Home | History | Annotate | Download | only in btm
      1 /******************************************************************************
      2  *
      3  *  Copyright (C) 1999-2012 Broadcom Corporation
      4  *
      5  *  Licensed under the Apache License, Version 2.0 (the "License");
      6  *  you may not use this file except in compliance with the License.
      7  *  You may obtain a copy of the License at:
      8  *
      9  *  http://www.apache.org/licenses/LICENSE-2.0
     10  *
     11  *  Unless required by applicable law or agreed to in writing, software
     12  *  distributed under the License is distributed on an "AS IS" BASIS,
     13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     14  *  See the License for the specific language governing permissions and
     15  *  limitations under the License.
     16  *
     17  ******************************************************************************/
     18 
     19 /******************************************************************************
     20  *
     21  *  This file contains functions for BLE device control utilities, and LE
     22  *  security functions.
     23  *
     24  ******************************************************************************/
     25 
     26 #define LOG_TAG "bt_btm_ble"
     27 
     28 #include "bt_target.h"
     29 
     30 #if BLE_INCLUDED == TRUE
     31 
     32 #include <string.h>
     33 
     34 #include "bt_types.h"
     35 #include "bt_utils.h"
     36 #include "btm_ble_api.h"
     37 #include "btm_int.h"
     38 #include "btu.h"
     39 #include "device/include/controller.h"
     40 #include "gap_api.h"
     41 #include "hcimsgs.h"
     42 #include "l2c_int.h"
     43 #include "osi/include/log.h"
     44 #include "smp_api.h"
     45 
     46 #if SMP_INCLUDED == TRUE
     47 extern BOOLEAN aes_cipher_msg_auth_code(BT_OCTET16 key, UINT8 *input, UINT16 length,
     48                                                  UINT16 tlen, UINT8 *p_signature);
     49 extern void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable);
     50 extern BOOLEAN smp_proc_ltk_request(BD_ADDR bda);
     51 #endif
     52 extern void gatt_notify_enc_cmpl(BD_ADDR bd_addr);
     53 /*******************************************************************************/
     54 /* External Function to be called by other modules                             */
     55 /*******************************************************************************/
     56 /********************************************************
     57 **
     58 ** Function         BTM_SecAddBleDevice
     59 **
     60 ** Description      Add/modify device.  This function will be normally called
     61 **                  during host startup to restore all required information
     62 **                  for a LE device stored in the NVRAM.
     63 **
     64 ** Parameters:      bd_addr          - BD address of the peer
     65 **                  bd_name          - Name of the peer device.  NULL if unknown.
     66 **                  dev_type         - Remote device's device type.
     67 **                  addr_type        - LE device address type.
     68 **
     69 ** Returns          TRUE if added OK, else FALSE
     70 **
     71 *******************************************************************************/
     72 BOOLEAN BTM_SecAddBleDevice (BD_ADDR bd_addr, BD_NAME bd_name, tBT_DEVICE_TYPE dev_type,
     73                              tBLE_ADDR_TYPE addr_type)
     74 {
     75     BTM_TRACE_DEBUG ("%s: dev_type=0x%x", __func__, dev_type);
     76     tBTM_SEC_DEV_REC  *p_dev_rec = btm_find_dev(bd_addr);
     77 
     78     if (!p_dev_rec) {
     79         if (list_length(btm_cb.sec_dev_rec) > BTM_SEC_MAX_DEVICE_RECORDS) {
     80             BTM_TRACE_ERROR("%s: %d max devices reached!", __func__, BTM_SEC_MAX_DEVICE_RECORDS);
     81             return FALSE;
     82         }
     83 
     84         p_dev_rec = osi_calloc(sizeof(tBTM_SEC_DEV_REC));
     85         list_append(btm_cb.sec_dev_rec, p_dev_rec);
     86 
     87         memcpy(p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN);
     88         p_dev_rec->hci_handle = BTM_GetHCIConnHandle(bd_addr, BT_TRANSPORT_BR_EDR);
     89         p_dev_rec->ble_hci_handle = BTM_GetHCIConnHandle(bd_addr, BT_TRANSPORT_LE);
     90 
     91         /* update conn params, use default value for background connection params */
     92         p_dev_rec->conn_params.min_conn_int     = BTM_BLE_CONN_PARAM_UNDEF;
     93         p_dev_rec->conn_params.max_conn_int     = BTM_BLE_CONN_PARAM_UNDEF;
     94         p_dev_rec->conn_params.supervision_tout = BTM_BLE_CONN_PARAM_UNDEF;
     95         p_dev_rec->conn_params.slave_latency    = BTM_BLE_CONN_PARAM_UNDEF;
     96 
     97         BTM_TRACE_DEBUG("%s: Device added, handle=0x%x ", __func__, p_dev_rec->ble_hci_handle);
     98     }
     99 
    100     memset(p_dev_rec->sec_bd_name, 0, sizeof(tBTM_BD_NAME));
    101 
    102     if (bd_name && bd_name[0])
    103     {
    104         p_dev_rec->sec_flags |= BTM_SEC_NAME_KNOWN;
    105         strlcpy((char *)p_dev_rec->sec_bd_name,
    106                 (char *)bd_name, BTM_MAX_REM_BD_NAME_LEN);
    107     }
    108     p_dev_rec->device_type |= dev_type;
    109     p_dev_rec->ble.ble_addr_type = addr_type;
    110 
    111     memcpy(p_dev_rec->ble.pseudo_addr, bd_addr, BD_ADDR_LEN);
    112     /* sync up with the Inq Data base*/
    113     tBTM_INQ_INFO      *p_info = BTM_InqDbRead(bd_addr);
    114     if (p_info)
    115     {
    116         p_info->results.ble_addr_type = p_dev_rec->ble.ble_addr_type ;
    117         p_info->results.device_type = p_dev_rec->device_type;
    118         BTM_TRACE_DEBUG("InqDb  device_type =0x%x  addr_type=0x%x",
    119                          p_info->results.device_type, p_info->results.ble_addr_type);
    120     }
    121 
    122     return TRUE;
    123 }
    124 
    125 /*******************************************************************************
    126 **
    127 ** Function         BTM_SecAddBleKey
    128 **
    129 ** Description      Add/modify LE device information.  This function will be
    130 **                  normally called during host startup to restore all required
    131 **                  information stored in the NVRAM.
    132 **
    133 ** Parameters:      bd_addr          - BD address of the peer
    134 **                  p_le_key         - LE key values.
    135 **                  key_type         - LE SMP key type.
    136 *
    137 ** Returns          TRUE if added OK, else FALSE
    138 **
    139 *******************************************************************************/
    140 BOOLEAN BTM_SecAddBleKey (BD_ADDR bd_addr, tBTM_LE_KEY_VALUE *p_le_key, tBTM_LE_KEY_TYPE key_type)
    141 {
    142 #if SMP_INCLUDED == TRUE
    143     tBTM_SEC_DEV_REC  *p_dev_rec;
    144     BTM_TRACE_DEBUG ("BTM_SecAddBleKey");
    145     p_dev_rec = btm_find_dev (bd_addr);
    146     if (!p_dev_rec || !p_le_key ||
    147         (key_type != BTM_LE_KEY_PENC && key_type != BTM_LE_KEY_PID &&
    148          key_type != BTM_LE_KEY_PCSRK && key_type != BTM_LE_KEY_LENC &&
    149          key_type != BTM_LE_KEY_LCSRK && key_type != BTM_LE_KEY_LID))
    150     {
    151         BTM_TRACE_WARNING ("BTM_SecAddBleKey()  Wrong Type, or No Device record \
    152                         for bdaddr: %08x%04x, Type: %d",
    153                             (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3],
    154                             (bd_addr[4]<<8)+bd_addr[5], key_type);
    155         return(FALSE);
    156     }
    157 
    158     BTM_TRACE_DEBUG ("BTM_SecAddLeKey()  BDA: %08x%04x, Type: 0x%02x",
    159                       (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3],
    160                       (bd_addr[4]<<8)+bd_addr[5], key_type);
    161 
    162     btm_sec_save_le_key (bd_addr, key_type, p_le_key, FALSE);
    163 
    164 #if (BLE_PRIVACY_SPT == TRUE)
    165     if (key_type == BTM_LE_KEY_PID || key_type == BTM_LE_KEY_LID)
    166         btm_ble_resolving_list_load_dev (p_dev_rec);
    167 #endif
    168 
    169 #endif
    170 
    171     return(TRUE);
    172 }
    173 
    174 /*******************************************************************************
    175 **
    176 ** Function         BTM_BleLoadLocalKeys
    177 **
    178 ** Description      Local local identity key, encryption root or sign counter.
    179 **
    180 ** Parameters:      key_type: type of key, can be BTM_BLE_KEY_TYPE_ID, BTM_BLE_KEY_TYPE_ER
    181 **                            or BTM_BLE_KEY_TYPE_COUNTER.
    182 **                  p_key: pointer to the key.
    183 *
    184 ** Returns          non2.
    185 **
    186 *******************************************************************************/
    187 void BTM_BleLoadLocalKeys(UINT8 key_type, tBTM_BLE_LOCAL_KEYS *p_key)
    188 {
    189     tBTM_DEVCB *p_devcb = &btm_cb.devcb;
    190     BTM_TRACE_DEBUG ("%s", __func__);
    191     if (p_key != NULL)
    192     {
    193         switch (key_type)
    194         {
    195             case BTM_BLE_KEY_TYPE_ID:
    196                 memcpy(&p_devcb->id_keys, &p_key->id_keys, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
    197                 break;
    198 
    199             case BTM_BLE_KEY_TYPE_ER:
    200                 memcpy(p_devcb->ble_encryption_key_value, p_key->er, sizeof(BT_OCTET16));
    201                 break;
    202 
    203             default:
    204                 BTM_TRACE_ERROR("unknow local key type: %d", key_type);
    205                 break;
    206         }
    207     }
    208 }
    209 
    210 /*******************************************************************************
    211 **
    212 ** Function         BTM_GetDeviceEncRoot
    213 **
    214 ** Description      This function is called to read the local device encryption
    215 **                  root.
    216 **
    217 ** Returns          void
    218 **                  the local device ER is copied into ble_encr_key_value
    219 **
    220 *******************************************************************************/
    221 void BTM_GetDeviceEncRoot (BT_OCTET16 ble_encr_key_value)
    222 {
    223     BTM_TRACE_DEBUG ("%s", __func__);
    224     memcpy (ble_encr_key_value, btm_cb.devcb.ble_encryption_key_value, BT_OCTET16_LEN);
    225 }
    226 
    227 /*******************************************************************************
    228 **
    229 ** Function         BTM_GetDeviceIDRoot
    230 **
    231 ** Description      This function is called to read the local device identity
    232 **                  root.
    233 **
    234 ** Returns          void
    235 **                  the local device IR is copied into irk
    236 **
    237 *******************************************************************************/
    238 void BTM_GetDeviceIDRoot (BT_OCTET16 irk)
    239 {
    240     BTM_TRACE_DEBUG ("BTM_GetDeviceIDRoot ");
    241 
    242     memcpy (irk, btm_cb.devcb.id_keys.irk, BT_OCTET16_LEN);
    243 }
    244 
    245 /*******************************************************************************
    246 **
    247 ** Function         BTM_GetDeviceDHK
    248 **
    249 ** Description      This function is called to read the local device DHK.
    250 **
    251 ** Returns          void
    252 **                  the local device DHK is copied into dhk
    253 **
    254 *******************************************************************************/
    255 void BTM_GetDeviceDHK (BT_OCTET16 dhk)
    256 {
    257     BTM_TRACE_DEBUG ("BTM_GetDeviceDHK");
    258     memcpy (dhk, btm_cb.devcb.id_keys.dhk, BT_OCTET16_LEN);
    259 }
    260 
    261 /*******************************************************************************
    262 **
    263 ** Function         BTM_ReadConnectionAddr
    264 **
    265 ** Description      This function is called to get the local device address information
    266 **                  .
    267 **
    268 ** Returns          void
    269 **
    270 *******************************************************************************/
    271 void BTM_ReadConnectionAddr (BD_ADDR remote_bda, BD_ADDR local_conn_addr, tBLE_ADDR_TYPE *p_addr_type)
    272 {
    273     tACL_CONN       *p_acl = btm_bda_to_acl(remote_bda, BT_TRANSPORT_LE);
    274 
    275     if (p_acl == NULL)
    276     {
    277         BTM_TRACE_ERROR("No connection exist!");
    278         return;
    279     }
    280     memcpy(local_conn_addr, p_acl->conn_addr, BD_ADDR_LEN);
    281     * p_addr_type = p_acl->conn_addr_type;
    282 
    283     BTM_TRACE_DEBUG ("BTM_ReadConnectionAddr address type: %d addr: 0x%02x",
    284                     p_acl->conn_addr_type, p_acl->conn_addr[0]);
    285 }
    286 
    287 /*******************************************************************************
    288 **
    289 ** Function         BTM_IsBleConnection
    290 **
    291 ** Description      This function is called to check if the connection handle
    292 **                  for an LE link
    293 **
    294 ** Returns          TRUE if connection is LE link, otherwise FALSE.
    295 **
    296 *******************************************************************************/
    297 BOOLEAN BTM_IsBleConnection (UINT16 conn_handle)
    298 {
    299 #if (BLE_INCLUDED == TRUE)
    300     UINT8                xx;
    301     tACL_CONN            *p;
    302 
    303     BTM_TRACE_API ("BTM_IsBleConnection: conn_handle: %d", conn_handle);
    304 
    305     xx = btm_handle_to_acl_index (conn_handle);
    306     if (xx >= MAX_L2CAP_LINKS)
    307         return FALSE;
    308 
    309     p = &btm_cb.acl_db[xx];
    310 
    311     return (p->transport == BT_TRANSPORT_LE);
    312 #else
    313     return FALSE;
    314 #endif
    315 }
    316 
    317 /*******************************************************************************
    318 **
    319 ** Function         BTM_ReadRemoteConnectionAddr
    320 **
    321 ** Description      This function is read the remote device address currently used
    322 **
    323 ** Parameters     pseudo_addr: pseudo random address available
    324 **                conn_addr:connection address used
    325 **                p_addr_type : BD Address type, Public or Random of the address used
    326 **
    327 ** Returns          BOOLEAN , TRUE if connection to remote device exists, else FALSE
    328 **
    329 *******************************************************************************/
    330 BOOLEAN BTM_ReadRemoteConnectionAddr(BD_ADDR pseudo_addr, BD_ADDR conn_addr,
    331                                                tBLE_ADDR_TYPE *p_addr_type)
    332 {
    333  BOOLEAN         st = TRUE;
    334 #if (BLE_PRIVACY_SPT == TRUE)
    335     tACL_CONN       *p = btm_bda_to_acl (pseudo_addr, BT_TRANSPORT_LE);
    336 
    337     if (p == NULL)
    338     {
    339         BTM_TRACE_ERROR("BTM_ReadRemoteConnectionAddr can not find connection"
    340                         " with matching address");
    341         return FALSE;
    342     }
    343 
    344     memcpy(conn_addr, p->active_remote_addr, BD_ADDR_LEN);
    345     *p_addr_type = p->active_remote_addr_type;
    346 #else
    347     tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(pseudo_addr);
    348 
    349     memcpy(conn_addr, pseudo_addr, BD_ADDR_LEN);
    350     if (p_dev_rec != NULL)
    351     {
    352         *p_addr_type = p_dev_rec->ble.ble_addr_type;
    353     }
    354 #endif
    355     return st;
    356 
    357 }
    358 /*******************************************************************************
    359 **
    360 ** Function         BTM_SecurityGrant
    361 **
    362 ** Description      This function is called to grant security process.
