• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /******************************************************************************
2  *
3  *  Copyright (C) 2009-2012 Broadcom Corporation
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 /******************************************************************************
20  *
21  *  this file contains GATT database building and query functions
22  *
23  ******************************************************************************/
24 
25 #include "bt_target.h"
26 
27 #if BLE_INCLUDED == TRUE
28 
29 #include "bt_trace.h"
30 
31 #include <stdio.h>
32 #include <string.h>
33 #include "gatt_int.h"
34 #include "l2c_api.h"
35 
36 /********************************************************************************
37 **              L O C A L    F U N C T I O N     P R O T O T Y P E S            *
38 *********************************************************************************/
39 static BOOLEAN allocate_svc_db_buf(tGATT_SVC_DB *p_db);
40 static void *allocate_attr_in_db(tGATT_SVC_DB *p_db, UINT16 uuid16, UINT8 *p_uuid128, tGATT_PERM perm);
41 static BOOLEAN deallocate_attr_in_db(tGATT_SVC_DB *p_db, void *p_attr);
42 static BOOLEAN copy_extra_byte_in_db(tGATT_SVC_DB *p_db, void **p_dst, UINT16 len);
43 
44 static void gatts_db_add_service_declaration(tGATT_SVC_DB *p_db, tBT_UUID service, BOOLEAN is_pri);
45 static tGATT_STATUS gatts_send_app_read_request(tGATT_TCB *p_tcb, UINT8 op_code,
46                                                 UINT16 handle, UINT16 offset, UINT32 trans_id);
47 
48 /*******************************************************************************
49 **
50 ** Function         gatts_init_service_db
51 **
52 ** Description      This function initialize a memory space to be a service database.
53 **
54 ** Parameter        p_db: database pointer.
55 **                  len: size of the memory space.
56 **
57 ** Returns          Status of te operation.
58 **
59 *******************************************************************************/
gatts_init_service_db(tGATT_SVC_DB * p_db,tBT_UUID service,BOOLEAN is_pri,UINT16 s_hdl,UINT16 num_handle)60 BOOLEAN gatts_init_service_db (tGATT_SVC_DB *p_db, tBT_UUID service,  BOOLEAN is_pri,
61                                UINT16 s_hdl, UINT16 num_handle)
62 {
63     if (!allocate_svc_db_buf(p_db))
64     {
65         GATT_TRACE_ERROR0("gatts_init_service_db failed, no resources");
66         return FALSE;
67     }
68 
69     GATT_TRACE_DEBUG0("gatts_init_service_db");
70     GATT_TRACE_DEBUG2("s_hdl = %d num_handle = %d", s_hdl, num_handle );
71 
72     /* update service database information */
73     p_db->next_handle   = s_hdl;
74     p_db->end_handle    = s_hdl + num_handle;
75 
76     gatts_db_add_service_declaration(p_db, service, is_pri);
77 
78     return TRUE;
79 }
80 
81 /*******************************************************************************
82 **
83 ** Function         gatts_init_service_db
84 **
85 ** Description      This function initialize a memory space to be a service database.
86 **
87 ** Parameter        p_db: database pointer.
88 **                  len: size of the memory space.
89 **
90 ** Returns          Status of te operation.
91 **
92 *******************************************************************************/
gatts_get_service_uuid(tGATT_SVC_DB * p_db)93 tBT_UUID * gatts_get_service_uuid (tGATT_SVC_DB *p_db)
94 {
95     if (!p_db || !p_db->p_attr_list)
96     {
97         GATT_TRACE_ERROR0("service DB empty");
98 
99         return NULL;
100     }
101     else
102     {
103         return &((tGATT_ATTR16 *)p_db->p_attr_list)->p_value->uuid;
104     }
105 }
106 
107 /*******************************************************************************
108 **
109 ** Function         gatts_check_attr_readability
110 **
111 ** Description      check attribute readability
112 **
113 ** Returns          status of operation.
114 **
115 *******************************************************************************/
gatts_check_attr_readability(tGATT_ATTR16 * p_attr,UINT16 offset,BOOLEAN read_long,tGATT_SEC_FLAG sec_flag,UINT8 key_size)116 static tGATT_STATUS gatts_check_attr_readability(tGATT_ATTR16 *p_attr,
117                                                  UINT16 offset,
118                                                  BOOLEAN read_long,
119                                                  tGATT_SEC_FLAG sec_flag,
120                                                  UINT8 key_size)
121 {
122     UINT16          min_key_size;
123     tGATT_PERM      perm = p_attr->permission;
124 
125     min_key_size = (((perm & GATT_ENCRYPT_KEY_SIZE_MASK) >> 12));
126     if (min_key_size != 0 )
127     {
128         min_key_size +=6;
129     }
130 
131     if (!(perm & GATT_READ_ALLOWED))
132     {
133         GATT_TRACE_ERROR0( "GATT_READ_NOT_PERMIT");
134         return GATT_READ_NOT_PERMIT;
135     }
136 
137     if ((perm & GATT_READ_AUTH_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_UNAUTHED))
138     {
139         GATT_TRACE_ERROR0( "GATT_INSUF_AUTHENTICATION");
140         return GATT_INSUF_AUTHENTICATION;
141     }
142 
143     if ((perm & GATT_READ_MITM_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_AUTHED))
144     {
145         GATT_TRACE_ERROR0( "GATT_INSUF_AUTHENTICATION: MITM Required");
146         return GATT_INSUF_AUTHENTICATION;
147     }
148 
149     if ((perm & GATT_READ_ENCRYPTED_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED))
150     {
151         GATT_TRACE_ERROR0( "GATT_INSUF_ENCRYPTION");
152         return GATT_INSUF_ENCRYPTION;
153     }
154 
155     if ( (perm & GATT_READ_ENCRYPTED_REQUIRED) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED) && (key_size < min_key_size))
156     {
157         GATT_TRACE_ERROR0( "GATT_INSUF_KEY_SIZE");
158         return GATT_INSUF_KEY_SIZE;
159     }
160 
161 
162     if (read_long)
163     {
164         switch (p_attr->uuid)
165         {
166             case GATT_UUID_PRI_SERVICE:
167             case GATT_UUID_SEC_SERVICE:
168             case GATT_UUID_CHAR_DECLARE:
169             case GATT_UUID_INCLUDE_SERVICE:
170             case GATT_UUID_CHAR_EXT_PROP:
171             case GATT_UUID_CHAR_CLIENT_CONFIG:
172             case GATT_UUID_CHAR_SRVR_CONFIG:
173             case GATT_UUID_CHAR_PRESENT_FORMAT:
174                 GATT_TRACE_ERROR0("GATT_NOT_LONG");
175                 return GATT_NOT_LONG;
176 
177             default:
178                 break;
179         }
180     }
181 
182     return GATT_SUCCESS;
183 }
184 
185 /*******************************************************************************
186 **
187 ** Function         read_attr_value
188 **
189 ** Description      Utility function to read an attribute value.
