1 /******************************************************************************
2 *
3 * Copyright (C) 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains functions for BLE device control utilities, and LE
22 * security functions.
23 *
24 ******************************************************************************/
25
26 #include <string.h>
27
28 #include "bt_types.h"
29 #include "hcimsgs.h"
30 #include "btu.h"
31 #include "btm_int.h"
32 #include "btm_ble_api.h"
33 #include "smp_api.h"
34 #include "l2c_int.h"
35 #include "gap_api.h"
36
37 #if SMP_INCLUDED == TRUE
38 extern BOOLEAN AES_CMAC ( BT_OCTET16 key, UINT8 *input, UINT16 length, UINT16 tlen, UINT8 *p_signature);
39 extern void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable);
40 extern BOOLEAN smp_proc_ltk_request(BD_ADDR bda);
41 #endif
42 extern void gatt_notify_enc_cmpl(BD_ADDR bd_addr);
43
44 /*******************************************************************************/
45 /* External Function to be called by other modules */
46 /*******************************************************************************/
47 /********************************************************
48 **
49 ** Function BTM_SecAddBleDevice
50 **
51 ** Description Add/modify device. This function will be normally called
52 ** during host startup to restore all required information
53 ** for a LE device stored in the NVRAM.
54 **
55 ** Parameters: bd_addr - BD address of the peer
56 ** bd_name - Name of the peer device. NULL if unknown.
57 ** dev_type - Remote device's device type.
58 ** addr_type - LE device address type.
59 **
60 ** Returns TRUE if added OK, else FALSE
61 **
62 *******************************************************************************/
BTM_SecAddBleDevice(BD_ADDR bd_addr,BD_NAME bd_name,tBT_DEVICE_TYPE dev_type,tBLE_ADDR_TYPE addr_type)63 BOOLEAN BTM_SecAddBleDevice (BD_ADDR bd_addr, BD_NAME bd_name, tBT_DEVICE_TYPE dev_type,
64 tBLE_ADDR_TYPE addr_type)
65 {
66 #if BLE_INCLUDED == TRUE
67 tBTM_SEC_DEV_REC *p_dev_rec;
68 UINT8 i = 0;
69 tBTM_INQ_INFO *p_info=NULL;
70
71 BTM_TRACE_DEBUG1 ("BTM_SecAddBleDevice dev_type=0x%x", dev_type);
72 p_dev_rec = btm_find_dev (bd_addr);
73
74 if (!p_dev_rec)
75 {
76 BTM_TRACE_DEBUG0("Add a new device");
77
78 /* There is no device record, allocate one.
79 * If we can not find an empty spot for this one, let it fail. */
80 for (i = 0; i < BTM_SEC_MAX_DEVICE_RECORDS; i++)
81 {
82 if (!(btm_cb.sec_dev_rec[i].sec_flags & BTM_SEC_IN_USE))
83 {
84 BTM_TRACE_DEBUG1 ("allocate a new dev rec idx=0x%x ", i );
85 p_dev_rec = &btm_cb.sec_dev_rec[i];
86
87 /* Mark this record as in use and initialize */
88 memset (p_dev_rec, 0, sizeof (tBTM_SEC_DEV_REC));
89 p_dev_rec->sec_flags = BTM_SEC_IN_USE;
90 memcpy (p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN);
91 p_dev_rec->hci_handle = BTM_GetHCIConnHandle (bd_addr);
92
93 /* update conn params, use default value for background connection params */
94 p_dev_rec->conn_params.min_conn_int =
95 p_dev_rec->conn_params.max_conn_int =
96 p_dev_rec->conn_params.supervision_tout =
97 p_dev_rec->conn_params.slave_latency = BTM_BLE_CONN_PARAM_UNDEF;
98
99 BTM_TRACE_DEBUG1 ("hci_handl=0x%x ", p_dev_rec->hci_handle );
100 break;
101 }
102 }
103
104 if (!p_dev_rec)
105 return(FALSE);
106 }
107 else
108 {
109 BTM_TRACE_DEBUG0("Device already exist");
110 }
111
112 memset(p_dev_rec->sec_bd_name, 0, sizeof(tBTM_BD_NAME));
113
114 if (bd_name && bd_name[0])
115 {
116 p_dev_rec->sec_flags |= BTM_SEC_NAME_KNOWN;
117 BCM_STRNCPY_S ((char *)p_dev_rec->sec_bd_name, sizeof (p_dev_rec->sec_bd_name),
118 (char *)bd_name, BTM_MAX_REM_BD_NAME_LEN);
119 }
120 p_dev_rec->device_type = dev_type;
121 p_dev_rec->ble.ble_addr_type = addr_type;
122 BTM_TRACE_DEBUG3 ("p_dev_rec->device_type =0x%x addr_type=0x%x sec_flags=0x%x",
123 dev_type, addr_type, p_dev_rec->sec_flags);
124
125 /* sync up with the Inq Data base*/
126 p_info = BTM_InqDbRead(bd_addr);
127 if (p_info)
128 {
129 p_info->results.ble_addr_type = p_dev_rec->ble.ble_addr_type ;
130 p_info->results.device_type = p_dev_rec->device_type;
131 BTM_TRACE_DEBUG2 ("InqDb device_type =0x%x addr_type=0x%x",
132 p_info->results.device_type, p_info->results.ble_addr_type);
133 }
134
135 #endif
136 return(TRUE);
137 }
138
139 /*******************************************************************************
140 **
141 ** Function BTM_SecAddBleKey
142 **
143 ** Description Add/modify LE device information. This function will be
144 ** normally called during host startup to restore all required
145 ** information stored in the NVRAM.
146 **
147 ** Parameters: bd_addr - BD address of the peer
148 ** p_le_key - LE key values.
149 ** key_type - LE SMP key type.
150 *
151 ** Returns TRUE if added OK, else FALSE
152 **
153 *******************************************************************************/
BTM_SecAddBleKey(BD_ADDR bd_addr,tBTM_LE_KEY_VALUE * p_le_key,tBTM_LE_KEY_TYPE key_type)154 BOOLEAN BTM_SecAddBleKey (BD_ADDR bd_addr, tBTM_LE_KEY_VALUE *p_le_key, tBTM_LE_KEY_TYPE key_type)
155 {
156 #if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
157 tBTM_SEC_DEV_REC *p_dev_rec;
158 BTM_TRACE_DEBUG0 ("BTM_SecAddBleKey");
159 p_dev_rec = btm_find_dev (bd_addr);
160 if (!p_dev_rec || !p_le_key ||
161 (key_type != BTM_LE_KEY_PENC && key_type != BTM_LE_KEY_PID &&
162 key_type != BTM_LE_KEY_PCSRK && key_type != BTM_LE_KEY_LENC &&
163 key_type != BTM_LE_KEY_LCSRK))
164 {
165 BTM_TRACE_WARNING3 ("BTM_SecAddBleKey() Wrong Type, or No Device record \
166 for bdaddr: %08x%04x, Type: %d",
167 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3],
168 (bd_addr[4]<<8)+bd_addr[5], key_type);
169 return(FALSE);
170 }
171
172 BTM_TRACE_DEBUG3 ("BTM_SecAddLeKey() BDA: %08x%04x, Type: 0x%02x",
173 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3],
174 (bd_addr[4]<<8)+bd_addr[5], key_type);
175
176 if (key_type == BTM_LE_KEY_PENC || key_type == BTM_LE_KEY_PID ||
177 key_type == BTM_LE_KEY_PCSRK || key_type == BTM_LE_KEY_LENC ||
178 key_type == BTM_LE_KEY_LCSRK)
179 {
180 btm_sec_save_le_key (bd_addr, key_type, p_le_key, FALSE);
181 }
182
183 #endif
184
185 return(TRUE);
186 }
187
188 /*******************************************************************************
189 **
190 ** Function BTM_BleLoadLocalKeys
191 **
192 ** Description Local local identity key, encryption root or sign counter.
193 **
194 ** Parameters: key_type: type of key, can be BTM_BLE_KEY_TYPE_ID, BTM_BLE_KEY_TYPE_ER
195 ** or BTM_BLE_KEY_TYPE_COUNTER.
196 ** p_key: pointer to the key.
197 *
198 ** Returns non2.
199 **
200 *******************************************************************************/
BTM_BleLoadLocalKeys(UINT8 key_type,tBTM_BLE_LOCAL_KEYS * p_key)201 void BTM_BleLoadLocalKeys(UINT8 key_type, tBTM_BLE_LOCAL_KEYS *p_key)
202 {
203 #if BLE_INCLUDED == TRUE
204 tBTM_DEVCB *p_devcb = &btm_cb.devcb;
205 BTM_TRACE_DEBUG0 ("BTM_BleLoadLocalKeys");
206 if (p_key != NULL)
207 {
208 switch (key_type)
209 {
210 case BTM_BLE_KEY_TYPE_ID:
211 memcpy(&p_devcb->id_keys, &p_key->id_keys, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
212 break;
213
214 case BTM_BLE_KEY_TYPE_ER:
215 memcpy(p_devcb->er, p_key->er, sizeof(BT_OCTET16));
216 break;
217
218 default:
219 BTM_TRACE_ERROR1("unknow local key type: %d", key_type);
220 break;
221 }
222 }
223 #endif
224 }
225
226 /*******************************************************************************
227 **
228 ** Function BTM_GetDeviceEncRoot
229 **
230 ** Description This function is called to read the local device encryption
231 ** root.
232 **
233 ** Returns void
234 ** the local device ER is copied into er
235 **
236 *******************************************************************************/
BTM_GetDeviceEncRoot(BT_OCTET16 er)237 void BTM_GetDeviceEncRoot (BT_OCTET16 er)
238 {
239 BTM_TRACE_DEBUG0 ("BTM_GetDeviceEncRoot");
240
241 #if BLE_INCLUDED == TRUE
242 memcpy (er, btm_cb.devcb.er, BT_OCTET16_LEN);
243 #endif
244 }
245
246 /*******************************************************************************
247 **
248 ** Function BTM_GetDeviceIDRoot
249 **
250 ** Description This function is called to read the local device identity
251 ** root.
252 **
253 ** Returns void
254 ** the local device IR is copied into irk
255 **
256 *******************************************************************************/
BTM_GetDeviceIDRoot(BT_OCTET16 irk)257 void BTM_GetDeviceIDRoot (BT_OCTET16 irk)
258 {
259 BTM_TRACE_DEBUG0 ("BTM_GetDeviceIDRoot ");
260
261 #if BLE_INCLUDED == TRUE
262 memcpy (irk, btm_cb.devcb.id_keys.irk, BT_OCTET16_LEN);
263 #endif
264 }
265
266 /*******************************************************************************
267 **
268 ** Function BTM_GetDeviceDHK
269 **
270 ** Description This function is called to read the local device DHK.
271 **
272 ** Returns void
273 ** the local device DHK is copied into dhk
274 **
275 *******************************************************************************/
BTM_GetDeviceDHK(BT_OCTET16 dhk)276 void BTM_GetDeviceDHK (BT_OCTET16 dhk)
277 {
278 #if BLE_INCLUDED == TRUE
279 BTM_TRACE_DEBUG0 ("BTM_GetDeviceDHK");
280 memcpy (dhk, btm_cb.devcb.id_keys.dhk, BT_OCTET16_LEN);
281 #endif
282 }
283
284 /*******************************************************************************
285 **
286 ** Function BTM_ReadConnectionAddr
287 **
288 ** Description This function is called to get the local device address information
289 ** .
