Loading system/stack/gatt/att_protocol.cc +97 −118 Original line number Diff line number Diff line Loading @@ -320,14 +320,13 @@ BT_HDR* attp_build_value_cmd(uint16_t payload_size, uint8_t op_code, * Description Send message to L2CAP. * ******************************************************************************/ tGATT_STATUS attp_send_msg_to_l2cap(tGATT_TCB* p_tcb, BT_HDR* p_toL2CAP) { tGATT_STATUS attp_send_msg_to_l2cap(tGATT_TCB& tcb, BT_HDR* p_toL2CAP) { uint16_t l2cap_ret; if (p_tcb->att_lcid == L2CAP_ATT_CID) l2cap_ret = L2CA_SendFixedChnlData(L2CAP_ATT_CID, p_tcb->peer_bda, p_toL2CAP); if (tcb.att_lcid == L2CAP_ATT_CID) l2cap_ret = L2CA_SendFixedChnlData(L2CAP_ATT_CID, tcb.peer_bda, p_toL2CAP); else l2cap_ret = (uint16_t)L2CA_DataWrite(p_tcb->att_lcid, p_toL2CAP); l2cap_ret = (uint16_t)L2CA_DataWrite(tcb.att_lcid, p_toL2CAP); if (l2cap_ret == L2CAP_DW_FAILED) { GATT_TRACE_ERROR("ATT failed to pass msg:0x%0x to L2CAP", Loading @@ -347,7 +346,7 @@ tGATT_STATUS attp_send_msg_to_l2cap(tGATT_TCB* p_tcb, BT_HDR* p_toL2CAP) { * Description Build ATT Server PDUs. * ******************************************************************************/ BT_HDR* attp_build_sr_msg(tGATT_TCB* p_tcb, uint8_t op_code, BT_HDR* attp_build_sr_msg(tGATT_TCB& tcb, uint8_t op_code, tGATT_SR_MSG* p_msg) { BT_HDR* p_cmd = NULL; uint16_t offset = 0; Loading @@ -367,7 +366,7 @@ BT_HDR* attp_build_sr_msg(tGATT_TCB* p_tcb, uint8_t op_code, case GATT_HANDLE_VALUE_NOTIF: case GATT_HANDLE_VALUE_IND: p_cmd = attp_build_value_cmd( p_tcb->payload_size, op_code, p_msg->attr_value.handle, offset, tcb.payload_size, op_code, p_msg->attr_value.handle, offset, p_msg->attr_value.len, p_msg->attr_value.value); break; Loading Loading @@ -412,16 +411,11 @@ BT_HDR* attp_build_sr_msg(tGATT_TCB* p_tcb, uint8_t op_code, * * ******************************************************************************/ tGATT_STATUS attp_send_sr_msg(tGATT_TCB* p_tcb, BT_HDR* p_msg) { tGATT_STATUS cmd_sent = GATT_NO_RESOURCES; tGATT_STATUS attp_send_sr_msg(tGATT_TCB& tcb, BT_HDR* p_msg) { if (p_msg == NULL) return GATT_NO_RESOURCES; if (p_tcb != NULL) { if (p_msg != NULL) { p_msg->offset = L2CAP_MIN_OFFSET; cmd_sent = attp_send_msg_to_l2cap(p_tcb, p_msg); } } return cmd_sent; return attp_send_msg_to_l2cap(tcb, p_msg); } /******************************************************************************* Loading @@ -436,34 +430,30 @@ tGATT_STATUS attp_send_sr_msg(tGATT_TCB* p_tcb, BT_HDR* p_msg) { * GATT_ERROR if command sending failure * ******************************************************************************/ tGATT_STATUS attp_cl_send_cmd(tGATT_TCB* p_tcb, uint16_t clcb_idx, tGATT_STATUS attp_cl_send_cmd(tGATT_TCB& tcb, uint16_t clcb_idx, uint8_t cmd_code, BT_HDR* p_cmd) { tGATT_STATUS att_ret = GATT_SUCCESS; if (p_tcb != NULL) { cmd_code &= ~GATT_AUTH_SIGN_MASK; if (tcb.pending_cl_req != tcb.next_slot_inq && cmd_code != GATT_HANDLE_VALUE_CONF) { gatt_cmd_enq(tcb, clcb_idx, true, cmd_code, p_cmd); return GATT_CMD_STARTED; } /* no pending request or value confirmation */ if (p_tcb->pending_cl_req == p_tcb->next_slot_inq || cmd_code == GATT_HANDLE_VALUE_CONF) { att_ret = attp_send_msg_to_l2cap(p_tcb, p_cmd); if (att_ret == GATT_CONGESTED || att_ret == GATT_SUCCESS) { tGATT_STATUS att_ret = attp_send_msg_to_l2cap(tcb, p_cmd); if (att_ret != GATT_CONGESTED && att_ret != GATT_SUCCESS) { return