13deb3ec6SMatthias Ringwald /* 23deb3ec6SMatthias Ringwald * Copyright (C) 2014 BlueKitchen GmbH 33deb3ec6SMatthias Ringwald * 43deb3ec6SMatthias Ringwald * Redistribution and use in source and binary forms, with or without 53deb3ec6SMatthias Ringwald * modification, are permitted provided that the following conditions 63deb3ec6SMatthias Ringwald * are met: 73deb3ec6SMatthias Ringwald * 83deb3ec6SMatthias Ringwald * 1. Redistributions of source code must retain the above copyright 93deb3ec6SMatthias Ringwald * notice, this list of conditions and the following disclaimer. 103deb3ec6SMatthias Ringwald * 2. Redistributions in binary form must reproduce the above copyright 113deb3ec6SMatthias Ringwald * notice, this list of conditions and the following disclaimer in the 123deb3ec6SMatthias Ringwald * documentation and/or other materials provided with the distribution. 133deb3ec6SMatthias Ringwald * 3. Neither the name of the copyright holders nor the names of 143deb3ec6SMatthias Ringwald * contributors may be used to endorse or promote products derived 153deb3ec6SMatthias Ringwald * from this software without specific prior written permission. 163deb3ec6SMatthias Ringwald * 4. Any redistribution, use, or modification is done solely for 173deb3ec6SMatthias Ringwald * personal benefit and not for any commercial purpose or for 183deb3ec6SMatthias Ringwald * monetary gain. 193deb3ec6SMatthias Ringwald * 203deb3ec6SMatthias Ringwald * THIS SOFTWARE IS PROVIDED BY BLUEKITCHEN GMBH AND CONTRIBUTORS 213deb3ec6SMatthias Ringwald * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 223deb3ec6SMatthias Ringwald * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 233deb3ec6SMatthias Ringwald * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MATTHIAS 243deb3ec6SMatthias Ringwald * RINGWALD OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 253deb3ec6SMatthias Ringwald * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 263deb3ec6SMatthias Ringwald * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 273deb3ec6SMatthias Ringwald * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 283deb3ec6SMatthias Ringwald * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 293deb3ec6SMatthias Ringwald * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 303deb3ec6SMatthias Ringwald * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 313deb3ec6SMatthias Ringwald * SUCH DAMAGE. 323deb3ec6SMatthias Ringwald * 333deb3ec6SMatthias Ringwald * Please inquire about commercial licensing options at 343deb3ec6SMatthias Ringwald * [email protected] 353deb3ec6SMatthias Ringwald * 363deb3ec6SMatthias Ringwald */ 373deb3ec6SMatthias Ringwald 383deb3ec6SMatthias Ringwald #ifndef __SM_H 393deb3ec6SMatthias Ringwald #define __SM_H 403deb3ec6SMatthias Ringwald 413deb3ec6SMatthias Ringwald #if defined __cplusplus 423deb3ec6SMatthias Ringwald extern "C" { 433deb3ec6SMatthias Ringwald #endif 443deb3ec6SMatthias Ringwald 458974fcd6SMatthias Ringwald #include <stdint.h> 468974fcd6SMatthias Ringwald #include "btstack_util.h" 478974fcd6SMatthias Ringwald #include "btstack_defines.h" 488974fcd6SMatthias Ringwald #include "hci.h" 493deb3ec6SMatthias Ringwald 503deb3ec6SMatthias Ringwald typedef struct { 51665d90f2SMatthias Ringwald btstack_linked_item_t item; 523deb3ec6SMatthias Ringwald bd_addr_t address; 533deb3ec6SMatthias Ringwald bd_addr_type_t address_type; 543deb3ec6SMatthias