1 /******************************************************************************
2 *
3 * Copyright (C) 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains functions for the Bluetooth Device Manager
22 *
23 ******************************************************************************/
24
25 #include <stdlib.h>
26 #include <string.h>
27 //#include <stdio.h>
28 #include <stddef.h>
29
30 #include "stack/bt_types.h"
31 #include "device/controller.h"
32 #include "stack/hcimsgs.h"
33 #include "stack/btu.h"
34 #include "stack/btm_api.h"
35 #include "btm_int.h"
36 #include "stack/hcidefs.h"
37 #include "stack/l2c_api.h"
38
39 static tBTM_SEC_DEV_REC *btm_find_oldest_dev (void);
40
41 /*******************************************************************************
42 **
43 ** Function BTM_SecAddDevice
44 **
45 ** Description Add/modify device. This function will be normally called
46 ** during host startup to restore all required information
47 ** stored in the NVRAM.
48 **
49 ** Parameters: bd_addr - BD address of the peer
50 ** dev_class - Device Class
51 ** bd_name - Name of the peer device. NULL if unknown.
52 ** features - Remote device's features (up to 3 pages). NULL if not known
53 ** trusted_mask - Bitwise OR of services that do not
54 ** require authorization. (array of UINT32)
55 ** link_key - Connection link key. NULL if unknown.
56 **
57 ** Returns TRUE if added OK, else FALSE
58 **
59 *******************************************************************************/
BTM_SecAddDevice(BD_ADDR bd_addr,DEV_CLASS dev_class,BD_NAME bd_name,UINT8 * features,UINT32 trusted_mask[],LINK_KEY link_key,UINT8 key_type,tBTM_IO_CAP io_cap,UINT8 pin_length,UINT8 sc_support)60 BOOLEAN BTM_SecAddDevice (BD_ADDR bd_addr, DEV_CLASS dev_class, BD_NAME bd_name,
61 UINT8 *features, UINT32 trusted_mask[],
62 LINK_KEY link_key, UINT8 key_type, tBTM_IO_CAP io_cap,
63 UINT8 pin_length, UINT8 sc_support)
64 {
65 #if (SMP_INCLUDED == TRUE)
66 tBTM_SEC_DEV_REC *p_dev_rec;
67 int i, j;
68 BOOLEAN found = FALSE;
69
70 BTM_TRACE_API("%s, link key type:%x\n", __FUNCTION__, key_type);
71 p_dev_rec = btm_find_dev (bd_addr);
72 if (!p_dev_rec) {
73 /* There is no device record, allocate one.
74 * If we can not find an empty spot for this one, let it fail. */
75 if (list_length(btm_cb.p_sec_dev_rec_list) < BTM_SEC_MAX_DEVICE_RECORDS) {
76 p_dev_rec = (tBTM_SEC_DEV_REC *)osi_malloc(sizeof(tBTM_SEC_DEV_REC));
77 if(p_dev_rec) {
78 list_append(btm_cb.p_sec_dev_rec_list, p_dev_rec);
79 /* Mark this record as in use and initialize */
80 memset (p_dev_rec, 0, sizeof (tBTM_SEC_DEV_REC));
81 p_dev_rec->sec_flags = BTM_SEC_IN_USE;
82 memcpy (p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN);
83 p_dev_rec->hci_handle = BTM_GetHCIConnHandle (bd_addr, BT_TRANSPORT_BR_EDR);
84 p_dev_rec->ble_hci_handle = BTM_GetHCIConnHandle (bd_addr, BT_TRANSPORT_LE);
85
86 #if BLE_INCLUDED == TRUE
87 /* use default value for background connection params */
88 /* update conn params, use default value for background connection params */
89 memset(&p_dev_rec->conn_params, 0xff, sizeof(tBTM_LE_CONN_PRAMS));
90 #endif
91 }
92 }
93
94 if (!p_dev_rec) {
95 return (FALSE);
96 }
97 }
98 p_dev_rec->bond_type = BOND_TYPE_UNKNOWN; /* Default value */
