1 /******************************************************************************
3 * Copyright (C) 1999-2012 Broadcom Corporation
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 ******************************************************************************/
19 /******************************************************************************
21 * This file contains functions for the Bluetooth Device Manager
23 ******************************************************************************/
31 #include "device/include/controller.h"
32 #include "bt_common.h"
40 /*******************************************************************************
42 ** Function BTM_SecAddDevice
44 ** Description Add/modify device. This function will be normally called
45 ** during host startup to restore all required information
46 ** stored in the NVRAM.
48 ** Parameters: bd_addr - BD address of the peer
49 ** dev_class - Device Class
50 ** bd_name - Name of the peer device. NULL if unknown.
51 ** features - Remote device's features (up to 3 pages). NULL if not known
52 ** trusted_mask - Bitwise OR of services that do not
53 ** require authorization. (array of UINT32)
54 ** link_key - Connection link key. NULL if unknown.
56 ** Returns TRUE if added OK, else FALSE
58 *******************************************************************************/
59 BOOLEAN BTM_SecAddDevice (BD_ADDR bd_addr, DEV_CLASS dev_class, BD_NAME bd_name,
60 UINT8 *features, UINT32 trusted_mask[],
61 LINK_KEY link_key, UINT8 key_type, tBTM_IO_CAP io_cap,
64 BTM_TRACE_API("%s: link key type:%x", __func__, key_type);
66 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bd_addr);
69 p_dev_rec = btm_sec_allocate_dev_rec();
71 memcpy (p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN);
72 p_dev_rec->hci_handle = BTM_GetHCIConnHandle (bd_addr, BT_TRANSPORT_BR_EDR);
74 #if BLE_INCLUDED == TRUE
75 /* use default value for background connection params */
76 /* update conn params, use default value for background connection params */
77 memset(&p_dev_rec->conn_params, 0xff, sizeof(tBTM_LE_CONN_PRAMS));
80 /* "Bump" timestamp for existing record */
81 p_dev_rec->timestamp = btm_cb.dev_rec_count++;
84 * Small refactor, but leaving original logic for now.
85 * On the surface, this does not make any sense at all. Why change the
86 * bond state for an existing device here? This logic should be verified
87 * as part of a larger refactor.
89 p_dev_rec->bond_type = BOND_TYPE_UNKNOWN;
93 memcpy (p_dev_rec->dev_class, dev_class, DEV_CLASS_LEN);
95 memset(p_dev_rec->sec_bd_name, 0, sizeof(tBTM_BD_NAME));
97 if (bd_name && bd_name[0])
99 p_dev_rec->sec_flags |= BTM_SEC_NAME_KNOWN;
100 strlcpy ((char *)p_dev_rec->sec_bd_name,
101 (char *)bd_name, BTM_MAX_REM_BD_NAME_LEN);
104 p_dev_rec->num_read_pages = 0;
107 BOOLEAN found = FALSE;
108 memcpy (p_dev_rec->features, features, sizeof (p_dev_rec->features));
109 for (int i = HCI_EXT_FEATURES_PAGE_MAX; !found && i >= 0; i--)
111 for (int j = 0; j < HCI_FEATURE_BYTES_PER_PAGE; j++)
113 if (p_dev_rec->features[i][j] != 0)
116 p_dev_rec->num_read_pages = i + 1;
122 memset (p_dev_rec->features, 0, sizeof (p_dev_rec->features));
125 BTM_SEC_COPY_TRUSTED_DEVICE(trusted_mask, p_dev_rec->trusted_mask);
129 BTM_TRACE_EVENT ("%s: BDA: %02x:%02x:%02x:%02x:%02x:%02x", __func__,
130 bd_addr[0], bd_addr[1], bd_addr[2],
131 bd_addr[3], bd_addr[4], bd_addr[5]);
