1 /******************************************************************************
3 * Copyright (C) 1999-2012 Broadcom Corporation
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 ******************************************************************************/
19 /******************************************************************************
21 * This file contains functions for the Bluetooth Device Manager
23 ******************************************************************************/
31 #include "controller.h"
40 static tBTM_SEC_DEV_REC *btm_find_oldest_dev (void);
42 /*******************************************************************************
44 ** Function BTM_SecAddDevice
46 ** Description Add/modify device. This function will be normally called
47 ** during host startup to restore all required information
48 ** stored in the NVRAM.
50 ** Parameters: bd_addr - BD address of the peer
51 ** dev_class - Device Class
52 ** bd_name - Name of the peer device. NULL if unknown.
53 ** features - Remote device's features (up to 3 pages). NULL if not known
54 ** trusted_mask - Bitwise OR of services that do not
55 ** require authorization. (array of UINT32)
56 ** link_key - Connection link key. NULL if unknown.
58 ** Returns TRUE if added OK, else FALSE
60 *******************************************************************************/
61 BOOLEAN BTM_SecAddDevice (BD_ADDR bd_addr, DEV_CLASS dev_class, BD_NAME bd_name,
62 UINT8 *features, UINT32 trusted_mask[],
63 LINK_KEY link_key, UINT8 key_type, tBTM_IO_CAP io_cap,
66 tBTM_SEC_DEV_REC *p_dev_rec;
68 BOOLEAN found = FALSE;
70 BTM_TRACE_API("%s, link key type:%x\n", __FUNCTION__,key_type);
71 p_dev_rec = btm_find_dev (bd_addr);
74 /* There is no device record, allocate one.
75 * If we can not find an empty spot for this one, let it fail. */
76 for (i = 0; i < BTM_SEC_MAX_DEVICE_RECORDS; i++)
78 if (!(btm_cb.sec_dev_rec[i].sec_flags & BTM_SEC_IN_USE))
80 p_dev_rec = &btm_cb.sec_dev_rec[i];
82 /* Mark this record as in use and initialize */
83 memset (p_dev_rec, 0, sizeof (tBTM_SEC_DEV_REC));
84 p_dev_rec->sec_flags = BTM_SEC_IN_USE;
85 memcpy (p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN);
86 p_dev_rec->hci_handle = BTM_GetHCIConnHandle (bd_addr, BT_TRANSPORT_BR_EDR);
88 #if BLE_INCLUDED == TRUE
89 /* use default value for background connection params */
90 /* update conn params, use default value for background connection params */
91 memset(&p_dev_rec->conn_params, 0xff, sizeof(tBTM_LE_CONN_PRAMS));
101 p_dev_rec->bond_type = BOND_TYPE_UNKNOWN; /* Default value */
102 p_dev_rec->timestamp = btm_cb.dev_rec_count++;
105 memcpy (p_dev_rec->dev_class, dev_class, DEV_CLASS_LEN);
107 memset(p_dev_rec->sec_bd_name, 0, sizeof(tBTM_BD_NAME));
109 if (bd_name && bd_name[0])
111 p_dev_rec->sec_flags |= BTM_SEC_NAME_KNOWN;
112 BCM_STRNCPY_S ((char *)p_dev_rec->sec_bd_name, sizeof (p_dev_rec->sec_bd_name),
113 (char *)bd_name, BTM_MAX_REM_BD_NAME_LEN);
116 p_dev_rec->num_read_pages = 0;
119 memcpy (p_dev_rec->features, features, sizeof (p_dev_rec->features));
120 for (i = HCI_EXT_FEATURES_PAGE_MAX; i >= 0; i--)
122 for (j = 0; j < HCI_FEATURE_BYTES_PER_PAGE; j++)
124 if (p_dev_rec->features[i][j] != 0)
132 p_dev_rec->num_read_pages = i + 1;
138 memset (p_dev_rec->features, 0, sizeof (p_dev_rec->features));
140 BTM_SEC_COPY_TRUSTED_DEVICE(trusted_mask, p_dev_rec->trusted_mask);
144 BTM_TRACE_EVENT ("BTM_SecAddDevice() BDA: %02x:%02x:%02x:%02x:%02x:%02x\n",
