@startuml
title Reactive Authentication in Central Role
start
: App on A connects to B;
: App on A triggers GATT Client request;
: GATT Client request sent;
if (GATT Server returns an ATT_ERROR_INSUFFICIENT_X error?) then (yes)
if (ENABLE_GATT_CLIENT_PAIRING defined?) then (yes)
if (LTK available?) then (yes)
: SM_EVENT_REENCRYPTION_STARTED;
: start encryption;
if (re-encrypted) then (yes)
: SM_EVENT_REENCRYPTION_COMPLETE(ERROR_CODE_SUCCESS);
: GATT Client request re-sent;
#23DB2B : App receives GATT Response;
stop
else (no)
: SM_EVENT_REENCRYPTION_COMPLETE(error);
: delete bonding information;
endif
endif
: SM_EVENT_PAIRING_STARTED;
: start pairing;
if (pairing success?) then (yes)
: SM_EVENT_PAIRING_COMPLETE(ERROR_CODE_SUCCESS);
: GATT Client request re-sent;
#23DB2B : App receives GATT Response;
stop
else (no)
: SM_EVENT_PAIRING_COMPLETE(error);
#FD5B41 : App receives a GATT Client error;
stop
endif
else (no)
#FD5B41: ATT_QUERY_COMPLETE(ATT_ERROR_INSUFFICIENT_X);
stop
note left
App can trigger pairing and
repeat the GATT Client request
end note
endif
else (no)
#23DB2B : App receives GATT Response;
stop
endif
@enduml
@startuml
title Reactive Authentication in Peripheral Role
start
: App on B connects to A;
: App on A triggers GATT Client request;
: GATT Client request sent;
if (GATT Server returns an ATT_ERROR_INSUFFICIENT_X error?) then (yes)
if (ENABLE_GATT_CLIENT_PAIRING define?) then (yes)
if (LTK available?) then (yes)
: SM_EVENT_REENCRYPTION_STARTED;
: SM on A sends SECURITY REQUEST;
: SM on B should encrypt connection if LTK available;
if (re-encrypted) then (yes)
: SM_EVENT_REENCRYPTION_COMPLETE(ERROR_CODE_SUCCESS);
: GATT Client request re-sent;
#23DB2B : App receives GATT Response;
stop
else (no)
: SM_EVENT_REENCRYPTION_COMPLETE(error);
: delete bonding information;
endif
endif
: SM_EVENT_PAIRING_STARTED;
: SM on A sends SECURITY REQUEST;
: SM on B should perform pairing sequence;
if (pairing success?) then (yes)
: SM_EVENT_PAIRING_COMPLETE(ERROR_CODE_SUCCESS);
: GATT Client request re-sent;
#23DB2B : App receives GATT Response;
stop
else (no)
: SM_EVENT_PAIRING_COMPLETE(error);
#FD5B41 : App receives a GATT Client error;
stop
endif
else (no)
#FD5B41: ATT_QUERY_COMPLETE(ATT_ERROR_INSUFFICIENT_X);
stop
note left
App can trigger pairing and
repeat the GATT Client request
end note
endif
else (no)
#23DB2B : App receives GATT Response;
stop
endif
@enduml
@startuml
title Mandatory Authentication in Central Role
start
: App calls gatt_client_set_required_security_level (level > 0);
: App on A connects to B;
: App on A triggers GATT Client request;
: GATT Client request sent;
if (LTK available?) then (yes)
: SM_EVENT_REENCRYPTION_STARTED;
: start encryption;
if (re-encrypted) then (yes)
: SM_EVENT_REENCRYPTION_COMPLETE(ERROR_CODE_SUCCESS);
: GATT Client request sent;
#23DB2B : App receives GATT Response;
stop
else (no)
: SM_EVENT_REENCRYPTION_COMPLETE(error);
#FD5B41: App receives GATT_QUERY_COMPLETE event
with ATT_ERROR_BONDING_INFORMATION_MISSING;
stop
endif
else (no)
: SM_EVENT_PAIRING_STARTED;
: start pairing;
if (pairing success?) then (yes)
: SM_EVENT_PAIRING_COMPLETE(ERROR_CODE_SUCCESS);
: GATT Client request sent;
#23DB2B : App receives GATT Response;
stop
else (no)
: SM_EVENT_PAIRING_COMPLETE(error);
if (level >= 3) then (yes)
#FD5B41: App receives GATT_QUERY_COMPLETE event
with ATT_ERROR_INSUFFICIENT_AUTHENTICATION;
stop
else (no)
#FD5B41: App receives GATT_QUERY_COMPLETE event
with ATT_ERROR_INSUFFICIENT_ENCRYPTION;
stop
endif
endif
@enduml
@startuml
title Mandatory Authentication in Peripheral Role
start
: App calls gatt_client_set_required_security_level (level > 0);
: App on B connects to A;
: App on A triggers GATT Client request;
: GATT Client request sent;
if (LTK available?) then (yes)
