1 /******************************************************************************
2 *
3 * Copyright (C) 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains functions for BLE device control utilities, and LE
22 * security functions.
23 *
24 ******************************************************************************/
25 #include "bt_target.h"
26
27 #if BLE_INCLUDED == TRUE
28
29 #include <string.h>
30
31 #include "bt_types.h"
32 #include "hcimsgs.h"
33 #include "btu.h"
34 #include "btm_int.h"
35 #include "btm_ble_api.h"
36 #include "smp_api.h"
37 #include "l2c_int.h"
38 #include "gap_api.h"
39 #include "bt_utils.h"
40
41 #include "vendor_ble.h"
42
43 #if SMP_INCLUDED == TRUE
44 extern BOOLEAN AES_CMAC ( BT_OCTET16 key, UINT8 *input, UINT16 length, UINT16 tlen, UINT8 *p_signature);
45 extern void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable);
46 extern BOOLEAN smp_proc_ltk_request(BD_ADDR bda);
47 #endif
48 extern void gatt_notify_enc_cmpl(BD_ADDR bd_addr);
49 /*******************************************************************************/
50 /* External Function to be called by other modules */
51 /*******************************************************************************/
52 /********************************************************
53 **
54 ** Function BTM_SecAddBleDevice
55 **
56 ** Description Add/modify device. This function will be normally called
57 ** during host startup to restore all required information
58 ** for a LE device stored in the NVRAM.
59 **
60 ** Parameters: bd_addr - BD address of the peer
61 ** bd_name - Name of the peer device. NULL if unknown.
62 ** dev_type - Remote device's device type.
63 ** addr_type - LE device address type.
64 **
65 ** Returns TRUE if added OK, else FALSE
66 **
67 *******************************************************************************/
BTM_SecAddBleDevice(BD_ADDR bd_addr,BD_NAME bd_name,tBT_DEVICE_TYPE dev_type,tBLE_ADDR_TYPE addr_type)68 BOOLEAN BTM_SecAddBleDevice (BD_ADDR bd_addr, BD_NAME bd_name, tBT_DEVICE_TYPE dev_type,
69 tBLE_ADDR_TYPE addr_type)
70 {
71 tBTM_SEC_DEV_REC *p_dev_rec;
72 UINT8 i = 0;
73 tBTM_INQ_INFO *p_info=NULL;
74
75 BTM_TRACE_DEBUG ("BTM_SecAddBleDevice dev_type=0x%x", dev_type);
76 p_dev_rec = btm_find_dev (bd_addr);
77
78 if (!p_dev_rec)
79 {
80 BTM_TRACE_DEBUG("Add a new device");
81
82 /* There is no device record, allocate one.
83 * If we can not find an empty spot for this one, let it fail. */
84 for (i = 0; i < BTM_SEC_MAX_DEVICE_RECORDS; i++)
85 {
86 if (!(btm_cb.sec_dev_rec[i].sec_flags & BTM_SEC_IN_USE))
87 {
88 BTM_TRACE_DEBUG ("allocate a new dev rec idx=0x%x ", i );
89 p_dev_rec = &btm_cb.sec_dev_rec[i];
90
91 /* Mark this record as in use and initialize */
92 memset (p_dev_rec, 0, sizeof (tBTM_SEC_DEV_REC));
93 p_dev_rec->sec_flags = BTM_SEC_IN_USE;
94 memcpy (p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN);
95 p_dev_rec->hci_handle = BTM_GetHCIConnHandle (bd_addr, BT_TRANSPORT_BR_EDR);
96 p_dev_rec->ble_hci_handle = BTM_GetHCIConnHandle (bd_addr, BT_TRANSPORT_LE);
97
98 /* update conn params, use default value for background connection params */
99 p_dev_rec->conn_params.min_conn_int =
100 p_dev_rec->conn_params.max_conn_int =
101 p_dev_rec->conn_params.supervision_tout =
102 p_dev_rec->conn_params.slave_latency = BTM_BLE_CONN_PARAM_UNDEF;
103
104 BTM_TRACE_DEBUG ("hci_handl=0x%x ", p_dev_rec->ble_hci_handle );
105 break;
106 }
107 }
108
109 if (!p_dev_rec)
110 return(FALSE);
111 }
112 else
113 {
114 BTM_TRACE_DEBUG("Device already exist");
115 }
116
117 memset(p_dev_rec->sec_bd_name, 0, sizeof(tBTM_BD_NAME));
118
119 if (bd_name && bd_name[0])
120 {
121 p_dev_rec->sec_flags |= BTM_SEC_NAME_KNOWN;
122 BCM_STRNCPY_S ((char *)p_dev_rec->sec_bd_name, sizeof (p_dev_rec->sec_bd_name),
123 (char *)bd_name, BTM_MAX_REM_BD_NAME_LEN);
124 }
125 p_dev_rec->device_type = dev_type;
126 p_dev_rec->ble.ble_addr_type = addr_type;
127 BTM_TRACE_DEBUG ("p_dev_rec->device_type =0x%x addr_type=0x%x sec_flags=0x%x",
128 dev_type, addr_type, p_dev_rec->sec_flags);
129
130 /* sync up with the Inq Data base*/
131 p_info = BTM_InqDbRead(bd_addr);
132 if (p_info)
133 {
134 p_info->results.ble_addr_type = p_dev_rec->ble.ble_addr_type ;
135 p_info->results.device_type = p_dev_rec->device_type;
136 BTM_TRACE_DEBUG ("InqDb device_type =0x%x addr_type=0x%x",
137 p_info->results.device_type, p_info->results.ble_addr_type);
138 }
139
140 return(TRUE);
141 }
142
143 /*******************************************************************************
144 **
145 ** Function BTM_SecAddBleKey
146 **
147 ** Description Add/modify LE device information. This function will be
148 ** normally called during host startup to restore all required
149 ** information stored in the NVRAM.
150 **
151 ** Parameters: bd_addr - BD address of the peer
152 ** p_le_key - LE key values.
153 ** key_type - LE SMP key type.
154 *
155 ** Returns TRUE if added OK, else FALSE
156 **
157 *******************************************************************************/
BTM_SecAddBleKey(BD_ADDR bd_addr,tBTM_LE_KEY_VALUE * p_le_key,tBTM_LE_KEY_TYPE key_type)158 BOOLEAN BTM_SecAddBleKey (BD_ADDR bd_addr, tBTM_LE_KEY_VALUE *p_le_key, tBTM_LE_KEY_TYPE key_type)
159 {
160 #if SMP_INCLUDED == TRUE
161 tBTM_SEC_DEV_REC *p_dev_rec;
162 BTM_TRACE_DEBUG ("BTM_SecAddBleKey");
163 p_dev_rec = btm_find_dev (bd_addr);
164 if (!p_dev_rec || !p_le_key ||
165 (key_type != BTM_LE_KEY_PENC && key_type != BTM_LE_KEY_PID &&
166 key_type != BTM_LE_KEY_PCSRK && key_type != BTM_LE_KEY_LENC &&
167 key_type != BTM_LE_KEY_LCSRK))
168 {
169 BTM_TRACE_WARNING ("BTM_SecAddBleKey() Wrong Type, or No Device record \
170 for bdaddr: %08x%04x, Type: %d",
171 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3],
172 (bd_addr[4]<<8)+bd_addr[5], key_type);
173 return(FALSE);
174 }
175
176 BTM_TRACE_DEBUG ("BTM_SecAddLeKey() BDA: %08x%04x, Type: 0x%02x",
177 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3],
178 (bd_addr[4]<<8)+bd_addr[5], key_type);
179
180 if (key_type == BTM_LE_KEY_PENC || key_type == BTM_LE_KEY_PID ||
181 key_type == BTM_LE_KEY_PCSRK || key_type == BTM_LE_KEY_LENC ||
182 key_type == BTM_LE_KEY_LCSRK)
183 {
184 btm_sec_save_le_key (bd_addr, key_type, p_le_key, FALSE);
185 }
186
187 #endif
188
189 return(TRUE);
190 }
191
192 /*******************************************************************************
193 **
194 ** Function BTM_BleLoadLocalKeys
195 **
196 ** Description Local local identity key, encryption root or sign counter.
197 **
198 ** Parameters: key_type: type of key, can be BTM_BLE_KEY_TYPE_ID, BTM_BLE_KEY_TYPE_ER
199 ** or BTM_BLE_KEY_TYPE_COUNTER.
200 ** p_key: pointer to the key.
201 *
202 ** Returns non2.
203 **
204 *******************************************************************************/
BTM_BleLoadLocalKeys(UINT8 key_type,tBTM_BLE_LOCAL_KEYS * p_key)205 void BTM_BleLoadLocalKeys(UINT8 key_type, tBTM_BLE_LOCAL_KEYS *p_key)
206 {
207 tBTM_DEVCB *p_devcb = &btm_cb.devcb;
208 BTM_TRACE_DEBUG ("BTM_BleLoadLocalKeys");
209 if (p_key != NULL)
210 {
211 switch (key_type)
212 {
213 case BTM_BLE_KEY_TYPE_ID:
214 memcpy(&p_devcb->id_keys, &p_key->id_keys, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
215 break;
216
217 case BTM_BLE_KEY_TYPE_ER:
218 memcpy(p_devcb->er, p_key->er, sizeof(BT_OCTET16));
219 break;
220
221 default:
222 BTM_TRACE_ERROR("unknow local key type: %d", key_type);
223 break;
224 }
225 }
226 }
227
228 /*******************************************************************************
229 **
230 ** Function BTM_GetDeviceEncRoot
231 **
232 ** Description This function is called to read the local device encryption
233 ** root.
234 **
235 ** Returns void
236 ** the local device ER is copied into er
237 **
238 *******************************************************************************/
BTM_GetDeviceEncRoot(BT_OCTET16 er)239 void BTM_GetDeviceEncRoot (BT_OCTET16 er)
240 {
241 BTM_TRACE_DEBUG ("BTM_GetDeviceEncRoot");
242
243 memcpy (er, btm_cb.devcb.er, BT_OCTET16_LEN);
244 }
245
246 /*******************************************************************************
247 **
248 ** Function BTM_GetDeviceIDRoot
249 **
250 ** Description This function is called to read the local device identity
251 ** root.
252 **
253 ** Returns void
254 ** the local device IR is copied into irk
255 **
256 *******************************************************************************/
BTM_GetDeviceIDRoot(BT_OCTET16 irk)257 void BTM_GetDeviceIDRoot (BT_OCTET16 irk)
258 {
259 BTM_TRACE_DEBUG ("BTM_GetDeviceIDRoot ");
260
261 memcpy (irk, btm_cb.devcb.id_keys.irk, BT_OCTET16_LEN);
262 }
263
264 /*******************************************************************************
265 **
266 ** Function BTM_GetDeviceDHK
267 **
268 ** Description This function is called to read the local device DHK.
269 **
270 ** Returns void
271 ** the local device DHK is copied into dhk
272 **
273 *******************************************************************************/
BTM_GetDeviceDHK(BT_OCTET16 dhk)274 void BTM_GetDeviceDHK (BT_OCTET16 dhk)
275 {
276 BTM_TRACE_DEBUG ("BTM_GetDeviceDHK");
277 memcpy (dhk, btm_cb.devcb.id_keys.dhk, BT_OCTET16_LEN);
278 }
279
280 /*******************************************************************************
281 **
282 ** Function BTM_ReadConnectionAddr
283 **
284 ** Description This function is called to get the local device address information
285 ** .
286 **
287 ** Returns void
288 **
289 *******************************************************************************/
BTM_ReadConnectionAddr(BD_ADDR remote_bda,BD_ADDR local_conn_addr,tBLE_ADDR_TYPE * p_addr_type)290 void BTM_ReadConnectionAddr (BD_ADDR remote_bda, BD_ADDR local_conn_addr, tBLE_ADDR_TYPE *p_addr_type)
291 {
292 tACL_CONN *p_acl = btm_bda_to_acl(remote_bda, BT_TRANSPORT_LE);
293
294 if (p_acl == NULL)
295 {
296 BTM_TRACE_ERROR("No connection exist!");
297 return;
298 }
299 memcpy(local_conn_addr, p_acl->conn_addr, BD_ADDR_LEN);
300 * p_addr_type = p_acl->conn_addr_type;
301
302 BTM_TRACE_DEBUG ("BTM_ReadConnectionAddr address type: %d addr: 0x%02x",
303 p_acl->conn_addr_type, p_acl->conn_addr[0]);
304 }
305
306 /*******************************************************************************
307 **
308 ** Function BTM_IsBleConnection
309 **
310 ** Description This function is called to check if the connection handle
311 ** for an LE link
312 **
313 ** Returns TRUE if connection is LE link, otherwise FALSE.
