1 /*
2 * Copyright (c) 2017-2021 Nordic Semiconductor ASA
3 * Copyright (c) 2015-2016 Intel Corporation
4 *
5 * SPDX-License-Identifier: Apache-2.0
6 */
7
8 #include <zephyr/sys/byteorder.h>
9
10 #include <zephyr/bluetooth/bluetooth.h>
11 #include <zephyr/bluetooth/hci.h>
12 #include <zephyr/bluetooth/buf.h>
13
14 #include "common/bt_str.h"
15
16 #include "host/hci_core.h"
17 #include "host/conn_internal.h"
18 #include "host/keys.h"
19 #include "sco_internal.h"
20
21 #define LOG_LEVEL CONFIG_BT_HCI_CORE_LOG_LEVEL
22 #include <zephyr/logging/log.h>
23 LOG_MODULE_REGISTER(bt_br);
24
25 #define RSSI_INVALID 127
26
27 struct bt_br_discovery_result *discovery_results;
28 static size_t discovery_results_size;
29 static size_t discovery_results_count;
30 static sys_slist_t discovery_cbs = SYS_SLIST_STATIC_INIT(&discovery_cbs);
31
reject_conn(const bt_addr_t * bdaddr,uint8_t reason)32 static int reject_conn(const bt_addr_t *bdaddr, uint8_t reason)
33 {
34 struct bt_hci_cp_reject_conn_req *cp;
35 struct net_buf *buf;
36 int err;
37
38 buf = bt_hci_cmd_create(BT_HCI_OP_REJECT_CONN_REQ, sizeof(*cp));
39 if (!buf) {
40 return -ENOBUFS;
41 }
42
43 cp = net_buf_add(buf, sizeof(*cp));
44 bt_addr_copy(&cp->bdaddr, bdaddr);
45 cp->reason = reason;
46
47 err = bt_hci_cmd_send_sync(BT_HCI_OP_REJECT_CONN_REQ, buf, NULL);
48 if (err) {
49 return err;
50 }
51
52 return 0;
53 }
54
accept_conn(const bt_addr_t * bdaddr)55 static int accept_conn(const bt_addr_t *bdaddr)
56 {
57 struct bt_hci_cp_accept_conn_req *cp;
58 struct net_buf *buf;
59 int err;
60
61 buf = bt_hci_cmd_create(BT_HCI_OP_ACCEPT_CONN_REQ, sizeof(*cp));
62 if (!buf) {
63 return -ENOBUFS;
64 }
65
66 cp = net_buf_add(buf, sizeof(*cp));
67 bt_addr_copy(&cp->bdaddr, bdaddr);
68 cp->role = BT_HCI_ROLE_PERIPHERAL;
69
70 err = bt_hci_cmd_send_sync(BT_HCI_OP_ACCEPT_CONN_REQ, buf, NULL);
71 if (err) {
72 return err;
73 }
74
75 return 0;
76 }
77
bt_hci_conn_req(struct net_buf * buf)78 void bt_hci_conn_req(struct net_buf *buf)
79 {
80 struct bt_hci_evt_conn_request *evt = (void *)buf->data;
81 struct bt_conn *conn;
82
83 LOG_DBG("conn req from %s, type 0x%02x", bt_addr_str(&evt->bdaddr), evt->link_type);
84
85 if (evt->link_type != BT_HCI_ACL) {
86 uint8_t err;
87
88 err = bt_esco_conn_req(evt);
89 if (err != BT_HCI_ERR_SUCCESS) {
90 reject_conn(&evt->bdaddr, err);
91 }
92 return;
93 }
94
95 conn = bt_conn_add_br(&evt->bdaddr);
96 if (!conn) {
97 reject_conn(&evt->bdaddr, BT_HCI_ERR_INSUFFICIENT_RESOURCES);
98 return;
99 }
100
101 accept_conn(&evt->bdaddr);
102 conn->role = BT_HCI_ROLE_PERIPHERAL;
103 bt_conn_set_state(conn, BT_CONN_INITIATING);
104 bt_conn_unref(conn);
105 }
106
br_sufficient_key_size(struct bt_conn * conn)107 static bool br_sufficient_key_size(struct bt_conn *conn)
108 {
109 struct bt_hci_cp_read_encryption_key_size *cp;
110 struct bt_hci_rp_read_encryption_key_size *rp;
111 struct net_buf *buf, *rsp;
112 uint8_t key_size;
113 int err;
114
115 buf = bt_hci_cmd_create(BT_HCI_OP_READ_ENCRYPTION_KEY_SIZE, sizeof(*cp));
116 if (!buf) {
117 LOG_ERR("Failed to allocate command buffer");
118 return false;
119 }
120
121 cp = net_buf_add(buf, sizeof(*cp));
122 cp->handle = sys_cpu_to_le16(conn->handle);
123
124 err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_ENCRYPTION_KEY_SIZE, buf, &rsp);
125 if (err) {
126 LOG_ERR("Failed to read encryption key size (err %d)", err);
127 return false;
128 }
129
130 if (rsp->len < sizeof(*rp)) {
131 LOG_ERR("Too small command complete for encryption key size");
132 net_buf_unref(rsp);
133 return false;
134 }
135
136 rp = (void *)rsp->data;
137 key_size = rp->key_size;
138 net_buf_unref(rsp);
139
140 LOG_DBG("Encryption key size is %u", key_size);
141
142 if (conn->sec_level == BT_SECURITY_L4) {
143 return key_size == BT_HCI_ENCRYPTION_KEY_SIZE_MAX;
144 }
145
146 return key_size >= CONFIG_BT_BR_MIN_ENC_KEY_SIZE;
147 }
148
bt_br_update_sec_level(struct bt_conn * conn)149 bool bt_br_update_sec_level(struct bt_conn *conn)
150 {
151 if (!conn->encrypt) {
152 conn->sec_level = BT_SECURITY_L1;
153 return true;
154 }
155
156 if (conn->br.link_key) {
