1 /******************************************************************************
2 *
3 * Copyright (C) 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains functions for BLE device control utilities, and LE
22 * security functions.
23 *
24 ******************************************************************************/
25
26 #define LOG_TAG "bt_btm_ble"
27
28 #include "bt_target.h"
29
30 #if BLE_INCLUDED == TRUE
31
32 #include <string.h>
33
34 #include "bt_types.h"
35 #include "bt_utils.h"
36 #include "btm_ble_api.h"
37 #include "btm_int.h"
38 #include "btu.h"
39 #include "device/include/controller.h"
40 #include "gap_api.h"
41 #include "hcimsgs.h"
42 #include "l2c_int.h"
43 #include "osi/include/log.h"
44 #include "smp_api.h"
45
46 #if SMP_INCLUDED == TRUE
47 extern BOOLEAN aes_cipher_msg_auth_code(BT_OCTET16 key, UINT8 *input, UINT16 length,
48 UINT16 tlen, UINT8 *p_signature);
49 extern void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable);
50 extern BOOLEAN smp_proc_ltk_request(BD_ADDR bda);
51 #endif
52 extern void gatt_notify_enc_cmpl(BD_ADDR bd_addr);
53
54 /*******************************************************************************/
55 /* External Function to be called by other modules */
56 /*******************************************************************************/
57 /********************************************************
58 **
59 ** Function BTM_SecAddBleDevice
60 **
61 ** Description Add/modify device. This function will be normally called
62 ** during host startup to restore all required information
63 ** for a LE device stored in the NVRAM.
64 **
65 ** Parameters: bd_addr - BD address of the peer
66 ** bd_name - Name of the peer device. NULL if unknown.
67 ** dev_type - Remote device's device type.
68 ** addr_type - LE device address type.
69 **
70 ** Returns TRUE if added OK, else FALSE
71 **
72 *******************************************************************************/
BTM_SecAddBleDevice(const BD_ADDR bd_addr,BD_NAME bd_name,tBT_DEVICE_TYPE dev_type,tBLE_ADDR_TYPE addr_type)73 BOOLEAN BTM_SecAddBleDevice (const BD_ADDR bd_addr, BD_NAME bd_name, tBT_DEVICE_TYPE dev_type,
74 tBLE_ADDR_TYPE addr_type)
75 {
76 BTM_TRACE_DEBUG ("%s: dev_type=0x%x", __func__, dev_type);
77
78 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bd_addr);
79 if (!p_dev_rec)
80 {
81 p_dev_rec = btm_sec_allocate_dev_rec();
82
83 memcpy(p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN);
84 p_dev_rec->hci_handle = BTM_GetHCIConnHandle(bd_addr, BT_TRANSPORT_BR_EDR);
85 p_dev_rec->ble_hci_handle = BTM_GetHCIConnHandle(bd_addr, BT_TRANSPORT_LE);
86
87 /* update conn params, use default value for background connection params */
88 p_dev_rec->conn_params.min_conn_int = BTM_BLE_CONN_PARAM_UNDEF;
89 p_dev_rec->conn_params.max_conn_int = BTM_BLE_CONN_PARAM_UNDEF;
90 p_dev_rec->conn_params.supervision_tout = BTM_BLE_CONN_PARAM_UNDEF;
91 p_dev_rec->conn_params.slave_latency = BTM_BLE_CONN_PARAM_UNDEF;
92
93 BTM_TRACE_DEBUG("%s: Device added, handle=0x%x ", __func__, p_dev_rec->ble_hci_handle);
94 }
95
96 memset(p_dev_rec->sec_bd_name, 0, sizeof(tBTM_BD_NAME));
97
98 if (bd_name && bd_name[0])
99 {
100 p_dev_rec->sec_flags |= BTM_SEC_NAME_KNOWN;
101 strlcpy((char *)p_dev_rec->sec_bd_name,
102 (char *)bd_name, BTM_MAX_REM_BD_NAME_LEN);
103 }
104 p_dev_rec->device_type |= dev_type;
105 p_dev_rec->ble.ble_addr_type = addr_type;
106
107 memcpy(p_dev_rec->ble.pseudo_addr, bd_addr, BD_ADDR_LEN);
108 /* sync up with the Inq Data base*/
109 tBTM_INQ_INFO *p_info = BTM_InqDbRead(bd_addr);
110 if (p_info)
111 {
112 p_info->results.ble_addr_type = p_dev_rec->ble.ble_addr_type ;
113 p_info->results.device_type = p_dev_rec->device_type;
114 BTM_TRACE_DEBUG("InqDb device_type =0x%x addr_type=0x%x",
115 p_info->results.device_type, p_info->results.ble_addr_type);
116 }
117
118 return TRUE;
119 }
120
121 /*******************************************************************************
122 **
123 ** Function BTM_SecAddBleKey
124 **
125 ** Description Add/modify LE device information. This function will be
126 ** normally called during host startup to restore all required
127 ** information stored in the NVRAM.
128 **
129 ** Parameters: bd_addr - BD address of the peer
130 ** p_le_key - LE key values.
131 ** key_type - LE SMP key type.
132 *
133 ** Returns TRUE if added OK, else FALSE
134 **
135 *******************************************************************************/
BTM_SecAddBleKey(BD_ADDR bd_addr,tBTM_LE_KEY_VALUE * p_le_key,tBTM_LE_KEY_TYPE key_type)136 BOOLEAN BTM_SecAddBleKey (BD_ADDR bd_addr, tBTM_LE_KEY_VALUE *p_le_key, tBTM_LE_KEY_TYPE key_type)
137 {
138 #if SMP_INCLUDED == TRUE
139 tBTM_SEC_DEV_REC *p_dev_rec;
140 BTM_TRACE_DEBUG ("BTM_SecAddBleKey");
141 p_dev_rec = btm_find_dev (bd_addr);
142 if (!p_dev_rec || !p_le_key ||
143 (key_type != BTM_LE_KEY_PENC && key_type != BTM_LE_KEY_PID &&
144 key_type != BTM_LE_KEY_PCSRK && key_type != BTM_LE_KEY_LENC &&
145 key_type != BTM_LE_KEY_LCSRK && key_type != BTM_LE_KEY_LID))
146 {
147 BTM_TRACE_WARNING ("BTM_SecAddBleKey() Wrong Type, or No Device record \
148 for bdaddr: %08x%04x, Type: %d",
149 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3],
150 (bd_addr[4]<<8)+bd_addr[5], key_type);
151 return(FALSE);
152 }
153
154 BTM_TRACE_DEBUG ("BTM_SecAddLeKey() BDA: %08x%04x, Type: 0x%02x",
155 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3],
156 (bd_addr[4]<<8)+bd_addr[5], key_type);
157
158 btm_sec_save_le_key (bd_addr, key_type, p_le_key, FALSE);
159
160 #if (BLE_PRIVACY_SPT == TRUE)
161 if (key_type == BTM_LE_KEY_PID || key_type == BTM_LE_KEY_LID)
162 btm_ble_resolving_list_load_dev (p_dev_rec);
163 #endif
164
165 #endif
166
167 return(TRUE);
168 }
169
170 /*******************************************************************************
171 **
172 ** Function BTM_BleLoadLocalKeys
173 **
174 ** Description Local local identity key, encryption root or sign counter.
175 **
176 ** Parameters: key_type: type of key, can be BTM_BLE_KEY_TYPE_ID, BTM_BLE_KEY_TYPE_ER
177 ** or BTM_BLE_KEY_TYPE_COUNTER.
178 ** p_key: pointer to the key.
179 *
180 ** Returns non2.
181 **
182 *******************************************************************************/
BTM_BleLoadLocalKeys(UINT8 key_type,tBTM_BLE_LOCAL_KEYS * p_key)183 void BTM_BleLoadLocalKeys(UINT8 key_type, tBTM_BLE_LOCAL_KEYS *p_key)
184 {
185 tBTM_DEVCB *p_devcb = &btm_cb.devcb;
186 BTM_TRACE_DEBUG ("%s", __func__);
187 if (p_key != NULL)
188 {
189 switch (key_type)
190 {
191 case BTM_BLE_KEY_TYPE_ID:
192 memcpy(&p_devcb->id_keys, &p_key->id_keys, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
193 break;
194
195 case BTM_BLE_KEY_TYPE_ER:
196 memcpy(p_devcb->ble_encryption_key_value, p_key->er, sizeof(BT_OCTET16));
197 break;
198
199 default:
200 BTM_TRACE_ERROR("unknow local key type: %d", key_type);
201 break;
202 }
203 }
204 }
205
206 /*******************************************************************************
207 **
208 ** Function BTM_GetDeviceEncRoot
209 **
210 ** Description This function is called to read the local device encryption
211 ** root.
212 **
213 ** Returns void
214 ** the local device ER is copied into ble_encr_key_value
215 **
216 *******************************************************************************/
BTM_GetDeviceEncRoot(BT_OCTET16 ble_encr_key_value)217 void BTM_GetDeviceEncRoot (BT_OCTET16 ble_encr_key_value)
218 {
219 BTM_TRACE_DEBUG ("%s", __func__);
220 memcpy (ble_encr_key_value, btm_cb.devcb.ble_encryption_key_value, BT_OCTET16_LEN);
221 }
222
223 /*******************************************************************************
224 **
225 ** Function BTM_GetDeviceIDRoot
226 **
227 ** Description This function is called to read the local device identity
228 ** root.
229 **
230 ** Returns void
231 ** the local device IR is copied into irk
232 **
233 *******************************************************************************/
BTM_GetDeviceIDRoot(BT_OCTET16 irk)234 void BTM_GetDeviceIDRoot (BT_OCTET16 irk)
235 {
236 BTM_TRACE_DEBUG ("BTM_GetDeviceIDRoot ");
237
238 memcpy (irk, btm_cb.devcb.id_keys.irk, BT_OCTET16_LEN);
239 }
240
241 /*******************************************************************************
242 **
243 ** Function BTM_GetDeviceDHK
244 **
245 ** Description This function is called to read the local device DHK.
246 **
247 ** Returns void
248 ** the local device DHK is copied into dhk
249 **
250 *******************************************************************************/
BTM_GetDeviceDHK(BT_OCTET16 dhk)251 void BTM_GetDeviceDHK (BT_OCTET16 dhk)
252 {
253 BTM_TRACE_DEBUG ("BTM_GetDeviceDHK");
254 memcpy (dhk, btm_cb.devcb.id_keys.dhk, BT_OCTET16_LEN);
255 }
256
257 /*******************************************************************************
258 **
259 ** Function BTM_ReadConnectionAddr
260 **
261 ** Description This function is called to get the local device address information
262 ** .
263 **
264 ** Returns void
265 **
266 *******************************************************************************/
BTM_ReadConnectionAddr(BD_ADDR remote_bda,BD_ADDR local_conn_addr,tBLE_ADDR_TYPE * p_addr_type)267 void BTM_ReadConnectionAddr (BD_ADDR remote_bda, BD_ADDR local_conn_addr, tBLE_ADDR_TYPE *p_addr_type)
268 {
269 tACL_CONN *p_acl = btm_bda_to_acl(remote_bda, BT_TRANSPORT_LE);
270
271 if (p_acl == NULL)
272 {
273 BTM_TRACE_ERROR("No connection exist!");
274 return;
275 }
276 memcpy(local_conn_addr, p_acl->conn_addr, BD_ADDR_LEN);
277 * p_addr_type = p_acl->conn_addr_type;
278
279 BTM_TRACE_DEBUG ("BTM_ReadConnectionAddr address type: %d addr: 0x%02x",
280 p_acl->conn_addr_type, p_acl->conn_addr[0]);
281 }
282
283 /*******************************************************************************
284 **
285 ** Function BTM_IsBleConnection
286 **
287 ** Description This function is called to check if the connection handle
288 ** for an LE link
289 **
290 ** Returns TRUE if connection is LE link, otherwise FALSE.
291 **
292 *******************************************************************************/
BTM_IsBleConnection(UINT16 conn_handle)293 BOOLEAN BTM_IsBleConnection (UINT16 conn_handle)
294 {
295 #if (BLE_INCLUDED == TRUE)
296 UINT8 xx;
297 tACL_CONN *p;
298
299 BTM_TRACE_API ("BTM_IsBleConnection: conn_handle: %d", conn_handle);
300
301 xx = btm_handle_to_acl_index (conn_handle);
302 if (xx >= MAX_L2CAP_LINKS)
303 return FALSE;
304
305 p = &btm_cb.acl_db[xx];
306
307 return (p->transport == BT_TRANSPORT_LE);
308 #else
309 return FALSE;
310 #endif
311 }
312
313 /*******************************************************************************
314 **
315 ** Function BTM_ReadRemoteConnectionAddr
316 **
317 ** Description This function is read the remote device address currently used
318 **
319 ** Parameters pseudo_addr: pseudo random address available
320 ** conn_addr:connection address used
321 ** p_addr_type : BD Address type, Public or Random of the address used
322 **
323 ** Returns BOOLEAN , TRUE if connection to remote device exists, else FALSE
324 **
325 *******************************************************************************/
BTM_ReadRemoteConnectionAddr(BD_ADDR pseudo_addr,BD_ADDR conn_addr,tBLE_ADDR_TYPE * p_addr_type)326 BOOLEAN BTM_ReadRemoteConnectionAddr(BD_ADDR pseudo_addr, BD_ADDR conn_addr,
327 tBLE_ADDR_TYPE *p_addr_type)
328 {
329 BOOLEAN st = TRUE;
330 #if (BLE_PRIVACY_SPT == TRUE)
331 tACL_CONN *p = btm_bda_to_acl (pseudo_addr, BT_TRANSPORT_LE);
332
333 if (p == NULL)
334 {
335 BTM_TRACE_ERROR("BTM_ReadRemoteConnectionAddr can not find connection"
336 " with matching address");
337 return FALSE;
338 }
339
340 memcpy(conn_addr, p->active_remote_addr, BD_ADDR_LEN);
341 *p_addr_type = p->active_remote_addr_type;
342 #else
343 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(pseudo_addr);
344
345 memcpy(conn_addr, pseudo_addr, BD_ADDR_LEN);
346 if (p_dev_rec != NULL)
347 {
348 *p_addr_type = p_dev_rec->ble.ble_addr_type;
349 }
350 #endif
351 return st;
352
353 }
354 /*******************************************************************************
355 **
356 ** Function BTM_SecurityGrant
357 **
358 ** Description This function is called to grant security process.
359 **
360 ** Parameters bd_addr - peer device bd address.
361 ** res - result of the operation BTM_SUCCESS if success.
362 ** Otherwise, BTM_REPEATED_ATTEMPTS is too many attempts.
363 **
364 ** Returns None
365 **
366 *******************************************************************************/
BTM_SecurityGrant(BD_ADDR bd_addr,UINT8 res)367 void BTM_SecurityGrant(BD_ADDR bd_addr, UINT8 res)
368 {
369 #if SMP_INCLUDED == TRUE
370 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_REPEATED_ATTEMPTS;
371 BTM_TRACE_DEBUG ("BTM_SecurityGrant");
372 SMP_SecurityGrant(bd_addr, res_smp);
373 #endif
374 }
375
376 /*******************************************************************************
377 **
378 ** Function BTM_BlePasskeyReply
379 **
380 ** Description This function is called after Security Manager submitted
381 ** passkey request to the application.
