1 /*
2 * Copyright (c) 2017-2021 Nordic Semiconductor ASA
3 * Copyright (c) 2015-2016 Intel Corporation
4 *
5 * SPDX-License-Identifier: Apache-2.0
6 */
7
8 #include <sys/byteorder.h>
9
10
11 #include <bluetooth/bluetooth.h>
12 #include <bluetooth/hci.h>
13 #include <bluetooth/buf.h>
14
15 #define BT_DBG_ENABLED IS_ENABLED(CONFIG_BT_DEBUG_HCI_CORE)
16 #define LOG_MODULE_NAME bt_br
17 #include "common/log.h"
18
19 #include "hci_core.h"
20 #include "conn_internal.h"
21 #include "keys.h"
22
23 static bt_br_discovery_cb_t *discovery_cb;
24 struct bt_br_discovery_result *discovery_results;
25 static size_t discovery_results_size;
26 static size_t discovery_results_count;
27
reject_conn(const bt_addr_t * bdaddr,uint8_t reason)28 static int reject_conn(const bt_addr_t *bdaddr, uint8_t reason)
29 {
30 struct bt_hci_cp_reject_conn_req *cp;
31 struct net_buf *buf;
32 int err;
33
34 buf = bt_hci_cmd_create(BT_HCI_OP_REJECT_CONN_REQ, sizeof(*cp));
35 if (!buf) {
36 return -ENOBUFS;
37 }
38
39 cp = net_buf_add(buf, sizeof(*cp));
40 bt_addr_copy(&cp->bdaddr, bdaddr);
41 cp->reason = reason;
42
43 err = bt_hci_cmd_send_sync(BT_HCI_OP_REJECT_CONN_REQ, buf, NULL);
44 if (err) {
45 return err;
46 }
47
48 return 0;
49 }
50
accept_sco_conn(const bt_addr_t * bdaddr,struct bt_conn * sco_conn)51 static int accept_sco_conn(const bt_addr_t *bdaddr, struct bt_conn *sco_conn)
52 {
53 struct bt_hci_cp_accept_sync_conn_req *cp;
54 struct net_buf *buf;
55 int err;
56
57 buf = bt_hci_cmd_create(BT_HCI_OP_ACCEPT_SYNC_CONN_REQ, sizeof(*cp));
58 if (!buf) {
59 return -ENOBUFS;
60 }
61
62 cp = net_buf_add(buf, sizeof(*cp));
63 bt_addr_copy(&cp->bdaddr, bdaddr);
64 cp->pkt_type = sco_conn->sco.pkt_type;
65 cp->tx_bandwidth = 0x00001f40;
66 cp->rx_bandwidth = 0x00001f40;
67 cp->max_latency = 0x0007;
68 cp->retrans_effort = 0x01;
69 cp->content_format = BT_VOICE_CVSD_16BIT;
70
71 err = bt_hci_cmd_send_sync(BT_HCI_OP_ACCEPT_SYNC_CONN_REQ, buf, NULL);
72 if (err) {
73 return err;
74 }
75
76 return 0;
77 }
78
accept_conn(const bt_addr_t * bdaddr)79 static int accept_conn(const bt_addr_t *bdaddr)
80 {
81 struct bt_hci_cp_accept_conn_req *cp;
82 struct net_buf *buf;
83 int err;
84
85 buf = bt_hci_cmd_create(BT_HCI_OP_ACCEPT_CONN_REQ, sizeof(*cp));
86 if (!buf) {
87 return -ENOBUFS;
88 }
89
90 cp = net_buf_add(buf, sizeof(*cp));
91 bt_addr_copy(&cp->bdaddr, bdaddr);
92 cp->role = BT_HCI_ROLE_PERIPHERAL;
93
94 err = bt_hci_cmd_send_sync(BT_HCI_OP_ACCEPT_CONN_REQ, buf, NULL);
95 if (err) {
96 return err;
97 }
98
99 return 0;
100 }
101
bt_esco_conn_req(struct bt_hci_evt_conn_request * evt)102 static void bt_esco_conn_req(struct bt_hci_evt_conn_request *evt)
103 {
104 struct bt_conn *sco_conn;
105
106 sco_conn = bt_conn_add_sco(&evt->bdaddr, evt->link_type);
107 if (!sco_conn) {
108 reject_conn(&evt->bdaddr, BT_HCI_ERR_INSUFFICIENT_RESOURCES);
109 return;
110 }
111
112 if (accept_sco_conn(&evt->bdaddr, sco_conn)) {
113 BT_ERR("Error accepting connection from %s",
114 bt_addr_str(&evt->bdaddr));
115 reject_conn(&evt->bdaddr, BT_HCI_ERR_UNSPECIFIED);
116 bt_sco_cleanup(sco_conn);
117 return;
118 }
119
120 sco_conn->role = BT_HCI_ROLE_PERIPHERAL;
121 bt_conn_set_state(sco_conn, BT_CONN_CONNECT);
122 bt_conn_unref(sco_conn);
123 }
124
bt_hci_conn_req(struct net_buf * buf)125 void bt_hci_conn_req(struct net_buf *buf)
126 {
127 struct bt_hci_evt_conn_request *evt = (void *)buf->data;
128 struct bt_conn *conn;
129
130 BT_DBG("conn req from %s, type 0x%02x", bt_addr_str(&evt->bdaddr),
131 evt->link_type);
