1 /****************************************************************************** 2 * 3 * Copyright (C) 2009-2012 Broadcom Corporation 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19 /****************************************************************************** 20 * 21 * this file contains GATT database building and query functions 22 * 23 ******************************************************************************/ 24 25 #include "bt_target.h" 26 27 #if BLE_INCLUDED == TRUE 28 29 #include "bt_trace.h" 30 #include "bt_utils.h" 31 32 #include <stdio.h> 33 #include <string.h> 34 #include "gatt_int.h" 35 #include "l2c_api.h" 36 #include "btm_int.h" 37 38 /******************************************************************************** 39 ** L O C A L F U N C T I O N P R O T O T Y P E S * 40 *********************************************************************************/ 41 static BOOLEAN allocate_svc_db_buf(tGATT_SVC_DB *p_db); 42 static void *allocate_attr_in_db(tGATT_SVC_DB *p_db, tBT_UUID *p_uuid, tGATT_PERM perm); 43 static BOOLEAN deallocate_attr_in_db(tGATT_SVC_DB *p_db, void *p_attr); 44 static BOOLEAN copy_extra_byte_in_db(tGATT_SVC_DB *p_db, void **p_dst, UINT16 len); 45 46 static BOOLEAN gatts_db_add_service_declaration(tGATT_SVC_DB *p_db, tBT_UUID *p_service, BOOLEAN is_pri); 47 static tGATT_STATUS gatts_send_app_read_request(tGATT_TCB *p_tcb, UINT8 op_code, 48 UINT16 handle, UINT16 offset, UINT32 trans_id); 49 50 /******************************************************************************* 51 ** 52 ** Function gatts_init_service_db 53 ** 54 ** Description This function initialize a memory space to be a service database. 55 ** 56 ** Parameter p_db: database pointer. 57 ** len: size of the memory space. 58 ** 59 ** Returns Status of te operation. 60 ** 61 *******************************************************************************/ 62 BOOLEAN gatts_init_service_db (tGATT_SVC_DB *p_db, tBT_UUID *p_service, BOOLEAN is_pri, 63 UINT16 s_hdl, UINT16 num_handle) 64 { 65 p_db->svc_buffer = fixed_queue_new(SIZE_MAX); 66 67 if (!allocate_svc_db_buf(p_db)) 68 { 69 GATT_TRACE_ERROR("gatts_init_service_db failed, no resources"); 70 return FALSE; 71 } 72 73 GATT_TRACE_DEBUG("gatts_init_service_db"); 74 GATT_TRACE_DEBUG("s_hdl = %d num_handle = %d", s_hdl, num_handle ); 75 76 /* update service database information */ 77 p_db->next_handle = s_hdl; 78 p_db->end_handle = s_hdl + num_handle; 79 80 return gatts_db_add_service_declaration(p_db, p_service, is_pri); 81 } 82 83 /******************************************************************************* 84 ** 85 ** Function gatts_init_service_db 86 ** 87 ** Description This function initialize a memory space to be a service database. 88 ** 89 ** Parameter p_db: database pointer. 90 ** len: size of the memory space. 91 ** 92 ** Returns Status of te operation. 93 ** 94 *******************************************************************************/ 95 tBT_UUID * gatts_get_service_uuid (tGATT_SVC_DB *p_db) 96 { 97 if (!p_db || !p_db->p_attr_list) 98 { 99 GATT_TRACE_ERROR("service DB empty"); 100 101 return NULL; 102 } 103 else 104 { 105 return &((tGATT_ATTR16 *)p_db->p_attr_list)->p_value->uuid; 106 } 107 } 108 109 /******************************************************************************* 110 ** 111 ** Function gatts_check_attr_readability 112 ** 113 ** Description check attribute readability 114 ** 115 ** Returns status of operation. 116 ** 117 *******************************************************************************/ 118 static tGATT_STATUS gatts_check_attr_readability(tGATT_ATTR16 *p_attr, 119 UINT16 offset, 120 BOOLEAN read_long, 121 tGATT_SEC_FLAG sec_flag, 122 UINT8 key_size) 123 { 124 UINT16 min_key_size; 125 tGATT_PERM perm = p_attr->permission; 126 127 UNUSED(offset); 128 min_key_size = (((perm & GATT_ENCRYPT_KEY_SIZE_MASK) >> 12)); 129 if (min_key_size != 0 ) 130 { 131 min_key_size +=6; 132 } 133 134 if (!(perm & GATT_READ_ALLOWED)) 135 { 136 GATT_TRACE_ERROR( "GATT_READ_NOT_PERMIT"); 137 return GATT_READ_NOT_PERMIT; 138 } 139 140 if ((perm & GATT_READ_AUTH_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_UNAUTHED) && 141 !