99 p_dev_rec->timestamp = btm_cb.dev_rec_count++;
100 p_dev_rec->remote_secure_connection_previous_state = sc_support;
101
102 if (dev_class) {
103 memcpy (p_dev_rec->dev_class, dev_class, DEV_CLASS_LEN);
104 }
105
106 memset(p_dev_rec->sec_bd_name, 0, sizeof(tBTM_BD_NAME));
107
108 if (bd_name && bd_name[0]) {
109 p_dev_rec->sec_flags |= BTM_SEC_NAME_KNOWN;
110 BCM_STRNCPY_S ((char *)p_dev_rec->sec_bd_name, (char *)bd_name, BTM_MAX_REM_BD_NAME_LEN);
111 }
112
113 p_dev_rec->num_read_pages = 0;
114 if (features) {
115 memcpy (p_dev_rec->features, features, sizeof (p_dev_rec->features));
116 for (i = HCI_EXT_FEATURES_PAGE_MAX; i >= 0; i--) {
117 for (j = 0; j < HCI_FEATURE_BYTES_PER_PAGE; j++) {
118 if (p_dev_rec->features[i][j] != 0) {
119 found = TRUE;
120 break;
121 }
122 }
123 if (found) {
124 p_dev_rec->num_read_pages = i + 1;
125 break;
126 }
127 }
128 } else {
129 memset (p_dev_rec->features, 0, sizeof (p_dev_rec->features));
130 }
131
132 BTM_SEC_COPY_TRUSTED_DEVICE(trusted_mask, p_dev_rec->trusted_mask);
133
134 if (link_key) {
135 BTM_TRACE_EVENT ("BTM_SecAddDevice() BDA: %02x:%02x:%02x:%02x:%02x:%02x\n",
136 bd_addr[0], bd_addr[1], bd_addr[2],
137 bd_addr[3], bd_addr[4], bd_addr[5]);
138 p_dev_rec->sec_flags |= BTM_SEC_LINK_KEY_KNOWN;
139 memcpy (p_dev_rec->link_key, link_key, LINK_KEY_LEN);
140 p_dev_rec->link_key_type = key_type;
141 p_dev_rec->pin_code_length = pin_length;
142
143 if (pin_length >= 16 ||
144 key_type == BTM_LKEY_TYPE_AUTH_COMB ||
145 key_type == BTM_LKEY_TYPE_AUTH_COMB_P_256) {
146 // Set the fiag if the link key was made by using either a 16 digit
147 // pin or MITM.
148 p_dev_rec->sec_flags |= BTM_SEC_16_DIGIT_PIN_AUTHED;
149 }
150 }
151
152 #if defined(BTIF_MIXED_MODE_INCLUDED) && (BTIF_MIXED_MODE_INCLUDED == TRUE)
153 if (key_type < BTM_MAX_PRE_SM4_LKEY_TYPE) {
154 p_dev_rec->sm4 = BTM_SM4_KNOWN;
155 } else {
156 p_dev_rec->sm4 = BTM_SM4_TRUE;
157 }
158 #endif
159
160 p_dev_rec->rmt_io_caps = io_cap;
161 p_dev_rec->device_type |= BT_DEVICE_TYPE_BREDR;
162 #endif ///SMP_INCLUDED == TRUE
163 return (TRUE);
164 }
165
166
167 /*******************************************************************************
168 **
169 ** Function BTM_SecDeleteDevice
170 **
171 ** Description Free resources associated with the device.
172 **
173 ** Parameters: bd_addr - BD address of the peer
174 ** transport - BT_TRANSPORT_BR_EDR or BT_TRANSPORT_LE
175 **
176 ** Returns TRUE if removed OK, FALSE if not found or ACL link is active
177 **
178 *******************************************************************************/
BTM_SecDeleteDevice(BD_ADDR bd_addr,tBT_TRANSPORT transport)179 BOOLEAN BTM_SecDeleteDevice (BD_ADDR bd_addr, tBT_TRANSPORT transport)
180 {
181 tBTM_SEC_DEV_REC *p_dev_rec;
182
183 if (BTM_IsAclConnectionUp(bd_addr, transport)) {
184 BTM_TRACE_WARNING("%s FAILED: Cannot Delete when connection is active\n", __func__);
185 return FALSE;
186 }
187
188 if ((p_dev_rec = btm_find_dev(bd_addr)) != NULL) {
189 /* Tell controller to get rid of the link key, if it has one stored */
190 BTM_DeleteStoredLinkKey (p_dev_rec->bd_addr, NULL);
191
192 btm_sec_free_dev(p_dev_rec, transport);
193 }
194
195 #if (BLE_SMP_ID_RESET_ENABLE == TRUE)
196 /*
197 * There are tracking risks associated with using a fixed or static IRK.