132 p_dev_rec->sec_flags |= BTM_SEC_LINK_KEY_KNOWN;
133 memcpy (p_dev_rec->link_key, link_key, LINK_KEY_LEN);
134 p_dev_rec->link_key_type = key_type;
135 p_dev_rec->pin_code_length = pin_length;
137 if (pin_length >= 16 ||
138 key_type == BTM_LKEY_TYPE_AUTH_COMB ||
139 key_type == BTM_LKEY_TYPE_AUTH_COMB_P_256) {
140 // Set the flag if the link key was made by using either a 16 digit
142 p_dev_rec->sec_flags |= BTM_SEC_16_DIGIT_PIN_AUTHED | BTM_SEC_LINK_KEY_AUTHED;
146 #if defined(BTIF_MIXED_MODE_INCLUDED) && (BTIF_MIXED_MODE_INCLUDED == TRUE)
147 if (key_type < BTM_MAX_PRE_SM4_LKEY_TYPE)
148 p_dev_rec->sm4 = BTM_SM4_KNOWN;
150 p_dev_rec->sm4 = BTM_SM4_TRUE;
153 p_dev_rec->rmt_io_caps = io_cap;
154 p_dev_rec->device_type |= BT_DEVICE_TYPE_BREDR;
160 /*******************************************************************************
162 ** Function BTM_SecDeleteDevice
164 ** Description Free resources associated with the device.
166 ** Parameters: bd_addr - BD address of the peer
168 ** Returns TRUE if removed OK, FALSE if not found or ACL link is active
170 *******************************************************************************/
171 BOOLEAN BTM_SecDeleteDevice (BD_ADDR bd_addr)
173 if (BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_LE) ||
174 BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_BR_EDR))
176 BTM_TRACE_WARNING("%s FAILED: Cannot Delete when connection is active", __func__);
180 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bd_addr);
181 if (p_dev_rec != NULL)
183 btm_sec_free_dev(p_dev_rec);
184 /* Tell controller to get rid of the link key, if it has one stored */
185 BTM_DeleteStoredLinkKey (p_dev_rec->bd_addr, NULL);
191 /*******************************************************************************
193 ** Function BTM_SecReadDevName
195 ** Description Looks for the device name in the security database for the
196 ** specified BD address.
198 ** Returns Pointer to the name or NULL
200 *******************************************************************************/
201 char *BTM_SecReadDevName (BD_ADDR bd_addr)
204 tBTM_SEC_DEV_REC *p_srec;
206 if ((p_srec = btm_find_dev(bd_addr)) != NULL)
207 p_name = (char *)p_srec->sec_bd_name;
212 bool is_bd_addr_equal(void *data, void *context)
214 tBTM_SEC_DEV_REC *p_dev_rec = data;
215 BD_ADDR *bd_addr = context;
217 if (!memcmp(p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN))
223 /*******************************************************************************
225 ** Function btm_sec_alloc_dev
227 ** Description Look for the record in the device database for the record
228 ** with specified address
230 ** Returns Pointer to the record or NULL
232 *******************************************************************************/
233 tBTM_SEC_DEV_REC *btm_sec_alloc_dev (BD_ADDR bd_addr)
235 tBTM_INQ_INFO *p_inq_info;
236 BTM_TRACE_EVENT ("btm_sec_alloc_dev");
238 tBTM_SEC_DEV_REC *p_dev_rec = btm_sec_allocate_dev_rec();
240 /* Check with the BT manager if details about remote device are known */
241 /* outgoing connection */
242 if ((p_inq_info = BTM_InqDbRead(bd_addr)) != NULL)
244 memcpy (p_dev_rec->dev_class, p_inq_info->results.dev_class, DEV_CLASS_LEN);
246 #if BLE_INCLUDED == TRUE
247 p_dev_rec->device_type = p_inq_info->results.device_type;
248 p_dev_rec->ble.ble_addr_type = p_inq_info->results.ble_addr_type;
251 else if (!memcmp (bd_addr, btm_cb.connecting_bda, BD_ADDR_LEN))
