diff --git a/doc/manual/docs/picts/le_security_flow_control.txt b/doc/manual/docs/picts/le_security_flow_control.txt
index 505db6753..6f7e2b2e4 100644
--- a/doc/manual/docs/picts/le_security_flow_control.txt
+++ b/doc/manual/docs/picts/le_security_flow_control.txt
@@ -1,30 +1,181 @@
@startuml
-title Mandatory Authentication
+title Reactive Authentication in Central Role
+start
+: App on A connects to B;
+: App on A triggers GATT Client request;
+: GATT Client request sent;
+if (GATT Server returns an ATT_ERROR_INSUFFICIENT_X error?) then (yes)
+ if (ENABLE_GATT_CLIENT_PAIRING defined?) then (yes)
+ if (LTK available?) then (yes)
+ : SM_EVENT_REENCRYPTION_STARTED;
+ : start encryption;
+ if (re-encrypted) then (yes)
+ : SM_EVENT_REENCRYPTION_COMPLETE(ERROR_CODE_SUCCESS);
+ : GATT Client request re-sent;
+ #23DB2B : App receives GATT Response;
+ stop
+ else (no)
+ : SM_EVENT_REENCRYPTION_COMPLETE(error);
+ : delete bonding information;
+ endif
+ endif
+ : SM_EVENT_PAIRING_STARTED;
+ : start pairing;
+ if (pairing success?) then (yes)
+ : SM_EVENT_PAIRING_COMPLETE(ERROR_CODE_SUCCESS);
+ : GATT Client request re-sent;
+ #23DB2B : App receives GATT Response;
+ stop
+ else (no)
+ : SM_EVENT_PAIRING_COMPLETE(error);
+ #FD5B41 : App receives a GATT Client error;
+ stop
+ endif
+ else (no)
+ #FD5B41: ATT_QUERY_COMPLETE(ATT_ERROR_INSUFFICIENT_X);
+ stop
+ note left
+ App can trigger pairing and
+ repeat the GATT Client request
+ end note
+ endif
+else (no)
+ #23DB2B : App receives GATT Response;
+ stop
+endif
+@enduml
+
+
+
+@startuml
+title Reactive Authentication in Peripheral Role
+start
+: App on B connects to A;
+: App on A triggers GATT Client request;
+: GATT Client request sent;
+if (GATT Server returns an ATT_ERROR_INSUFFICIENT_X error?) then (yes)
+ if (ENABLE_GATT_CLIENT_PAIRING define?) then (yes)
+ if (LTK available?) then (yes)
+ : SM_EVENT_REENCRYPTION_STARTED;
+ : SM on A sends SECURITY REQUEST;
+ : SM on B should encrypt connection if LTK available;
+ if (re-encrypted) then (yes)
+ : SM_EVENT_REENCRYPTION_COMPLETE(ERROR_CODE_SUCCESS);
+ : GATT Client request re-sent;
+ #23DB2B : App receives GATT Response;
+ stop
+ else (no)
+ : SM_EVENT_REENCRYPTION_COMPLETE(error);
+ : delete bonding information;
+ endif
+ endif
+ : SM_EVENT_PAIRING_STARTED;
+ : SM on A sends SECURITY REQUEST;
+ : SM on B should perform pairing sequence;
+ if (pairing success?) then (yes)
+ : SM_EVENT_PAIRING_COMPLETE(ERROR_CODE_SUCCESS);
+ : GATT Client request re-sent;
+ #23DB2B : App receives GATT Response;
+ stop
+ else (no)
+ : SM_EVENT_PAIRING_COMPLETE(error);
+ #FD5B41 : App receives a GATT Client error;
+ stop
+ endif
+ else (no)
+ #FD5B41: ATT_QUERY_COMPLETE(ATT_ERROR_INSUFFICIENT_X);
+ stop
+ note left
+ App can trigger pairing and
+ repeat the GATT Client request
+ end note
+ endif
+else (no)
+ #23DB2B : App receives GATT Response;
+ stop
+endif
+@enduml
+
+
+
+@startuml
+title Mandatory Authentication in Central Role
start
: App calls gatt_client_set_required_security_level (level > 0);
-: A connects to B;
-: App triggers GATT Client request on A;
-
-if (LTK available) then (yes)
+: App on A connects to B;
+: App on A triggers GATT Client request;
