1 /******************************************************************************
2 *
3 * Copyright (C) 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains functions for the SMP L2Cap utility functions
22 *
23 ******************************************************************************/
24 #include "bt_target.h"
25
26 #if SMP_INCLUDED == TRUE
27
28 #include "bt_types.h"
29 #include "bt_utils.h"
30 #include <string.h>
31 #include <ctype.h>
32 #include "hcidefs.h"
33 #include "btm_ble_api.h"
34 #include "l2c_api.h"
35 #include "l2c_int.h"
36 #include "smp_int.h"
37
38
39 #define SMP_PAIRING_REQ_SIZE 7
40 #define SMP_CONFIRM_CMD_SIZE (BT_OCTET16_LEN + 1)
41 #define SMP_INIT_CMD_SIZE (BT_OCTET16_LEN + 1)
42 #define SMP_ENC_INFO_SIZE (BT_OCTET16_LEN + 1)
43 #define SMP_MASTER_ID_SIZE (BT_OCTET8_LEN + 2 + 1)
44 #define SMP_ID_INFO_SIZE (BT_OCTET16_LEN + 1)
45 #define SMP_ID_ADDR_SIZE (BD_ADDR_LEN + 1 + 1)
46 #define SMP_SIGN_INFO_SIZE (BT_OCTET16_LEN + 1)
47 #define SMP_PAIR_FAIL_SIZE 2
48
49
50 /* type for action functions */
51 typedef BT_HDR * (*tSMP_CMD_ACT)(UINT8 cmd_code, tSMP_CB *p_cb);
52
53 static BT_HDR * smp_build_pairing_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
54 static BT_HDR * smp_build_confirm_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
55 static BT_HDR * smp_build_rand_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
56 static BT_HDR * smp_build_pairing_fail(UINT8 cmd_code, tSMP_CB *p_cb);
57 static BT_HDR * smp_build_identity_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
58 static BT_HDR * smp_build_encrypt_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
59 static BT_HDR * smp_build_security_request(UINT8 cmd_code, tSMP_CB *p_cb);
60 static BT_HDR * smp_build_signing_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
61 static BT_HDR * smp_build_master_id_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
62 static BT_HDR * smp_build_id_addr_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
63
64 const tSMP_CMD_ACT smp_cmd_build_act[] =
65 {
66 NULL,
67 smp_build_pairing_cmd, /* 0x01: pairing request */
68 smp_build_pairing_cmd, /* 0x02: pairing response */
69 smp_build_confirm_cmd, /* 0x03: pairing confirm */
70 smp_build_rand_cmd, /* 0x04: pairing initializer request */
71 smp_build_pairing_fail, /* 0x05: pairing failure */
72 smp_build_encrypt_info_cmd, /* 0x06: security information command */
73 smp_build_master_id_cmd, /* 0x07: master identity command */
74 smp_build_identity_info_cmd, /* 0x08: identity information command */
75 smp_build_id_addr_cmd, /* 0x09: signing information */
76 smp_build_signing_info_cmd, /* 0x0A: signing information */
77 smp_build_security_request /* 0x0B: security request */
78 };
79 /*******************************************************************************
80 **
81 ** Function smp_send_msg_to_L2CAP
82 **
83 ** Description Send message to L2CAP.
84 **
85 *******************************************************************************/
smp_send_msg_to_L2CAP(BD_ADDR rem_bda,BT_HDR * p_toL2CAP)86 BOOLEAN smp_send_msg_to_L2CAP(BD_ADDR rem_bda, BT_HDR *p_toL2CAP)
87 {
88 UINT16 l2cap_ret;
89
90 SMP_TRACE_EVENT("smp_send_msg_to_L2CAP");
91
92 if ((l2cap_ret = L2CA_SendFixedChnlData (L2CAP_SMP_CID, rem_bda, p_toL2CAP)) == L2CAP_DW_FAILED)
93 {
94 SMP_TRACE_ERROR("SMP failed to pass msg:0x%0x to L2CAP",
95 *((UINT8 *)(p_toL2CAP + 1) + p_toL2CAP->offset));
96 GKI_freebuf(p_toL2CAP);
97 return FALSE;
98 }
99 else
100 {
101 return TRUE;
102 }
103 }
104 /*******************************************************************************
105 **
106 ** Function smp_send_cmd
107 **
108 ** Description send a SMP command on L2CAP channel.