314 **
315 *******************************************************************************/
BTM_IsBleConnection(UINT16 conn_handle)316 BOOLEAN BTM_IsBleConnection (UINT16 conn_handle)
317 {
318 #if (BLE_INCLUDED == TRUE)
319 UINT8 xx;
320 tACL_CONN *p;
321
322 BTM_TRACE_API ("BTM_IsBleConnection: conn_handle: %d", conn_handle);
323
324 xx = btm_handle_to_acl_index (conn_handle);
325 if (xx >= MAX_L2CAP_LINKS)
326 return FALSE;
327
328 p = &btm_cb.acl_db[xx];
329
330 return (p->transport == BT_TRANSPORT_LE);
331 #else
332 return FALSE;
333 #endif
334 }
335
336 /*******************************************************************************
337 **
338 ** Function BTM_ReadRemoteConnectionAddr
339 **
340 ** Description This function is read the remote device address currently used
341 **
342 ** Parameters pseudo_addr: pseudo random address available
343 ** conn_addr:connection address used
344 ** p_addr_type : BD Address type, Public or Random of the address used
345 **
346 ** Returns BOOLEAN , TRUE if connection to remote device exists, else FALSE
347 **
348 *******************************************************************************/
BTM_ReadRemoteConnectionAddr(BD_ADDR pseudo_addr,BD_ADDR conn_addr,tBLE_ADDR_TYPE * p_addr_type)349 BOOLEAN BTM_ReadRemoteConnectionAddr(BD_ADDR pseudo_addr, BD_ADDR conn_addr,
350 tBLE_ADDR_TYPE *p_addr_type)
351 {
352 BOOLEAN st = TRUE;
353 #if (BLE_PRIVACY_SPT == TRUE)
354 tACL_CONN *p = btm_bda_to_acl (pseudo_addr, BT_TRANSPORT_LE);
355
356 if (p == NULL)
357 {
358 BTM_TRACE_ERROR("BTM_ReadRemoteConnectionAddr can not find connection"
359 " with matching address");
360 return FALSE;
361 }
362
363 memcpy(conn_addr, p->active_remote_addr, BD_ADDR_LEN);
364 *p_addr_type = p->active_remote_addr_type;
365 #else
366 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(pseudo_addr);
367
368 memcpy(conn_addr, pseudo_addr, BD_ADDR_LEN);
369 if (p_dev_rec != NULL)
370 {
371 *p_addr_type = p_dev_rec->ble.ble_addr_type;
372 }
373 #endif
374 return st;
375
376 }
377 /*******************************************************************************
378 **
379 ** Function BTM_SecurityGrant
380 **
381 ** Description This function is called to grant security process.
382 **
383 ** Parameters bd_addr - peer device bd address.
384 ** res - result of the operation BTM_SUCCESS if success.
385 ** Otherwise, BTM_REPEATED_ATTEMPTS is too many attempts.
386 **
387 ** Returns None
388 **
389 *******************************************************************************/
BTM_SecurityGrant(BD_ADDR bd_addr,UINT8 res)390 void BTM_SecurityGrant(BD_ADDR bd_addr, UINT8 res)
391 {
392 #if SMP_INCLUDED == TRUE
393 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_REPEATED_ATTEMPTS;
394 BTM_TRACE_DEBUG ("BTM_SecurityGrant");
395 SMP_SecurityGrant(bd_addr, res_smp);
396 #endif
397 }
398
399 /*******************************************************************************
400 **
401 ** Function BTM_BlePasskeyReply
402 **
403 ** Description This function is called after Security Manager submitted
404 ** passkey request to the application.
405 **
406 ** Parameters: bd_addr - Address of the device for which passkey was requested
407 ** res - result of the operation BTM_SUCCESS if success
408 ** key_len - length in bytes of the Passkey
409 ** p_passkey - pointer to array with the passkey
410 ** trusted_mask - bitwise OR of trusted services (array of UINT32)
411 **
412 *******************************************************************************/
BTM_BlePasskeyReply(BD_ADDR bd_addr,UINT8 res,UINT32 passkey)413 void BTM_BlePasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey)
414 {
415 #if SMP_INCLUDED == TRUE
416 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
417 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_PASSKEY_ENTRY_FAIL;
418
419 if (p_dev_rec == NULL)
420 {
421 BTM_TRACE_ERROR("Passkey reply to Unknown device");
422 return;
423 }
424
425 p_dev_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_AUTHED;
426 BTM_TRACE_DEBUG ("BTM_BlePasskeyReply");
427 SMP_PasskeyReply(bd_addr, res_smp, passkey);
428 #endif
429 }
430
431 /*******************************************************************************
432 **
433 ** Function BTM_BleOobDataReply
434 **
435 ** Description This function is called to provide the OOB data for
436 ** SMP in response to BTM_LE_OOB_REQ_EVT
437 **
438 ** Parameters: bd_addr - Address of the peer device
439 ** res - result of the operation SMP_SUCCESS if success
440 ** p_data - simple pairing Randomizer C.
441 **
442 *******************************************************************************/
BTM_BleOobDataReply(BD_ADDR bd_addr,UINT8 res,UINT8 len,UINT8 * p_data)443 void BTM_BleOobDataReply(BD_ADDR bd_addr, UINT8 res, UINT8 len, UINT8 *p_data)
444 {
445 #if SMP_INCLUDED == TRUE
446 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_OOB_FAIL;
447 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
448
449 BTM_TRACE_DEBUG ("BTM_BleOobDataReply");
450
451 if (p_dev_rec == NULL)
452 {
453 BTM_TRACE_ERROR("BTM_BleOobDataReply() to Unknown device");
454 return;
455 }
456
457 p_dev_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_AUTHED;
458 SMP_OobDataReply(bd_addr, res_smp, len, p_data);
459 #endif
460 }
461
462 /******************************************************************************
463 **
464 ** Function BTM_BleSetConnScanParams
465 **
466 ** Description Set scan parameter used in BLE connection request
467 **
468 ** Parameters: scan_interval: scan interval
469 ** scan_window: scan window
470 **
471 ** Returns void
472 **
473 *******************************************************************************/
BTM_BleSetConnScanParams(UINT16 scan_interval,UINT16 scan_window)474 void BTM_BleSetConnScanParams (UINT16 scan_interval, UINT16 scan_window)
475 {
476 #if SMP_INCLUDED == TRUE
477 tBTM_BLE_CB *p_ble_cb = &btm_cb.ble_ctr_cb;
478 BOOLEAN new_param = FALSE;
479
480 if (BTM_BLE_VALID_PRAM(scan_interval, BTM_BLE_SCAN_INT_MIN, BTM_BLE_SCAN_INT_MAX) &&
481 BTM_BLE_VALID_PRAM(scan_window, BTM_BLE_SCAN_WIN_MIN, BTM_BLE_SCAN_WIN_MAX))
482 {
483 btu_stop_timer(&p_ble_cb->scan_param_idle_timer);
484
485 if (p_ble_cb->scan_int != scan_interval)
486 {
487 p_ble_cb->scan_int = scan_interval;
488 new_param = TRUE;
489 }
490
491 if (p_ble_cb->scan_win != scan_window)
492 {
493 p_ble_cb->scan_win = scan_window;
494 new_param = TRUE;
495 }
496
497 if (new_param && p_ble_cb->conn_state == BLE_BG_CONN)
498 {
499 btm_ble_suspend_bg_conn();
500 }
501 }
502 else
503 {
504 BTM_TRACE_ERROR("Illegal Connection Scan Parameters");
505 }
506 #endif
507 }
508
509 /********************************************************
510 **
511 ** Function BTM_BleSetPrefConnParams
512 **
513 ** Description Set a peripheral's preferred connection parameters
514 **
515 ** Parameters: bd_addr - BD address of the peripheral
516 ** scan_interval: scan interval
517 ** scan_window: scan window
518 ** min_conn_int - minimum preferred connection interval
519 ** max_conn_int - maximum preferred connection interval
520 ** slave_latency - preferred slave latency
521 ** supervision_tout - preferred supervision timeout
522 **
523 ** Returns void
524 **
525 *******************************************************************************/
BTM_BleSetPrefConnParams(BD_ADDR bd_addr,UINT16 min_conn_int,UINT16 max_conn_int,UINT16 slave_latency,UINT16 supervision_tout)526 void BTM_BleSetPrefConnParams (BD_ADDR bd_addr,
527 UINT16 min_conn_int, UINT16 max_conn_int,
528 UINT16 slave_latency, UINT16 supervision_tout)
529 {
530 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
531
532 BTM_TRACE_API ("BTM_BleSetPrefConnParams min: %u max: %u latency: %u \
533 tout: %u",
534 min_conn_int, max_conn_int, slave_latency, supervision_tout);
535
536 if (BTM_BLE_VALID_PRAM(min_conn_int, BTM_BLE_CONN_INT_MIN, BTM_BLE_CONN_INT_MAX) &&
537 BTM_BLE_VALID_PRAM(max_conn_int, BTM_BLE_CONN_INT_MIN, BTM_BLE_CONN_INT_MAX) &&
538 BTM_BLE_VALID_PRAM(supervision_tout, BTM_BLE_CONN_SUP_TOUT_MIN, BTM_BLE_CONN_SUP_TOUT_MAX) &&
539 (slave_latency <= BTM_BLE_CONN_LATENCY_MAX || slave_latency == BTM_BLE_CONN_PARAM_UNDEF))
540 {
541 if (p_dev_rec)
542 {
543 /* expect conn int and stout and slave latency to be updated all together */
544 if (min_conn_int != BTM_BLE_CONN_PARAM_UNDEF || max_conn_int != BTM_BLE_CONN_PARAM_UNDEF)
545 {
546 if (min_conn_int != BTM_BLE_CONN_PARAM_UNDEF)
547 p_dev_rec->conn_params.min_conn_int = min_conn_int;
548 else
549 p_dev_rec->conn_params.min_conn_int = max_conn_int;
550
551 if (max_conn_int != BTM_BLE_CONN_PARAM_UNDEF)
552 p_dev_rec->conn_params.max_conn_int = max_conn_int;
553 else
554 p_dev_rec->conn_params.max_conn_int = min_conn_int;
555
556 if (slave_latency != BTM_BLE_CONN_PARAM_UNDEF)
557 p_dev_rec->conn_params.slave_latency = slave_latency;
558 else
559 p_dev_rec->conn_params.slave_latency = BTM_BLE_CONN_SLAVE_LATENCY_DEF;
560
561 if (supervision_tout != BTM_BLE_CONN_PARAM_UNDEF)
562 p_dev_rec->conn_params.supervision_tout = supervision_tout;
563 else
564 p_dev_rec->conn_params.supervision_tout = BTM_BLE_CONN_TIMEOUT_DEF;
565
566 }
567
568 }
569 else
570 {
571 BTM_TRACE_ERROR("Unknown Device, setting rejected");
572 }
573 }
574 else
575 {
576 BTM_TRACE_ERROR("Illegal Connection Parameters");
577 }
578 }
579
580 /*******************************************************************************
581 **
582 ** Function BTM_ReadDevInfo
583 **
584 ** Description This function is called to read the device/address type
585 ** of BD address.
586 **
587 ** Parameter remote_bda: remote device address
588 ** p_dev_type: output parameter to read the device type.
589 ** p_addr_type: output parameter to read the address type.