+: GATT Client request sent;
+if (LTK available?) then (yes)
+ : SM_EVENT_REENCRYPTION_STARTED;
: start encryption;
if (re-encrypted) then (yes)
+ : SM_EVENT_REENCRYPTION_COMPLETE(ERROR_CODE_SUCCESS);
: GATT Client request sent;
#23DB2B : App receives GATT Response;
stop
else (no)
+ : SM_EVENT_REENCRYPTION_COMPLETE(error);
#FD5B41: App receives GATT_QUERY_COMPLETE event
with ATT_ERROR_BONDING_INFORMATION_MISSING;
stop
endif
-
else (no)
- : start pairing;
-
- if (paired) then (yes)
+ : SM_EVENT_PAIRING_STARTED;
+ : start pairing;
+ if (pairing success?) then (yes)
+ : SM_EVENT_PAIRING_COMPLETE(ERROR_CODE_SUCCESS);
: GATT Client request sent;
#23DB2B : App receives GATT Response;
stop
else (no)
+ : SM_EVENT_PAIRING_COMPLETE(error);
+ if (level >= 3) then (yes)
+ #FD5B41: App receives GATT_QUERY_COMPLETE event
+ with ATT_ERROR_INSUFFICIENT_AUTHENTICATION;
+ stop
+ else (no)
+ #FD5B41: App receives GATT_QUERY_COMPLETE event
+ with ATT_ERROR_INSUFFICIENT_ENCRYPTION;
+ stop
+ endif
+ endif
+@enduml
+
+
+
+@startuml
+title Mandatory Authentication in Peripheral Role
+start
+: App calls gatt_client_set_required_security_level (level > 0);
+: App on B connects to A;
+: App on A triggers GATT Client request;
+: GATT Client request sent;
+if (LTK available?) then (yes)
+ : SM_EVENT_REENCRYPTION_STARTED;
+ : SM on A sends SECURITY REQUEST;
+ : SM on B should encrypt connection if LTK available;
+ if (re-encrypted) then (yes)
+ : SM_EVENT_REENCRYPTION_COMPLETE(ERROR_CODE_SUCCESS);
+ : GATT Client request sent;
+ #23DB2B : App receives GATT Response;
+ stop
+ else (no)
+ : SM_EVENT_REENCRYPTION_COMPLETE(error);
+ #FD5B41: App receives GATT_QUERY_COMPLETE event
+ with ATT_ERROR_BONDING_INFORMATION_MISSING;
+ stop
+ endif
+else (no)
+ : SM_EVENT_PAIRING_STARTED;
+ : SM on A sends SECURITY REQUEST;
+ : SM on B should perform pairing sequence;
+ if (pairing success?) then (yes)
+ : SM_EVENT_PAIRING_COMPLETE(ERROR_CODE_SUCCESS);
+ : GATT Client request sent;
+ #23DB2B : App receives GATT Response;
+ stop
+ else (no)
+ : SM_EVENT_PAIRING_COMPLETE(error);
if (level >= 3) then (yes)
#FD5B41: App receives GATT_QUERY_COMPLETE event
with ATT_ERROR_INSUFFICIENT_AUTHENTICATION;
@@ -39,72 +190,107 @@ else (no)
@startuml
-title Proactive Authentication with LTK
+title Proactive Authentication in Central Role
start
: A connects to B;
: App triggers GATT Client request on A;
-if (role) then (Central)
-: start encryption;
-else (Peripheral)
-: send security request;
-endif
-if (re-encrypted) then (yes)
- : GATT Client request sent;
- #23DB2B : App receives GATT Response;
- stop
-else (no)
- #FD5B41: App receives GATT_QUERY_COMPLETE event
+if (LTK available?) then (no)
+ : GATT Client request sent;
+ if (GATT Server returns an ATT_ERROR_INSUFFICIENT_X error?) then (no)
+ #23DB2B : App receives GATT Response;
+ stop
+ else (yes)
+ if (ENABLE_GATT_CLIENT_PAIRING defined?) then (no)
+ #FD5B41: App receives GATT_QUERY_COMPLETE event
+ with ATT_ERROR_INSUFFICIENT_X;
+ stop
+ else (yes)
+ : SM_EVENT_PAIRING_STARTED;
+ : start pairing;
+ if (pairing success?) then (yes)
+ : SM_EVENT_PAIRING_COMPLETE(ERROR_CODE_SUCCESS);
+ : GATT Client request re-sent;
+ #23DB2B : App receives GATT Response;
