1 /*
2 * Copyright (c) 2017-2021 Nordic Semiconductor ASA
3 * Copyright (c) 2015-2016 Intel Corporation
4 *
5 * SPDX-License-Identifier: Apache-2.0
6 */
7
8 #include <zephyr/sys/byteorder.h>
9
10 #include <zephyr/bluetooth/bluetooth.h>
11 #include <zephyr/bluetooth/hci.h>
12 #include <zephyr/bluetooth/buf.h>
13
14 #include "common/bt_str.h"
15
16 #include "host/hci_core.h"
17 #include "host/conn_internal.h"
18 #include "host/keys.h"
19 #include "sco_internal.h"
20
21 #define LOG_LEVEL CONFIG_BT_HCI_CORE_LOG_LEVEL
22 #include <zephyr/logging/log.h>
23 LOG_MODULE_REGISTER(bt_br);
24
25 struct bt_br_discovery_result *discovery_results;
26 static size_t discovery_results_size;
27 static size_t discovery_results_count;
28 static sys_slist_t discovery_cbs = SYS_SLIST_STATIC_INIT(&discovery_cbs);
29
reject_conn(const bt_addr_t * bdaddr,uint8_t reason)30 static int reject_conn(const bt_addr_t *bdaddr, uint8_t reason)
31 {
32 struct bt_hci_cp_reject_conn_req *cp;
33 struct net_buf *buf;
34 int err;
35
36 buf = bt_hci_cmd_create(BT_HCI_OP_REJECT_CONN_REQ, sizeof(*cp));
37 if (!buf) {
38 return -ENOBUFS;
39 }
40
41 cp = net_buf_add(buf, sizeof(*cp));
42 bt_addr_copy(&cp->bdaddr, bdaddr);
43 cp->reason = reason;
44
45 err = bt_hci_cmd_send_sync(BT_HCI_OP_REJECT_CONN_REQ, buf, NULL);
46 if (err) {
47 return err;
48 }
49
50 return 0;
51 }
52
accept_conn(const bt_addr_t * bdaddr)53 static int accept_conn(const bt_addr_t *bdaddr)
54 {
55 struct bt_hci_cp_accept_conn_req *cp;
56 struct net_buf *buf;
57 int err;
58
59 buf = bt_hci_cmd_create(BT_HCI_OP_ACCEPT_CONN_REQ, sizeof(*cp));
60 if (!buf) {
61 return -ENOBUFS;
62 }
63
64 cp = net_buf_add(buf, sizeof(*cp));
65 bt_addr_copy(&cp->bdaddr, bdaddr);
66 cp->role = BT_HCI_ROLE_PERIPHERAL;
67
68 err = bt_hci_cmd_send_sync(BT_HCI_OP_ACCEPT_CONN_REQ, buf, NULL);
69 if (err) {
70 return err;
71 }
72
73 return 0;
74 }
75
bt_hci_conn_req(struct net_buf * buf)76 void bt_hci_conn_req(struct net_buf *buf)
77 {
78 struct bt_hci_evt_conn_request *evt = (void *)buf->data;
79 struct bt_conn *conn;
80
81 LOG_DBG("conn req from %s, type 0x%02x", bt_addr_str(&evt->bdaddr), evt->link_type);
82
83 if (evt->link_type != BT_HCI_ACL) {
84 uint8_t err;
85
86 err = bt_esco_conn_req(evt);
87 if (err != BT_HCI_ERR_SUCCESS) {
88 reject_conn(&evt->bdaddr, err);
89 }
90 return;
91 }
92
93 conn = bt_conn_add_br(&evt->bdaddr);
94 if (!conn) {
95 reject_conn(&evt->bdaddr, BT_HCI_ERR_INSUFFICIENT_RESOURCES);
96 return;
97 }
98
99 accept_conn(&evt->bdaddr);
100 conn->role = BT_HCI_ROLE_PERIPHERAL;
101 bt_conn_set_state(conn, BT_CONN_INITIATING);
102 bt_conn_unref(conn);
103 }
104
br_sufficient_key_size(struct bt_conn * conn)105 static bool br_sufficient_key_size(struct bt_conn *conn)
106 {
107 struct bt_hci_cp_read_encryption_key_size *cp;
108 struct bt_hci_rp_read_encryption_key_size *rp;
109 struct net_buf *buf, *rsp;
110 uint8_t key_size;
111 int err;
112
113 buf = bt_hci_cmd_create(BT_HCI_OP_READ_ENCRYPTION_KEY_SIZE, sizeof(*cp));
114 if (!buf) {
115 LOG_ERR("Failed to allocate command buffer");
116 return false;
117 }
118
119 cp = net_buf_add(buf, sizeof(*cp));
120 cp->handle = sys_cpu_to_le16(conn->handle);
121
122 err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_ENCRYPTION_KEY_SIZE, buf, &rsp);
123 if (err) {
124 LOG_ERR("Failed to read encryption key size (err %d)", err);
125 return false;
126 }
127
128 if (rsp->len < sizeof(*rp)) {
129 LOG_ERR("Too small command complete for encryption key size");
130 net_buf_unref(rsp);
131 return false;
132 }
133
134 rp = (void *)rsp->data;