Ringwald } sm_lookup_entry_t; 553deb3ec6SMatthias Ringwald 561ad129beSMatthias Ringwald static inline uint8_t sm_pairing_packet_get_code(sm_pairing_packet_t packet){ 571ad129beSMatthias Ringwald return packet[0]; 581ad129beSMatthias Ringwald } 591ad129beSMatthias Ringwald static inline uint8_t sm_pairing_packet_get_io_capability(sm_pairing_packet_t packet){ 601ad129beSMatthias Ringwald return packet[1]; 611ad129beSMatthias Ringwald } 621ad129beSMatthias Ringwald static inline uint8_t sm_pairing_packet_get_oob_data_flag(sm_pairing_packet_t packet){ 631ad129beSMatthias Ringwald return packet[2]; 641ad129beSMatthias Ringwald } 651ad129beSMatthias Ringwald static inline uint8_t sm_pairing_packet_get_auth_req(sm_pairing_packet_t packet){ 661ad129beSMatthias Ringwald return packet[3]; 671ad129beSMatthias Ringwald } 681ad129beSMatthias Ringwald static inline uint8_t sm_pairing_packet_get_max_encryption_key_size(sm_pairing_packet_t packet){ 691ad129beSMatthias Ringwald return packet[4]; 701ad129beSMatthias Ringwald } 711ad129beSMatthias Ringwald static inline uint8_t sm_pairing_packet_get_initiator_key_distribution(sm_pairing_packet_t packet){ 721ad129beSMatthias Ringwald return packet[5]; 731ad129beSMatthias Ringwald } 741ad129beSMatthias Ringwald static inline uint8_t sm_pairing_packet_get_responder_key_distribution(sm_pairing_packet_t packet){ 751ad129beSMatthias Ringwald return packet[6]; 761ad129beSMatthias Ringwald } 771ad129beSMatthias Ringwald 781ad129beSMatthias Ringwald static inline void sm_pairing_packet_set_code(sm_pairing_packet_t packet, uint8_t code){ 791ad129beSMatthias Ringwald packet[0] = code; 801ad129beSMatthias Ringwald } 811ad129beSMatthias Ringwald static inline void sm_pairing_packet_set_io_capability(sm_pairing_packet_t packet, uint8_t io_capability){ 821ad129beSMatthias Ringwald packet[1] = io_capability; 831ad129beSMatthias Ringwald } 841ad129beSMatthias Ringwald static inline void sm_pairing_packet_set_oob_data_flag(sm_pairing_packet_t packet, uint8_t oob_data_flag){ 851ad129beSMatthias Ringwald packet[2] = oob_data_flag; 861ad129beSMatthias Ringwald } 871ad129beSMatthias Ringwald static inline void sm_pairing_packet_set_auth_req(sm_pairing_packet_t packet, uint8_t auth_req){ 881ad129beSMatthias Ringwald packet[3] = auth_req; 891ad129beSMatthias Ringwald } 901ad129beSMatthias Ringwald static inline void sm_pairing_packet_set_max_encryption_key_size(sm_pairing_packet_t packet, uint8_t max_encryption_key_size){ 911ad129beSMatthias Ringwald packet[4] = max_encryption_key_size; 921ad129beSMatthias Ringwald } 931ad129beSMatthias Ringwald static inline void sm_pairing_packet_set_initiator_key_distribution(sm_pairing_packet_t packet, uint8_t initiator_key_distribution){ 941ad129beSMatthias Ringwald packet[5] = initiator_key_distribution; 951ad129beSMatthias Ringwald } 961ad129beSMatthias Ringwald static inline void sm_pairing_packet_set_responder_key_distribution(sm_pairing_packet_t packet, uint8_t responder_key_distribution){ 971ad129beSMatthias Ringwald packet[6] = responder_key_distribution; 981ad129beSMatthias Ringwald } 991ad129beSMatthias Ringwald 1003deb3ec6SMatthias Ringwald /* API_START */ 1013deb3ec6SMatthias Ringwald 1023deb3ec6SMatthias Ringwald /** 1033deb3ec6SMatthias Ringwald * @brief Initializes the Security Manager, connects to L2CAP 1043deb3ec6SMatthias Ringwald */ 1053deb3ec6SMatthias Ringwald void sm_init(void); 