GATT_INTERNAL_ERROR; } /* do not enq cmd if handle value confirmation or set request */ if (cmd_code != GATT_HANDLE_VALUE_CONF && cmd_code != GATT_CMD_WRITE) { gatt_start_rsp_timer(clcb_idx); gatt_cmd_enq(p_tcb, clcb_idx, false, cmd_code, NULL); } } else att_ret = GATT_INTERNAL_ERROR; } else { att_ret = GATT_CMD_STARTED; gatt_cmd_enq(p_tcb, clcb_idx, true, cmd_code, p_cmd); gatt_cmd_enq(tcb, clcb_idx, false, cmd_code, NULL); } } else att_ret = GATT_ERROR; return att_ret; } /******************************************************************************* * * Function attp_send_cl_msg Loading @@ -480,46 +470,40 @@ tGATT_STATUS attp_cl_send_cmd(tGATT_TCB* p_tcb, uint16_t clcb_idx, * * ******************************************************************************/ tGATT_STATUS attp_send_cl_msg(tGATT_TCB* p_tcb, uint16_t clcb_idx, tGATT_STATUS attp_send_cl_msg(tGATT_TCB& tcb, uint16_t clcb_idx, uint8_t op_code, tGATT_CL_MSG* p_msg) { tGATT_STATUS status = GATT_NO_RESOURCES; BT_HDR* p_cmd = NULL; uint16_t offset = 0, handle; if (p_tcb != NULL) { switch (op_code) { case GATT_REQ_MTU: if (p_msg->mtu <= GATT_MAX_MTU_SIZE) { p_tcb->payload_size = p_msg->mtu; if (p_msg->mtu > GATT_MAX_MTU_SIZE) return GATT_ILLEGAL_PARAMETER; tcb.payload_size = p_msg->mtu; p_cmd = attp_build_mtu_cmd(GATT_REQ_MTU, p_msg->mtu); } else status = GATT_ILLEGAL_PARAMETER; break; case GATT_REQ_FIND_INFO: case GATT_REQ_READ_BY_TYPE: case GATT_REQ_READ_BY_GRP_TYPE: if (GATT_HANDLE_IS_VALID(p_msg->browse.s_handle) && GATT_HANDLE_IS_VALID(p_msg->browse.e_handle) && p_msg->browse.s_handle <= p_msg->browse.e_handle) { p_cmd = attp_build_browse_cmd(op_code, p_msg->browse.s_handle, if (!GATT_HANDLE_IS_VALID(p_msg->browse.s_handle) || !GATT_HANDLE_IS_VALID(p_msg->browse.e_handle) || p_msg->browse.s_handle > p_msg->browse.e_handle) return GATT_ILLEGAL_PARAMETER; p_cmd = attp_build_browse_cmd(op_code, p_msg->browse.s_handle, p_msg->browse.e_handle, p_msg->browse.uuid); } else status = GATT_ILLEGAL_PARAMETER; break; case GATT_REQ_READ_BLOB: offset = p_msg->read_blob.offset; /* fall through */ case GATT_REQ_READ: handle = (op_code == GATT_REQ_READ) ? p_msg->handle : p_msg->read_blob.handle; handle = (op_code == GATT_REQ_READ) ? p_msg->handle : p_msg->read_blob.handle; /* handle checking */ if (GATT_HANDLE_IS_VALID(handle)) { if (!GATT_HANDLE_IS_VALID(handle)) return GATT_ILLEGAL_PARAMETER; p_cmd = attp_build_handle_cmd(op_code, handle, offset); } else status = GATT_ILLEGAL_PARAMETER; break; case GATT_HANDLE_VALUE_CONF: Loading @@ -532,12 +516,12 @@ tGATT_STATUS attp_send_cl_msg(tGATT_TCB* p_tcb, uint16_t clcb_idx, case GATT_REQ_WRITE: case GATT_CMD_WRITE: case GATT_SIGN_CMD_WRITE: if (GATT_HANDLE_IS_VALID(p_msg->attr_value.handle)) { if (!GATT_HANDLE_IS_VALID(p_msg->attr_value.handle)) return GATT_ILLEGAL_PARAMETER; p_cmd = attp_build_value_cmd( p_tcb->payload_size, op_code, p_msg->attr_value.handle, offset, tcb.payload_size, op_code, p_msg->attr_value.handle, offset, p_msg->attr_value.len, p_msg->attr_value.value); } else status = GATT_ILLEGAL_PARAMETER; break; case GATT_REQ_EXEC_WRITE: Loading @@ -545,12 +529,12 @@ tGATT_STATUS attp_send_cl_msg(tGATT_TCB* p_tcb, uint16_t clcb_idx, break; case GATT_REQ_FIND_TYPE_VALUE: p_cmd = attp_build_read_by_type_value_cmd(p_tcb->payload_size, p_cmd = attp_build_read_by_type_value_cmd(tcb.payload_size, &p_msg->find_type_value); break; case