Loading system/stack/gatt/gatt_db.cc +16 −24 Original line number Diff line number Diff line Loading @@ -98,27 +98,24 @@ static tGATT_STATUS gatts_check_attr_readability(const tGATT_ATTR& attr, return GATT_READ_NOT_PERMIT; } if ((perm & GATT_READ_AUTH_REQUIRED) && !(sec_flag & GATT_SEC_FLAG_LKEY_UNAUTHED) && !(sec_flag & BTM_SEC_FLAG_ENCRYPTED)) { if ((perm & GATT_READ_AUTH_REQUIRED) && !sec_flag.is_link_key_known && !sec_flag.is_encrypted) { LOG(ERROR) << __func__ << ": GATT_INSUF_AUTHENTICATION"; return GATT_INSUF_AUTHENTICATION; } if ((perm & GATT_READ_MITM_REQUIRED) && !(sec_flag & GATT_SEC_FLAG_LKEY_AUTHED)) { if ((perm & GATT_READ_MITM_REQUIRED) && !sec_flag.is_link_key_authed) { LOG(ERROR) << __func__ << ": GATT_INSUF_AUTHENTICATION: MITM Required"; return GATT_INSUF_AUTHENTICATION; } if ((perm & GATT_READ_ENCRYPTED_REQUIRED) && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED)) { if ((perm & GATT_READ_ENCRYPTED_REQUIRED) && !sec_flag.is_encrypted) { LOG(ERROR) << __func__ << ": GATT_INSUF_ENCRYPTION"; return GATT_INSUF_ENCRYPTION; } if ((perm & GATT_READ_ENCRYPTED_REQUIRED) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED) && (key_size < min_key_size)) { if ((perm & GATT_READ_ENCRYPTED_REQUIRED) && sec_flag.is_encrypted && (key_size < min_key_size)) { LOG(ERROR) << __func__ << ": GATT_INSUF_KEY_SIZE"; return GATT_INSUF_KEY_SIZE; } Loading Loading @@ -169,8 +166,8 @@ static tGATT_STATUS read_attr_value(tGATT_ATTR& attr16, uint16_t offset, uint8_t* p = *p_data; VLOG(1) << __func__ << " uuid=" << attr16.uuid << StringPrintf(" perm=0x%02x sec_flag=0x%x offset=%d read_long=%d", attr16.permission, sec_flag, offset, read_long); << StringPrintf(" perm=0x%02x offset=%d read_long=%d", attr16.permission, offset, read_long); tGATT_STATUS status = gatts_check_attr_readability(attr16, offset, read_long, sec_flag, key_size); Loading Loading @@ -539,9 +536,9 @@ tGATT_STATUS gatts_write_attr_perm_check(tGATT_SVC_DB* p_db, uint8_t op_code, tGATT_SEC_FLAG sec_flag, uint8_t key_size) { VLOG(1) << StringPrintf( "%s: op_code=0x%0x handle=0x%04x offset=%d len=%d sec_flag=0x%0x " "%s: op_code=0x%0x handle=0x%04x offset=%d len=%d " "key_size=%d", __func__, op_code, handle, offset, len, sec_flag, key_size); __func__, op_code, handle, offset, len, key_size); tGATT_ATTR* p_attr = find_attr_by_handle(p_db, handle); if (!p_attr) return GATT_NOT_FOUND; Loading Loading @@ -578,8 +575,7 @@ tGATT_STATUS gatts_write_attr_perm_check(tGATT_SVC_DB* p_db, uint8_t op_code, status = GATT_WRITE_NOT_PERMIT; VLOG(1) << __func__ << ": sign cmd write not allowed"; } if ((op_code == GATT_SIGN_CMD_WRITE) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED)) { if ((op_code == GATT_SIGN_CMD_WRITE) && sec_flag.is_encrypted) { status = GATT_INVALID_PDU; LOG(ERROR) << __func__ << ": Error!! sign cmd write sent on a encypted link"; Loading @@ -588,28 +584,24 @@ tGATT_STATUS gatts_write_attr_perm_check(tGATT_SVC_DB* p_db, uint8_t op_code, LOG(ERROR) << __func__ << ": GATT_WRITE_NOT_PERMIT"; } /* require authentication, but not been authenticated */ else if ((perm & GATT_WRITE_AUTH_REQUIRED) && !