382 **
383 ** Parameters: bd_addr - Address of the device for which passkey was requested
384 ** res - result of the operation BTM_SUCCESS if success
385 ** key_len - length in bytes of the Passkey
386 ** p_passkey - pointer to array with the passkey
387 ** trusted_mask - bitwise OR of trusted services (array of UINT32)
388 **
389 *******************************************************************************/
BTM_BlePasskeyReply(BD_ADDR bd_addr,UINT8 res,UINT32 passkey)390 void BTM_BlePasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey)
391 {
392 #if SMP_INCLUDED == TRUE
393 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
394 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_PASSKEY_ENTRY_FAIL;
395
396 if (p_dev_rec == NULL)
397 {
398 BTM_TRACE_ERROR("Passkey reply to Unknown device");
399 return;
400 }
401
402 p_dev_rec->sec_flags |= BTM_SEC_LE_AUTHENTICATED;
403 BTM_TRACE_DEBUG ("BTM_BlePasskeyReply");
404 SMP_PasskeyReply(bd_addr, res_smp, passkey);
405 #endif
406 }
407
408 /*******************************************************************************
409 **
410 ** Function BTM_BleConfirmReply
411 **
412 ** Description This function is called after Security Manager submitted
413 ** numeric comparison request to the application.
414 **
415 ** Parameters: bd_addr - Address of the device with which numeric
416 ** comparison was requested
417 ** res - comparison result BTM_SUCCESS if success
418 **
419 *******************************************************************************/
BTM_BleConfirmReply(BD_ADDR bd_addr,UINT8 res)420 void BTM_BleConfirmReply (BD_ADDR bd_addr, UINT8 res)
421 {
422 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
423 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_PASSKEY_ENTRY_FAIL;
424
425 if (p_dev_rec == NULL)
426 {
427 BTM_TRACE_ERROR("Passkey reply to Unknown device");
428 return;
429 }
430
431 p_dev_rec->sec_flags |= BTM_SEC_LE_AUTHENTICATED;
432 BTM_TRACE_DEBUG ("%s", __func__);
433 SMP_ConfirmReply(bd_addr, res_smp);
434 }
435
436 /*******************************************************************************
437 **
438 ** Function BTM_BleOobDataReply
439 **
440 ** Description This function is called to provide the OOB data for
441 ** SMP in response to BTM_LE_OOB_REQ_EVT
442 **
443 ** Parameters: bd_addr - Address of the peer device
444 ** res - result of the operation SMP_SUCCESS if success
445 ** p_data - oob data, depending on transport and capabilities.
446 ** Might be "Simple Pairing Randomizer", or
447 ** "Security Manager TK Value".
448 **
449 *******************************************************************************/
BTM_BleOobDataReply(BD_ADDR bd_addr,UINT8 res,UINT8 len,UINT8 * p_data)450 void BTM_BleOobDataReply(BD_ADDR bd_addr, UINT8 res, UINT8 len, UINT8 *p_data)
451 {
452 #if SMP_INCLUDED == TRUE
453 tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_OOB_FAIL;
454 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
455
456 BTM_TRACE_DEBUG ("%s:", __func__);
457
458 if (p_dev_rec == NULL) {
459 BTM_TRACE_ERROR("%s: Unknown device", __func__);
460 return;
461 }
462
463 p_dev_rec->sec_flags |= BTM_SEC_LE_AUTHENTICATED;
464 SMP_OobDataReply(bd_addr, res_smp, len, p_data);
465 #endif
466 }
467
468 /*******************************************************************************
469 **
470 ** Function BTM_BleSecureConnectionOobDataReply
471 **
472 ** Description This function is called to provide the OOB data for
473 ** SMP in response to BTM_LE_OOB_REQ_EVT when secure connection
474 ** data is available
475 **
476 ** Parameters: bd_addr - Address of the peer device
477 ** p_c - pointer to Confirmation.
478 ** p_r - pointer to Randomizer
479 **
480 *******************************************************************************/
BTM_BleSecureConnectionOobDataReply(BD_ADDR bd_addr,uint8_t * p_c,uint8_t * p_r)481 void BTM_BleSecureConnectionOobDataReply(BD_ADDR bd_addr,
482 uint8_t *p_c, uint8_t *p_r)
483 {
484 #if SMP_INCLUDED == TRUE
485 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
486
487 BTM_TRACE_DEBUG ("%s:", __func__);
488
489 if (p_dev_rec == NULL) {
490 BTM_TRACE_ERROR("%s: Unknown device", __func__);
491 return;
492 }
493
494 p_dev_rec->sec_flags |= BTM_SEC_LE_AUTHENTICATED;
495
496 tSMP_SC_OOB_DATA oob;
497 memset(&oob, 0, sizeof(tSMP_SC_OOB_DATA));
498
499 oob.peer_oob_data.present = true;
500 memcpy(&oob.peer_oob_data.randomizer, p_r, BT_OCTET16_LEN);
501 memcpy(&oob.peer_oob_data.commitment, p_c, BT_OCTET16_LEN);
502 oob.peer_oob_data.addr_rcvd_from.type = p_dev_rec->ble.ble_addr_type;
503 memcpy(&oob.peer_oob_data.addr_rcvd_from.bda, bd_addr, sizeof(BD_ADDR));
504
505 SMP_SecureConnectionOobDataReply((uint8_t*)&oob);
506 #endif
507 }
508
509 /******************************************************************************
510 **
511 ** Function BTM_BleSetConnScanParams
512 **
513 ** Description Set scan parameter used in BLE connection request
514 **
515 ** Parameters: scan_interval: scan interval
516 ** scan_window: scan window
517 **
518 ** Returns void
519 **
520 *******************************************************************************/
BTM_BleSetConnScanParams(UINT32 scan_interval,UINT32 scan_window)521 void BTM_BleSetConnScanParams (UINT32 scan_interval, UINT32 scan_window)
522 {
523 #if SMP_INCLUDED == TRUE
524 tBTM_BLE_CB *p_ble_cb = &btm_cb.ble_ctr_cb;
525 BOOLEAN new_param = FALSE;
526
527 if (BTM_BLE_ISVALID_PARAM(scan_interval, BTM_BLE_SCAN_INT_MIN, BTM_BLE_SCAN_INT_MAX) &&
528 BTM_BLE_ISVALID_PARAM(scan_window, BTM_BLE_SCAN_WIN_MIN, BTM_BLE_SCAN_WIN_MAX))
529 {
530 if (p_ble_cb->scan_int != scan_interval)
531 {
532 p_ble_cb->scan_int = scan_interval;
533 new_param = TRUE;
534 }
535
536 if (p_ble_cb->scan_win != scan_window)
537 {
538 p_ble_cb->scan_win = scan_window;
539 new_param = TRUE;
540 }
541
542 if (new_param && p_ble_cb->conn_state == BLE_BG_CONN)
543 {
544 btm_ble_suspend_bg_conn();
545 }
546 }
547 else
548 {
549 BTM_TRACE_ERROR("Illegal Connection Scan Parameters");
550 }
551 #endif
552 }
553
554 /********************************************************
555 **
556 ** Function BTM_BleSetPrefConnParams
557 **
558 ** Description Set a peripheral's preferred connection parameters
559 **
560 ** Parameters: bd_addr - BD address of the peripheral
561 ** scan_interval: scan interval
562 ** scan_window: scan window
563 ** min_conn_int - minimum preferred connection interval
564 ** max_conn_int - maximum preferred connection interval
565 ** slave_latency - preferred slave latency
566 ** supervision_tout - preferred supervision timeout
567 **
568 ** Returns void
569 **
570 *******************************************************************************/
BTM_BleSetPrefConnParams(BD_ADDR bd_addr,UINT16 min_conn_int,UINT16 max_conn_int,UINT16 slave_latency,UINT16 supervision_tout)571 void BTM_BleSetPrefConnParams (BD_ADDR bd_addr,
572 UINT16 min_conn_int, UINT16 max_conn_int,
573 UINT16 slave_latency, UINT16 supervision_tout)
574 {
575 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
576
577 BTM_TRACE_API ("BTM_BleSetPrefConnParams min: %u max: %u latency: %u \
578 tout: %u",
579 min_conn_int, max_conn_int, slave_latency, supervision_tout);
580
581 if (BTM_BLE_ISVALID_PARAM(min_conn_int, BTM_BLE_CONN_INT_MIN, BTM_BLE_CONN_INT_MAX) &&
582 BTM_BLE_ISVALID_PARAM(max_conn_int, BTM_BLE_CONN_INT_MIN, BTM_BLE_CONN_INT_MAX) &&
583 BTM_BLE_ISVALID_PARAM(supervision_tout, BTM_BLE_CONN_SUP_TOUT_MIN, BTM_BLE_CONN_SUP_TOUT_MAX) &&
584 (slave_latency <= BTM_BLE_CONN_LATENCY_MAX || slave_latency == BTM_BLE_CONN_PARAM_UNDEF))
585 {
586 if (p_dev_rec)
587 {
588 /* expect conn int and stout and slave latency to be updated all together */
589 if (min_conn_int != BTM_BLE_CONN_PARAM_UNDEF || max_conn_int != BTM_BLE_CONN_PARAM_UNDEF)
590 {
591 if (min_conn_int != BTM_BLE_CONN_PARAM_UNDEF)
592 p_dev_rec->conn_params.min_conn_int = min_conn_int;
593 else
594 p_dev_rec->conn_params.min_conn_int = max_conn_int;
595
596 if (max_conn_int != BTM_BLE_CONN_PARAM_UNDEF)
597 p_dev_rec->conn_params.max_conn_int = max_conn_int;
598 else
599 p_dev_rec->conn_params.max_conn_int = min_conn_int;
600
601 if (slave_latency != BTM_BLE_CONN_PARAM_UNDEF)
602 p_dev_rec->conn_params.slave_latency = slave_latency;
603 else
604 p_dev_rec->conn_params.slave_latency = BTM_BLE_CONN_SLAVE_LATENCY_DEF;
605
606 if (supervision_tout != BTM_BLE_CONN_PARAM_UNDEF)
607 p_dev_rec->conn_params.supervision_tout = supervision_tout;
608 else
609 p_dev_rec->conn_params.supervision_tout = BTM_BLE_CONN_TIMEOUT_DEF;
610
611 }
612
613 }
614 else
615 {
616 BTM_TRACE_ERROR("Unknown Device, setting rejected");
617 }
618 }
619 else
620 {
621 BTM_TRACE_ERROR("Illegal Connection Parameters");
622 }
623 }
624
625 /*******************************************************************************
626 **
627 ** Function BTM_ReadDevInfo
628 **
629 ** Description This function is called to read the device/address type
630 ** of BD address.
631 **
632 ** Parameter remote_bda: remote device address
633 ** p_dev_type: output parameter to read the device type.
634 ** p_addr_type: output parameter to read the address type.
635 **
636 *******************************************************************************/
BTM_ReadDevInfo(BD_ADDR remote_bda,tBT_DEVICE_TYPE * p_dev_type,tBLE_ADDR_TYPE * p_addr_type)637 void BTM_ReadDevInfo (BD_ADDR remote_bda, tBT_DEVICE_TYPE *p_dev_type, tBLE_ADDR_TYPE *p_addr_type)
638 {
639 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (remote_bda);
640 tBTM_INQ_INFO *p_inq_info = BTM_InqDbRead(remote_bda);
641
642 *p_addr_type = BLE_ADDR_PUBLIC;
643
644 if (!p_dev_rec)
645 {
646 *p_dev_type = BT_DEVICE_TYPE_BREDR;
647 /* Check with the BT manager if details about remote device are known */
648 if (p_inq_info != NULL)
649 {
650 *p_dev_type = p_inq_info->results.device_type ;
651 *p_addr_type = p_inq_info->results.ble_addr_type;
652 } else {
653 /* unknown device, assume BR/EDR */
654 BTM_TRACE_DEBUG ("btm_find_dev_type - unknown device, BR/EDR assumed");
655 }
656 }
657 else /* there is a security device record exisitng */
658 {
659 /* new inquiry result, overwrite device type in security device record */
660 if (p_inq_info)
661 {
662 p_dev_rec->device_type = p_inq_info->results.device_type;
663 p_dev_rec->ble.ble_addr_type = p_inq_info->results.ble_addr_type;
664 }
665 if (memcmp(p_dev_rec->bd_addr, remote_bda, BD_ADDR_LEN) == 0 &&
666 memcmp(p_dev_rec->ble.pseudo_addr, remote_bda, BD_ADDR_LEN) == 0)
667 {
668 *p_dev_type = p_dev_rec->device_type;
669 *p_addr_type = p_dev_rec->ble.ble_addr_type;
670 }
671 else if (memcmp(p_dev_rec->ble.pseudo_addr, remote_bda, BD_ADDR_LEN) == 0)
672 {
673 *p_dev_type = BT_DEVICE_TYPE_BLE;
674 *p_addr_type = p_dev_rec->ble.ble_addr_type;
675 }
676 else /* matching static adddress only */
677 {
678 *p_dev_type = BT_DEVICE_TYPE_BREDR;
679 *p_addr_type = BLE_ADDR_PUBLIC;
680 }
681
682 }
683
684 BTM_TRACE_DEBUG ("btm_find_dev_type - device_type = %d addr_type = %d", *p_dev_type , *p_addr_type);
685 }
686
687 /*******************************************************************************
688 **
689 ** Function BTM_ReadConnectedTransportAddress
690 **
691 ** Description This function is called to read the paired device/address type of other device paired
692 ** corresponding to the BD_address
693 **
694 ** Parameter remote_bda: remote device address, carry out the transport address
695 ** transport: active transport
696 **
697 ** Return TRUE if an active link is identified; FALSE otherwise
698 **
699 *******************************************************************************/
BTM_ReadConnectedTransportAddress(BD_ADDR remote_bda,tBT_TRANSPORT transport)700 BOOLEAN BTM_ReadConnectedTransportAddress(BD_ADDR remote_bda, tBT_TRANSPORT transport)
701 {
702 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(remote_bda);
703
704 /* if no device can be located, return */
705 if (p_dev_rec == NULL)
706 return FALSE;
707
708 if (transport == BT_TRANSPORT_BR_EDR)
709 {
710 if (btm_bda_to_acl(p_dev_rec->bd_addr, transport) != NULL)
711 {
712 memcpy(remote_bda, p_dev_rec->bd_addr, BD_ADDR_LEN);
713 return TRUE;
714 }
715 else if (p_dev_rec->device_type & BT_DEVICE_TYPE_BREDR)
716 {
717 memcpy(remote_bda, p_dev_rec->bd_addr, BD_ADDR_LEN);
718 }
719 else
720 memset(remote_bda, 0, BD_ADDR_LEN);
721 return FALSE;
722 }
723
724 if (transport == BT_TRANSPORT_LE)
725 {
726 memcpy(remote_bda, p_dev_rec->ble.pseudo_addr, BD_ADDR_LEN);
727 if (btm_bda_to_acl(p_dev_rec->ble.pseudo_addr, transport) != NULL)
728 return TRUE;
729 else
730 return FALSE;
731 }
732
733 return FALSE;
734 }
735
736 /*******************************************************************************
737 **
738 ** Function BTM_BleReceiverTest
739 **
740 ** Description This function is called to start the LE Receiver test
741 **
742 ** Parameter rx_freq - Frequency Range
743 ** p_cmd_cmpl_cback - Command Complete callback
744 **
745 *******************************************************************************/
BTM_BleReceiverTest(UINT8 rx_freq,tBTM_CMPL_CB * p_cmd_cmpl_cback)746 void BTM_BleReceiverTest(UINT8 rx_freq, tBTM_CMPL_CB *p_cmd_cmpl_cback)
747 {
748 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback;
749
750 if (btsnd_hcic_ble_receiver_test(rx_freq) == FALSE)
751 {
752 BTM_TRACE_ERROR("%s: Unable to Trigger LE receiver test", __FUNCTION__);
753 }
754 }
755
756 /*******************************************************************************
757 **
758 ** Function BTM_BleTransmitterTest
759 **
760 ** Description This function is called to start the LE Transmitter test
761 **
762 ** Parameter tx_freq - Frequency Range
763 ** test_data_len - Length in bytes of payload data in each packet
764 ** packet_payload - Pattern to use in the payload
765 ** p_cmd_cmpl_cback - Command Complete callback
766 **
767 *******************************************************************************/
BTM_BleTransmitterTest(UINT8 tx_freq,UINT8 test_data_len,UINT8 packet_payload,tBTM_CMPL_CB * p_cmd_cmpl_cback)768 void BTM_BleTransmitterTest(UINT8 tx_freq, UINT8 test_data_len,
769 UINT8 packet_payload, tBTM_CMPL_CB *p_cmd_cmpl_cback)
770 {
771 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback;
772 if (btsnd_hcic_ble_transmitter_test(tx_freq, test_data_len, packet_payload) == FALSE)
773 {
774 BTM_TRACE_ERROR("%s: Unable to Trigger LE transmitter test", __FUNCTION__);
775 }
776 }
777
778 /*******************************************************************************
779 **
780 ** Function BTM_BleTestEnd
781 **
782 ** Description This function is called to stop the in-progress TX or RX test
783 **
784 ** Parameter p_cmd_cmpl_cback - Command complete callback
785 **
786 *******************************************************************************/
BTM_BleTestEnd(tBTM_CMPL_CB * p_cmd_cmpl_cback)787 void BTM_BleTestEnd(tBTM_CMPL_CB *p_cmd_cmpl_cback)
788 {
789 btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback;
790
791 if (btsnd_hcic_ble_test_end() == FALSE)
792 {
793 BTM_TRACE_ERROR("%s: Unable to End the LE TX/RX test", __FUNCTION__);
794 }
795 }
796
797 /*******************************************************************************
798 ** Internal Functions
799 *******************************************************************************/
btm_ble_test_command_complete(UINT8 * p)800 void btm_ble_test_command_complete(UINT8 *p)
801 {
802 tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_le_test_cmd_cmpl_cb;
803
804 btm_cb.devcb.p_le_test_cmd_cmpl_cb = NULL;
805
806 if (p_cb)
807 {
808 (*p_cb)(p);
809 }
810 }
811
812 /*******************************************************************************
813 **
814 ** Function BTM_UseLeLink
815 **
816 ** Description This function is to select the underneath physical link to use.