590 **
591 *******************************************************************************/
BTM_ReadDevInfo(BD_ADDR remote_bda,tBT_DEVICE_TYPE * p_dev_type,tBLE_ADDR_TYPE * p_addr_type)592 void BTM_ReadDevInfo (BD_ADDR remote_bda, tBT_DEVICE_TYPE *p_dev_type, tBLE_ADDR_TYPE *p_addr_type)
593 {
594 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (remote_bda);
595 tBTM_INQ_INFO *p_inq_info = BTM_InqDbRead(remote_bda);
596
597 *p_dev_type = BT_DEVICE_TYPE_BREDR;
598 *p_addr_type = BLE_ADDR_PUBLIC;
599
600 if (!p_dev_rec)
601 {
602 /* Check with the BT manager if details about remote device are known */
603 if (p_inq_info != NULL)
604 {
605 *p_dev_type = p_inq_info->results.device_type ;
606 *p_addr_type = p_inq_info->results.ble_addr_type;
607 } else {
608 /* unknown device, assume BR/EDR */
609 BTM_TRACE_DEBUG ("btm_find_dev_type - unknown device, BR/EDR assumed");
610 }
611 }
612 else /* there is a security device record exisitng */
613 {
614 /* new inquiry result, overwrite device type in security device record */
615 if (p_inq_info)
616 {
617 p_dev_rec->device_type = p_inq_info->results.device_type;
618 p_dev_rec->ble.ble_addr_type = p_inq_info->results.ble_addr_type;
619 }
620 *p_dev_type = p_dev_rec->device_type;
621 *p_addr_type = p_dev_rec->ble.ble_addr_type;
622
623 }
624
625 BTM_TRACE_DEBUG ("btm_find_dev_type - device_type = %d addr_type = %d", *p_dev_type , *p_addr_type);
626 }
627
628 /*******************************************************************************
629 **
630 ** Function BTM_BleReceiverTest
631 **
632 ** Description This function is called to start the LE Receiver test
633 **
634 ** Parameter rx_freq - Frequency Range
635 ** p_cmd_cmpl_cback - Command Complete callback
636 **
637 *******************************************************************************/
BTM_BleReceiverTest(UINT8 rx_freq,tBTM_CMPL_CB * p_cmd_cmpl_cback)638 void BTM_BleReceiverTest(UINT8 rx_freq, tBTM_CMPL_CB *p_cmd_cmpl_cback)
639 {
640 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback;
641
642 if (btsnd_hcic_ble_receiver_test(rx_freq) == FALSE)
643 {
644 BTM_TRACE_ERROR("%s: Unable to Trigger LE receiver test", __FUNCTION__);
645 }
646 }
647
648 /*******************************************************************************
649 **
650 ** Function BTM_BleTransmitterTest
651 **
652 ** Description This function is called to start the LE Transmitter test
653 **
654 ** Parameter tx_freq - Frequency Range
655 ** test_data_len - Length in bytes of payload data in each packet
656 ** packet_payload - Pattern to use in the payload
657 ** p_cmd_cmpl_cback - Command Complete callback
658 **
659 *******************************************************************************/
BTM_BleTransmitterTest(UINT8 tx_freq,UINT8 test_data_len,UINT8 packet_payload,tBTM_CMPL_CB * p_cmd_cmpl_cback)660 void BTM_BleTransmitterTest(UINT8 tx_freq, UINT8 test_data_len,
661 UINT8 packet_payload, tBTM_CMPL_CB *p_cmd_cmpl_cback)
662 {
663 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback;
664 if (btsnd_hcic_ble_transmitter_test(tx_freq, test_data_len, packet_payload) == FALSE)
665 {
666 BTM_TRACE_ERROR("%s: Unable to Trigger LE transmitter test", __FUNCTION__);
667 }
668 }
669
670 /*******************************************************************************
671 **
672 ** Function BTM_BleTestEnd
673 **
674 ** Description This function is called to stop the in-progress TX or RX test
675 **
676 ** Parameter p_cmd_cmpl_cback - Command complete callback
677 **
678 *******************************************************************************/
BTM_BleTestEnd(tBTM_CMPL_CB * p_cmd_cmpl_cback)679 void BTM_BleTestEnd(tBTM_CMPL_CB *p_cmd_cmpl_cback)
680 {
681 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback;
682
683 if (btsnd_hcic_ble_test_end() == FALSE)
684 {
685 BTM_TRACE_ERROR("%s: Unable to End the LE TX/RX test", __FUNCTION__);
686 }
687 }
688
689 /*******************************************************************************
690 ** Internal Functions
691 *******************************************************************************/
btm_ble_test_command_complete(UINT8 * p)692 void btm_ble_test_command_complete(UINT8 *p)
693 {
694 tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_le_test_cmd_cmpl_cb;
695 UINT8 status;
696
697 btm_cb.devcb.p_le_test_cmd_cmpl_cb = NULL;
698
699 if (p_cb)
700 {
701 (*p_cb)(p);
702 }
703 }
704
705 /*******************************************************************************
706 **
707 ** Function BTM_UseLeLink
708 **
709 ** Description This function is to select the underneath physical link to use.
710 **
711 ** Returns TRUE to use LE, FALSE use BR/EDR.
712 **
713 *******************************************************************************/
BTM_UseLeLink(BD_ADDR bd_addr)714 BOOLEAN BTM_UseLeLink (BD_ADDR bd_addr)
715 {
716 tACL_CONN *p;
717 tBT_DEVICE_TYPE dev_type;
718 tBLE_ADDR_TYPE addr_type;
719 BOOLEAN use_le = FALSE;
720
721 if ((p = btm_bda_to_acl(bd_addr, BT_TRANSPORT_BR_EDR)) != NULL)
722 {
723 return use_le;
724 }
725 else if ((p = btm_bda_to_acl(bd_addr, BT_TRANSPORT_LE)) != NULL)
726 {
727 use_le = TRUE;
728 }
729 else
730 {
731 BTM_ReadDevInfo(bd_addr, &dev_type, &addr_type);
732 use_le = (dev_type == BT_DEVICE_TYPE_BLE);
733 }
734 return use_le;
735 }
736 /*******************************************************************************
737 **
738 ** Function btm_ble_rand_enc_complete
739 **
740 ** Description This function is the callback functions for HCI_Rand command
741 ** and HCI_Encrypt command is completed.
742 ** This message is received from the HCI.
743 **
744 ** Returns void
745 **
746 *******************************************************************************/
btm_ble_rand_enc_complete(UINT8 * p,UINT16 op_code,tBTM_RAND_ENC_CB * p_enc_cplt_cback)747 void btm_ble_rand_enc_complete (UINT8 *p, UINT16 op_code, tBTM_RAND_ENC_CB *p_enc_cplt_cback)
748 {
749 tBTM_RAND_ENC params;
750 UINT8 *p_dest = params.param_buf;
751
752 BTM_TRACE_DEBUG ("btm_ble_rand_enc_complete");
753
754 memset(¶ms, 0, sizeof(tBTM_RAND_ENC));
755
756 /* If there was a callback address for vcs complete, call it */
757 if (p_enc_cplt_cback && p)
758 {
759 /* Pass paramters to the callback function */
760 STREAM_TO_UINT8(params.status, p); /* command status */
761
762 if (params.status == HCI_SUCCESS)
763 {
764 params.opcode = op_code;
765
766 if (op_code == HCI_BLE_RAND)
767 params.param_len = BT_OCTET8_LEN;
768 else
769 params.param_len = BT_OCTET16_LEN;
770
771 memcpy(p_dest, p, params.param_len); /* Fetch return info from HCI event message */
772 }
773 if (p_enc_cplt_cback)
774 (*p_enc_cplt_cback)(¶ms); /* Call the Encryption complete callback function */
775 }
776 }
777
778
779 #if (SMP_INCLUDED == TRUE)
780
781 /*******************************************************************************
782 **
783 ** Function btm_ble_get_enc_key_type
784 **
785 ** Description This function is to increment local sign counter
786 ** Returns None
787 **
788 *******************************************************************************/
btm_ble_increment_sign_ctr(BD_ADDR bd_addr,BOOLEAN is_local)789 void btm_ble_increment_sign_ctr(BD_ADDR bd_addr, BOOLEAN is_local )
790 {
791 tBTM_SEC_DEV_REC *p_dev_rec;
792
793 BTM_TRACE_DEBUG ("btm_ble_increment_sign_ctr is_local=%d", is_local);
794
795 if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL)
796 {
797 if (is_local)
798 p_dev_rec->ble.keys.local_counter++;
799 else
800 p_dev_rec->ble.keys.counter++;
801 BTM_TRACE_DEBUG ("is_local=%d local sign counter=%d peer sign counter=%d",
802 is_local,
803 p_dev_rec->ble.keys.local_counter,
804 p_dev_rec->ble.keys.counter);
805 }
806 }
807
808 /*******************************************************************************
809 **
810 ** Function btm_ble_get_enc_key_type
811 **
812 ** Description This function is to get the BLE key type that has been exchanged
813 ** in betweem local device and peer device.
814 **
815 ** Returns p_key_type: output parameter to carry the key type value.
816 **
817 *******************************************************************************/
btm_ble_get_enc_key_type(BD_ADDR bd_addr,UINT8 * p_key_types)818 BOOLEAN btm_ble_get_enc_key_type(BD_ADDR bd_addr, UINT8 *p_key_types)
819 {
820 tBTM_SEC_DEV_REC *p_dev_rec;
821
822 BTM_TRACE_DEBUG ("btm_ble_get_enc_key_type");
823
824 if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL)
825 {
826 *p_key_types = p_dev_rec->ble.key_type;
827 return TRUE;
828 }
829 return FALSE;
830 }
831
832 /*******************************************************************************
833 **
834 ** Function btm_get_local_div
835 **
836 ** Description This function is called to read the local DIV
837 **
838 ** Returns TURE - if a valid DIV is availavle
839 *******************************************************************************/
btm_get_local_div(BD_ADDR bd_addr,UINT16 * p_div)840 BOOLEAN btm_get_local_div (BD_ADDR bd_addr, UINT16 *p_div)
841 {
842 tBTM_SEC_DEV_REC *p_dev_rec;
843 BOOLEAN status = FALSE;
844 BTM_TRACE_DEBUG ("btm_get_local_div");
845
846 BTM_TRACE_DEBUG("bd_addr:%02x-%02x-%02x-%02x-%02x-%02x",
847 bd_addr[0],bd_addr[1],
848 bd_addr[2],bd_addr[3],
849 bd_addr[4],bd_addr[5]);
850
851 *p_div = 0;
852 p_dev_rec = btm_find_dev (bd_addr);
853
854 if (p_dev_rec && p_dev_rec->ble.keys.div)
855 {
856 status = TRUE;
857 *p_div = p_dev_rec->ble.keys.div;
858 }
859 BTM_TRACE_DEBUG ("btm_get_local_div status=%d (1-OK) DIV=0x%x", status, *p_div);
860 return status;
861 }
862
863 /*******************************************************************************
864 **
865 ** Function btm_sec_save_le_key
866 **
867 ** Description This function is called by the SMP to update
868 ** an BLE key. SMP is internal, whereas all the keys shall
869 ** be sent to the application. The function is also called
870 ** when application passes ble key stored in NVRAM to the btm_sec.
871 ** pass_to_application parameter is false in this case.
