diff options
Diffstat (limited to 'stack/btm')
-rw-r--r-- | stack/btm/btm_acl.c | 3126 | ||||
-rw-r--r-- | stack/btm/btm_ble.c | 1888 | ||||
-rw-r--r-- | stack/btm/btm_ble_addr.c | 371 | ||||
-rw-r--r-- | stack/btm/btm_ble_bgconn.c | 604 | ||||
-rw-r--r-- | stack/btm/btm_ble_gap.c | 2072 | ||||
-rw-r--r-- | stack/btm/btm_ble_int.h | 285 | ||||
-rw-r--r-- | stack/btm/btm_dev.c | 451 | ||||
-rw-r--r-- | stack/btm/btm_devctl.c | 1935 | ||||
-rw-r--r-- | stack/btm/btm_inq.c | 3233 | ||||
-rw-r--r-- | stack/btm/btm_int.h | 1099 | ||||
-rw-r--r-- | stack/btm/btm_main.c | 59 | ||||
-rw-r--r-- | stack/btm/btm_pm.c | 985 | ||||
-rw-r--r-- | stack/btm/btm_sco.c | 1741 | ||||
-rw-r--r-- | stack/btm/btm_sec.c | 5612 |
14 files changed, 23461 insertions, 0 deletions
diff --git a/stack/btm/btm_acl.c b/stack/btm/btm_acl.c new file mode 100644 index 0000000..aebbfec --- /dev/null +++ b/stack/btm/btm_acl.c @@ -0,0 +1,3126 @@ +/***************************************************************************** +** +** Name: btm_acl.c +** +** Description: This file contains functions that handle ACL connections. +** This includes operations such as hold and sniff modes, +** supported packet types. +** +** This module contains both internal and external (API) +** functions. External (API) functions are distinguishable +** by their names beginning with uppercase BTM. +** +** +** Copyright (c) 2000-2011, Broadcom Corp., All Rights Reserved. +** Broadcom Bluetooth Core. Proprietary and confidential. +******************************************************************************/ + +#include <stdlib.h> +#include <string.h> +#include <stdio.h> +#include <stddef.h> + +#include "bt_types.h" +#include "bt_target.h" +#include "gki.h" +#include "hcimsgs.h" +#include "btu.h" +#include "btm_api.h" +#include "btm_int.h" +#include "l2c_int.h" +#include "hcidefs.h" +static void btm_establish_continue (tACL_CONN *p_acl_cb); + +#define BTM_DEV_REPLY_TIMEOUT 3 /* 3 second timeout waiting for responses */ + +/******************************************************************************* +** +** Function btm_acl_init +** +** Description This function is called at BTM startup to initialize +** +** Returns void +** +*******************************************************************************/ +void btm_acl_init (void) +{ + BTM_TRACE_DEBUG0 ("btm_acl_init"); +#if 0 /* cleared in btm_init; put back in if called from anywhere else! */ + memset (&btm_cb.acl_db, 0, sizeof (btm_cb.acl_db)); +#if RFCOMM_INCLUDED == TRUE + memset (btm_cb.btm_scn, 0, BTM_MAX_SCN); /* Initialize the SCN usage to FALSE */ +#endif + btm_cb.btm_def_link_policy = 0; +#if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE) + btm_cb.p_bl_changed_cb = NULL; +#else + btm_cb.p_acl_changed_cb = NULL; +#endif +#endif + + /* Initialize nonzero defaults */ + btm_cb.btm_def_link_super_tout = HCI_DEFAULT_INACT_TOUT; + btm_cb.acl_disc_reason = 0xff ; +} + +/******************************************************************************* +** +** Function btm_bda_to_acl +** +** Description This function returns the FIRST acl_db entry for the passed BDA. +** +** Returns Returns pointer to the ACL DB for the requested BDA if found. +** NULL if not found. +** +*******************************************************************************/ +tACL_CONN *btm_bda_to_acl (BD_ADDR bda) +{ + tACL_CONN *p = &btm_cb.acl_db[0]; + UINT16 xx; + if (bda) + { + for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p++) + { + if ((p->in_use) && (!memcmp (p->remote_addr, bda, BD_ADDR_LEN))) + { + BTM_TRACE_DEBUG0 ("btm_bda_to_acl found"); + return(p); + } + } + } + BTM_TRACE_DEBUG0 ("btm_bda_to_acl Not found"); + + /* If here, no BD Addr found */ + return((tACL_CONN *)NULL); +} + +/******************************************************************************* +** +** Function btm_handle_to_acl_index +** +** Description This function returns the FIRST acl_db entry for the passed hci_handle. +** +** Returns index to the acl_db or MAX_L2CAP_LINKS. +** +*******************************************************************************/ +UINT8 btm_handle_to_acl_index (UINT16 hci_handle) +{ + tACL_CONN *p = &btm_cb.acl_db[0]; + UINT8 xx; + BTM_TRACE_DEBUG0 ("btm_handle_to_acl_index"); + for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p++) + { + if ((p->in_use) && (p->hci_handle == hci_handle)) + { + break; + } + } + + /* If here, no BD Addr found */ + return(xx); +} + + +/******************************************************************************* +** +** Function btm_acl_created +** +** Description This function is called by L2CAP when an ACL connection +** is created. +** +** Returns void +** +*******************************************************************************/ +void btm_acl_created (BD_ADDR bda, DEV_CLASS dc, BD_NAME bdn, + UINT16 hci_handle, UINT8 link_role, UINT8 is_le_link) +{ + tBTM_SEC_DEV_REC *p_dev_rec; + UINT8 yy; + tACL_CONN *p; + UINT8 xx; + + BTM_TRACE_DEBUG3 ("btm_acl_created hci_handle=%d link_role=%d is_le_link=%d", + hci_handle,link_role, is_le_link); + /* Ensure we don't have duplicates */ + p = btm_bda_to_acl(bda); + if (p != (tACL_CONN *)NULL) + { + p->hci_handle = hci_handle; + p->link_role = link_role; +#if BLE_INCLUDED == TRUE + p->is_le_link = is_le_link; +#endif + BTM_TRACE_DEBUG6 ("Duplicate btm_acl_created: RemBdAddr: %02x%02x%02x%02x%02x%02x", + bda[0], bda[1], bda[2], bda[3], bda[4], bda[5]); + BTM_SetLinkPolicy(p->remote_addr, &btm_cb.btm_def_link_policy); + return; + } + + /* Allocate acl_db entry */ + for (xx = 0, p = &btm_cb.acl_db[0]; xx < MAX_L2CAP_LINKS; xx++, p++) + { + if (!p->in_use) + { + p->in_use = TRUE; + p->hci_handle = hci_handle; + p->link_role = link_role; + p->link_up_issued = FALSE; +#if BLE_INCLUDED == TRUE + p->is_le_link = is_le_link; +#endif + p->restore_pkt_types = 0; /* Only exists while SCO is active */ + p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE; + +#if BTM_PWR_MGR_INCLUDED == FALSE + p->mode = BTM_ACL_MODE_NORMAL; +#else + btm_pm_sm_alloc(xx); +#endif /* BTM_PWR_MGR_INCLUDED == FALSE */ + + memcpy (p->remote_addr, bda, BD_ADDR_LEN); + + if (dc) + memcpy (p->remote_dc, dc, DEV_CLASS_LEN); + + if (bdn) + memcpy (p->remote_name, bdn, BTM_MAX_REM_BD_NAME_LEN); + + + /* Check if we already know features for this device */ + p_dev_rec = btm_find_dev_by_handle (hci_handle); + +#if (BLE_INCLUDED == TRUE) + if (p_dev_rec ) + { + BTM_TRACE_DEBUG1 ("device_type=0x%x", p_dev_rec->device_type); + } +#endif + + + if (p_dev_rec +#if (BLE_INCLUDED == TRUE) + && p_dev_rec->device_type != BT_DEVICE_TYPE_BLE +#endif + ) + { + + /* if BR/EDR do something more */ + btsnd_hcic_read_rmt_clk_offset (p->hci_handle); + btsnd_hcic_rmt_ver_req (p->hci_handle); + + for (yy = 0; yy < BD_FEATURES_LEN; yy++) + { + if (p_dev_rec->features[yy]) + { + memcpy (p->features, p_dev_rec->features, BD_FEATURES_LEN); + if (BTM_SEC_MODE_SP == btm_cb.security_mode && + HCI_SIMPLE_PAIRING_SUPPORTED(p->features)) + { + /* if SM4 supported, check peer support for SM4 + * The remote controller supports SSP according to saved remote features + * read the extended feature page 1 for the host support for SSP */ + if (btsnd_hcic_rmt_ext_features (p_dev_rec->hci_handle, 1)) + return; + } + /* peer does not support SSP */ + p_dev_rec->sm4 |= BTM_SM4_KNOWN; + + btm_establish_continue (p); + return; + } + } + } +#if (BLE_INCLUDED == TRUE) + /* If here, features are not known yet */ + if (p_dev_rec && p_dev_rec->device_type == BT_DEVICE_TYPE_BLE) + { + btm_establish_continue(p); + + if (link_role == HCI_ROLE_MASTER) + { + btm_ble_update_bg_state(); + btm_ble_resume_bg_conn (NULL, FALSE); + + btsnd_hcic_ble_read_remote_feat(p->hci_handle); + } + } + else +#endif + { + btsnd_hcic_rmt_features_req (p->hci_handle); + } + + /* read page 1 - on rmt feature event for buffer reasons */ + return; + } + } +} + + +/******************************************************************************* +** +** Function btm_acl_report_role_change +** +** Description This function is called when the local device is deemed +** to be down. It notifies L2CAP of the failure. +** +** Returns void +** +*******************************************************************************/ +void btm_acl_report_role_change (UINT8 hci_status, BD_ADDR bda) +{ + tBTM_ROLE_SWITCH_CMPL ref_data; + BTM_TRACE_DEBUG0 ("btm_acl_report_role_change"); + if (btm_cb.devcb.p_switch_role_cb && (bda && + (0 == memcmp(btm_cb.devcb.switch_role_ref_data.remote_bd_addr, bda, BD_ADDR_LEN)))) + { + memset (&btm_cb.devcb.switch_role_ref_data, 0, sizeof(tBTM_ROLE_SWITCH_CMPL)); + ref_data.hci_status = hci_status; + memcpy (&ref_data, &btm_cb.devcb.switch_role_ref_data, sizeof(tBTM_ROLE_SWITCH_CMPL)); + (*btm_cb.devcb.p_switch_role_cb)(&ref_data); + btm_cb.devcb.p_switch_role_cb = NULL; + } +} + +/******************************************************************************* +** +** Function btm_acl_removed +** +** Description This function is called by L2CAP when an ACL connection +** is removed. Since only L2CAP creates ACL links, we use +** the L2CAP link index as our index into the control blocks. +** +** Returns void +** +*******************************************************************************/ +void btm_acl_removed (BD_ADDR bda) +{ + tACL_CONN *p; +#if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE) + tBTM_BL_EVENT_DATA evt_data; +#endif +#if (defined BLE_INCLUDED && BLE_INCLUDED == TRUE) + tBTM_SEC_DEV_REC *p_dev_rec=NULL; + UINT16 combined_mode; +#endif + + BTM_TRACE_DEBUG0 ("btm_acl_removed"); + p = btm_bda_to_acl(bda); + if (p != (tACL_CONN *)NULL) + { + p->in_use = FALSE; + + /* if the disconnected channel has a pending role switch, clear it now */ + btm_acl_report_role_change(HCI_ERR_NO_CONNECTION, bda); + + /* Only notify if link up has had a chance to be issued */ + if (p->link_up_issued) + { + p->link_up_issued = FALSE; + + /* If anyone cares, tell him database changed */ +#if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE) + if (btm_cb.p_bl_changed_cb) + { + evt_data.event = BTM_BL_DISCN_EVT; + evt_data.discn.p_bda = bda; + + (*btm_cb.p_bl_changed_cb)(&evt_data); + } + + btm_acl_update_busy_level (BTM_BLI_ACL_DOWN_EVT); +#else + if (btm_cb.p_acl_changed_cb) + (*btm_cb.p_acl_changed_cb) (bda, NULL, NULL, NULL, FALSE); +#endif + } + +#if (defined BLE_INCLUDED && BLE_INCLUDED == TRUE) + + BTM_TRACE_DEBUG4 ("acl hci_handle=%d is_le_link=%d connectable_mode=0x%0x link_role=%d", + p->hci_handle, + p->is_le_link, + btm_cb.ble_ctr_cb.inq_var.connectable_mode, + p->link_role); + + + /* If we are LE connectable, check if we need to start advertising again */ + if ( p->is_le_link && (btm_cb.ble_ctr_cb.inq_var.connectable_mode != BTM_BLE_NON_CONNECTABLE) ) + { + tACL_CONN *pa = &btm_cb.acl_db[0]; + UINT16 xx; + + for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, pa++) + { + /* If any other LE link is up, we are still not connectable */ + if (pa->in_use && pa->is_le_link) + return; + } + combined_mode = (btm_cb.ble_ctr_cb.inq_var.connectable_mode | btm_cb.btm_inq_vars.connectable_mode); + btm_ble_set_connectability ( combined_mode ); + } + + p_dev_rec = btm_find_dev(bda); + if ( p_dev_rec) + { + BTM_TRACE_DEBUG1("before update p_dev_rec->sec_flags=0x%x", p_dev_rec->sec_flags); + if (p->is_le_link) + { + BTM_TRACE_DEBUG0("LE link down"); + p_dev_rec->sec_flags &= ~(BTM_SEC_ENCRYPTED | BTM_SEC_ROLE_SWITCHED); + if ( (p_dev_rec->sec_flags & BTM_SEC_LINK_KEY_KNOWN) == 0) + { + BTM_TRACE_DEBUG0("Not Bonded"); + p_dev_rec->sec_flags &= ~(BTM_SEC_AUTHENTICATED | BTM_SEC_LINK_KEY_AUTHED); + } + else + { + BTM_TRACE_DEBUG0("Bonded"); + } + } + else + { + BTM_TRACE_DEBUG0("Bletooth link down"); + p_dev_rec->sec_flags &= ~(BTM_SEC_AUTHORIZED | BTM_SEC_AUTHENTICATED | BTM_SEC_ENCRYPTED | BTM_SEC_ROLE_SWITCHED); + } + BTM_TRACE_DEBUG1("after update p_dev_rec->sec_flags=0x%x", p_dev_rec->sec_flags); + } + else + { + BTM_TRACE_ERROR0("Device not found"); + + } +#endif + + return; + } +} + + +/******************************************************************************* +** +** Function btm_acl_device_down +** +** Description This function is called when the local device is deemed +** to be down. It notifies L2CAP of the failure. +** +** Returns void +** +*******************************************************************************/ +void btm_acl_device_down (void) +{ + tACL_CONN *p = &btm_cb.acl_db[0]; + UINT16 xx; + BTM_TRACE_DEBUG0 ("btm_acl_device_down"); + for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p++) + { + if (p->in_use) + { + BTM_TRACE_DEBUG1 ("hci_handle=%d HCI_ERR_HW_FAILURE ",p->hci_handle ); + l2c_link_hci_disc_comp (p->hci_handle, HCI_ERR_HW_FAILURE); + } + } +} + +#if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE) +/******************************************************************************* +** +** Function btm_acl_update_busy_level +** +** Description This function is called to update the busy level of the system +** . +** +** Returns void +** +*******************************************************************************/ +void btm_acl_update_busy_level (tBTM_BLI_EVENT event) +{ + tBTM_BL_UPDATE_DATA evt; + UINT8 busy_level; + BTM_TRACE_DEBUG0 ("btm_acl_update_busy_level"); + switch (event) + { + case BTM_BLI_ACL_UP_EVT: + BTM_TRACE_DEBUG0 ("BTM_BLI_ACL_UP_EVT"); + btm_cb.num_acl++; + break; + case BTM_BLI_ACL_DOWN_EVT: + if (btm_cb.num_acl) + { + btm_cb.num_acl--; + BTM_TRACE_DEBUG1 ("BTM_BLI_ACL_DOWN_EVT", btm_cb.num_acl); + } + else + { + BTM_TRACE_ERROR0 ("BTM_BLI_ACL_DOWN_EVT issued, but num_acl already zero !!!"); + } + break; + case BTM_BLI_PAGE_EVT: + BTM_TRACE_DEBUG0 ("BTM_BLI_PAGE_EVT"); + btm_cb.is_paging = TRUE; + break; + case BTM_BLI_PAGE_DONE_EVT: + BTM_TRACE_DEBUG0 ("BTM_BLI_PAGE_DONE_EVT"); + btm_cb.is_paging = FALSE; + break; + case BTM_BLI_INQ_EVT: + BTM_TRACE_DEBUG0 ("BTM_BLI_INQ_EVT"); + btm_cb.is_inquiry = TRUE; + break; + case BTM_BLI_INQ_DONE_EVT: + BTM_TRACE_DEBUG0 ("BTM_BLI_INQ_DONE_EVT"); + btm_cb.is_inquiry = FALSE; + break; + } + if (btm_cb.is_paging || btm_cb.is_inquiry) + busy_level = 10; + else + busy_level = (UINT8)btm_cb.num_acl; + + if (busy_level != btm_cb.busy_level) + { + evt.event = BTM_BL_UPDATE_EVT; + evt.busy_level = busy_level; + btm_cb.busy_level = busy_level; + if (btm_cb.p_bl_changed_cb && (btm_cb.bl_evt_mask & BTM_BL_UPDATE_MASK)) + { + (*btm_cb.p_bl_changed_cb)((tBTM_BL_EVENT_DATA *)&evt); + } + } +} +#endif + + +/******************************************************************************* +** +** Function BTM_GetRole +** +** Description This function is called to get the role of the local device +** for the ACL connection with the specified remote device +** +** Returns BTM_SUCCESS if connection exists. +** BTM_UNKNOWN_ADDR if no active link with bd addr specified +** +*******************************************************************************/ +tBTM_STATUS BTM_GetRole (BD_ADDR remote_bd_addr, UINT8 *p_role) +{ + tACL_CONN *p; + BTM_TRACE_DEBUG0 ("BTM_GetRole"); + if ((p = btm_bda_to_acl(remote_bd_addr)) == NULL) + { + *p_role = BTM_ROLE_UNDEFINED; + return(BTM_UNKNOWN_ADDR); + } + + /* Get the current role */ + *p_role = p->link_role; + return(BTM_SUCCESS); +} + + +/******************************************************************************* +** +** Function BTM_SwitchRole +** +** Description This function is called to switch role between master and +** slave. If role is already set it will do nothing. If the +** command was initiated, the callback function is called upon +** completion. +** +** Returns BTM_SUCCESS if already in specified role. +** BTM_CMD_STARTED if command issued to controller. +** BTM_NO_RESOURCES if couldn't allocate memory to issue command +** BTM_UNKNOWN_ADDR if no active link with bd addr specified +** BTM_MODE_UNSUPPORTED if local device does not support role switching +** BTM_BUSY if the previous command is not completed +** +*******************************************************************************/ +tBTM_STATUS BTM_SwitchRole (BD_ADDR remote_bd_addr, UINT8 new_role, tBTM_CMPL_CB *p_cb) +{ + tACL_CONN *p; + tBTM_SEC_DEV_REC *p_dev_rec = NULL; +#if BTM_SCO_INCLUDED == TRUE + BOOLEAN is_sco_active; +#endif +#if BTM_PWR_MGR_INCLUDED == TRUE + tBTM_STATUS status; + tBTM_PM_MODE pwr_mode; + tBTM_PM_PWR_MD settings; +#endif +#if (BT_USE_TRACES == TRUE) + BD_ADDR_PTR p_bda; +#endif + BTM_TRACE_API6 ("BTM_SwitchRole BDA: %02x-%02x-%02x-%02x-%02x-%02x", + remote_bd_addr[0], remote_bd_addr[1], remote_bd_addr[2], + remote_bd_addr[3], remote_bd_addr[4], remote_bd_addr[5]); + + /* Make sure the local device supports switching */ + if (!(HCI_SWITCH_SUPPORTED(btm_cb.devcb.local_features))) + return(BTM_MODE_UNSUPPORTED); + + if (btm_cb.devcb.p_switch_role_cb && p_cb) + { +#if (BT_USE_TRACES == TRUE) + p_bda = btm_cb.devcb.switch_role_ref_data.remote_bd_addr; + BTM_TRACE_DEBUG6 ("Role switch on other device is in progress 0x%02x%02x%02x%02x%02x%02x", + p_bda[0], p_bda[1], p_bda[2], + p_bda[3], p_bda[4], p_bda[5]); +#endif + return(BTM_BUSY); + } + + if ((p = btm_bda_to_acl(remote_bd_addr)) == NULL) + return(BTM_UNKNOWN_ADDR); + + /* Finished if already in desired role */ + if (p->link_role == new_role) + return(BTM_SUCCESS); + +#if BTM_SCO_INCLUDED == TRUE + /* Check if there is any SCO Active on this BD Address */ + is_sco_active = btm_is_sco_active_by_bdaddr(remote_bd_addr); + + if (is_sco_active == TRUE) + return(BTM_NO_RESOURCES); +#endif + + /* Ignore role switch request if the previous request was not completed */ + if (p->switch_role_state != BTM_ACL_SWKEY_STATE_IDLE) + { + BTM_TRACE_DEBUG1 ("BTM_SwitchRole busy: %d", + p->switch_role_state); + return(BTM_BUSY); + } + + /* Cannot switch role while parked or sniffing */ +#if BTM_PWR_MGR_INCLUDED == FALSE + if (p->mode == HCI_MODE_PARK) + { + if (!btsnd_hcic_exit_park_mode (p->hci_handle)) + return(BTM_NO_RESOURCES); + + p->switch_role_state = BTM_ACL_SWKEY_STATE_MODE_CHANGE; + } + else if (p->mode == HCI_MODE_SNIFF) + { + if (!btsnd_hcic_exit_sniff_mode (p->hci_handle)) + return(BTM_NO_RESOURCES); + + p->switch_role_state = BTM_ACL_SWKEY_STATE_MODE_CHANGE; + } +#else /* power manager is in use */ + + if ((status = BTM_ReadPowerMode(p->remote_addr, &pwr_mode)) != BTM_SUCCESS) + return(status); + + /* Wake up the link if in sniff or park before attempting switch */ + if (pwr_mode == BTM_PM_MD_PARK || pwr_mode == BTM_PM_MD_SNIFF) + { +/* Coverity FALSE-POSITIVE error from Coverity tool. Please do NOT remove following comment. */ +/* coverity[uninit_use_in_call] False-positive: setting the mode to BTM_PM_MD_ACTIVE only uses settings.mode + the other data members of tBTM_PM_PWR_MD are ignored +*/ + settings.mode = BTM_PM_MD_ACTIVE; + status = BTM_SetPowerMode (BTM_PM_SET_ONLY_ID, p->remote_addr, &settings); + if (status != BTM_CMD_STARTED) + return(BTM_WRONG_MODE); + + p->switch_role_state = BTM_ACL_SWKEY_STATE_MODE_CHANGE; + } +#endif + /* some devices do not support switch while encryption is on */ + else + { + if (((p_dev_rec = btm_find_dev (remote_bd_addr)) != NULL) + && ((p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED) != 0) + && !BTM_EPR_AVAILABLE(p)) + { + /* bypass turning off encryption if change link key is already doing it */ + if (p->encrypt_state != BTM_ACL_ENCRYPT_STATE_ENCRYPT_OFF) + { + if (!btsnd_hcic_set_conn_encrypt (p->hci_handle, FALSE)) + return(BTM_NO_RESOURCES); + else + p->encrypt_state = BTM_ACL_ENCRYPT_STATE_ENCRYPT_OFF; + } + + p->switch_role_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF; + } + else + { + if (!btsnd_hcic_switch_role (remote_bd_addr, new_role)) + return(BTM_NO_RESOURCES); + + p->switch_role_state = BTM_ACL_SWKEY_STATE_IN_PROGRESS; + +#if BTM_DISC_DURING_RS == TRUE + if (p_dev_rec) + p_dev_rec->rs_disc_pending = BTM_SEC_RS_PENDING; +#endif + } + } + + /* Initialize return structure in case request fails */ + if (p_cb) + { + memcpy (btm_cb.devcb.switch_role_ref_data.remote_bd_addr, remote_bd_addr, + BD_ADDR_LEN); + btm_cb.devcb.switch_role_ref_data.role = new_role; + /* initialized to an error code */ + btm_cb.devcb.switch_role_ref_data.hci_status = HCI_ERR_UNSUPPORTED_VALUE; + btm_cb.devcb.p_switch_role_cb = p_cb; + } + return(BTM_CMD_STARTED); +} + +/******************************************************************************* +** +** Function BTM_ChangeLinkKey +** +** Description This function is called to change the link key of the +** connection. +** +** Returns BTM_CMD_STARTED if command issued to controller. +** BTM_NO_RESOURCES if couldn't allocate memory to issue command +** BTM_UNKNOWN_ADDR if no active link with bd addr specified +** BTM_BUSY if the previous command is not completed +** +*******************************************************************************/ +tBTM_STATUS BTM_ChangeLinkKey (BD_ADDR remote_bd_addr, tBTM_CMPL_CB *p_cb) +{ + tACL_CONN *p; + tBTM_SEC_DEV_REC *p_dev_rec = NULL; +#if BTM_PWR_MGR_INCLUDED == TRUE + tBTM_STATUS status; + tBTM_PM_MODE pwr_mode; + tBTM_PM_PWR_MD settings; +#endif + BTM_TRACE_DEBUG0 ("BTM_ChangeLinkKey"); + if ((p = btm_bda_to_acl(remote_bd_addr)) == NULL) + return(BTM_UNKNOWN_ADDR); + + /* Ignore change link key request if the previsous request has not completed */ + if (p->change_key_state != BTM_ACL_SWKEY_STATE_IDLE) + { + BTM_TRACE_DEBUG0 ("Link key change request declined since the previous request for this device has not completed "); + return(BTM_BUSY); + } + + memset (&btm_cb.devcb.chg_link_key_ref_data, 0, sizeof(tBTM_CHANGE_KEY_CMPL)); + + /* Cannot change key while parked */ +#if BTM_PWR_MGR_INCLUDED == FALSE + if (p->mode == HCI_MODE_PARK) + { + if (!btsnd_hcic_exit_park_mode (p->hci_handle)) + return(BTM_NO_RESOURCES); + + p->change_key_state = BTM_ACL_SWKEY_STATE_MODE_CHANGE; + } +#else /* power manager is in use */ + + + if ((status = BTM_ReadPowerMode(p->remote_addr, &pwr_mode)) != BTM_SUCCESS) + return(status); + + /* Wake up the link if in park before attempting to change link keys */ + if (pwr_mode == BTM_PM_MD_PARK) + { +/* Coverity: FALSE-POSITIVE error from Coverity tool. Please do NOT remove following comment. */ +/* coverity[uninit_use_in_call] False-positive: setting the mode to BTM_PM_MD_ACTIVE only uses settings.mode + the other data members of tBTM_PM_PWR_MD are ignored +*/ + settings.mode = BTM_PM_MD_ACTIVE; + status = BTM_SetPowerMode (BTM_PM_SET_ONLY_ID, p->remote_addr, &settings); + if (status != BTM_CMD_STARTED) + return(BTM_WRONG_MODE); + + p->change_key_state = BTM_ACL_SWKEY_STATE_MODE_CHANGE; + } +#endif + /* some devices do not support change of link key while encryption is on */ + else if (((p_dev_rec = btm_find_dev (remote_bd_addr)) != NULL) + && ((p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED) != 0) && !BTM_EPR_AVAILABLE(p)) + { + /* bypass turning off encryption if switch role is already doing it */ + if (p->encrypt_state != BTM_ACL_ENCRYPT_STATE_ENCRYPT_OFF) + { + if (!btsnd_hcic_set_conn_encrypt (p->hci_handle, FALSE)) + return(BTM_NO_RESOURCES); + else + p->encrypt_state = BTM_ACL_ENCRYPT_STATE_ENCRYPT_OFF; + } + + p->change_key_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF; + } + else /* Ok to initiate change of link key */ + { + if (!btsnd_hcic_change_link_key (p->hci_handle)) + return(BTM_NO_RESOURCES); + + p->change_key_state = BTM_ACL_SWKEY_STATE_IN_PROGRESS; + } + + /* Initialize return structure in case request fails */ + memcpy (btm_cb.devcb.chg_link_key_ref_data.remote_bd_addr, remote_bd_addr, + BD_ADDR_LEN); + btm_cb.devcb.p_chg_link_key_cb = p_cb; + return(BTM_CMD_STARTED); +} + +/******************************************************************************* +** +** Function btm_acl_link_key_change +** +** Description This function is called to when a change link key event +** is received. +** +*******************************************************************************/ +void btm_acl_link_key_change (UINT16 handle, UINT8 status) +{ + tBTM_CHANGE_KEY_CMPL *p_data; + tACL_CONN *p; + UINT8 xx; + BTM_TRACE_DEBUG0 ("btm_acl_link_key_change"); + /* Look up the connection by handle and set the current mode */ + xx = btm_handle_to_acl_index(handle); + + /* don't assume that we can never get a bad hci_handle */ + if (xx >= MAX_L2CAP_LINKS) + return; + + p_data = &btm_cb.devcb.chg_link_key_ref_data; + p = &btm_cb.acl_db[xx]; + p_data->hci_status = status; + + /* if switching state is switching we need to turn encryption on */ + /* if idle, we did not change encryption */ + if (p->change_key_state == BTM_ACL_SWKEY_STATE_SWITCHING) + { + /* Make sure there's not also a role switch going on before re-enabling */ + if (p->switch_role_state != BTM_ACL_SWKEY_STATE_SWITCHING) + { + if (btsnd_hcic_set_conn_encrypt (p->hci_handle, TRUE)) + { + p->encrypt_state = BTM_ACL_ENCRYPT_STATE_ENCRYPT_ON; + p->change_key_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_ON; + return; + } + } + else /* Set the state and wait for change link key */ + { + p->change_key_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_ON; + return; + } + } + + /* Set the switch_role_state to IDLE since the reply received from HCI */ + /* regardless of its result either success or failed. */ + if (p->change_key_state == BTM_ACL_SWKEY_STATE_IN_PROGRESS) + { + p->change_key_state = BTM_ACL_SWKEY_STATE_IDLE; + p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE; + } + + if (btm_cb.devcb.p_chg_link_key_cb) + { + (*btm_cb.devcb.p_chg_link_key_cb)((void *)p_data); + btm_cb.devcb.p_chg_link_key_cb = NULL; + } + + BTM_TRACE_ERROR2("Change Link Key Complete Event: Handle 0x%02x, HCI Status 0x%02x", + handle, p_data->hci_status); +} + +/******************************************************************************* +** +** Function btm_acl_encrypt_change +** +** Description This function is when encryption of the connection is +** completed by the LM. Checks to see if a role switch or +** change of link key was active and initiates or continues +** process if needed. +** +** Returns void +** +*******************************************************************************/ +void btm_acl_encrypt_change (UINT16 handle, UINT8 status, UINT8 encr_enable) +{ + tACL_CONN *p; + UINT8 xx; +#if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE) + tBTM_BL_ROLE_CHG_DATA evt; +#endif +#if BTM_DISC_DURING_RS == TRUE + tBTM_SEC_DEV_REC *p_dev_rec; +#endif + BTM_TRACE_DEBUG3 ("btm_acl_encrypt_change handle=%d status=%d encr_enabl=%d", handle, status, encr_enable); + xx = btm_handle_to_acl_index(handle); + /* don't assume that we can never get a bad hci_handle */ + if (xx < MAX_L2CAP_LINKS) + p = &btm_cb.acl_db[xx]; + else + return; + + /* Process Role Switch if active */ + if (p->switch_role_state == BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF) + { + /* if encryption turn off failed we still will try to switch role */ + if (encr_enable) + { + p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE; + p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE; + } + else + { + p->switch_role_state = BTM_ACL_SWKEY_STATE_SWITCHING; + p->encrypt_state = BTM_ACL_ENCRYPT_STATE_TEMP_FUNC; + } + + if (!btsnd_hcic_switch_role (p->remote_addr, (UINT8)!p->link_role)) + { + p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE; + p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE; + btm_acl_report_role_change(btm_cb.devcb.switch_role_ref_data.hci_status, p->remote_addr); + } +#if BTM_DISC_DURING_RS == TRUE + else + { + if ((p_dev_rec = btm_find_dev (p->remote_addr)) != NULL) + p_dev_rec->rs_disc_pending = BTM_SEC_RS_PENDING; + } +#endif + + } + /* Finished enabling Encryption after role switch */ + else if (p->switch_role_state == BTM_ACL_SWKEY_STATE_ENCRYPTION_ON) + { + p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE; + p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE; + btm_acl_report_role_change(btm_cb.devcb.switch_role_ref_data.hci_status, p->remote_addr); + +#if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE) + /* if role change event is registered, report it now */ + if (btm_cb.p_bl_changed_cb && (btm_cb.bl_evt_mask & BTM_BL_ROLE_CHG_MASK)) + { + evt.event = BTM_BL_ROLE_CHG_EVT; + evt.new_role = btm_cb.devcb.switch_role_ref_data.role; + evt.p_bda = btm_cb.devcb.switch_role_ref_data.remote_bd_addr; + evt.hci_status = btm_cb.devcb.switch_role_ref_data.hci_status; + (*btm_cb.p_bl_changed_cb)((tBTM_BL_EVENT_DATA *)&evt); + + BTM_TRACE_DEBUG3("Role Switch Event: new_role 0x%02x, HCI Status 0x%02x, rs_st:%d", + evt.new_role, evt.hci_status, p->switch_role_state); + } +#endif + +#if BTM_DISC_DURING_RS == TRUE + /* If a disconnect is pending, issue it now that role switch has completed */ + if ((p_dev_rec = btm_find_dev (p->remote_addr)) != NULL) + { + if (p_dev_rec->rs_disc_pending == BTM_SEC_DISC_PENDING) + { + BTM_TRACE_WARNING0("btm_acl_encrypt_change -> Issuing delayed HCI_Disconnect!!!"); + btsnd_hcic_disconnect(p_dev_rec->hci_handle, HCI_ERR_PEER_USER); + } + BTM_TRACE_ERROR2("btm_acl_encrypt_change: tBTM_SEC_DEV:0x%x rs_disc_pending=%d", + (UINT32)p_dev_rec, p_dev_rec->rs_disc_pending); + p_dev_rec->rs_disc_pending = BTM_SEC_RS_NOT_PENDING; /* reset flag */ + } +#endif + } + + + /* Process Change Link Key if active */ + if (p->change_key_state == BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF) + { + /* if encryption turn off failed we still will try to change link key */ + if (encr_enable) + { + p->change_key_state = BTM_ACL_SWKEY_STATE_IDLE; + p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE; + } + else + { + p->encrypt_state = BTM_ACL_ENCRYPT_STATE_TEMP_FUNC; + p->change_key_state = BTM_ACL_SWKEY_STATE_SWITCHING; + } + + if (!btsnd_hcic_change_link_key (p->hci_handle)) + { + p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE; + p->change_key_state = BTM_ACL_SWKEY_STATE_IDLE; + if (btm_cb.devcb.p_chg_link_key_cb) + { + (*btm_cb.devcb.p_chg_link_key_cb)(&btm_cb.devcb.chg_link_key_ref_data); + btm_cb.devcb.p_chg_link_key_cb = NULL; + } + } + } + /* Finished enabling Encryption after changing link key */ + else if (p->change_key_state == BTM_ACL_SWKEY_STATE_ENCRYPTION_ON) + { + p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE; + p->change_key_state = BTM_ACL_SWKEY_STATE_IDLE; + if (btm_cb.devcb.p_chg_link_key_cb) + { + (*btm_cb.devcb.p_chg_link_key_cb)(&btm_cb.devcb.chg_link_key_ref_data); + btm_cb.devcb.p_chg_link_key_cb = NULL; + } + } +} +/******************************************************************************* +** +** Function BTM_SetLinkPolicy +** +** Description Create and send HCI "Write Policy Set" command +** +** Returns status of the operation +** +*******************************************************************************/ +tBTM_STATUS BTM_SetLinkPolicy (BD_ADDR remote_bda, UINT16 *settings) +{ + tACL_CONN *p; + UINT8 *localFeatures = BTM_ReadLocalFeatures(); + BTM_TRACE_DEBUG0 ("BTM_SetLinkPolicy"); +/* BTM_TRACE_API1 ("BTM_SetLinkPolicy: requested settings: 0x%04x", *settings ); */ + + /* First, check if hold mode is supported */ + if (*settings != HCI_DISABLE_ALL_LM_MODES) + { + if ( (*settings & HCI_ENABLE_MASTER_SLAVE_SWITCH) && (!HCI_SWITCH_SUPPORTED(localFeatures)) ) + { + *settings &= (~HCI_ENABLE_MASTER_SLAVE_SWITCH); + BTM_TRACE_API1 ("BTM_SetLinkPolicy switch not supported (settings: 0x%04x)", *settings ); + } + if ( (*settings & HCI_ENABLE_HOLD_MODE) && (!HCI_HOLD_MODE_SUPPORTED(localFeatures)) ) + { + *settings &= (~HCI_ENABLE_HOLD_MODE); + BTM_TRACE_API1 ("BTM_SetLinkPolicy hold not supported (settings: 0x%04x)", *settings ); + } + if ( (*settings & HCI_ENABLE_SNIFF_MODE) && (!HCI_SNIFF_MODE_SUPPORTED(localFeatures)) ) + { + *settings &= (~HCI_ENABLE_SNIFF_MODE); + BTM_TRACE_API1 ("BTM_SetLinkPolicy sniff not supported (settings: 0x%04x)", *settings ); + } + if ( (*settings & HCI_ENABLE_PARK_MODE) && (!HCI_PARK_MODE_SUPPORTED(localFeatures)) ) + { + *settings &= (~HCI_ENABLE_PARK_MODE); + BTM_TRACE_API1 ("BTM_SetLinkPolicy park not supported (settings: 0x%04x)", *settings ); + } + } + + if ((p = btm_bda_to_acl(remote_bda)) != NULL) + return(btsnd_hcic_write_policy_set (p->hci_handle, *settings) ? BTM_CMD_STARTED : BTM_NO_RESOURCES); + + /* If here, no BD Addr found */ + return(BTM_UNKNOWN_ADDR); +} + +/******************************************************************************* +** +** Function BTM_SetDefaultLinkPolicy +** +** Description Set the default value for HCI "Write Policy Set" command +** to use when an ACL link is created. +** +** Returns void +** +*******************************************************************************/ +void BTM_SetDefaultLinkPolicy (UINT16 settings) +{ + BTM_TRACE_DEBUG0 ("BTM_SetDefaultLinkPolicy"); + btm_cb.btm_def_link_policy = settings; +} + + +/******************************************************************************* +** +** Function BTM_ReadLinkPolicy +** +** Description This function is called to read the link policy settings. +** The address of link policy results are returned in the callback. +** (tBTM_LNK_POLICY_RESULTS) +** +** Returns status of the operation +** +*******************************************************************************/ +tBTM_STATUS BTM_ReadLinkPolicy (BD_ADDR remote_bda, tBTM_CMPL_CB *p_cb) +{ + tACL_CONN *p; + + BTM_TRACE_API6 ("BTM_ReadLinkPolicy: RemBdAddr: %02x%02x%02x%02x%02x%02x", + remote_bda[0], remote_bda[1], remote_bda[2], + remote_bda[3], remote_bda[4], remote_bda[5]); + + /* If someone already waiting on the version, do not allow another */ + if (btm_cb.devcb.p_rlinkp_cmpl_cb) + return(BTM_BUSY); + + p = btm_bda_to_acl(remote_bda); + if (p != (tACL_CONN *)NULL) + { + btu_start_timer (&btm_cb.devcb.rlinkp_timer, BTU_TTYPE_BTM_ACL, BTM_DEV_REPLY_TIMEOUT); + btm_cb.devcb.p_rlinkp_cmpl_cb = p_cb; + + if (!btsnd_hcic_read_policy_set (p->hci_handle)) + { + btu_stop_timer (&btm_cb.devcb.rlinkp_timer); + btm_cb.devcb.p_rlinkp_cmpl_cb = NULL; + return(BTM_NO_RESOURCES); + } + + return(BTM_CMD_STARTED); + } + + /* If here, no BD Addr found */ + return(BTM_UNKNOWN_ADDR); +} + + +/******************************************************************************* +** +** Function btm_read_link_policy_complete +** +** Description This function is called when the command complete message +** is received from the HCI for the read local link policy request. +** +** Returns void +** +*******************************************************************************/ +void btm_read_link_policy_complete (UINT8 *p) +{ + tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_rlinkp_cmpl_cb; + tBTM_LNK_POLICY_RESULTS lnkpol; + UINT16 handle; + tACL_CONN *p_acl_cb = &btm_cb.acl_db[0]; + UINT16 index; + BTM_TRACE_DEBUG0 ("btm_read_link_policy_complete"); + btu_stop_timer (&btm_cb.devcb.rlinkp_timer); + + /* If there was a callback address for read local version, call it */ + btm_cb.devcb.p_rlinkp_cmpl_cb = NULL; + + if (p_cb) + { + STREAM_TO_UINT8 (lnkpol.hci_status, p); + + if (lnkpol.hci_status == HCI_SUCCESS) + { + lnkpol.status = BTM_SUCCESS; + + STREAM_TO_UINT16 (handle, p); + + STREAM_TO_UINT16 (lnkpol.settings, p); + + /* Search through the list of active channels for the correct BD Addr */ + for (index = 0; index < MAX_L2CAP_LINKS; index++, p_acl_cb++) + { + if ((p_acl_cb->in_use) && (handle == p_acl_cb->hci_handle)) + { + memcpy (lnkpol.rem_bda, p_acl_cb->remote_addr, BD_ADDR_LEN); + break; + } + } + } + else + lnkpol.status = BTM_ERR_PROCESSING; + + (*p_cb)(&lnkpol); + } +} + + +/******************************************************************************* +** +** Function btm_read_remote_version_complete +** +** Description This function is called when the command complete message +** is received from the HCI for the remote version info. +** +** Returns void +** +*******************************************************************************/ +void btm_read_remote_version_complete (UINT8 *p) +{ + tACL_CONN *p_acl_cb = &btm_cb.acl_db[0]; + UINT8 status; + UINT16 handle; + int xx; + BTM_TRACE_DEBUG0 ("btm_read_remote_version_complete"); + STREAM_TO_UINT8 (status, p); + if (status == HCI_SUCCESS) + { + STREAM_TO_UINT16 (handle, p); + + /* Look up the connection by handle and copy features */ + for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_acl_cb++) + { + if ((p_acl_cb->in_use) && (p_acl_cb->hci_handle == handle)) + { + STREAM_TO_UINT8 (p_acl_cb->lmp_version, p); + STREAM_TO_UINT16 (p_acl_cb->manufacturer, p); + STREAM_TO_UINT16 (p_acl_cb->lmp_subversion, p); + break; + } + } + } +} + + +/******************************************************************************* +** +** Function btm_read_remote_features_complete +** +** Description This function is called when the remote extended features +** complete event is received from the HCI. +** +** Returns void +** +*******************************************************************************/ +void btm_read_remote_features_complete (UINT8 *p) +{ + tACL_CONN *p_acl_cb = &btm_cb.acl_db[0]; + UINT8 status; + UINT16 handle; + int xx, yy; + UINT8 req_pend; + tBTM_SEC_DEV_REC *p_dev_rec; + BTM_TRACE_DEBUG0 ("btm_read_remote_features_complete"); + STREAM_TO_UINT8 (status, p); + if (status == HCI_SUCCESS) + { + STREAM_TO_UINT16 (handle, p); + + /* Look up the connection by handle and copy features */ + for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_acl_cb++) + { + if ((p_acl_cb->in_use) && (p_acl_cb->hci_handle == handle)) + { + for (yy = 0; yy < BD_FEATURES_LEN; yy++) + STREAM_TO_UINT8 (p_acl_cb->features[yy], p); + + p_dev_rec = btm_find_dev_by_handle (handle); + if (!p_dev_rec) + { + /* Get a new device; might be doing dedicated bonding */ + p_dev_rec = btm_find_or_alloc_dev (p_acl_cb->remote_addr); + } + + memcpy (p_dev_rec->features, p_acl_cb->features, BD_FEATURES_LEN); + + if (BTM_SEC_MODE_SP == btm_cb.security_mode && + HCI_SIMPLE_PAIRING_SUPPORTED(p_acl_cb->features)) + { + /* if SM4 supported, check peer support for SM4 + * The remote controller supports SSP + * read the extended feature page 1 for the host support for SSP */ + if (btsnd_hcic_rmt_ext_features (handle, 1)) + break; + } + else + { + req_pend = (p_dev_rec->sm4 & BTM_SM4_REQ_PEND); + p_dev_rec->sm4 = BTM_SM4_KNOWN; + if (req_pend) + { + l2cu_resubmit_pending_sec_req (p_dev_rec->bd_addr); + } + } + + btm_establish_continue (p_acl_cb); + break; + } + } + } +} + +/******************************************************************************* +** +** Function btm_read_remote_ext_features_complete +** +** Description This function is called when the remote extended features +** complete event is received from the HCI. +** +** Returns void +** +*******************************************************************************/ +void btm_read_remote_ext_features_complete (UINT8 *p) +{ + tACL_CONN *p_acl_cb = &btm_cb.acl_db[0]; + tBTM_SEC_DEV_REC *p_dev_rec; + UINT8 status, page_num, max_page; + UINT16 handle; + int xx; + BD_FEATURES ext_features; /* extended Features suported by the device */ + UINT8 req_pend; + BTM_TRACE_DEBUG0 ("btm_read_remote_ext_features_complete"); + STREAM_TO_UINT8 (status, p); + if (status == HCI_SUCCESS) + { + STREAM_TO_UINT16 (handle, p); + + /* Look up the connection by handle and copy features */ + for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_acl_cb++) + { + if ((p_acl_cb->in_use) && (p_acl_cb->hci_handle == handle)) + { + STREAM_TO_UINT8 (page_num, p); + STREAM_TO_UINT8 (max_page, p); + p_dev_rec = btm_find_dev_by_handle (handle); + if (!p_dev_rec) + p_dev_rec = btm_find_or_alloc_dev (p_acl_cb->remote_addr); + + req_pend = (p_dev_rec->sm4 & BTM_SM4_REQ_PEND); + + if (page_num == 1 && max_page >= 1) + { + /* only the byte 0 of page 1 is used right now */ + STREAM_TO_UINT8 (ext_features[0], p); + + if (HCI_SSP_HOST_SUPPORTED(ext_features)) + { + p_dev_rec->sm4 = BTM_SM4_TRUE; + } + } + + BTM_TRACE_API5 ("ext_features_complt page_num:%d max_page:%d f[0]:x%02x, sm4:%x, pend:%d", + page_num, max_page, *p, p_dev_rec->sm4, req_pend); + + if (!BTM_SEC_IS_SM4(p_dev_rec->sm4)) + { + p_dev_rec->sm4 = BTM_SM4_KNOWN; + } + + if (req_pend) + l2cu_resubmit_pending_sec_req (p_dev_rec->bd_addr); + + btm_establish_continue (p_acl_cb); + + break; + } + } + } +} + +/******************************************************************************* +** +** Function btm_read_remote_ext_features_failed +** +** Description This function is called when the remote extended features +** complete event returns a failed status. +** +** Returns void +** +*******************************************************************************/ +void btm_read_remote_ext_features_failed (UINT8 status) +{ + BTM_TRACE_ERROR1 ("btm_read_remote_ext_features_failed (status 0x%02x)", status); +} + +/******************************************************************************* +** +** Function btm_establish_continue +** +** Description This function is called when the command complete message +** is received from the HCI for the read local link policy request. +** +** Returns void +** +*******************************************************************************/ +static void btm_establish_continue (tACL_CONN *p_acl_cb) +{ +#if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE) + tBTM_BL_EVENT_DATA evt_data; +#endif + BTM_TRACE_DEBUG0 ("btm_establish_continue"); +#if (!defined(BTM_BYPASS_EXTRA_ACL_SETUP) || BTM_BYPASS_EXTRA_ACL_SETUP == FALSE) +#if (defined BLE_INCLUDED && BLE_INCLUDED == TRUE) + if (!p_acl_cb->is_le_link) +#endif + { + /* For now there are a some devices that do not like sending */ + /* commands events and data at the same time. */ + /* Set the packet types to the default allowed by the device */ + btm_set_packet_types (p_acl_cb, btm_cb.btm_acl_pkt_types_supported); + + if (btm_cb.btm_def_link_policy) + BTM_SetLinkPolicy (p_acl_cb->remote_addr, &btm_cb.btm_def_link_policy); + + BTM_SetLinkSuperTout (p_acl_cb->remote_addr, btm_cb.btm_def_link_super_tout); + } +#endif + p_acl_cb->link_up_issued = TRUE; + + /* If anyone cares, tell him database changed */ +#if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE) + if (btm_cb.p_bl_changed_cb) + { + evt_data.event = BTM_BL_CONN_EVT; + evt_data.conn.p_bda = p_acl_cb->remote_addr; + evt_data.conn.p_bdn = p_acl_cb->remote_name; + evt_data.conn.p_dc = p_acl_cb->remote_dc; + evt_data.conn.p_features = p_acl_cb->features; + + + (*btm_cb.p_bl_changed_cb)(&evt_data); + } + btm_acl_update_busy_level (BTM_BLI_ACL_UP_EVT); +#else + if (btm_cb.p_acl_changed_cb) + (*btm_cb.p_acl_changed_cb) (p_acl_cb->remote_addr, + p_acl_cb->remote_dc, + p_acl_cb->remote_name, + p_acl_cb->features, + TRUE); +#endif +} + + +/******************************************************************************* +** +** Function BTM_SetDefaultLinkSuperTout +** +** Description Set the default value for HCI "Write Link Supervision Timeout" +** command to use when an ACL link is created. +** +** Returns void +** +*******************************************************************************/ +void BTM_SetDefaultLinkSuperTout (UINT16 timeout) +{ + BTM_TRACE_DEBUG0 ("BTM_SetDefaultLinkSuperTout"); + btm_cb.btm_def_link_super_tout = timeout; +} + +/******************************************************************************* +** +** Function BTM_SetLinkSuperTout +** +** Description Create and send HCI "Write Link Supervision Timeout" command +** +** Returns status of the operation +** +*******************************************************************************/ +tBTM_STATUS BTM_SetLinkSuperTout (BD_ADDR remote_bda, UINT16 timeout) +{ + tACL_CONN *p = btm_bda_to_acl(remote_bda); + + BTM_TRACE_DEBUG0 ("BTM_SetLinkSuperTout"); + if (p != (tACL_CONN *)NULL) + { + p->link_super_tout = timeout; + + /* Only send if current role is Master; 2.0 spec requires this */ + if (p->link_role == BTM_ROLE_MASTER) + { + if (!btsnd_hcic_write_link_super_tout (LOCAL_BR_EDR_CONTROLLER_ID, + p->hci_handle, timeout)) + return(BTM_NO_RESOURCES); + + return(BTM_CMD_STARTED); + } + else + return(BTM_SUCCESS); + } + + /* If here, no BD Addr found */ + return(BTM_UNKNOWN_ADDR); +} + +/******************************************************************************* +** +** Function BTM_RegForLstoEvt +** +** Description register for the HCI "Link Supervision Timeout Change" event +** +** Returns void +** +*******************************************************************************/ +void BTM_RegForLstoEvt (tBTM_LSTO_CBACK *p_cback) +{ + BTM_TRACE_DEBUG0 ("BTM_RegForLstoEvt"); + btm_cb.p_lsto_cback = p_cback; +} + +/******************************************************************************* +** +** Function btm_proc_lsto_evt +** +** Description process the HCI "Link Supervision Timeout Change" event +** +** Returns void +** +*******************************************************************************/ +void btm_proc_lsto_evt(UINT16 handle, UINT16 timeout) +{ + UINT8 xx; + + BTM_TRACE_DEBUG0 ("btm_proc_lsto_evt"); + if (btm_cb.p_lsto_cback) + { + /* Look up the connection by handle and set the current mode */ + xx = btm_handle_to_acl_index(handle); + + /* don't assume that we can never get a bad hci_handle */ + if (xx < MAX_L2CAP_LINKS) + { + (*btm_cb.p_lsto_cback)(btm_cb.acl_db[xx].remote_addr, timeout); + } + } +} + +#if BTM_PWR_MGR_INCLUDED == FALSE +/******************************************************************************* +** +** Function BTM_SetHoldMode +** +** Description This function is called to set a connection into hold mode. +** A check is made if the connection is in sniff or park mode, +** and if yes, the hold mode is ignored. +** +** Returns status of the operation +** +*******************************************************************************/ +tBTM_STATUS BTM_SetHoldMode (BD_ADDR remote_bda, UINT16 min_interval, UINT16 max_interval) +{ + tACL_CONN *p; + + BTM_TRACE_DEBUG0 ("BTM_SetHoldMode"); + /* First, check if hold mode is supported */ + if (!HCI_HOLD_MODE_SUPPORTED(BTM_ReadLocalFeatures())) + return(BTM_MODE_UNSUPPORTED); + + p = btm_bda_to_acl(remote_bda); + if (p != (tACL_CONN *)NULL) + { + /* If the connection is in park or sniff mode, forget about holding it */ + if (p->mode != BTM_ACL_MODE_NORMAL) + return(BTM_SUCCESS); + + if (!btsnd_hcic_hold_mode (p->hci_handle, max_interval, min_interval)) + return(BTM_NO_RESOURCES); + + return(BTM_CMD_STARTED); + } + + /* If here, no BD Addr found */ + return(BTM_UNKNOWN_ADDR); +} + + +/******************************************************************************* +** +** Function BTM_SetSniffMode +** +** Description This function is called to set a connection into sniff mode. +** A check is made if the connection is already in sniff or park +** mode, and if yes, the sniff mode is ignored. +** +** Returns status of the operation +** +*******************************************************************************/ +tBTM_STATUS BTM_SetSniffMode (BD_ADDR remote_bda, UINT16 min_period, UINT16 max_period, + UINT16 attempt, UINT16 timeout) +{ + tACL_CONN *p; + BTM_TRACE_DEBUG0 ("BTM_SetSniffMode"); + /* First, check if sniff mode is supported */ + if (!HCI_SNIFF_MODE_SUPPORTED(BTM_ReadLocalFeatures())) + return(BTM_MODE_UNSUPPORTED); + + p = btm_bda_to_acl(remote_bda); + if (p != (tACL_CONN *)NULL) + { + /* If the connection is in park mode, forget about sniffing it */ + if (p->mode != BTM_ACL_MODE_NORMAL) + return(BTM_WRONG_MODE); + + if (!btsnd_hcic_sniff_mode (p->hci_handle, max_period, + min_period, attempt, timeout)) + return(BTM_NO_RESOURCES); + + return(BTM_CMD_STARTED); + } + + /* If here, no BD Addr found */ + return(BTM_UNKNOWN_ADDR); +} + + + + +/******************************************************************************* +** +** Function BTM_CancelSniffMode +** +** Description This function is called to put a connection out of sniff mode. +** A check is made if the connection is already in sniff mode, +** and if not, the cancel sniff mode is ignored. +** +** Returns status of the operation +** +*******************************************************************************/ +tBTM_STATUS BTM_CancelSniffMode (BD_ADDR remote_bda) +{ + tACL_CONN *p = btm_bda_to_acl(remote_bda); + BTM_TRACE_DEBUG0 ("BTM_CancelSniffMode "); + if (p == (tACL_CONN *)NULL) + return(BTM_UNKNOWN_ADDR); + + /* If the connection is not in sniff mode, cannot cancel */ + if (p->mode != BTM_ACL_MODE_SNIFF) + return(BTM_WRONG_MODE); + + if (!btsnd_hcic_exit_sniff_mode (p->hci_handle)) + return(BTM_NO_RESOURCES); + + return(BTM_CMD_STARTED); +} + + +/******************************************************************************* +** +** Function BTM_SetParkMode +** +** Description This function is called to set a connection into park mode. +** A check is made if the connection is already in sniff or park +** mode, and if yes, the park mode is ignored. +** +** Returns status of the operation +** +*******************************************************************************/ +tBTM_STATUS BTM_SetParkMode (BD_ADDR remote_bda, UINT16 beacon_min_period, UINT16 beacon_max_period) +{ + tACL_CONN *p; + + BTM_TRACE_DEBUG0 ("BTM_SetParkMode"); + /* First, check if park mode is supported */ + if (!HCI_PARK_MODE_SUPPORTED(BTM_ReadLocalFeatures())) + return(BTM_MODE_UNSUPPORTED); + + p = btm_bda_to_acl(remote_bda); + if (p != (tACL_CONN *)NULL) + { + /* If the connection is in sniff mode, forget about parking it */ + if (p->mode != BTM_ACL_MODE_NORMAL) + return(BTM_WRONG_MODE); + + /* no park mode if SCO exists -- CR#1982, 1.1 errata 1124 + command status event should be returned /w error code 0x0C "Command Disallowed" + Let LM do this. + */ + if (!btsnd_hcic_park_mode (p->hci_handle, + beacon_max_period, beacon_min_period)) + return(BTM_NO_RESOURCES); + + return(BTM_CMD_STARTED); + } + + /* If here, no BD Addr found */ + return(BTM_UNKNOWN_ADDR); +} + +/******************************************************************************* +** +** Function BTM_CancelParkMode +** +** Description This function is called to put a connection out of park mode. +** A check is made if the connection is already in park mode, +** and if not, the cancel sniff mode is ignored. +** +** Returns status of the operation +** +*******************************************************************************/ +tBTM_STATUS BTM_CancelParkMode (BD_ADDR remote_bda) +{ + tACL_CONN *p; + + BTM_TRACE_DEBUG0 ("BTM_CancelParkMode"); + p = btm_bda_to_acl(remote_bda); + if (p != (tACL_CONN *)NULL) + { + /* If the connection is not in park mode, cannot cancel */ + if (p->mode != BTM_ACL_MODE_PARK) + return(BTM_WRONG_MODE); + + if (!btsnd_hcic_exit_park_mode (p->hci_handle)) + return(BTM_NO_RESOURCES); + + return(BTM_CMD_STARTED); + } + + /* If here, no BD Addr found */ + return(BTM_UNKNOWN_ADDR); +} +#endif /* BTM_PWR_MGR_INCLUDED == FALSE */ + + +/******************************************************************************* +** +** Function BTM_SetPacketTypes +** +** Description This function is set the packet types used for a specific +** ACL connection, +** +** Returns status of the operation +** +*******************************************************************************/ +tBTM_STATUS BTM_SetPacketTypes (BD_ADDR remote_bda, UINT16 pkt_types) +{ + tACL_CONN *p; + BTM_TRACE_DEBUG0 ("BTM_SetPacketTypes"); + + if ((p = btm_bda_to_acl(remote_bda)) != NULL) + return(btm_set_packet_types (p, pkt_types)); + + /* If here, no BD Addr found */ + return(BTM_UNKNOWN_ADDR); +} + + +/******************************************************************************* +** +** Function BTM_ReadPacketTypes +** +** Description This function is set the packet types used for a specific +** ACL connection, +** +** Returns packet types supported for the connection, or 0 if no BD address +** +*******************************************************************************/ +UINT16 BTM_ReadPacketTypes (BD_ADDR remote_bda) +{ + tACL_CONN *p; + + BTM_TRACE_DEBUG0 ("BTM_ReadPacketTypes"); + p = btm_bda_to_acl(remote_bda); + if (p != (tACL_CONN *)NULL) + { + return(p->pkt_types_mask); + } + + /* If here, no BD Addr found */ + return(0); +} + + +/******************************************************************************* +** +** Function BTM_ReadAclMode +** +** Description This returns the current mode for a specific +** ACL connection. +** +** Input Param remote_bda - device address of desired ACL connection +** +** Output Param p_mode - address where the current mode is copied into. +** BTM_ACL_MODE_NORMAL +** BTM_ACL_MODE_HOLD +** BTM_ACL_MODE_SNIFF +** BTM_ACL_MODE_PARK +** (valid only if return code is BTM_SUCCESS) +** +** Returns BTM_SUCCESS if successful, +** BTM_UNKNOWN_ADDR if bd addr is not active or bad +** +*******************************************************************************/ +#if BTM_PWR_MGR_INCLUDED == FALSE +tBTM_STATUS BTM_ReadAclMode (BD_ADDR remote_bda, UINT8 *p_mode) +{ + tACL_CONN *p; + + BTM_TRACE_API6 ("BTM_ReadAclMode: RemBdAddr: %02x%02x%02x%02x%02x%02x", + remote_bda[0], remote_bda[1], remote_bda[2], + remote_bda[3], remote_bda[4], remote_bda[5]); + + p = btm_bda_to_acl(remote_bda); + if (p != (tACL_CONN *)NULL) + { + *p_mode = p->mode; + return(BTM_SUCCESS); + } + + /* If here, no BD Addr found */ + return(BTM_UNKNOWN_ADDR); +} +#endif /* BTM_PWR_MGR_INCLUDED == FALSE */ + +/******************************************************************************* +** +** Function BTM_ReadClockOffset +** +** Description This returns the clock offset for a specific +** ACL connection. +** +** Input Param remote_bda - device address of desired ACL connection +** +** Returns clock-offset or 0 if unknown +** +*******************************************************************************/ +UINT16 BTM_ReadClockOffset (BD_ADDR remote_bda) +{ + tACL_CONN *p; + + BTM_TRACE_API6 ("BTM_ReadClockOffset: RemBdAddr: %02x%02x%02x%02x%02x%02x", + remote_bda[0], remote_bda[1], remote_bda[2], + remote_bda[3], remote_bda[4], remote_bda[5]); + + if ( (p = btm_bda_to_acl(remote_bda)) != NULL) + return(p->clock_offset); + + /* If here, no BD Addr found */ + return(0); +} + +/******************************************************************************* +** +** Function BTM_IsAclConnectionUp +** +** Description This function is called to check if an ACL connection exists +** to a specific remote BD Address. +** +** Returns TRUE if connection is up, else FALSE. +** +*******************************************************************************/ +BOOLEAN BTM_IsAclConnectionUp (BD_ADDR remote_bda) +{ + tACL_CONN *p; + + BTM_TRACE_API6 ("BTM_ReadClockOffset: RemBdAddr: %02x%02x%02x%02x%02x%02x", + remote_bda[0], remote_bda[1], remote_bda[2], + remote_bda[3], remote_bda[4], remote_bda[5]); + + p = btm_bda_to_acl(remote_bda); + if (p != (tACL_CONN *)NULL) + { + return(TRUE); + } + + /* If here, no BD Addr found */ + return(FALSE); +} + +/******************************************************************************* +** +** Function BTM_GetNumAclLinks +** +** Description This function is called to count the number of +** ACL links that are active. +** +** Returns UINT16 Number of active ACL links +** +*******************************************************************************/ +UINT16 BTM_GetNumAclLinks (void) +{ +#if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE) + return(UINT16)btm_cb.num_acl; +#else + tACL_CONN *p = &btm_cb.acl_db[0]; + UINT16 xx, yy; + BTM_TRACE_DEBUG0 ("BTM_GetNumAclLinks"); + for (xx = yy = 0; xx < MAX_L2CAP_LINKS; xx++, p++) + { + if (p->in_use) + yy++; + } + + return(yy); +#endif +} + +/******************************************************************************* +** +** Function btm_get_acl_disc_reason_code +** +** Description This function is called to get the disconnection reason code +** returned by the HCI at disconnection complete event. +** +** Returns TRUE if connection is up, else FALSE. +** +*******************************************************************************/ +UINT16 btm_get_acl_disc_reason_code (void) +{ + UINT8 res = btm_cb.acl_disc_reason; + BTM_TRACE_DEBUG0 ("btm_get_acl_disc_reason_code"); + return(res); +} + + +/******************************************************************************* +** +** Function BTM_GetHCIConnHandle +** +** Description This function is called to get the handle for an ACL connection +** to a specific remote BD Address. +** +** Returns the handle of the connection, or 0xFFFF if none. +** +*******************************************************************************/ +UINT16 BTM_GetHCIConnHandle (BD_ADDR remote_bda) +{ + tACL_CONN *p; + BTM_TRACE_DEBUG0 ("BTM_GetHCIConnHandle"); + p = btm_bda_to_acl(remote_bda); + if (p != (tACL_CONN *)NULL) + { + return(p->hci_handle); + } + + /* If here, no BD Addr found */ + return(0xFFFF); +} + +#if BTM_PWR_MGR_INCLUDED == FALSE +/******************************************************************************* +** +** Function btm_process_mode_change +** +** Description This function is called when an HCI mode change event occurs. +** +** Input Parms hci_status - status of the event (HCI_SUCCESS if no errors) +** hci_handle - connection handle associated with the change +** mode - HCI_MODE_ACTIVE, HCI_MODE_HOLD, HCI_MODE_SNIFF, or HCI_MODE_PARK +** interval - number of baseband slots (meaning depends on mode) +** +** Returns void +** +*******************************************************************************/ +void btm_process_mode_change (UINT8 hci_status, UINT16 hci_handle, UINT8 mode, UINT16 interval) +{ + tACL_CONN *p; + UINT8 xx; + BTM_TRACE_DEBUG0 ("btm_process_mode_change"); + if (hci_status != HCI_SUCCESS) + { + BTM_TRACE_WARNING1 ("BTM: HCI Mode Change Error Status: 0x%02x", hci_status); + } + + /* Look up the connection by handle and set the current mode */ + xx = btm_handle_to_acl_index(hci_handle); + + /* don't assume that we can never get a bad hci_handle */ + if (xx >= MAX_L2CAP_LINKS) + return; + + p = &btm_cb.acl_db[xx]; + + /* If status is not success mode does not mean anything */ + if (hci_status == HCI_SUCCESS) + p->mode = mode; + + /* If mode change was because of an active role switch or change link key */ + btm_cont_rswitch_or_chglinkkey(p, btm_find_dev(p->remote_addr), hci_status); +} +#endif /* BTM_PWR_MGR_INCLUDED == FALSE */ + +/******************************************************************************* +** +** Function btm_process_clk_off_comp_evt +** +** Description This function is called when clock offset command completes. +** +** Input Parms hci_handle - connection handle associated with the change +** clock offset +** +** Returns void +** +*******************************************************************************/ +void btm_process_clk_off_comp_evt (UINT16 hci_handle, UINT16 clock_offset) +{ + UINT8 xx; + BTM_TRACE_DEBUG0 ("btm_process_clk_off_comp_evt"); + /* Look up the connection by handle and set the current mode */ + if ((xx = btm_handle_to_acl_index(hci_handle)) < MAX_L2CAP_LINKS) + btm_cb.acl_db[xx].clock_offset = clock_offset; +} + +/******************************************************************************* +** +** Function btm_acl_role_changed +** +** Description This function is called whan a link's master/slave role change +** event or command status event (with error) is received. +** It updates the link control block, and calls +** the registered callback with status and role (if registered). +** +** Returns void +** +*******************************************************************************/ +void btm_acl_role_changed (UINT8 hci_status, BD_ADDR bd_addr, UINT8 new_role) +{ + UINT8 *p_bda = (bd_addr) ? bd_addr : btm_cb.devcb.switch_role_ref_data.remote_bd_addr; + tACL_CONN *p = btm_bda_to_acl(p_bda); + tBTM_ROLE_SWITCH_CMPL *p_data = &btm_cb.devcb.switch_role_ref_data; +#if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE) + tBTM_BL_ROLE_CHG_DATA evt; +#endif +#if BTM_DISC_DURING_RS == TRUE + tBTM_SEC_DEV_REC *p_dev_rec; +#endif + BTM_TRACE_DEBUG0 ("btm_acl_role_changed"); + /* Ignore any stray events */ + if (p == NULL) + { + /* it could be a failure */ + if (hci_status != HCI_SUCCESS) + btm_acl_report_role_change(hci_status, bd_addr); + return; + } + + p_data->hci_status = hci_status; + + if (hci_status == HCI_SUCCESS) + { + p_data->role = new_role; + memcpy(p_data->remote_bd_addr, p_bda, BD_ADDR_LEN); + + /* Update cached value */ + p->link_role = new_role; + + /* Reload LSTO: link supervision timeout is reset in the LM after a role switch */ + if (new_role == BTM_ROLE_MASTER) + { + BTM_SetLinkSuperTout (p->remote_addr, p->link_super_tout); + } + } + else + { + /* so the BTM_BL_ROLE_CHG_EVT uses the old role */ + new_role = p->link_role; + } + + /* Check if any SCO req is pending for role change */ + btm_sco_chk_pend_rolechange (p->hci_handle); + + /* if switching state is switching we need to turn encryption on */ + /* if idle, we did not change encryption */ + if (p->switch_role_state == BTM_ACL_SWKEY_STATE_SWITCHING) + { + /* Make sure there's not also a change link key going on before re-enabling */ + if (p->change_key_state != BTM_ACL_SWKEY_STATE_SWITCHING) + { + if (btsnd_hcic_set_conn_encrypt (p->hci_handle, TRUE)) + { + p->encrypt_state = BTM_ACL_ENCRYPT_STATE_ENCRYPT_ON; + p->switch_role_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_ON; + return; + } + } + else /* Set the state and wait for change link key */ + { + p->switch_role_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_ON; + return; + } + } + + /* Set the switch_role_state to IDLE since the reply received from HCI */ + /* regardless of its result either success or failed. */ + if (p->switch_role_state == BTM_ACL_SWKEY_STATE_IN_PROGRESS) + { + p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE; + p->encrypt_state = BTM_ACL_ENCRYPT_STATE_IDLE; + } + + /* if role switch complete is needed, report it now */ + btm_acl_report_role_change(hci_status, bd_addr); + +#if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE) + /* if role change event is registered, report it now */ + if (btm_cb.p_bl_changed_cb && (btm_cb.bl_evt_mask & BTM_BL_ROLE_CHG_MASK)) + { + evt.event = BTM_BL_ROLE_CHG_EVT; + evt.new_role = new_role; + evt.p_bda = p_bda; + evt.hci_status = hci_status; + (*btm_cb.p_bl_changed_cb)((tBTM_BL_EVENT_DATA *)&evt); + } + + BTM_TRACE_DEBUG3("Role Switch Event: new_role 0x%02x, HCI Status 0x%02x, rs_st:%d", + p_data->role, p_data->hci_status, p->switch_role_state); +#endif + +#if BTM_DISC_DURING_RS == TRUE + /* If a disconnect is pending, issue it now that role switch has completed */ + if ((p_dev_rec = btm_find_dev (p_bda)) != NULL) + { + if (p_dev_rec->rs_disc_pending == BTM_SEC_DISC_PENDING) + { + BTM_TRACE_WARNING0("btm_acl_role_changed -> Issuing delayed HCI_Disconnect!!!"); + btsnd_hcic_disconnect(p_dev_rec->hci_handle, HCI_ERR_PEER_USER); + } + BTM_TRACE_ERROR2("tBTM_SEC_DEV:0x%x rs_disc_pending=%d", (UINT32)p_dev_rec, p_dev_rec->rs_disc_pending); + p_dev_rec->rs_disc_pending = BTM_SEC_RS_NOT_PENDING; /* reset flag */ + } + +#endif + +} + +#if (RFCOMM_INCLUDED==TRUE) +/******************************************************************************* +** +** Function BTM_AllocateSCN +** +** Description Look through the Server Channel Numbers for a free one. +** +** Returns Allocated SCN number or 0 if none. +** +*******************************************************************************/ + +UINT8 BTM_AllocateSCN(void) +{ + UINT8 x; + BTM_TRACE_DEBUG0 ("BTM_AllocateSCN"); + + // stack reserves scn 1 for HFP, HSP we still do the correct way + for (x = 1; x < BTM_MAX_SCN; x++) + { + if (!btm_cb.btm_scn[x]) + { + btm_cb.btm_scn[x] = TRUE; + return(x+1); + } + } + + return(0); /* No free ports */ +} + +/******************************************************************************* +** +** Function BTM_TryAllocateSCN +** +** Description Try to allocate a fixed server channel +** +** Returns Returns TRUE if server channel was available +** +*******************************************************************************/ + +BOOLEAN BTM_TryAllocateSCN(UINT8 scn) +{ + UINT8 x; + + /* Make sure we don't exceed max port range. + * Stack reserves scn 1 for HFP, HSP we still do the correct way. + */ + if ( (scn>=BTM_MAX_SCN) || (scn == 1) ) + return FALSE; + + /* check if this port is available */ + if (!btm_cb.btm_scn[scn-1]) + { + btm_cb.btm_scn[scn-1] = TRUE; + return TRUE; + } + + return (FALSE); /* Port was busy */ +} + +/******************************************************************************* +** +** Function BTM_FreeSCN +** +** Description Free the specified SCN. +** +** Returns TRUE or FALSE +** +*******************************************************************************/ +BOOLEAN BTM_FreeSCN(UINT8 scn) +{ + BTM_TRACE_DEBUG0 ("BTM_FreeSCN "); + if (scn <= BTM_MAX_SCN) + { + btm_cb.btm_scn[scn-1] = FALSE; + return(TRUE); + } + else + return(FALSE); /* Illegal SCN passed in */ +} + +#else + +/* Make dummy functions for the RPC to link against */ +UINT8 BTM_AllocateSCN(void) +{ + return(0); +} + +BOOLEAN BTM_FreeSCN(UINT8 scn) +{ + return(FALSE); +} + +#endif + + +/******************************************************************************* +** +** Function btm_acl_timeout +** +** Description This function is called when a timer list entry expires. +** +** Returns void +** +*******************************************************************************/ +void btm_acl_timeout (TIMER_LIST_ENT *p_tle) +{ + UINT32 timer_type = p_tle->param; + + BTM_TRACE_DEBUG0 ("btm_acl_timeout"); + if (timer_type == TT_DEV_RLNKP) + { + tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_rlinkp_cmpl_cb; + tBTM_LNK_POLICY_RESULTS lnkpol; + + lnkpol.status = BTM_ERR_PROCESSING; + lnkpol.settings = 0; + + btm_cb.devcb.p_rlinkp_cmpl_cb = NULL; + + if (p_cb) + (*p_cb)(&lnkpol); + } +} + +/******************************************************************************* +** +** Function btm_set_packet_types +** +** Description This function sets the packet types used for a specific +** ACL connection. It is called internally by btm_acl_created +** or by an application/profile by BTM_SetPacketTypes. +** +** Returns status of the operation +** +*******************************************************************************/ +tBTM_STATUS btm_set_packet_types (tACL_CONN *p, UINT16 pkt_types) +{ + UINT16 temp_pkt_types; + BTM_TRACE_DEBUG0 ("btm_set_packet_types"); + /* Save in the ACL control blocks, types that we support */ + temp_pkt_types = (pkt_types & BTM_ACL_SUPPORTED_PKTS_MASK & + btm_cb.btm_acl_pkt_types_supported); + + /* OR in any exception packet types if at least 2.0 version of spec */ + if (btm_cb.devcb.local_version.hci_version >= HCI_PROTO_VERSION_2_0) + { + temp_pkt_types |= ((pkt_types & BTM_ACL_EXCEPTION_PKTS_MASK) | + (btm_cb.btm_acl_pkt_types_supported & BTM_ACL_EXCEPTION_PKTS_MASK)); + } + else + { + temp_pkt_types &= (~BTM_ACL_EXCEPTION_PKTS_MASK); + } + + /* Exclude packet types not supported by the peer */ + btm_acl_chk_peer_pkt_type_support (p, &temp_pkt_types); + + BTM_TRACE_DEBUG1 ("SetPacketType Mask -> 0x%04x", temp_pkt_types); + + if (!btsnd_hcic_change_conn_type (p->hci_handle, temp_pkt_types)) + { + return(BTM_NO_RESOURCES); + } + + p->pkt_types_mask = temp_pkt_types; + + return(BTM_CMD_STARTED); +} + +/******************************************************************************* +** +** Function btm_get_max_packet_size +** +** Returns Returns maximum packet size that can be used for current +** connection, 0 if connection is not established +** +*******************************************************************************/ +UINT16 btm_get_max_packet_size (BD_ADDR addr) +{ + tACL_CONN *p = btm_bda_to_acl(addr); + UINT16 pkt_types = 0; + UINT16 pkt_size = 0; + BTM_TRACE_DEBUG0 ("btm_get_max_packet_size"); + if (p != NULL) + { + pkt_types = p->pkt_types_mask; + } + else + { + /* Special case for when info for the local device is requested */ + if (memcmp (btm_cb.devcb.local_addr, addr, BD_ADDR_LEN) == 0) + { + pkt_types = btm_cb.btm_acl_pkt_types_supported; + } + } + + if (pkt_types) + { + if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_3_DH5)) + pkt_size = HCI_EDR3_DH5_PACKET_SIZE; + else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_2_DH5)) + pkt_size = HCI_EDR2_DH5_PACKET_SIZE; + else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_3_DH3)) + pkt_size = HCI_EDR3_DH3_PACKET_SIZE; + else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DH5) + pkt_size = HCI_DH5_PACKET_SIZE; + else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_2_DH3)) + pkt_size = HCI_EDR2_DH3_PACKET_SIZE; + else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DM5) + pkt_size = HCI_DM5_PACKET_SIZE; + else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DH3) + pkt_size = HCI_DH3_PACKET_SIZE; + else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DM3) + pkt_size = HCI_DM3_PACKET_SIZE; + else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_3_DH1)) + pkt_size = HCI_EDR3_DH1_PACKET_SIZE; + else if (!(pkt_types & BTM_ACL_PKT_TYPES_MASK_NO_2_DH1)) + pkt_size = HCI_EDR2_DH1_PACKET_SIZE; + else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DH1) + pkt_size = HCI_DH1_PACKET_SIZE; + else if (pkt_types & BTM_ACL_PKT_TYPES_MASK_DM1) + pkt_size = HCI_DM1_PACKET_SIZE; + } + +#ifdef BRCM_VS + /* Using HCI size 1017 instead of 1021 */ + if ((pkt_size == HCI_EDR3_DH5_PACKET_SIZE) + && (btu_cb.hcit_acl_data_size == 1017)) + pkt_size = 1017; +#endif + + return(pkt_size); +} + +/******************************************************************************* +** +** Function BTM_ReadRemoteVersion +** +** Returns If connected report peer device info +** +*******************************************************************************/ +tBTM_STATUS BTM_ReadRemoteVersion (BD_ADDR addr, UINT8 *lmp_version, + UINT16 *manufacturer, UINT16 *lmp_sub_version) +{ + tACL_CONN *p = btm_bda_to_acl(addr); + BTM_TRACE_DEBUG0 ("BTM_ReadRemoteVersion"); + if (p == NULL) + return(BTM_UNKNOWN_ADDR); + + if (lmp_version) + *lmp_version = p->lmp_version; + + if (manufacturer) + *manufacturer = p->manufacturer; + + if (lmp_sub_version) + *lmp_sub_version = p->lmp_subversion; + + return(BTM_SUCCESS); +} + +/******************************************************************************* +** +** Function BTM_ReadRemoteFeatures +** +** Returns pointer to the features string +** +*******************************************************************************/ +UINT8 *BTM_ReadRemoteFeatures (BD_ADDR addr) +{ + tACL_CONN *p = btm_bda_to_acl(addr); + BTM_TRACE_DEBUG0 ("BTM_ReadRemoteFeatures"); + if (p == NULL) + { + return(NULL); + } + + return(p->features); +} + +/******************************************************************************* +** +** Function BTM_RegBusyLevelNotif +** +** Description This function is called to register a callback to receive +** busy level change events. +** +** Returns BTM_SUCCESS if successfully registered, otherwise error +** +*******************************************************************************/ +#if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE) +tBTM_STATUS BTM_RegBusyLevelNotif (tBTM_BL_CHANGE_CB *p_cb, UINT8 *p_level, + tBTM_BL_EVENT_MASK evt_mask) +{ + BTM_TRACE_DEBUG0 ("BTM_RegBusyLevelNotif"); + if (p_level) + *p_level = btm_cb.busy_level; + + btm_cb.bl_evt_mask = evt_mask; + + if (!p_cb) + btm_cb.p_bl_changed_cb = NULL; + else if (btm_cb.p_bl_changed_cb) + return(BTM_BUSY); + else + btm_cb.p_bl_changed_cb = p_cb; + + return(BTM_SUCCESS); +} +#else +/******************************************************************************* +** +** Function BTM_AclRegisterForChanges +** +** Returns This function is called to register a callback for when the +** ACL database changes, i.e. new entry or entry deleted. +** +*******************************************************************************/ +tBTM_STATUS BTM_AclRegisterForChanges (tBTM_ACL_DB_CHANGE_CB *p_cb) +{ + BTM_TRACE_DEBUG0 ("BTM_AclRegisterForChanges"); + if (!p_cb) + btm_cb.p_acl_changed_cb = NULL; + else if (btm_cb.p_acl_changed_cb) + return(BTM_BUSY); + else + btm_cb.p_acl_changed_cb = p_cb; + + return(BTM_SUCCESS); +} +#endif + +/******************************************************************************* +** +** Function BTM_SetQoS +** +** Description This function is called to setup QoS +** +** Returns status of the operation +** +*******************************************************************************/ +tBTM_STATUS BTM_SetQoS (BD_ADDR bd, FLOW_SPEC *p_flow, tBTM_CMPL_CB *p_cb) +{ + tACL_CONN *p = &btm_cb.acl_db[0]; + + BTM_TRACE_API6 ("BTM_SetQoS: BdAddr: %02x%02x%02x%02x%02x%02x", + bd[0], bd[1], bd[2], + bd[3], bd[4], bd[5]); + + /* If someone already waiting on the version, do not allow another */ + if (btm_cb.devcb.p_qossu_cmpl_cb) + return(BTM_BUSY); + + if ( (p = btm_bda_to_acl(bd)) != NULL) + { + btu_start_timer (&btm_cb.devcb.qossu_timer, BTU_TTYPE_BTM_ACL, BTM_DEV_REPLY_TIMEOUT); + btm_cb.devcb.p_qossu_cmpl_cb = p_cb; + + if (!btsnd_hcic_qos_setup (p->hci_handle, p_flow->qos_flags, p_flow->service_type, + p_flow->token_rate, p_flow->peak_bandwidth, p_flow->latency,p_flow->delay_variation)) + { + btm_cb.devcb.p_qossu_cmpl_cb = NULL; + btu_stop_timer(&btm_cb.devcb.qossu_timer); + return(BTM_NO_RESOURCES); + } + else + return(BTM_CMD_STARTED); + } + + /* If here, no BD Addr found */ + return(BTM_UNKNOWN_ADDR); +} + +/******************************************************************************* +** +** Function btm_qos_setup_complete +** +** Description This function is called when the command complete message +** is received from the HCI for the qos setup request. +** +** Returns void +** +*******************************************************************************/ +void btm_qos_setup_complete (UINT8 status, UINT16 handle, FLOW_SPEC *p_flow) +{ + tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_qossu_cmpl_cb; + tBTM_QOS_SETUP_CMPL qossu; + BTM_TRACE_DEBUG0 ("btm_qos_setup_complete"); + btu_stop_timer (&btm_cb.devcb.qossu_timer); + + btm_cb.devcb.p_qossu_cmpl_cb = NULL; + + if (p_cb) + { + memset(&qossu, 0, sizeof(tBTM_QOS_SETUP_CMPL)); + qossu.status = status; + qossu.handle = handle; + if (p_flow != NULL) + { + qossu.flow.qos_flags = p_flow->qos_flags; + qossu.flow.service_type = p_flow->service_type; + qossu.flow.token_rate = p_flow->token_rate; + qossu.flow.peak_bandwidth = p_flow->peak_bandwidth; + qossu.flow.latency = p_flow->latency; + qossu.flow.delay_variation = p_flow->delay_variation; + } + BTM_TRACE_DEBUG1 ("BTM: p_flow->delay_variation: 0x%02x", + qossu.flow.delay_variation); + (*p_cb)(&qossu); + } +} + + +/******************************************************************************* +** +** Function BTM_ReadRSSI +** +** Description This function is called to read the link policy settings. +** The address of link policy results are returned in the callback. +** (tBTM_RSSI_RESULTS) +** +** Returns BTM_CMD_STARTED if successfully initiated or error code +** +*******************************************************************************/ +tBTM_STATUS BTM_ReadRSSI (BD_ADDR remote_bda, tBTM_CMPL_CB *p_cb) +{ + tACL_CONN *p; + + BTM_TRACE_API6 ("BTM_ReadRSSI: RemBdAddr: %02x%02x%02x%02x%02x%02x", + remote_bda[0], remote_bda[1], remote_bda[2], + remote_bda[3], remote_bda[4], remote_bda[5]); + + /* If someone already waiting on the version, do not allow another */ + if (btm_cb.devcb.p_rssi_cmpl_cb) + return(BTM_BUSY); + + p = btm_bda_to_acl(remote_bda); + if (p != (tACL_CONN *)NULL) + { + btu_start_timer (&btm_cb.devcb.rssi_timer, BTU_TTYPE_BTM_ACL, + BTM_DEV_REPLY_TIMEOUT); + + btm_cb.devcb.p_rssi_cmpl_cb = p_cb; + + if (!btsnd_hcic_read_rssi (p->hci_handle)) + { + btm_cb.devcb.p_rssi_cmpl_cb = NULL; + btu_stop_timer (&btm_cb.devcb.rssi_timer); + return(BTM_NO_RESOURCES); + } + else + return(BTM_CMD_STARTED); + } + + /* If here, no BD Addr found */ + return(BTM_UNKNOWN_ADDR); +} + +/******************************************************************************* +** +** Function BTM_ReadLinkQuality +** +** Description This function is called to read the link qulaity. +** The value of the link quality is returned in the callback. +** (tBTM_LINK_QUALITY_RESULTS) +** +** Returns BTM_CMD_STARTED if successfully initiated or error code +** +*******************************************************************************/ +tBTM_STATUS BTM_ReadLinkQuality (BD_ADDR remote_bda, tBTM_CMPL_CB *p_cb) +{ + tACL_CONN *p; + + BTM_TRACE_API6 ("BTM_ReadLinkQuality: RemBdAddr: %02x%02x%02x%02x%02x%02x", + remote_bda[0], remote_bda[1], remote_bda[2], + remote_bda[3], remote_bda[4], remote_bda[5]); + + /* If someone already waiting on the version, do not allow another */ + if (btm_cb.devcb.p_lnk_qual_cmpl_cb) + return(BTM_BUSY); + + p = btm_bda_to_acl(remote_bda); + if (p != (tACL_CONN *)NULL) + { + btu_start_timer (&btm_cb.devcb.lnk_quality_timer, BTU_TTYPE_BTM_ACL, + BTM_DEV_REPLY_TIMEOUT); + btm_cb.devcb.p_lnk_qual_cmpl_cb = p_cb; + + if (!btsnd_hcic_get_link_quality (p->hci_handle)) + { + btu_stop_timer (&btm_cb.devcb.lnk_quality_timer); + btm_cb.devcb.p_lnk_qual_cmpl_cb = NULL; + return(BTM_NO_RESOURCES); + } + else + return(BTM_CMD_STARTED); + } + + /* If here, no BD Addr found */ + return(BTM_UNKNOWN_ADDR); +} + +/******************************************************************************* +** +** Function BTM_ReadTxPower +** +** Description This function is called to read the current +** TX power of the connection. The tx power level results +** are returned in the callback. +** (tBTM_RSSI_RESULTS) +** +** Returns BTM_CMD_STARTED if successfully initiated or error code +** +*******************************************************************************/ +tBTM_STATUS BTM_ReadTxPower (BD_ADDR remote_bda, tBTM_CMPL_CB *p_cb) +{ + tACL_CONN *p; + BOOLEAN ret; +#define BTM_READ_RSSI_TYPE_CUR 0x00 +#define BTM_READ_RSSI_TYPE_MAX 0X01 + + BTM_TRACE_API6 ("BTM_ReadTxPower: RemBdAddr: %02x%02x%02x%02x%02x%02x", + remote_bda[0], remote_bda[1], remote_bda[2], + remote_bda[3], remote_bda[4], remote_bda[5]); + + /* If someone already waiting on the version, do not allow another */ + if (btm_cb.devcb.p_tx_power_cmpl_cb) + return(BTM_BUSY); + + p = btm_bda_to_acl(remote_bda); + if (p != (tACL_CONN *)NULL) + { + btu_start_timer (&btm_cb.devcb.tx_power_timer, BTU_TTYPE_BTM_ACL, + BTM_DEV_REPLY_TIMEOUT); + + btm_cb.devcb.p_tx_power_cmpl_cb = p_cb; + +#if BLE_INCLUDED == TRUE + if (p->is_le_link) + { + memcpy(btm_cb.devcb.read_tx_pwr_addr, remote_bda, BD_ADDR_LEN); + ret = btsnd_hcic_ble_read_adv_chnl_tx_power(); + } + else +#endif + { + ret = btsnd_hcic_read_tx_power (p->hci_handle, BTM_READ_RSSI_TYPE_CUR); + } + if (!ret) + { + btm_cb.devcb.p_tx_power_cmpl_cb = NULL; + btu_stop_timer (&btm_cb.devcb.tx_power_timer); + return(BTM_NO_RESOURCES); + } + else + return(BTM_CMD_STARTED); + } + + /* If here, no BD Addr found */ + return (BTM_UNKNOWN_ADDR); +} +/******************************************************************************* +** +** Function btm_read_tx_power_complete +** +** Description This function is called when the command complete message +** is received from the HCI for the read tx power request. +** +** Returns void +** +*******************************************************************************/ +void btm_read_tx_power_complete (UINT8 *p, BOOLEAN is_ble) +{ + tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_tx_power_cmpl_cb; + tBTM_TX_POWER_RESULTS results; + UINT16 handle; + tACL_CONN *p_acl_cb = &btm_cb.acl_db[0]; + UINT16 index; + BTM_TRACE_DEBUG0 ("btm_read_tx_power_complete"); + btu_stop_timer (&btm_cb.devcb.tx_power_timer); + + /* If there was a callback registered for read rssi, call it */ + btm_cb.devcb.p_tx_power_cmpl_cb = NULL; + + if (p_cb) + { + STREAM_TO_UINT8 (results.hci_status, p); + + if (results.hci_status == HCI_SUCCESS) + { + results.status = BTM_SUCCESS; + + if (!is_ble) + { + STREAM_TO_UINT16 (handle, p); + STREAM_TO_UINT8 (results.tx_power, p); + + /* Search through the list of active channels for the correct BD Addr */ + for (index = 0; index < MAX_L2CAP_LINKS; index++, p_acl_cb++) + { + if ((p_acl_cb->in_use) && (handle == p_acl_cb->hci_handle)) + { + memcpy (results.rem_bda, p_acl_cb->remote_addr, BD_ADDR_LEN); + break; + } + } + } +#if BLE_INCLUDED == TRUE + else + { + STREAM_TO_UINT8 (results.tx_power, p); + memcpy(results.rem_bda, btm_cb.devcb.read_tx_pwr_addr, BD_ADDR_LEN); + } +#endif + BTM_TRACE_DEBUG2 ("BTM TX power Complete: tx_power %d, hci status 0x%02x", + results.tx_power, results.hci_status); + } + else + results.status = BTM_ERR_PROCESSING; + + (*p_cb)(&results); + } +} + +/******************************************************************************* +** +** Function btm_read_rssi_complete +** +** Description This function is called when the command complete message +** is received from the HCI for the read rssi request. +** +** Returns void +** +*******************************************************************************/ +void btm_read_rssi_complete (UINT8 *p) +{ + tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_rssi_cmpl_cb; + tBTM_RSSI_RESULTS results; + UINT16 handle; + tACL_CONN *p_acl_cb = &btm_cb.acl_db[0]; + UINT16 index; + BTM_TRACE_DEBUG0 ("btm_read_rssi_complete"); + btu_stop_timer (&btm_cb.devcb.rssi_timer); + + /* If there was a callback registered for read rssi, call it */ + btm_cb.devcb.p_rssi_cmpl_cb = NULL; + + if (p_cb) + { + STREAM_TO_UINT8 (results.hci_status, p); + + if (results.hci_status == HCI_SUCCESS) + { + results.status = BTM_SUCCESS; + + STREAM_TO_UINT16 (handle, p); + + STREAM_TO_UINT8 (results.rssi, p); + BTM_TRACE_DEBUG2 ("BTM RSSI Complete: rssi %d, hci status 0x%02x", + results.rssi, results.hci_status); + + /* Search through the list of active channels for the correct BD Addr */ + for (index = 0; index < MAX_L2CAP_LINKS; index++, p_acl_cb++) + { + if ((p_acl_cb->in_use) && (handle == p_acl_cb->hci_handle)) + { + memcpy (results.rem_bda, p_acl_cb->remote_addr, BD_ADDR_LEN); + break; + } + } + } + else + results.status = BTM_ERR_PROCESSING; + + (*p_cb)(&results); + } +} + +/******************************************************************************* +** +** Function btm_read_link_quality_complete +** +** Description This function is called when the command complete message +** is received from the HCI for the read link quality. +** +** Returns void +** +*******************************************************************************/ +void btm_read_link_quality_complete (UINT8 *p) +{ + tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_lnk_qual_cmpl_cb; + tBTM_LINK_QUALITY_RESULTS results; + UINT16 handle; + tACL_CONN *p_acl_cb = &btm_cb.acl_db[0]; + UINT16 index; + BTM_TRACE_DEBUG0 ("btm_read_link_quality_complete"); + btu_stop_timer (&btm_cb.devcb.rssi_timer); + + /* If there was a callback registered for read rssi, call it */ + btm_cb.devcb.p_lnk_qual_cmpl_cb = NULL; + + if (p_cb) + { + STREAM_TO_UINT8 (results.hci_status, p); + + if (results.hci_status == HCI_SUCCESS) + { + results.status = BTM_SUCCESS; + + STREAM_TO_UINT16 (handle, p); + + STREAM_TO_UINT8 (results.link_quality, p); + BTM_TRACE_DEBUG2 ("BTM Link Quality Complete: Link Quality %d, hci status 0x%02x", + results.link_quality, results.hci_status); + + /* Search through the list of active channels for the correct BD Addr */ + for (index = 0; index < MAX_L2CAP_LINKS; index++, p_acl_cb++) + { + if ((p_acl_cb->in_use) && (handle == p_acl_cb->hci_handle)) + { + memcpy (results.rem_bda, p_acl_cb->remote_addr, BD_ADDR_LEN); + break; + } + } + } + else + results.status = BTM_ERR_PROCESSING; + + (*p_cb)(&results); + } +} + +/******************************************************************************* +** +** Function btm_remove_acl +** +** Description This function is called to disconnect an ACL connection +** +** Returns BTM_SUCCESS if successfully initiated, otherwise BTM_NO_RESOURCES. +** +*******************************************************************************/ +tBTM_STATUS btm_remove_acl (BD_ADDR bd_addr) +{ + UINT16 hci_handle = BTM_GetHCIConnHandle(bd_addr); + tBTM_STATUS status = BTM_SUCCESS; + + BTM_TRACE_DEBUG0 ("btm_remove_acl"); +#if BTM_DISC_DURING_RS == TRUE + tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); + + /* Role Switch is pending, postpone until completed */ + if (p_dev_rec && (p_dev_rec->rs_disc_pending == BTM_SEC_RS_PENDING)) + { + p_dev_rec->rs_disc_pending = BTM_SEC_DISC_PENDING; + } + else /* otherwise can disconnect right away */ +#endif + + if (hci_handle != 0xFFFF) + { + if (!btsnd_hcic_disconnect (hci_handle, HCI_ERR_PEER_USER)) + status = BTM_NO_RESOURCES; + } + else + status = BTM_UNKNOWN_ADDR; + + return status; +} + + +/******************************************************************************* +** +** Function BTM_SetTraceLevel +** +** Description This function sets the trace level for BTM. If called with +** a value of 0xFF, it simply returns the current trace level. +** +** Returns The new or current trace level +** +*******************************************************************************/ +UINT8 BTM_SetTraceLevel (UINT8 new_level) +{ + BTM_TRACE_DEBUG0 ("BTM_SetTraceLevel"); + if (new_level != 0xFF) + btm_cb.trace_level = new_level; + + return(btm_cb.trace_level); +} + +/******************************************************************************* +** +** Function btm_cont_rswitch_or_chglinkkey +** +** Description This function is called to continue processing an active +** role switch or change of link key procedure. It first +** disables encryption if enabled and EPR is not supported +** +** Returns void +** +*******************************************************************************/ +void btm_cont_rswitch_or_chglinkkey (tACL_CONN *p, tBTM_SEC_DEV_REC *p_dev_rec, + UINT8 hci_status) +{ + BOOLEAN sw_ok = TRUE; + BOOLEAN chlk_ok = TRUE; + BTM_TRACE_DEBUG0 ("btm_cont_rswitch_or_chglinkkey "); + /* Check to see if encryption needs to be turned off if pending + change of link key or role switch */ + if (p->switch_role_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE || + p->change_key_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE) + { + /* Must turn off Encryption first if necessary */ + /* Some devices do not support switch or change of link key while encryption is on */ + if (p_dev_rec != NULL && ((p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED) != 0) + && !BTM_EPR_AVAILABLE(p)) + { + if (btsnd_hcic_set_conn_encrypt (p->hci_handle, FALSE)) + { + p->encrypt_state = BTM_ACL_ENCRYPT_STATE_ENCRYPT_OFF; + if (p->switch_role_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE) + p->switch_role_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF; + + if (p->change_key_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE) + p->change_key_state = BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF; + } + else + { + /* Error occurred; set states back to Idle */ + if (p->switch_role_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE) + sw_ok = FALSE; + + if (p->change_key_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE) + chlk_ok = FALSE; + } + } + else /* Encryption not used or EPR supported, continue with switch + and/or change of link key */ + { + if (p->switch_role_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE) + { + p->switch_role_state = BTM_ACL_SWKEY_STATE_IN_PROGRESS; +#if BTM_DISC_DURING_RS == TRUE + if (p_dev_rec) + p_dev_rec->rs_disc_pending = BTM_SEC_RS_PENDING; +#endif + sw_ok = btsnd_hcic_switch_role (p->remote_addr, (UINT8)!p->link_role); + } + + if (p->change_key_state == BTM_ACL_SWKEY_STATE_MODE_CHANGE) + { + p->switch_role_state = BTM_ACL_SWKEY_STATE_IN_PROGRESS; + chlk_ok = btsnd_hcic_change_link_key (p->hci_handle); + } + } + + if (!sw_ok) + { + p->switch_role_state = BTM_ACL_SWKEY_STATE_IDLE; + btm_acl_report_role_change(hci_status, p->remote_addr); + } + + if (!chlk_ok) + { + p->change_key_state = BTM_ACL_SWKEY_STATE_IDLE; + if (btm_cb.devcb.p_chg_link_key_cb) + { + btm_cb.devcb.chg_link_key_ref_data.hci_status = hci_status; + (*btm_cb.devcb.p_chg_link_key_cb)(&btm_cb.devcb.chg_link_key_ref_data); + btm_cb.devcb.p_chg_link_key_cb = NULL; + } + } + } +} + +/******************************************************************************* +** +** Function btm_acl_resubmit_page +** +** Description send pending page request +** +*******************************************************************************/ +void btm_acl_resubmit_page (void) +{ + tBTM_SEC_DEV_REC *p_dev_rec; + BT_HDR *p_buf; + UINT8 *pp; + BD_ADDR bda; + BTM_TRACE_DEBUG0 ("btm_acl_resubmit_page"); + /* If there were other page request schedule can start the next one */ + if ((p_buf = (BT_HDR *)GKI_dequeue (&btm_cb.page_queue)) != NULL) + { + /* skip 3 (2 bytes opcode and 1 byte len) to get to the bd_addr + * for both create_conn and rmt_name */ + pp = (UINT8 *)(p_buf + 1) + p_buf->offset + 3; + + STREAM_TO_BDADDR (bda, pp); + + p_dev_rec = btm_find_or_alloc_dev (bda); + + memcpy (btm_cb.connecting_bda, p_dev_rec->bd_addr, BD_ADDR_LEN); + memcpy (btm_cb.connecting_dc, p_dev_rec->dev_class, DEV_CLASS_LEN); + + btu_hcif_send_cmd (LOCAL_BR_EDR_CONTROLLER_ID, p_buf); + } + else + btm_cb.paging = FALSE; +} + +/******************************************************************************* +** +** Function btm_acl_reset_paging +** +** Description set paging to FALSE and free the page queue - called at hci_reset +** +*******************************************************************************/ +void btm_acl_reset_paging (void) +{ + BT_HDR *p; + BTM_TRACE_DEBUG0 ("btm_acl_reset_paging"); + /* If we sent reset we are definitely not paging any more */ + while ((p = (BT_HDR *)GKI_dequeue(&btm_cb.page_queue)) != NULL) + GKI_freebuf (p); + + btm_cb.paging = FALSE; +} + +/******************************************************************************* +** +** Function btm_acl_set_discing +** +** Description set discing to the given value +** +*******************************************************************************/ +void btm_acl_set_discing (BOOLEAN discing) +{ + BTM_TRACE_DEBUG0 ("btm_acl_set_discing"); + btm_cb.discing = discing; +} + +/******************************************************************************* +** +** Function btm_acl_paging +** +** Description send a paging command or queue it in btm_cb +** +*******************************************************************************/ +void btm_acl_paging (BT_HDR *p, BD_ADDR bda) +{ + tBTM_SEC_DEV_REC *p_dev_rec; + + BTM_TRACE_DEBUG4 ("btm_acl_paging discing:%d, paging:%d BDA: %06x%06x", + btm_cb.discing, btm_cb.paging, + (bda[0]<<16) + (bda[1]<<8) + bda[2], (bda[3]<<16) + (bda[4] << 8) + bda[5]); + if (btm_cb.discing) + { + btm_cb.paging = TRUE; + GKI_enqueue (&btm_cb.page_queue, p); + } + else + { + if (!BTM_ACL_IS_CONNECTED (bda)) + { + BTM_TRACE_DEBUG2 ("connecting_bda: %06x%06x", + (btm_cb.connecting_bda[0]<<16) + (btm_cb.connecting_bda[1]<<8) + btm_cb.connecting_bda[2], + (btm_cb.connecting_bda[3]<<16) + (btm_cb.connecting_bda[4] << 8) + btm_cb.connecting_bda[5]); + if (btm_cb.paging && + memcmp (bda, btm_cb.connecting_bda, BD_ADDR_LEN) != 0) + { + GKI_enqueue (&btm_cb.page_queue, p); + } + else + { + p_dev_rec = btm_find_or_alloc_dev (bda); + memcpy (btm_cb.connecting_bda, p_dev_rec->bd_addr, BD_ADDR_LEN); + memcpy (btm_cb.connecting_dc, p_dev_rec->dev_class, DEV_CLASS_LEN); + + btu_hcif_send_cmd (LOCAL_BR_EDR_CONTROLLER_ID, p); + } + + btm_cb.paging = TRUE; + } + else /* ACL is already up */ + { + btu_hcif_send_cmd (LOCAL_BR_EDR_CONTROLLER_ID, p); + } + } +} + +/******************************************************************************* +** +** Function btm_acl_notif_conn_collision +** +** Description Send connection collision event to upper layer if registered +** +** Returns TRUE if sent out to upper layer, +** FALSE if BTM_BUSY_LEVEL_CHANGE_INCLUDED == FALSE, or no one +** needs the notification. +** +** Note: Function only used if BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE +** +*******************************************************************************/ +BOOLEAN btm_acl_notif_conn_collision (BD_ADDR bda) +{ +#if (BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE) + tBTM_BL_EVENT_DATA evt_data; + + /* Report possible collision to the upper layer. */ + if (btm_cb.p_bl_changed_cb) + { + BTM_TRACE_DEBUG6 ("btm_acl_notif_conn_collision: RemBdAddr: %02x%02x%02x%02x%02x%02x", + bda[0], bda[1], bda[2], bda[3], bda[4], bda[5]); + + evt_data.event = BTM_BL_COLLISION_EVT; + evt_data.conn.p_bda = bda; + (*btm_cb.p_bl_changed_cb)(&evt_data); + return TRUE; + } + else + return FALSE; +#else + return FALSE; +#endif +} + + +/******************************************************************************* +** +** Function btm_acl_chk_peer_pkt_type_support +** +** Description Check if peer supports requested packets +** +*******************************************************************************/ +void btm_acl_chk_peer_pkt_type_support (tACL_CONN *p, UINT16 *p_pkt_type) +{ + /* 3 and 5 slot packets? */ + if (!HCI_3_SLOT_PACKETS_SUPPORTED(p->features)) + *p_pkt_type &= ~(BTM_ACL_PKT_TYPES_MASK_DH3 +BTM_ACL_PKT_TYPES_MASK_DM3); + + if (!HCI_5_SLOT_PACKETS_SUPPORTED(p->features)) + *p_pkt_type &= ~(BTM_ACL_PKT_TYPES_MASK_DH5 + BTM_ACL_PKT_TYPES_MASK_DM5); + + /* If HCI version > 2.0, then also check EDR packet types */ + if (btm_cb.devcb.local_version.hci_version >= HCI_PROTO_VERSION_2_0) + { + /* 2 and 3 MPS support? */ + if (!HCI_EDR_ACL_2MPS_SUPPORTED(p->features)) + /* Not supported. Add 'not_supported' mask for all 2MPS packet types */ + *p_pkt_type |= (BTM_ACL_PKT_TYPES_MASK_NO_2_DH1 + BTM_ACL_PKT_TYPES_MASK_NO_2_DH3 + BTM_ACL_PKT_TYPES_MASK_NO_2_DH5); + + if (!HCI_EDR_ACL_3MPS_SUPPORTED(p->features)) + /* Not supported. Add 'not_supported' mask for all 3MPS packet types */ + *p_pkt_type |= (BTM_ACL_PKT_TYPES_MASK_NO_3_DH1 + BTM_ACL_PKT_TYPES_MASK_NO_3_DH3 + BTM_ACL_PKT_TYPES_MASK_NO_3_DH5); + + /* EDR 3 and 5 slot support? */ + if (HCI_EDR_ACL_2MPS_SUPPORTED(p->features) || HCI_EDR_ACL_3MPS_SUPPORTED(p->features)) + { + if (!HCI_3_SLOT_EDR_ACL_SUPPORTED(p->features)) + /* Not supported. Add 'not_supported' mask for all 3-slot EDR packet types */ + *p_pkt_type |= (BTM_ACL_PKT_TYPES_MASK_NO_2_DH3 + BTM_ACL_PKT_TYPES_MASK_NO_3_DH3); + + if (!HCI_5_SLOT_EDR_ACL_SUPPORTED(p->features)) + /* Not supported. Add 'not_supported' mask for all 5-slot EDR packet types */ + *p_pkt_type |= (BTM_ACL_PKT_TYPES_MASK_NO_2_DH5 + BTM_ACL_PKT_TYPES_MASK_NO_3_DH5); + } + } +} diff --git a/stack/btm/btm_ble.c b/stack/btm/btm_ble.c new file mode 100644 index 0000000..e34b8e2 --- /dev/null +++ b/stack/btm/btm_ble.c @@ -0,0 +1,1888 @@ +/***************************************************************************** +** +** Name: btm_ble.c +** +** Description: This file contains functions for BLE device control utilities, +** and LE security functions. +** +** +** +** Copyright (c) 1999-2011, Broadcom Corp., All Rights Reserved. +** Broadcom Bluetooth Core. Proprietary and confidential. +******************************************************************************/ + +#include <string.h> + +#include "bt_types.h" +#include "hcimsgs.h" +#include "btu.h" +#include "btm_int.h" +#include "btm_ble_api.h" +#include "smp_api.h" + +#if SMP_INCLUDED == TRUE +extern BOOLEAN AES_CMAC ( BT_OCTET16 key, UINT8 *input, UINT16 length, UINT16 tlen, UINT8 *p_signature); +extern void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable); +extern BOOLEAN smp_proc_ltk_request(BD_ADDR bda); +#endif + +static void btm_ble_update_active_bgconn_scan_params(void); + +/*******************************************************************************/ +/* External Function to be called by other modules */ +/*******************************************************************************/ +/******************************************************** +** +** Function BTM_SecAddBleDevice +** +** Description Add/modify device. This function will be normally called +** during host startup to restore all required information +** for a LE device stored in the NVRAM. +** +** Parameters: bd_addr - BD address of the peer +** bd_name - Name of the peer device. NULL if unknown. +** dev_type - Remote device's device type. +** addr_type - LE device address type. +** +** Returns TRUE if added OK, else FALSE +** +*******************************************************************************/ +BOOLEAN BTM_SecAddBleDevice (BD_ADDR bd_addr, BD_NAME bd_name, tBT_DEVICE_TYPE dev_type, + tBLE_ADDR_TYPE addr_type) +{ +#if BLE_INCLUDED == TRUE + tBTM_SEC_DEV_REC *p_dev_rec; + UINT8 i = 0; + tBTM_INQ_INFO *p_info=NULL; + + BTM_TRACE_DEBUG1 ("BTM_SecAddBleDevice dev_type=0x%x", dev_type); + p_dev_rec = btm_find_dev (bd_addr); + + if (!p_dev_rec) + { + BTM_TRACE_DEBUG0("Add a new device"); + + /* There is no device record, allocate one. + * If we can not find an empty spot for this one, let it fail. */ + for (i = 0; i < BTM_SEC_MAX_DEVICE_RECORDS; i++) + { + if (!