1 /*
2 * Copyright (c) 2017-2021 Nordic Semiconductor ASA
3 * Copyright (c) 2015-2016 Intel Corporation
4 *
5 * SPDX-License-Identifier: Apache-2.0
6 */
7
8 #include <zephyr/sys/byteorder.h>
9
10 #include <zephyr/bluetooth/bluetooth.h>
11 #include <zephyr/bluetooth/hci.h>
12 #include <zephyr/bluetooth/buf.h>
13
14 #include "common/bt_str.h"
15
16 #include "host/hci_core.h"
17 #include "host/conn_internal.h"
18 #include "host/keys.h"
19 #include "sco_internal.h"
20
21 #define LOG_LEVEL CONFIG_BT_HCI_CORE_LOG_LEVEL
22 #include <zephyr/logging/log.h>
23 LOG_MODULE_REGISTER(bt_br);
24
25 static bt_br_discovery_cb_t *discovery_cb;
26 struct bt_br_discovery_result *discovery_results;
27 static size_t discovery_results_size;
28 static size_t discovery_results_count;
29
reject_conn(const bt_addr_t * bdaddr,uint8_t reason)30 static int reject_conn(const bt_addr_t *bdaddr, uint8_t reason)
31 {
32 struct bt_hci_cp_reject_conn_req *cp;
33 struct net_buf *buf;
34 int err;
35
36 buf = bt_hci_cmd_create(BT_HCI_OP_REJECT_CONN_REQ, sizeof(*cp));
37 if (!buf) {
38 return -ENOBUFS;
39 }
40
41 cp = net_buf_add(buf, sizeof(*cp));
42 bt_addr_copy(&cp->bdaddr, bdaddr);
43 cp->reason = reason;
44
45 err = bt_hci_cmd_send_sync(BT_HCI_OP_REJECT_CONN_REQ, buf, NULL);
46 if (err) {
47 return err;
48 }
49
50 return 0;
51 }
52
accept_conn(const bt_addr_t * bdaddr)53 static int accept_conn(const bt_addr_t *bdaddr)
54 {
55 struct bt_hci_cp_accept_conn_req *cp;
56 struct net_buf *buf;
57 int err;
58
59 buf = bt_hci_cmd_create(BT_HCI_OP_ACCEPT_CONN_REQ, sizeof(*cp));
60 if (!buf) {
61 return -ENOBUFS;
62 }
63
64 cp = net_buf_add(buf, sizeof(*cp));
65 bt_addr_copy(&cp->bdaddr, bdaddr);
66 cp->role = BT_HCI_ROLE_PERIPHERAL;
67
68 err = bt_hci_cmd_send_sync(BT_HCI_OP_ACCEPT_CONN_REQ, buf, NULL);
69 if (err) {
70 return err;
71 }
72
73 return 0;
74 }
75
bt_hci_conn_req(struct net_buf * buf)76 void bt_hci_conn_req(struct net_buf *buf)
77 {
78 struct bt_hci_evt_conn_request *evt = (void *)buf->data;
79 struct bt_conn *conn;
80
81 LOG_DBG("conn req from %s, type 0x%02x", bt_addr_str(&evt->bdaddr), evt->link_type);
82
83 if (evt->link_type != BT_HCI_ACL) {
84 uint8_t err;
85
86 err = bt_esco_conn_req(evt);
87 if (err != BT_HCI_ERR_SUCCESS) {
88 reject_conn(&evt->bdaddr, err);
89 }
90 return;
91 }
92
93 conn = bt_conn_add_br(&evt->bdaddr);
94 if (!conn) {
95 reject_conn(&evt->bdaddr, BT_HCI_ERR_INSUFFICIENT_RESOURCES);
96 return;
97 }
98
99 accept_conn(&evt->bdaddr);
100 conn->role = BT_HCI_ROLE_PERIPHERAL;
101 bt_conn_set_state(conn, BT_CONN_INITIATING);
102 bt_conn_unref(conn);
103 }
104
br_sufficient_key_size(struct bt_conn * conn)105 static bool br_sufficient_key_size(struct bt_conn *conn)
106 {
107 struct bt_hci_cp_read_encryption_key_size *cp;
108 struct bt_hci_rp_read_encryption_key_size *rp;
109 struct net_buf *buf, *rsp;
110 uint8_t key_size;
111 int err;
112
113 buf = bt_hci_cmd_create(BT_HCI_OP_READ_ENCRYPTION_KEY_SIZE, sizeof(*cp));
114 if (!buf) {
115 LOG_ERR("Failed to allocate command buffer");
116 return false;
117 }
118
119 cp = net_buf_add(buf, sizeof(*cp));
120 cp->handle = sys_cpu_to_le16(conn->handle);
121
122 err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_ENCRYPTION_KEY_SIZE, buf, &rsp);
123 if (err) {
124 LOG_ERR("Failed to read encryption key size (err %d)", err);
125 return false;
126 }
127
128 if (rsp->len < sizeof(*rp)) {
129 LOG_ERR("Too small command complete for encryption key size");
