1/******************************************************************************
2 *
3 *  Copyright (C) 2003-2012 Broadcom Corporation
4 *
5 *  Licensed under the Apache License, Version 2.0 (the "License");
6 *  you may not use this file except in compliance with the License.
7 *  You may obtain a copy of the License at:
8 *
9 *  http://www.apache.org/licenses/LICENSE-2.0
10 *
11 *  Unless required by applicable law or agreed to in writing, software
12 *  distributed under the License is distributed on an "AS IS" BASIS,
13 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 *  See the License for the specific language governing permissions and
15 *  limitations under the License.
16 *
17 ******************************************************************************/
18
19#include <string.h>
20#include "device/include/interop.h"
21#include "include/bt_target.h"
22#include "stack/btm/btm_int.h"
23#include "stack/include/l2c_api.h"
24#include "stack/smp/smp_int.h"
25#include "utils/include/bt_utils.h"
26
27extern fixed_queue_t *btu_general_alarm_queue;
28
29#if SMP_INCLUDED == TRUE
30const UINT8 smp_association_table[2][SMP_IO_CAP_MAX][SMP_IO_CAP_MAX] =
31{
32    /* initiator */
33    {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY,   SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* Display Only */
34        {SMP_MODEL_ENCRYPTION_ONLY,  SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}, /* SMP_CAP_IO = 1 */
35        {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF,  SMP_MODEL_PASSKEY,   SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}, /* keyboard only */
36        {SMP_MODEL_ENCRYPTION_ONLY,  SMP_MODEL_ENCRYPTION_ONLY,   SMP_MODEL_ENCRYPTION_ONLY,  SMP_MODEL_ENCRYPTION_ONLY,    SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */
37        {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF,  SMP_MODEL_PASSKEY,   SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}}, /* keyboard display */
38    /* responder */
39    {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY,   SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY,    SMP_MODEL_KEY_NOTIF}, /* Display Only */
40        {SMP_MODEL_ENCRYPTION_ONLY,  SMP_MODEL_ENCRYPTION_ONLY,   SMP_MODEL_KEY_NOTIF,   SMP_MODEL_ENCRYPTION_ONLY,    SMP_MODEL_KEY_NOTIF}, /* SMP_CAP_IO = 1 */
41        {SMP_MODEL_PASSKEY,   SMP_MODEL_PASSKEY,    SMP_MODEL_PASSKEY,   SMP_MODEL_ENCRYPTION_ONLY,    SMP_MODEL_PASSKEY}, /* keyboard only */
42        {SMP_MODEL_ENCRYPTION_ONLY,  SMP_MODEL_ENCRYPTION_ONLY,   SMP_MODEL_ENCRYPTION_ONLY,  SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY},/* No Input No Output */
43        {SMP_MODEL_PASSKEY,   SMP_MODEL_PASSKEY,    SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}} /* keyboard display */
44    /* display only */    /*SMP_CAP_IO = 1 */  /* keyboard only */   /* No InputOutput */  /* keyboard display */
45};
46
47#define SMP_KEY_DIST_TYPE_MAX       4
48const tSMP_ACT smp_distribute_act [] =
49{
50    smp_generate_ltk,
51    smp_send_id_info,
52    smp_generate_csrk,
53    smp_set_derive_link_key
54};
55
56static bool lmp_version_below(BD_ADDR bda, uint8_t version)
57{
58    tACL_CONN *acl = btm_bda_to_acl(bda, BT_TRANSPORT_LE);
59    if (acl == NULL || acl->lmp_version == 0)
60    {
61        SMP_TRACE_WARNING("%s cannot retrieve LMP version...", __func__);
62        return false;
63    }
64    SMP_TRACE_WARNING("%s LMP version %d < %d", __func__, acl->lmp_version, version);
65    return acl->lmp_version < version;
66}
67
68static bool pts_test_send_authentication_complete_failure(tSMP_CB *p_cb)
69{
70    uint8_t reason = 0;
71
72    if (p_cb->cert_failure < 2 || p_cb->cert_failure > 6)
73        return false;
74
75    SMP_TRACE_ERROR("%s failure case = %d", __func__, p_cb->cert_failure);
76
77    switch (p_cb->cert_failure)
78    {
79        case 2:
80            reason = SMP_PAIR_AUTH_FAIL;
81            smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
82            break;
83        case 3:
84            reason = SMP_PAIR_FAIL_UNKNOWN;
85            smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
86            break;
87        case 4:
88            reason = SMP_PAIR_NOT_SUPPORT;
89            smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
90            break;
91        case 5:
92            reason = SMP_PASSKEY_ENTRY_FAIL;
93            smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
94            break;
95        case 6:
96            reason = SMP_REPEATED_ATTEMPTS;
97            smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
98            break;
99    }
100
101    return true;;
102}
103
104/*******************************************************************************
105** Function         smp_update_key_mask
106** Description      This function updates the key mask for sending or receiving.
107*******************************************************************************/
108static void smp_update_key_mask (tSMP_CB *p_cb, UINT8 key_type, BOOLEAN recv)
109{
110    SMP_TRACE_DEBUG("%s before update role=%d recv=%d local_i_key = %02x, local_r_key = %02x",
111        __func__, p_cb->role, recv, p_cb->local_i_key, p_cb->local_r_key);
112
113    if (((p_cb->le_secure_connections_mode_is_used) ||
114        (p_cb->smp_over_br)) &&
115        ((key_type == SMP_SEC_KEY_TYPE_ENC) || (key_type == SMP_SEC_KEY_TYPE_LK)))
116    {
117        /* in LE SC mode LTK, CSRK and BR/EDR LK are derived locally instead of
118        ** being exchanged with the peer */
119        p_cb->local_i_key &= ~key_type;
120        p_cb->local_r_key &= ~key_type;
121    }
122    else
123    if (p_cb->role == HCI_ROLE_SLAVE)
124    {
125        if (recv)
126            p_cb->local_i_key &= ~key_type;
127        else
128            p_cb->local_r_key &= ~key_type;
129    }
130    else
131    {
132        if (recv)
133            p_cb->local_r_key &= ~key_type;
134        else
135            p_cb->local_i_key &= ~key_type;
136    }
137
138    SMP_TRACE_DEBUG("updated local_i_key = %02x, local_r_key = %02x", p_cb->local_i_key,
139                      p_cb->local_r_key);
140}
141
142/*******************************************************************************
143** Function     smp_send_app_cback
144** Description  notifies application about the events the application is interested in
145*******************************************************************************/
146void smp_send_app_cback(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
147{
148    tSMP_EVT_DATA   cb_data;
149    tSMP_STATUS callback_rc;
150    SMP_TRACE_DEBUG("%s p_cb->cb_evt=%d", __func__, p_cb->cb_evt);
151    if (p_cb->p_callback && p_cb->cb_evt != 0)
152    {
153        switch (p_cb->cb_evt)
154        {
155            case SMP_IO_CAP_REQ_EVT:
156                cb_data.io_req.auth_req = p_cb->peer_auth_req;
157                cb_data.io_req.oob_data = SMP_OOB_NONE;
158                cb_data.io_req.io_cap = SMP_DEFAULT_IO_CAPS;
159                cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
160                cb_data.io_req.init_keys = p_cb->local_i_key ;
161                cb_data.io_req.resp_keys = p_cb->local_r_key ;
162                SMP_TRACE_WARNING ( "io_cap = %d",cb_data.io_req.io_cap);
163                break;
164
165            case SMP_NC_REQ_EVT:
166                cb_data.passkey = p_data->passkey;
167                break;
168            case SMP_SC_OOB_REQ_EVT:
169                cb_data.req_oob_type = p_data->req_oob_type;
170                break;
171            case SMP_SC_LOC_OOB_DATA_UP_EVT:
172                cb_data.loc_oob_data = p_cb->sc_oob_data.loc_oob_data;
173                break;
174
175            case SMP_BR_KEYS_REQ_EVT:
176                cb_data.io_req.auth_req = 0;
177                cb_data.io_req.oob_data = SMP_OOB_NONE;
178                cb_data.io_req.io_cap = 0;
179                cb_data.io_req.max_key_size = SMP_MAX_ENC_KEY_SIZE;
180                cb_data.io_req.init_keys = SMP_BR_SEC_DEFAULT_KEY;
181                cb_data.io_req.resp_keys = SMP_BR_SEC_DEFAULT_KEY;
182                break;
183
184            default:
185                break;
186        }
187
188        callback_rc = (*p_cb->p_callback)(p_cb->cb_evt, p_cb->pairing_bda, &cb_data);
189
190        SMP_TRACE_DEBUG("callback_rc=%d  p_cb->cb_evt=%d",callback_rc, p_cb->cb_evt );
191
192        if (callback_rc == SMP_SUCCESS)
193        {
194            switch (p_cb->cb_evt)
195            {
196                case SMP_IO_CAP_REQ_EVT:
197                    p_cb->loc_auth_req   = cb_data.io_req.auth_req;
198                    p_cb->local_io_capability  = cb_data.io_req.io_cap;
199                    p_cb->loc_oob_flag = cb_data.io_req.oob_data;
200                    p_cb->loc_enc_size = cb_data.io_req.max_key_size;
201                    p_cb->local_i_key = cb_data.io_req.init_keys;
202                    p_cb->local_r_key = cb_data.io_req.resp_keys;
203
204                    if (!(p_cb->loc_auth_req & SMP_AUTH_BOND))
205                    {
206                        SMP_TRACE_WARNING ("Non bonding: No keys will be exchanged");
207                        p_cb->local_i_key = 0;
208                        p_cb->local_r_key = 0;
209                    }
210
211                    SMP_TRACE_WARNING ( "rcvd auth_req: 0x%02x, io_cap: %d \
212                        loc_oob_flag: %d loc_enc_size: %d,"
213                        "local_i_key: 0x%02x, local_r_key: 0x%02x",
214                        p_cb->loc_auth_req, p_cb->local_io_capability, p_cb->loc_oob_flag,
215                        p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key);
216
217                    p_cb->secure_connections_only_mode_required =
218                        (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE;
219
220                    if (p_cb->secure_connections_only_mode_required)
221                    {
222                        p_cb->loc_auth_req |= SMP_SC_SUPPORT_BIT;
223                    }
224
225                    if (!(p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT)
226                        || lmp_version_below(p_cb->pairing_bda, HCI_PROTO_VERSION_4_2)
227                        || interop_match_addr(INTEROP_DISABLE_LE_SECURE_CONNECTIONS,
228                            (const bt_bdaddr_t *)&p_cb->pairing_bda))
229                    {
230                        p_cb->loc_auth_req &= ~SMP_KP_SUPPORT_BIT;
231                        p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
232                        p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
233                    }
234
235                    SMP_TRACE_WARNING("set auth_req: 0x%02x, local_i_key: 0x%02x, local_r_key: 0x%02x",
236                        p_cb->loc_auth_req, p_cb->local_i_key, p_cb->local_r_key);
237
238                    smp_sm_event(p_cb, SMP_IO_RSP_EVT, NULL);
239                    break;
240
241                case SMP_BR_KEYS_REQ_EVT:
242                    p_cb->loc_enc_size = cb_data.io_req.max_key_size;
243                    p_cb->local_i_key = cb_data.io_req.init_keys;
244                    p_cb->local_r_key = cb_data.io_req.resp_keys;
245
246                    p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
247                    p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
248
249                    SMP_TRACE_WARNING ( "for SMP over BR max_key_size: 0x%02x,\
250                        local_i_key: 0x%02x, local_r_key: 0x%02x",
251                        p_cb->loc_enc_size, p_cb->local_i_key, p_cb->local_r_key);
252
253                    smp_br_state_machine_event(p_cb, SMP_BR_KEYS_RSP_EVT, NULL);
254                    break;
255            }
256        }
257    }
258
259    if (!p_cb->cb_evt && p_cb->discard_sec_req)
260    {
261        p_cb->discard_sec_req = FALSE;
262        smp_sm_event(p_cb, SMP_DISCARD_SEC_REQ_EVT, NULL);
263    }
264
265    SMP_TRACE_DEBUG("%s return", __func__);
266}
267
268/*******************************************************************************
269** Function     smp_send_pair_fail
270** Description  pairing failure to peer device if needed.
