1 /*
2 * Copyright (c) 2017-2021 Nordic Semiconductor ASA
3 * Copyright (c) 2015-2016 Intel Corporation
4 *
5 * SPDX-License-Identifier: Apache-2.0
6 */
7
8 #include <zephyr/sys/byteorder.h>
9
10
11 #include <zephyr/bluetooth/bluetooth.h>
12 #include <zephyr/bluetooth/hci.h>
13 #include <zephyr/bluetooth/buf.h>
14
15 #include "common/bt_str.h"
16
17 #include "hci_core.h"
18 #include "conn_internal.h"
19 #include "keys.h"
20
21 #define LOG_LEVEL CONFIG_BT_HCI_CORE_LOG_LEVEL
22 #include <zephyr/logging/log.h>
23 LOG_MODULE_REGISTER(bt_br);
24
25 static bt_br_discovery_cb_t *discovery_cb;
26 struct bt_br_discovery_result *discovery_results;
27 static size_t discovery_results_size;
28 static size_t discovery_results_count;
29
reject_conn(const bt_addr_t * bdaddr,uint8_t reason)30 static int reject_conn(const bt_addr_t *bdaddr, uint8_t reason)
31 {
32 struct bt_hci_cp_reject_conn_req *cp;
33 struct net_buf *buf;
34 int err;
35
36 buf = bt_hci_cmd_create(BT_HCI_OP_REJECT_CONN_REQ, sizeof(*cp));
37 if (!buf) {
38 return -ENOBUFS;
39 }
40
41 cp = net_buf_add(buf, sizeof(*cp));
42 bt_addr_copy(&cp->bdaddr, bdaddr);
43 cp->reason = reason;
44
45 err = bt_hci_cmd_send_sync(BT_HCI_OP_REJECT_CONN_REQ, buf, NULL);
46 if (err) {
47 return err;
48 }
49
50 return 0;
51 }
52
accept_sco_conn(const bt_addr_t * bdaddr,struct bt_conn * sco_conn)53 static int accept_sco_conn(const bt_addr_t *bdaddr, struct bt_conn *sco_conn)
54 {
55 struct bt_hci_cp_accept_sync_conn_req *cp;
56 struct net_buf *buf;
57 int err;
58
59 buf = bt_hci_cmd_create(BT_HCI_OP_ACCEPT_SYNC_CONN_REQ, sizeof(*cp));
60 if (!buf) {
61 return -ENOBUFS;
62 }
63
64 cp = net_buf_add(buf, sizeof(*cp));
65 bt_addr_copy(&cp->bdaddr, bdaddr);
66 cp->pkt_type = sco_conn->sco.pkt_type;
67 cp->tx_bandwidth = 0x00001f40;
68 cp->rx_bandwidth = 0x00001f40;
69 cp->max_latency = 0x0007;
70 cp->retrans_effort = 0x01;
71 cp->content_format = BT_VOICE_CVSD_16BIT;
72
73 err = bt_hci_cmd_send_sync(BT_HCI_OP_ACCEPT_SYNC_CONN_REQ, buf, NULL);
74 if (err) {
75 return err;
76 }
77
78 return 0;
79 }
80
accept_conn(const bt_addr_t * bdaddr)81 static int accept_conn(const bt_addr_t *bdaddr)
82 {
83 struct bt_hci_cp_accept_conn_req *cp;
84 struct net_buf *buf;
85 int err;
86
87 buf = bt_hci_cmd_create(BT_HCI_OP_ACCEPT_CONN_REQ, sizeof(*cp));
88 if (!buf) {
89 return -ENOBUFS;
90 }
91
92 cp = net_buf_add(buf, sizeof(*cp));
93 bt_addr_copy(&cp->bdaddr, bdaddr);
94 cp->role = BT_HCI_ROLE_PERIPHERAL;
95
96 err = bt_hci_cmd_send_sync(BT_HCI_OP_ACCEPT_CONN_REQ, buf, NULL);
97 if (err) {
98 return err;
99 }
100
101 return 0;
102 }
103
bt_esco_conn_req(struct bt_hci_evt_conn_request * evt)104 static void bt_esco_conn_req(struct bt_hci_evt_conn_request *evt)
105 {
106 struct bt_conn *sco_conn;
107
108 sco_conn = bt_conn_add_sco(&evt->bdaddr, evt->link_type);
109 if (!sco_conn) {
110 reject_conn(&evt->bdaddr, BT_HCI_ERR_INSUFFICIENT_RESOURCES);
111 return;
112 }
113
114 if (accept_sco_conn(&evt->bdaddr, sco_conn)) {
115 LOG_ERR("Error accepting connection from %s", bt_addr_str(&evt->bdaddr));
116 reject_conn(&evt->bdaddr, BT_HCI_ERR_UNSPECIFIED);
117 bt_sco_cleanup(sco_conn);
118 return;
119 }
120
121 sco_conn->role = BT_HCI_ROLE_PERIPHERAL;
122 bt_conn_set_state(sco_conn, BT_CONN_CONNECTING);
123 bt_conn_unref(sco_conn);
124 }
125
bt_hci_conn_req(struct net_buf * buf)126 void bt_hci_conn_req(struct net_buf *buf)
127 {
128 struct bt_hci_evt_conn_request *evt = (void *)buf->data;
129 struct bt_conn *conn;
130
131 LOG_DBG("conn req from %s, type 0x%02x", bt_addr_str(&evt->bdaddr), evt->link_type);