817 **
818 ** Returns TRUE to use LE, FALSE use BR/EDR.
819 **
820 *******************************************************************************/
BTM_UseLeLink(BD_ADDR bd_addr)821 BOOLEAN BTM_UseLeLink (BD_ADDR bd_addr)
822 {
823 tACL_CONN *p;
824 tBT_DEVICE_TYPE dev_type;
825 tBLE_ADDR_TYPE addr_type;
826 BOOLEAN use_le = FALSE;
827
828 if ((p = btm_bda_to_acl(bd_addr, BT_TRANSPORT_BR_EDR)) != NULL)
829 {
830 return use_le;
831 }
832 else if ((p = btm_bda_to_acl(bd_addr, BT_TRANSPORT_LE)) != NULL)
833 {
834 use_le = TRUE;
835 }
836 else
837 {
838 BTM_ReadDevInfo(bd_addr, &dev_type, &addr_type);
839 use_le = (dev_type == BT_DEVICE_TYPE_BLE);
840 }
841 return use_le;
842 }
843
844 /*******************************************************************************
845 **
846 ** Function BTM_SetBleDataLength
847 **
848 ** Description This function is to set maximum BLE transmission packet size
849 **
850 ** Returns BTM_SUCCESS if success; otherwise failed.
851 **
852 *******************************************************************************/
BTM_SetBleDataLength(BD_ADDR bd_addr,UINT16 tx_pdu_length)853 tBTM_STATUS BTM_SetBleDataLength(BD_ADDR bd_addr, UINT16 tx_pdu_length)
854 {
855 tACL_CONN *p_acl = btm_bda_to_acl(bd_addr, BT_TRANSPORT_LE);
856 BTM_TRACE_DEBUG("%s: tx_pdu_length =%d", __FUNCTION__, tx_pdu_length);
857
858 if (!controller_get_interface()->supports_ble_packet_extension())
859 {
860 BTM_TRACE_ERROR("%s failed, request not supported", __FUNCTION__);
861 return BTM_ILLEGAL_VALUE;
862 }
863
864 if (!HCI_LE_DATA_LEN_EXT_SUPPORTED(p_acl->peer_le_features))
865 {
866 BTM_TRACE_ERROR("%s failed, peer does not support request", __FUNCTION__);
867 return BTM_ILLEGAL_VALUE;
868 }
869
870 if (p_acl != NULL)
871 {
872 if (tx_pdu_length > BTM_BLE_DATA_SIZE_MAX)
873 tx_pdu_length = BTM_BLE_DATA_SIZE_MAX;
874 else if (tx_pdu_length < BTM_BLE_DATA_SIZE_MIN)
875 tx_pdu_length = BTM_BLE_DATA_SIZE_MIN;
876
877 /* always set the TxTime to be max, as controller does not care for now */
878 btsnd_hcic_ble_set_data_length(p_acl->hci_handle, tx_pdu_length,
879 BTM_BLE_DATA_TX_TIME_MAX);
880
881 return BTM_SUCCESS;
882 }
883 else
884 {
885 BTM_TRACE_ERROR("%s: Wrong mode: no LE link exist or LE not supported",__FUNCTION__);
886 return BTM_WRONG_MODE;
887 }
888 }
889
890 /*******************************************************************************
891 **
892 ** Function btm_ble_determine_security_act
893 **
894 ** Description This function checks the security of current LE link
895 ** and returns the appropriate action that needs to be
896 ** taken to achieve the required security.
897 **
898 ** Parameter is_originator - True if outgoing connection
899 ** bdaddr: remote device address
900 ** security_required: Security required for the service.
901 **
902 ** Returns The appropriate security action required.
903 **
904 *******************************************************************************/
btm_ble_determine_security_act(BOOLEAN is_originator,BD_ADDR bdaddr,UINT16 security_required)905 tBTM_SEC_ACTION btm_ble_determine_security_act(BOOLEAN is_originator, BD_ADDR bdaddr, UINT16 security_required)
906 {
907 tBTM_LE_AUTH_REQ auth_req = 0x00;
908
909 if (is_originator)
910 {
911 if ((security_required & BTM_SEC_OUT_FLAGS) == 0 &&
912 (security_required & BTM_SEC_OUT_MITM) == 0)
913 {
914 BTM_TRACE_DEBUG ("%s No security required for outgoing connection", __func__);
915 return BTM_SEC_OK;
916 }
917
918 if (security_required & BTM_SEC_OUT_MITM)
919 auth_req |= BTM_LE_AUTH_REQ_MITM;
920 }
921 else
922 {
923 if ((security_required & BTM_SEC_IN_FLAGS) == 0&& (security_required & BTM_SEC_IN_MITM) == 0)
924 {
925 BTM_TRACE_DEBUG ("%s No security required for incoming connection", __func__);
926 return BTM_SEC_OK;
927 }
928
929 if (security_required & BTM_SEC_IN_MITM)
930 auth_req |= BTM_LE_AUTH_REQ_MITM;
931 }
932
933 tBTM_BLE_SEC_REQ_ACT ble_sec_act;
934 btm_ble_link_sec_check(bdaddr, auth_req, &ble_sec_act);
935
936 BTM_TRACE_DEBUG ("%s ble_sec_act %d", __func__ , ble_sec_act);
937
938 if (ble_sec_act == BTM_BLE_SEC_REQ_ACT_DISCARD)
939 return BTM_SEC_ENC_PENDING;
940
941 if (ble_sec_act == BTM_BLE_SEC_REQ_ACT_NONE)
942 return BTM_SEC_OK;
943
944 UINT8 sec_flag = 0;
945 BTM_GetSecurityFlagsByTransport(bdaddr, &sec_flag, BT_TRANSPORT_LE);
946
947 BOOLEAN is_link_encrypted = FALSE;
948 BOOLEAN is_key_mitm = FALSE;
949 if (sec_flag & (BTM_SEC_FLAG_ENCRYPTED| BTM_SEC_FLAG_LKEY_KNOWN))
950 {
951 if (sec_flag & BTM_SEC_FLAG_ENCRYPTED)
952 is_link_encrypted = TRUE;
953
954 if (sec_flag & BTM_SEC_FLAG_LKEY_AUTHED)
955 is_key_mitm = TRUE;
956 }
957
958 if (auth_req & BTM_LE_AUTH_REQ_MITM)
959 {
960 if (!is_key_mitm)
961 {
962 return BTM_SEC_ENCRYPT_MITM;
963 } else {
964 if (is_link_encrypted)
965 return BTM_SEC_OK;
966 else
967 return BTM_SEC_ENCRYPT;
968 }
969 } else {
970 if (is_link_encrypted)
971 return BTM_SEC_OK;
972 else
973 return BTM_SEC_ENCRYPT_NO_MITM;
974 }
975
976 return BTM_SEC_OK;
977 }
978
979 /*******************************************************************************
980 **
981 ** Function btm_ble_start_sec_check
982 **
983 ** Description This function is to check and set the security required for
984 ** LE link for LE COC.
985 **
986 ** Parameter bdaddr: remote device address.
987 ** psm : PSM of the LE COC sevice.
988 ** is_originator: TRUE if outgoing connection.
989 ** p_callback : Pointer to the callback function.
990 ** p_ref_data : Pointer to be returned along with the callback.
991 **
992 ** Returns TRUE if link already meets the required security; otherwise FALSE.
993 **
994 *******************************************************************************/
btm_ble_start_sec_check(BD_ADDR bd_addr,UINT16 psm,BOOLEAN is_originator,tBTM_SEC_CALLBACK * p_callback,void * p_ref_data)995 BOOLEAN btm_ble_start_sec_check(BD_ADDR bd_addr, UINT16 psm, BOOLEAN is_originator,
996 tBTM_SEC_CALLBACK *p_callback, void *p_ref_data)
997 {
998 /* Find the service record for the PSM */
999 tBTM_SEC_SERV_REC *p_serv_rec = btm_sec_find_first_serv (is_originator, psm);
1000
1001 /* If there is no application registered with this PSM do not allow connection */
1002 if (!p_serv_rec)
1003 {
1004 BTM_TRACE_WARNING ("%s PSM: %d no application registerd", __func__, psm);
1005 (*p_callback) (bd_addr, BT_TRANSPORT_LE, p_ref_data, BTM_MODE_UNSUPPORTED);
1006 return FALSE;
1007 }
1008
1009 tBTM_SEC_ACTION sec_act = btm_ble_determine_security_act(is_originator,
1010 bd_addr, p_serv_rec->security_flags);
1011
1012 tBTM_BLE_SEC_ACT ble_sec_act = BTM_BLE_SEC_NONE;
1013 BOOLEAN status = FALSE;
1014
1015 switch (sec_act)
1016 {
1017 case BTM_SEC_OK:
1018 BTM_TRACE_DEBUG ("%s Security met", __func__);
1019 p_callback(bd_addr, BT_TRANSPORT_LE, p_ref_data, BTM_SUCCESS);
1020 status = TRUE;
1021 break;
1022
1023 case BTM_SEC_ENCRYPT:
1024 BTM_TRACE_DEBUG ("%s Encryption needs to be done", __func__);
1025 ble_sec_act = BTM_BLE_SEC_ENCRYPT;
1026 break;
1027
1028 case BTM_SEC_ENCRYPT_MITM:
1029 BTM_TRACE_DEBUG ("%s Pairing with MITM needs to be done", __func__);
1030 ble_sec_act = BTM_BLE_SEC_ENCRYPT_MITM;
1031 break;
1032
1033 case BTM_SEC_ENCRYPT_NO_MITM:
1034 BTM_TRACE_DEBUG ("%s Pairing with No MITM needs to be done", __func__);
1035 ble_sec_act = BTM_BLE_SEC_ENCRYPT_NO_MITM;
1036 break;
1037
1038 case BTM_SEC_ENC_PENDING:
1039 BTM_TRACE_DEBUG ("%s Ecryption pending", __func__);
1040 break;
1041 }
1042
1043 if (ble_sec_act == BTM_BLE_SEC_NONE)
1044 return status;
1045
1046 tL2C_LCB *p_lcb = l2cu_find_lcb_by_bd_addr(bd_addr, BT_TRANSPORT_LE);
1047 p_lcb->sec_act = sec_act;
1048 BTM_SetEncryption(bd_addr, BT_TRANSPORT_LE, p_callback, p_ref_data, ble_sec_act);
1049
1050 return FALSE;
1051 }
1052
1053 /*******************************************************************************
1054 **
1055 ** Function btm_ble_rand_enc_complete
1056 **
1057 ** Description This function is the callback functions for HCI_Rand command
1058 ** and HCI_Encrypt command is completed.
1059 ** This message is received from the HCI.
