static void att_packet_handler(uint8_t packet_type, uint16_t handle, uint8_t *packet, uint16_t size){ if (packet_type != ATT_DATA_PACKET) return; att_response_handle = handle; att_response_size = att_handle_request(&att_connection, packet, size, att_response_buffer); att_try_respond(); }
int l2cap_send_prepared_connectionless(uint16_t handle, uint16_t cid, uint16_t len){ att_connection_t att_connection; att_init_connection(&att_connection); uint8_t response[max_mtu]; uint16_t response_len = att_handle_request(&att_connection, l2cap_get_outgoing_buffer(), len, &response[0]); if (response_len){ att_packet_handler(ATT_DATA_PACKET, gatt_client_handle, &response[0], response_len); } return 0; }
// pre: att_server->state == ATT_SERVER_REQUEST_RECEIVED_AND_VALIDATED // pre: can send now // returns: 1 if packet was sent static int att_server_process_validated_request(att_server_t * att_server){ l2cap_reserve_packet_buffer(); uint8_t * att_response_buffer = l2cap_get_outgoing_buffer(); uint16_t att_response_size = att_handle_request(&att_server->connection, att_server->request_buffer, att_server->request_size, att_response_buffer); #ifdef ENABLE_ATT_DELAYED_READ_RESPONSE if (att_response_size == ATT_READ_RESPONSE_PENDING){ // update state att_server->state = ATT_SERVER_READ_RESPONSE_PENDING; // callback with handle ATT_READ_RESPONSE_PENDING att_server_client_read_callback(att_server->connection.con_handle, ATT_READ_RESPONSE_PENDING, 0, NULL, 0); // free reserved buffer l2cap_release_packet_buffer(); return 0; } #endif // intercept "insufficient authorization" for authenticated connections to allow for user authorization if ((att_response_size >= 4) && (att_response_buffer[0] == ATT_ERROR_RESPONSE) && (att_response_buffer[4] == ATT_ERROR_INSUFFICIENT_AUTHORIZATION) && (att_server->connection.authenticated)){ switch (gap_authorization_state(att_server->connection.con_handle)){ case AUTHORIZATION_UNKNOWN: l2cap_release_packet_buffer(); sm_request_pairing(att_server->connection.con_handle); return 0; case AUTHORIZATION_PENDING: l2cap_release_packet_buffer(); return 0; default: break; } } att_server->state = ATT_SERVER_IDLE; if (att_response_size == 0) { l2cap_release_packet_buffer(); return 0; } l2cap_send_prepared_connectionless(att_server->connection.con_handle, L2CAP_CID_ATTRIBUTE_PROTOCOL, att_response_size); // notify client about MTU exchange result if (att_response_buffer[0] == ATT_EXCHANGE_MTU_RESPONSE){ att_emit_mtu_event(att_server->connection.con_handle, att_server->connection.mtu); } return 1; }
static void att_packet_handler(uint8_t packet_type, uint16_t handle, uint8_t *packet, uint16_t size){ if (packet_type != ATT_DATA_PACKET) return; // handle value indication confirms if (packet[0] == ATT_HANDLE_VALUE_CONFIRMATION && att_handle_value_indication_handle){ run_loop_remove_timer(&att_handle_value_indication_timer); uint16_t att_handle = att_handle_value_indication_handle; att_handle_value_indication_handle = 0; att_handle_value_indication_notify_client(0, att_connection.con_handle, att_handle); return; } // directly process commands // note: signed write cannot be handled directly as authentication needs to be verified if (packet[0] == ATT_WRITE_COMMAND){ att_handle_request(&att_connection, packet, size, 0); return; } // check size if (size > sizeof(att_request_buffer)) { log_info("att_packet_handler: dropping att pdu 0x%02x as size %u > att_request_buffer %u", packet[0], size, (int) sizeof(att_request_buffer)); return; } // last request still in processing? if (att_server_state != ATT_SERVER_IDLE){ log_info("att_packet_handler: skipping att pdu 0x%02x as server not idle (state %u)", packet[0], att_server_state); return; } // store request att_server_state = ATT_SERVER_REQUEST_RECEIVED; att_request_size = size; memcpy(att_request_buffer, packet, size); att_run(); }