132
133 if (evt->link_type != BT_HCI_ACL) {
134 bt_esco_conn_req(evt);
135 return;
136 }
137
138 conn = bt_conn_add_br(&evt->bdaddr);
139 if (!conn) {
140 reject_conn(&evt->bdaddr, BT_HCI_ERR_INSUFFICIENT_RESOURCES);
141 return;
142 }
143
144 accept_conn(&evt->bdaddr);
145 conn->role = BT_HCI_ROLE_PERIPHERAL;
146 bt_conn_set_state(conn, BT_CONN_CONNECTING);
147 bt_conn_unref(conn);
148 }
149
br_sufficient_key_size(struct bt_conn * conn)150 static bool br_sufficient_key_size(struct bt_conn *conn)
151 {
152 struct bt_hci_cp_read_encryption_key_size *cp;
153 struct bt_hci_rp_read_encryption_key_size *rp;
154 struct net_buf *buf, *rsp;
155 uint8_t key_size;
156 int err;
157
158 buf = bt_hci_cmd_create(BT_HCI_OP_READ_ENCRYPTION_KEY_SIZE,
159 sizeof(*cp));
160 if (!buf) {
161 LOG_ERR("Failed to allocate command buffer");
162 return false;
163 }
164
165 cp = net_buf_add(buf, sizeof(*cp));
166 cp->handle = sys_cpu_to_le16(conn->handle);
167
168 err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_ENCRYPTION_KEY_SIZE,
169 buf, &rsp);
170 if (err) {
171 LOG_ERR("Failed to read encryption key size (err %d)", err);
172 return false;
173 }
174
175 if (rsp->len < sizeof(*rp)) {
176 LOG_ERR("Too small command complete for encryption key size");
177 net_buf_unref(rsp);
178 return false;
179 }
180
181 rp = (void *)rsp->data;
182 key_size = rp->key_size;
183 net_buf_unref(rsp);
184
185 LOG_DBG("Encryption key size is %u", key_size);
186
187 if (conn->sec_level == BT_SECURITY_L4) {
188 return key_size == BT_HCI_ENCRYPTION_KEY_SIZE_MAX;
189 }
190
191 return key_size >= BT_HCI_ENCRYPTION_KEY_SIZE_MIN;
192 }
193
bt_br_update_sec_level(struct bt_conn * conn)194 bool bt_br_update_sec_level(struct bt_conn *conn)
195 {
196 if (!conn->encrypt) {
197 conn->sec_level = BT_SECURITY_L1;
198 return true;
199 }
200
201 if (conn->br.link_key) {
202 if (conn->br.link_key->flags & BT_LINK_KEY_AUTHENTICATED) {
203 if (conn->encrypt == 0x02) {
204 conn->sec_level = BT_SECURITY_L4;
205 } else {
206 conn->sec_level = BT_SECURITY_L3;
207 }
208 } else {
209 conn->sec_level = BT_SECURITY_L2;
210 }
211 } else {
212 LOG_WRN("No BR/EDR link key found");
213 conn->sec_level = BT_SECURITY_L2;
214 }
215
216 if (!br_sufficient_key_size(conn)) {
217 LOG_ERR("Encryption key size is not sufficient");
218 bt_conn_disconnect(conn, BT_HCI_ERR_AUTH_FAIL);
219 return false;
220 }
221
222 if (conn->required_sec_level > conn->sec_level) {
223 LOG_ERR("Failed to set required security level");
224 bt_conn_disconnect(conn, BT_HCI_ERR_AUTH_FAIL);
225 return false;
226 }
227
228 return true;
229 }
230
bt_hci_synchronous_conn_complete(struct net_buf * buf)231 void bt_hci_synchronous_conn_complete(struct net_buf *buf)
232 {
233 struct bt_hci_evt_sync_conn_complete *evt = (void *)buf->data;
234 struct bt_conn *sco_conn;
235 uint16_t handle = sys_le16_to_cpu(evt->handle);
236
237 LOG_DBG("status 0x%02x, handle %u, type 0x%02x", evt->status, handle, evt->link_type);
238
239 sco_conn = bt_conn_lookup_addr_sco(&evt->bdaddr);
240 if (!sco_conn) {
241 LOG_ERR("Unable to find conn for %s", bt_addr_str(&evt->bdaddr));
242 return;
243 }
244
245 if (evt->status) {
246 sco_conn->err = evt->status;
247 bt_conn_set_state(sco_conn, BT_CONN_DISCONNECTED);
248 bt_conn_unref(sco_conn);
249 return;
250 }
251
252 sco_conn->handle = handle;
253 bt_conn_set_state(sco_conn, BT_CONN_CONNECTED);
254 bt_conn_unref(sco_conn);
255 }
256
bt_hci_conn_complete(struct net_buf * buf)257 void bt_hci_conn_complete(struct net_buf *buf)