130 net_buf_unref(rsp);
131 return false;
132 }
133
134 rp = (void *)rsp->data;
135 key_size = rp->key_size;
136 net_buf_unref(rsp);
137
138 LOG_DBG("Encryption key size is %u", key_size);
139
140 if (conn->sec_level == BT_SECURITY_L4) {
141 return key_size == BT_HCI_ENCRYPTION_KEY_SIZE_MAX;
142 }
143
144 return key_size >= BT_HCI_ENCRYPTION_KEY_SIZE_MIN;
145 }
146
bt_br_update_sec_level(struct bt_conn * conn)147 bool bt_br_update_sec_level(struct bt_conn *conn)
148 {
149 if (!conn->encrypt) {
150 conn->sec_level = BT_SECURITY_L1;
151 return true;
152 }
153
154 if (conn->br.link_key) {
155 if (conn->br.link_key->flags & BT_LINK_KEY_AUTHENTICATED) {
156 if (conn->encrypt == 0x02) {
157 conn->sec_level = BT_SECURITY_L4;
158 } else {
159 conn->sec_level = BT_SECURITY_L3;
160 }
161 } else {
162 conn->sec_level = BT_SECURITY_L2;
163 }
164 } else {
165 LOG_WRN("No BR/EDR link key found");
166 conn->sec_level = BT_SECURITY_L2;
167 }
168
169 if (!br_sufficient_key_size(conn)) {
170 LOG_ERR("Encryption key size is not sufficient");
171 bt_conn_disconnect(conn, BT_HCI_ERR_AUTH_FAIL);
172 return false;
173 }
174
175 if (conn->required_sec_level > conn->sec_level) {
176 LOG_ERR("Failed to set required security level");
177 bt_conn_disconnect(conn, BT_HCI_ERR_AUTH_FAIL);
178 return false;
179 }
180
181 return true;
182 }
183
bt_hci_synchronous_conn_complete(struct net_buf * buf)184 void bt_hci_synchronous_conn_complete(struct net_buf *buf)
185 {
186 struct bt_hci_evt_sync_conn_complete *evt = (void *)buf->data;
187 struct bt_conn *sco_conn;
188 uint16_t handle = sys_le16_to_cpu(evt->handle);
189
190 LOG_DBG("status 0x%02x, handle %u, type 0x%02x", evt->status, handle, evt->link_type);
191
192 sco_conn = bt_conn_lookup_addr_sco(&evt->bdaddr);
193 if (!sco_conn) {
194 LOG_ERR("Unable to find conn for %s", bt_addr_str(&evt->bdaddr));
195 return;
196 }
197
198 if (evt->status) {
199 sco_conn->err = evt->status;
200 bt_conn_set_state(sco_conn, BT_CONN_DISCONNECTED);
201 bt_conn_unref(sco_conn);
202 return;
203 }
204
205 sco_conn->handle = handle;
206 bt_conn_set_state(sco_conn, BT_CONN_CONNECTED);
207 bt_conn_unref(sco_conn);
208 }
209
bt_hci_conn_complete(struct net_buf * buf)210 void bt_hci_conn_complete(struct net_buf *buf)
211 {
212 struct bt_hci_evt_conn_complete *evt = (void *)buf->data;
213 struct bt_conn *conn;
214 struct bt_hci_cp_read_remote_features *cp;
215 uint16_t handle = sys_le16_to_cpu(evt->handle);
216
217 LOG_DBG("status 0x%02x, handle %u, type 0x%02x", evt->status, handle, evt->link_type);
218
219 conn = bt_conn_lookup_addr_br(&evt->bdaddr);
220 if (!conn) {
221 LOG_ERR("Unable to find conn for %s", bt_addr_str(&evt->bdaddr));
222 return;
223 }
224
225 if (evt->status) {
226 conn->err = evt->status;
227 bt_conn_set_state(conn, BT_CONN_DISCONNECTED);
228 bt_conn_unref(conn);
229 return;
230 }
231
232 conn->handle = handle;
233 conn->err = 0U;
234 conn->encrypt = evt->encr_enabled;
235
236 if (!bt_br_update_sec_level(conn)) {
237 bt_conn_unref(conn);
238 return;
239 }
240
241 bt_conn_set_state(conn, BT_CONN_CONNECTED);
242
243 bt_conn_connected(conn);
244
245 bt_conn_unref(conn);
246
247 buf = bt_hci_cmd_create(BT_HCI_OP_READ_REMOTE_FEATURES, sizeof(*cp));
248 if (!buf) {
249 return;
250 }
251
252 cp = net_buf_add(buf, sizeof(*cp));
253 cp->handle = evt->handle;
254
255 bt_hci_cmd_send_sync(BT_HCI_OP_READ_REMOTE_FEATURES, buf, NULL);
256 }
