1 /******************************************************************************
2 *
3 * Copyright (C) 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains functions for the Bluetooth Device Manager
22 *
23 ******************************************************************************/
24
25 #include <stdlib.h>
26 #include <string.h>
27 //#include <stdio.h>
28 #include <stddef.h>
29
30 #include "stack/bt_types.h"
31 #include "device/controller.h"
32 #include "stack/hcimsgs.h"
33 #include "stack/btu.h"
34 #include "stack/btm_api.h"
35 #include "btm_int.h"
36 #include "stack/hcidefs.h"
37 #include "stack/l2c_api.h"
38
39 static tBTM_SEC_DEV_REC *btm_find_oldest_dev (void);
40
41 /*******************************************************************************
42 **
43 ** Function BTM_SecAddDevice
44 **
45 ** Description Add/modify device. This function will be normally called
46 ** during host startup to restore all required information
47 ** stored in the NVRAM.
48 **
49 ** Parameters: bd_addr - BD address of the peer
50 ** dev_class - Device Class
51 ** bd_name - Name of the peer device. NULL if unknown.
52 ** features - Remote device's features (up to 3 pages). NULL if not known
53 ** trusted_mask - Bitwise OR of services that do not
54 ** require authorization. (array of UINT32)
55 ** link_key - Connection link key. NULL if unknown.
56 **
57 ** Returns TRUE if added OK, else FALSE
58 **
59 *******************************************************************************/
BTM_SecAddDevice(BD_ADDR bd_addr,DEV_CLASS dev_class,BD_NAME bd_name,UINT8 * features,UINT32 trusted_mask[],LINK_KEY link_key,UINT8 key_type,tBTM_IO_CAP io_cap,UINT8 pin_length,UINT8 sc_support)60 BOOLEAN BTM_SecAddDevice (BD_ADDR bd_addr, DEV_CLASS dev_class, BD_NAME bd_name,
61 UINT8 *features, UINT32 trusted_mask[],
62 LINK_KEY link_key, UINT8 key_type, tBTM_IO_CAP io_cap,
63 UINT8 pin_length, UINT8 sc_support)
64 {
65 #if (SMP_INCLUDED == TRUE)
66 tBTM_SEC_DEV_REC *p_dev_rec;
67 int i, j;
68 BOOLEAN found = FALSE;
69
70 BTM_TRACE_API("%s, link key type:%x\n", __FUNCTION__, key_type);
71 p_dev_rec = btm_find_dev (bd_addr);
72 if (!p_dev_rec) {
73 /* There is no device record, allocate one.
74 * If we can not find an empty spot for this one, let it fail. */
75 if (list_length(btm_cb.p_sec_dev_rec_list) < BTM_SEC_MAX_DEVICE_RECORDS) {
76 p_dev_rec = (tBTM_SEC_DEV_REC *)osi_malloc(sizeof(tBTM_SEC_DEV_REC));
77 if(p_dev_rec) {
78 list_append(btm_cb.p_sec_dev_rec_list, p_dev_rec);
79 /* Mark this record as in use and initialize */
80 memset (p_dev_rec, 0, sizeof (tBTM_SEC_DEV_REC));
81 p_dev_rec->sec_flags = BTM_SEC_IN_USE;
82 memcpy (p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN);
83 p_dev_rec->hci_handle = BTM_GetHCIConnHandle (bd_addr, BT_TRANSPORT_BR_EDR);