109 **
110 *******************************************************************************/
smp_send_cmd(UINT8 cmd_code,tSMP_CB * p_cb)111 BOOLEAN smp_send_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
112 {
113 BT_HDR *p_buf;
114 BOOLEAN sent = FALSE;
115 UINT8 failure = SMP_PAIR_INTERNAL_ERR;
116 SMP_TRACE_EVENT("smp_send_cmd on l2cap cmd_code=0x%x", cmd_code);
117 if ( cmd_code < SMP_OPCODE_MAX &&
118 smp_cmd_build_act[cmd_code] != NULL)
119 {
120 p_buf = (*smp_cmd_build_act[cmd_code])(cmd_code, p_cb);
121
122 if (p_buf != NULL &&
123 smp_send_msg_to_L2CAP(p_cb->pairing_bda, p_buf))
124 {
125 sent = TRUE;
126
127 btu_stop_timer (&p_cb->rsp_timer_ent);
128 btu_start_timer (&p_cb->rsp_timer_ent, BTU_TTYPE_SMP_PAIRING_CMD,
129 SMP_WAIT_FOR_RSP_TOUT);
130 }
131 }
132
133 if (!sent)
134 {
135 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &failure);
136 }
137 return sent;
138 }
139
140
141
142 /*******************************************************************************
143 **
144 ** Function smp_rsp_timeout
145 **
146 ** Description Called when SMP wait for SMP command response timer expires
147 **
148 ** Returns void
149 **
150 *******************************************************************************/
smp_rsp_timeout(TIMER_LIST_ENT * p_tle)151 void smp_rsp_timeout(TIMER_LIST_ENT *p_tle)
152 {
153 tSMP_CB *p_cb = &smp_cb;
154 UINT8 failure = SMP_RSP_TIMEOUT;
155 UNUSED(p_tle);
156
157 SMP_TRACE_EVENT("smp_rsp_timeout state:%d", p_cb->state);
158
159 if (smp_get_state() == SMP_ST_RELEASE_DELAY)
160 {
161 smp_sm_event(p_cb, SMP_RELEASE_DELAY_TOUT_EVT, NULL);
162 }
163 else
164 {
165 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &failure);
166 }
167 }
168
169 /*******************************************************************************
170 **
171 ** Function smp_build_pairing_req_cmd
172 **
173 ** Description Build pairing request command.
174 **
175 *******************************************************************************/
smp_build_pairing_cmd(UINT8 cmd_code,tSMP_CB * p_cb)176 BT_HDR * smp_build_pairing_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
177 {
178 BT_HDR *p_buf = NULL ;
179 UINT8 *p;
180 SMP_TRACE_EVENT("smp_build_pairing_cmd");
181 if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_PAIRING_REQ_SIZE + L2CAP_MIN_OFFSET)) != NULL)
182 {
183 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
184
185 UINT8_TO_STREAM (p, cmd_code);
186 UINT8_TO_STREAM (p, p_cb->loc_io_caps);
187 UINT8_TO_STREAM (p, p_cb->loc_oob_flag);
188 UINT8_TO_STREAM (p, p_cb->loc_auth_req);
189 UINT8_TO_STREAM (p, p_cb->loc_enc_size);
190 UINT8_TO_STREAM (p, p_cb->loc_i_key);
191 UINT8_TO_STREAM (p, p_cb->loc_r_key);
192
193 p_buf->offset = L2CAP_MIN_OFFSET;
194 /* 1B ERR_RSP op code + 1B cmd_op_code + 2B handle + 1B status */
195 p_buf->len = SMP_PAIRING_REQ_SIZE;
196 }
197
198 return p_buf;
199 }
200
201 /*******************************************************************************
202 **
203 ** Function smp_build_confirm_cmd
204 **
205 ** Description Build confirm request command.
