1 /* hci_core.h - Bluetooth HCI core access */
2 
3 /*
4  * Copyright (c) 2021 Nordic Semiconductor ASA
5  * Copyright (c) 2015-2016 Intel Corporation
6  *
7  * SPDX-License-Identifier: Apache-2.0
8  */
9 
10 #include <zephyr/devicetree.h>
11 
12 /* LL connection parameters */
13 #define LE_CONN_LATENCY		0x0000
14 #define LE_CONN_TIMEOUT		0x002a
15 
16 #if defined(CONFIG_BT_CLASSIC)
17 #define LMP_FEAT_PAGES_COUNT	3
18 #else
19 #define LMP_FEAT_PAGES_COUNT	1
20 #endif
21 
22 /* SCO  settings */
23 #define BT_VOICE_CVSD_16BIT     0x0060
24 
25 /* k_poll event tags */
26 enum {
27 	BT_EVENT_CMD_TX,
28 	BT_EVENT_CONN_TX_QUEUE,
29 	BT_EVENT_CONN_FREE_TX,
30 };
31 
32 /* bt_dev flags: the flags defined here represent BT controller state */
33 enum {
34 	BT_DEV_ENABLE,
35 	BT_DEV_DISABLE,
36 	BT_DEV_READY,
37 	BT_DEV_PRESET_ID,
38 	BT_DEV_HAS_PUB_KEY,
39 	BT_DEV_PUB_KEY_BUSY,
40 
41 	/** The application either explicitly or implicitly instructed the stack to scan
42 	 * for advertisers.
43 	 *
44 	 * Examples of such cases
45 	 *  - Explicit scanning, @ref BT_LE_SCAN_USER_EXPLICIT_SCAN.
46 	 *  - The application instructed the stack to automatically connect if a given device
47 	 *    is detected.
48 	 *  - The application wants to connect to a peer device using private addresses, but
49 	 *    the controller resolving list is too small. The host will fallback to using
50 	 *    host-based privacy and first scan for the device before it initiates a connection.
51 	 *  - The application wants to synchronize to a periodic advertiser.
52 	 *    The host will implicitly start scanning if it is not already doing so.
53 	 *
54 	 * The host needs to keep track of this state to ensure it can restart scanning
55 	 * when a connection is established/lost, explicit scanning is started or stopped etc.
56 	 * Also, when the scanner and advertiser share the same identity, the scanner may need
57 	 * to be restarted upon RPA refresh.
58 	 */
59 	BT_DEV_SCANNING,
60 
61 	/**
62 	 * Scanner is configured with a timeout.
63 	 */
64 	BT_DEV_SCAN_LIMITED,
65 
66 	BT_DEV_INITIATING,
67 
68 	BT_DEV_RPA_VALID,
69 	BT_DEV_RPA_TIMEOUT_CHANGED,
70 
71 	BT_DEV_ID_PENDING,
72 	BT_DEV_STORE_ID,
73 
74 #if defined(CONFIG_BT_CLASSIC)
75 	BT_DEV_ISCAN,
76 	BT_DEV_PSCAN,
77 	BT_DEV_INQUIRY,
78 #endif /* CONFIG_BT_CLASSIC */
79 
80 	/* Total number of flags - must be at the end of the enum */
81 	BT_DEV_NUM_FLAGS,
82 };
83 
84 /* Flags which should not be cleared upon HCI_Reset */
85 #define BT_DEV_PERSISTENT_FLAGS (BIT(BT_DEV_ENABLE) | \
86 				 BIT(BT_DEV_PRESET_ID))
87 
88 #if defined(CONFIG_BT_EXT_ADV_LEGACY_SUPPORT)
89 /* Check the feature bit for extended or legacy advertising commands */
90 #define BT_DEV_FEAT_LE_EXT_ADV(feat) BT_FEAT_LE_EXT_ADV(feat)
91 #else
92 /* Always use extended advertising commands. */
93 #define BT_DEV_FEAT_LE_EXT_ADV(feat)  1
94 #endif
95 
96 enum {
97 	/* Advertising set has been created in the host. */
98 	BT_ADV_CREATED,
99 	/* Advertising parameters has been set in the controller.
100 	 * This implies that the advertising set has been created in the
101 	 * controller.