GATT_REQ_READ_MULTI: p_cmd = attp_build_read_multi_cmd(p_tcb->payload_size, p_cmd = attp_build_read_multi_cmd(tcb.payload_size, p_msg->read_multi.num_handles, p_msg->read_multi.handles); break; Loading @@ -559,12 +543,7 @@ tGATT_STATUS attp_send_cl_msg(tGATT_TCB* p_tcb, uint16_t clcb_idx, break; } if (p_cmd != NULL) status = attp_cl_send_cmd(p_tcb, clcb_idx, op_code, p_cmd); } else { GATT_TRACE_ERROR("Peer device not connected"); } if (p_cmd == NULL) return GATT_NO_RESOURCES; return status; return attp_cl_send_cmd(tcb, clcb_idx, op_code, p_cmd); } system/stack/gatt/gatt_api.cc +38 −42 Original line number Diff line number Diff line Loading @@ -522,10 +522,10 @@ tGATT_STATUS GATTS_HandleValueIndication(uint16_t conn_id, uint16_t attr_handle, cmd_status = GATT_NO_RESOURCES; } } else { p_msg = attp_build_sr_msg(p_tcb, GATT_HANDLE_VALUE_IND, p_msg = attp_build_sr_msg(*p_tcb, GATT_HANDLE_VALUE_IND, (tGATT_SR_MSG*)&indication); if (p_msg != NULL) { cmd_status = attp_send_sr_msg(p_tcb, p_msg); cmd_status = attp_send_sr_msg(*p_tcb, p_msg); if (cmd_status == GATT_SUCCESS || cmd_status == GATT_CONGESTED) { p_tcb->indicate_handle = indication.handle; Loading Loading @@ -554,8 +554,6 @@ tGATT_STATUS GATTS_HandleValueIndication(uint16_t conn_id, uint16_t attr_handle, tGATT_STATUS GATTS_HandleValueNotification(uint16_t conn_id, uint16_t attr_handle, uint16_t val_len, uint8_t* p_val) { tGATT_STATUS cmd_sent = GATT_ILLEGAL_PARAMETER; BT_HDR* p_buf; tGATT_VALUE notif; tGATT_IF gatt_if = GATT_GET_GATT_IF(conn_id); uint8_t tcb_idx = GATT_GET_TCB_IDX(conn_id); Loading @@ -570,20 +568,22 @@ tGATT_STATUS GATTS_HandleValueNotification(uint16_t conn_id, return (tGATT_STATUS)GATT_INVALID_CONN_ID; } if (GATT_HANDLE_IS_VALID(attr_handle)) { if (!GATT_HANDLE_IS_VALID(attr_handle)) { return GATT_ILLEGAL_PARAMETER; } notif.handle = attr_handle; notif.len = val_len; memcpy(notif.value, p_val, val_len); notif.auth_req = GATT_AUTH_REQ_NONE; ; p_buf = attp_build_sr_msg(p_tcb, GATT_HANDLE_VALUE_NOTIF, (tGATT_SR_MSG*)¬if); tGATT_STATUS cmd_sent; BT_HDR* p_buf = attp_build_sr_msg(*p_tcb, GATT_HANDLE_VALUE_NOTIF, (tGATT_SR_MSG*)¬if); if (p_buf != NULL) { cmd_sent = attp_send_sr_msg(p_tcb, p_buf); cmd_sent = attp_send_sr_msg(*p_tcb, p_buf); } else cmd_sent = GATT_NO_RESOURCES; } return cmd_sent; } Loading Loading @@ -624,7 +624,7 @@ tGATT_STATUS GATTS_SendRsp(uint16_t conn_id, uint32_t trans_id, return (GATT_WRONG_STATE); } /* Process App response */ cmd_sent = gatt_sr_process_app_rsp(p_tcb, gatt_if, trans_id, cmd_sent = gatt_sr_process_app_rsp(*p_tcb, gatt_if, trans_id, p_tcb->sr_cmd.op_code, status, p_msg); return cmd_sent; Loading Loading @@ -683,7 +683,7 @@ tGATT_STATUS GATTC_ConfigureMTU(uint16_t conn_id, uint16_t mtu) { p_clcb->p_tcb->payload_size = mtu; p_clcb->operation = GATTC_OPTYPE_CONFIG; ret = attp_send_cl_msg(p_clcb->p_tcb, p_clcb->clcb_idx, GATT_REQ_MTU, ret = attp_send_cl_msg(*p_clcb->p_tcb, p_clcb->clcb_idx, GATT_REQ_MTU, (tGATT_CL_MSG*)&mtu); } Loading Loading @@ -1016,7 +1016,7 @@ tGATT_STATUS GATTC_ExecuteWrite(uint16_t conn_id, bool is_execute) { if (p_clcb != NULL) { p_clcb->operation = GATTC_OPTYPE_EXE_WRITE; flag = is_execute ? GATT_PREP_WRITE_EXEC : GATT_PREP_WRITE_CANCEL; gatt_send_queue_write_cancel(p_clcb->p_tcb, p_clcb, flag); gatt_send_queue_write_cancel(*p_clcb->p_tcb, p_clcb, flag); } else { GATT_TRACE_ERROR("Unable