(sec_flag & BTM_SEC_FLAG_ENCRYPTED)) 142 { 143 GATT_TRACE_ERROR( "GATT_INSUF_AUTHENTICATION"); 144 return GATT_INSUF_AUTHENTICATION; 145 } 146 147 if ((perm & GATT_READ_MITM_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_AUTHED)) 148 { 149 GATT_TRACE_ERROR( "GATT_INSUF_AUTHENTICATION: MITM Required"); 150 return GATT_INSUF_AUTHENTICATION; 151 } 152 153 if ((perm & GATT_READ_ENCRYPTED_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED)) 154 { 155 GATT_TRACE_ERROR( "GATT_INSUF_ENCRYPTION"); 156 return GATT_INSUF_ENCRYPTION; 157 } 158 159 if ( (perm & GATT_READ_ENCRYPTED_REQUIRED) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED) && (key_size < min_key_size)) 160 { 161 GATT_TRACE_ERROR( "GATT_INSUF_KEY_SIZE"); 162 return GATT_INSUF_KEY_SIZE; 163 } 164 165 166 if (read_long) 167 { 168 switch (p_attr->uuid) 169 { 170 case GATT_UUID_PRI_SERVICE: 171 case GATT_UUID_SEC_SERVICE: 172 case GATT_UUID_CHAR_DECLARE: 173 case GATT_UUID_INCLUDE_SERVICE: 174 case GATT_UUID_CHAR_EXT_PROP: 175 case GATT_UUID_CHAR_CLIENT_CONFIG: 176 case GATT_UUID_CHAR_SRVR_CONFIG: 177 case GATT_UUID_CHAR_PRESENT_FORMAT: 178 GATT_TRACE_ERROR("GATT_NOT_LONG"); 179 return GATT_NOT_LONG; 180 181 default: 182 break; 183 } 184 } 185 186 return GATT_SUCCESS; 187 } 188 189 /******************************************************************************* 190 ** 191 ** Function read_attr_value 192 ** 193 ** Description Utility function to read an attribute value. 194 ** 195 ** Parameter p_attr: pointer to the attribute to read. 196 ** offset: read offset. 197 ** p_value: output parameter to carry out the attribute value. 198 ** p_len: output parameter to carry out the attribute length. 199 ** read_long: this is a read blob request. 200 ** mtu: MTU 201 ** sec_flag: current link security status. 202 ** key_size: encryption key size. 203 ** 204 ** Returns status of operation. 205 ** 206 *******************************************************************************/ 207 static tGATT_STATUS read_attr_value (void *p_attr, 208 UINT16 offset, 209 UINT8 **p_data, 210 BOOLEAN read_long, 211 UINT16 mtu, 212 UINT16 *p_len, 213 tGATT_SEC_FLAG sec_flag, 214 UINT8 key_size) 215 { 216 UINT16 len = 0, uuid16 = 0; 217 UINT8 *p = *p_data; 218 tGATT_STATUS status; 219 tGATT_ATTR16 *p_attr16 = (tGATT_ATTR16 *)p_attr; 220 221 GATT_TRACE_DEBUG("read_attr_value uuid=0x%04x perm=0x%0x sec_flag=0x%x offset=%d read_long=%d", 222 p_attr16->uuid, 223 p_attr16->permission, 224 sec_flag, 225 offset, 226 read_long); 227 228 status = gatts_check_attr_readability((tGATT_ATTR16 *)p_attr, offset, read_long, sec_flag, key_size); 229 230 if (status != GATT_SUCCESS) 231 return status; 232 233 if (p_attr16->uuid_type == GATT_ATTR_UUID_TYPE_16) 234 uuid16 = p_attr16->uuid; 235 236 status = GATT_NO_RESOURCES; 237 238 if (uuid16 == GATT_UUID_PRI_SERVICE || uuid16 == GATT_UUID_SEC_SERVICE) 239 { 240 len = p_attr16->p_value->uuid.len; 241 if (mtu >= p_attr16->p_value->uuid.len) 242 { 243 gatt_build_uuid_to_stream(&p, p_attr16->p_value->uuid); 244 status = GATT_SUCCESS; 245 } 246 } 247 else if (uuid16 == GATT_UUID_CHAR_DECLARE) 248 { 249 len = (((tGATT_ATTR16 *)(p_attr16->p_next))->uuid_type == GATT_ATTR_UUID_TYPE_16) ? 5 :19; 250 251 if (mtu >= len) 252 { 253 UINT8_TO_STREAM(p, p_attr16->p_value->char_decl.property); 254 UINT16_TO_STREAM(p, p_attr16->p_value->char_decl.char_val_handle); 255 256 if (((tGATT_ATTR16 *)(p_attr16->p_next))->uuid_type == GATT_ATTR_UUID_TYPE_16) 257 { 258 UINT16_TO_STREAM(p, ((tGATT_ATTR16 *)(p_attr16->p_next))->uuid); 259 } 260 /* convert a 32bits UUID to 128 bits */ 261 else if (((tGATT_ATTR32 *)(p_attr16->p_next))->uuid_type == GATT_ATTR_UUID_TYPE_32) 262 { 263 gatt_convert_uuid32_to_uuid128 (p, ((tGATT_ATTR32 *)(p_attr16->p_next))->uuid); 264 p += LEN_UUID_128; 265 } 266 else 267 { 268 ARRAY_TO_STREAM (p, ((tGATT_ATTR128 *)(p_attr16->p_next))->uuid, LEN_UUID_128); 269 } 270 status = GATT_SUCCESS; 271 } 272 273 } 274 else if (uuid16 == GATT_UUID_INCLUDE_SERVICE) 275 { 276 if (p_attr16->p_value->incl_handle.service_type.len == LEN_UUID_16) 277 len = 6; 278 else 279 len = 4; 280 281 if (mtu >= len) 282 { 283 UINT16_TO_STREAM(p, p_attr16->p_value->incl_handle.s_handle); 284 UINT16_TO_STREAM(p, p_attr16->p_value->incl_handle.e_handle); 285 286 if (p_attr16->p_value->incl_handle.service_type.len == LEN_UUID_16) 287 { 288 UINT16_TO_STREAM(p, p_attr16->p_value->incl_handle.service_type.uu.uuid16); 289 } 290 status = GATT_SUCCESS; 291 } 292 } 293 else /* characteristic description or characteristic value */ 294 { 295 status = GATT_PENDING; 296 } 297 298 *p_len = len; 299 *p_data = p; 300 return status; 301 } 302 303 /******************************************************************************* 304 ** 305 ** Function gatts_db_read_attr_value_by_type 306 ** 307 ** Description Query attribute value by attribute type. 308 ** 309 ** Parameter p_db: pointer to the attribute database. 310 ** p_rsp: Read By type response data. 311 ** s_handle: starting handle of the range we are looking for. 312 ** e_handle: ending handle of the range we are looking for. 313 ** type: Attribute type. 314 ** mtu: MTU. 315 ** sec_flag: current link security status. 