: SM_EVENT_REENCRYPTION_STARTED;
: SM on A sends SECURITY REQUEST;
: SM on B should encrypt connection if LTK available;
if (re-encrypted) then (yes)
: SM_EVENT_REENCRYPTION_COMPLETE(ERROR_CODE_SUCCESS);
: GATT Client request sent;
#23DB2B : App receives GATT Response;
stop
else (no)
: SM_EVENT_REENCRYPTION_COMPLETE(error);
#FD5B41: App receives GATT_QUERY_COMPLETE event
with ATT_ERROR_BONDING_INFORMATION_MISSING;
stop
endif
else (no)
: SM_EVENT_PAIRING_STARTED;
: SM on A sends SECURITY REQUEST;
: SM on B should perform pairing sequence;
if (pairing success?) then (yes)
: SM_EVENT_PAIRING_COMPLETE(ERROR_CODE_SUCCESS);
: GATT Client request sent;
#23DB2B : App receives GATT Response;
stop
else (no)
: SM_EVENT_PAIRING_COMPLETE(error);
if (level >= 3) then (yes)
#FD5B41: App receives GATT_QUERY_COMPLETE event
with ATT_ERROR_INSUFFICIENT_AUTHENTICATION;
stop
else (no)
#FD5B41: App receives GATT_QUERY_COMPLETE event
with ATT_ERROR_INSUFFICIENT_ENCRYPTION;
stop
endif
endif
@enduml
@startuml
title Proactive Authentication in Central Role
start
: A connects to B;
: SM checks if LTK available;
note right
SM actions triggered by
connection complete
(independent from GATT Client)
end note
: App triggers GATT Client request on A;
if (LTK available?) then (no)
: GATT Client request sent;
if (GATT Server returns an ATT_ERROR_INSUFFICIENT_X error?) then (no)
#23DB2B : App receives GATT Response;
stop
else (yes)
if (ENABLE_GATT_CLIENT_PAIRING defined?) then (no)
#FD5B41: App receives GATT_QUERY_COMPLETE event
with ATT_ERROR_INSUFFICIENT_X;
stop
else (yes)
: SM_EVENT_PAIRING_STARTED;
: start pairing;
if (pairing success?) then (yes)
: SM_EVENT_PAIRING_COMPLETE(ERROR_CODE_SUCCESS);
: GATT Client request re-sent;
#23DB2B : App receives GATT Response;
stop
else (no)
: SM_EVENT_PAIRING_COMPLETE(error);
#FD5B41: App receives GATT_QUERY_COMPLETE event
with ATT_ERROR_INSUFFICIENT_X;
stop
endif
endif
endif
else (yes)
: SM_EVENT_REENCRYPTION_STARTED;
: start encryption;
if (re-encrypted) then (yes)
: SM_EVENT_REENCRYPTION_COMPLETE(ERROR_CODE_SUCCESS);
: GATT Client request sent;
#23DB2B : App receives GATT Response;
stop
else (no)
: SM_EVENT_REENCRYPTION_COMPLETE(error);
#FD5B41: App receives GATT_QUERY_COMPLETE event
with ATT_ERROR_BONDING_INFORMATION_MISSING;
stop
note right
App can delete bonding
information and repeat
the GATT Client request
end note
endif
endif
@enduml
@startuml
title Proactive Authentication in Peripheral Role
start
: A connects to B;
: SM checks if LTK available;
note right
SM actions triggered by
connection complete
(independent from GATT Client)
end note
: App triggers GATT Client request on A;
if (LTK available?) then (no)
: GATT Client request sent;
if (GATT Server returns an ATT_ERROR_INSUFFICIENT_X error?) then (no)
#23DB2B : App receives GATT Response;
stop
else (yes)
if (ENABLE_GATT_CLIENT_PAIRING defined?) then (no)
#FD5B41: App receives GATT_QUERY_COMPLETE event
with ATT_ERROR_INSUFFICIENT_X;
stop
else (yes)
: SM_EVENT_PAIRING_STARTED;
: start pairing;
if (pairing success?) then (yes)
: SM_EVENT_PAIRING_COMPLETE(ERROR_CODE_SUCCESS);
: GATT Client request re-sent;
#23DB2B : App receives GATT Response;
stop
else (no)
: SM_EVENT_PAIRING_COMPLETE(error);
#FD5B41: App receives GATT_QUERY_COMPLETE event
with ATT_ERROR_INSUFFICIENT_X;
stop
endif
endif
endif
else (yes)
: SM_EVENT_REENCRYPTION_STARTED;
: start encryption;
if (re-encrypted) then (yes)
: SM_EVENT_REENCRYPTION_COMPLETE(ERROR_CODE_SUCCESS);
: GATT Client request sent;
#23DB2B : App receives GATT Response;
stop
else (no)
: SM_EVENT_REENCRYPTION_COMPLETE(error);
#FD5B41: App receives GATT_QUERY_COMPLETE event
with ATT_ERROR_BONDING_INFORMATION_MISSING;
stop
note right
App can delete bonding
information and repeat
the GATT Client request
end note
endif
endif
@enduml