use link_key_type_t as defined in Link Notification Event

include/btstack/utils.h

@@ -64,8 +64,15 @@ typedef uint8_t bd_addr_t[BD_ADDR_LEN];
 typedef uint8_t link_key_t[LINK_KEY_LEN]; 
 
 typedef enum {
-	LINK_KEY_TYPE_UNAUTHENTICATED,
-	LINK_KEY_TYPE_AUTHENTICATED,
+	COMBINATION_KEY = 0,	// standard pairing
+	LOCAL_UNIT_KEY,			// ?
+	REMOTE_UNIT_KEY,		// ?
+	DEBUG_COMBINATION_KEY,	// SSP with debug
+	UNAUTHENTICATED_COMBINATION_KEY_GENERATED_FROM_P192, // SSP Simple Pairing
+	AUTHENTICATED_COMBINATION_KEY_GENERATED_FROM_P192,	 // SSP Passkey, Number confirm, OOB
+	CHANGED_COMBINATION_KEY,							 // Link key changed using Change Connection Lnk Key
+	UNAUTHENTICATED_COMBINATION_KEY_GENERATED_FROM_P256, // SSP Simpe Pairing
+	AUTHENTICATED_COMBINATION_KEY_GENERATED_FROM_P256,   // SSP Passkey, Number confirm, OOB
 } link_key_type_t;
 
 /**
@@ -132,6 +139,8 @@ uint8_t crc8_calc(uint8_t *data, uint16_t len);
 #define BD_ADDR_CMP(a,b) memcmp(a,b, BD_ADDR_LEN)
 #define BD_ADDR_COPY(dest,src) memcpy(dest,src,BD_ADDR_LEN)
 
+int is_authenticated_link_key(link_key_type_t link_key_type);
+
 #if defined __cplusplus
 }
 #endif

src/hci.c

@@ -645,15 +645,22 @@ static void event_handler(uint8_t *packet, int size){
             // request handled by hci_run() as HANDLE_LINK_KEY_REQUEST gets set
             return;
             
-        case HCI_EVENT_LINK_KEY_NOTIFICATION:
-            hci_add_connection_flags_for_flipped_bd_addr(&packet[2], RECV_LINK_KEY_NOTIFICATION);
-            if (!hci_stack.remote_device_db) break;
+        case HCI_EVENT_LINK_KEY_NOTIFICATION: {
             bt_flip_addr(addr, &packet[2]);
-            // @TODO determine link key type
-            hci_stack.remote_device_db->put_link_key(&addr, (link_key_t *) &packet[8], LINK_KEY_TYPE_UNAUTHENTICATED);
+            conn = connection_for_address(addr);
+            if (!conn) break;
+            conn->authentication_flags |= RECV_LINK_KEY_NOTIFICATION;
+            link_key_type_t link_key_type = packet[24];
+            // Change Connection Encryption keeps link key type
+            if (link_key_type != CHANGED_COMBINATION_KEY){
+                conn->link_key_type = link_key_type;
+            }
+            if (!hci_stack.remote_device_db) break;
+            hci_stack.remote_device_db->put_link_key(&addr, (link_key_t *) &packet[8], conn->link_key_type);
             // still forward event to allow dismiss of pairing dialog
             break;
-            
+        }
+
         case HCI_EVENT_PIN_CODE_REQUEST:
             hci_add_connection_flags_for_flipped_bd_addr(&packet[2], RECV_PIN_CODE_REQUEST);
             // non-bondable mode: pin code negative reply will be sent
@@ -1224,10 +1231,8 @@ void hci_run(){
             link_key_type_t link_key_type;
             log_info("responding to link key request\n");
             if ( hci_stack.bondable && hci_stack.remote_device_db && hci_stack.remote_device_db->get_link_key( &connection->address, &link_key, &link_key_type)){
+               connection->link_key_type = link_key_type;
                hci_send_cmd(&hci_link_key_request_reply, connection->address, &link_key);
-               if (link_key_type == LINK_KEY_TYPE_AUTHENTICATED){
-                    connectionSetAuthenticationFlags(connection, HAVE_AUTHENTICATED_LINK_KEY);
-               }
             } else {
                hci_send_cmd(&hci_link_key_request_negative_reply, connection->address);
             }
@@ -1526,13 +1531,6 @@ int hci_send_cmd_packet(uint8_t *packet, int size){
     if (IS_COMMAND(packet, hci_link_key_request_negative_reply)){
         hci_add_connection_flags_for_flipped_bd_addr(&packet[3], SENT_LINK_KEY_NEGATIVE_REQUEST);
     }
-    // Link key generated from PIN implies MITM protecion and authentication
-    if (IS_COMMAND(packet, hci_pin_code_request_reply)){
-        hci_add_connection_flags_for_flipped_bd_addr(&packet[3], HAVE_AUTHENTICATED_LINK_KEY);
-    }
-    // if (IS_COMMAND(packet, hci_pin_code_request_negative_reply)){
-    //     hci_add_connection_flags_for_flipped_bd_addr(&packet[3], SENT_PIN_CODE_NEGATIVE_REPLY);
-    // }
     
     if (IS_COMMAND(packet, hci_delete_stored_link_key)){
         if (hci_stack.remote_device_db){

src/hci.h

@@ -215,9 +215,6 @@ typedef enum {
     RECV_USER_PASSKEY_REQUEST      = 0x0800,
     SEND_USER_PASSKEY_REPLY        = 0x1000,
 
-    // link key
-    HAVE_AUTHENTICATED_LINK_KEY    = 0x2000,
-
     // connection status
     CONNECTION_ENCRYPTED           = 0x2000,
 
@@ -266,6 +263,9 @@ typedef struct {
     // bonding
     bonding_flags_t bonding_flags;
 
+    // 
+    link_key_type_t link_key_type;
+
     // errands
     hci_authentication_flags_t authentication_flags;
 

src/remote_device_db_iphone.m

@@ -161,7 +161,7 @@ static int get_link_key(bd_addr_t *bd_addr, link_key_t *link_key, link_key_type_
     if ([linkKey length] == LINK_KEY_LEN){
         memcpy(link_key, [linkKey bytes], LINK_KEY_LEN);
         if (link_key_type){
-            *link_key_type = LINK_KEY_TYPE_UNAUTHENTICATED;
+            *link_key_type = COMBINATION_KEY;
         }
     }
     [pool release];

src/utils.c

@@ -131,6 +131,19 @@ int sscan_bd_addr(uint8_t * addr_string, bd_addr_t addr){
 }
 #endif
 
+
+// treat standard pairing as Authenticated as it uses a PIN
+int is_authenticated_link_key(link_key_type_t link_key_type){
+    switch (link_key_type){
+        case COMBINATION_KEY:
+        case AUTHENTICATED_COMBINATION_KEY_GENERATED_FROM_P192:
+        case AUTHENTICATED_COMBINATION_KEY_GENERATED_FROM_P256:
+            return 1;
+        default:
+            return 0;
+    }
+}
+
 /*  
  * CRC (reversed crc) lookup table as calculated by the table generator in ETSI TS 101 369 V6.3.0.
  */