84 p_dev_rec->ble_hci_handle = BTM_GetHCIConnHandle (bd_addr, BT_TRANSPORT_LE);
85
86 #if BLE_INCLUDED == TRUE
87 /* use default value for background connection params */
88 /* update conn params, use default value for background connection params */
89 memset(&p_dev_rec->conn_params, 0xff, sizeof(tBTM_LE_CONN_PRAMS));
90 #endif
91 }
92 }
93
94 if (!p_dev_rec) {
95 return (FALSE);
96 }
97 }
98 p_dev_rec->bond_type = BOND_TYPE_UNKNOWN; /* Default value */
99 p_dev_rec->timestamp = btm_cb.dev_rec_count++;
100 p_dev_rec->remote_secure_connection_previous_state = sc_support;
101
102 if (dev_class) {
103 memcpy (p_dev_rec->dev_class, dev_class, DEV_CLASS_LEN);
104 }
105
106 memset(p_dev_rec->sec_bd_name, 0, sizeof(tBTM_BD_NAME));
107
108 if (bd_name && bd_name[0]) {
109 p_dev_rec->sec_flags |= BTM_SEC_NAME_KNOWN;
110 BCM_STRNCPY_S ((char *)p_dev_rec->sec_bd_name, (char *)bd_name, BTM_MAX_REM_BD_NAME_LEN);
111 }
112
113 p_dev_rec->num_read_pages = 0;
114 if (features) {
115 memcpy (p_dev_rec->features, features, sizeof (p_dev_rec->features));
116 for (i = HCI_EXT_FEATURES_PAGE_MAX; i >= 0; i--) {
117 for (j = 0; j < HCI_FEATURE_BYTES_PER_PAGE; j++) {
118 if (p_dev_rec->features[i][j] != 0) {
119 found = TRUE;
120 break;
121 }
122 }
123 if (found) {
124 p_dev_rec->num_read_pages = i + 1;
125 break;
126 }
127 }
128 } else {
129 memset (p_dev_rec->features, 0, sizeof (p_dev_rec->features));
130 }
131
132 BTM_SEC_COPY_TRUSTED_DEVICE(trusted_mask, p_dev_rec->trusted_mask);
133
134 if (link_key) {
135 BTM_TRACE_EVENT ("BTM_SecAddDevice() BDA: %02x:%02x:%02x:%02x:%02x:%02x\n",
136 bd_addr[0], bd_addr[1], bd_addr[2],
137 bd_addr[3], bd_addr[4], bd_addr[5]);
138 p_dev_rec->sec_flags |= BTM_SEC_LINK_KEY_KNOWN;
139 memcpy (p_dev_rec->link_key, link_key, LINK_KEY_LEN);
140 p_dev_rec->link_key_type = key_type;
141 p_dev_rec->pin_code_length = pin_length;
142
143 if (pin_length >= 16 ||
144 key_type == BTM_LKEY_TYPE_AUTH_COMB ||
145 key_type == BTM_LKEY_TYPE_AUTH_COMB_P_256) {
146 // Set the fiag if the link key was made by using either a 16 digit
147 // pin or MITM.
148 p_dev_rec->sec_flags |= BTM_SEC_16_DIGIT_PIN_AUTHED;
149 }
150 }
151
152 #if defined(BTIF_MIXED_MODE_INCLUDED) && (BTIF_MIXED_MODE_INCLUDED == TRUE)
153 if (key_type < BTM_MAX_PRE_SM4_LKEY_TYPE) {
154 p_dev_rec->sm4 = BTM_SM4_KNOWN;
155 } else {
156 p_dev_rec->sm4 = BTM_SM4_TRUE;
157 }
158 #endif
159
160 p_dev_rec->rmt_io_caps = io_cap;
161 p_dev_rec->device_type |= BT_DEVICE_TYPE_BREDR;
162 #endif ///SMP_INCLUDED == TRUE
163 return (TRUE);
164 }
165
166
167 /*******************************************************************************
168 **
169 ** Function BTM_SecDeleteDevice
170 **
171 ** Description Free resources associated with the device.