132
133 if (evt->link_type != BT_HCI_ACL) {
134 bt_esco_conn_req(evt);
135 return;
136 }
137
138 conn = bt_conn_add_br(&evt->bdaddr);
139 if (!conn) {
140 reject_conn(&evt->bdaddr, BT_HCI_ERR_INSUFFICIENT_RESOURCES);
141 return;
142 }
143
144 accept_conn(&evt->bdaddr);
145 conn->role = BT_HCI_ROLE_PERIPHERAL;
146 bt_conn_set_state(conn, BT_CONN_CONNECT);
147 bt_conn_unref(conn);
148 }
149
br_sufficient_key_size(struct bt_conn * conn)150 static bool br_sufficient_key_size(struct bt_conn *conn)
151 {
152 struct bt_hci_cp_read_encryption_key_size *cp;
153 struct bt_hci_rp_read_encryption_key_size *rp;
154 struct net_buf *buf, *rsp;
155 uint8_t key_size;
156 int err;
157
158 buf = bt_hci_cmd_create(BT_HCI_OP_READ_ENCRYPTION_KEY_SIZE,
159 sizeof(*cp));
160 if (!buf) {
161 BT_ERR("Failed to allocate command buffer");
162 return false;
163 }
164
165 cp = net_buf_add(buf, sizeof(*cp));
166 cp->handle = sys_cpu_to_le16(conn->handle);
167
168 err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_ENCRYPTION_KEY_SIZE,
169 buf, &rsp);
170 if (err) {
171 BT_ERR("Failed to read encryption key size (err %d)", err);
172 return false;
173 }
174
175 if (rsp->len < sizeof(*rp)) {
176 BT_ERR("Too small command complete for encryption key size");
177 net_buf_unref(rsp);
178 return false;
179 }
180
181 rp = (void *)rsp->data;
182 key_size = rp->key_size;
183 net_buf_unref(rsp);
184
185 BT_DBG("Encryption key size is %u", key_size);
186
187 if (conn->sec_level == BT_SECURITY_L4) {
188 return key_size == BT_HCI_ENCRYPTION_KEY_SIZE_MAX;
189 }
190
191 return key_size >= BT_HCI_ENCRYPTION_KEY_SIZE_MIN;
192 }
193
bt_br_update_sec_level(struct bt_conn * conn)194 bool bt_br_update_sec_level(struct bt_conn *conn)
195 {
196 if (!conn->encrypt) {
197 conn->sec_level = BT_SECURITY_L1;
198 return true;
199 }
200
201 if (conn->br.link_key) {
202 if (conn->br.link_key->flags & BT_LINK_KEY_AUTHENTICATED) {
203 if (conn->encrypt == 0x02) {
204 conn->sec_level = BT_SECURITY_L4;
205 } else {
206 conn->sec_level = BT_SECURITY_L3;
207 }
208 } else {
209 conn->sec_level = BT_SECURITY_L2;
210 }
211 } else {
212 BT_WARN("No BR/EDR link key found");
213 conn->sec_level = BT_SECURITY_L2;
214 }
215
216 if (!br_sufficient_key_size(conn)) {
217 BT_ERR("Encryption key size is not sufficient");
218 bt_conn_disconnect(conn, BT_HCI_ERR_AUTH_FAIL);
219 return false;
220 }
221
222 if (conn->required_sec_level > conn->sec_level) {
223 BT_ERR("Failed to set required security level");
224 bt_conn_disconnect(conn, BT_HCI_ERR_AUTH_FAIL);
225 return false;
226 }
227
228 return true;
229 }
230
bt_hci_synchronous_conn_complete(struct net_buf * buf)231 void bt_hci_synchronous_conn_complete(struct net_buf *buf)
232 {
233 struct bt_hci_evt_sync_conn_complete *evt = (void *)buf->data;
234 struct bt_conn *sco_conn;
235 uint16_t handle = sys_le16_to_cpu(evt->handle);
236
237 BT_DBG("status 0x%02x, handle %u, type 0x%02x", evt->status, handle,
238 evt->link_type);
239
240 sco_conn = bt_conn_lookup_addr_sco(&evt->bdaddr);
241 if (!sco_conn) {
242 BT_ERR("Unable to find conn for %s", bt_addr_str(&evt->bdaddr));
243 return;
244 }
245
246 if (evt->status) {
247 sco_conn->err = evt->status;
248 bt_conn_set_state(sco_conn, BT_CONN_DISCONNECTED);
249 bt_conn_unref(sco_conn);
250 return;
251 }
252
253 sco_conn->handle = handle;
254 bt_conn_set_state(sco_conn, BT_CONN_CONNECTED);
255 bt_conn_unref(sco_conn);
256 }
257
bt_hci_conn_complete(struct net_buf * buf)258 void bt_hci_conn_complete(struct net_buf *buf)
259 {