872 **
873 ** Returns void
874 **
875 *******************************************************************************/
btm_sec_save_le_key(BD_ADDR bd_addr,tBTM_LE_KEY_TYPE key_type,tBTM_LE_KEY_VALUE * p_keys,BOOLEAN pass_to_application)876 void btm_sec_save_le_key(BD_ADDR bd_addr, tBTM_LE_KEY_TYPE key_type, tBTM_LE_KEY_VALUE *p_keys,
877 BOOLEAN pass_to_application)
878 {
879 tBTM_SEC_DEV_REC *p_rec;
880 tBTM_LE_EVT_DATA cb_data;
881 UINT8 i;
882
883 BTM_TRACE_DEBUG ("btm_sec_save_le_key key_type=0x%x pass_to_application=%d",key_type, pass_to_application);
884 /* Store the updated key in the device database */
885
886 BTM_TRACE_DEBUG("bd_addr:%02x-%02x-%02x-%02x-%02x-%02x",
887 bd_addr[0],bd_addr[1],
888 bd_addr[2],bd_addr[3],
889 bd_addr[4],bd_addr[5]);
890
891 if ((p_rec = btm_find_dev (bd_addr)) != NULL && p_keys)
892 {
893 switch (key_type)
894 {
895 case BTM_LE_KEY_PENC:
896 memcpy(p_rec->ble.keys.ltk, p_keys->penc_key.ltk, BT_OCTET16_LEN);
897 memcpy(p_rec->ble.keys.rand, p_keys->penc_key.rand, BT_OCTET8_LEN);
898 p_rec->ble.keys.sec_level = p_keys->penc_key.sec_level;
899 p_rec->ble.keys.ediv = p_keys->penc_key.ediv;
900 p_rec->ble.keys.key_size = p_keys->penc_key.key_size;
901 p_rec->ble.key_type |= BTM_LE_KEY_PENC;
902 p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_KNOWN;
903 if (p_keys->penc_key.sec_level == SMP_SEC_AUTHENTICATED)
904 p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_AUTHED;
905 else
906 p_rec->sec_flags &= ~BTM_SEC_LE_LINK_KEY_AUTHED;
907 BTM_TRACE_DEBUG("BTM_LE_KEY_PENC key_type=0x%x sec_flags=0x%x sec_leve=0x%x",
908 p_rec->ble.key_type,
909 p_rec->sec_flags,
910 p_rec->ble.keys.sec_level);
911 break;
912
913 case BTM_LE_KEY_PID:
914 for (i=0; i<BT_OCTET16_LEN; i++)
915 {
916 p_rec->ble.keys.irk[i] = p_keys->pid_key.irk[i];
917 }
918
919 //memcpy( p_rec->ble.keys.irk, p_keys->pid_key, BT_OCTET16_LEN); todo will crash the system
920 memcpy(p_rec->ble.static_addr, p_keys->pid_key.static_addr, BD_ADDR_LEN);
921 p_rec->ble.static_addr_type = p_keys->pid_key.addr_type;
922 p_rec->ble.key_type |= BTM_LE_KEY_PID;
923 BTM_TRACE_DEBUG("BTM_LE_KEY_PID key_type=0x%x save peer IRK", p_rec->ble.key_type);
924 break;
925
926 case BTM_LE_KEY_PCSRK:
927 memcpy(p_rec->ble.keys.csrk, p_keys->pcsrk_key.csrk, BT_OCTET16_LEN);
928 p_rec->ble.keys.srk_sec_level = p_keys->pcsrk_key.sec_level;
929 p_rec->ble.keys.counter = p_keys->pcsrk_key.counter;
930 p_rec->ble.key_type |= BTM_LE_KEY_PCSRK;
931 p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_KNOWN;
932 if ( p_keys->pcsrk_key.sec_level== SMP_SEC_AUTHENTICATED)
933 p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_AUTHED;
934 else
935 p_rec->sec_flags &= ~BTM_SEC_LE_LINK_KEY_AUTHED;
936
937 BTM_TRACE_DEBUG("BTM_LE_KEY_PCSRK key_type=0x%x sec_flags=0x%x sec_level=0x%x peer_counter=%d",
938 p_rec->ble.key_type,
939 p_rec->sec_flags,
940 p_rec->ble.keys.srk_sec_level,
941 p_rec->ble.keys.counter );
942 break;
943
944 case BTM_LE_KEY_LENC:
945 p_rec->ble.keys.div = p_keys->lenc_key.div; /* update DIV */
946 p_rec->ble.keys.sec_level = p_keys->lenc_key.sec_level;
947 p_rec->ble.keys.key_size = p_keys->lenc_key.key_size;
948 p_rec->ble.key_type |= BTM_LE_KEY_LENC;
949
950 BTM_TRACE_DEBUG("BTM_LE_KEY_LENC key_type=0x%x DIV=0x%x key_size=0x%x sec_level=0x%x",
951 p_rec->ble.key_type,
952 p_rec->ble.keys.div,
953 p_rec->ble.keys.key_size,
954 p_rec->ble.keys.sec_level );
955 break;
956
957 case BTM_LE_KEY_LCSRK:/* local CSRK has been delivered */
958 p_rec->ble.keys.div = p_keys->lcsrk_key.div; /* update DIV */
959 p_rec->ble.keys.local_csrk_sec_level = p_keys->lcsrk_key.sec_level;
960 p_rec->ble.keys.local_counter = p_keys->lcsrk_key.counter;
961 p_rec->ble.key_type |= BTM_LE_KEY_LCSRK;
962 BTM_TRACE_DEBUG("BTM_LE_KEY_LCSRK key_type=0x%x DIV=0x%x scrk_sec_level=0x%x local_counter=%d",
963 p_rec->ble.key_type,
964 p_rec->ble.keys.div,
965 p_rec->ble.keys.local_csrk_sec_level,
966 p_rec->ble.keys.local_counter );
967 break;
968
969 default:
970 BTM_TRACE_WARNING("btm_sec_save_le_key (Bad key_type 0x%02x)", key_type);
971 return;
972 }
973
974 BTM_TRACE_DEBUG ("BLE key type 0x%02x updated for BDA: %08x%04x (btm_sec_save_le_key)", key_type,
975 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3],
976 (bd_addr[4]<<8)+bd_addr[5]);
977
978 /* Notify the application that one of the BLE keys has been updated
979 If link key is in progress, it will get sent later.*/
980 if (pass_to_application && btm_cb.api.p_le_callback)
981 {
982 cb_data.key.p_key_value = p_keys;
983 cb_data.key.key_type = key_type;
984 (*btm_cb.api.p_le_callback) (BTM_LE_KEY_EVT, bd_addr, &cb_data);
985 }
986 return;
987 }
988
989 BTM_TRACE_WARNING ("BLE key type 0x%02x called for Unknown BDA or type: %08x%04x !! (btm_sec_save_le_key)", key_type,
990 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3],
991 (bd_addr[4]<<8)+bd_addr[5]);
992
993 if (p_rec)
994 {
995 BTM_TRACE_DEBUG ("sec_flags=0x%x", p_rec->sec_flags);
996 }
997 }
998
999 /*******************************************************************************
1000 **
1001 ** Function btm_ble_update_sec_key_size
1002 **
1003 ** Description update the current lin kencryption key size
1004 **
1005 ** Returns void
1006 **
1007 *******************************************************************************/
btm_ble_update_sec_key_size(BD_ADDR bd_addr,UINT8 enc_key_size)1008 void btm_ble_update_sec_key_size(BD_ADDR bd_addr, UINT8 enc_key_size)
1009 {
1010 tBTM_SEC_DEV_REC *p_rec;
1011
1012 BTM_TRACE_DEBUG("btm_ble_update_sec_key_size enc_key_size = %d", enc_key_size);
1013
1014 if ((p_rec = btm_find_dev (bd_addr)) != NULL )
1015 {
1016 p_rec->enc_key_size = enc_key_size;
1017 }
1018 }
1019
1020 /*******************************************************************************
1021 **
1022 ** Function btm_ble_read_sec_key_size
1023 **
1024 ** Description update the current lin kencryption key size
1025 **
1026 ** Returns void
1027 **
1028 *******************************************************************************/
btm_ble_read_sec_key_size(BD_ADDR bd_addr)1029 UINT8 btm_ble_read_sec_key_size(BD_ADDR bd_addr)
1030 {
1031 tBTM_SEC_DEV_REC *p_rec;
1032
1033 if ((p_rec = btm_find_dev (bd_addr)) != NULL )
1034 {
1035 return p_rec->enc_key_size;
1036 }
1037 else
1038 return 0;
1039 }
1040
1041 /*******************************************************************************
1042 **
1043 ** Function btm_ble_link_sec_check
1044 **
1045 ** Description Check BLE link security level match.
1046 **
1047 ** Returns TRUE: check is OK and the *p_sec_req_act contain the action
1048 **
1049 *******************************************************************************/
btm_ble_link_sec_check(BD_ADDR bd_addr,tBTM_LE_AUTH_REQ auth_req,tBTM_BLE_SEC_REQ_ACT * p_sec_req_act)1050 void btm_ble_link_sec_check(BD_ADDR bd_addr, tBTM_LE_AUTH_REQ auth_req, tBTM_BLE_SEC_REQ_ACT *p_sec_req_act)
1051 {
1052 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
1053 UINT8 req_sec_level = BTM_LE_SEC_NONE, cur_sec_level = BTM_LE_SEC_NONE;
1054
1055 BTM_TRACE_DEBUG ("btm_ble_link_sec_check auth_req =0x%x", auth_req);
1056
1057 if (p_dev_rec == NULL)
1058 {
1059 BTM_TRACE_ERROR ("btm_ble_link_sec_check received for unknown device");
1060 return;
1061 }
1062
1063 if (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING ||
1064 p_dev_rec->sec_state == BTM_SEC_STATE_AUTHENTICATING)
1065 {
1066 /* race condition: discard the security request while master is encrypting the link */
1067 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_DISCARD;
1068 }
1069 else
1070 {
1071 req_sec_level = BTM_LE_SEC_UNAUTHENTICATE;
1072 if ((auth_req == (BTM_LE_AUTH_REQ_BOND|BTM_LE_AUTH_REQ_MITM)) ||
1073 (auth_req == (BTM_LE_AUTH_REQ_MITM)) )
1074 {
1075 req_sec_level = BTM_LE_SEC_AUTHENTICATED;
1076 }
1077
1078 BTM_TRACE_DEBUG ("dev_rec sec_flags=0x%x", p_dev_rec->sec_flags);
1079
1080 /* currently encrpted */
1081 if (p_dev_rec->sec_flags & BTM_SEC_LE_ENCRYPTED)
1082 {
1083 if (p_dev_rec->sec_flags & BTM_SEC_LE_LINK_KEY_AUTHED)
1084 cur_sec_level = BTM_LE_SEC_AUTHENTICATED;
1085 else
1086 cur_sec_level = BTM_LE_SEC_UNAUTHENTICATE;
1087 }
1088 else /* unencrypted link */
1089 {
1090 /* if bonded, get the key security level */
1091 if (p_dev_rec->ble.key_type & BTM_LE_KEY_PENC)
1092 cur_sec_level = p_dev_rec->ble.keys.sec_level;
1093 else
1094 cur_sec_level = BTM_LE_SEC_NONE;
1095 }
1096
1097 if (cur_sec_level >= req_sec_level)
1098 {
1099 if (cur_sec_level == BTM_LE_SEC_NONE)
1100 {
1101 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_NONE;
1102 }
1103 else
1104 {
1105 /* To avoid re-encryption on an encrypted link for an equal condition encryption */
1106 /* if link has been encrypted, do nothing, go straight to furhter action
1107 if (p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED)
1108 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_DISCARD;
1109 else
1110 */
1111 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_ENCRYPT;
1112 }
1113 }
1114 else
1115 {
1116 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_PAIR; /* start the pariring process to upgrade the keys*/
1117 }
1118 }
1119
1120 BTM_TRACE_DEBUG("cur_sec_level=%d req_sec_level=%d sec_req_act=%d",
1121 cur_sec_level,
1122 req_sec_level,
1123 *p_sec_req_act);
1124
1125 }
1126
1127 /*******************************************************************************
1128 **
1129 ** Function btm_ble_set_encryption
1130 **
1131 ** Description This function is called to ensure that LE connection is
1132 ** encrypted. Should be called only on an open connection.
1133 ** Typically only needed for connections that first want to
1134 ** bring up unencrypted links, then later encrypt them.
1135 **
1136 ** Returns void
1137 ** the local device ER is copied into er
1138 **
1139 *******************************************************************************/
btm_ble_set_encryption(BD_ADDR bd_addr,void * p_ref_data,UINT8 link_role)1140 tBTM_STATUS btm_ble_set_encryption (BD_ADDR bd_addr, void *p_ref_data, UINT8 link_role)
1141 {
1142 tBTM_STATUS cmd = BTM_NO_RESOURCES;
1143 tBTM_BLE_SEC_ACT sec_act = *(tBTM_BLE_SEC_ACT *)p_ref_data ;
1144 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr);
1145
1146 if (p_rec == NULL)
1147 {
1148 BTM_TRACE_WARNING ("btm_ble_set_encryption (NULL device record!! sec_act=0x%x", sec_act);
1149 return(BTM_WRONG_MODE);
1150 }
1151
1152 BTM_TRACE_DEBUG ("btm_ble_set_encryption sec_act=0x%x role_master=%d", sec_act, p_rec->role_master);
1153
1154 if (sec_act == BTM_BLE_SEC_ENCRYPT_MITM)
1155 {
1156 p_rec->security_required |= BTM_SEC_IN_MITM;
1157 }
1158
1159 switch (sec_act)
1160 {
1161 case BTM_BLE_SEC_ENCRYPT:
1162 if (link_role == BTM_ROLE_MASTER)
1163 {
1164 if(p_rec->sec_state == BTM_SEC_STATE_ENCRYPTING) {
1165 BTM_TRACE_DEBUG ("State is already encrypting::");
1166 cmd = BTM_CMD_STARTED;
1167 }
1168 else {
1169 /* start link layer encryption using the security info stored */
1170 if (btm_ble_start_encrypt(bd_addr, FALSE, NULL))
1171 {
1172 p_rec->sec_state = BTM_SEC_STATE_ENCRYPTING;
1173 cmd = BTM_CMD_STARTED;
1174 }
1175 }
1176 break;
1177 }
1178 /* if salve role then fall through to call SMP_Pair below which will send a
1179 sec_request to request the master to encrypt the link */
1180 case BTM_BLE_SEC_ENCRYPT_NO_MITM:
1181 case BTM_BLE_SEC_ENCRYPT_MITM:
1182
1183 if (SMP_Pair(bd_addr) == SMP_STARTED)
1184 {
1185 cmd = BTM_CMD_STARTED;
1186 p_rec->sec_state = BTM_SEC_STATE_AUTHENTICATING;
1187 }
1188 break;
1189
1190 default:
1191 cmd = BTM_WRONG_MODE;
1192 break;
1193 }
1194 return cmd;
1195 }
1196
1197 /*******************************************************************************
1198 **
1199 ** Function btm_ble_ltk_request
1200 **
1201 ** Description This function is called when encryption request is received
1202 ** on a slave device.
