1/******************************************************************************
2 *
3 *  Copyright (C) 1999-2012 Broadcom Corporation
4 *
5 *  Licensed under the Apache License, Version 2.0 (the "License");
6 *  you may not use this file except in compliance with the License.
7 *  You may obtain a copy of the License at:
8 *
9 *  http://www.apache.org/licenses/LICENSE-2.0
10 *
11 *  Unless required by applicable law or agreed to in writing, software
12 *  distributed under the License is distributed on an "AS IS" BASIS,
13 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 *  See the License for the specific language governing permissions and
15 *  limitations under the License.
16 *
17 ******************************************************************************/
18
19/******************************************************************************
20 *
21 *  This file contains functions for the SMP L2Cap utility functions
22 *
23 ******************************************************************************/
24#include "bt_target.h"
25
26#if SMP_INCLUDED == TRUE
27
28#include "bt_types.h"
29#include "bt_utils.h"
30#include <string.h>
31#include <ctype.h>
32#include "hcidefs.h"
33#include "btm_ble_api.h"
34#include "l2c_api.h"
35#include "l2c_int.h"
36#include "smp_int.h"
37
38
39#define SMP_PAIRING_REQ_SIZE    7
40#define SMP_CONFIRM_CMD_SIZE    (BT_OCTET16_LEN + 1)
41#define SMP_INIT_CMD_SIZE       (BT_OCTET16_LEN + 1)
42#define SMP_ENC_INFO_SIZE       (BT_OCTET16_LEN + 1)
43#define SMP_MASTER_ID_SIZE      (BT_OCTET8_LEN + 2 + 1)
44#define SMP_ID_INFO_SIZE        (BT_OCTET16_LEN + 1)
45#define SMP_ID_ADDR_SIZE        (BD_ADDR_LEN + 1 + 1)
46#define SMP_SIGN_INFO_SIZE      (BT_OCTET16_LEN + 1)
47#define SMP_PAIR_FAIL_SIZE      2
48
49
50/* type for action functions */
51typedef BT_HDR * (*tSMP_CMD_ACT)(UINT8 cmd_code, tSMP_CB *p_cb);
52
53static BT_HDR * smp_build_pairing_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
54static BT_HDR * smp_build_confirm_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
55static BT_HDR * smp_build_rand_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
56static BT_HDR * smp_build_pairing_fail(UINT8 cmd_code, tSMP_CB *p_cb);
57static BT_HDR * smp_build_identity_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
58static BT_HDR * smp_build_encrypt_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
59static BT_HDR * smp_build_security_request(UINT8 cmd_code, tSMP_CB *p_cb);
60static BT_HDR * smp_build_signing_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
61static BT_HDR * smp_build_master_id_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
62static BT_HDR * smp_build_id_addr_cmd(UINT8 cmd_code, tSMP_CB *p_cb);
63
64const tSMP_CMD_ACT smp_cmd_build_act[] =
65{
66    NULL,
67    smp_build_pairing_cmd,      /* 0x01: pairing request */
68    smp_build_pairing_cmd,      /* 0x02: pairing response */
69    smp_build_confirm_cmd,      /* 0x03: pairing confirm */
70    smp_build_rand_cmd,         /* 0x04: pairing initializer request */
71    smp_build_pairing_fail,     /* 0x05: pairing failure */
72    smp_build_encrypt_info_cmd, /* 0x06: security information command */
73    smp_build_master_id_cmd,    /* 0x07: master identity command */
74    smp_build_identity_info_cmd,  /* 0x08: identity information command */
75    smp_build_id_addr_cmd,          /* 0x09: signing information */
76    smp_build_signing_info_cmd,    /* 0x0A: signing information */
77    smp_build_security_request    /* 0x0B: security request */
78};
79/*******************************************************************************
80**
81** Function         smp_send_msg_to_L2CAP
82**
83** Description      Send message to L2CAP.
84**
85*******************************************************************************/
86BOOLEAN  smp_send_msg_to_L2CAP(BD_ADDR rem_bda, BT_HDR *p_toL2CAP)
87{
88    UINT16              l2cap_ret;
89
90    SMP_TRACE_EVENT("smp_send_msg_to_L2CAP");
91
92    if ((l2cap_ret = L2CA_SendFixedChnlData (L2CAP_SMP_CID, rem_bda, p_toL2CAP)) == L2CAP_DW_FAILED)
93    {
94        SMP_TRACE_ERROR("SMP   failed to pass msg:0x%0x to L2CAP",
95                         *((UINT8 *)(p_toL2CAP + 1) + p_toL2CAP->offset));
96        GKI_freebuf(p_toL2CAP);
97        return FALSE;
98    }
99    else
100    {
101        return TRUE;
102    }
103}
104/*******************************************************************************
105**
106** Function         smp_send_cmd
107**
108** Description      send a SMP command on L2CAP channel.