198 * A best-practices approach, when all pairing and bonding records are deleted,
199 * assign a new randomly-generated IRK.
200 */
201 if (list_is_empty(btm_cb.p_sec_dev_rec_list)) {
202 btm_ble_reset_id();
203 }
204 #endif
205
206 return TRUE;
207 }
208
209 /*******************************************************************************
210 **
211 ** Function BTM_SecClearSecurityFlags
212 **
213 ** Description Reset the security flags (mark as not-paired) for a given
214 ** remove device.
215 **
216 *******************************************************************************/
BTM_SecClearSecurityFlags(BD_ADDR bd_addr)217 extern void BTM_SecClearSecurityFlags (BD_ADDR bd_addr)
218 {
219 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bd_addr);
220 if (p_dev_rec == NULL) {
221 return;
222 }
223
224 p_dev_rec->sec_flags = 0;
225 p_dev_rec->sec_state = BTM_SEC_STATE_IDLE;
226 p_dev_rec->sm4 = BTM_SM4_UNKNOWN;
227 }
228
229
230 /*******************************************************************************
231 **
232 ** Function BTM_SecReadDevName
233 **
234 ** Description Looks for the device name in the security database for the
235 ** specified BD address.
236 **
237 ** Returns Pointer to the name or NULL
238 **
239 *******************************************************************************/
BTM_SecReadDevName(BD_ADDR bd_addr)240 char *BTM_SecReadDevName (BD_ADDR bd_addr)
241 {
242 char *p_name = NULL;
243 tBTM_SEC_DEV_REC *p_srec;
244
245 if ((p_srec = btm_find_dev(bd_addr)) != NULL) {
246 p_name = (char *)p_srec->sec_bd_name;
247 }
248
249 return (p_name);
250 }
251
252
253 /*******************************************************************************
254 **
255 ** Function btm_find_sec_dev_in_list
256 **
257 ** Description Look for the record in the device database for the record
258 ** with specified address
259 **
260 ** Returns Pointer to the record or NULL
261 **
262 *******************************************************************************/
btm_find_sec_dev_in_list(void * p_node_data,void * context)263 BOOLEAN btm_find_sec_dev_in_list (void *p_node_data, void *context)
264 {
265 tBTM_SEC_DEV_REC *p_sec_dev = (tBTM_SEC_DEV_REC *)p_node_data;
266 BOOLEAN ret = TRUE;
267 BOOLEAN dev_free = !(p_sec_dev->sec_flags & BTM_SEC_IN_USE);
268 tSecDevContext *p_context = (tSecDevContext *)context;
269
270 if (dev_free == p_context->free_check) {
271 switch (p_context->type) {
272 case SEC_DEV_BDA:
273 if (!memcmp(p_context->context.p_bd_addr, p_sec_dev->bd_addr, BD_ADDR_LEN)) {
274 ret = FALSE;
275 }
276 break;
277 case SEC_DEV_HDL:
278 if (p_context->context.handle == p_sec_dev->hci_handle
279 #if BLE_INCLUDED == TRUE
280 || (p_context->context.handle == p_sec_dev->ble_hci_handle)
281 #endif
282 ) {
283 ret = FALSE;
284 }
285 break;
286 #if BLE_PRIVACY_SPT == TRUE
287 case SEC_DEV_ID_ADDR:
288 if (!memcmp(p_context->context.p_bd_addr, p_sec_dev->ble.static_addr, BD_ADDR_LEN)) {
289 ret = FALSE;
290 }
291 break;
292 #endif //BLE_PRIVACY_SPT == TRUE
293 case SEC_DEV_BTDM_BDA:
294 if (!memcmp(p_context->context.p_bd_addr, p_sec_dev->bd_addr, BD_ADDR_LEN)) {
295 ret = FALSE;
296 }