258 {
259 struct bt_hci_evt_conn_complete *evt = (void *)buf->data;
260 struct bt_conn *conn;
261 struct bt_hci_cp_read_remote_features *cp;
262 uint16_t handle = sys_le16_to_cpu(evt->handle);
263
264 LOG_DBG("status 0x%02x, handle %u, type 0x%02x", evt->status, handle, evt->link_type);
265
266 conn = bt_conn_lookup_addr_br(&evt->bdaddr);
267 if (!conn) {
268 LOG_ERR("Unable to find conn for %s", bt_addr_str(&evt->bdaddr));
269 return;
270 }
271
272 if (evt->status) {
273 conn->err = evt->status;
274 bt_conn_set_state(conn, BT_CONN_DISCONNECTED);
275 bt_conn_unref(conn);
276 return;
277 }
278
279 conn->handle = handle;
280 conn->err = 0U;
281 conn->encrypt = evt->encr_enabled;
282
283 if (!bt_br_update_sec_level(conn)) {
284 bt_conn_unref(conn);
285 return;
286 }
287
288 bt_conn_set_state(conn, BT_CONN_CONNECTED);
289 bt_conn_unref(conn);
290
291 buf = bt_hci_cmd_create(BT_HCI_OP_READ_REMOTE_FEATURES, sizeof(*cp));
292 if (!buf) {
293 return;
294 }
295
296 cp = net_buf_add(buf, sizeof(*cp));
297 cp->handle = evt->handle;
298
299 bt_hci_cmd_send_sync(BT_HCI_OP_READ_REMOTE_FEATURES, buf, NULL);
300 }
301
302 struct discovery_priv {
303 uint16_t clock_offset;
304 uint8_t pscan_rep_mode;
305 uint8_t resolving;
306 } __packed;
307
request_name(const bt_addr_t * addr,uint8_t pscan,uint16_t offset)308 static int request_name(const bt_addr_t *addr, uint8_t pscan, uint16_t offset)
309 {
310 struct bt_hci_cp_remote_name_request *cp;
311 struct net_buf *buf;
312
313 buf = bt_hci_cmd_create(BT_HCI_OP_REMOTE_NAME_REQUEST, sizeof(*cp));
314 if (!buf) {
315 return -ENOBUFS;
316 }
317
318 cp = net_buf_add(buf, sizeof(*cp));
319
320 bt_addr_copy(&cp->bdaddr, addr);
321 cp->pscan_rep_mode = pscan;
322 cp->reserved = 0x00; /* reserved, should be set to 0x00 */
323 cp->clock_offset = offset;
324
325 return bt_hci_cmd_send_sync(BT_HCI_OP_REMOTE_NAME_REQUEST, buf, NULL);
326 }
327
328 #define EIR_SHORT_NAME 0x08
329 #define EIR_COMPLETE_NAME 0x09
330
eir_has_name(const uint8_t * eir)331 static bool eir_has_name(const uint8_t *eir)
332 {
333 int len = 240;
334
335 while (len) {
336 if (len < 2) {
337 break;
338 }
339
340 /* Look for early termination */
341 if (!eir[0]) {
342 break;
343 }
344
345 /* Check if field length is correct */
346 if (eir[0] > len - 1) {
347 break;
348 }
349
350 switch (eir[1]) {
351 case EIR_SHORT_NAME:
352 case EIR_COMPLETE_NAME:
353 if (eir[0] > 1) {
354 return true;
355 }
356 break;
357 default:
358 break;
359 }
360
361 /* Parse next AD Structure */
362 len -= eir[0] + 1;
363 eir += eir[0] + 1;
364 }
365
366 return false;
367 }
368
bt_br_discovery_reset(void)369 void bt_br_discovery_reset(void)
370 {
371 discovery_cb = NULL;
372 discovery_results = NULL;
373 discovery_results_size = 0;
374 discovery_results_count = 0;
375 }
376
report_discovery_results(void)377 static void report_discovery_results(void)
378 {
379 bool resolving_names = false;
380 int i;
381
382 for (i = 0; i < discovery_results_count; i++) {
383 struct discovery_priv *priv;
384
385 priv = (struct discovery_priv *)&discovery_results[i]._priv;
386
387 if (eir_has_name(discovery_results[i].eir)) {
388 continue;
389 }
390
391 if (request_name(&discovery_results[i].addr,
392 priv->pscan_rep_mode, priv->clock_offset)) {
393 continue;
394 }
395
396 priv->resolving = 1U;
397 resolving_names = true;
398 }
399
400 if (resolving_names) {
401 return;
402 }
403
404 atomic_clear_bit(bt_dev.flags, BT_DEV_INQUIRY);
405
406 if (discovery_cb) {
407 discovery_cb(discovery_results, discovery_results_count);
408 }
