Ignores "command disallowed" if the host privacy implementation tries
to change the device's random address while scanning or initiating.
This is not allowed by spec. It's caused by scan_update() in scan.c.
Signed-off-by: Olivier Lesage <olivier.lesage@nordicsemi.no>
To make the scanner module more understandable and more streamlined, I
reworked the update mechanism of the scanner. The scanner tracks now the
parameters that were used to enable it and the reason why it is running.
This facilitates state logic and allows other modules to "start the
scanner", altough it is already running.
This is mostly a refactoring and not a functional change.
Added a test to verify the behavior.
Signed-off-by: Jan Müller <jan.mueller@nordicsemi.no>
add to task
Utilize a code spell-checking tool to scan for and correct spelling errors
in all files within the subsys/bluetooth/host directory.
Signed-off-by: Pisit Sawangvonganan <pisit@ndrsolution.com>
Currently calls to these two functions fail unnecessarily when
CONFIG_BT_SMP is disabled. This fix allows identity resets
without having the BT_SMP stack enabled. The primary use case
is enabling random mac address rotation for privacy in memory
constrained SOCs. Fixes#73313
Signed-off-by: Patrick Patel <ppatel@micro-design.com>
Before this commit, the following bugs were present:
- When `CONFIG_BT_FILTER_ACCEPT_LIST` was set, connection establishment
was cancelled upon RPA timeout. This required the application
to restart the initiator every RPA timeout.
- When `CONFIG_BT_FILTER_ACCEPT_LIST` was not set, the RPA was not updated
while the initiator was running.
This commit unifies the RPA timeout handling for both these cases.
Upon RPA timeout the initiator is cancelled and restarted when
the controller raises the LE Connection Complete event.
The workqueue state is checked when restarting the initiator to prevent
it being restarted when the timeout is hit.
Corresponding test cases have been added to ensure that this
feature works.
Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
This function was used to shortcut HCI for combined host + controller
builds. It doesn't provide much value and adds complexity to the HCI
driver interface, so just remove it. This means vendor-specific HCI
commands is now the only way for the host to access the same
information.
Signed-off-by: Johan Hedberg <johan.hedberg@gmail.com>
The naming of these two options was problematic, since it's both of them
are about vendor extensions, even though one has _EXT in the name and
the other doesn't. Just merge one option into the other. This has a
slight overhead on the controller side of enabling some more vendor
features if BT_HCI_VS is enabled, but that should hopefully be
acceptable.
Signed-off-by: Johan Hedberg <johan.hedberg@gmail.com>
Make `bt_hci_cmd_send_sync` return `-EACCES` when receiving
`BT_HCI_ERR_CMD_DISALLOWED`.
Update some tests that were expecting `-EIO` when
getting `BT_HCI_ERR_CMD_DISALLOWED`.
Add a warning in `set_random_address` when getting that new error. This
is done in case someone try to set a new random address while legacy
advertising, scanning or initiating is enabled. This is illegal behavior
according to the Core Spec (see Vol 4, Part E 7.8.4).
Signed-off-by: Théo Battrel <theo.battrel@nordicsemi.no>
To make it easier to understand the code, the following was done:
- Use INITIATING/ADV for state names that are exclusive to central
or peripheral. Previously it was not necessarily clear that the state
BT_CONN_CONNECTING was for central only by just looking at where
it was used. The terms INITIATING/ADV were used in favor
of central and peripheral as these terms also work for SCO connection
establishment.
- BT_CONN_CONNECTING_SCAN -> BT_CONN_SCAN_BEFORE_INITIATING
to make it more clear that we are not scanning and connecting at
the same time. The new name should make it more clear why we are
scanning - only with the intention to start the initiator later.
- BT_CONN_CONNECTING_AUTO -> BT_CONN_INITIATING_FILTER_LIST.
This makes it clear that this state is something different than
BT_CONN_AUTO_CONNECT.
Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
The fix is to check if any of the adv set's rpa expired
callback returns false, then all adv sets continues with
the old RPA.
Note: Fix is applicable only to adv sets which shares the
same id.
Signed-off-by: Nithin Ramesh Myliattil <niym@demant.com>
This allows HCI drivers to expose vendor-specific functions to set the
public address.
Signed-off-by: Armin Brauns <armin.brauns@embedded-solutions.at>
Added a Kconfig option that makes the RPA sharing feature optional. By
default, the Zephyr Bluetooth stack now uses the RPA rotation policy
that was active before the introduction of the RPA sharing functionality
in the following PR:
https://github.com/zephyrproject-rtos/zephyr/pull/55449
The new Kconfig option configures the advertising sets linked with the
same Bluetooth identity to use the same Resolvable Private Address in
a given rotation period. After the RPA timeout, the new RPA is
generated and shared between the advertising sets in the subsequent
rotation period.
When this option is disabled, the generated RPAs of the advertising
sets differ from each other in a given rotation period.