297 #if BLE_INCLUDED == TRUE
298 // If a LE random address is looking for device record
299 if (!memcmp(p_sec_dev->ble.pseudo_addr, p_context->context.p_bd_addr, BD_ADDR_LEN)) {
300 ret = FALSE;
301 }
302
303 if (btm_ble_addr_resolvable(p_context->context.p_bd_addr, p_sec_dev)) {
304 ret = FALSE;
305 }
306 #endif
307 break;
308 default:
309 break;
310 }
311 }
312 return ret;
313 }
314
315 /*******************************************************************************
316 **
317 ** Function btm_sec_alloc_dev
318 **
319 ** Description Look for the record in the device database for the record
320 ** with specified address
321 **
322 ** Returns Pointer to the record or NULL
323 **
324 *******************************************************************************/
btm_sec_alloc_dev(BD_ADDR bd_addr)325 tBTM_SEC_DEV_REC *btm_sec_alloc_dev (BD_ADDR bd_addr)
326 {
327 tBTM_SEC_DEV_REC *p_dev_rec = NULL;
328 tBTM_SEC_DEV_REC *p_dev_new_rec = NULL;
329 tBTM_SEC_DEV_REC *p_dev_old_rec = NULL;
330 tBTM_INQ_INFO *p_inq_info;
331 list_node_t *p_node = NULL;
332 BOOLEAN new_entry_found = FALSE;
333 BOOLEAN old_entry_found = FALSE;
334 BOOLEAN malloc_new_entry = FALSE;
335 BTM_TRACE_EVENT ("btm_sec_alloc_dev\n");
336 for (p_node = list_begin(btm_cb.p_sec_dev_rec_list); p_node; p_node = list_next(p_node)) {
337 p_dev_old_rec = list_node(p_node);
338 /* look for old entry which match the bd_addr and the BTM_SEC_IN_USE is cleared */
339 if (!(p_dev_old_rec->sec_flags & BTM_SEC_IN_USE) &&
340 (!memcmp (p_dev_old_rec->bd_addr, bd_addr, BD_ADDR_LEN))) {
341 old_entry_found = TRUE;
342 BTM_TRACE_EVENT ("btm_sec_alloc_dev old device found\n");
343 break;
344 }
345 }
346 for (p_node = list_begin(btm_cb.p_sec_dev_rec_list); p_node; p_node = list_next(p_node)) {
347 p_dev_new_rec = list_node(p_node);
348 /* find the first entry whose BTM_SEC_IN_USE is cleared */
349 if (!(p_dev_new_rec->sec_flags & BTM_SEC_IN_USE)) {
350 new_entry_found = TRUE;
351 break;
352 }
353 }
354 if (!new_entry_found) {
355 /* We can not find new device. We need malloc a new one if p_sec_dev_rec_list is not full */
356 if (list_length(btm_cb.p_sec_dev_rec_list) < BTM_SEC_MAX_DEVICE_RECORDS){
357 p_dev_new_rec = (tBTM_SEC_DEV_REC *)osi_malloc(sizeof(tBTM_SEC_DEV_REC));
358 if (p_dev_new_rec) {
359 new_entry_found = TRUE;
360 malloc_new_entry = TRUE;
361 } else {
362 return NULL;
363 }
364 }
365 }
366 if (!new_entry_found) {
367 p_dev_rec = btm_find_oldest_dev();
368 } else {
369 /* if the old device entry not present go with new entry */
370 if (old_entry_found) {
371 p_dev_rec = p_dev_old_rec;
372 if (malloc_new_entry) {
373 osi_free(p_dev_new_rec);
374 }
375 } else {
376 if (malloc_new_entry) {
377 list_append(btm_cb.p_sec_dev_rec_list, p_dev_new_rec);
378 }
379 p_dev_rec = p_dev_new_rec;
380 }
381 }
382 memset (p_dev_rec, 0, sizeof (tBTM_SEC_DEV_REC));
383
384 p_dev_rec->bond_type = BOND_TYPE_UNKNOWN; /* Default value */
385 p_dev_rec->sec_flags = BTM_SEC_IN_USE;
386
387 /* Check with the BT manager if details about remote device are known */
388 /* outgoing connection */
389 if ((p_inq_info = BTM_InqDbRead(bd_addr)) != NULL) {