135 key_size = rp->key_size;
136 net_buf_unref(rsp);
137
138 LOG_DBG("Encryption key size is %u", key_size);
139
140 if (conn->sec_level == BT_SECURITY_L4) {
141 return key_size == BT_HCI_ENCRYPTION_KEY_SIZE_MAX;
142 }
143
144 return key_size >= CONFIG_BT_BR_MIN_ENC_KEY_SIZE;
145 }
146
bt_br_update_sec_level(struct bt_conn * conn)147 bool bt_br_update_sec_level(struct bt_conn *conn)
148 {
149 if (!conn->encrypt) {
150 conn->sec_level = BT_SECURITY_L1;
151 return true;
152 }
153
154 if (conn->br.link_key) {
155 if (conn->br.link_key->flags & BT_LINK_KEY_AUTHENTICATED) {
156 if (conn->encrypt == 0x02) {
157 conn->sec_level = BT_SECURITY_L4;
158 } else {
159 conn->sec_level = BT_SECURITY_L3;
160 }
161 } else {
162 conn->sec_level = BT_SECURITY_L2;
163 }
164 } else {
165 LOG_WRN("No BR/EDR link key found");
166 conn->sec_level = BT_SECURITY_L2;
167 }
168
169 if (!br_sufficient_key_size(conn)) {
170 LOG_ERR("Encryption key size is not sufficient");
171 bt_conn_disconnect(conn, BT_HCI_ERR_AUTH_FAIL);
172 return false;
173 }
174
175 if (conn->required_sec_level > conn->sec_level) {
176 LOG_ERR("Failed to set required security level");
177 bt_conn_disconnect(conn, BT_HCI_ERR_AUTH_FAIL);
178 return false;
179 }
180
181 return true;
182 }
183
bt_hci_synchronous_conn_complete(struct net_buf * buf)184 void bt_hci_synchronous_conn_complete(struct net_buf *buf)
185 {
186 struct bt_hci_evt_sync_conn_complete *evt = (void *)buf->data;
187 struct bt_conn *sco_conn;
188 uint16_t handle = sys_le16_to_cpu(evt->handle);
189
190 LOG_DBG("status 0x%02x, handle %u, type 0x%02x", evt->status, handle, evt->link_type);
191
192 sco_conn = bt_conn_lookup_addr_sco(&evt->bdaddr);
193 if (!sco_conn) {
194 LOG_ERR("Unable to find conn for %s", bt_addr_str(&evt->bdaddr));
195 return;
196 }
197
198 if (evt->status) {
199 sco_conn->err = evt->status;
200 bt_conn_set_state(sco_conn, BT_CONN_DISCONNECTED);
201 bt_conn_unref(sco_conn);
202 return;
203 }
204
205 sco_conn->handle = handle;
206 bt_conn_set_state(sco_conn, BT_CONN_CONNECTED);
207 bt_conn_unref(sco_conn);
208 }
209
bt_hci_conn_complete(struct net_buf * buf)210 void bt_hci_conn_complete(struct net_buf *buf)
211 {
212 struct bt_hci_evt_conn_complete *evt = (void *)buf->data;
213 struct bt_conn *conn;
214 struct bt_hci_cp_read_remote_features *cp;
215 uint16_t handle = sys_le16_to_cpu(evt->handle);
216
217 LOG_DBG("status 0x%02x, handle %u, type 0x%02x", evt->status, handle, evt->link_type);
218
219 conn = bt_conn_lookup_addr_br(&evt->bdaddr);
220 if (!conn) {
221 LOG_ERR("Unable to find conn for %s", bt_addr_str(&evt->bdaddr));
222 return;
223 }
224
225 if (evt->status) {
226 conn->err = evt->status;
227 bt_conn_set_state(conn, BT_CONN_DISCONNECTED);
228 bt_conn_unref(conn);
229 return;
230 }
231
232 conn->handle = handle;
233 conn->err = 0U;
234 conn->encrypt = evt->encr_enabled;
235
236 if (!bt_br_update_sec_level(conn)) {
237 bt_conn_unref(conn);
238 return;
239 }
240
241 bt_conn_set_state(conn, BT_CONN_CONNECTED);
242
243 atomic_set_bit_to(conn->flags, BT_CONN_BR_BONDABLE, bt_get_bondable());
244
245 bt_conn_connected(conn);
246
247 bt_conn_unref(conn);
248
249 buf = bt_hci_cmd_create(BT_HCI_OP_READ_REMOTE_FEATURES, sizeof(*cp));
250 if (!buf) {
251 return;
252 }
253
254 cp = net_buf_add(buf, sizeof(*cp));
255 cp->handle = evt->handle;
256
257 bt_hci_cmd_send_sync(BT_HCI_OP_READ_REMOTE_FEATURES, buf, NULL);
258 }
259
request_name(const bt_addr_t * addr,uint8_t pscan,uint16_t offset)260 static int request_name(const bt_addr_t *addr, uint8_t pscan, uint16_t offset)
261 {
