e(key,plainText)=aes-128(key,PlainText)
ah(k:128,r:24)=e(k,padding||r) mod 2^24
c1(k:128,r:128,preq:56,pres:56,iat:1,rat:1,ia:48,ra:38)=e(k,e(k,r xor (pres||preq||(0:8 || rat)||(0:8 ||iat)) xor (0||ia||ra))
s1(k:128,r1:128,r2:128)=e(k,r1:64 || r2:64)//截高位
dm(k:128,r:64)=e(k,padding||r) mod 2^16
d1(k:128,d:16,r:16)=e(k,padding||r||d)
Mconfirm=c1(TK,Mrand,pairing request command,
paring response command,
initiatiing device type,initiating device address,
responding device address type, responding devices address)
Sconfirm = c1(TK, Srand,
Pairing Request command, Pairing Response command,
initiating device address type, initiating devices address,
responding device address type, responding device address)

master Mconfirm-> slave
slave  Sconfirm-> master
master Mrand-> slave
slave verify...(may confirm value failed)
slave Srand ->master
master verify...(may confirm value failed)

STK=s1(TK,Srand:128,Mrand:128)

IRK:128,CRSK:128,LTK:128,EDIV:16,Rand:64
mac=cmac(k,m,Tlen) k:CSRK,m:message||SignCounter

SMP协议使用0x0006 l2cap

start:ER,IR
EDIV=dm(DHK,Rand:64) xor DIV
LTK=d1(ER,DIV,0)
CSRK=d1(ER,DIV,1)
IRK=d1(IR,1,0)
DHK=d1(IR,3,0)

EDIV||LTK =》database