Home | History | Annotate | Download | only in btm
      1 /******************************************************************************
      2  *
      3  *  Copyright (C) 1999-2012 Broadcom Corporation
      4  *
      5  *  Licensed under the Apache License, Version 2.0 (the "License");
      6  *  you may not use this file except in compliance with the License.
      7  *  You may obtain a copy of the License at:
      8  *
      9  *  http://www.apache.org/licenses/LICENSE-2.0
     10  *
     11  *  Unless required by applicable law or agreed to in writing, software
     12  *  distributed under the License is distributed on an "AS IS" BASIS,
     13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     14  *  See the License for the specific language governing permissions and
     15  *  limitations under the License.
     16  *
     17  ******************************************************************************/
     18 
     19 /******************************************************************************
     20  *
     21  *  This file contains functions for BLE device control utilities, and LE
     22  *  security functions.
     23  *
     24  ******************************************************************************/
     25 
     26 #include <string.h>
     27 
     28 #include "bt_types.h"
     29 #include "hcimsgs.h"
     30 #include "btu.h"
     31 #include "btm_int.h"
     32 #include "btm_ble_api.h"
     33 #include "smp_api.h"
     34 #include "l2c_int.h"
     35 #include "gap_api.h"
     36 
     37 #if SMP_INCLUDED == TRUE
     38 extern BOOLEAN AES_CMAC ( BT_OCTET16 key, UINT8 *input, UINT16 length, UINT16 tlen, UINT8 *p_signature);
     39 extern void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable);
     40 extern BOOLEAN smp_proc_ltk_request(BD_ADDR bda);
     41 #endif
     42 extern void gatt_notify_enc_cmpl(BD_ADDR bd_addr);
     43 
     44 /*******************************************************************************/
     45 /* External Function to be called by other modules                             */
     46 /*******************************************************************************/
     47 /********************************************************
     48 **
     49 ** Function         BTM_SecAddBleDevice
     50 **
     51 ** Description      Add/modify device.  This function will be normally called
     52 **                  during host startup to restore all required information
     53 **                  for a LE device stored in the NVRAM.
     54 **
     55 ** Parameters:      bd_addr          - BD address of the peer
     56 **                  bd_name          - Name of the peer device.  NULL if unknown.
     57 **                  dev_type         - Remote device's device type.
     58 **                  addr_type        - LE device address type.
     59 **
     60 ** Returns          TRUE if added OK, else FALSE
     61 **
     62 *******************************************************************************/
     63 BOOLEAN BTM_SecAddBleDevice (BD_ADDR bd_addr, BD_NAME bd_name, tBT_DEVICE_TYPE dev_type,
     64                              tBLE_ADDR_TYPE addr_type)
     65 {
     66 #if BLE_INCLUDED == TRUE
     67     tBTM_SEC_DEV_REC  *p_dev_rec;
     68     UINT8               i = 0;
     69     tBTM_INQ_INFO      *p_info=NULL;
     70 
     71     BTM_TRACE_DEBUG1 ("BTM_SecAddBleDevice dev_type=0x%x", dev_type);
     72     p_dev_rec = btm_find_dev (bd_addr);
     73 
     74     if (!p_dev_rec)
     75     {
     76         BTM_TRACE_DEBUG0("Add a new device");
     77 
     78         /* There is no device record, allocate one.
     79          * If we can not find an empty spot for this one, let it fail. */
     80         for (i = 0; i < BTM_SEC_MAX_DEVICE_RECORDS; i++)
     81         {
     82             if (!(btm_cb.sec_dev_rec[i].sec_flags & BTM_SEC_IN_USE))
     83             {
     84                 BTM_TRACE_DEBUG1 ("allocate a new dev rec idx=0x%x ", i );
     85                 p_dev_rec = &btm_cb.sec_dev_rec[i];
     86 
     87                 /* Mark this record as in use and initialize */
     88                 memset (p_dev_rec, 0, sizeof (tBTM_SEC_DEV_REC));
     89                 p_dev_rec->sec_flags = BTM_SEC_IN_USE;
     90                 memcpy (p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN);
     91                 p_dev_rec->hci_handle = BTM_GetHCIConnHandle (bd_addr);
     92 
     93                 /* update conn params, use default value for background connection params */
     94                 p_dev_rec->conn_params.min_conn_int     =
     95                 p_dev_rec->conn_params.max_conn_int     =
     96                 p_dev_rec->conn_params.supervision_tout =
     97                 p_dev_rec->conn_params.slave_latency    = BTM_BLE_CONN_PARAM_UNDEF;
     98 
     99                 BTM_TRACE_DEBUG1 ("hci_handl=0x%x ",  p_dev_rec->hci_handle );
    100                 break;
    101             }
    102         }
    103 
    104         if (!p_dev_rec)
    105             return(FALSE);
    106     }
    107     else
    108     {
    109         BTM_TRACE_DEBUG0("Device already exist");
    110     }
    111 
    112     memset(p_dev_rec->sec_bd_name, 0, sizeof(tBTM_BD_NAME));
    113 
    114     if (bd_name && bd_name[0])
    115     {
    116         p_dev_rec->sec_flags |= BTM_SEC_NAME_KNOWN;
    117         BCM_STRNCPY_S ((char *)p_dev_rec->sec_bd_name, sizeof (p_dev_rec->sec_bd_name),
    118                        (char *)bd_name, BTM_MAX_REM_BD_NAME_LEN);
    119     }
    120     p_dev_rec->device_type = dev_type;
    121     p_dev_rec->ble.ble_addr_type = addr_type;
    122     BTM_TRACE_DEBUG3 ("p_dev_rec->device_type =0x%x  addr_type=0x%x sec_flags=0x%x",
    123                       dev_type,  addr_type, p_dev_rec->sec_flags);
    124 
    125     /* sync up with the Inq Data base*/
    126     p_info = BTM_InqDbRead(bd_addr);
    127     if (p_info)
    128     {
    129         p_info->results.ble_addr_type = p_dev_rec->ble.ble_addr_type ;
    130         p_info->results.device_type = p_dev_rec->device_type;
    131         BTM_TRACE_DEBUG2 ("InqDb  device_type =0x%x  addr_type=0x%x",
    132                           p_info->results.device_type, p_info->results.ble_addr_type);
    133     }
    134 
    135 #endif
    136     return(TRUE);
    137 }
    138 
    139 /*******************************************************************************
    140 **
    141 ** Function         BTM_SecAddBleKey
    142 **
    143 ** Description      Add/modify LE device information.  This function will be
    144 **                  normally called during host startup to restore all required
    145 **                  information stored in the NVRAM.
    146 **
    147 ** Parameters:      bd_addr          - BD address of the peer
    148 **                  p_le_key         - LE key values.
    149 **                  key_type         - LE SMP key type.
    150 *
    151 ** Returns          TRUE if added OK, else FALSE
    152 **
    153 *******************************************************************************/
    154 BOOLEAN BTM_SecAddBleKey (BD_ADDR bd_addr, tBTM_LE_KEY_VALUE *p_le_key, tBTM_LE_KEY_TYPE key_type)
    155 {
    156 #if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
    157     tBTM_SEC_DEV_REC  *p_dev_rec;
    158     BTM_TRACE_DEBUG0 ("BTM_SecAddBleKey");
    159     p_dev_rec = btm_find_dev (bd_addr);
    160     if (!p_dev_rec || !p_le_key ||
    161         (key_type != BTM_LE_KEY_PENC && key_type != BTM_LE_KEY_PID &&
    162          key_type != BTM_LE_KEY_PCSRK && key_type != BTM_LE_KEY_LENC &&
    163          key_type != BTM_LE_KEY_LCSRK))
    164     {
    165         BTM_TRACE_WARNING3 ("BTM_SecAddBleKey()  Wrong Type, or No Device record \
    166                         for bdaddr: %08x%04x, Type: %d",
    167                             (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3],
    168                             (bd_addr[4]<<8)+bd_addr[5], key_type);
    169         return(FALSE);
    170     }
    171 
    172     BTM_TRACE_DEBUG3 ("BTM_SecAddLeKey()  BDA: %08x%04x, Type: 0x%02x",
    173                       (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3],
    174                       (bd_addr[4]<<8)+bd_addr[5], key_type);
    175 
    176     if (key_type == BTM_LE_KEY_PENC || key_type == BTM_LE_KEY_PID ||
    177         key_type == BTM_LE_KEY_PCSRK || key_type == BTM_LE_KEY_LENC ||
    178         key_type == BTM_LE_KEY_LCSRK)
    179     {
    180         btm_sec_save_le_key (bd_addr, key_type, p_le_key, FALSE);
    181     }
    182 
    183 #endif
    184 
    185     return(TRUE);
    186 }
    187 
    188 /*******************************************************************************
    189 **
    190 ** Function         BTM_BleLoadLocalKeys
    191 **
    192 ** Description      Local local identity key, encryption root or sign counter.
    193 **
    194 ** Parameters:      key_type: type of key, can be BTM_BLE_KEY_TYPE_ID, BTM_BLE_KEY_TYPE_ER
    195 **                            or BTM_BLE_KEY_TYPE_COUNTER.
    196 **                  p_key: pointer to the key.
    197 *
    198 ** Returns          non2.
    199 **
    200 *******************************************************************************/
    201 void BTM_BleLoadLocalKeys(UINT8 key_type, tBTM_BLE_LOCAL_KEYS *p_key)
    202 {
    203 #if BLE_INCLUDED == TRUE
    204     tBTM_DEVCB *p_devcb = &btm_cb.devcb;
    205     BTM_TRACE_DEBUG0 ("BTM_BleLoadLocalKeys");
    206     if (p_key != NULL)
    207     {
    208         switch (key_type)
    209         {
    210             case BTM_BLE_KEY_TYPE_ID:
    211                 memcpy(&p_devcb->id_keys, &p_key->id_keys, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
    212                 break;
    213 
    214             case BTM_BLE_KEY_TYPE_ER:
    215                 memcpy(p_devcb->er, p_key->er, sizeof(BT_OCTET16));
    216                 break;
    217 
    218             default:
    219                 BTM_TRACE_ERROR1("unknow local key type: %d", key_type);
    220                 break;
    221         }
    222     }
    223 #endif
    224 }
    225 
    226 /*******************************************************************************
    227 **
    228 ** Function         BTM_GetDeviceEncRoot
    229 **
    230 ** Description      This function is called to read the local device encryption
    231 **                  root.
    232 **
    233 ** Returns          void
    234 **                  the local device ER is copied into er
    235 **
    236 *******************************************************************************/
    237 void BTM_GetDeviceEncRoot (BT_OCTET16 er)
    238 {
    239     BTM_TRACE_DEBUG0 ("BTM_GetDeviceEncRoot");
    240 
    241 #if BLE_INCLUDED == TRUE
    242     memcpy (er, btm_cb.devcb.er, BT_OCTET16_LEN);
    243 #endif
    244 }
    245 
    246 /*******************************************************************************
    247 **
    248 ** Function         BTM_GetDeviceIDRoot
    249 **
    250 ** Description      This function is called to read the local device identity
    251 **                  root.
    252 **
    253 ** Returns          void
    254 **                  the local device IR is copied into irk
    255 **
    256 *******************************************************************************/
    257 void BTM_GetDeviceIDRoot (BT_OCTET16 irk)
    258 {
    259     BTM_TRACE_DEBUG0 ("BTM_GetDeviceIDRoot ");
    260 
    261 #if BLE_INCLUDED == TRUE
    262     memcpy (irk, btm_cb.devcb.id_keys.irk, BT_OCTET16_LEN);
    263 #endif
    264 }
    265 
    266 /*******************************************************************************
    267 **
    268 ** Function         BTM_GetDeviceDHK
    269 **
    270 ** Description      This function is called to read the local device DHK.
    271 **
    272 ** Returns          void
    273 **                  the local device DHK is copied into dhk
    274 **
    275 *******************************************************************************/
    276 void BTM_GetDeviceDHK (BT_OCTET16 dhk)
    277 {
    278 #if BLE_INCLUDED == TRUE
    279     BTM_TRACE_DEBUG0 ("BTM_GetDeviceDHK");
    280     memcpy (dhk, btm_cb.devcb.id_keys.dhk, BT_OCTET16_LEN);
    281 #endif
    282 }
    283 
    284 /*******************************************************************************
    285 **
    286 ** Function         BTM_ReadConnectionAddr
    287 **
    288 ** Description      This function is called to get the local device address information
    289 **                  .