262 struct bt_hci_cp_remote_name_request *cp;
263 struct net_buf *buf;
264
265 buf = bt_hci_cmd_create(BT_HCI_OP_REMOTE_NAME_REQUEST, sizeof(*cp));
266 if (!buf) {
267 return -ENOBUFS;
268 }
269
270 cp = net_buf_add(buf, sizeof(*cp));
271
272 bt_addr_copy(&cp->bdaddr, addr);
273 cp->pscan_rep_mode = pscan;
274 cp->reserved = 0x00; /* reserved, should be set to 0x00 */
275 cp->clock_offset = offset;
276
277 return bt_hci_cmd_send_sync(BT_HCI_OP_REMOTE_NAME_REQUEST, buf, NULL);
278 }
279
280 #define EIR_SHORT_NAME 0x08
281 #define EIR_COMPLETE_NAME 0x09
282
eir_has_name(const uint8_t * eir)283 static bool eir_has_name(const uint8_t *eir)
284 {
285 int len = 240;
286
287 while (len) {
288 if (len < 2) {
289 break;
290 }
291
292 /* Look for early termination */
293 if (!eir[0]) {
294 break;
295 }
296
297 /* Check if field length is correct */
298 if (eir[0] > len - 1) {
299 break;
300 }
301
302 switch (eir[1]) {
303 case EIR_SHORT_NAME:
304 case EIR_COMPLETE_NAME:
305 if (eir[0] > 1) {
306 return true;
307 }
308 break;
309 default:
310 break;
311 }
312
313 /* Parse next AD Structure */
314 len -= eir[0] + 1;
315 eir += eir[0] + 1;
316 }
317
318 return false;
319 }
320
bt_br_discovery_reset(void)321 void bt_br_discovery_reset(void)
322 {
323 discovery_results = NULL;
324 discovery_results_size = 0;
325 discovery_results_count = 0;
326 }
327
report_discovery_results(void)328 static void report_discovery_results(void)
329 {
330 bool resolving_names = false;
331 int i;
332 struct bt_br_discovery_cb *listener, *next;
333
334 for (i = 0; i < discovery_results_count; i++) {
335 struct bt_br_discovery_priv *priv;
336
337 priv = &discovery_results[i]._priv;
338
339 if (eir_has_name(discovery_results[i].eir)) {
340 continue;
341 }
342
343 if (request_name(&discovery_results[i].addr, priv->pscan_rep_mode,
344 priv->clock_offset)) {
345 continue;
346 }
347
348 priv->resolving = true;
349 resolving_names = true;
350 }
351
352 if (resolving_names) {
353 return;
354 }
355
356 atomic_clear_bit(bt_dev.flags, BT_DEV_INQUIRY);
357
358 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&discovery_cbs, listener, next, node) {
359 if (listener->timeout) {
360 listener->timeout(discovery_results, discovery_results_count);
361 }
362 }
363
364 bt_br_discovery_reset();
365 }
366
bt_hci_inquiry_complete(struct net_buf * buf)367 void bt_hci_inquiry_complete(struct net_buf *buf)
368 {
369 struct bt_hci_evt_inquiry_complete *evt = (void *)buf->data;
370
371 if (evt->status) {
372 LOG_ERR("Failed to complete inquiry");
373 }
374
375 report_discovery_results();
376 }
377
get_result_slot(const bt_addr_t * addr,int8_t rssi)378 static struct bt_br_discovery_result *get_result_slot(const bt_addr_t *addr, int8_t rssi)
379 {
380 struct bt_br_discovery_result *result = NULL;
381 size_t i;
382
383 /* check if already present in results */
384 for (i = 0; i < discovery_results_count; i++) {
385 if (bt_addr_eq(addr, &discovery_results[i].addr)) {
386 return &discovery_results[i];
387 }
388 }
389
390 /* Pick a new slot (if available) */
391 if (discovery_results_count < discovery_results_size) {
392 bt_addr_copy(&discovery_results[discovery_results_count].addr, addr);
393 return &discovery_results[discovery_results_count++];
394 }
395
396 /* ignore if invalid RSSI */
397 if (rssi == 0xff) {
398 return NULL;
399 }
400
401 /*
402 * Pick slot with smallest RSSI that is smaller then passed RSSI
403 * TODO handle TX if present
404 */
405 for (i = 0; i < discovery_results_size; i++) {
406 if (discovery_results[i].rssi > rssi) {
407 continue;
408 }
409