109**
110*******************************************************************************/
111BOOLEAN smp_send_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
112{
113    BT_HDR *p_buf;
114    BOOLEAN sent = FALSE;
115    UINT8 failure = SMP_PAIR_INTERNAL_ERR;
116    SMP_TRACE_EVENT("smp_send_cmd on l2cap cmd_code=0x%x", cmd_code);
117    if ( cmd_code < SMP_OPCODE_MAX &&
118         smp_cmd_build_act[cmd_code] != NULL)
119    {
120        p_buf = (*smp_cmd_build_act[cmd_code])(cmd_code, p_cb);
121
122        if (p_buf != NULL &&
123            smp_send_msg_to_L2CAP(p_cb->pairing_bda, p_buf))
124        {
125            sent = TRUE;
126
127            btu_stop_timer (&p_cb->rsp_timer_ent);
128            btu_start_timer (&p_cb->rsp_timer_ent, BTU_TTYPE_SMP_PAIRING_CMD,
129                             SMP_WAIT_FOR_RSP_TOUT);
130        }
131    }
132
133    if (!sent)
134    {
135        smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &failure);
136    }
137    return sent;
138}
139
140
141
142/*******************************************************************************
143**
144** Function         smp_rsp_timeout
145**
146** Description      Called when SMP wait for SMP command response timer expires
147**
148** Returns          void
149**
150*******************************************************************************/
151void smp_rsp_timeout(TIMER_LIST_ENT *p_tle)
152{
153    tSMP_CB   *p_cb = &smp_cb;
154    UINT8 failure = SMP_RSP_TIMEOUT;
155    UNUSED(p_tle);
156
157    SMP_TRACE_EVENT("smp_rsp_timeout state:%d", p_cb->state);
158
159    if (smp_get_state() == SMP_ST_RELEASE_DELAY)
160    {
161        smp_sm_event(p_cb, SMP_RELEASE_DELAY_TOUT_EVT, NULL);
162    }
163    else
164    {
165        smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &failure);
166    }
167}
168
169/*******************************************************************************
170**
171** Function         smp_build_pairing_req_cmd
172**
173** Description      Build pairing request command.
174**
175*******************************************************************************/
176BT_HDR * smp_build_pairing_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
177{
178    BT_HDR      *p_buf = NULL ;
179    UINT8       *p;
180    SMP_TRACE_EVENT("smp_build_pairing_cmd");
181    if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_PAIRING_REQ_SIZE + L2CAP_MIN_OFFSET)) != NULL)
182    {
183        p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
184
185        UINT8_TO_STREAM (p, cmd_code);
186        UINT8_TO_STREAM (p, p_cb->loc_io_caps);
187        UINT8_TO_STREAM (p, p_cb->loc_oob_flag);
188        UINT8_TO_STREAM (p, p_cb->loc_auth_req);
189        UINT8_TO_STREAM (p, p_cb->loc_enc_size);
190        UINT8_TO_STREAM (p, p_cb->loc_i_key);
191        UINT8_TO_STREAM (p, p_cb->loc_r_key);
192
193        p_buf->offset = L2CAP_MIN_OFFSET;
194        /* 1B ERR_RSP op code + 1B cmd_op_code + 2B handle + 1B status */
195        p_buf->len = SMP_PAIRING_REQ_SIZE;
196    }
197
198    return p_buf;
199}
200
201/*******************************************************************************
202**
203** Function         smp_build_confirm_cmd
204**
205** Description      Build confirm request command.