145 bd_addr[0], bd_addr[1], bd_addr[2],
146 bd_addr[3], bd_addr[4], bd_addr[5]);
147 p_dev_rec->sec_flags |= BTM_SEC_LINK_KEY_KNOWN;
148 memcpy (p_dev_rec->link_key, link_key, LINK_KEY_LEN);
149 p_dev_rec->link_key_type = key_type;
150 p_dev_rec->pin_code_length = pin_length;
152 if (pin_length >= 16 ||
153 key_type == BTM_LKEY_TYPE_AUTH_COMB ||
154 key_type == BTM_LKEY_TYPE_AUTH_COMB_P_256) {
155 // Set the fiag if the link key was made by using either a 16 digit
157 p_dev_rec->sec_flags |= BTM_SEC_16_DIGIT_PIN_AUTHED;
161 #if defined(BTIF_MIXED_MODE_INCLUDED) && (BTIF_MIXED_MODE_INCLUDED == TRUE)
162 if (key_type < BTM_MAX_PRE_SM4_LKEY_TYPE)
163 p_dev_rec->sm4 = BTM_SM4_KNOWN;
165 p_dev_rec->sm4 = BTM_SM4_TRUE;
168 p_dev_rec->rmt_io_caps = io_cap;
169 p_dev_rec->device_type |= BT_DEVICE_TYPE_BREDR;
175 /*******************************************************************************
177 ** Function BTM_SecDeleteDevice
179 ** Description Free resources associated with the device.
181 ** Parameters: bd_addr - BD address of the peer
183 ** Returns TRUE if removed OK, FALSE if not found or ACL link is active
185 *******************************************************************************/
186 BOOLEAN BTM_SecDeleteDevice (BD_ADDR bd_addr)
188 tBTM_SEC_DEV_REC *p_dev_rec;
190 if (BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_LE) ||
191 BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_BR_EDR))
193 BTM_TRACE_WARNING("%s FAILED: Cannot Delete when connection is active\n", __func__);
197 if ((p_dev_rec = btm_find_dev(bd_addr)) != NULL)
199 btm_sec_free_dev(p_dev_rec);
200 /* Tell controller to get rid of the link key, if it has one stored */
201 BTM_DeleteStoredLinkKey (p_dev_rec->bd_addr, NULL);
207 /*******************************************************************************
209 ** Function BTM_SecReadDevName
211 ** Description Looks for the device name in the security database for the
212 ** specified BD address.
214 ** Returns Pointer to the name or NULL
216 *******************************************************************************/
217 char *BTM_SecReadDevName (BD_ADDR bd_addr)
220 tBTM_SEC_DEV_REC *p_srec;
222 if ((p_srec = btm_find_dev(bd_addr)) != NULL)
223 p_name = (char *)p_srec->sec_bd_name;
228 /*******************************************************************************
230 ** Function btm_sec_alloc_dev
232 ** Description Look for the record in the device database for the record
233 ** with specified address
235 ** Returns Pointer to the record or NULL
237 *******************************************************************************/
238 tBTM_SEC_DEV_REC *btm_sec_alloc_dev (BD_ADDR bd_addr)
240 tBTM_SEC_DEV_REC *p_dev_rec = NULL;
241 tBTM_INQ_INFO *p_inq_info;
244 int i_new_entry = BTM_SEC_MAX_DEVICE_RECORDS;
245 int i_old_entry = BTM_SEC_MAX_DEVICE_RECORDS;
246 BTM_TRACE_EVENT ("btm_sec_alloc_dev\n");
248 for (i = 0; i < BTM_SEC_MAX_DEVICE_RECORDS; i++)
250 /* look for old entry where device details are present */
251 if (!(btm_cb.sec_dev_rec[i].sec_flags & BTM_SEC_IN_USE) &&
252 (!memcmp (btm_cb.sec_dev_rec[i].bd_addr, bd_addr, BD_ADDR_LEN)))
255 BTM_TRACE_EVENT ("btm_sec_alloc_dev old device found\n");
260 for (i = 0; i < BTM_SEC_MAX_DEVICE_RECORDS; i++)
262 if (!(btm_cb.sec_dev_rec[i].sec_flags & BTM_SEC_IN_USE))
269 if (i_new_entry == BTM_SEC_MAX_DEVICE_RECORDS) {
270 p_dev_rec = btm_find_oldest_dev();
273 /* if the old device entry not present go with
