3 * BlueZ - Bluetooth protocol stack for Linux
5 * Copyright (C) 2011-2012 Intel Corporation
6 * Copyright (C) 2004-2010 Marcel Holtmann <marcel@holtmann.org>
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
33 #include <sys/socket.h>
36 #include "lib/bluetooth.h"
39 #include "src/shared/util.h"
40 #include "src/shared/crypto.h"
41 #include "src/shared/ecc.h"
42 #include "src/shared/mainloop.h"
43 #include "monitor/bt.h"
48 #define WHITE_LIST_SIZE 16
49 #define RESOLV_LIST_SIZE 16
50 #define SCAN_CACHE_SIZE 64
52 #define DEFAULT_TX_LEN 0x001b
53 #define DEFAULT_TX_TIME 0x0148
54 #define MAX_TX_LEN 0x00fb
55 #define MAX_TX_TIME 0x0848
56 #define MAX_RX_LEN 0x00fb
57 #define MAX_RX_TIME 0x0848
65 volatile int ref_count;
68 struct bt_crypto *crypto;
71 uint8_t event_mask[16];
72 uint16_t manufacturer;
77 uint8_t le_event_mask[8];
80 uint8_t le_features[8];
81 uint8_t le_random_addr[6];
82 uint16_t le_adv_min_interval;
83 uint16_t le_adv_max_interval;
85 uint8_t le_adv_own_addr_type;
86 uint8_t le_adv_direct_addr_type;
87 uint8_t le_adv_direct_addr[6];
88 uint8_t le_adv_channel_map;
89 uint8_t le_adv_filter_policy;
90 int8_t le_adv_tx_power;
91 uint8_t le_adv_data_len;
92 uint8_t le_adv_data[31];
93 uint8_t le_scan_rsp_data_len;
94 uint8_t le_scan_rsp_data[31];
95 uint8_t le_adv_enable;
97 uint16_t le_scan_interval;
98 uint16_t le_scan_window;
99 uint8_t le_scan_own_addr_type;
100 uint8_t le_scan_filter_policy;
101 uint8_t le_scan_enable;
102 uint8_t le_scan_filter_dup;
104 uint8_t le_conn_peer_addr_type;
105 uint8_t le_conn_peer_addr[6];
106 uint8_t le_conn_own_addr_type;
107 uint8_t le_conn_enable;
109 uint8_t le_white_list_size;
110 uint8_t le_white_list[WHITE_LIST_SIZE][7];
111 uint8_t le_states[8];
113 uint16_t le_default_tx_len;
114 uint16_t le_default_tx_time;
115 uint8_t le_local_sk256[32];
116 uint8_t le_resolv_list[RESOLV_LIST_SIZE][39];
117 uint8_t le_resolv_list_size;
118 uint8_t le_resolv_enable;
119 uint16_t le_resolv_timeout;
121 struct bt_peer scan_cache[SCAN_CACHE_SIZE];
122 uint8_t scan_cache_count;
125 static bool is_in_white_list(struct bt_le *hci, uint8_t addr_type,
126 const uint8_t addr[6])
130 for (i = 0; i < hci->le_white_list_size; i++) {
131 if (hci->le_white_list[i][0] == addr_type &&
132 !memcmp(&hci->le_white_list[i][1], addr, 6))
139 static void clear_white_list(struct bt_le *hci)
143 for (i = 0; i < hci->le_white_list_size; i++) {
144 hci->le_white_list[i][0] = 0xff;
145 memset(&hci->le_white_list[i][1], 0, 6);
149 static void resolve_peer_addr(struct bt_le *hci, uint8_t peer_addr_type,
150 const uint8_t peer_addr[6],
151 uint8_t *addr_type, uint8_t addr[6])
155 if (!hci->le_resolv_enable)
158 if (peer_addr_type != 0x01)
161 if ((peer_addr[5] & 0xc0) != 0x40)
164 for (i = 0; i < hci->le_resolv_list_size; i++) {
165 uint8_t local_hash[3];
167 if (hci->le_resolv_list[i][0] == 0xff)
170 bt_crypto_ah(hci->crypto, &hci->le_resolv_list[i][7],
171 peer_addr + 3, local_hash);
173 if (!memcmp(peer_addr, local_hash, 3)) {
174 switch (hci->le_resolv_list[i][0]) {
184 memcpy(addr, &hci->le_resolv_list[i][1], 6);
190 *addr_type = peer_addr_type;
191 memcpy(addr, peer_addr, 6);
194 static void clear_resolv_list(struct bt_le *hci)
198 for (i = 0; i < hci->le_resolv_list_size; i++) {
199 hci->le_resolv_list[i][0] = 0xff;
200 memset(&hci->le_resolv_list[i][1], 0, 38);
204 static void reset_defaults(struct bt_le *hci)
206 memset(hci->event_mask, 0, sizeof(hci->event_mask));
207 hci->event_mask[0] |= 0x10; /* Disconnection Complete */
208 hci->event_mask[0] |= 0x80; /* Encryption Change */
209 hci->event_mask[1] |= 0x08; /* Read Remote Version Information Complete */
210 hci->event_mask[1] |= 0x20; /* Command Complete */
211 hci->event_mask[1] |= 0x40; /* Command Status */
212 hci->event_mask[1] |= 0x80; /* Hardware Error */
213 hci->event_mask[2] |= 0x04; /* Number of Completed Packets */
214 hci->event_mask[3] |= 0x02; /* Data Buffer Overflow */
215 hci->event_mask[5] |= 0x80; /* Encryption Key Refresh Complete */
216 //hci->event_mask[7] |= 0x20; /* LE Meta Event */
218 hci->manufacturer = 0x003f; /* Bluetooth SIG (63) */
220 memset(hci->commands, 0, sizeof(hci->commands));
221 hci->commands[0] |= 0x20; /* Disconnect */
222 //hci->commands[2] |= 0x80; /* Read Remote Version Information */
223 hci->commands[5] |= 0x40; /* Set Event Mask */
224 hci->commands[5] |= 0x80; /* Reset */
225 //hci->commands[10] |= 0x04; /* Read Transmit Power Level */
226 hci->commands[14] |= 0x08; /* Read Local Version Information */
227 hci->commands[14] |= 0x10; /* Read Local Supported Commands */
228 hci->commands[14] |= 0x20; /* Read Local Supported Features */
229 hci->commands[14] |= 0x80; /* Read Buffer Size */
230 hci->commands[15] |= 0x02; /* Read BD ADDR */
231 //hci->commands[15] |= 0x20; /* Read RSSI */
232 hci->commands[22] |= 0x04; /* Set Event Mask Page 2 */
233 hci->commands[25] |= 0x01; /* LE Set Event Mask */
234 hci->commands[25] |= 0x02; /* LE Read Buffer Size */
235 hci->commands[25] |= 0x04; /* LE Read Local Supported Features */
236 hci->commands[25] |= 0x10; /* LE Set Random Address */
237 hci->commands[25] |= 0x20; /* LE Set Advertising Parameters */
238 hci->commands[25] |= 0x40; /* LE Read Advertising Channel TX Power */
239 hci->commands[25] |= 0x80; /* LE Set Advertising Data */
240 hci->commands[26] |= 0x01; /* LE Set Scan Response Data */
241 hci->commands[26] |= 0x02; /* LE Set Advertise Enable */
242 hci->commands[26] |= 0x04; /* LE Set Scan Parameters */
243 hci->commands[26] |= 0x08; /* LE Set Scan Enable */
244 hci->commands[26] |= 0x10; /* LE Create Connection */
245 hci->commands[26] |= 0x20; /* LE Create Connection Cancel */
246 hci->commands[26] |= 0x40; /* LE Read White List Size */
247 hci->commands[26] |= 0x80; /* LE Clear White List */
248 hci->commands[27] |= 0x01; /* LE Add Device To White List */
249 hci->commands[27] |= 0x02; /* LE Remove Device From White List */
250 //hci->commands[27] |= 0x04; /* LE Connection Update */