Signed-off-by: Kamil Piszczek <Kamil.Piszczek@nordicsemi.no>
This change fixes uninitialized RPA values for advertising sets of
non-default Bluetooth identities. The regression has been introduced
in the following commit:
8d6b206064
The follow-up fix for the default Bluetooth identity has been
introduced in a separate commit:
88c20b9cdd
Non-default Bluetooth identities can be loaded from the Settings
subsystem. In this case, RPAs of related advertising sets to these
identities are left uninitialized as the bt_id_create() function
context is not executed. As a result, the RPA is not created for
advertising sets of non-default Bluetooth identities, and the
advertising is started with the 00:00:00:00:00:00 address.
Signed-off-by: Kamil Piszczek <Kamil.Piszczek@nordicsemi.no>
Allows the application to force the use of an NRPA.
This is applied regardless of any other roles running (ie scanner) or
advertising type.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Co-authored-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>
This commit wrap the `settings_set_one` and `settings_delete` functions
in `bt_settings_store_one` and `bt_settings_delete`. By doing that the
Bluetooth settings can be managed in a single place.
This commit also introduce a new API to manage Bluetooth storage with
`bt_settings_store_*` and `bt_settings_delete_*` functions. Each
Bluetooth settings key have their own store and delete functions. Doing
that so custom behavior for key can be done if necessary.
This change is motivated by a need of keeping track of different
persistently stored settings inside the Bluetooth subsystem. This will
allow a better management of the settings that the Bluetooth subsystem
is responsible of.
Signed-off-by: Théo Battrel <theo.battrel@nordicsemi.no>
Fix an issue causing a wrong Bluetooth identity value to be stored. It
was happening because the `bt_dev.id_count` was incremented after the
settings being stored.
To fix this, `bt_dev.id_count` is now incremented right before the ID
creation and is decremented if the ID creation failed.
Signed-off-by: Théo Battrel <theo.battrel@nordicsemi.no>
There is no need to store the RPA in bt_addr_le_t structure, as the
bt_addr_le_t.type is unused anyway. Both bt_rpa_create and
bt_id_set_adv_random_addr take bt_addr_t as parameter.
Saves 1 byte of address type.
Signed-off-by: Mariusz Skamra <mariusz.skamra@codecoup.pl>
This fixes uninitialized RPA value for BT_ID_DEFAULT.
The regression has been introduced in
8d6b206064.
As the result, the private address was not created and the advertising
was started with 00:00:00:00:00:00 address.
In case of the other advertising ID's, those are initialized
from id_create context.
Signed-off-by: Mariusz Skamra <mariusz.skamra@codecoup.pl>
Add check to see if RPA is already generated for adv sets
with same id. If generated use the same address for all adv sets
with same id else create new RPA.
Signed-off-by: Nithin Ramesh Myliattil <niym@demant.com>
The address could have changed. The issue linked (and bsim test in previous
commit) shows a scenario where that could happen:
- we start scanning, host will use NRPA
- we start advertising, host will use identity address
- a device connects (as a central)
-> advertising resume fails for some unrelated reason
- another device connects (as a peripheral)
- the central device disconnects, we resume scanning
- the peripheral disconnects, the stack resumes advertising
-> but it mistakenly advertises using the NRPA set by the scanner
Fixes#52059 .
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
The `bluetooth/common/log.h` and `bluetooth/common/log.c` files have been
removed. Files that were using them have been updated to use
`zephyr/logging/log.h` instead.
Those replacement have been done consequently:
- `/BT_DBG/LOG_DBG/`
- `/BT_ERR/LOG_ERR/`
- `/BT_WARN/LOG_WRN/`
- `/BT_INFO/LOG_INF/`
- `/BT_HEXDUMP_DBG/LOG_HEXDUMP_DBG/`
- `/BT_DBG_OBJ_ID/LOG_DBG_OBJ_ID/`
Also, some files were relying on the `common/log.h` include to include
`zephyr/bluetooth/hci.h`, in those cases the include of `hci.h` has
been added.
For files that were including `common/log.h` but not using any logs,
the include has been removed and not replaced.
Signed-off-by: Théo Battrel <theo.battrel@nordicsemi.no>
Call the RPA expired callback on advertising sets even when they are
not enabled.
The RPA expired callback will now be called on advertising sets
when the BT_ADV_RPA_VALID flag is cleared for the set.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix RPA timeout expiration when BT_EXT_ADV has been enabled.
Always invalidate the device RPA on RPA timeout.
This RPA is used by the scan roles, and the advertiser that was started
using the bt_le_adv_start API.
Call the RPA expire callback only on advertising sets that are enabled
and not being limited by a timeout and not using the identity address.
On RPA timeout always invalidate the RPA of advertising sets that are
disabled.
Fixes: #51208Fixes: #51228Fixes: #51247
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Functions related to string manipulation that were defined in
`common/log.h` has been moved to the `common/bt_str.h` file and their
implementation in `common/bt_str.c`.
Files that were using those functions has been updated consequently.
