1 /******************************************************************************
2 *
3 * Copyright 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains security manager protocol utility functions
22 *
23 ******************************************************************************/
24 #include "bt_target.h"
25
26 #include <base/bind.h>
27 #include <string.h>
28 #include "bt_utils.h"
29 #include "btm_ble_api.h"
30 #include "btm_ble_int.h"
31 #include "device/include/controller.h"
32 #include "hcimsgs.h"
33 #include "osi/include/osi.h"
34 #include "p_256_ecc_pp.h"
35 #include "smp_int.h"
36 #include "stack/btm/btm_dev.h"
37 #include "stack/btm/btm_sec.h"
38 #include "stack/crypto_toolbox/crypto_toolbox.h"
39 #include "stack/include/acl_api.h"
40
41 #include <algorithm>
42
43 extern tBTM_CB btm_cb; // TODO Remove
44
45 using base::Bind;
46 using crypto_toolbox::aes_128;
47
48 #ifndef SMP_MAX_ENC_REPEAT
49 #define SMP_MAX_ENC_REPEAT 3
50 #endif
51
52 static void smp_process_stk(tSMP_CB* p_cb, Octet16* p);
53 static Octet16 smp_calculate_legacy_short_term_key(tSMP_CB* p_cb);
54 static void smp_process_private_key(tSMP_CB* p_cb);
55
56 #define SMP_PASSKEY_MASK 0xfff00000
57
58 // If there is data saved here, then use its info instead
59 // This needs to be cleared on a successfult pairing using the oob data
60 static tSMP_LOC_OOB_DATA saved_local_oob_data = {};
61
smp_save_local_oob_data(tSMP_CB * p_cb)62 void smp_save_local_oob_data(tSMP_CB* p_cb) {
63 saved_local_oob_data = p_cb->sc_oob_data.loc_oob_data;
64 }
65
smp_clear_local_oob_data()66 void smp_clear_local_oob_data() { saved_local_oob_data = {}; }
67
is_empty(tSMP_LOC_OOB_DATA * data)68 static bool is_empty(tSMP_LOC_OOB_DATA* data) {
69 tSMP_LOC_OOB_DATA empty_data = {};
70 return memcmp(data, &empty_data, sizeof(tSMP_LOC_OOB_DATA)) == 0;
71 }
72
smp_has_local_oob_data()73 bool smp_has_local_oob_data() { return !is_empty(&saved_local_oob_data); }
74
smp_debug_print_nbyte_little_endian(uint8_t * p,const char * key_name,uint8_t len)75 void smp_debug_print_nbyte_little_endian(uint8_t* p, const char* key_name,
76 uint8_t len) {}
77
smp_debug_print_nbyte_little_endian(const Octet16 & p,const char * key_name,uint8_t len)78 inline void smp_debug_print_nbyte_little_endian(const Octet16& p,
79 const char* key_name,
80 uint8_t len) {
81 smp_debug_print_nbyte_little_endian(const_cast<uint8_t*>(p.data()), key_name,
82 len);
83 }
84
smp_debug_print_nbyte_big_endian(uint8_t * p,const char * key_name,uint8_t len)85 void smp_debug_print_nbyte_big_endian(uint8_t* p, const char* key_name,
86 uint8_t len) {}
87
88 /** This function is called to process a passkey. */
smp_proc_passkey(tSMP_CB * p_cb,BT_OCTET8 rand)89 void smp_proc_passkey(tSMP_CB* p_cb, BT_OCTET8 rand) {
90 uint8_t* tt = p_cb->tk.data();
91 uint32_t passkey; /* 19655 test number; */
92 uint8_t* pp = rand;
93
94 SMP_TRACE_DEBUG("%s", __func__);
95 STREAM_TO_UINT32(passkey, pp);
96 passkey &= ~SMP_PASSKEY_MASK;
97
98 /* truncate by maximum value */
99 while (passkey > BTM_MAX_PASSKEY_VAL) passkey >>= 1;
100
101 /* save the TK */
102 p_cb->tk = {0};
103 UINT32_TO_STREAM(tt, passkey);
104
105 if (p_cb->p_callback) {
106 tSMP_EVT_DATA smp_evt_data;
107 smp_evt_data.passkey = passkey;
108 (*p_cb->p_callback)(SMP_PASSKEY_NOTIF_EVT, p_cb->pairing_bda,
109 &smp_evt_data);
110 }
111
112 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_PASSKEY_DISP) {
113 tSMP_INT_DATA smp_int_data;
114 smp_int_data.passkey = passkey;
115 smp_sm_event(&smp_cb, SMP_KEY_READY_EVT, &smp_int_data);
116 } else {
117 tSMP_KEY key;
118 key.key_type = SMP_KEY_TYPE_TK;
119 key.p_data = p_cb->tk.data();
120 tSMP_INT_DATA smp_int_data;
121 smp_int_data.key = key;
122 smp_sm_event(p_cb, SMP_KEY_READY_EVT, &smp_int_data);
123 }
124 }
125
126 /*******************************************************************************
127 *
128 * Function smp_generate_passkey
129 *
130 * Description This function is called to generate passkey.
131 *
132 * Returns void
133 *
134 ******************************************************************************/
smp_generate_passkey(tSMP_CB * p_cb,UNUSED_ATTR tSMP_INT_DATA * p_data)135 void smp_generate_passkey(tSMP_CB* p_cb, UNUSED_ATTR tSMP_INT_DATA* p_data) {
136 SMP_TRACE_DEBUG("%s", __func__);
137 /* generate MRand or SRand */
138 btsnd_hcic_ble_rand(Bind(&smp_proc_passkey, p_cb));
139 }
140
141 /*******************************************************************************
142 *
143 * Function smp_generate_stk
144 *
145 * Description This function is called to generate STK calculated by
146 * running AES with the TK value as key and a concatenation of
147 * the random values.