271*******************************************************************************/
272void smp_send_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
273{
274    p_cb->status = *(UINT8 *)p_data;
275    p_cb->failure = *(UINT8 *)p_data;
276
277    SMP_TRACE_DEBUG("%s status=%d failure=%d ", __func__, p_cb->status, p_cb->failure);
278
279    if (p_cb->status <= SMP_MAX_FAIL_RSN_PER_SPEC && p_cb->status != SMP_SUCCESS)
280    {
281        smp_send_cmd(SMP_OPCODE_PAIRING_FAILED, p_cb);
282        p_cb->wait_for_authorization_complete = TRUE;
283    }
284}
285
286/*******************************************************************************
287** Function     smp_send_pair_req
288** Description  actions related to sending pairing request
289*******************************************************************************/
290void smp_send_pair_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
291{
292    tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
293    SMP_TRACE_DEBUG("%s", __func__);
294
295    /* erase all keys when master sends pairing req*/
296    if (p_dev_rec)
297        btm_sec_clear_ble_keys(p_dev_rec);
298    /* do not manipulate the key, let app decide,
299       leave out to BTM to mandate key distribution for bonding case */
300    smp_send_cmd(SMP_OPCODE_PAIRING_REQ, p_cb);
301}
302
303/*******************************************************************************
304** Function     smp_send_pair_rsp
305** Description  actions related to sending pairing response
306*******************************************************************************/
307void smp_send_pair_rsp(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
308{
309    SMP_TRACE_DEBUG("%s", __func__);
310
311    p_cb->local_i_key &= p_cb->peer_i_key;
312    p_cb->local_r_key &= p_cb->peer_r_key;
313
314    if (smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb))
315    {
316        if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
317            smp_use_oob_private_key(p_cb, NULL);
318        else
319            smp_decide_association_model(p_cb, NULL);
320    }
321}
322
323/*******************************************************************************
324** Function     smp_send_confirm
325** Description  send confirmation to the peer
326*******************************************************************************/
327void smp_send_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
328{
329    SMP_TRACE_DEBUG("%s", __func__);
330    smp_send_cmd(SMP_OPCODE_CONFIRM, p_cb);
331}
332
333/*******************************************************************************
334** Function     smp_send_init
335** Description  process pairing initializer to slave device
336*******************************************************************************/
337void smp_send_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
338{
339    SMP_TRACE_DEBUG("%s", __func__);
340    smp_send_cmd(SMP_OPCODE_INIT, p_cb);
341}
342
343/*******************************************************************************
344** Function     smp_send_rand
345** Description  send pairing random to the peer
346*******************************************************************************/
347void smp_send_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
348{
349    SMP_TRACE_DEBUG("%s", __func__);
350    smp_send_cmd(SMP_OPCODE_RAND, p_cb);
351}
352
353/*******************************************************************************
354** Function     smp_send_pair_public_key
355** Description  send pairing public key command to the peer
356*******************************************************************************/
357void smp_send_pair_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
358{
359    SMP_TRACE_DEBUG("%s", __func__);
360    smp_send_cmd(SMP_OPCODE_PAIR_PUBLIC_KEY, p_cb);
361}
362
363/*******************************************************************************
364** Function     SMP_SEND_COMMITMENT
365** Description send commitment command to the peer
366*******************************************************************************/
367void smp_send_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
368{
369    SMP_TRACE_DEBUG("%s", __func__);
370    smp_send_cmd(SMP_OPCODE_PAIR_COMMITM, p_cb);
371}
372
373/*******************************************************************************
374** Function     smp_send_dhkey_check
375** Description send DHKey Check command to the peer
376*******************************************************************************/
377void smp_send_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
378{
379    SMP_TRACE_DEBUG("%s", __func__);
380    smp_send_cmd(SMP_OPCODE_PAIR_DHKEY_CHECK, p_cb);
381}
382
383/*******************************************************************************
384** Function     smp_send_keypress_notification
385** Description send Keypress Notification command to the peer
386*******************************************************************************/
387void smp_send_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
388{
389    p_cb->local_keypress_notification = *(UINT8 *) p_data;
390    smp_send_cmd(SMP_OPCODE_PAIR_KEYPR_NOTIF, p_cb);
391}
392
393/*******************************************************************************
394** Function     smp_send_enc_info
395** Description  send encryption information command.
396*******************************************************************************/
397void smp_send_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
398{
399    tBTM_LE_LENC_KEYS   le_key;
400
401    SMP_TRACE_DEBUG("%s p_cb->loc_enc_size = %d", __func__, p_cb->loc_enc_size);
402    smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
403
404    smp_send_cmd(SMP_OPCODE_ENCRYPT_INFO, p_cb);
405    smp_send_cmd(SMP_OPCODE_MASTER_ID, p_cb);
406
407    /* save the DIV and key size information when acting as slave device */
408    memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
409    le_key.div =  p_cb->div;
410    le_key.key_size = p_cb->loc_enc_size;
411    le_key.sec_level = p_cb->sec_level;
412
413    if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
414        btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LENC,
415                            (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
416
417    SMP_TRACE_WARNING ("%s", __func__);
418
419    smp_key_distribution(p_cb, NULL);
420}
421
422/*******************************************************************************
423** Function     smp_send_id_info
424** Description  send ID information command.
425*******************************************************************************/
426void smp_send_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
427{
428    tBTM_LE_KEY_VALUE   le_key;
429    SMP_TRACE_DEBUG("%s", __func__);
430    smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, FALSE);
431
432    smp_send_cmd(SMP_OPCODE_IDENTITY_INFO, p_cb);
433    smp_send_cmd(SMP_OPCODE_ID_ADDR, p_cb);
434
435    if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
436        btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LID,
437                            &le_key, TRUE);
438
439    SMP_TRACE_WARNING ("%s", __func__);
440    smp_key_distribution_by_transport(p_cb, NULL);
441}
442
443/*******************************************************************************
444** Function     smp_send_csrk_info
445** Description  send CSRK command.
446*******************************************************************************/
447void smp_send_csrk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
448{
449    tBTM_LE_LCSRK_KEYS  key;
450    SMP_TRACE_DEBUG("%s", __func__);
451    smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, FALSE);
452
453    if (smp_send_cmd(SMP_OPCODE_SIGN_INFO, p_cb))
454    {
455        key.div = p_cb->div;
456        key.sec_level = p_cb->sec_level;
457        key.counter = 0; /* initialize the local counter */
458        memcpy (key.csrk, p_cb->csrk, BT_OCTET16_LEN);
459        btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LCSRK, (tBTM_LE_KEY_VALUE *)&key, TRUE);
460    }
461
462    smp_key_distribution_by_transport(p_cb, NULL);
463}
464
465/*******************************************************************************
466** Function     smp_send_ltk_reply
467** Description  send LTK reply
468*******************************************************************************/
469void smp_send_ltk_reply(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
470{
471    SMP_TRACE_DEBUG("%s", __func__);
472    /* send stk as LTK response */
473    btm_ble_ltk_request_reply(p_cb->pairing_bda, TRUE, p_data->key.p_data);
474}
475
476/*******************************************************************************
477** Function     smp_proc_sec_req
478** Description  process security request.
479*******************************************************************************/
480void smp_proc_sec_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
481{
482    tBTM_LE_AUTH_REQ auth_req = *(tBTM_LE_AUTH_REQ *)p_data;
483    tBTM_BLE_SEC_REQ_ACT sec_req_act;
484    UINT8 reason;
485
486    SMP_TRACE_DEBUG("%s auth_req=0x%x", __func__, auth_req);
487
488    p_cb->cb_evt = 0;
489
490    btm_ble_link_sec_check(p_cb->pairing_bda, auth_req,  &sec_req_act);
491
492    SMP_TRACE_DEBUG("%s sec_req_act=0x%x", __func__, sec_req_act);
493
494    switch (sec_req_act)
495    {
496        case  BTM_BLE_SEC_REQ_ACT_ENCRYPT:
497            SMP_TRACE_DEBUG("%s BTM_BLE_SEC_REQ_ACT_ENCRYPT", __func__);
498            smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
499            break;
500
501        case BTM_BLE_SEC_REQ_ACT_PAIR:
502            p_cb->secure_connections_only_mode_required =
503                    (btm_cb.security_mode == BTM_SEC_MODE_SC) ? TRUE : FALSE;
504
505            /* respond to non SC pairing request as failure in SC only mode */
506            if (p_cb->secure_connections_only_mode_required &&
507                (auth_req & SMP_SC_SUPPORT_BIT) == 0)
508            {
509                reason = SMP_PAIR_AUTH_FAIL;
510                smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
511            }
512            else
513            {
514                /* initialize local i/r key to be default keys */
515                p_cb->peer_auth_req = auth_req;
516                p_cb->local_r_key = p_cb->local_i_key = SMP_SEC_DEFAULT_KEY ;
517                p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
518            }
519            break;
520
521        case BTM_BLE_SEC_REQ_ACT_DISCARD:
522            p_cb->discard_sec_req = TRUE;
523            break;
524
525        default:
526            /* do nothing */
527            break;
528    }
529}
530
531/*******************************************************************************
532** Function     smp_proc_sec_grant
533** Description  process security grant.
