1 /******************************************************************************
2 *
3 * Copyright (C) 2003-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 #include "bt_target.h"
20 #include "bt_utils.h"
21
22 #if SMP_INCLUDED == TRUE
23
24 #include <string.h>
25 #include "btm_int.h"
26 #include "l2c_api.h"
27 #include "smp_int.h"
28
29 #define MAX_KEY_DISTRIBUTION_TYPES 3
30
31 const UINT8 smp_association_table[2][SMP_IO_CAP_MAX][SMP_IO_CAP_MAX] =
32 {
33 /* initiator */
34 {{SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENC_ONLY, SMP_MODEL_PASSKEY}, /* Display Only */
35 {SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENC_ONLY, SMP_MODEL_PASSKEY}, /* SMP_CAP_IO = 1 */
36 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENC_ONLY, SMP_MODEL_KEY_NOTIF}, /* keyboard only */
37 {SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY},/* No Input No Output */
38 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY, SMP_MODEL_ENC_ONLY, SMP_MODEL_KEY_NOTIF}}, /* keyboard display */
39 /* responder */
40 {{SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENC_ONLY, SMP_MODEL_KEY_NOTIF}, /* Display Only */
41 {SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENC_ONLY, SMP_MODEL_KEY_NOTIF}, /* SMP_CAP_IO = 1 */
42 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_ENC_ONLY, SMP_MODEL_PASSKEY}, /* keyboard only */
43 {SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY, SMP_MODEL_ENC_ONLY},/* No Input No Output */
44 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENC_ONLY, SMP_MODEL_PASSKEY}} /* keyboard display */
45 /* display only */ /*SMP_CAP_IO = 1 */ /* keyboard only */ /* No InputOutput */ /* keyboard display */
46 };
47
48 const tSMP_ACT smp_distribute_act [] =
49 {
50 smp_generate_ltk,
51 smp_send_id_info,
52 smp_generate_csrk
53 };
54
55 /*******************************************************************************
56 ** Function smp_update_key_mask
57 ** Description This function updates the key mask for sending or receiving.
58 *******************************************************************************/
smp_update_key_mask(tSMP_CB * p_cb,UINT8 key_type,BOOLEAN recv)59 static void smp_update_key_mask (tSMP_CB *p_cb, UINT8 key_type, BOOLEAN recv)
60 {
61 SMP_TRACE_DEBUG ("smp_update_key_mask ");
62 SMP_TRACE_DEBUG("before update role=%d recv=%d loc_i_key = %02x, loc_r_key = %02x", p_cb->role, recv, p_cb->loc_i_key, p_cb->loc_r_key);
63 if (p_cb->role == HCI_ROLE_SLAVE)
64 {
65 if (recv)
66 p_cb->loc_i_key &= ~key_type;
67 else
68 p_cb->loc_r_key &= ~key_type;
69 }
70 else
71 {
72 if (recv)
73 p_cb->loc_r_key &= ~key_type;
74 else
75 p_cb->loc_i_key &= ~key_type;
76 }
77
78 SMP_TRACE_DEBUG("updated loc_i_key = %02x, loc_r_key = %02x", p_cb->loc_i_key, p_cb->loc_r_key);
79 }
80 /*******************************************************************************
81 ** Function smp_io_cap_req
82 ** Description send SMP IO request
83 *******************************************************************************/
smp_send_app_cback(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)84 void smp_send_app_cback(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
85 {
86 tSMP_EVT_DATA cb_data;
87 tSMP_STATUS callback_rc;
88 UNUSED(p_data);
89
90 SMP_TRACE_DEBUG ("smp_send_app_cback p_cb->cb_evt=%d", p_cb->cb_evt );
91 if (p_cb->p_callback && p_cb->cb_evt != 0)
92 {
93 if (p_cb->cb_evt == SMP_IO_CAP_REQ_EVT)
94 {
95 cb_data.io_req.auth_req = p_cb->peer_auth_req;
96 cb_data.io_req.oob_data = SMP_OOB_NONE;
97 cb_data.io_req.io_cap = SMP_DEFAULT_IO_CAPS;
98 cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
99 cb_data.io_req.init_keys = p_cb->loc_i_key ;
100 cb_data.io_req.resp_keys = p_cb->loc_r_key ;
101
102 SMP_TRACE_WARNING( "io_cap = %d",cb_data.io_req.io_cap);
103 }
104 callback_rc = (*p_cb->p_callback)(p_cb->cb_evt, p_cb->pairing_bda, &cb_data);
105
106 SMP_TRACE_DEBUG ("callback_rc=%d p_cb->cb_evt=%d",callback_rc, p_cb->cb_evt );
107
108 if (callback_rc == SMP_SUCCESS && p_cb->cb_evt == SMP_IO_CAP_REQ_EVT)
109 {
110 p_cb->loc_auth_req = cb_data.io_req.auth_req;
111 p_cb->loc_io_caps = cb_data.io_req.io_cap;
112 p_cb->loc_oob_flag = cb_data.io_req.oob_data;
113 p_cb->loc_enc_size = cb_data.io_req.max_key_size;
114 p_cb->loc_i_key = cb_data.io_req.init_keys;
115 p_cb->loc_r_key = cb_data.io_req.resp_keys;
116
117 SMP_TRACE_WARNING( "new io_cap = %d p_cb->loc_enc_size = %d",p_cb->loc_io_caps, p_cb->loc_enc_size);
118
119 smp_sm_event(p_cb, SMP_IO_RSP_EVT, NULL);
120 }
121 }
122
123 if (!p_cb->cb_evt && p_cb->discard_sec_req)
124 {
125 p_cb->discard_sec_req = FALSE;
126 smp_sm_event(p_cb, SMP_DISCARD_SEC_REQ_EVT, NULL);
127 }
128 SMP_TRACE_DEBUG ("smp_send_app_cback return");
129 }
130 /*******************************************************************************
131 ** Function smp_send_pair_fail
132 ** Description pairing failure to peer device if needed.