316 ** key_size: encryption key size. 317 ** 318 ** Returns Status of the operation. 319 ** 320 *******************************************************************************/ 321 tGATT_STATUS gatts_db_read_attr_value_by_type (tGATT_TCB *p_tcb, 322 tGATT_SVC_DB *p_db, 323 UINT8 op_code, 324 BT_HDR *p_rsp, 325 UINT16 s_handle, 326 UINT16 e_handle, 327 tBT_UUID type, 328 UINT16 *p_len, 329 tGATT_SEC_FLAG sec_flag, 330 UINT8 key_size, 331 UINT32 trans_id, 332 UINT16 *p_cur_handle) 333 { 334 tGATT_STATUS status = GATT_NOT_FOUND; 335 tGATT_ATTR16 *p_attr; 336 UINT16 len = 0; 337 UINT8 *p = (UINT8 *)(p_rsp + 1) + p_rsp->len + L2CAP_MIN_OFFSET; 338 tBT_UUID attr_uuid; 339 340 if (p_db && p_db->p_attr_list) 341 { 342 p_attr = (tGATT_ATTR16 *)p_db->p_attr_list; 343 344 while (p_attr && p_attr->handle <= e_handle) 345 { 346 if (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_16) 347 { 348 attr_uuid.len = LEN_UUID_16; 349 attr_uuid.uu.uuid16 = p_attr->uuid; 350 } 351 else if (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_32) 352 { 353 attr_uuid.len = LEN_UUID_32; 354 attr_uuid.uu.uuid32 = ((tGATT_ATTR32 *)p_attr)->uuid; 355 } 356 else 357 { 358 attr_uuid.len = LEN_UUID_128; 359 memcpy(attr_uuid.uu.uuid128, ((tGATT_ATTR128 *)p_attr)->uuid, LEN_UUID_128); 360 } 361 362 if (p_attr->handle >= s_handle && gatt_uuid_compare(type, attr_uuid)) 363 { 364 if (*p_len <= 2) 365 { 366 status = GATT_NO_RESOURCES; 367 break; 368 } 369 370 UINT16_TO_STREAM (p, p_attr->handle); 371 372 status = read_attr_value ((void *)p_attr, 0, &p, FALSE, (UINT16)(*p_len -2), &len, sec_flag, key_size); 373 374 if (status == GATT_PENDING) 375 { 376 status = gatts_send_app_read_request(p_tcb, op_code, p_attr->handle, 0, trans_id); 377 378 /* one callback at a time */ 379 break; 380 } 381 else if (status == GATT_SUCCESS) 382 { 383 if (p_rsp->offset == 0) 384 p_rsp->offset = len + 2; 385 386 if (p_rsp->offset == len + 2) 387 { 388 p_rsp->len += (len + 2); 389 *p_len -= (len + 2); 390 } 391 else 392 { 393 GATT_TRACE_ERROR("format mismatch"); 394 status = GATT_NO_RESOURCES; 395 break; 396 } 397 } 398 else 399 { 400 *p_cur_handle = p_attr->handle; 401 break; 402 } 403 } 404 p_attr = (tGATT_ATTR16 *)p_attr->p_next; 405 } 406 } 407 408 #if (defined(BLE_DELAY_REQUEST_ENC) && (BLE_DELAY_REQUEST_ENC == TRUE)) 409 UINT8 flag = 0; 410 if (BTM_GetSecurityFlags(p_tcb->peer_bda, &flag)) 411 { 412 if ((p_tcb->att_lcid == L2CAP_ATT_CID) && (status == GATT_PENDING) && 413 (type.uu.uuid16 == GATT_UUID_GAP_DEVICE_NAME)) 414 { 415 if ((flag & (BTM_SEC_LINK_KEY_KNOWN | BTM_SEC_FLAG_ENCRYPTED)) == 416 BTM_SEC_LINK_KEY_KNOWN) 417 { 418 tACL_CONN *p = btm_bda_to_acl(p_tcb->peer_bda, BT_TRANSPORT_LE); 419 if ((p != NULL) && (p->link_role == BTM_ROLE_MASTER)) 420 btm_ble_set_encryption(p_tcb->peer_bda, BTM_BLE_SEC_ENCRYPT, p->link_role); 421 } 422 } 423 } 424 #endif 425 return status; 426 } 427 428 /******************************************************************************* 429 ** 430 ** Function gatts_add_included_service 431 ** 432 ** Description This function adds an included service into a database. 433 ** 434 ** Parameter p_db: database pointer. 435 ** inc_srvc_type: included service type. 436 ** 437 ** Returns Status of the operation. 438 ** 439 *******************************************************************************/ 440 UINT16 gatts_add_included_service (tGATT_SVC_DB *p_db, UINT16 s_handle, UINT16 e_handle, 441 tBT_UUID service) 442 { 443 tGATT_ATTR16 *p_attr; 444 tBT_UUID uuid = {LEN_UUID_16, {GATT_UUID_INCLUDE_SERVICE}}; 445 446 GATT_TRACE_DEBUG("gatts_add_included_service: s_hdl = 0x%04x e_hdl = 0x%04x uuid = 0x%04x", 447 s_handle, e_handle, service.uu.uuid16); 448 449 if (service.len == 0 || s_handle == 0 || e_handle == 0) 450 { 451 GATT_TRACE_ERROR("gatts_add_included_service Illegal Params."); 452 return 0; 453 } 454 455 if ((p_attr = (tGATT_ATTR16 *) allocate_attr_in_db(p_db, &uuid, GATT_PERM_READ)) != NULL) 456 { 457 if (copy_extra_byte_in_db(p_db, (void **)&p_attr->p_value, sizeof(tGATT_INCL_SRVC))) 458 { 459 p_attr->p_value->incl_handle.s_handle = s_handle; 460 p_attr->p_value->incl_handle.e_handle = e_handle; 461 memcpy(&p_attr->p_value->incl_handle.service_type, &service, sizeof(tBT_UUID)); 462 463 return p_attr->handle; 464 } 465 else 466 { 467 deallocate_attr_in_db(p_db, p_attr); 468 } 469 } 470 471 return 0; 472 } 473 474 /******************************************************************************* 475 ** 476 ** Function gatts_add_characteristic 477 ** 478 ** Description This function add a characteristics and its descriptor into 479 ** a servce identified by the service database pointer. 