    363 **
    364 ** Parameters       bd_addr - peer device bd address.
    365 **                  res     - result of the operation BTM_SUCCESS if success.
    366 **                            Otherwise, BTM_REPEATED_ATTEMPTS is too many attempts.
    367 **
    368 ** Returns          None
    369 **
    370 *******************************************************************************/
    371 void BTM_SecurityGrant(BD_ADDR bd_addr, UINT8 res)
    372 {
    373 #if SMP_INCLUDED == TRUE
    374     tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_REPEATED_ATTEMPTS;
    375     BTM_TRACE_DEBUG ("BTM_SecurityGrant");
    376     SMP_SecurityGrant(bd_addr, res_smp);
    377 #endif
    378 }
    379 
    380 /*******************************************************************************
    381 **
    382 ** Function         BTM_BlePasskeyReply
    383 **
    384 ** Description      This function is called after Security Manager submitted
    385 **                  passkey request to the application.
    386 **
    387 ** Parameters:      bd_addr      - Address of the device for which passkey was requested
    388 **                  res          - result of the operation BTM_SUCCESS if success
    389 **                  key_len      - length in bytes of the Passkey
    390 **                  p_passkey        - pointer to array with the passkey
    391 **                  trusted_mask - bitwise OR of trusted services (array of UINT32)
    392 **
    393 *******************************************************************************/
    394 void BTM_BlePasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey)
    395 {
    396 #if SMP_INCLUDED == TRUE
    397     tBTM_SEC_DEV_REC  *p_dev_rec = btm_find_dev (bd_addr);
    398     tSMP_STATUS      res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_PASSKEY_ENTRY_FAIL;
    399 
    400     if (p_dev_rec == NULL)
    401     {
    402         BTM_TRACE_ERROR("Passkey reply to Unknown device");
    403         return;
    404     }
    405 
    406     p_dev_rec->sec_flags   |= BTM_SEC_LE_AUTHENTICATED;
    407     BTM_TRACE_DEBUG ("BTM_BlePasskeyReply");
    408     SMP_PasskeyReply(bd_addr, res_smp, passkey);
    409 #endif
    410 }
    411 
    412 /*******************************************************************************
    413 **
    414 ** Function         BTM_BleConfirmReply
    415 **
    416 ** Description      This function is called after Security Manager submitted
    417 **                  numeric comparison request to the application.
    418 **
    419 ** Parameters:      bd_addr      - Address of the device with which numeric
    420 **                                 comparison was requested
    421 **                  res          - comparison result BTM_SUCCESS if success
    422 **
    423 *******************************************************************************/
    424 void BTM_BleConfirmReply (BD_ADDR bd_addr, UINT8 res)
    425 {
    426     tBTM_SEC_DEV_REC  *p_dev_rec = btm_find_dev (bd_addr);
    427     tSMP_STATUS      res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_PASSKEY_ENTRY_FAIL;
    428 
    429     if (p_dev_rec == NULL)
    430     {
    431         BTM_TRACE_ERROR("Passkey reply to Unknown device");
    432         return;
    433     }
    434 
    435     p_dev_rec->sec_flags   |= BTM_SEC_LE_AUTHENTICATED;
    436     BTM_TRACE_DEBUG ("%s", __func__);
    437     SMP_ConfirmReply(bd_addr, res_smp);
    438 }
    439 
    440 /*******************************************************************************
    441 **
    442 ** Function         BTM_BleOobDataReply
    443 **
    444 ** Description      This function is called to provide the OOB data for
    445 **                  SMP in response to BTM_LE_OOB_REQ_EVT
    446 **
    447 ** Parameters:      bd_addr     - Address of the peer device
    448 **                  res         - result of the operation SMP_SUCCESS if success
    449 **                  p_data      - oob data, depending on transport and capabilities.
    450 **                                Might be "Simple Pairing Randomizer", or
    451 **                                "Security Manager TK Value".
    452 **
    453 *******************************************************************************/
    454 void BTM_BleOobDataReply(BD_ADDR bd_addr, UINT8 res, UINT8 len, UINT8 *p_data)
    455 {
    456 #if SMP_INCLUDED == TRUE
    457     tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_OOB_FAIL;
    458     tBTM_SEC_DEV_REC  *p_dev_rec = btm_find_dev (bd_addr);
    459 
    460     BTM_TRACE_DEBUG ("BTM_BleOobDataReply");
    461 
    462     if (p_dev_rec == NULL)
    463     {
    464         BTM_TRACE_ERROR("BTM_BleOobDataReply() to Unknown device");
    465         return;
    466     }
    467 
    468     p_dev_rec->sec_flags |= BTM_SEC_LE_AUTHENTICATED;
    469     SMP_OobDataReply(bd_addr, res_smp, len, p_data);
    470 #endif
    471 }
    472 
    473 /******************************************************************************
    474 **
    475 ** Function         BTM_BleSetConnScanParams
    476 **
    477 ** Description      Set scan parameter used in BLE connection request
    478 **
    479 ** Parameters:      scan_interval: scan interval
    480 **                  scan_window: scan window
    481 **
    482 ** Returns          void
    483 **
    484 *******************************************************************************/
    485 void BTM_BleSetConnScanParams (UINT32 scan_interval, UINT32 scan_window)
    486 {
    487 #if SMP_INCLUDED == TRUE
    488     tBTM_BLE_CB *p_ble_cb = &btm_cb.ble_ctr_cb;
    489     BOOLEAN     new_param = FALSE;
    490 
    491     if (BTM_BLE_ISVALID_PARAM(scan_interval, BTM_BLE_SCAN_INT_MIN, BTM_BLE_SCAN_INT_MAX) &&
    492         BTM_BLE_ISVALID_PARAM(scan_window, BTM_BLE_SCAN_WIN_MIN, BTM_BLE_SCAN_WIN_MAX))
    493     {
    494         if (p_ble_cb->scan_int != scan_interval)
    495         {
    496             p_ble_cb->scan_int = scan_interval;
    497             new_param = TRUE;
    498         }
    499 
    500         if (p_ble_cb->scan_win != scan_window)
    501         {
    502             p_ble_cb->scan_win = scan_window;
    503             new_param = TRUE;
    504         }
    505 
    506         if (new_param && p_ble_cb->conn_state == BLE_BG_CONN)
    507         {
    508             btm_ble_suspend_bg_conn();
    509         }
    510     }
    511     else
    512     {
    513         BTM_TRACE_ERROR("Illegal Connection Scan Parameters");
    514     }
    515 #endif
    516 }
    517 
    518 /********************************************************
    519 **
    520 ** Function         BTM_BleSetPrefConnParams
    521 **
    522 ** Description      Set a peripheral's preferred connection parameters
    523 **
    524 ** Parameters:      bd_addr          - BD address of the peripheral
    525 **                  scan_interval: scan interval
    526 **                  scan_window: scan window
    527 **                  min_conn_int     - minimum preferred connection interval
    528 **                  max_conn_int     - maximum preferred connection interval
    529 **                  slave_latency    - preferred slave latency
    530 **                  supervision_tout - preferred supervision timeout
    531 **
    532 ** Returns          void
    533 **
    534 *******************************************************************************/
    535 void BTM_BleSetPrefConnParams (BD_ADDR bd_addr,
    536                                UINT16 min_conn_int, UINT16 max_conn_int,
    537                                UINT16 slave_latency, UINT16 supervision_tout)
    538 {
    539     tBTM_SEC_DEV_REC  *p_dev_rec = btm_find_dev (bd_addr);
    540 
    541     BTM_TRACE_API ("BTM_BleSetPrefConnParams min: %u  max: %u  latency: %u  \
    542                     tout: %u",
    543                     min_conn_int, max_conn_int, slave_latency, supervision_tout);
    544 
    545     if (BTM_BLE_ISVALID_PARAM(min_conn_int, BTM_BLE_CONN_INT_MIN, BTM_BLE_CONN_INT_MAX) &&
    546         BTM_BLE_ISVALID_PARAM(max_conn_int, BTM_BLE_CONN_INT_MIN, BTM_BLE_CONN_INT_MAX) &&
    547         BTM_BLE_ISVALID_PARAM(supervision_tout, BTM_BLE_CONN_SUP_TOUT_MIN, BTM_BLE_CONN_SUP_TOUT_MAX) &&
    548         (slave_latency <= BTM_BLE_CONN_LATENCY_MAX || slave_latency == BTM_BLE_CONN_PARAM_UNDEF))
    549     {
    550         if (p_dev_rec)
    551         {
    552             /* expect conn int and stout and slave latency to be updated all together */
    553             if (min_conn_int != BTM_BLE_CONN_PARAM_UNDEF || max_conn_int != BTM_BLE_CONN_PARAM_UNDEF)
    554             {
    555                 if (min_conn_int != BTM_BLE_CONN_PARAM_UNDEF)
    556                     p_dev_rec->conn_params.min_conn_int = min_conn_int;
    557                 else
    558                     p_dev_rec->conn_params.min_conn_int = max_conn_int;
    559 
    560                 if (max_conn_int != BTM_BLE_CONN_PARAM_UNDEF)
    561                     p_dev_rec->conn_params.max_conn_int = max_conn_int;
    562                 else
    563                     p_dev_rec->conn_params.max_conn_int = min_conn_int;
    564 
    565                 if (slave_latency != BTM_BLE_CONN_PARAM_UNDEF)
    566                     p_dev_rec->conn_params.slave_latency = slave_latency;
    567                 else
    568                     p_dev_rec->conn_params.slave_latency = BTM_BLE_CONN_SLAVE_LATENCY_DEF;
    569 
    570                 if (supervision_tout != BTM_BLE_CONN_PARAM_UNDEF)
    571                     p_dev_rec->conn_params.supervision_tout = supervision_tout;
    572                 else
    573                     p_dev_rec->conn_params.supervision_tout = BTM_BLE_CONN_TIMEOUT_DEF;
    574 
    575             }
    576 
    577         }
    578         else
    579         {
    580             BTM_TRACE_ERROR("Unknown Device, setting rejected");
    581         }
    582     }
    583     else
    584     {
    585         BTM_TRACE_ERROR("Illegal Connection Parameters");
    586     }
    587 }
    588 
    589 /*******************************************************************************
    590 **
    591 ** Function         BTM_ReadDevInfo
    592 **
    593 ** Description      This function is called to read the device/address type
    594 **                  of BD address.
    595 **
    596 ** Parameter        remote_bda: remote device address
    597 **                  p_dev_type: output parameter to read the device type.
    598 **                  p_addr_type: output parameter to read the address type.
    599 **
    600 *******************************************************************************/
    601 void BTM_ReadDevInfo (BD_ADDR remote_bda, tBT_DEVICE_TYPE *p_dev_type, tBLE_ADDR_TYPE *p_addr_type)
    602 {
    603     tBTM_SEC_DEV_REC  *p_dev_rec = btm_find_dev (remote_bda);
    604     tBTM_INQ_INFO     *p_inq_info = BTM_InqDbRead(remote_bda);
    605 
    606     *p_addr_type = BLE_ADDR_PUBLIC;
    607 
    608     if (!p_dev_rec)
    609     {
    610         *p_dev_type = BT_DEVICE_TYPE_BREDR;
    611         /* Check with the BT manager if details about remote device are known */
    612         if (p_inq_info != NULL)
    613         {
    614             *p_dev_type = p_inq_info->results.device_type ;
    615             *p_addr_type = p_inq_info->results.ble_addr_type;
    616         } else {
    617             /* unknown device, assume BR/EDR */
    618             BTM_TRACE_DEBUG ("btm_find_dev_type - unknown device, BR/EDR assumed");
    619         }
    620     }
    621     else /* there is a security device record exisitng */
    622     {
    623         /* new inquiry result, overwrite device type in security device record */
    624         if (p_inq_info)
    625         {
    626             p_dev_rec->device_type          = p_inq_info->results.device_type;
    627             p_dev_rec->ble.ble_addr_type    = p_inq_info->results.ble_addr_type;
    628         }
    629         if (memcmp(p_dev_rec->bd_addr, remote_bda, BD_ADDR_LEN) == 0 &&
    630             memcmp(p_dev_rec->ble.pseudo_addr, remote_bda, BD_ADDR_LEN) == 0)
    631         {
    632             *p_dev_type = p_dev_rec->device_type;
    633             *p_addr_type = p_dev_rec->ble.ble_addr_type;
    634         }
    635         else if (memcmp(p_dev_rec->ble.pseudo_addr, remote_bda, BD_ADDR_LEN) == 0)
    636         {
    637             *p_dev_type = BT_DEVICE_TYPE_BLE;
    638             *p_addr_type = p_dev_rec->ble.ble_addr_type;
    639         }
    640         else  /* matching static adddress only */
    641         {
    642             *p_dev_type = BT_DEVICE_TYPE_BREDR;
    643             *p_addr_type = BLE_ADDR_PUBLIC;
    644         }
    645 
    646     }
    647 
    648     BTM_TRACE_DEBUG ("btm_find_dev_type - device_type = %d addr_type = %d", *p_dev_type , *p_addr_type);
    649 }
    650 
    651 /*******************************************************************************
    652 **
    653 ** Function         BTM_ReadConnectedTransportAddress
    654 **
    655 ** Description      This function is called to read the paired device/address type of other device paired
    656 **                  corresponding to the BD_address
    657 **
    658 ** Parameter        remote_bda: remote device address, carry out the transport address
    659 **                  transport: active transport
    660 **
    661 ** Return           TRUE if an active link is identified; FALSE otherwise
    662 **
    663 *******************************************************************************/
    664 BOOLEAN BTM_ReadConnectedTransportAddress(BD_ADDR remote_bda, tBT_TRANSPORT transport)
    665 {
    666     tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(remote_bda);
    667 
    668     /* if no device can be located, return */
    669     if (p_dev_rec == NULL)
    670         return FALSE;
    671 
    672     if (transport == BT_TRANSPORT_BR_EDR)
    673     {
    674         if (btm_bda_to_acl(p_dev_rec->bd_addr, transport) != NULL)
    675         {
    676             memcpy(remote_bda, p_dev_rec->bd_addr, BD_ADDR_LEN);
    677             return TRUE;
    678         }
    679         else if (p_dev_rec->device_type & BT_DEVICE_TYPE_BREDR)
    680         {
    681             memcpy(remote_bda, p_dev_rec->bd_addr, BD_ADDR_LEN);
    682         }
    683         else
    684             memset(remote_bda, 0, BD_ADDR_LEN);
    685         return FALSE;
    686     }
    687 
    688     if (transport == BT_TRANSPORT_LE)
    689     {
    690         memcpy(remote_bda, p_dev_rec->ble.pseudo_addr, BD_ADDR_LEN);
    691         if (btm_bda_to_acl(p_dev_rec->ble.pseudo_addr, transport) != NULL)
    692             return TRUE;
    693         else
    694             return FALSE;
    695     }
    696 
    697     return FALSE;
    698 }
    699 
    700 /*******************************************************************************
    701 **
    702 ** Function         BTM_BleReceiverTest
    703 **
    704 ** Description      This function is called to start the LE Receiver test
    705 **
    706 ** Parameter       rx_freq - Frequency Range
    707 **               p_cmd_cmpl_cback - Command Complete callback
    708 **
    709 *******************************************************************************/
    710 void BTM_BleReceiverTest(UINT8 rx_freq, tBTM_CMPL_CB *p_cmd_cmpl_cback)
    711 {
    712      btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback;
    713 
    714      if (btsnd_hcic_ble_receiver_test(rx_freq) == FALSE)
    715      {
    716           BTM_TRACE_ERROR("%s: Unable to Trigger LE receiver test", __FUNCTION__);
    717      }
    718 }
    719 
    720 /*******************************************************************************
    721 **
    722 ** Function         BTM_BleTransmitterTest
    723 **
    724 ** Description      This function is called to start the LE Transmitter test
    725 **
    726 ** Parameter       tx_freq - Frequency Range
    727 **                       test_data_len - Length in bytes of payload data in each packet
    728 **                       packet_payload - Pattern to use in the payload
    729 **                       p_cmd_cmpl_cback - Command Complete callback
    730 **
    731 *******************************************************************************/
    732 void BTM_BleTransmitterTest(UINT8 tx_freq, UINT8 test_data_len,
    733                                  UINT8 packet_payload, tBTM_CMPL_CB *p_cmd_cmpl_cback)
    734 {
    735      btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback;
    736      if (btsnd_hcic_ble_transmitter_test(tx_freq, test_data_len, packet_payload) == FALSE)
    737      {
    738           BTM_TRACE_ERROR("%s: Unable to Trigger LE transmitter test", __FUNCTION__);
    739      }
    740 }
    741 
    742 /*******************************************************************************
    743 **
    744 ** Function         BTM_BleTestEnd
    745 **
    746 ** Description      This function is called to stop the in-progress TX or RX test
    747 **
    748 ** Parameter       p_cmd_cmpl_cback - Command complete callback
    749 **
    750 *******************************************************************************/
    751 void BTM_BleTestEnd(tBTM_CMPL_CB *p_cmd_cmpl_cback)
    752 {
    753      btm_cb.devcb.p_le_test_cmd_cmpl_cb = p_cmd_cmpl_cback;
    754 
    755      if (btsnd_hcic_ble_test_end() == FALSE)
    756      {
    757           BTM_TRACE_ERROR("%s: Unable to End the LE TX/RX test", __FUNCTION__);
    758      }
    759 }
    760 
    761 /*******************************************************************************
    762 ** Internal Functions
    763 *******************************************************************************/
    764 void btm_ble_test_command_complete(UINT8 *p)
    765 {
    766     tBTM_CMPL_CB   *p_cb = btm_cb.devcb.p_le_test_cmd_cmpl_cb;
    767 
    768     btm_cb.devcb.p_le_test_cmd_cmpl_cb = NULL;
    769 
    770     if (p_cb)
    771     {
    772         (*p_cb)(p);
    773     }
    774 }
    775 
    776 /*******************************************************************************
    777 **
    778 ** Function         BTM_UseLeLink
    779 **
    780 ** Description      This function is to select the underneath physical link to use.
