Merge BT 4.1 features

The features include:
- LE Peripheral Mode
- Link Layer topology (LE Central & Peripheral Concurrency)
- Dual Mode Topology (Ability to choose LE transport when connecting with
other Dual Mode devices)
- Fast advertising Interval
- Limited Discovery Time Changes
- GAP Authentication and Lost Bond
- Dual Mode Addressing
- Common Profile and Service Error Code
- 32 bit UUIDs

Change-Id: Ic6701da4cf6aaa390ff2c8816b43157f36b7fb42

6 files changed, 93 insertions, 13 deletions

diff --git a/stack/smp/aes.c b/stack/smp/aes.c
index 65cddf5..d3d8ff6 100644
--- a/stack/smp/aes.c
+++ b/stack/smp/aes.c
@@ -510,6 +510,7 @@ return_type aes_set_key( const unsigned char key[], length_type keylen, aes_cont
         keylen = 24;
         break;
     case 32:
+    /*    case 256:           length in bits (256 = 8*32) */ 
         keylen = 32;
         break;
     default:
diff --git a/stack/smp/smp_act.c b/stack/smp/smp_act.c
index 47cd2c9..7543eb7 100644
--- a/stack/smp/smp_act.c
+++ b/stack/smp/smp_act.c
@@ -26,6 +26,7 @@
     #include "l2c_api.h"
     #include "smp_int.h"
 
+#define MAX_KEY_DISTRIBUTION_TYPES   3
 
 const UINT8 smp_association_table[2][SMP_IO_CAP_MAX][SMP_IO_CAP_MAX] =
 {
@@ -108,6 +109,7 @@ void smp_send_app_cback(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
         {
             p_cb->loc_auth_req   = cb_data.io_req.auth_req;
             p_cb->loc_io_caps    = cb_data.io_req.io_cap;
+
 #if (defined(BLE_PERIPHERAL_DISPLAYONLY) && (BLE_PERIPHERAL_DISPLAYONLY == TRUE))
             if (p_cb->role == HCI_ROLE_SLAVE)
             {
@@ -165,7 +167,11 @@ void smp_send_pair_req(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
        some peripherals are not able to revert to fast connection parameters
        during the start of service discovery. Connection paramter updates
        get enabled again once service discovery completes. */
-    L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, FALSE);
+    if (L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, FALSE) == FALSE)
+    {
+        SMP_TRACE_ERROR0 ("smp pair failed...!");
+        return;
+    }
 #endif
 
     /* erase all keys when master sends pairing req*/
@@ -616,7 +622,7 @@ void smp_proc_sl_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
 *******************************************************************************/
 void smp_start_enc(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
 {
-    BOOLEAN cmd;
+    tBTM_STATUS cmd;
     UINT8 reason = SMP_ENC_FAIL;
 
     SMP_TRACE_DEBUG0 ("smp_start_enc ");
@@ -625,7 +631,7 @@ void smp_start_enc(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
     else
         cmd = btm_ble_start_encrypt(p_cb->pairing_bda, FALSE, NULL);
 
-    if (!cmd)
+    if (cmd != BTM_CMD_STARTED && cmd != BTM_BUSY)
         smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
 
 }
@@ -729,7 +735,7 @@ void smp_key_pick_key(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
     UINT8   i = 0;
 
     SMP_TRACE_DEBUG1 ("smp_key_pick_key key_to_dist=0x%x", key_to_dist);
-    while (i < 3)
+    while (i < MAX_KEY_DISTRIBUTION_TYPES)
     {
         SMP_TRACE_DEBUG2("key to send = %02x, i = %d",  key_to_dist, i);
 
@@ -899,6 +905,7 @@ void smp_pairing_cmpl(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
 
     SMP_TRACE_DEBUG0 ("smp_pairing_cmpl ");
 
