xref: /btstack/src/ble/sm.h (revision 8caefee39d444df6d8908a96a844825f10fbdaa4) 
1 /*
2  * Copyright (C) 2014 BlueKitchen GmbH
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  *
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 3. Neither the name of the copyright holders nor the names of
14  *    contributors may be used to endorse or promote products derived
15  *    from this software without specific prior written permission.
16  * 4. Any redistribution, use, or modification is done solely for
17  *    personal benefit and not for any commercial purpose or for
18  *    monetary gain.
19  *
20  * THIS SOFTWARE IS PROVIDED BY BLUEKITCHEN GMBH AND CONTRIBUTORS
21  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MATTHIAS
24  * RINGWALD OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
25  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
26  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
27  * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
28  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
29  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
30  * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  *
33  * Please inquire about commercial licensing options at
34  * [email protected]
35  *
36  */
37 
38 #ifndef __SM_H
39 #define __SM_H
40 
41 #include "utils.h"
42 #include "btstack.h"
43 #include <stdint.h>
44 
45 #if defined __cplusplus
46 extern "C" {
47 #endif
48 
49 
50 // Bluetooth Spec definitions
51 typedef enum {
52     SM_CODE_PAIRING_REQUEST = 0X01,
53     SM_CODE_PAIRING_RESPONSE,
54     SM_CODE_PAIRING_CONFIRM,
55     SM_CODE_PAIRING_RANDOM,
56     SM_CODE_PAIRING_FAILED,
57     SM_CODE_ENCRYPTION_INFORMATION,
58     SM_CODE_MASTER_IDENTIFICATION,
59     SM_CODE_IDENTITY_INFORMATION,
60     SM_CODE_IDENTITY_ADDRESS_INFORMATION,
61     SM_CODE_SIGNING_INFORMATION,
62     SM_CODE_SECURITY_REQUEST
63 } SECURITY_MANAGER_COMMANDS;
64 
65 // IO Capability Values
66 typedef enum {
67     IO_CAPABILITY_DISPLAY_ONLY = 0,
68     IO_CAPABILITY_DISPLAY_YES_NO,
69     IO_CAPABILITY_KEYBOARD_ONLY,
70     IO_CAPABILITY_NO_INPUT_NO_OUTPUT,
71     IO_CAPABILITY_KEYBOARD_DISPLAY, // not used by secure simple pairing
72 } io_capability_t;
73 
74 
75 // Authentication requirement flags
76 #define SM_AUTHREQ_NO_BONDING 0x00
77 #define SM_AUTHREQ_BONDING 0x01
78 #define SM_AUTHREQ_MITM_PROTECTION 0x04
79 
80 // Key distribution flags used by spec
81 #define SM_KEYDIST_ENC_KEY 0X01
82 #define SM_KEYDIST_ID_KEY  0x02
83 #define SM_KEYDIST_SIGN    0x04
84 
85 // Key distribution flags used internally
86 #define SM_KEYDIST_FLAG_ENCRYPTION_INFORMATION       0x01
87 #define SM_KEYDIST_FLAG_MASTER_IDENTIFICATION        0x02
88 #define SM_KEYDIST_FLAG_IDENTITY_INFORMATION         0x04
89 #define SM_KEYDIST_FLAG_IDENTITY_ADDRESS_INFORMATION 0x08
90 #define SM_KEYDIST_FLAG_SIGNING_IDENTIFICATION       0x10
91 
92 // STK Generation Methods
93 #define SM_STK_GENERATION_METHOD_JUST_WORKS 0x01
94 #define SM_STK_GENERATION_METHOD_OOB        0x02
95 #define SM_STK_GENERATION_METHOD_PASSKEY    0x04
96 
97 // Pairing Failed Reasons
98 #define SM_REASON_RESERVED                     0x00
99 #define SM_REASON_PASSKEYT_ENTRY_FAILED        0x01
100 #define SM_REASON_OOB_NOT_AVAILABLE            0x02
101 #define SM_REASON_AUTHENTHICATION_REQUIREMENTS 0x03
102 #define SM_REASON_CONFIRM_VALUE_FAILED         0x04
103 #define SM_REASON_PAIRING_NOT_SUPPORTED        0x05
104 #define SM_REASON_ENCRYPTION_KEY_SIZE          0x06
105 #define SM_REASON_COMMAND_NOT_SUPPORTED        0x07
106 #define SM_REASON_UNSPECIFIED_REASON           0x08
107 #define SM_REASON_REPEATED_ATTEMPTS            0x09
108 // also, invalid parameters
109 // and reserved
110 
111 // Only for PTS testing
112 void sm_test_set_irk(sm_key_t irk);
113 
114 typedef struct {
115     linked_item_t  item;
116     bd_addr_t      address;
117     bd_addr_type_t address_type;
118 } sm_lookup_entry_t;
119 
120 /* API_START */
121 
122 /**
123  * @brief Initializes the Security Manager, connects to L2CAP
124  */
125 void sm_init(void);
126 
127 /**
128  * @brief Set secret ER key for key generation as described in Core V4.0, Vol 3, Part G, 5.2.2
129  * @param er
130  */
131 void sm_set_er(sm_key_t er);
132 
133 /**
134  * @brief Set secret IR key for key generation as described in Core V4.0, Vol 3, Part G, 5.2.2
135  */
136 void sm_set_ir(sm_key_t ir);
137 
138 /**
139  *
140  * @brief Registers OOB Data Callback. The callback should set the oob_data and return 1 if OOB data is availble