133 *******************************************************************************/
smp_send_pair_fail(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)134 void smp_send_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
135 {
136 p_cb->status = *(UINT8 *)p_data;
137 p_cb->failure = *(UINT8 *)p_data;
138
139 SMP_TRACE_DEBUG ("smp_send_pair_fail status=%d failure=%d ",p_cb->status, p_cb->failure);
140
141 if (p_cb->status <= SMP_REPEATED_ATTEMPTS && p_cb->status != SMP_SUCCESS)
142 {
143 smp_send_cmd(SMP_OPCODE_PAIRING_FAILED, p_cb);
144 }
145 }
146
147 /*******************************************************************************
148 ** Function smp_send_pair_req
149 ** Description process pairing request to slave device
150 *******************************************************************************/
smp_send_pair_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)151 void smp_send_pair_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
152 {
153 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
154 UNUSED(p_data);
155
156 SMP_TRACE_DEBUG ("smp_send_pair_req ");
157
158 #if BLE_INCLUDED == TRUE
159 /* Disable L2CAP connection parameter updates while bonding since
160 some peripherals are not able to revert to fast connection parameters
161 during the start of service discovery. Connection paramter updates
162 get enabled again once service discovery completes. */
163 if (L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, FALSE) == FALSE)
164 {
165 SMP_TRACE_ERROR ("smp pair failed...!");
166 return;
167 }
168 #endif
169
170 /* erase all keys when master sends pairing req*/
171 if (p_dev_rec)
172 btm_sec_clear_ble_keys(p_dev_rec);
173 /* do not manipulate the key, let app decide,
174 leave out to BTM to mandate key distribution for bonding case */
175 smp_send_cmd(SMP_OPCODE_PAIRING_REQ, p_cb);
176 }
177 /*******************************************************************************
178 ** Function smp_send_pair_rsp
179 ** Description process pairing response to slave device
180 *******************************************************************************/
smp_send_pair_rsp(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)181 void smp_send_pair_rsp(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
182 {
183 UNUSED(p_data);
184
185 SMP_TRACE_DEBUG ("smp_send_pair_rsp ");
186
187 p_cb->loc_i_key &= p_cb->peer_i_key;
188 p_cb->loc_r_key &= p_cb->peer_r_key;
189
190 if (smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb))
191 {
192 smp_decide_asso_model(p_cb, NULL);
193 }
194 }
195
196 /*******************************************************************************
197 ** Function smp_send_pair_request
198 ** Description process pairing request to slave device
199 *******************************************************************************/
smp_send_confirm(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)200 void smp_send_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
201 {
202 UNUSED(p_data);
203
204 SMP_TRACE_DEBUG ("smp_send_confirm ");
205 smp_send_cmd(SMP_OPCODE_CONFIRM, p_cb);
206 }
207 /*******************************************************************************
208 ** Function smp_send_init
209 ** Description process pairing initializer to slave device
210 *******************************************************************************/
smp_send_init(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)211 void smp_send_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
212 {
213 UNUSED(p_data);
214
215 SMP_TRACE_DEBUG ("smp_send_init ");
216
217 #if SMP_CONFORMANCE_TESTING == TRUE
218 if (p_cb->enable_test_rand_val)
219 {
220 SMP_TRACE_DEBUG ("Use rand value from script");
221 memcpy(p_cb->rand, p_cb->test_rand, BT_OCTET16_LEN);
222 }
223 #endif
224
225 smp_send_cmd(SMP_OPCODE_INIT, p_cb);
226 }
227 /*******************************************************************************
228 ** Function smp_send_enc_info
229 ** Description send security information command.
230 *******************************************************************************/
smp_send_enc_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)231 void smp_send_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
232 {
233 tBTM_LE_LENC_KEYS le_key;
234 UNUSED(p_data);
235
236 SMP_TRACE_DEBUG ("smp_send_enc_info p_cb->loc_enc_size = %d", p_cb->loc_enc_size);
237 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
238
239 smp_send_cmd(SMP_OPCODE_ENCRYPT_INFO, p_cb);
240 smp_send_cmd(SMP_OPCODE_MASTER_ID, p_cb);
241
242 /* save the DIV and key size information when acting as slave device */
243 le_key.div = p_cb->div;
244 le_key.key_size = p_cb->loc_enc_size;
245 le_key.sec_level = p_cb->sec_level;
246 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LENC, (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
247
248 SMP_TRACE_WARNING( "smp_send_enc_info");
249
250 smp_key_distribution(p_cb, NULL);
251 }
252 /*******************************************************************************
253 ** Function smp_send_id_info
254 ** Description send ID information command.