206**
207*******************************************************************************/
208static BT_HDR * smp_build_confirm_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
209{
210    BT_HDR      *p_buf = NULL ;
211    UINT8       *p;
212    UNUSED(cmd_code);
213
214    SMP_TRACE_EVENT("smp_build_confirm_cmd");
215    if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_CONFIRM_CMD_SIZE + L2CAP_MIN_OFFSET)) != NULL)
216    {
217        p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
218
219        UINT8_TO_STREAM (p, SMP_OPCODE_CONFIRM);
220        ARRAY_TO_STREAM (p, p_cb->confirm, BT_OCTET16_LEN);
221
222        p_buf->offset = L2CAP_MIN_OFFSET;
223        p_buf->len = SMP_CONFIRM_CMD_SIZE;
224    }
225
226    return p_buf;
227}
228/*******************************************************************************
229**
230** Function         smp_build_rand_cmd
231**
232** Description      Build Initializer command.
233**
234*******************************************************************************/
235static BT_HDR * smp_build_rand_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
236{
237    BT_HDR      *p_buf = NULL ;
238    UINT8       *p;
239    UNUSED(cmd_code);
240
241    SMP_TRACE_EVENT("smp_build_rand_cmd");
242    if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_INIT_CMD_SIZE + L2CAP_MIN_OFFSET)) != NULL)
243    {
244        p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
245
246        UINT8_TO_STREAM (p, SMP_OPCODE_INIT);
247        ARRAY_TO_STREAM (p, p_cb->rand, BT_OCTET16_LEN);
248
249        p_buf->offset = L2CAP_MIN_OFFSET;
250        p_buf->len = SMP_INIT_CMD_SIZE;
251    }
252
253    return p_buf;
254}
255/*******************************************************************************
256**
257** Function         smp_build_encrypt_info_cmd
258**
259** Description      Build security information command.
260**
261*******************************************************************************/
262static BT_HDR * smp_build_encrypt_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
263{
264    BT_HDR      *p_buf = NULL ;
265    UINT8       *p;
266    UNUSED(cmd_code);
267
268    SMP_TRACE_EVENT("smp_build_encrypt_info_cmd");
269    if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_ENC_INFO_SIZE + L2CAP_MIN_OFFSET)) != NULL)
270    {
271        p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
272
273        UINT8_TO_STREAM (p, SMP_OPCODE_ENCRYPT_INFO);
274        ARRAY_TO_STREAM (p, p_cb->ltk, BT_OCTET16_LEN);
275
276        p_buf->offset = L2CAP_MIN_OFFSET;
277        p_buf->len = SMP_ENC_INFO_SIZE;
278    }
279
280    return p_buf;
281}
282/*******************************************************************************
283**
284** Function         smp_build_master_id_cmd
285**
286** Description      Build security information command.
287**
288*******************************************************************************/
289static BT_HDR * smp_build_master_id_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
290{
291    BT_HDR      *p_buf = NULL ;
292    UINT8       *p;
293    UNUSED(cmd_code);
294
295    SMP_TRACE_EVENT("smp_build_master_id_cmd ");
296    if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_MASTER_ID_SIZE + L2CAP_MIN_OFFSET)) != NULL)
297    {
298        p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
299
300        UINT8_TO_STREAM (p, SMP_OPCODE_MASTER_ID);
301        UINT16_TO_STREAM (p, p_cb->ediv);
302        ARRAY_TO_STREAM (p, p_cb->enc_rand, BT_OCTET8_LEN);
303
304        p_buf->offset = L2CAP_MIN_OFFSET;
305        p_buf->len = SMP_MASTER_ID_SIZE;
306    }
307
308    return p_buf;
309}
310/*******************************************************************************
311**
312** Function         smp_build_identity_info_cmd
313**
314** Description      Build identity information command.
315**
316*******************************************************************************/
317static BT_HDR * smp_build_identity_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
318{
319    BT_HDR      *p_buf = NULL ;
320    UINT8       *p;
321    BT_OCTET16  irk;
322    UNUSED(cmd_code);
323    UNUSED(p_cb);
324
325    SMP_TRACE_EVENT("smp_build_identity_info_cmd");
326    if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_ID_INFO_SIZE + L2CAP_MIN_OFFSET)) != NULL)
327    {
328        p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
329
330        BTM_GetDeviceIDRoot(irk);
331
332        UINT8_TO_STREAM (p, SMP_OPCODE_IDENTITY_INFO);
333        ARRAY_TO_STREAM (p,  irk, BT_OCTET16_LEN);
334
335        p_buf->offset = L2CAP_MIN_OFFSET;
336        p_buf->len = SMP_ID_INFO_SIZE;
337    }
338
339    return p_buf;
340}
341/*******************************************************************************
342**
343** Function         smp_build_id_addr_cmd
344**
345** Description      Build identity address information command.
