1 /****************************************************************************** 2 * 3 * Copyright (C) 1999-2012 Broadcom Corporation 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19 /****************************************************************************** 20 * 21 * This file contains functions for the Bluetooth Device Manager 22 * 23 ******************************************************************************/ 24 25 #include <stddef.h> 26 #include <stdio.h> 27 #include <stdlib.h> 28 #include <string.h> 29 30 #include "bt_common.h" 31 #include "bt_types.h" 32 #include "btm_api.h" 33 #include "btm_int.h" 34 #include "btu.h" 35 #include "device/include/controller.h" 36 #include "hcidefs.h" 37 #include "hcimsgs.h" 38 #include "l2c_api.h" 39 40 /******************************************************************************* 41 * 42 * Function BTM_SecAddDevice 43 * 44 * Description Add/modify device. This function will be normally called 45 * during host startup to restore all required information 46 * stored in the NVRAM. 47 * 48 * Parameters: bd_addr - BD address of the peer 49 * dev_class - Device Class 50 * bd_name - Name of the peer device. NULL if unknown. 51 * features - Remote device's features (up to 3 pages). 52 * NULL if not known 53 * trusted_mask - Bitwise OR of services that do not 54 * require authorization. 55 * (array of uint32_t) 56 * link_key - Connection link key. NULL if unknown. 57 * 58 * Returns true if added OK, else false 59 * 60 ******************************************************************************/ 61 bool BTM_SecAddDevice(BD_ADDR bd_addr, DEV_CLASS dev_class, BD_NAME bd_name, 62 uint8_t* features, uint32_t trusted_mask[], 63 LINK_KEY link_key, uint8_t key_type, tBTM_IO_CAP io_cap, 64 uint8_t pin_length) { 65 BTM_TRACE_API("%s: link key type:%x", __func__, key_type); 66 67 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bd_addr); 68 if (!p_dev_rec) { 69 p_dev_rec = btm_sec_allocate_dev_rec(); 70 71 memcpy(p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN); 72 p_dev_rec->hci_handle = BTM_GetHCIConnHandle(bd_addr, BT_TRANSPORT_BR_EDR); 73 74 /* use default value for background connection params */ 75 /* update conn params, use default value for background connection params */ 76 memset(&p_dev_rec->conn_params, 0xff, sizeof(tBTM_LE_CONN_PRAMS)); 77 } else { 78 /* "Bump" timestamp for existing record */ 79 p_dev_rec->timestamp = btm_cb.dev_rec_count++; 80 81 /* TODO(eisenbach): 82 * Small refactor, but leaving original logic for now. 83 * On the surface, this does not make any sense at all. Why change the 84 * bond state for an existing device here? This logic should be verified 85 * as part of a larger refactor. 86 */ 87 p_dev_rec->bond_type = BOND_TYPE_UNKNOWN; 88 } 89 90 if (dev_class) memcpy(p_dev_rec->dev_class, dev_class, DEV_CLASS_LEN); 91 92 memset(p_dev_rec->sec_bd_name, 0, sizeof(tBTM_BD_NAME)); 93 94 if (bd_name && bd_name[0]) { 95 p_dev_rec->sec_flags |= BTM_SEC_NAME_KNOWN; 96 strlcpy((char*)p_dev_rec->sec_bd_name, (char*)bd_name, 97 BTM_MAX_REM_BD_NAME_LEN); 98 } 99 100 p_dev_rec->num_read_pages = 0; 101 if (features) { 102 bool found = false; 103 memcpy(p_dev_rec->feature_pages, features, 104 sizeof(p_dev_rec->feature_pages)); 105 for (int i = HCI_EXT_FEATURES_PAGE_MAX; !found && i >= 0; i--) { 106 for (int j = 0; j < HCI_FEATURE_BYTES_PER_PAGE; j++) { 107 if (p_dev_rec->feature_pages[i][j] != 0) { 108 found = true; 109 p_dev_rec->num_read_pages = i + 1; 110 break; 111 } 112 } 113 } 114 } else { 115 memset(p_dev_rec->feature_pages, 0, sizeof(p_dev_rec->feature_pages)); 116 } 117 118 BTM_SEC_COPY_TRUSTED_DEVICE(trusted_mask, p_dev_rec->trusted_mask); 119 120 if (link_key) { 121 BTM_TRACE_EVENT("%s: BDA: %02x:%02x:%02x:%02x:%02x:%02x", __func__, 122 bd_addr[0], bd_addr[1], bd_addr[2], bd_addr[3], bd_addr[4], 123 bd_addr[5]); 124 p_dev_rec->sec_flags |= BTM_SEC_LINK_KEY_KNOWN; 125 memcpy(p_dev_rec->link_key, link_key, LINK_KEY_LEN); 126 p_dev_rec->link_key_type = key_type; 127 p_dev_rec->pin_code_length = pin_length; 128 129 if (pin_length >= 16 || key_type == BTM_LKEY_TYPE_AUTH_COMB || 130 key_type == BTM_LKEY_TYPE_AUTH_COMB_P_256) { 131 // Set the flag if the link key was made by using either a 16 digit 132 // pin or MITM. 133 p_dev_rec->sec_flags |= 134 BTM_SEC_16_DIGIT_PIN_AUTHED | BTM_SEC_LINK_KEY_AUTHED; 135 } 136 } 137 138 #if (BTIF_MIXED_MODE_INCLUDED == TRUE) 139 if (key_type < BTM_MAX_PRE_SM4_LKEY_TYPE) 140 p_dev_rec->sm4 = BTM_SM4_KNOWN; 141 else 142 p_dev_rec->sm4 = BTM_SM4_TRUE; 143 #endif 144 145 p_dev_rec->rmt_io_caps = io_cap; 146 p_dev_rec->device_type |= BT_DEVICE_TYPE_BREDR; 147 148 return true; 149 } 150 151 /******************************************************************************* 152 * 153 * Function BTM_SecDeleteDevice 154 * 155 * Description Free resources associated with the device. 156 * 157 * Parameters: bd_addr - BD address of the peer 158 * 159 * Returns true if removed OK, false if not found or ACL link is active 160 * 161 ******************************************************************************/ 162 bool BTM_SecDeleteDevice(BD_ADDR bd_addr) { 163 if (BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_LE) || 164 BTM_IsAclConnectionUp(bd_addr, BT_TRANSPORT_BR_EDR)) { 165 BTM_TRACE_WARNING("%s FAILED: Cannot Delete when connection is active", 166 __func__); 167 return false; 168 } 169 170 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bd_addr); 171 if (p_dev_rec != NULL) { 172 btm_sec_free_dev(p_dev_rec); 173 /* Tell controller to get rid of the link key, if it has one stored */ 174 BTM_DeleteStoredLinkKey(p_dev_rec->bd_addr, NULL); 175 } 176 177 return true; 178 } 179 180 /******************************************************************************* 181 * 182 * Function BTM_SecClearSecurityFlags 183 * 184 * Description Reset the security flags (mark as not-paired) for a given 185 * remove device. 186 * 187 ******************************************************************************/ 188 extern void BTM_SecClearSecurityFlags(BD_ADDR bd_addr) { 189 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bd_addr); 190 if (p_dev_rec == NULL) return; 191 192 p_dev_rec->sec_flags = 0; 193 p_dev_rec->sec_state = BTM_SEC_STATE_IDLE; 194 p_dev_rec->sm4 = BTM_SM4_UNKNOWN; 195 } 196 197 /******************************************************************************* 198 * 199 * Function BTM_SecReadDevName 200 * 201 * Description Looks for the device name in the security database for the 202 * specified BD address. 