252 memcpy (p_dev_rec->dev_class, btm_cb.connecting_dc, DEV_CLASS_LEN);
254 #if BLE_INCLUDED == TRUE
255 /* update conn params, use default value for background connection params */
256 memset(&p_dev_rec->conn_params, 0xff, sizeof(tBTM_LE_CONN_PRAMS));
259 memcpy (p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN);
261 #if BLE_INCLUDED == TRUE
262 p_dev_rec->ble_hci_handle = BTM_GetHCIConnHandle (bd_addr, BT_TRANSPORT_LE);
264 p_dev_rec->hci_handle = BTM_GetHCIConnHandle (bd_addr, BT_TRANSPORT_BR_EDR);
270 /*******************************************************************************
272 ** Function btm_sec_free_dev
274 ** Description Mark device record as not used
276 *******************************************************************************/
277 void btm_sec_free_dev (tBTM_SEC_DEV_REC *p_dev_rec)
279 #if BLE_INCLUDED == TRUE
280 /* Clear out any saved BLE keys */
281 btm_sec_clear_ble_keys (p_dev_rec);
283 list_remove(btm_cb.sec_dev_rec, p_dev_rec);
286 /*******************************************************************************
288 ** Function btm_dev_support_switch
290 ** Description This function is called by the L2CAP to check if remote
291 ** device supports role switch
293 ** Parameters: bd_addr - Address of the peer device
295 ** Returns TRUE if device is known and role switch is supported
297 *******************************************************************************/
298 BOOLEAN btm_dev_support_switch (BD_ADDR bd_addr)
300 tBTM_SEC_DEV_REC *p_dev_rec;
302 BOOLEAN feature_empty = TRUE;
304 #if BTM_SCO_INCLUDED == TRUE
305 /* Role switch is not allowed if a SCO is up */
306 if (btm_is_sco_active_by_bdaddr(bd_addr))
309 p_dev_rec = btm_find_dev (bd_addr);
310 if (p_dev_rec && controller_get_interface()->supports_master_slave_role_switch())
312 if (HCI_SWITCH_SUPPORTED(p_dev_rec->features[HCI_EXT_FEATURES_PAGE_0]))
314 BTM_TRACE_DEBUG("btm_dev_support_switch return TRUE (feature found)");
318 /* If the feature field is all zero, we never received them */
319 for (xx = 0 ; xx < BD_FEATURES_LEN ; xx++)
321 if (p_dev_rec->features[HCI_EXT_FEATURES_PAGE_0][xx] != 0x00)
323 feature_empty = FALSE; /* at least one is != 0 */
328 /* If we don't know peer's capabilities, assume it supports Role-switch */
331 BTM_TRACE_DEBUG("btm_dev_support_switch return TRUE (feature empty)");
336 BTM_TRACE_DEBUG("btm_dev_support_switch return FALSE");
340 bool is_handle_equal(void *data, void *context)
342 tBTM_SEC_DEV_REC *p_dev_rec = data;
343 UINT16 *handle = context;
345 if (p_dev_rec->hci_handle == *handle
346 #if BLE_INCLUDED == TRUE
347 || p_dev_rec->ble_hci_handle == *handle
355 /*******************************************************************************
357 ** Function btm_find_dev_by_handle
359 ** Description Look for the record in the device database for the record
360 ** with specified handle
362 ** Returns Pointer to the record or NULL
364 *******************************************************************************/
365 tBTM_SEC_DEV_REC *btm_find_dev_by_handle (UINT16 handle)
367 list_node_t *n = list_foreach(btm_cb.sec_dev_rec, is_handle_equal, &handle);
374 bool is_address_equal(void *data, void *context)
376 tBTM_SEC_DEV_REC *p_dev_rec = data;
377 BD_ADDR *bd_addr = context;
379 if (!memcmp (p_dev_rec->bd_addr, *bd_addr, BD_ADDR_LEN))
381 #if BLE_INCLUDED == TRUE
382 // If a LE random address is looking for device record
