 8-bit rat’ is 0x00, the 56-bit preq
3deb3ec6SMatthias Ringwald    // is 0x07071000000101 and the 56 bit pres is 0x05000800000302 then
3deb3ec6SMatthias Ringwald    // p1 is 0x05000800000302070710000001010001."
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald    sm_key_t p1;
9c80e4ccSMatthias Ringwald    reverse_56(pres, &p1[0]);
9c80e4ccSMatthias Ringwald    reverse_56(preq, &p1[7]);
3deb3ec6SMatthias Ringwald    p1[14] = rat;
3deb3ec6SMatthias Ringwald    p1[15] = iat;
8314c363SMatthias Ringwald    log_info_key("p1", p1);
8314c363SMatthias Ringwald    log_info_key("r", r);
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald    // t1 = r xor p1
3deb3ec6SMatthias Ringwald    int i;
3deb3ec6SMatthias Ringwald    for (i=0;i<16;i++){
3deb3ec6SMatthias Ringwald        t1[i] = r[i] ^ p1[i];
3deb3ec6SMatthias Ringwald    }
8314c363SMatthias Ringwald    log_info_key("t1", t1);
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald// calculate arguments for second AES128 operation in C1 function
4a6806f3SMatthias Ringwaldstatic void sm_c1_t3(sm_key_t t2, bd_addr_t ia, bd_addr_t ra, uint8_t * t3){
3deb3ec6SMatthias Ringwald     // p2 = padding || ia || ra
3deb3ec6SMatthias Ringwald    // "The least significant octet of ra becomes the least significant octet of p2 and
3deb3ec6SMatthias Ringwald    // the most significant octet of padding becomes the most significant octet of p2.
3deb3ec6SMatthias Ringwald    // For example, if 48-bit ia is 0xA1A2A3A4A5A6 and the 48-bit ra is
3deb3ec6SMatthias Ringwald    // 0xB1B2B3B4B5B6 then p2 is 0x00000000A1A2A3A4A5A6B1B2B3B4B5B6.
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald    sm_key_t p2;
d5529700SMatthias Ringwald    // cppcheck-suppress uninitvar ; p2 is reported as uninitialized
3deb3ec6SMatthias Ringwald    memset(p2, 0, 16);
6535961aSMatthias Ringwald    (void)memcpy(&p2[4], ia, 6);
6535961aSMatthias Ringwald    (void)memcpy(&p2[10], ra, 6);
8314c363SMatthias Ringwald    log_info_key("p2", p2);
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald    // c1 = e(k, t2_xor_p2)
3deb3ec6SMatthias Ringwald    int i;
3deb3ec6SMatthias Ringwald    for (i=0;i<16;i++){
3deb3ec6SMatthias Ringwald        t3[i] = t2[i] ^ p2[i];
3deb3ec6SMatthias Ringwald    }
8314c363SMatthias Ringwald    log_info_key("t3", t3);
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
4a6806f3SMatthias Ringwaldstatic void sm_s1_r_prime(sm_key_t r1, sm_key_t r2, uint8_t * r_prime){
8314c363SMatthias Ringwald    log_info_key("r1", r1);
8314c363SMatthias Ringwald    log_info_key("r2", r2);
6535961aSMatthias Ringwald    (void)memcpy(&r_prime[8], &r2[8], 8);
6535961aSMatthias Ringwald    (void)memcpy(&r_prime[0], &r1[8], 8);
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
fbe050beSMatthias Ringwald
3deb3ec6SMatthias Ringwald// decide on stk generation based on
3deb3ec6SMatthias Ringwald// - pairing request
3deb3ec6SMatthias Ringwald// - io capabilities
3deb3ec6SMatthias Ringwald// - OOB data availability
3deb3ec6SMatthias Ringwaldstatic void sm_setup_tk(void){
3deb3ec6SMatthias Ringwald
8334d3d8SMatthias Ringwald    // horizontal: initiator capabilities
8334d3d8SMatthias Ringwald    // vertial:    responder capabilities
8334d3d8SMatthias Ringwald    static const stk_generation_method_t stk_generation_method [5] [5] = {
8334d3d8SMatthias Ringwald            { JUST_WORKS,      JUST_WORKS,       PK_INIT_INPUT,   JUST_WORKS,    PK_INIT_INPUT },
8334d3d8SMatthias Ringwald            { JUST_WORKS,      JUST_WORKS,       PK_INIT_INPUT,   JUST_WORKS,    PK_INIT_INPUT },
8334d3d8SMatthias Ringwald            { PK_RESP_INPUT,   PK_RESP_INPUT,    PK_BOTH_INPUT,   JUST_WORKS,    PK_RESP_INPUT },
8334d3d8SMatthias Ringwald            { JUST_WORKS,      JUST_WORKS,       JUST_WORKS,      JUST_WORKS,    JUST_WORKS    },
8334d3d8SMatthias Ringwald            { PK_RESP_INPUT,   PK_RESP_INPUT,    PK_INIT_INPUT,   JUST_WORKS,    PK_RESP_INPUT },
8334d3d8SMatthias Ringwald    };
8334d3d8SMatthias Ringwald
8334d3d8SMatthias Ringwald    // uses numeric comparison if one side has DisplayYesNo and KeyboardDisplay combinations
8334d3d8SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
8334d3d8SMatthias Ringwald    static const stk_generation_method_t stk_generation_method_with_secure_connection[5][5] = {
8334d3d8SMatthias Ringwald            { JUST_WORKS,      JUST_WORKS,         PK_INIT_INPUT,   JUST_WORKS,    PK_INIT_INPUT      },
8334d3d8SMatthias Ringwald            { JUST_WORKS,      NUMERIC_COMPARISON, PK_INIT_INPUT,   JUST_WORKS,    NUMERIC_COMPARISON },
8334d3d8SMatthias Ringwald            { PK_RESP_INPUT,   PK_RESP_INPUT,      PK_BOTH_INPUT,   JUST_WORKS,    PK_RESP_INPUT      },
8334d3d8SMatthias Ringwald            { JUST_WORKS,      JUST_WORKS,         JUST_WORKS,      JUST_WORKS,    JUST_WORKS         },
8334d3d8SMatthias Ringwald            { PK_RESP_INPUT,   NUMERIC_COMPARISON, PK_INIT_INPUT,   JUST_WORKS,    NUMERIC_COMPARISON },
8334d3d8SMatthias Ringwald    };
8334d3d8SMatthias Ringwald#endif
8334d3d8SMatthias Ringwald
3deb3ec6SMatthias Ringwald    // default: just works
3deb3ec6SMatthias Ringwald    setup->sm_stk_generation_method = JUST_WORKS;
3deb3ec6SMatthias Ringwald
27c32905SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
27c32905SMatthias Ringwald    setup->sm_use_secure_connections = ( sm_pairing_packet_get_auth_req(setup->sm_m_preq)
27c32905SMatthias Ringwald                                       & sm_pairing_packet_get_auth_req(setup->sm_s_pres)
4ea43905SMatthias Ringwald                                       & SM_AUTHREQ_SECURE_CONNECTION ) != 0u;
27c32905SMatthias Ringwald#else
6777d8fdSMatthias Ringwald    setup->sm_use_secure_connections = false;
27c32905SMatthias Ringwald#endif
98d95509SMatthias Ringwald    log_info("Secure pairing: %u", setup->sm_use_secure_connections);
27c32905SMatthias Ringwald
65a9a04eSMatthias Ringwald
65a9a04eSMatthias Ringwald    // decide if OOB will be used based on SC vs. Legacy and oob flags
1979f09cSMatthias Ringwald    bool use_oob;
65a9a04eSMatthias Ringwald    if (setup->sm_use_secure_connections){
65a9a04eSMatthias Ringwald        // In LE Secure Connections pairing, the out of band method is used if at least
65a9a04eSMatthias Ringwald        // one device has the peer device's out of band authentication data available.
1979f09cSMatthias Ringwald        use_oob = (sm_pairing_packet_get_oob_data_flag(setup->sm_m_preq) | sm_pairing_packet_get_oob_data_flag(setup->sm_s_pres)) != 0;
65a9a04eSMatthias Ringwald    } else {
65a9a04eSMatthias Ringwald        // In LE legacy pairing, the out of band method is used if both the devices have
65a9a04eSMatthias Ringwald        // the other device's out of band authentication data available.
1979f09cSMatthias Ringwald        use_oob = (sm_pairing_packet_get_oob_data_flag(setup->sm_m_preq) & sm_pairing_packet_get_oob_data_flag(setup->sm_s_pres)) != 0;
65a9a04eSMatthias Ringwald    }
65a9a04eSMatthias Ringwald    if (use_oob){
65a9a04eSMatthias Ringwald        log_info("SM: have OOB data");
65a9a04eSMatthias Ringwald        log_info_key("OOB", setup->sm_tk);
65a9a04eSMatthias Ringwald        setup->sm_stk_generation_method = OOB;
65a9a04eSMatthias Ringwald        return;
65a9a04eSMatthias Ringwald    }
65a9a04eSMatthias Ringwald
27c32905SMatthias Ringwald    // If both devices have not set the MITM option in the Authentication Requirements
27c32905SMatthias Ringwald    // Flags, then the IO capabilities shall be ignored and the Just Works association
27c32905SMatthias Ringwald    // model shall be used.
4ea43905SMatthias Ringwald    if (((sm_pairing_packet_get_auth_req(setup->sm_m_preq) & SM_AUTHREQ_MITM_PROTECTION) == 0u)
4ea43905SMatthias Ringwald        &&  ((sm_pairing_packet_get_auth_req(setup->sm_s_pres) & SM_AUTHREQ_MITM_PROTECTION) == 0u)){
27c32905SMatthias Ringwald        log_info("SM: MITM not required by both -> JUST WORKS");
27c32905SMatthias Ringwald        return;
27c32905SMatthias Ringwald    }
27c32905SMatthias Ringwald
3deb3ec6SMatthias Ringwald    // Reset TK as it has been setup in sm_init_setup
3deb3ec6SMatthias Ringwald    sm_reset_tk();
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald    // Also use just works if unknown io capabilites
8da2e96dSMatthias Ringwald    if ((sm_pairing_packet_get_io_capability(setup->sm_m_preq) > IO_CAPABILITY_KEYBOARD_DISPLAY) || (sm_pairing_packet_get_io_capability(setup->sm_s_pres) > IO_CAPABILITY_KEYBOARD_DISPLAY)){
3deb3ec6SMatthias Ringwald        return;
3deb3ec6SMatthias Ringwald    }
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald    // Otherwise the IO capabilities of the devices shall be used to determine the
3deb3ec6SMatthias Ringwald    // pairing method as defined in Table 2.4.
27c32905SMatthias Ringwald    // see http://stackoverflow.com/a/1052837/393697 for how to specify pointer to 2-dimensional array
27c32905SMatthias Ringwald    const stk_generation_method_t (*generation_method)[5] = stk_generation_method;
27c32905SMatthias Ringwald
27c32905SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
c6b7cbd9SMatthias Ringwald    // table not define by default
27c32905SMatthias Ringwald    if (setup->sm_use_secure_connections){
27c32905SMatthias Ringwald        generation_method = stk_generation_method_with_secure_connection;
27c32905SMatthias Ringwald    }
27c32905SMatthias Ringwald#endif
27c32905SMatthias Ringwald    setup->sm_stk_generation_method = generation_method[sm_pairing_packet_get_io_capability(setup->sm_s_pres)][sm_pairing_packet_get_io_capability(setup->sm_m_preq)];
27c32905SMatthias Ringwald
3deb3ec6SMatthias Ringwald    log_info("sm_setup_tk: master io cap: %u, slave io cap: %u -> method %u",
1ad129beSMatthias Ringwald        sm_pairing_packet_get_io_capability(setup->sm_m_preq), sm_pairing_packet_get_io_capability(setup->sm_s_pres), setup->sm_stk_generation_method);
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwaldstatic int sm_key_distribution_flags_for_set(uint8_t key_set){
3deb3ec6SMatthias Ringwald    int flags = 0;
f688bdb8SMatthias Ringwald    if ((key_set & SM_KEYDIST_ENC_KEY) != 0u){
3deb3ec6SMatthias Ringwald        flags |= SM_KEYDIST_FLAG_ENCRYPTION_INFORMATION;
3deb3ec6SMatthias Ringwald        flags |= SM_KEYDIST_FLAG_MASTER_IDENTIFICATION;
3deb3ec6SMatthias Ringwald    }
f688bdb8SMatthias Ringwald    if ((key_set & SM_KEYDIST_ID_KEY) != 0u){
3deb3ec6SMatthias Ringwald        flags |= SM_KEYDIST_FLAG_IDENTITY_INFORMATION;
3deb3ec6SMatthias Ringwald        flags |= SM_KEYDIST_FLAG_IDENTITY_ADDRESS_INFORMATION;
3deb3ec6SMatthias Ringwald    }
f688bdb8SMatthias Ringwald    if ((key_set & SM_KEYDIST_SIGN) != 0u){
3deb3ec6SMatthias Ringwald        flags |= SM_KEYDIST_FLAG_SIGNING_IDENTIFICATION;
3deb3ec6SMatthias Ringwald    }
3deb3ec6SMatthias Ringwald    return flags;
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
9a90d41aSMatthias Ringwaldstatic void sm_setup_key_distribution(uint8_t keys_to_send, uint8_t keys_to_receive){
3deb3ec6SMatthias Ringwald    setup->sm_key_distribution_received_set = 0;
9a90d41aSMatthias Ringwald    setup->sm_key_distribution_expected_set = sm_key_distribution_flags_for_set(keys_to_receive);
9a90d41aSMatthias Ringwald    setup->sm_key_distribution_send_set = sm_key_distribution_flags_for_set(keys_to_send);
715a43d1SMatthias Ringwald    setup->sm_key_distribution_sent_set = 0;
9790be5fSMatthias Ringwald#ifdef ENABLE_LE_SIGNED_WRITE
715a43d1SMatthias Ringwald    setup->sm_le_device_index = -1;
9790be5fSMatthias Ringwald#endif
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald// CSRK Key Lookup
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald
1d80f1e6SMatthias Ringwaldstatic bool sm_address_resolution_idle(void){
3deb3ec6SMatthias Ringwald    return sm_address_resolution_mode == ADDRESS_RESOLUTION_IDLE;
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
711e6c80SMatthias Ringwaldstatic void sm_address_resolution_start_lookup(uint8_t addr_type, hci_con_handle_t con_handle, bd_addr_t addr, address_resolution_mode_t mode, void * context){
6535961aSMatthias Ringwald    (void)memcpy(sm_address_resolution_address, addr, 6);
3deb3ec6SMatthias Ringwald    sm_address_resolution_addr_type = addr_type;
3deb3ec6SMatthias Ringwald    sm_address_resolution_test = 0;
3deb3ec6SMatthias Ringwald    sm_address_resolution_mode = mode;
3deb3ec6SMatthias Ringwald    sm_address_resolution_context = context;
711e6c80SMatthias Ringwald    sm_notify_client_base(SM_EVENT_IDENTITY_RESOLVING_STARTED, con_handle, addr_type, addr);
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwaldint sm_address_resolution_lookup(uint8_t address_type, bd_addr_t address){
3deb3ec6SMatthias Ringwald    // check if already in list
665d90f2SMatthias Ringwald    btstack_linked_list_iterator_t it;
3deb3ec6SMatthias Ringwald    sm_lookup_entry_t * entry;
665d90f2SMatthias Ringwald    btstack_linked_list_iterator_init(&it, &sm_address_resolution_general_queue);
665d90f2SMatthias Ringwald    while(btstack_linked_list_iterator_has_next(&it)){
665d90f2SMatthias Ringwald        entry = (sm_lookup_entry_t *) btstack_linked_list_iterator_next(&it);
3deb3ec6SMatthias Ringwald        if (entry->address_type != address_type) continue;
f688bdb8SMatthias Ringwald        if (memcmp(entry->address, address, 6) != 0)  continue;
3deb3ec6SMatthias Ringwald        // already in list
3deb3ec6SMatthias Ringwald        return BTSTACK_BUSY;
3deb3ec6SMatthias Ringwald    }
3deb3ec6SMatthias Ringwald    entry = btstack_memory_sm_lookup_entry_get();
3deb3ec6SMatthias Ringwald    if (!entry) return BTSTACK_MEMORY_ALLOC_FAILED;
3deb3ec6SMatthias Ringwald    entry->address_type = (bd_addr_type_t) address_type;
6535961aSMatthias Ringwald    (void)memcpy(entry->address, address, 6);
665d90f2SMatthias Ringwald    btstack_linked_list_add(&sm_address_resolution_general_queue, (btstack_linked_item_t *) entry);
70b44dd4SMatthias Ringwald    sm_trigger_run();
3deb3ec6SMatthias Ringwald    return 0;
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
d1a1f6a4SMatthias Ringwald// CMAC calculation using AES Engineq
d1a1f6a4SMatthias Ringwald#ifdef USE_CMAC_ENGINE
514d35fcSMatthias Ringwald
d1a1f6a4SMatthias Ringwaldstatic void sm_cmac_done_trampoline(void * arg){
d1a1f6a4SMatthias Ringwald    UNUSED(arg);
d1a1f6a4SMatthias Ringwald    sm_cmac_active = 0;
d1a1f6a4SMatthias Ringwald    (*sm_cmac_done_callback)(sm_cmac_hash);
70b44dd4SMatthias Ringwald    sm_trigger_run();
3deb3ec6SMatthias Ringwald}
514d35fcSMatthias Ringwald
4dfd504aSMatthias Ringwaldint sm_cmac_ready(void){
4ea43905SMatthias Ringwald    return sm_cmac_active == 0u;
3deb3ec6SMatthias Ringwald}
6d80b495SMatthias Ringwald#endif
3deb3ec6SMatthias Ringwald
6d80b495SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
514d35fcSMatthias Ringwald// generic cmac calculation
d1a1f6a4SMatthias Ringwaldstatic void sm_cmac_message_start(const sm_key_t key, uint16_t message_len, const uint8_t * message, void (*done_callback)(uint8_t * hash)){
d1a1f6a4SMatthias Ringwald    sm_cmac_active = 1;
d1a1f6a4SMatthias Ringwald    sm_cmac_done_callback = done_callback;
d1a1f6a4SMatthias Ringwald    btstack_crypto_aes128_cmac_message(&sm_cmac_request, key, message_len, message, sm_cmac_hash, sm_cmac_done_trampoline, NULL);
3deb3ec6SMatthias Ringwald}
7a766ebfSMatthias Ringwald#endif
3deb3ec6SMatthias Ringwald
514d35fcSMatthias Ringwald// cmac for ATT Message signing
7a766ebfSMatthias Ringwald#ifdef ENABLE_LE_SIGNED_WRITE
d1a1f6a4SMatthias Ringwald
d1a1f6a4SMatthias Ringwaldstatic void sm_cmac_generator_start(const sm_key_t key, uint16_t message_len, uint8_t (*get_byte_callback)(uint16_t offset), void (*done_callback)(uint8_t * hash)){
d1a1f6a4SMatthias Ringwald    sm_cmac_active = 1;
d1a1f6a4SMatthias Ringwald    sm_cmac_done_callback = done_callback;
d1a1f6a4SMatthias Ringwald    btstack_crypto_aes128_cmac_generator(&sm_cmac_request, key, message_len, get_byte_callback, sm_cmac_hash, sm_cmac_done_trampoline, NULL);
d1a1f6a4SMatthias Ringwald}
d1a1f6a4SMatthias Ringwald
4dfd504aSMatthias Ringwaldstatic uint8_t sm_cmac_signed_write_message_get_byte(uint16_t offset){
d1a1f6a4SMatthias Ringwald    if (offset >= sm_cmac_signed_write_message_len) {
d1a1f6a4SMatthias Ringwald        log_error("sm_cmac_signed_write_message_get_byte. out of bounds, access %u, len %u", offset, sm_cmac_signed_write_message_len);
4dfd504aSMatthias Ringwald        return 0;
4dfd504aSMatthias Ringwald    }
4dfd504aSMatthias Ringwald
d1a1f6a4SMatthias Ringwald    offset = sm_cmac_signed_write_message_len - 1 - offset;
4dfd504aSMatthias Ringwald
d1a1f6a4SMatthias Ringwald    // sm_cmac_signed_write_header[3] | message[] | sm_cmac_signed_write_sign_counter[4]
4dfd504aSMatthias Ringwald    if (offset < 3){
d1a1f6a4SMatthias Ringwald        return sm_cmac_signed_write_header[offset];
4dfd504aSMatthias Ringwald    }
d1a1f6a4SMatthias Ringwald    int actual_message_len_incl_header = sm_cmac_signed_write_message_len - 4;
4dfd504aSMatthias Ringwald    if (offset <  actual_message_len_incl_header){
d1a1f6a4SMatthias Ringwald        return sm_cmac_signed_write_message[offset - 3];
4dfd504aSMatthias Ringwald    }
d1a1f6a4SMatthias Ringwald    return sm_cmac_signed_write_sign_counter[offset - actual_message_len_incl_header];
4dfd504aSMatthias Ringwald}
4dfd504aSMatthias Ringwald
4dfd504aSMatthias Ringwaldvoid sm_cmac_signed_write_start(const sm_key_t k, uint8_t opcode, hci_con_handle_t con_handle, uint16_t message_len, const uint8_t * message, uint32_t sign_counter, void (*done_handler)(uint8_t * hash)){
514d35fcSMatthias Ringwald    // ATT Message Signing
d1a1f6a4SMatthias Ringwald    sm_cmac_signed_write_header[0] = opcode;
d1a1f6a4SMatthias Ringwald    little_endian_store_16(sm_cmac_signed_write_header, 1, con_handle);
d1a1f6a4SMatthias Ringwald    little_endian_store_32(sm_cmac_signed_write_sign_counter, 0, sign_counter);
514d35fcSMatthias Ringwald    uint16_t total_message_len = 3 + message_len + 4;  // incl. virtually prepended att opcode, handle and appended sign_counter in LE
d1a1f6a4SMatthias Ringwald    sm_cmac_signed_write_message     = message;
d1a1f6a4SMatthias Ringwald    sm_cmac_signed_write_message_len = total_message_len;
d1a1f6a4SMatthias Ringwald    sm_cmac_generator_start(k, total_message_len, &sm_cmac_signed_write_message_get_byte, done_handler);
3deb3ec6SMatthias Ringwald}
7a766ebfSMatthias Ringwald#endif
3deb3ec6SMatthias Ringwald
ea9b6796SMatthias Ringwaldstatic void sm_trigger_user_response_basic(sm_connection_t * sm_conn, uint8_t event_type){
ea9b6796SMatthias Ringwald    setup->sm_user_response = SM_USER_RESPONSE_PENDING;
5baa755bSMatthias Ringwald    uint8_t event[12];
f6a153d5SMatthias Ringwald    sm_setup_event_base(event, sizeof(event), event_type, sm_conn->sm_handle, sm_conn->sm_peer_addr_type, sm_conn->sm_peer_address);
5baa755bSMatthias Ringwald    event[11] = setup->sm_use_secure_connections ? 1 : 0;
f6a153d5SMatthias Ringwald    sm_dispatch_event(HCI_EVENT_PACKET, 0, event, sizeof(event));
ea9b6796SMatthias Ringwald}
ea9b6796SMatthias Ringwald
74b4d42aSMatthias Ringwaldstatic void sm_trigger_user_response_passkey(sm_connection_t * sm_conn, uint8_t event_type){
5baa755bSMatthias Ringwald    uint8_t event[16];
f6a153d5SMatthias Ringwald    uint32_t passkey = big_endian_read_32(setup->sm_tk, 12);
74b4d42aSMatthias Ringwald    sm_setup_event_base(event, sizeof(event), event_type, sm_conn->sm_handle,
f6a153d5SMatthias Ringwald                        sm_conn->sm_peer_addr_type, sm_conn->sm_peer_address);
5baa755bSMatthias Ringwald    event[11] = setup->sm_use_secure_connections ? 1 : 0;
5baa755bSMatthias Ringwald    little_endian_store_32(event, 12, passkey);
f6a153d5SMatthias Ringwald    sm_dispatch_event(HCI_EVENT_PACKET, 0, event, sizeof(event));
ea9b6796SMatthias Ringwald}
ea9b6796SMatthias Ringwald
3deb3ec6SMatthias Ringwaldstatic void sm_trigger_user_response(sm_connection_t * sm_conn){
446a8c36SMatthias Ringwald    // notify client for: JUST WORKS confirm, Numeric comparison confirm, PASSKEY display or input
3deb3ec6SMatthias Ringwald    setup->sm_user_response = SM_USER_RESPONSE_IDLE;
d77906ffSMatthias Ringwald    sm_conn->sm_pairing_active = true;
3deb3ec6SMatthias Ringwald    switch (setup->sm_stk_generation_method){
3deb3ec6SMatthias Ringwald        case PK_RESP_INPUT:
42134bc6SMatthias Ringwald            if (IS_RESPONDER(sm_conn->sm_role)){
ea9b6796SMatthias Ringwald                sm_trigger_user_response_basic(sm_conn, SM_EVENT_PASSKEY_INPUT_NUMBER);
3deb3ec6SMatthias Ringwald            } else {
74b4d42aSMatthias Ringwald                sm_trigger_user_response_passkey(sm_conn, SM_EVENT_PASSKEY_DISPLAY_NUMBER);
3deb3ec6SMatthias Ringwald            }
3deb3ec6SMatthias Ringwald            break;
3deb3ec6SMatthias Ringwald        case PK_INIT_INPUT:
42134bc6SMatthias Ringwald            if (IS_RESPONDER(sm_conn->sm_role)){
74b4d42aSMatthias Ringwald                sm_trigger_user_response_passkey(sm_conn, SM_EVENT_PASSKEY_DISPLAY_NUMBER);
3deb3ec6SMatthias Ringwald            } else {
ea9b6796SMatthias Ringwald                sm_trigger_user_response_basic(sm_conn, SM_EVENT_PASSKEY_INPUT_NUMBER);
3deb3ec6SMatthias Ringwald            }
3deb3ec6SMatthias Ringwald            break;
47fb4255SMatthias Ringwald        case PK_BOTH_INPUT:
ea9b6796SMatthias Ringwald            sm_trigger_user_response_basic(sm_conn, SM_EVENT_PASSKEY_INPUT_NUMBER);
3deb3ec6SMatthias Ringwald            break;
47fb4255SMatthias Ringwald        case NUMERIC_COMPARISON:
74b4d42aSMatthias Ringwald            sm_trigger_user_response_passkey(sm_conn, SM_EVENT_NUMERIC_COMPARISON_REQUEST);
27c32905SMatthias Ringwald            break;
3deb3ec6SMatthias Ringwald        case JUST_WORKS:
ea9b6796SMatthias Ringwald            sm_trigger_user_response_basic(sm_conn, SM_EVENT_JUST_WORKS_REQUEST);
3deb3ec6SMatthias Ringwald            break;
3deb3ec6SMatthias Ringwald        case OOB:
3deb3ec6SMatthias Ringwald            // client already provided OOB data, let's skip notification.
3deb3ec6SMatthias Ringwald            break;
7bbeb3adSMilanka Ringwald        default:
7bbeb3adSMilanka Ringwald            btstack_assert(false);
7bbeb3adSMilanka Ringwald            break;
3deb3ec6SMatthias Ringwald    }
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
61d1a45eSMatthias Ringwaldstatic bool sm_key_distribution_all_received(void) {
5fa700b1SMatthias Ringwald    log_debug("sm_key_distribution_all_received: received 0x%02x, expecting 0x%02x", setup->sm_key_distribution_received_set, setup->sm_key_distribution_expected_set);
b2296177SMatthias Ringwald    return (setup->sm_key_distribution_expected_set & setup->sm_key_distribution_received_set) == setup->sm_key_distribution_expected_set;
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
711e6c80SMatthias Ringwaldstatic void sm_done_for_handle(hci_con_handle_t con_handle){
7149bde5SMatthias Ringwald    if (sm_active_connection_handle == con_handle){
3deb3ec6SMatthias Ringwald        sm_timeout_stop();
7149bde5SMatthias Ringwald        sm_active_connection_handle = HCI_CON_HANDLE_INVALID;
711e6c80SMatthias Ringwald        log_info("sm: connection 0x%x released setup context", con_handle);
c085d9ffSMatthias Ringwald
c085d9ffSMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
c085d9ffSMatthias Ringwald        // generate new ec key after each pairing (that used it)
c085d9ffSMatthias Ringwald        if (setup->sm_use_secure_connections){
c085d9ffSMatthias Ringwald            sm_ec_generate_new_key();
c085d9ffSMatthias Ringwald        }
c085d9ffSMatthias Ringwald#endif
3deb3ec6SMatthias Ringwald    }
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
7d1c0c3aSMatthias Ringwaldstatic void sm_master_pairing_success(sm_connection_t *connection) {// master -> all done
1dca9d8aSMatthias Ringwald    connection->sm_engine_state = SM_INITIATOR_CONNECTED;
0ccf6c9cSMatthias Ringwald    sm_pairing_complete(connection, ERROR_CODE_SUCCESS, 0);
1dca9d8aSMatthias Ringwald    sm_done_for_handle(connection->sm_handle);
1dca9d8aSMatthias Ringwald}
1dca9d8aSMatthias Ringwald
3deb3ec6SMatthias Ringwaldstatic int sm_key_distribution_flags_for_auth_req(void){
bb09604fSMatthias Ringwald
bb09604fSMatthias Ringwald    int flags = SM_KEYDIST_ID_KEY;
f688bdb8SMatthias Ringwald    if ((sm_auth_req & SM_AUTHREQ_BONDING) != 0u){
bb09604fSMatthias Ringwald        // encryption and signing information only if bonding requested
3deb3ec6SMatthias Ringwald        flags |= SM_KEYDIST_ENC_KEY;
bb09604fSMatthias Ringwald#ifdef ENABLE_LE_SIGNED_WRITE
bb09604fSMatthias Ringwald        flags |= SM_KEYDIST_SIGN;
bb09604fSMatthias Ringwald#endif
7ece0eaaSMatthias Ringwald#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
b2072c76SMatthias Ringwald        // LinkKey for CTKD requires SC and BR/EDR Support
b2072c76SMatthias Ringwald        if (hci_classic_supported() && ((sm_auth_req & SM_AUTHREQ_SECURE_CONNECTION) != 0)){
7ece0eaaSMatthias Ringwald        	flags |= SM_KEYDIST_LINK_KEY;
7ece0eaaSMatthias Ringwald        }
7ece0eaaSMatthias Ringwald#endif
3deb3ec6SMatthias Ringwald    }
3deb3ec6SMatthias Ringwald    return flags;
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
d7471931SMatthias Ringwaldstatic void sm_reset_setup(void){
3deb3ec6SMatthias Ringwald    // fill in sm setup
901c000fSMatthias Ringwald    setup->sm_state_vars = 0;
dd4a08fbSMatthias Ringwald    setup->sm_keypress_notification = 0;
d0ea782aSMatthias Ringwald    setup->sm_have_oob_data = 0;
3deb3ec6SMatthias Ringwald    sm_reset_tk();
d7471931SMatthias Ringwald}
d7471931SMatthias Ringwald
d7471931SMatthias Ringwaldstatic void sm_init_setup(sm_connection_t * sm_conn){
d7471931SMatthias Ringwald    // fill in sm setup
3deb3ec6SMatthias Ringwald    setup->sm_peer_addr_type = sm_conn->sm_peer_addr_type;
6535961aSMatthias Ringwald    (void)memcpy(setup->sm_peer_address, sm_conn->sm_peer_address, 6);
3deb3ec6SMatthias Ringwald
a680ba6bSMatthias Ringwald    // query client for Legacy Pairing OOB data
9305033eSMatthias Ringwald    if (sm_get_oob_data != NULL) {
a680ba6bSMatthias Ringwald        setup->sm_have_oob_data = (*sm_get_oob_data)(sm_conn->sm_peer_addr_type, sm_conn->sm_peer_address, setup->sm_tk);
3deb3ec6SMatthias Ringwald    }
3deb3ec6SMatthias Ringwald
a680ba6bSMatthias Ringwald    // if available and SC supported, also ask for SC OOB Data
a680ba6bSMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
4acf7b7bSMatthias Ringwald    memset(setup->sm_ra, 0, 16);
4acf7b7bSMatthias Ringwald    memset(setup->sm_rb, 0, 16);
a680ba6bSMatthias Ringwald    if (setup->sm_have_oob_data && (sm_auth_req & SM_AUTHREQ_SECURE_CONNECTION)){
9305033eSMatthias Ringwald        if (sm_get_sc_oob_data != NULL){
4acf7b7bSMatthias Ringwald            if (IS_RESPONDER(sm_conn->sm_role)){
a680ba6bSMatthias Ringwald                setup->sm_have_oob_data = (*sm_get_sc_oob_data)(
a680ba6bSMatthias Ringwald                    sm_conn->sm_peer_addr_type,
a680ba6bSMatthias Ringwald                    sm_conn->sm_peer_address,
a680ba6bSMatthias Ringwald                    setup->sm_peer_confirm,
4acf7b7bSMatthias Ringwald                    setup->sm_ra);
4acf7b7bSMatthias Ringwald            } else {
4acf7b7bSMatthias Ringwald                setup->sm_have_oob_data = (*sm_get_sc_oob_data)(
4acf7b7bSMatthias Ringwald                    sm_conn->sm_peer_addr_type,
4acf7b7bSMatthias Ringwald                    sm_conn->sm_peer_address,
4acf7b7bSMatthias Ringwald                    setup->sm_peer_confirm,
4acf7b7bSMatthias Ringwald                    setup->sm_rb);
4acf7b7bSMatthias Ringwald            }
a680ba6bSMatthias Ringwald        } else {
a680ba6bSMatthias Ringwald            setup->sm_have_oob_data = 0;
a680ba6bSMatthias Ringwald        }
a680ba6bSMatthias Ringwald    }
a680ba6bSMatthias Ringwald#endif
a680ba6bSMatthias Ringwald
3deb3ec6SMatthias Ringwald    sm_pairing_packet_t * local_packet;
42134bc6SMatthias Ringwald    if (IS_RESPONDER(sm_conn->sm_role)){
3deb3ec6SMatthias Ringwald        // slave
3deb3ec6SMatthias Ringwald        local_packet = &setup->sm_s_pres;
3deb3ec6SMatthias Ringwald        setup->sm_m_addr_type = sm_conn->sm_peer_addr_type;
d5314cbeSMatthias Ringwald        setup->sm_s_addr_type = sm_conn->sm_own_addr_type;
6535961aSMatthias Ringwald        (void)memcpy(setup->sm_m_address, sm_conn->sm_peer_address, 6);
d5314cbeSMatthias Ringwald        (void)memcpy(setup->sm_s_address, sm_conn->sm_own_address, 6);
3deb3ec6SMatthias Ringwald    } else {
3deb3ec6SMatthias Ringwald        // master
3deb3ec6SMatthias Ringwald        local_packet = &setup->sm_m_preq;
3deb3ec6SMatthias Ringwald        setup->sm_s_addr_type = sm_conn->sm_peer_addr_type;
d5314cbeSMatthias Ringwald        setup->sm_m_addr_type = sm_conn->sm_own_addr_type;
6535961aSMatthias Ringwald        (void)memcpy(setup->sm_s_address, sm_conn->sm_peer_address, 6);
d5314cbeSMatthias Ringwald        (void)memcpy(setup->sm_m_address, sm_conn->sm_own_address, 6);
3deb3ec6SMatthias Ringwald
d0ea782aSMatthias Ringwald        uint8_t key_distribution_flags = sm_key_distribution_flags_for_auth_req();
1ad129beSMatthias Ringwald        sm_pairing_packet_set_initiator_key_distribution(setup->sm_m_preq, key_distribution_flags);
1ad129beSMatthias Ringwald        sm_pairing_packet_set_responder_key_distribution(setup->sm_m_preq, key_distribution_flags);
3deb3ec6SMatthias Ringwald    }
3deb3ec6SMatthias Ringwald
4361507fSMatthias Ringwald    log_info("our  address %s type %u", bd_addr_to_str(sm_conn->sm_own_address), sm_conn->sm_own_addr_type);
4361507fSMatthias Ringwald    log_info("peer address %s type %u", bd_addr_to_str(sm_conn->sm_peer_address), sm_conn->sm_peer_addr_type);
4361507fSMatthias Ringwald
57132f12SMatthias Ringwald    uint8_t auth_req = sm_auth_req & ~SM_AUTHREQ_CT2;
d0ea782aSMatthias Ringwald    uint8_t max_encryption_key_size = sm_max_encryption_key_size;
2c041b42SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
2c041b42SMatthias Ringwald    // enable SC for SC only mode
2c041b42SMatthias Ringwald    if (sm_sc_only_mode){
2c041b42SMatthias Ringwald        auth_req |= SM_AUTHREQ_SECURE_CONNECTION;
d0ea782aSMatthias Ringwald        max_encryption_key_size = 16;
2c041b42SMatthias Ringwald    }
2c041b42SMatthias Ringwald#endif
57132f12SMatthias Ringwald#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
57132f12SMatthias Ringwald	// set CT2 if SC + Bonding + CTKD
57132f12SMatthias Ringwald	const uint8_t auth_req_for_ct2 = SM_AUTHREQ_SECURE_CONNECTION | SM_AUTHREQ_BONDING;
57132f12SMatthias Ringwald	if ((auth_req & auth_req_for_ct2) == auth_req_for_ct2){
57132f12SMatthias Ringwald		auth_req |= SM_AUTHREQ_CT2;
57132f12SMatthias Ringwald	}
57132f12SMatthias Ringwald#endif
1ad129beSMatthias Ringwald    sm_pairing_packet_set_io_capability(*local_packet, sm_io_capabilities);
a680ba6bSMatthias Ringwald    sm_pairing_packet_set_oob_data_flag(*local_packet, setup->sm_have_oob_data);
df86eb96SMatthias Ringwald    sm_pairing_packet_set_auth_req(*local_packet, auth_req);
d0ea782aSMatthias Ringwald    sm_pairing_packet_set_max_encryption_key_size(*local_packet, max_encryption_key_size);
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwaldstatic int sm_stk_generation_init(sm_connection_t * sm_conn){
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald    sm_pairing_packet_t * remote_packet;
9a90d41aSMatthias Ringwald    uint8_t               keys_to_send;
9a90d41aSMatthias Ringwald    uint8_t               keys_to_receive;
42134bc6SMatthias Ringwald    if (IS_RESPONDER(sm_conn->sm_role)){
52f9cf63SMatthias Ringwald        // slave / responder
3deb3ec6SMatthias Ringwald        remote_packet   = &setup->sm_m_preq;
9a90d41aSMatthias Ringwald        keys_to_send    = sm_pairing_packet_get_responder_key_distribution(setup->sm_m_preq);
9a90d41aSMatthias Ringwald        keys_to_receive = sm_pairing_packet_get_initiator_key_distribution(setup->sm_m_preq);
3deb3ec6SMatthias Ringwald    } else {
3deb3ec6SMatthias Ringwald        // master / initiator
3deb3ec6SMatthias Ringwald        remote_packet   = &setup->sm_s_pres;
9a90d41aSMatthias Ringwald        keys_to_send    = sm_pairing_packet_get_initiator_key_distribution(setup->sm_s_pres);
9a90d41aSMatthias Ringwald        keys_to_receive = sm_pairing_packet_get_responder_key_distribution(setup->sm_s_pres);
3deb3ec6SMatthias Ringwald    }
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald    // check key size
2c041b42SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
2c041b42SMatthias Ringwald    // SC Only mandates 128 bit key size
2c041b42SMatthias Ringwald    if (sm_sc_only_mode && (sm_pairing_packet_get_max_encryption_key_size(*remote_packet) < 16)) {
2c041b42SMatthias Ringwald        return SM_REASON_ENCRYPTION_KEY_SIZE;
2c041b42SMatthias Ringwald    }
2c041b42SMatthias Ringwald#endif
1ad129beSMatthias Ringwald    sm_conn->sm_actual_encryption_key_size = sm_calc_actual_encryption_key_size(sm_pairing_packet_get_max_encryption_key_size(*remote_packet));
4ea43905SMatthias Ringwald    if (sm_conn->sm_actual_encryption_key_size == 0u) return SM_REASON_ENCRYPTION_KEY_SIZE;
3deb3ec6SMatthias Ringwald
eddc894fSMatthias Ringwald    // decide on STK generation method / SC
3deb3ec6SMatthias Ringwald    sm_setup_tk();
3deb3ec6SMatthias Ringwald    log_info("SMP: generation method %u", setup->sm_stk_generation_method);
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald    // check if STK generation method is acceptable by client
3deb3ec6SMatthias Ringwald    if (!sm_validate_stk_generation_method()) return SM_REASON_AUTHENTHICATION_REQUIREMENTS;
3deb3ec6SMatthias Ringwald
eddc894fSMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
2c041b42SMatthias Ringwald    // Check LE SC Only mode
3cdbe9dbSMatthias Ringwald    if (sm_sc_only_mode && (setup->sm_use_secure_connections == false)){
3cdbe9dbSMatthias Ringwald        log_info("SC Only mode active but SC not possible");
3cdbe9dbSMatthias Ringwald        return SM_REASON_AUTHENTHICATION_REQUIREMENTS;
3cdbe9dbSMatthias Ringwald    }
3cdbe9dbSMatthias Ringwald
9a90d41aSMatthias Ringwald    // LTK (= encryption information & master identification) only used exchanged for LE Legacy Connection
eddc894fSMatthias Ringwald    if (setup->sm_use_secure_connections){
9a90d41aSMatthias Ringwald        keys_to_send &= ~SM_KEYDIST_ENC_KEY;
9a90d41aSMatthias Ringwald        keys_to_receive  &= ~SM_KEYDIST_ENC_KEY;
eddc894fSMatthias Ringwald    }
eddc894fSMatthias Ringwald#endif
eddc894fSMatthias Ringwald
52f9cf63SMatthias Ringwald    // identical to responder
9a90d41aSMatthias Ringwald    sm_setup_key_distribution(keys_to_send, keys_to_receive);
52f9cf63SMatthias Ringwald
3deb3ec6SMatthias Ringwald    // JUST WORKS doens't provide authentication
c1ab6cc1SMatthias Ringwald    sm_conn->sm_connection_authenticated = (setup->sm_stk_generation_method == JUST_WORKS) ? 0 : 1;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald    return 0;
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwaldstatic void sm_address_resolution_handle_event(address_resolution_event_t event){
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald    // cache and reset context
3deb3ec6SMatthias Ringwald    int matched_device_id = sm_address_resolution_test;
3deb3ec6SMatthias Ringwald    address_resolution_mode_t mode = sm_address_resolution_mode;
3deb3ec6SMatthias Ringwald    void * context = sm_address_resolution_context;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald    // reset context
3deb3ec6SMatthias Ringwald    sm_address_resolution_mode = ADDRESS_RESOLUTION_IDLE;
3deb3ec6SMatthias Ringwald    sm_address_resolution_context = NULL;
3deb3ec6SMatthias Ringwald    sm_address_resolution_test = -1;
3deb3ec6SMatthias Ringwald
45d80b08SMatthias Ringwald    hci_con_handle_t con_handle = HCI_CON_HANDLE_INVALID;
3deb3ec6SMatthias Ringwald    sm_connection_t * sm_connection;
d2e90122SMatthias Ringwald    sm_key_t ltk;
1979f09cSMatthias Ringwald    bool have_ltk;
45d80b08SMatthias Ringwald    int authenticated;
6c44b759SMatthias Ringwald#ifdef ENABLE_LE_CENTRAL
1979f09cSMatthias Ringwald    bool trigger_pairing;
42134bc6SMatthias Ringwald#endif
45d80b08SMatthias Ringwald
3deb3ec6SMatthias Ringwald    switch (mode){
3deb3ec6SMatthias Ringwald        case ADDRESS_RESOLUTION_GENERAL:
3deb3ec6SMatthias Ringwald            break;
3deb3ec6SMatthias Ringwald        case ADDRESS_RESOLUTION_FOR_CONNECTION:
3deb3ec6SMatthias Ringwald            sm_connection = (sm_connection_t *) context;
711e6c80SMatthias Ringwald            con_handle = sm_connection->sm_handle;
6c44b759SMatthias Ringwald
6c44b759SMatthias Ringwald            // have ltk -> start encryption / send security request
6c44b759SMatthias Ringwald            // Core 5, Vol 3, Part C, 10.3.2 Initiating a Service Request
6c44b759SMatthias Ringwald            // "When a bond has been created between two devices, any reconnection should result in the local device
6c44b759SMatthias Ringwald            //  enabling or requesting encryption with the remote device before initiating any service request."