    290 **
    291 ** Returns          void
    292 **
    293 *******************************************************************************/
    294 void BTM_ReadConnectionAddr (BD_ADDR remote_bda, BD_ADDR local_conn_addr, tBLE_ADDR_TYPE *p_addr_type)
    295 {
    296 #if BLE_INCLUDED == TRUE
    297     tACL_CONN       *p_acl = btm_bda_to_acl(remote_bda);
    298 
    299     if (p_acl == NULL)
    300     {
    301         BTM_TRACE_ERROR0("No connection exist!");
    302         return;
    303     }
    304     memcpy(local_conn_addr, p_acl->conn_addr, BD_ADDR_LEN);
    305     * p_addr_type = p_acl->conn_addr_type;
    306 
    307     BTM_TRACE_DEBUG2 ("BTM_ReadConnectionAddr address type: %d addr: 0x%02x",
    308                     p_acl->conn_addr_type, p_acl->conn_addr[0]);
    309 
    310 #endif
    311 }
    312 /*******************************************************************************
    313 **
    314 ** Function         BTM_IsBleConnection
    315 **
    316 ** Description      This function is called to check if the connection handle
    317 **                  for an LE link
    318 **
    319 ** Returns          TRUE if connection is LE link, otherwise FALSE.
    320 **
    321 *******************************************************************************/
    322 BOOLEAN BTM_IsBleConnection (UINT16 conn_handle)
    323 {
    324 #if (BLE_INCLUDED == TRUE)
    325     UINT8                xx;
    326     tACL_CONN            *p;
    327 
    328     BTM_TRACE_API1 ("BTM_IsBleConnection: conn_handle: %d", conn_handle);
    329 
    330     xx = btm_handle_to_acl_index (conn_handle);
    331     if (xx >= MAX_L2CAP_LINKS)
    332         return FALSE;
    333 
    334     p = &btm_cb.acl_db[xx];
    335 
    336     return(p->is_le_link);
    337 #else
    338     return FALSE;
    339 #endif
    340 }
    341 
    342 /*******************************************************************************
    343 **
    344 ** Function         BTM_ReadRemoteConnectionAddr
    345 **
    346 ** Description      This function is read the remote device address currently used
    347 **                  .
    348 **
    349 ** Returns          void
    350 **
    351 *******************************************************************************/
    352 BOOLEAN BTM_ReadRemoteConnectionAddr(BD_ADDR pseudo_addr, BD_ADDR conn_addr, tBLE_ADDR_TYPE *p_addr_type)
    353 {
    354     BOOLEAN         st = TRUE;
    355 #if BLE_INCLUDED == TRUE
    356     tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(pseudo_addr);
    357 
    358     memcpy(conn_addr, pseudo_addr, BD_ADDR_LEN);
    359     if (p_dev_rec != NULL)
    360     {
    361         *p_addr_type = p_dev_rec->ble.ble_addr_type;
    362     }
    363 #endif
    364     return st;
    365 }
    366 /*******************************************************************************
    367 **
    368 ** Function         BTM_SecurityGrant
    369 **
    370 ** Description      This function is called to grant security process.
    371 **
    372 ** Parameters       bd_addr - peer device bd address.
    373 **                  res     - result of the operation BTM_SUCCESS if success.
    374 **                            Otherwise, BTM_REPEATED_ATTEMPTS is too many attempts.
    375 **
    376 ** Returns          None
    377 **
    378 *******************************************************************************/
    379 void BTM_SecurityGrant(BD_ADDR bd_addr, UINT8 res)
    380 {
    381 #if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
    382     tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_REPEATED_ATTEMPTS;
    383     BTM_TRACE_DEBUG0 ("BTM_SecurityGrant");
    384     SMP_SecurityGrant(bd_addr, res_smp);
    385 #endif
    386 }
    387 
    388 /*******************************************************************************
    389 **
    390 ** Function         BTM_BlePasskeyReply
    391 **
    392 ** Description      This function is called after Security Manager submitted
    393 **                  passkey request to the application.
    394 **
    395 ** Parameters:      bd_addr      - Address of the device for which passkey was requested
    396 **                  res          - result of the operation BTM_SUCCESS if success
    397 **                  key_len      - length in bytes of the Passkey
    398 **                  p_passkey        - pointer to array with the passkey
    399 **                  trusted_mask - bitwise OR of trusted services (array of UINT32)
    400 **
    401 *******************************************************************************/
    402 void BTM_BlePasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey)
    403 {
    404 #if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
    405     tBTM_SEC_DEV_REC  *p_dev_rec = btm_find_dev (bd_addr);
    406     tSMP_STATUS      res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_PASSKEY_ENTRY_FAIL;
    407 
    408     if (p_dev_rec == NULL)
    409     {
    410         BTM_TRACE_ERROR0("Passkey reply to Unknown device");
    411         return;
    412     }
    413 
    414     p_dev_rec->sec_flags   |= BTM_SEC_LINK_KEY_AUTHED;
    415     BTM_TRACE_DEBUG0 ("BTM_BlePasskeyReply");
    416     SMP_PasskeyReply(bd_addr, res_smp, passkey);
    417 #endif
    418 }
    419 
    420 /*******************************************************************************
    421 **
    422 ** Function         BTM_BleOobDataReply
    423 **
    424 ** Description      This function is called to provide the OOB data for
    425 **                  SMP in response to BTM_LE_OOB_REQ_EVT
    426 **
    427 ** Parameters:      bd_addr     - Address of the peer device
    428 **                  res         - result of the operation SMP_SUCCESS if success
    429 **                  p_data      - simple pairing Randomizer  C.
    430 **
    431 *******************************************************************************/
    432 void BTM_BleOobDataReply(BD_ADDR bd_addr, UINT8 res, UINT8 len, UINT8 *p_data)
    433 {
    434 #if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
    435     tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_OOB_FAIL;
    436     tBTM_SEC_DEV_REC  *p_dev_rec = btm_find_dev (bd_addr);
    437 
    438     BTM_TRACE_DEBUG0 ("BTM_BleOobDataReply");
    439 
    440     if (p_dev_rec == NULL)
    441     {
    442         BTM_TRACE_ERROR0("BTM_BleOobDataReply() to Unknown device");
    443         return;
    444     }
    445 
    446     p_dev_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED;
    447     SMP_OobDataReply(bd_addr, res_smp, len, p_data);
    448 #endif
    449 }
    450 
    451 /******************************************************************************
    452 **
    453 ** Function         BTM_BleSetConnScanParams
    454 **
    455 ** Description      Set scan parameter used in BLE connection request
    456 **
    457 ** Parameters:      scan_interval: scan interval
    458 **                  scan_window: scan window
    459 **
    460 ** Returns          void
    461 **
    462 *******************************************************************************/
    463 void BTM_BleSetConnScanParams (UINT16 scan_interval, UINT16 scan_window)
    464 {
    465 #if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
    466     tBTM_BLE_CB *p_ble_cb = &btm_cb.ble_ctr_cb;
    467     BOOLEAN     new_param = FALSE;
    468 
    469     if (BTM_BLE_VALID_PRAM(scan_interval, BTM_BLE_SCAN_INT_MIN, BTM_BLE_SCAN_INT_MAX) &&
    470         BTM_BLE_VALID_PRAM(scan_window, BTM_BLE_SCAN_WIN_MIN, BTM_BLE_SCAN_WIN_MAX))
    471     {
    472         btu_stop_timer(&p_ble_cb->scan_param_idle_timer);
    473 
    474         if (p_ble_cb->scan_int != scan_interval)
    475         {
    476             p_ble_cb->scan_int = scan_interval;
    477             new_param = TRUE;
    478         }
    479 
    480         if (p_ble_cb->scan_win != scan_window)
    481         {
    482             p_ble_cb->scan_win = scan_window;
    483             new_param = TRUE;
    484         }
    485 
    486         if (new_param && p_ble_cb->conn_state == BLE_BG_CONN)
    487         {
    488             btm_ble_suspend_bg_conn();
    489         }
    490     }
    491     else
    492     {
    493         BTM_TRACE_ERROR0("Illegal Connection Scan Parameters");
    494     }
    495 #endif
    496 }
    497 
    498 /********************************************************
    499 **
    500 ** Function         BTM_BleSetPrefConnParams
    501 **
    502 ** Description      Set a peripheral's preferred connection parameters
    503 **
    504 ** Parameters:      bd_addr          - BD address of the peripheral
    505 **                  scan_interval: scan interval
    506 **                  scan_window: scan window
    507 **                  min_conn_int     - minimum preferred connection interval
    508 **                  max_conn_int     - maximum preferred connection interval
    509 **                  slave_latency    - preferred slave latency
    510 **                  supervision_tout - preferred supervision timeout
    511 **
    512 ** Returns          void
    513 **
    514 *******************************************************************************/
    515 void BTM_BleSetPrefConnParams (BD_ADDR bd_addr,
    516                                UINT16 min_conn_int, UINT16 max_conn_int,
    517                                UINT16 slave_latency, UINT16 supervision_tout)
    518 {
    519 #if BLE_INCLUDED == TRUE
    520     tBTM_SEC_DEV_REC  *p_dev_rec = btm_find_dev (bd_addr);
    521 
    522     BTM_TRACE_API4 ("BTM_BleSetPrefConnParams min: %u  max: %u  latency: %u  \
    523                     tout: %u",
    524                     min_conn_int, max_conn_int, slave_latency, supervision_tout);
    525 
    526     if (BTM_BLE_VALID_PRAM(min_conn_int, BTM_BLE_CONN_INT_MIN, BTM_BLE_CONN_INT_MAX) &&
    527         BTM_BLE_VALID_PRAM(max_conn_int, BTM_BLE_CONN_INT_MIN, BTM_BLE_CONN_INT_MAX) &&
    528         BTM_BLE_VALID_PRAM(supervision_tout, BTM_BLE_CONN_SUP_TOUT_MIN, BTM_BLE_CONN_SUP_TOUT_MAX) &&
    529         (slave_latency <= BTM_BLE_CONN_LATENCY_MAX || slave_latency == BTM_BLE_CONN_PARAM_UNDEF))
    530     {
    531         if (p_dev_rec)
    532         {
    533             /* expect conn int and stout and slave latency to be updated all together */
    534             if (min_conn_int != BTM_BLE_CONN_PARAM_UNDEF || max_conn_int != BTM_BLE_CONN_PARAM_UNDEF)
    535             {
    536                 if (min_conn_int != BTM_BLE_CONN_PARAM_UNDEF)
    537                     p_dev_rec->conn_params.min_conn_int = min_conn_int;
    538                 else
    539                     p_dev_rec->conn_params.min_conn_int = max_conn_int;
    540 
    541                 if (max_conn_int != BTM_BLE_CONN_PARAM_UNDEF)
    542                     p_dev_rec->conn_params.max_conn_int = max_conn_int;
    543                 else
    544                     p_dev_rec->conn_params.max_conn_int = min_conn_int;
    545 
    546                 if (slave_latency != BTM_BLE_CONN_PARAM_UNDEF)
    547                     p_dev_rec->conn_params.slave_latency = slave_latency;
    548                 else
    549                     p_dev_rec->conn_params.slave_latency = BTM_BLE_CONN_SLAVE_LATENCY_DEF;
    550 
    551                 if (supervision_tout != BTM_BLE_CONN_PARAM_UNDEF)
    552                     p_dev_rec->conn_params.supervision_tout = supervision_tout;
    553                 else
    554                     p_dev_rec->conn_params.slave_latency = BTM_BLE_CONN_TIMEOUT_DEF;
    555 
    556             }
    557 
    558         }
    559         else
    560         {
    561             BTM_TRACE_ERROR0("Unknown Device, setting rejected");
    562         }
    563     }
    564     else
    565     {
    566         BTM_TRACE_ERROR0("Illegal Connection Parameters");
    567     }
    568 #endif  /* BLE_INCLUDED */
    569 }
    570 
    571 /*******************************************************************************
    572 **
    573 ** Function         BTM_ReadDevInfo
    574 **
    575 ** Description      This function is called to read the device/address type
    576 **                  of BD address.
    577 **
    578 ** Parameter        remote_bda: remote device address
    579 **                  p_dev_type: output parameter to read the device type.
    580 **                  p_addr_type: output parameter to read the address type.