102 	 */
103 	BT_ADV_PARAMS_SET,
104 	/* Advertising data has been set in the controller. */
105 	BT_ADV_DATA_SET,
106 	/* Advertising random address pending to be set in the controller. */
107 	BT_ADV_RANDOM_ADDR_PENDING,
108 	/* The private random address of the advertiser is valid for this cycle
109 	 * of the RPA timeout.
110 	 */
111 	BT_ADV_RPA_VALID,
112 	/* The private random address of the advertiser is being updated. */
113 	BT_ADV_RPA_UPDATE,
114 	/* The advertiser set is limited by a timeout, or number of advertising
115 	 * events, or both.
116 	 */
117 	BT_ADV_LIMITED,
118 	/* Advertiser set is currently advertising in the controller. */
119 	BT_ADV_ENABLED,
120 	/* Advertiser should include name in advertising data */
121 	BT_ADV_INCLUDE_NAME_AD,
122 	/* Advertiser should include name in scan response data */
123 	BT_ADV_INCLUDE_NAME_SD,
124 	/* Advertiser set is connectable */
125 	BT_ADV_CONNECTABLE,
126 	/* Advertiser set is scannable */
127 	BT_ADV_SCANNABLE,
128 	/* Advertiser set is using extended advertising */
129 	BT_ADV_EXT_ADV,
130 	/* Advertiser set has disabled the use of private addresses and is using
131 	 * the identity address instead.
132 	 */
133 	BT_ADV_USE_IDENTITY,
134 	/* Advertiser has been configured to keep advertising after a connection
135 	 * has been established as long as there are connections available.
136 	 */
137 	BT_ADV_PERSIST,
138 	/* Advertiser has been temporarily disabled. */
139 	BT_ADV_PAUSED,
140 	/* Periodic Advertising has been enabled in the controller. */
141 	BT_PER_ADV_ENABLED,
142 	/* Periodic Advertising parameters has been set in the controller. */
143 	BT_PER_ADV_PARAMS_SET,
144 	/* Periodic Advertising to include AdvDataInfo (ADI) */
145 	BT_PER_ADV_INCLUDE_ADI,
146 	/* Constant Tone Extension parameters for Periodic Advertising
147 	 * has been set in the controller.
148 	 */
149 	BT_PER_ADV_CTE_PARAMS_SET,
150 	/* Constant Tone Extension for Periodic Advertising has been enabled
151 	 * in the controller.
152 	 */
153 	BT_PER_ADV_CTE_ENABLED,
154 
155 	BT_ADV_NUM_FLAGS,
156 };
157 
158 struct bt_le_ext_adv {
159 	/* ID Address used for advertising */
160 	uint8_t                 id;
161 
162 	/* Advertising handle */
163 	uint8_t                 handle;
164 
165 	/* Current local Random Address */
166 	bt_addr_le_t            random_addr;
167 
168 	/* Current target address */
169 	bt_addr_le_t            target_addr;
170 
171 	ATOMIC_DEFINE(flags, BT_ADV_NUM_FLAGS);
172 
173 #if defined(CONFIG_BT_EXT_ADV)
174 	const struct bt_le_ext_adv_cb *cb;
175 
176 	/* TX Power in use by the controller */
177 	int8_t                    tx_power;
178 #endif /* defined(CONFIG_BT_EXT_ADV) */
179 
180 	struct k_work_delayable	lim_adv_timeout_work;
181 
182 	/** The options used to set the parameters for this advertising set
183 	 * @ref bt_le_adv_param
184 	 */
185 	uint32_t options;
186 };
187 
188 enum {
189 	/** Periodic Advertising Sync has been created in the host. */
190 	BT_PER_ADV_SYNC_CREATED,
191 
192 	/** Periodic Advertising Sync is established and can be terminated */
193 	BT_PER_ADV_SYNC_SYNCED,
194 
195 	/** Periodic Advertising Sync is attempting to create sync */
196 	BT_PER_ADV_SYNC_SYNCING,
197 
198 	/** Periodic Advertising Sync is attempting to create sync using
199 	 *  Advertiser List
200 	 */
201 	BT_PER_ADV_SYNC_SYNCING_USE_LIST,
202 
203 	/** Periodic Advertising Sync established with reporting disabled */
204 	BT_PER_ADV_SYNC_RECV_DISABLED,
205 
206 	/** Constant Tone Extension for Periodic Advertising has been enabled
207 	 * in the Controller.