+ stop
+ else (no)
+ : SM_EVENT_PAIRING_COMPLETE(error);
+ #FD5B41: App receives GATT_QUERY_COMPLETE event
+ with ATT_ERROR_INSUFFICIENT_X;
+ stop
+ endif
+ endif
+ endif
+else (yes)
+ : SM_EVENT_REENCRYPTION_STARTED;
+ : start encryption;
+ if (re-encrypted) then (yes)
+ : SM_EVENT_REENCRYPTION_COMPLETE(ERROR_CODE_SUCCESS);
+ : GATT Client request sent;
+ #23DB2B : App receives GATT Response;
+ stop
+ else (no)
+ : SM_EVENT_REENCRYPTION_COMPLETE(error);
+ #FD5B41: App receives GATT_QUERY_COMPLETE event
with ATT_ERROR_BONDING_INFORMATION_MISSING;
- stop
- note right
- App can delete bonding
- information and repeat
- the GATT Client request
- end note
+ stop
+ note right
+ App can delete bonding
+ information and repeat
+ the GATT Client request
+ end note
+ endif
endif
@enduml
@startuml
-title Reactive Authentication
+title Proactive Authentication in Peripheral Role
start
: A connects to B;
: App triggers GATT Client request on A;
-: GATT Client request sent;
-
-if (GATT Server returns an ATT_ERROR_INSUFFICIENT_X error) then (yes)
- if (ENABLE_GATT_CLIENT_PAIRING) then (yes)
- if (LTK available) then (yes)
- : start encryption;
- if (re-encrypted) then (yes)
- : GATT Client request sent;
- #23DB2B : App receives GATT Response;
- stop
- else (no)
- : delete bonding information;
- endif
-
- endif
-
- : start pairing;
- if (paired) then (yes)
- : GATT Client request sent;
- #23DB2B : App receives GATT Response;
- stop
- else (no)
- #FD5B41 : App receives a GATT Client error;
- stop
- endif
- else (no)
- #FD5B41: App receives GATT_QUERY_COMPLETE event
- with ATT_ERROR_INSUFFICIENT_X;
+if (LTK available?) then (no)
+ : GATT Client request sent;
+ if (GATT Server returns an ATT_ERROR_INSUFFICIENT_X error?) then (no)
+ #23DB2B : App receives GATT Response;
stop
- note left
- App can trigger pairing and
- repeat the GATT Client request
+ else (yes)
+ if (ENABLE_GATT_CLIENT_PAIRING defined?) then (no)
+ #FD5B41: App receives GATT_QUERY_COMPLETE event
+ with ATT_ERROR_INSUFFICIENT_X;
+ stop
+ else (yes)
+ : SM_EVENT_PAIRING_STARTED;
+ : start pairing;
+ if (pairing success?) then (yes)
+ : SM_EVENT_PAIRING_COMPLETE(ERROR_CODE_SUCCESS);
+ : GATT Client request re-sent;
+ #23DB2B : App receives GATT Response;
+ stop
+ else (no)
+ : SM_EVENT_PAIRING_COMPLETE(error);
+ #FD5B41: App receives GATT_QUERY_COMPLETE event
+ with ATT_ERROR_INSUFFICIENT_X;
+ stop
+ endif
+ endif
+ endif
+else (yes)
+ : SM_EVENT_REENCRYPTION_STARTED;
+ : start encryption;
+ if (re-encrypted) then (yes)
+ : SM_EVENT_REENCRYPTION_COMPLETE(ERROR_CODE_SUCCESS);
+ : GATT Client request sent;
+ #23DB2B : App receives GATT Response;
+ stop
+ else (no)
+ : SM_EVENT_REENCRYPTION_COMPLETE(error);
+ #FD5B41: App receives GATT_QUERY_COMPLETE event
+ with ATT_ERROR_BONDING_INFORMATION_MISSING;
+ stop
+ note right
+ App can delete bonding
+ information and repeat
+ the GATT Client request
end note
endif
-else (no)
- #23DB2B : App receives GATT Response;
- stop
endif
@enduml
diff --git a/doc/manual/docs/picts/le_security_flow_control_mandatory_authentication.svg b/doc/manual/docs/picts/le_security_flow_control_mandatory_authentication.svg
deleted file mode 100644