157 if (conn->br.link_key->flags & BT_LINK_KEY_AUTHENTICATED) {
158 if (conn->encrypt == BT_HCI_ENCRYPTION_ON_BR_AES_CCM) {
159 conn->sec_level = BT_SECURITY_L4;
160 } else {
161 conn->sec_level = BT_SECURITY_L3;
162 }
163 } else {
164 conn->sec_level = BT_SECURITY_L2;
165 }
166 } else {
167 LOG_WRN("No BR/EDR link key found");
168 conn->sec_level = BT_SECURITY_L2;
169 }
170
171 if (!br_sufficient_key_size(conn)) {
172 LOG_ERR("Encryption key size is not sufficient");
173 bt_conn_disconnect(conn, BT_HCI_ERR_AUTH_FAIL);
174 return false;
175 }
176
177 if (conn->required_sec_level > conn->sec_level) {
178 LOG_ERR("Failed to set required security level");
179 bt_conn_disconnect(conn, BT_HCI_ERR_AUTH_FAIL);
180 return false;
181 }
182
183 return true;
184 }
185
bt_hci_synchronous_conn_complete(struct net_buf * buf)186 void bt_hci_synchronous_conn_complete(struct net_buf *buf)
187 {
188 struct bt_hci_evt_sync_conn_complete *evt = (void *)buf->data;
189 struct bt_conn *sco_conn;
190 uint16_t handle = sys_le16_to_cpu(evt->handle);
191
192 LOG_DBG("status 0x%02x, handle %u, type 0x%02x", evt->status, handle, evt->link_type);
193
194 sco_conn = bt_conn_lookup_addr_sco(&evt->bdaddr);
195 if (!sco_conn) {
196 LOG_ERR("Unable to find conn for %s", bt_addr_str(&evt->bdaddr));
197 return;
198 }
199
200 if (evt->status) {
201 sco_conn->err = evt->status;
202 bt_conn_set_state(sco_conn, BT_CONN_DISCONNECTED);
203 bt_conn_unref(sco_conn);
204 return;
205 }
206
207 sco_conn->handle = handle;
208 bt_conn_set_state(sco_conn, BT_CONN_CONNECTED);
209 bt_conn_unref(sco_conn);
210 }
211
bt_hci_conn_complete(struct net_buf * buf)212 void bt_hci_conn_complete(struct net_buf *buf)
213 {
214 struct bt_hci_evt_conn_complete *evt = (void *)buf->data;
215 struct bt_conn *conn;
216 struct bt_hci_cp_read_remote_features *cp;
217 uint16_t handle = sys_le16_to_cpu(evt->handle);
218
219 LOG_DBG("status 0x%02x, handle %u, type 0x%02x", evt->status, handle, evt->link_type);
220
221 conn = bt_conn_lookup_addr_br(&evt->bdaddr);
222 if (!conn) {
223 LOG_ERR("Unable to find conn for %s", bt_addr_str(&evt->bdaddr));
224 return;
225 }
226
227 if (evt->status) {
228 conn->err = evt->status;
229 bt_conn_set_state(conn, BT_CONN_DISCONNECTED);
230 bt_conn_unref(conn);
231 return;
232 }
233
234 conn->handle = handle;
235 conn->err = 0U;
236 conn->encrypt = evt->encr_enabled;
237
238 if (!bt_br_update_sec_level(conn)) {
239 bt_conn_unref(conn);
240 return;
241 }
242
243 bt_conn_set_state(conn, BT_CONN_CONNECTED);
244
245 atomic_set_bit_to(conn->flags, BT_CONN_BR_BONDABLE, bt_get_bondable());
246
247 bt_conn_connected(conn);
248
249 bt_conn_unref(conn);
250
251 buf = bt_hci_cmd_create(BT_HCI_OP_READ_REMOTE_FEATURES, sizeof(*cp));
252 if (!buf) {
253 return;
254 }
255
256 cp = net_buf_add(buf, sizeof(*cp));
257 cp->handle = evt->handle;
258
259 bt_hci_cmd_send_sync(BT_HCI_OP_READ_REMOTE_FEATURES, buf, NULL);
260 }
261
request_name(const bt_addr_t * addr,uint8_t pscan,uint16_t offset)262 static int request_name(const bt_addr_t *addr, uint8_t pscan, uint16_t offset)
263 {
264 struct bt_hci_cp_remote_name_request *cp;
265 struct net_buf *buf;
266
267 buf = bt_hci_cmd_create(BT_HCI_OP_REMOTE_NAME_REQUEST, sizeof(*cp));
268 if (!buf) {
269 return -ENOBUFS;
270 }
271
272 cp = net_buf_add(buf, sizeof(*cp));
273
274 bt_addr_copy(&cp->bdaddr, addr);
275 cp->pscan_rep_mode = pscan;
276 cp->reserved = 0x00; /* reserved, should be set to 0x00 */
277 cp->clock_offset = offset;
278
279 return bt_hci_cmd_send_sync(BT_HCI_OP_REMOTE_NAME_REQUEST, buf, NULL);
280 }
281
282 #define EIR_SHORT_NAME 0x08
283 #define EIR_COMPLETE_NAME 0x09
284
eir_has_name(const uint8_t * eir)285 static bool eir_has_name(const uint8_t *eir)
286 {
287 int len = 240;
288
289 while (len) {
290 if (len < 2) {
291 break;
292 }
293
294 /* Look for early termination */
295 if (!eir[0]) {
296 break;
297 }
298
299 /* Check if field length is correct */
300 if (eir[0] > len - 1) {
301 break;
302 }
303
304 switch (eir[1]) {
305 case EIR_SHORT_NAME:
306 case EIR_COMPLETE_NAME:
307 if (eir[0] > 1) {
308 return true;
309 }
310 break;
311 default:
312 break;
313 }
314