410 if (!result || result->rssi > discovery_results[i].rssi) {
411 result = &discovery_results[i];
412 }
413 }
414
415 if (result) {
416 LOG_DBG("Reusing slot (old %s rssi %d dBm)", bt_addr_str(&result->addr),
417 result->rssi);
418
419 bt_addr_copy(&result->addr, addr);
420 }
421
422 return result;
423 }
424
bt_hci_inquiry_result_with_rssi(struct net_buf * buf)425 void bt_hci_inquiry_result_with_rssi(struct net_buf *buf)
426 {
427 uint8_t num_reports = net_buf_pull_u8(buf);
428
429 if (!atomic_test_bit(bt_dev.flags, BT_DEV_INQUIRY)) {
430 return;
431 }
432
433 LOG_DBG("number of results: %u", num_reports);
434
435 while (num_reports--) {
436 struct bt_hci_evt_inquiry_result_with_rssi *evt;
437 struct bt_br_discovery_result *result;
438 struct bt_br_discovery_priv *priv;
439 struct bt_br_discovery_cb *listener, *next;
440
441 if (buf->len < sizeof(*evt)) {
442 LOG_ERR("Unexpected end to buffer");
443 return;
444 }
445
446 evt = net_buf_pull_mem(buf, sizeof(*evt));
447 LOG_DBG("%s rssi %d dBm", bt_addr_str(&evt->addr), evt->rssi);
448
449 result = get_result_slot(&evt->addr, evt->rssi);
450 if (!result) {
451 return;
452 }
453
454 priv = &result->_priv;
455 priv->pscan_rep_mode = evt->pscan_rep_mode;
456 priv->clock_offset = evt->clock_offset;
457
458 memcpy(result->cod, evt->cod, 3);
459 result->rssi = evt->rssi;
460
461 /* we could reuse slot so make sure EIR is cleared */
462 (void)memset(result->eir, 0, sizeof(result->eir));
463
464 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&discovery_cbs, listener, next, node) {
465 if (listener->recv) {
466 listener->recv(result);
467 }
468 }
469 }
470 }
471
bt_hci_extended_inquiry_result(struct net_buf * buf)472 void bt_hci_extended_inquiry_result(struct net_buf *buf)
473 {
474 struct bt_hci_evt_extended_inquiry_result *evt = (void *)buf->data;
475 struct bt_br_discovery_result *result;
476 struct bt_br_discovery_priv *priv;
477 struct bt_br_discovery_cb *listener, *next;
478
479 if (!atomic_test_bit(bt_dev.flags, BT_DEV_INQUIRY)) {
480 return;
481 }
482
483 LOG_DBG("%s rssi %d dBm", bt_addr_str(&evt->addr), evt->rssi);
484
485 result = get_result_slot(&evt->addr, evt->rssi);
486 if (!result) {
487 return;
488 }
489
490 priv = &result->_priv;
491 priv->pscan_rep_mode = evt->pscan_rep_mode;
492 priv->clock_offset = evt->clock_offset;
493
494 result->rssi = evt->rssi;
495 memcpy(result->cod, evt->cod, 3);
496 memcpy(result->eir, evt->eir, sizeof(result->eir));
497
498 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&discovery_cbs, listener, next, node) {
499 if (listener->recv) {
500 listener->recv(result);
501 }
502 }
503 }
504
bt_hci_remote_name_request_complete(struct net_buf * buf)505 void bt_hci_remote_name_request_complete(struct net_buf *buf)
506 {
507 struct bt_hci_evt_remote_name_req_complete *evt = (void *)buf->data;
508 struct bt_br_discovery_result *result;
509 struct bt_br_discovery_priv *priv;
510 int eir_len = 240;
511 uint8_t *eir;
512 int i;
513 struct bt_br_discovery_cb *listener, *next;
514
515 result = get_result_slot(&evt->bdaddr, 0xff);
516 if (!result) {
517 return;
518 }
519
520 priv = &result->_priv;
521 priv->resolving = false;
522
523 if (evt->status) {
524 goto check_names;
525 }
526
527 eir = result->eir;
528
529 while (eir_len) {
530 if (eir_len < 2) {
531 break;
532 }
533
534 /* Look for early termination */
535 if (!eir[0]) {
536 size_t name_len;
537
538 eir_len -= 2;
539
540 /* name is null terminated */
541 name_len = strlen((const char *)evt->name);
542
543 if (name_len > eir_len) {
544 eir[0] = eir_len + 1;