    781 **
    782 ** Returns          TRUE to use LE, FALSE use BR/EDR.
    783 **
    784 *******************************************************************************/
    785 BOOLEAN BTM_UseLeLink (BD_ADDR bd_addr)
    786 {
    787     tACL_CONN         *p;
    788     tBT_DEVICE_TYPE     dev_type;
    789     tBLE_ADDR_TYPE      addr_type;
    790     BOOLEAN             use_le = FALSE;
    791 
    792     if ((p = btm_bda_to_acl(bd_addr, BT_TRANSPORT_BR_EDR)) != NULL)
    793     {
    794         return use_le;
    795     }
    796     else if ((p = btm_bda_to_acl(bd_addr, BT_TRANSPORT_LE)) != NULL)
    797     {
    798         use_le = TRUE;
    799     }
    800     else
    801     {
    802         BTM_ReadDevInfo(bd_addr, &dev_type, &addr_type);
    803         use_le = (dev_type == BT_DEVICE_TYPE_BLE);
    804     }
    805     return use_le;
    806 }
    807 
    808 /*******************************************************************************
    809 **
    810 ** Function         BTM_SetBleDataLength
    811 **
    812 ** Description      This function is to set maximum BLE transmission packet size
    813 **
    814 ** Returns          BTM_SUCCESS if success; otherwise failed.
    815 **
    816 *******************************************************************************/
    817 tBTM_STATUS BTM_SetBleDataLength(BD_ADDR bd_addr, UINT16 tx_pdu_length)
    818 {
    819     tACL_CONN *p_acl = btm_bda_to_acl(bd_addr, BT_TRANSPORT_LE);
    820     BTM_TRACE_DEBUG("%s: tx_pdu_length =%d", __FUNCTION__, tx_pdu_length);
    821 
    822     if (!controller_get_interface()->supports_ble_packet_extension())
    823     {
    824         BTM_TRACE_ERROR("%s failed, request not supported", __FUNCTION__);
    825         return BTM_ILLEGAL_VALUE;
    826     }
    827 
    828     if (!HCI_LE_DATA_LEN_EXT_SUPPORTED(p_acl->peer_le_features))
    829     {
    830         BTM_TRACE_ERROR("%s failed, peer does not support request", __FUNCTION__);
    831         return BTM_ILLEGAL_VALUE;
    832     }
    833 
    834     if (p_acl != NULL)
    835     {
    836         if (tx_pdu_length > BTM_BLE_DATA_SIZE_MAX)
    837             tx_pdu_length =  BTM_BLE_DATA_SIZE_MAX;
    838         else if (tx_pdu_length < BTM_BLE_DATA_SIZE_MIN)
    839             tx_pdu_length =  BTM_BLE_DATA_SIZE_MIN;
    840 
    841         /* always set the TxTime to be max, as controller does not care for now */
    842         btsnd_hcic_ble_set_data_length(p_acl->hci_handle, tx_pdu_length,
    843                                             BTM_BLE_DATA_TX_TIME_MAX);
    844 
    845         return BTM_SUCCESS;
    846     }
    847     else
    848     {
    849         BTM_TRACE_ERROR("%s: Wrong mode: no LE link exist or LE not supported",__FUNCTION__);
    850         return BTM_WRONG_MODE;
    851     }
    852 }
    853 
    854 /*******************************************************************************
    855 **
    856 ** Function         btm_ble_determine_security_act
    857 **
    858 ** Description      This function checks the security of current LE link
    859 **                  and returns the appropriate action that needs to be
    860 **                  taken to achieve the required security.
    861 **
    862 ** Parameter        is_originator - True if outgoing connection
    863 **                  bdaddr: remote device address
    864 **                  security_required: Security required for the service.
    865 **
    866 ** Returns          The appropriate security action required.
    867 **
    868 *******************************************************************************/
    869 tBTM_SEC_ACTION btm_ble_determine_security_act(BOOLEAN is_originator, BD_ADDR bdaddr, UINT16 security_required)
    870 {
    871     tBTM_LE_AUTH_REQ auth_req = 0x00;
    872 
    873     if (is_originator)
    874     {
    875         if ((security_required & BTM_SEC_OUT_FLAGS) == 0 &&
    876                 (security_required & BTM_SEC_OUT_MITM) == 0)
    877         {
    878             BTM_TRACE_DEBUG ("%s No security required for outgoing connection", __func__);
    879             return BTM_SEC_OK;
    880         }
    881 
    882         if (security_required & BTM_SEC_OUT_MITM)
    883             auth_req |= BTM_LE_AUTH_REQ_MITM;
    884     }
    885     else
    886     {
    887         if ((security_required & BTM_SEC_IN_FLAGS) == 0&& (security_required & BTM_SEC_IN_MITM) == 0)
    888         {
    889             BTM_TRACE_DEBUG ("%s No security required for incoming connection", __func__);
    890             return BTM_SEC_OK;
    891         }
    892 
    893         if (security_required & BTM_SEC_IN_MITM)
    894             auth_req |= BTM_LE_AUTH_REQ_MITM;
    895     }
    896 
    897     tBTM_BLE_SEC_REQ_ACT ble_sec_act;
    898     btm_ble_link_sec_check(bdaddr, auth_req, &ble_sec_act);
    899 
    900     BTM_TRACE_DEBUG ("%s ble_sec_act %d", __func__ , ble_sec_act);
    901 
    902     if (ble_sec_act == BTM_BLE_SEC_REQ_ACT_DISCARD)
    903         return BTM_SEC_ENC_PENDING;
    904 
    905     if (ble_sec_act == BTM_BLE_SEC_REQ_ACT_NONE)
    906         return BTM_SEC_OK;
    907 
    908     UINT8 sec_flag = 0;
    909     BTM_GetSecurityFlagsByTransport(bdaddr, &sec_flag, BT_TRANSPORT_LE);
    910 
    911     BOOLEAN is_link_encrypted = FALSE;
    912     BOOLEAN is_key_mitm = FALSE;
    913     if (sec_flag & (BTM_SEC_FLAG_ENCRYPTED| BTM_SEC_FLAG_LKEY_KNOWN))
    914     {
    915         if (sec_flag & BTM_SEC_FLAG_ENCRYPTED)
    916             is_link_encrypted = TRUE;
    917 
    918         if (sec_flag & BTM_SEC_FLAG_LKEY_AUTHED)
    919             is_key_mitm = TRUE;
    920     }
    921 
    922     if (auth_req & BTM_LE_AUTH_REQ_MITM)
    923     {
    924         if (!is_key_mitm)
    925         {
    926             return BTM_SEC_ENCRYPT_MITM;
    927         } else {
    928             if (is_link_encrypted)
    929                 return BTM_SEC_OK;
    930             else
    931                 return BTM_SEC_ENCRYPT;
    932         }
    933     } else {
    934         if (is_link_encrypted)
    935             return BTM_SEC_OK;
    936         else
    937             return BTM_SEC_ENCRYPT_NO_MITM;
    938     }
    939 
    940     return BTM_SEC_OK;
    941 }
    942 
    943 /*******************************************************************************
    944 **
    945 ** Function         btm_ble_start_sec_check
    946 **
    947 ** Description      This function is to check and set the security required for
    948 **                  LE link for LE COC.
    949 **
    950 ** Parameter        bdaddr: remote device address.
    951 **                  psm : PSM of the LE COC sevice.
    952 **                  is_originator: TRUE if outgoing connection.
    953 **                  p_callback : Pointer to the callback function.
    954 **                  p_ref_data : Pointer to be returned along with the callback.
    955 **
    956 ** Returns          TRUE if link already meets the required security; otherwise FALSE.
    957 **
    958 *******************************************************************************/
    959 BOOLEAN btm_ble_start_sec_check(BD_ADDR bd_addr, UINT16 psm, BOOLEAN is_originator,
    960                             tBTM_SEC_CALLBACK *p_callback, void *p_ref_data)
    961 {
    962     /* Find the service record for the PSM */
    963     tBTM_SEC_SERV_REC *p_serv_rec = btm_sec_find_first_serv (is_originator, psm);
    964 
    965     /* If there is no application registered with this PSM do not allow connection */
    966     if (!p_serv_rec)
    967     {
    968         BTM_TRACE_WARNING ("%s PSM: %d no application registerd", __func__, psm);
    969         (*p_callback) (bd_addr, BT_TRANSPORT_LE, p_ref_data, BTM_MODE_UNSUPPORTED);
    970         return FALSE;
    971     }
    972 
    973     tBTM_SEC_ACTION sec_act = btm_ble_determine_security_act(is_originator,
    974                                   bd_addr, p_serv_rec->security_flags);
    975 
    976     tBTM_BLE_SEC_ACT ble_sec_act = BTM_BLE_SEC_NONE;
    977     BOOLEAN status = FALSE;
    978 
    979     switch (sec_act)
    980     {
    981         case BTM_SEC_OK:
    982             BTM_TRACE_DEBUG ("%s Security met", __func__);
    983             p_callback(bd_addr, BT_TRANSPORT_LE, p_ref_data, BTM_SUCCESS);
    984             status = TRUE;
    985             break;
    986 
    987         case BTM_SEC_ENCRYPT:
    988             BTM_TRACE_DEBUG ("%s Encryption needs to be done", __func__);
    989             ble_sec_act = BTM_BLE_SEC_ENCRYPT;
    990             break;
    991 
    992         case BTM_SEC_ENCRYPT_MITM:
    993             BTM_TRACE_DEBUG ("%s Pairing with MITM needs to be done", __func__);
    994             ble_sec_act = BTM_BLE_SEC_ENCRYPT_MITM;
    995             break;
    996 
    997         case BTM_SEC_ENCRYPT_NO_MITM:
    998             BTM_TRACE_DEBUG ("%s Pairing with No MITM needs to be done", __func__);
    999             ble_sec_act = BTM_BLE_SEC_ENCRYPT_NO_MITM;
   1000             break;
   1001 
   1002         case BTM_SEC_ENC_PENDING:
   1003             BTM_TRACE_DEBUG ("%s Ecryption pending", __func__);
   1004             break;
   1005     }
   1006 
   1007     if (ble_sec_act == BTM_BLE_SEC_NONE)
   1008         return status;
   1009 
   1010     tL2C_LCB *p_lcb = l2cu_find_lcb_by_bd_addr(bd_addr, BT_TRANSPORT_LE);
   1011     p_lcb->sec_act = sec_act;
   1012     BTM_SetEncryption(bd_addr, BT_TRANSPORT_LE, p_callback, p_ref_data, ble_sec_act);
   1013 
   1014     return FALSE;
   1015 }
   1016 
   1017 /*******************************************************************************
   1018 **
   1019 ** Function         btm_ble_rand_enc_complete
   1020 **
   1021 ** Description      This function is the callback functions for HCI_Rand command
   1022 **                  and HCI_Encrypt command is completed.
   1023 **                  This message is received from the HCI.
   1024 **
   1025 ** Returns          void
   1026 **
   1027 *******************************************************************************/
   1028 void btm_ble_rand_enc_complete (UINT8 *p, UINT16 op_code, tBTM_RAND_ENC_CB *p_enc_cplt_cback)
   1029 {
   1030     tBTM_RAND_ENC   params;
   1031     UINT8           *p_dest = params.param_buf;
   1032 
   1033     BTM_TRACE_DEBUG ("btm_ble_rand_enc_complete");
   1034 
   1035     memset(&params, 0, sizeof(tBTM_RAND_ENC));
   1036 
   1037     /* If there was a callback address for vcs complete, call it */
   1038     if (p_enc_cplt_cback && p)
   1039     {
   1040         /* Pass paramters to the callback function */
   1041         STREAM_TO_UINT8(params.status, p); /* command status */
   1042 
   1043         if (params.status == HCI_SUCCESS)
   1044         {
   1045             params.opcode = op_code;
   1046 
   1047             if (op_code == HCI_BLE_RAND)
   1048                 params.param_len = BT_OCTET8_LEN;
   1049             else
   1050                 params.param_len = BT_OCTET16_LEN;
   1051 
   1052             memcpy(p_dest, p, params.param_len);  /* Fetch return info from HCI event message */
   1053         }
   1054         if (p_enc_cplt_cback)
   1055             (*p_enc_cplt_cback)(&params);  /* Call the Encryption complete callback function */
   1056     }
   1057 }
   1058 
   1059     #if (SMP_INCLUDED == TRUE)
   1060 
   1061 /*******************************************************************************
   1062 **
   1063 ** Function         btm_ble_get_enc_key_type
   1064 **
   1065 ** Description      This function is to increment local sign counter
   1066 ** Returns         None
   1067 **
   1068 *******************************************************************************/
   1069 void btm_ble_increment_sign_ctr(BD_ADDR bd_addr, BOOLEAN is_local )
   1070 {
   1071     tBTM_SEC_DEV_REC *p_dev_rec;
   1072 
   1073     BTM_TRACE_DEBUG ("btm_ble_increment_sign_ctr is_local=%d", is_local);
   1074 
   1075     if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL)
   1076     {
   1077         if (is_local)
   1078             p_dev_rec->ble.keys.local_counter++;
   1079         else
   1080             p_dev_rec->ble.keys.counter++;
   1081         BTM_TRACE_DEBUG ("is_local=%d local sign counter=%d peer sign counter=%d",
   1082                           is_local,
   1083                           p_dev_rec->ble.keys.local_counter,
   1084                           p_dev_rec->ble.keys.counter);
   1085     }
   1086 }
   1087 
   1088 /*******************************************************************************
   1089 **
   1090 ** Function         btm_ble_get_enc_key_type
   1091 **
   1092 ** Description      This function is to get the BLE key type that has been exchanged
   1093 **                  in betweem local device and peer device.