172 **
173 ** Parameters: bd_addr - BD address of the peer
174 ** transport - BT_TRANSPORT_BR_EDR or BT_TRANSPORT_LE
175 **
176 ** Returns TRUE if removed OK, FALSE if not found or ACL link is active
177 **
178 *******************************************************************************/
BTM_SecDeleteDevice(BD_ADDR bd_addr,tBT_TRANSPORT transport)179 BOOLEAN BTM_SecDeleteDevice (BD_ADDR bd_addr, tBT_TRANSPORT transport)
180 {
181
182 tBTM_SEC_DEV_REC *p_dev_rec;
183
184 if (BTM_IsAclConnectionUp(bd_addr, transport)) {
185 BTM_TRACE_WARNING("%s FAILED: Cannot Delete when connection is active\n", __func__);
186 return FALSE;
187 }
188 if ((p_dev_rec = btm_find_dev(bd_addr)) != NULL) {
189 /* Tell controller to get rid of the link key, if it has one stored */
190 BTM_DeleteStoredLinkKey (p_dev_rec->bd_addr, NULL);
191
192 btm_sec_free_dev(p_dev_rec, transport);
193 }
194
195 return TRUE;
196 }
197
198 /*******************************************************************************
199 **
200 ** Function BTM_SecClearSecurityFlags
201 **
202 ** Description Reset the security flags (mark as not-paired) for a given
203 ** remove device.
204 **
205 *******************************************************************************/
BTM_SecClearSecurityFlags(BD_ADDR bd_addr)206 extern void BTM_SecClearSecurityFlags (BD_ADDR bd_addr)
207 {
208 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bd_addr);
209 if (p_dev_rec == NULL) {
210 return;
211 }
212
213 p_dev_rec->sec_flags = 0;
214 p_dev_rec->sec_state = BTM_SEC_STATE_IDLE;
215 p_dev_rec->sm4 = BTM_SM4_UNKNOWN;
216 }
217
218
219 /*******************************************************************************
220 **
221 ** Function BTM_SecReadDevName
222 **
223 ** Description Looks for the device name in the security database for the
224 ** specified BD address.
225 **
226 ** Returns Pointer to the name or NULL
227 **
228 *******************************************************************************/
BTM_SecReadDevName(BD_ADDR bd_addr)229 char *BTM_SecReadDevName (BD_ADDR bd_addr)
230 {
231 char *p_name = NULL;
232 tBTM_SEC_DEV_REC *p_srec;
233
234 if ((p_srec = btm_find_dev(bd_addr)) != NULL) {
235 p_name = (char *)p_srec->sec_bd_name;
236 }
237
238 return (p_name);
239 }
240
241
242 /*******************************************************************************
243 **
244 ** Function btm_find_sec_dev_in_list
245 **
246 ** Description Look for the record in the device database for the record
247 ** with specified address
248 **
249 ** Returns Pointer to the record or NULL
250 **
251 *******************************************************************************/
btm_find_sec_dev_in_list(void * p_node_data,void * context)252 BOOLEAN btm_find_sec_dev_in_list (void *p_node_data, void *context)
253 {
254 tBTM_SEC_DEV_REC *p_sec_dev = (tBTM_SEC_DEV_REC *)p_node_data;
255 BOOLEAN ret = TRUE;
256 BOOLEAN dev_free = !(p_sec_dev->sec_flags & BTM_SEC_IN_USE);
257 tSecDevContext *p_context = (tSecDevContext *)context;
258
259 if (dev_free == p_context->free_check) {
260 switch (p_context->type) {
261 case SEC_DEV_BDA:
262 if (!memcmp(p_context->context.p_bd_addr, p_sec_dev->bd_addr, BD_ADDR_LEN)) {
263 ret = FALSE;
264 }
265 break;
266 case SEC_DEV_HDL:
267 if (p_context->context.handle == p_sec_dev->hci_handle
