1 /******************************************************************************
3 * Copyright (C) 2009-2012 Broadcom Corporation
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 ******************************************************************************/
19 /******************************************************************************
21 * this file contains GATT database building and query functions
23 ******************************************************************************/
25 #include "bt_target.h"
27 #if BLE_INCLUDED == TRUE
38 /********************************************************************************
39 ** L O C A L F U N C T I O N P R O T O T Y P E S *
40 *********************************************************************************/
41 static BOOLEAN allocate_svc_db_buf(tGATT_SVC_DB *p_db);
42 static void *allocate_attr_in_db(tGATT_SVC_DB *p_db, tBT_UUID *p_uuid, tGATT_PERM perm);
43 static BOOLEAN deallocate_attr_in_db(tGATT_SVC_DB *p_db, void *p_attr);
44 static BOOLEAN copy_extra_byte_in_db(tGATT_SVC_DB *p_db, void **p_dst, UINT16 len);
46 static BOOLEAN gatts_db_add_service_declaration(tGATT_SVC_DB *p_db, tBT_UUID *p_service, BOOLEAN is_pri);
47 static tGATT_STATUS gatts_send_app_read_request(tGATT_TCB *p_tcb, UINT8 op_code,
48 UINT16 handle, UINT16 offset, UINT32 trans_id);
50 /*******************************************************************************
52 ** Function gatts_init_service_db
54 ** Description This function initialize a memory space to be a service database.
56 ** Parameter p_db: database pointer.
57 ** len: size of the memory space.
59 ** Returns Status of te operation.
61 *******************************************************************************/
62 BOOLEAN gatts_init_service_db (tGATT_SVC_DB *p_db, tBT_UUID *p_service, BOOLEAN is_pri,
63 UINT16 s_hdl, UINT16 num_handle)
65 if (!allocate_svc_db_buf(p_db))
67 GATT_TRACE_ERROR("gatts_init_service_db failed, no resources");
71 GATT_TRACE_DEBUG("gatts_init_service_db");
72 GATT_TRACE_DEBUG("s_hdl = %d num_handle = %d", s_hdl, num_handle );
74 /* update service database information */
75 p_db->next_handle = s_hdl;
76 p_db->end_handle = s_hdl + num_handle;
78 return gatts_db_add_service_declaration(p_db, p_service, is_pri);
81 /*******************************************************************************
83 ** Function gatts_init_service_db
85 ** Description This function initialize a memory space to be a service database.
87 ** Parameter p_db: database pointer.
88 ** len: size of the memory space.
90 ** Returns Status of te operation.
92 *******************************************************************************/
93 tBT_UUID * gatts_get_service_uuid (tGATT_SVC_DB *p_db)
95 if (!p_db || !p_db->p_attr_list)
97 GATT_TRACE_ERROR("service DB empty");
103 return &((tGATT_ATTR16 *)p_db->p_attr_list)->p_value->uuid;
107 /*******************************************************************************
109 ** Function gatts_check_attr_readability
111 ** Description check attribute readability
113 ** Returns status of operation.
115 *******************************************************************************/
116 static tGATT_STATUS gatts_check_attr_readability(tGATT_ATTR16 *p_attr,
119 tGATT_SEC_FLAG sec_flag,
123 tGATT_PERM perm = p_attr->permission;
126 min_key_size = (((perm & GATT_ENCRYPT_KEY_SIZE_MASK) >> 12));
127 if (min_key_size != 0 )
132 if (!(perm & GATT_READ_ALLOWED))
134 GATT_TRACE_ERROR( "GATT_READ_NOT_PERMIT");
135 return GATT_READ_NOT_PERMIT;
138 if ((perm & GATT_READ_AUTH_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_UNAUTHED) &&
139 !(sec_flag & BTM_SEC_FLAG_ENCRYPTED))
141 GATT_TRACE_ERROR( "GATT_INSUF_AUTHENTICATION");
142 return GATT_INSUF_AUTHENTICATION;
145 if ((perm & GATT_READ_MITM_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_AUTHED))
147 GATT_TRACE_ERROR( "GATT_INSUF_AUTHENTICATION: MITM Required");
148 return GATT_INSUF_AUTHENTICATION;
151 if ((perm & GATT_READ_ENCRYPTED_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED))
153 GATT_TRACE_ERROR( "GATT_INSUF_ENCRYPTION");
154 return GATT_INSUF_ENCRYPTION;
157 if ( (perm & GATT_READ_ENCRYPTED_REQUIRED) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED) && (key_size < min_key_size))
159 GATT_TRACE_ERROR( "GATT_INSUF_KEY_SIZE");
160 return GATT_INSUF_KEY_SIZE;
166 switch (p_attr->uuid)
168 case GATT_UUID_PRI_SERVICE:
169 case GATT_UUID_SEC_SERVICE:
170 case GATT_UUID_CHAR_DECLARE:
171 case GATT_UUID_INCLUDE_SERVICE:
172 case GATT_UUID_CHAR_EXT_PROP:
173 case GATT_UUID_CHAR_CLIENT_CONFIG:
174 case GATT_UUID_CHAR_SRVR_CONFIG:
175 case GATT_UUID_CHAR_PRESENT_FORMAT:
176 GATT_TRACE_ERROR("GATT_NOT_LONG");
177 return GATT_NOT_LONG;
187 /*******************************************************************************
189 ** Function read_attr_value
191 ** Description Utility function to read an attribute value.