    581 **
    582 *******************************************************************************/
    583 void BTM_ReadDevInfo (BD_ADDR remote_bda, tBT_DEVICE_TYPE *p_dev_type, tBLE_ADDR_TYPE *p_addr_type)
    584 {
    585 #if BLE_INCLUDED == TRUE
    586     tBTM_SEC_DEV_REC  *p_dev_rec = btm_find_dev (remote_bda);
    587     tBTM_INQ_INFO     *p_inq_info = BTM_InqDbRead(remote_bda);
    588 
    589     *p_dev_type = BT_DEVICE_TYPE_BREDR;
    590     *p_addr_type = BLE_ADDR_PUBLIC;
    591 
    592     if (!p_dev_rec)
    593     {
    594         /* Check with the BT manager if details about remote device are known */
    595         if (p_inq_info != NULL)
    596         {
    597             *p_dev_type = p_inq_info->results.device_type ;
    598             *p_addr_type = p_inq_info->results.ble_addr_type;
    599         } else {
    600             /* unknown device, assume BR/EDR */
    601             BTM_TRACE_DEBUG0 ("btm_find_dev_type - unknown device, BR/EDR assumed");
    602         }
    603     }
    604     else /* there is a security device record exisitng */
    605     {
    606         /* new inquiry result, overwrite device type in security device record */
    607         if (p_inq_info)
    608         {
    609             p_dev_rec->device_type          = p_inq_info->results.device_type;
    610             p_dev_rec->ble.ble_addr_type    = p_inq_info->results.ble_addr_type;
    611         }
    612         *p_dev_type = p_dev_rec->device_type;
    613         *p_addr_type = p_dev_rec->ble.ble_addr_type;
    614 
    615     }
    616 
    617     BTM_TRACE_DEBUG2 ("btm_find_dev_type - device_type = %d addr_type = %d", *p_dev_type , *p_addr_type);
    618 #endif
    619 
    620     return;
    621 }
    622 
    623 #if BLE_INCLUDED == TRUE
    624 
    625 /*******************************************************************************
    626 **
    627 ** Function         BTM_BleReceiverTest
    628 **
    629 ** Description      This function is called to start the LE Receiver test
    630 **
    631 ** Parameter       rx_freq - Frequency Range
    632 **               p_cmd_cmpl_cback - Command Complete callback
    633 **
    634 *******************************************************************************/
    635 void BTM_BleReceiverTest(UINT8 rx_freq, tBTM_CMPL_CB *p_cmd_cmpl_cback)
    636 {
    637      btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback;
    638 
    639      if (btsnd_hcic_ble_receiver_test(rx_freq) == FALSE)
    640      {
    641           BTM_TRACE_ERROR1("%s: Unable to Trigger LE receiver test", __FUNCTION__);
    642      }
    643 }
    644 
    645 /*******************************************************************************
    646 **
    647 ** Function         BTM_BleTransmitterTest
    648 **
    649 ** Description      This function is called to start the LE Transmitter test
    650 **
    651 ** Parameter       tx_freq - Frequency Range
    652 **                       test_data_len - Length in bytes of payload data in each packet
    653 **                       packet_payload - Pattern to use in the payload
    654 **                       p_cmd_cmpl_cback - Command Complete callback
    655 **
    656 *******************************************************************************/
    657 void BTM_BleTransmitterTest(UINT8 tx_freq, UINT8 test_data_len,
    658                                  UINT8 packet_payload, tBTM_CMPL_CB *p_cmd_cmpl_cback)
    659 {
    660      btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback;
    661      if (btsnd_hcic_ble_transmitter_test(tx_freq, test_data_len, packet_payload) == FALSE)
    662      {
    663           BTM_TRACE_ERROR1("%s: Unable to Trigger LE transmitter test", __FUNCTION__);
    664      }
    665 }
    666 
    667 /*******************************************************************************
    668 **
    669 ** Function         BTM_BleTestEnd
    670 **
    671 ** Description      This function is called to stop the in-progress TX or RX test
    672 **
    673 ** Parameter       p_cmd_cmpl_cback - Command complete callback
    674 **
    675 *******************************************************************************/
    676 void BTM_BleTestEnd(tBTM_CMPL_CB *p_cmd_cmpl_cback)
    677 {
    678      btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback;
    679 
    680      if (btsnd_hcic_ble_test_end() == FALSE)
    681      {
    682           BTM_TRACE_ERROR1("%s: Unable to End the LE TX/RX test", __FUNCTION__);
    683      }
    684 }
    685 
    686 #endif
    687 
    688 /*******************************************************************************
    689 ** Internal Functions
    690 *******************************************************************************/
    691 #if BLE_INCLUDED == TRUE
    692 
    693 void btm_ble_test_command_complete(UINT8 *p)
    694 {
    695     tBTM_CMPL_CB   *p_cb = btm_cb.devcb.p_le_test_cmd_cmpl_cb;
    696     UINT8           status;
    697 
    698     btm_cb.devcb.p_le_test_cmd_cmpl_cb = NULL;
    699 
    700     if (p_cb)
    701     {
    702         (*p_cb)(p);
    703     }
    704 }
    705 
    706 /*******************************************************************************
    707 **
    708 ** Function         BTM_IsBleLink
    709 **
    710 ** Description      This function is to check the link type is BLE or BR/EDR.
    711 **
    712 ** Returns          TRUE if BLE link; FALSE if BR/EDR.
    713 **
    714 *******************************************************************************/
    715 BOOLEAN BTM_IsBleLink (BD_ADDR bd_addr)
    716 {
    717 #if (BLE_INCLUDED == TRUE)
    718     tACL_CONN         *p;
    719     BTM_TRACE_DEBUG0 ("BTM_IsBleLink");
    720     if ((p = btm_bda_to_acl(bd_addr)) != NULL)
    721         return p->is_le_link;
    722     else
    723 #endif
    724         return FALSE;
    725 }
    726 /*******************************************************************************
    727 **
    728 ** Function         BTM_UseLeLink
    729 **
    730 ** Description      This function is to select the underneath physical link to use.
    731 **
    732 ** Returns          TRUE to use LE, FALSE use BR/EDR.
    733 **
    734 *******************************************************************************/
    735 BOOLEAN BTM_UseLeLink (BD_ADDR bd_addr)
    736 {
    737     tACL_CONN         *p;
    738     tBT_DEVICE_TYPE     dev_type;
    739     tBLE_ADDR_TYPE      addr_type;
    740     BOOLEAN             use_le = FALSE;
    741 
    742     if ((p = btm_bda_to_acl(bd_addr)) != NULL)
    743     {
    744 #if (BLE_INCLUDED == TRUE)
    745         use_le = (p->is_le_link);
    746 #endif
    747     }
    748     else
    749     {
    750         BTM_ReadDevInfo(bd_addr, &dev_type, &addr_type);
    751         use_le = (dev_type == BT_DEVICE_TYPE_BLE);
    752     }
    753     return use_le;
    754 }
    755 /*******************************************************************************
    756 **
    757 ** Function         btm_ble_rand_enc_complete
    758 **
    759 ** Description      This function is the callback functions for HCI_Rand command
    760 **                  and HCI_Encrypt command is completed.
    761 **                  This message is received from the HCI.
    762 **
    763 ** Returns          void
    764 **
    765 *******************************************************************************/
    766 void btm_ble_rand_enc_complete (UINT8 *p, UINT16 op_code, tBTM_RAND_ENC_CB *p_enc_cplt_cback)
    767 {
    768     tBTM_RAND_ENC   params;
    769     UINT8           *p_dest = params.param_buf;
    770 
    771     BTM_TRACE_DEBUG0 ("btm_ble_rand_enc_complete");
    772 
    773     memset(&params, 0, sizeof(tBTM_RAND_ENC));
    774 
    775     /* If there was a callback address for vcs complete, call it */
    776     if (p_enc_cplt_cback && p)
    777     {
    778         /* Pass paramters to the callback function */
    779         STREAM_TO_UINT8(params.status, p); /* command status */
    780 
    781         if (params.status == HCI_SUCCESS)
    782         {
    783             params.opcode = op_code;
    784 
    785             if (op_code == HCI_BLE_RAND)
    786                 params.param_len = BT_OCTET8_LEN;
    787             else
    788                 params.param_len = BT_OCTET16_LEN;
    789 
    790             memcpy(p_dest, p, params.param_len);  /* Fetch return info from HCI event message */
    791         }
    792         if (p_enc_cplt_cback)
    793             (*p_enc_cplt_cback)(&params);  /* Call the Encryption complete callback function */
    794     }
    795 }
    796 
    797 
    798     #if (SMP_INCLUDED == TRUE)
    799 
    800 /*******************************************************************************
    801 **
    802 ** Function         btm_ble_get_enc_key_type
    803 **
    804 ** Description      This function is to increment local sign counter
    805 ** Returns         None
    806 **
    807 *******************************************************************************/
    808 void btm_ble_increment_sign_ctr(BD_ADDR bd_addr, BOOLEAN is_local )
    809 {
    810     tBTM_SEC_DEV_REC *p_dev_rec;
    811 
    812     BTM_TRACE_DEBUG1 ("btm_ble_increment_sign_ctr is_local=%d", is_local);
    813 
    814     if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL)
    815     {
    816         if (is_local)
    817             p_dev_rec->ble.keys.local_counter++;
    818         else
    819             p_dev_rec->ble.keys.counter++;
    820         BTM_TRACE_DEBUG3 ("is_local=%d local sign counter=%d peer sign counter=%d",
    821                           is_local,
    822                           p_dev_rec->ble.keys.local_counter,
    823                           p_dev_rec->ble.keys.counter);
    824     }
    825 }
    826 
    827 /*******************************************************************************
    828 **
    829 ** Function         btm_ble_get_enc_key_type
    830 **
    831 ** Description      This function is to get the BLE key type that has been exchanged
    832 **                  in betweem local device and peer device.
    833 **
    834 ** Returns          p_key_type: output parameter to carry the key type value.
    835 **
    836 *******************************************************************************/
    837 BOOLEAN btm_ble_get_enc_key_type(BD_ADDR bd_addr, UINT8 *p_key_types)
    838 {
    839     tBTM_SEC_DEV_REC *p_dev_rec;
    840 
    841     BTM_TRACE_DEBUG0 ("btm_ble_get_enc_key_type");
    842 
    843     if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL)
    844     {
    845         *p_key_types = p_dev_rec->ble.key_type;
    846         return TRUE;
    847     }
    848     return FALSE;
    849 }
    850 
    851 /*******************************************************************************
    852 **
    853 ** Function         btm_get_local_div
    854 **
    855 ** Description      This function is called to read the local DIV
    856 **
    857 ** Returns          TURE - if a valid DIV is availavle
    858 *******************************************************************************/
    859 BOOLEAN btm_get_local_div (BD_ADDR bd_addr, UINT16 *p_div)
    860 {
    861     tBTM_SEC_DEV_REC   *p_dev_rec;
    862     BOOLEAN            status = FALSE;
    863     BTM_TRACE_DEBUG0 ("btm_get_local_div");
    864 
    865     BTM_TRACE_DEBUG6("bd_addr:%02x-%02x-%02x-%02x-%02x-%02x",
    866                      bd_addr[0],bd_addr[1],
    867                      bd_addr[2],bd_addr[3],
    868                      bd_addr[4],bd_addr[5]);
    869 
    870     p_dev_rec = btm_find_dev (bd_addr);
    871 
    872     if (p_dev_rec && p_dev_rec->ble.keys.div)
    873     {
    874         status = TRUE;
    875         *p_div = p_dev_rec->ble.keys.div;
    876     }
    877     BTM_TRACE_DEBUG2 ("btm_get_local_div status=%d (1-OK) DIV=0x%x", status, *p_div);
    878     return status;
    879 }
    880 
    881 /*******************************************************************************
    882 **
    883 ** Function         btm_sec_save_le_key
    884 **
    885 ** Description      This function is called by the SMP to update
    886 **                  an  BLE key.  SMP is internal, whereas all the keys shall
    887 **                  be sent to the application.  The function is also called
    888 **                  when application passes ble key stored in NVRAM to the btm_sec.
    889 **                  pass_to_application parameter is false in this case.