(sec_flag & GATT_SEC_FLAG_LKEY_UNAUTHED)) { else if ((perm & GATT_WRITE_AUTH_REQUIRED) && !sec_flag.is_link_key_known) { status = GATT_INSUF_AUTHENTICATION; LOG(ERROR) << __func__ << ": GATT_INSUF_AUTHENTICATION"; } else if ((perm & GATT_WRITE_MITM_REQUIRED) && !(sec_flag & GATT_SEC_FLAG_LKEY_AUTHED)) { !sec_flag.is_link_key_authed) { status = GATT_INSUF_AUTHENTICATION; LOG(ERROR) << __func__ << ": GATT_INSUF_AUTHENTICATION: MITM required"; } else if ((perm & GATT_WRITE_ENCRYPTED_PERM) && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED)) { } else if ((perm & GATT_WRITE_ENCRYPTED_PERM) && !sec_flag.is_encrypted) { status = GATT_INSUF_ENCRYPTION; LOG(ERROR) << __func__ << ": GATT_INSUF_ENCRYPTION"; } else if ((perm & GATT_WRITE_ENCRYPTED_PERM) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED) && } else if ((perm & GATT_WRITE_ENCRYPTED_PERM) && sec_flag.is_encrypted && (key_size < min_key_size)) { status = GATT_INSUF_KEY_SIZE; LOG(ERROR) << __func__ << ": GATT_INSUF_KEY_SIZE"; } /* LE security mode 2 attribute */ else if (perm & GATT_WRITE_SIGNED_PERM && op_code != GATT_SIGN_CMD_WRITE && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED) && (perm & GATT_WRITE_ALLOWED) == 0) { !sec_flag.is_encrypted && (perm & GATT_WRITE_ALLOWED) == 0) { status = GATT_INSUF_AUTHENTICATION; LOG(ERROR) << __func__ << ": GATT_INSUF_AUTHENTICATION: LE security mode 2 required"; Loading system/stack/gatt/gatt_int.h +7 −5 Original line number Diff line number Diff line Loading @@ -84,10 +84,11 @@ inline std::string gatt_security_action_text(const tGATT_SEC_ACTION& action) { #define GATT_WAIT_FOR_DISC_RSP_TIMEOUT_MS (5 * 1000) #define GATT_REQ_RETRY_LIMIT 2 #define GATT_SEC_FLAG_LKEY_UNAUTHED BTM_SEC_FLAG_LKEY_KNOWN #define GATT_SEC_FLAG_LKEY_AUTHED BTM_SEC_FLAG_LKEY_AUTHED #define GATT_SEC_FLAG_ENCRYPTED BTM_SEC_FLAG_ENCRYPTED typedef uint8_t tGATT_SEC_FLAG; typedef struct { bool is_link_key_known; bool is_link_key_authed; bool is_encrypted; } tGATT_SEC_FLAG; /* Find Information Response Type */ Loading Loading @@ -492,7 +493,8 @@ extern uint8_t gatt_build_uuid_to_stream_len(const bluetooth::Uuid& uuid); extern uint8_t gatt_build_uuid_to_stream(uint8_t** p_dst, const bluetooth::Uuid& uuid); extern void gatt_sr_get_sec_info(const RawAddress& rem_bda, tBT_TRANSPORT transport, uint8_t* p_sec_flag, tBT_TRANSPORT transport, tGATT_SEC_FLAG* p_sec_flag, uint8_t* p_key_size); extern void gatt_start_rsp_timer(tGATT_CLCB* p_clcb); extern void gatt_stop_rsp_timer(tGATT_CLCB* p_clcb); Loading system/stack/gatt/gatt_sr.cc +8 −4 Original line number Diff line number Diff line Loading @@ -405,7 +405,8 @@ void gatt_process_read_multi_req(tGATT_TCB& tcb, uint16_t cid, uint8_t op_code, uint16_t handle = 0, ll = len; uint8_t* p = p_data; tGATT_STATUS err = GATT_SUCCESS; uint8_t sec_flag, key_size; tGATT_SEC_FLAG sec_flag; uint8_t key_size; VLOG(1) << __func__; Loading Loading @@ -888,7 +889,8 @@ static void gatts_process_read_by_type_req(tGATT_TCB& tcb, uint16_t cid, reason = GATT_NOT_FOUND; for (tGATT_SRV_LIST_ELEM& el : *gatt_cb.srv_list_info) { if (el.s_hdl <= e_hdl && el.e_hdl >= s_hdl) { uint8_t sec_flag, key_size; tGATT_SEC_FLAG sec_flag; uint8_t key_size; gatt_sr_get_sec_info(tcb.peer_bda, tcb.transport, &sec_flag, &key_size); tGATT_STATUS ret = gatts_db_read_attr_value_by_type( Loading Loading @@ -933,7 +935,8 @@ static void