blob: da3cf51e0e872731aa2099ceda8562b14939df2f [file] [log] [blame]
/******************************************************************************
*
* Copyright 2008-2014 Broadcom Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
******************************************************************************/
/******************************************************************************
*
* this file contains ATT protocol functions
*
******************************************************************************/
#include <base/logging.h>
#include "bt_target.h"
#include "gatt_int.h"
#include "l2c_api.h"
#include "os/log.h"
#include "osi/include/allocator.h"
#include "osi/include/log.h"
#include "stack/include/bt_hdr.h"
#include "stack/include/bt_types.h"
#include "types/bluetooth/uuid.h"
#define GATT_HDR_FIND_TYPE_VALUE_LEN 21
#define GATT_OP_CODE_SIZE 1
#define GATT_START_END_HANDLE_SIZE 4
using base::StringPrintf;
using bluetooth::Uuid;
/**********************************************************************
* ATT protocl message building utility *
**********************************************************************/
/*******************************************************************************
*
* Function attp_build_mtu_exec_cmd
*
* Description Build a exchange MTU request
*
* Returns None.
*
******************************************************************************/
static BT_HDR* attp_build_mtu_cmd(uint8_t op_code, uint16_t rx_mtu) {
uint8_t* p;
BT_HDR* p_buf =
(BT_HDR*)osi_malloc(sizeof(BT_HDR) + GATT_HDR_SIZE + L2CAP_MIN_OFFSET);
p = (uint8_t*)(p_buf + 1) + L2CAP_MIN_OFFSET;
UINT8_TO_STREAM(p, op_code);
UINT16_TO_STREAM(p, rx_mtu);
p_buf->offset = L2CAP_MIN_OFFSET;
p_buf->len = GATT_HDR_SIZE; /* opcode + 2 bytes mtu */
return p_buf;
}
/*******************************************************************************
*
* Function attp_build_exec_write_cmd
*
* Description Build a execute write request or response.
*
* Returns None.
*
******************************************************************************/
static BT_HDR* attp_build_exec_write_cmd(uint8_t op_code, uint8_t flag) {
BT_HDR* p_buf = (BT_HDR*)osi_malloc(GATT_DATA_BUF_SIZE);
uint8_t* p;
p = (uint8_t*)(p_buf + 1) + L2CAP_MIN_OFFSET;
p_buf->offset = L2CAP_MIN_OFFSET;
p_buf->len = GATT_OP_CODE_SIZE;
UINT8_TO_STREAM(p, op_code);
if (op_code == GATT_REQ_EXEC_WRITE) {
flag &= GATT_PREP_WRITE_EXEC;
UINT8_TO_STREAM(p, flag);
p_buf->len += 1;
}
return p_buf;
}
/*******************************************************************************
*
* Function attp_build_err_cmd
*
* Description Build a exchange MTU request
*
* Returns None.
*
******************************************************************************/
static BT_HDR* attp_build_err_cmd(uint8_t cmd_code, uint16_t err_handle,
uint8_t reason) {
uint8_t* p;
BT_HDR* p_buf = (BT_HDR*)osi_malloc(sizeof(BT_HDR) + L2CAP_MIN_OFFSET + 5);
p = (uint8_t*)(p_buf + 1) + L2CAP_MIN_OFFSET;
UINT8_TO_STREAM(p, GATT_RSP_ERROR);
UINT8_TO_STREAM(p, cmd_code);
UINT16_TO_STREAM(p, err_handle);
UINT8_TO_STREAM(p, reason);
p_buf->offset = L2CAP_MIN_OFFSET;
/* GATT_HDR_SIZE (1B ERR_RSP op code+ 2B handle) + 1B cmd_op_code + 1B status
*/
p_buf->len = GATT_HDR_SIZE + 1 + 1;
return p_buf;
}
/*******************************************************************************
*
* Function attp_build_browse_cmd
*
* Description Build a read information request or read by type request
*
* Returns None.