208 	 */
209 	BT_PER_ADV_SYNC_CTE_ENABLED,
210 
211 	BT_PER_ADV_SYNC_NUM_FLAGS,
212 };
213 
214 struct bt_le_per_adv_sync {
215 	/** Periodic Advertiser Address */
216 	bt_addr_le_t addr;
217 
218 	/** Advertiser SID */
219 	uint8_t sid;
220 
221 	/** Sync handle */
222 	uint16_t handle;
223 
224 	/** Periodic advertising interval (N * 1.25 ms) */
225 	uint16_t interval;
226 
227 	/** Periodic advertising advertiser clock accuracy (ppm) */
228 	uint16_t clock_accuracy;
229 
230 	/** Advertiser PHY */
231 	uint8_t phy;
232 
233 #if defined(CONFIG_BT_DF_CONNECTIONLESS_CTE_RX)
234 	/**
235 	 * @brief Bitfield with allowed CTE types.
236 	 *
237 	 *  Allowed values are defined by @ref bt_df_cte_type, except BT_DF_CTE_TYPE_NONE.
238 	 */
239 	uint8_t cte_types;
240 #endif /* CONFIG_BT_DF_CONNECTIONLESS_CTE_RX */
241 
242 #if CONFIG_BT_PER_ADV_SYNC_BUF_SIZE > 0
243 	/** Reassembly buffer for advertising reports */
244 	struct net_buf_simple reassembly;
245 
246 	/** Storage for the reassembly buffer */
247 	uint8_t reassembly_data[CONFIG_BT_PER_ADV_SYNC_BUF_SIZE];
248 #endif /* CONFIG_BT_PER_ADV_SYNC_BUF_SIZE > 0 */
249 
250 	/** True if the following periodic adv reports up to and
251 	 * including the next complete one should be dropped
252 	 */
253 	bool report_truncated;
254 
255 	/** Flags */
256 	ATOMIC_DEFINE(flags, BT_PER_ADV_SYNC_NUM_FLAGS);
257 
258 #if defined(CONFIG_BT_PER_ADV_SYNC_RSP)
259 	/** Number of subevents */
260 	uint8_t num_subevents;
261 
262 	/** Subevent interval (N * 1.25ms) */
263 	uint8_t subevent_interval;
264 
265 	/** Response slot delay (N * 1.25ms) */
266 	uint8_t response_slot_delay;
267 
268 	/** Response slot spacing (N * 1.25ms) */
269 	uint8_t response_slot_spacing;
270 #endif /* CONFIG_BT_PER_ADV_SYNC_RSP */
271 };
272 
273 struct bt_dev_le {
274 	/* LE features */
275 	uint8_t			features[8];
276 	/* LE states */
277 	uint64_t			states;
278 
279 #if defined(CONFIG_BT_CONN)
280 	/* Controller buffer information */
281 	uint16_t		mtu;
282 	struct k_sem		pkts;
283 	uint16_t		acl_mtu;
284 	struct k_sem		acl_pkts;
285 #endif /* CONFIG_BT_CONN */
286 #if defined(CONFIG_BT_ISO)
287 	uint16_t		iso_mtu;
288 	uint8_t			iso_limit;
289 	struct k_sem		iso_pkts;
290 #endif /* CONFIG_BT_ISO */
291 #if defined(CONFIG_BT_BROADCASTER)
292 	uint16_t max_adv_data_len;
293 #endif /* CONFIG_BT_BROADCASTER */
294 
295 #if defined(CONFIG_BT_SMP)
296 	/* Size of the controller resolving list */
297 	uint8_t                    rl_size;
298 	/* Number of entries in the resolving list. rl_entries > rl_size
299 	 * means that host-side resolving is used.
300 	 */
301 	uint8_t                    rl_entries;
302 #endif /* CONFIG_BT_SMP */
303 	/* List of `struct bt_conn` that have either pending data to send, or
304 	 * something to process (e.g. a disconnection event).
305 	 *
306 	 * Each element in this list contains a reference to its `conn` object.