6c44b759SMatthias Ringwald
3deb3ec6SMatthias Ringwald            switch (event){
a66b030fSMatthias Ringwald                case ADDRESS_RESOLUTION_SUCCEEDED:
3deb3ec6SMatthias Ringwald                    sm_connection->sm_irk_lookup_state = IRK_LOOKUP_SUCCEEDED;
3deb3ec6SMatthias Ringwald                    sm_connection->sm_le_db_index = matched_device_id;
a66b030fSMatthias Ringwald                    log_info("ADDRESS_RESOLUTION_SUCCEEDED, index %d", sm_connection->sm_le_db_index);
6c44b759SMatthias Ringwald
2d68601cSMatthias Ringwald                    le_device_db_encryption_get(sm_connection->sm_le_db_index, NULL, NULL, ltk, NULL, &authenticated, NULL, NULL);
6c44b759SMatthias Ringwald                    have_ltk = !sm_is_null_key(ltk);
6c44b759SMatthias Ringwald
f688bdb8SMatthias Ringwald                    if (IS_RESPONDER(sm_connection->sm_role)) {
6c44b759SMatthias Ringwald#ifdef ENABLE_LE_PERIPHERAL
212d735eSMatthias Ringwald                        // IRK required before, continue
6c39055aSMatthias Ringwald                        if (sm_connection->sm_engine_state == SM_RESPONDER_PH0_RECEIVED_LTK_W4_IRK){
6c39055aSMatthias Ringwald                            sm_connection->sm_engine_state = SM_RESPONDER_PH0_RECEIVED_LTK_REQUEST;
6c39055aSMatthias Ringwald                            break;
6c39055aSMatthias Ringwald                        }
434260a1SMatthias Ringwald                        // Pairing request before, continue
212d735eSMatthias Ringwald                        if (sm_connection->sm_engine_state == SM_RESPONDER_PH1_PAIRING_REQUEST_RECEIVED_W4_IRK){
212d735eSMatthias Ringwald                            sm_connection->sm_engine_state = SM_RESPONDER_PH1_PAIRING_REQUEST_RECEIVED;
212d735eSMatthias Ringwald                            break;
212d735eSMatthias Ringwald                        }
728f6757SMatthias Ringwald                        bool trigger_security_request = sm_connection->sm_pairing_requested || sm_slave_request_security;
5f3874afSMatthias Ringwald                        sm_connection->sm_pairing_requested = false;
6c44b759SMatthias Ringwald#ifdef ENABLE_LE_PROACTIVE_AUTHENTICATION
7af5dcd5SMatthias Ringwald                        // trigger security request for Proactive Authentication if LTK available
7af5dcd5SMatthias Ringwald                        trigger_security_request = trigger_security_request || have_ltk;
6c44b759SMatthias Ringwald#endif
7af5dcd5SMatthias Ringwald
7af5dcd5SMatthias Ringwald                        log_info("peripheral: pairing request local %u, have_ltk %u => trigger_security_request %u",
5f3874afSMatthias Ringwald                                 (int) sm_connection->sm_pairing_requested, (int) have_ltk, trigger_security_request);
7af5dcd5SMatthias Ringwald
7af5dcd5SMatthias Ringwald                        if (trigger_security_request){
7af5dcd5SMatthias Ringwald                            sm_connection->sm_engine_state = SM_RESPONDER_SEND_SECURITY_REQUEST;
7af5dcd5SMatthias Ringwald                            if (have_ltk){
7af5dcd5SMatthias Ringwald                                sm_reencryption_started(sm_connection);
7af5dcd5SMatthias Ringwald                            } else {
7af5dcd5SMatthias Ringwald                                sm_pairing_started(sm_connection);
7af5dcd5SMatthias Ringwald                            }
7af5dcd5SMatthias Ringwald                            sm_trigger_run();
6c44b759SMatthias Ringwald                        }
6c44b759SMatthias Ringwald#endif
6c44b759SMatthias Ringwald                    } else {
6c44b759SMatthias Ringwald
42134bc6SMatthias Ringwald#ifdef ENABLE_LE_CENTRAL
6c44b759SMatthias Ringwald                        // check if pairing already requested and reset requests
6c44b759SMatthias Ringwald                        trigger_pairing = sm_connection->sm_pairing_requested || sm_connection->sm_security_request_received;
2d68601cSMatthias Ringwald                        bool auth_required = sm_auth_req & SM_AUTHREQ_MITM_PROTECTION;
2d68601cSMatthias Ringwald
6c44b759SMatthias Ringwald                        log_info("central: pairing request local %u, remote %u => trigger_pairing %u. have_ltk %u",
5f3874afSMatthias Ringwald                                 (int) sm_connection->sm_pairing_requested, (int) sm_connection->sm_security_request_received, (int) trigger_pairing, (int) have_ltk);
0dcaa15fSMatthias Ringwald                        sm_connection->sm_security_request_received = false;
5f3874afSMatthias Ringwald                        sm_connection->sm_pairing_requested = false;
32bc5d65SMatthias Ringwald                        bool trigger_reencryption = false;
c245ca32SMatthias Ringwald
d4af1595SMatthias Ringwald                        if (have_ltk){
2d68601cSMatthias Ringwald                            if (trigger_pairing){
2d68601cSMatthias Ringwald                                // if pairing is requested, re-encryption is sufficient, if ltk is already authenticated or we don't require authentication
2d68601cSMatthias Ringwald                                trigger_reencryption = (authenticated != 0) || (auth_required == false);
2d68601cSMatthias Ringwald                            } else {
6a43f611SMatthias Ringwald#ifdef ENABLE_LE_PROACTIVE_AUTHENTICATION
b187cc61SMatthias Ringwald                                trigger_reencryption = true;
32bc5d65SMatthias Ringwald#else
32bc5d65SMatthias Ringwald                                log_info("central: defer enabling encryption for bonded device");
32bc5d65SMatthias Ringwald#endif
32bc5d65SMatthias Ringwald                            }
2d68601cSMatthias Ringwald                        }
32bc5d65SMatthias Ringwald
32bc5d65SMatthias Ringwald                        if (trigger_reencryption){
6c44b759SMatthias Ringwald                            log_info("central: enable encryption for bonded device");
5567aa60SMatthias Ringwald                            sm_connection->sm_engine_state = SM_INITIATOR_PH4_HAS_LTK;
d4af1595SMatthias Ringwald                            break;
d4af1595SMatthias Ringwald                        }
6c44b759SMatthias Ringwald
6c44b759SMatthias Ringwald                        // pairing_request -> send pairing request
6c44b759SMatthias Ringwald                        if (trigger_pairing){
3deb3ec6SMatthias Ringwald                            sm_connection->sm_engine_state = SM_INITIATOR_PH1_W2_SEND_PAIRING_REQUEST;
d4af1595SMatthias Ringwald                            break;
3deb3ec6SMatthias Ringwald                        }
42134bc6SMatthias Ringwald#endif
298ab52bSMatthias Ringwald                    }
3deb3ec6SMatthias Ringwald                    break;
3deb3ec6SMatthias Ringwald                case ADDRESS_RESOLUTION_FAILED:
3deb3ec6SMatthias Ringwald                    sm_connection->sm_irk_lookup_state = IRK_LOOKUP_FAILED;
f688bdb8SMatthias Ringwald                    if (IS_RESPONDER(sm_connection->sm_role)) {
7af5dcd5SMatthias Ringwald#ifdef ENABLE_LE_PERIPHERAL
6c39055aSMatthias Ringwald                        // LTK request received before, IRK required -> negative LTK reply
6c39055aSMatthias Ringwald                        if (sm_connection->sm_engine_state == SM_RESPONDER_PH0_RECEIVED_LTK_W4_IRK){
6c39055aSMatthias Ringwald                            sm_connection->sm_engine_state = SM_RESPONDER_PH0_SEND_LTK_REQUESTED_NEGATIVE_REPLY;
6c39055aSMatthias Ringwald                        }
434260a1SMatthias Ringwald                        // Pairing request before, continue
434260a1SMatthias Ringwald                        if (sm_connection->sm_engine_state == SM_RESPONDER_PH1_PAIRING_REQUEST_RECEIVED_W4_IRK){
434260a1SMatthias Ringwald                            sm_connection->sm_engine_state = SM_RESPONDER_PH1_PAIRING_REQUEST_RECEIVED;
434260a1SMatthias Ringwald                            break;
434260a1SMatthias Ringwald                        }
7af5dcd5SMatthias Ringwald                        // send security request if requested
728f6757SMatthias Ringwald                        bool trigger_security_request = sm_connection->sm_pairing_requested || sm_slave_request_security;
5f3874afSMatthias Ringwald                        sm_connection->sm_pairing_requested = false;
7af5dcd5SMatthias Ringwald                        if (trigger_security_request){
7af5dcd5SMatthias Ringwald                            sm_connection->sm_engine_state = SM_RESPONDER_SEND_SECURITY_REQUEST;
7af5dcd5SMatthias Ringwald                            sm_pairing_started(sm_connection);
7af5dcd5SMatthias Ringwald                        }
6c39055aSMatthias Ringwald                        break;
7af5dcd5SMatthias Ringwald#endif
6c39055aSMatthias Ringwald                    }
42134bc6SMatthias Ringwald#ifdef ENABLE_LE_CENTRAL
5f3874afSMatthias Ringwald                    if ((sm_connection->sm_pairing_requested == false) && (sm_connection->sm_security_request_received == false)) break;
0dcaa15fSMatthias Ringwald                    sm_connection->sm_security_request_received = false;
5f3874afSMatthias Ringwald                    sm_connection->sm_pairing_requested = false;
3deb3ec6SMatthias Ringwald                    sm_connection->sm_engine_state = SM_INITIATOR_PH1_W2_SEND_PAIRING_REQUEST;
42134bc6SMatthias Ringwald#endif
3deb3ec6SMatthias Ringwald                    break;
7bbeb3adSMilanka Ringwald
7bbeb3adSMilanka Ringwald                default:
7bbeb3adSMilanka Ringwald                    btstack_assert(false);
7bbeb3adSMilanka Ringwald                    break;
3deb3ec6SMatthias Ringwald            }
3deb3ec6SMatthias Ringwald            break;
3deb3ec6SMatthias Ringwald        default:
3deb3ec6SMatthias Ringwald            break;
3deb3ec6SMatthias Ringwald    }
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald    switch (event){
a66b030fSMatthias Ringwald        case ADDRESS_RESOLUTION_SUCCEEDED:
711e6c80SMatthias Ringwald            sm_notify_client_index(SM_EVENT_IDENTITY_RESOLVING_SUCCEEDED, con_handle, sm_address_resolution_addr_type, sm_address_resolution_address, matched_device_id);
3deb3ec6SMatthias Ringwald            break;
3deb3ec6SMatthias Ringwald        case ADDRESS_RESOLUTION_FAILED:
711e6c80SMatthias Ringwald            sm_notify_client_base(SM_EVENT_IDENTITY_RESOLVING_FAILED, con_handle, sm_address_resolution_addr_type, sm_address_resolution_address);
3deb3ec6SMatthias Ringwald            break;
7bbeb3adSMilanka Ringwald        default:
7bbeb3adSMilanka Ringwald            btstack_assert(false);
7bbeb3adSMilanka Ringwald            break;
3deb3ec6SMatthias Ringwald    }
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
55f09f49SMatthias Ringwaldstatic void sm_store_bonding_information(sm_connection_t * sm_conn){
3deb3ec6SMatthias Ringwald    int le_db_index = -1;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald    // lookup device based on IRK
f688bdb8SMatthias Ringwald    if ((setup->sm_key_distribution_received_set & SM_KEYDIST_FLAG_IDENTITY_INFORMATION) != 0u){
3deb3ec6SMatthias Ringwald        int i;
092ec58eSMatthias Ringwald        for (i=0; i < le_device_db_max_count(); i++){
3deb3ec6SMatthias Ringwald            sm_key_t irk;
3deb3ec6SMatthias Ringwald            bd_addr_t address;
c7e2c1a5SMatthias Ringwald            int address_type = BD_ADDR_TYPE_UNKNOWN;
3deb3ec6SMatthias Ringwald            le_device_db_info(i, &address_type, address, irk);
adf5eaa9SMatthias Ringwald            // skip unused entries
c7e2c1a5SMatthias Ringwald            if (address_type == BD_ADDR_TYPE_UNKNOWN) continue;
11d10bdaSMatthias Ringwald            // compare Identity Address
11d10bdaSMatthias Ringwald            if (memcmp(address, setup->sm_peer_address, 6) != 0) continue;
11d10bdaSMatthias Ringwald            // compare Identity Resolving Key
c7e2c1a5SMatthias Ringwald            if (memcmp(irk, setup->sm_peer_irk, 16) != 0) continue;
c7e2c1a5SMatthias Ringwald
3deb3ec6SMatthias Ringwald            log_info("sm: device found for IRK, updating");
3deb3ec6SMatthias Ringwald            le_db_index = i;
3deb3ec6SMatthias Ringwald            break;
3deb3ec6SMatthias Ringwald        }
c7e2c1a5SMatthias Ringwald    } else {
c7e2c1a5SMatthias Ringwald        // assert IRK is set to zero
c7e2c1a5SMatthias Ringwald        memset(setup->sm_peer_irk, 0, 16);
3deb3ec6SMatthias Ringwald    }
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald    // if not found, lookup via public address if possible
3deb3ec6SMatthias Ringwald    log_info("sm peer addr type %u, peer addres %s", setup->sm_peer_addr_type, bd_addr_to_str(setup->sm_peer_address));
c1ab6cc1SMatthias Ringwald    if ((le_db_index < 0) && (setup->sm_peer_addr_type == BD_ADDR_TYPE_LE_PUBLIC)){
3deb3ec6SMatthias Ringwald        int i;
092ec58eSMatthias Ringwald        for (i=0; i < le_device_db_max_count(); i++){
3deb3ec6SMatthias Ringwald            bd_addr_t address;
adf5eaa9SMatthias Ringwald            int address_type = BD_ADDR_TYPE_UNKNOWN;
3deb3ec6SMatthias Ringwald            le_device_db_info(i, &address_type, address, NULL);
adf5eaa9SMatthias Ringwald            // skip unused entries
adf5eaa9SMatthias Ringwald            if (address_type == BD_ADDR_TYPE_UNKNOWN) continue;
3deb3ec6SMatthias Ringwald            log_info("device %u, sm peer addr type %u, peer addres %s", i, address_type, bd_addr_to_str(address));
5df9dc78SMatthias Ringwald            if ((address_type == BD_ADDR_TYPE_LE_PUBLIC) && (memcmp(address, setup->sm_peer_address, 6) == 0)){
3deb3ec6SMatthias Ringwald                log_info("sm: device found for public address, updating");
3deb3ec6SMatthias Ringwald                le_db_index = i;
3deb3ec6SMatthias Ringwald                break;
3deb3ec6SMatthias Ringwald            }
3deb3ec6SMatthias Ringwald        }
3deb3ec6SMatthias Ringwald    }
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald    // if not found, add to db
02b02cffSMatthias Ringwald    bool new_to_le_device_db = false;
3deb3ec6SMatthias Ringwald    if (le_db_index < 0) {
3deb3ec6SMatthias Ringwald        le_db_index = le_device_db_add(setup->sm_peer_addr_type, setup->sm_peer_address, setup->sm_peer_irk);
02b02cffSMatthias Ringwald        new_to_le_device_db = true;
3deb3ec6SMatthias Ringwald    }
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald    if (le_db_index >= 0){
3deb3ec6SMatthias Ringwald
02b02cffSMatthias Ringwald#ifdef ENABLE_LE_PRIVACY_ADDRESS_RESOLUTION
02b02cffSMatthias Ringwald        if (!new_to_le_device_db){
02b02cffSMatthias Ringwald            hci_remove_le_device_db_entry_from_resolving_list(le_db_index);
02b02cffSMatthias Ringwald        }
02b02cffSMatthias Ringwald        hci_load_le_device_db_entry_into_resolving_list(le_db_index);
02b02cffSMatthias Ringwald#else
02b02cffSMatthias Ringwald        UNUSED(new_to_le_device_db);
02b02cffSMatthias Ringwald#endif
02b02cffSMatthias Ringwald
48163929SMatthias Ringwald        sm_notify_client_index(SM_EVENT_IDENTITY_CREATED, sm_conn->sm_handle, setup->sm_peer_addr_type, setup->sm_peer_address, le_db_index);
e1086030SMatthias Ringwald        sm_conn->sm_irk_lookup_state = IRK_LOOKUP_SUCCEEDED;
7710ebd2SMatthias Ringwald        sm_conn->sm_le_db_index = le_db_index;
48163929SMatthias Ringwald
eda85fbfSMatthias Ringwald#ifdef ENABLE_LE_SIGNED_WRITE
3deb3ec6SMatthias Ringwald        // store local CSRK
715a43d1SMatthias Ringwald        setup->sm_le_device_index = le_db_index;
715a43d1SMatthias Ringwald        if ((setup->sm_key_distribution_sent_set) & SM_KEYDIST_FLAG_SIGNING_IDENTIFICATION){
3deb3ec6SMatthias Ringwald            log_info("sm: store local CSRK");
3deb3ec6SMatthias Ringwald            le_device_db_local_csrk_set(le_db_index, setup->sm_local_csrk);
3deb3ec6SMatthias Ringwald            le_device_db_local_counter_set(le_db_index, 0);
3deb3ec6SMatthias Ringwald        }
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald        // store remote CSRK
3deb3ec6SMatthias Ringwald        if (setup->sm_key_distribution_received_set & SM_KEYDIST_FLAG_SIGNING_IDENTIFICATION){
3deb3ec6SMatthias Ringwald            log_info("sm: store remote CSRK");
3deb3ec6SMatthias Ringwald            le_device_db_remote_csrk_set(le_db_index, setup->sm_peer_csrk);
3deb3ec6SMatthias Ringwald            le_device_db_remote_counter_set(le_db_index, 0);
3deb3ec6SMatthias Ringwald        }
eda85fbfSMatthias Ringwald#endif
78f44163SMatthias Ringwald        // store encryption information for secure connections: LTK generated by ECDH
78f44163SMatthias Ringwald        if (setup->sm_use_secure_connections){
e6343eb6SMatthias Ringwald            log_info("sm: store SC LTK (key size %u, authenticated %u)", sm_conn->sm_actual_encryption_key_size, sm_conn->sm_connection_authenticated);
78f44163SMatthias Ringwald            uint8_t zero_rand[8];
78f44163SMatthias Ringwald            memset(zero_rand, 0, 8);
78f44163SMatthias Ringwald            le_device_db_encryption_set(le_db_index, 0, zero_rand, setup->sm_ltk, sm_conn->sm_actual_encryption_key_size,
3dc3a67dSMatthias Ringwald                                        sm_conn->sm_connection_authenticated, sm_conn->sm_connection_authorization_state == AUTHORIZATION_GRANTED, 1);
78f44163SMatthias Ringwald        }
78f44163SMatthias Ringwald
e6343eb6SMatthias Ringwald        // store encryption information for legacy pairing: peer LTK, EDIV, RAND
78f44163SMatthias Ringwald        else if ( (setup->sm_key_distribution_received_set & SM_KEYDIST_FLAG_ENCRYPTION_INFORMATION)
78f44163SMatthias Ringwald        && (setup->sm_key_distribution_received_set & SM_KEYDIST_FLAG_MASTER_IDENTIFICATION )){
e6343eb6SMatthias Ringwald            log_info("sm: set encryption information (key size %u, authenticated %u)", sm_conn->sm_actual_encryption_key_size, sm_conn->sm_connection_authenticated);
3deb3ec6SMatthias Ringwald            le_device_db_encryption_set(le_db_index, setup->sm_peer_ediv, setup->sm_peer_rand, setup->sm_peer_ltk,
3dc3a67dSMatthias Ringwald                                        sm_conn->sm_actual_encryption_key_size, sm_conn->sm_connection_authenticated, sm_conn->sm_connection_authorization_state == AUTHORIZATION_GRANTED, 0);
78f44163SMatthias Ringwald
3deb3ec6SMatthias Ringwald        }
3deb3ec6SMatthias Ringwald    }
55f09f49SMatthias Ringwald}
55f09f49SMatthias Ringwald
8980298aSMatthias Ringwaldstatic void sm_pairing_error(sm_connection_t * sm_conn, uint8_t reason){
8980298aSMatthias Ringwald    sm_conn->sm_pairing_failed_reason = reason;
8980298aSMatthias Ringwald    sm_conn->sm_engine_state = SM_GENERAL_SEND_PAIRING_FAILED;
8980298aSMatthias Ringwald}
8980298aSMatthias Ringwald
22cb578bSMatthias Ringwaldstatic int sm_le_device_db_index_lookup(bd_addr_type_t address_type, bd_addr_t address){
1a55487aSMatthias Ringwald    int i;
1a55487aSMatthias Ringwald    for (i=0; i < le_device_db_max_count(); i++){
22cb578bSMatthias Ringwald        bd_addr_t db_address;
22cb578bSMatthias Ringwald        int db_address_type = BD_ADDR_TYPE_UNKNOWN;
22cb578bSMatthias Ringwald        le_device_db_info(i, &db_address_type, db_address, NULL);
1a55487aSMatthias Ringwald        // skip unused entries
1a55487aSMatthias Ringwald        if (address_type == BD_ADDR_TYPE_UNKNOWN) continue;
3548b7cbSDirk Helbig        if ((address_type == (unsigned int)db_address_type) && (memcmp(address, db_address, 6) == 0)){
1a55487aSMatthias Ringwald            return i;
1a55487aSMatthias Ringwald        }
1a55487aSMatthias Ringwald    }
1a55487aSMatthias Ringwald    return -1;
1a55487aSMatthias Ringwald}
1a55487aSMatthias Ringwald
2e08b70bSMatthias Ringwaldstatic void sm_remove_le_device_db_entry(uint16_t i) {
2e08b70bSMatthias Ringwald    le_device_db_remove(i);
672dc582SMatthias Ringwald#ifdef ENABLE_LE_PRIVACY_ADDRESS_RESOLUTION
672dc582SMatthias Ringwald    // to remove an entry from the resolving list requires its identity address, which was already deleted
672dc582SMatthias Ringwald    // fully reload resolving list instead
672dc582SMatthias Ringwald    gap_load_resolving_list_from_le_device_db();
672dc582SMatthias Ringwald#endif
2e08b70bSMatthias Ringwald}
2e08b70bSMatthias Ringwald
8980298aSMatthias Ringwaldstatic uint8_t sm_key_distribution_validate_received(sm_connection_t * sm_conn){
cc95824cSDirk Helbig    UNUSED(sm_conn);
cc95824cSDirk Helbig
1a55487aSMatthias Ringwald    // if identity is provided, abort if we have bonding with same address but different irk
f688bdb8SMatthias Ringwald    if ((setup->sm_key_distribution_received_set & SM_KEYDIST_FLAG_IDENTITY_INFORMATION) != 0u){
22cb578bSMatthias Ringwald        int index = sm_le_device_db_index_lookup(BD_ADDR_TYPE_LE_PUBLIC, setup->sm_peer_address);
1a55487aSMatthias Ringwald        if (index >= 0){
1a55487aSMatthias Ringwald            sm_key_t irk;
1a55487aSMatthias Ringwald            le_device_db_info(index, NULL, NULL, irk);
1a55487aSMatthias Ringwald            if (memcmp(irk, setup->sm_peer_irk, 16) != 0){
1a55487aSMatthias Ringwald                // IRK doesn't match, delete bonding information
1a55487aSMatthias Ringwald                log_info("New IRK for %s (type %u) does not match stored IRK -> delete bonding information", bd_addr_to_str(sm_conn->sm_peer_address), sm_conn->sm_peer_addr_type);
9202d845SMatthias Ringwald                sm_remove_le_device_db_entry(index);
1a55487aSMatthias Ringwald            }
1a55487aSMatthias Ringwald        }
1a55487aSMatthias Ringwald    }
8980298aSMatthias Ringwald    return 0;
8980298aSMatthias Ringwald}
8980298aSMatthias Ringwald
55f09f49SMatthias Ringwaldstatic void sm_key_distribution_handle_all_received(sm_connection_t * sm_conn){
55f09f49SMatthias Ringwald
8980298aSMatthias Ringwald    // abort pairing if received keys are not valid
8980298aSMatthias Ringwald    uint8_t reason = sm_key_distribution_validate_received(sm_conn);
8980298aSMatthias Ringwald    if (reason != 0){
8980298aSMatthias Ringwald        sm_pairing_error(sm_conn, reason);
8980298aSMatthias Ringwald        return;
8980298aSMatthias Ringwald    }
8980298aSMatthias Ringwald
55f09f49SMatthias Ringwald    // only store pairing information if both sides are bondable, i.e., the bonadble flag is set
55f09f49SMatthias Ringwald    bool bonding_enabled = (sm_pairing_packet_get_auth_req(setup->sm_m_preq)
55f09f49SMatthias Ringwald                            & sm_pairing_packet_get_auth_req(setup->sm_s_pres)
55f09f49SMatthias Ringwald                            & SM_AUTHREQ_BONDING ) != 0u;
55f09f49SMatthias Ringwald
55f09f49SMatthias Ringwald    if (bonding_enabled){
55f09f49SMatthias Ringwald        sm_store_bonding_information(sm_conn);
27ef8bc8SMatthias Ringwald    } else {
27ef8bc8SMatthias Ringwald        log_info("Ignoring received keys, bonding not enabled");
27ef8bc8SMatthias Ringwald    }
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
688a08f9SMatthias Ringwaldstatic inline void sm_pdu_received_in_wrong_state(sm_connection_t * sm_conn){
688a08f9SMatthias Ringwald    sm_pairing_error(sm_conn, SM_REASON_UNSPECIFIED_REASON);
688a08f9SMatthias Ringwald}
688a08f9SMatthias Ringwald
9af0f475SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
688a08f9SMatthias Ringwald
dc300847SMatthias Ringwaldstatic void sm_sc_prepare_dhkey_check(sm_connection_t * sm_conn);
1d80f1e6SMatthias Ringwaldstatic bool sm_passkey_used(stk_generation_method_t method);
1d80f1e6SMatthias Ringwaldstatic bool sm_just_works_or_numeric_comparison(stk_generation_method_t method);
2419120aSMatthias Ringwaldstatic void sm_sc_generate_nx_for_send_random(sm_connection_t * sm_conn);
dc300847SMatthias Ringwald
b35a3de2SMatthias Ringwaldstatic void sm_sc_start_calculating_local_confirm(sm_connection_t * sm_conn){
b90c4e75SMatthias Ringwald    if (setup->sm_stk_generation_method == OOB){
1f9d84e9SMatthias Ringwald        sm_conn->sm_engine_state = SM_SC_W2_CMAC_FOR_CONFIRMATION;
b90c4e75SMatthias Ringwald    } else {
b90c4e75SMatthias Ringwald        btstack_crypto_random_generate(&sm_crypto_random_request, setup->sm_local_nonce, 16, &sm_handle_random_result_sc_next_w2_cmac_for_confirmation, (void *)(uintptr_t) sm_conn->sm_handle);
b35a3de2SMatthias Ringwald    }
b35a3de2SMatthias Ringwald}
b35a3de2SMatthias Ringwald
688a08f9SMatthias Ringwaldstatic void sm_sc_state_after_receiving_random(sm_connection_t * sm_conn){
42134bc6SMatthias Ringwald    if (IS_RESPONDER(sm_conn->sm_role)){
688a08f9SMatthias Ringwald        // Responder
4acf7b7bSMatthias Ringwald        if (setup->sm_stk_generation_method == OOB){
2419120aSMatthias Ringwald            sm_sc_generate_nx_for_send_random(sm_conn);
4acf7b7bSMatthias Ringwald        } else {
688a08f9SMatthias Ringwald            sm_conn->sm_engine_state = SM_SC_SEND_PAIRING_RANDOM;
4acf7b7bSMatthias Ringwald        }
688a08f9SMatthias Ringwald    } else {
688a08f9SMatthias Ringwald        // Initiator role
688a08f9SMatthias Ringwald        switch (setup->sm_stk_generation_method){
688a08f9SMatthias Ringwald            case JUST_WORKS:
dc300847SMatthias Ringwald                sm_sc_prepare_dhkey_check(sm_conn);
688a08f9SMatthias Ringwald                break;
688a08f9SMatthias Ringwald
47fb4255SMatthias Ringwald            case NUMERIC_COMPARISON:
bd57ffebSMatthias Ringwald                sm_conn->sm_engine_state = SM_SC_W2_CALCULATE_G2;
688a08f9SMatthias Ringwald                break;
688a08f9SMatthias Ringwald            case PK_INIT_INPUT:
688a08f9SMatthias Ringwald            case PK_RESP_INPUT:
47fb4255SMatthias Ringwald            case PK_BOTH_INPUT:
4ea43905SMatthias Ringwald                if (setup->sm_passkey_bit < 20u) {
b35a3de2SMatthias Ringwald                    sm_sc_start_calculating_local_confirm(sm_conn);
688a08f9SMatthias Ringwald                } else {
dc300847SMatthias Ringwald                    sm_sc_prepare_dhkey_check(sm_conn);
688a08f9SMatthias Ringwald                }
688a08f9SMatthias Ringwald                break;
688a08f9SMatthias Ringwald            case OOB:
65a9a04eSMatthias Ringwald                sm_sc_prepare_dhkey_check(sm_conn);
688a08f9SMatthias Ringwald                break;
7bbeb3adSMilanka Ringwald            default:
7bbeb3adSMilanka Ringwald                btstack_assert(false);
7bbeb3adSMilanka Ringwald                break;
688a08f9SMatthias Ringwald        }
688a08f9SMatthias Ringwald    }
688a08f9SMatthias Ringwald}
688a08f9SMatthias Ringwald
aec94140SMatthias Ringwaldstatic void sm_sc_cmac_done(uint8_t * hash){
688a08f9SMatthias Ringwald    log_info("sm_sc_cmac_done: ");
688a08f9SMatthias Ringwald    log_info_hexdump(hash, 16);
688a08f9SMatthias Ringwald
c59d0c92SMatthias Ringwald    if (sm_sc_oob_state == SM_SC_OOB_W4_CONFIRM){
c59d0c92SMatthias Ringwald        sm_sc_oob_state = SM_SC_OOB_IDLE;
a680ba6bSMatthias Ringwald        (*sm_sc_oob_callback)(hash, sm_sc_oob_random);
c59d0c92SMatthias Ringwald        return;
c59d0c92SMatthias Ringwald    }
c59d0c92SMatthias Ringwald
bd57ffebSMatthias Ringwald    sm_connection_t * sm_conn = sm_cmac_connection;
bd57ffebSMatthias Ringwald    sm_cmac_connection = NULL;
6857ad8fSMatthias Ringwald#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
2bacf595SMatthias Ringwald    link_key_type_t link_key_type;
b4f65634SMatthias Ringwald#endif
bd57ffebSMatthias Ringwald
bd57ffebSMatthias Ringwald    switch (sm_conn->sm_engine_state){
aec94140SMatthias Ringwald        case SM_SC_W4_CMAC_FOR_CONFIRMATION:
6535961aSMatthias Ringwald            (void)memcpy(setup->sm_local_confirm, hash, 16);
bd57ffebSMatthias Ringwald            sm_conn->sm_engine_state = SM_SC_SEND_CONFIRMATION;
aec94140SMatthias Ringwald            break;
688a08f9SMatthias Ringwald        case SM_SC_W4_CMAC_FOR_CHECK_CONFIRMATION:
688a08f9SMatthias Ringwald            // check
688a08f9SMatthias Ringwald            if (0 != memcmp(hash, setup->sm_peer_confirm, 16)){
bd57ffebSMatthias Ringwald                sm_pairing_error(sm_conn, SM_REASON_CONFIRM_VALUE_FAILED);
688a08f9SMatthias Ringwald                break;
688a08f9SMatthias Ringwald            }
2419120aSMatthias Ringwald            // for OOB, C is verified before generating and sending random Nonce
2419120aSMatthias Ringwald            if (setup->sm_stk_generation_method == OOB){
2419120aSMatthias Ringwald                sm_sc_generate_nx_for_send_random(sm_conn);
2419120aSMatthias Ringwald            } else {
bd57ffebSMatthias Ringwald                sm_sc_state_after_receiving_random(sm_conn);
2419120aSMatthias Ringwald            }
688a08f9SMatthias Ringwald            break;
901c000fSMatthias Ringwald        case SM_SC_W4_CALCULATE_G2: {
901c000fSMatthias Ringwald            uint32_t vab = big_endian_read_32(hash, 12) % 1000000;
901c000fSMatthias Ringwald            big_endian_store_32(setup->sm_tk, 12, vab);
901c000fSMatthias Ringwald            sm_conn->sm_engine_state = SM_SC_W4_USER_RESPONSE;
901c000fSMatthias Ringwald            sm_trigger_user_response(sm_conn);
019005a0SMatthias Ringwald            break;
019005a0SMatthias Ringwald        }
0346c37cSMatthias Ringwald        case SM_SC_W4_CALCULATE_F5_SALT:
6535961aSMatthias Ringwald            (void)memcpy(setup->sm_t, hash, 16);
bd57ffebSMatthias Ringwald            sm_conn->sm_engine_state = SM_SC_W2_CALCULATE_F5_MACKEY;
0346c37cSMatthias Ringwald            break;
0346c37cSMatthias Ringwald        case SM_SC_W4_CALCULATE_F5_MACKEY:
6535961aSMatthias Ringwald            (void)memcpy(setup->sm_mackey, hash, 16);
bd57ffebSMatthias Ringwald            sm_conn->sm_engine_state = SM_SC_W2_CALCULATE_F5_LTK;
0346c37cSMatthias Ringwald            break;
0346c37cSMatthias Ringwald        case SM_SC_W4_CALCULATE_F5_LTK:
b18300a6SMatthias Ringwald            // truncate sm_ltk, but keep full LTK for cross-transport key derivation in sm_local_ltk
b18300a6SMatthias Ringwald            // Errata Service Release to the Bluetooth Specification: ESR09
b18300a6SMatthias Ringwald            //   E6405 – Cross transport key derivation from a key of size less than 128 bits
b18300a6SMatthias Ringwald            //   Note: When the BR/EDR link key is being derived from the LTK, the derivation is done before the LTK gets masked."
6535961aSMatthias Ringwald            (void)memcpy(setup->sm_ltk, hash, 16);
6535961aSMatthias Ringwald            (void)memcpy(setup->sm_local_ltk, hash, 16);
893e9333SMatthias Ringwald            sm_truncate_key(setup->sm_ltk, sm_conn->sm_actual_encryption_key_size);
bd57ffebSMatthias Ringwald            sm_conn->sm_engine_state = SM_SC_W2_CALCULATE_F6_FOR_DHKEY_CHECK;
019005a0SMatthias Ringwald            break;
901c000fSMatthias Ringwald        case SM_SC_W4_CALCULATE_F6_FOR_DHKEY_CHECK:
6535961aSMatthias Ringwald            (void)memcpy(setup->sm_local_dhkey_check, hash, 16);
42134bc6SMatthias Ringwald            if (IS_RESPONDER(sm_conn->sm_role)){
901c000fSMatthias Ringwald                // responder
f688bdb8SMatthias Ringwald                if ((setup->sm_state_vars & SM_STATE_VAR_DHKEY_COMMAND_RECEIVED) != 0u){
901c000fSMatthias Ringwald                    sm_conn->sm_engine_state = SM_SC_W2_CALCULATE_F6_TO_VERIFY_DHKEY_CHECK;
901c000fSMatthias Ringwald                } else {
901c000fSMatthias Ringwald                    sm_conn->sm_engine_state = SM_SC_W4_DHKEY_CHECK_COMMAND;
901c000fSMatthias Ringwald                }
901c000fSMatthias Ringwald            } else {
901c000fSMatthias Ringwald                sm_conn->sm_engine_state = SM_SC_SEND_DHKEY_CHECK_COMMAND;
901c000fSMatthias Ringwald            }
901c000fSMatthias Ringwald            break;
901c000fSMatthias Ringwald        case SM_SC_W4_CALCULATE_F6_TO_VERIFY_DHKEY_CHECK:
901c000fSMatthias Ringwald            if (0 != memcmp(hash, setup->sm_peer_dhkey_check, 16) ){
901c000fSMatthias Ringwald                sm_pairing_error(sm_conn, SM_REASON_DHKEY_CHECK_FAILED);
aec94140SMatthias Ringwald                break;
aec94140SMatthias Ringwald            }
42134bc6SMatthias Ringwald            if (IS_RESPONDER(sm_conn->sm_role)){
901c000fSMatthias Ringwald                // responder
901c000fSMatthias Ringwald                sm_conn->sm_engine_state = SM_SC_SEND_DHKEY_CHECK_COMMAND;
901c000fSMatthias Ringwald            } else {
901c000fSMatthias Ringwald                // initiator
901c000fSMatthias Ringwald                sm_conn->sm_engine_state = SM_INITIATOR_PH3_SEND_START_ENCRYPTION;
bd57ffebSMatthias Ringwald            }
901c000fSMatthias Ringwald            break;
6857ad8fSMatthias Ringwald#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
57132f12SMatthias Ringwald        case SM_SC_W4_CALCULATE_ILK:
6535961aSMatthias Ringwald            (void)memcpy(setup->sm_t, hash, 16);
57132f12SMatthias Ringwald            sm_conn->sm_engine_state = SM_SC_W2_CALCULATE_BR_EDR_LINK_KEY;
2bacf595SMatthias Ringwald            break;
57132f12SMatthias Ringwald        case SM_SC_W4_CALCULATE_BR_EDR_LINK_KEY:
2bacf595SMatthias Ringwald            reverse_128(hash, setup->sm_t);
2bacf595SMatthias Ringwald            link_key_type = sm_conn->sm_connection_authenticated ?
2bacf595SMatthias Ringwald                AUTHENTICATED_COMBINATION_KEY_GENERATED_FROM_P256 : UNAUTHENTICATED_COMBINATION_KEY_GENERATED_FROM_P256;
8974e43fSMatthias Ringwald            log_info("Derived classic link key from LE using h6, type %u", (int) link_key_type);
55160b1cSMatthias Ringwald			gap_store_link_key_for_bd_addr(setup->sm_peer_address, setup->sm_t, link_key_type);
8974e43fSMatthias Ringwald            if (IS_RESPONDER(sm_conn->sm_role)){
2bacf595SMatthias Ringwald                sm_conn->sm_engine_state = SM_RESPONDER_IDLE;
2bacf595SMatthias Ringwald            } else {
2bacf595SMatthias Ringwald                sm_conn->sm_engine_state = SM_INITIATOR_CONNECTED;
2bacf595SMatthias Ringwald            }
0ccf6c9cSMatthias Ringwald            sm_pairing_complete(sm_conn, ERROR_CODE_SUCCESS, 0);
2bacf595SMatthias Ringwald            sm_done_for_handle(sm_conn->sm_handle);
2bacf595SMatthias Ringwald            break;
e0a03c85SMatthias Ringwald        case SM_BR_EDR_W4_CALCULATE_ILK:
e0a03c85SMatthias Ringwald            (void)memcpy(setup->sm_t, hash, 16);
e0a03c85SMatthias Ringwald            sm_conn->sm_engine_state = SM_BR_EDR_W2_CALCULATE_LE_LTK;
e0a03c85SMatthias Ringwald            break;
e0a03c85SMatthias Ringwald        case SM_BR_EDR_W4_CALCULATE_LE_LTK:
e0a03c85SMatthias Ringwald            log_info("Derived LE LTK from BR/EDR Link Key");
e0a03c85SMatthias Ringwald            log_info_key("Link Key", hash);
e0a03c85SMatthias Ringwald            (void)memcpy(setup->sm_ltk, hash, 16);
e0a03c85SMatthias Ringwald            sm_truncate_key(setup->sm_ltk, sm_conn->sm_actual_encryption_key_size);
e0a03c85SMatthias Ringwald            sm_conn->sm_connection_authenticated = setup->sm_link_key_type == AUTHENTICATED_COMBINATION_KEY_GENERATED_FROM_P256;
e0a03c85SMatthias Ringwald            sm_store_bonding_information(sm_conn);
c18be159SMatthias Ringwald            sm_done_for_handle(sm_conn->sm_handle);
e0a03c85SMatthias Ringwald            break;
bdb14b0eSMatthias Ringwald#endif
bd57ffebSMatthias Ringwald        default:
bd57ffebSMatthias Ringwald            log_error("sm_sc_cmac_done in state %u", sm_conn->sm_engine_state);
bd57ffebSMatthias Ringwald            break;
bd57ffebSMatthias Ringwald    }
70b44dd4SMatthias Ringwald    sm_trigger_run();
aec94140SMatthias Ringwald}
aec94140SMatthias Ringwald
688a08f9SMatthias Ringwaldstatic void f4_engine(sm_connection_t * sm_conn, const sm_key256_t u, const sm_key256_t v, const sm_key_t x, uint8_t z){
dc300847SMatthias Ringwald    const uint16_t message_len = 65;
aec94140SMatthias Ringwald    sm_cmac_connection = sm_conn;
6535961aSMatthias Ringwald    (void)memcpy(sm_cmac_sc_buffer, u, 32);
6535961aSMatthias Ringwald    (void)memcpy(sm_cmac_sc_buffer + 32, v, 32);
aec94140SMatthias Ringwald    sm_cmac_sc_buffer[64] = z;
aec94140SMatthias Ringwald    log_info("f4 key");
aec94140SMatthias Ringwald    log_info_hexdump(x, 16);
aec94140SMatthias Ringwald    log_info("f4 message");
dc300847SMatthias Ringwald    log_info_hexdump(sm_cmac_sc_buffer, message_len);
d1a1f6a4SMatthias Ringwald    sm_cmac_message_start(x, message_len, sm_cmac_sc_buffer, &sm_sc_cmac_done);
aec94140SMatthias Ringwald}
aec94140SMatthias Ringwald
0346c37cSMatthias Ringwaldstatic const uint8_t f5_key_id[] = { 0x62, 0x74, 0x6c, 0x65 };
0346c37cSMatthias Ringwaldstatic const uint8_t f5_length[] = { 0x01, 0x00};
0346c37cSMatthias Ringwald
0346c37cSMatthias Ringwaldstatic void f5_calculate_salt(sm_connection_t * sm_conn){
8334d3d8SMatthias Ringwald
8334d3d8SMatthias Ringwald    static const sm_key_t f5_salt = { 0x6C ,0x88, 0x83, 0x91, 0xAA, 0xF5, 0xA5, 0x38, 0x60, 0x37, 0x0B, 0xDB, 0x5A, 0x60, 0x83, 0xBE};
8334d3d8SMatthias Ringwald
40c5d850SMatthias Ringwald    log_info("f5_calculate_salt");
0346c37cSMatthias Ringwald    // calculate salt for f5
0346c37cSMatthias Ringwald    const uint16_t message_len = 32;
0346c37cSMatthias Ringwald    sm_cmac_connection = sm_conn;
6535961aSMatthias Ringwald    (void)memcpy(sm_cmac_sc_buffer, setup->sm_dhkey, message_len);
d1a1f6a4SMatthias Ringwald    sm_cmac_message_start(f5_salt, message_len, sm_cmac_sc_buffer, &sm_sc_cmac_done);
0346c37cSMatthias Ringwald}
0346c37cSMatthias Ringwald
0346c37cSMatthias Ringwaldstatic inline void f5_mackkey(sm_connection_t * sm_conn, sm_key_t t, const sm_key_t n1, const sm_key_t n2, const sm_key56_t a1, const sm_key56_t a2){
0346c37cSMatthias Ringwald    const uint16_t message_len = 53;
0346c37cSMatthias Ringwald    sm_cmac_connection = sm_conn;
0346c37cSMatthias Ringwald
0346c37cSMatthias Ringwald    // f5(W, N1, N2, A1, A2) = AES-CMACT (Counter = 0 || keyID || N1 || N2|| A1|| A2 || Length = 256) -- this is the MacKey
0346c37cSMatthias Ringwald    sm_cmac_sc_buffer[0] = 0;
6535961aSMatthias Ringwald    (void)memcpy(sm_cmac_sc_buffer + 01, f5_key_id, 4);
6535961aSMatthias Ringwald    (void)memcpy(sm_cmac_sc_buffer + 05, n1, 16);
6535961aSMatthias Ringwald    (void)memcpy(sm_cmac_sc_buffer + 21, n2, 16);
6535961aSMatthias Ringwald    (void)memcpy(sm_cmac_sc_buffer + 37, a1, 7);
6535961aSMatthias Ringwald    (void)memcpy(sm_cmac_sc_buffer + 44, a2, 7);
6535961aSMatthias Ringwald    (void)memcpy(sm_cmac_sc_buffer + 51, f5_length, 2);
0346c37cSMatthias Ringwald    log_info("f5 key");
0346c37cSMatthias Ringwald    log_info_hexdump(t, 16);
0346c37cSMatthias Ringwald    log_info("f5 message for MacKey");
0346c37cSMatthias Ringwald    log_info_hexdump(sm_cmac_sc_buffer, message_len);
d1a1f6a4SMatthias Ringwald    sm_cmac_message_start(t, message_len, sm_cmac_sc_buffer, &sm_sc_cmac_done);
0346c37cSMatthias Ringwald}
0346c37cSMatthias Ringwald
0346c37cSMatthias Ringwaldstatic void f5_calculate_mackey(sm_connection_t * sm_conn){
0346c37cSMatthias Ringwald    sm_key56_t bd_addr_master, bd_addr_slave;
0346c37cSMatthias Ringwald    bd_addr_master[0] =  setup->sm_m_addr_type;
0346c37cSMatthias Ringwald    bd_addr_slave[0]  =  setup->sm_s_addr_type;
6535961aSMatthias Ringwald    (void)memcpy(&bd_addr_master[1], setup->sm_m_address, 6);
6535961aSMatthias Ringwald    (void)memcpy(&bd_addr_slave[1], setup->sm_s_address, 6);
42134bc6SMatthias Ringwald    if (IS_RESPONDER(sm_conn->sm_role)){
0346c37cSMatthias Ringwald        // responder
0346c37cSMatthias Ringwald        f5_mackkey(sm_conn, setup->sm_t, setup->sm_peer_nonce, setup->sm_local_nonce, bd_addr_master, bd_addr_slave);
0346c37cSMatthias Ringwald    } else {
0346c37cSMatthias Ringwald        // initiator
0346c37cSMatthias Ringwald        f5_mackkey(sm_conn, setup->sm_t, setup->sm_local_nonce, setup->sm_peer_nonce, bd_addr_master, bd_addr_slave);
0346c37cSMatthias Ringwald    }
0346c37cSMatthias Ringwald}
0346c37cSMatthias Ringwald
0346c37cSMatthias Ringwald// note: must be called right after f5_mackey, as sm_cmac_buffer[1..52] will be reused
0346c37cSMatthias Ringwaldstatic inline void f5_ltk(sm_connection_t * sm_conn, sm_key_t t){
0346c37cSMatthias Ringwald    const uint16_t message_len = 53;
0346c37cSMatthias Ringwald    sm_cmac_connection = sm_conn;
0346c37cSMatthias Ringwald    sm_cmac_sc_buffer[0] = 1;
0346c37cSMatthias Ringwald    // 1..52 setup before
0346c37cSMatthias Ringwald    log_info("f5 key");
0346c37cSMatthias Ringwald    log_info_hexdump(t, 16);
0346c37cSMatthias Ringwald    log_info("f5 message for LTK");
0346c37cSMatthias Ringwald    log_info_hexdump(sm_cmac_sc_buffer, message_len);
d1a1f6a4SMatthias Ringwald    sm_cmac_message_start(t, message_len, sm_cmac_sc_buffer, &sm_sc_cmac_done);
0346c37cSMatthias Ringwald}
f92edc8eSMatthias Ringwald
0346c37cSMatthias Ringwaldstatic void f5_calculate_ltk(sm_connection_t * sm_conn){
0346c37cSMatthias Ringwald    f5_ltk(sm_conn, setup->sm_t);
0346c37cSMatthias Ringwald}
0346c37cSMatthias Ringwald
31f061fbSMatthias Ringwaldstatic void f6_setup(const sm_key_t n1, const sm_key_t n2, const sm_key_t r, const sm_key24_t io_cap, const sm_key56_t a1, const sm_key56_t a2){
6535961aSMatthias Ringwald    (void)memcpy(sm_cmac_sc_buffer, n1, 16);
6535961aSMatthias Ringwald    (void)memcpy(sm_cmac_sc_buffer + 16, n2, 16);
6535961aSMatthias Ringwald    (void)memcpy(sm_cmac_sc_buffer + 32, r, 16);
6535961aSMatthias Ringwald    (void)memcpy(sm_cmac_sc_buffer + 48, io_cap, 3);
6535961aSMatthias Ringwald    (void)memcpy(sm_cmac_sc_buffer + 51, a1, 7);
6535961aSMatthias Ringwald    (void)memcpy(sm_cmac_sc_buffer + 58, a2, 7);
31f061fbSMatthias Ringwald}
31f061fbSMatthias Ringwald
31f061fbSMatthias Ringwaldstatic void f6_engine(sm_connection_t * sm_conn, const sm_key_t w){
31f061fbSMatthias Ringwald    const uint16_t message_len = 65;
31f061fbSMatthias Ringwald    sm_cmac_connection = sm_conn;
dc300847SMatthias Ringwald    log_info("f6 key");
dc300847SMatthias Ringwald    log_info_hexdump(w, 16);
dc300847SMatthias Ringwald    log_info("f6 message");
dc300847SMatthias Ringwald    log_info_hexdump(sm_cmac_sc_buffer, message_len);
d1a1f6a4SMatthias Ringwald    sm_cmac_message_start(w, 65, sm_cmac_sc_buffer, &sm_sc_cmac_done);
dc300847SMatthias Ringwald}
dc300847SMatthias Ringwald
f92edc8eSMatthias Ringwald// g2(U, V, X, Y) = AES-CMACX(U || V || Y) mod 2^32
f92edc8eSMatthias Ringwald// - U is 256 bits
f92edc8eSMatthias Ringwald// - V is 256 bits
f92edc8eSMatthias Ringwald// - X is 128 bits
f92edc8eSMatthias Ringwald// - Y is 128 bits
bd57ffebSMatthias Ringwaldstatic void g2_engine(sm_connection_t * sm_conn, const sm_key256_t u, const sm_key256_t v, const sm_key_t x, const sm_key_t y){
bd57ffebSMatthias Ringwald    const uint16_t message_len = 80;
bd57ffebSMatthias Ringwald    sm_cmac_connection = sm_conn;
6535961aSMatthias Ringwald    (void)memcpy(sm_cmac_sc_buffer, u, 32);
6535961aSMatthias Ringwald    (void)memcpy(sm_cmac_sc_buffer + 32, v, 32);
6535961aSMatthias Ringwald    (void)memcpy(sm_cmac_sc_buffer + 64, y, 16);
f92edc8eSMatthias Ringwald    log_info("g2 key");
f92edc8eSMatthias Ringwald    log_info_hexdump(x, 16);
f92edc8eSMatthias Ringwald    log_info("g2 message");
2bacf595SMatthias Ringwald    log_info_hexdump(sm_cmac_sc_buffer, message_len);
d1a1f6a4SMatthias Ringwald    sm_cmac_message_start(x, message_len, sm_cmac_sc_buffer, &sm_sc_cmac_done);
f92edc8eSMatthias Ringwald}
f92edc8eSMatthias Ringwald
b35a3de2SMatthias Ringwaldstatic void g2_calculate(sm_connection_t * sm_conn) {
f92edc8eSMatthias Ringwald    // calc Va if numeric comparison
42134bc6SMatthias Ringwald    if (IS_RESPONDER(sm_conn->sm_role)){
f92edc8eSMatthias Ringwald        // responder
fc5bff5fSMatthias Ringwald        g2_engine(sm_conn, setup->sm_peer_q, ec_q, setup->sm_peer_nonce, setup->sm_local_nonce);;
f92edc8eSMatthias Ringwald    } else {
f92edc8eSMatthias Ringwald        // initiator
fc5bff5fSMatthias Ringwald        g2_engine(sm_conn, ec_q, setup->sm_peer_q, setup->sm_local_nonce, setup->sm_peer_nonce);
f92edc8eSMatthias Ringwald    }
f92edc8eSMatthias Ringwald}
f92edc8eSMatthias Ringwald
945888f5SMatthias Ringwaldstatic void sm_sc_calculate_local_confirm(sm_connection_t * sm_conn){
9af0f475SMatthias Ringwald    uint8_t z = 0;
40c5d850SMatthias Ringwald    if (sm_passkey_entry(setup->sm_stk_generation_method)){
9af0f475SMatthias Ringwald        // some form of passkey
9af0f475SMatthias Ringwald        uint32_t pk = big_endian_read_32(setup->sm_tk, 12);
4ea43905SMatthias Ringwald        z = 0x80u | ((pk >> setup->sm_passkey_bit) & 1u);
9af0f475SMatthias Ringwald        setup->sm_passkey_bit++;
9af0f475SMatthias Ringwald    }
fc5bff5fSMatthias Ringwald    f4_engine(sm_conn, ec_q, setup->sm_peer_q, setup->sm_local_nonce, z);
9af0f475SMatthias Ringwald}
688a08f9SMatthias Ringwald
688a08f9SMatthias Ringwaldstatic void sm_sc_calculate_remote_confirm(sm_connection_t * sm_conn){
a680ba6bSMatthias Ringwald    // OOB
a680ba6bSMatthias Ringwald    if (setup->sm_stk_generation_method == OOB){
4acf7b7bSMatthias Ringwald        if (IS_RESPONDER(sm_conn->sm_role)){
4acf7b7bSMatthias Ringwald            f4_engine(sm_conn, setup->sm_peer_q, setup->sm_peer_q, setup->sm_ra, 0);
4acf7b7bSMatthias Ringwald        } else {
4acf7b7bSMatthias Ringwald            f4_engine(sm_conn, setup->sm_peer_q, setup->sm_peer_q, setup->sm_rb, 0);
4acf7b7bSMatthias Ringwald        }
a680ba6bSMatthias Ringwald        return;
a680ba6bSMatthias Ringwald    }
a680ba6bSMatthias Ringwald
688a08f9SMatthias Ringwald    uint8_t z = 0;
40c5d850SMatthias Ringwald    if (sm_passkey_entry(setup->sm_stk_generation_method)){
688a08f9SMatthias Ringwald        // some form of passkey
688a08f9SMatthias Ringwald        uint32_t pk = big_endian_read_32(setup->sm_tk, 12);
688a08f9SMatthias Ringwald        // sm_passkey_bit was increased before sending confirm value
4ea43905SMatthias Ringwald        z = 0x80u | ((pk >> (setup->sm_passkey_bit-1u)) & 1u);
688a08f9SMatthias Ringwald    }
fc5bff5fSMatthias Ringwald    f4_engine(sm_conn, setup->sm_peer_q, ec_q, setup->sm_peer_nonce, z);
688a08f9SMatthias Ringwald}
688a08f9SMatthias Ringwald
0346c37cSMatthias Ringwaldstatic void sm_sc_prepare_dhkey_check(sm_connection_t * sm_conn){
f688bdb8SMatthias Ringwald    log_info("sm_sc_prepare_dhkey_check, DHKEY calculated %u", (setup->sm_state_vars & SM_STATE_VAR_DHKEY_CALCULATED) != 0 ? 1 : 0);
3cf37b8cSMatthias Ringwald
f688bdb8SMatthias Ringwald    if ((setup->sm_state_vars & SM_STATE_VAR_DHKEY_CALCULATED) != 0u){
3cf37b8cSMatthias Ringwald        sm_conn->sm_engine_state = SM_SC_W2_CALCULATE_F5_SALT;
3cf37b8cSMatthias Ringwald    } else {
3cf37b8cSMatthias Ringwald        sm_conn->sm_engine_state = SM_SC_W4_CALCULATE_DHKEY;
3cf37b8cSMatthias Ringwald    }
d1a1f6a4SMatthias Ringwald}
3cf37b8cSMatthias Ringwald
d1a1f6a4SMatthias Ringwaldstatic void sm_sc_dhkey_calculated(void * arg){
f3582630SMatthias Ringwald    hci_con_handle_t con_handle = (hci_con_handle_t) (uintptr_t) arg;
f3582630SMatthias Ringwald    sm_connection_t * sm_conn = sm_get_connection_for_handle(con_handle);
f3582630SMatthias Ringwald    if (sm_conn == NULL) return;
f3582630SMatthias Ringwald
1c34405fSMatthias Ringwald    // check for invalid public key detected by Controller
1c34405fSMatthias Ringwald    if (sm_is_ff(setup->sm_dhkey, 32)){
1c34405fSMatthias Ringwald        log_info("sm: peer public key invalid");
1c34405fSMatthias Ringwald        sm_pairing_error(sm_conn, SM_REASON_DHKEY_CHECK_FAILED);
1c34405fSMatthias Ringwald        return;
1c34405fSMatthias Ringwald    }
1c34405fSMatthias Ringwald
d1a1f6a4SMatthias Ringwald    log_info("dhkey");
d1a1f6a4SMatthias Ringwald    log_info_hexdump(&setup->sm_dhkey[0], 32);
d1a1f6a4SMatthias Ringwald    setup->sm_state_vars |= SM_STATE_VAR_DHKEY_CALCULATED;
d1a1f6a4SMatthias Ringwald    // trigger next step
d1a1f6a4SMatthias Ringwald    if (sm_conn->sm_engine_state == SM_SC_W4_CALCULATE_DHKEY){
d1a1f6a4SMatthias Ringwald        sm_conn->sm_engine_state = SM_SC_W2_CALCULATE_F5_SALT;
d1a1f6a4SMatthias Ringwald    }
70b44dd4SMatthias Ringwald    sm_trigger_run();
dc300847SMatthias Ringwald}
dc300847SMatthias Ringwald
dc300847SMatthias Ringwaldstatic void sm_sc_calculate_f6_for_dhkey_check(sm_connection_t * sm_conn){
dc300847SMatthias Ringwald    // calculate DHKCheck
dc300847SMatthias Ringwald    sm_key56_t bd_addr_master, bd_addr_slave;
dc300847SMatthias Ringwald    bd_addr_master[0] =  setup->sm_m_addr_type;
dc300847SMatthias Ringwald    bd_addr_slave[0]  =  setup->sm_s_addr_type;
6535961aSMatthias Ringwald    (void)memcpy(&bd_addr_master[1], setup->sm_m_address, 6);
6535961aSMatthias Ringwald    (void)memcpy(&bd_addr_slave[1], setup->sm_s_address, 6);
dc300847SMatthias Ringwald    uint8_t iocap_a[3];
dc300847SMatthias Ringwald    iocap_a[0] = sm_pairing_packet_get_auth_req(setup->sm_m_preq);
dc300847SMatthias Ringwald    iocap_a[1] = sm_pairing_packet_get_oob_data_flag(setup->sm_m_preq);
dc300847SMatthias Ringwald    iocap_a[2] = sm_pairing_packet_get_io_capability(setup->sm_m_preq);
dc300847SMatthias Ringwald    uint8_t iocap_b[3];
dc300847SMatthias Ringwald    iocap_b[0] = sm_pairing_packet_get_auth_req(setup->sm_s_pres);
dc300847SMatthias Ringwald    iocap_b[1] = sm_pairing_packet_get_oob_data_flag(setup->sm_s_pres);
dc300847SMatthias Ringwald    iocap_b[2] = sm_pairing_packet_get_io_capability(setup->sm_s_pres);
42134bc6SMatthias Ringwald    if (IS_RESPONDER(sm_conn->sm_role)){
dc300847SMatthias Ringwald        // responder
31f061fbSMatthias Ringwald        f6_setup(setup->sm_local_nonce, setup->sm_peer_nonce, setup->sm_ra, iocap_b, bd_addr_slave, bd_addr_master);
31f061fbSMatthias Ringwald        f6_engine(sm_conn, setup->sm_mackey);
dc300847SMatthias Ringwald    } else {
dc300847SMatthias Ringwald        // initiator
31f061fbSMatthias Ringwald        f6_setup( setup->sm_local_nonce, setup->sm_peer_nonce, setup->sm_rb, iocap_a, bd_addr_master, bd_addr_slave);
31f061fbSMatthias Ringwald        f6_engine(sm_conn, setup->sm_mackey);
dc300847SMatthias Ringwald    }
dc300847SMatthias Ringwald}
dc300847SMatthias Ringwald
019005a0SMatthias Ringwaldstatic void sm_sc_calculate_f6_to_verify_dhkey_check(sm_connection_t * sm_conn){
019005a0SMatthias Ringwald    // validate E = f6()
019005a0SMatthias Ringwald    sm_key56_t bd_addr_master, bd_addr_slave;
019005a0SMatthias Ringwald    bd_addr_master[0] =  setup->sm_m_addr_type;
019005a0SMatthias Ringwald    bd_addr_slave[0]  =  setup->sm_s_addr_type;
6535961aSMatthias Ringwald    (void)memcpy(&bd_addr_master[1], setup->sm_m_address, 6);
6535961aSMatthias Ringwald    (void)memcpy(&bd_addr_slave[1], setup->sm_s_address, 6);
019005a0SMatthias Ringwald
019005a0SMatthias Ringwald    uint8_t iocap_a[3];
019005a0SMatthias Ringwald    iocap_a[0] = sm_pairing_packet_get_auth_req(setup->sm_m_preq);
019005a0SMatthias Ringwald    iocap_a[1] = sm_pairing_packet_get_oob_data_flag(setup->sm_m_preq);
019005a0SMatthias Ringwald    iocap_a[2] = sm_pairing_packet_get_io_capability(setup->sm_m_preq);
019005a0SMatthias Ringwald    uint8_t iocap_b[3];
019005a0SMatthias Ringwald    iocap_b[0] = sm_pairing_packet_get_auth_req(setup->sm_s_pres);
019005a0SMatthias Ringwald    iocap_b[1] = sm_pairing_packet_get_oob_data_flag(setup->sm_s_pres);
019005a0SMatthias Ringwald    iocap_b[2] = sm_pairing_packet_get_io_capability(setup->sm_s_pres);
42134bc6SMatthias Ringwald    if (IS_RESPONDER(sm_conn->sm_role)){
019005a0SMatthias Ringwald        // responder
31f061fbSMatthias Ringwald        f6_setup(setup->sm_peer_nonce, setup->sm_local_nonce, setup->sm_rb, iocap_a, bd_addr_master, bd_addr_slave);
31f061fbSMatthias Ringwald        f6_engine(sm_conn, setup->sm_mackey);
019005a0SMatthias Ringwald    } else {
019005a0SMatthias Ringwald        // initiator
31f061fbSMatthias Ringwald        f6_setup(setup->sm_peer_nonce, setup->sm_local_nonce, setup->sm_ra, iocap_b, bd_addr_slave, bd_addr_master);
31f061fbSMatthias Ringwald        f6_engine(sm_conn, setup->sm_mackey);
019005a0SMatthias Ringwald    }
019005a0SMatthias Ringwald}
2bacf595SMatthias Ringwald
2419120aSMatthias Ringwaldstatic void sm_sc_generate_nx_for_send_random(sm_connection_t * sm_conn){
2419120aSMatthias Ringwald    // generate Nx
2419120aSMatthias Ringwald    log_info("Generate N%c", IS_RESPONDER(sm_conn->sm_role) ? 'b' : 'a');
2419120aSMatthias Ringwald    btstack_crypto_random_generate(&sm_crypto_random_request, setup->sm_local_nonce, 16, &sm_handle_random_result_sc_next_send_pairing_random, (void*)(uintptr_t) sm_conn->sm_handle);
2419120aSMatthias Ringwald}
2419120aSMatthias Ringwald
55c62cf5SMatthias Ringwald#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
2bacf595SMatthias Ringwald
2bacf595SMatthias Ringwald//
2bacf595SMatthias Ringwald// Link Key Conversion Function h6
2bacf595SMatthias Ringwald//
57132f12SMatthias Ringwald// h6(W, keyID) = AES-CMAC_W(keyID)
2bacf595SMatthias Ringwald// - W is 128 bits
2bacf595SMatthias Ringwald// - keyID is 32 bits
2bacf595SMatthias Ringwaldstatic void h6_engine(sm_connection_t * sm_conn, const sm_key_t w, const uint32_t key_id){
2bacf595SMatthias Ringwald    const uint16_t message_len = 4;
2bacf595SMatthias Ringwald    sm_cmac_connection = sm_conn;
2bacf595SMatthias Ringwald    big_endian_store_32(sm_cmac_sc_buffer, 0, key_id);
2bacf595SMatthias Ringwald    log_info("h6 key");
2bacf595SMatthias Ringwald    log_info_hexdump(w, 16);
2bacf595SMatthias Ringwald    log_info("h6 message");
2bacf595SMatthias Ringwald    log_info_hexdump(sm_cmac_sc_buffer, message_len);
d1a1f6a4SMatthias Ringwald    sm_cmac_message_start(w, message_len, sm_cmac_sc_buffer, &sm_sc_cmac_done);
2bacf595SMatthias Ringwald}
57132f12SMatthias Ringwald//
57132f12SMatthias Ringwald// Link Key Conversion Function h7
57132f12SMatthias Ringwald//
57132f12SMatthias Ringwald// h7(SALT, W) = AES-CMAC_SALT(W)
57132f12SMatthias Ringwald// - SALT is 128 bits
57132f12SMatthias Ringwald// - W    is 128 bits
57132f12SMatthias Ringwaldstatic void h7_engine(sm_connection_t * sm_conn, const sm_key_t salt, const sm_key_t w) {
57132f12SMatthias Ringwald	const uint16_t message_len = 16;
57132f12SMatthias Ringwald	sm_cmac_connection = sm_conn;
57132f12SMatthias Ringwald	log_info("h7 key");
57132f12SMatthias Ringwald	log_info_hexdump(salt, 16);
57132f12SMatthias Ringwald	log_info("h7 message");
57132f12SMatthias Ringwald	log_info_hexdump(w, 16);
57132f12SMatthias Ringwald	sm_cmac_message_start(salt, message_len, w, &sm_sc_cmac_done);
57132f12SMatthias Ringwald}
2bacf595SMatthias Ringwald
b18300a6SMatthias Ringwald// For SC, setup->sm_local_ltk holds full LTK (sm_ltk is already truncated)
b18300a6SMatthias Ringwald// Errata Service Release to the Bluetooth Specification: ESR09
b18300a6SMatthias Ringwald//   E6405 – Cross transport key derivation from a key of size less than 128 bits
b18300a6SMatthias Ringwald//   "Note: When the BR/EDR link key is being derived from the LTK, the derivation is done before the LTK gets masked."