534*******************************************************************************/
535void smp_proc_sec_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
536{
537    UINT8 res= *(UINT8 *)p_data;
538    SMP_TRACE_DEBUG("%s", __func__);
539    if (res != SMP_SUCCESS)
540    {
541        smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, p_data);
542    }
543    else /*otherwise, start pairing */
544    {
545        /* send IO request callback */
546        p_cb->cb_evt = SMP_IO_CAP_REQ_EVT;
547    }
548}
549
550/*******************************************************************************
551** Function     smp_proc_pair_fail
552** Description  process pairing failure from peer device
553*******************************************************************************/
554void smp_proc_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
555{
556    SMP_TRACE_DEBUG("%s", __func__);
557    p_cb->status = *(UINT8 *)p_data;
558
559    /* Cancel pending auth complete timer if set */
560    alarm_cancel(p_cb->delayed_auth_timer_ent);
561}
562
563/*******************************************************************************
564** Function     smp_proc_pair_cmd
565** Description  Process the SMP pairing request/response from peer device
566*******************************************************************************/
567void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
568{
569    UINT8   *p = (UINT8 *)p_data;
570    UINT8   reason = SMP_ENC_KEY_SIZE;
571    tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
572
573    SMP_TRACE_DEBUG("%s", __func__);
574    /* erase all keys if it is slave proc pairing req*/
575    if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
576        btm_sec_clear_ble_keys(p_dev_rec);
577
578    p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
579
580    STREAM_TO_UINT8(p_cb->peer_io_caps, p);
581    STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
582    STREAM_TO_UINT8(p_cb->peer_auth_req, p);
583    STREAM_TO_UINT8(p_cb->peer_enc_size, p);
584    STREAM_TO_UINT8(p_cb->peer_i_key, p);
585    STREAM_TO_UINT8(p_cb->peer_r_key, p);
586
587    if (smp_command_has_invalid_parameters(p_cb))
588    {
589        reason = SMP_INVALID_PARAMETERS;
590        smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
591        return;
592    }
593
594    // PTS Testing failure modes
595    if (pts_test_send_authentication_complete_failure(p_cb))
596        return;
597
598    if (p_cb->role == HCI_ROLE_SLAVE)
599    {
600        if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD))
601        {
602            /* peer (master) started pairing sending Pairing Request */
603            p_cb->local_i_key = p_cb->peer_i_key;
604            p_cb->local_r_key = p_cb->peer_r_key;
605
606            p_cb->cb_evt = SMP_SEC_REQUEST_EVT;
607        }
608        else /* update local i/r key according to pairing request */
609        {
610            /* pairing started with this side (slave) sending Security Request */
611            p_cb->local_i_key &= p_cb->peer_i_key;
612            p_cb->local_r_key &= p_cb->peer_r_key;
613            p_cb->selected_association_model = smp_select_association_model(p_cb);
614
615            if (p_cb->secure_connections_only_mode_required &&
616                (!(p_cb->le_secure_connections_mode_is_used) ||
617               (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
618            {
619                SMP_TRACE_ERROR("%s pairing failed - slave requires secure connection only mode",
620                    __func__);
621                reason = SMP_PAIR_AUTH_FAIL;
622                smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
623                return;
624            }
625
626            if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
627            {
628                if (smp_request_oob_data(p_cb)) return;
629            }
630            else
631            {
632                smp_send_pair_rsp(p_cb, NULL);
633            }
634        }
635    }
636    else /* Master receives pairing response */
637    {
638        p_cb->selected_association_model = smp_select_association_model(p_cb);
639
640        if (p_cb->secure_connections_only_mode_required &&
641            (!(p_cb->le_secure_connections_mode_is_used) ||
642           (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
643        {
644            SMP_TRACE_ERROR ("Master requires secure connection only mode \
645                but it can't be provided -> Master fails pairing");
646            reason = SMP_PAIR_AUTH_FAIL;
647            smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
648            return;
649        }
650
651        if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
652        {
653            if (smp_request_oob_data(p_cb)) return;
654        }
655        else
656        {
657            smp_decide_association_model(p_cb, NULL);
658        }
659    }
660}
661
662/*******************************************************************************
663** Function     smp_proc_confirm
664** Description  process pairing confirm from peer device
665*******************************************************************************/
666void smp_proc_confirm(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
667{
668    UINT8 *p = (UINT8 *)p_data;
669    UINT8 reason = SMP_INVALID_PARAMETERS;
670
671    SMP_TRACE_DEBUG("%s", __func__);
672
673    if (smp_command_has_invalid_parameters(p_cb))
674    {
675        smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
676        return;
677    }
678
679    if (p != NULL)
680    {
681        /* save the SConfirm for comparison later */
682        STREAM_TO_ARRAY(p_cb->rconfirm, p, BT_OCTET16_LEN);
683    }
684
685    p_cb->flags |= SMP_PAIR_FLAGS_CMD_CONFIRM;
686}
687
688/*******************************************************************************
689** Function     smp_proc_init
690** Description  process pairing initializer from peer device
691*******************************************************************************/
692void smp_proc_init(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
693{
694    UINT8 *p = (UINT8 *)p_data;
695    UINT8 reason = SMP_INVALID_PARAMETERS;
696
697    SMP_TRACE_DEBUG("%s", __func__);
698
699    if (smp_command_has_invalid_parameters(p_cb))
700    {
701        smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
702        return;
703    }
704
705    /* save the SRand for comparison */
706    STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
707}
708
709/*******************************************************************************
710** Function     smp_proc_rand
711** Description  process pairing random (nonce) from peer device
712*******************************************************************************/
713void smp_proc_rand(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
714{
715    UINT8 *p = (UINT8 *)p_data;
716    UINT8 reason = SMP_INVALID_PARAMETERS;
717
718    SMP_TRACE_DEBUG("%s", __func__);
719
720    if (smp_command_has_invalid_parameters(p_cb))
721    {
722        smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
723        return;
724    }
725
726    /* save the SRand for comparison */
727    STREAM_TO_ARRAY(p_cb->rrand, p, BT_OCTET16_LEN);
728}
729
730/*******************************************************************************
731** Function     smp_process_pairing_public_key
732** Description  process pairing public key command from the peer device
733**              - saves the peer public key;
734**              - sets the flag indicating that the peer public key is received;
735**              - calls smp_wait_for_both_public_keys(...).
736**
737*******************************************************************************/
738void smp_process_pairing_public_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
739{
740    UINT8 *p = (UINT8 *)p_data;
741    UINT8 reason = SMP_INVALID_PARAMETERS;
742
743    SMP_TRACE_DEBUG("%s", __func__);
744
745    if (smp_command_has_invalid_parameters(p_cb))
746    {
747        smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
748        return;
749    }
750
751    STREAM_TO_ARRAY(p_cb->peer_publ_key.x, p, BT_OCTET32_LEN);
752    STREAM_TO_ARRAY(p_cb->peer_publ_key.y, p, BT_OCTET32_LEN);
753    p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY;
754
755    smp_wait_for_both_public_keys(p_cb, NULL);
756}
757
758/*******************************************************************************
759** Function     smp_process_pairing_commitment
760** Description  process pairing commitment from peer device
761*******************************************************************************/
762void smp_process_pairing_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
763{
764    UINT8 *p = (UINT8 *)p_data;
765    UINT8 reason = SMP_INVALID_PARAMETERS;
766
767    SMP_TRACE_DEBUG("%s", __func__);
768
769    if (smp_command_has_invalid_parameters(p_cb))
770    {
771        smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
772        return;
773    }
774
775    p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_COMM;
776
777    if (p != NULL)
778    {
779        STREAM_TO_ARRAY(p_cb->remote_commitment, p, BT_OCTET16_LEN);
780    }
781}
782
783/*******************************************************************************
784** Function     smp_process_dhkey_check
785** Description  process DHKey Check from peer device
786*******************************************************************************/
787void smp_process_dhkey_check(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
788{
789    UINT8 *p = (UINT8 *)p_data;
790    UINT8 reason = SMP_INVALID_PARAMETERS;
791
792    SMP_TRACE_DEBUG("%s", __func__);
793
794    if (smp_command_has_invalid_parameters(p_cb))
795    {
796        smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
797        return;
798    }
799
800    if (p != NULL)
801    {
802        STREAM_TO_ARRAY(p_cb->remote_dhkey_check, p, BT_OCTET16_LEN);
803    }
804
805    p_cb->flags |= SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK;
806}
807
808/*******************************************************************************
809** Function     smp_process_keypress_notification
810** Description  process pairing keypress notification from peer device
811*******************************************************************************/
812void smp_process_keypress_notification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
813{
814    UINT8 *p = (UINT8 *)p_data;
815    UINT8 reason = SMP_INVALID_PARAMETERS;
816
817    SMP_TRACE_DEBUG("%s", __func__);
818    p_cb->status = *(UINT8 *)p_data;
819
820    if (smp_command_has_invalid_parameters(p_cb))
821    {
822        smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
823        return;
824    }
825
826    if (p != NULL)
827    {
828        STREAM_TO_UINT8(p_cb->peer_keypress_notification, p);
829    }
830    else
831    {
832        p_cb->peer_keypress_notification = BTM_SP_KEY_OUT_OF_RANGE;
833    }
834    p_cb->cb_evt = SMP_PEER_KEYPR_NOT_EVT;
835}
836
837/*******************************************************************************
838** Function     smp_br_process_pairing_command
839** Description  Process the SMP pairing request/response from peer device via
840**              BR/EDR transport.
