1 /******************************************************************************
2 *
3 * Copyright 2019 The Android Open Source Project
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 #include "security/pairing_handler_le.h"
20
21 #include "os/rand.h"
22
23 using bluetooth::os::GenerateRandom;
24
25 namespace bluetooth {
26 namespace security {
27
DoLegacyStage1(const InitialInformations & i,const PairingRequestView & pairing_request,const PairingResponseView & pairing_response)28 LegacyStage1ResultOrFailure PairingHandlerLe::DoLegacyStage1(const InitialInformations& i,
29 const PairingRequestView& pairing_request,
30 const PairingResponseView& pairing_response) {
31 if (((pairing_request.GetAuthReq() | pairing_response.GetAuthReq()) & AuthReqMaskMitm) == 0) {
32 // If both devices have not set MITM option, Just Works shall be used
33 return LegacyJustWorks();
34 }
35
36 if (pairing_request.GetOobDataFlag() == OobDataFlag::PRESENT &&
37 pairing_response.GetOobDataFlag() == OobDataFlag::PRESENT) {
38 // OobDataFlag remote_oob_flag = IAmMaster(i) ? pairing_response.GetOobDataFlag() :
39 // pairing_request.GetOobDataFlag(); OobDataFlag my_oob_flag = IAmMaster(i) ? pairing_request.GetOobDataFlag() :
40 // pairing_response.GetOobDataFlag();
41 return LegacyOutOfBand(i);
42 }
43
44 const auto& iom = pairing_request.GetIoCapability();
45 const auto& ios = pairing_response.GetIoCapability();
46
47 if (iom == IoCapability::NO_INPUT_NO_OUTPUT || ios == IoCapability::NO_INPUT_NO_OUTPUT) {
48 return LegacyJustWorks();
49 }
50
51 if ((iom == IoCapability::DISPLAY_ONLY || iom == IoCapability::DISPLAY_YES_NO) &&
52 (ios == IoCapability::DISPLAY_ONLY || ios == IoCapability::DISPLAY_YES_NO)) {
53 return LegacyJustWorks();
54 }
55
56 // This if() should not be needed, these are only combinations left.
57 if (iom == IoCapability::KEYBOARD_DISPLAY || iom == IoCapability::KEYBOARD_ONLY ||
58 ios == IoCapability::KEYBOARD_DISPLAY || ios == IoCapability::KEYBOARD_ONLY) {
59 IoCapability my_iocaps = IAmMaster(i) ? iom : ios;
60 IoCapability remote_iocaps = IAmMaster(i) ? ios : iom;
61 return LegacyPasskeyEntry(i, my_iocaps, remote_iocaps);
62 }
63
64 // We went through all possble combinations.
65 LOG_ALWAYS_FATAL("This should never happen");
66 }
67
LegacyJustWorks()68 LegacyStage1ResultOrFailure PairingHandlerLe::LegacyJustWorks() {
69 LOG_INFO("Legacy Just Works start");
70 return Octet16{0};
71 }
72
LegacyPasskeyEntry(const InitialInformations & i,const IoCapability & my_iocaps,const IoCapability & remote_iocaps)73 LegacyStage1ResultOrFailure PairingHandlerLe::LegacyPasskeyEntry(const InitialInformations& i,
74 const IoCapability& my_iocaps,
75 const IoCapability& remote_iocaps) {
76 bool i_am_displaying = false;
77 if (my_iocaps == IoCapability::DISPLAY_ONLY || my_iocaps == IoCapability::DISPLAY_YES_NO) {
78 i_am_displaying = true;
79 } else if (IAmMaster(i) && remote_iocaps == IoCapability::KEYBOARD_DISPLAY &&
80 my_iocaps == IoCapability::KEYBOARD_DISPLAY) {
81 i_am_displaying = true;
82 } else if (my_iocaps == IoCapability::KEYBOARD_DISPLAY && remote_iocaps == IoCapability::KEYBOARD_ONLY) {
83 i_am_displaying = true;
84 }
85