    890 **
    891 ** Returns          void
    892 **
    893 *******************************************************************************/
    894 void btm_sec_save_le_key(BD_ADDR bd_addr, tBTM_LE_KEY_TYPE key_type, tBTM_LE_KEY_VALUE *p_keys,
    895                          BOOLEAN pass_to_application)
    896 {
    897     tBTM_SEC_DEV_REC *p_rec;
    898     tBTM_LE_EVT_DATA    cb_data;
    899     UINT8 i;
    900 
    901     BTM_TRACE_DEBUG2 ("btm_sec_save_le_key key_type=0x%x pass_to_application=%d",key_type, pass_to_application);
    902     /* Store the updated key in the device database */
    903 
    904     BTM_TRACE_DEBUG6("bd_addr:%02x-%02x-%02x-%02x-%02x-%02x",
    905                      bd_addr[0],bd_addr[1],
    906                      bd_addr[2],bd_addr[3],
    907                      bd_addr[4],bd_addr[5]);
    908 
    909     if ((p_rec = btm_find_dev (bd_addr)) != NULL && p_keys)
    910     {
    911         switch (key_type)
    912         {
    913             case BTM_LE_KEY_PENC:
    914                 memcpy(p_rec->ble.keys.ltk, p_keys->penc_key.ltk, BT_OCTET16_LEN);
    915                 memcpy(p_rec->ble.keys.rand, p_keys->penc_key.rand, BT_OCTET8_LEN);
    916                 p_rec->ble.keys.sec_level = p_keys->penc_key.sec_level;
    917                 p_rec->ble.keys.ediv = p_keys->penc_key.ediv;
    918                 p_rec->ble.keys.key_size = p_keys->penc_key.key_size;
    919                 p_rec->ble.key_type |= BTM_LE_KEY_PENC;
    920                 p_rec->sec_flags |= BTM_SEC_LINK_KEY_KNOWN;
    921                 if (p_keys->penc_key.sec_level == SMP_SEC_AUTHENTICATED)
    922                     p_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED;
    923                 else
    924                     p_rec->sec_flags &= ~BTM_SEC_LINK_KEY_AUTHED;
    925                 BTM_TRACE_DEBUG3("BTM_LE_KEY_PENC key_type=0x%x sec_flags=0x%x sec_leve=0x%x",
    926                                  p_rec->ble.key_type,
    927                                  p_rec->sec_flags,
    928                                  p_rec->ble.keys.sec_level);
    929                 break;
    930 
    931             case BTM_LE_KEY_PID:
    932                 for (i=0; i<BT_OCTET16_LEN; i++)
    933                 {
    934                     p_rec->ble.keys.irk[i] = p_keys->pid_key.irk[i];
    935                 }
    936 
    937                  //memcpy( p_rec->ble.keys.irk, p_keys->pid_key, BT_OCTET16_LEN); todo will crash the system
    938                 memcpy(p_rec->ble.static_addr, p_keys->pid_key.static_addr, BD_ADDR_LEN);
    939                 p_rec->ble.static_addr_type = p_keys->pid_key.addr_type;
    940                 p_rec->ble.key_type |= BTM_LE_KEY_PID;
    941                 BTM_TRACE_DEBUG1("BTM_LE_KEY_PID key_type=0x%x save peer IRK",  p_rec->ble.key_type);
    942                 break;
    943 
    944             case BTM_LE_KEY_PCSRK:
    945                 memcpy(p_rec->ble.keys.csrk, p_keys->pcsrk_key.csrk, BT_OCTET16_LEN);
    946                 p_rec->ble.keys.srk_sec_level = p_keys->pcsrk_key.sec_level;
    947                 p_rec->ble.keys.counter  = p_keys->pcsrk_key.counter;
    948                 p_rec->ble.key_type |= BTM_LE_KEY_PCSRK;
    949                 p_rec->sec_flags |=  BTM_SEC_LINK_KEY_KNOWN;
    950                 if ( p_keys->pcsrk_key.sec_level== SMP_SEC_AUTHENTICATED)
    951                     p_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED;
    952                 else
    953                     p_rec->sec_flags &= ~BTM_SEC_LINK_KEY_AUTHED;
    954 
    955                 BTM_TRACE_DEBUG4("BTM_LE_KEY_PCSRK key_type=0x%x sec_flags=0x%x sec_level=0x%x peer_counter=%d",
    956                                  p_rec->ble.key_type,
    957                                  p_rec->sec_flags,
    958                                  p_rec->ble.keys.srk_sec_level,
    959                                  p_rec->ble.keys.counter );
    960                 break;
    961 
    962             case BTM_LE_KEY_LENC:
    963                 p_rec->ble.keys.div = p_keys->lenc_key.div; /* update DIV */
    964                 p_rec->ble.keys.sec_level = p_keys->lenc_key.sec_level;
    965                 p_rec->ble.keys.key_size = p_keys->lenc_key.key_size;
    966                 p_rec->ble.key_type |= BTM_LE_KEY_LENC;
    967 
    968                 BTM_TRACE_DEBUG4("BTM_LE_KEY_LENC key_type=0x%x DIV=0x%x key_size=0x%x sec_level=0x%x",
    969                                  p_rec->ble.key_type,
    970                                  p_rec->ble.keys.div,
    971                                  p_rec->ble.keys.key_size,
    972                                  p_rec->ble.keys.sec_level );
    973                 break;
    974 
    975             case BTM_LE_KEY_LCSRK:/* local CSRK has been delivered */
    976                 p_rec->ble.keys.div = p_keys->lcsrk_key.div; /* update DIV */
    977                 p_rec->ble.keys.local_csrk_sec_level = p_keys->lcsrk_key.sec_level;
    978                 p_rec->ble.keys.local_counter  = p_keys->lcsrk_key.counter;
    979                 p_rec->ble.key_type |= BTM_LE_KEY_LCSRK;
    980                 BTM_TRACE_DEBUG4("BTM_LE_KEY_LCSRK key_type=0x%x DIV=0x%x scrk_sec_level=0x%x local_counter=%d",
    981                                  p_rec->ble.key_type,
    982                                  p_rec->ble.keys.div,
    983                                  p_rec->ble.keys.local_csrk_sec_level,
    984                                  p_rec->ble.keys.local_counter );
    985                 break;
    986 
    987             default:
    988                 BTM_TRACE_WARNING1("btm_sec_save_le_key (Bad key_type 0x%02x)", key_type);
    989                 return;
    990         }
    991 
    992         BTM_TRACE_DEBUG3 ("BLE key type 0x%02x updated for BDA: %08x%04x (btm_sec_save_le_key)", key_type,
    993                           (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3],
    994                           (bd_addr[4]<<8)+bd_addr[5]);
    995 
    996         /* Notify the application that one of the BLE keys has been updated
    997            If link key is in progress, it will get sent later.*/
    998         if (pass_to_application && btm_cb.api.p_le_callback)
    999         {
   1000             cb_data.key.p_key_value = p_keys;
   1001             cb_data.key.key_type = key_type;
   1002             (*btm_cb.api.p_le_callback) (BTM_LE_KEY_EVT, bd_addr, &cb_data);
   1003         }
   1004         return;
   1005     }
   1006 
   1007     BTM_TRACE_WARNING3 ("BLE key type 0x%02x called for Unknown BDA or type: %08x%04x !! (btm_sec_save_le_key)", key_type,
   1008                         (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3],
   1009                         (bd_addr[4]<<8)+bd_addr[5]);
   1010 
   1011     if (p_rec)
   1012     {
   1013         BTM_TRACE_DEBUG1 ("sec_flags=0x%x", p_rec->sec_flags);
   1014     }
   1015 }
   1016 
   1017 /*******************************************************************************
   1018 **
   1019 ** Function         btm_ble_update_sec_key_size
   1020 **
   1021 ** Description      update the current lin kencryption key size
   1022 **
   1023 ** Returns          void
   1024 **
   1025 *******************************************************************************/
   1026 void btm_ble_update_sec_key_size(BD_ADDR bd_addr, UINT8 enc_key_size)
   1027 {
   1028     tBTM_SEC_DEV_REC *p_rec;
   1029 
   1030     BTM_TRACE_DEBUG1("btm_ble_update_sec_key_size enc_key_size = %d", enc_key_size);
   1031 
   1032     if ((p_rec = btm_find_dev (bd_addr)) != NULL )
   1033     {
   1034         p_rec->enc_key_size = enc_key_size;
   1035     }
   1036 }
   1037 
   1038 /*******************************************************************************
   1039 **
   1040 ** Function         btm_ble_read_sec_key_size
   1041 **
   1042 ** Description      update the current lin kencryption key size
   1043 **
   1044 ** Returns          void
   1045 **
   1046 *******************************************************************************/
   1047 UINT8 btm_ble_read_sec_key_size(BD_ADDR bd_addr)
   1048 {
   1049     tBTM_SEC_DEV_REC *p_rec;
   1050 
   1051     if ((p_rec = btm_find_dev (bd_addr)) != NULL )
   1052     {
   1053         return p_rec->enc_key_size;
   1054     }
   1055     else
   1056         return 0;
   1057 }
   1058 
   1059 /*******************************************************************************
   1060 **
   1061 ** Function         btm_ble_link_sec_check
   1062 **
   1063 ** Description      Check BLE link security level match.
   1064 **
   1065 ** Returns          TRUE: check is OK and the *p_sec_req_act contain the action
   1066 **
   1067 *******************************************************************************/
   1068 void btm_ble_link_sec_check(BD_ADDR bd_addr, tBTM_LE_AUTH_REQ auth_req, tBTM_BLE_SEC_REQ_ACT *p_sec_req_act)
   1069 {
   1070     tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
   1071     UINT8 req_sec_level = BTM_LE_SEC_NONE, cur_sec_level = BTM_LE_SEC_NONE;
   1072 
   1073     BTM_TRACE_DEBUG1 ("btm_ble_link_sec_check auth_req =0x%x", auth_req);
   1074 
   1075     if (p_dev_rec == NULL)
   1076     {
   1077         BTM_TRACE_ERROR0 ("btm_ble_link_sec_check received for unknown device");
   1078         return;
   1079     }
   1080 
   1081     if (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING ||
   1082         p_dev_rec->sec_state == BTM_SEC_STATE_AUTHENTICATING)
   1083     {
   1084         /* race condition: discard the security request while master is encrypting the link */
   1085         *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_DISCARD;
   1086     }
   1087     else
   1088     {
   1089         req_sec_level = BTM_LE_SEC_UNAUTHENTICATE;
   1090         if ((auth_req == (BTM_LE_AUTH_REQ_BOND|BTM_LE_AUTH_REQ_MITM)) ||
   1091             (auth_req == (BTM_LE_AUTH_REQ_MITM)) )
   1092         {
   1093             req_sec_level = BTM_LE_SEC_AUTHENTICATED;
   1094         }
   1095 
   1096         BTM_TRACE_DEBUG1 ("dev_rec sec_flags=0x%x", p_dev_rec->sec_flags);
   1097 
   1098         /* currently encrpted  */
   1099         if (p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED)
   1100         {
   1101             if (p_dev_rec->sec_flags & BTM_SEC_LINK_KEY_AUTHED)
   1102                 cur_sec_level = BTM_LE_SEC_AUTHENTICATED;
   1103             else
   1104                 cur_sec_level = BTM_LE_SEC_UNAUTHENTICATE;
   1105         }
   1106         else /* unencrypted link */
   1107         {
   1108             /* if bonded, get the key security level */
   1109             if (p_dev_rec->ble.key_type & BTM_LE_KEY_PENC)
   1110                 cur_sec_level = p_dev_rec->ble.keys.sec_level;
   1111             else
   1112                 cur_sec_level = BTM_LE_SEC_NONE;
   1113         }
   1114 
   1115         if (cur_sec_level >= req_sec_level)
   1116         {
   1117             if (cur_sec_level == BTM_LE_SEC_NONE)
   1118             {
   1119                 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_NONE;
   1120             }
   1121             else
   1122             {
   1123                 /* To avoid re-encryption on an encrypted link for an equal condition encryption */
   1124                 /* if link has been encrypted, do nothing, go straight to furhter action
   1125                 if (p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED)
   1126                     *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_DISCARD;
   1127                 else
   1128                 */
   1129                 *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_ENCRYPT;
   1130             }
   1131         }
   1132         else
   1133         {
   1134             *p_sec_req_act =  BTM_BLE_SEC_REQ_ACT_PAIR; /* start the pariring process to upgrade the keys*/
   1135         }
   1136     }
   1137 
   1138     BTM_TRACE_DEBUG3("cur_sec_level=%d req_sec_level=%d sec_req_act=%d",
   1139                      cur_sec_level,
   1140                      req_sec_level,
   1141                      *p_sec_req_act);
   1142 
   1143 }
   1144 
   1145 /*******************************************************************************
   1146 **
   1147 ** Function         btm_ble_set_encryption
   1148 **
   1149 ** Description      This function is called to ensure that LE connection is
   1150 **                  encrypted.  Should be called only on an open connection.
