static void att_packet_handler(uint8_t packet_type, uint16_t handle, uint8_t *packet, uint16_t size){
if (packet_type != ATT_DATA_PACKET) return;
att_response_handle = handle;
att_response_size = att_handle_request(&att_connection, packet, size, att_response_buffer);
att_try_respond();
}
int l2cap_send_prepared_connectionless(uint16_t handle, uint16_t cid, uint16_t len){
att_connection_t att_connection;
att_init_connection(&att_connection);
uint8_t response[max_mtu];
uint16_t response_len = att_handle_request(&att_connection, l2cap_get_outgoing_buffer(), len, &response[0]);
if (response_len){
att_packet_handler(ATT_DATA_PACKET, gatt_client_handle, &response[0], response_len);
}
return 0;
}
// pre: att_server->state == ATT_SERVER_REQUEST_RECEIVED_AND_VALIDATED
// pre: can send now
// returns: 1 if packet was sent
static int att_server_process_validated_request(att_server_t * att_server){
l2cap_reserve_packet_buffer();
uint8_t * att_response_buffer = l2cap_get_outgoing_buffer();
uint16_t att_response_size = att_handle_request(&att_server->connection, att_server->request_buffer, att_server->request_size, att_response_buffer);
#ifdef ENABLE_ATT_DELAYED_READ_RESPONSE
if (att_response_size == ATT_READ_RESPONSE_PENDING){
// update state
att_server->state = ATT_SERVER_READ_RESPONSE_PENDING;
// callback with handle ATT_READ_RESPONSE_PENDING
att_server_client_read_callback(att_server->connection.con_handle, ATT_READ_RESPONSE_PENDING, 0, NULL, 0);
// free reserved buffer
l2cap_release_packet_buffer();
return 0;
}
#endif
// intercept "insufficient authorization" for authenticated connections to allow for user authorization
if ((att_response_size >= 4)
&& (att_response_buffer[0] == ATT_ERROR_RESPONSE)
&& (att_response_buffer[4] == ATT_ERROR_INSUFFICIENT_AUTHORIZATION)
&& (att_server->connection.authenticated)){
switch (gap_authorization_state(att_server->connection.con_handle)){
case AUTHORIZATION_UNKNOWN:
l2cap_release_packet_buffer();
sm_request_pairing(att_server->connection.con_handle);
return 0;
case AUTHORIZATION_PENDING:
l2cap_release_packet_buffer();
return 0;
default:
break;
}
}
att_server->state = ATT_SERVER_IDLE;
if (att_response_size == 0) {
l2cap_release_packet_buffer();
return 0;
}
l2cap_send_prepared_connectionless(att_server->connection.con_handle, L2CAP_CID_ATTRIBUTE_PROTOCOL, att_response_size);
// notify client about MTU exchange result
if (att_response_buffer[0] == ATT_EXCHANGE_MTU_RESPONSE){
att_emit_mtu_event(att_server->connection.con_handle, att_server->connection.mtu);
}
return 1;
}
static void att_packet_handler(uint8_t packet_type, uint16_t handle, uint8_t *packet, uint16_t size){
if (packet_type != ATT_DATA_PACKET) return;
// handle value indication confirms
if (packet[0] == ATT_HANDLE_VALUE_CONFIRMATION && att_handle_value_indication_handle){
run_loop_remove_timer(&att_handle_value_indication_timer);
uint16_t att_handle = att_handle_value_indication_handle;
att_handle_value_indication_handle = 0;
att_handle_value_indication_notify_client(0, att_connection.con_handle, att_handle);
return;
}
// directly process commands
// note: signed write cannot be handled directly as authentication needs to be verified
if (packet[0] == ATT_WRITE_COMMAND){
att_handle_request(&att_connection, packet, size, 0);
return;
}
// check size
if (size > sizeof(att_request_buffer)) {
log_info("att_packet_handler: dropping att pdu 0x%02x as size %u > att_request_buffer %u", packet[0], size, (int) sizeof(att_request_buffer));
return;
}
// last request still in processing?