gatts_process_write_req(tGATT_TCB& tcb, uint16_t cid, tGATTS_DATA sr_data; uint32_t trans_id; tGATT_STATUS status; uint8_t sec_flag, key_size, *p = p_data; tGATT_SEC_FLAG sec_flag; uint8_t key_size, *p = p_data; uint16_t conn_id; memset(&sr_data, 0, sizeof(tGATTS_DATA)); Loading Loading @@ -1042,7 +1045,8 @@ static void gatts_process_read_req(tGATT_TCB& tcb, uint16_t cid, p_msg->len = 1; buf_len = payload_size - 1; uint8_t sec_flag, key_size; tGATT_SEC_FLAG sec_flag; uint8_t key_size; gatt_sr_get_sec_info(tcb.peer_bda, tcb.transport, &sec_flag, &key_size); uint16_t value_len = 0; Loading system/stack/gatt/gatt_utils.cc +6 −8 Original line number Diff line number Diff line Loading @@ -753,16 +753,14 @@ std::list<tGATT_SRV_LIST_ELEM>::iterator gatt_sr_find_i_rcb_by_handle( * ******************************************************************************/ void gatt_sr_get_sec_info(const RawAddress& rem_bda, tBT_TRANSPORT transport, uint8_t* p_sec_flag, uint8_t* p_key_size) { uint8_t sec_flag = 0; BTM_GetSecurityFlagsByTransport(rem_bda, &sec_flag, transport); sec_flag &= (GATT_SEC_FLAG_LKEY_UNAUTHED | GATT_SEC_FLAG_LKEY_AUTHED | GATT_SEC_FLAG_ENCRYPTED); tGATT_SEC_FLAG* p_sec_flag, uint8_t* p_key_size) { tGATT_SEC_FLAG flags = {}; flags.is_link_key_known = BTM_IsLinkKeyKnown(rem_bda, transport); flags.is_link_key_authed = BTM_IsLinkKeyAuthed(rem_bda, transport); flags.is_encrypted = BTM_IsEncrypted(rem_bda, transport); *p_key_size = btm_ble_read_sec_key_size(rem_bda); *p_sec_flag = sec_flag; *p_sec_flag = flags; } /******************************************************************************* * Loading Loading
system/stack/gatt/gatt_db.cc +16 −24 Original line number Diff line number Diff line Loading @@ -98,27 +98,24 @@ static tGATT_STATUS gatts_check_attr_readability(const tGATT_ATTR& attr, return GATT_READ_NOT_PERMIT; } if ((perm & GATT_READ_AUTH_REQUIRED) && !(sec_flag & GATT_SEC_FLAG_LKEY_UNAUTHED) && !(sec_flag & BTM_SEC_FLAG_ENCRYPTED)) { if ((perm & GATT_READ_AUTH_REQUIRED) && !sec_flag.is_link_key_known && !sec_flag.is_encrypted) { LOG(ERROR) << __func__ << ": GATT_INSUF_AUTHENTICATION"; return GATT_INSUF_AUTHENTICATION; } if ((perm & GATT_READ_MITM_REQUIRED) && !(sec_flag & GATT_SEC_FLAG_LKEY_AUTHED)) { if ((perm & GATT_READ_MITM_REQUIRED) && !sec_flag.is_link_key_authed) { LOG(ERROR) << __func__ << ": GATT_INSUF_AUTHENTICATION: MITM Required"; return GATT_INSUF_AUTHENTICATION; } if ((perm & GATT_READ_ENCRYPTED_REQUIRED) && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED)) { if ((perm & GATT_READ_ENCRYPTED_REQUIRED) && !sec_flag.is_encrypted) { LOG(ERROR) << __func__ << ": GATT_INSUF_ENCRYPTION"; return GATT_INSUF_ENCRYPTION; } if ((perm & GATT_READ_ENCRYPTED_REQUIRED) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED) && (key_size < min_key_size)) { if ((perm & GATT_READ_ENCRYPTED_REQUIRED) && sec_flag.is_encrypted && (key_size < min_key_size)) { LOG(ERROR) << __func__ << ": GATT_INSUF_KEY_SIZE"; return GATT_INSUF_KEY_SIZE; } Loading Loading @@ -169,8 +166,8 @@ static tGATT_STATUS read_attr_value(tGATT_ATTR& attr16, uint16_t offset, uint8_t* p = *p_data; VLOG(1) << __func__ << " uuid=" << attr16.uuid << StringPrintf(" perm=0x%02x sec_flag=0x%x offset=%d