1203 **
1204 **
1205 ** Returns void
1206 **
1207 *******************************************************************************/
btm_ble_ltk_request(UINT16 handle,UINT8 rand[8],UINT16 ediv)1208 void btm_ble_ltk_request(UINT16 handle, UINT8 rand[8], UINT16 ediv)
1209 {
1210 tBTM_CB *p_cb = &btm_cb;
1211 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev_by_handle (handle);
1212 BT_OCTET8 dummy_stk = {0};
1213
1214 BTM_TRACE_DEBUG ("btm_ble_ltk_request");
1215
1216 p_cb->ediv = ediv;
1217
1218 memcpy(p_cb->enc_rand, rand, BT_OCTET8_LEN);
1219
1220 if (p_dev_rec != NULL)
1221 {
1222 if (!smp_proc_ltk_request(p_dev_rec->bd_addr))
1223 btm_ble_ltk_request_reply(p_dev_rec->bd_addr, FALSE, dummy_stk);
1224 }
1225
1226 }
1227
1228 /*******************************************************************************
1229 **
1230 ** Function btm_ble_start_encrypt
1231 **
1232 ** Description This function is called to start LE encryption.
1233 **
1234 **
1235 ** Returns BTM_SUCCESS if encryption was started successfully
1236 **
1237 *******************************************************************************/
btm_ble_start_encrypt(BD_ADDR bda,BOOLEAN use_stk,BT_OCTET16 stk)1238 tBTM_STATUS btm_ble_start_encrypt(BD_ADDR bda, BOOLEAN use_stk, BT_OCTET16 stk)
1239 {
1240 tBTM_CB *p_cb = &btm_cb;
1241 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bda);
1242 BT_OCTET8 dummy_rand = {0};
1243 tBTM_STATUS rt = BTM_NO_RESOURCES;
1244
1245 BTM_TRACE_DEBUG ("btm_ble_start_encrypt");
1246
1247 if (!p_rec )
1248 {
1249 BTM_TRACE_ERROR("Link is not active, can not encrypt!");
1250 return BTM_WRONG_MODE;
1251 }
1252
1253 if (p_rec->sec_state == BTM_SEC_STATE_ENCRYPTING)
1254 {
1255 BTM_TRACE_WARNING("Link Encryption is active, Busy!");
1256 return BTM_BUSY;
1257 }
1258
1259 p_cb->enc_handle = p_rec->ble_hci_handle;
1260
1261 if (use_stk)
1262 {
1263 if (btsnd_hcic_ble_start_enc(p_rec->ble_hci_handle, dummy_rand, 0, stk))
1264 rt = BTM_CMD_STARTED;
1265 }
1266 else if (p_rec->ble.key_type & BTM_LE_KEY_PENC)
1267 {
1268 if (btsnd_hcic_ble_start_enc(p_rec->ble_hci_handle, p_rec->ble.keys.rand,
1269 p_rec->ble.keys.ediv, p_rec->ble.keys.ltk))
1270 rt = BTM_CMD_STARTED;
1271 }
1272 else
1273 {
1274 BTM_TRACE_ERROR("No key available to encrypt the link");
1275 }
1276 if (rt == BTM_CMD_STARTED)
1277 {
1278 if (p_rec->sec_state == BTM_SEC_STATE_IDLE)
1279 p_rec->sec_state = BTM_SEC_STATE_ENCRYPTING;
1280 }
1281
1282 return rt;
1283 }
1284
1285 /*******************************************************************************
1286 **
1287 ** Function btm_ble_link_encrypted
1288 **
1289 ** Description This function is called when LE link encrption status is changed.
1290 **
1291 ** Returns void
1292 **
1293 *******************************************************************************/
btm_ble_link_encrypted(BD_ADDR bd_addr,UINT8 encr_enable)1294 void btm_ble_link_encrypted(BD_ADDR bd_addr, UINT8 encr_enable)
1295 {
1296 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
1297 BOOLEAN enc_cback;
1298
1299 if (!p_dev_rec)
1300 {
1301 BTM_TRACE_WARNING ("btm_ble_link_encrypted (No Device Found!) encr_enable=%d", encr_enable);
1302 return;
1303 }
1304
1305 BTM_TRACE_DEBUG ("btm_ble_link_encrypted encr_enable=%d", encr_enable);
1306
1307 enc_cback = (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING);
1308
1309 smp_link_encrypted(bd_addr, encr_enable);
1310
1311 BTM_TRACE_DEBUG(" p_dev_rec->sec_flags=0x%x", p_dev_rec->sec_flags);
1312
1313 if (encr_enable && p_dev_rec->enc_key_size == 0)
1314 p_dev_rec->enc_key_size = p_dev_rec->ble.keys.key_size;
1315
1316 p_dev_rec->sec_state = BTM_SEC_STATE_IDLE;
1317 if (p_dev_rec->p_callback && enc_cback)
1318 {
1319 if (encr_enable)
1320 btm_sec_dev_rec_cback_event(p_dev_rec, BTM_SUCCESS, TRUE);
1321 else if (p_dev_rec->role_master)
1322 btm_sec_dev_rec_cback_event(p_dev_rec, BTM_ERR_PROCESSING, TRUE);
1323
1324 }
1325 /* to notify GATT to send data if any request is pending */
1326 gatt_notify_enc_cmpl(p_dev_rec->bd_addr);
1327 }
1328
1329 /*******************************************************************************
1330 ** Function btm_enc_proc_ltk
1331 ** Description send LTK reply when it's ready.
1332 *******************************************************************************/
btm_enc_proc_ltk(tSMP_ENC * p)1333 static void btm_enc_proc_ltk(tSMP_ENC *p)
1334 {
1335 UINT8 i;
1336 BTM_TRACE_DEBUG ("btm_enc_proc_ltk");
1337 if (p && p->param_len == BT_OCTET16_LEN)
1338 {
1339 for (i = 0; i < (BT_OCTET16_LEN - btm_cb.key_size); i ++)
1340 p->param_buf[BT_OCTET16_LEN - i - 1] = 0;
1341 btsnd_hcic_ble_ltk_req_reply(btm_cb.enc_handle, p->param_buf);
1342 }
1343 }
1344
1345 /*******************************************************************************
1346 ** Function btm_enc_proc_slave_y
1347 ** Description calculate LTK when Y is ready
1348 *******************************************************************************/
btm_enc_proc_slave_y(tSMP_ENC * p)1349 static void btm_enc_proc_slave_y(tSMP_ENC *p)
1350 {
1351 UINT16 div, y;
1352 UINT8 *pp = p->param_buf;
1353 tBTM_CB *p_cb = &btm_cb;
1354 tSMP_ENC output;
1355 tBTM_SEC_DEV_REC *p_dev_rec;
1356
1357 BTM_TRACE_DEBUG ("btm_enc_proc_slave_y");
1358 if (p != NULL)
1359 {
1360 STREAM_TO_UINT16(y, pp);
1361
1362 div = p_cb->ediv ^ y;
1363 p_dev_rec = btm_find_dev_by_handle (p_cb->enc_handle);
1364
1365 if ( p_dev_rec &&
1366 p_dev_rec->ble.keys.div == div )
1367 {
1368 BTM_TRACE_DEBUG ("LTK request OK");
1369 /* calculating LTK , LTK = E er(div) */
1370 SMP_Encrypt(p_cb->devcb.er, BT_OCTET16_LEN, (UINT8 *)&div, 2, &output);
1371 btm_enc_proc_ltk(&output);
1372 }
1373 else
1374 {
1375 BTM_TRACE_DEBUG ("LTK request failed - send negative reply");
1376 btsnd_hcic_ble_ltk_req_neg_reply(p_cb->enc_handle);
1377 if (p_dev_rec)
1378 btm_ble_link_encrypted(p_dev_rec->bd_addr, 0);
1379
1380 }
1381 }
1382 }
1383
1384 /*******************************************************************************
1385 **
1386 ** Function btm_ble_ltk_request_reply
1387 **
1388 ** Description This function is called to send a LTK request reply on a slave
1389 ** device.
1390 **
1391 ** Returns void
1392 **
1393 *******************************************************************************/
btm_ble_ltk_request_reply(BD_ADDR bda,BOOLEAN use_stk,BT_OCTET16 stk)1394 void btm_ble_ltk_request_reply(BD_ADDR bda, BOOLEAN use_stk, BT_OCTET16 stk)
1395 {
1396 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bda);
1397 tBTM_CB *p_cb = &btm_cb;
1398 tSMP_ENC output;
1399
1400 if (p_rec == NULL)
1401 {
1402 BTM_TRACE_ERROR("btm_ble_ltk_request_reply received for unknown device");
1403 return;
1404 }
1405
1406 BTM_TRACE_DEBUG ("btm_ble_ltk_request_reply");
1407 p_cb->enc_handle = p_rec->ble_hci_handle;
1408 p_cb->key_size = p_rec->ble.keys.key_size;
1409
1410 BTM_TRACE_ERROR("key size = %d", p_rec->ble.keys.key_size);
1411 if (use_stk)
1412 {
1413 btsnd_hcic_ble_ltk_req_reply(btm_cb.enc_handle, stk);
1414 }
1415 else /* calculate LTK using peer device */
1416 {
1417 /* generate Y= Encrypt(DHK, Rand) received from encrypt request */
1418 SMP_Encrypt(p_cb->devcb.id_keys.dhk, BT_OCTET16_LEN, p_cb->enc_rand,
1419 BT_OCTET8_LEN, &output);
1420 btm_enc_proc_slave_y(&output);
1421 }
1422 }
1423
1424 /*******************************************************************************
1425 **
1426 ** Function btm_ble_io_capabilities_req
1427 **
1428 ** Description This function is called to handle SMP get IO capability request.
1429 **
1430 ** Returns void
1431 **
1432 *******************************************************************************/
btm_ble_io_capabilities_req(tBTM_SEC_DEV_REC * p_dev_rec,tBTM_LE_IO_REQ * p_data)1433 UINT8 btm_ble_io_capabilities_req(tBTM_SEC_DEV_REC *p_dev_rec, tBTM_LE_IO_REQ *p_data)
1434 {
1435 UINT8 callback_rc = BTM_SUCCESS;
1436 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req");
1437 if (btm_cb.api.p_le_callback)
1438 {
1439 /* the callback function implementation may change the IO capability... */
1440 callback_rc = (*btm_cb.api.p_le_callback) (BTM_LE_IO_REQ_EVT, p_dev_rec->bd_addr, (tBTM_LE_EVT_DATA *)p_data);
1441 }
1442 #if BTM_OOB_INCLUDED == TRUE
1443 if ((callback_rc == BTM_SUCCESS) || (BTM_OOB_UNKNOWN != p_data->oob_data))
1444 #else
1445 if (callback_rc == BTM_SUCCESS)
1446 #endif
1447 {
1448 #if BTM_BLE_CONFORMANCE_TESTING == TRUE
1449 if (btm_cb.devcb.keep_rfu_in_auth_req)
1450 {
1451 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req keep_rfu_in_auth_req = %u",
1452 btm_cb.devcb.keep_rfu_in_auth_req);
1453 p_data->auth_req &= BTM_LE_AUTH_REQ_MASK_KEEP_RFU;
1454 btm_cb.devcb.keep_rfu_in_auth_req = FALSE;
1455 }
1456 else
1457 { /* default */
1458 p_data->auth_req &= BTM_LE_AUTH_REQ_MASK;
1459 }
1460 #else
1461 p_data->auth_req &= BTM_LE_AUTH_REQ_MASK;
1462 #endif
1463
1464 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 1: p_dev_rec->security_required = %d auth_req:%d",
1465 p_dev_rec->security_required, p_data->auth_req);
1466 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 2: i_keys=0x%x r_keys=0x%x (bit 0-LTK 1-IRK 2-CSRK)",
1467 p_data->init_keys,
1468 p_data->resp_keys);
1469
1470 /* if authentication requires MITM protection, put on the mask */
1471 if (p_dev_rec->security_required & BTM_SEC_IN_MITM)
1472 p_data->auth_req |= BTM_LE_AUTH_REQ_MITM;
1473
1474 if (!(p_data->auth_req & SMP_AUTH_BOND))
1475 {
1476 BTM_TRACE_DEBUG("Non bonding: No keys should be exchanged");
1477 p_data->init_keys = 0;
1478 p_data->resp_keys = 0;
1479 }
1480
1481 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 3: auth_req:%d", p_data->auth_req);
1482 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 4: i_keys=0x%x r_keys=0x%x",
1483 p_data->init_keys,
1484 p_data->resp_keys);
1485
1486 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 5: p_data->io_cap = %d auth_req:%d",
1487 p_data->io_cap, p_data->auth_req);
1488
1489 /* remove MITM protection requirement if IO cap does not allow it */
1490 if ((p_data->io_cap == BTM_IO_CAP_NONE) && p_data->oob_data == SMP_OOB_NONE)
1491 p_data->auth_req &= ~BTM_LE_AUTH_REQ_MITM;
1492
1493 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 6: IO_CAP:%d oob_data:%d auth_req:%d",
1494 p_data->io_cap, p_data->oob_data, p_data->auth_req);
1495 }
1496 return callback_rc;
1497 }
1498
1499 #if (BLE_PRIVACY_SPT == TRUE )
1500 /*******************************************************************************
1501 **
1502 ** Function btm_ble_resolve_random_addr_on_conn_cmpl
1503 **
1504 ** Description resolve random address complete on connection complete event.