409 bt_br_discovery_reset();
410 }
411
bt_hci_inquiry_complete(struct net_buf * buf)412 void bt_hci_inquiry_complete(struct net_buf *buf)
413 {
414 struct bt_hci_evt_inquiry_complete *evt = (void *)buf->data;
415
416 if (evt->status) {
417 LOG_ERR("Failed to complete inquiry");
418 }
419
420 report_discovery_results();
421 }
422
get_result_slot(const bt_addr_t * addr,int8_t rssi)423 static struct bt_br_discovery_result *get_result_slot(const bt_addr_t *addr,
424 int8_t rssi)
425 {
426 struct bt_br_discovery_result *result = NULL;
427 size_t i;
428
429 /* check if already present in results */
430 for (i = 0; i < discovery_results_count; i++) {
431 if (bt_addr_eq(addr, &discovery_results[i].addr)) {
432 return &discovery_results[i];
433 }
434 }
435
436 /* Pick a new slot (if available) */
437 if (discovery_results_count < discovery_results_size) {
438 bt_addr_copy(&discovery_results[discovery_results_count].addr,
439 addr);
440 return &discovery_results[discovery_results_count++];
441 }
442
443 /* ignore if invalid RSSI */
444 if (rssi == 0xff) {
445 return NULL;
446 }
447
448 /*
449 * Pick slot with smallest RSSI that is smaller then passed RSSI
450 * TODO handle TX if present
451 */
452 for (i = 0; i < discovery_results_size; i++) {
453 if (discovery_results[i].rssi > rssi) {
454 continue;
455 }
456
457 if (!result || result->rssi > discovery_results[i].rssi) {
458 result = &discovery_results[i];
459 }
460 }
461
462 if (result) {
463 LOG_DBG("Reusing slot (old %s rssi %d dBm)", bt_addr_str(&result->addr),
464 result->rssi);
465
466 bt_addr_copy(&result->addr, addr);
467 }
468
469 return result;
470 }
471
bt_hci_inquiry_result_with_rssi(struct net_buf * buf)472 void bt_hci_inquiry_result_with_rssi(struct net_buf *buf)
473 {
474 uint8_t num_reports = net_buf_pull_u8(buf);
475
476 if (!atomic_test_bit(bt_dev.flags, BT_DEV_INQUIRY)) {
477 return;
478 }
479
480 LOG_DBG("number of results: %u", num_reports);
481
482 while (num_reports--) {
483 struct bt_hci_evt_inquiry_result_with_rssi *evt;
484 struct bt_br_discovery_result *result;
485 struct discovery_priv *priv;
486
487 if (buf->len < sizeof(*evt)) {
488 LOG_ERR("Unexpected end to buffer");
489 return;
490 }
491
492 evt = net_buf_pull_mem(buf, sizeof(*evt));
493 LOG_DBG("%s rssi %d dBm", bt_addr_str(&evt->addr), evt->rssi);
494
495 result = get_result_slot(&evt->addr, evt->rssi);
496 if (!result) {
497 return;
498 }
499
500 priv = (struct discovery_priv *)&result->_priv;
501 priv->pscan_rep_mode = evt->pscan_rep_mode;
502 priv->clock_offset = evt->clock_offset;
503
504 memcpy(result->cod, evt->cod, 3);
505 result->rssi = evt->rssi;
506
507 /* we could reuse slot so make sure EIR is cleared */
508 (void)memset(result->eir, 0, sizeof(result->eir));
509 }
510 }
511
bt_hci_extended_inquiry_result(struct net_buf * buf)512 void bt_hci_extended_inquiry_result(struct net_buf *buf)
513 {
514 struct bt_hci_evt_extended_inquiry_result *evt = (void *)buf->data;
515 struct bt_br_discovery_result *result;
516 struct discovery_priv *priv;
517
518 if (!atomic_test_bit(bt_dev.flags, BT_DEV_INQUIRY)) {
519 return;
520 }
521
522 LOG_DBG("%s rssi %d dBm", bt_addr_str(&evt->addr), evt->rssi);
523
524 result = get_result_slot(&evt->addr, evt->rssi);
525 if (!result) {
526 return;
527 }
528
529 priv = (struct discovery_priv *)&result->_priv;
530 priv->pscan_rep_mode = evt->pscan_rep_mode;
531 priv->clock_offset = evt->clock_offset;
532
533 result->rssi = evt->rssi;
534 memcpy(result->cod, evt->cod, 3);
535 memcpy(result->eir, evt->eir, sizeof(result->eir));