268 #if BLE_INCLUDED == TRUE
269 || (p_context->context.handle == p_sec_dev->ble_hci_handle)
270 #endif
271 ) {
272 ret = FALSE;
273 }
274 break;
275 #if BLE_PRIVACY_SPT == TRUE
276 case SEC_DEV_ID_ADDR:
277 if (!memcmp(p_context->context.p_bd_addr, p_sec_dev->ble.static_addr, BD_ADDR_LEN)) {
278 ret = FALSE;
279 }
280 break;
281 #endif //BLE_PRIVACY_SPT == TRUE
282 case SEC_DEV_BTDM_BDA:
283 if (!memcmp(p_context->context.p_bd_addr, p_sec_dev->bd_addr, BD_ADDR_LEN)) {
284 ret = FALSE;
285 }
286 #if BLE_INCLUDED == TRUE
287 // If a LE random address is looking for device record
288 if (!memcmp(p_sec_dev->ble.pseudo_addr, p_context->context.p_bd_addr, BD_ADDR_LEN)) {
289 ret = FALSE;
290 }
291
292 if (btm_ble_addr_resolvable(p_context->context.p_bd_addr, p_sec_dev)) {
293 ret = FALSE;
294 }
295 #endif
296 break;
297 default:
298 break;
299 }
300 }
301 return ret;
302 }
303
304 /*******************************************************************************
305 **
306 ** Function btm_sec_alloc_dev
307 **
308 ** Description Look for the record in the device database for the record
309 ** with specified address
310 **
311 ** Returns Pointer to the record or NULL
312 **
313 *******************************************************************************/
btm_sec_alloc_dev(BD_ADDR bd_addr)314 tBTM_SEC_DEV_REC *btm_sec_alloc_dev (BD_ADDR bd_addr)
315 {
316 tBTM_SEC_DEV_REC *p_dev_rec = NULL;
317 tBTM_SEC_DEV_REC *p_dev_new_rec = NULL;
318 tBTM_SEC_DEV_REC *p_dev_old_rec = NULL;
319 tBTM_INQ_INFO *p_inq_info;
320 list_node_t *p_node = NULL;
321 BOOLEAN new_entry_found = FALSE;
322 BOOLEAN old_entry_found = FALSE;
323 BOOLEAN malloc_new_entry = FALSE;
324 BTM_TRACE_EVENT ("btm_sec_alloc_dev\n");
325 for (p_node = list_begin(btm_cb.p_sec_dev_rec_list); p_node; p_node = list_next(p_node)) {
326 p_dev_old_rec = list_node(p_node);
327 /* look for old entry which match the bd_addr and the BTM_SEC_IN_USE is cleared */
328 if (!(p_dev_old_rec->sec_flags & BTM_SEC_IN_USE) &&
329 (!memcmp (p_dev_old_rec->bd_addr, bd_addr, BD_ADDR_LEN))) {
330 old_entry_found = TRUE;
331 BTM_TRACE_EVENT ("btm_sec_alloc_dev old device found\n");
332 break;
333 }
334 }
335 for (p_node = list_begin(btm_cb.p_sec_dev_rec_list); p_node; p_node = list_next(p_node)) {
336 p_dev_new_rec = list_node(p_node);
337 /* find the first entry whose BTM_SEC_IN_USE is cleared */
338 if (!(p_dev_new_rec->sec_flags & BTM_SEC_IN_USE)) {
339 new_entry_found = TRUE;
340 break;
341 }
342 }
343 if (!new_entry_found) {
344 /* We can not find new device. We need malloc a new one if p_sec_dev_rec_list is not full */
345 if (list_length(btm_cb.p_sec_dev_rec_list) < BTM_SEC_MAX_DEVICE_RECORDS){
346 p_dev_new_rec = (tBTM_SEC_DEV_REC *)osi_malloc(sizeof(tBTM_SEC_DEV_REC));
347 if (p_dev_new_rec) {
348 new_entry_found = TRUE;
349 malloc_new_entry = TRUE;
350 } else {
351 return NULL;
352 }
353 }
354 }
355 if (!new_entry_found) {
356 p_dev_rec = btm_find_oldest_dev();
357 } else {
358 /* if the old device entry not present go with new entry */
359 if (old_entry_found) {
360 p_dev_rec = p_dev_old_rec;
361 if (malloc_new_entry) {
362 osi_free(p_dev_new_rec);
363 }
364 } else {
365 if (malloc_new_entry) {
366 list_append(btm_cb.p_sec_dev_rec_list, p_dev_new_rec);
367 }