1505 **
1506 ** Returns void
1507 **
1508 *******************************************************************************/
btm_ble_resolve_random_addr_on_conn_cmpl(void * p_rec,void * p_data)1509 static void btm_ble_resolve_random_addr_on_conn_cmpl(void * p_rec, void *p_data)
1510 {
1511 UINT8 *p = (UINT8 *)p_data;
1512 tBTM_SEC_DEV_REC *match_rec = (tBTM_SEC_DEV_REC *) p_rec;
1513 UINT8 role, status, bda_type;
1514 UINT16 handle;
1515 BD_ADDR bda;
1516 UINT16 conn_interval, conn_latency, conn_timeout;
1517 BOOLEAN match = FALSE;
1518
1519 STREAM_TO_UINT8 (status, p);
1520 STREAM_TO_UINT16 (handle, p);
1521 STREAM_TO_UINT8 (role, p);
1522 STREAM_TO_UINT8 (bda_type, p);
1523 STREAM_TO_BDADDR (bda, p);
1524 STREAM_TO_UINT16 (conn_interval, p);
1525 STREAM_TO_UINT16 (conn_latency, p);
1526 STREAM_TO_UINT16 (conn_timeout, p);
1527
1528 handle = HCID_GET_HANDLE (handle);
1529
1530 BTM_TRACE_EVENT ("btm_ble_resolve_random_addr_master_cmpl");
1531
1532 if (match_rec)
1533 {
1534 BTM_TRACE_ERROR("Random match");
1535 match = TRUE;
1536 match_rec->ble.active_addr_type = BTM_BLE_ADDR_RRA;
1537 memcpy(match_rec->ble.cur_rand_addr, bda, BD_ADDR_LEN);
1538 memcpy(bda, match_rec->bd_addr, BD_ADDR_LEN);
1539 }
1540 else
1541 {
1542 BTM_TRACE_ERROR("Random unmatch");
1543 }
1544
1545 btm_ble_connected(bda, handle, HCI_ENCRYPT_MODE_DISABLED, role, bda_type, match);
1546
1547 l2cble_conn_comp (handle, role, bda, bda_type, conn_interval,
1548 conn_latency, conn_timeout);
1549
1550 return;
1551 }
1552 #endif
1553
1554 /*******************************************************************************
1555 **
1556 ** Function btm_ble_connected
1557 **
1558 ** Description This function is when a LE connection to the peer device is
1559 ** establsihed
1560 **
1561 ** Returns void
1562 **
1563 *******************************************************************************/
btm_ble_connected(UINT8 * bda,UINT16 handle,UINT8 enc_mode,UINT8 role,tBLE_ADDR_TYPE addr_type,BOOLEAN addr_matched)1564 void btm_ble_connected (UINT8 *bda, UINT16 handle, UINT8 enc_mode, UINT8 role,
1565 tBLE_ADDR_TYPE addr_type, BOOLEAN addr_matched)
1566 {
1567 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bda);
1568 tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb;
1569 UNUSED(addr_matched);
1570
1571 BTM_TRACE_EVENT ("btm_ble_connected");
1572
1573 /* Commenting out trace due to obf/compilation problems.
1574 */
1575 #if (BT_USE_TRACES == TRUE)
1576 if (p_dev_rec)
1577 {
1578 BTM_TRACE_EVENT ("Security Manager: btm_ble_connected : handle:%d enc_mode:%d bda:%x RName:%s",
1579 handle, enc_mode,
1580 (bda[2]<<24)+(bda[3]<<16)+(bda[4]<<8)+bda[5],
1581 p_dev_rec->sec_bd_name);
1582
1583 BTM_TRACE_DEBUG ("btm_ble_connected sec_flags=0x%x",p_dev_rec->sec_flags);
1584 }
1585 else
1586 {
1587 BTM_TRACE_EVENT ("Security Manager: btm_ble_connected: handle:%d enc_mode:%d bda:%x ",
1588 handle, enc_mode,
1589 (bda[2]<<24)+(bda[3]<<16)+(bda[4]<<8)+bda[5]);
1590 }
1591 #endif
1592
1593 if (!p_dev_rec)
1594 {
1595 /* There is no device record for new connection. Allocate one */
1596 p_dev_rec = btm_sec_alloc_dev (bda);
1597 }
1598 else /* Update the timestamp for this device */
1599 {
1600 p_dev_rec->timestamp = btm_cb.dev_rec_count++;
1601 }
1602
1603 /* update device information */
1604 p_dev_rec->device_type |= BT_DEVICE_TYPE_BLE;
1605 p_dev_rec->ble_hci_handle = handle;
1606 p_dev_rec->ble.ble_addr_type = addr_type;
1607
1608 p_dev_rec->role_master = FALSE;
1609 if (role == HCI_ROLE_MASTER)
1610 p_dev_rec->role_master = TRUE;
1611
1612 #if (defined BLE_PRIVACY_SPT && BLE_PRIVACY_SPT == TRUE)
1613 if (!addr_matched)
1614 p_dev_rec->ble.active_addr_type = BTM_BLE_ADDR_PSEUDO;
1615
1616 if (p_dev_rec->ble.ble_addr_type == BLE_ADDR_RANDOM && !addr_matched)
1617 memcpy(p_dev_rec->ble.cur_rand_addr, bda, BD_ADDR_LEN);
1618 #endif
1619
1620 if (role == HCI_ROLE_SLAVE)
1621 p_cb->inq_var.adv_mode = BTM_BLE_ADV_DISABLE;
1622 p_cb->inq_var.directed_conn = FALSE;
1623
1624 return;
1625 }
1626
1627 /*****************************************************************************
1628 ** Function btm_ble_conn_complete
1629 **
1630 ** Description LE connection complete.
1631 **
1632 ******************************************************************************/
btm_ble_conn_complete(UINT8 * p,UINT16 evt_len)1633 void btm_ble_conn_complete(UINT8 *p, UINT16 evt_len)
1634 {
1635 #if (BLE_PRIVACY_SPT == TRUE )
1636 UINT8 *p_data = p;
1637 #endif
1638 UINT8 role, status, bda_type;
1639 UINT16 handle;
1640 BD_ADDR bda = {0};
1641 UINT16 conn_interval, conn_latency, conn_timeout;
1642 BOOLEAN match = FALSE;
1643 UNUSED(evt_len);
1644
1645 STREAM_TO_UINT8 (status, p);
1646 STREAM_TO_UINT16 (handle, p);
1647 STREAM_TO_UINT8 (role, p);
1648 STREAM_TO_UINT8 (bda_type, p);
1649 STREAM_TO_BDADDR (bda, p);
1650
1651 if (status == 0)
1652 {
1653 #if (BLE_PRIVACY_SPT == TRUE )
1654
1655 if (btm_cb.cmn_ble_vsc_cb.rpa_offloading == TRUE)
1656 match = btm_public_addr_to_random_pseudo (bda, &bda_type);
1657
1658 /* possiblly receive connection complete with resolvable random on
1659 slave role while the device has been paired */
1660 if (!match && /*role == HCI_ROLE_SLAVE && */BTM_BLE_IS_RESOLVE_BDA(bda))
1661 {
1662 btm_ble_resolve_random_addr(bda, btm_ble_resolve_random_addr_on_conn_cmpl, p_data);
1663 }
1664 else
1665 #endif
1666 {
1667 STREAM_TO_UINT16 (conn_interval, p);
1668 STREAM_TO_UINT16 (conn_latency, p);
1669 STREAM_TO_UINT16 (conn_timeout, p);
1670 handle = HCID_GET_HANDLE (handle);
1671
1672 btm_ble_connected(bda, handle, HCI_ENCRYPT_MODE_DISABLED, role, bda_type, match);
1673 l2cble_conn_comp (handle, role, bda, bda_type, conn_interval,
1674 conn_latency, conn_timeout);
1675 }
1676 }
1677 else
1678 {
1679 role = HCI_ROLE_UNKNOWN;
1680
1681 if (status != HCI_ERR_DIRECTED_ADVERTISING_TIMEOUT)
1682 {
1683 btm_ble_set_conn_st(BLE_CONN_IDLE);
1684 }
1685 /* this is to work around broadcom firmware problem to handle
1686 * unsolicited command complete event for HCI_LE_Create_Connection_Cancel
1687 * and LE connection complete event with status error code (0x2)
1688 * unknown connection identifier from bluetooth controller
1689 * the workaround is to release the HCI connection to avoid out of sync
1690 * with bluetooth controller, which cause BT can't be turned off.
1691 */
1692 else if ((status == HCI_ERR_NO_CONNECTION) &&
1693 (btm_ble_get_conn_st() != BLE_CONN_CANCEL))
1694 {
1695 tL2C_LCB *p_lcb;
1696 handle = HCID_GET_HANDLE (handle);
1697 p_lcb = l2cu_find_lcb_by_handle (handle);
1698 if (p_lcb != NULL)
1699 {
1700 l2c_link_hci_disc_comp (handle, HCI_ERR_PEER_USER);
1701 btm_sec_disconnected (handle, HCI_ERR_PEER_USER);
1702 }
1703 }
1704 }
1705 btm_ble_set_conn_st(BLE_CONN_IDLE);
1706 btm_ble_update_mode_operation(role, bda, status);
1707 }
1708
1709 /*****************************************************************************
1710 ** Function btm_ble_create_ll_conn_complete
1711 **
1712 ** Description LE connection complete.
1713 **
1714 ******************************************************************************/
btm_ble_create_ll_conn_complete(UINT8 status)1715 void btm_ble_create_ll_conn_complete (UINT8 status)
1716 {
1717 if (status != 0)
1718 {
1719 btm_ble_set_conn_st(BLE_CONN_IDLE);
1720 btm_ble_update_mode_operation(HCI_ROLE_UNKNOWN, NULL, status);
1721 }
1722 }
1723 /*****************************************************************************
1724 ** Function btm_proc_smp_cback
1725 **
1726 ** Description This function is the SMP callback handler.