57132f12SMatthias Ringwald
c82679c3SMatthias Ringwaldstatic void h6_calculate_ilk_from_le_ltk(sm_connection_t * sm_conn){
b18300a6SMatthias Ringwald    h6_engine(sm_conn, setup->sm_local_ltk, 0x746D7031);    // "tmp1"
2bacf595SMatthias Ringwald}
2bacf595SMatthias Ringwald
e0a03c85SMatthias Ringwaldstatic void h6_calculate_ilk_from_br_edr(sm_connection_t * sm_conn){
e0a03c85SMatthias Ringwald    h6_engine(sm_conn, setup->sm_link_key, 0x746D7032);    // "tmp2"
e0a03c85SMatthias Ringwald}
e0a03c85SMatthias Ringwald
2bacf595SMatthias Ringwaldstatic void h6_calculate_br_edr_link_key(sm_connection_t * sm_conn){
2bacf595SMatthias Ringwald    h6_engine(sm_conn, setup->sm_t, 0x6c656272);    // "lebr"
2bacf595SMatthias Ringwald}
2bacf595SMatthias Ringwald
e0a03c85SMatthias Ringwaldstatic void h6_calculate_le_ltk(sm_connection_t * sm_conn){
e0a03c85SMatthias Ringwald    h6_engine(sm_conn, setup->sm_t, 0x62726C65);    // "brle"
e0a03c85SMatthias Ringwald}
e0a03c85SMatthias Ringwald
c82679c3SMatthias Ringwaldstatic void h7_calculate_ilk_from_le_ltk(sm_connection_t * sm_conn){
57132f12SMatthias Ringwald	const uint8_t salt[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,  0x00, 0x00, 0x00, 0x00, 0x74, 0x6D, 0x70, 0x31};  // "tmp1"
57132f12SMatthias Ringwald	h7_engine(sm_conn, salt, setup->sm_local_ltk);
57132f12SMatthias Ringwald}
e0a03c85SMatthias Ringwald
e0a03c85SMatthias Ringwaldstatic void h7_calculate_ilk_from_br_edr(sm_connection_t * sm_conn){
e0a03c85SMatthias Ringwald    const uint8_t salt[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,  0x00, 0x00, 0x00, 0x00, 0x74, 0x6D, 0x70, 0x32};  // "tmp2"
e0a03c85SMatthias Ringwald    h7_engine(sm_conn, salt, setup->sm_link_key);
e0a03c85SMatthias Ringwald}
e0a03c85SMatthias Ringwald
c18be159SMatthias Ringwaldstatic void sm_ctkd_fetch_br_edr_link_key(sm_connection_t * sm_conn){
e0a03c85SMatthias Ringwald    hci_connection_t * hci_connection = hci_connection_for_handle(sm_conn->sm_handle);
e0a03c85SMatthias Ringwald    btstack_assert(hci_connection != NULL);
e0a03c85SMatthias Ringwald    reverse_128(hci_connection->link_key, setup->sm_link_key);
e0a03c85SMatthias Ringwald    setup->sm_link_key_type =  hci_connection->link_key_type;
e0a03c85SMatthias Ringwald}
e0a03c85SMatthias Ringwald
13aed524SMatthias Ringwaldstatic void sm_ctkd_start_from_br_edr(sm_connection_t * sm_conn){
13aed524SMatthias Ringwald    // only derive LTK if EncKey is set by both
13aed524SMatthias Ringwald    bool derive_ltk = (sm_pairing_packet_get_initiator_key_distribution(setup->sm_s_pres) &
13aed524SMatthias Ringwald                              sm_pairing_packet_get_responder_key_distribution(setup->sm_s_pres) & SM_KEYDIST_ENC_KEY) != 0;
13aed524SMatthias Ringwald    if (derive_ltk){
c18be159SMatthias Ringwald        bool use_h7 = (sm_pairing_packet_get_auth_req(setup->sm_m_preq) & sm_pairing_packet_get_auth_req(setup->sm_s_pres) & SM_AUTHREQ_CT2) != 0;
13aed524SMatthias Ringwald        sm_conn->sm_engine_state = use_h7 ? SM_BR_EDR_W2_CALCULATE_ILK_USING_H7 : SM_BR_EDR_W2_CALCULATE_ILK_USING_H6;
13aed524SMatthias Ringwald    } else {
13aed524SMatthias Ringwald        sm_done_for_handle(sm_conn->sm_handle);
13aed524SMatthias Ringwald    }
c18be159SMatthias Ringwald}
c18be159SMatthias Ringwald
9af0f475SMatthias Ringwald#endif
9af0f475SMatthias Ringwald
55c62cf5SMatthias Ringwald#endif
55c62cf5SMatthias Ringwald
613da3deSMatthias Ringwald// key management legacy connections:
613da3deSMatthias Ringwald// - potentially two different LTKs based on direction. each device stores LTK provided by peer
613da3deSMatthias Ringwald// - master stores LTK, EDIV, RAND. responder optionally stored master LTK (only if it needs to reconnect)
613da3deSMatthias Ringwald// - initiators reconnects: initiator uses stored LTK, EDIV, RAND generated by responder
613da3deSMatthias Ringwald// - responder  reconnects: responder uses LTK receveived from master
613da3deSMatthias Ringwald
613da3deSMatthias Ringwald// key management secure connections:
613da3deSMatthias Ringwald// - both devices store same LTK from ECDH key exchange.
613da3deSMatthias Ringwald
42134bc6SMatthias Ringwald#if defined(ENABLE_LE_SECURE_CONNECTIONS) || defined(ENABLE_LE_CENTRAL)
5829ebe2SMatthias Ringwaldstatic void sm_load_security_info(sm_connection_t * sm_connection){
5829ebe2SMatthias Ringwald    int encryption_key_size;
5829ebe2SMatthias Ringwald    int authenticated;
5829ebe2SMatthias Ringwald    int authorized;
3dc3a67dSMatthias Ringwald    int secure_connection;
5829ebe2SMatthias Ringwald
5829ebe2SMatthias Ringwald    // fetch data from device db - incl. authenticated/authorized/key size. Note all sm_connection_X require encryption enabled
5829ebe2SMatthias Ringwald    le_device_db_encryption_get(sm_connection->sm_le_db_index, &setup->sm_peer_ediv, setup->sm_peer_rand, setup->sm_peer_ltk,
3dc3a67dSMatthias Ringwald                                &encryption_key_size, &authenticated, &authorized, &secure_connection);
3dc3a67dSMatthias Ringwald    log_info("db index %u, key size %u, authenticated %u, authorized %u, secure connetion %u", sm_connection->sm_le_db_index, encryption_key_size, authenticated, authorized, secure_connection);
5829ebe2SMatthias Ringwald    sm_connection->sm_actual_encryption_key_size = encryption_key_size;
5829ebe2SMatthias Ringwald    sm_connection->sm_connection_authenticated = authenticated;
5829ebe2SMatthias Ringwald    sm_connection->sm_connection_authorization_state = authorized ? AUTHORIZATION_GRANTED : AUTHORIZATION_UNKNOWN;
d7dbf891SMatthias Ringwald    sm_connection->sm_connection_sc = secure_connection != 0;
5829ebe2SMatthias Ringwald}
42134bc6SMatthias Ringwald#endif
bd57ffebSMatthias Ringwald
42134bc6SMatthias Ringwald#ifdef ENABLE_LE_PERIPHERAL
59066796SMatthias Ringwaldstatic void sm_start_calculating_ltk_from_ediv_and_rand(sm_connection_t * sm_connection){
6535961aSMatthias Ringwald    (void)memcpy(setup->sm_local_rand, sm_connection->sm_local_rand, 8);
59066796SMatthias Ringwald    setup->sm_local_ediv = sm_connection->sm_local_ediv;
59066796SMatthias Ringwald    // re-establish used key encryption size
59066796SMatthias Ringwald    // no db for encryption size hack: encryption size is stored in lowest nibble of setup->sm_local_rand
4ea43905SMatthias Ringwald    sm_connection->sm_actual_encryption_key_size = (setup->sm_local_rand[7u] & 0x0fu) + 1u;
59066796SMatthias Ringwald    // no db for authenticated flag hack: flag is stored in bit 4 of LSB
4ea43905SMatthias Ringwald    sm_connection->sm_connection_authenticated = (setup->sm_local_rand[7u] & 0x10u) >> 4u;
3dc3a67dSMatthias Ringwald    // Legacy paring -> not SC
d7dbf891SMatthias Ringwald    sm_connection->sm_connection_sc = false;
59066796SMatthias Ringwald    log_info("sm: received ltk request with key size %u, authenticated %u",
59066796SMatthias Ringwald            sm_connection->sm_actual_encryption_key_size, sm_connection->sm_connection_authenticated);
59066796SMatthias Ringwald}
42134bc6SMatthias Ringwald#endif
59066796SMatthias Ringwald
3deb3ec6SMatthias Ringwald// distributed key generation
d7f1c72eSMatthias Ringwaldstatic bool sm_run_dpkg(void){
3deb3ec6SMatthias Ringwald    switch (dkg_state){
3deb3ec6SMatthias Ringwald        case DKG_CALC_IRK:
3deb3ec6SMatthias Ringwald            // already busy?
3deb3ec6SMatthias Ringwald            if (sm_aes128_state == SM_AES128_IDLE) {
d1a1f6a4SMatthias Ringwald                log_info("DKG_CALC_IRK started");
3deb3ec6SMatthias Ringwald                // IRK = d1(IR, 1, 0)
d1a1f6a4SMatthias Ringwald                sm_d1_d_prime(1, 0, sm_aes128_plaintext);  // plaintext = d1 prime
d1a1f6a4SMatthias Ringwald                sm_aes128_state = SM_AES128_ACTIVE;
d1a1f6a4SMatthias Ringwald                btstack_crypto_aes128_encrypt(&sm_crypto_aes128_request, sm_persistent_ir, sm_aes128_plaintext, sm_persistent_irk, sm_handle_encryption_result_dkg_irk, NULL);
d7f1c72eSMatthias Ringwald                return true;
3deb3ec6SMatthias Ringwald            }
3deb3ec6SMatthias Ringwald            break;
3deb3ec6SMatthias Ringwald        case DKG_CALC_DHK:
3deb3ec6SMatthias Ringwald            // already busy?
3deb3ec6SMatthias Ringwald            if (sm_aes128_state == SM_AES128_IDLE) {
d1a1f6a4SMatthias Ringwald                log_info("DKG_CALC_DHK started");
3deb3ec6SMatthias Ringwald                // DHK = d1(IR, 3, 0)
d1a1f6a4SMatthias Ringwald                sm_d1_d_prime(3, 0, sm_aes128_plaintext);  // plaintext = d1 prime
d1a1f6a4SMatthias Ringwald                sm_aes128_state = SM_AES128_ACTIVE;
d1a1f6a4SMatthias Ringwald                btstack_crypto_aes128_encrypt(&sm_crypto_aes128_request, sm_persistent_ir, sm_aes128_plaintext, sm_persistent_dhk, sm_handle_encryption_result_dkg_dhk, NULL);
d7f1c72eSMatthias Ringwald                return true;
3deb3ec6SMatthias Ringwald            }
3deb3ec6SMatthias Ringwald            break;
3deb3ec6SMatthias Ringwald        default:
3deb3ec6SMatthias Ringwald            break;
3deb3ec6SMatthias Ringwald    }
d7f1c72eSMatthias Ringwald    return false;
d7f1c72eSMatthias Ringwald}
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald// random address updates
d7f1c72eSMatthias Ringwaldstatic bool sm_run_rau(void){
3deb3ec6SMatthias Ringwald    switch (rau_state){
fbd4e238SMatthias Ringwald        case RAU_GET_RANDOM:
fbd4e238SMatthias Ringwald            rau_state = RAU_W4_RANDOM;
5b4dd597SMatthias Ringwald            btstack_crypto_random_generate(&sm_crypto_random_request, sm_random_address, 6, &sm_handle_random_result_rau, NULL);
d7f1c72eSMatthias Ringwald            return true;
3deb3ec6SMatthias Ringwald        case RAU_GET_ENC:
3deb3ec6SMatthias Ringwald            // already busy?
3deb3ec6SMatthias Ringwald            if (sm_aes128_state == SM_AES128_IDLE) {
d1a1f6a4SMatthias Ringwald                sm_ah_r_prime(sm_random_address, sm_aes128_plaintext);
d1a1f6a4SMatthias Ringwald                sm_aes128_state = SM_AES128_ACTIVE;
d1a1f6a4SMatthias Ringwald                btstack_crypto_aes128_encrypt(&sm_crypto_aes128_request, sm_persistent_irk, sm_aes128_plaintext, sm_aes128_ciphertext, sm_handle_encryption_result_rau, NULL);
d7f1c72eSMatthias Ringwald                return true;
3deb3ec6SMatthias Ringwald            }
3deb3ec6SMatthias Ringwald            break;
3deb3ec6SMatthias Ringwald        default:
3deb3ec6SMatthias Ringwald            break;
3deb3ec6SMatthias Ringwald    }
d7f1c72eSMatthias Ringwald    return false;
d7f1c72eSMatthias Ringwald}
3deb3ec6SMatthias Ringwald
51258968SMatthias Ringwald// device lookup with IRK
51258968SMatthias Ringwaldstatic bool sm_run_irk_lookup(void){
d7f1c72eSMatthias Ringwald    btstack_linked_list_iterator_t it;
d7f1c72eSMatthias Ringwald
51258968SMatthias Ringwald    // -- if IRK lookup ready, find connection that require csrk lookup
3deb3ec6SMatthias Ringwald    if (sm_address_resolution_idle()){
3deb3ec6SMatthias Ringwald        hci_connections_get_iterator(&it);
665d90f2SMatthias Ringwald        while(btstack_linked_list_iterator_has_next(&it)){
665d90f2SMatthias Ringwald            hci_connection_t * hci_connection = (hci_connection_t *) btstack_linked_list_iterator_next(&it);
3deb3ec6SMatthias Ringwald            sm_connection_t  * sm_connection  = &hci_connection->sm_connection;
3deb3ec6SMatthias Ringwald            if (sm_connection->sm_irk_lookup_state == IRK_LOOKUP_W4_READY){
3deb3ec6SMatthias Ringwald                // and start lookup
3deb3ec6SMatthias Ringwald                sm_address_resolution_start_lookup(sm_connection->sm_peer_addr_type, sm_connection->sm_handle, sm_connection->sm_peer_address, ADDRESS_RESOLUTION_FOR_CONNECTION, sm_connection);
3deb3ec6SMatthias Ringwald                sm_connection->sm_irk_lookup_state = IRK_LOOKUP_STARTED;
3deb3ec6SMatthias Ringwald                break;
3deb3ec6SMatthias Ringwald            }
3deb3ec6SMatthias Ringwald        }
3deb3ec6SMatthias Ringwald    }
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald    // -- if csrk lookup ready, resolved addresses for received addresses
3deb3ec6SMatthias Ringwald    if (sm_address_resolution_idle()) {
665d90f2SMatthias Ringwald        if (!btstack_linked_list_empty(&sm_address_resolution_general_queue)){
3deb3ec6SMatthias Ringwald            sm_lookup_entry_t * entry = (sm_lookup_entry_t *) sm_address_resolution_general_queue;
665d90f2SMatthias Ringwald            btstack_linked_list_remove(&sm_address_resolution_general_queue, (btstack_linked_item_t *) entry);
3deb3ec6SMatthias Ringwald            sm_address_resolution_start_lookup(entry->address_type, 0, entry->address, ADDRESS_RESOLUTION_GENERAL, NULL);
3deb3ec6SMatthias Ringwald            btstack_memory_sm_lookup_entry_free(entry);
3deb3ec6SMatthias Ringwald        }
3deb3ec6SMatthias Ringwald    }
3deb3ec6SMatthias Ringwald
ca685291SMatthias Ringwald    // -- Continue with device lookup by public or resolvable private address
3deb3ec6SMatthias Ringwald    if (!sm_address_resolution_idle()){
72d2978cSMatthias Ringwald        bool started_aes128 = false;
092ec58eSMatthias Ringwald        while (sm_address_resolution_test < le_device_db_max_count()){
adf5eaa9SMatthias Ringwald            int addr_type = BD_ADDR_TYPE_UNKNOWN;
3deb3ec6SMatthias Ringwald            bd_addr_t addr;
3deb3ec6SMatthias Ringwald            sm_key_t irk;
3deb3ec6SMatthias Ringwald            le_device_db_info(sm_address_resolution_test, &addr_type, addr, irk);
3deb3ec6SMatthias Ringwald
adf5eaa9SMatthias Ringwald            // skip unused entries
adf5eaa9SMatthias Ringwald            if (addr_type == BD_ADDR_TYPE_UNKNOWN){
adf5eaa9SMatthias Ringwald                sm_address_resolution_test++;
adf5eaa9SMatthias Ringwald                continue;
adf5eaa9SMatthias Ringwald            }
adf5eaa9SMatthias Ringwald
c2b94d32SMatthias Ringwald            log_info("LE Device Lookup: device %u of %u - type %u, %s", sm_address_resolution_test,
c2b94d32SMatthias Ringwald                     le_device_db_max_count(), addr_type, bd_addr_to_str(addr));
ca685291SMatthias Ringwald
c2b94d32SMatthias Ringwald            // map resolved identity addresses to regular addresses
515f33beSMatthias Ringwald            int regular_addr_type = sm_address_resolution_addr_type & 1;
515f33beSMatthias Ringwald            if ((regular_addr_type == addr_type) && (memcmp(addr, sm_address_resolution_address, 6) == 0)){
ca685291SMatthias Ringwald                log_info("LE Device Lookup: found by { addr_type, address} ");
a66b030fSMatthias Ringwald                sm_address_resolution_handle_event(ADDRESS_RESOLUTION_SUCCEEDED);
3deb3ec6SMatthias Ringwald                break;
3deb3ec6SMatthias Ringwald            }
3deb3ec6SMatthias Ringwald
c2b94d32SMatthias Ringwald            // if connection type is not random (i.e. public or resolved identity), it must be a different entry
c2b94d32SMatthias Ringwald            if (sm_address_resolution_addr_type != BD_ADDR_TYPE_LE_RANDOM){
3deb3ec6SMatthias Ringwald                sm_address_resolution_test++;
3deb3ec6SMatthias Ringwald                continue;
3deb3ec6SMatthias Ringwald            }
3deb3ec6SMatthias Ringwald
8cc81b50SMatthias Ringwald            // skip AH if no IRK
8cc81b50SMatthias Ringwald            if (sm_is_null_key(irk)){
8cc81b50SMatthias Ringwald                sm_address_resolution_test++;
8cc81b50SMatthias Ringwald                continue;
8cc81b50SMatthias Ringwald            }
8cc81b50SMatthias Ringwald
3deb3ec6SMatthias Ringwald            if (sm_aes128_state == SM_AES128_ACTIVE) break;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald            log_info("LE Device Lookup: calculate AH");
8314c363SMatthias Ringwald            log_info_key("IRK", irk);
3deb3ec6SMatthias Ringwald
6535961aSMatthias Ringwald            (void)memcpy(sm_aes128_key, irk, 16);
d1a1f6a4SMatthias Ringwald            sm_ah_r_prime(sm_address_resolution_address, sm_aes128_plaintext);
d1a1f6a4SMatthias Ringwald            sm_aes128_state = SM_AES128_ACTIVE;
d1a1f6a4SMatthias Ringwald            btstack_crypto_aes128_encrypt(&sm_crypto_aes128_request, sm_aes128_key, sm_aes128_plaintext, sm_aes128_ciphertext, sm_handle_encryption_result_address_resolution, NULL);
72d2978cSMatthias Ringwald            started_aes128 = true;
72d2978cSMatthias Ringwald            break;
72d2978cSMatthias Ringwald        }
72d2978cSMatthias Ringwald
72d2978cSMatthias Ringwald        if (started_aes128){
d7f1c72eSMatthias Ringwald            return true;
3deb3ec6SMatthias Ringwald        }
3deb3ec6SMatthias Ringwald
092ec58eSMatthias Ringwald        if (sm_address_resolution_test >= le_device_db_max_count()){
3deb3ec6SMatthias Ringwald            log_info("LE Device Lookup: not found");
3deb3ec6SMatthias Ringwald            sm_address_resolution_handle_event(ADDRESS_RESOLUTION_FAILED);
3deb3ec6SMatthias Ringwald        }
3deb3ec6SMatthias Ringwald    }
d7f1c72eSMatthias Ringwald    return false;
d7f1c72eSMatthias Ringwald}
3deb3ec6SMatthias Ringwald
d7f1c72eSMatthias Ringwald// SC OOB
d7f1c72eSMatthias Ringwaldstatic bool sm_run_oob(void){
c59d0c92SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
c59d0c92SMatthias Ringwald    switch (sm_sc_oob_state){
c59d0c92SMatthias Ringwald        case SM_SC_OOB_W2_CALC_CONFIRM:
c59d0c92SMatthias Ringwald            if (!sm_cmac_ready()) break;
c59d0c92SMatthias Ringwald            sm_sc_oob_state = SM_SC_OOB_W4_CONFIRM;
c59d0c92SMatthias Ringwald            f4_engine(NULL, ec_q, ec_q, sm_sc_oob_random, 0);
d7f1c72eSMatthias Ringwald            return true;
c59d0c92SMatthias Ringwald        default:
c59d0c92SMatthias Ringwald            break;
c59d0c92SMatthias Ringwald    }
c59d0c92SMatthias Ringwald#endif
d7f1c72eSMatthias Ringwald    return false;
d7f1c72eSMatthias Ringwald}
275aafe8SMatthias Ringwald
687a03c8SMatthias Ringwaldstatic void sm_send_connectionless(sm_connection_t * sm_connection, const uint8_t * buffer, uint16_t size){
687a03c8SMatthias Ringwald    l2cap_send_connectionless(sm_connection->sm_handle, sm_connection->sm_cid, (uint8_t*) buffer, size);
687a03c8SMatthias Ringwald}
687a03c8SMatthias Ringwald
41d32297SMatthias Ringwald// handle basic actions that don't requires the full context
d7f1c72eSMatthias Ringwaldstatic bool sm_run_basic(void){
d7f1c72eSMatthias Ringwald    btstack_linked_list_iterator_t it;
41d32297SMatthias Ringwald    hci_connections_get_iterator(&it);
e9af1bf6SMatthias Ringwald    while(btstack_linked_list_iterator_has_next(&it)){
41d32297SMatthias Ringwald        hci_connection_t * hci_connection = (hci_connection_t *) btstack_linked_list_iterator_next(&it);
41d32297SMatthias Ringwald        sm_connection_t  * sm_connection = &hci_connection->sm_connection;
41d32297SMatthias Ringwald        switch(sm_connection->sm_engine_state){
f4935286SMatthias Ringwald
f4935286SMatthias Ringwald            // general
f4935286SMatthias Ringwald            case SM_GENERAL_SEND_PAIRING_FAILED: {
f4935286SMatthias Ringwald                uint8_t buffer[2];
f4935286SMatthias Ringwald                buffer[0] = SM_CODE_PAIRING_FAILED;
f4935286SMatthias Ringwald                buffer[1] = sm_connection->sm_pairing_failed_reason;
f4935286SMatthias Ringwald                sm_connection->sm_engine_state = sm_connection->sm_role ? SM_RESPONDER_IDLE : SM_INITIATOR_CONNECTED;
687a03c8SMatthias Ringwald                sm_send_connectionless(sm_connection, (uint8_t*) buffer, sizeof(buffer));
f4935286SMatthias Ringwald                sm_pairing_complete(sm_connection, ERROR_CODE_AUTHENTICATION_FAILURE, sm_connection->sm_pairing_failed_reason);
f4935286SMatthias Ringwald                sm_done_for_handle(sm_connection->sm_handle);
f4935286SMatthias Ringwald                break;
f4935286SMatthias Ringwald            }
f4935286SMatthias Ringwald
41d32297SMatthias Ringwald            // responder side
41d32297SMatthias Ringwald            case SM_RESPONDER_PH0_SEND_LTK_REQUESTED_NEGATIVE_REPLY:
41d32297SMatthias Ringwald                sm_connection->sm_engine_state = SM_RESPONDER_IDLE;
41d32297SMatthias Ringwald                hci_send_cmd(&hci_le_long_term_key_negative_reply, sm_connection->sm_handle);
d7f1c72eSMatthias Ringwald                return true;
4b8b5afeSMatthias Ringwald
4b8b5afeSMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
4b8b5afeSMatthias Ringwald            case SM_SC_RECEIVED_LTK_REQUEST:
4b8b5afeSMatthias Ringwald                switch (sm_connection->sm_irk_lookup_state){
4b8b5afeSMatthias Ringwald                    case IRK_LOOKUP_FAILED:
e9af1bf6SMatthias Ringwald                        log_info("LTK Request: IRK Lookup Failed)");
4b8b5afeSMatthias Ringwald                        sm_connection->sm_engine_state = SM_RESPONDER_IDLE;
4b8b5afeSMatthias Ringwald                        hci_send_cmd(&hci_le_long_term_key_negative_reply, sm_connection->sm_handle);
d7f1c72eSMatthias Ringwald                        return true;
4b8b5afeSMatthias Ringwald                    default:
4b8b5afeSMatthias Ringwald                        break;
4b8b5afeSMatthias Ringwald                }
4b8b5afeSMatthias Ringwald                break;
4b8b5afeSMatthias Ringwald#endif
41d32297SMatthias Ringwald            default:
41d32297SMatthias Ringwald                break;
41d32297SMatthias Ringwald        }
41d32297SMatthias Ringwald    }
d7f1c72eSMatthias Ringwald    return false;
d7f1c72eSMatthias Ringwald}
3deb3ec6SMatthias Ringwald
d7f1c72eSMatthias Ringwaldstatic void sm_run_activate_connection(void){
3deb3ec6SMatthias Ringwald    // Find connections that requires setup context and make active if no other is locked
d7f1c72eSMatthias Ringwald    btstack_linked_list_iterator_t it;
3deb3ec6SMatthias Ringwald    hci_connections_get_iterator(&it);
7149bde5SMatthias Ringwald    while((sm_active_connection_handle == HCI_CON_HANDLE_INVALID) && btstack_linked_list_iterator_has_next(&it)){
665d90f2SMatthias Ringwald        hci_connection_t * hci_connection = (hci_connection_t *) btstack_linked_list_iterator_next(&it);
3deb3ec6SMatthias Ringwald        sm_connection_t  * sm_connection = &hci_connection->sm_connection;
3deb3ec6SMatthias Ringwald        // - if no connection locked and we're ready/waiting for setup context, fetch it and start
1979f09cSMatthias Ringwald        bool done = true;
34b6528fSMatthias Ringwald
34b6528fSMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
34b6528fSMatthias Ringwald        // assert ec key is ready
505f1c30SMatthias Ringwald        if (   (sm_connection->sm_engine_state == SM_RESPONDER_PH1_PAIRING_REQUEST_RECEIVED)
178e8c1bSMatthias Ringwald            || (sm_connection->sm_engine_state == SM_INITIATOR_PH1_W2_SEND_PAIRING_REQUEST)
178e8c1bSMatthias Ringwald			|| (sm_connection->sm_engine_state == SM_RESPONDER_SEND_SECURITY_REQUEST)){
34b6528fSMatthias Ringwald            if (ec_key_generation_state == EC_KEY_GENERATION_IDLE){
34b6528fSMatthias Ringwald                sm_ec_generate_new_key();
34b6528fSMatthias Ringwald            }
34b6528fSMatthias Ringwald            if (ec_key_generation_state != EC_KEY_GENERATION_DONE){
34b6528fSMatthias Ringwald                continue;
34b6528fSMatthias Ringwald            }
34b6528fSMatthias Ringwald        }
34b6528fSMatthias Ringwald#endif
34b6528fSMatthias Ringwald
3deb3ec6SMatthias Ringwald        switch (sm_connection->sm_engine_state) {
42134bc6SMatthias Ringwald#ifdef ENABLE_LE_PERIPHERAL
3deb3ec6SMatthias Ringwald            case SM_RESPONDER_SEND_SECURITY_REQUEST:
3deb3ec6SMatthias Ringwald            case SM_RESPONDER_PH1_PAIRING_REQUEST_RECEIVED:
42134bc6SMatthias Ringwald            case SM_RESPONDER_PH0_RECEIVED_LTK_REQUEST:
549ad5d2SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
06cd539fSMatthias Ringwald            case SM_SC_RECEIVED_LTK_REQUEST:
87014f74SMatthias Ringwald#endif
87014f74SMatthias Ringwald#endif
34c39fbdSMatthias Ringwald#ifdef ENABLE_LE_CENTRAL
5567aa60SMatthias Ringwald            case SM_INITIATOR_PH4_HAS_LTK:
34c39fbdSMatthias Ringwald			case SM_INITIATOR_PH1_W2_SEND_PAIRING_REQUEST:
549ad5d2SMatthias Ringwald#endif
c18be159SMatthias Ringwald#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
c18be159SMatthias Ringwald            case SM_BR_EDR_RESPONDER_PAIRING_REQUEST_RECEIVED:
c18be159SMatthias Ringwald            case SM_BR_EDR_INITIATOR_SEND_PAIRING_REQUEST:
c18be159SMatthias Ringwald#endif
87014f74SMatthias Ringwald				// just lock context
87014f74SMatthias Ringwald				break;
3deb3ec6SMatthias Ringwald            default:
1979f09cSMatthias Ringwald                done = false;
3deb3ec6SMatthias Ringwald                break;
3deb3ec6SMatthias Ringwald        }
3deb3ec6SMatthias Ringwald        if (done){
7149bde5SMatthias Ringwald            sm_active_connection_handle = sm_connection->sm_handle;
7149bde5SMatthias Ringwald            log_info("sm: connection 0x%04x locked setup context as %s, state %u", sm_active_connection_handle, sm_connection->sm_role ? "responder" : "initiator", sm_connection->sm_engine_state);
3deb3ec6SMatthias Ringwald        }
3deb3ec6SMatthias Ringwald    }
d7f1c72eSMatthias Ringwald}
d7f1c72eSMatthias Ringwald
403280b9SMatthias Ringwaldstatic void sm_run_send_keypress_notification(sm_connection_t * connection){
403280b9SMatthias Ringwald    int i;
403280b9SMatthias Ringwald    uint8_t flags       = setup->sm_keypress_notification & 0x1fu;
403280b9SMatthias Ringwald    uint8_t num_actions = setup->sm_keypress_notification >> 5;
403280b9SMatthias Ringwald    uint8_t action = 0;
403280b9SMatthias Ringwald    for (i=SM_KEYPRESS_PASSKEY_ENTRY_STARTED;i<=SM_KEYPRESS_PASSKEY_ENTRY_COMPLETED;i++){
1d80f1e6SMatthias Ringwald        if ((flags & (1u<<i)) != 0u){
403280b9SMatthias Ringwald            bool clear_flag = true;
403280b9SMatthias Ringwald            switch (i){
403280b9SMatthias Ringwald                case SM_KEYPRESS_PASSKEY_ENTRY_STARTED:
403280b9SMatthias Ringwald                case SM_KEYPRESS_PASSKEY_CLEARED:
403280b9SMatthias Ringwald                case SM_KEYPRESS_PASSKEY_ENTRY_COMPLETED:
403280b9SMatthias Ringwald                default:
403280b9SMatthias Ringwald                    break;
403280b9SMatthias Ringwald                case SM_KEYPRESS_PASSKEY_DIGIT_ENTERED:
403280b9SMatthias Ringwald                case SM_KEYPRESS_PASSKEY_DIGIT_ERASED:
403280b9SMatthias Ringwald                    num_actions--;
403280b9SMatthias Ringwald                    clear_flag = num_actions == 0u;
403280b9SMatthias Ringwald                    break;
403280b9SMatthias Ringwald            }
403280b9SMatthias Ringwald            if (clear_flag){
403280b9SMatthias Ringwald                flags &= ~(1<<i);
403280b9SMatthias Ringwald            }
403280b9SMatthias Ringwald            action = i;
403280b9SMatthias Ringwald            break;
403280b9SMatthias Ringwald        }
403280b9SMatthias Ringwald    }
403280b9SMatthias Ringwald    setup->sm_keypress_notification = (num_actions << 5) | flags;
403280b9SMatthias Ringwald
403280b9SMatthias Ringwald    // send keypress notification
403280b9SMatthias Ringwald    uint8_t buffer[2];
403280b9SMatthias Ringwald    buffer[0] = SM_CODE_KEYPRESS_NOTIFICATION;
403280b9SMatthias Ringwald    buffer[1] = action;
687a03c8SMatthias Ringwald    sm_send_connectionless(connection, (uint8_t*) buffer, sizeof(buffer));
403280b9SMatthias Ringwald
403280b9SMatthias Ringwald    // try
384eabd3SMatthias Ringwald    l2cap_request_can_send_fix_channel_now_event(sm_active_connection_handle, connection->sm_cid);
403280b9SMatthias Ringwald}
403280b9SMatthias Ringwald
403280b9SMatthias Ringwaldstatic void sm_run_distribute_keys(sm_connection_t * connection){
1d80f1e6SMatthias Ringwald    if ((setup->sm_key_distribution_send_set &   SM_KEYDIST_FLAG_ENCRYPTION_INFORMATION) != 0u){
403280b9SMatthias Ringwald        setup->sm_key_distribution_send_set &= ~SM_KEYDIST_FLAG_ENCRYPTION_INFORMATION;
403280b9SMatthias Ringwald        setup->sm_key_distribution_sent_set |=  SM_KEYDIST_FLAG_ENCRYPTION_INFORMATION;
403280b9SMatthias Ringwald        uint8_t buffer[17];
403280b9SMatthias Ringwald        buffer[0] = SM_CODE_ENCRYPTION_INFORMATION;
403280b9SMatthias Ringwald        reverse_128(setup->sm_ltk, &buffer[1]);
687a03c8SMatthias Ringwald        sm_send_connectionless(connection, (uint8_t*) buffer, sizeof(buffer));
403280b9SMatthias Ringwald        sm_timeout_reset(connection);
403280b9SMatthias Ringwald        return;
403280b9SMatthias Ringwald    }
1d80f1e6SMatthias Ringwald    if ((setup->sm_key_distribution_send_set &   SM_KEYDIST_FLAG_MASTER_IDENTIFICATION) != 0u){
403280b9SMatthias Ringwald        setup->sm_key_distribution_send_set &= ~SM_KEYDIST_FLAG_MASTER_IDENTIFICATION;
403280b9SMatthias Ringwald        setup->sm_key_distribution_sent_set |=  SM_KEYDIST_FLAG_MASTER_IDENTIFICATION;
403280b9SMatthias Ringwald        uint8_t buffer[11];
403280b9SMatthias Ringwald        buffer[0] = SM_CODE_MASTER_IDENTIFICATION;
403280b9SMatthias Ringwald        little_endian_store_16(buffer, 1, setup->sm_local_ediv);
403280b9SMatthias Ringwald        reverse_64(setup->sm_local_rand, &buffer[3]);
687a03c8SMatthias Ringwald        sm_send_connectionless(connection, (uint8_t*) buffer, sizeof(buffer));
403280b9SMatthias Ringwald        sm_timeout_reset(connection);
403280b9SMatthias Ringwald        return;
403280b9SMatthias Ringwald    }
1d80f1e6SMatthias Ringwald    if ((setup->sm_key_distribution_send_set &   SM_KEYDIST_FLAG_IDENTITY_INFORMATION) != 0u){
403280b9SMatthias Ringwald        setup->sm_key_distribution_send_set &= ~SM_KEYDIST_FLAG_IDENTITY_INFORMATION;
403280b9SMatthias Ringwald        setup->sm_key_distribution_sent_set |=  SM_KEYDIST_FLAG_IDENTITY_INFORMATION;
403280b9SMatthias Ringwald        uint8_t buffer[17];
403280b9SMatthias Ringwald        buffer[0] = SM_CODE_IDENTITY_INFORMATION;
403280b9SMatthias Ringwald        reverse_128(sm_persistent_irk, &buffer[1]);
687a03c8SMatthias Ringwald        sm_send_connectionless(connection, (uint8_t*) buffer, sizeof(buffer));
403280b9SMatthias Ringwald        sm_timeout_reset(connection);
403280b9SMatthias Ringwald        return;
403280b9SMatthias Ringwald    }
1d80f1e6SMatthias Ringwald    if ((setup->sm_key_distribution_send_set &   SM_KEYDIST_FLAG_IDENTITY_ADDRESS_INFORMATION) != 0u){
403280b9SMatthias Ringwald        setup->sm_key_distribution_send_set &= ~SM_KEYDIST_FLAG_IDENTITY_ADDRESS_INFORMATION;
403280b9SMatthias Ringwald        setup->sm_key_distribution_sent_set |=  SM_KEYDIST_FLAG_IDENTITY_ADDRESS_INFORMATION;
403280b9SMatthias Ringwald        bd_addr_t local_address;
403280b9SMatthias Ringwald        uint8_t buffer[8];
403280b9SMatthias Ringwald        buffer[0] = SM_CODE_IDENTITY_ADDRESS_INFORMATION;
403280b9SMatthias Ringwald        switch (gap_random_address_get_mode()){
403280b9SMatthias Ringwald            case GAP_RANDOM_ADDRESS_TYPE_OFF:
403280b9SMatthias Ringwald            case GAP_RANDOM_ADDRESS_TYPE_STATIC:
403280b9SMatthias Ringwald                // public or static random
403280b9SMatthias Ringwald                gap_le_get_own_address(&buffer[1], local_address);
403280b9SMatthias Ringwald                break;
403280b9SMatthias Ringwald            case GAP_RANDOM_ADDRESS_NON_RESOLVABLE:
403280b9SMatthias Ringwald            case GAP_RANDOM_ADDRESS_RESOLVABLE:
403280b9SMatthias Ringwald                // fallback to public
403280b9SMatthias Ringwald                gap_local_bd_addr(local_address);
403280b9SMatthias Ringwald                buffer[1] = 0;
403280b9SMatthias Ringwald                break;
403280b9SMatthias Ringwald            default:
403280b9SMatthias Ringwald                btstack_assert(false);
403280b9SMatthias Ringwald                break;
403280b9SMatthias Ringwald        }
403280b9SMatthias Ringwald        reverse_bd_addr(local_address, &buffer[2]);
687a03c8SMatthias Ringwald        sm_send_connectionless(connection, (uint8_t*) buffer, sizeof(buffer));
403280b9SMatthias Ringwald        sm_timeout_reset(connection);
403280b9SMatthias Ringwald        return;
403280b9SMatthias Ringwald    }
1d80f1e6SMatthias Ringwald    if ((setup->sm_key_distribution_send_set &   SM_KEYDIST_FLAG_SIGNING_IDENTIFICATION) != 0u){
403280b9SMatthias Ringwald        setup->sm_key_distribution_send_set &= ~SM_KEYDIST_FLAG_SIGNING_IDENTIFICATION;
403280b9SMatthias Ringwald        setup->sm_key_distribution_sent_set |=  SM_KEYDIST_FLAG_SIGNING_IDENTIFICATION;
403280b9SMatthias Ringwald
403280b9SMatthias Ringwald#ifdef ENABLE_LE_SIGNED_WRITE
403280b9SMatthias Ringwald        // hack to reproduce test runs
403280b9SMatthias Ringwald                    if (test_use_fixed_local_csrk){
403280b9SMatthias Ringwald                        memset(setup->sm_local_csrk, 0xcc, 16);
403280b9SMatthias Ringwald                    }
403280b9SMatthias Ringwald
403280b9SMatthias Ringwald                    // store local CSRK
403280b9SMatthias Ringwald                    if (setup->sm_le_device_index >= 0){
403280b9SMatthias Ringwald                        log_info("sm: store local CSRK");
403280b9SMatthias Ringwald                        le_device_db_local_csrk_set(setup->sm_le_device_index, setup->sm_local_csrk);
403280b9SMatthias Ringwald                        le_device_db_local_counter_set(setup->sm_le_device_index, 0);
403280b9SMatthias Ringwald                    }
403280b9SMatthias Ringwald#endif
403280b9SMatthias Ringwald
403280b9SMatthias Ringwald        uint8_t buffer[17];
403280b9SMatthias Ringwald        buffer[0] = SM_CODE_SIGNING_INFORMATION;
403280b9SMatthias Ringwald        reverse_128(setup->sm_local_csrk, &buffer[1]);
687a03c8SMatthias Ringwald        sm_send_connectionless(connection, (uint8_t*) buffer, sizeof(buffer));
403280b9SMatthias Ringwald        sm_timeout_reset(connection);
403280b9SMatthias Ringwald        return;
403280b9SMatthias Ringwald    }
403280b9SMatthias Ringwald    btstack_assert(false);
403280b9SMatthias Ringwald}
403280b9SMatthias Ringwald
bbd73538SMatthias Ringwaldstatic bool sm_ctkd_from_le(sm_connection_t *sm_connection) {
bbd73538SMatthias Ringwald#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
bbd73538SMatthias Ringwald    // requirements to derive link key from  LE:
bbd73538SMatthias Ringwald    // - use secure connections
bbd73538SMatthias Ringwald    if (setup->sm_use_secure_connections == 0) return false;
bbd73538SMatthias Ringwald    // - bonding needs to be enabled:
bbd73538SMatthias Ringwald    bool bonding_enabled = (sm_pairing_packet_get_auth_req(setup->sm_m_preq) & sm_pairing_packet_get_auth_req(setup->sm_s_pres) & SM_AUTHREQ_BONDING ) != 0u;
bbd73538SMatthias Ringwald    if (!bonding_enabled) return false;
bbd73538SMatthias Ringwald    // - need identity address / public addr
bbd73538SMatthias Ringwald    bool have_identity_address_info = ((setup->sm_key_distribution_received_set & SM_KEYDIST_FLAG_IDENTITY_ADDRESS_INFORMATION) != 0) || (setup->sm_peer_addr_type == 0);
bbd73538SMatthias Ringwald    if (!have_identity_address_info) return false;
bbd73538SMatthias Ringwald    // - there is no stored BR/EDR link key or the derived key has at least the same level of authentication (bail if stored key has higher authentication)
bbd73538SMatthias Ringwald    //   this requirement is motivated by BLURtooth paper. The paper recommends to not overwrite keys at all.