+    (void)L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, TRUE);
     if ((p_cb->status == SMP_SUCCESS) ||
         (p_cb->status <= SMP_REPEATED_ATTEMPTS && p_cb->status != SMP_SUCCESS))
     {
@@ -960,6 +967,18 @@ void smp_idle_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
         smp_proc_pairing_cmpl(p_cb);
     }
 }
+
+/*******************************************************************************
+** Function     smp_fast_conn_param
+** Description  apply default connection parameter for pairing process
+*******************************************************************************/
+void smp_fast_conn_param(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
+{
+    /* disable connection parameter update */
+    (void)L2CA_EnableUpdateBleConnParams(p_cb->pairing_bda, FALSE);
+}
+
+
 /*******************************************************************************
 **
 ** Function         smp_link_encrypted
diff --git a/stack/smp/smp_int.h b/stack/smp/smp_int.h
index 51cdbb3..70c09a5 100644
--- a/stack/smp/smp_int.h
+++ b/stack/smp/smp_int.h
@@ -202,6 +202,8 @@ typedef struct
     BD_ADDR         local_bda;
     BOOLEAN         is_pair_cancel;
     BOOLEAN         discard_sec_req;
+    UINT8           rcvd_cmd_code;
+    UINT8           rcvd_cmd_len;
 #if SMP_CONFORMANCE_TESTING == TRUE
     BOOLEAN         enable_test_confirm_val;
     BT_OCTET16      test_confirm;
@@ -288,6 +290,8 @@ extern void smp_key_distribution(tSMP_CB *p_cb, tSMP_INT_DATA *p_data);
 extern void smp_proc_srk_info(tSMP_CB *p_cb, tSMP_INT_DATA *p_data);
 extern void smp_generate_csrk(tSMP_CB *p_cb, tSMP_INT_DATA *p_data);
 extern void smp_delay_terminate(tSMP_CB *p_cb, tSMP_INT_DATA *p_data);
+extern void smp_fast_conn_param(tSMP_CB *p_cb, tSMP_INT_DATA *p_data);
+
 /* smp_l2c */
 extern void smp_l2cap_if_init (void);
 
@@ -314,6 +318,7 @@ extern void smp_genenrate_rand_cont(tSMP_CB *p_cb, tSMP_INT_DATA *p_data);
 /* smp main util */
 extern void smp_set_state(tSMP_STATE state);
 extern tSMP_STATE smp_get_state(void);
+extern void smp_reject_unexp_pair_req(BD_ADDR bd_addr);
 
 #endif /* SMP_INT_H */
 
diff --git a/stack/smp/smp_l2c.c b/stack/smp/smp_l2c.c
index 54b78b4..02ec38e 100644
--- a/stack/smp/smp_l2c.c
+++ b/stack/smp/smp_l2c.c
@@ -34,7 +34,7 @@
 
 
 
-static void smp_connect_cback (BD_ADDR bd_addr, BOOLEAN connected, UINT16 reason);
+static void smp_connect_cback (BD_ADDR bd_addr, BOOLEAN connected, UINT16 reason, tBT_TRANSPORT transport);
 static void smp_data_ind (BD_ADDR bd_addr, BT_HDR *p_buf);
 
 /*******************************************************************************
@@ -73,13 +73,20 @@ void smp_l2cap_if_init (void)
 **                      connected (conn = TRUE)/disconnected (conn = FALSE).
 **
 *******************************************************************************/
-static void smp_connect_cback (BD_ADDR bd_addr, BOOLEAN connected, UINT16 reason)
+static void smp_connect_cback (BD_ADDR bd_addr, BOOLEAN connected, UINT16 reason,
+                                    tBT_TRANSPORT transport)
 {
     tSMP_CB   *p_cb = &smp_cb;
     tSMP_INT_DATA   int_data;
 
     SMP_TRACE_EVENT0 ("SMDBG l2c smp_connect_cback ");
 
+    if (transport == BT_TRANSPORT_BR_EDR)
+    {
+        SMP_TRACE_ERROR0 ("smp_connect_cback : Wrong transport");
+        return;
+    }
+
     if (memcmp(bd_addr, p_cb->pairing_bda, BD_ADDR_LEN) == 0)
     {
         SMP_TRACE_EVENT3 ("smp_connect_cback()  for pairing BDA: %08x%04x  Event: %s",
@@ -132,6 +139,13 @@ static void smp_data_ind (BD_ADDR bd_addr, BT_HDR *p_buf)
 