257
258 struct discovery_priv {
259 uint16_t clock_offset;
260 uint8_t pscan_rep_mode;
261 uint8_t resolving;
262 } __packed;
263
request_name(const bt_addr_t * addr,uint8_t pscan,uint16_t offset)264 static int request_name(const bt_addr_t *addr, uint8_t pscan, uint16_t offset)
265 {
266 struct bt_hci_cp_remote_name_request *cp;
267 struct net_buf *buf;
268
269 buf = bt_hci_cmd_create(BT_HCI_OP_REMOTE_NAME_REQUEST, sizeof(*cp));
270 if (!buf) {
271 return -ENOBUFS;
272 }
273
274 cp = net_buf_add(buf, sizeof(*cp));
275
276 bt_addr_copy(&cp->bdaddr, addr);
277 cp->pscan_rep_mode = pscan;
278 cp->reserved = 0x00; /* reserved, should be set to 0x00 */
279 cp->clock_offset = offset;
280
281 return bt_hci_cmd_send_sync(BT_HCI_OP_REMOTE_NAME_REQUEST, buf, NULL);
282 }
283
284 #define EIR_SHORT_NAME 0x08
285 #define EIR_COMPLETE_NAME 0x09
286
eir_has_name(const uint8_t * eir)287 static bool eir_has_name(const uint8_t *eir)
288 {
289 int len = 240;
290
291 while (len) {
292 if (len < 2) {
293 break;
294 }
295
296 /* Look for early termination */
297 if (!eir[0]) {
298 break;
299 }
300
301 /* Check if field length is correct */
302 if (eir[0] > len - 1) {
303 break;
304 }
305
306 switch (eir[1]) {
307 case EIR_SHORT_NAME:
308 case EIR_COMPLETE_NAME:
309 if (eir[0] > 1) {
310 return true;
311 }
312 break;
313 default:
314 break;
315 }
316
317 /* Parse next AD Structure */
318 len -= eir[0] + 1;
319 eir += eir[0] + 1;
320 }
321
322 return false;
323 }
324
bt_br_discovery_reset(void)325 void bt_br_discovery_reset(void)
326 {
327 discovery_cb = NULL;
328 discovery_results = NULL;
329 discovery_results_size = 0;
330 discovery_results_count = 0;
331 }
332
report_discovery_results(void)333 static void report_discovery_results(void)
334 {
335 bool resolving_names = false;
336 int i;
337
338 for (i = 0; i < discovery_results_count; i++) {
339 struct discovery_priv *priv;
340
341 priv = (struct discovery_priv *)&discovery_results[i]._priv;
342
343 if (eir_has_name(discovery_results[i].eir)) {
344 continue;
345 }
346
347 if (request_name(&discovery_results[i].addr, priv->pscan_rep_mode,
348 priv->clock_offset)) {
349 continue;
350 }
351
352 priv->resolving = 1U;
353 resolving_names = true;
354 }
355
356 if (resolving_names) {
357 return;
358 }
359
360 atomic_clear_bit(bt_dev.flags, BT_DEV_INQUIRY);
361
362 if (discovery_cb) {
363 discovery_cb(discovery_results, discovery_results_count);
364 }
365 bt_br_discovery_reset();
366 }
367
bt_hci_inquiry_complete(struct net_buf * buf)368 void bt_hci_inquiry_complete(struct net_buf *buf)
369 {
370 struct bt_hci_evt_inquiry_complete *evt = (void *)buf->data;
371
372 if (evt->status) {
373 LOG_ERR("Failed to complete inquiry");
374 }
375
376 report_discovery_results();
377 }
378
get_result_slot(const bt_addr_t * addr,int8_t rssi)379 static struct bt_br_discovery_result *get_result_slot(const bt_addr_t *addr, int8_t rssi)
380 {
381 struct bt_br_discovery_result *result = NULL;
382 size_t i;
383
384 /* check if already present in results */
385 for (i = 0; i < discovery_results_count; i++) {
386 if (bt_addr_eq(addr, &discovery_results[i].addr)) {
387 return &discovery_results[i];
388 }
389 }
390
391 /* Pick a new slot (if available) */
392 if (discovery_results_count < discovery_results_size) {
393 bt_addr_copy(&discovery_results[discovery_results_count].addr, addr);
394 return &discovery_results[discovery_results_count++];
395 }
396
