Change allows performing ECDH operations through system workq. This is
done to allow reducing memory consumption by disabling the long workq on
small SoCs.
Signed-off-by: Marek Pieta <Marek.Pieta@nordicsemi.no>
The BLE acronym is not an official description of Bluetooth
LE, and the Bluetooth SIG only ever refers to it as Bluetooth
Low Energy or Bluetooth LE, so Zephyr should as well.
This commit does not change any board or vendor specific
documentation, and the term BLE may still be used in those.
It will be up to the vendors to update it if they want,
since many of them are using the term BLE in their
products.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Added warning to the BT_RECV_WORKQ_SYS description
to explain the dangers by using this option.
Signed-off-by: Ingar Kulbrandstad <ingar.kulbrandstad@nordicsemi.no>
The BT Host module also uses import/export PSA functions alongside the
generate one, so these PSA_WANT should be added as well.
Previously it happened to work only because Mbed TLS is enabling
IMPORT/EXPORT internally whenever GENERATE/DERIVE is set. However the
same might not be true for all PSA Crypto providers.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This option only exposes internal APIs, so there should be no need to allow
applications to set an explicit value. Instead, users of the API should
select it through Kconfig.
Signed-off-by: Johan Hedberg <johan.hedberg@silabs.com>
Remove the HCI command & event emulation layer for ECDH commands and
events. This means that we always do the necessary operations in the host.
The existing BT_ECC Kconfig option stays, but now gets automatically
enabled when necessary (e.g. based on the BT_SMP option), which is why this
commit removes so many explicit assignments in prj.conf files.
Signed-off-by: Johan Hedberg <johan.hedberg@silabs.com>
Allow the user to disable the P256-M driver in case their version of
Mbed TLS does not support this driver.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Default the Minimum encryption key size to 16.
Key with reduced size is easier to brut force.
Disable LE legacy pairing by default since it's not secure.
These defaults should suite majority of newly developed applications.
It's better to use sensible more secure defaults,
so applications that really need less secure option consciously change it,
not the other way around.
This may help to prevent downgrade attacks.
Signed-off-by: Sergey Korotkov <sergey.korotkov@nordicsemi.no>
Deprecate BT_CTLR, and add a new HAS_BT_CTLR as a virtual option which
specific users (like BT_LL_SW_SPLIT) select. This also means that we can
remove all places that were forcefully enabling the BT_CTLR option, and
instead we now depend on devicetree to get some local LL HCI driver
enabled which in turn also enables the HAS_BT_CTLR option.
Signed-off-by: Johan Hedberg <johan.hedberg@silabs.com>
After the switch from TinyCrypt to PSA Crypto API as crypto
backend, runtime crashes might happen on some platform due
to BT_LONG_WQ's stack size not being large enough. This
commit fixes this issue.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
When BT_SEND_ECC_EMULATION and the platform uses Mbed TLS as PSA
Crypto provider, we select the Cortex-M software optimized
implementation of the secp256r1 curve algorithms. This is much
faster than the standard support provided by Mbed TLS and it
also reduces ROM footprint.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This commit sets PSA Crypto API as the default library to perform
ECC-DH in HCI, replacing TinyCrypt (which is being deprecated).
Therefore the symbol BT_TINYCRYPT_ECC is renamed as BT_SEND_ECC_EMULATION.
References in samples/tests are also fixed.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
CONFIG_BT_USE_PSA_API was used in BT crypto/host modules to select
PSA crypto API over TinyCrypt (which was the default until now).
Since TinyCrypt is being deprecated and PSA crypto API is the new
standard library for crypto operations, CONFIG_BT_USE_PSA_API is
no more needed.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This commit adds a warning and a Kconfig option to `bt_conn_le_create`
and `bt_conn_le_create_synced` functions which are meant to warn a user
of a potential leakage of an active connection object.