251 //hci->commands[27] |= 0x08; /* LE Set Host Channel Classification */
252 //hci->commands[27] |= 0x10; /* LE Read Channel Map */
253 //hci->commands[27] |= 0x20; /* LE Read Remote Used Features */
254 hci->commands[27] |= 0x40; /* LE Encrypt */
255 hci->commands[27] |= 0x80; /* LE Rand */
256 //hci->commands[28] |= 0x01; /* LE Start Encryption */
257 //hci->commands[28] |= 0x02; /* LE Long Term Key Request Reply */
258 //hci->commands[28] |= 0x04; /* LE Long Term Key Request Negative Reply */
259 hci->commands[28] |= 0x08; /* LE Read Supported States */
260 //hci->commands[28] |= 0x10; /* LE Receiver Test */
261 //hci->commands[28] |= 0x20; /* LE Transmitter Test */
262 //hci->commands[28] |= 0x40; /* LE Test End */
263 //hci->commands[33] |= 0x10; /* LE Remote Connection Parameter Request Reply */
264 //hci->commands[33] |= 0x20; /* LE Remote Connection Parameter Request Negative Reply */
265 hci->commands[33] |= 0x40; /* LE Set Data Length */
266 hci->commands[33] |= 0x80; /* LE Read Suggested Default Data Length */
267 hci->commands[34] |= 0x01; /* LE Write Suggested Default Data Length */
268 hci->commands[34] |= 0x02; /* LE Read Local P-256 Public Key */
269 hci->commands[34] |= 0x04; /* LE Generate DHKey */
270 hci->commands[34] |= 0x08; /* LE Add Device To Resolving List */
271 hci->commands[34] |= 0x10; /* LE Remove Device From Resolving List */
272 hci->commands[34] |= 0x20; /* LE Clear Resolving List */
273 hci->commands[34] |= 0x40; /* LE Read Resolving List Size */
274 hci->commands[34] |= 0x80; /* LE Read Peer Resolvable Address */
275 hci->commands[35] |= 0x01; /* LE Read Local Resolvable Address */
276 hci->commands[35] |= 0x02; /* LE Set Address Resolution Enable */
277 hci->commands[35] |= 0x04; /* LE Set Resolvable Private Address Timeout */
278 hci->commands[35] |= 0x08; /* LE Read Maximum Data Length */
280 memset(hci->features, 0, sizeof(hci->features));
281 hci->features[4] |= 0x20; /* BR/EDR Not Supported */
282 hci->features[4] |= 0x40; /* LE Supported */
284 memset(hci->bdaddr, 0, sizeof(hci->bdaddr));
286 memset(hci->le_event_mask, 0, sizeof(hci->le_event_mask));
287 hci->le_event_mask[0] |= 0x01; /* LE Connection Complete */
288 hci->le_event_mask[0] |= 0x02; /* LE Advertising Report */
289 hci->le_event_mask[0] |= 0x04; /* LE Connection Update Complete */
290 hci->le_event_mask[0] |= 0x08; /* LE Read Remote Used Features Complete */
291 hci->le_event_mask[0] |= 0x10; /* LE Long Term Key Request */
292 //hci->le_event_mask[0] |= 0x20; /* LE Remote Connection Parameter Request */
293 //hci->le_event_mask[0] |= 0x40; /* LE Data Length Change */
294 //hci->le_event_mask[0] |= 0x80; /* LE Read Local P-256 Public Key Complete */
295 //hci->le_event_mask[1] |= 0x01; /* LE Generate DHKey Complete */
296 //hci->le_event_mask[1] |= 0x02; /* LE Enhanced Connection Complete */
297 //hci->le_event_mask[1] |= 0x04; /* LE Direct Advertising Report */
302 memset(hci->le_features, 0, sizeof(hci->le_features));
303 hci->le_features[0] |= 0x01; /* LE Encryption */
304 //hci->le_features[0] |= 0x02; /* Connection Parameter Request Procedure */
305 //hci->le_features[0] |= 0x04; /* Extended Reject Indication */
306 //hci->le_features[0] |= 0x08; /* Slave-initiated Features Exchange */
307 hci->le_features[0] |= 0x10; /* LE Ping */
308 hci->le_features[0] |= 0x20; /* LE Data Packet Length Extension */
309 hci->le_features[0] |= 0x40; /* LL Privacy */
310 hci->le_features[0] |= 0x80; /* Extended Scanner Filter Policies */
312 memset(hci->le_random_addr, 0, sizeof(hci->le_random_addr));
314 hci->le_adv_min_interval = 0x0800;
315 hci->le_adv_max_interval = 0x0800;
316 hci->le_adv_type = 0x00;
317 hci->le_adv_own_addr_type = 0x00;
318 hci->le_adv_direct_addr_type = 0x00;
319 memset(hci->le_adv_direct_addr, 0, 6);
320 hci->le_adv_channel_map = 0x07;
321 hci->le_adv_filter_policy = 0x00;
323 hci->le_adv_tx_power = 0;
325 memset(hci->le_adv_data, 0, sizeof(hci->le_adv_data));
326 hci->le_adv_data_len = 0;
328 memset(hci->le_scan_rsp_data, 0, sizeof(hci->le_scan_rsp_data));
329 hci->le_scan_rsp_data_len = 0;
331 hci->le_adv_enable = 0x00;
333 hci->le_scan_type = 0x00; /* Passive Scanning */
334 hci->le_scan_interval = 0x0010; /* 10 ms */
335 hci->le_scan_window = 0x0010; /* 10 ms */
336 hci->le_scan_own_addr_type = 0x00; /* Public Device Address */
337 hci->le_scan_filter_policy = 0x00;
338 hci->le_scan_enable = 0x00;
339 hci->le_scan_filter_dup = 0x00;
341 hci->le_conn_enable = 0x00;
343 hci->le_white_list_size = WHITE_LIST_SIZE;
344 clear_white_list(hci);
346 memset(hci->le_states, 0, sizeof(hci->le_states));
347 hci->le_states[0] |= 0x01; /* Non-connectable Advertising */
348 hci->le_states[0] |= 0x02; /* Scannable Advertising */
349 hci->le_states[0] |= 0x04; /* Connectable Advertising */
350 hci->le_states[0] |= 0x08; /* High Duty Cycle Directed Advertising */
351 hci->le_states[0] |= 0x10; /* Passive Scanning */
352 hci->le_states[0] |= 0x20; /* Active Scanning */
353 hci->le_states[0] |= 0x40; /* Initiating + Connection (Master Role) */
354 hci->le_states[0] |= 0x80; /* Connection (Slave Role) */
355 hci->le_states[1] |= 0x01; /* Passive Scanning +
356 * Non-connectable Advertising */
358 hci->le_default_tx_len = DEFAULT_TX_LEN;
359 hci->le_default_tx_time = DEFAULT_TX_TIME;
361 memset(hci->le_local_sk256, 0, sizeof(hci->le_local_sk256));
363 hci->le_resolv_list_size = RESOLV_LIST_SIZE;
364 clear_resolv_list(hci);
365 hci->le_resolv_enable = 0x00;
366 hci->le_resolv_timeout = 0x0384; /* 900 secs or 15 minutes */
369 static void clear_scan_cache(struct bt_le *hci)
371 memset(hci->scan_cache, 0, sizeof(hci->scan_cache));
372 hci->scan_cache_count = 0;
375 static bool add_to_scan_cache(struct bt_le *hci, uint8_t addr_type,
376 const uint8_t addr[6])
380 for (i = 0; i < hci->scan_cache_count; i++) {
381 if (hci->scan_cache[i].addr_type == addr_type &&
382 !memcmp(hci->scan_cache[i].addr, addr, 6))
386 if (hci->scan_cache_count >= SCAN_CACHE_SIZE)
389 hci->scan_cache[hci->scan_cache_count].addr_type = addr_type;