390 memcpy (p_dev_rec->dev_class, p_inq_info->results.dev_class, DEV_CLASS_LEN);
391
392 #if BLE_INCLUDED == TRUE
393 p_dev_rec->device_type = p_inq_info->results.device_type;
394 p_dev_rec->ble.ble_addr_type = p_inq_info->results.ble_addr_type;
395
396 /* update conn params, use default value for background connection params */
397 memset(&p_dev_rec->conn_params, 0xff, sizeof(tBTM_LE_CONN_PRAMS));
398 #endif
399 } else {
400 #if BLE_INCLUDED == TRUE
401 /* update conn params, use default value for background connection params */
402 memset(&p_dev_rec->conn_params, 0xff, sizeof(tBTM_LE_CONN_PRAMS));
403 #endif
404
405 if (!memcmp (bd_addr, btm_cb.connecting_bda, BD_ADDR_LEN)) {
406 memcpy (p_dev_rec->dev_class, btm_cb.connecting_dc, DEV_CLASS_LEN);
407 }
408 }
409
410 memcpy (p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN);
411
412 #if BLE_INCLUDED == TRUE
413 p_dev_rec->ble_hci_handle = BTM_GetHCIConnHandle (bd_addr, BT_TRANSPORT_LE);
414 #endif
415 p_dev_rec->hci_handle = BTM_GetHCIConnHandle (bd_addr, BT_TRANSPORT_BR_EDR);
416 p_dev_rec->timestamp = btm_cb.dev_rec_count++;
417
418 return (p_dev_rec);
419 }
420
421
422 /*******************************************************************************
423 **
424 ** Function btm_sec_free_dev
425 **
426 ** Description Mark device record as not used
427 **
428 *******************************************************************************/
btm_sec_free_dev(tBTM_SEC_DEV_REC * p_dev_rec,tBT_TRANSPORT transport)429 void btm_sec_free_dev (tBTM_SEC_DEV_REC *p_dev_rec, tBT_TRANSPORT transport)
430 {
431 if (transport == BT_TRANSPORT_BR_EDR) {
432 memset(p_dev_rec->link_key, 0, LINK_KEY_LEN);
433 p_dev_rec->sec_flags &= ~(BTM_SEC_AUTHORIZED | BTM_SEC_AUTHENTICATED
434 | BTM_SEC_ENCRYPTED | BTM_SEC_NAME_KNOWN
435 | BTM_SEC_LINK_KEY_KNOWN | BTM_SEC_LINK_KEY_AUTHED
436 | BTM_SEC_ROLE_SWITCHED | BTM_SEC_16_DIGIT_PIN_AUTHED);
437 } else if (transport == BT_TRANSPORT_LE) {
438 p_dev_rec->bond_type = BOND_TYPE_UNKNOWN;
439 p_dev_rec->sec_flags &= ~(BTM_SEC_LE_AUTHENTICATED | BTM_SEC_LE_ENCRYPTED
440 | BTM_SEC_LE_NAME_KNOWN | BTM_SEC_LE_LINK_KEY_KNOWN
441 | BTM_SEC_LE_LINK_KEY_AUTHED | BTM_SEC_ROLE_SWITCHED);
442 #if BLE_INCLUDED == TRUE
443 /* Clear out any saved BLE keys */
444 btm_sec_clear_ble_keys (p_dev_rec);
445 #endif
446 } else {
447 p_dev_rec->bond_type = BOND_TYPE_UNKNOWN;
448 memset(p_dev_rec->link_key, 0, LINK_KEY_LEN);
449 p_dev_rec->sec_flags = 0;
450
451 #if BLE_INCLUDED == TRUE
452 /* Clear out any saved BLE keys */
453 btm_sec_clear_ble_keys (p_dev_rec);
454 #endif
455 }
456 /* No BLE keys and BT keys, clear the sec_flags */
457 if(p_dev_rec->sec_flags == BTM_SEC_IN_USE) {
458 p_dev_rec->sec_flags = 0;
459 }
460 list_remove(btm_cb.p_sec_dev_rec_list, p_dev_rec);
461 }
462
463 /*******************************************************************************
464 **
465 ** Function btm_dev_support_switch
466 **
467 ** Description This function is called by the L2CAP to check if remote
468 ** device supports role switch
469 **
470 ** Parameters: bd_addr - Address of the peer device
471 **
472 ** Returns TRUE if device is known and role switch is supported