1727 **
1728 ******************************************************************************/
btm_proc_smp_cback(tSMP_EVT event,BD_ADDR bd_addr,tSMP_EVT_DATA * p_data)1729 UINT8 btm_proc_smp_cback(tSMP_EVT event, BD_ADDR bd_addr, tSMP_EVT_DATA *p_data)
1730 {
1731 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
1732 UINT8 res = 0;
1733
1734 BTM_TRACE_DEBUG ("btm_proc_smp_cback event = %d", event);
1735
1736 if (p_dev_rec != NULL)
1737 {
1738 switch (event)
1739 {
1740 case SMP_IO_CAP_REQ_EVT:
1741 btm_ble_io_capabilities_req(p_dev_rec, (tBTM_LE_IO_REQ *)&p_data->io_req);
1742 break;
1743
1744 case SMP_PASSKEY_REQ_EVT:
1745 case SMP_PASSKEY_NOTIF_EVT:
1746 case SMP_OOB_REQ_EVT:
1747 p_dev_rec->sec_flags |= BTM_SEC_LE_AUTHENTICATED;
1748
1749 case SMP_SEC_REQUEST_EVT:
1750 memcpy (btm_cb.pairing_bda, bd_addr, BD_ADDR_LEN);
1751 p_dev_rec->sec_state = BTM_SEC_STATE_AUTHENTICATING;
1752 btm_cb.pairing_flags |= BTM_PAIR_FLAGS_LE_ACTIVE;
1753 /* fall through */
1754 case SMP_COMPLT_EVT:
1755 if (btm_cb.api.p_le_callback)
1756 {
1757 /* the callback function implementation may change the IO capability... */
1758 BTM_TRACE_DEBUG ("btm_cb.api.p_le_callback=0x%x", btm_cb.api.p_le_callback );
1759 (*btm_cb.api.p_le_callback) (event, bd_addr, (tBTM_LE_EVT_DATA *)p_data);
1760 }
1761
1762 if (event == SMP_COMPLT_EVT)
1763 {
1764 BTM_TRACE_DEBUG ("evt=SMP_COMPLT_EVT before update sec_level=0x%x sec_flags=0x%x", p_data->cmplt.sec_level , p_dev_rec->sec_flags );
1765
1766 res = (p_data->cmplt.reason == SMP_SUCCESS) ? BTM_SUCCESS : BTM_ERR_PROCESSING;
1767
1768 BTM_TRACE_DEBUG ("after update result=%d sec_level=0x%x sec_flags=0x%x",
1769 res, p_data->cmplt.sec_level , p_dev_rec->sec_flags );
1770
1771 btm_sec_dev_rec_cback_event(p_dev_rec, res, TRUE);
1772
1773 if (p_data->cmplt.is_pair_cancel && btm_cb.api.p_bond_cancel_cmpl_callback )
1774 {
1775 BTM_TRACE_DEBUG ("Pairing Cancel completed");
1776 (*btm_cb.api.p_bond_cancel_cmpl_callback)(BTM_SUCCESS);
1777 }
1778 #if BTM_BLE_CONFORMANCE_TESTING == TRUE
1779 if (res != BTM_SUCCESS)
1780 {
1781 if (!btm_cb.devcb.no_disc_if_pair_fail && p_data->cmplt.reason != SMP_CONN_TOUT)
1782 {
1783 BTM_TRACE_DEBUG ("Pairing failed - Remove ACL");
1784 btm_remove_acl(bd_addr, BT_TRANSPORT_LE);
1785 }
1786 else
1787 {
1788 BTM_TRACE_DEBUG ("Pairing failed - Not Removing ACL");
1789 p_dev_rec->sec_state = BTM_SEC_STATE_IDLE;
1790 }
1791 }
1792 #else
1793 if (res != BTM_SUCCESS && p_data->cmplt.reason != SMP_CONN_TOUT)
1794 btm_remove_acl(bd_addr, BT_TRANSPORT_LE);
1795 #endif
1796
1797 BTM_TRACE_DEBUG ("btm_cb pairing_state=%x pairing_flags=%x pin_code_len=%x",
1798 btm_cb.pairing_state,
1799 btm_cb.pairing_flags,
1800 btm_cb.pin_code_len );
1801 BTM_TRACE_DEBUG ("btm_cb.pairing_bda %02x:%02x:%02x:%02x:%02x:%02x",
1802 btm_cb.pairing_bda[0], btm_cb.pairing_bda[1], btm_cb.pairing_bda[2],
1803 btm_cb.pairing_bda[3], btm_cb.pairing_bda[4], btm_cb.pairing_bda[5]);
1804
1805 memset (btm_cb.pairing_bda, 0xff, BD_ADDR_LEN);
1806 btm_cb.pairing_state = BTM_PAIR_STATE_IDLE;
1807 btm_cb.pairing_flags = 0;
1808 }
1809 break;
1810
1811 default:
1812 BTM_TRACE_DEBUG ("unknown event = %d", event);
1813 break;
1814
1815
1816 }
1817 }
1818 else
1819 {
1820 BTM_TRACE_ERROR("btm_proc_smp_cback received for unknown device");
1821 }
1822
1823 return 0;
1824 }
1825
1826 #endif /* SMP_INCLUDED */
1827
1828 /*******************************************************************************
1829 **
1830 ** Function BTM_BleDataSignature
1831 **
1832 ** Description This function is called to sign the data using AES128 CMAC
1833 ** algorith.
1834 **
1835 ** Parameter bd_addr: target device the data to be signed for.
1836 ** p_text: singing data
1837 ** len: length of the data to be signed.
1838 ** signature: output parameter where data signature is going to
1839 ** be stored.
1840 **
1841 ** Returns TRUE if signing sucessul, otherwise FALSE.
1842 **
1843 *******************************************************************************/
BTM_BleDataSignature(BD_ADDR bd_addr,UINT8 * p_text,UINT16 len,BLE_SIGNATURE signature)1844 BOOLEAN BTM_BleDataSignature (BD_ADDR bd_addr, UINT8 *p_text, UINT16 len,
1845 BLE_SIGNATURE signature)
1846 {
1847 BOOLEAN ret = FALSE;
1848 #if SMP_INCLUDED == TRUE
1849 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr);
1850 UINT8 *p_buf, *pp;
1851
1852 BT_OCTET16 er;
1853 UINT16 div;
1854 UINT8 temp[4]; /* for (r || DIV) r=1*/
1855 UINT16 r=1;
1856 UINT8 *p=temp, *p_mac = (UINT8 *)signature;
1857 tSMP_ENC output;
1858 BT_OCTET16 local_csrk;
1859
1860 BTM_TRACE_DEBUG ("BTM_BleDataSignature");
1861 if (p_rec == NULL)
1862 {
1863 BTM_TRACE_ERROR("data signing can not be done from unknow device");
1864 }
1865 else
1866 {
1867 if ((p_buf = (UINT8 *)GKI_getbuf((UINT16)(len + 4))) != NULL)
1868 {
1869 BTM_TRACE_DEBUG("Start to generate Local CSRK");
1870 pp = p_buf;
1871 /* prepare plain text */
1872 if (p_text)
1873 {
1874 memcpy(p_buf, p_text, len);
1875 pp = (p_buf + len);
1876 }
1877
1878 #if BTM_BLE_CONFORMANCE_TESTING == TRUE
1879 if ( btm_cb.devcb.enable_test_local_sign_cntr)
1880 {
1881 BTM_TRACE_DEBUG ("Use Test local counter value from script counter_val=%d", btm_cb.devcb.test_local_sign_cntr);
1882 UINT32_TO_STREAM(pp, btm_cb.devcb.test_local_sign_cntr);
1883 }
1884 else
1885 {
1886 UINT32_TO_STREAM(pp, p_rec->ble.keys.local_counter);
1887 }
1888 #else
1889 UINT32_TO_STREAM(pp, p_rec->ble.keys.local_counter);
1890 #endif
1891 /* compute local csrk */
1892 if (btm_get_local_div(bd_addr, &div))
1893 {
1894 BTM_TRACE_DEBUG ("compute_csrk div=%x", div);
1895 BTM_GetDeviceEncRoot(er);
1896
1897 /* CSRK = d1(ER, DIV, 1) */
1898 UINT16_TO_STREAM(p, div);
1899 UINT16_TO_STREAM(p, r);
1900
1901 if (!SMP_Encrypt(er, BT_OCTET16_LEN, temp, 4, &output))
1902 {
1903 BTM_TRACE_ERROR("Local CSRK generation failed ");
1904 }
1905 else
1906 {
1907 BTM_TRACE_DEBUG("local CSRK generation success");
1908 memcpy((void *)local_csrk, output.param_buf, BT_OCTET16_LEN);
1909
1910
1911 #if BTM_BLE_CONFORMANCE_TESTING == TRUE
1912 if (btm_cb.devcb.enable_test_local_sign_cntr)
1913 {
1914 UINT32_TO_STREAM(p_mac, btm_cb.devcb.test_local_sign_cntr);
1915 }
1916 else
1917 {
1918 UINT32_TO_STREAM(p_mac, p_rec->ble.keys.local_counter);
1919 }
1920 #else
1921 UINT32_TO_STREAM(p_mac, p_rec->ble.keys.local_counter);
1922 #endif
1923
1924 if ((ret = AES_CMAC(local_csrk, p_buf, (UINT16)(len + 4), BTM_CMAC_TLEN_SIZE, p_mac)) == TRUE)
1925 {
1926 btm_ble_increment_sign_ctr(bd_addr, TRUE);
1927
1928 #if BTM_BLE_CONFORMANCE_TESTING == TRUE
1929 if ( btm_cb.devcb.enable_test_mac_val)
1930 {
1931 BTM_TRACE_DEBUG ("Use MAC value from script");
1932 memcpy(p_mac, btm_cb.devcb.test_mac, BTM_CMAC_TLEN_SIZE);
1933 }
1934 #endif
1935 }
1936 BTM_TRACE_DEBUG("BTM_BleDataSignature p_mac = %d", p_mac);
1937 BTM_TRACE_DEBUG("p_mac[0] = 0x%02x p_mac[1] = 0x%02x p_mac[2] = 0x%02x p_mac[3] = 0x%02x",
1938 *p_mac, *(p_mac + 1), *(p_mac + 2), *(p_mac + 3));
1939 BTM_TRACE_DEBUG("p_mac[4] = 0x%02x p_mac[5] = 0x%02x p_mac[6] = 0x%02x p_mac[7] = 0x%02x",
1940 *(p_mac + 4), *(p_mac + 5), *(p_mac + 6), *(p_mac + 7));
1941
1942 GKI_freebuf(p_buf);
1943 }
1944 }
1945 }
1946 }
1947 #endif /* SMP_INCLUDED */
1948 return ret;
1949 }
1950
1951 /*******************************************************************************
1952 **
1953 ** Function BTM_BleVerifySignature
1954 **
1955 ** Description This function is called to verify the data signature
1956 **
1957 ** Parameter bd_addr: target device the data to be signed for.
1958 ** p_orig: original data before signature.
1959 ** len: length of the signing data
1960 ** counter: counter used when doing data signing
1961 ** p_comp: signature to be compared against.
1962
1963 ** Returns TRUE if signature verified correctly; otherwise FALSE.
1964 **
1965 *******************************************************************************/
BTM_BleVerifySignature(BD_ADDR bd_addr,UINT8 * p_orig,UINT16 len,UINT32 counter,UINT8 * p_comp)1966 BOOLEAN BTM_BleVerifySignature (BD_ADDR bd_addr, UINT8 *p_orig, UINT16 len, UINT32 counter,
1967 UINT8 *p_comp)
1968 {
1969 BOOLEAN verified = FALSE;
1970 #if SMP_INCLUDED == TRUE
1971 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr);
1972 UINT8 p_mac[BTM_CMAC_TLEN_SIZE];
1973
1974 if (p_rec == NULL || (p_rec && !(p_rec->ble.key_type & BTM_LE_KEY_PCSRK)))
1975 {
1976 BTM_TRACE_ERROR("can not verify signature for unknown device");
1977 }
1978 else if (counter < p_rec->ble.keys.counter)
1979 {
1980 BTM_TRACE_ERROR("signature received with out dated sign counter");
1981 }
1982 else if (p_orig == NULL)
1983 {
1984 BTM_TRACE_ERROR("No signature to verify");
1985 }
1986 else
1987 {
1988 BTM_TRACE_DEBUG ("BTM_BleVerifySignature rcv_cnt=%d >= expected_cnt=%d", counter, p_rec->ble.keys.counter);
1989
1990 if (AES_CMAC(p_rec->ble.keys.csrk, p_orig, len, BTM_CMAC_TLEN_SIZE, p_mac))
1991 {
1992 if (memcmp(p_mac, p_comp, BTM_CMAC_TLEN_SIZE) == 0)
1993 {
1994 btm_ble_increment_sign_ctr(bd_addr, FALSE);
1995 verified = TRUE;
1996 }
1997 }
1998 }
1999 #endif /* SMP_INCLUDED */
2000 return verified;
2001 }
2002
2003 /*******************************************************************************
2004 ** Utility functions for LE device IR/ER generation
2005 *******************************************************************************/
2006 /*******************************************************************************
2007 **
2008 ** Function btm_notify_new_key
2009 **
2010 ** Description This function is to notify application new keys have been
2011 ** generated.