480 ** 481 ** Parameter p_db: database pointer. 482 ** perm: permission (authentication and key size requirements) 483 ** property: property of the characteristic. 484 ** p_char: characteristic value information. 485 ** 486 ** Returns Status of te operation. 487 ** 488 *******************************************************************************/ 489 UINT16 gatts_add_characteristic (tGATT_SVC_DB *p_db, tGATT_PERM perm, 490 tGATT_CHAR_PROP property, 491 tBT_UUID * p_char_uuid) 492 { 493 tGATT_ATTR16 *p_char_decl, *p_char_val; 494 tBT_UUID uuid = {LEN_UUID_16, {GATT_UUID_CHAR_DECLARE}}; 495 496 GATT_TRACE_DEBUG("gatts_add_characteristic perm=0x%0x property=0x%0x", perm, property); 497 498 if ((p_char_decl = (tGATT_ATTR16 *)allocate_attr_in_db(p_db, &uuid, GATT_PERM_READ)) != NULL) 499 { 500 if (!copy_extra_byte_in_db(p_db, (void **)&p_char_decl->p_value, sizeof(tGATT_CHAR_DECL))) 501 { 502 deallocate_attr_in_db(p_db, p_char_decl); 503 return 0; 504 } 505 506 p_char_val = (tGATT_ATTR16 *)allocate_attr_in_db(p_db, p_char_uuid, perm); 507 508 if (p_char_val == NULL) 509 { 510 deallocate_attr_in_db(p_db, p_char_decl); 511 return 0; 512 } 513 514 p_char_decl->p_value->char_decl.property = property; 515 p_char_decl->p_value->char_decl.char_val_handle = p_char_val->handle; 516 517 p_char_val->p_value = NULL; 518 519 return p_char_val->handle; 520 } 521 522 return 0; 523 } 524 525 /******************************************************************************* 526 ** 527 ** Function gatt_convertchar_descr_type 528 ** 529 ** Description This function convert a char descript UUID into descriptor type. 530 ** 531 ** Returns descriptor type. 532 ** 533 *******************************************************************************/ 534 UINT8 gatt_convertchar_descr_type(tBT_UUID *p_descr_uuid) 535 { 536 tBT_UUID std_descr = {LEN_UUID_16, {GATT_UUID_CHAR_EXT_PROP}}; 537 538 if (gatt_uuid_compare(std_descr, * p_descr_uuid)) 539 return GATT_DESCR_EXT_DSCPTOR; 540 541 std_descr.uu.uuid16 ++; 542 if (gatt_uuid_compare(std_descr, * p_descr_uuid)) 543 return GATT_DESCR_USER_DSCPTOR; 544 545 std_descr.uu.uuid16 ++; 546 if (gatt_uuid_compare(std_descr, * p_descr_uuid)) 547 return GATT_DESCR_CLT_CONFIG; 548 549 std_descr.uu.uuid16 ++; 550 if (gatt_uuid_compare(std_descr, * p_descr_uuid)) 551 return GATT_DESCR_SVR_CONFIG; 552 553 std_descr.uu.uuid16 ++; 554 if (gatt_uuid_compare(std_descr, * p_descr_uuid)) 555 return GATT_DESCR_PRES_FORMAT; 556 557 std_descr.uu.uuid16 ++; 558 if (gatt_uuid_compare(std_descr, * p_descr_uuid)) 559 return GATT_DESCR_AGGR_FORMAT; 560 561 std_descr.uu.uuid16 ++; 562 if (gatt_uuid_compare(std_descr, * p_descr_uuid)) 563 return GATT_DESCR_VALID_RANGE; 564 565 566 return GATT_DESCR_UNKNOWN; 567 } 568 569 /******************************************************************************* 570 ** 571 ** Function gatts_add_char_descr 572 ** 573 ** Description This function add a characteristics descriptor. 574 ** 575 ** Parameter p_db: database pointer. 576 ** perm: characteristic descriptor permission type. 577 ** char_dscp_tpye: the characteristic descriptor masks. 578 ** p_dscp_params: characteristic descriptors values. 579 ** 580 ** Returns Status of the operation. 581 ** 582 *******************************************************************************/ 583 UINT16 gatts_add_char_descr (tGATT_SVC_DB *p_db, tGATT_PERM perm, 584 tBT_UUID * p_descr_uuid) 585 { 586 tGATT_ATTR16 *p_char_dscptr; 587 588 GATT_TRACE_DEBUG("gatts_add_char_descr uuid=0x%04x", p_descr_uuid->uu.uuid16); 589 590 /* Add characteristic descriptors */ 591 if ((p_char_dscptr = (tGATT_ATTR16 *)allocate_attr_in_db(p_db, 592 p_descr_uuid, 593 perm)) 594 == NULL) 595 { 596 GATT_TRACE_DEBUG("gatts_add_char_descr Fail for adding char descriptors."); 597 return 0; 598 } 599 else 600 { 601 return p_char_dscptr->handle; 602 } 603 } 604 605 /*******************************************************************************/ 606 /* Service Attribute Database Query Utility Functions */ 607 /*******************************************************************************/ 608 /******************************************************************************* 609 ** 610 ** Function gatts_read_attr_value_by_handle 611 ** 612 ** Description Query attribute value by attribute handle. 613 ** 614 ** Parameter p_db: pointer to the attribute database. 615 ** handle: Attribute handle to read. 616 ** offset: Read offset. 617 ** p_value: output parameter to carry out the attribute value. 