390 memcpy(hci->scan_cache[hci->scan_cache_count].addr, addr, 6);
391 hci->scan_cache_count++;
396 static void send_event(struct bt_le *hci, uint8_t event,
397 void *data, uint8_t size)
399 uint8_t type = BT_H4_EVT_PKT;
400 struct bt_hci_evt_hdr hdr;
407 iov[0].iov_base = &type;
409 iov[1].iov_base = &hdr;
410 iov[1].iov_len = sizeof(hdr);
413 iov[2].iov_base = data;
414 iov[2].iov_len = size;
419 if (writev(hci->vhci_fd, iov, iovcnt) < 0)
420 fprintf(stderr, "Write to /dev/vhci failed (%m)\n");
423 static void send_adv_pkt(struct bt_le *hci)
425 struct bt_phy_pkt_adv pkt;
427 memset(&pkt, 0, sizeof(pkt));
428 pkt.pdu_type = hci->le_adv_type;
429 pkt.tx_addr_type = hci->le_adv_own_addr_type;
430 switch (hci->le_adv_own_addr_type) {
433 memcpy(pkt.tx_addr, hci->bdaddr, 6);
437 memcpy(pkt.tx_addr, hci->le_random_addr, 6);
440 pkt.rx_addr_type = hci->le_adv_direct_addr_type;
441 memcpy(pkt.rx_addr, hci->le_adv_direct_addr, 6);
442 pkt.adv_data_len = hci->le_adv_data_len;
443 pkt.scan_rsp_len = hci->le_scan_rsp_data_len;
445 bt_phy_send_vector(hci->phy, BT_PHY_PKT_ADV, &pkt, sizeof(pkt),
446 hci->le_adv_data, pkt.adv_data_len,
447 hci->le_scan_rsp_data, pkt.scan_rsp_len);
450 static void adv_timeout_callback(int id, void *user_data)
452 struct bt_le *hci = user_data;
453 unsigned int min_msec, max_msec;
457 min_msec = (hci->le_adv_min_interval * 625) / 1000;
458 max_msec = (hci->le_adv_max_interval * 625) / 1000;
460 if (mainloop_modify_timeout(id, (min_msec + max_msec) / 2) < 0) {
461 fprintf(stderr, "Setting advertising timeout failed\n");
462 hci->le_adv_enable = 0x00;
466 static bool start_adv(struct bt_le *hci)
470 if (hci->adv_timeout_id >= 0)
473 msec = (hci->le_adv_min_interval * 625) / 1000;
475 hci->adv_timeout_id = mainloop_add_timeout(msec, adv_timeout_callback,
477 if (hci->adv_timeout_id < 0)
483 static bool stop_adv(struct bt_le *hci)
485 if (hci->adv_timeout_id < 0)
488 mainloop_remove_timeout(hci->adv_timeout_id);
489 hci->adv_timeout_id = -1;
494 static void cmd_complete(struct bt_le *hci, uint16_t opcode,
495 const void *data, uint8_t len)
497 struct bt_hci_evt_cmd_complete *cc;
500 pkt_data = alloca(sizeof(*cc) + len);
506 cc->opcode = cpu_to_le16(opcode);
509 memcpy(pkt_data + sizeof(*cc), data, len);
511 send_event(hci, BT_HCI_EVT_CMD_COMPLETE, pkt_data, sizeof(*cc) + len);
514 static void cmd_status(struct bt_le *hci, uint8_t status, uint16_t opcode)
516 struct bt_hci_evt_cmd_status cs;
520 cs.opcode = cpu_to_le16(opcode);
522 send_event(hci, BT_HCI_EVT_CMD_STATUS, &cs, sizeof(cs));
525 static void le_meta_event(struct bt_le *hci, uint8_t event,
526 void *data, uint8_t len)
530 if (!(hci->event_mask[7] & 0x20))
533 pkt_data = alloca(1 + len);
537 ((uint8_t *) pkt_data)[0] = event;
540 memcpy(pkt_data + 1, data, len);
542 send_event(hci, BT_HCI_EVT_LE_META_EVENT, pkt_data, 1 + len);
545 static void cmd_disconnect(struct bt_le *hci, const void *data, uint8_t size)
547 cmd_status(hci, BT_HCI_ERR_UNKNOWN_CONN_ID, BT_HCI_CMD_DISCONNECT);
550 static void cmd_set_event_mask(struct bt_le *hci,
551 const void *data, uint8_t size)
553 const struct bt_hci_cmd_set_event_mask *cmd = data;
556 memcpy(hci->event_mask, cmd->mask, 8);
558 status = BT_HCI_ERR_SUCCESS;
559 cmd_complete(hci, BT_HCI_CMD_SET_EVENT_MASK, &status, sizeof(status));
562 static void cmd_reset(struct bt_le *hci, const void *data, uint8_t size)
569 status = BT_HCI_ERR_SUCCESS;
570 cmd_complete(hci, BT_HCI_CMD_RESET, &status, sizeof(status));
573 static void cmd_set_event_mask_page2(struct bt_le *hci,
574 const void *data, uint8_t size)
576 const struct bt_hci_cmd_set_event_mask_page2 *cmd = data;
579 memcpy(hci->event_mask + 8, cmd->mask, 8);
581 status = BT_HCI_ERR_SUCCESS;
582 cmd_complete(hci, BT_HCI_CMD_SET_EVENT_MASK_PAGE2,
583 &status, sizeof(status));
586 static void cmd_read_local_version(struct bt_le *hci,
587 const void *data, uint8_t size)
589 struct bt_hci_rsp_read_local_version rsp;
591 rsp.status = BT_HCI_ERR_SUCCESS;
593 rsp.hci_rev = cpu_to_le16(0x0000);
595 rsp.manufacturer = cpu_to_le16(hci->manufacturer);
596 rsp.lmp_subver = cpu_to_le16(0x0000);
598 cmd_complete(hci, BT_HCI_CMD_READ_LOCAL_VERSION, &rsp, sizeof(rsp));
601 static void cmd_read_local_commands(struct bt_le *hci,
602 const void *data, uint8_t size)
604 struct bt_hci_rsp_read_local_commands rsp;
606 rsp.status = BT_HCI_ERR_SUCCESS;
607 memcpy(rsp.commands, hci->commands, 64);
609 cmd_complete(hci, BT_HCI_CMD_READ_LOCAL_COMMANDS, &rsp, sizeof(rsp));
612 static void cmd_read_local_features(struct bt_le *hci,
613 const void *data, uint8_t size)
615 struct bt_hci_rsp_read_local_features rsp;
617 rsp.status = BT_HCI_ERR_SUCCESS;
618 memcpy(rsp.features, hci->features, 8);
620 cmd_complete(hci, BT_HCI_CMD_READ_LOCAL_FEATURES, &rsp, sizeof(rsp));
623 static void cmd_read_buffer_size(struct bt_le *hci,
624 const void *data, uint8_t size)
626 struct bt_hci_rsp_read_buffer_size rsp;
628 rsp.status = BT_HCI_ERR_SUCCESS;
629 rsp.acl_mtu = cpu_to_le16(0x0000);
631 rsp.acl_max_pkt = cpu_to_le16(0x0000);
632 rsp.sco_max_pkt = cpu_to_le16(0x0000);
634 cmd_complete(hci, BT_HCI_CMD_READ_BUFFER_SIZE, &rsp, sizeof(rsp));
637 static void cmd_read_bd_addr(struct bt_le *hci, const void *data, uint8_t size)
639 struct bt_hci_rsp_read_bd_addr rsp;
641 rsp.status = BT_HCI_ERR_SUCCESS;
642 memcpy(rsp.bdaddr, hci->bdaddr, 6);
644 cmd_complete(hci, BT_HCI_CMD_READ_BD_ADDR, &rsp, sizeof(rsp));
647 static void cmd_le_set_event_mask(struct bt_le *hci,
648 const void *data, uint8_t size)
650 const struct bt_hci_cmd_le_set_event_mask *cmd = data;
653 memcpy(hci->le_event_mask, cmd->mask, 8);
655 status = BT_HCI_ERR_SUCCESS;
656 cmd_complete(hci, BT_HCI_CMD_LE_SET_EVENT_MASK,
657 &status, sizeof(status));
660 static void cmd_le_read_buffer_size(struct bt_le *hci,
661 const void *data, uint8_t size)
663 struct bt_hci_rsp_le_read_buffer_size rsp;
665 rsp.status = BT_HCI_ERR_SUCCESS;
666 rsp.le_mtu = cpu_to_le16(hci->le_mtu);
667 rsp.le_max_pkt = hci->le_max_pkt;