206 **
207 *******************************************************************************/
smp_build_confirm_cmd(UINT8 cmd_code,tSMP_CB * p_cb)208 static BT_HDR * smp_build_confirm_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
209 {
210 BT_HDR *p_buf = NULL ;
211 UINT8 *p;
212 UNUSED(cmd_code);
213
214 SMP_TRACE_EVENT("smp_build_confirm_cmd");
215 if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_CONFIRM_CMD_SIZE + L2CAP_MIN_OFFSET)) != NULL)
216 {
217 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
218
219 UINT8_TO_STREAM (p, SMP_OPCODE_CONFIRM);
220 ARRAY_TO_STREAM (p, p_cb->confirm, BT_OCTET16_LEN);
221
222 p_buf->offset = L2CAP_MIN_OFFSET;
223 p_buf->len = SMP_CONFIRM_CMD_SIZE;
224 }
225
226 return p_buf;
227 }
228 /*******************************************************************************
229 **
230 ** Function smp_build_rand_cmd
231 **
232 ** Description Build Initializer command.
233 **
234 *******************************************************************************/
smp_build_rand_cmd(UINT8 cmd_code,tSMP_CB * p_cb)235 static BT_HDR * smp_build_rand_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
236 {
237 BT_HDR *p_buf = NULL ;
238 UINT8 *p;
239 UNUSED(cmd_code);
240
241 SMP_TRACE_EVENT("smp_build_rand_cmd");
242 if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_INIT_CMD_SIZE + L2CAP_MIN_OFFSET)) != NULL)
243 {
244 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
245
246 UINT8_TO_STREAM (p, SMP_OPCODE_INIT);
247 ARRAY_TO_STREAM (p, p_cb->rand, BT_OCTET16_LEN);
248
249 p_buf->offset = L2CAP_MIN_OFFSET;
250 p_buf->len = SMP_INIT_CMD_SIZE;
251 }
252
253 return p_buf;
254 }
255 /*******************************************************************************
256 **
257 ** Function smp_build_encrypt_info_cmd
258 **
259 ** Description Build security information command.
260 **
261 *******************************************************************************/
smp_build_encrypt_info_cmd(UINT8 cmd_code,tSMP_CB * p_cb)262 static BT_HDR * smp_build_encrypt_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
263 {
264 BT_HDR *p_buf = NULL ;
265 UINT8 *p;
266 UNUSED(cmd_code);
267
268 SMP_TRACE_EVENT("smp_build_encrypt_info_cmd");
269 if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_ENC_INFO_SIZE + L2CAP_MIN_OFFSET)) != NULL)
270 {
271 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
272
273 UINT8_TO_STREAM (p, SMP_OPCODE_ENCRYPT_INFO);
274 ARRAY_TO_STREAM (p, p_cb->ltk, BT_OCTET16_LEN);
275
276 p_buf->offset = L2CAP_MIN_OFFSET;
277 p_buf->len = SMP_ENC_INFO_SIZE;
278 }
279
280 return p_buf;
281 }
282 /*******************************************************************************
283 **
284 ** Function smp_build_master_id_cmd
285 **
286 ** Description Build security information command.
287 **
288 *******************************************************************************/
smp_build_master_id_cmd(UINT8 cmd_code,tSMP_CB * p_cb)289 static BT_HDR * smp_build_master_id_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
290 {
291 BT_HDR *p_buf = NULL ;
292 UINT8 *p;
293 UNUSED(cmd_code);
294
295 SMP_TRACE_EVENT("smp_build_master_id_cmd ");
296 if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_MASTER_ID_SIZE + L2CAP_MIN_OFFSET)) != NULL)
297 {
298 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
299
300 UINT8_TO_STREAM (p, SMP_OPCODE_MASTER_ID);
301 UINT16_TO_STREAM (p, p_cb->ediv);
302 ARRAY_TO_STREAM (p, p_cb->enc_rand, BT_OCTET8_LEN);
303
304 p_buf->offset = L2CAP_MIN_OFFSET;
305 p_buf->len = SMP_MASTER_ID_SIZE;
306 }
307
308 return p_buf;
309 }
310 /*******************************************************************************
311 **
312 ** Function smp_build_identity_info_cmd
313 **
314 ** Description Build identity information command.
