From f85a9399b23550ad3413caeef0099c5d0b11a32b Mon Sep 17 00:00:00 2001
From: "matthias.ringwald@gmail.com"
 <matthias.ringwald@gmail.com@1a0a8af8-31b5-11de-8e0c-53a27eea117e>
Date: Thu, 16 Jan 2014 23:15:21 +0000
Subject: [PATCH] request security level 0 for l2cap services

---
 include/btstack/hci_cmds.h |  3 ++-
 src/hci.c                  | 21 ++++++++++++++-------
 src/l2cap.c                | 37 ++++++++++++++++++++++++-------------
 src/l2cap.h                |  1 +
 4 files changed, 41 insertions(+), 21 deletions(-)

diff --git a/include/btstack/hci_cmds.h b/include/btstack/hci_cmds.h
index eecc5140c..df47516fd 100644
--- a/include/btstack/hci_cmds.h
+++ b/include/btstack/hci_cmds.h
@@ -252,7 +252,8 @@ extern "C" {
 // Error Code
 #define ERROR_CODE_UNKNOWN_CONNECTION_IDENTIFIER 	       0x02
 #define ERROR_CODE_PAIRING_NOT_ALLOWED					   0x18
-
+#define ERROR_CODE_INSUFFICIENT_SECURITY 				   0x2F
+ 
 // last error code in 2.1 is 0x38 - we start with 0x50 for BTstack errors
 #define BTSTACK_CONNECTION_TO_BTDAEMON_FAILED              0x50
 #define BTSTACK_ACTIVATION_FAILED_SYSTEM_BLUETOOTH		   0x51
diff --git a/src/hci.c b/src/hci.c
index 39fc5a0c2..19a781909 100644
--- a/src/hci.c
+++ b/src/hci.c
@@ -1770,11 +1770,18 @@ gap_security_level_t gap_security_level(hci_con_handle_t con_handle){
  * @result GAP_AUTHENTICATION_RESULT
  */
 void gap_request_security_level(hci_con_handle_t con_handle, gap_security_level_t level){
-    hci_connection_t * connection = hci_connection_for_handle(con_handle);
-    if (!connection){
-        hci_emit_security_level(con_handle, ERROR_CODE_UNKNOWN_CONNECTION_IDENTIFIER, LEVEL_0);
-        return;
-    }
-    //
-
+    // hci_connection_t * connection = hci_connection_for_handle(con_handle);
+    // if (!connection){
+    //     hci_emit_security_level(con_handle, ERROR_CODE_UNKNOWN_CONNECTION_IDENTIFIER, LEVEL_0);
+    //     return;
+    // }
+    // gap_security_level_t current_level = gap_security_level(con_handle);
+    // if (ggap_security_level_t >= level){
+    //     hci_emit_security_level(con_handle, 0, gap_security_level_t);
+    //     return;
+    // }
+    // connection->bonding_flags |= 
+    
+    // magic!
+    hci_emit_security_level(con_handle, 0, level);
 }
diff --git a/src/l2cap.c b/src/l2cap.c
index d6fc31186..929fd8f79 100644
--- a/src/l2cap.c
+++ b/src/l2cap.c
@@ -769,6 +769,25 @@ void l2cap_event_handler( uint8_t *packet, uint16_t size ){
                 (*security_protocol_packet_handler)(HCI_EVENT_PACKET, 0, packet, size);
             }
             break;
+
+        case GAP_AUTHENTICATION_RESULT:
+            handle = READ_BT_16(packet, 3);
+            for (it = (linked_item_t *) l2cap_channels; it ; it = it->next){
+                channel = (l2cap_channel_t *) it;
+                if (channel->handle != handle) continue;
+                if (channel->state  != L2CAP_STATE_WAIT_AUTHENTICATION_RESULT) continue;
+                if (packet[2]){
+                    // fail
+                    channel->reason = 0x03; // security block
+                    channel->state = L2CAP_STATE_WILL_SEND_CONNECTION_RESPONSE_DECLINE;
+                } else {
+                    // success
+                    // @todo check sercurity level again
+                    channel->state = L2CAP_STATE_WAIT_CLIENT_ACCEPT_OR_REJECT;
+                    l2cap_emit_connection_request(channel);
+                }
+            }
+            break;
             
         default:
             break;
@@ -818,7 +837,7 @@ static void l2cap_handle_connection_request(hci_con_handle_t handle, uint8_t sig
         && hci_local_ssp_activated()
         && hci_remote_ssp_supported(handle)
         && gap_security_level(handle) == LEVEL_0){
-        
+
         // 0x0003 Security Block
         l2cap_register_signaling_response(handle, CONNECTION_REQUEST, sig_id, 0x0003);
         return;
@@ -853,23 +872,15 @@ static void l2cap_handle_connection_request(hci_con_handle_t handle, uint8_t sig
     }
     
     // set initial state
-    channel->state = L2CAP_STATE_WAIT_CLIENT_ACCEPT_OR_REJECT;
+    channel->state = L2CAP_STATE_WAIT_AUTHENTICATION_RESULT;
     channel->state_var = L2CAP_CHANNEL_STATE_VAR_SEND_CONN_RESP_PEND;
     
     // add to connections list
     linked_list_add(&l2cap_channels, (linked_item_t *) channel);
 
-    // check security requirements
-    // gap_security_level_t current_level  = gap_security_level(handle);
-    // gap_security_level_t required_level = LEVEL_2;
-    // if (current_level < required_level){
-    //     channel->state = L2CAP_STATE_WAIT_AUTHENTICATION_RESULT;
-    //     gap_request_security_level(handle, required_level);
-    //     return;        
-    // }
-
-    // emit incoming connection request
-    l2cap_emit_connection_request(channel);
+    // assert security requirements
+    gap_security_level_t required_level = LEVEL_0;
+    gap_request_security_level(handle, required_level);
 }
 
 void l2cap_accept_connection_internal(uint16_t local_cid){
diff --git a/src/l2cap.h b/src/l2cap.h
index cdf1b48b0..6183ee8e5 100644
--- a/src/l2cap.h
+++ b/src/l2cap.h
@@ -100,6 +100,7 @@ typedef enum {
     L2CAP_STATE_OPEN,
     L2CAP_STATE_WAIT_DISCONNECT,  // from application
     L2CAP_STATE_WILL_SEND_CONNECTION_REQUEST,
+    L2CAP_STATE_WILL_SEND_CONNECTION_RESPONSE_INSUFFICIENT_SECURITY,
     L2CAP_STATE_WILL_SEND_CONNECTION_RESPONSE_DECLINE,
     L2CAP_STATE_WILL_SEND_CONNECTION_RESPONSE_ACCEPT,   
     L2CAP_STATE_WILL_SEND_DISCONNECT_REQUEST,