397 /* ignore if invalid RSSI */
398 if (rssi == 0xff) {
399 return NULL;
400 }
401
402 /*
403 * Pick slot with smallest RSSI that is smaller then passed RSSI
404 * TODO handle TX if present
405 */
406 for (i = 0; i < discovery_results_size; i++) {
407 if (discovery_results[i].rssi > rssi) {
408 continue;
409 }
410
411 if (!result || result->rssi > discovery_results[i].rssi) {
412 result = &discovery_results[i];
413 }
414 }
415
416 if (result) {
417 LOG_DBG("Reusing slot (old %s rssi %d dBm)", bt_addr_str(&result->addr),
418 result->rssi);
419
420 bt_addr_copy(&result->addr, addr);
421 }
422
423 return result;
424 }
425
bt_hci_inquiry_result_with_rssi(struct net_buf * buf)426 void bt_hci_inquiry_result_with_rssi(struct net_buf *buf)
427 {
428 uint8_t num_reports = net_buf_pull_u8(buf);
429
430 if (!atomic_test_bit(bt_dev.flags, BT_DEV_INQUIRY)) {
431 return;
432 }
433
434 LOG_DBG("number of results: %u", num_reports);
435
436 while (num_reports--) {
437 struct bt_hci_evt_inquiry_result_with_rssi *evt;
438 struct bt_br_discovery_result *result;
439 struct discovery_priv *priv;
440
441 if (buf->len < sizeof(*evt)) {
442 LOG_ERR("Unexpected end to buffer");
443 return;
444 }
445
446 evt = net_buf_pull_mem(buf, sizeof(*evt));
447 LOG_DBG("%s rssi %d dBm", bt_addr_str(&evt->addr), evt->rssi);
448
449 result = get_result_slot(&evt->addr, evt->rssi);
450 if (!result) {
451 return;
452 }
453
454 priv = (struct discovery_priv *)&result->_priv;
455 priv->pscan_rep_mode = evt->pscan_rep_mode;
456 priv->clock_offset = evt->clock_offset;
457
458 memcpy(result->cod, evt->cod, 3);
459 result->rssi = evt->rssi;
460
461 /* we could reuse slot so make sure EIR is cleared */
462 (void)memset(result->eir, 0, sizeof(result->eir));
463 }
464 }
465
bt_hci_extended_inquiry_result(struct net_buf * buf)466 void bt_hci_extended_inquiry_result(struct net_buf *buf)
467 {
468 struct bt_hci_evt_extended_inquiry_result *evt = (void *)buf->data;
469 struct bt_br_discovery_result *result;
470 struct discovery_priv *priv;
471
472 if (!atomic_test_bit(bt_dev.flags, BT_DEV_INQUIRY)) {
473 return;
474 }
475
476 LOG_DBG("%s rssi %d dBm", bt_addr_str(&evt->addr), evt->rssi);
477
478 result = get_result_slot(&evt->addr, evt->rssi);
479 if (!result) {
480 return;
481 }
482
483 priv = (struct discovery_priv *)&result->_priv;
484 priv->pscan_rep_mode = evt->pscan_rep_mode;
485 priv->clock_offset = evt->clock_offset;
486
487 result->rssi = evt->rssi;
488 memcpy(result->cod, evt->cod, 3);
489 memcpy(result->eir, evt->eir, sizeof(result->eir));
490 }
491
bt_hci_remote_name_request_complete(struct net_buf * buf)492 void bt_hci_remote_name_request_complete(struct net_buf *buf)
493 {
494 struct bt_hci_evt_remote_name_req_complete *evt = (void *)buf->data;
495 struct bt_br_discovery_result *result;
496 struct discovery_priv *priv;
497 int eir_len = 240;
498 uint8_t *eir;
499 int i;
500
501 result = get_result_slot(&evt->bdaddr, 0xff);
502 if (!result) {
503 return;
504 }
505
506 priv = (struct discovery_priv *)&result->_priv;
507 priv->resolving = 0U;
508
509 if (evt->status) {
510 goto check_names;
511 }
512
513 eir = result->eir;
514
515 while (eir_len) {
516 if (eir_len < 2) {
517 break;
518 }
519
520 /* Look for early termination */
521 if (!eir[0]) {
522 size_t name_len;
523
524 eir_len -= 2;
525
526 /* name is null terminated */
527 name_len = strlen((const char *)evt->name);
528
529 if (name_len > eir_len) {
