With BCM20737 and Android 4.4.4 we are running into an issue where, in some cases, pairing succeeds but all subsequent connects fail.
Comparing the BLE packet traffic we noticed that in the failure case the link layer for slave (20737) rejected encryption request (LL_REJECT_IND) with reason "Pin or Key missing".
Success case:
Looking at the message sequence chart in attached encryption-success.png, it matches Fig 6.7 in message sequence charts in Bluetooth 4.1 spec, Vol 6 -> Part D Message sequence charts -> 6 Connection state -> 6.6 Start encryption. Here in frame number 1826, the slave returns a good LL_ENC_RSP and the master continues to a 3-way handshake.
Failure case:
Looking at the message sequence chart in attached encryption-failed.png, it matches Fig 6.8 in message sequence charts in Bluetooth 4.1 spec, Vol 6 -> Part D Message sequence charts -> 6 Connection state -> 6.7 Start encryption without long term key. Here in frame number 6588, the slave returns a LL_REJECT_IND with reason "PIN or Key missing", and the connection is terminated.
In Bluetooth 4.1 spec Volume 3 -> Part H Security Manager Specification -> 2 Security manager -> 2.4.4 Encrypted Session Setup, we noticed that the slave’s host layer provides a Long Term Key (LTK) to the slave's Link Layer for setting up encryption. Also, this LTK is based on EDIV and Rand that were distributed by the slave during pairing.
Is it possible that the Slave forgot a Rand/Div or LTK that it ought to remember?
We noticed a similar symptom in Bluez stack that acted as a slave and a corresponding fix at:
https://lists.ubuntu.com/archives/kernel-team/2014-April/042060.html
Can you please let us know if we need any fixes to encrypt connections between BCM20737 and Android 4.4.4.