86 LOG_INFO("Passkey Entry start %s", i_am_displaying ? "displaying" : "accepting");
87
88 uint32_t passkey;
89 if (i_am_displaying) {
90 // generate passkey in a valid range
91 passkey = GenerateRandom();
92 passkey &= 0x0fffff; /* maximum 20 significant bits */
93 constexpr uint32_t PASSKEY_MAX = 999999;
94 if (passkey > PASSKEY_MAX) passkey >>= 1;
95
96 i.user_interface_handler->Post(common::BindOnce(&UI::DisplayConfirmValue, common::Unretained(i.user_interface),
97 i.remote_connection_address, i.remote_name, passkey));
98 } else {
99 i.user_interface_handler->Post(common::BindOnce(&UI::DisplayEnterPasskeyDialog,
100 common::Unretained(i.user_interface), i.remote_connection_address,
101 i.remote_name));
102 std::optional<PairingEvent> response = WaitUiPasskey();
103 if (!response) return PairingFailure("Passkey did not arrive!");
104
105 passkey = response->ui_value;
106 }
107
108 Octet16 tk{0};
109 tk[0] = (uint8_t)(passkey);
110 tk[1] = (uint8_t)(passkey >> 8);
111 tk[2] = (uint8_t)(passkey >> 16);
112 tk[3] = (uint8_t)(passkey >> 24);
113
114 LOG_INFO("Passkey Entry finish");
115 return tk;
116 }
117
LegacyOutOfBand(const InitialInformations & i)118 LegacyStage1ResultOrFailure PairingHandlerLe::LegacyOutOfBand(const InitialInformations& i) {
119 return i.remote_oob_data->security_manager_tk_value;
120 }
121
DoLegacyStage2(const InitialInformations & i,const PairingRequestView & pairing_request,const PairingResponseView & pairing_response,const Octet16 & tk)122 StkOrFailure PairingHandlerLe::DoLegacyStage2(const InitialInformations& i, const PairingRequestView& pairing_request,
123 const PairingResponseView& pairing_response, const Octet16& tk) {
124 LOG_INFO("Legacy Step 2 start");
125 std::vector<uint8_t> preq(pairing_request.begin(), pairing_request.end());
126 std::vector<uint8_t> pres(pairing_response.begin(), pairing_response.end());
127
128 Octet16 mrand, srand;
129 if (IAmMaster(i)) {
130 mrand = GenerateRandom<16>();
131
132 // LOG(INFO) << +(IAmMaster(i)) << " tk = " << base::HexEncode(tk.data(), tk.size());
133 // LOG(INFO) << +(IAmMaster(i)) << " mrand = " << base::HexEncode(mrand.data(), mrand.size());
134 // LOG(INFO) << +(IAmMaster(i)) << " pres = " << base::HexEncode(pres.data(), pres.size());
135 // LOG(INFO) << +(IAmMaster(i)) << " preq = " << base::HexEncode(preq.data(), preq.size());
136
137 Octet16 mconfirm = crypto_toolbox::c1(
138 tk,
139 mrand,
140 preq.data(),
141 pres.data(),
142 (uint8_t)i.my_connection_address.GetAddressType(),
143 i.my_connection_address.GetAddress().data(),
144 (uint8_t)i.remote_connection_address.GetAddressType(),
145 i.remote_connection_address.GetAddress().data());
146
147 // LOG(INFO) << +(IAmMaster(i)) << " mconfirm = " << base::HexEncode(mconfirm.data(), mconfirm.size());
148
149 LOG_INFO("Master sends Mconfirm");
150 SendL2capPacket(i, PairingConfirmBuilder::Create(mconfirm));
151
152 LOG_INFO("Master waits for the Sconfirm");
153 auto sconfirm_pkt = WaitPairingConfirm();
154 if (std::holds_alternative<PairingFailure>(sconfirm_pkt)) {
155 return std::get<PairingFailure>(sconfirm_pkt);
156 }
157 Octet16 sconfirm = std::get<PairingConfirmView>(sconfirm_pkt).GetConfirmValue();