1060 **
1061 ** Returns void
1062 **
1063 *******************************************************************************/
btm_ble_rand_enc_complete(UINT8 * p,UINT16 op_code,tBTM_RAND_ENC_CB * p_enc_cplt_cback)1064 void btm_ble_rand_enc_complete (UINT8 *p, UINT16 op_code, tBTM_RAND_ENC_CB *p_enc_cplt_cback)
1065 {
1066 tBTM_RAND_ENC params;
1067 UINT8 *p_dest = params.param_buf;
1068
1069 BTM_TRACE_DEBUG ("btm_ble_rand_enc_complete");
1070
1071 memset(¶ms, 0, sizeof(tBTM_RAND_ENC));
1072
1073 /* If there was a callback address for vcs complete, call it */
1074 if (p_enc_cplt_cback && p)
1075 {
1076 /* Pass paramters to the callback function */
1077 STREAM_TO_UINT8(params.status, p); /* command status */
1078
1079 if (params.status == HCI_SUCCESS)
1080 {
1081 params.opcode = op_code;
1082
1083 if (op_code == HCI_BLE_RAND)
1084 params.param_len = BT_OCTET8_LEN;
1085 else
1086 params.param_len = BT_OCTET16_LEN;
1087
1088 memcpy(p_dest, p, params.param_len); /* Fetch return info from HCI event message */
1089 }
1090 if (p_enc_cplt_cback)
1091 (*p_enc_cplt_cback)(¶ms); /* Call the Encryption complete callback function */
1092 }
1093 }
1094
1095 #if (SMP_INCLUDED == TRUE)
1096
1097 /*******************************************************************************
1098 **
1099 ** Function btm_ble_get_enc_key_type
1100 **
1101 ** Description This function is to increment local sign counter
1102 ** Returns None
1103 **
1104 *******************************************************************************/
btm_ble_increment_sign_ctr(BD_ADDR bd_addr,BOOLEAN is_local)1105 void btm_ble_increment_sign_ctr(BD_ADDR bd_addr, BOOLEAN is_local )
1106 {
1107 tBTM_SEC_DEV_REC *p_dev_rec;
1108
1109 BTM_TRACE_DEBUG ("btm_ble_increment_sign_ctr is_local=%d", is_local);
1110
1111 if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL)
1112 {
1113 if (is_local)
1114 p_dev_rec->ble.keys.local_counter++;
1115 else
1116 p_dev_rec->ble.keys.counter++;
1117 BTM_TRACE_DEBUG ("is_local=%d local sign counter=%d peer sign counter=%d",
1118 is_local,
1119 p_dev_rec->ble.keys.local_counter,
1120 p_dev_rec->ble.keys.counter);
1121 }
1122 }
1123
1124 /*******************************************************************************
1125 **
1126 ** Function btm_ble_get_enc_key_type
1127 **
1128 ** Description This function is to get the BLE key type that has been exchanged
1129 ** in betweem local device and peer device.
1130 **
1131 ** Returns p_key_type: output parameter to carry the key type value.
1132 **
1133 *******************************************************************************/
btm_ble_get_enc_key_type(BD_ADDR bd_addr,UINT8 * p_key_types)1134 BOOLEAN btm_ble_get_enc_key_type(BD_ADDR bd_addr, UINT8 *p_key_types)
1135 {
1136 tBTM_SEC_DEV_REC *p_dev_rec;
1137
1138 BTM_TRACE_DEBUG ("btm_ble_get_enc_key_type");
1139
1140 if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL)
1141 {
1142 *p_key_types = p_dev_rec->ble.key_type;
1143 return TRUE;
1144 }
1145 return FALSE;
1146 }
1147
1148 /*******************************************************************************
1149 **
1150 ** Function btm_get_local_div
1151 **
1152 ** Description This function is called to read the local DIV
1153 **
1154 ** Returns TURE - if a valid DIV is availavle
1155 *******************************************************************************/
btm_get_local_div(BD_ADDR bd_addr,UINT16 * p_div)1156 BOOLEAN btm_get_local_div (BD_ADDR bd_addr, UINT16 *p_div)
1157 {
1158 tBTM_SEC_DEV_REC *p_dev_rec;
1159 BOOLEAN status = FALSE;
1160 BTM_TRACE_DEBUG ("btm_get_local_div");
1161
1162 BTM_TRACE_DEBUG("bd_addr:%02x-%02x-%02x-%02x-%02x-%02x",
1163 bd_addr[0],bd_addr[1],
1164 bd_addr[2],bd_addr[3],
1165 bd_addr[4],bd_addr[5]);
1166
1167 *p_div = 0;
1168 p_dev_rec = btm_find_dev (bd_addr);
1169
1170 if (p_dev_rec && p_dev_rec->ble.keys.div)
1171 {
1172 status = TRUE;
1173 *p_div = p_dev_rec->ble.keys.div;
1174 }
1175 BTM_TRACE_DEBUG ("btm_get_local_div status=%d (1-OK) DIV=0x%x", status, *p_div);
1176 return status;
1177 }
1178
1179 /*******************************************************************************
1180 **
1181 ** Function btm_sec_save_le_key
1182 **
1183 ** Description This function is called by the SMP to update
1184 ** an BLE key. SMP is internal, whereas all the keys shall
1185 ** be sent to the application. The function is also called
1186 ** when application passes ble key stored in NVRAM to the btm_sec.
1187 ** pass_to_application parameter is false in this case.
1188 **
1189 ** Returns void
1190 **
1191 *******************************************************************************/
btm_sec_save_le_key(BD_ADDR bd_addr,tBTM_LE_KEY_TYPE key_type,tBTM_LE_KEY_VALUE * p_keys,BOOLEAN pass_to_application)1192 void btm_sec_save_le_key(BD_ADDR bd_addr, tBTM_LE_KEY_TYPE key_type, tBTM_LE_KEY_VALUE *p_keys,
1193 BOOLEAN pass_to_application)
1194 {
1195 tBTM_SEC_DEV_REC *p_rec;
1196 tBTM_LE_EVT_DATA cb_data;
1197 UINT8 i;
1198
1199 BTM_TRACE_DEBUG ("btm_sec_save_le_key key_type=0x%x pass_to_application=%d",key_type, pass_to_application);
1200 /* Store the updated key in the device database */
1201
1202 BTM_TRACE_DEBUG("bd_addr:%02x-%02x-%02x-%02x-%02x-%02x",
1203 bd_addr[0],bd_addr[1],
1204 bd_addr[2],bd_addr[3],
1205 bd_addr[4],bd_addr[5]);
1206
1207 if ((p_rec = btm_find_dev (bd_addr)) != NULL && (p_keys || key_type== BTM_LE_KEY_LID))
1208 {
1209 btm_ble_init_pseudo_addr (p_rec, bd_addr);
1210
1211 switch (key_type)
1212 {
1213 case BTM_LE_KEY_PENC:
1214 memcpy(p_rec->ble.keys.pltk, p_keys->penc_key.ltk, BT_OCTET16_LEN);
1215 memcpy(p_rec->ble.keys.rand, p_keys->penc_key.rand, BT_OCTET8_LEN);
1216 p_rec->ble.keys.sec_level = p_keys->penc_key.sec_level;
1217 p_rec->ble.keys.ediv = p_keys->penc_key.ediv;
1218 p_rec->ble.keys.key_size = p_keys->penc_key.key_size;
1219 p_rec->ble.key_type |= BTM_LE_KEY_PENC;
1220 p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_KNOWN;
1221 if (p_keys->penc_key.sec_level == SMP_SEC_AUTHENTICATED)
1222 p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_AUTHED;
1223 else
1224 p_rec->sec_flags &= ~BTM_SEC_LE_LINK_KEY_AUTHED;
1225 BTM_TRACE_DEBUG("BTM_LE_KEY_PENC key_type=0x%x sec_flags=0x%x sec_leve=0x%x",
1226 p_rec->ble.key_type,
1227 p_rec->sec_flags,
1228 p_rec->ble.keys.sec_level);
1229 break;
1230
1231 case BTM_LE_KEY_PID:
1232 for (i=0; i<BT_OCTET16_LEN; i++)
1233 {
1234 p_rec->ble.keys.irk[i] = p_keys->pid_key.irk[i];
1235 }
1236
1237 //memcpy( p_rec->ble.keys.irk, p_keys->pid_key, BT_OCTET16_LEN); todo will crash the system
1238 memcpy(p_rec->ble.static_addr, p_keys->pid_key.static_addr, BD_ADDR_LEN);
1239 p_rec->ble.static_addr_type = p_keys->pid_key.addr_type;
1240 p_rec->ble.key_type |= BTM_LE_KEY_PID;
1241 BTM_TRACE_DEBUG("BTM_LE_KEY_PID key_type=0x%x save peer IRK", p_rec->ble.key_type);
1242 /* update device record address as static address */
1243 memcpy(p_rec->bd_addr, p_keys->pid_key.static_addr, BD_ADDR_LEN);
1244 /* combine DUMO device security record if needed */
1245 btm_consolidate_dev(p_rec);
1246 break;
1247
1248 case BTM_LE_KEY_PCSRK:
1249 memcpy(p_rec->ble.keys.pcsrk, p_keys->pcsrk_key.csrk, BT_OCTET16_LEN);
1250 p_rec->ble.keys.srk_sec_level = p_keys->pcsrk_key.sec_level;
1251 p_rec->ble.keys.counter = p_keys->pcsrk_key.counter;
1252 p_rec->ble.key_type |= BTM_LE_KEY_PCSRK;
1253 p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_KNOWN;
1254 if ( p_keys->pcsrk_key.sec_level== SMP_SEC_AUTHENTICATED)
1255 p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_AUTHED;
1256 else
1257 p_rec->sec_flags &= ~BTM_SEC_LE_LINK_KEY_AUTHED;
1258
1259 BTM_TRACE_DEBUG("BTM_LE_KEY_PCSRK key_type=0x%x sec_flags=0x%x sec_level=0x%x peer_counter=%d",
1260 p_rec->ble.key_type,
1261 p_rec->sec_flags,
1262 p_rec->ble.keys.srk_sec_level,
1263 p_rec->ble.keys.counter );
1264 break;
1265
1266 case BTM_LE_KEY_LENC:
1267 memcpy(p_rec->ble.keys.lltk, p_keys->lenc_key.ltk, BT_OCTET16_LEN);
1268 p_rec->ble.keys.div = p_keys->lenc_key.div; /* update DIV */
1269 p_rec->ble.keys.sec_level = p_keys->lenc_key.sec_level;
1270 p_rec->ble.keys.key_size = p_keys->lenc_key.key_size;
1271 p_rec->ble.key_type |= BTM_LE_KEY_LENC;
1272
1273 BTM_TRACE_DEBUG("BTM_LE_KEY_LENC key_type=0x%x DIV=0x%x key_size=0x%x sec_level=0x%x",
1274 p_rec->ble.key_type,
1275 p_rec->ble.keys.div,
1276 p_rec->ble.keys.key_size,
1277 p_rec->ble.keys.sec_level );
1278 break;
1279
1280 case BTM_LE_KEY_LCSRK:/* local CSRK has been delivered */
1281 memcpy (p_rec->ble.keys.lcsrk, p_keys->lcsrk_key.csrk, BT_OCTET16_LEN);
1282 p_rec->ble.keys.div = p_keys->lcsrk_key.div; /* update DIV */
1283 p_rec->ble.keys.local_csrk_sec_level = p_keys->lcsrk_key.sec_level;
1284 p_rec->ble.keys.local_counter = p_keys->lcsrk_key.counter;
1285 p_rec->ble.key_type |= BTM_LE_KEY_LCSRK;
1286 BTM_TRACE_DEBUG("BTM_LE_KEY_LCSRK key_type=0x%x DIV=0x%x scrk_sec_level=0x%x local_counter=%d",
1287 p_rec->ble.key_type,
1288 p_rec->ble.keys.div,
1289 p_rec->ble.keys.local_csrk_sec_level,
1290 p_rec->ble.keys.local_counter );
1291 break;
1292
1293 case BTM_LE_KEY_LID:
1294 p_rec->ble.key_type |= BTM_LE_KEY_LID;
1295 break;
1296 default:
1297 BTM_TRACE_WARNING("btm_sec_save_le_key (Bad key_type 0x%02x)", key_type);
1298 return;
1299 }
1300
1301 BTM_TRACE_DEBUG ("BLE key type 0x%02x updated for BDA: %08x%04x (btm_sec_save_le_key)", key_type,
1302 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3],
1303 (bd_addr[4]<<8)+bd_addr[5]);
1304
1305 /* Notify the application that one of the BLE keys has been updated
1306 If link key is in progress, it will get sent later.*/
1307 if (pass_to_application && btm_cb.api.p_le_callback)
1308 {
1309 cb_data.key.p_key_value = p_keys;
1310 cb_data.key.key_type = key_type;
1311
1312 (*btm_cb.api.p_le_callback) (BTM_LE_KEY_EVT, bd_addr, &cb_data);
1313 }
1314 return;
1315 }
1316
1317 BTM_TRACE_WARNING ("BLE key type 0x%02x called for Unknown BDA or type: %08x%04x !! (btm_sec_save_le_key)", key_type,
1318 (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3],
1319 (bd_addr[4]<<8)+bd_addr[5]);
1320
1321 if (p_rec)
1322 {
1323 BTM_TRACE_DEBUG ("sec_flags=0x%x", p_rec->sec_flags);
1324 }
1325 }
1326
1327 /*******************************************************************************
1328 **
1329 ** Function btm_ble_update_sec_key_size
1330 **
1331 ** Description update the current lin kencryption key size
1332 **
1333 ** Returns void
1334 **
1335 *******************************************************************************/
btm_ble_update_sec_key_size(BD_ADDR bd_addr,UINT8 enc_key_size)1336 void btm_ble_update_sec_key_size(BD_ADDR bd_addr, UINT8 enc_key_size)
1337 {
1338 tBTM_SEC_DEV_REC *p_rec;
1339
1340 BTM_TRACE_DEBUG("btm_ble_update_sec_key_size enc_key_size = %d", enc_key_size);
1341
1342 if ((p_rec = btm_find_dev (bd_addr)) != NULL )
1343 {
1344 p_rec->enc_key_size = enc_key_size;
1345 }
1346 }
1347
1348 /*******************************************************************************
1349 **
1350 ** Function btm_ble_read_sec_key_size
1351 **
1352 ** Description update the current lin kencryption key size
1353 **
1354 ** Returns void
1355 **
1356 *******************************************************************************/
btm_ble_read_sec_key_size(BD_ADDR bd_addr)1357 UINT8 btm_ble_read_sec_key_size(BD_ADDR bd_addr)
1358 {
1359 tBTM_SEC_DEV_REC *p_rec;
1360
1361 if ((p_rec = btm_find_dev (bd_addr)) != NULL )
1362 {
1363 return p_rec->enc_key_size;
1364 }
1365 else
1366 return 0;
1367 }
1368
1369 /*******************************************************************************
1370 **
1371 ** Function btm_ble_link_sec_check
1372 **
1373 ** Description Check BLE link security level match.