   1151 **                  Typically only needed for connections that first want to
   1152 **                  bring up unencrypted links, then later encrypt them.
   1153 **
   1154 ** Returns          void
   1155 **                  the local device ER is copied into er
   1156 **
   1157 *******************************************************************************/
   1158 tBTM_STATUS btm_ble_set_encryption (BD_ADDR bd_addr, void *p_ref_data, UINT8 link_role)
   1159 {
   1160     tBTM_STATUS         cmd = BTM_NO_RESOURCES;
   1161     tBTM_BLE_SEC_ACT    sec_act = *(tBTM_BLE_SEC_ACT *)p_ref_data ;
   1162     tBTM_SEC_DEV_REC    *p_rec = btm_find_dev (bd_addr);
   1163 
   1164     if (p_rec == NULL)
   1165     {
   1166         BTM_TRACE_WARNING1 ("btm_ble_set_encryption (NULL device record!! sec_act=0x%x", sec_act);
   1167         return(BTM_WRONG_MODE);
   1168     }
   1169 
   1170     BTM_TRACE_DEBUG2 ("btm_ble_set_encryption sec_act=0x%x role_master=%d", sec_act, p_rec->role_master);
   1171 
   1172     if (sec_act == BTM_BLE_SEC_ENCRYPT_MITM)
   1173     {
   1174         p_rec->security_required |= BTM_SEC_IN_MITM;
   1175     }
   1176 
   1177     switch (sec_act)
   1178     {
   1179         case BTM_BLE_SEC_ENCRYPT:
   1180             if (link_role == BTM_ROLE_MASTER)
   1181             {
   1182                 if(p_rec->sec_state == BTM_SEC_STATE_ENCRYPTING) {
   1183                     BTM_TRACE_DEBUG0 ("State is already encrypting::");
   1184                     cmd = BTM_CMD_STARTED;
   1185                 }
   1186                 else {
   1187                     /* start link layer encryption using the security info stored */
   1188                     if (btm_ble_start_encrypt(bd_addr, FALSE, NULL))
   1189                     {
   1190                         p_rec->sec_state = BTM_SEC_STATE_ENCRYPTING;
   1191                         cmd = BTM_CMD_STARTED;
   1192                     }
   1193                 }
   1194                 break;
   1195             }
   1196             /* if salve role then fall through to call SMP_Pair below which will send a
   1197                sec_request to request the master to encrypt the link */
   1198         case BTM_BLE_SEC_ENCRYPT_NO_MITM:
   1199         case BTM_BLE_SEC_ENCRYPT_MITM:
   1200 
   1201             if (SMP_Pair(bd_addr) == SMP_STARTED)
   1202             {
   1203                 cmd = BTM_CMD_STARTED;
   1204                 p_rec->sec_state = BTM_SEC_STATE_AUTHENTICATING;
   1205             }
   1206             break;
   1207 
   1208         default:
   1209             cmd = BTM_SUCCESS;
   1210             break;
   1211     }
   1212     return cmd;
   1213 }
   1214 
   1215 /*******************************************************************************
   1216 **
   1217 ** Function         btm_ble_ltk_request
   1218 **
   1219 ** Description      This function is called when encryption request is received
   1220 **                  on a slave device.
   1221 **
   1222 **
   1223 ** Returns          void
   1224 **
   1225 *******************************************************************************/
   1226 void btm_ble_ltk_request(UINT16 handle, UINT8 rand[8], UINT16 ediv)
   1227 {
   1228     tBTM_CB *p_cb = &btm_cb;
   1229     tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev_by_handle (handle);
   1230     BT_OCTET8 dummy_stk = {0};
   1231 
   1232     BTM_TRACE_DEBUG0 ("btm_ble_ltk_request");
   1233 
   1234     p_cb->ediv = ediv;
   1235 
   1236     memcpy(p_cb->enc_rand, rand, BT_OCTET8_LEN);
   1237 
   1238     if (p_dev_rec != NULL)
   1239     {
   1240         if (!smp_proc_ltk_request(p_dev_rec->bd_addr))
   1241             btm_ble_ltk_request_reply(p_dev_rec->bd_addr, FALSE, dummy_stk);
   1242     }
   1243 
   1244 }
   1245 
   1246 /*******************************************************************************
   1247 **
   1248 ** Function         btm_ble_start_encrypt
   1249 **
   1250 ** Description      This function is called to start LE encryption.
   1251 **
   1252 **
   1253 ** Returns          void
   1254 **
   1255 *******************************************************************************/
   1256 BOOLEAN btm_ble_start_encrypt(BD_ADDR bda, BOOLEAN use_stk, BT_OCTET16 stk)
   1257 {
   1258     tBTM_CB *p_cb = &btm_cb;
   1259     tBTM_SEC_DEV_REC    *p_rec = btm_find_dev (bda);
   1260     BT_OCTET8    dummy_rand = {0};
   1261     BOOLEAN     rt = FALSE;
   1262 
   1263     BTM_TRACE_DEBUG0 ("btm_ble_start_encrypt");
   1264 
   1265     if (!p_rec ||
   1266         (p_rec && p_rec->sec_state == BTM_SEC_STATE_ENCRYPTING))
   1267         return FALSE;
   1268 
   1269     p_cb->enc_handle = p_rec->hci_handle;
   1270 
   1271     if (use_stk)
   1272     {
   1273         if (btsnd_hcic_ble_start_enc(p_rec->hci_handle, dummy_rand, 0, stk))
   1274             rt = TRUE;
   1275     }
   1276     else if (p_rec->ble.key_type & BTM_LE_KEY_PENC)
   1277     {
   1278         if (btsnd_hcic_ble_start_enc(p_rec->hci_handle, p_rec->ble.keys.rand,
   1279                                       p_rec->ble.keys.ediv, p_rec->ble.keys.ltk))
   1280             rt = TRUE;
   1281     }
   1282     else
   1283     {
   1284         BTM_TRACE_ERROR0("No key available to encrypt the link");
   1285     }
   1286     if (rt)
   1287     {
   1288         if (p_rec->sec_state == BTM_SEC_STATE_IDLE)
   1289             p_rec->sec_state = BTM_SEC_STATE_ENCRYPTING;
   1290     }
   1291 
   1292     return rt;
   1293 }
   1294 
   1295 /*******************************************************************************
   1296 **
   1297 ** Function         btm_ble_link_encrypted
   1298 **
   1299 ** Description      This function is called when LE link encrption status is changed.
   1300 **
   1301 ** Returns          void
   1302 **
   1303 *******************************************************************************/
   1304 void btm_ble_link_encrypted(BD_ADDR bd_addr, UINT8 encr_enable)
   1305 {
   1306     tBTM_SEC_DEV_REC    *p_dev_rec = btm_find_dev (bd_addr);
   1307     BOOLEAN             enc_cback;
   1308 
   1309     if (!p_dev_rec)
   1310     {
   1311         BTM_TRACE_WARNING1 ("btm_ble_link_encrypted (No Device Found!) encr_enable=%d", encr_enable);
   1312         return;
   1313     }
   1314 
   1315     BTM_TRACE_DEBUG1 ("btm_ble_link_encrypted encr_enable=%d", encr_enable);
   1316 
   1317     enc_cback = (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING);
   1318 
   1319     smp_link_encrypted(bd_addr, encr_enable);
   1320 
   1321     BTM_TRACE_DEBUG1(" p_dev_rec->sec_flags=0x%x", p_dev_rec->sec_flags);
   1322 
   1323     if (encr_enable && p_dev_rec->enc_key_size == 0)
   1324         p_dev_rec->enc_key_size = p_dev_rec->ble.keys.key_size;
   1325 
   1326     p_dev_rec->sec_state = BTM_SEC_STATE_IDLE;
   1327     if (p_dev_rec->p_callback && enc_cback)
   1328     {
   1329         if (encr_enable)
   1330             btm_sec_dev_rec_cback_event(p_dev_rec, BTM_SUCCESS);
   1331         else if (p_dev_rec->role_master)
   1332             btm_sec_dev_rec_cback_event(p_dev_rec, BTM_ERR_PROCESSING);
   1333 
   1334     }
   1335     /* to notify GATT to send data if any request is pending */
   1336     gatt_notify_enc_cmpl(p_dev_rec->bd_addr);
   1337 }
   1338 
   1339 /*******************************************************************************
   1340 ** Function         btm_enc_proc_ltk
   1341 ** Description      send LTK reply when it's ready.
   1342 *******************************************************************************/
   1343 static void btm_enc_proc_ltk(tSMP_ENC *p)
   1344 {
   1345     UINT8   i;
   1346     BTM_TRACE_DEBUG0 ("btm_enc_proc_ltk");
   1347     if (p && p->param_len == BT_OCTET16_LEN)
   1348     {
   1349         for (i = 0; i < (BT_OCTET16_LEN - btm_cb.key_size); i ++)
   1350             p->param_buf[BT_OCTET16_LEN - i - 1] = 0;
   1351         btsnd_hcic_ble_ltk_req_reply(btm_cb.enc_handle, p->param_buf);
   1352     }
   1353 }
   1354 
   1355 /*******************************************************************************
   1356 ** Function         btm_enc_proc_slave_y
   1357 ** Description      calculate LTK when Y is ready
   1358 *******************************************************************************/
   1359 static void btm_enc_proc_slave_y(tSMP_ENC *p)
   1360 {
   1361     UINT16  div, y;
   1362     UINT8   *pp = p->param_buf;
   1363     tBTM_CB *p_cb = &btm_cb;
   1364     tSMP_ENC output;
   1365     tBTM_SEC_DEV_REC *p_dev_rec;
   1366 
   1367     BTM_TRACE_DEBUG0 ("btm_enc_proc_slave_y");
   1368     if (p != NULL)
   1369     {
   1370         STREAM_TO_UINT16(y, pp);
   1371 
   1372         div = p_cb->ediv ^ y;
   1373         p_dev_rec = btm_find_dev_by_handle (p_cb->enc_handle);
   1374 
   1375         if ( p_dev_rec &&
   1376              p_dev_rec->ble.keys.div == div )
   1377         {
   1378             BTM_TRACE_DEBUG0 ("LTK request OK");
   1379             /* calculating LTK , LTK = E er(div) */
   1380             SMP_Encrypt(p_cb->devcb.er, BT_OCTET16_LEN, (UINT8 *)&div, 2, &output);
   1381             btm_enc_proc_ltk(&output);
   1382         }
   1383         else
   1384         {
   1385             BTM_TRACE_DEBUG0 ("LTK request failed - send negative reply");
   1386             btsnd_hcic_ble_ltk_req_neg_reply(p_cb->enc_handle);
   1387             if (p_dev_rec)
   1388                 btm_ble_link_encrypted(p_dev_rec->bd_addr, 0);
   1389 
   1390         }
   1391     }
   1392 }
   1393 
   1394 /*******************************************************************************
   1395 **
   1396 ** Function         btm_ble_ltk_request_reply
   1397 **
   1398 ** Description      This function is called to send a LTK request reply on a slave
   1399 **                  device.
   1400 **
   1401 ** Returns          void
   1402 **
   1403 *******************************************************************************/
   1404 void btm_ble_ltk_request_reply(BD_ADDR bda,  BOOLEAN use_stk, BT_OCTET16 stk)
   1405 {
   1406     tBTM_SEC_DEV_REC    *p_rec = btm_find_dev (bda);
   1407     tBTM_CB *p_cb = &btm_cb;
   1408     tSMP_ENC output;
   1409 
   1410     if (p_rec == NULL)
   1411     {
   1412         BTM_TRACE_ERROR0("btm_ble_ltk_request_reply received for unknown device");
   1413         return;
   1414     }
   1415 
   1416     BTM_TRACE_DEBUG0 ("btm_ble_ltk_request_reply");
   1417     p_cb->enc_handle = p_rec->hci_handle;
   1418     p_cb->key_size = p_rec->ble.keys.key_size;
   1419 
   1420     BTM_TRACE_ERROR1("key size = %d", p_rec->ble.keys.key_size);
   1421     if (use_stk)
   1422     {
   1423         btsnd_hcic_ble_ltk_req_reply(btm_cb.enc_handle, stk);
   1424     }
   1425     else /* calculate LTK using peer device  */
   1426     {
   1427         /* generate Y= Encrypt(DHK, Rand) received from encrypt request  */
   1428         SMP_Encrypt(p_cb->devcb.id_keys.dhk, BT_OCTET16_LEN, p_cb->enc_rand,
   1429                     BT_OCTET8_LEN, &output);
   1430         btm_enc_proc_slave_y(&output);
   1431     }
   1432 }
   1433 
   1434 /*******************************************************************************
   1435 **
   1436 ** Function         btm_ble_io_capabilities_req
   1437 **
   1438 ** Description      This function is called to handle SMP get IO capability request.