383 if (!memcmp(p_dev_rec->ble.pseudo_addr, *bd_addr, BD_ADDR_LEN))
386 if (btm_ble_addr_resolvable(*bd_addr, p_dev_rec))
392 /*******************************************************************************
394 ** Function btm_find_dev
396 ** Description Look for the record in the device database for the record
397 ** with specified BD address
399 ** Returns Pointer to the record or NULL
401 *******************************************************************************/
402 tBTM_SEC_DEV_REC *btm_find_dev(BD_ADDR bd_addr)
407 list_node_t *n = list_foreach(btm_cb.sec_dev_rec, is_address_equal, bd_addr);
414 /*******************************************************************************
416 ** Function btm_consolidate_dev
418 ** Description combine security records if identified as same peer
422 *******************************************************************************/
423 void btm_consolidate_dev(tBTM_SEC_DEV_REC *p_target_rec)
425 #if BLE_INCLUDED == TRUE
426 tBTM_SEC_DEV_REC temp_rec = *p_target_rec;
428 BTM_TRACE_DEBUG("%s", __func__);
430 list_node_t *end = list_end(btm_cb.sec_dev_rec);
431 for (list_node_t *node = list_begin(btm_cb.sec_dev_rec); node != end; node = list_next(node)) {
432 tBTM_SEC_DEV_REC *p_dev_rec = list_node(node);
434 if (p_target_rec == p_dev_rec)
437 if (!memcmp (p_dev_rec->bd_addr, p_target_rec->bd_addr, BD_ADDR_LEN))
439 memcpy(p_target_rec, p_dev_rec, sizeof(tBTM_SEC_DEV_REC));
440 p_target_rec->ble = temp_rec.ble;
441 p_target_rec->ble_hci_handle = temp_rec.ble_hci_handle;
442 p_target_rec->enc_key_size = temp_rec.enc_key_size;
443 p_target_rec->conn_params = temp_rec.conn_params;
444 p_target_rec->device_type |= temp_rec.device_type;
445 p_target_rec->sec_flags |= temp_rec.sec_flags;
447 p_target_rec->new_encryption_key_is_p256 = temp_rec.new_encryption_key_is_p256;
448 p_target_rec->no_smp_on_br = temp_rec.no_smp_on_br;
449 p_target_rec->bond_type = temp_rec.bond_type;
451 /* remove the combined record */
452 list_remove(btm_cb.sec_dev_rec, p_dev_rec);
456 /* an RPA device entry is a duplicate of the target record */
457 if (btm_ble_addr_resolvable(p_dev_rec->bd_addr, p_target_rec))
459 if (memcmp(p_target_rec->ble.pseudo_addr, p_dev_rec->bd_addr, BD_ADDR_LEN) == 0)
461 p_target_rec->ble.ble_addr_type = p_dev_rec->ble.ble_addr_type;
462 p_target_rec->device_type |= p_dev_rec->device_type;
464 /* remove the combined record */
465 list_remove(btm_cb.sec_dev_rec, p_dev_rec);
473 /*******************************************************************************
475 ** Function btm_find_or_alloc_dev
477 ** Description Look for the record in the device database for the record
478 ** with specified BD address
480 ** Returns Pointer to the record or NULL
482 *******************************************************************************/
483 tBTM_SEC_DEV_REC *btm_find_or_alloc_dev (BD_ADDR bd_addr)
485 tBTM_SEC_DEV_REC *p_dev_rec;
486 BTM_TRACE_EVENT ("btm_find_or_alloc_dev");
487 if ((p_dev_rec = btm_find_dev (bd_addr)) == NULL)
490 /* Allocate a new device record or reuse the oldest one */
491 p_dev_rec = btm_sec_alloc_dev (bd_addr);
496 /*******************************************************************************
498 ** Function btm_find_oldest_dev_rec
500 ** Description Locates the oldest device in use. It first looks for
501 ** the oldest non-paired device. If all devices are paired it
502 ** returns the oldest paired device.