1374 **
1375 ** Returns TRUE: check is OK and the *p_sec_req_act contain the action
1376 **
1377 *******************************************************************************/
btm_ble_link_sec_check(BD_ADDR bd_addr,tBTM_LE_AUTH_REQ auth_req,tBTM_BLE_SEC_REQ_ACT * p_sec_req_act)1378 void btm_ble_link_sec_check(BD_ADDR bd_addr, tBTM_LE_AUTH_REQ auth_req, tBTM_BLE_SEC_REQ_ACT *p_sec_req_act)
1379 {
1380 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
1381 UINT8 req_sec_level = BTM_LE_SEC_NONE, cur_sec_level = BTM_LE_SEC_NONE;
1382
1383 BTM_TRACE_DEBUG ("btm_ble_link_sec_check auth_req =0x%x", auth_req);
1384
1385 if (p_dev_rec == NULL)
1386 {
1387 BTM_TRACE_ERROR ("btm_ble_link_sec_check received for unknown device");
1388 return;
1389 }
1390
1391 if (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING ||
1392 p_dev_rec->sec_state == BTM_SEC_STATE_AUTHENTICATING)
1393 {
1394 /* race condition: discard the security request while master is encrypting the link */
1395 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_DISCARD;
1396 }
1397 else
1398 {
1399 req_sec_level = BTM_LE_SEC_UNAUTHENTICATE;
1400 if (auth_req & BTM_LE_AUTH_REQ_MITM)
1401 {
1402 req_sec_level = BTM_LE_SEC_AUTHENTICATED;
1403 }
1404
1405 BTM_TRACE_DEBUG ("dev_rec sec_flags=0x%x", p_dev_rec->sec_flags);
1406
1407 /* currently encrpted */
1408 if (p_dev_rec->sec_flags & BTM_SEC_LE_ENCRYPTED)
1409 {
1410 if (p_dev_rec->sec_flags & BTM_SEC_LE_AUTHENTICATED)
1411 cur_sec_level = BTM_LE_SEC_AUTHENTICATED;
1412 else
1413 cur_sec_level = BTM_LE_SEC_UNAUTHENTICATE;
1414 }
1415 else /* unencrypted link */
1416 {
1417 /* if bonded, get the key security level */
1418 if (p_dev_rec->ble.key_type & BTM_LE_KEY_PENC)
1419 cur_sec_level = p_dev_rec->ble.keys.sec_level;
1420 else
1421 cur_sec_level = BTM_LE_SEC_NONE;
1422 }
1423
1424 if (cur_sec_level >= req_sec_level)
1425 {
1426 /* To avoid re-encryption on an encrypted link for an equal condition encryption */
1427 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_ENCRYPT;
1428 }
1429 else
1430 {
1431 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_PAIR; /* start the pariring process to upgrade the keys*/
1432 }
1433 }
1434
1435 BTM_TRACE_DEBUG("cur_sec_level=%d req_sec_level=%d sec_req_act=%d",
1436 cur_sec_level,
1437 req_sec_level,
1438 *p_sec_req_act);
1439
1440 }
1441
1442 /*******************************************************************************
1443 **
1444 ** Function btm_ble_set_encryption
1445 **
1446 ** Description This function is called to ensure that LE connection is
1447 ** encrypted. Should be called only on an open connection.
1448 ** Typically only needed for connections that first want to
1449 ** bring up unencrypted links, then later encrypt them.
1450 **
1451 ** Returns void
1452 ** the local device ER is copied into er
1453 **
1454 *******************************************************************************/
btm_ble_set_encryption(BD_ADDR bd_addr,tBTM_BLE_SEC_ACT sec_act,UINT8 link_role)1455 tBTM_STATUS btm_ble_set_encryption (BD_ADDR bd_addr, tBTM_BLE_SEC_ACT sec_act, UINT8 link_role)
1456 {
1457 tBTM_STATUS cmd = BTM_NO_RESOURCES;
1458 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr);
1459 tBTM_BLE_SEC_REQ_ACT sec_req_act;
1460 tBTM_LE_AUTH_REQ auth_req;
1461
1462 if (p_rec == NULL)
1463 {
1464 BTM_TRACE_WARNING ("btm_ble_set_encryption (NULL device record!! sec_act=0x%x", sec_act);
1465 return(BTM_WRONG_MODE);
1466 }
1467
1468 BTM_TRACE_DEBUG ("btm_ble_set_encryption sec_act=0x%x role_master=%d", sec_act, p_rec->role_master);
1469
1470 if (sec_act == BTM_BLE_SEC_ENCRYPT_MITM)
1471 {
1472 p_rec->security_required |= BTM_SEC_IN_MITM;
1473 }
1474
1475 switch (sec_act)
1476 {
1477 case BTM_BLE_SEC_ENCRYPT:
1478 if (link_role == BTM_ROLE_MASTER)
1479 {
1480 /* start link layer encryption using the security info stored */
1481 cmd = btm_ble_start_encrypt(bd_addr, FALSE, NULL);
1482 break;
1483 }
1484 /* if salve role then fall through to call SMP_Pair below which will send a
1485 sec_request to request the master to encrypt the link */
1486 case BTM_BLE_SEC_ENCRYPT_NO_MITM:
1487 case BTM_BLE_SEC_ENCRYPT_MITM:
1488 auth_req = (sec_act == BTM_BLE_SEC_ENCRYPT_NO_MITM)
1489 ? SMP_AUTH_GEN_BOND : (SMP_AUTH_GEN_BOND | SMP_AUTH_YN_BIT);
1490 btm_ble_link_sec_check (bd_addr, auth_req, &sec_req_act);
1491 if(sec_req_act == BTM_BLE_SEC_REQ_ACT_NONE || sec_req_act == BTM_BLE_SEC_REQ_ACT_DISCARD)
1492 {
1493 BTM_TRACE_DEBUG("%s, no action needed. Ignore", __func__);
1494 cmd = BTM_SUCCESS;
1495 break;
1496 }
1497 if (link_role == BTM_ROLE_MASTER)
1498 {
1499
1500 if (sec_req_act == BTM_BLE_SEC_REQ_ACT_ENCRYPT)
1501 {
1502 cmd = btm_ble_start_encrypt(bd_addr, FALSE, NULL);
1503 break;
1504 }
1505 }
1506
1507 if (SMP_Pair(bd_addr) == SMP_STARTED)
1508 {
1509 cmd = BTM_CMD_STARTED;
1510 p_rec->sec_state = BTM_SEC_STATE_AUTHENTICATING;
1511 }
1512 break;
1513
1514 default:
1515 cmd = BTM_WRONG_MODE;
1516 break;
1517 }
1518 return cmd;
1519 }
1520
1521 /*******************************************************************************
1522 **
1523 ** Function btm_ble_ltk_request
1524 **
1525 ** Description This function is called when encryption request is received
1526 ** on a slave device.
1527 **
1528 **
1529 ** Returns void
1530 **
1531 *******************************************************************************/
btm_ble_ltk_request(UINT16 handle,UINT8 rand[8],UINT16 ediv)1532 void btm_ble_ltk_request(UINT16 handle, UINT8 rand[8], UINT16 ediv)
1533 {
1534 tBTM_CB *p_cb = &btm_cb;
1535 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev_by_handle (handle);
1536 BT_OCTET8 dummy_stk = {0};
1537
1538 BTM_TRACE_DEBUG ("btm_ble_ltk_request");
1539
1540 p_cb->ediv = ediv;
1541
1542 memcpy(p_cb->enc_rand, rand, BT_OCTET8_LEN);
1543
1544 if (p_dev_rec != NULL)
1545 {
1546 if (!smp_proc_ltk_request(p_dev_rec->bd_addr))
1547 btm_ble_ltk_request_reply(p_dev_rec->bd_addr, FALSE, dummy_stk);
1548 }
1549
1550 }
1551
1552 /*******************************************************************************
1553 **
1554 ** Function btm_ble_start_encrypt
1555 **
1556 ** Description This function is called to start LE encryption.
1557 **
1558 **
1559 ** Returns BTM_SUCCESS if encryption was started successfully
1560 **
1561 *******************************************************************************/
btm_ble_start_encrypt(BD_ADDR bda,BOOLEAN use_stk,BT_OCTET16 stk)1562 tBTM_STATUS btm_ble_start_encrypt(BD_ADDR bda, BOOLEAN use_stk, BT_OCTET16 stk)
1563 {
1564 tBTM_CB *p_cb = &btm_cb;
1565 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bda);
1566 BT_OCTET8 dummy_rand = {0};
1567 tBTM_STATUS rt = BTM_NO_RESOURCES;
1568
1569 BTM_TRACE_DEBUG ("btm_ble_start_encrypt");
1570
1571 if (!p_rec )
1572 {
1573 BTM_TRACE_ERROR("Link is not active, can not encrypt!");
1574 return BTM_WRONG_MODE;
1575 }
1576
1577 if (p_rec->sec_state == BTM_SEC_STATE_ENCRYPTING)
1578 {
1579 BTM_TRACE_WARNING("Link Encryption is active, Busy!");
1580 return BTM_BUSY;
1581 }
1582
1583 p_cb->enc_handle = p_rec->ble_hci_handle;
1584
1585 if (use_stk)
1586 {
1587 if (btsnd_hcic_ble_start_enc(p_rec->ble_hci_handle, dummy_rand, 0, stk))
1588 rt = BTM_CMD_STARTED;
1589 }
1590 else if (p_rec->ble.key_type & BTM_LE_KEY_PENC)
1591 {
1592 if (btsnd_hcic_ble_start_enc(p_rec->ble_hci_handle, p_rec->ble.keys.rand,
1593 p_rec->ble.keys.ediv, p_rec->ble.keys.pltk))
1594 rt = BTM_CMD_STARTED;
1595 }
1596 else
1597 {
1598 BTM_TRACE_ERROR("No key available to encrypt the link");
1599 }
1600 if (rt == BTM_CMD_STARTED)
1601 {
1602 if (p_rec->sec_state == BTM_SEC_STATE_IDLE)
1603 p_rec->sec_state = BTM_SEC_STATE_ENCRYPTING;
1604 }
1605
1606 return rt;
1607 }
1608
1609 /*******************************************************************************
1610 **
1611 ** Function btm_ble_link_encrypted
1612 **
1613 ** Description This function is called when LE link encrption status is changed.
1614 **
1615 ** Returns void
1616 **
1617 *******************************************************************************/
btm_ble_link_encrypted(BD_ADDR bd_addr,UINT8 encr_enable)1618 void btm_ble_link_encrypted(BD_ADDR bd_addr, UINT8 encr_enable)
1619 {
1620 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
1621 BOOLEAN enc_cback;
1622
1623 if (!p_dev_rec)
1624 {
1625 BTM_TRACE_WARNING ("btm_ble_link_encrypted (No Device Found!) encr_enable=%d", encr_enable);
1626 return;
1627 }
1628
1629 BTM_TRACE_DEBUG ("btm_ble_link_encrypted encr_enable=%d", encr_enable);
1630
1631 enc_cback = (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING);
1632
1633 smp_link_encrypted(bd_addr, encr_enable);
1634
1635 BTM_TRACE_DEBUG(" p_dev_rec->sec_flags=0x%x", p_dev_rec->sec_flags);
1636
1637 if (encr_enable && p_dev_rec->enc_key_size == 0)
1638 p_dev_rec->enc_key_size = p_dev_rec->ble.keys.key_size;
1639
1640 p_dev_rec->sec_state = BTM_SEC_STATE_IDLE;
1641 if (p_dev_rec->p_callback && enc_cback)
1642 {
1643 if (encr_enable)
1644 btm_sec_dev_rec_cback_event(p_dev_rec, BTM_SUCCESS, TRUE);
1645 else if (p_dev_rec->role_master)
1646 btm_sec_dev_rec_cback_event(p_dev_rec, BTM_ERR_PROCESSING, TRUE);
1647
1648 }
1649 /* to notify GATT to send data if any request is pending */
1650 gatt_notify_enc_cmpl(p_dev_rec->ble.pseudo_addr);
1651 }
1652
1653 /*******************************************************************************
1654 **
1655 ** Function btm_ble_ltk_request_reply
1656 **
1657 ** Description This function is called to send a LTK request reply on a slave
1658 ** device.
1659 **
1660 ** Returns void
1661 **
1662 *******************************************************************************/
btm_ble_ltk_request_reply(BD_ADDR bda,BOOLEAN use_stk,BT_OCTET16 stk)1663 void btm_ble_ltk_request_reply(BD_ADDR bda, BOOLEAN use_stk, BT_OCTET16 stk)
1664 {
1665 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bda);
1666 tBTM_CB *p_cb = &btm_cb;
1667
1668 if (p_rec == NULL)
1669 {
1670 BTM_TRACE_ERROR("btm_ble_ltk_request_reply received for unknown device");
1671 return;
1672 }
1673
1674 BTM_TRACE_DEBUG ("btm_ble_ltk_request_reply");
1675 p_cb->enc_handle = p_rec->ble_hci_handle;
1676 p_cb->key_size = p_rec->ble.keys.key_size;
1677
1678 BTM_TRACE_ERROR("key size = %d", p_rec->ble.keys.key_size);
1679 if (use_stk)
1680 {
1681 btsnd_hcic_ble_ltk_req_reply(btm_cb.enc_handle, stk);
1682 }
1683 else /* calculate LTK using peer device */
1684 {
1685 if (p_rec->ble.key_type & BTM_LE_KEY_LENC)
1686 btsnd_hcic_ble_ltk_req_reply(btm_cb.enc_handle, p_rec->ble.keys.lltk);
1687 else
1688 btsnd_hcic_ble_ltk_req_neg_reply(btm_cb.enc_handle);
1689 }
1690 }
1691
1692 /*******************************************************************************
1693 **
1694 ** Function btm_ble_io_capabilities_req
1695 **
1696 ** Description This function is called to handle SMP get IO capability request.
1697 **
1698 ** Returns void
1699 **
1700 *******************************************************************************/
btm_ble_io_capabilities_req(tBTM_SEC_DEV_REC * p_dev_rec,tBTM_LE_IO_REQ * p_data)1701 UINT8 btm_ble_io_capabilities_req(tBTM_SEC_DEV_REC *p_dev_rec, tBTM_LE_IO_REQ *p_data)
1702 {
1703 UINT8 callback_rc = BTM_SUCCESS;
1704 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req");
1705 if (btm_cb.api.p_le_callback)
1706 {
1707 /* the callback function implementation may change the IO capability... */
1708 callback_rc = (*btm_cb.api.p_le_callback) (BTM_LE_IO_REQ_EVT, p_dev_rec->bd_addr, (tBTM_LE_EVT_DATA *)p_data);
1709 }
1710 if ((callback_rc == BTM_SUCCESS) || (BTM_OOB_UNKNOWN != p_data->oob_data))
1711 {
1712 #if BTM_BLE_CONFORMANCE_TESTING == TRUE
1713 if (btm_cb.devcb.keep_rfu_in_auth_req)
1714 {
1715 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req keep_rfu_in_auth_req = %u",
1716 btm_cb.devcb.keep_rfu_in_auth_req);
1717 p_data->auth_req &= BTM_LE_AUTH_REQ_MASK_KEEP_RFU;
1718 btm_cb.devcb.keep_rfu_in_auth_req = FALSE;
1719 }
1720 else
1721 { /* default */
1722 p_data->auth_req &= BTM_LE_AUTH_REQ_MASK;
1723 }
1724 #else
1725 p_data->auth_req &= BTM_LE_AUTH_REQ_MASK;
1726 #endif
1727
1728 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 1: p_dev_rec->security_required = %d auth_req:%d",
1729 p_dev_rec->security_required, p_data->auth_req);
1730 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 2: i_keys=0x%x r_keys=0x%x (bit 0-LTK 1-IRK 2-CSRK)",
1731 p_data->init_keys,
1732 p_data->resp_keys);
1733
1734 /* if authentication requires MITM protection, put on the mask */
1735 if (p_dev_rec->security_required & BTM_SEC_IN_MITM)
1736 p_data->auth_req |= BTM_LE_AUTH_REQ_MITM;
1737
1738 if (!(p_data->auth_req & SMP_AUTH_BOND))
1739 {
1740 BTM_TRACE_DEBUG("Non bonding: No keys should be exchanged");
1741 p_data->init_keys = 0;
1742 p_data->resp_keys = 0;
1743 }
1744
1745 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 3: auth_req:%d", p_data->auth_req);
1746 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 4: i_keys=0x%x r_keys=0x%x",
1747 p_data->init_keys,
1748 p_data->resp_keys);
1749
1750 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 5: p_data->io_cap = %d auth_req:%d",
1751 p_data->io_cap, p_data->auth_req);
1752
1753 /* remove MITM protection requirement if IO cap does not allow it */
1754 if ((p_data->io_cap == BTM_IO_CAP_NONE) && p_data->oob_data == SMP_OOB_NONE)
1755 p_data->auth_req &= ~BTM_LE_AUTH_REQ_MITM;
1756
1757 if (!(p_data->auth_req & SMP_SC_SUPPORT_BIT))
1758 {
1759 /* if Secure Connections are not supported then remove LK derivation,
1760 ** and keypress notifications.