*
******************************************************************************/
static BT_HDR* attp_build_browse_cmd(uint8_t op_code, uint16_t s_hdl,
uint16_t e_hdl,
const bluetooth::Uuid& uuid) {
const size_t payload_size =
(GATT_OP_CODE_SIZE) + (GATT_START_END_HANDLE_SIZE) + (Uuid::kNumBytes128);
BT_HDR* p_buf =
(BT_HDR*)osi_malloc(sizeof(BT_HDR) + payload_size + L2CAP_MIN_OFFSET);
uint8_t* p = (uint8_t*)(p_buf + 1) + L2CAP_MIN_OFFSET;
/* Describe the built message location and size */
p_buf->offset = L2CAP_MIN_OFFSET;
p_buf->len = GATT_OP_CODE_SIZE + 4;
UINT8_TO_STREAM(p, op_code);
UINT16_TO_STREAM(p, s_hdl);
UINT16_TO_STREAM(p, e_hdl);
p_buf->len += gatt_build_uuid_to_stream(&p, uuid);
return p_buf;
}
/*******************************************************************************
*
* Function attp_build_read_handles_cmd
*
* Description Build a read by type and value request.
*
* Returns pointer to the command buffer.
*
******************************************************************************/
static BT_HDR* attp_build_read_by_type_value_cmd(
uint16_t payload_size, tGATT_FIND_TYPE_VALUE* p_value_type) {
uint8_t* p;
uint16_t len = p_value_type->value_len;
BT_HDR* p_buf = nullptr;
if (payload_size < 5) {
return nullptr;
}
p_buf =
(BT_HDR*)osi_malloc(sizeof(BT_HDR) + payload_size + L2CAP_MIN_OFFSET);
p = (uint8_t*)(p_buf + 1) + L2CAP_MIN_OFFSET;
p_buf->offset = L2CAP_MIN_OFFSET;
p_buf->len = 5; /* opcode + s_handle + e_handle */
UINT8_TO_STREAM(p, GATT_REQ_FIND_TYPE_VALUE);
UINT16_TO_STREAM(p, p_value_type->s_handle);
UINT16_TO_STREAM(p, p_value_type->e_handle);
p_buf->len += gatt_build_uuid_to_stream(&p, p_value_type->uuid);
if (p_value_type->value_len + p_buf->len > payload_size)
len = payload_size - p_buf->len;
memcpy(p, p_value_type->value, len);
p_buf->len += len;
return p_buf;
}
/*******************************************************************************
*
* Function attp_build_read_multi_cmd
*
* Description Build a read multiple request
*
* Returns None.
*
******************************************************************************/
static BT_HDR* attp_build_read_multi_cmd(uint8_t op_code, uint16_t payload_size,
uint16_t num_handle,
uint16_t* p_handle) {
uint8_t *p, i = 0;
BT_HDR* p_buf = (BT_HDR*)osi_malloc(sizeof(BT_HDR) + num_handle * 2 + 1 +
L2CAP_MIN_OFFSET);
p = (uint8_t*)(p_buf + 1) + L2CAP_MIN_OFFSET;
p_buf->offset = L2CAP_MIN_OFFSET;
p_buf->len = 1;
UINT8_TO_STREAM(p, op_code);
for (i = 0; i < num_handle && p_buf->len + 2 <= payload_size; i++) {
UINT16_TO_STREAM(p, *(p_handle + i));
p_buf->len += 2;
}
return p_buf;
}
/*******************************************************************************
*
* Function attp_build_handle_cmd
*
* Description Build a read /read blob request
*
* Returns None.
*
******************************************************************************/
static BT_HDR* attp_build_handle_cmd(uint8_t op_code, uint16_t handle,
uint16_t offset) {
uint8_t* p;
BT_HDR* p_buf = (BT_HDR*)osi_malloc(sizeof(BT_HDR) + 5 + L2CAP_MIN_OFFSET);
p = (uint8_t*)(p_buf + 1) + L2CAP_MIN_OFFSET;
p_buf->offset = L2CAP_MIN_OFFSET;
UINT8_TO_STREAM(p, op_code);
p_buf->len = 1;
UINT16_TO_STREAM(p, handle);
p_buf->len += 2;
if (op_code == GATT_REQ_READ_BLOB) {
UINT16_TO_STREAM(p, offset);
p_buf->len += 2;
}
return p_buf;
}
/*******************************************************************************
*
* Function attp_build_opcode_cmd
*
* Description Build a request/response with opcode only.
*
* Returns None.
*
******************************************************************************/
static BT_HDR* attp_build_opcode_cmd(uint8_t op_code) {
uint8_t* p;
BT_HDR* p_buf = (BT_HDR*)osi_malloc(sizeof(BT_HDR) + 1 + L2CAP_MIN_OFFSET);
p = (uint8_t*)(p_buf + 1) + L2CAP_MIN_OFFSET;
p_buf->offset = L2CAP_MIN_OFFSET;
UINT8_TO_STREAM(p, op_code);
p_buf->len = 1;
return p_buf;
}
/*******************************************************************************
*
* Function attp_build_value_cmd
*
* Description Build a attribute value request
*
* Returns None.