504 ** Returns Pointer to the record or NULL
506 *******************************************************************************/
507 static tBTM_SEC_DEV_REC* btm_find_oldest_dev_rec (void)
509 tBTM_SEC_DEV_REC *p_oldest = NULL;
510 UINT32 ts_oldest = 0xFFFFFFFF;
511 tBTM_SEC_DEV_REC *p_oldest_paired = NULL;
512 UINT32 ts_oldest_paired = 0xFFFFFFFF;
514 list_node_t *end = list_end(btm_cb.sec_dev_rec);
515 for (list_node_t *node = list_begin(btm_cb.sec_dev_rec); node != end; node = list_next(node)) {
516 tBTM_SEC_DEV_REC *p_dev_rec = list_node(node);
518 if ((p_dev_rec->sec_flags & (BTM_SEC_LINK_KEY_KNOWN | BTM_SEC_LE_LINK_KEY_KNOWN)) == 0) {
519 // Device is not paired
520 if (p_dev_rec->timestamp < ts_oldest) {
521 p_oldest = p_dev_rec;
522 ts_oldest = p_dev_rec->timestamp;
526 if (p_dev_rec->timestamp < ts_oldest_paired) {
527 p_oldest_paired = p_dev_rec;
528 ts_oldest_paired = p_dev_rec->timestamp;
533 // If we did not find any non-paired devices, use the oldest paired one...
534 if (ts_oldest == 0xFFFFFFFF)
535 p_oldest = p_oldest_paired;
540 /*******************************************************************************
542 ** Function btm_sec_allocate_dev_rec
544 ** Description Attempts to allocate a new device record. If we have
545 ** exceeded the maximum number of allowable records to
546 ** allocate, the oldest record will be deleted to make room
547 ** for the new record.
549 ** Returns Pointer to the newly allocated record
551 *******************************************************************************/
552 tBTM_SEC_DEV_REC* btm_sec_allocate_dev_rec(void)
554 tBTM_SEC_DEV_REC *p_dev_rec = NULL;
556 if (list_length(btm_cb.sec_dev_rec) > BTM_SEC_MAX_DEVICE_RECORDS)
558 p_dev_rec = btm_find_oldest_dev_rec();
559 list_remove(btm_cb.sec_dev_rec, p_dev_rec);
562 p_dev_rec = osi_calloc(sizeof(tBTM_SEC_DEV_REC));
563 list_append(btm_cb.sec_dev_rec, p_dev_rec);
565 // Initialize defaults
566 p_dev_rec->sec_flags = BTM_SEC_IN_USE;
567 p_dev_rec->bond_type = BOND_TYPE_UNKNOWN;
568 p_dev_rec->timestamp = btm_cb.dev_rec_count++;
573 /*******************************************************************************
575 ** Function btm_get_bond_type_dev
577 ** Description Get the bond type for a device in the device database
578 ** with specified BD address
580 ** Returns The device bond type if known, otherwise BOND_TYPE_UNKNOWN
582 *******************************************************************************/
583 tBTM_BOND_TYPE btm_get_bond_type_dev(BD_ADDR bd_addr)
585 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bd_addr);
587 if (p_dev_rec == NULL)
588 return BOND_TYPE_UNKNOWN;
590 return p_dev_rec->bond_type;
593 /*******************************************************************************
595 ** Function btm_set_bond_type_dev
597 ** Description Set the bond type for a device in the device database
598 ** with specified BD address
600 ** Returns TRUE on success, otherwise FALSE
602 *******************************************************************************/
603 BOOLEAN btm_set_bond_type_dev(BD_ADDR bd_addr, tBTM_BOND_TYPE bond_type)
605 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bd_addr);
607 if (p_dev_rec == NULL)
610 p_dev_rec->bond_type = bond_type;