193 ** Parameter p_attr: pointer to the attribute to read.
194 ** offset: read offset.
195 ** p_value: output parameter to carry out the attribute value.
196 ** p_len: output parameter to carry out the attribute length.
197 ** read_long: this is a read blob request.
199 ** sec_flag: current link security status.
200 ** key_size: encryption key size.
202 ** Returns status of operation.
204 *******************************************************************************/
205 static tGATT_STATUS read_attr_value (void *p_attr,
211 tGATT_SEC_FLAG sec_flag,
214 UINT16 len = 0, uuid16 = 0;
217 UINT16 read_long_uuid=0;
218 tGATT_ATTR16 *p_attr16 = (tGATT_ATTR16 *)p_attr;
220 GATT_TRACE_DEBUG("read_attr_value uuid=0x%04x perm=0x%0x sec_flag=0x%x offset=%d read_long=%d",
222 p_attr16->permission,
227 status = gatts_check_attr_readability((tGATT_ATTR16 *)p_attr, offset, read_long, sec_flag, key_size);
229 if (status != GATT_SUCCESS)
232 if (p_attr16->uuid_type == GATT_ATTR_UUID_TYPE_16)
233 uuid16 = p_attr16->uuid;
235 status = GATT_NO_RESOURCES;
238 (uuid16 == GATT_UUID_CHAR_DESCRIPTION || uuid16 == GATT_UUID_CHAR_AGG_FORMAT))
240 read_long_uuid = p_attr16->uuid;
243 if (uuid16 == GATT_UUID_PRI_SERVICE || uuid16 == GATT_UUID_SEC_SERVICE)
245 len = p_attr16->p_value->uuid.len;
246 if (mtu >= p_attr16->p_value->uuid.len)
248 gatt_build_uuid_to_stream(&p, p_attr16->p_value->uuid);
249 status = GATT_SUCCESS;
252 else if (uuid16 == GATT_UUID_CHAR_DECLARE)
254 len = (((tGATT_ATTR16 *)(p_attr16->p_next))->uuid_type == GATT_ATTR_UUID_TYPE_16) ? 5 :19;
258 UINT8_TO_STREAM(p, p_attr16->p_value->char_decl.property);
259 UINT16_TO_STREAM(p, p_attr16->p_value->char_decl.char_val_handle);
261 if (((tGATT_ATTR16 *)(p_attr16->p_next))->uuid_type == GATT_ATTR_UUID_TYPE_16)
263 UINT16_TO_STREAM(p, ((tGATT_ATTR16 *)(p_attr16->p_next))->uuid);
265 /* convert a 32bits UUID to 128 bits */
266 else if (((tGATT_ATTR32 *)(p_attr16->p_next))->uuid_type == GATT_ATTR_UUID_TYPE_32)
268 gatt_convert_uuid32_to_uuid128 (p, ((tGATT_ATTR32 *)(p_attr16->p_next))->uuid);
273 ARRAY_TO_STREAM (p, ((tGATT_ATTR128 *)(p_attr16->p_next))->uuid, LEN_UUID_128);
275 status = GATT_SUCCESS;
279 else if (uuid16 == GATT_UUID_INCLUDE_SERVICE)
281 if (p_attr16->p_value->incl_handle.service_type.len == LEN_UUID_16)
288 UINT16_TO_STREAM(p, p_attr16->p_value->incl_handle.s_handle);
289 UINT16_TO_STREAM(p, p_attr16->p_value->incl_handle.e_handle);
291 if (p_attr16->p_value->incl_handle.service_type.len == LEN_UUID_16)
293 UINT16_TO_STREAM(p, p_attr16->p_value->incl_handle.service_type.uu.uuid16);
295 status = GATT_SUCCESS;
298 else /* characteristic description or characteristic value */
300 status = GATT_PENDING;
308 /*******************************************************************************
310 ** Function gatts_db_read_attr_value_by_type
312 ** Description Query attribute value by attribute type.
314 ** Parameter p_db: pointer to the attribute database.
315 ** p_rsp: Read By type response data.
316 ** s_handle: starting handle of the range we are looking for.
317 ** e_handle: ending handle of the range we are looking for.
318 ** type: Attribute type.
320 ** sec_flag: current link security status.
321 ** key_size: encryption key size.
323 ** Returns Status of the operation.