368 p_dev_rec = p_dev_new_rec;
369 }
370 }
371 memset (p_dev_rec, 0, sizeof (tBTM_SEC_DEV_REC));
372
373 p_dev_rec->bond_type = BOND_TYPE_UNKNOWN; /* Default value */
374 p_dev_rec->sec_flags = BTM_SEC_IN_USE;
375
376 /* Check with the BT manager if details about remote device are known */
377 /* outgoing connection */
378 if ((p_inq_info = BTM_InqDbRead(bd_addr)) != NULL) {
379 memcpy (p_dev_rec->dev_class, p_inq_info->results.dev_class, DEV_CLASS_LEN);
380
381 #if BLE_INCLUDED == TRUE
382 p_dev_rec->device_type = p_inq_info->results.device_type;
383 p_dev_rec->ble.ble_addr_type = p_inq_info->results.ble_addr_type;
384
385 /* update conn params, use default value for background connection params */
386 memset(&p_dev_rec->conn_params, 0xff, sizeof(tBTM_LE_CONN_PRAMS));
387 #endif
388 } else {
389 #if BLE_INCLUDED == TRUE
390 /* update conn params, use default value for background connection params */
391 memset(&p_dev_rec->conn_params, 0xff, sizeof(tBTM_LE_CONN_PRAMS));
392 #endif
393
394 if (!memcmp (bd_addr, btm_cb.connecting_bda, BD_ADDR_LEN)) {
395 memcpy (p_dev_rec->dev_class, btm_cb.connecting_dc, DEV_CLASS_LEN);
396 }
397 }
398
399 memcpy (p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN);
400
401 #if BLE_INCLUDED == TRUE
402 p_dev_rec->ble_hci_handle = BTM_GetHCIConnHandle (bd_addr, BT_TRANSPORT_LE);
403 #endif
404 p_dev_rec->hci_handle = BTM_GetHCIConnHandle (bd_addr, BT_TRANSPORT_BR_EDR);
405 p_dev_rec->timestamp = btm_cb.dev_rec_count++;
406
407 return (p_dev_rec);
408 }
409
410
411 /*******************************************************************************
412 **
413 ** Function btm_sec_free_dev
414 **
415 ** Description Mark device record as not used
416 **
417 *******************************************************************************/
btm_sec_free_dev(tBTM_SEC_DEV_REC * p_dev_rec,tBT_TRANSPORT transport)418 void btm_sec_free_dev (tBTM_SEC_DEV_REC *p_dev_rec, tBT_TRANSPORT transport)
419 {
420 if (transport == BT_TRANSPORT_BR_EDR) {
421 memset(p_dev_rec->link_key, 0, LINK_KEY_LEN);
422 p_dev_rec->sec_flags &= ~(BTM_SEC_AUTHORIZED | BTM_SEC_AUTHENTICATED
423 | BTM_SEC_ENCRYPTED | BTM_SEC_NAME_KNOWN
424 | BTM_SEC_LINK_KEY_KNOWN | BTM_SEC_LINK_KEY_AUTHED
425 | BTM_SEC_ROLE_SWITCHED | BTM_SEC_16_DIGIT_PIN_AUTHED);
426 } else if (transport == BT_TRANSPORT_LE) {
427 p_dev_rec->bond_type = BOND_TYPE_UNKNOWN;
428 p_dev_rec->sec_flags &= ~(BTM_SEC_LE_AUTHENTICATED | BTM_SEC_LE_ENCRYPTED
429 | BTM_SEC_LE_NAME_KNOWN | BTM_SEC_LE_LINK_KEY_KNOWN
430 | BTM_SEC_LE_LINK_KEY_AUTHED | BTM_SEC_ROLE_SWITCHED);
431 #if BLE_INCLUDED == TRUE
432 /* Clear out any saved BLE keys */
433 btm_sec_clear_ble_keys (p_dev_rec);
434 #endif
435 } else {
436 p_dev_rec->bond_type = BOND_TYPE_UNKNOWN;
437 memset(p_dev_rec->link_key, 0, LINK_KEY_LEN);
438 p_dev_rec->sec_flags = 0;
439
440 #if BLE_INCLUDED == TRUE
441 /* Clear out any saved BLE keys */
442 btm_sec_clear_ble_keys (p_dev_rec);
443 #endif
444 }
445 /* No BLE keys and BT keys, clear the sec_flags */
446 if(p_dev_rec->sec_flags == BTM_SEC_IN_USE) {
447 p_dev_rec->sec_flags = 0;
448 }
449 list_remove(btm_cb.p_sec_dev_rec_list, p_dev_rec);
450 }
451
452 /*******************************************************************************
453 **
454 ** Function btm_dev_support_switch
