1 /*- 2 * sdp.c 3 * 4 * SPDX-License-Identifier: BSD-2-Clause 5 * 6 * Copyright (c) 2004 Maksim Yevmenkin <m_evmenkin@yahoo.com> 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 * 30 * $Id: sdp.c,v 1.3 2004/02/17 22:14:57 max Exp $ 31 * $FreeBSD$ 32 */ 33 34 #include <sys/types.h> 35 #include <sys/queue.h> 36 #include <sys/sysctl.h> 37 #define L2CAP_SOCKET_CHECKED 38 #include <bluetooth.h> 39 #include <dev/usb/usb.h> 40 #include <dev/usb/usbhid.h> 41 #include <errno.h> 42 #include <sdp.h> 43 #include <stdio.h> 44 #include <string.h> 45 #include <usbhid.h> 46 #include "bthid_config.h" 47 #include "bthidcontrol.h" 48 49 static int32_t hid_sdp_query (bdaddr_t const *local, struct hid_device *hd, int32_t *error); 50 static int32_t hid_sdp_parse_protocol_descriptor_list (sdp_attr_p a); 51 static int32_t hid_sdp_parse_hid_descriptor (sdp_attr_p a); 52 static int32_t hid_sdp_parse_boolean (sdp_attr_p a); 53 54 /* 55 * Hard coded attribute IDs taken from the 56 * DEVICE IDENTIFICATION PROFILE SPECIFICATION V13 p.12 57 */ 58 59 #define SDP_ATTR_DEVICE_ID_SERVICE_VENDORID 0x0201 60 #define SDP_ATTR_DEVICE_ID_SERVICE_PRODUCTID 0x0202 61 #define SDP_ATTR_DEVICE_ID_SERVICE_VERSION 0x0203 62 #define SDP_ATTR_DEVICE_ID_RANGE SDP_ATTR_RANGE( \ 63 SDP_ATTR_DEVICE_ID_SERVICE_VENDORID, SDP_ATTR_DEVICE_ID_SERVICE_VERSION ) 64 65 static uint16_t service = SDP_SERVICE_CLASS_HUMAN_INTERFACE_DEVICE; 66 static uint16_t service_devid = SDP_SERVICE_CLASS_PNP_INFORMATION; 67 static uint32_t attrs_devid = SDP_ATTR_DEVICE_ID_RANGE; 68 69 static uint32_t attrs[] = { 70 SDP_ATTR_RANGE( SDP_ATTR_PROTOCOL_DESCRIPTOR_LIST, 71 SDP_ATTR_PROTOCOL_DESCRIPTOR_LIST), 72 SDP_ATTR_RANGE (SDP_ATTR_ADDITIONAL_PROTOCOL_DESCRIPTOR_LISTS, 73 SDP_ATTR_ADDITIONAL_PROTOCOL_DESCRIPTOR_LISTS), 74 SDP_ATTR_RANGE( 0x0205, /* HIDReconnectInitiate */ 75 0x0205), 76 SDP_ATTR_RANGE( 0x0206, /* HIDDescriptorList */ 77 0x0206), 78 SDP_ATTR_RANGE( 0x0209, /* HIDBatteryPower */ 79 0x0209), 80 SDP_ATTR_RANGE( 0x020d, /* HIDNormallyConnectable */ 81 0x020d) 82 }; 83 #define nattrs (sizeof(attrs)/sizeof(attrs[0])) 84 85 static sdp_attr_t values[8]; 86 #define nvalues (sizeof(values)/sizeof(values[0])) 87 88 static uint8_t buffer[nvalues][512]; 89 90 /* 91 * Query remote device 92 */ 93 94 #undef hid_sdp_query_exit 95 #define hid_sdp_query_exit(e) { \ 96 if (error != NULL) \ 97 *error = (e); \ 98 if (ss != NULL) { \ 99 sdp_close(ss); \ 100 ss = NULL; \ 101 } \ 102 return (((e) == 0)? 