255 *******************************************************************************/
smp_send_id_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)256 void smp_send_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
257 {
258 UNUSED(p_data);
259
260 SMP_TRACE_DEBUG ("smp_send_id_info ");
261 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, FALSE);
262
263 smp_send_cmd(SMP_OPCODE_IDENTITY_INFO, p_cb);
264 smp_send_cmd(SMP_OPCODE_ID_ADDR, p_cb);
265
266 SMP_TRACE_WARNING( "smp_send_id_info");
267
268 smp_key_distribution(p_cb, NULL);
269 }
270 /*******************************************************************************
271 ** Function smp_send_csrk_info
272 ** Description send CSRK command.
273 *******************************************************************************/
smp_send_csrk_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)274 void smp_send_csrk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
275 {
276 tBTM_LE_KEY_VALUE key;
277 UNUSED(p_data);
278
279 SMP_TRACE_DEBUG ("smp_send_csrk_info ");
280 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, FALSE);
281
282 if (smp_send_cmd(SMP_OPCODE_SIGN_INFO, p_cb))
283 {
284 key.lcsrk_key.div = p_cb->div;
285 key.lcsrk_key.sec_level = p_cb->sec_level;
286 key.lcsrk_key.counter = 0; /* initialize the local counter */
287 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LCSRK, &key, TRUE);
288 }
289
290 smp_key_distribution(p_cb, NULL);
291 }
292
293 /*******************************************************************************
294 ** Function smp_send_ltk_reply
295 ** Description send LTK reply
296 *******************************************************************************/
smp_send_ltk_reply(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)297 void smp_send_ltk_reply(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
298 {
299 SMP_TRACE_DEBUG ("smp_send_ltk_reply ");
300 /* send stk as LTK response */
301 btm_ble_ltk_request_reply(p_cb->pairing_bda, TRUE, p_data->key.p_data);
302 }
303 /*******************************************************************************
304 ** Function smp_proc_sec_req
305 ** Description process security request.
306 *******************************************************************************/
smp_proc_sec_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)307 void smp_proc_sec_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
308 {
309 tBTM_LE_AUTH_REQ auth_req = *(tBTM_LE_AUTH_REQ *)p_data;
310 tBTM_BLE_SEC_REQ_ACT sec_req_act;
311
312
313 SMP_TRACE_DEBUG ("smp_proc_sec_req auth_req=0x%x",auth_req);
314
315 p_cb->cb_evt = 0;
316
317 btm_ble_link_sec_check(p_cb->pairing_bda, auth_req, &sec_req_act);
318
319 SMP_TRACE_DEBUG ("smp_proc_sec_req sec_req_act=0x%x",sec_req_act);
320
321 switch (sec_req_act)
322 {
323 case BTM_BLE_SEC_REQ_ACT_ENCRYPT:
324 SMP_TRACE_DEBUG ("smp_proc_sec_req BTM_BLE_SEC_REQ_ACT_ENCRYPT");
325 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
326 break;
327
328 case BTM_BLE_SEC_REQ_ACT_PAIR:
329 /* initialize local i/r key to be default keys */
330 SMP_TRACE_DEBUG ("smp_proc_sec_req BTM_BLE_SEC_REQ_ACT_PAIR");
331 p_cb->peer_auth_req = auth_req;
332 p_cb->loc_r_key = p_cb->loc_i_key = SMP_SEC_DEFAULT_KEY ;
333 p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
334 btu_stop_timer (&p_cb->rsp_timer_ent);
335 btu_start_timer (&p_cb->rsp_timer_ent, BTU_TTYPE_SMP_PAIRING_CMD,
336 SMP_WAIT_FOR_RSP_TOUT);
337 break;
338
339 case BTM_BLE_SEC_REQ_ACT_DISCARD:
340 p_cb->discard_sec_req = TRUE;
341 break;
342
343 default:
344 /* do nothing */
345 break;
346 }
347 }
348 /*******************************************************************************
349 ** Function smp_proc_sec_grant
350 ** Description process security grant.