618 ** p_len: output parameter as attribute length read. 619 ** read_long: this is a read blob request. 620 ** mtu: MTU. 621 ** sec_flag: current link security status. 622 ** key_size: encryption key size 623 ** 624 ** Returns Status of operation. 625 ** 626 *******************************************************************************/ 627 tGATT_STATUS gatts_read_attr_value_by_handle(tGATT_TCB *p_tcb, 628 tGATT_SVC_DB *p_db, 629 UINT8 op_code, 630 UINT16 handle, UINT16 offset, 631 UINT8 *p_value, UINT16 *p_len, 632 UINT16 mtu, 633 tGATT_SEC_FLAG sec_flag, 634 UINT8 key_size, 635 UINT32 trans_id) 636 { 637 tGATT_STATUS status = GATT_NOT_FOUND; 638 tGATT_ATTR16 *p_attr; 639 UINT8 *pp = p_value; 640 641 if (p_db && p_db->p_attr_list) 642 { 643 p_attr = (tGATT_ATTR16 *)p_db->p_attr_list; 644 645 while (p_attr && handle >= p_attr->handle) 646 { 647 if (p_attr->handle == handle) 648 { 649 status = read_attr_value (p_attr, offset, &pp, 650 (BOOLEAN)(op_code == GATT_REQ_READ_BLOB), 651 mtu, p_len, sec_flag, key_size); 652 653 if (status == GATT_PENDING) 654 { 655 status = gatts_send_app_read_request(p_tcb, op_code, p_attr->handle, offset, trans_id); 656 } 657 break; 658 } 659 p_attr = (tGATT_ATTR16 *)p_attr->p_next; 660 } 661 } 662 663 return status; 664 } 665 666 /******************************************************************************* 667 ** 668 ** Function gatts_read_attr_perm_check 669 ** 670 ** Description Check attribute readability. 671 ** 672 ** Parameter p_db: pointer to the attribute database. 673 ** handle: Attribute handle to read. 674 ** offset: Read offset. 675 ** p_value: output parameter to carry out the attribute value. 676 ** p_len: output parameter as attribute length read. 677 ** read_long: this is a read blob request. 678 ** mtu: MTU. 679 ** sec_flag: current link security status. 680 ** key_size: encryption key size 681 ** 682 ** Returns Status of operation. 683 ** 684 *******************************************************************************/ 685 tGATT_STATUS gatts_read_attr_perm_check(tGATT_SVC_DB *p_db, 686 BOOLEAN is_long, 687 UINT16 handle, 688 tGATT_SEC_FLAG sec_flag, 689 UINT8 key_size) 690 { 691 tGATT_STATUS status = GATT_NOT_FOUND; 692 tGATT_ATTR16 *p_attr; 693 694 if (p_db && p_db->p_attr_list) 695 { 696 p_attr = (tGATT_ATTR16 *)p_db->p_attr_list; 697 698 while (p_attr && handle >= p_attr->handle) 699 { 700 if (p_attr->handle == handle) 701 { 702 status = gatts_check_attr_readability (p_attr, 0, 703 is_long, 704 sec_flag, key_size); 705 break; 706 } 707 p_attr = (tGATT_ATTR16 *) p_attr->p_next; 708 } 709 } 710 711 return status; 712 } 713 /******************************************************************************* 714 ** 715 ** Function gatts_write_attr_perm_check 716 ** 717 ** Description Write attribute value into database. 718 ** 719 ** Parameter p_db: pointer to the attribute database. 720 ** op_code:op code of this write. 721 ** handle: handle of the attribute to write. 722 ** offset: Write offset if write op code is write blob. 723 ** p_data: Attribute value to write. 724 ** len: attribute data length. 725 ** sec_flag: current link security status. 726 ** key_size: encryption key size 727 ** 728 ** Returns Status of the operation. 729 ** 730 *******************************************************************************/ 731 tGATT_STATUS gatts_write_attr_perm_check (tGATT_SVC_DB *p_db, UINT8 op_code, 732 UINT16 handle, UINT16 offset, UINT8 *p_data, 733 UINT16 len, tGATT_SEC_FLAG sec_flag, UINT8 key_size) 734 { 735 tGATT_STATUS status = GATT_NOT_FOUND; 736 tGATT_ATTR16 *p_attr; 737 UINT16 max_size = 0; 738 tGATT_PERM perm; 739 UINT16 min_key_size; 740 741 GATT_TRACE_DEBUG( "gatts_write_attr_perm_check op_code=0x%0x handle=0x%04x offset=%d len=%d sec_flag=0x%0x key_size=%d", 742 op_code, handle, offset, len, sec_flag, key_size); 743 744 if (p_db != NULL) 745 { 746 p_attr = (tGATT_ATTR16 *) p_db->p_attr_list; 747 748 while (p_attr != NULL) 749 { 750 if (p_attr->handle == handle) 751 { 752 perm = p_attr->permission; 753 min_key_size = (((perm & GATT_ENCRYPT_KEY_SIZE_MASK) >> 12)); 754 if (min_key_size != 0 ) 755 { 756 min_key_size +=6; 757 } 758 GATT_TRACE_DEBUG( "gatts_write_attr_perm_check p_attr->permission =0x%04x min_key_size==0x%04x", 759 p_attr->permission, 760 min_key_size); 761 762 if ((op_code == GATT_CMD_WRITE || op_code == GATT_REQ_WRITE) 763 && (perm & GATT_WRITE_SIGNED_PERM)) 764 { 765 /* use the rules for the mixed security see section 10.2.3*/ 766 /* use security mode 1 level 2 when the following condition follows */ 767 /* LE security mode 2 level 1 and LE security mode 1 level 2 */ 768 if ((perm & GATT_PERM_WRITE_SIGNED) && (perm & GATT_PERM_WRITE_ENCRYPTED)) 769 { 770 perm = GATT_PERM_WRITE_ENCRYPTED; 771 } 772 /* use security mode 1 level 3 when the following condition follows */ 773 /* LE security mode 2 level 2 and security mode 1 and LE */ 774 else if (((perm & GATT_PERM_WRITE_SIGNED_MITM) && (perm & GATT_PERM_WRITE_ENCRYPTED)) || 775 /* LE security mode 2 and security mode 1 level 3 */ 776 ((perm & GATT_WRITE_SIGNED_PERM) && (perm & GATT_PERM_WRITE_ENC_MITM))) 777 { 778 perm = GATT_PERM_WRITE_ENC_MITM; 779 } 780 } 781 782 if ((op_code == GATT_SIGN_CMD_WRITE) && !