290 **
291 ** Returns void
292 **
293 *******************************************************************************/
BTM_ReadConnectionAddr(BD_ADDR remote_bda,BD_ADDR local_conn_addr,tBLE_ADDR_TYPE * p_addr_type)294 void BTM_ReadConnectionAddr (BD_ADDR remote_bda, BD_ADDR local_conn_addr, tBLE_ADDR_TYPE *p_addr_type)
295 {
296 #if BLE_INCLUDED == TRUE
297 tACL_CONN *p_acl = btm_bda_to_acl(remote_bda);
298
299 if (p_acl == NULL)
300 {
301 BTM_TRACE_ERROR0("No connection exist!");
302 return;
303 }
304 memcpy(local_conn_addr, p_acl->conn_addr, BD_ADDR_LEN);
305 * p_addr_type = p_acl->conn_addr_type;
306
307 BTM_TRACE_DEBUG2 ("BTM_ReadConnectionAddr address type: %d addr: 0x%02x",
308 p_acl->conn_addr_type, p_acl->conn_addr[0]);
309
310 #endif
311 }
312 /*******************************************************************************
313 **
314 ** Function BTM_IsBleConnection
315 **
316 ** Description This function is called to check if the connection handle
317 ** for an LE link
318 **
319 ** Returns TRUE if connection is LE link, otherwise FALSE.
320 **
321 *******************************************************************************/
BTM_IsBleConnection(UINT16 conn_handle)322 BOOLEAN BTM_IsBleConnection (UINT16 conn_handle)
323 {
324 #if (BLE_INCLUDED == TRUE)
325 UINT8 xx;
326 tACL_CONN *p;
327
328 BTM_TRACE_API1 ("BTM_IsBleConnection: conn_handle: %d", conn_handle);
329
330 xx = btm_handle_to_acl_index (conn_handle);
331 if (xx >= MAX_L2CAP_LINKS)
332 return FALSE;
333
334 p = &btm_cb.acl_db[xx];
335
336 return(p->is_le_link);
337 #else
338 return FALSE;
339 #endif
340 }
341
342 /*******************************************************************************
343 **
344 ** Function BTM_ReadRemoteConnectionAddr
345 **
346 ** Description This function is read the remote device address currently used
347 ** .
348 **
349 ** Returns void
350 **
351 *******************************************************************************/
BTM_ReadRemoteConnectionAddr(BD_ADDR pseudo_addr,BD_ADDR conn_addr,tBLE_ADDR_TYPE * p_addr_type)352 BOOLEAN BTM_ReadRemoteConnectionAddr(BD_ADDR pseudo_addr, BD_ADDR conn_addr, tBLE_ADDR_TYPE *p_addr_type)
353 {
354 BOOLEAN st = TRUE;
355 #if BLE_INCLUDED == TRUE
356 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(pseudo_addr);
357
358 memcpy(conn_addr, pseudo_addr, BD_ADDR_LEN);
359 if (p_dev_rec != NULL)
360 {
361 *p_addr_type = p_dev_rec->ble.ble_addr_type;
362 }
363 #endif
364 return st;
365 }
366 /*******************************************************************************
367 **
368 ** Function BTM_SecurityGrant
369 **
370 ** Description This function is called to grant security process.
371 **
372 ** Parameters bd_addr - peer device bd address.
373 ** res - result of the operation BTM_SUCCESS if success.
374 ** Otherwise, BTM_REPEATED_ATTEMPTS is too many attempts.
375 **
376 ** Returns None
377 **
378 *******************************************************************************/
BTM_SecurityGrant(BD_ADDR bd_addr,UINT8 res)379 void BTM_SecurityGrant(BD_ADDR bd_addr, UINT8 res)
380 {
381 #if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
382 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_REPEATED_ATTEMPTS;
383 BTM_TRACE_DEBUG0 ("BTM_SecurityGrant");
384 SMP_SecurityGrant(bd_addr, res_smp);
385 #endif
386 }
387
388 /*******************************************************************************
389 **
390 ** Function BTM_BlePasskeyReply
391 **
392 ** Description This function is called after Security Manager submitted
393 ** passkey request to the application.
394 **
395 ** Parameters: bd_addr - Address of the device for which passkey was requested
396 ** res - result of the operation BTM_SUCCESS if success
397 ** key_len - length in bytes of the Passkey
398 ** p_passkey - pointer to array with the passkey
399 ** trusted_mask - bitwise OR of trusted services (array of UINT32)
400 **
401 *******************************************************************************/
BTM_BlePasskeyReply(BD_ADDR bd_addr,UINT8 res,UINT32 passkey)402 void BTM_BlePasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey)
403 {
404 #if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
405 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
406 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_PASSKEY_ENTRY_FAIL;
407
408 if (p_dev_rec == NULL)
409 {
410 BTM_TRACE_ERROR0("Passkey reply to Unknown device");
411 return;
412 }
413
414 p_dev_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED;
415 BTM_TRACE_DEBUG0 ("BTM_BlePasskeyReply");
416 SMP_PasskeyReply(bd_addr, res_smp, passkey);
417 #endif
418 }
419
420 /*******************************************************************************
421 **
422 ** Function BTM_BleOobDataReply
423 **
424 ** Description This function is called to provide the OOB data for
425 ** SMP in response to BTM_LE_OOB_REQ_EVT
426 **
427 ** Parameters: bd_addr - Address of the peer device
428 ** res - result of the operation SMP_SUCCESS if success
429 ** p_data - simple pairing Randomizer C.
430 **
431 *******************************************************************************/
BTM_BleOobDataReply(BD_ADDR bd_addr,UINT8 res,UINT8 len,UINT8 * p_data)432 void BTM_BleOobDataReply(BD_ADDR bd_addr, UINT8 res, UINT8 len, UINT8 *p_data)
433 {
434 #if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
435 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_OOB_FAIL;
436 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
437
438 BTM_TRACE_DEBUG0 ("BTM_BleOobDataReply");
439
440 if (p_dev_rec == NULL)
441 {
442 BTM_TRACE_ERROR0("BTM_BleOobDataReply() to Unknown device");
443 return;
444 }
445
446 p_dev_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED;
447 SMP_OobDataReply(bd_addr, res_smp, len, p_data);
448 #endif
449 }
450
451 /******************************************************************************
452 **
453 ** Function BTM_BleSetConnScanParams
454 **
455 ** Description Set scan parameter used in BLE connection request
456 **
457 ** Parameters: scan_interval: scan interval
458 ** scan_window: scan window
459 **
460 ** Returns void
461 **
462 *******************************************************************************/
BTM_BleSetConnScanParams(UINT16 scan_interval,UINT16 scan_window)463 void BTM_BleSetConnScanParams (UINT16 scan_interval, UINT16 scan_window)
464 {
465 #if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
466 tBTM_BLE_CB *p_ble_cb = &btm_cb.ble_ctr_cb;
467 BOOLEAN new_param = FALSE;
468
469 if (BTM_BLE_VALID_PRAM(scan_interval, BTM_BLE_SCAN_INT_MIN, BTM_BLE_SCAN_INT_MAX) &&
470 BTM_BLE_VALID_PRAM(scan_window, BTM_BLE_SCAN_WIN_MIN, BTM_BLE_SCAN_WIN_MAX))
471 {
472 btu_stop_timer(&p_ble_cb->scan_param_idle_timer);
473
474 if (p_ble_cb->scan_int != scan_interval)
475 {
476 p_ble_cb->scan_int = scan_interval;
477 new_param = TRUE;
478 }
479
480 if (p_ble_cb->scan_win != scan_window)
481 {
482 p_ble_cb->scan_win = scan_window;
483 new_param = TRUE;
484 }
485
486 if (new_param && p_ble_cb->conn_state == BLE_BG_CONN)
487 {
488 btm_ble_suspend_bg_conn();
489 }
490 }
491 else
492 {
493 BTM_TRACE_ERROR0("Illegal Connection Scan Parameters");
494 }
495 #endif
496 }
497
498 /********************************************************
499 **
500 ** Function BTM_BleSetPrefConnParams
501 **
502 ** Description Set a peripheral's preferred connection parameters
503 **
504 ** Parameters: bd_addr - BD address of the peripheral
505 ** scan_interval: scan interval
506 ** scan_window: scan window
507 ** min_conn_int - minimum preferred connection interval
508 ** max_conn_int - maximum preferred connection interval
509 ** slave_latency - preferred slave latency
510 ** supervision_tout - preferred supervision timeout
511 **
512 ** Returns void
513 **
514 *******************************************************************************/
BTM_BleSetPrefConnParams(BD_ADDR bd_addr,UINT16 min_conn_int,UINT16 max_conn_int,UINT16 slave_latency,UINT16 supervision_tout)515 void BTM_BleSetPrefConnParams (BD_ADDR bd_addr,
516 UINT16 min_conn_int, UINT16 max_conn_int,
517 UINT16 slave_latency, UINT16 supervision_tout)
518 {
519 #if BLE_INCLUDED == TRUE
520 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
521
522 BTM_TRACE_API4 ("BTM_BleSetPrefConnParams min: %u max: %u latency: %u \
523 tout: %u",
524 min_conn_int, max_conn_int, slave_latency, supervision_tout);
525
526 if (BTM_BLE_VALID_PRAM(min_conn_int, BTM_BLE_CONN_INT_MIN, BTM_BLE_CONN_INT_MAX) &&
527 BTM_BLE_VALID_PRAM(max_conn_int, BTM_BLE_CONN_INT_MIN, BTM_BLE_CONN_INT_MAX) &&
528 BTM_BLE_VALID_PRAM(supervision_tout, BTM_BLE_CONN_SUP_TOUT_MIN, BTM_BLE_CONN_SUP_TOUT_MAX) &&
529 (slave_latency <= BTM_BLE_CONN_LATENCY_MAX || slave_latency == BTM_BLE_CONN_PARAM_UNDEF))
530 {
531 if (p_dev_rec)
532 {
533 /* expect conn int and stout and slave latency to be updated all together */
534 if (min_conn_int != BTM_BLE_CONN_PARAM_UNDEF || max_conn_int != BTM_BLE_CONN_PARAM_UNDEF)
535 {
536 if (min_conn_int != BTM_BLE_CONN_PARAM_UNDEF)
537 p_dev_rec->conn_params.min_conn_int = min_conn_int;
538 else
539 p_dev_rec->conn_params.min_conn_int = max_conn_int;
540
541 if (max_conn_int != BTM_BLE_CONN_PARAM_UNDEF)
542 p_dev_rec->conn_params.max_conn_int = max_conn_int;
543 else
544 p_dev_rec->conn_params.max_conn_int = min_conn_int;
545
546 if (slave_latency != BTM_BLE_CONN_PARAM_UNDEF)
547 p_dev_rec->conn_params.slave_latency = slave_latency;
548 else
549 p_dev_rec->conn_params.slave_latency = BTM_BLE_CONN_SLAVE_LATENCY_DEF;
550
551 if (supervision_tout != BTM_BLE_CONN_PARAM_UNDEF)
552 p_dev_rec->conn_params.supervision_tout = supervision_tout;
553 else
554 p_dev_rec->conn_params.slave_latency = BTM_BLE_CONN_TIMEOUT_DEF;
555
556 }
557
558 }
559 else
560 {
561 BTM_TRACE_ERROR0("Unknown Device, setting rejected");
562 }
563 }
564 else
565 {
566 BTM_TRACE_ERROR0("Illegal Connection Parameters");
567 }
568 #endif /* BLE_INCLUDED */
569 }
570
571 /*******************************************************************************
572 **
573 ** Function BTM_ReadDevInfo
574 **
575 ** Description This function is called to read the device/address type
576 ** of BD address.
577 **
578 ** Parameter remote_bda: remote device address
579 ** p_dev_type: output parameter to read the device type.
580 ** p_addr_type: output parameter to read the address type.