545 eir[1] = EIR_SHORT_NAME;
546 } else {
547 eir[0] = name_len + 1;
548 eir[1] = EIR_SHORT_NAME;
549 }
550
551 memcpy(&eir[2], evt->name, eir[0] - 1);
552
553 break;
554 }
555
556 /* Check if field length is correct */
557 if (eir[0] > eir_len - 1) {
558 break;
559 }
560
561 /* next EIR Structure */
562 eir_len -= eir[0] + 1;
563 eir += eir[0] + 1;
564 }
565
566 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&discovery_cbs, listener, next, node) {
567 if (listener->recv) {
568 listener->recv(result);
569 }
570 }
571
572 check_names:
573 /* if still waiting for names */
574 for (i = 0; i < discovery_results_count; i++) {
575 struct bt_br_discovery_priv *dpriv;
576
577 dpriv = &discovery_results[i]._priv;
578
579 if (dpriv->resolving) {
580 return;
581 }
582 }
583
584 /* all names resolved, report discovery results */
585 atomic_clear_bit(bt_dev.flags, BT_DEV_INQUIRY);
586
587 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&discovery_cbs, listener, next, node) {
588 if (listener->timeout) {
589 listener->timeout(discovery_results, discovery_results_count);
590 }
591 }
592 }
593
bt_hci_read_remote_features_complete(struct net_buf * buf)594 void bt_hci_read_remote_features_complete(struct net_buf *buf)
595 {
596 struct bt_hci_evt_remote_features *evt = (void *)buf->data;
597 uint16_t handle = sys_le16_to_cpu(evt->handle);
598 struct bt_hci_cp_read_remote_ext_features *cp;
599 struct bt_conn *conn;
600
601 LOG_DBG("status 0x%02x handle %u", evt->status, handle);
602
603 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_BR);
604 if (!conn) {
605 LOG_ERR("Can't find conn for handle %u", handle);
606 return;
607 }
608
609 if (evt->status) {
610 goto done;
611 }
612
613 memcpy(conn->br.features[0], evt->features, sizeof(evt->features));
614
615 if (!BT_FEAT_EXT_FEATURES(conn->br.features)) {
616 goto done;
617 }
618
619 buf = bt_hci_cmd_create(BT_HCI_OP_READ_REMOTE_EXT_FEATURES, sizeof(*cp));
620 if (!buf) {
621 goto done;
622 }
623
624 /* Read remote host features (page 1) */
625 cp = net_buf_add(buf, sizeof(*cp));
626 cp->handle = evt->handle;
627 cp->page = 0x01;
628
629 bt_hci_cmd_send_sync(BT_HCI_OP_READ_REMOTE_EXT_FEATURES, buf, NULL);
630
631 done:
632 bt_conn_unref(conn);
633 }
634
bt_hci_read_remote_ext_features_complete(struct net_buf * buf)635 void bt_hci_read_remote_ext_features_complete(struct net_buf *buf)
636 {
637 struct bt_hci_evt_remote_ext_features *evt = (void *)buf->data;
638 uint16_t handle = sys_le16_to_cpu(evt->handle);
639 struct bt_conn *conn;
640
641 LOG_DBG("status 0x%02x handle %u", evt->status, handle);
642
643 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_BR);
644 if (!conn) {
645 LOG_ERR("Can't find conn for handle %u", handle);
646 return;
647 }
648
649 if (!evt->status && evt->page == 0x01) {
650 memcpy(conn->br.features[1], evt->features, sizeof(conn->br.features[1]));
651 }
652
653 bt_conn_unref(conn);
654 }
655
bt_hci_role_change(struct net_buf * buf)656 void bt_hci_role_change(struct net_buf *buf)
657 {
658 struct bt_hci_evt_role_change *evt = (void *)buf->data;
659 struct bt_conn *conn;
660
661 LOG_DBG("status 0x%02x role %u addr %s", evt->status, evt->role, bt_addr_str(&evt->bdaddr));
662
663 if (evt->status) {
664 return;
665 }
666
667 conn = bt_conn_lookup_addr_br(&evt->bdaddr);
668 if (!conn) {
669 LOG_ERR("Can't find conn for %s", bt_addr_str(&evt->bdaddr));
670 return;
671 }
672
673 if (evt->role) {
674 conn->role = BT_CONN_ROLE_PERIPHERAL;
675 } else {
676 conn->role = BT_CONN_ROLE_CENTRAL;
677 }
678
679 bt_conn_unref(conn);
680 }
681