(perm & GATT_WRITE_SIGNED_PERM)) 783 { 784 status = GATT_WRITE_NOT_PERMIT; 785 GATT_TRACE_DEBUG( "gatts_write_attr_perm_check - sign cmd write not allowed"); 786 } 787 if ((op_code == GATT_SIGN_CMD_WRITE) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED)) 788 { 789 status = GATT_INVALID_PDU; 790 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - Error!! sign cmd write sent on a encypted link"); 791 } 792 else if (!(perm & GATT_WRITE_ALLOWED)) 793 { 794 status = GATT_WRITE_NOT_PERMIT; 795 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_WRITE_NOT_PERMIT"); 796 } 797 /* require authentication, but not been authenticated */ 798 else if ((perm & GATT_WRITE_AUTH_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_UNAUTHED)) 799 { 800 status = GATT_INSUF_AUTHENTICATION; 801 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_AUTHENTICATION"); 802 } 803 else if ((perm & GATT_WRITE_MITM_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_AUTHED)) 804 { 805 status = GATT_INSUF_AUTHENTICATION; 806 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_AUTHENTICATION: MITM required"); 807 } 808 else if ((perm & GATT_WRITE_ENCRYPTED_PERM ) && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED)) 809 { 810 status = GATT_INSUF_ENCRYPTION; 811 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_ENCRYPTION"); 812 } 813 else if ((perm & GATT_WRITE_ENCRYPTED_PERM ) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED) && (key_size < min_key_size)) 814 { 815 status = GATT_INSUF_KEY_SIZE; 816 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_KEY_SIZE"); 817 } 818 /* LE security mode 2 attribute */ 819 else if (perm & GATT_WRITE_SIGNED_PERM && op_code != GATT_SIGN_CMD_WRITE && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED) 820 && (perm & GATT_WRITE_ALLOWED) == 0) 821 { 822 status = GATT_INSUF_AUTHENTICATION; 823 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_AUTHENTICATION: LE security mode 2 required"); 824 } 825 else /* writable: must be char value declaration or char descritpors */ 826 { 827 if(p_attr->uuid_type == GATT_ATTR_UUID_TYPE_16) 828 { 829 switch (p_attr->uuid) 830 { 831 case GATT_UUID_CHAR_PRESENT_FORMAT:/* should be readable only */ 832 case GATT_UUID_CHAR_EXT_PROP:/* should be readable only */ 833 case GATT_UUID_CHAR_AGG_FORMAT: /* should be readable only */ 834 case GATT_UUID_CHAR_VALID_RANGE: 835 status = GATT_WRITE_NOT_PERMIT; 836 break; 837 838 case GATT_UUID_CHAR_CLIENT_CONFIG: 839 /* coverity[MISSING_BREAK] */ 840 /* intnended fall through, ignored */ 841 /* fall through */ 842 case GATT_UUID_CHAR_SRVR_CONFIG: 843 max_size = 2; 844 case GATT_UUID_CHAR_DESCRIPTION: 845 default: /* any other must be character value declaration */ 846 status = GATT_SUCCESS; 847 break; 848 } 849 } 850 else if (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_128 || 851 p_attr->uuid_type == GATT_ATTR_UUID_TYPE_32) 852 { 853 status = GATT_SUCCESS; 854 } 855 else 856 { 857 status = GATT_INVALID_PDU; 858 } 859 860 if (p_data == NULL && len > 0) 861 { 862 status = GATT_INVALID_PDU; 863 } 864 /* these attribute does not allow write blob */ 865 else if ( (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_16) && 866 (p_attr->uuid == GATT_UUID_CHAR_CLIENT_CONFIG || 867 p_attr->uuid == GATT_UUID_CHAR_SRVR_CONFIG) ) 868 { 869 if (op_code == GATT_REQ_PREPARE_WRITE && offset != 0) /* does not allow write blob */ 870 { 871 status = GATT_NOT_LONG; 872 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_NOT_LONG"); 873 } 874 else if (len != max_size) /* data does not match the required format */ 875 { 876 status = GATT_INVALID_ATTR_LEN; 877 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INVALID_PDU"); 878 } 879 else 880 { 881 status = GATT_SUCCESS; 882 } 883 } 884 } 885 break; 886 } 887 else 888 p_attr = (tGATT_ATTR16 *)p_attr->p_next; 889 } 890 } 891 892 return status; 893 } 894 895 /******************************************************************************* 896 ** 897 ** Function allocate_attr_in_db 898 ** 899 ** Description Allocate a memory space for a new attribute, and link this 900 ** attribute into the database attribute list. 901 ** 902 ** 903 ** Parameter p_db : database pointer. 