pw_bluetooth_sapphire: Use local_ltk for BR/EDR CTKD key in SM

Use PairingData::local_ltk and PairingData::peer_ltk to deliver the LE LTK after BR/EDR SecurityManager cross-transport key derivation instead of PairingData::cross_transport_key. This makes it easier for client code to call Peer::LowEnergyData::StoreBond(PairingData) directly with the PairingData. Bug: 388607971 Change-Id: Ibf528fdda4db213f45474e23a43711e4e5f79062 Reviewed-on: https://pigweed-review.googlesource.com/c/pigweed/pigweed/+/261973 Lint: Lint 🤖 <[email protected]> Docs-Not-Needed: Ben Lawson <[email protected]> Reviewed-by: Jason Graffius <[email protected]> Commit-Queue: Ben Lawson <[email protected]>
google · Jan 23, 2025 · adbb535 · adbb535
1 parent 405b87a
commit adbb535
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 17 deletions.
diff --git a/...uetooth_sapphire/host/sm/public/pw_bluetooth_sapphire/internal/host/sm/security_manager.h b/...uetooth_sapphire/host/sm/public/pw_bluetooth_sapphire/internal/host/sm/security_manager.h
@@ -185,4 +185,7 @@ class SecurityManager {
 using SecurityManagerFactory =
     std::function<decltype(sm::SecurityManager::CreateLE)>;
 
+using BrEdrSecurityManagerFactory =
+    std::function<decltype(sm::SecurityManager::CreateBrEdr)>;
+
 }  // namespace bt::sm
diff --git a/pw_bluetooth_sapphire/host/sm/security_manager.cc b/pw_bluetooth_sapphire/host/sm/security_manager.cc
@@ -846,8 +846,10 @@ void SecurityManagerImpl::OnBrEdrPairingComplete(PairingData pairing_data) {
   if (ct_key_value) {
     // The LE LTK will have the same security properties as the BR/EDR key.
     SecurityProperties bredr_properties(bredr_link_->ltk_type().value());
-    pairing_data.cross_transport_key =
+    sm::LTK le_ltk =
         sm::LTK(bredr_properties, hci_spec::LinkKey(*ct_key_value, 0, 0));
+    pairing_data.local_ltk = le_ltk;
+    pairing_data.peer_ltk = le_ltk;
   } else {
     bt_log(ERROR, "sm", "BR/EDR CTKD key generation failed");
     if (bredr_cross_transport_key_derivation_callback_) {

diff --git a/pw_bluetooth_sapphire/host/sm/security_manager_test.cc b/pw_bluetooth_sapphire/host/sm/security_manager_test.cc
@@ -4087,10 +4087,9 @@ TEST_F(SecurityManagerTest, BrEdrResponderCtkdH7NoKeysToDistributeSuccess) {
   EXPECT_EQ(0, pairing_failed_count());
   EXPECT_EQ(1, pairing_complete_count());
   EXPECT_EQ(1, pairing_data_callback_count());
-  ASSERT_TRUE(pairing_data().cross_transport_key.has_value());
-  EXPECT_EQ(pairing_data().cross_transport_key->key().value(),
-            kExpectedLtkBytesH7);
-  EXPECT_EQ(pairing_data().cross_transport_key->security().GetLinkKeyType(),
+  ASSERT_TRUE(pairing_data().local_ltk.has_value());
+  EXPECT_EQ(pairing_data().local_ltk->key().value(), kExpectedLtkBytesH7);
+  EXPECT_EQ(pairing_data().local_ltk->security().GetLinkKeyType(),
             hci_spec::LinkKeyType::kUnauthenticatedCombination256);
   EXPECT_FALSE(peer().MutBrEdr().is_pairing());
 }
@@ -4146,10 +4145,9 @@ TEST_F(SecurityManagerTest, BrEdrResponderCtkdH7DistributeIdKeysSuccess) {
   EXPECT_EQ(0, pairing_failed_count());
   EXPECT_EQ(1, pairing_complete_count());
   EXPECT_EQ(1, pairing_data_callback_count());
-  ASSERT_TRUE(pairing_data().cross_transport_key.has_value());
-  EXPECT_EQ(pairing_data().cross_transport_key->key().value(),
-            kExpectedLtkBytesH7);
-  EXPECT_EQ(pairing_data().cross_transport_key->security().GetLinkKeyType(),
+  ASSERT_TRUE(pairing_data().local_ltk.has_value());
+  EXPECT_EQ(pairing_data().local_ltk->key().value(), kExpectedLtkBytesH7);
+  EXPECT_EQ(pairing_data().local_ltk->security().GetLinkKeyType(),
             hci_spec::LinkKeyType::kAuthenticatedCombination256);
   ASSERT_TRUE(pairing_data().irk.has_value());
   EXPECT_EQ(pairing_data().irk.value().value(), kIrk);
@@ -4199,10 +4197,9 @@ TEST_F(SecurityManagerTest, BrEdrInitiatorCtkdH7NoKeysToDistributeSuccess) {
   ASSERT_TRUE(ctkd_result.has_value());
   EXPECT_TRUE(ctkd_result.value().is_ok());
   EXPECT_EQ(1, pairing_data_callback_count());
-  ASSERT_TRUE(pairing_data().cross_transport_key.has_value());
-  EXPECT_EQ(pairing_data().cross_transport_key->key().value(),
-            kExpectedLtkBytesH7);
-  EXPECT_EQ(pairing_data().cross_transport_key->security().GetLinkKeyType(),
+  ASSERT_TRUE(pairing_data().local_ltk.has_value());
+  EXPECT_EQ(pairing_data().local_ltk->key().value(), kExpectedLtkBytesH7);
+  EXPECT_EQ(pairing_data().local_ltk->security().GetLinkKeyType(),
             hci_spec::LinkKeyType::kUnauthenticatedCombination256);
   EXPECT_FALSE(peer().MutBrEdr().is_pairing());
 }
@@ -4268,10 +4265,9 @@ TEST_F(SecurityManagerTest, BrEdrInitiatorCtkdH7DistributeIdKeysSuccess) {
   EXPECT_TRUE(ctkd_result.value().is_ok());
   EXPECT_FALSE(peer().MutBrEdr().is_pairing());
   EXPECT_EQ(1, pairing_data_callback_count());
-  ASSERT_TRUE(pairing_data().cross_transport_key.has_value());
-  EXPECT_EQ(pairing_data().cross_transport_key->key().value(),
-            kExpectedLtkBytesH7);
-  EXPECT_EQ(pairing_data().cross_transport_key->security().GetLinkKeyType(),
+  ASSERT_TRUE(pairing_data().local_ltk.has_value());
+  EXPECT_EQ(pairing_data().local_ltk->key().value(), kExpectedLtkBytesH7);
+  EXPECT_EQ(pairing_data().local_ltk->security().GetLinkKeyType(),
             hci_spec::LinkKeyType::kUnauthenticatedCombination256);
   ASSERT_TRUE(pairing_data().irk.has_value());
   EXPECT_EQ(pairing_data().irk.value().value(), kIrk);