sm: moved sm_encryption_key_size, sm_authenticated, sm_authorization_state into gap.h

src/ble/att_server.c

@@ -216,8 +216,8 @@ static void att_event_packet_handler (uint8_t packet_type, uint16_t channel, uin
                     con_handle = little_endian_read_16(packet, 3);
                     att_server = att_server_for_handle(con_handle);
                     if (!att_server) break;
-                	att_server->connection.encryption_key_size = sm_encryption_key_size(con_handle);
-                	att_server->connection.authenticated = sm_authenticated(con_handle);
+                    att_server->connection.encryption_key_size = gap_encryption_key_size(con_handle);
+                    att_server->connection.authenticated = gap_authenticated(con_handle);
                     if (hci_event_packet_get_type(packet) == HCI_EVENT_ENCRYPTION_CHANGE){
                         // restore CCC values when encrypted
                         if (hci_event_encryption_change_get_encryption_enabled(packet)){
@@ -345,7 +345,7 @@ static int att_server_process_validated_request(att_server_t * att_server){
     && (att_response_buffer[4] == ATT_ERROR_INSUFFICIENT_AUTHORIZATION)
     && (att_server->connection.authenticated)){
 
-        switch (sm_authorization_state(att_server->connection.con_handle)){
+        switch (gap_authorization_state(att_server->connection.con_handle)){
             case AUTHORIZATION_UNKNOWN:
                 l2cap_release_packet_buffer();
                 sm_request_pairing(att_server->connection.con_handle);

src/ble/sm.c

@@ -4063,29 +4063,6 @@ static sm_connection_t * sm_get_connection_for_handle(hci_con_handle_t con_handl
     return &hci_con->sm_connection;
 }
 
-// @returns 0 if not encrypted, 7-16 otherwise
-int sm_encryption_key_size(hci_con_handle_t con_handle){
-    sm_connection_t * sm_conn = sm_get_connection_for_handle(con_handle);
-    if (!sm_conn) return 0;     // wrong connection
-    if (!sm_conn->sm_connection_encrypted) return 0;
-    return sm_conn->sm_actual_encryption_key_size;
-}
-
-int sm_authenticated(hci_con_handle_t con_handle){
-    sm_connection_t * sm_conn = sm_get_connection_for_handle(con_handle);
-    if (!sm_conn) return 0;     // wrong connection
-    if (!sm_conn->sm_connection_encrypted) return 0; // unencrypted connection cannot be authenticated
-    return sm_conn->sm_connection_authenticated;
-}
-
-authorization_state_t sm_authorization_state(hci_con_handle_t con_handle){
-    sm_connection_t * sm_conn = sm_get_connection_for_handle(con_handle);
-    if (!sm_conn) return AUTHORIZATION_UNKNOWN;     // wrong connection
-    if (!sm_conn->sm_connection_encrypted)               return AUTHORIZATION_UNKNOWN; // unencrypted connection cannot be authorized
-    if (!sm_conn->sm_connection_authenticated)           return AUTHORIZATION_UNKNOWN; // unauthenticatd connection cannot be authorized
-    return sm_conn->sm_connection_authorization_state;
-}
-
 static void sm_send_security_request_for_connection(sm_connection_t * sm_conn){
     switch (sm_conn->sm_engine_state){
         case SM_GENERAL_IDLE:

src/ble/sm.h

@@ -152,28 +152,6 @@ void sm_passkey_input(hci_con_handle_t con_handle, uint32_t passkey);
  */
 void sm_keypress_notification(hci_con_handle_t con_handle, uint8_t action);
 
-/**
- *
- * @brief Get encryption key size.
- * @param con_handle
- * @return 0 if not encrypted, 7-16 otherwise
- */
-int sm_encryption_key_size(hci_con_handle_t con_handle);
-
-/**
- * @brief Get authentication property.
- * @param con_handle
- * @return 1 if bonded with OOB/Passkey (AND MITM protection)
- */
-int sm_authenticated(hci_con_handle_t con_handle);
-
-/**
- * @brief Queries authorization state.
- * @param con_handle
- * @return authorization_state for the current session
- */
-authorization_state_t sm_authorization_state(hci_con_handle_t con_handle);
-
 /**
  * @brief Used by att_server.c to request user authorization.
  * @param con_handle

src/gap.h

@@ -44,7 +44,7 @@ extern "C" {
 
 #include "btstack_defines.h"
 #include "btstack_util.h"
-	
+
 typedef enum {
 
 	// MITM protection not required
@@ -103,6 +103,15 @@ typedef enum {
     GAP_RANDOM_ADDRESS_RESOLVABLE,
 } gap_random_address_type_t;
 
+// Authorization state
+typedef enum {
+    AUTHORIZATION_UNKNOWN,
+    AUTHORIZATION_PENDING,
+    AUTHORIZATION_DECLINED,
+    AUTHORIZATION_GRANTED
+} authorization_state_t;
+
+
 /* API_START */
 
 // Classic + LE
@@ -359,6 +368,28 @@ int gap_auto_connection_stop(bd_addr_type_t address_typ, bd_addr_t address);
  */
 void gap_auto_connection_stop_all(void);
 
