sm: Cross-Transport Key Derivation requires ENABLE_CROSS_TRANSPORT_KEY_DERIVATION

CHANGELOG.md

@@ -21,7 +21,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Added
 
 ### Changed
-
+- SM: Cross-Transport Key Derivation requires ENABLE_CROSS_TRANSPORT_KEY_DERIVATION now
 
 ## Changes September 2020
 
@@ -89,7 +89,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ### Fixed
 - HFP: Fix parsing of empty fields, e.g. phone number in +CLCC and other AT commands
-- sm: Fix validation of confirm value for secure connection Passkey entry
+- SM: Fix validation of confirm value for secure connection Passkey entry
 - AVRCP: handle concurrent signaling establishment with reject and retry
 
 ### Added
@@ -105,7 +105,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Fixed
 - hfp_hf, hsp_hs: use eSCO params in accept sco connection only for incoming eSCO connections
 - pbap_client: fix PBAP UUID len on connect message
-- sm: fix secure connection pairing as peripheral when local user confirmation happens after remote one
+- SM: fix secure connection pairing as peripheral when local user confirmation happens after remote one
 - A2DP Source: only connect to remote sink stream endpoints
 - btstack_hal_flash_memory: fix write of 0xff bytes to simulated flash
 - hsp_hs: fix disconnect if audio not connected
@@ -116,7 +116,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - GAP: gap_set_security_level sets required security level for incoming and outgoing connections
 - cc256x: allow to specify power vector for each modulation type
 - FreeRTOS: btstack_run_loop_freertos_trigger_exit allows to request run loop exit
-- sm: support LE Secure Connections Only mode with sm_set_secure_connections_only_mode
+- SM: support LE Secure Connections Only mode with sm_set_secure_connections_only_mode
 - GAP: enable BR/EDR Secure Connections if supported, add gap_secure_connections_enable
 
 ### Changed

doc/manual/docs/how_to.md

@@ -93,9 +93,10 @@ ENABLE_LE_DATA_CHANNELS          | Enable LE Data Channels in credit-based flow
 ENABLE_LE_DATA_LENGTH_EXTENSION  | Enable LE Data Length Extension support
 ENABLE_LE_SIGNED_WRITE           | Enable LE Signed Writes in ATT/GATT
 ENABLE_LE_PRIVACY_ADDRESS_RESOLUTION | Enable address resolution for resolvable private addresses in Controller
-ENABLE_ATT_DELAYED_RESPONSE      | Enable support for delayed ATT operations, see [GATT Server](profiles/#sec:GATTServerProfile)
+ENABLE_CROSS_TRANSPORT_KEY_DERIVATION | Enable Cross-Transport Key Derivation (CTKD) for Secure Connections
 ENABLE_L2CAP_ENHANCED_RETRANSMISSION_MODE | Enable L2CAP Enhanced Retransmission Mode. Mandatory for AVRCP Browsing
 ENABLE_HCI_CONTROLLER_TO_HOST_FLOW_CONTROL | Enable HCI Controller to Host Flow Control, see below
+ENABLE_ATT_DELAYED_RESPONSE      | Enable support for delayed ATT operations, see [GATT Server](profiles/#sec:GATTServerProfile)
 ENABLE_CC256X_BAUDRATE_CHANGE_FLOWCONTROL_BUG_WORKAROUND | Enable workaround for bug in CC256x Flow Control during baud rate change, see chipset docs.
 ENABLE_CYPRESS_BAUDRATE_CHANGE_FLOWCONTROL_BUG_WORKAROUND | Enable workaround for bug in CYW2070x Flow Control during baud rate change, similar to CC256x.
 ENABLE_LE_LIMIT_ACL_FRAGMENT_BY_MAX_OCTETS | Force HCI to fragment ACL-LE packets to fit into over-the-air packet

src/ble/sm.c

@@ -60,6 +60,10 @@
 #error "LE Security Manager used, but neither ENABLE_LE_PERIPHERAL nor ENABLE_LE_CENTRAL defined. Please add at least one to btstack_config.h."
 #endif
 
+#if defined(ENABLE_CROSS_TRANSPORT_KEY_DERIVATION) && !defined(ENABLE_CLASSIC)
+#error "Cross Transport Key Derivation requires BR/EDR (Classic) support"
+#endif
+
 // assert SM Public Key can be sent/received
 #ifdef ENABLE_LE_SECURE_CONNECTIONS
 #if HCI_ACL_PAYLOAD_SIZE < 69
@@ -83,6 +87,7 @@
 #define USE_CMAC_ENGINE
 #endif
 
+
 #define BTSTACK_TAG32(A,B,C,D) (((A) << 24) | ((B) << 16) | ((C) << 8) | (D))
 
 //
@@ -1452,7 +1457,7 @@ static void sm_sc_cmac_done(uint8_t * hash){
 
     sm_connection_t * sm_conn = sm_cmac_connection;
     sm_cmac_connection = NULL;
-#ifdef ENABLE_CLASSIC
+#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
     link_key_type_t link_key_type;
 #endif
 
@@ -1520,7 +1525,7 @@ static void sm_sc_cmac_done(uint8_t * hash){
                 sm_conn->sm_engine_state = SM_INITIATOR_PH3_SEND_START_ENCRYPTION;
             }
             break;
-#ifdef ENABLE_CLASSIC
+#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
         case SM_SC_W4_CALCULATE_H6_ILK:
             (void)memcpy(setup->sm_t, hash, 16);
             sm_conn->sm_engine_state = SM_SC_W2_CALCULATE_H6_BR_EDR_LINK_KEY;
@@ -2345,7 +2350,7 @@ static void sm_run(void){
                 connection->sm_engine_state = SM_SC_W4_CALCULATE_G2;
                 g2_calculate(connection);
                 break;
-#ifdef ENABLE_CLASSIC
+#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
             case SM_SC_W2_CALCULATE_H6_ILK:
                 if (!sm_cmac_ready()) break;
                 connection->sm_engine_state = SM_SC_W4_CALCULATE_H6_ILK;
@@ -2944,7 +2949,7 @@ static void sm_handle_encryption_result_enc_csrk(void *arg){
             // slave -> receive master keys
             connection->sm_engine_state = SM_PH3_RECEIVE_KEYS;
         } else {
-#ifdef ENABLE_CLASSIC
+#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
 			if (sm_ctkd_from_le()){
                 connection->sm_engine_state = SM_SC_W2_CALCULATE_H6_ILK;
             } else
@@ -4000,7 +4005,7 @@ static void sm_pdu_handler(uint8_t packet_type, hci_con_handle_t con_handle, uin
                 sm_key_distribution_handle_all_received(sm_conn);
 
                 if (IS_RESPONDER(sm_conn->sm_role)){
-#ifdef ENABLE_CLASSIC
+#ifdef ENABLE_CROSS_TRANSPORT_KEY_DERIVATION
                     if (sm_ctkd_from_le()){
                         sm_conn->sm_engine_state = SM_SC_W2_CALCULATE_H6_ILK;
                     } else