xref: /btstack/src/ble/sm.h (revision 3edc84c5b6b1e23a3d103fe8ce1f6b5ad1df3498) 
1 /*
2  * Copyright (C) 2014 BlueKitchen GmbH
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  *
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 3. Neither the name of the copyright holders nor the names of
14  *    contributors may be used to endorse or promote products derived
15  *    from this software without specific prior written permission.
16  * 4. Any redistribution, use, or modification is done solely for
17  *    personal benefit and not for any commercial purpose or for
18  *    monetary gain.
19  *
20  * THIS SOFTWARE IS PROVIDED BY BLUEKITCHEN GMBH AND CONTRIBUTORS
21  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MATTHIAS
24  * RINGWALD OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
25  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
26  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
27  * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
28  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
29  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
30  * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  *
33  * Please inquire about commercial licensing options at
34  * [email protected]
35  *
36  */
37 
38 #ifndef __SM_H
39 #define __SM_H
40 
41 #include <stdint.h>
42 #include "utils.h"
43 
44 #if defined __cplusplus
45 extern "C" {
46 #endif
47 
48 
49 // Bluetooth Spec definitions
50 typedef enum {
51     SM_CODE_PAIRING_REQUEST = 0X01,
52     SM_CODE_PAIRING_RESPONSE,
53     SM_CODE_PAIRING_CONFIRM,
54     SM_CODE_PAIRING_RANDOM,
55     SM_CODE_PAIRING_FAILED,
56     SM_CODE_ENCRYPTION_INFORMATION,
57     SM_CODE_MASTER_IDENTIFICATION,
58     SM_CODE_IDENTITY_INFORMATION,
59     SM_CODE_IDENTITY_ADDRESS_INFORMATION,
60     SM_CODE_SIGNING_INFORMATION,
61     SM_CODE_SECURITY_REQUEST
62 } SECURITY_MANAGER_COMMANDS;
63 
64 // IO Capability Values
65 typedef enum {
66     IO_CAPABILITY_DISPLAY_ONLY = 0,
67     IO_CAPABILITY_DISPLAY_YES_NO,
68     IO_CAPABILITY_KEYBOARD_ONLY,
69     IO_CAPABILITY_NO_INPUT_NO_OUTPUT,
70     IO_CAPABILITY_KEYBOARD_DISPLAY, // not used by secure simple pairing
71 } io_capability_t;
72 
73 
74 // Authentication requirement flags
75 #define SM_AUTHREQ_NO_BONDING 0x00
76 #define SM_AUTHREQ_BONDING 0x01
77 #define SM_AUTHREQ_MITM_PROTECTION 0x04
78 
79 // Key distribution flags used by spec
80 #define SM_KEYDIST_ENC_KEY 0X01
81 #define SM_KEYDIST_ID_KEY  0x02
82 #define SM_KEYDIST_SIGN    0x04
83 
84 // Key distribution flags used internally
85 #define SM_KEYDIST_FLAG_ENCRYPTION_INFORMATION       0x01
86 #define SM_KEYDIST_FLAG_MASTER_IDENTIFICATION        0x02
87 #define SM_KEYDIST_FLAG_IDENTITY_INFORMATION         0x04
88 #define SM_KEYDIST_FLAG_IDENTITY_ADDRESS_INFORMATION 0x08
89 #define SM_KEYDIST_FLAG_SIGNING_IDENTIFICATION       0x10
90 
91 // STK Generation Methods
92 #define SM_STK_GENERATION_METHOD_JUST_WORKS 0x01
93 #define SM_STK_GENERATION_METHOD_OOB        0x02
94 #define SM_STK_GENERATION_METHOD_PASSKEY    0x04
95 
96 // Pairing Failed Reasons
97 #define SM_REASON_RESERVED                     0x00
98 #define SM_REASON_PASSKEYT_ENTRY_FAILED        0x01
99 #define SM_REASON_OOB_NOT_AVAILABLE            0x02
100 #define SM_REASON_AUTHENTHICATION_REQUIREMENTS 0x03
101 #define SM_REASON_CONFIRM_VALUE_FAILED         0x04
102 #define SM_REASON_PAIRING_NOT_SUPPORTED        0x05
103 #define SM_REASON_ENCRYPTION_KEY_SIZE          0x06
104 #define SM_REASON_COMMAND_NOT_SUPPORTED        0x07
105 #define SM_REASON_UNSPECIFIED_REASON           0x08
106 #define SM_REASON_REPEATED_ATTEMPTS            0x09
107 // also, invalid parameters
108 // and reserved
109 
110 // Only for PTS testing
111 void sm_test_set_irk(sm_key_t irk);
112 
113 typedef struct {
114     linked_item_t  item;
115     bd_addr_t      address;
116     bd_addr_type_t address_type;
117 } sm_lookup_entry_t;
118 
119 /* API_START */
120 
121 /**
122  * @brief Initializes the Security Manager, connects to L2CAP
123  */
124 void sm_init(void);
125 
126 /**
127  * @brief Set secret ER key for key generation as described in Core V4.0, Vol 3, Part G, 5.2.2
128  * @param er
129  */
130 void sm_set_er(sm_key_t er);
131 
132 /**
133  * @brief Set secret IR key for key generation as described in Core V4.0, Vol 3, Part G, 5.2.2
134  */
135 void sm_set_ir(sm_key_t ir);
136 
137 /**
138  *
139  * @brief Registers OOB Data Callback. The callback should set the oob_data and return 1 if OOB data is availble