to allocate client CB for conn_id %d ", conn_id); status = GATT_NO_RESOURCES; Loading @@ -1038,34 +1038,30 @@ tGATT_STATUS GATTC_ExecuteWrite(uint16_t conn_id, bool is_execute) { * ******************************************************************************/ tGATT_STATUS GATTC_SendHandleValueConfirm(uint16_t conn_id, uint16_t handle) { tGATT_STATUS ret = GATT_ILLEGAL_PARAMETER; GATT_TRACE_API("%s conn_id=%d handle=0x%x", __func__, conn_id, handle); tGATT_TCB* p_tcb = gatt_get_tcb_by_idx(GATT_GET_TCB_IDX(conn_id)); if (!p_tcb) { GATT_TRACE_ERROR("%s - Unknown conn_id: %u", __func__, conn_id); return GATT_ILLEGAL_PARAMETER; } GATT_TRACE_API("GATTC_SendHandleValueConfirm conn_id=%d handle=0x%x", conn_id, handle); if (p_tcb->ind_count == 0) { GATT_TRACE_DEBUG( "%s - conn_id: %u - ignored not waiting for indicaiton ack", __func__, conn_id); return GATT_SUCCESS; } if (p_tcb) { if (p_tcb->ind_count > 0) { alarm_cancel(p_tcb->ind_ack_timer); GATT_TRACE_DEBUG("notif_count=%d ", p_tcb->ind_count); /* send confirmation now */ ret = attp_send_cl_msg(p_tcb, 0, GATT_HANDLE_VALUE_CONF, tGATT_STATUS ret = attp_send_cl_msg(*p_tcb, 0, GATT_HANDLE_VALUE_CONF, (tGATT_CL_MSG*)&handle); p_tcb->ind_count = 0; } else { GATT_TRACE_DEBUG( "GATTC_SendHandleValueConfirm - conn_id: %u - ignored not waiting " "for indicaiton ack", conn_id); ret = GATT_SUCCESS; } } else { GATT_TRACE_ERROR("GATTC_SendHandleValueConfirm - Unknown conn_id: %u", conn_id); } return ret; } Loading system/stack/gatt/gatt_auth.cc +8 −9 Original line number Diff line number Diff line Loading @@ -91,7 +91,7 @@ static bool gatt_sign_data(tGATT_CLCB* p_clcb) { * Returns * ******************************************************************************/ void gatt_verify_signature(tGATT_TCB* p_tcb, BT_HDR* p_buf) { void gatt_verify_signature(tGATT_TCB& tcb, BT_HDR* p_buf) { uint16_t cmd_len; uint8_t op_code; uint8_t *p, *p_orig = (uint8_t*)(p_buf + 1) + p_buf->offset; Loading @@ -106,16 +106,15 @@ void gatt_verify_signature(tGATT_TCB* p_tcb, BT_HDR* p_buf) { p = p_orig + cmd_len - 4; STREAM_TO_UINT32(counter, p); if (BTM_BleVerifySignature(p_tcb->peer_bda, p_orig, cmd_len, counter, p)) { STREAM_TO_UINT8(op_code, p_orig); gatt_server_handle_client_req(p_tcb, op_code, (uint16_t)(p_buf->len - 1), p_orig); } else { if (!BTM_BleVerifySignature(tcb.peer_bda, p_orig, cmd_len, counter, p)) { /* if this is a bad signature, assume from attacker, ignore it */ GATT_TRACE_ERROR("Signature Verification Failed, data ignored"); return; } return; STREAM_TO_UINT8(op_code, p_orig); gatt_server_handle_client_req(tcb, op_code, (uint16_t)(p_buf->len - 1), p_orig); } /******************************************************************************* * Loading Loading @@ -344,11 +343,11 @@ tGATT_SEC_ACTION gatt_determine_sec_act(tGATT_CLCB* p_clcb) { * Returns tGATT_STATUS link encryption status * ******************************************************************************/ tGATT_STATUS gatt_get_link_encrypt_status(tGATT_TCB* p_tcb) { tGATT_STATUS gatt_get_link_encrypt_status(tGATT_TCB& tcb) { tGATT_STATUS encrypt_status = GATT_NOT_ENCRYPTED; uint8_t sec_flag = 0; BTM_GetSecurityFlagsByTransport(p_tcb->peer_bda, &sec_flag, p_tcb->transport); BTM_GetSecurityFlagsByTransport(tcb.peer_bda, &sec_flag, tcb.transport); if ((sec_flag & BTM_SEC_FLAG_ENCRYPTED) && (sec_flag & BTM_SEC_FLAG_LKEY_KNOWN)) { Loading Loading