325 *******************************************************************************/
326 tGATT_STATUS gatts_db_read_attr_value_by_type (tGATT_TCB *p_tcb,
334 tGATT_SEC_FLAG sec_flag,
337 UINT16 *p_cur_handle)
339 tGATT_STATUS status = GATT_NOT_FOUND;
340 tGATT_ATTR16 *p_attr;
342 UINT8 *p = (UINT8 *)(p_rsp + 1) + p_rsp->len + L2CAP_MIN_OFFSET;
344 #if (defined(BLE_DELAY_REQUEST_ENC) && (BLE_DELAY_REQUEST_ENC == TRUE))
348 if (p_db && p_db->p_attr_list)
350 p_attr = (tGATT_ATTR16 *)p_db->p_attr_list;
352 while (p_attr && p_attr->handle <= e_handle)
354 if (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_16)
356 attr_uuid.len = LEN_UUID_16;
357 attr_uuid.uu.uuid16 = p_attr->uuid;
359 else if (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_32)
361 attr_uuid.len = LEN_UUID_32;
362 attr_uuid.uu.uuid32 = ((tGATT_ATTR32 *)p_attr)->uuid;
366 attr_uuid.len = LEN_UUID_128;
367 memcpy(attr_uuid.uu.uuid128, ((tGATT_ATTR128 *)p_attr)->uuid, LEN_UUID_128);
370 if (p_attr->handle >= s_handle && gatt_uuid_compare(type, attr_uuid))
374 status = GATT_NO_RESOURCES;
378 UINT16_TO_STREAM (p, p_attr->handle);
380 status = read_attr_value ((void *)p_attr, 0, &p, FALSE, (UINT16)(*p_len -2), &len, sec_flag, key_size);
382 if (status == GATT_PENDING)
384 status = gatts_send_app_read_request(p_tcb, op_code, p_attr->handle, 0, trans_id);
386 /* one callback at a time */
389 else if (status == GATT_SUCCESS)
391 if (p_rsp->offset == 0)
392 p_rsp->offset = len + 2;
394 if (p_rsp->offset == len + 2)
396 p_rsp->len += (len + 2);
401 GATT_TRACE_ERROR("format mismatch");
402 status = GATT_NO_RESOURCES;
408 *p_cur_handle = p_attr->handle;
412 p_attr = (tGATT_ATTR16 *)p_attr->p_next;
416 #if (defined(BLE_DELAY_REQUEST_ENC) && (BLE_DELAY_REQUEST_ENC == TRUE))
417 if (BTM_GetSecurityFlags(p_tcb->peer_bda, &flag))
419 if ((p_tcb->att_lcid == L2CAP_ATT_CID) && (status == GATT_PENDING) &&
420 (type.uu.uuid16 == GATT_UUID_GAP_DEVICE_NAME))
422 if ((flag & (BTM_SEC_LINK_KEY_KNOWN | BTM_SEC_FLAG_ENCRYPTED)) ==
423 BTM_SEC_LINK_KEY_KNOWN)
426 p = btm_bda_to_acl(p_tcb->peer_bda, BT_TRANSPORT_LE);
427 if ((p != NULL) && (p->link_role == BTM_ROLE_MASTER))
429 tBTM_BLE_SEC_ACT sec_act = BTM_BLE_SEC_ENCRYPT;
430 btm_ble_set_encryption(p_tcb->peer_bda, &sec_act, p->link_role);
439 /*******************************************************************************
441 ** Function gatts_add_included_service
443 ** Description This function adds an included service into a database.
445 ** Parameter p_db: database pointer.
446 ** inc_srvc_type: included service type.
448 ** Returns Status of the operation.
450 *******************************************************************************/
451 UINT16 gatts_add_included_service (tGATT_SVC_DB *p_db, UINT16 s_handle, UINT16 e_handle,
454 tGATT_ATTR16 *p_attr;
455 tBT_UUID uuid = {LEN_UUID_16, {GATT_UUID_INCLUDE_SERVICE}};
457 GATT_TRACE_DEBUG("gatts_add_included_service: s_hdl = 0x%04x e_hdl = 0x%04x uuid = 0x%04x",
458 s_handle, e_handle, service.uu.uuid16);
460 if (service.len == 0 || s_handle == 0 || e_handle == 0)
462 GATT_TRACE_ERROR("gatts_add_included_service Illegal Params.");
466 if ((p_attr = (tGATT_ATTR16 *) allocate_attr_in_db(p_db, &uuid, GATT_PERM_READ)) != NULL)
468 if (copy_extra_byte_in_db(p_db, (void **)&p_attr->p_value, sizeof(tGATT_INCL_SRVC)))
470 p_attr->p_value->incl_handle.s_handle = s_handle;
471 p_attr->p_value->incl_handle.e_handle = e_handle;
472 memcpy(&p_attr->p_value->incl_handle.service_type, &service, sizeof(tBT_UUID));
474 return p_attr->handle;
478 deallocate_attr_in_db(p_db, p_attr);
485 /*******************************************************************************
487 ** Function gatts_add_characteristic
489 ** Description This function add a characteristics and its descriptor into
490 ** a servce identified by the service database pointer.
