xref: /btstack/src/ble/sm.h (revision df25739fc3ea5a0a90f0f5925e6461d653697d2e) 
1 /*
2  * Copyright (C) 2014 BlueKitchen GmbH
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  *
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 3. Neither the name of the copyright holders nor the names of
14  *    contributors may be used to endorse or promote products derived
15  *    from this software without specific prior written permission.
16  * 4. Any redistribution, use, or modification is done solely for
17  *    personal benefit and not for any commercial purpose or for
18  *    monetary gain.
19  *
20  * THIS SOFTWARE IS PROVIDED BY BLUEKITCHEN GMBH AND CONTRIBUTORS
21  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MATTHIAS
24  * RINGWALD OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
25  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
26  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
27  * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
28  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
29  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
30  * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  *
33  * Please inquire about commercial licensing options at
34  * [email protected]
35  *
36  */
37 
38 #ifndef __SM_H
39 #define __SM_H
40 
41  #if defined __cplusplus
42 extern "C" {
43 #endif
44 
45 #include <stdint.h>
46 #include "btstack_util.h"
47 #include "btstack_defines.h"
48 #include "hci.h"
49 
50 typedef struct {
51     btstack_linked_item_t  item;
52     bd_addr_t      address;
53     bd_addr_type_t address_type;
54 } sm_lookup_entry_t;
55 
56 static inline uint8_t sm_pairing_packet_get_code(sm_pairing_packet_t packet){
57     return packet[0];
58 }
59 static inline uint8_t sm_pairing_packet_get_io_capability(sm_pairing_packet_t packet){
60     return packet[1];
61 }
62 static inline uint8_t sm_pairing_packet_get_oob_data_flag(sm_pairing_packet_t packet){
63     return packet[2];
64 }
65 static inline uint8_t sm_pairing_packet_get_auth_req(sm_pairing_packet_t packet){
66     return packet[3];
67 }
68 static inline uint8_t sm_pairing_packet_get_max_encryption_key_size(sm_pairing_packet_t packet){
69     return packet[4];
70 }
71 static inline uint8_t sm_pairing_packet_get_initiator_key_distribution(sm_pairing_packet_t packet){
72     return packet[5];
73 }
74 static inline uint8_t sm_pairing_packet_get_responder_key_distribution(sm_pairing_packet_t packet){
75     return packet[6];
76 }
77 
78 static inline void sm_pairing_packet_set_code(sm_pairing_packet_t packet, uint8_t code){
79     packet[0] = code;
80 }
81 static inline void sm_pairing_packet_set_io_capability(sm_pairing_packet_t packet, uint8_t io_capability){
82     packet[1] = io_capability;
83 }
84 static inline void sm_pairing_packet_set_oob_data_flag(sm_pairing_packet_t packet, uint8_t oob_data_flag){
85     packet[2] = oob_data_flag;
86 }
87 static inline void sm_pairing_packet_set_auth_req(sm_pairing_packet_t packet, uint8_t auth_req){
88     packet[3] = auth_req;
89 }
90 static inline void sm_pairing_packet_set_max_encryption_key_size(sm_pairing_packet_t packet, uint8_t max_encryption_key_size){
91     packet[4] = max_encryption_key_size;
92 }
93 static inline void sm_pairing_packet_set_initiator_key_distribution(sm_pairing_packet_t packet, uint8_t initiator_key_distribution){
94     packet[5] = initiator_key_distribution;
95 }
96 static inline void sm_pairing_packet_set_responder_key_distribution(sm_pairing_packet_t packet, uint8_t responder_key_distribution){
97     packet[6] = responder_key_distribution;
98 }
99 
100 /* API_START */
101 
102 /**
103  * @brief Initializes the Security Manager, connects to L2CAP
104  */
105 void sm_init(void);
106 
107 /**
108  * @brief Set secret ER key for key generation as described in Core V4.0, Vol 3, Part G, 5.2.2
109  * @param er
110  */
111 void sm_set_er(sm_key_t er);
112 
113 /**
114  * @brief Set secret IR key for key generation as described in Core V4.0, Vol 3, Part G, 5.2.2
115  */
116 void sm_set_ir(sm_key_t ir);
117 
118 /**
119  *
120  * @brief Registers OOB Data Callback. The callback should set the oob_data and return 1 if OOB data is availble
121  * @param get_oob_data_callback
122  */
123 void sm_register_oob_data_callback( int (*get_oob_data_callback)(uint8_t addres_type, bd_addr_t addr, uint8_t * oob_data));
124 
125 /**
126  * @brief Add event packet handler.