841*******************************************************************************/
842void smp_br_process_pairing_command(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
843{
844    UINT8   *p = (UINT8 *)p_data;
845    UINT8   reason = SMP_ENC_KEY_SIZE;
846    tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (p_cb->pairing_bda);
847
848    SMP_TRACE_DEBUG("%s", __func__);
849    /* rejecting BR pairing request over non-SC BR link */
850    if (!p_dev_rec->new_encryption_key_is_p256 && p_cb->role == HCI_ROLE_SLAVE)
851    {
852        reason = SMP_XTRANS_DERIVE_NOT_ALLOW;
853        smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
854        return;
855    }
856
857    /* erase all keys if it is slave proc pairing req*/
858    if (p_dev_rec && (p_cb->role == HCI_ROLE_SLAVE))
859        btm_sec_clear_ble_keys(p_dev_rec);
860
861    p_cb->flags |= SMP_PAIR_FLAG_ENC_AFTER_PAIR;
862
863    STREAM_TO_UINT8(p_cb->peer_io_caps, p);
864    STREAM_TO_UINT8(p_cb->peer_oob_flag, p);
865    STREAM_TO_UINT8(p_cb->peer_auth_req, p);
866    STREAM_TO_UINT8(p_cb->peer_enc_size, p);
867    STREAM_TO_UINT8(p_cb->peer_i_key, p);
868    STREAM_TO_UINT8(p_cb->peer_r_key, p);
869
870    if (smp_command_has_invalid_parameters(p_cb))
871    {
872        reason = SMP_INVALID_PARAMETERS;
873        smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
874        return;
875    }
876
877    /* peer (master) started pairing sending Pairing Request */
878    /* or being master device always use received i/r key as keys to distribute */
879    p_cb->local_i_key = p_cb->peer_i_key;
880    p_cb->local_r_key = p_cb->peer_r_key;
881
882    if (p_cb->role == HCI_ROLE_SLAVE)
883    {
884        p_dev_rec->new_encryption_key_is_p256 = FALSE;
885        /* shortcut to skip Security Grant step */
886        p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
887    }
888    else /* Master receives pairing response */
889    {
890        SMP_TRACE_DEBUG("%s master rcvs valid PAIRING RESPONSE."
891                          " Supposed to move to key distribution phase. ", __func__);
892    }
893
894    /* auth_req received via BR/EDR SM channel is set to 0,
895       but everything derived/exchanged has to be saved */
896    p_cb->peer_auth_req |= SMP_AUTH_BOND;
897    p_cb->loc_auth_req |= SMP_AUTH_BOND;
898}
899
900/*******************************************************************************
901** Function     smp_br_process_security_grant
902** Description  process security grant in case of pairing over BR/EDR transport.
903*******************************************************************************/
904void smp_br_process_security_grant(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
905{
906    UINT8 res= *(UINT8 *)p_data;
907    SMP_TRACE_DEBUG("%s", __func__);
908    if (res != SMP_SUCCESS)
909    {
910        smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, p_data);
911    }
912    else /*otherwise, start pairing */
913    {
914        /* send IO request callback */
915        p_cb->cb_evt = SMP_BR_KEYS_REQ_EVT;
916    }
917}
918
919/*******************************************************************************
920** Function     smp_br_check_authorization_request
921** Description  sets the SMP kes to be derived/distribute over BR/EDR transport
922**              before starting the distribution/derivation
923*******************************************************************************/
924void smp_br_check_authorization_request(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
925{
926    UINT8 reason = SMP_SUCCESS;
927
928    SMP_TRACE_DEBUG("%s rcvs i_keys=0x%x r_keys=0x%x "
929                      "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key,
930                      p_cb->local_r_key);
931
932    /* In LE SC mode LK field is ignored when BR/EDR transport is used */
933    p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
934    p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
935
936    /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
937    ** Set local_r_key on master to expect only these keys. */
938    if (p_cb->role == HCI_ROLE_MASTER)
939    {
940        p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
941    }
942
943    SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x "
944                      "(i-initiator r-responder)", __FUNCTION__, p_cb->local_i_key,
945                      p_cb->local_r_key);
946
947    if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
948            (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
949        (p_cb->local_i_key || p_cb->local_r_key))
950    {
951        smp_br_state_machine_event(p_cb, SMP_BR_BOND_REQ_EVT, NULL);
952
953        /* if no peer key is expected, start master key distribution */
954        if (p_cb->role == HCI_ROLE_MASTER && p_cb->local_r_key == 0)
955            smp_key_distribution_by_transport(p_cb, NULL);
956    }
957    else
958    {
959        smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
960    }
961}
962
963/*******************************************************************************
964** Function     smp_br_select_next_key
965** Description  selects the next key to derive/send when BR/EDR transport is
966**              used.
967*******************************************************************************/
968void smp_br_select_next_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
969{
970    UINT8   reason = SMP_SUCCESS;
971    SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x",
972                       __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
973
974    if (p_cb->role == HCI_ROLE_SLAVE||
975        (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER))
976    {
977        smp_key_pick_key(p_cb, p_data);
978    }
979
980    if (!p_cb->local_i_key && !p_cb->local_r_key)
981    {
982        /* state check to prevent re-entrance */
983        if (smp_get_br_state() == SMP_BR_STATE_BOND_PENDING)
984        {
985            if (p_cb->total_tx_unacked == 0)
986                smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &reason);
987            else
988                p_cb->wait_for_authorization_complete = TRUE;
989        }
990    }
991}
992
993/*******************************************************************************
994** Function     smp_proc_enc_info
995** Description  process encryption information from peer device
996*******************************************************************************/
997void smp_proc_enc_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
998{
999    UINT8   *p = (UINT8 *)p_data;
1000
1001    SMP_TRACE_DEBUG("%s", __func__);
1002    STREAM_TO_ARRAY(p_cb->ltk, p, BT_OCTET16_LEN);
1003
1004    smp_key_distribution(p_cb, NULL);
1005}
1006/*******************************************************************************
1007** Function     smp_proc_master_id
1008** Description  process master ID from slave device
1009*******************************************************************************/
1010void smp_proc_master_id(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1011{
1012    UINT8   *p = (UINT8 *)p_data;
1013    tBTM_LE_PENC_KEYS   le_key;
1014
1015    SMP_TRACE_DEBUG("%s", __func__);
1016    smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, TRUE);
1017
1018    STREAM_TO_UINT16(le_key.ediv, p);
1019    STREAM_TO_ARRAY(le_key.rand, p, BT_OCTET8_LEN );
1020
1021    /* store the encryption keys from peer device */
1022    memcpy(le_key.ltk, p_cb->ltk, BT_OCTET16_LEN);
1023    le_key.sec_level = p_cb->sec_level;
1024    le_key.key_size  = p_cb->loc_enc_size;
1025
1026    if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
1027        btm_sec_save_le_key(p_cb->pairing_bda,
1028                            BTM_LE_KEY_PENC,
1029                            (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
1030
1031    smp_key_distribution(p_cb, NULL);
1032}
1033
1034/*******************************************************************************
1035** Function     smp_proc_enc_info
1036** Description  process identity information from peer device
1037*******************************************************************************/
1038void smp_proc_id_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1039{
1040    UINT8   *p = (UINT8 *)p_data;
1041
1042    SMP_TRACE_DEBUG("%s", __func__);
1043    STREAM_TO_ARRAY (p_cb->tk, p, BT_OCTET16_LEN);   /* reuse TK for IRK */
1044    smp_key_distribution_by_transport(p_cb, NULL);
1045}
1046
1047/*******************************************************************************
1048** Function     smp_proc_id_addr
1049** Description  process identity address from peer device
1050*******************************************************************************/
1051void smp_proc_id_addr(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1052{
1053    UINT8   *p = (UINT8 *)p_data;
1054    tBTM_LE_PID_KEYS    pid_key;
1055
1056    SMP_TRACE_DEBUG("%s", __func__);
1057    smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ID, TRUE);
1058
1059    STREAM_TO_UINT8(pid_key.addr_type, p);
1060    STREAM_TO_BDADDR(pid_key.static_addr, p);
1061    memcpy(pid_key.irk, p_cb->tk, BT_OCTET16_LEN);
1062
1063    /* to use as BD_ADDR for lk derived from ltk */
1064    p_cb->id_addr_rcvd = TRUE;
1065    p_cb->id_addr_type = pid_key.addr_type;
1066    memcpy(p_cb->id_addr, pid_key.static_addr, BD_ADDR_LEN);
1067
1068    /* store the ID key from peer device */
1069    if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
1070        btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PID,
1071                            (tBTM_LE_KEY_VALUE *)&pid_key, TRUE);
1072    smp_key_distribution_by_transport(p_cb, NULL);
1073}
1074
1075/*******************************************************************************
1076** Function     smp_proc_srk_info
1077** Description  process security information from peer device
1078*******************************************************************************/
1079void smp_proc_srk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1080{
1081    tBTM_LE_PCSRK_KEYS   le_key;
1082
1083    SMP_TRACE_DEBUG("%s", __func__);
1084    smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_CSRK, TRUE);
1085
1086    /* save CSRK to security record */
1087    le_key.sec_level = p_cb->sec_level;
1088    memcpy (le_key.csrk, p_data, BT_OCTET16_LEN);   /* get peer CSRK */
1089    le_key.counter = 0; /* initialize the peer counter */
1090
1091    if ((p_cb->peer_auth_req & SMP_AUTH_BOND) && (p_cb->loc_auth_req & SMP_AUTH_BOND))
1092        btm_sec_save_le_key(p_cb->pairing_bda,
1093                            BTM_LE_KEY_PCSRK,
1094                            (tBTM_LE_KEY_VALUE *)&le_key, TRUE);
1095    smp_key_distribution_by_transport(p_cb, NULL);
1096}
1097
1098/*******************************************************************************
1099** Function     smp_proc_compare
1100** Description  process compare value
1101*******************************************************************************/
1102void smp_proc_compare(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1103{
1104    UINT8   reason;
1105
1106    SMP_TRACE_DEBUG("%s", __func__);
1107    if (!memcmp(p_cb->rconfirm, p_data->key.p_data, BT_OCTET16_LEN))
1108    {
1109        /* compare the max encryption key size, and save the smaller one for the link */
1110        if ( p_cb->peer_enc_size < p_cb->loc_enc_size)
1111            p_cb->loc_enc_size = p_cb->peer_enc_size;
1112
1113        if (p_cb->role == HCI_ROLE_SLAVE)
1114            smp_sm_event(p_cb, SMP_RAND_EVT, NULL);
1115        else
1116        {
1117            /* master device always use received i/r key as keys to distribute */
1118            p_cb->local_i_key = p_cb->peer_i_key;
1119            p_cb->local_r_key = p_cb->peer_r_key;
1120
1121            smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1122        }
1123
1124    }
1125    else
1126    {
1127        reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1128        smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1129    }
1130}
1131
1132/*******************************************************************************
1133** Function     smp_proc_sl_key
1134** Description  process key ready events.