1063deb3ec6SMatthias Ringwald 1073deb3ec6SMatthias Ringwald /** 1083deb3ec6SMatthias Ringwald * @brief Set secret ER key for key generation as described in Core V4.0, Vol 3, Part G, 5.2.2 1093deb3ec6SMatthias Ringwald * @param er 1103deb3ec6SMatthias Ringwald */ 1113deb3ec6SMatthias Ringwald void sm_set_er(sm_key_t er); 1123deb3ec6SMatthias Ringwald 1133deb3ec6SMatthias Ringwald /** 1143deb3ec6SMatthias Ringwald * @brief Set secret IR key for key generation as described in Core V4.0, Vol 3, Part G, 5.2.2 1153deb3ec6SMatthias Ringwald */ 1163deb3ec6SMatthias Ringwald void sm_set_ir(sm_key_t ir); 1173deb3ec6SMatthias Ringwald 1183deb3ec6SMatthias Ringwald /** 1193deb3ec6SMatthias Ringwald * 1203deb3ec6SMatthias Ringwald * @brief Registers OOB Data Callback. The callback should set the oob_data and return 1 if OOB data is availble 1213deb3ec6SMatthias Ringwald * @param get_oob_data_callback 1223deb3ec6SMatthias Ringwald */ 1233deb3ec6SMatthias Ringwald void sm_register_oob_data_callback( int (*get_oob_data_callback)(uint8_t addres_type, bd_addr_t addr, uint8_t * oob_data)); 1243deb3ec6SMatthias Ringwald 1253deb3ec6SMatthias Ringwald /** 12689a78d34SMatthias Ringwald * @brief Add event packet handler. 12789a78d34SMatthias Ringwald */ 12889a78d34SMatthias Ringwald void sm_add_event_handler(btstack_packet_callback_registration_t * callback_handler); 12989a78d34SMatthias Ringwald 13089a78d34SMatthias Ringwald /** 1313deb3ec6SMatthias Ringwald * @brief Limit the STK generation methods. Bonding is stopped if the resulting one isn't in the list 1323deb3ec6SMatthias Ringwald * @param OR combination of SM_STK_GENERATION_METHOD_ 1333deb3ec6SMatthias Ringwald */ 1343deb3ec6SMatthias Ringwald void sm_set_accepted_stk_generation_methods(uint8_t accepted_stk_generation_methods); 1353deb3ec6SMatthias Ringwald 1363deb3ec6SMatthias Ringwald /** 1373deb3ec6SMatthias Ringwald * @brief Set the accepted encryption key size range. Bonding is stopped if the result isn't within the range 1383deb3ec6SMatthias Ringwald * @param min_size (default 7) 1393deb3ec6SMatthias Ringwald * @param max_size (default 16) 1403deb3ec6SMatthias Ringwald */ 1413deb3ec6SMatthias Ringwald void sm_set_encryption_key_size_range(uint8_t min_size, uint8_t max_size); 1423deb3ec6SMatthias Ringwald 1433deb3ec6SMatthias Ringwald /** 14427c32905SMatthias Ringwald * @brief Sets the requested authentication requirements, bonding yes/no, MITM yes/no, SC yes/no, keypress yes/no 1453deb3ec6SMatthias Ringwald * @param OR combination of SM_AUTHREQ_ flags 1463deb3ec6SMatthias Ringwald */ 1473deb3ec6SMatthias Ringwald void sm_set_authentication_requirements(uint8_t auth_req); 1483deb3ec6SMatthias Ringwald 1493deb3ec6SMatthias Ringwald /** 1503deb3ec6SMatthias Ringwald * @brief Sets the available IO Capabilities 1513deb3ec6SMatthias Ringwald * @param IO_CAPABILITY_ 1523deb3ec6SMatthias Ringwald */ 1533deb3ec6SMatthias Ringwald void sm_set_io_capabilities(io_capability_t io_capability); 1543deb3ec6SMatthias Ringwald 1553deb3ec6SMatthias Ringwald /** 1563deb3ec6SMatthias Ringwald * @brief Let Peripheral request an encrypted connection right after connecting 1573deb3ec6SMatthias Ringwald * @note Not used normally. Bonding is triggered by access to protected attributes in ATT Server 1583deb3ec6SMatthias Ringwald */ 1593deb3ec6SMatthias Ringwald void sm_set_request_security(int enable); 1603deb3ec6SMatthias Ringwald 