536 }
537
bt_hci_remote_name_request_complete(struct net_buf * buf)538 void bt_hci_remote_name_request_complete(struct net_buf *buf)
539 {
540 struct bt_hci_evt_remote_name_req_complete *evt = (void *)buf->data;
541 struct bt_br_discovery_result *result;
542 struct discovery_priv *priv;
543 int eir_len = 240;
544 uint8_t *eir;
545 int i;
546
547 result = get_result_slot(&evt->bdaddr, 0xff);
548 if (!result) {
549 return;
550 }
551
552 priv = (struct discovery_priv *)&result->_priv;
553 priv->resolving = 0U;
554
555 if (evt->status) {
556 goto check_names;
557 }
558
559 eir = result->eir;
560
561 while (eir_len) {
562 if (eir_len < 2) {
563 break;
564 }
565
566 /* Look for early termination */
567 if (!eir[0]) {
568 size_t name_len;
569
570 eir_len -= 2;
571
572 /* name is null terminated */
573 name_len = strlen((const char *)evt->name);
574
575 if (name_len > eir_len) {
576 eir[0] = eir_len + 1;
577 eir[1] = EIR_SHORT_NAME;
578 } else {
579 eir[0] = name_len + 1;
580 eir[1] = EIR_SHORT_NAME;
581 }
582
583 memcpy(&eir[2], evt->name, eir[0] - 1);
584
585 break;
586 }
587
588 /* Check if field length is correct */
589 if (eir[0] > eir_len - 1) {
590 break;
591 }
592
593 /* next EIR Structure */
594 eir_len -= eir[0] + 1;
595 eir += eir[0] + 1;
596 }
597
598 check_names:
599 /* if still waiting for names */
600 for (i = 0; i < discovery_results_count; i++) {
601 struct discovery_priv *dpriv;
602
603 dpriv = (struct discovery_priv *)&discovery_results[i]._priv;
604
605 if (dpriv->resolving) {
606 return;
607 }
608 }
609
610 /* all names resolved, report discovery results */
611 atomic_clear_bit(bt_dev.flags, BT_DEV_INQUIRY);
612
613 if (discovery_cb) {
614 discovery_cb(discovery_results, discovery_results_count);
615 }
616
617 }
618
bt_hci_read_remote_features_complete(struct net_buf * buf)619 void bt_hci_read_remote_features_complete(struct net_buf *buf)
620 {
621 struct bt_hci_evt_remote_features *evt = (void *)buf->data;
622 uint16_t handle = sys_le16_to_cpu(evt->handle);
623 struct bt_hci_cp_read_remote_ext_features *cp;
624 struct bt_conn *conn;
625
626 LOG_DBG("status 0x%02x handle %u", evt->status, handle);
627
628 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_BR);
629 if (!conn) {
630 LOG_ERR("Can't find conn for handle %u", handle);
631 return;
632 }
633
634 if (evt->status) {
635 goto done;
636 }
637
638 memcpy(conn->br.features[0], evt->features, sizeof(evt->features));
639
640 if (!BT_FEAT_EXT_FEATURES(conn->br.features)) {
641 goto done;
642 }
643
644 buf = bt_hci_cmd_create(BT_HCI_OP_READ_REMOTE_EXT_FEATURES,
645 sizeof(*cp));
646 if (!buf) {
647 goto done;
648 }
649
650 /* Read remote host features (page 1) */
651 cp = net_buf_add(buf, sizeof(*cp));
652 cp->handle = evt->handle;
653 cp->page = 0x01;
654
655 bt_hci_cmd_send_sync(BT_HCI_OP_READ_REMOTE_EXT_FEATURES, buf, NULL);
656
657 done:
658 bt_conn_unref(conn);
659 }
660
bt_hci_read_remote_ext_features_complete(struct net_buf * buf)661 void bt_hci_read_remote_ext_features_complete(struct net_buf *buf)
662 {
663 struct bt_hci_evt_remote_ext_features *evt = (void *)buf->data;
664 uint16_t handle = sys_le16_to_cpu(evt->handle);
665 struct bt_conn *conn;
666
667 LOG_DBG("status 0x%02x handle %u", evt->status, handle);
668
669 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_BR);
670 if (!conn) {
671 LOG_ERR("Can't find conn for handle %u", handle);
672 return;
673 }
674
675 if (!evt->status && evt->page == 0x01) {
676 memcpy(conn->br.features[1], evt->features,
677 sizeof(conn->br.features[1]));