315 **
316 *******************************************************************************/
smp_build_identity_info_cmd(UINT8 cmd_code,tSMP_CB * p_cb)317 static BT_HDR * smp_build_identity_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
318 {
319 BT_HDR *p_buf = NULL ;
320 UINT8 *p;
321 BT_OCTET16 irk;
322 UNUSED(cmd_code);
323 UNUSED(p_cb);
324
325 SMP_TRACE_EVENT("smp_build_identity_info_cmd");
326 if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_ID_INFO_SIZE + L2CAP_MIN_OFFSET)) != NULL)
327 {
328 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
329
330 BTM_GetDeviceIDRoot(irk);
331
332 UINT8_TO_STREAM (p, SMP_OPCODE_IDENTITY_INFO);
333 ARRAY_TO_STREAM (p, irk, BT_OCTET16_LEN);
334
335 p_buf->offset = L2CAP_MIN_OFFSET;
336 p_buf->len = SMP_ID_INFO_SIZE;
337 }
338
339 return p_buf;
340 }
341 /*******************************************************************************
342 **
343 ** Function smp_build_id_addr_cmd
344 **
345 ** Description Build identity address information command.
346 **
347 *******************************************************************************/
smp_build_id_addr_cmd(UINT8 cmd_code,tSMP_CB * p_cb)348 static BT_HDR * smp_build_id_addr_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
349 {
350 BT_HDR *p_buf = NULL ;
351 UINT8 *p;
352 BD_ADDR static_addr;
353 UNUSED(cmd_code);
354 UNUSED(p_cb);
355
356 SMP_TRACE_EVENT("smp_build_id_addr_cmd");
357 if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_ID_ADDR_SIZE + L2CAP_MIN_OFFSET)) != NULL)
358 {
359 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
360
361 UINT8_TO_STREAM (p, SMP_OPCODE_ID_ADDR);
362 UINT8_TO_STREAM (p, 0); /* TODO: update with local address type */
363 BTM_GetLocalDeviceAddr(static_addr);
364 BDADDR_TO_STREAM (p, static_addr);
365
366 p_buf->offset = L2CAP_MIN_OFFSET;
367 p_buf->len = SMP_ID_ADDR_SIZE;
368 }
369
370 return p_buf;
371 }
372
373 /*******************************************************************************
374 **
375 ** Function smp_build_signing_info_cmd
376 **
377 ** Description Build signing information command.
378 **
379 *******************************************************************************/
smp_build_signing_info_cmd(UINT8 cmd_code,tSMP_CB * p_cb)380 static BT_HDR * smp_build_signing_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
381 {
382 BT_HDR *p_buf = NULL ;
383 UINT8 *p;
384 UNUSED(cmd_code);
385
386 SMP_TRACE_EVENT("smp_build_signing_info_cmd");
387 if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_SIGN_INFO_SIZE + L2CAP_MIN_OFFSET)) != NULL)
388 {
389 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
390
391 UINT8_TO_STREAM (p, SMP_OPCODE_SIGN_INFO);
392 ARRAY_TO_STREAM (p, p_cb->csrk, BT_OCTET16_LEN);
393
394 p_buf->offset = L2CAP_MIN_OFFSET;
395 p_buf->len = SMP_SIGN_INFO_SIZE;
396 }
397
398 return p_buf;
399 }
400 /*******************************************************************************
401 **
402 ** Function smp_build_pairing_fail
403 **
404 ** Description Build Pairing Fail command.