read_ext_features(void)682 static int read_ext_features(void)
683 {
684 int i;
685
686 /* Read Local Supported Extended Features */
687 for (i = 1; i < LMP_FEAT_PAGES_COUNT; i++) {
688 struct bt_hci_cp_read_local_ext_features *cp;
689 struct bt_hci_rp_read_local_ext_features *rp;
690 struct net_buf *buf, *rsp;
691 int err;
692
693 buf = bt_hci_cmd_create(BT_HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(*cp));
694 if (!buf) {
695 return -ENOBUFS;
696 }
697
698 cp = net_buf_add(buf, sizeof(*cp));
699 cp->page = i;
700
701 err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_LOCAL_EXT_FEATURES, buf, &rsp);
702 if (err) {
703 return err;
704 }
705
706 rp = (void *)rsp->data;
707
708 memcpy(&bt_dev.features[i], rp->ext_features, sizeof(bt_dev.features[i]));
709
710 if (rp->max_page <= i) {
711 net_buf_unref(rsp);
712 break;
713 }
714
715 net_buf_unref(rsp);
716 }
717
718 return 0;
719 }
720
device_supported_pkt_type(void)721 void device_supported_pkt_type(void)
722 {
723 /* Device supported features and sco packet types */
724 if (BT_FEAT_LMP_SCO_CAPABLE(bt_dev.features)) {
725 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_SCO_HV1);
726 }
727
728 if (BT_FEAT_HV2_PKT(bt_dev.features)) {
729 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_SCO_HV2);
730 }
731
732 if (BT_FEAT_HV3_PKT(bt_dev.features)) {
733 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_SCO_HV3);
734 }
735
736 if (BT_FEAT_LMP_ESCO_CAPABLE(bt_dev.features)) {
737 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_EV3);
738 }
739
740 if (BT_FEAT_EV4_PKT(bt_dev.features)) {
741 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_EV4);
742 }
743
744 if (BT_FEAT_EV5_PKT(bt_dev.features)) {
745 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_EV5);
746 }
747
748 if (BT_FEAT_2EV3_PKT(bt_dev.features)) {
749 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_2EV3);
750 }
751
752 if (BT_FEAT_3EV3_PKT(bt_dev.features)) {
753 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_3EV3);
754 }
755
756 if (BT_FEAT_3SLOT_PKT(bt_dev.features)) {
757 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_2EV5 | HCI_PKT_TYPE_ESCO_3EV5);
758 }
759 }
760
read_buffer_size_complete(struct net_buf * buf)761 static void read_buffer_size_complete(struct net_buf *buf)
762 {
763 struct bt_hci_rp_read_buffer_size *rp = (void *)buf->data;
764 uint16_t pkts;
765
766 LOG_DBG("status 0x%02x", rp->status);
767
768 bt_dev.br.mtu = sys_le16_to_cpu(rp->acl_max_len);
769 pkts = sys_le16_to_cpu(rp->acl_max_num);
770
771 LOG_DBG("ACL BR/EDR buffers: pkts %u mtu %u", pkts, bt_dev.br.mtu);
772
773 k_sem_init(&bt_dev.br.pkts, pkts, pkts);
774 }
775
bt_br_init(void)776 int bt_br_init(void)
777 {
778 struct net_buf *buf;
779 struct bt_hci_cp_write_ssp_mode *ssp_cp;
780 struct bt_hci_cp_write_inquiry_mode *inq_cp;
781 struct bt_hci_write_local_name *name_cp;
782 struct bt_hci_cp_write_class_of_device *cod;
783 int err;
784
785 /* Read extended local features */
786 if (BT_FEAT_EXT_FEATURES(bt_dev.features)) {
787 err = read_ext_features();
788 if (err) {
789 return err;
790 }
791 }
792
793 /* Add local supported packet types to bt_dev */
794 device_supported_pkt_type();
795
796 /* Get BR/EDR buffer size */
797 err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_BUFFER_SIZE, NULL, &buf);
798 if (err) {
799 return err;
800 }
801
802 read_buffer_size_complete(buf);
803 net_buf_unref(buf);
804
805 /* Set SSP mode */
806 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_SSP_MODE, sizeof(*ssp_cp));
807 if (!buf) {
808 return -ENOBUFS;