581 **
582 *******************************************************************************/
BTM_ReadDevInfo(BD_ADDR remote_bda,tBT_DEVICE_TYPE * p_dev_type,tBLE_ADDR_TYPE * p_addr_type)583 void BTM_ReadDevInfo (BD_ADDR remote_bda, tBT_DEVICE_TYPE *p_dev_type, tBLE_ADDR_TYPE *p_addr_type)
584 {
585 #if BLE_INCLUDED == TRUE
586 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (remote_bda);
587 tBTM_INQ_INFO *p_inq_info = BTM_InqDbRead(remote_bda);
588
589 *p_dev_type = BT_DEVICE_TYPE_BREDR;
590 *p_addr_type = BLE_ADDR_PUBLIC;
591
592 if (!p_dev_rec)
593 {
594 /* Check with the BT manager if details about remote device are known */
595 if (p_inq_info != NULL)
596 {
597 *p_dev_type = p_inq_info->results.device_type ;
598 *p_addr_type = p_inq_info->results.ble_addr_type;
599 } else {
600 /* unknown device, assume BR/EDR */
601 BTM_TRACE_DEBUG0 ("btm_find_dev_type - unknown device, BR/EDR assumed");
602 }
603 }
604 else /* there is a security device record exisitng */
605 {
606 /* new inquiry result, overwrite device type in security device record */
607 if (p_inq_info)
608 {
609 p_dev_rec->device_type = p_inq_info->results.device_type;
610 p_dev_rec->ble.ble_addr_type = p_inq_info->results.ble_addr_type;
611 }
612 *p_dev_type = p_dev_rec->device_type;
613 *p_addr_type = p_dev_rec->ble.ble_addr_type;
614
615 }
616
617 BTM_TRACE_DEBUG2 ("btm_find_dev_type - device_type = %d addr_type = %d", *p_dev_type , *p_addr_type);
618 #endif
619
620 return;
621 }
622
623 #if BLE_INCLUDED == TRUE
624
625 /*******************************************************************************
626 **
627 ** Function BTM_BleReceiverTest
628 **
629 ** Description This function is called to start the LE Receiver test
630 **
631 ** Parameter rx_freq - Frequency Range
632 ** p_cmd_cmpl_cback - Command Complete callback
633 **
634 *******************************************************************************/
BTM_BleReceiverTest(UINT8 rx_freq,tBTM_CMPL_CB * p_cmd_cmpl_cback)635 void BTM_BleReceiverTest(UINT8 rx_freq, tBTM_CMPL_CB *p_cmd_cmpl_cback)
636 {
637 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback;
638
639 if (btsnd_hcic_ble_receiver_test(rx_freq) == FALSE)
640 {
641 BTM_TRACE_ERROR1("%s: Unable to Trigger LE receiver test", __FUNCTION__);
642 }
643 }
644
645 /*******************************************************************************
646 **
647 ** Function BTM_BleTransmitterTest
648 **
649 ** Description This function is called to start the LE Transmitter test
650 **
651 ** Parameter tx_freq - Frequency Range
652 ** test_data_len - Length in bytes of payload data in each packet
653 ** packet_payload - Pattern to use in the payload
654 ** p_cmd_cmpl_cback - Command Complete callback
655 **
656 *******************************************************************************/
BTM_BleTransmitterTest(UINT8 tx_freq,UINT8 test_data_len,UINT8 packet_payload,tBTM_CMPL_CB * p_cmd_cmpl_cback)657 void BTM_BleTransmitterTest(UINT8 tx_freq, UINT8 test_data_len,
658 UINT8 packet_payload, tBTM_CMPL_CB *p_cmd_cmpl_cback)
659 {
660 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback;
661 if (btsnd_hcic_ble_transmitter_test(tx_freq, test_data_len, packet_payload) == FALSE)
662 {
663 BTM_TRACE_ERROR1("%s: Unable to Trigger LE transmitter test", __FUNCTION__);
664 }
665 }
666
667 /*******************************************************************************
668 **
669 ** Function BTM_BleTestEnd
670 **
671 ** Description This function is called to stop the in-progress TX or RX test
672 **
673 ** Parameter p_cmd_cmpl_cback - Command complete callback
674 **
675 *******************************************************************************/
BTM_BleTestEnd(tBTM_CMPL_CB * p_cmd_cmpl_cback)676 void BTM_BleTestEnd(tBTM_CMPL_CB *p_cmd_cmpl_cback)
677 {
678 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback;
679
680 if (btsnd_hcic_ble_test_end() == FALSE)
681 {
682 BTM_TRACE_ERROR1("%s: Unable to End the LE TX/RX test", __FUNCTION__);
683 }
684 }
685
686 #endif
687
688 /*******************************************************************************
689 ** Internal Functions
690 *******************************************************************************/
691 #if BLE_INCLUDED == TRUE
692
btm_ble_test_command_complete(UINT8 * p)693 void btm_ble_test_command_complete(UINT8 *p)
694 {
695 tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_le_test_cmd_cmpl_cb;
696 UINT8 status;
697
698 btm_cb.devcb.p_le_test_cmd_cmpl_cb = NULL;
699
700 if (p_cb)
701 {
702 (*p_cb)(p);
703 }
704 }
705
706 /*******************************************************************************
707 **
708 ** Function BTM_IsBleLink
709 **
710 ** Description This function is to check the link type is BLE or BR/EDR.
711 **
712 ** Returns TRUE if BLE link; FALSE if BR/EDR.
713 **
714 *******************************************************************************/
BTM_IsBleLink(BD_ADDR bd_addr)715 BOOLEAN BTM_IsBleLink (BD_ADDR bd_addr)
716 {
717 #if (BLE_INCLUDED == TRUE)
718 tACL_CONN *p;
719 BTM_TRACE_DEBUG0 ("BTM_IsBleLink");
720 if ((p = btm_bda_to_acl(bd_addr)) != NULL)
721 return p->is_le_link;
722 else
723 #endif
724 return FALSE;
725 }
726 /*******************************************************************************
727 **
728 ** Function BTM_UseLeLink
729 **
730 ** Description This function is to select the underneath physical link to use.
731 **
732 ** Returns TRUE to use LE, FALSE use BR/EDR.
733 **
734 *******************************************************************************/
BTM_UseLeLink(BD_ADDR bd_addr)735 BOOLEAN BTM_UseLeLink (BD_ADDR bd_addr)
736 {
737 tACL_CONN *p;
738 tBT_DEVICE_TYPE dev_type;
739 tBLE_ADDR_TYPE addr_type;
740 BOOLEAN use_le = FALSE;
741
742 if ((p = btm_bda_to_acl(bd_addr)) != NULL)
743 {
744 #if (BLE_INCLUDED == TRUE)
745 use_le = (p->is_le_link);
746 #endif
747 }
748 else
749 {
750 BTM_ReadDevInfo(bd_addr, &dev_type, &addr_type);
751 use_le = (dev_type == BT_DEVICE_TYPE_BLE);
752 }
753 return use_le;
754 }
755 /*******************************************************************************
756 **
757 ** Function btm_ble_rand_enc_complete
758 **
759 ** Description This function is the callback functions for HCI_Rand command
760 ** and HCI_Encrypt command is completed.
761 ** This message is received from the HCI.
762 **
763 ** Returns void
764 **
765 *******************************************************************************/
btm_ble_rand_enc_complete(UINT8 * p,UINT16 op_code,tBTM_RAND_ENC_CB * p_enc_cplt_cback)766 void btm_ble_rand_enc_complete (UINT8 *p, UINT16 op_code, tBTM_RAND_ENC_CB *p_enc_cplt_cback)
767 {
768 tBTM_RAND_ENC params;
769 UINT8 *p_dest = params.param_buf;
770
771 BTM_TRACE_DEBUG0 ("btm_ble_rand_enc_complete");
772
773 memset(¶ms, 0, sizeof(tBTM_RAND_ENC));
774
775 /* If there was a callback address for vcs complete, call it */
776 if (p_enc_cplt_cback && p)
777 {
778 /* Pass paramters to the callback function */
779 STREAM_TO_UINT8(params.status, p); /* command status */
780
781 if (params.status == HCI_SUCCESS)
782 {
783 params.opcode = op_code;
784
785 if (op_code == HCI_BLE_RAND)
786 params.param_len = BT_OCTET8_LEN;
787 else
788 params.param_len = BT_OCTET16_LEN;
789
790 memcpy(p_dest, p, params.param_len); /* Fetch return info from HCI event message */
791 }
792 if (p_enc_cplt_cback)
793 (*p_enc_cplt_cback)(¶ms); /* Call the Encryption complete callback function */
794 }
795 }
796
797
798 #if (SMP_INCLUDED == TRUE)
799
800 /*******************************************************************************
801 **
802 ** Function btm_ble_get_enc_key_type
803 **
804 ** Description This function is to increment local sign counter
805 ** Returns None
806 **
807 *******************************************************************************/
btm_ble_increment_sign_ctr(BD_ADDR bd_addr,BOOLEAN is_local)808 void btm_ble_increment_sign_ctr(BD_ADDR bd_addr, BOOLEAN is_local )
809 {
810 tBTM_SEC_DEV_REC *p_dev_rec;
811
812 BTM_TRACE_DEBUG1 ("btm_ble_increment_sign_ctr is_local=%d", is_local);
813
814 if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL)
815 {
816 if (is_local)
817 p_dev_rec->ble.keys.local_counter++;
818 else
819 p_dev_rec->ble.keys.counter++;
820 BTM_TRACE_DEBUG3 ("is_local=%d local sign counter=%d peer sign counter=%d",
821 is_local,
822 p_dev_rec->ble.keys.local_counter,
823 p_dev_rec->ble.keys.counter);
824 }
825 }
826
827 /*******************************************************************************
828 **
829 ** Function btm_ble_get_enc_key_type
830 **
831 ** Description This function is to get the BLE key type that has been exchanged
832 ** in betweem local device and peer device.
833 **
834 ** Returns p_key_type: output parameter to carry the key type value.
835 **
836 *******************************************************************************/
btm_ble_get_enc_key_type(BD_ADDR bd_addr,UINT8 * p_key_types)837 BOOLEAN btm_ble_get_enc_key_type(BD_ADDR bd_addr, UINT8 *p_key_types)
838 {
839 tBTM_SEC_DEV_REC *p_dev_rec;
840
841 BTM_TRACE_DEBUG0 ("btm_ble_get_enc_key_type");
842
843 if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL)
844 {
845 *p_key_types = p_dev_rec->ble.key_type;
846 return TRUE;
847 }
848 return FALSE;
849 }
850
851 /*******************************************************************************
852 **
853 ** Function btm_get_local_div
854 **
855 ** Description This function is called to read the local DIV
856 **
857 ** Returns TURE - if a valid DIV is availavle
858 *******************************************************************************/
btm_get_local_div(BD_ADDR bd_addr,UINT16 * p_div)859 BOOLEAN btm_get_local_div (BD_ADDR bd_addr, UINT16 *p_div)
860 {
861 tBTM_SEC_DEV_REC *p_dev_rec;
862 BOOLEAN status = FALSE;
863 BTM_TRACE_DEBUG0 ("btm_get_local_div");
864
865 BTM_TRACE_DEBUG6("bd_addr:%02x-%02x-%02x-%02x-%02x-%02x",
866 bd_addr[0],bd_addr[1],
867 bd_addr[2],bd_addr[3],
868 bd_addr[4],bd_addr[5]);
869
870 p_dev_rec = btm_find_dev (bd_addr);
871
872 if (p_dev_rec && p_dev_rec->ble.keys.div)
873 {
874 status = TRUE;
875 *p_div = p_dev_rec->ble.keys.div;
876 }
877 BTM_TRACE_DEBUG2 ("btm_get_local_div status=%d (1-OK) DIV=0x%x", status, *p_div);
878 return status;
879 }
880
881 /*******************************************************************************
882 **
883 ** Function btm_sec_save_le_key
884 **
885 ** Description This function is called by the SMP to update
886 ** an BLE key. SMP is internal, whereas all the keys shall
887 ** be sent to the application. The function is also called
888 ** when application passes ble key stored in NVRAM to the btm_sec.
889 ** pass_to_application parameter is false in this case.