405 **
406 *******************************************************************************/
smp_build_pairing_fail(UINT8 cmd_code,tSMP_CB * p_cb)407 static BT_HDR * smp_build_pairing_fail(UINT8 cmd_code, tSMP_CB *p_cb)
408 {
409 BT_HDR *p_buf = NULL ;
410 UINT8 *p;
411 UNUSED(cmd_code);
412
413 SMP_TRACE_EVENT("smp_build_pairing_fail");
414 if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_PAIR_FAIL_SIZE + L2CAP_MIN_OFFSET)) != NULL)
415 {
416 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
417
418 UINT8_TO_STREAM (p, SMP_OPCODE_PAIRING_FAILED);
419 UINT8_TO_STREAM (p, p_cb->failure);
420
421 p_buf->offset = L2CAP_MIN_OFFSET;
422 p_buf->len = SMP_PAIR_FAIL_SIZE;
423 }
424
425 return p_buf;
426 }
427 /*******************************************************************************
428 **
429 ** Function smp_build_security_request
430 **
431 ** Description Build security request command.
432 **
433 *******************************************************************************/
smp_build_security_request(UINT8 cmd_code,tSMP_CB * p_cb)434 static BT_HDR * smp_build_security_request(UINT8 cmd_code, tSMP_CB *p_cb)
435 {
436 BT_HDR *p_buf = NULL ;
437 UINT8 *p;
438 UNUSED(cmd_code);
439
440 SMP_TRACE_EVENT("smp_build_security_request");
441
442 if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + 2 + L2CAP_MIN_OFFSET)) != NULL)
443 {
444 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
445
446 UINT8_TO_STREAM (p, SMP_OPCODE_SEC_REQ);
447 UINT8_TO_STREAM (p, p_cb->loc_auth_req);
448
449 p_buf->offset = L2CAP_MIN_OFFSET;
450 p_buf->len = 2;
451
452 SMP_TRACE_EVENT("opcode=%d auth_req=0x%x",SMP_OPCODE_SEC_REQ, p_cb->loc_auth_req );
453 }
454
455 return p_buf;
456
457 }
458
459 /*******************************************************************************
460 **
461 ** Function smp_convert_string_to_tk
462 **
463 ** Description This function is called to convert a 6 to 16 digits numeric
464 ** character string into SMP TK.
465 **
466 **
467 ** Returns void
468 **
469 *******************************************************************************/
smp_convert_string_to_tk(BT_OCTET16 tk,UINT32 passkey)470 void smp_convert_string_to_tk(BT_OCTET16 tk, UINT32 passkey)
471 {
472 UINT8 *p = tk;
473 tSMP_KEY key;
474 SMP_TRACE_EVENT("smp_convert_string_to_tk");
475 UINT32_TO_STREAM(p, passkey);
476
477 key.key_type = SMP_KEY_TYPE_TK;
478 key.p_data = tk;
479
480 smp_sm_event(&smp_cb, SMP_KEY_READY_EVT, &key);
481 }
482
483 /*******************************************************************************
484 **
485 ** Function smp_mask_enc_key
486 **
487 ** Description This function is called to mask off the encryption key based
488 ** on the maximum encryption key size.
489 **
490 **
491 ** Returns void
492 **
493 *******************************************************************************/
smp_mask_enc_key(UINT8 loc_enc_size,UINT8 * p_data)494 void smp_mask_enc_key(UINT8 loc_enc_size, UINT8 * p_data)
495 {
496 SMP_TRACE_EVENT("smp_mask_enc_key");
497 if (loc_enc_size < BT_OCTET16_LEN)
498 {
499 for (; loc_enc_size < BT_OCTET16_LEN; loc_enc_size ++)
500 * (p_data + loc_enc_size) = 0;
501 }
502 return;
503 }
504 /*******************************************************************************
505 **
506 ** Function smp_xor_128
507 **
508 ** Description utility function to do an biteise exclusive-OR of two bit
509 ** strings of the length of BT_OCTET16_LEN.