bbd73538SMatthias Ringwald    //      If SC is authenticated, we consider it safe to overwrite a stored key.
bbd73538SMatthias Ringwald    //      If stored link key is not authenticated, it could already be compromised by a MITM attack. Allowing overwrite by unauthenticated derived key does not make it worse.
bbd73538SMatthias Ringwald    uint8_t link_key[16];
bbd73538SMatthias Ringwald    link_key_type_t link_key_type;
bbd73538SMatthias Ringwald    bool have_link_key             = gap_get_link_key_for_bd_addr(setup->sm_peer_address, link_key, &link_key_type);
7040ba26SMatthias Ringwald    bool link_key_authenticated    = gap_authenticated_for_link_key_type(link_key_type);
bbd73538SMatthias Ringwald    bool derived_key_authenticated = sm_connection->sm_connection_authenticated != 0;
bbd73538SMatthias Ringwald    if (have_link_key && link_key_authenticated && !derived_key_authenticated) {
bbd73538SMatthias Ringwald        return false;
bbd73538SMatthias Ringwald    }
bbd73538SMatthias Ringwald    // get started (all of the above are true)
bbd73538SMatthias Ringwald    return true;
bbd73538SMatthias Ringwald#else
bbd73538SMatthias Ringwald    UNUSED(sm_connection);
bbd73538SMatthias Ringwald	return false;
bbd73538SMatthias Ringwald#endif
bbd73538SMatthias Ringwald}
bbd73538SMatthias Ringwald
6a718a5eSMatthias Ringwald#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
6a718a5eSMatthias Ringwaldstatic bool sm_ctkd_from_classic(sm_connection_t * sm_connection){
6a718a5eSMatthias Ringwald    hci_connection_t * hci_connection = hci_connection_for_handle(sm_connection->sm_handle);
6a718a5eSMatthias Ringwald    btstack_assert(hci_connection != NULL);
6a718a5eSMatthias Ringwald    // requirements to derive ltk from BR/EDR:
6a718a5eSMatthias Ringwald    // - BR/EDR uses secure connections
6a718a5eSMatthias Ringwald    if (gap_secure_connection_for_link_key_type(hci_connection->link_key_type) == false) return false;
6a718a5eSMatthias Ringwald    // - there is no stored LTK or the derived key has at least the same level of authentication (bail if LTK is authenticated but Link Key isn't)
6a718a5eSMatthias Ringwald    bool link_key_authenticated = gap_authenticated_for_link_key_type(hci_connection->link_key_type);
6a718a5eSMatthias Ringwald    if (link_key_authenticated) return true;
6a718a5eSMatthias Ringwald    int index = sm_le_device_db_index_lookup(BD_ADDR_TYPE_LE_PUBLIC, hci_connection->address);
6a718a5eSMatthias Ringwald    if (index >= 0){
6a718a5eSMatthias Ringwald        int ltk_authenticated;
6a718a5eSMatthias Ringwald        sm_key_t ltk;
6a718a5eSMatthias Ringwald        le_device_db_encryption_get(sm_connection->sm_le_db_index, NULL, NULL, ltk, NULL, &ltk_authenticated, NULL, NULL);
6a718a5eSMatthias Ringwald        bool have_ltk = !sm_is_null_key(ltk);
6a718a5eSMatthias Ringwald        if (have_ltk && ltk_authenticated) return false;
6a718a5eSMatthias Ringwald    }
6a718a5eSMatthias Ringwald    return true;
6a718a5eSMatthias Ringwald}
6a718a5eSMatthias Ringwald#endif
6a718a5eSMatthias Ringwald
6f7422f1SMatthias Ringwaldstatic void sm_key_distribution_complete_responder(sm_connection_t * connection){
6f7422f1SMatthias Ringwald    if (sm_ctkd_from_le(connection)){
6f7422f1SMatthias Ringwald        bool use_h7 = (sm_pairing_packet_get_auth_req(setup->sm_m_preq) & sm_pairing_packet_get_auth_req(setup->sm_s_pres) & SM_AUTHREQ_CT2) != 0;
6f7422f1SMatthias Ringwald        connection->sm_engine_state = use_h7 ? SM_SC_W2_CALCULATE_ILK_USING_H7 : SM_SC_W2_CALCULATE_ILK_USING_H6;
6f7422f1SMatthias Ringwald    } else {
6f7422f1SMatthias Ringwald        connection->sm_engine_state = SM_RESPONDER_IDLE;
6f7422f1SMatthias Ringwald        sm_pairing_complete(connection, ERROR_CODE_SUCCESS, 0);
6f7422f1SMatthias Ringwald        sm_done_for_handle(connection->sm_handle);
6f7422f1SMatthias Ringwald    }
6f7422f1SMatthias Ringwald}
6f7422f1SMatthias Ringwald
af7ef9d1SMatthias Ringwaldstatic void sm_key_distribution_complete_initiator(sm_connection_t * connection){
af7ef9d1SMatthias Ringwald    if (sm_ctkd_from_le(connection)){
af7ef9d1SMatthias Ringwald        bool use_h7 = (sm_pairing_packet_get_auth_req(setup->sm_m_preq) & sm_pairing_packet_get_auth_req(setup->sm_s_pres) & SM_AUTHREQ_CT2) != 0;
af7ef9d1SMatthias Ringwald        connection->sm_engine_state = use_h7 ? SM_SC_W2_CALCULATE_ILK_USING_H7 : SM_SC_W2_CALCULATE_ILK_USING_H6;
af7ef9d1SMatthias Ringwald    } else {
af7ef9d1SMatthias Ringwald        sm_master_pairing_success(connection);
af7ef9d1SMatthias Ringwald    }
af7ef9d1SMatthias Ringwald}
af7ef9d1SMatthias Ringwald
b919f264SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
b919f264SMatthias Ringwaldstatic void sm_run_state_sc_send_confirmation(sm_connection_t *connection) {
b919f264SMatthias Ringwald    uint8_t buffer[17];
b919f264SMatthias Ringwald    buffer[0] = SM_CODE_PAIRING_CONFIRM;
b919f264SMatthias Ringwald    reverse_128(setup->sm_local_confirm, &buffer[1]);
b919f264SMatthias Ringwald    if (IS_RESPONDER(connection->sm_role)){
b919f264SMatthias Ringwald        connection->sm_engine_state = SM_SC_W4_PAIRING_RANDOM;
b919f264SMatthias Ringwald    } else {
b919f264SMatthias Ringwald        connection->sm_engine_state = SM_SC_W4_CONFIRMATION;
b919f264SMatthias Ringwald    }
b919f264SMatthias Ringwald    sm_send_connectionless(connection, (uint8_t*) buffer, sizeof(buffer));
b919f264SMatthias Ringwald    sm_timeout_reset(connection);
b919f264SMatthias Ringwald}
b919f264SMatthias Ringwald
b919f264SMatthias Ringwaldstatic void sm_run_state_sc_send_pairing_random(sm_connection_t *connection) {
b919f264SMatthias Ringwald    uint8_t buffer[17];
b919f264SMatthias Ringwald    buffer[0] = SM_CODE_PAIRING_RANDOM;
b919f264SMatthias Ringwald    reverse_128(setup->sm_local_nonce, &buffer[1]);
b919f264SMatthias Ringwald    log_info("stk method %u, bit num: %u", setup->sm_stk_generation_method, setup->sm_passkey_bit);
b919f264SMatthias Ringwald    if (sm_passkey_entry(setup->sm_stk_generation_method) && (setup->sm_passkey_bit < 20u)){
b919f264SMatthias Ringwald        log_info("SM_SC_SEND_PAIRING_RANDOM A");
b919f264SMatthias Ringwald        if (IS_RESPONDER(connection->sm_role)){
b919f264SMatthias Ringwald            // responder
b919f264SMatthias Ringwald            connection->sm_engine_state = SM_SC_W4_CONFIRMATION;
b919f264SMatthias Ringwald        } else {
b919f264SMatthias Ringwald            // initiator
b919f264SMatthias Ringwald            connection->sm_engine_state = SM_SC_W4_PAIRING_RANDOM;
b919f264SMatthias Ringwald        }
b919f264SMatthias Ringwald    } else {
b919f264SMatthias Ringwald        log_info("SM_SC_SEND_PAIRING_RANDOM B");
b919f264SMatthias Ringwald        if (IS_RESPONDER(connection->sm_role)){
b919f264SMatthias Ringwald            // responder
b919f264SMatthias Ringwald            if (setup->sm_stk_generation_method == NUMERIC_COMPARISON){
b919f264SMatthias Ringwald                log_info("SM_SC_SEND_PAIRING_RANDOM B1");
b919f264SMatthias Ringwald                connection->sm_engine_state = SM_SC_W2_CALCULATE_G2;
b919f264SMatthias Ringwald            } else {
b919f264SMatthias Ringwald                log_info("SM_SC_SEND_PAIRING_RANDOM B2");
b919f264SMatthias Ringwald                sm_sc_prepare_dhkey_check(connection);
b919f264SMatthias Ringwald            }
b919f264SMatthias Ringwald        } else {
b919f264SMatthias Ringwald            // initiator
b919f264SMatthias Ringwald            connection->sm_engine_state = SM_SC_W4_PAIRING_RANDOM;
b919f264SMatthias Ringwald        }
b919f264SMatthias Ringwald    }
b919f264SMatthias Ringwald    sm_send_connectionless(connection, (uint8_t*) buffer, sizeof(buffer));
b919f264SMatthias Ringwald    sm_timeout_reset(connection);
b919f264SMatthias Ringwald}
b919f264SMatthias Ringwald
b919f264SMatthias Ringwaldstatic void sm_run_state_sc_send_dhkey_check_command(sm_connection_t *connection) {
b919f264SMatthias Ringwald    uint8_t buffer[17];
b919f264SMatthias Ringwald    buffer[0] = SM_CODE_PAIRING_DHKEY_CHECK;
b919f264SMatthias Ringwald    reverse_128(setup->sm_local_dhkey_check, &buffer[1]);
b919f264SMatthias Ringwald
b919f264SMatthias Ringwald    if (IS_RESPONDER(connection->sm_role)){
b919f264SMatthias Ringwald        connection->sm_engine_state = SM_SC_W4_LTK_REQUEST_SC;
b919f264SMatthias Ringwald    } else {
b919f264SMatthias Ringwald        connection->sm_engine_state = SM_SC_W4_DHKEY_CHECK_COMMAND;
b919f264SMatthias Ringwald    }
b919f264SMatthias Ringwald
b919f264SMatthias Ringwald    sm_send_connectionless(connection, (uint8_t*) buffer, sizeof(buffer));
b919f264SMatthias Ringwald    sm_timeout_reset(connection);
b919f264SMatthias Ringwald}
b919f264SMatthias Ringwald
b919f264SMatthias Ringwaldstatic void sm_run_state_sc_send_public_key_command(sm_connection_t *connection) {
b919f264SMatthias Ringwald    bool trigger_user_response   = false;
b919f264SMatthias Ringwald    bool trigger_start_calculating_local_confirm = false;
b919f264SMatthias Ringwald    uint8_t buffer[65];
b919f264SMatthias Ringwald    buffer[0] = SM_CODE_PAIRING_PUBLIC_KEY;
b919f264SMatthias Ringwald    //
b919f264SMatthias Ringwald    reverse_256(&ec_q[0],  &buffer[1]);
b919f264SMatthias Ringwald    reverse_256(&ec_q[32], &buffer[33]);
b919f264SMatthias Ringwald
b919f264SMatthias Ringwald#ifdef ENABLE_TESTING_SUPPORT
b919f264SMatthias Ringwald    if (test_pairing_failure == SM_REASON_DHKEY_CHECK_FAILED){
b919f264SMatthias Ringwald            log_info("testing_support: invalidating public key");
b919f264SMatthias Ringwald            // flip single bit of public key coordinate
b919f264SMatthias Ringwald            buffer[1] ^= 1;
b919f264SMatthias Ringwald        }
b919f264SMatthias Ringwald#endif
b919f264SMatthias Ringwald
b919f264SMatthias Ringwald    // stk generation method
b919f264SMatthias Ringwald// passkey entry: notify app to show passkey or to request passkey
b919f264SMatthias Ringwald    switch (setup->sm_stk_generation_method){
b919f264SMatthias Ringwald        case JUST_WORKS:
b919f264SMatthias Ringwald        case NUMERIC_COMPARISON:
b919f264SMatthias Ringwald            if (IS_RESPONDER(connection->sm_role)){
b919f264SMatthias Ringwald                // responder
b919f264SMatthias Ringwald                trigger_start_calculating_local_confirm = true;
b919f264SMatthias Ringwald                connection->sm_engine_state = SM_SC_W4_LOCAL_NONCE;
b919f264SMatthias Ringwald            } else {
b919f264SMatthias Ringwald                // initiator
b919f264SMatthias Ringwald                connection->sm_engine_state = SM_SC_W4_PUBLIC_KEY_COMMAND;
b919f264SMatthias Ringwald            }
b919f264SMatthias Ringwald            break;
b919f264SMatthias Ringwald        case PK_INIT_INPUT:
b919f264SMatthias Ringwald        case PK_RESP_INPUT:
b919f264SMatthias Ringwald        case PK_BOTH_INPUT:
b919f264SMatthias Ringwald            // use random TK for display
b919f264SMatthias Ringwald            (void)memcpy(setup->sm_ra, setup->sm_tk, 16);
b919f264SMatthias Ringwald            (void)memcpy(setup->sm_rb, setup->sm_tk, 16);
b919f264SMatthias Ringwald            setup->sm_passkey_bit = 0;
b919f264SMatthias Ringwald
b919f264SMatthias Ringwald            if (IS_RESPONDER(connection->sm_role)){
b919f264SMatthias Ringwald                // responder
b919f264SMatthias Ringwald                connection->sm_engine_state = SM_SC_W4_CONFIRMATION;
b919f264SMatthias Ringwald            } else {
b919f264SMatthias Ringwald                // initiator
b919f264SMatthias Ringwald                connection->sm_engine_state = SM_SC_W4_PUBLIC_KEY_COMMAND;
b919f264SMatthias Ringwald            }
b919f264SMatthias Ringwald            trigger_user_response = true;
b919f264SMatthias Ringwald            break;
b919f264SMatthias Ringwald        case OOB:
b919f264SMatthias Ringwald            if (IS_RESPONDER(connection->sm_role)){
b919f264SMatthias Ringwald                // responder
b919f264SMatthias Ringwald                connection->sm_engine_state = SM_SC_W4_PAIRING_RANDOM;
b919f264SMatthias Ringwald            } else {
b919f264SMatthias Ringwald                // initiator
b919f264SMatthias Ringwald                connection->sm_engine_state = SM_SC_W4_PUBLIC_KEY_COMMAND;
b919f264SMatthias Ringwald            }
b919f264SMatthias Ringwald            break;
b919f264SMatthias Ringwald        default:
b919f264SMatthias Ringwald            btstack_assert(false);
b919f264SMatthias Ringwald            break;
b919f264SMatthias Ringwald    }
b919f264SMatthias Ringwald
b919f264SMatthias Ringwald    sm_send_connectionless(connection, (uint8_t*) buffer, sizeof(buffer));
b919f264SMatthias Ringwald    sm_timeout_reset(connection);
b919f264SMatthias Ringwald
b919f264SMatthias Ringwald    // trigger user response and calc confirm after sending pdu
b919f264SMatthias Ringwald    if (trigger_user_response){
b919f264SMatthias Ringwald        sm_trigger_user_response(connection);
b919f264SMatthias Ringwald    }
b919f264SMatthias Ringwald    if (trigger_start_calculating_local_confirm){
b919f264SMatthias Ringwald        sm_sc_start_calculating_local_confirm(connection);
b919f264SMatthias Ringwald    }
b919f264SMatthias Ringwald}
b919f264SMatthias Ringwald#endif
b919f264SMatthias Ringwald
de42cac5SMatthias Ringwaldstatic bool sm_run_non_connection_logic(void){
de42cac5SMatthias Ringwald    bool done;;
de42cac5SMatthias Ringwald
de42cac5SMatthias Ringwald    done = sm_run_dpkg();
de42cac5SMatthias Ringwald    if (done) return true;
de42cac5SMatthias Ringwald
de42cac5SMatthias Ringwald    done = sm_run_rau();
de42cac5SMatthias Ringwald    if (done) return true;
de42cac5SMatthias Ringwald
51258968SMatthias Ringwald    done = sm_run_irk_lookup();
de42cac5SMatthias Ringwald    if (done) return true;
de42cac5SMatthias Ringwald
de42cac5SMatthias Ringwald    done = sm_run_oob();
de42cac5SMatthias Ringwald    return done;
de42cac5SMatthias Ringwald}
b919f264SMatthias Ringwald
*f99c988aSMatthias Ringwaldstatic bool sm_run_ready(void) {
*f99c988aSMatthias Ringwald    // assert that stack has already booted
*f99c988aSMatthias Ringwald    if (hci_get_state() != HCI_STATE_WORKING) return false;
d7f1c72eSMatthias Ringwald
d7f1c72eSMatthias Ringwald    // assert that we can send at least commands
*f99c988aSMatthias Ringwald    if (!hci_can_send_command_packet_now()) return false;
d7f1c72eSMatthias Ringwald
d7f1c72eSMatthias Ringwald    // pause until IR/ER are ready
*f99c988aSMatthias Ringwald    if (sm_persistent_keys_random_active) return false;
*f99c988aSMatthias Ringwald
*f99c988aSMatthias Ringwald    return true;
*f99c988aSMatthias Ringwald}
*f99c988aSMatthias Ringwald
*f99c988aSMatthias Ringwaldstatic void sm_run(void){
*f99c988aSMatthias Ringwald
*f99c988aSMatthias Ringwald    // ready
*f99c988aSMatthias Ringwald    if (sm_run_ready() == false) return;
d7f1c72eSMatthias Ringwald
d7f1c72eSMatthias Ringwald    // non-connection related behaviour
de42cac5SMatthias Ringwald    bool done = sm_run_non_connection_logic();
d7f1c72eSMatthias Ringwald    if (done) return;
d7f1c72eSMatthias Ringwald
d7f1c72eSMatthias Ringwald    // assert that we can send at least commands - cmd might have been sent by crypto engine
d7f1c72eSMatthias Ringwald    if (!hci_can_send_command_packet_now()) return;
d7f1c72eSMatthias Ringwald
d7f1c72eSMatthias Ringwald    // handle basic actions that don't requires the full context
d7f1c72eSMatthias Ringwald    done = sm_run_basic();
d7f1c72eSMatthias Ringwald    if (done) return;
d7f1c72eSMatthias Ringwald
d7f1c72eSMatthias Ringwald    //
d7f1c72eSMatthias Ringwald    // active connection handling
d7f1c72eSMatthias Ringwald    // -- use loop to handle next connection if lock on setup context is released
d7f1c72eSMatthias Ringwald
d7f1c72eSMatthias Ringwald    while (true) {
d7f1c72eSMatthias Ringwald
d7f1c72eSMatthias Ringwald        sm_run_activate_connection();
d7f1c72eSMatthias Ringwald
d7f1c72eSMatthias Ringwald        if (sm_active_connection_handle == HCI_CON_HANDLE_INVALID) return;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald        //
3deb3ec6SMatthias Ringwald        // active connection handling
3deb3ec6SMatthias Ringwald        //
3deb3ec6SMatthias Ringwald
3cf37b8cSMatthias Ringwald        sm_connection_t * connection = sm_get_connection_for_handle(sm_active_connection_handle);
3cf37b8cSMatthias Ringwald        if (!connection) {
3cf37b8cSMatthias Ringwald            log_info("no connection for handle 0x%04x", sm_active_connection_handle);
3cf37b8cSMatthias Ringwald            return;
3cf37b8cSMatthias Ringwald        }
3cf37b8cSMatthias Ringwald
3deb3ec6SMatthias Ringwald        // assert that we could send a SM PDU - not needed for all of the following
384eabd3SMatthias Ringwald        if (!l2cap_can_send_fixed_channel_packet_now(sm_active_connection_handle, connection->sm_cid)) {
7149bde5SMatthias Ringwald            log_info("cannot send now, requesting can send now event");
384eabd3SMatthias Ringwald            l2cap_request_can_send_fix_channel_now_event(sm_active_connection_handle, connection->sm_cid);
b170b20fSMatthias Ringwald            return;
b170b20fSMatthias Ringwald        }
3deb3ec6SMatthias Ringwald
3d7fe1e9SMatthias Ringwald        // send keypress notifications
1d80f1e6SMatthias Ringwald        if (setup->sm_keypress_notification != 0u){
403280b9SMatthias Ringwald            sm_run_send_keypress_notification(connection);
d7471931SMatthias Ringwald            return;
3d7fe1e9SMatthias Ringwald        }
3d7fe1e9SMatthias Ringwald
f7ea4423SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
234022e5SMatthias Ringwald        // assert that sm cmac engine is ready
234022e5SMatthias Ringwald        if (sm_cmac_ready() == false){
234022e5SMatthias Ringwald            break;
234022e5SMatthias Ringwald        }
f7ea4423SMatthias Ringwald#endif
234022e5SMatthias Ringwald
2e7060d6SMatthias Ringwald        // initialize to avoid 'maybe used uninitialized' error
2e7060d6SMatthias Ringwald        int key_distribution_flags = 0;
42134bc6SMatthias Ringwald        UNUSED(key_distribution_flags);
b6f39a74SMatthias Ringwald#ifdef ENABLE_LE_PERIPHERAL
b6afa23eSMatthias Ringwald        int err;
9b75de03SMatthias Ringwald        bool have_ltk;
9b75de03SMatthias Ringwald        uint8_t ltk[16];
b6f39a74SMatthias Ringwald#endif
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald        log_info("sm_run: state %u", connection->sm_engine_state);
3deb3ec6SMatthias Ringwald        switch (connection->sm_engine_state){
3deb3ec6SMatthias Ringwald
f32b7a88SMatthias Ringwald            // secure connections, initiator + responding states
aec94140SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
aec94140SMatthias Ringwald            case SM_SC_W2_CMAC_FOR_CONFIRMATION:
aec94140SMatthias Ringwald                connection->sm_engine_state = SM_SC_W4_CMAC_FOR_CONFIRMATION;
aec94140SMatthias Ringwald                sm_sc_calculate_local_confirm(connection);
aec94140SMatthias Ringwald                break;
688a08f9SMatthias Ringwald            case SM_SC_W2_CMAC_FOR_CHECK_CONFIRMATION:
688a08f9SMatthias Ringwald                connection->sm_engine_state = SM_SC_W4_CMAC_FOR_CHECK_CONFIRMATION;
688a08f9SMatthias Ringwald                sm_sc_calculate_remote_confirm(connection);
688a08f9SMatthias Ringwald                break;
dc300847SMatthias Ringwald            case SM_SC_W2_CALCULATE_F6_FOR_DHKEY_CHECK:
dc300847SMatthias Ringwald                connection->sm_engine_state = SM_SC_W4_CALCULATE_F6_FOR_DHKEY_CHECK;
dc300847SMatthias Ringwald                sm_sc_calculate_f6_for_dhkey_check(connection);
dc300847SMatthias Ringwald                break;
019005a0SMatthias Ringwald            case SM_SC_W2_CALCULATE_F6_TO_VERIFY_DHKEY_CHECK:
019005a0SMatthias Ringwald                connection->sm_engine_state = SM_SC_W4_CALCULATE_F6_TO_VERIFY_DHKEY_CHECK;
0346c37cSMatthias Ringwald                sm_sc_calculate_f6_to_verify_dhkey_check(connection);
0346c37cSMatthias Ringwald                break;
0346c37cSMatthias Ringwald            case SM_SC_W2_CALCULATE_F5_SALT:
0346c37cSMatthias Ringwald                connection->sm_engine_state = SM_SC_W4_CALCULATE_F5_SALT;
0346c37cSMatthias Ringwald                f5_calculate_salt(connection);
0346c37cSMatthias Ringwald                break;
0346c37cSMatthias Ringwald            case SM_SC_W2_CALCULATE_F5_MACKEY:
0346c37cSMatthias Ringwald                connection->sm_engine_state = SM_SC_W4_CALCULATE_F5_MACKEY;
0346c37cSMatthias Ringwald                f5_calculate_mackey(connection);
0346c37cSMatthias Ringwald                break;
0346c37cSMatthias Ringwald            case SM_SC_W2_CALCULATE_F5_LTK:
0346c37cSMatthias Ringwald                connection->sm_engine_state = SM_SC_W4_CALCULATE_F5_LTK;
0346c37cSMatthias Ringwald                f5_calculate_ltk(connection);
019005a0SMatthias Ringwald                break;
bd57ffebSMatthias Ringwald            case SM_SC_W2_CALCULATE_G2:
bd57ffebSMatthias Ringwald                connection->sm_engine_state = SM_SC_W4_CALCULATE_G2;
b35a3de2SMatthias Ringwald                g2_calculate(connection);
bd57ffebSMatthias Ringwald                break;
e0a03c85SMatthias Ringwald#endif
e0a03c85SMatthias Ringwald
42134bc6SMatthias Ringwald#ifdef ENABLE_LE_CENTRAL
3deb3ec6SMatthias Ringwald            // initiator side
f32b7a88SMatthias Ringwald
5567aa60SMatthias Ringwald            case SM_INITIATOR_PH4_HAS_LTK: {
f32b7a88SMatthias Ringwald				sm_reset_setup();
f32b7a88SMatthias Ringwald				sm_load_security_info(connection);
f32b7a88SMatthias Ringwald
bcab6650SMatthias Ringwald                // cache key before using
f76e733aSMatthias Ringwald                sm_cache_ltk(connection, setup->sm_peer_ltk);
bcab6650SMatthias Ringwald
3deb3ec6SMatthias Ringwald                sm_key_t peer_ltk_flipped;
9c80e4ccSMatthias Ringwald                reverse_128(setup->sm_peer_ltk, peer_ltk_flipped);
5567aa60SMatthias Ringwald                connection->sm_engine_state = SM_PH4_W4_CONNECTION_ENCRYPTED;
3deb3ec6SMatthias Ringwald                log_info("sm: hci_le_start_encryption ediv 0x%04x", setup->sm_peer_ediv);
c9b8fdd9SMatthias Ringwald                uint32_t rand_high = big_endian_read_32(setup->sm_peer_rand, 0);
c9b8fdd9SMatthias Ringwald                uint32_t rand_low  = big_endian_read_32(setup->sm_peer_rand, 4);
3deb3ec6SMatthias Ringwald                hci_send_cmd(&hci_le_start_encryption, connection->sm_handle,rand_low, rand_high, setup->sm_peer_ediv, peer_ltk_flipped);
49c9e430SMatthias Ringwald
49c9e430SMatthias Ringwald                // notify after sending
49c9e430SMatthias Ringwald                sm_reencryption_started(connection);
3deb3ec6SMatthias Ringwald                return;
3deb3ec6SMatthias Ringwald            }
3deb3ec6SMatthias Ringwald
b26f445fSMatthias Ringwald			case SM_INITIATOR_PH1_W2_SEND_PAIRING_REQUEST:
b26f445fSMatthias Ringwald				sm_reset_setup();
b26f445fSMatthias Ringwald				sm_init_setup(connection);
b26f445fSMatthias Ringwald
1ad129beSMatthias Ringwald                sm_pairing_packet_set_code(setup->sm_m_preq, SM_CODE_PAIRING_REQUEST);
3deb3ec6SMatthias Ringwald                connection->sm_engine_state = SM_INITIATOR_PH1_W4_PAIRING_RESPONSE;
687a03c8SMatthias Ringwald                sm_send_connectionless(connection, (uint8_t*) &setup->sm_m_preq, sizeof(sm_pairing_packet_t));
3deb3ec6SMatthias Ringwald                sm_timeout_reset(connection);
49c9e430SMatthias Ringwald
49c9e430SMatthias Ringwald                // notify after sending
49c9e430SMatthias Ringwald                sm_pairing_started(connection);
3deb3ec6SMatthias Ringwald                break;
42134bc6SMatthias Ringwald#endif
3deb3ec6SMatthias Ringwald
27c32905SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
b919f264SMatthias Ringwald            case SM_SC_SEND_PUBLIC_KEY_COMMAND:
b919f264SMatthias Ringwald                sm_run_state_sc_send_public_key_command(connection);
45a61d50SMatthias Ringwald                break;
b919f264SMatthias Ringwald            case SM_SC_SEND_CONFIRMATION:
b919f264SMatthias Ringwald                sm_run_state_sc_send_confirmation(connection);
45a61d50SMatthias Ringwald                break;
b919f264SMatthias Ringwald            case SM_SC_SEND_PAIRING_RANDOM:
b919f264SMatthias Ringwald                sm_run_state_sc_send_pairing_random(connection);
45a61d50SMatthias Ringwald                break;
b919f264SMatthias Ringwald            case SM_SC_SEND_DHKEY_CHECK_COMMAND:
b919f264SMatthias Ringwald                sm_run_state_sc_send_dhkey_check_command(connection);
7bbeb3adSMilanka Ringwald                break;
e53be891SMatthias Ringwald#endif
42134bc6SMatthias Ringwald
42134bc6SMatthias Ringwald#ifdef ENABLE_LE_PERIPHERAL
dd12a62bSMatthias Ringwald
87014f74SMatthias Ringwald			case SM_RESPONDER_SEND_SECURITY_REQUEST: {
87014f74SMatthias Ringwald				const uint8_t buffer[2] = {SM_CODE_SECURITY_REQUEST, sm_auth_req};
87014f74SMatthias Ringwald				connection->sm_engine_state = SM_RESPONDER_PH1_W4_PAIRING_REQUEST;
687a03c8SMatthias Ringwald				sm_send_connectionless(connection,  (uint8_t *) buffer, sizeof(buffer));
c8d0ff33SMatthias Ringwald				sm_timeout_start(connection);
87014f74SMatthias Ringwald				break;
87014f74SMatthias Ringwald			}
87014f74SMatthias Ringwald
38196718SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
38196718SMatthias Ringwald			case SM_SC_RECEIVED_LTK_REQUEST:
38196718SMatthias Ringwald				switch (connection->sm_irk_lookup_state){
38196718SMatthias Ringwald					case IRK_LOOKUP_SUCCEEDED:
38196718SMatthias Ringwald						// assuming Secure Connection, we have a stored LTK and the EDIV/RAND are null
38196718SMatthias Ringwald						// start using context by loading security info
38196718SMatthias Ringwald						sm_reset_setup();
38196718SMatthias Ringwald						sm_load_security_info(connection);
38196718SMatthias Ringwald						if ((setup->sm_peer_ediv == 0u) && sm_is_null_random(setup->sm_peer_rand) && !sm_is_null_key(setup->sm_peer_ltk)){
38196718SMatthias Ringwald							(void)memcpy(setup->sm_ltk, setup->sm_peer_ltk, 16);
38196718SMatthias Ringwald							connection->sm_engine_state = SM_RESPONDER_PH4_SEND_LTK_REPLY;
42646f38SMatthias Ringwald                            sm_reencryption_started(connection);
38196718SMatthias Ringwald                            sm_trigger_run();
38196718SMatthias Ringwald							break;
38196718SMatthias Ringwald						}
38196718SMatthias Ringwald						log_info("LTK Request: ediv & random are empty, but no stored LTK (IRK Lookup Succeeded)");
38196718SMatthias Ringwald						connection->sm_engine_state = SM_RESPONDER_IDLE;
38196718SMatthias Ringwald						hci_send_cmd(&hci_le_long_term_key_negative_reply, connection->sm_handle);
38196718SMatthias Ringwald						return;
38196718SMatthias Ringwald					default:
38196718SMatthias Ringwald						// just wait until IRK lookup is completed
38196718SMatthias Ringwald						break;
38196718SMatthias Ringwald				}
38196718SMatthias Ringwald				break;
38196718SMatthias Ringwald#endif /* ENABLE_LE_SECURE_CONNECTIONS */
38196718SMatthias Ringwald
b6afa23eSMatthias Ringwald			case SM_RESPONDER_PH1_PAIRING_REQUEST_RECEIVED:
b6afa23eSMatthias Ringwald                sm_reset_setup();
9b75de03SMatthias Ringwald
9b75de03SMatthias Ringwald			    // handle Pairing Request with LTK available
9b75de03SMatthias Ringwald                switch (connection->sm_irk_lookup_state) {
9b75de03SMatthias Ringwald                    case IRK_LOOKUP_SUCCEEDED:
9b75de03SMatthias Ringwald                        le_device_db_encryption_get(connection->sm_le_db_index, NULL, NULL, ltk, NULL, NULL, NULL, NULL);
9b75de03SMatthias Ringwald                        have_ltk = !sm_is_null_key(ltk);
9b75de03SMatthias Ringwald                        if (have_ltk){
9b75de03SMatthias Ringwald                            log_info("pairing request but LTK available");
19a40772SMatthias Ringwald                            // emit re-encryption start/fail sequence
9b75de03SMatthias Ringwald                            sm_reencryption_started(connection);
9b75de03SMatthias Ringwald                            sm_reencryption_complete(connection, ERROR_CODE_PIN_OR_KEY_MISSING);
9b75de03SMatthias Ringwald                        }
9b75de03SMatthias Ringwald                        break;
9b75de03SMatthias Ringwald                    default:
9b75de03SMatthias Ringwald                        break;
9b75de03SMatthias Ringwald                }
9b75de03SMatthias Ringwald
b6afa23eSMatthias Ringwald				sm_init_setup(connection);
39543d07SMatthias Ringwald
b6afa23eSMatthias Ringwald				// recover pairing request
b6afa23eSMatthias Ringwald				(void)memcpy(&setup->sm_m_preq, &connection->sm_m_preq, sizeof(sm_pairing_packet_t));
b6afa23eSMatthias Ringwald				err = sm_stk_generation_init(connection);
b6afa23eSMatthias Ringwald
b6afa23eSMatthias Ringwald#ifdef ENABLE_TESTING_SUPPORT
b6afa23eSMatthias Ringwald				if ((0 < test_pairing_failure) && (test_pairing_failure < SM_REASON_DHKEY_CHECK_FAILED)){
b6afa23eSMatthias Ringwald                        log_info("testing_support: respond with pairing failure %u", test_pairing_failure);
b6afa23eSMatthias Ringwald                        err = test_pairing_failure;
b6afa23eSMatthias Ringwald                    }
b6afa23eSMatthias Ringwald#endif
9305033eSMatthias Ringwald				if (err != 0){
49c9e430SMatthias Ringwald                    // emit pairing started/failed sequence
49c9e430SMatthias Ringwald                    sm_pairing_started(connection);
f4935286SMatthias Ringwald                    sm_pairing_error(connection, err);
b6afa23eSMatthias Ringwald					sm_trigger_run();
b6afa23eSMatthias Ringwald					break;
b6afa23eSMatthias Ringwald				}
b6afa23eSMatthias Ringwald
b6afa23eSMatthias Ringwald				sm_timeout_start(connection);
b6afa23eSMatthias Ringwald
b6afa23eSMatthias Ringwald				// generate random number first, if we need to show passkey, otherwise send response
b6afa23eSMatthias Ringwald				if (setup->sm_stk_generation_method == PK_INIT_INPUT){
b6afa23eSMatthias Ringwald					btstack_crypto_random_generate(&sm_crypto_random_request, sm_random_data, 8, &sm_handle_random_result_ph2_tk, (void *)(uintptr_t) connection->sm_handle);
b6afa23eSMatthias Ringwald					break;
b6afa23eSMatthias Ringwald				}
b6afa23eSMatthias Ringwald
b6afa23eSMatthias Ringwald				/* fall through */
b6afa23eSMatthias Ringwald
3deb3ec6SMatthias Ringwald            case SM_RESPONDER_PH1_SEND_PAIRING_RESPONSE:
1ad129beSMatthias Ringwald                sm_pairing_packet_set_code(setup->sm_s_pres,SM_CODE_PAIRING_RESPONSE);
f55bd529SMatthias Ringwald
f55bd529SMatthias Ringwald                // start with initiator key dist flags
3deb3ec6SMatthias Ringwald                key_distribution_flags = sm_key_distribution_flags_for_auth_req();
1ad129beSMatthias Ringwald
f55bd529SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
b2072c76SMatthias Ringwald                // LTK (= encryption information & master identification) only exchanged for LE Legacy Connection
f55bd529SMatthias Ringwald                if (setup->sm_use_secure_connections){
f55bd529SMatthias Ringwald                    key_distribution_flags &= ~SM_KEYDIST_ENC_KEY;
f55bd529SMatthias Ringwald                }
f55bd529SMatthias Ringwald#endif
f55bd529SMatthias Ringwald                // setup in response
f55bd529SMatthias Ringwald                sm_pairing_packet_set_initiator_key_distribution(setup->sm_s_pres, sm_pairing_packet_get_initiator_key_distribution(setup->sm_m_preq) & key_distribution_flags);
f55bd529SMatthias Ringwald                sm_pairing_packet_set_responder_key_distribution(setup->sm_s_pres, sm_pairing_packet_get_responder_key_distribution(setup->sm_m_preq) & key_distribution_flags);
f55bd529SMatthias Ringwald
f55bd529SMatthias Ringwald                // update key distribution after ENC was dropped
9a90d41aSMatthias Ringwald                sm_setup_key_distribution(sm_pairing_packet_get_responder_key_distribution(setup->sm_s_pres), sm_pairing_packet_get_initiator_key_distribution(setup->sm_s_pres));
f55bd529SMatthias Ringwald
27c32905SMatthias Ringwald                if (setup->sm_use_secure_connections){
c6b7cbd9SMatthias Ringwald                    connection->sm_engine_state = SM_SC_W4_PUBLIC_KEY_COMMAND;
0b8af2a5SMatthias Ringwald                } else {
0b8af2a5SMatthias Ringwald                    connection->sm_engine_state = SM_RESPONDER_PH1_W4_PAIRING_CONFIRM;
27c32905SMatthias Ringwald                }
0b8af2a5SMatthias Ringwald
687a03c8SMatthias Ringwald                sm_send_connectionless(connection, (uint8_t*) &setup->sm_s_pres, sizeof(sm_pairing_packet_t));
3deb3ec6SMatthias Ringwald                sm_timeout_reset(connection);
49c9e430SMatthias Ringwald
49c9e430SMatthias Ringwald                // notify after sending
49c9e430SMatthias Ringwald                sm_pairing_started(connection);
49c9e430SMatthias Ringwald
446a8c36SMatthias Ringwald                // SC Numeric Comparison will trigger user response after public keys & nonces have been exchanged
c1ab6cc1SMatthias Ringwald                if (!setup->sm_use_secure_connections || (setup->sm_stk_generation_method == JUST_WORKS)){
3deb3ec6SMatthias Ringwald                    sm_trigger_user_response(connection);
446a8c36SMatthias Ringwald                }
3deb3ec6SMatthias Ringwald                return;
42134bc6SMatthias Ringwald#endif
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald            case SM_PH2_SEND_PAIRING_RANDOM: {
3deb3ec6SMatthias Ringwald                uint8_t buffer[17];
3deb3ec6SMatthias Ringwald                buffer[0] = SM_CODE_PAIRING_RANDOM;
9c80e4ccSMatthias Ringwald                reverse_128(setup->sm_local_random, &buffer[1]);
42134bc6SMatthias Ringwald                if (IS_RESPONDER(connection->sm_role)){
3deb3ec6SMatthias Ringwald                    connection->sm_engine_state = SM_RESPONDER_PH2_W4_LTK_REQUEST;
3deb3ec6SMatthias Ringwald                } else {
3deb3ec6SMatthias Ringwald                    connection->sm_engine_state = SM_INITIATOR_PH2_W4_PAIRING_RANDOM;
3deb3ec6SMatthias Ringwald                }
687a03c8SMatthias Ringwald                sm_send_connectionless(connection, (uint8_t*) buffer, sizeof(buffer));
3deb3ec6SMatthias Ringwald                sm_timeout_reset(connection);
3deb3ec6SMatthias Ringwald                break;
3deb3ec6SMatthias Ringwald            }
3deb3ec6SMatthias Ringwald
d1a1f6a4SMatthias Ringwald            case SM_PH2_C1_GET_ENC_A:
3deb3ec6SMatthias Ringwald                // already busy?
3deb3ec6SMatthias Ringwald                if (sm_aes128_state == SM_AES128_ACTIVE) break;
d1a1f6a4SMatthias Ringwald                // calculate confirm using aes128 engine - step 1
d1a1f6a4SMatthias Ringwald                sm_c1_t1(setup->sm_local_random, (uint8_t*) &setup->sm_m_preq, (uint8_t*) &setup->sm_s_pres, setup->sm_m_addr_type, setup->sm_s_addr_type, sm_aes128_plaintext);
d1a1f6a4SMatthias Ringwald                connection->sm_engine_state = SM_PH2_C1_W4_ENC_A;
d1a1f6a4SMatthias Ringwald                sm_aes128_state = SM_AES128_ACTIVE;
f3582630SMatthias Ringwald                btstack_crypto_aes128_encrypt(&sm_crypto_aes128_request, setup->sm_tk, sm_aes128_plaintext, sm_aes128_ciphertext, sm_handle_encryption_result_enc_a, (void *)(uintptr_t) connection->sm_handle);
3deb3ec6SMatthias Ringwald                break;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald            case SM_PH2_C1_GET_ENC_C:
3deb3ec6SMatthias Ringwald                // already busy?
3deb3ec6SMatthias Ringwald                if (sm_aes128_state == SM_AES128_ACTIVE) break;
3deb3ec6SMatthias Ringwald                // calculate m_confirm using aes128 engine - step 1
d1a1f6a4SMatthias Ringwald                sm_c1_t1(setup->sm_peer_random, (uint8_t*) &setup->sm_m_preq, (uint8_t*) &setup->sm_s_pres, setup->sm_m_addr_type, setup->sm_s_addr_type, sm_aes128_plaintext);
d1a1f6a4SMatthias Ringwald                connection->sm_engine_state = SM_PH2_C1_W4_ENC_C;
d1a1f6a4SMatthias Ringwald                sm_aes128_state = SM_AES128_ACTIVE;
f3582630SMatthias Ringwald                btstack_crypto_aes128_encrypt(&sm_crypto_aes128_request, setup->sm_tk, sm_aes128_plaintext, sm_aes128_ciphertext, sm_handle_encryption_result_enc_c, (void *)(uintptr_t) connection->sm_handle);
3deb3ec6SMatthias Ringwald                break;
d1a1f6a4SMatthias Ringwald
3deb3ec6SMatthias Ringwald            case SM_PH2_CALC_STK:
3deb3ec6SMatthias Ringwald                // already busy?
3deb3ec6SMatthias Ringwald                if (sm_aes128_state == SM_AES128_ACTIVE) break;
3deb3ec6SMatthias Ringwald                // calculate STK
42134bc6SMatthias Ringwald                if (IS_RESPONDER(connection->sm_role)){
d1a1f6a4SMatthias Ringwald                    sm_s1_r_prime(setup->sm_local_random, setup->sm_peer_random, sm_aes128_plaintext);
3deb3ec6SMatthias Ringwald                } else {
d1a1f6a4SMatthias Ringwald                    sm_s1_r_prime(setup->sm_peer_random, setup->sm_local_random, sm_aes128_plaintext);
3deb3ec6SMatthias Ringwald                }
d1a1f6a4SMatthias Ringwald                connection->sm_engine_state = SM_PH2_W4_STK;
d1a1f6a4SMatthias Ringwald                sm_aes128_state = SM_AES128_ACTIVE;
f3582630SMatthias Ringwald                btstack_crypto_aes128_encrypt(&sm_crypto_aes128_request, setup->sm_tk, sm_aes128_plaintext, setup->sm_ltk, sm_handle_encryption_result_enc_stk, (void *)(uintptr_t) connection->sm_handle);
3deb3ec6SMatthias Ringwald                break;
d1a1f6a4SMatthias Ringwald
3deb3ec6SMatthias Ringwald            case SM_PH3_Y_GET_ENC:
3deb3ec6SMatthias Ringwald                // already busy?