system/stack/gatt/att_protocol.cc +97 −118 Original line number Diff line number Diff line Loading @@ -320,14 +320,13 @@ BT_HDR* attp_build_value_cmd(uint16_t payload_size, uint8_t op_code, * Description Send message to L2CAP. * ******************************************************************************/ tGATT_STATUS attp_send_msg_to_l2cap(tGATT_TCB* p_tcb, BT_HDR* p_toL2CAP) { tGATT_STATUS attp_send_msg_to_l2cap(tGATT_TCB& tcb, BT_HDR* p_toL2CAP) { uint16_t l2cap_ret; if (p_tcb->att_lcid == L2CAP_ATT_CID) l2cap_ret = L2CA_SendFixedChnlData(L2CAP_ATT_CID, p_tcb->peer_bda, p_toL2CAP); if (tcb.att_lcid == L2CAP_ATT_CID) l2cap_ret = L2CA_SendFixedChnlData(L2CAP_ATT_CID, tcb.peer_bda, p_toL2CAP); else l2cap_ret = (uint16_t)L2CA_DataWrite(p_tcb->att_lcid, p_toL2CAP); l2cap_ret = (uint16_t)L2CA_DataWrite(tcb.att_lcid, p_toL2CAP); if (l2cap_ret == L2CAP_DW_FAILED) { GATT_TRACE_ERROR("ATT failed to pass msg:0x%0x to L2CAP", Loading @@ -347,7 +346,7 @@ tGATT_STATUS attp_send_msg_to_l2cap(tGATT_TCB* p_tcb, BT_HDR* p_toL2CAP) { * Description Build ATT Server PDUs. * ******************************************************************************/ BT_HDR* attp_build_sr_msg(tGATT_TCB* p_tcb, uint8_t op_code, BT_HDR* attp_build_sr_msg(tGATT_TCB& tcb, uint8_t op_code, tGATT_SR_MSG* p_msg) { BT_HDR* p_cmd = NULL; uint16_t offset = 0; Loading @@ -367,7 +366,7 @@ BT_HDR* attp_build_sr_msg(tGATT_TCB* p_tcb, uint8_t op_code, case GATT_HANDLE_VALUE_NOTIF: case GATT_HANDLE_VALUE_IND: p_cmd = attp_build_value_cmd( p_tcb->payload_size, op_code, p_msg->attr_value.handle, offset, tcb.payload_size, op_code, p_msg->attr_value.handle, offset, p_msg->attr_value.len, p_msg->attr_value.value); break; Loading Loading @@ -412,16 +411,11 @@ BT_HDR* attp_build_sr_msg(tGATT_TCB* p_tcb, uint8_t op_code, * * ******************************************************************************/ tGATT_STATUS attp_send_sr_msg(tGATT_TCB* p_tcb, BT_HDR* p_msg) { tGATT_STATUS cmd_sent = GATT_NO_RESOURCES; tGATT_STATUS attp_send_sr_msg(tGATT_TCB& tcb, BT_HDR* p_msg) { if (p_msg == NULL) return GATT_NO_RESOURCES; if (p_tcb != NULL) { if (p_msg != NULL) { p_msg->offset = L2CAP_MIN_OFFSET; cmd_sent = attp_send_msg_to_l2cap(p_tcb, p_msg); } } return cmd_sent; return attp_send_msg_to_l2cap(tcb, p_msg); } /******************************************************************************* Loading @@ -436,34 +430,30 @@ tGATT_STATUS attp_send_sr_msg(tGATT_TCB* p_tcb, BT_HDR* p_msg) { * GATT_ERROR if command sending failure * ******************************************************************************/ tGATT_STATUS attp_cl_send_cmd(tGATT_TCB* p_tcb, uint16_t clcb_idx, tGATT_STATUS attp_cl_send_cmd(tGATT_TCB& tcb, uint16_t clcb_idx, uint8_t cmd_code, BT_HDR* p_cmd) { tGATT_STATUS att_ret = GATT_SUCCESS; if (p_tcb != NULL) { cmd_code &= ~GATT_AUTH_SIGN_MASK; if (tcb.pending_cl_req != tcb.next_slot_inq && cmd_code != GATT_HANDLE_VALUE_CONF) { gatt_cmd_enq(tcb, clcb_idx, true, cmd_code, p_cmd); return GATT_CMD_STARTED; } /* no pending request or value confirmation */ if (p_tcb->pending_cl_req == p_tcb->next_slot_inq || cmd_code == GATT_HANDLE_VALUE_CONF) { att_ret = attp_send_msg_to_l2cap(p_tcb, p_cmd); if (att_ret == GATT_CONGESTED || att_ret == GATT_SUCCESS) { tGATT_STATUS att_ret = attp_send_msg_to_l2cap(tcb, p_cmd); if (att_ret != GATT_CONGESTED && att_ret != GATT_SUCCESS) { return