190 **
191 ** Parameter        p_attr: pointer to the attribute to read.
192 **                  offset: read offset.
193 **                  p_value: output parameter to carry out the attribute value.
194 **                  p_len: output parameter to carry out the attribute length.
195 **                  read_long: this is a read blob request.
196 **                  mtu: MTU
197 **                  sec_flag: current link security status.
198 **                  key_size: encryption key size.
199 **
200 ** Returns          status of operation.
201 **
202 *******************************************************************************/
read_attr_value(void * p_attr,UINT16 offset,UINT8 ** p_data,BOOLEAN read_long,UINT16 mtu,UINT16 * p_len,tGATT_SEC_FLAG sec_flag,UINT8 key_size)203 static tGATT_STATUS read_attr_value (void *p_attr,
204                                      UINT16 offset,
205                                      UINT8 **p_data,
206                                      BOOLEAN read_long,
207                                      UINT16 mtu,
208                                      UINT16 *p_len,
209                                      tGATT_SEC_FLAG sec_flag,
210                                      UINT8 key_size)
211 {
212     UINT16          len = 0, uuid16 = 0;
213     UINT8           *p = *p_data;
214     tGATT_STATUS    status;
215     UINT16          read_long_uuid=0;
216     tGATT_ATTR16    *p_attr16  = (tGATT_ATTR16  *)p_attr;
217 
218     GATT_TRACE_DEBUG5("read_attr_value uuid=0x%04x perm=0x%0x sec_flag=0x%x offset=%d read_long=%d",
219                       p_attr16->uuid,
220                       p_attr16->permission,
221                       sec_flag,
222                       offset,
223                       read_long);
224 
225     status = gatts_check_attr_readability((tGATT_ATTR16 *)p_attr, offset, read_long, sec_flag, key_size);
226 
227     if (p_attr16->uuid_type == GATT_ATTR_UUID_TYPE_16)
228         uuid16 = p_attr16->uuid;
229 
230     if (status != GATT_SUCCESS)
231         return status;
232 
233     status = GATT_NO_RESOURCES;
234 
235     if (read_long &&
236         (uuid16 == GATT_UUID_CHAR_DESCRIPTION || uuid16 == GATT_UUID_CHAR_AGG_FORMAT))
237     {
238         read_long_uuid = p_attr16->uuid;
239     }
240 
241     if (uuid16 == GATT_UUID_PRI_SERVICE || uuid16 == GATT_UUID_SEC_SERVICE)
242     {
243         len = p_attr16->p_value->uuid.len;
244         if (mtu >= p_attr16->p_value->uuid.len)
245         {
246             gatt_build_uuid_to_stream(&p, p_attr16->p_value->uuid);
247             status = GATT_SUCCESS;
248         }
249     }
250     else if (uuid16 == GATT_UUID_CHAR_DECLARE)
251     {
252         len = (((tGATT_ATTR16 *)(p_attr16->p_next))->uuid_type == GATT_ATTR_UUID_TYPE_16) ? 5 :19;
253 
254         if (mtu >= len)
255         {
256             UINT8_TO_STREAM(p, p_attr16->p_value->char_decl.property);
257             UINT16_TO_STREAM(p, p_attr16->p_value->char_decl.char_val_handle);
258 
259             if (((tGATT_ATTR16 *)(p_attr16->p_next))->uuid_type == GATT_ATTR_UUID_TYPE_16)
260             {
261                 UINT16_TO_STREAM(p, ((tGATT_ATTR16 *)(p_attr16->p_next))->uuid);
262             }
263             else
264             {
265                 ARRAY_TO_STREAM (p, ((tGATT_ATTR128 *)(p_attr16->p_next))->uuid, LEN_UUID_128);
266             }
267             status = GATT_SUCCESS;
268         }
269 
270     }
271     else if (uuid16 == GATT_UUID_INCLUDE_SERVICE)
272     {
273         len = (p_attr16->p_value->incl_handle.service_type.len == 2) ? 6 : 4;
274         if (mtu >= len)
275         {
276             UINT16_TO_STREAM(p, p_attr16->p_value->incl_handle.s_handle);
277             UINT16_TO_STREAM(p, p_attr16->p_value->incl_handle.e_handle);
278 
279             if (p_attr16->p_value->incl_handle.service_type.len == 2)
280             {
281                 UINT16_TO_STREAM(p, p_attr16->p_value->incl_handle.service_type.uu.uuid16);
282             }
283             status = GATT_SUCCESS;
284         }
285     }
286     else /* characteristic description or characteristic value */
287     {
288         status = GATT_PENDING;
289     }
290 
291     *p_len = len;
292     *p_data = p;
293     return status;
294 }
295 
296 /*******************************************************************************
297 **
298 ** Function         gatts_db_read_attr_value_by_type
299 **
300 ** Description      Query attribute value by attribute type.