260 struct bt_hci_evt_conn_complete *evt = (void *)buf->data;
261 struct bt_conn *conn;
262 struct bt_hci_cp_read_remote_features *cp;
263 uint16_t handle = sys_le16_to_cpu(evt->handle);
264
265 BT_DBG("status 0x%02x, handle %u, type 0x%02x", evt->status, handle,
266 evt->link_type);
267
268 conn = bt_conn_lookup_addr_br(&evt->bdaddr);
269 if (!conn) {
270 BT_ERR("Unable to find conn for %s", bt_addr_str(&evt->bdaddr));
271 return;
272 }
273
274 if (evt->status) {
275 conn->err = evt->status;
276 bt_conn_set_state(conn, BT_CONN_DISCONNECTED);
277 bt_conn_unref(conn);
278 return;
279 }
280
281 conn->handle = handle;
282 conn->err = 0U;
283 conn->encrypt = evt->encr_enabled;
284
285 if (!bt_br_update_sec_level(conn)) {
286 bt_conn_unref(conn);
287 return;
288 }
289
290 bt_conn_set_state(conn, BT_CONN_CONNECTED);
291 bt_conn_unref(conn);
292
293 buf = bt_hci_cmd_create(BT_HCI_OP_READ_REMOTE_FEATURES, sizeof(*cp));
294 if (!buf) {
295 return;
296 }
297
298 cp = net_buf_add(buf, sizeof(*cp));
299 cp->handle = evt->handle;
300
301 bt_hci_cmd_send_sync(BT_HCI_OP_READ_REMOTE_FEATURES, buf, NULL);
302 }
303
304 struct discovery_priv {
305 uint16_t clock_offset;
306 uint8_t pscan_rep_mode;
307 uint8_t resolving;
308 } __packed;
309
request_name(const bt_addr_t * addr,uint8_t pscan,uint16_t offset)310 static int request_name(const bt_addr_t *addr, uint8_t pscan, uint16_t offset)
311 {
312 struct bt_hci_cp_remote_name_request *cp;
313 struct net_buf *buf;
314
315 buf = bt_hci_cmd_create(BT_HCI_OP_REMOTE_NAME_REQUEST, sizeof(*cp));
316 if (!buf) {
317 return -ENOBUFS;
318 }
319
320 cp = net_buf_add(buf, sizeof(*cp));
321
322 bt_addr_copy(&cp->bdaddr, addr);
323 cp->pscan_rep_mode = pscan;
324 cp->reserved = 0x00; /* reserver, should be set to 0x00 */
325 cp->clock_offset = offset;
326
327 return bt_hci_cmd_send_sync(BT_HCI_OP_REMOTE_NAME_REQUEST, buf, NULL);
328 }
329
330 #define EIR_SHORT_NAME 0x08
331 #define EIR_COMPLETE_NAME 0x09
332
eir_has_name(const uint8_t * eir)333 static bool eir_has_name(const uint8_t *eir)
334 {
335 int len = 240;
336
337 while (len) {
338 if (len < 2) {
339 break;
340 }
341
342 /* Look for early termination */
343 if (!eir[0]) {
344 break;
345 }
346
347 /* Check if field length is correct */
348 if (eir[0] > len - 1) {
349 break;
350 }
351
352 switch (eir[1]) {
353 case EIR_SHORT_NAME:
354 case EIR_COMPLETE_NAME:
355 if (eir[0] > 1) {
356 return true;
357 }
358 break;
359 default:
360 break;
361 }
362
363 /* Parse next AD Structure */
364 len -= eir[0] + 1;
365 eir += eir[0] + 1;
366 }
367
368 return false;
369 }
370
bt_br_discovery_reset(void)371 void bt_br_discovery_reset(void)
372 {
373 discovery_cb = NULL;
374 discovery_results = NULL;
375 discovery_results_size = 0;
376 discovery_results_count = 0;
377 }
378
report_discovery_results(void)379 static void report_discovery_results(void)
380 {
381 bool resolving_names = false;
382 int i;
383
384 for (i = 0; i < discovery_results_count; i++) {
385 struct discovery_priv *priv;
386
387 priv = (struct discovery_priv *)&discovery_results[i]._priv;
388
389 if (eir_has_name(discovery_results[i].eir)) {
390 continue;
391 }
392
393 if (request_name(&discovery_results[i].addr,
394 priv->pscan_rep_mode, priv->clock_offset)) {
395 continue;
396 }
397
398 priv->resolving = 1U;
399 resolving_names = true;
400 }
401
402 if (resolving_names) {
403 return;
404 }
405
406 atomic_clear_bit(bt_dev.flags, BT_DEV_INQUIRY);
407
408 discovery_cb(discovery_results, discovery_results_count);
409 bt_br_discovery_reset();