1761 */
1762 BTM_TRACE_DEBUG("%s-SC not supported -> No LK derivation, no keypress notifications",
1763 __func__);
1764 p_data->auth_req &= ~SMP_KP_SUPPORT_BIT;
1765 p_data->init_keys &= ~SMP_SEC_KEY_TYPE_LK;
1766 p_data->resp_keys &= ~SMP_SEC_KEY_TYPE_LK;
1767 }
1768
1769 BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 6: IO_CAP:%d oob_data:%d auth_req:0x%02x",
1770 p_data->io_cap, p_data->oob_data, p_data->auth_req);
1771 }
1772 return callback_rc;
1773 }
1774
1775 /*******************************************************************************
1776 **
1777 ** Function btm_ble_br_keys_req
1778 **
1779 ** Description This function is called to handle SMP request for keys sent
1780 ** over BR/EDR.
1781 **
1782 ** Returns void
1783 **
1784 *******************************************************************************/
btm_ble_br_keys_req(tBTM_SEC_DEV_REC * p_dev_rec,tBTM_LE_IO_REQ * p_data)1785 UINT8 btm_ble_br_keys_req(tBTM_SEC_DEV_REC *p_dev_rec, tBTM_LE_IO_REQ *p_data)
1786 {
1787 UINT8 callback_rc = BTM_SUCCESS;
1788 BTM_TRACE_DEBUG ("%s", __func__);
1789 if (btm_cb.api.p_le_callback)
1790 {
1791 /* the callback function implementation may change the IO capability... */
1792 callback_rc = (*btm_cb.api.p_le_callback) (BTM_LE_IO_REQ_EVT, p_dev_rec->bd_addr,
1793 (tBTM_LE_EVT_DATA *)p_data);
1794 }
1795
1796 return callback_rc;
1797 }
1798
1799 #if (BLE_PRIVACY_SPT == TRUE )
1800 /*******************************************************************************
1801 **
1802 ** Function btm_ble_resolve_random_addr_on_conn_cmpl
1803 **
1804 ** Description resolve random address complete on connection complete event.
1805 **
1806 ** Returns void
1807 **
1808 *******************************************************************************/
btm_ble_resolve_random_addr_on_conn_cmpl(void * p_rec,void * p_data)1809 static void btm_ble_resolve_random_addr_on_conn_cmpl(void * p_rec, void *p_data)
1810 {
1811 UINT8 *p = (UINT8 *)p_data;
1812 tBTM_SEC_DEV_REC *match_rec = (tBTM_SEC_DEV_REC *) p_rec;
1813 UINT8 role, bda_type;
1814 UINT16 handle;
1815 BD_ADDR bda;
1816 UINT16 conn_interval, conn_latency, conn_timeout;
1817 BOOLEAN match = FALSE;
1818
1819 ++p;
1820 STREAM_TO_UINT16 (handle, p);
1821 STREAM_TO_UINT8 (role, p);
1822 STREAM_TO_UINT8 (bda_type, p);
1823 STREAM_TO_BDADDR (bda, p);
1824 STREAM_TO_UINT16 (conn_interval, p);
1825 STREAM_TO_UINT16 (conn_latency, p);
1826 STREAM_TO_UINT16 (conn_timeout, p);
1827
1828 handle = HCID_GET_HANDLE (handle);
1829
1830 BTM_TRACE_EVENT ("%s", __func__);
1831
1832 if (match_rec)
1833 {
1834 LOG_INFO(LOG_TAG, "%s matched and resolved random address", __func__);
1835 match = TRUE;
1836 match_rec->ble.active_addr_type = BTM_BLE_ADDR_RRA;
1837 memcpy(match_rec->ble.cur_rand_addr, bda, BD_ADDR_LEN);
1838 if (!btm_ble_init_pseudo_addr (match_rec, bda))
1839 {
1840 /* assign the original address to be the current report address */
1841 memcpy(bda, match_rec->ble.pseudo_addr, BD_ADDR_LEN);
1842 }
1843 else
1844 {
1845 memcpy(bda, match_rec->bd_addr, BD_ADDR_LEN);
1846 }
1847 }
1848 else
1849 {
1850 LOG_INFO(LOG_TAG, "%s unable to match and resolve random address", __func__);
1851 }
1852
1853 btm_ble_connected(bda, handle, HCI_ENCRYPT_MODE_DISABLED, role, bda_type, match);
1854
1855 l2cble_conn_comp (handle, role, bda, bda_type, conn_interval,
1856 conn_latency, conn_timeout);
1857
1858 return;
1859 }
1860 #endif
1861
1862 /*******************************************************************************
1863 **
1864 ** Function btm_ble_connected
1865 **
1866 ** Description This function is when a LE connection to the peer device is
1867 ** establsihed
1868 **
1869 ** Returns void
1870 **
1871 *******************************************************************************/
btm_ble_connected(UINT8 * bda,UINT16 handle,UINT8 enc_mode,UINT8 role,tBLE_ADDR_TYPE addr_type,BOOLEAN addr_matched)1872 void btm_ble_connected (UINT8 *bda, UINT16 handle, UINT8 enc_mode, UINT8 role,
1873 tBLE_ADDR_TYPE addr_type, BOOLEAN addr_matched)
1874 {
1875 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bda);
1876 tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb;
1877 UNUSED(addr_matched);
1878
1879 BTM_TRACE_EVENT ("btm_ble_connected");
1880
1881 /* Commenting out trace due to obf/compilation problems.
1882 */
1883 #if (BT_USE_TRACES == TRUE)
1884 if (p_dev_rec)
1885 {
1886 BTM_TRACE_EVENT ("Security Manager: btm_ble_connected : handle:%d enc_mode:%d bda:%x RName:%s",
1887 handle, enc_mode,
1888 (bda[2]<<24)+(bda[3]<<16)+(bda[4]<<8)+bda[5],
1889 p_dev_rec->sec_bd_name);
1890
1891 BTM_TRACE_DEBUG ("btm_ble_connected sec_flags=0x%x",p_dev_rec->sec_flags);
1892 }
1893 else
1894 {
1895 BTM_TRACE_EVENT ("Security Manager: btm_ble_connected: handle:%d enc_mode:%d bda:%x ",
1896 handle, enc_mode,
1897 (bda[2]<<24)+(bda[3]<<16)+(bda[4]<<8)+bda[5]);
1898 }
1899 #endif
1900
1901 if (!p_dev_rec)
1902 {
1903 /* There is no device record for new connection. Allocate one */
1904 if ((p_dev_rec = btm_sec_alloc_dev (bda)) == NULL)
1905 return;
1906 }
1907 else /* Update the timestamp for this device */
1908 {
1909 p_dev_rec->timestamp = btm_cb.dev_rec_count++;
1910 }
1911
1912 /* update device information */
1913 p_dev_rec->device_type |= BT_DEVICE_TYPE_BLE;
1914 p_dev_rec->ble_hci_handle = handle;
1915 p_dev_rec->ble.ble_addr_type = addr_type;
1916 /* update pseudo address */
1917 memcpy(p_dev_rec->ble.pseudo_addr, bda, BD_ADDR_LEN);
1918
1919 p_dev_rec->role_master = FALSE;
1920 if (role == HCI_ROLE_MASTER)
1921 p_dev_rec->role_master = TRUE;
1922
1923 #if (defined BLE_PRIVACY_SPT && BLE_PRIVACY_SPT == TRUE)
1924 if (!addr_matched)
1925 p_dev_rec->ble.active_addr_type = BTM_BLE_ADDR_PSEUDO;
1926
1927 if (p_dev_rec->ble.ble_addr_type == BLE_ADDR_RANDOM && !addr_matched)
1928 memcpy(p_dev_rec->ble.cur_rand_addr, bda, BD_ADDR_LEN);
1929 #endif
1930
1931 p_cb->inq_var.directed_conn = BTM_BLE_CONNECT_EVT;
1932
1933 return;
1934 }
1935
1936 /*****************************************************************************
1937 ** Function btm_ble_conn_complete
1938 **
1939 ** Description LE connection complete.
1940 **
1941 ******************************************************************************/
btm_ble_conn_complete(UINT8 * p,UINT16 evt_len,BOOLEAN enhanced)1942 void btm_ble_conn_complete(UINT8 *p, UINT16 evt_len, BOOLEAN enhanced)
1943 {
1944 #if (BLE_PRIVACY_SPT == TRUE )
1945 UINT8 *p_data = p, peer_addr_type;
1946 BD_ADDR local_rpa, peer_rpa;
1947 #endif
1948 UINT8 role, status, bda_type;
1949 UINT16 handle;
1950 BD_ADDR bda;
1951 UINT16 conn_interval, conn_latency, conn_timeout;
1952 BOOLEAN match = FALSE;
1953 UNUSED(evt_len);
1954
1955 STREAM_TO_UINT8 (status, p);
1956 STREAM_TO_UINT16 (handle, p);
1957 STREAM_TO_UINT8 (role, p);
1958 STREAM_TO_UINT8 (bda_type, p);
1959 STREAM_TO_BDADDR (bda, p);
1960
1961 if (status == 0)
1962 {
1963 #if (BLE_PRIVACY_SPT == TRUE )
1964 peer_addr_type = bda_type;
1965 match = btm_identity_addr_to_random_pseudo (bda, &bda_type, TRUE);
1966
1967 if (enhanced)
1968 {
1969 STREAM_TO_BDADDR (local_rpa, p);
1970 STREAM_TO_BDADDR (peer_rpa, p);
1971 }
1972
1973 /* possiblly receive connection complete with resolvable random while
1974 the device has been paired */
1975 if (!match && BTM_BLE_IS_RESOLVE_BDA(bda))
1976 {
1977 btm_ble_resolve_random_addr(bda, btm_ble_resolve_random_addr_on_conn_cmpl, p_data);
1978 }
1979 else
1980 #endif
1981 {
1982 STREAM_TO_UINT16 (conn_interval, p);
1983 STREAM_TO_UINT16 (conn_latency, p);
1984 STREAM_TO_UINT16 (conn_timeout, p);
1985 handle = HCID_GET_HANDLE (handle);
1986
1987 btm_ble_connected(bda, handle, HCI_ENCRYPT_MODE_DISABLED, role, bda_type, match);
1988
1989 l2cble_conn_comp (handle, role, bda, bda_type, conn_interval,
1990 conn_latency, conn_timeout);
1991
1992 #if (BLE_PRIVACY_SPT == TRUE)
1993 if (enhanced)
1994 {
1995 btm_ble_refresh_local_resolvable_private_addr(bda, local_rpa);
1996
1997 if (peer_addr_type & BLE_ADDR_TYPE_ID_BIT)
1998 btm_ble_refresh_peer_resolvable_private_addr(bda, peer_rpa, BLE_ADDR_RANDOM);
1999 }
2000 #endif
2001 }
2002 }
2003 else
2004 {
2005 role = HCI_ROLE_UNKNOWN;
2006 if (status != HCI_ERR_DIRECTED_ADVERTISING_TIMEOUT)
2007 {
2008 btm_ble_set_conn_st(BLE_CONN_IDLE);
2009 #if (defined BLE_PRIVACY_SPT && BLE_PRIVACY_SPT == TRUE)
2010 btm_ble_disable_resolving_list(BTM_BLE_RL_INIT, TRUE);
2011 #endif
2012 }
2013 else
2014 {
2015 #if (defined BLE_PRIVACY_SPT && BLE_PRIVACY_SPT == TRUE)
2016 btm_cb.ble_ctr_cb.inq_var.adv_mode = BTM_BLE_ADV_DISABLE;
2017 btm_ble_disable_resolving_list(BTM_BLE_RL_ADV, TRUE);
2018 #endif
2019 }
2020 }
2021
2022 btm_ble_update_mode_operation(role, bda, status);
2023 }
2024
2025 /*****************************************************************************
2026 ** Function btm_ble_create_ll_conn_complete
2027 **
2028 ** Description LE connection complete.
2029 **
2030 ******************************************************************************/
btm_ble_create_ll_conn_complete(UINT8 status)2031 void btm_ble_create_ll_conn_complete (UINT8 status)
2032 {
2033 if (status != HCI_SUCCESS)
2034 {
2035 btm_ble_set_conn_st(BLE_CONN_IDLE);
2036 btm_ble_update_mode_operation(HCI_ROLE_UNKNOWN, NULL, status);
2037 }
2038 }
2039 /*****************************************************************************
2040 ** Function btm_proc_smp_cback
2041 **
2042 ** Description This function is the SMP callback handler.