3deb3ec6SMatthias Ringwald                if (sm_aes128_state == SM_AES128_ACTIVE) break;
3deb3ec6SMatthias Ringwald                // PH3B2 - calculate Y from      - enc
9ad0dd7cSMatthias Ringwald
9ad0dd7cSMatthias Ringwald                // dm helper (was sm_dm_r_prime)
9ad0dd7cSMatthias Ringwald                // r' = padding || r
9ad0dd7cSMatthias Ringwald                // r - 64 bit value
9ad0dd7cSMatthias Ringwald                memset(&sm_aes128_plaintext[0], 0, 8);
6535961aSMatthias Ringwald                (void)memcpy(&sm_aes128_plaintext[8], setup->sm_local_rand, 8);
9ad0dd7cSMatthias Ringwald
3deb3ec6SMatthias Ringwald                // Y = dm(DHK, Rand)
d1a1f6a4SMatthias Ringwald                connection->sm_engine_state = SM_PH3_Y_W4_ENC;
d1a1f6a4SMatthias Ringwald                sm_aes128_state = SM_AES128_ACTIVE;
f3582630SMatthias Ringwald                btstack_crypto_aes128_encrypt(&sm_crypto_aes128_request, sm_persistent_dhk, sm_aes128_plaintext, sm_aes128_ciphertext, sm_handle_encryption_result_enc_ph3_y, (void *)(uintptr_t) connection->sm_handle);
d1a1f6a4SMatthias Ringwald                break;
d1a1f6a4SMatthias Ringwald
3deb3ec6SMatthias Ringwald            case SM_PH2_C1_SEND_PAIRING_CONFIRM: {
3deb3ec6SMatthias Ringwald                uint8_t buffer[17];
3deb3ec6SMatthias Ringwald                buffer[0] = SM_CODE_PAIRING_CONFIRM;
9c80e4ccSMatthias Ringwald                reverse_128(setup->sm_local_confirm, &buffer[1]);
42134bc6SMatthias Ringwald                if (IS_RESPONDER(connection->sm_role)){
3deb3ec6SMatthias Ringwald                    connection->sm_engine_state = SM_RESPONDER_PH2_W4_PAIRING_RANDOM;
3deb3ec6SMatthias Ringwald                } else {
3deb3ec6SMatthias Ringwald                    connection->sm_engine_state = SM_INITIATOR_PH2_W4_PAIRING_CONFIRM;
3deb3ec6SMatthias Ringwald                }
687a03c8SMatthias Ringwald                sm_send_connectionless(connection, (uint8_t*) buffer, sizeof(buffer));
3deb3ec6SMatthias Ringwald                sm_timeout_reset(connection);
3deb3ec6SMatthias Ringwald                return;
3deb3ec6SMatthias Ringwald            }
42134bc6SMatthias Ringwald#ifdef ENABLE_LE_PERIPHERAL
3deb3ec6SMatthias Ringwald            case SM_RESPONDER_PH2_SEND_LTK_REPLY: {
916ea5b2SMatthias Ringwald                // cache key before using
916ea5b2SMatthias Ringwald                sm_cache_ltk(connection, setup->sm_ltk);
3deb3ec6SMatthias Ringwald                sm_key_t stk_flipped;
9c80e4ccSMatthias Ringwald                reverse_128(setup->sm_ltk, stk_flipped);
3deb3ec6SMatthias Ringwald                connection->sm_engine_state = SM_PH2_W4_CONNECTION_ENCRYPTED;
3deb3ec6SMatthias Ringwald                hci_send_cmd(&hci_le_long_term_key_request_reply, connection->sm_handle, stk_flipped);
3deb3ec6SMatthias Ringwald                return;
3deb3ec6SMatthias Ringwald            }
d7471931SMatthias Ringwald            case SM_RESPONDER_PH4_SEND_LTK_REPLY: {
b96d60a6SMatthias Ringwald                // allow to override LTK
b96d60a6SMatthias Ringwald                if (sm_get_ltk_callback != NULL){
b96d60a6SMatthias Ringwald                    (void)(*sm_get_ltk_callback)(connection->sm_handle, connection->sm_peer_addr_type, connection->sm_peer_address, setup->sm_ltk);
b96d60a6SMatthias Ringwald                }
916ea5b2SMatthias Ringwald                // cache key before using
916ea5b2SMatthias Ringwald                sm_cache_ltk(connection, setup->sm_ltk);
3deb3ec6SMatthias Ringwald                sm_key_t ltk_flipped;
9c80e4ccSMatthias Ringwald                reverse_128(setup->sm_ltk, ltk_flipped);
5567aa60SMatthias Ringwald                connection->sm_engine_state = SM_PH4_W4_CONNECTION_ENCRYPTED;
3deb3ec6SMatthias Ringwald                hci_send_cmd(&hci_le_long_term_key_request_reply, connection->sm_handle, ltk_flipped);
3deb3ec6SMatthias Ringwald                return;
3deb3ec6SMatthias Ringwald            }
dd12a62bSMatthias Ringwald
dd12a62bSMatthias Ringwald			case SM_RESPONDER_PH0_RECEIVED_LTK_REQUEST:
3deb3ec6SMatthias Ringwald                // already busy?
3deb3ec6SMatthias Ringwald                if (sm_aes128_state == SM_AES128_ACTIVE) break;
3deb3ec6SMatthias Ringwald                log_info("LTK Request: recalculating with ediv 0x%04x", setup->sm_local_ediv);
c61cfe5aSMatthias Ringwald
dd12a62bSMatthias Ringwald				sm_reset_setup();
dd12a62bSMatthias Ringwald				sm_start_calculating_ltk_from_ediv_and_rand(connection);
dd12a62bSMatthias Ringwald
42646f38SMatthias Ringwald				sm_reencryption_started(connection);
42646f38SMatthias Ringwald
c61cfe5aSMatthias Ringwald                // dm helper (was sm_dm_r_prime)
c61cfe5aSMatthias Ringwald                // r' = padding || r
c61cfe5aSMatthias Ringwald                // r - 64 bit value
c61cfe5aSMatthias Ringwald                memset(&sm_aes128_plaintext[0], 0, 8);
6535961aSMatthias Ringwald                (void)memcpy(&sm_aes128_plaintext[8], setup->sm_local_rand, 8);
c61cfe5aSMatthias Ringwald
3deb3ec6SMatthias Ringwald                // Y = dm(DHK, Rand)
d1a1f6a4SMatthias Ringwald                connection->sm_engine_state = SM_RESPONDER_PH4_Y_W4_ENC;
d1a1f6a4SMatthias Ringwald                sm_aes128_state = SM_AES128_ACTIVE;
f3582630SMatthias Ringwald                btstack_crypto_aes128_encrypt(&sm_crypto_aes128_request, sm_persistent_dhk, sm_aes128_plaintext, sm_aes128_ciphertext, sm_handle_encryption_result_enc_ph4_y, (void *)(uintptr_t) connection->sm_handle);
3deb3ec6SMatthias Ringwald                return;
42134bc6SMatthias Ringwald#endif
42134bc6SMatthias Ringwald#ifdef ENABLE_LE_CENTRAL
42134bc6SMatthias Ringwald            case SM_INITIATOR_PH3_SEND_START_ENCRYPTION: {
bcab6650SMatthias Ringwald                // cache key before using
bcab6650SMatthias Ringwald                sm_cache_ltk(connection, setup->sm_ltk);
bcab6650SMatthias Ringwald
42134bc6SMatthias Ringwald                sm_key_t stk_flipped;
42134bc6SMatthias Ringwald                reverse_128(setup->sm_ltk, stk_flipped);
42134bc6SMatthias Ringwald                connection->sm_engine_state = SM_PH2_W4_CONNECTION_ENCRYPTED;
42134bc6SMatthias Ringwald                hci_send_cmd(&hci_le_start_encryption, connection->sm_handle, 0, 0, 0, stk_flipped);
42134bc6SMatthias Ringwald                return;
42134bc6SMatthias Ringwald            }
42134bc6SMatthias Ringwald#endif
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald            case SM_PH3_DISTRIBUTE_KEYS:
e94757aeSMatthias Ringwald                // send next key
403280b9SMatthias Ringwald                if (setup->sm_key_distribution_send_set != 0){
403280b9SMatthias Ringwald                    sm_run_distribute_keys(connection);
e94757aeSMatthias Ringwald                }
e94757aeSMatthias Ringwald
e94757aeSMatthias Ringwald                // more to send?
e94757aeSMatthias Ringwald                if (setup->sm_key_distribution_send_set != 0){
3deb3ec6SMatthias Ringwald                    return;
3deb3ec6SMatthias Ringwald                }
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald                // keys are sent
42134bc6SMatthias Ringwald                if (IS_RESPONDER(connection->sm_role)){
3deb3ec6SMatthias Ringwald                    // slave -> receive master keys if any
61d1a45eSMatthias Ringwald                    if (sm_key_distribution_all_received()){
3deb3ec6SMatthias Ringwald                        sm_key_distribution_handle_all_received(connection);
f5020412SMatthias Ringwald                        sm_key_distribution_complete_responder(connection);
f5020412SMatthias Ringwald                        // start CTKD right away
f5020412SMatthias Ringwald                        continue;
3deb3ec6SMatthias Ringwald                    } else {
3deb3ec6SMatthias Ringwald                        connection->sm_engine_state = SM_PH3_RECEIVE_KEYS;
3deb3ec6SMatthias Ringwald                    }
3deb3ec6SMatthias Ringwald                } else {
1dca9d8aSMatthias Ringwald                    sm_master_pairing_success(connection);
3deb3ec6SMatthias Ringwald                }
3deb3ec6SMatthias Ringwald                break;
3deb3ec6SMatthias Ringwald
c18be159SMatthias Ringwald#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
c18be159SMatthias Ringwald            case SM_BR_EDR_INITIATOR_SEND_PAIRING_REQUEST:
c18be159SMatthias Ringwald                // fill in sm setup (lite version of sm_init_setup)
c18be159SMatthias Ringwald                sm_reset_setup();
c18be159SMatthias Ringwald                setup->sm_peer_addr_type = connection->sm_peer_addr_type;
c18be159SMatthias Ringwald                setup->sm_m_addr_type = connection->sm_peer_addr_type;
c18be159SMatthias Ringwald                setup->sm_s_addr_type = connection->sm_own_addr_type;
c18be159SMatthias Ringwald                (void) memcpy(setup->sm_peer_address, connection->sm_peer_address, 6);
c18be159SMatthias Ringwald                (void) memcpy(setup->sm_m_address, connection->sm_peer_address, 6);
c18be159SMatthias Ringwald                (void) memcpy(setup->sm_s_address, connection->sm_own_address, 6);
c18be159SMatthias Ringwald                setup->sm_use_secure_connections = true;
c18be159SMatthias Ringwald                sm_ctkd_fetch_br_edr_link_key(connection);
c18be159SMatthias Ringwald
c18be159SMatthias Ringwald                // Enc Key and IRK if requested
c18be159SMatthias Ringwald                key_distribution_flags = SM_KEYDIST_ID_KEY | SM_KEYDIST_ENC_KEY;
c18be159SMatthias Ringwald#ifdef ENABLE_LE_SIGNED_WRITE
c18be159SMatthias Ringwald                // Plus signing key if supported
c18be159SMatthias Ringwald                key_distribution_flags |= SM_KEYDIST_ID_KEY;
c18be159SMatthias Ringwald#endif
c18be159SMatthias Ringwald                sm_pairing_packet_set_code(setup->sm_m_preq, SM_CODE_PAIRING_REQUEST);
c18be159SMatthias Ringwald                sm_pairing_packet_set_io_capability(setup->sm_m_preq, 0);
c18be159SMatthias Ringwald                sm_pairing_packet_set_oob_data_flag(setup->sm_m_preq, 0);
c18be159SMatthias Ringwald                sm_pairing_packet_set_auth_req(setup->sm_m_preq, SM_AUTHREQ_CT2);
c18be159SMatthias Ringwald                sm_pairing_packet_set_max_encryption_key_size(setup->sm_m_preq, sm_max_encryption_key_size);
c18be159SMatthias Ringwald                sm_pairing_packet_set_initiator_key_distribution(setup->sm_m_preq, key_distribution_flags);
c18be159SMatthias Ringwald                sm_pairing_packet_set_responder_key_distribution(setup->sm_m_preq, key_distribution_flags);
c18be159SMatthias Ringwald
c18be159SMatthias Ringwald                // set state and send pairing response
c18be159SMatthias Ringwald                sm_timeout_start(connection);
c18be159SMatthias Ringwald                connection->sm_engine_state = SM_BR_EDR_INITIATOR_W4_PAIRING_RESPONSE;
c18be159SMatthias Ringwald                sm_send_connectionless(connection, (uint8_t *) &setup->sm_m_preq, sizeof(sm_pairing_packet_t));
c18be159SMatthias Ringwald                break;
c18be159SMatthias Ringwald
c18be159SMatthias Ringwald            case SM_BR_EDR_RESPONDER_PAIRING_REQUEST_RECEIVED:
c18be159SMatthias Ringwald                // fill in sm setup (lite version of sm_init_setup)
c18be159SMatthias Ringwald                sm_reset_setup();
c18be159SMatthias Ringwald                setup->sm_peer_addr_type = connection->sm_peer_addr_type;
c18be159SMatthias Ringwald                setup->sm_m_addr_type = connection->sm_peer_addr_type;
c18be159SMatthias Ringwald                setup->sm_s_addr_type = connection->sm_own_addr_type;
c18be159SMatthias Ringwald                (void) memcpy(setup->sm_peer_address, connection->sm_peer_address, 6);
c18be159SMatthias Ringwald                (void) memcpy(setup->sm_m_address, connection->sm_peer_address, 6);
c18be159SMatthias Ringwald                (void) memcpy(setup->sm_s_address, connection->sm_own_address, 6);
c18be159SMatthias Ringwald                setup->sm_use_secure_connections = true;
c18be159SMatthias Ringwald                sm_ctkd_fetch_br_edr_link_key(connection);
c18be159SMatthias Ringwald                (void) memcpy(&setup->sm_m_preq, &connection->sm_m_preq, sizeof(sm_pairing_packet_t));
c18be159SMatthias Ringwald
c18be159SMatthias Ringwald                // Enc Key and IRK if requested
c18be159SMatthias Ringwald                key_distribution_flags = SM_KEYDIST_ID_KEY | SM_KEYDIST_ENC_KEY;
c18be159SMatthias Ringwald#ifdef ENABLE_LE_SIGNED_WRITE
c18be159SMatthias Ringwald                // Plus signing key if supported
c18be159SMatthias Ringwald                key_distribution_flags |= SM_KEYDIST_ID_KEY;
c18be159SMatthias Ringwald#endif
c18be159SMatthias Ringwald                // drop flags not requested by initiator
c18be159SMatthias Ringwald                key_distribution_flags &= sm_pairing_packet_get_initiator_key_distribution(connection->sm_m_preq);
c18be159SMatthias Ringwald
c18be159SMatthias Ringwald                // If Secure Connections pairing has been initiated over BR/EDR, the following fields of the SM Pairing Request PDU are reserved for future use:
c18be159SMatthias Ringwald                // - the IO Capability field,
c18be159SMatthias Ringwald                // - the OOB data flag field, and
c18be159SMatthias Ringwald                // - all bits in the Auth Req field except the CT2 bit.
c18be159SMatthias Ringwald                sm_pairing_packet_set_code(setup->sm_s_pres, SM_CODE_PAIRING_RESPONSE);
c18be159SMatthias Ringwald                sm_pairing_packet_set_io_capability(setup->sm_s_pres, 0);
c18be159SMatthias Ringwald                sm_pairing_packet_set_oob_data_flag(setup->sm_s_pres, 0);
c18be159SMatthias Ringwald                sm_pairing_packet_set_auth_req(setup->sm_s_pres, SM_AUTHREQ_CT2);
c18be159SMatthias Ringwald                sm_pairing_packet_set_max_encryption_key_size(setup->sm_s_pres, connection->sm_actual_encryption_key_size);
c18be159SMatthias Ringwald                sm_pairing_packet_set_initiator_key_distribution(setup->sm_s_pres, key_distribution_flags);
c18be159SMatthias Ringwald                sm_pairing_packet_set_responder_key_distribution(setup->sm_s_pres, key_distribution_flags);
c18be159SMatthias Ringwald
c18be159SMatthias Ringwald                // configure key distribution, LTK is derived locally
c18be159SMatthias Ringwald                key_distribution_flags &= ~SM_KEYDIST_ENC_KEY;
c18be159SMatthias Ringwald                sm_setup_key_distribution(key_distribution_flags, key_distribution_flags);
c18be159SMatthias Ringwald
c18be159SMatthias Ringwald                // set state and send pairing response
c18be159SMatthias Ringwald                sm_timeout_start(connection);
c18be159SMatthias Ringwald                connection->sm_engine_state = SM_BR_EDR_DISTRIBUTE_KEYS;
c18be159SMatthias Ringwald                sm_send_connectionless(connection, (uint8_t *) &setup->sm_s_pres, sizeof(sm_pairing_packet_t));
c18be159SMatthias Ringwald                break;
c18be159SMatthias Ringwald            case SM_BR_EDR_DISTRIBUTE_KEYS:
20964aa9SMatthias Ringwald                // send next key
c18be159SMatthias Ringwald                if (setup->sm_key_distribution_send_set != 0) {
c18be159SMatthias Ringwald                    sm_run_distribute_keys(connection);
20964aa9SMatthias Ringwald                }
20964aa9SMatthias Ringwald
20964aa9SMatthias Ringwald                // more to send?
20964aa9SMatthias Ringwald                if (setup->sm_key_distribution_send_set != 0){
c18be159SMatthias Ringwald                    return;
c18be159SMatthias Ringwald                }
20964aa9SMatthias Ringwald
c18be159SMatthias Ringwald                // keys are sent
c18be159SMatthias Ringwald                if (IS_RESPONDER(connection->sm_role)) {
c18be159SMatthias Ringwald                    // responder -> receive master keys if there are any
61d1a45eSMatthias Ringwald                    if (!sm_key_distribution_all_received()){
c18be159SMatthias Ringwald                        connection->sm_engine_state = SM_BR_EDR_RECEIVE_KEYS;
c18be159SMatthias Ringwald                        break;
c18be159SMatthias Ringwald                    }
c18be159SMatthias Ringwald                }
c18be159SMatthias Ringwald                // otherwise start CTKD right away (responder and no keys to receive / initiator)
c18be159SMatthias Ringwald                sm_ctkd_start_from_br_edr(connection);
c18be159SMatthias Ringwald                continue;
c18be159SMatthias Ringwald            case SM_SC_W2_CALCULATE_ILK_USING_H6:
c18be159SMatthias Ringwald                connection->sm_engine_state = SM_SC_W4_CALCULATE_ILK;
c18be159SMatthias Ringwald                h6_calculate_ilk_from_le_ltk(connection);
c18be159SMatthias Ringwald                break;
c18be159SMatthias Ringwald            case SM_SC_W2_CALCULATE_BR_EDR_LINK_KEY:
c18be159SMatthias Ringwald                connection->sm_engine_state = SM_SC_W4_CALCULATE_BR_EDR_LINK_KEY;
c18be159SMatthias Ringwald                h6_calculate_br_edr_link_key(connection);
c18be159SMatthias Ringwald                break;
c18be159SMatthias Ringwald            case SM_SC_W2_CALCULATE_ILK_USING_H7:
c18be159SMatthias Ringwald                connection->sm_engine_state = SM_SC_W4_CALCULATE_ILK;
c18be159SMatthias Ringwald                h7_calculate_ilk_from_le_ltk(connection);
c18be159SMatthias Ringwald                break;
c18be159SMatthias Ringwald            case SM_BR_EDR_W2_CALCULATE_ILK_USING_H6:
c18be159SMatthias Ringwald                connection->sm_engine_state = SM_BR_EDR_W4_CALCULATE_ILK;
c18be159SMatthias Ringwald                h6_calculate_ilk_from_br_edr(connection);
c18be159SMatthias Ringwald                break;
c18be159SMatthias Ringwald            case SM_BR_EDR_W2_CALCULATE_LE_LTK:
c18be159SMatthias Ringwald                connection->sm_engine_state = SM_BR_EDR_W4_CALCULATE_LE_LTK;
c18be159SMatthias Ringwald                h6_calculate_le_ltk(connection);
c18be159SMatthias Ringwald                break;
c18be159SMatthias Ringwald            case SM_BR_EDR_W2_CALCULATE_ILK_USING_H7:
c18be159SMatthias Ringwald                connection->sm_engine_state = SM_BR_EDR_W4_CALCULATE_ILK;
c18be159SMatthias Ringwald                h7_calculate_ilk_from_br_edr(connection);
c18be159SMatthias Ringwald                break;
c18be159SMatthias Ringwald#endif
c18be159SMatthias Ringwald
3deb3ec6SMatthias Ringwald            default:
3deb3ec6SMatthias Ringwald                break;
3deb3ec6SMatthias Ringwald        }
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald        // check again if active connection was released
7149bde5SMatthias Ringwald        if (sm_active_connection_handle != HCI_CON_HANDLE_INVALID) break;
3deb3ec6SMatthias Ringwald    }
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
d1a1f6a4SMatthias Ringwald// sm_aes128_state stays active
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_encryption_result_enc_a(void *arg){
f3582630SMatthias Ringwald    hci_con_handle_t con_handle = (hci_con_handle_t) (uintptr_t) arg;
04678764SMatthias Ringwald    sm_aes128_state = SM_AES128_IDLE;
04678764SMatthias Ringwald
f3582630SMatthias Ringwald    sm_connection_t * connection = sm_get_connection_for_handle(con_handle);
f3582630SMatthias Ringwald    if (connection == NULL) return;
f3582630SMatthias Ringwald
d1a1f6a4SMatthias Ringwald    sm_c1_t3(sm_aes128_ciphertext, setup->sm_m_address, setup->sm_s_address, setup->sm_c1_t3_value);
04678764SMatthias Ringwald    sm_aes128_state = SM_AES128_ACTIVE;
f3582630SMatthias Ringwald    btstack_crypto_aes128_encrypt(&sm_crypto_aes128_request, setup->sm_tk, setup->sm_c1_t3_value, setup->sm_local_confirm, sm_handle_encryption_result_enc_b, (void *)(uintptr_t) connection->sm_handle);
d1a1f6a4SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_encryption_result_enc_b(void *arg){
f3582630SMatthias Ringwald    hci_con_handle_t con_handle = (hci_con_handle_t) (uintptr_t) arg;
04678764SMatthias Ringwald    sm_aes128_state = SM_AES128_IDLE;
04678764SMatthias Ringwald
f3582630SMatthias Ringwald    sm_connection_t * connection = sm_get_connection_for_handle(con_handle);
f3582630SMatthias Ringwald    if (connection == NULL) return;
f3582630SMatthias Ringwald
8314c363SMatthias Ringwald    log_info_key("c1!", setup->sm_local_confirm);
3deb3ec6SMatthias Ringwald    connection->sm_engine_state = SM_PH2_C1_SEND_PAIRING_CONFIRM;
70b44dd4SMatthias Ringwald    sm_trigger_run();
d1a1f6a4SMatthias Ringwald}
d1a1f6a4SMatthias Ringwald
d1a1f6a4SMatthias Ringwald// sm_aes128_state stays active
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_encryption_result_enc_c(void *arg){
f3582630SMatthias Ringwald    hci_con_handle_t con_handle = (hci_con_handle_t) (uintptr_t) arg;
04678764SMatthias Ringwald    sm_aes128_state = SM_AES128_IDLE;
04678764SMatthias Ringwald
f3582630SMatthias Ringwald    sm_connection_t * connection = sm_get_connection_for_handle(con_handle);
f3582630SMatthias Ringwald    if (connection == NULL) return;
f3582630SMatthias Ringwald
d1a1f6a4SMatthias Ringwald    sm_c1_t3(sm_aes128_ciphertext, setup->sm_m_address, setup->sm_s_address, setup->sm_c1_t3_value);
04678764SMatthias Ringwald    sm_aes128_state = SM_AES128_ACTIVE;
f3582630SMatthias Ringwald    btstack_crypto_aes128_encrypt(&sm_crypto_aes128_request, setup->sm_tk, setup->sm_c1_t3_value, sm_aes128_ciphertext, sm_handle_encryption_result_enc_d, (void *)(uintptr_t) connection->sm_handle);
d1a1f6a4SMatthias Ringwald}
d1a1f6a4SMatthias Ringwald
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_encryption_result_enc_d(void * arg){
f3582630SMatthias Ringwald    hci_con_handle_t con_handle = (hci_con_handle_t) (uintptr_t) arg;
04678764SMatthias Ringwald    sm_aes128_state = SM_AES128_IDLE;
04678764SMatthias Ringwald
f3582630SMatthias Ringwald    sm_connection_t * connection = sm_get_connection_for_handle(con_handle);
f3582630SMatthias Ringwald    if (connection == NULL) return;
f3582630SMatthias Ringwald
d1a1f6a4SMatthias Ringwald    log_info_key("c1!", sm_aes128_ciphertext);
d1a1f6a4SMatthias Ringwald    if (memcmp(setup->sm_peer_confirm, sm_aes128_ciphertext, 16) != 0){
f4935286SMatthias Ringwald        sm_pairing_error(connection, SM_REASON_CONFIRM_VALUE_FAILED);
70b44dd4SMatthias Ringwald        sm_trigger_run();
3deb3ec6SMatthias Ringwald        return;
3deb3ec6SMatthias Ringwald    }
42134bc6SMatthias Ringwald    if (IS_RESPONDER(connection->sm_role)){
3deb3ec6SMatthias Ringwald        connection->sm_engine_state = SM_PH2_SEND_PAIRING_RANDOM;
70b44dd4SMatthias Ringwald        sm_trigger_run();
3deb3ec6SMatthias Ringwald    } else {
d1a1f6a4SMatthias Ringwald        sm_s1_r_prime(setup->sm_peer_random, setup->sm_local_random, sm_aes128_plaintext);
d1a1f6a4SMatthias Ringwald        sm_aes128_state = SM_AES128_ACTIVE;
f3582630SMatthias Ringwald        btstack_crypto_aes128_encrypt(&sm_crypto_aes128_request, setup->sm_tk, sm_aes128_plaintext, setup->sm_ltk, sm_handle_encryption_result_enc_stk, (void *)(uintptr_t) connection->sm_handle);
3deb3ec6SMatthias Ringwald    }
3deb3ec6SMatthias Ringwald}
d1a1f6a4SMatthias Ringwald
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_encryption_result_enc_stk(void *arg){
04678764SMatthias Ringwald    sm_aes128_state = SM_AES128_IDLE;
f3582630SMatthias Ringwald    hci_con_handle_t con_handle = (hci_con_handle_t) (uintptr_t) arg;
04678764SMatthias Ringwald
f3582630SMatthias Ringwald    sm_connection_t * connection = sm_get_connection_for_handle(con_handle);
f3582630SMatthias Ringwald    if (connection == NULL) return;
f3582630SMatthias Ringwald
3deb3ec6SMatthias Ringwald    sm_truncate_key(setup->sm_ltk, connection->sm_actual_encryption_key_size);
8314c363SMatthias Ringwald    log_info_key("stk", setup->sm_ltk);
42134bc6SMatthias Ringwald    if (IS_RESPONDER(connection->sm_role)){
3deb3ec6SMatthias Ringwald        connection->sm_engine_state = SM_RESPONDER_PH2_SEND_LTK_REPLY;
3deb3ec6SMatthias Ringwald    } else {
3deb3ec6SMatthias Ringwald        connection->sm_engine_state = SM_INITIATOR_PH3_SEND_START_ENCRYPTION;
3deb3ec6SMatthias Ringwald    }
70b44dd4SMatthias Ringwald    sm_trigger_run();
d1a1f6a4SMatthias Ringwald}
d1a1f6a4SMatthias Ringwald
d1a1f6a4SMatthias Ringwald// sm_aes128_state stays active
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_encryption_result_enc_ph3_y(void *arg){
f3582630SMatthias Ringwald    hci_con_handle_t con_handle = (hci_con_handle_t) (uintptr_t) arg;
04678764SMatthias Ringwald    sm_aes128_state = SM_AES128_IDLE;
04678764SMatthias Ringwald
f3582630SMatthias Ringwald    sm_connection_t * connection = sm_get_connection_for_handle(con_handle);
f3582630SMatthias Ringwald    if (connection == NULL) return;
f3582630SMatthias Ringwald
d1a1f6a4SMatthias Ringwald    setup->sm_local_y = big_endian_read_16(sm_aes128_ciphertext, 14);
3deb3ec6SMatthias Ringwald    log_info_hex16("y", setup->sm_local_y);
3deb3ec6SMatthias Ringwald    // PH3B3 - calculate EDIV
3deb3ec6SMatthias Ringwald    setup->sm_local_ediv = setup->sm_local_y ^ setup->sm_local_div;
3deb3ec6SMatthias Ringwald    log_info_hex16("ediv", setup->sm_local_ediv);
3deb3ec6SMatthias Ringwald    // PH3B4 - calculate LTK         - enc
3deb3ec6SMatthias Ringwald    // LTK = d1(ER, DIV, 0))
d1a1f6a4SMatthias Ringwald    sm_d1_d_prime(setup->sm_local_div, 0, sm_aes128_plaintext);
04678764SMatthias Ringwald    sm_aes128_state = SM_AES128_ACTIVE;
f3582630SMatthias Ringwald    btstack_crypto_aes128_encrypt(&sm_crypto_aes128_request, sm_persistent_er, sm_aes128_plaintext, setup->sm_ltk, sm_handle_encryption_result_enc_ph3_ltk, (void *)(uintptr_t) connection->sm_handle);
3deb3ec6SMatthias Ringwald}
d1a1f6a4SMatthias Ringwald
2a526f21SMatthias Ringwald#ifdef ENABLE_LE_PERIPHERAL
d1a1f6a4SMatthias Ringwald// sm_aes128_state stays active
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_encryption_result_enc_ph4_y(void *arg){
04678764SMatthias Ringwald    sm_aes128_state = SM_AES128_IDLE;
f3582630SMatthias Ringwald    hci_con_handle_t con_handle = (hci_con_handle_t) (uintptr_t) arg;
04678764SMatthias Ringwald
f3582630SMatthias Ringwald    sm_connection_t * connection = sm_get_connection_for_handle(con_handle);
f3582630SMatthias Ringwald    if (connection == NULL) return;
f3582630SMatthias Ringwald
d1a1f6a4SMatthias Ringwald    setup->sm_local_y = big_endian_read_16(sm_aes128_ciphertext, 14);
3deb3ec6SMatthias Ringwald    log_info_hex16("y", setup->sm_local_y);
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald    // PH3B3 - calculate DIV
3deb3ec6SMatthias Ringwald    setup->sm_local_div = setup->sm_local_y ^ setup->sm_local_ediv;
3deb3ec6SMatthias Ringwald    log_info_hex16("ediv", setup->sm_local_ediv);
3deb3ec6SMatthias Ringwald    // PH3B4 - calculate LTK         - enc
3deb3ec6SMatthias Ringwald    // LTK = d1(ER, DIV, 0))
d1a1f6a4SMatthias Ringwald    sm_d1_d_prime(setup->sm_local_div, 0, sm_aes128_plaintext);
04678764SMatthias Ringwald    sm_aes128_state = SM_AES128_ACTIVE;
f3582630SMatthias Ringwald    btstack_crypto_aes128_encrypt(&sm_crypto_aes128_request, sm_persistent_er, sm_aes128_plaintext, setup->sm_ltk, sm_handle_encryption_result_enc_ph4_ltk, (void *)(uintptr_t) connection->sm_handle);
3deb3ec6SMatthias Ringwald}
2a526f21SMatthias Ringwald#endif
d1a1f6a4SMatthias Ringwald
d1a1f6a4SMatthias Ringwald// sm_aes128_state stays active
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_encryption_result_enc_ph3_ltk(void *arg){
f3582630SMatthias Ringwald    hci_con_handle_t con_handle = (hci_con_handle_t) (uintptr_t) arg;
04678764SMatthias Ringwald    sm_aes128_state = SM_AES128_IDLE;
04678764SMatthias Ringwald
f3582630SMatthias Ringwald    sm_connection_t * connection = sm_get_connection_for_handle(con_handle);
f3582630SMatthias Ringwald    if (connection == NULL) return;
f3582630SMatthias Ringwald
8314c363SMatthias Ringwald    log_info_key("ltk", setup->sm_ltk);
3deb3ec6SMatthias Ringwald    // calc CSRK next
d1a1f6a4SMatthias Ringwald    sm_d1_d_prime(setup->sm_local_div, 1, sm_aes128_plaintext);
04678764SMatthias Ringwald    sm_aes128_state = SM_AES128_ACTIVE;
f3582630SMatthias Ringwald    btstack_crypto_aes128_encrypt(&sm_crypto_aes128_request, sm_persistent_er, sm_aes128_plaintext, setup->sm_local_csrk, sm_handle_encryption_result_enc_csrk, (void *)(uintptr_t) connection->sm_handle);
d1a1f6a4SMatthias Ringwald}
d1a1f6a4SMatthias Ringwald
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_encryption_result_enc_csrk(void *arg){
f3582630SMatthias Ringwald    hci_con_handle_t con_handle = (hci_con_handle_t) (uintptr_t) arg;
04678764SMatthias Ringwald    sm_aes128_state = SM_AES128_IDLE;
04678764SMatthias Ringwald
f3582630SMatthias Ringwald    sm_connection_t * connection = sm_get_connection_for_handle(con_handle);
f3582630SMatthias Ringwald    if (connection == NULL) return;
f3582630SMatthias Ringwald
d1a1f6a4SMatthias Ringwald    sm_aes128_state = SM_AES128_IDLE;
8314c363SMatthias Ringwald    log_info_key("csrk", setup->sm_local_csrk);
1d80f1e6SMatthias Ringwald    if (setup->sm_key_distribution_send_set != 0u){
3deb3ec6SMatthias Ringwald        connection->sm_engine_state = SM_PH3_DISTRIBUTE_KEYS;
3deb3ec6SMatthias Ringwald    } else {
3deb3ec6SMatthias Ringwald        // no keys to send, just continue
42134bc6SMatthias Ringwald        if (IS_RESPONDER(connection->sm_role)){
61d1a45eSMatthias Ringwald            if (sm_key_distribution_all_received()){
c5a72e35SMatthias Ringwald                sm_key_distribution_handle_all_received(connection);
c5a72e35SMatthias Ringwald                sm_key_distribution_complete_responder(connection);
c5a72e35SMatthias Ringwald            } else {
3deb3ec6SMatthias Ringwald                // slave -> receive master keys
3deb3ec6SMatthias Ringwald                connection->sm_engine_state = SM_PH3_RECEIVE_KEYS;
c5a72e35SMatthias Ringwald            }
3deb3ec6SMatthias Ringwald        } else {
af7ef9d1SMatthias Ringwald            sm_key_distribution_complete_initiator(connection);
3deb3ec6SMatthias Ringwald        }
2bacf595SMatthias Ringwald    }
70b44dd4SMatthias Ringwald    sm_trigger_run();
d1a1f6a4SMatthias Ringwald}
d1a1f6a4SMatthias Ringwald
42134bc6SMatthias Ringwald#ifdef ENABLE_LE_PERIPHERAL
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_encryption_result_enc_ph4_ltk(void *arg){
f3582630SMatthias Ringwald    hci_con_handle_t con_handle = (hci_con_handle_t) (uintptr_t) arg;
04678764SMatthias Ringwald    sm_aes128_state = SM_AES128_IDLE;
04678764SMatthias Ringwald
f3582630SMatthias Ringwald    sm_connection_t * connection = sm_get_connection_for_handle(con_handle);
f3582630SMatthias Ringwald    if (connection == NULL) return;
f3582630SMatthias Ringwald
3deb3ec6SMatthias Ringwald    sm_truncate_key(setup->sm_ltk, connection->sm_actual_encryption_key_size);
8314c363SMatthias Ringwald    log_info_key("ltk", setup->sm_ltk);
d7471931SMatthias Ringwald    connection->sm_engine_state = SM_RESPONDER_PH4_SEND_LTK_REPLY;
70b44dd4SMatthias Ringwald    sm_trigger_run();
d1a1f6a4SMatthias Ringwald}
d1a1f6a4SMatthias Ringwald#endif
d1a1f6a4SMatthias Ringwald
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_encryption_result_address_resolution(void *arg){
d1a1f6a4SMatthias Ringwald    UNUSED(arg);
d1a1f6a4SMatthias Ringwald    sm_aes128_state = SM_AES128_IDLE;
04678764SMatthias Ringwald
d1a1f6a4SMatthias Ringwald    // compare calulated address against connecting device
d1a1f6a4SMatthias Ringwald    uint8_t * hash = &sm_aes128_ciphertext[13];
d1a1f6a4SMatthias Ringwald    if (memcmp(&sm_address_resolution_address[3], hash, 3) == 0){
d1a1f6a4SMatthias Ringwald        log_info("LE Device Lookup: matched resolvable private address");
a66b030fSMatthias Ringwald        sm_address_resolution_handle_event(ADDRESS_RESOLUTION_SUCCEEDED);
70b44dd4SMatthias Ringwald        sm_trigger_run();
3deb3ec6SMatthias Ringwald        return;
3deb3ec6SMatthias Ringwald    }
d1a1f6a4SMatthias Ringwald    // no match, try next
d1a1f6a4SMatthias Ringwald    sm_address_resolution_test++;
70b44dd4SMatthias Ringwald    sm_trigger_run();
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_encryption_result_dkg_irk(void *arg){
d1a1f6a4SMatthias Ringwald    UNUSED(arg);
d1a1f6a4SMatthias Ringwald    sm_aes128_state = SM_AES128_IDLE;
04678764SMatthias Ringwald
d1a1f6a4SMatthias Ringwald    log_info_key("irk", sm_persistent_irk);
d1a1f6a4SMatthias Ringwald    dkg_state = DKG_CALC_DHK;
70b44dd4SMatthias Ringwald    sm_trigger_run();
7df18c15SMatthias Ringwald}
d1a1f6a4SMatthias Ringwald
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_encryption_result_dkg_dhk(void *arg){
d1a1f6a4SMatthias Ringwald    UNUSED(arg);
d1a1f6a4SMatthias Ringwald    sm_aes128_state = SM_AES128_IDLE;
04678764SMatthias Ringwald
d1a1f6a4SMatthias Ringwald    log_info_key("dhk", sm_persistent_dhk);
d1a1f6a4SMatthias Ringwald    dkg_state = DKG_READY;
70b44dd4SMatthias Ringwald    sm_trigger_run();
7df18c15SMatthias Ringwald}
d1a1f6a4SMatthias Ringwald
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_encryption_result_rau(void *arg){
d1a1f6a4SMatthias Ringwald    UNUSED(arg);
d1a1f6a4SMatthias Ringwald    sm_aes128_state = SM_AES128_IDLE;
04678764SMatthias Ringwald
6535961aSMatthias Ringwald    (void)memcpy(&sm_random_address[3], &sm_aes128_ciphertext[13], 3);
e91ddb40SMatthias Ringwald    rau_state = RAU_IDLE;
e91ddb40SMatthias Ringwald    hci_le_random_address_set(sm_random_address);
e91ddb40SMatthias Ringwald
70b44dd4SMatthias Ringwald    sm_trigger_run();
51fa0b28SMatthias Ringwald}
7df18c15SMatthias Ringwald
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_random_result_rau(void * arg){
d1a1f6a4SMatthias Ringwald    UNUSED(arg);
3deb3ec6SMatthias Ringwald    // non-resolvable vs. resolvable
3deb3ec6SMatthias Ringwald    switch (gap_random_adress_type){
3deb3ec6SMatthias Ringwald        case GAP_RANDOM_ADDRESS_RESOLVABLE:
3deb3ec6SMatthias Ringwald            // resolvable: use random as prand and calc address hash
3deb3ec6SMatthias Ringwald            // "The two most significant bits of prand shall be equal to ‘0’ and ‘1"
4ea43905SMatthias Ringwald            sm_random_address[0u] &= 0x3fu;
4ea43905SMatthias Ringwald            sm_random_address[0u] |= 0x40u;
3deb3ec6SMatthias Ringwald            rau_state = RAU_GET_ENC;
3deb3ec6SMatthias Ringwald            break;
3deb3ec6SMatthias Ringwald        case GAP_RANDOM_ADDRESS_NON_RESOLVABLE:
3deb3ec6SMatthias Ringwald        default:
3deb3ec6SMatthias Ringwald            // "The two most significant bits of the address shall be equal to ‘0’""
4ea43905SMatthias Ringwald            sm_random_address[0u] &= 0x3fu;
2954e6c6SMatthias Ringwald            rau_state = RAU_IDLE;
e91ddb40SMatthias Ringwald            hci_le_random_address_set(sm_random_address);
3deb3ec6SMatthias Ringwald            break;
3deb3ec6SMatthias Ringwald    }
70b44dd4SMatthias Ringwald    sm_trigger_run();
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
c59d0c92SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
6ca80073SMatthias Ringwaldstatic void sm_handle_random_result_sc_next_send_pairing_random(void * arg){
f3582630SMatthias Ringwald    hci_con_handle_t con_handle = (hci_con_handle_t) (uintptr_t) arg;
f3582630SMatthias Ringwald    sm_connection_t * connection = sm_get_connection_for_handle(con_handle);
f3582630SMatthias Ringwald    if (connection == NULL) return;
c59d0c92SMatthias Ringwald
65a9a04eSMatthias Ringwald    connection->sm_engine_state = SM_SC_SEND_PAIRING_RANDOM;
70b44dd4SMatthias Ringwald    sm_trigger_run();
65a9a04eSMatthias Ringwald}
d1a1f6a4SMatthias Ringwald
6ca80073SMatthias Ringwaldstatic void sm_handle_random_result_sc_next_w2_cmac_for_confirmation(void * arg){
6ca80073SMatthias Ringwald    hci_con_handle_t con_handle = (hci_con_handle_t) (uintptr_t) arg;
6ca80073SMatthias Ringwald    sm_connection_t * connection = sm_get_connection_for_handle(con_handle);
6ca80073SMatthias Ringwald    if (connection == NULL) return;
6ca80073SMatthias Ringwald
b35a3de2SMatthias Ringwald    connection->sm_engine_state = SM_SC_W2_CMAC_FOR_CONFIRMATION;
70b44dd4SMatthias Ringwald    sm_trigger_run();
d1a1f6a4SMatthias Ringwald}
f1c1783eSMatthias Ringwald#endif
f1c1783eSMatthias Ringwald
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_random_result_ph2_random(void * arg){
f3582630SMatthias Ringwald    hci_con_handle_t con_handle = (hci_con_handle_t) (uintptr_t) arg;
f3582630SMatthias Ringwald    sm_connection_t * connection = sm_get_connection_for_handle(con_handle);
f3582630SMatthias Ringwald    if (connection == NULL) return;
f3582630SMatthias Ringwald
d1a1f6a4SMatthias Ringwald    connection->sm_engine_state = SM_PH2_C1_GET_ENC_A;
70b44dd4SMatthias Ringwald    sm_trigger_run();
d1a1f6a4SMatthias Ringwald}
d1a1f6a4SMatthias Ringwald
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_random_result_ph2_tk(void * arg){
f3582630SMatthias Ringwald    hci_con_handle_t con_handle = (hci_con_handle_t) (uintptr_t) arg;
f3582630SMatthias Ringwald    sm_connection_t * connection = sm_get_connection_for_handle(con_handle);
f3582630SMatthias Ringwald    if (connection == NULL) return;
f3582630SMatthias Ringwald
caf15bf3SMatthias Ringwald    sm_reset_tk();
caf15bf3SMatthias Ringwald    uint32_t tk;
5ce1359eSMatthias Ringwald    if (sm_fixed_passkey_in_display_role == 0xffffffffU){
3deb3ec6SMatthias Ringwald        // map random to 0-999999 without speding much cycles on a modulus operation
d1a1f6a4SMatthias Ringwald        tk = little_endian_read_32(sm_random_data,0);
3deb3ec6SMatthias Ringwald        tk = tk & 0xfffff;  // 1048575
4ea43905SMatthias Ringwald        if (tk >= 999999u){
4ea43905SMatthias Ringwald            tk = tk - 999999u;
3deb3ec6SMatthias Ringwald        }
caf15bf3SMatthias Ringwald    } else {
caf15bf3SMatthias Ringwald        // override with pre-defined passkey
4b8c611fSMatthias Ringwald        tk = sm_fixed_passkey_in_display_role;
caf15bf3SMatthias Ringwald    }
f8fbdce0SMatthias Ringwald    big_endian_store_32(setup->sm_tk, 12, tk);
42134bc6SMatthias Ringwald    if (IS_RESPONDER(connection->sm_role)){
3deb3ec6SMatthias Ringwald        connection->sm_engine_state = SM_RESPONDER_PH1_SEND_PAIRING_RESPONSE;
3deb3ec6SMatthias Ringwald    } else {
b41539d5SMatthias Ringwald        if (setup->sm_use_secure_connections){
b41539d5SMatthias Ringwald            connection->sm_engine_state = SM_SC_SEND_PUBLIC_KEY_COMMAND;
b41539d5SMatthias Ringwald        } else {
3deb3ec6SMatthias Ringwald            connection->sm_engine_state = SM_PH1_W4_USER_RESPONSE;
3deb3ec6SMatthias Ringwald            sm_trigger_user_response(connection);
3deb3ec6SMatthias Ringwald            // response_idle == nothing <--> sm_trigger_user_response() did not require response
3deb3ec6SMatthias Ringwald            if (setup->sm_user_response == SM_USER_RESPONSE_IDLE){
f3582630SMatthias Ringwald                btstack_crypto_random_generate(&sm_crypto_random_request, setup->sm_local_random, 16, &sm_handle_random_result_ph2_random, (void *)(uintptr_t) connection->sm_handle);
3deb3ec6SMatthias Ringwald            }
3deb3ec6SMatthias Ringwald        }
b41539d5SMatthias Ringwald    }
70b44dd4SMatthias Ringwald    sm_trigger_run();
3deb3ec6SMatthias Ringwald}
d1a1f6a4SMatthias Ringwald
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_random_result_ph3_div(void * arg){
f3582630SMatthias Ringwald    hci_con_handle_t con_handle = (hci_con_handle_t) (uintptr_t) arg;
f3582630SMatthias Ringwald    sm_connection_t * connection = sm_get_connection_for_handle(con_handle);
f3582630SMatthias Ringwald    if (connection == NULL) return;
f3582630SMatthias Ringwald
d1a1f6a4SMatthias Ringwald    // use 16 bit from random value as div
d1a1f6a4SMatthias Ringwald    setup->sm_local_div = big_endian_read_16(sm_random_data, 0);
d1a1f6a4SMatthias Ringwald    log_info_hex16("div", setup->sm_local_div);
d1a1f6a4SMatthias Ringwald    connection->sm_engine_state = SM_PH3_Y_GET_ENC;
70b44dd4SMatthias Ringwald    sm_trigger_run();
d1a1f6a4SMatthias Ringwald}
d1a1f6a4SMatthias Ringwald
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_random_result_ph3_random(void * arg){
f3582630SMatthias Ringwald    hci_con_handle_t con_handle = (hci_con_handle_t) (uintptr_t) arg;
f3582630SMatthias Ringwald    sm_connection_t * connection = sm_get_connection_for_handle(con_handle);
f3582630SMatthias Ringwald    if (connection == NULL) return;
f3582630SMatthias Ringwald
d1a1f6a4SMatthias Ringwald    reverse_64(sm_random_data, setup->sm_local_rand);
3deb3ec6SMatthias Ringwald    // no db for encryption size hack: encryption size is stored in lowest nibble of setup->sm_local_rand
4ea43905SMatthias Ringwald    setup->sm_local_rand[7u] = (setup->sm_local_rand[7u] & 0xf0u) + (connection->sm_actual_encryption_key_size - 1u);
3deb3ec6SMatthias Ringwald    // no db for authenticated flag hack: store flag in bit 4 of LSB
4ea43905SMatthias Ringwald    setup->sm_local_rand[7u] = (setup->sm_local_rand[7u] & 0xefu) + (connection->sm_connection_authenticated << 4u);
8b3ffec5SMatthias Ringwald    btstack_crypto_random_generate(&sm_crypto_random_request, sm_random_data, 2, &sm_handle_random_result_ph3_div, (void *)(uintptr_t) connection->sm_handle);
3deb3ec6SMatthias Ringwald}
899e6e02SMatthias Ringwaldstatic void sm_validate_er_ir(void){
899e6e02SMatthias Ringwald    // warn about default ER/IR
1979f09cSMatthias Ringwald    bool warning = false;
899e6e02SMatthias Ringwald    if (sm_ir_is_default()){
1979f09cSMatthias Ringwald        warning = true;
899e6e02SMatthias Ringwald        log_error("Persistent IR not set with sm_set_ir. Use of private addresses will cause pairing issues");
899e6e02SMatthias Ringwald    }
899e6e02SMatthias Ringwald    if (sm_er_is_default()){
1979f09cSMatthias Ringwald        warning = true;
899e6e02SMatthias Ringwald        log_error("Persistent ER not set with sm_set_er. Legacy Pairing LTK is not secure");
899e6e02SMatthias Ringwald    }
21045273SMatthias Ringwald    if (warning) {
899e6e02SMatthias Ringwald        log_error("Please configure btstack_tlv to let BTstack setup ER and IR keys");
899e6e02SMatthias Ringwald    }
21045273SMatthias Ringwald}
899e6e02SMatthias Ringwald
899e6e02SMatthias Ringwaldstatic void sm_handle_random_result_ir(void *arg){
1979f09cSMatthias Ringwald    sm_persistent_keys_random_active = false;
9305033eSMatthias Ringwald    if (arg != NULL){
899e6e02SMatthias Ringwald        // key generated, store in tlv
4ea43905SMatthias Ringwald        int status = sm_tlv_impl->store_tag(sm_tlv_context, BTSTACK_TAG32('S','M','I','R'), sm_persistent_ir, 16u);
899e6e02SMatthias Ringwald        log_info("Generated IR key. Store in TLV status: %d", status);
e0d13a19SMilanka Ringwald        UNUSED(status);
899e6e02SMatthias Ringwald    }
899e6e02SMatthias Ringwald    log_info_key("IR", sm_persistent_ir);
8d9b6072SMatthias Ringwald    dkg_state = DKG_CALC_IRK;
841468bbSMatthias Ringwald
841468bbSMatthias Ringwald    if (test_use_fixed_local_irk){
841468bbSMatthias Ringwald        log_info_key("IRK", sm_persistent_irk);
841468bbSMatthias Ringwald        dkg_state = DKG_CALC_DHK;
841468bbSMatthias Ringwald    }
841468bbSMatthias Ringwald
70b44dd4SMatthias Ringwald    sm_trigger_run();
899e6e02SMatthias Ringwald}
899e6e02SMatthias Ringwald
899e6e02SMatthias Ringwaldstatic void sm_handle_random_result_er(void *arg){
1979f09cSMatthias Ringwald    sm_persistent_keys_random_active = false;