148 *
149 * Returns void
150 *
151 ******************************************************************************/
smp_generate_stk(tSMP_CB * p_cb,UNUSED_ATTR tSMP_INT_DATA * p_data)152 void smp_generate_stk(tSMP_CB* p_cb, UNUSED_ATTR tSMP_INT_DATA* p_data) {
153 Octet16 output;
154
155 SMP_TRACE_DEBUG("%s", __func__);
156
157 if (p_cb->le_secure_connections_mode_is_used) {
158 SMP_TRACE_DEBUG("FOR LE SC LTK IS USED INSTEAD OF STK");
159 output = p_cb->ltk;
160 } else {
161 output = smp_calculate_legacy_short_term_key(p_cb);
162 }
163
164 smp_process_stk(p_cb, &output);
165 }
166
167 /**
168 * This function is called to calculate CSRK
169 */
smp_compute_csrk(uint16_t div,tSMP_CB * p_cb)170 void smp_compute_csrk(uint16_t div, tSMP_CB* p_cb) {
171 uint8_t buffer[4]; /* for (r || DIV) r=1*/
172 uint16_t r = 1;
173 uint8_t* p = buffer;
174
175 p_cb->div = div;
176
177 SMP_TRACE_DEBUG("%s: div=%x", __func__, p_cb->div);
178 const Octet16& er = BTM_GetDeviceEncRoot();
179 /* CSRK = d1(ER, DIV, 1) */
180 UINT16_TO_STREAM(p, p_cb->div);
181 UINT16_TO_STREAM(p, r);
182
183 p_cb->csrk = aes_128(er, buffer, 4);
184 smp_send_csrk_info(p_cb, NULL);
185 }
186
187 /**
188 * This function is called to calculate CSRK, starting with DIV generation.
189 */
smp_generate_csrk(tSMP_CB * p_cb,UNUSED_ATTR tSMP_INT_DATA * p_data)190 void smp_generate_csrk(tSMP_CB* p_cb, UNUSED_ATTR tSMP_INT_DATA* p_data) {
191 bool div_status;
192
193 SMP_TRACE_DEBUG("smp_generate_csrk");
194
195 div_status = btm_get_local_div(p_cb->pairing_bda, &p_cb->div);
196 if (div_status) {
197 smp_compute_csrk(p_cb->div, p_cb);
198 } else {
199 SMP_TRACE_DEBUG("Generate DIV for CSRK");
200 btsnd_hcic_ble_rand(Bind(
201 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
202 uint16_t div;
203 STREAM_TO_UINT16(div, rand);
204 smp_compute_csrk(div, p_cb);
205 },
206 p_cb));
207 }
208 }
209
210 /*******************************************************************************
211 * Function smp_concatenate_peer - LSB first
212 * add pairing command sent from local device into p1.
213 ******************************************************************************/
smp_concatenate_local(tSMP_CB * p_cb,uint8_t ** p_data,uint8_t op_code)214 void smp_concatenate_local(tSMP_CB* p_cb, uint8_t** p_data, uint8_t op_code) {
215 uint8_t* p = *p_data;
216
217 SMP_TRACE_DEBUG("%s", __func__);
218 UINT8_TO_STREAM(p, op_code);
219 UINT8_TO_STREAM(p, p_cb->local_io_capability);
220 UINT8_TO_STREAM(p, p_cb->loc_oob_flag);
221 UINT8_TO_STREAM(p, p_cb->loc_auth_req);
222 UINT8_TO_STREAM(p, p_cb->loc_enc_size);
223 UINT8_TO_STREAM(p, p_cb->local_i_key);
224 UINT8_TO_STREAM(p, p_cb->local_r_key);
225
226 *p_data = p;
227 }
228
229 /*******************************************************************************
230 * Function smp_concatenate_peer - LSB first
231 * add pairing command received from peer device into p1.
232 ******************************************************************************/
smp_concatenate_peer(tSMP_CB * p_cb,uint8_t ** p_data,uint8_t op_code)233 void smp_concatenate_peer(tSMP_CB* p_cb, uint8_t** p_data, uint8_t op_code) {
234 uint8_t* p = *p_data;
235
236 SMP_TRACE_DEBUG("smp_concatenate_peer ");
237 UINT8_TO_STREAM(p, op_code);
238 UINT8_TO_STREAM(p, p_cb->peer_io_caps);
239 UINT8_TO_STREAM(p, p_cb->peer_oob_flag);
240 UINT8_TO_STREAM(p, p_cb->peer_auth_req);
241 UINT8_TO_STREAM(p, p_cb->peer_enc_size);
242 UINT8_TO_STREAM(p, p_cb->peer_i_key);
243 UINT8_TO_STREAM(p, p_cb->peer_r_key);
244
245 *p_data = p;
246 }
247
248 /** Generate Confirm/Compare Step1:
249 * p1 = (MSB) pres || preq || rat' || iat' (LSB)
250 * Fill in values LSB first thus
251 * p1 = iat' || rat' || preq || pres
252 */
smp_gen_p1_4_confirm(tSMP_CB * p_cb,tBLE_ADDR_TYPE remote_bd_addr_type)253 Octet16 smp_gen_p1_4_confirm(tSMP_CB* p_cb,
254 tBLE_ADDR_TYPE remote_bd_addr_type) {
255 SMP_TRACE_DEBUG("%s", __func__);
256 Octet16 p1;
257 uint8_t* p = p1.data();
258 if (p_cb->role == HCI_ROLE_CENTRAL) {
259 /* iat': initiator's (local) address type */
260 UINT8_TO_STREAM(p, p_cb->addr_type);
261 /* rat': responder's (remote) address type */
262 UINT8_TO_STREAM(p, remote_bd_addr_type);
263 /* preq : Pairing Request (local) command */
264 smp_concatenate_local(p_cb, &p, SMP_OPCODE_PAIRING_REQ);
265 /* pres : Pairing Response (remote) command */
266 smp_concatenate_peer(p_cb, &p, SMP_OPCODE_PAIRING_RSP);
267 } else {
268 /* iat': initiator's (remote) address type */
269 UINT8_TO_STREAM(p, remote_bd_addr_type);
270 /* rat': responder's (local) address type */
271 UINT8_TO_STREAM(p, p_cb->addr_type);
272 /* preq : Pairing Request (remote) command */
273 smp_concatenate_peer(p_cb, &p, SMP_OPCODE_PAIRING_REQ);
274 /* pres : Pairing Response (local) command */
275 smp_concatenate_local(p_cb, &p, SMP_OPCODE_PAIRING_RSP);
276 }
277 smp_debug_print_nbyte_little_endian(p1, "p1 = iat' || rat' || preq || pres",
278 16);
279
280 return p1;
281 }
282
283 /** Generate Confirm/Compare Step2:
284 * p2 = (MSB) padding || ia || ra (LSB)
285 * Fill values LSB first and thus:
286 * p2 = ra || ia || padding
287 */
smp_gen_p2_4_confirm(tSMP_CB * p_cb,const RawAddress & remote_bda)288 Octet16 smp_gen_p2_4_confirm(tSMP_CB* p_cb, const RawAddress& remote_bda) {
289 SMP_TRACE_DEBUG("%s", __func__);
290 Octet16 p2{0};
291 uint8_t* p = p2.data();
292 /* 32-bit Padding */
293 memset(p, 0, OCTET16_LEN);
294 if (p_cb->role == HCI_ROLE_CENTRAL) {
295 /* ra : Responder's (remote) address */
296 BDADDR_TO_STREAM(p, remote_bda);
297 /* ia : Initiator's (local) address */
298 BDADDR_TO_STREAM(p, p_cb->local_bda);
299 } else {
300 /* ra : Responder's (local) address */
301 BDADDR_TO_STREAM(p, p_cb->local_bda);
302 /* ia : Initiator's (remote) address */
303 BDADDR_TO_STREAM(p, remote_bda);
304 }
305 smp_debug_print_nbyte_little_endian(p2, "p2 = ra || ia || padding", 16);
306 return p2;
307 }
308
309 /*******************************************************************************
310 *
311 * Function smp_calculate_comfirm
312 *
313 * Description This function (c1) is called to calculate Confirm value.