301 **
302 ** Parameter        p_db: pointer to the attribute database.
303 **                  p_rsp: Read By type response data.
304 **                  s_handle: starting handle of the range we are looking for.
305 **                  e_handle: ending handle of the range we are looking for.
306 **                  type: Attribute type.
307 **                  mtu: MTU.
308 **                  sec_flag: current link security status.
309 **                  key_size: encryption key size.
310 **
311 ** Returns          Status of the operation.
312 **
313 *******************************************************************************/
gatts_db_read_attr_value_by_type(tGATT_TCB * p_tcb,tGATT_SVC_DB * p_db,UINT8 op_code,BT_HDR * p_rsp,UINT16 s_handle,UINT16 e_handle,tBT_UUID type,UINT16 * p_len,tGATT_SEC_FLAG sec_flag,UINT8 key_size,UINT32 trans_id,UINT16 * p_cur_handle)314 tGATT_STATUS gatts_db_read_attr_value_by_type (tGATT_TCB   *p_tcb,
315                                                tGATT_SVC_DB    *p_db,
316                                                UINT8        op_code,
317                                                BT_HDR      *p_rsp,
318                                                UINT16       s_handle,
319                                                UINT16       e_handle,
320                                                tBT_UUID     type,
321                                                UINT16      *p_len,
322                                                tGATT_SEC_FLAG sec_flag,
323                                                UINT8        key_size,
324                                                UINT32       trans_id,
325                                                UINT16       *p_cur_handle)
326 {
327     tGATT_STATUS status = GATT_NOT_FOUND;
328     tGATT_ATTR16  *p_attr;
329     UINT16      len = 0;
330     UINT8       *p = (UINT8 *)(p_rsp + 1) + p_rsp->len + L2CAP_MIN_OFFSET;
331     tBT_UUID    attr_uuid;
332 
333     if (p_db && p_db->p_attr_list)
334     {
335         p_attr = (tGATT_ATTR16 *)p_db->p_attr_list;
336 
337         while (p_attr && p_attr->handle <= e_handle)
338         {
339             if (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_16)
340             {
341                 attr_uuid.len = LEN_UUID_16;
342                 attr_uuid.uu.uuid16 = p_attr->uuid;
343             }
344             else
345             {
346                 attr_uuid.len = LEN_UUID_128;
347                 memcpy(attr_uuid.uu.uuid128, ((tGATT_ATTR128 *)p_attr)->uuid, LEN_UUID_128);
348             }
349 
350             if (p_attr->handle >= s_handle && gatt_uuid_compare(type, attr_uuid))
351             {
352                 if (*p_len <= 2)
353                 {
354                     status = GATT_NO_RESOURCES;
355                     break;
356                 }
357 
358                 UINT16_TO_STREAM (p, p_attr->handle);
359 
360                 status = read_attr_value ((void *)p_attr, 0, &p, FALSE, (UINT16)(*p_len -2), &len, sec_flag, key_size);
361 
362                 if (status == GATT_PENDING)
363                 {
364                     status = gatts_send_app_read_request(p_tcb, op_code, p_attr->handle, 0, trans_id);
365 
366                     /* one callback at a time */
367                     break;
368                 }
369                 else if (status == GATT_SUCCESS)
370                 {
371                     if (p_rsp->offset == 0)
372                         p_rsp->offset = len + 2;
373 
374                     if (p_rsp->offset == len + 2)
375                     {
376                         p_rsp->len += (len  + 2);
377                         *p_len -= (len + 2);
378                     }
379                     else
380                     {
381                         GATT_TRACE_ERROR0("format mismatch");
382                         status = GATT_NO_RESOURCES;
383                         break;
384                     }
385                 }
386                 else
387                 {
388                     *p_cur_handle = p_attr->handle;
389                     break;
390                 }
391             }
392             p_attr = (tGATT_ATTR16 *)p_attr->p_next;
393         }
394     }
395 
396     return status;
397 }
398 
399 /*******************************************************************************
400 **
401 ** Function         gatts_add_included_service
402 **
403 ** Description      This function adds an included service into a database.
404 **
405 ** Parameter        p_db: database pointer.
406 **                  inc_srvc_type: included service type.
407 **
408 ** Returns          Status of the operation.
409 **
410 *******************************************************************************/
gatts_add_included_service(tGATT_SVC_DB * p_db,UINT16 s_handle,UINT16 e_handle,tBT_UUID service)411 UINT16 gatts_add_included_service (tGATT_SVC_DB *p_db, UINT16 s_handle, UINT16 e_handle,
412                                    tBT_UUID service)
413 {
414     tGATT_ATTR16      *p_attr;
415 
416     GATT_TRACE_DEBUG3("gatts_add_included_service: s_hdl = 0x%04x e_hdl = 0x%04x uuid = 0x%04x",
417                       s_handle, e_handle, service.uu.uuid16);
418 
419     if (service.len == 0 || s_handle == 0 || e_handle == 0)
420     {
421         GATT_TRACE_ERROR0("gatts_add_included_service Illegal Params.");
422         return 0;
423     }
424 
425     if ((p_attr = (tGATT_ATTR16 *) allocate_attr_in_db(p_db, GATT_UUID_INCLUDE_SERVICE, NULL, GATT_PERM_READ)) != NULL)
426     {
427         if (copy_extra_byte_in_db(p_db, (void **)&p_attr->p_value, sizeof(tGATT_INCL_SRVC)))
428         {
429             p_attr->p_value->incl_handle.s_handle = s_handle;
430             p_attr->p_value->incl_handle.e_handle = e_handle;
431             memcpy(&p_attr->p_value->incl_handle.service_type, &service, sizeof(tBT_UUID));
432 
433             return p_attr->handle;
434         }
435         else
436         {
437             deallocate_attr_in_db(p_db, p_attr);
438         }
439     }
440 
441     return 0;
442 }
443 
444 /*******************************************************************************
445 **
446 ** Function         gatts_add_characteristic
447 **
448 ** Description      This function add a characteristics and its descriptor into
449 **                  a servce identified by the service database pointer.