492 ** Parameter p_db: database pointer.
493 ** perm: permission (authentication and key size requirements)
494 ** property: property of the characteristic.
495 ** p_char: characteristic value information.
497 ** Returns Status of te operation.
499 *******************************************************************************/
500 UINT16 gatts_add_characteristic (tGATT_SVC_DB *p_db, tGATT_PERM perm,
501 tGATT_CHAR_PROP property,
502 tBT_UUID * p_char_uuid)
504 tGATT_ATTR16 *p_char_decl, *p_char_val;
505 tBT_UUID uuid = {LEN_UUID_16, {GATT_UUID_CHAR_DECLARE}};
507 GATT_TRACE_DEBUG("gatts_add_characteristic perm=0x%0x property=0x%0x", perm, property);
509 if ((p_char_decl = (tGATT_ATTR16 *)allocate_attr_in_db(p_db, &uuid, GATT_PERM_READ)) != NULL)
511 if (!copy_extra_byte_in_db(p_db, (void **)&p_char_decl->p_value, sizeof(tGATT_CHAR_DECL)))
513 deallocate_attr_in_db(p_db, p_char_decl);
517 p_char_val = (tGATT_ATTR16 *)allocate_attr_in_db(p_db, p_char_uuid, perm);
519 if (p_char_val == NULL)
521 deallocate_attr_in_db(p_db, p_char_decl);
525 p_char_decl->p_value->char_decl.property = property;
526 p_char_decl->p_value->char_decl.char_val_handle = p_char_val->handle;
528 p_char_val->p_value = NULL;
530 return p_char_val->handle;
536 /*******************************************************************************
538 ** Function gatt_convertchar_descr_type
540 ** Description This function convert a char descript UUID into descriptor type.
542 ** Returns descriptor type.
544 *******************************************************************************/
545 UINT8 gatt_convertchar_descr_type(tBT_UUID *p_descr_uuid)
547 tBT_UUID std_descr = {LEN_UUID_16, {GATT_UUID_CHAR_EXT_PROP}};
549 if (gatt_uuid_compare(std_descr, * p_descr_uuid))
550 return GATT_DESCR_EXT_DSCPTOR;
552 std_descr.uu.uuid16 ++;
553 if (gatt_uuid_compare(std_descr, * p_descr_uuid))
554 return GATT_DESCR_USER_DSCPTOR;
556 std_descr.uu.uuid16 ++;
557 if (gatt_uuid_compare(std_descr, * p_descr_uuid))
558 return GATT_DESCR_CLT_CONFIG;
560 std_descr.uu.uuid16 ++;
561 if (gatt_uuid_compare(std_descr, * p_descr_uuid))
562 return GATT_DESCR_SVR_CONFIG;
564 std_descr.uu.uuid16 ++;
565 if (gatt_uuid_compare(std_descr, * p_descr_uuid))
566 return GATT_DESCR_PRES_FORMAT;
568 std_descr.uu.uuid16 ++;
569 if (gatt_uuid_compare(std_descr, * p_descr_uuid))
570 return GATT_DESCR_AGGR_FORMAT;
572 std_descr.uu.uuid16 ++;
573 if (gatt_uuid_compare(std_descr, * p_descr_uuid))
574 return GATT_DESCR_VALID_RANGE;
577 return GATT_DESCR_UNKNOWN;
580 /*******************************************************************************
582 ** Function gatts_add_char_descr
584 ** Description This function add a characteristics descriptor.
586 ** Parameter p_db: database pointer.
587 ** perm: characteristic descriptor permission type.
588 ** char_dscp_tpye: the characteristic descriptor masks.
589 ** p_dscp_params: characteristic descriptors values.
591 ** Returns Status of the operation.
593 *******************************************************************************/
594 UINT16 gatts_add_char_descr (tGATT_SVC_DB *p_db, tGATT_PERM perm,
595 tBT_UUID * p_descr_uuid)
597 tGATT_ATTR16 *p_char_dscptr;
599 GATT_TRACE_DEBUG("gatts_add_char_descr uuid=0x%04x", p_descr_uuid->uu.uuid16);
601 /* Add characteristic descriptors */
602 if ((p_char_dscptr = (tGATT_ATTR16 *)allocate_attr_in_db(p_db,
607 GATT_TRACE_DEBUG("gatts_add_char_descr Fail for adding char descriptors.");
612 return p_char_dscptr->handle;
616 /*******************************************************************************/
617 /* Service Attribute Database Query Utility Functions */
618 /*******************************************************************************/
619 /*******************************************************************************
621 ** Function gatts_read_attr_value_by_handle
623 ** Description Query attribute value by attribute handle.
625 ** Parameter p_db: pointer to the attribute database.
626 ** handle: Attribute handle to read.
627 ** offset: Read offset.
628 ** p_value: output parameter to carry out the attribute value.
629 ** p_len: output parameter as attribute length read.
630 ** read_long: this is a read blob request.
632 ** sec_flag: current link security status.