530 eir[0] = eir_len + 1;
531 eir[1] = EIR_SHORT_NAME;
532 } else {
533 eir[0] = name_len + 1;
534 eir[1] = EIR_SHORT_NAME;
535 }
536
537 memcpy(&eir[2], evt->name, eir[0] - 1);
538
539 break;
540 }
541
542 /* Check if field length is correct */
543 if (eir[0] > eir_len - 1) {
544 break;
545 }
546
547 /* next EIR Structure */
548 eir_len -= eir[0] + 1;
549 eir += eir[0] + 1;
550 }
551
552 check_names:
553 /* if still waiting for names */
554 for (i = 0; i < discovery_results_count; i++) {
555 struct discovery_priv *dpriv;
556
557 dpriv = (struct discovery_priv *)&discovery_results[i]._priv;
558
559 if (dpriv->resolving) {
560 return;
561 }
562 }
563
564 /* all names resolved, report discovery results */
565 atomic_clear_bit(bt_dev.flags, BT_DEV_INQUIRY);
566
567 if (discovery_cb) {
568 discovery_cb(discovery_results, discovery_results_count);
569 }
570 }
571
bt_hci_read_remote_features_complete(struct net_buf * buf)572 void bt_hci_read_remote_features_complete(struct net_buf *buf)
573 {
574 struct bt_hci_evt_remote_features *evt = (void *)buf->data;
575 uint16_t handle = sys_le16_to_cpu(evt->handle);
576 struct bt_hci_cp_read_remote_ext_features *cp;
577 struct bt_conn *conn;
578
579 LOG_DBG("status 0x%02x handle %u", evt->status, handle);
580
581 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_BR);
582 if (!conn) {
583 LOG_ERR("Can't find conn for handle %u", handle);
584 return;
585 }
586
587 if (evt->status) {
588 goto done;
589 }
590
591 memcpy(conn->br.features[0], evt->features, sizeof(evt->features));
592
593 if (!BT_FEAT_EXT_FEATURES(conn->br.features)) {
594 goto done;
595 }
596
597 buf = bt_hci_cmd_create(BT_HCI_OP_READ_REMOTE_EXT_FEATURES, sizeof(*cp));
598 if (!buf) {
599 goto done;
600 }
601
602 /* Read remote host features (page 1) */
603 cp = net_buf_add(buf, sizeof(*cp));
604 cp->handle = evt->handle;
605 cp->page = 0x01;
606
607 bt_hci_cmd_send_sync(BT_HCI_OP_READ_REMOTE_EXT_FEATURES, buf, NULL);
608
609 done:
610 bt_conn_unref(conn);
611 }
612
bt_hci_read_remote_ext_features_complete(struct net_buf * buf)613 void bt_hci_read_remote_ext_features_complete(struct net_buf *buf)
614 {
615 struct bt_hci_evt_remote_ext_features *evt = (void *)buf->data;
616 uint16_t handle = sys_le16_to_cpu(evt->handle);
617 struct bt_conn *conn;
618
619 LOG_DBG("status 0x%02x handle %u", evt->status, handle);
620
621 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_BR);
622 if (!conn) {
623 LOG_ERR("Can't find conn for handle %u", handle);
624 return;
625 }
626
627 if (!evt->status && evt->page == 0x01) {
628 memcpy(conn->br.features[1], evt->features, sizeof(conn->br.features[1]));
629 }
630
631 bt_conn_unref(conn);
632 }
633
bt_hci_role_change(struct net_buf * buf)634 void bt_hci_role_change(struct net_buf *buf)
635 {
636 struct bt_hci_evt_role_change *evt = (void *)buf->data;
637 struct bt_conn *conn;
638
639 LOG_DBG("status 0x%02x role %u addr %s", evt->status, evt->role, bt_addr_str(&evt->bdaddr));
640
641 if (evt->status) {
642 return;
643 }
644
645 conn = bt_conn_lookup_addr_br(&evt->bdaddr);
646 if (!conn) {
647 LOG_ERR("Can't find conn for %s", bt_addr_str(&evt->bdaddr));
648 return;
649 }
650
651 if (evt->role) {
652 conn->role = BT_CONN_ROLE_PERIPHERAL;
653 } else {
654 conn->role = BT_CONN_ROLE_CENTRAL;
655 }
656
657 bt_conn_unref(conn);
658 }
659
read_ext_features(void)660 static int read_ext_features(void)
661 {
662 int i;
663