351 *******************************************************************************/
smp_proc_sec_grant(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)352 void smp_proc_sec_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
353 {
354 UINT8 res= *(UINT8 *)p_data;
355 SMP_TRACE_DEBUG ("smp_proc_sec_grant ");
356 if (res != SMP_SUCCESS)
357 {
358 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, p_data);
359 }
360 else /*otherwise, start pairing */
361 {
362 /* send IO request callback */
363 p_cb->cb_evt = SMP_IO_CAP_REQ_EVT;
364 }
365 }
366 /*******************************************************************************
367 ** Function smp_proc_pair_fail
368 ** Description process pairing failure from peer device
369 *******************************************************************************/
smp_proc_pair_fail(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)370 void smp_proc_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
371 {
372 SMP_TRACE_DEBUG ("smp_proc_pair_fail ");
373 p_cb->status = *(UINT8 *)p_data;
374 }
375 /*******************************************************************************
376 ** Function smp_proc_pair_cmd
377 ** Description Process the SMP pairing request/response from peer device
378 *******************************************************************************/
smp_proc_pair_cmd(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)379 void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
380 {
381 UINT8 *p = (UINT8 *)p_data;
382 UINT8 reason = SMP_ENC_KEY_SIZE;
383 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
384
385 SMP_TRACE_DEBUG ("smp_proc_pair_cmd ");
386 /* erase all keys if it is slave proc pairing req*/
387 if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
388 btm_sec_clear_ble_keys(p_dev_rec);
389
390 p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
391
392 STREAM_TO_UINT8(p_cb->peer_io_caps, p);
393 STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
394 STREAM_TO_UINT8(p_cb->peer_auth_req, p);
395 STREAM_TO_UINT8(p_cb->peer_enc_size, p);
396 STREAM_TO_UINT8(p_cb->peer_i_key, p);
397 STREAM_TO_UINT8(p_cb->peer_r_key, p);
398
399 #if SMP_CONFORMANCE_TESTING == TRUE
400 if (p_cb->enable_test_pair_fail)
401 {
402 SMP_TRACE_DEBUG ("Forced pair fair");
403 if (p_cb->peer_enc_size < SMP_MIN_ENC_KEY_SIZE)
404 {
405 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
406 }
407 else
408 {
409 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &(p_cb->pair_fail_status));
410 }
411 return;
412 }
413 #endif
414
415
416 if (p_cb->peer_enc_size < SMP_MIN_ENC_KEY_SIZE)
417 {
418 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
419 }
420 else if (p_cb->role == HCI_ROLE_SLAVE)
421 {
422 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD))
423 {
424 p_cb->loc_i_key = p_cb->peer_i_key;
425 p_cb->loc_r_key = p_cb->peer_r_key;
426 }
427 else /* update local i/r key according to pairing request */
428 {
429 p_cb->loc_i_key &= p_cb->peer_i_key;
430 p_cb->loc_r_key &= p_cb->peer_r_key;
431 }
432
433 p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
434 }
435 }
436 /*******************************************************************************
437 ** Function smp_proc_confirm
438 ** Description process pairing confirm from peer device
439 *******************************************************************************/
smp_proc_confirm(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)440 void smp_proc_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
441 {
442 UINT8 *p = (UINT8 *)p_data;
443
444 SMP_TRACE_DEBUG ("smp_proc_confirm ");
445 if (p != NULL)
446 {
447 /* save the SConfirm for comparison later */
448 STREAM_TO_ARRAY(p_cb->rconfirm, p, BT_OCTET16_LEN);
449 }
450
451 p_cb->flags |= SMP_PAIR_FLAGS_CMD_CONFIRM;
452 }
453
454 /*******************************************************************************
455 ** Function smp_proc_init
456 ** Description process pairing initializer from peer device
457 *******************************************************************************/
smp_proc_init(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)458 void smp_proc_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
459 {
460 UINT8 *p = (UINT8 *)p_data;
461 SMP_TRACE_DEBUG ("smp_proc_init ");
462 /* save the SRand for comparison */
463 STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
464
465 }
466 /*******************************************************************************
467 ** Function smp_proc_enc_info
468 ** Description process encryption information from peer device
469 *******************************************************************************/
smp_proc_enc_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)470 void smp_proc_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
471 {
472 UINT8 *p = (UINT8 *)p_data;
473
474 SMP_TRACE_DEBUG ("smp_proc_enc_info ");
475 STREAM_TO_ARRAY(p_cb->ltk, p, BT_OCTET16_LEN);
476
477 smp_key_distribution(p_cb, NULL);
478 }
479 /*******************************************************************************
480 ** Function smp_proc_master_id
481 ** Description process master ID from slave device
482 *******************************************************************************/
smp_proc_master_id(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)483 void smp_proc_master_id(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
484 {
485 UINT8 *p = (UINT8 *)p_data;
486 tBTM_LE_PENC_KEYS le_key;
487
488 SMP_TRACE_DEBUG (" smp_proc_master_id");
489 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, TRUE);
490
491 STREAM_TO_UINT16(le_key.ediv, p);
492 STREAM_TO_ARRAY(le_key.rand, p, BT_OCTET8_LEN );
493
494 /* store the encryption keys from peer device */
495 memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
496 le_key.sec_level = p_cb->sec_level;