140  * @param get_oob_data_callback
141  */
142 void sm_register_oob_data_callback( int (*get_oob_data_callback)(uint8_t addres_type, bd_addr_t addr, uint8_t * oob_data));
143 
144 /**
145  *
146  * @brief Registers packet handler. Called by att_server.c
147  */
148 void sm_register_packet_handler(btstack_packet_handler_t handler);
149 
150 /**
151  * @brief Limit the STK generation methods. Bonding is stopped if the resulting one isn't in the list
152  * @param OR combination of SM_STK_GENERATION_METHOD_
153  */
154 void sm_set_accepted_stk_generation_methods(uint8_t accepted_stk_generation_methods);
155 
156 /**
157  * @brief Set the accepted encryption key size range. Bonding is stopped if the result isn't within the range
158  * @param min_size (default 7)
159  * @param max_size (default 16)
160  */
161 void sm_set_encryption_key_size_range(uint8_t min_size, uint8_t max_size);
162 
163 /**
164  * @brief Sets the requested authentication requirements, bonding yes/no, MITM yes/no
165  * @param OR combination of SM_AUTHREQ_ flags
166  */
167 void sm_set_authentication_requirements(uint8_t auth_req);
168 
169 /**
170  * @brief Sets the available IO Capabilities
171  * @param IO_CAPABILITY_
172  */
173 void sm_set_io_capabilities(io_capability_t io_capability);
174 
175 /**
176  * @brief Let Peripheral request an encrypted connection right after connecting
177  * @note Not used normally. Bonding is triggered by access to protected attributes in ATT Server
178  */
179 void sm_set_request_security(int enable);
180 
181 /**
182  * @brief Trigger Security Request
183  * @note Not used normally. Bonding is triggered by access to protected attributes in ATT Server
184  */
185 void sm_send_security_request(uint16_t handle);
186 
187 /**
188  * @brief Decline bonding triggered by event before
189  * @param addr_type and address
190  */
191 void sm_bonding_decline(uint16_t handle);
192 
193 /**
194  * @brief Confirm Just Works bonding
195  * @param addr_type and address
196  */
197 void sm_just_works_confirm(uint16_t handle);
198 
199 /**
200  * @brief Reports passkey input by user
201  * @param addr_type and address
202  * @param passkey in [0..999999]
203  */
204 void sm_passkey_input(uint16_t handle, uint32_t passkey);
205 
206 /**
207  *
208  * @brief Get encryption key size.
209  * @param addr_type and address
210  * @return 0 if not encrypted, 7-16 otherwise
211  */
212 int sm_encryption_key_size(uint16_t handle);
213 
214 /**
215  * @brief Get authentication property.
216  * @param addr_type and address
217  * @return 1 if bonded with OOB/Passkey (AND MITM protection)
218  */
219 int sm_authenticated(uint16_t handle);
220 
221 /**
222  * @brief Queries authorization state.
223  * @param addr_type and address
224  * @return authorization_state for the current session
225  */
226 authorization_state_t sm_authorization_state(uint16_t handle);
227 
228 /**
229  * @brief Used by att_server.c to request user authorization.
230  * @param addr_type and address
231  */
232 void sm_request_pairing(uint16_t handle);
233 
234 /**
235  * @brief Report user authorization decline.
236  * @param addr_type and address
237  */
238 void sm_authorization_decline(uint16_t handle);
239 
240 /**
241  * @brief Report user authorization grant.
242  * @param addr_type and address
243  */
244 void sm_authorization_grant(uint16_t handle);
245 
246 /**
247  * @brief Support for signed writes, used by att_server.
248  * @note Message and result are in little endian to allows passing in ATT PDU without flipping.
249  * @note calculated hash in done_callback is big endian
250  */
251 int  sm_cmac_ready(void);
252 void sm_cmac_start(sm_key_t k, uint8_t opcode, uint16_t attribute_handle, uint16_t message_len, uint8_t * message, uint32_t sign_counter, void (*done_handler)(uint8_t hash[8]));
253 
254 /*
255  * @brief Match address against bonded devices
256  * @return 0 if successfully added to lookup queue
257  * @note Triggers SM_IDENTITY_RESOLVING_* events
258  */
259 int sm_address_resolution_lookup(uint8_t addr_type, bd_addr_t addr);
260 
261 /**
262  * @brief Identify device in LE Device DB.
263  * @param handle
264  * @return index from le_device_db or -1 if not found/identified
265  */
266 int sm_le_device_index(uint16_t handle );
267 /* API_END */
268 
269 // testing only
270 void sm_test_use_fixed_local_csrk(void);
271 
272 #if defined __cplusplus
273 }
274 #endif
275 
276 #endif // __SM_H
277