450 **
451 ** Parameter        p_db: database pointer.
452 **                  perm: permission (authentication and key size requirements)
453 **                  property: property of the characteristic.
454 **                  p_char: characteristic value information.
455 **
456 ** Returns          Status of te operation.
457 **
458 *******************************************************************************/
gatts_add_characteristic(tGATT_SVC_DB * p_db,tGATT_PERM perm,tGATT_CHAR_PROP property,tBT_UUID * p_char_uuid)459 UINT16 gatts_add_characteristic (tGATT_SVC_DB *p_db, tGATT_PERM perm,
460                                  tGATT_CHAR_PROP property,
461                                  tBT_UUID * p_char_uuid)
462 {
463     tGATT_ATTR16     *p_char_decl, *p_char_val;
464     UINT16          uuid16 = (p_char_uuid->len == LEN_UUID_16) ? p_char_uuid->uu.uuid16 : 0;
465 
466     GATT_TRACE_DEBUG2("gatts_add_characteristic perm=0x%0x property=0x%0x", perm, property);
467 
468     if ((p_char_decl = (tGATT_ATTR16 *)allocate_attr_in_db(p_db, GATT_UUID_CHAR_DECLARE, NULL, GATT_PERM_READ)) != NULL)
469     {
470         if (!copy_extra_byte_in_db(p_db, (void **)&p_char_decl->p_value, sizeof(tGATT_CHAR_DECL)))
471         {
472             deallocate_attr_in_db(p_db, p_char_decl);
473             return 0;
474         }
475 
476         p_char_val = (tGATT_ATTR16 *)allocate_attr_in_db(p_db, uuid16, p_char_uuid->uu.uuid128, perm);
477 
478         if (p_char_val == NULL)
479         {
480             deallocate_attr_in_db(p_db, p_char_decl);
481             return 0;
482         }
483 
484         p_char_decl->p_value->char_decl.property = property;
485         p_char_decl->p_value->char_decl.char_val_handle  = p_char_val->handle;
486 
487         p_char_val->p_value = NULL;
488 
489         return p_char_val->handle;
490     }
491 
492     return 0;
493 }
494 
495 /*******************************************************************************
496 **
497 ** Function         gatt_convertchar_descr_type
498 **
499 ** Description      This function convert a char descript UUID into descriptor type.
500 **
501 ** Returns          descriptor type.
502 **
503 *******************************************************************************/
gatt_convertchar_descr_type(tBT_UUID * p_descr_uuid)504 UINT8 gatt_convertchar_descr_type(tBT_UUID *p_descr_uuid)
505 {
506     tBT_UUID std_descr = {LEN_UUID_16, {GATT_UUID_CHAR_EXT_PROP}};
507 
508     if (gatt_uuid_compare(std_descr, * p_descr_uuid))
509         return GATT_DESCR_EXT_DSCPTOR;
510 
511     std_descr.uu.uuid16 ++;
512     if (gatt_uuid_compare(std_descr,  * p_descr_uuid))
513         return GATT_DESCR_USER_DSCPTOR;
514 
515     std_descr.uu.uuid16 ++;
516     if (gatt_uuid_compare(std_descr,  * p_descr_uuid))
517         return GATT_DESCR_CLT_CONFIG;
518 
519     std_descr.uu.uuid16 ++;
520     if (gatt_uuid_compare(std_descr,  * p_descr_uuid))
521         return GATT_DESCR_SVR_CONFIG;
522 
523     std_descr.uu.uuid16 ++;
524     if (gatt_uuid_compare(std_descr,  * p_descr_uuid))
525         return GATT_DESCR_PRES_FORMAT;
526 
527     std_descr.uu.uuid16 ++;
528     if (gatt_uuid_compare(std_descr,  * p_descr_uuid))
529         return GATT_DESCR_AGGR_FORMAT;
530 
531     std_descr.uu.uuid16 ++;
532     if (gatt_uuid_compare(std_descr,  * p_descr_uuid))
533         return GATT_DESCR_VALID_RANGE;
534 
535 
536     return GATT_DESCR_UNKNOWN;
537 }
538 
539 /*******************************************************************************
540 **
541 ** Function         gatts_add_char_descr
542 **
543 ** Description      This function add a characteristics descriptor.
544 **
545 ** Parameter        p_db: database pointer.
546 **                  perm: characteristic descriptor permission type.
547 **                  char_dscp_tpye: the characteristic descriptor masks.
548 **                  p_dscp_params: characteristic descriptors values.
549 **
550 ** Returns          Status of the operation.
551 **
552 *******************************************************************************/
gatts_add_char_descr(tGATT_SVC_DB * p_db,tGATT_PERM perm,tBT_UUID * p_descr_uuid)553 UINT16 gatts_add_char_descr (tGATT_SVC_DB *p_db, tGATT_PERM perm,
554                              tBT_UUID *     p_descr_uuid)
555 {
556     tGATT_ATTR16    *p_char_dscptr;
557     UINT16    uuid16  = (p_descr_uuid->len == LEN_UUID_16)? p_descr_uuid->uu.uuid16 : 0;
558 
559     GATT_TRACE_DEBUG1("gatts_add_char_descr uuid=0x%04x", p_descr_uuid->uu.uuid16);
560 
561     /* Add characteristic descriptors */
562     if ((p_char_dscptr = (tGATT_ATTR16 *)allocate_attr_in_db(p_db,
563                                                              uuid16,
564                                                              p_descr_uuid->uu.uuid128,
565                                                              perm))
566         == NULL)
567     {
568         GATT_TRACE_DEBUG0("gatts_add_char_descr Fail for adding char descriptors.");
569         return 0;
570     }
571     else
572     {
573         return p_char_dscptr->handle;
574     }
575 }
576 
577 /*******************************************************************************/
578 /* Service Attribute Database Query Utility Functions */
579 /*******************************************************************************/
580 /*******************************************************************************
581 **
582 ** Function         gatts_read_attr_value_by_handle
583 **
584 ** Description      Query attribute value by attribute handle.
