Merge changes If72ecdbc,I1bbafbc0 into main am: 1cb39410

static tBTM_STATUS bta_dm_ble_smp_cback(tBTM_LE_EVT event, const RawAddress& bda,

                                        tBTM_LE_EVT_DATA* p_data) {

  tBTM_STATUS status = tBTM_STATUS::BTM_SUCCESS;

  tBTA_DM_SEC sec_event;

  tBTA_DM_SEC sec_event = {};

  log::debug("addr:{},event:{}", bda, ble_evt_to_text(event));

    return tBTM_STATUS::BTM_NOT_AUTHORIZED;

  }

  memset(&sec_event, 0, sizeof(tBTA_DM_SEC));

  switch (event) {

    case BTM_LE_IO_REQ_EVT:

      ble_io_req(bda, &p_data->io_req.io_cap, &p_data->io_req.oob_data, &p_data->io_req.auth_req,

void btm_sec_save_le_key(const RawAddress& bd_addr, tBTM_LE_KEY_TYPE key_type,

                         tBTM_LE_KEY_VALUE* p_keys, bool pass_to_application) {

  tBTM_SEC_DEV_REC* p_rec;

  tBTM_LE_EVT_DATA cb_data;

  log::verbose("key_type=0x{:x} pass_to_application={}", key_type, pass_to_application);

  /* Store the updated key in the device database */

    /* Notify the application that one of the BLE keys has been updated

       If link key is in progress, it will get sent later.*/

    if (pass_to_application && btm_sec_cb.api.p_le_callback) {

    if (pass_to_application) {

      tBTM_LE_EVT_DATA cb_data = {};

      cb_data.key.p_key_value = p_keys;

      cb_data.key.key_type = key_type;

      (*btm_sec_cb.api.p_le_callback)(BTM_LE_KEY_EVT, bd_addr, &cb_data);

      BTM_BLE_SEC_CALLBACK(BTM_LE_KEY_EVT, bd_addr, &cb_data);

    }

    return;

  }

 ******************************************************************************/

static tBTM_STATUS btm_ble_io_capabilities_req(tBTM_SEC_DEV_REC* p_dev_rec,

                                               tBTM_LE_IO_REQ* p_data) {

  tBTM_STATUS callback_rc = tBTM_STATUS::BTM_SUCCESS;

  log::verbose("p_dev_rec->bd_addr:{}", p_dev_rec->bd_addr);

  if (btm_sec_cb.api.p_le_callback) {

    /* the callback function implementation may change the IO capability... */

    callback_rc = (*btm_sec_cb.api.p_le_callback)(BTM_LE_IO_REQ_EVT, p_dev_rec->bd_addr,

    tBTM_STATUS status = (*btm_sec_cb.api.p_le_callback)(BTM_LE_IO_REQ_EVT, p_dev_rec->bd_addr,

                                                         (tBTM_LE_EVT_DATA*)p_data);

    if (status != tBTM_STATUS::BTM_SUCCESS) {

      log::warn("Security callback failed {} for {}", btm_status_text(status), p_dev_rec->bd_addr);

      return status;

    }

  }

  if ((callback_rc == tBTM_STATUS::BTM_SUCCESS) || (BTM_OOB_UNKNOWN != p_data->oob_data)) {

    p_data->auth_req &= BTM_LE_AUTH_REQ_MASK;

  if (BTM_OOB_UNKNOWN == p_data->oob_data) {

    return tBTM_STATUS::BTM_SUCCESS;

  }

  p_data->auth_req &= BTM_LE_AUTH_REQ_MASK;

  log::verbose("1:p_dev_rec->sec_rec.security_required={}, auth_req:{}",

               p_dev_rec->sec_rec.security_required, p_data->auth_req);

  log::verbose("2:i_keys=0x{:x} r_keys=0x{:x} (bit 0-LTK 1-IRK 2-CSRK)", p_data->init_keys,

  log::verbose("6:IO_CAP:{} oob_data:{} auth_req:0x{:02x}", p_data->io_cap, p_data->oob_data,

               p_data->auth_req);

  }

  return callback_rc;

  return tBTM_STATUS::BTM_SUCCESS;

}

/*******************************************************************************

  }

}

/*****************************************************************************

 *  Function        btm_proc_smp_cback

 *

 *  Description     This function is the SMP callback handler.