*
******************************************************************************/
static BT_HDR* attp_build_value_cmd(uint16_t payload_size, uint8_t op_code,
uint16_t handle, uint16_t offset,
uint16_t len, uint8_t* p_data) {
uint8_t *p, *pp, pair_len, *p_pair_len;
BT_HDR* p_buf =
(BT_HDR*)osi_malloc(sizeof(BT_HDR) + payload_size + L2CAP_MIN_OFFSET);
p = pp = (uint8_t*)(p_buf + 1) + L2CAP_MIN_OFFSET;
UINT8_TO_STREAM(p, op_code);
p_buf->offset = L2CAP_MIN_OFFSET;
p_buf->len = 1;
if (op_code == GATT_RSP_READ_BY_TYPE) {
p_pair_len = p;
pair_len = len + 2;
UINT8_TO_STREAM(p, pair_len);
p_buf->len += 1;
}
if (op_code != GATT_RSP_READ_BLOB && op_code != GATT_RSP_READ) {
UINT16_TO_STREAM(p, handle);
p_buf->len += 2;
}
if (op_code == GATT_REQ_PREPARE_WRITE || op_code == GATT_RSP_PREPARE_WRITE) {
UINT16_TO_STREAM(p, offset);
p_buf->len += 2;
}
if (len > 0 && p_data != NULL) {
/* ensure data not exceed MTU size */
if (payload_size - p_buf->len < len) {
len = payload_size - p_buf->len;
/* update handle value pair length */
if (op_code == GATT_RSP_READ_BY_TYPE) *p_pair_len = (len + 2);
LOG(WARNING) << StringPrintf(
"attribute value too long, to be truncated to %d", len);
}
ARRAY_TO_STREAM(p, p_data, len);
p_buf->len += len;
}
return p_buf;
}
/*******************************************************************************
*
* Function attp_send_msg_to_l2cap
*
* Description Send message to L2CAP.
*
******************************************************************************/
tGATT_STATUS attp_send_msg_to_l2cap(tGATT_TCB& tcb, uint16_t lcid,
BT_HDR* p_toL2CAP) {
uint16_t l2cap_ret;
if (lcid == L2CAP_ATT_CID) {
LOG_DEBUG("Sending ATT message on att fixed channel");
l2cap_ret = L2CA_SendFixedChnlData(lcid, tcb.peer_bda, p_toL2CAP);
} else {
LOG_DEBUG("Sending ATT message on lcid:%hu", lcid);
l2cap_ret = (uint16_t)L2CA_DataWrite(lcid, p_toL2CAP);
}
if (l2cap_ret == L2CAP_DW_FAILED) {
LOG(ERROR) << __func__ << ": failed to write data to L2CAP";
return GATT_INTERNAL_ERROR;
} else if (l2cap_ret == L2CAP_DW_CONGESTED) {
VLOG(1) << StringPrintf("ATT congested, message accepted");
return GATT_CONGESTED;
}
return GATT_SUCCESS;
}
/** Build ATT Server PDUs */
BT_HDR* attp_build_sr_msg(tGATT_TCB& tcb, uint8_t op_code, tGATT_SR_MSG* p_msg,
uint16_t payload_size) {
uint16_t offset = 0;
switch (op_code) {
case GATT_RSP_READ_BLOB:
case GATT_RSP_PREPARE_WRITE:
VLOG(1) << StringPrintf(
"ATT_RSP_READ_BLOB/GATT_RSP_PREPARE_WRITE: len = %d offset = %d",
p_msg->attr_value.len, p_msg->attr_value.offset);
offset = p_msg->attr_value.offset;
FALLTHROUGH_INTENDED; /* FALLTHROUGH */
case GATT_RSP_READ_BY_TYPE:
case GATT_RSP_READ:
case GATT_HANDLE_VALUE_NOTIF:
case GATT_HANDLE_VALUE_IND:
return attp_build_value_cmd(
payload_size, op_code, p_msg->attr_value.handle, offset,
p_msg->attr_value.len, p_msg->attr_value.value);
case GATT_RSP_WRITE:
return attp_build_opcode_cmd(op_code);
case GATT_RSP_ERROR:
return attp_build_err_cmd(p_msg->error.cmd_code, p_msg->error.handle,
p_msg->error.reason);
case GATT_RSP_EXEC_WRITE:
return attp_build_exec_write_cmd(op_code, 0);
case GATT_RSP_MTU:
return attp_build_mtu_cmd(op_code, p_msg->mtu);
default:
LOG(FATAL) << "attp_build_sr_msg: unknown op code = " << +op_code;
return nullptr;
}
}
/*******************************************************************************
*
* Function attp_send_sr_msg
*
* Description This function sends the server response or indication
* message to client.