     STREAM_TO_UINT8(cmd, p);
 
+    /* sanity check */
+    if ((SMP_OPCODE_MAX <= cmd) || (cmd == 0))
+    {
+        SMP_TRACE_WARNING1( "Ignore received command with RESERVED code 0x%02x", cmd);
+        GKI_freebuf (p_buf);
+        return;
+    }
 
     /* reject the pairing request if there is an on-going SMP pairing */
     if (SMP_OPCODE_PAIRING_REQ == cmd || SMP_OPCODE_SEC_REQ == cmd)
@@ -143,14 +157,21 @@ static void smp_data_ind (BD_ADDR bd_addr, BT_HDR *p_buf)
         }
         else if (memcmp(&bd_addr[0], p_cb->pairing_bda, BD_ADDR_LEN))
         {
-            p_cb->failure = SMP_PAIR_NOT_SUPPORT;
-            smp_send_cmd(SMP_OPCODE_PAIRING_FAILED, p_cb);
+            GKI_freebuf (p_buf);
+            smp_reject_unexp_pair_req(bd_addr);
+            return;
         }
+        /* else, out of state pairing request/security request received, passed into SM */
     }
 
     if (memcmp(&bd_addr[0], p_cb->pairing_bda, BD_ADDR_LEN) == 0)
     {
-        btu_stop_timer (&p_cb->rsp_timer_ent);
+        if (p_cb->state != SMP_ST_RELEASE_DELAY)
+        {
+            btu_stop_timer (&p_cb->rsp_timer_ent);
+        }
+        p_cb->rcvd_cmd_code = cmd;
+        p_cb->rcvd_cmd_len = (UINT8) p_buf->len;
         smp_sm_event(p_cb, cmd, p);
     }
 
diff --git a/stack/smp/smp_main.c b/stack/smp/smp_main.c
index f8e450c..dd40a71 100644
--- a/stack/smp/smp_main.c
+++ b/stack/smp/smp_main.c
@@ -114,6 +114,8 @@ enum
     SMP_PROC_REL_DELAY,
     SMP_PROC_REL_DELAY_TOUT,
     SMP_DELAY_TERMINATE,
+    SMP_IDLE_TERMINATE,
+    SMP_FAST_CONN_PARAM,
     SMP_SM_NO_ACTION
 };
 
@@ -156,6 +158,8 @@ static const tSMP_ACT smp_sm_action[] =
     smp_proc_release_delay,
     smp_proc_release_delay_tout,
     smp_delay_terminate,
+    smp_idle_terminate,
+    smp_fast_conn_param
 };
 /************ SMP Master FSM State/Event Indirection Table **************/
 static const UINT8 smp_ma_entry_map[][SMP_ST_MAX] =
@@ -176,7 +180,7 @@ static const UINT8 smp_ma_entry_map[][SMP_ST_MAX] =
 /* KEY_READY          */{ 0,    3,     0,      3,     1,   0,    2,   1,    6,     0   },
 /* ENC_CMPL           */{ 0,    0,     0,      0,     0,   0,    0,   2,    0,     0   },
 /* L2C_CONN           */{ 1,    0,     0,      0,     0,   0,    0,   0,    0,     0   },
-/* L2C_DISC           */{ 0x83,	0x83,  0,      0x83,  0x83,0x83, 0x83,0x83, 0x83,  3   },
+/* L2C_DISC           */{ 3,	0x83,  0,      0x83,  0x83,0x83, 0x83,0x83, 0x83,  3   },
 /* IO_RSP             */{ 0,    2,     0,      0,     0,   0,    0,   0,    0,     0   },
 /* SEC_GRANT          */{ 0,    1,     0,      0,     0,   0,    0,   0,    0,     0   },
 /* TK_REQ             */{ 0,    0,     0,      2,     0,   0,    0,   0,    0,     0   },
@@ -198,15 +202,16 @@ static const UINT8 smp_all_table[][SMP_SM_NUM_COLS] = {
 static const UINT8 smp_ma_idle_table[][SMP_SM_NUM_COLS] = {
 /* Event       Action                   Next State */
 /* L2C_CONN */      {SMP_SEND_APP_CBACK,     SMP_SM_NO_ACTION,   SMP_ST_WAIT_APP_RSP},
-/* SEC_REQ  */      {SMP_PROC_SEC_REQ,       SMP_SEND_APP_CBACK, SMP_ST_WAIT_APP_RSP}
+/* SEC_REQ  */      {SMP_PROC_SEC_REQ,       SMP_SEND_APP_CBACK, SMP_ST_WAIT_APP_RSP},
+/* L2C_DISC  */     {SMP_IDLE_TERMINATE,     SMP_SM_NO_ACTION,      SMP_ST_IDLE}
 };
 