314 *
315 * Returns tSMP_STATUS status of confirmation calculation
316 *
317 ******************************************************************************/
smp_calculate_comfirm(tSMP_CB * p_cb,const Octet16 & rand,Octet16 * output)318 tSMP_STATUS smp_calculate_comfirm(tSMP_CB* p_cb, const Octet16& rand,
319 Octet16* output) {
320 SMP_TRACE_DEBUG("%s", __func__);
321 RawAddress remote_bda;
322 tBLE_ADDR_TYPE remote_bd_addr_type = BLE_ADDR_PUBLIC;
323 /* get remote connection specific bluetooth address */
324 if (!BTM_ReadRemoteConnectionAddr(p_cb->pairing_bda, remote_bda,
325 &remote_bd_addr_type)) {
326 SMP_TRACE_ERROR("%s: cannot obtain remote device address", __func__);
327 return SMP_PAIR_FAIL_UNKNOWN;
328 }
329 /* get local connection specific bluetooth address */
330 BTM_ReadConnectionAddr(p_cb->pairing_bda, p_cb->local_bda, &p_cb->addr_type);
331 /* generate p1 = pres || preq || rat' || iat' */
332 Octet16 p1 = smp_gen_p1_4_confirm(p_cb, remote_bd_addr_type);
333 /* p1' = rand XOR p1 */
334 smp_xor_128(&p1, rand);
335 smp_debug_print_nbyte_little_endian(p1, "p1' = p1 XOR r", 16);
336 /* calculate e1 = e(k, p1'), where k = TK */
337 smp_debug_print_nbyte_little_endian(p_cb->tk.data(), "TK", 16);
338 Octet16 e1 = aes_128(p_cb->tk, p1);
339 smp_debug_print_nbyte_little_endian(e1.data(), "e1 = e(k, p1')", 16);
340 /* generate p2 = padding || ia || ra */
341 Octet16 p2 = smp_gen_p2_4_confirm(p_cb, remote_bda);
342 /* calculate p2' = (p2 XOR e1) */
343 smp_xor_128(&p2, e1);
344 smp_debug_print_nbyte_little_endian(p2, "p2' = p2 XOR e1", 16);
345 /* calculate: c1 = e(k, p2') */
346 *output = aes_128(p_cb->tk, p2);
347 return SMP_SUCCESS;
348 }
349
350 /*******************************************************************************
351 *
352 * Function smp_generate_confirm
353 *
354 * Description This function is called when random number (MRand or SRand)
355 * is generated by the controller and the stack needs to
356 * calculate c1 value (MConfirm or SConfirm) for the first time
357 *
358 * Returns void
359 *
360 ******************************************************************************/
smp_generate_confirm(tSMP_CB * p_cb)361 static void smp_generate_confirm(tSMP_CB* p_cb) {
362 SMP_TRACE_DEBUG("%s", __func__);
363 smp_debug_print_nbyte_little_endian(p_cb->rand.data(), "local_rand", 16);
364 Octet16 output;
365 tSMP_STATUS status = smp_calculate_comfirm(p_cb, p_cb->rand, &output);
366 if (status != SMP_SUCCESS) {
367 tSMP_INT_DATA smp_int_data;
368 smp_int_data.status = status;
369 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
370 return;
371 }
372 tSMP_KEY key;
373 p_cb->confirm = output;
374 smp_debug_print_nbyte_little_endian(p_cb->confirm, "Local Confirm generated",
375 16);
376 key.key_type = SMP_KEY_TYPE_CFM;
377 key.p_data = output.data();
378 tSMP_INT_DATA smp_int_data;
379 smp_int_data.key = key;
380 smp_sm_event(p_cb, SMP_KEY_READY_EVT, &smp_int_data);
381 }
382
383 /*******************************************************************************
384 *
385 * Function smp_generate_srand_mrand_confirm
386 *
387 * Description This function is called to start the second pairing phase by
388 * start generating random number.