346**
347*******************************************************************************/
348static BT_HDR * smp_build_id_addr_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
349{
350    BT_HDR      *p_buf = NULL ;
351    UINT8       *p;
352    BD_ADDR     static_addr;
353    UNUSED(cmd_code);
354    UNUSED(p_cb);
355
356    SMP_TRACE_EVENT("smp_build_id_addr_cmd");
357    if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_ID_ADDR_SIZE + L2CAP_MIN_OFFSET)) != NULL)
358    {
359        p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
360
361        UINT8_TO_STREAM (p, SMP_OPCODE_ID_ADDR);
362        UINT8_TO_STREAM (p, 0);     /* TODO: update with local address type */
363        BTM_GetLocalDeviceAddr(static_addr);
364        BDADDR_TO_STREAM (p, static_addr);
365
366        p_buf->offset = L2CAP_MIN_OFFSET;
367        p_buf->len = SMP_ID_ADDR_SIZE;
368    }
369
370    return p_buf;
371}
372
373/*******************************************************************************
374**
375** Function         smp_build_signing_info_cmd
376**
377** Description      Build signing information command.
378**
379*******************************************************************************/
380static BT_HDR * smp_build_signing_info_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
381{
382    BT_HDR      *p_buf = NULL ;
383    UINT8       *p;
384    UNUSED(cmd_code);
385
386    SMP_TRACE_EVENT("smp_build_signing_info_cmd");
387    if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_SIGN_INFO_SIZE + L2CAP_MIN_OFFSET)) != NULL)
388    {
389        p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
390
391        UINT8_TO_STREAM (p, SMP_OPCODE_SIGN_INFO);
392        ARRAY_TO_STREAM (p, p_cb->csrk, BT_OCTET16_LEN);
393
394        p_buf->offset = L2CAP_MIN_OFFSET;
395        p_buf->len = SMP_SIGN_INFO_SIZE;
396    }
397
398    return p_buf;
399}
400/*******************************************************************************
401**
402** Function         smp_build_pairing_fail
403**
404** Description      Build Pairing Fail command.
405**
406*******************************************************************************/
407static BT_HDR * smp_build_pairing_fail(UINT8 cmd_code, tSMP_CB *p_cb)
408{
409    BT_HDR      *p_buf = NULL ;
410    UINT8       *p;
411    UNUSED(cmd_code);
412
413    SMP_TRACE_EVENT("smp_build_pairing_fail");
414    if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_PAIR_FAIL_SIZE + L2CAP_MIN_OFFSET)) != NULL)
415    {
416        p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
417
418        UINT8_TO_STREAM (p, SMP_OPCODE_PAIRING_FAILED);
419        UINT8_TO_STREAM (p, p_cb->failure);
420
421        p_buf->offset = L2CAP_MIN_OFFSET;
422        p_buf->len = SMP_PAIR_FAIL_SIZE;
423    }
424
425    return p_buf;
426}
427/*******************************************************************************
428**
429** Function         smp_build_security_request
430**
431** Description      Build security request command.
432**
433*******************************************************************************/
434static BT_HDR * smp_build_security_request(UINT8 cmd_code, tSMP_CB *p_cb)
435{
436    BT_HDR      *p_buf = NULL ;
437    UINT8       *p;
438    UNUSED(cmd_code);
439
440    SMP_TRACE_EVENT("smp_build_security_request");
441
442    if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + 2 + L2CAP_MIN_OFFSET)) != NULL)
443    {
444        p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
445
446        UINT8_TO_STREAM (p, SMP_OPCODE_SEC_REQ);
447        UINT8_TO_STREAM (p,  p_cb->loc_auth_req);
448
449        p_buf->offset = L2CAP_MIN_OFFSET;
450        p_buf->len = 2;
451
452        SMP_TRACE_EVENT("opcode=%d auth_req=0x%x",SMP_OPCODE_SEC_REQ,  p_cb->loc_auth_req );
453    }
454
455    return p_buf;
456
457}
458
459/*******************************************************************************
460**
461** Function         smp_convert_string_to_tk
462**
463** Description      This function is called to convert a 6 to 16 digits numeric
464**                  character string into SMP TK.