890 **
891 ** Returns void
892 **
893 *******************************************************************************/
btm_sec_save_le_key(BD_ADDR bd_addr,tBTM_LE_KEY_TYPE key_type,tBTM_LE_KEY_VALUE * p_keys,BOOLEAN pass_to_application)894 void btm_sec_save_le_key(BD_ADDR bd_addr, tBTM_LE_KEY_TYPE key_type, tBTM_LE_KEY_VALUE *p_keys,
895 BOOLEAN pass_to_application)
896 {
897 tBTM_SEC_DEV_REC *p_rec;
898 tBTM_LE_EVT_DATA cb_data;
899 UINT8 i;
900
901 BTM_TRACE_DEBUG2 ("btm_sec_save_le_key key_type=0x%x pass_to_application=%d",key_type, pass_to_application);
902 /* Store the updated key in the device database */
903
904 BTM_TRACE_DEBUG6("bd_addr:%02x-%02x-%02x-%02x-%02x-%02x",
905 bd_addr[0],bd_addr[1],
906 bd_addr[2],bd_addr[3],
907 bd_addr[4],bd_addr[5]);
908
909 if ((p_rec = btm_find_dev (bd_addr)) != NULL && p_keys)
910 {
911 switch (key_type)
912 {
913 case BTM_LE_KEY_PENC:
914 memcpy(p_rec->ble.keys.ltk, p_keys->penc_key.ltk, BT_OCTET16_LEN);
915 memcpy(p_rec->ble.keys.rand, p_keys->penc_key.rand, BT_OCTET8_LEN);
916 p_rec->ble.keys.sec_level = p_keys->penc_key.sec_level;
917 p_rec->ble.keys.ediv = p_keys->penc_key.ediv;
918 p_rec->ble.keys.key_size = p_keys->penc_key.key_size;
919 p_rec->ble.key_type |= BTM_LE_KEY_PENC;
920 p_rec->sec_flags |= BTM_SEC_LINK_KEY_KNOWN;
921 if (p_keys->penc_key.sec_level == SMP_SEC_AUTHENTICATED)
922 p_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED;
923 else
924 p_rec->sec_flags &= ~BTM_SEC_LINK_KEY_AUTHED;
925 BTM_TRACE_DEBUG3("BTM_LE_KEY_PENC key_type=0x%x sec_flags=0x%x sec_leve=0x%x",
926 p_rec->ble.key_type,
927 p_rec->sec_flags,
928 p_rec->ble.keys.sec_level);
929 break;
930
931 case BTM_LE_KEY_PID:
932 for (i=0; i<BT_OCTET16_LEN; i++)
933 {
934 p_rec->ble.keys.irk[i] = p_keys->pid_key.irk[i];
935 }
936
937 //memcpy( p_rec->ble.keys.irk, p_keys->pid_key, BT_OCTET16_LEN); todo will crash the system
938 memcpy(p_rec->ble.static_addr, p_keys->pid_key.static_addr, BD_ADDR_LEN);
939 p_rec->ble.static_addr_type = p_keys->pid_key.addr_type;
940 p_rec->ble.key_type |= BTM_LE_KEY_PID;
941 BTM_TRACE_DEBUG1("BTM_LE_KEY_PID key_type=0x%x save peer IRK", p_rec->ble.key_type);
942 break;
943
944 case BTM_LE_KEY_PCSRK:
945 memcpy(p_rec->ble.keys.csrk, p_keys->pcsrk_key.csrk, BT_OCTET16_LEN);
946 p_rec->ble.keys.srk_sec_level = p_keys->pcsrk_key.sec_level;
947 p_rec->ble.keys.counter = p_keys->pcsrk_key.counter;
948 p_rec->ble.key_type |= BTM_LE_KEY_PCSRK;
949 p_rec->sec_flags |= BTM_SEC_LINK_KEY_KNOWN;
950 if ( p_keys->pcsrk_key.sec_level== SMP_SEC_AUTHENTICATED)
951 p_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED;
952 else
953 p_rec->sec_flags &= ~BTM_SEC_LINK_KEY_AUTHED;
954
955 BTM_TRACE_DEBUG4("BTM_LE_KEY_PCSRK key_type=0x%x sec_flags=0x%x sec_level=0x%x peer_counter=%d",
956 p_rec->ble.key_type,
957 p_rec->sec_flags,
958 p_rec->ble.keys.srk_sec_level,
959 p_rec->ble.keys.counter );
960 break;
961
962 case BTM_LE_KEY_LENC:
963 p_rec->ble.keys.div = p_keys->lenc_key.div; /* update DIV */
964 p_rec->ble.keys.sec_level = p_keys->lenc_key.sec_level;
965 p_rec->ble.keys.key_size = p_keys->lenc_key.key_size;
966 p_rec->ble.key_type |= BTM_LE_KEY_LENC;
967
968 BTM_TRACE_DEBUG4("BTM_LE_KEY_LENC key_type=0x%x DIV=0x%x key_size=0x%x sec_level=0x%x",
969 p_rec->ble.key_type,
970 p_rec->ble.keys.div,
971 p_rec->ble.keys.key_size,
972 p_rec->ble.keys.sec_level );
973 break;
974
975 case BTM_LE_KEY_LCSRK:/* local CSRK has been delivered */
976 p_rec->ble.keys.div = p_keys->lcsrk_key.div; /* update DIV */
977 p_rec->ble.keys.local_csrk_sec_level = p_keys->lcsrk_key.sec_level;
978 p_rec->ble.keys.local_counter = p_keys->lcsrk_key.counter;
979 p_rec->ble.key_type |= BTM_LE_KEY_LCSRK;
980 BTM_TRACE_DEBUG4("BTM_LE_KEY_LCSRK key_type=0x%x DIV=0x%x scrk_sec_level=0x%x local_counter=%d",
981 p_rec->ble.key_type,
982 p_rec->ble.keys.div,
983 p_rec->ble.keys.local_csrk_sec_level,
984 p_rec->ble.keys.local_counter );
985 break;
986
987 default:
988 BTM_TRACE_WARNING1("btm_sec_save_le_key (Bad key_type 0x%02x)", key_type);
989 return;
990 }
991
992 BTM_TRACE_DEBUG3 ("BLE key type 0x%02x updated for BDA: %08x%04x (btm_sec_save_le_key)", key_type,
993 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3],
994 (bd_addr[4]<<8)+bd_addr[5]);
995
996 /* Notify the application that one of the BLE keys has been updated
997 If link key is in progress, it will get sent later.*/
998 if (pass_to_application && btm_cb.api.p_le_callback)
999 {
1000 cb_data.key.p_key_value = p_keys;
1001 cb_data.key.key_type = key_type;
1002 (*btm_cb.api.p_le_callback) (BTM_LE_KEY_EVT, bd_addr, &cb_data);
1003 }
1004 return;
1005 }
1006
1007 BTM_TRACE_WARNING3 ("BLE key type 0x%02x called for Unknown BDA or type: %08x%04x !! (btm_sec_save_le_key)", key_type,
1008 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3],
1009 (bd_addr[4]<<8)+bd_addr[5]);
1010
1011 if (p_rec)
1012 {
1013 BTM_TRACE_DEBUG1 ("sec_flags=0x%x", p_rec->sec_flags);
1014 }
1015 }
1016
1017 /*******************************************************************************
1018 **
1019 ** Function btm_ble_update_sec_key_size
1020 **
1021 ** Description update the current lin kencryption key size
1022 **
1023 ** Returns void
1024 **
1025 *******************************************************************************/
btm_ble_update_sec_key_size(BD_ADDR bd_addr,UINT8 enc_key_size)1026 void btm_ble_update_sec_key_size(BD_ADDR bd_addr, UINT8 enc_key_size)
1027 {
1028 tBTM_SEC_DEV_REC *p_rec;
1029
1030 BTM_TRACE_DEBUG1("btm_ble_update_sec_key_size enc_key_size = %d", enc_key_size);
1031
1032 if ((p_rec = btm_find_dev (bd_addr)) != NULL )
1033 {
1034 p_rec->enc_key_size = enc_key_size;
1035 }
1036 }
1037
1038 /*******************************************************************************
1039 **
1040 ** Function btm_ble_read_sec_key_size
1041 **
1042 ** Description update the current lin kencryption key size
1043 **
1044 ** Returns void
1045 **
1046 *******************************************************************************/
btm_ble_read_sec_key_size(BD_ADDR bd_addr)1047 UINT8 btm_ble_read_sec_key_size(BD_ADDR bd_addr)
1048 {
1049 tBTM_SEC_DEV_REC *p_rec;
1050
1051 if ((p_rec = btm_find_dev (bd_addr)) != NULL )
1052 {
1053 return p_rec->enc_key_size;
1054 }
1055 else
1056 return 0;
1057 }
1058
1059 /*******************************************************************************
1060 **
1061 ** Function btm_ble_link_sec_check
1062 **
1063 ** Description Check BLE link security level match.
1064 **
1065 ** Returns TRUE: check is OK and the *p_sec_req_act contain the action
1066 **
1067 *******************************************************************************/
btm_ble_link_sec_check(BD_ADDR bd_addr,tBTM_LE_AUTH_REQ auth_req,tBTM_BLE_SEC_REQ_ACT * p_sec_req_act)1068 void btm_ble_link_sec_check(BD_ADDR bd_addr, tBTM_LE_AUTH_REQ auth_req, tBTM_BLE_SEC_REQ_ACT *p_sec_req_act)
1069 {
1070 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
1071 UINT8 req_sec_level = BTM_LE_SEC_NONE, cur_sec_level = BTM_LE_SEC_NONE;
1072
1073 BTM_TRACE_DEBUG1 ("btm_ble_link_sec_check auth_req =0x%x", auth_req);
1074
1075 if (p_dev_rec == NULL)
1076 {
1077 BTM_TRACE_ERROR0 ("btm_ble_link_sec_check received for unknown device");
1078 return;
1079 }
1080
1081 if (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING ||
1082 p_dev_rec->sec_state == BTM_SEC_STATE_AUTHENTICATING)
1083 {
1084 /* race condition: discard the security request while master is encrypting the link */
1085 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_DISCARD;
1086 }
1087 else
1088 {
1089 req_sec_level = BTM_LE_SEC_UNAUTHENTICATE;
1090 if ((auth_req == (BTM_LE_AUTH_REQ_BOND|BTM_LE_AUTH_REQ_MITM)) ||
1091 (auth_req == (BTM_LE_AUTH_REQ_MITM)) )
1092 {
1093 req_sec_level = BTM_LE_SEC_AUTHENTICATED;
1094 }
1095
1096 BTM_TRACE_DEBUG1 ("dev_rec sec_flags=0x%x", p_dev_rec->sec_flags);
1097
1098 /* currently encrpted */
1099 if (p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED)
1100 {
1101 if (p_dev_rec->sec_flags & BTM_SEC_LINK_KEY_AUTHED)
1102 cur_sec_level = BTM_LE_SEC_AUTHENTICATED;
1103 else
1104 cur_sec_level = BTM_LE_SEC_UNAUTHENTICATE;
1105 }
1106 else /* unencrypted link */
1107 {
1108 /* if bonded, get the key security level */
1109 if (p_dev_rec->ble.key_type & BTM_LE_KEY_PENC)
1110 cur_sec_level = p_dev_rec->ble.keys.sec_level;
1111 else
1112 cur_sec_level = BTM_LE_SEC_NONE;
1113 }
1114
1115 if (cur_sec_level >= req_sec_level)
1116 {
1117 if (cur_sec_level == BTM_LE_SEC_NONE)
1118 {
1119 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_NONE;
1120 }
1121 else
1122 {
1123 /* To avoid re-encryption on an encrypted link for an equal condition encryption */
1124 /* if link has been encrypted, do nothing, go straight to furhter action
1125 if (p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED)
1126 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_DISCARD;
1127 else
1128 */
1129 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_ENCRYPT;
1130 }
1131 }
1132 else
1133 {
1134 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_PAIR; /* start the pariring process to upgrade the keys*/
1135 }
1136 }
1137
1138 BTM_TRACE_DEBUG3("cur_sec_level=%d req_sec_level=%d sec_req_act=%d",
1139 cur_sec_level,
1140 req_sec_level,
1141 *p_sec_req_act);
1142
1143 }
1144
1145 /*******************************************************************************
1146 **
1147 ** Function btm_ble_set_encryption
1148 **
1149 ** Description This function is called to ensure that LE connection is
1150 ** encrypted. Should be called only on an open connection.