307 	 */
308 	sys_slist_t		conn_ready;
309 };
310 
311 #if defined(CONFIG_BT_CLASSIC)
312 struct bt_dev_br {
313 	/* Max controller's acceptable ACL packet length */
314 	uint16_t         mtu;
315 	struct k_sem  pkts;
316 	uint16_t         esco_pkt_type;
317 };
318 #endif
319 
320 /* The theoretical max for these is 8 and 64, but there's no point
321  * in allocating the full memory if we only support a small subset.
322  * These values must be updated whenever the host implementation is
323  * extended beyond the current values.
324  */
325 #define BT_DEV_VS_FEAT_MAX  1
326 #define BT_DEV_VS_CMDS_MAX  2
327 
328 /* State tracking for the local Bluetooth controller */
329 struct bt_dev {
330 	/* Local Identity Address(es) */
331 	bt_addr_le_t            id_addr[CONFIG_BT_ID_MAX];
332 	uint8_t                    id_count;
333 
334 	struct bt_conn_le_create_param create_param;
335 
336 #if !defined(CONFIG_BT_EXT_ADV)
337 	/* Legacy advertiser */
338 	struct bt_le_ext_adv    adv;
339 #else
340 	/* Pointer to reserved advertising set */
341 	struct bt_le_ext_adv    *adv;
342 #if defined(CONFIG_BT_CONN) && (CONFIG_BT_EXT_ADV_MAX_ADV_SET > 1)
343 	/* When supporting multiple concurrent connectable advertising sets
344 	 * with multiple identities, we need to know the identity of
345 	 * the terminating advertising set to identify the connection object.
346 	 * The identity of the advertising set is determined by its
347 	 * advertising handle, which is part of the
348 	 * LE Set Advertising Set Terminated event which is always sent
349 	 * _after_ the LE Enhanced Connection complete event.
350 	 * Therefore we need cache this event until its identity is known.
351 	 */
352 	struct {
353 		bool valid;
354 		struct bt_hci_evt_le_enh_conn_complete evt;
355 	} cached_conn_complete[MIN(CONFIG_BT_MAX_CONN,
356 				CONFIG_BT_EXT_ADV_MAX_ADV_SET)];
357 #endif
358 #endif
359 	/* Current local Random Address */
360 	bt_addr_le_t            random_addr;
361 	uint8_t                    adv_conn_id;
362 
363 	/* Controller version & manufacturer information */
364 	uint8_t			hci_version;
365 	uint8_t			lmp_version;
366 	uint16_t			hci_revision;
367 	uint16_t			lmp_subversion;
368 	uint16_t			manufacturer;
369 
370 	/* LMP features (pages 0, 1, 2) */
371 	uint8_t			features[LMP_FEAT_PAGES_COUNT][8];
372 
373 	/* Supported commands */
374 	uint8_t			supported_commands[64];
375 
376 #if defined(CONFIG_BT_HCI_VS)
377 	/* Vendor HCI support */
378 	uint8_t                    vs_features[BT_DEV_VS_FEAT_MAX];
379 	uint8_t                    vs_commands[BT_DEV_VS_CMDS_MAX];
380 #endif
381 
382 	struct k_work           init;
383 
384 	ATOMIC_DEFINE(flags, BT_DEV_NUM_FLAGS);
385 
386 	/* LE controller specific features */
387 	struct bt_dev_le	le;
388 
389 #if defined(CONFIG_BT_CLASSIC)
390 	/* BR/EDR controller specific features */
391 	struct bt_dev_br	br;
392 #endif
393 
394 	/* Number of commands controller can accept */
395 	struct k_sem		ncmd_sem;
396 
397 	/* Last sent HCI command */
398 	struct net_buf		*sent_cmd;
399 
400 	/* Queue for incoming HCI events & ACL data */
401 	sys_slist_t rx_queue;
402 
403 	/* Queue for outgoing HCI commands */
404 	struct k_fifo		cmd_tx_queue;
405 
406 	const struct device *hci;
407 
408 #if defined(CONFIG_BT_PRIVACY)
409 	/* Local Identity Resolving Key */
410 	uint8_t			irk[CONFIG_BT_ID_MAX][16];
411 
412 #if defined(CONFIG_BT_RPA_SHARING)
413 	/* Only 1 RPA per identity */
414 	bt_addr_t		rpa[CONFIG_BT_ID_MAX];
415 #endif
416 
417 	/* Work used for RPA rotation */
418 	struct k_work_delayable rpa_update;
419 
420 	/* The RPA timeout value. */
421 	uint16_t rpa_timeout;
422 #endif
423 
424 	/* Local Name */
425 #if defined(CONFIG_BT_DEVICE_NAME_DYNAMIC)
426 	char			name[CONFIG_BT_DEVICE_NAME_MAX + 1];
427 #endif
428 #if defined(CONFIG_BT_DEVICE_APPEARANCE_DYNAMIC)
429 	/* Appearance Value */
430 	uint16_t		appearance;
431 #endif
432 };
433 
434 extern struct bt_dev bt_dev;
435 #if defined(CONFIG_BT_SMP) || defined(CONFIG_BT_CLASSIC)
436 extern const struct bt_conn_auth_cb *bt_auth;
437 extern sys_slist_t bt_auth_info_cbs;
438 enum bt_security_err bt_security_err_get(uint8_t hci_err);
439 #endif /* CONFIG_BT_SMP || CONFIG_BT_CLASSIC */
440 
441 int bt_hci_recv(const struct device *dev, struct net_buf *buf);
442 
443 /* Data type to store state related with command to be updated
444  * when command completes successfully.