This change is implemented due to frequent incorrect use of the
connection pointer where a pointer to an existing connection object
is overwritten by `bt_conn_le_create` and `bt_conn_le_create_synced`
functions which in turns leads to sporadic critical bugs. See
https://github.com/zephyrproject-rtos/zephyr/pull/78284#discussion_r1754304535
for more details.
The Kconfig option is introduced instead of always returning the error
to not affect current implementations. However, it is recommended to
keep this option enabled to avoid potential bugs.
Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
This allows to select if device appearance requires encryption or
authentication or none. This makes it similar to what is implemented
for device name characteristic.
Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
Use a separate workqueue instead of system workqueue for connection TX
notify processing. This makes Bluetooth stack more independent from the
system workqueue.
Signed-off-by: Marek Pieta <Marek.Pieta@nordicsemi.no>
Removed the experimental status from the BT_BONDABLE_PER_CONNECTION
Kconfig option used in the Bluetooth Host SMP layer. This feature
has been present in Zephyr for over a year without any issue reports
or API modifications.
Signed-off-by: Kamil Piszczek <Kamil.Piszczek@nordicsemi.no>
CONFIG_BT_CONN_TX_USER_DATA_SIZE is now used for callbacks in the host.
We don't want to limit ourselves to that, so change the wording to be
more generic.
In the future, the plan is to not use user_data at all, removing the
need for the kconfig altogether.
Also rename the structure that was referenced in the docstring.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
- Made CCC_STORE_MAX configurable under the BT_SETTINGS
- Added a buffer overflow check on ccc_save
Fixes: #76838
Signed-off-by: Yago Fontoura do Rosario <yafo@demant.com>
It was pointed out in a future PR that they should have
a corresponding experimental Kconfig entry.
See PR #73795.
This updates the APIs added in PR #73826 and PR #74295.
Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
When using an encrypted broadcast, the previous value is no
longer enough and caused a stack overflow.
Slightly increased the value.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Utilize a code spell-checking tool to scan for and correct spelling errors
in all files within the subsys/bluetooth/host directory.
Signed-off-by: Pisit Sawangvonganan <pisit@ndrsolution.com>
By enabling CONFIG_BT_USE_PSA_API the user can specify to use
PSA APIs instead of TinyCrypt for crypto operations in bluetooth
host module.
This commit also extends tests/bluetooth/gatt in order to
add a PSA test.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
The HCI command LE Read Supported States command returns
if the controller supports running the scanner and initiator
roles in parallel.
This commit utilizes this information in the host:
- It does not prevent initiating a connection when the scanner is
running
- It does not prevent the host from restarting the background
scanner when there the host wants to auto-initiate a connection.
- It does not stop the scanner when the host wants to auto-initiate
a connection.
To support this feature, the scanner and initiator
always have to use the same address.
This because the HCI command LE Set Random Address
cannot be issued after the initiator or scanner has started.
1. When privacy is disabled, the scanner has to use its identity
address to ensure it uses the same address as the initiator.
2. Only one identity is supported.
To simplify the implementation, it is a requirement to use
extended advertising commands to avoid interfering with
the random address used by the advertiser(s).
Also, it is a requirement to never use time-limited scanning,
as RPA this feature does not work when privacy is being used.
See https://github.com/zephyrproject-rtos/zephyr/issues/73634.
The changes in this commit will be tested out of tree as the
Zephyr Bluetooth Controller does not support this functionality.
Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
The current TX pattern in the host is to try to push a buffer through all
the layers up until it is ingested by the controller.
Since sending can fail at any layer, we need error-handling and separate
retry logic on pretty much all layers. That logic obscures the "happy path"
for people trying ot understand the code.
This commit inverts the control, in a way that doesn't require changing the
host or HCI driver API (yet):
Layers don't send buffers synchronously, they instead put their buffer in a
private queue of their own and raise a TX flag on the lower layer. Think of
it as a `READY` interrupt line that has to be serviced by the lower layer.