   1094 **
   1095 ** Returns          p_key_type: output parameter to carry the key type value.
   1096 **
   1097 *******************************************************************************/
   1098 BOOLEAN btm_ble_get_enc_key_type(BD_ADDR bd_addr, UINT8 *p_key_types)
   1099 {
   1100     tBTM_SEC_DEV_REC *p_dev_rec;
   1101 
   1102     BTM_TRACE_DEBUG ("btm_ble_get_enc_key_type");
   1103 
   1104     if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL)
   1105     {
   1106         *p_key_types = p_dev_rec->ble.key_type;
   1107         return TRUE;
   1108     }
   1109     return FALSE;
   1110 }
   1111 
   1112 /*******************************************************************************
   1113 **
   1114 ** Function         btm_get_local_div
   1115 **
   1116 ** Description      This function is called to read the local DIV
   1117 **
   1118 ** Returns          TURE - if a valid DIV is availavle
   1119 *******************************************************************************/
   1120 BOOLEAN btm_get_local_div (BD_ADDR bd_addr, UINT16 *p_div)
   1121 {
   1122     tBTM_SEC_DEV_REC   *p_dev_rec;
   1123     BOOLEAN            status = FALSE;
   1124     BTM_TRACE_DEBUG ("btm_get_local_div");
   1125 
   1126     BTM_TRACE_DEBUG("bd_addr:%02x-%02x-%02x-%02x-%02x-%02x",
   1127                      bd_addr[0],bd_addr[1],
   1128                      bd_addr[2],bd_addr[3],
   1129                      bd_addr[4],bd_addr[5]);
   1130 
   1131     *p_div = 0;
   1132     p_dev_rec = btm_find_dev (bd_addr);
   1133 
   1134     if (p_dev_rec && p_dev_rec->ble.keys.div)
   1135     {
   1136         status = TRUE;
   1137         *p_div = p_dev_rec->ble.keys.div;
   1138     }
   1139     BTM_TRACE_DEBUG ("btm_get_local_div status=%d (1-OK) DIV=0x%x", status, *p_div);
   1140     return status;
   1141 }
   1142 
   1143 /*******************************************************************************
   1144 **
   1145 ** Function         btm_sec_save_le_key
   1146 **
   1147 ** Description      This function is called by the SMP to update
   1148 **                  an  BLE key.  SMP is internal, whereas all the keys shall
   1149 **                  be sent to the application.  The function is also called
   1150 **                  when application passes ble key stored in NVRAM to the btm_sec.
   1151 **                  pass_to_application parameter is false in this case.
   1152 **
   1153 ** Returns          void
   1154 **
   1155 *******************************************************************************/
   1156 void btm_sec_save_le_key(BD_ADDR bd_addr, tBTM_LE_KEY_TYPE key_type, tBTM_LE_KEY_VALUE *p_keys,
   1157                          BOOLEAN pass_to_application)
   1158 {
   1159     tBTM_SEC_DEV_REC *p_rec;
   1160     tBTM_LE_EVT_DATA    cb_data;
   1161     UINT8 i;
   1162 
   1163     BTM_TRACE_DEBUG ("btm_sec_save_le_key key_type=0x%x pass_to_application=%d",key_type, pass_to_application);
   1164     /* Store the updated key in the device database */
   1165 
   1166     BTM_TRACE_DEBUG("bd_addr:%02x-%02x-%02x-%02x-%02x-%02x",
   1167                      bd_addr[0],bd_addr[1],
   1168                      bd_addr[2],bd_addr[3],
   1169                      bd_addr[4],bd_addr[5]);
   1170 
   1171     if ((p_rec = btm_find_dev (bd_addr)) != NULL && (p_keys || key_type== BTM_LE_KEY_LID))
   1172     {
   1173         btm_ble_init_pseudo_addr (p_rec, bd_addr);
   1174 
   1175         switch (key_type)
   1176         {
   1177             case BTM_LE_KEY_PENC:
   1178                 memcpy(p_rec->ble.keys.pltk, p_keys->penc_key.ltk, BT_OCTET16_LEN);
   1179                 memcpy(p_rec->ble.keys.rand, p_keys->penc_key.rand, BT_OCTET8_LEN);
   1180                 p_rec->ble.keys.sec_level = p_keys->penc_key.sec_level;
   1181                 p_rec->ble.keys.ediv = p_keys->penc_key.ediv;
   1182                 p_rec->ble.keys.key_size = p_keys->penc_key.key_size;
   1183                 p_rec->ble.key_type |= BTM_LE_KEY_PENC;
   1184                 p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_KNOWN;
   1185                 if (p_keys->penc_key.sec_level == SMP_SEC_AUTHENTICATED)
   1186                     p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_AUTHED;
   1187                 else
   1188                     p_rec->sec_flags &= ~BTM_SEC_LE_LINK_KEY_AUTHED;
   1189                 BTM_TRACE_DEBUG("BTM_LE_KEY_PENC key_type=0x%x sec_flags=0x%x sec_leve=0x%x",
   1190                                  p_rec->ble.key_type,
   1191                                  p_rec->sec_flags,
   1192                                  p_rec->ble.keys.sec_level);
   1193                 break;
   1194 
   1195             case BTM_LE_KEY_PID:
   1196                 for (i=0; i<BT_OCTET16_LEN; i++)
   1197                 {
   1198                     p_rec->ble.keys.irk[i] = p_keys->pid_key.irk[i];
   1199                 }
   1200 
   1201                  //memcpy( p_rec->ble.keys.irk, p_keys->pid_key, BT_OCTET16_LEN); todo will crash the system
   1202                 memcpy(p_rec->ble.static_addr, p_keys->pid_key.static_addr, BD_ADDR_LEN);
   1203                 p_rec->ble.static_addr_type = p_keys->pid_key.addr_type;
   1204                 p_rec->ble.key_type |= BTM_LE_KEY_PID;
   1205                 BTM_TRACE_DEBUG("BTM_LE_KEY_PID key_type=0x%x save peer IRK",  p_rec->ble.key_type);
   1206                  /* update device record address as static address */
   1207                 memcpy(p_rec->bd_addr, p_keys->pid_key.static_addr, BD_ADDR_LEN);
   1208                 /* combine DUMO device security record if needed */
   1209                 btm_consolidate_dev(p_rec);
   1210                 break;
   1211 
   1212             case BTM_LE_KEY_PCSRK:
   1213                 memcpy(p_rec->ble.keys.pcsrk, p_keys->pcsrk_key.csrk, BT_OCTET16_LEN);
   1214                 p_rec->ble.keys.srk_sec_level = p_keys->pcsrk_key.sec_level;
   1215                 p_rec->ble.keys.counter  = p_keys->pcsrk_key.counter;
   1216                 p_rec->ble.key_type |= BTM_LE_KEY_PCSRK;
   1217                 p_rec->sec_flags |=  BTM_SEC_LE_LINK_KEY_KNOWN;
   1218                 if ( p_keys->pcsrk_key.sec_level== SMP_SEC_AUTHENTICATED)
   1219                     p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_AUTHED;
   1220                 else
   1221                     p_rec->sec_flags &= ~BTM_SEC_LE_LINK_KEY_AUTHED;
   1222 
   1223                 BTM_TRACE_DEBUG("BTM_LE_KEY_PCSRK key_type=0x%x sec_flags=0x%x sec_level=0x%x peer_counter=%d",
   1224                                  p_rec->ble.key_type,
   1225                                  p_rec->sec_flags,
   1226                                  p_rec->ble.keys.srk_sec_level,
   1227                                  p_rec->ble.keys.counter );
   1228                 break;
   1229 
   1230             case BTM_LE_KEY_LENC:
   1231                 memcpy(p_rec->ble.keys.lltk, p_keys->lenc_key.ltk, BT_OCTET16_LEN);
   1232                 p_rec->ble.keys.div = p_keys->lenc_key.div; /* update DIV */
   1233                 p_rec->ble.keys.sec_level = p_keys->lenc_key.sec_level;
   1234                 p_rec->ble.keys.key_size = p_keys->lenc_key.key_size;
   1235                 p_rec->ble.key_type |= BTM_LE_KEY_LENC;
   1236 
   1237                 BTM_TRACE_DEBUG("BTM_LE_KEY_LENC key_type=0x%x DIV=0x%x key_size=0x%x sec_level=0x%x",
   1238                                  p_rec->ble.key_type,
   1239                                  p_rec->ble.keys.div,
   1240                                  p_rec->ble.keys.key_size,
   1241                                  p_rec->ble.keys.sec_level );
   1242                 break;
   1243 
   1244             case BTM_LE_KEY_LCSRK:/* local CSRK has been delivered */
   1245                 memcpy (p_rec->ble.keys.lcsrk, p_keys->lcsrk_key.csrk, BT_OCTET16_LEN);
   1246                 p_rec->ble.keys.div = p_keys->lcsrk_key.div; /* update DIV */
   1247                 p_rec->ble.keys.local_csrk_sec_level = p_keys->lcsrk_key.sec_level;
   1248                 p_rec->ble.keys.local_counter  = p_keys->lcsrk_key.counter;
   1249                 p_rec->ble.key_type |= BTM_LE_KEY_LCSRK;
   1250                 BTM_TRACE_DEBUG("BTM_LE_KEY_LCSRK key_type=0x%x DIV=0x%x scrk_sec_level=0x%x local_counter=%d",
   1251                                  p_rec->ble.key_type,
   1252                                  p_rec->ble.keys.div,
   1253                                  p_rec->ble.keys.local_csrk_sec_level,
   1254                                  p_rec->ble.keys.local_counter );
   1255                 break;
   1256 
   1257             case BTM_LE_KEY_LID:
   1258                p_rec->ble.key_type |= BTM_LE_KEY_LID;
   1259                break;
   1260             default:
   1261                 BTM_TRACE_WARNING("btm_sec_save_le_key (Bad key_type 0x%02x)", key_type);
   1262                 return;
   1263         }
   1264 
   1265         BTM_TRACE_DEBUG ("BLE key type 0x%02x updated for BDA: %08x%04x (btm_sec_save_le_key)", key_type,
   1266                           (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3],
   1267                           (bd_addr[4]<<8)+bd_addr[5]);
   1268 
   1269         /* Notify the application that one of the BLE keys has been updated
   1270            If link key is in progress, it will get sent later.*/
   1271         if (pass_to_application && btm_cb.api.p_le_callback)
   1272         {
   1273             cb_data.key.p_key_value = p_keys;
   1274             cb_data.key.key_type = key_type;
   1275 
   1276             (*btm_cb.api.p_le_callback) (BTM_LE_KEY_EVT, bd_addr, &cb_data);
   1277         }
   1278         return;
   1279     }
   1280 
   1281     BTM_TRACE_WARNING ("BLE key type 0x%02x called for Unknown BDA or type: %08x%04x !! (btm_sec_save_le_key)", key_type,
   1282                         (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3],
   1283                         (bd_addr[4]<<8)+bd_addr[5]);
   1284 
   1285     if (p_rec)
   1286     {
   1287         BTM_TRACE_DEBUG ("sec_flags=0x%x", p_rec->sec_flags);
   1288     }
   1289 }
   1290 
   1291 /*******************************************************************************
   1292 **
   1293 ** Function         btm_ble_update_sec_key_size
   1294 **
   1295 ** Description      update the current lin kencryption key size
   1296 **
   1297 ** Returns          void
   1298 **
   1299 *******************************************************************************/
   1300 void btm_ble_update_sec_key_size(BD_ADDR bd_addr, UINT8 enc_key_size)
   1301 {
   1302     tBTM_SEC_DEV_REC *p_rec;
   1303 
   1304     BTM_TRACE_DEBUG("btm_ble_update_sec_key_size enc_key_size = %d", enc_key_size);
   1305 
   1306     if ((p_rec = btm_find_dev (bd_addr)) != NULL )
   1307     {
   1308         p_rec->enc_key_size = enc_key_size;
   1309     }
   1310 }
   1311 
   1312 /*******************************************************************************
   1313 **
   1314 ** Function         btm_ble_read_sec_key_size
   1315 **
   1316 ** Description      update the current lin kencryption key size
   1317 **
   1318 ** Returns          void
   1319 **
   1320 *******************************************************************************/
   1321 UINT8 btm_ble_read_sec_key_size(BD_ADDR bd_addr)
   1322 {
   1323     tBTM_SEC_DEV_REC *p_rec;
   1324 
   1325     if ((p_rec = btm_find_dev (bd_addr)) != NULL )
   1326     {
   1327         return p_rec->enc_key_size;
   1328     }
   1329     else
   1330         return 0;
   1331 }
   1332 
   1333 /*******************************************************************************
   1334 **
   1335 ** Function         btm_ble_link_sec_check
   1336 **
   1337 ** Description      Check BLE link security level match.
   1338 **
   1339 ** Returns          TRUE: check is OK and the *p_sec_req_act contain the action
   1340 **
   1341 *******************************************************************************/
   1342 void btm_ble_link_sec_check(BD_ADDR bd_addr, tBTM_LE_AUTH_REQ auth_req, tBTM_BLE_SEC_REQ_ACT *p_sec_req_act)
   1343 {
   1344     tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
   1345     UINT8 req_sec_level = BTM_LE_SEC_NONE, cur_sec_level = BTM_LE_SEC_NONE;
   1346 
   1347     BTM_TRACE_DEBUG ("btm_ble_link_sec_check auth_req =0x%x", auth_req);
   1348 
   1349     if (p_dev_rec == NULL)
   1350     {
   1351         BTM_TRACE_ERROR ("btm_ble_link_sec_check received for unknown device");
   1352         return;
   1353     }
   1354 
   1355     if (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING ||
   1356         p_dev_rec->sec_state == BTM_SEC_STATE_AUTHENTICATING)
   1357     {
   1358         /* race condition: discard the security request while master is encrypting the link */
   1359         *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_DISCARD;
   1360     }
   1361     else
   1362     {
   1363         req_sec_level = BTM_LE_SEC_UNAUTHENTICATE;
   1364         if (auth_req & BTM_LE_AUTH_REQ_MITM)
   1365         {
   1366             req_sec_level = BTM_LE_SEC_AUTHENTICATED;
   1367         }
   1368 
   1369         BTM_TRACE_DEBUG ("dev_rec sec_flags=0x%x", p_dev_rec->sec_flags);
   1370 
   1371         /* currently encrpted  */
   1372         if (p_dev_rec->sec_flags & BTM_SEC_LE_ENCRYPTED)
   1373         {
   1374             if (p_dev_rec->sec_flags & BTM_SEC_LE_AUTHENTICATED)
   1375                 cur_sec_level = BTM_LE_SEC_AUTHENTICATED;
   1376             else
   1377                 cur_sec_level = BTM_LE_SEC_UNAUTHENTICATE;
   1378         }
   1379         else /* unencrypted link */
   1380         {
   1381             /* if bonded, get the key security level */
   1382             if (p_dev_rec->ble.key_type & BTM_LE_KEY_PENC)
   1383                 cur_sec_level = p_dev_rec->ble.keys.sec_level;
   1384             else
   1385                 cur_sec_level = BTM_LE_SEC_NONE;
   1386         }
   1387 
   1388         if (cur_sec_level >= req_sec_level)
   1389         {
   1390             /* To avoid re-encryption on an encrypted link for an equal condition encryption */
   1391             *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_ENCRYPT;
   1392         }
   1393         else
   1394         {
   1395             *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_PAIR; /* start the pariring process to upgrade the keys*/
   1396         }
   1397     }
   1398 
   1399     BTM_TRACE_DEBUG("cur_sec_level=%d req_sec_level=%d sec_req_act=%d",
   1400                      cur_sec_level,
   1401                      req_sec_level,
   1402                      *p_sec_req_act);
   1403 
   1404 }
   1405 
   1406 /*******************************************************************************
   1407 **
   1408 ** Function         btm_ble_set_encryption
   1409 **
   1410 ** Description      This function is called to ensure that LE connection is
   1411 **                  encrypted.  Should be called only on an open connection.