2043 **
2044 ******************************************************************************/
btm_proc_smp_cback(tSMP_EVT event,BD_ADDR bd_addr,tSMP_EVT_DATA * p_data)2045 UINT8 btm_proc_smp_cback(tSMP_EVT event, BD_ADDR bd_addr, tSMP_EVT_DATA *p_data)
2046 {
2047 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
2048 UINT8 res = 0;
2049
2050 BTM_TRACE_DEBUG ("btm_proc_smp_cback event = %d", event);
2051
2052 if (p_dev_rec != NULL)
2053 {
2054 switch (event)
2055 {
2056 case SMP_IO_CAP_REQ_EVT:
2057 btm_ble_io_capabilities_req(p_dev_rec, (tBTM_LE_IO_REQ *)&p_data->io_req);
2058 break;
2059
2060 case SMP_BR_KEYS_REQ_EVT:
2061 btm_ble_br_keys_req(p_dev_rec, (tBTM_LE_IO_REQ *)&p_data->io_req);
2062 break;
2063
2064 case SMP_PASSKEY_REQ_EVT:
2065 case SMP_PASSKEY_NOTIF_EVT:
2066 case SMP_OOB_REQ_EVT:
2067 case SMP_NC_REQ_EVT:
2068 case SMP_SC_OOB_REQ_EVT:
2069 /* fall through */
2070 p_dev_rec->sec_flags |= BTM_SEC_LE_AUTHENTICATED;
2071
2072 case SMP_SEC_REQUEST_EVT:
2073 if (event == SMP_SEC_REQUEST_EVT && btm_cb.pairing_state != BTM_PAIR_STATE_IDLE)
2074 {
2075 BTM_TRACE_DEBUG("%s: Ignoring SMP Security request", __func__);
2076 break;
2077 }
2078 memcpy (btm_cb.pairing_bda, bd_addr, BD_ADDR_LEN);
2079 p_dev_rec->sec_state = BTM_SEC_STATE_AUTHENTICATING;
2080 btm_cb.pairing_flags |= BTM_PAIR_FLAGS_LE_ACTIVE;
2081 /* fall through */
2082
2083 case SMP_COMPLT_EVT:
2084 if (btm_cb.api.p_le_callback)
2085 {
2086 /* the callback function implementation may change the IO capability... */
2087 BTM_TRACE_DEBUG ("btm_cb.api.p_le_callback=0x%x", btm_cb.api.p_le_callback );
2088 (*btm_cb.api.p_le_callback) (event, bd_addr, (tBTM_LE_EVT_DATA *)p_data);
2089 }
2090
2091 if (event == SMP_COMPLT_EVT)
2092 {
2093 BTM_TRACE_DEBUG ("evt=SMP_COMPLT_EVT before update sec_level=0x%x sec_flags=0x%x", p_data->cmplt.sec_level , p_dev_rec->sec_flags );
2094
2095 res = (p_data->cmplt.reason == SMP_SUCCESS) ? BTM_SUCCESS : BTM_ERR_PROCESSING;
2096
2097 BTM_TRACE_DEBUG ("after update result=%d sec_level=0x%x sec_flags=0x%x",
2098 res, p_data->cmplt.sec_level , p_dev_rec->sec_flags );
2099
2100 if (p_data->cmplt.is_pair_cancel && btm_cb.api.p_bond_cancel_cmpl_callback )
2101 {
2102 BTM_TRACE_DEBUG ("Pairing Cancel completed");
2103 (*btm_cb.api.p_bond_cancel_cmpl_callback)(BTM_SUCCESS);
2104 }
2105 #if BTM_BLE_CONFORMANCE_TESTING == TRUE
2106 if (res != BTM_SUCCESS)
2107 {
2108 if (!btm_cb.devcb.no_disc_if_pair_fail && p_data->cmplt.reason != SMP_CONN_TOUT)
2109 {
2110 BTM_TRACE_DEBUG ("Pairing failed - prepare to remove ACL");
2111 l2cu_start_post_bond_timer(p_dev_rec->ble_hci_handle);
2112 }
2113 else
2114 {
2115 BTM_TRACE_DEBUG ("Pairing failed - Not Removing ACL");
2116 p_dev_rec->sec_state = BTM_SEC_STATE_IDLE;
2117 }
2118 }
2119 #else
2120 if (res != BTM_SUCCESS && p_data->cmplt.reason != SMP_CONN_TOUT)
2121 {
2122 BTM_TRACE_DEBUG ("Pairing failed - prepare to remove ACL");
2123 l2cu_start_post_bond_timer(p_dev_rec->ble_hci_handle);
2124 }
2125 #endif
2126
2127 BTM_TRACE_DEBUG ("btm_cb pairing_state=%x pairing_flags=%x pin_code_len=%x",
2128 btm_cb.pairing_state,
2129 btm_cb.pairing_flags,
2130 btm_cb.pin_code_len );
2131 BTM_TRACE_DEBUG ("btm_cb.pairing_bda %02x:%02x:%02x:%02x:%02x:%02x",
2132 btm_cb.pairing_bda[0], btm_cb.pairing_bda[1], btm_cb.pairing_bda[2],
2133 btm_cb.pairing_bda[3], btm_cb.pairing_bda[4], btm_cb.pairing_bda[5]);
2134
2135 /* Reset btm state only if the callback address matches pairing address*/
2136 if(memcmp(bd_addr, btm_cb.pairing_bda, BD_ADDR_LEN) == 0)
2137 {
2138 memset (btm_cb.pairing_bda, 0xff, BD_ADDR_LEN);
2139 btm_cb.pairing_state = BTM_PAIR_STATE_IDLE;
2140 btm_cb.pairing_flags = 0;
2141 }
2142
2143 if (res == BTM_SUCCESS)
2144 {
2145 p_dev_rec->sec_state = BTM_SEC_STATE_IDLE;
2146 #if (defined BLE_PRIVACY_SPT && BLE_PRIVACY_SPT == TRUE)
2147 /* add all bonded device into resolving list if IRK is available*/
2148 btm_ble_resolving_list_load_dev(p_dev_rec);
2149 #endif
2150 }
2151
2152 btm_sec_dev_rec_cback_event(p_dev_rec, res, TRUE);
2153 }
2154 break;
2155
2156 default:
2157 BTM_TRACE_DEBUG ("unknown event = %d", event);
2158 break;
2159
2160 }
2161 }
2162 else
2163 {
2164 BTM_TRACE_ERROR("btm_proc_smp_cback received for unknown device");
2165 }
2166
2167 return 0;
2168 }
2169
2170 #endif /* SMP_INCLUDED */
2171
2172 /*******************************************************************************
2173 **
2174 ** Function BTM_BleDataSignature
2175 **
2176 ** Description This function is called to sign the data using AES128 CMAC
2177 ** algorith.
2178 **
2179 ** Parameter bd_addr: target device the data to be signed for.
2180 ** p_text: singing data
2181 ** len: length of the data to be signed.
2182 ** signature: output parameter where data signature is going to
2183 ** be stored.
2184 **
2185 ** Returns TRUE if signing sucessul, otherwise FALSE.
2186 **
2187 *******************************************************************************/
BTM_BleDataSignature(BD_ADDR bd_addr,UINT8 * p_text,UINT16 len,BLE_SIGNATURE signature)2188 BOOLEAN BTM_BleDataSignature (BD_ADDR bd_addr, UINT8 *p_text, UINT16 len,
2189 BLE_SIGNATURE signature)
2190 {
2191 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr);
2192
2193 BTM_TRACE_DEBUG ("%s", __func__);
2194 BOOLEAN ret = FALSE;
2195 if (p_rec == NULL)
2196 {
2197 BTM_TRACE_ERROR("%s-data signing can not be done from unknown device", __func__);
2198 }
2199 else
2200 {
2201 UINT8 *p_mac = (UINT8 *)signature;
2202 UINT8 *pp;
2203 UINT8 *p_buf = (UINT8 *)osi_malloc(len + 4);
2204
2205 BTM_TRACE_DEBUG("%s-Start to generate Local CSRK", __func__);
2206 pp = p_buf;
2207 /* prepare plain text */
2208 if (p_text) {
2209 memcpy(p_buf, p_text, len);
2210 pp = (p_buf + len);
2211 }
2212
2213 UINT32_TO_STREAM(pp, p_rec->ble.keys.local_counter);
2214 UINT32_TO_STREAM(p_mac, p_rec->ble.keys.local_counter);
2215
2216 if ((ret = aes_cipher_msg_auth_code(p_rec->ble.keys.lcsrk, p_buf, (UINT16)(len + 4),
2217 BTM_CMAC_TLEN_SIZE, p_mac)) == TRUE) {
2218 btm_ble_increment_sign_ctr(bd_addr, TRUE);
2219 }
2220
2221 BTM_TRACE_DEBUG("%s p_mac = %d", __func__, p_mac);
2222 BTM_TRACE_DEBUG("p_mac[0] = 0x%02x p_mac[1] = 0x%02x p_mac[2] = 0x%02x p_mac[3] = 0x%02x",
2223 *p_mac, *(p_mac + 1), *(p_mac + 2), *(p_mac + 3));
2224 BTM_TRACE_DEBUG("p_mac[4] = 0x%02x p_mac[5] = 0x%02x p_mac[6] = 0x%02x p_mac[7] = 0x%02x",
2225 *(p_mac + 4), *(p_mac + 5), *(p_mac + 6), *(p_mac + 7));
2226 osi_free(p_buf);
2227 }
2228 return ret;
2229 }
2230
2231 /*******************************************************************************
2232 **
2233 ** Function BTM_BleVerifySignature
2234 **
2235 ** Description This function is called to verify the data signature
2236 **
2237 ** Parameter bd_addr: target device the data to be signed for.
2238 ** p_orig: original data before signature.
2239 ** len: length of the signing data
2240 ** counter: counter used when doing data signing
2241 ** p_comp: signature to be compared against.
2242
2243 ** Returns TRUE if signature verified correctly; otherwise FALSE.
2244 **
2245 *******************************************************************************/
BTM_BleVerifySignature(BD_ADDR bd_addr,UINT8 * p_orig,UINT16 len,UINT32 counter,UINT8 * p_comp)2246 BOOLEAN BTM_BleVerifySignature (BD_ADDR bd_addr, UINT8 *p_orig, UINT16 len, UINT32 counter,
2247 UINT8 *p_comp)
2248 {
2249 BOOLEAN verified = FALSE;
2250 #if SMP_INCLUDED == TRUE
2251 tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr);
2252 UINT8 p_mac[BTM_CMAC_TLEN_SIZE];
2253
2254 if (p_rec == NULL || (p_rec && !(p_rec->ble.key_type & BTM_LE_KEY_PCSRK)))
2255 {
2256 BTM_TRACE_ERROR("can not verify signature for unknown device");
2257 }
2258 else if (counter < p_rec->ble.keys.counter)
2259 {
2260 BTM_TRACE_ERROR("signature received with out dated sign counter");
2261 }
2262 else if (p_orig == NULL)
2263 {
2264 BTM_TRACE_ERROR("No signature to verify");
2265 }
2266 else
2267 {
2268 BTM_TRACE_DEBUG ("%s rcv_cnt=%d >= expected_cnt=%d", __func__, counter,
2269 p_rec->ble.keys.counter);
2270
2271 if (aes_cipher_msg_auth_code(p_rec->ble.keys.pcsrk, p_orig, len, BTM_CMAC_TLEN_SIZE, p_mac))
2272 {
2273 if (memcmp(p_mac, p_comp, BTM_CMAC_TLEN_SIZE) == 0)
2274 {
2275 btm_ble_increment_sign_ctr(bd_addr, FALSE);
2276 verified = TRUE;
2277 }
2278 }
2279 }
2280 #endif /* SMP_INCLUDED */
2281 return verified;
2282 }
2283
2284 /*******************************************************************************
2285 **
2286 ** Function BTM_GetLeSecurityState
2287 **
2288 ** Description This function is called to get security mode 1 flags and
2289 ** encryption key size for LE peer.
2290 **
2291 ** Returns BOOLEAN TRUE if LE device is found, FALSE otherwise.
2292 **
2293 *******************************************************************************/
BTM_GetLeSecurityState(BD_ADDR bd_addr,UINT8 * p_le_dev_sec_flags,UINT8 * p_le_key_size)2294 BOOLEAN BTM_GetLeSecurityState (BD_ADDR bd_addr, UINT8 *p_le_dev_sec_flags, UINT8 *p_le_key_size)
2295 {
2296 #if (BLE_INCLUDED == TRUE)
2297 tBTM_SEC_DEV_REC *p_dev_rec;
2298 UINT16 dev_rec_sec_flags;
2299 #endif
2300
2301 *p_le_dev_sec_flags = 0;
2302 *p_le_key_size = 0;
2303
2304 #if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
2305 if ((p_dev_rec = btm_find_dev (bd_addr)) == NULL)
2306 {
2307 BTM_TRACE_ERROR ("%s fails", __func__);
2308 return (FALSE);
2309 }
2310
2311 if (p_dev_rec->ble_hci_handle == BTM_SEC_INVALID_HANDLE) {
2312 BTM_TRACE_ERROR ("%s-this is not LE device", __func__);
2313 return (FALSE);
2314 }
2315
2316 dev_rec_sec_flags = p_dev_rec->sec_flags;
2317
2318 if (dev_rec_sec_flags & BTM_SEC_LE_ENCRYPTED)
2319 {
2320 /* link is encrypted with LTK or STK */
2321 *p_le_key_size = p_dev_rec->enc_key_size;
2322 *p_le_dev_sec_flags |= BTM_SEC_LE_LINK_ENCRYPTED;
2323
2324 *p_le_dev_sec_flags |= (dev_rec_sec_flags & BTM_SEC_LE_AUTHENTICATED)
2325 ? BTM_SEC_LE_LINK_PAIRED_WITH_MITM /* set auth LTK flag */
2326 : BTM_SEC_LE_LINK_PAIRED_WITHOUT_MITM; /* set unauth LTK flag */
2327 }
2328 else if (p_dev_rec->ble.key_type & BTM_LE_KEY_PENC)
2329 {
2330 /* link is unencrypted, still LTK is available */
2331 *p_le_key_size = p_dev_rec->ble.keys.key_size;
2332
2333 *p_le_dev_sec_flags |= (dev_rec_sec_flags & BTM_SEC_LE_LINK_KEY_AUTHED)
2334 ? BTM_SEC_LE_LINK_PAIRED_WITH_MITM /* set auth LTK flag */
2335 : BTM_SEC_LE_LINK_PAIRED_WITHOUT_MITM; /* set unauth LTK flag */
2336 }
2337
2338 BTM_TRACE_DEBUG ("%s - le_dev_sec_flags: 0x%02x, le_key_size: %d",
2339 __func__, *p_le_dev_sec_flags, *p_le_key_size);
2340
2341 return TRUE;
2342 #else
2343 return FALSE;
2344 #endif
2345 }
2346
2347 /*******************************************************************************
2348 **
2349 ** Function BTM_BleSecurityProcedureIsRunning
2350 **
2351 ** Description This function indicates if LE security procedure is
2352 ** currently running with the peer.
2353 **
2354 ** Returns BOOLEAN TRUE if security procedure is running, FALSE otherwise.
2355 **
2356 *******************************************************************************/
BTM_BleSecurityProcedureIsRunning(BD_ADDR bd_addr)2357 BOOLEAN BTM_BleSecurityProcedureIsRunning(BD_ADDR bd_addr)
2358 {
2359 #if (BLE_INCLUDED == TRUE)
2360 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
2361
2362 if (p_dev_rec == NULL)
2363 {
2364 BTM_TRACE_ERROR ("%s device with BDA: %08x%04x is not found",
2365 __func__, (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3],
2366 (bd_addr[4]<<8)+bd_addr[5]);
2367 return FALSE;
2368 }
2369
2370 return (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING ||
2371 p_dev_rec->sec_state == BTM_SEC_STATE_AUTHENTICATING);
2372 #else
2373 return FALSE;
2374 #endif
2375 }
2376
2377 /*******************************************************************************
2378 **
2379 ** Function BTM_BleGetSupportedKeySize
2380 **
2381 ** Description This function gets the maximum encryption key size in bytes
2382 ** the local device can suport.
2383 ** record.
2384 **
2385 ** Returns the key size or 0 if the size can't be retrieved.