465**
466**
467** Returns          void
468**
469*******************************************************************************/
470void smp_convert_string_to_tk(BT_OCTET16 tk, UINT32 passkey)
471{
472    UINT8   *p = tk;
473    tSMP_KEY    key;
474    SMP_TRACE_EVENT("smp_convert_string_to_tk");
475    UINT32_TO_STREAM(p, passkey);
476
477    key.key_type    = SMP_KEY_TYPE_TK;
478    key.p_data      = tk;
479
480    smp_sm_event(&smp_cb, SMP_KEY_READY_EVT, &key);
481}
482
483/*******************************************************************************
484**
485** Function         smp_mask_enc_key
486**
487** Description      This function is called to mask off the encryption key based
488**                  on the maximum encryption key size.
489**
490**
491** Returns          void
492**
493*******************************************************************************/
494void smp_mask_enc_key(UINT8 loc_enc_size, UINT8 * p_data)
495{
496    SMP_TRACE_EVENT("smp_mask_enc_key");
497    if (loc_enc_size < BT_OCTET16_LEN)
498    {
499        for (; loc_enc_size < BT_OCTET16_LEN; loc_enc_size ++)
500            * (p_data + loc_enc_size) = 0;
501    }
502    return;
503}
504/*******************************************************************************
505**
506** Function         smp_xor_128
507**
508** Description      utility function to do an biteise exclusive-OR of two bit
509**                  strings of the length of BT_OCTET16_LEN.
510**
511** Returns          void
512**
513*******************************************************************************/
514void smp_xor_128(BT_OCTET16 a, BT_OCTET16 b)
515{
516    UINT8 i, *aa = a, *bb = b;
517
518    SMP_TRACE_EVENT("smp_xor_128");
519    for (i = 0; i < BT_OCTET16_LEN; i++)
520    {
521        aa[i] = aa[i] ^ bb[i];
522    }
523}
524
525
526/*******************************************************************************
527**
528** Function         smp_cb_cleanup
529**
530** Description      Clean up SMP control block
531**
532** Returns          void
533**
534*******************************************************************************/
535void smp_cb_cleanup(tSMP_CB   *p_cb)
536{
537    tSMP_CALLBACK   *p_callback = p_cb->p_callback;
538    UINT8           trace_level = p_cb->trace_level;
539
540    SMP_TRACE_EVENT("smp_cb_cleanup");
541    memset(p_cb, 0, sizeof(tSMP_CB));
542    p_cb->p_callback = p_callback;
543    p_cb->trace_level = trace_level;
544}
545/*******************************************************************************
546**
547** Function         smp_reset_control_value
548**
549** Description      This function is called to reset the control block value when
550**                  pairing procedure finished.
551**
552**
553** Returns          void
554**
555*******************************************************************************/
556void smp_reset_control_value(tSMP_CB *p_cb)
557{
558    SMP_TRACE_EVENT("smp_reset_control_value");
559    btu_stop_timer (&p_cb->rsp_timer_ent);
560#if SMP_CONFORMANCE_TESTING == TRUE
561
562    SMP_TRACE_EVENT("smp_cb.remove_fixed_channel_disable=%d", smp_cb.remove_fixed_channel_disable);
563    if (!smp_cb.remove_fixed_channel_disable)
564    {
565        L2CA_RemoveFixedChnl (L2CAP_SMP_CID, p_cb->pairing_bda);
566    }
567    else
568    {
569        SMP_TRACE_EVENT("disable the removal of the fixed channel");
570    }
571
572
573#else
574    /* We can tell L2CAP to remove the fixed channel (if it has one) */
575    L2CA_RemoveFixedChnl (L2CAP_SMP_CID, p_cb->pairing_bda);
576
577#endif
578    smp_cb_cleanup(p_cb);
579
580}
581/*******************************************************************************
582**
583** Function         smp_proc_pairing_cmpl
584**
585** Description      This function is called to process pairing complete
586**
587**
588** Returns          void
589**
590*******************************************************************************/
591void smp_proc_pairing_cmpl(tSMP_CB *p_cb)
592{
593    tSMP_EVT_DATA   evt_data = {0};
594
595    SMP_TRACE_DEBUG ("smp_proc_pairing_cmpl ");
596
597    evt_data.cmplt.reason = p_cb->status;
598
599    if (p_cb->status == SMP_SUCCESS)
600        evt_data.cmplt.sec_level = p_cb->sec_level;
601
602    evt_data.cmplt.is_pair_cancel  = FALSE;
603
604    if (p_cb->is_pair_cancel)
605        evt_data.cmplt.is_pair_cancel = TRUE;
606
607
608    SMP_TRACE_DEBUG ("send SMP_COMPLT_EVT reason=0x%0x sec_level=0x%0x",
609                      evt_data.cmplt.reason,
610                      evt_data.cmplt.sec_level );
611    if (p_cb->p_callback)
612        (*p_cb->p_callback) (SMP_COMPLT_EVT, p_cb->pairing_bda, &evt_data);
613
614#if 0 /* TESTING CODE : as a master, reencrypt using LTK */
615    if (evt_data.cmplt.reason == 0 && p_cb->role == HCI_ROLE_MASTER)
616    {
617        btm_ble_start_encrypt(p_cb->pairing_bda, FALSE, NULL);
618    }
619#endif
620
621    smp_reset_control_value(p_cb);
622}
623
624/*******************************************************************************
625**
626** Function         smp_reject_unexp_pair_req
627**
628** Description      send pairing failure to an unexpected pairing request during
629**                  an active pairing process.