*
* Parameter p_tcb: pointer to the connecton control block.
* p_msg: pointer to message parameters structure.
*
* Returns GATT_SUCCESS if sucessfully sent; otherwise error code.
*
*
******************************************************************************/
tGATT_STATUS attp_send_sr_msg(tGATT_TCB& tcb, uint16_t cid, BT_HDR* p_msg) {
if (p_msg == NULL) {
LOG_WARN("Unable to send empty message");
return GATT_NO_RESOURCES;
}
LOG_DEBUG("Sending server response or indication message to client");
p_msg->offset = L2CAP_MIN_OFFSET;
return attp_send_msg_to_l2cap(tcb, cid, p_msg);
}
/*******************************************************************************
*
* Function attp_cl_send_cmd
*
* Description Send a ATT command or enqueue it.
*
* Returns GATT_SUCCESS if command sent
* GATT_CONGESTED if command sent but channel congested
* GATT_CMD_STARTED if command queue up in GATT
* GATT_ERROR if command sending failure
*
******************************************************************************/
static tGATT_STATUS attp_cl_send_cmd(tGATT_TCB& tcb, tGATT_CLCB* p_clcb,
uint8_t cmd_code, BT_HDR* p_cmd) {
cmd_code &= ~GATT_AUTH_SIGN_MASK;
if (gatt_tcb_is_cid_busy(tcb, p_clcb->cid) &&
cmd_code != GATT_HANDLE_VALUE_CONF) {
gatt_cmd_enq(tcb, p_clcb, true, cmd_code, p_cmd);
LOG_DEBUG("Enqueued ATT command %p conn_id=0x%04x, cid=%d", p_clcb,
p_clcb->conn_id, p_clcb->cid);
return GATT_CMD_STARTED;
}
LOG_DEBUG(
"Sending ATT command to l2cap cid:0x%04x eatt_channels:%u transport:%s",
p_clcb->cid, tcb.eatt, bt_transport_text(tcb.transport).c_str());
tGATT_STATUS att_ret = attp_send_msg_to_l2cap(tcb, p_clcb->cid, p_cmd);
if (att_ret != GATT_CONGESTED && att_ret != GATT_SUCCESS) {
LOG_WARN(
"Unable to send ATT command to l2cap layer %p conn_id=0x%04x, cid=%d",
p_clcb, p_clcb->conn_id, p_clcb->cid);
return GATT_INTERNAL_ERROR;
}
if (cmd_code == GATT_HANDLE_VALUE_CONF || cmd_code == GATT_CMD_WRITE) {
return att_ret;
}
LOG_DEBUG("Starting ATT response timer %p conn_id=0x%04x, cid=%d", p_clcb,
p_clcb->conn_id, p_clcb->cid);
gatt_start_rsp_timer(p_clcb);
gatt_cmd_enq(tcb, p_clcb, false, cmd_code, NULL);
return att_ret;
}
/*******************************************************************************
*
* Function attp_send_cl_confirmation_msg
*
* Description This function sends the client confirmation
* message to server.
*
* Parameter p_tcb: pointer to the connection control block.
* cid: channel id
*
* Returns GATT_SUCCESS if successfully sent; otherwise error code.
*
*
******************************************************************************/
tGATT_STATUS attp_send_cl_confirmation_msg(tGATT_TCB& tcb, uint16_t cid) {
BT_HDR* p_cmd = NULL;
p_cmd = attp_build_opcode_cmd(GATT_HANDLE_VALUE_CONF);
if (p_cmd == NULL) return GATT_NO_RESOURCES;
/* no pending request or value confirmation */
tGATT_STATUS att_ret = attp_send_msg_to_l2cap(tcb, cid, p_cmd);
if (att_ret != GATT_CONGESTED && att_ret != GATT_SUCCESS) {
return GATT_INTERNAL_ERROR;
}
return att_ret;
}
/*******************************************************************************
*
* Function attp_send_cl_msg
*
* Description This function sends the client request or confirmation
* message to server.