141  * @param get_oob_data_callback
142  */
143 void sm_register_oob_data_callback( int (*get_oob_data_callback)(uint8_t addres_type, bd_addr_t addr, uint8_t * oob_data));
144 
145 /**
146  *
147  * @brief Registers packet handler. Called by att_server.c
148  */
149 void sm_register_packet_handler(btstack_packet_handler_t handler);
150 
151 /**
152  * @brief Limit the STK generation methods. Bonding is stopped if the resulting one isn't in the list
153  * @param OR combination of SM_STK_GENERATION_METHOD_
154  */
155 void sm_set_accepted_stk_generation_methods(uint8_t accepted_stk_generation_methods);
156 
157 /**
158  * @brief Set the accepted encryption key size range. Bonding is stopped if the result isn't within the range
159  * @param min_size (default 7)
160  * @param max_size (default 16)
161  */
162 void sm_set_encryption_key_size_range(uint8_t min_size, uint8_t max_size);
163 
164 /**
165  * @brief Sets the requested authentication requirements, bonding yes/no, MITM yes/no
166  * @param OR combination of SM_AUTHREQ_ flags
167  */
168 void sm_set_authentication_requirements(uint8_t auth_req);
169 
170 /**
171  * @brief Sets the available IO Capabilities
172  * @param IO_CAPABILITY_
173  */
174 void sm_set_io_capabilities(io_capability_t io_capability);
175 
176 /**
177  * @brief Let Peripheral request an encrypted connection right after connecting
178  * @note Not used normally. Bonding is triggered by access to protected attributes in ATT Server
179  */
180 void sm_set_request_security(int enable);
181 
182 /**
183  * @brief Trigger Security Request
184  * @note Not used normally. Bonding is triggered by access to protected attributes in ATT Server
185  */
186 void sm_send_security_request(uint16_t handle);
187 
188 /**
189  * @brief Decline bonding triggered by event before
190  * @param addr_type and address
191  */
192 void sm_bonding_decline(uint16_t handle);
193 
194 /**
195  * @brief Confirm Just Works bonding
196  * @param addr_type and address
197  */
198 void sm_just_works_confirm(uint16_t handle);
199 
200 /**
201  * @brief Reports passkey input by user
202  * @param addr_type and address
203  * @param passkey in [0..999999]
204  */
205 void sm_passkey_input(uint16_t handle, uint32_t passkey);
206 
207 /**
208  *
209  * @brief Get encryption key size.
210  * @param addr_type and address
211  * @return 0 if not encrypted, 7-16 otherwise
212  */
213 int sm_encryption_key_size(uint16_t handle);
214 
215 /**
216  * @brief Get authentication property.
217  * @param addr_type and address
218  * @return 1 if bonded with OOB/Passkey (AND MITM protection)
219  */
220 int sm_authenticated(uint16_t handle);
221 
222 /**
223  * @brief Queries authorization state.
224  * @param addr_type and address
225  * @return authorization_state for the current session
226  */
227 authorization_state_t sm_authorization_state(uint16_t handle);
228 
229 /**
230  * @brief Used by att_server.c to request user authorization.
231  * @param addr_type and address
232  */
233 void sm_request_pairing(uint16_t handle);
234 
235 /**
236  * @brief Report user authorization decline.
237  * @param addr_type and address
238  */
239 void sm_authorization_decline(uint16_t handle);
240 
241 /**
242  * @brief Report user authorization grant.
243  * @param addr_type and address
244  */
245 void sm_authorization_grant(uint16_t handle);
246 
247 /**
248  * @brief Support for signed writes, used by att_server.
249  * @note Message and result are in little endian to allows passing in ATT PDU without flipping.
250  * @note calculated hash in done_callback is big endian
251  */
252 int  sm_cmac_ready(void);
253 void sm_cmac_start(sm_key_t k, uint8_t opcode, uint16_t attribute_handle, uint16_t message_len, uint8_t * message, uint32_t sign_counter, void (*done_handler)(uint8_t hash[8]));
254 
255 /*
256  * @brief Match address against bonded devices
257  * @return 0 if successfully added to lookup queue
258  * @note Triggers SM_IDENTITY_RESOLVING_* events
259  */
260 int sm_address_resolution_lookup(uint8_t addr_type, bd_addr_t addr);
261 
262 /**
263  * @brief Identify device in LE Device DB.
264  * @param handle
265  * @return index from le_device_db or -1 if not found/identified
266  */
267 int sm_le_device_index(uint16_t handle );
268 /* API_END */
269 
270 // testing only
271 void sm_test_use_fixed_local_csrk(void);
272 
273 #if defined __cplusplus
274 }
275 #endif
276 
277 #endif // __SM_H
278