if (att_server_state != ATT_SERVER_IDLE){
log_info("att_packet_handler: skipping att pdu 0x%02x as server not idle (state %u)", packet[0], att_server_state);
return;
}
// store request
att_server_state = ATT_SERVER_REQUEST_RECEIVED;
att_request_size = size;
memcpy(att_request_buffer, packet, size);
att_run();
}
static void att_run(void){
switch (att_server_state){
case ATT_SERVER_IDLE:
case ATT_SERVER_W4_SIGNED_WRITE_VALIDATION:
return;
case ATT_SERVER_REQUEST_RECEIVED:
if (att_request_buffer[0] == ATT_SIGNED_WRITE_COMMAND){
log_info("ATT Signed Write!");
if (!sm_cmac_ready()) {
log_info("ATT Signed Write, sm_cmac engine not ready. Abort");
att_server_state = ATT_SERVER_IDLE;
return;
}
if (att_request_size < (3 + 12)) {
log_info("ATT Signed Write, request to short. Abort.");
att_server_state = ATT_SERVER_IDLE;
return;
}
if (att_ir_lookup_active){
return;
}
if (att_ir_le_device_db_index < 0){
log_info("ATT Signed Write, CSRK not available");
att_server_state = ATT_SERVER_IDLE;
return;
}
// check counter
uint32_t counter_packet = READ_BT_32(att_request_buffer, att_request_size-12);
uint32_t counter_db = le_device_db_remote_counter_get(att_ir_le_device_db_index);
log_info("ATT Signed Write, DB counter %u, packet counter %u", counter_db, counter_packet);
if (counter_packet < counter_db){
log_info("ATT Signed Write, db reports higher counter, abort");
att_server_state = ATT_SERVER_IDLE;
return;
}
// signature is { sequence counter, secure hash }
sm_key_t csrk;
le_device_db_csrk_get(att_ir_le_device_db_index, csrk);
att_server_state = ATT_SERVER_W4_SIGNED_WRITE_VALIDATION;
log_info("Orig Signature: ");
hexdump( &att_request_buffer[att_request_size-8], 8);
sm_cmac_start(csrk, att_request_size - 12, att_request_buffer, counter_packet, att_signed_write_handle_cmac_result);
return;
}
// NOTE: fall through for regular commands
case ATT_SERVER_REQUEST_RECEIVED_AND_VALIDATED:
if (!l2cap_can_send_fixed_channel_packet_now(att_connection.con_handle)) return;
l2cap_reserve_packet_buffer();
uint8_t * att_response_buffer = l2cap_get_outgoing_buffer();
uint16_t att_response_size = att_handle_request(&att_connection, att_request_buffer, att_request_size, att_response_buffer);
// intercept "insufficient authorization" for authenticated connections to allow for user authorization
if ((att_response_size >= 4)
&& (att_response_buffer[0] == ATT_ERROR_RESPONSE)
&& (att_response_buffer[4] == ATT_ERROR_INSUFFICIENT_AUTHORIZATION)
&& (att_connection.authenticated)){
switch (sm_authorization_state(att_client_addr_type, att_client_address)){
case AUTHORIZATION_UNKNOWN:
l2cap_release_packet_buffer();
sm_request_authorization(att_client_addr_type, att_client_address);
return;
case AUTHORIZATION_PENDING:
l2cap_release_packet_buffer();
return;
default:
break;
}
}
att_server_state = ATT_SERVER_IDLE;
if (att_response_size == 0) {
l2cap_release_packet_buffer();
return;
}
l2cap_send_prepared_connectionless(att_connection.con_handle, L2CAP_CID_ATTRIBUTE_PROTOCOL, att_response_size);
// notify client about MTU exchange result
if (att_response_buffer[0] == ATT_EXCHANGE_MTU_RESPONSE){
att_emit_mtu_event(att_connection.con_handle, att_connection.mtu);
}
break;
}
}
static void att_packet_handler(uint8_t packet_type, uint16_t handle, uint8_t *packet, uint16_t size){
att_server_t * att_server;
switch (packet_type){
case HCI_EVENT_PACKET:
switch (packet[0]){
case L2CAP_EVENT_CAN_SEND_NOW:
att_server_handle_can_send_now();
break;
case ATT_EVENT_MTU_EXCHANGE_COMPLETE:
// GATT client has negotiated the mtu for this connection
att_server = att_server_for_handle(handle);
if (!att_server) break;
att_server->connection.mtu = little_endian_read_16(packet, 4);
break;
default:
break;
}
break;
case ATT_DATA_PACKET:
log_debug("ATT Packet, handle 0x%04x", handle);
att_server = att_server_for_handle(handle);
if (!att_server) break;
// handle value indication confirms
if (packet[0] == ATT_HANDLE_VALUE_CONFIRMATION && att_server->value_indication_handle){
btstack_run_loop_remove_timer(&att_server->value_indication_timer);
uint16_t att_handle = att_server->value_indication_handle;
att_server->value_indication_handle = 0;
att_handle_value_indication_notify_client(0, att_server->connection.con_handle, att_handle);
return;
}
// directly process command
// note: signed write cannot be handled directly as authentication needs to be verified
if (packet[0] == ATT_WRITE_COMMAND){
att_handle_request(&att_server->connection, packet, size, 0);
return;
}
// check size
if (size > sizeof(att_server->request_buffer)) {
log_info("att_packet_handler: dropping att pdu 0x%02x as size %u > att_server->request_buffer %u", packet[0], size, (int) sizeof(att_server->request_buffer));
return;
}
// last request still in processing?
if (att_server->state != ATT_SERVER_IDLE){
log_info("att_packet_handler: skipping att pdu 0x%02x as server not idle (state %u)", packet[0], att_server->state);
return;
}
// store request
att_server->state = ATT_SERVER_REQUEST_RECEIVED;
att_server->request_size = size;
memcpy(att_server->request_buffer, packet, size);
att_run_for_context(att_server);
break;
}
}