315 /* Parse next AD Structure */
316 len -= eir[0] + 1;
317 eir += eir[0] + 1;
318 }
319
320 return false;
321 }
322
bt_br_discovery_reset(void)323 void bt_br_discovery_reset(void)
324 {
325 discovery_results = NULL;
326 discovery_results_size = 0;
327 discovery_results_count = 0;
328 }
329
report_discovery_results(void)330 static void report_discovery_results(void)
331 {
332 bool resolving_names = false;
333 int i;
334 struct bt_br_discovery_cb *listener, *next;
335
336 for (i = 0; i < discovery_results_count; i++) {
337 struct bt_br_discovery_priv *priv;
338
339 priv = &discovery_results[i]._priv;
340
341 if (eir_has_name(discovery_results[i].eir)) {
342 continue;
343 }
344
345 if (request_name(&discovery_results[i].addr, priv->pscan_rep_mode,
346 priv->clock_offset)) {
347 continue;
348 }
349
350 priv->resolving = true;
351 resolving_names = true;
352 }
353
354 if (resolving_names) {
355 return;
356 }
357
358 atomic_clear_bit(bt_dev.flags, BT_DEV_INQUIRY);
359
360 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&discovery_cbs, listener, next, node) {
361 if (listener->timeout) {
362 listener->timeout(discovery_results, discovery_results_count);
363 }
364 }
365
366 bt_br_discovery_reset();
367 }
368
bt_hci_inquiry_complete(struct net_buf * buf)369 void bt_hci_inquiry_complete(struct net_buf *buf)
370 {
371 struct bt_hci_evt_inquiry_complete *evt = (void *)buf->data;
372
373 if (evt->status) {
374 LOG_ERR("Failed to complete inquiry");
375 }
376
377 report_discovery_results();
378 }
379
get_result_slot(const bt_addr_t * addr,int8_t rssi)380 static struct bt_br_discovery_result *get_result_slot(const bt_addr_t *addr, int8_t rssi)
381 {
382 struct bt_br_discovery_result *result = NULL;
383 size_t i;
384
385 /* check if already present in results */
386 for (i = 0; i < discovery_results_count; i++) {
387 if (bt_addr_eq(addr, &discovery_results[i].addr)) {
388 return &discovery_results[i];
389 }
390 }
391
392 /* Pick a new slot (if available) */
393 if (discovery_results_count < discovery_results_size) {
394 bt_addr_copy(&discovery_results[discovery_results_count].addr, addr);
395 return &discovery_results[discovery_results_count++];
396 }
397
398 /* ignore if invalid RSSI */
399 if (rssi == RSSI_INVALID) {
400 return NULL;
401 }
402
403 /*
404 * Pick slot with smallest RSSI that is smaller then passed RSSI
405 * TODO handle TX if present
406 */
407 for (i = 0; i < discovery_results_size; i++) {
408 if (discovery_results[i].rssi > rssi) {
409 continue;
410 }
411
412 if (!result || result->rssi > discovery_results[i].rssi) {
413 result = &discovery_results[i];
414 }
415 }
416
417 if (result) {
418 LOG_DBG("Reusing slot (old %s rssi %d dBm)", bt_addr_str(&result->addr),
419 result->rssi);
420
421 bt_addr_copy(&result->addr, addr);
422 }
423
424 return result;
425 }
426
bt_hci_inquiry_result_with_rssi(struct net_buf * buf)427 void bt_hci_inquiry_result_with_rssi(struct net_buf *buf)
428 {
429 uint8_t num_reports = net_buf_pull_u8(buf);
430
431 if (!atomic_test_bit(bt_dev.flags, BT_DEV_INQUIRY)) {
432 return;
433 }
434
435 LOG_DBG("number of results: %u", num_reports);
436
437 while (num_reports--) {
438 struct bt_hci_evt_inquiry_result_with_rssi *evt;
439 struct bt_br_discovery_result *result;
440 struct bt_br_discovery_priv *priv;
441 struct bt_br_discovery_cb *listener, *next;
442
443 if (buf->len < sizeof(*evt)) {
444 LOG_ERR("Unexpected end to buffer");
445 return;
446 }
447
448 evt = net_buf_pull_mem(buf, sizeof(*evt));
449 LOG_DBG("%s rssi %d dBm", bt_addr_str(&evt->addr), evt->rssi);
450
451 result = get_result_slot(&evt->addr, evt->rssi);
452 if (!result) {
453 return;
454 }
455
456 priv = &result->_priv;
457 priv->pscan_rep_mode = evt->pscan_rep_mode;
458 priv->clock_offset = evt->clock_offset;
459
460 memcpy(result->cod, evt->cod, 3);
461 result->rssi = evt->rssi;
462
463 /* we could reuse slot so make sure EIR is cleared */
464 (void)memset(result->eir, 0, sizeof(result->eir));
465
466 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&discovery_cbs, listener, next, node) {
467 if (listener->recv) {
468 listener->recv(result);
469 }
470 }
471 }
472 }