203 * 204 * Returns Pointer to the name or NULL 205 * 206 ******************************************************************************/ 207 char* BTM_SecReadDevName(BD_ADDR bd_addr) { 208 char* p_name = NULL; 209 tBTM_SEC_DEV_REC* p_srec; 210 211 p_srec = btm_find_dev(bd_addr); 212 if (p_srec != NULL) p_name = (char*)p_srec->sec_bd_name; 213 214 return (p_name); 215 } 216 217 bool is_bd_addr_equal(void* data, void* context) { 218 tBTM_SEC_DEV_REC* p_dev_rec = static_cast<tBTM_SEC_DEV_REC*>(data); 219 BD_ADDR* bd_addr = static_cast<BD_ADDR*>(context); 220 221 if (!memcmp(p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN)) return false; 222 223 return true; 224 } 225 226 /******************************************************************************* 227 * 228 * Function btm_sec_alloc_dev 229 * 230 * Description Look for the record in the device database for the record 231 * with specified address 232 * 233 * Returns Pointer to the record or NULL 234 * 235 ******************************************************************************/ 236 tBTM_SEC_DEV_REC* btm_sec_alloc_dev(BD_ADDR bd_addr) { 237 tBTM_INQ_INFO* p_inq_info; 238 BTM_TRACE_EVENT("btm_sec_alloc_dev"); 239 240 tBTM_SEC_DEV_REC* p_dev_rec = btm_sec_allocate_dev_rec(); 241 242 /* Check with the BT manager if details about remote device are known */ 243 /* outgoing connection */ 244 p_inq_info = BTM_InqDbRead(bd_addr); 245 if (p_inq_info != NULL) { 246 memcpy(p_dev_rec->dev_class, p_inq_info->results.dev_class, DEV_CLASS_LEN); 247 248 p_dev_rec->device_type = p_inq_info->results.device_type; 249 p_dev_rec->ble.ble_addr_type = p_inq_info->results.ble_addr_type; 250 } else if (!memcmp(bd_addr, btm_cb.connecting_bda, BD_ADDR_LEN)) 251 memcpy(p_dev_rec->dev_class, btm_cb.connecting_dc, DEV_CLASS_LEN); 252 253 /* update conn params, use default value for background connection params */ 254 memset(&p_dev_rec->conn_params, 0xff, sizeof(tBTM_LE_CONN_PRAMS)); 255 256 memcpy(p_dev_rec->bd_addr, bd_addr, BD_ADDR_LEN); 257 258 p_dev_rec->ble_hci_handle = BTM_GetHCIConnHandle(bd_addr, BT_TRANSPORT_LE); 259 p_dev_rec->hci_handle = BTM_GetHCIConnHandle(bd_addr, BT_TRANSPORT_BR_EDR); 260 261 return (p_dev_rec); 262 } 263 264 /******************************************************************************* 265 * 266 * Function btm_sec_free_dev 267 * 268 * Description Mark device record as not used 269 * 270 ******************************************************************************/ 271 void btm_sec_free_dev(tBTM_SEC_DEV_REC* p_dev_rec) { 272 /* Clear out any saved BLE keys */ 273 btm_sec_clear_ble_keys(p_dev_rec); 274 list_remove(btm_cb.sec_dev_rec, p_dev_rec); 275 } 276 277 /******************************************************************************* 278 * 279 * Function btm_dev_support_switch 280 * 281 * Description This function is called by the L2CAP to check if remote 282 * device supports role switch 283 * 284 * Parameters: bd_addr - Address of the peer device 285 * 286 * Returns true if device is known and role switch is supported 287 * 288 ******************************************************************************/ 289 bool btm_dev_support_switch(BD_ADDR bd_addr) { 290 tBTM_SEC_DEV_REC* p_dev_rec; 291 uint8_t xx; 292 bool feature_empty = true; 293 294 #if (BTM_SCO_INCLUDED == TRUE) 295 /* Role switch is not allowed if a SCO is up */ 296 if (btm_is_sco_active_by_bdaddr(bd_addr)) return (false); 297 #endif 298 p_dev_rec = btm_find_dev(bd_addr); 299 if (p_dev_rec && 300 controller_get_interface()->supports_master_slave_role_switch()) { 301 if (HCI_SWITCH_SUPPORTED(p_dev_rec->feature_pages[0])) { 302 BTM_TRACE_DEBUG("btm_dev_support_switch return true (feature found)"); 303 return (true); 304 } 305 306 /* If the feature field is all zero, we never received them */ 307 for (xx = 0; xx < BD_FEATURES_LEN; xx++) { 308 if (p_dev_rec->feature_pages[0][xx] != 0x00) { 309 feature_empty = false; /* at least one is != 0 */ 310 break; 311 } 312 } 313 314 /* If we don't know peer's capabilities, assume it supports Role-switch */ 315 if (feature_empty) { 316 BTM_TRACE_DEBUG("btm_dev_support_switch return true (feature empty)"); 317 return (true); 318 } 319 } 320 321 BTM_TRACE_DEBUG("btm_dev_support_switch return false"); 322 return (false); 323 } 324 325 bool is_handle_equal(void* data, void* context) { 326 tBTM_SEC_DEV_REC* p_dev_rec = static_cast<tBTM_SEC_DEV_REC*>(data); 327 uint16_t* handle = static_cast<uint16_t*>(context); 328 329 if (p_dev_rec->hci_handle == *handle || p_dev_rec->ble_hci_handle == *handle) 330 return false; 331 332 return true; 333 } 334 335 /******************************************************************************* 336 * 337 * Function btm_find_dev_by_handle 338 * 339 * Description Look for the record in the device database for the record 340 * with specified handle 341 * 342 * Returns Pointer to the record or NULL 343 * 344 ******************************************************************************/ 345 tBTM_SEC_DEV_REC* btm_find_dev_by_handle(uint16_t handle) { 346 list_node_t* n = list_foreach(btm_cb.sec_dev_rec, is_handle_equal, &handle); 347 if (n) return static_cast<tBTM_SEC_DEV_REC*>(list_node(n)); 348 349 return NULL; 350 } 351 352 bool is_address_equal(void* data, void* context) { 353 tBTM_SEC_DEV_REC* p_dev_rec = static_cast<tBTM_SEC_DEV_REC*>(data); 354 BD_ADDR* bd_addr = static_cast<BD_ADDR*>(context); 355 356 if (!memcmp(p_dev_rec->bd_addr, *bd_addr, BD_ADDR_LEN)) return false; 357 // If a LE random address is looking for device record 358 if (!memcmp(p_dev_rec->ble.pseudo_addr, *bd_addr, BD_ADDR_LEN)) return false; 359 360 if (btm_ble_addr_resolvable(*bd_addr, p_dev_rec)) return false; 361 return true; 362 } 363 364 /******************************************************************************* 365 * 366 * Function btm_find_dev 367 * 368 * Description Look for the record in the device database for the record 369 * with specified BD address 370 * 371 * Returns Pointer to the record or NULL 372 * 373 ******************************************************************************/ 374 tBTM_SEC_DEV_REC* btm_find_dev(const BD_ADDR bd_addr) { 375 if (!bd_addr) return NULL; 376 377 list_node_t* n = 378 list_foreach(btm_cb.sec_dev_rec, is_address_equal, (void*)bd_addr); 379 if (n) return static_cast<tBTM_SEC_DEV_REC*>(list_node(n)); 380 381 return NULL; 382 } 383 384 /******************************************************************************* 385 * 386 * Function btm_consolidate_dev 387 5** 388 * Description combine security records if