585 **
586 ** Parameter        p_db: pointer to the attribute database.
587 **                  handle: Attribute handle to read.
588 **                  offset: Read offset.
589 **                  p_value: output parameter to carry out the attribute value.
590 **                  p_len: output parameter as attribute length read.
591 **                  read_long: this is a read blob request.
592 **                  mtu: MTU.
593 **                  sec_flag: current link security status.
594 **                  key_size: encryption key size
595 **
596 ** Returns          Status of operation.
597 **
598 *******************************************************************************/
gatts_read_attr_value_by_handle(tGATT_TCB * p_tcb,tGATT_SVC_DB * p_db,UINT8 op_code,UINT16 handle,UINT16 offset,UINT8 * p_value,UINT16 * p_len,UINT16 mtu,tGATT_SEC_FLAG sec_flag,UINT8 key_size,UINT32 trans_id)599 tGATT_STATUS gatts_read_attr_value_by_handle(tGATT_TCB *p_tcb,
600                                              tGATT_SVC_DB *p_db,
601                                              UINT8 op_code,
602                                              UINT16 handle, UINT16 offset,
603                                              UINT8 *p_value, UINT16 *p_len,
604                                              UINT16 mtu,
605                                              tGATT_SEC_FLAG sec_flag,
606                                              UINT8 key_size,
607                                              UINT32 trans_id)
608 {
609     tGATT_STATUS status = GATT_NOT_FOUND;
610     tGATT_ATTR16  *p_attr;
611     UINT8       *pp = p_value;
612 
613     if (p_db && p_db->p_attr_list)
614     {
615         p_attr = (tGATT_ATTR16 *)p_db->p_attr_list;
616 
617         while (p_attr && handle >= p_attr->handle)
618         {
619             if (p_attr->handle == handle)
620             {
621                 status = read_attr_value (p_attr, offset, &pp,
622                                           (BOOLEAN)(op_code == GATT_REQ_READ_BLOB),
623                                           mtu, p_len, sec_flag, key_size);
624 
625                 if (status == GATT_PENDING)
626                 {
627                     status = gatts_send_app_read_request(p_tcb, op_code, p_attr->handle, offset, trans_id);
628                 }
629                 break;
630             }
631             p_attr = (tGATT_ATTR16 *)p_attr->p_next;
632         }
633     }
634 
635     return status;
636 }
637 
638 /*******************************************************************************
639 **
640 ** Function         gatts_read_attr_perm_check
641 **
642 ** Description      Check attribute readability.
643 **
644 ** Parameter        p_db: pointer to the attribute database.
645 **                  handle: Attribute handle to read.
646 **                  offset: Read offset.
647 **                  p_value: output parameter to carry out the attribute value.
648 **                  p_len: output parameter as attribute length read.
649 **                  read_long: this is a read blob request.
650 **                  mtu: MTU.
651 **                  sec_flag: current link security status.
652 **                  key_size: encryption key size
653 **
654 ** Returns          Status of operation.
655 **
656 *******************************************************************************/
gatts_read_attr_perm_check(tGATT_SVC_DB * p_db,BOOLEAN is_long,UINT16 handle,tGATT_SEC_FLAG sec_flag,UINT8 key_size)657 tGATT_STATUS gatts_read_attr_perm_check(tGATT_SVC_DB *p_db,
658                                         BOOLEAN is_long,
659                                         UINT16 handle,
660                                         tGATT_SEC_FLAG sec_flag,
661                                         UINT8 key_size)
662 {
663     tGATT_STATUS status = GATT_NOT_FOUND;
664     tGATT_ATTR16  *p_attr;
665 
666     if (p_db && p_db->p_attr_list)
667     {
668         p_attr = (tGATT_ATTR16 *)p_db->p_attr_list;
669 
670         while (p_attr && handle >= p_attr->handle)
671         {
672             if (p_attr->handle == handle)
673             {
674                 status = gatts_check_attr_readability (p_attr, 0,
675                                                        is_long,
676                                                        sec_flag, key_size);
677                 break;
678             }
679             p_attr = (tGATT_ATTR16 *) p_attr->p_next;
680         }
681     }
682 
683     return status;
684 }
685 /*******************************************************************************
686 **
687 ** Function         gatts_write_attr_perm_check
688 **
689 ** Description      Write attribute value into database.
690 **
691 ** Parameter        p_db: pointer to the attribute database.
692 **                  op_code:op code of this write.
693 **                  handle: handle of the attribute to write.
694 **                  offset: Write offset if write op code is write blob.
695 **                  p_data: Attribute value to write.
696 **                  len: attribute data length.
697 **                  sec_flag: current link security status.
698 **                  key_size: encryption key size
699 **
700 ** Returns          Status of the operation.