497 le_key.key_size = p_cb->loc_enc_size;
498 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PENC, (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
499
500 smp_key_distribution(p_cb, NULL);
501 }
502 /*******************************************************************************
503 ** Function smp_proc_enc_info
504 ** Description process identity information from peer device
505 *******************************************************************************/
smp_proc_id_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)506 void smp_proc_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
507 {
508 UINT8 *p = (UINT8 *)p_data;
509
510 SMP_TRACE_DEBUG ("smp_proc_id_info ");
511 STREAM_TO_ARRAY (p_cb->tk, p, BT_OCTET16_LEN); /* reuse TK for IRK */
512
513 smp_key_distribution(p_cb, NULL);
514 }
515 /*******************************************************************************
516 ** Function smp_proc_id_addr
517 ** Description process identity address from peer device
518 *******************************************************************************/
smp_proc_id_addr(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)519 void smp_proc_id_addr(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
520 {
521 UINT8 *p = (UINT8 *)p_data;
522 tBTM_LE_PID_KEYS pid_key;
523
524 SMP_TRACE_DEBUG ("smp_proc_id_addr ");
525 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, TRUE);
526
527 STREAM_TO_UINT8(pid_key.addr_type, p);
528 STREAM_TO_BDADDR(pid_key.static_addr, p);
529 memcpy(pid_key.irk, p_cb->tk, BT_OCTET16_LEN);
530
531 /* store the ID key from peer device */
532 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PID, (tBTM_LE_KEY_VALUE *)&pid_key, TRUE);
533
534 smp_key_distribution(p_cb, NULL);
535 }
536 /*******************************************************************************
537 ** Function smp_proc_srk_info
538 ** Description process security information from peer device
539 *******************************************************************************/
smp_proc_srk_info(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)540 void smp_proc_srk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
541 {
542 tBTM_LE_PCSRK_KEYS le_key;
543
544 SMP_TRACE_DEBUG ("smp_proc_srk_info ");
545 smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, TRUE);
546
547 /* save CSRK to security record */
548 le_key.sec_level = p_cb->sec_level;
549 memcpy (le_key.csrk, p_data, BT_OCTET16_LEN); /* get peer CSRK */
550 le_key.counter = 0; /* initialize the peer counter */
551 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PCSRK, (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
552
553 smp_key_distribution(p_cb, NULL);
554 }
555
556 /*******************************************************************************
557 ** Function smp_proc_compare
558 ** Description process compare value
559 *******************************************************************************/
smp_proc_compare(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)560 void smp_proc_compare(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
561 {
562 UINT8 reason;
563
564 SMP_TRACE_DEBUG ("smp_proc_compare ");
565 if (
566 #if SMP_CONFORMANCE_TESTING == TRUE
567 p_cb->skip_test_compare_check ||
568 #endif
569 !memcmp(p_cb->rconfirm, p_data->key.p_data, BT_OCTET16_LEN))
570 {
571 /* compare the max encryption key size, and save the smaller one for the link */
572 if ( p_cb->peer_enc_size < p_cb->loc_enc_size)
573 p_cb->loc_enc_size = p_cb->peer_enc_size;
574
575 if (p_cb->role == HCI_ROLE_SLAVE)
576 smp_sm_event(p_cb, SMP_RAND_EVT, NULL);
577 else
578 {
579 /* master device always use received i/r key as keys to distribute */
580 p_cb->loc_i_key = p_cb->peer_i_key;
581 p_cb->loc_r_key = p_cb->peer_r_key;
582
583 smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
584 }
585
586 }
587 else
588 {
589 reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
590 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
591 }
592 }
593 /*******************************************************************************
594 ** Function smp_proc_sl_key
595 ** Description process key ready events.
596 *******************************************************************************/
smp_proc_sl_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)597 void smp_proc_sl_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
598 {
599 UINT8 key_type = p_data->key.key_type;
600
601 SMP_TRACE_DEBUG ("smp_proc_sl_keysmp_proc_sl_key ");
602 if (key_type == SMP_KEY_TYPE_TK)
603 {
604 smp_generate_confirm(p_cb, NULL);
605 }
606 else if (key_type == SMP_KEY_TYPE_CFM)
607 {
608 smp_set_state(SMP_ST_WAIT_CONFIRM);
609
610 if (p_cb->flags & SMP_PAIR_FLAGS_CMD_CONFIRM)
611 smp_sm_event(p_cb, SMP_CONFIRM_EVT, NULL);
612
613 }
614 }
615 /*******************************************************************************
616 ** Function smp_start_enc
617 ** Description start encryption
618 *******************************************************************************/
smp_start_enc(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)619 void smp_start_enc(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
620 {
621 tBTM_STATUS cmd;
622 UINT8 reason = SMP_ENC_FAIL;
623
624 SMP_TRACE_DEBUG ("smp_start_enc ");
625 if (p_data != NULL)
626 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, TRUE, p_data->key.p_data);
627 else
628 cmd = btm_ble_start_encrypt(p_cb->pairing_bda, FALSE, NULL);
629
630 if (cmd != BTM_CMD_STARTED && cmd != BTM_BUSY)
631 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
632
633 }
634
635 /*******************************************************************************
636 ** Function smp_proc_discard
637 ** Description processing for discard security request
638 *******************************************************************************/