473 **
474 *******************************************************************************/
btm_dev_support_switch(BD_ADDR bd_addr)475 BOOLEAN btm_dev_support_switch (BD_ADDR bd_addr)
476 {
477 tBTM_SEC_DEV_REC *p_dev_rec;
478 UINT8 xx;
479 BOOLEAN feature_empty = TRUE;
480
481 #if BTM_SCO_INCLUDED == TRUE
482 /* Role switch is not allowed if a SCO is up */
483 if (btm_is_sco_active_by_bdaddr(bd_addr)) {
484 return (FALSE);
485 }
486 #endif
487 p_dev_rec = btm_find_dev (bd_addr);
488 if (p_dev_rec && controller_get_interface()->supports_master_slave_role_switch()) {
489 if (HCI_SWITCH_SUPPORTED(p_dev_rec->features[HCI_EXT_FEATURES_PAGE_0])) {
490 BTM_TRACE_DEBUG("btm_dev_support_switch return TRUE (feature found)\n");
491 return (TRUE);
492 }
493
494 /* If the feature field is all zero, we never received them */
495 for (xx = 0 ; xx < BD_FEATURES_LEN ; xx++) {
496 if (p_dev_rec->features[HCI_EXT_FEATURES_PAGE_0][xx] != 0x00) {
497 feature_empty = FALSE; /* at least one is != 0 */
498 break;
499 }
500 }
501
502 /* If we don't know peer's capabilities, assume it supports Role-switch */
503 if (feature_empty) {
504 BTM_TRACE_DEBUG("btm_dev_support_switch return TRUE (feature empty)\n");
505 return (TRUE);
506 }
507 }
508
509 BTM_TRACE_DEBUG("btm_dev_support_switch return FALSE\n");
510 return (FALSE);
511 }
512
513 /*******************************************************************************
514 **
515 ** Function btm_find_dev_by_handle
516 **
517 ** Description Look for the record in the device database for the record
518 ** with specified handle
519 **
520 ** Returns Pointer to the record or NULL
521 **
522 *******************************************************************************/
btm_find_dev_by_handle(UINT16 handle)523 tBTM_SEC_DEV_REC *btm_find_dev_by_handle (UINT16 handle)
524 {
525 tBTM_SEC_DEV_REC *p_dev_rec = NULL;
526 list_node_t *p_node = NULL;
527 tSecDevContext context;
528 context.type = SEC_DEV_HDL;
529 context.context.handle = handle;
530 context.free_check = FALSE;
531
532 p_node = list_foreach(btm_cb.p_sec_dev_rec_list, btm_find_sec_dev_in_list, &context);
533 if (p_node) {
534 p_dev_rec = list_node(p_node);
535 }
536 return (p_dev_rec);
537 }
538 /*******************************************************************************
539 **
540 ** Function btm_find_dev
541 **
542 ** Description Look for the record in the device database for the record
543 ** with specified BD address
544 **
545 ** Returns Pointer to the record or NULL
546 **
547 *******************************************************************************/
btm_find_dev(BD_ADDR bd_addr)548 tBTM_SEC_DEV_REC *btm_find_dev(BD_ADDR bd_addr)
549 {
550 if(bd_addr) {
551 list_node_t *p_node = NULL;
552 tSecDevContext context;
553 context.type = SEC_DEV_BTDM_BDA;
554 context.context.p_bd_addr = bd_addr;
555 context.free_check = FALSE;
556 p_node = list_foreach(btm_cb.p_sec_dev_rec_list, btm_find_sec_dev_in_list, &context);
557 if (p_node) {
558 return(list_node(p_node));
559 }
560 }
561 return (NULL);
562 }
563 /*******************************************************************************
564 **