Sending is now non-blocking, rate depends on the size of buffer pools.
There is a single TX processing function. This can be thought as the
Interrupt Service Routine that will handle the `READY` interrupt from the
layers above.
That `tx_processor()` will then attempt to allocate enough resources in
order to send the buffer through to the controller. This allocation logic
does not block.
After acquiring all the resources, the TX processor will attempt to pull
data from the upper layer. The upper layer has to figure out which buffer
to pass to the controller. This is a good spot to put scheduling or QoS
logic in the upper layer.
Notes:
- user-facing API for tuning QoS will be implemented in a future patch
- this scheme could (and probably will) be extended to upper layers (e.g.
ATT, L2CAP CoC segmentation).
- this patch removes the `pending_no_cb()` memory optimization for
clarity/correctness. It might get re-implemented after a stabilization
period. Hopefully with more documentation.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Co-authored-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>
Instead of allocating segments/fragments and copying data into them, we
allocate segments as "views" (or slices) into the original buffer.
The view also gives access to the headroom of the original buffer, allowing
lower layers to push their headers.
We choose not to allow multiple views into the same buffer as the headroom
of a view would overlap with the data of the previous view.
We mark a buffer as locked (or "in-view") by temporarily setting its
headroom to zero. This effectively stops create_view because the requested
headroom is not available.
Each layer that does some kind of fragmentation and wants to use views for
that needs to maintain a buffer pool (bufsize 0, count = max views) and a
metadata array (size = max views) for the view mechanism to work.
Maximum number of views: number of parallel buffers from the upper layer,
e.g. number of L2CAP channels for L2CAP segmentation or number of ACL
connections for HCI fragmentation.
Reason for the change:
1. prevent deadlocks or (ATT/SMP) requests timing out
2. save time (zero-copy)
3. save memory (gets rid of frag pools)
L2CAP CoC: would either allocate from the `alloc_seg` application callback,
or worse _steal_ from the same pool, or allocate from the global ACL pool.
Conn/HCI: would either allocate from `frag_pool` or the global ACL pool.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Co-authored-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>
`bt_conn_send_cb` used to allocate a TX context (K_FOREVER).
Instead, we now put the context in the userdata of the buffer.
This means that now this fn will never block and always succeed since the
tx_queue is a FIFO (infinite size). It just puts the buf on the queue.
The metadata is stored safely in there until we have acquired all the
necessary resources to send it to the controller without failing: TX
context and controller buffer.
I.e. when `bt_conn_process_tx` is called, that's when a TX context is
try-allocated and the contents of `buf->userdata` is moved into it.
The buffer is now ready to be sent to the lower layer.
`bt_conn_process_tx` will return -EWOULDBLOCK if it's not able to acquire a
TX context, this PR modifies `bt_conn_prepare_events` to respond to this by
also waiting on the TX context pool.
Unfortunately, this increases the required userdata size for any buffers
handed to `bt_conn_send_cb`. This will be fixed in a later commit.
Signed-off-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>
https://github.com/zephyrproject-rtos/zephyr/pull/72674 fixed
a bug where this configuration did not work.
Now that this configuration is tested, we should mark it
as supported.
The timeout check that was present in the code before
was useless and was not working because the check was
run before a default timeout of 0 was converted to a timeout.
Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
The driver isn't currently buildable due to "west blobs" support never
having been added for hal_telink. Furthermore, even if the blob
dependency is manually made available it turns out the code has
bitrotten to the point where it doesn't build anymore. This situation
has continued for several years without anyone taking action, so I think
it's safe to assume this is unmaintained and should be removed.
Signed-off-by: Johan Hedberg <johan.hedberg@gmail.com>
The default stack size of RFCOMM DLC is 256.
The default value is sufficient for basic operation.
If more stack space is used (such as call function printk)
in context of callback disconnected of RFCOMM DLC, the
default stack size is not sufficient.