   1412 **                  Typically only needed for connections that first want to
   1413 **                  bring up unencrypted links, then later encrypt them.
   1414 **
   1415 ** Returns          void
   1416 **                  the local device ER is copied into er
   1417 **
   1418 *******************************************************************************/
   1419 tBTM_STATUS btm_ble_set_encryption (BD_ADDR bd_addr, tBTM_BLE_SEC_ACT sec_act, UINT8 link_role)
   1420 {
   1421     tBTM_STATUS         cmd = BTM_NO_RESOURCES;
   1422     tBTM_SEC_DEV_REC    *p_rec = btm_find_dev (bd_addr);
   1423     tBTM_BLE_SEC_REQ_ACT sec_req_act;
   1424     tBTM_LE_AUTH_REQ    auth_req;
   1425 
   1426     if (p_rec == NULL)
   1427     {
   1428         BTM_TRACE_WARNING ("btm_ble_set_encryption (NULL device record!! sec_act=0x%x", sec_act);
   1429         return(BTM_WRONG_MODE);
   1430     }
   1431 
   1432     BTM_TRACE_DEBUG ("btm_ble_set_encryption sec_act=0x%x role_master=%d", sec_act, p_rec->role_master);
   1433 
   1434     if (sec_act == BTM_BLE_SEC_ENCRYPT_MITM)
   1435     {
   1436         p_rec->security_required |= BTM_SEC_IN_MITM;
   1437     }
   1438 
   1439     switch (sec_act)
   1440     {
   1441         case BTM_BLE_SEC_ENCRYPT:
   1442             if (link_role == BTM_ROLE_MASTER)
   1443             {
   1444                     /* start link layer encryption using the security info stored */
   1445                 cmd = btm_ble_start_encrypt(bd_addr, FALSE, NULL);
   1446                 break;
   1447             }
   1448             /* if salve role then fall through to call SMP_Pair below which will send a
   1449                sec_request to request the master to encrypt the link */
   1450         case BTM_BLE_SEC_ENCRYPT_NO_MITM:
   1451         case BTM_BLE_SEC_ENCRYPT_MITM:
   1452             auth_req = (sec_act == BTM_BLE_SEC_ENCRYPT_NO_MITM)
   1453                        ? SMP_AUTH_GEN_BOND : (SMP_AUTH_GEN_BOND | SMP_AUTH_YN_BIT);
   1454             btm_ble_link_sec_check (bd_addr, auth_req, &sec_req_act);
   1455             if(sec_req_act == BTM_BLE_SEC_REQ_ACT_NONE || sec_req_act == BTM_BLE_SEC_REQ_ACT_DISCARD)
   1456             {
   1457                 BTM_TRACE_DEBUG("%s, no action needed. Ignore", __func__);
   1458                 cmd = BTM_SUCCESS;
   1459                 break;
   1460             }
   1461             if (link_role == BTM_ROLE_MASTER)
   1462             {
   1463 
   1464                 if (sec_req_act == BTM_BLE_SEC_REQ_ACT_ENCRYPT)
   1465                 {
   1466                    cmd = btm_ble_start_encrypt(bd_addr, FALSE, NULL);
   1467                    break;
   1468                 }
   1469             }
   1470 
   1471             if (SMP_Pair(bd_addr) == SMP_STARTED)
   1472             {
   1473                 cmd = BTM_CMD_STARTED;
   1474                 p_rec->sec_state = BTM_SEC_STATE_AUTHENTICATING;
   1475             }
   1476             break;
   1477 
   1478         default:
   1479             cmd = BTM_WRONG_MODE;
   1480             break;
   1481     }
   1482     return cmd;
   1483 }
   1484 
   1485 /*******************************************************************************
   1486 **
   1487 ** Function         btm_ble_ltk_request
   1488 **
   1489 ** Description      This function is called when encryption request is received
   1490 **                  on a slave device.
   1491 **
   1492 **
   1493 ** Returns          void
   1494 **
   1495 *******************************************************************************/
   1496 void btm_ble_ltk_request(UINT16 handle, UINT8 rand[8], UINT16 ediv)
   1497 {
   1498     tBTM_CB *p_cb = &btm_cb;
   1499     tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev_by_handle (handle);
   1500     BT_OCTET8 dummy_stk = {0};
   1501 
   1502     BTM_TRACE_DEBUG ("btm_ble_ltk_request");
   1503 
   1504     p_cb->ediv = ediv;
   1505 
   1506     memcpy(p_cb->enc_rand, rand, BT_OCTET8_LEN);
   1507 
   1508     if (p_dev_rec != NULL)
   1509     {
   1510         if (!smp_proc_ltk_request(p_dev_rec->bd_addr))
   1511             btm_ble_ltk_request_reply(p_dev_rec->bd_addr, FALSE, dummy_stk);
   1512     }
   1513 
   1514 }
   1515 
   1516 /*******************************************************************************
   1517 **
   1518 ** Function         btm_ble_start_encrypt
   1519 **
   1520 ** Description      This function is called to start LE encryption.
   1521 **
   1522 **
   1523 ** Returns          BTM_SUCCESS if encryption was started successfully
   1524 **
   1525 *******************************************************************************/
   1526 tBTM_STATUS btm_ble_start_encrypt(BD_ADDR bda, BOOLEAN use_stk, BT_OCTET16 stk)
   1527 {
   1528     tBTM_CB *p_cb = &btm_cb;
   1529     tBTM_SEC_DEV_REC    *p_rec = btm_find_dev (bda);
   1530     BT_OCTET8    dummy_rand = {0};
   1531     tBTM_STATUS  rt = BTM_NO_RESOURCES;
   1532 
   1533     BTM_TRACE_DEBUG ("btm_ble_start_encrypt");
   1534 
   1535     if (!p_rec )
   1536     {
   1537         BTM_TRACE_ERROR("Link is not active, can not encrypt!");
   1538         return BTM_WRONG_MODE;
   1539     }
   1540 
   1541     if (p_rec->sec_state == BTM_SEC_STATE_ENCRYPTING)
   1542     {
   1543         BTM_TRACE_WARNING("Link Encryption is active, Busy!");
   1544         return BTM_BUSY;
   1545     }
   1546 
   1547     p_cb->enc_handle = p_rec->ble_hci_handle;
   1548 
   1549     if (use_stk)
   1550     {
   1551         if (btsnd_hcic_ble_start_enc(p_rec->ble_hci_handle, dummy_rand, 0, stk))
   1552             rt = BTM_CMD_STARTED;
   1553     }
   1554     else if (p_rec->ble.key_type & BTM_LE_KEY_PENC)
   1555     {
   1556         if (btsnd_hcic_ble_start_enc(p_rec->ble_hci_handle, p_rec->ble.keys.rand,
   1557                                      p_rec->ble.keys.ediv, p_rec->ble.keys.pltk))
   1558             rt = BTM_CMD_STARTED;
   1559     }
   1560     else
   1561     {
   1562         BTM_TRACE_ERROR("No key available to encrypt the link");
   1563     }
   1564     if (rt == BTM_CMD_STARTED)
   1565     {
   1566         if (p_rec->sec_state == BTM_SEC_STATE_IDLE)
   1567             p_rec->sec_state = BTM_SEC_STATE_ENCRYPTING;
   1568     }
   1569 
   1570     return rt;
   1571 }
   1572 
   1573 /*******************************************************************************
   1574 **
   1575 ** Function         btm_ble_link_encrypted
   1576 **
   1577 ** Description      This function is called when LE link encrption status is changed.
   1578 **
   1579 ** Returns          void
   1580 **
   1581 *******************************************************************************/
   1582 void btm_ble_link_encrypted(BD_ADDR bd_addr, UINT8 encr_enable)
   1583 {
   1584     tBTM_SEC_DEV_REC    *p_dev_rec = btm_find_dev (bd_addr);
   1585     BOOLEAN             enc_cback;
   1586 
   1587     if (!p_dev_rec)
   1588     {
   1589         BTM_TRACE_WARNING ("btm_ble_link_encrypted (No Device Found!) encr_enable=%d", encr_enable);
   1590         return;
   1591     }
   1592 
   1593     BTM_TRACE_DEBUG ("btm_ble_link_encrypted encr_enable=%d", encr_enable);
   1594 
   1595     enc_cback = (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING);
   1596 
   1597     smp_link_encrypted(bd_addr, encr_enable);
   1598 
   1599     BTM_TRACE_DEBUG(" p_dev_rec->sec_flags=0x%x", p_dev_rec->sec_flags);
   1600 
   1601     if (encr_enable && p_dev_rec->enc_key_size == 0)
   1602         p_dev_rec->enc_key_size = p_dev_rec->ble.keys.key_size;
   1603 
   1604     p_dev_rec->sec_state = BTM_SEC_STATE_IDLE;
   1605     if (p_dev_rec->p_callback && enc_cback)
   1606     {
   1607         if (encr_enable)
   1608             btm_sec_dev_rec_cback_event(p_dev_rec, BTM_SUCCESS, TRUE);
   1609         else if (p_dev_rec->role_master)
   1610             btm_sec_dev_rec_cback_event(p_dev_rec, BTM_ERR_PROCESSING, TRUE);
   1611 
   1612     }
   1613     /* to notify GATT to send data if any request is pending */
   1614     gatt_notify_enc_cmpl(p_dev_rec->ble.pseudo_addr);
   1615 }
   1616 
   1617 /*******************************************************************************
   1618 **
   1619 ** Function         btm_ble_ltk_request_reply
   1620 **
   1621 ** Description      This function is called to send a LTK request reply on a slave
   1622 **                  device.
   1623 **
   1624 ** Returns          void
   1625 **
   1626 *******************************************************************************/
   1627 void btm_ble_ltk_request_reply(BD_ADDR bda,  BOOLEAN use_stk, BT_OCTET16 stk)
   1628 {
   1629     tBTM_SEC_DEV_REC    *p_rec = btm_find_dev (bda);
   1630     tBTM_CB *p_cb = &btm_cb;
   1631 
   1632     if (p_rec == NULL)
   1633     {
   1634         BTM_TRACE_ERROR("btm_ble_ltk_request_reply received for unknown device");
   1635         return;
   1636     }
   1637 
   1638     BTM_TRACE_DEBUG ("btm_ble_ltk_request_reply");
   1639     p_cb->enc_handle = p_rec->ble_hci_handle;
   1640     p_cb->key_size = p_rec->ble.keys.key_size;
   1641 
   1642     BTM_TRACE_ERROR("key size = %d", p_rec->ble.keys.key_size);
   1643     if (use_stk)
   1644     {
   1645         btsnd_hcic_ble_ltk_req_reply(btm_cb.enc_handle, stk);
   1646     }
   1647     else /* calculate LTK using peer device  */
   1648     {
   1649         if (p_rec->ble.key_type & BTM_LE_KEY_LENC)
   1650             btsnd_hcic_ble_ltk_req_reply(btm_cb.enc_handle, p_rec->ble.keys.lltk);
   1651         else
   1652             btsnd_hcic_ble_ltk_req_neg_reply(btm_cb.enc_handle);
   1653     }
   1654 }
   1655 
   1656 /*******************************************************************************
   1657 **
   1658 ** Function         btm_ble_io_capabilities_req
   1659 **
   1660 ** Description      This function is called to handle SMP get IO capability request.
   1661 **
   1662 ** Returns          void
   1663 **
   1664 *******************************************************************************/
   1665 UINT8 btm_ble_io_capabilities_req(tBTM_SEC_DEV_REC *p_dev_rec, tBTM_LE_IO_REQ *p_data)
   1666 {
   1667     UINT8           callback_rc = BTM_SUCCESS;
   1668     BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req");
   1669     if (btm_cb.api.p_le_callback)
   1670     {
   1671         /* the callback function implementation may change the IO capability... */
   1672         callback_rc = (*btm_cb.api.p_le_callback) (BTM_LE_IO_REQ_EVT, p_dev_rec->bd_addr, (tBTM_LE_EVT_DATA *)p_data);
   1673     }
   1674     if ((callback_rc == BTM_SUCCESS) || (BTM_OOB_UNKNOWN != p_data->oob_data))
   1675     {
   1676 #if BTM_BLE_CONFORMANCE_TESTING == TRUE
   1677         if (btm_cb.devcb.keep_rfu_in_auth_req)
   1678         {
   1679             BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req keep_rfu_in_auth_req = %u",
   1680                 btm_cb.devcb.keep_rfu_in_auth_req);
   1681             p_data->auth_req &= BTM_LE_AUTH_REQ_MASK_KEEP_RFU;
   1682             btm_cb.devcb.keep_rfu_in_auth_req = FALSE;
   1683         }
   1684         else
   1685         {   /* default */
   1686             p_data->auth_req &= BTM_LE_AUTH_REQ_MASK;
   1687         }
   1688 #else
   1689         p_data->auth_req &= BTM_LE_AUTH_REQ_MASK;
   1690 #endif
   1691 
   1692         BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 1: p_dev_rec->security_required = %d auth_req:%d",
   1693                           p_dev_rec->security_required, p_data->auth_req);
   1694         BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 2: i_keys=0x%x r_keys=0x%x (bit 0-LTK 1-IRK 2-CSRK)",
   1695                           p_data->init_keys,
   1696                           p_data->resp_keys);
   1697 
   1698         /* if authentication requires MITM protection, put on the mask */
   1699         if (p_dev_rec->security_required & BTM_SEC_IN_MITM)
   1700             p_data->auth_req |= BTM_LE_AUTH_REQ_MITM;
   1701 
   1702         if (!(p_data->auth_req & SMP_AUTH_BOND))
   1703         {
   1704             BTM_TRACE_DEBUG("Non bonding: No keys should be exchanged");
   1705             p_data->init_keys = 0;
   1706             p_data->resp_keys = 0;
   1707         }
   1708 
   1709         BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 3: auth_req:%d", p_data->auth_req);
   1710         BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 4: i_keys=0x%x r_keys=0x%x",
   1711                           p_data->init_keys,
   1712                           p_data->resp_keys);
   1713 
   1714         BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 5: p_data->io_cap = %d auth_req:%d",
   1715                           p_data->io_cap, p_data->auth_req);
   1716 
   1717         /* remove MITM protection requirement if IO cap does not allow it */
   1718         if ((p_data->io_cap == BTM_IO_CAP_NONE) && p_data->oob_data == SMP_OOB_NONE)
   1719             p_data->auth_req &= ~BTM_LE_AUTH_REQ_MITM;
   1720 
   1721         if (!(p_data->auth_req & SMP_SC_SUPPORT_BIT))
   1722         {
   1723             /* if Secure Connections are not supported then remove LK derivation,
   1724             ** and keypress notifications.