701 **
702 *******************************************************************************/
gatts_write_attr_perm_check(tGATT_SVC_DB * p_db,UINT8 op_code,UINT16 handle,UINT16 offset,UINT8 * p_data,UINT16 len,tGATT_SEC_FLAG sec_flag,UINT8 key_size)703 tGATT_STATUS gatts_write_attr_perm_check (tGATT_SVC_DB *p_db, UINT8 op_code,
704                                           UINT16 handle, UINT16 offset, UINT8 *p_data,
705                                           UINT16 len, tGATT_SEC_FLAG sec_flag, UINT8 key_size)
706 {
707     tGATT_STATUS    status = GATT_NOT_FOUND;
708     tGATT_ATTR16    *p_attr;
709     UINT16          max_size = 0;
710     tGATT_PERM      perm;
711     UINT16          min_key_size;
712 
713     GATT_TRACE_DEBUG6( "gatts_write_attr_perm_check op_code=0x%0x handle=0x%04x offset=%d len=%d sec_flag=0x%0x key_size=%d",
714                        op_code, handle, offset, len, sec_flag, key_size);
715 
716     if (p_db != NULL)
717     {
718         p_attr = (tGATT_ATTR16 *) p_db->p_attr_list;
719 
720         while (p_attr != NULL)
721         {
722             if (p_attr->handle == handle)
723             {
724                 perm = p_attr->permission;
725                 min_key_size = (((perm & GATT_ENCRYPT_KEY_SIZE_MASK) >> 12));
726                 if (min_key_size != 0 )
727                 {
728                     min_key_size +=6;
729                 }
730                 GATT_TRACE_DEBUG2( "gatts_write_attr_perm_check p_attr->permission =0x%04x min_key_size==0x%04x",
731                                    p_attr->permission,
732                                    min_key_size);
733 
734                 if ((op_code == GATT_CMD_WRITE) && (perm & GATT_WRITE_SIGNED_PERM) )
735                 {
736                     /* use the rules for the mixed security see section 10.2.3*/
737                     if (perm & GATT_PERM_WRITE_SIGNED)
738                     {
739                         perm = GATT_PERM_WRITE_ENCRYPTED;
740                     }
741                     else
742                     {
743                         perm = GATT_PERM_WRITE_ENC_MITM;
744                     }
745                 }
746 
747                 if ((op_code == GATT_SIGN_CMD_WRITE) && !(perm & GATT_WRITE_SIGNED_PERM))
748                 {
749                     status = GATT_WRITE_NOT_PERMIT;
750                     GATT_TRACE_DEBUG0( "gatts_write_attr_perm_check - sign cmd write not allowed");
751                 }
752                  if ((op_code == GATT_SIGN_CMD_WRITE) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED))
753                 {
754                     status = GATT_INVALID_PDU;
755                     GATT_TRACE_ERROR0( "gatts_write_attr_perm_check - Error!! sign cmd write sent on a encypted link");
756                 }
757                 else if (!(perm & GATT_WRITE_ALLOWED))
758                 {
759                     status = GATT_WRITE_NOT_PERMIT;
760                     GATT_TRACE_ERROR0( "gatts_write_attr_perm_check - GATT_WRITE_NOT_PERMIT");
761                 }
762                 else if ((perm & GATT_WRITE_AUTH_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_UNAUTHED))
763                 {
764                     status = GATT_INSUF_AUTHENTICATION;
765                     GATT_TRACE_ERROR0( "gatts_write_attr_perm_check - GATT_INSUF_AUTHENTICATION");
766                 }
767                 else if ((perm & GATT_WRITE_MITM_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_AUTHED))
768                 {
769                     status = GATT_INSUF_AUTHENTICATION;
770                     GATT_TRACE_ERROR0( "gatts_write_attr_perm_check - GATT_INSUF_AUTHENTICATION: MITM required");
771                 }
772                 else if ((perm & GATT_WRITE_ENCRYPTED_PERM ) && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED))
773                 {
774                     status = GATT_INSUF_ENCRYPTION;
775                     GATT_TRACE_ERROR0( "gatts_write_attr_perm_check - GATT_INSUF_ENCRYPTION");
776                 }
777                 else if ((perm & GATT_WRITE_ENCRYPTED_PERM ) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED) && (key_size < min_key_size))
778                 {
779                     status = GATT_INSUF_KEY_SIZE;
780                     GATT_TRACE_ERROR0( "gatts_write_attr_perm_check - GATT_INSUF_KEY_SIZE");
781                 }
782                 else /* writable: must be char value declaration or char descritpors */
783                 {
784                     if(p_attr->uuid_type == GATT_ATTR_UUID_TYPE_16)
785                     {
786                     switch (p_attr->uuid)
787                     {
788                         case GATT_UUID_CHAR_PRESENT_FORMAT:/* should be readable only */
789                         case GATT_UUID_CHAR_EXT_PROP:/* should be readable only */
790                         case GATT_UUID_CHAR_AGG_FORMAT: /* should be readable only */
791                             case GATT_UUID_CHAR_VALID_RANGE:
792                             status = GATT_WRITE_NOT_PERMIT;
793                             break;
794 
795                         case GATT_UUID_CHAR_CLIENT_CONFIG:
796                         case GATT_UUID_CHAR_SRVR_CONFIG:
797                             max_size = 2;
798                         case GATT_UUID_CHAR_DESCRIPTION:
799                         default: /* any other must be character value declaration */
800                             status = GATT_SUCCESS;
801                             break;
802                         }
803                     }
804                     else if (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_128)
805                     {
806                          status = GATT_SUCCESS;
807                     }
808                     else
809                     {
810                         status = GATT_INVALID_PDU;
811                     }
812 
813                     if (p_data == NULL && len  > 0)
814                     {
815                         status = GATT_INVALID_PDU;
816                     }
817                     /* these attribute does not allow write blob */
818 // btla-specific ++
819                     else if ( (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_16) &&
820                               (p_attr->uuid == GATT_UUID_CHAR_CLIENT_CONFIG ||
821                                p_attr->uuid == GATT_UUID_CHAR_SRVR_CONFIG) )
822 // btla-specific --
823                     {
824                         if (op_code == GATT_REQ_PREPARE_WRITE && offset != 0) /* does not allow write blob */
825                         {
826                             status = GATT_NOT_LONG;
827                             GATT_TRACE_ERROR0( "gatts_write_attr_perm_check - GATT_NOT_LONG");
828                         }
829                         else if (len != max_size)    /* data does not match the required format */
830                         {
831                             status = GATT_INVALID_PDU;
832                             GATT_TRACE_ERROR0( "gatts_write_attr_perm_check - GATT_INVALID_PDU");
833                         }
834                         else
835                         {
836                             status = GATT_SUCCESS;
837                         }
838                     }
839                 }
840                 break;
841             }
842             else
843                 p_attr = (tGATT_ATTR16 *)p_attr->p_next;
844         }
845     }
846 
847     return status;
848 }
849 
850 /*******************************************************************************
851 **
852 ** Function         allocate_attr_in_db
853 **
854 ** Description      Allocate a memory space for a new attribute, and link this
855 **                  attribute into the database attribute list.