669 cmd_complete(hci, BT_HCI_CMD_LE_READ_BUFFER_SIZE, &rsp, sizeof(rsp));
672 static void cmd_le_read_local_features(struct bt_le *hci,
673 const void *data, uint8_t size)
675 struct bt_hci_rsp_le_read_local_features rsp;
677 rsp.status = BT_HCI_ERR_SUCCESS;
678 memcpy(rsp.features, hci->le_features, 8);
680 cmd_complete(hci, BT_HCI_CMD_LE_READ_LOCAL_FEATURES,
684 static void cmd_le_set_random_address(struct bt_le *hci,
685 const void *data, uint8_t size)
687 const struct bt_hci_cmd_le_set_random_address *cmd = data;
690 memcpy(hci->le_random_addr, cmd->addr, 6);
692 status = BT_HCI_ERR_SUCCESS;
693 cmd_complete(hci, BT_HCI_CMD_LE_SET_RANDOM_ADDRESS,
694 &status, sizeof(status));
697 static void cmd_le_set_adv_parameters(struct bt_le *hci,
698 const void *data, uint8_t size)
700 const struct bt_hci_cmd_le_set_adv_parameters *cmd = data;
701 uint16_t min_interval, max_interval;
704 if (hci->le_adv_enable == 0x01) {
705 cmd_status(hci, BT_HCI_ERR_COMMAND_DISALLOWED,
706 BT_HCI_CMD_LE_SET_ADV_PARAMETERS);
710 min_interval = le16_to_cpu(cmd->min_interval);
711 max_interval = le16_to_cpu(cmd->max_interval);
713 /* Valid range for advertising type is 0x00 to 0x03 */
715 case 0x00: /* ADV_IND */
716 /* Range for advertising interval min is 0x0020 to 0x4000 */
717 if (min_interval < 0x0020 || min_interval > 0x4000) {
718 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
719 BT_HCI_CMD_LE_SET_ADV_PARAMETERS);
722 /* Range for advertising interval max is 0x0020 to 0x4000 */
723 if (max_interval < 0x0020 || max_interval > 0x4000) {
724 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
725 BT_HCI_CMD_LE_SET_ADV_PARAMETERS);
728 /* Advertising interval max shall be less or equal */
729 if (min_interval > max_interval) {
730 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
731 BT_HCI_CMD_LE_SET_ADV_PARAMETERS);
736 case 0x01: /* ADV_DIRECT_IND */
737 /* Range for direct address type is 0x00 to 0x01 */
738 if (cmd->direct_addr_type > 0x01) {
739 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
740 BT_HCI_CMD_LE_SET_ADV_PARAMETERS);
745 case 0x02: /* ADV_SCAN_IND */
746 case 0x03: /* ADV_NONCONN_IND */
747 /* Range for advertising interval min is 0x00a0 to 0x4000 */
748 if (min_interval < 0x00a0 || min_interval > 0x4000) {
749 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
750 BT_HCI_CMD_LE_SET_ADV_PARAMETERS);
753 /* Range for advertising interval max is 0x00a0 to 0x4000 */
754 if (max_interval < 0x00a0 || max_interval > 0x4000) {
755 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
756 BT_HCI_CMD_LE_SET_ADV_PARAMETERS);
759 /* Advertising interval min shall be less or equal */
760 if (min_interval > max_interval) {
761 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
762 BT_HCI_CMD_LE_SET_ADV_PARAMETERS);
768 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
769 BT_HCI_CMD_LE_SET_ADV_PARAMETERS);
773 /* Valid range for own address type is 0x00 to 0x03 */
774 if (cmd->own_addr_type > 0x03) {
775 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
776 BT_HCI_CMD_LE_SET_ADV_PARAMETERS);
780 /* Valid range for advertising channel map is 0x01 to 0x07 */
781 if (cmd->channel_map < 0x01 || cmd->channel_map > 0x07) {
782 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
783 BT_HCI_CMD_LE_SET_ADV_PARAMETERS);
787 /* Valid range for advertising filter policy is 0x00 to 0x03 */
788 if (cmd->filter_policy > 0x03) {
789 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
790 BT_HCI_CMD_LE_SET_ADV_PARAMETERS);
794 hci->le_adv_min_interval = min_interval;
795 hci->le_adv_max_interval = max_interval;
796 hci->le_adv_type = cmd->type;
797 hci->le_adv_own_addr_type = cmd->own_addr_type;
798 hci->le_adv_direct_addr_type = cmd->direct_addr_type;
799 memcpy(hci->le_adv_direct_addr, cmd->direct_addr, 6);
800 hci->le_adv_channel_map = cmd->channel_map;
801 hci->le_adv_filter_policy = cmd->filter_policy;
803 status = BT_HCI_ERR_SUCCESS;
804 cmd_complete(hci, BT_HCI_CMD_LE_SET_ADV_PARAMETERS,
805 &status, sizeof(status));
808 static void cmd_le_read_adv_tx_power(struct bt_le *hci,
809 const void *data, uint8_t size)
811 struct bt_hci_rsp_le_read_adv_tx_power rsp;
813 rsp.status = BT_HCI_ERR_SUCCESS;
814 rsp.level = hci->le_adv_tx_power;
816 cmd_complete(hci, BT_HCI_CMD_LE_READ_ADV_TX_POWER, &rsp, sizeof(rsp));
819 static void cmd_le_set_adv_data(struct bt_le *hci,
820 const void *data, uint8_t size)
822 const struct bt_hci_cmd_le_set_adv_data *cmd = data;
825 /* Valid range for advertising data length is 0x00 to 0x1f */
826 if (cmd->len > 0x1f) {
827 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
828 BT_HCI_CMD_LE_SET_ADV_DATA);
832 hci->le_adv_data_len = cmd->len;
833 memcpy(hci->le_adv_data, cmd->data, 31);
835 status = BT_HCI_ERR_SUCCESS;
836 cmd_complete(hci, BT_HCI_CMD_LE_SET_ADV_DATA, &status, sizeof(status));
839 static void cmd_le_set_scan_rsp_data(struct bt_le *hci,
840 const void *data, uint8_t size)
842 const struct bt_hci_cmd_le_set_scan_rsp_data *cmd = data;
845 /* Valid range for scan response data length is 0x00 to 0x1f */
846 if (cmd->len > 0x1f) {
847 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
848 BT_HCI_CMD_LE_SET_SCAN_RSP_DATA);
852 hci->le_scan_rsp_data_len = cmd->len;
853 memcpy(hci->le_scan_rsp_data, cmd->data, 31);
855 status = BT_HCI_ERR_SUCCESS;
856 cmd_complete(hci, BT_HCI_CMD_LE_SET_SCAN_RSP_DATA,
857 &status, sizeof(status));
860 static void cmd_le_set_adv_enable(struct bt_le *hci,
861 const void *data, uint8_t size)
863 const struct bt_hci_cmd_le_set_adv_enable *cmd = data;
867 /* Valid range for advertising enable is 0x00 to 0x01 */
868 if (cmd->enable > 0x01) {
869 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
870 BT_HCI_CMD_LE_SET_ADV_ENABLE);
874 if (cmd->enable == hci->le_adv_enable) {
875 cmd_status(hci, BT_HCI_ERR_COMMAND_DISALLOWED,
876 BT_HCI_CMD_LE_SET_ADV_ENABLE);
880 if (cmd->enable == 0x01)
881 result = start_adv(hci);
883 result = stop_adv(hci);
886 cmd_status(hci, BT_HCI_ERR_UNSPECIFIED_ERROR,
887 BT_HCI_CMD_LE_SET_ADV_ENABLE);