678 }
679
680 bt_conn_unref(conn);
681 }
682
bt_hci_role_change(struct net_buf * buf)683 void bt_hci_role_change(struct net_buf *buf)
684 {
685 struct bt_hci_evt_role_change *evt = (void *)buf->data;
686 struct bt_conn *conn;
687
688 LOG_DBG("status 0x%02x role %u addr %s", evt->status, evt->role, bt_addr_str(&evt->bdaddr));
689
690 if (evt->status) {
691 return;
692 }
693
694 conn = bt_conn_lookup_addr_br(&evt->bdaddr);
695 if (!conn) {
696 LOG_ERR("Can't find conn for %s", bt_addr_str(&evt->bdaddr));
697 return;
698 }
699
700 if (evt->role) {
701 conn->role = BT_CONN_ROLE_PERIPHERAL;
702 } else {
703 conn->role = BT_CONN_ROLE_CENTRAL;
704 }
705
706 bt_conn_unref(conn);
707 }
708
read_ext_features(void)709 static int read_ext_features(void)
710 {
711 int i;
712
713 /* Read Local Supported Extended Features */
714 for (i = 1; i < LMP_FEAT_PAGES_COUNT; i++) {
715 struct bt_hci_cp_read_local_ext_features *cp;
716 struct bt_hci_rp_read_local_ext_features *rp;
717 struct net_buf *buf, *rsp;
718 int err;
719
720 buf = bt_hci_cmd_create(BT_HCI_OP_READ_LOCAL_EXT_FEATURES,
721 sizeof(*cp));
722 if (!buf) {
723 return -ENOBUFS;
724 }
725
726 cp = net_buf_add(buf, sizeof(*cp));
727 cp->page = i;
728
729 err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_LOCAL_EXT_FEATURES,
730 buf, &rsp);
731 if (err) {
732 return err;
733 }
734
735 rp = (void *)rsp->data;
736
737 memcpy(&bt_dev.features[i], rp->ext_features,
738 sizeof(bt_dev.features[i]));
739
740 if (rp->max_page <= i) {
741 net_buf_unref(rsp);
742 break;
743 }
744
745 net_buf_unref(rsp);
746 }
747
748 return 0;
749 }
750
device_supported_pkt_type(void)751 void device_supported_pkt_type(void)
752 {
753 /* Device supported features and sco packet types */
754 if (BT_FEAT_HV2_PKT(bt_dev.features)) {
755 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_HV2);
756 }
757
758 if (BT_FEAT_HV3_PKT(bt_dev.features)) {
759 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_HV3);
760 }
761
762 if (BT_FEAT_LMP_ESCO_CAPABLE(bt_dev.features)) {
763 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_EV3);
764 }
765
766 if (BT_FEAT_EV4_PKT(bt_dev.features)) {
767 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_EV4);
768 }
769
770 if (BT_FEAT_EV5_PKT(bt_dev.features)) {
771 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_EV5);
772 }
773
774 if (BT_FEAT_2EV3_PKT(bt_dev.features)) {
775 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_2EV3);
776 }
777
778 if (BT_FEAT_3EV3_PKT(bt_dev.features)) {
779 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_3EV3);
780 }
781
782 if (BT_FEAT_3SLOT_PKT(bt_dev.features)) {
783 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_2EV5 |
784 HCI_PKT_TYPE_ESCO_3EV5);
785 }
786 }
787
read_buffer_size_complete(struct net_buf * buf)788 static void read_buffer_size_complete(struct net_buf *buf)
789 {
790 struct bt_hci_rp_read_buffer_size *rp = (void *)buf->data;
791 uint16_t pkts;
792
793 LOG_DBG("status 0x%02x", rp->status);
794
795 bt_dev.br.mtu = sys_le16_to_cpu(rp->acl_max_len);
796 pkts = sys_le16_to_cpu(rp->acl_max_num);
797
798 LOG_DBG("ACL BR/EDR buffers: pkts %u mtu %u", pkts, bt_dev.br.mtu);
799
800 k_sem_init(&bt_dev.br.pkts, pkts, pkts);
801 }
802
bt_br_init(void)803 int bt_br_init(void)
804 {
805 struct net_buf *buf;
806 struct bt_hci_cp_write_ssp_mode *ssp_cp;
807 struct bt_hci_cp_write_inquiry_mode *inq_cp;
808 struct bt_hci_write_local_name *name_cp;
809 int err;
810
811 /* Read extended local features */
812 if (BT_FEAT_EXT_FEATURES(bt_dev.features)) {