856 **
857 **
858 ** Parameter        p_db    : database pointer.
859 **                  service : type of attribute to be added.
860 **
861 ** Returns          pointer to the newly allocated attribute.
862 **
863 *******************************************************************************/
allocate_attr_in_db(tGATT_SVC_DB * p_db,UINT16 uuid16,UINT8 * uuid128,tGATT_PERM perm)864 static void *allocate_attr_in_db(tGATT_SVC_DB *p_db, UINT16 uuid16, UINT8 *uuid128, tGATT_PERM perm)
865 {
866     tGATT_ATTR16    *p_attr16 = NULL, *p_last;
867     tGATT_ATTR128   *p_attr128 = NULL;
868     UINT16      len = (uuid16 == 0) ? sizeof(tGATT_ATTR128): sizeof(tGATT_ATTR16);
869 
870     GATT_TRACE_DEBUG1("allocate attr %d bytes ",len);
871 
872     if (uuid16 == GATT_ILLEGAL_UUID && uuid128 == NULL)
873     {
874         GATT_TRACE_ERROR0("illegal UUID");
875         return NULL;
876     }
877 
878     if (p_db->end_handle <= p_db->next_handle)
879     {
880         GATT_TRACE_DEBUG2("handle space full. handle_max = %d next_handle = %d",
881                           p_db->end_handle, p_db->next_handle);
882         return NULL;
883     }
884 
885     if (p_db->mem_free < len)
886     {
887         if (!allocate_svc_db_buf(p_db))
888         {
889             GATT_TRACE_ERROR0("allocate_attr_in_db failed, no resources");
890             return NULL;
891         }
892     }
893 
894     p_attr16 = (tGATT_ATTR16 *) p_db->p_free_mem;
895     p_attr128 = (tGATT_ATTR128 *) p_db->p_free_mem;
896 
897     memset(p_attr16, 0, len);
898 
899     if (uuid16 != GATT_ILLEGAL_UUID)
900     {
901         p_attr16->uuid_type = GATT_ATTR_UUID_TYPE_16;
902         p_attr16->uuid = uuid16;
903     }
904     else
905     {
906         p_attr128->uuid_type = GATT_ATTR_UUID_TYPE_128;
907         memcpy(p_attr128->uuid, uuid128, LEN_UUID_128);
908     }
909 
910     p_db->p_free_mem += len;
911     p_db->mem_free -= len;
912 
913     p_attr16->handle = p_db->next_handle++;
914     p_attr16->permission = perm;
915     p_attr16->p_next = NULL;
916 
917     /* link the attribute record into the end of DB */
918     if (p_db->p_attr_list == NULL)
919         p_db->p_attr_list = p_attr16;
920     else
921     {
922         p_last = (tGATT_ATTR16 *)p_db->p_attr_list;
923 
924         while (p_last != NULL && p_last->p_next != NULL)
925             p_last = (tGATT_ATTR16 *)p_last->p_next;
926 
927         p_last->p_next = p_attr16;
928     }
929 
930     if (p_attr16->uuid_type == GATT_ATTR_UUID_TYPE_16)
931     {
932         GATT_TRACE_DEBUG3("=====> handle = [0x%04x] uuid = [0x%04x] perm=0x%02x ",
933                           p_attr16->handle, p_attr16->uuid, p_attr16->permission);
934     }
935     else
936     {
937         GATT_TRACE_DEBUG4("=====> handle = [0x%04x] uuid128 = [0x%02x:0x%02x] perm=0x%02x ",
938                           p_attr128->handle, p_attr128->uuid[0],p_attr128->uuid[1],
939                           p_attr128->permission);
940     }
941     return(void *)p_attr16;
942 }
943 
944 /*******************************************************************************
945 **
946 ** Function         deallocate_attr_in_db
947 **
948 ** Description      Free an attribute within the database.
949 **
950 ** Parameter        p_db: database pointer.
951 **                  p_attr: pointer to the attribute record to be freed.
952 **
953 ** Returns          BOOLEAN: success
954 **
955 *******************************************************************************/
deallocate_attr_in_db(tGATT_SVC_DB * p_db,void * p_attr)956 static BOOLEAN deallocate_attr_in_db(tGATT_SVC_DB *p_db, void *p_attr)
957 {
958     tGATT_ATTR16  *p_cur, *p_next;
959     BOOLEAN     found = FALSE;
960 
961     if (p_db->p_attr_list == NULL)
962         return found;
963 
964     p_cur   = (tGATT_ATTR16 *) p_db->p_attr_list;
965     p_next  = (tGATT_ATTR16 *) p_cur->p_next;
966 
967     for (; p_cur != NULL && p_next != NULL;
968         p_cur = p_next, p_next = (tGATT_ATTR16 *)p_next->p_next)
969     {
970         if (p_next == p_attr)
971         {
972             p_cur->p_next = p_next->p_next;
973             found = TRUE;
974         }
975     }
976     if (p_cur == p_attr && p_cur == p_db->p_attr_list)
977     {
978         p_db->p_attr_list = p_cur->p_next;
979         found = TRUE;
980     }
981     /* else attr not found */
982     if ( found)
983         p_db->next_handle --;
984 
985     return found;
986 }
987 
988 /*******************************************************************************
989 **
990 ** Function         copy_extra_byte_in_db
991 **
992 ** Description      Utility function to allocate extra bytes memory in DB and copy
993 **                  the value from a source place.
994 **
995 **
996 ** Parameter        p_db: database pointer.
997 **                  p_dst: destination data pointer.