index 0aadddae3..000000000
--- a/doc/manual/docs/picts/le_security_flow_control_mandatory_authentication.svg
+++ /dev/null
@@ -1,48 +0,0 @@
-
\ No newline at end of file
diff --git a/doc/manual/docs/picts/le_security_flow_control_mandatory_authentication_central.svg b/doc/manual/docs/picts/le_security_flow_control_mandatory_authentication_central.svg
new file mode 100644
index 000000000..e6600d0b0
--- /dev/null
+++ b/doc/manual/docs/picts/le_security_flow_control_mandatory_authentication_central.svg
@@ -0,0 +1,52 @@
+
\ No newline at end of file
diff --git a/doc/manual/docs/picts/le_security_flow_control_mandatory_authentication_peripheral.svg b/doc/manual/docs/picts/le_security_flow_control_mandatory_authentication_peripheral.svg
new file mode 100644
index 000000000..12425b92a
--- /dev/null
+++ b/doc/manual/docs/picts/le_security_flow_control_mandatory_authentication_peripheral.svg
@@ -0,0 +1,54 @@
+
\ No newline at end of file
diff --git a/doc/manual/docs/picts/le_security_flow_control_proactive_authentication.svg b/doc/manual/docs/picts/le_security_flow_control_proactive_authentication.svg
deleted file mode 100644
index 9c120e008..000000000
--- a/doc/manual/docs/picts/le_security_flow_control_proactive_authentication.svg
+++ /dev/null
@@ -1,35 +0,0 @@
-
\ No newline at end of file
diff --git a/doc/manual/docs/picts/le_security_flow_control_proactive_authentication_central.svg b/doc/manual/docs/picts/le_security_flow_control_proactive_authentication_central.svg
new file mode 100644
index 000000000..1abd21eba
--- /dev/null
+++ b/doc/manual/docs/picts/le_security_flow_control_proactive_authentication_central.svg
@@ -0,0 +1,62 @@
+
\ No newline at end of file
diff --git a/doc/manual/docs/picts/le_security_flow_control_proactive_authentication_peripheral.svg b/doc/manual/docs/picts/le_security_flow_control_proactive_authentication_peripheral.svg
new file mode 100644
index 000000000..735221143
--- /dev/null
+++ b/doc/manual/docs/picts/le_security_flow_control_proactive_authentication_peripheral.svg
@@ -0,0 +1,64 @@
+
\ No newline at end of file
diff --git a/doc/manual/docs/picts/le_security_flow_control_reactive_authentication.svg b/doc/manual/docs/picts/le_security_flow_control_reactive_authentication.svg
deleted file mode 100644
index 7713379ef..000000000
--- a/doc/manual/docs/picts/le_security_flow_control_reactive_authentication.svg
+++ /dev/null
@@ -1,55 +0,0 @@
-
\ No newline at end of file
diff --git a/doc/manual/docs/picts/le_security_flow_control_reactive_authentication_central.svg b/doc/manual/docs/picts/le_security_flow_control_reactive_authentication_central.svg
new file mode 100644
index 000000000..e70ea6cad
--- /dev/null
+++ b/doc/manual/docs/picts/le_security_flow_control_reactive_authentication_central.svg
@@ -0,0 +1,57 @@
+
\ No newline at end of file
diff --git a/doc/manual/docs/picts/le_security_flow_control_reactive_authentication_peripheral.svg b/doc/manual/docs/picts/le_security_flow_control_reactive_authentication_peripheral.svg
new file mode 100644
index 000000000..0e2ce1bc7
--- /dev/null
+++ b/doc/manual/docs/picts/le_security_flow_control_reactive_authentication_peripheral.svg
@@ -0,0 +1,58 @@
+
\ No newline at end of file