904 ** p_uuid: pointer to attribute UUID 905 ** service : type of attribute to be added. 906 ** 907 ** Returns pointer to the newly allocated attribute. 908 ** 909 *******************************************************************************/ 910 static void *allocate_attr_in_db(tGATT_SVC_DB *p_db, tBT_UUID *p_uuid, tGATT_PERM perm) 911 { 912 tGATT_ATTR16 *p_attr16 = NULL, *p_last; 913 tGATT_ATTR32 *p_attr32 = NULL; 914 tGATT_ATTR128 *p_attr128 = NULL; 915 UINT16 len = sizeof(tGATT_ATTR128); 916 917 if (p_uuid == NULL) 918 { 919 GATT_TRACE_ERROR("illegal UUID"); 920 return NULL; 921 } 922 923 if (p_uuid->len == LEN_UUID_16) 924 len = sizeof(tGATT_ATTR16); 925 else if (p_uuid->len == LEN_UUID_32) 926 len = sizeof(tGATT_ATTR32); 927 928 GATT_TRACE_DEBUG("allocate attr %d bytes ",len); 929 930 if (p_db->end_handle <= p_db->next_handle) 931 { 932 GATT_TRACE_DEBUG("handle space full. handle_max = %d next_handle = %d", 933 p_db->end_handle, p_db->next_handle); 934 return NULL; 935 } 936 937 if (p_db->mem_free < len) 938 { 939 if (!allocate_svc_db_buf(p_db)) 940 { 941 GATT_TRACE_ERROR("allocate_attr_in_db failed, no resources"); 942 return NULL; 943 } 944 } 945 memset(p_db->p_free_mem, 0, len); 946 p_attr16 = (tGATT_ATTR16 *) p_db->p_free_mem; 947 948 if (p_uuid->len == LEN_UUID_16 && p_uuid->uu.uuid16 != GATT_ILLEGAL_UUID) 949 { 950 p_attr16->uuid_type = GATT_ATTR_UUID_TYPE_16; 951 p_attr16->uuid = p_uuid->uu.uuid16; 952 } 953 else if (p_uuid->len == LEN_UUID_32) 954 { 955 p_attr32 = (tGATT_ATTR32 *) p_db->p_free_mem; 956 p_attr32->uuid_type = GATT_ATTR_UUID_TYPE_32; 957 p_attr32->uuid = p_uuid->uu.uuid32; 958 } 959 else if (p_uuid->len == LEN_UUID_128) 960 { 961 p_attr128 = (tGATT_ATTR128 *) p_db->p_free_mem; 962 p_attr128->uuid_type = GATT_ATTR_UUID_TYPE_128; 963 memcpy(p_attr128->uuid, p_uuid->uu.uuid128, LEN_UUID_128); 964 } 965 966 p_db->p_free_mem += len; 967 p_db->mem_free -= len; 968 969 p_attr16->handle = p_db->next_handle++; 970 p_attr16->permission = perm; 971 p_attr16->p_next = NULL; 972 973 /* link the attribute record into the end of DB */ 974 if (p_db->p_attr_list == NULL) 975 p_db->p_attr_list = p_attr16; 976 else 977 { 978 p_last = (tGATT_ATTR16 *)p_db->p_attr_list; 979 980 while (p_last != NULL && p_last->p_next != NULL) 981 p_last = (tGATT_ATTR16 *)p_last->p_next; 982 983 p_last->p_next = p_attr16; 984 } 985 986 if (p_attr16->uuid_type == GATT_ATTR_UUID_TYPE_16) 987 { 988 GATT_TRACE_DEBUG("=====> handle = [0x%04x] uuid16 = [0x%04x] perm=0x%02x ", 989 p_attr16->handle, p_attr16->uuid, p_attr16->permission); 990 } 991 else if (p_attr16->uuid_type == GATT_ATTR_UUID_TYPE_32) 992 { 993 GATT_TRACE_DEBUG("=====> handle = [0x%04x] uuid32 = [0x%08x] perm=0x%02x ", 994 p_attr32->handle, p_attr32->uuid, p_attr32->permission); 995 } 996 else 997 { 998 GATT_TRACE_DEBUG("=====> handle = [0x%04x] uuid128 = [0x%02x:0x%02x] perm=0x%02x ", 999 p_attr128->handle, p_attr128->uuid[0],p_attr128->uuid[1], 1000 p_attr128->permission); 1001 } 1002 return(void *)p_attr16; 1003 } 1004 1005 /******************************************************************************* 1006 ** 1007 ** Function deallocate_attr_in_db 1008 ** 1009 ** Description Free an attribute within the database. 1010 ** 1011 ** Parameter p_db: database pointer. 1012 ** p_attr: pointer to the attribute record to be freed. 1013 ** 1014 ** Returns BOOLEAN: success 1015 ** 1016 *******************************************************************************/ 1017 static BOOLEAN deallocate_attr_in_db(tGATT_SVC_DB *p_db, void *p_attr) 1018 { 1019 tGATT_ATTR16 *p_cur, *p_next; 1020 BOOLEAN found = FALSE; 1021 1022 if (p_db->p_attr_list == NULL) 1023 return found; 1024 1025 p_cur = (tGATT_ATTR16 *) p_db->p_attr_list; 1026 p_next = (tGATT_ATTR16 *) p_cur->p_next; 1027 1028 for (; p_cur != NULL && p_next != NULL; 1029 p_cur = p_next, p_next = (tGATT_ATTR16 *)p_next->p_next) 1030 { 1031 if (p_next == p_attr) 1032 { 1033 p_cur->p_next = p_next->p_next; 1034 found = TRUE; 1035 } 1036 } 1037 if (p_cur == p_attr && p_cur == p_db->p_attr_list) 1038 { 1039 p_db->p_attr_list = p_cur->p_next; 1040 found = TRUE; 1041 } 1042 /* else attr not found */ 1043 if ( found) 1044 p_db->next_handle --; 1045 1046 return found; 1047 } 1048 1049 /******************************************************************************* 1050 ** 1051 ** Function copy_extra_byte_in_db 1052 ** 1053 ** Description Utility function to allocate extra bytes memory in DB and copy 1054 ** the value from a source place. 