127  */
128 void sm_add_event_handler(btstack_packet_callback_registration_t * callback_handler);
129 
130 /**
131  * @brief Limit the STK generation methods. Bonding is stopped if the resulting one isn't in the list
132  * @param OR combination of SM_STK_GENERATION_METHOD_
133  */
134 void sm_set_accepted_stk_generation_methods(uint8_t accepted_stk_generation_methods);
135 
136 /**
137  * @brief Set the accepted encryption key size range. Bonding is stopped if the result isn't within the range
138  * @param min_size (default 7)
139  * @param max_size (default 16)
140  */
141 void sm_set_encryption_key_size_range(uint8_t min_size, uint8_t max_size);
142 
143 /**
144  * @brief Sets the requested authentication requirements, bonding yes/no, MITM yes/no
145  * @param OR combination of SM_AUTHREQ_ flags
146  */
147 void sm_set_authentication_requirements(uint8_t auth_req);
148 
149 /**
150  * @brief Sets the available IO Capabilities
151  * @param IO_CAPABILITY_
152  */
153 void sm_set_io_capabilities(io_capability_t io_capability);
154 
155 /**
156  * @brief Let Peripheral request an encrypted connection right after connecting
157  * @note Not used normally. Bonding is triggered by access to protected attributes in ATT Server
158  */
159 void sm_set_request_security(int enable);
160 
161 /**
162  * @brief Trigger Security Request
163  * @note Not used normally. Bonding is triggered by access to protected attributes in ATT Server
164  */
165 void sm_send_security_request(hci_con_handle_t con_handle);
166 
167 /**
168  * @brief Decline bonding triggered by event before
169  * @param addr_type and address
170  */
171 void sm_bonding_decline(hci_con_handle_t con_handle);
172 
173 /**
174  * @brief Confirm Just Works bonding
175  * @param addr_type and address
176  */
177 void sm_just_works_confirm(hci_con_handle_t con_handle);
178 
179 /**
180  * @brief Reports passkey input by user
181  * @param addr_type and address
182  * @param passkey in [0..999999]
183  */
184 void sm_passkey_input(hci_con_handle_t con_handle, uint32_t passkey);
185 
186 /**
187  *
188  * @brief Get encryption key size.
189  * @param addr_type and address
190  * @return 0 if not encrypted, 7-16 otherwise
191  */
192 int sm_encryption_key_size(hci_con_handle_t con_handle);
193 
194 /**
195  * @brief Get authentication property.
196  * @param addr_type and address
197  * @return 1 if bonded with OOB/Passkey (AND MITM protection)
198  */
199 int sm_authenticated(hci_con_handle_t con_handle);
200 
201 /**
202  * @brief Queries authorization state.
203  * @param addr_type and address
204  * @return authorization_state for the current session
205  */
206 authorization_state_t sm_authorization_state(hci_con_handle_t con_handle);
207 
208 /**
209  * @brief Used by att_server.c to request user authorization.
210  * @param addr_type and address
211  */
212 void sm_request_pairing(hci_con_handle_t con_handle);
213 
214 /**
215  * @brief Report user authorization decline.
216  * @param addr_type and address
217  */
218 void sm_authorization_decline(hci_con_handle_t con_handle);
219 
220 /**
221  * @brief Report user authorization grant.
222  * @param addr_type and address
223  */
224 void sm_authorization_grant(hci_con_handle_t con_handle);
225 
226 /**
227  * @brief Support for signed writes, used by att_server.
228  * @note Message is in little endian to allows passing in ATT PDU without flipping.
229  * @note calculated hash in done_callback is big endian
230  */
231 int  sm_cmac_ready(void);
232 void sm_cmac_start(sm_key_t k, uint8_t opcode, uint16_t attribute_handle, uint16_t message_len, uint8_t * message, uint32_t sign_counter, void (*done_handler)(uint8_t hash[8]));
233 
234 /*
235  * @brief Match address against bonded devices
236  * @return 0 if successfully added to lookup queue
237  * @note Triggers SM_IDENTITY_RESOLVING_* events
238  */
239 int sm_address_resolution_lookup(uint8_t addr_type, bd_addr_t addr);
240 
241 /**
242  * @brief Identify device in LE Device DB.
243  * @param handle
244  * @return index from le_device_db or -1 if not found/identified
245  */
246 int sm_le_device_index(hci_con_handle_t con_handle );
247 /* API_END */
248 
249 // PTS testing
250 void sm_test_set_irk(sm_key_t irk);
251 void sm_test_use_fixed_local_csrk(void);
252 
253 #if defined __cplusplus
254 }
255 #endif
256 
257 #endif // __SM_H
258