473
bt_hci_extended_inquiry_result(struct net_buf * buf)474 void bt_hci_extended_inquiry_result(struct net_buf *buf)
475 {
476 struct bt_hci_evt_extended_inquiry_result *evt = (void *)buf->data;
477 struct bt_br_discovery_result *result;
478 struct bt_br_discovery_priv *priv;
479 struct bt_br_discovery_cb *listener, *next;
480
481 if (!atomic_test_bit(bt_dev.flags, BT_DEV_INQUIRY)) {
482 return;
483 }
484
485 LOG_DBG("%s rssi %d dBm", bt_addr_str(&evt->addr), evt->rssi);
486
487 result = get_result_slot(&evt->addr, evt->rssi);
488 if (!result) {
489 return;
490 }
491
492 priv = &result->_priv;
493 priv->pscan_rep_mode = evt->pscan_rep_mode;
494 priv->clock_offset = evt->clock_offset;
495
496 result->rssi = evt->rssi;
497 memcpy(result->cod, evt->cod, 3);
498 memcpy(result->eir, evt->eir, sizeof(result->eir));
499
500 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&discovery_cbs, listener, next, node) {
501 if (listener->recv) {
502 listener->recv(result);
503 }
504 }
505 }
506
bt_hci_remote_name_request_complete(struct net_buf * buf)507 void bt_hci_remote_name_request_complete(struct net_buf *buf)
508 {
509 struct bt_hci_evt_remote_name_req_complete *evt = (void *)buf->data;
510 struct bt_br_discovery_result *result;
511 struct bt_br_discovery_priv *priv;
512 int eir_len = 240;
513 uint8_t *eir;
514 int i;
515 struct bt_br_discovery_cb *listener, *next;
516
517 result = get_result_slot(&evt->bdaddr, RSSI_INVALID);
518 if (!result) {
519 return;
520 }
521
522 priv = &result->_priv;
523 priv->resolving = false;
524
525 if (evt->status) {
526 goto check_names;
527 }
528
529 eir = result->eir;
530
531 while (eir_len) {
532 if (eir_len < 2) {
533 break;
534 }
535
536 /* Look for early termination */
537 if (!eir[0]) {
538 size_t name_len;
539
540 eir_len -= 2;
541
542 /* name is null terminated */
543 name_len = strlen((const char *)evt->name);
544
545 if (name_len > eir_len) {
546 eir[0] = eir_len + 1;
547 eir[1] = EIR_SHORT_NAME;
548 } else {
549 eir[0] = name_len + 1;
550 eir[1] = EIR_SHORT_NAME;
551 }
552
553 memcpy(&eir[2], evt->name, eir[0] - 1);
554
555 break;
556 }
557
558 /* Check if field length is correct */
559 if (eir[0] > eir_len - 1) {
560 break;
561 }
562
563 /* next EIR Structure */
564 eir_len -= eir[0] + 1;
565 eir += eir[0] + 1;
566 }
567
568 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&discovery_cbs, listener, next, node) {
569 if (listener->recv) {
570 listener->recv(result);
571 }
572 }
573
574 check_names:
575 /* if still waiting for names */
576 for (i = 0; i < discovery_results_count; i++) {
577 struct bt_br_discovery_priv *dpriv;
578
579 dpriv = &discovery_results[i]._priv;
580
581 if (dpriv->resolving) {
582 return;
583 }
584 }
585
586 /* all names resolved, report discovery results */
587 atomic_clear_bit(bt_dev.flags, BT_DEV_INQUIRY);
588
589 SYS_SLIST_FOR_EACH_CONTAINER_SAFE(&discovery_cbs, listener, next, node) {
590 if (listener->timeout) {
591 listener->timeout(discovery_results, discovery_results_count);
592 }
593 }
594 }
595
bt_hci_read_remote_features_complete(struct net_buf * buf)596 void bt_hci_read_remote_features_complete(struct net_buf *buf)
597 {
598 struct bt_hci_evt_remote_features *evt = (void *)buf->data;
599 uint16_t handle = sys_le16_to_cpu(evt->handle);
600 struct bt_hci_cp_read_remote_ext_features *cp;
601 struct bt_conn *conn;
602
603 LOG_DBG("status 0x%02x handle %u", evt->status, handle);
604
605 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_BR);
606 if (!conn) {
607 LOG_ERR("Can't find conn for handle %u", handle);
608 return;
609 }
610
611 if (evt->status) {
612 goto done;
613 }
614
615 memcpy(conn->br.features[0], evt->features, sizeof(evt->features));
616
617 if (!BT_FEAT_EXT_FEATURES(conn->br.features)) {
618 goto done;
619 }
620
621 buf = bt_hci_cmd_create(BT_HCI_OP_READ_REMOTE_EXT_FEATURES, sizeof(*cp));
622 if (!buf) {
623 goto done;
624 }
625
626 /* Read remote host features (page 1) */
627 cp = net_buf_add(buf, sizeof(*cp));
628 cp->handle = evt->handle;
629 cp->page = 0x01;
630
631 bt_hci_cmd_send_sync(BT_HCI_OP_READ_REMOTE_EXT_FEATURES, buf, NULL);
632
633 done:
634 bt_conn_unref(conn);
635 }
636
bt_hci_read_remote_ext_features_complete(struct net_buf * buf)637 void bt_hci_read_remote_ext_features_complete(struct net_buf *buf)
638 {
639 struct bt_hci_evt_remote_ext_features *evt = (void *)buf->data;
640 uint16_t handle = sys_le16_to_cpu(evt->handle);
641 struct bt_conn *conn;
642
643 LOG_DBG("status 0x%02x handle %u", evt->status, handle);
644
645 conn = bt_conn_lookup_handle(handle, BT_CONN_TYPE_BR);
646 if (!conn) {
647 LOG_ERR("Can't find conn for handle %u", handle);
648 return;
649 }
650
651 if (!evt->status && evt->page == 0x01) {
652 memcpy(conn->br.features[1], evt->features, sizeof(conn->br.features[1]));
653 }
654
655 bt_conn_unref(conn);
656 }
657
bt_hci_role_change(struct net_buf * buf)658 void bt_hci_role_change(struct net_buf *buf)
659 {
660 struct bt_hci_evt_role_change *evt = (void *)buf->data;
661 struct bt_conn *conn;
662
663 LOG_DBG("status 0x%02x role %u addr %s", evt->status, evt->role, bt_addr_str(&evt->bdaddr));
664
665 if (evt->status) {
666 return;
667 }
668
669 conn = bt_conn_lookup_addr_br(&evt->bdaddr);
670 if (!conn) {
671 LOG_ERR("Can't find conn for %s", bt_addr_str(&evt->bdaddr));
672 return;
673 }
674
675 if (evt->role) {
676 conn->role = BT_CONN_ROLE_PERIPHERAL;
677 } else {
678 conn->role = BT_CONN_ROLE_CENTRAL;
679 }
680
681 bt_conn_unref(conn);
682 }
683
read_ext_features(void)684 static int read_ext_features(void)
685 {
686 int i;
687
688 /* Read Local Supported Extended Features */
689 for (i = 1; i < LMP_FEAT_PAGES_COUNT; i++) {
690 struct bt_hci_cp_read_local_ext_features *cp;
691 struct bt_hci_rp_read_local_ext_features *rp;
692 struct net_buf *buf, *rsp;
693 int err;
694
695 buf = bt_hci_cmd_create(BT_HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(*cp));
696 if (!buf) {
697 return -ENOBUFS;
698 }
699
700 cp = net_buf_add(buf, sizeof(*cp));
701 cp->page = i;
702
703 err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_LOCAL_EXT_FEATURES, buf, &rsp);
704 if (err) {
705 return err;
706 }
707
708 rp = (void *)rsp->data;
709
710 memcpy(&bt_dev.features[i], rp->ext_features, sizeof(bt_dev.features[i]));
711
712 if (rp->max_page <= i) {
713 net_buf_unref(rsp);
714 break;
715 }
716
717 net_buf_unref(rsp);
718 }
719
720 return 0;
721 }
722
device_supported_pkt_type(void)723 void device_supported_pkt_type(void)
724 {
725 /* Device supported features and sco packet types */
726 if (BT_FEAT_LMP_SCO_CAPABLE(bt_dev.features)) {
727 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_SCO_HV1);
728 }
729
730 if (BT_FEAT_HV2_PKT(bt_dev.features)) {
731 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_SCO_HV2);
732 }
733
734 if (BT_FEAT_HV3_PKT(bt_dev.features)) {
735 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_SCO_HV3);
736 }
737
738 if (BT_FEAT_LMP_ESCO_CAPABLE(bt_dev.features)) {
739 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_EV3);
740 }
741
742 if (BT_FEAT_EV4_PKT(bt_dev.features)) {
743 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_EV4);
744 }
745
746 if (BT_FEAT_EV5_PKT(bt_dev.features)) {
747 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_EV5);
748 }
749
750 if (BT_FEAT_2EV3_PKT(bt_dev.features)) {
751 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_2EV3);
752 }
753
754 if (BT_FEAT_3EV3_PKT(bt_dev.features)) {
755 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_3EV3);
756 }
757
758 if (BT_FEAT_3SLOT_PKT(bt_dev.features)) {
759 bt_dev.br.esco_pkt_type |= (HCI_PKT_TYPE_ESCO_2EV5 | HCI_PKT_TYPE_ESCO_3EV5);
760 }
761 }
762
read_buffer_size_complete(struct net_buf * buf)763 static void read_buffer_size_complete(struct net_buf *buf)
764 {
765 struct bt_hci_rp_read_buffer_size *rp = (void *)buf->data;
766 uint16_t pkts;
767
768 LOG_DBG("status 0x%02x", rp->status);
769
770 bt_dev.br.mtu = sys_le16_to_cpu(rp->acl_max_len);
771 pkts = sys_le16_to_cpu(rp->acl_max_num);
772
773 LOG_DBG("ACL BR/EDR buffers: pkts %u mtu %u", pkts, bt_dev.br.mtu);
774
775 k_sem_init(&bt_dev.br.pkts, pkts, pkts);
776 }
777
bt_br_init(void)778 int bt_br_init(void)
779 {
780 struct net_buf *buf;
781 struct bt_hci_cp_write_ssp_mode *ssp_cp;