read_long=%d", attr16.permission, sec_flag, offset, read_long); << StringPrintf(" perm=0x%02x offset=%d read_long=%d", attr16.permission, offset, read_long); tGATT_STATUS status = gatts_check_attr_readability(attr16, offset, read_long, sec_flag, key_size); Loading Loading @@ -539,9 +536,9 @@ tGATT_STATUS gatts_write_attr_perm_check(tGATT_SVC_DB* p_db, uint8_t op_code, tGATT_SEC_FLAG sec_flag, uint8_t key_size) { VLOG(1) << StringPrintf( "%s: op_code=0x%0x handle=0x%04x offset=%d len=%d sec_flag=0x%0x " "%s: op_code=0x%0x handle=0x%04x offset=%d len=%d " "key_size=%d", __func__, op_code, handle, offset, len, sec_flag, key_size); __func__, op_code, handle, offset, len, key_size); tGATT_ATTR* p_attr = find_attr_by_handle(p_db, handle); if (!p_attr) return GATT_NOT_FOUND; Loading Loading @@ -578,8 +575,7 @@ tGATT_STATUS gatts_write_attr_perm_check(tGATT_SVC_DB* p_db, uint8_t op_code, status = GATT_WRITE_NOT_PERMIT; VLOG(1) << __func__ << ": sign cmd write not allowed"; } if ((op_code == GATT_SIGN_CMD_WRITE) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED)) { if ((op_code == GATT_SIGN_CMD_WRITE) && sec_flag.is_encrypted) { status = GATT_INVALID_PDU; LOG(ERROR) << __func__ << ": Error!! sign cmd write sent on a encypted link"; Loading @@ -588,28 +584,24 @@ tGATT_STATUS gatts_write_attr_perm_check(tGATT_SVC_DB* p_db, uint8_t op_code, LOG(ERROR) << __func__ << ": GATT_WRITE_NOT_PERMIT"; } /* require authentication, but not been authenticated */ else if ((perm & GATT_WRITE_AUTH_REQUIRED) && !(sec_flag & GATT_SEC_FLAG_LKEY_UNAUTHED)) { else if ((perm & GATT_WRITE_AUTH_REQUIRED) && !sec_flag.is_link_key_known) { status = GATT_INSUF_AUTHENTICATION; LOG(ERROR) << __func__ << ": GATT_INSUF_AUTHENTICATION"; } else if ((perm & GATT_WRITE_MITM_REQUIRED) && !(sec_flag & GATT_SEC_FLAG_LKEY_AUTHED)) { !sec_flag.is_link_key_authed) { status = GATT_INSUF_AUTHENTICATION; LOG(ERROR) << __func__ << ": GATT_INSUF_AUTHENTICATION: MITM required"; } else if ((perm & GATT_WRITE_ENCRYPTED_PERM) && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED)) { } else if ((perm & GATT_WRITE_ENCRYPTED_PERM) && !sec_flag.is_encrypted) { status = GATT_INSUF_ENCRYPTION; LOG(ERROR) << __func__ << ": GATT_INSUF_ENCRYPTION"; } else if ((perm & GATT_WRITE_ENCRYPTED_PERM) && (sec_flag & GATT_SEC_FLAG_ENCRYPTED) && } else if ((perm & GATT_WRITE_ENCRYPTED_PERM) && sec_flag.is_encrypted && (key_size < min_key_size)) { status = GATT_INSUF_KEY_SIZE; LOG(ERROR) << __func__ << ": GATT_INSUF_KEY_SIZE"; } /* LE security mode 2 attribute */ else if (perm & GATT_WRITE_SIGNED_PERM && op_code != GATT_SIGN_CMD_WRITE && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED) && (perm & GATT_WRITE_ALLOWED) == 0) { !sec_flag.is_encrypted && (perm & GATT_WRITE_ALLOWED) == 0) { status = GATT_INSUF_AUTHENTICATION; LOG(ERROR) << __func__ << ": GATT_INSUF_AUTHENTICATION: LE security mode 2 required"; Loading