smp_proc_discard(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)639 void smp_proc_discard(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
640 {
641 UNUSED(p_data);
642
643 SMP_TRACE_DEBUG ("smp_proc_discard ");
644 if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD))
645 smp_reset_control_value(p_cb);
646 }
647 /*******************************************************************************
648 ** Function smp_proc_release_delay
649 ** Description process the release delay request
650 *******************************************************************************/
smp_proc_release_delay(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)651 void smp_proc_release_delay(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
652 {
653 UNUSED(p_data);
654
655 SMP_TRACE_DEBUG ("smp_proc_release_delay ");
656 btu_stop_timer (&p_cb->rsp_timer_ent);
657 btu_start_timer (&p_cb->rsp_timer_ent, BTU_TTYPE_SMP_PAIRING_CMD,
658 SMP_WAIT_FOR_REL_DELAY_TOUT);
659 }
660
661 /*******************************************************************************
662 ** Function smp_proc_release_delay_tout
663 ** Description processing the release delay timeout
664 *******************************************************************************/
smp_proc_release_delay_tout(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)665 void smp_proc_release_delay_tout(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
666 {
667 UNUSED(p_data);
668
669 SMP_TRACE_DEBUG ("smp_proc_release_delay_tout ");
670 btu_stop_timer (&p_cb->rsp_timer_ent);
671 smp_proc_pairing_cmpl(p_cb);
672 }
673
674
675 /*******************************************************************************
676 ** Function smp_enc_cmpl
677 ** Description encryption success
678 *******************************************************************************/
smp_enc_cmpl(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)679 void smp_enc_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
680 {
681 UINT8 enc_enable = *(UINT8 *)p_data;
682 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
683
684 SMP_TRACE_DEBUG ("smp_enc_cmpl ");
685 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
686 }
687
688
689 /*******************************************************************************
690 ** Function smp_check_auth_req
691 ** Description check authentication request
692 *******************************************************************************/
smp_check_auth_req(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)693 void smp_check_auth_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
694 {
695 UINT8 enc_enable = *(UINT8 *)p_data;
696 UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
697
698 SMP_TRACE_DEBUG ("smp_check_auth_req enc_enable=%d i_keys=0x%x r_keys=0x%x (i-initiator r-responder)",
699 enc_enable, p_cb->loc_i_key, p_cb->loc_r_key);
700 if (enc_enable == 1)
701 {
702 if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
703 (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
704 (p_cb->loc_i_key || p_cb->loc_r_key))
705 {
706 smp_sm_event(p_cb, SMP_BOND_REQ_EVT, NULL);
707 }
708 else
709 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
710 }
711 else if (enc_enable == 0)
712 {
713 /* if failed for encryption after pairing, send callback */
714 if (p_cb->flags & SMP_PAIR_FLAG_ENC_AFTER_PAIR)
715 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
716 /* if enc failed for old security information */
717 /* if master device, clean up and abck to idle; slave device do nothing */
718 else if (p_cb->role == HCI_ROLE_MASTER)
719 {
720 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
721 }
722 }
723 }
724
725 /*******************************************************************************
726 ** Function smp_key_pick_key
727 ** Description Pick a key distribution function based on the key mask.
728 *******************************************************************************/
smp_key_pick_key(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)729 void smp_key_pick_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
730 {
731 UINT8 key_to_dist = (p_cb->role == HCI_ROLE_SLAVE) ? p_cb->loc_r_key : p_cb->loc_i_key;
732 UINT8 i = 0;
733
734 SMP_TRACE_DEBUG ("smp_key_pick_key key_to_dist=0x%x", key_to_dist);
735 while (i < MAX_KEY_DISTRIBUTION_TYPES)
736 {
737 SMP_TRACE_DEBUG("key to send = %02x, i = %d", key_to_dist, i);
738
739 if (key_to_dist & (1 << i))
740 {
741 SMP_TRACE_DEBUG ("smp_distribute_act[%d]", i);
742 (* smp_distribute_act[i])(p_cb, p_data);
743 break;
744 }
745 i ++;
746 }
747 }
748 /*******************************************************************************
749 ** Function smp_key_distribution
750 ** Description start key distribution if required.
751 *******************************************************************************/
smp_key_distribution(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)752 void smp_key_distribution(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
753 {
754 UINT8 reason = SMP_SUCCESS;
755 SMP_TRACE_DEBUG ("smp_key_distribution role=%d (0-master) r_keys=0x%x i_keys=0x%x",
756 p_cb->role, p_cb->loc_r_key, p_cb->loc_i_key);
757
758 if (p_cb->role == HCI_ROLE_SLAVE||
759 (!p_cb->loc_r_key && p_cb->role == HCI_ROLE_MASTER))
760 {
761 smp_key_pick_key(p_cb, p_data);
762 }
763
764 if (!p_cb->loc_i_key && !p_cb->loc_r_key)
765 {
766 /* state check to prevent re-entrant */
767 if (smp_get_state() == SMP_ST_BOND_PENDING)
768 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
769 }
770 }
771 /*******************************************************************************
772 ** Function smp_decide_asso_model
773 ** Description This function is called to compare both sides' io capability
774 ** oob data flag and authentication request, and decide the
775 ** association model to use for the authentication.