   1725             */
   1726             BTM_TRACE_DEBUG("%s-SC not supported -> No LK derivation, no keypress notifications",
   1727                             __func__);
   1728             p_data->auth_req &= ~SMP_KP_SUPPORT_BIT;
   1729             p_data->init_keys &= ~SMP_SEC_KEY_TYPE_LK;
   1730             p_data->resp_keys &= ~SMP_SEC_KEY_TYPE_LK;
   1731         }
   1732 
   1733         BTM_TRACE_DEBUG ("btm_ble_io_capabilities_req 6: IO_CAP:%d oob_data:%d auth_req:0x%02x",
   1734                           p_data->io_cap, p_data->oob_data, p_data->auth_req);
   1735     }
   1736     return callback_rc;
   1737 }
   1738 
   1739 /*******************************************************************************
   1740 **
   1741 ** Function         btm_ble_br_keys_req
   1742 **
   1743 ** Description      This function is called to handle SMP request for keys sent
   1744 **                  over BR/EDR.
   1745 **
   1746 ** Returns          void
   1747 **
   1748 *******************************************************************************/
   1749 UINT8 btm_ble_br_keys_req(tBTM_SEC_DEV_REC *p_dev_rec, tBTM_LE_IO_REQ *p_data)
   1750 {
   1751     UINT8           callback_rc = BTM_SUCCESS;
   1752     BTM_TRACE_DEBUG ("%s", __func__);
   1753     if (btm_cb.api.p_le_callback)
   1754     {
   1755         /* the callback function implementation may change the IO capability... */
   1756         callback_rc = (*btm_cb.api.p_le_callback) (BTM_LE_IO_REQ_EVT, p_dev_rec->bd_addr,
   1757                                                   (tBTM_LE_EVT_DATA *)p_data);
   1758     }
   1759 
   1760     return callback_rc;
   1761 }
   1762 
   1763 #if (BLE_PRIVACY_SPT == TRUE )
   1764 /*******************************************************************************
   1765 **
   1766 ** Function         btm_ble_resolve_random_addr_on_conn_cmpl
   1767 **
   1768 ** Description      resolve random address complete on connection complete event.
   1769 **
   1770 ** Returns          void
   1771 **
   1772 *******************************************************************************/
   1773 static void btm_ble_resolve_random_addr_on_conn_cmpl(void * p_rec, void *p_data)
   1774 {
   1775     UINT8   *p = (UINT8 *)p_data;
   1776     tBTM_SEC_DEV_REC    *match_rec = (tBTM_SEC_DEV_REC *) p_rec;
   1777     UINT8       role, bda_type;
   1778     UINT16      handle;
   1779     BD_ADDR     bda;
   1780     UINT16      conn_interval, conn_latency, conn_timeout;
   1781     BOOLEAN     match = FALSE;
   1782 
   1783     ++p;
   1784     STREAM_TO_UINT16   (handle, p);
   1785     STREAM_TO_UINT8    (role, p);
   1786     STREAM_TO_UINT8    (bda_type, p);
   1787     STREAM_TO_BDADDR   (bda, p);
   1788     STREAM_TO_UINT16   (conn_interval, p);
   1789     STREAM_TO_UINT16   (conn_latency, p);
   1790     STREAM_TO_UINT16   (conn_timeout, p);
   1791 
   1792     handle = HCID_GET_HANDLE (handle);
   1793 
   1794     BTM_TRACE_EVENT ("%s", __func__);
   1795 
   1796     if (match_rec)
   1797     {
   1798         LOG_INFO(LOG_TAG, "%s matched and resolved random address", __func__);
   1799         match = TRUE;
   1800         match_rec->ble.active_addr_type = BTM_BLE_ADDR_RRA;
   1801         memcpy(match_rec->ble.cur_rand_addr, bda, BD_ADDR_LEN);
   1802         if (!btm_ble_init_pseudo_addr (match_rec, bda))
   1803         {
   1804             /* assign the original address to be the current report address */
   1805             memcpy(bda, match_rec->ble.pseudo_addr, BD_ADDR_LEN);
   1806         }
   1807         else
   1808         {
   1809             memcpy(bda, match_rec->bd_addr, BD_ADDR_LEN);
   1810         }
   1811     }
   1812     else
   1813     {
   1814         LOG_INFO(LOG_TAG, "%s unable to match and resolve random address", __func__);
   1815     }
   1816 
   1817     btm_ble_connected(bda, handle, HCI_ENCRYPT_MODE_DISABLED, role, bda_type, match);
   1818 
   1819     l2cble_conn_comp (handle, role, bda, bda_type, conn_interval,
   1820                       conn_latency, conn_timeout);
   1821 
   1822     return;
   1823 }
   1824 #endif
   1825 
   1826 /*******************************************************************************
   1827 **
   1828 ** Function         btm_ble_connected
   1829 **
   1830 ** Description      This function is when a LE connection to the peer device is
   1831 **                  establsihed
   1832 **
   1833 ** Returns          void
   1834 **
   1835 *******************************************************************************/
   1836 void btm_ble_connected (UINT8 *bda, UINT16 handle, UINT8 enc_mode, UINT8 role,
   1837                         tBLE_ADDR_TYPE addr_type, BOOLEAN addr_matched)
   1838 {
   1839     tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bda);
   1840     tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb;
   1841     UNUSED(addr_matched);
   1842 
   1843     BTM_TRACE_EVENT ("btm_ble_connected");
   1844 
   1845     /* Commenting out trace due to obf/compilation problems.
   1846     */
   1847 #if (BT_USE_TRACES == TRUE)
   1848     if (p_dev_rec)
   1849     {
   1850         BTM_TRACE_EVENT ("Security Manager: btm_ble_connected :  handle:%d  enc_mode:%d  bda:%x RName:%s",
   1851                           handle,  enc_mode,
   1852                           (bda[2]<<24)+(bda[3]<<16)+(bda[4]<<8)+bda[5],
   1853                           p_dev_rec->sec_bd_name);
   1854 
   1855         BTM_TRACE_DEBUG ("btm_ble_connected sec_flags=0x%x",p_dev_rec->sec_flags);
   1856     }
   1857     else
   1858     {
   1859         BTM_TRACE_EVENT ("Security Manager: btm_ble_connected:   handle:%d  enc_mode:%d  bda:%x ",
   1860                           handle,  enc_mode,
   1861                           (bda[2]<<24)+(bda[3]<<16)+(bda[4]<<8)+bda[5]);
   1862     }
   1863 #endif
   1864 
   1865     if (!p_dev_rec)
   1866     {
   1867         /* There is no device record for new connection.  Allocate one */
   1868         if ((p_dev_rec = btm_sec_alloc_dev (bda)) == NULL)
   1869             return;
   1870     }
   1871     else    /* Update the timestamp for this device */
   1872     {
   1873         p_dev_rec->timestamp = btm_cb.dev_rec_count++;
   1874     }
   1875 
   1876     /* update device information */
   1877     p_dev_rec->device_type |= BT_DEVICE_TYPE_BLE;
   1878     p_dev_rec->ble_hci_handle = handle;
   1879     p_dev_rec->ble.ble_addr_type = addr_type;
   1880     /* update pseudo address */
   1881     memcpy(p_dev_rec->ble.pseudo_addr, bda, BD_ADDR_LEN);
   1882 
   1883     p_dev_rec->role_master = FALSE;
   1884     if (role == HCI_ROLE_MASTER)
   1885         p_dev_rec->role_master = TRUE;
   1886 
   1887 #if (defined BLE_PRIVACY_SPT && BLE_PRIVACY_SPT == TRUE)
   1888     if (!addr_matched)
   1889         p_dev_rec->ble.active_addr_type = BTM_BLE_ADDR_PSEUDO;
   1890 
   1891     if (p_dev_rec->ble.ble_addr_type == BLE_ADDR_RANDOM && !addr_matched)
   1892         memcpy(p_dev_rec->ble.cur_rand_addr, bda, BD_ADDR_LEN);
   1893 #endif
   1894 
   1895     p_cb->inq_var.directed_conn = BTM_BLE_CONNECT_EVT;
   1896 
   1897     return;
   1898 }
   1899 
   1900 /*****************************************************************************
   1901 **  Function        btm_ble_conn_complete
   1902 **
   1903 **  Description     LE connection complete.
   1904 **
   1905 ******************************************************************************/
   1906 void btm_ble_conn_complete(UINT8 *p, UINT16 evt_len, BOOLEAN enhanced)
   1907 {
   1908 #if (BLE_PRIVACY_SPT == TRUE )
   1909     UINT8       *p_data = p, peer_addr_type;
   1910     BD_ADDR     local_rpa, peer_rpa;
   1911 #endif
   1912     UINT8       role, status, bda_type;
   1913     UINT16      handle;
   1914     BD_ADDR     bda;
   1915     UINT16      conn_interval, conn_latency, conn_timeout;
   1916     BOOLEAN     match = FALSE;
   1917     UNUSED(evt_len);
   1918 
   1919     STREAM_TO_UINT8   (status, p);
   1920     STREAM_TO_UINT16   (handle, p);
   1921     STREAM_TO_UINT8    (role, p);
   1922     STREAM_TO_UINT8    (bda_type, p);
   1923     STREAM_TO_BDADDR   (bda, p);
   1924 
   1925     if (status == 0)
   1926     {
   1927 #if (BLE_PRIVACY_SPT == TRUE )
   1928         peer_addr_type = bda_type;
   1929         match = btm_identity_addr_to_random_pseudo (bda, &bda_type, TRUE);
   1930 
   1931         if (enhanced)
   1932         {
   1933             STREAM_TO_BDADDR   (local_rpa, p);
   1934             STREAM_TO_BDADDR   (peer_rpa, p);
   1935         }
   1936 
   1937         /* possiblly receive connection complete with resolvable random while
   1938            the device has been paired */
   1939         if (!match && BTM_BLE_IS_RESOLVE_BDA(bda))
   1940         {
   1941             btm_ble_resolve_random_addr(bda, btm_ble_resolve_random_addr_on_conn_cmpl, p_data);
   1942         }
   1943         else
   1944 #endif
   1945         {
   1946             STREAM_TO_UINT16   (conn_interval, p);
   1947             STREAM_TO_UINT16   (conn_latency, p);
   1948             STREAM_TO_UINT16   (conn_timeout, p);
   1949             handle = HCID_GET_HANDLE (handle);
   1950 
   1951             btm_ble_connected(bda, handle, HCI_ENCRYPT_MODE_DISABLED, role, bda_type, match);
   1952 
   1953             l2cble_conn_comp (handle, role, bda, bda_type, conn_interval,
   1954                               conn_latency, conn_timeout);
   1955 
   1956 #if (BLE_PRIVACY_SPT == TRUE)
   1957             if (enhanced)
   1958             {
   1959                 btm_ble_refresh_local_resolvable_private_addr(bda, local_rpa);
   1960 
   1961                 if (peer_addr_type & BLE_ADDR_TYPE_ID_BIT)
   1962                     btm_ble_refresh_peer_resolvable_private_addr(bda, peer_rpa, BLE_ADDR_RANDOM);
   1963             }
   1964 #endif
   1965         }
   1966     }
   1967     else
   1968     {
   1969         role = HCI_ROLE_UNKNOWN;
   1970         if (status != HCI_ERR_DIRECTED_ADVERTISING_TIMEOUT)
   1971         {
   1972             btm_ble_set_conn_st(BLE_CONN_IDLE);
   1973 #if (defined BLE_PRIVACY_SPT && BLE_PRIVACY_SPT == TRUE)
   1974             btm_ble_disable_resolving_list(BTM_BLE_RL_INIT, TRUE);
   1975 #endif
   1976         }
   1977         else
   1978         {
   1979 #if (defined BLE_PRIVACY_SPT && BLE_PRIVACY_SPT == TRUE)
   1980             btm_cb.ble_ctr_cb.inq_var.adv_mode  = BTM_BLE_ADV_DISABLE;
   1981             btm_ble_disable_resolving_list(BTM_BLE_RL_ADV, TRUE);
   1982 #endif
   1983         }
   1984     }
   1985 
   1986     btm_ble_update_mode_operation(role, bda, status);
   1987 }
   1988 
   1989 /*****************************************************************************
   1990 ** Function btm_ble_create_ll_conn_complete
   1991 **
   1992 ** Description LE connection complete.
   1993 **
   1994 ******************************************************************************/
   1995 void btm_ble_create_ll_conn_complete (UINT8 status)
   1996 {
   1997     if (status != HCI_SUCCESS)
   1998     {
   1999         btm_ble_set_conn_st(BLE_CONN_IDLE);
   2000         btm_ble_update_mode_operation(HCI_ROLE_UNKNOWN, NULL, status);
   2001     }
   2002 }
   2003 /*****************************************************************************
   2004 **  Function        btm_proc_smp_cback
   2005 **
   2006 **  Description     This function is the SMP callback handler.