identified as same peer 389 * 390 * Returns none 391 * 392 ******************************************************************************/ 393 void btm_consolidate_dev(tBTM_SEC_DEV_REC* p_target_rec) { 394 tBTM_SEC_DEV_REC temp_rec = *p_target_rec; 395 396 BTM_TRACE_DEBUG("%s", __func__); 397 398 list_node_t* end = list_end(btm_cb.sec_dev_rec); 399 for (list_node_t* node = list_begin(btm_cb.sec_dev_rec); node != end; 400 node = list_next(node)) { 401 tBTM_SEC_DEV_REC* p_dev_rec = 402 static_cast<tBTM_SEC_DEV_REC*>(list_node(node)); 403 404 if (p_target_rec == p_dev_rec) continue; 405 406 if (!memcmp(p_dev_rec->bd_addr, p_target_rec->bd_addr, BD_ADDR_LEN)) { 407 memcpy(p_target_rec, p_dev_rec, sizeof(tBTM_SEC_DEV_REC)); 408 p_target_rec->ble = temp_rec.ble; 409 p_target_rec->ble_hci_handle = temp_rec.ble_hci_handle; 410 p_target_rec->enc_key_size = temp_rec.enc_key_size; 411 p_target_rec->conn_params = temp_rec.conn_params; 412 p_target_rec->device_type |= temp_rec.device_type; 413 p_target_rec->sec_flags |= temp_rec.sec_flags; 414 415 p_target_rec->new_encryption_key_is_p256 = 416 temp_rec.new_encryption_key_is_p256; 417 p_target_rec->no_smp_on_br = temp_rec.no_smp_on_br; 418 p_target_rec->bond_type = temp_rec.bond_type; 419 420 /* remove the combined record */ 421 list_remove(btm_cb.sec_dev_rec, p_dev_rec); 422 break; 423 } 424 425 /* an RPA device entry is a duplicate of the target record */ 426 if (btm_ble_addr_resolvable(p_dev_rec->bd_addr, p_target_rec)) { 427 if (memcmp(p_target_rec->ble.pseudo_addr, p_dev_rec->bd_addr, 428 BD_ADDR_LEN) == 0) { 429 p_target_rec->ble.ble_addr_type = p_dev_rec->ble.ble_addr_type; 430 p_target_rec->device_type |= p_dev_rec->device_type; 431 432 /* remove the combined record */ 433 list_remove(btm_cb.sec_dev_rec, p_dev_rec); 434 } 435 break; 436 } 437 } 438 } 439 440 /******************************************************************************* 441 * 442 * Function btm_find_or_alloc_dev 443 * 444 * Description Look for the record in the device database for the record 445 * with specified BD address 446 * 447 * Returns Pointer to the record or NULL 448 * 449 ******************************************************************************/ 450 tBTM_SEC_DEV_REC* btm_find_or_alloc_dev(BD_ADDR bd_addr) { 451 tBTM_SEC_DEV_REC* p_dev_rec; 452 BTM_TRACE_EVENT("btm_find_or_alloc_dev"); 453 p_dev_rec = btm_find_dev(bd_addr); 454 if (p_dev_rec == NULL) { 455 /* Allocate a new device record or reuse the oldest one */ 456 p_dev_rec = btm_sec_alloc_dev(bd_addr); 457 } 458 return (p_dev_rec); 459 } 460 461 /******************************************************************************* 462 * 463 * Function btm_find_oldest_dev_rec 464 * 465 * Description Locates the oldest device in use. It first looks for 466 * the oldest non-paired device. If all devices are paired it 467 * returns the oldest paired device. 