633 ** key_size: encryption key size
635 ** Returns Status of operation.
637 *******************************************************************************/
638 tGATT_STATUS gatts_read_attr_value_by_handle(tGATT_TCB *p_tcb,
641 UINT16 handle, UINT16 offset,
642 UINT8 *p_value, UINT16 *p_len,
644 tGATT_SEC_FLAG sec_flag,
648 tGATT_STATUS status = GATT_NOT_FOUND;
649 tGATT_ATTR16 *p_attr;
652 if (p_db && p_db->p_attr_list)
654 p_attr = (tGATT_ATTR16 *)p_db->p_attr_list;
656 while (p_attr && handle >= p_attr->handle)
658 if (p_attr->handle == handle)
660 status = read_attr_value (p_attr, offset, &pp,
661 (BOOLEAN)(op_code == GATT_REQ_READ_BLOB),
662 mtu, p_len, sec_flag, key_size);
664 if (status == GATT_PENDING)
666 status = gatts_send_app_read_request(p_tcb, op_code, p_attr->handle, offset, trans_id);
670 p_attr = (tGATT_ATTR16 *)p_attr->p_next;
677 /*******************************************************************************
679 ** Function gatts_read_attr_perm_check
681 ** Description Check attribute readability.
683 ** Parameter p_db: pointer to the attribute database.
684 ** handle: Attribute handle to read.
685 ** offset: Read offset.
686 ** p_value: output parameter to carry out the attribute value.
687 ** p_len: output parameter as attribute length read.
688 ** read_long: this is a read blob request.
690 ** sec_flag: current link security status.
691 ** key_size: encryption key size
693 ** Returns Status of operation.
695 *******************************************************************************/
696 tGATT_STATUS gatts_read_attr_perm_check(tGATT_SVC_DB *p_db,
699 tGATT_SEC_FLAG sec_flag,
702 tGATT_STATUS status = GATT_NOT_FOUND;
703 tGATT_ATTR16 *p_attr;
705 if (p_db && p_db->p_attr_list)
707 p_attr = (tGATT_ATTR16 *)p_db->p_attr_list;
709 while (p_attr && handle >= p_attr->handle)
711 if (p_attr->handle == handle)
713 status = gatts_check_attr_readability (p_attr, 0,
718 p_attr = (tGATT_ATTR16 *) p_attr->p_next;
724 /*******************************************************************************
726 ** Function gatts_write_attr_perm_check
728 ** Description Write attribute value into database.
730 ** Parameter p_db: pointer to the attribute database.
731 ** op_code:op code of this write.
732 ** handle: handle of the attribute to write.
733 ** offset: Write offset if write op code is write blob.
734 ** p_data: Attribute value to write.
735 ** len: attribute data length.
736 ** sec_flag: current link security status.
737 ** key_size: encryption key size
739 ** Returns Status of the operation.
741 *******************************************************************************/
742 tGATT_STATUS gatts_write_attr_perm_check (tGATT_SVC_DB *p_db, UINT8 op_code,
743 UINT16 handle, UINT16 offset, UINT8 *p_data,
744 UINT16 len, tGATT_SEC_FLAG sec_flag, UINT8 key_size)
746 tGATT_STATUS status = GATT_NOT_FOUND;
747 tGATT_ATTR16 *p_attr;
752 GATT_TRACE_DEBUG( "gatts_write_attr_perm_check op_code=0x%0x handle=0x%04x offset=%d len=%d sec_flag=0x%0x key_size=%d",
753 op_code, handle, offset, len, sec_flag, key_size);
757 p_attr = (tGATT_ATTR16 *) p_db->p_attr_list;
759 while (p_attr != NULL)
761 if (p_attr->handle == handle)
763 perm = p_attr->permission;
764 min_key_size = (((perm & GATT_ENCRYPT_KEY_SIZE_MASK) >> 12));
765 if (min_key_size != 0 )
769 GATT_TRACE_DEBUG( "gatts_write_attr_perm_check p_attr->permission =0x%04x min_key_size==0x%04x",
773 if ((op_code == GATT_CMD_WRITE || op_code == GATT_REQ_WRITE)
774 && (perm & GATT_WRITE_SIGNED_PERM))
776 /* use the rules for the mixed security see section 10.2.3*/
777 /* use security mode 1 level 2 when the following condition follows */
778 /* LE security mode 2 level 1 and LE security mode 1 level 2 */
779 if ((perm & GATT_PERM_WRITE_SIGNED) && (perm & GATT_PERM_WRITE_ENCRYPTED))
781 perm = GATT_PERM_WRITE_ENCRYPTED;
783 /* use security mode 1 level 3 when the following condition follows */
784 /* LE security mode 2 level 2 and security mode 1 and LE */
785 else if (((perm & GATT_PERM_WRITE_SIGNED_MITM) && (perm & GATT_PERM_WRITE_ENCRYPTED)) ||
786 /* LE security mode 2 and security mode 1 level 3 */