275 if(i_old_entry == BTM_SEC_MAX_DEVICE_RECORDS) {
276 p_dev_rec = &btm_cb.sec_dev_rec[i_new_entry];
279 p_dev_rec = &btm_cb.sec_dev_rec[i_old_entry];
280 memcpy (old_cod, p_dev_rec->dev_class, DEV_CLASS_LEN);
283 memset (p_dev_rec, 0, sizeof (tBTM_SEC_DEV_REC));
285 /* Retain the old COD for device */
286 if(i_old_entry != BTM_SEC_MAX_DEVICE_RECORDS) {
287 BTM_TRACE_EVENT ("btm_sec_alloc_dev restoring cod \n");
288 memcpy (p_dev_rec->dev_class, old_cod, DEV_CLASS_LEN);
292 p_dev_rec->bond_type = BOND_TYPE_UNKNOWN; /* Default value */
293 p_dev_rec->sec_flags = BTM_SEC_IN_USE;
295 /* Check with the BT manager if details about remote device are known */
296 /* outgoing connection */
297 if ((p_inq_info = BTM_InqDbRead(bd_addr)) != NULL)
299 memcpy (p_dev_rec->dev_class, p_inq_info->results.dev_class, DEV_CLASS_LEN);
301 #if BLE_INCLUDED == TRUE
302 p_dev_rec->device_type = p_inq_info->results.device_type;
303 p_dev_rec->ble.ble_addr_type = p_inq_info->results.ble_addr_type;
305 /* update conn params, use default value for background connection params */
306 memset(&p_dev_rec->conn_params, 0xff, sizeof(tBTM_LE_CONN_PRAMS));
311 #if BLE_INCLUDED == TRUE
312 /* update conn params, use default value for background connection params */
313 memset(&p_dev_rec->conn_params, 0xff, sizeof(tBTM_LE_CONN_PRAMS));
316 if (!memcmp (bd_addr, btm_cb.connecting_bda, BD_ADDR_LEN))
317 memcpy (p_dev_rec->dev_class, btm_cb.connecting_dc, DEV_CLASS_LEN);
320 memcpy (p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN);
322 #if BLE_INCLUDED == TRUE
323 p_dev_rec->ble_hci_handle = BTM_GetHCIConnHandle (bd_addr, BT_TRANSPORT_LE);
325 p_dev_rec->hci_handle = BTM_GetHCIConnHandle (bd_addr, BT_TRANSPORT_BR_EDR);
326 p_dev_rec->timestamp = btm_cb.dev_rec_count++;
332 /*******************************************************************************
334 ** Function btm_sec_free_dev
336 ** Description Mark device record as not used
338 *******************************************************************************/
339 void btm_sec_free_dev (tBTM_SEC_DEV_REC *p_dev_rec)
341 p_dev_rec->bond_type = BOND_TYPE_UNKNOWN;
342 p_dev_rec->sec_flags = 0;
344 #if BLE_INCLUDED == TRUE
345 /* Clear out any saved BLE keys */
346 btm_sec_clear_ble_keys (p_dev_rec);
352 /*******************************************************************************
354 ** Function btm_dev_support_switch
356 ** Description This function is called by the L2CAP to check if remote
357 ** device supports role switch
359 ** Parameters: bd_addr - Address of the peer device
361 ** Returns TRUE if device is known and role switch is supported
363 *******************************************************************************/
364 BOOLEAN btm_dev_support_switch (BD_ADDR bd_addr)
366 tBTM_SEC_DEV_REC *p_dev_rec;
368 BOOLEAN feature_empty = TRUE;
370 #if BTM_SCO_INCLUDED == TRUE
371 /* Role switch is not allowed if a SCO is up */
372 if (btm_is_sco_active_by_bdaddr(bd_addr))
375 p_dev_rec = btm_find_dev (bd_addr);
376 if (p_dev_rec && controller_get_interface()->supports_master_slave_role_switch())
378 if (HCI_SWITCH_SUPPORTED(p_dev_rec->features[HCI_EXT_FEATURES_PAGE_0]))
380 BTM_TRACE_DEBUG("btm_dev_support_switch return TRUE (feature found)\n");
384 /* If the feature field is all zero, we never received them */
385 for (xx = 0 ; xx < BD_FEATURES_LEN ; xx++)
387 if (p_dev_rec->features[HCI_EXT_FEATURES_PAGE_0][xx] != 0x00)
389 feature_empty = FALSE; /* at least one is != 0 */