2012 **
2013 ** Returns void
2014 **
2015 *******************************************************************************/
btm_notify_new_key(UINT8 key_type)2016 static void btm_notify_new_key(UINT8 key_type)
2017 {
2018 tBTM_BLE_LOCAL_KEYS *p_locak_keys = NULL;
2019
2020 BTM_TRACE_DEBUG ("btm_notify_new_key key_type=%d", key_type);
2021
2022 if (btm_cb.api.p_le_key_callback)
2023 {
2024 switch (key_type)
2025 {
2026 case BTM_BLE_KEY_TYPE_ID:
2027 BTM_TRACE_DEBUG ("BTM_BLE_KEY_TYPE_ID");
2028 p_locak_keys = (tBTM_BLE_LOCAL_KEYS *)&btm_cb.devcb.id_keys;
2029 break;
2030
2031 case BTM_BLE_KEY_TYPE_ER:
2032 BTM_TRACE_DEBUG ("BTM_BLE_KEY_TYPE_ER");
2033 p_locak_keys = (tBTM_BLE_LOCAL_KEYS *)&btm_cb.devcb.er;
2034 break;
2035
2036 default:
2037 BTM_TRACE_ERROR("unknown key type: %d", key_type);
2038 break;
2039 }
2040 if (p_locak_keys != NULL)
2041 (*btm_cb.api.p_le_key_callback) (key_type, p_locak_keys);
2042 }
2043 }
2044
2045 /*******************************************************************************
2046 **
2047 ** Function btm_ble_process_er2
2048 **
2049 ** Description This function is called when ER is generated, store it in
2050 ** local control block.
2051 **
2052 ** Returns void
2053 **
2054 *******************************************************************************/
btm_ble_process_er2(tBTM_RAND_ENC * p)2055 static void btm_ble_process_er2(tBTM_RAND_ENC *p)
2056 {
2057 BTM_TRACE_DEBUG ("btm_ble_process_er2");
2058
2059 if (p &&p->opcode == HCI_BLE_RAND)
2060 {
2061 memcpy(&btm_cb.devcb.er[8], p->param_buf, BT_OCTET8_LEN);
2062 btm_notify_new_key(BTM_BLE_KEY_TYPE_ER);
2063 }
2064 else
2065 {
2066 BTM_TRACE_ERROR("Generating ER2 exception.");
2067 memset(&btm_cb.devcb.er, 0, sizeof(BT_OCTET16));
2068 }
2069 }
2070
2071 /*******************************************************************************
2072 **
2073 ** Function btm_ble_process_er
2074 **
2075 ** Description This function is called when ER is generated, store it in
2076 ** local control block.
2077 **
2078 ** Returns void
2079 **
2080 *******************************************************************************/
btm_ble_process_er(tBTM_RAND_ENC * p)2081 static void btm_ble_process_er(tBTM_RAND_ENC *p)
2082 {
2083 BTM_TRACE_DEBUG ("btm_ble_process_er");
2084
2085 if (p &&p->opcode == HCI_BLE_RAND)
2086 {
2087 memcpy(&btm_cb.devcb.er[0], p->param_buf, BT_OCTET8_LEN);
2088
2089 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_er2))
2090 {
2091 memset(&btm_cb.devcb.er, 0, sizeof(BT_OCTET16));
2092 BTM_TRACE_ERROR("Generating ER2 failed.");
2093 }
2094 }
2095 else
2096 {
2097 BTM_TRACE_ERROR("Generating ER1 exception.");
2098 }
2099 }
2100
2101 /*******************************************************************************
2102 **
2103 ** Function btm_ble_process_irk
2104 **
2105 ** Description This function is called when IRK is generated, store it in
2106 ** local control block.
2107 **
2108 ** Returns void
2109 **
2110 *******************************************************************************/
btm_ble_process_irk(tSMP_ENC * p)2111 static void btm_ble_process_irk(tSMP_ENC *p)
2112 {
2113 BTM_TRACE_DEBUG ("btm_ble_process_irk");
2114 if (p &&p->opcode == HCI_BLE_ENCRYPT)
2115 {
2116 memcpy(btm_cb.devcb.id_keys.irk, p->param_buf, BT_OCTET16_LEN);
2117 btm_notify_new_key(BTM_BLE_KEY_TYPE_ID);
2118 }
2119 else
2120 {
2121 BTM_TRACE_ERROR("Generating IRK exception.");
2122 }
2123
2124 /* proceed generate ER */
2125 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_er))
2126 {
2127 BTM_TRACE_ERROR("Generating ER failed.");
2128 }
2129 }
2130
2131 /*******************************************************************************
2132 **
2133 ** Function btm_ble_process_dhk
2134 **
2135 ** Description This function is called when DHK is calculated, store it in
2136 ** local control block, and proceed to generate ER, a 128-bits
2137 ** random number.
2138 **
2139 ** Returns void
2140 **
2141 *******************************************************************************/
btm_ble_process_dhk(tSMP_ENC * p)2142 static void btm_ble_process_dhk(tSMP_ENC *p)
2143 {
2144 #if SMP_INCLUDED == TRUE
2145 UINT8 btm_ble_irk_pt = 0x01;
2146 tSMP_ENC output;
2147
2148 BTM_TRACE_DEBUG ("btm_ble_process_dhk");
2149
2150 if (p && p->opcode == HCI_BLE_ENCRYPT)
2151 {
2152 memcpy(btm_cb.devcb.id_keys.dhk, p->param_buf, BT_OCTET16_LEN);
2153 BTM_TRACE_DEBUG("BLE DHK generated.");
2154
2155 /* IRK = D1(IR, 1) */
2156 if (!SMP_Encrypt(btm_cb.devcb.id_keys.ir, BT_OCTET16_LEN, &btm_ble_irk_pt,
2157 1, &output))
2158 {
2159 /* reset all identity root related key */
2160 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
2161 }
2162 else
2163 {
2164 btm_ble_process_irk(&output);
2165 }
2166 }
2167 else
2168 {
2169 /* reset all identity root related key */
2170 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
2171 }
2172 #endif
2173 }
2174
2175 /*******************************************************************************
2176 **
2177 ** Function btm_ble_process_ir2
2178 **
2179 ** Description This function is called when IR is generated, proceed to calculate
2180 ** DHK = Eir({0x03, 0, 0 ...})
2181 **
2182 **
2183 ** Returns void
2184 **
2185 *******************************************************************************/
btm_ble_process_ir2(tBTM_RAND_ENC * p)2186 static void btm_ble_process_ir2(tBTM_RAND_ENC *p)
2187 {
2188 #if SMP_INCLUDED == TRUE
2189 UINT8 btm_ble_dhk_pt = 0x03;
2190 tSMP_ENC output;
2191
2192 BTM_TRACE_DEBUG ("btm_ble_process_ir2");
2193
2194 if (p && p->opcode == HCI_BLE_RAND)
2195 {
2196 /* remembering in control block */
2197 memcpy(&btm_cb.devcb.id_keys.ir[8], p->param_buf, BT_OCTET8_LEN);
2198 /* generate DHK= Eir({0x03, 0x00, 0x00 ...}) */
2199
2200
2201 SMP_Encrypt(btm_cb.devcb.id_keys.ir, BT_OCTET16_LEN, &btm_ble_dhk_pt,
2202 1, &output);
2203 btm_ble_process_dhk(&output);
2204
2205 BTM_TRACE_DEBUG("BLE IR generated.");
2206 }
2207 else
2208 {
2209 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
2210 }
2211 #endif
2212 }
2213
2214 /*******************************************************************************
2215 **
2216 ** Function btm_ble_process_ir
2217 **
2218 ** Description This function is called when IR is generated, proceed to calculate
2219 ** DHK = Eir({0x02, 0, 0 ...})
2220 **
2221 **
2222 ** Returns void
2223 **
2224 *******************************************************************************/
btm_ble_process_ir(tBTM_RAND_ENC * p)2225 static void btm_ble_process_ir(tBTM_RAND_ENC *p)
2226 {
2227 BTM_TRACE_DEBUG ("btm_ble_process_ir");
2228
2229 if (p && p->opcode == HCI_BLE_RAND)
2230 {
2231 /* remembering in control block */
2232 memcpy(btm_cb.devcb.id_keys.ir, p->param_buf, BT_OCTET8_LEN);
2233
2234 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_ir2))
2235 {
2236 BTM_TRACE_ERROR("Generating IR2 failed.");
2237 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
2238 }
2239 }
2240 }
2241
2242 /*******************************************************************************
2243 **
2244 ** Function btm_ble_reset_id
2245 **
2246 ** Description This function is called to reset LE device identity.
2247 **
2248 ** Returns void
2249 **
2250 *******************************************************************************/
btm_ble_reset_id(void)2251 void btm_ble_reset_id( void )
2252 {
2253 BTM_TRACE_DEBUG ("btm_ble_reset_id");
2254
2255 /* regenrate Identity Root*/
2256 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_ir))
2257 {
2258 BTM_TRACE_DEBUG("Generating IR failed.");
2259 }
2260 }
2261
2262 #if BTM_BLE_CONFORMANCE_TESTING == TRUE
2263 /*******************************************************************************
2264 **
2265 ** Function btm_ble_set_no_disc_if_pair_fail
2266 **
2267 ** Description This function indicates that whether no disconnect of the ACL
2268 ** should be used if pairing failed
2269 **
2270 ** Returns void
2271 **
2272 *******************************************************************************/
btm_ble_set_no_disc_if_pair_fail(BOOLEAN disable_disc)2273 void btm_ble_set_no_disc_if_pair_fail(BOOLEAN disable_disc )
2274 {
2275 BTM_TRACE_DEBUG ("btm_ble_set_disc_enable_if_pair_fail disable_disc=%d", disable_disc);
2276 btm_cb.devcb.no_disc_if_pair_fail = disable_disc;
2277 }
2278
2279 /*******************************************************************************
2280 **
2281 ** Function btm_ble_set_test_mac_value
2282 **
2283 ** Description This function set test MAC value
2284 **
2285 ** Returns void
2286 **
2287 *******************************************************************************/
btm_ble_set_test_mac_value(BOOLEAN enable,UINT8 * p_test_mac_val)2288 void btm_ble_set_test_mac_value(BOOLEAN enable, UINT8 *p_test_mac_val )
2289 {
2290 BTM_TRACE_DEBUG ("btm_ble_set_test_mac_value enable=%d", enable);
2291 btm_cb.devcb.enable_test_mac_val = enable;
2292 memcpy(btm_cb.devcb.test_mac, p_test_mac_val, BT_OCTET8_LEN);
2293 }
2294
2295 /*******************************************************************************
2296 **
2297 ** Function btm_ble_set_test_local_sign_cntr_value
2298 **
2299 ** Description This function set test local sign counter value
2300 **
2301 ** Returns void
2302 **
2303 *******************************************************************************/
btm_ble_set_test_local_sign_cntr_value(BOOLEAN enable,UINT32 test_local_sign_cntr)2304 void btm_ble_set_test_local_sign_cntr_value(BOOLEAN enable, UINT32 test_local_sign_cntr )
2305 {
2306 BTM_TRACE_DEBUG ("btm_ble_set_test_local_sign_cntr_value enable=%d local_sign_cntr=%d",
2307 enable, test_local_sign_cntr);
2308 btm_cb.devcb.enable_test_local_sign_cntr = enable;
2309 btm_cb.devcb.test_local_sign_cntr = test_local_sign_cntr;
2310 }
2311
2312 /*******************************************************************************
2313 **
2314 ** Function btm_set_random_address
2315 **
2316 ** Description This function set a random address to local controller.
2317 **
2318 ** Returns void
2319 **
2320 *******************************************************************************/
btm_set_random_address(BD_ADDR random_bda)2321 void btm_set_random_address(BD_ADDR random_bda)
2322 {
2323 tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
2324 BOOLEAN adv_mode = btm_cb.ble_ctr_cb.inq_var.adv_mode ;
2325
2326 BTM_TRACE_DEBUG ("btm_set_random_address");
2327
2328 if (adv_mode == BTM_BLE_ADV_ENABLE)
2329 btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_DISABLE);
2330
2331 memcpy(p_cb->private_addr, random_bda, BD_ADDR_LEN);
2332 btsnd_hcic_ble_set_random_addr(p_cb->private_addr);
2333
2334 if (adv_mode == BTM_BLE_ADV_ENABLE)
2335 btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_ENABLE);
2336
2337
2338 }
2339
2340 /*******************************************************************************
2341 **
2342 ** Function btm_ble_set_keep_rfu_in_auth_req
2343 **
2344 ** Description This function indicates if RFU bits have to be kept as is
2345 ** (by default they have to be set to 0 by the sender).
2346 **
2347 ** Returns void
2348 **
2349 *******************************************************************************/
btm_ble_set_keep_rfu_in_auth_req(BOOLEAN keep_rfu)2350 void btm_ble_set_keep_rfu_in_auth_req(BOOLEAN keep_rfu)
2351 {
2352 BTM_TRACE_DEBUG ("btm_ble_set_keep_rfu_in_auth_req keep_rfus=%d", keep_rfu);
2353 btm_cb.devcb.keep_rfu_in_auth_req = keep_rfu;
2354 }
2355
2356 #endif /* BTM_BLE_CONFORMANCE_TESTING */
2357
2358 #endif /* BLE_INCLUDED */
2359