1135*******************************************************************************/
1136void smp_proc_sl_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1137{
1138    UINT8 key_type = p_data->key.key_type;
1139
1140    SMP_TRACE_DEBUG("%s", __func__);
1141    if (key_type == SMP_KEY_TYPE_TK)
1142    {
1143        smp_generate_srand_mrand_confirm(p_cb, NULL);
1144    }
1145    else if (key_type == SMP_KEY_TYPE_CFM)
1146    {
1147        smp_set_state(SMP_STATE_WAIT_CONFIRM);
1148
1149        if (p_cb->flags & SMP_PAIR_FLAGS_CMD_CONFIRM)
1150            smp_sm_event(p_cb, SMP_CONFIRM_EVT, NULL);
1151    }
1152}
1153
1154/*******************************************************************************
1155** Function     smp_start_enc
1156** Description  start encryption
1157*******************************************************************************/
1158void smp_start_enc(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1159{
1160    tBTM_STATUS cmd;
1161    UINT8 reason = SMP_ENC_FAIL;
1162
1163    SMP_TRACE_DEBUG("%s", __func__);
1164    if (p_data != NULL)
1165        cmd = btm_ble_start_encrypt(p_cb->pairing_bda, TRUE, p_data->key.p_data);
1166    else
1167        cmd = btm_ble_start_encrypt(p_cb->pairing_bda, FALSE, NULL);
1168
1169    if (cmd != BTM_CMD_STARTED && cmd != BTM_BUSY)
1170        smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1171}
1172
1173/*******************************************************************************
1174** Function     smp_proc_discard
1175** Description   processing for discard security request
1176*******************************************************************************/
1177void smp_proc_discard(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1178{
1179    SMP_TRACE_DEBUG("%s", __func__);
1180    if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD))
1181        smp_reset_control_value(p_cb);
1182}
1183
1184/*******************************************************************************
1185** Function     smp_enc_cmpl
1186** Description   encryption success
1187*******************************************************************************/
1188void smp_enc_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1189{
1190    UINT8 enc_enable = *(UINT8 *)p_data;
1191    UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1192
1193    SMP_TRACE_DEBUG("%s", __func__);
1194    smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1195}
1196
1197/*******************************************************************************
1198** Function     smp_check_auth_req
1199** Description  check authentication request
1200*******************************************************************************/
1201void smp_check_auth_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1202{
1203    UINT8 enc_enable = *(UINT8 *)p_data;
1204    UINT8 reason = enc_enable ? SMP_SUCCESS : SMP_ENC_FAIL;
1205
1206    SMP_TRACE_DEBUG("%s rcvs enc_enable=%d i_keys=0x%x r_keys=0x%x "
1207                      "(i-initiator r-responder)",
1208                      __func__, enc_enable, p_cb->local_i_key, p_cb->local_r_key);
1209    if (enc_enable == 1)
1210    {
1211        if (p_cb->le_secure_connections_mode_is_used)
1212        {
1213            /* In LE SC mode LTK is used instead of STK and has to be always saved */
1214            p_cb->local_i_key |= SMP_SEC_KEY_TYPE_ENC;
1215            p_cb->local_r_key |= SMP_SEC_KEY_TYPE_ENC;
1216
1217           /* In LE SC mode LK is derived from LTK only if both sides request it */
1218           if (!(p_cb->local_i_key & SMP_SEC_KEY_TYPE_LK) ||
1219               !(p_cb->local_r_key & SMP_SEC_KEY_TYPE_LK))
1220            {
1221                p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1222                p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1223            }
1224
1225            /* In LE SC mode only IRK, IAI, CSRK are exchanged with the peer.
1226            ** Set local_r_key on master to expect only these keys.
1227            */
1228            if (p_cb->role == HCI_ROLE_MASTER)
1229            {
1230                p_cb->local_r_key &= (SMP_SEC_KEY_TYPE_ID | SMP_SEC_KEY_TYPE_CSRK);
1231            }
1232        }
1233        else
1234        {
1235            /* in legacy mode derivation of BR/EDR LK is not supported */
1236            p_cb->local_i_key &= ~SMP_SEC_KEY_TYPE_LK;
1237            p_cb->local_r_key &= ~SMP_SEC_KEY_TYPE_LK;
1238        }
1239        SMP_TRACE_DEBUG("%s rcvs upgrades: i_keys=0x%x r_keys=0x%x "
1240                          "(i-initiator r-responder)",
1241                          __func__, p_cb->local_i_key, p_cb->local_r_key);
1242
1243        if (/*((p_cb->peer_auth_req & SMP_AUTH_BOND) ||
1244             (p_cb->loc_auth_req & SMP_AUTH_BOND)) &&*/
1245            (p_cb->local_i_key || p_cb->local_r_key))
1246        {
1247            smp_sm_event(p_cb, SMP_BOND_REQ_EVT, NULL);
1248        }
1249        else
1250            smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1251    }
1252    else if (enc_enable == 0)
1253    {
1254        /* if failed for encryption after pairing, send callback */
1255        if (p_cb->flags & SMP_PAIR_FLAG_ENC_AFTER_PAIR)
1256            smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1257        /* if enc failed for old security information */
1258        /* if master device, clean up and abck to idle; slave device do nothing */
1259        else if (p_cb->role == HCI_ROLE_MASTER)
1260        {
1261            smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1262        }
1263    }
1264}
1265
1266/*******************************************************************************
1267** Function     smp_key_pick_key
1268** Description  Pick a key distribution function based on the key mask.
1269*******************************************************************************/
1270void smp_key_pick_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1271{
1272    UINT8   key_to_dist = (p_cb->role == HCI_ROLE_SLAVE) ? p_cb->local_r_key : p_cb->local_i_key;
1273    UINT8   i = 0;
1274
1275    SMP_TRACE_DEBUG("%s key_to_dist=0x%x", __func__, key_to_dist);
1276    while (i < SMP_KEY_DIST_TYPE_MAX)
1277    {
1278        SMP_TRACE_DEBUG("key to send = %02x, i = %d",  key_to_dist, i);
1279
1280        if (key_to_dist & (1 << i))
1281        {
1282            SMP_TRACE_DEBUG("smp_distribute_act[%d]", i);
1283            (* smp_distribute_act[i])(p_cb, p_data);
1284            break;
1285        }
1286        i ++;
1287    }
1288}
1289/*******************************************************************************
1290** Function     smp_key_distribution
1291** Description  start key distribution if required.
1292*******************************************************************************/
1293void smp_key_distribution(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1294{
1295    SMP_TRACE_DEBUG("%s role=%d (0-master) r_keys=0x%x i_keys=0x%x",
1296                      __func__, p_cb->role, p_cb->local_r_key, p_cb->local_i_key);
1297
1298    if (p_cb->role == HCI_ROLE_SLAVE ||
1299       (!p_cb->local_r_key && p_cb->role == HCI_ROLE_MASTER))
1300    {
1301        smp_key_pick_key(p_cb, p_data);
1302    }
1303
1304    if (!p_cb->local_i_key && !p_cb->local_r_key)
1305    {
1306        /* state check to prevent re-entrant */
1307        if (smp_get_state() == SMP_STATE_BOND_PENDING)
1308        {
1309            if (p_cb->derive_lk)
1310            {
1311                smp_derive_link_key_from_long_term_key(p_cb, NULL);
1312                p_cb->derive_lk = FALSE;
1313            }
1314
1315            if (p_cb->total_tx_unacked == 0)
1316            {
1317                /*
1318                 * Instead of declaring authorization complete immediately,
1319                 * delay the event from being sent by SMP_DELAYED_AUTH_TIMEOUT_MS.
1320                 * This allows the slave to send over Pairing Failed if the
1321                 * last key is rejected.  During this waiting window, the
1322                 * state should remain in SMP_STATE_BOND_PENDING.
1323                 */
1324                if (!alarm_is_scheduled(p_cb->delayed_auth_timer_ent)) {
1325                    SMP_TRACE_DEBUG("%s delaying auth complete.", __func__);
1326                    alarm_set_on_queue(p_cb->delayed_auth_timer_ent, SMP_DELAYED_AUTH_TIMEOUT_MS,
1327                                       smp_delayed_auth_complete_timeout, NULL, btu_general_alarm_queue);
1328                }
1329            } else {
1330                p_cb->wait_for_authorization_complete = TRUE;
1331            }
1332        }
1333    }
1334}
1335
1336/*******************************************************************************
1337** Function         smp_decide_association_model
1338** Description      This function is called to select assoc model to be used for
1339**                  STK generation and to start STK generation process.