809 }
810
811 ssp_cp = net_buf_add(buf, sizeof(*ssp_cp));
812 ssp_cp->mode = 0x01;
813 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_SSP_MODE, buf, NULL);
814 if (err) {
815 return err;
816 }
817
818 /* Enable Inquiry results with RSSI or extended Inquiry */
819 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_INQUIRY_MODE, sizeof(*inq_cp));
820 if (!buf) {
821 return -ENOBUFS;
822 }
823
824 inq_cp = net_buf_add(buf, sizeof(*inq_cp));
825 inq_cp->mode = 0x02;
826 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_INQUIRY_MODE, buf, NULL);
827 if (err) {
828 return err;
829 }
830
831 /* Set local name */
832 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_LOCAL_NAME, sizeof(*name_cp));
833 if (!buf) {
834 return -ENOBUFS;
835 }
836
837 name_cp = net_buf_add(buf, sizeof(*name_cp));
838 strncpy((char *)name_cp->local_name, CONFIG_BT_DEVICE_NAME, sizeof(name_cp->local_name));
839
840 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_LOCAL_NAME, buf, NULL);
841 if (err) {
842 return err;
843 }
844
845 /* Set Class of device */
846 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_CLASS_OF_DEVICE, sizeof(*cod));
847 if (!buf) {
848 return -ENOBUFS;
849 }
850
851 net_buf_add_le24(buf, CONFIG_BT_COD);
852
853 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_CLASS_OF_DEVICE, buf, NULL);
854 if (err) {
855 return err;
856 }
857
858 /* Set page timeout*/
859 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_PAGE_TIMEOUT, sizeof(uint16_t));
860 if (!buf) {
861 return -ENOBUFS;
862 }
863
864 net_buf_add_le16(buf, CONFIG_BT_PAGE_TIMEOUT);
865
866 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_PAGE_TIMEOUT, buf, NULL);
867 if (err) {
868 return err;
869 }
870
871 /* Enable BR/EDR SC if supported */
872 if (BT_FEAT_SC(bt_dev.features)) {
873 struct bt_hci_cp_write_sc_host_supp *sc_cp;
874
875 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_SC_HOST_SUPP, sizeof(*sc_cp));
876 if (!buf) {
877 return -ENOBUFS;
878 }
879
880 sc_cp = net_buf_add(buf, sizeof(*sc_cp));
881 sc_cp->sc_support = 0x01;
882
883 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_SC_HOST_SUPP, buf, NULL);
884 if (err) {
885 return err;
886 }
887 }
888
889 return 0;
890 }
891
br_start_inquiry(const struct bt_br_discovery_param * param)892 static int br_start_inquiry(const struct bt_br_discovery_param *param)
893 {
894 const uint8_t iac[3] = {0x33, 0x8b, 0x9e};
895 struct bt_hci_op_inquiry *cp;
896 struct net_buf *buf;
897
898 buf = bt_hci_cmd_create(BT_HCI_OP_INQUIRY, sizeof(*cp));
899 if (!buf) {
900 return -ENOBUFS;
901 }
902
903 cp = net_buf_add(buf, sizeof(*cp));
904
905 cp->length = param->length;
906 cp->num_rsp = 0xff; /* we limit discovery only by time */
907
908 memcpy(cp->lap, iac, 3);
909 if (param->limited) {
910 cp->lap[0] = 0x00;
911 }
912
913 return bt_hci_cmd_send_sync(BT_HCI_OP_INQUIRY, buf, NULL);
914 }
915
valid_br_discov_param(const struct bt_br_discovery_param * param,size_t num_results)916 static bool valid_br_discov_param(const struct bt_br_discovery_param *param, size_t num_results)
917 {
918 if (!num_results || num_results > 255) {
919 return false;
920 }
921
922 if (!param->length || param->length > 0x30) {
923 return false;
924 }
925
926 return true;
927 }
928
bt_br_discovery_start(const struct bt_br_discovery_param * param,struct bt_br_discovery_result * results,size_t cnt)929 int bt_br_discovery_start(const struct bt_br_discovery_param *param,
930 struct bt_br_discovery_result *results, size_t cnt)
931 {
932 int err;
933
934 LOG_DBG("");
935