891 hci->le_adv_enable = cmd->enable;
893 status = BT_HCI_ERR_SUCCESS;
894 cmd_complete(hci, BT_HCI_CMD_LE_SET_ADV_ENABLE,
895 &status, sizeof(status));
898 static void cmd_le_set_scan_parameters(struct bt_le *hci,
899 const void *data, uint8_t size)
901 const struct bt_hci_cmd_le_set_scan_parameters *cmd = data;
902 uint16_t interval, window;
905 if (hci->le_scan_enable == 0x01) {
906 cmd_status(hci, BT_HCI_ERR_COMMAND_DISALLOWED,
907 BT_HCI_CMD_LE_SET_SCAN_PARAMETERS);
911 interval = le16_to_cpu(cmd->interval);
912 window = le16_to_cpu(cmd->window);
914 /* Valid range for scan type is 0x00 to 0x01 */
915 if (cmd->type > 0x01) {
916 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
917 BT_HCI_CMD_LE_SET_SCAN_PARAMETERS);
921 /* Valid range for scan interval is 0x0004 to 0x4000 */
922 if (interval < 0x0004 || interval > 0x4000) {
923 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
924 BT_HCI_CMD_LE_SET_SCAN_PARAMETERS);
928 /* Valid range for scan window is 0x0004 to 0x4000 */
929 if (window < 0x0004 || window > 0x4000) {
930 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
931 BT_HCI_CMD_LE_SET_SCAN_PARAMETERS);
935 /* Scan window shall be less or equal than scan interval */
936 if (window > interval) {
937 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
938 BT_HCI_CMD_LE_SET_SCAN_PARAMETERS);
942 /* Valid range for own address type is 0x00 to 0x03 */
943 if (cmd->own_addr_type > 0x03) {
944 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
945 BT_HCI_CMD_LE_SET_SCAN_PARAMETERS);
949 /* Valid range for scanning filter policy is 0x00 to 0x03 */
950 if (cmd->filter_policy > 0x03) {
951 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
952 BT_HCI_CMD_LE_SET_SCAN_PARAMETERS);
956 hci->le_scan_type = cmd->type;
957 hci->le_scan_interval = interval;
958 hci->le_scan_window = window;
959 hci->le_scan_own_addr_type = cmd->own_addr_type;
960 hci->le_scan_filter_policy = cmd->filter_policy;
962 status = BT_HCI_ERR_SUCCESS;
963 cmd_complete(hci, BT_HCI_CMD_LE_SET_SCAN_PARAMETERS,
964 &status, sizeof(status));
967 static void cmd_le_set_scan_enable(struct bt_le *hci,
968 const void *data, uint8_t size)
970 const struct bt_hci_cmd_le_set_scan_enable *cmd = data;
973 /* Valid range for scan enable is 0x00 to 0x01 */
974 if (cmd->enable > 0x01) {
975 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
976 BT_HCI_CMD_LE_SET_SCAN_ENABLE);
980 /* Valid range for filter duplicates is 0x00 to 0x01 */
981 if (cmd->filter_dup > 0x01) {
982 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
983 BT_HCI_CMD_LE_SET_SCAN_ENABLE);
987 if (cmd->enable == hci->le_scan_enable) {
988 cmd_status(hci, BT_HCI_ERR_COMMAND_DISALLOWED,
989 BT_HCI_CMD_LE_SET_SCAN_ENABLE);
993 clear_scan_cache(hci);
995 hci->le_scan_enable = cmd->enable;
996 hci->le_scan_filter_dup = cmd->filter_dup;
998 status = BT_HCI_ERR_SUCCESS;
999 cmd_complete(hci, BT_HCI_CMD_LE_SET_SCAN_ENABLE,
1000 &status, sizeof(status));
1003 static void cmd_le_create_conn(struct bt_le *hci,
1004 const void *data, uint8_t size)
1006 const struct bt_hci_cmd_le_create_conn *cmd = data;
1008 if (hci->le_conn_enable == 0x01) {
1009 cmd_status(hci, BT_HCI_ERR_COMMAND_DISALLOWED,
1010 BT_HCI_CMD_LE_CREATE_CONN);
1014 /* Valid range for peer address type is 0x00 to 0x03 */
1015 if (cmd->peer_addr_type > 0x03) {
1016 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
1017 BT_HCI_CMD_LE_CREATE_CONN);
1021 /* Valid range for own address type is 0x00 to 0x03 */
1022 if (cmd->own_addr_type > 0x03) {
1023 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
1024 BT_HCI_CMD_LE_CREATE_CONN);
1028 hci->le_conn_peer_addr_type = cmd->peer_addr_type;
1029 memcpy(hci->le_conn_peer_addr, cmd->peer_addr, 6);
1030 hci->le_conn_own_addr_type = cmd->own_addr_type;
1031 hci->le_conn_enable = 0x01;
1033 cmd_status(hci, BT_HCI_ERR_SUCCESS, BT_HCI_CMD_LE_CREATE_CONN);
1036 static void cmd_le_create_conn_cancel(struct bt_le *hci,
1037 const void *data, uint8_t size)
1039 struct bt_hci_evt_le_conn_complete evt;
1042 if (hci->le_conn_enable == 0x00) {
1043 cmd_status(hci, BT_HCI_ERR_COMMAND_DISALLOWED,
1044 BT_HCI_CMD_LE_CREATE_CONN_CANCEL);
1048 hci->le_conn_enable = 0x00;
1050 status = BT_HCI_ERR_SUCCESS;
1051 cmd_complete(hci, BT_HCI_CMD_LE_CREATE_CONN_CANCEL,
1052 &status, sizeof(status));
1054 evt.status = BT_HCI_ERR_UNKNOWN_CONN_ID;
1055 evt.handle = cpu_to_le16(0x0000);
1057 evt.peer_addr_type = 0x00;
1058 memset(evt.peer_addr, 0, 6);
1059 evt.interval = cpu_to_le16(0x0000);
1060 evt.latency = cpu_to_le16(0x0000);
1061 evt.supv_timeout = cpu_to_le16(0x0000);
1062 evt.clock_accuracy = 0x00;
1064 if (hci->le_event_mask[0] & 0x01)
1065 le_meta_event(hci, BT_HCI_EVT_LE_CONN_COMPLETE,
1069 static void cmd_le_read_white_list_size(struct bt_le *hci,
1070 const void *data, uint8_t size)
1072 struct bt_hci_rsp_le_read_white_list_size rsp;
1074 rsp.status = BT_HCI_ERR_SUCCESS;
1075 rsp.size = hci->le_white_list_size;
1077 cmd_complete(hci, BT_HCI_CMD_LE_READ_WHITE_LIST_SIZE,
1081 static void cmd_le_clear_white_list(struct bt_le *hci,
1082 const void *data, uint8_t size)
1086 clear_white_list(hci);
1088 status = BT_HCI_ERR_SUCCESS;
1089 cmd_complete(hci, BT_HCI_CMD_LE_CLEAR_WHITE_LIST,
1090 &status, sizeof(status));
1093 static void cmd_le_add_to_white_list(struct bt_le *hci,
1094 const void *data, uint8_t size)
1096 const struct bt_hci_cmd_le_add_to_white_list *cmd = data;
1098 bool exists = false;
1101 /* Valid range for address type is 0x00 to 0x01 */
1102 if (cmd->addr_type > 0x01) {
1103 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
1104 BT_HCI_CMD_LE_ADD_TO_WHITE_LIST);
1108 for (i = 0; i < hci->le_white_list_size; i++) {
1109 if (hci->le_white_list[i][0] == cmd->addr_type &&
1110 !memcmp(&hci->le_white_list[i][1],
1114 } else if (pos < 0 && hci->le_white_list[i][0] == 0xff)
1119 cmd_status(hci, BT_HCI_ERR_UNSPECIFIED_ERROR,
1120 BT_HCI_CMD_LE_ADD_TO_WHITE_LIST);
1125 cmd_status(hci, BT_HCI_ERR_MEM_CAPACITY_EXCEEDED,
1126 BT_HCI_CMD_LE_ADD_TO_WHITE_LIST);