6643d79bSMatthias Ringwald    if (arg != NULL){
899e6e02SMatthias Ringwald        // key generated, store in tlv
4ea43905SMatthias Ringwald        int status = sm_tlv_impl->store_tag(sm_tlv_context, BTSTACK_TAG32('S','M','E','R'), sm_persistent_er, 16u);
899e6e02SMatthias Ringwald        log_info("Generated ER key. Store in TLV status: %d", status);
e0d13a19SMilanka Ringwald        UNUSED(status);
899e6e02SMatthias Ringwald    }
899e6e02SMatthias Ringwald    log_info_key("ER", sm_persistent_er);
899e6e02SMatthias Ringwald
899e6e02SMatthias Ringwald    // try load ir
4ea43905SMatthias Ringwald    int key_size = sm_tlv_impl->get_tag(sm_tlv_context, BTSTACK_TAG32('S','M','I','R'), sm_persistent_ir, 16u);
899e6e02SMatthias Ringwald    if (key_size == 16){
899e6e02SMatthias Ringwald        // ok, let's continue
899e6e02SMatthias Ringwald        log_info("IR from TLV");
899e6e02SMatthias Ringwald        sm_handle_random_result_ir( NULL );
899e6e02SMatthias Ringwald    } else {
899e6e02SMatthias Ringwald        // invalid, generate new random one
1979f09cSMatthias Ringwald        sm_persistent_keys_random_active = true;
899e6e02SMatthias Ringwald        btstack_crypto_random_generate(&sm_crypto_random_request, sm_persistent_ir, 16, &sm_handle_random_result_ir, &sm_persistent_ir);
899e6e02SMatthias Ringwald    }
899e6e02SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
50053c13SMatthias Ringwaldstatic void sm_connection_init(sm_connection_t * sm_conn, hci_con_handle_t con_handle, uint8_t role, uint8_t peer_addr_type, bd_addr_t peer_address){
f664b5e8SMatthias Ringwald
f664b5e8SMatthias Ringwald    // connection info
f664b5e8SMatthias Ringwald    sm_conn->sm_handle = con_handle;
f664b5e8SMatthias Ringwald    sm_conn->sm_role = role;
50053c13SMatthias Ringwald    sm_conn->sm_peer_addr_type = peer_addr_type;
50053c13SMatthias Ringwald    memcpy(sm_conn->sm_peer_address, peer_address, 6);
f664b5e8SMatthias Ringwald
f664b5e8SMatthias Ringwald    // security properties
f664b5e8SMatthias Ringwald    sm_conn->sm_connection_encrypted = 0;
f664b5e8SMatthias Ringwald    sm_conn->sm_connection_authenticated = 0;
f664b5e8SMatthias Ringwald    sm_conn->sm_connection_authorization_state = AUTHORIZATION_UNKNOWN;
f664b5e8SMatthias Ringwald    sm_conn->sm_le_db_index = -1;
f664b5e8SMatthias Ringwald    sm_conn->sm_reencryption_active = false;
f664b5e8SMatthias Ringwald
f664b5e8SMatthias Ringwald    // prepare CSRK lookup (does not involve setup)
f664b5e8SMatthias Ringwald    sm_conn->sm_irk_lookup_state = IRK_LOOKUP_W4_READY;
f664b5e8SMatthias Ringwald
f664b5e8SMatthias Ringwald    sm_conn->sm_engine_state = SM_GENERAL_IDLE;
f664b5e8SMatthias Ringwald}
f664b5e8SMatthias Ringwald
599e89daSMatthias Ringwald#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
599e89daSMatthias Ringwaldstatic void sm_event_handle_classic_encryption_event(sm_connection_t * sm_conn, hci_con_handle_t con_handle){
599e89daSMatthias Ringwald    // CTKD requires BR/EDR Secure Connection
599e89daSMatthias Ringwald    if (sm_conn->sm_connection_encrypted != 2) return;
599e89daSMatthias Ringwald    // prepare for pairing request
599e89daSMatthias Ringwald    if (IS_RESPONDER(sm_conn->sm_role)){
d44cdc4aSMatthias Ringwald        log_info("CTKD: SM_BR_EDR_RESPONDER_W4_PAIRING_REQUEST");
599e89daSMatthias Ringwald        sm_conn->sm_engine_state = SM_BR_EDR_RESPONDER_W4_PAIRING_REQUEST;
599e89daSMatthias Ringwald    } else if (sm_conn->sm_pairing_requested){
599e89daSMatthias Ringwald        // check if remote supports fixed channels
599e89daSMatthias Ringwald        bool defer = true;
599e89daSMatthias Ringwald        const hci_connection_t * hci_connection = hci_connection_for_handle(con_handle);
599e89daSMatthias Ringwald        if (hci_connection->l2cap_state.information_state == L2CAP_INFORMATION_STATE_DONE){
599e89daSMatthias Ringwald            // check if remote supports SMP over BR/EDR
599e89daSMatthias Ringwald            if ((hci_connection->l2cap_state.fixed_channels_supported & (1 << L2CAP_CID_BR_EDR_SECURITY_MANAGER)) != 0){
599e89daSMatthias Ringwald                log_info("CTKD: SM_BR_EDR_INITIATOR_SEND_PAIRING_REQUEST");
599e89daSMatthias Ringwald                sm_conn->sm_engine_state = SM_BR_EDR_INITIATOR_SEND_PAIRING_REQUEST;
599e89daSMatthias Ringwald            } else {
599e89daSMatthias Ringwald                defer = false;
599e89daSMatthias Ringwald            }
599e89daSMatthias Ringwald        } else {
599e89daSMatthias Ringwald            // wait for fixed channel info
599e89daSMatthias Ringwald            log_info("CTKD: SM_BR_EDR_INITIATOR_W4_FIXED_CHANNEL_MASK");
599e89daSMatthias Ringwald            sm_conn->sm_engine_state = SM_BR_EDR_INITIATOR_W4_FIXED_CHANNEL_MASK;
599e89daSMatthias Ringwald        }
599e89daSMatthias Ringwald        if (defer){
599e89daSMatthias Ringwald            hci_dedicated_bonding_defer_disconnect(con_handle, true);
599e89daSMatthias Ringwald        }
599e89daSMatthias Ringwald    }
599e89daSMatthias Ringwald}
599e89daSMatthias Ringwald#endif
599e89daSMatthias Ringwald
d9a7306aSMatthias Ringwaldstatic void sm_event_packet_handler (uint8_t packet_type, uint16_t channel, uint8_t *packet, uint16_t size){
3deb3ec6SMatthias Ringwald
cbdfe9f7SMatthias Ringwald    UNUSED(channel);    // ok: there is no channel
cbdfe9f7SMatthias Ringwald    UNUSED(size);       // ok: fixed format HCI events
9ec2630cSMatthias Ringwald
3deb3ec6SMatthias Ringwald    sm_connection_t * sm_conn;
711e6c80SMatthias Ringwald    hci_con_handle_t  con_handle;
fbe050beSMatthias Ringwald    uint8_t           status;
f664b5e8SMatthias Ringwald    bd_addr_t         addr;
d9f3ead5SMatthias Ringwald    bd_addr_type_t    addr_type;
f664b5e8SMatthias Ringwald
3deb3ec6SMatthias Ringwald    switch (packet_type) {
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald		case HCI_EVENT_PACKET:
0e2df43fSMatthias Ringwald			switch (hci_event_packet_get_type(packet)) {
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald                case BTSTACK_EVENT_STATE:
745015f6SMatthias Ringwald                    switch (btstack_event_state_get_state(packet)){
745015f6SMatthias Ringwald                        case HCI_STATE_WORKING:
3deb3ec6SMatthias Ringwald                            log_info("HCI Working!");
899e6e02SMatthias Ringwald                            // setup IR/ER with TLV
899e6e02SMatthias Ringwald                            btstack_tlv_get_instance(&sm_tlv_impl, &sm_tlv_context);
9305033eSMatthias Ringwald                            if (sm_tlv_impl != NULL){
4ea43905SMatthias Ringwald                                int key_size = sm_tlv_impl->get_tag(sm_tlv_context, BTSTACK_TAG32('S','M','E','R'), sm_persistent_er, 16u);
899e6e02SMatthias Ringwald                                if (key_size == 16){
899e6e02SMatthias Ringwald                                    // ok, let's continue
899e6e02SMatthias Ringwald                                    log_info("ER from TLV");
899e6e02SMatthias Ringwald                                    sm_handle_random_result_er( NULL );
899e6e02SMatthias Ringwald                                } else {
899e6e02SMatthias Ringwald                                    // invalid, generate random one
1979f09cSMatthias Ringwald                                    sm_persistent_keys_random_active = true;
899e6e02SMatthias Ringwald                                    btstack_crypto_random_generate(&sm_crypto_random_request, sm_persistent_er, 16, &sm_handle_random_result_er, &sm_persistent_er);
899e6e02SMatthias Ringwald                                }
899e6e02SMatthias Ringwald                            } else {
899e6e02SMatthias Ringwald                                sm_validate_er_ir();
8d9b6072SMatthias Ringwald                                dkg_state = DKG_CALC_IRK;
841468bbSMatthias Ringwald
841468bbSMatthias Ringwald                                if (test_use_fixed_local_irk){
841468bbSMatthias Ringwald                                    log_info_key("IRK", sm_persistent_irk);
841468bbSMatthias Ringwald                                    dkg_state = DKG_CALC_DHK;
841468bbSMatthias Ringwald                                }
899e6e02SMatthias Ringwald                            }
1bf086daSMatthias Ringwald
15211b85SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
15211b85SMatthias Ringwald                            // trigger ECC key generation
15211b85SMatthias Ringwald                            if (ec_key_generation_state == EC_KEY_GENERATION_IDLE){
15211b85SMatthias Ringwald                                sm_ec_generate_new_key();
15211b85SMatthias Ringwald                            }
15211b85SMatthias Ringwald#endif
15211b85SMatthias Ringwald
1bf086daSMatthias Ringwald                            // restart random address updates after power cycle
4a688bd1SMatthias Ringwald                            if (gap_random_adress_type == GAP_RANDOM_ADDRESS_TYPE_STATIC){
4a688bd1SMatthias Ringwald                                gap_random_address_set(sm_random_address);
4a688bd1SMatthias Ringwald                            } else {
1bf086daSMatthias Ringwald                                gap_random_address_set_mode(gap_random_adress_type);
4a688bd1SMatthias Ringwald                            }
745015f6SMatthias Ringwald                            break;
745015f6SMatthias Ringwald
745015f6SMatthias Ringwald                        case HCI_STATE_OFF:
7f775357SMatthias Ringwald                        case HCI_STATE_HALTING:
cbdd51cfSMatthias Ringwald                            log_info("SM: reset state");
745015f6SMatthias Ringwald                            // stop random address update
745015f6SMatthias Ringwald                            gap_random_address_update_stop();
cbdd51cfSMatthias Ringwald                            // reset state
cbdd51cfSMatthias Ringwald                            sm_state_reset();
745015f6SMatthias Ringwald                            break;
745015f6SMatthias Ringwald
745015f6SMatthias Ringwald                        default:
745015f6SMatthias Ringwald                            break;
3deb3ec6SMatthias Ringwald                    }
3deb3ec6SMatthias Ringwald					break;
c18be159SMatthias Ringwald
2d095694SMatthias Ringwald#ifdef ENABLE_CLASSIC
2d095694SMatthias Ringwald			    case HCI_EVENT_CONNECTION_COMPLETE:
2d095694SMatthias Ringwald			        // ignore if connection failed
2d095694SMatthias Ringwald			        if (hci_event_connection_complete_get_status(packet)) return;
3deb3ec6SMatthias Ringwald
2d095694SMatthias Ringwald			        con_handle = hci_event_connection_complete_get_connection_handle(packet);
2d095694SMatthias Ringwald			        sm_conn = sm_get_connection_for_handle(con_handle);
2d095694SMatthias Ringwald			        if (!sm_conn) break;
2d095694SMatthias Ringwald
2d095694SMatthias Ringwald                    hci_event_connection_complete_get_bd_addr(packet, addr);
2d095694SMatthias Ringwald			        sm_connection_init(sm_conn,
2d095694SMatthias Ringwald                                       con_handle,
2d095694SMatthias Ringwald                                       (uint8_t) gap_get_role(con_handle),
f72f7944SMatthias Ringwald                                       BD_ADDR_TYPE_LE_PUBLIC,
2d095694SMatthias Ringwald                                       addr);
2d095694SMatthias Ringwald			        // classic connection corresponds to public le address
2d095694SMatthias Ringwald			        sm_conn->sm_own_addr_type = BD_ADDR_TYPE_LE_PUBLIC;
2d095694SMatthias Ringwald                    gap_local_bd_addr(sm_conn->sm_own_address);
2d095694SMatthias Ringwald                    sm_conn->sm_cid = L2CAP_CID_BR_EDR_SECURITY_MANAGER;
c18be159SMatthias Ringwald                    sm_conn->sm_engine_state = SM_BR_EDR_W4_ENCRYPTION_COMPLETE;
2d095694SMatthias Ringwald			        break;
d44cdc4aSMatthias Ringwald
401d2b30SMatthias Ringwald#endif
401d2b30SMatthias Ringwald
401d2b30SMatthias Ringwald#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
d44cdc4aSMatthias Ringwald                case HCI_EVENT_ROLE_CHANGE:
d44cdc4aSMatthias Ringwald                    hci_event_role_change_get_bd_addr(packet, addr);
d44cdc4aSMatthias Ringwald                    sm_conn = sm_get_connection_for_bd_addr_and_type(addr, BD_ADDR_TYPE_ACL);
d44cdc4aSMatthias Ringwald                    if (sm_conn == NULL) break;
d44cdc4aSMatthias Ringwald                    sm_conn->sm_role = hci_event_role_change_get_role(packet);
d44cdc4aSMatthias Ringwald                    break;
c18be159SMatthias Ringwald
c18be159SMatthias Ringwald			    case HCI_EVENT_SIMPLE_PAIRING_COMPLETE:
c18be159SMatthias Ringwald			        if (hci_event_simple_pairing_complete_get_status(packet) != ERROR_CODE_SUCCESS) break;
c18be159SMatthias Ringwald                    hci_event_simple_pairing_complete_get_bd_addr(packet, addr);
c18be159SMatthias Ringwald                    sm_conn = sm_get_connection_for_bd_addr_and_type(addr, BD_ADDR_TYPE_ACL);
c18be159SMatthias Ringwald                    if (sm_conn == NULL) break;
5f3874afSMatthias Ringwald                    sm_conn->sm_pairing_requested = true;
c18be159SMatthias Ringwald			        break;
c18be159SMatthias Ringwald#endif
c18be159SMatthias Ringwald
9d1eff91SMatthias Ringwald			    case HCI_EVENT_META_GAP:
9d1eff91SMatthias Ringwald			        switch (hci_event_gap_meta_get_subevent_code(packet)) {
9d1eff91SMatthias Ringwald			            case GAP_SUBEVENT_LE_CONNECTION_COMPLETE:
f664b5e8SMatthias Ringwald			                // ignore if connection failed
9d1eff91SMatthias Ringwald			                if (gap_subevent_le_connection_complete_get_status(packet) != ERROR_CODE_SUCCESS) break;
3deb3ec6SMatthias Ringwald
9d1eff91SMatthias Ringwald			                con_handle = gap_subevent_le_connection_complete_get_connection_handle(packet);
711e6c80SMatthias Ringwald			                sm_conn = sm_get_connection_for_handle(con_handle);
3deb3ec6SMatthias Ringwald			                if (!sm_conn) break;
3deb3ec6SMatthias Ringwald
d9f3ead5SMatthias Ringwald                            // Get current peer address
d9f3ead5SMatthias Ringwald                            addr_type = gap_subevent_le_connection_complete_get_peer_address_type(packet);
d9f3ead5SMatthias Ringwald                            if (hci_is_le_identity_address_type(addr_type)){
d9f3ead5SMatthias Ringwald                                addr_type = BD_ADDR_TYPE_LE_RANDOM;
d9f3ead5SMatthias Ringwald                                gap_subevent_le_connection_complete_get_peer_resolvable_private_address(packet, addr);
d9f3ead5SMatthias Ringwald                            } else {
9d1eff91SMatthias Ringwald                                gap_subevent_le_connection_complete_get_peer_address(packet, addr);
d9f3ead5SMatthias Ringwald                            }
f664b5e8SMatthias Ringwald			                sm_connection_init(sm_conn,
f664b5e8SMatthias Ringwald                                               con_handle,
9d1eff91SMatthias Ringwald                                               gap_subevent_le_connection_complete_get_role(packet),
d9f3ead5SMatthias Ringwald                                               addr_type,
f664b5e8SMatthias Ringwald                                               addr);
687a03c8SMatthias Ringwald			                sm_conn->sm_cid = L2CAP_CID_SECURITY_MANAGER_PROTOCOL;
f664b5e8SMatthias Ringwald
f664b5e8SMatthias Ringwald			                // track our addr used for this connection and set state
b6f39a74SMatthias Ringwald#ifdef ENABLE_LE_PERIPHERAL
9d1eff91SMatthias Ringwald			                if (gap_subevent_le_connection_complete_get_role(packet) != 0){
ba9fc867SMatthias Ringwald			                    // responder - use own address from advertisements
67bf59ffSMatthias Ringwald#ifdef ENABLE_LE_EXTENDED_ADVERTISING
67bf59ffSMatthias Ringwald                                if (hci_le_extended_advertising_supported()){
67bf59ffSMatthias Ringwald                                    // cache local resolvable address
67bf59ffSMatthias Ringwald                                    // note: will be overwritten if random or private address was used in adv set by HCI_SUBEVENT_LE_ADVERTISING_SET_TERMINATED
67bf59ffSMatthias Ringwald                                    sm_conn->sm_own_addr_type = BD_ADDR_TYPE_LE_RANDOM;
67bf59ffSMatthias Ringwald                                    gap_subevent_le_connection_complete_get_local_resolvable_private_address(packet,sm_conn->sm_own_address);
67bf59ffSMatthias Ringwald                                } else
67bf59ffSMatthias Ringwald#endif
67bf59ffSMatthias Ringwald                                {
ba9fc867SMatthias Ringwald                                    gap_le_get_own_advertisements_address(&sm_conn->sm_own_addr_type, sm_conn->sm_own_address);
67bf59ffSMatthias Ringwald                                }
f664b5e8SMatthias Ringwald			                    sm_conn->sm_engine_state = SM_RESPONDER_IDLE;
b892db1cSMatthias Ringwald			                }
b892db1cSMatthias Ringwald#endif
b892db1cSMatthias Ringwald#ifdef ENABLE_LE_CENTRAL
9d1eff91SMatthias Ringwald			                if (gap_subevent_le_connection_complete_get_role(packet) == 0){
ba9fc867SMatthias Ringwald			                    // initiator - use own address from create connection
ba9fc867SMatthias Ringwald			                    gap_le_get_own_connection_address(&sm_conn->sm_own_addr_type, sm_conn->sm_own_address);
3deb3ec6SMatthias Ringwald			                    sm_conn->sm_engine_state = SM_INITIATOR_CONNECTED;
3deb3ec6SMatthias Ringwald			                }
b892db1cSMatthias Ringwald#endif
3deb3ec6SMatthias Ringwald			                break;
9d1eff91SMatthias Ringwald			            default:
9d1eff91SMatthias Ringwald			                break;
9d1eff91SMatthias Ringwald			        }
9d1eff91SMatthias Ringwald			        break;
9d1eff91SMatthias Ringwald                case HCI_EVENT_LE_META:
9d1eff91SMatthias Ringwald                    switch (hci_event_le_meta_get_subevent_code(packet)) {
67bf59ffSMatthias Ringwald#ifdef ENABLE_LE_PERIPHERAL
67bf59ffSMatthias Ringwald#ifdef ENABLE_LE_EXTENDED_ADVERTISING
67bf59ffSMatthias Ringwald                        case HCI_SUBEVENT_LE_ADVERTISING_SET_TERMINATED:
67bf59ffSMatthias Ringwald                            if (hci_subevent_le_advertising_set_terminated_get_status(packet) == ERROR_CODE_SUCCESS){
67bf59ffSMatthias Ringwald                                uint8_t advertising_handle = hci_subevent_le_advertising_set_terminated_get_advertising_handle(packet);
67bf59ffSMatthias Ringwald                                con_handle = hci_subevent_le_advertising_set_terminated_get_connection_handle(packet);
67bf59ffSMatthias Ringwald                                sm_conn = sm_get_connection_for_handle(con_handle);
ebd6ff34SMatthias Ringwald                                if (!sm_conn) break;
ebd6ff34SMatthias Ringwald
67bf59ffSMatthias Ringwald                                gap_le_get_own_advertising_set_address(&sm_conn->sm_own_addr_type, sm_conn->sm_own_address, advertising_handle);
67bf59ffSMatthias Ringwald                                log_info("Adv set %u terminated -> use addr type %u, addr %s for con handle 0x%04x", advertising_handle, sm_conn->sm_own_addr_type,
67bf59ffSMatthias Ringwald                                         bd_addr_to_str(sm_conn->sm_own_address), con_handle);
67bf59ffSMatthias Ringwald                            }
67bf59ffSMatthias Ringwald                            break;
67bf59ffSMatthias Ringwald#endif
67bf59ffSMatthias Ringwald#endif
3deb3ec6SMatthias Ringwald                        case HCI_SUBEVENT_LE_LONG_TERM_KEY_REQUEST:
9d1eff91SMatthias Ringwald                            con_handle = hci_subevent_le_long_term_key_request_get_connection_handle(packet);
711e6c80SMatthias Ringwald                            sm_conn = sm_get_connection_for_handle(con_handle);
3deb3ec6SMatthias Ringwald                            if (!sm_conn) break;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald                            log_info("LTK Request: state %u", sm_conn->sm_engine_state);
3deb3ec6SMatthias Ringwald                            if (sm_conn->sm_engine_state == SM_RESPONDER_PH2_W4_LTK_REQUEST){
3deb3ec6SMatthias Ringwald                                sm_conn->sm_engine_state = SM_PH2_CALC_STK;
3deb3ec6SMatthias Ringwald                                break;
3deb3ec6SMatthias Ringwald                            }
c6b7cbd9SMatthias Ringwald                            if (sm_conn->sm_engine_state == SM_SC_W4_LTK_REQUEST_SC){
778b6aadSMatthias Ringwald                                // PH2 SEND LTK as we need to exchange keys in PH3
778b6aadSMatthias Ringwald                                sm_conn->sm_engine_state = SM_RESPONDER_PH2_SEND_LTK_REPLY;
e53be891SMatthias Ringwald                                break;
e53be891SMatthias Ringwald                            }
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald                            // store rand and ediv
9c80e4ccSMatthias Ringwald                            reverse_64(&packet[5], sm_conn->sm_local_rand);
9d1eff91SMatthias Ringwald                            sm_conn->sm_local_ediv = hci_subevent_le_long_term_key_request_get_encryption_diversifier(packet);
549ad5d2SMatthias Ringwald
549ad5d2SMatthias Ringwald                            // For Legacy Pairing (<=> EDIV != 0 || RAND != NULL), we need to recalculated our LTK as a
549ad5d2SMatthias Ringwald                            // potentially stored LTK is from the master
4ea43905SMatthias Ringwald                            if ((sm_conn->sm_local_ediv != 0u) || !sm_is_null_random(sm_conn->sm_local_rand)){
6c39055aSMatthias Ringwald                                if (sm_reconstruct_ltk_without_le_device_db_entry){
06cd539fSMatthias Ringwald                                    sm_conn->sm_engine_state = SM_RESPONDER_PH0_RECEIVED_LTK_REQUEST;
549ad5d2SMatthias Ringwald                                    break;
549ad5d2SMatthias Ringwald                                }
6c39055aSMatthias Ringwald                                // additionally check if remote is in LE Device DB if requested
6c39055aSMatthias Ringwald                                switch(sm_conn->sm_irk_lookup_state){
6c39055aSMatthias Ringwald                                    case IRK_LOOKUP_FAILED:
6c39055aSMatthias Ringwald                                        log_info("LTK Request: device not in device db");
6c39055aSMatthias Ringwald                                        sm_conn->sm_engine_state = SM_RESPONDER_PH0_SEND_LTK_REQUESTED_NEGATIVE_REPLY;
6c39055aSMatthias Ringwald                                        break;
6c39055aSMatthias Ringwald                                    case IRK_LOOKUP_SUCCEEDED:
6c39055aSMatthias Ringwald                                        sm_conn->sm_engine_state = SM_RESPONDER_PH0_RECEIVED_LTK_REQUEST;
6c39055aSMatthias Ringwald                                        break;
6c39055aSMatthias Ringwald                                    default:
6c39055aSMatthias Ringwald                                        // wait for irk look doen
6c39055aSMatthias Ringwald                                        sm_conn->sm_engine_state = SM_RESPONDER_PH0_RECEIVED_LTK_W4_IRK;
6c39055aSMatthias Ringwald                                        break;
6c39055aSMatthias Ringwald                                }
6c39055aSMatthias Ringwald                                break;
6c39055aSMatthias Ringwald                            }
549ad5d2SMatthias Ringwald
549ad5d2SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
06cd539fSMatthias Ringwald                            sm_conn->sm_engine_state = SM_SC_RECEIVED_LTK_REQUEST;
549ad5d2SMatthias Ringwald#else
549ad5d2SMatthias Ringwald                            log_info("LTK Request: ediv & random are empty, but LE Secure Connections not supported");
549ad5d2SMatthias Ringwald                            sm_conn->sm_engine_state = SM_RESPONDER_PH0_SEND_LTK_REQUESTED_NEGATIVE_REPLY;
549ad5d2SMatthias Ringwald#endif
3deb3ec6SMatthias Ringwald                            break;
804d3e67SMatthias Ringwald
3deb3ec6SMatthias Ringwald                        default:
3deb3ec6SMatthias Ringwald                            break;
3deb3ec6SMatthias Ringwald                    }
3deb3ec6SMatthias Ringwald                    break;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald                case HCI_EVENT_ENCRYPTION_CHANGE:
8601e696SMatthias Ringwald                case HCI_EVENT_ENCRYPTION_CHANGE_V2:
3b7fd749SMatthias Ringwald                	con_handle = hci_event_encryption_change_get_connection_handle(packet);
711e6c80SMatthias Ringwald                    sm_conn = sm_get_connection_for_handle(con_handle);
3deb3ec6SMatthias Ringwald                    if (!sm_conn) break;
3deb3ec6SMatthias Ringwald
3b7fd749SMatthias Ringwald                    sm_conn->sm_connection_encrypted = hci_event_encryption_change_get_encryption_enabled(packet);
3deb3ec6SMatthias Ringwald                    log_info("Encryption state change: %u, key size %u", sm_conn->sm_connection_encrypted,
3deb3ec6SMatthias Ringwald                        sm_conn->sm_actual_encryption_key_size);
3deb3ec6SMatthias Ringwald                    log_info("event handler, state %u", sm_conn->sm_engine_state);
03a9359aSMatthias Ringwald
fbe050beSMatthias Ringwald                    switch (sm_conn->sm_engine_state){
fbe050beSMatthias Ringwald
5567aa60SMatthias Ringwald                        case SM_PH4_W4_CONNECTION_ENCRYPTED:
03a9359aSMatthias Ringwald                            // encryption change event concludes re-encryption for bonded devices (even if it fails)
1d80f1e6SMatthias Ringwald                            if (sm_conn->sm_connection_encrypted != 0u) {
fbe050beSMatthias Ringwald                                status = ERROR_CODE_SUCCESS;
1d80f1e6SMatthias Ringwald                                if (IS_RESPONDER(sm_conn->sm_role)){
8d4eef95SMatthias Ringwald                                    sm_conn->sm_engine_state = SM_RESPONDER_IDLE;
8d4eef95SMatthias Ringwald                                } else {
03a9359aSMatthias Ringwald                                    sm_conn->sm_engine_state = SM_INITIATOR_CONNECTED;
8d4eef95SMatthias Ringwald                                }
fbe050beSMatthias Ringwald                            } else {
e28291c1SMatthias Ringwald                                status = hci_event_encryption_change_get_status(packet);
cb6d7eb0SMatthias Ringwald                                // set state to 'RE-ENCRYPTION FAILED' to allow pairing but prevent other interactions
3b7fd749SMatthias Ringwald                                // also, gap_reconnect_security_setup_active will return true
cb6d7eb0SMatthias Ringwald                                sm_conn->sm_engine_state = SM_GENERAL_REENCRYPTION_FAILED;
3b7fd749SMatthias Ringwald                            }
fbe050beSMatthias Ringwald
fbe050beSMatthias Ringwald                            // emit re-encryption complete
73102768SMatthias Ringwald                            sm_reencryption_complete(sm_conn, status);
fbe050beSMatthias Ringwald
c245ca32SMatthias Ringwald                            // notify client, if pairing was requested before
c245ca32SMatthias Ringwald                            if (sm_conn->sm_pairing_requested){
5f3874afSMatthias Ringwald                                sm_conn->sm_pairing_requested = false;
0ccf6c9cSMatthias Ringwald                                sm_pairing_complete(sm_conn, status, 0);
03a9359aSMatthias Ringwald                            }
03a9359aSMatthias Ringwald
3deb3ec6SMatthias Ringwald                            sm_done_for_handle(sm_conn->sm_handle);
3deb3ec6SMatthias Ringwald                            break;
fbe050beSMatthias Ringwald
3deb3ec6SMatthias Ringwald                        case SM_PH2_W4_CONNECTION_ENCRYPTED:
fbe050beSMatthias Ringwald                            if (!sm_conn->sm_connection_encrypted) break;
57ff4745SMatthias Ringwald                            // handler for HCI_EVENT_ENCRYPTION_KEY_REFRESH_COMPLETE
57ff4745SMatthias Ringwald                            // contains the same code for this state
dd583d9fSMatthias Ringwald                            sm_conn->sm_connection_sc = setup->sm_use_secure_connections;
42134bc6SMatthias Ringwald                            if (IS_RESPONDER(sm_conn->sm_role)){
3deb3ec6SMatthias Ringwald                                // slave
57ff4745SMatthias Ringwald                                if (sm_conn->sm_connection_sc){
bbf8db22SMatthias Ringwald                                    sm_conn->sm_engine_state = SM_PH3_DISTRIBUTE_KEYS;
bbf8db22SMatthias Ringwald                                } else {
f3582630SMatthias Ringwald                                    btstack_crypto_random_generate(&sm_crypto_random_request, sm_random_data, 8, &sm_handle_random_result_ph3_random, (void *)(uintptr_t) sm_conn->sm_handle);
bbf8db22SMatthias Ringwald                                }
3deb3ec6SMatthias Ringwald                            } else {
3deb3ec6SMatthias Ringwald                                // master
61d1a45eSMatthias Ringwald                                if (sm_key_distribution_all_received()){
3deb3ec6SMatthias Ringwald                                    // skip receiving keys as there are none
3deb3ec6SMatthias Ringwald                                    sm_key_distribution_handle_all_received(sm_conn);
f3582630SMatthias Ringwald                                    btstack_crypto_random_generate(&sm_crypto_random_request, sm_random_data, 8, &sm_handle_random_result_ph3_random, (void *)(uintptr_t) sm_conn->sm_handle);
3deb3ec6SMatthias Ringwald                                } else {
3deb3ec6SMatthias Ringwald                                    sm_conn->sm_engine_state = SM_PH3_RECEIVE_KEYS;
3deb3ec6SMatthias Ringwald                                }
3deb3ec6SMatthias Ringwald                            }
3deb3ec6SMatthias Ringwald                            break;
c18be159SMatthias Ringwald
c18be159SMatthias Ringwald#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
c18be159SMatthias Ringwald                        case SM_BR_EDR_W4_ENCRYPTION_COMPLETE:
599e89daSMatthias Ringwald                            sm_event_handle_classic_encryption_event(sm_conn, con_handle);
c18be159SMatthias Ringwald                            break;
c18be159SMatthias Ringwald#endif
3deb3ec6SMatthias Ringwald                        default:
3deb3ec6SMatthias Ringwald                            break;
3deb3ec6SMatthias Ringwald                    }
3deb3ec6SMatthias Ringwald                    break;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald                case HCI_EVENT_ENCRYPTION_KEY_REFRESH_COMPLETE:
711e6c80SMatthias Ringwald                    con_handle = little_endian_read_16(packet, 3);
711e6c80SMatthias Ringwald                    sm_conn = sm_get_connection_for_handle(con_handle);
3deb3ec6SMatthias Ringwald                    if (!sm_conn) break;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald                    log_info("Encryption key refresh complete, key size %u", sm_conn->sm_actual_encryption_key_size);
3deb3ec6SMatthias Ringwald                    log_info("event handler, state %u", sm_conn->sm_engine_state);
3deb3ec6SMatthias Ringwald                    // continue if part of initial pairing
3deb3ec6SMatthias Ringwald                    switch (sm_conn->sm_engine_state){
5567aa60SMatthias Ringwald                        case SM_PH4_W4_CONNECTION_ENCRYPTED:
1d80f1e6SMatthias Ringwald                            if (IS_RESPONDER(sm_conn->sm_role)){
5567aa60SMatthias Ringwald                                sm_conn->sm_engine_state = SM_RESPONDER_IDLE;
5567aa60SMatthias Ringwald                            } else {
3deb3ec6SMatthias Ringwald                                sm_conn->sm_engine_state = SM_INITIATOR_CONNECTED;
5567aa60SMatthias Ringwald                            }
3deb3ec6SMatthias Ringwald                            sm_done_for_handle(sm_conn->sm_handle);
3deb3ec6SMatthias Ringwald                            break;
3deb3ec6SMatthias Ringwald                        case SM_PH2_W4_CONNECTION_ENCRYPTED:
57ff4745SMatthias Ringwald                            // handler for HCI_EVENT_ENCRYPTION_CHANGE
57ff4745SMatthias Ringwald                            // contains the same code for this state
57ff4745SMatthias Ringwald                            sm_conn->sm_connection_sc = setup->sm_use_secure_connections;
42134bc6SMatthias Ringwald                            if (IS_RESPONDER(sm_conn->sm_role)){
3deb3ec6SMatthias Ringwald                                // slave
57ff4745SMatthias Ringwald                                if (sm_conn->sm_connection_sc){
57ff4745SMatthias Ringwald                                    sm_conn->sm_engine_state = SM_PH3_DISTRIBUTE_KEYS;
57ff4745SMatthias Ringwald                                } else {
f3582630SMatthias Ringwald                                    btstack_crypto_random_generate(&sm_crypto_random_request, sm_random_data, 8, &sm_handle_random_result_ph3_random, (void *)(uintptr_t) sm_conn->sm_handle);
57ff4745SMatthias Ringwald                                }
3deb3ec6SMatthias Ringwald                            } else {
3deb3ec6SMatthias Ringwald                                // master
57ff4745SMatthias Ringwald                                if (sm_key_distribution_all_received()){
57ff4745SMatthias Ringwald                                    // skip receiving keys as there are none
57ff4745SMatthias Ringwald                                    sm_key_distribution_handle_all_received(sm_conn);
57ff4745SMatthias Ringwald                                    btstack_crypto_random_generate(&sm_crypto_random_request, sm_random_data, 8, &sm_handle_random_result_ph3_random, (void *)(uintptr_t) sm_conn->sm_handle);
57ff4745SMatthias Ringwald                                } else {
3deb3ec6SMatthias Ringwald                                    sm_conn->sm_engine_state = SM_PH3_RECEIVE_KEYS;
3deb3ec6SMatthias Ringwald                                }
57ff4745SMatthias Ringwald                            }
3deb3ec6SMatthias Ringwald                            break;
94219034SMatthias Ringwald#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
94219034SMatthias Ringwald                        case SM_BR_EDR_W4_ENCRYPTION_COMPLETE:
94219034SMatthias Ringwald                            sm_event_handle_classic_encryption_event(sm_conn, con_handle);
94219034SMatthias Ringwald                            break;
94219034SMatthias Ringwald#endif
3deb3ec6SMatthias Ringwald                        default:
3deb3ec6SMatthias Ringwald                            break;
3deb3ec6SMatthias Ringwald                    }
3deb3ec6SMatthias Ringwald                    break;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald                case HCI_EVENT_DISCONNECTION_COMPLETE:
711e6c80SMatthias Ringwald                    con_handle = little_endian_read_16(packet, 3);
711e6c80SMatthias Ringwald                    sm_done_for_handle(con_handle);
711e6c80SMatthias Ringwald                    sm_conn = sm_get_connection_for_handle(con_handle);
3deb3ec6SMatthias Ringwald                    if (!sm_conn) break;
3deb3ec6SMatthias Ringwald
03f736b1SMatthias Ringwald                    // pairing failed, if it was ongoing
7f3f442dSMatthias Ringwald                    switch (sm_conn->sm_engine_state){
7f3f442dSMatthias Ringwald                        case SM_GENERAL_IDLE:
7f3f442dSMatthias Ringwald                        case SM_INITIATOR_CONNECTED:
7f3f442dSMatthias Ringwald                        case SM_RESPONDER_IDLE:
7f3f442dSMatthias Ringwald                            break;
7f3f442dSMatthias Ringwald                        default:
68a18fb9SMatthias Ringwald                            sm_reencryption_complete(sm_conn, ERROR_CODE_REMOTE_USER_TERMINATED_CONNECTION);
0ccf6c9cSMatthias Ringwald                            sm_pairing_complete(sm_conn, ERROR_CODE_REMOTE_USER_TERMINATED_CONNECTION, 0);
7f3f442dSMatthias Ringwald                            break;
03f736b1SMatthias Ringwald                    }
accbde80SMatthias Ringwald
3deb3ec6SMatthias Ringwald                    sm_conn->sm_engine_state = SM_GENERAL_IDLE;
3deb3ec6SMatthias Ringwald                    sm_conn->sm_handle = 0;
3deb3ec6SMatthias Ringwald                    break;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald                case HCI_EVENT_COMMAND_COMPLETE:
f7811256SMatthias Ringwald                    if (hci_event_command_complete_get_command_opcode(packet) == HCI_OPCODE_HCI_READ_BD_ADDR) {
9091c5f5SMatthias Ringwald                        // set local addr for le device db
33373e40SMatthias Ringwald                        reverse_bd_addr(&packet[OFFSET_OF_DATA_IN_COMMAND_COMPLETE + 1], addr);
0c130b19SMatthias Ringwald                        le_device_db_set_local_bd_addr(addr);
33373e40SMatthias Ringwald                    }
65b44ffdSMatthias Ringwald                    break;
a036ae12SMatthias Ringwald#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
a036ae12SMatthias Ringwald                case L2CAP_EVENT_INFORMATION_RESPONSE:
a036ae12SMatthias Ringwald                    con_handle = l2cap_event_information_response_get_con_handle(packet);
a036ae12SMatthias Ringwald                    sm_conn = sm_get_connection_for_handle(con_handle);
a036ae12SMatthias Ringwald                    if (!sm_conn) break;
a036ae12SMatthias Ringwald                    if (sm_conn->sm_engine_state == SM_BR_EDR_INITIATOR_W4_FIXED_CHANNEL_MASK){
a036ae12SMatthias Ringwald                        // check if remote supports SMP over BR/EDR
a036ae12SMatthias Ringwald                        const hci_connection_t * hci_connection = hci_connection_for_handle(con_handle);
a036ae12SMatthias Ringwald                        if ((hci_connection->l2cap_state.fixed_channels_supported & (1 << L2CAP_CID_BR_EDR_SECURITY_MANAGER)) != 0){
a036ae12SMatthias Ringwald                            sm_conn->sm_engine_state = SM_BR_EDR_INITIATOR_SEND_PAIRING_REQUEST;
a036ae12SMatthias Ringwald                        } else {
a036ae12SMatthias Ringwald                            sm_conn->sm_engine_state = SM_INITIATOR_CONNECTED;
f82b8f4bSMatthias Ringwald                            hci_dedicated_bonding_defer_disconnect(con_handle, false);
a036ae12SMatthias Ringwald                        }
a036ae12SMatthias Ringwald                    }
a036ae12SMatthias Ringwald                    break;
a036ae12SMatthias Ringwald#endif
65b44ffdSMatthias Ringwald                default:
65b44ffdSMatthias Ringwald                    break;
3deb3ec6SMatthias Ringwald			}
65b44ffdSMatthias Ringwald            break;
65b44ffdSMatthias Ringwald        default:
65b44ffdSMatthias Ringwald            break;
3deb3ec6SMatthias Ringwald	}
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald    sm_run();
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwaldstatic inline int sm_calc_actual_encryption_key_size(int other){
3deb3ec6SMatthias Ringwald    if (other < sm_min_encryption_key_size) return 0;
3deb3ec6SMatthias Ringwald    if (other < sm_max_encryption_key_size) return other;
3deb3ec6SMatthias Ringwald    return sm_max_encryption_key_size;
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
945888f5SMatthias Ringwald
31c09488SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
1d80f1e6SMatthias Ringwaldstatic bool sm_just_works_or_numeric_comparison(stk_generation_method_t method){
945888f5SMatthias Ringwald    switch (method){
945888f5SMatthias Ringwald        case JUST_WORKS:
47fb4255SMatthias Ringwald        case NUMERIC_COMPARISON:
1d80f1e6SMatthias Ringwald            return true;
945888f5SMatthias Ringwald        default:
1d80f1e6SMatthias Ringwald            return false;
945888f5SMatthias Ringwald    }
945888f5SMatthias Ringwald}
07036a04SMatthias Ringwald// responder
945888f5SMatthias Ringwald
1d80f1e6SMatthias Ringwaldstatic bool sm_passkey_used(stk_generation_method_t method){
688a08f9SMatthias Ringwald    switch (method){
688a08f9SMatthias Ringwald        case PK_RESP_INPUT:
1d80f1e6SMatthias Ringwald            return true;
688a08f9SMatthias Ringwald        default:
688a08f9SMatthias Ringwald            return 0;
688a08f9SMatthias Ringwald    }
688a08f9SMatthias Ringwald}
40c5d850SMatthias Ringwald
6777d8fdSMatthias Ringwaldstatic bool sm_passkey_entry(stk_generation_method_t method){
40c5d850SMatthias Ringwald    switch (method){
40c5d850SMatthias Ringwald        case PK_RESP_INPUT:
40c5d850SMatthias Ringwald        case PK_INIT_INPUT:
47fb4255SMatthias Ringwald        case PK_BOTH_INPUT:
6777d8fdSMatthias Ringwald            return true;
40c5d850SMatthias Ringwald        default:
6777d8fdSMatthias Ringwald            return false;
40c5d850SMatthias Ringwald    }
40c5d850SMatthias Ringwald}
40c5d850SMatthias Ringwald
31c09488SMatthias Ringwald#endif
688a08f9SMatthias Ringwald
3deb3ec6SMatthias Ringwald/**
3deb3ec6SMatthias Ringwald * @return ok
3deb3ec6SMatthias Ringwald */
3deb3ec6SMatthias Ringwaldstatic int sm_validate_stk_generation_method(void){
3deb3ec6SMatthias Ringwald    // check if STK generation method is acceptable by client
3deb3ec6SMatthias Ringwald    switch (setup->sm_stk_generation_method){
3deb3ec6SMatthias Ringwald        case JUST_WORKS:
4ea43905SMatthias Ringwald            return (sm_accepted_stk_generation_methods & SM_STK_GENERATION_METHOD_JUST_WORKS) != 0u;
3deb3ec6SMatthias Ringwald        case PK_RESP_INPUT:
3deb3ec6SMatthias Ringwald        case PK_INIT_INPUT:
47fb4255SMatthias Ringwald        case PK_BOTH_INPUT:
4ea43905SMatthias Ringwald            return (sm_accepted_stk_generation_methods & SM_STK_GENERATION_METHOD_PASSKEY) != 0u;
3deb3ec6SMatthias Ringwald        case OOB:
4ea43905SMatthias Ringwald            return (sm_accepted_stk_generation_methods & SM_STK_GENERATION_METHOD_OOB) != 0u;
47fb4255SMatthias Ringwald        case NUMERIC_COMPARISON:
4ea43905SMatthias Ringwald            return (sm_accepted_stk_generation_methods & SM_STK_GENERATION_METHOD_NUMERIC_COMPARISON) != 0u;
3deb3ec6SMatthias Ringwald        default:
3deb3ec6SMatthias Ringwald            return 0;
3deb3ec6SMatthias Ringwald    }
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
36f0defaSMatthias Ringwald#ifdef ENABLE_LE_CENTRAL
36f0defaSMatthias Ringwaldstatic void sm_initiator_connected_handle_security_request(sm_connection_t * sm_conn, const uint8_t *packet){
36f0defaSMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
36f0defaSMatthias Ringwald    if (sm_sc_only_mode){
36f0defaSMatthias Ringwald        uint8_t auth_req = packet[1];
36f0defaSMatthias Ringwald        if ((auth_req & SM_AUTHREQ_SECURE_CONNECTION) == 0){
36f0defaSMatthias Ringwald            sm_pairing_error(sm_conn, SM_REASON_AUTHENTHICATION_REQUIREMENTS);
36f0defaSMatthias Ringwald            return;
36f0defaSMatthias Ringwald        }
36f0defaSMatthias Ringwald    }
36f0defaSMatthias Ringwald#else
36f0defaSMatthias Ringwald    UNUSED(packet);
36f0defaSMatthias Ringwald#endif
36f0defaSMatthias Ringwald
36f0defaSMatthias Ringwald    int have_ltk;
36f0defaSMatthias Ringwald    uint8_t ltk[16];
36f0defaSMatthias Ringwald
36f0defaSMatthias Ringwald    // IRK complete?