998 **                  p_src: source data pointer.
999 **                  len: data length to be copied.
1000 **
1001 ** Returns          None.
1002 **
1003 *******************************************************************************/
copy_extra_byte_in_db(tGATT_SVC_DB * p_db,void ** p_dst,UINT16 len)1004 static BOOLEAN copy_extra_byte_in_db(tGATT_SVC_DB *p_db, void **p_dst, UINT16 len)
1005 {
1006     UINT8 *p = (UINT8 *)*p_dst;
1007 
1008     if (p_db->mem_free < len)
1009     {
1010         if (!allocate_svc_db_buf(p_db))
1011         {
1012             GATT_TRACE_ERROR0("copy_extra_byte_in_db failed, no resources");
1013             return FALSE;
1014         }
1015     }
1016 
1017     p = p_db->p_free_mem;
1018     p_db->p_free_mem += len;
1019     p_db->mem_free -= len;
1020     memset((void *)p, 0, len);
1021     *p_dst = (void *)p;
1022 
1023     return TRUE;
1024 }
1025 
1026 /*******************************************************************************
1027 **
1028 ** Function         allocate_svc_db_buf
1029 **
1030 ** Description      Utility function to allocate extra buffer for service database.
1031 **
1032 ** Returns          TRUE if allocation succeed, otherwise FALSE.
1033 **
1034 *******************************************************************************/
allocate_svc_db_buf(tGATT_SVC_DB * p_db)1035 static BOOLEAN allocate_svc_db_buf(tGATT_SVC_DB *p_db)
1036 {
1037     BT_HDR  *p_buf;
1038 
1039     GATT_TRACE_DEBUG0("allocate_svc_db_buf allocating extra buffer");
1040 
1041     if ((p_buf = (BT_HDR *)GKI_getpoolbuf(GATT_DB_POOL_ID)) == NULL)
1042     {
1043         GATT_TRACE_ERROR0("allocate_svc_db_buf failed, no resources");
1044         return FALSE;
1045     }
1046 
1047     memset(p_buf, 0, GKI_get_buf_size(p_buf));
1048     p_db->p_free_mem    = (UINT8 *) p_buf;
1049     p_db->mem_free      = GKI_get_buf_size(p_buf);
1050 
1051     GKI_enqueue(&p_db->svc_buffer, p_buf);
1052 
1053     return TRUE;
1054 
1055 }
1056 
1057 /*******************************************************************************
1058 **
1059 ** Function         gatts_send_app_read_request
1060 **
1061 ** Description      Send application read request callback
1062 **
1063 ** Returns          status of operation.
1064 **
1065 *******************************************************************************/
gatts_send_app_read_request(tGATT_TCB * p_tcb,UINT8 op_code,UINT16 handle,UINT16 offset,UINT32 trans_id)1066 static tGATT_STATUS gatts_send_app_read_request(tGATT_TCB *p_tcb, UINT8 op_code,
1067                                                 UINT16 handle, UINT16 offset, UINT32 trans_id)
1068 {
1069     tGATTS_DATA   sr_data;
1070     UINT8       i_rcb;
1071     tGATT_SR_REG *p_sreg;
1072     UINT16   conn_id;
1073 
1074     i_rcb = gatt_sr_find_i_rcb_by_handle(handle);
1075     p_sreg = &gatt_cb.sr_reg[i_rcb];
1076     conn_id = GATT_CREATE_CONN_ID(p_tcb->tcb_idx, p_sreg->gatt_if);
1077 
1078     if (trans_id == 0)
1079     {
1080         trans_id = gatt_sr_enqueue_cmd(p_tcb, op_code, handle);
1081         gatt_sr_update_cback_cnt(p_tcb, p_sreg->gatt_if, TRUE, TRUE);
1082     }
1083 
1084     if (trans_id != 0 )
1085     {
1086         memset(&sr_data, 0, sizeof(tGATTS_DATA));
1087 
1088         sr_data.read_req.handle = handle;
1089         sr_data.read_req.is_long = (BOOLEAN)(op_code == GATT_REQ_READ_BLOB);
1090         sr_data.read_req.offset = offset;
1091 
1092         gatt_sr_send_req_callback(conn_id,
1093                                   trans_id, GATTS_REQ_TYPE_READ, &sr_data);
1094         return(tGATT_STATUS) GATT_PENDING;
1095     }
1096     else
1097         return(tGATT_STATUS) GATT_BUSY; /* max pending command, application error */
1098 
1099 }
1100 
1101 /*******************************************************************************
1102 **
1103 ** Function         gatts_db_add_service_declaration
1104 **
1105 ** Description      Update a service database service declaration record.
1106 **
1107 ** Parameter        p_db: database pointer.
1108 **                  service: UUID of the service.
1109 **
1110 ** Returns          void
1111 **
1112 *******************************************************************************/
gatts_db_add_service_declaration(tGATT_SVC_DB * p_db,tBT_UUID service,BOOLEAN is_pri)1113 static void gatts_db_add_service_declaration(tGATT_SVC_DB *p_db, tBT_UUID service, BOOLEAN is_pri)
1114 {
1115     tGATT_ATTR16  *p_attr;
1116     UINT16      service_type = is_pri ? GATT_UUID_PRI_SERVICE: GATT_UUID_SEC_SERVICE;
1117 
1118     GATT_TRACE_DEBUG0( "add_service_declaration");
1119 
1120     /* add service declration record */
1121     if ((p_attr = (tGATT_ATTR16 *)(allocate_attr_in_db(p_db, service_type, NULL, GATT_PERM_READ))) != NULL)
1122     {
1123         if (copy_extra_byte_in_db (p_db, (void **)&p_attr->p_value, sizeof(tBT_UUID)))
1124         {
1125             memcpy (&p_attr->p_value->uuid, &service, sizeof(tBT_UUID));
1126         }
1127     }
1128 }
1129 
1130 #endif /* BLE_INCLUDED */
1131