776 *******************************************************************************/
smp_decide_asso_model(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)777 void smp_decide_asso_model(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
778 {
779 UINT8 failure = SMP_UNKNOWN_IO_CAP;
780 tSMP_ASSO_MODEL model = SMP_MODEL_MAX;
781 UINT8 int_evt = 0;
782 tSMP_KEY key;
783 tSMP_INT_DATA *p = NULL;
784 UNUSED(p_data);
785
786 SMP_TRACE_DEBUG ("smp_decide_asso_model p_cb->peer_io_caps = %d p_cb->loc_io_caps = %d \
787 p_cb->peer_auth_req = %02x",
788 p_cb->peer_io_caps, p_cb->loc_io_caps, p_cb->peer_auth_req);
789
790 /* OOB data present on both devices, use OOB association model */
791 if (p_cb->peer_oob_flag == SMP_OOB_PRESENT && p_cb->loc_oob_flag == SMP_OOB_PRESENT)
792 {
793 model = SMP_MODEL_OOB;
794 }
795 /* no MITM required, ignore IO cap, use encryption only */
796 else if (SMP_NO_MITM_REQUIRED (p_cb->peer_auth_req) &&
797 SMP_NO_MITM_REQUIRED(p_cb->loc_auth_req))
798 {
799 model = SMP_MODEL_ENC_ONLY;
800 }
801 else/* use IO capability to decide assiciation model */
802 {
803 if (p_cb->peer_io_caps < SMP_IO_CAP_MAX && p_cb->loc_io_caps < SMP_IO_CAP_MAX)
804 {
805 if (p_cb->role == HCI_ROLE_MASTER)
806 model = smp_association_table[p_cb->role][p_cb->peer_io_caps][p_cb->loc_io_caps];
807 else
808 model = smp_association_table[p_cb->role][p_cb->loc_io_caps][p_cb->peer_io_caps];
809 }
810 }
811
812 SMP_TRACE_DEBUG("Association Model = %d", model);
813
814 if (model == SMP_MODEL_OOB)
815 {
816 SMP_TRACE_ERROR("Association Model = SMP_MODEL_OOB");
817 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
818 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
819 p_cb->cb_evt = SMP_OOB_REQ_EVT;
820
821 int_evt = SMP_TK_REQ_EVT;
822 }
823 else if (model == SMP_MODEL_PASSKEY)
824 {
825 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
826 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
827
828 p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
829 int_evt = SMP_TK_REQ_EVT;
830 }
831 else if (model == SMP_MODEL_KEY_NOTIF)
832 {
833 p_cb->sec_level = SMP_SEC_AUTHENTICATED;
834
835 SMP_TRACE_DEBUG("Need to generate Passkey");
836 /* generate passkey and notify application */
837 smp_generate_passkey(p_cb, NULL);
838 }
839 else if (model == SMP_MODEL_ENC_ONLY) /* TK = 0, go calculate Confirm */
840 {
841 if (p_cb->role == HCI_ROLE_MASTER &&
842 ((p_cb->peer_auth_req & SMP_AUTH_YN_BIT) != 0) &&
843 ((p_cb->loc_auth_req & SMP_AUTH_YN_BIT) == 0))
844 {
845 SMP_TRACE_ERROR("IO capability does not meet authentication requirement");
846 failure = SMP_PAIR_AUTH_FAIL;
847 p = (tSMP_INT_DATA *)&failure;
848 int_evt = SMP_AUTH_CMPL_EVT;
849 }
850 else
851 {
852 p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
853 SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level );
854
855 key.key_type = SMP_KEY_TYPE_TK;
856 key.p_data = p_cb->tk;
857 p = (tSMP_INT_DATA *)&key;
858
859 memset(p_cb->tk, 0, BT_OCTET16_LEN);
860 /* TK, ready */
861 int_evt = SMP_KEY_READY_EVT;
862 }
863 }
864 else if (model == SMP_MODEL_MAX)
865 {
866 SMP_TRACE_ERROR("Association Model = SMP_MODEL_MAX (failed)");
867 p = (tSMP_INT_DATA *)&failure;
868 int_evt = SMP_AUTH_CMPL_EVT;
869 }
870
871 SMP_TRACE_EVENT ("sec_level=%d ", p_cb->sec_level );
872 if (int_evt)
873 smp_sm_event(p_cb, int_evt, p);
874 }
875
876 /*******************************************************************************
877 ** Function smp_proc_io_rsp
878 ** Description process IO response for a slave device.
879 *******************************************************************************/
smp_proc_io_rsp(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)880 void smp_proc_io_rsp(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
881 {
882 UNUSED(p_data);
883
884 SMP_TRACE_DEBUG ("smp_proc_io_rsp ");
885 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)
886 {
887 smp_set_state(SMP_ST_SEC_REQ_PENDING);
888 smp_send_cmd(SMP_OPCODE_SEC_REQ, p_cb);
889 }
890 else /* respond to pairing request */
891 {
892 smp_send_pair_rsp(p_cb, NULL);
893 }
894 }
895 /*******************************************************************************
896 ** Function smp_pairing_cmpl
897 ** Description This function is called to send the pairing complete callback
898 ** and remove the connection if needed.