0 : -1); \ 103 } 104 105 static void 106 hid_init_return_values() { 107 int i; 108 for (i = 0; i < nvalues; i ++) { 109 values[i].flags = SDP_ATTR_INVALID; 110 values[i].attr = 0; 111 values[i].vlen = sizeof(buffer[i]); 112 values[i].value = buffer[i]; 113 } 114 } 115 116 static int32_t 117 hid_sdp_query(bdaddr_t const *local, struct hid_device *hd, int32_t *error) 118 { 119 void *ss = NULL; 120 uint8_t *hid_descriptor = NULL, *v; 121 int32_t i, control_psm = -1, interrupt_psm = -1, 122 reconnect_initiate = -1, 123 normally_connectable = 0, battery_power = 0, 124 hid_descriptor_length = -1, type; 125 int16_t vendor_id = 0, product_id = 0, version = 0; 126 bdaddr_t sdp_local; 127 char devname[HCI_DEVNAME_SIZE]; 128 129 if (local == NULL) 130 local = NG_HCI_BDADDR_ANY; 131 if (hd == NULL) 132 hid_sdp_query_exit(EINVAL); 133 134 hid_init_return_values(); 135 136 if ((ss = sdp_open(local, &hd->bdaddr)) == NULL) 137 hid_sdp_query_exit(ENOMEM); 138 if (sdp_error(ss) != 0) 139 hid_sdp_query_exit(sdp_error(ss)); 140 if (sdp_search(ss, 1, &service, nattrs, attrs, nvalues, values) != 0) 141 hid_sdp_query_exit(sdp_error(ss)); 142 143 for (i = 0; i < nvalues; i ++) { 144 if (values[i].flags != SDP_ATTR_OK) 145 continue; 146 147 switch (values[i].attr) { 148 case SDP_ATTR_PROTOCOL_DESCRIPTOR_LIST: 149 control_psm = hid_sdp_parse_protocol_descriptor_list(&values[i]); 150 break; 151 152 case SDP_ATTR_ADDITIONAL_PROTOCOL_DESCRIPTOR_LISTS: 153 interrupt_psm = hid_sdp_parse_protocol_descriptor_list(&values[i]); 154 break; 155 156 case 0x0205: /* HIDReconnectInitiate */ 157 reconnect_initiate = hid_sdp_parse_boolean(&values[i]); 158 break; 159 160 case 0x0206: /* HIDDescriptorList */ 161 if (hid_sdp_parse_hid_descriptor(&values[i]) == 0) { 162 hid_descriptor = values[i].value; 163 hid_descriptor_length = values[i].vlen; 164 } 165 break; 166 167 case 0x0209: /* HIDBatteryPower */ 168 battery_power = hid_sdp_parse_boolean(&values[i]); 169 break; 170 171 case 0x020d: /* HIDNormallyConnectable */ 172 normally_connectable = hid_sdp_parse_boolean(&values[i]); 173 break; 174 } 175 } 176 177 hid_init_return_values(); 178 179 if (sdp_search(ss, 1, &service_devid, 1, &attrs_devid, nvalues, values) != 0) 180 hid_sdp_query_exit(sdp_error(ss)); 181 182 /* Try extract HCI bdaddr from opened SDP session */ 183 if (sdp_get_lcaddr(ss, &sdp_local) != 0 || 184 bt_devname(devname, &sdp_local) == 0) 185 hid_sdp_query_exit(ENOATTR); 186 187 sdp_close(ss); 188 ss = NULL; 189 190 /* If search is successful, scan through return vals */ 191 for (i = 0; i < 3; i ++ ) { 192 if (values[i].flags == SDP_ATTR_INVALID ) 193 continue; 194 195 /* Expecting tag + uint16_t on all 3 attributes */ 196 if (values[i].vlen != 3) 197 continue; 198 199 /* Make sure, we're reading a uint16_t */ 200 v = values[i].value; 201 SDP_GET8(type, v); 202 if (type != SDP_DATA_UINT16 ) 203 continue; 204 205 switch (values[i].attr) { 206 case SDP_ATTR_DEVICE_ID_SERVICE_VENDORID: 207 SDP_GET16(vendor_id, v); 208 break; 209 case SDP_ATTR_DEVICE_ID_SERVICE_PRODUCTID: 210 SDP_GET16(product_id, v); 211 break; 212 case SDP_ATTR_DEVICE_ID_SERVICE_VERSION: 213 SDP_GET16(version, v); 214 break; 215 default: 216 break; 217 } 218 } 219 220 if (control_psm == -1 || interrupt_psm == -1 || 221 reconnect_initiate == -1 || 222 hid_descriptor == NULL || hid_descriptor_length == -1) 223 hid_sdp_query_exit(ENOATTR); 224 hd->name = bt_devremote_name_gen(devname, &hd->bdaddr); 225 hd->vendor_id = vendor_id; 226 hd->product_id = product_id; 227 hd->version = version; 228 hd->control_psm = control_psm; 229 hd->interrupt_psm = interrupt_psm; 230 hd->reconnect_initiate = reconnect_initiate? 