1130 hci->le_white_list[pos][0] = cmd->addr_type;
1131 memcpy(&hci->le_white_list[pos][1], cmd->addr, 6);
1133 status = BT_HCI_ERR_SUCCESS;
1134 cmd_complete(hci, BT_HCI_CMD_LE_ADD_TO_WHITE_LIST,
1135 &status, sizeof(status));
1138 static void cmd_le_remove_from_white_list(struct bt_le *hci,
1139 const void *data, uint8_t size)
1141 const struct bt_hci_cmd_le_remove_from_white_list *cmd = data;
1145 /* Valid range for address type is 0x00 to 0x01 */
1146 if (cmd->addr_type > 0x01) {
1147 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
1148 BT_HCI_CMD_LE_REMOVE_FROM_WHITE_LIST);
1152 for (i = 0; i < hci->le_white_list_size; i++) {
1153 if (hci->le_white_list[i][0] == cmd->addr_type &&
1154 !memcmp(&hci->le_white_list[i][1],
1162 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
1163 BT_HCI_CMD_LE_REMOVE_FROM_WHITE_LIST);
1167 hci->le_white_list[pos][0] = 0xff;
1168 memset(&hci->le_white_list[pos][1], 0, 6);
1170 status = BT_HCI_ERR_SUCCESS;
1171 cmd_complete(hci, BT_HCI_CMD_LE_REMOVE_FROM_WHITE_LIST,
1172 &status, sizeof(status));
1175 static void cmd_le_encrypt(struct bt_le *hci, const void *data, uint8_t size)
1177 const struct bt_hci_cmd_le_encrypt *cmd = data;
1178 struct bt_hci_rsp_le_encrypt rsp;
1180 if (!bt_crypto_e(hci->crypto, cmd->key, cmd->plaintext, rsp.data)) {
1181 cmd_status(hci, BT_HCI_ERR_COMMAND_DISALLOWED,
1182 BT_HCI_CMD_LE_ENCRYPT);
1186 rsp.status = BT_HCI_ERR_SUCCESS;
1188 cmd_complete(hci, BT_HCI_CMD_LE_ENCRYPT, &rsp, sizeof(rsp));
1191 static void cmd_le_rand(struct bt_le *hci, const void *data, uint8_t size)
1193 struct bt_hci_rsp_le_rand rsp;
1196 if (!bt_crypto_random_bytes(hci->crypto, value, 8)) {
1197 cmd_status(hci, BT_HCI_ERR_COMMAND_DISALLOWED,
1198 BT_HCI_CMD_LE_RAND);
1202 rsp.status = BT_HCI_ERR_SUCCESS;
1203 memcpy(&rsp.number, value, 8);
1205 cmd_complete(hci, BT_HCI_CMD_LE_RAND, &rsp, sizeof(rsp));
1208 static void cmd_le_read_supported_states(struct bt_le *hci,
1209 const void *data, uint8_t size)
1211 struct bt_hci_rsp_le_read_supported_states rsp;
1213 rsp.status = BT_HCI_ERR_SUCCESS;
1214 memcpy(rsp.states, hci->le_states, 8);
1216 cmd_complete(hci, BT_HCI_CMD_LE_READ_SUPPORTED_STATES,
1220 static void cmd_le_set_data_length(struct bt_le *hci,
1221 const void *data, uint8_t size)
1223 const struct bt_hci_cmd_le_set_data_length *cmd = data;
1224 struct bt_hci_rsp_le_set_data_length rsp;
1225 uint16_t handle, tx_len, tx_time;
1227 handle = le16_to_cpu(cmd->handle);
1228 tx_len = le16_to_cpu(cmd->tx_len);
1229 tx_time = le16_to_cpu(cmd->tx_time);
1231 /* Valid range for connection handle is 0x0000 to 0x0eff */
1232 if (handle > 0x0eff) {
1233 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
1234 BT_HCI_CMD_LE_SET_DATA_LENGTH);
1238 /* Valid range for suggested max TX octets is 0x001b to 0x00fb */
1239 if (tx_len < 0x001b || tx_len > 0x00fb) {
1240 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
1241 BT_HCI_CMD_LE_SET_DATA_LENGTH);
1245 /* Valid range for suggested max TX time is 0x0148 to 0x0848 */
1246 if (tx_time < 0x0148 || tx_time > 0x0848) {
1247 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
1248 BT_HCI_CMD_LE_SET_DATA_LENGTH);
1252 /* Max TX len and time shall be less or equal supported */
1253 if (tx_len > MAX_TX_LEN || tx_time > MAX_TX_TIME) {
1254 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
1255 BT_HCI_CMD_LE_SET_DATA_LENGTH);
1259 rsp.status = BT_HCI_ERR_SUCCESS;
1260 rsp.handle = cpu_to_le16(handle);
1262 cmd_complete(hci, BT_HCI_CMD_LE_SET_DATA_LENGTH, &rsp, sizeof(rsp));
1265 static void cmd_le_read_default_data_length(struct bt_le *hci,
1266 const void *data, uint8_t size)
1268 struct bt_hci_rsp_le_read_default_data_length rsp;
1270 rsp.status = BT_HCI_ERR_SUCCESS;
1271 rsp.tx_len = cpu_to_le16(hci->le_default_tx_len);
1272 rsp.tx_time = cpu_to_le16(hci->le_default_tx_time);
1274 cmd_complete(hci, BT_HCI_CMD_LE_READ_DEFAULT_DATA_LENGTH,
1278 static void cmd_le_write_default_data_length(struct bt_le *hci,
1279 const void *data, uint8_t size)
1281 const struct bt_hci_cmd_le_write_default_data_length *cmd = data;
1282 uint16_t tx_len, tx_time;
1285 tx_len = le16_to_cpu(cmd->tx_len);
1286 tx_time = le16_to_cpu(cmd->tx_time);
1288 /* Valid range for suggested max TX octets is 0x001b to 0x00fb */
1289 if (tx_len < 0x001b || tx_len > 0x00fb) {
1290 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
1291 BT_HCI_CMD_LE_WRITE_DEFAULT_DATA_LENGTH);
1295 /* Valid range for suggested max TX time is 0x0148 to 0x0848 */
1296 if (tx_time < 0x0148 || tx_time > 0x0848) {
1297 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
1298 BT_HCI_CMD_LE_WRITE_DEFAULT_DATA_LENGTH);
1302 /* Suggested max TX len and time shall be less or equal supported */
1303 if (tx_len > MAX_TX_LEN || tx_time > MAX_TX_TIME) {
1304 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
1305 BT_HCI_CMD_LE_WRITE_DEFAULT_DATA_LENGTH);
1309 hci->le_default_tx_len = tx_len;
1310 hci->le_default_tx_time = tx_time;
1312 status = BT_HCI_ERR_SUCCESS;
1313 cmd_complete(hci, BT_HCI_CMD_LE_WRITE_DEFAULT_DATA_LENGTH,
1314 &status, sizeof(status));
1317 static void cmd_le_read_local_pk256(struct bt_le *hci,
1318 const void *data, uint8_t size)
1320 struct bt_hci_evt_le_read_local_pk256_complete evt;
1322 cmd_status(hci, BT_HCI_ERR_SUCCESS, BT_HCI_CMD_LE_READ_LOCAL_PK256);
1324 evt.status = BT_HCI_ERR_SUCCESS;
1325 ecc_make_key(evt.local_pk256, hci->le_local_sk256);
1327 if (hci->le_event_mask[0] & 0x80)
1328 le_meta_event(hci, BT_HCI_EVT_LE_READ_LOCAL_PK256_COMPLETE,
1332 static void cmd_le_generate_dhkey(struct bt_le *hci,
1333 const void *data, uint8_t size)
1335 const struct bt_hci_cmd_le_generate_dhkey *cmd = data;
1336 struct bt_hci_evt_le_generate_dhkey_complete evt;
1338 cmd_status(hci, BT_HCI_ERR_SUCCESS, BT_HCI_CMD_LE_GENERATE_DHKEY);
1340 evt.status = BT_HCI_ERR_SUCCESS;
1341 ecdh_shared_secret(cmd->remote_pk256, hci->le_local_sk256, evt.dhkey);
1343 if (hci->le_event_mask[1] & 0x01)
1344 le_meta_event(hci, BT_HCI_EVT_LE_GENERATE_DHKEY_COMPLETE,
