This moves check_perm code under GAT and make use of it to check if CCC
write permission can be attended by the connection security level or if
it needs to be increased.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This adds support to set different permissions to CCCD so security can
be checked when enabling notification which conforms to:
BLUETOOTH CORE SPECIFICATION Version 5.1 | Vol 3, Part G page 2360:
'3.3.3.3 Client Characteristic Configuration
Authentication and authorization may be required by the server to
write the configuration descriptor.'
In addition to that also ensure that notification are not re-enabled
until the proper security level is reached to conform to the following
statement:
'10.3.1.1 Handling of GATT indications and notifications
A client “requests” a server to send indications and notifications
by appropriately configuring the server via a Client Characteristic
Configuration Descriptor. Since the configuration is persistent
across a disconnection and reconnection, security requirements must
be checked against the configuration upon a reconnection before
sending indications or notifications. When a server reconnects to a
client to send an indication or notification for which security is
required, the server shall initiate or request encryption with the
client prior to sending an indication or notification. If the client
does not have an LTK indicating that the client has lost the bond,
enabling encryption will fail.'
Fixes#17983
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Add GATT initializer macro for GATT CCC and allow the
BT_GATT_CCC_MANAGED to accept an already initialized CCC user data.
This allows the application to specify the storage location of the CCC
user data.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Adds additional model callback that gets called on node_reset. Will also
erase any user data when this happens.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
Adds user data file in the model settings, allowing each model instance
to store some application specific data without having to reinvent the
settings path encoding for model element/ID combinations. Exposes the
settings_handler interface in the model callback structure and adds a
data store function.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
Adds a structure of callbacks for each model instance. This allows for
more flexible model implementations, that can interact with the Mesh
stack without going through the application.
For now, only an init callback is added, replacing the init mechanism in
the foundation models. The init callback does not provide the primary
flag that used to be in the foundation model callbacks, but replaces
this with an inline function in access.h.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
Add iterator function to iterate over all connection objects.
Make type a bitmap so that it can be used as a bitmask to select which
conns to receive foreach callback.
Use foreach function internally where possible.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Allows the user to pass a provisioning input complete callback to the
provisioning module, letting the application stop displaying its output
OOB value when the other party finishes their OOB input.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
Endianness bug fix in bt_uuid_create function.
Replaced bt_uuid_create_le with bt_uuid_create which
handles both UUID from air and internal varaiable.
Fixed bug with endianess in case of big endian targets.
Signed-off-by: Akshatha Harishchandra <akhr@oticon.com>
Rename AUTHENTICATION, to AUTH, since this is a well established short
form of the word.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Rename bt_conn_security to bt_conn_set_security, this makes the API
naming more consistent.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Rename security level enum, using level and number instead of low,
medium, high and fips.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
A security vulnerability in the Bluetooth BR/EDR Bluetooth Core
specification versions 1.0 through 5.1 has been identified as
CVE-2019-9506. The Bluetooth BR/EDR encryption key negotiation
protocol is vulnerable to packet injection that could allow an
unauthenticated user to decrease the size of the entropy of the
encryption key, potentially causing information disclosure and/or
escalation of privileges via adjacent access. There is not currently
any knowledge of this being exploited.
From Core spec erratum 11838:
A device shall enforce an encryption key with at least 128-bit
equivalent strength for all services that require Security Mode 4,
Level 4. For all other services that require encryption, a device
should enforce an encryption key with at least 56-bit equivalent
strength, irrespective of whether the remote device supports Secure
Simple Pairing.
After encryption has been enabled, the Host should check the
encryption key size using either the HCI_Read_Encryption_Key_Size
command (see [Vol 2] Part E, Section 7.5.7) or a vendor-specific
method.
Fixes#18658
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Add option to force the host to initiate pairing procedure even if the
host has encryption keys for the peer.
This option can be used to pair with a bonded peer that has deleted its
bonding information without deleting the keys. If new pairing results
in weaker keys the pairing will be aborted.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add security error to security_changed callback. Call this callback when
security has failed and provide current security level and error.
Reason for failure can be.
- Pairing procedure failed, pairing aborted before link encryption.
- Link encrypt procedure failed
- Link key refresh procedure failed.
Fix missing bt_conn_unref on encryption key refresh with error status.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Stop the pairing procedure in the request phase if no storage is
available for the keys. This avoids the pairing procedure from failing
during the key distribution phase.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
This changes to the sentence about how attribute parameter is used when
notifying by UUID to sound proper english.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This removes the necessity of registering the storage for CCC and make
it part of the declaration itself.
Fixes#18547
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This adds support to provide an UUID to bt_gatt_indicate so API user
don't need to hardcode the attribute offset by hand.
Fixes#18572
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Several advertising options were not being picked into the
documentation due to missing doxygen markers.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Consistently place C++ use of extern "C" after all include directives,
within the negative branch of _ASMLANGUAGE if used.
Background from issue #17997:
Declarations that use C linkage should be placed within extern "C"
so the language linkage is correct when the header is included by
a C++ compiler.
Similarly #include directives should be outside the extern "C" to
ensure the language-specific default linkage is applied to any
declarations provided by the included header.