410 }
411
bt_hci_inquiry_complete(struct net_buf * buf)412 void bt_hci_inquiry_complete(struct net_buf *buf)
413 {
414 struct bt_hci_evt_inquiry_complete *evt = (void *)buf->data;
415
416 if (evt->status) {
417 BT_ERR("Failed to complete inquiry");
418 }
419
420 report_discovery_results();
421 }
422
get_result_slot(const bt_addr_t * addr,int8_t rssi)423 static struct bt_br_discovery_result *get_result_slot(const bt_addr_t *addr,
424 int8_t rssi)
425 {
426 struct bt_br_discovery_result *result = NULL;
427 size_t i;
428
429 /* check if already present in results */
430 for (i = 0; i < discovery_results_count; i++) {
431 if (!bt_addr_cmp(addr, &discovery_results[i].addr)) {
432 return &discovery_results[i];
433 }
434 }
435
436 /* Pick a new slot (if available) */
437 if (discovery_results_count < discovery_results_size) {
438 bt_addr_copy(&discovery_results[discovery_results_count].addr,
439 addr);
440 return &discovery_results[discovery_results_count++];
441 }
442
443 /* ignore if invalid RSSI */
444 if (rssi == 0xff) {
445 return NULL;
446 }
447
448 /*
449 * Pick slot with smallest RSSI that is smaller then passed RSSI
450 * TODO handle TX if present
451 */
452 for (i = 0; i < discovery_results_size; i++) {
453 if (discovery_results[i].rssi > rssi) {
454 continue;
455 }
456
457 if (!result || result->rssi > discovery_results[i].rssi) {
458 result = &discovery_results[i];
459 }
460 }
461
462 if (result) {
463 BT_DBG("Reusing slot (old %s rssi %d dBm)",
464 bt_addr_str(&result->addr), result->rssi);
465
466 bt_addr_copy(&result->addr, addr);
467 }
468
469 return result;
470 }
471
bt_hci_inquiry_result_with_rssi(struct net_buf * buf)472 void bt_hci_inquiry_result_with_rssi(struct net_buf *buf)
473 {
474 uint8_t num_reports = net_buf_pull_u8(buf);
475
476 if (!atomic_test_bit(bt_dev.flags, BT_DEV_INQUIRY)) {
477 return;
478 }
479
480 BT_DBG("number of results: %u", num_reports);
481
482 while (num_reports--) {
483 struct bt_hci_evt_inquiry_result_with_rssi *evt;
484 struct bt_br_discovery_result *result;
485 struct discovery_priv *priv;
486
487 if (buf->len < sizeof(*evt)) {
488 BT_ERR("Unexpected end to buffer");
489 return;
490 }
491
492 evt = net_buf_pull_mem(buf, sizeof(*evt));
493 BT_DBG("%s rssi %d dBm", bt_addr_str(&evt->addr), evt->rssi);
494
495 result = get_result_slot(&evt->addr, evt->rssi);
496 if (!result) {
497 return;
498 }
499
500 priv = (struct discovery_priv *)&result->_priv;
501 priv->pscan_rep_mode = evt->pscan_rep_mode;
502 priv->clock_offset = evt->clock_offset;
503
504 memcpy(result->cod, evt->cod, 3);
505 result->rssi = evt->rssi;
506
507 /* we could reuse slot so make sure EIR is cleared */
508 (void)memset(result->eir, 0, sizeof(result->eir));
509 }
510 }
511
bt_hci_extended_inquiry_result(struct net_buf * buf)512 void bt_hci_extended_inquiry_result(struct net_buf *buf)
513 {
514 struct bt_hci_evt_extended_inquiry_result *evt = (void *)buf->data;
515 struct bt_br_discovery_result *result;
516 struct discovery_priv *priv;
517
518 if (!atomic_test_bit(bt_dev.flags, BT_DEV_INQUIRY)) {
519 return;
520 }
521
522 BT_DBG("%s rssi %d dBm", bt_addr_str(&evt->addr), evt->rssi);
523
524 result = get_result_slot(&evt->addr, evt->rssi);
525 if (!result) {
526 return;
527 }
528
529 priv = (struct discovery_priv *)&result->_priv;
530 priv->pscan_rep_mode = evt->pscan_rep_mode;
531 priv->clock_offset = evt->clock_offset;
532
533 result->rssi = evt->rssi;
534 memcpy(result->cod, evt->cod, 3);
535 memcpy(result->eir, evt->eir, sizeof(result->eir));