394 /* If we don't know peer's capabilities, assume it supports Role-switch */
397 BTM_TRACE_DEBUG("btm_dev_support_switch return TRUE (feature empty)\n");
402 BTM_TRACE_DEBUG("btm_dev_support_switch return FALSE\n");
406 /*******************************************************************************
408 ** Function btm_find_dev_by_handle
410 ** Description Look for the record in the device database for the record
411 ** with specified handle
413 ** Returns Pointer to the record or NULL
415 *******************************************************************************/
416 tBTM_SEC_DEV_REC *btm_find_dev_by_handle (UINT16 handle)
418 tBTM_SEC_DEV_REC *p_dev_rec = &btm_cb.sec_dev_rec[0];
421 for (i = 0; i < BTM_SEC_MAX_DEVICE_RECORDS; i++, p_dev_rec++)
423 if ((p_dev_rec->sec_flags & BTM_SEC_IN_USE)
424 && ((p_dev_rec->hci_handle == handle)
425 #if BLE_INCLUDED == TRUE
426 ||(p_dev_rec->ble_hci_handle == handle)
434 /*******************************************************************************
436 ** Function btm_find_dev
438 ** Description Look for the record in the device database for the record
439 ** with specified BD address
441 ** Returns Pointer to the record or NULL
443 *******************************************************************************/
444 tBTM_SEC_DEV_REC *btm_find_dev(BD_ADDR bd_addr)
446 tBTM_SEC_DEV_REC *p_dev_rec = &btm_cb.sec_dev_rec[0];
450 for (uint8_t i = 0; i < BTM_SEC_MAX_DEVICE_RECORDS; i++, p_dev_rec++)
452 if (p_dev_rec->sec_flags & BTM_SEC_IN_USE)
454 if (!memcmp (p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN))
457 #if BLE_INCLUDED == TRUE
458 // If a LE random address is looking for device record
459 if (!memcmp(p_dev_rec->ble.pseudo_addr, bd_addr, BD_ADDR_LEN))
462 if (btm_ble_addr_resolvable(bd_addr, p_dev_rec))
471 /*******************************************************************************
473 ** Function btm_consolidate_dev
475 ** Description combine security records if identified as same peer
479 *******************************************************************************/
480 void btm_consolidate_dev(tBTM_SEC_DEV_REC *p_target_rec)
482 #if BLE_INCLUDED == TRUE
483 tBTM_SEC_DEV_REC *p_dev_rec = &btm_cb.sec_dev_rec[0];
484 tBTM_SEC_DEV_REC temp_rec = *p_target_rec;
485 BD_ADDR dummy_bda = {0};
487 BTM_TRACE_DEBUG("%s\n", __func__);
489 for (uint8_t i = 0; i < BTM_SEC_MAX_DEVICE_RECORDS; i++, p_dev_rec++)
491 if (p_target_rec!= p_dev_rec && p_dev_rec->sec_flags & BTM_SEC_IN_USE)
493 if (!memcmp (p_dev_rec->bd_addr, p_target_rec->bd_addr, BD_ADDR_LEN))
495 memcpy(p_target_rec, p_dev_rec, sizeof(tBTM_SEC_DEV_REC));
496 p_target_rec->ble = temp_rec.ble;
497 p_target_rec->ble_hci_handle = temp_rec.ble_hci_handle;
498 p_target_rec->enc_key_size = temp_rec.enc_key_size;
499 p_target_rec->conn_params = temp_rec.conn_params;
500 p_target_rec->device_type |= temp_rec.device_type;
501 p_target_rec->sec_flags |= temp_rec.sec_flags;
503 p_target_rec->new_encryption_key_is_p256 = temp_rec.new_encryption_key_is_p256;
504 p_target_rec->no_smp_on_br = temp_rec.no_smp_on_br;
505 p_target_rec->bond_type = temp_rec.bond_type;
506 /* mark the combined record as unused */
507 p_dev_rec->sec_flags &= ~BTM_SEC_IN_USE;
508 p_dev_rec->bond_type = BOND_TYPE_UNKNOWN;
512 /* an RPA device entry is a duplicate of the target record */
513 if (btm_ble_addr_resolvable(p_dev_rec->bd_addr, p_target_rec))
515 if (memcmp(p_target_rec->ble.pseudo_addr, p_dev_rec->bd_addr, BD_ADDR_LEN) == 0)