 static const UINT8 smp_ma_wait_app_rsp_table[][SMP_SM_NUM_COLS] = {
 /* Event       			                                 Action          Next State */
 /* SEC_GRANT            */ { SMP_PROC_SEC_GRANT,   SMP_SEND_APP_CBACK, SMP_ST_WAIT_APP_RSP},
-/* IO_RSP               */ { SMP_SEND_PAIR_REQ,    SMP_SM_NO_ACTION,   SMP_ST_PAIR_REQ_RSP},
+/* IO_RSP               */ { SMP_SEND_PAIR_REQ,    SMP_FAST_CONN_PARAM,   SMP_ST_PAIR_REQ_RSP},
 /* KEY_READY            */ { SMP_GENERATE_CONFIRM, SMP_SM_NO_ACTION,   SMP_ST_WAIT_CONFIRM},/* TK ready */
-/* ENC_REQ              */ { SMP_START_ENC,        SMP_SM_NO_ACTION,   SMP_ST_ENC_PENDING},/* start enc mode setup */
+/* ENC_REQ              */ { SMP_START_ENC,        SMP_FAST_CONN_PARAM,   SMP_ST_ENC_PENDING},/* start enc mode setup */
 /* DISCARD_SEC_REQ      */ { SMP_PROC_DISCARD,     SMP_SM_NO_ACTION,   SMP_ST_IDLE}
 };
 
diff --git a/stack/smp/smp_utils.c b/stack/smp/smp_utils.c
index dac0cc0..38b2be8 100644
--- a/stack/smp/smp_utils.c
+++ b/stack/smp/smp_utils.c
@@ -621,6 +621,35 @@ void smp_proc_pairing_cmpl(tSMP_CB *p_cb)
     smp_reset_control_value(p_cb);
 }
 
+/*******************************************************************************
+**
+** Function         smp_reject_unexp_pair_req
+**
+** Description      send pairing failure to an unexpected pairing request during
+**                  an active pairing process.
+**
+** Returns          void
+**
+*******************************************************************************/
+void smp_reject_unexp_pair_req(BD_ADDR bd_addr)
+{
+    BT_HDR *p_buf;
+    UINT8   *p;
+
+    if ((p_buf = (BT_HDR *)GKI_getbuf(sizeof(BT_HDR) + SMP_PAIR_FAIL_SIZE + L2CAP_MIN_OFFSET)) != NULL)
+    {
+        p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;
+
+        UINT8_TO_STREAM (p, SMP_OPCODE_PAIRING_FAILED);
+        UINT8_TO_STREAM (p, SMP_PAIR_NOT_SUPPORT);
+
+        p_buf->offset = L2CAP_MIN_OFFSET;
+        p_buf->len = SMP_PAIR_FAIL_SIZE;
+
+        smp_send_msg_to_L2CAP(bd_addr, p_buf);
+    }
+}
+
 #if SMP_CONFORMANCE_TESTING == TRUE
 /*******************************************************************************
 **