389 *
390 *
391 * Returns void
392 *
393 ******************************************************************************/
smp_generate_srand_mrand_confirm(tSMP_CB * p_cb,UNUSED_ATTR tSMP_INT_DATA * p_data)394 void smp_generate_srand_mrand_confirm(tSMP_CB* p_cb,
395 UNUSED_ATTR tSMP_INT_DATA* p_data) {
396 SMP_TRACE_DEBUG("%s", __func__);
397 /* generate MRand or SRand */
398 btsnd_hcic_ble_rand(Bind(
399 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
400 memcpy(p_cb->rand.data(), rand, 8);
401
402 /* generate 64 MSB of MRand or SRand */
403 btsnd_hcic_ble_rand(Bind(
404 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
405 memcpy((void*)&p_cb->rand[8], rand, BT_OCTET8_LEN);
406 smp_generate_confirm(p_cb);
407 },
408 p_cb));
409 },
410 p_cb));
411 }
412
413 /*******************************************************************************
414 *
415 * Function smp_generate_compare
416 *
417 * Description This function is called when random number (MRand or SRand)
418 * is received from remote device and the c1 value (MConfirm
419 * or SConfirm) needs to be generated to authenticate remote
420 * device.
421 *
422 * Returns void
423 *
424 ******************************************************************************/
smp_generate_compare(tSMP_CB * p_cb,UNUSED_ATTR tSMP_INT_DATA * p_data)425 void smp_generate_compare(tSMP_CB* p_cb, UNUSED_ATTR tSMP_INT_DATA* p_data) {
426 SMP_TRACE_DEBUG("smp_generate_compare ");
427 smp_debug_print_nbyte_little_endian(p_cb->rrand, "peer rand", 16);
428 Octet16 output;
429 tSMP_STATUS status = smp_calculate_comfirm(p_cb, p_cb->rrand, &output);
430 if (status != SMP_SUCCESS) {
431 tSMP_INT_DATA smp_int_data;
432 smp_int_data.status = status;
433 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
434 return;
435 }
436 tSMP_KEY key;
437 smp_debug_print_nbyte_little_endian(output.data(), "Remote Confirm generated",
438 16);
439 key.key_type = SMP_KEY_TYPE_CMP;
440 key.p_data = output.data();
441 tSMP_INT_DATA smp_int_data;
442 smp_int_data.key = key;
443 smp_sm_event(p_cb, SMP_KEY_READY_EVT, &smp_int_data);
444 }
445
446 /** This function is called when STK is generated proceed to send the encrypt
447 * the link using STK. */
smp_process_stk(tSMP_CB * p_cb,Octet16 * p)448 static void smp_process_stk(tSMP_CB* p_cb, Octet16* p) {
449 tSMP_KEY key;
450
451 SMP_TRACE_DEBUG("smp_process_stk ");
452 smp_mask_enc_key(p_cb->loc_enc_size, p);
453
454 key.key_type = SMP_KEY_TYPE_STK;
455 key.p_data = p->data();
456
457 tSMP_INT_DATA smp_int_data;
458 smp_int_data.key = key;
459 smp_sm_event(p_cb, SMP_KEY_READY_EVT, &smp_int_data);
460 }
461
462 /** This function calculates EDIV = Y xor DIV */
smp_process_ediv(tSMP_CB * p_cb,Octet16 & p)463 static void smp_process_ediv(tSMP_CB* p_cb, Octet16& p) {
464 tSMP_KEY key;
465 uint8_t* pp = p.data();
466 uint16_t y;
467
468 SMP_TRACE_DEBUG("smp_process_ediv ");
469 STREAM_TO_UINT16(y, pp);
470
471 /* EDIV = Y xor DIV */
472 p_cb->ediv = p_cb->div ^ y;
473 /* send LTK ready */
474 SMP_TRACE_ERROR("LTK ready");
475 key.key_type = SMP_KEY_TYPE_LTK;
476 key.p_data = p.data();
477
478 tSMP_INT_DATA smp_int_data;
479 smp_int_data.key = key;
480 smp_sm_event(p_cb, SMP_KEY_READY_EVT, &smp_int_data);
481 }
482
483 /**
484 * This function is to proceed generate Y = E(DHK, Rand)
485 */
smp_generate_y(tSMP_CB * p_cb,BT_OCTET8 rand)486 static void smp_generate_y(tSMP_CB* p_cb, BT_OCTET8 rand) {
487 SMP_TRACE_DEBUG("%s ", __func__);
488
489 const Octet16& dhk = BTM_GetDeviceDHK();
490
491 memcpy(p_cb->enc_rand, rand, BT_OCTET8_LEN);
492 Octet16 output = aes_128(dhk, rand, BT_OCTET8_LEN);
493 smp_process_ediv(p_cb, output);
494 }
495
496 /**
497 * Calculate LTK = d1(ER, DIV, 0)= e(ER, DIV)
498 */
smp_generate_ltk_cont(uint16_t div,tSMP_CB * p_cb)499 static void smp_generate_ltk_cont(uint16_t div, tSMP_CB* p_cb) {
500 p_cb->div = div;
501
502 SMP_TRACE_DEBUG("%s", __func__);
503 const Octet16& er = BTM_GetDeviceEncRoot();
504
505 /* LTK = d1(ER, DIV, 0)= e(ER, DIV)*/
506 Octet16 ltk = aes_128(er, (uint8_t*)&p_cb->div, sizeof(uint16_t));
507 /* mask the LTK */
508 smp_mask_enc_key(p_cb->loc_enc_size, <k);
509 p_cb->ltk = ltk;
510
511 /* generate EDIV and rand now */
512 btsnd_hcic_ble_rand(Bind(&smp_generate_y, p_cb));
513 }
514
515 /*******************************************************************************
516 *
517 * Function smp_generate_ltk
518 *
519 * Description This function is called:
520 * - in legacy pairing - to calculate LTK, starting with DIV
521 * generation;
522 * - in LE Secure Connections pairing over LE transport - to
523 * process LTK already generated to encrypt LE link;
524 * - in LE Secure Connections pairing over BR/EDR transport -
525 * to start BR/EDR Link Key processing.