455 **
456 ** Description This function is called by the L2CAP to check if remote
457 ** device supports role switch
458 **
459 ** Parameters: bd_addr - Address of the peer device
460 **
461 ** Returns TRUE if device is known and role switch is supported
462 **
463 *******************************************************************************/
btm_dev_support_switch(BD_ADDR bd_addr)464 BOOLEAN btm_dev_support_switch (BD_ADDR bd_addr)
465 {
466 tBTM_SEC_DEV_REC *p_dev_rec;
467 UINT8 xx;
468 BOOLEAN feature_empty = TRUE;
469
470 #if BTM_SCO_INCLUDED == TRUE
471 /* Role switch is not allowed if a SCO is up */
472 if (btm_is_sco_active_by_bdaddr(bd_addr)) {
473 return (FALSE);
474 }
475 #endif
476 p_dev_rec = btm_find_dev (bd_addr);
477 if (p_dev_rec && controller_get_interface()->supports_master_slave_role_switch()) {
478 if (HCI_SWITCH_SUPPORTED(p_dev_rec->features[HCI_EXT_FEATURES_PAGE_0])) {
479 BTM_TRACE_DEBUG("btm_dev_support_switch return TRUE (feature found)\n");
480 return (TRUE);
481 }
482
483 /* If the feature field is all zero, we never received them */
484 for (xx = 0 ; xx < BD_FEATURES_LEN ; xx++) {
485 if (p_dev_rec->features[HCI_EXT_FEATURES_PAGE_0][xx] != 0x00) {
486 feature_empty = FALSE; /* at least one is != 0 */
487 break;
488 }
489 }
490
491 /* If we don't know peer's capabilities, assume it supports Role-switch */
492 if (feature_empty) {
493 BTM_TRACE_DEBUG("btm_dev_support_switch return TRUE (feature empty)\n");
494 return (TRUE);
495 }
496 }
497
498 BTM_TRACE_DEBUG("btm_dev_support_switch return FALSE\n");
499 return (FALSE);
500 }
501
502 /*******************************************************************************
503 **
504 ** Function btm_find_dev_by_handle
505 **
506 ** Description Look for the record in the device database for the record
507 ** with specified handle
508 **
509 ** Returns Pointer to the record or NULL
510 **
511 *******************************************************************************/
btm_find_dev_by_handle(UINT16 handle)512 tBTM_SEC_DEV_REC *btm_find_dev_by_handle (UINT16 handle)
513 {
514 tBTM_SEC_DEV_REC *p_dev_rec = NULL;
515 list_node_t *p_node = NULL;
516 tSecDevContext context;
517 context.type = SEC_DEV_HDL;
518 context.context.handle = handle;
519 context.free_check = FALSE;
520
521 p_node = list_foreach(btm_cb.p_sec_dev_rec_list, btm_find_sec_dev_in_list, &context);
522 if (p_node) {
523 p_dev_rec = list_node(p_node);
524 }
525 return (p_dev_rec);
526 }
527 /*******************************************************************************
528 **
529 ** Function btm_find_dev
530 **
531 ** Description Look for the record in the device database for the record
532 ** with specified BD address
533 **
534 ** Returns Pointer to the record or NULL
535 **
536 *******************************************************************************/
btm_find_dev(BD_ADDR bd_addr)537 tBTM_SEC_DEV_REC *btm_find_dev(BD_ADDR bd_addr)
538 {
539 if(bd_addr) {
540 list_node_t *p_node = NULL;
541 tSecDevContext context;
542 context.type = SEC_DEV_BTDM_BDA;
543 context.context.p_bd_addr = bd_addr;
544 context.free_check = FALSE;
545 p_node = list_foreach(btm_cb.p_sec_dev_rec_list, btm_find_sec_dev_in_list, &context);
546 if (p_node) {
547 return(list_node(p_node));
548 }
549 }