664 /* Read Local Supported Extended Features */
665 for (i = 1; i < LMP_FEAT_PAGES_COUNT; i++) {
666 struct bt_hci_cp_read_local_ext_features *cp;
667 struct bt_hci_rp_read_local_ext_features *rp;
668 struct net_buf *buf, *rsp;
669 int err;
670
671 buf = bt_hci_cmd_create(BT_HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(*cp));
672 if (!buf) {
673 return -ENOBUFS;
674 }
675
676 cp = net_buf_add(buf, sizeof(*cp));
677 cp->page = i;
678
679 err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_LOCAL_EXT_FEATURES, buf, &rsp);
680 if (err) {
681 return err;
682 }
683
684 rp = (void *)rsp->data;
685
686 memcpy(&bt_dev.features[i], rp->ext_features, sizeof(bt_dev.features[i]));
687
688 if (rp->max_page <= i) {
689 net_buf_unref(rsp);
690 break;
691 }
692
693 net_buf_unref(rsp);
694 }
695
696 return 0;
697 }
698
device_supported_pkt_type(void)699 void device_supported_pkt_type(void)
700 {
701 /* Device supported features and sco packet types */
702 if (BT_FEAT_LMP_SCO_CAPABLE(bt_dev.features)) {
703 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_SCO_HV1);
704 }
705
706 if (BT_FEAT_HV2_PKT(bt_dev.features)) {
707 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_SCO_HV2);
708 }
709
710 if (BT_FEAT_HV3_PKT(bt_dev.features)) {
711 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_SCO_HV3);
712 }
713
714 if (BT_FEAT_LMP_ESCO_CAPABLE(bt_dev.features)) {
715 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_EV3);
716 }
717
718 if (BT_FEAT_EV4_PKT(bt_dev.features)) {
719 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_EV4);
720 }
721
722 if (BT_FEAT_EV5_PKT(bt_dev.features)) {
723 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_EV5);
724 }
725
726 if (BT_FEAT_2EV3_PKT(bt_dev.features)) {
727 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_2EV3);
728 }
729
730 if (BT_FEAT_3EV3_PKT(bt_dev.features)) {
731 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_3EV3);
732 }
733
734 if (BT_FEAT_3SLOT_PKT(bt_dev.features)) {
735 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_2EV5 | HCI_PKT_TYPE_ESCO_3EV5);
736 }
737 }
738
read_buffer_size_complete(struct net_buf * buf)739 static void read_buffer_size_complete(struct net_buf *buf)
740 {
741 struct bt_hci_rp_read_buffer_size *rp = (void *)buf->data;
742 uint16_t pkts;
743
744 LOG_DBG("status 0x%02x", rp->status);
745
746 bt_dev.br.mtu = sys_le16_to_cpu(rp->acl_max_len);
747 pkts = sys_le16_to_cpu(rp->acl_max_num);
748
749 LOG_DBG("ACL BR/EDR buffers: pkts %u mtu %u", pkts, bt_dev.br.mtu);
750
751 k_sem_init(&bt_dev.br.pkts, pkts, pkts);
752 }
753
bt_br_init(void)754 int bt_br_init(void)
755 {
756 struct net_buf *buf;
757 struct bt_hci_cp_write_ssp_mode *ssp_cp;
758 struct bt_hci_cp_write_inquiry_mode *inq_cp;
759 struct bt_hci_write_local_name *name_cp;
760 struct bt_hci_cp_write_class_of_device *cod;
761 int err;
762
763 /* Read extended local features */
764 if (BT_FEAT_EXT_FEATURES(bt_dev.features)) {
765 err = read_ext_features();
766 if (err) {
767 return err;
768 }
769 }
770
771 /* Add local supported packet types to bt_dev */
772 device_supported_pkt_type();
773
774 /* Get BR/EDR buffer size */
775 err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_BUFFER_SIZE, NULL, &buf);
776 if (err) {
777 return err;
778 }
779
780 read_buffer_size_complete(buf);
781 net_buf_unref(buf);
782
783 /* Set SSP mode */
784 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_SSP_MODE, sizeof(*ssp_cp));