1613deb3ec6SMatthias Ringwald /** 1623deb3ec6SMatthias Ringwald * @brief Trigger Security Request 1633deb3ec6SMatthias Ringwald * @note Not used normally. Bonding is triggered by access to protected attributes in ATT Server 1643deb3ec6SMatthias Ringwald */ 165711e6c80SMatthias Ringwald void sm_send_security_request(hci_con_handle_t con_handle); 1663deb3ec6SMatthias Ringwald 1673deb3ec6SMatthias Ringwald /** 1683deb3ec6SMatthias Ringwald * @brief Decline bonding triggered by event before 169c8c46d51SMatthias Ringwald * @param con_handle 1703deb3ec6SMatthias Ringwald */ 171711e6c80SMatthias Ringwald void sm_bonding_decline(hci_con_handle_t con_handle); 1723deb3ec6SMatthias Ringwald 1733deb3ec6SMatthias Ringwald /** 1743deb3ec6SMatthias Ringwald * @brief Confirm Just Works bonding 175c8c46d51SMatthias Ringwald * @param con_handle 1763deb3ec6SMatthias Ringwald */ 177711e6c80SMatthias Ringwald void sm_just_works_confirm(hci_con_handle_t con_handle); 1783deb3ec6SMatthias Ringwald 1793deb3ec6SMatthias Ringwald /** 180c8c46d51SMatthias Ringwald * @brief Confirm value from SM_EVENT_NUMERIC_COMPARISON_REQUEST for Numeric Comparison bonding 181c8c46d51SMatthias Ringwald * @param con_handle 182c8c46d51SMatthias Ringwald */ 183c8c46d51SMatthias Ringwald void sm_numeric_comparison_confirm(hci_con_handle_t con_handle); 184c8c46d51SMatthias Ringwald 185c8c46d51SMatthias Ringwald /** 1863deb3ec6SMatthias Ringwald * @brief Reports passkey input by user 187c8c46d51SMatthias Ringwald * @param con_handle 1883deb3ec6SMatthias Ringwald * @param passkey in [0..999999] 1893deb3ec6SMatthias Ringwald */ 190711e6c80SMatthias Ringwald void sm_passkey_input(hci_con_handle_t con_handle, uint32_t passkey); 1913deb3ec6SMatthias Ringwald 1923deb3ec6SMatthias Ringwald /** 1933deb3ec6SMatthias Ringwald * 1943deb3ec6SMatthias Ringwald * @brief Get encryption key size. 195c8c46d51SMatthias Ringwald * @param con_handle 1963deb3ec6SMatthias Ringwald * @return 0 if not encrypted, 7-16 otherwise 1973deb3ec6SMatthias Ringwald */ 198711e6c80SMatthias Ringwald int sm_encryption_key_size(hci_con_handle_t con_handle); 1993deb3ec6SMatthias Ringwald 2003deb3ec6SMatthias Ringwald /** 2013deb3ec6SMatthias Ringwald * @brief Get authentication property. 202c8c46d51SMatthias Ringwald * @param con_handle 2033deb3ec6SMatthias Ringwald * @return 1 if bonded with OOB/Passkey (AND MITM protection) 2043deb3ec6SMatthias Ringwald */ 205711e6c80SMatthias Ringwald int sm_authenticated(hci_con_handle_t con_handle); 2063deb3ec6SMatthias Ringwald 2073deb3ec6SMatthias Ringwald /** 2083deb3ec6SMatthias Ringwald * @brief Queries authorization state. 209c8c46d51SMatthias Ringwald * @param con_handle 2103deb3ec6SMatthias Ringwald * @return authorization_state for the current session 2113deb3ec6SMatthias Ringwald */ 212711e6c80SMatthias Ringwald authorization_state_t sm_authorization_state(hci_con_handle_t con_handle); 2133deb3ec6SMatthias Ringwald 2143deb3ec6SMatthias Ringwald /** 2153deb3ec6SMatthias Ringwald * @brief Used by att_server.c to request user authorization. 216c8c46d51SMatthias Ringwald * @param con_handle 2173deb3ec6SMatthias Ringwald */ 218711e6c80SMatthias Ringwald void sm_request_pairing(hci_con_handle_t con_handle); 2193deb3ec6SMatthias Ringwald 2203deb3ec6SMatthias Ringwald /** 2213deb3ec6SMatthias Ringwald * @brief Report user authorization decline. 