158
159 LOG_INFO("Master sends Mrand");
160 SendL2capPacket(i, PairingRandomBuilder::Create(mrand));
161
162 LOG_INFO("Master waits for Srand");
163 auto random_pkt = WaitPairingRandom();
164 if (std::holds_alternative<PairingFailure>(random_pkt)) {
165 return std::get<PairingFailure>(random_pkt);
166 }
167 srand = std::get<PairingRandomView>(random_pkt).GetRandomValue();
168
169 // LOG(INFO) << +(IAmMaster(i)) << " srand = " << base::HexEncode(srand.data(), srand.size());
170
171 Octet16 sconfirm_generated = crypto_toolbox::c1(
172 tk,
173 srand,
174 preq.data(),
175 pres.data(),
176 (uint8_t)i.my_connection_address.GetAddressType(),
177 i.my_connection_address.GetAddress().data(),
178 (uint8_t)i.remote_connection_address.GetAddressType(),
179 i.remote_connection_address.GetAddress().data());
180
181 if (sconfirm != sconfirm_generated) {
182 LOG_INFO("sconfirm does not match generated value");
183
184 SendL2capPacket(i, PairingFailedBuilder::Create(PairingFailedReason::CONFIRM_VALUE_FAILED));
185 return PairingFailure("sconfirm does not match generated value");
186 }
187 } else {
188 srand = GenerateRandom<16>();
189
190 std::vector<uint8_t> preq(pairing_request.begin(), pairing_request.end());
191 std::vector<uint8_t> pres(pairing_response.begin(), pairing_response.end());
192
193 Octet16 sconfirm = crypto_toolbox::c1(
194 tk,
195 srand,
196 preq.data(),
197 pres.data(),
198 (uint8_t)i.remote_connection_address.GetAddressType(),
199 i.remote_connection_address.GetAddress().data(),
200 (uint8_t)i.my_connection_address.GetAddressType(),
201 i.my_connection_address.GetAddress().data());
202
203 LOG_INFO("Slave waits for the Mconfirm");
204 auto mconfirm_pkt = WaitPairingConfirm();
205 if (std::holds_alternative<PairingFailure>(mconfirm_pkt)) {
206 return std::get<PairingFailure>(mconfirm_pkt);
207 }
208 Octet16 mconfirm = std::get<PairingConfirmView>(mconfirm_pkt).GetConfirmValue();
209
210 LOG_INFO("Slave sends Sconfirm");
211 SendL2capPacket(i, PairingConfirmBuilder::Create(sconfirm));
212
213 LOG_INFO("Slave waits for Mrand");
214 auto random_pkt = WaitPairingRandom();
215 if (std::holds_alternative<PairingFailure>(random_pkt)) {
216 return std::get<PairingFailure>(random_pkt);
217 }
218 mrand = std::get<PairingRandomView>(random_pkt).GetRandomValue();
219
220 Octet16 mconfirm_generated = crypto_toolbox::c1(
221 tk,
222 mrand,
223 preq.data(),
224 pres.data(),
225 (uint8_t)i.remote_connection_address.GetAddressType(),
226 i.remote_connection_address.GetAddress().data(),
227 (uint8_t)i.my_connection_address.GetAddressType(),
228 i.my_connection_address.GetAddress().data());
229
230 if (mconfirm != mconfirm_generated) {
231 LOG_INFO("mconfirm does not match generated value");
232 SendL2capPacket(i, PairingFailedBuilder::Create(PairingFailedReason::CONFIRM_VALUE_FAILED));
233 return PairingFailure("mconfirm does not match generated value");
234 }
235
236 LOG_INFO("Slave sends Srand");
237 SendL2capPacket(i, PairingRandomBuilder::Create(srand));
238 }
239
240 LOG_INFO("Legacy stage 2 finish");
241
242 /* STK */
243 return crypto_toolbox::s1(tk, mrand, srand);
244 }
245 } // namespace security
246 } // namespace bluetooth