445  */
446 struct bt_hci_cmd_state_set {
447 	/* Target memory to be updated */
448 	atomic_t *target;
449 	/* Bit number to be updated in target memory */
450 	int bit;
451 	/* Value to determine if enable or disable bit */
452 	bool val;
453 };
454 
455 /* Set command state related with the command buffer */
456 void bt_hci_cmd_state_set_init(struct net_buf *buf,
457 			       struct bt_hci_cmd_state_set *state,
458 			       atomic_t *target, int bit, bool val);
459 
460 int bt_hci_disconnect(uint16_t handle, uint8_t reason);
461 
462 bool bt_le_conn_params_valid(const struct bt_le_conn_param *param);
463 int bt_le_set_data_len(struct bt_conn *conn, uint16_t tx_octets, uint16_t tx_time);
464 int bt_le_set_phy(struct bt_conn *conn, uint8_t all_phys,
465 		  uint8_t pref_tx_phy, uint8_t pref_rx_phy, uint8_t phy_opts);
466 uint8_t bt_get_phy(uint8_t hci_phy);
467 /**
468  * @brief Convert CTE type value from HCI format to @ref bt_df_cte_type format.
469  *
470  * @param hci_cte_type   CTE type in an HCI format.
471  *
472  * @return CTE type (@ref bt_df_cte_type).
473  */
474 int bt_get_df_cte_type(uint8_t hci_cte_type);
475 
476 int bt_le_create_conn(const struct bt_conn *conn);
477 int bt_le_create_conn_cancel(void);
478 int bt_le_create_conn_synced(const struct bt_conn *conn, const struct bt_le_ext_adv *adv,
479 			     uint8_t subevent);
480 
481 bool bt_addr_le_is_bonded(uint8_t id, const bt_addr_le_t *addr);
482 const bt_addr_le_t *bt_lookup_id_addr(uint8_t id, const bt_addr_le_t *addr);
483 
484 int bt_send(struct net_buf *buf);
485 
486 /* Don't require everyone to include keys.h */
487 struct bt_keys;
488 void bt_id_add(struct bt_keys *keys);
489 void bt_id_del(struct bt_keys *keys);
490 
491 struct bt_keys *bt_id_find_conflict(struct bt_keys *candidate);
492 
493 int bt_setup_random_id_addr(void);
494 int bt_setup_public_id_addr(void);
495 
496 void bt_finalize_init(void);
497 
498 void bt_hci_host_num_completed_packets(struct net_buf *buf);
499 
500 /* HCI event handlers */
501 void bt_hci_pin_code_req(struct net_buf *buf);
502 void bt_hci_link_key_notify(struct net_buf *buf);
503 void bt_hci_link_key_req(struct net_buf *buf);
504 void bt_hci_io_capa_resp(struct net_buf *buf);
505 void bt_hci_io_capa_req(struct net_buf *buf);
506 void bt_hci_ssp_complete(struct net_buf *buf);
507 void bt_hci_user_confirm_req(struct net_buf *buf);
508 void bt_hci_user_passkey_notify(struct net_buf *buf);
509 void bt_hci_user_passkey_req(struct net_buf *buf);
510 void bt_hci_auth_complete(struct net_buf *buf);
511 
512 /* ECC HCI event handlers */
513 void bt_hci_evt_le_pkey_complete(struct net_buf *buf);
514 void bt_hci_evt_le_dhkey_complete(struct net_buf *buf);
515 
516 /* Common HCI event handlers */
517 void bt_hci_le_enh_conn_complete(struct bt_hci_evt_le_enh_conn_complete *evt);
518 
519 /* Scan HCI event handlers */
520 void bt_hci_le_adv_report(struct net_buf *buf);