GATT_INTERNAL_ERROR; } /* do not enq cmd if handle value confirmation or set request */ if (cmd_code != GATT_HANDLE_VALUE_CONF && cmd_code != GATT_CMD_WRITE) { gatt_start_rsp_timer(clcb_idx); gatt_cmd_enq(p_tcb, clcb_idx, false, cmd_code, NULL); } } else att_ret = GATT_INTERNAL_ERROR; } else { att_ret = GATT_CMD_STARTED; gatt_cmd_enq(p_tcb, clcb_idx, true, cmd_code, p_cmd); gatt_cmd_enq(tcb, clcb_idx, false, cmd_code, NULL); } } else att_ret = GATT_ERROR; return att_ret; } /******************************************************************************* * * Function attp_send_cl_msg Loading @@ -480,46 +470,40 @@ tGATT_STATUS attp_cl_send_cmd(tGATT_TCB* p_tcb, uint16_t clcb_idx, * * ******************************************************************************/ tGATT_STATUS attp_send_cl_msg(tGATT_TCB* p_tcb, uint16_t clcb_idx, tGATT_STATUS attp_send_cl_msg(tGATT_TCB& tcb, uint16_t clcb_idx, uint8_t op_code, tGATT_CL_MSG* p_msg) { tGATT_STATUS status = GATT_NO_RESOURCES; BT_HDR* p_cmd = NULL; uint16_t offset = 0, handle; if (p_tcb != NULL) { switch (op_code) { case GATT_REQ_MTU: if (p_msg->mtu <= GATT_MAX_MTU_SIZE) { p_tcb->payload_size = p_msg->mtu; if (p_msg->mtu > GATT_MAX_MTU_SIZE) return GATT_ILLEGAL_PARAMETER; tcb.payload_size = p_msg->mtu; p_cmd = attp_build_mtu_cmd(GATT_REQ_MTU, p_msg->mtu); } else status = GATT_ILLEGAL_PARAMETER; break; case GATT_REQ_FIND_INFO: case GATT_REQ_READ_BY_TYPE: case GATT_REQ_READ_BY_GRP_TYPE: if (GATT_HANDLE_IS_VALID(p_msg->browse.s_handle) && GATT_HANDLE_IS_VALID(p_msg->browse.e_handle) && p_msg->browse.s_handle <= p_msg->browse.e_handle) { p_cmd = attp_build_browse_cmd(op_code, p_msg->browse.s_handle, if (!GATT_HANDLE_IS_VALID(p_msg->browse.s_handle) || !GATT_HANDLE_IS_VALID(p_msg->browse.e_handle) || p_msg->browse.s_handle > p_msg->browse.e_handle) return GATT_ILLEGAL_PARAMETER; p_cmd = attp_build_browse_cmd(op_code, p_msg->browse.s_handle, p_msg->browse.e_handle, p_msg->browse.uuid); } else status = GATT_ILLEGAL_PARAMETER; break; case GATT_REQ_READ_BLOB: offset = p_msg->read_blob.offset; /* fall through */ case GATT_REQ_READ: handle = (op_code == GATT_REQ_READ) ? p_msg->handle : p_msg->read_blob.handle; handle = (op_code == GATT_REQ_READ) ? p_msg->handle : p_msg->read_blob.handle; /* handle checking */ if (GATT_HANDLE_IS_VALID(handle)) { if (!GATT_HANDLE_IS_VALID(handle)) return GATT_ILLEGAL_PARAMETER; p_cmd = attp_build_handle_cmd(op_code, handle, offset); } else status = GATT_ILLEGAL_PARAMETER; break; case GATT_HANDLE_VALUE_CONF: Loading @@ -532,12 +516,12 @@ tGATT_STATUS attp_send_cl_msg(tGATT_TCB* p_tcb, uint16_t clcb_idx, case GATT_REQ_WRITE: case GATT_CMD_WRITE: case GATT_SIGN_CMD_WRITE: if (GATT_HANDLE_IS_VALID(p_msg->attr_value.handle)) { if (!GATT_HANDLE_IS_VALID(p_msg->attr_value.handle)) return GATT_ILLEGAL_PARAMETER; p_cmd = attp_build_value_cmd( p_tcb->payload_size, op_code, p_msg->attr_value.handle, offset, tcb.payload_size, op_code, p_msg->attr_value.handle, offset, p_msg->attr_value.len, p_msg->attr_value.value); } else status = GATT_ILLEGAL_PARAMETER; break; case GATT_REQ_EXEC_WRITE: Loading @@ -545,12 +529,12 @@ tGATT_STATUS attp_send_cl_msg(tGATT_TCB* p_tcb, uint16_t clcb_idx, break; case GATT_REQ_FIND_TYPE_VALUE: p_cmd = attp_build_read_by_type_value_cmd(p_tcb->payload_size, p_cmd = attp_build_read_by_type_value_cmd(tcb.payload_size, &p_msg->find_type_value); break; case