1055 ** 1056 ** 1057 ** Parameter p_db: database pointer. 1058 ** p_dst: destination data pointer. 1059 ** p_src: source data pointer. 1060 ** len: data length to be copied. 1061 ** 1062 ** Returns None. 1063 ** 1064 *******************************************************************************/ 1065 static BOOLEAN copy_extra_byte_in_db(tGATT_SVC_DB *p_db, void **p_dst, UINT16 len) 1066 { 1067 UINT8 *p = (UINT8 *)*p_dst; 1068 1069 if (p_db->mem_free < len) 1070 { 1071 if (!allocate_svc_db_buf(p_db)) 1072 { 1073 GATT_TRACE_ERROR("copy_extra_byte_in_db failed, no resources"); 1074 return FALSE; 1075 } 1076 } 1077 1078 p = p_db->p_free_mem; 1079 p_db->p_free_mem += len; 1080 p_db->mem_free -= len; 1081 memset((void *)p, 0, len); 1082 *p_dst = (void *)p; 1083 1084 return TRUE; 1085 } 1086 1087 /******************************************************************************* 1088 ** 1089 ** Function allocate_svc_db_buf 1090 ** 1091 ** Description Utility function to allocate extra buffer for service database. 1092 ** 1093 ** Returns TRUE if allocation succeed, otherwise FALSE. 1094 ** 1095 *******************************************************************************/ 1096 static BOOLEAN allocate_svc_db_buf(tGATT_SVC_DB *p_db) 1097 { 1098 BT_HDR *p_buf = (BT_HDR *)osi_calloc(GATT_DB_BUF_SIZE); 1099 1100 GATT_TRACE_DEBUG("%s allocating extra buffer", __func__); 1101 1102 p_db->p_free_mem = (UINT8 *) p_buf; 1103 p_db->mem_free = GATT_DB_BUF_SIZE; 1104 1105 fixed_queue_enqueue(p_db->svc_buffer, p_buf); 1106 1107 return TRUE; 1108 1109 } 1110 1111 /******************************************************************************* 1112 ** 1113 ** Function gatts_send_app_read_request 1114 ** 1115 ** Description Send application read request callback 1116 ** 1117 ** Returns status of operation. 1118 ** 1119 *******************************************************************************/ 1120 static tGATT_STATUS gatts_send_app_read_request(tGATT_TCB *p_tcb, UINT8 op_code, 1121 UINT16 handle, UINT16 offset, UINT32 trans_id) 1122 { 1123 tGATTS_DATA sr_data; 1124 UINT8 i_rcb; 1125 tGATT_SR_REG *p_sreg; 1126 UINT16 conn_id; 1127 1128 i_rcb = gatt_sr_find_i_rcb_by_handle(handle); 1129 p_sreg = &gatt_cb.sr_reg[i_rcb]; 1130 conn_id = GATT_CREATE_CONN_ID(p_tcb->tcb_idx, p_sreg->gatt_if); 1131 1132 if (trans_id == 0) 1133 { 1134 trans_id = gatt_sr_enqueue_cmd(p_tcb, op_code, handle); 1135 gatt_sr_update_cback_cnt(p_tcb, p_sreg->gatt_if, TRUE, TRUE); 1136 } 1137 1138 if (trans_id != 0 ) 1139 { 1140 memset(&sr_data, 0, sizeof(tGATTS_DATA)); 1141 1142 sr_data.read_req.handle = handle; 1143 sr_data.read_req.is_long = (BOOLEAN)(op_code == GATT_REQ_READ_BLOB); 1144 sr_data.read_req.offset = offset; 1145 1146 gatt_sr_send_req_callback(conn_id, 1147 trans_id, GATTS_REQ_TYPE_READ, &sr_data); 1148 return(tGATT_STATUS) GATT_PENDING; 1149 } 1150 else 1151 return(tGATT_STATUS) GATT_BUSY; /* max pending command, application error */ 1152 1153 } 1154 1155 /******************************************************************************* 1156 ** 1157 ** Function gatts_db_add_service_declaration 1158 ** 1159 ** Description Update a service database service declaration record. 1160 ** 1161 ** Parameter p_db: database pointer. 1162 ** service: UUID of the service. 1163 ** 1164 ** Returns void 1165 ** 1166 *******************************************************************************/ 1167 static BOOLEAN gatts_db_add_service_declaration(tGATT_SVC_DB *p_db, tBT_UUID *p_service, BOOLEAN is_pri) 1168 { 1169 tGATT_ATTR16 *p_attr; 1170 tBT_UUID uuid = {LEN_UUID_16, {0}}; 1171 BOOLEAN rt = FALSE; 1172 1173 GATT_TRACE_DEBUG( "add_service_declaration"); 1174 1175 if (is_pri) 1176 uuid.uu.uuid16 = GATT_UUID_PRI_SERVICE; 1177 else 1178 uuid.uu.uuid16 = GATT_UUID_SEC_SERVICE; 1179 1180 /* add service declration record */ 1181 if ((p_attr = (tGATT_ATTR16 *)(allocate_attr_in_db(p_db, &uuid, GATT_PERM_READ))) != NULL) 1182 { 1183 if (copy_extra_byte_in_db (p_db, (void **)&p_attr->p_value, sizeof(tBT_UUID))) 1184 { 1185 if (p_service->len == LEN_UUID_16) 1186 { 1187 p_attr->p_value->uuid.len = LEN_UUID_16; 1188 p_attr->p_value->uuid.uu.uuid16 = p_service->uu.uuid16; 1189 } 1190 else if (p_service->len == LEN_UUID_32) 1191 { 1192 p_attr->p_value->uuid.len = LEN_UUID_128; 1193 gatt_convert_uuid32_to_uuid128(p_attr->p_value->uuid.uu.uuid128, p_service->uu.uuid32); 1194 } 1195 else 1196 { 1197 p_attr->p_value->uuid.len = LEN_UUID_128; 1198 memcpy(p_attr->p_value->uuid.uu.uuid128, p_service->uu.uuid128, LEN_UUID_128); 1199 } 1200 rt = TRUE; 1201 } 1202 1203 } 1204 return rt; 1205 } 1206 1207 #endif /* BLE_INCLUDED */ 1208