1 : 0; 231 hd->battery_power = battery_power? 1 : 0; 232 hd->normally_connectable = normally_connectable? 1 : 0; 233 hd->desc = hid_use_report_desc(hid_descriptor, hid_descriptor_length); 234 if (hd->desc == NULL) 235 hid_sdp_query_exit(ENOMEM); 236 237 return (0); 238 } 239 240 /* 241 * seq len 2 242 * seq len 2 243 * uuid value 3 244 * uint16 value 3 245 * seq len 2 246 * uuid value 3 247 */ 248 249 static int32_t 250 hid_sdp_parse_protocol_descriptor_list(sdp_attr_p a) 251 { 252 uint8_t *ptr = a->value; 253 uint8_t *end = a->value + a->vlen; 254 int32_t type, len, uuid, psm; 255 256 if (end - ptr < 15) 257 return (-1); 258 259 if (a->attr == SDP_ATTR_ADDITIONAL_PROTOCOL_DESCRIPTOR_LISTS) { 260 SDP_GET8(type, ptr); 261 switch (type) { 262 case SDP_DATA_SEQ8: 263 SDP_GET8(len, ptr); 264 break; 265 266 case SDP_DATA_SEQ16: 267 SDP_GET16(len, ptr); 268 break; 269 270 case SDP_DATA_SEQ32: 271 SDP_GET32(len, ptr); 272 break; 273 274 default: 275 return (-1); 276 } 277 if (ptr + len > end) 278 return (-1); 279 } 280 281 SDP_GET8(type, ptr); 282 switch (type) { 283 case SDP_DATA_SEQ8: 284 SDP_GET8(len, ptr); 285 break; 286 287 case SDP_DATA_SEQ16: 288 SDP_GET16(len, ptr); 289 break; 290 291 case SDP_DATA_SEQ32: 292 SDP_GET32(len, ptr); 293 break; 294 295 default: 296 return (-1); 297 } 298 if (ptr + len > end) 299 return (-1); 300 301 /* Protocol */ 302 SDP_GET8(type, ptr); 303 switch (type) { 304 case SDP_DATA_SEQ8: 305 SDP_GET8(len, ptr); 306 break; 307 308 case SDP_DATA_SEQ16: 309 SDP_GET16(len, ptr); 310 break; 311 312 case SDP_DATA_SEQ32: 313 SDP_GET32(len, ptr); 314 break; 315 316 default: 317 return (-1); 318 } 319 if (ptr + len > end) 320 return (-1); 321 322 /* UUID */ 323 if (ptr + 3 > end) 324 return (-1); 325 SDP_GET8(type, ptr); 326 switch (type) { 327 case SDP_DATA_UUID16: 328 SDP_GET16(uuid, ptr); 329 if (uuid != SDP_UUID_PROTOCOL_L2CAP) 330 return (-1); 331 break; 332 333 case SDP_DATA_UUID32: /* XXX FIXME can we have 32-bit UUID */ 334 case SDP_DATA_UUID128: /* XXX FIXME can we have 128-bit UUID */ 335 default: 336 return (-1); 337 } 338 339 /* PSM */ 340 if (ptr + 3 > end) 341 return (-1); 342 SDP_GET8(type, ptr); 343 if (type != SDP_DATA_UINT16) 344 return (-1); 345 SDP_GET16(psm, ptr); 346 347 return (psm); 348 } 349 350 /* 351 * seq len 2 352 * seq len 2 353 * uint8 value8 2 354 * str value 3 355 */ 356 357 static int32_t 358 hid_sdp_parse_hid_descriptor(sdp_attr_p