1151 ** Typically only needed for connections that first want to
1152 ** bring up unencrypted links, then later encrypt them.
1153 **
1154 ** Returns void
1155 ** the local device ER is copied into er
1156 **
1157 *******************************************************************************/
btm_ble_set_encryption(BD_ADDR bd_addr,void * p_ref_data,UINT8 link_role)1158 tBTM_STATUS btm_ble_set_encryption (BD_ADDR bd_addr, void *p_ref_data, UINT8 link_role)
1159 {
1160 tBTM_STATUS cmd = BTM_NO_RESOURCES;
1161 tBTM_BLE_SEC_ACT sec_act = *(tBTM_BLE_SEC_ACT *)p_ref_data ;
1162 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr);
1163
1164 if (p_rec == NULL)
1165 {
1166 BTM_TRACE_WARNING1 ("btm_ble_set_encryption (NULL device record!! sec_act=0x%x", sec_act);
1167 return(BTM_WRONG_MODE);
1168 }
1169
1170 BTM_TRACE_DEBUG2 ("btm_ble_set_encryption sec_act=0x%x role_master=%d", sec_act, p_rec->role_master);
1171
1172 if (sec_act == BTM_BLE_SEC_ENCRYPT_MITM)
1173 {
1174 p_rec->security_required |= BTM_SEC_IN_MITM;
1175 }
1176
1177 switch (sec_act)
1178 {
1179 case BTM_BLE_SEC_ENCRYPT:
1180 if (link_role == BTM_ROLE_MASTER)
1181 {
1182 if(p_rec->sec_state == BTM_SEC_STATE_ENCRYPTING) {
1183 BTM_TRACE_DEBUG0 ("State is already encrypting::");
1184 cmd = BTM_CMD_STARTED;
1185 }
1186 else {
1187 /* start link layer encryption using the security info stored */
1188 if (btm_ble_start_encrypt(bd_addr, FALSE, NULL))
1189 {
1190 p_rec->sec_state = BTM_SEC_STATE_ENCRYPTING;
1191 cmd = BTM_CMD_STARTED;
1192 }
1193 }
1194 break;
1195 }
1196 /* if salve role then fall through to call SMP_Pair below which will send a
1197 sec_request to request the master to encrypt the link */
1198 case BTM_BLE_SEC_ENCRYPT_NO_MITM:
1199 case BTM_BLE_SEC_ENCRYPT_MITM:
1200
1201 if (SMP_Pair(bd_addr) == SMP_STARTED)
1202 {
1203 cmd = BTM_CMD_STARTED;
1204 p_rec->sec_state = BTM_SEC_STATE_AUTHENTICATING;
1205 }
1206 break;
1207
1208 default:
1209 cmd = BTM_SUCCESS;
1210 break;
1211 }
1212 return cmd;
1213 }
1214
1215 /*******************************************************************************
1216 **
1217 ** Function btm_ble_ltk_request
1218 **
1219 ** Description This function is called when encryption request is received
1220 ** on a slave device.
1221 **
1222 **
1223 ** Returns void
1224 **
1225 *******************************************************************************/
btm_ble_ltk_request(UINT16 handle,UINT8 rand[8],UINT16 ediv)1226 void btm_ble_ltk_request(UINT16 handle, UINT8 rand[8], UINT16 ediv)
1227 {
1228 tBTM_CB *p_cb = &btm_cb;
1229 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev_by_handle (handle);
1230 BT_OCTET8 dummy_stk = {0};
1231
1232 BTM_TRACE_DEBUG0 ("btm_ble_ltk_request");
1233
1234 p_cb->ediv = ediv;
1235
1236 memcpy(p_cb->enc_rand, rand, BT_OCTET8_LEN);
1237
1238 if (p_dev_rec != NULL)
1239 {
1240 if (!smp_proc_ltk_request(p_dev_rec->bd_addr))
1241 btm_ble_ltk_request_reply(p_dev_rec->bd_addr, FALSE, dummy_stk);
1242 }
1243
1244 }
1245
1246 /*******************************************************************************
1247 **
1248 ** Function btm_ble_start_encrypt
1249 **
1250 ** Description This function is called to start LE encryption.
1251 **
1252 **
1253 ** Returns void
1254 **
1255 *******************************************************************************/
btm_ble_start_encrypt(BD_ADDR bda,BOOLEAN use_stk,BT_OCTET16 stk)1256 BOOLEAN btm_ble_start_encrypt(BD_ADDR bda, BOOLEAN use_stk, BT_OCTET16 stk)
1257 {
1258 tBTM_CB *p_cb = &btm_cb;
1259 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bda);
1260 BT_OCTET8 dummy_rand = {0};
1261 BOOLEAN rt = FALSE;
1262
1263 BTM_TRACE_DEBUG0 ("btm_ble_start_encrypt");
1264
1265 if (!p_rec ||
1266 (p_rec && p_rec->sec_state == BTM_SEC_STATE_ENCRYPTING))
1267 return FALSE;
1268
1269 p_cb->enc_handle = p_rec->hci_handle;
1270
1271 if (use_stk)
1272 {
1273 if (btsnd_hcic_ble_start_enc(p_rec->hci_handle, dummy_rand, 0, stk))
1274 rt = TRUE;
1275 }
1276 else if (p_rec->ble.key_type & BTM_LE_KEY_PENC)
1277 {
1278 if (btsnd_hcic_ble_start_enc(p_rec->hci_handle, p_rec->ble.keys.rand,
1279 p_rec->ble.keys.ediv, p_rec->ble.keys.ltk))
1280 rt = TRUE;
1281 }
1282 else
1283 {
1284 BTM_TRACE_ERROR0("No key available to encrypt the link");
1285 }
1286 if (rt)
1287 {
1288 if (p_rec->sec_state == BTM_SEC_STATE_IDLE)
1289 p_rec->sec_state = BTM_SEC_STATE_ENCRYPTING;
1290 }
1291
1292 return rt;
1293 }
1294
1295 /*******************************************************************************
1296 **
1297 ** Function btm_ble_link_encrypted
1298 **
1299 ** Description This function is called when LE link encrption status is changed.
1300 **
1301 ** Returns void
1302 **
1303 *******************************************************************************/
btm_ble_link_encrypted(BD_ADDR bd_addr,UINT8 encr_enable)1304 void btm_ble_link_encrypted(BD_ADDR bd_addr, UINT8 encr_enable)
1305 {
1306 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
1307 BOOLEAN enc_cback;
1308
1309 if (!p_dev_rec)
1310 {
1311 BTM_TRACE_WARNING1 ("btm_ble_link_encrypted (No Device Found!) encr_enable=%d", encr_enable);
1312 return;
1313 }
1314
1315 BTM_TRACE_DEBUG1 ("btm_ble_link_encrypted encr_enable=%d", encr_enable);
1316
1317 enc_cback = (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING);
1318
1319 smp_link_encrypted(bd_addr, encr_enable);
1320
1321 BTM_TRACE_DEBUG1(" p_dev_rec->sec_flags=0x%x", p_dev_rec->sec_flags);
1322
1323 if (encr_enable && p_dev_rec->enc_key_size == 0)
1324 p_dev_rec->enc_key_size = p_dev_rec->ble.keys.key_size;
1325
1326 p_dev_rec->sec_state = BTM_SEC_STATE_IDLE;
1327 if (p_dev_rec->p_callback && enc_cback)
1328 {
1329 if (encr_enable)
1330 btm_sec_dev_rec_cback_event(p_dev_rec, BTM_SUCCESS);
1331 else if (p_dev_rec->role_master)
1332 btm_sec_dev_rec_cback_event(p_dev_rec, BTM_ERR_PROCESSING);
1333
1334 }
1335 /* to notify GATT to send data if any request is pending */
1336 gatt_notify_enc_cmpl(p_dev_rec->bd_addr);
1337 }
1338
1339 /*******************************************************************************
1340 ** Function btm_enc_proc_ltk
1341 ** Description send LTK reply when it's ready.
1342 *******************************************************************************/
btm_enc_proc_ltk(tSMP_ENC * p)1343 static void btm_enc_proc_ltk(tSMP_ENC *p)
1344 {
1345 UINT8 i;
1346 BTM_TRACE_DEBUG0 ("btm_enc_proc_ltk");
1347 if (p && p->param_len == BT_OCTET16_LEN)
1348 {
1349 for (i = 0; i < (BT_OCTET16_LEN - btm_cb.key_size); i ++)
1350 p->param_buf[BT_OCTET16_LEN - i - 1] = 0;
1351 btsnd_hcic_ble_ltk_req_reply(btm_cb.enc_handle, p->param_buf);
1352 }
1353 }
1354
1355 /*******************************************************************************
1356 ** Function btm_enc_proc_slave_y
1357 ** Description calculate LTK when Y is ready
1358 *******************************************************************************/
btm_enc_proc_slave_y(tSMP_ENC * p)1359 static void btm_enc_proc_slave_y(tSMP_ENC *p)
1360 {
1361 UINT16 div, y;
1362 UINT8 *pp = p->param_buf;
1363 tBTM_CB *p_cb = &btm_cb;
1364 tSMP_ENC output;
1365 tBTM_SEC_DEV_REC *p_dev_rec;
1366
1367 BTM_TRACE_DEBUG0 ("btm_enc_proc_slave_y");
1368 if (p != NULL)
1369 {
1370 STREAM_TO_UINT16(y, pp);
1371
1372 div = p_cb->ediv ^ y;
1373 p_dev_rec = btm_find_dev_by_handle (p_cb->enc_handle);
1374
1375 if ( p_dev_rec &&
1376 p_dev_rec->ble.keys.div == div )
1377 {
1378 BTM_TRACE_DEBUG0 ("LTK request OK");
1379 /* calculating LTK , LTK = E er(div) */
1380 SMP_Encrypt(p_cb->devcb.er, BT_OCTET16_LEN, (UINT8 *)&div, 2, &output);
1381 btm_enc_proc_ltk(&output);
1382 }
1383 else
1384 {
1385 BTM_TRACE_DEBUG0 ("LTK request failed - send negative reply");
1386 btsnd_hcic_ble_ltk_req_neg_reply(p_cb->enc_handle);
1387 if (p_dev_rec)
1388 btm_ble_link_encrypted(p_dev_rec->bd_addr, 0);
1389
1390 }
1391 }
1392 }
1393
1394 /*******************************************************************************
1395 **
1396 ** Function btm_ble_ltk_request_reply
1397 **
1398 ** Description This function is called to send a LTK request reply on a slave
1399 ** device.
1400 **
1401 ** Returns void
1402 **
1403 *******************************************************************************/
btm_ble_ltk_request_reply(BD_ADDR bda,BOOLEAN use_stk,BT_OCTET16 stk)1404 void btm_ble_ltk_request_reply(BD_ADDR bda, BOOLEAN use_stk, BT_OCTET16 stk)
1405 {
1406 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bda);
1407 tBTM_CB *p_cb = &btm_cb;
1408 tSMP_ENC output;
1409
1410 if (p_rec == NULL)
1411 {
1412 BTM_TRACE_ERROR0("btm_ble_ltk_request_reply received for unknown device");
1413 return;
1414 }
1415
1416 BTM_TRACE_DEBUG0 ("btm_ble_ltk_request_reply");
1417 p_cb->enc_handle = p_rec->hci_handle;
1418 p_cb->key_size = p_rec->ble.keys.key_size;
1419
1420 BTM_TRACE_ERROR1("key size = %d", p_rec->ble.keys.key_size);
1421 if (use_stk)
1422 {
1423 btsnd_hcic_ble_ltk_req_reply(btm_cb.enc_handle, stk);
1424 }
1425 else /* calculate LTK using peer device */
1426 {
1427 /* generate Y= Encrypt(DHK, Rand) received from encrypt request */
1428 SMP_Encrypt(p_cb->devcb.id_keys.dhk, BT_OCTET16_LEN, p_cb->enc_rand,
1429 BT_OCTET8_LEN, &output);
1430 btm_enc_proc_slave_y(&output);
1431 }
1432 }
1433
1434 /*******************************************************************************
1435 **
1436 ** Function btm_ble_io_capabilities_req
1437 **
1438 ** Description This function is called to handle SMP get IO capability request.