1348 static void cmd_le_add_to_resolv_list(struct bt_le *hci,
1349 const void *data, uint8_t size)
1351 const struct bt_hci_cmd_le_add_to_resolv_list *cmd = data;
1353 bool exists = false;
1356 /* Valid range for address type is 0x00 to 0x01 */
1357 if (cmd->addr_type > 0x01) {
1358 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
1359 BT_HCI_CMD_LE_ADD_TO_RESOLV_LIST);
1363 for (i = 0; i < hci->le_resolv_list_size; i++) {
1364 if (hci->le_resolv_list[i][0] == cmd->addr_type &&
1365 !memcmp(&hci->le_resolv_list[i][1],
1369 } else if (pos < 0 && hci->le_resolv_list[i][0] == 0xff)
1374 cmd_status(hci, BT_HCI_ERR_UNSPECIFIED_ERROR,
1375 BT_HCI_CMD_LE_ADD_TO_RESOLV_LIST);
1380 cmd_status(hci, BT_HCI_ERR_MEM_CAPACITY_EXCEEDED,
1381 BT_HCI_CMD_LE_ADD_TO_RESOLV_LIST);
1385 hci->le_resolv_list[pos][0] = cmd->addr_type;
1386 memcpy(&hci->le_resolv_list[pos][1], cmd->addr, 6);
1387 memcpy(&hci->le_resolv_list[pos][7], cmd->peer_irk, 16);
1388 memcpy(&hci->le_resolv_list[pos][23], cmd->local_irk, 16);
1390 status = BT_HCI_ERR_SUCCESS;
1391 cmd_complete(hci, BT_HCI_CMD_LE_ADD_TO_RESOLV_LIST,
1392 &status, sizeof(status));
1395 static void cmd_le_remove_from_resolv_list(struct bt_le *hci,
1396 const void *data, uint8_t size)
1398 const struct bt_hci_cmd_le_remove_from_resolv_list *cmd = data;
1402 /* Valid range for address type is 0x00 to 0x01 */
1403 if (cmd->addr_type > 0x01) {
1404 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
1405 BT_HCI_CMD_LE_REMOVE_FROM_RESOLV_LIST);
1409 for (i = 0; i < hci->le_resolv_list_size; i++) {
1410 if (hci->le_resolv_list[i][0] == cmd->addr_type &&
1411 !memcmp(&hci->le_resolv_list[i][1],
1419 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
1420 BT_HCI_CMD_LE_REMOVE_FROM_RESOLV_LIST);
1424 hci->le_resolv_list[pos][0] = 0xff;
1425 memset(&hci->le_resolv_list[pos][1], 0, 38);
1427 status = BT_HCI_ERR_SUCCESS;
1428 cmd_complete(hci, BT_HCI_CMD_LE_REMOVE_FROM_RESOLV_LIST,
1429 &status, sizeof(status));
1432 static void cmd_le_clear_resolv_list(struct bt_le *hci,
1433 const void *data, uint8_t size)
1437 clear_resolv_list(hci);
1439 status = BT_HCI_ERR_SUCCESS;
1440 cmd_complete(hci, BT_HCI_CMD_LE_CLEAR_RESOLV_LIST,
1441 &status, sizeof(status));
1444 static void cmd_le_read_resolv_list_size(struct bt_le *hci,
1445 const void *data, uint8_t size)
1447 struct bt_hci_rsp_le_read_resolv_list_size rsp;
1449 rsp.status = BT_HCI_ERR_SUCCESS;
1450 rsp.size = hci->le_resolv_list_size;
1452 cmd_complete(hci, BT_HCI_CMD_LE_READ_RESOLV_LIST_SIZE,
1456 static void cmd_le_read_peer_resolv_addr(struct bt_le *hci,
1457 const void *data, uint8_t size)
1459 const struct bt_hci_cmd_le_read_peer_resolv_addr *cmd = data;
1460 struct bt_hci_rsp_le_read_peer_resolv_addr rsp;
1462 /* Valid range for address type is 0x00 to 0x01 */
1463 if (cmd->addr_type > 0x01) {
1464 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
1465 BT_HCI_CMD_LE_READ_PEER_RESOLV_ADDR);
1469 rsp.status = BT_HCI_ERR_UNKNOWN_CONN_ID;
1470 memset(rsp.addr, 0, 6);
1472 cmd_complete(hci, BT_HCI_CMD_LE_READ_PEER_RESOLV_ADDR,
1476 static void cmd_le_read_local_resolv_addr(struct bt_le *hci,
1477 const void *data, uint8_t size)
1479 const struct bt_hci_cmd_le_read_local_resolv_addr *cmd = data;
1480 struct bt_hci_rsp_le_read_local_resolv_addr rsp;
1482 /* Valid range for address type is 0x00 to 0x01 */
1483 if (cmd->addr_type > 0x01) {
1484 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
1485 BT_HCI_CMD_LE_READ_LOCAL_RESOLV_ADDR);
1489 rsp.status = BT_HCI_ERR_UNKNOWN_CONN_ID;
1490 memset(rsp.addr, 0, 6);
1492 cmd_complete(hci, BT_HCI_CMD_LE_READ_LOCAL_RESOLV_ADDR,
1496 static void cmd_le_set_resolv_enable(struct bt_le *hci,
1497 const void *data, uint8_t size)
1499 const struct bt_hci_cmd_le_set_resolv_enable *cmd = data;
1502 /* Valid range for address resolution enable is 0x00 to 0x01 */
1503 if (cmd->enable > 0x01) {
1504 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
1505 BT_HCI_CMD_LE_SET_RESOLV_ENABLE);
1509 hci->le_resolv_enable = cmd->enable;
1511 status = BT_HCI_ERR_SUCCESS;
1512 cmd_complete(hci, BT_HCI_CMD_LE_SET_RESOLV_ENABLE,
1513 &status, sizeof(status));
1516 static void cmd_le_set_resolv_timeout(struct bt_le *hci,
1517 const void *data, uint8_t size)
1519 const struct bt_hci_cmd_le_set_resolv_timeout *cmd = data;
1523 timeout = le16_to_cpu(cmd->timeout);
1525 /* Valid range for RPA timeout is 0x0001 to 0xa1b8 */
1526 if (timeout < 0x0001 || timeout > 0xa1b8) {
1527 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS,
1528 BT_HCI_CMD_LE_SET_RESOLV_TIMEOUT);
1532 hci->le_resolv_timeout = timeout;
1534 status = BT_HCI_ERR_SUCCESS;
1535 cmd_complete(hci, BT_HCI_CMD_LE_SET_RESOLV_TIMEOUT,
1536 &status, sizeof(status));
1539 static void cmd_le_read_max_data_length(struct bt_le *hci,
1540 const void *data, uint8_t size)
1542 struct bt_hci_rsp_le_read_max_data_length rsp;
1544 rsp.status = BT_HCI_ERR_SUCCESS;
1545 rsp.max_tx_len = cpu_to_le16(MAX_TX_LEN);
1546 rsp.max_tx_time = cpu_to_le16(MAX_TX_TIME);
1547 rsp.max_rx_len = cpu_to_le16(MAX_RX_LEN);
1548 rsp.max_rx_time = cpu_to_le16(MAX_RX_TIME);
1550 cmd_complete(hci, BT_HCI_CMD_LE_READ_MAX_DATA_LENGTH,
1554 static const struct {
1556 void (*func) (struct bt_le *hci, const void *data, uint8_t size);
1560 { BT_HCI_CMD_DISCONNECT, cmd_disconnect, 3, true },
1562 { BT_HCI_CMD_SET_EVENT_MASK, cmd_set_event_mask, 8, true },
1563 { BT_HCI_CMD_RESET, cmd_reset, 0, true },
1564 { BT_HCI_CMD_SET_EVENT_MASK_PAGE2, cmd_set_event_mask_page2, 8, true },
1566 { BT_HCI_CMD_READ_LOCAL_VERSION, cmd_read_local_version, 0, true },
1567 { BT_HCI_CMD_READ_LOCAL_COMMANDS, cmd_read_local_commands, 0, true },
1568 { BT_HCI_CMD_READ_LOCAL_FEATURES, cmd_read_local_features, 0, true },
1569 { BT_HCI_CMD_READ_BUFFER_SIZE, cmd_read_buffer_size, 0, true },
1570 { BT_HCI_CMD_READ_BD_ADDR, cmd_read_bd_addr, 0, true },
1572 { BT_HCI_CMD_LE_SET_EVENT_MASK,
1573 cmd_le_set_event_mask, 8, true },
1574 { BT_HCI_CMD_LE_READ_BUFFER_SIZE,
1575 cmd_le_read_buffer_size, 0, true },