526 *
527 * Returns void
528 *
529 ******************************************************************************/
smp_generate_ltk(tSMP_CB * p_cb,UNUSED_ATTR tSMP_INT_DATA * p_data)530 void smp_generate_ltk(tSMP_CB* p_cb, UNUSED_ATTR tSMP_INT_DATA* p_data) {
531 SMP_TRACE_DEBUG("%s", __func__);
532
533 if (smp_get_br_state() == SMP_BR_STATE_BOND_PENDING) {
534 smp_br_process_link_key(p_cb, NULL);
535 return;
536 } else if (p_cb->le_secure_connections_mode_is_used) {
537 smp_process_secure_connection_long_term_key();
538 return;
539 }
540
541 bool div_status = btm_get_local_div(p_cb->pairing_bda, &p_cb->div);
542
543 if (div_status) {
544 smp_generate_ltk_cont(p_cb->div, p_cb);
545 } else {
546 SMP_TRACE_DEBUG("%s: Generate DIV for LTK", __func__);
547
548 /* generate MRand or SRand */
549 btsnd_hcic_ble_rand(Bind(
550 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
551 uint16_t div;
552 STREAM_TO_UINT16(div, rand);
553 smp_generate_ltk_cont(div, p_cb);
554 },
555 p_cb));
556 }
557 }
558
559 /* The function calculates legacy STK */
smp_calculate_legacy_short_term_key(tSMP_CB * p_cb)560 Octet16 smp_calculate_legacy_short_term_key(tSMP_CB* p_cb) {
561 SMP_TRACE_DEBUG("%s", __func__);
562
563 Octet16 text{0};
564 if (p_cb->role == HCI_ROLE_CENTRAL) {
565 memcpy(text.data(), p_cb->rand.data(), BT_OCTET8_LEN);
566 memcpy(text.data() + BT_OCTET8_LEN, p_cb->rrand.data(), BT_OCTET8_LEN);
567 } else {
568 memcpy(text.data(), p_cb->rrand.data(), BT_OCTET8_LEN);
569 memcpy(text.data() + BT_OCTET8_LEN, p_cb->rand.data(), BT_OCTET8_LEN);
570 }
571
572 /* generate STK = Etk(rand|rrand)*/
573 return aes_128(p_cb->tk, text);
574 }
575
576 /*******************************************************************************
577 *
578 * Function smp_create_private_key
579 *
580 * Description This function is called to create private key used to
581 * calculate public key and DHKey.
582 * The function starts private key creation requesting
583 * for the controller to generate [0-7] octets of private key.
584 *
585 * Returns void
586 *
587 ******************************************************************************/
smp_create_private_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)588 void smp_create_private_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
589 SMP_TRACE_DEBUG("%s", __func__);
590
591 // Only use the stored OOB data if we are in an oob association model
592 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) {
593 LOG_WARN("OOB Association Model");
594 // Make sure our data isn't empty, otherwise we generate new and eventually
595 // pairing will fail Not much we can do about it at this point, just have to
596 // generate new data The data will be cleared after the advertiser times
597 // out, so if the advertiser times out we want the pairing to fail anyway.
598 if (!is_empty(&saved_local_oob_data)) {
599 LOG_WARN("Found OOB data, loading keys");
600 for (int i = 0; i < BT_OCTET32_LEN; i++) {
601 p_cb->private_key[i] = saved_local_oob_data.private_key_used[i];
602 p_cb->loc_publ_key.x[i] = saved_local_oob_data.publ_key_used.x[i];
603 p_cb->loc_publ_key.y[i] = saved_local_oob_data.publ_key_used.y[i];
604 }
605 p_cb->sc_oob_data.loc_oob_data = saved_local_oob_data;
606 p_cb->local_random = saved_local_oob_data.randomizer;
607 smp_process_private_key(p_cb);
608 return;
609 }
610 LOG_WARN("OOB Association Model with no saved data present");
611 }
612
613 btsnd_hcic_ble_rand(Bind(
614 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
615 memcpy((void*)p_cb->private_key, rand, BT_OCTET8_LEN);
616 btsnd_hcic_ble_rand(Bind(
617 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
618 memcpy((void*)&p_cb->private_key[8], rand, BT_OCTET8_LEN);
619 btsnd_hcic_ble_rand(Bind(
620 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
621 memcpy((void*)&p_cb->private_key[16], rand, BT_OCTET8_LEN);
622 btsnd_hcic_ble_rand(Bind(
623 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
624 memcpy((void*)&p_cb->private_key[24], rand,
625 BT_OCTET8_LEN);
626 smp_process_private_key(p_cb);
627 },
628 p_cb));
629 },
630 p_cb));
631 },
632 p_cb));
633 },
634 p_cb));
635 }
636
637 /*******************************************************************************
638 *
639 * Function smp_use_oob_private_key
640 *
641 * Description This function is called
642 * - to save the secret key used to calculate the public key
643 * used in calculations of commitment sent OOB to a peer
644 * - to use this secret key to recalculate the public key and
645 * start the process of sending this public key to the peer
646 * if secret/public keys have to be reused.
647 * If the keys aren't supposed to be reused, continue from the
648 * point from which request for OOB data was issued.
649 *
650 * Returns void
651 *
652 ******************************************************************************/
smp_use_oob_private_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)653 void smp_use_oob_private_key(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
654 LOG_INFO("req_oob_type: %d, role: %d", p_cb->req_oob_type, p_cb->role);
655
656 switch (p_cb->req_oob_type) {
657 case SMP_OOB_BOTH:
658 case SMP_OOB_LOCAL:
659 LOG_INFO("restore secret key");
660 // Only use the stored OOB data if we are in an oob association model
661 if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) {
662 LOG_INFO("OOB Association Model");
663 // Make sure our data isn't empty, otherwise we generate new and
664 // eventually pairing will fail Not much we can do about it at this
665 // point, just have to generate new data The data will be cleared after
666 // the advertiser times out, so if the advertiser times out we want the
667 // pairing to fail anyway.