+/**
+ *
+ * @brief Get encryption key size.
+ * @param con_handle
+ * @return 0 if not encrypted, 7-16 otherwise
+ */
+int gap_encryption_key_size(hci_con_handle_t con_handle);
+
+/**
+ * @brief Get authentication property.
+ * @param con_handle
+ * @return 1 if bonded with OOB/Passkey (AND MITM protection)
+ */
+int gap_authenticated(hci_con_handle_t con_handle);
+
+/**
+ * @brief Queries authorization state.
+ * @param con_handle
+ * @return authorization_state for the current session
+ */
+authorization_state_t gap_authorization_state(hci_con_handle_t con_handle);
+
 // Classic
 
 /**

src/hci.c

@@ -4525,3 +4525,37 @@ void hci_disconnect_all(void){
 uint16_t hci_get_manufacturer(void){
     return hci_stack->manufacturer;
 }
+
+static sm_connection_t * sm_get_connection_for_handle(hci_con_handle_t con_handle){
+    hci_connection_t * hci_con = hci_connection_for_handle(con_handle);
+    if (!hci_con) return NULL;
+    return &hci_con->sm_connection;
+}
+
+#ifdef ENABLE_BLE
+
+// extracted from sm.c to allow enabling of l2cap le data channels without adding sm.c to the build
+// without sm.c default values from create_connection_for_bd_addr_and_type() resulg in non-encrypted, not-authenticated
+
+int gap_encryption_key_size(hci_con_handle_t con_handle){
+    sm_connection_t * sm_conn = sm_get_connection_for_handle(con_handle);
+    if (!sm_conn) return 0;     // wrong connection
+    if (!sm_conn->sm_connection_encrypted) return 0;
+    return sm_conn->sm_actual_encryption_key_size;
+}
+
+int gap_authenticated(hci_con_handle_t con_handle){
+    sm_connection_t * sm_conn = sm_get_connection_for_handle(con_handle);
+    if (!sm_conn) return 0;     // wrong connection
+    if (!sm_conn->sm_connection_encrypted) return 0; // unencrypted connection cannot be authenticated
+    return sm_conn->sm_connection_authenticated;
+}
+
+authorization_state_t gap_authorization_state(hci_con_handle_t con_handle){
+    sm_connection_t * sm_conn = sm_get_connection_for_handle(con_handle);
+    if (!sm_conn) return AUTHORIZATION_UNKNOWN;     // wrong connection
+    if (!sm_conn->sm_connection_encrypted)               return AUTHORIZATION_UNKNOWN; // unencrypted connection cannot be authorized
+    if (!sm_conn->sm_connection_authenticated)           return AUTHORIZATION_UNKNOWN; // unauthenticatd connection cannot be authorized
+    return sm_conn->sm_connection_authorization_state;
+}
+#endif

src/hci.h

@@ -381,14 +381,6 @@ typedef enum {
     IRK_LOOKUP_FAILED
 } irk_lookup_state_t;
 
-// Authorization state
-typedef enum {
-    AUTHORIZATION_UNKNOWN,
-    AUTHORIZATION_PENDING,
-    AUTHORIZATION_DECLINED,
-    AUTHORIZATION_GRANTED
-} authorization_state_t;
-
 typedef uint8_t sm_pairing_packet_t[7];
 
 // connection info available as long as connection exists

src/l2cap.c

@@ -53,10 +53,6 @@
 #include "btstack_event.h"
 #include "btstack_memory.h"
 
-#ifdef ENABLE_LE_DATA_CHANNELS
-#include "ble/sm.h"
-#endif
-
 #include <stdarg.h>
 #include <string.h>
 
@@ -2868,13 +2864,13 @@ static int l2cap_le_signaling_handler_dispatch(hci_con_handle_t handle, uint8_t
 
                 // security: check encryption
                 if (service->required_security_level >= LEVEL_2){
-                    if (sm_encryption_key_size(handle) == 0){
+                    if (gap_encryption_key_size(handle) == 0){
                         // 0x0008 Connection refused - insufficient encryption 
                         l2cap_register_signaling_response(handle, LE_CREDIT_BASED_CONNECTION_REQUEST, sig_id, source_cid, 0x0008);
                         return 1;
                     }
                     // anything less than 16 byte key size is insufficient
-                    if (sm_encryption_key_size(handle) < 16){
+                    if (gap_encryption_key_size(handle) < 16){
                         // 0x0007 Connection refused – insufficient encryption key size
                         l2cap_register_signaling_response(handle, LE_CREDIT_BASED_CONNECTION_REQUEST, sig_id, source_cid, 0x0007);
                         return 1;
@@ -2883,7 +2879,7 @@ static int l2cap_le_signaling_handler_dispatch(hci_con_handle_t handle, uint8_t
 
                 // security: check authencation
                 if (service->required_security_level >= LEVEL_3){
-                    if (!sm_authenticated(handle)){
+                    if (!gap_authenticated(handle)){
                         // 0x0005 Connection refused – insufficient authentication
                         l2cap_register_signaling_response(handle, LE_CREDIT_BASED_CONNECTION_REQUEST, sig_id, source_cid, 0x0005);
                         return 1;
@@ -2892,7 +2888,7 @@ static int l2cap_le_signaling_handler_dispatch(hci_con_handle_t handle, uint8_t
 
                 // security: check authorization
                 if (service->required_security_level >= LEVEL_4){
-                    if (sm_authorization_state(handle) != AUTHORIZATION_GRANTED){
+                    if (gap_authorization_state(handle) != AUTHORIZATION_GRANTED){
                         // 0x0006 Connection refused – insufficient authorization
                         l2cap_register_signaling_response(handle, LE_CREDIT_BASED_CONNECTION_REQUEST, sig_id, source_cid, 0x0006);
                         return 1;