1340**
1341*******************************************************************************/
1342void smp_decide_association_model(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1343{
1344    UINT8   failure = SMP_UNKNOWN_IO_CAP;
1345    UINT8 int_evt = 0;
1346    tSMP_KEY key;
1347    tSMP_INT_DATA   *p = NULL;
1348
1349    SMP_TRACE_DEBUG("%s Association Model = %d", __func__, p_cb->selected_association_model);
1350
1351    switch (p_cb->selected_association_model)
1352    {
1353        case SMP_MODEL_ENCRYPTION_ONLY:  /* TK = 0, go calculate Confirm */
1354            if (p_cb->role == HCI_ROLE_MASTER &&
1355                ((p_cb->peer_auth_req & SMP_AUTH_YN_BIT) != 0) &&
1356                ((p_cb->loc_auth_req & SMP_AUTH_YN_BIT) == 0))
1357            {
1358                SMP_TRACE_ERROR ("IO capability does not meet authentication requirement");
1359                failure = SMP_PAIR_AUTH_FAIL;
1360                p = (tSMP_INT_DATA *)&failure;
1361                int_evt = SMP_AUTH_CMPL_EVT;
1362            }
1363            else
1364            {
1365                p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1366                SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level );
1367
1368                key.key_type = SMP_KEY_TYPE_TK;
1369                key.p_data = p_cb->tk;
1370                p = (tSMP_INT_DATA *)&key;
1371
1372                memset(p_cb->tk, 0, BT_OCTET16_LEN);
1373                /* TK, ready  */
1374                int_evt = SMP_KEY_READY_EVT;
1375            }
1376            break;
1377
1378        case SMP_MODEL_PASSKEY:
1379            p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1380            SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1381
1382            p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1383            int_evt = SMP_TK_REQ_EVT;
1384            break;
1385
1386        case SMP_MODEL_OOB:
1387            SMP_TRACE_ERROR ("Association Model = SMP_MODEL_OOB");
1388            p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1389            SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1390
1391            p_cb->cb_evt = SMP_OOB_REQ_EVT;
1392            int_evt = SMP_TK_REQ_EVT;
1393            break;
1394
1395        case SMP_MODEL_KEY_NOTIF:
1396            p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1397            SMP_TRACE_DEBUG("Need to generate Passkey");
1398
1399            /* generate passkey and notify application */
1400            smp_generate_passkey(p_cb, NULL);
1401            break;
1402
1403        case SMP_MODEL_SEC_CONN_JUSTWORKS:
1404        case SMP_MODEL_SEC_CONN_NUM_COMP:
1405        case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1406        case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1407        case SMP_MODEL_SEC_CONN_OOB:
1408            int_evt = SMP_PUBL_KEY_EXCH_REQ_EVT;
1409            break;
1410
1411        case SMP_MODEL_OUT_OF_RANGE:
1412            SMP_TRACE_ERROR("Association Model = SMP_MODEL_OUT_OF_RANGE (failed)");
1413            p = (tSMP_INT_DATA *)&failure;
1414            int_evt = SMP_AUTH_CMPL_EVT;
1415            break;
1416
1417        default:
1418            SMP_TRACE_ERROR("Association Model = %d (SOMETHING IS WRONG WITH THE CODE)",
1419                             p_cb->selected_association_model);
1420            p = (tSMP_INT_DATA *)&failure;
1421            int_evt = SMP_AUTH_CMPL_EVT;
1422    }
1423
1424    SMP_TRACE_EVENT ("sec_level=%d ", p_cb->sec_level );
1425    if (int_evt)
1426        smp_sm_event(p_cb, int_evt, p);
1427}
1428
1429/*******************************************************************************
1430** Function     smp_process_io_response
1431** Description  process IO response for a slave device.
1432*******************************************************************************/
1433void smp_process_io_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1434{
1435    uint8_t reason = SMP_PAIR_AUTH_FAIL;
1436
1437    SMP_TRACE_DEBUG("%s", __func__);
1438    if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)
1439    {
1440        /* pairing started by local (slave) Security Request */
1441        smp_set_state(SMP_STATE_SEC_REQ_PENDING);
1442        smp_send_cmd(SMP_OPCODE_SEC_REQ, p_cb);
1443    }
1444    else /* plan to send pairing respond */
1445    {
1446        /* pairing started by peer (master) Pairing Request */
1447        p_cb->selected_association_model = smp_select_association_model(p_cb);
1448
1449        if (p_cb->secure_connections_only_mode_required &&
1450            (!(p_cb->le_secure_connections_mode_is_used) ||
1451            (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)))
1452        {
1453            SMP_TRACE_ERROR ("Slave requires secure connection only mode \
1454                              but it can't be provided -> Slave fails pairing");
1455            smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1456            return;
1457        }
1458
1459        if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB)
1460        {
1461            if (smp_request_oob_data(p_cb)) return;
1462        }
1463
1464        // PTS Testing failure modes
1465        if (pts_test_send_authentication_complete_failure(p_cb))
1466            return;
1467
1468        smp_send_pair_rsp(p_cb, NULL);
1469    }
1470}
1471
1472/*******************************************************************************
1473** Function     smp_br_process_slave_keys_response
1474** Description  process application keys response for a slave device
1475**              (BR/EDR transport).
1476*******************************************************************************/
1477void smp_br_process_slave_keys_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1478{
1479    smp_br_send_pair_response(p_cb, NULL);
1480}
1481
1482/*******************************************************************************
1483** Function     smp_br_send_pair_response
1484** Description  actions related to sending pairing response over BR/EDR transport.
1485*******************************************************************************/
1486void smp_br_send_pair_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1487{
1488    SMP_TRACE_DEBUG("%s", __func__);
1489
1490    p_cb->local_i_key &= p_cb->peer_i_key;
1491    p_cb->local_r_key &= p_cb->peer_r_key;
1492
1493    smp_send_cmd (SMP_OPCODE_PAIRING_RSP, p_cb);
1494}
1495
1496/*******************************************************************************
1497** Function         smp_pairing_cmpl
1498** Description      This function is called to send the pairing complete callback
1499**                  and remove the connection if needed.
1500*******************************************************************************/
1501void smp_pairing_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1502{
1503    if (p_cb->total_tx_unacked == 0)
1504    {
1505        /* process the pairing complete */
1506        smp_proc_pairing_cmpl(p_cb);
1507    }
1508}
1509
1510/*******************************************************************************
1511** Function         smp_pair_terminate
1512** Description      This function is called to send the pairing complete callback
1513**                  and remove the connection if needed.
1514*******************************************************************************/
1515void smp_pair_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1516{
1517    SMP_TRACE_DEBUG("%s", __func__);
1518    p_cb->status = SMP_CONN_TOUT;
1519    smp_proc_pairing_cmpl(p_cb);
1520}
1521
1522/*******************************************************************************
1523** Function         smp_idle_terminate
1524** Description      This function calledin idle state to determine to send authentication
1525**                  complete or not.
1526*******************************************************************************/
1527void smp_idle_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1528{
1529    if (p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)
1530    {
1531        SMP_TRACE_DEBUG("Pairing terminated at IDLE state.");
1532        p_cb->status = SMP_FAIL;
1533        smp_proc_pairing_cmpl(p_cb);
1534    }
1535}
1536
1537/*******************************************************************************
1538** Function     smp_fast_conn_param
1539** Description  apply default connection parameter for pairing process
1540*******************************************************************************/
1541void smp_fast_conn_param(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1542{
1543    /* Disable L2CAP connection parameter updates while bonding since
1544       some peripherals are not able to revert to fast connection parameters
1545       during the start of service discovery. Connection paramter updates
1546       get enabled again once service discovery completes. */
1547    L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, false);
1548}
1549
1550/*******************************************************************************
1551** Function     smp_both_have_public_keys
1552** Description  The function is called when both local and peer public keys are
1553**              saved.
1554**              Actions:
1555**              - invokes DHKey computation;
1556**              - on slave side invokes sending local public key to the peer.
1557**              - invokes SC phase 1 process.
1558*******************************************************************************/
1559void smp_both_have_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1560{
1561    SMP_TRACE_DEBUG("%s",__func__);
1562
1563    /* invokes DHKey computation */
1564    smp_compute_dhkey(p_cb);
1565
1566    /* on slave side invokes sending local public key to the peer */
1567    if (p_cb->role == HCI_ROLE_SLAVE)
1568        smp_send_pair_public_key(p_cb, NULL);
1569
1570    smp_sm_event(p_cb, SMP_SC_DHKEY_CMPLT_EVT, NULL);
1571}
1572
1573/*******************************************************************************
1574** Function     smp_start_secure_connection_phase1
1575** Description  The function starts Secure Connection phase1 i.e. invokes initialization of Secure Connection
1576**              phase 1 parameters and starts building/sending to the peer
1577**              messages appropriate for the role and association model.
1578*******************************************************************************/
1579void smp_start_secure_connection_phase1(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1580{
1581    SMP_TRACE_DEBUG("%s", __func__);
1582
1583    if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)
1584    {
1585        p_cb->sec_level = SMP_SEC_UNAUTHENTICATE;
1586        SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_UNAUTHENTICATE) ", p_cb->sec_level );
1587    }
1588    else
1589    {
1590        p_cb->sec_level = SMP_SEC_AUTHENTICATED;
1591        SMP_TRACE_EVENT ("p_cb->sec_level =%d (SMP_SEC_AUTHENTICATED) ", p_cb->sec_level );
1592    }
1593
1594    switch(p_cb->selected_association_model)
1595    {
1596        case SMP_MODEL_SEC_CONN_JUSTWORKS:
1597        case SMP_MODEL_SEC_CONN_NUM_COMP:
1598            memset(p_cb->local_random, 0, BT_OCTET16_LEN);
1599            smp_start_nonce_generation(p_cb);
1600            break;
1601        case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1602            /* user has to provide passkey */
1603            p_cb->cb_evt = SMP_PASSKEY_REQ_EVT;
1604            smp_sm_event(p_cb, SMP_TK_REQ_EVT, NULL);
1605            break;
1606        case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1607            /* passkey has to be provided to user */
1608            SMP_TRACE_DEBUG("Need to generate SC Passkey");
1609            smp_generate_passkey(p_cb, NULL);
1610            break;
1611        case SMP_MODEL_SEC_CONN_OOB:
1612            /* use the available OOB information */
1613            smp_process_secure_connection_oob_data(p_cb, NULL);
1614            break;
1615        default:
1616            SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1617                              p_cb->selected_association_model);
1618            break;
1619    }
1620}
1621
1622/*******************************************************************************
1623** Function     smp_process_local_nonce
1624** Description  The function processes new local nonce.
1625**
1626** Note         It is supposed to be called in SC phase1.