510 **
511 ** Returns void
512 **
513 *******************************************************************************/
smp_xor_128(BT_OCTET16 a,BT_OCTET16 b)514 void smp_xor_128(BT_OCTET16 a, BT_OCTET16 b)
515 {
516 UINT8 i, *aa = a, *bb = b;
517
518 SMP_TRACE_EVENT("smp_xor_128");
519 for (i = 0; i < BT_OCTET16_LEN; i++)
520 {
521 aa[i] = aa[i] ^ bb[i];
522 }
523 }
524
525
526 /*******************************************************************************
527 **
528 ** Function smp_cb_cleanup
529 **
530 ** Description Clean up SMP control block
531 **
532 ** Returns void
533 **
534 *******************************************************************************/
smp_cb_cleanup(tSMP_CB * p_cb)535 void smp_cb_cleanup(tSMP_CB *p_cb)
536 {
537 tSMP_CALLBACK *p_callback = p_cb->p_callback;
538 UINT8 trace_level = p_cb->trace_level;
539
540 SMP_TRACE_EVENT("smp_cb_cleanup");
541 memset(p_cb, 0, sizeof(tSMP_CB));
542 p_cb->p_callback = p_callback;
543 p_cb->trace_level = trace_level;
544 }
545 /*******************************************************************************
546 **
547 ** Function smp_reset_control_value
548 **
549 ** Description This function is called to reset the control block value when
550 ** pairing procedure finished.
551 **
552 **
553 ** Returns void
554 **
555 *******************************************************************************/
smp_reset_control_value(tSMP_CB * p_cb)556 void smp_reset_control_value(tSMP_CB *p_cb)
557 {
558 SMP_TRACE_EVENT("smp_reset_control_value");
559 btu_stop_timer (&p_cb->rsp_timer_ent);
560 #if SMP_CONFORMANCE_TESTING == TRUE
561
562 SMP_TRACE_EVENT("smp_cb.remove_fixed_channel_disable=%d", smp_cb.remove_fixed_channel_disable);
563 if (!smp_cb.remove_fixed_channel_disable)
564 {
565 L2CA_RemoveFixedChnl (L2CAP_SMP_CID, p_cb->pairing_bda);
566 }
567 else
568 {
569 SMP_TRACE_EVENT("disable the removal of the fixed channel");
570 }
571
572
573 #else
574 /* We can tell L2CAP to remove the fixed channel (if it has one) */
575 L2CA_RemoveFixedChnl (L2CAP_SMP_CID, p_cb->pairing_bda);
576
577 #endif
578 smp_cb_cleanup(p_cb);
579
580 }
581 /*******************************************************************************
582 **
583 ** Function smp_proc_pairing_cmpl
584 **
585 ** Description This function is called to process pairing complete
586 **
587 **
588 ** Returns void
589 **
590 *******************************************************************************/
smp_proc_pairing_cmpl(tSMP_CB * p_cb)591 void smp_proc_pairing_cmpl(tSMP_CB *p_cb)
592 {
593 tSMP_EVT_DATA evt_data = {0};
594
595 SMP_TRACE_DEBUG ("smp_proc_pairing_cmpl ");
596
597 evt_data.cmplt.reason = p_cb->status;
598
599 if (p_cb->status == SMP_SUCCESS)
600 evt_data.cmplt.sec_level = p_cb->sec_level;
601
602 evt_data.cmplt.is_pair_cancel = FALSE;
603
604 if (p_cb->is_pair_cancel)
605 evt_data.cmplt.is_pair_cancel = TRUE;
606
607
608 SMP_TRACE_DEBUG ("send SMP_COMPLT_EVT reason=0x%0x sec_level=0x%0x",
609 evt_data.cmplt.reason,
610 evt_data.cmplt.sec_level );
611 if (p_cb->p_callback)
612 (*p_cb->p_callback) (SMP_COMPLT_EVT, p_cb->pairing_bda, &evt_data);
613
614 #if 0 /* TESTING CODE : as a master, reencrypt using LTK */
615 if (evt_data.cmplt.reason == 0 && p_cb->role == HCI_ROLE_MASTER)
616 {
617 btm_ble_start_encrypt(p_cb->pairing_bda, FALSE, NULL);
618 }
619 #endif
620
621 smp_reset_control_value(p_cb);
622 }
623
624 /*******************************************************************************
625 **
626 ** Function smp_reject_unexp_pair_req
627 **
628 ** Description send pairing failure to an unexpected pairing request during
629 ** an active pairing process.