782 struct bt_hci_cp_write_inquiry_mode *inq_cp;
783 struct bt_hci_write_local_name *name_cp;
784 struct bt_hci_cp_write_class_of_device *cod;
785 int err;
786
787 /* Read extended local features */
788 if (BT_FEAT_EXT_FEATURES(bt_dev.features)) {
789 err = read_ext_features();
790 if (err) {
791 return err;
792 }
793 }
794
795 /* Add local supported packet types to bt_dev */
796 device_supported_pkt_type();
797
798 /* Get BR/EDR buffer size */
799 err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_BUFFER_SIZE, NULL, &buf);
800 if (err) {
801 return err;
802 }
803
804 read_buffer_size_complete(buf);
805 net_buf_unref(buf);
806
807 /* Set SSP mode */
808 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_SSP_MODE, sizeof(*ssp_cp));
809 if (!buf) {
810 return -ENOBUFS;
811 }
812
813 ssp_cp = net_buf_add(buf, sizeof(*ssp_cp));
814 ssp_cp->mode = 0x01;
815 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_SSP_MODE, buf, NULL);
816 if (err) {
817 return err;
818 }
819
820 /* Enable Inquiry results with RSSI or extended Inquiry */
821 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_INQUIRY_MODE, sizeof(*inq_cp));
822 if (!buf) {
823 return -ENOBUFS;
824 }
825
826 inq_cp = net_buf_add(buf, sizeof(*inq_cp));
827 inq_cp->mode = 0x02;
828 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_INQUIRY_MODE, buf, NULL);
829 if (err) {
830 return err;
831 }
832
833 /* Set local name */
834 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_LOCAL_NAME, sizeof(*name_cp));
835 if (!buf) {
836 return -ENOBUFS;
837 }
838
839 name_cp = net_buf_add(buf, sizeof(*name_cp));
840 strncpy((char *)name_cp->local_name, CONFIG_BT_DEVICE_NAME, sizeof(name_cp->local_name));
841
842 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_LOCAL_NAME, buf, NULL);
843 if (err) {
844 return err;
845 }
846
847 /* Set Class of device */
848 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_CLASS_OF_DEVICE, sizeof(*cod));
849 if (!buf) {
850 return -ENOBUFS;
851 }
852
853 net_buf_add_le24(buf, CONFIG_BT_COD);
854
855 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_CLASS_OF_DEVICE, buf, NULL);
856 if (err) {
857 return err;
858 }
859
860 /* Set page timeout*/
861 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_PAGE_TIMEOUT, sizeof(uint16_t));
862 if (!buf) {
863 return -ENOBUFS;
864 }
865
866 net_buf_add_le16(buf, CONFIG_BT_PAGE_TIMEOUT);
867
868 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_PAGE_TIMEOUT, buf, NULL);
869 if (err) {
870 return err;
871 }
872
873 /* Enable BR/EDR SC if supported */
874 if (BT_FEAT_SC(bt_dev.features)) {
875 struct bt_hci_cp_write_sc_host_supp *sc_cp;
876
877 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_SC_HOST_SUPP, sizeof(*sc_cp));
878 if (!buf) {
879 return -ENOBUFS;
880 }
881
882 sc_cp = net_buf_add(buf, sizeof(*sc_cp));
883 sc_cp->sc_support = 0x01;
884
885 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_SC_HOST_SUPP, buf, NULL);
886 if (err) {
887 return err;
888 }
889 }
890
891 return 0;
892 }
893
br_start_inquiry(const struct bt_br_discovery_param * param)894 static int br_start_inquiry(const struct bt_br_discovery_param *param)
895 {
896 const uint8_t iac[3] = {0x33, 0x8b, 0x9e};
897 struct bt_hci_op_inquiry *cp;
898 struct net_buf *buf;
899
900 buf = bt_hci_cmd_create(BT_HCI_OP_INQUIRY, sizeof(*cp));
901 if (!buf) {
902 return -ENOBUFS;
903 }
904
905 cp = net_buf_add(buf, sizeof(*cp));
906
907 cp->length = param->length;
908 cp->num_rsp = 0xff; /* we limit discovery only by time */
909
910 memcpy(cp->lap, iac, 3);
911 if (param->limited) {
912 cp->lap[0] = 0x00;
913 }
914
915 return bt_hci_cmd_send_sync(BT_HCI_OP_INQUIRY, buf, NULL);
916 }
917
valid_br_discov_param(const struct bt_br_discovery_param * param,size_t num_results)918 static bool valid_br_discov_param(const struct bt_br_discovery_param *param, size_t num_results)
919 {
920 if (!num_results || num_results > 255) {
921 return false;
922 }
923
924 if (!param->length || param->length > 0x30) {
925 return false;
926 }
927
928 return true;
929 }
930