787 ((perm & GATT_WRITE_SIGNED_PERM) && (perm & GATT_PERM_WRITE_ENC_MITM)))
789 perm = GATT_PERM_WRITE_ENC_MITM;
793 if ((op_code == GATT_SIGN_CMD_WRITE) && !(perm & GATT_WRITE_SIGNED_PERM))
795 status = GATT_WRITE_NOT_PERMIT;
796 GATT_TRACE_DEBUG( "gatts_write_attr_perm_check - sign cmd write not allowed");
798 if ((op_code == GATT_SIGN_CMD_WRITE) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED))
800 status = GATT_INVALID_PDU;
801 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - Error!! sign cmd write sent on a encypted link");
803 else if (!(perm & GATT_WRITE_ALLOWED))
805 status = GATT_WRITE_NOT_PERMIT;
806 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_WRITE_NOT_PERMIT");
808 /* require authentication, but not been authenticated */
809 else if ((perm & GATT_WRITE_AUTH_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_UNAUTHED))
811 status = GATT_INSUF_AUTHENTICATION;
812 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_AUTHENTICATION");
814 else if ((perm & GATT_WRITE_MITM_REQUIRED ) && !(sec_flag & GATT_SEC_FLAG_LKEY_AUTHED))
816 status = GATT_INSUF_AUTHENTICATION;
817 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_AUTHENTICATION: MITM required");
819 else if ((perm & GATT_WRITE_ENCRYPTED_PERM ) && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED))
821 status = GATT_INSUF_ENCRYPTION;
822 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_ENCRYPTION");
824 else if ((perm & GATT_WRITE_ENCRYPTED_PERM ) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED) && (key_size < min_key_size))
826 status = GATT_INSUF_KEY_SIZE;
827 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_KEY_SIZE");
829 /* LE security mode 2 attribute */
830 else if (perm & GATT_WRITE_SIGNED_PERM && op_code != GATT_SIGN_CMD_WRITE && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED)
831 && (perm & GATT_WRITE_ALLOWED) == 0)
833 status = GATT_INSUF_AUTHENTICATION;
834 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_AUTHENTICATION: LE security mode 2 required");
836 else /* writable: must be char value declaration or char descritpors */
838 if(p_attr->uuid_type == GATT_ATTR_UUID_TYPE_16)
840 switch (p_attr->uuid)
842 case GATT_UUID_CHAR_PRESENT_FORMAT:/* should be readable only */
843 case GATT_UUID_CHAR_EXT_PROP:/* should be readable only */
844 case GATT_UUID_CHAR_AGG_FORMAT: /* should be readable only */
845 case GATT_UUID_CHAR_VALID_RANGE:
846 status = GATT_WRITE_NOT_PERMIT;
849 case GATT_UUID_CHAR_CLIENT_CONFIG:
850 /* coverity[MISSING_BREAK] */
851 /* intnended fall through, ignored */
853 case GATT_UUID_CHAR_SRVR_CONFIG:
855 case GATT_UUID_CHAR_DESCRIPTION:
856 default: /* any other must be character value declaration */
857 status = GATT_SUCCESS;
861 else if (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_128 ||
862 p_attr->uuid_type == GATT_ATTR_UUID_TYPE_32)
864 status = GATT_SUCCESS;
868 status = GATT_INVALID_PDU;
871 if (p_data == NULL && len > 0)
873 status = GATT_INVALID_PDU;
875 /* these attribute does not allow write blob */
877 else if ( (p_attr->uuid_type == GATT_ATTR_UUID_TYPE_16) &&
878 (p_attr->uuid == GATT_UUID_CHAR_CLIENT_CONFIG ||
879 p_attr->uuid == GATT_UUID_CHAR_SRVR_CONFIG) )
882 if (op_code == GATT_REQ_PREPARE_WRITE && offset != 0) /* does not allow write blob */
884 status = GATT_NOT_LONG;
885 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_NOT_LONG");
887 else if (len != max_size) /* data does not match the required format */
889 status = GATT_INVALID_ATTR_LEN;
890 GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INVALID_PDU");
894 status = GATT_SUCCESS;
901 p_attr = (tGATT_ATTR16 *)p_attr->p_next;
908 /*******************************************************************************
910 ** Function allocate_attr_in_db
912 ** Description Allocate a memory space for a new attribute, and link this
913 ** attribute into the database attribute list.
916 ** Parameter p_db : database pointer.
917 ** p_uuid: pointer to attribute UUID
918 ** service : type of attribute to be added.
920 ** Returns pointer to the newly allocated attribute.