(btm_cb.sec_dev_rec[i].sec_flags & BTM_SEC_IN_USE)) + { + BTM_TRACE_DEBUG1 ("allocate a new dev rec idx=0x%x ", i ); + p_dev_rec = &btm_cb.sec_dev_rec[i]; + + /* Mark this record as in use and initialize */ + memset (p_dev_rec, 0, sizeof (tBTM_SEC_DEV_REC)); + p_dev_rec->sec_flags = BTM_SEC_IN_USE; + memcpy (p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN); + p_dev_rec->hci_handle = BTM_GetHCIConnHandle (bd_addr); + + /* update conn params, use default value for background connection params */ + p_dev_rec->conn_params.min_conn_int = + p_dev_rec->conn_params.max_conn_int = + p_dev_rec->conn_params.supervision_tout = + p_dev_rec->conn_params.slave_latency = BTM_BLE_CONN_PARAM_UNDEF; + + BTM_TRACE_DEBUG1 ("hci_handl=0x%x ", p_dev_rec->hci_handle ); + break; + } + } + + if (!p_dev_rec) + return(FALSE); + } + else + { + BTM_TRACE_DEBUG0("Device already exist"); + } + + memset(p_dev_rec->sec_bd_name, 0, sizeof(tBTM_BD_NAME)); + + if (bd_name && bd_name[0]) + { + p_dev_rec->sec_flags |= BTM_SEC_NAME_KNOWN; + BCM_STRNCPY_S ((char *)p_dev_rec->sec_bd_name, sizeof (p_dev_rec->sec_bd_name), + (char *)bd_name, BTM_MAX_REM_BD_NAME_LEN); + } + p_dev_rec->device_type = dev_type; + p_dev_rec->ble.ble_addr_type = addr_type; + BTM_TRACE_DEBUG3 ("p_dev_rec->device_type =0x%x addr_type=0x%x sec_flags=0x%x", + dev_type, addr_type, p_dev_rec->sec_flags); + + /* sync up with the Inq Data base*/ + p_info = BTM_InqDbRead(bd_addr); + if (p_info) + { + p_info->results.ble_addr_type = p_dev_rec->ble.ble_addr_type ; + p_info->results.device_type = p_dev_rec->device_type; + BTM_TRACE_DEBUG2 ("InqDb device_type =0x%x addr_type=0x%x", + p_info->results.device_type, p_info->results.ble_addr_type); + } + +#endif + return(TRUE); +} + +/******************************************************************************* +** +** Function BTM_SecAddBleKey +** +** Description Add/modify LE device information. This function will be +** normally called during host startup to restore all required +** information stored in the NVRAM. +** +** Parameters: bd_addr - BD address of the peer +** p_le_key - LE key values. +** key_type - LE SMP key type. +* +** Returns TRUE if added OK, else FALSE +** +*******************************************************************************/ +BOOLEAN BTM_SecAddBleKey (BD_ADDR bd_addr, tBTM_LE_KEY_VALUE *p_le_key, tBTM_LE_KEY_TYPE key_type) +{ +#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) + tBTM_SEC_DEV_REC *p_dev_rec; + BTM_TRACE_DEBUG0 ("BTM_SecAddBleKey"); + p_dev_rec = btm_find_dev (bd_addr); + if (!p_dev_rec || !p_le_key || + (key_type != BTM_LE_KEY_PENC && key_type != BTM_LE_KEY_PID && + key_type != BTM_LE_KEY_PCSRK && key_type != BTM_LE_KEY_LENC)) + { + BTM_TRACE_WARNING3 ("BTM_SecAddLeKey() No BT Link Key, Wrong Type, or No Device record \ + for bdaddr: %08x%04x, Type: %d", + (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3], + (bd_addr[4]<<8)+bd_addr[5], key_type); + return(FALSE); + } + + BTM_TRACE_DEBUG3 ("BTM_SecAddLeKey() BDA: %08x%04x, Type: 0x%02x", + (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3], + (bd_addr[4]<<8)+bd_addr[5], key_type); + + if (key_type == BTM_LE_KEY_PENC || key_type == BTM_LE_KEY_PID || + key_type == BTM_LE_KEY_PCSRK || key_type == BTM_LE_KEY_LENC || + key_type == BTM_LE_KEY_LCSRK) + { + btm_sec_save_le_key (bd_addr, key_type, p_le_key, FALSE); + } + +#endif + + return(TRUE); +} + +/******************************************************************************* +** +** Function BTM_BleLoadLocalKeys +** +** Description Local local identity key, encryption root or sign counter. +** +** Parameters: key_type: type of key, can be BTM_BLE_KEY_TYPE_ID, BTM_BLE_KEY_TYPE_ER +** or BTM_BLE_KEY_TYPE_COUNTER. +** p_key: pointer to the key. +* +** Returns non2. +** +*******************************************************************************/ +void BTM_BleLoadLocalKeys(UINT8 key_type, tBTM_BLE_LOCAL_KEYS *p_key) +{ +#if BLE_INCLUDED == TRUE + tBTM_DEVCB *p_devcb = &btm_cb.devcb; + BTM_TRACE_DEBUG0 ("BTM_BleLoadLocalKeys"); + if (p_key != NULL) + { + switch (key_type) + { + case BTM_BLE_KEY_TYPE_ID: + memcpy(&p_devcb->id_keys, &p_key->id_keys, sizeof(tBTM_BLE_LOCAL_ID_KEYS)); + break; + + case BTM_BLE_KEY_TYPE_ER: + memcpy(p_devcb->er, p_key->er, sizeof(BT_OCTET16)); + break; + + default: + BTM_TRACE_ERROR1("unknow local key type: %d", key_type); + break; + } + } +#endif +} + +/******************************************************************************* +** +** Function BTM_GetDeviceEncRoot +** +** Description This function is called to read the local device encryption +** root. +** +** Returns void +** the local device ER is copied into er +** +*******************************************************************************/ +void BTM_GetDeviceEncRoot (BT_OCTET16 er) +{ + BTM_TRACE_DEBUG0 ("BTM_GetDeviceEncRoot"); + +#if BLE_INCLUDED == TRUE + memcpy (er, btm_cb.devcb.er, BT_OCTET16_LEN); +#endif +} + +/******************************************************************************* +** +** Function BTM_GetDeviceIDRoot +** +** Description This function is called to read the local device identity +** root. +** +** Returns void +** the local device IR is copied into irk +** +*******************************************************************************/ +void BTM_GetDeviceIDRoot (BT_OCTET16 irk) +{ + BTM_TRACE_DEBUG0 ("BTM_GetDeviceIDRoot "); + +#if BLE_INCLUDED == TRUE + memcpy (irk, btm_cb.devcb.id_keys.irk, BT_OCTET16_LEN); +#endif +} + +/******************************************************************************* +** +** Function BTM_GetDeviceDHK +** +** Description This function is called to read the local device DHK. +** +** Returns void +** the local device DHK is copied into dhk +** +*******************************************************************************/ +void BTM_GetDeviceDHK (BT_OCTET16 dhk) +{ +#if BLE_INCLUDED == TRUE + BTM_TRACE_DEBUG0 ("BTM_GetDeviceDHK"); + memcpy (dhk, btm_cb.devcb.id_keys.dhk, BT_OCTET16_LEN); +#endif +} + +/******************************************************************************* +** +** Function BTM_ReadConnectionAddr +** +** Description This function is called to set the local device random address +** . +** +** Returns void +** +*******************************************************************************/ +void BTM_ReadConnectionAddr (BD_ADDR conn_addr) +{ +#if BLE_INCLUDED == TRUE + BTM_TRACE_DEBUG0 ("BTM_ReadConnectionAddr"); + if (btm_cb.ble_ctr_cb.inq_var.own_addr_type == BLE_ADDR_PUBLIC) + { + BTM_GetLocalDeviceAddr(conn_addr); + } + else + { + memcpy (conn_addr, btm_cb.ble_ctr_cb.addr_mgnt_cb.private_addr, BD_ADDR_LEN); + } +#endif +} + +/******************************************************************************* +** +** Function BTM_SecurityGrant +** +** Description This function is called to grant security process. +** +** Parameters bd_addr - peer device bd address. +** res - result of the operation BTM_SUCCESS if success. +** Otherwise, BTM_REPEATED_ATTEMPTS is too many attempts. +** +** Returns None +** +*******************************************************************************/ +void BTM_SecurityGrant(BD_ADDR bd_addr, UINT8 res) +{ +#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) + tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_REPEATED_ATTEMPTS; + BTM_TRACE_DEBUG0 ("BTM_SecurityGrant"); + SMP_SecurityGrant(bd_addr, res_smp); +#endif +} + +/******************************************************************************* +** +** Function BTM_BlePasskeyReply +** +** Description This function is called after Security Manager submitted +** passkey request to the application. +** +** Parameters: bd_addr - Address of the device for which passkey was requested +** res - result of the operation BTM_SUCCESS if success +** key_len - length in bytes of the Passkey +** p_passkey - pointer to array with the passkey +** trusted_mask - bitwise OR of trusted services (array of UINT32) +** +*******************************************************************************/ +void BTM_BlePasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey) +{ +#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) + tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); + tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_PASSKEY_ENTRY_FAIL; + + p_dev_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED; + BTM_TRACE_DEBUG0 ("BTM_BlePasskeyReply"); + SMP_PasskeyReply(bd_addr, res_smp, passkey); +#endif +} + +/******************************************************************************* +** +** Function BTM_BleOobDataReply +** +** Description This function is called to provide the OOB data for +** SMP in response to BTM_LE_OOB_REQ_EVT +** +** Parameters: bd_addr - Address of the peer device +** res - result of the operation SMP_SUCCESS if success +** p_data - simple pairing Randomizer C. +** +*******************************************************************************/ +void BTM_BleOobDataReply(BD_ADDR bd_addr, UINT8 res, UINT8 len, UINT8 *p_data) +{ +#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) + tSMP_STATUS res_smp = (res == BTM_SUCCESS) ? SMP_SUCCESS : SMP_OOB_FAIL; + tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); + + BTM_TRACE_DEBUG0 ("BTM_BleOobDataReply"); + p_dev_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED; + SMP_OobDataReply(bd_addr, res_smp, len, p_data); +#endif +} + +/****************************************************************************** +** +** Function BTM_BleSetConnScanParams +** +** Description Set scan parameter used in BLE connection request +** +** Parameters: scan_interval: scan interval +** scan_window: scan window +** +** Returns void +** +*******************************************************************************/ +void BTM_BleSetConnScanParams (UINT16 scan_interval, UINT16 scan_window) +{ +#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) + tBTM_BLE_CB *p_ble_cb = &btm_cb.ble_ctr_cb; + BOOLEAN new_param = FALSE; + + if (BTM_BLE_VALID_PRAM(scan_interval, BTM_BLE_SCAN_INT_MIN, BTM_BLE_SCAN_INT_MAX) && + BTM_BLE_VALID_PRAM(scan_window, BTM_BLE_SCAN_WIN_MIN, BTM_BLE_SCAN_WIN_MAX)) + { + btu_stop_timer(&p_ble_cb->scan_param_idle_timer); + + if (p_ble_cb->scan_int != scan_interval) + { + p_ble_cb->scan_int = scan_interval; + new_param = TRUE; + } + + if (p_ble_cb->scan_win != scan_window) + { + p_ble_cb->scan_win = scan_window; + new_param = TRUE; + } + + if (new_param) + btm_ble_update_active_bgconn_scan_params(); + } + else + { + BTM_TRACE_ERROR0("Illegal Connection Scan Parameters"); + } +#endif +} + +/******************************************************** +** +** Function BTM_BleSetPrefConnParams +** +** Description Set a peripheral's preferred connection parameters +** +** Parameters: bd_addr - BD address of the peripheral +** scan_interval: scan interval +** scan_window: scan window +** min_conn_int - minimum preferred connection interval +** max_conn_int - maximum preferred connection interval +** slave_latency - preferred slave latency +** supervision_tout - preferred supervision timeout +** +** Returns void +** +*******************************************************************************/ +void BTM_BleSetPrefConnParams (BD_ADDR bd_addr, + UINT16 min_conn_int, UINT16 max_conn_int, + UINT16 slave_latency, UINT16 supervision_tout) +{ +#if BLE_INCLUDED == TRUE + tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); + + BTM_TRACE_API4 ("BTM_BleSetPrefConnParams min: %u max: %u latency: %u \ + tout: %u", + min_conn_int, max_conn_int, slave_latency, supervision_tout); + + if (BTM_BLE_VALID_PRAM(min_conn_int, BTM_BLE_CONN_INT_MIN, BTM_BLE_CONN_INT_MAX) && + BTM_BLE_VALID_PRAM(max_conn_int, BTM_BLE_CONN_INT_MIN, BTM_BLE_CONN_INT_MAX) && + BTM_BLE_VALID_PRAM(supervision_tout, BTM_BLE_CONN_SUP_TOUT_MIN, BTM_BLE_CONN_SUP_TOUT_MAX) && + slave_latency <= BTM_BLE_CONN_LATENCY_MAX) + { + if (p_dev_rec) + { + /* expect conn int and stout and slave latency to be updated all together */ + if (min_conn_int != BTM_BLE_CONN_PARAM_UNDEF || max_conn_int != BTM_BLE_CONN_PARAM_UNDEF) + { + if (min_conn_int != BTM_BLE_CONN_PARAM_UNDEF) + p_dev_rec->conn_params.min_conn_int = min_conn_int; + else + p_dev_rec->conn_params.min_conn_int = max_conn_int; + + if (max_conn_int != BTM_BLE_CONN_PARAM_UNDEF) + p_dev_rec->conn_params.max_conn_int = max_conn_int; + else + p_dev_rec->conn_params.max_conn_int = min_conn_int; + + if (slave_latency != BTM_BLE_CONN_PARAM_UNDEF) + p_dev_rec->conn_params.slave_latency = slave_latency; + else + p_dev_rec->conn_params.slave_latency = BTM_BLE_CONN_SLAVE_LATENCY_DEF; + + if (supervision_tout != BTM_BLE_CONN_PARAM_UNDEF) + p_dev_rec->conn_params.supervision_tout = supervision_tout; + else + p_dev_rec->conn_params.slave_latency = BTM_BLE_CONN_TIMEOUT_DEF; + + } + + } + else + { + BTM_TRACE_ERROR0("Unknown Device, setting rejected"); + } + } + else + { + BTM_TRACE_ERROR0("Illegal Connection Parameters"); + } +#endif /* BLE_INCLUDED */ +} + +/******************************************************************************* +** +** Function BTM_ReadDevInfo +** +** Description This function is called to read the device/address type +** of BD address. +** +** Parameter remote_bda: remote device address +** p_dev_type: output parameter to read the device type. +** p_addr_type: output parameter to read the address type. +** +*******************************************************************************/ +void BTM_ReadDevInfo (BD_ADDR remote_bda, tBT_DEVICE_TYPE *p_dev_type, tBLE_ADDR_TYPE *p_addr_type) +{ +#if BLE_INCLUDED == TRUE + tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (remote_bda); + tBTM_INQ_INFO *p_inq_info = BTM_InqDbRead(remote_bda); + + *p_dev_type = BT_DEVICE_TYPE_BREDR; + *p_addr_type = BLE_ADDR_PUBLIC; + + if (!p_dev_rec) + { + /* Check with the BT manager if details about remote device are known */ + if (p_inq_info != NULL) + { + *p_dev_type = p_inq_info->results.device_type ; + *p_addr_type = p_inq_info->results.ble_addr_type; + } + /* unknown device, assume BR/EDR */ + } + else /* there is a security device record exisitng */ + { + /* new inquiry result, overwrite device type in security device record */ + if (p_inq_info) + { + p_dev_rec->device_type = p_inq_info->results.device_type; + p_dev_rec->ble.ble_addr_type = p_inq_info->results.ble_addr_type; + } + *p_dev_type = p_dev_rec->device_type; + *p_addr_type = p_dev_rec->ble.ble_addr_type; + + } + + BTM_TRACE_DEBUG2 ("btm_find_dev_type - device_type = %d addr_type = %d", *p_dev_type , *p_addr_type); +#endif + + return; +} + + +/******************************************************************************* +** Internal Functions +*******************************************************************************/ +#if BLE_INCLUDED == TRUE + +/******************************************************************************* +** +** Function btm_ble_update_active_bgconn_scan_params +** +** Description This function is called to update the scan parameter if background +** connection has been active. +** +*******************************************************************************/ +static void btm_ble_update_active_bgconn_scan_params(void) +{ + tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb; + tBTM_BLE_SEL_CBACK *p_select_cback; + + /* if active , cancel and restart and apply the params */ + if (p_cb->bg_conn_state == BLE_BG_CONN_ACTIVE) + { + if (p_cb->bg_conn_type == BTM_BLE_CONN_AUTO) + { + if (btm_ble_start_auto_conn(FALSE)) + btm_ble_start_auto_conn(TRUE); + } + else if (p_cb->bg_conn_type == BTM_BLE_CONN_SELECTIVE) + { + p_select_cback = p_cb->p_select_cback; + if (btm_ble_start_select_conn(FALSE, NULL)) + btm_ble_start_select_conn(TRUE, p_select_cback); + } + } + return; +} + +/******************************************************************************* +** +** Function btm_ble_check_link_type +** +** Description This function is to check the link type is BLE or BR/EDR. +** +** Returns TRUE if BLE link; FALSE if BR/EDR. +** +*******************************************************************************/ +BOOLEAN btm_ble_check_link_type (BD_ADDR bd_addr) +{ + tACL_CONN *p; + BTM_TRACE_DEBUG0 ("btm_ble_check_link_type"); + if ((p = btm_bda_to_acl(bd_addr)) != NULL) + return p->is_le_link; + else + return FALSE; +} + +/******************************************************************************* +** +** Function btm_ble_rand_enc_complete +** +** Description This function is the callback functions for HCI_Rand command +** and HCI_Encrypt command is completed. +** This message is received from the HCI. +** +** Returns void +** +*******************************************************************************/ +void btm_ble_rand_enc_complete (UINT8 *p, UINT16 op_code, tBTM_RAND_ENC_CB *p_enc_cplt_cback) +{ + tBTM_RAND_ENC params; + UINT8 *p_dest = params.param_buf; + + BTM_TRACE_DEBUG0 ("btm_ble_rand_enc_complete"); + + memset(¶ms, 0, sizeof(tBTM_RAND_ENC)); + + /* If there was a callback address for vcs complete, call it */ + if (p_enc_cplt_cback && p) + { + /* Pass paramters to the callback function */ + STREAM_TO_UINT8(params.status, p); /* command status */ + + if (params.status == HCI_SUCCESS) + { + params.opcode = op_code; + + if (op_code == HCI_BLE_RAND) + params.param_len = BT_OCTET8_LEN; + else + params.param_len = BT_OCTET16_LEN; + + memcpy(p_dest, p, params.param_len); /* Fetch return info from HCI event message */ + } + if (p_enc_cplt_cback) + (*p_enc_cplt_cback)(¶ms); /* Call the Encryption complete callback function */ + } +} + + +#if (SMP_INCLUDED == TRUE) + +/******************************************************************************* +** +** Function btm_ble_get_enc_key_type +** +** Description This function is to increment local sign counter +** Returns None +** +*******************************************************************************/ +void btm_ble_increment_sign_ctr(BD_ADDR bd_addr, BOOLEAN is_local ) +{ + tBTM_SEC_DEV_REC *p_dev_rec; + + BTM_TRACE_DEBUG1 ("btm_ble_increment_sign_ctr is_local=%d", is_local); + + if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL) + { + if (is_local) + p_dev_rec->ble.keys.local_counter++; + else + p_dev_rec->ble.keys.counter++; + BTM_TRACE_DEBUG3 ("is_local=%d local sign counter=%d peer sign counter=%d", + is_local, + p_dev_rec->ble.keys.local_counter, + p_dev_rec->ble.keys.counter); + } +} + +/******************************************************************************* +** +** Function btm_ble_get_enc_key_type +** +** Description This function is to get the BLE key type that has been exchanged +** in betweem local device and peer device. +** +** Returns p_key_type: output parameter to carry the key type value. +** +*******************************************************************************/ +BOOLEAN btm_ble_get_enc_key_type(BD_ADDR bd_addr, UINT8 *p_key_types) +{ + tBTM_SEC_DEV_REC *p_dev_rec; + + BTM_TRACE_DEBUG0 ("btm_ble_get_enc_key_type"); + + if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL) + { + *p_key_types = p_dev_rec->ble.key_type; + return TRUE; + } + return FALSE; +} + +/******************************************************************************* +** +** Function btm_get_local_div +** +** Description This function is called to read the local DIV +** +** Returns TURE - if a valid DIV is availavle +*******************************************************************************/ +BOOLEAN btm_get_local_div (BD_ADDR bd_addr, UINT16 *p_div) +{ + tBTM_SEC_DEV_REC *p_dev_rec; + BOOLEAN status = FALSE; + BTM_TRACE_DEBUG0 ("btm_get_local_div"); + + BTM_TRACE_DEBUG6("bd_addr:%02x-%02x-%02x-%02x-%02x-%02x", + bd_addr[0],bd_addr[1], + bd_addr[2],bd_addr[3], + bd_addr[4],bd_addr[5]); + + p_dev_rec = btm_find_dev (bd_addr); + + if (p_dev_rec && p_dev_rec->ble.keys.div) + { + status = TRUE; + *p_div = p_dev_rec->ble.keys.div; + } + BTM_TRACE_DEBUG2 ("btm_get_local_div status=%d (1-OK) DIV=0x%x", status, *p_div); + return status; +} + +/******************************************************************************* +** +** Function btm_sec_save_le_key +** +** Description This function is called by the SMP to update +** an BLE key. SMP is internal, whereas all the keys shall +** be sent to the application. The function is also called +** when application passes ble key stored in NVRAM to the btm_sec. +** pass_to_application parameter is false in this case. +** +** Returns void +** +*******************************************************************************/ +void btm_sec_save_le_key(BD_ADDR bd_addr, tBTM_LE_KEY_TYPE key_type, tBTM_LE_KEY_VALUE *p_keys, + BOOLEAN pass_to_application) +{ + tBTM_SEC_DEV_REC *p_rec; + tBTM_LE_EVT_DATA cb_data; + + BTM_TRACE_DEBUG2 ("btm_sec_save_le_key key_type=0x%x pass_to_application=%d",key_type, pass_to_application); + /* Store the updated key in the device database */ + + BTM_TRACE_DEBUG6("bd_addr:%02x-%02x-%02x-%02x-%02x-%02x", + bd_addr[0],bd_addr[1], + bd_addr[2],bd_addr[3], + bd_addr[4],bd_addr[5]); + + if ((p_rec = btm_find_dev (bd_addr)) != NULL && p_keys) + { + switch (key_type) + { + case BTM_LE_KEY_PENC: + memcpy(p_rec->ble.keys.ltk, p_keys->penc_key.ltk, BT_OCTET16_LEN); + memcpy(p_rec->ble.keys.rand, p_keys->penc_key.rand, BT_OCTET8_LEN); + p_rec->ble.keys.sec_level = p_keys->penc_key.sec_level; + p_rec->ble.keys.ediv = p_keys->penc_key.ediv; + p_rec->ble.keys.key_size = p_keys->penc_key.key_size; + p_rec->ble.key_type |= BTM_LE_KEY_PENC; + p_rec->sec_flags |= BTM_SEC_LINK_KEY_KNOWN; + if (p_keys->penc_key.sec_level == SMP_SEC_AUTHENTICATED) + p_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED; + else + p_rec->sec_flags &= ~BTM_SEC_LINK_KEY_AUTHED; + BTM_TRACE_DEBUG3("BTM_LE_KEY_PENC key_type=0x%x sec_flags=0x%x sec_leve=0x%x", + p_rec->ble.key_type, + p_rec->sec_flags, + p_rec->ble.keys.sec_level); + break; + + case BTM_LE_KEY_PID: + memcpy(p_rec->ble.keys.irk, p_keys->pid_key, BT_OCTET16_LEN); + p_rec->ble.key_type |= BTM_LE_KEY_PID; + BTM_TRACE_DEBUG1("BTM_LE_KEY_PID key_type=0x%x save peer IRK", p_rec->ble.key_type); + break; + + case BTM_LE_KEY_PCSRK: + memcpy(p_rec->ble.keys.csrk, p_keys->pcsrk_key.csrk, BT_OCTET16_LEN); + p_rec->ble.keys.srk_sec_level = p_keys->pcsrk_key.sec_level; + p_rec->ble.keys.counter = p_keys->pcsrk_key.counter; + p_rec->ble.key_type |= BTM_LE_KEY_PCSRK; + p_rec->sec_flags |= BTM_SEC_LINK_KEY_KNOWN; + if ( p_keys->pcsrk_key.sec_level== SMP_SEC_AUTHENTICATED) + p_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED; + else + p_rec->sec_flags &= ~BTM_SEC_LINK_KEY_AUTHED; + + BTM_TRACE_DEBUG4("BTM_LE_KEY_PCSRK key_type=0x%x sec_flags=0x%x sec_level=0x%x peer_counter=%d", + p_rec->ble.key_type, + p_rec->sec_flags, + p_rec->ble.keys.srk_sec_level, + p_rec->ble.keys.counter ); + break; + + case BTM_LE_KEY_LENC: + p_rec->ble.keys.div = p_keys->lenc_key.div; /* update DIV */ + p_rec->ble.keys.sec_level = p_keys->lenc_key.sec_level; + p_rec->ble.keys.key_size = p_keys->lenc_key.key_size; + p_rec->ble.key_type |= BTM_LE_KEY_LENC; + + BTM_TRACE_DEBUG4("BTM_LE_KEY_LENC key_type=0x%x DIV=0x%x key_size=0x%x sec_level=0x%x", + p_rec->ble.key_type, + p_rec->ble.keys.div, + p_rec->ble.keys.key_size, + p_rec->ble.keys.sec_level ); + break; + + case BTM_LE_KEY_LCSRK:/* local CSRK has been delivered */ + p_rec->ble.keys.div = p_keys->lcsrk_key.div; /* update DIV */ + p_rec->ble.keys.local_csrk_sec_level = p_keys->lcsrk_key.sec_level; + p_rec->ble.keys.local_counter = p_keys->lcsrk_key.counter; + p_rec->ble.key_type |= BTM_LE_KEY_LCSRK; + BTM_TRACE_DEBUG4("BTM_LE_KEY_LCSRK key_type=0x%x DIV=0x%x scrk_sec_level=0x%x local_counter=%d", + p_rec->ble.key_type, + p_rec->ble.keys.div, + p_rec->ble.keys.local_csrk_sec_level, + p_rec->ble.keys.local_counter ); + break; + + default: + BTM_TRACE_WARNING1("btm_sec_save_le_key (Bad key_type 0x%02x)", key_type); + return; + } + + BTM_TRACE_DEBUG3 ("BLE key type 0x%02x updated for BDA: %08x%04x (btm_sec_save_le_key)", key_type, + (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3], + (bd_addr[4]<<8)+bd_addr[5]); + + /* Notify the application that one of the BLE keys has been updated + If link key is in progress, it will get sent later.*/ + if (pass_to_application && btm_cb.api.p_le_callback) + { + cb_data.key.p_key_value = p_keys; + cb_data.key.key_type = key_type; + + (*btm_cb.api.p_le_callback) (BTM_LE_KEY_EVT, bd_addr, &cb_data); + } + return; + } + + BTM_TRACE_WARNING3 ("BLE key type 0x%02x called for Unknown BDA or type: %08x%04x !! (btm_sec_save_le_key)", key_type, + (bd_addr[0]<<24)+(bd_addr[1]<<16)+(bd_addr[2]<<8)+bd_addr[3], + (bd_addr[4]<<8)+bd_addr[5]); + + if (p_rec) + { + BTM_TRACE_DEBUG1 ("sec_flags=0x%x", p_rec->sec_flags); + } +} + +/******************************************************************************* +** +** Function btm_ble_update_sec_key_size +** +** Description update the current lin kencryption key size +** +** Returns void +** +*******************************************************************************/ +void btm_ble_update_sec_key_size(BD_ADDR bd_addr, UINT8 enc_key_size) +{ + tBTM_SEC_DEV_REC *p_rec; + + BTM_TRACE_DEBUG1("btm_ble_update_sec_key_size enc_key_size = %d", enc_key_size); + + if ((p_rec = btm_find_dev (bd_addr)) != NULL ) + { + p_rec->enc_key_size = enc_key_size; + } +} + +/******************************************************************************* +** +** Function btm_ble_read_sec_key_size +** +** Description update the current lin kencryption key size +** +** Returns void +** +*******************************************************************************/ +UINT8 btm_ble_read_sec_key_size(BD_ADDR bd_addr) +{ + tBTM_SEC_DEV_REC *p_rec; + + if ((p_rec = btm_find_dev (bd_addr)) != NULL ) + { + return p_rec->enc_key_size; + } + else + return 0; +} + +/******************************************************************************* +** +** Function btm_ble_link_sec_check +** +** Description Check BLE link security level match. +** +** Returns TRUE: check is OK and the *p_sec_req_act contain the action +** +*******************************************************************************/ +void btm_ble_link_sec_check(BD_ADDR bd_addr, tBTM_LE_AUTH_REQ auth_req, tBTM_BLE_SEC_REQ_ACT *p_sec_req_act) +{ + tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); + UINT8 req_sec_level, cur_sec_level; + + BTM_TRACE_DEBUG1 ("btm_ble_link_sec_check auth_req =0x%x", auth_req); + + if (p_dev_rec == NULL) + { + BTM_TRACE_ERROR0 ("btm_ble_link_sec_check received for unknown device"); + return; + } + + if (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING) + { + /* race condition: discard the security request while master is encrypting the link */ + *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_DISCARD; + } + else + { + req_sec_level = BTM_LE_SEC_UNAUTHENTICATE; + if ((auth_req == (BTM_LE_AUTH_REQ_BOND|BTM_LE_AUTH_REQ_MITM)) || + (auth_req == (BTM_LE_AUTH_REQ_MITM)) ) + { + req_sec_level = BTM_LE_SEC_AUTHENTICATED; + } + + BTM_TRACE_DEBUG1 ("dev_rec sec_flags=0x%x", p_dev_rec->sec_flags); + + /* currently encrpted */ + if (p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED) + { + if (p_dev_rec->sec_flags & BTM_SEC_LINK_KEY_AUTHED) + cur_sec_level = BTM_LE_SEC_AUTHENTICATED; + else + cur_sec_level = BTM_LE_SEC_UNAUTHENTICATE; + } + else /* unencrypted link */ + { + /* if bonded, get the key security level */ + if (p_dev_rec->ble.key_type & BTM_LE_KEY_PENC) + cur_sec_level = p_dev_rec->ble.keys.sec_level; + else + cur_sec_level = BTM_LE_SEC_NONE; + } + + if (cur_sec_level >= req_sec_level) + { + if (cur_sec_level == BTM_LE_SEC_NONE) + { + *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_NONE; + } + else + { + /* To avoid re-encryption on an encrypted link for an equal condition encryption + if (p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED) + *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_DISCARD; + else + */ + *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_ENCRYPT; + } + } + else + { + *p_sec_req_act = BTM_BLE_SEC_REQ_ACT_PAIR; /* start the pariring process to upgrade the keys*/ + } + } + + BTM_TRACE_DEBUG3("cur_sec_level=%d req_sec_level=%d sec_req_act=%d", + cur_sec_level, + req_sec_level, + *p_sec_req_act); + +} + +/******************************************************************************* +** +** Function btm_ble_set_encryption +** +** Description This function is called to ensure that LE connection is +** encrypted. Should be called only on an open connection. +** Typically only needed for connections that first want to +** bring up unencrypted links, then later encrypt them. +** +** Returns void +** the local device ER is copied into er +** +*******************************************************************************/ +tBTM_STATUS btm_ble_set_encryption (BD_ADDR bd_addr, void *p_ref_data, UINT8 link_role) +{ + tBTM_STATUS cmd = BTM_NO_RESOURCES; + tBTM_BLE_SEC_ACT sec_act = *(tBTM_BLE_SEC_ACT *)p_ref_data ; + tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr); + + BTM_TRACE_DEBUG2 ("btm_ble_set_encryption sec_act=0x%x role_master=%d", sec_act, p_rec->role_master); + + if (p_rec == NULL) + { + return(BTM_WRONG_MODE); + } + + if (sec_act == BTM_BLE_SEC_ENCRYPT_MITM) + { + p_rec->security_required |= BTM_SEC_IN_MITM; + } + + switch (sec_act) + { + case BTM_BLE_SEC_ENCRYPT: + if (link_role == BTM_ROLE_MASTER) + { + /* start link layer encryption using the security info stored */ + btm_ble_start_encrypt(bd_addr, FALSE, NULL); + p_rec->sec_state = BTM_SEC_STATE_ENCRYPTING; + cmd = BTM_CMD_STARTED; + break; + } + /* if salve role then fall through to call SMP_Pair below which will send a + sec_request to request the master to encrypt the link */ + case BTM_BLE_SEC_ENCRYPT_NO_MITM: + case BTM_BLE_SEC_ENCRYPT_MITM: + + if (SMP_Pair(bd_addr) == SMP_STARTED) + { + cmd = BTM_CMD_STARTED; + p_rec->sec_state = BTM_SEC_STATE_AUTHENTICATING; + } + break; + + default: + cmd = BTM_SUCCESS; + break; + } + return cmd; +} + +/******************************************************************************* +** +** Function btm_ble_ltk_request +** +** Description This function is called when encryption request is received +** on a slave device. +** +** +** Returns void +** +*******************************************************************************/ +void btm_ble_ltk_request(UINT16 handle, UINT8 rand[8], UINT16 ediv) +{ + tBTM_CB *p_cb = &btm_cb; + tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev_by_handle (handle); + BT_OCTET8 dummy_stk = {0}; + + BTM_TRACE_DEBUG0 ("btm_ble_ltk_request"); + + p_cb->ediv = ediv; + + memcpy(p_cb->enc_rand, rand, BT_OCTET8_LEN); + + if (!smp_proc_ltk_request(p_dev_rec->bd_addr)) + btm_ble_ltk_request_reply(p_dev_rec->bd_addr, FALSE, dummy_stk); + + +} + +/******************************************************************************* +** +** Function btm_ble_start_encrypt +** +** Description This function is called to start LE encryption. +** +** +** Returns void +** +*******************************************************************************/ +BOOLEAN btm_ble_start_encrypt(BD_ADDR bda, BOOLEAN use_stk, BT_OCTET16 stk) +{ + tBTM_CB *p_cb = &btm_cb; + tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bda); + BT_OCTET8 dummy_rand = {0}; + + BTM_TRACE_DEBUG0 ("btm_ble_start_encrypt"); + + if (!p_rec || + (p_rec && p_rec->sec_state == BTM_SEC_STATE_ENCRYPTING)) + return FALSE; + + if (p_rec->sec_state == BTM_SEC_STATE_IDLE) + p_rec->sec_state = BTM_SEC_STATE_ENCRYPTING; + p_cb->enc_handle = p_rec->hci_handle; + + if (use_stk) + { + if (!btsnd_hcic_ble_start_enc(p_rec->hci_handle, dummy_rand, 0, stk)) + return FALSE; + } + else + { + if (!btsnd_hcic_ble_start_enc(p_rec->hci_handle, p_rec->ble.keys.rand, + p_rec->ble.keys.ediv, p_rec->ble.keys.ltk)) + return FALSE; + } + return TRUE; +} + +/******************************************************************************* +** +** Function btm_ble_link_encrypted +** +** Description This function is called when LE link encrption status is changed. +** +** Returns void +** +*******************************************************************************/ +void btm_ble_link_encrypted(BD_ADDR bd_addr, UINT8 encr_enable) +{ + tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); + + BTM_TRACE_DEBUG1 ("btm_ble_link_encrypted encr_enable=%d", encr_enable); + + smp_link_encrypted(bd_addr, encr_enable); + + if (p_dev_rec) + { + BTM_TRACE_DEBUG1(" p_dev_rec->sec_flags=0x%x", p_dev_rec->sec_flags); + + if (encr_enable && p_dev_rec->enc_key_size == 0) + p_dev_rec->enc_key_size = p_dev_rec->ble.keys.key_size; + + if (p_dev_rec->p_callback) + { + if (p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING) + { + if (encr_enable) + btm_sec_dev_rec_cback_event(p_dev_rec, BTM_SUCCESS); + else if (p_dev_rec->role_master) + btm_sec_dev_rec_cback_event(p_dev_rec, BTM_ERR_PROCESSING); + } + } + p_dev_rec->sec_state = BTM_SEC_STATE_IDLE; + } +} + +/******************************************************************************* +** Function btm_enc_proc_ltk +** Description send LTK reply when it's ready. +*******************************************************************************/ +static void btm_enc_proc_ltk(tSMP_ENC *p) +{ + UINT8 i; + BTM_TRACE_DEBUG0 ("btm_enc_proc_ltk"); + if (p && p->param_len == BT_OCTET16_LEN) + { + for (i = 0; i < (BT_OCTET16_LEN - btm_cb.key_size); i ++) + p->param_buf[BT_OCTET16_LEN - i - 1] = 0; + btsnd_hcic_ble_ltk_req_reply(btm_cb.enc_handle, p->param_buf); + } +} + +/******************************************************************************* +** Function btm_enc_proc_slave_y +** Description calculate LTK when Y is ready +*******************************************************************************/ +static void btm_enc_proc_slave_y(tSMP_ENC *p) +{ + UINT16 div, y; + UINT8 *pp = p->param_buf; + tBTM_CB *p_cb = &btm_cb; + tSMP_ENC output; + tBTM_SEC_DEV_REC *p_dev_rec; + + BTM_TRACE_DEBUG0 ("btm_enc_proc_slave_y"); + if (p != NULL) + { + STREAM_TO_UINT16(y, pp); + + div = p_cb->ediv ^ y; + p_dev_rec = btm_find_dev_by_handle (p_cb->enc_handle); + + if ( p_dev_rec && + p_dev_rec->ble.keys.div == div ) + { + BTM_TRACE_DEBUG0 ("LTK request OK"); + /* calculating LTK , LTK = E er(div) */ + SMP_Encrypt(p_cb->devcb.er, BT_OCTET16_LEN, (UINT8 *)&div, 2, &output); + btm_enc_proc_ltk(&output); + } + else + { + BTM_TRACE_DEBUG0 ("LTK request failed - send negative reply"); + btsnd_hcic_ble_ltk_req_neg_reply(p_cb->enc_handle); + if (p_dev_rec) + btm_ble_link_encrypted(p_dev_rec->bd_addr, 0); + + } + } +} + +/******************************************************************************* +** +** Function btm_ble_ltk_request_reply +** +** Description This function is called to send a LTK request reply on a slave +** device. +** +** Returns void +** +*******************************************************************************/ +void btm_ble_ltk_request_reply(BD_ADDR bda, BOOLEAN use_stk, BT_OCTET16 stk) +{ + tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bda); + tBTM_CB *p_cb = &btm_cb; + tSMP_ENC output; + + if (p_rec == NULL) + { + BTM_TRACE_ERROR0("btm_ble_ltk_request_reply received for unknown device"); + return; + } + + BTM_TRACE_DEBUG0 ("btm_ble_ltk_request_reply"); + p_cb->enc_handle = p_rec->hci_handle; + p_cb->key_size = p_rec->ble.keys.key_size; + + BTM_TRACE_ERROR1("key size = %d", p_rec->ble.keys.key_size); + if (use_stk) + { + btsnd_hcic_ble_ltk_req_reply(btm_cb.enc_handle, stk); + } + else /* calculate LTK using peer device */ + { + /* generate Y= Encrypt(DHK, Rand) received from encrypt request */ + SMP_Encrypt(p_cb->devcb.id_keys.dhk, BT_OCTET16_LEN, p_cb->enc_rand, + BT_OCTET8_LEN, &output); + btm_enc_proc_slave_y(&output); + } +} + +/******************************************************************************* +** +** Function btm_ble_io_capabilities_req +** +** Description This function is called to handle SMP get IO capability request. +** +** Returns void +** +*******************************************************************************/ +UINT8 btm_ble_io_capabilities_req(tBTM_SEC_DEV_REC *p_dev_rec, tBTM_LE_IO_REQ *p_data) +{ + UINT8 callback_rc = BTM_SUCCESS; + BTM_TRACE_DEBUG0 ("btm_ble_io_capabilities_req"); + if (btm_cb.api.p_le_callback) + { + /* the callback function implementation may change the IO capability... */ + callback_rc = (*btm_cb.api.p_le_callback) (BTM_LE_IO_REQ_EVT, p_dev_rec->bd_addr, (tBTM_LE_EVT_DATA *)p_data); + } +#if BTM_OOB_INCLUDED == TRUE + if ((callback_rc == BTM_SUCCESS) || (BTM_OOB_UNKNOWN != p_data->oob_data)) +#else + if (callback_rc == BTM_SUCCESS) +#endif + { + p_data->auth_req &= BTM_LE_AUTH_REQ_MASK; + + BTM_TRACE_DEBUG2 ("btm_ble_io_capabilities_req 1: p_dev_rec->security_required = %d auth_req:%d", + p_dev_rec->security_required, p_data->auth_req); + BTM_TRACE_DEBUG2 ("btm_ble_io_capabilities_req 2: i_keys=0x%x r_keys=0x%x (bit 0-LTK 1-IRK 2-CSRK)", + p_data->init_keys, + p_data->resp_keys); + + /* if authentication requires MITM protection, put on the mask */ + if (p_dev_rec->security_required & BTM_SEC_IN_MITM) + p_data->auth_req |= BTM_LE_AUTH_REQ_MITM; + + if (!(p_data->auth_req & SMP_AUTH_BOND)) + { + BTM_TRACE_DEBUG0("Non bonding: No keys should be exchanged"); + p_data->init_keys = 0; + p_data->resp_keys = 0; + } + + BTM_TRACE_DEBUG1 ("btm_ble_io_capabilities_req 3: auth_req:%d", p_data->auth_req); + BTM_TRACE_DEBUG2 ("btm_ble_io_capabilities_req 4: i_keys=0x%x r_keys=0x%x", + p_data->init_keys, + p_data->resp_keys); + + BTM_TRACE_DEBUG2 ("btm_ble_io_capabilities_req 5: p_data->io_cap = %d auth_req:%d", + p_data->io_cap, p_data->auth_req); + + /* remove MITM protection requirement if IO cap does not allow it */ + if ((p_data->io_cap == BTM_IO_CAP_NONE) && p_data->oob_data == SMP_OOB_NONE) + p_data->auth_req &= ~BTM_LE_AUTH_REQ_MITM; + + BTM_TRACE_DEBUG3 ("btm_ble_io_capabilities_req 6: IO_CAP:%d oob_data:%d auth_req:%d", + p_data->io_cap, p_data->oob_data, p_data->auth_req); + } + return callback_rc; +} + +/***************************************************************************** +** Function btm_proc_smp_cback +** +** Description This function is the SMP callback handler. +** +******************************************************************************/ +UINT8 btm_proc_smp_cback(tSMP_EVT event, BD_ADDR bd_addr, tSMP_EVT_DATA *p_data) +{ + tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); + UINT8 res; + + BTM_TRACE_DEBUG1 ("btm_proc_smp_cback event = %d", event); + + if (p_dev_rec != NULL) + { + switch (event) + { + case SMP_IO_CAP_REQ_EVT: + btm_ble_io_capabilities_req(p_dev_rec, (tBTM_LE_IO_REQ *)&p_data->io_req); + break; + + case SMP_PASSKEY_REQ_EVT: + case SMP_PASSKEY_NOTIF_EVT: + case SMP_OOB_REQ_EVT: + p_dev_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED; + case SMP_SEC_REQUEST_EVT: + case SMP_COMPLT_EVT: + if (btm_cb.api.p_le_callback) + { + /* the callback function implementation may change the IO capability... */ + BTM_TRACE_DEBUG1 ("btm_cb.api.p_le_callback=0x%x", btm_cb.api.p_le_callback ); + (*btm_cb.api.p_le_callback) (event, bd_addr, (tBTM_LE_EVT_DATA *)p_data); + } + else + { + BTM_TRACE_ERROR0 ("btm_proc_smp_cback: btm_cb.api.p_le_callback ==NULL"); + } + + if (event == SMP_COMPLT_EVT) + { + BTM_TRACE_DEBUG2 ("evt=SMP_COMPLT_EVT before update sec_level=0x%x sec_flags=0x%x", p_data->cmplt.sec_level , p_dev_rec->sec_flags ); + + res = (p_data->cmplt.reason == SMP_SUCCESS) ? BTM_SUCCESS : BTM_ERR_PROCESSING; + + BTM_TRACE_DEBUG3 ("after update result=%d sec_level=0x%x sec_flags=0x%x", + res, p_data->cmplt.sec_level , p_dev_rec->sec_flags ); + + btm_sec_dev_rec_cback_event(p_dev_rec, res); + + if (p_data->cmplt.is_pair_cancel && btm_cb.api.p_bond_cancel_cmpl_callback ) + { + BTM_TRACE_DEBUG0 ("Pairing Cancel completed"); + (*btm_cb.api.p_bond_cancel_cmpl_callback)(BTM_SUCCESS); + } +#if BTM_BLE_CONFORMANCE_TESTING == TRUE + if (res != BTM_SUCCESS) + { + if (!btm_cb.devcb.no_disc_if_pair_fail) + { + BTM_TRACE_DEBUG0 ("Pairing failed - Remove ACL"); + btm_remove_acl(bd_addr); + } + else + { + BTM_TRACE_DEBUG0 ("Pairing failed - Not Removing ACL"); + p_dev_rec->sec_state = BTM_SEC_STATE_IDLE; + } + } +#else + if (res != BTM_SUCCESS) + btm_remove_acl(bd_addr); +#endif + + BTM_TRACE_DEBUG3 ("btm_cb pairing_state=%x pairing_flags=%x pin_code_len=%x", + btm_cb.pairing_state, + btm_cb.pairing_flags, + btm_cb.pin_code_len ); + BTM_TRACE_DEBUG6 ("btm_cb.pairing_bda %02x:%02x:%02x:%02x:%02x:%02x", + btm_cb.pairing_bda[0], btm_cb.pairing_bda[1], btm_cb.pairing_bda[2], + btm_cb.pairing_bda[3], btm_cb.pairing_bda[4], btm_cb.pairing_bda[5]); + + memset (btm_cb.pairing_bda, 0xff, BD_ADDR_LEN); + btm_cb.pairing_flags = 0; + } + break; + + default: + BTM_TRACE_DEBUG1 ("unknown event = %d", event); + break; + + + } + } + else + { + BTM_TRACE_ERROR0("btm_proc_smp_cback received for unknown device"); + } + + return 0; +} + +#endif /* SMP_INCLUDED */ +#endif /* BLE_INCLUDED */ + + +/******************************************************************************* +** +** Function BTM_BleDataSignature +** +** Description This function is called to sign the data using AES128 CMAC +** algorith. +** +** Parameter bd_addr: target device the data to be signed for. +** p_text: singing data +** len: length of the data to be signed. +** signature: output parameter where data signature is going to +** be stored. +** +** Returns TRUE if signing sucessul, otherwise FALSE. +** +*******************************************************************************/ +BOOLEAN BTM_BleDataSignature (BD_ADDR bd_addr, UINT8 *p_text, UINT16 len, + BLE_SIGNATURE signature) +{ + BOOLEAN ret = FALSE; +#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) + tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr); + UINT8 *p_buf, *pp; + + BT_OCTET16 er; + UINT16 div; + UINT8 temp[4]; /* for (r || DIV) r=1*/ + UINT16 r=1; + UINT8 *p=temp, *p_mac = (UINT8 *)signature; + tSMP_ENC output; + BT_OCTET16 local_csrk; + + BTM_TRACE_DEBUG0 ("BTM_BleDataSignature"); + if (p_rec == NULL) + { + BTM_TRACE_ERROR0("data signing can not be done from unknow device"); + } + else + { + if ((p_buf = (UINT8 *)GKI_getbuf((UINT16)(len + 4))) != NULL) + { + BTM_TRACE_DEBUG0("Start to generate Local CSRK"); + /* prepare plain text */ + if (p_text) + { + memcpy(p_buf, p_text, len); + pp = (p_buf + len); + } + +#if BTM_BLE_CONFORMANCE_TESTING == TRUE + if ( btm_cb.devcb.enable_test_local_sign_cntr) + { + BTM_TRACE_DEBUG1 ("Use Test local counter value from script counter_val=%d", btm_cb.devcb.test_local_sign_cntr); + UINT32_TO_STREAM(pp, btm_cb.devcb.test_local_sign_cntr); + } + else + { + UINT32_TO_STREAM(pp, p_rec->ble.keys.local_counter); + } +#else + UINT32_TO_STREAM(pp, p_rec->ble.keys.local_counter); +#endif + /* compute local csrk */ + if (btm_get_local_div(bd_addr, &div)) + { + BTM_TRACE_DEBUG1 ("compute_csrk div=%x", div); + BTM_GetDeviceEncRoot(er); + + /* CSRK = d1(ER, DIV, 1) */ + UINT16_TO_STREAM(p, div); + UINT16_TO_STREAM(p, r); + + if (!SMP_Encrypt(er, BT_OCTET16_LEN, temp, 4, &output)) + { + BTM_TRACE_ERROR0("Local CSRK generation failed "); + } + else + { + BTM_TRACE_DEBUG0("local CSRK generation success"); + memcpy((void *)local_csrk, output.param_buf, BT_OCTET16_LEN); + + +#if BTM_BLE_CONFORMANCE_TESTING == TRUE + if (btm_cb.devcb.enable_test_local_sign_cntr) + { + UINT32_TO_STREAM(p_mac, btm_cb.devcb.test_local_sign_cntr); + } + else + { + UINT32_TO_STREAM(p_mac, p_rec->ble.keys.local_counter); + } +#else + UINT32_TO_STREAM(p_mac, p_rec->ble.keys.local_counter); +#endif + + if ((ret = AES_CMAC(local_csrk, p_buf, (UINT16)(len + 4), BTM_CMAC_TLEN_SIZE, p_mac)) == TRUE) + { + btm_ble_increment_sign_ctr(bd_addr, TRUE); + +#if BTM_BLE_CONFORMANCE_TESTING == TRUE + if ( btm_cb.devcb.enable_test_mac_val) + { + BTM_TRACE_DEBUG0 ("Use MAC value from script"); + memcpy(p_mac, btm_cb.devcb.test_mac, BTM_CMAC_TLEN_SIZE); + } +#endif + } + BTM_TRACE_DEBUG1("BTM_BleDataSignature p_mac = %d", p_mac); + BTM_TRACE_DEBUG4("p_mac[0] = 0x%02x p_mac[1] = 0x%02x p_mac[2] = 0x%02x p_mac[3] = 0x%02x", + *p_mac, *(p_mac + 1), *(p_mac + 2), *(p_mac + 3)); + BTM_TRACE_DEBUG4("p_mac[4] = 0x%02x p_mac[5] = 0x%02x p_mac[6] = 0x%02x p_mac[7] = 0x%02x", + *(p_mac + 4), *(p_mac + 5), *(p_mac + 6), *(p_mac + 7)); + + GKI_freebuf(p_buf); + } + } + } + } +#endif /* BLE_INCLUDED */ + return ret; +} + +/******************************************************************************* +** +** Function BTM_BleVerifySignature +** +** Description This function is called to verify the data signature +** +** Parameter bd_addr: target device the data to be signed for. +** p_orig: original data before signature. +** len: length of the signing data +** counter: counter used when doing data signing +** p_comp: signature to be compared against. + +** Returns TRUE if signature verified correctly; otherwise FALSE. +** +*******************************************************************************/ +BOOLEAN BTM_BleVerifySignature (BD_ADDR bd_addr, UINT8 *p_orig, UINT16 len, UINT32 counter, + UINT8 *p_comp) +{ + BOOLEAN verified = FALSE; +#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) + tBTM_SEC_DEV_REC *p_rec = btm_find_dev (bd_addr); + UINT8 p_mac[BTM_CMAC_TLEN_SIZE]; + + if (p_rec == NULL || (p_rec && !(p_rec->ble.key_type & BTM_LE_KEY_PCSRK))) + { + BTM_TRACE_ERROR0("can not verify signature for unknown device"); + } + else if (counter < p_rec->ble.keys.counter) + { + BTM_TRACE_ERROR0("signature received with out dated sign counter"); + } + else if (p_orig == NULL) + { + BTM_TRACE_ERROR0("No signature to verify"); + } + else + { + BTM_TRACE_DEBUG2 ("BTM_BleVerifySignature rcv_cnt=%d >= expected_cnt=%d", counter, p_rec->ble.keys.counter); + + if (AES_CMAC(p_rec->ble.keys.csrk, p_orig, len, BTM_CMAC_TLEN_SIZE, p_mac)) + { + if (memcmp(p_mac, p_comp, BTM_CMAC_TLEN_SIZE) == 0) + { + btm_ble_increment_sign_ctr(bd_addr, FALSE); + verified = TRUE; + } + } + } +#endif /* BLE_INCLUDED */ + return verified; +} + +#if BLE_INCLUDED == TRUE +/******************************************************************************* +** Utility functions for LE device IR/ER generation +*******************************************************************************/ +/******************************************************************************* +** +** Function btm_notify_new_key +** +** Description This function is to notify application new keys have been +** generated. +** +** Returns void +** +*******************************************************************************/ +static void btm_notify_new_key(UINT8 key_type) +{ + tBTM_BLE_LOCAL_KEYS *p_locak_keys = NULL; + + BTM_TRACE_DEBUG1 ("btm_notify_new_key key_type=%d", key_type); + + if (btm_cb.api.p_le_key_callback) + { + switch (key_type) + { + case BTM_BLE_KEY_TYPE_ID: + BTM_TRACE_DEBUG0 ("BTM_BLE_KEY_TYPE_ID"); + p_locak_keys = (tBTM_BLE_LOCAL_KEYS *)&btm_cb.devcb.id_keys; + break; + + case BTM_BLE_KEY_TYPE_ER: + BTM_TRACE_DEBUG0 ("BTM_BLE_KEY_TYPE_ER"); + p_locak_keys = (tBTM_BLE_LOCAL_KEYS *)&btm_cb.devcb.er; + break; + + default: + BTM_TRACE_ERROR1("unknown key type: %d", key_type); + break; + } + if (p_locak_keys != NULL) + (*btm_cb.api.p_le_key_callback) (key_type, p_locak_keys); + } +} + +/******************************************************************************* +** +** Function btm_ble_process_er2 +** +** Description This function is called when ER is generated, store it in +** local control block. +** +** Returns void +** +*******************************************************************************/ +static void btm_ble_process_er2(tBTM_RAND_ENC *p) +{ + BTM_TRACE_DEBUG0 ("btm_ble_process_er2"); + + if (p &&p->opcode == HCI_BLE_RAND) + { + memcpy(&btm_cb.devcb.er[8], p->param_buf, BT_OCTET8_LEN); + btm_notify_new_key(BTM_BLE_KEY_TYPE_ER); + } + else + { + BTM_TRACE_ERROR0("Generating ER2 exception."); + memset(&btm_cb.devcb.er, 0, sizeof(BT_OCTET16)); + } +} + +/******************************************************************************* +** +** Function btm_ble_process_er +** +** Description This function is called when ER is generated, store it in +** local control block. +** +** Returns void +** +*******************************************************************************/ +static void btm_ble_process_er(tBTM_RAND_ENC *p) +{ + BTM_TRACE_DEBUG0 ("btm_ble_process_er"); + + if (p &&p->opcode == HCI_BLE_RAND) + { + memcpy(&btm_cb.devcb.er[0], p->param_buf, BT_OCTET8_LEN); + + if (!btsnd_hcic_ble_rand((void *)btm_ble_process_er2)) + { + memset(&btm_cb.devcb.er, 0, sizeof(BT_OCTET16)); + BTM_TRACE_ERROR0("Generating ER2 failed."); + } + } + else + { + BTM_TRACE_ERROR0("Generating ER1 exception."); + } +} + +/******************************************************************************* +** +** Function btm_ble_process_irk +** +** Description This function is called when IRK is generated, store it in +** local control block. +** +** Returns void +** +*******************************************************************************/ +static void btm_ble_process_irk(tSMP_ENC *p) +{ + BTM_TRACE_DEBUG0 ("btm_ble_process_irk"); + if (p &&p->opcode == HCI_BLE_ENCRYPT) + { + memcpy(btm_cb.devcb.id_keys.irk, p->param_buf, BT_OCTET16_LEN); + btm_notify_new_key(BTM_BLE_KEY_TYPE_ID); + } + else + { + BTM_TRACE_ERROR0("Generating IRK exception."); + } + + /* proceed generate ER */ + if (!btsnd_hcic_ble_rand((void *)btm_ble_process_er)) + { + BTM_TRACE_ERROR0("Generating ER failed."); + } +} + +/******************************************************************************* +** +** Function btm_ble_process_dhk +** +** Description This function is called when DHK is calculated, store it in +** local control block, and proceed to generate ER, a 128-bits +** random number. +** +** Returns void +** +*******************************************************************************/ +static void btm_ble_process_dhk(tSMP_ENC *p) +{ +#if SMP_INCLUDED == TRUE + UINT8 btm_ble_irk_pt = 0x01; + tSMP_ENC output; + + BTM_TRACE_DEBUG0 ("btm_ble_process_dhk"); + + if (p && p->opcode == HCI_BLE_ENCRYPT) + { + memcpy(btm_cb.devcb.id_keys.dhk, p->param_buf, BT_OCTET16_LEN); + BTM_TRACE_DEBUG0("BLE DHK generated."); + + /* IRK = D1(IR, 1) */ + if (!SMP_Encrypt(btm_cb.devcb.id_keys.ir, BT_OCTET16_LEN, &btm_ble_irk_pt, + 1, &output)) + { + /* reset all identity root related key */ + memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS)); + } + else + { + btm_ble_process_irk(&output); + } + } + else + { + /* reset all identity root related key */ + memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS)); + } +#endif +} + +/******************************************************************************* +** +** Function btm_ble_process_ir2 +** +** Description This function is called when IR is generated, proceed to calculate +** DHK = Eir({0x03, 0, 0 ...}) +** +** +** Returns void +** +*******************************************************************************/ +static void btm_ble_process_ir2(tBTM_RAND_ENC *p) +{ +#if SMP_INCLUDED == TRUE + UINT8 btm_ble_dhk_pt = 0x03; + tSMP_ENC output; + + BTM_TRACE_DEBUG0 ("btm_ble_process_ir2"); + + if (p && p->opcode == HCI_BLE_RAND) + { + /* remembering in control block */ + memcpy(&btm_cb.devcb.id_keys.ir[8], p->param_buf, BT_OCTET8_LEN); + /* generate DHK= Eir({0x03, 0x00, 0x00 ...}) */ + + + SMP_Encrypt(btm_cb.devcb.id_keys.ir, BT_OCTET16_LEN, &btm_ble_dhk_pt, + 1, &output); + btm_ble_process_dhk(&output); + + BTM_TRACE_DEBUG0("BLE IR generated."); + } + else + { + memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS)); + } +#endif +} + +/******************************************************************************* +** +** Function btm_ble_process_ir +** +** Description This function is called when IR is generated, proceed to calculate +** DHK = Eir({0x02, 0, 0 ...}) +** +** +** Returns void +** +*******************************************************************************/ +static void btm_ble_process_ir(tBTM_RAND_ENC *p) +{ + BTM_TRACE_DEBUG0 ("btm_ble_process_ir"); + + if (p && p->opcode == HCI_BLE_RAND) + { + /* remembering in control block */ + memcpy(btm_cb.devcb.id_keys.ir, p->param_buf, BT_OCTET8_LEN); + + if (!btsnd_hcic_ble_rand((void *)btm_ble_process_ir2)) + { + BTM_TRACE_ERROR0("Generating IR2 failed."); + memset(&btm_cb.devcb.id_keys, 0, sizeof(tBTM_BLE_LOCAL_ID_KEYS)); + } + } +} + +/******************************************************************************* +** +** Function btm_ble_reset_id +** +** Description This function is called to reset LE device identity. +** +** Returns void +** +*******************************************************************************/ +void btm_ble_reset_id( void ) +{ + BTM_TRACE_DEBUG0 ("btm_ble_reset_id"); + + /* regenrate Identity Root*/ + if (!btsnd_hcic_ble_rand((void *)btm_ble_process_ir)) + { + BTM_TRACE_DEBUG0("Generating IR failed."); + } +} + +#if BTM_BLE_CONFORMANCE_TESTING == TRUE +/******************************************************************************* +** +** Function btm_ble_set_no_disc_if_pair_fail +** +** Description This function indicates that whether no disconnect of the ACL +** should be used if pairing failed +** +** Returns void +** +*******************************************************************************/ +void btm_ble_set_no_disc_if_pair_fail(BOOLEAN disable_disc ) +{ + BTM_TRACE_DEBUG1 ("btm_ble_set_disc_enable_if_pair_fail disable_disc=%d", disable_disc); + btm_cb.devcb.no_disc_if_pair_fail = disable_disc; +} + +/******************************************************************************* +** +** Function btm_ble_set_test_mac_value +** +** Description This function set test MAC value +** +** Returns void +** +*******************************************************************************/ +void btm_ble_set_test_mac_value(BOOLEAN enable, UINT8 *p_test_mac_val ) +{ + BTM_TRACE_DEBUG1 ("btm_ble_set_test_mac_value enable=%d", enable); + btm_cb.devcb.enable_test_mac_val = enable; + memcpy(btm_cb.devcb.test_mac, p_test_mac_val, BT_OCTET8_LEN); +} + +/******************************************************************************* +** +** Function btm_ble_set_test_local_sign_cntr_value +** +** Description This function set test local sign counter value +** +** Returns void +** +*******************************************************************************/ +void btm_ble_set_test_local_sign_cntr_value(BOOLEAN enable, UINT32 test_local_sign_cntr ) +{ + BTM_TRACE_DEBUG2 ("btm_ble_set_test_local_sign_cntr_value enable=%d local_sign_cntr=%d", + enable, test_local_sign_cntr); + btm_cb.devcb.enable_test_local_sign_cntr = enable; + btm_cb.devcb.test_local_sign_cntr = test_local_sign_cntr; +} + +#endif /* BTM_BLE_CONFORMANCE_TESTING */ + + +#endif /* BLE_INCLUDED */ diff --git a/stack/btm/btm_ble_addr.c b/stack/btm/btm_ble_addr.c new file mode 100644 index 0000000..08a3018 --- /dev/null +++ b/stack/btm/btm_ble_addr.c @@ -0,0 +1,371 @@ +/***************************************************************************** +** +** Name: btm_ble_addr.c +** +** Description: This file contains functions for BLE address management. +** +** +** +** Copyright (c) 1999-2010, Broadcom Corp., All Rights Reserved. +** WIDCOMM Bluetooth Core. Proprietary and confidential. +******************************************************************************/ + +#include <string.h> + +#include "bt_types.h" +#include "hcimsgs.h" +#include "btu.h" +#include "btm_int.h" + + +#if (defined BLE_INCLUDED && BLE_INCLUDED == TRUE) + #include "smp_api.h" + #define BTM_BLE_PRIVATE_ADDR_INT 900 /* 15 minutes minimum for random address refreshing */ + +/******************************************************************************* +** +** Function btm_gen_resolve_paddr_cmpl +** +** Description This is callback functioin when resolvable private address +** generation is complete. +** +** Returns void +** +*******************************************************************************/ +static void btm_gen_resolve_paddr_cmpl(tSMP_ENC *p) +{ + tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb; + tBTM_BLE_INQ_CB *p_inq_cb = &btm_cb.ble_ctr_cb.inq_var; + BTM_TRACE_EVENT0 ("btm_gen_resolve_paddr_cmpl"); + if (p && p->param_buf) + { + /* get the high bytes of the random address */ + p_cb->private_addr[2] = p->param_buf[0]; + p_cb->private_addr[1] = p->param_buf[1]; + p_cb->private_addr[0] = p->param_buf[2]; + /* mask off the 1st MSB */ + p_cb->private_addr[0] &= 0xfe; + /* set the 2nd MSB to be 1 */ + p_cb->private_addr[0] |= 0x02; + /* set it to controller */ + btsnd_hcic_ble_set_random_addr(p_cb->private_addr); + + p_inq_cb->own_addr_type = BLE_ADDR_RANDOM; + + /* start a periodical timer to refresh random addr */ + btu_stop_timer(&p_cb->raddr_timer_ent); + btu_start_timer (&p_cb->raddr_timer_ent, BTU_TTYPE_BLE_RANDOM_ADDR, + BTM_BLE_PRIVATE_ADDR_INT); + + /* if adv is active, restart adv with new private addr */ + if (p_inq_cb->adv_mode == BTM_BLE_ADV_ENABLE) + { + btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_DISABLE); + + btsnd_hcic_ble_write_adv_params (p_inq_cb->adv_interval_min, + p_inq_cb->adv_interval_max, + p_inq_cb->evt_type, + p_inq_cb->own_addr_type, + p_inq_cb->direct_bda.type, + p_inq_cb->direct_bda.bda, + p_inq_cb->adv_chnl_map, + p_inq_cb->afp); + } + } + else + { + /* random address set failure */ + BTM_TRACE_DEBUG0("set random address failed"); + } +} +/******************************************************************************* +** +** Function btm_gen_resolve_paddr_low +** +** Description This function is called when random address has generate the +** random number base for low 3 byte bd address. +** +** Returns void +** +*******************************************************************************/ +static void btm_gen_resolve_paddr_low(tBTM_RAND_ENC *p) +{ +#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) + tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb; + tSMP_ENC output; + + BTM_TRACE_EVENT0 ("btm_gen_resolve_paddr_low"); + if (p && p->param_buf) + { + p_cb->private_addr[5] = p->param_buf[0]; + p_cb->private_addr[4] = p->param_buf[1]; + p_cb->private_addr[3] = p->param_buf[2]; + + /* encrypt with ur IRK */ + if (!SMP_Encrypt(btm_cb.devcb.id_keys.irk, BT_OCTET16_LEN, p->param_buf, 3, &output)) + { + btm_gen_resolve_paddr_cmpl(NULL); + } + else + { + btm_gen_resolve_paddr_cmpl(&output); + } + } +#endif +} +/******************************************************************************* +** +** Function btm_gen_resolvable_private_addr +** +** Description This function generate a resolvable private address. +** +** Returns void +** +*******************************************************************************/ +void btm_gen_resolvable_private_addr (void) +{ + BTM_TRACE_EVENT0 ("btm_gen_resolvable_private_addr"); + /* generate 3B rand as BD LSB, SRK with it, get BD MSB */ + if (!btsnd_hcic_ble_rand((void *)btm_gen_resolve_paddr_low)) + btm_gen_resolve_paddr_cmpl(NULL); +} +/******************************************************************************* +** +** Function btm_gen_non_resolve_paddr_cmpl +** +** Description This is the callback function when non-resolvable private +** function is generated and write to controller. +** +** Returns void +** +*******************************************************************************/ +static void btm_gen_non_resolve_paddr_cmpl(tBTM_RAND_ENC *p) +{ + tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb; + UINT8 *pp; + BTM_TRACE_EVENT0 ("btm_gen_non_resolve_paddr_cmpl"); + if (p && p->param_buf) + { + pp = p->param_buf; + STREAM_TO_BDADDR(p_cb->private_addr, pp); + /* mask off the 2 MSB */ + p_cb->private_addr[0] &= 0xfc; + /* write to controller */ + btsnd_hcic_ble_set_random_addr(p_cb->private_addr); + + btm_cb.ble_ctr_cb.inq_var.own_addr_type = BLE_ADDR_RANDOM; + } + else + { + BTM_TRACE_DEBUG0("btm_gen_non_resolvable_private_addr failed"); + } +} +/******************************************************************************* +** +** Function btm_gen_non_resolvable_private_addr +** +** Description This function generate a non-resolvable private address. +** +** +** Returns void +** +*******************************************************************************/ +void btm_gen_non_resolvable_private_addr (void) +{ + BTM_TRACE_EVENT0 ("btm_gen_non_resolvable_private_addr"); + if (!btsnd_hcic_ble_rand((void *)btm_gen_non_resolve_paddr_cmpl)) + { + btm_gen_non_resolve_paddr_cmpl(NULL); + } +} + #if SMP_INCLUDED == TRUE +/******************************************************************************* +** Utility functions for Random address resolving +*******************************************************************************/ +/******************************************************************************* +** +** Function btm_ble_resolve_address_cmpl +** +** Description This function sends the random address resolving complete +** callback. +** +** Returns None. +** +*******************************************************************************/ +static void btm_ble_resolve_address_cmpl(void) +{ + tBTM_LE_RANDOM_CB *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb; + tBTM_SEC_DEV_REC *p_dev_rec = NULL; + + BTM_TRACE_EVENT0 ("btm_ble_resolve_address_cmpl"); + if (p_mgnt_cb->index < BTM_SEC_MAX_DEVICE_RECORDS) + p_dev_rec = &btm_cb.sec_dev_rec[p_mgnt_cb->index]; + + p_mgnt_cb->busy = FALSE; + + (* p_mgnt_cb->p_resolve_cback)(p_dev_rec, p_mgnt_cb->p); +} +/******************************************************************************* +** +** Function btm_ble_proc_resolve_x +** +** Description This function compares the X with random address 3 MSO bytes +** to find a match, if not match, continue for next record. +** +** Returns None. +** +*******************************************************************************/ +static BOOLEAN btm_ble_proc_resolve_x(tSMP_ENC *p) +{ + tBTM_LE_RANDOM_CB *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb; + UINT8 comp[3]; + BTM_TRACE_EVENT0 ("btm_ble_proc_resolve_x"); + /* compare the hash with 3 LSB of bd address */ + comp[0] = p_mgnt_cb->random_bda[5]; + comp[1] = p_mgnt_cb->random_bda[4]; + comp[2] = p_mgnt_cb->random_bda[3]; + + if (p && p->param_buf) + { + if (!memcmp(p->param_buf, &comp[0], 3)) + { + /* match is found */ + BTM_TRACE_EVENT0 ("match is found"); + btm_ble_resolve_address_cmpl(); + return TRUE; + } + } + return FALSE; +} +/******************************************************************************* +** +** Function btm_ble_match_random_bda +** +** Description This function match the random address to the appointed device +** record, starting from calculating IRK. If record index exceed +** the maximum record number, matching failed and send callback. +** +** Returns None. +** +*******************************************************************************/ +static BOOLEAN btm_ble_match_random_bda(UINT16 rec_index) +{ +#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) + tBTM_SEC_DEV_REC *p_dev_rec; + tBTM_LE_RANDOM_CB *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb; + UINT8 rand[3]; + tSMP_ENC output; + + /* use the 3 MSB of bd address as prand */ + rand[0] = p_mgnt_cb->random_bda[2]; + rand[1] = p_mgnt_cb->random_bda[1]; + rand[2] = p_mgnt_cb->random_bda[0]; + + BTM_TRACE_EVENT1("btm_ble_match_random_bda rec_index = %d", rec_index); + + if (rec_index < BTM_SEC_MAX_DEVICE_RECORDS) + { + p_dev_rec = &btm_cb.sec_dev_rec[rec_index]; + + BTM_TRACE_ERROR2("sec_flags = %02x device_type = %d", p_dev_rec->sec_flags, p_dev_rec->device_type); + + if ((p_dev_rec->device_type == BT_DEVICE_TYPE_BLE) && + (p_dev_rec->ble.key_type & BTM_LE_KEY_PID)) + { + /* generate X = E irk(R0, R1, R2) and R is random address 3 LSO */ + SMP_Encrypt(p_dev_rec->ble.keys.irk, BT_OCTET16_LEN, + &rand[0], 3, &output); + return btm_ble_proc_resolve_x(&output); + } + else + { + // not completed + return FALSE; + } + } + else /* no match found */ + { + btm_ble_resolve_address_cmpl(); + return TRUE; + } +#endif +} + +/******************************************************************************* +** +** Function btm_ble_resolve_random_addr +** +** Description This function is called to resolve a random address. +** +** Returns pointer to the security record of the device whom a random +** address is matched to. +** +*******************************************************************************/ +void btm_ble_resolve_random_addr(BD_ADDR random_bda, tBTM_BLE_RESOLVE_CBACK * p_cback, void *p) +{ + tBTM_LE_RANDOM_CB *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb; + + BTM_TRACE_EVENT0 ("btm_ble_resolve_random_addr"); + if ( !p_mgnt_cb->busy) + { + p_mgnt_cb->p = p; + p_mgnt_cb->busy = TRUE; + p_mgnt_cb->index = 0; + p_mgnt_cb->p_resolve_cback = p_cback; + memcpy(p_mgnt_cb->random_bda, random_bda, BD_ADDR_LEN); + /* start to resolve random address */ + /* check for next security record */ + while (TRUE) + { + if (btm_ble_match_random_bda(p_mgnt_cb->index++)) + { + // match found or went through the list + break; + } + } + } + else + (*p_cback)(NULL, p); +} + #endif +/******************************************************************************* +** address mapping between pseudo address and real connection address +*******************************************************************************/ +/******************************************************************************* +** +** Function btm_ble_map_bda_to_conn_bda +** +** Description This function map a BD address to the real connection address +** and return the connection address type. +*******************************************************************************/ +tBLE_ADDR_TYPE btm_ble_map_bda_to_conn_bda(BD_ADDR bd_addr) +{ + tBTM_SEC_DEV_REC *p_dev_rec = NULL; + BTM_TRACE_EVENT0 ("btm_ble_map_bda_to_conn_bda"); + if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL && + p_dev_rec->device_type == BT_DEVICE_TYPE_BLE) + { + if (p_dev_rec->ble.ble_addr_type != BLE_ADDR_PUBLIC) + { + memcpy(bd_addr, p_dev_rec->ble.static_addr, BD_ADDR_LEN); + } + return p_dev_rec->ble.ble_addr_type; + } + else + return BLE_ADDR_PUBLIC; +} +/******************************************************************************* +** +** Function btm_ble_map_bda_to_pseudo_bda +** +** Description This function map a BD address to a pseudo address when the +** address given is a random address. +** +*******************************************************************************/ +void btm_ble_map_bda_to_pseudo_bda(BD_ADDR bd_addr) +{ + BTM_TRACE_EVENT0 ("btm_ble_map_bda_to_pseudo_bda"); +} +#endif + + diff --git a/stack/btm/btm_ble_bgconn.c b/stack/btm/btm_ble_bgconn.c new file mode 100644 index 0000000..bf574ab --- /dev/null +++ b/stack/btm/btm_ble_bgconn.c @@ -0,0 +1,604 @@ +/***************************************************************************** +** +** Name: btm_ble_bgconn.c +** +** Description: This file contains functions for BLE whitelist operation. +** +** +** +** Copyright (c) 1999-2010, Broadcom Corp., All Rights Reserved. +** WIDCOMM Bluetooth Core. Proprietary and confidential. +******************************************************************************/ + +#include <string.h> + +#include "bt_types.h" +#include "btu.h" +#include "btm_int.h" +#include "l2c_int.h" +#include "hcimsgs.h" + +#ifndef BTM_BLE_SCAN_PARAM_TOUT +#define BTM_BLE_SCAN_PARAM_TOUT 50 /* 50 seconds */ +#endif + +#if (BLE_INCLUDED == TRUE) +/******************************************************************************* +** +** Function btm_update_scanner_filter_policy +** +** Description This function update the filter policy of scnner or advertiser. +*******************************************************************************/ +void btm_update_scanner_filter_policy(tBTM_BLE_SFP scan_policy) +{ + tBTM_BLE_INQ_CB *p_inq = &btm_cb.ble_ctr_cb.inq_var; + BTM_TRACE_EVENT0 ("btm_update_scanner_filter_policy"); + btm_cb.ble_ctr_cb.inq_var.sfp = scan_policy; + + btsnd_hcic_ble_set_scan_params ((UINT8)((p_inq->scan_type == BTM_BLE_SCAN_MODE_NONE) ? BTM_BLE_SCAN_MODE_ACTI: p_inq->scan_type), + (UINT16)(!p_inq->scan_interval ? BTM_BLE_GAP_DISC_SCAN_INT : p_inq->scan_interval), + (UINT16)(!p_inq->scan_window ? BTM_BLE_GAP_DISC_SCAN_WIN : p_inq->scan_window), + BLE_ADDR_PUBLIC, + scan_policy); +} +/******************************************************************************* +** +** Function btm_update_adv_filter_policy +** +** Description This function update the filter policy of scnner or advertiser. +*******************************************************************************/ +void btm_update_adv_filter_policy(tBTM_BLE_AFP adv_policy) +{ + tBTM_BLE_INQ_CB *p_cb = &btm_cb.ble_ctr_cb.inq_var; + BTM_TRACE_EVENT0 ("btm_update_adv_filter_policy"); + p_cb->afp = adv_policy; +} +/******************************************************************************* +** +** Function btm_update_dev_to_white_list +** +** Description This function adds a device into white list. +*******************************************************************************/ +BOOLEAN btm_update_dev_to_white_list(BOOLEAN to_add, BD_ADDR bd_addr, tBLE_ADDR_TYPE addr_type) +{ + /* look up the sec device record, and find the address */ + tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb; + tBTM_SEC_DEV_REC *p_dev_rec; + BD_ADDR dummy_bda = {0}; + BOOLEAN started = FALSE, suspend = FALSE; + + if (btm_cb.btm_inq_vars.inq_active) + { + suspend = TRUE; + btsnd_hcic_ble_set_scan_enable (BTM_BLE_SCAN_DISABLE, BTM_BLE_DUPLICATE_ENABLE); + } + + if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL && + p_dev_rec->device_type == BT_DEVICE_TYPE_BLE) + { + BTM_TRACE_DEBUG0("btm_update_dev_to_white_list 1"); + + if ((to_add && p_cb->num_empty_filter == 0) || + (!to_add && p_cb->num_empty_filter == p_cb->max_filter_entries)) + { + BTM_TRACE_ERROR1("num_entry available in controller: %d", p_cb->num_empty_filter); + return started; + } + + + if ( p_dev_rec->ble.ble_addr_type == BLE_ADDR_PUBLIC) + { + if (to_add) + started = btsnd_hcic_ble_add_white_list (BLE_ADDR_PUBLIC, bd_addr); + else + started = btsnd_hcic_ble_remove_from_white_list (BLE_ADDR_PUBLIC, bd_addr); + } + else + { + if (BLE_ADDR_IS_STATIC(bd_addr)) + { + if (to_add) + started = btsnd_hcic_ble_add_white_list (BLE_ADDR_RANDOM, bd_addr); + else + started = btsnd_hcic_ble_remove_from_white_list (BLE_ADDR_RANDOM, bd_addr); + + } + if (memcmp(p_dev_rec->ble.reconn_addr, dummy_bda, BD_ADDR_LEN) != 0) + { + if (to_add) + started = btsnd_hcic_ble_add_white_list (BLE_ADDR_RANDOM, p_dev_rec->ble.reconn_addr); + else + started = btsnd_hcic_ble_remove_from_white_list (BLE_ADDR_RANDOM, p_dev_rec->ble.reconn_addr); + } + } + } + /* if not a known device, shall we add it? */ + else + { + if (to_add) + started = btsnd_hcic_ble_add_white_list (addr_type, bd_addr); + else + started = btsnd_hcic_ble_remove_from_white_list (addr_type, bd_addr); + } + + if (suspend) + { + btsnd_hcic_ble_set_scan_enable (BTM_BLE_SCAN_ENABLE, BTM_BLE_DUPLICATE_DISABLE); + } + + return started; +} +/******************************************************************************* +** +** Function btm_ble_clear_white_list +** +** Description This function clears the white list. +*******************************************************************************/ +void btm_ble_clear_white_list (void) +{ + BTM_TRACE_EVENT0 ("btm_ble_clear_white_list"); + btsnd_hcic_ble_clear_white_list(); +} + +/******************************************************************************* +** +** Function btm_ble_clear_white_list_complete +** +** Description This function clears the white list complete. +*******************************************************************************/ +void btm_ble_clear_white_list_complete(UINT8 *p_data, UINT16 evt_len) +{ + tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb; + UINT8 status; + BTM_TRACE_EVENT0 ("btm_ble_clear_white_list_complete"); + STREAM_TO_UINT8 (status, p_data); + + if (status == HCI_SUCCESS) + p_cb->num_empty_filter = p_cb->max_filter_entries; + +} +/******************************************************************************* +** +** Function btm_ble_add_2_white_list_complete +** +** Description This function read the current white list size. +*******************************************************************************/ +void btm_ble_add_2_white_list_complete(UINT8 *p, UINT16 evt_len) +{ + tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb; + BTM_TRACE_EVENT0 ("btm_ble_add_2_white_list_complete"); + + if (*p == HCI_SUCCESS) + { + p_cb->num_empty_filter --; + } +} +/******************************************************************************* +** +** Function btm_ble_add_2_white_list_complete +** +** Description This function read the current white list size. +*******************************************************************************/ +void btm_ble_remove_from_white_list_complete(UINT8 *p, UINT16 evt_len) +{ + tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb; + BTM_TRACE_EVENT0 ("btm_ble_remove_from_white_list_complete"); + if (*p == HCI_SUCCESS) + { + p_cb->num_empty_filter ++; + } +} +/******************************************************************************* +** +** Function btm_ble_find_dev_in_whitelist +** +** Description This function check if the device is in the white list +*******************************************************************************/ +BOOLEAN btm_ble_find_dev_in_whitelist(BD_ADDR bd_addr) +{ + tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb; + UINT8 i; + + BTM_TRACE_EVENT0 ("btm_ble_find_dev_in_whitelist"); + + /* empty wl */ + if (p_cb->num_empty_filter == p_cb->max_filter_entries) + { + BTM_TRACE_DEBUG0("white list empty"); + return FALSE; + } + + for (i = 0; i < BTM_BLE_MAX_BG_CONN_DEV_NUM && i < p_cb->max_filter_entries; i ++) + { + if (memcmp(p_cb->bg_conn_dev_list[i], bd_addr, BD_ADDR_LEN) == 0) + return TRUE; + } + return FALSE; +} +/******************************************************************************* +** +** Function btm_ble_count_unconn_dev_in_whitelist +** +** Description This function check the number of unconnected device in white list. +*******************************************************************************/ +UINT8 btm_ble_count_unconn_dev_in_whitelist(void) +{ + tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb; + UINT8 count = 0, i; + BD_ADDR dummy_bda ={0}; + + BTM_TRACE_EVENT0 ("btm_ble_find_dev_in_whitelist"); + + for (i = 0; i < BTM_BLE_MAX_BG_CONN_DEV_NUM && i < p_cb->max_filter_entries; i ++) + { + if (memcmp(p_cb->bg_conn_dev_list[i], dummy_bda, BD_ADDR_LEN) != 0 && + !BTM_IsAclConnectionUp(p_cb->bg_conn_dev_list[i])) + { + count ++; + } + } + return count; +} +/******************************************************************************* +** +** Function btm_update_bg_conn_list +** +** Description This function update the local background connection device list. +*******************************************************************************/ +BOOLEAN btm_update_bg_conn_list(BOOLEAN to_add, BD_ADDR bd_addr) +{ + tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb; + UINT8 i; + BD_ADDR dummy_bda = {0}; + BTM_TRACE_EVENT0 ("btm_update_bg_conn_list"); + if ((to_add && (p_cb->bg_conn_dev_num == BTM_BLE_MAX_BG_CONN_DEV_NUM || p_cb->num_empty_filter == 0)) || + (!to_add && p_cb->num_empty_filter == p_cb->max_filter_entries)) + { + BTM_TRACE_DEBUG1("num_empty_filter = %d", p_cb->num_empty_filter); + return FALSE; + } + + for (i = 0; i < BTM_BLE_MAX_BG_CONN_DEV_NUM && i < p_cb->max_filter_entries; i ++) + { + /* to add */ + if (memcmp(p_cb->bg_conn_dev_list[i], dummy_bda, BD_ADDR_LEN) == 0 && to_add) + { + memcpy(p_cb->bg_conn_dev_list[i], bd_addr, BD_ADDR_LEN); + p_cb->bg_conn_dev_num ++; + return TRUE; + } + /* to remove */ + if (!to_add && memcmp(p_cb->bg_conn_dev_list[i], bd_addr, BD_ADDR_LEN) == 0) + { + memset(p_cb->bg_conn_dev_list[i], 0, BD_ADDR_LEN); + p_cb->bg_conn_dev_num --; + return TRUE; + } + } + return FALSE; +} +/******************************************************************************* +** +** Function btm_write_bg_conn_wl +** +** Description This function write background connection device list into +** controller. +*******************************************************************************/ +void btm_write_bg_conn_wl(void) +{ + tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb; + UINT8 i; + BTM_TRACE_EVENT0 ("btm_write_bg_conn_wl"); + btm_ble_clear_white_list(); + + for (i = 0; i < p_cb->bg_conn_dev_num; i ++) + { + if (!btm_update_dev_to_white_list(TRUE, p_cb->bg_conn_dev_list[i], BLE_ADDR_PUBLIC)) + break; + } + return; +} +/******************************************************************************* +** +** Function btm_ble_start_auto_conn +** +** Description This function is to start/stop auto connection procedure. +** +** Parameters start: TRUE to start; FALSE to stop. +** +** Returns void +** +*******************************************************************************/ +BOOLEAN btm_ble_start_auto_conn(BOOLEAN start) +{ + tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb; + BD_ADDR dummy_bda = {0}; + BOOLEAN exec = TRUE; + UINT16 scan_int, scan_win; + + scan_int = (p_cb->scan_int == BTM_BLE_CONN_PARAM_UNDEF) ? BTM_BLE_CONN_EST_SCAN_INT : p_cb->scan_int; + scan_win = (p_cb->scan_win == BTM_BLE_CONN_PARAM_UNDEF) ? BTM_BLE_CONN_EST_SCAN_WIND : p_cb->scan_win; + + if (start) + { + if (!l2cb.is_ble_connecting && + btm_ble_count_unconn_dev_in_whitelist() > 0) + { + if (p_cb->bg_conn_state != BLE_BG_CONN_ACTIVE && p_cb->bg_conn_dev_num > 0) + { + if (!btsnd_hcic_ble_create_ll_conn (scan_int, /* UINT16 scan_int */ + scan_win, /* UINT16 scan_win */ + 0x01, /* UINT8 white_list */ + BLE_ADDR_PUBLIC, /* UINT8 addr_type_peer */ + dummy_bda, /* BD_ADDR bda_peer */ + BLE_ADDR_PUBLIC, /* UINT8 addr_type_own */ + BTM_BLE_CONN_INT_MIN_DEF, /* UINT16 conn_int_min */ + BTM_BLE_CONN_INT_MAX_DEF, /* UINT16 conn_int_max */ + BTM_BLE_CONN_SLAVE_LATENCY_DEF, /* UINT16 conn_latency */ + BTM_BLE_CONN_TIMEOUT_DEF, /* UINT16 conn_timeout */ + 0, /* UINT16 min_len */ + 0)) /* UINT16 max_len */ + { + /* start auto connection failed */ + exec = FALSE; + } + else + { + p_cb->bg_conn_state = BLE_BG_CONN_ACTIVE; + } + } + } + else + exec = FALSE; + } + else + { + if (p_cb->bg_conn_state == BLE_BG_CONN_ACTIVE) + { + if (!btsnd_hcic_ble_create_conn_cancel()) + exec = FALSE; + else + p_cb->bg_conn_state = BLE_BG_CONN_IDLE; + } + } + return exec; +} + +/******************************************************************************* +** +** Function btm_ble_start_select_conn +** +** Description This function is to start/stop selective connection procedure. +** +** Parameters start: TRUE to start; FALSE to stop. +** p_select_cback: callback function to return application +** selection. +** +** Returns BOOLEAN: selective connectino procedure is started. +** +*******************************************************************************/ +BOOLEAN btm_ble_start_select_conn(BOOLEAN start,tBTM_BLE_SEL_CBACK *p_select_cback) +{ + tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb; + UINT16 scan_int, scan_win; + + BTM_TRACE_EVENT0 ("btm_ble_start_select_conn"); + + scan_int = (p_cb->scan_int == BTM_BLE_CONN_PARAM_UNDEF) ? BTM_BLE_CONN_EST_SCAN_INT : p_cb->scan_int; + scan_win = (p_cb->scan_win == BTM_BLE_CONN_PARAM_UNDEF) ? BTM_BLE_CONN_EST_SCAN_WIND : p_cb->scan_win; + + if (start) + { + if (!btm_cb.btm_inq_vars.inq_active) + { + btm_cb.ble_ctr_cb.p_select_cback = p_select_cback; + + btm_update_scanner_filter_policy(SP_ADV_WL); + + if (!btsnd_hcic_ble_set_scan_params(BTM_BLE_SCAN_MODE_PASS, /* use passive scan by default */ + scan_int, /* scan interval */ + scan_win, /* scan window */ + BLE_ADDR_PUBLIC, /* own device, DUMO always use public */ + SP_ADV_WL) /* process advertising packets only from devices in the White List */ + ) + return FALSE; + + if (p_cb->inq_var.adv_mode == BTM_BLE_ADV_ENABLE) + { + BTM_TRACE_ERROR0("peripheral device cannot initiate a selective connection"); + return FALSE; + } + else if (p_cb->bg_conn_dev_num > 0 && btm_ble_count_unconn_dev_in_whitelist() > 0 ) + { + + if (!btsnd_hcic_ble_set_scan_enable(TRUE, TRUE)) /* duplicate filtering enabled */ + return FALSE; + + /* mark up inquiry status flag */ + btm_cb.btm_inq_vars.inq_active = TRUE; + btm_cb.ble_ctr_cb.inq_var.proc_mode = BTM_BLE_SELECT_SCAN; + + p_cb->bg_conn_state = BLE_BG_CONN_ACTIVE; + + } + } + else + { + BTM_TRACE_ERROR0("scan active, can not start selective connection procedure"); + return FALSE; + } + } + else /* disable selective connection mode */ + { + p_cb->p_select_cback = NULL; + btm_cb.btm_inq_vars.inq_active = FALSE; + btm_cb.ble_ctr_cb.inq_var.proc_mode = BTM_BLE_INQUIRY_NONE; + + btm_update_scanner_filter_policy(SP_ADV_ALL); + + /* stop scanning */ + if (p_cb->bg_conn_dev_num > 0) + { + if (!btsnd_hcic_ble_set_scan_enable(FALSE, TRUE)) /* duplicate filtering enabled */ + return FALSE; + } + } + return TRUE; +} +/******************************************************************************* +** +** Function btm_ble_initiate_select_conn +** +** Description This function is to start/stop selective connection procedure. +** +** Parameters start: TRUE to start; FALSE to stop. +** p_select_cback: callback function to return application +** selection. +** +** Returns BOOLEAN: selective connectino procedure is started. +** +*******************************************************************************/ +void btm_ble_initiate_select_conn(BD_ADDR bda) +{ + UINT8 addr_type; + BTM_TRACE_EVENT0 ("btm_ble_initiate_select_conn"); + addr_type = btm_ble_map_bda_to_conn_bda(bda); + + /* use direct connection procedure to initiate connection */ + if (!L2CA_ConnectFixedChnl(L2CAP_ATT_CID, bda)) + { + BTM_TRACE_ERROR0("btm_ble_initiate_select_conn failed"); + } +} +/******************************************************************************* +** +** Function btm_ble_suspend_bg_sele_conn +** +** Description This function is to suspend an active background connection +** procedure. +** +** Parameters none. +** +** Returns none. +** +*******************************************************************************/ +void btm_ble_suspend_bg_sele_conn(void) +{ + tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb; + BTM_TRACE_EVENT0 ("btm_ble_suspend_bg_sele_conn"); + + if (p_cb->bg_conn_type == BTM_BLE_CONN_SELECTIVE) + { + p_cb->bg_conn_state = BLE_BG_CONN_SUSPEND; + btm_ble_start_select_conn(FALSE, NULL); + } +} +/******************************************************************************* +** +** Function btm_ble_suspend_bg_conn +** +** Description This function is to suspend an active background connection +** procedure. +** +** Parameters none. +** +** Returns none. +** +*******************************************************************************/ +void btm_ble_suspend_bg_conn(void) +{ + tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb; + BTM_TRACE_EVENT0 ("btm_ble_suspend_bg_conn"); + + if (p_cb->bg_conn_type == BTM_BLE_CONN_AUTO) + { + if (btm_ble_start_auto_conn(FALSE)) + p_cb->bg_conn_state = BLE_BG_CONN_SUSPEND; + } +} +/******************************************************************************* +** +** Function btm_ble_scan_param_idle +** +** Description This function is to process the scan parameter idle timeout +** timeout. +********************************************************************************/ +void btm_ble_scan_param_idle(void) +{ + BTM_BleSetConnScanParams(BTM_BLE_CONN_EST_SCAN_INT_LO, BTM_BLE_CONN_EST_SCAN_WIND_LO); +} +/******************************************************************************* +** +** Function btm_ble_resume_bg_conn +** +** Description This function is to resume a background auto connection +** procedure. +** +** Parameters none. +** +** Returns none. +** +*******************************************************************************/ +BOOLEAN btm_ble_resume_bg_conn(tBTM_BLE_SEL_CBACK *p_sele_callback, BOOLEAN def_param) +{ + tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb; + BOOLEAN ret = FALSE; + + if (p_cb->bg_conn_state != BLE_BG_CONN_ACTIVE ) + { + if (def_param) + { + p_cb->scan_int = BTM_BLE_CONN_PARAM_UNDEF; + p_cb->scan_win = BTM_BLE_CONN_PARAM_UNDEF; + + /* start scan param idle timer */ + btu_start_timer(&p_cb->scan_param_idle_timer, + BTU_TTYPE_BLE_SCAN_PARAM_IDLE, + BTM_BLE_SCAN_PARAM_TOUT); + } + + if (p_cb->bg_conn_type == BTM_BLE_CONN_AUTO) + ret = btm_ble_start_auto_conn(TRUE); + + if (p_cb->bg_conn_type == BTM_BLE_CONN_SELECTIVE) + { + /* terminate selective connection mode if all devices are connected */ + if (btm_ble_count_unconn_dev_in_whitelist() == 0) + { + btsnd_hcic_ble_set_scan_enable (BTM_BLE_SCAN_DISABLE, BTM_BLE_DUPLICATE_DISABLE); + btm_cb.ble_ctr_cb.inq_var.proc_mode = BTM_BLE_INQUIRY_NONE; + btm_cb.btm_inq_vars.inq_active = FALSE; + } + else if (!btm_cb.btm_inq_vars.inq_active) + btm_ble_start_select_conn(TRUE, btm_cb.ble_ctr_cb.p_select_cback); + } + + if (ret) + p_cb->bg_conn_state = BLE_BG_CONN_ACTIVE; + + } + + return ret; +} +/******************************************************************************* +** +** Function btm_ble_update_bg_state +** +** Description This function is to update the bg connection status. +** +** Parameters none. +** +** Returns none. +** +*******************************************************************************/ +void btm_ble_update_bg_state(void) +{ + tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb; + + if (!l2cb.is_ble_connecting && (p_cb->bg_conn_state != BLE_BG_CONN_SUSPEND)) + p_cb->bg_conn_state = BLE_BG_CONN_IDLE; + +} + +#endif + diff --git a/stack/btm/btm_ble_gap.c b/stack/btm/btm_ble_gap.c new file mode 100644 index 0000000..9092d5d --- /dev/null +++ b/stack/btm/btm_ble_gap.c @@ -0,0 +1,2072 @@ +/***************************************************************************** +** +** Name: btm_ble_gap.c +** +** Description: This file contains functions for BLE GAP. +** +** +** +** Copyright (c) 2008-2011, Broadcom Corp., All Rights Reserved. +** Broadcom Bluetooth Core. Proprietary and confidential. +******************************************************************************/ + +#include <string.h> +#include <stdio.h> +#include <stddef.h> + +#include "bt_types.h" +#include "btu.h" +#include "btm_int.h" +#include "hcimsgs.h" +#if (GAP_INCLUDED == TRUE) +#include "gap_api.h" +#endif + +#if (BLE_INCLUDED == TRUE) +#define BTM_BLE_NAME_SHORT 0x01 +#define BTM_BLE_NAME_CMPL 0x02 + +#define BTM_BLE_FILTER_TARGET_UNKNOWN 0xff +#define BTM_BLE_POLICY_UNKNOWN 0xff + +#define BLE_RESOLVE_ADDR_MSB 0x40 /* most significant bit, bit7, bit6 is 01 to be resolvable random */ +#define BLE_RESOLVE_ADDR_MASK 0xc0 /* bit 6, and bit7 */ +#define BTM_BLE_IS_RESOLVE_BDA(x) ((x[0] & BLE_RESOLVE_ADDR_MASK) == BLE_RESOLVE_ADDR_MSB) + +#define BTM_EXT_BLE_RMT_NAME_TIMEOUT 30 +static tBLE_BD_ADDR le_bda_any ={BLE_ADDR_PUBLIC, {0x00,0x00,0x00,0x00,0x00,0x00}}; + + +#define BTM_BLE_VALID_CONN_DIRECT(x) (memcmp(&le_bda_any, x, sizeof(tBLE_BD_ADDR)) != 0) + +/******************************************************************************* +** Local functions +*******************************************************************************/ +static void btm_ble_update_adv_flag(UINT8 flag); +static void btm_ble_process_adv_pkt_cont(BD_ADDR bda, UINT8 addr_type, UINT8 evt_type, UINT8 *p); +static UINT8 *btm_ble_build_adv_data(tBTM_BLE_AD_MASK *p_data_mask, UINT8 **p_dst, tBTM_BLE_ADV_DATA *p_data); + + + + + + + + +/******************************************************************************* +** +** Function BTM_BleReset +** +** Description This function is called to reset ULP controller. +** +** Parameters None. +** +** Returns void +** +*******************************************************************************/ +void BTM_BleReset(void) +{ + btsnd_hcic_ble_reset(); +} + +/******************************************************************************* +** +** Function BTM_BleObserve +** +** Description This procedure keep the device listening for advertising +** events from a broadcast device. +** +** Parameters start: start or stop observe. +** white_list: use white list in observer mode or not. +** +** Returns void +** +*******************************************************************************/ +tBTM_STATUS BTM_BleObserve(BOOLEAN start, UINT8 duration, + tBTM_INQ_RESULTS_CB *p_results_cb, tBTM_CMPL_CB *p_cmpl_cb) +{ + tBTM_BLE_INQ_CB *p_inq = &btm_cb.ble_ctr_cb.inq_var; + tBTM_STATUS status = BTM_NO_RESOURCES; + + BTM_TRACE_EVENT0 ("BTM_BleObserve "); + + if (start) + { + if (p_inq->proc_mode != BTM_BLE_INQUIRY_NONE) + return BTM_BUSY; + + btm_cb.btm_inq_vars.p_inq_results_cb = p_results_cb; + btm_cb.btm_inq_vars.p_inq_cmpl_cb = p_cmpl_cb; + + /* allow config scanning type */ + if (btsnd_hcic_ble_set_scan_params ((UINT8)((p_inq->scan_type == BTM_BLE_SCAN_MODE_NONE) ? BTM_BLE_SCAN_MODE_ACTI: p_inq->scan_type), + (UINT16)(!p_inq->scan_interval ? BTM_BLE_GAP_DISC_SCAN_INT : p_inq->scan_interval), + (UINT16)(!p_inq->scan_window ? BTM_BLE_GAP_DISC_SCAN_WIN : p_inq->scan_window), + BLE_ADDR_PUBLIC, + BTM_BLE_DEFAULT_SFP)) /* assume observe always not using white list */ + { + /* start scan, disable duplicate filtering */ + if (btsnd_hcic_ble_set_scan_enable (BTM_BLE_SCAN_ENABLE, BTM_BLE_DUPLICATE_DISABLE)) + { + status = BTM_SUCCESS; + p_inq->proc_mode = BTM_BLE_OBSERVE; + btm_cb.btm_inq_vars.inq_active = TRUE; + + if (duration != 0) + { + /* start inquiry timer */ + btu_start_timer (&p_inq->inq_timer_ent, BTU_TTYPE_BLE_INQUIRY, duration); + } + } + } + } + else if (p_inq->proc_mode == BTM_BLE_OBSERVE) + { + btm_ble_stop_scan(); + } + + return status; +} + +/******************************************************************************* +** +** Function BTM_BleBroadcast +** +** Description This function is to start or stop broadcasting. +** +** Parameters start: start or stop broadcasting. +** +** Returns status. +** +*******************************************************************************/ +tBTM_STATUS BTM_BleBroadcast(BOOLEAN start) +{ + tBTM_STATUS status = BTM_NO_RESOURCES; + tBTM_BLE_INQ_CB *p_cb = &btm_cb.ble_ctr_cb.inq_var; + UINT8 evt_type = p_cb->scan_rsp ? BTM_BLE_DISCOVER_EVT: BTM_BLE_NON_CONNECT_EVT; + +#ifdef BTM_BLE_PC_ADV_TEST_MODE + if (BTM_BLE_PC_ADV_TEST_MODE) + { + evt_type = p_cb->scan_rsp ? BTM_BLE_CONNECT_EVT: BTM_BLE_NON_CONNECT_EVT; + } +#endif + + if (start && p_cb->adv_mode == BTM_BLE_ADV_DISABLE) + { + /* update adv params */ + if (!btsnd_hcic_ble_write_adv_params ((UINT16)(p_cb->adv_interval_min ? p_cb->adv_interval_min : BTM_BLE_GAP_ADV_INT), + (UINT16)(p_cb->adv_interval_max ? p_cb->adv_interval_max : BTM_BLE_GAP_ADV_INT), + evt_type, + p_cb->own_addr_type, + p_cb->direct_bda.type, p_cb->direct_bda.bda, + p_cb->adv_chnl_map, + p_cb->afp)) + + status = BTM_NO_RESOURCES; + else + p_cb->evt_type = evt_type; + + if (btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_ENABLE)) + { + p_cb->adv_mode = BTM_BLE_ADV_ENABLE; + + status = BTM_SUCCESS; + } + } + else if (!start && p_cb->adv_mode == BTM_BLE_ADV_ENABLE) + { + if (btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_DISABLE)) + { + p_cb->adv_mode = BTM_BLE_ADV_DISABLE; + + status = BTM_SUCCESS; + } + } + else + { + status = BTM_WRONG_MODE; + BTM_TRACE_ERROR2("Can not %s Broadcast, device %s in Broadcast mode", + (start ? "Start" : "Stop"), (start ? "alerady" :"not")); + } + + return status; +} + + + + + + + +/******************************************************************************* +** +** Function BTM_RegisterScanReqEvt +** +** Description This function is called to register a scan request callback +** on the advertiser. +** +** Parameters p_scan_req_cback: scan request callback. If NULL, remove the +** registration. +** +** Returns void +** +*******************************************************************************/ +void BTM_RegisterScanReqEvt(tBTM_BLE_SCAN_REQ_CBACK *p_scan_req_cback) +{ +#ifdef BTM_BLE_PC_ADV_TEST_MODE // For general stack code (e.g. BTInsight testing), we simply do not define it to exclude or set it to TRUE to include + if (BTM_BLE_PC_ADV_TEST_MODE) // For stack component, it is always defined and maps to a global variable g_bDraculaAdvertisingMode + { + tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb; + p_cb->p_scan_req_cback = p_scan_req_cback; + } +#endif +} +/******************************************************************************* +** +** Function BTM_BleConfigPrivacy +** +** Description This function is called to enable or disable the privacy in +** the local device. +** +** Parameters enable: TRUE to enable it; FALSE to disable it. +** +** Returns void +** +*******************************************************************************/ +void BTM_BleConfigPrivacy(BOOLEAN enable) +{ + tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb; + BTM_TRACE_EVENT0 (" BTM_BleConfigPrivacy"); + p_cb->privacy = enable; +} + +/******************************************************************************* +** +** Function BTM_BleSetBgConnType +** +** Description This function is called to set BLE connectable mode for a +** peripheral device. +** +** Parameters bg_conn_type: it can be auto connection, or selective connection. +** p_select_cback: callback function when selective connection procedure +** is being used. +** +** Returns void +** +*******************************************************************************/ +BOOLEAN BTM_BleSetBgConnType(tBTM_BLE_CONN_TYPE bg_conn_type, + tBTM_BLE_SEL_CBACK *p_select_cback) +{ + BOOLEAN started = TRUE; + + BTM_TRACE_EVENT0 ("BTM_BleSetBgConnType "); + + if (btm_cb.ble_ctr_cb.bg_conn_type != bg_conn_type) + { + switch (bg_conn_type) + { + case BTM_BLE_CONN_AUTO: + btm_ble_start_auto_conn(TRUE); + break; + + case BTM_BLE_CONN_SELECTIVE: + if (btm_cb.ble_ctr_cb.bg_conn_type == BTM_BLE_CONN_AUTO) + { + btm_ble_start_auto_conn(FALSE); + } + started = btm_ble_start_select_conn(TRUE, p_select_cback); + break; + + case BTM_BLE_CONN_NONE: + if (btm_cb.ble_ctr_cb.bg_conn_type == BTM_BLE_CONN_AUTO) + { + btm_ble_start_auto_conn(FALSE); + } + else if (btm_cb.ble_ctr_cb.bg_conn_type == BTM_BLE_CONN_SELECTIVE) + { + btm_ble_start_select_conn(FALSE, NULL); + } + started = TRUE; + break; + + default: + BTM_TRACE_ERROR1("invalid bg connection type : %d ", bg_conn_type); + started = FALSE; + break; + } + + if (started) + btm_cb.ble_ctr_cb.bg_conn_type = bg_conn_type; + } + return started; +} + +/******************************************************************************* +** +** Function BTM_BleUpdateBgConnDev +** +** Description This function is called to add or remove a device into/from +** background connection procedure. The background connection +* procedure is decided by the background connection type, it can be +* auto connection, or selective connection. +** +** Parameters add_remove: TRUE to add; FALSE to remove. +** remote_bda: device address to add/remove. +** +** Returns void +** +*******************************************************************************/ +BOOLEAN BTM_BleUpdateBgConnDev(BOOLEAN add_remove, BD_ADDR remote_bda) +{ + tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb; + tBTM_BLE_SEL_CBACK *p_select_cback; + BOOLEAN ret = TRUE; + + BTM_TRACE_EVENT0 (" BTM_BleUpdateBgConnDev"); + + /* if auto connection is active */ + if (p_cb->bg_conn_state == BLE_BG_CONN_ACTIVE) + { + if (p_cb->bg_conn_type == BTM_BLE_CONN_AUTO) + { + /* terminate auto connection first */ + ret = btm_ble_start_auto_conn(FALSE); + } + else if (p_cb->bg_conn_type == BTM_BLE_CONN_SELECTIVE) + { + p_select_cback = btm_cb.ble_ctr_cb.p_select_cback; + ret = btm_ble_start_select_conn(FALSE, NULL); + } + } + if (ret) + { + /* update white list */ + ret = btm_update_bg_conn_list(add_remove, remote_bda); + btm_update_dev_to_white_list(add_remove, remote_bda, BLE_ADDR_PUBLIC); + } + + if (ret && p_cb->bg_conn_state == BLE_BG_CONN_IDLE) + { + if (p_cb->bg_conn_type == BTM_BLE_CONN_AUTO) + { + /* restart auto connection */ + btm_ble_start_auto_conn(TRUE); + } + else if (p_cb->bg_conn_type == BTM_BLE_CONN_SELECTIVE) + { + p_select_cback = btm_cb.ble_ctr_cb.p_select_cback; + btm_ble_start_select_conn(TRUE, p_select_cback); + } + } + return ret; +} + +/******************************************************************************* +** +** Function BTM_BleSetConnMode +** +** Description This function is called to set BLE connectable mode for a +** peripheral device. +** +** Parameters directed: is directed connectable mode, or non-directed. +** p_dir_bda: connectable direct initiator's LE device address +** +** Returns void +** +*******************************************************************************/ +tBTM_STATUS BTM_BleSetConnMode(BOOLEAN directed, tBLE_BD_ADDR *p_dir_bda) +{ + tBTM_BLE_INQ_CB *p_cb = &btm_cb.ble_ctr_cb.inq_var; + tBTM_STATUS status = BTM_SUCCESS; + BD_ADDR reconn_bda; + + BTM_TRACE_EVENT0 ("BTM_BleSetConnMode "); + + memcpy(&p_cb->direct_bda, &le_bda_any, sizeof(tBLE_BD_ADDR)); + p_cb->own_addr_type = BLE_ADDR_PUBLIC; + + if (directed) + { + if (p_dir_bda) + { + memcpy(&p_cb->direct_bda, p_dir_bda, sizeof(tBLE_BD_ADDR)); + + if (btm_cb.ble_ctr_cb.privacy /* && GAP privacy ad reconnect addr exist */) + { + /* write reconnect address to controller*/ + btsnd_hcic_ble_set_random_addr(reconn_bda); + } + /* else use static address or publich address */ + + } + else + status = BTM_ILLEGAL_VALUE; + } + else /* undirected connecatable */ + { + if (btm_cb.ble_ctr_cb.privacy /* GAP privacy flag enabled */) + { + /* generate resolvable private address */ + btm_gen_resolvable_private_addr(); + } /* else use publich address */ + + } + return status; +} + +/******************************************************************************* +** +** Function BTM_BleSetAdvParams +** +** Description This function is called to set advertising parameters. +** +** Parameters adv_int_min: minimum advertising interval +** adv_int_max: maximum advertising interval +** p_dir_bda: connectable direct initiator's LE device address +** chnl_map: advertising channel map. +** +** Returns void +** +*******************************************************************************/ +tBTM_STATUS BTM_BleSetAdvParams(UINT16 adv_int_min, UINT16 adv_int_max, + tBLE_BD_ADDR *p_dir_bda, + tBTM_BLE_ADV_CHNL_MAP chnl_map) +{ + tBTM_BLE_INQ_CB *p_cb = &btm_cb.ble_ctr_cb.inq_var; + tBTM_STATUS status = BTM_SUCCESS; + + BTM_TRACE_EVENT0 ("BTM_BleSetAdvParams"); + + if (!BTM_BLE_VALID_PRAM(adv_int_min, BTM_BLE_ADV_INT_MIN, BTM_BLE_ADV_INT_MAX) || + !BTM_BLE_VALID_PRAM(adv_int_max, BTM_BLE_ADV_INT_MIN, BTM_BLE_ADV_INT_MAX)) + { + return BTM_ILLEGAL_VALUE; + } + + p_cb->adv_interval_min = adv_int_min; + p_cb->adv_interval_max = adv_int_max; + p_cb->adv_chnl_map = chnl_map; + + if (p_dir_bda) + { + memcpy(&p_cb->direct_bda, p_dir_bda, sizeof(tBLE_BD_ADDR)); + } + else + memcpy(&p_cb->direct_bda, &le_bda_any, sizeof(tBLE_BD_ADDR)); + + if (p_cb->adv_mode == BTM_BLE_ADV_ENABLE) + { + BTM_TRACE_EVENT0 ("update params for an active adv"); + + if (p_cb->connectable_mode == BTM_BLE_NON_CONNECTABLE) + { + if (BTM_BLE_VALID_CONN_DIRECT(&p_cb->direct_bda)) + p_cb->evt_type = BTM_BLE_CONNECT_DIR_EVT; + else + p_cb->evt_type = BTM_BLE_CONNECT_EVT; + + BTM_TRACE_DEBUG1(" evt_type = %d", p_cb->evt_type); + } + + if (!btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_DISABLE)) + status = BTM_NO_RESOURCES; + else + /* update adv params */ + if (!btsnd_hcic_ble_write_adv_params (p_cb->adv_interval_min, + p_cb->adv_interval_max, + p_cb->evt_type, + p_cb->own_addr_type, + p_cb->direct_bda.type, + p_cb->direct_bda.bda, + p_cb->adv_chnl_map, + p_cb->afp)) + + status = BTM_NO_RESOURCES; + + else if (!btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_ENABLE)) + { + p_cb->adv_mode = BTM_BLE_ADV_DISABLE; + + status = BTM_NO_RESOURCES; + } + + } + + return status; +} + +/******************************************************************************* +** +** Function BTM_BleReadAdvParams +** +** Description This function is called to set advertising parameters. +** +** Parameters adv_int_min: minimum advertising interval +** adv_int_max: maximum advertising interval +** p_dir_bda: connectable direct initiator's LE device address +** chnl_map: advertising channel map. +** +** Returns void +** +*******************************************************************************/ +void BTM_BleReadAdvParams (UINT16 *adv_int_min, UINT16 *adv_int_max, + tBLE_BD_ADDR *p_dir_bda, tBTM_BLE_ADV_CHNL_MAP *p_chnl_map) +{ + tBTM_BLE_INQ_CB *p_cb = &btm_cb.ble_ctr_cb.inq_var; + + BTM_TRACE_EVENT0 ("BTM_BleReadAdvParams "); + + *adv_int_min = p_cb->adv_interval_min; + *adv_int_max = p_cb->adv_interval_max; + *p_chnl_map = p_cb->adv_chnl_map; + + if (p_dir_bda != NULL) + { + memcpy(p_dir_bda, &p_cb->direct_bda, sizeof(tBLE_BD_ADDR)); + } +} + + +/******************************************************************************* +** +** Function BTM_BleSetScanParams +** +** Description This function is called to set Scan parameters. +** +** Parameters adv_int_min: minimum advertising interval +** adv_int_max: maximum advertising interval +** p_dir_bda: connectable direct initiator's LE device address +** chnl_map: advertising channel map. +** scan_type: active scan or passive scan +** +** Returns void +** +*******************************************************************************/ +void BTM_BleSetScanParams(UINT16 scan_interval, UINT16 scan_window, tBTM_BLE_SCAN_MODE scan_mode) +{ + tBTM_BLE_INQ_CB *p_cb = &btm_cb.ble_ctr_cb.inq_var; + + BTM_TRACE_EVENT0 (" BTM_BleSetScanParams"); + + if (BTM_BLE_VALID_PRAM(scan_interval, BTM_BLE_SCAN_INT_MIN, BTM_BLE_SCAN_INT_MAX) && + BTM_BLE_VALID_PRAM(scan_window, BTM_BLE_SCAN_WIN_MIN, BTM_BLE_SCAN_WIN_MAX) && + (scan_mode == BTM_BLE_SCAN_MODE_ACTI || scan_mode == BTM_BLE_SCAN_MODE_PASS)) + { + p_cb->scan_type = scan_mode; + + if (BTM_BLE_CONN_PARAM_UNDEF != scan_interval) + p_cb->scan_interval = scan_interval; + + if (BTM_BLE_CONN_PARAM_UNDEF != scan_window) + p_cb->scan_window = scan_window; + } + else + { + BTM_TRACE_ERROR2("Illegal params: scan_interval = %d scan_window = %d", + scan_interval, scan_window); + } + +} + +/******************************************************************************* +** +** Function BTM_BleWriteScanRsp +** +** Description This function is called to write LE scan response. +** +** Parameters: p_scan_rsp: scan response information. +** +** Returns void +** +*******************************************************************************/ +tBTM_STATUS BTM_BleWriteScanRsp(tBTM_BLE_AD_MASK data_mask, tBTM_BLE_ADV_DATA *p_data) +{ + tBTM_STATUS status = BTM_NO_RESOURCES; + UINT8 rsp_data[BTM_BLE_AD_DATA_LEN], + *p = rsp_data; + + BTM_TRACE_EVENT0 (" BTM_BleWriteScanRsp"); + memset(rsp_data, 0, BTM_BLE_AD_DATA_LEN); + btm_ble_build_adv_data(&data_mask, &p, p_data); + + if (btsnd_hcic_ble_set_scan_rsp_data((UINT8)(p - rsp_data), rsp_data)) + { + status = BTM_SUCCESS; + + if (p_data != NULL) + btm_cb.ble_ctr_cb.inq_var.scan_rsp = TRUE; + else + btm_cb.ble_ctr_cb.inq_var.scan_rsp = FALSE; + } + else + status = BTM_ILLEGAL_VALUE; + + return status; +} + +/******************************************************************************* +** +** Function BTM_BleWriteAdvData +** +** Description This function is called to write advertising data. +** +** Parameters: None. +** +** Returns void +** +*******************************************************************************/ +tBTM_STATUS BTM_BleWriteAdvData(tBTM_BLE_AD_MASK data_mask, tBTM_BLE_ADV_DATA *p_data) +{ + tBTM_BLE_LOCAL_ADV_DATA *p_cb_data = &btm_cb.ble_ctr_cb.inq_var.adv_data; + UINT8 *p; + UINT16 mask = data_mask; + + memset(p_cb_data, 0, sizeof(tBTM_BLE_LOCAL_ADV_DATA)); + p = p_cb_data->ad_data; + p_cb_data->data_mask = data_mask; + + BTM_TRACE_EVENT0 ("BTM_BleWriteAdvData "); + p_cb_data->p_flags = btm_ble_build_adv_data(&mask, &p, p_data); + + p_cb_data->p_pad = p; + + if (data_mask != 0) + { + BTM_TRACE_ERROR0("Partial data write into ADV"); + } + + p_cb_data->data_mask &= ~mask; + + if (btsnd_hcic_ble_set_adv_data((UINT8)(p_cb_data->p_pad - p_cb_data->ad_data), + p_cb_data->ad_data)) + return BTM_SUCCESS; + else + return BTM_NO_RESOURCES; + +} + +/******************************************************************************* +** +** Function BTM_CheckAdvData +** +** Description This function is called to get ADV data for a specific type. +** +** Parameters p_adv - pointer of ADV data +** type - finding ADV data type +** p_length - return the length of ADV data not including type +** +** Returns pointer of ADV data +** +*******************************************************************************/ +UINT8 *BTM_CheckAdvData( UINT8 *p_adv, UINT8 type, UINT8 *p_length) +{ + UINT8 *p = p_adv; + UINT8 length; + UINT8 adv_type; + BTM_TRACE_API1("BTM_CheckAdvData type=0x%02X", type); + + STREAM_TO_UINT8(length, p); + + while ( length && (p - p_adv <= BTM_BLE_CACHE_ADV_DATA_MAX)) + { + STREAM_TO_UINT8(adv_type, p); + + if ( adv_type == type ) + { + /* length doesn't include itself */ + *p_length = length - 1; /* minus the length of type */ + return p; + } + p += length - 1; /* skip the length of data */ + STREAM_TO_UINT8(length, p); + } + + *p_length = 0; + return NULL; +} + +/******************************************************************************* +** +** Function btm_ble_build_adv_data +** +** Description This function is called build the adv data and rsp data. +*******************************************************************************/ +static UINT8 *btm_ble_build_adv_data(tBTM_BLE_AD_MASK *p_data_mask, UINT8 **p_dst, tBTM_BLE_ADV_DATA *p_data) +{ + UINT16 data_mask = *p_data_mask; + UINT8 *p = *p_dst, + *p_flag = NULL; + UINT16 len = BTM_BLE_AD_DATA_LEN, cp_len = 0; + UINT8 i = 0; + tBTM_BLE_ATTR *p_attr; + tBTM_BLE_PROP_ELEM *p_elem; + + BTM_TRACE_EVENT0 (" btm_ble_build_adv_data"); + + /* build the adv data structure and build the data string */ + if (data_mask) + { + /* flags */ + if (data_mask & BTM_BLE_AD_BIT_FLAGS) + { + *p++ = 2; + *p++ = BTM_BLE_AD_TYPE_FLAG; + p_flag = p; + if (p_data) + *p++ = p_data->flag; + else + *p++ = 0; + + len -= 3; + + data_mask &= ~BTM_BLE_AD_BIT_FLAGS; + } + /* device name */ + if (len > 2 && data_mask & BTM_BLE_AD_BIT_DEV_NAME) + { + if (strlen(btm_cb.cfg.bd_name) > (UINT16)(len - 2)) + { + *p++ = len - 2 + 1; + *p++ = BTM_BLE_AD_TYPE_NAME_SHORT; + ARRAY_TO_STREAM(p, btm_cb.cfg.bd_name, len - 2); + } + else + { + cp_len = (UINT16)strlen(btm_cb.cfg.bd_name); + *p++ = cp_len + 1; + *p++ = BTM_BLE_AD_TYPE_NAME_CMPL; + ARRAY_TO_STREAM(p, btm_cb.cfg.bd_name, cp_len); + } + + len -= (cp_len + 2); + data_mask &= ~BTM_BLE_AD_BIT_DEV_NAME; + } + /* manufacturer data */ + if (len > 2 && data_mask & BTM_BLE_AD_BIT_MANU && + p_data && p_data->manu.len != 0 && p_data->manu.p_val) + { + if (p_data->manu.len > (len - 2)) + cp_len = len - 2; + else + cp_len = p_data->manu.len; + + *p++ = cp_len + 1; + *p++ = BTM_BLE_AD_TYPE_MANU; + ARRAY_TO_STREAM(p, p_data->manu.p_val, cp_len); + + len -= (cp_len + 2); + data_mask &= ~BTM_BLE_AD_BIT_MANU; + } + /* TX power */ + if (len > 2 && data_mask & BTM_BLE_AD_BIT_TX_PWR) + { + *p++ = 2; + *p++ = BTM_BLE_AD_TYPE_TX_PWR; + *p++ = btm_cb.ble_ctr_cb.inq_var.tx_power; + len -= 3; + + data_mask &= ~BTM_BLE_AD_BIT_TX_PWR; + } + /* services */ + if (len > 2 && data_mask & BTM_BLE_AD_BIT_SERVICE && + p_data && p_data->services.num_service != 0 && + p_data->services.p_uuid) + { + if (p_data->services.num_service * 2 > (len - 2)) + { + cp_len = (len - 2)/2; + *p ++ = 1 + cp_len * 2; + *p++ = BTM_BLE_AD_TYPE_SRV_PART; + } + else + { + cp_len = p_data->services.num_service; + *p++ = 1 + cp_len * 2; + *p++ = BTM_BLE_AD_TYPE_SRV_CMPL; + } + for (i = 0; i < cp_len; i ++) + { + UINT16_TO_STREAM(p, *(p_data->services.p_uuid + i)); + } + + len -= (cp_len * 2 + 2); + data_mask &= ~BTM_BLE_AD_BIT_SERVICE; + } + if (len >= 6 && data_mask & BTM_BLE_AD_BIT_INT_RANGE && + p_data) + { + *p++ = 5; + *p++ = BTM_BLE_AD_TYPE_INT_RANGE; + UINT16_TO_STREAM(p, p_data->int_range.low); + UINT16_TO_STREAM(p, p_data->int_range.hi); + len -= 6; + data_mask &= ~BTM_BLE_AD_BIT_INT_RANGE; + } + if (data_mask & BTM_BLE_AD_BIT_ATTR && p_data && p_data->attr.num_attr != 0) + { + for (i = 0; i < p_data->attr.num_attr ; i ++) + { + p_attr = p_data->attr.attr_list + i; + + if (len >= (2 + 2 + p_attr->data_len))/* len byte(1) + ATTR type(1) + Uuid len(2) + value length */ + { + *p ++ = p_attr->data_len + 2 + 1; /* Uuid len + value length */ + *p ++ = BTM_BLE_AD_TYPE_ATTR; + UINT16_TO_STREAM(p, p_attr->uuid); + ARRAY_TO_STREAM(p, p_attr->p_data, p_attr->data_len); + + len -= (4 + p_attr->data_len); + } + else + break; + } + if (i == p_data->attr.num_attr) + data_mask &= ~BTM_BLE_AD_BIT_ATTR; + } + if (data_mask & BTM_BLE_AD_BIT_PROPRIETARY && p_data && p_data->p_proprietary) + { + for (i = 0; i < p_data->p_proprietary->num_elem ; i ++) + { + p_elem = p_data->p_proprietary->p_elem + i; + + if (len >= (2 + p_elem->len))/* len byte(1) + ATTR type(1) + Uuid len(2) + value length */ + { + *p ++ = p_elem->len + 1; /* Uuid len + value length */ + *p ++ = p_elem->adv_type; + ARRAY_TO_STREAM(p, p_elem->p_val, p_elem->len); + + len -= (2 + p_elem->len); + } + else + { + BTM_TRACE_WARNING0("data exceed max adv packet length"); + break; + } + } + data_mask &= ~BTM_BLE_AD_BIT_PROPRIETARY; + } + } + + *p_data_mask = data_mask; + *p_dst = p; + + return p_flag; +} + +/******************************************************************************* +** +** Function btm_ble_set_discoverability +** +** Description This function is called to set BLE discoverable mode. +** +** Parameters: mode: discoverability mode. +** +** Returns void +** +*******************************************************************************/ +tBTM_STATUS btm_ble_set_discoverability(UINT16 combined_mode) +{ + tBTM_BLE_INQ_CB *p_cb = &btm_cb.ble_ctr_cb.inq_var; + UINT16 mode = (combined_mode & BTM_BLE_DISCOVERABLE_MASK); + UINT8 flag = 0; + UINT8 new_mode = BTM_BLE_ADV_ENABLE; + UINT8 evt_type = (p_cb->connectable_mode == BTM_BLE_NON_CONNECTABLE) ? \ + ((p_cb->scan_rsp) ? BTM_BLE_DISCOVER_EVT : BTM_BLE_NON_CONNECT_EVT )\ + : BTM_BLE_CONNECT_EVT; + tBTM_STATUS status = BTM_SUCCESS; + + BTM_TRACE_EVENT2 ("btm_ble_set_discoverability mode=0x%0x combined_mode=0x%x", mode, combined_mode); + + /*** Check mode parameter ***/ + if (mode > BTM_BLE_MAX_DISCOVERABLE) + return(BTM_ILLEGAL_VALUE); + + p_cb->br_edr_supported_flag |= (combined_mode & BTM_DISCOVERABLE_MASK); + p_cb->discoverable_mode = mode; + + if (!p_cb->br_edr_supported_flag) + { + flag = BTM_BLE_BREDR_NOT_SPT; + BTM_TRACE_DEBUG1("btm_ble_set_discoverability (BREDR not sup)flag=0x%x",flag); + } + + BTM_TRACE_DEBUG1 ("br_edr_supported=0x%x", p_cb->br_edr_supported_flag); + + if (mode == BTM_BLE_LIMITED_DISCOVERABLE || mode == BTM_BLE_GENERAL_DISCOVERABLE) + { + BTM_TRACE_EVENT0 ("mode == BTM_BLE_LIMITED_DISCOVERABLE "); + /* write ADV data with limited disc flag */ + if (mode == BTM_BLE_LIMITED_DISCOVERABLE) + flag |= BTM_BLE_LIMIT_DISC_FLAG ; + else + flag |= BTM_BLE_GEN_DISC_FLAG; + } + else /* non-discoverable */ + { + BTM_TRACE_EVENT0 ("mode == BTM_BLE_NON_DISCOVERABLE "); + + if (p_cb->connectable_mode == BTM_BLE_NON_CONNECTABLE) + { + p_cb->br_edr_supported_flag = 0; + + BTM_TRACE_EVENT0 ("always disable adv in non-discoverable non-connectable mode if no scan rsp "); + if (!p_cb->scan_rsp ) + new_mode = BTM_BLE_ADV_DISABLE; + } + else + { + if (BTM_BLE_VALID_CONN_DIRECT(&p_cb->direct_bda)) + { + BTM_TRACE_DEBUG0("evt_type = BTM_BLE_CONNECT_DIR_EVT"); + evt_type = BTM_BLE_CONNECT_DIR_EVT; + } + else + { + BTM_TRACE_DEBUG0(" evt_type = BTM_BLE_CONNECT_EVT"); + evt_type = BTM_BLE_CONNECT_EVT; + } + } + } + btm_ble_update_adv_flag(flag); + + /* update adv params if start advertising */ + BTM_TRACE_EVENT2 ("evt_type=0x%x p-cb->evt_type=0x%x ", evt_type, p_cb->evt_type); + if (new_mode == BTM_BLE_ADV_ENABLE && evt_type != p_cb->evt_type) + { + if (p_cb->adv_mode == BTM_BLE_ADV_ENABLE) + { + BTM_TRACE_EVENT0 ("Set Adv disable"); + p_cb->adv_mode = BTM_BLE_ADV_DISABLE; + btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_DISABLE); + } + + /* update adv params */ + if (!btsnd_hcic_ble_write_adv_params ((UINT16)(p_cb->adv_interval_min ? p_cb->adv_interval_min : BTM_BLE_GAP_ADV_INT), + (UINT16)(p_cb->adv_interval_max ? p_cb->adv_interval_max : BTM_BLE_GAP_ADV_INT), + evt_type, + p_cb->own_addr_type, + p_cb->direct_bda.type, p_cb->direct_bda.bda, + p_cb->adv_chnl_map, + p_cb->afp)) + + status = BTM_NO_RESOURCES; + else + p_cb->evt_type = evt_type; + + } + if (status == BTM_SUCCESS && p_cb->adv_mode != new_mode) + { + /* update advertising mode */ + if (!btsnd_hcic_ble_set_adv_enable (new_mode)) + status = BTM_NO_RESOURCES; + else + p_cb->adv_mode = new_mode; + } + + /* set up stop advertising timer */ + if (status == BTM_SUCCESS && mode == BTM_BLE_LIMITED_DISCOVERABLE) + { + BTM_TRACE_EVENT1 ("start timer for limited disc mode duration=%d (30 secs)", BTM_BLE_GAP_LIM_TOUT); + /* start Tgap(lim_timeout) */ + btu_start_timer (&p_cb->inq_timer_ent, BTU_TTYPE_BLE_GAP_LIM_DISC, + BTM_BLE_GAP_LIM_TOUT); + } + return status; +} + +/******************************************************************************* +** +** Function btm_ble_set_connectability +** +** Description This function is called to set BLE connectability mode. +** +** Parameters: mode: connectability mode. +** +** Returns void +** +*******************************************************************************/ +tBTM_STATUS btm_ble_set_connectability(UINT16 combined_mode) +{ + tBTM_BLE_INQ_CB *p_cb = &btm_cb.ble_ctr_cb.inq_var; + UINT16 mode = (combined_mode & BTM_BLE_CONNECTABLE_MASK); + UINT8 cur_flag = 0; + UINT8 cur_br_edr_not_sup_flag; + UINT8 new_flag; + UINT8 new_mode = BTM_BLE_ADV_ENABLE; + UINT8 evt_type = (p_cb->scan_rsp) ? BTM_BLE_DISCOVER_EVT: BTM_BLE_NON_CONNECT_EVT; + tBTM_STATUS status = BTM_SUCCESS; + + BTM_TRACE_EVENT2 ("btm_ble_set_connectability mode=0x%0x combined_mode=0x%x", mode, combined_mode); + + /*** Check mode parameter ***/ + if (mode > BTM_BLE_MAX_CONNECTABLE) + return(BTM_ILLEGAL_VALUE); + if (btm_cb.ble_ctr_cb.inq_var.adv_data.p_flags) + cur_flag = *btm_cb.ble_ctr_cb.inq_var.adv_data.p_flags ; + cur_br_edr_not_sup_flag = (cur_flag & ((UINT8) BTM_BLE_BREDR_NOT_SPT)); + + p_cb->br_edr_supported_flag |= ((combined_mode & BTM_CONNECTABLE_MASK) << 4); + if (p_cb->br_edr_supported_flag && cur_br_edr_not_sup_flag) + { + new_flag = cur_flag & ((UINT8) (~BTM_BLE_BREDR_NOT_SPT)); + BTM_TRACE_EVENT2 ("new flag=0x%x cur flag=0x%x",new_flag, cur_flag); + btm_ble_update_adv_flag(new_flag); + } + p_cb->connectable_mode = mode; + + if (mode == BTM_BLE_NON_CONNECTABLE) + { + if (p_cb->discoverable_mode == BTM_BLE_NON_DISCOVERABLE) + { + p_cb->br_edr_supported_flag = 0; + BTM_TRACE_EVENT0 ("always disable adv in non-discoverable non-connectable mode with no scan rsp"); + if(!p_cb->scan_rsp) + new_mode = BTM_BLE_ADV_DISABLE; + } + } + else /* connectable */ + { + BTM_TRACE_DEBUG2("btm_ble_set_connectability: mode = %04x discoverable_mode= %02x", mode, p_cb->discoverable_mode); + + if (BTM_BLE_VALID_CONN_DIRECT(&p_cb->direct_bda)) + { + BTM_TRACE_DEBUG0("evt_type = BTM_BLE_CONNECT_DIR_EVT"); + evt_type = BTM_BLE_CONNECT_DIR_EVT; + } + else + { + BTM_TRACE_DEBUG0(" evt_type = BTM_BLE_CONNECT_EVT"); + evt_type = BTM_BLE_CONNECT_EVT; + } + } + + /* update adv params if needed */ + if (p_cb->evt_type != evt_type && new_mode == BTM_BLE_ADV_ENABLE) + { + if (p_cb->adv_mode == BTM_BLE_ADV_ENABLE) + { + p_cb->adv_mode = BTM_BLE_ADV_DISABLE; + btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_DISABLE); + } + + if (!btsnd_hcic_ble_write_adv_params ((UINT16)(p_cb->adv_interval_min ? p_cb->adv_interval_min : BTM_BLE_GAP_ADV_INT), + (UINT16)(p_cb->adv_interval_max ? p_cb->adv_interval_max : BTM_BLE_GAP_ADV_INT), + evt_type, + p_cb->own_addr_type, + p_cb->direct_bda.type, + p_cb->direct_bda.bda, + p_cb->adv_chnl_map, + p_cb->afp)) + status = BTM_NO_RESOURCES; + else + p_cb->evt_type = evt_type; + } + /* update advertising mode */ + if (status == BTM_SUCCESS && new_mode != p_cb->adv_mode) + { + if (btsnd_hcic_ble_set_adv_enable (new_mode)) + { + status = BTM_SUCCESS; + + p_cb->adv_mode = new_mode; + } + } + + return status; +} + +/******************************************************************************* +** +** Function btm_ble_start_inquiry +** +** Description This function is called to start BLE inquiry procedure. +** If the duration is zero, the periodic inquiry mode is cancelled. +** +** Parameters: mode - GENERAL or LIMITED inquiry +** p_inq_params - pointer to the BLE inquiry parameter. +** p_results_cb - callback returning pointer to results (tBTM_INQ_RESULTS) +** p_cmpl_cb - callback indicating the end of an inquiry +** +** +** +** Returns BTM_CMD_STARTED if successfully started +** BTM_ILLEGAL_VALUE if a bad parameter is detected +** BTM_NO_RESOURCES if could not allocate a message buffer +** BTM_SUCCESS - if cancelling the periodic inquiry +** BTM_BUSY - if an inquiry is already active +** BTM_WRONG_MODE if the device is not up. +** +*******************************************************************************/ +tBTM_STATUS btm_ble_start_inquiry (UINT8 mode, UINT8 duration) +{ + tBTM_STATUS status = BTM_NO_RESOURCES; + tBTM_BLE_INQ_CB *p_inq = &btm_cb.ble_ctr_cb.inq_var; + + BTM_TRACE_DEBUG2("btm_ble_start_inquiry: mode = %02x inq_active = %d", mode, btm_cb.btm_inq_vars.inq_active); + + if (p_inq->proc_mode != BTM_BLE_INQUIRY_NONE) + { + BTM_TRACE_ERROR0("LE scan is active, can not start inquiry"); + return(BTM_BUSY); + } + + btm_update_scanner_filter_policy(SP_ADV_ALL); + + /* start scan, already enable duplicate filtering */ + if (btsnd_hcic_ble_set_scan_enable (BTM_BLE_SCAN_ENABLE, BTM_BLE_DUPLICATE_DISABLE)) + { + status = BTM_SUCCESS; + p_inq->proc_mode = mode; + + if (duration != 0) + { + /* start inquiry timer */ + btu_start_timer (&p_inq->inq_timer_ent, BTU_TTYPE_BLE_INQUIRY, duration); + } + } + + return status; +} + +/******************************************************************************* +** +** Function btm_ble_read_remote_name_cmpl +** +** Description This function is called when BLE remote name is received. +** +** Returns void +** +*******************************************************************************/ +void btm_ble_read_remote_name_cmpl(BOOLEAN status, BD_ADDR bda, UINT16 length, char *p_name) +{ + UINT8 hci_status = HCI_SUCCESS; + BD_NAME bd_name; + + memset(bd_name, 0, BD_NAME_LEN); + memcpy((UINT8*)bd_name, p_name, length); + + if ((!status) || (length==0)) + { + hci_status = HCI_ERR_HOST_TIMEOUT; + } + + btm_process_remote_name(bda, bd_name, length, hci_status); + btm_sec_rmt_name_request_complete (bda, (UINT8 *)p_name, hci_status); +} + +/******************************************************************************* +** +** Function btm_ble_read_remote_name +** +** Description This function read remote LE device name using GATT read +** procedure. +** +** Parameters: None. +** +** Returns void +** +*******************************************************************************/ +tBTM_STATUS btm_ble_read_remote_name(BD_ADDR remote_bda, tBTM_INQ_INFO *p_cur, tBTM_CMPL_CB *p_cb) +{ + tBTM_INQUIRY_VAR_ST *p_inq = &btm_cb.btm_inq_vars; + + if (p_cur && + p_cur->results.ble_evt_type != BTM_BLE_EVT_CONN_ADV && + p_cur->results.ble_evt_type != BTM_BLE_EVT_CONN_DIR_ADV) + { + BTM_TRACE_DEBUG0("name request to non-connectable device failed."); + return BTM_ERR_PROCESSING; + } + + /* read remote device name using GATT procedure */ + if (p_inq->remname_active) + return BTM_BUSY; + + if (!GAP_BleReadPeerDevName(remote_bda, btm_ble_read_remote_name_cmpl)) + return BTM_BUSY; + + p_inq->p_remname_cmpl_cb = p_cb; + p_inq->remname_active = TRUE; + + memcpy(p_inq->remname_bda, remote_bda, BD_ADDR_LEN); + + btu_start_timer (&p_inq->rmt_name_timer_ent, + BTU_TTYPE_BTM_RMT_NAME, + BTM_EXT_BLE_RMT_NAME_TIMEOUT); + + return BTM_CMD_STARTED; +} + +/******************************************************************************* +** +** Function btm_ble_cancel_remote_name +** +** Description This function cancel read remote LE device name. +** +** Parameters: None. +** +** Returns void +** +*******************************************************************************/ +BOOLEAN btm_ble_cancel_remote_name(BD_ADDR remote_bda) +{ + tBTM_INQUIRY_VAR_ST *p_inq = &btm_cb.btm_inq_vars; + BOOLEAN status; + + status = GAP_BleCancelReadPeerDevName(remote_bda); + + p_inq->remname_active = FALSE; + memset(p_inq->remname_bda, 0, BD_ADDR_LEN); + btu_stop_timer(&p_inq->rmt_name_timer_ent); + + return status; +} + +/******************************************************************************* +** +** Function btm_ble_update_adv_flag +** +** Description This function update the limited discoverable flag in the adv +** data. +** +** Parameters: None. +** +** Returns void +** +*******************************************************************************/ +static void btm_ble_update_adv_flag(UINT8 flag) +{ + tBTM_BLE_LOCAL_ADV_DATA *p_adv_data = &btm_cb.ble_ctr_cb.inq_var.adv_data; + UINT8 *p; + + BTM_TRACE_DEBUG1 ("btm_ble_update_adv_flag new=0x%x", flag); + + if (p_adv_data->p_flags != NULL) + { + BTM_TRACE_DEBUG1 ("btm_ble_update_adv_flag old=0x%x", *p_adv_data->p_flags); + *p_adv_data->p_flags = flag; + } + else /* no FLAGS in ADV data*/ + { + p = (p_adv_data->p_pad == NULL) ? p_adv_data->ad_data : p_adv_data->p_pad; + /* need 3 bytes space to stuff in the flags, if not */ + /* erase all written data, just for flags */ + if ((BTM_BLE_AD_DATA_LEN - (p - p_adv_data->ad_data)) < 3) + { + p = p_adv_data->p_pad = p_adv_data->ad_data; + memset(p_adv_data->ad_data, 0, BTM_BLE_AD_DATA_LEN); + } + + *p++ = 2; + *p++ = BTM_BLE_AD_TYPE_FLAG; + p_adv_data->p_flags = p; + *p++ = flag; + p_adv_data->p_pad = p; + } + + if (btsnd_hcic_ble_set_adv_data((UINT8)(p_adv_data->p_pad - p_adv_data->ad_data), + p_adv_data->ad_data)) + p_adv_data->data_mask |= BTM_BLE_AD_BIT_FLAGS; + +} + +#if 0 +/******************************************************************************* +** +** Function btm_ble_parse_adv_data +** +** Description This function parse the adv data into a structure. +** +** Returns pointer to entry, or NULL if not found +** +*******************************************************************************/ +static void btm_ble_parse_adv_data(tBTM_INQ_INFO *p_info, UINT8 *p_data, + UINT8 len, tBTM_BLE_INQ_DATA *p_adv_data, UINT8 *p_buf) +{ + UINT8 *p_cur = p_data; + UINT8 ad_len, ad_type, ad_flag; + tBTM_BLE_ATTR *p_attr; + + BTM_TRACE_EVENT0 (" btm_ble_parse_adv_data"); + + while (len > 0) + { + BTM_TRACE_DEBUG1("btm_ble_parse_adv_data: len = %d", len); + if ((ad_len = *p_cur ++) == 0) + break; + + ad_type = *p_cur ++; + + BTM_TRACE_DEBUG2(" ad_type = %02x ad_len = %d", ad_type, ad_len); + + switch (ad_type) + { + case BTM_BLE_AD_TYPE_NAME_SHORT: + + case BTM_BLE_AD_TYPE_NAME_CMPL: + p_adv_data->ad_mask |= BTM_BLE_AD_BIT_DEV_NAME; + if (p_info) + { + p_info->remote_name_type =(ad_type == BTM_BLE_AD_TYPE_NAME_SHORT) ? + BTM_BLE_NAME_SHORT: BTM_BLE_NAME_CMPL; + memcpy(p_info->remote_name, p_cur, ad_len -1); + p_info->remote_name[ad_len] = 0; + p_adv_data->p_remote_name = p_info->remote_name; + p_info->remote_name_len = p_adv_data->remote_name_len = ad_len - 1; + BTM_TRACE_DEBUG1("BTM_BLE_AD_TYPE_NAME name = %s",p_adv_data->p_remote_name); + } + p_cur += (ad_len -1); + + break; + + case BTM_BLE_AD_TYPE_FLAG: + p_adv_data->ad_mask |= BTM_BLE_AD_BIT_FLAGS; + ad_flag = *p_cur ++; + p_adv_data->flag = (UINT8)(ad_flag & BTM_BLE_ADV_FLAG_MASK) ; + BTM_TRACE_DEBUG3("BTM_BLE_AD_TYPE_FLAG flag = %s | %s | %s", + (p_adv_data->flag & BTM_BLE_LIMIT_DISC_FLAG)? "LE_LIMIT_DISC" : "", + (p_adv_data->flag & BTM_BLE_GEN_DISC_FLAG)? "LE_GENERAL_DISC" : "", + (p_adv_data->flag & BTM_BLE_BREDR_NOT_SPT)? "LE Only device" : ""); + break; + + case BTM_BLE_AD_TYPE_TX_PWR: + p_adv_data->ad_mask |= BTM_BLE_AD_BIT_TX_PWR; + p_adv_data->tx_power_level = (INT8)*p_cur ++; + BTM_TRACE_DEBUG1("BTM_BLE_AD_TYPE_TX_PWR tx_level = %d", p_adv_data->tx_power_level); + break; + + case BTM_BLE_AD_TYPE_ATTR: + p_adv_data->ad_mask |= BTM_BLE_AD_BIT_ATTR; + p_attr = &p_adv_data->attr_data.attr_list[p_adv_data->attr_data.num_attr]; + p_attr->uuid = *p_cur ++; + + if (ad_len > 3) + { + p_attr->data_len = ad_len - 3; + p_attr->p_data = p_buf; + memcpy(p_attr->p_data, p_cur, p_attr->data_len); + p_buf += p_attr->data_len; + } + + p_adv_data->attr_data.num_attr ++; + BTM_TRACE_DEBUG2("BTM_BLE_AD_TYPE_ATTR[%d] uuid = 0x%04x",p_adv_data->attr_data.num_attr, p_attr->uuid); + break; + + case BTM_BLE_AD_TYPE_MANU: + + case BTM_BLE_AD_TYPE_SRV_CMPL: + case BTM_BLE_AD_TYPE_SRV_PART: + p_adv_data->ad_mask |= ad_type; + /* need allocate memory to store UUID list */ + p_adv_data->service.num_service = (ad_len - 1)/2; + BTM_TRACE_DEBUG1("service UUID list, num = %d", p_adv_data->service.num_service); + + default: + p_cur += (ad_len - 1); + break; + } + len -= (ad_len + 1); + } +} +#endif + +/******************************************************************************* +** +** Function btm_ble_cache_adv_data +** +** Description Update advertising cache data. +** +** Returns void +** +*******************************************************************************/ +void btm_ble_cache_adv_data(tBTM_INQ_RESULTS *p_cur, UINT8 data_len, UINT8 *p, UINT8 evt_type) +{ + tBTM_BLE_INQ_CB *p_le_inq_cb = &btm_cb.ble_ctr_cb.inq_var; + UINT8 *p_cache; + UINT8 length; + + /* cache adv report/scan response data */ + if (evt_type != BTM_BLE_SCAN_RSP_EVT) + { + p_le_inq_cb->adv_len = 0; + memset(p_le_inq_cb->adv_data_cache, 0, BTM_BLE_CACHE_ADV_DATA_MAX); + } + + if (data_len > 0) + { + p_cache = &p_le_inq_cb->adv_data_cache[p_le_inq_cb->adv_len]; + STREAM_TO_UINT8(length, p); + while ( length && ((p_le_inq_cb->adv_len + length + 1) <= BTM_BLE_CACHE_ADV_DATA_MAX)) + { + /* copy from the length byte & data into cache */ + memcpy(p_cache, p-1, length+1); + /* advance the cache pointer past data */ + p_cache += length+1; + /* increment cache length */ + p_le_inq_cb->adv_len += length+1; + /* skip the length of data */ + p += length; + STREAM_TO_UINT8(length, p); + } + } + + /* parse service UUID from adv packet and save it in inq db eir_uuid */ + /* TODO */ +} +/******************************************************************************* +** +** Function btm_ble_is_discoverable +** +** Description check ADV flag to make sure device is discoverable and match +** the search condition +** +** Parameters +** +** Returns void +** +*******************************************************************************/ +BOOLEAN btm_ble_is_discoverable(BD_ADDR bda, UINT8 evt_type, UINT8 *p) +{ + BOOLEAN is_discoverable = FALSE; + UINT8 *p_flag, flag = 0; + UINT8 data_len; + tBTM_INQ_PARMS *p_cond = &btm_cb.btm_inq_vars.inqparms; + + STREAM_TO_UINT8 (data_len, p); + + /* for observer, always "discoverable */ + if (btm_cb.ble_ctr_cb.inq_var.proc_mode == BTM_BLE_OBSERVE || + (btm_cb.ble_ctr_cb.inq_var.proc_mode == BTM_BLE_SELECT_SCAN && + btm_cb.ble_ctr_cb.bg_conn_type == BTM_BLE_CONN_SELECTIVE)) + return TRUE; + + /* does not match filter condition */ + if (p_cond->filter_cond_type == BTM_FILTER_COND_BD_ADDR && + memcmp(bda, p_cond->filter_cond.bdaddr_cond, BD_ADDR_LEN) != 0) + { + BTM_TRACE_DEBUG0("BD ADDR does not meet filter condition"); + return FALSE; + } + + /* scan response does not include the flag */ + if (evt_type == BTM_BLE_SCAN_RSP_EVT) + return FALSE; + + if (data_len > BTM_BLE_ADV_DATA_LEN_MAX) + { + BTM_TRACE_WARNING1("ADV data too long %d. discard", data_len); + return FALSE; + } + + if (data_len != 0) + { + if ((p_flag = BTM_CheckAdvData(p, BTM_BLE_AD_TYPE_FLAG, &data_len)) != NULL) + { + flag = * p_flag; + + if ((btm_cb.ble_ctr_cb.inq_var.proc_mode == BTM_BLE_GENERAL_INQUIRY) && + (flag & (BTM_BLE_LIMIT_DISC_FLAG|BTM_BLE_GEN_DISC_FLAG)) != 0) + { + BTM_TRACE_DEBUG0("Find Generable Discoverable device"); + is_discoverable = TRUE; + } + + else if (btm_cb.ble_ctr_cb.inq_var.proc_mode == BTM_BLE_LIMITED_INQUIRY && + (flag & BTM_BLE_LIMIT_DISC_FLAG) != 0) + { + BTM_TRACE_DEBUG0("Find limited discoverable device"); + is_discoverable = TRUE; + } + + } + } + + if (!is_discoverable) + { + BTM_TRACE_ERROR1("discoverable flag not desired: %d", flag); + } + + return is_discoverable; +} +/******************************************************************************* +** +** Function btm_ble_update_inq_result +** +** Description Update adv packet information into inquiry result. +** +** Parameters +** +** Returns void +** +*******************************************************************************/ +BOOLEAN btm_ble_update_inq_result(tINQ_DB_ENT *p_i, UINT8 addr_type, UINT8 evt_type, UINT8 *p) +{ + BOOLEAN to_report = TRUE; + tBTM_INQ_RESULTS *p_cur = &p_i->inq_info.results; + UINT8 len; + UINT8 *p_flag; + tBTM_INQUIRY_VAR_ST *p_inq = &btm_cb.btm_inq_vars; + UINT8 data_len, rssi; + tBTM_BLE_INQ_CB *p_le_inq_cb = &btm_cb.ble_ctr_cb.inq_var; + UINT8 *p1; + + STREAM_TO_UINT8 (data_len, p); + + if (data_len > BTM_BLE_ADV_DATA_LEN_MAX) + { + BTM_TRACE_WARNING1("EIR data too long %d. discard", data_len); + return FALSE; + } + btm_ble_cache_adv_data(p_cur, data_len, p, evt_type); + + p1 = (p + data_len); + STREAM_TO_UINT8 (rssi, p1); + + /* Save the info */ + p_cur->inq_result_type = BTM_INQ_RESULT_BLE; + p_cur->ble_addr_type = addr_type; + p_cur->rssi = rssi; + + /* active scan, always wait until get scan_rsp to report the result */ + if ((btm_cb.ble_ctr_cb.inq_var.scan_type == BTM_BLE_SCAN_MODE_ACTI && + (evt_type == BTM_BLE_CONNECT_EVT || evt_type == BTM_BLE_DISCOVER_EVT))) + { + p_i->scan_rsp = FALSE; + to_report = FALSE; + } + else + p_i->scan_rsp = TRUE; + + if (p_i->inq_count != p_inq->inq_counter) + p_cur->device_type = BT_DEVICE_TYPE_BLE; + else + p_cur->device_type |= BT_DEVICE_TYPE_BLE; + + if (evt_type != BTM_BLE_SCAN_RSP_EVT) + p_cur->ble_evt_type = evt_type; + + p_i->inq_count = p_inq->inq_counter; /* Mark entry for current inquiry */ + + if (p_le_inq_cb->adv_len != 0) + { + if ((p_flag = BTM_CheckAdvData(p_le_inq_cb->adv_data_cache, BTM_BLE_AD_TYPE_FLAG, &len)) != NULL) + p_cur->flag = * p_flag; + } + + /* if BR/EDR not supported is not set, assume is a DUMO device */ + if ((p_cur->flag & BTM_BLE_BREDR_NOT_SPT) == 0) + { + BTM_TRACE_ERROR0("BR/EDR NOT support bit not set, treat as DUMO"); + p_cur->device_type |= BT_DEVICE_TYPE_DUMO; + } + else + { + BTM_TRACE_DEBUG0("BR/EDR NOT SUPPORT bit set, LE only device"); + } + + return to_report; + +} + +/******************************************************************************* +** +** Function btm_send_sel_conn_callback +** +** Description send selection connection request callback. +** +** Parameters +** +** Returns void +** +*******************************************************************************/ +void btm_send_sel_conn_callback(BD_ADDR remote_bda, UINT8 evt_type, UINT8 *p_data, UINT8 addr_type) +{ + UINT8 data_len, len; + UINT8 *p_dev_name, remname[31] = {0}; + + if (btm_cb.ble_ctr_cb.p_select_cback == NULL || + /* non-connectable device */ + (evt_type != BTM_BLE_EVT_CONN_ADV && evt_type != BTM_BLE_EVT_CONN_DIR_ADV)) + return; + + STREAM_TO_UINT8 (data_len, p_data); + + /* get the device name if exist in ADV data */ + if (data_len != 0) + { + p_dev_name = BTM_CheckAdvData(p_data, BTM_BLE_AD_TYPE_NAME_CMPL, &len); + + if (p_dev_name == NULL) + p_dev_name = BTM_CheckAdvData(p_data, BTM_BLE_AD_TYPE_NAME_SHORT, &len); + + if (p_dev_name) + memcpy(remname, p_dev_name, len); + } + /* allow connection */ + if ((* btm_cb.ble_ctr_cb.p_select_cback)(remote_bda, remname)) + { + /* terminate selective connection, initiate connection */ + btm_ble_initiate_select_conn(remote_bda); + } +} + +/******************************************************************************* +** +** Function btm_ble_resolve_random_addr_cmpl +** +** Description resolve random address complete callback. +** +** Returns void +** +*******************************************************************************/ +static void btm_ble_resolve_random_addr_cmpl(void * p_rec, void *p) +{ + tBTM_SEC_DEV_REC *match_rec = (tBTM_SEC_DEV_REC *) p_rec; + UINT8 addr_type = BLE_ADDR_RANDOM; + BD_ADDR bda; + UINT8 *pp = (UINT8 *)p + 1; + UINT8 evt_type; + + BTM_TRACE_EVENT0 ("btm_ble_resolve_random_addr_cmpl "); + + STREAM_TO_UINT8 (evt_type, pp); + STREAM_TO_UINT8 (addr_type, pp); + STREAM_TO_BDADDR (bda, pp); + + if (match_rec) + { + BTM_TRACE_ERROR0("Random match"); + memcpy(match_rec->ble.cur_rand_addr, bda, BD_ADDR_LEN); + memcpy(bda, match_rec->bd_addr, BD_ADDR_LEN); + } + else + { + BTM_TRACE_ERROR0("Random unmatch"); + } + + btm_ble_process_adv_pkt_cont(bda, addr_type, evt_type, pp); + + return; +} + +/******************************************************************************* +** +** Function btm_ble_process_adv_pkt +** +** Description This function is called when adv packet report events are +** received from the device. It updates the inquiry database. +** If the inquiry database is full, the oldest entry is discarded. +** +** Parameters +** +** Returns void +** +*******************************************************************************/ +void btm_ble_process_adv_pkt (UINT8 *p_data) +{ + BD_ADDR bda; + UINT8 evt_type = 0, *p = p_data; + UINT8 addr_type = 0; + + BTM_TRACE_EVENT0 ("btm_ble_process_adv_pkt "); + + /* always get one device at a time */ + p ++; + + /* Extract inquiry results */ + STREAM_TO_UINT8 (evt_type, p); + STREAM_TO_UINT8 (addr_type, p); + STREAM_TO_BDADDR (bda, p); + +#ifdef BTM_BLE_PC_ADV_TEST_MODE // For general stack code (e.g. BTInsight testing), we simply do not define it to exclude or set it to TRUE to include + if (BTM_BLE_PC_ADV_TEST_MODE) // For stack component, it is always defined and maps to a global variable g_bDraculaAdvertisingMode + { + if (btm_cb.ble_ctr_cb.p_scan_req_cback) + (*btm_cb.ble_ctr_cb.p_scan_req_cback)(bda, addr_type, evt_type); + } +#endif + + /* Only process the results if the inquiry is still active */ + if (!btm_cb.btm_inq_vars.inq_active && + (btm_cb.ble_ctr_cb.bg_conn_type != BTM_BLE_CONN_SELECTIVE || + /* or selective auto connection is active */ + btm_cb.ble_ctr_cb.p_select_cback == NULL)) + return; + + +#if SMP_INCLUDED == TRUE + if (addr_type == BLE_ADDR_RANDOM && BTM_BLE_IS_RESOLVE_BDA(bda)) + { + btm_ble_resolve_random_addr(bda, btm_ble_resolve_random_addr_cmpl, p_data); + } + else +#endif + btm_ble_process_adv_pkt_cont(bda, addr_type, evt_type, p); +} + +/******************************************************************************* +** +** Function btm_ble_process_adv_pkt_cont +** +** Description This function is called after random address resolution is +** done, and proceed to process adv packet. +** +** Parameters +** +** Returns void +** +*******************************************************************************/ +static void btm_ble_process_adv_pkt_cont(BD_ADDR bda, UINT8 addr_type, UINT8 evt_type, UINT8 *p) +{ + tINQ_DB_ENT *p_i; + BOOLEAN to_report = FALSE; + tBTM_INQUIRY_VAR_ST *p_inq = &btm_cb.btm_inq_vars; + tBTM_INQ_RESULTS_CB *p_inq_results_cb = p_inq->p_inq_results_cb; + tBTM_BLE_INQ_CB *p_le_inq_cb = &btm_cb.ble_ctr_cb.inq_var; + + p_i = btm_inq_db_find (bda); + + /* Check if this address has already been processed for this inquiry */ + if (btm_inq_find_bdaddr(bda)) + { + /* never been report as an LE device */ + if ((p_i && + (!(p_i->inq_info.results.device_type & BT_DEVICE_TYPE_BLE) || + /* scan repsonse to be updated */ + (!p_i->scan_rsp))) + || + btm_cb.ble_ctr_cb.inq_var.proc_mode == BTM_BLE_OBSERVE) + { + BTM_TRACE_DEBUG0("update new BLE information "); + to_report = TRUE; + } + else + { + BTM_TRACE_DEBUG0("LE in le_bd_db already"); + /* if yes, skip it */ + return; /* assumption: one result per event */ + } + } + else /* not been processed int his round */ + { + BTM_TRACE_DEBUG0("new LE BD_ADDR"); + to_report = TRUE; + } + + /* If existing entry, use that, else get a new one (possibly reusing the oldest) */ + if (p_i == NULL) + { + if (btm_ble_is_discoverable(bda, evt_type, p)) + { + if ((p_i = btm_inq_db_new (bda)) != NULL) + { + p_inq->inq_cmpl_info.num_resp++; + BTM_TRACE_DEBUG0("adv pkt process: new record is added into inq db"); + to_report = TRUE; + } + else + return; + } + else + { + BTM_TRACE_ERROR0("discard adv pkt"); + return; + } + } + else if (p_i->inq_count != p_inq->inq_counter) /* first time seen in this inquiry */ + { + p_inq->inq_cmpl_info.num_resp++; + } + + /* update the LE device information in inquiry database */ + if (to_report) + { + to_report = btm_ble_update_inq_result(p_i, addr_type, evt_type, p); + } + +#if BTM_USE_INQ_RESULTS_FILTER == TRUE + /* If the number of responses found and limited, issue a cancel inquiry */ + if (p_inq->inqparms.max_resps && + p_inq->inq_cmpl_info.num_resp == p_inq->inqparms.max_resps) + { + /* new device */ + if (p_i == NULL || + (/* assume a DUMO device, BR/EDR inquiry is always active */ + p_i && p_i->inq_info.results.device_type == BT_DEVICE_TYPE_BLE && p_i->scan_rsp)) + { + BTM_TRACE_WARNING0("INQ RES: Extra Response Received...cancelling inquiry.."); + + if (!(p_inq->inq_active & BTM_PERIODIC_INQUIRY_ACTIVE) ) + btsnd_hcic_inq_cancel(); + + /* stop LE scan now */ + btm_ble_stop_scan(); + +#if BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE + btm_acl_update_busy_level (BTM_BLI_INQ_DONE_EVT); +#endif + } + } +#endif + + /* background connection in selective connection mode */ + if (btm_cb.ble_ctr_cb.bg_conn_type == BTM_BLE_CONN_SELECTIVE) + { + btm_send_sel_conn_callback(bda, evt_type, p, addr_type); + } + else if (p_inq_results_cb && to_report) + { + BTM_TRACE_DEBUG0("BTMINQ LE: Found devices, send callback btm_inqrslt_cb"); + + if (p_inq->inq_active) + (p_inq_results_cb)((tBTM_INQ_RESULTS *) &p_i->inq_info.results, p_le_inq_cb->adv_data_cache); + } +} + +/******************************************************************************* +** +** Function btm_ble_stop_scan +** +** Description Stop the BLE scan. +** +** Returns void +** +*******************************************************************************/ +void btm_ble_stop_scan(void) +{ + tBTM_BLE_INQ_CB *p_cb = &btm_cb.ble_ctr_cb.inq_var; + tBTM_INQUIRY_VAR_ST *p_inq = &btm_cb.btm_inq_vars; + + BTM_TRACE_EVENT0 ("btm_ble_stop_scan "); + + btu_stop_timer (&p_cb->inq_timer_ent); + + /* Clear the inquiry callback if set */ + p_cb->scan_type = BTM_BLE_SCAN_MODE_NONE; + p_cb->proc_mode = BTM_BLE_INQUIRY_NONE; + + /* stop discovery now */ + btsnd_hcic_ble_set_scan_enable (BTM_BLE_SCAN_DISABLE, BTM_BLE_DUPLICATE_ENABLE); + + /* If we have a callback registered for inquiry complete, call it */ + BTM_TRACE_DEBUG2 ("BTM Inq Compl Callback: status 0x%02x, num results %d", + p_inq->inq_cmpl_info.status, p_inq->inq_cmpl_info.num_resp); + + btm_update_scanner_filter_policy(SP_ADV_ALL); + + btm_process_inq_complete(HCI_SUCCESS, (UINT8)(p_inq->inqparms.mode & BTM_BLE_INQUIRY_MASK)); + +} + +/******************************************************************************* +** +** Function btm_ble_stop_adv +** +** Description Stop the BLE advertising. +** +** Returns void +** +*******************************************************************************/ +void btm_ble_stop_adv(void) +{ + BTM_TRACE_EVENT0 (" btm_ble_stop_adv"); + + if (btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_DISABLE)) + { + btm_cb.ble_ctr_cb.inq_var.adv_mode = BTM_BLE_ADV_DISABLE; + } +} + +/******************************************************************************* +** +** Function btm_ble_timeout +** +** Description Called when BTM BLE inquiry timer expires +** +** Returns void +** +*******************************************************************************/ +void btm_ble_timeout(TIMER_LIST_ENT *p_tle) +{ + BTM_TRACE_EVENT0 ("btm_ble_timeout"); + + switch (p_tle->event) + { + case BTU_TTYPE_BLE_INQUIRY: + btm_ble_stop_scan(); + break; + + case BTU_TTYPE_BLE_GAP_LIM_DISC: + /* lim_timeout expiried, limited discovery should exit now */ + btm_ble_update_adv_flag(BTM_BLE_NON_LIMIT_DISC_FLAG); + + btm_ble_stop_adv(); + break; + + case BTU_TTYPE_BLE_RANDOM_ADDR: + if (btm_cb.ble_ctr_cb.inq_var.adv_mode == BTM_BLE_ADV_ENABLE && + btm_cb.ble_ctr_cb.inq_var.own_addr_type == BLE_ADDR_RANDOM) + { + /* refresh the random addr */ + btm_gen_resolvable_private_addr(); + } + break; + + } +} + +/******************************************************************************* +** +** Function btm_ble_connected +** +** Description This function is when a LE connection to the peer device is +** establsihed +** +** Returns void +** +*******************************************************************************/ +void btm_ble_connected (UINT8 *bda, UINT16 handle, UINT8 enc_mode, UINT8 role) +{ + tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bda); + tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb; + + BTM_TRACE_EVENT0 ("btm_ble_connected"); + + /* Commenting out trace due to obf/compilation problems. + */ +#if (BT_USE_TRACES == TRUE) + if (p_dev_rec) + { + BTM_TRACE_EVENT4 ("Security Manager: btm_sec_connected : handle:%d enc_mode:%d bda:%x RName:%s", + handle, enc_mode, + (bda[2]<<24)+(bda[3]<<16)+(bda[4]<<8)+bda[5], + p_dev_rec->sec_bd_name); + + BTM_TRACE_DEBUG1 ("btm_ble_connected sec_flags=0x%x",p_dev_rec->sec_flags); + } + else + { + BTM_TRACE_EVENT3 ("Security Manager: btm_sec_connected: handle:%d enc_mode:%d bda:%x ", + handle, enc_mode, + (bda[2]<<24)+(bda[3]<<16)+(bda[4]<<8)+bda[5]); + } +#endif + + if (!p_dev_rec) + { + /* There is no device record for new connection. Allocate one */ + p_dev_rec = btm_sec_alloc_dev (bda); + } + else /* Update the timestamp for this device */ + { + p_dev_rec->timestamp = btm_cb.dev_rec_count++; + } + + p_dev_rec->device_type = BT_DEVICE_TYPE_BLE; + p_dev_rec->hci_handle = handle; + if (role == HCI_ROLE_MASTER) + p_dev_rec->role_master = TRUE; + + p_cb->inq_var.adv_mode = BTM_BLE_ADV_DISABLE; + + return; +} + +/******************************************************************************* +** +** Function btm_ble_read_remote_features_complete +** +** Description This function is called when the command complete message +** is received from the HCI for the read LE remote feature supported +** complete event. +** +** Returns void +** +*******************************************************************************/ +void btm_ble_read_remote_features_complete(UINT8 *p) +{ + tACL_CONN *p_acl_cb = &btm_cb.acl_db[0]; + UINT8 size; + UINT16 handle; + int xx, yy; + tBTM_SEC_DEV_REC *p_dev_rec; + + BTM_TRACE_EVENT0 ("btm_ble_read_remote_features_complete "); + + STREAM_TO_UINT16 (handle, p); + STREAM_TO_UINT8 (size, p); + + /* Look up the connection by handle and copy features */ + for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_acl_cb++) + { + if ((p_acl_cb->in_use) && (p_acl_cb->hci_handle == handle)) + { + for (yy = 0; yy < BD_FEATURES_LEN; yy++) + STREAM_TO_UINT8 (p_acl_cb->features[yy], p); + + p_dev_rec = btm_find_dev_by_handle (handle); + if (!p_dev_rec) + { + /* Get a new device; might be doing dedicated bonding */ + p_dev_rec = btm_find_or_alloc_dev (p_acl_cb->remote_addr); + } + + memcpy (p_dev_rec->features, p_acl_cb->features, BD_FEATURES_LEN); + break; + } + } +} + +/******************************************************************************* +** +** Function btm_ble_write_adv_enable_complete +** +** Description This function process the write adv enable command complete. +** +** Returns void +** +*******************************************************************************/ +void btm_ble_write_adv_enable_complete(UINT8 * p) +{ + tBTM_BLE_INQ_CB *p_cb = &btm_cb.ble_ctr_cb.inq_var; + + /* if write adv enable/disbale not succeed */ + if (*p != HCI_SUCCESS) + { + /* toggle back the adv mode */ + p_cb->adv_mode = !p_cb->adv_mode; + } +} +/******************************************************************************* +** +** Function btm_ble_init +** +** Description Initialize the control block variable values. +** +** Returns void +** +*******************************************************************************/ +void btm_ble_init (void) +{ + tBTM_BLE_CB *p_cb = &btm_cb.ble_ctr_cb; + + BTM_TRACE_EVENT0 ("btm_ble_init "); + + memset(p_cb, 0, sizeof(tBTM_BLE_CB)); + + p_cb->inq_var.adv_mode = BTM_BLE_ADV_DISABLE; + p_cb->inq_var.scan_type = BTM_BLE_SCAN_MODE_NONE; + p_cb->inq_var.adv_chnl_map = BTM_BLE_DEFAULT_ADV_CHNL_MAP; + p_cb->inq_var.afp = BTM_BLE_DEFAULT_AFP; + p_cb->inq_var.sfp = BTM_BLE_DEFAULT_SFP; + p_cb->inq_var.connectable_mode = BTM_BLE_NON_CONNECTABLE; + p_cb->inq_var.discoverable_mode = BTM_BLE_NON_DISCOVERABLE; + + /* for background connection, reset connection params to be undefined */ + p_cb->scan_int = p_cb->scan_win = BTM_BLE_CONN_PARAM_UNDEF; + + p_cb->inq_var.evt_type = BTM_BLE_UNKNOWN_EVT; +} + +#endif /* BLE_INCLUDED */ diff --git a/stack/btm/btm_ble_int.h b/stack/btm/btm_ble_int.h new file mode 100644 index 0000000..b03e124 --- /dev/null +++ b/stack/btm/btm_ble_int.h @@ -0,0 +1,285 @@ +/***************************************************************************** +** +** Name: btm_ble_int.h +** +** Description: this file contains the main Bluetooth Manager (BTM) +** internal definitions. +** +** Copyright (c) 1999-2008, Broadcom Corp., All Rights Reserved +** WIDCOMM Bluetooth Core. Proprietary and confidential. +******************************************************************************/ + +#ifndef BTM_BLE_INT_H +#define BTM_BLE_INT_H + +#include "bt_target.h" +#include "gki.h" +#include "hcidefs.h" +#include "btm_ble_api.h" +#include "btm_int.h" + +#if BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE +#include "smp_api.h" +#endif + +#define BTM_BLE_CONNECT_EVT 0x00 +#define BTM_BLE_CONNECT_DIR_EVT 0x01 +#define BTM_BLE_DISCOVER_EVT 0x02 +#define BTM_BLE_NON_CONNECT_EVT 0x03 +#define BTM_BLE_SCAN_RSP_EVT 0x04 +#define BTM_BLE_SCAN_REQ_EVT 0x06 +#define BTM_BLE_UNKNOWN_EVT 0xff + +#define BTM_BLE_UNKNOWN_EVT 0xff + +/* scanning enable status */ +#define BTM_BLE_SCAN_ENABLE 0x01 +#define BTM_BLE_SCAN_DISABLE 0x00 + +/* advertising enable status */ +#define BTM_BLE_ADV_ENABLE 0x01 +#define BTM_BLE_ADV_DISABLE 0x00 + +/* use the high 4 bits unused by inquiry mode */ +#define BTM_BLE_SELECT_SCAN 0x20 +#define BTM_BLE_NAME_REQUEST 0x40 +#define BTM_BLE_OBSERVE 0x80 + +#define BTM_BLE_MAX_WL_ENTRY 1 +#define BTM_BLE_AD_DATA_LEN 31 + +#define BTM_BLE_ENC_MASK 0x03 + +#define BTM_BLE_DUPLICATE_ENABLE 1 +#define BTM_BLE_DUPLICATE_DISABLE 0 + +#define BTM_BLE_GAP_DISC_SCAN_INT 18 /* Interval(scan_int) = 11.25 ms= 0x0010 * 0.625 ms */ +#define BTM_BLE_GAP_DISC_SCAN_WIN 18 /* scan_window = 11.25 ms= 0x0010 * 0.625 ms */ +#define BTM_BLE_GAP_ADV_INT 512 /* Tgap(gen_disc) = 1.28 s= 512 * 0.625 ms */ +#define BTM_BLE_GAP_LIM_TOUT 30 /* Tgap(lim_timeout) = 30.72 s max, round down to 30 */ + + +#define BTM_BLE_SEC_REQ_ACT_NONE 0 +#define BTM_BLE_SEC_REQ_ACT_ENCRYPT 1 /* encrypt the link using current key or key refresh */ +#define BTM_BLE_SEC_REQ_ACT_PAIR 2 +#define BTM_BLE_SEC_REQ_ACT_DISCARD 3 /* discard the sec request while encryption is started but not completed */ +typedef UINT8 tBTM_BLE_SEC_REQ_ACT; + + + +typedef struct +{ + UINT16 data_mask; + UINT8 *p_flags; + UINT8 ad_data[BTM_BLE_AD_DATA_LEN]; + UINT8 *p_pad; +}tBTM_BLE_LOCAL_ADV_DATA; + +typedef struct +{ + UINT32 inq_count; /* Used for determining if a response has already been */ + /* received for the current inquiry operation. (We do not */ + /* want to flood the caller with multiple responses from */ + /* the same device. */ + BOOLEAN scan_rsp; + tBLE_BD_ADDR le_bda; +} tINQ_LE_BDADDR; + +#define BTM_BLE_ADV_DATA_LEN_MAX 31 +#define BTM_BLE_CACHE_ADV_DATA_MAX 62 + +#define BTM_BLE_VALID_PRAM(x, min, max) (((x) >= (min) && (x) <= (max)) || ((x) == BTM_BLE_CONN_PARAM_UNDEF)) + +typedef struct +{ + + UINT16 discoverable_mode; + UINT16 connectable_mode; + UINT16 br_edr_supported_flag; /* combined BR EDR discoverable and connectable mode */ + /* only meaningful when it is zero. This means + BR EDR is not supported*/ + UINT8 proc_mode; /* current procedure mode : inquiry or discovery */ + + UINT16 scan_window; + UINT16 scan_interval; + UINT8 scan_type; /* current scan type: active or passive */ + UINT16 adv_interval_min; + UINT16 adv_interval_max; + tBLE_ADDR_TYPE own_addr_type; + tBTM_BLE_AFP afp; /* advertising filter policy */ + tBTM_BLE_SFP sfp; /* scanning filter policy */ + + UINT8 evt_type; + UINT8 adv_mode; + tBLE_BD_ADDR direct_bda; + + UINT8 adv_len; + UINT8 adv_data_cache[BTM_BLE_CACHE_ADV_DATA_MAX]; + + /* inquiry BD addr database */ + UINT8 num_bd_entries; + UINT8 max_bd_entries; + + tBLE_BD_ADDR local_bda; + + tBTM_BLE_LOCAL_ADV_DATA adv_data; + tBTM_BLE_ADV_CHNL_MAP adv_chnl_map; + + TIMER_LIST_ENT inq_timer_ent; + BOOLEAN scan_rsp; + UINT8 state; /* Current state that the inquiry process is in */ + UINT8 tx_power; +} tBTM_BLE_INQ_CB; + + +/* random address resolving complete callback */ +typedef void (tBTM_BLE_RESOLVE_CBACK) (void * match_rec, void *p); + +/* random address management control block */ +typedef struct +{ + BD_ADDR private_addr; + BD_ADDR random_bda; + BOOLEAN busy; + UINT16 index; + tBTM_BLE_RESOLVE_CBACK *p_resolve_cback; + void *p; + TIMER_LIST_ENT raddr_timer_ent; +} tBTM_LE_RANDOM_CB; + +#define BTM_BLE_MAX_BG_CONN_DEV_NUM 10 + +typedef struct +{ + UINT16 min_conn_int; + UINT16 max_conn_int; + UINT16 slave_latency; + UINT16 supervision_tout; + +}tBTM_LE_CONN_PRAMS; + +/* Define BLE Device Management control structure +*/ +typedef struct +{ + /***************************************************** + ** BLE Inquiry + *****************************************************/ + tBTM_BLE_INQ_CB inq_var; + + /* background connection procedure cb value */ + tBTM_BLE_CONN_TYPE bg_conn_type; + UINT16 scan_int; + UINT16 scan_win; + tBTM_BLE_SEL_CBACK *p_select_cback; + TIMER_LIST_ENT scan_param_idle_timer; + + UINT8 bg_conn_dev_num; + BD_ADDR bg_conn_dev_list[BTM_BLE_MAX_BG_CONN_DEV_NUM]; + +#define BLE_BG_CONN_IDLE 0 +#define BLE_BG_CONN_ACTIVE 1 +#define BLE_BG_CONN_SUSPEND 2 + + UINT8 bg_conn_state; + + /* random address management control block */ + tBTM_LE_RANDOM_CB addr_mgnt_cb; + + /* white list information */ + UINT8 num_empty_filter; /* Number of entries in white list */ + UINT8 max_filter_entries; /* Maximum number of entries that can be stored */ + BOOLEAN enabled; + BOOLEAN privacy; /* privacy enabled or disabled */ + +#ifdef BTM_BLE_PC_ADV_TEST_MODE + tBTM_BLE_SCAN_REQ_CBACK *p_scan_req_cback; +#endif + +} tBTM_BLE_CB; + +#ifdef __cplusplus +extern "C" { +#endif + +extern void btm_ble_timeout(TIMER_LIST_ENT *p_tle); +extern void btm_ble_process_adv_pkt (UINT8 *p); +extern void btm_ble_proc_scan_rsp_rpt (UINT8 *p); +extern tBTM_STATUS btm_ble_read_remote_name(BD_ADDR remote_bda, tBTM_INQ_INFO *p_cur, tBTM_CMPL_CB *p_cb); +extern BOOLEAN btm_ble_cancel_remote_name(BD_ADDR remote_bda); + +extern tBTM_STATUS btm_ble_set_discoverability(UINT16 combined_mode); +extern tBTM_STATUS btm_ble_set_connectability(UINT16 combined_mode); +extern tBTM_STATUS btm_ble_start_inquiry (UINT8 mode, UINT8 duration); + +extern void btm_ble_stop_scan(void); +extern void btm_ble_att_db_init(void); +extern void btm_ble_init (void); +extern void btm_ble_connected (UINT8 *bda, UINT16 handle, UINT8 enc_mode, UINT8 role); +extern void btm_ble_read_remote_features_complete(UINT8 *p); +extern void btm_ble_stop_adv(void); +extern void btm_ble_write_adv_enable_complete(UINT8 * p); + +/* LE security function from btm_sec.c */ +#if BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE +extern void btm_ble_link_sec_check(BD_ADDR bd_addr, tBTM_LE_AUTH_REQ auth_req, tBTM_BLE_SEC_REQ_ACT *p_sec_req_act); +extern void btm_ble_ltk_request_reply(BD_ADDR bda, BOOLEAN use_stk, BT_OCTET16 stk); +extern UINT8 btm_proc_smp_cback(tSMP_EVT event, BD_ADDR bd_addr, tSMP_EVT_DATA *p_data); +extern tBTM_STATUS btm_ble_set_encryption (BD_ADDR bd_addr, void *p_ref_data, UINT8 link_role); +extern void btm_ble_ltk_request(UINT16 handle, UINT8 rand[8], UINT16 ediv); +extern BOOLEAN btm_ble_start_encrypt(BD_ADDR bda, BOOLEAN use_stk, BT_OCTET16 stk); +extern void btm_ble_link_encrypted(BD_ADDR bd_addr, UINT8 encr_enable); +#endif + +/* LE device management functions */ +extern void btm_ble_reset_id( void ); + +/* security related functions */ +extern void btm_ble_increment_sign_ctr(BD_ADDR bd_addr, BOOLEAN is_local ); +extern BOOLEAN btm_get_local_div (BD_ADDR bd_addr, UINT16 *p_div); +extern BOOLEAN btm_ble_check_link_type (BD_ADDR bd_addr); +extern BOOLEAN btm_ble_get_enc_key_type(BD_ADDR bd_addr, UINT8 *p_key_types); + +extern void btm_ble_rand_enc_complete (UINT8 *p, UINT16 op_code, tBTM_RAND_ENC_CB *p_enc_cplt_cback); +extern void btm_sec_save_le_key(BD_ADDR bd_addr, tBTM_LE_KEY_TYPE key_type, tBTM_LE_KEY_VALUE *p_keys, BOOLEAN pass_to_application); +extern void btm_ble_update_sec_key_size(BD_ADDR bd_addr, UINT8 enc_key_size); +extern UINT8 btm_ble_read_sec_key_size(BD_ADDR bd_addr); + +/* white list function */ +extern BOOLEAN btm_update_dev_to_white_list(BOOLEAN to_add, BD_ADDR bd_addr,tBLE_ADDR_TYPE addr_type); +extern BOOLEAN btm_update_bg_conn_list(BOOLEAN to_add, BD_ADDR bd_addr); +extern void btm_update_scanner_filter_policy(tBTM_BLE_SFP scan_policy); +extern void btm_update_adv_filter_policy(tBTM_BLE_AFP adv_policy); +extern void btm_ble_clear_white_list (void); +extern void btm_write_bg_conn_wl(void); + +/* background connection function */ +extern void btm_ble_suspend_bg_conn(void); +extern BOOLEAN btm_ble_resume_bg_conn(tBTM_BLE_SEL_CBACK *p_sele_callback, BOOLEAN def_param); +extern void btm_ble_update_bg_state(void); +extern void btm_ble_initiate_select_conn(BD_ADDR bda); +extern BOOLEAN btm_ble_start_auto_conn(BOOLEAN start); +extern BOOLEAN btm_ble_start_select_conn(BOOLEAN start,tBTM_BLE_SEL_CBACK *p_select_cback); +extern BOOLEAN btm_ble_find_dev_in_whitelist(BD_ADDR bd_addr); +extern BOOLEAN btm_ble_renew_bg_conn_params(BOOLEAN add, BD_ADDR bd_addr); +extern void btm_ble_scan_param_idle(void); +extern UINT8 btm_ble_count_unconn_dev_in_whitelist(void); + +/* BLE address management */ +extern tBLE_ADDR_TYPE btm_ble_map_bda_to_conn_bda(BD_ADDR bda); +extern void btm_gen_resolvable_private_addr (void); +extern void btm_gen_non_resolvable_private_addr (void); +extern void btm_ble_resolve_random_addr(BD_ADDR random_bda, tBTM_BLE_RESOLVE_CBACK * p_cback, void *p); + +#if BTM_BLE_CONFORMANCE_TESTING == TRUE +BT_API extern void btm_ble_set_no_disc_if_pair_fail (BOOLEAN disble_disc); +BT_API extern void btm_ble_set_test_mac_value (BOOLEAN enable, UINT8 *p_test_mac_val); +BT_API extern void btm_ble_set_test_local_sign_cntr_value(BOOLEAN enable, UINT32 test_local_sign_cntr); +#endif + + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/stack/btm/btm_dev.c b/stack/btm/btm_dev.c new file mode 100644 index 0000000..3651589 --- /dev/null +++ b/stack/btm/btm_dev.c @@ -0,0 +1,451 @@ +/***************************************************************************** +** * +** Name: btm_dev.c * +** * +** Description: This file contains functions for the Bluetooth Device * +** Manager * +** * +** Copyright (c) 1999-2011, Broadcom Corp., All Rights Reserved. * +** Broadcom Bluetooth Core. Proprietary and confidential. * +******************************************************************************/ + +#include <stdlib.h> +#include <string.h> +#include <stdio.h> +#include <stddef.h> + +#include "bt_types.h" +#include "gki.h" +#include "hcimsgs.h" +#include "btu.h" +#include "btm_api.h" +#include "btm_int.h" +#include "hcidefs.h" +#include "l2c_api.h" +static tBTM_SEC_DEV_REC *btm_find_oldest_dev (void); + +/******************************************************************************* +** +** Function BTM_SecAddDevice +** +** Description Add/modify device. This function will be normally called +** during host startup to restore all required information +** stored in the NVRAM. +** +** Parameters: bd_addr - BD address of the peer +** dev_class - Device Class +** bd_name - Name of the peer device. NULL if unknown. +** features - Remote device's supported features. NULL if not known +** trusted_mask - Bitwise OR of services that do not +** require authorization. (array of UINT32) +** link_key - Connection link key. NULL if unknown. +** +** Returns TRUE if added OK, else FALSE +** +*******************************************************************************/ +BOOLEAN BTM_SecAddDevice (BD_ADDR bd_addr, DEV_CLASS dev_class, BD_NAME bd_name, + BD_FEATURES features, UINT32 trusted_mask[], + LINK_KEY link_key, UINT8 key_type, tBTM_IO_CAP io_cap) +{ + tBTM_SEC_DEV_REC *p_dev_rec; + int i; + + p_dev_rec = btm_find_dev (bd_addr); + if (!p_dev_rec) + { + /* There is no device record, allocate one. + * If we can not find an empty spot for this one, let it fail. */ + for (i = 0; i < BTM_SEC_MAX_DEVICE_RECORDS; i++) + { + if (!(btm_cb.sec_dev_rec[i].sec_flags & BTM_SEC_IN_USE)) + { + p_dev_rec = &btm_cb.sec_dev_rec[i]; + + /* Mark this record as in use and initialize */ + memset (p_dev_rec, 0, sizeof (tBTM_SEC_DEV_REC)); + p_dev_rec->sec_flags = BTM_SEC_IN_USE; + memcpy (p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN); + p_dev_rec->hci_handle = BTM_GetHCIConnHandle (bd_addr); + +#if BLE_INCLUDED == TRUE + /* use default value for background connection params */ + /* update conn params, use default value for background connection params */ + memset(&p_dev_rec->conn_params, 0xff, sizeof(tBTM_LE_CONN_PRAMS)); +#endif + break; + } + } + + if (!p_dev_rec) + return(FALSE); + } + + p_dev_rec->timestamp = btm_cb.dev_rec_count++; + + if (dev_class) + memcpy (p_dev_rec->dev_class, dev_class, DEV_CLASS_LEN); + + memset(p_dev_rec->sec_bd_name, 0, sizeof(tBTM_BD_NAME)); + + if (bd_name && bd_name[0]) + { + p_dev_rec->sec_flags |= BTM_SEC_NAME_KNOWN; + BCM_STRNCPY_S ((char *)p_dev_rec->sec_bd_name, sizeof (p_dev_rec->sec_bd_name), + (char *)bd_name, BTM_MAX_REM_BD_NAME_LEN); + } + + if (features) + memcpy (p_dev_rec->features, features, sizeof (BD_FEATURES)); + else + memset (p_dev_rec->features, 0, sizeof (BD_FEATURES)); + + BTM_SEC_COPY_TRUSTED_DEVICE(trusted_mask, p_dev_rec->trusted_mask); + + if (link_key) + { + BTM_TRACE_EVENT6 ("BTM_SecAddDevice() BDA: %02x:%02x:%02x:%02x:%02x:%02x", + bd_addr[0], bd_addr[1], bd_addr[2], + bd_addr[3], bd_addr[4], bd_addr[5]); + p_dev_rec->sec_flags |= BTM_SEC_LINK_KEY_KNOWN; + memcpy (p_dev_rec->link_key, link_key, LINK_KEY_LEN); + p_dev_rec->link_key_type = key_type; + } + +#if defined(BSA_MIXED_MODE_INCLUDED) && (BSA_MIXED_MODE_INCLUDED == TRUE) + p_dev_rec->sm4 = BTM_SM4_KNOWN; +#endif + + p_dev_rec->rmt_io_caps = io_cap; + + return(TRUE); +} + + +/******************************************************************************* +** +** Function BTM_SecDeleteDevice +** +** Description Free resources associated with the device. +** +** Parameters: bd_addr - BD address of the peer +** +** Returns TRUE if removed OK, FALSE if not found or ACL link is active +** +*******************************************************************************/ +BOOLEAN BTM_SecDeleteDevice (BD_ADDR bd_addr) +{ + tBTM_SEC_DEV_REC *p_dev_rec; + + if (BTM_IsAclConnectionUp(bd_addr)) + { + BTM_TRACE_WARNING0("BTM_SecDeleteDevice FAILED: Cannot Delete when connection is active"); + return(FALSE); + } + + if ((p_dev_rec = btm_find_dev (bd_addr)) == NULL) + return(FALSE); + + btm_sec_free_dev (p_dev_rec); + + /* Tell controller to get rid of the link key if it has one stored */ + BTM_DeleteStoredLinkKey (bd_addr, NULL); + + return(TRUE); +} + +/******************************************************************************* +** +** Function BTM_SecReadDevName +** +** Description Looks for the device name in the security database for the +** specified BD address. +** +** Returns Pointer to the name or NULL +** +*******************************************************************************/ +char *BTM_SecReadDevName (BD_ADDR bd_addr) +{ + char *p_name = NULL; + tBTM_SEC_DEV_REC *p_srec; + + if ((p_srec = btm_find_dev(bd_addr)) != NULL) + p_name = (char *)p_srec->sec_bd_name; + + return(p_name); +} + +/******************************************************************************* +** +** Function btm_sec_alloc_dev +** +** Description Look for the record in the device database for the record +** with specified handle +** +** Returns Pointer to the record or NULL +** +*******************************************************************************/ +tBTM_SEC_DEV_REC *btm_sec_alloc_dev (BD_ADDR bd_addr) +{ + tBTM_SEC_DEV_REC *p_dev_rec = NULL; + tBTM_INQ_INFO *p_inq_info; + int i; + BTM_TRACE_EVENT0 ("btm_sec_alloc_dev"); + for (i = 0; i < BTM_SEC_MAX_DEVICE_RECORDS; i++) + { + if (!(btm_cb.sec_dev_rec[i].sec_flags & BTM_SEC_IN_USE)) + { + p_dev_rec = &btm_cb.sec_dev_rec[i]; + break; + } + } + + if (!p_dev_rec) + p_dev_rec = btm_find_oldest_dev(); + + memset (p_dev_rec, 0, sizeof (tBTM_SEC_DEV_REC)); + + p_dev_rec->sec_flags = BTM_SEC_IN_USE; + + /* Check with the BT manager if details about remote device are known */ + /* outgoing connection */ + if ((p_inq_info = BTM_InqDbRead(bd_addr)) != NULL) + { + memcpy (p_dev_rec->dev_class, p_inq_info->results.dev_class, DEV_CLASS_LEN); + +#if BLE_INCLUDED == TRUE + p_dev_rec->device_type = p_inq_info->results.device_type; + p_dev_rec->ble.ble_addr_type = p_inq_info->results.ble_addr_type; + + /* update conn params, use default value for background connection params */ + memset(&p_dev_rec->conn_params, 0xff, sizeof(tBTM_LE_CONN_PRAMS)); +#endif + +#if BTM_INQ_GET_REMOTE_NAME == TRUE + if (p_inq_info->remote_name_state == BTM_INQ_RMT_NAME_DONE) + { + BCM_STRNCPY_S ((char *)p_dev_rec->sec_bd_name, sizeof (p_dev_rec->sec_bd_name), + (char *)p_inq_info->remote_name, BTM_MAX_REM_BD_NAME_LEN); + p_dev_rec->sec_flags |= BTM_SEC_NAME_KNOWN; + } +#endif + } + else + { +#if BLE_INCLUDED == TRUE + p_dev_rec->device_type = BT_DEVICE_TYPE_BREDR; /* initialize it as BR/EDR device */ + /* update conn params, use default value for background connection params */ + memset(&p_dev_rec->conn_params, 0xff, sizeof(tBTM_LE_CONN_PRAMS)); +#endif + + if (!memcmp (bd_addr, btm_cb.connecting_bda, BD_ADDR_LEN)) + memcpy (p_dev_rec->dev_class, btm_cb.connecting_dc, DEV_CLASS_LEN); + } + + memcpy (p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN); + + p_dev_rec->hci_handle = BTM_GetHCIConnHandle (bd_addr); + p_dev_rec->timestamp = btm_cb.dev_rec_count++; + + return(p_dev_rec); +} + + +/******************************************************************************* +** +** Function btm_sec_free_dev +** +** Description Mark device record as not used +** +*******************************************************************************/ +void btm_sec_free_dev (tBTM_SEC_DEV_REC *p_dev_rec) +{ + p_dev_rec->sec_flags = 0; + +#if BLE_INCLUDED == TRUE + /* Clear out any saved BLE keys */ + btm_sec_clear_ble_keys (p_dev_rec); +#endif + + +} + +/******************************************************************************* +** +** Function btm_dev_support_switch +** +** Description This function is called by the L2CAP to check if remote +** device supports role switch +** +** Parameters: bd_addr - Address of the peer device +** +** Returns TRUE if device is known and role switch is supported +** +*******************************************************************************/ +BOOLEAN btm_dev_support_switch (BD_ADDR bd_addr) +{ + tBTM_SEC_DEV_REC *p_dev_rec; + UINT8 xx; + BOOLEAN feature_empty = TRUE; + +#if BTM_SCO_INCLUDED == TRUE + /* Role switch is not allowed if a SCO is up */ + if (btm_is_sco_active_by_bdaddr(bd_addr)) + return(FALSE); +#endif + p_dev_rec = btm_find_dev (bd_addr); + if (p_dev_rec && HCI_SWITCH_SUPPORTED(btm_cb.devcb.local_features)) + { + if (HCI_SWITCH_SUPPORTED(p_dev_rec->features)) + { + BTM_TRACE_DEBUG0("btm_dev_support_switch return TRUE (feature found)"); + return (TRUE); + } + + /* If the feature field is all zero, we never received them */ + for (xx = 0 ; xx < BD_FEATURES_LEN ; xx++) + { + if (p_dev_rec->features[xx] != 0x00) + { + feature_empty = FALSE; /* at least one is != 0 */ + break; + } + } + + /* If we don't know peer's capabilities, assume it supports Role-switch */ + if (feature_empty) + { + BTM_TRACE_DEBUG0("btm_dev_support_switch return TRUE (feature empty)"); + return (TRUE); + } + } + + BTM_TRACE_DEBUG0("btm_dev_support_switch return FALSE"); + return(FALSE); +} + +/******************************************************************************* +** +** Function btm_find_dev_by_handle +** +** Description Look for the record in the device database for the record +** with specified handle +** +** Returns Pointer to the record or NULL +** +*******************************************************************************/ +tBTM_SEC_DEV_REC *btm_find_dev_by_handle (UINT16 handle) +{ + tBTM_SEC_DEV_REC *p_dev_rec = &btm_cb.sec_dev_rec[0]; + int i; + + for (i = 0; i < BTM_SEC_MAX_DEVICE_RECORDS; i++, p_dev_rec++) + { + if ((p_dev_rec->sec_flags & BTM_SEC_IN_USE) + && (p_dev_rec->hci_handle == handle)) + return(p_dev_rec); + } + return(NULL); +} + +/******************************************************************************* +** +** Function btm_find_dev +** +** Description Look for the record in the device database for the record +** with specified BD address +** +** Returns Pointer to the record or NULL +** +*******************************************************************************/ +tBTM_SEC_DEV_REC *btm_find_dev (BD_ADDR bd_addr) +{ + tBTM_SEC_DEV_REC *p_dev_rec = &btm_cb.sec_dev_rec[0]; + int i; + + if (bd_addr) + { + for (i = 0; i < BTM_SEC_MAX_DEVICE_RECORDS; i++, p_dev_rec++) + { + if ((p_dev_rec->sec_flags & BTM_SEC_IN_USE) + && (!memcmp (p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN))) + return(p_dev_rec); + } + } + return(NULL); +} + +/******************************************************************************* +** +** Function btm_find_or_alloc_dev +** +** Description Look for the record in the device database for the record +** with specified BD address +** +** Returns Pointer to the record or NULL +** +*******************************************************************************/ +tBTM_SEC_DEV_REC *btm_find_or_alloc_dev (BD_ADDR bd_addr) +{ + tBTM_SEC_DEV_REC *p_dev_rec; + BTM_TRACE_EVENT0 ("btm_find_or_alloc_dev"); + if ((p_dev_rec = btm_find_dev (bd_addr)) == NULL) + { + + /* Allocate a new device record or reuse the oldest one */ + p_dev_rec = btm_sec_alloc_dev (bd_addr); + } + return(p_dev_rec); +} + +/******************************************************************************* +** +** Function btm_find_oldest_dev +** +** Description Locates the oldest device in use. It first looks for +** the oldest non-paired device. If all devices are paired it +** deletes the oldest paired device. +** +** Returns Pointer to the record or NULL +** +*******************************************************************************/ +tBTM_SEC_DEV_REC *btm_find_oldest_dev (void) +{ + tBTM_SEC_DEV_REC *p_dev_rec = &btm_cb.sec_dev_rec[0]; + tBTM_SEC_DEV_REC *p_oldest = p_dev_rec; + UINT32 ot = 0xFFFFFFFF; + int i; + + /* First look for the non-paired devices for the oldest entry */ + for (i = 0; i < BTM_SEC_MAX_DEVICE_RECORDS; i++, p_dev_rec++) + { + if (((p_dev_rec->sec_flags & BTM_SEC_IN_USE) == 0) + || ((p_dev_rec->sec_flags & BTM_SEC_LINK_KEY_KNOWN) != 0)) + continue; /* Device is paired so skip it */ + + if (p_dev_rec->timestamp < ot) + { + p_oldest = p_dev_rec; + ot = p_dev_rec->timestamp; + } + } + + if (ot != 0xFFFFFFFF) + return(p_oldest); + + /* All devices are paired; find the oldest */ + p_dev_rec = &btm_cb.sec_dev_rec[0]; + for (i = 0; i < BTM_SEC_MAX_DEVICE_RECORDS; i++, p_dev_rec++) + { + if ((p_dev_rec->sec_flags & BTM_SEC_IN_USE) == 0) + continue; + + if (p_dev_rec->timestamp < ot) + { + p_oldest = p_dev_rec; + ot = p_dev_rec->timestamp; + } + } + return(p_oldest); +} + + diff --git a/stack/btm/btm_devctl.c b/stack/btm/btm_devctl.c new file mode 100644 index 0000000..f668caf --- /dev/null +++ b/stack/btm/btm_devctl.c @@ -0,0 +1,1935 @@ +/***************************************************************************** +** +** Name: btm_devctl.c +** +** Description: This file contains functions that handle BTM interface +** functions for the Bluetooth device including Rest, HCI +** buffer size and others +** +** Copyright (c) 1999-2011, Broadcom Corp., All Rights Reserved. +** Broadcom Bluetooth Core. Proprietary and confidential. +******************************************************************************/ + +#include <stdlib.h> +#include <string.h> +#include <stdio.h> +#include <stddef.h> + +#include "bt_types.h" +#include "hcimsgs.h" +#include "btu.h" +#include "btm_int.h" +#include "l2c_int.h" + +#if BLE_INCLUDED == TRUE +#include "gatt_int.h" + +#if GAP_INCLUDED == TRUE +#include "gap_api.h" +#include "gattdefs.h" +#endif + +#endif /* BLE_INCLUDED */ + +/* BTM_APP_DEV_INIT should be defined if additional controller initialization is +** needed by the application to be performed after the HCI reset +*/ +#ifdef BTM_APP_DEV_INIT +extern void BTM_APP_DEV_INIT(void); +#endif + +#ifdef BTA_PRM_CHECK_FW_VER +extern BOOLEAN BTA_PRM_CHECK_FW_VER(UINT8 *p); +#endif + +#ifndef TT_DEV_RESET_MASK +#define TT_DEV_RESET_MASK 0xff +#endif + +/********************************************************************************/ +/* L O C A L D A T A D E F I N I T I O N S */ +/********************************************************************************/ + +#ifndef BTM_DEV_RESET_TIMEOUT +#define BTM_DEV_RESET_TIMEOUT 4 +#endif + +#define BTM_DEV_REPLY_TIMEOUT 2 /* 1 second expiration time is not good. Timer may start between 0 and 1 second. */ + /* if it starts at the very end of the 0 second, timer will expire really easily. */ + +#define BTM_INFO_TIMEOUT 5 /* 5 seconds for info response */ + +/* After Reset a timeout can be specified in the target.h for specific targets + * that may require additional time to reset + * otherwise no timeout is required +*/ +#ifndef BTM_AFTER_RESET_TIMEOUT +#define BTM_AFTER_RESET_TIMEOUT 0 +#endif + +/* Internal baseband so the parameters such as local features, version etc. are known +so there is no need to issue HCI commands and wait for responses at BTM initialization */ +#ifndef BTM_INTERNAL_BB +#define BTM_INTERNAL_BB FALSE +#endif + +/* The local version information in the format specified in the HCI read local version +response message */ +#ifndef BTM_INTERNAL_LOCAL_VER +#define BTM_INTERNAL_LOCAL_VER {0x00, 0x01, 0x05, 0x81, 0x01, 0x30, 0x00, 0x40, 0x8D} +#endif + +/* The local features information in the format specified in the HCI read local features +response message */ +#ifndef BTM_INTERNAL_LOCAL_FEA +#define BTM_INTERNAL_LOCAL_FEA {0x00, 0xFF, 0xF9, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00} +#endif + +#ifndef BTM_SET_DEV_NAME_UPON_RESET +#define BTM_SET_DEV_NAME_UPON_RESET TRUE +#endif + +/* host SCO buffer size */ +#ifndef BTM_SCO_HOST_BUF_SIZE +#define BTM_SCO_HOST_BUF_SIZE 0xff +#endif + +#ifndef BTM_GPS_UIPC_CH_NB +#define BTM_GPS_UIPC_CH_NB UIPC_CH_ID_1 +#endif + +/********************************************************************************/ +/* L O C A L F U N C T I O N P R O T O T Y P E S */ +/********************************************************************************/ +static void btm_dev_reset (void); +static void btm_after_reset_hold_complete (void); +static void btm_continue_reset (void); + +/******************************************************************************* +** +** Function btm_dev_init +** +** Description This function is on the BTM startup +** +** Returns void +** +*******************************************************************************/ +void btm_dev_init (void) +{ +#if 0 /* cleared in btm_init; put back in if called from anywhere else! */ + memset (&btm_cb.devcb, 0, sizeof (tBTM_DEVCB)); +#endif + + /* Initialize nonzero defaults */ +#if (BTM_MAX_LOC_BD_NAME_LEN > 0) + memset(btm_cb.cfg.bd_name, 0, sizeof(tBTM_LOC_BD_NAME)); +#if (BTM_USE_DEF_LOCAL_NAME == TRUE) + BCM_STRNCPY_S(btm_cb.cfg.bd_name, sizeof(btm_cb.cfg.bd_name), BTM_DEF_LOCAL_NAME, BTM_MAX_LOC_BD_NAME_LEN); +#endif +#endif + + btm_cb.devcb.reset_timer.param = (TIMER_PARAM_TYPE)TT_DEV_RESET; + btm_cb.devcb.rln_timer.param = (TIMER_PARAM_TYPE)TT_DEV_RLN; + btm_cb.devcb.rlinkp_timer.param = (TIMER_PARAM_TYPE)TT_DEV_RLNKP; + + btm_cb.btm_acl_pkt_types_supported = BTM_ACL_PKT_TYPES_MASK_DH1 + BTM_ACL_PKT_TYPES_MASK_DM1 + + BTM_ACL_PKT_TYPES_MASK_DH3 + BTM_ACL_PKT_TYPES_MASK_DM3 + + BTM_ACL_PKT_TYPES_MASK_DH5 + BTM_ACL_PKT_TYPES_MASK_DM5; + + btm_cb.btm_sco_pkt_types_supported = BTM_SCO_PKT_TYPES_MASK_HV1 + + BTM_SCO_PKT_TYPES_MASK_HV2 + + BTM_SCO_PKT_TYPES_MASK_HV3 + + BTM_SCO_PKT_TYPES_MASK_EV3 + + BTM_SCO_PKT_TYPES_MASK_EV4 + + BTM_SCO_PKT_TYPES_MASK_EV5; + + btm_cb.first_disabled_channel = 0xff; /* To allow disabling 0th channel alone */ + btm_cb.last_disabled_channel = 0xff; /* To allow disabling 0th channel alone */ + +#if (BTM_AUTOMATIC_HCI_RESET == TRUE) + +#if (BTM_FIRST_RESET_DELAY > 0) + btm_cb.devcb.state = BTM_DEV_STATE_WAIT_RESET_CMPLT; + btu_start_timer (&btm_cb.devcb.reset_timer, BTU_TTYPE_BTM_DEV_CTL, BTM_FIRST_RESET_DELAY); +#else + btm_dev_reset(); +#endif + +#else + BTM_TRACE_EVENT0 ("BTM_AUTOMATIC_HCI_RESET is FALSE, so skip btm reset for now"); +#endif + +} + + +/******************************************************************************* +** +** Function btm_db_reset +** +** Description This function is called by BTM_DeviceReset and clears out any +** pending callbacks for inquiries, discoveries, other pending +** functions that may be in progress. +** +** Returns void +** +*******************************************************************************/ +static void btm_db_reset (void) +{ + tBTM_CMPL_CB *p_cb; + tBTM_STATUS status = BTM_DEV_RESET; + + btm_inq_db_reset(); + + if (btm_cb.devcb.p_rln_cmpl_cb) + { + p_cb = btm_cb.devcb.p_rln_cmpl_cb; + btm_cb.devcb.p_rln_cmpl_cb = NULL; + + if (p_cb) + (*p_cb)((void *) NULL); + } + + if (btm_cb.devcb.p_rlinkp_cmpl_cb) + { + p_cb = btm_cb.devcb.p_rlinkp_cmpl_cb; + btm_cb.devcb.p_rlinkp_cmpl_cb = NULL; + + if (p_cb) + (*p_cb)((void *) &status); + } + + if (btm_cb.devcb.p_rssi_cmpl_cb) + { + p_cb = btm_cb.devcb.p_rssi_cmpl_cb; + btm_cb.devcb.p_rssi_cmpl_cb = NULL; + + if (p_cb) + (*p_cb)((tBTM_RSSI_RESULTS *) &status); + } +} + + + +/******************************************************************************* +** +** Function btm_dev_absent +** +** Description This function is called by when it is detected that the +** device is not connected any more. +** +** Returns void +** +*******************************************************************************/ +void btm_dev_absent (void) +{ + btm_cb.devcb.state = BTM_DEV_STATE_WAIT_RESET_CMPLT; + + btm_db_reset (); + btm_inq_db_reset(); + + /* If anyone wants device status notifications, give him one */ + btm_report_device_status (BTM_DEV_STATUS_DOWN); + + btu_stop_timer (&btm_cb.devcb.reset_timer); +} + + +/******************************************************************************* +** +** Function BTM_DeviceReset +** +** Description This function is called to reset the HCI. Callback function +** if provided is called when startup of the device is +** completed. +** +** Returns void +** +*******************************************************************************/ +void BTM_DeviceReset (tBTM_CMPL_CB *p_cb) +{ + tBTM_STATUS status; + + /* If device is already resetting, do not allow another */ + if ((!btm_cb.devcb.p_reset_cmpl_cb) || (btm_cb.devcb.p_reset_cmpl_cb == p_cb)) + { + /* Flush all ACL connections */ + btm_acl_device_down(); + + /* Clear the callback, so application would not hang on reset */ + btm_db_reset(); + + /* Save address of the completion routine, if provided */ + btm_cb.devcb.p_reset_cmpl_cb = p_cb; + + btm_dev_reset (); + } + else + { + /* pass an error to the bad callback, another one was already provided */ + if (p_cb) + { + status = BTM_ILLEGAL_VALUE; + p_cb (&status); + } + } +} + + +/******************************************************************************* +** +** Function BTM_IsDeviceUp +** +** Description This function is called to check if the device is up. +** +** Returns TRUE if device is up, else FALSE +** +*******************************************************************************/ +BOOLEAN BTM_IsDeviceUp (void) +{ + return ((BOOLEAN) (btm_cb.devcb.state == BTM_DEV_STATE_READY)); +} + +/******************************************************************************* +** +** Function BTM_SetAfhChannels +** +** Description This function is called disable channels +** +** Returns tBTM_STATUS +** +*******************************************************************************/ +tBTM_STATUS BTM_SetAfhChannels (UINT8 first, UINT8 last) +{ + BTM_TRACE_API4 ("BTM_SetAfhChannels first: %d (%d) last: %d (%d)", + first, btm_cb.first_disabled_channel, last, + btm_cb.last_disabled_channel); + + /* Make sure the local device supports the feature before sending */ + if ((!HCI_LMP_AFH_CAP_MASTR_SUPPORTED(btm_cb.devcb.local_features)) && + (!HCI_LMP_AFH_CLASS_SLAVE_SUPPORTED(btm_cb.devcb.local_features)) && + (!HCI_LMP_AFH_CLASS_MASTR_SUPPORTED(btm_cb.devcb.local_features))) + return (BTM_MODE_UNSUPPORTED); + + if (!BTM_IsDeviceUp()) + return (BTM_WRONG_MODE); + + if ((btm_cb.first_disabled_channel != first) + || (btm_cb.last_disabled_channel != last)) + { + if (btsnd_hcic_set_afh_channels (first, last)) + { + btm_cb.first_disabled_channel = first; + btm_cb.last_disabled_channel = last; + } + else + return (BTM_NO_RESOURCES); + } + return (BTM_SUCCESS); +} + +/******************************************************************************* +** +** Function BTM_SetAfhChannelAssessment +** +** Description This function is called to set the channel assessment mode on or off +** +** Returns none +** +*******************************************************************************/ +tBTM_STATUS BTM_SetAfhChannelAssessment (BOOLEAN enable_or_disable) +{ + /* whatever app wants if device is not 1.2 scan type should be STANDARD */ + if (!HCI_LMP_AFH_CAP_SLAVE_SUPPORTED(btm_cb.devcb.local_features)) + return (BTM_MODE_UNSUPPORTED); + + if (!btsnd_hcic_write_afh_channel_assessment_mode (enable_or_disable)) + return (BTM_NO_RESOURCES); + + return (BTM_SUCCESS); +} + +/******************************************************************************* +** +** Function BTM_ContinueReset +** +** Description This function is called by the application to continue +** initialization after the application has completed its +** vendor specific sequence. It is only used when +** BTM_APP_DEV_INIT is defined in target.h. +** +** Returns void +** +*******************************************************************************/ +void BTM_ContinueReset (void) +{ +#ifdef BTM_APP_DEV_INIT + btm_continue_reset(); +#endif +} + +/******************************************************************************* +** +** Function btm_dev_reset +** +** Description Local function called to send a reset command +** +** Returns void +** +*******************************************************************************/ +static void btm_dev_reset (void) +{ + btm_cb.devcb.state = BTM_DEV_STATE_WAIT_RESET_CMPLT; + + /* flush out the command complete queue and command transmit queue */ + btu_hcif_flush_cmd_queue(); + + /* Start reset timer. When timer expires we will send first command */ + /* from the setup sequence */ + + btu_start_timer (&btm_cb.devcb.reset_timer, BTU_TTYPE_BTM_DEV_CTL, + BTM_DEV_RESET_TIMEOUT); + btsnd_hcic_reset (LOCAL_BR_EDR_CONTROLLER_ID); +} + + +/******************************************************************************* +** +** Function btm_get_hci_buf_size +** +** Description Local function called to send a read buffer size command +** +** Returns void +** +*******************************************************************************/ +void btm_get_hci_buf_size (void) +{ + + btu_start_timer (&btm_cb.devcb.reset_timer, BTU_TTYPE_BTM_DEV_CTL, BTM_DEV_REPLY_TIMEOUT); + + /* Send a Read Buffer Size message to the Host Controller. */ + btsnd_hcic_read_buffer_size (); + +} +#if BLE_INCLUDED == TRUE +/******************************************************************************* +** +** Function btm_read_ble_wl_size +** +** Description Local function called to send a read BLE buffer size command +** +** Returns void +** +*******************************************************************************/ +void btm_read_ble_wl_size(void) +{ + BTM_TRACE_DEBUG0("btm_read_ble_wl_size "); + btu_start_timer (&btm_cb.devcb.reset_timer, BTU_TTYPE_BTM_DEV_CTL, BTM_DEV_REPLY_TIMEOUT); + + /* Send a Read Buffer Size message to the Host Controller. */ + btsnd_hcic_ble_read_white_list_size(); +} +/******************************************************************************* +** +** Function btm_get_ble_buffer_size +** +** Description Local function called to send a read BLE buffer size command +** +** Returns void +** +*******************************************************************************/ +void btm_get_ble_buffer_size(void) +{ + BTM_TRACE_DEBUG0("btm_get_ble_buffer_size "); + btu_start_timer (&btm_cb.devcb.reset_timer, BTU_TTYPE_BTM_DEV_CTL, BTM_DEV_REPLY_TIMEOUT); + + /* Send a Read Buffer Size message to the Host Controller. */ + btsnd_hcic_ble_read_buffer_size (); +} +#endif +/******************************************************************************* +** +** Function btm_get_local_version +** +** Description Local function called to send a read local version to controller +** +** Returns void +** +*******************************************************************************/ +void btm_get_local_version (void) +{ + + btu_start_timer (&btm_cb.devcb.reset_timer, BTU_TTYPE_BTM_DEV_CTL, BTM_DEV_REPLY_TIMEOUT); + + /* Send a Read Local Version message to the Host Controller. */ + btsnd_hcic_read_local_ver (LOCAL_BR_EDR_CONTROLLER_ID); + btsnd_hcic_read_bd_addr (); + +#if BTM_PWR_MGR_INCLUDED == TRUE + btm_pm_reset(); +#endif + +} + +/******************************************************************************* +** +** Function btm_get_local_features +** +** Description Local function called to send a read local features +** +** Returns void +** +*******************************************************************************/ +void btm_get_local_features (void) +{ + btu_start_timer (&btm_cb.devcb.reset_timer, BTU_TTYPE_BTM_DEV_CTL, BTM_DEV_REPLY_TIMEOUT); + + btsnd_hcic_read_local_features (); +} + +/******************************************************************************* +** +** Function btm_dev_timeout +** +** Description This function is called when a timer list entry expires. +** +** Returns void +** +*******************************************************************************/ +void btm_dev_timeout (TIMER_LIST_ENT *p_tle) +{ + TIMER_PARAM_TYPE timer_type = (TIMER_PARAM_TYPE)p_tle->param; + + if ((timer_type & TT_DEV_RESET_MASK) == TT_DEV_RESET) + { + /* Call device reset as long as there is timeout*/ + btm_dev_reset(); + } + else if (timer_type == (TIMER_PARAM_TYPE)TT_DEV_RLN) + { + tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_rln_cmpl_cb; + + btm_cb.devcb.p_rln_cmpl_cb = NULL; + + if (p_cb) + (*p_cb)((void *) NULL); + } +} + +/******************************************************************************* +** +** Function btm_reset_complete +** +** Description This function is called when command complete for HCI_Reset +** is received. It does not make sense to send next command +** because device is resetting after command complete is +** received. Just start timer and set required state. +** +** Returns void +** +*******************************************************************************/ +void btm_reset_complete (void) +{ + int devinx; + + BTM_TRACE_EVENT0 ("btm_reset_complete"); + +#ifdef BRCM_VS + btm_vs_reset_complete(); +#endif + + + /* Handle if btm initiated the reset */ + if (btm_cb.devcb.state == BTM_DEV_STATE_WAIT_RESET_CMPLT) + { + /* Tell L2CAP that all connections are gone */ + l2cu_device_reset (); + + /* Clear current security state */ + for (devinx = 0; devinx < BTM_SEC_MAX_DEVICE_RECORDS; devinx++) + { + btm_cb.sec_dev_rec[devinx].sec_state = BTM_SEC_STATE_IDLE; + } + + /* After the reset controller should restore all parameters to defaults. */ + btm_cb.btm_inq_vars.inq_counter = 1; + btm_cb.btm_inq_vars.inq_scan_window = HCI_DEF_INQUIRYSCAN_WINDOW; + btm_cb.btm_inq_vars.inq_scan_period = HCI_DEF_INQUIRYSCAN_INTERVAL; + btm_cb.btm_inq_vars.inq_scan_type = HCI_DEF_SCAN_TYPE; + + btm_cb.btm_inq_vars.page_scan_window = HCI_DEF_PAGESCAN_WINDOW; + btm_cb.btm_inq_vars.page_scan_period = HCI_DEF_PAGESCAN_INTERVAL; + btm_cb.btm_inq_vars.page_scan_type = HCI_DEF_SCAN_TYPE; + +#if (BTM_AFTER_RESET_TIMEOUT > 0) + btu_start_timer (&btm_cb.devcb.reset_timer, BTU_TTYPE_BTM_DEV_CTL, + BTM_AFTER_RESET_TIMEOUT); +#else + btm_cb.devcb.state = BTM_DEV_STATE_WAIT_AFTER_RESET; + btm_after_reset_hold_complete(); +#endif + +#if (BLE_INCLUDED == TRUE) + btm_cb.ble_ctr_cb.bg_conn_state = BLE_BG_CONN_IDLE; + btm_cb.ble_ctr_cb.bg_conn_dev_num = 0; + btm_cb.ble_ctr_cb.bg_conn_type = BTM_BLE_CONN_NONE; + btm_cb.ble_ctr_cb.p_select_cback = NULL; + memset(&btm_cb.ble_ctr_cb.bg_conn_dev_list, 0, (sizeof(BD_ADDR)*BTM_BLE_MAX_BG_CONN_DEV_NUM)); + gatt_reset_bgdev_list(); +#endif + } +} + +/******************************************************************************* +** +** Function btm_continue_reset +** +** Description This function is called when wait period expired after +** device reset or called by the application to continue +** initialization after the application has completed its +** vendor specific sequence. +** +** Returns void +** +*******************************************************************************/ +void btm_continue_reset (void) +{ + + /* Reinitialize the default class of device */ +#if BTM_INTERNAL_BB == TRUE + btsnd_hcic_read_bd_addr (); +#if BTM_PWR_MGR_INCLUDED == TRUE + btm_pm_reset(); +#endif +#endif + + btm_get_hci_buf_size (); + + /* default device class */ + BTM_SetDeviceClass((UINT8 *) BTM_INIT_CLASS_OF_DEVICE); + +#if (BTM_MAX_LOC_BD_NAME_LEN > 0) && (BTM_SET_DEV_NAME_UPON_RESET == TRUE) + BTM_SetLocalDeviceName(btm_cb.cfg.bd_name); +#elif BTM_USE_DEF_LOCAL_NAME == TRUE + BTM_SetLocalDeviceName(BTM_DEF_LOCAL_NAME); +#endif + + BTM_SetPinType (btm_cb.cfg.pin_type, btm_cb.cfg.pin_code, btm_cb.cfg.pin_code_len); +} + +/******************************************************************************* +** +** Function btm_after_reset_hold_complete +** +** Description This function is called when wait period expired after +** device reset. Continue intitialization +** +** Returns void +** +*******************************************************************************/ +void btm_after_reset_hold_complete (void) +{ +#ifdef BTM_APP_DEV_INIT + btu_stop_timer(&btm_cb.devcb.reset_timer); + BTM_APP_DEV_INIT(); +#else + btm_continue_reset(); +#endif +} + + +/******************************************************************************* +** +** Function btm_read_hci_buf_size_complete +** +** Description This function is called when command complete for +** get HCI buffer size is received. Start timer and send +** read local featues request +** +** Returns void +** +*******************************************************************************/ +void btm_read_hci_buf_size_complete (UINT8 *p, UINT16 evt_len) +{ + UINT8 status; + UINT8 lm_sco_buf_size; + UINT16 lm_num_acl_bufs; + UINT16 lm_num_sco_bufs; + UINT16 acl_buf_size; + + STREAM_TO_UINT8 (status, p); + if (status == HCI_SUCCESS) + { + STREAM_TO_UINT16 (btu_cb.hcit_acl_data_size, p); + STREAM_TO_UINT8 (lm_sco_buf_size, p); + STREAM_TO_UINT16 (lm_num_acl_bufs, p); + STREAM_TO_UINT16 (lm_num_sco_bufs, p); + + btu_cb.hcit_acl_pkt_size = btu_cb.hcit_acl_data_size + HCI_DATA_PREAMBLE_SIZE; + + l2c_link_processs_num_bufs (lm_num_acl_bufs); + +#if BTM_ACL_BUF_SIZE > 0 + acl_buf_size = (BTM_ACL_BUF_SIZE < L2CAP_MTU_SIZE) ? BTM_ACL_BUF_SIZE : L2CAP_MTU_SIZE; +#else + acl_buf_size = L2CAP_MTU_SIZE; +#endif + /* Tell the controller what our buffer sizes are. ?? Need SCO info */ + btsnd_hcic_set_host_buf_size (acl_buf_size, BTM_SCO_HOST_BUF_SIZE, L2CAP_HOST_FC_ACL_BUFS, 10); + +#if L2CAP_HOST_FLOW_CTRL == TRUE + btsnd_hcic_set_host_flow_ctrl (HCI_HOST_FLOW_CTRL_ACL_ON); +#endif + } + + /* Set the device into connectable and/or discoverable mode (if configured to do so) */ +#if BTM_IS_CONNECTABLE == TRUE + (void) BTM_SetConnectability (BTM_CONNECTABLE, BTM_DEFAULT_CONN_WINDOW, BTM_DEFAULT_CONN_INTERVAL); +#endif + +#if BTM_IS_DISCOVERABLE == TRUE + (void) BTM_SetDiscoverability (BTM_DEFAULT_DISC_MODE, BTM_DEFAULT_DISC_WINDOW, BTM_DEFAULT_DISC_INTERVAL); +#endif + +#if BTM_INTERNAL_BB == TRUE + { + UINT8 buf[9] = BTM_INTERNAL_LOCAL_VER; + btm_read_local_version_complete( buf, 9 ); + } +#else + btm_get_local_version (); +#endif +} + +#if (BLE_INCLUDED == TRUE) +/******************************************************************************* +** +** Function btm_read_ble_buf_size_complete +** +** Description This function is called when command complete for +** get HCI buffer size is received. Start timer and send +** read local featues request +** +** Returns void +** +*******************************************************************************/ +void btm_read_ble_buf_size_complete (UINT8 *p, UINT16 evt_len) +{ + UINT8 status; + UINT16 lm_num_le_bufs; + + BTM_TRACE_DEBUG0("btm_read_ble_buf_size_complete "); + STREAM_TO_UINT8 (status, p); + if (status == HCI_SUCCESS) + { + STREAM_TO_UINT16 (btu_cb.hcit_ble_acl_data_size, p); + STREAM_TO_UINT8 (lm_num_le_bufs, p); + + btu_cb.hcit_ble_acl_pkt_size = btu_cb.hcit_ble_acl_data_size + HCI_DATA_PREAMBLE_SIZE; + + l2c_link_processs_ble_num_bufs (lm_num_le_bufs); + } + +#if BTM_INTERNAL_BB == TRUE + { + UINT8 buf[9] = BTM_INTERNAL_LOCAL_FEA; + btm_read_local_features_complete( buf, 9 ); + } +#else +#ifdef BRCM_VS + btm_brcm_feat_init(); +#else + /* get local feature if BRCM specific feature is not included */ + btm_get_local_features (); +#endif +#endif + +} + +/******************************************************************************* +** +** Function btm_read_white_list_size_complete +** +** Description This function read the current white list size. +*******************************************************************************/ +void btm_read_white_list_size_complete(UINT8 *p, UINT16 evt_len) +{ + UINT8 status; + + BTM_TRACE_DEBUG0("btm_read_white_list_size_complete "); + STREAM_TO_UINT8 (status, p); + + if (status == HCI_SUCCESS) + { + STREAM_TO_UINT8(btm_cb.ble_ctr_cb.max_filter_entries, p); + btm_cb.ble_ctr_cb.num_empty_filter = btm_cb.ble_ctr_cb.max_filter_entries; + } + + btm_get_ble_buffer_size(); +} + +#endif +/******************************************************************************* +** +** Function btm_read_local_version_complete +** +** Description This function is called when local BD Addr read complete +** message is received from the HCI. +** +** Returns void +** +*******************************************************************************/ +void btm_read_local_version_complete (UINT8 *p, UINT16 evt_len) +{ + tBTM_VERSION_INFO *p_vi = &btm_cb.devcb.local_version; + UINT8 status; + +#ifdef BTA_PRM_CHECK_FW_VER + if(BTA_PRM_CHECK_FW_VER(p)) + return; +#endif + + STREAM_TO_UINT8 (status, p); + if (status == HCI_SUCCESS) + { + + STREAM_TO_UINT8 (p_vi->hci_version, p); + STREAM_TO_UINT16 (p_vi->hci_revision, p); + STREAM_TO_UINT8 (p_vi->lmp_version, p); + STREAM_TO_UINT16 (p_vi->manufacturer, p); + STREAM_TO_UINT16 (p_vi->lmp_subversion, p); + } + +#if BLE_INCLUDED == TRUE + { + btm_read_ble_wl_size(); + } +#elif BTM_INTERNAL_BB == TRUE + { + UINT8 buf[9] = BTM_INTERNAL_LOCAL_FEA; + btm_read_local_features_complete( buf, 9 ); + } +#else +#ifdef BRCM_VS + btm_brcm_feat_init(); +#else + /* get local feature if BRCM specific feature is not included */ + btm_get_local_features (); +#endif +#endif +} + + +/******************************************************************************* +** +** Function btm_read_local_features_complete +** +** Description This function is called when local features read is complete. +** This is the last step of the startup sequence. +** +** Returns void +** +*******************************************************************************/ +void btm_read_local_features_complete (UINT8 *p, UINT16 evt_len) +{ + tBTM_DEVCB *p_devcb = &btm_cb.devcb; + tBTM_CMPL_CB *p_cb = p_devcb->p_reset_cmpl_cb; + UINT8 status; + UINT16 xx; + UINT8 last; + UINT8 first; + + btu_stop_timer (&btm_cb.devcb.reset_timer); + /* If there was a callback address for reset complete, call it */ + p_devcb->p_reset_cmpl_cb = NULL; + + STREAM_TO_UINT8 (status, p); + if (status == HCI_SUCCESS) + { + /* stop guard timer to avoid accidental timeout */ + btu_stop_timer(&p_devcb->reset_timer); + + p_devcb->state = BTM_DEV_STATE_READY; + + /* Extract features and create "btm_acl_pkt_types_supported" flag + */ + for (xx = 0; xx < HCI_NUM_FEATURE_BYTES; xx++) + STREAM_TO_UINT8 (p_devcb->local_features[xx], p); + + /* Create ACL supported packet types mask + */ + btm_cb.btm_acl_pkt_types_supported = (BTM_ACL_PKT_TYPES_MASK_DH1 + + BTM_ACL_PKT_TYPES_MASK_DM1); + + if (HCI_3_SLOT_PACKETS_SUPPORTED(p_devcb->local_features)) + btm_cb.btm_acl_pkt_types_supported |= (BTM_ACL_PKT_TYPES_MASK_DH3 + + BTM_ACL_PKT_TYPES_MASK_DM3); + + if (HCI_5_SLOT_PACKETS_SUPPORTED(p_devcb->local_features)) + btm_cb.btm_acl_pkt_types_supported |= (BTM_ACL_PKT_TYPES_MASK_DH5 + + BTM_ACL_PKT_TYPES_MASK_DM5); + + /* _NO_X_DXX masks are reserved before ver 2.0. + Set them only for later versions of controller */ + if (btm_cb.devcb.local_version.hci_version >= HCI_PROTO_VERSION_2_0) + { + + /* Add in EDR related ACL types */ + if (!HCI_EDR_ACL_2MPS_SUPPORTED(p_devcb->local_features)) + { + btm_cb.btm_acl_pkt_types_supported |= (BTM_ACL_PKT_TYPES_MASK_NO_2_DH1 + + BTM_ACL_PKT_TYPES_MASK_NO_2_DH3 + + BTM_ACL_PKT_TYPES_MASK_NO_2_DH5); + } + + if (!HCI_EDR_ACL_3MPS_SUPPORTED(p_devcb->local_features)) + { + btm_cb.btm_acl_pkt_types_supported |= (BTM_ACL_PKT_TYPES_MASK_NO_3_DH1 + + BTM_ACL_PKT_TYPES_MASK_NO_3_DH3 + + BTM_ACL_PKT_TYPES_MASK_NO_3_DH5); + } + + /* Check to see if 3 and 5 slot packets are available */ + if (HCI_EDR_ACL_2MPS_SUPPORTED(p_devcb->local_features) || + HCI_EDR_ACL_3MPS_SUPPORTED(p_devcb->local_features)) + { + if (!HCI_3_SLOT_EDR_ACL_SUPPORTED(p_devcb->local_features)) + btm_cb.btm_acl_pkt_types_supported |= (BTM_ACL_PKT_TYPES_MASK_NO_2_DH3 + + BTM_ACL_PKT_TYPES_MASK_NO_3_DH3); + + if (!HCI_5_SLOT_EDR_ACL_SUPPORTED(p_devcb->local_features)) + btm_cb.btm_acl_pkt_types_supported |= (BTM_ACL_PKT_TYPES_MASK_NO_2_DH5 + + BTM_ACL_PKT_TYPES_MASK_NO_3_DH5); + } + } + + BTM_TRACE_DEBUG1("Local supported ACL packet types: 0x%04x", + btm_cb.btm_acl_pkt_types_supported); + + /* Create (e)SCO supported packet types mask + */ + btm_cb.btm_sco_pkt_types_supported = 0; +#if BTM_SCO_INCLUDED == TRUE + btm_cb.sco_cb.esco_supported = FALSE; +#endif + if (HCI_SCO_LINK_SUPPORTED(p_devcb->local_features)) + { + btm_cb.btm_sco_pkt_types_supported = BTM_SCO_PKT_TYPES_MASK_HV1; + + if (HCI_HV2_PACKETS_SUPPORTED(p_devcb->local_features)) + btm_cb.btm_sco_pkt_types_supported |= BTM_SCO_PKT_TYPES_MASK_HV2; + + if (HCI_HV3_PACKETS_SUPPORTED(p_devcb->local_features)) + btm_cb.btm_sco_pkt_types_supported |= BTM_SCO_PKT_TYPES_MASK_HV3; + } + + if (HCI_ESCO_EV3_SUPPORTED(p_devcb->local_features)) + btm_cb.btm_sco_pkt_types_supported |= BTM_SCO_PKT_TYPES_MASK_EV3; + + if (HCI_ESCO_EV4_SUPPORTED(p_devcb->local_features)) + btm_cb.btm_sco_pkt_types_supported |= BTM_SCO_PKT_TYPES_MASK_EV4; + + if (HCI_ESCO_EV5_SUPPORTED(p_devcb->local_features)) + btm_cb.btm_sco_pkt_types_supported |= BTM_SCO_PKT_TYPES_MASK_EV5; +#if BTM_SCO_INCLUDED == TRUE + if (btm_cb.btm_sco_pkt_types_supported & BTM_ESCO_LINK_ONLY_MASK) + { + btm_cb.sco_cb.esco_supported = TRUE; + + /* Add in EDR related eSCO types */ + if (HCI_EDR_ESCO_2MPS_SUPPORTED(p_devcb->local_features)) + { + if (!HCI_3_SLOT_EDR_ESCO_SUPPORTED(p_devcb->local_features)) + btm_cb.btm_sco_pkt_types_supported |= BTM_SCO_PKT_TYPES_MASK_NO_2_EV5; + } + else + { + btm_cb.btm_sco_pkt_types_supported |= (BTM_SCO_PKT_TYPES_MASK_NO_2_EV3 + + BTM_SCO_PKT_TYPES_MASK_NO_2_EV5); + } + + if (HCI_EDR_ESCO_3MPS_SUPPORTED(p_devcb->local_features)) + { + if (!HCI_3_SLOT_EDR_ESCO_SUPPORTED(p_devcb->local_features)) + btm_cb.btm_sco_pkt_types_supported |= BTM_SCO_PKT_TYPES_MASK_NO_3_EV5; + } + else + { + btm_cb.btm_sco_pkt_types_supported |= (BTM_SCO_PKT_TYPES_MASK_NO_3_EV3 + + BTM_SCO_PKT_TYPES_MASK_NO_3_EV5); + } + } +#endif + + BTM_TRACE_DEBUG1("Local supported SCO packet types: 0x%04x", + btm_cb.btm_sco_pkt_types_supported); + + /* Create Default Policy Settings + */ + if (HCI_SWITCH_SUPPORTED(p_devcb->local_features)) + btm_cb.btm_def_link_policy |= HCI_ENABLE_MASTER_SLAVE_SWITCH; + else + btm_cb.btm_def_link_policy &= ~HCI_ENABLE_MASTER_SLAVE_SWITCH; + + if (HCI_HOLD_MODE_SUPPORTED(p_devcb->local_features)) + btm_cb.btm_def_link_policy |= HCI_ENABLE_HOLD_MODE; + else + btm_cb.btm_def_link_policy &= ~HCI_ENABLE_HOLD_MODE; + + if (HCI_SNIFF_MODE_SUPPORTED(p_devcb->local_features)) + btm_cb.btm_def_link_policy |= HCI_ENABLE_SNIFF_MODE; + else + btm_cb.btm_def_link_policy &= ~HCI_ENABLE_SNIFF_MODE; + + if (HCI_PARK_MODE_SUPPORTED(p_devcb->local_features)) + btm_cb.btm_def_link_policy |= HCI_ENABLE_PARK_MODE; + else + btm_cb.btm_def_link_policy &= ~HCI_ENABLE_PARK_MODE; + + btm_sec_dev_reset (); + + /* If 802.11 present might have to disable some channels */ + if (btm_cb.last_disabled_channel != 0xff) + { + last = btm_cb.last_disabled_channel; + first = btm_cb.first_disabled_channel; + btm_cb.last_disabled_channel = 0xff; + btm_cb.first_disabled_channel = 0xff; + BTM_SetAfhChannels(first, last); + } + +#if ((BTM_EIR_SERVER_INCLUDED == TRUE)||(BTM_EIR_CLIENT_INCLUDED == TRUE)) + if (HCI_LMP_INQ_RSSI_SUPPORTED(p_devcb->local_features)) + { + if (HCI_EXT_INQ_RSP_SUPPORTED(p_devcb->local_features)) + BTM_SetInquiryMode (BTM_INQ_RESULT_EXTENDED); + else + BTM_SetInquiryMode (BTM_INQ_RESULT_WITH_RSSI); + } +#else + if (HCI_LMP_INQ_RSSI_SUPPORTED(p_devcb->local_features)) + BTM_SetInquiryMode (BTM_INQ_RESULT_WITH_RSSI); +#endif +#if L2CAP_NON_FLUSHABLE_PB_INCLUDED == TRUE + if( HCI_NON_FLUSHABLE_PB_SUPPORTED(p_devcb->local_features)) + l2cu_set_non_flushable_pbf(TRUE); + else + l2cu_set_non_flushable_pbf(FALSE); +#endif + BTM_SetPageScanType (BTM_DEFAULT_SCAN_TYPE); + BTM_SetInquiryScanType (BTM_DEFAULT_SCAN_TYPE); + + /* If anyone wants device status notifications, give him one */ + btm_report_device_status (BTM_DEV_STATUS_UP); + +#ifdef BRCM_VS + btm_brcm_arc_init(); +#endif + + /* Reset sequence is complete. If this was an application originated */ + /* reset, tell him its done. */ + if (p_cb) + (*p_cb)((void *) NULL); + } +} + +/******************************************************************************* +** +** Function btm_get_voice_coding_support +** +** Description This function is provides a way to get the voice coding schemes +** supported the device. +** +** Returns A bit mask - Bit 0 if set indicates CVSD support +** Bit 1 if set indicates PCM A-law support +** Bit 2 if set indicates PCM Mu-law support +** +*******************************************************************************/ + +UINT8 btm_get_voice_coding_support( void ) +{ + UINT8 code = 0; + + if( HCI_LMP_CVSD_SUPPORTED(btm_cb.devcb.local_features) ) code |= 0x01 ; + if( HCI_LMP_A_LAW_SUPPORTED(btm_cb.devcb.local_features) ) code |= 0x02 ; + if( HCI_LMP_U_LAW_SUPPORTED(btm_cb.devcb.local_features) ) code |= 0x04 ; + + return code ; +} + +/******************************************************************************* +** +** Function BTM_SetLocalDeviceName +** +** Description This function is called to set the local device name. +** +** Returns status of the operation +** +*******************************************************************************/ +tBTM_STATUS BTM_SetLocalDeviceName (char *p_name) +{ + UINT8 *p; +#if BLE_INCLUDED == TRUE && GAP_INCLUDED == TRUE + tGAP_BLE_ATTR_VALUE attr_value; +#endif + + if (!p_name || !p_name[0] || (strlen ((char *)p_name) > BD_NAME_LEN)) + return (BTM_ILLEGAL_VALUE); + + if (btm_cb.devcb.state == BTM_DEV_STATE_WAIT_RESET_CMPLT || + btm_cb.devcb.state == BTM_DEV_STATE_WAIT_AFTER_RESET) + return (BTM_DEV_RESET); + +#if BTM_MAX_LOC_BD_NAME_LEN > 0 + /* Save the device name if local storage is enabled */ + p = (UINT8 *)btm_cb.cfg.bd_name; + if (p != (UINT8 *)p_name) + { + BCM_STRNCPY_S(btm_cb.cfg.bd_name, sizeof(btm_cb.cfg.bd_name), p_name, BTM_MAX_LOC_BD_NAME_LEN); + btm_cb.cfg.bd_name[BTM_MAX_LOC_BD_NAME_LEN] = '\0'; + } +#else + p = (UINT8 *)p_name; +#endif + +#if BLE_INCLUDED == TRUE && GAP_INCLUDED == TRUE + attr_value.p_dev_name = (UINT8 *)p_name; + GAP_BleAttrDBUpdate(GATT_UUID_GAP_DEVICE_NAME, &attr_value); +#endif + + if (btsnd_hcic_change_name(p)) + return (BTM_CMD_STARTED); + else + return (BTM_NO_RESOURCES); +} + + + +/******************************************************************************* +** +** Function BTM_ReadLocalDeviceName +** +** Description This function is called to read the local device name. +** +** Returns status of the operation +** If success, BTM_SUCCESS is returned and p_name points stored +** local device name +** If BTM doesn't store local device name, BTM_NO_RESOURCES is +** is returned and p_name is set to NULL +** +*******************************************************************************/ +tBTM_STATUS BTM_ReadLocalDeviceName (char **p_name) +{ +#if BTM_MAX_LOC_BD_NAME_LEN > 0 + *p_name = btm_cb.cfg.bd_name; + return(BTM_SUCCESS); +#else + *p_name = NULL; + return(BTM_NO_RESOURCES); +#endif +} + + +/******************************************************************************* +** +** Function BTM_ReadLocalDeviceNameFromController +** +** Description Get local device name from controller. Do not use cached +** name (used to get chip-id prior to btm reset complete). +** +** Returns BTM_CMD_STARTED if successful, otherwise an error +** +*******************************************************************************/ +tBTM_STATUS BTM_ReadLocalDeviceNameFromController (tBTM_CMPL_CB *p_rln_cmpl_cback) +{ + /* Check if rln already in progress */ + if (btm_cb.devcb.p_rln_cmpl_cb) + return(BTM_NO_RESOURCES); + + /* Save callback */ + btm_cb.devcb.p_rln_cmpl_cb = p_rln_cmpl_cback; + + btsnd_hcic_read_name(); + btu_start_timer (&btm_cb.devcb.rln_timer, BTU_TTYPE_BTM_DEV_CTL, BTM_DEV_REPLY_TIMEOUT); + + return BTM_CMD_STARTED; +} + +/******************************************************************************* +** +** Function btm_read_local_name_complete +** +** Description This function is called when local name read complete. +** message is received from the HCI. +** +** Returns void +** +*******************************************************************************/ +void btm_read_local_name_complete (UINT8 *p, UINT16 evt_len) +{ + tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_rln_cmpl_cb; + UINT8 status; + + btu_stop_timer (&btm_cb.devcb.rln_timer); + + /* If there was a callback address for read local name, call it */ + btm_cb.devcb.p_rln_cmpl_cb = NULL; + + if (p_cb) + { + STREAM_TO_UINT8 (status, p); + + if (status == HCI_SUCCESS) + (*p_cb)(p); + else + (*p_cb)(NULL); + } +} + + +/******************************************************************************* +** +** Function BTM_GetLocalDeviceAddr +** +** Description This function is called to read the local device address +** +** Returns void +** the local device address is copied into bd_addr +** +*******************************************************************************/ +void BTM_GetLocalDeviceAddr (BD_ADDR bd_addr) +{ + memcpy (bd_addr, btm_cb.devcb.local_addr, BD_ADDR_LEN); +} + +/******************************************************************************* +** +** Function BTM_ReadLocalDeviceAddr +** +** Description This function is called to read the local device address +** +** Returns status of the operation +** +*******************************************************************************/ +tBTM_STATUS BTM_ReadLocalDeviceAddr (tBTM_CMPL_CB *p_cb) +{ + if(p_cb) + (*p_cb)(btm_cb.devcb.local_addr); + + return (BTM_SUCCESS); +} + + +/******************************************************************************* +** +** Function btm_read_local_addr_complete +** +** Description This function is called when local BD Addr read complete +** message is received from the HCI. +** +** Returns void +** +*******************************************************************************/ +void btm_read_local_addr_complete (UINT8 *p, UINT16 evt_len) +{ + UINT8 status; + + STREAM_TO_UINT8 (status, p); + + if (status == HCI_SUCCESS) + { + STREAM_TO_BDADDR (btm_cb.devcb.local_addr, p); + } +} + + +/******************************************************************************* +** +** Function BTM_ReadLocalVersion +** +** Description This function is called to read the local device version +** +** Returns status of the operation +** +*******************************************************************************/ +tBTM_STATUS BTM_ReadLocalVersion (tBTM_VERSION_INFO *p_vers) +{ + /* Make sure the device has retrieved the info (not being reset) */ + if (btm_cb.devcb.state < BTM_DEV_STATE_READY) + return (BTM_DEV_RESET); + + *p_vers = btm_cb.devcb.local_version; + + return (BTM_SUCCESS); +} + + + + +/******************************************************************************* +** +** Function BTM_SetDeviceClass +** +** Description This function is called to set the local device class +** +** Returns status of the operation +** +*******************************************************************************/ +tBTM_STATUS BTM_SetDeviceClass (DEV_CLASS dev_class) +{ + if(!memcmp (btm_cb.devcb.dev_class, dev_class, DEV_CLASS_LEN)) + return(BTM_SUCCESS); + + memcpy (btm_cb.devcb.dev_class, dev_class, DEV_CLASS_LEN); + + if (btm_cb.devcb.state == BTM_DEV_STATE_WAIT_RESET_CMPLT || + btm_cb.devcb.state == BTM_DEV_STATE_WAIT_AFTER_RESET) + return (BTM_DEV_RESET); + + if (!btsnd_hcic_write_dev_class (dev_class)) + return (BTM_NO_RESOURCES); + + return (BTM_SUCCESS); +} + + +/******************************************************************************* +** +** Function BTM_ReadDeviceClass +** +** Description This function is called to read the local device class +** +** Returns pointer to the device class +** +*******************************************************************************/ +UINT8 *BTM_ReadDeviceClass (void) +{ + return ((UINT8 *)btm_cb.devcb.dev_class); +} + + +/******************************************************************************* +** +** Function BTM_ReadLocalFeatures +** +** Description This function is called to read the local features +** +** Returns pointer to the local features string +** +*******************************************************************************/ +UINT8 *BTM_ReadLocalFeatures (void) +{ + return (btm_cb.devcb.local_features); +} + +/******************************************************************************* +** +** Function BTM_ReadBrcmFeatures +** +** Description This function is called to read the Broadcom specific features +** +** Returns pointer to the Broadcom features string +** +*******************************************************************************/ +UINT8 *BTM_ReadBrcmFeatures (void) +{ + return (btm_cb.devcb.brcm_features); +} + +/******************************************************************************* +** +** Function BTM_RegisterForDeviceStatusNotif +** +** Description This function is called to register for device status +** change notifications. +** +** If one registration is already there calling function should +** save the pointer to the function that is return and +** call it when processing of the event is complete +** +** Returns status of the operation +** +*******************************************************************************/ +tBTM_DEV_STATUS_CB *BTM_RegisterForDeviceStatusNotif (tBTM_DEV_STATUS_CB *p_cb) +{ + tBTM_DEV_STATUS_CB *p_prev = btm_cb.devcb.p_dev_status_cb; + + btm_cb.devcb.p_dev_status_cb = p_cb; + return (p_prev); +} + +/******************************************************************************* +** +** Function BTM_VendorSpecificCommand +** +** Description Send a vendor specific HCI command to the controller. +** +** Returns +** BTM_SUCCESS Command sent. Does not expect command complete +** event. (command cmpl callback param is NULL) +** BTM_CMD_STARTED Command sent. Waiting for command cmpl event. +** +** Notes +** Opcode will be OR'd with HCI_GRP_VENDOR_SPECIFIC. +** +*******************************************************************************/ +tBTM_STATUS BTM_VendorSpecificCommand(UINT16 opcode, UINT8 param_len, + UINT8 *p_param_buf, tBTM_VSC_CMPL_CB *p_cb) +{ + void *p_buf; + + BTM_TRACE_EVENT2 ("BTM: BTM_VendorSpecificCommand: Opcode: 0x%04X, ParamLen: %i.", + opcode, param_len); + + /* Allocate a buffer to hold HCI command plus the callback function */ + if ((p_buf = GKI_getbuf((UINT16)(sizeof(BT_HDR) + sizeof (tBTM_CMPL_CB *) + + param_len + HCIC_PREAMBLE_SIZE))) != NULL) + { + /* Send the HCI command (opcode will be OR'd with HCI_GRP_VENDOR_SPECIFIC) */ + btsnd_hcic_vendor_spec_cmd (p_buf, opcode, param_len, p_param_buf, (void *)p_cb); + + /* Return value */ + if (p_cb != NULL) + return (BTM_CMD_STARTED); + else + return (BTM_SUCCESS); + } + else + return (BTM_NO_RESOURCES); + +} + + +/******************************************************************************* +** +** Function btm_vsc_complete +** +** Description This function is called when local HCI Vendor Specific +** Command complete message is received from the HCI. +** +** Returns void +** +*******************************************************************************/ +void btm_vsc_complete (UINT8 *p, UINT16 opcode, UINT16 evt_len, + tBTM_CMPL_CB *p_vsc_cplt_cback) +{ + tBTM_VSC_CMPL vcs_cplt_params; + + /* If there was a callback address for vcs complete, call it */ + if (p_vsc_cplt_cback) + { + /* Pass paramters to the callback function */ + vcs_cplt_params.opcode = opcode; /* Number of bytes in return info */ + vcs_cplt_params.param_len = evt_len; /* Number of bytes in return info */ + vcs_cplt_params.p_param_buf = p; + (*p_vsc_cplt_cback)(&vcs_cplt_params); /* Call the VSC complete callback function */ + } +} + +/******************************************************************************* +** +** Function BTM_RegisterForVSEvents +** +** Description This function is called to register/deregister for vendor +** specific HCI events. +** +** If is_register=TRUE, then the function will be registered; +** if is_register=FALSE, then the function will be deregistered. +** +** Returns BTM_SUCCESS if successful, +** BTM_BUSY if maximum number of callbacks have already been +** registered. +** +*******************************************************************************/ +tBTM_STATUS BTM_RegisterForVSEvents (tBTM_VS_EVT_CB *p_cb, BOOLEAN is_register) +{ + tBTM_STATUS retval = BTM_SUCCESS; + UINT8 i, free_idx = BTM_MAX_VSE_CALLBACKS; + + /* See if callback is already registered */ + for (i=0; i<BTM_MAX_VSE_CALLBACKS; i++) + { + if (btm_cb.devcb.p_vend_spec_cb[i] == NULL) + { + /* Found a free slot. Store index */ + free_idx = i; + } + else if (btm_cb.devcb.p_vend_spec_cb[i] == p_cb) + { + /* Found callback in lookup table. If deregistering, clear the entry. */ + if (is_register == FALSE) + { + btm_cb.devcb.p_vend_spec_cb[i] = NULL; + BTM_TRACE_EVENT0("BTM Deregister For VSEvents is successfully"); + } + return (BTM_SUCCESS); + } + } + + /* Didn't find callback. Add callback to free slot if registering */ + if (is_register) + { + if (free_idx < BTM_MAX_VSE_CALLBACKS) + { + btm_cb.devcb.p_vend_spec_cb[free_idx] = p_cb; + BTM_TRACE_EVENT0("BTM Register For VSEvents is successfully"); + } + else + { + /* No free entries available */ + BTM_TRACE_ERROR0 ("BTM_RegisterForVSEvents: too many callbacks registered"); + + retval = BTM_NO_RESOURCES; + } + } + + return (retval); +} + +/******************************************************************************* +** +** Function btm_vendor_specific_evt +** +** Description Process event HCI_VENDOR_SPECIFIC_EVT +** +** Note: Some controllers do not send command complete, so +** the callback and busy flag are cleared here also. +** +** Returns void +** +*******************************************************************************/ +void btm_vendor_specific_evt (UINT8 *p, UINT8 evt_len) +{ + UINT8 i; + + BTM_TRACE_DEBUG0 ("BTM Event: Vendor Specific event from controller"); + + for (i=0; i<BTM_MAX_VSE_CALLBACKS; i++) + { + if (btm_cb.devcb.p_vend_spec_cb[i]) + (*btm_cb.devcb.p_vend_spec_cb[i])(evt_len, p); + } +} + + +/******************************************************************************* +** +** Function BTM_WritePageTimeout +** +** Description Send HCI Write Page Timeout. +** +** Returns +** BTM_SUCCESS Command sent. +** BTM_NO_RESOURCES If out of resources to send the command. +** +** +*******************************************************************************/ +tBTM_STATUS BTM_WritePageTimeout(UINT16 timeout) +{ + BTM_TRACE_EVENT1 ("BTM: BTM_WritePageTimeout: Timeout: %d.", timeout); + + /* Send the HCI command */ + if (btsnd_hcic_write_page_tout (timeout)) + return (BTM_SUCCESS); + else + return (BTM_NO_RESOURCES); +} + +/******************************************************************************* +** +** Function BTM_WriteVoiceSettings +** +** Description Send HCI Write Voice Settings command. +** See hcidefs.h for settings bitmask values. +** +** Returns +** BTM_SUCCESS Command sent. +** BTM_NO_RESOURCES If out of resources to send the command. +** +** +*******************************************************************************/ +tBTM_STATUS BTM_WriteVoiceSettings(UINT16 settings) +{ + BTM_TRACE_EVENT1 ("BTM: BTM_WriteVoiceSettings: Settings: 0x%04x.", settings); + + /* Send the HCI command */ + if (btsnd_hcic_write_voice_settings ((UINT16)(settings & 0x03ff))) + return (BTM_SUCCESS); + + return (BTM_NO_RESOURCES); +} + +/******************************************************************************* +** +** Function BTM_EnableTestMode +** +** Description Send HCI the enable device under test command. +** +** Note: Controller can only be taken out of this mode by +** resetting the controller. +** +** Returns +** BTM_SUCCESS Command sent. +** BTM_NO_RESOURCES If out of resources to send the command. +** +** +*******************************************************************************/ +tBTM_STATUS BTM_EnableTestMode(void) +{ + UINT8 cond; + + BTM_TRACE_EVENT0 ("BTM: BTM_EnableTestMode"); + + /* set auto accept connection as this is needed during test mode */ + /* Allocate a buffer to hold HCI command */ + cond = HCI_DO_AUTO_ACCEPT_CONNECT; + if (!btsnd_hcic_set_event_filter(HCI_FILTER_CONNECTION_SETUP, + HCI_FILTER_COND_NEW_DEVICE, + &cond, sizeof(cond))) + { + return (BTM_NO_RESOURCES); + } + + /* put device to connectable mode */ + if (!BTM_SetConnectability(BTM_CONNECTABLE, BTM_DEFAULT_CONN_WINDOW, + BTM_DEFAULT_CONN_INTERVAL) == BTM_SUCCESS) + { + return BTM_NO_RESOURCES; + } + + /* put device to discoverable mode */ + if (!BTM_SetDiscoverability(BTM_GENERAL_DISCOVERABLE, BTM_DEFAULT_DISC_WINDOW, + BTM_DEFAULT_DISC_INTERVAL) == BTM_SUCCESS) + { + return BTM_NO_RESOURCES; + } + + /* mask off all of event from controller */ + if (!btsnd_hcic_set_event_mask(LOCAL_BR_EDR_CONTROLLER_ID, + (UINT8 *)"\x00\x00\x00\x00\x00\x00\x00\x00")) + { + return BTM_NO_RESOURCES; + } + + /* Send the HCI command */ + if (btsnd_hcic_enable_test_mode ()) + return (BTM_SUCCESS); + else + return (BTM_NO_RESOURCES); +} + +/******************************************************************************* +** +** Function btm_get_hci_version +** +** Description Local function called to retrieve the current HCI version +** +** Returns Bluetooth HCI Version returned by the controller +** +*******************************************************************************/ +UINT8 btm_get_hci_version (void) +{ + return (btm_cb.devcb.local_version.hci_version); +} + + + +/******************************************************************************* +** +** Function BTM_ReadStoredLinkKey +** +** Description This function is called to obtain link key for the specified +** device from the NVRAM storage attached to the Bluetooth +** controller. +** +** Parameters: bd_addr - Address of the device +** p_cb - Call back function to be called to return +** the results +** +*******************************************************************************/ +tBTM_STATUS BTM_ReadStoredLinkKey (BD_ADDR bd_addr, tBTM_CMPL_CB *p_cb) +{ + BD_ADDR local_bd_addr; + BOOLEAN read_all_flag = FALSE; + + /* Check if the previous command is completed */ + if (btm_cb.devcb.p_stored_link_key_cmpl_cb) + return (BTM_BUSY); + + if (!bd_addr) + { + /* This is to read all the link keys */ + read_all_flag = TRUE; + + /* We don't care the BD address. Just pass a non zero pointer */ + bd_addr = local_bd_addr; + } + + BTM_TRACE_EVENT1 ("BTM: BTM_ReadStoredLinkKey: Read_All: %s", + read_all_flag ? "TRUE" : "FALSE"); + + /* Send the HCI command */ + btm_cb.devcb.p_stored_link_key_cmpl_cb = p_cb; + if (btsnd_hcic_read_stored_key (bd_addr, read_all_flag)) + return (BTM_SUCCESS); + else + return (BTM_NO_RESOURCES); + +} + + +/******************************************************************************* +** +** Function BTM_WriteStoredLinkKey +** +** Description This function is called to write link keys for the specified +** device addresses to the NVRAM storage attached to the Bluetooth +** controller. +** +** Parameters: num_keys - Number of link keys +** bd_addr - Addresses of the devices +** link_key - Link Keys to be stored +** p_cb - Call back function to be called to return +** the results +** +*******************************************************************************/ +tBTM_STATUS BTM_WriteStoredLinkKey (UINT8 num_keys, + BD_ADDR *bd_addr, + LINK_KEY *link_key, + tBTM_CMPL_CB *p_cb) +{ + /* Check if the previous command is completed */ + if (btm_cb.devcb.p_stored_link_key_cmpl_cb) + return (BTM_BUSY); + + BTM_TRACE_EVENT1 ("BTM: BTM_WriteStoredLinkKey: num_keys: %d", num_keys); + + /* Check the maximum number of link keys */ + if(num_keys > HCI_MAX_NUM_OF_LINK_KEYS_PER_CMMD) + num_keys = HCI_MAX_NUM_OF_LINK_KEYS_PER_CMMD; + + /* Send the HCI command */ + btm_cb.devcb.p_stored_link_key_cmpl_cb = p_cb; + if (btsnd_hcic_write_stored_key (num_keys, bd_addr, link_key)) + return (BTM_SUCCESS); + else + return (BTM_NO_RESOURCES); + +} + + +/******************************************************************************* +** +** Function BTM_DeleteStoredLinkKey +** +** Description This function is called to delete link key for the specified +** device addresses from the NVRAM storage attached to the Bluetooth +** controller. +** +** Parameters: bd_addr - Addresses of the devices +** p_cb - Call back function to be called to return +** the results +** +*******************************************************************************/ +tBTM_STATUS BTM_DeleteStoredLinkKey(BD_ADDR bd_addr, tBTM_CMPL_CB *p_cb) +{ + BD_ADDR local_bd_addr; + BOOLEAN delete_all_flag = FALSE; + + /* Check if the previous command is completed */ + if (btm_cb.devcb.p_stored_link_key_cmpl_cb) + return (BTM_BUSY); + + if (!bd_addr) + { + /* This is to delete all link keys */ + delete_all_flag = TRUE; + + /* We don't care the BD address. Just pass a non zero pointer */ + bd_addr = local_bd_addr; + } + + BTM_TRACE_EVENT1 ("BTM: BTM_DeleteStoredLinkKey: delete_all_flag: %s", + delete_all_flag ? "TRUE" : "FALSE"); + + /* Send the HCI command */ + btm_cb.devcb.p_stored_link_key_cmpl_cb = p_cb; + if (!btsnd_hcic_delete_stored_key (bd_addr, delete_all_flag)) + { + return (BTM_NO_RESOURCES); + } + else + return (BTM_SUCCESS); +} + + +/******************************************************************************* +** +** Function btm_read_stored_link_key_complete +** +** Description This function is called when the command complete message +** is received from the HCI for the read stored link key command. +** +** Returns void +** +*******************************************************************************/ +void btm_read_stored_link_key_complete (UINT8 *p) +{ + tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_stored_link_key_cmpl_cb; + tBTM_READ_STORED_LINK_KEY_COMPLETE result; + + /* If there was a callback registered for read stored link key, call it */ + btm_cb.devcb.p_stored_link_key_cmpl_cb = NULL; + + if (p_cb) + { + /* Set the call back event to indicate command complete */ + result.event = BTM_CB_EVT_READ_STORED_LINK_KEYS; + + /* Extract the result fields from the HCI event if status is success */ + STREAM_TO_UINT8 (result.status, p); + if (result.status == HCI_SUCCESS) + { + STREAM_TO_UINT16 (result.max_keys, p); + STREAM_TO_UINT16 (result.read_keys, p); + } + else + { + BTM_TRACE_WARNING1("Read stored link key status %d", result.status); + result.max_keys = 0; + result.read_keys = 0; + } + /* Call the call back and pass the result */ + (*p_cb)(&result); + } +} + + +/******************************************************************************* +** +** Function btm_write_stored_link_key_complete +** +** Description This function is called when the command complete message +** is received from the HCI for the write stored link key command. +** +** Returns void +** +*******************************************************************************/ +void btm_write_stored_link_key_complete (UINT8 *p) +{ + tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_stored_link_key_cmpl_cb; + tBTM_WRITE_STORED_LINK_KEY_COMPLETE result; + + /* If there was a callback registered for read stored link key, call it */ + btm_cb.devcb.p_stored_link_key_cmpl_cb = NULL; + + if (p_cb) + { + /* Set the call back event to indicate command complete */ + result.event = BTM_CB_EVT_WRITE_STORED_LINK_KEYS; + + /* Extract the result fields from the HCI event */ + STREAM_TO_UINT8 (result.status, p); + STREAM_TO_UINT8 (result.num_keys, p); + + /* Call the call back and pass the result */ + (*p_cb)(&result); + } +} + + +/******************************************************************************* +** +** Function btm_delete_stored_link_key_complete +** +** Description This function is called when the command complete message +** is received from the HCI for the delete stored link key command. +** +** Returns void +** +*******************************************************************************/ +void btm_delete_stored_link_key_complete (UINT8 *p) +{ + tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_stored_link_key_cmpl_cb; + tBTM_DELETE_STORED_LINK_KEY_COMPLETE result; + + /* If there was a callback registered for read stored link key, call it */ + btm_cb.devcb.p_stored_link_key_cmpl_cb = NULL; + + if (p_cb) + { + /* Set the call back event to indicate command complete */ + result.event = BTM_CB_EVT_DELETE_STORED_LINK_KEYS; + + /* Extract the result fields from the HCI event */ + STREAM_TO_UINT8 (result.status, p); + STREAM_TO_UINT16 (result.num_keys, p); + + /* Call the call back and pass the result */ + (*p_cb)(&result); + } +} + + +/******************************************************************************* +** +** Function btm_return_link_keys_evt +** +** Description This function is called when the return link keys event +** is received from the HCI for the read stored link key command. +** +** Returns void +** +*******************************************************************************/ +void btm_return_link_keys_evt (tBTM_RETURN_LINK_KEYS_EVT *result) +{ + tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_stored_link_key_cmpl_cb; + UINT8 i, *p, *p1; + UINT8 bd_addr[BD_ADDR_LEN]; + UINT8 link_key[LINK_KEY_LEN]; + + /* Call the call back to pass the link keys to application */ + if (p_cb) + { + /* Change the BD addr and Link key in to big endian order */ + p = (UINT8 *)(result + 1); + for (i=0; i<result->num_keys; i++) + { + /* Initialize the backup pointer */ + p1 = p; + + /* Extract the BD Addr and Link Key */ + REVERSE_STREAM_TO_ARRAY(bd_addr, p1, BD_ADDR_LEN); + REVERSE_STREAM_TO_ARRAY(link_key, p1, LINK_KEY_LEN); + + /* Write the BD Addr and Link Key back in big endian format */ + ARRAY_TO_STREAM(p, bd_addr, BD_ADDR_LEN); + ARRAY_TO_STREAM(p, link_key, LINK_KEY_LEN); + } + + (*p_cb)(result); + } +} + + + +/******************************************************************************* +** +** Function btm_report_device_status +** +** Description This function is called when there is a change in the device +** status. This function will report the new device status to +** the application +** +** Returns void +** +*******************************************************************************/ +void btm_report_device_status (tBTM_DEV_STATUS status) +{ + tBTM_DEV_STATUS_CB *p_cb = btm_cb.devcb.p_dev_status_cb; + + /* Call the call back to pass the device status to application */ + if (p_cb) + (*p_cb)(status); +} + + diff --git a/stack/btm/btm_inq.c b/stack/btm/btm_inq.c new file mode 100644 index 0000000..f42cdc1 --- /dev/null +++ b/stack/btm/btm_inq.c @@ -0,0 +1,3233 @@ +/***************************************************************************** +** +** Name: btm_inq.c +** +** Description: This file contains functions that handle inquiries. These +** include setting discoverable mode, controlling the mode +** of the Baseband, and maintaining a small database of +** inquiry responses, with API for people to browse it. +** +** NOTE: Only ONE inquiry is allowed to run at a time +** (including periodic inquiries); +** +** +** Copyright (c) 1999-2012, Broadcom Corp., All Rights Reserved. +** Broadcom Bluetooth Core. Proprietary and confidential. +******************************************************************************/ + +#include <stdlib.h> +#include <string.h> +#include <stdio.h> +#include <stddef.h> + +#include "bt_types.h" +#include "gki.h" +#include "hcimsgs.h" +#include "btu.h" +#include "btm_api.h" +#include "btm_int.h" +#include "hcidefs.h" + +#define BTM_INQ_REPLY_TIMEOUT 3 /* 3 second timeout waiting for responses */ + +/* TRUE to enable DEBUG traces for btm_inq */ +#ifndef BTM_INQ_DEBUG +#define BTM_INQ_DEBUG FALSE +#endif +/********************************************************************************/ +/* L O C A L D A T A D E F I N I T I O N S */ +/********************************************************************************/ +static const LAP general_inq_lap = {0x9e,0x8b,0x33}; +static const LAP limited_inq_lap = {0x9e,0x8b,0x00}; + +#if (( BTM_EIR_CLIENT_INCLUDED == TRUE )||( BTM_EIR_SERVER_INCLUDED == TRUE )) +#ifndef BTM_EIR_UUID_LKUP_TBL +const UINT16 BTM_EIR_UUID_LKUP_TBL[BTM_EIR_MAX_SERVICES] = +{ + UUID_SERVCLASS_SERVICE_DISCOVERY_SERVER, +/* UUID_SERVCLASS_BROWSE_GROUP_DESCRIPTOR, */ +/* UUID_SERVCLASS_PUBLIC_BROWSE_GROUP, */ + UUID_SERVCLASS_SERIAL_PORT, + UUID_SERVCLASS_LAN_ACCESS_USING_PPP, + UUID_SERVCLASS_DIALUP_NETWORKING, + UUID_SERVCLASS_IRMC_SYNC, + UUID_SERVCLASS_OBEX_OBJECT_PUSH, + UUID_SERVCLASS_OBEX_FILE_TRANSFER, + UUID_SERVCLASS_IRMC_SYNC_COMMAND, + UUID_SERVCLASS_HEADSET, + UUID_SERVCLASS_CORDLESS_TELEPHONY, + UUID_SERVCLASS_AUDIO_SOURCE, + UUID_SERVCLASS_AUDIO_SINK, + UUID_SERVCLASS_AV_REM_CTRL_TARGET, +/* UUID_SERVCLASS_ADV_AUDIO_DISTRIBUTION, */ + UUID_SERVCLASS_AV_REMOTE_CONTROL, +/* UUID_SERVCLASS_VIDEO_CONFERENCING, */ + UUID_SERVCLASS_INTERCOM, + UUID_SERVCLASS_FAX, + UUID_SERVCLASS_HEADSET_AUDIO_GATEWAY, +/* UUID_SERVCLASS_WAP, */ +/* UUID_SERVCLASS_WAP_CLIENT, */ + UUID_SERVCLASS_PANU, + UUID_SERVCLASS_NAP, + UUID_SERVCLASS_GN, + UUID_SERVCLASS_DIRECT_PRINTING, +/* UUID_SERVCLASS_REFERENCE_PRINTING, */ + UUID_SERVCLASS_IMAGING, + UUID_SERVCLASS_IMAGING_RESPONDER, + UUID_SERVCLASS_IMAGING_AUTO_ARCHIVE, + UUID_SERVCLASS_IMAGING_REF_OBJECTS, + UUID_SERVCLASS_HF_HANDSFREE, + UUID_SERVCLASS_AG_HANDSFREE, + UUID_SERVCLASS_DIR_PRT_REF_OBJ_SERVICE, +/* UUID_SERVCLASS_REFLECTED_UI, */ + UUID_SERVCLASS_BASIC_PRINTING, + UUID_SERVCLASS_PRINTING_STATUS, + UUID_SERVCLASS_HUMAN_INTERFACE, + UUID_SERVCLASS_CABLE_REPLACEMENT, + UUID_SERVCLASS_HCRP_PRINT, + UUID_SERVCLASS_HCRP_SCAN, +/* UUID_SERVCLASS_COMMON_ISDN_ACCESS, */ +/* UUID_SERVCLASS_VIDEO_CONFERENCING_GW, */ +/* UUID_SERVCLASS_UDI_MT, */ +/* UUID_SERVCLASS_UDI_TA, */ +/* UUID_SERVCLASS_VCP, */ + UUID_SERVCLASS_SAP, + UUID_SERVCLASS_PBAP_PCE, + UUID_SERVCLASS_PBAP_PSE, + UUID_SERVCLASS_PHONE_ACCESS, + UUID_SERVCLASS_HEADSET_HS, + UUID_SERVCLASS_PNP_INFORMATION, +/* UUID_SERVCLASS_GENERIC_NETWORKING, */ +/* UUID_SERVCLASS_GENERIC_FILETRANSFER, */ +/* UUID_SERVCLASS_GENERIC_AUDIO, */ +/* UUID_SERVCLASS_GENERIC_TELEPHONY, */ +/* UUID_SERVCLASS_UPNP_SERVICE, */ +/* UUID_SERVCLASS_UPNP_IP_SERVICE, */ +/* UUID_SERVCLASS_ESDP_UPNP_IP_PAN, */ +/* UUID_SERVCLASS_ESDP_UPNP_IP_LAP, */ +/* UUID_SERVCLASS_ESDP_UPNP_IP_L2CAP, */ + UUID_SERVCLASS_VIDEO_SOURCE, + UUID_SERVCLASS_VIDEO_SINK, +/* UUID_SERVCLASS_VIDEO_DISTRIBUTION */ + UUID_SERVCLASS_MESSAGE_ACCESS, + UUID_SERVCLASS_MESSAGE_NOTIFICATION, + UUID_SERVCLASS_HDP_SOURCE, + UUID_SERVCLASS_HDP_SINK +}; +#else +/* +If customized UUID look-up table needs to be used, +the followings should be defined in buildcfg.h. +BTM_EIR_UUID_LKUP_TBL = <customized UUID list> +BTM_EIR_MAX_SERVICES = <number of UUID in list> +*/ +#if (BTM_EIR_MAX_SERVICES == 0) +const UINT16 BTM_EIR_UUID_LKUP_TBL[]; +#else +extern UINT16 BTM_EIR_UUID_LKUP_TBL[BTM_EIR_MAX_SERVICES]; +#endif +#endif +#endif /* BTM_EIR_UUID_LKUP_TBL*/ + +/********************************************************************************/ +/* L O C A L F U N C T I O N P R O T O T Y P E S */ +/********************************************************************************/ +static void btm_initiate_inquiry (tBTM_INQUIRY_VAR_ST *p_inq); +static tBTM_STATUS btm_set_inq_event_filter (UINT8 filter_cond_type, tBTM_INQ_FILT_COND *p_filt_cond); +static void btm_clr_inq_result_flt (void); + +#if ((BTM_EIR_SERVER_INCLUDED == TRUE)||(BTM_EIR_CLIENT_INCLUDED == TRUE)) +static UINT8 btm_convert_uuid_to_eir_service( UINT16 uuid16 ); +#endif +#if (BTM_EIR_CLIENT_INCLUDED == TRUE) +static void btm_set_eir_uuid( UINT8 *p_eir, tBTM_INQ_RESULTS *p_results ); +static UINT8 *btm_eir_get_uuid_list( UINT8 *p_eir, UINT8 uuid_size, + UINT8 *p_num_uuid, UINT8 *p_uuid_list_type ); +static UINT16 btm_convert_uuid_to_uuid16( UINT8 *p_uuid, UINT8 uuid_size ); +#endif + +/******************************************************************************* +** +** Function BTM_SetDiscoverability +** +** Description This function is called to set the device into or out of +** discoverable mode. Discoverable mode means inquiry +** scans are enabled. If a value of '0' is entered for window or +** interval, the default values are used. +** +** Returns BTM_SUCCESS if successful +** BTM_BUSY if a setting of the filter is already in progress +** BTM_NO_RESOURCES if couldn't get a memory pool buffer +** BTM_ILLEGAL_VALUE if a bad parameter was detected +** BTM_WRONG_MODE if the device is not up. +** +*******************************************************************************/ +tBTM_STATUS BTM_SetDiscoverability (UINT16 inq_mode, UINT16 window, UINT16 interval) +{ + UINT8 scan_mode = 0; + UINT16 service_class; + UINT8 *p_cod; + UINT8 major, minor; + DEV_CLASS cod; + LAP temp_lap[2]; + BOOLEAN is_limited; + BOOLEAN cod_limited; + + BTM_TRACE_API0 ("BTM_SetDiscoverability"); +#if (BLE_INCLUDED == TRUE && BLE_INCLUDED == TRUE) + if (btm_ble_set_discoverability((UINT16)(inq_mode)) + == BTM_SUCCESS) + { + btm_cb.btm_inq_vars.discoverable_mode &= (~BTM_BLE_DISCOVERABLE_MASK); + btm_cb.btm_inq_vars.discoverable_mode |= (inq_mode & BTM_BLE_CONNECTABLE_MASK); + } + inq_mode &= ~BTM_BLE_DISCOVERABLE_MASK; +#endif + + /*** Check mode parameter ***/ + if (inq_mode > BTM_MAX_DISCOVERABLE) + return (BTM_ILLEGAL_VALUE); + + /* Make sure the controller is active */ + if (btm_cb.devcb.state < BTM_DEV_STATE_READY) + return (BTM_DEV_RESET); + + /* If the window and/or interval is '0', set to default values */ + if (!window) + window = BTM_DEFAULT_DISC_WINDOW; + + if (!interval) + interval = BTM_DEFAULT_DISC_INTERVAL; + + BTM_TRACE_API3 ("BTM_SetDiscoverability: mode %d [NonDisc-0, Lim-1, Gen-2], window 0x%04x, interval 0x%04x", + inq_mode, window, interval); + + /*** Check for valid window and interval parameters ***/ + /*** Only check window and duration if mode is connectable ***/ + if (inq_mode != BTM_NON_DISCOVERABLE) + { + /* window must be less than or equal to interval */ + if (window < HCI_MIN_INQUIRYSCAN_WINDOW || + window > HCI_MAX_INQUIRYSCAN_WINDOW || + interval < HCI_MIN_INQUIRYSCAN_INTERVAL || + interval > HCI_MAX_INQUIRYSCAN_INTERVAL || + window > interval) + { + return (BTM_ILLEGAL_VALUE); + } + } + + /* Set the IAC if needed */ + if (inq_mode != BTM_NON_DISCOVERABLE) + { + if (inq_mode & BTM_LIMITED_DISCOVERABLE) + { + /* Use the GIAC and LIAC codes for limited discoverable mode */ + memcpy (temp_lap[0], limited_inq_lap, LAP_LEN); + memcpy (temp_lap[1], general_inq_lap, LAP_LEN); + + if (!btsnd_hcic_write_cur_iac_lap (2, (LAP * const) temp_lap)) + return (BTM_NO_RESOURCES); /* Cannot continue */ + } + else + { + if (!btsnd_hcic_write_cur_iac_lap (1, (LAP * const) &general_inq_lap)) + return (BTM_NO_RESOURCES); /* Cannot continue */ + } + + scan_mode |= HCI_INQUIRY_SCAN_ENABLED; + } + + /* Send down the inquiry scan window and period if changed */ + if ((window != btm_cb.btm_inq_vars.inq_scan_window) || + (interval != btm_cb.btm_inq_vars.inq_scan_period)) + { + if (btsnd_hcic_write_inqscan_cfg (interval, window)) + { + btm_cb.btm_inq_vars.inq_scan_window = window; + btm_cb.btm_inq_vars.inq_scan_period = interval; + } + else + return (BTM_NO_RESOURCES); + } + + if (btm_cb.btm_inq_vars.connectable_mode & BTM_CONNECTABLE_MASK) + scan_mode |= HCI_PAGE_SCAN_ENABLED; + + if (btsnd_hcic_write_scan_enable (scan_mode)) + { + btm_cb.btm_inq_vars.discoverable_mode &= (~BTM_DISCOVERABLE_MASK); + btm_cb.btm_inq_vars.discoverable_mode |= inq_mode; + } + else + return (BTM_NO_RESOURCES); + + /* Change the service class bit if mode has changed */ + p_cod = BTM_ReadDeviceClass(); + BTM_COD_SERVICE_CLASS(service_class, p_cod); + is_limited = (inq_mode & BTM_LIMITED_DISCOVERABLE) ? TRUE : FALSE; + cod_limited = (service_class & BTM_COD_SERVICE_LMTD_DISCOVER) ? TRUE : FALSE; + if (is_limited ^ cod_limited) + { + BTM_COD_MINOR_CLASS(minor, p_cod ); + BTM_COD_MAJOR_CLASS(major, p_cod ); + if (is_limited) + service_class |= BTM_COD_SERVICE_LMTD_DISCOVER; + else + service_class &= ~BTM_COD_SERVICE_LMTD_DISCOVER; + + FIELDS_TO_COD(cod, minor, major, service_class); + (void) BTM_SetDeviceClass (cod); + } + + return (BTM_SUCCESS); +} + +/******************************************************************************* +** +** Function BTM_SetInquiryScanType +** +** Description This function is called to set the iquiry scan-type to +** standard or interlaced. +** +** Returns BTM_SUCCESS if successful +** BTM_MODE_UNSUPPORTED if not a 1.2 device +** BTM_WRONG_MODE if the device is not up. +** +*******************************************************************************/ +tBTM_STATUS BTM_SetInquiryScanType (UINT16 scan_type) +{ + + BTM_TRACE_API0 ("BTM_SetInquiryScanType"); + if (scan_type != BTM_SCAN_TYPE_STANDARD && scan_type != BTM_SCAN_TYPE_INTERLACED) + return (BTM_ILLEGAL_VALUE); + + /* whatever app wants if device is not 1.2 scan type should be STANDARD */ + if (!HCI_LMP_INTERLACED_INQ_SCAN_SUPPORTED(btm_cb.devcb.local_features)) + return (BTM_MODE_UNSUPPORTED); + + /* Check for scan type if configuration has been changed */ + if (scan_type != btm_cb.btm_inq_vars.inq_scan_type) + { + if (BTM_IsDeviceUp()) + { + if (btsnd_hcic_write_inqscan_type ((UINT8)scan_type)) + btm_cb.btm_inq_vars.inq_scan_type = scan_type; + else + return (BTM_NO_RESOURCES); + } + else return (BTM_WRONG_MODE); + } + return (BTM_SUCCESS); +} + +/******************************************************************************* +** +** Function BTM_SetPageScanType +** +** Description This function is called to set the page scan-type to +** standard or interlaced. +** +** Returns BTM_SUCCESS if successful +** BTM_MODE_UNSUPPORTED if not a 1.2 device +** BTM_WRONG_MODE if the device is not up. +** +*******************************************************************************/ +tBTM_STATUS BTM_SetPageScanType (UINT16 scan_type) +{ + BTM_TRACE_API0 ("BTM_SetPageScanType"); + if (scan_type != BTM_SCAN_TYPE_STANDARD && scan_type != BTM_SCAN_TYPE_INTERLACED) + return (BTM_ILLEGAL_VALUE); + + /* whatever app wants if device is not 1.2 scan type should be STANDARD */ + if (!HCI_LMP_INTERLACED_PAGE_SCAN_SUPPORTED(btm_cb.devcb.local_features)) + return (BTM_MODE_UNSUPPORTED); + + /* Check for scan type if configuration has been changed */ + if (scan_type != btm_cb.btm_inq_vars.page_scan_type) + { + if (BTM_IsDeviceUp()) + { + if (btsnd_hcic_write_pagescan_type ((UINT8)scan_type)) + btm_cb.btm_inq_vars.page_scan_type = scan_type; + else + return (BTM_NO_RESOURCES); + } + else return (BTM_WRONG_MODE); + } + return (BTM_SUCCESS); +} + + +/******************************************************************************* +** +** Function BTM_SetInquiryMode +** +** Description This function is called to set standard or with RSSI +** mode of the inquiry for local device. +** +** Output Params: mode - standard, with RSSI, extended +** +** Returns BTM_SUCCESS if successful +** BTM_NO_RESOURCES if couldn't get a memory pool buffer +** BTM_ILLEGAL_VALUE if a bad parameter was detected +** BTM_WRONG_MODE if the device is not up. +** +*******************************************************************************/ +tBTM_STATUS BTM_SetInquiryMode (UINT8 mode) +{ + BTM_TRACE_API0 ("BTM_SetInquiryMode"); + if (mode == BTM_INQ_RESULT_STANDARD) + { + /* mandatory mode */ + } + else if (mode == BTM_INQ_RESULT_WITH_RSSI) + { + if (!HCI_LMP_INQ_RSSI_SUPPORTED(btm_cb.devcb.local_features)) + return (BTM_MODE_UNSUPPORTED); + } +#if (( BTM_EIR_CLIENT_INCLUDED == TRUE )||( BTM_EIR_SERVER_INCLUDED == TRUE )) + else if (mode == BTM_INQ_RESULT_EXTENDED) + { + if (!HCI_EXT_INQ_RSP_SUPPORTED(btm_cb.devcb.local_features)) + return (BTM_MODE_UNSUPPORTED); + } +#endif + else + return (BTM_ILLEGAL_VALUE); + + if (!BTM_IsDeviceUp()) + return (BTM_WRONG_MODE); + + if (!btsnd_hcic_write_inquiry_mode (mode)) + return (BTM_NO_RESOURCES); + + return (BTM_SUCCESS); +} + +/******************************************************************************* +** +** Function BTM_ReadDiscoverability +** +** Description This function is called to read the current discoverability +** mode of the device. +** +** Output Params: p_window - current inquiry scan duration +** p_interval - current inquiry scan interval +** +** Returns BTM_NON_DISCOVERABLE, BTM_LIMITED_DISCOVERABLE, or +** BTM_GENERAL_DISCOVERABLE +** +*******************************************************************************/ +UINT16 BTM_ReadDiscoverability (UINT16 *p_window, UINT16 *p_interval) +{ + BTM_TRACE_API0 ("BTM_ReadDiscoverability"); + if (p_window) + *p_window = btm_cb.btm_inq_vars.inq_scan_window; + + if (p_interval) + *p_interval = btm_cb.btm_inq_vars.inq_scan_period; + + return (btm_cb.btm_inq_vars.discoverable_mode); +} + + +/******************************************************************************* +** +** Function BTM_SetPeriodicInquiryMode +** +** Description This function is called to set the device periodic inquiry mode. +** If the duration is zero, the periodic inquiry mode is cancelled. +** +** Note: We currently do not allow concurrent inquiry and periodic inquiry. +** +** Parameters: p_inqparms - pointer to the inquiry information +** mode - GENERAL or LIMITED inquiry +** duration - length in 1.28 sec intervals (If '0', the inquiry is CANCELLED) +** max_resps - maximum amount of devices to search for before ending the inquiry +** filter_cond_type - BTM_CLR_INQUIRY_FILTER, BTM_FILTER_COND_DEVICE_CLASS, or +** BTM_FILTER_COND_BD_ADDR +** filter_cond - value for the filter (based on filter_cond_type) +** +** max_delay - maximum amount of time between successive inquiries +** min_delay - minimum amount of time between successive inquiries +** p_results_cb - callback returning pointer to results (tBTM_INQ_RESULTS) +** +** Returns BTM_CMD_STARTED if successfully started +** BTM_ILLEGAL_VALUE if a bad parameter is detected +** BTM_NO_RESOURCES if could not allocate a message buffer +** BTM_SUCCESS - if cancelling the periodic inquiry +** BTM_BUSY - if an inquiry is already active +** BTM_WRONG_MODE if the device is not up. +** +*******************************************************************************/ +tBTM_STATUS BTM_SetPeriodicInquiryMode (tBTM_INQ_PARMS *p_inqparms, UINT16 max_delay, + UINT16 min_delay, tBTM_INQ_RESULTS_CB *p_results_cb) +{ + tBTM_STATUS status; + tBTM_INQUIRY_VAR_ST *p_inq = &btm_cb.btm_inq_vars; + + BTM_TRACE_API6 ("BTM_SetPeriodicInquiryMode: mode: %d, dur: %d, rsps: %d, flt: %d, min: %d, max: %d", + p_inqparms->mode, p_inqparms->duration, p_inqparms->max_resps, + p_inqparms->filter_cond_type, min_delay, max_delay); + + /*** Make sure the device is ready ***/ + if (!BTM_IsDeviceUp()) + return (BTM_WRONG_MODE); + + /* Only one active inquiry is allowed in this implementation. + Also do not allow an inquiry if the inquiry filter is being updated */ + if (p_inq->inq_active || p_inq->inqfilt_active) + return (BTM_BUSY); + + /* If illegal parameters return FALSE */ + if (p_inqparms->mode != BTM_GENERAL_INQUIRY && + p_inqparms->mode != BTM_LIMITED_INQUIRY) + return (BTM_ILLEGAL_VALUE); + + /* Verify the parameters for this command */ + if (p_inqparms->duration < BTM_MIN_INQUIRY_LEN || + p_inqparms->duration > BTM_MAX_INQUIRY_LENGTH || + min_delay <= p_inqparms->duration || + min_delay < BTM_PER_INQ_MIN_MIN_PERIOD || + min_delay > BTM_PER_INQ_MAX_MIN_PERIOD || + max_delay <= min_delay || + max_delay < BTM_PER_INQ_MIN_MAX_PERIOD || + max_delay > BTM_PER_INQ_MAX_MAX_PERIOD) + { + return (BTM_ILLEGAL_VALUE); + } + + /* Save the inquiry parameters to be used upon the completion of setting/clearing the inquiry filter */ + p_inq->inqparms = *p_inqparms; + p_inq->per_min_delay = min_delay; + p_inq->per_max_delay = max_delay; + p_inq->inq_cmpl_info.num_resp = 0; /* Clear the results counter */ + p_inq->p_inq_results_cb = p_results_cb; + + p_inq->inq_active = (UINT8)((p_inqparms->mode == BTM_LIMITED_INQUIRY) ? + (BTM_LIMITED_INQUIRY_ACTIVE | BTM_PERIODIC_INQUIRY_ACTIVE) : + (BTM_GENERAL_INQUIRY_ACTIVE | BTM_PERIODIC_INQUIRY_ACTIVE)); + +#if (defined(BTM_BYPASS_EVENT_FILTERING) && BTM_BYPASS_EVENT_FILTERING == TRUE) + BTM_TRACE_WARNING0("BTM: Bypassing event filtering..."); + + p_inq->state = BTM_INQ_ACTIVE_STATE; + p_inq->inqfilt_active = FALSE; + btm_initiate_inquiry (p_inq); + status = BTM_CMD_STARTED; +#else + /* If a filter is specified, then save it for later and clear the current filter. + The setting of the filter is done upon completion of clearing of the previous + filter. + */ + if (p_inqparms->filter_cond_type != BTM_CLR_INQUIRY_FILTER) + { + p_inq->state = BTM_INQ_CLR_FILT_STATE; + p_inqparms->filter_cond_type = BTM_CLR_INQUIRY_FILTER; + } + else /* The filter is not being used so simply clear it; the inquiry can start after this operation */ + p_inq->state = BTM_INQ_SET_FILT_STATE; + + /* Before beginning the inquiry the current filter must be cleared, so initiate the command */ + if ((status = btm_set_inq_event_filter (p_inqparms->filter_cond_type, &p_inqparms->filter_cond)) != BTM_CMD_STARTED) + { + /* If set filter command is not succesful reset the state */ + p_inq->p_inq_results_cb = NULL; + p_inq->state = BTM_INQ_INACTIVE_STATE; + + } + +#endif + return (status); +} + + +/******************************************************************************* +** +** Function BTM_CancelPeriodicInquiry +** +** Description This function cancels a periodic inquiry +** +** Returns +** BTM_NO_RESOURCES if could not allocate a message buffer +** BTM_SUCCESS - if cancelling the periodic inquiry +** BTM_WRONG_MODE if the device is not up. +** +*******************************************************************************/ +tBTM_STATUS BTM_CancelPeriodicInquiry(void) +{ + tBTM_INQUIRY_VAR_ST *p_inq = &btm_cb.btm_inq_vars; + tBTM_STATUS status = BTM_SUCCESS; + BTM_TRACE_API0 ("BTM_CancelPeriodicInquiry called"); + + /*** Make sure the device is ready ***/ + if (!BTM_IsDeviceUp()) + return (BTM_WRONG_MODE); + + /* Only cancel if one is active */ + if (btm_cb.btm_inq_vars.inq_active & BTM_PERIODIC_INQUIRY_ACTIVE) + { + btm_cb.btm_inq_vars.inq_active = BTM_INQUIRY_INACTIVE; + btm_cb.btm_inq_vars.p_inq_results_cb = (tBTM_INQ_RESULTS_CB *) NULL; + + if (!btsnd_hcic_exit_per_inq ()) + status = BTM_NO_RESOURCES; + + /* If the event filter is in progress, mark it so that the processing of the return + event will be ignored */ + if(p_inq->inqfilt_active) + p_inq->pending_filt_complete_event++; + + p_inq->inqfilt_active = FALSE; + p_inq->inq_counter++; + } + + return (status); +} + + +/******************************************************************************* +** +** Function BTM_SetConnectability +** +** Description This function is called to set the device into or out of +** connectable mode. Discoverable mode means page scans enabled. +** +** Returns BTM_SUCCESS if successful +** BTM_ILLEGAL_VALUE if a bad parameter is detected +** BTM_NO_RESOURCES if could not allocate a message buffer +** BTM_WRONG_MODE if the device is not up. +** +*******************************************************************************/ +tBTM_STATUS BTM_SetConnectability (UINT16 page_mode, UINT16 window, UINT16 interval) +{ + UINT8 scan_mode = 0; + tBTM_INQUIRY_VAR_ST *p_inq = &btm_cb.btm_inq_vars; + + BTM_TRACE_API0 ("BTM_SetConnectability"); + +#if (BLE_INCLUDED == TRUE && BLE_INCLUDED == TRUE) + if (btm_ble_set_connectability(page_mode) == BTM_SUCCESS) + { + p_inq->connectable_mode &= (~BTM_BLE_CONNECTABLE_MASK); + p_inq->connectable_mode |= (page_mode & BTM_BLE_CONNECTABLE_MASK); + } + page_mode &= ~BTM_BLE_CONNECTABLE_MASK; + +#endif + + /*** Check mode parameter ***/ + if (page_mode != BTM_NON_CONNECTABLE && page_mode != BTM_CONNECTABLE) + return (BTM_ILLEGAL_VALUE); + + /* Make sure the controller is active */ + if (btm_cb.devcb.state < BTM_DEV_STATE_READY) + return (BTM_DEV_RESET); + + /* If the window and/or interval is '0', set to default values */ + if (!window) + window = BTM_DEFAULT_CONN_WINDOW; + + if (!interval) + interval = BTM_DEFAULT_CONN_INTERVAL; + + BTM_TRACE_API3 ("BTM_SetConnectability: mode %d [NonConn-0, Conn-1], window 0x%04x, interval 0x%04x", + page_mode, window, interval); + + /*** Check for valid window and interval parameters ***/ + /*** Only check window and duration if mode is connectable ***/ + if (page_mode == BTM_CONNECTABLE) + { + /* window must be less than or equal to interval */ + if (window < HCI_MIN_PAGESCAN_WINDOW || + window > HCI_MAX_PAGESCAN_WINDOW || + interval < HCI_MIN_PAGESCAN_INTERVAL || + interval > HCI_MAX_PAGESCAN_INTERVAL || + window > interval) + { + return (BTM_ILLEGAL_VALUE); + } + + scan_mode |= HCI_PAGE_SCAN_ENABLED; + } + + if ((window != p_inq->page_scan_window) || + (interval != p_inq->page_scan_period)) + { + p_inq->page_scan_window = window; + p_inq->page_scan_period = interval; + if (!btsnd_hcic_write_pagescan_cfg (interval, window)) + return (BTM_NO_RESOURCES); + } + + /* Keep the inquiry scan as previouosly set */ + if (p_inq->discoverable_mode & BTM_DISCOVERABLE_MASK) + scan_mode |= HCI_INQUIRY_SCAN_ENABLED; + + if (btsnd_hcic_write_scan_enable (scan_mode)) + { + p_inq->connectable_mode &= (~BTM_CONNECTABLE_MASK); + p_inq->connectable_mode |= page_mode; + + return (BTM_SUCCESS); + } + + return (BTM_NO_RESOURCES); +} + + +/******************************************************************************* +** +** Function BTM_ReadConnectability +** +** Description This function is called to read the current discoverability +** mode of the device. +** Output Params p_window - current page scan duration +** p_interval - current time between page scans +** +** Returns BTM_NON_CONNECTABLE or BTM_CONNECTABLE +** +*******************************************************************************/ +UINT16 BTM_ReadConnectability (UINT16 *p_window, UINT16 *p_interval) +{ + BTM_TRACE_API0 ("BTM_ReadConnectability"); + if (p_window) + *p_window = btm_cb.btm_inq_vars.page_scan_window; + + if (p_interval) + *p_interval = btm_cb.btm_inq_vars.page_scan_period; + + return (btm_cb.btm_inq_vars.connectable_mode); +} + + + +/******************************************************************************* +** +** Function BTM_IsInquiryActive +** +** Description This function returns a bit mask of the current inquiry state +** +** Returns BTM_INQUIRY_INACTIVE if inactive (0) +** BTM_LIMITED_INQUIRY_ACTIVE if a limted inquiry is active +** BTM_GENERAL_INQUIRY_ACTIVE if a general inquiry is active +** BTM_PERIODIC_INQUIRY_ACTIVE if a periodic inquiry is active +** +*******************************************************************************/ +UINT16 BTM_IsInquiryActive (void) +{ + BTM_TRACE_API0 ("BTM_IsInquiryActive"); + + return(btm_cb.btm_inq_vars.inq_active); +} + + + +/******************************************************************************* +** +** Function BTM_CancelInquiry +** +** Description This function cancels an inquiry if active +** +** Returns BTM_SUCCESS if successful +** BTM_NO_RESOURCES if could not allocate a message buffer +** BTM_WRONG_MODE if the device is not up. +** +*******************************************************************************/ +tBTM_STATUS BTM_CancelInquiry(void) +{ + tBTM_STATUS status = BTM_SUCCESS; + tBTM_INQUIRY_VAR_ST *p_inq = &btm_cb.btm_inq_vars; + + BTM_TRACE_API0 ("BTM_CancelInquiry called"); + + /*** Make sure the device is ready ***/ + if (!BTM_IsDeviceUp()) + return (BTM_WRONG_MODE); + + /* Only cancel if not in periodic mode, otherwise the caller should call BTM_CancelPeriodicMode */ + if (p_inq->inq_active && + (!(p_inq->inq_active & BTM_PERIODIC_INQUIRY_ACTIVE))) + { + p_inq->inq_active = BTM_INQUIRY_INACTIVE; + p_inq->state = BTM_INQ_INACTIVE_STATE; + p_inq->p_inq_results_cb = (tBTM_INQ_RESULTS_CB *) NULL; /* Do not notify caller anymore */ + p_inq->p_inq_cmpl_cb = (tBTM_CMPL_CB *) NULL; /* Do not notify caller anymore */ + + /* If the event filter is in progress, mark it so that the processing of the return + event will be ignored */ + if (p_inq->inqfilt_active) + { + p_inq->inqfilt_active = FALSE; + p_inq->pending_filt_complete_event++; + } + /* Initiate the cancel inquiry */ + else + { + if (!btsnd_hcic_inq_cancel()) + status = BTM_NO_RESOURCES; +#if BLE_INCLUDED == TRUE + if ((p_inq->inqparms.mode & BTM_BLE_INQUIRY_MASK) != 0) + btm_ble_stop_scan(); +#endif + } + +#if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE) + btm_acl_update_busy_level (BTM_BLI_INQ_DONE_EVT); +#endif + + p_inq->inq_counter++; + btm_clr_inq_result_flt(); + } + + return (status); +} + + +/******************************************************************************* +** +** Function BTM_StartInquiry +** +** Description This function is called to start an inquiry. +** +** Parameters: p_inqparms - pointer to the inquiry information +** mode - GENERAL or LIMITED inquiry +** duration - length in 1.28 sec intervals (If '0', the inquiry is CANCELLED) +** max_resps - maximum amount of devices to search for before ending the inquiry +** filter_cond_type - BTM_CLR_INQUIRY_FILTER, BTM_FILTER_COND_DEVICE_CLASS, or +** BTM_FILTER_COND_BD_ADDR +** filter_cond - value for the filter (based on filter_cond_type) +** +** p_results_cb - Pointer to the callback routine which gets called +** upon receipt of an inquiry result. If this field is +** NULL, the application is not notified. +** +** p_cmpl_cb - Pointer to the callback routine which gets called +** upon completion. If this field is NULL, the +** application is not notified when completed. +** Returns tBTM_STATUS +** BTM_CMD_STARTED if successfully initiated +** BTM_BUSY if already in progress +** BTM_ILLEGAL_VALUE if parameter(s) are out of range +** BTM_NO_RESOURCES if could not allocate resources to start the command +** BTM_WRONG_MODE if the device is not up. +** +*******************************************************************************/ +tBTM_STATUS BTM_StartInquiry (tBTM_INQ_PARMS *p_inqparms, tBTM_INQ_RESULTS_CB *p_results_cb, + tBTM_CMPL_CB *p_cmpl_cb) +{ + tBTM_STATUS status; + tBTM_INQUIRY_VAR_ST *p_inq = &btm_cb.btm_inq_vars; + + BTM_TRACE_API4 ("BTM_StartInquiry: mode: %d, dur: %d, rsps: %d, flt: %d", + p_inqparms->mode, p_inqparms->duration, p_inqparms->max_resps, + p_inqparms->filter_cond_type); + + /* Only one active inquiry is allowed in this implementation. + Also do not allow an inquiry if the inquiry filter is being updated */ + if (p_inq->inq_active || p_inq->inqfilt_active) + return (BTM_BUSY); + + /*** Make sure the device is ready ***/ + if (!BTM_IsDeviceUp()) + return (BTM_WRONG_MODE); + + if ((p_inqparms->mode & BTM_BR_INQUIRY_MASK)!= BTM_GENERAL_INQUIRY && + (p_inqparms->mode & BTM_BR_INQUIRY_MASK)!= BTM_LIMITED_INQUIRY) + return (BTM_ILLEGAL_VALUE); + + /* Save the inquiry parameters to be used upon the completion of setting/clearing the inquiry filter */ + p_inq->inqparms = *p_inqparms; +#if (BLE_INCLUDED == TRUE) + p_inq->inqparms.mode = (UINT8)(p_inq->inqparms.mode & BTM_BLE_INQUIRY_MASK) | (UINT8)(1 << (p_inqparms->mode & BTM_BR_INQUIRY_MASK)); +#else + p_inq->inqparms.mode = (UINT8)(1 << (p_inqparms->mode & BTM_BR_INQUIRY_MASK)); +#endif + + /* Initialize the inquiry variables */ + p_inq->state = BTM_INQ_ACTIVE_STATE; + p_inq->p_inq_cmpl_cb = p_cmpl_cb; + p_inq->p_inq_results_cb = p_results_cb; + p_inq->inq_cmpl_info.num_resp = 0; /* Clear the results counter */ + p_inq->inq_active = (UINT8)(1 << (p_inqparms->mode & BTM_BR_INQUIRY_MASK)); + + BTM_TRACE_DEBUG1("BTM_StartInquiry: p_inq->inq_active = 0x%02x", p_inq->inq_active); + +/* start LE inquiry here if requested */ +#if BLE_INCLUDED == TRUE + if (p_inqparms->mode & BTM_BLE_INQUIRY_MASK) + { + /* BLE for now does not support filter condition for inquiry */ + if (btm_ble_start_inquiry((UINT8)(p_inqparms->mode & BTM_BLE_INQUIRY_MASK), + p_inq->inqparms.duration) != BTM_SUCCESS) + { + BTM_TRACE_ERROR0("Err Starting LE Inquiry."); + p_inq->inqparms.mode &= ~ BTM_BLE_INQUIRY_MASK; + } + + p_inqparms->mode &= ~BTM_BLE_INQUIRY_MASK; + + BTM_TRACE_DEBUG1("BTM_StartInquiry: mode = %02x", p_inqparms->mode); + } +#endif /* end of BLE_INCLUDED */ + +#if (defined(BTM_BYPASS_EVENT_FILTERING) && BTM_BYPASS_EVENT_FILTERING == TRUE) + BTM_TRACE_WARNING0("BTM: Bypassing event filtering..."); + p_inq->inqfilt_active = FALSE; + btm_initiate_inquiry (p_inq); + status = BTM_CMD_STARTED; +#else + /* If a filter is specified, then save it for later and clear the current filter. + The setting of the filter is done upon completion of clearing of the previous + filter. + */ + switch (p_inqparms->filter_cond_type) + { + case BTM_CLR_INQUIRY_FILTER: + p_inq->state = BTM_INQ_SET_FILT_STATE; + break; + + case BTM_FILTER_COND_DEVICE_CLASS: + case BTM_FILTER_COND_BD_ADDR: + /* The filter is not being used so simply clear it; + the inquiry can start after this operation */ + p_inq->state = BTM_INQ_CLR_FILT_STATE; + p_inqparms->filter_cond_type = BTM_CLR_INQUIRY_FILTER; + /* =============>>>> adding LE filtering here ????? */ + break; + + default: + return (BTM_ILLEGAL_VALUE); + } + + /* Before beginning the inquiry the current filter must be cleared, so initiate the command */ + if ((status = btm_set_inq_event_filter (p_inqparms->filter_cond_type, &p_inqparms->filter_cond)) != BTM_CMD_STARTED) + p_inq->state = BTM_INQ_INACTIVE_STATE; +#endif + return (status); +} + + +/******************************************************************************* +** +** Function BTM_ReadRemoteDeviceName +** +** Description This function initiates a remote device HCI command to the +** controller and calls the callback when the process has completed. +** +** Input Params: remote_bda - device address of name to retrieve +** p_cb - callback function called when BTM_CMD_STARTED +** is returned. +** A pointer to tBTM_REMOTE_DEV_NAME is passed to the +** callback. +** +** Returns +** BTM_CMD_STARTED is returned if the request was successfully sent +** to HCI. +** BTM_BUSY if already in progress +** BTM_UNKNOWN_ADDR if device address is bad +** BTM_NO_RESOURCES if could not allocate resources to start the command +** BTM_WRONG_MODE if the device is not up. +** +*******************************************************************************/ +tBTM_STATUS BTM_ReadRemoteDeviceName (BD_ADDR remote_bda, tBTM_CMPL_CB *p_cb) +{ + tBTM_INQ_INFO *p_cur = NULL; + tINQ_DB_ENT *p_i; + +#if BLE_INCLUDED == TRUE + tBT_DEVICE_TYPE dev_type; + tBLE_ADDR_TYPE addr_type; +#endif + + BTM_TRACE_API6 ("BTM_ReadRemoteDeviceName: bd addr [%02x%02x%02x%02x%02x%02x]", + remote_bda[0], remote_bda[1], remote_bda[2], + remote_bda[3], remote_bda[4], remote_bda[5]); + + /* Use the remote device's clock offset if it is in the local inquiry database */ + if ((p_i = btm_inq_db_find (remote_bda)) != NULL) + { + p_cur = &p_i->inq_info; + +#if (BTM_INQ_GET_REMOTE_NAME == TRUE) + p_cur->remote_name_state = BTM_INQ_RMT_NAME_EMPTY; +#endif + } + BTM_TRACE_API0 ("no device found in inquiry db"); + +#if (BLE_INCLUDED == TRUE) + BTM_ReadDevInfo(remote_bda, &dev_type, &addr_type); + if (dev_type == BT_DEVICE_TYPE_BLE) + { + return btm_ble_read_remote_name(remote_bda, p_cur, p_cb); + } + else +#endif + + return (btm_initiate_rem_name (remote_bda, p_cur, BTM_RMT_NAME_EXT, + BTM_EXT_RMT_NAME_TIMEOUT, p_cb)); +} + +/******************************************************************************* +** +** Function BTM_CancelRemoteDeviceName +** +** Description This function initiates the cancel request for the specified +** remote device. +** +** Input Params: None +** +** Returns +** BTM_CMD_STARTED is returned if the request was successfully sent +** to HCI. +** BTM_NO_RESOURCES if could not allocate resources to start the command +** BTM_WRONG_MODE if there is not an active remote name request. +** +*******************************************************************************/ +tBTM_STATUS BTM_CancelRemoteDeviceName (void) +{ + tBTM_INQUIRY_VAR_ST *p_inq = &btm_cb.btm_inq_vars; + +#if BLE_INCLUDED == TRUE + tBT_DEVICE_TYPE dev_type; + tBLE_ADDR_TYPE addr_type; +#endif + + BTM_TRACE_API0 ("BTM_CancelRemoteDeviceName()"); + + /* Make sure there is not already one in progress */ + if (p_inq->remname_active) + { +#if BLE_INCLUDED == TRUE + BTM_ReadDevInfo(p_inq->remname_bda, &dev_type, &addr_type); + if (dev_type == BT_DEVICE_TYPE_BLE) + { + if (btm_ble_cancel_remote_name(p_inq->remname_bda)) + return (BTM_CMD_STARTED); + else + return (BTM_UNKNOWN_ADDR); + } + else +#endif + if (btsnd_hcic_rmt_name_req_cancel (p_inq->remname_bda)) + return (BTM_CMD_STARTED); + else + return (BTM_NO_RESOURCES); + } + else + return (BTM_WRONG_MODE); +} + +/******************************************************************************* +** +** Function BTM_InqFirstResult +** +** Description This function looks through the inquiry database for the first +** used entrysince the LAST inquiry. This is used in conjunction +** with BTM_InqNext by applications as a way to walk through the +** inquiry results database. +** +** Returns pointer to first in-use entry, or NULL if DB is empty +** +*******************************************************************************/ +tBTM_INQ_INFO *BTM_InqFirstResult (void) +{ + UINT16 xx; + tINQ_DB_ENT *p_ent = btm_cb.btm_inq_vars.inq_db; + UINT32 cur_inq_count = btm_cb.btm_inq_vars.inq_counter - 1; + + for (xx = 0; xx < BTM_INQ_DB_SIZE; xx++, p_ent++) + { + if (p_ent->in_use && p_ent->inq_count == cur_inq_count) + return (&p_ent->inq_info); + } + + /* If here, no used entry found */ + return ((tBTM_INQ_INFO *)NULL); +} + + +/******************************************************************************* +** +** Function BTM_InqNextResult +** +** Description This function looks through the inquiry database for the next +** used entrysince the LAST inquiry. If the input parameter is NULL, +** the first entry is returned. +** +** Returns pointer to next in-use entry, or NULL if no more found. +** +*******************************************************************************/ +tBTM_INQ_INFO *BTM_InqNextResult (tBTM_INQ_INFO *p_cur) +{ + tINQ_DB_ENT *p_ent; + UINT16 inx; + UINT32 cur_inq_count = btm_cb.btm_inq_vars.inq_counter - 1; + + if (p_cur) + { + p_ent = (tINQ_DB_ENT *) ((UINT8 *)p_cur - offsetof (tINQ_DB_ENT, inq_info)); + inx = (UINT16)((p_ent - btm_cb.btm_inq_vars.inq_db) + 1); + + for (p_ent = &btm_cb.btm_inq_vars.inq_db[inx]; inx < BTM_INQ_DB_SIZE; inx++, p_ent++) + { + if (p_ent->in_use && p_ent->inq_count == cur_inq_count) + return (&p_ent->inq_info); + } + + /* If here, more entries found */ + return ((tBTM_INQ_INFO *)NULL); + } + else + return (BTM_InqDbFirst()); +} + + +/******************************************************************************* +** +** Function BTM_InqDbRead +** +** Description This function looks through the inquiry database for a match +** based on Bluetooth Device Address. This is the application's +** interface to get the inquiry details of a specific BD address. +** +** Returns pointer to entry, or NULL if not found +** +*******************************************************************************/ +tBTM_INQ_INFO *BTM_InqDbRead (BD_ADDR p_bda) +{ + UINT16 xx; + tINQ_DB_ENT *p_ent = btm_cb.btm_inq_vars.inq_db; + + BTM_TRACE_API6 ("BTM_InqDbRead: bd addr [%02x%02x%02x%02x%02x%02x]", + p_bda[0], p_bda[1], p_bda[2], p_bda[3], p_bda[4], p_bda[5]); + + for (xx = 0; xx < BTM_INQ_DB_SIZE; xx++, p_ent++) + { + if ((p_ent->in_use) && (!memcmp (p_ent->inq_info.results.remote_bd_addr, p_bda, BD_ADDR_LEN))) + return (&p_ent->inq_info); + } + + /* If here, not found */ + return ((tBTM_INQ_INFO *)NULL); +} + + +/******************************************************************************* +** +** Function BTM_InqDbFirst +** +** Description This function looks through the inquiry database for the first +** used entry, and returns that. This is used in conjunction with +** BTM_InqDbNext by applications as a way to walk through the +** inquiry database. +** +** Returns pointer to first in-use entry, or NULL if DB is empty +** +*******************************************************************************/ +tBTM_INQ_INFO *BTM_InqDbFirst (void) +{ + UINT16 xx; + tINQ_DB_ENT *p_ent = btm_cb.btm_inq_vars.inq_db; + + for (xx = 0; xx < BTM_INQ_DB_SIZE; xx++, p_ent++) + { + if (p_ent->in_use) + return (&p_ent->inq_info); + } + + /* If here, no used entry found */ + return ((tBTM_INQ_INFO *)NULL); +} + + +/******************************************************************************* +** +** Function BTM_InqDbNext +** +** Description This function looks through the inquiry database for the next +** used entry, and returns that. If the input parameter is NULL, +** the first entry is returned. +** +** Returns pointer to next in-use entry, or NULL if no more found. +** +*******************************************************************************/ +tBTM_INQ_INFO *BTM_InqDbNext (tBTM_INQ_INFO *p_cur) +{ + tINQ_DB_ENT *p_ent; + UINT16 inx; + + if (p_cur) + { + p_ent = (tINQ_DB_ENT *) ((UINT8 *)p_cur - offsetof (tINQ_DB_ENT, inq_info)); + inx = (UINT16)((p_ent - btm_cb.btm_inq_vars.inq_db) + 1); + + for (p_ent = &btm_cb.btm_inq_vars.inq_db[inx]; inx < BTM_INQ_DB_SIZE; inx++, p_ent++) + { + if (p_ent->in_use) + return (&p_ent->inq_info); + } + + /* If here, more entries found */ + return ((tBTM_INQ_INFO *)NULL); + } + else + return (BTM_InqDbFirst()); +} + + +/******************************************************************************* +** +** Function BTM_ClearInqDb +** +** Description This function is called to clear out a device or all devices +** from the inquiry database. +** +** Parameter p_bda - (input) BD_ADDR -> Address of device to clear +** (NULL clears all entries) +** +** Returns BTM_BUSY if an inquiry, get remote name, or event filter +** is active, otherwise BTM_SUCCESS +** +*******************************************************************************/ +tBTM_STATUS BTM_ClearInqDb (BD_ADDR p_bda) +{ + tBTM_INQUIRY_VAR_ST *p_inq = &btm_cb.btm_inq_vars; + + /* If an inquiry or remote name is in progress return busy */ + if (p_inq->inq_active != BTM_INQUIRY_INACTIVE || + p_inq->inqfilt_active) + return (BTM_BUSY); + + btm_clr_inq_db(p_bda); + + return (BTM_SUCCESS); +} + + +/******************************************************************************* +** +** Function BTM_ReadNumInqDbEntries +** +** Returns This function returns the number of entries in the inquiry database. +** +*******************************************************************************/ +UINT8 BTM_ReadNumInqDbEntries (void) +{ + UINT8 num_entries; + UINT8 num_results; + tINQ_DB_ENT *p_ent = btm_cb.btm_inq_vars.inq_db; + + for (num_entries = 0, num_results = 0; num_entries < BTM_INQ_DB_SIZE; num_entries++, p_ent++) + { + if (p_ent->in_use) + num_results++; + } + + return (num_results); +} + + +/******************************************************************************* +** +** Function BTM_InquiryRegisterForChanges +** +** Returns This function is called to register a callback for when the +** inquiry database changes, i.e. new entry or entry deleted. +** +*******************************************************************************/ +tBTM_STATUS BTM_InquiryRegisterForChanges (tBTM_INQ_DB_CHANGE_CB *p_cb) +{ + if (!p_cb) + btm_cb.btm_inq_vars.p_inq_change_cb = NULL; + else if (btm_cb.btm_inq_vars.p_inq_change_cb) + return (BTM_BUSY); + else + btm_cb.btm_inq_vars.p_inq_change_cb = p_cb; + + return (BTM_SUCCESS); +} + + +/******************************************************************************* +** +** Function BTM_SetInquiryFilterCallback +** +** Description Host can register to be asked whenever an inquiry result +** is received. If host does not like the device no name +** request is issued for the device +** +** Returns void +** +*******************************************************************************/ +void BTM_SetInquiryFilterCallback (tBTM_FILTER_CB *p_callback) +{ + btm_cb.p_inq_filter_cb = p_callback; +} + +/******************************************************************************* +** +** Function BTM_ReadInquiryRspTxPower +** +** Description This command will read the inquiry Transmit Power level used +** to transmit the FHS and EIR data packets. +** This can be used directly in the Tx Power Level EIR data type. +** +** Returns BTM_SUCCESS if successful +** +*******************************************************************************/ +tBTM_STATUS BTM_ReadInquiryRspTxPower (tBTM_CMPL_CB *p_cb) +{ + if (btm_cb.devcb.p_txpwer_cmpl_cb) + return (BTM_BUSY); + + btu_start_timer (&btm_cb.devcb.txpwer_timer, BTU_TTYPE_BTM_ACL, BTM_INQ_REPLY_TIMEOUT ); + + + btm_cb.devcb.p_txpwer_cmpl_cb = p_cb; + + if (!btsnd_hcic_read_inq_tx_power ()) + { + btm_cb.devcb.p_txpwer_cmpl_cb = NULL; + btu_stop_timer (&btm_cb.devcb.txpwer_timer); + return (BTM_NO_RESOURCES); + } + else + return (BTM_CMD_STARTED); +} +/******************************************************************************* +** +** Function BTM_WriteInquiryTxPower +** +** Description This command is used to write the inquiry transmit power level +** used to transmit the inquiry (ID) data packets. The Controller +** should use the supported TX power level closest to the Tx_Power +** parameter. +** +** Returns BTM_SUCCESS if successful +** +*******************************************************************************/ +tBTM_STATUS BTM_WriteInquiryTxPower (INT8 tx_power) +{ + tBTM_STATUS status = BTM_SUCCESS; + + if (tx_power < BTM_MIN_INQ_TX_POWER || tx_power > BTM_MAX_INQ_TX_POWER) + { + status = BTM_ILLEGAL_VALUE; + } + else if (!btsnd_hcic_write_inq_tx_power(tx_power)) + status = BTM_NO_RESOURCES; + + return status; +} +/********************************************************************************* +********************************************************************************** +** ** +** BTM Internal Inquiry Functions ** +** ** +********************************************************************************** +*********************************************************************************/ +/******************************************************************************* +** +** Function btm_inq_db_reset +** +** Description This function is called at at reset to clear the inquiry +** database & pending callback. +** +** Returns void +** +*******************************************************************************/ +void btm_inq_db_reset (void) +{ + tBTM_REMOTE_DEV_NAME rem_name; + tBTM_INQUIRY_VAR_ST *p_inq = &btm_cb.btm_inq_vars; + UINT8 num_responses; + UINT8 temp_inq_active; + tBTM_STATUS status; + + btu_stop_timer (&p_inq->inq_timer_ent); + + /* If an inquiry or periodic inquiry is active, reset the mode to inactive */ + if (p_inq->inq_active != BTM_INQUIRY_INACTIVE) + { + temp_inq_active = p_inq->inq_active; /* Save so state can change BEFORE + callback is called */ + p_inq->inq_active = BTM_INQUIRY_INACTIVE; + + /* If not a periodic inquiry, the complete callback must be called to notify caller */ + if (temp_inq_active == BTM_LIMITED_INQUIRY_ACTIVE || + temp_inq_active == BTM_GENERAL_INQUIRY_ACTIVE) + { + if (p_inq->p_inq_cmpl_cb) + { + num_responses = 0; + (*p_inq->p_inq_cmpl_cb)(&num_responses); + } + } + } + + /* Cancel a remote name request if active, and notify the caller (if waiting) */ + if (p_inq->remname_active ) + { + btu_stop_timer (&p_inq->rmt_name_timer_ent); + p_inq->remname_active = FALSE; + memset(p_inq->remname_bda, 0, BD_ADDR_LEN); + + if (p_inq->p_remname_cmpl_cb) + { + rem_name.status = BTM_DEV_RESET; + + (*p_inq->p_remname_cmpl_cb)(&rem_name); + p_inq->p_remname_cmpl_cb = NULL; + } + } + + /* Cancel an inquiry filter request if active, and notify the caller (if waiting) */ + if (p_inq->inqfilt_active) + { + p_inq->inqfilt_active = FALSE; + + if (p_inq->p_inqfilter_cmpl_cb) + { + status = BTM_DEV_RESET; + (*p_inq->p_inqfilter_cmpl_cb)(&status); + } + } + + p_inq->state = BTM_INQ_INACTIVE_STATE; + p_inq->pending_filt_complete_event = 0; + p_inq->p_inq_results_cb = NULL; + btm_clr_inq_db(NULL); /* Clear out all the entries in the database */ + btm_clr_inq_result_flt(); + + p_inq->discoverable_mode = BTM_NON_DISCOVERABLE; + p_inq->connectable_mode = BTM_NON_CONNECTABLE; + p_inq->page_scan_type = BTM_SCAN_TYPE_STANDARD; + p_inq->inq_scan_type = BTM_SCAN_TYPE_STANDARD; + +#if BLE_INCLUDED == TRUE + p_inq->discoverable_mode |= BTM_BLE_NON_DISCOVERABLE; + p_inq->connectable_mode |= BTM_BLE_NON_CONNECTABLE; +#endif + return; +} + + +/********************************************************************************* +** +** Function btm_inq_db_init +** +** Description This function is called at startup to initialize the inquiry +** database. +** +** Returns void +** +*******************************************************************************/ +void btm_inq_db_init (void) +{ +#if 0 /* cleared in btm_init; put back in if called from anywhere else! */ + memset (&btm_cb.btm_inq_vars, 0, sizeof (tBTM_INQUIRY_VAR_ST)); +#endif + btm_cb.btm_inq_vars.no_inc_ssp = BTM_NO_SSP_ON_INQUIRY; +} + +/********************************************************************************* +** +** Function btm_inq_stop_on_ssp +** +** Description This function is called on incoming SSP +** +** Returns void +** +*******************************************************************************/ +void btm_inq_stop_on_ssp(void) +{ + UINT8 normal_active = (BTM_GENERAL_INQUIRY_ACTIVE|BTM_LIMITED_INQUIRY_ACTIVE); + +#if (BTM_INQ_DEBUG == TRUE) + BTM_TRACE_DEBUG4 ("btm_inq_stop_on_ssp: no_inc_ssp=%d inq_active:0x%x state:%d inqfilt_active:%d", + btm_cb.btm_inq_vars.no_inc_ssp, btm_cb.btm_inq_vars.inq_active, btm_cb.btm_inq_vars.state, btm_cb.btm_inq_vars.inqfilt_active); +#endif + if (btm_cb.btm_inq_vars.no_inc_ssp) + { + if (btm_cb.btm_inq_vars.state == BTM_INQ_ACTIVE_STATE) + { + if (btm_cb.btm_inq_vars.inq_active & BTM_PERIODIC_INQUIRY_ACTIVE) + { + BTM_CancelPeriodicInquiry(); + } + else if (btm_cb.btm_inq_vars.inq_active & normal_active) + { + /* can not call BTM_CancelInquiry() here. We need to report inquiry complete evt */ + btsnd_hcic_inq_cancel(); + } + } + /* do not allow inquiry to start */ + btm_cb.btm_inq_vars.inq_active |= BTM_SSP_INQUIRY_ACTIVE; + } +} + +/********************************************************************************* +** +** Function btm_inq_clear_ssp +** +** Description This function is called when pairing_state becomes idle +** +** Returns void +** +*******************************************************************************/ +void btm_inq_clear_ssp(void) +{ + btm_cb.btm_inq_vars.inq_active &= ~BTM_SSP_INQUIRY_ACTIVE; +} + +/********************************************************************************* +** +** Function btm_clr_inq_db +** +** Description This function is called to clear out a device or all devices +** from the inquiry database. +** +** Parameter p_bda - (input) BD_ADDR -> Address of device to clear +** (NULL clears all entries) +** +** Returns void +** +*******************************************************************************/ +void btm_clr_inq_db (BD_ADDR p_bda) +{ + tBTM_INQUIRY_VAR_ST *p_inq = &btm_cb.btm_inq_vars; + tINQ_DB_ENT *p_ent = p_inq->inq_db; + UINT16 xx; + +#if (BTM_INQ_DEBUG == TRUE) + BTM_TRACE_DEBUG2 ("btm_clr_inq_db: inq_active:0x%x state:%d", + btm_cb.btm_inq_vars.inq_active, btm_cb.btm_inq_vars.state); +#endif + for (xx = 0; xx < BTM_INQ_DB_SIZE; xx++, p_ent++) + { + if (p_ent->in_use) + { + /* If this is the specified BD_ADDR or clearing all devices */ + if (p_bda == NULL || + (!memcmp (p_ent->inq_info.results.remote_bd_addr, p_bda, BD_ADDR_LEN))) + { + p_ent->in_use = FALSE; +#if (BTM_INQ_GET_REMOTE_NAME == TRUE) + p_ent->inq_info.remote_name_state = BTM_INQ_RMT_NAME_EMPTY; +#endif + + if (btm_cb.btm_inq_vars.p_inq_change_cb) + (*btm_cb.btm_inq_vars.p_inq_change_cb) (&p_ent->inq_info, FALSE); + } + } + } +#if (BTM_INQ_DEBUG == TRUE) + BTM_TRACE_DEBUG2 ("inq_active:0x%x state:%d", + btm_cb.btm_inq_vars.inq_active, btm_cb.btm_inq_vars.state); +#endif +} + + +/******************************************************************************* +** +** Function btm_clr_inq_result_flt +** +** Description This function looks through the bdaddr database for a match +** based on Bluetooth Device Address +** +** Returns TRUE if found, else FALSE (new entry) +** +*******************************************************************************/ +static void btm_clr_inq_result_flt (void) +{ +#if BTM_USE_INQ_RESULTS_FILTER == TRUE + tBTM_INQUIRY_VAR_ST *p_inq = &btm_cb.btm_inq_vars; + + if (p_inq->p_bd_db) + { + GKI_freebuf(p_inq->p_bd_db); + p_inq->p_bd_db = NULL; + } + p_inq->num_bd_entries = 0; + p_inq->max_bd_entries = 0; +#endif +} + +/******************************************************************************* +** +** Function btm_inq_find_bdaddr +** +** Description This function looks through the bdaddr database for a match +** based on Bluetooth Device Address +** +** Returns TRUE if found, else FALSE (new entry) +** +*******************************************************************************/ +BOOLEAN btm_inq_find_bdaddr (BD_ADDR p_bda) +{ +#if BTM_USE_INQ_RESULTS_FILTER == TRUE + tBTM_INQUIRY_VAR_ST *p_inq = &btm_cb.btm_inq_vars; + tINQ_BDADDR *p_db = &p_inq->p_bd_db[0]; + UINT16 xx; + + /* Don't bother searching, database doesn't exist or periodic mode */ + if ((p_inq->inq_active & BTM_PERIODIC_INQUIRY_ACTIVE) || !p_db) + return (FALSE); + + for (xx = 0; xx < p_inq->num_bd_entries; xx++, p_db++) + { + if (!memcmp(p_db->bd_addr, p_bda, BD_ADDR_LEN) + && p_db->inq_count == p_inq->inq_counter) + return (TRUE); + } + + if (xx < p_inq->max_bd_entries) + { + p_db->inq_count = p_inq->inq_counter; + memcpy(p_db->bd_addr, p_bda, BD_ADDR_LEN); + p_inq->num_bd_entries++; + } + +#endif + /* If here, New Entry */ + return (FALSE); +} + +/******************************************************************************* +** +** Function btm_inq_db_find +** +** Description This function looks through the inquiry database for a match +** based on Bluetooth Device Address +** +** Returns pointer to entry, or NULL if not found +** +*******************************************************************************/ +tINQ_DB_ENT *btm_inq_db_find (BD_ADDR p_bda) +{ + UINT16 xx; + tINQ_DB_ENT *p_ent = btm_cb.btm_inq_vars.inq_db; + + for (xx = 0; xx < BTM_INQ_DB_SIZE; xx++, p_ent++) + { + if ((p_ent->in_use) && (!memcmp (p_ent->inq_info.results.remote_bd_addr, p_bda, BD_ADDR_LEN))) + return (p_ent); + } + + /* If here, not found */ + return (NULL); +} + + +/******************************************************************************* +** +** Function btm_inq_db_new +** +** Description This function looks through the inquiry database for an unused +** entry. If no entry is free, it allocates the oldest entry. +** +** Returns pointer to entry +** +*******************************************************************************/ +tINQ_DB_ENT *btm_inq_db_new (BD_ADDR p_bda) +{ + UINT16 xx; + tINQ_DB_ENT *p_ent = btm_cb.btm_inq_vars.inq_db; + tINQ_DB_ENT *p_old = btm_cb.btm_inq_vars.inq_db; + UINT32 ot = 0xFFFFFFFF; + + for (xx = 0; xx < BTM_INQ_DB_SIZE; xx++, p_ent++) + { + if (!p_ent->in_use) + { + memset (p_ent, 0, sizeof (tINQ_DB_ENT)); + memcpy (p_ent->inq_info.results.remote_bd_addr, p_bda, BD_ADDR_LEN); + p_ent->in_use = TRUE; + +#if (BTM_INQ_GET_REMOTE_NAME==TRUE) + p_ent->inq_info.remote_name_state = BTM_INQ_RMT_NAME_EMPTY; +#endif + + return (p_ent); + } + + if (p_ent->time_of_resp < ot) + { + p_old = p_ent; + ot = p_ent->time_of_resp; + } + } + + /* If here, no free entry found. Return the oldest. */ + + /* Before deleting the oldest, if anyone is registered for change */ + /* notifications, then tell him we are deleting an entry. */ + if (btm_cb.btm_inq_vars.p_inq_change_cb) + (*btm_cb.btm_inq_vars.p_inq_change_cb) (&p_old->inq_info, FALSE); + + memset (p_old, 0, sizeof (tINQ_DB_ENT)); + memcpy (p_old->inq_info.results.remote_bd_addr, p_bda, BD_ADDR_LEN); + p_old->in_use = TRUE; + +#if (BTM_INQ_GET_REMOTE_NAME==TRUE) + p_old->inq_info.remote_name_state = BTM_INQ_RMT_NAME_EMPTY; +#endif + + return (p_old); +} + + +/******************************************************************************* +** +** Function btm_set_inq_event_filter +** +** Description This function is called to set the inquiry event filter. +** It is called by either internally, or by the external API function +** (BTM_SetInqEventFilter). It is used internally as part of the +** inquiry processing. +** +** Input Params: +** filter_cond_type - this is the type of inquiry filter to apply: +** BTM_FILTER_COND_DEVICE_CLASS, +** BTM_FILTER_COND_BD_ADDR, or +** BTM_CLR_INQUIRY_FILTER +** +** p_filt_cond - this is either a BD_ADDR or DEV_CLASS depending on the +** filter_cond_type (See section 4.7.3 of Core Spec 1.0b). +** +** Returns BTM_CMD_STARTED if successfully initiated +** BTM_NO_RESOURCES if couldn't get a memory pool buffer +** BTM_ILLEGAL_VALUE if a bad parameter was detected +** +*******************************************************************************/ +static tBTM_STATUS btm_set_inq_event_filter (UINT8 filter_cond_type, + tBTM_INQ_FILT_COND *p_filt_cond) +{ + UINT8 condition_length = DEV_CLASS_LEN * 2; + UINT8 condition_buf[DEV_CLASS_LEN * 2]; + UINT8 *p_cond = condition_buf; /* points to the condition to pass to HCI */ + +#if (BTM_INQ_DEBUG == TRUE) + BTM_TRACE_DEBUG1 ("btm_set_inq_event_filter: filter type %d [Clear-0, COD-1, BDADDR-2]", + filter_cond_type); + BTM_TRACE_DEBUG6 (" condition [%02x%02x%02x %02x%02x%02x]", + p_filt_cond->bdaddr_cond[0], p_filt_cond->bdaddr_cond[1], p_filt_cond->bdaddr_cond[2], + p_filt_cond->bdaddr_cond[3], p_filt_cond->bdaddr_cond[4], p_filt_cond->bdaddr_cond[5]); +#endif + + /* Load the correct filter condition to pass to the lower layer */ + switch (filter_cond_type) + { + case BTM_FILTER_COND_DEVICE_CLASS: + /* copy the device class and device class fields into contiguous memory to send to HCI */ + memcpy (condition_buf, p_filt_cond->cod_cond.dev_class, DEV_CLASS_LEN); + memcpy (&condition_buf[DEV_CLASS_LEN], + p_filt_cond->cod_cond.dev_class_mask, DEV_CLASS_LEN); + + /* condition length should already be set as the default */ + break; + + case BTM_FILTER_COND_BD_ADDR: + p_cond = p_filt_cond->bdaddr_cond; + + /* condition length should already be set as the default */ + break; + + case BTM_CLR_INQUIRY_FILTER: + condition_length = 0; + break; + + default: + return (BTM_ILLEGAL_VALUE); /* Bad parameter was passed in */ + } + + btm_cb.btm_inq_vars.inqfilt_active = TRUE; + + /* Filter the inquiry results for the specified condition type and value */ + if (btsnd_hcic_set_event_filter(HCI_FILTER_INQUIRY_RESULT, filter_cond_type, + p_cond, condition_length)) + + return (BTM_CMD_STARTED); + else + return (BTM_NO_RESOURCES); +} + + +/******************************************************************************* +** +** Function btm_event_filter_complete +** +** Description This function is called when a set event filter has completed. +** Note: This routine currently only handles inquiry filters. +** Connection filters are ignored for now. +** +** Returns void +** +*******************************************************************************/ +void btm_event_filter_complete (UINT8 *p) +{ + UINT8 hci_status; + tBTM_STATUS status; + tBTM_INQUIRY_VAR_ST *p_inq = &btm_cb.btm_inq_vars; + tBTM_CMPL_CB *p_cb = p_inq->p_inqfilter_cmpl_cb; + +#if (BTM_INQ_DEBUG == TRUE) + BTM_TRACE_DEBUG3 ("btm_event_filter_complete: inq_active:0x%x state:%d inqfilt_active:%d", + btm_cb.btm_inq_vars.inq_active, btm_cb.btm_inq_vars.state, btm_cb.btm_inq_vars.inqfilt_active); +#endif + /* If the filter complete event is from an old or cancelled request, ignore it */ + if(p_inq->pending_filt_complete_event) + { + p_inq->pending_filt_complete_event--; + return; + } + + /* Only process the inquiry filter; Ignore the connection filter until it + is used by the upper layers */ + if (p_inq->inqfilt_active == TRUE ) + { + /* Extract the returned status from the buffer */ + STREAM_TO_UINT8 (hci_status, p); + if (hci_status != HCI_SUCCESS) + { + /* If standalone operation, return the error status; if embedded in the inquiry, continue the inquiry */ + BTM_TRACE_WARNING1 ("BTM Warning: Set Event Filter Failed (HCI returned 0x%x)", hci_status); + status = BTM_ERR_PROCESSING; + } + else + status = BTM_SUCCESS; + + /* If the set filter was initiated externally (via BTM_SetInqEventFilter), call the + callback function to notify the initiator that it has completed */ + if (p_inq->state == BTM_INQ_INACTIVE_STATE) + { + p_inq->inqfilt_active = FALSE; + if (p_cb) + (*p_cb) (&status); + } + else /* An inquiry is active (the set filter command was internally generated), + process the next state of the process (Set a new filter or start the inquiry). */ + { + if(status != BTM_SUCCESS) + { + /* Process the inquiry complete (Error Status) */ + btm_process_inq_complete (BTM_ERR_PROCESSING, (UINT8)(p_inq->inqparms.mode & BTM_BR_INQUIRY_MASK)); + + /* btm_process_inq_complete() does not restore the following settings on periodic inquiry */ + p_inq->inqfilt_active = FALSE; + p_inq->inq_active = BTM_INQUIRY_INACTIVE; + p_inq->state = BTM_INQ_INACTIVE_STATE; + + return; + } + + /* Check to see if a new filter needs to be set up */ + if (p_inq->state == BTM_INQ_CLR_FILT_STATE) + { + if ((status = btm_set_inq_event_filter (p_inq->inqparms.filter_cond_type, &p_inq->inqparms.filter_cond)) == BTM_CMD_STARTED) + { + p_inq->state = BTM_INQ_SET_FILT_STATE; + } + else /* Error setting the filter: Call the initiator's callback function to indicate a failure */ + { + p_inq->inqfilt_active = FALSE; + + /* Process the inquiry complete (Error Status) */ + btm_process_inq_complete (BTM_ERR_PROCESSING, (UINT8)(p_inq->inqparms.mode & BTM_BR_INQUIRY_MASK)); + } + } + else /* Initiate the Inquiry or Periodic Inquiry */ + { + p_inq->state = BTM_INQ_ACTIVE_STATE; + p_inq->inqfilt_active = FALSE; + btm_initiate_inquiry (p_inq); + } + } + } +} + + +/******************************************************************************* +** +** Function btm_initiate_inquiry +** +** Description This function is called to start an inquiry or periodic inquiry +** upon completion of the setting and/or clearing of the inquiry filter. +** +** Inputs: p_inq (btm_cb.btm_inq_vars) - pointer to saved inquiry information +** mode - GENERAL or LIMITED inquiry +** duration - length in 1.28 sec intervals (If '0', the inquiry is CANCELLED) +** max_resps - maximum amount of devices to search for before ending the inquiry +** filter_cond_type - BTM_CLR_INQUIRY_FILTER, BTM_FILTER_COND_DEVICE_CLASS, or +** BTM_FILTER_COND_BD_ADDR +** filter_cond - value for the filter (based on filter_cond_type) +** +** Returns If an error occurs the initiator's callback is called with the error status. +** +*******************************************************************************/ +static void btm_initiate_inquiry (tBTM_INQUIRY_VAR_ST *p_inq) +{ + const LAP *lap; + tBTM_INQ_PARMS *p_inqparms = &p_inq->inqparms; + +#if (BTM_INQ_DEBUG == TRUE) + BTM_TRACE_DEBUG3 ("btm_initiate_inquiry: inq_active:0x%x state:%d inqfilt_active:%d", + btm_cb.btm_inq_vars.inq_active, btm_cb.btm_inq_vars.state, btm_cb.btm_inq_vars.inqfilt_active); +#endif +#if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE) + btm_acl_update_busy_level (BTM_BLI_INQ_EVT); +#endif + + if (p_inq->inq_active & BTM_SSP_INQUIRY_ACTIVE) + { + btm_process_inq_complete (BTM_NO_RESOURCES, (UINT8)(p_inqparms->mode & BTM_BR_INQUIRY_MASK)); + return; + } + + /* Make sure the number of responses doesn't overflow the database configuration */ + p_inqparms->max_resps = (UINT8)((p_inqparms->max_resps <= BTM_INQ_DB_SIZE) ? p_inqparms->max_resps : BTM_INQ_DB_SIZE); + + lap = (p_inq->inq_active & BTM_LIMITED_INQUIRY_ACTIVE) ? &limited_inq_lap : &general_inq_lap; + + if (p_inq->inq_active & BTM_PERIODIC_INQUIRY_ACTIVE) + { + if (!btsnd_hcic_per_inq_mode (p_inq->per_max_delay, + p_inq->per_min_delay, + *lap, p_inqparms->duration, + p_inqparms->max_resps)) + btm_process_inq_complete (BTM_NO_RESOURCES, (UINT8)(p_inqparms->mode & BTM_BR_INQUIRY_MASK)); + } + else + { +#if BTM_USE_INQ_RESULTS_FILTER == TRUE + btm_clr_inq_result_flt(); + + /* Allocate memory to hold bd_addrs responding */ + if ((p_inq->p_bd_db = (tINQ_BDADDR *)GKI_getbuf(GKI_MAX_BUF_SIZE)) != NULL) + { + p_inq->max_bd_entries = (UINT16)(GKI_MAX_BUF_SIZE / sizeof(tINQ_BDADDR)); + memset(p_inq->p_bd_db, 0, GKI_MAX_BUF_SIZE); +/* BTM_TRACE_DEBUG1("btm_initiate_inquiry: memory allocated for %d bdaddrs", + p_inq->max_bd_entries); */ + } + + if (!btsnd_hcic_inquiry(*lap, p_inqparms->duration, 0)) +#else + if (!btsnd_hcic_inquiry(*lap, p_inqparms->duration, p_inqparms->max_resps)) +#endif /* BTM_USE_INQ_RESULTS_FILTER */ + btm_process_inq_complete (BTM_NO_RESOURCES, (UINT8)(p_inqparms->mode & BTM_BR_INQUIRY_MASK)); + } +} + +/******************************************************************************* +** +** Function btm_process_inq_results +** +** Description This function is called when inquiry results are received from +** the device. It updates the inquiry database. If the inquiry +** database is full, the oldest entry is discarded. +** +** Parameters inq_res_mode - BTM_INQ_RESULT_STANDARD +** BTM_INQ_RESULT_WITH_RSSI +** BTM_INQ_RESULT_EXTENDED +** +** Returns void +** +*******************************************************************************/ +void btm_process_inq_results (UINT8 *p, UINT8 inq_res_mode) +{ + UINT8 num_resp, xx; + BD_ADDR bda; + tINQ_DB_ENT *p_i; + tBTM_INQ_RESULTS *p_cur; + BOOLEAN is_new = TRUE; + BOOLEAN update = FALSE; + INT8 i_rssi; + tBTM_INQUIRY_VAR_ST *p_inq = &btm_cb.btm_inq_vars; + tBTM_INQ_RESULTS_CB *p_inq_results_cb = p_inq->p_inq_results_cb; + UINT8 page_scan_rep_mode = 0; + UINT8 page_scan_per_mode = 0; + UINT8 page_scan_mode = 0; + UINT8 rssi = 0; + DEV_CLASS dc; + UINT16 clock_offset; +#if (BTM_EIR_CLIENT_INCLUDED == TRUE) + UINT8 *p_eir_data = NULL; +#if (BTM_INQ_GET_REMOTE_NAME==TRUE) + UINT8 remote_name_len; +#endif +#endif + +#if (BTM_INQ_DEBUG == TRUE) + BTM_TRACE_DEBUG3 ("btm_process_inq_results inq_active:0x%x state:%d inqfilt_active:%d", + btm_cb.btm_inq_vars.inq_active, btm_cb.btm_inq_vars.state, btm_cb.btm_inq_vars.inqfilt_active); +#endif + /* Only process the results if the inquiry is still active */ + if (!p_inq->inq_active) + return; + + STREAM_TO_UINT8 (num_resp, p); + + for (xx = 0; xx < num_resp; xx++) + { + update = FALSE; + /* Extract inquiry results */ + STREAM_TO_BDADDR (bda, p); + STREAM_TO_UINT8 (page_scan_rep_mode, p); + STREAM_TO_UINT8 (page_scan_per_mode, p); + + if (inq_res_mode == BTM_INQ_RESULT_STANDARD) + { + STREAM_TO_UINT8(page_scan_mode, p); + } + + STREAM_TO_DEVCLASS (dc, p); + STREAM_TO_UINT16 (clock_offset, p); + if (inq_res_mode != BTM_INQ_RESULT_STANDARD) + { + STREAM_TO_UINT8(rssi, p); + } + + p_i = btm_inq_db_find (bda); + +#if BTM_USE_INQ_RESULTS_FILTER == TRUE + /* Only process the num_resp is smaller than max_resps. + If results are queued to BTU task while canceling inquiry, + or when more than one result is in this response, > max_resp + responses could be processed which can confuse some apps + */ + if (p_inq->inqparms.max_resps && + p_inq->inq_cmpl_info.num_resp >= p_inq->inqparms.max_resps +#if BLE_INCLUDED == TRUE + /* new device response */ + && ( p_i == NULL || + /* exisiting device with BR/EDR info */ + (p_i && (p_i->inq_info.results.device_type & BT_DEVICE_TYPE_BREDR) != 0) + ) +#endif + + ) + { +/* BTM_TRACE_WARNING0("INQ RES: Extra Response Received...ignoring"); */ + return; + } +#endif + + /* Check if this address has already been processed for this inquiry */ + if (btm_inq_find_bdaddr(bda)) + { +/* BTM_TRACE_DEBUG6("BDA seen before [%02x%02x %02x%02x %02x%02x]", + bda[0], bda[1], bda[2], bda[3], bda[4], bda[5]);*/ + /* By default suppose no update needed */ + i_rssi = (INT8)rssi; + + /* If this new RSSI is higher than the last one */ + if(p_inq->inqparms.report_dup && (rssi != 0) && + p_i && (i_rssi > p_i->inq_info.results.rssi || p_i->inq_info.results.rssi == 0 +#if BLE_INCLUDED == TRUE + /* BR/EDR inquiry information update */ + || (p_i->inq_info.results.device_type & BT_DEVICE_TYPE_BREDR) != 0 +#endif + )) + { + p_cur = &p_i->inq_info.results; + BTM_TRACE_DEBUG2("update RSSI new:%d, old:%d", i_rssi, p_cur->rssi); + p_cur->rssi = i_rssi; + update = TRUE; + } + /* If we received a second Extended Inq Event for an already */ + /* discovered device, this is because for the first one EIR was not received */ + else if ((inq_res_mode == BTM_INQ_RESULT_EXTENDED) && (p_i)) + { + p_cur = &p_i->inq_info.results; + update = TRUE; + } + /* If no update needed continue with next response (if any) */ + else + continue; + } + + /* Host can be registered to verify comming BDA or DC */ + if (btm_cb.p_inq_filter_cb) + { + if (!(* btm_cb.p_inq_filter_cb) (bda, dc)) + { + continue; + } + } + + /* If existing entry, use that, else get a new one (possibly reusing the oldest) */ + if (p_i == NULL) + { + p_i = btm_inq_db_new (bda); + is_new = TRUE; + } + + /* If an entry for the device already exists, overwrite it ONLY if it is from + a previous inquiry. (Ignore it if it is a duplicate response from the same + inquiry. + */ + else if (p_i->inq_count == p_inq->inq_counter +#if (BLE_INCLUDED == TRUE ) + && (p_i->inq_info.results.device_type & BT_DEVICE_TYPE_BREDR) +#endif + ) + is_new = FALSE; + + /* keep updating RSSI to have latest value */ + if( inq_res_mode != BTM_INQ_RESULT_STANDARD ) + p_i->inq_info.results.rssi = (INT8)rssi; + else + p_i->inq_info.results.rssi = BTM_INQ_RES_IGNORE_RSSI; + + if (is_new == TRUE) + { + /* Save the info */ + p_cur = &p_i->inq_info.results; + p_cur->page_scan_rep_mode = page_scan_rep_mode; + p_cur->page_scan_per_mode = page_scan_per_mode; + p_cur->page_scan_mode = page_scan_mode; + p_cur->dev_class[0] = dc[0]; + p_cur->dev_class[1] = dc[1]; + p_cur->dev_class[2] = dc[2]; + p_cur->clock_offset = clock_offset | BTM_CLOCK_OFFSET_VALID; + + p_i->time_of_resp = GKI_get_tick_count (); + + if (p_i->inq_count != p_inq->inq_counter) + p_inq->inq_cmpl_info.num_resp++; /* A new response was found */ + +#if (defined BLE_INCLUDED && BLE_INCLUDED == TRUE) + p_cur->inq_result_type = BTM_INQ_RESULT_BR; + if (p_i->inq_count != p_inq->inq_counter) + { + p_cur->device_type = BT_DEVICE_TYPE_BREDR; + p_i->scan_rsp = FALSE; + } + else + p_cur->device_type |= BT_DEVICE_TYPE_BREDR; +#endif + p_i->inq_count = p_inq->inq_counter; /* Mark entry for current inquiry */ + +#if BTM_USE_INQ_RESULTS_FILTER == TRUE + /* If the number of responses found and not unlimited, issue a cancel inquiry */ + if (!(p_inq->inq_active & BTM_PERIODIC_INQUIRY_ACTIVE) && + p_inq->inqparms.max_resps && + p_inq->inq_cmpl_info.num_resp == p_inq->inqparms.max_resps +#if BLE_INCLUDED == TRUE + /* BLE scanning is active and received adv */ + && ((((p_inq->inqparms.mode & BTM_BLE_INQUIRY_MASK) != 0) && + p_cur->device_type == BT_DEVICE_TYPE_DUMO && p_i->scan_rsp) || + (p_inq->inqparms.mode & BTM_BLE_INQUIRY_MASK) == 0) +#endif + ) + { +/* BTM_TRACE_DEBUG0("BTMINQ: Found devices, cancelling inquiry..."); */ + btsnd_hcic_inq_cancel(); + +#if BLE_INCLUDED == TRUE + if ((p_inq->inqparms.mode & BTM_BLE_INQUIRY_MASK) != 0) + btm_ble_stop_scan(); +#endif + + +#if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE) + btm_acl_update_busy_level (BTM_BLI_INQ_DONE_EVT); +#endif + } +#endif + /* Initialize flag to FALSE. This flag is set/used by application */ + p_i->inq_info.appl_knows_rem_name = FALSE; + } + + if (is_new || update) + { +#if (BTM_INQ_GET_REMOTE_NAME==TRUE) +#if (BTM_EIR_CLIENT_INCLUDED == TRUE) + if( inq_res_mode == BTM_INQ_RESULT_EXTENDED ) + { + if((p_eir_data = BTM_CheckEirData( p, BTM_EIR_COMPLETE_LOCAL_NAME_TYPE, + &remote_name_len )) == NULL) + { + p_eir_data = BTM_CheckEirData( p, BTM_EIR_SHORTENED_LOCAL_NAME_TYPE, + &remote_name_len ); + } + + if( p_eir_data ) + { + if( remote_name_len > BTM_MAX_REM_BD_NAME_LEN ) + remote_name_len = BTM_MAX_REM_BD_NAME_LEN; + + p_i->inq_info.remote_name_len = remote_name_len; + memcpy( p_i->inq_info.remote_name, p_eir_data, p_i->inq_info.remote_name_len ); + p_i->inq_info.remote_name[p_i->inq_info.remote_name_len] = 0; + p_i->inq_info.remote_name_state = BTM_INQ_RMT_NAME_DONE; + } + else + p_i->inq_info.remote_name_state = BTM_INQ_RMT_NAME_EMPTY; + } + else +#endif + { + /* Clear out the device name so that it can be re-read */ + p_i->inq_info.remote_name_state = BTM_INQ_RMT_NAME_EMPTY; + } +#endif /*(BTM_INQ_GET_REMOTE_NAME==TRUE)*/ + +#if (BTM_EIR_CLIENT_INCLUDED == TRUE) + if( inq_res_mode == BTM_INQ_RESULT_EXTENDED ) + { + memset( p_cur->eir_uuid, 0, + BTM_EIR_SERVICE_ARRAY_SIZE * (BTM_EIR_ARRAY_BITS/8)); + /* set bit map of UUID list from received EIR */ + btm_set_eir_uuid( p, p_cur ); + p_eir_data = p; + } + else + p_eir_data = NULL; +#endif + + /* If a callback is registered, call it with the results */ + if (p_inq_results_cb) +#if (BTM_EIR_CLIENT_INCLUDED == TRUE) + (p_inq_results_cb)((tBTM_INQ_RESULTS *) p_cur, p_eir_data); +#else + (p_inq_results_cb)((tBTM_INQ_RESULTS *) p_cur, NULL); +#endif + + /* If anyone is registered for change notifications, then tell him we added an entry. */ + if (p_inq->p_inq_change_cb) + (*p_inq->p_inq_change_cb) (&p_i->inq_info, TRUE); + } + } +} + +/******************************************************************************* +** +** Function btm_sort_inq_result +** +** Description This function is called when inquiry complete is received +** from the device to sort inquiry results based on rssi. +** +** Returns void +** +*******************************************************************************/ +void btm_sort_inq_result(void) +{ + UINT8 xx, yy, num_resp; + tINQ_DB_ENT *p_tmp = NULL; + tINQ_DB_ENT *p_ent = btm_cb.btm_inq_vars.inq_db; + tINQ_DB_ENT *p_next = btm_cb.btm_inq_vars.inq_db+1; + int size; + + num_resp = (btm_cb.btm_inq_vars.inq_cmpl_info.num_resp<BTM_INQ_DB_SIZE)? + btm_cb.btm_inq_vars.inq_cmpl_info.num_resp: BTM_INQ_DB_SIZE; + + if((p_tmp = (tINQ_DB_ENT *)GKI_getbuf(sizeof(tINQ_DB_ENT))) != NULL) + { + size = sizeof(tINQ_DB_ENT); + for(xx = 0; xx < num_resp-1; xx++, p_ent++) + { + for(yy = xx+1, p_next = p_ent+1; yy < num_resp; yy++, p_next++) + { + if(p_ent->inq_info.results.rssi < p_next->inq_info.results.rssi) + { + memcpy (p_tmp, p_next, size); + memcpy (p_next, p_ent, size); + memcpy (p_ent, p_tmp, size); + } + } + } + + GKI_freebuf(p_tmp); + } +} + +/******************************************************************************* +** +** Function btm_process_inq_complete +** +** Description This function is called when inquiry complete is received +** from the device. Call the callback if not in periodic inquiry +** mode AND it is not NULL (The caller wants the event). +** +** The callback pass back the status and the number of responses +** +** Returns void +** +*******************************************************************************/ +void btm_process_inq_complete (UINT8 status, UINT8 mode) +{ + tBTM_CMPL_CB *p_inq_cb = btm_cb.btm_inq_vars.p_inq_cmpl_cb; + tBTM_INQUIRY_VAR_ST *p_inq = &btm_cb.btm_inq_vars; + +#if (BTM_INQ_GET_REMOTE_NAME==TRUE) + tBTM_INQ_INFO *p_cur; + UINT8 tempstate; +#endif + + p_inq->inqparms.mode &= ~(mode); + +#if (BTM_INQ_DEBUG == TRUE) + BTM_TRACE_DEBUG3 ("btm_process_inq_complete inq_active:0x%x state:%d inqfilt_active:%d", + btm_cb.btm_inq_vars.inq_active, btm_cb.btm_inq_vars.state, btm_cb.btm_inq_vars.inqfilt_active); +#endif +#if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE) + btm_acl_update_busy_level (BTM_BLI_INQ_DONE_EVT); +#endif + /* Ignore any stray or late complete messages if the inquiry is not active */ + if (p_inq->inq_active) + { + p_inq->inq_cmpl_info.status = (tBTM_STATUS)((status == HCI_SUCCESS) ? BTM_SUCCESS : BTM_ERR_PROCESSING); + +#if (BTM_INQ_GET_REMOTE_NAME==TRUE) + if (p_inq->inq_cmpl_info.status == BTM_SUCCESS) + { + for (p_cur = BTM_InqDbFirst(); p_cur; p_cur = BTM_InqDbNext (p_cur)) + { + if (p_cur->remote_name_state == BTM_INQ_RMT_NAME_EMPTY) + { + tempstate = p_cur->remote_name_state; + p_cur->remote_name_state = BTM_INQ_RMT_NAME_PENDING; + + if (btm_initiate_rem_name (p_cur->results.remote_bd_addr, + p_cur, BTM_RMT_NAME_INQ, + BTM_INQ_RMT_NAME_TIMEOUT, NULL) != BTM_CMD_STARTED) + p_cur->remote_name_state = tempstate; + else + return; + } + } + } +#endif + + /* Notify caller that the inquiry has completed; (periodic inquiries do not send completion events */ + if (!(p_inq->inq_active & BTM_PERIODIC_INQUIRY_ACTIVE) && p_inq->inqparms.mode == 0) + { + p_inq->state = BTM_INQ_INACTIVE_STATE; + + /* Increment so the start of a next inquiry has a new count */ + p_inq->inq_counter++; + + btm_clr_inq_result_flt(); + + if((p_inq->inq_cmpl_info.status == BTM_SUCCESS) && HCI_LMP_INQ_RSSI_SUPPORTED(btm_cb.devcb.local_features)) + { + btm_sort_inq_result(); + } + + /* Clear the results callback if set */ + p_inq->p_inq_results_cb = (tBTM_INQ_RESULTS_CB *) NULL; + p_inq->inq_active = BTM_INQUIRY_INACTIVE; + p_inq->p_inq_cmpl_cb = (tBTM_CMPL_CB *) NULL; + + /* If we have a callback registered for inquiry complete, call it */ + BTM_TRACE_DEBUG2 ("BTM Inq Compl Callback: status 0x%02x, num results %d", + p_inq->inq_cmpl_info.status, p_inq->inq_cmpl_info.num_resp); + + if (p_inq_cb) + (p_inq_cb)((tBTM_INQUIRY_CMPL *) &p_inq->inq_cmpl_info); + } + + } +#if (BTM_INQ_DEBUG == TRUE) + BTM_TRACE_DEBUG3 ("inq_active:0x%x state:%d inqfilt_active:%d", + btm_cb.btm_inq_vars.inq_active, btm_cb.btm_inq_vars.state, btm_cb.btm_inq_vars.inqfilt_active); +#endif +} + +/******************************************************************************* +** +** Function btm_initiate_rem_name +** +** Description This function looks initiates a remote name request. It is called +** either by GAP or by the API call BTM_ReadRemoteDeviceName. +** +** Input Params: p_cur - pointer to an inquiry result structure (NULL if nonexistent) +** p_cb - callback function called when BTM_CMD_STARTED +** is returned. +** A pointer to tBTM_REMOTE_DEV_NAME is passed to the +** callback. +** +** Returns +** BTM_CMD_STARTED is returned if the request was sent to HCI. +** BTM_BUSY if already in progress +** BTM_NO_RESOURCES if could not allocate resources to start the command +** BTM_WRONG_MODE if the device is not up. +** +*******************************************************************************/ +tBTM_STATUS btm_initiate_rem_name (BD_ADDR remote_bda, tBTM_INQ_INFO *p_cur, + UINT8 origin, UINT32 timeout, tBTM_CMPL_CB *p_cb) +{ + tBTM_INQUIRY_VAR_ST *p_inq = &btm_cb.btm_inq_vars; + BOOLEAN cmd_ok; + + + /*** Make sure the device is ready ***/ + if (!BTM_IsDeviceUp()) + return (BTM_WRONG_MODE); + + + if (origin == BTM_RMT_NAME_SEC) + { + cmd_ok = btsnd_hcic_rmt_name_req (remote_bda, HCI_PAGE_SCAN_REP_MODE_R1, + HCI_MANDATARY_PAGE_SCAN_MODE, 0); + if (cmd_ok) + return BTM_CMD_STARTED; + else + return BTM_NO_RESOURCES; + } + /* Make sure there are no two remote name requests from external API in progress */ + else if (origin == BTM_RMT_NAME_EXT) + { + if (p_inq->remname_active) + { + return (BTM_BUSY); + } + else + { + /* If there is no remote name request running,call the callback function and start timer */ + p_inq->p_remname_cmpl_cb = p_cb; + memcpy(p_inq->remname_bda, remote_bda, BD_ADDR_LEN); + btu_start_timer (&p_inq->rmt_name_timer_ent, + BTU_TTYPE_BTM_RMT_NAME, + timeout); + + /* If the database entry exists for the device, use its clock offset */ + if (p_cur) + { + cmd_ok = btsnd_hcic_rmt_name_req (remote_bda, + p_cur->results.page_scan_rep_mode, + p_cur->results.page_scan_mode, + (UINT16)(p_cur->results.clock_offset | + BTM_CLOCK_OFFSET_VALID)); + } + else /* Otherwise use defaults and mark the clock offset as invalid */ + { + cmd_ok = btsnd_hcic_rmt_name_req (remote_bda, HCI_PAGE_SCAN_REP_MODE_R1, + HCI_MANDATARY_PAGE_SCAN_MODE, 0); + } + if (cmd_ok) + { + p_inq->remname_active = TRUE; + return BTM_CMD_STARTED; + } + else + return BTM_NO_RESOURCES; + } + } + /* If the inquire feature is on */ +#if (BTM_INQ_GET_REMOTE_NAME==TRUE) + + else if (origin == BTM_RMT_NAME_INQ) + { + /* If the database entry exists for the device, use its clock offset */ + if (p_cur) + { + cmd_ok = btsnd_hcic_rmt_name_req (remote_bda, + p_cur->results.page_scan_rep_mode, + p_cur->results.page_scan_mode, + (UINT16)(p_cur->results.clock_offset | + BTM_CLOCK_OFFSET_VALID)); + } + else + { + cmd_ok = FALSE + } + + if (cmd_ok) + return BTM_CMD_STARTED; + else + return BTM_NO_RESOURCES; + } +#endif + else + { + + return BTM_ILLEGAL_VALUE; + + + } + + +} + +/******************************************************************************* +** +** Function btm_process_remote_name +** +** Description This function is called when a remote name is received from +** the device. If remote names are cached, it updates the inquiry +** database. +** +** Returns void +** +*******************************************************************************/ +void btm_process_remote_name (BD_ADDR bda, BD_NAME bdn, UINT16 evt_len, UINT8 hci_status) +{ + tBTM_REMOTE_DEV_NAME rem_name = {0}; + tBTM_INQUIRY_VAR_ST *p_inq = &btm_cb.btm_inq_vars; + tBTM_CMPL_CB *p_cb = p_inq->p_remname_cmpl_cb; + UINT8 *p_n1; + + UINT16 temp_evt_len; + +#if (BTM_INQ_GET_REMOTE_NAME==TRUE) + /*** These are only used if part of the Inquiry Process ***/ + tBTM_CMPL_CB *p_inq_cb; + tINQ_DB_ENT *p_i = NULL; + UINT8 *p_n; + tBTM_INQ_INFO *p_cur; +#endif +#if BLE_INCLUDED == TRUE + tBT_DEVICE_TYPE dev_type; + tBLE_ADDR_TYPE addr_type; +#endif + + + if (bda != NULL) + { + BTM_TRACE_EVENT6("BDA %02x:%02x:%02x:%02x:%02x:%02x",bda[0], bda[1], + bda[2], bda[3], + bda[4], bda[5]); + } + + BTM_TRACE_EVENT6("Inquire BDA %02x:%02x:%02x:%02x:%02x:%02x",p_inq->remname_bda[0], p_inq->remname_bda[1], + p_inq->remname_bda[2], p_inq->remname_bda[3], + p_inq->remname_bda[4], p_inq->remname_bda[5]); + + + + /* If the inquire BDA and remote DBA are the same, then stop the timer and set the active to false */ + if ((p_inq->remname_active ==TRUE)&& + (((bda != NULL) && + (memcmp(bda, p_inq->remname_bda,BD_ADDR_LEN)==0)) || bda == NULL)) + + { +#if BLE_INCLUDED == TRUE + BTM_ReadDevInfo(p_inq->remname_bda, &dev_type, &addr_type); + if (dev_type == BT_DEVICE_TYPE_BLE) + { + if (hci_status == HCI_ERR_UNSPECIFIED) + btm_ble_cancel_remote_name(p_inq->remname_bda); + } +#endif + btu_stop_timer (&p_inq->rmt_name_timer_ent); + p_inq->remname_active = FALSE; + /* Clean up and return the status if the command was not successful */ + /* Note: If part of the inquiry, the name is not stored, and the */ + /* inquiry complete callback is called. */ + + if ((hci_status == HCI_SUCCESS)) + { + /* Copy the name from the data stream into the return structure */ + /* Note that even if it is not being returned, it is used as a */ + /* temporary buffer. */ + p_n1 = (UINT8 *)rem_name.remote_bd_name; + rem_name.length = (evt_len < BD_NAME_LEN) ? evt_len : BD_NAME_LEN; + rem_name.status = BTM_SUCCESS; + temp_evt_len = rem_name.length; + + while (temp_evt_len > 0) + { + *p_n1++ = *bdn++; + temp_evt_len--; + } + } + + + /* If processing a stand alone remote name then report the error in the callback */ + else + { + rem_name.status = BTM_BAD_VALUE_RET; + rem_name.length = 0; + rem_name.remote_bd_name[0] = 0; + } + /* Reset the remote BAD to zero and call callback if possible */ + memset(p_inq->remname_bda, 0, BD_ADDR_LEN); + + p_inq->p_remname_cmpl_cb = NULL; + if (p_cb) + (p_cb)((tBTM_REMOTE_DEV_NAME *)&rem_name); + } + + +#if (BTM_INQ_GET_REMOTE_NAME==TRUE) + /* If existing entry, update the name */ + if ((bda != NULL) && ((p_i = btm_inq_db_find (bda)) != NULL) + && (hci_status == HCI_SUCCESS)) + { + p_i->inq_info.remote_name_state = BTM_INQ_RMT_NAME_DONE; + p_n = p_i->inq_info.remote_name; + memset(p_n, 0, BTM_MAX_REM_BD_NAME_LEN + 1); + p_i->inq_info.remote_name_len = (rem_name.length < BTM_MAX_REM_BD_NAME_LEN) ? + rem_name.length : BTM_MAX_REM_BD_NAME_LEN; + evt_len = p_i->inq_info.remote_name_len; + p_n1 = (UINT8 *)rem_name.remote_bd_name; + while (evt_len > 0) + { + *p_n++ = *p_n1++; + evt_len--; + } + + if (btm_cb.btm_inq_vars.p_inq_change_cb) + (*btm_cb.btm_inq_vars.p_inq_change_cb) (&p_i->inq_info, TRUE); + } + else + { + if (p_i) + p_i->inq_info.remote_name_state = BTM_INQ_RMT_NAME_FAILED; + else + { + /* Find the entry which is currently doing name request */ + for (p_cur = BTM_InqDbFirst(); p_cur; p_cur = BTM_InqDbNext (p_cur)) + { + if (p_cur->remote_name_state == BTM_INQ_RMT_NAME_PENDING) + { + /* Should be only one */ + p_cur->remote_name_state = BTM_INQ_RMT_NAME_FAILED; + break; + } + } + } + } + + /* If an inquiry is in progress then update other entries */ + if (p_inq->inq_active) + { + /* Check if there are any more entries inquired but not named */ + for (p_cur = BTM_InqDbFirst(); p_cur; p_cur = BTM_InqDbNext (p_cur)) + { + if (p_cur->remote_name_state == BTM_INQ_RMT_NAME_EMPTY) + { + p_cur->remote_name_state = BTM_INQ_RMT_NAME_PENDING; +#if (BLE_INCLUDED == TRUE) + BTM_ReadDevInfo(remote_bda, &dev_type, &addr_type); + if (dev_type == BT_DEVICE_TYPE_BLE) + { + if (btm_ble_read_remote_name(remote_bda, p_cur, p_cb) != BTM_CMD_STARTED) + p_cur->remote_name_state = BTM_INQ_RMT_NAME_FAILED; + else + return; + } + else +#endif + { + if (btm_initiate_rem_name (p_cur->results.remote_bd_addr, + p_cur, BTM_RMT_NAME_INQ, + BTM_INQ_RMT_NAME_TIMEOUT, NULL) != BTM_CMD_STARTED) + p_cur->remote_name_state = BTM_INQ_RMT_NAME_FAILED; + else + return; + } + } + } + + /* The inquiry has finished so call the callback for the inquiry */ + p_inq_cb = p_inq->p_inq_cmpl_cb; + p_inq->state = BTM_INQ_INACTIVE_STATE; + p_inq->inq_active = BTM_INQUIRY_INACTIVE; + p_inq->p_inq_cmpl_cb = NULL; + + /* If we have a callback registered for inquiry complete, call it */ + if (p_inq_cb) + (p_inq_cb)((tBTM_INQUIRY_CMPL *) &p_inq->inq_cmpl_info); + + /* In some cases we can not get name of the device once but will be */ + /* able to do it next time. Until we have better solution we will */ + /* try to get name every time */ + for (p_cur = BTM_InqDbFirst(); p_cur; p_cur = BTM_InqDbNext (p_cur)) + { + if (p_cur->remote_name_state == BTM_INQ_RMT_NAME_FAILED) + p_cur->remote_name_state = BTM_INQ_RMT_NAME_EMPTY; + } + } +#endif /* BTM_INQ_GET_REMOTE_NAME == TRUE */ +} + +/******************************************************************************* +** +** Function btm_inq_rmt_name_failed +** +** Description This function is if timeout expires while getting remote +** name. This is done for devices that incorrectly do not +** report operation failure +** +** Returns void +** +*******************************************************************************/ +void btm_inq_rmt_name_failed (void) +{ + BTM_TRACE_ERROR1 ("btm_inq_rmt_name_failed() remname_active=%d", btm_cb.btm_inq_vars.remname_active); + + if (btm_cb.btm_inq_vars.remname_active) + btm_process_remote_name (btm_cb.btm_inq_vars.remname_bda, NULL, 0, HCI_ERR_UNSPECIFIED); + else + btm_process_remote_name (NULL, NULL, 0, HCI_ERR_UNSPECIFIED); + + btm_sec_rmt_name_request_complete (NULL, NULL, HCI_ERR_UNSPECIFIED); +} +/******************************************************************************* +** +** Function btm_read_linq_tx_power_complete +** +** Description read inquiry tx power level complete callback function. +** +** Returns void +** +*******************************************************************************/ +void btm_read_linq_tx_power_complete(UINT8 *p) +{ + tBTM_CMPL_CB *p_cb = btm_cb.devcb.p_txpwer_cmpl_cb; + tBTM_INQ_TXPWR_RESULTS results; + + btu_stop_timer (&btm_cb.devcb.txpwer_timer); + /* If there was a callback registered for read inq tx power, call it */ + btm_cb.devcb.p_txpwer_cmpl_cb = NULL; + + if (p_cb) + { + STREAM_TO_UINT8 (results.hci_status, p); + + if (results.hci_status == HCI_SUCCESS) + { + results.status = BTM_SUCCESS; + + STREAM_TO_UINT8 (results.tx_power, p); + BTM_TRACE_EVENT2 ("BTM INQ TX POWER Complete: tx_power %d, hci status 0x%02x", + results.tx_power, results.hci_status); + } + else + results.status = BTM_ERR_PROCESSING; + + (*p_cb)(&results); + } + +} +/******************************************************************************* +** +** Function BTM_WriteEIR +** +** Description This function is called to write EIR data to controller. +** +** Parameters p_buff - allocated HCI command buffer including extended +** inquriry response +** +** Returns BTM_SUCCESS - if successful +** BTM_MODE_UNSUPPORTED - if local device cannot support it +** +*******************************************************************************/ +tBTM_STATUS BTM_WriteEIR( BT_HDR *p_buff ) +{ +#if (BTM_EIR_SERVER_INCLUDED == TRUE) + if (HCI_EXT_INQ_RSP_SUPPORTED(btm_cb.devcb.local_features)) + { + BTM_TRACE_API0("Write Extended Inquiry Response to controller"); + btsnd_hcic_write_ext_inquiry_response (p_buff, BTM_EIR_DEFAULT_FEC_REQUIRED); + return BTM_SUCCESS; + } + else + { + GKI_freebuf(p_buff); + return BTM_MODE_UNSUPPORTED; + } +#else + GKI_freebuf(p_buff); + return BTM_SUCCESS; +#endif +} + +/******************************************************************************* +** +** Function BTM_CheckEirData +** +** Description This function is called to get EIR data from significant part. +** +** Parameters p_eir - pointer of EIR significant part +** type - finding EIR data type +** p_length - return the length of EIR data not including type +** +** Returns pointer of EIR data +** +*******************************************************************************/ +UINT8 *BTM_CheckEirData( UINT8 *p_eir, UINT8 type, UINT8 *p_length ) +{ +#if (BTM_EIR_CLIENT_INCLUDED == TRUE) + UINT8 *p = p_eir; + UINT8 length; + UINT8 eir_type; + BTM_TRACE_API1("BTM_CheckEirData type=0x%02X", type); + + STREAM_TO_UINT8(length, p); + while( length && (p - p_eir <= HCI_EXT_INQ_RESPONSE_LEN)) + { + STREAM_TO_UINT8(eir_type, p); + if( eir_type == type ) + { + /* length doesn't include itself */ + *p_length = length - 1; /* minus the length of type */ + return p; + } + p += length - 1; /* skip the length of data */ + STREAM_TO_UINT8(length, p); + } + + *p_length = 0; + return NULL; +#else + return NULL; +#endif +} + +/******************************************************************************* +** +** Function btm_convert_uuid_to_eir_service +** +** Description This function is called to get the bit position of UUID. +** +** Parameters uuid16 - UUID 16-bit +** +** Returns BTM EIR service ID if found +** BTM_EIR_MAX_SERVICES - if not found +** +*******************************************************************************/ +#if (( BTM_EIR_CLIENT_INCLUDED == TRUE )||( BTM_EIR_SERVER_INCLUDED == TRUE )) +static UINT8 btm_convert_uuid_to_eir_service( UINT16 uuid16 ) +{ + UINT8 xx; + + for( xx = 0; xx < BTM_EIR_MAX_SERVICES; xx++ ) + { + if( uuid16 == BTM_EIR_UUID_LKUP_TBL[xx]) + { + return xx; + } + } + return BTM_EIR_MAX_SERVICES; +} +#endif + +/******************************************************************************* +** +** Function BTM_HasEirService +** +** Description This function is called to know if UUID in bit map of UUID. +** +** Parameters p_eir_uuid - bit map of UUID list +** uuid16 - UUID 16-bit +** +** Returns TRUE - if found +** FALSE - if not found +** +*******************************************************************************/ +BOOLEAN BTM_HasEirService( UINT32 *p_eir_uuid, UINT16 uuid16 ) +{ +#if ((BTM_EIR_SERVER_INCLUDED == TRUE)||(BTM_EIR_CLIENT_INCLUDED == TRUE)) + UINT8 service_id; + + service_id = btm_convert_uuid_to_eir_service(uuid16); + if( service_id < BTM_EIR_MAX_SERVICES ) + return( BTM_EIR_HAS_SERVICE( p_eir_uuid, service_id )); + else + return( FALSE ); +#else + return( FALSE ); +#endif +} + +/******************************************************************************* +** +** Function BTM_HasInquiryEirService +** +** Description This function is called to know if UUID in bit map of UUID list. +** +** Parameters p_results - inquiry results +** uuid16 - UUID 16-bit +** +** Returns BTM_EIR_FOUND - if found +** BTM_EIR_NOT_FOUND - if not found and it is complete list +** BTM_EIR_UNKNOWN - if not found and it is not complete list +** +*******************************************************************************/ +tBTM_EIR_SEARCH_RESULT BTM_HasInquiryEirService( tBTM_INQ_RESULTS *p_results, UINT16 uuid16 ) +{ +#if ((BTM_EIR_SERVER_INCLUDED == TRUE)||(BTM_EIR_CLIENT_INCLUDED == TRUE)) + if( BTM_HasEirService( p_results->eir_uuid, uuid16 )) + { + return BTM_EIR_FOUND; + } + else if( p_results->eir_complete_list ) + { + return BTM_EIR_NOT_FOUND; + } + else + return BTM_EIR_UNKNOWN; +#else + return BTM_EIR_UNKNOWN; +#endif +} + +/******************************************************************************* +** +** Function BTM_AddEirService +** +** Description This function is called to add a service in bit map of UUID list. +** +** Parameters p_eir_uuid - bit mask of UUID list for EIR +** uuid16 - UUID 16-bit +** +** Returns None +** +*******************************************************************************/ +void BTM_AddEirService( UINT32 *p_eir_uuid, UINT16 uuid16 ) +{ +#if ((BTM_EIR_SERVER_INCLUDED == TRUE)||(BTM_EIR_CLIENT_INCLUDED == TRUE)) + UINT8 service_id; + + service_id = btm_convert_uuid_to_eir_service(uuid16); + if( service_id < BTM_EIR_MAX_SERVICES ) + BTM_EIR_SET_SERVICE( p_eir_uuid, service_id ); +#endif +} + +/******************************************************************************* +** +** Function BTM_RemoveEirService +** +** Description This function is called to remove a service in bit map of UUID list. +** +** Parameters p_eir_uuid - bit mask of UUID list for EIR +** uuid16 - UUID 16-bit +** +** Returns None +** +*******************************************************************************/ +void BTM_RemoveEirService( UINT32 *p_eir_uuid, UINT16 uuid16 ) +{ +#if (BTM_EIR_SERVER_INCLUDED == TRUE) + UINT8 service_id; + + service_id = btm_convert_uuid_to_eir_service(uuid16); + if( service_id < BTM_EIR_MAX_SERVICES ) + BTM_EIR_CLR_SERVICE( p_eir_uuid, service_id ); +#endif +} + +/******************************************************************************* +** +** Function BTM_GetEirSupportedServices +** +** Description This function is called to get UUID list from bit map of UUID list. +** +** Parameters p_eir_uuid - bit mask of UUID list for EIR +** p - reference of current pointer of EIR +** max_num_uuid16 - max number of UUID can be written in EIR +** num_uuid16 - number of UUID have been written in EIR +** +** Returns BTM_EIR_MORE_16BITS_UUID_TYPE, if it has more than max +** BTM_EIR_COMPLETE_16BITS_UUID_TYPE, otherwise +** +*******************************************************************************/ +UINT8 BTM_GetEirSupportedServices( UINT32 *p_eir_uuid, UINT8 **p, + UINT8 max_num_uuid16, UINT8 *p_num_uuid16) +{ +#if (BTM_EIR_SERVER_INCLUDED == TRUE) + UINT8 service_index; + + *p_num_uuid16 = 0; + + for(service_index = 0; service_index < BTM_EIR_MAX_SERVICES; service_index++) + { + if( BTM_EIR_HAS_SERVICE( p_eir_uuid, service_index )) + { + if( *p_num_uuid16 < max_num_uuid16 ) + { + UINT16_TO_STREAM(*p, BTM_EIR_UUID_LKUP_TBL[service_index]); + (*p_num_uuid16)++; + } + /* if max number of UUIDs are stored and found one more */ + else + { + return BTM_EIR_MORE_16BITS_UUID_TYPE; + } + } + } + return BTM_EIR_COMPLETE_16BITS_UUID_TYPE; +#else + return BTM_EIR_COMPLETE_16BITS_UUID_TYPE; +#endif +} + +/******************************************************************************* +** +** Function BTM_GetEirUuidList +** +** Description This function parses EIR and returns UUID list. +** +** Parameters p_eir - EIR +** uuid_size - LEN_UUID_16, LEN_UUID_32, LEN_UUID_128 +** p_num_uuid - return number of UUID in found list +** p_uuid_list - return UUID list +** max_num_uuid - maximum number of UUID to be returned +** +** Returns 0 - if not found +** BTM_EIR_COMPLETE_16BITS_UUID_TYPE +** BTM_EIR_MORE_16BITS_UUID_TYPE +** BTM_EIR_COMPLETE_32BITS_UUID_TYPE +** BTM_EIR_MORE_32BITS_UUID_TYPE +** BTM_EIR_COMPLETE_128BITS_UUID_TYPE +** BTM_EIR_MORE_128BITS_UUID_TYPE +** +*******************************************************************************/ +UINT8 BTM_GetEirUuidList( UINT8 *p_eir, UINT8 uuid_size, UINT8 *p_num_uuid, + UINT8 *p_uuid_list, UINT8 max_num_uuid) +{ +#if (BTM_EIR_CLIENT_INCLUDED == TRUE) + UINT8 *p_uuid_data; + UINT8 type; + UINT8 yy, xx; + UINT16 *p_uuid16 = (UINT16 *)p_uuid_list; + UINT32 *p_uuid32 = (UINT32 *)p_uuid_list; + char buff[LEN_UUID_128 * 2 + 1]; + + p_uuid_data = btm_eir_get_uuid_list( p_eir, uuid_size, p_num_uuid, &type ); + if( p_uuid_data == NULL ) + { + return 0x00; + } + + if( *p_num_uuid > max_num_uuid ) + { + BTM_TRACE_WARNING2("BTM_GetEirUuidList number of uuid in EIR = %d, size of uuid list = %d", + *p_num_uuid, max_num_uuid ); + *p_num_uuid = max_num_uuid; + } + + BTM_TRACE_DEBUG2("BTM_GetEirUuidList type = %02X, number of uuid = %d", type, *p_num_uuid ); + + if( uuid_size == LEN_UUID_16 ) + { + for( yy = 0; yy < *p_num_uuid; yy++ ) + { + STREAM_TO_UINT16(*(p_uuid16 + yy), p_uuid_data); + BTM_TRACE_DEBUG1(" 0x%04X", *(p_uuid16 + yy)); + } + } + else if( uuid_size == LEN_UUID_32 ) + { + for( yy = 0; yy < *p_num_uuid; yy++ ) + { + STREAM_TO_UINT32(*(p_uuid32 + yy), p_uuid_data); + BTM_TRACE_DEBUG1(" 0x%08X", *(p_uuid32 + yy)); + } + } + else if( uuid_size == LEN_UUID_128 ) + { + for( yy = 0; yy < *p_num_uuid; yy++ ) + { + STREAM_TO_ARRAY16(p_uuid_list + yy * LEN_UUID_128, p_uuid_data); + for( xx = 0; xx < LEN_UUID_128; xx++ ) + sprintf(buff + xx*2, "%02X", *(p_uuid_list + yy * LEN_UUID_128 + xx)); + BTM_TRACE_DEBUG1(" 0x%s", buff); + } + } + + return type; +#else + *p_num_uuid = 0; + return 0x00; +#endif +} + + +#if (BTM_EIR_CLIENT_INCLUDED == TRUE) +/******************************************************************************* +** +** Function btm_eir_get_uuid_list +** +** Description This function searches UUID list in EIR. +** +** Parameters p_eir - address of EIR +** uuid_size - size of UUID to find +** p_num_uuid - number of UUIDs found +** p_uuid_list_type - EIR data type +** +** Returns NULL - if UUID list with uuid_size is not found +** beginning of UUID list in EIR - otherwise +** +*******************************************************************************/ +static UINT8 *btm_eir_get_uuid_list( UINT8 *p_eir, UINT8 uuid_size, + UINT8 *p_num_uuid, UINT8 *p_uuid_list_type ) +{ + UINT8 *p_uuid_data; + UINT8 complete_type, more_type; + UINT8 uuid_len; + + switch( uuid_size ) + { + case LEN_UUID_16: + complete_type = BTM_EIR_COMPLETE_16BITS_UUID_TYPE; + more_type = BTM_EIR_MORE_16BITS_UUID_TYPE; + break; + case LEN_UUID_32: + complete_type = BTM_EIR_COMPLETE_32BITS_UUID_TYPE; + more_type = BTM_EIR_MORE_32BITS_UUID_TYPE; + break; + case LEN_UUID_128: + complete_type = BTM_EIR_COMPLETE_128BITS_UUID_TYPE; + more_type = BTM_EIR_MORE_128BITS_UUID_TYPE; + break; + default: + *p_num_uuid = 0; + return NULL; + break; + } + + p_uuid_data = BTM_CheckEirData( p_eir, complete_type, &uuid_len ); + if(p_uuid_data == NULL) + { + p_uuid_data = BTM_CheckEirData( p_eir, more_type, &uuid_len ); + *p_uuid_list_type = more_type; + } + else + { + *p_uuid_list_type = complete_type; + } + + *p_num_uuid = uuid_len / uuid_size; + return p_uuid_data; +} + +/******************************************************************************* +** +** Function btm_convert_uuid_to_uuid16 +** +** Description This function converts UUID to UUID 16-bit. +** +** Parameters p_uuid - address of UUID +** uuid_size - size of UUID +** +** Returns 0 - if UUID cannot be converted to UUID 16-bit +** UUID 16-bit - otherwise +** +*******************************************************************************/ +static UINT16 btm_convert_uuid_to_uuid16( UINT8 *p_uuid, UINT8 uuid_size ) +{ + static const UINT8 base_uuid[LEN_UUID_128] = {0xFB, 0x34, 0x9B, 0x5F, 0x80, 0x00, 0x00, 0x80, + 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; + UINT16 uuid16 = 0; + UINT32 uuid32; + BOOLEAN is_base_uuid; + UINT8 xx; + + switch (uuid_size) + { + case LEN_UUID_16: + STREAM_TO_UINT16 (uuid16, p_uuid); + break; + case LEN_UUID_32: + STREAM_TO_UINT32 (uuid32, p_uuid); + if (uuid32 < 0x10000) + uuid16 = (UINT16) uuid32; + break; + case LEN_UUID_128: + /* See if we can compress his UUID down to 16 or 32bit UUIDs */ + is_base_uuid = TRUE; + for (xx = 0; xx < LEN_UUID_128 - 4; xx++) + { + if (p_uuid[xx] != base_uuid[xx]) + { + is_base_uuid = FALSE; + break; + } + } + if (is_base_uuid) + { + if ((p_uuid[LEN_UUID_128 - 1] == 0) && (p_uuid[LEN_UUID_128 - 2] == 0)) + { + p_uuid += (LEN_UUID_128 - 4); + STREAM_TO_UINT16(uuid16, p_uuid); + } + } + break; + default: + BTM_TRACE_WARNING0("btm_convert_uuid_to_uuid16 invalid uuid size"); + break; + } + + return( uuid16); +} + +/******************************************************************************* +** +** Function btm_set_eir_uuid +** +** Description This function is called to store received UUID into inquiry result. +** +** Parameters p_eir - pointer of EIR significant part +** p_results - pointer of inquiry result +** +** Returns None +** +*******************************************************************************/ +void btm_set_eir_uuid( UINT8 *p_eir, tBTM_INQ_RESULTS *p_results ) +{ + UINT8 *p_uuid_data; + UINT8 num_uuid; + UINT16 uuid16; + UINT8 yy; + UINT8 type = BTM_EIR_MORE_16BITS_UUID_TYPE; + + p_uuid_data = btm_eir_get_uuid_list( p_eir, LEN_UUID_16, &num_uuid, &type ); + + if(type == BTM_EIR_COMPLETE_16BITS_UUID_TYPE) + { + p_results->eir_complete_list = TRUE; + } + else + { + p_results->eir_complete_list = FALSE; + } + + BTM_TRACE_API1("btm_set_eir_uuid eir_complete_list=0x%02X", p_results->eir_complete_list); + + if( p_uuid_data ) + { + for( yy = 0; yy < num_uuid; yy++ ) + { + STREAM_TO_UINT16(uuid16, p_uuid_data); + BTM_AddEirService( p_results->eir_uuid, uuid16 ); + } + } + + p_uuid_data = btm_eir_get_uuid_list( p_eir, LEN_UUID_32, &num_uuid, &type ); + if( p_uuid_data ) + { + for( yy = 0; yy < num_uuid; yy++ ) + { + uuid16 = btm_convert_uuid_to_uuid16( p_uuid_data, LEN_UUID_32 ); + p_uuid_data += LEN_UUID_32; + if( uuid16 ) + BTM_AddEirService( p_results->eir_uuid, uuid16 ); + } + } + + p_uuid_data = btm_eir_get_uuid_list( p_eir, LEN_UUID_128, &num_uuid, &type ); + if( p_uuid_data ) + { + for( yy = 0; yy < num_uuid; yy++ ) + { + uuid16 = btm_convert_uuid_to_uuid16( p_uuid_data, LEN_UUID_128 ); + p_uuid_data += LEN_UUID_128; + if( uuid16 ) + BTM_AddEirService( p_results->eir_uuid, uuid16 ); + } + } + + BTM_TRACE_DEBUG2("btm_set_eir_uuid eir_uuid=0x%08X %08X", + p_results->eir_uuid[1], p_results->eir_uuid[0] ); +} +#endif + diff --git a/stack/btm/btm_int.h b/stack/btm/btm_int.h new file mode 100644 index 0000000..644359c --- /dev/null +++ b/stack/btm/btm_int.h @@ -0,0 +1,1099 @@ +/***************************************************************************** +** +** Name: btm_int.h +** +** Description: this file contains the main Bluetooth Manager (BTM) +** internal definitions. +** +** Copyright (c) 1999-2011, Broadcom Corp., All Rights Reserved +** Broadcom Bluetooth Core. Proprietary and confidential. +******************************************************************************/ +#ifndef BTM_INT_H +#define BTM_INT_H + +#include "bt_target.h" +#include "gki.h" +#include "hcidefs.h" + +#if RFCOMM_INCLUDED == TRUE +#include "rfcdefs.h" +#endif + +#include "btm_api.h" + +#if (BLE_INCLUDED == TRUE) +#include "btm_ble_int.h" +#if (SMP_INCLUDED == TRUE) +#include "smp_api.h" +#endif +#endif + +#if BTM_MAX_LOC_BD_NAME_LEN > 0 +typedef char tBTM_LOC_BD_NAME[BTM_MAX_LOC_BD_NAME_LEN + 1]; +#endif + +#define BTM_ACL_IS_CONNECTED(bda) (btm_bda_to_acl (bda) != NULL) + +/* Definitions for Server Channel Number (SCN) management +*/ +#define BTM_MAX_SCN PORT_MAX_RFC_PORTS + +/* Define masks for supported and exception 2.0 ACL packet types +*/ +#define BTM_ACL_SUPPORTED_PKTS_MASK (HCI_PKT_TYPES_MASK_DM1 | \ + HCI_PKT_TYPES_MASK_DH1 | \ + HCI_PKT_TYPES_MASK_DM3 | \ + HCI_PKT_TYPES_MASK_DH3 | \ + HCI_PKT_TYPES_MASK_DM5 | \ + HCI_PKT_TYPES_MASK_DH5) + +#define BTM_ACL_EXCEPTION_PKTS_MASK (HCI_PKT_TYPES_MASK_NO_2_DH1 | \ + HCI_PKT_TYPES_MASK_NO_3_DH1 | \ + HCI_PKT_TYPES_MASK_NO_2_DH3 | \ + HCI_PKT_TYPES_MASK_NO_3_DH3 | \ + HCI_PKT_TYPES_MASK_NO_2_DH5 | \ + HCI_PKT_TYPES_MASK_NO_3_DH5) + +#define BTM_EPR_AVAILABLE(p) ((HCI_ATOMIC_ENCRYPT_SUPPORTED((p)->features) && \ + HCI_ATOMIC_ENCRYPT_SUPPORTED(btm_cb.devcb.local_features)) \ + ? TRUE : FALSE) + +#define BTM_IS_BRCM_CONTROLLER() (btm_cb.devcb.local_version.manufacturer == LMP_COMPID_BROADCOM) + + +/* Define the ACL Management control structure +*/ +typedef struct +{ + UINT16 hci_handle; + UINT16 pkt_types_mask; + UINT16 restore_pkt_types; /* when coming in/out of SCO connection restore the packet types */ + UINT16 clock_offset; + BD_ADDR remote_addr; + DEV_CLASS remote_dc; + BD_NAME remote_name; + + UINT16 manufacturer; + UINT16 lmp_subversion; + UINT16 link_super_tout; + BD_FEATURES features; /* Features suported by the device */ + UINT8 lmp_version; + + BOOLEAN in_use; + UINT8 link_role; + BOOLEAN link_up_issued; /* True if busy_level link up has been issued */ + +#define BTM_ACL_SWKEY_STATE_IDLE 0 +#define BTM_ACL_SWKEY_STATE_MODE_CHANGE 1 +#define BTM_ACL_SWKEY_STATE_ENCRYPTION_OFF 2 +#define BTM_ACL_SWKEY_STATE_SWITCHING 3 +#define BTM_ACL_SWKEY_STATE_ENCRYPTION_ON 4 +#define BTM_ACL_SWKEY_STATE_IN_PROGRESS 5 + UINT8 switch_role_state; + UINT8 change_key_state; + +#define BTM_ACL_ENCRYPT_STATE_IDLE 0 +#define BTM_ACL_ENCRYPT_STATE_ENCRYPT_OFF 1 /* encryption turning off */ +#define BTM_ACL_ENCRYPT_STATE_TEMP_FUNC 2 /* temporarily off for change link key or role switch */ +#define BTM_ACL_ENCRYPT_STATE_ENCRYPT_ON 3 /* encryption turning on */ + UINT8 encrypt_state; /* overall BTM encryption state */ + +#if BTM_PWR_MGR_INCLUDED == FALSE + UINT8 mode; +#endif /* BTM_PWR_MGR_INCLUDED */ +#if BLE_INCLUDED == TRUE + UINT8 is_le_link; +#endif + +} tACL_CONN; + +/***************************************************** +** TIMER Definitions +******************************************************/ +#define TT_DEV_RESET 1 +#define TT_DEV_RLN 2 +#define TT_DEV_RLNKP 4 /* Read Link Policy Settings */ + +/* Define the Device Management control structure +*/ +typedef struct +{ + tBTM_DEV_STATUS_CB *p_dev_status_cb; /* Device status change callback */ + tBTM_VS_EVT_CB *p_vend_spec_cb[BTM_MAX_VSE_CALLBACKS]; /* Register for vendor specific events */ + + tBTM_CMPL_CB *p_stored_link_key_cmpl_cb; /* Read/Write/Delete stored link key */ + + TIMER_LIST_ENT reset_timer; + tBTM_CMPL_CB *p_reset_cmpl_cb; /* Callback function to be called */ + /* when startup of the device is done */ + TIMER_LIST_ENT rln_timer; + tBTM_CMPL_CB *p_rln_cmpl_cb; /* Callback function to be called when */ + /* read local name function complete */ + TIMER_LIST_ENT rlinkp_timer; + tBTM_CMPL_CB *p_rlinkp_cmpl_cb; /* Callback function to be called when */ + /* read link policy function completes */ + TIMER_LIST_ENT rssi_timer; + tBTM_CMPL_CB *p_rssi_cmpl_cb; /* Callback function to be called when */ + /* read rssi function completes */ + TIMER_LIST_ENT lnk_quality_timer; + tBTM_CMPL_CB *p_lnk_qual_cmpl_cb;/* Callback function to be called when */ + /* read link quality function completes */ + TIMER_LIST_ENT txpwer_timer; + tBTM_CMPL_CB *p_txpwer_cmpl_cb; /* Callback function to be called when */ + /* read inq tx power function completes */ + + TIMER_LIST_ENT qossu_timer; + tBTM_CMPL_CB *p_qossu_cmpl_cb; /* Callback function to be called when */ + /* qos setup function completes */ + + tBTM_ROLE_SWITCH_CMPL switch_role_ref_data; + tBTM_CMPL_CB *p_switch_role_cb; /* Callback function to be called when */ + /* requested switch role is completed */ + + tBTM_CHANGE_KEY_CMPL chg_link_key_ref_data; + tBTM_CMPL_CB *p_chg_link_key_cb; /* Callback function to be called when */ + /* change of link key is completed */ + + TIMER_LIST_ENT tx_power_timer; + tBTM_CMPL_CB *p_tx_power_cmpl_cb; /* Callback function to be called */ + + BD_ADDR local_addr; /* BD_ADDR of the local device */ + tBTM_VERSION_INFO local_version; /* Local Version Information */ + BD_FEATURES local_features; /* Local features bit mask */ + DEV_CLASS dev_class; /* Local device class */ +#if BLE_INCLUDED == TRUE + BD_ADDR read_tx_pwr_addr; /* read TX power target address */ + + tBTM_BLE_LOCAL_ID_KEYS id_keys; /* local BLE ID keys */ + BT_OCTET16 er; /* BLE encryption key */ + +#if BTM_BLE_CONFORMANCE_TESTING == TRUE + BOOLEAN no_disc_if_pair_fail; + BOOLEAN enable_test_mac_val; + BT_OCTET8 test_mac; + BOOLEAN enable_test_local_sign_cntr; + UINT32 test_local_sign_cntr; +#endif + + +#endif /* BLE_INCLUDED */ + +#define BTM_DEV_STATE_WAIT_RESET_CMPLT 0 +#define BTM_DEV_STATE_WAIT_AFTER_RESET 1 +#define BTM_DEV_STATE_READY 2 + + UINT8 state; + tBTM_IO_CAP loc_io_caps; /* IO capability of the local device */ + BOOLEAN loc_auth_req; /* the auth_req flag */ + BD_FEATURES brcm_features; /* Broadcom specific features bit mask */ +} tBTM_DEVCB; + + +/* Define the structures and constants used for inquiry +*/ + +/* Definitions of limits for inquiries */ +#define BTM_PER_INQ_MIN_MAX_PERIOD HCI_PER_INQ_MIN_MAX_PERIOD +#define BTM_PER_INQ_MAX_MAX_PERIOD HCI_PER_INQ_MAX_MAX_PERIOD +#define BTM_PER_INQ_MIN_MIN_PERIOD HCI_PER_INQ_MIN_MIN_PERIOD +#define BTM_PER_INQ_MAX_MIN_PERIOD HCI_PER_INQ_MAX_MIN_PERIOD +#define BTM_MAX_INQUIRY_LENGTH HCI_MAX_INQUIRY_LENGTH +#define BTM_MIN_INQUIRY_LEN 0x01 + +#define BTM_MIN_INQ_TX_POWER -70 +#define BTM_MAX_INQ_TX_POWER 20 + +#if BTM_USE_INQ_RESULTS_FILTER == TRUE +typedef struct +{ + UINT32 inq_count; /* Used for determining if a response has already been */ + /* received for the current inquiry operation. (We do not */ + /* want to flood the caller with multiple responses from */ + /* the same device. */ + BD_ADDR bd_addr; +} tINQ_BDADDR; +#endif + +typedef struct +{ + UINT32 time_of_resp; + UINT32 inq_count; /* "timestamps" the entry with a particular inquiry count */ + /* Used for determining if a response has already been */ + /* received for the current inquiry operation. (We do not */ + /* want to flood the caller with multiple responses from */ + /* the same device. */ + tBTM_INQ_INFO inq_info; + BOOLEAN in_use; + +#if (BLE_INCLUDED == TRUE) + BOOLEAN scan_rsp; +#endif +} tINQ_DB_ENT; + + +typedef struct +{ + tBTM_CMPL_CB *p_remname_cmpl_cb; + +#define BTM_EXT_RMT_NAME_TIMEOUT 40 + + + TIMER_LIST_ENT rmt_name_timer_ent; + + UINT16 discoverable_mode; + UINT16 connectable_mode; + UINT16 page_scan_window; + UINT16 page_scan_period; + UINT16 inq_scan_window; + UINT16 inq_scan_period; + UINT16 inq_scan_type; + UINT16 page_scan_type; /* current page scan type */ + + BD_ADDR remname_bda; /* Name of bd addr for active remote name request */ +#define BTM_RMT_NAME_INACTIVE 0 +#define BTM_RMT_NAME_EXT 0x1 /* Initiated through API */ +#define BTM_RMT_NAME_SEC 0x2 /* Initiated internally by security manager */ +#define BTM_RMT_NAME_INQ 0x4 /* Remote name initiated internally by inquiry */ + BOOLEAN remname_active; /* State of a remote name request by external API */ + + tBTM_CMPL_CB *p_inq_cmpl_cb; + tBTM_INQ_RESULTS_CB *p_inq_results_cb; + tBTM_CMPL_CB *p_inqfilter_cmpl_cb; /* Called (if not NULL) after inquiry filter completed */ + tBTM_INQ_DB_CHANGE_CB *p_inq_change_cb; /* Inquiry database changed callback */ + UINT32 inq_counter; /* Counter incremented each time an inquiry completes */ + /* Used for determining whether or not duplicate devices */ + /* have responded to the same inquiry */ + TIMER_LIST_ENT inq_timer_ent; +#if BTM_USE_INQ_RESULTS_FILTER == TRUE + tINQ_BDADDR *p_bd_db; /* Pointer to memory that holds bdaddrs */ + UINT16 num_bd_entries; /* Number of entries in database */ + UINT16 max_bd_entries; /* Maximum number of entries that can be stored */ +#endif + tINQ_DB_ENT inq_db[BTM_INQ_DB_SIZE]; + tBTM_INQ_PARMS inqparms; /* Contains the parameters for the current inquiry */ + tBTM_INQUIRY_CMPL inq_cmpl_info; /* Status and number of responses from the last inquiry */ + + UINT16 per_min_delay; /* Current periodic minimum delay */ + UINT16 per_max_delay; /* Current periodic maximum delay */ + BOOLEAN inqfilt_active; + UINT8 pending_filt_complete_event; /* to take care of btm_event_filter_complete corresponding to */ + /* inquiry that has been cancelled*/ + UINT8 inqfilt_type; /* Contains the inquiry filter type (BD ADDR, COD, or Clear) */ + +#define BTM_INQ_INACTIVE_STATE 0 +#define BTM_INQ_CLR_FILT_STATE 1 /* Currently clearing the inquiry filter preceeding the inquiry request */ + /* (bypassed if filtering is not used) */ +#define BTM_INQ_SET_FILT_STATE 2 /* Sets the new filter (or turns off filtering) in this state */ +#define BTM_INQ_ACTIVE_STATE 3 /* Actual inquiry or periodic inquiry is in progress */ +#define BTM_INQ_REMNAME_STATE 4 /* Remote name requests are active */ + + UINT8 state; /* Current state that the inquiry process is in */ + UINT8 inq_active; /* Bit Mask indicating type of inquiry is active */ + BOOLEAN no_inc_ssp; /* TRUE, to stop inquiry on incoming SSP */ +} tBTM_INQUIRY_VAR_ST; + +/* The MSB of the clock offset field indicates that the offset is valid if TRUE */ +#define BTM_CLOCK_OFFSET_VALID 0x8000 + +/* Define the structures needed by security management +*/ + +#define BTM_SEC_INVALID_HANDLE 0xFFFF + +typedef UINT8 *BTM_BD_NAME_PTR; /* Pointer to Device name */ + +/* Security callback is called by this unit when security +** procedures are completed. Parameters are +** BD Address of remote +** Result of the operation +*/ +typedef tBTM_SEC_CBACK tBTM_SEC_CALLBACK; + +typedef void (tBTM_SCO_IND_CBACK) (UINT16 sco_inx) ; + +/* MACROs to convert from SCO packet types mask to ESCO and back */ +#define BTM_SCO_PKT_TYPE_MASK ( HCI_PKT_TYPES_MASK_HV1 \ + | HCI_PKT_TYPES_MASK_HV2 \ + | HCI_PKT_TYPES_MASK_HV3) + +/* Mask defining only the SCO types of an esco packet type */ +#define BTM_ESCO_PKT_TYPE_MASK ( HCI_ESCO_PKT_TYPES_MASK_HV1 \ + | HCI_ESCO_PKT_TYPES_MASK_HV2 \ + | HCI_ESCO_PKT_TYPES_MASK_HV3) + +#define BTM_SCO_2_ESCO(scotype) ((UINT16)(((scotype) & BTM_SCO_PKT_TYPE_MASK) >> 5)) +#define BTM_ESCO_2_SCO(escotype) ((UINT16)(((escotype) & BTM_ESCO_PKT_TYPE_MASK) << 5)) + +/* Define masks for supported and exception 2.0 SCO packet types +*/ +#define BTM_SCO_SUPPORTED_PKTS_MASK (HCI_ESCO_PKT_TYPES_MASK_HV1 | \ + HCI_ESCO_PKT_TYPES_MASK_HV2 | \ + HCI_ESCO_PKT_TYPES_MASK_HV3 | \ + HCI_ESCO_PKT_TYPES_MASK_EV3 | \ + HCI_ESCO_PKT_TYPES_MASK_EV4 | \ + HCI_ESCO_PKT_TYPES_MASK_EV5) + +#define BTM_SCO_EXCEPTION_PKTS_MASK (HCI_ESCO_PKT_TYPES_MASK_NO_2_EV3 | \ + HCI_ESCO_PKT_TYPES_MASK_NO_3_EV3 | \ + HCI_ESCO_PKT_TYPES_MASK_NO_2_EV5 | \ + HCI_ESCO_PKT_TYPES_MASK_NO_3_EV5) + + +#define BTM_SCO_ROUTE_UNKNOWN 0xff + +/* Define the structure that contains (e)SCO data */ +typedef struct +{ + tBTM_ESCO_CBACK *p_esco_cback; /* Callback for eSCO events */ + tBTM_ESCO_PARAMS setup; + tBTM_ESCO_DATA data; /* Connection complete information */ + UINT8 hci_status; +} tBTM_ESCO_INFO; + +/* Define the structure used for SCO Management +*/ +typedef struct +{ + tBTM_ESCO_INFO esco; /* Current settings */ +#if BTM_SCO_HCI_INCLUDED == TRUE + BUFFER_Q xmit_data_q; /* SCO data transmitting queue */ +#endif + tBTM_SCO_CB *p_conn_cb; /* Callback for when connected */ + tBTM_SCO_CB *p_disc_cb; /* Callback for when disconnect */ + UINT16 state; /* The state of the SCO link */ + UINT16 hci_handle; /* HCI Handle */ + BOOLEAN is_orig; /* TRUE if the originator */ + BOOLEAN rem_bd_known; /* TRUE if remote BD addr known */ + +} tSCO_CONN; + +/* SCO Management control block */ +typedef struct +{ + tBTM_SCO_IND_CBACK *app_sco_ind_cb; +#if BTM_SCO_HCI_INCLUDED == TRUE + tBTM_SCO_DATA_CB *p_data_cb; /* Callback for SCO data over HCI */ + UINT32 xmit_window_size; /* Total SCO window in bytes */ +#endif + tSCO_CONN sco_db[BTM_MAX_SCO_LINKS]; + tBTM_ESCO_PARAMS def_esco_parms; + BD_ADDR xfer_addr; + UINT16 sco_disc_reason; + BOOLEAN esco_supported; /* TRUE if 1.2 cntlr AND supports eSCO links */ + tBTM_SCO_TYPE desired_sco_mode; + tBTM_SCO_TYPE xfer_sco_type; + tBTM_SCO_PCM_PARAM sco_pcm_param; + tBTM_SCO_CODEC_TYPE codec_in_use; /* None, CVSD, MSBC, etc. */ +#if BTM_SCO_HCI_INCLUDED == TRUE + tBTM_SCO_ROUTE_TYPE sco_path; +#endif + +} tSCO_CB; + + +#if BTM_SCO_INCLUDED == TRUE +extern void btm_set_sco_ind_cback( tBTM_SCO_IND_CBACK *sco_ind_cb ); +extern void btm_accept_sco_link(UINT16 sco_inx, tBTM_ESCO_PARAMS *p_setup, + tBTM_SCO_CB *p_conn_cb, tBTM_SCO_CB *p_disc_cb); +extern void btm_reject_sco_link(UINT16 sco_inx ); +extern void btm_sco_chk_pend_rolechange (UINT16 hci_handle); +#else +#define btm_accept_sco_link(sco_inx, p_setup, p_conn_cb, p_disc_cb) +#define btm_reject_sco_link(sco_inx) +#define btm_set_sco_ind_cback(sco_ind_cb) +#define btm_sco_chk_pend_rolechange(hci_handle) +#endif /* BTM_SCO_INCLUDED */ + +/* +** Define structure for Security Service Record. +** A record exists for each service registered with the Security Manager +*/ +typedef struct +{ + UINT32 mx_proto_id; /* Service runs over this multiplexer protocol */ + UINT32 orig_mx_chan_id; /* Channel on the multiplexer protocol */ + UINT32 term_mx_chan_id; /* Channel on the multiplexer protocol */ + UINT16 psm; /* L2CAP PSM value */ + UINT16 security_flags; /* Bitmap of required security features */ + UINT8 service_id; /* Passed in authorization callback */ +#if (L2CAP_UCD_INCLUDED == TRUE) + UINT16 ucd_security_flags; /* Bitmap of required security features for UCD */ +#endif +#if BTM_SEC_SERVICE_NAME_LEN > 0 + UINT8 orig_service_name[BTM_SEC_SERVICE_NAME_LEN + 1]; + UINT8 term_service_name[BTM_SEC_SERVICE_NAME_LEN + 1]; +#endif +} tBTM_SEC_SERV_REC; + +#if BLE_INCLUDED == TRUE +/* LE Security information of device in Slave Role */ +typedef struct +{ + BT_OCTET16 irk; /* peer diverified identity root */ + BT_OCTET16 ltk; /* peer long term key */ + BT_OCTET16 csrk; /* peer SRK peer device used to secured sign local data */ + + BT_OCTET8 rand; /* random vector for LTK generation */ + UINT16 ediv; /* LTK diversifier of this slave device */ + UINT16 div; /* local DIV to generate local LTK=d1(ER,DIV,0) and CSRK=d1(ER,DIV,1) */ + UINT8 sec_level; /* local pairing security level */ + UINT8 key_size; /* key size of the LTK delivered to peer device */ + UINT8 srk_sec_level; /* security property of peer SRK for this device */ + UINT8 local_csrk_sec_level; /* security property of local CSRK for this device */ + + UINT32 counter; /* peer sign counter for verifying rcv signed cmd */ + UINT32 local_counter; /* local sign counter for sending signed write cmd*/ +}tBTM_SEC_BLE_KEYS; + +#endif /* BLE_INCLUDED */ + +typedef struct +{ + tBLE_ADDR_TYPE ble_addr_type; /* LE device type: public or random address */ + BD_ADDR reconn_addr; /* reconnect address */ + BD_ADDR cur_rand_addr; /* current random address */ + BD_ADDR static_addr; /* static address */ + +#if SMP_INCLUDED == TRUE + tBTM_LE_KEY_TYPE key_type; /* bit mask of valid key types in record */ + tBTM_SEC_BLE_KEYS keys; /* LE device security info in slave rode */ +#endif +} tBTM_SEC_BLE; + +/* +** Define structure for Security Device Record. +** A record exists for each device authenticated with this device +*/ +typedef struct +{ + tBTM_SEC_SERV_REC *p_cur_service; + tBTM_SEC_CALLBACK *p_callback; + void *p_ref_data; + UINT32 timestamp; /* Timestamp of the last connection */ + UINT32 trusted_mask[BTM_SEC_SERVICE_ARRAY_SIZE]; /* Bitwise OR of trusted services */ + UINT16 hci_handle; /* Handle to connection when exists */ + UINT16 clock_offset; /* Latest known clock offset */ + BD_ADDR bd_addr; /* BD_ADDR of the device */ + DEV_CLASS dev_class; /* DEV_CLASS of the device */ + LINK_KEY link_key; /* Device link key */ + +#define BTM_SEC_AUTHORIZED BTM_SEC_FLAG_AUTHORIZED +#define BTM_SEC_AUTHENTICATED BTM_SEC_FLAG_AUTHENTICATED +#define BTM_SEC_ENCRYPTED BTM_SEC_FLAG_ENCRYPTED +#define BTM_SEC_NAME_KNOWN 0x08 +#define BTM_SEC_LINK_KEY_KNOWN BTM_SEC_FLAG_LKEY_KNOWN +#define BTM_SEC_LINK_KEY_AUTHED 0x20 +#define BTM_SEC_ROLE_SWITCHED 0x40 +#define BTM_SEC_IN_USE 0x80 + + tBTM_BD_NAME sec_bd_name; /* User friendly name of the device. (may be truncated to save space in dev_rec table) */ + UINT8 sec_flags; /* Current device security state */ + BD_FEATURES features; /* Features suported by the device */ + +#define BTM_SEC_STATE_IDLE 0 +#define BTM_SEC_STATE_AUTHENTICATING 1 +#define BTM_SEC_STATE_ENCRYPTING 2 +#define BTM_SEC_STATE_GETTING_NAME 3 +#define BTM_SEC_STATE_AUTHORIZING 4 +#define BTM_SEC_STATE_SWITCHING_ROLE 5 +#define BTM_SEC_STATE_DISCONNECTING 6 +#define BTM_SEC_STATE_DELAY_FOR_ENC 7 /* delay to check for encryption to work around controller problems */ + + UINT8 sec_state; /* Operating state */ + BOOLEAN is_originator; /* TRUE if device is originating connection */ +#if (L2CAP_UCD_INCLUDED == TRUE) + BOOLEAN is_ucd; /* TRUE if device is sending or receiving UCD */ + /* if incoming security failed, received UCD will be discarded */ +#endif + BOOLEAN role_master; /* TRUE if current mode is master */ + UINT16 security_required; /* Security required for connection */ + BOOLEAN link_key_not_sent; /* link key notification has not been sent waiting for name */ + UINT8 link_key_type; /* Type of key used in pairing */ + BOOLEAN link_key_changed; /* Changed link key during current connection */ + +#define BTM_SM4_UNKNOWN 0x00 +#define BTM_SM4_KNOWN 0x10 +#define BTM_SM4_TRUE 0x11 +#define BTM_SM4_REQ_PEND 0x08 /* set this bit when getting remote features */ +#define BTM_SM4_UPGRADE 0x04 /* set this bit when upgrading link key */ +#define BTM_SM4_RETRY 0x02 /* set this bit to retry on HCI_ERR_KEY_MISSING or HCI_ERR_LMP_ERR_TRANS_COLLISION */ +#define BTM_SM4_DD_ACP 0x20 /* set this bit to indicate peer initiated dedicated bonding */ +#define BTM_SM4_CONN_PEND 0x40 /* set this bit to indicate accepting acl conn; to be cleared on btm_acl_created */ + UINT8 sm4; /* BTM_SM4_TRUE, if the peer supports SM4 */ + tBTM_IO_CAP rmt_io_caps; /* IO capability of the peer device */ + BOOLEAN rmt_auth_req; /* the auth_req flag as in the IO caps rsp evt */ + +#if (BLE_INCLUDED == TRUE) + UINT8 enc_key_size; /* current link encryption key size */ + tBTM_SEC_BLE ble; + tBT_DEVICE_TYPE device_type; + tBTM_LE_CONN_PRAMS conn_params; +#endif + +// btla-specific ++ +#if BTM_DISC_DURING_RS == TRUE +#define BTM_SEC_RS_NOT_PENDING 0 /* Role Switch not in progress */ +#define BTM_SEC_RS_PENDING 1 /* Role Switch in progress */ +#define BTM_SEC_DISC_PENDING 2 /* Disconnect is pending */ + UINT8 rs_disc_pending; +#endif +// btla-specific -- +} tBTM_SEC_DEV_REC; + +#define BTM_SEC_IS_SM4(sm) ((BOOLEAN)(BTM_SM4_TRUE == ((sm)&BTM_SM4_TRUE))) +#define BTM_SEC_IS_SM4_LEGACY(sm) ((BOOLEAN)(BTM_SM4_KNOWN == ((sm)&BTM_SM4_TRUE))) +#define BTM_SEC_IS_SM4_UNKNOWN(sm) ((BOOLEAN)(BTM_SM4_UNKNOWN == ((sm)&BTM_SM4_TRUE))) + + +/* +** Define device configuration structure +*/ +typedef struct +{ +#if BTM_MAX_LOC_BD_NAME_LEN > 0 + tBTM_LOC_BD_NAME bd_name; /* local Bluetooth device name */ +#endif + BOOLEAN pin_type; /* TRUE if PIN type is fixed */ + UINT8 pin_code_len; /* Bonding information */ + PIN_CODE pin_code; /* PIN CODE if pin type is fixed */ + BOOLEAN connectable; /* If TRUE page scan should be enabled */ + UINT8 def_inq_scan_mode; /* ??? limited/general/none */ +} tBTM_CFG; + +#if BTM_PWR_MGR_INCLUDED == TRUE +enum +{ + BTM_PM_ST_ACTIVE = BTM_PM_STS_ACTIVE, + BTM_PM_ST_HOLD = BTM_PM_STS_HOLD, + BTM_PM_ST_SNIFF = BTM_PM_STS_SNIFF, + BTM_PM_ST_PARK = BTM_PM_STS_PARK, + BTM_PM_ST_PENDING = BTM_PM_STS_PENDING +}; +typedef UINT8 tBTM_PM_STATE; + +enum +{ + BTM_PM_SET_MODE_EVT, /* Set power mode API is called. */ + BTM_PM_UPDATE_EVT, + BTM_PM_RD_MODE_EVT /* Read power mode API is called. */ +}; +typedef UINT8 tBTM_PM_EVENT; + +typedef struct +{ + UINT16 event; + UINT16 len; + UINT8 link_ind; +} tBTM_PM_MSG_DATA; + +typedef struct +{ + UINT8 hci_status; + UINT8 mode; + UINT16 interval; +} tBTM_PM_MD_CHG_DATA; + +typedef struct +{ + UINT8 pm_id; /* the entity that calls SetPowerMode API */ + tBTM_PM_PWR_MD *p_pmd; +} tBTM_PM_SET_MD_DATA; + +typedef struct +{ + void *p_data; + UINT8 link_ind; +} tBTM_PM_SM_DATA; + +typedef struct +{ + tBTM_PM_PWR_MD req_mode[BTM_MAX_PM_RECORDS+1]; /* the desired mode and parameters of the connection*/ + tBTM_PM_PWR_MD set_mode; /* the mode and parameters sent down to the host controller. */ + UINT16 interval; /* the interval from last mode change event. */ +#if (BTM_SSR_INCLUDED == TRUE) + UINT16 max_lat; /* stored SSR maximum latency */ + UINT16 min_rmt_to;/* stored SSR minimum remote timeout */ + UINT16 min_loc_to;/* stored SSR minimum local timeout */ +#endif + tBTM_PM_STATE state; /* contains the current mode of the connection */ + BOOLEAN chg_ind; /* a request change indication */ +} tBTM_PM_MCB; + +#define BTM_PM_REC_NOT_USED 0 +typedef struct +{ + tBTM_PM_STATUS_CBACK *cback;/* to notify the registered party of mode change event */ + UINT8 mask; /* registered request mask. 0, if this entry is not used */ +} tBTM_PM_RCB; +#endif /* BTM_PWR_MGR_INCLUDED */ + +enum +{ + BTM_BLI_ACL_UP_EVT, + BTM_BLI_ACL_DOWN_EVT, + BTM_BLI_PAGE_EVT, + BTM_BLI_PAGE_DONE_EVT, + BTM_BLI_INQ_EVT, + BTM_BLI_INQ_DONE_EVT +}; +typedef UINT8 tBTM_BLI_EVENT; + +/* Pairing State */ +enum +{ + BTM_PAIR_STATE_IDLE, /* Idle */ + BTM_PAIR_STATE_GET_REM_NAME, /* Getting the remote name (to check for SM4) */ + BTM_PAIR_STATE_WAIT_PIN_REQ, /* Started authentication, waiting for PIN req (PIN is pre-fetched) */ + BTM_PAIR_STATE_WAIT_LOCAL_PIN, /* Waiting for local PIN code */ + BTM_PAIR_STATE_WAIT_NUMERIC_CONFIRM, /* Waiting user 'yes' to numeric confirmation */ + BTM_PAIR_STATE_KEY_ENTRY, /* Key entry state (we are a keyboard) */ + BTM_PAIR_STATE_WAIT_LOCAL_OOB_RSP, /* Waiting for local response to peer OOB data */ + BTM_PAIR_STATE_WAIT_LOCAL_IOCAPS, /* Waiting for local IO capabilities and OOB data */ + BTM_PAIR_STATE_INCOMING_SSP, /* Incoming SSP (got peer IO caps when idle) */ + BTM_PAIR_STATE_WAIT_AUTH_COMPLETE, /* All done, waiting authentication cpmplete */ + BTM_PAIR_STATE_WAIT_DISCONNECT /* Waiting to disconnect the ACL */ +}; +typedef UINT8 tBTM_PAIRING_STATE; + +#define BTM_PAIR_FLAGS_WE_STARTED_DD 0x01 /* We want to do dedicated bonding */ +#define BTM_PAIR_FLAGS_PEER_STARTED_DD 0x02 /* Peer initiated dedicated bonding */ +#define BTM_PAIR_FLAGS_DISC_WHEN_DONE 0x04 +#define BTM_PAIR_FLAGS_PIN_REQD 0x08 /* set this bit when pin_callback is called */ +#define BTM_PAIR_FLAGS_PRE_FETCH_PIN 0x10 /* set this bit when pre-fetch pin */ +#define BTM_PAIR_FLAGS_REJECTED_CONNECT 0x20 /* set this bit when rejected incoming connection */ + +typedef struct +{ + BOOLEAN is_mux; + BD_ADDR bd_addr; + UINT16 psm; + BOOLEAN is_orig; + tBTM_SEC_CALLBACK *p_callback; + void *p_ref_data; + UINT32 mx_proto_id; + UINT32 mx_chan_id; +} tBTM_SEC_QUEUE_ENTRY; + +#if (L2CAP_UCD_INCLUDED == TRUE) + +#define CONN_ORIENT_TERM 0x00 /* incoming connection oriented */ +#define CONN_ORIENT_ORIG 0x01 /* outgoing connection oriented */ +#define CONNLESS_TERM 0x02 /* incoming connectionless */ +#define CONNLESS_ORIG 0x03 /* outgoing connectionless */ +#define CONNECTION_TYPE_ORIG_MASK 0x01 /* mask for direction */ +#define CONNECTION_TYPE_CONNLESS_MASK 0x02 /* mask for connectionless or not */ +typedef UINT8 CONNECTION_TYPE; + +#else + +#define CONN_ORIENT_TERM FALSE +#define CONN_ORIENT_ORIG TRUE +typedef BOOLEAN CONNECTION_TYPE; + +#endif /* (L2CAP_UCD_INCLUDED == TRUE) */ + +/* Define a structure to hold all the BTM data +*/ + +#define BTM_STATE_BUFFER_SIZE 5 /* size of state buffer */ + +#if (BTM_PCM2_INCLUDED == TRUE) +/* Define pcm2_action */ +enum +{ + BTM_PCM2_ACT_NONE, + BTM_PCM2_ACT_SENT_ARC, + BTM_PCM2_READ_PARAM, + BTM_PCM2_WRITE_PARAM, +}; +typedef UINT8 tBTM_PCM2_ACTION; +#endif + +typedef struct +{ + tBTM_CFG cfg; /* Device configuration */ + + /**************************************************** + ** ACL Management + ****************************************************/ + tACL_CONN acl_db[MAX_L2CAP_LINKS]; +#if( RFCOMM_INCLUDED==TRUE) + UINT8 btm_scn[BTM_MAX_SCN]; /* current SCNs: TRUE if SCN is in use */ +#endif + UINT16 btm_def_link_policy; + UINT16 btm_def_link_super_tout; + +#if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE) + tBTM_BL_EVENT_MASK bl_evt_mask; + tBTM_BL_CHANGE_CB *p_bl_changed_cb; /* Callback for when Busy Level changed */ +#else + tBTM_ACL_DB_CHANGE_CB *p_acl_changed_cb; /* Callback for when ACL DB changed */ +#endif + + tBTM_LSTO_CBACK *p_lsto_cback; /* for link supervision timeout change event */ + + /**************************************************** + ** Power Management + ****************************************************/ +#if BTM_PWR_MGR_INCLUDED == TRUE + tBTM_PM_MCB pm_mode_db[MAX_L2CAP_LINKS]; /* per ACL link */ + tBTM_PM_RCB pm_reg_db[BTM_MAX_PM_RECORDS+1]; /* per application/module */ + UINT8 pm_pend_link; /* the index of acl_db, which has a pending PM cmd */ + UINT8 pm_pend_id; /* the id pf the module, which has a pending PM cmd */ +#endif /* BTM_PWR_MGR_INCLUDED == TRUE */ + + /***************************************************** + ** Device control + *****************************************************/ + tBTM_DEVCB devcb; + + /***************************************************** + ** BLE Device controllers + *****************************************************/ +#if (BLE_INCLUDED == TRUE) + tBTM_BLE_CB ble_ctr_cb; + + UINT16 enc_handle; + BT_OCTET8 enc_rand; /* received rand value from LTK request*/ + UINT16 ediv; /* received ediv value from LTK request */ + UINT8 key_size; +#endif + + /* Packet types supported by the local device */ + UINT16 btm_acl_pkt_types_supported; + UINT16 btm_sco_pkt_types_supported; + + + /***************************************************** + ** Inquiry + *****************************************************/ + tBTM_INQUIRY_VAR_ST btm_inq_vars; + tBTM_FILTER_CB *p_inq_filter_cb; /* Callback that can be set if host */ + /* wants to verify inquiry filters */ + + /***************************************************** + ** SCO Management + *****************************************************/ +#if BTM_SCO_INCLUDED == TRUE + tSCO_CB sco_cb; +#endif + + /***************************************************** + ** Security Management + *****************************************************/ + tBTM_APPL_INFO api; + +#define BTM_SEC_MAX_RMT_NAME_CALLBACKS 2 + tBTM_RMT_NAME_CALLBACK *p_rmt_name_callback[BTM_SEC_MAX_RMT_NAME_CALLBACKS]; + + tBTM_FILTER_CB *p_conn_filter_cb; /* Callback that can be set if host */ + /* wants to verify connectability filters*/ + + tBTM_SEC_DEV_REC *p_collided_dev_rec; + TIMER_LIST_ENT sec_collision_tle; + UINT32 collision_start_time; + UINT32 max_collision_delay; + UINT32 dev_rec_count; /* Counter used for device record timestamp */ + UINT8 security_mode; + BOOLEAN pairing_disabled; + BOOLEAN connect_only_paired; + BOOLEAN security_mode_changed; /* mode changed during bonding */ + BOOLEAN pin_type_changed; /* pin type changed during bonding */ + BOOLEAN sec_req_pending; /* TRUE if a request is pending */ +// btla-specific ++ +#ifdef PORCHE_PAIRING_CONFLICT + UINT8 pin_code_len_saved; /* for legacy devices */ +#endif +// btla-specific -- + + UINT8 pin_code_len; /* for legacy devices */ + PIN_CODE pin_code; /* for legacy devices */ + tBTM_PAIRING_STATE pairing_state; /* The current pairing state */ + UINT8 pairing_flags; /* The current pairing flags */ + BD_ADDR pairing_bda; /* The device currently pairing */ + TIMER_LIST_ENT pairing_tle; /* Timer for pairing process */ + UINT16 disc_handle; /* for legacy devices */ + UINT8 disc_reason; /* for legacy devices */ + tBTM_SEC_SERV_REC sec_serv_rec[BTM_SEC_MAX_SERVICE_RECORDS]; + tBTM_SEC_DEV_REC sec_dev_rec[BTM_SEC_MAX_DEVICE_RECORDS]; + tBTM_SEC_SERV_REC *p_out_serv; + tBTM_MKEY_CALLBACK *mkey_cback; + + BD_ADDR connecting_bda; + DEV_CLASS connecting_dc; + + UINT8 first_disabled_channel; + UINT8 last_disabled_channel; + + UINT8 acl_disc_reason; + UINT8 trace_level; +#if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE) + UINT8 num_acl; /* num of active ACL links */ + UINT8 busy_level; /* the current busy level */ + BOOLEAN is_paging; /* TRUE, if paging is in progess */ + BOOLEAN is_inquiry; /* TRUE, if inquiry is in progess */ +#endif + BUFFER_Q page_queue; + BOOLEAN paging; + BOOLEAN discing; + BUFFER_Q sec_pending_q; /* pending sequrity requests in tBTM_SEC_QUEUE_ENTRY format */ + +#if (!defined(BT_TRACE_VERBOSE) || (BT_TRACE_VERBOSE == FALSE)) + char state_temp_buffer[BTM_STATE_BUFFER_SIZE]; +#endif + +#if (defined(BTM_PCM2_INCLUDED) && BTM_PCM2_INCLUDED == TRUE) + UINT16 sys_features; + UINT8 pcm2_params[BRCM_PCM2_SETUP_WRITE_SIZE]; + tBTM_PCM2_ACTION pcm2_action; +#endif + +} tBTM_CB; + + +#ifdef __cplusplus +extern "C" +{ +#endif + +#if BTM_DYNAMIC_MEMORY == FALSE +BTM_API extern tBTM_CB btm_cb; +#else +BTM_API extern tBTM_CB *btm_cb_ptr; +#define btm_cb (*btm_cb_ptr) +#endif + +/* Internal functions provided by btm_main.c +******************************************** +*/ +extern void btm_init (void); + +/* Internal functions provided by btm_inq.c +******************************************* +*/ +extern tBTM_STATUS btm_initiate_rem_name (BD_ADDR remote_bda, + tBTM_INQ_INFO *p_cur, + UINT8 origin, UINT32 timeout, + tBTM_CMPL_CB *p_cb); + +extern void btm_process_remote_name (BD_ADDR bda, BD_NAME name, UINT16 evt_len, + UINT8 hci_status); +extern void btm_inq_rmt_name_failed(void); + +/* Inquiry related functions */ +extern void btm_clr_inq_db (BD_ADDR p_bda); +extern void btm_inq_db_init (void); +extern void btm_process_inq_results (UINT8 *p, UINT8 inq_res_mode); +extern void btm_process_inq_complete (UINT8 status, UINT8 mode); +extern void btm_event_filter_complete (UINT8 *p); +extern void btm_inq_stop_on_ssp(void); +extern void btm_inq_clear_ssp(void); +extern tINQ_DB_ENT *btm_inq_db_find (BD_ADDR p_bda); +extern BOOLEAN btm_inq_find_bdaddr (BD_ADDR p_bda); + +#if (BTM_EIR_CLIENT_INCLUDED == TRUE) +extern BOOLEAN btm_lookup_eir(BD_ADDR_PTR p_rem_addr); +#endif + +/* Internal functions provided by btm_acl.c +******************************************** +*/ +extern void btm_acl_init (void); +extern void btm_acl_timeout (TIMER_LIST_ENT *p_tle); +extern void btm_acl_created (BD_ADDR bda, DEV_CLASS dc, BD_NAME bdn, + UINT16 hci_handle, UINT8 link_role, UINT8 is_le_link); +extern void btm_acl_removed (BD_ADDR bda); +extern void btm_acl_device_down (void); +extern void btm_acl_update_busy_level (tBTM_BLI_EVENT event); +extern void btm_acl_link_key_change (UINT16 handle, UINT8 status); + +extern void btm_cont_rswitch_or_chglinkkey (tACL_CONN *p, + tBTM_SEC_DEV_REC *p_dev_rec, + UINT8 hci_status); + +extern UINT8 btm_handle_to_acl_index (UINT16 hci_handle); +extern void btm_read_link_policy_complete (UINT8 *p); +extern void btm_read_rssi_complete (UINT8 *p); +extern void btm_read_tx_power_complete (UINT8 *p, BOOLEAN is_ble); +extern void btm_read_link_quality_complete (UINT8 *p); +extern tBTM_STATUS btm_set_packet_types (tACL_CONN *p, UINT16 pkt_types); +extern void btm_process_clk_off_comp_evt (UINT16 hci_handle, UINT16 clock_offset); +extern void btm_acl_role_changed (UINT8 hci_status, BD_ADDR bd_addr, UINT8 new_role); +extern void btm_acl_encrypt_change (UINT16 handle, UINT8 status, UINT8 encr_enable); +BTM_API extern UINT16 btm_get_acl_disc_reason_code (void); +BTM_API extern tBTM_STATUS btm_remove_acl (BD_ADDR bd_addr); +extern void btm_read_remote_features_complete (UINT8 *p); +extern void btm_read_remote_ext_features_complete (UINT8 *p); +extern void btm_read_remote_ext_features_failed (UINT8 status); +extern void btm_read_remote_version_complete (UINT8 *p); +// btla-specific ++ +extern void btm_acl_chk_peer_pkt_type_support (tACL_CONN *p, UINT16 *p_pkt_type); +// btla-specific -- +/* Read maximum data packet that can be sent over current connection */ +extern UINT16 btm_get_max_packet_size (BD_ADDR addr); +extern tACL_CONN *btm_bda_to_acl (BD_ADDR bda); +extern BOOLEAN btm_acl_notif_conn_collision (BD_ADDR bda); + +#if BTM_PWR_MGR_INCLUDED == FALSE +extern void btm_process_mode_change (UINT8 hci_status, UINT16 hci_handle, UINT8 mode, + UINT16 interval); + +/* Internal functions provided by btm_pm.c +******************************************** +*/ +#else +extern void btm_pm_reset(void); +extern void btm_pm_sm_alloc(UINT8 ind); +extern void btm_pm_proc_cmd_status(UINT8 status); +extern void btm_pm_proc_mode_change (UINT8 hci_status, UINT16 hci_handle, UINT8 mode, + UINT16 interval); +extern void btm_pm_proc_ssr_evt (UINT8 *p, UINT16 evt_len); +#if BTM_SCO_INCLUDED == TRUE +extern void btm_sco_chk_pend_unpark (UINT8 hci_status, UINT16 hci_handle); +#else +#define btm_sco_chk_pend_unpark(hci_status, hci_handle) +#endif /* BTM_SCO_INCLUDED */ +#endif /* BTM_PWR_MGR_INCLUDED == FALSE */ +extern void btm_qos_setup_complete (UINT8 status, UINT16 handle, FLOW_SPEC *p_flow); + + +/* Internal functions provided by btm_sco.c +******************************************** +*/ +extern void btm_sco_init (void); +extern void btm_sco_connected (UINT8 hci_status, BD_ADDR bda, UINT16 hci_handle, + tBTM_ESCO_DATA *p_esco_data); +extern void btm_esco_proc_conn_chg (UINT8 status, UINT16 handle, UINT8 tx_interval, + UINT8 retrans_window, UINT16 rx_pkt_len, + UINT16 tx_pkt_len); +extern void btm_sco_conn_req (BD_ADDR bda, DEV_CLASS dev_class, UINT8 link_type); +extern void btm_sco_removed (UINT16 hci_handle, UINT8 reason); +extern void btm_sco_acl_removed (BD_ADDR bda); +extern void btm_route_sco_data (BT_HDR *p_msg); +extern BOOLEAN btm_is_sco_active (UINT16 handle); +extern void btm_remove_sco_links (BD_ADDR bda); +extern BOOLEAN btm_is_sco_active_by_bdaddr (BD_ADDR remote_bda); + +extern tBTM_SCO_TYPE btm_read_def_esco_mode (tBTM_ESCO_PARAMS *p_parms); +extern UINT16 btm_find_scb_by_handle (UINT16 handle); +extern void btm_sco_flush_sco_data(UINT16 sco_inx); + +/* Internal functions provided by btm_devctl.c +********************************************** +*/ +extern void btm_dev_init (void); +extern void btm_dev_absent (void); +extern void btm_dev_timeout (TIMER_LIST_ENT *p_tle); +extern void btm_reset_complete (void); +extern void btm_read_local_version_complete (UINT8 *p, UINT16 evt_len); +extern void btm_read_hci_buf_size_complete (UINT8 *p, UINT16 evt_len); +extern void btm_read_local_features_complete (UINT8 *p, UINT16 evt_len); +extern void btm_read_local_name_complete (UINT8 *p, UINT16 evt_len); +extern void btm_read_local_addr_complete (UINT8 *p, UINT16 evt_len); +extern void btm_get_local_features (void); + +#if (BLE_INCLUDED == TRUE) +extern void btm_read_ble_buf_size_complete (UINT8 *p, UINT16 evt_len); +extern void btm_read_white_list_size_complete(UINT8 *p, UINT16 evt_len); +extern void btm_ble_add_2_white_list_complete(UINT8 *p, UINT16 evt_len); +extern void btm_ble_remove_from_white_list_complete(UINT8 *p, UINT16 evt_len); +extern void btm_ble_clear_white_list_complete(UINT8 *p, UINT16 evt_len); +#endif /* BLE_INCLUDED */ + +/* Vendor Specific Command complete evt handler */ +extern void btm_vsc_complete (UINT8 *p, UINT16 cc_opcode, UINT16 evt_len, + tBTM_CMPL_CB *p_vsc_cplt_cback); +extern void btm_inq_db_reset (void); +extern void btm_vendor_specific_evt (UINT8 *p, UINT8 evt_len); +extern UINT8 btm_get_hci_version (void); +extern void btm_read_stored_link_key_complete (UINT8 *p); +extern void btm_write_stored_link_key_complete (UINT8 *p); +extern void btm_delete_stored_link_key_complete (UINT8 *p); +extern void btm_return_link_keys_evt (tBTM_RETURN_LINK_KEYS_EVT *result); +extern void btm_report_device_status (tBTM_DEV_STATUS status); + + +/* Internal functions provided by btm_dev.c +********************************************** +*/ +extern BOOLEAN btm_dev_support_switch (BD_ADDR bd_addr); +extern UINT8 btm_get_voice_coding_support (void); + +extern tBTM_SEC_DEV_REC *btm_sec_alloc_dev (BD_ADDR bd_addr); +extern void btm_sec_free_dev (tBTM_SEC_DEV_REC *p_dev_rec); +extern tBTM_SEC_DEV_REC *btm_find_dev (BD_ADDR bd_addr); +extern tBTM_SEC_DEV_REC *btm_find_or_alloc_dev (BD_ADDR bd_addr); +extern tBTM_SEC_DEV_REC *btm_find_dev_by_handle (UINT16 handle); + +/* Internal functions provided by btm_sec.c +********************************************** +*/ +extern BOOLEAN btm_dev_support_switch (BD_ADDR bd_addr); +extern tBTM_STATUS btm_sec_l2cap_access_req (BD_ADDR bd_addr, UINT16 psm, + UINT16 handle, CONNECTION_TYPE conn_type, + tBTM_SEC_CALLBACK *p_callback, void *p_ref_data); +extern tBTM_STATUS btm_sec_mx_access_request (BD_ADDR bd_addr, UINT16 psm, BOOLEAN is_originator, + UINT32 mx_proto_id, UINT32 mx_chan_id, + tBTM_SEC_CALLBACK *p_callback, void *p_ref_data); +extern void btm_sec_conn_req (UINT8 *bda, UINT8 *dc); +extern void btm_create_conn_cancel_complete (UINT8 *p); +extern void btm_proc_lsto_evt(UINT16 handle, UINT16 timeout); +extern void btm_read_linq_tx_power_complete (UINT8 *p); + +extern void btm_sec_init (UINT8 sec_mode); +extern void btm_sec_dev_reset (void); +extern void btm_sec_abort_access_req (BD_ADDR bd_addr); +extern void btm_sec_auth_complete (UINT16 handle, UINT8 status); +extern void btm_sec_mkey_comp_event (UINT16 handle, UINT8 status, UINT8 key_flg); +extern void btm_sec_encrypt_change (UINT16 handle, UINT8 status, UINT8 encr_enable); +extern void btm_sec_connected (UINT8 *bda, UINT16 handle, UINT8 status, UINT8 enc_mode); +extern tBTM_STATUS btm_sec_disconnect (UINT16 handle, UINT8 reason); +extern void btm_sec_disconnected (UINT16 handle, UINT8 reason); +extern void btm_sec_rmt_name_request_complete (UINT8 *bd_addr, UINT8 *bd_name, UINT8 status); +extern void btm_sec_rmt_host_support_feat_evt (UINT8 *p); +extern void btm_io_capabilities_req (UINT8 *p); +extern void btm_io_capabilities_rsp (UINT8 *p); +extern void btm_proc_sp_req_evt (tBTM_SP_EVT event, UINT8 *p); +extern void btm_keypress_notif_evt (UINT8 *p); +extern void btm_simple_pair_complete (UINT8 *p); +extern void btm_sec_link_key_notification (UINT8 *p_bda, UINT8 *p_link_key, UINT8 key_type); +extern void btm_sec_link_key_request (UINT8 *p_bda); +extern void btm_sec_pin_code_request (UINT8 *p_bda); +extern void btm_sec_update_clock_offset (UINT16 handle, UINT16 clock_offset); +extern void btm_sec_dev_rec_cback_event (tBTM_SEC_DEV_REC *p_dev_rec, UINT8 res); + +#if BLE_INCLUDED == TRUE +extern void btm_sec_clear_ble_keys (tBTM_SEC_DEV_REC *p_dev_rec); +extern BOOLEAN btm_sec_find_bonded_dev (UINT8 start_idx, UINT8 *p_found_idx, tBTM_SEC_DEV_REC *p_rec); +extern BOOLEAN btm_sec_is_a_bonded_dev (BD_ADDR bda); +#endif /* BLE_INCLUDED */ + +extern tINQ_DB_ENT *btm_inq_db_new (BD_ADDR p_bda); + +#if BTM_OOB_INCLUDED == TRUE +extern void btm_rem_oob_req (UINT8 *p); +extern void btm_read_local_oob_complete (UINT8 *p); +#else +#define btm_rem_oob_req(p) +#define btm_read_local_oob_complete(p) +#endif + +extern void btm_acl_resubmit_page (void); +extern void btm_acl_reset_paging (void); +extern void btm_acl_paging (BT_HDR *p, BD_ADDR dest); +extern void btm_acl_set_discing (BOOLEAN discing); +extern UINT8 btm_sec_clr_service_by_psm (UINT16 psm); + +#ifdef BRCM_VS +extern void btm_brcm_feat_init(void); +extern void btm_vs_reset_complete (void); +extern void btm_brcm_arc_init (void); + +#endif + +#ifdef __cplusplus +} +#endif + +#endif + diff --git a/stack/btm/btm_main.c b/stack/btm/btm_main.c new file mode 100644 index 0000000..42489e1 --- /dev/null +++ b/stack/btm/btm_main.c @@ -0,0 +1,59 @@ +/***************************************************************************** +** +** Name: btm_main.c +** +** Description: This file contains the definition of the btm control block +** when BTM_DYNAMIC_MEMORY is used. +** +** +** Copyright (c) 2002-2011, Broadcom Corp., All Rights Reserved. +** Broadcom Bluetooth Core. Proprietary and confidential. +******************************************************************************/ + +#include "bt_types.h" +#include "bt_target.h" +#include <string.h> +#include "btm_int.h" + +/* Global BTM control block structure +*/ +#if BTM_DYNAMIC_MEMORY == FALSE +tBTM_CB btm_cb; +#endif + +/******************************************************************************* +** +** Function btm_init +** +** Description This function is called at BTM startup to allocate the +** control block (if using dynamic memory), and initializes the +** tracing level. It then initializes the various components of +** btm. +** +** Returns void +** +*******************************************************************************/ +void btm_init (void) +{ + /* All fields are cleared; nonzero fields are reinitialized in appropriate function */ + memset(&btm_cb, 0, sizeof(tBTM_CB)); + +#if defined(BTM_INITIAL_TRACE_LEVEL) + btm_cb.trace_level = BTM_INITIAL_TRACE_LEVEL; +#else + btm_cb.trace_level = BT_TRACE_LEVEL_NONE; /* No traces */ +#endif + /* TODO Bluedroid - Hardcoded trace level. Needs to be configurable */ + btm_cb.trace_level = BT_TRACE_LEVEL_DEBUG; + /* Initialize BTM component structures */ + btm_inq_db_init(); /* Inquiry Database and Structures */ + btm_acl_init(); /* ACL Database and Structures */ + btm_sec_init(BTM_SEC_MODE_SP); /* Security Manager Database and Structures */ +#if BTM_SCO_INCLUDED == TRUE + btm_sco_init(); /* SCO Database and Structures (If included) */ +#endif + + btm_dev_init(); /* Device Manager Structures & HCI_Reset */ +} + + diff --git a/stack/btm/btm_pm.c b/stack/btm/btm_pm.c new file mode 100644 index 0000000..169a1b3 --- /dev/null +++ b/stack/btm/btm_pm.c @@ -0,0 +1,985 @@ +/*****************************************************************************/ +/* */ +/* Name: btm_pm.c */ +/* */ +/* Description: This file contains functions that manages ACL link modes. */ +/* This includes operations such as active, hold, */ +/* park and sniff modes. */ +/* */ +/* This module contains both internal and external (API) */ +/* functions. External (API) functions are distinguishable */ +/* by their names beginning with uppercase BTM. */ +/* */ +/* */ +/* Copyright (c) 2000-2009, Broadcom Corp., All Rights Reserved. */ +/* WIDCOMM Bluetooth Core. Proprietary and confidential. */ +/*****************************************************************************/ + +#include <stdlib.h> +#include <string.h> +#include <stdio.h> +#include <stddef.h> +#include "bt_types.h" +#include "gki.h" +#include "hcimsgs.h" +#include "btu.h" +#include "btm_api.h" +#include "btm_int.h" +#include "l2c_int.h" +#include "hcidefs.h" + + +#if BTM_PWR_MGR_INCLUDED == TRUE + +/* This compile option is only useful when the FW has a bug + * it automatically uses single slot when entering SNIFF mode, but does not restore the setting + * This issue was found when A2DP link goes into sniff and existing sniff still has choppy audio. + * If this issue is seen, look for FW solution first. + * This work around code will be removed later. */ +#ifndef BTM_PM_SNIFF_SLOT_WORK_AROUND +#define BTM_PM_SNIFF_SLOT_WORK_AROUND FALSE +#endif + +/*****************************************************************************/ +/* to handle different modes */ +/*****************************************************************************/ +#define BTM_PM_STORED_MASK 0x80 /* set this mask if the command is stored */ +#define BTM_PM_NUM_SET_MODES 3 /* only hold, sniff & park */ + +/* Usage: (ptr_features[ offset ] & mask )?TRUE:FALSE */ +/* offset to supported feature */ +const UINT8 btm_pm_mode_off[BTM_PM_NUM_SET_MODES] = {0, 0, 1}; +/* mask to supported feature */ +const UINT8 btm_pm_mode_msk[BTM_PM_NUM_SET_MODES] = {0x40, 0x80, 0x01}; + +#define BTM_PM_GET_MD1 1 +#define BTM_PM_GET_MD2 2 +#define BTM_PM_GET_COMP 3 + +const UINT8 btm_pm_md_comp_matrix[BTM_PM_NUM_SET_MODES*BTM_PM_NUM_SET_MODES] = +{ + BTM_PM_GET_COMP, + BTM_PM_GET_MD2, + BTM_PM_GET_MD2, + + BTM_PM_GET_MD1, + BTM_PM_GET_COMP, + BTM_PM_GET_MD1, + + BTM_PM_GET_MD1, + BTM_PM_GET_MD2, + BTM_PM_GET_COMP +}; + +/* function prototype */ +static int btm_pm_find_acl_ind(BD_ADDR remote_bda); +static tBTM_STATUS btm_pm_snd_md_req( UINT8 pm_id, int link_ind, tBTM_PM_PWR_MD *p_mode ); + +/* +#ifdef BTM_PM_DEBUG +#undef BTM_PM_DEBUG +#define BTM_PM_DEBUG TRUE +#endif +*/ + +#if BTM_PM_DEBUG == TRUE +const char * btm_pm_state_str[] = +{ + "pm_active_state", + "pm_hold_state", + "pm_sniff_state", + "pm_park_state", + "pm_pend_state" +}; + +const char * btm_pm_event_str[] = +{ + "pm_set_mode_event", + "pm_hci_sts_event", + "pm_mod_chg_event", + "pm_update_event" +}; + +const char * btm_pm_action_str[] = +{ + "pm_set_mode_action", + "pm_update_db_action", + "pm_mod_chg_action", + "pm_hci_sts_action", + "pm_update_action" +}; +#endif + +/*****************************************************************************/ +/* P U B L I C F U N C T I O N S */ +/*****************************************************************************/ +/******************************************************************************* +** +** Function BTM_PmRegister +** +** Description register or deregister with power manager +** +** Returns BTM_SUCCESS if successful, +** BTM_NO_RESOURCES if no room to hold registration +** BTM_ILLEGAL_VALUE +** +*******************************************************************************/ +tBTM_STATUS BTM_PmRegister (UINT8 mask, UINT8 *p_pm_id, tBTM_PM_STATUS_CBACK *p_cb) +{ + int xx; + + /* de-register */ + if(mask & BTM_PM_DEREG) + { + if(*p_pm_id >= BTM_MAX_PM_RECORDS) + return BTM_ILLEGAL_VALUE; + btm_cb.pm_reg_db[*p_pm_id].mask = BTM_PM_REC_NOT_USED; + return BTM_SUCCESS; + } + + for(xx=0; xx<BTM_MAX_PM_RECORDS; xx++) + { + /* find an unused entry */ + if(btm_cb.pm_reg_db[xx].mask == BTM_PM_REC_NOT_USED) + { + /* if register for notification, should provide callback routine */ + if(mask & BTM_PM_REG_NOTIF) + { + if(p_cb == NULL) + return BTM_ILLEGAL_VALUE; + btm_cb.pm_reg_db[xx].cback = p_cb; + } + btm_cb.pm_reg_db[xx].mask = mask; + *p_pm_id = xx; + return BTM_SUCCESS; + } + } + + return BTM_NO_RESOURCES; +} + +/******************************************************************************* +** +** Function BTM_SetPowerMode +** +** Description store the mode in control block or +** alter ACL connection behavior. +** +** Returns BTM_SUCCESS if successful, +** BTM_UNKNOWN_ADDR if bd addr is not active or bad +** +*******************************************************************************/ +tBTM_STATUS BTM_SetPowerMode (UINT8 pm_id, BD_ADDR remote_bda, tBTM_PM_PWR_MD *p_mode) +{ + UINT8 *p_features; + int ind, acl_ind; + tBTM_PM_MCB *p_cb = NULL; /* per ACL link */ + tBTM_PM_MODE mode; + int temp_pm_id; + + + if(pm_id >= BTM_MAX_PM_RECORDS) + pm_id = BTM_PM_SET_ONLY_ID; + + if(p_mode == NULL) + return BTM_ILLEGAL_VALUE; + + BTM_TRACE_API3( "BTM_SetPowerMode: pm_id %d BDA: %08x mode:0x%x", pm_id, + (remote_bda[2]<<24)+(remote_bda[3]<<16)+(remote_bda[4]<<8)+remote_bda[5], p_mode->mode); + + /* take out the force bit */ + mode = p_mode->mode & ~BTM_PM_MD_FORCE; + + acl_ind = btm_pm_find_acl_ind(remote_bda); + if(acl_ind == MAX_L2CAP_LINKS) + return (BTM_UNKNOWN_ADDR); + + p_cb = &(btm_cb.pm_mode_db[acl_ind]); + + if(mode != BTM_PM_MD_ACTIVE) + { + /* check if the requested mode is supported */ + ind = mode - BTM_PM_MD_HOLD; /* make it base 0 */ + p_features = BTM_ReadLocalFeatures(); + if( !(p_features[ btm_pm_mode_off[ind] ] & btm_pm_mode_msk[ind] ) ) + return BTM_MODE_UNSUPPORTED; + } + + if(mode == p_cb->state) /* the requested mode is current mode */ + { + /* already in the requested mode and the current interval has less latency than the max */ + if( (mode == BTM_PM_MD_ACTIVE) || + ((p_mode->mode & BTM_PM_MD_FORCE) && (p_mode->max >= p_cb->interval) && (p_mode->min <= p_cb->interval)) || + ((p_mode->mode & BTM_PM_MD_FORCE)==0 && (p_mode->max >= p_cb->interval)) ) + { + BTM_TRACE_DEBUG4( "BTM_SetPowerMode: mode:0x%x interval %d max:%d, min:%d", p_mode->mode, p_cb->interval, p_mode->max, p_mode->min); + return BTM_SUCCESS; + } + } + + temp_pm_id = pm_id; + if(pm_id == BTM_PM_SET_ONLY_ID) + temp_pm_id = BTM_MAX_PM_RECORDS; + + /* update mode database */ + if( ((pm_id != BTM_PM_SET_ONLY_ID) && + (btm_cb.pm_reg_db[pm_id].mask & BTM_PM_REG_SET)) + || ((pm_id == BTM_PM_SET_ONLY_ID) && (btm_cb.pm_pend_link != MAX_L2CAP_LINKS)) ) + { +#if BTM_PM_DEBUG == TRUE + BTM_TRACE_DEBUG2( "BTM_SetPowerMode: Saving cmd acl_ind %d temp_pm_id %d", acl_ind,temp_pm_id); +#endif + /* Make sure mask is set to BTM_PM_REG_SET */ + btm_cb.pm_reg_db[temp_pm_id].mask |= BTM_PM_REG_SET; + *(&p_cb->req_mode[temp_pm_id]) = *((tBTM_PM_PWR_MD *)p_mode); + p_cb->chg_ind = TRUE; + } + +#if BTM_PM_DEBUG == TRUE + BTM_TRACE_DEBUG2( "btm_pm state:0x%x, pm_pend_link: %d", p_cb->state, btm_cb.pm_pend_link); +#endif + /* if mode == hold or pending, return */ + if( (p_cb->state == BTM_PM_STS_HOLD) || + (p_cb->state == BTM_PM_STS_PENDING) || + (btm_cb.pm_pend_link != MAX_L2CAP_LINKS) ) /* command pending */ + { + if(acl_ind != btm_cb.pm_pend_link) + { + /* set the stored mask */ + p_cb->state |= BTM_PM_STORED_MASK; + BTM_TRACE_DEBUG1( "btm_pm state stored:%d",acl_ind); + } + return BTM_CMD_STORED; + } + + + + return btm_pm_snd_md_req(pm_id, acl_ind, p_mode); +} + +/******************************************************************************* +** +** Function BTM_ReadPowerMode +** +** Description This returns the current mode for a specific +** ACL connection. +** +** Input Param remote_bda - device address of desired ACL connection +** +** Output Param p_mode - address where the current mode is copied into. +** BTM_ACL_MODE_NORMAL +** BTM_ACL_MODE_HOLD +** BTM_ACL_MODE_SNIFF +** BTM_ACL_MODE_PARK +** (valid only if return code is BTM_SUCCESS) +** +** Returns BTM_SUCCESS if successful, +** BTM_UNKNOWN_ADDR if bd addr is not active or bad +** +*******************************************************************************/ +tBTM_STATUS BTM_ReadPowerMode (BD_ADDR remote_bda, tBTM_PM_MODE *p_mode) +{ + int acl_ind; + + if( (acl_ind = btm_pm_find_acl_ind(remote_bda)) == MAX_L2CAP_LINKS) + return (BTM_UNKNOWN_ADDR); + + *p_mode = btm_cb.pm_mode_db[acl_ind].state; + return BTM_SUCCESS; +} + +/******************************************************************************* +** +** Function BTM_SetSsrParams +** +** Description This sends the given SSR parameters for the given ACL +** connection if it is in ACTIVE mode. +** +** Input Param remote_bda - device address of desired ACL connection +** max_lat - maximum latency (in 0.625ms)(0-0xFFFE) +** min_rmt_to - minimum remote timeout +** min_loc_to - minimum local timeout +** +** +** Returns BTM_SUCCESS if the HCI command is issued successful, +** BTM_UNKNOWN_ADDR if bd addr is not active or bad +** BTM_CMD_STORED if the command is stored +** +*******************************************************************************/ +tBTM_STATUS BTM_SetSsrParams (BD_ADDR remote_bda, UINT16 max_lat, + UINT16 min_rmt_to, UINT16 min_loc_to) +{ +#if (BTM_SSR_INCLUDED == TRUE) + int acl_ind; + tBTM_PM_MCB *p_cb; + + if( (acl_ind = btm_pm_find_acl_ind(remote_bda)) == MAX_L2CAP_LINKS) + return (BTM_UNKNOWN_ADDR); + + if(BTM_PM_STS_ACTIVE == btm_cb.pm_mode_db[acl_ind].state || + BTM_PM_STS_SNIFF == btm_cb.pm_mode_db[acl_ind].state) + { + if (btsnd_hcic_sniff_sub_rate(btm_cb.acl_db[acl_ind].hci_handle, max_lat, + min_rmt_to, min_loc_to)) + return BTM_SUCCESS; + else + return BTM_NO_RESOURCES; + } + p_cb = &btm_cb.pm_mode_db[acl_ind]; + p_cb->max_lat = max_lat; + p_cb->min_rmt_to = min_rmt_to; + p_cb->min_loc_to = min_loc_to; + return BTM_CMD_STORED; +#else + return BTM_ILLEGAL_ACTION; +#endif +} + +/******************************************************************************* +** +** Function btm_pm_reset +** +** Description as a part of the BTM reset process. +** +** Returns void +** +*******************************************************************************/ +void btm_pm_reset(void) +{ + int xx; + tBTM_PM_STATUS_CBACK *cb = NULL; + + /* clear the pending request for application */ + if( (btm_cb.pm_pend_id != BTM_PM_SET_ONLY_ID) && + (btm_cb.pm_reg_db[btm_cb.pm_pend_id].mask & BTM_PM_REG_NOTIF) ) + { + cb = btm_cb.pm_reg_db[btm_cb.pm_pend_id].cback; + } + + /* no command pending */ + btm_cb.pm_pend_link = MAX_L2CAP_LINKS; + + /* clear the register record */ + for(xx=0; xx<BTM_MAX_PM_RECORDS; xx++) + { + btm_cb.pm_reg_db[xx].mask = BTM_PM_REC_NOT_USED; + } + + if(cb != NULL) + (*cb)(btm_cb.acl_db[btm_cb.pm_pend_link].remote_addr, BTM_PM_STS_ERROR, BTM_DEV_RESET, 0); +} + +/******************************************************************************* +** +** Function btm_pm_sm_alloc +** +** Description This function initializes the control block of an ACL link. +** It is called when an ACL connection is created. +** +** Returns void +** +*******************************************************************************/ +void btm_pm_sm_alloc(UINT8 ind) +{ + tBTM_PM_MCB *p_db = &btm_cb.pm_mode_db[ind]; /* per ACL link */ + memset (p_db, 0, sizeof(tBTM_PM_MCB)); + p_db->state = BTM_PM_ST_ACTIVE; +#if BTM_PM_DEBUG == TRUE + BTM_TRACE_DEBUG2( "btm_pm_sm_alloc ind:%d st:%d", ind, p_db->state); +#endif +} + +/******************************************************************************* +** +** Function btm_pm_find_acl_ind +** +** Description This function initializes the control block of an ACL link. +** It is called when an ACL connection is created. +** +** Returns void +** +*******************************************************************************/ +static int btm_pm_find_acl_ind(BD_ADDR remote_bda) +{ + tACL_CONN *p = &btm_cb.acl_db[0]; + UINT8 xx; + + for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p++) + { + if ((p->in_use) && (!memcmp (p->remote_addr, remote_bda, BD_ADDR_LEN))) + { +#if BTM_PM_DEBUG == TRUE + BTM_TRACE_DEBUG2( "btm_pm_find_acl_ind ind:%d, st:%d", xx, btm_cb.pm_mode_db[xx].state); +#endif + break; + } + } + return xx; +} + +/******************************************************************************* +** +** Function btm_pm_compare_modes +** Description get the "more active" mode of the 2 +** Returns void +** +*******************************************************************************/ +static tBTM_PM_PWR_MD * btm_pm_compare_modes(tBTM_PM_PWR_MD *p_md1, tBTM_PM_PWR_MD *p_md2, tBTM_PM_PWR_MD *p_res) +{ + UINT8 res; + + if(p_md1 == NULL) + { + *p_res = *p_md2; + p_res->mode &= ~BTM_PM_MD_FORCE; + + return p_md2; + } + + if(p_md2->mode == BTM_PM_MD_ACTIVE || p_md1->mode == BTM_PM_MD_ACTIVE) + { + return NULL; + } + + /* check if force bit is involved */ + if(p_md1->mode & BTM_PM_MD_FORCE) + { + *p_res = *p_md1; + p_res->mode &= ~BTM_PM_MD_FORCE; + return p_res; + } + + if(p_md2->mode & BTM_PM_MD_FORCE) + { + *p_res = *p_md2; + p_res->mode &= ~BTM_PM_MD_FORCE; + return p_res; + } + + res = (p_md1->mode - 1) * BTM_PM_NUM_SET_MODES + (p_md2->mode - 1); + res = btm_pm_md_comp_matrix[res]; + switch(res) + { + case BTM_PM_GET_MD1: + *p_res = *p_md1; + return p_md1; + + case BTM_PM_GET_MD2: + *p_res = *p_md2; + return p_md2; + + case BTM_PM_GET_COMP: + p_res->mode = p_md1->mode; + /* min of the two */ + p_res->max = (p_md1->max < p_md2->max)? (p_md1->max) : (p_md2->max); + /* max of the two */ + p_res->min = (p_md1->min > p_md2->min)? (p_md1->min) : (p_md2->min); + + /* the intersection is NULL */ + if( p_res->max < p_res->min) + return NULL; + + if(p_res->mode == BTM_PM_MD_SNIFF) + { + /* max of the two */ + p_res->attempt = (p_md1->attempt > p_md2->attempt)? (p_md1->attempt) : (p_md2->attempt); + p_res->timeout = (p_md1->timeout > p_md2->timeout)? (p_md1->timeout) : (p_md2->timeout); + } + return p_res; + } + return NULL; +} + +/******************************************************************************* +** +** Function btm_pm_get_set_mode +** Description get the resulting mode from the registered parties, then compare it +** with the requested mode, if the command is from an unregistered party. +** Returns void +** +*******************************************************************************/ +static tBTM_PM_MODE btm_pm_get_set_mode(UINT8 pm_id, tBTM_PM_MCB *p_cb, tBTM_PM_PWR_MD *p_mode, tBTM_PM_PWR_MD *p_res) +{ + int xx, loop_max; + tBTM_PM_PWR_MD *p_md = NULL; + + if(p_mode != NULL && p_mode->mode & BTM_PM_MD_FORCE) + { + *p_res = *p_mode; + p_res->mode &= ~BTM_PM_MD_FORCE; + return p_res->mode; + } + + if(!p_mode) + loop_max = BTM_MAX_PM_RECORDS+1; + else + loop_max = BTM_MAX_PM_RECORDS; + + for( xx=0; xx<loop_max; xx++) + { + /* g through all the registered "set" parties */ + if(btm_cb.pm_reg_db[xx].mask & BTM_PM_REG_SET) + { + if(p_cb->req_mode[xx].mode == BTM_PM_MD_ACTIVE) + { + /* if at least one registered (SET) party says ACTIVE, stay active */ + return BTM_PM_MD_ACTIVE; + } + else + { + /* if registered parties give conflicting information, stay active */ + if( (btm_pm_compare_modes(p_md, &p_cb->req_mode[xx], p_res)) == NULL) + return BTM_PM_MD_ACTIVE; + p_md = p_res; + } + } + } + + /* if the resulting mode is NULL(nobody registers SET), use the requested mode */ + if(p_md == NULL) + { + if(p_mode) + *p_res = *((tBTM_PM_PWR_MD *)p_mode); + else /* p_mode is NULL when btm_pm_snd_md_req is called from btm_pm_proc_mode_change */ + return BTM_PM_MD_ACTIVE; + } + else + { + /* if the command is from unregistered party, + compare the resulting mode from registered party*/ + if( (pm_id == BTM_PM_SET_ONLY_ID) && + ((btm_pm_compare_modes(p_mode, p_md, p_res)) == NULL) ) + return BTM_PM_MD_ACTIVE; + } + + return p_res->mode; +} + +/******************************************************************************* +** +** Function btm_pm_snd_md_req +** Description get the resulting mode and send the resuest to host controller +** Returns tBTM_STATUS +**, BOOLEAN *p_chg_ind +*******************************************************************************/ +static tBTM_STATUS btm_pm_snd_md_req(UINT8 pm_id, int link_ind, tBTM_PM_PWR_MD *p_mode) +{ + tBTM_PM_PWR_MD md_res; + tBTM_PM_MODE mode; + tBTM_PM_MCB *p_cb = &btm_cb.pm_mode_db[link_ind]; + BOOLEAN chg_ind = FALSE; + + mode = btm_pm_get_set_mode(pm_id, p_cb, p_mode, &md_res); + md_res.mode = mode; + +#if BTM_PM_DEBUG == TRUE + BTM_TRACE_DEBUG2( "btm_pm_snd_md_req link_ind:%d, mode: %d", + link_ind, mode); +#endif + + if( p_cb->state == mode) + { + /* already in the resulting mode */ + if( (mode == BTM_PM_MD_ACTIVE) || + ((md_res.max >= p_cb->interval) && (md_res.min <= p_cb->interval)) ) + return BTM_CMD_STORED; + /* Otherwise, needs to wake, then sleep */ + chg_ind = TRUE; + } + p_cb->chg_ind = chg_ind; + + /* cannot go directly from current mode to resulting mode. */ + if( mode != BTM_PM_MD_ACTIVE && p_cb->state != BTM_PM_MD_ACTIVE) + p_cb->chg_ind = TRUE; /* needs to wake, then sleep */ + + if(p_cb->chg_ind == TRUE) /* needs to wake first */ + md_res.mode = BTM_PM_MD_ACTIVE; +#if (BTM_SSR_INCLUDED == TRUE) + else if(BTM_PM_MD_SNIFF == md_res.mode && p_cb->max_lat) + { + btsnd_hcic_sniff_sub_rate(btm_cb.acl_db[link_ind].hci_handle, p_cb->max_lat, + p_cb->min_rmt_to, p_cb->min_loc_to); + p_cb->max_lat = 0; + } +#endif + /* Default is failure */ + btm_cb.pm_pend_link = MAX_L2CAP_LINKS; + + /* send the appropriate HCI command */ + btm_cb.pm_pend_id = pm_id; + +#if BTM_PM_DEBUG == TRUE + BTM_TRACE_DEBUG2("btm_pm_snd_md_req state:0x%x, link_ind: %d", p_cb->state, link_ind); +#endif + switch(md_res.mode) + { + case BTM_PM_MD_ACTIVE: + switch(p_cb->state) + { + case BTM_PM_MD_SNIFF: + if (btsnd_hcic_exit_sniff_mode(btm_cb.acl_db[link_ind].hci_handle)) + { + btm_cb.pm_pend_link = link_ind; + } + break; + case BTM_PM_MD_PARK: + if (btsnd_hcic_exit_park_mode(btm_cb.acl_db[link_ind].hci_handle)) + { + btm_cb.pm_pend_link = link_ind; + } + break; + default: + /* Failure btm_cb.pm_pend_link = MAX_L2CAP_LINKS */ + break; + } + break; + + case BTM_PM_MD_HOLD: + if (btsnd_hcic_hold_mode (btm_cb.acl_db[link_ind].hci_handle, + md_res.max, md_res.min)) + { + btm_cb.pm_pend_link = link_ind; + } + break; + + case BTM_PM_MD_SNIFF: + if (btsnd_hcic_sniff_mode (btm_cb.acl_db[link_ind].hci_handle, + md_res.max, md_res.min, md_res.attempt, + md_res.timeout)) + { + btm_cb.pm_pend_link = link_ind; + } + break; + + case BTM_PM_MD_PARK: + if (btsnd_hcic_park_mode (btm_cb.acl_db[link_ind].hci_handle, + md_res.max, md_res.min)) + { + btm_cb.pm_pend_link = link_ind; + } + break; + default: + /* Failure btm_cb.pm_pend_link = MAX_L2CAP_LINKS */ + break; + } + + if(btm_cb.pm_pend_link == MAX_L2CAP_LINKS) + { + /* the command was not sent */ +#if BTM_PM_DEBUG == TRUE + BTM_TRACE_DEBUG1( "pm_pend_link: %d",btm_cb.pm_pend_link); +#endif + return (BTM_NO_RESOURCES); + } + + return BTM_CMD_STARTED; +} + +/******************************************************************************* +** +** Function btm_pm_check_stored +** +** Description This function is called when an HCI command status event occurs +** to check if there's any PM command issued while waiting for +** HCI command status. +** +** Returns none. +** +*******************************************************************************/ +static void btm_pm_check_stored(void) +{ + int xx; + for(xx=0; xx<MAX_L2CAP_LINKS; xx++) + { + if(btm_cb.pm_mode_db[xx].state & BTM_PM_STORED_MASK) + { + btm_cb.pm_mode_db[xx].state &= ~BTM_PM_STORED_MASK; + BTM_TRACE_DEBUG1( "btm_pm_check_stored :%d", xx); + btm_pm_snd_md_req(BTM_PM_SET_ONLY_ID, xx, NULL); + break; + } + } +} + + +/******************************************************************************* +** +** Function btm_pm_proc_cmd_status +** +** Description This function is called when an HCI command status event occurs +** for power manager related commands. +** +** Input Parms status - status of the event (HCI_SUCCESS if no errors) +** +** Returns none. +** +*******************************************************************************/ +void btm_pm_proc_cmd_status(UINT8 status) +{ + tBTM_PM_MCB *p_cb; + tBTM_PM_STATUS pm_status; + + if(btm_cb.pm_pend_link >= MAX_L2CAP_LINKS) + return; + + p_cb = &btm_cb.pm_mode_db[btm_cb.pm_pend_link]; + + if(status == HCI_SUCCESS) + { + p_cb->state = BTM_PM_ST_PENDING; + pm_status = BTM_PM_STS_PENDING; +#if BTM_PM_DEBUG == TRUE + BTM_TRACE_DEBUG1( "btm_pm_proc_cmd_status new state:0x%x", p_cb->state); +#endif + } + else /* the command was not successfull. Stay in the same state */ + { + pm_status = BTM_PM_STS_ERROR; + } + + /* notify the caller is appropriate */ + if( (btm_cb.pm_pend_id != BTM_PM_SET_ONLY_ID) && + (btm_cb.pm_reg_db[btm_cb.pm_pend_id].mask & BTM_PM_REG_NOTIF) ) + { + (*btm_cb.pm_reg_db[btm_cb.pm_pend_id].cback)(btm_cb.acl_db[btm_cb.pm_pend_link].remote_addr, pm_status, 0, status); + } + + /* no pending cmd now */ +#if BTM_PM_DEBUG == TRUE + BTM_TRACE_DEBUG3( "btm_pm_proc_cmd_status state:0x%x, pm_pend_link: %d(new: %d)", + p_cb->state, btm_cb.pm_pend_link, MAX_L2CAP_LINKS); +#endif + btm_cb.pm_pend_link = MAX_L2CAP_LINKS; + + btm_pm_check_stored(); +} + +/******************************************************************************* +** +** Function btm_process_mode_change +** +** Description This function is called when an HCI mode change event occurs. +** +** Input Parms hci_status - status of the event (HCI_SUCCESS if no errors) +** hci_handle - connection handle associated with the change +** mode - HCI_MODE_ACTIVE, HCI_MODE_HOLD, HCI_MODE_SNIFF, or HCI_MODE_PARK +** interval - number of baseband slots (meaning depends on mode) +** +** Returns none. +** +*******************************************************************************/ +void btm_pm_proc_mode_change (UINT8 hci_status, UINT16 hci_handle, UINT8 mode, UINT16 interval) +{ + tACL_CONN *p; + tBTM_PM_MCB *p_cb = NULL; + int xx, yy, zz; + tBTM_PM_STATE old_state; + tL2C_LCB *p_lcb; + + /* get the index to acl_db */ + if ((xx = btm_handle_to_acl_index(hci_handle)) >= MAX_L2CAP_LINKS) + return; + + p = &btm_cb.acl_db[xx]; + + /*** 2035 and 2045 work around: If mode is active and coming out of a SCO disconnect, restore packet types ***/ + if (mode == HCI_MODE_ACTIVE) + { + if(BTM_GetNumScoLinks() == 0) + { + if(p->restore_pkt_types) + { + BTM_TRACE_DEBUG3("btm mode change AFTER unsniffing; hci hdl 0x%x, types 0x%02x/0x%02x", + hci_handle, p->pkt_types_mask, p->restore_pkt_types); + p->pkt_types_mask = p->restore_pkt_types; + p->restore_pkt_types = 0; /* Only exists while SCO is active */ + btsnd_hcic_change_conn_type (p->hci_handle, p->pkt_types_mask); + } +#if (BTM_PM_SNIFF_SLOT_WORK_AROUND == TRUE) + else + { + BTM_TRACE_DEBUG2("btm mode change AFTER unsniffing; hci hdl 0x%x, types 0x%02x", + hci_handle, btm_cb.btm_acl_pkt_types_supported); + btm_set_packet_types (p, btm_cb.btm_acl_pkt_types_supported); + } +#endif + } +#if (BTM_PM_SNIFF_SLOT_WORK_AROUND == TRUE) + else + { + /* Mode changed from Sniff to Active while SCO is open. */ + /* Packet types of active mode, not sniff mode, should be used for ACL when SCO is closed. */ + p->restore_pkt_types = btm_cb.btm_acl_pkt_types_supported; + + /* Exclude packet types not supported by the peer */ + btm_acl_chk_peer_pkt_type_support (p, &p->restore_pkt_types); + } +#endif + } +#if (BTM_PM_SNIFF_SLOT_WORK_AROUND == TRUE) + else if (mode == HCI_MODE_SNIFF) + { + BTM_TRACE_DEBUG1("btm mode change to sniff; hci hdl 0x%x use single slot", + hci_handle); + btm_set_packet_types (p, (HCI_PKT_TYPES_MASK_DM1 | HCI_PKT_TYPES_MASK_DH1)); + } +#endif + + /* update control block */ + p_cb = &(btm_cb.pm_mode_db[xx]); + old_state = p_cb->state; + p_cb->state = mode; + p_cb->interval = interval; +#if BTM_PM_DEBUG == TRUE + BTM_TRACE_DEBUG2( "btm_pm_proc_mode_change new state:0x%x (old:0x%x)", p_cb->state, old_state); +#endif + + if ((p_cb->state == HCI_MODE_ACTIVE) && + ((p_lcb = l2cu_find_lcb_by_bd_addr (p->remote_addr)) != NULL)) + { + /* There might be any pending packets due to SNIFF or PENDING state */ + /* Trigger L2C to start transmission of the pending packets. */ + BTM_TRACE_DEBUG0 ("btm mode change to active; check l2c_link for outgoing packets"); + l2c_link_check_send_pkts (p_lcb, NULL, NULL); + + btu_stop_timer (&p_lcb->timer_entry); + } + + /* notify registered parties */ + for(yy=0; yy<=BTM_MAX_PM_RECORDS; yy++) + { + /* set req_mode HOLD mode->ACTIVE */ + if( (mode == BTM_PM_MD_ACTIVE) && (p_cb->req_mode[yy].mode == BTM_PM_MD_HOLD) ) + p_cb->req_mode[yy].mode = BTM_PM_MD_ACTIVE; + } + + /* new request has been made. - post a message to BTU task */ + if(old_state & BTM_PM_STORED_MASK) + { +#if BTM_PM_DEBUG == TRUE + BTM_TRACE_DEBUG1( "btm_pm_proc_mode_change: Sending stored req:%d", xx); +#endif + btm_pm_snd_md_req(BTM_PM_SET_ONLY_ID, xx, NULL); + } + else + { + for(zz=0; zz<MAX_L2CAP_LINKS; zz++) + { + if(btm_cb.pm_mode_db[zz].chg_ind == TRUE) + { +#if BTM_PM_DEBUG == TRUE + BTM_TRACE_DEBUG1( "btm_pm_proc_mode_change: Sending PM req :%d", zz); +#endif + btm_pm_snd_md_req(BTM_PM_SET_ONLY_ID, zz, NULL); + break; + } + } + } + + + /* notify registered parties */ + for(yy=0; yy<BTM_MAX_PM_RECORDS; yy++) + { + if(btm_cb.pm_reg_db[yy].mask & BTM_PM_REG_NOTIF) + { + (*btm_cb.pm_reg_db[yy].cback)( p->remote_addr, mode, interval, hci_status); + } + } + + /* If mode change was because of an active role switch or change link key */ + btm_cont_rswitch_or_chglinkkey(p, btm_find_dev(p->remote_addr), hci_status); +} + +/******************************************************************************* +** +** Function btm_pm_proc_ssr_evt +** +** Description This function is called when an HCI sniff subrating event occurs. +** +** Returns none. +** +*******************************************************************************/ +#if (BTM_SSR_INCLUDED == TRUE) +void btm_pm_proc_ssr_evt (UINT8 *p, UINT16 evt_len) +{ + UINT8 status; + UINT16 handle; + UINT16 max_tx_lat, max_rx_lat; + int xx, yy; + tBTM_PM_MCB *p_cb; + tACL_CONN *p_acl=NULL; + UINT16 use_ssr = TRUE; + + STREAM_TO_UINT8 (status, p); + + STREAM_TO_UINT16 (handle, p); + /* get the index to acl_db */ + if ((xx = btm_handle_to_acl_index(handle)) >= MAX_L2CAP_LINKS) + return; + + STREAM_TO_UINT16 (max_tx_lat, p); + STREAM_TO_UINT16 (max_rx_lat, p); + p_cb = &(btm_cb.pm_mode_db[xx]); + + p_acl = &btm_cb.acl_db[xx]; + if(p_cb->interval == max_rx_lat) + { + /* using legacy sniff */ + use_ssr = FALSE; + } + + /* notify registered parties */ + for(yy=0; yy<BTM_MAX_PM_RECORDS; yy++) + { + if(btm_cb.pm_reg_db[yy].mask & BTM_PM_REG_NOTIF) + { + if( p_acl) + { + (*btm_cb.pm_reg_db[yy].cback)( p_acl->remote_addr, BTM_PM_STS_SSR, use_ssr, status); + } + } + } +} +#endif +#else /* BTM_PWR_MGR_INCLUDED == TRUE */ + +/******************************************************************************* +** +** Functions BTM_PmRegister, BTM_SetPowerMode, and BTM_ReadPowerMode +** +** Description Stubbed versions for BTM_PWR_MGR_INCLUDED = FALSE +** +** Returns BTM_MODE_UNSUPPORTED. +** +*******************************************************************************/ +tBTM_STATUS BTM_PmRegister (UINT8 mask, UINT8 *p_pm_id, tBTM_PM_STATUS_CBACK *p_cb) +{ + return BTM_MODE_UNSUPPORTED; +} + +tBTM_STATUS BTM_SetPowerMode (UINT8 pm_id, BD_ADDR remote_bda, tBTM_PM_PWR_MD *p_mode) +{ + return BTM_MODE_UNSUPPORTED; +} + +tBTM_STATUS BTM_ReadPowerMode (BD_ADDR remote_bda, tBTM_PM_MODE *p_mode) +{ + return BTM_MODE_UNSUPPORTED; +} + +#endif + +/******************************************************************************* +** +** Function BTM_IsPowerManagerOn +** +** Description This function is called to check if power manager is included. +** in the BTE version. +** +** Returns BTM_PWR_MGR_INCLUDED. +** +*******************************************************************************/ +BOOLEAN BTM_IsPowerManagerOn (void) +{ + return BTM_PWR_MGR_INCLUDED; +} diff --git a/stack/btm/btm_sco.c b/stack/btm/btm_sco.c new file mode 100644 index 0000000..394ac0a --- /dev/null +++ b/stack/btm/btm_sco.c @@ -0,0 +1,1741 @@ +/***************************************************************************** +** +** Name: btm_sco.c +** +** Description: This file contains functions that handle SCO connections. +** This includes operations such as connect, disconnect, +** change supported packet types. +** +** This module contains both internal and external (API) +** functions. External (API) functions are distinguishable +** by their names beginning with uppercase BTM. +** +** Copyright (c) 2000-2011, Broadcom Corp., All Rights Reserved. +** Broadcom Bluetooth Core. Proprietary and confidential. +******************************************************************************/ + +#include <string.h> +#include "bt_types.h" +#include "bt_target.h" +#include "gki.h" +#include "bt_types.h" +#include "hcimsgs.h" +#include "btu.h" +#include "btm_api.h" +#include "btm_int.h" +#include "hcidefs.h" + +#if BTM_SCO_INCLUDED == TRUE + +/********************************************************************************/ +/* L O C A L D A T A D E F I N I T I O N S */ +/********************************************************************************/ + +#define SCO_ST_UNUSED 0 +#define SCO_ST_LISTENING 1 +#define SCO_ST_W4_CONN_RSP 2 +#define SCO_ST_CONNECTING 3 +#define SCO_ST_CONNECTED 4 +#define SCO_ST_DISCONNECTING 5 +#define SCO_ST_PEND_UNPARK 6 +#define SCO_ST_PEND_ROLECHANGE 7 + +/********************************************************************************/ +/* L O C A L F U N C T I O N P R O T O T Y P E S */ +/********************************************************************************/ + +static const tBTM_ESCO_PARAMS btm_esco_defaults = +{ + BTM_64KBITS_RATE, /* TX Bandwidth (64 kbits/sec) */ + BTM_64KBITS_RATE, /* RX Bandwidth (64 kbits/sec) */ + 0x000a, /* 10 ms (HS/HF can use EV3, 2-EV3, 3-EV3) */ + 0x0060, /* Inp Linear, Air CVSD, 2s Comp, 16bit */ + (BTM_SCO_PKT_TYPES_MASK_HV1 + /* Packet Types */ + BTM_SCO_PKT_TYPES_MASK_HV2 + + BTM_SCO_PKT_TYPES_MASK_HV3 + + BTM_SCO_PKT_TYPES_MASK_EV3 + + BTM_SCO_PKT_TYPES_MASK_EV4 + + BTM_SCO_PKT_TYPES_MASK_EV5), + BTM_ESCO_RETRANS_POWER /* Retransmission Effort (Power) */ +}; + +/******************************************************************************* +** +** Function btm_sco_flush_sco_data +** +** Description This function is called to flush the SCO data for this channel. +** +** Returns void +** +*******************************************************************************/ +void btm_sco_flush_sco_data(UINT16 sco_inx) +{ +#if BTM_SCO_HCI_INCLUDED == TRUE +#if (BTM_MAX_SCO_LINKS>0) + tSCO_CONN *p ; + BT_HDR *p_buf; + + if (sco_inx < BTM_MAX_SCO_LINKS) + { + p = &btm_cb.sco_cb.sco_db[sco_inx]; + while (p->xmit_data_q.p_first) + { + if ((p_buf = (BT_HDR *)GKI_dequeue (&p->xmit_data_q)) != NULL) + GKI_freebuf (p_buf); + } + } +#endif +#endif +} +/******************************************************************************* +** +** Function btm_sco_init +** +** Description This function is called at BTM startup to initialize +** +** Returns void +** +*******************************************************************************/ +void btm_sco_init (void) +{ +#if 0 /* cleared in btm_init; put back in if called from anywhere else! */ + memset (&btm_cb.sco_cb, 0, sizeof(tSCO_CB)); +#endif + /* Initialize nonzero defaults */ + btm_cb.sco_cb.sco_disc_reason = BTM_INVALID_SCO_DISC_REASON; + + btm_cb.sco_cb.def_esco_parms = btm_esco_defaults; /* Initialize with defaults */ + btm_cb.sco_cb.desired_sco_mode = BTM_DEFAULT_SCO_MODE; +} + +/******************************************************************************* +** +** Function btm_esco_conn_rsp +** +** Description This function is called upon receipt of an (e)SCO connection +** request event (BTM_ESCO_CONN_REQ_EVT) to accept or reject +** the request. Parameters used to negotiate eSCO links. +** If p_parms is NULL, then default values are used. +** If the link type of the incoming request is SCO, then only +** the tx_bw, max_latency, content format, and packet_types are +** valid. The hci_status parameter should be +** ([0x0] to accept, [0x0d..0x0f] to reject) +** +** Returns void +** +*******************************************************************************/ +static void btm_esco_conn_rsp (UINT16 sco_inx, UINT8 hci_status, BD_ADDR bda, + tBTM_ESCO_PARAMS *p_parms) +{ +#if (BTM_MAX_SCO_LINKS>0) + tSCO_CONN *p_sco = NULL; + tBTM_ESCO_PARAMS *p_setup; + UINT16 temp_pkt_types; + + if (sco_inx < BTM_MAX_SCO_LINKS) + p_sco = &btm_cb.sco_cb.sco_db[sco_inx]; + + /* Reject the connect request if refused by caller or wrong state */ + if (hci_status != HCI_SUCCESS || p_sco == NULL) + { + if (p_sco) + { + p_sco->state = (p_sco->state == SCO_ST_W4_CONN_RSP) ? SCO_ST_LISTENING + : SCO_ST_UNUSED; + } + + if (!btm_cb.sco_cb.esco_supported) + { + if (!btsnd_hcic_reject_conn (bda, hci_status)) + { + BTM_TRACE_ERROR0("Could not reject (e)SCO conn: No Buffer!!!"); + } + } + else + { + if (!btsnd_hcic_reject_esco_conn (bda, hci_status)) + { + BTM_TRACE_ERROR0("Could not reject (e)SCO conn: No Buffer!!!"); + } + } + } + else /* Connection is being accepted */ + { + p_sco->state = SCO_ST_CONNECTING; + if (btm_cb.devcb.local_version.hci_version >= HCI_PROTO_VERSION_1_2) + { + p_setup = &p_sco->esco.setup; + /* If parameters not specified use the default */ + if (p_parms) + *p_setup = *p_parms; + else /* Use the last setup passed thru BTM_SetEscoMode (or defaults) */ + { + *p_setup = btm_cb.sco_cb.def_esco_parms; + } + + temp_pkt_types = (p_setup->packet_types & + BTM_SCO_SUPPORTED_PKTS_MASK & + btm_cb.btm_sco_pkt_types_supported); + + /* Make sure at least one eSCO packet type is sent, else might confuse peer */ + /* Taking this out to confirm with BQB tests + ** Real application would like to include this though, as many devices + ** do not retry with SCO only if an eSCO connection fails. + if (!(temp_pkt_types & BTM_ESCO_LINK_ONLY_MASK)) + { + temp_pkt_types |= BTM_SCO_PKT_TYPES_MASK_EV3; + } + */ + /* If SCO request, remove eSCO packet types (conformance) */ + if (p_sco->esco.data.link_type == BTM_LINK_TYPE_SCO) + { + temp_pkt_types &= BTM_SCO_LINK_ONLY_MASK; + + if (btm_cb.devcb.local_version.hci_version >= HCI_PROTO_VERSION_2_0) + { + temp_pkt_types |= BTM_SCO_EXCEPTION_PKTS_MASK; + } + } + /* OR in any exception packet types if at least 2.0 version of spec */ + else if (btm_cb.devcb.local_version.hci_version >= HCI_PROTO_VERSION_2_0) + { + temp_pkt_types |= ((p_setup->packet_types & BTM_SCO_EXCEPTION_PKTS_MASK) | + (btm_cb.btm_sco_pkt_types_supported & BTM_SCO_EXCEPTION_PKTS_MASK)); + } + + if (btsnd_hcic_accept_esco_conn (bda, p_setup->tx_bw, p_setup->rx_bw, + p_setup->max_latency, p_setup->voice_contfmt, + p_setup->retrans_effort, temp_pkt_types)) + { + p_setup->packet_types = temp_pkt_types; + } + else + { + BTM_TRACE_ERROR0("Could not accept SCO conn: No Buffer!!!"); + } + } + else /* Controller is version 1.1 or earlier */ + { + btsnd_hcic_accept_conn (bda, 0); + } + } +#endif +} + + +#if BTM_SCO_HCI_INCLUDED == TRUE +/******************************************************************************* +** +** Function btm_sco_check_send_pkts +** +** Description This function is called to check if it can send packets +** to the Host Controller. +** +** Returns void +** +*******************************************************************************/ +void btm_sco_check_send_pkts (UINT16 sco_inx) +{ + BT_HDR *p_buf; + tSCO_CB *p_cb = &btm_cb.sco_cb; + tSCO_CONN *p_ccb = &p_cb->sco_db[sco_inx]; + + /* If there is data to send, send it now */ + while (p_ccb->xmit_data_q.p_first != NULL) + { + p_buf = NULL; + +#if BTM_SCO_HCI_DEBUG + BTM_TRACE_DEBUG1 ("btm: [%d] buf in xmit_data_q", p_ccb->xmit_data_q.count ); +#endif + p_buf = (BT_HDR *)GKI_dequeue (&p_ccb->xmit_data_q); + + HCI_SCO_DATA_TO_LOWER (p_buf); + } +} +#endif /* BTM_SCO_HCI_INCLUDED == TRUE */ + +/******************************************************************************* +** +** Function btm_route_sco_data +** +** Description Route received SCO data. +** +** Returns void +** +*******************************************************************************/ +void btm_route_sco_data(BT_HDR *p_msg) +{ +#if BTM_SCO_HCI_INCLUDED == TRUE + UINT16 sco_inx, handle; + UINT8 *p = (UINT8 *)(p_msg + 1) + p_msg->offset; + UINT8 pkt_size = 0; + UINT8 pkt_status = 0; + + /* Extract Packet_Status_Flag and handle */ + STREAM_TO_UINT16 (handle, p); + pkt_status = HCID_GET_EVENT(handle); + handle = HCID_GET_HANDLE (handle); + + STREAM_TO_UINT8 (pkt_size, p); + + if ((sco_inx = btm_find_scb_by_handle(handle)) != BTM_MAX_SCO_LINKS ) + { + /* send data callback */ + if (!btm_cb.sco_cb.p_data_cb ) + /* if no data callback registered, just free the buffer */ + GKI_freebuf (p_msg); + else + { + (*btm_cb.sco_cb.p_data_cb)(sco_inx, p_msg, (tBTM_SCO_DATA_FLAG) pkt_status); + } + } + else /* no mapping handle SCO connection is active, free the buffer */ + { + GKI_freebuf (p_msg); + } +#else + GKI_freebuf(p_msg); +#endif +} + + + +/******************************************************************************* +** +** Function BTM_WriteScoData +** +** Description This function write SCO data to a specified instance. The data +** to be written p_buf needs to carry an offset of +** HCI_SCO_PREAMBLE_SIZE bytes, and the data length can not +** exceed BTM_SCO_DATA_SIZE_MAX bytes, whose default value is set +** to 60 and is configurable. Data longer than the maximum bytes +** will be truncated. +** +** Returns BTM_SUCCESS: data write is successful +** BTM_ILLEGAL_VALUE: SCO data contains illegal offset value. +** BTM_SCO_BAD_LENGTH: SCO data length exceeds the max SCO packet +** size. +** BTM_NO_RESOURCES: no resources. +** BTM_UNKNOWN_ADDR: unknown SCO connection handle, or SCO is not +** routed via HCI. +** +** +*******************************************************************************/ +tBTM_STATUS BTM_WriteScoData (UINT16 sco_inx, BT_HDR *p_buf) +{ +#if (BTM_SCO_HCI_INCLUDED == TRUE) && (BTM_MAX_SCO_LINKS>0) + tSCO_CONN *p_ccb = &btm_cb.sco_cb.sco_db[sco_inx]; + UINT8 *p; + tBTM_STATUS status = BTM_SUCCESS; + + if (sco_inx < BTM_MAX_SCO_LINKS && btm_cb.sco_cb.p_data_cb && + p_ccb->state == SCO_ST_CONNECTED) + { + /* Ensure we have enough space in the buffer for the SCO and HCI headers */ + if (p_buf->offset < HCI_SCO_PREAMBLE_SIZE) + { + BTM_TRACE_ERROR1 ("BTM SCO - cannot send buffer, offset: %d", p_buf->offset); + GKI_freebuf (p_buf); + status = BTM_ILLEGAL_VALUE; + } + else /* write HCI header */ + { + /* Step back 3 bytes to add the headers */ + p_buf->offset -= HCI_SCO_PREAMBLE_SIZE; + /* Set the pointer to the beginning of the data */ + p = (UINT8 *)(p_buf + 1) + p_buf->offset; + /* add HCI handle */ + UINT16_TO_STREAM (p, p_ccb->hci_handle); + /* only sent the first BTM_SCO_DATA_SIZE_MAX bytes data if more than max, + and set warning status */ + if (p_buf->len > BTM_SCO_DATA_SIZE_MAX) + { + p_buf->len = BTM_SCO_DATA_SIZE_MAX; + status = BTM_SCO_BAD_LENGTH; + } + + UINT8_TO_STREAM (p, (UINT8)p_buf->len); + p_buf->len += HCI_SCO_PREAMBLE_SIZE; + + GKI_enqueue (&p_ccb->xmit_data_q, p_buf); + + btm_sco_check_send_pkts (sco_inx); + } + } + else + { + GKI_freebuf(p_buf); + + BTM_TRACE_WARNING2 ("BTM_WriteScoData, invalid sco index: %d at state [%d]", + sco_inx, btm_cb.sco_cb.sco_db[sco_inx].state); + status = BTM_UNKNOWN_ADDR; + } + + return (status); + +#else + return (BTM_NO_RESOURCES); +#endif +} + +#if (BTM_MAX_SCO_LINKS>0) +/******************************************************************************* +** +** Function btm_send_connect_request +** +** Description This function is called to respond to SCO connect indications +** +** Returns void +** +*******************************************************************************/ +static tBTM_STATUS btm_send_connect_request(UINT16 acl_handle, + tBTM_ESCO_PARAMS *p_setup) +{ + UINT16 temp_pkt_types; + UINT8 xx; + tACL_CONN *p_acl; + + /* Send connect request depending on version of spec */ + if (!btm_cb.sco_cb.esco_supported) + { + if (!btsnd_hcic_add_SCO_conn (acl_handle, BTM_ESCO_2_SCO(p_setup->packet_types))) + return (BTM_NO_RESOURCES); + } + else + { + temp_pkt_types = (p_setup->packet_types & BTM_SCO_SUPPORTED_PKTS_MASK & + btm_cb.btm_sco_pkt_types_supported); + + /* OR in any exception packet types if at least 2.0 version of spec */ + if (btm_cb.devcb.local_version.hci_version >= HCI_PROTO_VERSION_2_0) + { + temp_pkt_types |= ((p_setup->packet_types & BTM_SCO_EXCEPTION_PKTS_MASK) | + (btm_cb.btm_sco_pkt_types_supported & BTM_SCO_EXCEPTION_PKTS_MASK)); + } + + /* Finally, remove EDR eSCO if the remote device doesn't support it */ + /* UPF25: Only SCO was brought up in this case */ + btm_handle_to_acl_index(acl_handle); + if ((xx = btm_handle_to_acl_index(acl_handle)) < MAX_L2CAP_LINKS) + { + p_acl = &btm_cb.acl_db[xx]; + if (!HCI_EDR_ESCO_2MPS_SUPPORTED(p_acl->features)) + { + + BTM_TRACE_WARNING0("BTM Remote does not support 2-EDR eSCO"); + temp_pkt_types |= (HCI_ESCO_PKT_TYPES_MASK_NO_2_EV3 | + HCI_ESCO_PKT_TYPES_MASK_NO_2_EV5); + } + if (!HCI_EDR_ESCO_3MPS_SUPPORTED(p_acl->features)) + { + + BTM_TRACE_WARNING0("BTM Remote does not support 3-EDR eSCO"); + temp_pkt_types |= (HCI_ESCO_PKT_TYPES_MASK_NO_3_EV3 | + HCI_ESCO_PKT_TYPES_MASK_NO_3_EV5); + } + } + + + BTM_TRACE_API6(" txbw 0x%x, rxbw 0x%x, lat 0x%x, voice 0x%x, retrans 0x%02x, pkt 0x%04x", + p_setup->tx_bw, p_setup->rx_bw, + p_setup->max_latency, p_setup->voice_contfmt, + p_setup->retrans_effort, temp_pkt_types); + + if (!btsnd_hcic_setup_esco_conn(acl_handle, + p_setup->tx_bw, + p_setup->rx_bw, + p_setup->max_latency, + p_setup->voice_contfmt, + p_setup->retrans_effort, + temp_pkt_types)) + return (BTM_NO_RESOURCES); + else + p_setup->packet_types = temp_pkt_types; + } + + return (BTM_CMD_STARTED); +} +#endif + +/******************************************************************************* +** +** Function btm_set_sco_ind_cback +** +** Description This function is called to register for TCS SCO connect +** indications. +** +** Returns void +** +*******************************************************************************/ +void btm_set_sco_ind_cback( tBTM_SCO_IND_CBACK *sco_ind_cb ) +{ + btm_cb.sco_cb.app_sco_ind_cb = sco_ind_cb; +} + +/******************************************************************************* +** +** Function btm_accept_sco_link +** +** Description This function is called to respond to TCS SCO connect +** indications +** +** Returns void +** +*******************************************************************************/ +void btm_accept_sco_link(UINT16 sco_inx, tBTM_ESCO_PARAMS *p_setup, + tBTM_SCO_CB *p_conn_cb, tBTM_SCO_CB *p_disc_cb) +{ +#if (BTM_MAX_SCO_LINKS>0) + tSCO_CONN *p_sco; + + if (sco_inx >= BTM_MAX_SCO_LINKS) + { + BTM_TRACE_ERROR1("btm_accept_sco_link: Invalid sco_inx(%d)", sco_inx); + return; + } + + /* Link role is ignored in for this message */ + p_sco = &btm_cb.sco_cb.sco_db[sco_inx]; + p_sco->p_conn_cb = p_conn_cb; + p_sco->p_disc_cb = p_disc_cb; + p_sco->esco.data.link_type = BTM_LINK_TYPE_ESCO; /* Accept with all supported types */ + + BTM_TRACE_DEBUG1("TCS accept SCO: Packet Types 0x%04x", p_setup->packet_types); + + btm_esco_conn_rsp(sco_inx, HCI_SUCCESS, p_sco->esco.data.bd_addr, p_setup); +#else + btm_reject_sco_link(sco_inx); +#endif +} + +/******************************************************************************* +** +** Function btm_reject_sco_link +** +** Description This function is called to respond to SCO connect indications +** +** Returns void +** +*******************************************************************************/ +void btm_reject_sco_link( UINT16 sco_inx ) +{ + btm_esco_conn_rsp(sco_inx, HCI_ERR_HOST_REJECT_RESOURCES, + btm_cb.sco_cb.sco_db[sco_inx].esco.data.bd_addr, NULL); +} + +/******************************************************************************* +** +** Function BTM_CreateSco +** +** Description This function is called to create an SCO connection. If the +** "is_orig" flag is TRUE, the connection will be originated, +** otherwise BTM will wait for the other side to connect. +** +** NOTE: If BTM_IGNORE_SCO_PKT_TYPE is passed in the pkt_types +** parameter the default packet types is used. +** +** Returns BTM_UNKNOWN_ADDR if the ACL connection is not up +** BTM_BUSY if another SCO being set up to +** the same BD address +** BTM_NO_RESOURCES if the max SCO limit has been reached +** BTM_CMD_STARTED if the connection establishment is started. +** In this case, "*p_sco_inx" is filled in +** with the sco index used for the connection. +** +*******************************************************************************/ +tBTM_STATUS BTM_CreateSco (BD_ADDR remote_bda, BOOLEAN is_orig, UINT16 pkt_types, + UINT16 *p_sco_inx, tBTM_SCO_CB *p_conn_cb, + tBTM_SCO_CB *p_disc_cb) +{ +#if (BTM_MAX_SCO_LINKS > 0) + tBTM_ESCO_PARAMS *p_setup; + tSCO_CONN *p = &btm_cb.sco_cb.sco_db[0]; + UINT16 xx; + UINT16 acl_handle = 0; + UINT16 temp_pkt_types; + tACL_CONN *p_acl; + +#if (BTM_PWR_MGR_INCLUDED == TRUE) && (BTM_SCO_WAKE_PARKED_LINK == TRUE) + tBTM_PM_MODE md; + tBTM_PM_PWR_MD pm; +#else + UINT8 mode; +#endif + + *p_sco_inx = BTM_INVALID_SCO_INDEX; + + /* If originating, ensure that there is an ACL connection to the BD Address */ + if (is_orig) + { + if ((!remote_bda) || ((acl_handle = BTM_GetHCIConnHandle (remote_bda)) == 0xFFFF)) + return (BTM_UNKNOWN_ADDR); + } + + if (remote_bda) + { + /* If any SCO is being established to the remote BD address, refuse this */ + for (xx = 0; xx < BTM_MAX_SCO_LINKS; xx++, p++) + { + if (((p->state == SCO_ST_CONNECTING) || (p->state == SCO_ST_LISTENING) + || (p->state == SCO_ST_PEND_UNPARK)) + && (!memcmp (p->esco.data.bd_addr, remote_bda, BD_ADDR_LEN))) + { + return (BTM_BUSY); + } + } + } + else + { + /* Support only 1 wildcard BD address at a time */ + for (xx = 0; xx < BTM_MAX_SCO_LINKS; xx++, p++) + { + if ((p->state == SCO_ST_LISTENING) && (!p->rem_bd_known)) + return (BTM_BUSY); + } + } + + /* Now, try to find an unused control block, and kick off the SCO establishment */ + for (xx = 0, p = &btm_cb.sco_cb.sco_db[0]; xx < BTM_MAX_SCO_LINKS; xx++, p++) + { + if (p->state == SCO_ST_UNUSED) + { + if (remote_bda) + { + if (is_orig) + { + /* can not create SCO link if in park mode */ +#if (BTM_PWR_MGR_INCLUDED == TRUE) && (BTM_SCO_WAKE_PARKED_LINK == TRUE) + if(BTM_ReadPowerMode(remote_bda, &md) == BTM_SUCCESS) + { + if (md == BTM_PM_MD_PARK || md == BTM_PM_MD_SNIFF) + { +/* Coverity: FALSE-POSITIVE error from Coverity tool. Please do NOT remove following comment. */ +/* coverity[uninit_use_in_call] False-positive: setting the mode to BTM_PM_MD_ACTIVE only uses settings.mode + the other data members of tBTM_PM_PWR_MD are ignored +*/ + pm.mode = BTM_PM_MD_ACTIVE; + BTM_SetPowerMode(BTM_PM_SET_ONLY_ID, remote_bda, &pm); + p->state = SCO_ST_PEND_UNPARK; + } + } +#elif BTM_PWR_MGR_INCLUDED == TRUE + if( (BTM_ReadPowerMode(remote_bda, &mode) == BTM_SUCCESS) && (mode == BTM_PM_MD_PARK) ) + return (BTM_WRONG_MODE); +#else + if( (BTM_ReadAclMode(remote_bda, &mode) == BTM_SUCCESS) && (mode == BTM_ACL_MODE_PARK) ) + return (BTM_WRONG_MODE); +#endif + } + memcpy (p->esco.data.bd_addr, remote_bda, BD_ADDR_LEN); + p->rem_bd_known = TRUE; + } + else + p->rem_bd_known = FALSE; + + /* Link role is ignored in for this message */ + if (pkt_types == BTM_IGNORE_SCO_PKT_TYPE) + pkt_types = btm_cb.sco_cb.def_esco_parms.packet_types; + + p_setup = &p->esco.setup; + *p_setup = btm_cb.sco_cb.def_esco_parms; + p_setup->packet_types = (btm_cb.sco_cb.desired_sco_mode == BTM_LINK_TYPE_SCO) + ? (pkt_types & BTM_SCO_LINK_ONLY_MASK) : pkt_types; + + temp_pkt_types = (p_setup->packet_types & BTM_SCO_SUPPORTED_PKTS_MASK & + btm_cb.btm_sco_pkt_types_supported); + + /* OR in any exception packet types if at least 2.0 version of spec */ + if (btm_cb.devcb.local_version.hci_version >= HCI_PROTO_VERSION_2_0) + { + if (btm_cb.sco_cb.desired_sco_mode == HCI_LINK_TYPE_ESCO) + { + temp_pkt_types |= ((p_setup->packet_types & BTM_SCO_EXCEPTION_PKTS_MASK) | + (btm_cb.btm_sco_pkt_types_supported & BTM_SCO_EXCEPTION_PKTS_MASK)); + } + else /* Only using SCO packet types; turn off EDR also */ + { + temp_pkt_types |= BTM_SCO_EXCEPTION_PKTS_MASK; + } + } + + p_setup->packet_types = temp_pkt_types; + p->p_conn_cb = p_conn_cb; + p->p_disc_cb = p_disc_cb; + p->hci_handle = BTM_INVALID_HCI_HANDLE; + p->is_orig = is_orig; + + if( p->state != SCO_ST_PEND_UNPARK ) + { + if (is_orig) + { + /* If role change is in progress, do not proceed with SCO setup + * Wait till role change is complete */ + p_acl = btm_bda_to_acl(remote_bda); + if (p_acl && p_acl->switch_role_state != BTM_ACL_SWKEY_STATE_IDLE) + { + BTM_TRACE_API1("Role Change is in progress for ACL handle 0x%04x",acl_handle); + p->state = SCO_ST_PEND_ROLECHANGE; + + } + } + } + + if( p->state != SCO_ST_PEND_UNPARK && p->state != SCO_ST_PEND_ROLECHANGE ) + { + if (is_orig) + { + BTM_TRACE_API2("BTM_CreateSco -> (e)SCO Link for ACL handle 0x%04x, Desired Type %d", + acl_handle, btm_cb.sco_cb.desired_sco_mode); + + if ((btm_send_connect_request(acl_handle, p_setup)) != BTM_CMD_STARTED) + return (BTM_NO_RESOURCES); + + p->state = SCO_ST_CONNECTING; + } + else + p->state = SCO_ST_LISTENING; + } + + *p_sco_inx = xx; + + return (BTM_CMD_STARTED); + } + } + +#endif + /* If here, all SCO blocks in use */ + return (BTM_NO_RESOURCES); +} + +#if (BTM_PWR_MGR_INCLUDED == TRUE) && (BTM_SCO_WAKE_PARKED_LINK == TRUE) +/******************************************************************************* +** +** Function btm_sco_chk_pend_unpark +** +** Description This function is called by BTIF when there is a mode change +** event to see if there are SCO commands waiting for the unpark. +** +** Returns void +** +*******************************************************************************/ +void btm_sco_chk_pend_unpark (UINT8 hci_status, UINT16 hci_handle) +{ +#if (BTM_MAX_SCO_LINKS>0) + UINT16 xx; + UINT16 acl_handle; + tSCO_CONN *p = &btm_cb.sco_cb.sco_db[0]; + + for (xx = 0; xx < BTM_MAX_SCO_LINKS; xx++, p++) + { + if ((p->state == SCO_ST_PEND_UNPARK) && + ((acl_handle = BTM_GetHCIConnHandle (p->esco.data.bd_addr)) == hci_handle)) + + { + BTM_TRACE_API3("btm_sco_chk_pend_unpark -> (e)SCO Link for ACL handle 0x%04x, Desired Type %d, hci_status 0x%02x", + acl_handle, btm_cb.sco_cb.desired_sco_mode, hci_status); + + if ((btm_send_connect_request(acl_handle, &p->esco.setup)) == BTM_CMD_STARTED) + p->state = SCO_ST_CONNECTING; + } + } +#endif +} +#endif + +/******************************************************************************* +** +** Function btm_sco_chk_pend_rolechange +** +** Description This function is called by BTIF when there is a role change +** event to see if there are SCO commands waiting for the role change. +** +** Returns void +** +*******************************************************************************/ +void btm_sco_chk_pend_rolechange (UINT16 hci_handle) +{ +#if (BTM_MAX_SCO_LINKS>0) + UINT16 xx; + UINT16 acl_handle; + tSCO_CONN *p = &btm_cb.sco_cb.sco_db[0]; + + for (xx = 0; xx < BTM_MAX_SCO_LINKS; xx++, p++) + { + if ((p->state == SCO_ST_PEND_ROLECHANGE) && + ((acl_handle = BTM_GetHCIConnHandle (p->esco.data.bd_addr)) == hci_handle)) + + { + BTM_TRACE_API1("btm_sco_chk_pend_rolechange -> (e)SCO Link for ACL handle 0x%04x", acl_handle); + + if ((btm_send_connect_request(acl_handle, &p->esco.setup)) == BTM_CMD_STARTED) + p->state = SCO_ST_CONNECTING; + } + } +#endif +} + +/******************************************************************************* +** +** Function btm_sco_conn_req +** +** Description This function is called by BTIF when an SCO connection +** request is received from a remote. +** +** Returns void +** +*******************************************************************************/ +void btm_sco_conn_req (BD_ADDR bda, DEV_CLASS dev_class, UINT8 link_type) +{ +#if (BTM_MAX_SCO_LINKS>0) + tSCO_CB *p_sco = &btm_cb.sco_cb; + tSCO_CONN *p = &p_sco->sco_db[0]; + UINT16 xx; + tBTM_ESCO_CONN_REQ_EVT_DATA evt_data; + + for (xx = 0; xx < BTM_MAX_SCO_LINKS; xx++, p++) + { + /* + * If the sco state is in the SCO_ST_CONNECTING state, we still need + * to return accept sco to avoid race conditon for sco creation + */ + if (((p->state == SCO_ST_LISTENING && p->rem_bd_known) || p->state == SCO_ST_CONNECTING) + && (!memcmp (p->esco.data.bd_addr, bda, BD_ADDR_LEN))) + { + /* If this guy was a wildcard, he is not one any more */ + p->rem_bd_known = TRUE; + p->esco.data.link_type = link_type; + p->state = SCO_ST_W4_CONN_RSP; + memcpy (p->esco.data.bd_addr, bda, BD_ADDR_LEN); + + /* If no callback, auto-accept the connection if packet types match */ + if (!p->esco.p_esco_cback) + { + /* If requesting eSCO reject if default parameters are SCO only */ + if ((link_type == BTM_LINK_TYPE_ESCO + && !(p_sco->def_esco_parms.packet_types & BTM_ESCO_LINK_ONLY_MASK) + && ((p_sco->def_esco_parms.packet_types & BTM_SCO_EXCEPTION_PKTS_MASK) + == BTM_SCO_EXCEPTION_PKTS_MASK)) + + /* Reject request if SCO is desired but no SCO packets delected */ + || (link_type == BTM_LINK_TYPE_SCO + && !(p_sco->def_esco_parms.packet_types & BTM_SCO_LINK_ONLY_MASK))) + { + btm_esco_conn_rsp(xx, HCI_ERR_HOST_REJECT_RESOURCES, bda, NULL); + } + else /* Accept the request */ + { + btm_esco_conn_rsp(xx, HCI_SUCCESS, bda, NULL); + } + } + else /* Notify upper layer of connect indication */ + { + memcpy(evt_data.bd_addr, bda, BD_ADDR_LEN); + memcpy(evt_data.dev_class, dev_class, DEV_CLASS_LEN); + evt_data.link_type = link_type; + evt_data.sco_inx = xx; + p->esco.p_esco_cback(BTM_ESCO_CONN_REQ_EVT, (tBTM_ESCO_EVT_DATA *)&evt_data); + } + + return; + } + } + + /* TCS usage */ + if (btm_cb.sco_cb.app_sco_ind_cb) + { + /* Now, try to find an unused control block */ + for (xx = 0, p = &btm_cb.sco_cb.sco_db[0]; xx < BTM_MAX_SCO_LINKS; xx++, p++) + { + if (p->state == SCO_ST_UNUSED) + { + p->is_orig = FALSE; + p->state = SCO_ST_LISTENING; + + p->esco.data.link_type = link_type; + memcpy (p->esco.data.bd_addr, bda, BD_ADDR_LEN); + p->rem_bd_known = TRUE; + break; + } + } + if( xx < BTM_MAX_SCO_LINKS) + { + btm_cb.sco_cb.app_sco_ind_cb(xx); + return; + } + } + +#endif + /* If here, no one wants the SCO connection. Reject it */ + BTM_TRACE_WARNING0("btm_sco_conn_req: No one wants this SCO connection; rejecting it"); + btm_esco_conn_rsp(BTM_MAX_SCO_LINKS, HCI_ERR_HOST_REJECT_RESOURCES, bda, NULL); +} + +/******************************************************************************* +** +** Function btm_sco_connected +** +** Description This function is called by BTIF when an (e)SCO connection +** is connected. +** +** Returns void +** +*******************************************************************************/ +void btm_sco_connected (UINT8 hci_status, BD_ADDR bda, UINT16 hci_handle, + tBTM_ESCO_DATA *p_esco_data) +{ +#if (BTM_MAX_SCO_LINKS>0) + tSCO_CONN *p = &btm_cb.sco_cb.sco_db[0]; + UINT16 xx; + BOOLEAN spt = FALSE; + tBTM_CHG_ESCO_PARAMS parms; +#endif + + btm_cb.sco_cb.sco_disc_reason = hci_status; + +#if (BTM_MAX_SCO_LINKS>0) + for (xx = 0; xx < BTM_MAX_SCO_LINKS; xx++, p++) + { + if (((p->state == SCO_ST_CONNECTING) || + (p->state == SCO_ST_LISTENING) || + (p->state == SCO_ST_W4_CONN_RSP)) + && (p->rem_bd_known) + && (!bda || !memcmp (p->esco.data.bd_addr, bda, BD_ADDR_LEN))) + { + if (hci_status != HCI_SUCCESS) + { + /* Report the error if originator, otherwise remain in Listen mode */ + if (p->is_orig) + { + /* If role switch is pending, we need try again after role switch is complete */ + if(hci_status == HCI_ERR_ROLE_SWITCH_PENDING) + { + BTM_TRACE_API1("Role Change pending for HCI handle 0x%04x",hci_handle); + p->state = SCO_ST_PEND_ROLECHANGE; + } + /* avoid calling disconnect callback because of sco creation race */ + else if (hci_status != HCI_ERR_LMP_ERR_TRANS_COLLISION) + { + p->state = SCO_ST_UNUSED; + (*p->p_disc_cb)(xx); + } + } + else + { + /* Notify the upper layer that incoming sco connection has failed. */ + if (p->state == SCO_ST_CONNECTING) + { + p->state = SCO_ST_UNUSED; + (*p->p_disc_cb)(xx); + } + else + p->state = SCO_ST_LISTENING; + } + + return; + } + + if (p->state == SCO_ST_LISTENING) + spt = TRUE; + + p->state = SCO_ST_CONNECTED; + p->hci_handle = hci_handle; + + if (!btm_cb.sco_cb.esco_supported) + { + p->esco.data.link_type = BTM_LINK_TYPE_SCO; + if (spt) + { + parms.packet_types = p->esco.setup.packet_types; + /* Keep the other parameters the same for SCO */ + parms.max_latency = p->esco.setup.max_latency; + parms.retrans_effort = p->esco.setup.retrans_effort; + + BTM_ChangeEScoLinkParms(xx, &parms); + } + } + else + { + if (p_esco_data) + p->esco.data = *p_esco_data; + } + + (*p->p_conn_cb)(xx); + + return; + } + } +#endif +} + + +/******************************************************************************* +** +** Function btm_find_scb_by_handle +** +** Description Look through all active SCO connection for a match based on the +** HCI handle. +** +** Returns index to matched SCO connection CB, or BTM_MAX_SCO_LINKS if +** no match. +** +*******************************************************************************/ +UINT16 btm_find_scb_by_handle (UINT16 handle) +{ + int xx; + tSCO_CONN *p = &btm_cb.sco_cb.sco_db[0]; + + for (xx = 0; xx < BTM_MAX_SCO_LINKS; xx++, p++) + { + if ((p->state == SCO_ST_CONNECTED) && (p->hci_handle == handle)) + { + return (xx); + } + } + + /* If here, no match found */ + return (xx); +} + +/******************************************************************************* +** +** Function BTM_RemoveSco +** +** Description This function is called to remove a specific SCO connection. +** +** Returns status of the operation +** +*******************************************************************************/ +tBTM_STATUS BTM_RemoveSco (UINT16 sco_inx) +{ +#if (BTM_MAX_SCO_LINKS>0) + tSCO_CONN *p = &btm_cb.sco_cb.sco_db[sco_inx]; + UINT16 tempstate; + + /* Validity check */ + if ((sco_inx >= BTM_MAX_SCO_LINKS) || (p->state == SCO_ST_UNUSED)) + return (BTM_UNKNOWN_ADDR); + + /* If no HCI handle, simply drop the connection and return */ + if (p->hci_handle == BTM_INVALID_HCI_HANDLE || p->state == SCO_ST_PEND_UNPARK) + { + p->hci_handle = BTM_INVALID_HCI_HANDLE; + p->state = SCO_ST_UNUSED; + p->esco.p_esco_cback = NULL; /* Deregister the eSCO event callback */ + return (BTM_SUCCESS); + } + + tempstate = p->state; + p->state = SCO_ST_DISCONNECTING; + + if (!btsnd_hcic_disconnect (p->hci_handle, HCI_ERR_PEER_USER)) + { + p->state = tempstate; + return (BTM_NO_RESOURCES); + } + + return (BTM_CMD_STARTED); +#else + return (BTM_NO_RESOURCES); +#endif +} + +/******************************************************************************* +** +** Function btm_remove_sco_links +** +** Description This function is called to remove all sco links for an ACL link. +** +** Returns void +** +*******************************************************************************/ +void btm_remove_sco_links (BD_ADDR bda) +{ +#if (BTM_MAX_SCO_LINKS>0) + tSCO_CONN *p = &btm_cb.sco_cb.sco_db[0]; + UINT16 xx; + + for (xx = 0; xx < BTM_MAX_SCO_LINKS; xx++, p++) + { + if (p->rem_bd_known && (!memcmp (p->esco.data.bd_addr, bda, BD_ADDR_LEN))) + { + BTM_RemoveSco(xx); + } + } +#endif +} + +/******************************************************************************* +** +** Function btm_sco_removed +** +** Description This function is called by BTIF when an SCO connection +** is removed. +** +** Returns void +** +*******************************************************************************/ +void btm_sco_removed (UINT16 hci_handle, UINT8 reason) +{ +#if (BTM_MAX_SCO_LINKS>0) + tSCO_CONN *p = &btm_cb.sco_cb.sco_db[0]; + UINT16 xx; +#endif + + btm_cb.sco_cb.sco_disc_reason = reason; + +#if (BTM_MAX_SCO_LINKS>0) + p = &btm_cb.sco_cb.sco_db[0]; + for (xx = 0; xx < BTM_MAX_SCO_LINKS; xx++, p++) + { + if ((p->state != SCO_ST_UNUSED) && (p->state != SCO_ST_LISTENING) && (p->hci_handle == hci_handle)) + { + btm_sco_flush_sco_data(xx); + + p->state = SCO_ST_UNUSED; + p->hci_handle = BTM_INVALID_HCI_HANDLE; + p->rem_bd_known = FALSE; + p->esco.p_esco_cback = NULL; /* Deregister eSCO callback */ + (*p->p_disc_cb)(xx); + + return; + } + } +#endif +} + + +/******************************************************************************* +** +** Function btm_sco_acl_removed +** +** Description This function is called when an ACL connection is +** removed. If the BD address is NULL, it is assumed that +** the local device is down, and all SCO links are removed. +** If a specific BD address is passed, only SCO connections +** to that BD address are removed. +** +** Returns void +** +*******************************************************************************/ +void btm_sco_acl_removed (BD_ADDR bda) +{ +#if (BTM_MAX_SCO_LINKS>0) + tSCO_CONN *p = &btm_cb.sco_cb.sco_db[0]; + UINT16 xx; + + for (xx = 0; xx < BTM_MAX_SCO_LINKS; xx++, p++) + { + if (p->state != SCO_ST_UNUSED) + { + if ((!bda) || (!memcmp (p->esco.data.bd_addr, bda, BD_ADDR_LEN) && p->rem_bd_known)) + { + btm_sco_flush_sco_data(xx); + + p->state = SCO_ST_UNUSED; + p->esco.p_esco_cback = NULL; /* Deregister eSCO callback */ + (*p->p_disc_cb)(xx); + } + } + } +#endif +} + + +/******************************************************************************* +** +** Function BTM_SetScoPacketTypes +** +** Description This function is called to set the packet types used for +** a specific SCO connection, +** +** Parameters pkt_types - One or more of the following +** BTM_SCO_PKT_TYPES_MASK_HV1 +** BTM_SCO_PKT_TYPES_MASK_HV2 +** BTM_SCO_PKT_TYPES_MASK_HV3 +** BTM_SCO_PKT_TYPES_MASK_EV3 +** BTM_SCO_PKT_TYPES_MASK_EV4 +** BTM_SCO_PKT_TYPES_MASK_EV5 +** BTM_SCO_PKT_TYPES_MASK_NO_2_EV3 +** BTM_SCO_PKT_TYPES_MASK_NO_3_EV3 +** BTM_SCO_PKT_TYPES_MASK_NO_2_EV5 +** BTM_SCO_PKT_TYPES_MASK_NO_3_EV5 +** +** BTM_SCO_LINK_ALL_MASK - enables all supported types +** +** Returns status of the operation +** +*******************************************************************************/ +tBTM_STATUS BTM_SetScoPacketTypes (UINT16 sco_inx, UINT16 pkt_types) +{ +#if (BTM_MAX_SCO_LINKS>0) + tBTM_CHG_ESCO_PARAMS parms; + tSCO_CONN *p; + + /* Validity check */ + if (sco_inx >= BTM_MAX_SCO_LINKS) + return (BTM_UNKNOWN_ADDR); + + p = &btm_cb.sco_cb.sco_db[sco_inx]; + parms.packet_types = pkt_types; + + /* Keep the other parameters the same for SCO */ + parms.max_latency = p->esco.setup.max_latency; + parms.retrans_effort = p->esco.setup.retrans_effort; + + return (BTM_ChangeEScoLinkParms(sco_inx, &parms)); +#else + return (BTM_UNKNOWN_ADDR); +#endif +} + + +/******************************************************************************* +** +** Function BTM_ReadScoPacketTypes +** +** Description This function is read the packet types used for a specific +** SCO connection. +** +** Returns Packet types supported for the connection +** One or more of the following (bitmask): +** BTM_SCO_PKT_TYPES_MASK_HV1 +** BTM_SCO_PKT_TYPES_MASK_HV2 +** BTM_SCO_PKT_TYPES_MASK_HV3 +** BTM_SCO_PKT_TYPES_MASK_EV3 +** BTM_SCO_PKT_TYPES_MASK_EV4 +** BTM_SCO_PKT_TYPES_MASK_EV5 +** BTM_SCO_PKT_TYPES_MASK_NO_2_EV3 +** BTM_SCO_PKT_TYPES_MASK_NO_3_EV3 +** BTM_SCO_PKT_TYPES_MASK_NO_2_EV5 +** BTM_SCO_PKT_TYPES_MASK_NO_3_EV5 +** +*******************************************************************************/ +UINT16 BTM_ReadScoPacketTypes (UINT16 sco_inx) +{ +#if (BTM_MAX_SCO_LINKS>0) + tSCO_CONN *p = &btm_cb.sco_cb.sco_db[sco_inx]; + + /* Validity check */ + if ((sco_inx < BTM_MAX_SCO_LINKS) && (p->state == SCO_ST_CONNECTED)) + return (p->esco.setup.packet_types); + else + return (0); +#else + return (0); +#endif +} + +/******************************************************************************* +** +** Function BTM_ReadScoDiscReason +** +** Description This function is returns the reason why an (e)SCO connection +** has been removed. It contains the value until read, or until +** another (e)SCO connection has disconnected. +** +** Returns HCI reason or BTM_INVALID_SCO_DISC_REASON if not set. +** +*******************************************************************************/ +UINT16 BTM_ReadScoDiscReason (void) +{ + UINT16 res = btm_cb.sco_cb.sco_disc_reason; + btm_cb.sco_cb.sco_disc_reason = BTM_INVALID_SCO_DISC_REASON; + return (res); +} + +/******************************************************************************* +** +** Function BTM_ReadDeviceScoPacketTypes +** +** Description This function is read the SCO packet types that +** the device supports. +** +** Returns Packet types supported by the device. +** One or more of the following (bitmask): +** BTM_SCO_PKT_TYPES_MASK_HV1 +** BTM_SCO_PKT_TYPES_MASK_HV2 +** BTM_SCO_PKT_TYPES_MASK_HV3 +** BTM_SCO_PKT_TYPES_MASK_EV3 +** BTM_SCO_PKT_TYPES_MASK_EV4 +** BTM_SCO_PKT_TYPES_MASK_EV5 +** BTM_SCO_PKT_TYPES_MASK_NO_2_EV3 +** BTM_SCO_PKT_TYPES_MASK_NO_3_EV3 +** BTM_SCO_PKT_TYPES_MASK_NO_2_EV5 +** BTM_SCO_PKT_TYPES_MASK_NO_3_EV5 +** +*******************************************************************************/ +UINT16 BTM_ReadDeviceScoPacketTypes (void) +{ + return (btm_cb.btm_sco_pkt_types_supported); +} + +/******************************************************************************* +** +** Function BTM_ReadScoHandle +** +** Description This function is used to read the HCI handle used for a specific +** SCO connection, +** +** Returns handle for the connection, or 0xFFFF if invalid SCO index. +** +*******************************************************************************/ +UINT16 BTM_ReadScoHandle (UINT16 sco_inx) +{ +#if (BTM_MAX_SCO_LINKS>0) + tSCO_CONN *p = &btm_cb.sco_cb.sco_db[sco_inx]; + + /* Validity check */ + if ((sco_inx < BTM_MAX_SCO_LINKS) && (p->state == SCO_ST_CONNECTED)) + return (p->hci_handle); + else + return (BTM_INVALID_HCI_HANDLE); +#else + return (BTM_INVALID_HCI_HANDLE); +#endif +} + +/******************************************************************************* +** +** Function BTM_ReadScoBdAddr +** +** Description This function is read the remote BD Address for a specific +** SCO connection, +** +** Returns pointer to BD address or NULL if not known +** +*******************************************************************************/ +UINT8 *BTM_ReadScoBdAddr (UINT16 sco_inx) +{ +#if (BTM_MAX_SCO_LINKS>0) + tSCO_CONN *p = &btm_cb.sco_cb.sco_db[sco_inx]; + + /* Validity check */ + if ((sco_inx < BTM_MAX_SCO_LINKS) && (p->rem_bd_known)) + return (p->esco.data.bd_addr); + else + return (NULL); +#else + return (NULL); +#endif +} + +/******************************************************************************* +** +** Function BTM_SetEScoMode +** +** Description This function sets up the negotiated parameters for SCO or +** eSCO, and sets as the default mode used for outgoing calls to +** BTM_CreateSco. It does not change any currently active (e)SCO links. +** Note: Incoming (e)SCO connections will always use packet types +** supported by the controller. If eSCO is not desired the +** feature should be disabled in the controller's feature mask. +** +** Returns BTM_SUCCESS if the successful. +** BTM_BUSY if there are one or more active (e)SCO links. +** +*******************************************************************************/ +tBTM_STATUS BTM_SetEScoMode (tBTM_SCO_TYPE sco_mode, tBTM_ESCO_PARAMS *p_parms) +{ + tSCO_CB *p_esco = &btm_cb.sco_cb; + tBTM_ESCO_PARAMS *p_def = &p_esco->def_esco_parms; + + if (p_esco->esco_supported) + { + if (p_parms) + { + if (sco_mode == BTM_LINK_TYPE_ESCO) + *p_def = *p_parms; /* Save as the default parameters */ + else /* Load only the SCO packet types */ + { + p_def->packet_types = p_parms->packet_types; + p_def->tx_bw = BTM_64KBITS_RATE; + p_def->rx_bw = BTM_64KBITS_RATE; + p_def->max_latency = 0x000a; + p_def->voice_contfmt = 0x0060; + p_def->retrans_effort = 0; + + /* OR in any exception packet types if at least 2.0 version of spec */ + if (btm_cb.devcb.local_version.hci_version >= HCI_PROTO_VERSION_2_0) + { + p_def->packet_types |= BTM_SCO_EXCEPTION_PKTS_MASK; + } + } + } + p_esco->desired_sco_mode = sco_mode; + BTM_TRACE_API1("BTM_SetEScoMode -> mode %d", sco_mode); + } + else + { + p_esco->desired_sco_mode = BTM_LINK_TYPE_SCO; + p_def->packet_types &= BTM_SCO_LINK_ONLY_MASK; + p_def->retrans_effort = 0; + BTM_TRACE_API0("BTM_SetEScoMode -> mode SCO (eSCO not supported)"); + } + + BTM_TRACE_DEBUG6(" txbw 0x%08x, rxbw 0x%08x, max_lat 0x%04x, voice 0x%04x, pkt 0x%04x, rtx effort 0x%02x", + p_def->tx_bw, p_def->rx_bw, p_def->max_latency, + p_def->voice_contfmt, p_def->packet_types, + p_def->retrans_effort); + + return (BTM_SUCCESS); +} + + + +/******************************************************************************* +** +** Function BTM_RegForEScoEvts +** +** Description This function registers a SCO event callback with the +** specified instance. It should be used to received +** connection indication events and change of link parameter +** events. +** +** Returns BTM_SUCCESS if the successful. +** BTM_ILLEGAL_VALUE if there is an illegal sco_inx +** BTM_MODE_UNSUPPORTED if controller version is not BT1.2 or +** later or does not support eSCO. +** +*******************************************************************************/ +tBTM_STATUS BTM_RegForEScoEvts (UINT16 sco_inx, tBTM_ESCO_CBACK *p_esco_cback) +{ +#if (BTM_MAX_SCO_LINKS>0) + if (!btm_cb.sco_cb.esco_supported) + { + btm_cb.sco_cb.sco_db[sco_inx].esco.p_esco_cback = NULL; + return (BTM_MODE_UNSUPPORTED); + } + + if (sco_inx < BTM_MAX_SCO_LINKS && + btm_cb.sco_cb.sco_db[sco_inx].state != SCO_ST_UNUSED) + { + btm_cb.sco_cb.sco_db[sco_inx].esco.p_esco_cback = p_esco_cback; + return (BTM_SUCCESS); + } + return (BTM_ILLEGAL_VALUE); +#else + return (BTM_MODE_UNSUPPORTED); +#endif +} + +/******************************************************************************* +** +** Function BTM_ReadEScoLinkParms +** +** Description This function returns the current eSCO link parameters for +** the specified handle. This can be called anytime a connection +** is active, but is typically called after receiving the SCO +** opened callback. +** +** Note: If called over a 1.1 controller, only the packet types +** field has meaning. +** +** Returns BTM_SUCCESS if returned data is valid connection. +** BTM_WRONG_MODE if no connection with a peer device or bad sco_inx. +** +*******************************************************************************/ +tBTM_STATUS BTM_ReadEScoLinkParms (UINT16 sco_inx, tBTM_ESCO_DATA *p_parms) +{ +#if (BTM_MAX_SCO_LINKS>0) + BTM_TRACE_API1("BTM_ReadEScoLinkParms -> sco_inx 0x%04x", sco_inx); + + if (sco_inx < BTM_MAX_SCO_LINKS && + btm_cb.sco_cb.sco_db[sco_inx].state >= SCO_ST_CONNECTED) + { + *p_parms = btm_cb.sco_cb.sco_db[sco_inx].esco.data; + return (BTM_SUCCESS); + } +#endif + + memset(p_parms, 0, sizeof(tBTM_ESCO_DATA)); + return (BTM_WRONG_MODE); +} + +/******************************************************************************* +** +** Function BTM_ChangeEScoLinkParms +** +** Description This function requests renegotiation of the parameters on +** the current eSCO Link. If any of the changes are accepted +** by the controllers, the BTM_ESCO_CHG_EVT event is sent in +** the tBTM_ESCO_CBACK function with the current settings of +** the link. The callback is registered through the call to +** BTM_SetEScoMode. +** +** Note: If called over a SCO link (including 1.1 controller), +** a change packet type request is sent out instead. +** +** Returns BTM_CMD_STARTED if command is successfully initiated. +** BTM_NO_RESOURCES - not enough resources to initiate command. +** BTM_WRONG_MODE if no connection with a peer device or bad sco_inx. +** +*******************************************************************************/ +tBTM_STATUS BTM_ChangeEScoLinkParms (UINT16 sco_inx, tBTM_CHG_ESCO_PARAMS *p_parms) +{ +#if (BTM_MAX_SCO_LINKS>0) + tBTM_ESCO_PARAMS *p_setup; + tSCO_CONN *p_sco; + UINT16 temp_pkt_types; + + /* Make sure sco handle is valid and on an active link */ + if (sco_inx >= BTM_MAX_SCO_LINKS || + btm_cb.sco_cb.sco_db[sco_inx].state != SCO_ST_CONNECTED) + return (BTM_WRONG_MODE); + + p_sco = &btm_cb.sco_cb.sco_db[sco_inx]; + p_setup = &p_sco->esco.setup; + + /* If SCO connection OR eSCO not supported just send change packet types */ + if (p_sco->esco.data.link_type == BTM_LINK_TYPE_SCO || + !btm_cb.sco_cb.esco_supported) + { + p_setup->packet_types = p_parms->packet_types & + (btm_cb.btm_sco_pkt_types_supported & BTM_SCO_LINK_ONLY_MASK); + + + BTM_TRACE_API2("BTM_ChangeEScoLinkParms -> SCO Link for handle 0x%04x, pkt 0x%04x", + p_sco->hci_handle, p_setup->packet_types); + + if (!btsnd_hcic_change_conn_type (p_sco->hci_handle, + BTM_ESCO_2_SCO(p_setup->packet_types))) + return (BTM_NO_RESOURCES); + } + else + { + temp_pkt_types = (p_parms->packet_types & BTM_SCO_SUPPORTED_PKTS_MASK & + btm_cb.btm_sco_pkt_types_supported); + + /* OR in any exception packet types if at least 2.0 version of spec */ + if (btm_cb.devcb.local_version.hci_version >= HCI_PROTO_VERSION_2_0) + { + temp_pkt_types |= ((p_parms->packet_types & BTM_SCO_EXCEPTION_PKTS_MASK) | + (btm_cb.btm_sco_pkt_types_supported & BTM_SCO_EXCEPTION_PKTS_MASK)); + } + + BTM_TRACE_API1("BTM_ChangeEScoLinkParms -> eSCO Link for handle 0x%04x", p_sco->hci_handle); + BTM_TRACE_API6(" txbw 0x%x, rxbw 0x%x, lat 0x%x, voice 0x%x, retrans 0x%02x, pkt 0x%04x", + p_setup->tx_bw, p_setup->rx_bw, p_parms->max_latency, + p_setup->voice_contfmt, p_parms->retrans_effort, temp_pkt_types); + + /* When changing an existing link, only change latency, retrans, and pkts */ + if (!btsnd_hcic_setup_esco_conn(p_sco->hci_handle, p_setup->tx_bw, + p_setup->rx_bw, p_parms->max_latency, + p_setup->voice_contfmt, + p_parms->retrans_effort, + temp_pkt_types)) + return (BTM_NO_RESOURCES); + else + p_parms->packet_types = temp_pkt_types; + } + + return (BTM_CMD_STARTED); +#else + return (BTM_WRONG_MODE); +#endif +} + +/******************************************************************************* +** +** Function BTM_EScoConnRsp +** +** Description This function is called upon receipt of an (e)SCO connection +** request event (BTM_ESCO_CONN_REQ_EVT) to accept or reject +** the request. Parameters used to negotiate eSCO links. +** If p_parms is NULL, then values set through BTM_SetEScoMode +** are used. +** If the link type of the incoming request is SCO, then only +** the tx_bw, max_latency, content format, and packet_types are +** valid. The hci_status parameter should be +** ([0x0] to accept, [0x0d..0x0f] to reject) +** +** +** Returns void +** +*******************************************************************************/ +void BTM_EScoConnRsp (UINT16 sco_inx, UINT8 hci_status, tBTM_ESCO_PARAMS *p_parms) +{ +#if (BTM_MAX_SCO_LINKS>0) + if (sco_inx < BTM_MAX_SCO_LINKS && + btm_cb.sco_cb.sco_db[sco_inx].state == SCO_ST_W4_CONN_RSP) + { + btm_esco_conn_rsp(sco_inx, hci_status, + btm_cb.sco_cb.sco_db[sco_inx].esco.data.bd_addr, + p_parms); + } +#endif +} + +/******************************************************************************* +** +** Function btm_read_def_esco_mode +** +** Description This function copies the current default esco settings into +** the return buffer. +** +** Returns tBTM_SCO_TYPE +** +*******************************************************************************/ +tBTM_SCO_TYPE btm_read_def_esco_mode (tBTM_ESCO_PARAMS *p_parms) +{ +#if (BTM_MAX_SCO_LINKS>0) + *p_parms = btm_cb.sco_cb.def_esco_parms; + return btm_cb.sco_cb.desired_sco_mode; +#else + return BTM_LINK_TYPE_SCO; +#endif +} + +/******************************************************************************* +** +** Function btm_esco_proc_conn_chg +** +** Description This function is called by BTIF when an SCO connection +** is changed. +** +** Returns void +** +*******************************************************************************/ +void btm_esco_proc_conn_chg (UINT8 status, UINT16 handle, UINT8 tx_interval, + UINT8 retrans_window, UINT16 rx_pkt_len, + UINT16 tx_pkt_len) +{ +#if (BTM_MAX_SCO_LINKS>0) + tSCO_CONN *p = &btm_cb.sco_cb.sco_db[0]; + tBTM_CHG_ESCO_EVT_DATA data; + UINT16 xx; + + BTM_TRACE_EVENT2("btm_esco_proc_conn_chg -> handle 0x%04x, status 0x%02x", + handle, status); + + for (xx = 0; xx < BTM_MAX_SCO_LINKS; xx++, p++) + { + if (p->state == SCO_ST_CONNECTED && handle == p->hci_handle) + { + /* If upper layer wants notification */ + if (p->esco.p_esco_cback) + { + memcpy(data.bd_addr, p->esco.data.bd_addr, BD_ADDR_LEN); + data.hci_status = status; + data.sco_inx = xx; + data.rx_pkt_len = p->esco.data.rx_pkt_len = rx_pkt_len; + data.tx_pkt_len = p->esco.data.tx_pkt_len = tx_pkt_len; + data.tx_interval = p->esco.data.tx_interval = tx_interval; + data.retrans_window = p->esco.data.retrans_window = retrans_window; + + (*p->esco.p_esco_cback)(BTM_ESCO_CHG_EVT, + (tBTM_ESCO_EVT_DATA *)&data); + } + return; + } + } +#endif +} + +/******************************************************************************* +** +** Function btm_is_sco_active +** +** Description This function is called to see if a SCO handle is already in +** use. +** +** Returns BOOLEAN +** +*******************************************************************************/ +BOOLEAN btm_is_sco_active (UINT16 handle) +{ +#if (BTM_MAX_SCO_LINKS>0) + UINT16 xx; + tSCO_CONN *p = &btm_cb.sco_cb.sco_db[0]; + + for (xx = 0; xx < BTM_MAX_SCO_LINKS; xx++, p++) + { + if (handle == p->hci_handle && p->state == SCO_ST_CONNECTED) + return (TRUE); + } +#endif + return (FALSE); +} + +/******************************************************************************* +** +** Function BTM_GetNumScoLinks +** +** Description This function returns the number of active sco links. +** +** Returns UINT8 +** +*******************************************************************************/ +UINT8 BTM_GetNumScoLinks (void) +{ +#if (BTM_MAX_SCO_LINKS>0) + tSCO_CONN *p = &btm_cb.sco_cb.sco_db[0]; + UINT16 xx; + UINT8 num_scos = 0; + + for (xx = 0; xx < BTM_MAX_SCO_LINKS; xx++, p++) + { + switch (p->state) + { + case SCO_ST_W4_CONN_RSP: + case SCO_ST_CONNECTING: + case SCO_ST_CONNECTED: + case SCO_ST_DISCONNECTING: + case SCO_ST_PEND_UNPARK: + num_scos++; + } + } + return (num_scos); +#else + return (0); +#endif +} + + +/******************************************************************************* +** +** Function btm_is_sco_active_by_bdaddr +** +** Description This function is called to see if a SCO active to a bd address. +** +** Returns BOOLEAN +** +*******************************************************************************/ +BOOLEAN btm_is_sco_active_by_bdaddr (BD_ADDR remote_bda) +{ +#if (BTM_MAX_SCO_LINKS>0) + UINT8 xx; + tSCO_CONN *p = &btm_cb.sco_cb.sco_db[0]; + + /* If any SCO is being established to the remote BD address, refuse this */ + for (xx = 0; xx < BTM_MAX_SCO_LINKS; xx++, p++) + { + if ((!memcmp (p->esco.data.bd_addr, remote_bda, BD_ADDR_LEN)) && (p->state == SCO_ST_CONNECTED)) + { + return (TRUE); + } + } +#endif + return (FALSE); +} +#else /* SCO_EXCLUDED == TRUE (Link in stubs) */ + +tBTM_STATUS BTM_CreateSco (BD_ADDR remote_bda, BOOLEAN is_orig, + UINT16 pkt_types, UINT16 *p_sco_inx, + tBTM_SCO_CB *p_conn_cb, + tBTM_SCO_CB *p_disc_cb) {return (BTM_NO_RESOURCES);} +tBTM_STATUS BTM_RemoveSco (UINT16 sco_inx) {return (BTM_NO_RESOURCES);} +tBTM_STATUS BTM_SetScoPacketTypes (UINT16 sco_inx, UINT16 pkt_types) {return (BTM_NO_RESOURCES);} +UINT16 BTM_ReadScoPacketTypes (UINT16 sco_inx) {return (0);} +UINT16 BTM_ReadDeviceScoPacketTypes (void) {return (0);} +UINT16 BTM_ReadScoHandle (UINT16 sco_inx) {return (BTM_INVALID_HCI_HANDLE);} +UINT8 *BTM_ReadScoBdAddr(UINT16 sco_inx) {return((UINT8 *) NULL);} +UINT16 BTM_ReadScoDiscReason (void) {return (BTM_INVALID_SCO_DISC_REASON);} +tBTM_STATUS BTM_SetEScoMode (tBTM_SCO_TYPE sco_mode, tBTM_ESCO_PARAMS *p_parms) {return (BTM_MODE_UNSUPPORTED);} +tBTM_STATUS BTM_RegForEScoEvts (UINT16 sco_inx, tBTM_ESCO_CBACK *p_esco_cback) { return (BTM_ILLEGAL_VALUE);} +tBTM_STATUS BTM_ReadEScoLinkParms (UINT16 sco_inx, tBTM_ESCO_DATA *p_parms) { return (BTM_MODE_UNSUPPORTED);} +tBTM_STATUS BTM_ChangeEScoLinkParms (UINT16 sco_inx, tBTM_CHG_ESCO_PARAMS *p_parms) { return (BTM_MODE_UNSUPPORTED);} +void BTM_EScoConnRsp (UINT16 sco_inx, UINT8 hci_status, tBTM_ESCO_PARAMS *p_parms) {} +UINT8 BTM_GetNumScoLinks (void) {return (0);} + +#endif /* If SCO is being used */ diff --git a/stack/btm/btm_sec.c b/stack/btm/btm_sec.c new file mode 100644 index 0000000..7ccf7a0 --- /dev/null +++ b/stack/btm/btm_sec.c @@ -0,0 +1,5612 @@ +/***************************************************************************** +** * +** Name: btm_sec.c * +** * +** Description: This file contains functions for the Bluetooth Security * +** Manager * +** * +** Copyright (c) 1999-2011, Broadcom Corp., All Rights Reserved. * +** Broadcom Bluetooth Core. Proprietary and confidential. * +******************************************************************************/ + +#include <string.h> +#include "bt_types.h" +#include "hcimsgs.h" +#include "btu.h" +#include "btm_int.h" +#include "l2c_int.h" + +#if (BT_USE_TRACES == TRUE && BT_TRACE_VERBOSE == FALSE) +/* needed for sprintf() */ +#include <stdio.h> +#endif + +#if BLE_INCLUDED == TRUE + #include "gatt_int.h" +#endif + +#define BTM_SEC_MAX_COLLISION_DELAY (GKI_SECS_TO_TICKS(5)) + +#ifdef APPL_AUTH_WRITE_EXCEPTION +BOOLEAN (APPL_AUTH_WRITE_EXCEPTION)(BD_ADDR bd_addr); +#endif + +/********************************************************************************/ +/* L O C A L F U N C T I O N P R O T O T Y P E S */ +/********************************************************************************/ +static tBTM_SEC_SERV_REC *btm_sec_find_first_serv (BOOLEAN is_originator, UINT16 psm); +static tBTM_SEC_SERV_REC *btm_sec_find_next_serv (tBTM_SEC_SERV_REC *p_cur); +static tBTM_SEC_SERV_REC *btm_sec_find_mx_serv (UINT8 is_originator, UINT16 psm, + UINT32 mx_proto_id, + UINT32 mx_chan_id); + +static tBTM_STATUS btm_sec_execute_procedure (tBTM_SEC_DEV_REC *p_dev_rec); +static BOOLEAN btm_sec_start_get_name (tBTM_SEC_DEV_REC *p_dev_rec); +static BOOLEAN btm_sec_start_authentication (tBTM_SEC_DEV_REC *p_dev_rec); +static BOOLEAN btm_sec_start_encryption (tBTM_SEC_DEV_REC *p_dev_rec); +static void btm_sec_collision_timeout (TIMER_LIST_ENT *p_tle); +static void btm_restore_mode(void); +static void btm_sec_pairing_timeout (TIMER_LIST_ENT *p_tle); +static tBTM_STATUS btm_sec_dd_create_conn (tBTM_SEC_DEV_REC *p_dev_rec); +static void btm_sec_change_pairing_state (tBTM_PAIRING_STATE new_state); + +#if (BT_USE_TRACES == TRUE) +static char *btm_pair_state_descr (tBTM_PAIRING_STATE state); +#endif + +static void btm_sec_check_pending_reqs(void); +static BOOLEAN btm_sec_queue_mx_request (BD_ADDR bd_addr, UINT16 psm, BOOLEAN is_orig, + UINT32 mx_proto_id, UINT32 mx_chan_id, + tBTM_SEC_CALLBACK *p_callback, void *p_ref_data); +static void btm_sec_bond_cancel_complete (void); +static void btm_send_link_key_notif (tBTM_SEC_DEV_REC *p_dev_rec); +static BOOLEAN btm_sec_check_prefetch_pin (tBTM_SEC_DEV_REC *p_dev_rec); + +static UINT8 btm_sec_start_authorization (tBTM_SEC_DEV_REC *p_dev_rec); +BOOLEAN btm_sec_are_all_trusted(UINT32 p_mask[]); + +static tBTM_STATUS btm_sec_send_hci_disconnect (tBTM_SEC_DEV_REC *p_dev_rec, UINT8 reason); +tBTM_SEC_DEV_REC *btm_sec_find_dev_by_sec_state (UINT8 state); + +static BOOLEAN btm_sec_set_security_level ( CONNECTION_TYPE conn_type, char *p_name, UINT8 service_id, + UINT16 sec_level, UINT16 psm, UINT32 mx_proto_id, + UINT32 mx_chan_id); + +/* TRUE - authenticated link key is possible */ +static const BOOLEAN btm_sec_io_map [BTM_IO_CAP_MAX][BTM_IO_CAP_MAX] = +{ + /* OUT, IO, IN, NONE */ +/* OUT */ {FALSE, FALSE, TRUE, FALSE}, +/* IO */ {FALSE, TRUE, TRUE, FALSE}, +/* IN */ {TRUE, TRUE, TRUE, FALSE}, +/* NONE */ {FALSE, FALSE, FALSE, FALSE} +}; +/* BTM_IO_CAP_OUT 0 DisplayOnly */ +/* BTM_IO_CAP_IO 1 DisplayYesNo */ +/* BTM_IO_CAP_IN 2 KeyboardOnly */ +/* BTM_IO_CAP_NONE 3 NoInputNoOutput */ + +/******************************************************************************* +** +** Function BTM_SecRegister +** +** Description Application manager calls this function to register for +** security services. There can be one and only one application +** saving link keys. BTM allows only first registration. +** +** Returns TRUE if registered OK, else FALSE +** +*******************************************************************************/ +BOOLEAN BTM_SecRegister (tBTM_APPL_INFO *p_cb_info) +{ +#if BLE_INCLUDED == TRUE + BT_OCTET16 temp_value = {0}; +#endif + + BTM_TRACE_EVENT0 ("BTM_Sec: application registered"); + +#if BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE + BTM_TRACE_ERROR1 ("BTM_SecRegister:p_cb_info->p_le_callback == 0x%x ", p_cb_info->p_le_callback); + + if (p_cb_info->p_le_callback) + { +#if SMP_INCLUDED == TRUE + BTM_TRACE_EVENT0 ("BTM_Sec: SMP_Register( btm_proc_smp_cback )"); + SMP_Register(btm_proc_smp_cback); +#endif + /* if no IR is loaded, need to regenerate all the keys */ + if (memcmp(btm_cb.devcb.id_keys.ir, &temp_value, sizeof(BT_OCTET16)) == 0) + { + btm_ble_reset_id(); + } + } + else + { + BTM_TRACE_ERROR0 ("BTM_SecRegister:p_cb_info->p_le_callback == NULL "); + } +#endif + + + + btm_cb.api = *p_cb_info; +#if BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE + BTM_TRACE_ERROR1 ("BTM_SecRegister: btm_cb.api.p_le_callback = 0x%x ", btm_cb.api.p_le_callback); +#endif + BTM_TRACE_EVENT0 ("BTM_Sec: application registered"); + return(TRUE); +} + + +/******************************************************************************* +** +** Function BTM_SecRegisterLinkKeyNotificationCallback +** +** Description Application manager calls this function to register for +** link key notification. When there is nobody registered +** we should avoid changing link key +** +** Returns TRUE if registered OK, else FALSE +** +*******************************************************************************/ +BOOLEAN BTM_SecRegisterLinkKeyNotificationCallback (tBTM_LINK_KEY_CALLBACK *p_callback) +{ + btm_cb.api.p_link_key_callback = p_callback; + return(TRUE); +} + + +/******************************************************************************* +** +** Function BTM_SecAddRmtNameNotifyCallback +** +** Description Any profile can register to be notified when name of the +** remote device is resolved. +** +** Returns TRUE if registered OK, else FALSE +** +*******************************************************************************/ +BOOLEAN BTM_SecAddRmtNameNotifyCallback (tBTM_RMT_NAME_CALLBACK *p_callback) +{ + int i; + + for (i = 0; i < BTM_SEC_MAX_RMT_NAME_CALLBACKS; i++) + { + if (btm_cb.p_rmt_name_callback[i] == NULL) + { + btm_cb.p_rmt_name_callback[i] = p_callback; + return(TRUE); + } + } + + return(FALSE); +} + + +/******************************************************************************* +** +** Function BTM_SecDeleteRmtNameNotifyCallback +** +** Description Any profile can deregister notification when a new Link Key +** is generated per connection. +** +** Returns TRUE if OK, else FALSE +** +*******************************************************************************/ +BOOLEAN BTM_SecDeleteRmtNameNotifyCallback (tBTM_RMT_NAME_CALLBACK *p_callback) +{ + int i; + + for (i = 0; i < BTM_SEC_MAX_RMT_NAME_CALLBACKS; i++) + { + if (btm_cb.p_rmt_name_callback[i] == p_callback) + { + btm_cb.p_rmt_name_callback[i] = NULL; + return(TRUE); + } + } + + return(FALSE); +} + + +/******************************************************************************* +** +** Function BTM_SecSetConnectFilterCallback +** +** Description Host can register to be asked whenever a HCI connection +** request is received. In the registered function host +** suppose to check connectibility filters. Yes/No result +** should be returned syncronously +** +** Returns void +** +*******************************************************************************/ +void BTM_SecSetConnectFilterCallback (tBTM_FILTER_CB *p_callback) +{ + btm_cb.p_conn_filter_cb = p_callback; +} + +/******************************************************************************* +** +** Function BTM_GetSecurityMode +** +** Description Get security mode for the device +** +** Returns void +** +*******************************************************************************/ +UINT8 BTM_GetSecurityMode (void) +{ + return(btm_cb.security_mode); +} + +/******************************************************************************* +** +** Function BTM_GetSecurityFlags +** +** Description Get security flags for the device +** +** Returns BOOLEAN TRUE or FALSE is device found +** +*******************************************************************************/ +BOOLEAN BTM_GetSecurityFlags (BD_ADDR bd_addr, UINT8 * p_sec_flags) +{ + tBTM_SEC_DEV_REC *p_dev_rec; + + if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL) + { + *p_sec_flags = p_dev_rec->sec_flags; + return(TRUE); + } + BTM_TRACE_ERROR0 ("BTM_GetSecurityFlags false"); + return(FALSE); +} + +/******************************************************************************* +** +** Function BTM_SetSecurityMode +** +** Description Set security mode for the device +** +** Returns void +** +*******************************************************************************/ +void BTM_SetSecurityMode (UINT8 security_mode) +{ + UINT8 old_mode = btm_cb.security_mode; + + UINT8 sp_mode = HCI_SPD_MODE_ENABLED; + UINT8 sp_debug_mode = HCI_SPD_MODE_DISABLED; + + switch (security_mode) + { +#if (BTM_PRE_LISBON_INCLUDED == TRUE) + case BTM_SEC_MODE_NONE: + case BTM_SEC_MODE_SERVICE: + case BTM_SEC_MODE_LINK: + break; +#endif + + case BTM_SEC_MODE_SP_DEBUG: + sp_debug_mode = HCI_SPD_MODE_ENABLED; + break; + case BTM_SEC_MODE_SP: + /* the default is enabled */ + break; + default: + BTM_TRACE_ERROR1 ("BTM_SetSecurityMode: unknown mode:%d", security_mode); + return; + } + btm_cb.security_mode = security_mode; + + if (HCI_SIMPLE_PAIRING_SUPPORTED(btm_cb.devcb.local_features)) + { + /* Lisbon devices and only use BTM_SEC_MODE_SP */ + btm_cb.security_mode = BTM_SEC_MODE_SP; + BTM_TRACE_DEBUG2("BTM_SetSecurityMode: SP:%d, debug:%d", sp_mode, sp_debug_mode); + btsnd_hcic_write_simple_pairing_mode(sp_mode); + btsnd_hcic_write_simp_pair_debug_mode(sp_debug_mode); + return; + } + + /* must be a pre-Lisbon device */ +#if (BTM_PRE_LISBON_INCLUDED == TRUE) + /* If previously security mode was Link Level and now lesser notify */ + /* controller not to perform authentication, encryption on startup */ + if ((old_mode == BTM_SEC_MODE_LINK) + && ( security_mode != BTM_SEC_MODE_LINK)) + { + BTM_TRACE_DEBUG0("BTM_SetSecurityMode: Authen Enable -> FALSE"); + btsnd_hcic_write_auth_enable (FALSE); + btsnd_hcic_write_encr_mode (HCI_ENCRYPT_MODE_DISABLED); + } + + /* If previously security is increased to Link Level notify */ + /* controller to perform authentication, encryption on startup */ + if ((old_mode != BTM_SEC_MODE_LINK) + && ( security_mode == BTM_SEC_MODE_LINK)) + { + BTM_TRACE_DEBUG0("BTM_SetSecurityMode: Authen Enable -> TRUE"); + btsnd_hcic_write_auth_enable (TRUE); + btsnd_hcic_write_encr_mode (HCI_ENCRYPT_MODE_POINT_TO_POINT); + } +#endif /* BTM_PRE_LISBON_INCLUDED == TRUE */ +} + +/******************************************************************************* +** +** Function BTM_SetPinType +** +** Description Set PIN type for the device. +** +** Returns void +** +*******************************************************************************/ +void BTM_SetPinType (UINT8 pin_type, PIN_CODE pin_code, UINT8 pin_code_len) +{ + BTM_TRACE_API3 ("BTM_SetPinType: pin type %d [variable-0, fixed-1], code %s, length %d", + pin_type, (char *) pin_code, pin_code_len); + + /* If device is not up security mode will be set as a part of startup */ + if ( (btm_cb.cfg.pin_type != pin_type) + && (btm_cb.devcb.state > BTM_DEV_STATE_WAIT_AFTER_RESET) ) + { + btsnd_hcic_write_pin_type (pin_type); + } + + btm_cb.cfg.pin_type = pin_type; + btm_cb.cfg.pin_code_len = pin_code_len; + memcpy (btm_cb.cfg.pin_code, pin_code, pin_code_len); +} + +/******************************************************************************* +** +** Function BTM_SetPairableMode +** +** Description Enable or disable pairing +** +** Parameters allow_pairing - (TRUE or FALSE) whether or not the device +** allows pairing. +** connect_only_paired - (TRUE or FALSE) whether or not to +** only allow paired devices to connect. +** +** Returns void +** +*******************************************************************************/ +void BTM_SetPairableMode (BOOLEAN allow_pairing, BOOLEAN connect_only_paired) +{ + BTM_TRACE_API2 ("BTM_SetPairableMode() allow_pairing: %u connect_only_paired: %u", allow_pairing, connect_only_paired); + + btm_cb.pairing_disabled = !allow_pairing; + btm_cb.connect_only_paired = connect_only_paired; +} + + +#define BTM_NO_AVAIL_SEC_SERVICES ((UINT16) 0xffff) + +/******************************************************************************* +** +** Function BTM_SetUCDSecurityLevel +** +** Description Register UCD service security level with Security Manager +** +** Parameters: is_originator - TRUE if originating the connection, FALSE if not +** p_name - Name of the service relevant only if +** authorization will show this name to user. ignored +** if BTM_SEC_SERVICE_NAME_LEN is 0. +** service_id - service ID for the service passed to authorization callback +** sec_level - bit mask of the security features +** psm - L2CAP PSM +** mx_proto_id - protocol ID of multiplexing proto below +** mx_chan_id - channel ID of multiplexing proto below +** +** Returns TRUE if registered OK, else FALSE +** +*******************************************************************************/ +BOOLEAN BTM_SetUCDSecurityLevel (BOOLEAN is_originator, char *p_name, UINT8 service_id, + UINT16 sec_level, UINT16 psm, UINT32 mx_proto_id, + UINT32 mx_chan_id) +{ +#if (L2CAP_UCD_INCLUDED == TRUE) + CONNECTION_TYPE conn_type; + + if (is_originator) + conn_type = CONNLESS_ORIG; + else + conn_type = CONNLESS_TERM; + + return(btm_sec_set_security_level (conn_type, p_name, service_id, + sec_level, psm, mx_proto_id, mx_chan_id)); +#else + return FALSE; +#endif +} + +/******************************************************************************* +** +** Function BTM_SetSecurityLevel +** +** Description Register service security level with Security Manager +** +** Parameters: is_originator - TRUE if originating the connection, FALSE if not +** p_name - Name of the service relevant only if +** authorization will show this name to user. ignored +** if BTM_SEC_SERVICE_NAME_LEN is 0. +** service_id - service ID for the service passed to authorization callback +** sec_level - bit mask of the security features +** psm - L2CAP PSM +** mx_proto_id - protocol ID of multiplexing proto below +** mx_chan_id - channel ID of multiplexing proto below +** +** Returns TRUE if registered OK, else FALSE +** +*******************************************************************************/ +BOOLEAN BTM_SetSecurityLevel (BOOLEAN is_originator, char *p_name, UINT8 service_id, + UINT16 sec_level, UINT16 psm, UINT32 mx_proto_id, + UINT32 mx_chan_id) +{ +#if (L2CAP_UCD_INCLUDED == TRUE) + CONNECTION_TYPE conn_type; + + if (is_originator) + conn_type = CONN_ORIENT_ORIG; + else + conn_type = CONN_ORIENT_TERM; + + return(btm_sec_set_security_level (conn_type, p_name, service_id, + sec_level, psm, mx_proto_id, mx_chan_id)); +#else + return(btm_sec_set_security_level (is_originator, p_name, service_id, + sec_level, psm, mx_proto_id, mx_chan_id)); +#endif +} + +/******************************************************************************* +** +** Function btm_sec_set_security_level +** +** Description Register service security level with Security Manager +** +** Parameters: conn_type - TRUE if originating the connection, FALSE if not +** p_name - Name of the service relevant only if +** authorization will show this name to user. ignored +** if BTM_SEC_SERVICE_NAME_LEN is 0. +** service_id - service ID for the service passed to authorization callback +** sec_level - bit mask of the security features +** psm - L2CAP PSM +** mx_proto_id - protocol ID of multiplexing proto below +** mx_chan_id - channel ID of multiplexing proto below +** +** Returns TRUE if registered OK, else FALSE +** +*******************************************************************************/ +static BOOLEAN btm_sec_set_security_level (CONNECTION_TYPE conn_type, char *p_name, UINT8 service_id, + UINT16 sec_level, UINT16 psm, UINT32 mx_proto_id, + UINT32 mx_chan_id) +{ + tBTM_SEC_SERV_REC *p_srec; + UINT16 index; + UINT16 first_unused_record = BTM_NO_AVAIL_SEC_SERVICES; + BOOLEAN record_allocated = FALSE; + BOOLEAN is_originator; +#if (L2CAP_UCD_INCLUDED == TRUE) + BOOLEAN is_ucd; + + if (conn_type & CONNECTION_TYPE_ORIG_MASK) + is_originator = TRUE; + else + is_originator = FALSE; + + if (conn_type & CONNECTION_TYPE_CONNLESS_MASK ) + { + is_ucd = TRUE; + } + else + { + is_ucd = FALSE; + } +#else + is_originator = conn_type; +#endif + + /* See if the record can be reused (same service name, psm, mx_proto_id, + service_id, and mx_chan_id), or obtain the next unused record */ + + p_srec = &btm_cb.sec_serv_rec[0]; + + + for (index = 0; index < BTM_SEC_MAX_SERVICE_RECORDS; index++, p_srec++) + { + /* Check if there is already a record for this service */ + if (p_srec->security_flags & BTM_SEC_IN_USE) + { +#if BTM_SEC_SERVICE_NAME_LEN > 0 + if (p_srec->psm == psm && + p_srec->mx_proto_id == mx_proto_id && + service_id == p_srec->service_id && + (!strncmp (p_name, (char *) p_srec->orig_service_name, + BTM_SEC_SERVICE_NAME_LEN) || + !strncmp (p_name, (char *) p_srec->term_service_name, + BTM_SEC_SERVICE_NAME_LEN))) +#else + if (p_srec->psm == psm && + p_srec->mx_proto_id == mx_proto_id && + service_id == p_srec->service_id) +#endif + { + record_allocated = TRUE; + break; + } + } + /* Mark the first available service record */ + else if (!record_allocated) + { + memset (p_srec, 0, sizeof(tBTM_SEC_SERV_REC)); + record_allocated = TRUE; + first_unused_record = index; + } + } + + if (!record_allocated) + { + BTM_TRACE_WARNING1("BTM_SEC_REG: Out of Service Records (%d)", BTM_SEC_MAX_SERVICE_RECORDS); + return(record_allocated); + } + + /* Process the request if service record is valid */ + /* If a duplicate service wasn't found, use the first available */ + if (index >= BTM_SEC_MAX_SERVICE_RECORDS) + { + index = first_unused_record; + p_srec = &btm_cb.sec_serv_rec[index]; + } + + p_srec->psm = psm; + p_srec->service_id = service_id; + p_srec->mx_proto_id = mx_proto_id; + + if (is_originator) + { + p_srec->orig_mx_chan_id = mx_chan_id; +#if BTM_SEC_SERVICE_NAME_LEN > 0 + BCM_STRNCPY_S ((char *)p_srec->orig_service_name, sizeof(p_srec->orig_service_name), p_name, BTM_SEC_SERVICE_NAME_LEN); +#endif + /* clear out the old setting, just in case it exists */ +#if (L2CAP_UCD_INCLUDED == TRUE) + if ( is_ucd ) + { + p_srec->ucd_security_flags &= + ~(BTM_SEC_OUT_AUTHORIZE | BTM_SEC_OUT_ENCRYPT | BTM_SEC_OUT_AUTHENTICATE | BTM_SEC_OUT_MITM | + BTM_SEC_FORCE_MASTER | BTM_SEC_ATTEMPT_MASTER | BTM_SEC_FORCE_SLAVE | BTM_SEC_ATTEMPT_SLAVE); + } + else +#endif + { + p_srec->security_flags &= + ~(BTM_SEC_OUT_AUTHORIZE | BTM_SEC_OUT_ENCRYPT | BTM_SEC_OUT_AUTHENTICATE | BTM_SEC_OUT_MITM | + BTM_SEC_FORCE_MASTER | BTM_SEC_ATTEMPT_MASTER | BTM_SEC_FORCE_SLAVE | BTM_SEC_ATTEMPT_SLAVE); + } + + /* Parameter validation. Originator should not set requirements for incoming connections */ + sec_level &= ~(BTM_SEC_IN_AUTHORIZE | BTM_SEC_IN_ENCRYPT | BTM_SEC_IN_AUTHENTICATE | BTM_SEC_IN_MITM); + + if (btm_cb.security_mode == BTM_SEC_MODE_SP) + { + if (sec_level & BTM_SEC_OUT_AUTHENTICATE) + sec_level |= BTM_SEC_OUT_MITM; + } + + /* Make sure the authenticate bit is set, when encrypt bit is set */ + if (sec_level & BTM_SEC_OUT_ENCRYPT) + sec_level |= BTM_SEC_OUT_AUTHENTICATE; + + /* outgoing connections usually set the security level right before + * the connection is initiated. + * set it to be the outgoing service */ +#if (L2CAP_UCD_INCLUDED == TRUE) + if ( is_ucd == FALSE ) +#endif + { + btm_cb.p_out_serv = p_srec; + } + } + else + { + p_srec->term_mx_chan_id = mx_chan_id; +#if BTM_SEC_SERVICE_NAME_LEN > 0 + BCM_STRNCPY_S ((char *)p_srec->term_service_name, sizeof(p_srec->term_service_name), p_name, BTM_SEC_SERVICE_NAME_LEN); +#endif + /* clear out the old setting, just in case it exists */ +#if (L2CAP_UCD_INCLUDED == TRUE) + if ( is_ucd ) + { + p_srec->ucd_security_flags &= + ~(BTM_SEC_IN_AUTHORIZE | BTM_SEC_IN_ENCRYPT | BTM_SEC_IN_AUTHENTICATE | BTM_SEC_IN_MITM | + BTM_SEC_FORCE_MASTER | BTM_SEC_ATTEMPT_MASTER | BTM_SEC_FORCE_SLAVE | BTM_SEC_ATTEMPT_SLAVE); + } + else +#endif + { + p_srec->security_flags &= + ~(BTM_SEC_IN_AUTHORIZE | BTM_SEC_IN_ENCRYPT | BTM_SEC_IN_AUTHENTICATE | BTM_SEC_IN_MITM | + BTM_SEC_FORCE_MASTER | BTM_SEC_ATTEMPT_MASTER | BTM_SEC_FORCE_SLAVE | BTM_SEC_ATTEMPT_SLAVE); + } + + /* Parameter validation. Acceptor should not set requirements for outgoing connections */ + sec_level &= ~(BTM_SEC_OUT_AUTHORIZE | BTM_SEC_OUT_ENCRYPT | BTM_SEC_OUT_AUTHENTICATE | BTM_SEC_OUT_MITM); + + if (btm_cb.security_mode == BTM_SEC_MODE_SP) + { + if (sec_level & BTM_SEC_IN_AUTHENTICATE) + sec_level |= BTM_SEC_IN_MITM; + } + + /* Make sure the authenticate bit is set, when encrypt bit is set */ + if (sec_level & BTM_SEC_IN_ENCRYPT) + sec_level |= BTM_SEC_IN_AUTHENTICATE; + } + +#if (L2CAP_UCD_INCLUDED == TRUE) + if ( is_ucd ) + { + p_srec->security_flags |= (UINT16)(BTM_SEC_IN_USE); + p_srec->ucd_security_flags |= (UINT16)(sec_level | BTM_SEC_IN_USE); + } + else + { + p_srec->security_flags |= (UINT16)(sec_level | BTM_SEC_IN_USE); + } + + BTM_TRACE_API6("BTM_SEC_REG[%d]: id %d, conn_type 0x%x, psm 0x%04x, proto_id %d, chan_id %d", + index, service_id, conn_type, psm, mx_proto_id, mx_chan_id); + + BTM_TRACE_API2(" : security_flags: 0x%04x, ucd_security_flags: 0x%04x", + p_srec->security_flags, p_srec->ucd_security_flags); + +#if BTM_SEC_SERVICE_NAME_LEN > 0 + BTM_TRACE_API2(" : service name [%s] (up to %d chars saved)", + p_name, BTM_SEC_SERVICE_NAME_LEN); +#endif +#else + p_srec->security_flags |= (UINT16)(sec_level | BTM_SEC_IN_USE); + + BTM_TRACE_API6("BTM_SEC_REG[%d]: id %d, is_orig %d, psm 0x%04x, proto_id %d, chan_id %d", + index, service_id, is_originator, psm, mx_proto_id, mx_chan_id); + +#if BTM_SEC_SERVICE_NAME_LEN > 0 + BTM_TRACE_API3(" : sec: 0x%x, service name [%s] (up to %d chars saved)", + p_srec->security_flags, p_name, BTM_SEC_SERVICE_NAME_LEN); +#endif +#endif + + + return(record_allocated); +} + +/******************************************************************************* +** +** Function BTM_SecClrService +** +** Description Removes specified service record(s) from the security database. +** All service records with the specified name are removed. +** Typically used only by devices with limited RAM so that it can +** reuse an old security service record. +** +** Note: Unpredictable results may occur if a service is cleared +** that is still in use by an application/profile. +** +** Parameters Service ID - Id of the service to remove. ('0' removes all service +** records (except SDP). +** +** Returns Number of records that were freed. +** +*******************************************************************************/ +UINT8 BTM_SecClrService (UINT8 service_id) +{ + tBTM_SEC_SERV_REC *p_srec = &btm_cb.sec_serv_rec[0]; + UINT8 num_freed = 0; + int i; + + for (i = 0; i < BTM_SEC_MAX_SERVICE_RECORDS; i++, p_srec++) + { + /* Delete services with specified name (if in use and not SDP) */ + if ((p_srec->security_flags & BTM_SEC_IN_USE) && (p_srec->psm != BT_PSM_SDP) && + (!service_id || (service_id == p_srec->service_id))) + { + BTM_TRACE_API2("BTM_SEC_CLR[%d]: id %d", i, service_id); + p_srec->security_flags = 0; +#if (L2CAP_UCD_INCLUDED == TRUE) + p_srec->ucd_security_flags = 0; +#endif + num_freed++; + } + } + + return(num_freed); +} + +/******************************************************************************* +** +** Function btm_sec_clr_service_by_psm +** +** Description Removes specified service record from the security database. +** All service records with the specified psm are removed. +** Typically used by L2CAP to free up the service record used +** by dynamic PSM clients when the channel is closed. +** The given psm must be a virtual psm. +** +** Parameters Service ID - Id of the service to remove. ('0' removes all service +** records (except SDP). +** +** Returns Number of records that were freed. +** +*******************************************************************************/ +UINT8 btm_sec_clr_service_by_psm (UINT16 psm) +{ + tBTM_SEC_SERV_REC *p_srec = &btm_cb.sec_serv_rec[0]; + UINT8 num_freed = 0; + int i; + + for (i = 0; i < BTM_SEC_MAX_SERVICE_RECORDS; i++, p_srec++) + { + /* Delete services with specified name (if in use and not SDP) */ + if ((p_srec->security_flags & BTM_SEC_IN_USE) && (p_srec->psm == psm) ) + { + BTM_TRACE_API2("BTM_SEC_CLR[%d]: id %d ", i, p_srec->service_id); + p_srec->security_flags = 0; + num_freed++; + } + } + BTM_TRACE_API2("btm_sec_clr_service_by_psm psm:0x%x num_freed:%d", psm, num_freed); + + return(num_freed); +} + +/******************************************************************************* +** +** Function BTM_SecClrUCDService +** +** Description +** +** Parameters Service ID - Id of the service to remove. +** ('0' removes all service records ) +** +** Returns Number of records that were cleared. +** +*******************************************************************************/ +UINT8 BTM_SecClrUCDService (UINT8 service_id) +{ +#if (L2CAP_UCD_INCLUDED == TRUE) + tBTM_SEC_SERV_REC *p_srec = &btm_cb.sec_serv_rec[0]; + UINT8 num_cleared = 0; + int i; + + for (i = 0; i < BTM_SEC_MAX_SERVICE_RECORDS; i++, p_srec++) + { + /* Delete services with specified name (if in use and not SDP) */ + if ((p_srec->security_flags & BTM_SEC_IN_USE) && + (!service_id || (service_id == (UINT32)p_srec->service_id))) + { + BTM_TRACE_API2("BTM_UCD_SEC_CLR[%d]: id %d", i, service_id); + p_srec->ucd_security_flags = 0; + num_cleared++; + } + } + + return(num_cleared); +#else + return(0); +#endif +} + +/******************************************************************************* +** +** Function BTM_PINCodeReply +** +** Description This function is called after Security Manager submitted +** PIN code request to the UI. +** +** Parameters: bd_addr - Address of the device for which PIN was requested +** res - result of the operation BTM_SUCCESS if success +** pin_len - length in bytes of the PIN Code +** p_pin - pointer to array with the PIN Code +** trusted_mask - bitwise OR of trusted services (array of UINT32) +** +*******************************************************************************/ +void BTM_PINCodeReply (BD_ADDR bd_addr, UINT8 res, UINT8 pin_len, UINT8 *p_pin, UINT32 trusted_mask[]) +{ + tBTM_SEC_DEV_REC *p_dev_rec; + + BTM_TRACE_API4 ("BTM_PINCodeReply(): PairState: %s PairFlags: 0x%02x PinLen:%d Result:%d", + btm_pair_state_descr(btm_cb.pairing_state), btm_cb.pairing_flags, pin_len, res); + + /* If timeout already expired or has been canceled, ignore the reply */ + if (btm_cb.pairing_state != BTM_PAIR_STATE_WAIT_LOCAL_PIN) + { + BTM_TRACE_WARNING1 ("BTM_PINCodeReply() - Wrong State: %d", btm_cb.pairing_state); + return; + } + + if (memcmp (bd_addr, btm_cb.pairing_bda, BD_ADDR_LEN) != 0) + { + BTM_TRACE_ERROR0 ("BTM_PINCodeReply() - Wrong BD Addr"); + return; + } + + if ((p_dev_rec = btm_find_dev (bd_addr)) == NULL) + { + BTM_TRACE_ERROR0 ("BTM_PINCodeReply() - no dev CB"); + return; + } + + if ( (pin_len > PIN_CODE_LEN) || (pin_len == 0) || (p_pin == NULL) ) + res = BTM_ILLEGAL_VALUE; + + if (res != BTM_SUCCESS) + { + if (btm_cb.pairing_flags & BTM_PAIR_FLAGS_PEER_STARTED_DD) + { + /* use BTM_PAIR_STATE_WAIT_AUTH_COMPLETE to report authentication failed event */ + btm_sec_change_pairing_state (BTM_PAIR_STATE_WAIT_AUTH_COMPLETE); + btm_cb.acl_disc_reason = HCI_ERR_HOST_REJECT_SECURITY; + + btsnd_hcic_pin_code_neg_reply (bd_addr); + } + else + { + p_dev_rec->security_required = BTM_SEC_NONE; + btm_sec_change_pairing_state (BTM_PAIR_STATE_IDLE); + } + return; + } + if (trusted_mask) + BTM_SEC_COPY_TRUSTED_DEVICE(trusted_mask, p_dev_rec->trusted_mask); + p_dev_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED; + + if ( (btm_cb.pairing_flags & BTM_PAIR_FLAGS_WE_STARTED_DD) + && (p_dev_rec->hci_handle == BTM_SEC_INVALID_HANDLE) + && (btm_cb.security_mode_changed == FALSE) ) + { + /* This is start of the dedicated bonding if local device is 2.0 */ + btm_cb.pin_code_len = pin_len; + memcpy (btm_cb.pin_code, p_pin, pin_len); + + btm_cb.security_mode_changed = TRUE; +#ifdef APPL_AUTH_WRITE_EXCEPTION + if(!(APPL_AUTH_WRITE_EXCEPTION)(p_dev_rec->bd_addr)) +#endif + btsnd_hcic_write_auth_enable (TRUE); + + btm_cb.acl_disc_reason = 0xff ; + + /* if we rejected incoming connection request, we have to wait HCI_Connection_Complete event */ + /* before originating */ + if (btm_cb.pairing_flags & BTM_PAIR_FLAGS_REJECTED_CONNECT) + { + BTM_TRACE_WARNING0 ("BTM_PINCodeReply(): waiting HCI_Connection_Complete after rejected incoming connection"); + /* we change state little bit early so btm_sec_connected() will originate connection */ + /* when existing ACL link is down completely */ + btm_sec_change_pairing_state (BTM_PAIR_STATE_WAIT_PIN_REQ); + } + /* if we already accepted incoming connection from pairing device */ + else if (p_dev_rec->sm4 & BTM_SM4_CONN_PEND) + { + BTM_TRACE_WARNING0 ("BTM_PINCodeReply(): link is connecting so wait pin code request from peer"); + btm_sec_change_pairing_state (BTM_PAIR_STATE_WAIT_PIN_REQ); + } + else if (btm_sec_dd_create_conn(p_dev_rec) != BTM_CMD_STARTED) + { + btm_sec_change_pairing_state (BTM_PAIR_STATE_IDLE); + p_dev_rec->sec_flags &= ~BTM_SEC_LINK_KEY_AUTHED; + + (*btm_cb.api.p_auth_complete_callback) (p_dev_rec->bd_addr, p_dev_rec->dev_class, + p_dev_rec->sec_bd_name, HCI_ERR_AUTH_FAILURE); + } + return; + } + + btm_sec_change_pairing_state (BTM_PAIR_STATE_WAIT_AUTH_COMPLETE); + btm_cb.acl_disc_reason = HCI_SUCCESS; + +#ifdef PORCHE_PAIRING_CONFLICT + BTM_TRACE_EVENT2("BTM_PINCodeReply(): Saving pin_len: %d btm_cb.pin_code_len: %d", pin_len, btm_cb.pin_code_len); + /* if this was not pre-fetched, save the PIN */ + if (btm_cb.pin_code_len == 0) + memcpy (btm_cb.pin_code, p_pin, pin_len); + btm_cb.pin_code_len_saved = pin_len; +#endif + btsnd_hcic_pin_code_req_reply (bd_addr, pin_len, p_pin); +} + + +/******************************************************************************* +** +** Function BTM_DeviceAuthorized +** +** Description This function is called after Security Manager submitted +** authorization request to the UI. +** +** Parameters: bd_addr - Address of the device for which PIN was requested +** res - result of the operation BTM_SUCCESS if success +** +*******************************************************************************/ +void BTM_DeviceAuthorized (BD_ADDR bd_addr, UINT8 res, UINT32 trusted_mask[]) +{ + tBTM_SEC_DEV_REC *p_dev_rec; + + if ((p_dev_rec = btm_find_dev (bd_addr)) == NULL) + { + BTM_TRACE_WARNING6 ("Security Manager: Attempting Authorization of Unknown Device Address [%02x%02x%02x%02x%02x%02x]", + bd_addr[0], bd_addr[1], bd_addr[2], bd_addr[3], bd_addr[4], bd_addr[5]); + return; + } + + BTM_TRACE_EVENT4 ("Security Manager: authorized status:%d State:%d Trusted:%08x %08x", + res, (p_dev_rec) ? p_dev_rec->sec_state : 0, trusted_mask[0], trusted_mask[1]); + + if (res == BTM_SUCCESS) + { + p_dev_rec->sec_flags |= BTM_SEC_AUTHORIZED; + if (trusted_mask) + BTM_SEC_COPY_TRUSTED_DEVICE(trusted_mask, p_dev_rec->trusted_mask); + } + + if (p_dev_rec->sec_state != BTM_SEC_STATE_AUTHORIZING) + return; + + p_dev_rec->sec_state = BTM_SEC_STATE_IDLE; + + if (res != BTM_SUCCESS) + { + btm_sec_dev_rec_cback_event (p_dev_rec, res); + return; + } + + if ((res = (UINT8)btm_sec_execute_procedure (p_dev_rec)) != BTM_CMD_STARTED) + { + btm_sec_dev_rec_cback_event (p_dev_rec, res); + } +} + + + +/******************************************************************************* +** +** Function BTM_SecBond +** +** Description This function is called to perform bonding with peer device. +** If the connection is already up, but not secure, pairing +** is attempted. If already paired BTM_SUCCESS is returned. +** +** Parameters: bd_addr - Address of the device to bond +** pin_len - length in bytes of the PIN Code +** p_pin - pointer to array with the PIN Code +** trusted_mask - bitwise OR of trusted services (array of UINT32) +** +** Note: After 2.1 parameters are not used and preserved here not to change API +*******************************************************************************/ +tBTM_STATUS BTM_SecBond (BD_ADDR bd_addr, UINT8 pin_len, UINT8 *p_pin, UINT32 trusted_mask[]) +{ + tBTM_SEC_DEV_REC *p_dev_rec; + tBTM_STATUS status; +#if SMP_INCLUDED == TRUE + tACL_CONN *p=NULL; + BOOLEAN is_le_slave_role=FALSE; +#endif + BTM_TRACE_API6 ("BTM_SecBond BDA: %02x:%02x:%02x:%02x:%02x:%02x", + bd_addr[0], bd_addr[1], bd_addr[2], bd_addr[3], bd_addr[4], bd_addr[5]); + + /* Other security process is in progress */ + if (btm_cb.pairing_state != BTM_PAIR_STATE_IDLE) + { + BTM_TRACE_ERROR1 ("BTM_SecBond: already busy in state: %s", btm_pair_state_descr(btm_cb.pairing_state)); + return(BTM_WRONG_MODE); + } + + + p_dev_rec = btm_find_or_alloc_dev (bd_addr); + BTM_TRACE_DEBUG1 ("before update sec_flags=0x%x", p_dev_rec->sec_flags); + + +#if SMP_INCLUDED == TRUE + p = btm_bda_to_acl(bd_addr); + if (p && p->is_le_link ) + { + if (p_dev_rec->sec_state == BTM_SEC_STATE_AUTHENTICATING) + { + BTM_TRACE_ERROR1 ("BTM_SecBond: LE already busy in state: %x", p_dev_rec->sec_state ); + return(BTM_WRONG_MODE); + } + + if (p->link_role == BTM_ROLE_SLAVE) + { + is_le_slave_role = TRUE; + BTM_TRACE_DEBUG0 ("LE Link Slave" ); + } + else + { + BTM_TRACE_DEBUG0 ("LE Link Maste" ); + } + } + else + { + BTM_TRACE_DEBUG0 ("No LE Link" ); + } + + if (!is_le_slave_role) + { + /* Finished if connection is active and already paired */ + if ( (p_dev_rec->hci_handle != BTM_SEC_INVALID_HANDLE) + && (p_dev_rec->sec_flags & BTM_SEC_AUTHENTICATED) ) + { + BTM_TRACE_WARNING0("BTM_SecBond -> Already Paired"); + return(BTM_SUCCESS); + } + } +#else + /* Finished if connection is active and already paired */ + if ( (p_dev_rec->hci_handle != BTM_SEC_INVALID_HANDLE) + && (p_dev_rec->sec_flags & BTM_SEC_AUTHENTICATED) ) + { + BTM_TRACE_WARNING0("BTM_SecBond -> Already Paired"); + return(BTM_SUCCESS); + } +#endif + + /* Tell controller to get rid of the link key if it has one stored */ + if ((BTM_DeleteStoredLinkKey (bd_addr, NULL)) != BTM_SUCCESS) + return(BTM_NO_RESOURCES); + + /* Save the PIN code if we got a valid one */ + if (p_pin && (pin_len <= PIN_CODE_LEN) && (pin_len != 0)) + { + btm_cb.pin_code_len = pin_len; + memcpy (btm_cb.pin_code, p_pin, PIN_CODE_LEN); + } + + memcpy (btm_cb.pairing_bda, bd_addr, BD_ADDR_LEN); + + btm_cb.pairing_flags = BTM_PAIR_FLAGS_WE_STARTED_DD; + + p_dev_rec->security_required = BTM_SEC_OUT_AUTHENTICATE; + p_dev_rec->is_originator = TRUE; + if (trusted_mask) + BTM_SEC_COPY_TRUSTED_DEVICE(trusted_mask, p_dev_rec->trusted_mask); + + + +#if SMP_INCLUDED == TRUE + + if (!is_le_slave_role) + { + p_dev_rec->sec_flags &= ~(BTM_SEC_LINK_KEY_KNOWN | BTM_SEC_AUTHENTICATED | BTM_SEC_ENCRYPTED + | BTM_SEC_ROLE_SWITCHED | BTM_SEC_LINK_KEY_AUTHED); + + } + + /* LE device, do SMP pairing */ + if (p_dev_rec->device_type == BT_DEVICE_TYPE_BLE) + { + if (SMP_Pair(p_dev_rec->bd_addr) == SMP_STARTED) + { + p_dev_rec->sec_state = BTM_SEC_STATE_AUTHENTICATING; + return BTM_CMD_STARTED; + } + else + return(BTM_NO_RESOURCES); + } +#else + p_dev_rec->sec_flags &= ~(BTM_SEC_LINK_KEY_KNOWN | BTM_SEC_AUTHENTICATED | BTM_SEC_ENCRYPTED + | BTM_SEC_ROLE_SWITCHED | BTM_SEC_LINK_KEY_AUTHED); +#endif + + BTM_TRACE_DEBUG1 ("after update sec_flags=0x%x", p_dev_rec->sec_flags); + if (!HCI_SIMPLE_PAIRING_SUPPORTED(btm_cb.devcb.local_features)) + { + /* The special case when we authenticate keyboard. Set pin type to fixed */ + /* It would be probably better to do it from the application, but it is */ + /* complicated */ + if (((p_dev_rec->dev_class[1] & BTM_COD_MAJOR_CLASS_MASK) == BTM_COD_MAJOR_PERIPHERAL) + && (p_dev_rec->dev_class[2] & BTM_COD_MINOR_KEYBOARD) + && (btm_cb.cfg.pin_type != HCI_PIN_TYPE_FIXED)) + { + btm_cb.pin_type_changed = TRUE; + btsnd_hcic_write_pin_type (HCI_PIN_TYPE_FIXED); + } + } + + BTM_TRACE_EVENT1("BTM_SecBond: Local device supports SSP=%d", HCI_SIMPLE_PAIRING_SUPPORTED(btm_cb.devcb.local_features)); + + BTM_TRACE_EVENT4(" remote_features=%02x-%02x-%02x-%02x", + p_dev_rec->features[0], p_dev_rec->features[1], p_dev_rec->features[2], p_dev_rec->features[3]); + BTM_TRACE_EVENT4(" %02x-%02x-%02x-%02x", + p_dev_rec->features[4], p_dev_rec->features[5], p_dev_rec->features[6], p_dev_rec->features[7]); + + BTM_TRACE_EVENT2 ("BTM_SecBond: Remote sm4: 0x%x HCI Handle: 0x%04x", p_dev_rec->sm4, p_dev_rec->hci_handle); + +#if BTM_SEC_FORCE_RNR_FOR_DBOND == TRUE + p_dev_rec->sec_flags &= ~BTM_SEC_NAME_KNOWN; +#endif + + /* If connection already exists... */ + if (p_dev_rec->hci_handle != BTM_SEC_INVALID_HANDLE) + { + if (!btm_sec_start_authentication (p_dev_rec)) + return(BTM_NO_RESOURCES); + + btm_sec_change_pairing_state (BTM_PAIR_STATE_WAIT_PIN_REQ); + + /* Mark lcb as bonding */ + l2cu_update_lcb_4_bonding (bd_addr, TRUE); + return(BTM_CMD_STARTED); + } + + BTM_TRACE_DEBUG2 ("sec mode: %d sm4:x%x", btm_cb.security_mode, p_dev_rec->sm4); + if (!HCI_SIMPLE_PAIRING_SUPPORTED(btm_cb.devcb.local_features) + || (p_dev_rec->sm4 == BTM_SM4_KNOWN)) + { + if ( btm_sec_check_prefetch_pin (p_dev_rec) ) + return(BTM_CMD_STARTED); + } + if (BTM_SEC_MODE_SP == btm_cb.security_mode && BTM_SEC_IS_SM4_UNKNOWN(p_dev_rec->sm4)) + { + /* local is 2.1 and peer is unknown */ + if ((p_dev_rec->sm4 & BTM_SM4_CONN_PEND) == 0) + { + /* we are not accepting connection request from peer + * -> RNR (to learn if peer is 2.1) + * RNR when no ACL causes HCI_RMT_HOST_SUP_FEAT_NOTIFY_EVT */ + btm_sec_change_pairing_state (BTM_PAIR_STATE_GET_REM_NAME); + BTM_ReadRemoteDeviceName(bd_addr, NULL); + } + else + { + /* We are accepting connection request from peer */ + btm_sec_change_pairing_state (BTM_PAIR_STATE_WAIT_PIN_REQ); + } + BTM_TRACE_DEBUG3 ("State:%s sm4: 0x%x sec_state:%d", btm_pair_state_descr (btm_cb.pairing_state), p_dev_rec->sm4, p_dev_rec->sec_state); + return BTM_CMD_STARTED; + } + + /* both local and peer are 2.1 */ + status = btm_sec_dd_create_conn(p_dev_rec); + + if (status != BTM_CMD_STARTED) + { + btm_sec_change_pairing_state (BTM_PAIR_STATE_IDLE); + } + + return status; +} + + +/******************************************************************************* +** +** Function BTM_SecBondCancel +** +** Description This function is called to cancel ongoing bonding process +** with peer device. +** +** Parameters: bd_addr - Address of the peer device +** +*******************************************************************************/ +tBTM_STATUS BTM_SecBondCancel (BD_ADDR bd_addr) +{ + tBTM_SEC_DEV_REC *p_dev_rec; +#if SMP_INCLUDED == TRUE + tACL_CONN *p=NULL; +#endif + + BTM_TRACE_API2 ("BTM_SecBondCancel() State: %s flags:0x%x", + btm_pair_state_descr (btm_cb.pairing_state), btm_cb.pairing_flags); + + if (((p_dev_rec = btm_find_dev (bd_addr)) == NULL) + || (memcmp (btm_cb.pairing_bda, bd_addr, BD_ADDR_LEN) != 0) ) + return BTM_UNKNOWN_ADDR; + +#if SMP_INCLUDED == TRUE + p = btm_bda_to_acl(bd_addr); + if (p && p->is_le_link && + (p_dev_rec->sec_state == BTM_SEC_STATE_AUTHENTICATING)) + { + BTM_TRACE_DEBUG0 ("Cancel LE pairing"); + if (SMP_PairCancel(bd_addr)) + { + return BTM_CMD_STARTED; + } + else + { + return BTM_WRONG_MODE; + } + } + +#endif + BTM_TRACE_DEBUG2 ("hci_handle:0x%x sec_state:%d", p_dev_rec->hci_handle, p_dev_rec->sec_state ); + if (BTM_PAIR_STATE_WAIT_LOCAL_PIN == btm_cb.pairing_state && + BTM_PAIR_FLAGS_WE_STARTED_DD & btm_cb.pairing_flags) + { + /* pre-fetching pin for dedicated bonding */ + btm_sec_bond_cancel_complete(); + return BTM_SUCCESS; + } + + /* If this BDA is in a bonding procedure */ + if ( (btm_cb.pairing_state != BTM_PAIR_STATE_IDLE) + && (btm_cb.pairing_flags & BTM_PAIR_FLAGS_WE_STARTED_DD)) + { + /* If the HCI link is up */ + if (p_dev_rec->hci_handle != BTM_SEC_INVALID_HANDLE) + { + /* If some other thread disconnecting, we do not send second command */ + if (p_dev_rec->sec_state == BTM_SEC_STATE_DISCONNECTING) + return(BTM_CMD_STARTED); + + /* If the HCI link was set up by Bonding process */ + if (btm_cb.pairing_flags & BTM_PAIR_FLAGS_DISC_WHEN_DONE) + return btm_sec_send_hci_disconnect(p_dev_rec, HCI_ERR_PEER_USER); + else + l2cu_update_lcb_4_bonding(bd_addr, FALSE); + + return BTM_NOT_AUTHORIZED; + } + else /*HCI link is not up */ + { + /* If the HCI link creation was started by Bonding process */ + if (btm_cb.pairing_flags & BTM_PAIR_FLAGS_DISC_WHEN_DONE) + { + if (btsnd_hcic_create_conn_cancel(bd_addr)) + return BTM_CMD_STARTED; + + return BTM_NO_RESOURCES; + } + + return BTM_NOT_AUTHORIZED; + } + } + + return BTM_WRONG_MODE; +} + +/******************************************************************************* +** +** Function BTM_SecUseMasterLinkKey +** +** Description This function is called to tell master of the piconet to +** switch to master link key +** +** Parameters: use_master_key - If true Master Link Key shoul be used +** +*******************************************************************************/ +tBTM_STATUS BTM_SecUseMasterLinkKey (BOOLEAN use_master_key) +{ + return(btsnd_hcic_master_link_key (use_master_key) ? BTM_SUCCESS : + BTM_NO_RESOURCES); +} + +/******************************************************************************* +** +** Function BTM_SetMasterKeyCompCback +** +** Description This function is called to register for the master key complete +** status event. +** +** Parameters: mkey_cback - callback registered with the security manager +** +*******************************************************************************/ +void BTM_SetMasterKeyCompCback( tBTM_MKEY_CALLBACK *mkey_cback ) +{ + btm_cb.mkey_cback = mkey_cback; +} + +/******************************************************************************* +** +** Function BTM_SecGetDeviceLinkKey +** +** Description This function is called to obtain link key for the device +** it returns BTM_SUCCESS if link key is available, or +** BTM_UNKNOWN_ADDR if Security Manager does not know about +** the device or device record does not contain link key info +** +** Parameters: bd_addr - Address of the device +** link_key - Link Key is copied into this array +** +*******************************************************************************/ +tBTM_STATUS BTM_SecGetDeviceLinkKey (BD_ADDR bd_addr, LINK_KEY link_key) +{ + tBTM_SEC_DEV_REC *p_dev_rec; + + if (((p_dev_rec = btm_find_dev (bd_addr)) != NULL) + && (p_dev_rec->sec_flags & BTM_SEC_LINK_KEY_KNOWN)) + { + memcpy (link_key, p_dev_rec->link_key, LINK_KEY_LEN); + return(BTM_SUCCESS); + } + return(BTM_UNKNOWN_ADDR); +} + + +/******************************************************************************* +** +** Function BTM_SetEncryption +** +** Description This function is called to ensure that connection is +** encrypted. Should be called only on an open connection. +** Typically only needed for connections that first want to +** bring up unencrypted links, then later encrypt them. +** +** Parameters: bd_addr - Address of the peer device +** p_callback - Pointer to callback function called if +** this function returns PENDING after required +** procedures are completed. Can be set to NULL +** if status is not desired. +** p_ref_data - pointer to any data the caller wishes to receive +** in the callback function upon completion. +* can be set to NULL if not used. +** +** Returns BTM_SUCCESS - already encrypted +** BTM_PENDING - command will be returned in the callback +** BTM_WRONG_MODE- connection not up. +** BTM_BUSY - security procedures are currently active +** BTM_MODE_UNSUPPORTED - if security manager not linked in. +** +*******************************************************************************/ +tBTM_STATUS BTM_SetEncryption (BD_ADDR bd_addr, tBTM_SEC_CBACK *p_callback, + void *p_ref_data) +{ + tBTM_SEC_DEV_REC *p_dev_rec; + tBTM_STATUS rc; + +#if BLE_INCLUDED == TRUE + tACL_CONN *p; + p = btm_bda_to_acl(bd_addr); +#endif + + p_dev_rec = btm_find_dev (bd_addr); + if (!p_dev_rec || (p_dev_rec->hci_handle == BTM_SEC_INVALID_HANDLE)) + { + /* Connection should be up and runnning */ + BTM_TRACE_WARNING0 ("Security Manager: BTM_SetEncryption not connected"); + + if (p_callback) + (*p_callback) (bd_addr, p_ref_data, BTM_WRONG_MODE); + + return(BTM_WRONG_MODE); + } + + + if ( +#if BLE_INCLUDED == TRUE + !p->is_le_link && +#endif + (p_dev_rec->sec_flags & (BTM_SEC_AUTHENTICATED | BTM_SEC_ENCRYPTED)) + == (BTM_SEC_AUTHENTICATED | BTM_SEC_ENCRYPTED)) + { + BTM_TRACE_EVENT0 ("Security Manager: BTM_SetEncryption already encrypted"); + + if (p_callback) + (*p_callback) (bd_addr, p_ref_data, BTM_SUCCESS); + + return(BTM_SUCCESS); + } + + if (p_dev_rec->p_callback) + { + /* Connection should be up and runnning */ + BTM_TRACE_WARNING0 ("Security Manager: BTM_SetEncryption busy"); + + if (p_callback) + (*p_callback) (bd_addr, p_ref_data, BTM_BUSY); + + return(BTM_BUSY); + } + + p_dev_rec->p_callback = p_callback; + p_dev_rec->p_ref_data = p_ref_data; + p_dev_rec->security_required |= (BTM_SEC_IN_AUTHENTICATE | BTM_SEC_IN_ENCRYPT); + p_dev_rec->is_originator = FALSE; + + BTM_TRACE_API4 ("Security Manager: BTM_SetEncryption Handle:%d State:%d Flags:0x%x Required:0x%x", + p_dev_rec->hci_handle, p_dev_rec->sec_state, p_dev_rec->sec_flags, + p_dev_rec->security_required); +#if BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE + if (p->is_le_link) + { + rc = btm_ble_set_encryption(bd_addr, p_ref_data, p->link_role); + } + else +#endif + + rc = btm_sec_execute_procedure (p_dev_rec); + + if ( rc != BTM_CMD_STARTED) + { + if (p_callback) + { + p_dev_rec->p_callback = NULL; + (*p_callback) (bd_addr, p_dev_rec->p_ref_data, rc); + } + } + return(rc); +} + +/******************************************************************************* + * disconnect the ACL link, if it's not done yet. +*******************************************************************************/ +static tBTM_STATUS btm_sec_send_hci_disconnect (tBTM_SEC_DEV_REC *p_dev_rec, UINT8 reason) +{ + UINT8 old_state = p_dev_rec->sec_state; + + BTM_TRACE_EVENT2 ("btm_sec_send_hci_disconnect: handle:0x%x, reason=0x%x", + p_dev_rec->hci_handle, reason); + + /* if some other thread disconnecting, we do not send second command */ + if (BTM_SEC_STATE_DISCONNECTING != old_state) + { + p_dev_rec->sec_state = BTM_SEC_STATE_DISCONNECTING; + +#if BTM_DISC_DURING_RS == TRUE + /* If a Role Switch is in progress, delay the HCI Disconnect to avoid controller problem (4329B1) */ + if (p_dev_rec->rs_disc_pending == BTM_SEC_RS_PENDING) + { + BTM_TRACE_ERROR0("RS in progress - Set DISC Pending flag in btm_sec_send_hci_disconnect to delay disconnect"); + p_dev_rec->rs_disc_pending = BTM_SEC_DISC_PENDING; + return BTM_SUCCESS; + } +#endif + /* Tear down the HCI link */ + if (!btsnd_hcic_disconnect (p_dev_rec->hci_handle, reason)) + { + /* could not send disconnect. restore old state */ + p_dev_rec->sec_state = old_state; + return(BTM_NO_RESOURCES); + } + } + return(BTM_CMD_STARTED); +} + +/******************************************************************************* +** +** Function BTM_ConfirmReqReply +** +** Description This function is called to confirm the numeric value for +** Simple Pairing in response to BTM_SP_CFM_REQ_EVT +** +** Parameters: res - result of the operation BTM_SUCCESS if success +** bd_addr - Address of the peer device +** +*******************************************************************************/ +void BTM_ConfirmReqReply(tBTM_STATUS res, BD_ADDR bd_addr) +{ + tBTM_SEC_DEV_REC *p_dev_rec; + + BTM_TRACE_EVENT2 ("BTM_ConfirmReqReply() State: %s Res: %u", + btm_pair_state_descr(btm_cb.pairing_state), res); + + /* If timeout already expired or has been canceled, ignore the reply */ + if ( (btm_cb.pairing_state != BTM_PAIR_STATE_WAIT_NUMERIC_CONFIRM) + || (memcmp (btm_cb.pairing_bda, bd_addr, BD_ADDR_LEN) != 0) ) + return; + + btm_sec_change_pairing_state (BTM_PAIR_STATE_WAIT_AUTH_COMPLETE); + + if ( (res == BTM_SUCCESS) || (res == BTM_SUCCESS_NO_SECURITY) ) + { + btm_cb.acl_disc_reason = HCI_SUCCESS; + + if (res == BTM_SUCCESS) + { + if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL) + p_dev_rec->sec_flags |= BTM_SEC_LINK_KEY_AUTHED; + } + + btsnd_hcic_user_conf_reply (bd_addr, TRUE); + } + else + { + /* Report authentication failed event from state BTM_PAIR_STATE_WAIT_AUTH_COMPLETE */ + btm_cb.acl_disc_reason = HCI_ERR_HOST_REJECT_SECURITY; + btsnd_hcic_user_conf_reply (bd_addr, FALSE); + } +} + +/******************************************************************************* +** +** Function BTM_PasskeyReqReply +** +** Description This function is called to provide the passkey for +** Simple Pairing in response to BTM_SP_KEY_REQ_EVT +** +** Parameters: res - result of the operation BTM_SUCCESS if success +** bd_addr - Address of the peer device +** passkey - numeric value in the range of +** BTM_MIN_PASSKEY_VAL(0) - BTM_MAX_PASSKEY_VAL(999999(0xF423F)). +** +*******************************************************************************/ +#if (BTM_LOCAL_IO_CAPS != BTM_IO_CAP_NONE) +void BTM_PasskeyReqReply(tBTM_STATUS res, BD_ADDR bd_addr, UINT32 passkey) +{ + tBTM_SEC_DEV_REC *p_dev_rec; + + BTM_TRACE_API2 ("BTM_PasskeyReqReply: State: %s res:%d", + btm_pair_state_descr(btm_cb.pairing_state), res); + + if ( (btm_cb.pairing_state == BTM_PAIR_STATE_IDLE) + || (memcmp (btm_cb.pairing_bda, bd_addr, BD_ADDR_LEN) != 0) ) + { + return; + } + + /* If timeout already expired or has been canceled, ignore the reply */ + if ( (btm_cb.pairing_state == BTM_PAIR_STATE_WAIT_AUTH_COMPLETE) && (res != BTM_SUCCESS) ) + { + if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL) + { + btm_cb.acl_disc_reason = HCI_ERR_HOST_REJECT_SECURITY; + + if (p_dev_rec->hci_handle != BTM_SEC_INVALID_HANDLE) + btm_sec_send_hci_disconnect (p_dev_rec, HCI_ERR_AUTH_FAILURE); + else + BTM_SecBondCancel(bd_addr); + + p_dev_rec->sec_flags &= ~(BTM_SEC_LINK_KEY_AUTHED | BTM_SEC_LINK_KEY_KNOWN); + + btm_sec_change_pairing_state (BTM_PAIR_STATE_IDLE); + return; + } + } + else if (btm_cb.pairing_state != BTM_PAIR_STATE_KEY_ENTRY) + return; + + if (passkey > BTM_MAX_PASSKEY_VAL) + res = BTM_ILLEGAL_VALUE; + + btm_sec_change_pairing_state (BTM_PAIR_STATE_WAIT_AUTH_COMPLETE); + + if (res != BTM_SUCCESS) + { + /* use BTM_PAIR_STATE_WAIT_AUTH_COMPLETE to report authentication failed event */ + btm_cb.acl_disc_reason = HCI_ERR_HOST_REJECT_SECURITY; + btsnd_hcic_user_passkey_neg_reply (bd_addr); + } + else + { + btm_cb.acl_disc_reason = HCI_SUCCESS; + btsnd_hcic_user_passkey_reply (bd_addr, passkey); + } +} +#endif + +/******************************************************************************* +** +** Function BTM_SendKeypressNotif +** +** Description This function is used during the passkey entry model +** by a device with KeyboardOnly IO capabilities +** (very likely to be a HID Device). +** It is called by a HID Device to inform the remote device when +** a key has been entered or erased. +** +** Parameters: bd_addr - Address of the peer device +** type - notification type +** +*******************************************************************************/ +#if (BTM_LOCAL_IO_CAPS != BTM_IO_CAP_NONE) +void BTM_SendKeypressNotif(BD_ADDR bd_addr, tBTM_SP_KEY_TYPE type) +{ + /* This API only make sense between PASSKEY_REQ and SP complete */ + if (btm_cb.pairing_state == BTM_PAIR_STATE_KEY_ENTRY) + btsnd_hcic_send_keypress_notif (bd_addr, type); +} +#endif + +#if BTM_OOB_INCLUDED == TRUE +/******************************************************************************* +** +** Function BTM_IoCapRsp +** +** Description This function is called in response to BTM_SP_IO_REQ_EVT +** When the event data io_req.oob_data is set to BTM_OOB_UNKNOWN +** by the tBTM_SP_CALLBACK implementation, this function is +** called to provide the actual response +** +** Parameters: bd_addr - Address of the peer device +** io_cap - The IO capability of local device. +** oob - BTM_OOB_NONE or BTM_OOB_PRESENT. +** auth_req- MITM protection required or not. +** +*******************************************************************************/ +void BTM_IoCapRsp(BD_ADDR bd_addr, tBTM_IO_CAP io_cap, tBTM_OOB_DATA oob, tBTM_AUTH_REQ auth_req) +{ + BTM_TRACE_EVENT3 ("BTM_IoCapRsp: state: %s oob: %d io_cap: %d", + btm_pair_state_descr(btm_cb.pairing_state), oob, io_cap); + + if ( (btm_cb.pairing_state != BTM_PAIR_STATE_WAIT_LOCAL_IOCAPS) + || (memcmp (btm_cb.pairing_bda, bd_addr, BD_ADDR_LEN) != 0) ) + return; + + if (oob < BTM_OOB_UNKNOWN && io_cap < BTM_IO_CAP_MAX) + { + btm_cb.devcb.loc_auth_req = auth_req; + btm_cb.devcb.loc_io_caps = io_cap; + + if (btm_cb.pairing_flags & BTM_PAIR_FLAGS_WE_STARTED_DD) + auth_req = (BTM_AUTH_DD_BOND | (auth_req&BTM_AUTH_YN_BIT)); + + btsnd_hcic_io_cap_req_reply (bd_addr, io_cap, oob, auth_req); + } +} + +/******************************************************************************* +** +** Function BTM_ReadLocalOobData +** +** Description This function is called to read the local OOB data from +** LM +** +*******************************************************************************/ +tBTM_STATUS BTM_ReadLocalOobData(void) +{ + tBTM_STATUS status = BTM_SUCCESS; + + if (btsnd_hcic_read_local_oob_data() == FALSE) + status = BTM_NO_RESOURCES; + + return status; +} + +/******************************************************************************* +** +** Function BTM_RemoteOobDataReply +** +** Description This function is called to provide the remote OOB data for +** Simple Pairing in response to BTM_SP_RMT_OOB_EVT +** +** Parameters: bd_addr - Address of the peer device +** c - simple pairing Hash C. +** r - simple pairing Randomizer C. +** +*******************************************************************************/ +void BTM_RemoteOobDataReply(tBTM_STATUS res, BD_ADDR bd_addr, BT_OCTET16 c, BT_OCTET16 r) +{ + BTM_TRACE_EVENT2 ("BTM_RemoteOobDataReply(): State: %s res:%d", + btm_pair_state_descr(btm_cb.pairing_state), res); + + /* If timeout already expired or has been canceled, ignore the reply */ + if (btm_cb.pairing_state != BTM_PAIR_STATE_WAIT_LOCAL_OOB_RSP) + return; + + btm_sec_change_pairing_state (BTM_PAIR_STATE_WAIT_AUTH_COMPLETE); + + if (res != BTM_SUCCESS) + { + /* use BTM_PAIR_STATE_WAIT_AUTH_COMPLETE to report authentication failed event */ + btm_cb.acl_disc_reason = HCI_ERR_HOST_REJECT_SECURITY; + btsnd_hcic_rem_oob_neg_reply (bd_addr); + } + else + { + btm_cb.acl_disc_reason = HCI_SUCCESS; + btsnd_hcic_rem_oob_reply (bd_addr, c, r); + } +} + +/******************************************************************************* +** +** Function BTM_BuildOobData +** +** Description This function is called to build the OOB data payload to +** be sent over OOB (non-Bluetooth) link +** +** Parameters: p_data - the location for OOB data +** max_len - p_data size. +** c - simple pairing Hash C. +** r - simple pairing Randomizer C. +** name_len- 0, local device name would not be included. +** otherwise, the local device name is included for +** up to this specified length +** +** Returns Number of bytes in p_data. +** +*******************************************************************************/ +UINT16 BTM_BuildOobData(UINT8 *p_data, UINT16 max_len, BT_OCTET16 c, + BT_OCTET16 r, UINT8 name_len) +{ + UINT8 *p = p_data; + UINT16 len = 0; + UINT16 delta; +#if BTM_MAX_LOC_BD_NAME_LEN > 0 + UINT16 name_size; + UINT8 name_type = BTM_EIR_SHORTENED_LOCAL_NAME_TYPE; +#endif + + if (p_data && max_len >= BTM_OOB_MANDATORY_SIZE) + { + /* add mandatory part */ + UINT16_TO_STREAM(p, len); + BDADDR_TO_STREAM(p, btm_cb.devcb.local_addr); + + len = BTM_OOB_MANDATORY_SIZE; + max_len -= len; + + /* now optional part */ + + /* add Hash C */ + delta = BTM_OOB_HASH_C_SIZE + 2; + if (max_len >= delta) + { + *p++ = BTM_OOB_HASH_C_SIZE + 1; + *p++ = BTM_EIR_OOB_SSP_HASH_C_TYPE; + ARRAY_TO_STREAM(p, c, BTM_OOB_HASH_C_SIZE); + len += delta; + max_len -= delta; + } + + /* add Rand R */ + delta = BTM_OOB_RAND_R_SIZE + 2; + if (max_len >= delta) + { + *p++ = BTM_OOB_RAND_R_SIZE + 1; + *p++ = BTM_EIR_OOB_SSP_RAND_R_TYPE; + ARRAY_TO_STREAM(p, r, BTM_OOB_RAND_R_SIZE); + len += delta; + max_len -= delta; + } + + /* add class of device */ + delta = BTM_OOB_COD_SIZE + 2; + if (max_len >= delta) + { + *p++ = BTM_OOB_COD_SIZE + 1; + *p++ = BTM_EIR_OOB_COD_TYPE; + DEVCLASS_TO_STREAM(p, btm_cb.devcb.dev_class); + len += delta; + max_len -= delta; + } +#if BTM_MAX_LOC_BD_NAME_LEN > 0 + name_size = name_len; + if (name_size > strlen(btm_cb.cfg.bd_name)) + { + name_type = BTM_EIR_COMPLETE_LOCAL_NAME_TYPE; + name_size = (UINT16)strlen(btm_cb.cfg.bd_name); + } + delta = name_size + 2; + if (max_len >= delta) + { + *p++ = name_size + 1; + *p++ = name_type; + ARRAY_TO_STREAM (p, btm_cb.cfg.bd_name, name_size); + len += delta; + max_len -= delta; + } +#endif + /* update len */ + p = p_data; + UINT16_TO_STREAM(p, len); + } + return len; +} + +/******************************************************************************* +** +** Function BTM_ReadOobData +** +** Description This function is called to parse the OOB data payload +** received over OOB (non-Bluetooth) link +** +** Parameters: p_data - the location for OOB data +** eir_tag - The associated EIR tag to read the data. +** *p_len(output) - the length of the data with the given tag. +** +** Returns the beginning of the data with the given tag. +** NULL, if the tag is not found. +** +*******************************************************************************/ +UINT8 * BTM_ReadOobData(UINT8 *p_data, UINT8 eir_tag, UINT8 *p_len) +{ + UINT8 *p = p_data; + UINT16 max_len; + UINT8 len, type; + UINT8 *p_ret = NULL; + UINT8 ret_len = 0; + + if (p_data) + { + STREAM_TO_UINT16(max_len, p); + if (max_len >= BTM_OOB_MANDATORY_SIZE) + { + if (BTM_EIR_OOB_BD_ADDR_TYPE == eir_tag) + { + p_ret = p; /* the location for bd_addr */ + ret_len = BTM_OOB_BD_ADDR_SIZE; + } + else + { + p += BD_ADDR_LEN; + max_len -= BTM_OOB_MANDATORY_SIZE; + /* now the optional data in EIR format */ + while (max_len > 0) + { + len = *p++; /* tag data len + 1 */ + type = *p++; + if (eir_tag == type) + { + p_ret = p; + ret_len = len - 1; + break; + } + /* the data size of this tag is len + 1 (tag data len + 2) */ + if (max_len > len) + { + max_len -= len; + max_len--; + len--; + p += len; + } + else + max_len = 0; + } + } + } + } + + if (p_len) + *p_len = ret_len; + + return p_ret; +} +#endif + +/******************************************************************************* +** +** Function BTM_SetOutService +** +** Description This function is called to set the service for +** outgoing connections. +** +** If the profile/application calls BTM_SetSecurityLevel +** before initiating a connection, this function does not +** need to be called. +** +** Returns void +** +*******************************************************************************/ +void BTM_SetOutService(BD_ADDR bd_addr, UINT8 service_id, UINT32 mx_chan_id) +{ + tBTM_SEC_DEV_REC *p_dev_rec; + tBTM_SEC_SERV_REC *p_serv_rec = &btm_cb.sec_serv_rec[0]; + int i; + + btm_cb.p_out_serv = p_serv_rec; + p_dev_rec = btm_find_dev (bd_addr); + + for (i = 0; i < BTM_SEC_MAX_SERVICE_RECORDS; i++, p_serv_rec++) + { + if ((p_serv_rec->security_flags & BTM_SEC_IN_USE) + && (p_serv_rec->service_id == service_id) + && (p_serv_rec->orig_mx_chan_id == mx_chan_id)) + { + BTM_TRACE_API4("BTM_SetOutService p_out_serv id %d, psm 0x%04x, proto_id %d, chan_id %d", + p_serv_rec->service_id, p_serv_rec->psm, p_serv_rec->mx_proto_id, p_serv_rec->orig_mx_chan_id); + btm_cb.p_out_serv = p_serv_rec; + if (p_dev_rec) + p_dev_rec->p_cur_service = p_serv_rec; + break; + } + } +} + +/************************************************************************ +** I N T E R N A L F U N C T I O N S +*************************************************************************/ +/******************************************************************************* +** +** Function btm_sec_check_upgrade +** +** Description This function is called to check if the existing link key +** needs to be upgraded. +** +** Returns void +** +*******************************************************************************/ +static void btm_sec_check_upgrade(tBTM_SEC_DEV_REC *p_dev_rec, BOOLEAN is_originator) +{ + tBTM_SP_UPGRADE evt_data; + UINT16 mtm_check = is_originator ? BTM_SEC_OUT_MITM : BTM_SEC_IN_MITM; + + if (p_dev_rec->sec_flags & BTM_SEC_LINK_KEY_KNOWN) + { + + BTM_TRACE_DEBUG5 ("btm_sec_check_upgrade id:%d, link_key_typet:%d, rmt_io_caps:%d, chk flags:x%x, flags:x%x", + p_dev_rec->p_cur_service->service_id, p_dev_rec->link_key_type, p_dev_rec->rmt_io_caps, + mtm_check, p_dev_rec->p_cur_service->security_flags); + /* Already have a link key to the connected peer. Is the link key secure enough? + ** Is a link key upgrade even possible? + */ + if ((p_dev_rec->security_required & mtm_check) /* needs MITM */ + && (p_dev_rec->link_key_type == BTM_LKEY_TYPE_UNAUTH_COMB) /* has unauthenticated link key */ + && (p_dev_rec->rmt_io_caps < BTM_IO_CAP_MAX) /* a valid peer IO cap */ + && (btm_sec_io_map[p_dev_rec->rmt_io_caps][btm_cb.devcb.loc_io_caps])) /* authenticated link key is possible */ + { + BTM_TRACE_DEBUG1 ("need upgrade!! sec_flags:0x%x", p_dev_rec->sec_flags); + /* upgrade is possible: check if the application wants the upgrade. + * If the application is configured to use a global MITM flag, + * it probably would not want to upgrade the link key based on the security level database */ + memcpy (evt_data.bd_addr, p_dev_rec->bd_addr, BD_ADDR_LEN); + evt_data.upgrade = TRUE; + if (btm_cb.api.p_sp_callback) + (*btm_cb.api.p_sp_callback) (BTM_SP_UPGRADE_EVT, (tBTM_SP_EVT_DATA *)&evt_data); + + BTM_TRACE_DEBUG1 ("evt_data.upgrade:0x%x", evt_data.upgrade); + if (evt_data.upgrade) + { + /* if the application confirms the upgrade, set the upgrade bit */ + p_dev_rec->sm4 |= BTM_SM4_UPGRADE; + + /* Clear the link key known to go through authentication/pairing again */ + p_dev_rec->sec_flags &= ~(BTM_SEC_LINK_KEY_KNOWN | BTM_SEC_LINK_KEY_AUTHED); + p_dev_rec->sec_flags &= ~BTM_SEC_AUTHENTICATED; + BTM_TRACE_DEBUG1 ("sec_flags:0x%x", p_dev_rec->sec_flags); + } + } + } +} + +/******************************************************************************* +** +** Function btm_sec_l2cap_access_req +** +** Description This function is called by the L2CAP to grant permission to +** establish L2CAP connection to or from the peer device. +** +** Parameters: bd_addr - Address of the peer device +** psm - L2CAP PSM +** is_originator - TRUE if protocol above L2CAP originates +** connection +** p_callback - Pointer to callback function called if +** this function returns PENDING after required +** procedures are complete. MUST NOT BE NULL. +** +** Returns tBTM_STATUS +** +*******************************************************************************/ +#define BTM_SEC_OUT_FLAGS (BTM_SEC_OUT_AUTHENTICATE | BTM_SEC_OUT_ENCRYPT | BTM_SEC_OUT_AUTHORIZE) +#define BTM_SEC_IN_FLAGS (BTM_SEC_IN_AUTHENTICATE | BTM_SEC_IN_ENCRYPT | BTM_SEC_IN_AUTHORIZE) + +tBTM_STATUS btm_sec_l2cap_access_req (BD_ADDR bd_addr, UINT16 psm, UINT16 handle, + CONNECTION_TYPE conn_type, + tBTM_SEC_CALLBACK *p_callback, + void *p_ref_data) +{ + tBTM_SEC_DEV_REC *p_dev_rec; + tBTM_SEC_SERV_REC *p_serv_rec; + UINT16 security_required; + UINT16 old_security_required; + BOOLEAN old_is_originator; + tBTM_STATUS rc = BTM_SUCCESS; + BOOLEAN chk_acp_auth_done = FALSE; + BOOLEAN is_originator; + +#if (L2CAP_UCD_INCLUDED == TRUE) + if (conn_type & CONNECTION_TYPE_ORIG_MASK) + is_originator = TRUE; + else + is_originator = FALSE; + + BTM_TRACE_DEBUG2 ("btm_sec_l2cap_access_req conn_type:0x%x, 0x%x", conn_type, p_ref_data); +#else + is_originator = conn_type; + + BTM_TRACE_DEBUG2 ("btm_sec_l2cap_access_req is_originator:%d, 0x%x", is_originator, p_ref_data); +#endif + + /* Find or get oldest record */ + p_dev_rec = btm_find_or_alloc_dev (bd_addr); + + p_dev_rec->hci_handle = handle; + + /* Find the service record for the PSM */ + p_serv_rec = btm_sec_find_first_serv (conn_type, psm); + + /* If there is no application registered with this PSM do not allow connection */ + if (!p_serv_rec) + { + BTM_TRACE_WARNING1 ("btm_sec_l2cap_access_req() PSM:%d no application registerd", psm); + + (*p_callback) (bd_addr, p_ref_data, BTM_MODE_UNSUPPORTED); + + return(BTM_MODE_UNSUPPORTED); + } + + /* SDP connection we will always let through */ + if (BT_PSM_SDP == psm) + { + (*p_callback) (bd_addr, p_ref_data, BTM_SUCCESS_NO_SECURITY); + + return(BTM_SUCCESS); + } +#if (L2CAP_UCD_INCLUDED == TRUE) + if ( conn_type & CONNECTION_TYPE_CONNLESS_MASK ) + { + security_required = p_serv_rec->ucd_security_flags; + + rc = BTM_CMD_STARTED; + if (is_originator) + { + if (((security_required & BTM_SEC_OUT_FLAGS) == 0) || + ((((security_required & BTM_SEC_OUT_FLAGS) == BTM_SEC_OUT_AUTHENTICATE) && (p_dev_rec->sec_flags & BTM_SEC_AUTHENTICATED))) || + ((((security_required & BTM_SEC_OUT_FLAGS) == (BTM_SEC_OUT_AUTHENTICATE | BTM_SEC_OUT_ENCRYPT)) && (p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED))) || + ((((security_required & BTM_SEC_OUT_FLAGS) == BTM_SEC_OUT_FLAGS) && (p_dev_rec->sec_flags & BTM_SEC_AUTHORIZED))) ) + { + rc = BTM_SUCCESS; + } + } + else + { + if (((security_required & BTM_SEC_IN_FLAGS) == 0) || + ((((security_required & BTM_SEC_IN_FLAGS) == BTM_SEC_IN_AUTHENTICATE) && (p_dev_rec->sec_flags & BTM_SEC_AUTHENTICATED))) || + ((((security_required & BTM_SEC_IN_FLAGS) == (BTM_SEC_IN_AUTHENTICATE | BTM_SEC_IN_ENCRYPT)) && (p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED))) || + ((((security_required & BTM_SEC_IN_FLAGS) == BTM_SEC_IN_FLAGS) && (p_dev_rec->sec_flags & BTM_SEC_AUTHORIZED))) ) + { + rc = BTM_SUCCESS; + } + } + + if (rc == BTM_SUCCESS) + { + if (p_callback) + (*p_callback) (bd_addr, (void *)p_ref_data, BTM_SUCCESS); + + return(BTM_SUCCESS); + } + } + else +#endif + { + security_required = p_serv_rec->security_flags; + } + + /* there are some devices (moto KRZR) which connects to several services at the same time */ + /* we will process one after another */ + if ( (p_dev_rec->p_callback) || (btm_cb.pairing_state != BTM_PAIR_STATE_IDLE) ) + { + BTM_TRACE_EVENT2 ("btm_sec_l2cap_access_req() - busy - PSM:%d delayed state: %s", + psm, btm_pair_state_descr(btm_cb.pairing_state)); + rc = BTM_CMD_STARTED; + if ((BTM_SEC_MODE_SP != btm_cb.security_mode) + || ((BTM_SEC_MODE_SP == btm_cb.security_mode) && (BTM_SM4_KNOWN == p_dev_rec->sm4)) + ) + { + BTM_TRACE_EVENT2 ("security_flags:x%x, sec_flags:x%x", security_required, p_dev_rec->sec_flags); + /* legacy mode - local is legacy or local is lisbon/peer is legacy */ + if (is_originator) + { + if (((security_required & BTM_SEC_OUT_FLAGS) == 0) || + ((((security_required & BTM_SEC_OUT_FLAGS) == BTM_SEC_OUT_AUTHENTICATE) && (p_dev_rec->sec_flags & BTM_SEC_AUTHENTICATED))) || + ((((security_required & BTM_SEC_OUT_FLAGS) == (BTM_SEC_OUT_AUTHENTICATE | BTM_SEC_OUT_ENCRYPT)) && (p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED))) || + ((((security_required & BTM_SEC_OUT_FLAGS) == BTM_SEC_OUT_FLAGS) && (p_dev_rec->sec_flags & BTM_SEC_AUTHORIZED))) ) + { + rc = BTM_SUCCESS; + } + } + else + { + if (((security_required & BTM_SEC_IN_FLAGS) == 0) || + ((((security_required & BTM_SEC_IN_FLAGS) == BTM_SEC_IN_AUTHENTICATE) && (p_dev_rec->sec_flags & BTM_SEC_AUTHENTICATED))) || + ((((security_required & BTM_SEC_IN_FLAGS) == (BTM_SEC_IN_AUTHENTICATE | BTM_SEC_IN_ENCRYPT)) && (p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED))) || + ((((security_required & BTM_SEC_IN_FLAGS) == BTM_SEC_IN_FLAGS) && (p_dev_rec->sec_flags & BTM_SEC_AUTHORIZED))) ) + { + rc = BTM_SUCCESS; + } + } + + if (rc == BTM_SUCCESS) + { + if (p_callback) + (*p_callback) (bd_addr, (void *)p_ref_data, BTM_SUCCESS); + + return(BTM_SUCCESS); + } + } + + btm_cb.sec_req_pending = TRUE; + return(BTM_CMD_STARTED); + } + + /* Save pointer to service record */ + p_dev_rec->p_cur_service = p_serv_rec; + + + /* mess /w security_required in btm_sec_l2cap_access_req for Lisbon */ + if (btm_cb.security_mode == BTM_SEC_MODE_SP) + { + if (is_originator) + { + if (BTM_SEC_IS_SM4(p_dev_rec->sm4)) + { + /* SM4 to SM4 -> always authenticate & encrypt */ + security_required |= (BTM_SEC_OUT_AUTHENTICATE | BTM_SEC_OUT_ENCRYPT); + } + else + { + if ( !(BTM_SM4_KNOWN & p_dev_rec->sm4)) + { + BTM_TRACE_DEBUG1 ("remote features unknown!!sec_flags:0x%x", p_dev_rec->sec_flags); + /* the remote features are not known yet */ + p_dev_rec->sm4 |= BTM_SM4_REQ_PEND; + + return(BTM_CMD_STARTED); + } + } + } + else + { + /* responder */ + if (BTM_SEC_IS_SM4(p_dev_rec->sm4)) + { + /* SM4 to SM4: the acceptor needs to make sure the authentication is already done */ + chk_acp_auth_done = TRUE; + /* SM4 to SM4 -> always authenticate & encrypt */ + security_required |= (BTM_SEC_IN_AUTHENTICATE | BTM_SEC_IN_ENCRYPT); + } + else + { + if ( !(BTM_SM4_KNOWN & p_dev_rec->sm4)) + { + BTM_TRACE_DEBUG1 ("(rsp) remote features unknown!!sec_flags:0x%x", p_dev_rec->sec_flags); + /* the remote features are not known yet */ + p_dev_rec->sm4 |= BTM_SM4_REQ_PEND; + + return(BTM_CMD_STARTED); + } + } + } + } + + BTM_TRACE_DEBUG4 ("btm_sec_l2cap_access_req() sm4:0x%x, sec_flags:0x%x, security_required:0x%x chk:%d", + p_dev_rec->sm4, p_dev_rec->sec_flags, security_required, chk_acp_auth_done); + + old_security_required = p_dev_rec->security_required; + old_is_originator = p_dev_rec->is_originator; + p_dev_rec->security_required = security_required; + p_dev_rec->p_ref_data = p_ref_data; + p_dev_rec->is_originator = is_originator; + +#if (L2CAP_UCD_INCLUDED == TRUE) + if ( conn_type & CONNECTION_TYPE_CONNLESS_MASK ) + p_dev_rec->is_ucd = TRUE; + else + p_dev_rec->is_ucd = FALSE; +#endif + + /* If there are multiple service records used through the same PSM */ + /* leave security decision for the multiplexor on the top */ +#if (L2CAP_UCD_INCLUDED == TRUE) + if (((btm_sec_find_next_serv (p_serv_rec)) != NULL) + &&(!( conn_type & CONNECTION_TYPE_CONNLESS_MASK ))) /* if not UCD */ +#else + if ((btm_sec_find_next_serv (p_serv_rec)) != NULL) +#endif + { + BTM_TRACE_DEBUG2 ("no next_serv sm4:0x%x, chk:%d", p_dev_rec->sm4, chk_acp_auth_done); + if (!BTM_SEC_IS_SM4(p_dev_rec->sm4)) + { + BTM_TRACE_EVENT1 ("Security Manager: l2cap_access_req PSM:%d postponed for multiplexer", psm); + /* pre-Lisbon: restore the old settings */ + p_dev_rec->security_required = old_security_required; + p_dev_rec->is_originator = old_is_originator; + + (*p_callback) (bd_addr, p_ref_data, BTM_SUCCESS); + + return(BTM_SUCCESS); + } + } + + /* if the originator is using dynamic PSM in legacy mode, do not start any security process now. + * The layer above L2CAP needs to carry out the security requirement after L2CAP connect response is received*/ + if (is_originator && (btm_cb.security_mode != BTM_SEC_MODE_SP || !BTM_SEC_IS_SM4(p_dev_rec->sm4)) && (psm >= 0x1001)) + { + BTM_TRACE_EVENT1 ("dynamic PSM:0x%x in legacy mode - postponed for upper layer", psm); + /* restore the old settings */ + p_dev_rec->security_required = old_security_required; + p_dev_rec->is_originator = old_is_originator; + + (*p_callback) (bd_addr, p_ref_data, BTM_SUCCESS); + + return(BTM_SUCCESS); + } + + if (chk_acp_auth_done) + { + BTM_TRACE_DEBUG2 ("(SM4 to SM4) btm_sec_l2cap_access_req rspd. authenticated: x%x, enc: x%x", + (p_dev_rec->sec_flags & BTM_SEC_AUTHENTICATED), (p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED)); + /* SM4, but we do not know for sure which level of security we need. + * as long as we have a link key, it's OK */ + if ((0 == (p_dev_rec->sec_flags & BTM_SEC_AUTHENTICATED)) + ||(0 == (p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED))) + { + rc = BTM_DELAY_CHECK; + /* + 2046 may report HCI_Encryption_Change and L2C Connection Request out of sequence + because of data path issues. Delay this disconnect a little bit + */ + BTM_TRACE_ERROR0 ("peer should have initiated security process by now (SM4 to SM4)"); + p_dev_rec->p_callback = p_callback; + p_dev_rec->sec_state = BTM_SEC_STATE_DELAY_FOR_ENC; + (*p_callback) (bd_addr, p_ref_data, rc); + + return(BTM_SUCCESS); + } + } + + p_dev_rec->p_callback = p_callback; + + /* Although authentication and encryption are per connection */ + /* authorization is per access request. For example when serial connection */ + /* is up and authorized and client requests to read file (access to other */ + /* scn, we need to request user's permission again. */ + p_dev_rec->sec_flags &= ~BTM_SEC_AUTHORIZED; + + if (BTM_SEC_IS_SM4(p_dev_rec->sm4)) + { + /* If we already have a link key to the connected peer, is the link key secure enough ? */ + btm_sec_check_upgrade(p_dev_rec, is_originator); + } + + BTM_TRACE_EVENT6 ("Security Manager: l2cap_access_req PSM:%d Handle:%d State:%d Flags:0x%x Required:0x%x Service ID:%d", + psm, handle, p_dev_rec->sec_state, p_dev_rec->sec_flags, p_dev_rec->security_required, p_dev_rec->p_cur_service->service_id); + + if ((rc = btm_sec_execute_procedure (p_dev_rec)) != BTM_CMD_STARTED) + { + p_dev_rec->p_callback = NULL; + (*p_callback) (bd_addr, p_dev_rec->p_ref_data, (UINT8)rc); + } + + return(rc); +} + +/******************************************************************************* +** +** Function btm_sec_mx_access_request +** +** Description This function is called by all Multiplexing Protocols during +** establishing connection to or from peer device to grant +** permission to establish application connection. +** +** Parameters: bd_addr - Address of the peer device +** psm - L2CAP PSM +** is_originator - TRUE if protocol above L2CAP originates +** connection +** mx_proto_id - protocol ID of the multiplexer +** mx_chan_id - multiplexer channel to reach application +** p_callback - Pointer to callback function called if +** this function returns PENDING after required +** procedures are completed +** p_ref_data - Pointer to any reference data needed by the +** the callback function. +** +** Returns BTM_CMD_STARTED +** +*******************************************************************************/ +tBTM_STATUS btm_sec_mx_access_request (BD_ADDR bd_addr, UINT16 psm, BOOLEAN is_originator, + UINT32 mx_proto_id, UINT32 mx_chan_id, + tBTM_SEC_CALLBACK *p_callback, void *p_ref_data) + +{ + tBTM_SEC_DEV_REC *p_dev_rec; + tBTM_SEC_SERV_REC *p_serv_rec; + tBTM_STATUS rc; + + BTM_TRACE_DEBUG1 ("btm_sec_mx_access_request is_originator:%d", is_originator); + /* Find or get oldest record */ + p_dev_rec = btm_find_or_alloc_dev (bd_addr); + + /* Find the service record for the PSM */ + p_serv_rec = btm_sec_find_mx_serv (is_originator, psm, mx_proto_id, mx_chan_id); + + /* If there is no application registered with this PSM do not allow connection */ + if (!p_serv_rec) + { + if (p_callback) + (*p_callback) (bd_addr, p_ref_data, BTM_MODE_UNSUPPORTED); + + BTM_TRACE_ERROR3 ("Security Manager: MX service not found PSM:%d Proto:%d SCN:%d", + psm, mx_proto_id, mx_chan_id); + return BTM_NO_RESOURCES; + } + + /* there are some devices (moto phone) which connects to several services at the same time */ + /* we will process one after another */ + if ( (p_dev_rec->p_callback) || (btm_cb.pairing_state != BTM_PAIR_STATE_IDLE) ) + { + BTM_TRACE_EVENT4 ("btm_sec_mx_access_request service PSM:%d Proto:%d SCN:%d delayed state: %s", + psm, mx_proto_id, mx_chan_id, btm_pair_state_descr(btm_cb.pairing_state)); + + btm_sec_queue_mx_request (bd_addr, psm, is_originator, mx_proto_id, mx_chan_id, p_callback, p_ref_data); + return BTM_CMD_STARTED; + } + + p_dev_rec->p_cur_service = p_serv_rec; + p_dev_rec->security_required = p_serv_rec->security_flags; + + if (BTM_SEC_MODE_SP == btm_cb.security_mode) + { + if (BTM_SEC_IS_SM4(p_dev_rec->sm4)) + { + /* If we already have a link key, check if that link key is good enough */ + btm_sec_check_upgrade(p_dev_rec, is_originator); + } + } + + p_dev_rec->is_originator = is_originator; + p_dev_rec->p_callback = p_callback; + p_dev_rec->p_ref_data = p_ref_data; + + /* Although authentication and encryption are per connection */ + /* authorization is per access request. For example when serial connection */ + /* is up and authorized and client requests to read file (access to other */ + /* scn, we need to request user's permission again. */ + p_dev_rec->sec_flags &= ~(BTM_SEC_AUTHORIZED); + + BTM_TRACE_EVENT6 ("Security Manager: mx_access_req proto_id:%d chan_id:%d State:%d Flags:0x%x Required:0x%x Service ID:%d", + mx_proto_id, mx_chan_id, p_dev_rec->sec_state, p_dev_rec->sec_flags, p_dev_rec->security_required, p_dev_rec->p_cur_service->service_id); + + if ((rc = btm_sec_execute_procedure (p_dev_rec)) != BTM_CMD_STARTED) + { + if (p_callback) + { + p_dev_rec->p_callback = NULL; + + (*p_callback) (bd_addr, p_ref_data, (UINT8)rc); + } + } + + return rc; +} + +/******************************************************************************* +** +** Function btm_sec_conn_req +** +** Description This function is when the peer device is requesting +** connection +** +** Returns void +** +*******************************************************************************/ +void btm_sec_conn_req (UINT8 *bda, UINT8 *dc) +{ + tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bda); + + /* Some device may request a connection before we are done with the HCI_Reset sequence */ + if (btm_cb.devcb.state != BTM_DEV_STATE_READY) + { + BTM_TRACE_EVENT0 ("Security Manager: connect request when device not ready"); + btsnd_hcic_reject_conn (bda, HCI_ERR_HOST_REJECT_DEVICE); + return; + } + + /* Security guys wants us not to allow connection from not paired devices */ + + /* Check if connection is allowed for only paired devices */ + if (btm_cb.connect_only_paired) + { + if (!p_dev_rec || !(p_dev_rec->sec_flags & BTM_SEC_LINK_KEY_AUTHED)) + { + BTM_TRACE_EVENT0 ("Security Manager: connect request from non-paired device"); + btsnd_hcic_reject_conn (bda, HCI_ERR_HOST_REJECT_DEVICE); + return; + } + } + +#if BTM_ALLOW_CONN_IF_NONDISCOVER == FALSE + /* If non-discoverable, only allow known devices to connect */ + if (btm_cb.btm_inq_vars.discoverable_mode == BTM_NON_DISCOVERABLE) + { + if (!p_dev_rec) + { + BTM_TRACE_EVENT0 ("Security Manager: connect request from not paired device"); + btsnd_hcic_reject_conn (bda, HCI_ERR_HOST_REJECT_DEVICE); + return; + } + } +#endif + + /* Host can be registered to verify comming BDA or DC */ + if (btm_cb.p_conn_filter_cb) + { + if (!(* btm_cb.p_conn_filter_cb) (bda, dc)) + { + BTM_TRACE_EVENT0 ("Security Manager: connect request did not pass filter"); + + /* incomming call did not pass connection filters. Reject */ + btsnd_hcic_reject_conn (bda, HCI_ERR_HOST_REJECT_DEVICE); + return; + } + } + + if ((btm_cb.pairing_state != BTM_PAIR_STATE_IDLE) + &&(btm_cb.pairing_flags & BTM_PAIR_FLAGS_WE_STARTED_DD) + &&(!memcmp (btm_cb.pairing_bda, bda, BD_ADDR_LEN))) + { + BTM_TRACE_EVENT0 ("Security Manager: reject connect request from bonding device"); + + /* incoming connection from bonding device is rejected */ + btm_cb.pairing_flags |= BTM_PAIR_FLAGS_REJECTED_CONNECT; + btsnd_hcic_reject_conn (bda, HCI_ERR_HOST_REJECT_DEVICE); + return; + } + + /* Host is not interested or approved connection. Save BDA and DC and */ + /* pass request to L2CAP */ + memcpy (btm_cb.connecting_bda, bda, BD_ADDR_LEN); + memcpy (btm_cb.connecting_dc, dc, DEV_CLASS_LEN); + + if (l2c_link_hci_conn_req (bda)) + { + if (!p_dev_rec) + { + /* accept the connection -> allocate a device record */ + p_dev_rec = btm_sec_alloc_dev (bda); + } + if (p_dev_rec) + { + p_dev_rec->sm4 |= BTM_SM4_CONN_PEND; + } + } +} + +/******************************************************************************* +** +** Function btm_sec_bond_cancel_complete +** +** Description This function is called to report bond cancel complete +** event. +** +** Returns void +** +*******************************************************************************/ +static void btm_sec_bond_cancel_complete (void) +{ + tBTM_SEC_DEV_REC *p_dev_rec; + + if ((btm_cb.pairing_flags & BTM_PAIR_FLAGS_DISC_WHEN_DONE) || + (BTM_PAIR_STATE_WAIT_LOCAL_PIN == btm_cb.pairing_state && + BTM_PAIR_FLAGS_WE_STARTED_DD & btm_cb.pairing_flags)) + { + /* for dedicated bonding in legacy mode, authentication happens at "link level" + * btm_sec_connected is called with failed status. + * In theory, the code that handles is_pairing_device/TRUE should clean out security related code. + * However, this function may clean out the security related flags and btm_sec_connected would not know + * this function also needs to do proper clean up. + */ + if ((p_dev_rec = btm_find_dev (btm_cb.pairing_bda)) != NULL) + p_dev_rec->security_required = BTM_SEC_NONE; + btm_sec_change_pairing_state (BTM_PAIR_STATE_IDLE); + + /* Notify application that the cancel succeeded */ + if (btm_cb.api.p_bond_cancel_cmpl_callback) + btm_cb.api.p_bond_cancel_cmpl_callback(BTM_SUCCESS); + } +} + +/******************************************************************************* +** +** Function btm_create_conn_cancel_complete +** +** Description This function is called when the command complete message +** is received from the HCI for the create connection cancel +** command. +** +** Returns void +** +*******************************************************************************/ +void btm_create_conn_cancel_complete (UINT8 *p) +{ + UINT8 status; + + STREAM_TO_UINT8 (status, p); + BTM_TRACE_EVENT2 ("btm_create_conn_cancel_complete(): in State: %s status:%d", + btm_pair_state_descr(btm_cb.pairing_state), status); + + /* if the create conn cancel cmd was issued by the bond cancel, + ** the application needs to be notified that bond cancel succeeded + */ + switch (status) + { + case HCI_SUCCESS: + btm_sec_bond_cancel_complete(); + break; + case HCI_ERR_CONNECTION_EXISTS: + case HCI_ERR_NO_CONNECTION: + default: + /* Notify application of the error */ + if (btm_cb.api.p_bond_cancel_cmpl_callback) + btm_cb.api.p_bond_cancel_cmpl_callback(BTM_ERR_PROCESSING); + break; + } +} + +/******************************************************************************* +** +** Function btm_sec_check_pending_reqs +** +** Description This function is called at the end of the security procedure +** to let L2CAP and RFCOMM know to re-submit any pending requests +** +** Returns void +** +*******************************************************************************/ +void btm_sec_check_pending_reqs (void) +{ + tBTM_SEC_QUEUE_ENTRY *p_e; + BUFFER_Q bq; + + if (btm_cb.pairing_state == BTM_PAIR_STATE_IDLE) + { + /* First, resubmit L2CAP requests */ + if (btm_cb.sec_req_pending) + { + btm_cb.sec_req_pending = FALSE; + l2cu_resubmit_pending_sec_req (NULL); + } + + /* Now, re-submit anything in the mux queue */ + bq = btm_cb.sec_pending_q; + + GKI_init_q (&btm_cb.sec_pending_q); + + while ((p_e = (tBTM_SEC_QUEUE_ENTRY *)GKI_dequeue (&bq)) != NULL) + { + /* Check that the ACL is still up before starting security procedures */ + if (btm_bda_to_acl(p_e->bd_addr) != NULL) + { + BTM_TRACE_EVENT4 ("btm_sec_check_pending_reqs() submitting PSM: 0x%04x Is_Orig: %u mx_proto_id: %u mx_chan_id: %u", + p_e->psm, p_e->is_orig, p_e->mx_proto_id, p_e->mx_chan_id); + + btm_sec_mx_access_request (p_e->bd_addr, p_e->psm, p_e->is_orig, + p_e->mx_proto_id, p_e->mx_chan_id, + p_e->p_callback, p_e->p_ref_data); + } + + GKI_freebuf (p_e); + } + } +} + +/******************************************************************************* +** +** Function btm_sec_init +** +** Description This function is on the SEC startup +** +** Returns void +** +*******************************************************************************/ +void btm_sec_init (UINT8 sec_mode) +{ +#if 0 /* cleared in btm_init; put back in if calling from anywhere else! */ + int i; + + memset (btm_cb.sec_serv_rec, 0, sizeof (btm_cb.sec_serv_rec)); + memset (btm_cb.sec_dev_rec, 0, sizeof (btm_cb.sec_dev_rec)); + memset (&btm_cb.pairing_tle, 0, sizeof(TIMER_LIST_ENT)); + +#endif + btm_cb.security_mode = sec_mode; + memset (btm_cb.pairing_bda, 0xff, BD_ADDR_LEN); + btm_cb.max_collision_delay = BTM_SEC_MAX_COLLISION_DELAY; +} + +/******************************************************************************* +** +** Function btm_sec_device_down +** +** Description This function should be called when device is disabled or +** turned off +** +** Returns void +** +*******************************************************************************/ +void btm_sec_device_down (void) +{ + BTM_TRACE_EVENT1 ("btm_sec_device_down() State: %s", btm_pair_state_descr(btm_cb.pairing_state)); + + btm_sec_change_pairing_state (BTM_PAIR_STATE_IDLE); +} + +/******************************************************************************* +** +** Function btm_sec_dev_reset +** +** Description This function should be called after device reset +** +** Returns void +** +*******************************************************************************/ +void btm_sec_dev_reset (void) +{ +#if (BTM_PRE_LISBON_INCLUDED == TRUE) + if (btm_cb.security_mode == BTM_SEC_MODE_LINK) + { + btsnd_hcic_write_auth_enable (TRUE); + btsnd_hcic_write_encr_mode (HCI_ENCRYPT_MODE_POINT_TO_POINT); + } +#endif +#if (BTM_PRE_LISBON_INCLUDED == TRUE) + else +#endif + /* this function is only called from btm_read_local_features_complete() + * right now. */ + if (HCI_SIMPLE_PAIRING_SUPPORTED(btm_cb.devcb.local_features)) + { + btsnd_hcic_write_simple_pairing_mode(HCI_SP_MODE_ENABLED); +#if BLE_INCLUDED == TRUE + btsnd_hcic_set_event_mask(LOCAL_BR_EDR_CONTROLLER_ID, + (UINT8 *)HCI_DUMO_EVENT_MASK_EXT); +#else + btsnd_hcic_set_event_mask(LOCAL_BR_EDR_CONTROLLER_ID, + (UINT8 *)HCI_LISBON_EVENT_MASK_EXT); +#endif + /* set the default IO capabilities */ + btm_cb.devcb.loc_io_caps = BTM_LOCAL_IO_CAPS; + /* add mx service to use no security */ +#if (RFCOMM_INCLUDED == TRUE) + BTM_SetSecurityLevel(FALSE, "RFC_MUX", BTM_SEC_SERVICE_RFC_MUX, + BTM_SEC_NONE, BT_PSM_RFCOMM, BTM_SEC_PROTO_RFCOMM, 0); +#endif + } + else + { + btm_cb.security_mode = BTM_SEC_MODE_SERVICE; + } + + BTM_TRACE_DEBUG1 ("btm_sec_dev_reset sec mode: %d", btm_cb.security_mode); +} + +/******************************************************************************* +** +** Function btm_sec_abort_access_req +** +** Description This function is called by the L2CAP or RFCOMM to abort +** the pending operation. +** +** Parameters: bd_addr - Address of the peer device +** +** Returns void +** +*******************************************************************************/ +void btm_sec_abort_access_req (BD_ADDR bd_addr) +{ + tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr); + + if (!p_dev_rec) + return; + + if (btm_cb.api.p_abort_callback) + (*btm_cb.api.p_abort_callback)(bd_addr, p_dev_rec->dev_class, p_dev_rec->sec_bd_name); + + if ((p_dev_rec->sec_state != BTM_SEC_STATE_AUTHORIZING) + && (p_dev_rec->sec_state != BTM_SEC_STATE_AUTHENTICATING)) + return; + + p_dev_rec->sec_state = BTM_SEC_STATE_IDLE; + p_dev_rec->p_callback = NULL; +} + +/******************************************************************************* +** +** Function btm_sec_dd_create_conn +** +** Description This function is called to create the ACL connection for +** the dedicated boding process +** +** Returns void +** +*******************************************************************************/ +static tBTM_STATUS btm_sec_dd_create_conn (tBTM_SEC_DEV_REC *p_dev_rec) +{ + tL2C_LCB *p_lcb; + + /* Make sure an L2cap link control block is available */ + if ((p_lcb = l2cu_allocate_lcb (p_dev_rec->bd_addr, TRUE)) == NULL) + { + BTM_TRACE_WARNING6 ("Security Manager: failed allocate LCB [%02x%02x%02x%02x%02x%02x]", + p_dev_rec->bd_addr[0], p_dev_rec->bd_addr[1], p_dev_rec->bd_addr[2], + p_dev_rec->bd_addr[3], p_dev_rec->bd_addr[4], p_dev_rec->bd_addr[5]); + + return(BTM_NO_RESOURCES); + } + + /* set up the control block to indicated dedicated bonding */ + btm_cb.pairing_flags |= BTM_PAIR_FLAGS_DISC_WHEN_DONE; + + if (l2cu_create_conn(p_lcb) == FALSE) + { + BTM_TRACE_WARNING6 ("Security Manager: failed create [%02x%02x%02x%02x%02x%02x]", + p_dev_rec->bd_addr[0], p_dev_rec->bd_addr[1], p_dev_rec->bd_addr[2], + p_dev_rec->bd_addr[3], p_dev_rec->bd_addr[4], p_dev_rec->bd_addr[5]); + + l2cu_release_lcb(p_lcb); + return(BTM_NO_RESOURCES); + } + +#if (defined(BTM_BUSY_LEVEL_CHANGE_INCLUDED) && BTM_BUSY_LEVEL_CHANGE_INCLUDED == TRUE) + btm_acl_update_busy_level (BTM_BLI_PAGE_EVT); +#endif + + BTM_TRACE_DEBUG6 ("Security Manager: btm_sec_dd_create_conn [%02x%02x%02x%02x%02x%02x]", + p_dev_rec->bd_addr[0], p_dev_rec->bd_addr[1], p_dev_rec->bd_addr[2], + p_dev_rec->bd_addr[3], p_dev_rec->bd_addr[4], p_dev_rec->bd_addr[5]); + + btm_sec_change_pairing_state (BTM_PAIR_STATE_WAIT_PIN_REQ); + + return(BTM_CMD_STARTED); +} + +/******************************************************************************* +** +** Function btm_sec_rmt_name_request_complete +** +** Description This function is called when remote name was obtained from +** the peer device +** +** Returns void +** +*******************************************************************************/ +void btm_sec_rmt_name_request_complete (UINT8 *p_bd_addr, UINT8 *p_bd_name, UINT8 status) +{ + tBTM_SEC_DEV_REC *p_dev_rec; + int i; + DEV_CLASS dev_class; + UINT8 old_sec_state; + + BTM_TRACE_EVENT0 ("btm_sec_rmt_name_request_complete"); + if (((p_bd_addr == NULL) && !BTM_ACL_IS_CONNECTED(btm_cb.connecting_bda)) + || ((p_bd_addr != NULL) && !BTM_ACL_IS_CONNECTED(p_bd_addr))) + { + btm_acl_resubmit_page(); + } + + /* If remote name request failed, p_bd_addr is null and we need to search */ + /* based on state assuming that we are doing 1 at a time */ + if (p_bd_addr) + p_dev_rec = btm_find_dev (p_bd_addr); + else + { + p_dev_rec = &btm_cb.sec_dev_rec[0]; + + for (i = 0; i < BTM_SEC_MAX_DEVICE_RECORDS; i++, p_dev_rec++) + { + if ((p_dev_rec->sec_flags & BTM_SEC_IN_USE) + && (p_dev_rec->sec_state == BTM_SEC_STATE_GETTING_NAME)) + { + p_bd_addr = p_dev_rec->bd_addr; + break; + } + } + + if (i == BTM_SEC_MAX_DEVICE_RECORDS) + p_dev_rec = NULL; + } + + + /* Commenting out trace due to obf/compilation problems. + */ +#if (BT_USE_TRACES == TRUE) + if (!p_bd_name) + p_bd_name = (UINT8 *)""; + + if (p_dev_rec) + { + BTM_TRACE_EVENT5 ("Security Manager: rmt_name_complete PairState: %s RemName: %s status: %d State:%d p_dev_rec: 0x%08x ", + btm_pair_state_descr (btm_cb.pairing_state), p_bd_name, + status, p_dev_rec->sec_state, p_dev_rec); + } + else + { + BTM_TRACE_EVENT3 ("Security Manager: rmt_name_complete PairState: %s RemName: %s status: %d", + btm_pair_state_descr (btm_cb.pairing_state), p_bd_name, + status); + } +#endif + + if (p_dev_rec) + { + old_sec_state = p_dev_rec->sec_state; + if (status == HCI_SUCCESS) + { + BCM_STRNCPY_S ((char *)p_dev_rec->sec_bd_name, sizeof (p_dev_rec->sec_bd_name), (char *)p_bd_name, BTM_MAX_REM_BD_NAME_LEN); + p_dev_rec->sec_flags |= BTM_SEC_NAME_KNOWN; + BTM_TRACE_EVENT1 ("setting BTM_SEC_NAME_KNOWN sec_flags:0x%x", p_dev_rec->sec_flags); + } + else + { + /* Notify all clients waiting for name to be resolved even if it failed so clients can continue */ + p_dev_rec->sec_bd_name[0] = 0; + } + + if (p_dev_rec->sec_state == BTM_SEC_STATE_GETTING_NAME) + p_dev_rec->sec_state = BTM_SEC_STATE_IDLE; + + /* Notify all clients waiting for name to be resolved */ + for (i = 0;i < BTM_SEC_MAX_RMT_NAME_CALLBACKS; i++) + { + if (btm_cb.p_rmt_name_callback[i]) + (*btm_cb.p_rmt_name_callback[i])(p_bd_addr, p_dev_rec->dev_class, + p_dev_rec->sec_bd_name); + } + } + else + { + dev_class[0] = 0; + dev_class[1] = 0; + dev_class[2] = 0; + + /* Notify all clients waiting for name to be resolved even if not found so clients can continue */ + for (i = 0;i < BTM_SEC_MAX_RMT_NAME_CALLBACKS; i++) + { + if (btm_cb.p_rmt_name_callback[i]) + (*btm_cb.p_rmt_name_callback[i])(p_bd_addr, dev_class, (UINT8 *)""); + } + + return; + } + + /* If we were delaying asking UI for a PIN because name was not resolved, ask now */ + if ( (btm_cb.pairing_state == BTM_PAIR_STATE_WAIT_LOCAL_PIN) && p_bd_addr + && (memcmp (btm_cb.pairing_bda, p_bd_addr, BD_ADDR_LEN) == 0) ) + { + BTM_TRACE_EVENT2 ("btm_sec_rmt_name_request_complete() delayed pin now being requested flags:0x%x, (p_pin_callback=0x%p)", btm_cb.pairing_flags, btm_cb.api.p_pin_callback); + + if (((btm_cb.pairing_flags & BTM_PAIR_FLAGS_WE_STARTED_DD) == 0) && + ((btm_cb.pairing_flags & BTM_PAIR_FLAGS_PIN_REQD) == 0) && + btm_cb.api.p_pin_callback) + { + BTM_TRACE_EVENT0 ("btm_sec_rmt_name_request_complete() calling pin_callback"); + btm_cb.pairing_flags |= BTM_PAIR_FLAGS_PIN_REQD; + (*btm_cb.api.p_pin_callback) (p_dev_rec->bd_addr, p_dev_rec->dev_class, p_bd_name); + } + + /* Set the same state again to force the timer to be restarted */ + btm_sec_change_pairing_state (BTM_PAIR_STATE_WAIT_LOCAL_PIN); + return; + } + + /* Check if we were delaying bonding because name was not resolved */ + if ( btm_cb.pairing_state == BTM_PAIR_STATE_GET_REM_NAME) + { + if (p_bd_addr && memcmp (btm_cb.pairing_bda, p_bd_addr, BD_ADDR_LEN) == 0) + { + BTM_TRACE_EVENT2 ("btm_sec_rmt_name_request_complete() continue bonding sm4: 0x%04x, status:0x%x", p_dev_rec->sm4, status); + if (status != HCI_SUCCESS) + { + btm_sec_change_pairing_state (BTM_PAIR_STATE_IDLE); + + (*btm_cb.api.p_auth_complete_callback) (p_dev_rec->bd_addr, p_dev_rec->dev_class, + p_dev_rec->sec_bd_name, status); + return; + } + + /* if peer is very old legacy devices, HCI_RMT_HOST_SUP_FEAT_NOTIFY_EVT is not reported */ + if (BTM_SEC_IS_SM4_UNKNOWN(p_dev_rec->sm4)) + { + /* set the KNOWN flag only if BTM_PAIR_FLAGS_REJECTED_CONNECT is not set. + * If it is set, there may be a race condition */ + BTM_TRACE_EVENT1 ("btm_sec_rmt_name_request_complete IS_SM4_UNKNOWN Flags:0x%04x", btm_cb.pairing_flags); + if ((btm_cb.pairing_flags & BTM_PAIR_FLAGS_REJECTED_CONNECT) == 0) + { + p_dev_rec->sm4 |= BTM_SM4_KNOWN; + } + } + + /* BT 2.1 or carkit, bring up the connection to force the peer to request PIN. + ** Else prefetch (btm_sec_check_prefetch_pin will do the prefetching if needed) + */ + if ((p_dev_rec->sm4 != BTM_SM4_KNOWN) || !btm_sec_check_prefetch_pin(p_dev_rec)) + { + /* if we rejected incoming connection request, we have to wait HCI_Connection_Complete event */ + /* before originating */ + if (btm_cb.pairing_flags & BTM_PAIR_FLAGS_REJECTED_CONNECT) + { + BTM_TRACE_WARNING0 ("btm_sec_rmt_name_request_complete: waiting HCI_Connection_Complete after rejecting connection"); + } + /* Both we and the peer are 2.1 - continue to create connection */ + else if (btm_sec_dd_create_conn(p_dev_rec) != BTM_CMD_STARTED) + { + BTM_TRACE_WARNING0 ("btm_sec_rmt_name_request_complete: failed to start connection"); + + btm_sec_change_pairing_state (BTM_PAIR_STATE_IDLE); + + (*btm_cb.api.p_auth_complete_callback) (p_dev_rec->bd_addr, p_dev_rec->dev_class, + p_dev_rec->sec_bd_name, HCI_ERR_MEMORY_FULL); + } + } + return; + } + else + { + BTM_TRACE_WARNING0 ("btm_sec_rmt_name_request_complete: wrong BDA, retry with pairing BDA"); + + BTM_ReadRemoteDeviceName (btm_cb.pairing_bda, NULL); + return; + } + } + + /* check if we were delaying link_key_callback because name was not resolved */ + if (p_dev_rec->link_key_not_sent) + { + /* If HCI connection complete has not arrived, wait for it */ + if (p_dev_rec->hci_handle == BTM_SEC_INVALID_HANDLE) + return; + + p_dev_rec->link_key_not_sent = FALSE; + btm_send_link_key_notif(p_dev_rec); + + /* If its not us who perform authentication, we should tell stackserver */ + /* that some authentication has been completed */ + /* This is required when different entities receive link notification and auth complete */ + if (!