1 /******************************************************************************
2  *
3  *  Copyright (C) 1999-2013 Broadcom Corporation
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 #include "common/bt_target.h"
20 //#include "bt_utils.h"
21 //#include "stack/gatt_api.h"
22 
23 #define LOG_TAG "bt_srvc"
24 //#include "osi/include/log.h"
25 #include "stdio.h"
26 #include "stdint.h"
27 #include "string.h"
28 
29 #include "bta/bta_api.h"
30 #include "bta/bta_gatt_api.h"
31 #include "device/controller.h"
32 
33 #include "gatt_int.h"
34 #include "common/bt_trace.h"
35 #include "stack/btm_api.h"
36 #include "stack/bt_types.h"
37 #include "dis_api.h"
38 
39 #if BLE_INCLUDED == TRUE
40 
41 #define UINT64_TO_STREAM(p, u64) {*(p)++ = (UINT8)(u64);       *(p)++ = (UINT8)((u64) >> 8);*(p)++ = (UINT8)((u64) >> 16); *(p)++ = (UINT8)((u64) >> 24); \
42                                     *(p)++ = (UINT8)((u64) >> 32); *(p)++ = (UINT8)((u64) >> 40);*(p)++ = (UINT8)((u64) >> 48); *(p)++ = (UINT8)((u64) >> 56);}
43 
44 #define STREAM_TO_UINT64(u64, p) {u64 = (((UINT64)(*(p))) + ((((UINT64)(*((p) + 1)))) << 8) + ((((UINT64)(*((p) + 2)))) << 16) + ((((UINT64)(*((p) + 3)))) << 24) \
45                                   + ((((UINT64)(*((p) + 4)))) << 32) + ((((UINT64)(*((p) + 5)))) << 40) + ((((UINT64)(*((p) + 6)))) << 48) + ((((UINT64)(*((p) + 7)))) << 56)); (p) += 8;}
46 
47 esp_bt_uuid_t           uuid = {LEN_UUID_16, {UUID_SERVCLASS_DEVICE_INFO}};
48 UINT16                  i = 0;
49 tDIS_ATTR_MASK          dis_mask;
50 static const UINT16     dis_attr_uuid[DIS_MAX_CHAR_NUM] = {
51     GATT_UUID_SYSTEM_ID,
52     GATT_UUID_MODEL_NUMBER_STR,
53     GATT_UUID_SERIAL_NUMBER_STR,
54     GATT_UUID_FW_VERSION_STR,
55     GATT_UUID_HW_VERSION_STR,
56     GATT_UUID_SW_VERSION_STR,
57     GATT_UUID_MANU_NAME,
58     GATT_UUID_IEEE_DATA,
59     GATT_UUID_PNP_ID
60 };
61 
62 tDIS_CB dis_cb;
63 
dis_uuid_to_attr(UINT16 uuid)64 static tDIS_ATTR_MASK dis_uuid_to_attr(UINT16 uuid)
65 {
66     switch (uuid) {
67     case GATT_UUID_SYSTEM_ID:
68         return DIS_ATTR_SYS_ID_BIT;
69     case GATT_UUID_MODEL_NUMBER_STR:
70         return DIS_ATTR_MODEL_NUM_BIT;
71     case GATT_UUID_SERIAL_NUMBER_STR:
72         return DIS_ATTR_SERIAL_NUM_BIT;
73     case GATT_UUID_FW_VERSION_STR:
74         return DIS_ATTR_FW_NUM_BIT;
75     case GATT_UUID_HW_VERSION_STR:
76         return DIS_ATTR_HW_NUM_BIT;
77     case GATT_UUID_SW_VERSION_STR:
78         return DIS_ATTR_SW_NUM_BIT;
79     case GATT_UUID_MANU_NAME:
80         return DIS_ATTR_MANU_NAME_BIT;
81     case GATT_UUID_IEEE_DATA:
82         return DIS_ATTR_IEEE_DATA_BIT;
83     case GATT_UUID_PNP_ID:
84         return DIS_ATTR_PNP_ID_BIT;
85     default:
86         return 0;
87     };
88 }
89 
90 /*******************************************************************************
91 **   dis_valid_handle_range
92 **
93 **   validate a handle to be a DIS attribute handle or not.
94 *******************************************************************************/
dis_valid_handle_range(UINT16 handle)95 BOOLEAN dis_valid_handle_range(UINT16 handle)
96 {
97     if (handle >= dis_cb.service_handle && handle <= dis_cb.max_handle) {
98         return TRUE;
99     } else {
100         return FALSE;
101     }
102 }
103 /*******************************************************************************
104 **   dis_write_attr_value
105 **
106 **   Process write DIS attribute request.