1627*******************************************************************************/
1628void smp_process_local_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1629{
1630    SMP_TRACE_DEBUG("%s", __func__);
1631
1632    switch(p_cb->selected_association_model)
1633    {
1634        case SMP_MODEL_SEC_CONN_JUSTWORKS:
1635        case SMP_MODEL_SEC_CONN_NUM_COMP:
1636            if (p_cb->role == HCI_ROLE_SLAVE)
1637            {
1638                /* slave calculates and sends local commitment */
1639                smp_calculate_local_commitment(p_cb);
1640                smp_send_commitment(p_cb, NULL);
1641                /* slave has to wait for peer nonce */
1642                smp_set_state(SMP_STATE_WAIT_NONCE);
1643            }
1644            else    /* i.e. master */
1645            {
1646                if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM)
1647                {
1648                    /* slave commitment is already received, send local nonce, wait for remote nonce*/
1649                    SMP_TRACE_DEBUG("master in assoc mode = %d \
1650                    already rcvd slave commitment - race condition",
1651                                      p_cb->selected_association_model);
1652                    p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1653                    smp_send_rand(p_cb, NULL);
1654                    smp_set_state(SMP_STATE_WAIT_NONCE);
1655                }
1656            }
1657            break;
1658        case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1659        case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1660            smp_calculate_local_commitment(p_cb);
1661
1662            if (p_cb->role == HCI_ROLE_MASTER)
1663            {
1664                smp_send_commitment(p_cb, NULL);
1665            }
1666            else    /* slave */
1667            {
1668                if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_COMM)
1669                {
1670                    /* master commitment is already received */
1671                    smp_send_commitment(p_cb, NULL);
1672                    smp_set_state(SMP_STATE_WAIT_NONCE);
1673                }
1674            }
1675            break;
1676        case SMP_MODEL_SEC_CONN_OOB:
1677            if (p_cb->role == HCI_ROLE_MASTER)
1678            {
1679                smp_send_rand(p_cb, NULL);
1680            }
1681
1682            smp_set_state(SMP_STATE_WAIT_NONCE);
1683            break;
1684        default:
1685            SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1686                              p_cb->selected_association_model);
1687            break;
1688    }
1689}
1690
1691/*******************************************************************************
1692** Function     smp_process_peer_nonce
1693** Description  The function processes newly received and saved in CB peer nonce.
1694**              The actions depend on the selected association model and the role.
1695**
1696** Note         It is supposed to be called in SC phase1.
1697*******************************************************************************/
1698void smp_process_peer_nonce(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1699{
1700    UINT8   reason;
1701
1702    SMP_TRACE_DEBUG("%s start ", __func__);
1703
1704    // PTS Testing failure modes
1705    if (p_cb->cert_failure == 1) {
1706        SMP_TRACE_ERROR("%s failure case = %d", __func__, p_cb->cert_failure);
1707        reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1708        smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1709        return;
1710    }
1711
1712    switch(p_cb->selected_association_model)
1713    {
1714        case SMP_MODEL_SEC_CONN_JUSTWORKS:
1715        case SMP_MODEL_SEC_CONN_NUM_COMP:
1716            /* in these models only master receives commitment */
1717            if (p_cb->role == HCI_ROLE_MASTER)
1718            {
1719                if (!smp_check_commitment(p_cb))
1720                {
1721                    reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1722                    smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1723                    break;
1724                }
1725            }
1726            else
1727            {
1728                /* slave sends local nonce */
1729                smp_send_rand(p_cb, NULL);
1730            }
1731
1732            if(p_cb->selected_association_model == SMP_MODEL_SEC_CONN_JUSTWORKS)
1733            {
1734                /* go directly to phase 2 */
1735                smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1736            }
1737            else    /* numeric comparison */
1738            {
1739                smp_set_state(SMP_STATE_WAIT_NONCE);
1740                smp_sm_event(p_cb, SMP_SC_CALC_NC_EVT, NULL);
1741            }
1742            break;
1743        case SMP_MODEL_SEC_CONN_PASSKEY_ENT:
1744        case SMP_MODEL_SEC_CONN_PASSKEY_DISP:
1745            if (!smp_check_commitment(p_cb) && p_cb->cert_failure != 9)
1746            {
1747                reason = p_cb->failure = SMP_CONFIRM_VALUE_ERR;
1748                smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1749                break;
1750            }
1751
1752            if (p_cb->role == HCI_ROLE_SLAVE)
1753            {
1754                smp_send_rand(p_cb, NULL);
1755            }
1756
1757            if (++p_cb->round < 20)
1758            {
1759                smp_set_state(SMP_STATE_SEC_CONN_PHS1_START);
1760                p_cb->flags &= ~SMP_PAIR_FLAG_HAVE_PEER_COMM;
1761                smp_start_nonce_generation(p_cb);
1762                break;
1763            }
1764
1765            smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1766            break;
1767        case SMP_MODEL_SEC_CONN_OOB:
1768            if (p_cb->role == HCI_ROLE_SLAVE)
1769            {
1770                smp_send_rand(p_cb, NULL);
1771            }
1772
1773            smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1774            break;
1775        default:
1776            SMP_TRACE_ERROR ("Association Model = %d is not used in LE SC",
1777                              p_cb->selected_association_model);
1778            break;
1779    }
1780
1781    SMP_TRACE_DEBUG("%s end ",__FUNCTION__);
1782}
1783
1784/*******************************************************************************
1785** Function     smp_match_dhkey_checks
1786** Description  checks if the calculated peer DHKey Check value is the same as
1787**              received from the peer DHKey check value.
1788*******************************************************************************/
1789void smp_match_dhkey_checks(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1790{
1791    UINT8 reason = SMP_DHKEY_CHK_FAIL;
1792
1793    SMP_TRACE_DEBUG("%s", __func__);
1794
1795    if (memcmp(p_data->key.p_data, p_cb->remote_dhkey_check, BT_OCTET16_LEN))
1796    {
1797        SMP_TRACE_WARNING ("dhkey chcks do no match");
1798        p_cb->failure = reason;
1799        smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1800        return;
1801    }
1802
1803    SMP_TRACE_EVENT ("dhkey chcks match");
1804
1805    /* compare the max encryption key size, and save the smaller one for the link */
1806    if (p_cb->peer_enc_size < p_cb->loc_enc_size)
1807        p_cb->loc_enc_size = p_cb->peer_enc_size;
1808
1809    if (p_cb->role == HCI_ROLE_SLAVE)
1810    {
1811        smp_sm_event(p_cb, SMP_PAIR_DHKEY_CHCK_EVT, NULL);
1812    }
1813    else
1814    {
1815        /* master device always use received i/r key as keys to distribute */
1816        p_cb->local_i_key = p_cb->peer_i_key;
1817        p_cb->local_r_key = p_cb->peer_r_key;
1818        smp_sm_event(p_cb, SMP_ENC_REQ_EVT, NULL);
1819    }
1820}
1821
1822/*******************************************************************************
1823** Function     smp_move_to_secure_connections_phase2
1824** Description  Signal State Machine to start SC phase 2 initialization (to
1825**              compute local DHKey Check value).
1826**
1827** Note         SM is supposed to be in the state SMP_STATE_SEC_CONN_PHS2_START.
1828*******************************************************************************/
1829void smp_move_to_secure_connections_phase2(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1830{
1831    SMP_TRACE_DEBUG("%s",__func__);
1832    smp_sm_event(p_cb, SMP_SC_PHASE1_CMPLT_EVT, NULL);
1833}
1834
1835/*******************************************************************************
1836** Function     smp_phase_2_dhkey_checks_are_present
1837** Description  generates event if dhkey check from the peer is already received.
1838**
1839** Note         It is supposed to be used on slave to prevent race condition.
1840**              It is supposed to be called after slave dhkey check is calculated.
1841*******************************************************************************/
1842void smp_phase_2_dhkey_checks_are_present(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1843{
1844    SMP_TRACE_DEBUG("%s",__func__);
1845
1846    if (p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_DHK_CHK)
1847        smp_sm_event(p_cb, SMP_SC_2_DHCK_CHKS_PRES_EVT, NULL);
1848}
1849
1850/*******************************************************************************
1851** Function     smp_wait_for_both_public_keys
1852** Description  generates SMP_BOTH_PUBL_KEYS_RCVD_EVT event when both local and master
1853**              public keys are available.
1854**
1855** Note         on the slave it is used to prevent race condition.
1856**
1857*******************************************************************************/
1858void smp_wait_for_both_public_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1859{
1860    SMP_TRACE_DEBUG("%s",__func__);
1861
1862    if ((p_cb->flags & SMP_PAIR_FLAG_HAVE_PEER_PUBL_KEY) &&
1863        (p_cb->flags & SMP_PAIR_FLAG_HAVE_LOCAL_PUBL_KEY))
1864    {
1865        if ((p_cb->role == HCI_ROLE_SLAVE) &&
1866            ((p_cb->req_oob_type == SMP_OOB_LOCAL) || (p_cb->req_oob_type == SMP_OOB_BOTH)))
1867        {
1868            smp_set_state(SMP_STATE_PUBLIC_KEY_EXCH);
1869        }
1870        smp_sm_event(p_cb, SMP_BOTH_PUBL_KEYS_RCVD_EVT, NULL);
1871    }
1872}
1873
1874/*******************************************************************************
1875** Function     smp_start_passkey_verification
1876** Description  Starts SC passkey entry verification.
1877*******************************************************************************/
1878void smp_start_passkey_verification(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1879{
1880    UINT8 *p = NULL;
1881
1882    SMP_TRACE_DEBUG("%s", __func__);
1883    p = p_cb->local_random;
1884    UINT32_TO_STREAM(p, p_data->passkey);
1885
1886    p = p_cb->peer_random;
1887    UINT32_TO_STREAM(p, p_data->passkey);
1888
1889    p_cb->round = 0;
1890    smp_start_nonce_generation(p_cb);
1891}
1892
1893/*******************************************************************************
1894** Function     smp_process_secure_connection_oob_data
1895** Description  Processes local/peer SC OOB data received from somewhere.
1896*******************************************************************************/
1897void smp_process_secure_connection_oob_data(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1898{
1899    SMP_TRACE_DEBUG("%s", __func__);
1900
1901    tSMP_SC_OOB_DATA *p_sc_oob_data = &p_cb->sc_oob_data;
1902    if (p_sc_oob_data->loc_oob_data.present)
1903    {
1904        memcpy(p_cb->local_random, p_sc_oob_data->loc_oob_data.randomizer,
1905               sizeof(p_cb->local_random));
1906    }
1907    else
1908    {
1909        SMP_TRACE_EVENT ("local OOB randomizer is absent");
1910        memset(p_cb->local_random, 0, sizeof (p_cb->local_random));
1911    }
1912
1913    if (!p_sc_oob_data->peer_oob_data.present)
1914    {
1915        SMP_TRACE_EVENT ("peer OOB data is absent");
1916        memset(p_cb->peer_random, 0, sizeof (p_cb->peer_random));
1917    }
1918    else
1919    {
1920        memcpy(p_cb->peer_random, p_sc_oob_data->peer_oob_data.randomizer,
1921               sizeof(p_cb->peer_random));
1922        memcpy(p_cb->remote_commitment, p_sc_oob_data->peer_oob_data.commitment,
1923               sizeof(p_cb->remote_commitment));
1924
1925        UINT8 reason = SMP_CONFIRM_VALUE_ERR;
1926        /* check commitment */
1927        if (!smp_check_commitment(p_cb))
1928        {
1929            p_cb->failure = reason;
1930            smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
1931            return;
1932        }
1933
1934        if (p_cb->peer_oob_flag != SMP_OOB_PRESENT)
1935        {
1936            /* the peer doesn't have local randomiser */
1937            SMP_TRACE_EVENT ("peer didn't receive local OOB data, set local randomizer to 0");
1938            memset(p_cb->local_random, 0, sizeof (p_cb->local_random));
1939        }
1940    }
1941
1942    print128(p_cb->local_random, (const UINT8 *)"local OOB randomizer");
1943    print128(p_cb->peer_random, (const UINT8 *)"peer OOB randomizer");
1944    smp_start_nonce_generation(p_cb);
1945}
1946
1947/*******************************************************************************
1948** Function     smp_set_local_oob_keys
1949** Description  Saves calculated private/public keys in sc_oob_data.loc_oob_data,
1950**              starts nonce generation
1951**              (to be saved in sc_oob_data.loc_oob_data.randomizer).
