/*******************************************************************************
**
** Function gatt_check_enc_req
**
** Description check link security.
**
** Returns TRUE if encrypted, otherwise FALSE.
**
*******************************************************************************/
BOOLEAN gatt_security_check_start(tGATT_CLCB *p_clcb)
{
tGATT_TCB *p_tcb = p_clcb->p_tcb;
tGATT_SEC_ACTION gatt_sec_act;
tBTM_BLE_SEC_ACT btm_ble_sec_act;
BOOLEAN status = TRUE;
#if (SMP_INCLUDED == TRUE)
tBTM_STATUS btm_status;
#endif ///SMP_INCLUDED == TRUE
tGATT_SEC_ACTION sec_act_old = gatt_get_sec_act(p_tcb);
gatt_sec_act = gatt_determine_sec_act(p_clcb);
if (sec_act_old == GATT_SEC_NONE) {
gatt_set_sec_act(p_tcb, gatt_sec_act);
}
switch (gatt_sec_act ) {
case GATT_SEC_SIGN_DATA:
#if (SMP_INCLUDED == TRUE)
GATT_TRACE_DEBUG("gatt_security_check_start: Do data signing");
gatt_sign_data(p_clcb);
#endif ///SMP_INCLUDED == TRUE
break;
case GATT_SEC_ENCRYPT:
case GATT_SEC_ENCRYPT_NO_MITM:
case GATT_SEC_ENCRYPT_MITM:
if (sec_act_old < GATT_SEC_ENCRYPT) {
GATT_TRACE_DEBUG("gatt_security_check_start: Encrypt now or key upgreade first");
gatt_convert_sec_action(gatt_sec_act, &btm_ble_sec_act);
#if (SMP_INCLUDED == TRUE)
btm_status = BTM_SetEncryption(p_tcb->peer_bda, p_tcb->transport , gatt_enc_cmpl_cback, &btm_ble_sec_act);
if ( (btm_status != BTM_SUCCESS) && (btm_status != BTM_CMD_STARTED)) {
GATT_TRACE_ERROR("gatt_security_check_start BTM_SetEncryption failed btm_status=%d", btm_status);
status = FALSE;
}
#endif ///SMP_INCLUDED == TRUE
}
if (status) {
gatt_add_pending_enc_channel_clcb (p_tcb, p_clcb);
}
break;
case GATT_SEC_ENC_PENDING:
gatt_add_pending_enc_channel_clcb (p_tcb, p_clcb);
/* wait for link encrypotion to finish */
break;
default:
gatt_sec_check_complete(TRUE, p_clcb, gatt_sec_act);
break;
}
if (status == FALSE) {
gatt_set_sec_act(p_tcb, GATT_SEC_NONE);
gatt_set_ch_state(p_tcb, GATT_CH_OPEN);
}
return status;
}
/*******************************************************************************
**
** Function gatt_notify_enc_cmpl
**
** Description link encryption complete notification for all encryption process
** initiated outside GATT.
**
** Returns
**
*******************************************************************************/
void gatt_notify_enc_cmpl(BD_ADDR bd_addr)
{
tGATT_TCB *p_tcb;
tGATT_PENDING_ENC_CLCB *p_buf;
UINT16 count;
UINT8 i = 0;
if ((p_tcb = gatt_find_tcb_by_addr(bd_addr, BT_TRANSPORT_LE)) != NULL) {
for (i = 0; i < GATT_MAX_APPS; i++) {
if (gatt_cb.cl_rcb[i].in_use && gatt_cb.cl_rcb[i].app_cb.p_enc_cmpl_cb) {
(*gatt_cb.cl_rcb[i].app_cb.p_enc_cmpl_cb)(gatt_cb.cl_rcb[i].gatt_if, bd_addr);
}
}
if (gatt_get_sec_act(p_tcb) == GATT_SEC_ENC_PENDING) {
gatt_set_sec_act(p_tcb, GATT_SEC_NONE);
count = GKI_queue_length(&p_tcb->pending_enc_clcb);
for (; count > 0; count --) {
if ((p_buf = (tGATT_PENDING_ENC_CLCB *)GKI_dequeue (&p_tcb->pending_enc_clcb)) != NULL) {
gatt_security_check_start(p_buf->p_clcb);
GKI_freebuf(p_buf);
} else {
break;
}
}
}
} else {
GATT_TRACE_DEBUG("notify GATT for encryption completion of unknown device");
}
return;
}
/*******************************************************************************
**
** Function gatt_sec_check_complete
**
** Description security check complete and proceed to data sending action.
**
** Returns void.
**
*******************************************************************************/
void gatt_sec_check_complete(BOOLEAN sec_check_ok, tGATT_CLCB *p_clcb, UINT8 sec_act)
{
if (p_clcb && p_clcb->p_tcb && GKI_queue_is_empty(&p_clcb->p_tcb->pending_enc_clcb)) {
gatt_set_sec_act(p_clcb->p_tcb, GATT_SEC_NONE);
}
#if (GATTC_INCLUDED == TRUE)
if (!sec_check_ok) {
gatt_end_operation(p_clcb, GATT_AUTH_FAIL, NULL);
} else if (p_clcb->operation == GATTC_OPTYPE_WRITE) {
gatt_act_write(p_clcb, sec_act);
} else if (p_clcb->operation == GATTC_OPTYPE_READ) {
gatt_act_read(p_clcb, p_clcb->counter);
}
#endif ///GATTC_INCLUDED == TRUE
}
/*******************************************************************************
**
** Function gatt_sign_data
**
** Description This function sign the data for write command.
**
** Returns TRUE if encrypted, otherwise FALSE.
**
*******************************************************************************/
static BOOLEAN gatt_sign_data (tGATT_CLCB *p_clcb)
{
tGATT_VALUE *p_attr = (tGATT_VALUE *)p_clcb->p_attr_buf;
UINT8 *p_data = NULL, *p;
UINT16 payload_size = p_clcb->p_tcb->payload_size;
BOOLEAN status = FALSE;
UINT8 *p_signature;
/* do not need to mark channel securoty activity for data signing */
gatt_set_sec_act(p_clcb->p_tcb, GATT_SEC_OK);
p_data = (UINT8 *)GKI_getbuf((UINT16)(p_attr->len + 3)); /* 3 = 2 byte handle + opcode */
if (p_data != NULL)
{
p = p_data;
UINT8_TO_STREAM(p, GATT_SIGN_CMD_WRITE);
UINT16_TO_STREAM(p, p_attr->handle);
ARRAY_TO_STREAM(p, p_attr->value, p_attr->len);
/* sign data length should be attribulte value length plus 2B handle + 1B op code */
if ((payload_size - GATT_AUTH_SIGN_LEN - 3) < p_attr->len)
p_attr->len = payload_size - GATT_AUTH_SIGN_LEN - 3;
p_signature = p_attr->value + p_attr->len;
if (BTM_BleDataSignature(p_clcb->p_tcb->peer_bda,
p_data,
(UINT16)(p_attr->len + 3), /* 3 = 2 byte handle + opcode */
p_signature))
{
p_attr->len += BTM_BLE_AUTH_SIGN_LEN;
gatt_set_ch_state(p_clcb->p_tcb, GATT_CH_OPEN);
gatt_act_write(p_clcb, GATT_SEC_SIGN_DATA);
}
else
{
gatt_end_operation(p_clcb, GATT_INTERNAL_ERROR, NULL);
}
GKI_freebuf(p_data);
}
return status;
}