36f0defaSMatthias Ringwald    switch (sm_conn->sm_irk_lookup_state){
36f0defaSMatthias Ringwald        case IRK_LOOKUP_FAILED:
36f0defaSMatthias Ringwald            // start pairing
36f0defaSMatthias Ringwald            sm_conn->sm_engine_state = SM_INITIATOR_PH1_W2_SEND_PAIRING_REQUEST;
36f0defaSMatthias Ringwald            break;
36f0defaSMatthias Ringwald        case IRK_LOOKUP_SUCCEEDED:
36f0defaSMatthias Ringwald            le_device_db_encryption_get(sm_conn->sm_le_db_index, NULL, NULL, ltk, NULL, NULL, NULL, NULL);
36f0defaSMatthias Ringwald            have_ltk = !sm_is_null_key(ltk);
36f0defaSMatthias Ringwald            log_info("central: security request - have_ltk %u, encryption %u", have_ltk, sm_conn->sm_connection_encrypted);
36f0defaSMatthias Ringwald            if (have_ltk && (sm_conn->sm_connection_encrypted == 0)){
36f0defaSMatthias Ringwald                // start re-encrypt if we have LTK and the connection is not already encrypted
36f0defaSMatthias Ringwald                sm_conn->sm_engine_state = SM_INITIATOR_PH4_HAS_LTK;
36f0defaSMatthias Ringwald            } else {
36f0defaSMatthias Ringwald                // start pairing
36f0defaSMatthias Ringwald                sm_conn->sm_engine_state = SM_INITIATOR_PH1_W2_SEND_PAIRING_REQUEST;
36f0defaSMatthias Ringwald            }
36f0defaSMatthias Ringwald            break;
36f0defaSMatthias Ringwald        default:
36f0defaSMatthias Ringwald            // otherwise, store security request
0dcaa15fSMatthias Ringwald            sm_conn->sm_security_request_received = true;
36f0defaSMatthias Ringwald            break;
36f0defaSMatthias Ringwald    }
36f0defaSMatthias Ringwald}
36f0defaSMatthias Ringwald#endif
36f0defaSMatthias Ringwald
f9bda154SMatthias Ringwaldstatic uint8_t sm_pdu_validate_and_get_opcode(uint8_t packet_type, const uint8_t *packet, uint16_t size){
8334d3d8SMatthias Ringwald
4c1d1092SMatthias Ringwald    // size of complete sm_pdu used to validate input
4c1d1092SMatthias Ringwald    static const uint8_t sm_pdu_size[] = {
4c1d1092SMatthias Ringwald            0,  // 0x00 invalid opcode
4c1d1092SMatthias Ringwald            7,  // 0x01 pairing request
4c1d1092SMatthias Ringwald            7,  // 0x02 pairing response
4c1d1092SMatthias Ringwald            17, // 0x03 pairing confirm
4c1d1092SMatthias Ringwald            17, // 0x04 pairing random
4c1d1092SMatthias Ringwald            2,  // 0x05 pairing failed
4c1d1092SMatthias Ringwald            17, // 0x06 encryption information
7a2e6387SMatthias Ringwald            11, // 0x07 master identification
4c1d1092SMatthias Ringwald            17, // 0x08 identification information
4c1d1092SMatthias Ringwald            8,  // 0x09 identify address information
4c1d1092SMatthias Ringwald            17, // 0x0a signing information
4c1d1092SMatthias Ringwald            2,  // 0x0b security request
4c1d1092SMatthias Ringwald            65, // 0x0c pairing public key
4c1d1092SMatthias Ringwald            17, // 0x0d pairing dhk check
4c1d1092SMatthias Ringwald            2,  // 0x0e keypress notification
4c1d1092SMatthias Ringwald    };
3deb3ec6SMatthias Ringwald
f9bda154SMatthias Ringwald    if (packet_type != SM_DATA_PACKET) return 0;
f9bda154SMatthias Ringwald    if (size == 0u) return 0;
4c1d1092SMatthias Ringwald
4c1d1092SMatthias Ringwald    uint8_t sm_pdu_code = packet[0];
4c1d1092SMatthias Ringwald
4c1d1092SMatthias Ringwald    // validate pdu size
f9bda154SMatthias Ringwald    if (sm_pdu_code >= sizeof(sm_pdu_size)) return 0;
f9bda154SMatthias Ringwald    if (sm_pdu_size[sm_pdu_code] != size)   return 0;
f9bda154SMatthias Ringwald
f9bda154SMatthias Ringwald    return sm_pdu_code;
f9bda154SMatthias Ringwald}
f9bda154SMatthias Ringwald
f94048d1SMatthias Ringwald
f94048d1SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
f94048d1SMatthias Ringwaldstatic void sm_pdu_handler_pairing_public_key(sm_connection_t * sm_conn, const uint8_t * packet) {
f94048d1SMatthias Ringwald    // store public key for DH Key calculation
f94048d1SMatthias Ringwald    reverse_256(&packet[01], &setup->sm_peer_q[0]);
f94048d1SMatthias Ringwald    reverse_256(&packet[33], &setup->sm_peer_q[32]);
f94048d1SMatthias Ringwald
f94048d1SMatthias Ringwald    // CVE-2020-26558: abort pairing if remote uses the same public key
f94048d1SMatthias Ringwald    if (memcmp(&setup->sm_peer_q, ec_q, 64) == 0){
f94048d1SMatthias Ringwald        log_info("Remote PK matches ours");
f94048d1SMatthias Ringwald        sm_pairing_error(sm_conn, SM_REASON_DHKEY_CHECK_FAILED);
f94048d1SMatthias Ringwald        return;
f94048d1SMatthias Ringwald    }
f94048d1SMatthias Ringwald
f94048d1SMatthias Ringwald    // validate public key
f94048d1SMatthias Ringwald    int err = btstack_crypto_ecc_p256_validate_public_key(setup->sm_peer_q);
f94048d1SMatthias Ringwald    if (err != 0){
f94048d1SMatthias Ringwald        log_info("sm: peer public key invalid %x", err);
f94048d1SMatthias Ringwald        sm_pairing_error(sm_conn, SM_REASON_DHKEY_CHECK_FAILED);
f94048d1SMatthias Ringwald        return;
f94048d1SMatthias Ringwald    }
f94048d1SMatthias Ringwald
f94048d1SMatthias Ringwald    // start calculating dhkey
f94048d1SMatthias Ringwald    btstack_crypto_ecc_p256_calculate_dhkey(&sm_crypto_ecc_p256_request, setup->sm_peer_q, setup->sm_dhkey, sm_sc_dhkey_calculated, (void*)(uintptr_t) sm_conn->sm_handle);
f94048d1SMatthias Ringwald
f94048d1SMatthias Ringwald    log_info("public key received, generation method %u", setup->sm_stk_generation_method);
f94048d1SMatthias Ringwald    if (IS_RESPONDER(sm_conn->sm_role)){
f94048d1SMatthias Ringwald        // responder
f94048d1SMatthias Ringwald        sm_conn->sm_engine_state = SM_SC_SEND_PUBLIC_KEY_COMMAND;
f94048d1SMatthias Ringwald    } else {
f94048d1SMatthias Ringwald        // initiator
f94048d1SMatthias Ringwald        // stk generation method
f94048d1SMatthias Ringwald        // passkey entry: notify app to show passkey or to request passkey
f94048d1SMatthias Ringwald        switch (setup->sm_stk_generation_method){
f94048d1SMatthias Ringwald            case JUST_WORKS:
f94048d1SMatthias Ringwald            case NUMERIC_COMPARISON:
f94048d1SMatthias Ringwald                sm_conn->sm_engine_state = SM_SC_W4_CONFIRMATION;
f94048d1SMatthias Ringwald                break;
f94048d1SMatthias Ringwald            case PK_RESP_INPUT:
f94048d1SMatthias Ringwald                sm_sc_start_calculating_local_confirm(sm_conn);
f94048d1SMatthias Ringwald                break;
f94048d1SMatthias Ringwald            case PK_INIT_INPUT:
f94048d1SMatthias Ringwald            case PK_BOTH_INPUT:
f94048d1SMatthias Ringwald                if (setup->sm_user_response != SM_USER_RESPONSE_PASSKEY){
f94048d1SMatthias Ringwald                    sm_conn->sm_engine_state = SM_SC_W4_USER_RESPONSE;
f94048d1SMatthias Ringwald                    break;
f94048d1SMatthias Ringwald                }
f94048d1SMatthias Ringwald                sm_sc_start_calculating_local_confirm(sm_conn);
f94048d1SMatthias Ringwald                break;
f94048d1SMatthias Ringwald            case OOB:
f94048d1SMatthias Ringwald                if (setup->sm_have_oob_data){
f94048d1SMatthias Ringwald                    // if we have received rb & cb, verify Cb = f4(PKb, PKb, rb, 0)
f94048d1SMatthias Ringwald                    sm_conn->sm_engine_state = SM_SC_W2_CMAC_FOR_CHECK_CONFIRMATION;
f94048d1SMatthias Ringwald                } else {
f94048d1SMatthias Ringwald                    // otherwise, generate our nonce
f94048d1SMatthias Ringwald                    sm_sc_generate_nx_for_send_random(sm_conn);
f94048d1SMatthias Ringwald                }
f94048d1SMatthias Ringwald                break;
f94048d1SMatthias Ringwald            default:
f94048d1SMatthias Ringwald                btstack_assert(false);
f94048d1SMatthias Ringwald                break;
f94048d1SMatthias Ringwald        }
f94048d1SMatthias Ringwald    }
f94048d1SMatthias Ringwald}
f94048d1SMatthias Ringwald#endif
f94048d1SMatthias Ringwald
f94048d1SMatthias Ringwald
73970ae5SMatthias Ringwaldstatic void sm_pdu_handler(sm_connection_t *sm_conn, uint8_t sm_pdu_code, const uint8_t *packet) {
6e46ecceSMatthias Ringwald    log_debug("sm_pdu_handler: state %u, pdu 0x%02x", sm_conn->sm_engine_state, sm_pdu_code);
6e46ecceSMatthias Ringwald
035b1b64SMatthias Ringwald#ifdef ENABLE_LE_CENTRAL
6e46ecceSMatthias Ringwald    int err;
035b1b64SMatthias Ringwald#endif
6e46ecceSMatthias Ringwald    uint8_t max_encryption_key_size;
6e46ecceSMatthias Ringwald
3deb3ec6SMatthias Ringwald    switch (sm_conn->sm_engine_state){
3deb3ec6SMatthias Ringwald
c8d0ff33SMatthias Ringwald        // a sm timeout requires a new physical connection
3deb3ec6SMatthias Ringwald        case SM_GENERAL_TIMEOUT:
3deb3ec6SMatthias Ringwald            return;
3deb3ec6SMatthias Ringwald
42134bc6SMatthias Ringwald#ifdef ENABLE_LE_CENTRAL
42134bc6SMatthias Ringwald
3deb3ec6SMatthias Ringwald        // Initiator
3deb3ec6SMatthias Ringwald        case SM_INITIATOR_CONNECTED:
4c1d1092SMatthias Ringwald            if ((sm_pdu_code != SM_CODE_SECURITY_REQUEST) || (sm_conn->sm_role)){
3deb3ec6SMatthias Ringwald                sm_pdu_received_in_wrong_state(sm_conn);
3deb3ec6SMatthias Ringwald                break;
3deb3ec6SMatthias Ringwald            }
36f0defaSMatthias Ringwald            sm_initiator_connected_handle_security_request(sm_conn, packet);
dc8ca372SMatthias Ringwald            break;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald        case SM_INITIATOR_PH1_W4_PAIRING_RESPONSE:
aacfafc3SMatthias Ringwald            // Core 5, Vol 3, Part H, 2.4.6:
aacfafc3SMatthias Ringwald            // "The master shall ignore the slave’s Security Request if the master has sent a Pairing Request
aacfafc3SMatthias Ringwald            //  without receiving a Pairing Response from the slave or if the master has initiated encryption mode setup."
aacfafc3SMatthias Ringwald            if (sm_pdu_code == SM_CODE_SECURITY_REQUEST){
aacfafc3SMatthias Ringwald                log_info("Ignoring Security Request");
aacfafc3SMatthias Ringwald                break;
aacfafc3SMatthias Ringwald            }
aacfafc3SMatthias Ringwald
aacfafc3SMatthias Ringwald            // all other pdus are incorrect
4c1d1092SMatthias Ringwald            if (sm_pdu_code != SM_CODE_PAIRING_RESPONSE){
3deb3ec6SMatthias Ringwald                sm_pdu_received_in_wrong_state(sm_conn);
3deb3ec6SMatthias Ringwald                break;
3deb3ec6SMatthias Ringwald            }
0af429c6SMatthias Ringwald
3deb3ec6SMatthias Ringwald            // store pairing request
6535961aSMatthias Ringwald            (void)memcpy(&setup->sm_s_pres, packet,
6535961aSMatthias Ringwald                         sizeof(sm_pairing_packet_t));
afbd946dSMatthias Ringwald
afbd946dSMatthias Ringwald            // validate encryption key size
afbd946dSMatthias Ringwald            max_encryption_key_size = sm_pairing_packet_get_max_encryption_key_size(setup->sm_s_pres);
afbd946dSMatthias Ringwald            if ((max_encryption_key_size < 7) || (max_encryption_key_size > 16)){
afbd946dSMatthias Ringwald                sm_pairing_error(sm_conn, SM_REASON_INVALID_PARAMETERS);
afbd946dSMatthias Ringwald                break;
afbd946dSMatthias Ringwald            }
afbd946dSMatthias Ringwald
3deb3ec6SMatthias Ringwald            err = sm_stk_generation_init(sm_conn);
0af429c6SMatthias Ringwald
0af429c6SMatthias Ringwald#ifdef ENABLE_TESTING_SUPPORT
0af429c6SMatthias Ringwald            if (0 < test_pairing_failure && test_pairing_failure < SM_REASON_DHKEY_CHECK_FAILED){
0af429c6SMatthias Ringwald                log_info("testing_support: abort with pairing failure %u", test_pairing_failure);
0af429c6SMatthias Ringwald                err = test_pairing_failure;
0af429c6SMatthias Ringwald            }
0af429c6SMatthias Ringwald#endif
0af429c6SMatthias Ringwald
9305033eSMatthias Ringwald            if (err != 0){
f4935286SMatthias Ringwald                sm_pairing_error(sm_conn, err);
3deb3ec6SMatthias Ringwald                break;
3deb3ec6SMatthias Ringwald            }
b41539d5SMatthias Ringwald
b41539d5SMatthias Ringwald            // generate random number first, if we need to show passkey
b41539d5SMatthias Ringwald            if (setup->sm_stk_generation_method == PK_RESP_INPUT){
f3582630SMatthias Ringwald                btstack_crypto_random_generate(&sm_crypto_random_request, sm_random_data, 8, &sm_handle_random_result_ph2_tk,  (void *)(uintptr_t) sm_conn->sm_handle);
b41539d5SMatthias Ringwald                break;
b41539d5SMatthias Ringwald            }
b41539d5SMatthias Ringwald
136d331aSMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
136d331aSMatthias Ringwald            if (setup->sm_use_secure_connections){
8cba5ca3SMatthias Ringwald                // SC Numeric Comparison will trigger user response after public keys & nonces have been exchanged
8cba5ca3SMatthias Ringwald                if (setup->sm_stk_generation_method == JUST_WORKS){
136d331aSMatthias Ringwald                    sm_conn->sm_engine_state = SM_PH1_W4_USER_RESPONSE;
136d331aSMatthias Ringwald                    sm_trigger_user_response(sm_conn);
136d331aSMatthias Ringwald                    if (setup->sm_user_response == SM_USER_RESPONSE_IDLE){
c6b7cbd9SMatthias Ringwald                        sm_conn->sm_engine_state = SM_SC_SEND_PUBLIC_KEY_COMMAND;
136d331aSMatthias Ringwald                    }
8cba5ca3SMatthias Ringwald                } else {
c6b7cbd9SMatthias Ringwald                    sm_conn->sm_engine_state = SM_SC_SEND_PUBLIC_KEY_COMMAND;
8cba5ca3SMatthias Ringwald                }
136d331aSMatthias Ringwald                break;
136d331aSMatthias Ringwald            }
136d331aSMatthias Ringwald#endif
3deb3ec6SMatthias Ringwald            sm_conn->sm_engine_state = SM_PH1_W4_USER_RESPONSE;
3deb3ec6SMatthias Ringwald            sm_trigger_user_response(sm_conn);
3deb3ec6SMatthias Ringwald            // response_idle == nothing <--> sm_trigger_user_response() did not require response
3deb3ec6SMatthias Ringwald            if (setup->sm_user_response == SM_USER_RESPONSE_IDLE){
f3582630SMatthias Ringwald                btstack_crypto_random_generate(&sm_crypto_random_request, setup->sm_local_random, 16, &sm_handle_random_result_ph2_random, (void *)(uintptr_t) sm_conn->sm_handle);
3deb3ec6SMatthias Ringwald            }
3deb3ec6SMatthias Ringwald            break;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald        case SM_INITIATOR_PH2_W4_PAIRING_CONFIRM:
4c1d1092SMatthias Ringwald            if (sm_pdu_code != SM_CODE_PAIRING_CONFIRM){
3deb3ec6SMatthias Ringwald                sm_pdu_received_in_wrong_state(sm_conn);
3deb3ec6SMatthias Ringwald                break;
3deb3ec6SMatthias Ringwald            }
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald            // store s_confirm
9c80e4ccSMatthias Ringwald            reverse_128(&packet[1], setup->sm_peer_confirm);
192365feSMatthias Ringwald
aa9b34e5SMatthias Ringwald            // abort if s_confirm matches m_confirm
aa9b34e5SMatthias Ringwald            if (memcmp(setup->sm_local_confirm, setup->sm_peer_confirm, 16) == 0){
aa9b34e5SMatthias Ringwald                sm_pdu_received_in_wrong_state(sm_conn);
aa9b34e5SMatthias Ringwald                break;
aa9b34e5SMatthias Ringwald            }
aa9b34e5SMatthias Ringwald
192365feSMatthias Ringwald#ifdef ENABLE_TESTING_SUPPORT
192365feSMatthias Ringwald            if (test_pairing_failure == SM_REASON_CONFIRM_VALUE_FAILED){
192365feSMatthias Ringwald                log_info("testing_support: reset confirm value");
192365feSMatthias Ringwald                memset(setup->sm_peer_confirm, 0, 16);
192365feSMatthias Ringwald            }
192365feSMatthias Ringwald#endif
3deb3ec6SMatthias Ringwald            sm_conn->sm_engine_state = SM_PH2_SEND_PAIRING_RANDOM;
3deb3ec6SMatthias Ringwald            break;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald        case SM_INITIATOR_PH2_W4_PAIRING_RANDOM:
4c1d1092SMatthias Ringwald            if (sm_pdu_code != SM_CODE_PAIRING_RANDOM){
3deb3ec6SMatthias Ringwald                sm_pdu_received_in_wrong_state(sm_conn);
3deb3ec6SMatthias Ringwald                break;;
3deb3ec6SMatthias Ringwald            }
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald            // received random value
9c80e4ccSMatthias Ringwald            reverse_128(&packet[1], setup->sm_peer_random);
3deb3ec6SMatthias Ringwald            sm_conn->sm_engine_state = SM_PH2_C1_GET_ENC_C;
3deb3ec6SMatthias Ringwald            break;
dc542de1SMatthias Ringwald
e2a5eb63SMatthias Ringwald        case SM_INITIATOR_PH4_HAS_LTK:
dc542de1SMatthias Ringwald        case SM_PH4_W4_CONNECTION_ENCRYPTED:
dc542de1SMatthias Ringwald            // ignore Security Request, see SM_INITIATOR_PH1_W4_PAIRING_RESPONSE above
dc542de1SMatthias Ringwald            if (sm_pdu_code != SM_CODE_SECURITY_REQUEST){
dc542de1SMatthias Ringwald                sm_pdu_received_in_wrong_state(sm_conn);
dc542de1SMatthias Ringwald            }
dc542de1SMatthias Ringwald            break;
42134bc6SMatthias Ringwald#endif
3deb3ec6SMatthias Ringwald
42134bc6SMatthias Ringwald#ifdef ENABLE_LE_PERIPHERAL
3deb3ec6SMatthias Ringwald        // Responder
3deb3ec6SMatthias Ringwald        case SM_RESPONDER_IDLE:
3deb3ec6SMatthias Ringwald        case SM_RESPONDER_SEND_SECURITY_REQUEST:
3deb3ec6SMatthias Ringwald        case SM_RESPONDER_PH1_W4_PAIRING_REQUEST:
4c1d1092SMatthias Ringwald            if (sm_pdu_code != SM_CODE_PAIRING_REQUEST){
3deb3ec6SMatthias Ringwald                sm_pdu_received_in_wrong_state(sm_conn);
3deb3ec6SMatthias Ringwald                break;;
3deb3ec6SMatthias Ringwald            }
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald            // store pairing request
212d735eSMatthias Ringwald            (void)memcpy(&sm_conn->sm_m_preq, packet, sizeof(sm_pairing_packet_t));
212d735eSMatthias Ringwald
afbd946dSMatthias Ringwald            // validation encryption key size
afbd946dSMatthias Ringwald            max_encryption_key_size = sm_pairing_packet_get_max_encryption_key_size(sm_conn->sm_m_preq);
afbd946dSMatthias Ringwald            if ((max_encryption_key_size < 7) || (max_encryption_key_size > 16)){
afbd946dSMatthias Ringwald                sm_pairing_error(sm_conn, SM_REASON_INVALID_PARAMETERS);
afbd946dSMatthias Ringwald                break;
afbd946dSMatthias Ringwald            }
afbd946dSMatthias Ringwald
212d735eSMatthias Ringwald            // check if IRK completed
212d735eSMatthias Ringwald            switch (sm_conn->sm_irk_lookup_state){
212d735eSMatthias Ringwald                case IRK_LOOKUP_SUCCEEDED:
212d735eSMatthias Ringwald                case IRK_LOOKUP_FAILED:
3deb3ec6SMatthias Ringwald                    sm_conn->sm_engine_state = SM_RESPONDER_PH1_PAIRING_REQUEST_RECEIVED;
3deb3ec6SMatthias Ringwald                    break;
212d735eSMatthias Ringwald                default:
212d735eSMatthias Ringwald                    sm_conn->sm_engine_state = SM_RESPONDER_PH1_PAIRING_REQUEST_RECEIVED_W4_IRK;
212d735eSMatthias Ringwald                    break;
212d735eSMatthias Ringwald            }
212d735eSMatthias Ringwald            break;
42134bc6SMatthias Ringwald#endif
3deb3ec6SMatthias Ringwald
27c32905SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
c6b7cbd9SMatthias Ringwald        case SM_SC_W4_PUBLIC_KEY_COMMAND:
4c1d1092SMatthias Ringwald            if (sm_pdu_code != SM_CODE_PAIRING_PUBLIC_KEY){
27c32905SMatthias Ringwald                sm_pdu_received_in_wrong_state(sm_conn);
27c32905SMatthias Ringwald                break;
27c32905SMatthias Ringwald            }
f94048d1SMatthias Ringwald            sm_pdu_handler_pairing_public_key(sm_conn, packet);
27c32905SMatthias Ringwald            break;
e53be891SMatthias Ringwald
c6b7cbd9SMatthias Ringwald        case SM_SC_W4_CONFIRMATION:
4c1d1092SMatthias Ringwald            if (sm_pdu_code != SM_CODE_PAIRING_CONFIRM){
45a61d50SMatthias Ringwald                sm_pdu_received_in_wrong_state(sm_conn);
45a61d50SMatthias Ringwald                break;
45a61d50SMatthias Ringwald            }
45a61d50SMatthias Ringwald            // received confirm value
45a61d50SMatthias Ringwald            reverse_128(&packet[1], setup->sm_peer_confirm);
45a61d50SMatthias Ringwald
192365feSMatthias Ringwald#ifdef ENABLE_TESTING_SUPPORT
192365feSMatthias Ringwald            if (test_pairing_failure == SM_REASON_CONFIRM_VALUE_FAILED){
192365feSMatthias Ringwald                log_info("testing_support: reset confirm value");
192365feSMatthias Ringwald                memset(setup->sm_peer_confirm, 0, 16);
192365feSMatthias Ringwald            }
192365feSMatthias Ringwald#endif
42134bc6SMatthias Ringwald            if (IS_RESPONDER(sm_conn->sm_role)){
45a61d50SMatthias Ringwald                // responder
07036a04SMatthias Ringwald                if (sm_passkey_used(setup->sm_stk_generation_method)){
07036a04SMatthias Ringwald                    if (setup->sm_user_response != SM_USER_RESPONSE_PASSKEY){
07036a04SMatthias Ringwald                        // still waiting for passkey
07036a04SMatthias Ringwald                        sm_conn->sm_engine_state = SM_SC_W4_USER_RESPONSE;
07036a04SMatthias Ringwald                        break;
07036a04SMatthias Ringwald                    }
07036a04SMatthias Ringwald                }
b35a3de2SMatthias Ringwald                sm_sc_start_calculating_local_confirm(sm_conn);
45a61d50SMatthias Ringwald            } else {
45a61d50SMatthias Ringwald                // initiator
945888f5SMatthias Ringwald                if (sm_just_works_or_numeric_comparison(setup->sm_stk_generation_method)){
6ca80073SMatthias Ringwald                    btstack_crypto_random_generate(&sm_crypto_random_request, setup->sm_local_nonce, 16, &sm_handle_random_result_sc_next_send_pairing_random, (void*)(uintptr_t) sm_conn->sm_handle);
f1c1783eSMatthias Ringwald                } else {
c6b7cbd9SMatthias Ringwald                    sm_conn->sm_engine_state = SM_SC_SEND_PAIRING_RANDOM;
45a61d50SMatthias Ringwald                }
f1c1783eSMatthias Ringwald            }
45a61d50SMatthias Ringwald            break;
45a61d50SMatthias Ringwald
c6b7cbd9SMatthias Ringwald        case SM_SC_W4_PAIRING_RANDOM:
4c1d1092SMatthias Ringwald            if (sm_pdu_code != SM_CODE_PAIRING_RANDOM){
e53be891SMatthias Ringwald                sm_pdu_received_in_wrong_state(sm_conn);
136d331aSMatthias Ringwald                break;
e53be891SMatthias Ringwald            }
e53be891SMatthias Ringwald
e53be891SMatthias Ringwald            // received random value
e53be891SMatthias Ringwald            reverse_128(&packet[1], setup->sm_peer_nonce);
e53be891SMatthias Ringwald
5a293e6eSMatthias Ringwald            // validate confirm value if Cb = f4(Pkb, Pka, Nb, z)
ae451ec5SMatthias Ringwald            // only check for JUST WORK/NC in initiator role OR passkey entry
d686b2d0SMatthias Ringwald            log_info("SM_SC_W4_PAIRING_RANDOM, responder: %u, just works: %u, passkey used %u, passkey entry %u",
d686b2d0SMatthias Ringwald                     IS_RESPONDER(sm_conn->sm_role), sm_just_works_or_numeric_comparison(setup->sm_stk_generation_method),
d686b2d0SMatthias Ringwald                     sm_passkey_used(setup->sm_stk_generation_method), sm_passkey_entry(setup->sm_stk_generation_method));
65a9a04eSMatthias Ringwald            if ( (!IS_RESPONDER(sm_conn->sm_role) && sm_just_works_or_numeric_comparison(setup->sm_stk_generation_method))
d686b2d0SMatthias Ringwald            ||   (sm_passkey_entry(setup->sm_stk_generation_method)) ) {
688a08f9SMatthias Ringwald                 sm_conn->sm_engine_state = SM_SC_W2_CMAC_FOR_CHECK_CONFIRMATION;
ae451ec5SMatthias Ringwald                 break;
5a293e6eSMatthias Ringwald            }
6f52a196SMatthias Ringwald
4acf7b7bSMatthias Ringwald            // OOB
4acf7b7bSMatthias Ringwald            if (setup->sm_stk_generation_method == OOB){
4acf7b7bSMatthias Ringwald
4acf7b7bSMatthias Ringwald                // setup local random, set to zero if remote did not receive our data
4acf7b7bSMatthias Ringwald                log_info("Received nonce, setup local random ra/rb for dhkey check");
4acf7b7bSMatthias Ringwald                if (IS_RESPONDER(sm_conn->sm_role)) {
4ea43905SMatthias Ringwald                    if (sm_pairing_packet_get_oob_data_flag(setup->sm_m_preq) == 0u) {
4acf7b7bSMatthias Ringwald                        log_info("Reset rb as A does not have OOB data");
4acf7b7bSMatthias Ringwald                        memset(setup->sm_rb, 0, 16);
4acf7b7bSMatthias Ringwald                    } else {
6535961aSMatthias Ringwald                        (void) memcpy(setup->sm_rb, sm_sc_oob_random, 16);
4acf7b7bSMatthias Ringwald                        log_info("Use stored rb");
4acf7b7bSMatthias Ringwald                        log_info_hexdump(setup->sm_rb, 16);
4acf7b7bSMatthias Ringwald                    }
4acf7b7bSMatthias Ringwald                } else {
4ea43905SMatthias Ringwald                    if (sm_pairing_packet_get_oob_data_flag(setup->sm_s_pres) == 0u){
4acf7b7bSMatthias Ringwald                        log_info("Reset ra as B does not have OOB data");
4acf7b7bSMatthias Ringwald                        memset(setup->sm_ra, 0, 16);
4acf7b7bSMatthias Ringwald                    } else {
6535961aSMatthias Ringwald                        (void)memcpy(setup->sm_ra, sm_sc_oob_random, 16);
4acf7b7bSMatthias Ringwald                        log_info("Use stored ra");
4acf7b7bSMatthias Ringwald                        log_info_hexdump(setup->sm_ra, 16);
4acf7b7bSMatthias Ringwald                    }
4acf7b7bSMatthias Ringwald                }
4acf7b7bSMatthias Ringwald
2419120aSMatthias Ringwald                if (IS_RESPONDER(sm_conn->sm_role)){
4acf7b7bSMatthias Ringwald                    if (setup->sm_have_oob_data){
2419120aSMatthias Ringwald                        // if we have received ra & ca, verify Ca = f4(PKa, PKa, ra, 0)
a680ba6bSMatthias Ringwald                        sm_conn->sm_engine_state = SM_SC_W2_CMAC_FOR_CHECK_CONFIRMATION;
2419120aSMatthias Ringwald                    } else {
2419120aSMatthias Ringwald                        // otherwise, generate our nonce
2419120aSMatthias Ringwald                        sm_sc_generate_nx_for_send_random(sm_conn);
a680ba6bSMatthias Ringwald                    }
2419120aSMatthias Ringwald                } else {
2419120aSMatthias Ringwald                    // Confirm value already validated if received before,
2419120aSMatthias Ringwald                    // move on to DHKey check
2419120aSMatthias Ringwald                    sm_sc_prepare_dhkey_check(sm_conn);
2419120aSMatthias Ringwald                }
2419120aSMatthias Ringwald                break;
4acf7b7bSMatthias Ringwald            }
a680ba6bSMatthias Ringwald
a680ba6bSMatthias Ringwald            // TODO: we only get here for Responder role with JW/NC
688a08f9SMatthias Ringwald            sm_sc_state_after_receiving_random(sm_conn);
e53be891SMatthias Ringwald            break;
e53be891SMatthias Ringwald
901c000fSMatthias Ringwald        case SM_SC_W2_CALCULATE_G2:
901c000fSMatthias Ringwald        case SM_SC_W4_CALCULATE_G2:
3cf37b8cSMatthias Ringwald        case SM_SC_W4_CALCULATE_DHKEY:
901c000fSMatthias Ringwald        case SM_SC_W2_CALCULATE_F5_SALT:
901c000fSMatthias Ringwald        case SM_SC_W4_CALCULATE_F5_SALT:
901c000fSMatthias Ringwald        case SM_SC_W2_CALCULATE_F5_MACKEY:
901c000fSMatthias Ringwald        case SM_SC_W4_CALCULATE_F5_MACKEY:
901c000fSMatthias Ringwald        case SM_SC_W2_CALCULATE_F5_LTK:
901c000fSMatthias Ringwald        case SM_SC_W4_CALCULATE_F5_LTK:
901c000fSMatthias Ringwald        case SM_SC_W2_CALCULATE_F6_FOR_DHKEY_CHECK:
c6b7cbd9SMatthias Ringwald        case SM_SC_W4_DHKEY_CHECK_COMMAND:
901c000fSMatthias Ringwald        case SM_SC_W4_CALCULATE_F6_FOR_DHKEY_CHECK:
d08147dfSMatthias Ringwald        case SM_SC_W4_USER_RESPONSE:
4c1d1092SMatthias Ringwald            if (sm_pdu_code != SM_CODE_PAIRING_DHKEY_CHECK){
e53be891SMatthias Ringwald                sm_pdu_received_in_wrong_state(sm_conn);
e53be891SMatthias Ringwald                break;
e53be891SMatthias Ringwald            }
e53be891SMatthias Ringwald            // store DHKey Check
901c000fSMatthias Ringwald            setup->sm_state_vars |= SM_STATE_VAR_DHKEY_COMMAND_RECEIVED;
e53be891SMatthias Ringwald            reverse_128(&packet[01], setup->sm_peer_dhkey_check);
446a8c36SMatthias Ringwald
901c000fSMatthias Ringwald            // have we been only waiting for dhkey check command?
901c000fSMatthias Ringwald            if (sm_conn->sm_engine_state == SM_SC_W4_DHKEY_CHECK_COMMAND){
019005a0SMatthias Ringwald                sm_conn->sm_engine_state = SM_SC_W2_CALCULATE_F6_TO_VERIFY_DHKEY_CHECK;
bd57ffebSMatthias Ringwald            }
bd57ffebSMatthias Ringwald            break;
27c32905SMatthias Ringwald#endif
27c32905SMatthias Ringwald
42134bc6SMatthias Ringwald#ifdef ENABLE_LE_PERIPHERAL
3deb3ec6SMatthias Ringwald        case SM_RESPONDER_PH1_W4_PAIRING_CONFIRM:
4c1d1092SMatthias Ringwald            if (sm_pdu_code != SM_CODE_PAIRING_CONFIRM){
3deb3ec6SMatthias Ringwald                sm_pdu_received_in_wrong_state(sm_conn);
27c32905SMatthias Ringwald                break;
3deb3ec6SMatthias Ringwald            }
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald            // received confirm value
9c80e4ccSMatthias Ringwald            reverse_128(&packet[1], setup->sm_peer_confirm);
3deb3ec6SMatthias Ringwald
192365feSMatthias Ringwald#ifdef ENABLE_TESTING_SUPPORT
192365feSMatthias Ringwald            if (test_pairing_failure == SM_REASON_CONFIRM_VALUE_FAILED){
192365feSMatthias Ringwald                log_info("testing_support: reset confirm value");
192365feSMatthias Ringwald                memset(setup->sm_peer_confirm, 0, 16);
192365feSMatthias Ringwald            }
192365feSMatthias Ringwald#endif
3deb3ec6SMatthias Ringwald            // notify client to hide shown passkey
3deb3ec6SMatthias Ringwald            if (setup->sm_stk_generation_method == PK_INIT_INPUT){
5611a760SMatthias Ringwald                sm_notify_client_base(SM_EVENT_PASSKEY_DISPLAY_CANCEL, sm_conn->sm_handle, sm_conn->sm_peer_addr_type, sm_conn->sm_peer_address);
3deb3ec6SMatthias Ringwald            }
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald            // handle user cancel pairing?
3deb3ec6SMatthias Ringwald            if (setup->sm_user_response == SM_USER_RESPONSE_DECLINE){
f4935286SMatthias Ringwald                sm_pairing_error(sm_conn, SM_REASON_PASSKEY_ENTRY_FAILED);
3deb3ec6SMatthias Ringwald                break;
3deb3ec6SMatthias Ringwald            }
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald            // wait for user action?
3deb3ec6SMatthias Ringwald            if (setup->sm_user_response == SM_USER_RESPONSE_PENDING){
3deb3ec6SMatthias Ringwald                sm_conn->sm_engine_state = SM_PH1_W4_USER_RESPONSE;
3deb3ec6SMatthias Ringwald                break;
3deb3ec6SMatthias Ringwald            }
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald            // calculate and send local_confirm
f3582630SMatthias Ringwald            btstack_crypto_random_generate(&sm_crypto_random_request, setup->sm_local_random, 16, &sm_handle_random_result_ph2_random, (void *)(uintptr_t) sm_conn->sm_handle);
3deb3ec6SMatthias Ringwald            break;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald        case SM_RESPONDER_PH2_W4_PAIRING_RANDOM:
4c1d1092SMatthias Ringwald            if (sm_pdu_code != SM_CODE_PAIRING_RANDOM){
3deb3ec6SMatthias Ringwald                sm_pdu_received_in_wrong_state(sm_conn);
3deb3ec6SMatthias Ringwald                break;;
3deb3ec6SMatthias Ringwald            }
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald            // received random value
9c80e4ccSMatthias Ringwald            reverse_128(&packet[1], setup->sm_peer_random);
3deb3ec6SMatthias Ringwald            sm_conn->sm_engine_state = SM_PH2_C1_GET_ENC_C;
3deb3ec6SMatthias Ringwald            break;
42134bc6SMatthias Ringwald#endif
3deb3ec6SMatthias Ringwald
672dc582SMatthias Ringwald        case SM_PH2_W4_CONNECTION_ENCRYPTED:
3deb3ec6SMatthias Ringwald        case SM_PH3_RECEIVE_KEYS:
4c1d1092SMatthias Ringwald            switch(sm_pdu_code){
3deb3ec6SMatthias Ringwald                case SM_CODE_ENCRYPTION_INFORMATION:
3deb3ec6SMatthias Ringwald                    setup->sm_key_distribution_received_set |= SM_KEYDIST_FLAG_ENCRYPTION_INFORMATION;
9c80e4ccSMatthias Ringwald                    reverse_128(&packet[1], setup->sm_peer_ltk);
3deb3ec6SMatthias Ringwald                    break;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald                case SM_CODE_MASTER_IDENTIFICATION:
3deb3ec6SMatthias Ringwald                    setup->sm_key_distribution_received_set |= SM_KEYDIST_FLAG_MASTER_IDENTIFICATION;
f8fbdce0SMatthias Ringwald                    setup->sm_peer_ediv = little_endian_read_16(packet, 1);
9c80e4ccSMatthias Ringwald                    reverse_64(&packet[3], setup->sm_peer_rand);
3deb3ec6SMatthias Ringwald                    break;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald                case SM_CODE_IDENTITY_INFORMATION:
3deb3ec6SMatthias Ringwald                    setup->sm_key_distribution_received_set |= SM_KEYDIST_FLAG_IDENTITY_INFORMATION;
9c80e4ccSMatthias Ringwald                    reverse_128(&packet[1], setup->sm_peer_irk);
3deb3ec6SMatthias Ringwald                    break;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald                case SM_CODE_IDENTITY_ADDRESS_INFORMATION:
3deb3ec6SMatthias Ringwald                    setup->sm_key_distribution_received_set |= SM_KEYDIST_FLAG_IDENTITY_ADDRESS_INFORMATION;
3deb3ec6SMatthias Ringwald                    setup->sm_peer_addr_type = packet[1];
724d70a2SMatthias Ringwald                    reverse_bd_addr(&packet[2], setup->sm_peer_address);
3deb3ec6SMatthias Ringwald                    break;
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald                case SM_CODE_SIGNING_INFORMATION:
3deb3ec6SMatthias Ringwald                    setup->sm_key_distribution_received_set |= SM_KEYDIST_FLAG_SIGNING_IDENTIFICATION;
9c80e4ccSMatthias Ringwald                    reverse_128(&packet[1], setup->sm_peer_csrk);
3deb3ec6SMatthias Ringwald                    break;
3deb3ec6SMatthias Ringwald                default:
3deb3ec6SMatthias Ringwald                    // Unexpected PDU
3deb3ec6SMatthias Ringwald                    log_info("Unexpected PDU %u in SM_PH3_RECEIVE_KEYS", packet[0]);
3deb3ec6SMatthias Ringwald                    break;
3deb3ec6SMatthias Ringwald            }
3deb3ec6SMatthias Ringwald            // done with key distribution?