GATT_REQ_READ_MULTI: p_cmd = attp_build_read_multi_cmd(p_tcb->payload_size, p_cmd = attp_build_read_multi_cmd(tcb.payload_size, p_msg->read_multi.num_handles, p_msg->read_multi.handles); break; Loading @@ -559,12 +543,7 @@ tGATT_STATUS attp_send_cl_msg(tGATT_TCB* p_tcb, uint16_t clcb_idx, break; } if (p_cmd != NULL) status = attp_cl_send_cmd(p_tcb, clcb_idx, op_code, p_cmd); } else { GATT_TRACE_ERROR("Peer device not connected"); } if (p_cmd == NULL) return GATT_NO_RESOURCES; return status; return attp_cl_send_cmd(tcb, clcb_idx, op_code, p_cmd); }
system/stack/gatt/gatt_api.cc +38 −42 Original line number Diff line number Diff line Loading @@ -522,10 +522,10 @@ tGATT_STATUS GATTS_HandleValueIndication(uint16_t conn_id, uint16_t attr_handle, cmd_status = GATT_NO_RESOURCES; } } else { p_msg = attp_build_sr_msg(p_tcb, GATT_HANDLE_VALUE_IND, p_msg = attp_build_sr_msg(*p_tcb, GATT_HANDLE_VALUE_IND, (tGATT_SR_MSG*)&indication); if (p_msg != NULL) { cmd_status = attp_send_sr_msg(p_tcb, p_msg); cmd_status = attp_send_sr_msg(*p_tcb, p_msg); if (cmd_status == GATT_SUCCESS || cmd_status == GATT_CONGESTED) { p_tcb->indicate_handle = indication.handle; Loading Loading @@ -554,8 +554,6 @@ tGATT_STATUS GATTS_HandleValueIndication(uint16_t conn_id, uint16_t attr_handle, tGATT_STATUS GATTS_HandleValueNotification(uint16_t conn_id, uint16_t attr_handle, uint16_t val_len, uint8_t* p_val) { tGATT_STATUS cmd_sent = GATT_ILLEGAL_PARAMETER; BT_HDR* p_buf; tGATT_VALUE notif; tGATT_IF gatt_if = GATT_GET_GATT_IF(conn_id); uint8_t tcb_idx = GATT_GET_TCB_IDX(conn_id); Loading @@ -570,20 +568,22 @@ tGATT_STATUS GATTS_HandleValueNotification(uint16_t conn_id, return (tGATT_STATUS)GATT_INVALID_CONN_ID; } if (GATT_HANDLE_IS_VALID(attr_handle)) { if (!GATT_HANDLE_IS_VALID(attr_handle)) { return GATT_ILLEGAL_PARAMETER; } notif.handle = attr_handle; notif.len = val_len; memcpy(notif.value, p_val, val_len); notif.auth_req = GATT_AUTH_REQ_NONE; ; p_buf = attp_build_sr_msg(p_tcb, GATT_HANDLE_VALUE_NOTIF, (tGATT_SR_MSG*)¬if); tGATT_STATUS cmd_sent; BT_HDR* p_buf = attp_build_sr_msg(*p_tcb, GATT_HANDLE_VALUE_NOTIF, (tGATT_SR_MSG*)¬if); if (p_buf != NULL) { cmd_sent = attp_send_sr_msg(p_tcb, p_buf); cmd_sent = attp_send_sr_msg(*p_tcb, p_buf); } else cmd_sent = GATT_NO_RESOURCES; } return cmd_sent; } Loading Loading @@ -624,7 +624,7 @@ tGATT_STATUS GATTS_SendRsp(uint16_t conn_id, uint32_t trans_id, return (GATT_WRONG_STATE); } /* Process App response */ cmd_sent = gatt_sr_process_app_rsp(p_tcb, gatt_if, trans_id, cmd_sent = gatt_sr_process_app_rsp(*p_tcb, gatt_if, trans_id, p_tcb->sr_cmd.op_code, status, p_msg); return cmd_sent; Loading Loading @@ -683,7 +683,7 @@ tGATT_STATUS GATTC_ConfigureMTU(uint16_t conn_id, uint16_t mtu) { p_clcb->p_tcb->payload_size = mtu; p_clcb->operation = GATTC_OPTYPE_CONFIG; ret = attp_send_cl_msg(p_clcb->p_tcb, p_clcb->clcb_idx, GATT_REQ_MTU, ret = attp_send_cl_msg(*p_clcb->p_tcb, p_clcb->clcb_idx, GATT_REQ_MTU, (tGATT_CL_MSG*)&mtu); } Loading Loading @@ -1016,7 +1016,7 @@ tGATT_STATUS GATTC_ExecuteWrite(uint16_t conn_id, bool is_execute) { if (p_clcb != NULL) { p_clcb->operation = GATTC_OPTYPE_EXE_WRITE; flag = is_execute ? GATT_PREP_WRITE_EXEC : GATT_PREP_WRITE_CANCEL; gatt_send_queue_write_cancel(p_clcb->p_tcb, p_clcb, flag); gatt_send_queue_write_cancel(*p_clcb->p_tcb, p_clcb, flag); } else { GATT_TRACE_ERROR("Unable