813 err = read_ext_features();
814 if (err) {
815 return err;
816 }
817 }
818
819 /* Add local supported packet types to bt_dev */
820 device_supported_pkt_type();
821
822 /* Get BR/EDR buffer size */
823 err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_BUFFER_SIZE, NULL, &buf);
824 if (err) {
825 return err;
826 }
827
828 read_buffer_size_complete(buf);
829 net_buf_unref(buf);
830
831 /* Set SSP mode */
832 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_SSP_MODE, sizeof(*ssp_cp));
833 if (!buf) {
834 return -ENOBUFS;
835 }
836
837 ssp_cp = net_buf_add(buf, sizeof(*ssp_cp));
838 ssp_cp->mode = 0x01;
839 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_SSP_MODE, buf, NULL);
840 if (err) {
841 return err;
842 }
843
844 /* Enable Inquiry results with RSSI or extended Inquiry */
845 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_INQUIRY_MODE, sizeof(*inq_cp));
846 if (!buf) {
847 return -ENOBUFS;
848 }
849
850 inq_cp = net_buf_add(buf, sizeof(*inq_cp));
851 inq_cp->mode = 0x02;
852 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_INQUIRY_MODE, buf, NULL);
853 if (err) {
854 return err;
855 }
856
857 /* Set local name */
858 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_LOCAL_NAME, sizeof(*name_cp));
859 if (!buf) {
860 return -ENOBUFS;
861 }
862
863 name_cp = net_buf_add(buf, sizeof(*name_cp));
864 strncpy((char *)name_cp->local_name, CONFIG_BT_DEVICE_NAME,
865 sizeof(name_cp->local_name));
866
867 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_LOCAL_NAME, buf, NULL);
868 if (err) {
869 return err;
870 }
871
872 /* Set page timeout*/
873 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_PAGE_TIMEOUT, sizeof(uint16_t));
874 if (!buf) {
875 return -ENOBUFS;
876 }
877
878 net_buf_add_le16(buf, CONFIG_BT_PAGE_TIMEOUT);
879
880 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_PAGE_TIMEOUT, buf, NULL);
881 if (err) {
882 return err;
883 }
884
885 /* Enable BR/EDR SC if supported */
886 if (BT_FEAT_SC(bt_dev.features)) {
887 struct bt_hci_cp_write_sc_host_supp *sc_cp;
888
889 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_SC_HOST_SUPP,
890 sizeof(*sc_cp));
891 if (!buf) {
892 return -ENOBUFS;
893 }
894
895 sc_cp = net_buf_add(buf, sizeof(*sc_cp));
896 sc_cp->sc_support = 0x01;
897
898 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_SC_HOST_SUPP, buf,
899 NULL);
900 if (err) {
901 return err;
902 }
903 }
904
905 return 0;
906 }
907
br_start_inquiry(const struct bt_br_discovery_param * param)908 static int br_start_inquiry(const struct bt_br_discovery_param *param)
909 {
910 const uint8_t iac[3] = { 0x33, 0x8b, 0x9e };
911 struct bt_hci_op_inquiry *cp;
912 struct net_buf *buf;
913
914 buf = bt_hci_cmd_create(BT_HCI_OP_INQUIRY, sizeof(*cp));
915 if (!buf) {
916 return -ENOBUFS;
917 }
918
919 cp = net_buf_add(buf, sizeof(*cp));
920
921 cp->length = param->length;
922 cp->num_rsp = 0xff; /* we limit discovery only by time */
923
924 memcpy(cp->lap, iac, 3);
925 if (param->limited) {
926 cp->lap[0] = 0x00;
927 }
928
929 return bt_hci_cmd_send_sync(BT_HCI_OP_INQUIRY, buf, NULL);
930 }
931
valid_br_discov_param(const struct bt_br_discovery_param * param,size_t num_results)932 static bool valid_br_discov_param(const struct bt_br_discovery_param *param,
933 size_t num_results)
934 {
935 if (!num_results || num_results > 255) {
936 return false;
937 }
938
939 if (!param->length || param->length > 0x30) {
940 return false;
941 }
942
943 return true;
944 }
945