536 }
537
bt_hci_remote_name_request_complete(struct net_buf * buf)538 void bt_hci_remote_name_request_complete(struct net_buf *buf)
539 {
540 struct bt_hci_evt_remote_name_req_complete *evt = (void *)buf->data;
541 struct bt_br_discovery_result *result;
542 struct discovery_priv *priv;
543 int eir_len = 240;
544 uint8_t *eir;
545 int i;
546
547 result = get_result_slot(&evt->bdaddr, 0xff);
548 if (!result) {
549 return;
550 }
551
552 priv = (struct discovery_priv *)&result->_priv;
553 priv->resolving = 0U;
554
555 if (evt->status) {
556 goto check_names;
557 }
558
559 eir = result->eir;
560
561 while (eir_len) {
562 if (eir_len < 2) {
563 break;
564 }
565
566 /* Look for early termination */
567 if (!eir[0]) {
568 size_t name_len;
569
570 eir_len -= 2;
571
572 /* name is null terminated */
573 name_len = strlen((const char *)evt->name);
574
575 if (name_len > eir_len) {
576 eir[0] = eir_len + 1;
577 eir[1] = EIR_SHORT_NAME;
578 } else {
579 eir[0] = name_len + 1;
580 eir[1] = EIR_SHORT_NAME;
581 }
582
583 memcpy(&eir[2], evt->name, eir[0] - 1);
584
585 break;
586 }
587
588 /* Check if field length is correct */
589 if (eir[0] > eir_len - 1) {
590 break;
591 }
592
593 /* next EIR Structure */
594 eir_len -= eir[0] + 1;
595 eir += eir[0] + 1;
596 }
597
598 check_names:
599 /* if still waiting for names */
600 for (i = 0; i < discovery_results_count; i++) {
601 struct discovery_priv *priv;
602
603 priv = (struct discovery_priv *)&discovery_results[i]._priv;
604
605 if (priv->resolving) {
606 return;
607 }
608 }
609
610 /* all names resolved, report discovery results */
611 atomic_clear_bit(bt_dev.flags, BT_DEV_INQUIRY);
612
613 discovery_cb(discovery_results, discovery_results_count);
614
615 }
616
bt_hci_read_remote_features_complete(struct net_buf * buf)617 void bt_hci_read_remote_features_complete(struct net_buf *buf)
618 {
619 struct bt_hci_evt_remote_features *evt = (void *)buf->data;
620 uint16_t handle = sys_le16_to_cpu(evt->handle);
621 struct bt_hci_cp_read_remote_ext_features *cp;
622 struct bt_conn *conn;
623
624 BT_DBG("status 0x%02x handle %u", evt->status, handle);
625
626 conn = bt_conn_lookup_handle(handle);
627 if (!conn) {
628 BT_ERR("Can't find conn for handle %u", handle);
629 return;
630 }
631
632 if (evt->status) {
633 goto done;
634 }
635
636 memcpy(conn->br.features[0], evt->features, sizeof(evt->features));
637
638 if (!BT_FEAT_EXT_FEATURES(conn->br.features)) {
639 goto done;
640 }
641
642 buf = bt_hci_cmd_create(BT_HCI_OP_READ_REMOTE_EXT_FEATURES,
643 sizeof(*cp));
644 if (!buf) {
645 goto done;
646 }
647
648 /* Read remote host features (page 1) */
649 cp = net_buf_add(buf, sizeof(*cp));
650 cp->handle = evt->handle;
651 cp->page = 0x01;
652
653 bt_hci_cmd_send_sync(BT_HCI_OP_READ_REMOTE_EXT_FEATURES, buf, NULL);
654
655 done:
656 bt_conn_unref(conn);
657 }
658
bt_hci_read_remote_ext_features_complete(struct net_buf * buf)659 void bt_hci_read_remote_ext_features_complete(struct net_buf *buf)
660 {
661 struct bt_hci_evt_remote_ext_features *evt = (void *)buf->data;
662 uint16_t handle = sys_le16_to_cpu(evt->handle);
663 struct bt_conn *conn;
664
665 BT_DBG("status 0x%02x handle %u", evt->status, handle);
666
667 conn = bt_conn_lookup_handle(handle);
668 if (!conn) {
669 BT_ERR("Can't find conn for handle %u", handle);
670 return;
671 }
672
673 if (!evt->status && evt->page == 0x01) {
674 memcpy(conn->br.features[1], evt->features,
675 sizeof(conn->br.features[1]));
676 }
677
678 bt_conn_unref(conn);
679 }
680