1576 { BT_HCI_CMD_LE_READ_LOCAL_FEATURES,
1577 cmd_le_read_local_features, 0, true },
1578 { BT_HCI_CMD_LE_SET_RANDOM_ADDRESS,
1579 cmd_le_set_random_address, 6, true },
1580 { BT_HCI_CMD_LE_SET_ADV_PARAMETERS,
1581 cmd_le_set_adv_parameters, 15, true },
1582 { BT_HCI_CMD_LE_READ_ADV_TX_POWER,
1583 cmd_le_read_adv_tx_power, 0, true },
1584 { BT_HCI_CMD_LE_SET_ADV_DATA,
1585 cmd_le_set_adv_data, 32, true },
1586 { BT_HCI_CMD_LE_SET_SCAN_RSP_DATA,
1587 cmd_le_set_scan_rsp_data, 32, true },
1588 { BT_HCI_CMD_LE_SET_ADV_ENABLE,
1589 cmd_le_set_adv_enable, 1, true },
1590 { BT_HCI_CMD_LE_SET_SCAN_PARAMETERS,
1591 cmd_le_set_scan_parameters, 7, true },
1592 { BT_HCI_CMD_LE_SET_SCAN_ENABLE,
1593 cmd_le_set_scan_enable, 2, true },
1594 { BT_HCI_CMD_LE_CREATE_CONN,
1595 cmd_le_create_conn, 25, true },
1596 { BT_HCI_CMD_LE_CREATE_CONN_CANCEL,
1597 cmd_le_create_conn_cancel, 0, true },
1598 { BT_HCI_CMD_LE_READ_WHITE_LIST_SIZE,
1599 cmd_le_read_white_list_size, 0, true },
1600 { BT_HCI_CMD_LE_CLEAR_WHITE_LIST,
1601 cmd_le_clear_white_list, 0, true },
1602 { BT_HCI_CMD_LE_ADD_TO_WHITE_LIST,
1603 cmd_le_add_to_white_list, 7, true },
1604 { BT_HCI_CMD_LE_REMOVE_FROM_WHITE_LIST,
1605 cmd_le_remove_from_white_list, 7, true },
1607 { BT_HCI_CMD_LE_ENCRYPT, cmd_le_encrypt, 32, true },
1608 { BT_HCI_CMD_LE_RAND, cmd_le_rand, 0, true },
1610 { BT_HCI_CMD_LE_READ_SUPPORTED_STATES,
1611 cmd_le_read_supported_states, 0, true },
1613 { BT_HCI_CMD_LE_SET_DATA_LENGTH,
1614 cmd_le_set_data_length, 6, true },
1615 { BT_HCI_CMD_LE_READ_DEFAULT_DATA_LENGTH,
1616 cmd_le_read_default_data_length, 0, true },
1617 { BT_HCI_CMD_LE_WRITE_DEFAULT_DATA_LENGTH,
1618 cmd_le_write_default_data_length, 4, true },
1619 { BT_HCI_CMD_LE_READ_LOCAL_PK256,
1620 cmd_le_read_local_pk256, 0, true },
1621 { BT_HCI_CMD_LE_GENERATE_DHKEY,
1622 cmd_le_generate_dhkey, 64, true },
1623 { BT_HCI_CMD_LE_ADD_TO_RESOLV_LIST,
1624 cmd_le_add_to_resolv_list, 39, true },
1625 { BT_HCI_CMD_LE_REMOVE_FROM_RESOLV_LIST,
1626 cmd_le_remove_from_resolv_list, 7, true },
1627 { BT_HCI_CMD_LE_CLEAR_RESOLV_LIST,
1628 cmd_le_clear_resolv_list, 0, true },
1629 { BT_HCI_CMD_LE_READ_RESOLV_LIST_SIZE,
1630 cmd_le_read_resolv_list_size, 0, true },
1631 { BT_HCI_CMD_LE_READ_PEER_RESOLV_ADDR,
1632 cmd_le_read_peer_resolv_addr, 7, true },
1633 { BT_HCI_CMD_LE_READ_LOCAL_RESOLV_ADDR,
1634 cmd_le_read_local_resolv_addr, 7, true },
1635 { BT_HCI_CMD_LE_SET_RESOLV_ENABLE,
1636 cmd_le_set_resolv_enable, 1, true },
1637 { BT_HCI_CMD_LE_SET_RESOLV_TIMEOUT,
1638 cmd_le_set_resolv_timeout, 2, true },
1639 { BT_HCI_CMD_LE_READ_MAX_DATA_LENGTH,
1640 cmd_le_read_max_data_length, 0, true },
1645 static void process_command(struct bt_le *hci, const void *data, size_t size)
1647 const struct bt_hci_cmd_hdr *hdr = data;
1651 if (size < sizeof(*hdr))
1654 data += sizeof(*hdr);
1655 size -= sizeof(*hdr);
1657 opcode = le16_to_cpu(hdr->opcode);
1659 if (hdr->plen != size) {
1660 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS, opcode);
1664 for (i = 0; cmd_table[i].func; i++) {
1665 if (cmd_table[i].opcode != opcode)
1668 if ((cmd_table[i].fixed && size != cmd_table[i].size) ||
1669 size < cmd_table[i].size) {
1670 cmd_status(hci, BT_HCI_ERR_INVALID_PARAMETERS, opcode);
1674 cmd_table[i].func(hci, data, size);
1678 cmd_status(hci, BT_HCI_ERR_UNKNOWN_COMMAND, opcode);
1681 static void vhci_read_callback(int fd, uint32_t events, void *user_data)
1683 struct bt_le *hci = user_data;
1684 unsigned char buf[4096];
1687 if (events & (EPOLLERR | EPOLLHUP))
1690 len = read(hci->vhci_fd, buf, sizeof(buf));
1696 process_command(hci, buf + 1, len - 1);
1701 static void phy_recv_callback(uint16_t type, const void *data,
1702 size_t size, void *user_data)
1704 struct bt_le *hci = user_data;
1707 case BT_PHY_PKT_ADV:
1708 if (!(hci->le_event_mask[0] & 0x02))
1711 if (hci->le_scan_enable == 0x01) {
1712 const struct bt_phy_pkt_adv *pkt = data;
1714 struct bt_hci_evt_le_adv_report *evt = (void *) buf;
1715 uint8_t tx_addr_type, tx_addr[6];
1717 resolve_peer_addr(hci, pkt->tx_addr_type, pkt->tx_addr,
1718 &tx_addr_type, tx_addr);
1720 if (hci->le_scan_filter_policy == 0x01 ||
1721 hci->le_scan_filter_policy == 0x03) {
1722 if (!is_in_white_list(hci, tx_addr_type,
1727 if (hci->le_scan_filter_dup) {
1728 if (!add_to_scan_cache(hci, tx_addr_type,
1733 memset(buf, 0, sizeof(buf));
1734 evt->num_reports = 0x01;
1735 evt->event_type = pkt->pdu_type;
1736 evt->addr_type = tx_addr_type;
1737 memcpy(evt->addr, tx_addr, 6);
1738 evt->data_len = pkt->adv_data_len;
1739 memcpy(buf + sizeof(*evt), data + sizeof(*pkt),
1742 le_meta_event(hci, BT_HCI_EVT_LE_ADV_REPORT, buf,
1743 sizeof(*evt) + pkt->adv_data_len + 1);
1745 if (hci->le_scan_type == 0x00)
1748 memset(buf, 0, sizeof(buf));
1749 evt->num_reports = 0x01;
1750 evt->event_type = 0x04;
1751 evt->addr_type = tx_addr_type;
1752 memcpy(evt->addr, tx_addr, 6);
1753 evt->data_len = pkt->scan_rsp_len;
1754 memcpy(buf + sizeof(*evt), data + sizeof(*pkt) +
1758 le_meta_event(hci, BT_HCI_EVT_LE_ADV_REPORT, buf,
1759 sizeof(*evt) + pkt->scan_rsp_len + 1);
1765 struct bt_le *bt_le_new(void)
1767 unsigned char setup_cmd[2];
1770 hci = calloc(1, sizeof(*hci));
1774 hci->adv_timeout_id = -1;
1776 reset_defaults(hci);
1778 hci->vhci_fd = open("/dev/vhci", O_RDWR);
1779 if (hci->vhci_fd < 0) {
1784 setup_cmd[0] = HCI_VENDOR_PKT;
1785 setup_cmd[1] = HCI_BREDR;
1787 if (write(hci->vhci_fd, setup_cmd, sizeof(setup_cmd)) < 0) {
1788 close(hci->vhci_fd);
1793 mainloop_add_fd(hci->vhci_fd, EPOLLIN, vhci_read_callback, hci, NULL);
1795 hci->phy = bt_phy_new();
1796 hci->crypto = bt_crypto_new();
1798 bt_phy_register(hci->phy, phy_recv_callback, hci);
1800 return bt_le_ref(hci);
1803 struct bt_le *bt_le_ref(struct bt_le *hci)
1808 __sync_fetch_and_add(&hci->ref_count, 1);
1813 void bt_le_unref(struct bt_le *hci)
1818 if (__sync_sub_and_fetch(&hci->ref_count, 1))
1823 bt_crypto_unref(hci->crypto);
1824 bt_phy_unref(hci->phy);
1826 mainloop_remove_fd(hci->vhci_fd);
1828 close(hci->vhci_fd);