521 void bt_hci_le_scan_timeout(struct net_buf *buf);
522 void bt_hci_le_adv_ext_report(struct net_buf *buf);
523 void bt_hci_le_per_adv_sync_established(struct net_buf *buf);
524 void bt_hci_le_per_adv_sync_established_v2(struct net_buf *buf);
525 void bt_hci_le_per_adv_report(struct net_buf *buf);
526 void bt_hci_le_per_adv_report_v2(struct net_buf *buf);
527 void bt_hci_le_per_adv_sync_lost(struct net_buf *buf);
528 void bt_hci_le_biginfo_adv_report(struct net_buf *buf);
529 void bt_hci_le_df_connectionless_iq_report(struct net_buf *buf);
530 void bt_hci_le_vs_df_connectionless_iq_report(struct net_buf *buf);
531 void bt_hci_le_past_received(struct net_buf *buf);
532 void bt_hci_le_past_received_v2(struct net_buf *buf);
533 
534 /* CS HCI event handlers */
535 void bt_hci_le_cs_read_remote_supported_capabilities_complete(struct net_buf *buf);
536 void bt_hci_le_cs_read_remote_fae_table_complete(struct net_buf *buf);
537 void bt_hci_le_cs_config_complete_event(struct net_buf *buf);
538 void bt_hci_le_cs_security_enable_complete(struct net_buf *buf);
539 void bt_hci_le_cs_procedure_enable_complete(struct net_buf *buf);
540 void bt_hci_le_cs_subevent_result(struct net_buf *buf);
541 void bt_hci_le_cs_subevent_result_continue(struct net_buf *buf);
542 void bt_hci_le_cs_test_end_complete(struct net_buf *buf);
543 
544 /* Adv HCI event handlers */
545 void bt_hci_le_adv_set_terminated(struct net_buf *buf);
546 void bt_hci_le_scan_req_received(struct net_buf *buf);
547 
548 /* BR/EDR HCI event handlers */
549 void bt_hci_conn_req(struct net_buf *buf);
550 void bt_hci_conn_complete(struct net_buf *buf);
551 
552 
553 void bt_hci_inquiry_complete(struct net_buf *buf);
554 void bt_hci_inquiry_result_with_rssi(struct net_buf *buf);
555 void bt_hci_extended_inquiry_result(struct net_buf *buf);
556 void bt_hci_remote_name_request_complete(struct net_buf *buf);
557 
558 void bt_hci_read_remote_features_complete(struct net_buf *buf);
559 void bt_hci_read_remote_ext_features_complete(struct net_buf *buf);
560 void bt_hci_role_change(struct net_buf *buf);
561 void bt_hci_synchronous_conn_complete(struct net_buf *buf);
562 
563 void bt_hci_le_df_connection_iq_report(struct net_buf *buf);
564 void bt_hci_le_vs_df_connection_iq_report(struct net_buf *buf);
565 void bt_hci_le_df_cte_req_failed(struct net_buf *buf);
566 
567 void bt_hci_le_per_adv_subevent_data_request(struct net_buf *buf);
568 void bt_hci_le_per_adv_response_report(struct net_buf *buf);
569 
570 int bt_hci_read_remote_version(struct bt_conn *conn);
571 int bt_hci_le_read_remote_features(struct bt_conn *conn);
572 int bt_hci_le_read_max_data_len(uint16_t *tx_octets, uint16_t *tx_time);
573 
574 bool bt_drv_quirk_no_auto_dle(void);
575 
576 void bt_tx_irq_raise(void);
577 void bt_send_one_host_num_completed_packets(uint16_t handle);
578 void bt_acl_set_ncp_sent(struct net_buf *packet, bool value);
579