   1439 **
   1440 ** Returns          void
   1441 **
   1442 *******************************************************************************/
   1443 UINT8 btm_ble_io_capabilities_req(tBTM_SEC_DEV_REC *p_dev_rec, tBTM_LE_IO_REQ *p_data)
   1444 {
   1445     UINT8           callback_rc = BTM_SUCCESS;
   1446     BTM_TRACE_DEBUG0 ("btm_ble_io_capabilities_req");
   1447     if (btm_cb.api.p_le_callback)
   1448     {
   1449         /* the callback function implementation may change the IO capability... */
   1450         callback_rc = (*btm_cb.api.p_le_callback) (BTM_LE_IO_REQ_EVT, p_dev_rec->bd_addr, (tBTM_LE_EVT_DATA *)p_data);
   1451     }
   1452 #if BTM_OOB_INCLUDED == TRUE
   1453     if ((callback_rc == BTM_SUCCESS) || (BTM_OOB_UNKNOWN != p_data->oob_data))
   1454 #else
   1455     if (callback_rc == BTM_SUCCESS)
   1456 #endif
   1457     {
   1458         p_data->auth_req &= BTM_LE_AUTH_REQ_MASK;
   1459 
   1460         BTM_TRACE_DEBUG2 ("btm_ble_io_capabilities_req 1: p_dev_rec->security_required = %d auth_req:%d",
   1461                           p_dev_rec->security_required, p_data->auth_req);
   1462         BTM_TRACE_DEBUG2 ("btm_ble_io_capabilities_req 2: i_keys=0x%x r_keys=0x%x (bit 0-LTK 1-IRK 2-CSRK)",
   1463                           p_data->init_keys,
   1464                           p_data->resp_keys);
   1465 
   1466         /* if authentication requires MITM protection, put on the mask */
   1467         if (p_dev_rec->security_required & BTM_SEC_IN_MITM)
   1468             p_data->auth_req |= BTM_LE_AUTH_REQ_MITM;
   1469 
   1470         if (!(p_data->auth_req & SMP_AUTH_BOND))
   1471         {
   1472             BTM_TRACE_DEBUG0("Non bonding: No keys should be exchanged");
   1473             p_data->init_keys = 0;
   1474             p_data->resp_keys = 0;
   1475         }
   1476 
   1477         BTM_TRACE_DEBUG1 ("btm_ble_io_capabilities_req 3: auth_req:%d", p_data->auth_req);
   1478         BTM_TRACE_DEBUG2 ("btm_ble_io_capabilities_req 4: i_keys=0x%x r_keys=0x%x",
   1479                           p_data->init_keys,
   1480                           p_data->resp_keys);
   1481 
   1482         BTM_TRACE_DEBUG2 ("btm_ble_io_capabilities_req 5: p_data->io_cap = %d auth_req:%d",
   1483                           p_data->io_cap, p_data->auth_req);
   1484 
   1485         /* remove MITM protection requirement if IO cap does not allow it */
   1486         if ((p_data->io_cap == BTM_IO_CAP_NONE) && p_data->oob_data == SMP_OOB_NONE)
   1487             p_data->auth_req &= ~BTM_LE_AUTH_REQ_MITM;
   1488 
   1489         BTM_TRACE_DEBUG3 ("btm_ble_io_capabilities_req 6: IO_CAP:%d oob_data:%d auth_req:%d",
   1490                           p_data->io_cap, p_data->oob_data, p_data->auth_req);
   1491     }
   1492     return callback_rc;
   1493 }
   1494 
   1495 /*******************************************************************************
   1496 **
   1497 ** Function         btm_ble_connected
   1498 **
   1499 ** Description      This function is when a LE connection to the peer device is
   1500 **                  establsihed
   1501 **
   1502 ** Returns          void
   1503 **
   1504 *******************************************************************************/
   1505 void btm_ble_connected (UINT8 *bda, UINT16 handle, UINT8 enc_mode, UINT8 role,
   1506                         tBLE_ADDR_TYPE addr_type, BOOLEAN addr_matched)
   1507 {
   1508     tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bda);
   1509     tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb;
   1510 
   1511     BTM_TRACE_EVENT0 ("btm_ble_connected");
   1512 
   1513     /* Commenting out trace due to obf/compilation problems.
   1514     */
   1515 #if (BT_USE_TRACES == TRUE)
   1516     if (p_dev_rec)
   1517     {
   1518         BTM_TRACE_EVENT4 ("Security Manager: btm_sec_connected :  handle:%d  enc_mode:%d  bda:%x RName:%s",
   1519                           handle,  enc_mode,
   1520                           (bda[2]<<24)+(bda[3]<<16)+(bda[4]<<8)+bda[5],
   1521                           p_dev_rec->sec_bd_name);
   1522 
   1523         BTM_TRACE_DEBUG1 ("btm_ble_connected sec_flags=0x%x",p_dev_rec->sec_flags);
   1524     }
   1525     else
   1526     {
   1527         BTM_TRACE_EVENT3 ("Security Manager: btm_sec_connected:   handle:%d  enc_mode:%d  bda:%x ",
   1528                           handle,  enc_mode,
   1529                           (bda[2]<<24)+(bda[3]<<16)+(bda[4]<<8)+bda[5]);
   1530     }
   1531 #endif
   1532 
   1533     if (!p_dev_rec)
   1534     {
   1535         /* There is no device record for new connection.  Allocate one */
   1536         p_dev_rec = btm_sec_alloc_dev (bda);
   1537     }
   1538     else    /* Update the timestamp for this device */
   1539     {
   1540         p_dev_rec->timestamp = btm_cb.dev_rec_count++;
   1541     }
   1542 
   1543     /* update device information */
   1544     p_dev_rec->device_type |= BT_DEVICE_TYPE_BLE;
   1545     p_dev_rec->hci_handle = handle;
   1546     p_dev_rec->ble.ble_addr_type = addr_type;
   1547 
   1548     if (role == HCI_ROLE_MASTER)
   1549         p_dev_rec->role_master = TRUE;
   1550 
   1551     if (role == HCI_ROLE_SLAVE)
   1552         p_cb->inq_var.adv_mode  = BTM_BLE_ADV_DISABLE;
   1553     p_cb->inq_var.directed_conn = FALSE;
   1554 
   1555     return;
   1556 }
   1557 
   1558 /*****************************************************************************
   1559 **  Function        btm_ble_conn_complete
   1560 **
   1561 **  Description     LE connection complete.
   1562 **
   1563 ******************************************************************************/
   1564 void btm_ble_conn_complete(UINT8 *p, UINT16 evt_len)
   1565 {
   1566     UINT8       role, status, bda_type;
   1567     UINT16      handle;
   1568     BD_ADDR     bda;
   1569     UINT16      conn_interval, conn_latency, conn_timeout;
   1570     BOOLEAN     match = FALSE;
   1571 
   1572     STREAM_TO_UINT8   (status, p);
   1573     STREAM_TO_UINT16   (handle, p);
   1574     STREAM_TO_UINT8    (role, p);
   1575     STREAM_TO_UINT8    (bda_type, p);
   1576     STREAM_TO_BDADDR   (bda, p);
   1577 
   1578     if (status == 0)
   1579     {
   1580         STREAM_TO_UINT16   (conn_interval, p);
   1581         STREAM_TO_UINT16   (conn_latency, p);
   1582         STREAM_TO_UINT16   (conn_timeout, p);
   1583         handle = HCID_GET_HANDLE (handle);
   1584 
   1585         btm_ble_connected(bda, handle, HCI_ENCRYPT_MODE_DISABLED, role, bda_type, match);
   1586         l2cble_conn_comp (handle, role, bda, bda_type, conn_interval,
   1587                               conn_latency, conn_timeout);
   1588     }
   1589     else
   1590     {
   1591         role = HCI_ROLE_UNKNOWN;
   1592 
   1593         if (status == HCI_ERR_DIRECTED_ADVERTISING_TIMEOUT)
   1594         {
   1595             btm_ble_dir_adv_tout();
   1596         }
   1597         /* this is to work around broadcom firmware problem to handle
   1598          * unsolicited command complete event for HCI_LE_Create_Connection_Cancel
   1599          * and LE connection complete event with status error code (0x2)
   1600          * unknown connection identifier from bluetooth controller
   1601          * the workaround is to release the HCI connection to avoid out of sync
   1602          * with bluetooth controller, which cause BT can't be turned off.
   1603         */
   1604         else if ((status == HCI_ERR_NO_CONNECTION) &&
   1605                  (btm_ble_get_conn_st() != BLE_CONN_CANCEL))
   1606         {
   1607             tL2C_LCB    *p_lcb;
   1608             handle = HCID_GET_HANDLE (handle);
   1609             p_lcb = l2cu_find_lcb_by_handle (handle);
   1610             if (p_lcb != NULL)
   1611             {
   1612                 l2c_link_hci_disc_comp (handle, HCI_ERR_PEER_USER);
   1613                 btm_sec_disconnected (handle, HCI_ERR_PEER_USER);
   1614             }
   1615         }
   1616     }
   1617 
   1618     btm_ble_set_conn_st(BLE_CONN_IDLE);
   1619 
   1620     btm_ble_update_mode_operation(role, bda, TRUE);
   1621 }
   1622 
   1623 /*****************************************************************************
   1624 **  Function        btm_proc_smp_cback
   1625 **
   1626 **  Description     This function is the SMP callback handler.