1439 **
1440 ** Returns void
1441 **
1442 *******************************************************************************/
btm_ble_io_capabilities_req(tBTM_SEC_DEV_REC * p_dev_rec,tBTM_LE_IO_REQ * p_data)1443 UINT8 btm_ble_io_capabilities_req(tBTM_SEC_DEV_REC *p_dev_rec, tBTM_LE_IO_REQ *p_data)
1444 {
1445 UINT8 callback_rc = BTM_SUCCESS;
1446 BTM_TRACE_DEBUG0 ("btm_ble_io_capabilities_req");
1447 if (btm_cb.api.p_le_callback)
1448 {
1449 /* the callback function implementation may change the IO capability... */
1450 callback_rc = (*btm_cb.api.p_le_callback) (BTM_LE_IO_REQ_EVT, p_dev_rec->bd_addr, (tBTM_LE_EVT_DATA *)p_data);
1451 }
1452 #if BTM_OOB_INCLUDED == TRUE
1453 if ((callback_rc == BTM_SUCCESS) || (BTM_OOB_UNKNOWN != p_data->oob_data))
1454 #else
1455 if (callback_rc == BTM_SUCCESS)
1456 #endif
1457 {
1458 p_data->auth_req &= BTM_LE_AUTH_REQ_MASK;
1459
1460 BTM_TRACE_DEBUG2 ("btm_ble_io_capabilities_req 1: p_dev_rec->security_required = %d auth_req:%d",
1461 p_dev_rec->security_required, p_data->auth_req);
1462 BTM_TRACE_DEBUG2 ("btm_ble_io_capabilities_req 2: i_keys=0x%x r_keys=0x%x (bit 0-LTK 1-IRK 2-CSRK)",
1463 p_data->init_keys,
1464 p_data->resp_keys);
1465
1466 /* if authentication requires MITM protection, put on the mask */
1467 if (p_dev_rec->security_required & BTM_SEC_IN_MITM)
1468 p_data->auth_req |= BTM_LE_AUTH_REQ_MITM;
1469
1470 if (!(p_data->auth_req & SMP_AUTH_BOND))
1471 {
1472 BTM_TRACE_DEBUG0("Non bonding: No keys should be exchanged");
1473 p_data->init_keys = 0;
1474 p_data->resp_keys = 0;
1475 }
1476
1477 BTM_TRACE_DEBUG1 ("btm_ble_io_capabilities_req 3: auth_req:%d", p_data->auth_req);
1478 BTM_TRACE_DEBUG2 ("btm_ble_io_capabilities_req 4: i_keys=0x%x r_keys=0x%x",
1479 p_data->init_keys,
1480 p_data->resp_keys);
1481
1482 BTM_TRACE_DEBUG2 ("btm_ble_io_capabilities_req 5: p_data->io_cap = %d auth_req:%d",
1483 p_data->io_cap, p_data->auth_req);
1484
1485 /* remove MITM protection requirement if IO cap does not allow it */
1486 if ((p_data->io_cap == BTM_IO_CAP_NONE) && p_data->oob_data == SMP_OOB_NONE)
1487 p_data->auth_req &= ~BTM_LE_AUTH_REQ_MITM;
1488
1489 BTM_TRACE_DEBUG3 ("btm_ble_io_capabilities_req 6: IO_CAP:%d oob_data:%d auth_req:%d",
1490 p_data->io_cap, p_data->oob_data, p_data->auth_req);
1491 }
1492 return callback_rc;
1493 }
1494
1495 /*******************************************************************************
1496 **
1497 ** Function btm_ble_connected
1498 **
1499 ** Description This function is when a LE connection to the peer device is
1500 ** establsihed
1501 **
1502 ** Returns void
1503 **
1504 *******************************************************************************/
btm_ble_connected(UINT8 * bda,UINT16 handle,UINT8 enc_mode,UINT8 role,tBLE_ADDR_TYPE addr_type,BOOLEAN addr_matched)1505 void btm_ble_connected (UINT8 *bda, UINT16 handle, UINT8 enc_mode, UINT8 role,
1506 tBLE_ADDR_TYPE addr_type, BOOLEAN addr_matched)
1507 {
1508 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bda);
1509 tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb;
1510
1511 BTM_TRACE_EVENT0 ("btm_ble_connected");
1512
1513 /* Commenting out trace due to obf/compilation problems.
1514 */
1515 #if (BT_USE_TRACES == TRUE)
1516 if (p_dev_rec)
1517 {
1518 BTM_TRACE_EVENT4 ("Security Manager: btm_sec_connected : handle:%d enc_mode:%d bda:%x RName:%s",
1519 handle, enc_mode,
1520 (bda[2]<<24)+(bda[3]<<16)+(bda[4]<<8)+bda[5],
1521 p_dev_rec->sec_bd_name);
1522
1523 BTM_TRACE_DEBUG1 ("btm_ble_connected sec_flags=0x%x",p_dev_rec->sec_flags);
1524 }
1525 else
1526 {
1527 BTM_TRACE_EVENT3 ("Security Manager: btm_sec_connected: handle:%d enc_mode:%d bda:%x ",
1528 handle, enc_mode,
1529 (bda[2]<<24)+(bda[3]<<16)+(bda[4]<<8)+bda[5]);
1530 }
1531 #endif
1532
1533 if (!p_dev_rec)
1534 {
1535 /* There is no device record for new connection. Allocate one */
1536 p_dev_rec = btm_sec_alloc_dev (bda);
1537 }
1538 else /* Update the timestamp for this device */
1539 {
1540 p_dev_rec->timestamp = btm_cb.dev_rec_count++;
1541 }
1542
1543 /* update device information */
1544 p_dev_rec->device_type |= BT_DEVICE_TYPE_BLE;
1545 p_dev_rec->hci_handle = handle;
1546 p_dev_rec->ble.ble_addr_type = addr_type;
1547
1548 if (role == HCI_ROLE_MASTER)
1549 p_dev_rec->role_master = TRUE;
1550
1551 if (role == HCI_ROLE_SLAVE)
1552 p_cb->inq_var.adv_mode = BTM_BLE_ADV_DISABLE;
1553 p_cb->inq_var.directed_conn = FALSE;
1554
1555 return;
1556 }
1557
1558 /*****************************************************************************
1559 ** Function btm_ble_conn_complete
1560 **
1561 ** Description LE connection complete.
1562 **
1563 ******************************************************************************/
btm_ble_conn_complete(UINT8 * p,UINT16 evt_len)1564 void btm_ble_conn_complete(UINT8 *p, UINT16 evt_len)
1565 {
1566 UINT8 role, status, bda_type;
1567 UINT16 handle;
1568 BD_ADDR bda;
1569 UINT16 conn_interval, conn_latency, conn_timeout;
1570 BOOLEAN match = FALSE;
1571
1572 STREAM_TO_UINT8 (status, p);
1573 STREAM_TO_UINT16 (handle, p);
1574 STREAM_TO_UINT8 (role, p);
1575 STREAM_TO_UINT8 (bda_type, p);
1576 STREAM_TO_BDADDR (bda, p);
1577
1578 if (status == 0)
1579 {
1580 STREAM_TO_UINT16 (conn_interval, p);
1581 STREAM_TO_UINT16 (conn_latency, p);
1582 STREAM_TO_UINT16 (conn_timeout, p);
1583 handle = HCID_GET_HANDLE (handle);
1584
1585 btm_ble_connected(bda, handle, HCI_ENCRYPT_MODE_DISABLED, role, bda_type, match);
1586 l2cble_conn_comp (handle, role, bda, bda_type, conn_interval,
1587 conn_latency, conn_timeout);
1588 }
1589 else
1590 {
1591 role = HCI_ROLE_UNKNOWN;
1592
1593 if (status == HCI_ERR_DIRECTED_ADVERTISING_TIMEOUT)
1594 {
1595 btm_ble_dir_adv_tout();
1596 }
1597 /* this is to work around broadcom firmware problem to handle
1598 * unsolicited command complete event for HCI_LE_Create_Connection_Cancel
1599 * and LE connection complete event with status error code (0x2)
1600 * unknown connection identifier from bluetooth controller
1601 * the workaround is to release the HCI connection to avoid out of sync
1602 * with bluetooth controller, which cause BT can't be turned off.
1603 */
1604 else if ((status == HCI_ERR_NO_CONNECTION) &&
1605 (btm_ble_get_conn_st() != BLE_CONN_CANCEL))
1606 {
1607 tL2C_LCB *p_lcb;
1608 handle = HCID_GET_HANDLE (handle);
1609 p_lcb = l2cu_find_lcb_by_handle (handle);
1610 if (p_lcb != NULL)
1611 {
1612 l2c_link_hci_disc_comp (handle, HCI_ERR_PEER_USER);
1613 btm_sec_disconnected (handle, HCI_ERR_PEER_USER);
1614 }
1615 }
1616 }
1617
1618 btm_ble_set_conn_st(BLE_CONN_IDLE);
1619
1620 btm_ble_update_mode_operation(role, bda, TRUE);
1621 }
1622
1623 /*****************************************************************************
1624 ** Function btm_proc_smp_cback
1625 **
1626 ** Description This function is the SMP callback handler.