222c8c46d51SMatthias Ringwald * @param con_handle 2233deb3ec6SMatthias Ringwald */ 224711e6c80SMatthias Ringwald void sm_authorization_decline(hci_con_handle_t con_handle); 2253deb3ec6SMatthias Ringwald 2263deb3ec6SMatthias Ringwald /** 2273deb3ec6SMatthias Ringwald * @brief Report user authorization grant. 228c8c46d51SMatthias Ringwald * @param con_handle 2293deb3ec6SMatthias Ringwald */ 230711e6c80SMatthias Ringwald void sm_authorization_grant(hci_con_handle_t con_handle); 2313deb3ec6SMatthias Ringwald 2323deb3ec6SMatthias Ringwald /** 2333deb3ec6SMatthias Ringwald * @brief Support for signed writes, used by att_server. 2349fa6f18cSMatthias Ringwald * @note Message is in little endian to allows passing in ATT PDU without flipping. 235*514d35fcSMatthias Ringwald * @note signing data: [opcode, attribute_handle, message, sign_counter] 236*514d35fcSMatthias Ringwald * @note calculated hash in done_callback is big endian and has 16 byte. 237*514d35fcSMatthias Ringwald * @param key 238*514d35fcSMatthias Ringwald * @param opcde 239*514d35fcSMatthias Ringwald * @param attribute_handle 240*514d35fcSMatthias Ringwald * @param message_len 241*514d35fcSMatthias Ringwald * @param message 242*514d35fcSMatthias Ringwald * @param sign_counter 2433deb3ec6SMatthias Ringwald */ 2443deb3ec6SMatthias Ringwald int sm_cmac_ready(void); 245*514d35fcSMatthias Ringwald void sm_cmac_start(sm_key_t key, uint8_t opcode, uint16_t attribute_handle, uint16_t message_len, uint8_t * message, uint32_t sign_counter, void (*done_callback)(uint8_t * hash)); 246*514d35fcSMatthias Ringwald 247*514d35fcSMatthias Ringwald /* 248*514d35fcSMatthias Ringwald * @brief Generic CMAC AES 249*514d35fcSMatthias Ringwald * @param key 250*514d35fcSMatthias Ringwald * @param message_len 251*514d35fcSMatthias Ringwald * @param get_byte_callback 252*514d35fcSMatthias Ringwald * @param done_callback 253*514d35fcSMatthias Ringwald * @note hash is 16 bytes in big endian 254*514d35fcSMatthias Ringwald */ 255*514d35fcSMatthias Ringwald void sm_cmac_general_start(sm_key_t key, uint16_t message_len, uint8_t (*get_byte_callback)(uint16_t offset), void (*done_callback)(uint8_t * hash)); 2563deb3ec6SMatthias Ringwald 2573deb3ec6SMatthias Ringwald /* 2583deb3ec6SMatthias Ringwald * @brief Match address against bonded devices 2593deb3ec6SMatthias Ringwald * @return 0 if successfully added to lookup queue 2603deb3ec6SMatthias Ringwald * @note Triggers SM_IDENTITY_RESOLVING_* events 2613deb3ec6SMatthias Ringwald */ 2623deb3ec6SMatthias Ringwald int sm_address_resolution_lookup(uint8_t addr_type, bd_addr_t addr); 2633deb3ec6SMatthias Ringwald 2643deb3ec6SMatthias Ringwald /** 2653deb3ec6SMatthias Ringwald * @brief Identify device in LE Device DB. 2663deb3ec6SMatthias Ringwald * @param handle 2673deb3ec6SMatthias Ringwald * @return index from le_device_db or -1 if not found/identified 2683deb3ec6SMatthias Ringwald */ 269711e6c80SMatthias Ringwald int sm_le_device_index(hci_con_handle_t con_handle ); 2703deb3ec6SMatthias Ringwald /* API_END */ 2713deb3ec6SMatthias Ringwald 2728974fcd6SMatthias Ringwald // PTS testing 2738974fcd6SMatthias Ringwald void sm_test_set_irk(sm_key_t irk); 2748974fcd6SMatthias Ringwald void sm_test_use_fixed_local_csrk(void); 2758974fcd6SMatthias Ringwald 2763deb3ec6SMatthias Ringwald #if defined __cplusplus 2773deb3ec6SMatthias Ringwald } 2783deb3ec6SMatthias Ringwald #endif 2793deb3ec6SMatthias Ringwald 2803deb3ec6SMatthias Ringwald #endif // __SM_H 281