(p_dev_rec->security_required & BTM_SEC_OUT_AUTHENTICATE)) + { + if (btm_cb.api.p_auth_complete_callback) + (*btm_cb.api.p_auth_complete_callback) (p_dev_rec->bd_addr, + p_dev_rec->dev_class, + p_dev_rec->sec_bd_name, HCI_SUCCESS); + + } + } + + /* If this is a bonding procedure can disconnect the link now */ + if ((btm_cb.pairing_flags & BTM_PAIR_FLAGS_WE_STARTED_DD) + && (p_dev_rec->sec_flags & BTM_SEC_AUTHENTICATED)) + { + BTM_TRACE_WARNING0 ("btm_sec_rmt_name_request_complete (none/ce)"); + p_dev_rec->security_required &= ~(BTM_SEC_OUT_AUTHENTICATE); + l2cu_start_post_bond_timer(p_dev_rec->hci_handle); + return; + } + + if (old_sec_state != BTM_SEC_STATE_GETTING_NAME) + return; + + /* If get name failed, notify the waiting layer */ + if (status != HCI_SUCCESS) + { + btm_sec_dev_rec_cback_event (p_dev_rec, BTM_ERR_PROCESSING); + return; + } + + if (p_dev_rec->sm4 & BTM_SM4_REQ_PEND) + { + BTM_TRACE_EVENT0 ("waiting for remote features!!"); + return; + } + + /* Remote Name succeeded, execute the next security procedure, if any */ + status = (UINT8)btm_sec_execute_procedure (p_dev_rec); + + /* If result is pending reply from the user or from the device is pending */ + if (status == BTM_CMD_STARTED) + return; + + /* There is no next procedure or start of procedure failed, notify the waiting layer */ + btm_sec_dev_rec_cback_event (p_dev_rec, status); +} + +/******************************************************************************* +** +** Function btm_sec_rmt_host_support_feat_evt +** +** Description This function is called when the +** HCI_RMT_HOST_SUP_FEAT_NOTIFY_EVT is received +** +** Returns void +** +*******************************************************************************/ +void btm_sec_rmt_host_support_feat_evt (UINT8 *p) +{ + tBTM_SEC_DEV_REC *p_dev_rec; + BD_ADDR bd_addr; /* peer address */ + BD_FEATURES features; + + STREAM_TO_BDADDR (bd_addr, p); + p_dev_rec = btm_find_or_alloc_dev (bd_addr); + + BTM_TRACE_EVENT2 ("btm_sec_rmt_host_support_feat_evt sm4: 0x%x p[0]: 0x%x", p_dev_rec->sm4, p[0]); + + if (BTM_SEC_IS_SM4_UNKNOWN(p_dev_rec->sm4)) + { + p_dev_rec->sm4 = BTM_SM4_KNOWN; + STREAM_TO_ARRAY(features, p, BD_FEATURES_LEN); + if (HCI_SSP_HOST_SUPPORTED(features)) + { + p_dev_rec->sm4 = BTM_SM4_TRUE; + } + BTM_TRACE_EVENT2 ("btm_sec_rmt_host_support_feat_evt sm4: 0x%x features[0]: 0x%x", p_dev_rec->sm4, features[0]); + } +} + +/******************************************************************************* +** +** Function btm_io_capabilities_req +** +** Description This function is called when LM request for the IO +** capability of the local device and +** if the OOB data is present for the device in the event +** +** Returns void +** +*******************************************************************************/ +void btm_io_capabilities_req (UINT8 *p) +{ + tBTM_SP_IO_REQ evt_data; + UINT8 err_code = 0; + tBTM_SEC_DEV_REC *p_dev_rec; + BOOLEAN is_orig = TRUE; + UINT8 callback_rc = BTM_SUCCESS; + + STREAM_TO_BDADDR (evt_data.bd_addr, p); + + /* setup the default response according to compile options */ + /* assume that the local IO capability does not change + * loc_io_caps is initialized with the default value */ + evt_data.io_cap = btm_cb.devcb.loc_io_caps; + evt_data.oob_data = BTM_OOB_NONE; + evt_data.auth_req = BTM_DEFAULT_AUTH_REQ; + + BTM_TRACE_EVENT1 ("btm_io_capabilities_req() State: %s", btm_pair_state_descr(btm_cb.pairing_state)); + + p_dev_rec = btm_find_or_alloc_dev (evt_data.bd_addr); + p_dev_rec->sm4 |= BTM_SM4_TRUE; + + BTM_TRACE_EVENT3 ("btm_io_capabilities_req() State: %s Flags: 0x%04x p_cur_service: 0x%08x", + btm_pair_state_descr(btm_cb.pairing_state), btm_cb.pairing_flags, p_dev_rec->p_cur_service); + + if (btm_cb.pairing_state != BTM_PAIR_STATE_IDLE) + { + if (btm_cb.pairing_state == BTM_PAIR_STATE_INCOMING_SSP) + { + /* received IO capability response already-> not the originator of SSP */ + is_orig = FALSE; + + if (btm_cb.pairing_flags & BTM_PAIR_FLAGS_PEER_STARTED_DD) + evt_data.auth_req = BTM_DEFAULT_DD_AUTH_REQ; + } + /* security is already in progress */ + else if (btm_cb.pairing_state == BTM_PAIR_STATE_WAIT_PIN_REQ) + { +/* coverity[uninit_use_in_call] +Event uninit_use_in_call: Using uninitialized element of array "evt_data.bd_addr" in call to function "memcmp" +False-positive: evt_data.bd_addr is set at the beginning with: STREAM_TO_BDADDR (evt_data.bd_addr, p); +*/ + if (memcmp (evt_data.bd_addr, btm_cb.pairing_bda, BD_ADDR_LEN)) + { + /* and it's not the device in bonding -> reject it */ + err_code = HCI_ERR_HOST_BUSY_PAIRING; + } + else + { + /* local device initiated dedicated bonding */ + evt_data.auth_req = BTM_DEFAULT_DD_AUTH_REQ; + } + } + else + { + err_code = HCI_ERR_HOST_BUSY_PAIRING; + } + } + + /* paring is not allowed */ + if (btm_cb.pairing_disabled) + err_code = HCI_ERR_PAIRING_NOT_ALLOWED; + + if (err_code != 0) + { +/* coverity[uninit_use_in_call] +Event uninit_use_in_call: Using uninitialized element of array "evt_data.bd_addr" in call to function "memcmp" +False-positive: evt_data.bd_addr is set at the beginning with: STREAM_TO_BDADDR (evt_data.bd_addr, p); +*/ + btsnd_hcic_io_cap_req_neg_reply(evt_data.bd_addr, err_code); + return; + } + + evt_data.is_orig = is_orig; + + if (is_orig) + { + /* local device initiated the pairing non-bonding -> use p_cur_service */ + if (!(btm_cb.pairing_flags & BTM_PAIR_FLAGS_WE_STARTED_DD) && + p_dev_rec->p_cur_service && + (p_dev_rec->p_cur_service->security_flags & BTM_SEC_OUT_AUTHENTICATE)) + { + evt_data.auth_req = (p_dev_rec->p_cur_service->security_flags & BTM_SEC_OUT_MITM) ? BTM_AUTH_SP_YES : BTM_AUTH_SP_NO; + } + } + + /* Notify L2CAP to increase timeout */ + l2c_pin_code_request (evt_data.bd_addr); + + memcpy (btm_cb.pairing_bda, evt_data.bd_addr, BD_ADDR_LEN); + +/* coverity[uninit_use_in_call] +Event uninit_use_in_call: Using uninitialized element of array "evt_data.bd_addr" in call to function "memcmp" +False-positive: False-positive: evt_data.bd_addr is set at the beginning with: STREAM_TO_BDADDR (evt_data.bd_addr, p); +*/ + if (!memcmp (evt_data.bd_addr, btm_cb.connecting_bda, BD_ADDR_LEN)) + memcpy (p_dev_rec->dev_class, btm_cb.connecting_dc, DEV_CLASS_LEN); + + btm_sec_change_pairing_state (BTM_PAIR_STATE_WAIT_LOCAL_IOCAPS); + + callback_rc = BTM_SUCCESS; + if (p_dev_rec->sm4 & BTM_SM4_UPGRADE) + { + p_dev_rec->sm4 &= ~BTM_SM4_UPGRADE; + + /* link key upgrade: always use SPGB_YES - assuming we want to save the link key */ + evt_data.auth_req = BTM_AUTH_SPGB_YES; + } + else if (btm_cb.api.p_sp_callback) + { + /* the callback function implementation may change the IO capability... */ + callback_rc = (*btm_cb.api.p_sp_callback) (BTM_SP_IO_REQ_EVT, (tBTM_SP_EVT_DATA *)&evt_data); + } + +#if BTM_OOB_INCLUDED == TRUE + if ((callback_rc == BTM_SUCCESS) || (BTM_OOB_UNKNOWN != evt_data.oob_data)) +#else + if (callback_rc == BTM_SUCCESS) +#endif + { + if ((btm_cb.pairing_flags & BTM_PAIR_FLAGS_WE_STARTED_DD)) + { + evt_data.auth_req = (BTM_AUTH_DD_BOND | (evt_data.auth_req & BTM_AUTH_YN_BIT)); + } + + /* if the user does not indicate "reply later" by setting the oob_data to unknown + * send the response right now. Save the current IO capability in the control block */ + btm_cb.devcb.loc_auth_req = evt_data.auth_req; + btm_cb.devcb.loc_io_caps = evt_data.io_cap; + + BTM_TRACE_EVENT4 ("btm_io_capabilities_req: State: %s IO_CAP:%d oob_data:%d auth_req:%d", + btm_pair_state_descr(btm_cb.pairing_state), evt_data.io_cap, + evt_data.oob_data, evt_data.auth_req); + + btsnd_hcic_io_cap_req_reply(evt_data.bd_addr, evt_data.io_cap, + evt_data.oob_data, evt_data.auth_req); + } +} + +/******************************************************************************* +** +** Function btm_io_capabilities_rsp +** +** Description This function is called when the IO capability of the +** specified device is received +** +** Returns void +** +*******************************************************************************/ +void btm_io_capabilities_rsp (UINT8 *p) +{ + tBTM_SEC_DEV_REC *p_dev_rec; + tBTM_SP_IO_RSP evt_data; + + STREAM_TO_BDADDR (evt_data.bd_addr, p); + STREAM_TO_UINT8 (evt_data.io_cap, p); + STREAM_TO_UINT8 (evt_data.oob_data, p); + STREAM_TO_UINT8 (evt_data.auth_req, p); + + /* Allocate a new device record or reuse the oldest one */ + p_dev_rec = btm_find_or_alloc_dev (evt_data.bd_addr); + + /* If no security is in progress, this indicates incoming security */ + if (btm_cb.pairing_state == BTM_PAIR_STATE_IDLE) + { + memcpy (btm_cb.pairing_bda, evt_data.bd_addr, BD_ADDR_LEN); + + btm_sec_change_pairing_state (BTM_PAIR_STATE_INCOMING_SSP); + + /* Make sure we reset the trusted mask to help against attacks */ + BTM_SEC_CLR_TRUSTED_DEVICE(p_dev_rec->trusted_mask); + + /* work around for FW bug */ + btm_inq_stop_on_ssp(); + } + + /* Notify L2CAP to increase timeout */ + l2c_pin_code_request (evt_data.bd_addr); + + /* We must have a device record here. + * Use the connecting device's CoD for the connection */ +/* coverity[uninit_use_in_call] +Event uninit_use_in_call: Using uninitialized element of array "evt_data.bd_addr" in call to function "memcmp" +FALSE-POSITIVE error from Coverity test-tool. evt_data.bd_addr is set at the beginning with: STREAM_TO_BDADDR (evt_data.bd_addr, p); +*/ + if (!memcmp (evt_data.bd_addr, btm_cb.connecting_bda, BD_ADDR_LEN)) + memcpy (p_dev_rec->dev_class, btm_cb.connecting_dc, DEV_CLASS_LEN); + + /* peer sets dedicated bonding bit and we did not initiate dedicated bonding */ + if (btm_cb.pairing_state == BTM_PAIR_STATE_INCOMING_SSP /* peer initiated bonding */ + && (evt_data.auth_req & BTM_AUTH_DD_BOND) ) /* and dedicated bonding bit is set */ + { + btm_cb.pairing_flags |= BTM_PAIR_FLAGS_PEER_STARTED_DD; + } + + /* save the IO capability in the device record */ + p_dev_rec->rmt_io_caps = evt_data.io_cap; + p_dev_rec->rmt_auth_req = evt_data.auth_req; + + if (btm_cb.api.p_sp_callback) + (*btm_cb.api.p_sp_callback) (BTM_SP_IO_RSP_EVT, (tBTM_SP_EVT_DATA *)&evt_data); +} + +/******************************************************************************* +** +** Function btm_proc_sp_req_evt +** +** Description This function is called to process/report +** HCI_USER_CONFIRMATION_REQUEST_EVT +** or HCI_USER_PASSKEY_REQUEST_EVT +** or HCI_USER_PASSKEY_NOTIFY_EVT +** +** Returns void +** +*******************************************************************************/ +void btm_proc_sp_req_evt (tBTM_SP_EVT event, UINT8 *p) +{ + tBTM_STATUS status = BTM_ERR_PROCESSING; + tBTM_SP_EVT_DATA evt_data; + UINT8 *p_bda = evt_data.cfm_req.bd_addr; + tBTM_SEC_DEV_REC *p_dev_rec; + + /* All events start with bd_addr */ + STREAM_TO_BDADDR (p_bda, p); + + BTM_TRACE_EVENT4 ("btm_proc_sp_req_evt() BDA: %08x%04x event: 0x%x, State: %s", + (p_bda[0]<<24) + (p_bda[1]<<16) + (p_bda[2]<<8) + p_bda[3], (p_bda[4] << 8) + p_bda[5], + event, btm_pair_state_descr(btm_cb.pairing_state)); + + if ( ((p_dev_rec = btm_find_dev (p_bda)) != NULL) + && (btm_cb.pairing_state != BTM_PAIR_STATE_IDLE) + && (memcmp (btm_cb.pairing_bda, p_bda, BD_ADDR_LEN) == 0) ) + { + memcpy (evt_data.cfm_req.bd_addr, p_dev_rec->bd_addr, BD_ADDR_LEN); + memcpy (evt_data.cfm_req.dev_class, p_dev_rec->dev_class, DEV_CLASS_LEN); + + BCM_STRNCPY_S ((char *)evt_data.cfm_req.bd_name, sizeof(evt_data.cfm_req.bd_name), (char *)p_dev_rec->sec_bd_name, BTM_MAX_REM_BD_NAME_LEN); + + switch (event) + { + case BTM_SP_CFM_REQ_EVT: + /* Numeric confirmation. Need user to conf the passkey */ + btm_sec_change_pairing_state (BTM_PAIR_STATE_WAIT_NUMERIC_CONFIRM); + + /* The device record must be allocated in the "IO cap exchange" step */ + STREAM_TO_UINT32 (evt_data.cfm_req.num_val, p); + + evt_data.cfm_req.just_works = TRUE; + + /* process user confirm req in association with the auth_req param */ +#if (BTM_LOCAL_IO_CAPS == BTM_IO_CAP_IO) + if ( (p_dev_rec->rmt_io_caps == BTM_IO_CAP_IO) + && (btm_cb.devcb.loc_io_caps == BTM_IO_CAP_IO) + && ((p_dev_rec->rmt_auth_req & BTM_AUTH_SP_YES) || (btm_cb.devcb.loc_auth_req & BTM_AUTH_SP_YES)) ) + { + /* Both devices are DisplayYesNo and one or both devices want to authenticate + -> use authenticated link key */ + evt_data.cfm_req.just_works = FALSE; + } +#endif + BTM_TRACE_DEBUG5 ("btm_proc_sp_req_evt() just_works:%d, io loc:%d, rmt:%d, auth loc:%d, rmt:%d", + evt_data.cfm_req.just_works, btm_cb.devcb.loc_io_caps, p_dev_rec->rmt_io_caps, + btm_cb.devcb.loc_auth_req, p_dev_rec->rmt_auth_req); + + evt_data.cfm_req.loc_auth_req = btm_cb.devcb.loc_auth_req; + evt_data.cfm_req.rmt_auth_req = p_dev_rec->rmt_auth_req; + break; + + case BTM_SP_KEY_NOTIF_EVT: + /* Passkey notification (other side is a keyboard) */ + STREAM_TO_UINT32 (evt_data.key_notif.passkey, p); + + BTM_TRACE_DEBUG1 ("BTM_SP_KEY_NOTIF_EVT: passkey: %u", evt_data.key_notif.passkey); + + btm_sec_change_pairing_state (BTM_PAIR_STATE_WAIT_AUTH_COMPLETE); + break; + +#if (BTM_LOCAL_IO_CAPS != BTM_IO_CAP_NONE) + case BTM_SP_KEY_REQ_EVT: + /* HCI_USER_PASSKEY_REQUEST_EVT */ + btm_sec_change_pairing_state (BTM_PAIR_STATE_KEY_ENTRY); + break; +#endif + } + + if (btm_cb.api.p_sp_callback) + { + status = (*btm_cb.api.p_sp_callback) (event, (tBTM_SP_EVT_DATA *)&evt_data); + if (status != BTM_NOT_AUTHORIZED) + { + return; + } + /* else BTM_NOT_AUTHORIZED means when the app wants to reject the req right now */ + } + else if ( (event == BTM_SP_CFM_REQ_EVT) && (evt_data.cfm_req.just_works == TRUE) ) + { + /* automatically reply with just works if no sp_cback */ + status = BTM_SUCCESS; + } + + if (event == BTM_SP_CFM_REQ_EVT) + { + BTM_TRACE_DEBUG1 ("calling BTM_ConfirmReqReply with status: %d", status); + BTM_ConfirmReqReply (status, p_bda); + } +#if (BTM_LOCAL_IO_CAPS != BTM_IO_CAP_NONE) + else if (event == BTM_SP_KEY_REQ_EVT) + { + BTM_PasskeyReqReply(status, p_bda, 0); + } +#endif + return; + } + + /* Something bad. we can only fail this connection */ + btm_cb.acl_disc_reason = HCI_ERR_HOST_REJECT_SECURITY; + + if (BTM_SP_CFM_REQ_EVT == event) + { + btsnd_hcic_user_conf_reply (p_bda, FALSE); + } + else if (BTM_SP_KEY_NOTIF_EVT == event) + { + /* do nothing -> it very unlikely to happen. + This event is most likely to be received by a HID host when it first connects to a HID device. + Usually the Host initiated the connection in this case. + On Mobile platforms, if there's a security process happening, + the host probably can not initiate another connection. + BTW (PC) is another story. */ + if (NULL != (p_dev_rec = btm_find_dev (p_bda)) ) + { + btm_sec_disconnect (p_dev_rec->hci_handle, HCI_ERR_AUTH_FAILURE); + } + } +#if (BTM_LOCAL_IO_CAPS != BTM_IO_CAP_NONE) + else + { + btsnd_hcic_user_passkey_neg_reply(p_bda); + } +#endif +} + +/******************************************************************************* +** +** Function btm_keypress_notif_evt +** +** Description This function is called when a key press notification is +** received +** +** Returns void +** +*******************************************************************************/ +void btm_keypress_notif_evt (UINT8 *p) +{ + tBTM_SP_KEYPRESS evt_data; + UINT8 *p_bda; + + /* parse & report BTM_SP_KEYPRESS_EVT */ + if (btm_cb.api.p_sp_callback) + { + p_bda = evt_data.bd_addr; + + STREAM_TO_BDADDR (p_bda, p); + evt_data.notif_type = *p; + + (*btm_cb.api.p_sp_callback) (BTM_SP_KEYPRESS_EVT, (tBTM_SP_EVT_DATA *)&evt_data); + } +} + +/******************************************************************************* +** +** Function btm_simple_pair_complete +** +** Description This function is called when simple pairing process is +** complete +** +** Returns void +** +*******************************************************************************/ +void btm_simple_pair_complete (UINT8 *p) +{ + tBTM_SP_COMPLT evt_data; + tBTM_SEC_DEV_REC *p_dev_rec; + UINT8 status; + BOOLEAN disc = FALSE; + + status = *p++; + STREAM_TO_BDADDR (evt_data.bd_addr, p); + + if ((p_dev_rec = btm_find_dev (evt_data.bd_addr)) == NULL) + { + BTM_TRACE_ERROR2 ("btm_simple_pair_complete() with unknown BDA: %08x%04x", + (evt_data.bd_addr[0]<<24) + (evt_data.bd_addr[1]<<16) + (evt_data.bd_addr[2]<<8) + evt_data.bd_addr[3], + (evt_data.bd_addr[4] << 8) + evt_data.bd_addr[5]); + return; + } + + BTM_TRACE_EVENT3 ("btm_simple_pair_complete() Pair State: %s Status:%d sec_state: %u", + btm_pair_state_descr(btm_cb.pairing_state), status, p_dev_rec->sec_state); + + evt_data.status = BTM_ERR_PROCESSING; + if (status == HCI_SUCCESS) + { + evt_data.status = BTM_SUCCESS; + p_dev_rec->sec_flags |= BTM_SEC_AUTHENTICATED; + } + else + { + if (status == HCI_ERR_PAIRING_NOT_ALLOWED) + { + /* The test spec wants the peer device to get this failure code. */ + btm_sec_change_pairing_state (BTM_PAIR_STATE_WAIT_DISCONNECT); + + /* Change the timer to 1 second */ + btu_start_timer (&btm_cb.pairing_tle, BTU_TTYPE_USER_FUNC, BT_1SEC_TIMEOUT); + } + else if (memcmp (btm_cb.pairing_bda, evt_data.bd_addr, BD_ADDR_LEN) == 0) + { + /* stop the timer */ + btu_stop_timer (&btm_cb.pairing_tle); + + if (p_dev_rec->sec_state != BTM_SEC_STATE_AUTHENTICATING) + { + /* the initiating side: will receive auth complete event. disconnect ACL at that time */ + disc = TRUE; + } + } + else + disc = TRUE; + } + + /* Let the pairing state stay active, p_auth_complete_callback will report the failure */ + memcpy (evt_data.bd_addr, p_dev_rec->bd_addr, BD_ADDR_LEN); + memcpy (evt_data.dev_class, p_dev_rec->dev_class, DEV_CLASS_LEN); + + if (btm_cb.api.p_sp_callback) + (*btm_cb.api.p_sp_callback) (BTM_SP_COMPLT_EVT, (tBTM_SP_EVT_DATA *)&evt_data); + + if (disc) + { + /* simple pairing failed */ + btm_sec_send_hci_disconnect (p_dev_rec, HCI_ERR_AUTH_FAILURE); + } +} + +#if BTM_OOB_INCLUDED == TRUE +/******************************************************************************* +** +** Function btm_rem_oob_req +** +** Description This function is called to process/report +** HCI_REMOTE_OOB_DATA_REQUEST_EVT +** +** Returns void +** +*******************************************************************************/ +void btm_rem_oob_req (UINT8 *p) +{ + UINT8 *p_bda; + tBTM_SP_RMT_OOB evt_data; + tBTM_SEC_DEV_REC *p_dev_rec; + BT_OCTET16 c; + BT_OCTET16 r; + + p_bda = evt_data.bd_addr; + + STREAM_TO_BDADDR (p_bda, p); + + BTM_TRACE_EVENT6 ("btm_rem_oob_req() BDA: %02x:%02x:%02x:%02x:%02x:%02x", + p_bda[0], p_bda[1], p_bda[2], p_bda[3], p_bda[4], p_bda[5]); + + if ( (NULL != (p_dev_rec = btm_find_dev (p_bda))) && + btm_cb.api.p_sp_callback) + { + memcpy (evt_data.bd_addr, p_dev_rec->bd_addr, BD_ADDR_LEN); + memcpy (evt_data.dev_class, p_dev_rec->dev_class, DEV_CLASS_LEN); + BCM_STRNCPY_S((char *)evt_data.bd_name, sizeof(evt_data.bd_name), (char *)p_dev_rec->sec_bd_name, BTM_MAX_REM_BD_NAME_LEN+1); + + btm_sec_change_pairing_state(BTM_PAIR_STATE_WAIT_LOCAL_OOB_RSP); + if ((*btm_cb.api.p_sp_callback) (BTM_SP_RMT_OOB_EVT, (tBTM_SP_EVT_DATA *)&evt_data) == BTM_NOT_AUTHORIZED) + { + BTM_RemoteOobDataReply(TRUE, p_bda, c, r); + } + return; + } + + /* something bad. we can only fail this connection */ + btm_cb.acl_disc_reason = HCI_ERR_HOST_REJECT_SECURITY; + btsnd_hcic_rem_oob_neg_reply (p_bda); +} + +/******************************************************************************* +** +** Function btm_read_local_oob_complete +** +** Description This function is called when read local oob data is +** completed by the LM +** +** Returns void +** +*******************************************************************************/ +void btm_read_local_oob_complete (UINT8 *p) +{ + tBTM_SP_LOC_OOB evt_data; + UINT8 status = *p++; + + BTM_TRACE_EVENT1 ("btm_read_local_oob_complete:%d", status); + if (status == HCI_SUCCESS) + { + evt_data.status = BTM_SUCCESS; + STREAM_TO_ARRAY16(evt_data.c, p); + STREAM_TO_ARRAY16(evt_data.r, p); + } + else + evt_data.status = BTM_ERR_PROCESSING; + + if (btm_cb.api.p_sp_callback) + (*btm_cb.api.p_sp_callback) (BTM_SP_LOC_OOB_EVT, (tBTM_SP_EVT_DATA *)&evt_data); +} +#endif /* BTM_OOB_INCLUDED */ + +/******************************************************************************* +** +** Function btm_sec_auth_collision +** +** Description This function is called when authentication or encryption +** needs to be retried at a later time. +** +** Returns void +** +*******************************************************************************/ +static void btm_sec_auth_collision (UINT16 handle) +{ + tBTM_SEC_DEV_REC *p_dev_rec; + + if (!btm_cb.collision_start_time) + btm_cb.collision_start_time = GKI_get_tick_count (); + + if ((GKI_get_tick_count () - btm_cb.collision_start_time) < btm_cb.max_collision_delay) + { + if (handle == BTM_SEC_INVALID_HANDLE) + { + if ((p_dev_rec = btm_sec_find_dev_by_sec_state (BTM_SEC_STATE_AUTHENTICATING)) == NULL) + p_dev_rec = btm_sec_find_dev_by_sec_state (BTM_SEC_STATE_ENCRYPTING); + } + else + p_dev_rec = btm_find_dev_by_handle (handle); + + if (p_dev_rec != NULL) + { + BTM_TRACE_DEBUG1 ("btm_sec_auth_collision: state %d (retrying in a moment...)", p_dev_rec->sec_state); + /* We will restart authentication after timeout */ + if (p_dev_rec->sec_state == BTM_SEC_STATE_AUTHENTICATING || p_dev_rec->sec_state == BTM_SEC_STATE_ENCRYPTING) + p_dev_rec->sec_state = 0; + + btm_cb.p_collided_dev_rec = p_dev_rec; + btm_cb.sec_collision_tle.param = (UINT32) btm_sec_collision_timeout; + btu_start_timer (&btm_cb.sec_collision_tle, BTU_TTYPE_USER_FUNC, BT_1SEC_TIMEOUT); + } + } +} + +/******************************************************************************* +** +** Function btm_sec_auth_complete +** +** Description This function is when authentication of the connection is +** completed by the LM +** +** Returns void +** +*******************************************************************************/ +void btm_sec_auth_complete (UINT16 handle, UINT8 status) +{ + UINT8 old_sm4; + tBTM_PAIRING_STATE old_state = btm_cb.pairing_state; + tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev_by_handle (handle); + BOOLEAN are_bonding = FALSE; + + /* Commenting out trace due to obf/compilation problems. + */ +#if (BT_USE_TRACES == TRUE) + if (p_dev_rec) + { + BTM_TRACE_EVENT6 ("Security Manager: auth_complete PairState: %s handle:%u status:%d dev->sec_state: %u Bda:%08x, RName:%s", + btm_pair_state_descr (btm_cb.pairing_state), + handle, status, + p_dev_rec->sec_state, + (p_dev_rec->bd_addr[2]<<24)+(p_dev_rec->bd_addr[3]<<16)+(p_dev_rec->bd_addr[4]<<8)+p_dev_rec->bd_addr[5], + p_dev_rec->sec_bd_name); + } + else + { + BTM_TRACE_EVENT3 ("Security Manager: auth_complete PairState: %s handle:%u status:%d", + btm_pair_state_descr (btm_cb.pairing_state), + handle, status); + } +#endif + + /* For transaction collision we need to wait and repeat. There is no need */ + /* for random timeout because only slave should receive the result */ + if ((status == HCI_ERR_LMP_ERR_TRANS_COLLISION) || (status == HCI_ERR_DIFF_TRANSACTION_COLLISION)) + { + btm_sec_auth_collision(handle); + return; + } + btm_cb.collision_start_time = 0; + + btm_restore_mode(); + + /* Check if connection was made just to do bonding. If we authenticate + the connection that is up, this is the last event received. + */ + if (p_dev_rec + && (btm_cb.pairing_flags & BTM_PAIR_FLAGS_WE_STARTED_DD) + && !(btm_cb.pairing_flags & BTM_PAIR_FLAGS_DISC_WHEN_DONE)) + { + p_dev_rec->security_required &= ~BTM_SEC_OUT_AUTHENTICATE; + + l2cu_start_post_bond_timer (p_dev_rec->hci_handle); + } + + if (!p_dev_rec) + return; + + /* keep the old sm4 flag and clear the retry bit in control block */ + old_sm4 = p_dev_rec->sm4; + p_dev_rec->sm4 &= ~BTM_SM4_RETRY; + + if ( (btm_cb.pairing_state != BTM_PAIR_STATE_IDLE) + && (btm_cb.pairing_flags & BTM_PAIR_FLAGS_WE_STARTED_DD) + && (memcmp (p_dev_rec->bd_addr, btm_cb.pairing_bda, BD_ADDR_LEN) == 0) ) + are_bonding = TRUE; + + btm_sec_change_pairing_state (BTM_PAIR_STATE_IDLE); + + if (p_dev_rec->sec_state != BTM_SEC_STATE_AUTHENTICATING) + { + if ( (btm_cb.api.p_auth_complete_callback && status != HCI_SUCCESS) + && (old_state != BTM_PAIR_STATE_IDLE) ) + { + (*btm_cb.api.p_auth_complete_callback) (p_dev_rec->bd_addr, + p_dev_rec->dev_class, + p_dev_rec->sec_bd_name, status); + } + return; + } + + /* There can be a race condition, when we are starting authentication and + ** the peer device is doing encryption. + ** If first we receive encryption change up, then initiated authentication + ** can not be performed. According to the spec we can not do authentication + ** on the encrypted link, so device is correct. + */ + if ((status == HCI_ERR_COMMAND_DISALLOWED) + && ((p_dev_rec->sec_flags & (BTM_SEC_AUTHENTICATED | BTM_SEC_ENCRYPTED)) == + (BTM_SEC_AUTHENTICATED | BTM_SEC_ENCRYPTED))) + { + status = HCI_SUCCESS; + } + /* Currently we do not notify user if it is a keyboard which connects */ + /* User probably Disabled the keyboard while it was asleap. Let her try */ + if (btm_cb.api.p_auth_complete_callback) + { + /* report the suthentication status */ + if (old_state != BTM_PAIR_STATE_IDLE) + (*btm_cb.api.p_auth_complete_callback) (p_dev_rec->bd_addr, + p_dev_rec->dev_class, + p_dev_rec->sec_bd_name, status); + } + + p_dev_rec->sec_state = BTM_SEC_STATE_IDLE; + + /* If this is a bonding procedure can disconnect the link now */ + if (are_bonding) + { + p_dev_rec->security_required &= ~BTM_SEC_OUT_AUTHENTICATE; + + if (status != HCI_SUCCESS) + btm_sec_send_hci_disconnect (p_dev_rec, HCI_ERR_PEER_USER); + else + l2cu_start_post_bond_timer (p_dev_rec->hci_handle); + + return; + } + + /* If authentication failed, notify the waiting layer */ + if (status != HCI_SUCCESS) + { + if ((old_sm4 & BTM_SM4_RETRY) == 0) + { + /* allow retry only once */ + if (status == HCI_ERR_LMP_ERR_TRANS_COLLISION) + { + /* not retried yet. set the retry bit */ + p_dev_rec->sm4 |= BTM_SM4_RETRY; + BTM_TRACE_DEBUG2 ("Collision retry sm4:x%x sec_flags:0x%x", p_dev_rec->sm4, p_dev_rec->sec_flags); + } + /* this retry for missing key is for Lisbon or later only. + * Legacy device do not need this. the controller will drive the retry automatically */ + else if (HCI_ERR_KEY_MISSING == status && BTM_SEC_IS_SM4(p_dev_rec->sm4)) + { + /* not retried yet. set the retry bit */ + p_dev_rec->sm4 |= BTM_SM4_RETRY; + p_dev_rec->sec_flags &= ~BTM_SEC_LINK_KEY_KNOWN; + BTM_TRACE_DEBUG2 ("Retry for missing key sm4:x%x sec_flags:0x%x", p_dev_rec->sm4, p_dev_rec->sec_flags); + + /* With BRCM controller, we do not need to delete the stored link key in controller. + If the stack may sit on top of other controller, we may need this + BTM_DeleteStoredLinkKey (bd_addr, NULL); */ + } + + if (p_dev_rec->sm4 & BTM_SM4_RETRY) + { + btm_sec_execute_procedure (p_dev_rec); + return; + } + } + + btm_sec_dev_rec_cback_event (p_dev_rec, BTM_ERR_PROCESSING); + + if (btm_cb.pairing_flags & BTM_PAIR_FLAGS_DISC_WHEN_DONE) + { + btm_sec_send_hci_disconnect (p_dev_rec, HCI_ERR_AUTH_FAILURE); + } + return; + } + + p_dev_rec->sec_flags |= BTM_SEC_AUTHENTICATED; + + /* Authentication succeeded, execute the next security procedure, if any */ + status = btm_sec_execute_procedure (p_dev_rec); + + /* If there is no next procedure, or procedure failed to start, notify the caller */ + if (status != BTM_CMD_STARTED) + btm_sec_dev_rec_cback_event (p_dev_rec, status); +} + +/******************************************************************************* +** +** Function btm_sec_mkey_comp_event +** +** Description This function is when encryption of the connection is +** completed by the LM +** +** Returns void +** +*******************************************************************************/ +void btm_sec_mkey_comp_event (UINT16 handle, UINT8 status, UINT8 key_flg) +{ + tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev_by_handle (handle); + UINT8 bd_addr[BD_ADDR_LEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff} ; + + BTM_TRACE_EVENT2 ("Security Manager: mkey comp status:%d State:%d", + status, (p_dev_rec) ? p_dev_rec->sec_state : 0); + + /* If encryption setup failed, notify the waiting layer */ + /* There is no next procedure or start of procedure failed, notify the waiting layer */ + if (btm_cb.mkey_cback) + { + if (!p_dev_rec) + (btm_cb.mkey_cback)(bd_addr, status, key_flg ); + else + (btm_cb.mkey_cback)(p_dev_rec->bd_addr, status, key_flg ); + } +} + +/******************************************************************************* +** +** Function btm_sec_encrypt_change +** +** Description This function is when encryption of the connection is +** completed by the LM +** +** Returns void +** +*******************************************************************************/ +void btm_sec_encrypt_change (UINT16 handle, UINT8 status, UINT8 encr_enable) +{ + tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev_by_handle (handle); + + BTM_TRACE_EVENT3 ("Security Manager: encrypt_change status:%d State:%d, encr_enable = %d", + status, (p_dev_rec) ? p_dev_rec->sec_state : 0, encr_enable); + BTM_TRACE_DEBUG1 ("before update p_dev_rec->sec_flags=0x%x", p_dev_rec->sec_flags ); + + /* For transaction collision we need to wait and repeat. There is no need */ + /* for random timeout because only slave should receive the result */ + if ((status == HCI_ERR_LMP_ERR_TRANS_COLLISION) || (status == HCI_ERR_DIFF_TRANSACTION_COLLISION)) + { + btm_sec_auth_collision(handle); + return; + } + btm_cb.collision_start_time = 0; + + if (!p_dev_rec) + return; + + if ((status == HCI_SUCCESS) && encr_enable) + p_dev_rec->sec_flags |= (BTM_SEC_AUTHENTICATED | BTM_SEC_ENCRYPTED); + + /* It is possible that we decrypted the link to perform role switch */ + /* mark link not to be encrypted, so that when we execute security next time it will kick in again */ + if ((status == HCI_SUCCESS) && !encr_enable) + p_dev_rec->sec_flags &= ~BTM_SEC_ENCRYPTED; + + BTM_TRACE_DEBUG1 ("after update p_dev_rec->sec_flags=0x%x", p_dev_rec->sec_flags ); +#if BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE + if (p_dev_rec->device_type == BT_DEVICE_TYPE_BLE) + { + btm_ble_link_encrypted(p_dev_rec->bd_addr, encr_enable); + return; + } + else + /* BR/EDR connection, update the encryption key size to be 16 as always */ + p_dev_rec->enc_key_size = 16; +#endif + + /* If this encryption was started by peer do not need to do anything */ + if (p_dev_rec->sec_state != BTM_SEC_STATE_ENCRYPTING) + { + if (BTM_SEC_STATE_DELAY_FOR_ENC == p_dev_rec->sec_state) + { + p_dev_rec->sec_state = BTM_SEC_STATE_IDLE; + p_dev_rec->p_callback = NULL; + l2cu_resubmit_pending_sec_req (p_dev_rec->bd_addr); + } + return; + } + + p_dev_rec->sec_state = BTM_SEC_STATE_IDLE; + + /* If encryption setup failed, notify the waiting layer */ + if (status != HCI_SUCCESS) + { + btm_sec_dev_rec_cback_event (p_dev_rec, BTM_ERR_PROCESSING); + return; + } + + /* Encryption setup succeeded, execute the next security procedure, if any */ + status = (UINT8)btm_sec_execute_procedure (p_dev_rec); + + /* If there is no next procedure, or procedure failed to start, notify the caller */ + if (status != BTM_CMD_STARTED) + btm_sec_dev_rec_cback_event (p_dev_rec, status); +} + +/******************************************************************************* +** +** Function btm_sec_create_conn +** +** Description This function records current role and forwards request to +** HCI +** +** Returns void +** +*******************************************************************************/ +BOOLEAN btm_sec_create_conn (BD_ADDR bda, UINT16 packet_types, + UINT8 page_scan_rep_mode, UINT8 page_scan_mode, + UINT16 clock_offset, UINT8 allow_switch) +{ + tBTM_SEC_DEV_REC *p_dev_rec = btm_find_or_alloc_dev (bda); + + memcpy (btm_cb.connecting_bda, p_dev_rec->bd_addr, BD_ADDR_LEN); + memcpy (btm_cb.connecting_dc, p_dev_rec->dev_class, DEV_CLASS_LEN); + + btm_cb.acl_disc_reason = 0xff ; + + p_dev_rec->sec_state = BTM_SEC_STATE_IDLE; + p_dev_rec->role_master = TRUE; + + /* If any SCO link up, do not allow a switch */ + if (BTM_GetNumScoLinks() != 0) + allow_switch = HCI_CR_CONN_NOT_ALLOW_SWITCH; + + return(btsnd_hcic_create_conn (bda, packet_types, page_scan_rep_mode, + page_scan_mode, clock_offset, allow_switch)); +} + +/******************************************************************************* +** +** Function btm_sec_connect_after_reject_timeout +** +** Description Connection for bonding could not start because of the collision +** Initiate outgoing connection +** +** Returns Pointer to the TLE struct +** +*******************************************************************************/ +static void btm_sec_connect_after_reject_timeout (TIMER_LIST_ENT *p_tle) +{ + tBTM_SEC_DEV_REC *p_dev_rec = btm_cb.p_collided_dev_rec; + + BTM_TRACE_EVENT0 ("btm_sec_connect_after_reject_timeout()"); + btm_cb.sec_collision_tle.param = 0; + btm_cb.p_collided_dev_rec = 0; + + if (btm_sec_dd_create_conn(p_dev_rec) != BTM_CMD_STARTED) + { + BTM_TRACE_WARNING0 ("Security Manager: btm_sec_connect_after_reject_timeout: failed to start connection"); + + btm_sec_change_pairing_state (BTM_PAIR_STATE_IDLE); + + (*btm_cb.api.p_auth_complete_callback) (p_dev_rec->bd_addr, p_dev_rec->dev_class, + p_dev_rec->sec_bd_name, HCI_ERR_MEMORY_FULL); + } +} + +/******************************************************************************* +** +** Function btm_sec_connected +** +** Description This function is when a connection to the peer device is +** establsihed +** +** Returns void +** +*******************************************************************************/ +void btm_sec_connected (UINT8 *bda, UINT16 handle, UINT8 status, UINT8 enc_mode) +{ + tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bda); + UINT8 res; + BOOLEAN is_pairing_device = FALSE; + tACL_CONN *p_acl_cb; + + btm_acl_resubmit_page(); + + /* Commenting out trace due to obf/compilation problems. + */ +#if (BT_USE_TRACES == TRUE) + if (p_dev_rec) + { + BTM_TRACE_EVENT6 ("Security Manager: btm_sec_connected in state: %s handle:%d status:%d enc_mode:%d bda:%x RName:%s", + btm_pair_state_descr(btm_cb.pairing_state), handle, status, enc_mode, + (bda[2]<<24)+(bda[3]<<16)+(bda[4]<<8)+bda[5], + p_dev_rec->sec_bd_name); + } + else + { + BTM_TRACE_EVENT5 ("Security Manager: btm_sec_connected in state: %s handle:%d status:%d enc_mode:%d bda:%x ", + btm_pair_state_descr(btm_cb.pairing_state), handle, status, enc_mode, + (bda[2]<<24)+(bda[3]<<16)+(bda[4]<<8)+bda[5]); + } +#endif + + if (!p_dev_rec) + { + /* There is no device record for new connection. Allocate one */ + if (status == HCI_SUCCESS) + { + p_dev_rec = btm_sec_alloc_dev (bda); + } + else + { + /* can not find the device record and the status is error, + * just ignore it */ + return; + } + } + else /* Update the timestamp for this device */ + { + p_dev_rec->timestamp = btm_cb.dev_rec_count++; + if (p_dev_rec->sm4 & BTM_SM4_CONN_PEND) + { + /* tell L2CAP it's a bonding connection. */ + if ( (btm_cb.pairing_state != BTM_PAIR_STATE_IDLE) + && (memcmp (btm_cb.pairing_bda, p_dev_rec->bd_addr, BD_ADDR_LEN) == 0) + && (btm_cb.pairing_flags & BTM_PAIR_FLAGS_WE_STARTED_DD) ) + { + /* if incoming connection failed while pairing, then try to connect and continue */ + /* Motorola S9 disconnects without asking pin code */ + if ((status != HCI_SUCCESS)&&(btm_cb.pairing_state == BTM_PAIR_STATE_WAIT_PIN_REQ)) + { + BTM_TRACE_WARNING0 ("Security Manager: btm_sec_connected: incoming connection failed without asking PIN"); + + p_dev_rec->sm4 &= ~BTM_SM4_CONN_PEND; + if (p_dev_rec->sec_flags & BTM_SEC_NAME_KNOWN) + { + /* Start timer with 0 to initiate connection with new LCB */ + /* because L2CAP will delete current LCB with this event */ + btm_cb.p_collided_dev_rec = p_dev_rec; + btm_cb.sec_collision_tle.param = (UINT32) btm_sec_connect_after_reject_timeout; + btu_start_timer (&btm_cb.sec_collision_tle, BTU_TTYPE_USER_FUNC, 0); + } + else + { + btm_sec_change_pairing_state (BTM_PAIR_STATE_GET_REM_NAME); + BTM_ReadRemoteDeviceName(p_dev_rec->bd_addr, NULL); + } +#if BTM_DISC_DURING_RS == TRUE + p_dev_rec->rs_disc_pending = BTM_SEC_RS_NOT_PENDING; /* reset flag */ +#endif + return; + } + else + { + l2cu_update_lcb_4_bonding(p_dev_rec->bd_addr, TRUE); + } + } + /* always clear the pending flag */ + p_dev_rec->sm4 &= ~BTM_SM4_CONN_PEND; + } + } + +#if BTM_DISC_DURING_RS == TRUE + p_dev_rec->rs_disc_pending = BTM_SEC_RS_NOT_PENDING; /* reset flag */ +#endif + + if ( (btm_cb.pairing_state != BTM_PAIR_STATE_IDLE) + && (memcmp (btm_cb.pairing_bda, bda, BD_ADDR_LEN) == 0) ) + { + /* if we rejected incoming connection from bonding device */ + if ((status == HCI_ERR_HOST_REJECT_DEVICE) + &&(btm_cb.pairing_flags & BTM_PAIR_FLAGS_REJECTED_CONNECT)) + { + BTM_TRACE_WARNING2 ("Security Manager: btm_sec_connected: HCI_Conn_Comp Flags:0x%04x, sm4: 0x%x", + btm_cb.pairing_flags, p_dev_rec->sm4); + + btm_cb.pairing_flags &= ~BTM_PAIR_FLAGS_REJECTED_CONNECT; + if (BTM_SEC_IS_SM4_UNKNOWN(p_dev_rec->sm4)) + { + /* Try again: RNR when no ACL causes HCI_RMT_HOST_SUP_FEAT_NOTIFY_EVT */ + btm_sec_change_pairing_state (BTM_PAIR_STATE_GET_REM_NAME); + BTM_ReadRemoteDeviceName(bda, NULL); + return; + } + + /* if we already have pin code */ + if (btm_cb.pairing_state != BTM_PAIR_STATE_WAIT_LOCAL_PIN) + { + /* Start timer with 0 to initiate connection with new LCB */ + /* because L2CAP will delete current LCB with this event */ + btm_cb.p_collided_dev_rec = p_dev_rec; + btm_cb.sec_collision_tle.param = (UINT32) btm_sec_connect_after_reject_timeout; + btu_start_timer (&btm_cb.sec_collision_tle, BTU_TTYPE_USER_FUNC, 0); + } + + return; + } + /* wait for incoming connection without resetting pairing state */ + else if (status == HCI_ERR_CONNECTION_EXISTS) + { + BTM_TRACE_WARNING0 ("Security Manager: btm_sec_connected: Wait for incoming connection"); + return; + } + + is_pairing_device = TRUE; + } + + /* If connection was made to do bonding restore link security if changed */ + btm_restore_mode(); + + /* if connection fails during pin request, notify application */ + if (status != HCI_SUCCESS) + { + /* If connection failed because of during pairing, need to tell user */ + if (is_pairing_device) + { + p_dev_rec->security_required &= ~BTM_SEC_OUT_AUTHENTICATE; + p_dev_rec->sec_flags &= ~(BTM_SEC_LINK_KEY_KNOWN | BTM_SEC_LINK_KEY_AUTHED); + BTM_TRACE_DEBUG1 ("security_required:%x ", p_dev_rec->security_required ); + + btm_sec_change_pairing_state (BTM_PAIR_STATE_IDLE); + + /* We need to notify host that the key is not known any more */ + if (btm_cb.api.p_auth_complete_callback) + { + (*btm_cb.api.p_auth_complete_callback) (p_dev_rec->bd_addr, + p_dev_rec->dev_class, + p_dev_rec->sec_bd_name, status); + } + } + else if ((status == HCI_ERR_AUTH_FAILURE) || + (status == HCI_ERR_KEY_MISSING) || + (status == HCI_ERR_HOST_REJECT_SECURITY) || + (status == HCI_ERR_PAIRING_NOT_ALLOWED) || + (status == HCI_ERR_UNIT_KEY_USED) || + (status == HCI_ERR_PAIRING_WITH_UNIT_KEY_NOT_SUPPORTED) || + (status == HCI_ERR_ENCRY_MODE_NOT_ACCEPTABLE) || + (status == HCI_ERR_REPEATED_ATTEMPTS)) + { + p_dev_rec->security_required &= ~BTM_SEC_OUT_AUTHENTICATE; + p_dev_rec->sec_flags &= ~BTM_SEC_LINK_KEY_KNOWN; + + /* We need to notify host that the key is not known any more */ + if (btm_cb.api.p_auth_complete_callback) + { + (*btm_cb.api.p_auth_complete_callback) (p_dev_rec->bd_addr, + p_dev_rec->dev_class, + p_dev_rec->sec_bd_name, status); + } + } + + if (status == HCI_ERR_CONNECTION_TOUT || status == HCI_ERR_LMP_RESPONSE_TIMEOUT || + status == HCI_ERR_UNSPECIFIED || status == HCI_ERR_PAGE_TIMEOUT) + btm_sec_dev_rec_cback_event (p_dev_rec, BTM_DEVICE_TIMEOUT); + else + btm_sec_dev_rec_cback_event (p_dev_rec, BTM_ERR_PROCESSING); + + return; + } + + /* If initiated dedicated bonding, return the link key now, and initiate disconnect */ + /* If dedicated bonding, and we now have a link key, we are all done */ + if ( is_pairing_device + && (p_dev_rec->sec_flags & BTM_SEC_LINK_KEY_KNOWN) ) + { + if (p_dev_rec->link_key_not_sent) + { + p_dev_rec->link_key_not_sent = FALSE; + btm_send_link_key_notif(p_dev_rec); + } + + p_dev_rec->security_required &= ~BTM_SEC_OUT_AUTHENTICATE; + + /* remember flag before it is initialized */ + if (btm_cb.pairing_flags & BTM_PAIR_FLAGS_WE_STARTED_DD) + res = TRUE; + else + res = FALSE; + + if (btm_cb.api.p_auth_complete_callback) + (*btm_cb.api.p_auth_complete_callback) (p_dev_rec->bd_addr, + p_dev_rec->dev_class, + p_dev_rec->sec_bd_name, HCI_SUCCESS); + + btm_sec_change_pairing_state (BTM_PAIR_STATE_IDLE); + + if ( res ) + { + /* Let l2cap start bond timer */ + l2cu_update_lcb_4_bonding (p_dev_rec->bd_addr, TRUE); + } + + return; + } + + p_dev_rec->hci_handle = handle; + + /* role may not be correct here, it will be updated by l2cap, but we need to */ + /* notify btm_acl that link is up, so starting of rmt name request will not */ + /* set paging flag up */ + p_acl_cb = btm_bda_to_acl(bda); + if (p_acl_cb) + { + /* whatever is in btm_establish_continue() without reporting the BTM_BL_CONN_EVT event */ +#if (!defined(BTM_BYPASS_EXTRA_ACL_SETUP) || BTM_BYPASS_EXTRA_ACL_SETUP == FALSE) + /* For now there are a some devices that do not like sending */ + /* commands events and data at the same time. */ + /* Set the packet types to the default allowed by the device */ + btm_set_packet_types (p_acl_cb, btm_cb.btm_acl_pkt_types_supported); + + if (btm_cb.btm_def_link_policy) + BTM_SetLinkPolicy (p_acl_cb->remote_addr, &btm_cb.btm_def_link_policy); +#endif + + BTM_SetLinkSuperTout (p_acl_cb->remote_addr, btm_cb.btm_def_link_super_tout); + } + btm_acl_created (bda, p_dev_rec->dev_class, p_dev_rec->sec_bd_name, handle, HCI_ROLE_SLAVE, FALSE); + + /* Initialize security flags. We need to do that because some */ + /* authorization complete could have come after the connection is dropped */ + /* and that would set wrong flag that link has been authorized already */ + p_dev_rec->sec_flags &= ~(BTM_SEC_AUTHORIZED | BTM_SEC_AUTHENTICATED | + BTM_SEC_ENCRYPTED | BTM_SEC_ROLE_SWITCHED); + + if (enc_mode != HCI_ENCRYPT_MODE_DISABLED) + p_dev_rec->sec_flags |= (BTM_SEC_AUTHENTICATED | BTM_SEC_ENCRYPTED); + + if (btm_cb.security_mode == BTM_SEC_MODE_LINK) + p_dev_rec->sec_flags |= BTM_SEC_AUTHENTICATED; + + p_dev_rec->link_key_changed = FALSE; + + /* After connection is established we perform security if we do not know */ + /* the name, or if we are originator because some procedure can have */ + /* been scheduled while connection was down */ + BTM_TRACE_DEBUG1 ("is_originator:%d ", p_dev_rec->is_originator); + if (!(p_dev_rec->sec_flags & BTM_SEC_NAME_KNOWN) || p_dev_rec->is_originator) + { + if ((res = btm_sec_execute_procedure (p_dev_rec)) != BTM_CMD_STARTED) + btm_sec_dev_rec_cback_event (p_dev_rec, res); + } + return; +} + +/******************************************************************************* +** +** Function btm_sec_role_changed +** +** Description This function is colled when controller reports role +** changed, or failed command status for Role Change request +** +** Returns void +** +*******************************************************************************/ +void btm_sec_role_changed (void *p_ref_data) +{ + tBTM_SEC_DEV_REC *p_dev_rec = (tBTM_SEC_DEV_REC *)p_ref_data; + UINT8 res; + + BTM_TRACE_EVENT0 ("Security Manager: role changed"); + + /* If this role switch was started by peer do not need to do anything */ + if (p_dev_rec->sec_state != BTM_SEC_STATE_SWITCHING_ROLE) + return; + + /* If serurity required was to FORCE switch and it failed, notify the waiting layer */ + if (((p_dev_rec->security_required & BTM_SEC_FORCE_MASTER) && !p_dev_rec->role_master) + || ((p_dev_rec->security_required & BTM_SEC_FORCE_SLAVE) && p_dev_rec->role_master)) + { + btm_sec_dev_rec_cback_event (p_dev_rec, BTM_ERR_PROCESSING); + return; + } + + p_dev_rec->sec_flags |= BTM_SEC_ROLE_SWITCHED; + + p_dev_rec->security_required &= ~(BTM_SEC_FORCE_MASTER | BTM_SEC_ATTEMPT_MASTER | + BTM_SEC_FORCE_SLAVE | BTM_SEC_ATTEMPT_SLAVE); + + p_dev_rec->sec_state = BTM_SEC_STATE_IDLE; + + if ((res = (UINT8)btm_sec_execute_procedure (p_dev_rec)) != BTM_CMD_STARTED) + { + btm_sec_dev_rec_cback_event (p_dev_rec, res); + } +} + +/******************************************************************************* +** +** Function btm_sec_disconnect +** +** Description This function is called to disconnect HCI link +** +** Returns btm status +** +*******************************************************************************/ +tBTM_STATUS btm_sec_disconnect (UINT16 handle, UINT8 reason) +{ + tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev_by_handle (handle); + + /* In some weird race condition we may not have a record */ + if (!p_dev_rec) + { + btsnd_hcic_disconnect (handle, reason); + return(BTM_SUCCESS); + } + + /* If we are in the process of bonding we need to tell client that auth failed */ + if ( (btm_cb.pairing_state != BTM_PAIR_STATE_IDLE) + && (memcmp (btm_cb.pairing_bda, p_dev_rec->bd_addr, BD_ADDR_LEN) == 0) + && (btm_cb.pairing_flags & BTM_PAIR_FLAGS_WE_STARTED_DD) ) + { + /* we are currently doing bonding. Link will be disconnected when done */ + btm_cb.pairing_flags |= BTM_PAIR_FLAGS_DISC_WHEN_DONE; + return(BTM_BUSY); + } + + return(btm_sec_send_hci_disconnect(p_dev_rec, reason)); +} + +/******************************************************************************* +** +** Function btm_sec_disconnected +** +** Description This function is when a connection to the peer device is +** dropped +** +** Returns void +** +*******************************************************************************/ +void btm_sec_disconnected (UINT16 handle, UINT8 reason) +{ + tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev_by_handle (handle); + UINT8 old_pairing_flags = btm_cb.pairing_flags; + int result = HCI_ERR_AUTH_FAILURE; + + /* If page was delayed for disc complete, can do it now */ + btm_cb.discing = FALSE; + + btm_acl_resubmit_page(); + + if (!p_dev_rec) + return; + +#if BTM_DISC_DURING_RS == TRUE + BTM_TRACE_ERROR0("btm_sec_disconnected - Clearing Pending flag"); + p_dev_rec->rs_disc_pending = BTM_SEC_RS_NOT_PENDING; /* reset flag */ +#endif + + /* clear unused flags */ + p_dev_rec->sm4 &= BTM_SM4_TRUE; + + BTM_TRACE_EVENT6("btm_sec_disconnected() sec_req:x%x State: %s reason:%d bda:%04x%08x RName:%s", + p_dev_rec->security_required, btm_pair_state_descr(btm_cb.pairing_state), reason, (p_dev_rec->bd_addr[0]<<8)+p_dev_rec->bd_addr[1], + (p_dev_rec->bd_addr[2]<<24)+(p_dev_rec->bd_addr[3]<<16)+(p_dev_rec->bd_addr[4]<<8)+p_dev_rec->bd_addr[5], p_dev_rec->sec_bd_name); + + BTM_TRACE_EVENT1("before Update sec_flags=0x%x", p_dev_rec->sec_flags); + + /* If we are in the process of bonding we need to tell client that auth failed */ + if ( (btm_cb.pairing_state != BTM_PAIR_STATE_IDLE) + && (memcmp (btm_cb.pairing_bda, p_dev_rec->bd_addr, BD_ADDR_LEN) == 0)) + { + btm_sec_change_pairing_state (BTM_PAIR_STATE_IDLE); + p_dev_rec->sec_flags &= ~BTM_SEC_LINK_KEY_KNOWN; + if (btm_cb.api.p_auth_complete_callback) + { + /* If the disconnection reason is REPEATED_ATTEMPTS, + send this error message to complete callback function + to display the error message of Repeated attempts. + All others, send HCI_ERR_AUTH_FAILURE. */ + if (reason == HCI_ERR_REPEATED_ATTEMPTS) + { + result = HCI_ERR_REPEATED_ATTEMPTS; + } + else if (old_pairing_flags & BTM_PAIR_FLAGS_WE_STARTED_DD) + { + result = HCI_ERR_HOST_REJECT_SECURITY; + } + (*btm_cb.api.p_auth_complete_callback) (p_dev_rec->bd_addr, p_dev_rec->dev_class, + p_dev_rec->sec_bd_name, reason); + } + } + + p_dev_rec->hci_handle = BTM_SEC_INVALID_HANDLE; + p_dev_rec->sec_state = BTM_SEC_STATE_IDLE; + +#if BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE + p_dev_rec->enc_key_size = 0; + btm_ble_resume_bg_conn(NULL, TRUE); + /* see sec_flags processing in btm_acl_removed */ +#endif + p_dev_rec->sec_flags &= ~(BTM_SEC_AUTHORIZED | BTM_SEC_AUTHENTICATED | BTM_SEC_ENCRYPTED | BTM_SEC_ROLE_SWITCHED); + + p_dev_rec->security_required = BTM_SEC_NONE; + p_dev_rec->p_callback = NULL; /* when the peer device time out the authentication before we do, this call back must be reset here */ + BTM_TRACE_EVENT1("after Update sec_flags=0x%x", p_dev_rec->sec_flags); +} + +/******************************************************************************* +** +** Function btm_sec_link_key_notification +** +** Description This function is called when a new connection link key is +** generated +** +** Returns Pointer to the record or NULL +** +*******************************************************************************/ +void btm_sec_link_key_notification (UINT8 *p_bda, UINT8 *p_link_key, UINT8 key_type) +{ + tBTM_SEC_DEV_REC *p_dev_rec = btm_find_or_alloc_dev (p_bda); + BOOLEAN we_are_bonding = FALSE; + + BTM_TRACE_EVENT3 ("btm_sec_link_key_notification() BDA:%04x%08x, TYPE: %d", + (p_bda[0]<<8)+p_bda[1], (p_bda[2]<<24)+(p_bda[3]<<16)+(p_bda[4]<<8)+p_bda[5], + key_type); + + /* If connection was made to do bonding restore link security if changed */ + btm_restore_mode(); + + /* Override the key type if version is pre-1.1 */ + if (btm_cb.devcb.local_version.hci_version < HCI_VERSION_1_1) + p_dev_rec->link_key_type = BTM_LKEY_TYPE_IGNORE; + if (key_type != BTM_LKEY_TYPE_CHANGED_COMB) + p_dev_rec->link_key_type = key_type; + + p_dev_rec->sec_flags |= BTM_SEC_LINK_KEY_KNOWN; + + memcpy (p_dev_rec->link_key, p_link_key, LINK_KEY_LEN); + + if ( (btm_cb.pairing_state != BTM_PAIR_STATE_IDLE) + && (memcmp (btm_cb.pairing_bda, p_bda, BD_ADDR_LEN) == 0) ) + { + if (btm_cb.pairing_flags & BTM_PAIR_FLAGS_WE_STARTED_DD) + we_are_bonding = TRUE; + else + btm_sec_change_pairing_state (BTM_PAIR_STATE_IDLE); + } + + /* If name is not known at this point delay calling callback until the name is */ + /* resolved. Unless it is a HID Device and we really need to send all link keys. */ + if ((!(p_dev_rec->sec_flags & BTM_SEC_NAME_KNOWN) + && ((p_dev_rec->dev_class[1] & BTM_COD_MAJOR_CLASS_MASK) != BTM_COD_MAJOR_PERIPHERAL)) ) + { + BTM_TRACE_EVENT3 ("btm_sec_link_key_notification() Delayed BDA: %08x%04x Type:%d", + (p_bda[0]<<24) + (p_bda[1]<<16) + (p_bda[2]<<8) + p_bda[3], (p_bda[4] << 8) + p_bda[5], key_type); + + p_dev_rec->link_key_not_sent = TRUE; + + /* If it is for bonding nothing else will follow, so we need to start name resolution */ + if (we_are_bonding) + { + if (!(btsnd_hcic_rmt_name_req (p_bda, HCI_PAGE_SCAN_REP_MODE_R1, HCI_MANDATARY_PAGE_SCAN_MODE, 0))) + btm_inq_rmt_name_failed(); + } + + BTM_TRACE_EVENT3 ("rmt_io_caps:%d, sec_flags:x%x, dev_class[1]:x%02x", p_dev_rec->rmt_io_caps, p_dev_rec->sec_flags, p_dev_rec->dev_class[1]) + return; + } + + /* If its not us who perform authentication, we should tell stackserver */ + /* that some authentication has been completed */ + /* This is required when different entities receive link notification and auth complete */ + if (!(p_dev_rec->security_required & BTM_SEC_OUT_AUTHENTICATE)) + { + if (btm_cb.api.p_auth_complete_callback) + (*btm_cb.api.p_auth_complete_callback) (p_dev_rec->bd_addr, p_dev_rec->dev_class, + p_dev_rec->sec_bd_name, HCI_SUCCESS); + } + + /* We will save link key only if the user authorized it - BTE report link key in all cases */ +#ifdef BRCM_NONE_BTE + if (p_dev_rec->sec_flags & BTM_SEC_LINK_KEY_AUTHED) +#endif + { + if (btm_cb.api.p_link_key_callback) + { + (*btm_cb.api.p_link_key_callback) (p_bda, p_dev_rec->dev_class, p_dev_rec->sec_bd_name, + p_link_key, p_dev_rec->link_key_type); + } + } +} + +/******************************************************************************* +** +** Function btm_sec_link_key_request +** +** Description This function is called when controller requests link key +** +** Returns Pointer to the record or NULL +** +*******************************************************************************/ +void btm_sec_link_key_request (UINT8 *p_bda) +{ + tBTM_SEC_DEV_REC *p_dev_rec = btm_find_or_alloc_dev (p_bda); + + BTM_TRACE_EVENT6 ("btm_sec_link_key_request() BDA: %02x:%02x:%02x:%02x:%02x:%02x", + p_bda[0], p_bda[1], p_bda[2], p_bda[3], p_bda[4], p_bda[5]); + + if (p_dev_rec->sec_flags & BTM_SEC_LINK_KEY_KNOWN) + { + btsnd_hcic_link_key_req_reply (p_bda, p_dev_rec->link_key); + return; + } + + /* Notify L2CAP to increase timeout */ + l2c_pin_code_request (p_bda); + + /* Only ask the host for a key if this guy is not already bonding */ + if ( (btm_cb.pairing_state == BTM_PAIR_STATE_IDLE) + || (memcmp (p_bda, btm_cb.pairing_bda, BD_ADDR_LEN) != 0) ) + { + if (btm_cb.api.p_link_key_req_callback) + { + if ((*btm_cb.api.p_link_key_req_callback)(p_bda, p_dev_rec->link_key) == BTM_SUCCESS) + { + btsnd_hcic_link_key_req_reply (p_bda, p_dev_rec->link_key); + return; + } + } + } + + /* The link key is not in the database and it is not known to the manager */ + btsnd_hcic_link_key_neg_reply (p_bda); +} + +/******************************************************************************* +** +** Function btm_sec_pairing_timeout +** +** Description This function is called when host does not provide PIN +** within requested time +** +** Returns Pointer to the TLE struct +** +*******************************************************************************/ +static void btm_sec_pairing_timeout (TIMER_LIST_ENT *p_tle) +{ + tBTM_CB *p_cb = &btm_cb; + tBTM_SEC_DEV_REC *p_dev_rec; +#if BTM_OOB_INCLUDED == TRUE +#if (BTM_LOCAL_IO_CAPS == BTM_IO_CAP_NONE) + tBTM_AUTH_REQ auth_req = BTM_AUTH_AP_NO; +#else + tBTM_AUTH_REQ auth_req = BTM_AUTH_AP_YES; +#endif +#endif + UINT8 name[2]; + + p_cb->pairing_tle.param = 0; +/* Coverity: FALSE-POSITIVE error from Coverity tool. Please do NOT remove following comment. */ +/* coverity[UNUSED_VALUE] pointer p_dev_rec is actually used several times... This is a Coverity false-positive, i.e. a fake issue. +*/ + p_dev_rec = btm_find_dev (p_cb->pairing_bda); + + BTM_TRACE_EVENT2 ("btm_sec_pairing_timeout() State: %s Flags: %u", + btm_pair_state_descr(p_cb->pairing_state), p_cb->pairing_flags); + + switch (p_cb->pairing_state) + { + case BTM_PAIR_STATE_WAIT_PIN_REQ: + btm_sec_bond_cancel_complete(); + break; + + case BTM_PAIR_STATE_WAIT_LOCAL_PIN: + if ( (btm_cb.pairing_flags & BTM_PAIR_FLAGS_PRE_FETCH_PIN) == 0) + btsnd_hcic_pin_code_neg_reply (p_cb->pairing_bda); + btm_sec_change_pairing_state (BTM_PAIR_STATE_IDLE); + /* We need to notify the UI that no longer need the PIN */ + if (btm_cb.api.p_auth_complete_callback) + { + if (p_dev_rec == NULL) + { + name[0] = 0; + (*btm_cb.api.p_auth_complete_callback) (p_cb->pairing_bda, + NULL, + name, HCI_ERR_CONNECTION_TOUT); + } + else + (*btm_cb.api.p_auth_complete_callback) (p_dev_rec->bd_addr, + p_dev_rec->dev_class, + p_dev_rec->sec_bd_name, HCI_ERR_CONNECTION_TOUT); + } + break; + + case BTM_PAIR_STATE_WAIT_NUMERIC_CONFIRM: + btsnd_hcic_user_conf_reply (p_cb->pairing_bda, FALSE); + /* btm_sec_change_pairing_state (BTM_PAIR_STATE_IDLE); */ + break; + +#if (BTM_LOCAL_IO_CAPS != BTM_IO_CAP_NONE) + case BTM_PAIR_STATE_KEY_ENTRY: + btsnd_hcic_user_passkey_neg_reply(p_cb->pairing_bda); + /* btm_sec_change_pairing_state (BTM_PAIR_STATE_IDLE); */ + break; +#endif /* !BTM_IO_CAP_NONE */ + +#if BTM_OOB_INCLUDED == TRUE + case BTM_PAIR_STATE_WAIT_LOCAL_IOCAPS: + if (btm_cb.pairing_flags & BTM_PAIR_FLAGS_WE_STARTED_DD) + auth_req |= BTM_AUTH_DD_BOND; + + btsnd_hcic_io_cap_req_reply (p_cb->pairing_bda, btm_cb.devcb.loc_io_caps, + BTM_OOB_NONE, auth_req); + btm_sec_change_pairing_state (BTM_PAIR_STATE_IDLE); + break; + + case BTM_PAIR_STATE_WAIT_LOCAL_OOB_RSP: + btsnd_hcic_rem_oob_neg_reply (p_cb->pairing_bda); + btm_sec_change_pairing_state (BTM_PAIR_STATE_IDLE); + break; +#endif /* BTM_OOB_INCLUDED */ + + case BTM_PAIR_STATE_WAIT_DISCONNECT: + /* simple pairing failed. Started a 1-sec timer at simple pairing complete. + * now it's time to tear down the ACL link*/ + if (p_dev_rec == NULL) + { + BTM_TRACE_ERROR2 ("btm_sec_pairing_timeout() BTM_PAIR_STATE_WAIT_DISCONNECT unknown BDA: %08x%04x", + (p_cb->pairing_bda[0]<<24) + (p_cb->pairing_bda[1]<<16) + (p_cb->pairing_bda[2]<<8) + p_cb->pairing_bda[3], + (p_cb->pairing_bda[4] << 8) + p_cb->pairing_bda[5]); + break; + } + btm_sec_send_hci_disconnect (p_dev_rec, HCI_ERR_AUTH_FAILURE); + btm_sec_change_pairing_state (BTM_PAIR_STATE_IDLE); + break; + + default: + BTM_TRACE_WARNING1 ("btm_sec_pairing_timeout() not processed state: %s", btm_pair_state_descr(btm_cb.pairing_state)); + btm_sec_change_pairing_state (BTM_PAIR_STATE_IDLE); + break; + } +} + +/******************************************************************************* +** +** Function btm_sec_pin_code_request +** +** Description This function is called when controller requests PIN code +** +** Returns Pointer to the record or NULL +** +*******************************************************************************/ +void btm_sec_pin_code_request (UINT8 *p_bda) +{ + tBTM_SEC_DEV_REC *p_dev_rec; + tBTM_CB *p_cb = &btm_cb; + + BTM_TRACE_EVENT3 ("btm_sec_pin_code_request() State: %s, BDA:%04x%08x", + btm_pair_state_descr(btm_cb.pairing_state), + (p_bda[0]<<8)+p_bda[1], (p_bda[2]<<24)+(p_bda[3]<<16)+(p_bda[4]<<8)+p_bda[5] ); + + if (btm_cb.pairing_state != BTM_PAIR_STATE_IDLE) + { + if ( (memcmp (p_bda, btm_cb.pairing_bda, BD_ADDR_LEN) == 0) && + (btm_cb.pairing_state == BTM_PAIR_STATE_WAIT_AUTH_COMPLETE) ) + { + /* fake this out - porshe carkit issue - */ +// btm_cb.pairing_state = BTM_PAIR_STATE_IDLE; + if(! btm_cb.pin_code_len_saved) + { + btsnd_hcic_pin_code_neg_reply (p_bda); + return; + } + else + { + btsnd_hcic_pin_code_req_reply (p_bda, btm_cb.pin_code_len_saved, p_cb->pin_code); + return; + } + } + else if ((btm_cb.pairing_state != BTM_PAIR_STATE_WAIT_PIN_REQ) + || memcmp (p_bda, btm_cb.pairing_bda, BD_ADDR_LEN) != 0) + { + BTM_TRACE_WARNING1 ("btm_sec_pin_code_request() rejected - state: %s", + btm_pair_state_descr(btm_cb.pairing_state)); + +#ifdef PORCHE_PAIRING_CONFLICT + /* reply pin code again due to counter in_rand when local initiates pairing */ + BTM_TRACE_EVENT0 ("btm_sec_pin_code_request from remote dev. for local initiated pairing"); + if(! btm_cb.pin_code_len_saved) + { + btsnd_hcic_pin_code_neg_reply (p_bda); + } + else + { + btm_sec_change_pairing_state (BTM_PAIR_STATE_WAIT_AUTH_COMPLETE); + btsnd_hcic_pin_code_req_reply (p_bda, btm_cb.pin_code_len_saved, p_cb->pin_code); + } +#else + btsnd_hcic_pin_code_neg_reply (p_bda); +#endif + return; + } + } + + p_dev_rec = btm_find_or_alloc_dev (p_bda); + /* received PIN code request. must be non-sm4 */ + p_dev_rec->sm4 = BTM_SM4_KNOWN; + + if (btm_cb.pairing_state == BTM_PAIR_STATE_IDLE) + { + memcpy (btm_cb.pairing_bda, p_bda, BD_ADDR_LEN); + + btm_cb.pairing_flags = BTM_PAIR_FLAGS_PEER_STARTED_DD; + /* Make sure we reset the trusted mask to help against attacks */ + BTM_SEC_CLR_TRUSTED_DEVICE(p_dev_rec->trusted_mask); + } + + if (!p_cb->pairing_disabled && (p_cb->cfg.pin_type == HCI_PIN_TYPE_FIXED)) + { + BTM_TRACE_EVENT0 ("btm_sec_pin_code_request fixed pin replying"); + btm_sec_change_pairing_state (BTM_PAIR_STATE_WAIT_AUTH_COMPLETE); + btsnd_hcic_pin_code_req_reply (p_bda, p_cb->cfg.pin_code_len, p_cb->cfg.pin_code); + return; + } + + /* Use the connecting device's CoD for the connection */ + if ( (!memcmp (p_bda, p_cb->connecting_bda, BD_ADDR_LEN)) + && (p_cb->connecting_dc[0] || p_cb->connecting_dc[1] || p_cb->connecting_dc[2]) ) + memcpy (p_dev_rec->dev_class, p_cb->connecting_dc, DEV_CLASS_LEN); + + /* We could have started connection after asking user for the PIN code */ + if (btm_cb.pin_code_len != 0) + { + BTM_TRACE_EVENT0 ("btm_sec_pin_code_request bonding sending reply"); + btsnd_hcic_pin_code_req_reply (p_bda, btm_cb.pin_code_len, p_cb->pin_code); + +#ifdef PORCHE_PAIRING_CONFLICT + btm_cb.pin_code_len_saved = btm_cb.pin_code_len; +#endif + + /* Mark that we forwarded received from the user PIN code */ + btm_cb.pin_code_len = 0; + + /* We can change mode back right away, that other connection being established */ + /* is not forced to be secure - found a FW issue, so we can not do this + btm_restore_mode(); */ + + btm_sec_change_pairing_state (BTM_PAIR_STATE_WAIT_AUTH_COMPLETE); + } + + /* If pairing disabled OR (no PIN callback and not bonding) */ + /* OR we could not allocate entry in the database reject pairing request */ + else if (p_cb->pairing_disabled + || (p_cb->api.p_pin_callback == NULL) + + /* OR Microsoft keyboard can for some reason try to establish connection */ + /* the only thing we can do here is to shut it up. Normally we will be originator */ + /* for keyboard bonding */ + || (!p_dev_rec->is_originator + && ((p_dev_rec->dev_class[1] & BTM_COD_MAJOR_CLASS_MASK) == BTM_COD_MAJOR_PERIPHERAL) + && (p_dev_rec->dev_class[2] & BTM_COD_MINOR_KEYBOARD)) ) + { + BTM_TRACE_WARNING3("btm_sec_pin_code_request(): Pairing disabled:%d; PIN callback:%x, Dev Rec:%x!", + p_cb->pairing_disabled, p_cb->api.p_pin_callback, p_dev_rec); + + btsnd_hcic_pin_code_neg_reply (p_bda); + } + /* Notify upper layer of PIN request and start expiration timer */ + else + { + btm_cb.pin_code_len_saved = 0; + btm_sec_change_pairing_state (BTM_PAIR_STATE_WAIT_LOCAL_PIN); + /* Pin code request can not come at the same time as connection request */ + memcpy (p_cb->connecting_bda, p_bda, BD_ADDR_LEN); + memcpy (p_cb->connecting_dc, p_dev_rec->dev_class, DEV_CLASS_LEN); + + /* Check if the name is known */ + /* Even if name is not known we might not be able to get one */ + /* this is the case when we are already getting something from the */ + /* device, so HCI level is flow controlled */ + /* Also cannot send remote name request while paging, i.e. connection is not completed */ + if (p_dev_rec->sec_flags & BTM_SEC_NAME_KNOWN) + { + BTM_TRACE_EVENT0 ("btm_sec_pin_code_request going for callback"); + + btm_cb.pairing_flags |= BTM_PAIR_FLAGS_PIN_REQD; + if (p_cb->api.p_pin_callback) + (*p_cb->api.p_pin_callback) (p_bda, p_dev_rec->dev_class, p_dev_rec->sec_bd_name); + } + else + { + BTM_TRACE_EVENT0 ("btm_sec_pin_code_request going for remote name"); + + /* We received PIN code request for the device with unknown name */ + /* it is not user friendly just to ask for the PIN without name */ + /* try to get name at first */ + if (!btsnd_hcic_rmt_name_req (p_dev_rec->bd_addr, + HCI_PAGE_SCAN_REP_MODE_R1, + HCI_MANDATARY_PAGE_SCAN_MODE, 0)) + { + p_dev_rec->sec_flags |= BTM_SEC_NAME_KNOWN; + p_dev_rec->sec_bd_name[0] = 'f'; + p_dev_rec->sec_bd_name[1] = '0'; + BTM_TRACE_ERROR0 ("can not send rmt_name_req?? fake a name and call callback"); + + btm_cb.pairing_flags |= BTM_PAIR_FLAGS_PIN_REQD; + if (p_cb->api.p_pin_callback) + (*p_cb->api.p_pin_callback) (p_bda, p_dev_rec->dev_class, p_dev_rec->sec_bd_name); + } + } + } + + return; +} + +/******************************************************************************* +** +** Function btm_sec_update_clock_offset +** +** Description This function is called to update clock offset +** +** Returns void +** +*******************************************************************************/ +void btm_sec_update_clock_offset (UINT16 handle, UINT16 clock_offset) +{ + tBTM_SEC_DEV_REC *p_dev_rec; + tBTM_INQ_INFO *p_inq_info; + + if ((p_dev_rec = btm_find_dev_by_handle (handle)) == NULL) + return; + + p_dev_rec->clock_offset = clock_offset | BTM_CLOCK_OFFSET_VALID; + + if ((p_inq_info = BTM_InqDbRead(p_dev_rec->bd_addr)) == NULL) + return; + + p_inq_info->results.clock_offset = clock_offset | BTM_CLOCK_OFFSET_VALID; +} + + +/****************************************************************** +** S T A T I C F U N C T I O N S +*******************************************************************/ + +/******************************************************************************* +** +** Function btm_sec_execute_procedure +** +** Description This function is called to start required security +** procedure. There is a case when multiplexing protocol +** calls this function on the originating side, connection to +** the peer will not be established. This function in this +** case performs only authorization. +** +** Returns BTM_SUCCESS - permission is granted +** BTM_CMD_STARTED - in process +** BTM_NO_RESOURCES - permission declined +** +*******************************************************************************/ +static tBTM_STATUS btm_sec_execute_procedure (tBTM_SEC_DEV_REC *p_dev_rec) +{ + BTM_TRACE_EVENT3 ("btm_sec_execute_procedure: Required:0x%x Flags:0x%x State:%d", + p_dev_rec->security_required, p_dev_rec->sec_flags, p_dev_rec->sec_state); + + /* There is a chance that we are getting name. Wait until done. */ + if (p_dev_rec->sec_state != 0) + return(BTM_CMD_STARTED); + + /* If any security is required, get the name first */ + if (!(p_dev_rec->sec_flags & BTM_SEC_NAME_KNOWN) + && (p_dev_rec->hci_handle != BTM_SEC_INVALID_HANDLE)) + { + BTM_TRACE_EVENT0 ("Security Manager: Start get name"); + if (!btm_sec_start_get_name (p_dev_rec)) + { + return(BTM_NO_RESOURCES); + } + return(BTM_CMD_STARTED); + } + + /* If connection is not authenticated and authentication is required */ + /* start authentication and return PENDING to the caller */ + if ((!(p_dev_rec->sec_flags & BTM_SEC_AUTHENTICATED)) + && (( p_dev_rec->is_originator && (p_dev_rec->security_required & BTM_SEC_OUT_AUTHENTICATE)) + || (!p_dev_rec->is_originator && (p_dev_rec->security_required & BTM_SEC_IN_AUTHENTICATE))) + && (p_dev_rec->hci_handle != BTM_SEC_INVALID_HANDLE)) + { +#if (L2CAP_UCD_INCLUDED == TRUE) + /* if incoming UCD packet, discard it */ + if ( !p_dev_rec->is_originator && (p_dev_rec->is_ucd == TRUE )) + return(BTM_FAILED_ON_SECURITY); +#endif + + BTM_TRACE_EVENT0 ("Security Manager: Start authentication"); + + if (!btm_sec_start_authentication (p_dev_rec)) + { + return(BTM_NO_RESOURCES); + } + return(BTM_CMD_STARTED); + } + + /* If connection is not encrypted and encryption is required */ + /* start encryption and return PENDING to the caller */ + if (!(p_dev_rec->sec_flags & BTM_SEC_ENCRYPTED) + && (( p_dev_rec->is_originator && (p_dev_rec->security_required & BTM_SEC_OUT_ENCRYPT)) + || (!p_dev_rec->is_originator && (p_dev_rec->security_required & BTM_SEC_IN_ENCRYPT))) + && (p_dev_rec->hci_handle != BTM_SEC_INVALID_HANDLE)) + { +#if (L2CAP_UCD_INCLUDED == TRUE) + /* if incoming UCD packet, discard it */ + if ( !p_dev_rec->is_originator && (p_dev_rec->is_ucd == TRUE )) + return(BTM_FAILED_ON_SECURITY); +#endif + + BTM_TRACE_EVENT0 ("Security Manager: Start encryption"); + + if (!btm_sec_start_encryption (p_dev_rec)) + { + return(BTM_NO_RESOURCES); + } + return(BTM_CMD_STARTED); + } + + /* If connection is not authorized and authorization is required */ + /* start authorization and return PENDING to the caller */ + if (!(p_dev_rec->sec_flags & BTM_SEC_AUTHORIZED) + && (( p_dev_rec->is_originator && (p_dev_rec->security_required & BTM_SEC_OUT_AUTHORIZE)) + || (!p_dev_rec->is_originator && (p_dev_rec->security_required & BTM_SEC_IN_AUTHORIZE)))) + { + BTM_TRACE_EVENT2 ("service id:%d, is trusted:%d", + p_dev_rec->p_cur_service->service_id, + (BTM_SEC_IS_SERVICE_TRUSTED(p_dev_rec->trusted_mask, + p_dev_rec->p_cur_service->service_id))); + if ((btm_sec_are_all_trusted(p_dev_rec->trusted_mask) == FALSE) && + (p_dev_rec->p_cur_service->service_id < BTM_SEC_MAX_SERVICES) && + (BTM_SEC_IS_SERVICE_TRUSTED(p_dev_rec->trusted_mask, + p_dev_rec->p_cur_service->service_id) == FALSE)) + { + BTM_TRACE_EVENT0 ("Security Manager: Start authorization"); + return(btm_sec_start_authorization (p_dev_rec)); + } + } + + /* All required security procedures already established */ + p_dev_rec->security_required &= ~(BTM_SEC_OUT_AUTHORIZE | BTM_SEC_IN_AUTHORIZE | + BTM_SEC_OUT_AUTHENTICATE | BTM_SEC_IN_AUTHENTICATE | + BTM_SEC_OUT_ENCRYPT | BTM_SEC_IN_ENCRYPT | + BTM_SEC_FORCE_MASTER | BTM_SEC_ATTEMPT_MASTER | + BTM_SEC_FORCE_SLAVE | BTM_SEC_ATTEMPT_SLAVE); + + BTM_TRACE_EVENT2 ("Security Manager: trusted:0x%04x%04x", p_dev_rec->trusted_mask[1], p_dev_rec->trusted_mask[0]); + BTM_TRACE_EVENT0 ("Security Manager: access granted"); + + return(BTM_SUCCESS); +} + + +/******************************************************************************* +** +** Function btm_sec_start_get_name +** +** Description This function is called to start get name procedure +** +** Returns TRUE if started +** +*******************************************************************************/ +static BOOLEAN btm_sec_start_get_name (tBTM_SEC_DEV_REC *p_dev_rec) +{ + UINT8 tempstate = p_dev_rec->sec_state; + + p_dev_rec->sec_state = BTM_SEC_STATE_GETTING_NAME; + + /* Device should be connected, no need to provide correct page params */ + /* 0 and NULL are as timeout and callback params because they are not used in security get name case */ + if ((btm_initiate_rem_name (p_dev_rec->bd_addr, NULL, BTM_RMT_NAME_SEC, + 0, NULL)) != BTM_CMD_STARTED) + { + p_dev_rec->sec_state = tempstate; + return(FALSE); + } + + return(TRUE); +} + +/******************************************************************************* +** +** Function btm_sec_start_authentication +** +** Description This function is called to start authentication +** +** Returns TRUE if started +** +*******************************************************************************/ +static BOOLEAN btm_sec_start_authentication (tBTM_SEC_DEV_REC *p_dev_rec) +{ + p_dev_rec->sec_state = BTM_SEC_STATE_AUTHENTICATING; + + return(btsnd_hcic_auth_request (p_dev_rec->hci_handle)); +} + +/******************************************************************************* +** +** Function btm_sec_start_encryption +** +** Description This function is called to start encryption +** +** Returns TRUE if started +** +*******************************************************************************/ +static BOOLEAN btm_sec_start_encryption (tBTM_SEC_DEV_REC *p_dev_rec) +{ + if (!btsnd_hcic_set_conn_encrypt (p_dev_rec->hci_handle, TRUE)) + return(FALSE); + + p_dev_rec->sec_state = BTM_SEC_STATE_ENCRYPTING; + return(TRUE); +} + + +/******************************************************************************* +** +** Function btm_sec_start_authorization +** +** Description This function is called to start authorization +** +** Returns TRUE if started +** +*******************************************************************************/ +static UINT8 btm_sec_start_authorization (tBTM_SEC_DEV_REC *p_dev_rec) +{ + UINT8 result; + UINT8 *p_service_name = NULL; + UINT8 service_id; + + if ((p_dev_rec->sec_flags & BTM_SEC_NAME_KNOWN) + || (p_dev_rec->hci_handle == BTM_SEC_INVALID_HANDLE)) + { + if (!btm_cb.api.p_authorize_callback) + return(BTM_MODE_UNSUPPORTED); + + if (p_dev_rec->p_cur_service) + { +#if BTM_SEC_SERVICE_NAME_LEN > 0 + if (p_dev_rec->is_originator) + p_service_name = p_dev_rec->p_cur_service->orig_service_name; + else + p_service_name = p_dev_rec->p_cur_service->term_service_name; +#endif + service_id = p_dev_rec->p_cur_service->service_id; + } + else + service_id = 0; + + p_dev_rec->sec_state = BTM_SEC_STATE_AUTHORIZING; + result = (*btm_cb.api.p_authorize_callback) (p_dev_rec->bd_addr, + p_dev_rec->dev_class, + p_dev_rec->sec_bd_name, + p_service_name, + service_id, + p_dev_rec->is_originator); + if (result == BTM_SUCCESS) + { + p_dev_rec->sec_flags |= BTM_SEC_AUTHORIZED; + p_dev_rec->sec_state = BTM_SEC_STATE_IDLE; + } + return(result); + } + btm_sec_start_get_name (p_dev_rec); + return(BTM_CMD_STARTED); +} + +/******************************************************************************* +** +** Function btm_sec_are_all_trusted +** +** Description This function is called check if all services are trusted +** +** Returns TRUE if all are trusted, otherwise FALSE +** +*******************************************************************************/ +BOOLEAN btm_sec_are_all_trusted(UINT32 p_mask[]) +{ + int trusted_inx; + for (trusted_inx = 0; trusted_inx < BTM_SEC_SERVICE_ARRAY_SIZE; trusted_inx++) + { + if (p_mask[trusted_inx] != BTM_SEC_TRUST_ALL) + return(FALSE); + } + + return(TRUE); +} + +/******************************************************************************* +** +** Function btm_sec_find_first_serv +** +** Description Look for the first record in the service database +** with specified PSM +** +** Returns Pointer to the record or NULL +** +*******************************************************************************/ +static tBTM_SEC_SERV_REC *btm_sec_find_first_serv (CONNECTION_TYPE conn_type, UINT16 psm) +{ + tBTM_SEC_SERV_REC *p_serv_rec = &btm_cb.sec_serv_rec[0]; + int i; + BOOLEAN is_originator; + +#if (L2CAP_UCD_INCLUDED == TRUE) + + if ( conn_type & CONNECTION_TYPE_ORIG_MASK ) + is_originator = TRUE; + else + is_originator = FALSE; +#else + is_originator = conn_type; +#endif + + if (is_originator && btm_cb.p_out_serv && btm_cb.p_out_serv->psm == psm) + { + /* If this is outgoing connection and the PSM matches p_out_serv, + * use it as the current service */ + return btm_cb.p_out_serv; + } + + /* otherwise, just find the first record with the specified PSM */ + for (i = 0; i < BTM_SEC_MAX_SERVICE_RECORDS; i++, p_serv_rec++) + { + if ( (p_serv_rec->security_flags & BTM_SEC_IN_USE) && (p_serv_rec->psm == psm) ) + return(p_serv_rec); + } + return(NULL); +} + + +/******************************************************************************* +** +** Function btm_sec_find_next_serv +** +** Description Look for the next record in the service database +** with specified PSM +** +** Returns Pointer to the record or NULL +** +*******************************************************************************/ +static tBTM_SEC_SERV_REC *btm_sec_find_next_serv (tBTM_SEC_SERV_REC *p_cur) +{ + tBTM_SEC_SERV_REC *p_serv_rec = &btm_cb.sec_serv_rec[0]; + int i; + + for (i = 0; i < BTM_SEC_MAX_SERVICE_RECORDS; i++, p_serv_rec++) + { + if ((p_serv_rec->security_flags & BTM_SEC_IN_USE) + && (p_serv_rec->psm == p_cur->psm) ) + { + if (p_cur != p_serv_rec) + { + return(p_serv_rec); + } + } + } + return(NULL); +} + + +/******************************************************************************* +** +** Function btm_sec_find_mx_serv +** +** Description Look for the record in the service database with specified +** PSM and multiplexor channel information +** +** Returns Pointer to the record or NULL +** +*******************************************************************************/ +static tBTM_SEC_SERV_REC *btm_sec_find_mx_serv (UINT8 is_originator, UINT16 psm, + UINT32 mx_proto_id, UINT32 mx_chan_id) +{ + tBTM_SEC_SERV_REC *p_out_serv = btm_cb.p_out_serv; + tBTM_SEC_SERV_REC *p_serv_rec = &btm_cb.sec_serv_rec[0]; + int i; + + BTM_TRACE_DEBUG0 ("btm_sec_find_mx_serv"); + if (is_originator && p_out_serv && p_out_serv->psm == psm + && p_out_serv->mx_proto_id == mx_proto_id + && p_out_serv->orig_mx_chan_id == mx_chan_id) + { + /* If this is outgoing connection and the parameters match p_out_serv, + * use it as the current service */ + return btm_cb.p_out_serv; + } + + /* otherwise, the old way */ + for (i = 0; i < BTM_SEC_MAX_SERVICE_RECORDS; i++, p_serv_rec++) + { + if ((p_serv_rec->security_flags & BTM_SEC_IN_USE) + && (p_serv_rec->psm == psm) + && (p_serv_rec->mx_proto_id == mx_proto_id) + && (( is_originator && (p_serv_rec->orig_mx_chan_id == mx_chan_id)) + || (!is_originator && (p_serv_rec->term_mx_chan_id == mx_chan_id)))) + { + return(p_serv_rec); + } + } + return(NULL); +} + + +/******************************************************************************* +** +** Function btm_sec_collision_timeout +** +** Description Encryption could not start because of the collision +** try to do it again +** +** Returns Pointer to the TLE struct +** +*******************************************************************************/ +static void btm_sec_collision_timeout (TIMER_LIST_ENT *p_tle) +{ + tBTM_STATUS status; + + BTM_TRACE_EVENT0 ("btm_sec_collision_timeout()"); + btm_cb.sec_collision_tle.param = 0; + + status = btm_sec_execute_procedure (btm_cb.p_collided_dev_rec); + + /* If result is pending reply from the user or from the device is pending */ + if (status != BTM_CMD_STARTED) + { + /* There is no next procedure or start of procedure failed, notify the waiting layer */ + btm_sec_dev_rec_cback_event (btm_cb.p_collided_dev_rec, status); + } +} + +/******************************************************************************* +** +** Function btm_sec_link_key_request +** +** Description This function is called when controller requests link key +** +** Returns Pointer to the record or NULL +** +*******************************************************************************/ +static void btm_send_link_key_notif (tBTM_SEC_DEV_REC *p_dev_rec) +{ + if (btm_cb.api.p_link_key_callback) + (*btm_cb.api.p_link_key_callback) (p_dev_rec->bd_addr, p_dev_rec->dev_class, + p_dev_rec->sec_bd_name, p_dev_rec->link_key, + p_dev_rec->link_key_type); +} + +/******************************************************************************* +** +** Function BTM_ReadTrustedMask +** +** Description Get trusted mask for the peer device +** +** Parameters: bd_addr - Address of the device +** +** Returns NULL, if the device record is not found. +** otherwise, the trusted mask +** +*******************************************************************************/ +UINT32 * BTM_ReadTrustedMask (BD_ADDR bd_addr) +{ + tBTM_SEC_DEV_REC *p_dev_rec; + + if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL) + { + return(p_dev_rec->trusted_mask); + } + else + { + return NULL; + } +} + +/******************************************************************************* +** +** Function btm_restore_mode +** +** Description This function returns the security mode to previous setting +** if it was changed during bonding. +** +** +** Parameters: void +** +*******************************************************************************/ +static void btm_restore_mode(void) +{ + if (btm_cb.security_mode_changed) + { + btm_cb.security_mode_changed = FALSE; + BTM_TRACE_DEBUG1("btm_restore_mode: Authen Enable -> %d", (btm_cb.security_mode == BTM_SEC_MODE_LINK)); + btsnd_hcic_write_auth_enable ((UINT8)(btm_cb.security_mode == BTM_SEC_MODE_LINK)); + } + + if (btm_cb.pin_type_changed) + { + btm_cb.pin_type_changed = FALSE; + btsnd_hcic_write_pin_type (btm_cb.cfg.pin_type); + } +} + + +/******************************************************************************* +** +** Function btm_sec_find_dev_by_sec_state +** +** Description Look for the record in the device database for the device +** which is being authenticated or encrypted +** +** Returns Pointer to the record or NULL +** +*******************************************************************************/ +tBTM_SEC_DEV_REC *btm_sec_find_dev_by_sec_state (UINT8 state) +{ + tBTM_SEC_DEV_REC *p_dev_rec = &btm_cb.sec_dev_rec[0]; + int i; + + for (i = 0; i < BTM_SEC_MAX_DEVICE_RECORDS; i++, p_dev_rec++) + { + if ((p_dev_rec->sec_flags & BTM_SEC_IN_USE) + && (p_dev_rec->sec_state == state)) + return(p_dev_rec); + } + return(NULL); +} + +/******************************************************************************* +** +** Function BTM_snd_conn_encrypt +** +** Description This function is called to start/stop encryption +** Used by JSR-82 +** +** Returns TRUE if request started +** +*******************************************************************************/ +BOOLEAN BTM_snd_conn_encrypt (UINT16 handle, BOOLEAN enable) +{ + tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev_by_handle (handle); + + BTM_TRACE_EVENT2 ("BTM_snd_conn_encrypt Security Manager: encrypt_change p_dev_rec : 0x%x, enable = %s", p_dev_rec, (enable == TRUE) ? "TRUE" : "FALSE"); + + if (!p_dev_rec) + { + BTM_TRACE_EVENT1 ("BTM_snd_conn_encrypt Error no p_dev_rec : 0x%x\n", p_dev_rec); + return(FALSE); + } + + if ( p_dev_rec->sec_state == BTM_SEC_STATE_IDLE) + { + if (!btsnd_hcic_set_conn_encrypt (handle, enable)) + return(FALSE); + + p_dev_rec->sec_state = BTM_SEC_STATE_ENCRYPTING; + + return(TRUE); + } + else + return(FALSE); +} + +/******************************************************************************* +** +** Function btm_sec_change_pairing_state +** +** Description This function is called to change pairing state +** +*******************************************************************************/ +static void btm_sec_change_pairing_state (tBTM_PAIRING_STATE new_state) +{ + tBTM_PAIRING_STATE old_state = btm_cb.pairing_state; + + BTM_TRACE_EVENT1 ("btm_sec_change_pairing_state Old: %s", btm_pair_state_descr(btm_cb.pairing_state)); + BTM_TRACE_EVENT2 ("btm_sec_change_pairing_state New: %s pairing_flags:0x%x",btm_pair_state_descr(new_state), btm_cb.pairing_flags); + + btm_cb.pairing_state = new_state; + + if (new_state == BTM_PAIR_STATE_IDLE) + { + btu_stop_timer (&btm_cb.pairing_tle); + + btm_cb.pairing_flags = 0; + btm_cb.pin_code_len = 0; + + /* Make sure the the lcb shows we are not bonding */ + l2cu_update_lcb_4_bonding (btm_cb.pairing_bda, FALSE); + + btm_restore_mode(); + btm_sec_check_pending_reqs(); + btm_inq_clear_ssp(); + + memset (btm_cb.pairing_bda, 0xFF, BD_ADDR_LEN); + } + else + { + /* If transitionng out of idle, mark the lcb as bonding */ + if (old_state == BTM_PAIR_STATE_IDLE) + l2cu_update_lcb_4_bonding (btm_cb.pairing_bda, TRUE); + + btm_cb.pairing_tle.param = (TIMER_PARAM_TYPE)btm_sec_pairing_timeout; + + btu_start_timer (&btm_cb.pairing_tle, BTU_TTYPE_USER_FUNC, BTM_SEC_TIMEOUT_VALUE); + } +} + + +/******************************************************************************* +** +** Function btm_pair_state_descr +** +** Description Return state description for tracing +** +*******************************************************************************/ +#if (BT_USE_TRACES == TRUE) +static char *btm_pair_state_descr (tBTM_PAIRING_STATE state) +{ +#if (BT_TRACE_VERBOSE == TRUE) + switch (state) + { + case BTM_PAIR_STATE_IDLE: return("IDLE"); + case BTM_PAIR_STATE_GET_REM_NAME: return("GET_REM_NAME"); + case BTM_PAIR_STATE_WAIT_PIN_REQ: return("WAIT_PIN_REQ"); + case BTM_PAIR_STATE_WAIT_LOCAL_PIN: return("WAIT_LOCAL_PIN"); + case BTM_PAIR_STATE_WAIT_NUMERIC_CONFIRM: return("WAIT_NUM_CONFIRM"); + case BTM_PAIR_STATE_KEY_ENTRY: return("KEY_ENTRY"); + case BTM_PAIR_STATE_WAIT_LOCAL_OOB_RSP: return("WAIT_LOCAL_OOB_RSP"); + case BTM_PAIR_STATE_WAIT_LOCAL_IOCAPS: return("WAIT_LOCAL_IOCAPS"); + case BTM_PAIR_STATE_INCOMING_SSP: return("INCOMING_SSP"); + case BTM_PAIR_STATE_WAIT_AUTH_COMPLETE: return("WAIT_AUTH_COMPLETE"); + case BTM_PAIR_STATE_WAIT_DISCONNECT: return("WAIT_DISCONNECT"); + } + + return("???"); +#else + sprintf(btm_cb.state_temp_buffer,"%hu",state); + + return(btm_cb.state_temp_buffer); +#endif +} +#endif + + +/******************************************************************************* +** +** Function btm_sec_dev_rec_cback_event +** +** Description This function calls the callback function with the given +** result and clear the callback function. +** +** Parameters: void +** +*******************************************************************************/ +void btm_sec_dev_rec_cback_event (tBTM_SEC_DEV_REC *p_dev_rec, UINT8 res) +{ + tBTM_SEC_CALLBACK *p_callback = p_dev_rec->p_callback; + + if (p_dev_rec->p_callback) + { + p_dev_rec->p_callback = NULL; + + (*p_callback) (p_dev_rec->bd_addr, p_dev_rec->p_ref_data, res); + + } + btm_sec_check_pending_reqs(); +} + +/******************************************************************************* +** +** Function btm_sec_queue_mx_request +** +** Description Return state description for tracing +** +*******************************************************************************/ +static BOOLEAN btm_sec_queue_mx_request (BD_ADDR bd_addr, UINT16 psm, BOOLEAN is_orig, + UINT32 mx_proto_id, UINT32 mx_chan_id, + tBTM_SEC_CALLBACK *p_callback, void *p_ref_data) +{ + tBTM_SEC_QUEUE_ENTRY *p_e; + + p_e = (tBTM_SEC_QUEUE_ENTRY *)GKI_getbuf (sizeof(tBTM_SEC_QUEUE_ENTRY)); + + if (p_e) + { + p_e->psm = psm; + p_e->is_orig = is_orig; + p_e->p_callback = p_callback; + p_e->p_ref_data = p_ref_data; + p_e->mx_proto_id = mx_proto_id; + p_e->mx_chan_id = mx_chan_id; + + memcpy (p_e->bd_addr, bd_addr, BD_ADDR_LEN); + + BTM_TRACE_EVENT4 ("btm_sec_queue_mx_request() PSM: 0x%04x Is_Orig: %u mx_proto_id: %u mx_chan_id: %u", + psm, is_orig, mx_proto_id, mx_chan_id); + + GKI_enqueue (&btm_cb.sec_pending_q, p_e); + + return(TRUE); + } + + return(FALSE); +} + +static BOOLEAN btm_sec_check_prefetch_pin (tBTM_SEC_DEV_REC *p_dev_rec) +{ + UINT8 major = (UINT8)(p_dev_rec->dev_class[1] & BTM_COD_MAJOR_CLASS_MASK); + UINT8 minor = (UINT8)(p_dev_rec->dev_class[2] & BTM_COD_MINOR_CLASS_MASK); + BOOLEAN rv = FALSE; + + if ((major == BTM_COD_MAJOR_AUDIO) + && ((minor == BTM_COD_MINOR_CONFM_HANDSFREE) || (minor == BTM_COD_MINOR_CAR_AUDIO)) ) + { + BTM_TRACE_EVENT2 ("btm_sec_check_prefetch_pin: Skipping pre-fetch PIN for carkit COD Major: 0x%02x Minor: 0x%02x", major, minor); + + if (btm_cb.security_mode_changed == FALSE) + { + btm_cb.security_mode_changed = TRUE; +#ifdef APPL_AUTH_WRITE_EXCEPTION + if(!(APPL_AUTH_WRITE_EXCEPTION)(p_dev_rec->bd_addr)) +#endif + btsnd_hcic_write_auth_enable (TRUE); + } + } + else + { + btm_sec_change_pairing_state (BTM_PAIR_STATE_WAIT_LOCAL_PIN); + + /* If we got a PIN, use that, else try to get one */ + if (btm_cb.pin_code_len) + { + BTM_PINCodeReply (p_dev_rec->bd_addr, BTM_SUCCESS, btm_cb.pin_code_len, btm_cb.pin_code, p_dev_rec->trusted_mask); + } + else + { + /* pin was not supplied - pre-fetch pin code now */ + if (btm_cb.api.p_pin_callback && ((btm_cb.pairing_flags & BTM_PAIR_FLAGS_PIN_REQD) == 0)) + { + BTM_TRACE_DEBUG0("btm_sec_check_prefetch_pin: PIN code callback called"); + if (btm_bda_to_acl(p_dev_rec->bd_addr) == NULL) + btm_cb.pairing_flags |= BTM_PAIR_FLAGS_PIN_REQD; + (btm_cb.api.p_pin_callback) (p_dev_rec->bd_addr, p_dev_rec->dev_class, p_dev_rec->sec_bd_name); + } + } + + rv = TRUE; + } + + return rv; +} + +#if (BLE_INCLUDED == TRUE) +/******************************************************************************* +** +** Function btm_sec_clear_ble_keys +** +** Description This function is called to clear out the BLE keys. +** Typically when devices are removed in BTM_SecDeleteDevice, +** or when a new BT Link key is generated. +** +** Returns void +** +*******************************************************************************/ +void btm_sec_clear_ble_keys (tBTM_SEC_DEV_REC *p_dev_rec) +{ + + BTM_TRACE_DEBUG0 ("btm_sec_clear_ble_keys: Clearing BLE Keys"); +#if (SMP_INCLUDED== TRUE) + p_dev_rec->ble.key_type = 0; + memset (&p_dev_rec->ble.keys, 0, sizeof(tBTM_SEC_BLE_KEYS)); +#endif + gatt_delete_dev_from_srv_chg_clt_list(p_dev_rec->bd_addr); +} + + +/******************************************************************************* +** +** Function btm_sec_is_a_bonded_dev +** +** Description Is the specified device is a bonded device +** +** Returns TRUE - dev is bonded +** +*******************************************************************************/ +BOOLEAN btm_sec_is_a_bonded_dev (BD_ADDR bda) +{ + + tBTM_SEC_DEV_REC *p_dev_rec= btm_find_dev (bda); + BOOLEAN is_bonded= FALSE; + +#if (SMP_INCLUDED== TRUE) + if (p_dev_rec && (p_dev_rec->ble.key_type || (p_dev_rec->sec_flags & BTM_SEC_LINK_KEY_KNOWN))) + { + is_bonded = TRUE; + } +#endif + BTM_TRACE_DEBUG1 ("btm_sec_is_a_bonded_dev is_bonded=%d", is_bonded); + return(is_bonded); +} + +/******************************************************************************* +** +** Function btm_sec_find_bonded_dev +** +** Description Find a bonded device starting from the specified index +** +** Returns TRUE - found a bonded device +** +*******************************************************************************/ +BOOLEAN btm_sec_find_bonded_dev (UINT8 start_idx, UINT8 *p_found_idx, tBTM_SEC_DEV_REC *p_rec) +{ + BOOLEAN found= FALSE; + +#if (SMP_INCLUDED== TRUE) + tBTM_SEC_DEV_REC *p_dev_rec; + int i; + if (start_idx >= BTM_SEC_MAX_DEVICE_RECORDS) + { + BTM_TRACE_DEBUG0 ("LE bonded device not found"); + return found; + } + + p_dev_rec = &btm_cb.sec_dev_rec[start_idx]; + for (i = start_idx; i < BTM_SEC_MAX_DEVICE_RECORDS; i++, p_dev_rec++) + { + if (p_dev_rec->ble.key_type || (p_dev_rec->sec_flags & BTM_SEC_LINK_KEY_KNOWN)) + { + *p_found_idx = i; + p_rec = p_dev_rec; + break; + } + } + BTM_TRACE_DEBUG1 ("btm_sec_find_bonded_dev=%d", found); +#endif + return(found); +} +#endif /* BLE_INCLUDED */ + |