bt_br_discovery_start(const struct bt_br_discovery_param * param,struct bt_br_discovery_result * results,size_t cnt)931 int bt_br_discovery_start(const struct bt_br_discovery_param *param,
932 struct bt_br_discovery_result *results, size_t cnt)
933 {
934 int err;
935
936 LOG_DBG("");
937
938 if (!valid_br_discov_param(param, cnt)) {
939 return -EINVAL;
940 }
941
942 if (atomic_test_bit(bt_dev.flags, BT_DEV_INQUIRY)) {
943 return -EALREADY;
944 }
945
946 err = br_start_inquiry(param);
947 if (err) {
948 return err;
949 }
950
951 atomic_set_bit(bt_dev.flags, BT_DEV_INQUIRY);
952
953 (void)memset(results, 0, sizeof(*results) * cnt);
954
955 discovery_results = results;
956 discovery_results_size = cnt;
957 discovery_results_count = 0;
958
959 return 0;
960 }
961
bt_br_discovery_stop(void)962 int bt_br_discovery_stop(void)
963 {
964 int err;
965 int i;
966
967 LOG_DBG("");
968
969 if (!atomic_test_bit(bt_dev.flags, BT_DEV_INQUIRY)) {
970 return -EALREADY;
971 }
972
973 err = bt_hci_cmd_send_sync(BT_HCI_OP_INQUIRY_CANCEL, NULL, NULL);
974 if (err) {
975 return err;
976 }
977
978 for (i = 0; i < discovery_results_count; i++) {
979 struct bt_br_discovery_priv *priv;
980 struct bt_hci_cp_remote_name_cancel *cp;
981 struct net_buf *buf;
982
983 priv = &discovery_results[i]._priv;
984
985 if (!priv->resolving) {
986 continue;
987 }
988
989 buf = bt_hci_cmd_create(BT_HCI_OP_REMOTE_NAME_CANCEL, sizeof(*cp));
990 if (!buf) {
991 continue;
992 }
993
994 cp = net_buf_add(buf, sizeof(*cp));
995 bt_addr_copy(&cp->bdaddr, &discovery_results[i].addr);
996
997 bt_hci_cmd_send_sync(BT_HCI_OP_REMOTE_NAME_CANCEL, buf, NULL);
998 }
999
1000 atomic_clear_bit(bt_dev.flags, BT_DEV_INQUIRY);
1001
1002 discovery_results = NULL;
1003 discovery_results_size = 0;
1004 discovery_results_count = 0;
1005
1006 return 0;
1007 }
1008
bt_br_discovery_cb_register(struct bt_br_discovery_cb * cb)1009 void bt_br_discovery_cb_register(struct bt_br_discovery_cb *cb)
1010 {
1011 sys_slist_append(&discovery_cbs, &cb->node);
1012 }
1013
bt_br_discovery_cb_unregister(struct bt_br_discovery_cb * cb)1014 void bt_br_discovery_cb_unregister(struct bt_br_discovery_cb *cb)
1015 {
1016 sys_slist_find_and_remove(&discovery_cbs, &cb->node);
1017 }
1018
write_scan_enable(uint8_t scan)1019 static int write_scan_enable(uint8_t scan)
1020 {
1021 struct net_buf *buf;
1022 int err;
1023
1024 LOG_DBG("type %u", scan);
1025
1026 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_SCAN_ENABLE, 1);
1027 if (!buf) {
1028 return -ENOBUFS;
1029 }
1030
1031 net_buf_add_u8(buf, scan);
1032 err = bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_SCAN_ENABLE, buf, NULL);
1033 if (err) {
1034 return err;
1035 }
1036
1037 atomic_set_bit_to(bt_dev.flags, BT_DEV_ISCAN, (scan & BT_BREDR_SCAN_INQUIRY));
1038 atomic_set_bit_to(bt_dev.flags, BT_DEV_PSCAN, (scan & BT_BREDR_SCAN_PAGE));
1039
1040 return 0;
1041 }
1042
bt_br_set_connectable(bool enable)1043 int bt_br_set_connectable(bool enable)
1044 {
1045 if (enable) {
1046 if (atomic_test_bit(bt_dev.flags, BT_DEV_PSCAN)) {
1047 return -EALREADY;
1048 } else {
1049 return write_scan_enable(BT_BREDR_SCAN_PAGE);
1050 }
1051 } else {
1052 if (!atomic_test_bit(bt_dev.flags, BT_DEV_PSCAN)) {
1053 return -EALREADY;
1054 } else {
1055 return write_scan_enable(BT_BREDR_SCAN_DISABLED);
1056 }
1057 }
1058 }
1059
1060 #define BT_LIAC 0x9e8b00
1061 #define BT_GIAC 0x9e8b33
1062
bt_br_write_current_iac_lap(bool limited)1063 static int bt_br_write_current_iac_lap(bool limited)
1064 {
1065 struct bt_hci_cp_write_current_iac_lap *iac_lap;
1066 struct net_buf *buf;
1067 uint8_t param_len;
1068 uint8_t num_current_iac = limited ? 2 : 1;
1069
1070 LOG_DBG("limited discoverable mode? %s", limited ? "Yes" : "No");
1071
1072 param_len = sizeof(*iac_lap) + (num_current_iac * sizeof(struct bt_hci_iac_lap));
1073
1074 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_CURRENT_IAC_LAP, param_len);
1075 if (!buf) {
1076 return -ENOBUFS;
1077 }
1078
1079 iac_lap = net_buf_add(buf, param_len);
1080 iac_lap->num_current_iac = num_current_iac;
1081 sys_put_le24(BT_GIAC, iac_lap->lap[0].iac);
1082 if (num_current_iac > 1) {
1083 sys_put_le24(BT_LIAC, iac_lap->lap[1].iac);
1084 }
1085