785 if (!buf) {
786 return -ENOBUFS;
787 }
788
789 ssp_cp = net_buf_add(buf, sizeof(*ssp_cp));
790 ssp_cp->mode = 0x01;
791 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_SSP_MODE, buf, NULL);
792 if (err) {
793 return err;
794 }
795
796 /* Enable Inquiry results with RSSI or extended Inquiry */
797 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_INQUIRY_MODE, sizeof(*inq_cp));
798 if (!buf) {
799 return -ENOBUFS;
800 }
801
802 inq_cp = net_buf_add(buf, sizeof(*inq_cp));
803 inq_cp->mode = 0x02;
804 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_INQUIRY_MODE, buf, NULL);
805 if (err) {
806 return err;
807 }
808
809 /* Set local name */
810 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_LOCAL_NAME, sizeof(*name_cp));
811 if (!buf) {
812 return -ENOBUFS;
813 }
814
815 name_cp = net_buf_add(buf, sizeof(*name_cp));
816 strncpy((char *)name_cp->local_name, CONFIG_BT_DEVICE_NAME, sizeof(name_cp->local_name));
817
818 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_LOCAL_NAME, buf, NULL);
819 if (err) {
820 return err;
821 }
822
823 /* Set Class of device */
824 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_CLASS_OF_DEVICE, sizeof(*cod));
825 if (!buf) {
826 return -ENOBUFS;
827 }
828
829 net_buf_add_le24(buf, CONFIG_BT_COD);
830
831 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_CLASS_OF_DEVICE, buf, NULL);
832 if (err) {
833 return err;
834 }
835
836 /* Set page timeout*/
837 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_PAGE_TIMEOUT, sizeof(uint16_t));
838 if (!buf) {
839 return -ENOBUFS;
840 }
841
842 net_buf_add_le16(buf, CONFIG_BT_PAGE_TIMEOUT);
843
844 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_PAGE_TIMEOUT, buf, NULL);
845 if (err) {
846 return err;
847 }
848
849 /* Enable BR/EDR SC if supported */
850 if (BT_FEAT_SC(bt_dev.features)) {
851 struct bt_hci_cp_write_sc_host_supp *sc_cp;
852
853 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_SC_HOST_SUPP, sizeof(*sc_cp));
854 if (!buf) {
855 return -ENOBUFS;
856 }
857
858 sc_cp = net_buf_add(buf, sizeof(*sc_cp));
859 sc_cp->sc_support = 0x01;
860
861 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_SC_HOST_SUPP, buf, NULL);
862 if (err) {
863 return err;
864 }
865 }
866
867 return 0;
868 }
869
br_start_inquiry(const struct bt_br_discovery_param * param)870 static int br_start_inquiry(const struct bt_br_discovery_param *param)
871 {
872 const uint8_t iac[3] = {0x33, 0x8b, 0x9e};
873 struct bt_hci_op_inquiry *cp;
874 struct net_buf *buf;
875
876 buf = bt_hci_cmd_create(BT_HCI_OP_INQUIRY, sizeof(*cp));
877 if (!buf) {
878 return -ENOBUFS;
879 }
880
881 cp = net_buf_add(buf, sizeof(*cp));
882
883 cp->length = param->length;
884 cp->num_rsp = 0xff; /* we limit discovery only by time */
885
886 memcpy(cp->lap, iac, 3);
887 if (param->limited) {
888 cp->lap[0] = 0x00;
889 }
890
891 return bt_hci_cmd_send_sync(BT_HCI_OP_INQUIRY, buf, NULL);
892 }
893
valid_br_discov_param(const struct bt_br_discovery_param * param,size_t num_results)894 static bool valid_br_discov_param(const struct bt_br_discovery_param *param, size_t num_results)
895 {
896 if (!num_results || num_results > 255) {
897 return false;
898 }
899
900 if (!param->length || param->length > 0x30) {
901 return false;
902 }
903
904 return true;
905 }
906
bt_br_discovery_start(const struct bt_br_discovery_param * param,struct bt_br_discovery_result * results,size_t cnt,bt_br_discovery_cb_t cb)907 int bt_br_discovery_start(const struct bt_br_discovery_param *param,