936 if (!valid_br_discov_param(param, cnt)) {
937 return -EINVAL;
938 }
939
940 if (atomic_test_bit(bt_dev.flags, BT_DEV_INQUIRY)) {
941 return -EALREADY;
942 }
943
944 err = br_start_inquiry(param);
945 if (err) {
946 return err;
947 }
948
949 atomic_set_bit(bt_dev.flags, BT_DEV_INQUIRY);
950
951 (void)memset(results, 0, sizeof(*results) * cnt);
952
953 discovery_results = results;
954 discovery_results_size = cnt;
955 discovery_results_count = 0;
956
957 return 0;
958 }
959
bt_br_discovery_stop(void)960 int bt_br_discovery_stop(void)
961 {
962 int err;
963 int i;
964
965 LOG_DBG("");
966
967 if (!atomic_test_bit(bt_dev.flags, BT_DEV_INQUIRY)) {
968 return -EALREADY;
969 }
970
971 err = bt_hci_cmd_send_sync(BT_HCI_OP_INQUIRY_CANCEL, NULL, NULL);
972 if (err) {
973 return err;
974 }
975
976 for (i = 0; i < discovery_results_count; i++) {
977 struct bt_br_discovery_priv *priv;
978 struct bt_hci_cp_remote_name_cancel *cp;
979 struct net_buf *buf;
980
981 priv = &discovery_results[i]._priv;
982
983 if (!priv->resolving) {
984 continue;
985 }
986
987 buf = bt_hci_cmd_create(BT_HCI_OP_REMOTE_NAME_CANCEL, sizeof(*cp));
988 if (!buf) {
989 continue;
990 }
991
992 cp = net_buf_add(buf, sizeof(*cp));
993 bt_addr_copy(&cp->bdaddr, &discovery_results[i].addr);
994
995 bt_hci_cmd_send_sync(BT_HCI_OP_REMOTE_NAME_CANCEL, buf, NULL);
996 }
997
998 atomic_clear_bit(bt_dev.flags, BT_DEV_INQUIRY);
999
1000 discovery_results = NULL;
1001 discovery_results_size = 0;
1002 discovery_results_count = 0;
1003
1004 return 0;
1005 }
1006
bt_br_discovery_cb_register(struct bt_br_discovery_cb * cb)1007 void bt_br_discovery_cb_register(struct bt_br_discovery_cb *cb)
1008 {
1009 sys_slist_append(&discovery_cbs, &cb->node);
1010 }
1011
bt_br_discovery_cb_unregister(struct bt_br_discovery_cb * cb)1012 void bt_br_discovery_cb_unregister(struct bt_br_discovery_cb *cb)
1013 {
1014 sys_slist_find_and_remove(&discovery_cbs, &cb->node);
1015 }
1016
write_scan_enable(uint8_t scan)1017 static int write_scan_enable(uint8_t scan)
1018 {
1019 struct net_buf *buf;
1020 int err;
1021
1022 LOG_DBG("type %u", scan);
1023
1024 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_SCAN_ENABLE, 1);
1025 if (!buf) {
1026 return -ENOBUFS;
1027 }
1028
1029 net_buf_add_u8(buf, scan);
1030 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_SCAN_ENABLE, buf, NULL);
1031 if (err) {
1032 return err;
1033 }
1034
1035 atomic_set_bit_to(bt_dev.flags, BT_DEV_ISCAN, (scan & BT_BREDR_SCAN_INQUIRY));
1036 atomic_set_bit_to(bt_dev.flags, BT_DEV_PSCAN, (scan & BT_BREDR_SCAN_PAGE));
1037
1038 return 0;
1039 }
1040
bt_br_set_connectable(bool enable)1041 int bt_br_set_connectable(bool enable)
1042 {
1043 if (enable) {
1044 if (atomic_test_bit(bt_dev.flags, BT_DEV_PSCAN)) {
1045 return -EALREADY;
1046 } else {
1047 return write_scan_enable(BT_BREDR_SCAN_PAGE);
1048 }
1049 } else {
1050 if (!atomic_test_bit(bt_dev.flags, BT_DEV_PSCAN)) {
1051 return -EALREADY;
1052 } else {
1053 return write_scan_enable(BT_BREDR_SCAN_DISABLED);
1054 }
1055 }
1056 }
1057
bt_br_set_discoverable(bool enable)1058 int bt_br_set_discoverable(bool enable)
1059 {
1060 if (enable) {
1061 if (atomic_test_bit(bt_dev.flags, BT_DEV_ISCAN)) {
1062 return -EALREADY;
1063 }
1064
1065 if (!atomic_test_bit(bt_dev.flags, BT_DEV_PSCAN)) {
1066 return -EPERM;
1067 }
1068
1069 return write_scan_enable(BT_BREDR_SCAN_INQUIRY | BT_BREDR_SCAN_PAGE);
1070 } else {
1071 if (!atomic_test_bit(bt_dev.flags, BT_DEV_ISCAN)) {
1072 return -EALREADY;
1073 }
1074
1075 return write_scan_enable(BT_BREDR_SCAN_PAGE);
1076 }
1077 }
1078