668 if (!is_empty(&saved_local_oob_data)) {
669 LOG_INFO("Found OOB data, loading keys");
670 for (int i = 0; i < BT_OCTET32_LEN; i++) {
671 p_cb->private_key[i] = saved_local_oob_data.private_key_used[i];
672 p_cb->loc_publ_key.x[i] = saved_local_oob_data.publ_key_used.x[i];
673 p_cb->loc_publ_key.y[i] = saved_local_oob_data.publ_key_used.y[i];
674 }
675 p_cb->sc_oob_data.loc_oob_data = saved_local_oob_data;
676 p_cb->local_random = saved_local_oob_data.randomizer;
677 smp_process_private_key(p_cb);
678 return;
679 }
680 LOG_INFO("OOB Association Model with no saved data present");
681 }
682
683 memcpy(p_cb->private_key, p_cb->sc_oob_data.loc_oob_data.private_key_used,
684 BT_OCTET32_LEN);
685 smp_process_private_key(p_cb);
686 break;
687 default:
688 LOG_INFO("create secret key anew");
689 smp_set_state(SMP_STATE_PAIR_REQ_RSP);
690 smp_decide_association_model(p_cb, NULL);
691 break;
692 }
693 }
694
695 /*******************************************************************************
696 *
697 * Function smp_process_private_key
698 *
699 * Description This function processes private key.
700 * It calculates public key and notifies SM that private key /
701 * public key pair is created.
702 *
703 * Returns void
704 *
705 ******************************************************************************/
smp_process_private_key(tSMP_CB * p_cb)706 void smp_process_private_key(tSMP_CB* p_cb) {
707 Point public_key;
708 BT_OCTET32 private_key;
709
710 SMP_TRACE_DEBUG("%s", __func__);
711
712 memcpy(private_key, p_cb->private_key, BT_OCTET32_LEN);
713 ECC_PointMult(&public_key, &(curve_p256.G), (uint32_t*)private_key);
714 memcpy(p_cb->loc_publ_key.x, public_key.x, BT_OCTET32_LEN);
715 memcpy(p_cb->loc_publ_key.y, public_key.y, BT_OCTET32_LEN);
716
717 smp_debug_print_nbyte_little_endian(p_cb->private_key, "private",
718 BT_OCTET32_LEN);
719 smp_debug_print_nbyte_little_endian(p_cb->loc_publ_key.x, "local public(x)",
720 BT_OCTET32_LEN);
721 smp_debug_print_nbyte_little_endian(p_cb->loc_publ_key.y, "local public(y)",
722 BT_OCTET32_LEN);
723 p_cb->flags |= SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY;
724 smp_sm_event(p_cb, SMP_LOC_PUBL_KEY_CRTD_EVT, NULL);
725 }
726
727 /*******************************************************************************
728 *
729 * Function smp_compute_dhkey
730 *
731 * Description The function:
732 * - calculates a new public key using as input local private
733 * key and peer public key;
734 * - saves the new public key x-coordinate as DHKey.
735 *
736 * Returns void
737 *
738 ******************************************************************************/
smp_compute_dhkey(tSMP_CB * p_cb)739 void smp_compute_dhkey(tSMP_CB* p_cb) {
740 Point peer_publ_key, new_publ_key;
741 BT_OCTET32 private_key;
742
743 SMP_TRACE_DEBUG("%s", __func__);
744
745 memcpy(private_key, p_cb->private_key, BT_OCTET32_LEN);
746 memcpy(peer_publ_key.x, p_cb->peer_publ_key.x, BT_OCTET32_LEN);
747 memcpy(peer_publ_key.y, p_cb->peer_publ_key.y, BT_OCTET32_LEN);
748
749 ECC_PointMult(&new_publ_key, &peer_publ_key, (uint32_t*)private_key);
750
751 memcpy(p_cb->dhkey, new_publ_key.x, BT_OCTET32_LEN);
752
753 smp_debug_print_nbyte_little_endian(p_cb->dhkey, "Old DHKey", BT_OCTET32_LEN);
754
755 smp_debug_print_nbyte_little_endian(p_cb->private_key, "private",
756 BT_OCTET32_LEN);
757 smp_debug_print_nbyte_little_endian(p_cb->peer_publ_key.x, "rem public(x)",
758 BT_OCTET32_LEN);
759 smp_debug_print_nbyte_little_endian(p_cb->peer_publ_key.y, "rem public(y)",
760 BT_OCTET32_LEN);
761 smp_debug_print_nbyte_little_endian(p_cb->dhkey, "Reverted DHKey",
762 BT_OCTET32_LEN);
763 }
764
765 /** The function calculates and saves local commmitment in CB. */
smp_calculate_local_commitment(tSMP_CB * p_cb)766 void smp_calculate_local_commitment(tSMP_CB* p_cb) {
767 uint8_t random_input;
768
769 SMP_TRACE_DEBUG("%s", __func__);
770
771 switch (p_cb->selected_association_model) {
772 case SMP_MODEL_SEC_CONN_JUSTWORKS:
773 case SMP_MODEL_SEC_CONN_NUM_COMP:
774 if (p_cb->role == HCI_ROLE_CENTRAL)
775 SMP_TRACE_WARNING(
776 "local commitment calc on central is not expected "
777 "for Just Works/Numeric Comparison models");
778 p_cb->commitment = crypto_toolbox::f4(
779 p_cb->loc_publ_key.x, p_cb->peer_publ_key.x, p_cb->rand, 0);
780 break;
781 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
782 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
783 random_input =
784 smp_calculate_random_input(p_cb->local_random.data(), p_cb->round);
785 p_cb->commitment =
786 crypto_toolbox::f4(p_cb->loc_publ_key.x, p_cb->peer_publ_key.x,
787 p_cb->rand, random_input);
788 break;
789 case SMP_MODEL_SEC_CONN_OOB:
790 SMP_TRACE_WARNING(
791 "local commitment calc is expected for OOB model BEFORE pairing");
792 p_cb->commitment = crypto_toolbox::f4(
793 p_cb->loc_publ_key.x, p_cb->loc_publ_key.x, p_cb->local_random, 0);
794 break;
795 default:
796 SMP_TRACE_ERROR("Association Model = %d is not used in LE SC",
797 p_cb->selected_association_model);
798 return;
799 }
800
801 SMP_TRACE_EVENT("local commitment calculation is completed");
802 }
803
804 /** The function calculates peer commmitment */
smp_calculate_peer_commitment(tSMP_CB * p_cb)805 Octet16 smp_calculate_peer_commitment(tSMP_CB* p_cb) {
806 uint8_t ri;
807
808 SMP_TRACE_DEBUG("%s", __func__);
809 Octet16 output;
810 switch (p_cb->selected_association_model) {
811 case SMP_MODEL_SEC_CONN_JUSTWORKS:
812 case SMP_MODEL_SEC_CONN_NUM_COMP:
813 if (p_cb->role == HCI_ROLE_PERIPHERAL)
814 SMP_TRACE_WARNING(
815 "peer commitment calc on peripheral is not expected "
816 "for Just Works/Numeric Comparison models");
817 output = crypto_toolbox::f4(p_cb->peer_publ_key.x, p_cb->loc_publ_key.x,
818 p_cb->rrand, 0);
819 break;
820 case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
821 case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
822 ri = smp_calculate_random_input(p_cb->peer_random.data(), p_cb->round);
823 output = crypto_toolbox::f4(p_cb->peer_publ_key.x, p_cb->loc_publ_key.x,
824 p_cb->rrand, ri);
825 break;
826 case SMP_MODEL_SEC_CONN_OOB:
827 output = crypto_toolbox::f4(p_cb->peer_publ_key.x, p_cb->peer_publ_key.x,
828 p_cb->peer_random, 0);
829 break;
830 default:
831 SMP_TRACE_ERROR("Association Model = %d is not used in LE SC",
832 p_cb->selected_association_model);
833 return output;
834 }
835
836 SMP_TRACE_EVENT("peer commitment calculation is completed");
837 return output;
838 }
839
840 /*******************************************************************************
841 *
842 * Function smp_calculate_numeric_comparison_display_number
843 *
844 * Description The function calculates and saves number to display in
845 * numeric comparison association mode.