922 *******************************************************************************/
923 static void *allocate_attr_in_db(tGATT_SVC_DB *p_db, tBT_UUID *p_uuid, tGATT_PERM perm)
925 tGATT_ATTR16 *p_attr16 = NULL, *p_last;
926 tGATT_ATTR32 *p_attr32 = NULL;
927 tGATT_ATTR128 *p_attr128 = NULL;
928 UINT16 len = sizeof(tGATT_ATTR128);
932 GATT_TRACE_ERROR("illegal UUID");
936 if (p_uuid->len == LEN_UUID_16)
937 len = sizeof(tGATT_ATTR16);
938 else if (p_uuid->len == LEN_UUID_32)
939 len = sizeof(tGATT_ATTR32);
941 GATT_TRACE_DEBUG("allocate attr %d bytes ",len);
943 if (p_db->end_handle <= p_db->next_handle)
945 GATT_TRACE_DEBUG("handle space full. handle_max = %d next_handle = %d",
946 p_db->end_handle, p_db->next_handle);
950 if (p_db->mem_free < len)
952 if (!allocate_svc_db_buf(p_db))
954 GATT_TRACE_ERROR("allocate_attr_in_db failed, no resources");
958 memset(p_db->p_free_mem, 0, len);
959 p_attr16 = (tGATT_ATTR16 *) p_db->p_free_mem;
961 if (p_uuid->len == LEN_UUID_16 && p_uuid->uu.uuid16 != GATT_ILLEGAL_UUID)
963 p_attr16->uuid_type = GATT_ATTR_UUID_TYPE_16;
964 p_attr16->uuid = p_uuid->uu.uuid16;
966 else if (p_uuid->len == LEN_UUID_32)
968 p_attr32 = (tGATT_ATTR32 *) p_db->p_free_mem;
969 p_attr32->uuid_type = GATT_ATTR_UUID_TYPE_32;
970 p_attr32->uuid = p_uuid->uu.uuid32;
972 else if (p_uuid->len == LEN_UUID_128)
974 p_attr128 = (tGATT_ATTR128 *) p_db->p_free_mem;
975 p_attr128->uuid_type = GATT_ATTR_UUID_TYPE_128;
976 memcpy(p_attr128->uuid, p_uuid->uu.uuid128, LEN_UUID_128);
979 p_db->p_free_mem += len;
980 p_db->mem_free -= len;
982 p_attr16->handle = p_db->next_handle++;
983 p_attr16->permission = perm;
984 p_attr16->p_next = NULL;
986 /* link the attribute record into the end of DB */
987 if (p_db->p_attr_list == NULL)
988 p_db->p_attr_list = p_attr16;
991 p_last = (tGATT_ATTR16 *)p_db->p_attr_list;
993 while (p_last != NULL && p_last->p_next != NULL)
994 p_last = (tGATT_ATTR16 *)p_last->p_next;
996 p_last->p_next = p_attr16;
999 if (p_attr16->uuid_type == GATT_ATTR_UUID_TYPE_16)
1001 GATT_TRACE_DEBUG("=====> handle = [0x%04x] uuid16 = [0x%04x] perm=0x%02x ",
1002 p_attr16->handle, p_attr16->uuid, p_attr16->permission);
1004 else if (p_attr16->uuid_type == GATT_ATTR_UUID_TYPE_32)
1006 GATT_TRACE_DEBUG("=====> handle = [0x%04x] uuid32 = [0x%08x] perm=0x%02x ",
1007 p_attr32->handle, p_attr32->uuid, p_attr32->permission);
1011 GATT_TRACE_DEBUG("=====> handle = [0x%04x] uuid128 = [0x%02x:0x%02x] perm=0x%02x ",
1012 p_attr128->handle, p_attr128->uuid[0],p_attr128->uuid[1],
1013 p_attr128->permission);
1015 return(void *)p_attr16;
1018 /*******************************************************************************
1020 ** Function deallocate_attr_in_db
1022 ** Description Free an attribute within the database.
1024 ** Parameter p_db: database pointer.
1025 ** p_attr: pointer to the attribute record to be freed.
1027 ** Returns BOOLEAN: success
1029 *******************************************************************************/
1030 static BOOLEAN deallocate_attr_in_db(tGATT_SVC_DB *p_db, void *p_attr)
1032 tGATT_ATTR16 *p_cur, *p_next;
1033 BOOLEAN found = FALSE;
1035 if (p_db->p_attr_list == NULL)
1038 p_cur = (tGATT_ATTR16 *) p_db->p_attr_list;
1039 p_next = (tGATT_ATTR16 *) p_cur->p_next;
1041 for (; p_cur != NULL && p_next != NULL;
1042 p_cur = p_next, p_next = (tGATT_ATTR16 *)p_next->p_next)
1044 if (p_next == p_attr)
1046 p_cur->p_next = p_next->p_next;
1050 if (p_cur == p_attr && p_cur == p_db->p_attr_list)
1052 p_db->p_attr_list = p_cur->p_next;
1055 /* else attr not found */
1057 p_db->next_handle --;
1062 /*******************************************************************************
1064 ** Function copy_extra_byte_in_db
1066 ** Description Utility function to allocate extra bytes memory in DB and copy
1067 ** the value from a source place.
1070 ** Parameter p_db: database pointer.
1071 ** p_dst: destination data pointer.
1072 ** p_src: source data pointer.
1073 ** len: data length to be copied.