550 return (NULL);
551 }
552 /*******************************************************************************
553 **
554 ** Function btm_consolidate_dev
555 **
556 ** Description combine security records if identified as same peer
557 **
558 ** Returns none
559 **
560 *******************************************************************************/
btm_consolidate_dev(tBTM_SEC_DEV_REC * p_target_rec)561 void btm_consolidate_dev(tBTM_SEC_DEV_REC *p_target_rec)
562 {
563 #if BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE
564 tBTM_SEC_DEV_REC *p_dev_rec = NULL;
565 tBTM_SEC_DEV_REC temp_rec = *p_target_rec;
566 list_node_t *p_node = NULL;
567 BTM_TRACE_DEBUG("%s\n", __func__);
568
569 for (p_node = list_begin(btm_cb.p_sec_dev_rec_list); p_node; p_node = list_next(p_node)) {
570 p_dev_rec = list_node(p_node);
571 if (p_target_rec != p_dev_rec && p_dev_rec->sec_flags & BTM_SEC_IN_USE) {
572 if (!memcmp (p_dev_rec->bd_addr, p_target_rec->bd_addr, BD_ADDR_LEN)) {
573 memcpy(p_target_rec, p_dev_rec, sizeof(tBTM_SEC_DEV_REC));
574 p_target_rec->ble = temp_rec.ble;
575 p_target_rec->ble_hci_handle = temp_rec.ble_hci_handle;
576 p_target_rec->enc_key_size = temp_rec.enc_key_size;
577 p_target_rec->conn_params = temp_rec.conn_params;
578 p_target_rec->device_type |= temp_rec.device_type;
579 p_target_rec->sec_flags |= temp_rec.sec_flags;
580
581 p_target_rec->new_encryption_key_is_p256 = temp_rec.new_encryption_key_is_p256;
582 p_target_rec->no_smp_on_br = temp_rec.no_smp_on_br;
583 p_target_rec->bond_type = temp_rec.bond_type;
584 /* Remove the unused device from the list */
585 list_remove(btm_cb.p_sec_dev_rec_list, p_dev_rec);
586 break;
587 }
588
589 /* an RPA device entry is a duplicate of the target record */
590 if (btm_ble_addr_resolvable(p_dev_rec->bd_addr, p_target_rec)) {
591 if (memcmp(p_target_rec->ble.pseudo_addr, p_dev_rec->bd_addr, BD_ADDR_LEN) == 0) {
592 p_target_rec->ble.ble_addr_type = p_dev_rec->ble.ble_addr_type;
593 p_target_rec->device_type |= p_dev_rec->device_type;
594 /* Remove the unused device from the list */
595 list_remove(btm_cb.p_sec_dev_rec_list, p_dev_rec);
596 }
597 break;
598 }
599 }
600 }
601 #endif
602 }
603
604 /*******************************************************************************
605 **
606 ** Function btm_find_or_alloc_dev
607 **
608 ** Description Look for the record in the device database for the record
609 ** with specified BD address
610 **
611 ** Returns Pointer to the record or NULL
612 **
613 *******************************************************************************/
btm_find_or_alloc_dev(BD_ADDR bd_addr)614 tBTM_SEC_DEV_REC *btm_find_or_alloc_dev (BD_ADDR bd_addr)
615 {
616 tBTM_SEC_DEV_REC *p_dev_rec;
617 BTM_TRACE_EVENT ("btm_find_or_alloc_dev\n");
618 if ((p_dev_rec = btm_find_dev (bd_addr)) == NULL) {
619
620 /* Allocate a new device record or reuse the oldest one */
621 p_dev_rec = btm_sec_alloc_dev (bd_addr);
622 }
623 return (p_dev_rec);
624 }
625
626 /*******************************************************************************
627 **
628 ** Function btm_find_oldest_dev
629 **
630 ** Description Locates the oldest device in use. It first looks for
631 ** the oldest non-paired device. If all devices are paired it
632 ** deletes the oldest paired device.