908 struct bt_br_discovery_result *results, size_t cnt,
909 bt_br_discovery_cb_t cb)
910 {
911 int err;
912
913 LOG_DBG("");
914
915 if (!valid_br_discov_param(param, cnt)) {
916 return -EINVAL;
917 }
918
919 if (atomic_test_bit(bt_dev.flags, BT_DEV_INQUIRY)) {
920 return -EALREADY;
921 }
922
923 err = br_start_inquiry(param);
924 if (err) {
925 return err;
926 }
927
928 atomic_set_bit(bt_dev.flags, BT_DEV_INQUIRY);
929
930 (void)memset(results, 0, sizeof(*results) * cnt);
931
932 discovery_cb = cb;
933 discovery_results = results;
934 discovery_results_size = cnt;
935 discovery_results_count = 0;
936
937 return 0;
938 }
939
bt_br_discovery_stop(void)940 int bt_br_discovery_stop(void)
941 {
942 int err;
943 int i;
944
945 LOG_DBG("");
946
947 if (!atomic_test_bit(bt_dev.flags, BT_DEV_INQUIRY)) {
948 return -EALREADY;
949 }
950
951 err = bt_hci_cmd_send_sync(BT_HCI_OP_INQUIRY_CANCEL, NULL, NULL);
952 if (err) {
953 return err;
954 }
955
956 for (i = 0; i < discovery_results_count; i++) {
957 struct discovery_priv *priv;
958 struct bt_hci_cp_remote_name_cancel *cp;
959 struct net_buf *buf;
960
961 priv = (struct discovery_priv *)&discovery_results[i]._priv;
962
963 if (!priv->resolving) {
964 continue;
965 }
966
967 buf = bt_hci_cmd_create(BT_HCI_OP_REMOTE_NAME_CANCEL, sizeof(*cp));
968 if (!buf) {
969 continue;
970 }
971
972 cp = net_buf_add(buf, sizeof(*cp));
973 bt_addr_copy(&cp->bdaddr, &discovery_results[i].addr);
974
975 bt_hci_cmd_send_sync(BT_HCI_OP_REMOTE_NAME_CANCEL, buf, NULL);
976 }
977
978 atomic_clear_bit(bt_dev.flags, BT_DEV_INQUIRY);
979
980 discovery_cb = NULL;
981 discovery_results = NULL;
982 discovery_results_size = 0;
983 discovery_results_count = 0;
984
985 return 0;
986 }
987
write_scan_enable(uint8_t scan)988 static int write_scan_enable(uint8_t scan)
989 {
990 struct net_buf *buf;
991 int err;
992
993 LOG_DBG("type %u", scan);
994
995 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_SCAN_ENABLE, 1);
996 if (!buf) {
997 return -ENOBUFS;
998 }
999
1000 net_buf_add_u8(buf, scan);
1001 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_SCAN_ENABLE, buf, NULL);
1002 if (err) {
1003 return err;
1004 }
1005
1006 atomic_set_bit_to(bt_dev.flags, BT_DEV_ISCAN, (scan & BT_BREDR_SCAN_INQUIRY));
1007 atomic_set_bit_to(bt_dev.flags, BT_DEV_PSCAN, (scan & BT_BREDR_SCAN_PAGE));
1008
1009 return 0;
1010 }
1011
bt_br_set_connectable(bool enable)1012 int bt_br_set_connectable(bool enable)
1013 {
1014 if (enable) {
1015 if (atomic_test_bit(bt_dev.flags, BT_DEV_PSCAN)) {
1016 return -EALREADY;
1017 } else {
1018 return write_scan_enable(BT_BREDR_SCAN_PAGE);
1019 }
1020 } else {
1021 if (!atomic_test_bit(bt_dev.flags, BT_DEV_PSCAN)) {
1022 return -EALREADY;
1023 } else {
1024 return write_scan_enable(BT_BREDR_SCAN_DISABLED);
1025 }
1026 }
1027 }
1028
bt_br_set_discoverable(bool enable)1029 int bt_br_set_discoverable(bool enable)
1030 {
1031 if (enable) {
1032 if (atomic_test_bit(bt_dev.flags, BT_DEV_ISCAN)) {
1033 return -EALREADY;
1034 }
1035
1036 if (!atomic_test_bit(bt_dev.flags, BT_DEV_PSCAN)) {
1037 return -EPERM;
1038 }
1039
1040 return write_scan_enable(BT_BREDR_SCAN_INQUIRY | BT_BREDR_SCAN_PAGE);
1041 } else {
1042 if (!atomic_test_bit(bt_dev.flags, BT_DEV_ISCAN)) {
1043 return -EALREADY;
1044 }
1045
1046 return write_scan_enable(BT_BREDR_SCAN_PAGE);
1047 }
1048 }
1049