1627 **
1628 ******************************************************************************/
btm_proc_smp_cback(tSMP_EVT event,BD_ADDR bd_addr,tSMP_EVT_DATA * p_data)1629 UINT8 btm_proc_smp_cback(tSMP_EVT event, BD_ADDR bd_addr, tSMP_EVT_DATA *p_data)
1630 {
1631 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
1632 UINT8 res = 0;
1633
1634 BTM_TRACE_DEBUG1 ("btm_proc_smp_cback event = %d", event);
1635
1636 if (p_dev_rec != NULL)
1637 {
1638 switch (event)
1639 {
1640 case SMP_IO_CAP_REQ_EVT:
1641 btm_ble_io_capabilities_req(p_dev_rec, (tBTM_LE_IO_REQ *)&p_data->io_req);
1642 break;
1643
1644 case SMP_PASSKEY_REQ_EVT:
1645 case SMP_PASSKEY_NOTIF_EVT:
1646 case SMP_OOB_REQ_EVT:
1647 p_dev_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED;
1648 case SMP_SEC_REQUEST_EVT:
1649 memcpy (btm_cb.pairing_bda, bd_addr, BD_ADDR_LEN);
1650 p_dev_rec->sec_state = BTM_SEC_STATE_AUTHENTICATING;
1651 /* fall through */
1652 case SMP_COMPLT_EVT:
1653 if (btm_cb.api.p_le_callback)
1654 {
1655 /* the callback function implementation may change the IO capability... */
1656 BTM_TRACE_DEBUG1 ("btm_cb.api.p_le_callback=0x%x", btm_cb.api.p_le_callback );
1657 (*btm_cb.api.p_le_callback) (event, bd_addr, (tBTM_LE_EVT_DATA *)p_data);
1658 }
1659
1660 if (event == SMP_COMPLT_EVT)
1661 {
1662 BTM_TRACE_DEBUG2 ("evt=SMP_COMPLT_EVT before update sec_level=0x%x sec_flags=0x%x", p_data->cmplt.sec_level , p_dev_rec->sec_flags );
1663
1664 res = (p_data->cmplt.reason == SMP_SUCCESS) ? BTM_SUCCESS : BTM_ERR_PROCESSING;
1665
1666 BTM_TRACE_DEBUG3 ("after update result=%d sec_level=0x%x sec_flags=0x%x",
1667 res, p_data->cmplt.sec_level , p_dev_rec->sec_flags );
1668
1669 btm_sec_dev_rec_cback_event(p_dev_rec, res);
1670
1671 if (p_data->cmplt.is_pair_cancel && btm_cb.api.p_bond_cancel_cmpl_callback )
1672 {
1673 BTM_TRACE_DEBUG0 ("Pairing Cancel completed");
1674 (*btm_cb.api.p_bond_cancel_cmpl_callback)(BTM_SUCCESS);
1675 }
1676 #if BTM_BLE_CONFORMANCE_TESTING == TRUE
1677 if (res != BTM_SUCCESS)
1678 {
1679 if (!btm_cb.devcb.no_disc_if_pair_fail && p_data->cmplt.reason != SMP_CONN_TOUT)
1680 {
1681 BTM_TRACE_DEBUG0 ("Pairing failed - Remove ACL");
1682 btm_remove_acl(bd_addr);
1683 }
1684 else
1685 {
1686 BTM_TRACE_DEBUG0 ("Pairing failed - Not Removing ACL");
1687 p_dev_rec->sec_state = BTM_SEC_STATE_IDLE;
1688 }
1689 }
1690 #else
1691 if (res != BTM_SUCCESS && p_data->cmplt.reason != SMP_CONN_TOUT)
1692 btm_remove_acl(bd_addr);
1693 #endif
1694
1695 BTM_TRACE_DEBUG3 ("btm_cb pairing_state=%x pairing_flags=%x pin_code_len=%x",
1696 btm_cb.pairing_state,
1697 btm_cb.pairing_flags,
1698 btm_cb.pin_code_len );
1699 BTM_TRACE_DEBUG6 ("btm_cb.pairing_bda %02x:%02x:%02x:%02x:%02x:%02x",
1700 btm_cb.pairing_bda[0], btm_cb.pairing_bda[1], btm_cb.pairing_bda[2],
1701 btm_cb.pairing_bda[3], btm_cb.pairing_bda[4], btm_cb.pairing_bda[5]);
1702
1703 memset (btm_cb.pairing_bda, 0xff, BD_ADDR_LEN);
1704 btm_cb.pairing_state = BTM_PAIR_STATE_IDLE;
1705 btm_cb.pairing_flags = 0;
1706 }
1707 break;
1708
1709 default:
1710 BTM_TRACE_DEBUG1 ("unknown event = %d", event);
1711 break;
1712
1713
1714 }
1715 }
1716 else
1717 {
1718 BTM_TRACE_ERROR0("btm_proc_smp_cback received for unknown device");
1719 }
1720
1721 return 0;
1722 }
1723
1724 #endif /* SMP_INCLUDED */
1725 #endif /* BLE_INCLUDED */
1726
1727
1728 /*******************************************************************************
1729 **
1730 ** Function BTM_BleDataSignature
1731 **
1732 ** Description This function is called to sign the data using AES128 CMAC
1733 ** algorith.
1734 **
1735 ** Parameter bd_addr: target device the data to be signed for.
1736 ** p_text: singing data
1737 ** len: length of the data to be signed.
1738 ** signature: output parameter where data signature is going to
1739 ** be stored.
1740 **
1741 ** Returns TRUE if signing sucessul, otherwise FALSE.
1742 **
1743 *******************************************************************************/
BTM_BleDataSignature(BD_ADDR bd_addr,UINT8 * p_text,UINT16 len,BLE_SIGNATURE signature)1744 BOOLEAN BTM_BleDataSignature (BD_ADDR bd_addr, UINT8 *p_text, UINT16 len,
1745 BLE_SIGNATURE signature)
1746 {
1747 BOOLEAN ret = FALSE;
1748 #if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
1749 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr);
1750 UINT8 *p_buf, *pp;
1751
1752 BT_OCTET16 er;
1753 UINT16 div;
1754 UINT8 temp[4]; /* for (r || DIV) r=1*/
1755 UINT16 r=1;
1756 UINT8 *p=temp, *p_mac = (UINT8 *)signature;
1757 tSMP_ENC output;
1758 BT_OCTET16 local_csrk;
1759
1760 BTM_TRACE_DEBUG0 ("BTM_BleDataSignature");
1761 if (p_rec == NULL)
1762 {
1763 BTM_TRACE_ERROR0("data signing can not be done from unknow device");
1764 }
1765 else
1766 {
1767 if ((p_buf = (UINT8 *)GKI_getbuf((UINT16)(len + 4))) != NULL)
1768 {
1769 BTM_TRACE_DEBUG0("Start to generate Local CSRK");
1770 pp = p_buf;
1771 /* prepare plain text */
1772 if (p_text)
1773 {
1774 memcpy(p_buf, p_text, len);
1775 pp = (p_buf + len);
1776 }
1777
1778 #if BTM_BLE_CONFORMANCE_TESTING == TRUE
1779 if ( btm_cb.devcb.enable_test_local_sign_cntr)
1780 {
1781 BTM_TRACE_DEBUG1 ("Use Test local counter value from script counter_val=%d", btm_cb.devcb.test_local_sign_cntr);
1782 UINT32_TO_STREAM(pp, btm_cb.devcb.test_local_sign_cntr);
1783 }
1784 else
1785 {
1786 UINT32_TO_STREAM(pp, p_rec->ble.keys.local_counter);
1787 }
1788 #else
1789 UINT32_TO_STREAM(pp, p_rec->ble.keys.local_counter);
1790 #endif
1791 /* compute local csrk */
1792 if (btm_get_local_div(bd_addr, &div))
1793 {
1794 BTM_TRACE_DEBUG1 ("compute_csrk div=%x", div);
1795 BTM_GetDeviceEncRoot(er);
1796
1797 /* CSRK = d1(ER, DIV, 1) */
1798 UINT16_TO_STREAM(p, div);
1799 UINT16_TO_STREAM(p, r);
1800
1801 if (!SMP_Encrypt(er, BT_OCTET16_LEN, temp, 4, &output))
1802 {
1803 BTM_TRACE_ERROR0("Local CSRK generation failed ");
1804 }
1805 else
1806 {
1807 BTM_TRACE_DEBUG0("local CSRK generation success");
1808 memcpy((void *)local_csrk, output.param_buf, BT_OCTET16_LEN);
1809
1810
1811 #if BTM_BLE_CONFORMANCE_TESTING == TRUE
1812 if (btm_cb.devcb.enable_test_local_sign_cntr)
1813 {
1814 UINT32_TO_STREAM(p_mac, btm_cb.devcb.test_local_sign_cntr);
1815 }
1816 else
1817 {
1818 UINT32_TO_STREAM(p_mac, p_rec->ble.keys.local_counter);
1819 }
1820 #else
1821 UINT32_TO_STREAM(p_mac, p_rec->ble.keys.local_counter);
1822 #endif
1823
1824 if ((ret = AES_CMAC(local_csrk, p_buf, (UINT16)(len + 4), BTM_CMAC_TLEN_SIZE, p_mac)) == TRUE)
1825 {
1826 btm_ble_increment_sign_ctr(bd_addr, TRUE);
1827
1828 #if BTM_BLE_CONFORMANCE_TESTING == TRUE
1829 if ( btm_cb.devcb.enable_test_mac_val)
1830 {
1831 BTM_TRACE_DEBUG0 ("Use MAC value from script");
1832 memcpy(p_mac, btm_cb.devcb.test_mac, BTM_CMAC_TLEN_SIZE);
1833 }
1834 #endif
1835 }
1836 BTM_TRACE_DEBUG1("BTM_BleDataSignature p_mac = %d", p_mac);
1837 BTM_TRACE_DEBUG4("p_mac[0] = 0x%02x p_mac[1] = 0x%02x p_mac[2] = 0x%02x p_mac[3] = 0x%02x",
1838 *p_mac, *(p_mac + 1), *(p_mac + 2), *(p_mac + 3));
1839 BTM_TRACE_DEBUG4("p_mac[4] = 0x%02x p_mac[5] = 0x%02x p_mac[6] = 0x%02x p_mac[7] = 0x%02x",
1840 *(p_mac + 4), *(p_mac + 5), *(p_mac + 6), *(p_mac + 7));
1841
1842 GKI_freebuf(p_buf);
1843 }
1844 }
1845 }
1846 }
1847 #endif /* BLE_INCLUDED */
1848 return ret;
1849 }
1850
1851 /*******************************************************************************
1852 **
1853 ** Function BTM_BleVerifySignature
1854 **
1855 ** Description This function is called to verify the data signature
1856 **
1857 ** Parameter bd_addr: target device the data to be signed for.
1858 ** p_orig: original data before signature.
1859 ** len: length of the signing data
1860 ** counter: counter used when doing data signing
1861 ** p_comp: signature to be compared against.
1862
1863 ** Returns TRUE if signature verified correctly; otherwise FALSE.
1864 **
1865 *******************************************************************************/
BTM_BleVerifySignature(BD_ADDR bd_addr,UINT8 * p_orig,UINT16 len,UINT32 counter,UINT8 * p_comp)1866 BOOLEAN BTM_BleVerifySignature (BD_ADDR bd_addr, UINT8 *p_orig, UINT16 len, UINT32 counter,
1867 UINT8 *p_comp)
1868 {
1869 BOOLEAN verified = FALSE;
1870 #if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
1871 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr);
1872 UINT8 p_mac[BTM_CMAC_TLEN_SIZE];
1873
1874 if (p_rec == NULL || (p_rec && !(p_rec->ble.key_type & BTM_LE_KEY_PCSRK)))
1875 {
1876 BTM_TRACE_ERROR0("can not verify signature for unknown device");
1877 }
1878 else if (counter < p_rec->ble.keys.counter)
1879 {
1880 BTM_TRACE_ERROR0("signature received with out dated sign counter");
1881 }
1882 else if (p_orig == NULL)
1883 {
1884 BTM_TRACE_ERROR0("No signature to verify");
1885 }
1886 else
1887 {
1888 BTM_TRACE_DEBUG2 ("BTM_BleVerifySignature rcv_cnt=%d >= expected_cnt=%d", counter, p_rec->ble.keys.counter);
1889
1890 if (AES_CMAC(p_rec->ble.keys.csrk, p_orig, len, BTM_CMAC_TLEN_SIZE, p_mac))
1891 {
1892 if (memcmp(p_mac, p_comp, BTM_CMAC_TLEN_SIZE) == 0)
1893 {
1894 btm_ble_increment_sign_ctr(bd_addr, FALSE);
1895 verified = TRUE;
1896 }
1897 }
1898 }
1899 #endif /* BLE_INCLUDED */
1900 return verified;
1901 }
1902
1903 #if BLE_INCLUDED == TRUE
1904 /*******************************************************************************
1905 ** Utility functions for LE device IR/ER generation
1906 *******************************************************************************/
1907 /*******************************************************************************
1908 **
1909 ** Function btm_notify_new_key
1910 **
1911 ** Description This function is to notify application new keys have been
1912 ** generated.