*
* Parameter p_tcb: pointer to the connectino control block.
* p_clcb: clcb
* op_code: message op code.
* p_msg: pointer to message parameters structure.
*
* Returns GATT_SUCCESS if sucessfully sent; otherwise error code.
*
*
******************************************************************************/
tGATT_STATUS attp_send_cl_msg(tGATT_TCB& tcb, tGATT_CLCB* p_clcb,
uint8_t op_code, tGATT_CL_MSG* p_msg) {
BT_HDR* p_cmd = NULL;
uint16_t offset = 0, handle;
if (!p_clcb) {
LOG_ERROR("Missing p_clcb");
return GATT_ILLEGAL_PARAMETER;
}
uint16_t payload_size = gatt_tcb_get_payload_size_tx(tcb, p_clcb->cid);
switch (op_code) {
case GATT_REQ_MTU:
if (p_msg->mtu > GATT_MAX_MTU_SIZE) {
LOG_WARN(
"GATT message MTU is larger than max GATT MTU size op_code:%hhu",
op_code);
return GATT_ILLEGAL_PARAMETER;
}
tcb.payload_size = p_msg->mtu;
p_cmd = attp_build_mtu_cmd(GATT_REQ_MTU, p_msg->mtu);
break;
case GATT_REQ_FIND_INFO:
case GATT_REQ_READ_BY_TYPE:
case GATT_REQ_READ_BY_GRP_TYPE:
if (!GATT_HANDLE_IS_VALID(p_msg->browse.s_handle) ||
!GATT_HANDLE_IS_VALID(p_msg->browse.e_handle) ||
p_msg->browse.s_handle > p_msg->browse.e_handle) {
LOG_WARN("GATT message has invalid handle op_code:%hhu", op_code);
return GATT_ILLEGAL_PARAMETER;
}
p_cmd = attp_build_browse_cmd(op_code, p_msg->browse.s_handle,
p_msg->browse.e_handle, p_msg->browse.uuid);
break;
case GATT_REQ_READ_BLOB:
offset = p_msg->read_blob.offset;
FALLTHROUGH_INTENDED; /* FALLTHROUGH */
case GATT_REQ_READ:
handle =
(op_code == GATT_REQ_READ) ? p_msg->handle : p_msg->read_blob.handle;
/* handle checking */
if (!GATT_HANDLE_IS_VALID(handle)) {
LOG_WARN("GATT message has invalid handle op_code:%hhu", op_code);
return GATT_ILLEGAL_PARAMETER;
}
p_cmd = attp_build_handle_cmd(op_code, handle, offset);
break;
case GATT_REQ_PREPARE_WRITE:
offset = p_msg->attr_value.offset;
FALLTHROUGH_INTENDED; /* FALLTHROUGH */
case GATT_REQ_WRITE:
case GATT_CMD_WRITE:
case GATT_SIGN_CMD_WRITE:
if (!GATT_HANDLE_IS_VALID(p_msg->attr_value.handle)) {
LOG_WARN("GATT message has invalid handle op_code:%hhu", op_code);
return GATT_ILLEGAL_PARAMETER;
}
p_cmd = attp_build_value_cmd(
payload_size, op_code, p_msg->attr_value.handle, offset,
p_msg->attr_value.len, p_msg->attr_value.value);
break;
case GATT_REQ_EXEC_WRITE:
p_cmd = attp_build_exec_write_cmd(op_code, p_msg->exec_write);
break;
case GATT_REQ_FIND_TYPE_VALUE:
p_cmd = attp_build_read_by_type_value_cmd(payload_size,
&p_msg->find_type_value);
break;
case GATT_REQ_READ_MULTI:
case GATT_REQ_READ_MULTI_VAR:
p_cmd = attp_build_read_multi_cmd(op_code, payload_size,
p_msg->read_multi.num_handles,
p_msg->read_multi.handles);
break;
default:
break;
}
if (p_cmd == NULL) {
LOG_WARN(
"Unable to build proper GATT message to send to peer device "
"op_code:%hhu",
op_code);
return GATT_NO_RESOURCES;
}
return attp_cl_send_cmd(tcb, p_clcb, op_code, p_cmd);
}