565 ** Function btm_consolidate_dev
566 **
567 ** Description combine security records if identified as same peer
568 **
569 ** Returns none
570 **
571 *******************************************************************************/
btm_consolidate_dev(tBTM_SEC_DEV_REC * p_target_rec)572 void btm_consolidate_dev(tBTM_SEC_DEV_REC *p_target_rec)
573 {
574 #if BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE
575 tBTM_SEC_DEV_REC *p_dev_rec = NULL;
576 tBTM_SEC_DEV_REC temp_rec = *p_target_rec;
577 list_node_t *p_node = NULL;
578 BTM_TRACE_DEBUG("%s\n", __func__);
579
580 for (p_node = list_begin(btm_cb.p_sec_dev_rec_list); p_node; p_node = list_next(p_node)) {
581 p_dev_rec = list_node(p_node);
582 if (p_target_rec != p_dev_rec && p_dev_rec->sec_flags & BTM_SEC_IN_USE) {
583 if (!memcmp (p_dev_rec->bd_addr, p_target_rec->bd_addr, BD_ADDR_LEN)) {
584 memcpy(p_target_rec, p_dev_rec, sizeof(tBTM_SEC_DEV_REC));
585 p_target_rec->ble = temp_rec.ble;
586 p_target_rec->ble_hci_handle = temp_rec.ble_hci_handle;
587 p_target_rec->enc_key_size = temp_rec.enc_key_size;
588 p_target_rec->conn_params = temp_rec.conn_params;
589 p_target_rec->device_type |= temp_rec.device_type;
590 p_target_rec->sec_flags |= temp_rec.sec_flags;
591
592 p_target_rec->new_encryption_key_is_p256 = temp_rec.new_encryption_key_is_p256;
593 p_target_rec->no_smp_on_br = temp_rec.no_smp_on_br;
594 p_target_rec->bond_type = temp_rec.bond_type;
595 /* Remove the unused device from the list */
596 list_remove(btm_cb.p_sec_dev_rec_list, p_dev_rec);
597 break;
598 }
599
600 /* an RPA device entry is a duplicate of the target record */
601 if (btm_ble_addr_resolvable(p_dev_rec->bd_addr, p_target_rec)) {
602 if (memcmp(p_target_rec->ble.pseudo_addr, p_dev_rec->bd_addr, BD_ADDR_LEN) == 0) {
603 p_target_rec->ble.ble_addr_type = p_dev_rec->ble.ble_addr_type;
604 p_target_rec->device_type |= p_dev_rec->device_type;
605 /* Remove the unused device from the list */
606 list_remove(btm_cb.p_sec_dev_rec_list, p_dev_rec);
607 }
608 break;
609 }
610 }
611 }
612 #endif
613 }
614
615 /*******************************************************************************
616 **
617 ** Function btm_find_or_alloc_dev
618 **
619 ** Description Look for the record in the device database for the record
620 ** with specified BD address
621 **
622 ** Returns Pointer to the record or NULL
623 **
624 *******************************************************************************/
btm_find_or_alloc_dev(BD_ADDR bd_addr)625 tBTM_SEC_DEV_REC *btm_find_or_alloc_dev (BD_ADDR bd_addr)
626 {
627 tBTM_SEC_DEV_REC *p_dev_rec;
628 BTM_TRACE_EVENT ("btm_find_or_alloc_dev\n");
629 if ((p_dev_rec = btm_find_dev (bd_addr)) == NULL) {
630
631 /* Allocate a new device record or reuse the oldest one */
632 p_dev_rec = btm_sec_alloc_dev (bd_addr);
633 }
634 return (p_dev_rec);
635 }
636
637 /*******************************************************************************
638 **
639 ** Function btm_find_oldest_dev
640 **
641 ** Description Locates the oldest device in use. It first looks for
642 ** the oldest non-paired device. If all devices are paired it
643 ** deletes the oldest paired device.