   2007 **
   2008 ******************************************************************************/
   2009 UINT8 btm_proc_smp_cback(tSMP_EVT event, BD_ADDR bd_addr, tSMP_EVT_DATA *p_data)
   2010 {
   2011     tBTM_SEC_DEV_REC    *p_dev_rec = btm_find_dev (bd_addr);
   2012     UINT8 res = 0;
   2013 
   2014     BTM_TRACE_DEBUG ("btm_proc_smp_cback event = %d", event);
   2015 
   2016     if (p_dev_rec != NULL)
   2017     {
   2018         switch (event)
   2019         {
   2020             case SMP_IO_CAP_REQ_EVT:
   2021                 btm_ble_io_capabilities_req(p_dev_rec, (tBTM_LE_IO_REQ *)&p_data->io_req);
   2022                 break;
   2023 
   2024             case SMP_BR_KEYS_REQ_EVT:
   2025                 btm_ble_br_keys_req(p_dev_rec, (tBTM_LE_IO_REQ *)&p_data->io_req);
   2026                 break;
   2027 
   2028             case SMP_PASSKEY_REQ_EVT:
   2029             case SMP_PASSKEY_NOTIF_EVT:
   2030             case SMP_OOB_REQ_EVT:
   2031             case SMP_NC_REQ_EVT:
   2032             case SMP_SC_OOB_REQ_EVT:
   2033                 /* fall through */
   2034                 p_dev_rec->sec_flags |= BTM_SEC_LE_AUTHENTICATED;
   2035 
   2036             case SMP_SEC_REQUEST_EVT:
   2037                 if (event == SMP_SEC_REQUEST_EVT && btm_cb.pairing_state != BTM_PAIR_STATE_IDLE)
   2038                 {
   2039                     BTM_TRACE_DEBUG("%s: Ignoring SMP Security request", __func__);
   2040                     break;
   2041                 }
   2042                 memcpy (btm_cb.pairing_bda, bd_addr, BD_ADDR_LEN);
   2043                 p_dev_rec->sec_state = BTM_SEC_STATE_AUTHENTICATING;
   2044                 btm_cb.pairing_flags |= BTM_PAIR_FLAGS_LE_ACTIVE;
   2045                 /* fall through */
   2046 
   2047             case SMP_COMPLT_EVT:
   2048                 if (btm_cb.api.p_le_callback)
   2049                 {
   2050                     /* the callback function implementation may change the IO capability... */
   2051                     BTM_TRACE_DEBUG ("btm_cb.api.p_le_callback=0x%x", btm_cb.api.p_le_callback );
   2052                    (*btm_cb.api.p_le_callback) (event, bd_addr, (tBTM_LE_EVT_DATA *)p_data);
   2053                 }
   2054 
   2055                 if (event == SMP_COMPLT_EVT)
   2056                 {
   2057                     BTM_TRACE_DEBUG ("evt=SMP_COMPLT_EVT before update sec_level=0x%x sec_flags=0x%x", p_data->cmplt.sec_level , p_dev_rec->sec_flags );
   2058 
   2059                     res = (p_data->cmplt.reason == SMP_SUCCESS) ? BTM_SUCCESS : BTM_ERR_PROCESSING;
   2060 
   2061                     BTM_TRACE_DEBUG ("after update result=%d sec_level=0x%x sec_flags=0x%x",
   2062                                       res, p_data->cmplt.sec_level , p_dev_rec->sec_flags );
   2063 
   2064                     if (p_data->cmplt.is_pair_cancel && btm_cb.api.p_bond_cancel_cmpl_callback )
   2065                     {
   2066                         BTM_TRACE_DEBUG ("Pairing Cancel completed");
   2067                         (*btm_cb.api.p_bond_cancel_cmpl_callback)(BTM_SUCCESS);
   2068                     }
   2069 #if BTM_BLE_CONFORMANCE_TESTING == TRUE
   2070                     if (res != BTM_SUCCESS)
   2071                     {
   2072                         if (!btm_cb.devcb.no_disc_if_pair_fail && p_data->cmplt.reason != SMP_CONN_TOUT)
   2073                         {
   2074                             BTM_TRACE_DEBUG ("Pairing failed - prepare to remove ACL");
   2075                             l2cu_start_post_bond_timer(p_dev_rec->ble_hci_handle);
   2076                         }
   2077                         else
   2078                         {
   2079                             BTM_TRACE_DEBUG ("Pairing failed - Not Removing ACL");
   2080                             p_dev_rec->sec_state = BTM_SEC_STATE_IDLE;
   2081                         }
   2082                     }
   2083 #else
   2084                     if (res != BTM_SUCCESS && p_data->cmplt.reason != SMP_CONN_TOUT)
   2085                     {
   2086                         BTM_TRACE_DEBUG ("Pairing failed - prepare to remove ACL");
   2087                         l2cu_start_post_bond_timer(p_dev_rec->ble_hci_handle);
   2088                     }
   2089 #endif
   2090 
   2091                     BTM_TRACE_DEBUG ("btm_cb pairing_state=%x pairing_flags=%x pin_code_len=%x",
   2092                                       btm_cb.pairing_state,
   2093                                       btm_cb.pairing_flags,
   2094                                       btm_cb.pin_code_len  );
   2095                     BTM_TRACE_DEBUG ("btm_cb.pairing_bda %02x:%02x:%02x:%02x:%02x:%02x",
   2096                                       btm_cb.pairing_bda[0], btm_cb.pairing_bda[1], btm_cb.pairing_bda[2],
   2097                                       btm_cb.pairing_bda[3], btm_cb.pairing_bda[4], btm_cb.pairing_bda[5]);
   2098 
   2099                     /* Reset btm state only if the callback address matches pairing address*/
   2100                     if(memcmp(bd_addr, btm_cb.pairing_bda, BD_ADDR_LEN) == 0)
   2101                     {
   2102                         memset (btm_cb.pairing_bda, 0xff, BD_ADDR_LEN);
   2103                         btm_cb.pairing_state = BTM_PAIR_STATE_IDLE;
   2104                         btm_cb.pairing_flags = 0;
   2105                     }
   2106 
   2107                     if (res == BTM_SUCCESS)
   2108                     {
   2109                         p_dev_rec->sec_state = BTM_SEC_STATE_IDLE;
   2110 #if (defined BLE_PRIVACY_SPT && BLE_PRIVACY_SPT == TRUE)
   2111                         /* add all bonded device into resolving list if IRK is available*/
   2112                         btm_ble_resolving_list_load_dev(p_dev_rec);
   2113 #endif
   2114                     }
   2115 
   2116                     btm_sec_dev_rec_cback_event(p_dev_rec, res, TRUE);
   2117                 }
   2118                 break;
   2119 
   2120             default:
   2121                 BTM_TRACE_DEBUG ("unknown event = %d", event);
   2122                 break;
   2123 
   2124         }
   2125     }
   2126     else
   2127     {
   2128         BTM_TRACE_ERROR("btm_proc_smp_cback received for unknown device");
   2129     }
   2130 
   2131     return 0;
   2132 }
   2133 
   2134     #endif  /* SMP_INCLUDED */
   2135 
   2136 /*******************************************************************************
   2137 **
   2138 ** Function         BTM_BleDataSignature
   2139 **
   2140 ** Description      This function is called to sign the data using AES128 CMAC
   2141 **                  algorith.
   2142 **
   2143 ** Parameter        bd_addr: target device the data to be signed for.
   2144 **                  p_text: singing data
   2145 **                  len: length of the data to be signed.
   2146 **                  signature: output parameter where data signature is going to
   2147 **                             be stored.
   2148 **
   2149 ** Returns          TRUE if signing sucessul, otherwise FALSE.
   2150 **
   2151 *******************************************************************************/
   2152 BOOLEAN BTM_BleDataSignature (BD_ADDR bd_addr, UINT8 *p_text, UINT16 len,
   2153                               BLE_SIGNATURE signature)
   2154 {
   2155     tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr);
   2156 
   2157     BTM_TRACE_DEBUG ("%s", __func__);
   2158     BOOLEAN ret = FALSE;
   2159     if (p_rec == NULL)
   2160     {
   2161         BTM_TRACE_ERROR("%s-data signing can not be done from unknown device", __func__);
   2162     }
   2163     else
   2164     {
   2165         UINT8 *p_mac = (UINT8 *)signature;
   2166         UINT8 *pp;
   2167         UINT8 *p_buf = (UINT8 *)osi_malloc(len + 4);
   2168 
   2169         BTM_TRACE_DEBUG("%s-Start to generate Local CSRK", __func__);
   2170         pp = p_buf;
   2171         /* prepare plain text */
   2172         if (p_text) {
   2173             memcpy(p_buf, p_text, len);
   2174             pp = (p_buf + len);
   2175         }
   2176 
   2177         UINT32_TO_STREAM(pp, p_rec->ble.keys.local_counter);
   2178         UINT32_TO_STREAM(p_mac, p_rec->ble.keys.local_counter);
   2179 
   2180         if ((ret = aes_cipher_msg_auth_code(p_rec->ble.keys.lcsrk, p_buf, (UINT16)(len + 4),
   2181                                             BTM_CMAC_TLEN_SIZE, p_mac)) == TRUE) {
   2182             btm_ble_increment_sign_ctr(bd_addr, TRUE);
   2183         }
   2184 
   2185         BTM_TRACE_DEBUG("%s p_mac = %d", __func__, p_mac);
   2186         BTM_TRACE_DEBUG("p_mac[0] = 0x%02x p_mac[1] = 0x%02x p_mac[2] = 0x%02x p_mac[3] = 0x%02x",
   2187                         *p_mac, *(p_mac + 1), *(p_mac + 2), *(p_mac + 3));
   2188         BTM_TRACE_DEBUG("p_mac[4] = 0x%02x p_mac[5] = 0x%02x p_mac[6] = 0x%02x p_mac[7] = 0x%02x",
   2189                         *(p_mac + 4), *(p_mac + 5), *(p_mac + 6), *(p_mac + 7));
   2190         osi_free(p_buf);
   2191     }
   2192     return ret;
   2193 }
   2194 
   2195 /*******************************************************************************
   2196 **
   2197 ** Function         BTM_BleVerifySignature
   2198 **
   2199 ** Description      This function is called to verify the data signature
   2200 **
   2201 ** Parameter        bd_addr: target device the data to be signed for.
   2202 **                  p_orig:  original data before signature.
   2203 **                  len: length of the signing data
   2204 **                  counter: counter used when doing data signing
   2205 **                  p_comp: signature to be compared against.
   2206 
   2207 ** Returns          TRUE if signature verified correctly; otherwise FALSE.
   2208 **
   2209 *******************************************************************************/
   2210 BOOLEAN BTM_BleVerifySignature (BD_ADDR bd_addr, UINT8 *p_orig, UINT16 len, UINT32 counter,
   2211                                 UINT8 *p_comp)
   2212 {
   2213     BOOLEAN verified = FALSE;
   2214 #if SMP_INCLUDED == TRUE
   2215     tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr);
   2216     UINT8 p_mac[BTM_CMAC_TLEN_SIZE];
   2217 
   2218     if (p_rec == NULL || (p_rec && !(p_rec->ble.key_type & BTM_LE_KEY_PCSRK)))
   2219     {
   2220         BTM_TRACE_ERROR("can not verify signature for unknown device");
   2221     }
   2222     else if (counter < p_rec->ble.keys.counter)
   2223     {
   2224         BTM_TRACE_ERROR("signature received with out dated sign counter");
   2225     }
   2226     else if (p_orig == NULL)
   2227     {
   2228         BTM_TRACE_ERROR("No signature to verify");
   2229     }
   2230     else
   2231     {
   2232         BTM_TRACE_DEBUG ("%s rcv_cnt=%d >= expected_cnt=%d", __func__, counter,
   2233                           p_rec->ble.keys.counter);
   2234 
   2235         if (aes_cipher_msg_auth_code(p_rec->ble.keys.pcsrk, p_orig, len, BTM_CMAC_TLEN_SIZE, p_mac))
   2236         {
   2237             if (memcmp(p_mac, p_comp, BTM_CMAC_TLEN_SIZE) == 0)
   2238             {
   2239                 btm_ble_increment_sign_ctr(bd_addr, FALSE);
   2240                 verified = TRUE;
   2241             }
   2242         }
   2243     }
   2244 #endif  /* SMP_INCLUDED */
   2245     return verified;
   2246 }
   2247 
   2248 /*******************************************************************************
   2249 **
   2250 ** Function         BTM_GetLeSecurityState
   2251 **
   2252 ** Description      This function is called to get security mode 1 flags and
   2253 **                  encryption key size for LE peer.
   2254 **
   2255 ** Returns          BOOLEAN TRUE if LE device is found, FALSE otherwise.
   2256 **
   2257 *******************************************************************************/
   2258 BOOLEAN BTM_GetLeSecurityState (BD_ADDR bd_addr, UINT8 *p_le_dev_sec_flags, UINT8 *p_le_key_size)
   2259 {
   2260 #if (BLE_INCLUDED == TRUE)
   2261     tBTM_SEC_DEV_REC *p_dev_rec;
   2262     UINT16 dev_rec_sec_flags;
   2263 #endif
   2264 
   2265     *p_le_dev_sec_flags = 0;
   2266     *p_le_key_size = 0;
   2267 
   2268 #if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
   2269     if ((p_dev_rec = btm_find_dev (bd_addr)) == NULL)
   2270     {
   2271         BTM_TRACE_ERROR ("%s fails", __func__);
   2272         return (FALSE);
   2273     }
   2274 
   2275     if (p_dev_rec->ble_hci_handle == BTM_SEC_INVALID_HANDLE) {
   2276         BTM_TRACE_ERROR ("%s-this is not LE device", __func__);
   2277         return (FALSE);
   2278     }
   2279 
   2280     dev_rec_sec_flags = p_dev_rec->sec_flags;
   2281 
   2282     if (dev_rec_sec_flags & BTM_SEC_LE_ENCRYPTED)
   2283     {
   2284         /* link is encrypted with LTK or STK */
   2285         *p_le_key_size = p_dev_rec->enc_key_size;
   2286         *p_le_dev_sec_flags |= BTM_SEC_LE_LINK_ENCRYPTED;
   2287 
   2288         *p_le_dev_sec_flags |= (dev_rec_sec_flags & BTM_SEC_LE_AUTHENTICATED)
   2289             ? BTM_SEC_LE_LINK_PAIRED_WITH_MITM      /* set auth LTK flag */
   2290             : BTM_SEC_LE_LINK_PAIRED_WITHOUT_MITM;  /* set unauth LTK flag */
   2291     }
   2292     else if (p_dev_rec->ble.key_type & BTM_LE_KEY_PENC)
   2293     {
   2294         /* link is unencrypted, still LTK is available */
   2295         *p_le_key_size = p_dev_rec->ble.keys.key_size;
   2296 
   2297         *p_le_dev_sec_flags |= (dev_rec_sec_flags & BTM_SEC_LE_LINK_KEY_AUTHED)
   2298             ? BTM_SEC_LE_LINK_PAIRED_WITH_MITM      /* set auth LTK flag */
   2299             : BTM_SEC_LE_LINK_PAIRED_WITHOUT_MITM;  /* set unauth LTK flag */
   2300     }
   2301 
   2302     BTM_TRACE_DEBUG ("%s - le_dev_sec_flags: 0x%02x, le_key_size: %d",
   2303         __func__, *p_le_dev_sec_flags, *p_le_key_size);
   2304 
   2305     return TRUE;
   2306 #else
   2307     return FALSE;
   2308 #endif
   2309 }
   2310 
   2311 /*******************************************************************************
   2312 **
   2313 ** Function         BTM_BleSecurityProcedureIsRunning
   2314 **
   2315 ** Description      This function indicates if LE security procedure is
   2316 **                  currently running with the peer.
   2317 **
   2318 ** Returns          BOOLEAN TRUE if security procedure is running, FALSE otherwise.
   2319 **
   2320 *******************************************************************************/
   2321 BOOLEAN BTM_BleSecurityProcedureIsRunning(BD_ADDR bd_addr)
   2322 {
   2323 #if (BLE_INCLUDED == TRUE)
   2324     tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
   2325 
   2326     if (p_dev_rec == NULL)
   2327     {
   2328         BTM_TRACE_ERROR ("%s device with BDA: %08x%04x is not found",
   2329                           __func__, (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3],
   2330                           (bd_addr[4]<<8)+bd_addr[5]);
   2331         return FALSE;
   2332     }
   2333 
   2334     return (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING ||
   2335             p_dev_rec->sec_state == BTM_SEC_STATE_AUTHENTICATING);
   2336 #else
   2337     return FALSE;
   2338 #endif
   2339 }
   2340 
   2341 /*******************************************************************************
   2342 **
   2343 ** Function         BTM_BleGetSupportedKeySize
   2344 **
   2345 ** Description      This function gets the maximum encryption key size in bytes
   2346 **                  the local device can suport.
   2347 **                  record.
   2348 **
   2349 ** Returns          the key size or 0 if the size can't be retrieved.
