Use Case: Certifiation test cases require the LE key upgrade
to happen when the current MITM level of the device has
been upgraded. In that case, a repairing is performed,
leading to more authenticated LTK.
Test Case: TP/SEC/AUT/BV-17-C
Steps:
1. Perform LE pairing between two devices using no MITM.
2. Change the IO capability of the devices, so that a
repair would involve authentication.
3. Reconnect the devices and expect key upgrade.
Failure:
No key upgrade is seen at reconnection and the devices
continue to use the old key.
Fix:
Added changes to re-calulate the requirement of key
upgrade when the LE channel is already encrypted.
Bug:
27852645
Change-Id: If62f334dcf298b2ce9840e95035b4398cb951c84
sec_request to request the master to encrypt the link */
case BTM_BLE_SEC_ENCRYPT_NO_MITM:
case BTM_BLE_SEC_ENCRYPT_MITM:
+ auth_req = (sec_act == BTM_BLE_SEC_ENCRYPT_NO_MITM)
+ ? SMP_AUTH_GEN_BOND : (SMP_AUTH_GEN_BOND | SMP_AUTH_YN_BIT);
+ btm_ble_link_sec_check (bd_addr, auth_req, &sec_req_act);
+ if(sec_req_act == BTM_BLE_SEC_REQ_ACT_NONE || sec_req_act == BTM_BLE_SEC_REQ_ACT_DISCARD)
+ {
+ BTM_TRACE_DEBUG("%s, no action needed. Ignore", __func__);
+ cmd = BTM_SUCCESS;
+ break;
+ }
if (link_role == BTM_ROLE_MASTER)
{
- auth_req = (sec_act == BTM_BLE_SEC_ENCRYPT_NO_MITM)
- ? SMP_AUTH_GEN_BOND : (SMP_AUTH_GEN_BOND | SMP_AUTH_YN_BIT);
- btm_ble_link_sec_check (bd_addr, auth_req, &sec_req_act);
if (sec_req_act == BTM_BLE_SEC_REQ_ACT_ENCRYPT)
{
return(BTM_WRONG_MODE);
}
- if ((transport == BT_TRANSPORT_BR_EDR &&
+ if (transport == BT_TRANSPORT_BR_EDR &&
(p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED))
-#if BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE
- || (transport == BT_TRANSPORT_LE &&
- (p_dev_rec->sec_flags & BTM_SEC_LE_ENCRYPTED))
-#endif
- )
{
BTM_TRACE_EVENT ("Security Manager: BTM_SetEncryption already encrypted");