630**
631** Returns          void
632**
633*******************************************************************************/
634void smp_reject_unexp_pair_req(BD_ADDR bd_addr)
635{
636    BT_HDR *p_buf;
637    UINT8   *p;
638
639    if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_PAIR_FAIL_SIZE + L2CAP_MIN_OFFSET)) != NULL)
640    {
641        p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
642
643        UINT8_TO_STREAM (p, SMP_OPCODE_PAIRING_FAILED);
644        UINT8_TO_STREAM (p, SMP_PAIR_NOT_SUPPORT);
645
646        p_buf->offset = L2CAP_MIN_OFFSET;
647        p_buf->len = SMP_PAIR_FAIL_SIZE;
648
649        smp_send_msg_to_L2CAP(bd_addr, p_buf);
650    }
651}
652
653#if SMP_CONFORMANCE_TESTING == TRUE
654/*******************************************************************************
655**
656** Function         smp_set_test_confirm_value
657**
658** Description      This function is called to set the test confirm value
659**
660** Returns          void
661**
662*******************************************************************************/
663void smp_set_test_confirm_value(BOOLEAN enable, UINT8 *p_c_val)
664{
665    SMP_TRACE_DEBUG("smp_set_test_confirm_value enable=%d", enable);
666    smp_cb.enable_test_confirm_val = enable;
667    memcpy(smp_cb.test_confirm, p_c_val, BT_OCTET16_LEN);
668}
669
670
671/*******************************************************************************
672**
673** Function         smp_set_test_confirm_value
674**
675** Description      This function is called to set the test rand value
676**
677** Returns          void
678**
679*******************************************************************************/
680void smp_set_test_rand_value(BOOLEAN enable, UINT8 *p_c_val)
681{
682    SMP_TRACE_DEBUG("smp_set_test_rand_value enable=%d", enable);
683    smp_cb.enable_test_rand_val = enable;
684    memcpy(smp_cb.test_rand, p_c_val, BT_OCTET16_LEN);
685}
686
687
688/*******************************************************************************
689**
690** Function         smp_set_test_pair_fail_status
691**
692** Description      This function is called to set the test fairing fair status
693**
694** Returns          void
695**
696*******************************************************************************/
697void smp_set_test_pair_fail_status (BOOLEAN enable, UINT8 status)
698{
699    SMP_TRACE_DEBUG("smp_set_test_confirm_value enable=%d", enable);
700    smp_cb.enable_test_pair_fail = enable;
701    smp_cb.pair_fail_status = status;
702}
703
704/*******************************************************************************
705**
706** Function         smp_set_test_pair_fail_status
707**
708** Description      This function is called to disable the removal of fixed channel
709**                  in  smp_reset_control_value
710** Returns          void
711**
712*******************************************************************************/
713void smp_remove_fixed_channel_disable (BOOLEAN disable)
714{
715    SMP_TRACE_DEBUG("smp_remove_fixed_channel_disable disable =%d", disable);
716    smp_cb.remove_fixed_channel_disable = disable;
717}
718/*******************************************************************************
719**
720** Function         smp_skip_compare_check
721**
722** Description      This function is called to skip the compare value check
723**
724** Returns          void
725**
726*******************************************************************************/
727void smp_skip_compare_check(BOOLEAN enable)
728{
729    SMP_TRACE_DEBUG("smp_skip_compare_check enable=%d", enable);
730    smp_cb.skip_test_compare_check = enable;
731}
732
733#endif
734
735
736#endif
737
738