1952*******************************************************************************/
1953void smp_set_local_oob_keys(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1954{
1955    SMP_TRACE_DEBUG("%s", __func__);
1956
1957    memcpy(p_cb->sc_oob_data.loc_oob_data.private_key_used, p_cb->private_key,
1958           BT_OCTET32_LEN);
1959    p_cb->sc_oob_data.loc_oob_data.publ_key_used = p_cb->loc_publ_key;
1960    smp_start_nonce_generation(p_cb);
1961}
1962
1963/*******************************************************************************
1964** Function     smp_set_local_oob_random_commitment
1965** Description  Saves calculated randomizer and commitment in sc_oob_data.loc_oob_data,
1966**              passes sc_oob_data.loc_oob_data up for safekeeping.
1967*******************************************************************************/
1968void smp_set_local_oob_random_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
1969{
1970    SMP_TRACE_DEBUG("%s", __func__);
1971    memcpy(p_cb->sc_oob_data.loc_oob_data.randomizer, p_cb->rand,
1972           BT_OCTET16_LEN);
1973
1974    smp_calculate_f4(p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1975                     p_cb->sc_oob_data.loc_oob_data.publ_key_used.x,
1976                     p_cb->sc_oob_data.loc_oob_data.randomizer, 0,
1977                     p_cb->sc_oob_data.loc_oob_data.commitment);
1978
1979#if SMP_DEBUG == TRUE
1980    UINT8   *p_print = NULL;
1981    SMP_TRACE_DEBUG("local SC OOB data set:");
1982    p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.addr_sent_to;
1983    smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"addr_sent_to",
1984                                         sizeof(tBLE_BD_ADDR));
1985    p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.private_key_used;
1986    smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"private_key_used",
1987                                         BT_OCTET32_LEN);
1988    p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.x;
1989    smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.x",
1990                                         BT_OCTET32_LEN);
1991    p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.publ_key_used.y;
1992    smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"publ_key_used.y",
1993                                         BT_OCTET32_LEN);
1994    p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.randomizer;
1995    smp_debug_print_nbyte_little_endian (p_print, (const UINT8 *)"randomizer",
1996                                         BT_OCTET16_LEN);
1997    p_print = (UINT8*) &p_cb->sc_oob_data.loc_oob_data.commitment;
1998    smp_debug_print_nbyte_little_endian (p_print,(const UINT8 *) "commitment",
1999                                         BT_OCTET16_LEN);
2000    SMP_TRACE_DEBUG("");
2001#endif
2002
2003    /* pass created OOB data up */
2004    p_cb->cb_evt = SMP_SC_LOC_OOB_DATA_UP_EVT;
2005    smp_send_app_cback(p_cb, NULL);
2006
2007    smp_cb_cleanup(p_cb);
2008}
2009
2010/*******************************************************************************
2011**
2012** Function         smp_link_encrypted
2013**
2014** Description      This function is called when link is encrypted and notified to
2015**                  slave device. Proceed to to send LTK, DIV and ER to master if
2016**                  bonding the devices.
2017**
2018**
2019** Returns          void
2020**
2021*******************************************************************************/
2022void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable)
2023{
2024    tSMP_CB *p_cb = &smp_cb;
2025
2026    SMP_TRACE_DEBUG("%s encr_enable=%d", __func__, encr_enable);
2027
2028    if (memcmp(&smp_cb.pairing_bda[0], bda, BD_ADDR_LEN) == 0)
2029    {
2030        /* encryption completed with STK, remmeber the key size now, could be overwite
2031        *  when key exchange happens                                        */
2032        if (p_cb->loc_enc_size != 0 && encr_enable)
2033        {
2034            /* update the link encryption key size if a SMP pairing just performed */
2035            btm_ble_update_sec_key_size(bda, p_cb->loc_enc_size);
2036        }
2037
2038        smp_sm_event(&smp_cb, SMP_ENCRYPTED_EVT, &encr_enable);
2039    }
2040}
2041
2042/*******************************************************************************
2043**
2044** Function         smp_proc_ltk_request
2045**
2046** Description      This function is called when LTK request is received from
2047**                  controller.
2048**
2049** Returns          void
2050**
2051*******************************************************************************/
2052BOOLEAN smp_proc_ltk_request(BD_ADDR bda)
2053{
2054    SMP_TRACE_DEBUG("%s state = %d",  __func__, smp_cb.state);
2055    BOOLEAN match = FALSE;
2056
2057    if (!memcmp(bda, smp_cb.pairing_bda, BD_ADDR_LEN))
2058    {
2059        match = TRUE;
2060    } else {
2061        BD_ADDR dummy_bda = {0};
2062        tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bda);
2063        if (p_dev_rec != NULL &&
2064            0 == memcmp(p_dev_rec->ble.pseudo_addr, smp_cb.pairing_bda, BD_ADDR_LEN) &&
2065            0 != memcmp(p_dev_rec->ble.pseudo_addr, dummy_bda, BD_ADDR_LEN))
2066        {
2067            match = TRUE;
2068        }
2069    }
2070
2071    if (match && smp_cb.state == SMP_STATE_ENCRYPTION_PENDING)
2072    {
2073        smp_sm_event(&smp_cb, SMP_ENC_REQ_EVT, NULL);
2074        return TRUE;
2075    }
2076
2077    return FALSE;
2078}
2079
2080/*******************************************************************************
2081**
2082** Function         smp_process_secure_connection_long_term_key
2083**
2084** Description      This function is called to process SC LTK.
2085**                  SC LTK is calculated and used instead of STK.
2086**                  Here SC LTK is saved in BLE DB.
2087**
2088** Returns          void
2089**
2090*******************************************************************************/
2091void smp_process_secure_connection_long_term_key(void)
2092{
2093    tSMP_CB     *p_cb = &smp_cb;
2094
2095    SMP_TRACE_DEBUG("%s", __func__);
2096    smp_save_secure_connections_long_term_key(p_cb);
2097
2098    smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
2099    smp_key_distribution(p_cb, NULL);
2100}
2101
2102/*******************************************************************************
2103**
2104** Function         smp_set_derive_link_key
2105**
2106** Description      This function is called to set flag that indicates that
2107**                  BR/EDR LK has to be derived from LTK after all keys are
2108**                  distributed.
2109**
2110** Returns          void
2111**
2112*******************************************************************************/
2113void smp_set_derive_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2114{
2115    SMP_TRACE_DEBUG ("%s", __func__);
2116    p_cb->derive_lk = TRUE;
2117    smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_LK, FALSE);
2118    smp_key_distribution(p_cb, NULL);
2119}
2120
2121/*******************************************************************************
2122**
2123** Function         smp_derive_link_key_from_long_term_key
2124**
2125** Description      This function is called to derive BR/EDR LK from LTK.
2126**
2127** Returns          void
2128**
2129*******************************************************************************/
2130void smp_derive_link_key_from_long_term_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2131{
2132    tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
2133
2134    SMP_TRACE_DEBUG("%s", __func__);
2135    if (!smp_calculate_link_key_from_long_term_key(p_cb))
2136    {
2137        SMP_TRACE_ERROR("%s failed", __FUNCTION__);
2138        smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &status);
2139        return;
2140    }
2141}
2142
2143/*******************************************************************************
2144**
2145** Function         smp_br_process_link_key
2146**
2147** Description      This function is called to process BR/EDR LK:
2148**                  - to derive SMP LTK from BR/EDR LK;
2149*8                  - to save SMP LTK.
2150**
2151** Returns          void
2152**
2153*******************************************************************************/
2154void smp_br_process_link_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2155{
2156    tSMP_STATUS status = SMP_PAIR_FAIL_UNKNOWN;
2157
2158    SMP_TRACE_DEBUG("%s", __func__);
2159    if (!smp_calculate_long_term_key_from_link_key(p_cb))
2160    {
2161        SMP_TRACE_ERROR ("%s failed",__FUNCTION__);
2162        smp_sm_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &status);
2163        return;
2164    }
2165
2166    SMP_TRACE_DEBUG("%s: LTK derivation from LK successfully completed", __FUNCTION__);
2167    smp_save_secure_connections_long_term_key(p_cb);
2168    smp_update_key_mask (p_cb, SMP_SEC_KEY_TYPE_ENC, FALSE);
2169    smp_br_select_next_key(p_cb, NULL);
2170}
2171
2172/*******************************************************************************
2173** Function     smp_key_distribution_by_transport
2174** Description  depending on the transport used at the moment calls either
2175**              smp_key_distribution(...) or smp_br_key_distribution(...).
2176*******************************************************************************/
2177void smp_key_distribution_by_transport(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2178{
2179    SMP_TRACE_DEBUG("%s", __func__);
2180    if (p_cb->smp_over_br)
2181    {
2182        smp_br_select_next_key(p_cb, NULL);
2183    }
2184    else
2185    {
2186        smp_key_distribution(p_cb, NULL);
2187    }
2188}
2189
2190/*******************************************************************************
2191** Function         smp_br_pairing_complete
2192** Description      This function is called to send the pairing complete callback
2193**                  and remove the connection if needed.
2194*******************************************************************************/
2195void smp_br_pairing_complete(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
2196{
2197    SMP_TRACE_DEBUG("%s", __func__);
2198
2199    if (p_cb->total_tx_unacked == 0)
2200    {
2201        /* process the pairing complete */
2202        smp_proc_pairing_cmpl(p_cb);
2203    }
2204}
2205
2206#endif
2207