61d1a45eSMatthias Ringwald            if (sm_key_distribution_all_received()){
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald                sm_key_distribution_handle_all_received(sm_conn);
3deb3ec6SMatthias Ringwald
42134bc6SMatthias Ringwald                if (IS_RESPONDER(sm_conn->sm_role)){
6f7422f1SMatthias Ringwald                    sm_key_distribution_complete_responder(sm_conn);
3deb3ec6SMatthias Ringwald                } else {
625f00b2SMatthias Ringwald                    if (setup->sm_use_secure_connections){
625f00b2SMatthias Ringwald                        sm_conn->sm_engine_state = SM_PH3_DISTRIBUTE_KEYS;
bbf8db22SMatthias Ringwald                    } else {
f3582630SMatthias Ringwald                        btstack_crypto_random_generate(&sm_crypto_random_request, sm_random_data, 8, &sm_handle_random_result_ph3_random, (void *)(uintptr_t) sm_conn->sm_handle);
625f00b2SMatthias Ringwald                    }
3deb3ec6SMatthias Ringwald                }
3deb3ec6SMatthias Ringwald            }
3deb3ec6SMatthias Ringwald            break;
c18be159SMatthias Ringwald
c18be159SMatthias Ringwald#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
b322498eSMatthias Ringwald
b322498eSMatthias Ringwald        case SM_BR_EDR_W4_ENCRYPTION_COMPLETE:
b322498eSMatthias Ringwald            // GAP/DM/LEP/BI-02-C - reject CTKD if P-192 encryption is used
b322498eSMatthias Ringwald            if (sm_pdu_code == SM_CODE_PAIRING_REQUEST){
b322498eSMatthias Ringwald                sm_pairing_error(sm_conn, SM_REASON_CROSS_TRANSPORT_KEY_DERIVATION_NOT_ALLOWED);
b322498eSMatthias Ringwald            }
b322498eSMatthias Ringwald            break;
b322498eSMatthias Ringwald
c18be159SMatthias Ringwald        case SM_BR_EDR_INITIATOR_W4_PAIRING_RESPONSE:
553c9408SMatthias Ringwald
553c9408SMatthias Ringwald            // dedicated bonding complete
f82b8f4bSMatthias Ringwald            hci_dedicated_bonding_defer_disconnect(sm_conn->sm_handle, false);
553c9408SMatthias Ringwald
c18be159SMatthias Ringwald            if (sm_pdu_code != SM_CODE_PAIRING_RESPONSE){
c18be159SMatthias Ringwald                sm_pdu_received_in_wrong_state(sm_conn);
c18be159SMatthias Ringwald                break;
c18be159SMatthias Ringwald            }
c18be159SMatthias Ringwald            // store pairing response
c18be159SMatthias Ringwald            (void)memcpy(&setup->sm_s_pres, packet, sizeof(sm_pairing_packet_t));
c18be159SMatthias Ringwald
c18be159SMatthias Ringwald            // validate encryption key size
afbd946dSMatthias Ringwald            max_encryption_key_size = sm_pairing_packet_get_max_encryption_key_size(setup->sm_s_pres);
afbd946dSMatthias Ringwald            if ((max_encryption_key_size < 7) || (max_encryption_key_size > 16)){
afbd946dSMatthias Ringwald                sm_pairing_error(sm_conn, SM_REASON_INVALID_PARAMETERS);
afbd946dSMatthias Ringwald                break;
afbd946dSMatthias Ringwald            }
afbd946dSMatthias Ringwald            sm_conn->sm_actual_encryption_key_size = sm_calc_actual_encryption_key_size(max_encryption_key_size);
c18be159SMatthias Ringwald            // SC Only mandates 128 bit key size
c18be159SMatthias Ringwald            if (sm_sc_only_mode && (sm_conn->sm_actual_encryption_key_size < 16)) {
c18be159SMatthias Ringwald                sm_conn->sm_actual_encryption_key_size  = 0;
c18be159SMatthias Ringwald            }
c18be159SMatthias Ringwald            if (sm_conn->sm_actual_encryption_key_size == 0){
c18be159SMatthias Ringwald                sm_pairing_error(sm_conn, SM_REASON_ENCRYPTION_KEY_SIZE);
c18be159SMatthias Ringwald                break;
c18be159SMatthias Ringwald            }
c18be159SMatthias Ringwald
c18be159SMatthias Ringwald            // prepare key exchange, LTK is derived locally
c18be159SMatthias Ringwald            sm_setup_key_distribution(sm_pairing_packet_get_initiator_key_distribution(setup->sm_s_pres) & ~SM_KEYDIST_ENC_KEY,
c18be159SMatthias Ringwald                                      sm_pairing_packet_get_responder_key_distribution(setup->sm_s_pres) & ~SM_KEYDIST_ENC_KEY);
c18be159SMatthias Ringwald
c18be159SMatthias Ringwald            // skip receive if there are none
61d1a45eSMatthias Ringwald            if (sm_key_distribution_all_received()){
c18be159SMatthias Ringwald                // distribute keys in run handles 'no keys to send'
c18be159SMatthias Ringwald                sm_conn->sm_engine_state = SM_BR_EDR_DISTRIBUTE_KEYS;
c18be159SMatthias Ringwald            } else {
c18be159SMatthias Ringwald                sm_conn->sm_engine_state = SM_BR_EDR_RECEIVE_KEYS;
c18be159SMatthias Ringwald            }
c18be159SMatthias Ringwald            break;
c18be159SMatthias Ringwald
c18be159SMatthias Ringwald        case SM_BR_EDR_RESPONDER_W4_PAIRING_REQUEST:
c18be159SMatthias Ringwald            if (sm_pdu_code != SM_CODE_PAIRING_REQUEST){
c18be159SMatthias Ringwald                sm_pdu_received_in_wrong_state(sm_conn);
c18be159SMatthias Ringwald                break;
c18be159SMatthias Ringwald            }
afbd946dSMatthias Ringwald
c18be159SMatthias Ringwald            // store pairing request
c18be159SMatthias Ringwald            (void)memcpy(&sm_conn->sm_m_preq, packet, sizeof(sm_pairing_packet_t));
afbd946dSMatthias Ringwald
c18be159SMatthias Ringwald            // validate encryption key size
f5217d52SMatthias Ringwald            max_encryption_key_size = sm_pairing_packet_get_max_encryption_key_size(sm_conn->sm_m_preq);
afbd946dSMatthias Ringwald            if ((max_encryption_key_size < 7) || (max_encryption_key_size > 16)){
afbd946dSMatthias Ringwald                sm_pairing_error(sm_conn, SM_REASON_INVALID_PARAMETERS);
afbd946dSMatthias Ringwald                break;
afbd946dSMatthias Ringwald            }
afbd946dSMatthias Ringwald            sm_conn->sm_actual_encryption_key_size = sm_calc_actual_encryption_key_size(max_encryption_key_size);
c18be159SMatthias Ringwald            // SC Only mandates 128 bit key size
c18be159SMatthias Ringwald            if (sm_sc_only_mode && (sm_conn->sm_actual_encryption_key_size < 16)) {
c18be159SMatthias Ringwald                sm_conn->sm_actual_encryption_key_size  = 0;
c18be159SMatthias Ringwald            }
c18be159SMatthias Ringwald            if (sm_conn->sm_actual_encryption_key_size == 0){
c18be159SMatthias Ringwald                sm_pairing_error(sm_conn, SM_REASON_ENCRYPTION_KEY_SIZE);
c18be159SMatthias Ringwald                break;
c18be159SMatthias Ringwald            }
c18be159SMatthias Ringwald            // trigger response
6a718a5eSMatthias Ringwald            if (sm_ctkd_from_classic(sm_conn)){
c18be159SMatthias Ringwald                sm_conn->sm_engine_state = SM_BR_EDR_RESPONDER_PAIRING_REQUEST_RECEIVED;
6a718a5eSMatthias Ringwald            } else {
6a718a5eSMatthias Ringwald                sm_pairing_error(sm_conn, SM_REASON_CROSS_TRANSPORT_KEY_DERIVATION_NOT_ALLOWED);
6a718a5eSMatthias Ringwald            }
c18be159SMatthias Ringwald            break;
c18be159SMatthias Ringwald
c18be159SMatthias Ringwald        case SM_BR_EDR_RECEIVE_KEYS:
c18be159SMatthias Ringwald            switch(sm_pdu_code){
c18be159SMatthias Ringwald                case SM_CODE_IDENTITY_INFORMATION:
c18be159SMatthias Ringwald                    setup->sm_key_distribution_received_set |= SM_KEYDIST_FLAG_IDENTITY_INFORMATION;
c18be159SMatthias Ringwald                    reverse_128(&packet[1], setup->sm_peer_irk);
c18be159SMatthias Ringwald                    break;
c18be159SMatthias Ringwald                case SM_CODE_IDENTITY_ADDRESS_INFORMATION:
c18be159SMatthias Ringwald                    setup->sm_key_distribution_received_set |= SM_KEYDIST_FLAG_IDENTITY_ADDRESS_INFORMATION;
c18be159SMatthias Ringwald                    setup->sm_peer_addr_type = packet[1];
c18be159SMatthias Ringwald                    reverse_bd_addr(&packet[2], setup->sm_peer_address);
c18be159SMatthias Ringwald                    break;
c18be159SMatthias Ringwald                case SM_CODE_SIGNING_INFORMATION:
c18be159SMatthias Ringwald                    setup->sm_key_distribution_received_set |= SM_KEYDIST_FLAG_SIGNING_IDENTIFICATION;
c18be159SMatthias Ringwald                    reverse_128(&packet[1], setup->sm_peer_csrk);
c18be159SMatthias Ringwald                    break;
c18be159SMatthias Ringwald                default:
c18be159SMatthias Ringwald                    // Unexpected PDU
c18be159SMatthias Ringwald                    log_info("Unexpected PDU %u in SM_PH3_RECEIVE_KEYS", packet[0]);
c18be159SMatthias Ringwald                    break;
c18be159SMatthias Ringwald            }
c18be159SMatthias Ringwald
c18be159SMatthias Ringwald            // all keys received
61d1a45eSMatthias Ringwald            if (sm_key_distribution_all_received()){
c18be159SMatthias Ringwald                if (IS_RESPONDER(sm_conn->sm_role)){
c18be159SMatthias Ringwald                    // responder -> keys exchanged, derive LE LTK
c18be159SMatthias Ringwald                    sm_ctkd_start_from_br_edr(sm_conn);
c18be159SMatthias Ringwald                } else {
c18be159SMatthias Ringwald                    // initiator -> send our keys if any
c18be159SMatthias Ringwald                    sm_conn->sm_engine_state = SM_BR_EDR_DISTRIBUTE_KEYS;
c18be159SMatthias Ringwald                }
c18be159SMatthias Ringwald            }
c18be159SMatthias Ringwald            break;
c18be159SMatthias Ringwald#endif
c18be159SMatthias Ringwald
3deb3ec6SMatthias Ringwald        default:
3deb3ec6SMatthias Ringwald            // Unexpected PDU
3deb3ec6SMatthias Ringwald            log_info("Unexpected PDU %u in state %u", packet[0], sm_conn->sm_engine_state);
2d095694SMatthias Ringwald            sm_pdu_received_in_wrong_state(sm_conn);
3deb3ec6SMatthias Ringwald            break;
3deb3ec6SMatthias Ringwald    }
3deb3ec6SMatthias Ringwald
70b44dd4SMatthias Ringwald    // try to send next pdu
70b44dd4SMatthias Ringwald    sm_trigger_run();
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
73970ae5SMatthias Ringwaldstatic void sm_channel_handler(uint8_t packet_type, hci_con_handle_t con_handle, uint8_t *packet, uint16_t size){
73970ae5SMatthias Ringwald
73970ae5SMatthias Ringwald    if ((packet_type == HCI_EVENT_PACKET) && (packet[0] == L2CAP_EVENT_CAN_SEND_NOW)){
73970ae5SMatthias Ringwald        sm_run();
73970ae5SMatthias Ringwald    }
73970ae5SMatthias Ringwald
73970ae5SMatthias Ringwald    uint8_t sm_pdu_code = sm_pdu_validate_and_get_opcode(packet_type, packet, size);
73970ae5SMatthias Ringwald    if (sm_pdu_code == 0) return;
73970ae5SMatthias Ringwald
73970ae5SMatthias Ringwald    sm_connection_t * sm_conn = sm_get_connection_for_handle(con_handle);
73970ae5SMatthias Ringwald    if (!sm_conn) return;
73970ae5SMatthias Ringwald
73970ae5SMatthias Ringwald    if (sm_pdu_code == SM_CODE_PAIRING_FAILED){
73970ae5SMatthias Ringwald        sm_reencryption_complete(sm_conn, ERROR_CODE_AUTHENTICATION_FAILURE);
73970ae5SMatthias Ringwald        sm_pairing_complete(sm_conn, ERROR_CODE_AUTHENTICATION_FAILURE, packet[1]);
73970ae5SMatthias Ringwald        sm_done_for_handle(con_handle);
73970ae5SMatthias Ringwald        sm_conn->sm_engine_state = sm_conn->sm_role ? SM_RESPONDER_IDLE : SM_INITIATOR_CONNECTED;
73970ae5SMatthias Ringwald        return;
73970ae5SMatthias Ringwald    }
73970ae5SMatthias Ringwald
73970ae5SMatthias Ringwald    if (sm_pdu_code == SM_CODE_KEYPRESS_NOTIFICATION){
73970ae5SMatthias Ringwald        uint8_t buffer[5];
73970ae5SMatthias Ringwald        buffer[0] = SM_EVENT_KEYPRESS_NOTIFICATION;
73970ae5SMatthias Ringwald        buffer[1] = 3;
73970ae5SMatthias Ringwald        little_endian_store_16(buffer, 2, con_handle);
73970ae5SMatthias Ringwald        buffer[4] = packet[1];
73970ae5SMatthias Ringwald        sm_dispatch_event(HCI_EVENT_PACKET, 0, buffer, sizeof(buffer));
73970ae5SMatthias Ringwald        return;
73970ae5SMatthias Ringwald    }
73970ae5SMatthias Ringwald
73970ae5SMatthias Ringwald    sm_pdu_handler(sm_conn, sm_pdu_code, packet);
73970ae5SMatthias Ringwald}
73970ae5SMatthias Ringwald
3deb3ec6SMatthias Ringwald// Security Manager Client API
a680ba6bSMatthias Ringwaldvoid sm_register_oob_data_callback( int (*get_oob_data_callback)(uint8_t address_type, bd_addr_t addr, uint8_t * oob_data)){
3deb3ec6SMatthias Ringwald    sm_get_oob_data = get_oob_data_callback;
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
4acf7b7bSMatthias Ringwaldvoid sm_register_sc_oob_data_callback( int (*get_sc_oob_data_callback)(uint8_t address_type, bd_addr_t addr, uint8_t * oob_sc_peer_confirm, uint8_t * oob_sc_peer_random)){
a680ba6bSMatthias Ringwald    sm_get_sc_oob_data = get_sc_oob_data_callback;
a680ba6bSMatthias Ringwald}
a680ba6bSMatthias Ringwald
b96d60a6SMatthias Ringwaldvoid sm_register_ltk_callback( bool (*get_ltk_callback)(hci_con_handle_t con_handle, uint8_t address_type, bd_addr_t addr, uint8_t * ltk)){
b96d60a6SMatthias Ringwald    sm_get_ltk_callback = get_ltk_callback;
b96d60a6SMatthias Ringwald}
b96d60a6SMatthias Ringwald
89a78d34SMatthias Ringwaldvoid sm_add_event_handler(btstack_packet_callback_registration_t * callback_handler){
89a78d34SMatthias Ringwald    btstack_linked_list_add_tail(&sm_event_handlers, (btstack_linked_item_t*) callback_handler);
89a78d34SMatthias Ringwald}
89a78d34SMatthias Ringwald
67f708e0SMatthias Ringwaldvoid sm_remove_event_handler(btstack_packet_callback_registration_t * callback_handler){
67f708e0SMatthias Ringwald    btstack_linked_list_remove(&sm_event_handlers, (btstack_linked_item_t*) callback_handler);
67f708e0SMatthias Ringwald}
67f708e0SMatthias Ringwald
3deb3ec6SMatthias Ringwaldvoid sm_set_accepted_stk_generation_methods(uint8_t accepted_stk_generation_methods){
3deb3ec6SMatthias Ringwald    sm_accepted_stk_generation_methods = accepted_stk_generation_methods;
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwaldvoid sm_set_encryption_key_size_range(uint8_t min_size, uint8_t max_size){
3deb3ec6SMatthias Ringwald	sm_min_encryption_key_size = min_size;
3deb3ec6SMatthias Ringwald	sm_max_encryption_key_size = max_size;
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwaldvoid sm_set_authentication_requirements(uint8_t auth_req){
98d95509SMatthias Ringwald#ifndef ENABLE_LE_SECURE_CONNECTIONS
98d95509SMatthias Ringwald    if (auth_req & SM_AUTHREQ_SECURE_CONNECTION){
98d95509SMatthias Ringwald        log_error("ENABLE_LE_SECURE_CONNECTIONS not defined, but requested by app. Dropping SC flag");
98d95509SMatthias Ringwald        auth_req &= ~SM_AUTHREQ_SECURE_CONNECTION;
98d95509SMatthias Ringwald    }
98d95509SMatthias Ringwald#endif
3deb3ec6SMatthias Ringwald    sm_auth_req = auth_req;
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwaldvoid sm_set_io_capabilities(io_capability_t io_capability){
3deb3ec6SMatthias Ringwald    sm_io_capabilities = io_capability;
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
42134bc6SMatthias Ringwald#ifdef ENABLE_LE_PERIPHERAL
728f6757SMatthias Ringwaldvoid sm_set_request_security(bool enable){
3deb3ec6SMatthias Ringwald    sm_slave_request_security = enable;
3deb3ec6SMatthias Ringwald}
42134bc6SMatthias Ringwald#endif
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwaldvoid sm_set_er(sm_key_t er){
6535961aSMatthias Ringwald    (void)memcpy(sm_persistent_er, er, 16);
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwaldvoid sm_set_ir(sm_key_t ir){
6535961aSMatthias Ringwald    (void)memcpy(sm_persistent_ir, ir, 16);
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald// Testing support only
3deb3ec6SMatthias Ringwaldvoid sm_test_set_irk(sm_key_t irk){
6535961aSMatthias Ringwald    (void)memcpy(sm_persistent_irk, irk, 16);
103fa6b0SMatthias Ringwald    dkg_state = DKG_CALC_DHK;
841468bbSMatthias Ringwald    test_use_fixed_local_irk = true;
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwaldvoid sm_test_use_fixed_local_csrk(void){
841468bbSMatthias Ringwald    test_use_fixed_local_csrk = true;
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
d1a1f6a4SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
d1a1f6a4SMatthias Ringwaldstatic void sm_ec_generated(void * arg){
d1a1f6a4SMatthias Ringwald    UNUSED(arg);
d1a1f6a4SMatthias Ringwald    ec_key_generation_state = EC_KEY_GENERATION_DONE;
34b6528fSMatthias Ringwald    // trigger pairing if pending for ec key
70b44dd4SMatthias Ringwald    sm_trigger_run();
d1a1f6a4SMatthias Ringwald}
674e5b4aSMatthias Ringwaldstatic void sm_ec_generate_new_key(void) {
34b6528fSMatthias Ringwald    log_info("sm: generate new ec key");
db88441fSMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS_DEBUG_KEY
db88441fSMatthias Ringwald    // LE Secure Connections Debug Key
db88441fSMatthias Ringwald    const uint8_t debug_key_public[64] = {
db88441fSMatthias Ringwald        0x20, 0xb0, 0x03, 0xd2, 0xf2, 0x97, 0xbe, 0x2c, 0x5e, 0x2c, 0x83, 0xa7, 0xe9, 0xf9, 0xa5, 0xb9,
db88441fSMatthias Ringwald        0xef, 0xf4, 0x91, 0x11, 0xac, 0xf4, 0xfd, 0xdb, 0xcc, 0x03, 0x01, 0x48, 0x0e, 0x35, 0x9d, 0xe6,
db88441fSMatthias Ringwald        0xdc, 0x80, 0x9c, 0x49, 0x65, 0x2a, 0xeb, 0x6d, 0x63, 0x32, 0x9a, 0xbf, 0x5a, 0x52, 0x15, 0x5c,
db88441fSMatthias Ringwald        0x76, 0x63, 0x45, 0xc2, 0x8f, 0xed, 0x30, 0x24, 0x74, 0x1c, 0x8e, 0xd0, 0x15, 0x89, 0xd2, 0x8b
db88441fSMatthias Ringwald    };
db88441fSMatthias Ringwald    const uint8_t debug_key_private[32] = {
db88441fSMatthias Ringwald        0x3f, 0x49, 0xf6, 0xd4, 0xa3, 0xc5, 0x5f, 0x38, 0x74, 0xc9, 0xb3, 0xe3, 0xd2, 0x10, 0x3f, 0x50,
db88441fSMatthias Ringwald        0x4a, 0xff, 0x60, 0x7b, 0xeb, 0x40, 0xb7, 0x99, 0x58, 0x99, 0xb8, 0xa6, 0xcd, 0x3c, 0x1a, 0xbd
db88441fSMatthias Ringwald    };
db88441fSMatthias Ringwald    if (sm_sc_debug_keys_enabled) {
db88441fSMatthias Ringwald        memcpy(ec_q, debug_key_public, 64);
db88441fSMatthias Ringwald        btstack_crypto_ecc_p256_set_key(debug_key_public, debug_key_private);
db88441fSMatthias Ringwald        ec_key_generation_state = EC_KEY_GENERATION_DONE;
db88441fSMatthias Ringwald    } else
db88441fSMatthias Ringwald#endif
db88441fSMatthias Ringwald    {
674e5b4aSMatthias Ringwald        ec_key_generation_state = EC_KEY_GENERATION_ACTIVE;
674e5b4aSMatthias Ringwald        btstack_crypto_ecc_p256_generate_key(&sm_crypto_ecc_p256_request, ec_q, &sm_ec_generated, NULL);
674e5b4aSMatthias Ringwald    }
db88441fSMatthias Ringwald}
d1a1f6a4SMatthias Ringwald#endif
d1a1f6a4SMatthias Ringwald
192365feSMatthias Ringwald#ifdef ENABLE_TESTING_SUPPORT
192365feSMatthias Ringwaldvoid sm_test_set_pairing_failure(int reason){
192365feSMatthias Ringwald    test_pairing_failure = reason;
192365feSMatthias Ringwald}
192365feSMatthias Ringwald#endif
192365feSMatthias Ringwald
7887cd92SMatthias Ringwaldstatic void sm_state_reset(void) {
7f775357SMatthias Ringwald#ifdef USE_CMAC_ENGINE
7f775357SMatthias Ringwald    sm_cmac_active  = 0;
7f775357SMatthias Ringwald#endif
7f775357SMatthias Ringwald    dkg_state = DKG_W4_WORKING;
7f775357SMatthias Ringwald    rau_state = RAU_IDLE;
7f775357SMatthias Ringwald    sm_aes128_state = SM_AES128_IDLE;
7f775357SMatthias Ringwald    sm_address_resolution_test = -1;    // no private address to resolve yet
7f775357SMatthias Ringwald    sm_address_resolution_mode = ADDRESS_RESOLUTION_IDLE;
7f775357SMatthias Ringwald    sm_address_resolution_general_queue = NULL;
7f775357SMatthias Ringwald    sm_active_connection_handle = HCI_CON_HANDLE_INVALID;
cbdd51cfSMatthias Ringwald    sm_persistent_keys_random_active = false;
7f775357SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
15211b85SMatthias Ringwald    ec_key_generation_state = EC_KEY_GENERATION_IDLE;
7f775357SMatthias Ringwald#endif
7f775357SMatthias Ringwald}
7f775357SMatthias Ringwald
3deb3ec6SMatthias Ringwaldvoid sm_init(void){
2d2d4d3cSMatthias Ringwald
2d2d4d3cSMatthias Ringwald    if (sm_initialized) return;
2d2d4d3cSMatthias Ringwald
899e6e02SMatthias Ringwald    // set default ER and IR values (should be unique - set by app or sm later using TLV)
899e6e02SMatthias Ringwald    sm_er_ir_set_default();
899e6e02SMatthias Ringwald
3deb3ec6SMatthias Ringwald    // defaults
3deb3ec6SMatthias Ringwald    sm_accepted_stk_generation_methods = SM_STK_GENERATION_METHOD_JUST_WORKS
3deb3ec6SMatthias Ringwald                                       | SM_STK_GENERATION_METHOD_OOB
b4343428SMatthias Ringwald                                       | SM_STK_GENERATION_METHOD_PASSKEY
b4343428SMatthias Ringwald                                       | SM_STK_GENERATION_METHOD_NUMERIC_COMPARISON;
b4343428SMatthias Ringwald
3deb3ec6SMatthias Ringwald    sm_max_encryption_key_size = 16;
3deb3ec6SMatthias Ringwald    sm_min_encryption_key_size = 7;
3deb3ec6SMatthias Ringwald
5ce1359eSMatthias Ringwald    sm_fixed_passkey_in_display_role = 0xffffffffU;
1979f09cSMatthias Ringwald    sm_reconstruct_ltk_without_le_device_db_entry = true;
caf15bf3SMatthias Ringwald
3deb3ec6SMatthias Ringwald    gap_random_adress_update_period = 15 * 60 * 1000L;
3deb3ec6SMatthias Ringwald
841468bbSMatthias Ringwald    test_use_fixed_local_csrk = false;
3deb3ec6SMatthias Ringwald
7f775357SMatthias Ringwald    // other
84c0c5c7SMatthias Ringwald    btstack_run_loop_set_timer_handler(&sm_run_timer, &sm_run_timer_handler);
84c0c5c7SMatthias Ringwald
a036ae12SMatthias Ringwald    // register for HCI Events
e03e489aSMatthias Ringwald    hci_event_callback_registration.callback = &sm_event_packet_handler;
e03e489aSMatthias Ringwald    hci_add_event_handler(&hci_event_callback_registration);
e03e489aSMatthias Ringwald
bad51150SMatthias Ringwald#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
a036ae12SMatthias Ringwald    // register for L2CAP events
a036ae12SMatthias Ringwald    l2cap_event_callback_registration.callback = &sm_event_packet_handler;
a036ae12SMatthias Ringwald    l2cap_add_event_handler(&l2cap_event_callback_registration);
bad51150SMatthias Ringwald#endif
a036ae12SMatthias Ringwald
d1a1f6a4SMatthias Ringwald    //
d1a1f6a4SMatthias Ringwald    btstack_crypto_init();
d1a1f6a4SMatthias Ringwald
51bd74d1SMatthias Ringwald    // init le_device_db
51bd74d1SMatthias Ringwald    le_device_db_init();
51bd74d1SMatthias Ringwald
b170b20fSMatthias Ringwald    // and L2CAP PDUs + L2CAP_EVENT_CAN_SEND_NOW
73970ae5SMatthias Ringwald    l2cap_register_fixed_channel(sm_channel_handler, L2CAP_CID_SECURITY_MANAGER_PROTOCOL);
384eabd3SMatthias Ringwald#ifdef ENABLE_CLASSIC
73970ae5SMatthias Ringwald    l2cap_register_fixed_channel(sm_channel_handler, L2CAP_CID_BR_EDR_SECURITY_MANAGER);
384eabd3SMatthias Ringwald#endif
27c32905SMatthias Ringwald
7f775357SMatthias Ringwald    // state
7f775357SMatthias Ringwald    sm_state_reset();
2d2d4d3cSMatthias Ringwald
2d2d4d3cSMatthias Ringwald    sm_initialized = true;
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
15537ea4SMatthias Ringwaldvoid sm_deinit(void){
15537ea4SMatthias Ringwald    sm_initialized = false;
15537ea4SMatthias Ringwald    btstack_run_loop_remove_timer(&sm_run_timer);
92f8d6b6SMatthias Ringwald#if defined(ENABLE_LE_SECURE_CONNECTIONS) && defined (ENABLE_LE_SECURE_CONNECTION_DEBUG_KEY)
db88441fSMatthias Ringwald    sm_sc_debug_keys_enabled = false;
db88441fSMatthias Ringwald#endif
15537ea4SMatthias Ringwald}
15537ea4SMatthias Ringwald
4b8c611fSMatthias Ringwaldvoid sm_use_fixed_passkey_in_display_role(uint32_t passkey){
4b8c611fSMatthias Ringwald    sm_fixed_passkey_in_display_role = passkey;
caf15bf3SMatthias Ringwald}
caf15bf3SMatthias Ringwald
6c39055aSMatthias Ringwaldvoid sm_allow_ltk_reconstruction_without_le_device_db_entry(int allow){
1979f09cSMatthias Ringwald    sm_reconstruct_ltk_without_le_device_db_entry = allow != 0;
6c39055aSMatthias Ringwald}
6c39055aSMatthias Ringwald
711e6c80SMatthias Ringwaldstatic sm_connection_t * sm_get_connection_for_handle(hci_con_handle_t con_handle){
711e6c80SMatthias Ringwald    hci_connection_t * hci_con = hci_connection_for_handle(con_handle);
3deb3ec6SMatthias Ringwald    if (!hci_con) return NULL;
3deb3ec6SMatthias Ringwald    return &hci_con->sm_connection;
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
916ea5b2SMatthias Ringwaldstatic void sm_cache_ltk(sm_connection_t * connection, const sm_key_t ltk){
916ea5b2SMatthias Ringwald    hci_connection_t * hci_con = hci_connection_for_handle(connection->sm_handle);
916ea5b2SMatthias Ringwald    btstack_assert(hci_con != NULL);
916ea5b2SMatthias Ringwald    memcpy(hci_con->link_key, ltk, 16);
f728bb7bSMatthias Ringwald    hci_con->link_key_type = COMBINATION_KEY;
916ea5b2SMatthias Ringwald}
916ea5b2SMatthias Ringwald
77e2e5edSMatthias Ringwald#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
77e2e5edSMatthias Ringwaldstatic sm_connection_t * sm_get_connection_for_bd_addr_and_type(bd_addr_t address, bd_addr_type_t addr_type){
77e2e5edSMatthias Ringwald    hci_connection_t * hci_con = hci_connection_for_bd_addr_and_type(address, addr_type);
77e2e5edSMatthias Ringwald    if (!hci_con) return NULL;
77e2e5edSMatthias Ringwald    return &hci_con->sm_connection;
77e2e5edSMatthias Ringwald}
77e2e5edSMatthias Ringwald#endif
77e2e5edSMatthias Ringwald
6bc3aba4SMatthias Ringwald// @deprecated: map onto sm_request_pairing
711e6c80SMatthias Ringwaldvoid sm_send_security_request(hci_con_handle_t con_handle){
711e6c80SMatthias Ringwald    sm_connection_t * sm_conn = sm_get_connection_for_handle(con_handle);
3deb3ec6SMatthias Ringwald    if (!sm_conn) return;
6bc3aba4SMatthias Ringwald    if (!IS_RESPONDER(sm_conn->sm_role)) return;
6bc3aba4SMatthias Ringwald    sm_request_pairing(con_handle);
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald// request pairing
711e6c80SMatthias Ringwaldvoid sm_request_pairing(hci_con_handle_t con_handle){
711e6c80SMatthias Ringwald    sm_connection_t * sm_conn = sm_get_connection_for_handle(con_handle);
3deb3ec6SMatthias Ringwald    if (!sm_conn) return;     // wrong connection
3deb3ec6SMatthias Ringwald
7af5dcd5SMatthias Ringwald    bool have_ltk;
7af5dcd5SMatthias Ringwald    uint8_t ltk[16];
2d68601cSMatthias Ringwald    bool auth_required;
2d68601cSMatthias Ringwald    int authenticated;
2d68601cSMatthias Ringwald    bool trigger_reencryption;
3deb3ec6SMatthias Ringwald    log_info("sm_request_pairing in role %u, state %u", sm_conn->sm_role, sm_conn->sm_engine_state);
42134bc6SMatthias Ringwald    if (IS_RESPONDER(sm_conn->sm_role)){
24c20dc4SMatthias Ringwald        switch (sm_conn->sm_engine_state){
24c20dc4SMatthias Ringwald            case SM_GENERAL_IDLE:
24c20dc4SMatthias Ringwald            case SM_RESPONDER_IDLE:
7af5dcd5SMatthias Ringwald                switch (sm_conn->sm_irk_lookup_state){
7af5dcd5SMatthias Ringwald                    case IRK_LOOKUP_SUCCEEDED:
7af5dcd5SMatthias Ringwald                        le_device_db_encryption_get(sm_conn->sm_le_db_index, NULL, NULL, ltk, NULL, NULL, NULL, NULL);
7af5dcd5SMatthias Ringwald                        have_ltk = !sm_is_null_key(ltk);
7af5dcd5SMatthias Ringwald                        log_info("have ltk %u", have_ltk);
7af5dcd5SMatthias Ringwald                        if (have_ltk){
5f3874afSMatthias Ringwald                            sm_conn->sm_pairing_requested = true;
24c20dc4SMatthias Ringwald                            sm_conn->sm_engine_state = SM_RESPONDER_SEND_SECURITY_REQUEST;
7af5dcd5SMatthias Ringwald                            sm_reencryption_started(sm_conn);
7af5dcd5SMatthias Ringwald                            break;
7af5dcd5SMatthias Ringwald                        }
7af5dcd5SMatthias Ringwald                        /* fall through */
7af5dcd5SMatthias Ringwald
7af5dcd5SMatthias Ringwald                    case IRK_LOOKUP_FAILED:
5f3874afSMatthias Ringwald                        sm_conn->sm_pairing_requested = true;
7af5dcd5SMatthias Ringwald                        sm_conn->sm_engine_state = SM_RESPONDER_SEND_SECURITY_REQUEST;
7af5dcd5SMatthias Ringwald                        sm_pairing_started(sm_conn);
7af5dcd5SMatthias Ringwald                        break;
7af5dcd5SMatthias Ringwald                    default:
7af5dcd5SMatthias Ringwald                        log_info("irk lookup pending");
5f3874afSMatthias Ringwald                        sm_conn->sm_pairing_requested = true;
7af5dcd5SMatthias Ringwald                        break;
7af5dcd5SMatthias Ringwald                }
24c20dc4SMatthias Ringwald                break;
24c20dc4SMatthias Ringwald            default:
24c20dc4SMatthias Ringwald                break;
24c20dc4SMatthias Ringwald        }
3deb3ec6SMatthias Ringwald    } else {
3deb3ec6SMatthias Ringwald        // used as a trigger to start central/master/initiator security procedures
175b7faaSMatthias Ringwald        switch (sm_conn->sm_engine_state){
175b7faaSMatthias Ringwald            case SM_INITIATOR_CONNECTED:
3deb3ec6SMatthias Ringwald                switch (sm_conn->sm_irk_lookup_state){
3deb3ec6SMatthias Ringwald                    case IRK_LOOKUP_SUCCEEDED:
2d68601cSMatthias Ringwald                        le_device_db_encryption_get(sm_conn->sm_le_db_index, NULL, NULL, ltk, NULL, &authenticated, NULL, NULL);
f53ec649SMatthias Ringwald                        have_ltk = !sm_is_null_key(ltk);
2d68601cSMatthias Ringwald                        auth_required = sm_auth_req & SM_AUTHREQ_MITM_PROTECTION;
2d68601cSMatthias Ringwald                        // re-encrypt is sufficient if we have ltk and that is either already authenticated or we don't require authentication
2d68601cSMatthias Ringwald                        trigger_reencryption = have_ltk && ((authenticated != 0) || (auth_required == false));
2d68601cSMatthias Ringwald                        log_info("have ltk %u, authenticated %u, auth required %u => reencrypt %u", have_ltk, authenticated, auth_required, trigger_reencryption);
2d68601cSMatthias Ringwald                        if (trigger_reencryption){
5f3874afSMatthias Ringwald                            sm_conn->sm_pairing_requested = true;
5567aa60SMatthias Ringwald                            sm_conn->sm_engine_state = SM_INITIATOR_PH4_HAS_LTK;
c245ca32SMatthias Ringwald                            break;
f53ec649SMatthias Ringwald                        }
cf373d3aSMatthias Ringwald                        /* fall through */
c245ca32SMatthias Ringwald
34c39fbdSMatthias Ringwald                    case IRK_LOOKUP_FAILED:
3deb3ec6SMatthias Ringwald                        sm_conn->sm_engine_state = SM_INITIATOR_PH1_W2_SEND_PAIRING_REQUEST;
3deb3ec6SMatthias Ringwald                        break;
3deb3ec6SMatthias Ringwald                    default:
d1a1f6a4SMatthias Ringwald                        log_info("irk lookup pending");
5f3874afSMatthias Ringwald                        sm_conn->sm_pairing_requested = true;
3deb3ec6SMatthias Ringwald                        break;
3deb3ec6SMatthias Ringwald                }
175b7faaSMatthias Ringwald                break;
cb6d7eb0SMatthias Ringwald            case SM_GENERAL_REENCRYPTION_FAILED:
cb6d7eb0SMatthias Ringwald                sm_conn->sm_engine_state = SM_INITIATOR_PH1_W2_SEND_PAIRING_REQUEST;
cb6d7eb0SMatthias Ringwald                break;
175b7faaSMatthias Ringwald            case SM_GENERAL_IDLE:
5f3874afSMatthias Ringwald                sm_conn->sm_pairing_requested = true;
175b7faaSMatthias Ringwald                break;
175b7faaSMatthias Ringwald            default:
175b7faaSMatthias Ringwald                break;
3deb3ec6SMatthias Ringwald        }
3deb3ec6SMatthias Ringwald    }
70b44dd4SMatthias Ringwald    sm_trigger_run();
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald// called by client app on authorization request
711e6c80SMatthias Ringwaldvoid sm_authorization_decline(hci_con_handle_t con_handle){
711e6c80SMatthias Ringwald    sm_connection_t * sm_conn = sm_get_connection_for_handle(con_handle);
3deb3ec6SMatthias Ringwald    if (!sm_conn) return;     // wrong connection
3deb3ec6SMatthias Ringwald    sm_conn->sm_connection_authorization_state = AUTHORIZATION_DECLINED;
589f5a99SMatthias Ringwald    sm_notify_client_status(SM_EVENT_AUTHORIZATION_RESULT, sm_conn->sm_handle, sm_conn->sm_peer_addr_type, sm_conn->sm_peer_address, 0);
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
711e6c80SMatthias Ringwaldvoid sm_authorization_grant(hci_con_handle_t con_handle){
711e6c80SMatthias Ringwald    sm_connection_t * sm_conn = sm_get_connection_for_handle(con_handle);
3deb3ec6SMatthias Ringwald    if (!sm_conn) return;     // wrong connection
3deb3ec6SMatthias Ringwald    sm_conn->sm_connection_authorization_state = AUTHORIZATION_GRANTED;
589f5a99SMatthias Ringwald    sm_notify_client_status(SM_EVENT_AUTHORIZATION_RESULT, sm_conn->sm_handle, sm_conn->sm_peer_addr_type, sm_conn->sm_peer_address, 1);
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwald// GAP Bonding API
3deb3ec6SMatthias Ringwald
711e6c80SMatthias Ringwaldvoid sm_bonding_decline(hci_con_handle_t con_handle){
711e6c80SMatthias Ringwald    sm_connection_t * sm_conn = sm_get_connection_for_handle(con_handle);
3deb3ec6SMatthias Ringwald    if (!sm_conn) return;     // wrong connection
3deb3ec6SMatthias Ringwald    setup->sm_user_response = SM_USER_RESPONSE_DECLINE;
0af429c6SMatthias Ringwald    log_info("decline, state %u", sm_conn->sm_engine_state);
0af429c6SMatthias Ringwald    switch(sm_conn->sm_engine_state){
0af429c6SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
0af429c6SMatthias Ringwald        case SM_SC_W4_USER_RESPONSE:
0af429c6SMatthias Ringwald        case SM_SC_W4_CONFIRMATION:
0af429c6SMatthias Ringwald        case SM_SC_W4_PUBLIC_KEY_COMMAND:
0af429c6SMatthias Ringwald#endif
0af429c6SMatthias Ringwald        case SM_PH1_W4_USER_RESPONSE:
de2fd182SMatthias Ringwald            switch (setup->sm_stk_generation_method){
de2fd182SMatthias Ringwald                case PK_RESP_INPUT:
de2fd182SMatthias Ringwald                case PK_INIT_INPUT:
47fb4255SMatthias Ringwald                case PK_BOTH_INPUT:
0af429c6SMatthias Ringwald                    sm_pairing_error(sm_conn, SM_REASON_PASSKEY_ENTRY_FAILED);
de2fd182SMatthias Ringwald                    break;
47fb4255SMatthias Ringwald                case NUMERIC_COMPARISON:
de2fd182SMatthias Ringwald                    sm_pairing_error(sm_conn, SM_REASON_NUMERIC_COMPARISON_FAILED);
de2fd182SMatthias Ringwald                    break;
de2fd182SMatthias Ringwald                case JUST_WORKS:
de2fd182SMatthias Ringwald                case OOB:
de2fd182SMatthias Ringwald                    sm_pairing_error(sm_conn, SM_REASON_UNSPECIFIED_REASON);
de2fd182SMatthias Ringwald                    break;
7bbeb3adSMilanka Ringwald                default:
7bbeb3adSMilanka Ringwald                    btstack_assert(false);
7bbeb3adSMilanka Ringwald                    break;
de2fd182SMatthias Ringwald            }
0af429c6SMatthias Ringwald            break;
0af429c6SMatthias Ringwald        default:
0af429c6SMatthias Ringwald            break;
3deb3ec6SMatthias Ringwald    }
70b44dd4SMatthias Ringwald    sm_trigger_run();
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
711e6c80SMatthias Ringwaldvoid sm_just_works_confirm(hci_con_handle_t con_handle){
711e6c80SMatthias Ringwald    sm_connection_t * sm_conn = sm_get_connection_for_handle(con_handle);
3deb3ec6SMatthias Ringwald    if (!sm_conn) return;     // wrong connection
3deb3ec6SMatthias Ringwald    setup->sm_user_response = SM_USER_RESPONSE_CONFIRM;
3deb3ec6SMatthias Ringwald    if (sm_conn->sm_engine_state == SM_PH1_W4_USER_RESPONSE){
136d331aSMatthias Ringwald        if (setup->sm_use_secure_connections){
c6b7cbd9SMatthias Ringwald            sm_conn->sm_engine_state = SM_SC_SEND_PUBLIC_KEY_COMMAND;
bbf8db22SMatthias Ringwald        } else {
f3582630SMatthias Ringwald            btstack_crypto_random_generate(&sm_crypto_random_request, setup->sm_local_random, 16, &sm_handle_random_result_ph2_random, (void *)(uintptr_t) sm_conn->sm_handle);
136d331aSMatthias Ringwald        }
3deb3ec6SMatthias Ringwald    }
0346c37cSMatthias Ringwald
0346c37cSMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
c6b7cbd9SMatthias Ringwald    if (sm_conn->sm_engine_state == SM_SC_W4_USER_RESPONSE){
dc300847SMatthias Ringwald        sm_sc_prepare_dhkey_check(sm_conn);
446a8c36SMatthias Ringwald    }
0346c37cSMatthias Ringwald#endif
0346c37cSMatthias Ringwald
70b44dd4SMatthias Ringwald    sm_trigger_run();
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
c8c46d51SMatthias Ringwaldvoid sm_numeric_comparison_confirm(hci_con_handle_t con_handle){
c8c46d51SMatthias Ringwald    // for now, it's the same
c8c46d51SMatthias Ringwald    sm_just_works_confirm(con_handle);
c8c46d51SMatthias Ringwald}
c8c46d51SMatthias Ringwald
711e6c80SMatthias Ringwaldvoid sm_passkey_input(hci_con_handle_t con_handle, uint32_t passkey){
711e6c80SMatthias Ringwald    sm_connection_t * sm_conn = sm_get_connection_for_handle(con_handle);
3deb3ec6SMatthias Ringwald    if (!sm_conn) return;     // wrong connection
3deb3ec6SMatthias Ringwald    sm_reset_tk();
f8fbdce0SMatthias Ringwald    big_endian_store_32(setup->sm_tk, 12, passkey);
3deb3ec6SMatthias Ringwald    setup->sm_user_response = SM_USER_RESPONSE_PASSKEY;
3deb3ec6SMatthias Ringwald    if (sm_conn->sm_engine_state == SM_PH1_W4_USER_RESPONSE){
f3582630SMatthias Ringwald        btstack_crypto_random_generate(&sm_crypto_random_request, setup->sm_local_random, 16, &sm_handle_random_result_ph2_random, (void *)(uintptr_t) sm_conn->sm_handle);
3deb3ec6SMatthias Ringwald    }
1c516d8fSMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
6535961aSMatthias Ringwald    (void)memcpy(setup->sm_ra, setup->sm_tk, 16);
6535961aSMatthias Ringwald    (void)memcpy(setup->sm_rb, setup->sm_tk, 16);
07036a04SMatthias Ringwald    if (sm_conn->sm_engine_state == SM_SC_W4_USER_RESPONSE){
07036a04SMatthias Ringwald        sm_sc_start_calculating_local_confirm(sm_conn);
07036a04SMatthias Ringwald    }
1c516d8fSMatthias Ringwald#endif
70b44dd4SMatthias Ringwald    sm_trigger_run();
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
3d7fe1e9SMatthias Ringwaldvoid sm_keypress_notification(hci_con_handle_t con_handle, uint8_t action){
3d7fe1e9SMatthias Ringwald    sm_connection_t * sm_conn = sm_get_connection_for_handle(con_handle);
3d7fe1e9SMatthias Ringwald    if (!sm_conn) return;     // wrong connection
3d7fe1e9SMatthias Ringwald    if (action > SM_KEYPRESS_PASSKEY_ENTRY_COMPLETED) return;
dd4a08fbSMatthias Ringwald    uint8_t num_actions = setup->sm_keypress_notification >> 5;
4ea43905SMatthias Ringwald    uint8_t flags = setup->sm_keypress_notification & 0x1fu;
dd4a08fbSMatthias Ringwald    switch (action){
dd4a08fbSMatthias Ringwald        case SM_KEYPRESS_PASSKEY_ENTRY_STARTED:
dd4a08fbSMatthias Ringwald        case SM_KEYPRESS_PASSKEY_ENTRY_COMPLETED:
4ea43905SMatthias Ringwald            flags |= (1u << action);
dd4a08fbSMatthias Ringwald            break;
dd4a08fbSMatthias Ringwald        case SM_KEYPRESS_PASSKEY_CLEARED:
dd4a08fbSMatthias Ringwald            // clear counter, keypress & erased flags + set passkey cleared
4ea43905SMatthias Ringwald            flags = (flags & 0x19u) | (1u << SM_KEYPRESS_PASSKEY_CLEARED);
dd4a08fbSMatthias Ringwald            break;
dd4a08fbSMatthias Ringwald        case SM_KEYPRESS_PASSKEY_DIGIT_ENTERED:
1d80f1e6SMatthias Ringwald            if ((flags & (1u << SM_KEYPRESS_PASSKEY_DIGIT_ERASED)) != 0u){
dd4a08fbSMatthias Ringwald                // erase actions queued
dd4a08fbSMatthias Ringwald                num_actions--;
4ea43905SMatthias Ringwald                if (num_actions == 0u){
dd4a08fbSMatthias Ringwald                    // clear counter, keypress & erased flags
4ea43905SMatthias Ringwald                    flags &= 0x19u;
dd4a08fbSMatthias Ringwald                }
dd4a08fbSMatthias Ringwald                break;
dd4a08fbSMatthias Ringwald            }
dd4a08fbSMatthias Ringwald            num_actions++;
4ea43905SMatthias Ringwald            flags |= (1u << SM_KEYPRESS_PASSKEY_DIGIT_ENTERED);
dd4a08fbSMatthias Ringwald            break;
dd4a08fbSMatthias Ringwald        case SM_KEYPRESS_PASSKEY_DIGIT_ERASED:
1d80f1e6SMatthias Ringwald            if ((flags & (1u << SM_KEYPRESS_PASSKEY_DIGIT_ENTERED)) != 0u){
dd4a08fbSMatthias Ringwald                // enter actions queued
dd4a08fbSMatthias Ringwald                num_actions--;
4ea43905SMatthias Ringwald                if (num_actions == 0u){
dd4a08fbSMatthias Ringwald                    // clear counter, keypress & erased flags
4ea43905SMatthias Ringwald                    flags &= 0x19u;
dd4a08fbSMatthias Ringwald                }
dd4a08fbSMatthias Ringwald                break;
dd4a08fbSMatthias Ringwald            }
dd4a08fbSMatthias Ringwald            num_actions++;
4ea43905SMatthias Ringwald            flags |= (1u << SM_KEYPRESS_PASSKEY_DIGIT_ERASED);
dd4a08fbSMatthias Ringwald            break;
dd4a08fbSMatthias Ringwald        default:
dd4a08fbSMatthias Ringwald            break;
dd4a08fbSMatthias Ringwald    }
dd4a08fbSMatthias Ringwald    setup->sm_keypress_notification = (num_actions << 5) | flags;
70b44dd4SMatthias Ringwald    sm_trigger_run();
3d7fe1e9SMatthias Ringwald}
3d7fe1e9SMatthias Ringwald
c59d0c92SMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
d1a1f6a4SMatthias Ringwaldstatic void sm_handle_random_result_oob(void * arg){
d1a1f6a4SMatthias Ringwald    UNUSED(arg);
d1a1f6a4SMatthias Ringwald    sm_sc_oob_state = SM_SC_OOB_W2_CALC_CONFIRM;
70b44dd4SMatthias Ringwald    sm_trigger_run();
d1a1f6a4SMatthias Ringwald}
c59d0c92SMatthias Ringwalduint8_t sm_generate_sc_oob_data(void (*callback)(const uint8_t * confirm_value, const uint8_t * random_value)){
8334d3d8SMatthias Ringwald
8334d3d8SMatthias Ringwald    static btstack_crypto_random_t   sm_crypto_random_oob_request;
8334d3d8SMatthias Ringwald
c59d0c92SMatthias Ringwald    if (sm_sc_oob_state != SM_SC_OOB_IDLE) return ERROR_CODE_COMMAND_DISALLOWED;
c59d0c92SMatthias Ringwald    sm_sc_oob_callback = callback;
d1a1f6a4SMatthias Ringwald    sm_sc_oob_state = SM_SC_OOB_W4_RANDOM;
d1a1f6a4SMatthias Ringwald    btstack_crypto_random_generate(&sm_crypto_random_oob_request, sm_sc_oob_random, 16, &sm_handle_random_result_oob, NULL);
c59d0c92SMatthias Ringwald    return 0;
c59d0c92SMatthias Ringwald}
c59d0c92SMatthias Ringwald#endif
c59d0c92SMatthias Ringwald
3deb3ec6SMatthias Ringwald/**
ba394633SMatthias Ringwald * @brief Get Identity Resolving state
ba394633SMatthias Ringwald * @param con_handle
ba394633SMatthias Ringwald * @return irk_lookup_state_t
ba394633SMatthias Ringwald */
ba394633SMatthias Ringwaldirk_lookup_state_t sm_identity_resolving_state(hci_con_handle_t con_handle){
ba394633SMatthias Ringwald    sm_connection_t * sm_conn = sm_get_connection_for_handle(con_handle);
ba394633SMatthias Ringwald    if (!sm_conn) return IRK_LOOKUP_IDLE;
ba394633SMatthias Ringwald    return sm_conn->sm_irk_lookup_state;
ba394633SMatthias Ringwald}
ba394633SMatthias Ringwald
ba394633SMatthias Ringwald/**
3deb3ec6SMatthias Ringwald * @brief Identify device in LE Device DB
3deb3ec6SMatthias Ringwald * @param handle
6b65794dSMilanka Ringwald * @return index from le_device_db or -1 if not found/identified
3deb3ec6SMatthias Ringwald */
711e6c80SMatthias Ringwaldint sm_le_device_index(hci_con_handle_t con_handle ){
711e6c80SMatthias Ringwald    sm_connection_t * sm_conn = sm_get_connection_for_handle(con_handle);
3deb3ec6SMatthias Ringwald    if (!sm_conn) return -1;
3deb3ec6SMatthias Ringwald    return sm_conn->sm_le_db_index;
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
916ea5b2SMatthias Ringwalduint8_t sm_get_ltk(hci_con_handle_t con_handle, sm_key_t ltk){
916ea5b2SMatthias Ringwald    hci_connection_t * hci_connection = hci_connection_for_handle(con_handle);
916ea5b2SMatthias Ringwald    if (hci_connection == NULL){
916ea5b2SMatthias Ringwald        return ERROR_CODE_UNKNOWN_CONNECTION_IDENTIFIER;
916ea5b2SMatthias Ringwald    }
f728bb7bSMatthias Ringwald    if (hci_connection->link_key_type == INVALID_LINK_KEY){
916ea5b2SMatthias Ringwald        return ERROR_CODE_PIN_OR_KEY_MISSING;
916ea5b2SMatthias Ringwald    }
916ea5b2SMatthias Ringwald    memcpy(ltk, hci_connection->link_key, 16);
916ea5b2SMatthias Ringwald    return ERROR_CODE_SUCCESS;
916ea5b2SMatthias Ringwald}
916ea5b2SMatthias Ringwald
8f57b085SMatthias Ringwaldstatic int gap_random_address_type_requires_updates(void){
47ba4de1SMatthias Ringwald    switch (gap_random_adress_type){
47ba4de1SMatthias Ringwald        case GAP_RANDOM_ADDRESS_TYPE_OFF:
47ba4de1SMatthias Ringwald        case GAP_RANDOM_ADDRESS_TYPE_STATIC:
47ba4de1SMatthias Ringwald            return 0;
47ba4de1SMatthias Ringwald        default:
8f57b085SMatthias Ringwald            return 1;
8f57b085SMatthias Ringwald    }
47ba4de1SMatthias Ringwald}
d70217a2SMatthias Ringwald
33373e40SMatthias Ringwaldstatic uint8_t own_address_type(void){
b95a5a35SMatthias Ringwald    switch (gap_random_adress_type){
b95a5a35SMatthias Ringwald        case GAP_RANDOM_ADDRESS_TYPE_OFF:
b95a5a35SMatthias Ringwald            return BD_ADDR_TYPE_LE_PUBLIC;
b95a5a35SMatthias Ringwald        default:
b95a5a35SMatthias Ringwald            return BD_ADDR_TYPE_LE_RANDOM;
b95a5a35SMatthias Ringwald    }
33373e40SMatthias Ringwald}
8f57b085SMatthias Ringwald
3deb3ec6SMatthias Ringwald// GAP LE API
3deb3ec6SMatthias Ringwaldvoid gap_random_address_set_mode(gap_random_address_type_t random_address_type){
3deb3ec6SMatthias Ringwald    gap_random_address_update_stop();
3deb3ec6SMatthias Ringwald    gap_random_adress_type = random_address_type;
b95a5a35SMatthias Ringwald    hci_le_set_own_address_type(own_address_type());
8f57b085SMatthias Ringwald    if (!gap_random_address_type_requires_updates()) return;
3deb3ec6SMatthias Ringwald    gap_random_address_update_start();
3deb3ec6SMatthias Ringwald    gap_random_address_trigger();
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwaldgap_random_address_type_t gap_random_address_get_mode(void){
3deb3ec6SMatthias Ringwald    return gap_random_adress_type;
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
3deb3ec6SMatthias Ringwaldvoid gap_random_address_set_update_period(int period_ms){
3deb3ec6SMatthias Ringwald    gap_random_adress_update_period = period_ms;
8f57b085SMatthias Ringwald    if (!gap_random_address_type_requires_updates()) return;
3deb3ec6SMatthias Ringwald    gap_random_address_update_stop();
3deb3ec6SMatthias Ringwald    gap_random_address_update_start();
3deb3ec6SMatthias Ringwald}
3deb3ec6SMatthias Ringwald
667ba9d1SMatthias Ringwaldvoid gap_random_address_set(const bd_addr_t addr){
8f57b085SMatthias Ringwald    gap_random_address_set_mode(GAP_RANDOM_ADDRESS_TYPE_STATIC);
6535961aSMatthias Ringwald    (void)memcpy(sm_random_address, addr, 6);
63d302e8SMatthias Ringwald    // assert msb bits are set to '11'
63d302e8SMatthias Ringwald    sm_random_address[0] |= 0xc0;
63d302e8SMatthias Ringwald    hci_le_random_address_set(sm_random_address);
7e252622SMatthias Ringwald}
7e252622SMatthias Ringwald
d70217a2SMatthias Ringwald#ifdef ENABLE_LE_PERIPHERAL
3deb3ec6SMatthias Ringwald/*
3deb3ec6SMatthias Ringwald * @brief Set Advertisement Paramters
3deb3ec6SMatthias Ringwald * @param adv_int_min
3deb3ec6SMatthias Ringwald * @param adv_int_max
3deb3ec6SMatthias Ringwald * @param adv_type
3deb3ec6SMatthias Ringwald * @param direct_address_type
3deb3ec6SMatthias Ringwald * @param direct_address
3deb3ec6SMatthias Ringwald * @param channel_map
3deb3ec6SMatthias Ringwald * @param filter_policy
3deb3ec6SMatthias Ringwald *
3deb3ec6SMatthias Ringwald * @note own_address_type is used from gap_random_address_set_mode
3deb3ec6SMatthias Ringwald */
3deb3ec6SMatthias Ringwaldvoid gap_advertisements_set_params(uint16_t adv_int_min, uint16_t adv_int_max, uint8_t adv_type,
3deb3ec6SMatthias Ringwald    uint8_t direct_address_typ, bd_addr_t direct_address, uint8_t channel_map, uint8_t filter_policy){
b95a5a35SMatthias Ringwald    hci_le_advertisements_set_params(adv_int_min, adv_int_max, adv_type,
3deb3ec6SMatthias Ringwald        direct_address_typ, direct_address, channel_map, filter_policy);
3deb3ec6SMatthias Ringwald}
d70217a2SMatthias Ringwald#endif
dcd6c9b5SMatthias Ringwald
c7ceba59SMatthias Ringwaldbool gap_reconnect_security_setup_active(hci_con_handle_t con_handle){
dcd6c9b5SMatthias Ringwald    sm_connection_t * sm_conn = sm_get_connection_for_handle(con_handle);
dcd6c9b5SMatthias Ringwald     // wrong connection
c7ceba59SMatthias Ringwald    if (!sm_conn) return false;
dcd6c9b5SMatthias Ringwald    // already encrypted
c7ceba59SMatthias Ringwald    if (sm_conn->sm_connection_encrypted) return false;
dcd6c9b5SMatthias Ringwald    // irk status?
dcd6c9b5SMatthias Ringwald    switch(sm_conn->sm_irk_lookup_state){
dcd6c9b5SMatthias Ringwald        case IRK_LOOKUP_FAILED:
dcd6c9b5SMatthias Ringwald            // done, cannot setup encryption
c7ceba59SMatthias Ringwald            return false;
dcd6c9b5SMatthias Ringwald        case IRK_LOOKUP_SUCCEEDED:
dcd6c9b5SMatthias Ringwald            break;
dcd6c9b5SMatthias Ringwald        default:
dcd6c9b5SMatthias Ringwald            // IR Lookup pending
c7ceba59SMatthias Ringwald            return true;
dcd6c9b5SMatthias Ringwald    }
f0674e22SMatthias Ringwald    // IRK Lookup Succeeded, re-encryption should be initiated. When done, state gets reset or indicates failure
c7ceba59SMatthias Ringwald    if (sm_conn->sm_engine_state == SM_GENERAL_REENCRYPTION_FAILED) return false;
c7ceba59SMatthias Ringwald    if (sm_conn->sm_role != 0){
b15d5ceaSMatthias Ringwald        return sm_conn->sm_engine_state != SM_RESPONDER_IDLE;
b15d5ceaSMatthias Ringwald    } else {
dcd6c9b5SMatthias Ringwald        return sm_conn->sm_engine_state != SM_INITIATOR_CONNECTED;
dcd6c9b5SMatthias Ringwald    }
b15d5ceaSMatthias Ringwald}
3cdbe9dbSMatthias Ringwald
3cdbe9dbSMatthias Ringwaldvoid sm_set_secure_connections_only_mode(bool enable){
3cdbe9dbSMatthias Ringwald#ifdef ENABLE_LE_SECURE_CONNECTIONS
3cdbe9dbSMatthias Ringwald    sm_sc_only_mode = enable;
3cdbe9dbSMatthias Ringwald#else
3cdbe9dbSMatthias Ringwald    // SC Only mode not possible without support for SC
3cdbe9dbSMatthias Ringwald    btstack_assert(enable == false);
3cdbe9dbSMatthias Ringwald#endif
3cdbe9dbSMatthias Ringwald}
052bbdc5SMatthias Ringwald
92f8d6b6SMatthias Ringwald#if defined(ENABLE_LE_SECURE_CONNECTIONS) && defined (ENABLE_LE_SECURE_CONNECTION_DEBUG_KEY)
db88441fSMatthias Ringwaldvoid sm_test_enable_secure_connections_debug_keys(void) {
db88441fSMatthias Ringwald    log_info("Enable LE Secure Connection Debug Keys for testing");
db88441fSMatthias Ringwald    sm_sc_debug_keys_enabled = true;
db88441fSMatthias Ringwald    // set debug key
db88441fSMatthias Ringwald    sm_ec_generate_new_key();
db88441fSMatthias Ringwald}
db88441fSMatthias Ringwald#endif
db88441fSMatthias Ringwald
052bbdc5SMatthias Ringwaldconst uint8_t * gap_get_persistent_irk(void){
052bbdc5SMatthias Ringwald    return sm_persistent_irk;
052bbdc5SMatthias Ringwald}
4f384501SMatthias Ringwald
4f384501SMatthias Ringwaldvoid gap_delete_bonding(bd_addr_type_t address_type, bd_addr_t address){
22cb578bSMatthias Ringwald    int index = sm_le_device_db_index_lookup(address_type, address);
22cb578bSMatthias Ringwald    if (index >= 0){
22cb578bSMatthias Ringwald        sm_remove_le_device_db_entry(index);
4f384501SMatthias Ringwald    }
4f384501SMatthias Ringwald}