Signed-off-by: Théo Battrel <theo.battrel@nordicsemi.no>
This commit prevents the assertion error added in the previous commit,
by introducing the following behavior.
When the Host detects that a pairing procedue would result in more than
one local identity having a bond with the same remote address, it will
try to abort the pairing. If the pairing procedure cannot be properly
aborted, it will remove the pairing locally and disconnect.
This commit also introduces a new kconfig `BT_ID_UNPAIR_MATCHING_BONDS`.
This config changes the above-described behavior to instead un-pair the
old bond and continue with the pairing (if the new bond has the same or
better security.)
The new kconfig is not enabled by default. See the help text of the new
kconfig option for more details.
Signed-off-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>
This change prevents two local identities from having bonds to the same
device.
The Core specification is not well suited for Zephyr's multiple-local-
identities feature. The HCI specification seems written with intent that
a controller is used for only one GAP device. A GAP device has at most
one public address, and at most one random static address.
The Zephyr Bluetooth API, on the other hand, has a concept of local
identities. This feature allows the Zephyr Bluetooth stack to
simulatainously assume multiple local addresses. This does not mesh well
with the above intent in the specification.
In particular, the HCI specification for the resolve list does not allow
more than one entry for a remote address. The controller will deny any
attempts at doing this.
The current implementation of the Zephyr host will try the above and be
denied. But there is no handling for this situation and the host ends up
in a confused state. Some parts of the system are ok with the two bonds,
but other parts assume this situation never occurs behave badly.
The result is that the host confuses the multiple bonds to the same
device. Symtoms include:
- Directed advertisements have a different source address than what the
host intended, in which case the two sides are confused about the
address of the Zephyr advertiser, and as a result LTKs will not match.
- Errors in the log.
This commit simply asserts. This is not a solution, just a placeholder
for a fix. The next commit will implement a strategy for handling this
situation instead of failing this assert.
Signed-off-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>
Fix copying addresses returned in response to command
BT_HCI_OP_VS_READ_STATIC_ADDRS for reading controller static addresses.
The loop was iterating only over the destination locations while
keeping the source address pointing to the first location of
the command response.
Signed-off-by: Ahmed Moheb <ahmed.moheb@nordicsemi.no>
bt_id_del() was setting the bit 'BT_KEYS_ID_PENDING_ADD' instead
of setting the bit 'BT_KEYS_ID_PENDING_DEL'
Signed-off-by: Ahmed Moheb <ahmed.moheb@nordicsemi.no>
Increment the number of identities after a successful execution
of id_create() by checking if the return value is 0.
Signed-off-by: Ahmed Moheb <ahmed.moheb@nordicsemi.no>
There should be functional equivalence between these two forms. And the
'_eq'-form is more readable.
Signed-off-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>
Add error message logging for Advertising enable/disable at
RPA timeout when the resolvable address is updated.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Fix resolvable address update after RPA timeout with
Extended Advertising support enabled. As Extended
Advertising HCI Commands are being used to start legacy
advertising, incorrectly the local random address was being
used instead of using the random address populated in the
Extended Advertising set. BT_DEV_RPA_VALID is not cleared
when Extended Advertising HCI commands are used, hence the
local random address is not updated and the incorrect use
of it did not make any change to the advertising when
disabled and enabled at RPA timeout.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
This new option prevents the Host from using Controller-provided
identity roots. This potentially increases privacy.
Signed-off-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>
Move the flagging of `BT_DEV_STORE_ID` to a separate if-statement.
This clarifies the meaning of the code, and paves way for wrapping the
if-statement with the call to `bt_smp_irk_get` in another conditional.
Signed-off-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>
Added a new callback to the Bluetooth Extended Advertising callback
structure. It notifies the application that the RPA validity of the
advertising set has timed out. The user can use this callback to
synchronize the advertising payload update with the RPA rotation.
Signed-off-by: Kamil Piszczek <Kamil.Piszczek@nordicsemi.no>
Synced the start of the advertising sets after each RPA rotation
in the Bluetooth identity module.
Signed-off-by: Kamil Piszczek <Kamil.Piszczek@nordicsemi.no>
In order to bring consistency in-tree, migrate all subsystems code to
the new prefix <zephyr/...>. Note that the conversion has been scripted,
refer to zephyrproject-rtos#45388 for more details.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Validate `id` so that `bt_dev.irk[id]` cannot result in an out-of-bounds
access.
This fixes coverity report 239569.
Signed-off-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>
Add `ing` to the `BT_CONN_CONNECT` and `BT_CONN_DISCONNECT`
states, so that the name better matches the actual state.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Change the way the local IRKs are accessed to be consistent with the
all other uses.
Coverity thinks using the pointer to the array is suspicious in this
case.
Fixes: #38130
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add check that can be removed by the compiler since the rest is only
needed when multiple identities have been enabled.
Fixes: #38134
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Check the return value of bt_rand when creating identities.
Failure to generate a random IRK would result in the privacy feature
being compromised.
Fixes: #38120
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