   2350 **
   2351 *******************************************************************************/
   2352 extern UINT8 BTM_BleGetSupportedKeySize (BD_ADDR bd_addr)
   2353 {
   2354 #if ((BLE_INCLUDED == TRUE) && (L2CAP_LE_COC_INCLUDED == TRUE))
   2355     tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
   2356     tBTM_LE_IO_REQ dev_io_cfg;
   2357     UINT8 callback_rc;
   2358 
   2359     if (!p_dev_rec)
   2360     {
   2361         BTM_TRACE_ERROR ("%s device with BDA: %08x%04x is not found",
   2362                          __func__,(bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3],
   2363                           (bd_addr[4]<<8)+bd_addr[5]);
   2364         return 0;
   2365     }
   2366 
   2367     if (btm_cb.api.p_le_callback == NULL)
   2368     {
   2369         BTM_TRACE_ERROR ("%s can't access supported key size",__func__);
   2370         return 0;
   2371     }
   2372 
   2373     callback_rc = (*btm_cb.api.p_le_callback) (BTM_LE_IO_REQ_EVT, p_dev_rec->bd_addr,
   2374                                                (tBTM_LE_EVT_DATA *) &dev_io_cfg);
   2375 
   2376     if (callback_rc != BTM_SUCCESS)
   2377     {
   2378         BTM_TRACE_ERROR ("%s can't access supported key size",__func__);
   2379         return 0;
   2380     }
   2381 
   2382     BTM_TRACE_DEBUG ("%s device supports key size = %d", __func__, dev_io_cfg.max_key_size);
   2383     return (dev_io_cfg.max_key_size);
   2384 #else
   2385     return 0;
   2386 #endif
   2387 }
   2388 
   2389 /*******************************************************************************
   2390 **  Utility functions for LE device IR/ER generation
   2391 *******************************************************************************/
   2392 /*******************************************************************************
   2393 **
   2394 ** Function         btm_notify_new_key
   2395 **
   2396 ** Description      This function is to notify application new keys have been
   2397 **                  generated.
   2398 **
   2399 ** Returns          void
   2400 **
   2401 *******************************************************************************/
   2402 static void btm_notify_new_key(UINT8 key_type)
   2403 {
   2404     tBTM_BLE_LOCAL_KEYS *p_locak_keys = NULL;
   2405 
   2406     BTM_TRACE_DEBUG ("btm_notify_new_key key_type=%d", key_type);
   2407 
   2408     if (btm_cb.api.p_le_key_callback)
   2409     {
   2410         switch (key_type)
   2411         {
   2412             case BTM_BLE_KEY_TYPE_ID:
   2413                 BTM_TRACE_DEBUG ("BTM_BLE_KEY_TYPE_ID");
   2414                 p_locak_keys = (tBTM_BLE_LOCAL_KEYS *)&btm_cb.devcb.id_keys;
   2415                 break;
   2416 
   2417             case BTM_BLE_KEY_TYPE_ER:
   2418                 BTM_TRACE_DEBUG ("BTM_BLE_KEY_TYPE_ER");
   2419                 p_locak_keys = (tBTM_BLE_LOCAL_KEYS *)&btm_cb.devcb.ble_encryption_key_value;
   2420                 break;
   2421 
   2422             default:
   2423                 BTM_TRACE_ERROR("unknown key type: %d", key_type);
   2424                 break;
   2425         }
   2426         if (p_locak_keys != NULL)
   2427             (*btm_cb.api.p_le_key_callback) (key_type, p_locak_keys);
   2428     }
   2429 }
   2430 
   2431 /*******************************************************************************
   2432 **
   2433 ** Function         btm_ble_process_er2
   2434 **
   2435 ** Description      This function is called when ER is generated, store it in
   2436 **                  local control block.
   2437 **
   2438 ** Returns          void
   2439 **
   2440 *******************************************************************************/
   2441 static void btm_ble_process_er2(tBTM_RAND_ENC *p)
   2442 {
   2443     BTM_TRACE_DEBUG ("btm_ble_process_er2");
   2444 
   2445     if (p &&p->opcode == HCI_BLE_RAND)
   2446     {
   2447         memcpy(&btm_cb.devcb.ble_encryption_key_value[8], p->param_buf, BT_OCTET8_LEN);
   2448         btm_notify_new_key(BTM_BLE_KEY_TYPE_ER);
   2449     }
   2450     else
   2451     {
   2452         BTM_TRACE_ERROR("Generating ER2 exception.");
   2453         memset(&btm_cb.devcb.ble_encryption_key_value, 0, sizeof(BT_OCTET16));
   2454     }
   2455 }
   2456 
   2457 /*******************************************************************************
   2458 **
   2459 ** Function         btm_ble_process_er
   2460 **
   2461 ** Description      This function is called when ER is generated, store it in
   2462 **                  local control block.
   2463 **
   2464 ** Returns          void
   2465 **
   2466 *******************************************************************************/
   2467 static void btm_ble_process_er(tBTM_RAND_ENC *p)
   2468 {
   2469     BTM_TRACE_DEBUG ("btm_ble_process_er");
   2470 
   2471     if (p &&p->opcode == HCI_BLE_RAND)
   2472     {
   2473         memcpy(&btm_cb.devcb.ble_encryption_key_value[0], p->param_buf, BT_OCTET8_LEN);
   2474 
   2475         if (!btsnd_hcic_ble_rand((void *)btm_ble_process_er2))
   2476         {
   2477             memset(&btm_cb.devcb.ble_encryption_key_value, 0, sizeof(BT_OCTET16));
   2478             BTM_TRACE_ERROR("Generating ER2 failed.");
   2479         }
   2480     }
   2481     else
   2482     {
   2483         BTM_TRACE_ERROR("Generating ER1 exception.");
   2484     }
   2485 }
   2486 
   2487 /*******************************************************************************
   2488 **
   2489 ** Function         btm_ble_process_irk
   2490 **
   2491 ** Description      This function is called when IRK is generated, store it in
   2492 **                  local control block.
   2493 **
   2494 ** Returns          void
   2495 **
   2496 *******************************************************************************/
   2497 static void btm_ble_process_irk(tSMP_ENC *p)
   2498 {
   2499     BTM_TRACE_DEBUG ("btm_ble_process_irk");
   2500     if (p &&p->opcode == HCI_BLE_ENCRYPT)
   2501     {
   2502         memcpy(btm_cb.devcb.id_keys.irk, p->param_buf, BT_OCTET16_LEN);
   2503         btm_notify_new_key(BTM_BLE_KEY_TYPE_ID);
   2504 
   2505 #if BLE_PRIVACY_SPT == TRUE
   2506         /* if privacy is enabled, new RPA should be calculated */
   2507         if (btm_cb.ble_ctr_cb.privacy_mode != BTM_PRIVACY_NONE)
   2508         {
   2509             btm_gen_resolvable_private_addr((void *)btm_gen_resolve_paddr_low);
   2510         }
   2511 #endif
   2512     }
   2513     else
   2514     {
   2515         BTM_TRACE_ERROR("Generating IRK exception.");
   2516     }
   2517 
   2518     /* proceed generate ER */
   2519     if (!btsnd_hcic_ble_rand((void *)btm_ble_process_er))
   2520     {
   2521         BTM_TRACE_ERROR("Generating ER failed.");
   2522     }
   2523 }
   2524 
   2525 /*******************************************************************************
   2526 **
   2527 ** Function         btm_ble_process_dhk
   2528 **
   2529 ** Description      This function is called when DHK is calculated, store it in
   2530 **                  local control block, and proceed to generate ER, a 128-bits
   2531 **                  random number.
   2532 **
   2533 ** Returns          void
   2534 **
   2535 *******************************************************************************/
   2536 static void btm_ble_process_dhk(tSMP_ENC *p)
   2537 {
   2538 #if SMP_INCLUDED == TRUE
   2539     UINT8 btm_ble_irk_pt = 0x01;
   2540     tSMP_ENC output;
   2541 
   2542     BTM_TRACE_DEBUG ("btm_ble_process_dhk");
   2543 
   2544     if (p && p->opcode == HCI_BLE_ENCRYPT)
   2545     {
   2546         memcpy(btm_cb.devcb.id_keys.dhk, p->param_buf, BT_OCTET16_LEN);
   2547         BTM_TRACE_DEBUG("BLE DHK generated.");
   2548 
   2549         /* IRK = D1(IR, 1) */
   2550         if (!SMP_Encrypt(btm_cb.devcb.id_keys.ir, BT_OCTET16_LEN, &btm_ble_irk_pt,
   2551                          1,   &output))
   2552         {
   2553             /* reset all identity root related key */
   2554             memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
   2555         }
   2556         else
   2557         {
   2558             btm_ble_process_irk(&output);
   2559         }
   2560     }
   2561     else
   2562     {
   2563         /* reset all identity root related key */
   2564         memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
   2565     }
   2566 #endif
   2567 }
   2568 
   2569 /*******************************************************************************
   2570 **
   2571 ** Function         btm_ble_process_ir2
   2572 **
   2573 ** Description      This function is called when IR is generated, proceed to calculate
   2574 **                  DHK = Eir({0x03, 0, 0 ...})
   2575 **
   2576 **
   2577 ** Returns          void
   2578 **
   2579 *******************************************************************************/
   2580 static void btm_ble_process_ir2(tBTM_RAND_ENC *p)
   2581 {
   2582 #if SMP_INCLUDED == TRUE
   2583     UINT8 btm_ble_dhk_pt = 0x03;
   2584     tSMP_ENC output;
   2585 
   2586     BTM_TRACE_DEBUG ("btm_ble_process_ir2");
   2587 
   2588     if (p && p->opcode == HCI_BLE_RAND)
   2589     {
   2590         /* remembering in control block */
   2591         memcpy(&btm_cb.devcb.id_keys.ir[8], p->param_buf, BT_OCTET8_LEN);
   2592         /* generate DHK= Eir({0x03, 0x00, 0x00 ...}) */
   2593 
   2594         SMP_Encrypt(btm_cb.devcb.id_keys.ir, BT_OCTET16_LEN, &btm_ble_dhk_pt,
   2595                     1, &output);
   2596         btm_ble_process_dhk(&output);
   2597 
   2598         BTM_TRACE_DEBUG("BLE IR generated.");
   2599     }
   2600     else
   2601     {
   2602         memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
   2603     }
   2604 #endif
   2605 }
   2606 
   2607 /*******************************************************************************
   2608 **
   2609 ** Function         btm_ble_process_ir
   2610 **
   2611 ** Description      This function is called when IR is generated, proceed to calculate
   2612 **                  DHK = Eir({0x02, 0, 0 ...})
   2613 **
   2614 **
   2615 ** Returns          void
   2616 **
   2617 *******************************************************************************/
   2618 static void btm_ble_process_ir(tBTM_RAND_ENC *p)
   2619 {
   2620     BTM_TRACE_DEBUG ("btm_ble_process_ir");
   2621 
   2622     if (p && p->opcode == HCI_BLE_RAND)
   2623     {
   2624         /* remembering in control block */
   2625         memcpy(btm_cb.devcb.id_keys.ir, p->param_buf, BT_OCTET8_LEN);
   2626 
   2627         if (!btsnd_hcic_ble_rand((void *)btm_ble_process_ir2))
   2628         {
   2629             BTM_TRACE_ERROR("Generating IR2 failed.");
   2630             memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS));
   2631         }
   2632     }
   2633 }
   2634 
   2635 /*******************************************************************************
   2636 **
   2637 ** Function         btm_ble_reset_id
   2638 **
   2639 ** Description      This function is called to reset LE device identity.
   2640 **
   2641 ** Returns          void
   2642 **
   2643 *******************************************************************************/
   2644 void btm_ble_reset_id( void )
   2645 {
   2646     BTM_TRACE_DEBUG ("btm_ble_reset_id");
   2647 
   2648     /* regenrate Identity Root*/
   2649     if (!btsnd_hcic_ble_rand((void *)btm_ble_process_ir))
   2650     {
   2651         BTM_TRACE_DEBUG("Generating IR failed.");
   2652     }
   2653 }
   2654 
   2655     #if BTM_BLE_CONFORMANCE_TESTING == TRUE
   2656 /*******************************************************************************
   2657 **
   2658 ** Function         btm_ble_set_no_disc_if_pair_fail
   2659 **
   2660 ** Description      This function indicates that whether no disconnect of the ACL
   2661 **                  should be used if pairing failed
   2662 **
   2663 ** Returns          void
   2664 **
   2665 *******************************************************************************/
   2666 void btm_ble_set_no_disc_if_pair_fail(BOOLEAN disable_disc )
   2667 {
   2668     BTM_TRACE_DEBUG ("btm_ble_set_disc_enable_if_pair_fail disable_disc=%d", disable_disc);
   2669     btm_cb.devcb.no_disc_if_pair_fail = disable_disc;
   2670 }
   2671 
   2672 /*******************************************************************************
   2673 **
   2674 ** Function         btm_ble_set_test_mac_value
   2675 **
   2676 ** Description      This function set test MAC value
   2677 **
   2678 ** Returns          void
   2679 **
   2680 *******************************************************************************/
   2681 void btm_ble_set_test_mac_value(BOOLEAN enable, UINT8 *p_test_mac_val )
   2682 {
   2683     BTM_TRACE_DEBUG ("btm_ble_set_test_mac_value enable=%d", enable);
   2684     btm_cb.devcb.enable_test_mac_val = enable;
   2685     memcpy(btm_cb.devcb.test_mac, p_test_mac_val, BT_OCTET8_LEN);
   2686 }
   2687 
   2688 /*******************************************************************************
   2689 **
   2690 ** Function         btm_ble_set_test_local_sign_cntr_value
   2691 **
   2692 ** Description      This function set test local sign counter value
   2693 **
   2694 ** Returns          void
   2695 **
   2696 *******************************************************************************/
   2697 void btm_ble_set_test_local_sign_cntr_value(BOOLEAN enable, UINT32 test_local_sign_cntr )
   2698 {
   2699     BTM_TRACE_DEBUG ("btm_ble_set_test_local_sign_cntr_value enable=%d local_sign_cntr=%d",
   2700                       enable, test_local_sign_cntr);
   2701     btm_cb.devcb.enable_test_local_sign_cntr = enable;
   2702     btm_cb.devcb.test_local_sign_cntr =  test_local_sign_cntr;
   2703 }
   2704 
   2705 /*******************************************************************************
   2706 **
   2707 ** Function         btm_set_random_address
   2708 **
   2709 ** Description      This function set a random address to local controller.
   2710 **
   2711 ** Returns          void
   2712 **
   2713 *******************************************************************************/
   2714 void btm_set_random_address(BD_ADDR random_bda)
   2715 {
   2716     tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
   2717     BOOLEAN     adv_mode = btm_cb.ble_ctr_cb.inq_var.adv_mode ;
   2718 
   2719     BTM_TRACE_DEBUG ("btm_set_random_address");
   2720 
   2721     if (adv_mode  == BTM_BLE_ADV_ENABLE)
   2722         btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_DISABLE);
   2723 
   2724     memcpy(p_cb->private_addr, random_bda, BD_ADDR_LEN);
   2725     btsnd_hcic_ble_set_random_addr(p_cb->private_addr);
   2726 
   2727     if (adv_mode  == BTM_BLE_ADV_ENABLE)
   2728         btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_ENABLE);
   2729 
   2730 }
   2731 
   2732 /*******************************************************************************
   2733 **
   2734 ** Function         btm_ble_set_keep_rfu_in_auth_req
   2735 **
   2736 ** Description      This function indicates if RFU bits have to be kept as is
   2737 **                  (by default they have to be set to 0 by the sender).
   2738 **
   2739 ** Returns          void
   2740 **
   2741 *******************************************************************************/
   2742 void btm_ble_set_keep_rfu_in_auth_req(BOOLEAN keep_rfu)
   2743 {
   2744     BTM_TRACE_DEBUG ("btm_ble_set_keep_rfu_in_auth_req keep_rfus=%d", keep_rfu);
   2745     btm_cb.devcb.keep_rfu_in_auth_req = keep_rfu;
   2746 }
   2747 
   2748 #endif /* BTM_BLE_CONFORMANCE_TESTING */
   2749 
   2750 #endif /* BLE_INCLUDED */
   2751