846 *
847 * Returns void
848 *
849 ******************************************************************************/
smp_calculate_numeric_comparison_display_number(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)850 void smp_calculate_numeric_comparison_display_number(tSMP_CB* p_cb,
851 tSMP_INT_DATA* p_data) {
852 SMP_TRACE_DEBUG("%s", __func__);
853
854 if (p_cb->role == HCI_ROLE_CENTRAL) {
855 p_cb->number_to_display = crypto_toolbox::g2(
856 p_cb->loc_publ_key.x, p_cb->peer_publ_key.x, p_cb->rand, p_cb->rrand);
857 } else {
858 p_cb->number_to_display = crypto_toolbox::g2(
859 p_cb->peer_publ_key.x, p_cb->loc_publ_key.x, p_cb->rrand, p_cb->rand);
860 }
861
862 if (p_cb->number_to_display >= (BTM_MAX_PASSKEY_VAL + 1)) {
863 tSMP_INT_DATA smp_int_data;
864 smp_int_data.status = SMP_PAIR_FAIL_UNKNOWN;
865 p_cb->failure = SMP_PAIR_FAIL_UNKNOWN;
866 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
867 return;
868 }
869
870 SMP_TRACE_EVENT("Number to display in numeric comparison = %d",
871 p_cb->number_to_display);
872 p_cb->cb_evt = SMP_NC_REQ_EVT;
873 tSMP_INT_DATA smp_int_data;
874 smp_int_data.passkey = p_cb->number_to_display;
875 smp_sm_event(p_cb, SMP_SC_DSPL_NC_EVT, &smp_int_data);
876 return;
877 }
878
879 /*******************************************************************************
880 *
881 * Function smp_calculate_local_dhkey_check
882 *
883 * Description The function calculates and saves local device DHKey check
884 * value in CB.
885 * Before doing this it calls
886 * smp_calculate_f5_mackey_and_long_term_key(...).
887 * to calculate MacKey and LTK.
888 * MacKey is used in dhkey calculation.
889 *
890 * Returns void
891 *
892 ******************************************************************************/
smp_calculate_local_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)893 void smp_calculate_local_dhkey_check(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
894 uint8_t iocap[3], a[7], b[7];
895
896 SMP_TRACE_DEBUG("%s", __func__);
897
898 smp_calculate_f5_mackey_and_long_term_key(p_cb);
899
900 smp_collect_local_io_capabilities(iocap, p_cb);
901
902 smp_collect_local_ble_address(a, p_cb);
903 smp_collect_peer_ble_address(b, p_cb);
904 p_cb->dhkey_check = crypto_toolbox::f6(p_cb->mac_key, p_cb->rand, p_cb->rrand,
905 p_cb->peer_random, iocap, a, b);
906
907 SMP_TRACE_EVENT("local DHKey check calculation is completed");
908 }
909
910 /*******************************************************************************
911 *
912 * Function smp_calculate_peer_dhkey_check
913 *
914 * Description The function calculates peer device DHKey check value.
915 *
916 * Returns void
917 *
918 ******************************************************************************/
smp_calculate_peer_dhkey_check(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)919 void smp_calculate_peer_dhkey_check(tSMP_CB* p_cb, tSMP_INT_DATA* p_data) {
920 uint8_t iocap[3], a[7], b[7];
921 tSMP_KEY key;
922
923 SMP_TRACE_DEBUG("%s", __func__);
924
925 smp_collect_peer_io_capabilities(iocap, p_cb);
926
927 smp_collect_local_ble_address(a, p_cb);
928 smp_collect_peer_ble_address(b, p_cb);
929 Octet16 param_buf = crypto_toolbox::f6(p_cb->mac_key, p_cb->rrand, p_cb->rand,
930 p_cb->local_random, iocap, b, a);
931
932 SMP_TRACE_EVENT("peer DHKey check calculation is completed");
933 key.key_type = SMP_KEY_TYPE_PEER_DHK_CHCK;
934 key.p_data = param_buf.data();
935 tSMP_INT_DATA smp_int_data;
936 smp_int_data.key = key;
937 smp_sm_event(p_cb, SMP_SC_KEY_READY_EVT, &smp_int_data);
938 }
939
940 /*******************************************************************************
941 *
942 * Function smp_calculate_link_key_from_long_term_key
943 *
944 * Description The function calculates and saves BR/EDR link key derived
945 * from LE SC LTK.
946 *
947 * Returns false if out of resources, true in other cases.