899 *******************************************************************************/
smp_pairing_cmpl(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)900 void smp_pairing_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
901 {
902
903 SMP_TRACE_DEBUG ("smp_pairing_cmpl ");
904
905 if ((p_cb->status == SMP_SUCCESS) ||
906 (p_cb->status <= SMP_REPEATED_ATTEMPTS && p_cb->status != SMP_SUCCESS))
907 {
908 smp_sm_event(p_cb, SMP_RELEASE_DELAY_EVT, p_data);
909 }
910 else
911 {
912 /* this will transition to idle state right away */
913 smp_sm_event(p_cb, SMP_RELEASE_DELAY_TOUT_EVT, p_data);
914 }
915
916 }
917 /*******************************************************************************
918 ** Function smp_pair_terminate
919 ** Description This function is called to send the pairing complete callback
920 ** and remove the connection if needed.
921 *******************************************************************************/
smp_pair_terminate(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)922 void smp_pair_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
923 {
924 UNUSED(p_data);
925
926 SMP_TRACE_DEBUG ("smp_pair_terminate ");
927
928 p_cb->status = SMP_CONN_TOUT;
929
930 smp_proc_pairing_cmpl(p_cb);
931 }
932
933 /*******************************************************************************
934 ** Function smp_delay_terminate
935 ** Description This function is called when connection dropped when smp delay
936 ** timer is still active.
937 *******************************************************************************/
smp_delay_terminate(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)938 void smp_delay_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
939 {
940 SMP_TRACE_DEBUG ("smp_delay_terminate ");
941
942 btu_stop_timer (&p_cb->rsp_timer_ent);
943
944 /* if remote user terminate connection, keep the previous status */
945 /* this is to avoid reporting reverse status to uplayer */
946 if (p_data->reason != HCI_ERR_PEER_USER)
947 p_cb->status = SMP_CONN_TOUT;
948
949 smp_proc_pairing_cmpl(p_cb);
950 }
951 /*******************************************************************************
952 ** Function smp_idle_terminate
953 ** Description This function called in idle state to determine to send authentication
954 ** complete or not.
955 *******************************************************************************/
smp_idle_terminate(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)956 void smp_idle_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
957 {
958 UNUSED(p_data);
959 if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)
960 {
961 SMP_TRACE_DEBUG("Pairing terminated at IDLE state.");
962 p_cb->status = SMP_FAIL;
963 smp_proc_pairing_cmpl(p_cb);
964 }
965 }
966
967 /*******************************************************************************
968 ** Function smp_fast_conn_param
969 ** Description apply default connection parameter for pairing process
970 *******************************************************************************/
smp_fast_conn_param(tSMP_CB * p_cb,tSMP_INT_DATA * p_data)971 void smp_fast_conn_param(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
972 {
973 /* disable connection parameter update */
974 (void)L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, FALSE);
975 }
976
977
978 /*******************************************************************************
979 **
980 ** Function smp_link_encrypted
981 **
982 ** Description This function is called when link is encrypted and notified to
983 ** slave device. Proceed to to send LTK, DIV and ER to master if
984 ** bonding the devices.
985 **
986 **
987 ** Returns void
988 **
989 *******************************************************************************/
smp_link_encrypted(BD_ADDR bda,UINT8 encr_enable)990 void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable)
991 {
992 tSMP_CB *p_cb = &smp_cb;
993
994 SMP_TRACE_DEBUG ("smp_link_encrypted encr_enable=%d",encr_enable);
995
996 if (memcmp(&smp_cb.pairing_bda[0], bda, BD_ADDR_LEN) == 0)
997 {
998 /* encryption completed with STK, remmeber the key size now, could be overwite
999 * when key exchange happens */
1000 if (p_cb->loc_enc_size != 0 && encr_enable)
1001 {
1002 /* update the link encryption key size if a SMP pairing just performed */
1003 btm_ble_update_sec_key_size(bda, p_cb->loc_enc_size);
1004 }
1005
1006 smp_sm_event(&smp_cb, SMP_ENCRYPTED_EVT, &encr_enable);
1007 }
1008 }
1009 /*******************************************************************************
1010 **
1011 ** Function smp_proc_ltk_request
1012 **
1013 ** Description This function is called when LTK request is received from
1014 ** controller.
1015 **
1016 ** Returns void
1017 **
1018 *******************************************************************************/
smp_proc_ltk_request(BD_ADDR bda)1019 BOOLEAN smp_proc_ltk_request(BD_ADDR bda)
1020 {
1021 SMP_TRACE_DEBUG ("smp_proc_ltk_request state = %d", smp_cb.state);
1022 if ( smp_cb.state == SMP_ST_ENC_PENDING &&
1023 !memcmp(bda, smp_cb.pairing_bda, BD_ADDR_LEN))
1024 {
1025 smp_sm_event(&smp_cb, SMP_ENC_REQ_EVT, NULL);
1026
1027 return TRUE;
1028 }
1029
1030 return FALSE;
1031 }
1032 #endif
1033
1034