Add a configuration BT_RFCOMM_DLC_STACK_SIZE to configure
the RFCOMM DLC stack size.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
To avoid the case that CONN_TX is available but RFCOMM_TX is
unavailable, set the default value of BT_RFCOMM_TX_MAX to
BT_CONN_TX_MAX.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Enabling vendor-specific extensions also implies support for vendor
events, so a separate Kconfig option for that is unnecessary.
One small additional thing this requires is the use of the
__maybe_unused annotation, since there's no-longer a single Kconfig
option that the controller hci.c can use to know that the vendor event
helper symbols are needed.
Signed-off-by: Johan Hedberg <johan.hedberg@gmail.com>
The naming of these two options was problematic, since it's both of them
are about vendor extensions, even though one has _EXT in the name and
the other doesn't. Just merge one option into the other. This has a
slight overhead on the controller side of enabling some more vendor
features if BT_HCI_VS is enabled, but that should hopefully be
acceptable.
Signed-off-by: Johan Hedberg <johan.hedberg@gmail.com>
In most cases these were defined as 1. Saving one byte for the rest
doesn't really justify the added complexity that comes with these
options. Removing them also simplifies the interface between HCI
transports/drivers and the host stack, which in turn helps pave the way
for having HCI as a proper Zephyr driver API.
Fixes#71907
Signed-off-by: Johan Hedberg <johan.hedberg@gmail.com>
Fix regression in BT_RX_STACK_SIZE use due to
commit b91728619c ("Bluetooth: host: remove
`CONFIG_BT_RECV_BLOCKING`").
Profiling of Controller Rx thread has been mentioned in
commit 586ba9fd13 ("Bluetooth: Controller: Increase
BT_RX_STACK_SIZE for BT_HCI_RAW enabled").
Also, move the TX_STACK_SIZE value as default in Kconfig
from the explicit value being set in hci_ipc sample.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
This config selects a variant of the HCI driver interface that spills
out host internals unto the drivers and even the Zephyr controller. It
will now be removed in favor of driver interfaces that hide the
internals of the host.
The new default is `CONFIG_BT_RECV_WORKQ_BT`.
Any references to the removed kconfig are refactored out.
Any out-of-tree driver using the removed interface can be easily adapted
by copying the following implementations into the driver as private
functions:
- `hci_driver.h:BT_HCI_EVT_FLAG_RECV_PRIO`
- `hci_driver.h:BT_HCI_EVT_FLAG_RECV`
- `hci_driver.h:bt_hci_evt_get_flags`
- `hci_raw.c:bt_recv_prio`
In combination these symbols function as a interface adapter. These
symbols will be removed in this PR in subsequent commits.
Signed-off-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>
Currently, the upper layer cannot know
whether the data is successfully sent
through DLC.
Add a field "sent" for RFCOMM DLC ops.
Notify upper-layer of the sending
result through the field "sent".
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
This commits create the dts binding for Ambiq BT HCI instance.
And create the SPI based common HCI driver for Ambiq Apollox
Blue SoC and the extended soc driver for HCI.
Signed-off-by: Aaron Ye <aye@ambiq.com>
Added a Kconfig option that makes the RPA sharing feature optional. By
default, the Zephyr Bluetooth stack now uses the RPA rotation policy
that was active before the introduction of the RPA sharing functionality
in the following PR:
https://github.com/zephyrproject-rtos/zephyr/pull/55449
The new Kconfig option configures the advertising sets linked with the
same Bluetooth identity to use the same Resolvable Private Address in
a given rotation period. After the RPA timeout, the new RPA is
generated and shared between the advertising sets in the subsequent
rotation period.
When this option is disabled, the generated RPAs of the advertising
sets differ from each other in a given rotation period.
Signed-off-by: Kamil Piszczek <Kamil.Piszczek@nordicsemi.no>
PR allows to get rid of tinycrypt objects from
the final binary of the ble mesh apps based on
PSA TFM crypto.
Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>