948 *
949 ******************************************************************************/
smp_calculate_link_key_from_long_term_key(tSMP_CB * p_cb)950 bool smp_calculate_link_key_from_long_term_key(tSMP_CB* p_cb) {
951 tBTM_SEC_DEV_REC* p_dev_rec;
952 RawAddress bda_for_lk;
953 tBLE_ADDR_TYPE conn_addr_type;
954
955 SMP_TRACE_DEBUG("%s", __func__);
956
957 if (p_cb->id_addr_rcvd && p_cb->id_addr_type == BLE_ADDR_PUBLIC) {
958 SMP_TRACE_DEBUG(
959 "Use rcvd identity address as BD_ADDR of LK rcvd identity address");
960 bda_for_lk = p_cb->id_addr;
961 } else if ((BTM_ReadRemoteConnectionAddr(p_cb->pairing_bda, bda_for_lk,
962 &conn_addr_type)) &&
963 conn_addr_type == BLE_ADDR_PUBLIC) {
964 SMP_TRACE_DEBUG("Use rcvd connection address as BD_ADDR of LK");
965 } else {
966 SMP_TRACE_WARNING("Don't have peer public address to associate with LK");
967 return false;
968 }
969
970 p_dev_rec = btm_find_dev(p_cb->pairing_bda);
971 if (p_dev_rec == NULL) {
972 SMP_TRACE_ERROR("%s failed to find Security Record", __func__);
973 return false;
974 }
975
976 Octet16 link_key =
977 crypto_toolbox::ltk_to_link_key(p_cb->ltk, p_cb->key_derivation_h7_used);
978
979 uint8_t link_key_type;
980 if (btm_cb.security_mode == BTM_SEC_MODE_SC) {
981 /* Secure Connections Only Mode */
982 link_key_type = BTM_LKEY_TYPE_AUTH_COMB_P_256;
983 } else if (controller_get_interface()->supports_secure_connections()) {
984 /* both transports are SC capable */
985 if (p_cb->sec_level == SMP_SEC_AUTHENTICATED)
986 link_key_type = BTM_LKEY_TYPE_AUTH_COMB_P_256;
987 else
988 link_key_type = BTM_LKEY_TYPE_UNAUTH_COMB_P_256;
989 } else if (btm_cb.security_mode == BTM_SEC_MODE_SP) {
990 /* BR/EDR transport is SSP capable */
991 if (p_cb->sec_level == SMP_SEC_AUTHENTICATED)
992 link_key_type = BTM_LKEY_TYPE_AUTH_COMB;
993 else
994 link_key_type = BTM_LKEY_TYPE_UNAUTH_COMB;
995 } else {
996 SMP_TRACE_ERROR("%s failed to update link_key. Sec Mode = %d, sm4 = 0x%02x",
997 __func__, btm_cb.security_mode, p_dev_rec->sm4);
998 return false;
999 }
1000
1001 link_key_type += BTM_LTK_DERIVED_LKEY_OFFSET;
1002
1003 Octet16 notif_link_key;
1004 std::reverse_copy(link_key.begin(), link_key.end(), notif_link_key.begin());
1005 btm_sec_link_key_notification(bda_for_lk, notif_link_key, link_key_type);
1006
1007 SMP_TRACE_EVENT("%s is completed", __func__);
1008
1009 return true;
1010 }
1011
1012 /** The function calculates and saves SC LTK derived from BR/EDR link key. */
smp_calculate_long_term_key_from_link_key(tSMP_CB * p_cb)1013 bool smp_calculate_long_term_key_from_link_key(tSMP_CB* p_cb) {
1014 tBTM_SEC_DEV_REC* p_dev_rec;
1015
1016 SMP_TRACE_DEBUG("%s", __func__);
1017
1018 p_dev_rec = btm_find_dev(p_cb->pairing_bda);
1019 if (p_dev_rec == NULL) {
1020 SMP_TRACE_ERROR("%s failed to find Security Record", __func__);
1021 return false;
1022 }
1023
1024 uint8_t br_link_key_type;
1025 br_link_key_type = BTM_SecGetDeviceLinkKeyType(p_cb->pairing_bda);
1026 if (br_link_key_type == BTM_LKEY_TYPE_IGNORE) {
1027 SMP_TRACE_ERROR("%s failed to retrieve BR link type", __func__);
1028 return false;
1029 }
1030
1031 if ((br_link_key_type != BTM_LKEY_TYPE_AUTH_COMB_P_256) &&
1032 (br_link_key_type != BTM_LKEY_TYPE_UNAUTH_COMB_P_256)) {
1033 SMP_TRACE_ERROR("%s LE SC LTK can't be derived from LK %d", __func__,
1034 br_link_key_type);
1035 return false;
1036 }
1037
1038 Octet16 rev_link_key;
1039 std::reverse_copy(p_dev_rec->link_key.begin(), p_dev_rec->link_key.end(),
1040 rev_link_key.begin());
1041 p_cb->ltk = crypto_toolbox::link_key_to_ltk(rev_link_key,
1042 p_cb->key_derivation_h7_used);
1043
1044 p_cb->sec_level = (br_link_key_type == BTM_LKEY_TYPE_AUTH_COMB_P_256)
1045 ? SMP_SEC_AUTHENTICATED
1046 : SMP_SEC_UNAUTHENTICATE;
1047 SMP_TRACE_EVENT("%s is completed", __func__);
1048 return true;
1049 }
1050
1051 /**
1052 * This function generates nonce.
1053 */
smp_start_nonce_generation(tSMP_CB * p_cb)1054 void smp_start_nonce_generation(tSMP_CB* p_cb) {
1055 SMP_TRACE_DEBUG("%s", __func__);
1056 btsnd_hcic_ble_rand(Bind(
1057 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
1058 memcpy(p_cb->rand.data(), rand, BT_OCTET8_LEN);
1059 btsnd_hcic_ble_rand(Bind(
1060 [](tSMP_CB* p_cb, BT_OCTET8 rand) {
1061 memcpy(p_cb->rand.data() + 8, rand, BT_OCTET8_LEN);
1062 SMP_TRACE_DEBUG("%s round %d", __func__, p_cb->round);
1063 /* notifies SM that it has new nonce. */
1064 smp_sm_event(p_cb, SMP_HAVE_LOC_NONCE_EVT, NULL);
1065 },
1066 p_cb));
1067 },
1068 p_cb));
1069 }
1070