1913 **
1914 ** Returns void
1915 **
1916 *******************************************************************************/
btm_notify_new_key(UINT8 key_type)1917 static void btm_notify_new_key(UINT8 key_type)
1918 {
1919 tBTM_BLE_LOCAL_KEYS *p_locak_keys = NULL;
1920
1921 BTM_TRACE_DEBUG1 ("btm_notify_new_key key_type=%d", key_type);
1922
1923 if (btm_cb.api.p_le_key_callback)
1924 {
1925 switch (key_type)
1926 {
1927 case BTM_BLE_KEY_TYPE_ID:
1928 BTM_TRACE_DEBUG0 ("BTM_BLE_KEY_TYPE_ID");
1929 p_locak_keys = (tBTM_BLE_LOCAL_KEYS *)&btm_cb.devcb.id_keys;
1930 break;
1931
1932 case BTM_BLE_KEY_TYPE_ER:
1933 BTM_TRACE_DEBUG0 ("BTM_BLE_KEY_TYPE_ER");
1934 p_locak_keys = (tBTM_BLE_LOCAL_KEYS *)&btm_cb.devcb.er;
1935 break;
1936
1937 default:
1938 BTM_TRACE_ERROR1("unknown key type: %d", key_type);
1939 break;
1940 }
1941 if (p_locak_keys != NULL)
1942 (*btm_cb.api.p_le_key_callback) (key_type, p_locak_keys);
1943 }
1944 }
1945
1946 /*******************************************************************************
1947 **
1948 ** Function btm_ble_process_er2
1949 **
1950 ** Description This function is called when ER is generated, store it in
1951 ** local control block.
1952 **
1953 ** Returns void
1954 **
1955 *******************************************************************************/
btm_ble_process_er2(tBTM_RAND_ENC * p)1956 static void btm_ble_process_er2(tBTM_RAND_ENC *p)
1957 {
1958 BTM_TRACE_DEBUG0 ("btm_ble_process_er2");
1959
1960 if (p &&p->opcode == HCI_BLE_RAND)
1961 {
1962 memcpy(&btm_cb.devcb.er[8], p->param_buf, BT_OCTET8_LEN);
1963 btm_notify_new_key(BTM_BLE_KEY_TYPE_ER);
1964 }
1965 else
1966 {
1967 BTM_TRACE_ERROR0("Generating ER2 exception.");
1968 memset(&btm_cb.devcb.er, 0, sizeof(BT_OCTET16));
1969 }
1970 }
1971
1972 /*******************************************************************************
1973 **
1974 ** Function btm_ble_process_er
1975 **
1976 ** Description This function is called when ER is generated, store it in
1977 ** local control block.
1978 **
1979 ** Returns void
1980 **
1981 *******************************************************************************/
btm_ble_process_er(tBTM_RAND_ENC * p)1982 static void btm_ble_process_er(tBTM_RAND_ENC *p)
1983 {
1984 BTM_TRACE_DEBUG0 ("btm_ble_process_er");
1985
1986 if (p &&p->opcode == HCI_BLE_RAND)
1987 {
1988 memcpy(&btm_cb.devcb.er[0], p->param_buf, BT_OCTET8_LEN);
1989
1990 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_er2))
1991 {
1992 memset(&btm_cb.devcb.er, 0, sizeof(BT_OCTET16));
1993 BTM_TRACE_ERROR0("Generating ER2 failed.");
1994 }
1995 }
1996 else
1997 {
1998 BTM_TRACE_ERROR0("Generating ER1 exception.");
1999 }
2000 }
2001
2002 /*******************************************************************************
2003 **
2004 ** Function btm_ble_process_irk
2005 **
2006 ** Description This function is called when IRK is generated, store it in
2007 ** local control block.
2008 **
2009 ** Returns void
2010 **
2011 *******************************************************************************/
btm_ble_process_irk(tSMP_ENC * p)2012 static void btm_ble_process_irk(tSMP_ENC *p)
2013 {
2014 BTM_TRACE_DEBUG0 ("btm_ble_process_irk");
2015 if (p &&p->opcode == HCI_BLE_ENCRYPT)
2016 {
2017 memcpy(btm_cb.devcb.id_keys.irk, p->param_buf, BT_OCTET16_LEN);
2018 btm_notify_new_key(BTM_BLE_KEY_TYPE_ID);
2019 }
2020 else
2021 {
2022 BTM_TRACE_ERROR0("Generating IRK exception.");
2023 }
2024
2025 /* proceed generate ER */
2026 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_er))
2027 {
2028 BTM_TRACE_ERROR0("Generating ER failed.");
2029 }
2030 }
2031
2032 /*******************************************************************************
2033 **
2034 ** Function btm_ble_process_dhk
2035 **
2036 ** Description This function is called when DHK is calculated, store it in
2037 ** local control block, and proceed to generate ER, a 128-bits
2038 ** random number.
2039 **
2040 ** Returns void
2041 **
2042 *******************************************************************************/
btm_ble_process_dhk(tSMP_ENC * p)2043 static void btm_ble_process_dhk(tSMP_ENC *p)
2044 {
2045 #if SMP_INCLUDED == TRUE
2046 UINT8 btm_ble_irk_pt = 0x01;
2047 tSMP_ENC output;
2048
2049 BTM_TRACE_DEBUG0 ("btm_ble_process_dhk");
2050
2051 if (p && p->opcode == HCI_BLE_ENCRYPT)
2052 {
2053 memcpy(btm_cb.devcb.id_keys.dhk, p->param_buf, BT_OCTET16_LEN);
2054 BTM_TRACE_DEBUG0("BLE DHK generated.");
2055
2056 /* IRK = D1(IR, 1) */
2057 if (!SMP_Encrypt(btm_cb.devcb.id_keys.ir, BT_OCTET16_LEN, &btm_ble_irk_pt,
2058 1, &output))
2059 {
2060 /* reset all identity root related key */
2061 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
2062 }
2063 else
2064 {
2065 btm_ble_process_irk(&output);
2066 }
2067 }
2068 else
2069 {
2070 /* reset all identity root related key */
2071 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
2072 }
2073 #endif
2074 }
2075
2076 /*******************************************************************************
2077 **
2078 ** Function btm_ble_process_ir2
2079 **
2080 ** Description This function is called when IR is generated, proceed to calculate
2081 ** DHK = Eir({0x03, 0, 0 ...})
2082 **
2083 **
2084 ** Returns void
2085 **
2086 *******************************************************************************/
btm_ble_process_ir2(tBTM_RAND_ENC * p)2087 static void btm_ble_process_ir2(tBTM_RAND_ENC *p)
2088 {
2089 #if SMP_INCLUDED == TRUE
2090 UINT8 btm_ble_dhk_pt = 0x03;
2091 tSMP_ENC output;
2092
2093 BTM_TRACE_DEBUG0 ("btm_ble_process_ir2");
2094
2095 if (p && p->opcode == HCI_BLE_RAND)
2096 {
2097 /* remembering in control block */
2098 memcpy(&btm_cb.devcb.id_keys.ir[8], p->param_buf, BT_OCTET8_LEN);
2099 /* generate DHK= Eir({0x03, 0x00, 0x00 ...}) */
2100
2101
2102 SMP_Encrypt(btm_cb.devcb.id_keys.ir, BT_OCTET16_LEN, &btm_ble_dhk_pt,
2103 1, &output);
2104 btm_ble_process_dhk(&output);
2105
2106 BTM_TRACE_DEBUG0("BLE IR generated.");
2107 }
2108 else
2109 {
2110 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
2111 }
2112 #endif
2113 }
2114
2115 /*******************************************************************************
2116 **
2117 ** Function btm_ble_process_ir
2118 **
2119 ** Description This function is called when IR is generated, proceed to calculate
2120 ** DHK = Eir({0x02, 0, 0 ...})
2121 **
2122 **
2123 ** Returns void
2124 **
2125 *******************************************************************************/
btm_ble_process_ir(tBTM_RAND_ENC * p)2126 static void btm_ble_process_ir(tBTM_RAND_ENC *p)
2127 {
2128 BTM_TRACE_DEBUG0 ("btm_ble_process_ir");
2129
2130 if (p && p->opcode == HCI_BLE_RAND)
2131 {
2132 /* remembering in control block */
2133 memcpy(btm_cb.devcb.id_keys.ir, p->param_buf, BT_OCTET8_LEN);
2134
2135 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_ir2))
2136 {
2137 BTM_TRACE_ERROR0("Generating IR2 failed.");
2138 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
2139 }
2140 }
2141 }
2142
2143 /*******************************************************************************
2144 **
2145 ** Function btm_ble_reset_id
2146 **
2147 ** Description This function is called to reset LE device identity.
2148 **
2149 ** Returns void
2150 **
2151 *******************************************************************************/
btm_ble_reset_id(void)2152 void btm_ble_reset_id( void )
2153 {
2154 BTM_TRACE_DEBUG0 ("btm_ble_reset_id");
2155
2156 /* regenrate Identity Root*/
2157 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_ir))
2158 {
2159 BTM_TRACE_DEBUG0("Generating IR failed.");
2160 }
2161 }
2162
2163 #if BTM_BLE_CONFORMANCE_TESTING == TRUE
2164 /*******************************************************************************
2165 **
2166 ** Function btm_ble_set_no_disc_if_pair_fail
2167 **
2168 ** Description This function indicates that whether no disconnect of the ACL
2169 ** should be used if pairing failed
2170 **
2171 ** Returns void
2172 **
2173 *******************************************************************************/
btm_ble_set_no_disc_if_pair_fail(BOOLEAN disable_disc)2174 void btm_ble_set_no_disc_if_pair_fail(BOOLEAN disable_disc )
2175 {
2176 BTM_TRACE_DEBUG1 ("btm_ble_set_disc_enable_if_pair_fail disable_disc=%d", disable_disc);
2177 btm_cb.devcb.no_disc_if_pair_fail = disable_disc;
2178 }
2179
2180 /*******************************************************************************
2181 **
2182 ** Function btm_ble_set_test_mac_value
2183 **
2184 ** Description This function set test MAC value
2185 **
2186 ** Returns void
2187 **
2188 *******************************************************************************/
btm_ble_set_test_mac_value(BOOLEAN enable,UINT8 * p_test_mac_val)2189 void btm_ble_set_test_mac_value(BOOLEAN enable, UINT8 *p_test_mac_val )
2190 {
2191 BTM_TRACE_DEBUG1 ("btm_ble_set_test_mac_value enable=%d", enable);
2192 btm_cb.devcb.enable_test_mac_val = enable;
2193 memcpy(btm_cb.devcb.test_mac, p_test_mac_val, BT_OCTET8_LEN);
2194 }
2195
2196 /*******************************************************************************
2197 **
2198 ** Function btm_ble_set_test_local_sign_cntr_value
2199 **
2200 ** Description This function set test local sign counter value
2201 **
2202 ** Returns void
2203 **
2204 *******************************************************************************/
btm_ble_set_test_local_sign_cntr_value(BOOLEAN enable,UINT32 test_local_sign_cntr)2205 void btm_ble_set_test_local_sign_cntr_value(BOOLEAN enable, UINT32 test_local_sign_cntr )
2206 {
2207 BTM_TRACE_DEBUG2 ("btm_ble_set_test_local_sign_cntr_value enable=%d local_sign_cntr=%d",
2208 enable, test_local_sign_cntr);
2209 btm_cb.devcb.enable_test_local_sign_cntr = enable;
2210 btm_cb.devcb.test_local_sign_cntr = test_local_sign_cntr;
2211 }
2212
2213 /*******************************************************************************
2214 **
2215 ** Function btm_set_random_address
2216 **
2217 ** Description This function set a random address to local controller.
2218 **
2219 ** Returns void
2220 **
2221 *******************************************************************************/
btm_set_random_address(BD_ADDR random_bda)2222 void btm_set_random_address(BD_ADDR random_bda)
2223 {
2224 tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
2225 BOOLEAN adv_mode = btm_cb.ble_ctr_cb.inq_var.adv_mode ;
2226
2227 BTM_TRACE_DEBUG0 ("btm_set_random_address");
2228
2229 if (adv_mode == BTM_BLE_ADV_ENABLE)
2230 btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_DISABLE);
2231
2232 memcpy(p_cb->private_addr, random_bda, BD_ADDR_LEN);
2233 btsnd_hcic_ble_set_random_addr(p_cb->private_addr);
2234
2235 if (adv_mode == BTM_BLE_ADV_ENABLE)
2236 btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_ENABLE);
2237
2238
2239 }
2240 #endif /* BTM_BLE_CONFORMANCE_TESTING */
2241
2242
2243 #endif /* BLE_INCLUDED */
2244