bt_hci_role_change(struct net_buf * buf)681 void bt_hci_role_change(struct net_buf *buf)
682 {
683 struct bt_hci_evt_role_change *evt = (void *)buf->data;
684 struct bt_conn *conn;
685
686 BT_DBG("status 0x%02x role %u addr %s", evt->status, evt->role,
687 bt_addr_str(&evt->bdaddr));
688
689 if (evt->status) {
690 return;
691 }
692
693 conn = bt_conn_lookup_addr_br(&evt->bdaddr);
694 if (!conn) {
695 BT_ERR("Can't find conn for %s", bt_addr_str(&evt->bdaddr));
696 return;
697 }
698
699 if (evt->role) {
700 conn->role = BT_CONN_ROLE_PERIPHERAL;
701 } else {
702 conn->role = BT_CONN_ROLE_CENTRAL;
703 }
704
705 bt_conn_unref(conn);
706 }
707
read_ext_features(void)708 static int read_ext_features(void)
709 {
710 int i;
711
712 /* Read Local Supported Extended Features */
713 for (i = 1; i < LMP_FEAT_PAGES_COUNT; i++) {
714 struct bt_hci_cp_read_local_ext_features *cp;
715 struct bt_hci_rp_read_local_ext_features *rp;
716 struct net_buf *buf, *rsp;
717 int err;
718
719 buf = bt_hci_cmd_create(BT_HCI_OP_READ_LOCAL_EXT_FEATURES,
720 sizeof(*cp));
721 if (!buf) {
722 return -ENOBUFS;
723 }
724
725 cp = net_buf_add(buf, sizeof(*cp));
726 cp->page = i;
727
728 err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_LOCAL_EXT_FEATURES,
729 buf, &rsp);
730 if (err) {
731 return err;
732 }
733
734 rp = (void *)rsp->data;
735
736 memcpy(&bt_dev.features[i], rp->ext_features,
737 sizeof(bt_dev.features[i]));
738
739 if (rp->max_page <= i) {
740 net_buf_unref(rsp);
741 break;
742 }
743
744 net_buf_unref(rsp);
745 }
746
747 return 0;
748 }
749
device_supported_pkt_type(void)750 void device_supported_pkt_type(void)
751 {
752 /* Device supported features and sco packet types */
753 if (BT_FEAT_HV2_PKT(bt_dev.features)) {
754 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_HV2);
755 }
756
757 if (BT_FEAT_HV3_PKT(bt_dev.features)) {
758 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_HV3);
759 }
760
761 if (BT_FEAT_LMP_ESCO_CAPABLE(bt_dev.features)) {
762 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_EV3);
763 }
764
765 if (BT_FEAT_EV4_PKT(bt_dev.features)) {
766 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_EV4);
767 }
768
769 if (BT_FEAT_EV5_PKT(bt_dev.features)) {
770 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_EV5);
771 }
772
773 if (BT_FEAT_2EV3_PKT(bt_dev.features)) {
774 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_2EV3);
775 }
776
777 if (BT_FEAT_3EV3_PKT(bt_dev.features)) {
778 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_3EV3);
779 }
780
781 if (BT_FEAT_3SLOT_PKT(bt_dev.features)) {
782 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_2EV5 |
783 HCI_PKT_TYPE_ESCO_3EV5);
784 }
785 }
786
read_buffer_size_complete(struct net_buf * buf)787 static void read_buffer_size_complete(struct net_buf *buf)
788 {
789 struct bt_hci_rp_read_buffer_size *rp = (void *)buf->data;
790 uint16_t pkts;
791
792 BT_DBG("status 0x%02x", rp->status);
793
794 bt_dev.br.mtu = sys_le16_to_cpu(rp->acl_max_len);
795 pkts = sys_le16_to_cpu(rp->acl_max_num);
796
797 BT_DBG("ACL BR/EDR buffers: pkts %u mtu %u", pkts, bt_dev.br.mtu);
798
799 k_sem_init(&bt_dev.br.pkts, pkts, pkts);
800 }
801
bt_br_init(void)802 int bt_br_init(void)
803 {
804 struct net_buf *buf;
805 struct bt_hci_cp_write_ssp_mode *ssp_cp;
806 struct bt_hci_cp_write_inquiry_mode *inq_cp;
807 struct bt_hci_write_local_name *name_cp;
808 int err;
809
810 /* Read extended local features */
811 if (BT_FEAT_EXT_FEATURES(bt_dev.features)) {
812 err = read_ext_features();
813 if (err) {