1086 return bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_CURRENT_IAC_LAP, buf, NULL);
1087 }
1088
1089 #define BT_COD_MAJOR_SVC_CLASS_LIMITED_DISCOVER BIT(13)
1090
bt_br_read_cod(uint32_t * cod)1091 static int bt_br_read_cod(uint32_t *cod)
1092 {
1093 struct net_buf *rsp;
1094 struct bt_hci_rp_read_class_of_device *rp;
1095 int err;
1096
1097 LOG_DBG("Read COD");
1098
1099 /* Read Class of device */
1100 err = bt_hci_cmd_send_sync(BT_HCI_OP_READ_CLASS_OF_DEVICE, NULL, &rsp);
1101 if (err) {
1102 LOG_WRN("Fail to read COD");
1103 return err;
1104 }
1105
1106 if (!rsp || (rsp->len < sizeof(*rp))) {
1107 LOG_WRN("Invalid response");
1108 return -EIO;
1109 }
1110
1111 rp = (void *)rsp->data;
1112 *cod = sys_get_le24(rp->class_of_device);
1113
1114 LOG_DBG("Current COD %06x", *cod);
1115
1116 net_buf_unref(rsp);
1117
1118 return 0;
1119 }
1120
bt_br_write_cod(uint32_t cod)1121 static int bt_br_write_cod(uint32_t cod)
1122 {
1123 struct net_buf *buf;
1124
1125 /* Set Class of device */
1126 buf = bt_hci_cmd_create(BT_HCI_OP_WRITE_CLASS_OF_DEVICE,
1127 sizeof(struct bt_hci_cp_write_class_of_device));
1128 if (!buf) {
1129 return -ENOBUFS;
1130 }
1131
1132 net_buf_add_le24(buf, cod);
1133
1134 return bt_hci_cmd_send_sync(BT_HCI_OP_WRITE_CLASS_OF_DEVICE, buf, NULL);
1135 }
1136
bt_br_update_cod(bool limited)1137 static int bt_br_update_cod(bool limited)
1138 {
1139 int err;
1140 uint32_t cod;
1141
1142 LOG_DBG("Update COD");
1143
1144 err = bt_br_read_cod(&cod);
1145 if (err) {
1146 return err;
1147 }
1148
1149 if (limited) {
1150 cod |= BT_COD_MAJOR_SVC_CLASS_LIMITED_DISCOVER;
1151 } else {
1152 cod &= ~BT_COD_MAJOR_SVC_CLASS_LIMITED_DISCOVER;
1153 }
1154
1155 err = bt_br_write_cod(cod);
1156 return err;
1157 }
1158
bt_br_limited_discoverable_timeout_handler(struct k_work * work)1159 static void bt_br_limited_discoverable_timeout_handler(struct k_work *work)
1160 {
1161 int err;
1162
1163 if (!atomic_test_bit(bt_dev.flags, BT_DEV_LIMITED_DISCOVERABLE_MODE)) {
1164 LOG_INF("Limited discoverable mode has been disabled");
1165 return;
1166 }
1167
1168 err = bt_br_set_discoverable(false, false);
1169 if (err) {
1170 LOG_WRN("Disable discoverable failure (err %d)", err);
1171 }
1172 }
1173
1174 /* Work used for limited discoverable mode time span */
1175 static K_WORK_DELAYABLE_DEFINE(bt_br_limited_discoverable_timeout,
1176 bt_br_limited_discoverable_timeout_handler);
1177
bt_br_set_discoverable(bool enable,bool limited)1178 int bt_br_set_discoverable(bool enable, bool limited)
1179 {
1180 int err;
1181
1182 if (enable) {
1183 if (atomic_test_bit(bt_dev.flags, BT_DEV_ISCAN)) {
1184 return -EALREADY;
1185 }
1186
1187 if (!atomic_test_bit(bt_dev.flags, BT_DEV_PSCAN)) {
1188 return -EPERM;
1189 }
1190
1191 err = bt_br_write_current_iac_lap(limited);
1192 if (err) {
1193 return err;
1194 }
1195
1196 err = bt_br_update_cod(limited);
1197 if (err) {
1198 return err;
1199 }
1200
1201 err = write_scan_enable(BT_BREDR_SCAN_INQUIRY | BT_BREDR_SCAN_PAGE);
1202 if (!err && (limited == true)) {
1203 atomic_set_bit(bt_dev.flags, BT_DEV_LIMITED_DISCOVERABLE_MODE);
1204 k_work_reschedule(&bt_br_limited_discoverable_timeout,
1205 K_SECONDS(CONFIG_BT_LIMITED_DISCOVERABLE_DURATION));
1206 }
1207 return err;
1208 }
1209
1210 if (!atomic_test_bit(bt_dev.flags, BT_DEV_ISCAN)) {
1211 return -EALREADY;
1212 }
1213
1214 err = write_scan_enable(BT_BREDR_SCAN_PAGE);
1215 if (err) {
1216 return err;
1217 }
1218
1219 if (atomic_test_bit(bt_dev.flags, BT_DEV_LIMITED_DISCOVERABLE_MODE)) {
1220 err = bt_br_write_current_iac_lap(false);
1221 if (err) {
1222 return err;
1223 }
1224
1225 err = bt_br_update_cod(false);
1226 if (err) {
1227 return err;
1228 }
1229
1230 atomic_clear_bit(bt_dev.flags, BT_DEV_LIMITED_DISCOVERABLE_MODE);
1231 k_work_cancel_delayable(&bt_br_limited_discoverable_timeout);
1232 }
1233
1234 return 0;
1235 }
1236
bt_br_bond_exists(const bt_addr_t * addr)1237 bool bt_br_bond_exists(const bt_addr_t *addr)
1238 {
1239 struct bt_keys_link_key *key = bt_keys_find_link_key(addr);
1240
1241 /* if there are any keys stored then device is bonded */
1242 return key != NULL;
1243 }
1244