644 **
645 ** Returns Pointer to the record or NULL
646 **
647 *******************************************************************************/
btm_find_oldest_dev(void)648 tBTM_SEC_DEV_REC *btm_find_oldest_dev (void)
649 {
650 tBTM_SEC_DEV_REC *p_dev_rec = NULL;
651 tBTM_SEC_DEV_REC *p_oldest = NULL;
652 list_node_t *p_node = NULL;
653 UINT32 old_ts = 0xFFFFFFFF;
654
655 /* First look for the non-paired devices for the oldest entry */
656 for (p_node = list_begin(btm_cb.p_sec_dev_rec_list); p_node; p_node = list_next(p_node)) {
657 p_dev_rec = list_node(p_node);
658 if (((p_dev_rec->sec_flags & BTM_SEC_IN_USE) == 0)
659 || ((p_dev_rec->sec_flags & (BTM_SEC_LINK_KEY_KNOWN | BTM_SEC_LE_LINK_KEY_KNOWN)) != 0)) {
660 continue; /* Device is paired so skip it */
661 }
662
663 if (p_dev_rec->timestamp < old_ts) {
664 p_oldest = p_dev_rec;
665 old_ts = p_dev_rec->timestamp;
666 }
667 }
668
669 if (old_ts != 0xFFFFFFFF) {
670 return (p_oldest);
671 }
672
673 /* All devices are paired; find the oldest */
674 for (p_node = list_begin(btm_cb.p_sec_dev_rec_list); p_node; p_node = list_next(p_node)) {
675 if ((p_dev_rec->sec_flags & BTM_SEC_IN_USE) == 0) {
676 continue;
677 }
678
679 if (p_dev_rec->timestamp < old_ts) {
680 p_oldest = p_dev_rec;
681 old_ts = p_dev_rec->timestamp;
682 }
683 }
684 return (p_oldest);
685 }
686 /*******************************************************************************
687 **
688 ** Function btm_get_bond_type_dev
689 **
690 ** Description Get the bond type for a device in the device database
691 ** with specified BD address
692 **
693 ** Returns The device bond type if known, otherwise BOND_TYPE_UNKNOWN
694 **
695 *******************************************************************************/
btm_get_bond_type_dev(BD_ADDR bd_addr)696 tBTM_BOND_TYPE btm_get_bond_type_dev(BD_ADDR bd_addr)
697 {
698 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bd_addr);
699
700 if (p_dev_rec == NULL) {
701 return BOND_TYPE_UNKNOWN;
702 }
703
704 return p_dev_rec->bond_type;
705 }
706
707 /*******************************************************************************
708 **
709 ** Function btm_set_bond_type_dev
710 **
711 ** Description Set the bond type for a device in the device database
712 ** with specified BD address
713 **
714 ** Returns TRUE on success, otherwise FALSE
715 **
716 *******************************************************************************/
btm_set_bond_type_dev(BD_ADDR bd_addr,tBTM_BOND_TYPE bond_type)717 BOOLEAN btm_set_bond_type_dev(BD_ADDR bd_addr, tBTM_BOND_TYPE bond_type)
718 {
719 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bd_addr);
720
721 if (p_dev_rec == NULL) {
722 return FALSE;
723 }
724
725 p_dev_rec->bond_type = bond_type;
726 return TRUE;
727 }
728
729 /*******************************************************************************
730 **
731 ** Function btm_sec_dev_init
732 **
733 ** Description Create new linked list for dynamic allocation on sec_dev_rec
734 **
735 *******************************************************************************/
btm_sec_dev_init(void)736 void btm_sec_dev_init(void)
737 {
738 btm_cb.p_sec_dev_rec_list = list_new(osi_free_func);
739 }
740
741 /*******************************************************************************
742 **
743 ** Function btm_sec_dev_free
744 **
745 ** Description Delete sec_dev_rec list when btm_cb is being released
746 **
747 *******************************************************************************/
btm_sec_dev_free(void)748 void btm_sec_dev_free(void)
749 {
750 list_free(btm_cb.p_sec_dev_rec_list);
751 }
752