 *

 *****************************************************************************/

tBTM_STATUS btm_proc_smp_cback(tSMP_EVT event, const RawAddress& bd_addr,

                               const tSMP_EVT_DATA* p_data) {

  log::verbose("bd_addr:{}, event={}", bd_addr, smp_evt_to_text(event));

  if (event == SMP_SC_LOC_OOB_DATA_UP_EVT) {

    btm_sec_cr_loc_oob_data_cback_event(RawAddress{}, p_data->loc_oob_data);

    return tBTM_STATUS::BTM_SUCCESS;

  }

  tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bd_addr);

  tBTM_STATUS res = tBTM_STATUS::BTM_SUCCESS;

  if (p_dev_rec != NULL) {

    switch (event) {

      case SMP_IO_CAP_REQ_EVT:

        btm_ble_io_capabilities_req(p_dev_rec, (tBTM_LE_IO_REQ*)&p_data->io_req);

        break;

      case SMP_BR_KEYS_REQ_EVT:

        btm_ble_br_keys_req(p_dev_rec, (tBTM_LE_IO_REQ*)&p_data->io_req);

        break;

      case SMP_PASSKEY_REQ_EVT:

      case SMP_PASSKEY_NOTIF_EVT:

      case SMP_OOB_REQ_EVT:

      case SMP_NC_REQ_EVT:

      case SMP_SC_OOB_REQ_EVT:

static void btm_ble_user_confirmation_req(const RawAddress& bd_addr, tBTM_SEC_DEV_REC* p_dev_rec,

                                          tBTM_LE_EVT event, tBTM_LE_EVT_DATA* p_data) {

  p_dev_rec->sec_rec.sec_flags |= BTM_SEC_LE_AUTHENTICATED;

        FALLTHROUGH_INTENDED; /* FALLTHROUGH */

  p_dev_rec->sec_rec.le_link = tSECURITY_STATE::AUTHENTICATING;

  btm_sec_cb.pairing_bda = bd_addr;

  btm_sec_cb.pairing_flags |= BTM_PAIR_FLAGS_LE_ACTIVE;

  BTM_BLE_SEC_CALLBACK(event, bd_addr, p_data);

}

      case SMP_CONSENT_REQ_EVT:

      case SMP_SEC_REQUEST_EVT:

        if (event == SMP_SEC_REQUEST_EVT && btm_sec_cb.pairing_state != BTM_PAIR_STATE_IDLE) {

          log::verbose("Ignoring SMP Security request");

          break;

static void btm_ble_sec_req(const RawAddress& bd_addr, tBTM_SEC_DEV_REC* p_dev_rec,

                            tBTM_LE_EVT_DATA* p_data) {

  if (btm_sec_cb.pairing_state != BTM_PAIR_STATE_IDLE) {

    log::warn("Ignoring SMP Security request");

    return;

  }

  btm_sec_cb.pairing_bda = bd_addr;

        if (event != SMP_CONSENT_REQ_EVT) {

  p_dev_rec->sec_rec.le_link = tSECURITY_STATE::AUTHENTICATING;

        }

  btm_sec_cb.pairing_flags |= BTM_PAIR_FLAGS_LE_ACTIVE;

        FALLTHROUGH_INTENDED; /* FALLTHROUGH */

      case SMP_COMPLT_EVT:

        if (btm_sec_cb.api.p_le_callback) {

          /* the callback function implementation may change the IO

           * capability... */

          log::verbose("btm_sec_cb.api.p_le_callback=0x{}", fmt::ptr(btm_sec_cb.api.p_le_callback));

          (*btm_sec_cb.api.p_le_callback)(static_cast<tBTM_LE_EVT>(event), bd_addr,

                                          (tBTM_LE_EVT_DATA*)p_data);

  BTM_BLE_SEC_CALLBACK(BTM_LE_SEC_REQUEST_EVT, bd_addr, p_data);

}

        if (event == SMP_COMPLT_EVT) {

          p_dev_rec = btm_find_dev(bd_addr);

          if (p_dev_rec == NULL) {

            log::error("p_dev_rec is NULL");

            return tBTM_STATUS::BTM_SUCCESS;

static void btm_ble_consent_req(const RawAddress& bd_addr, tBTM_LE_EVT_DATA* p_data) {

  btm_sec_cb.pairing_bda = bd_addr;

  btm_sec_cb.pairing_flags |= BTM_PAIR_FLAGS_LE_ACTIVE;

  BTM_BLE_SEC_CALLBACK(BTM_LE_CONSENT_REQ_EVT, bd_addr, p_data);

}

          log::verbose("before update sec_level=0x{:x} sec_flags=0x{:x}", p_data->cmplt.sec_level,

static void btm_ble_complete_evt(const RawAddress& bd_addr, tBTM_SEC_DEV_REC* p_dev_rec,