517 p_target_rec->ble.ble_addr_type = p_dev_rec->ble.ble_addr_type;
518 p_target_rec->device_type |= p_dev_rec->device_type;
519 p_dev_rec->sec_flags &= ~BTM_SEC_IN_USE;
520 p_dev_rec->bond_type = BOND_TYPE_UNKNOWN;
529 /*******************************************************************************
531 ** Function btm_find_or_alloc_dev
533 ** Description Look for the record in the device database for the record
534 ** with specified BD address
536 ** Returns Pointer to the record or NULL
538 *******************************************************************************/
539 tBTM_SEC_DEV_REC *btm_find_or_alloc_dev (BD_ADDR bd_addr)
541 tBTM_SEC_DEV_REC *p_dev_rec;
542 BTM_TRACE_EVENT ("btm_find_or_alloc_dev\n");
543 if ((p_dev_rec = btm_find_dev (bd_addr)) == NULL)
546 /* Allocate a new device record or reuse the oldest one */
547 p_dev_rec = btm_sec_alloc_dev (bd_addr);
552 /*******************************************************************************
554 ** Function btm_find_oldest_dev
556 ** Description Locates the oldest device in use. It first looks for
557 ** the oldest non-paired device. If all devices are paired it
558 ** deletes the oldest paired device.
560 ** Returns Pointer to the record or NULL
562 *******************************************************************************/
563 tBTM_SEC_DEV_REC *btm_find_oldest_dev (void)
565 tBTM_SEC_DEV_REC *p_dev_rec = &btm_cb.sec_dev_rec[0];
566 tBTM_SEC_DEV_REC *p_oldest = p_dev_rec;
567 UINT32 ot = 0xFFFFFFFF;
570 /* First look for the non-paired devices for the oldest entry */
571 for (i = 0; i < BTM_SEC_MAX_DEVICE_RECORDS; i++, p_dev_rec++)
573 if (((p_dev_rec->sec_flags & BTM_SEC_IN_USE) == 0)
574 || ((p_dev_rec->sec_flags & (BTM_SEC_LINK_KEY_KNOWN |BTM_SEC_LE_LINK_KEY_KNOWN)) != 0))
575 continue; /* Device is paired so skip it */
577 if (p_dev_rec->timestamp < ot)
579 p_oldest = p_dev_rec;
580 ot = p_dev_rec->timestamp;
584 if (ot != 0xFFFFFFFF)
587 /* All devices are paired; find the oldest */
588 p_dev_rec = &btm_cb.sec_dev_rec[0];
589 for (i = 0; i < BTM_SEC_MAX_DEVICE_RECORDS; i++, p_dev_rec++)
591 if ((p_dev_rec->sec_flags & BTM_SEC_IN_USE) == 0)
594 if (p_dev_rec->timestamp < ot)
596 p_oldest = p_dev_rec;
597 ot = p_dev_rec->timestamp;
603 /*******************************************************************************
605 ** Function btm_get_bond_type_dev
607 ** Description Get the bond type for a device in the device database
608 ** with specified BD address
610 ** Returns The device bond type if known, otherwise BOND_TYPE_UNKNOWN
612 *******************************************************************************/
613 tBTM_BOND_TYPE btm_get_bond_type_dev(BD_ADDR bd_addr)
615 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bd_addr);
617 if (p_dev_rec == NULL)
618 return BOND_TYPE_UNKNOWN;
620 return p_dev_rec->bond_type;
623 /*******************************************************************************
625 ** Function btm_set_bond_type_dev
627 ** Description Set the bond type for a device in the device database
628 ** with specified BD address
630 ** Returns TRUE on success, otherwise FALSE
632 *******************************************************************************/
633 BOOLEAN btm_set_bond_type_dev(BD_ADDR bd_addr, tBTM_BOND_TYPE bond_type)
635 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bd_addr);
637 if (p_dev_rec == NULL)
640 p_dev_rec->bond_type = bond_type;