468 * 469 * Returns Pointer to the record or NULL 470 * 471 ******************************************************************************/ 472 static tBTM_SEC_DEV_REC* btm_find_oldest_dev_rec(void) { 473 tBTM_SEC_DEV_REC* p_oldest = NULL; 474 uint32_t ts_oldest = 0xFFFFFFFF; 475 tBTM_SEC_DEV_REC* p_oldest_paired = NULL; 476 uint32_t ts_oldest_paired = 0xFFFFFFFF; 477 478 list_node_t* end = list_end(btm_cb.sec_dev_rec); 479 for (list_node_t* node = list_begin(btm_cb.sec_dev_rec); node != end; 480 node = list_next(node)) { 481 tBTM_SEC_DEV_REC* p_dev_rec = 482 static_cast<tBTM_SEC_DEV_REC*>(list_node(node)); 483 484 if ((p_dev_rec->sec_flags & 485 (BTM_SEC_LINK_KEY_KNOWN | BTM_SEC_LE_LINK_KEY_KNOWN)) == 0) { 486 // Device is not paired 487 if (p_dev_rec->timestamp < ts_oldest) { 488 p_oldest = p_dev_rec; 489 ts_oldest = p_dev_rec->timestamp; 490 } 491 } else { 492 // Paired device 493 if (p_dev_rec->timestamp < ts_oldest_paired) { 494 p_oldest_paired = p_dev_rec; 495 ts_oldest_paired = p_dev_rec->timestamp; 496 } 497 } 498 } 499 500 // If we did not find any non-paired devices, use the oldest paired one... 501 if (ts_oldest == 0xFFFFFFFF) p_oldest = p_oldest_paired; 502 503 return p_oldest; 504 } 505 506 /******************************************************************************* 507 * 508 * Function btm_sec_allocate_dev_rec 509 * 510 * Description Attempts to allocate a new device record. If we have 511 * exceeded the maximum number of allowable records to 512 * allocate, the oldest record will be deleted to make room 513 * for the new record. 514 * 515 * Returns Pointer to the newly allocated record 516 * 517 ******************************************************************************/ 518 tBTM_SEC_DEV_REC* btm_sec_allocate_dev_rec(void) { 519 tBTM_SEC_DEV_REC* p_dev_rec = NULL; 520 521 if (list_length(btm_cb.sec_dev_rec) > BTM_SEC_MAX_DEVICE_RECORDS) { 522 p_dev_rec = btm_find_oldest_dev_rec(); 523 list_remove(btm_cb.sec_dev_rec, p_dev_rec); 524 } 525 526 p_dev_rec = 527 static_cast<tBTM_SEC_DEV_REC*>(osi_calloc(sizeof(tBTM_SEC_DEV_REC))); 528 list_append(btm_cb.sec_dev_rec, p_dev_rec); 529 530 // Initialize defaults 531 p_dev_rec->sec_flags = BTM_SEC_IN_USE; 532 p_dev_rec->bond_type = BOND_TYPE_UNKNOWN; 533 p_dev_rec->timestamp = btm_cb.dev_rec_count++; 534 p_dev_rec->rmt_io_caps = BTM_IO_CAP_UNKNOWN; 535 536 return p_dev_rec; 537 } 538 539 /******************************************************************************* 540 * 541 * Function btm_get_bond_type_dev 542 * 543 * Description Get the bond type for a device in the device database 544 * with specified BD address 545 * 546 * Returns The device bond type if known, otherwise BOND_TYPE_UNKNOWN 547 * 548 ******************************************************************************/ 549 tBTM_BOND_TYPE btm_get_bond_type_dev(BD_ADDR bd_addr) { 550 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bd_addr); 551 552 if (p_dev_rec == NULL) return BOND_TYPE_UNKNOWN; 553 554 return p_dev_rec->bond_type; 555 } 556 557 /******************************************************************************* 558 * 559 * Function btm_set_bond_type_dev 560 * 561 * Description Set the bond type for a device in the device database 562 * with specified BD address 563 * 564 * Returns true on success, otherwise false 565 * 566 ******************************************************************************/ 567 bool btm_set_bond_type_dev(BD_ADDR bd_addr, tBTM_BOND_TYPE bond_type) { 568 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(bd_addr); 569 570 if (p_dev_rec == NULL) return false; 571 572 p_dev_rec->bond_type = bond_type; 573 return true; 574 } 575