                                 tBTM_LE_EVT_DATA* p_data) {

  BTM_BLE_SEC_CALLBACK(BTM_LE_COMPLT_EVT, bd_addr, p_data);

  log::verbose("before update sec_level=0x{:x} sec_flags=0x{:x}", p_data->complt.sec_level,

               p_dev_rec->sec_rec.sec_flags);

          res = (p_data->cmplt.reason == SMP_SUCCESS) ? tBTM_STATUS::BTM_SUCCESS

  tBTM_STATUS res = (p_data->complt.reason == SMP_SUCCESS) ? tBTM_STATUS::BTM_SUCCESS

                                                           : tBTM_STATUS::BTM_ERR_PROCESSING;

  log::verbose("after update result={} sec_level=0x{:x} sec_flags=0x{:x}", res,

                       p_data->cmplt.sec_level, p_dev_rec->sec_rec.sec_flags);

               p_data->complt.sec_level, p_dev_rec->sec_rec.sec_flags);

          if (p_data->cmplt.is_pair_cancel && btm_sec_cb.api.p_bond_cancel_cmpl_callback) {

  if (p_data->complt.is_pair_cancel && btm_sec_cb.api.p_bond_cancel_cmpl_callback) {

    log::verbose("Pairing Cancel completed");

    (*btm_sec_cb.api.p_bond_cancel_cmpl_callback)(tBTM_STATUS::BTM_SUCCESS);

  }

          if (res != tBTM_STATUS::BTM_SUCCESS && p_data->cmplt.reason != SMP_CONN_TOUT) {

  if (res != tBTM_STATUS::BTM_SUCCESS && p_data->complt.reason != SMP_CONN_TOUT) {

    log::verbose("Pairing failed - prepare to remove ACL");

    l2cu_start_post_bond_timer(p_dev_rec->ble_hci_handle);

  }

  }

  BD_NAME remote_name = {};

  if (BTM_GetRemoteDeviceName(p_dev_rec->ble.pseudo_addr, remote_name) &&

              interop_match_name(INTEROP_SUSPEND_ATT_TRAFFIC_DURING_PAIRING,

                                 (const char*)remote_name)) {

      interop_match_name(INTEROP_SUSPEND_ATT_TRAFFIC_DURING_PAIRING, (const char*)remote_name)) {

    log::debug("Notifying encryption cmpl delayed due to IOP match");

    btm_ble_notify_enc_cmpl(p_dev_rec->ble.pseudo_addr, true);

  }

  btm_sec_dev_rec_cback_event(p_dev_rec, res, true);

}

static tBTM_STATUS btm_ble_sirk_verification_req(const RawAddress& bd_addr) {

  tBTM_STATUS res = (*btm_sec_cb.api.p_sirk_verification_callback)(bd_addr);

  if (res == tBTM_STATUS::BTM_CMD_STARTED) {

    res = tBTM_STATUS::BTM_SUCCESS;

  } else {

    log::warn("SMP SIRK verification status:{}", btm_status_text(res));

  }

  return res;

}

/*****************************************************************************

 *  Function        btm_proc_smp_cback

 *

 *  Description     This function is the SMP callback handler.

 *

 *****************************************************************************/

tBTM_STATUS btm_proc_smp_cback(tSMP_EVT event, const RawAddress& bd_addr, tSMP_EVT_DATA* p_data) {

  log::verbose("bd_addr:{}, event={}", bd_addr, smp_evt_to_text(event));

  if (event == SMP_SC_LOC_OOB_DATA_UP_EVT) {

    btm_sec_cr_loc_oob_data_cback_event(RawAddress{}, p_data->loc_oob_data);

    return tBTM_STATUS::BTM_SUCCESS;

  }

  tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bd_addr);

  if (p_dev_rec == nullptr) {

    log::warn("Unexpected event '{}' for unknown device.", smp_evt_to_text(event));

    return tBTM_STATUS::BTM_UNKNOWN_ADDR;

  }

  tBTM_STATUS status = tBTM_STATUS::BTM_SUCCESS;

  switch (event) {

    case SMP_IO_CAP_REQ_EVT:

      btm_ble_io_capabilities_req(p_dev_rec, reinterpret_cast<tBTM_LE_IO_REQ*>(&p_data->io_req));

      break;

    case SMP_BR_KEYS_REQ_EVT:

      btm_ble_br_keys_req(p_dev_rec, reinterpret_cast<tBTM_LE_IO_REQ*>(&p_data->io_req));

      break;

    case SMP_PASSKEY_REQ_EVT:

    case SMP_PASSKEY_NOTIF_EVT:

    case SMP_OOB_REQ_EVT:

    case SMP_NC_REQ_EVT:

    case SMP_SC_OOB_REQ_EVT:

      btm_ble_user_confirmation_req(bd_addr, p_dev_rec, static_cast<tBTM_LE_EVT>(event),