633 **
634 ** Returns Pointer to the record or NULL
635 **
636 *******************************************************************************/
btm_find_oldest_dev(void)637 tBTM_SEC_DEV_REC *btm_find_oldest_dev (void)
638 {
639 tBTM_SEC_DEV_REC *p_dev_rec = NULL;
640 tBTM_SEC_DEV_REC *p_oldest = NULL;
641 list_node_t *p_node = NULL;
642 UINT32 ot = 0xFFFFFFFF;
643
644 /* First look for the non-paired devices for the oldest entry */
645 for (p_node = list_begin(btm_cb.p_sec_dev_rec_list); p_node; p_node = list_next(p_node)) {
646 p_dev_rec = list_node(p_node);
647 if (((p_dev_rec->sec_flags & BTM_SEC_IN_USE) == 0)
648 || ((p_dev_rec->sec_flags & (BTM_SEC_LINK_KEY_KNOWN | BTM_SEC_LE_LINK_KEY_KNOWN)) != 0)) {
649 continue; /* Device is paired so skip it */
650 }
651
652 if (p_dev_rec->timestamp < ot) {
653 p_oldest = p_dev_rec;
654 ot = p_dev_rec->timestamp;
655 }
656 }
657
658 if (ot != 0xFFFFFFFF) {
659 return (p_oldest);
660 }
661
662 /* All devices are paired; find the oldest */
663 for (p_node = list_begin(btm_cb.p_sec_dev_rec_list); p_node; p_node = list_next(p_node)) {
664 if ((p_dev_rec->sec_flags & BTM_SEC_IN_USE) == 0) {
665 continue;
666 }
667
668 if (p_dev_rec->timestamp < ot) {
669 p_oldest = p_dev_rec;
670 ot = p_dev_rec->timestamp;
671 }
672 }
673 return (p_oldest);
674 }
675 /*******************************************************************************
676 **
677 ** Function btm_get_bond_type_dev
678 **
679 ** Description Get the bond type for a device in the device database
680 ** with specified BD address
681 **
682 ** Returns The device bond type if known, otherwise BOND_TYPE_UNKNOWN
683 **
684 *******************************************************************************/
btm_get_bond_type_dev(BD_ADDR bd_addr)685 tBTM_BOND_TYPE btm_get_bond_type_dev(BD_ADDR bd_addr)
686 {
687 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bd_addr);
688
689 if (p_dev_rec == NULL) {
690 return BOND_TYPE_UNKNOWN;
691 }
692
693 return p_dev_rec->bond_type;
694 }
695
696 /*******************************************************************************
697 **
698 ** Function btm_set_bond_type_dev
699 **
700 ** Description Set the bond type for a device in the device database
701 ** with specified BD address
702 **
703 ** Returns TRUE on success, otherwise FALSE
704 **
705 *******************************************************************************/
btm_set_bond_type_dev(BD_ADDR bd_addr,tBTM_BOND_TYPE bond_type)706 BOOLEAN btm_set_bond_type_dev(BD_ADDR bd_addr, tBTM_BOND_TYPE bond_type)
707 {
708 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bd_addr);
709
710 if (p_dev_rec == NULL) {
711 return FALSE;
712 }
713
714 p_dev_rec->bond_type = bond_type;
715 return TRUE;
716 }
717
718 /*******************************************************************************
719 **
720 ** Function btm_sec_dev_init
721 **
722 ** Description Create new linked list for dynamic allocation on sec_dev_rec
723 **
724 *******************************************************************************/
btm_sec_dev_init(void)725 void btm_sec_dev_init(void)
726 {
727 btm_cb.p_sec_dev_rec_list = list_new(osi_free_func);
728 }
729
730 /*******************************************************************************
731 **
732 ** Function btm_sec_dev_free
733 **
734 ** Description Delete sec_dev_rec list when btm_cb is being released
735 **
736 *******************************************************************************/
btm_sec_dev_free(void)737 void btm_sec_dev_free(void)
738 {
739 list_free(btm_cb.p_sec_dev_rec_list);
740 }
741