system/stack/gatt/gatt_int.h +7 −5 Original line number Diff line number Diff line Loading @@ -84,10 +84,11 @@ inline std::string gatt_security_action_text(const tGATT_SEC_ACTION& action) { #define GATT_WAIT_FOR_DISC_RSP_TIMEOUT_MS (5 * 1000) #define GATT_REQ_RETRY_LIMIT 2 #define GATT_SEC_FLAG_LKEY_UNAUTHED BTM_SEC_FLAG_LKEY_KNOWN #define GATT_SEC_FLAG_LKEY_AUTHED BTM_SEC_FLAG_LKEY_AUTHED #define GATT_SEC_FLAG_ENCRYPTED BTM_SEC_FLAG_ENCRYPTED typedef uint8_t tGATT_SEC_FLAG; typedef struct { bool is_link_key_known; bool is_link_key_authed; bool is_encrypted; } tGATT_SEC_FLAG; /* Find Information Response Type */ Loading Loading @@ -492,7 +493,8 @@ extern uint8_t gatt_build_uuid_to_stream_len(const bluetooth::Uuid& uuid); extern uint8_t gatt_build_uuid_to_stream(uint8_t** p_dst, const bluetooth::Uuid& uuid); extern void gatt_sr_get_sec_info(const RawAddress& rem_bda, tBT_TRANSPORT transport, uint8_t* p_sec_flag, tBT_TRANSPORT transport, tGATT_SEC_FLAG* p_sec_flag, uint8_t* p_key_size); extern void gatt_start_rsp_timer(tGATT_CLCB* p_clcb); extern void gatt_stop_rsp_timer(tGATT_CLCB* p_clcb); Loading
system/stack/gatt/gatt_sr.cc +8 −4 Original line number Diff line number Diff line Loading @@ -405,7 +405,8 @@ void gatt_process_read_multi_req(tGATT_TCB& tcb, uint16_t cid, uint8_t op_code, uint16_t handle = 0, ll = len; uint8_t* p = p_data; tGATT_STATUS err = GATT_SUCCESS; uint8_t sec_flag, key_size; tGATT_SEC_FLAG sec_flag; uint8_t key_size; VLOG(1) << __func__; Loading Loading @@ -888,7 +889,8 @@ static void gatts_process_read_by_type_req(tGATT_TCB& tcb, uint16_t cid, reason = GATT_NOT_FOUND; for (tGATT_SRV_LIST_ELEM& el : *gatt_cb.srv_list_info) { if (el.s_hdl <= e_hdl && el.e_hdl >= s_hdl) { uint8_t sec_flag, key_size; tGATT_SEC_FLAG sec_flag; uint8_t key_size; gatt_sr_get_sec_info(tcb.peer_bda, tcb.transport, &sec_flag, &key_size); tGATT_STATUS ret = gatts_db_read_attr_value_by_type( Loading Loading @@ -933,7 +935,8 @@ static void gatts_process_write_req(tGATT_TCB& tcb, uint16_t cid, tGATTS_DATA sr_data; uint32_t trans_id; tGATT_STATUS status; uint8_t sec_flag, key_size, *p = p_data; tGATT_SEC_FLAG sec_flag; uint8_t key_size, *p = p_data; uint16_t conn_id; memset(&sr_data, 0, sizeof(tGATTS_DATA)); Loading Loading @@ -1042,7 +1045,8 @@ static void gatts_process_read_req(tGATT_TCB& tcb, uint16_t cid, p_msg->len = 1; buf_len = payload_size - 1; uint8_t sec_flag, key_size; tGATT_SEC_FLAG sec_flag; uint8_t key_size; gatt_sr_get_sec_info(tcb.peer_bda, tcb.transport, &sec_flag, &key_size); uint16_t value_len = 0; Loading
system/stack/gatt/gatt_utils.cc +6 −8 Original line number Diff line number Diff line Loading @@ -753,16 +753,14 @@ std::list<tGATT_SRV_LIST_ELEM>::iterator gatt_sr_find_i_rcb_by_handle( * ******************************************************************************/ void gatt_sr_get_sec_info(const RawAddress& rem_bda, tBT_TRANSPORT transport, uint8_t* p_sec_flag, uint8_t* p_key_size) { uint8_t sec_flag = 0; BTM_GetSecurityFlagsByTransport(rem_bda, &sec_flag, transport); sec_flag &= (GATT_SEC_FLAG_LKEY_UNAUTHED | GATT_SEC_FLAG_LKEY_AUTHED | GATT_SEC_FLAG_ENCRYPTED); tGATT_SEC_FLAG* p_sec_flag, uint8_t* p_key_size) { tGATT_SEC_FLAG flags = {}; flags.is_link_key_known = BTM_IsLinkKeyKnown(rem_bda, transport); flags.is_link_key_authed = BTM_IsLinkKeyAuthed(rem_bda, transport); flags.is_encrypted = BTM_IsEncrypted(rem_bda, transport); *p_key_size = btm_ble_read_sec_key_size(rem_bda); *p_sec_flag = sec_flag; *p_sec_flag = flags; } /******************************************************************************* * Loading