   1627 **
   1628 ******************************************************************************/
   1629 UINT8 btm_proc_smp_cback(tSMP_EVT event, BD_ADDR bd_addr, tSMP_EVT_DATA *p_data)
   1630 {
   1631     tBTM_SEC_DEV_REC    *p_dev_rec = btm_find_dev (bd_addr);
   1632     UINT8 res = 0;
   1633 
   1634     BTM_TRACE_DEBUG1 ("btm_proc_smp_cback event = %d", event);
   1635 
   1636     if (p_dev_rec != NULL)
   1637     {
   1638         switch (event)
   1639         {
   1640             case SMP_IO_CAP_REQ_EVT:
   1641                 btm_ble_io_capabilities_req(p_dev_rec, (tBTM_LE_IO_REQ *)&p_data->io_req);
   1642                 break;
   1643 
   1644             case SMP_PASSKEY_REQ_EVT:
   1645             case SMP_PASSKEY_NOTIF_EVT:
   1646             case SMP_OOB_REQ_EVT:
   1647                 p_dev_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED;
   1648             case SMP_SEC_REQUEST_EVT:
   1649                 memcpy (btm_cb.pairing_bda, bd_addr, BD_ADDR_LEN);
   1650                 p_dev_rec->sec_state = BTM_SEC_STATE_AUTHENTICATING;
   1651                 /* fall through */
   1652             case SMP_COMPLT_EVT:
   1653                 if (btm_cb.api.p_le_callback)
   1654                 {
   1655                     /* the callback function implementation may change the IO capability... */
   1656                     BTM_TRACE_DEBUG1 ("btm_cb.api.p_le_callback=0x%x", btm_cb.api.p_le_callback );
   1657                    (*btm_cb.api.p_le_callback) (event, bd_addr, (tBTM_LE_EVT_DATA *)p_data);
   1658                 }
   1659 
   1660                 if (event == SMP_COMPLT_EVT)
   1661                 {
   1662                     BTM_TRACE_DEBUG2 ("evt=SMP_COMPLT_EVT before update sec_level=0x%x sec_flags=0x%x", p_data->cmplt.sec_level , p_dev_rec->sec_flags );
   1663 
   1664                     res = (p_data->cmplt.reason == SMP_SUCCESS) ? BTM_SUCCESS : BTM_ERR_PROCESSING;
   1665 
   1666                     BTM_TRACE_DEBUG3 ("after update result=%d sec_level=0x%x sec_flags=0x%x",
   1667                                       res, p_data->cmplt.sec_level , p_dev_rec->sec_flags );
   1668 
   1669                     btm_sec_dev_rec_cback_event(p_dev_rec, res);
   1670 
   1671                     if (p_data->cmplt.is_pair_cancel && btm_cb.api.p_bond_cancel_cmpl_callback )
   1672                     {
   1673                         BTM_TRACE_DEBUG0 ("Pairing Cancel completed");
   1674                         (*btm_cb.api.p_bond_cancel_cmpl_callback)(BTM_SUCCESS);
   1675                     }
   1676 #if BTM_BLE_CONFORMANCE_TESTING == TRUE
   1677                     if (res != BTM_SUCCESS)
   1678                     {
   1679                         if (!btm_cb.devcb.no_disc_if_pair_fail && p_data->cmplt.reason != SMP_CONN_TOUT)
   1680                         {
   1681                             BTM_TRACE_DEBUG0 ("Pairing failed - Remove ACL");
   1682                             btm_remove_acl(bd_addr);
   1683                         }
   1684                         else
   1685                         {
   1686                             BTM_TRACE_DEBUG0 ("Pairing failed - Not Removing ACL");
   1687                             p_dev_rec->sec_state = BTM_SEC_STATE_IDLE;
   1688                         }
   1689                     }
   1690 #else
   1691                     if (res != BTM_SUCCESS && p_data->cmplt.reason != SMP_CONN_TOUT)
   1692                         btm_remove_acl(bd_addr);
   1693 #endif
   1694 
   1695                     BTM_TRACE_DEBUG3 ("btm_cb pairing_state=%x pairing_flags=%x pin_code_len=%x",
   1696                                       btm_cb.pairing_state,
   1697                                       btm_cb.pairing_flags,
   1698                                       btm_cb.pin_code_len  );
   1699                     BTM_TRACE_DEBUG6 ("btm_cb.pairing_bda %02x:%02x:%02x:%02x:%02x:%02x",
   1700                                       btm_cb.pairing_bda[0], btm_cb.pairing_bda[1], btm_cb.pairing_bda[2],
   1701                                       btm_cb.pairing_bda[3], btm_cb.pairing_bda[4], btm_cb.pairing_bda[5]);
   1702 
   1703                     memset (btm_cb.pairing_bda, 0xff, BD_ADDR_LEN);
   1704                     btm_cb.pairing_state = BTM_PAIR_STATE_IDLE;
   1705                     btm_cb.pairing_flags = 0;
   1706                 }
   1707                 break;
   1708 
   1709             default:
   1710                 BTM_TRACE_DEBUG1 ("unknown event = %d", event);
   1711                 break;
   1712 
   1713 
   1714         }
   1715     }
   1716     else
   1717     {
   1718         BTM_TRACE_ERROR0("btm_proc_smp_cback received for unknown device");
   1719     }
   1720 
   1721     return 0;
   1722 }
   1723 
   1724     #endif  /* SMP_INCLUDED */
   1725 #endif  /* BLE_INCLUDED */
   1726 
   1727 
   1728 /*******************************************************************************
   1729 **
   1730 ** Function         BTM_BleDataSignature
   1731 **
   1732 ** Description      This function is called to sign the data using AES128 CMAC
   1733 **                  algorith.
   1734 **
   1735 ** Parameter        bd_addr: target device the data to be signed for.
   1736 **                  p_text: singing data
   1737 **                  len: length of the data to be signed.
   1738 **                  signature: output parameter where data signature is going to
   1739 **                             be stored.
   1740 **
   1741 ** Returns          TRUE if signing sucessul, otherwise FALSE.
   1742 **
   1743 *******************************************************************************/
   1744 BOOLEAN BTM_BleDataSignature (BD_ADDR bd_addr, UINT8 *p_text, UINT16 len,
   1745                               BLE_SIGNATURE signature)
   1746 {
   1747     BOOLEAN     ret = FALSE;
   1748 #if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
   1749     tBTM_SEC_DEV_REC    *p_rec = btm_find_dev (bd_addr);
   1750     UINT8   *p_buf, *pp;
   1751 
   1752     BT_OCTET16  er;
   1753     UINT16      div;
   1754     UINT8       temp[4]; /* for (r || DIV)  r=1*/
   1755     UINT16      r=1;
   1756     UINT8       *p=temp, *p_mac = (UINT8 *)signature;
   1757     tSMP_ENC    output;
   1758     BT_OCTET16  local_csrk;
   1759 
   1760     BTM_TRACE_DEBUG0 ("BTM_BleDataSignature");
   1761     if (p_rec == NULL)
   1762     {
   1763         BTM_TRACE_ERROR0("data signing can not be done from unknow device");
   1764     }
   1765     else
   1766     {
   1767         if ((p_buf = (UINT8 *)GKI_getbuf((UINT16)(len + 4))) != NULL)
   1768         {
   1769             BTM_TRACE_DEBUG0("Start to generate Local CSRK");
   1770             pp = p_buf;
   1771             /* prepare plain text */
   1772             if (p_text)
   1773             {
   1774                 memcpy(p_buf, p_text, len);
   1775                 pp = (p_buf + len);
   1776             }
   1777 
   1778 #if BTM_BLE_CONFORMANCE_TESTING == TRUE
   1779             if ( btm_cb.devcb.enable_test_local_sign_cntr)
   1780             {
   1781                 BTM_TRACE_DEBUG1 ("Use Test local counter value from script counter_val=%d", btm_cb.devcb.test_local_sign_cntr);
   1782                 UINT32_TO_STREAM(pp, btm_cb.devcb.test_local_sign_cntr);
   1783             }
   1784             else
   1785             {
   1786                 UINT32_TO_STREAM(pp, p_rec->ble.keys.local_counter);
   1787             }
   1788 #else
   1789             UINT32_TO_STREAM(pp, p_rec->ble.keys.local_counter);
   1790 #endif
   1791             /* compute local csrk */
   1792             if (btm_get_local_div(bd_addr, &div))
   1793             {
   1794                 BTM_TRACE_DEBUG1 ("compute_csrk div=%x", div);
   1795                 BTM_GetDeviceEncRoot(er);
   1796 
   1797                 /* CSRK = d1(ER, DIV, 1) */
   1798                 UINT16_TO_STREAM(p, div);
   1799                 UINT16_TO_STREAM(p, r);
   1800 
   1801                 if (!SMP_Encrypt(er, BT_OCTET16_LEN, temp, 4, &output))
   1802                 {
   1803                     BTM_TRACE_ERROR0("Local CSRK generation failed ");
   1804                 }
   1805                 else
   1806                 {
   1807                     BTM_TRACE_DEBUG0("local CSRK generation success");
   1808                     memcpy((void *)local_csrk, output.param_buf, BT_OCTET16_LEN);
   1809 
   1810 
   1811 #if BTM_BLE_CONFORMANCE_TESTING == TRUE
   1812                     if (btm_cb.devcb.enable_test_local_sign_cntr)
   1813                     {
   1814                         UINT32_TO_STREAM(p_mac, btm_cb.devcb.test_local_sign_cntr);
   1815                     }
   1816                     else
   1817                     {
   1818                         UINT32_TO_STREAM(p_mac, p_rec->ble.keys.local_counter);
   1819                     }
   1820 #else
   1821                     UINT32_TO_STREAM(p_mac, p_rec->ble.keys.local_counter);
   1822 #endif
   1823 
   1824                     if ((ret = AES_CMAC(local_csrk, p_buf, (UINT16)(len + 4), BTM_CMAC_TLEN_SIZE, p_mac)) == TRUE)
   1825                     {
   1826                         btm_ble_increment_sign_ctr(bd_addr, TRUE);
   1827 
   1828 #if BTM_BLE_CONFORMANCE_TESTING == TRUE
   1829                         if ( btm_cb.devcb.enable_test_mac_val)
   1830                         {
   1831                             BTM_TRACE_DEBUG0 ("Use MAC value from script");
   1832                             memcpy(p_mac, btm_cb.devcb.test_mac, BTM_CMAC_TLEN_SIZE);
   1833                         }
   1834 #endif
   1835                     }
   1836                     BTM_TRACE_DEBUG1("BTM_BleDataSignature p_mac = %d", p_mac);
   1837                     BTM_TRACE_DEBUG4("p_mac[0] = 0x%02x p_mac[1] = 0x%02x p_mac[2] = 0x%02x p_mac[3] = 0x%02x",
   1838                                      *p_mac, *(p_mac + 1), *(p_mac + 2), *(p_mac + 3));
   1839                     BTM_TRACE_DEBUG4("p_mac[4] = 0x%02x p_mac[5] = 0x%02x p_mac[6] = 0x%02x p_mac[7] = 0x%02x",
   1840                                      *(p_mac + 4), *(p_mac + 5), *(p_mac + 6), *(p_mac + 7));
   1841 
   1842                     GKI_freebuf(p_buf);
   1843                 }
   1844             }
   1845         }
   1846     }
   1847 #endif  /* BLE_INCLUDED */
   1848     return ret;
   1849 }
   1850 
   1851 /*******************************************************************************
   1852 **
   1853 ** Function         BTM_BleVerifySignature
   1854 **
   1855 ** Description      This function is called to verify the data signature
   1856 **
   1857 ** Parameter        bd_addr: target device the data to be signed for.
   1858 **                  p_orig:  original data before signature.
   1859 **                  len: length of the signing data
   1860 **                  counter: counter used when doing data signing
   1861 **                  p_comp: signature to be compared against.
   1862 
   1863 ** Returns          TRUE if signature verified correctly; otherwise FALSE.
   1864 **
   1865 *******************************************************************************/
   1866 BOOLEAN BTM_BleVerifySignature (BD_ADDR bd_addr, UINT8 *p_orig, UINT16 len, UINT32 counter,
   1867                                 UINT8 *p_comp)
   1868 {
   1869     BOOLEAN             verified = FALSE;
   1870 #if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
   1871     tBTM_SEC_DEV_REC    *p_rec = btm_find_dev (bd_addr);
   1872     UINT8               p_mac[BTM_CMAC_TLEN_SIZE];
   1873 
   1874     if (p_rec == NULL || (p_rec && !(p_rec->ble.key_type & BTM_LE_KEY_PCSRK)))
   1875     {
   1876         BTM_TRACE_ERROR0("can not verify signature for unknown device");
   1877     }
   1878     else if (counter < p_rec->ble.keys.counter)
   1879     {
   1880         BTM_TRACE_ERROR0("signature received with out dated sign counter");
   1881     }
   1882     else if (p_orig == NULL)
   1883     {
   1884         BTM_TRACE_ERROR0("No signature to verify");
   1885     }
   1886     else
   1887     {
   1888         BTM_TRACE_DEBUG2 ("BTM_BleVerifySignature rcv_cnt=%d >= expected_cnt=%d", counter, p_rec->ble.keys.counter);
   1889 
   1890         if (AES_CMAC(p_rec->ble.keys.csrk, p_orig, len, BTM_CMAC_TLEN_SIZE, p_mac))
   1891         {
   1892             if (memcmp(p_mac, p_comp, BTM_CMAC_TLEN_SIZE) == 0)
   1893             {
   1894                 btm_ble_increment_sign_ctr(bd_addr, FALSE);
   1895                 verified = TRUE;
   1896             }
   1897         }
   1898     }
   1899 #endif  /* BLE_INCLUDED */
   1900     return verified;
   1901 }
   1902 
   1903 #if BLE_INCLUDED == TRUE
   1904 /*******************************************************************************
   1905 **  Utility functions for LE device IR/ER generation
   1906 *******************************************************************************/
   1907 /*******************************************************************************
   1908 **
   1909 ** Function         btm_notify_new_key
   1910 **
   1911 ** Description      This function is to notify application new keys have been
   1912 **                  generated.