bt_br_discovery_start(const struct bt_br_discovery_param * param,struct bt_br_discovery_result * results,size_t cnt,bt_br_discovery_cb_t cb)946 int bt_br_discovery_start(const struct bt_br_discovery_param *param,
947 struct bt_br_discovery_result *results, size_t cnt,
948 bt_br_discovery_cb_t cb)
949 {
950 int err;
951
952 LOG_DBG("");
953
954 if (!valid_br_discov_param(param, cnt)) {
955 return -EINVAL;
956 }
957
958 if (atomic_test_bit(bt_dev.flags, BT_DEV_INQUIRY)) {
959 return -EALREADY;
960 }
961
962 err = br_start_inquiry(param);
963 if (err) {
964 return err;
965 }
966
967 atomic_set_bit(bt_dev.flags, BT_DEV_INQUIRY);
968
969 (void)memset(results, 0, sizeof(*results) * cnt);
970
971 discovery_cb = cb;
972 discovery_results = results;
973 discovery_results_size = cnt;
974 discovery_results_count = 0;
975
976 return 0;
977 }
978
bt_br_discovery_stop(void)979 int bt_br_discovery_stop(void)
980 {
981 int err;
982 int i;
983
984 LOG_DBG("");
985
986 if (!atomic_test_bit(bt_dev.flags, BT_DEV_INQUIRY)) {
987 return -EALREADY;
988 }
989
990 err = bt_hci_cmd_send_sync(BT_HCI_OP_INQUIRY_CANCEL, NULL, NULL);
991 if (err) {
992 return err;
993 }
994
995 for (i = 0; i < discovery_results_count; i++) {
996 struct discovery_priv *priv;
997 struct bt_hci_cp_remote_name_cancel *cp;
998 struct net_buf *buf;
999
1000 priv = (struct discovery_priv *)&discovery_results[i]._priv;
1001
1002 if (!priv->resolving) {
1003 continue;
1004 }
1005
1006 buf = bt_hci_cmd_create(BT_HCI_OP_REMOTE_NAME_CANCEL,
1007 sizeof(*cp));
1008 if (!buf) {
1009 continue;
1010 }
1011
1012 cp = net_buf_add(buf, sizeof(*cp));
1013 bt_addr_copy(&cp->bdaddr, &discovery_results[i].addr);
1014
1015 bt_hci_cmd_send_sync(BT_HCI_OP_REMOTE_NAME_CANCEL, buf, NULL);
1016 }
1017
1018 atomic_clear_bit(bt_dev.flags, BT_DEV_INQUIRY);
1019
1020 discovery_cb = NULL;
1021 discovery_results = NULL;
1022 discovery_results_size = 0;
1023 discovery_results_count = 0;
1024
1025 return 0;
1026 }
1027
write_scan_enable(uint8_t scan)1028 static int write_scan_enable(uint8_t scan)
1029 {
1030 struct net_buf *buf;
1031 int err;
1032
1033 LOG_DBG("type %u", scan);
1034
1035 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_SCAN_ENABLE, 1);
1036 if (!buf) {
1037 return -ENOBUFS;
1038 }
1039
1040 net_buf_add_u8(buf, scan);
1041 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_SCAN_ENABLE, buf, NULL);
1042 if (err) {
1043 return err;
1044 }
1045
1046 atomic_set_bit_to(bt_dev.flags, BT_DEV_ISCAN,
1047 (scan & BT_BREDR_SCAN_INQUIRY));
1048 atomic_set_bit_to(bt_dev.flags, BT_DEV_PSCAN,
1049 (scan & BT_BREDR_SCAN_PAGE));
1050
1051 return 0;
1052 }
1053
bt_br_set_connectable(bool enable)1054 int bt_br_set_connectable(bool enable)
1055 {
1056 if (enable) {
1057 if (atomic_test_bit(bt_dev.flags, BT_DEV_PSCAN)) {
1058 return -EALREADY;
1059 } else {
1060 return write_scan_enable(BT_BREDR_SCAN_PAGE);
1061 }
1062 } else {
1063 if (!atomic_test_bit(bt_dev.flags, BT_DEV_PSCAN)) {
1064 return -EALREADY;
1065 } else {
1066 return write_scan_enable(BT_BREDR_SCAN_DISABLED);
1067 }
1068 }
1069 }
1070
bt_br_set_discoverable(bool enable)1071 int bt_br_set_discoverable(bool enable)
1072 {
1073 if (enable) {
1074 if (atomic_test_bit(bt_dev.flags, BT_DEV_ISCAN)) {
1075 return -EALREADY;
1076 }
1077
1078 if (!atomic_test_bit(bt_dev.flags, BT_DEV_PSCAN)) {
1079 return -EPERM;
1080 }
1081
1082 return write_scan_enable(BT_BREDR_SCAN_INQUIRY |
1083 BT_BREDR_SCAN_PAGE);
1084 } else {
1085 if (!atomic_test_bit(bt_dev.flags, BT_DEV_ISCAN)) {
1086 return -EALREADY;
1087 }
1088
1089 return write_scan_enable(BT_BREDR_SCAN_PAGE);
1090 }
1091 }
1092