From 536f9994f0de145a66828353297a96197abe1e5c Mon Sep 17 00:00:00 2001
From: "matthias.ringwald@gmail.com"
 <matthias.ringwald@gmail.com@1a0a8af8-31b5-11de-8e0c-53a27eea117e>
Date: Thu, 16 Jan 2014 18:19:38 +0000
Subject: [PATCH] track link keys from PIN request as authenticated

---
 include/btstack/utils.h |  2 +-
 src/hci.c               | 13 ++++++++-----
 src/hci.h               |  5 ++++-
 3 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/include/btstack/utils.h b/include/btstack/utils.h
index aaa23fbb8..0262cf78c 100644
--- a/include/btstack/utils.h
+++ b/include/btstack/utils.h
@@ -65,7 +65,7 @@ typedef uint8_t link_key_t[LINK_KEY_LEN];
 
 typedef enum {
 	LINK_KEY_TYPE_UNAUTHENTICATED,
-	LINK_KEY_TYPE_AUTHENTICATD,
+	LINK_KEY_TYPE_AUTHENTICATED,
 } link_key_type_t;
 
 /**
diff --git a/src/hci.c b/src/hci.c
index 0ba6c4b84..0ab7ee8ee 100644
--- a/src/hci.c
+++ b/src/hci.c
@@ -693,9 +693,8 @@ static void event_handler(uint8_t *packet, int size){
             if (!conn) break;
             if (packet[5]){
                 conn->authentication_flags |= CONNECTION_ENCRYPTED;
-                // @TODO set authentication depending on pairing process
             } else {
-                conn->authentication_flags &= ~(CONNECTION_ENCRYPTED | CONNECTION_AUTHENTICATED);
+                conn->authentication_flags &= ~CONNECTION_ENCRYPTED;
             }
             break;
 
@@ -1226,6 +1225,9 @@ void hci_run(){
             log_info("responding to link key request\n");
             if ( hci_stack.bondable && hci_stack.remote_device_db && hci_stack.remote_device_db->get_link_key( &connection->address, &link_key, &link_key_type)){
                hci_send_cmd(&hci_link_key_request_reply, connection->address, &link_key);
+               if (link_key_type == LINK_KEY_TYPE_AUTHENTICATED){
+                    connectionSetAuthenticationFlags(connection, HAVE_AUTHENTICATED_LINK_KEY);
+               }
             } else {
                hci_send_cmd(&hci_link_key_request_negative_reply, connection->address);
             }
@@ -1524,9 +1526,10 @@ int hci_send_cmd_packet(uint8_t *packet, int size){
     if (IS_COMMAND(packet, hci_link_key_request_negative_reply)){
         hci_add_connection_flags_for_flipped_bd_addr(&packet[3], SENT_LINK_KEY_NEGATIVE_REQUEST);
     }
-    // if (IS_COMMAND(packet, hci_pin_code_request_reply)){
-    //     hci_add_connection_flags_for_flipped_bd_addr(&packet[3], SENT_PIN_CODE_REPLY);
-    // }
+    // Link key generated from PIN implies MITM protecion and authentication
+    if (IS_COMMAND(packet, hci_pin_code_request_reply)){
+        hci_add_connection_flags_for_flipped_bd_addr(&packet[3], HAVE_AUTHENTICATED_LINK_KEY);
+    }
     // if (IS_COMMAND(packet, hci_pin_code_request_negative_reply)){
     //     hci_add_connection_flags_for_flipped_bd_addr(&packet[3], SENT_PIN_CODE_NEGATIVE_REPLY);
     // }
diff --git a/src/hci.h b/src/hci.h
index 082f72b26..d042bc859 100644
--- a/src/hci.h
+++ b/src/hci.h
@@ -214,9 +214,12 @@ typedef enum {
     SEND_USER_CONFIRM_REPLY        = 0x0400,
     RECV_USER_PASSKEY_REQUEST      = 0x0800,
     SEND_USER_PASSKEY_REPLY        = 0x1000,
+
+    // link key
+    HAVE_AUTHENTICATED_LINK_KEY    = 0x2000,
+
     // connection status
     CONNECTION_ENCRYPTED           = 0x2000,
-    CONNECTION_AUTHENTICATED       = 0x4000,
 
     // SENT_PIN_CODE_REPLY            = 0x0080, 
     // SENT_PIN_CODE_NEGATIVE_REPLY   = 0x0100,