107 *******************************************************************************/
dis_write_attr_value(tGATT_WRITE_REQ * p_data,esp_gatt_status_t * p_status)108 UINT8 dis_write_attr_value(tGATT_WRITE_REQ *p_data, esp_gatt_status_t *p_status)
109 {
110     UNUSED(p_data);
111 
112     *p_status = GATT_WRITE_NOT_PERMIT;
113     return ESP_GATT_OK;
114 }
115 /*******************************************************************************
116 **   DIS Attributes Database Server Request callback
117 *******************************************************************************/
118 
119 /*******************************************************************************
120 **   dis_s_read_attr_value
121 **
122 **   Process read DIS attribute request.
123 *******************************************************************************/
dis_s_read_attr_value(tGATTS_DATA * p_data,tGATT_VALUE * p_value,UINT32 trans_id,UINT16 conn_id)124 void dis_s_read_attr_value (tGATTS_DATA *p_data, tGATT_VALUE *p_value, UINT32 trans_id, UINT16 conn_id)
125 {
126     tDIS_DB_ENTRY   *p_db_attr = dis_cb.dis_attr;
127     UINT8           *p = p_value->value, i, *pp;
128     UINT16          offset = p_data->read_req.offset;
129     tGATT_STATUS    st = ESP_GATT_NOT_FOUND;
130     UINT16          handle = p_data->read_req.handle;
131     bool            is_long = p_data->read_req.is_long;
132 
133     for (i = 0; i < DIS_MAX_CHAR_NUM; i ++, p_db_attr ++) {
134         if (handle == p_db_attr->handle) {
135             if ((p_db_attr->uuid == GATT_UUID_PNP_ID || p_db_attr->uuid == GATT_UUID_SYSTEM_ID) &&
136                     is_long == TRUE) {
137                 st = ESP_GATT_NOT_LONG;
138                 break;
139             }
140             st = ESP_GATT_NOT_FOUND;
141 
142             switch (p_db_attr->uuid) {
143             case GATT_UUID_MANU_NAME:
144             case GATT_UUID_MODEL_NUMBER_STR:
145             case GATT_UUID_SERIAL_NUMBER_STR:
146             case GATT_UUID_FW_VERSION_STR:
147             case GATT_UUID_HW_VERSION_STR:
148             case GATT_UUID_SW_VERSION_STR:
149             case GATT_UUID_IEEE_DATA:
150                 pp = dis_cb.dis_value.data_string[p_db_attr->uuid - GATT_UUID_MODEL_NUMBER_STR];
151                 if (pp != NULL) {
152                     if (strlen ((char *)pp) > GATT_MAX_ATTR_LEN) {
153                         p_value->len = GATT_MAX_ATTR_LEN;
154                     } else {
155                         p_value->len = (UINT16)strlen ((char *)pp);
156                     }
157                 } else {
158                     p_value->len = 0;
159                 }
160 
161                 if (offset > p_value->len) {
162                     st = ESP_GATT_INVALID_OFFSET;
163                     break;
164                 } else {
165                     p_value->len -= offset;
166                     pp += offset;
167                     ARRAY_TO_STREAM(p, pp, p_value->len);
168                     GATT_TRACE_EVENT("GATT_UUID_MANU_NAME len=0x%04x", p_value->len);
169                 }
170                 break;
171 
172 
173             case GATT_UUID_SYSTEM_ID:
174                 UINT64_TO_STREAM(p, dis_cb.dis_value.system_id); /* int_min */
175                 p_value->len = DIS_SYSTEM_ID_SIZE;
176                 break;
177 
178             case  GATT_UUID_PNP_ID:
179                 UINT8_TO_STREAM(p, dis_cb.dis_value.pnp_id.vendor_id_src);
180                 UINT16_TO_STREAM(p, dis_cb.dis_value.pnp_id.vendor_id);
181                 UINT16_TO_STREAM(p, dis_cb.dis_value.pnp_id.product_id);
182                 UINT16_TO_STREAM(p, dis_cb.dis_value.pnp_id.product_version);
183                 p_value->len = DIS_PNP_ID_SIZE;
184                 break;
185 
186             }
187             break;
188         }
189     }
190     tGATTS_RSP       rsp;
191     rsp.attr_value = *p_value;
192     esp_ble_gatts_send_rsp(conn_id, trans_id, st, &rsp);
193 
194 }
195 
196 
197 /*******************************************************************************
198 **
199 ** Function         DIS_Init
200 **
201 ** Description      Initialize the Device Information Service Server.