630 **
631 ** Returns void
632 **
633 *******************************************************************************/
smp_reject_unexp_pair_req(BD_ADDR bd_addr)634 void smp_reject_unexp_pair_req(BD_ADDR bd_addr)
635 {
636 BT_HDR *p_buf;
637 UINT8 *p;
638
639 if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_PAIR_FAIL_SIZE + L2CAP_MIN_OFFSET)) != NULL)
640 {
641 p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
642
643 UINT8_TO_STREAM (p, SMP_OPCODE_PAIRING_FAILED);
644 UINT8_TO_STREAM (p, SMP_PAIR_NOT_SUPPORT);
645
646 p_buf->offset = L2CAP_MIN_OFFSET;
647 p_buf->len = SMP_PAIR_FAIL_SIZE;
648
649 smp_send_msg_to_L2CAP(bd_addr, p_buf);
650 }
651 }
652
653 #if SMP_CONFORMANCE_TESTING == TRUE
654 /*******************************************************************************
655 **
656 ** Function smp_set_test_confirm_value
657 **
658 ** Description This function is called to set the test confirm value
659 **
660 ** Returns void
661 **
662 *******************************************************************************/
smp_set_test_confirm_value(BOOLEAN enable,UINT8 * p_c_val)663 void smp_set_test_confirm_value(BOOLEAN enable, UINT8 *p_c_val)
664 {
665 SMP_TRACE_DEBUG("smp_set_test_confirm_value enable=%d", enable);
666 smp_cb.enable_test_confirm_val = enable;
667 memcpy(smp_cb.test_confirm, p_c_val, BT_OCTET16_LEN);
668 }
669
670
671 /*******************************************************************************
672 **
673 ** Function smp_set_test_confirm_value
674 **
675 ** Description This function is called to set the test rand value
676 **
677 ** Returns void
678 **
679 *******************************************************************************/
smp_set_test_rand_value(BOOLEAN enable,UINT8 * p_c_val)680 void smp_set_test_rand_value(BOOLEAN enable, UINT8 *p_c_val)
681 {
682 SMP_TRACE_DEBUG("smp_set_test_rand_value enable=%d", enable);
683 smp_cb.enable_test_rand_val = enable;
684 memcpy(smp_cb.test_rand, p_c_val, BT_OCTET16_LEN);
685 }
686
687
688 /*******************************************************************************
689 **
690 ** Function smp_set_test_pair_fail_status
691 **
692 ** Description This function is called to set the test fairing fair status
693 **
694 ** Returns void
695 **
696 *******************************************************************************/
smp_set_test_pair_fail_status(BOOLEAN enable,UINT8 status)697 void smp_set_test_pair_fail_status (BOOLEAN enable, UINT8 status)
698 {
699 SMP_TRACE_DEBUG("smp_set_test_confirm_value enable=%d", enable);
700 smp_cb.enable_test_pair_fail = enable;
701 smp_cb.pair_fail_status = status;
702 }
703
704 /*******************************************************************************
705 **
706 ** Function smp_set_test_pair_fail_status
707 **
708 ** Description This function is called to disable the removal of fixed channel
709 ** in smp_reset_control_value
710 ** Returns void
711 **
712 *******************************************************************************/
smp_remove_fixed_channel_disable(BOOLEAN disable)713 void smp_remove_fixed_channel_disable (BOOLEAN disable)
714 {
715 SMP_TRACE_DEBUG("smp_remove_fixed_channel_disable disable =%d", disable);
716 smp_cb.remove_fixed_channel_disable = disable;
717 }
718 /*******************************************************************************
719 **
720 ** Function smp_skip_compare_check
721 **
722 ** Description This function is called to skip the compare value check
723 **
724 ** Returns void
725 **
726 *******************************************************************************/
smp_skip_compare_check(BOOLEAN enable)727 void smp_skip_compare_check(BOOLEAN enable)
728 {
729 SMP_TRACE_DEBUG("smp_skip_compare_check enable=%d", enable);
730 smp_cb.skip_test_compare_check = enable;
731 }
732
733 #endif
734
735
736 #endif
737
738