See: https://en.cppreference.com/w/cpp/language/language_linkage
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Add whitelist support in the bluetooth host.
Supported features:
- Advertising with whitelist on scan requests, connect request ,or both
- Scanning with whitelist
- Creating connections using a whitelist (Auto connection procedure).
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Use the src and dst naming to refer to the identity addresses of the
connection. Keep the device addresses used during connections but rename
them to local and remote instead.
Update documentation to be more descriptive.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Find by type does only accept a UUID with the same length as the UUID
which is stored in the internal list. If a UUID is stored in the short
16 bit format then a request with 128 bit UUID will fail.
Add support for the missing formats.
Signed-off-by: Kim Sekkelund <ksek@oticon.com>
The string "xx:xx:xx:xx:xx:xx (random-id)" is 30 characters including
zero termination.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
This introduces a new flag (BT_GATT_SUBSCRIBE_WRITE_PENDING) which is
set when a write operation requires canceling before the parameters can
be reused.
Fixes#17534
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Bluetooth address parsing has been duplicated across the different
sub-shell files. Also missing parsing of identity/resolved addresses.
Move parsing of string close to parsing to string for a symmetrical API
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
This commit moves the BLE GATT heart rate service from
samples/bluetooth/gatt to subsys/bluetooth/services and adds a Kconfig
entry to enable and configure the service.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
This commit moves the BLE GATT Battery service
from /samples/bluetooth/gatt to /subsys/bluetooth/services and
adds a Kconfig entry to enable and configure the service;
when enabled, it will register itself automatically.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Adding Health Thermometer Service sample. Refer to Health Thermometer
Profile Specification for detailed information about the Health
Thermometer Profile.
Signed-off-by: Aaron Tsui <aaron.tsui@outlook.com>
Introduce a separate buffer pool for events which the HCI driver
considers discardable. Examples of such events could be e.g.
Advertising Reports. The benefit of having such a pool means that the
if there is a heavy inflow of such events it will not cause the
allocation for other critical events to block and may even eliminate
deadlocks in some cases.
Also update all mesh samples not to specify explicit RX buffer counts
anymore. Instead, create appropriate defaults in Kconfig so that we
only need to override this in the app for cases like the bbc:microbit
with limited memory.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
This event is a priority one, so it's not safe to have it use the RX
buffer pool which may be depleted due to non-priority events (e.g.
advertising events). Since the event is consumed synchronously it's
safe to have a single-buffer pool for it. Also introduce a new
bt_buf_get_evt() API for HCI drivers to simplify the driver-side code,
this effectively also deprecates bt_buf_get_cmd_complete() which now
has no in-tree HCI driver users anymore.
Fixes#16864
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
move misc/util.h to sys/util.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/slist.h to sys/slist.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/printk.h to sys/printk.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move atomic.h to sys/atomic.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The string returned by bt_uuid_str() is not in ROM so log_strdup()
must be used on it. This also eliminates the following kind of warning
messages: "<err> log: argument 3 in log message "%s: start_handle
0x%04x end_handle 0x%04x type %s" missing log_strdup()."
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Although the Characteristic Value descriptor is required to be
immediately after the characteristic descriptor, the specification
allows for gaps in the corresponding Attribute handles. Use the value
handle from the characteristic descriptor for value reads.
See BLUETOOTH CORE SPECIFICATION Version 5.1 Vol 3, Part G section 2.5.1
(p. 2345), first paragraph.
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Found a few annoying typos and figured I better run script and
fix anything it can find, here are the results...
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Commit b65fe62719 updated the minimum
required net_buf user data to 8 bytes, so increase this define as
well. It has no other practical purpose except to trigger build
asserts if the user data is for some reason ever decreased below this
minimum.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
This API had several issues:
- The parameter types and order were inconsistent with e.g.
bt_le_adv_start()
- There were no real users of num_params, which just caused increased
code size and memory consumption for no good reason.
- The error handling policy was arbitrary: if one of the
notifications would fail it would be impossible for the caller to
know if some notifications succeeded, i.e. at what point the
failure happened. Some callers might also want to make note of the
failure but continue trying to notify for the remaining parameters.
The first issue is easily fixable, but because of the other two I
think it's best we don't have this code as part of the stack, rather
require whoever needs it to do the for loop themselves. It's just a
few lines of code, so the benefit of having this in the stack was
anyway quite minimal.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Since the bt_mesh_msg_ctx struct no longer has a size that is a
multiple of 2, the bitfields might as well be made to normal types
as this will minimize the code generated to access them.
Signed-off-by: Tobias Svehagen <tobias.svehagen@gmail.com>
By moving the rssi value from the bt_mesh_net_rx struct to the
bt_mesh_msg_ctx struct, it will be available to applications via
the mesh op callbacks.
Signed-off-by: Tobias Svehagen <tobias.svehagen@gmail.com>
This moves the processing packets of upper layers from RX thread to the
system workqueue so they have the same priority as the TX callbacks
which has the added benefit of making any protocol on top of L2CAP to
be executed using system wq stack.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This documents the context in which callbacks are run, that is now
the System Workqueue.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