to allocate client CB for conn_id %d ", conn_id); status = GATT_NO_RESOURCES; Loading @@ -1038,34 +1038,30 @@ tGATT_STATUS GATTC_ExecuteWrite(uint16_t conn_id, bool is_execute) { * ******************************************************************************/ tGATT_STATUS GATTC_SendHandleValueConfirm(uint16_t conn_id, uint16_t handle) { tGATT_STATUS ret = GATT_ILLEGAL_PARAMETER; GATT_TRACE_API("%s conn_id=%d handle=0x%x", __func__, conn_id, handle); tGATT_TCB* p_tcb = gatt_get_tcb_by_idx(GATT_GET_TCB_IDX(conn_id)); if (!p_tcb) { GATT_TRACE_ERROR("%s - Unknown conn_id: %u", __func__, conn_id); return GATT_ILLEGAL_PARAMETER; } GATT_TRACE_API("GATTC_SendHandleValueConfirm conn_id=%d handle=0x%x", conn_id, handle); if (p_tcb->ind_count == 0) { GATT_TRACE_DEBUG( "%s - conn_id: %u - ignored not waiting for indicaiton ack", __func__, conn_id); return GATT_SUCCESS; } if (p_tcb) { if (p_tcb->ind_count > 0) { alarm_cancel(p_tcb->ind_ack_timer); GATT_TRACE_DEBUG("notif_count=%d ", p_tcb->ind_count); /* send confirmation now */ ret = attp_send_cl_msg(p_tcb, 0, GATT_HANDLE_VALUE_CONF, tGATT_STATUS ret = attp_send_cl_msg(*p_tcb, 0, GATT_HANDLE_VALUE_CONF, (tGATT_CL_MSG*)&handle); p_tcb->ind_count = 0; } else { GATT_TRACE_DEBUG( "GATTC_SendHandleValueConfirm - conn_id: %u - ignored not waiting " "for indicaiton ack", conn_id); ret = GATT_SUCCESS; } } else { GATT_TRACE_ERROR("GATTC_SendHandleValueConfirm - Unknown conn_id: %u", conn_id); } return ret; } Loading
system/stack/gatt/gatt_auth.cc +8 −9 Original line number Diff line number Diff line Loading @@ -91,7 +91,7 @@ static bool gatt_sign_data(tGATT_CLCB* p_clcb) { * Returns * ******************************************************************************/ void gatt_verify_signature(tGATT_TCB* p_tcb, BT_HDR* p_buf) { void gatt_verify_signature(tGATT_TCB& tcb, BT_HDR* p_buf) { uint16_t cmd_len; uint8_t op_code; uint8_t *p, *p_orig = (uint8_t*)(p_buf + 1) + p_buf->offset; Loading @@ -106,16 +106,15 @@ void gatt_verify_signature(tGATT_TCB* p_tcb, BT_HDR* p_buf) { p = p_orig + cmd_len - 4; STREAM_TO_UINT32(counter, p); if (BTM_BleVerifySignature(p_tcb->peer_bda, p_orig, cmd_len, counter, p)) { STREAM_TO_UINT8(op_code, p_orig); gatt_server_handle_client_req(p_tcb, op_code, (uint16_t)(p_buf->len - 1), p_orig); } else { if (!BTM_BleVerifySignature(tcb.peer_bda, p_orig, cmd_len, counter, p)) { /* if this is a bad signature, assume from attacker, ignore it */ GATT_TRACE_ERROR("Signature Verification Failed, data ignored"); return; } return; STREAM_TO_UINT8(op_code, p_orig); gatt_server_handle_client_req(tcb, op_code, (uint16_t)(p_buf->len - 1), p_orig); } /******************************************************************************* * Loading Loading @@ -344,11 +343,11 @@ tGATT_SEC_ACTION gatt_determine_sec_act(tGATT_CLCB* p_clcb) { * Returns tGATT_STATUS link encryption status * ******************************************************************************/ tGATT_STATUS gatt_get_link_encrypt_status(tGATT_TCB* p_tcb) { tGATT_STATUS gatt_get_link_encrypt_status(tGATT_TCB& tcb) { tGATT_STATUS encrypt_status = GATT_NOT_ENCRYPTED; uint8_t sec_flag = 0; BTM_GetSecurityFlagsByTransport(p_tcb->peer_bda, &sec_flag, p_tcb->transport); BTM_GetSecurityFlagsByTransport(tcb.peer_bda, &sec_flag, tcb.transport); if ((sec_flag & BTM_SEC_FLAG_ENCRYPTED) && (sec_flag & BTM_SEC_FLAG_LKEY_KNOWN)) { Loading