                                    reinterpret_cast<tBTM_LE_EVT_DATA*>(p_data));

      break;

    case SMP_SEC_REQUEST_EVT:

      btm_ble_sec_req(bd_addr, p_dev_rec, reinterpret_cast<tBTM_LE_EVT_DATA*>(p_data));

      break;

    case SMP_CONSENT_REQ_EVT:

      btm_ble_consent_req(bd_addr, reinterpret_cast<tBTM_LE_EVT_DATA*>(p_data));

      break;

    case SMP_COMPLT_EVT:

      btm_ble_complete_evt(bd_addr, p_dev_rec, reinterpret_cast<tBTM_LE_EVT_DATA*>(p_data));

      break;

    case SMP_LE_ADDR_ASSOC_EVT:

        if (btm_sec_cb.api.p_le_callback) {

          log::verbose("btm_sec_cb.api.p_le_callback=0x{}", fmt::ptr(btm_sec_cb.api.p_le_callback));

          (*btm_sec_cb.api.p_le_callback)(static_cast<tBTM_LE_EVT>(event), bd_addr,

                                          (tBTM_LE_EVT_DATA*)p_data);

        }

      BTM_BLE_SEC_CALLBACK(static_cast<tBTM_LE_EVT>(event), bd_addr,

                           reinterpret_cast<tBTM_LE_EVT_DATA*>(p_data));

      break;

    case SMP_SIRK_VERIFICATION_REQ_EVT:

        res = (*btm_sec_cb.api.p_sirk_verification_callback)(bd_addr);

        log::debug("SMP SIRK verification result:{}", btm_status_text(res));

        if (res != tBTM_STATUS::BTM_CMD_STARTED) {

          return res;

        }

      status = btm_ble_sirk_verification_req(bd_addr);

      break;

    default:

      log::verbose("unknown event={}", smp_evt_to_text(event));

      break;

  }

  } else {

    log::warn("Unexpected event '{}' for unknown device.", smp_evt_to_text(event));

  }

  return tBTM_STATUS::BTM_SUCCESS;

  return status;

}

/*******************************************************************************

void btm_ble_link_sec_check(const RawAddress& bd_addr, tBTM_LE_AUTH_REQ auth_req,

                            tBTM_BLE_SEC_REQ_ACT* p_sec_req_act);

void btm_ble_ltk_request_reply(const RawAddress& bda, bool use_stk, const Octet16& stk);

tBTM_STATUS btm_proc_smp_cback(tSMP_EVT event, const RawAddress& bd_addr,

                               const tSMP_EVT_DATA* p_data);

tBTM_STATUS btm_proc_smp_cback(tSMP_EVT event, const RawAddress& bd_addr, tSMP_EVT_DATA* p_data);

tBTM_STATUS btm_ble_set_encryption(const RawAddress& bd_addr, tBTM_BLE_SEC_ACT sec_act,

                                   uint8_t link_role);

tBTM_STATUS btm_ble_start_encrypt(const RawAddress& bda, bool use_stk, Octet16* p_stk);

  tBTM_LE_EVT_DATA evt_data = {

          .local_oob_data = loc_oob_data,

  };

  if (btm_sec_cb.api.p_le_callback) {

    (*btm_sec_cb.api.p_le_callback)(BTM_LE_SC_LOC_OOB_EVT, address, &evt_data);

  }

  BTM_BLE_SEC_CALLBACK(BTM_LE_SC_LOC_OOB_EVT, address, &evt_data);

}

/*******************************************************************************

extern tBTM_SEC_CB btm_sec_cb;

#define BTM_BLE_SEC_CALLBACK(event_, bda_, data_)                                          \

  do {                                                                                     \

    if (btm_sec_cb.api.p_le_callback != nullptr) {                                         \

      tBTM_STATUS status_ = (*btm_sec_cb.api.p_le_callback)((event_), (bda_), (data_));    \

      if (status_ != tBTM_STATUS::BTM_SUCCESS) {                                           \

        log::warn("Security callback failed {} for {}", btm_status_text(status_), (bda_)); \

      }                                                                                    \

    }                                                                                      \

  } while (0)

void BTM_Sec_Init();

void BTM_Sec_Free();