a) 359 { 360 uint8_t *ptr = a->value; 361 uint8_t *end = a->value + a->vlen; 362 int32_t type, len, descriptor_type; 363 364 if (end - ptr < 9) 365 return (-1); 366 367 SDP_GET8(type, ptr); 368 switch (type) { 369 case SDP_DATA_SEQ8: 370 SDP_GET8(len, ptr); 371 break; 372 373 case SDP_DATA_SEQ16: 374 SDP_GET16(len, ptr); 375 break; 376 377 case SDP_DATA_SEQ32: 378 SDP_GET32(len, ptr); 379 break; 380 381 default: 382 return (-1); 383 } 384 if (ptr + len > end) 385 return (-1); 386 387 while (ptr < end) { 388 /* Descriptor */ 389 SDP_GET8(type, ptr); 390 switch (type) { 391 case SDP_DATA_SEQ8: 392 if (ptr + 1 > end) 393 return (-1); 394 SDP_GET8(len, ptr); 395 break; 396 397 case SDP_DATA_SEQ16: 398 if (ptr + 2 > end) 399 return (-1); 400 SDP_GET16(len, ptr); 401 break; 402 403 case SDP_DATA_SEQ32: 404 if (ptr + 4 > end) 405 return (-1); 406 SDP_GET32(len, ptr); 407 break; 408 409 default: 410 return (-1); 411 } 412 413 /* Descripor type */ 414 if (ptr + 1 > end) 415 return (-1); 416 SDP_GET8(type, ptr); 417 if (type != SDP_DATA_UINT8 || ptr + 1 > end) 418 return (-1); 419 SDP_GET8(descriptor_type, ptr); 420 421 /* Descriptor value */ 422 if (ptr + 1 > end) 423 return (-1); 424 SDP_GET8(type, ptr); 425 switch (type) { 426 case SDP_DATA_STR8: 427 if (ptr + 1 > end) 428 return (-1); 429 SDP_GET8(len, ptr); 430 break; 431 432 case SDP_DATA_STR16: 433 if (ptr + 2 > end) 434 return (-1); 435 SDP_GET16(len, ptr); 436 break; 437 438 case SDP_DATA_STR32: 439 if (ptr + 4 > end) 440 return (-1); 441 SDP_GET32(len, ptr); 442 break; 443 444 default: 445 return (-1); 446 } 447 if (ptr + len > end) 448 return (-1); 449 450 if (descriptor_type == UDESC_REPORT && len > 0) { 451 a->value = ptr; 452 a->vlen = len; 453 454 return (0); 455 } 456 457 ptr += len; 458 } 459 460 return (-1); 461 } 462 463 /* bool8 int8 */ 464 static int32_t 465 hid_sdp_parse_boolean(sdp_attr_p a) 466 { 467 if (a->vlen != 2 || a->value[0] != SDP_DATA_BOOL) 468 return (-1); 469 470 return (a->value[1]); 471 } 472 473 /* Perform SDP query */ 474 static int32_t 475 hid_query(bdaddr_t *bdaddr, int argc, char **argv) 476 { 477 struct hid_device hd; 478 int e; 479 480 memcpy(&hd.bdaddr, bdaddr, sizeof(hd.bdaddr)); 481 if (hid_sdp_query(NULL, &hd, &e) < 0) { 482 fprintf(stderr, "Could not perform SDP query on the " \ 483 "device %s. %s (%d)\n", bt_ntoa(bdaddr, NULL), 484 strerror(e), e); 485 return (FAILED); 486 } 487 488 print_hid_device(&hd, stdout); 489 490 return (OK); 491 } 492 493 struct bthid_command sdp_commands[] = 494 { 495 { 496 "Query", 497 "Perform SDP query to the specified device and print HID configuration entry\n"\ 498 "for the device. The configuration entry should be appended to the Bluetooth\n"\ 499 "HID daemon configuration file and the daemon should be restarted.\n", 500 hid_query 501 }, 502 { NULL, NULL, NULL } 503 }; 504 505