static void att_run(void){ switch (att_server_state){ case ATT_SERVER_IDLE: case ATT_SERVER_W4_SIGNED_WRITE_VALIDATION: return; case ATT_SERVER_REQUEST_RECEIVED: if (att_request_buffer[0] == ATT_SIGNED_WRITE_COMMAND){ log_info("ATT Signed Write!"); if (!sm_cmac_ready()) { log_info("ATT Signed Write, sm_cmac engine not ready. Abort"); att_server_state = ATT_SERVER_IDLE; return; } if (att_request_size < (3 + 12)) { log_info("ATT Signed Write, request to short. Abort."); att_server_state = ATT_SERVER_IDLE; return; } if (att_ir_lookup_active){ return; } if (att_ir_le_device_db_index < 0){ log_info("ATT Signed Write, CSRK not available"); att_server_state = ATT_SERVER_IDLE; return; } // check counter uint32_t counter_packet = READ_BT_32(att_request_buffer, att_request_size-12); uint32_t counter_db = le_device_db_remote_counter_get(att_ir_le_device_db_index); log_info("ATT Signed Write, DB counter %u, packet counter %u", counter_db, counter_packet); if (counter_packet < counter_db){ log_info("ATT Signed Write, db reports higher counter, abort"); att_server_state = ATT_SERVER_IDLE; return; } // signature is { sequence counter, secure hash } sm_key_t csrk; le_device_db_csrk_get(att_ir_le_device_db_index, csrk); att_server_state = ATT_SERVER_W4_SIGNED_WRITE_VALIDATION; log_info("Orig Signature: "); hexdump( &att_request_buffer[att_request_size-8], 8); sm_cmac_start(csrk, att_request_size - 12, att_request_buffer, counter_packet, att_signed_write_handle_cmac_result); return; } // NOTE: fall through for regular commands case ATT_SERVER_REQUEST_RECEIVED_AND_VALIDATED: if (!l2cap_can_send_fixed_channel_packet_now(att_connection.con_handle)) return; l2cap_reserve_packet_buffer(); uint8_t * att_response_buffer = l2cap_get_outgoing_buffer(); uint16_t att_response_size = att_handle_request(&att_connection, att_request_buffer, att_request_size, att_response_buffer); // intercept "insufficient authorization" for authenticated connections to allow for user authorization if ((att_response_size >= 4) && (att_response_buffer[0] == ATT_ERROR_RESPONSE) && (att_response_buffer[4] == ATT_ERROR_INSUFFICIENT_AUTHORIZATION) && (att_connection.authenticated)){ switch (sm_authorization_state(att_client_addr_type, att_client_address)){ case AUTHORIZATION_UNKNOWN: l2cap_release_packet_buffer(); sm_request_authorization(att_client_addr_type, att_client_address); return; case AUTHORIZATION_PENDING: l2cap_release_packet_buffer(); return; default: break; } } att_server_state = ATT_SERVER_IDLE; if (att_response_size == 0) { l2cap_release_packet_buffer(); return; } l2cap_send_prepared_connectionless(att_connection.con_handle, L2CAP_CID_ATTRIBUTE_PROTOCOL, att_response_size); // notify client about MTU exchange result if (att_response_buffer[0] == ATT_EXCHANGE_MTU_RESPONSE){ att_emit_mtu_event(att_connection.con_handle, att_connection.mtu); } break; } }
static void att_packet_handler(uint8_t packet_type, uint16_t handle, uint8_t *packet, uint16_t size){ att_server_t * att_server; switch (packet_type){ case HCI_EVENT_PACKET: switch (packet[0]){ case L2CAP_EVENT_CAN_SEND_NOW: att_server_handle_can_send_now(); break; case ATT_EVENT_MTU_EXCHANGE_COMPLETE: // GATT client has negotiated the mtu for this connection att_server = att_server_for_handle(handle); if (!att_server) break; att_server->connection.mtu = little_endian_read_16(packet, 4); break; default: break; } break; case ATT_DATA_PACKET: log_debug("ATT Packet, handle 0x%04x", handle); att_server = att_server_for_handle(handle); if (!att_server) break; // handle value indication confirms if (packet[0] == ATT_HANDLE_VALUE_CONFIRMATION && att_server->value_indication_handle){ btstack_run_loop_remove_timer(&att_server->value_indication_timer); uint16_t att_handle = att_server->value_indication_handle; att_server->value_indication_handle = 0; att_handle_value_indication_notify_client(0, att_server->connection.con_handle, att_handle); return; } // directly process command // note: signed write cannot be handled directly as authentication needs to be verified if (packet[0] == ATT_WRITE_COMMAND){ att_handle_request(&att_server->connection, packet, size, 0); return; } // check size if (size > sizeof(att_server->request_buffer)) { log_info("att_packet_handler: dropping att pdu 0x%02x as size %u > att_server->request_buffer %u", packet[0], size, (int) sizeof(att_server->request_buffer)); return; } // last request still in processing? if (att_server->state != ATT_SERVER_IDLE){ log_info("att_packet_handler: skipping att pdu 0x%02x as server not idle (state %u)", packet[0], att_server->state); return; } // store request att_server->state = ATT_SERVER_REQUEST_RECEIVED; att_server->request_size = size; memcpy(att_server->request_buffer, packet, size); att_run_for_context(att_server); break; } }