1077 *******************************************************************************/
1078 static BOOLEAN copy_extra_byte_in_db(tGATT_SVC_DB *p_db, void **p_dst, UINT16 len)
1080 UINT8 *p = (UINT8 *)*p_dst;
1082 if (p_db->mem_free < len)
1084 if (!allocate_svc_db_buf(p_db))
1086 GATT_TRACE_ERROR("copy_extra_byte_in_db failed, no resources");
1091 p = p_db->p_free_mem;
1092 p_db->p_free_mem += len;
1093 p_db->mem_free -= len;
1094 memset((void *)p, 0, len);
1100 /*******************************************************************************
1102 ** Function allocate_svc_db_buf
1104 ** Description Utility function to allocate extra buffer for service database.
1106 ** Returns TRUE if allocation succeed, otherwise FALSE.
1108 *******************************************************************************/
1109 static BOOLEAN allocate_svc_db_buf(tGATT_SVC_DB *p_db)
1113 GATT_TRACE_DEBUG("allocate_svc_db_buf allocating extra buffer");
1115 if ((p_buf = (BT_HDR *)GKI_getpoolbuf(GATT_DB_POOL_ID)) == NULL)
1117 GATT_TRACE_ERROR("allocate_svc_db_buf failed, no resources");
1121 memset(p_buf, 0, GKI_get_buf_size(p_buf));
1122 p_db->p_free_mem = (UINT8 *) p_buf;
1123 p_db->mem_free = GKI_get_buf_size(p_buf);
1125 GKI_enqueue(&p_db->svc_buffer, p_buf);
1131 /*******************************************************************************
1133 ** Function gatts_send_app_read_request
1135 ** Description Send application read request callback
1137 ** Returns status of operation.
1139 *******************************************************************************/
1140 static tGATT_STATUS gatts_send_app_read_request(tGATT_TCB *p_tcb, UINT8 op_code,
1141 UINT16 handle, UINT16 offset, UINT32 trans_id)
1143 tGATTS_DATA sr_data;
1145 tGATT_SR_REG *p_sreg;
1148 i_rcb = gatt_sr_find_i_rcb_by_handle(handle);
1149 p_sreg = &gatt_cb.sr_reg[i_rcb];
1150 conn_id = GATT_CREATE_CONN_ID(p_tcb->tcb_idx, p_sreg->gatt_if);
1154 trans_id = gatt_sr_enqueue_cmd(p_tcb, op_code, handle);
1155 gatt_sr_update_cback_cnt(p_tcb, p_sreg->gatt_if, TRUE, TRUE);
1160 memset(&sr_data, 0, sizeof(tGATTS_DATA));
1162 sr_data.read_req.handle = handle;
1163 sr_data.read_req.is_long = (BOOLEAN)(op_code == GATT_REQ_READ_BLOB);
1164 sr_data.read_req.offset = offset;
1166 gatt_sr_send_req_callback(conn_id,
1167 trans_id, GATTS_REQ_TYPE_READ, &sr_data);
1168 return(tGATT_STATUS) GATT_PENDING;
1171 return(tGATT_STATUS) GATT_BUSY; /* max pending command, application error */
1175 /*******************************************************************************
1177 ** Function gatts_db_add_service_declaration
1179 ** Description Update a service database service declaration record.
1181 ** Parameter p_db: database pointer.
1182 ** service: UUID of the service.
1186 *******************************************************************************/
1187 static BOOLEAN gatts_db_add_service_declaration(tGATT_SVC_DB *p_db, tBT_UUID *p_service, BOOLEAN is_pri)
1189 tGATT_ATTR16 *p_attr;
1190 tBT_UUID uuid = {LEN_UUID_16, {0}};
1193 GATT_TRACE_DEBUG( "add_service_declaration");
1196 uuid.uu.uuid16 = GATT_UUID_PRI_SERVICE;
1198 uuid.uu.uuid16 = GATT_UUID_SEC_SERVICE;
1200 /* add service declration record */
1201 if ((p_attr = (tGATT_ATTR16 *)(allocate_attr_in_db(p_db, &uuid, GATT_PERM_READ))) != NULL)
1203 if (copy_extra_byte_in_db (p_db, (void **)&p_attr->p_value, sizeof(tBT_UUID)))
1205 if (p_service->len == LEN_UUID_16)
1207 p_attr->p_value->uuid.len = LEN_UUID_16;
1208 p_attr->p_value->uuid.uu.uuid16 = p_service->uu.uuid16;
1210 else if (p_service->len == LEN_UUID_32)
1212 p_attr->p_value->uuid.len = LEN_UUID_128;
1213 gatt_convert_uuid32_to_uuid128(p_attr->p_value->uuid.uu.uuid128, p_service->uu.uuid32);
1217 p_attr->p_value->uuid.len = LEN_UUID_128;
1218 memcpy(p_attr->p_value->uuid.uu.uuid128, p_service->uu.uuid128, LEN_UUID_128);
1227 #endif /* BLE_INCLUDED */