814 return err;
815 }
816 }
817
818 /* Add local supported packet types to bt_dev */
819 device_supported_pkt_type();
820
821 /* Get BR/EDR buffer size */
822 err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_BUFFER_SIZE, NULL, &buf);
823 if (err) {
824 return err;
825 }
826
827 read_buffer_size_complete(buf);
828 net_buf_unref(buf);
829
830 /* Set SSP mode */
831 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_SSP_MODE, sizeof(*ssp_cp));
832 if (!buf) {
833 return -ENOBUFS;
834 }
835
836 ssp_cp = net_buf_add(buf, sizeof(*ssp_cp));
837 ssp_cp->mode = 0x01;
838 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_SSP_MODE, buf, NULL);
839 if (err) {
840 return err;
841 }
842
843 /* Enable Inquiry results with RSSI or extended Inquiry */
844 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_INQUIRY_MODE, sizeof(*inq_cp));
845 if (!buf) {
846 return -ENOBUFS;
847 }
848
849 inq_cp = net_buf_add(buf, sizeof(*inq_cp));
850 inq_cp->mode = 0x02;
851 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_INQUIRY_MODE, buf, NULL);
852 if (err) {
853 return err;
854 }
855
856 /* Set local name */
857 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_LOCAL_NAME, sizeof(*name_cp));
858 if (!buf) {
859 return -ENOBUFS;
860 }
861
862 name_cp = net_buf_add(buf, sizeof(*name_cp));
863 strncpy((char *)name_cp->local_name, CONFIG_BT_DEVICE_NAME,
864 sizeof(name_cp->local_name));
865
866 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_LOCAL_NAME, buf, NULL);
867 if (err) {
868 return err;
869 }
870
871 /* Set page timeout*/
872 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_PAGE_TIMEOUT, sizeof(uint16_t));
873 if (!buf) {
874 return -ENOBUFS;
875 }
876
877 net_buf_add_le16(buf, CONFIG_BT_PAGE_TIMEOUT);
878
879 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_PAGE_TIMEOUT, buf, NULL);
880 if (err) {
881 return err;
882 }
883
884 /* Enable BR/EDR SC if supported */
885 if (BT_FEAT_SC(bt_dev.features)) {
886 struct bt_hci_cp_write_sc_host_supp *sc_cp;
887
888 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_SC_HOST_SUPP,
889 sizeof(*sc_cp));
890 if (!buf) {
891 return -ENOBUFS;
892 }
893
894 sc_cp = net_buf_add(buf, sizeof(*sc_cp));
895 sc_cp->sc_support = 0x01;
896
897 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_SC_HOST_SUPP, buf,
898 NULL);
899 if (err) {
900 return err;
901 }
902 }
903
904 return 0;
905 }
906
br_start_inquiry(const struct bt_br_discovery_param * param)907 static int br_start_inquiry(const struct bt_br_discovery_param *param)
908 {
909 const uint8_t iac[3] = { 0x33, 0x8b, 0x9e };
910 struct bt_hci_op_inquiry *cp;
911 struct net_buf *buf;
912
913 buf = bt_hci_cmd_create(BT_HCI_OP_INQUIRY, sizeof(*cp));
914 if (!buf) {
915 return -ENOBUFS;
916 }
917
918 cp = net_buf_add(buf, sizeof(*cp));
919
920 cp->length = param->length;
921 cp->num_rsp = 0xff; /* we limit discovery only by time */
922
923 memcpy(cp->lap, iac, 3);
924 if (param->limited) {
925 cp->lap[0] = 0x00;
926 }
927
928 return bt_hci_cmd_send_sync(BT_HCI_OP_INQUIRY, buf, NULL);
929 }
930
valid_br_discov_param(const struct bt_br_discovery_param * param,size_t num_results)931 static bool valid_br_discov_param(const struct bt_br_discovery_param *param,
932 size_t num_results)
933 {
934 if (!num_results || num_results > 255) {
935 return false;
936 }
937
938 if (!param->length || param->length > 0x30) {
939 return false;
940 }
941
942 return true;
943 }
944