2386 **
2387 *******************************************************************************/
BTM_BleGetSupportedKeySize(BD_ADDR bd_addr)2388 extern UINT8 BTM_BleGetSupportedKeySize (BD_ADDR bd_addr)
2389 {
2390 #if ((BLE_INCLUDED == TRUE) && (L2CAP_LE_COC_INCLUDED == TRUE))
2391 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
2392 tBTM_LE_IO_REQ dev_io_cfg;
2393 UINT8 callback_rc;
2394
2395 if (!p_dev_rec)
2396 {
2397 BTM_TRACE_ERROR ("%s device with BDA: %08x%04x is not found",
2398 __func__,(bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3],
2399 (bd_addr[4]<<8)+bd_addr[5]);
2400 return 0;
2401 }
2402
2403 if (btm_cb.api.p_le_callback == NULL)
2404 {
2405 BTM_TRACE_ERROR ("%s can't access supported key size",__func__);
2406 return 0;
2407 }
2408
2409 callback_rc = (*btm_cb.api.p_le_callback) (BTM_LE_IO_REQ_EVT, p_dev_rec->bd_addr,
2410 (tBTM_LE_EVT_DATA *) &dev_io_cfg);
2411
2412 if (callback_rc != BTM_SUCCESS)
2413 {
2414 BTM_TRACE_ERROR ("%s can't access supported key size",__func__);
2415 return 0;
2416 }
2417
2418 BTM_TRACE_DEBUG ("%s device supports key size = %d", __func__, dev_io_cfg.max_key_size);
2419 return (dev_io_cfg.max_key_size);
2420 #else
2421 return 0;
2422 #endif
2423 }
2424
2425 /*******************************************************************************
2426 ** Utility functions for LE device IR/ER generation
2427 *******************************************************************************/
2428 /*******************************************************************************
2429 **
2430 ** Function btm_notify_new_key
2431 **
2432 ** Description This function is to notify application new keys have been
2433 ** generated.
2434 **
2435 ** Returns void
2436 **
2437 *******************************************************************************/
btm_notify_new_key(UINT8 key_type)2438 static void btm_notify_new_key(UINT8 key_type)
2439 {
2440 tBTM_BLE_LOCAL_KEYS *p_locak_keys = NULL;
2441
2442 BTM_TRACE_DEBUG ("btm_notify_new_key key_type=%d", key_type);
2443
2444 if (btm_cb.api.p_le_key_callback)
2445 {
2446 switch (key_type)
2447 {
2448 case BTM_BLE_KEY_TYPE_ID:
2449 BTM_TRACE_DEBUG ("BTM_BLE_KEY_TYPE_ID");
2450 p_locak_keys = (tBTM_BLE_LOCAL_KEYS *)&btm_cb.devcb.id_keys;
2451 break;
2452
2453 case BTM_BLE_KEY_TYPE_ER:
2454 BTM_TRACE_DEBUG ("BTM_BLE_KEY_TYPE_ER");
2455 p_locak_keys = (tBTM_BLE_LOCAL_KEYS *)&btm_cb.devcb.ble_encryption_key_value;
2456 break;
2457
2458 default:
2459 BTM_TRACE_ERROR("unknown key type: %d", key_type);
2460 break;
2461 }
2462 if (p_locak_keys != NULL)
2463 (*btm_cb.api.p_le_key_callback) (key_type, p_locak_keys);
2464 }
2465 }
2466
2467 /*******************************************************************************
2468 **
2469 ** Function btm_ble_process_er2
2470 **
2471 ** Description This function is called when ER is generated, store it in
2472 ** local control block.
2473 **
2474 ** Returns void
2475 **
2476 *******************************************************************************/
btm_ble_process_er2(tBTM_RAND_ENC * p)2477 static void btm_ble_process_er2(tBTM_RAND_ENC *p)
2478 {
2479 BTM_TRACE_DEBUG ("btm_ble_process_er2");
2480
2481 if (p &&p->opcode == HCI_BLE_RAND)
2482 {
2483 memcpy(&btm_cb.devcb.ble_encryption_key_value[8], p->param_buf, BT_OCTET8_LEN);
2484 btm_notify_new_key(BTM_BLE_KEY_TYPE_ER);
2485 }
2486 else
2487 {
2488 BTM_TRACE_ERROR("Generating ER2 exception.");
2489 memset(&btm_cb.devcb.ble_encryption_key_value, 0, sizeof(BT_OCTET16));
2490 }
2491 }
2492
2493 /*******************************************************************************
2494 **
2495 ** Function btm_ble_process_er
2496 **
2497 ** Description This function is called when ER is generated, store it in
2498 ** local control block.
2499 **
2500 ** Returns void
2501 **
2502 *******************************************************************************/
btm_ble_process_er(tBTM_RAND_ENC * p)2503 static void btm_ble_process_er(tBTM_RAND_ENC *p)
2504 {
2505 BTM_TRACE_DEBUG ("btm_ble_process_er");
2506
2507 if (p &&p->opcode == HCI_BLE_RAND)
2508 {
2509 memcpy(&btm_cb.devcb.ble_encryption_key_value[0], p->param_buf, BT_OCTET8_LEN);
2510
2511 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_er2))
2512 {
2513 memset(&btm_cb.devcb.ble_encryption_key_value, 0, sizeof(BT_OCTET16));
2514 BTM_TRACE_ERROR("Generating ER2 failed.");
2515 }
2516 }
2517 else
2518 {
2519 BTM_TRACE_ERROR("Generating ER1 exception.");
2520 }
2521 }
2522
2523 /*******************************************************************************
2524 **
2525 ** Function btm_ble_process_irk
2526 **
2527 ** Description This function is called when IRK is generated, store it in
2528 ** local control block.
2529 **
2530 ** Returns void
2531 **
2532 *******************************************************************************/
btm_ble_process_irk(tSMP_ENC * p)2533 static void btm_ble_process_irk(tSMP_ENC *p)
2534 {
2535 BTM_TRACE_DEBUG ("btm_ble_process_irk");
2536 if (p &&p->opcode == HCI_BLE_ENCRYPT)
2537 {
2538 memcpy(btm_cb.devcb.id_keys.irk, p->param_buf, BT_OCTET16_LEN);
2539 btm_notify_new_key(BTM_BLE_KEY_TYPE_ID);
2540
2541 #if BLE_PRIVACY_SPT == TRUE
2542 /* if privacy is enabled, new RPA should be calculated */
2543 if (btm_cb.ble_ctr_cb.privacy_mode != BTM_PRIVACY_NONE)
2544 {
2545 btm_gen_resolvable_private_addr((void *)btm_gen_resolve_paddr_low);
2546 }
2547 #endif
2548 }
2549 else
2550 {
2551 BTM_TRACE_ERROR("Generating IRK exception.");
2552 }
2553
2554 /* proceed generate ER */
2555 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_er))
2556 {
2557 BTM_TRACE_ERROR("Generating ER failed.");
2558 }
2559 }
2560
2561 /*******************************************************************************
2562 **
2563 ** Function btm_ble_process_dhk
2564 **
2565 ** Description This function is called when DHK is calculated, store it in
2566 ** local control block, and proceed to generate ER, a 128-bits
2567 ** random number.
2568 **
2569 ** Returns void
2570 **
2571 *******************************************************************************/
btm_ble_process_dhk(tSMP_ENC * p)2572 static void btm_ble_process_dhk(tSMP_ENC *p)
2573 {
2574 #if SMP_INCLUDED == TRUE
2575 UINT8 btm_ble_irk_pt = 0x01;
2576 tSMP_ENC output;
2577
2578 BTM_TRACE_DEBUG ("btm_ble_process_dhk");
2579
2580 if (p && p->opcode == HCI_BLE_ENCRYPT)
2581 {
2582 memcpy(btm_cb.devcb.id_keys.dhk, p->param_buf, BT_OCTET16_LEN);
2583 BTM_TRACE_DEBUG("BLE DHK generated.");
2584
2585 /* IRK = D1(IR, 1) */
2586 if (!SMP_Encrypt(btm_cb.devcb.id_keys.ir, BT_OCTET16_LEN, &btm_ble_irk_pt,
2587 1, &output))
2588 {
2589 /* reset all identity root related key */
2590 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
2591 }
2592 else
2593 {
2594 btm_ble_process_irk(&output);
2595 }
2596 }
2597 else
2598 {
2599 /* reset all identity root related key */
2600 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
2601 }
2602 #endif
2603 }
2604
2605 /*******************************************************************************
2606 **
2607 ** Function btm_ble_process_ir2
2608 **
2609 ** Description This function is called when IR is generated, proceed to calculate
2610 ** DHK = Eir({0x03, 0, 0 ...})
2611 **
2612 **
2613 ** Returns void
2614 **
2615 *******************************************************************************/
btm_ble_process_ir2(tBTM_RAND_ENC * p)2616 static void btm_ble_process_ir2(tBTM_RAND_ENC *p)
2617 {
2618 #if SMP_INCLUDED == TRUE
2619 UINT8 btm_ble_dhk_pt = 0x03;
2620 tSMP_ENC output;
2621
2622 BTM_TRACE_DEBUG ("btm_ble_process_ir2");
2623
2624 if (p && p->opcode == HCI_BLE_RAND)
2625 {
2626 /* remembering in control block */
2627 memcpy(&btm_cb.devcb.id_keys.ir[8], p->param_buf, BT_OCTET8_LEN);
2628 /* generate DHK= Eir({0x03, 0x00, 0x00 ...}) */
2629
2630 SMP_Encrypt(btm_cb.devcb.id_keys.ir, BT_OCTET16_LEN, &btm_ble_dhk_pt,
2631 1, &output);
2632 btm_ble_process_dhk(&output);
2633
2634 BTM_TRACE_DEBUG("BLE IR generated.");
2635 }
2636 else
2637 {
2638 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
2639 }
2640 #endif
2641 }
2642
2643 /*******************************************************************************
2644 **
2645 ** Function btm_ble_process_ir
2646 **
2647 ** Description This function is called when IR is generated, proceed to calculate
2648 ** DHK = Eir({0x02, 0, 0 ...})
2649 **
2650 **
2651 ** Returns void
2652 **
2653 *******************************************************************************/
btm_ble_process_ir(tBTM_RAND_ENC * p)2654 static void btm_ble_process_ir(tBTM_RAND_ENC *p)
2655 {
2656 BTM_TRACE_DEBUG ("btm_ble_process_ir");
2657
2658 if (p && p->opcode == HCI_BLE_RAND)
2659 {
2660 /* remembering in control block */
2661 memcpy(btm_cb.devcb.id_keys.ir, p->param_buf, BT_OCTET8_LEN);
2662
2663 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_ir2))
2664 {
2665 BTM_TRACE_ERROR("Generating IR2 failed.");
2666 memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
2667 }
2668 }
2669 }
2670
2671 /*******************************************************************************
2672 **
2673 ** Function btm_ble_reset_id
2674 **
2675 ** Description This function is called to reset LE device identity.
2676 **
2677 ** Returns void
2678 **
2679 *******************************************************************************/
btm_ble_reset_id(void)2680 void btm_ble_reset_id( void )
2681 {
2682 BTM_TRACE_DEBUG ("btm_ble_reset_id");
2683
2684 /* regenrate Identity Root*/
2685 if (!btsnd_hcic_ble_rand((void *)btm_ble_process_ir))
2686 {
2687 BTM_TRACE_DEBUG("Generating IR failed.");
2688 }
2689 }
2690
2691 #if BTM_BLE_CONFORMANCE_TESTING == TRUE
2692 /*******************************************************************************
2693 **
2694 ** Function btm_ble_set_no_disc_if_pair_fail
2695 **
2696 ** Description This function indicates that whether no disconnect of the ACL
2697 ** should be used if pairing failed
2698 **
2699 ** Returns void
2700 **
2701 *******************************************************************************/
btm_ble_set_no_disc_if_pair_fail(BOOLEAN disable_disc)2702 void btm_ble_set_no_disc_if_pair_fail(BOOLEAN disable_disc )
2703 {
2704 BTM_TRACE_DEBUG ("btm_ble_set_disc_enable_if_pair_fail disable_disc=%d", disable_disc);
2705 btm_cb.devcb.no_disc_if_pair_fail = disable_disc;
2706 }
2707
2708 /*******************************************************************************
2709 **
2710 ** Function btm_ble_set_test_mac_value
2711 **
2712 ** Description This function set test MAC value
2713 **
2714 ** Returns void
2715 **
2716 *******************************************************************************/
btm_ble_set_test_mac_value(BOOLEAN enable,UINT8 * p_test_mac_val)2717 void btm_ble_set_test_mac_value(BOOLEAN enable, UINT8 *p_test_mac_val )
2718 {
2719 BTM_TRACE_DEBUG ("btm_ble_set_test_mac_value enable=%d", enable);
2720 btm_cb.devcb.enable_test_mac_val = enable;
2721 memcpy(btm_cb.devcb.test_mac, p_test_mac_val, BT_OCTET8_LEN);
2722 }
2723
2724 /*******************************************************************************
2725 **
2726 ** Function btm_ble_set_test_local_sign_cntr_value
2727 **
2728 ** Description This function set test local sign counter value
2729 **
2730 ** Returns void
2731 **
2732 *******************************************************************************/
btm_ble_set_test_local_sign_cntr_value(BOOLEAN enable,UINT32 test_local_sign_cntr)2733 void btm_ble_set_test_local_sign_cntr_value(BOOLEAN enable, UINT32 test_local_sign_cntr )
2734 {
2735 BTM_TRACE_DEBUG ("btm_ble_set_test_local_sign_cntr_value enable=%d local_sign_cntr=%d",
2736 enable, test_local_sign_cntr);
2737 btm_cb.devcb.enable_test_local_sign_cntr = enable;
2738 btm_cb.devcb.test_local_sign_cntr = test_local_sign_cntr;
2739 }
2740
2741 /*******************************************************************************
2742 **
2743 ** Function btm_set_random_address
2744 **
2745 ** Description This function set a random address to local controller.
2746 **
2747 ** Returns void
2748 **
2749 *******************************************************************************/
btm_set_random_address(BD_ADDR random_bda)2750 void btm_set_random_address(BD_ADDR random_bda)
2751 {
2752 tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
2753 BOOLEAN adv_mode = btm_cb.ble_ctr_cb.inq_var.adv_mode ;
2754
2755 BTM_TRACE_DEBUG ("btm_set_random_address");
2756
2757 if (adv_mode == BTM_BLE_ADV_ENABLE)
2758 btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_DISABLE);
2759
2760 memcpy(p_cb->private_addr, random_bda, BD_ADDR_LEN);
2761 btsnd_hcic_ble_set_random_addr(p_cb->private_addr);
2762
2763 if (adv_mode == BTM_BLE_ADV_ENABLE)
2764 btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_ENABLE);
2765
2766 }
2767
2768 /*******************************************************************************
2769 **
2770 ** Function btm_ble_set_keep_rfu_in_auth_req
2771 **
2772 ** Description This function indicates if RFU bits have to be kept as is
2773 ** (by default they have to be set to 0 by the sender).
2774 **
2775 ** Returns void
2776 **
2777 *******************************************************************************/
btm_ble_set_keep_rfu_in_auth_req(BOOLEAN keep_rfu)2778 void btm_ble_set_keep_rfu_in_auth_req(BOOLEAN keep_rfu)
2779 {
2780 BTM_TRACE_DEBUG ("btm_ble_set_keep_rfu_in_auth_req keep_rfus=%d", keep_rfu);
2781 btm_cb.devcb.keep_rfu_in_auth_req = keep_rfu;
2782 }
2783
2784 #endif /* BTM_BLE_CONFORMANCE_TESTING */
2785
2786 #endif /* BLE_INCLUDED */
2787