202 **
203 *******************************************************************************/
DIS_Init(esp_gatts_if_t gatt_if,tDIS_ATTR_MASK dis_attr_mask)204 void DIS_Init (esp_gatts_if_t gatt_if, tDIS_ATTR_MASK dis_attr_mask)
205 {
206 
207     tGATT_STATUS      status;
208     dis_mask = dis_attr_mask;
209     if (dis_cb.enabled) {
210         GATT_TRACE_ERROR("DIS already initalized");
211         return;
212     }
213 
214     memset(&dis_cb, 0, sizeof(tDIS_CB));
215 
216     esp_ble_gatts_create_srvc (gatt_if , &uuid, 0, DIS_MAX_ATTR_NUM, TRUE);
217 
218 }
219 /*******************************************************************************
220 **
221 ** Function         dis_AddChar
222 **
223 ** Description      add characteristic for dis
224 **
225 *******************************************************************************/
226 
dis_AddChar(UINT16 service_id)227 void dis_AddChar(UINT16 service_id)
228 {
229     //dis_cb.service_handle = service_id;
230     //dis_cb.max_handle = service_id + DIS_MAX_ATTR_NUM;
231     tDIS_DB_ENTRY        *p_db_attr = &dis_cb.dis_attr[0];
232     while (dis_mask != 0 && i < DIS_MAX_CHAR_NUM) {
233         uuid.uu.uuid16 = p_db_attr->uuid = dis_attr_uuid[i];
234         esp_ble_gatts_add_char(dis_cb.service_handle, &uuid, GATT_PERM_READ,
235                                GATT_CHAR_PROP_BIT_READ);
236         p_db_attr ++;
237         i ++;
238         dis_mask >>= 1;
239     }
240     /*start service*/
241     esp_ble_gatts_start_srvc(dis_cb.service_handle);
242     dis_cb.enabled = TRUE;
243 }
244 /*******************************************************************************
245 **
246 ** Function         DIS_SrUpdate
247 **
248 ** Description      Update the DIS server attribute values
249 **
250 *******************************************************************************/
DIS_SrUpdate(tDIS_ATTR_BIT dis_attr_bit,tDIS_ATTR * p_info)251 tDIS_STATUS DIS_SrUpdate(tDIS_ATTR_BIT dis_attr_bit, tDIS_ATTR *p_info)
252 {
253     UINT8           i = 1;
254     tDIS_STATUS     st = DIS_SUCCESS;
255 
256     if (dis_attr_bit & DIS_ATTR_SYS_ID_BIT) {
257         dis_cb.dis_value.system_id = p_info->system_id;
258     } else if (dis_attr_bit & DIS_ATTR_PNP_ID_BIT) {
259         dis_cb.dis_value.pnp_id.vendor_id         = p_info->pnp_id.vendor_id;
260         dis_cb.dis_value.pnp_id.vendor_id_src     = p_info->pnp_id.vendor_id_src;
261         dis_cb.dis_value.pnp_id.product_id        = p_info->pnp_id.product_id;
262         dis_cb.dis_value.pnp_id.product_version   = p_info->pnp_id.product_version;
263     } else {
264         st = DIS_ILLEGAL_PARAM;
265 
266         while (dis_attr_bit && i < (DIS_MAX_CHAR_NUM - 1 )) {
267             if (dis_attr_bit & (UINT16)(1 << i)) {
268                 if (dis_cb.dis_value.data_string[i - 1] != NULL) {
269                     osi_free(dis_cb.dis_value.data_string[i - 1]);
270                 }
271                 /* coverity[OVERRUN-STATIC] False-positive : when i = 8, (1 << i) == DIS_ATTR_PNP_ID_BIT, and it will never come down here
272                 CID 49902: Out-of-bounds read (OVERRUN_STATIC)
273                 Overrunning static array "dis_cb.dis_value.data_string", with 7 elements, at position 7 with index variable "i".
274                 */
275                 if ((dis_cb.dis_value.data_string[i - 1] = (UINT8 *)osi_malloc((UINT16)(p_info->data_str.len + 1))) != NULL) {
276 
277                     memcpy(dis_cb.dis_value.data_string[i - 1], p_info->data_str.p_data, p_info->data_str.len);
278                     dis_cb.dis_value.data_string[i - 1][p_info->data_str.len] = 0; /* make sure null terminate */
279                     st = DIS_SUCCESS;
280                 } else {
281                     st = DIS_NO_RESOURCES;
282                 }
283 
284                 break;
285             }
286             i ++;
287         }
288     }
289     return st;
290 }
291 #endif  /* BLE_INCLUDED */
292