   1913 **
   1914 ** Returns          void
   1915 **
   1916 *******************************************************************************/
   1917 static void btm_notify_new_key(UINT8 key_type)
   1918 {
   1919     tBTM_BLE_LOCAL_KEYS *p_locak_keys = NULL;
   1920 
   1921     BTM_TRACE_DEBUG1 ("btm_notify_new_key key_type=%d", key_type);
   1922 
   1923     if (btm_cb.api.p_le_key_callback)
   1924     {
   1925         switch (key_type)
   1926         {
   1927             case BTM_BLE_KEY_TYPE_ID:
   1928                 BTM_TRACE_DEBUG0 ("BTM_BLE_KEY_TYPE_ID");
   1929                 p_locak_keys = (tBTM_BLE_LOCAL_KEYS *)&btm_cb.devcb.id_keys;
   1930                 break;
   1931 
   1932             case BTM_BLE_KEY_TYPE_ER:
   1933                 BTM_TRACE_DEBUG0 ("BTM_BLE_KEY_TYPE_ER");
   1934                 p_locak_keys = (tBTM_BLE_LOCAL_KEYS *)&btm_cb.devcb.er;
   1935                 break;
   1936 
   1937             default:
   1938                 BTM_TRACE_ERROR1("unknown key type: %d", key_type);
   1939                 break;
   1940         }
   1941         if (p_locak_keys != NULL)
   1942             (*btm_cb.api.p_le_key_callback) (key_type, p_locak_keys);
   1943     }
   1944 }
   1945 
   1946 /*******************************************************************************
   1947 **
   1948 ** Function         btm_ble_process_er2
   1949 **
   1950 ** Description      This function is called when ER is generated, store it in
   1951 **                  local control block.
   1952 **
   1953 ** Returns          void
   1954 **
   1955 *******************************************************************************/
   1956 static void btm_ble_process_er2(tBTM_RAND_ENC *p)
   1957 {
   1958     BTM_TRACE_DEBUG0 ("btm_ble_process_er2");
   1959 
   1960     if (p &&p->opcode == HCI_BLE_RAND)
   1961     {
   1962         memcpy(&btm_cb.devcb.er[8], p->param_buf, BT_OCTET8_LEN);
   1963         btm_notify_new_key(BTM_BLE_KEY_TYPE_ER);
   1964     }
   1965     else
   1966     {
   1967         BTM_TRACE_ERROR0("Generating ER2 exception.");
   1968         memset(&btm_cb.devcb.er, 0, sizeof(BT_OCTET16));
   1969     }
   1970 }
   1971 
   1972 /*******************************************************************************
   1973 **
   1974 ** Function         btm_ble_process_er
   1975 **
   1976 ** Description      This function is called when ER is generated, store it in
   1977 **                  local control block.
   1978 **
   1979 ** Returns          void
   1980 **
   1981 *******************************************************************************/
   1982 static void btm_ble_process_er(tBTM_RAND_ENC *p)
   1983 {
   1984     BTM_TRACE_DEBUG0 ("btm_ble_process_er");
   1985 
   1986     if (p &&p->opcode == HCI_BLE_RAND)
   1987     {
   1988         memcpy(&btm_cb.devcb.er[0], p->param_buf, BT_OCTET8_LEN);
   1989 
   1990         if (!btsnd_hcic_ble_rand((void *)btm_ble_process_er2))
   1991         {
   1992             memset(&btm_cb.devcb.er, 0, sizeof(BT_OCTET16));
   1993             BTM_TRACE_ERROR0("Generating ER2 failed.");
   1994         }
   1995     }
   1996     else
   1997     {
   1998         BTM_TRACE_ERROR0("Generating ER1 exception.");
   1999     }
   2000 }
   2001 
   2002 /*******************************************************************************
   2003 **
   2004 ** Function         btm_ble_process_irk
   2005 **
   2006 ** Description      This function is called when IRK is generated, store it in
   2007 **                  local control block.
   2008 **
   2009 ** Returns          void
   2010 **
   2011 *******************************************************************************/
   2012 static void btm_ble_process_irk(tSMP_ENC *p)
   2013 {
   2014     BTM_TRACE_DEBUG0 ("btm_ble_process_irk");
   2015     if (p &&p->opcode == HCI_BLE_ENCRYPT)
   2016     {
   2017         memcpy(btm_cb.devcb.id_keys.irk, p->param_buf, BT_OCTET16_LEN);
   2018         btm_notify_new_key(BTM_BLE_KEY_TYPE_ID);
   2019     }
   2020     else
   2021     {
   2022         BTM_TRACE_ERROR0("Generating IRK exception.");
   2023     }
   2024 
   2025     /* proceed generate ER */
   2026     if (!btsnd_hcic_ble_rand((void *)btm_ble_process_er))
   2027     {
   2028         BTM_TRACE_ERROR0("Generating ER failed.");
   2029     }
   2030 }
   2031 
   2032 /*******************************************************************************
   2033 **
   2034 ** Function         btm_ble_process_dhk
   2035 **
   2036 ** Description      This function is called when DHK is calculated, store it in
   2037 **                  local control block, and proceed to generate ER, a 128-bits
   2038 **                  random number.
   2039 **
   2040 ** Returns          void
   2041 **
   2042 *******************************************************************************/
   2043 static void btm_ble_process_dhk(tSMP_ENC *p)
   2044 {
   2045 #if SMP_INCLUDED == TRUE
   2046     UINT8 btm_ble_irk_pt = 0x01;
   2047     tSMP_ENC output;
   2048 
   2049     BTM_TRACE_DEBUG0 ("btm_ble_process_dhk");
   2050 
   2051     if (p && p->opcode == HCI_BLE_ENCRYPT)
   2052     {
   2053         memcpy(btm_cb.devcb.id_keys.dhk, p->param_buf, BT_OCTET16_LEN);
   2054         BTM_TRACE_DEBUG0("BLE DHK generated.");
   2055 
   2056         /* IRK = D1(IR, 1) */
   2057         if (!SMP_Encrypt(btm_cb.devcb.id_keys.ir, BT_OCTET16_LEN, &btm_ble_irk_pt,
   2058                          1,   &output))
   2059         {
   2060             /* reset all identity root related key */
   2061             memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
   2062         }
   2063         else
   2064         {
   2065             btm_ble_process_irk(&output);
   2066         }
   2067     }
   2068     else
   2069     {
   2070         /* reset all identity root related key */
   2071         memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
   2072     }
   2073 #endif
   2074 }
   2075 
   2076 /*******************************************************************************
   2077 **
   2078 ** Function         btm_ble_process_ir2
   2079 **
   2080 ** Description      This function is called when IR is generated, proceed to calculate
   2081 **                  DHK = Eir({0x03, 0, 0 ...})
   2082 **
   2083 **
   2084 ** Returns          void
   2085 **
   2086 *******************************************************************************/
   2087 static void btm_ble_process_ir2(tBTM_RAND_ENC *p)
   2088 {
   2089 #if SMP_INCLUDED == TRUE
   2090     UINT8 btm_ble_dhk_pt = 0x03;
   2091     tSMP_ENC output;
   2092 
   2093     BTM_TRACE_DEBUG0 ("btm_ble_process_ir2");
   2094 
   2095     if (p && p->opcode == HCI_BLE_RAND)
   2096     {
   2097         /* remembering in control block */
   2098         memcpy(&btm_cb.devcb.id_keys.ir[8], p->param_buf, BT_OCTET8_LEN);
   2099         /* generate DHK= Eir({0x03, 0x00, 0x00 ...}) */
   2100 
   2101 
   2102         SMP_Encrypt(btm_cb.devcb.id_keys.ir, BT_OCTET16_LEN, &btm_ble_dhk_pt,
   2103                     1, &output);
   2104         btm_ble_process_dhk(&output);
   2105 
   2106         BTM_TRACE_DEBUG0("BLE IR generated.");
   2107     }
   2108     else
   2109     {
   2110         memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
   2111     }
   2112 #endif
   2113 }
   2114 
   2115 /*******************************************************************************
   2116 **
   2117 ** Function         btm_ble_process_ir
   2118 **
   2119 ** Description      This function is called when IR is generated, proceed to calculate
   2120 **                  DHK = Eir({0x02, 0, 0 ...})
   2121 **
   2122 **
   2123 ** Returns          void
   2124 **
   2125 *******************************************************************************/
   2126 static void btm_ble_process_ir(tBTM_RAND_ENC *p)
   2127 {
   2128     BTM_TRACE_DEBUG0 ("btm_ble_process_ir");
   2129 
   2130     if (p && p->opcode == HCI_BLE_RAND)
   2131     {
   2132         /* remembering in control block */
   2133         memcpy(btm_cb.devcb.id_keys.ir, p->param_buf, BT_OCTET8_LEN);
   2134 
   2135         if (!btsnd_hcic_ble_rand((void *)btm_ble_process_ir2))
   2136         {
   2137             BTM_TRACE_ERROR0("Generating IR2 failed.");
   2138             memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
   2139         }
   2140     }
   2141 }
   2142 
   2143 /*******************************************************************************
   2144 **
   2145 ** Function         btm_ble_reset_id
   2146 **
   2147 ** Description      This function is called to reset LE device identity.
   2148 **
   2149 ** Returns          void
   2150 **
   2151 *******************************************************************************/
   2152 void btm_ble_reset_id( void )
   2153 {
   2154     BTM_TRACE_DEBUG0 ("btm_ble_reset_id");
   2155 
   2156     /* regenrate Identity Root*/
   2157     if (!btsnd_hcic_ble_rand((void *)btm_ble_process_ir))
   2158     {
   2159         BTM_TRACE_DEBUG0("Generating IR failed.");
   2160     }
   2161 }
   2162 
   2163     #if BTM_BLE_CONFORMANCE_TESTING == TRUE
   2164 /*******************************************************************************
   2165 **
   2166 ** Function         btm_ble_set_no_disc_if_pair_fail
   2167 **
   2168 ** Description      This function indicates that whether no disconnect of the ACL
   2169 **                  should be used if pairing failed
   2170 **
   2171 ** Returns          void
   2172 **
   2173 *******************************************************************************/
   2174 void btm_ble_set_no_disc_if_pair_fail(BOOLEAN disable_disc )
   2175 {
   2176     BTM_TRACE_DEBUG1 ("btm_ble_set_disc_enable_if_pair_fail disable_disc=%d", disable_disc);
   2177     btm_cb.devcb.no_disc_if_pair_fail = disable_disc;
   2178 }
   2179 
   2180 /*******************************************************************************
   2181 **
   2182 ** Function         btm_ble_set_test_mac_value
   2183 **
   2184 ** Description      This function set test MAC value
   2185 **
   2186 ** Returns          void
   2187 **
   2188 *******************************************************************************/
   2189 void btm_ble_set_test_mac_value(BOOLEAN enable, UINT8 *p_test_mac_val )
   2190 {
   2191     BTM_TRACE_DEBUG1 ("btm_ble_set_test_mac_value enable=%d", enable);
   2192     btm_cb.devcb.enable_test_mac_val = enable;
   2193     memcpy(btm_cb.devcb.test_mac, p_test_mac_val, BT_OCTET8_LEN);
   2194 }
   2195 
   2196 /*******************************************************************************
   2197 **
   2198 ** Function         btm_ble_set_test_local_sign_cntr_value
   2199 **
   2200 ** Description      This function set test local sign counter value
   2201 **
   2202 ** Returns          void
   2203 **
   2204 *******************************************************************************/
   2205 void btm_ble_set_test_local_sign_cntr_value(BOOLEAN enable, UINT32 test_local_sign_cntr )
   2206 {
   2207     BTM_TRACE_DEBUG2 ("btm_ble_set_test_local_sign_cntr_value enable=%d local_sign_cntr=%d",
   2208                       enable, test_local_sign_cntr);
   2209     btm_cb.devcb.enable_test_local_sign_cntr = enable;
   2210     btm_cb.devcb.test_local_sign_cntr =  test_local_sign_cntr;
   2211 }
   2212 
   2213 /*******************************************************************************
   2214 **
   2215 ** Function         btm_set_random_address
   2216 **
   2217 ** Description      This function set a random address to local controller.
   2218 **
   2219 ** Returns          void
   2220 **
   2221 *******************************************************************************/
   2222 void btm_set_random_address(BD_ADDR random_bda)
   2223 {
   2224     tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
   2225     BOOLEAN     adv_mode = btm_cb.ble_ctr_cb.inq_var.adv_mode ;
   2226 
   2227     BTM_TRACE_DEBUG0 ("btm_set_random_address");
   2228 
   2229     if (adv_mode  == BTM_BLE_ADV_ENABLE)
   2230         btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_DISABLE);
   2231 
   2232     memcpy(p_cb->private_addr, random_bda, BD_ADDR_LEN);
   2233     btsnd_hcic_ble_set_random_addr(p_cb->private_addr);
   2234 
   2235     if (adv_mode  == BTM_BLE_ADV_ENABLE)
   2236         btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_ENABLE);
   2237 
   2238 
   2239 }
   2240 #endif /* BTM_BLE_CONFORMANCE_TESTING */
   2241 
   2242 
   2243 #endif /* BLE_INCLUDED */
   2244