bt_br_discovery_start(const struct bt_br_discovery_param * param,struct bt_br_discovery_result * results,size_t cnt,bt_br_discovery_cb_t cb)945 int bt_br_discovery_start(const struct bt_br_discovery_param *param,
946 struct bt_br_discovery_result *results, size_t cnt,
947 bt_br_discovery_cb_t cb)
948 {
949 int err;
950
951 BT_DBG("");
952
953 if (!valid_br_discov_param(param, cnt)) {
954 return -EINVAL;
955 }
956
957 if (atomic_test_bit(bt_dev.flags, BT_DEV_INQUIRY)) {
958 return -EALREADY;
959 }
960
961 err = br_start_inquiry(param);
962 if (err) {
963 return err;
964 }
965
966 atomic_set_bit(bt_dev.flags, BT_DEV_INQUIRY);
967
968 (void)memset(results, 0, sizeof(*results) * cnt);
969
970 discovery_cb = cb;
971 discovery_results = results;
972 discovery_results_size = cnt;
973 discovery_results_count = 0;
974
975 return 0;
976 }
977
bt_br_discovery_stop(void)978 int bt_br_discovery_stop(void)
979 {
980 int err;
981 int i;
982
983 BT_DBG("");
984
985 if (!atomic_test_bit(bt_dev.flags, BT_DEV_INQUIRY)) {
986 return -EALREADY;
987 }
988
989 err = bt_hci_cmd_send_sync(BT_HCI_OP_INQUIRY_CANCEL, NULL, NULL);
990 if (err) {
991 return err;
992 }
993
994 for (i = 0; i < discovery_results_count; i++) {
995 struct discovery_priv *priv;
996 struct bt_hci_cp_remote_name_cancel *cp;
997 struct net_buf *buf;
998
999 priv = (struct discovery_priv *)&discovery_results[i]._priv;
1000
1001 if (!priv->resolving) {
1002 continue;
1003 }
1004
1005 buf = bt_hci_cmd_create(BT_HCI_OP_REMOTE_NAME_CANCEL,
1006 sizeof(*cp));
1007 if (!buf) {
1008 continue;
1009 }
1010
1011 cp = net_buf_add(buf, sizeof(*cp));
1012 bt_addr_copy(&cp->bdaddr, &discovery_results[i].addr);
1013
1014 bt_hci_cmd_send_sync(BT_HCI_OP_REMOTE_NAME_CANCEL, buf, NULL);
1015 }
1016
1017 atomic_clear_bit(bt_dev.flags, BT_DEV_INQUIRY);
1018
1019 discovery_cb = NULL;
1020 discovery_results = NULL;
1021 discovery_results_size = 0;
1022 discovery_results_count = 0;
1023
1024 return 0;
1025 }
1026
write_scan_enable(uint8_t scan)1027 static int write_scan_enable(uint8_t scan)
1028 {
1029 struct net_buf *buf;
1030 int err;
1031
1032 BT_DBG("type %u", scan);
1033
1034 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_SCAN_ENABLE, 1);
1035 if (!buf) {
1036 return -ENOBUFS;
1037 }
1038
1039 net_buf_add_u8(buf, scan);
1040 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_SCAN_ENABLE, buf, NULL);
1041 if (err) {
1042 return err;
1043 }
1044
1045 atomic_set_bit_to(bt_dev.flags, BT_DEV_ISCAN,
1046 (scan & BT_BREDR_SCAN_INQUIRY));
1047 atomic_set_bit_to(bt_dev.flags, BT_DEV_PSCAN,
1048 (scan & BT_BREDR_SCAN_PAGE));
1049
1050 return 0;
1051 }
1052
bt_br_set_connectable(bool enable)1053 int bt_br_set_connectable(bool enable)
1054 {
1055 if (enable) {
1056 if (atomic_test_bit(bt_dev.flags, BT_DEV_PSCAN)) {
1057 return -EALREADY;
1058 } else {
1059 return write_scan_enable(BT_BREDR_SCAN_PAGE);
1060 }
1061 } else {
1062 if (!atomic_test_bit(bt_dev.flags, BT_DEV_PSCAN)) {
1063 return -EALREADY;
1064 } else {
1065 return write_scan_enable(BT_BREDR_SCAN_DISABLED);
1066 }
1067 }
1068 }
1069
bt_br_set_discoverable(bool enable)1070 int bt_br_set_discoverable(bool enable)
1071 {
1072 if (enable) {
1073 if (atomic_test_bit(bt_dev.flags, BT_DEV_ISCAN)) {
1074 return -EALREADY;
1075 }
1076
1077 if (!atomic_test_bit(bt_dev.flags, BT_DEV_PSCAN)) {
1078 return -EPERM;
1079 }
1080
1081 return write_scan_enable(BT_BREDR_SCAN_INQUIRY |
1082 BT_BREDR_SCAN_PAGE);
1083 } else {
1084 if (!atomic_test_bit(bt_dev.flags, BT_DEV_ISCAN)) {
1085 return -EALREADY;
1086 }
1087
1088 return write_scan_enable(BT_BREDR_SCAN_PAGE);
1089 }
1090 }
1091
