Implementation of the enhanced provisioning authentication (EPA)
that is based on SHA256 and HMAC security algorithms.
OOB authentication mandates EPA usage.
Co-authored-by: Krzysztof Kopyściński <krzysztof.kopyscinski@codecoup.pl>
Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>
Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
Add a callback similar to net_recv that notifies the application when a
message is received in access layer. This is is useful for testing
purposes (especially automated testing).
Signed-off-by: Michał Narajowski <michal.narajowski@codecoup.pl>
If an event with corrupted length arrives, the extra check makes the
handler return early to avoid reading data out of bounds.
Signed-off-by: Arkadiusz Kozdra <akozdra@antmicro.com>
This gives our users some indication of why they are not receiving
long advertisements.
Signed-off-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>
If getting the conn info of an ISO channel, the ISO channel may
not yet have an ACL connection, so we cannot get the
ACL source and destination addresses from the ACL.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
When `CONFIG_BT_SETTINGS_DELAYED_STORE` is enabled, reschedule the storage
work immediately instead of processing it in the current context.
When that config is not enabled, process the storage in the current
context.
Processing this work (i.e. using the settings API and its likely
FLASH-based backend) in the current context (cooperative prio) may mess
with the real-time constraints of the application threads.
Fixes#55067.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
If an event with corrupted length arrives, the extra check makes the
handler return early to avoid reading data out of bounds.
Signed-off-by: Arkadiusz Kozdra <akozdra@antmicro.com>
Fixes a segfault if a discovery event happens while discovery is not
active and the discovery callback is null.
Signed-off-by: Arkadiusz Kozdra <akozdra@antmicro.com>
There is a touchy spot where registering a service might result in sending
service changed indications that are not necessary. This is due to a race
condition between the SC work and the GATT DB hash being calculated.
Only allow users to call this API when we know it is safe:
- either before BT is initialized
- or after settings have been loaded (and hash calculated)
Fixes#54047
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Prevent race condtions between the stack and the low-priority thread by
calculating the hash (and acting on it, e.g. for marking peers
change-aware, sending SC indications, etc) in the settings_load() context.
Fixes#54773
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
`ATT_PENDING_SENT` wasn't cleared when L2CAP reported an error when sending
the packet. This resulted in the channel being unusable for ever, since we
only clear that bit on a response (that will never be sent).
Found when setting `CONFIG_SYS_CLOCK_TICKS_PER_SEC=32768` in the
`notify_multiple` test. The kicker was the bug didn't manifest when EATT
wasn't enabled:
- we were queuing two unsubscribes back to back in the test
- on UATT we have to wait for a req-rsp pair before enqueuing a new one
- on UATT we only have one channel anyways
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Commit 2c00dd5fec ("Bluetooth: host: check net bufs have enough room in
user_data") added a build time check of user data size. This check does not
pass with default CONFIG_BT_CONN_TX_USER_DATA_SIZE=8 and with
`native_posix_64` platform, as 16 bytes are needed in order to store
`struct tx_meta`.
Select 16 as default value for 64bit platforms, so Bluetooth samples/tests
are buildable for `native_posix_64`.
Signed-off-by: Marcin Niestroj <m.niestroj@emb.dev>
Since we accept buffers from external sources in L2CAP, we need to make
sure that we have enough room in user data to store the metadata necessary
for fragmentation over the HCI link.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Assignment to br_chan should be placed after the call of server->accept().
Otherwise, br_chan will always be a null pointer.
Signed-off-by: Mingjie Shen <shen497@purdue.edu>
Previously we would call conn_cleanup for all connections,
however this had multiple problems such as:
-Not destroying conn->tx_pending packets and causing an assert
-Calling conn_cleanup for connectable adv, triggering
disconnected callback
Now we will use bt_conn_set_state to manage the teardown of
connections correctly. First, if in connected or disconnecting,
set state to disconnect complete. Then for all states, set
state to disconnected. This will carry out proper cleanup
and teardown when required.
To do this, it was required to keep the tx_thread open as
this is used in disconnecting teardown, so this has been
moved to below the conn_cleanup_all call.
Signed-off-by: Sean Madigan <sean.madigan@nordicsemi.no>
The warning was visible even when `bt_le_adv_stop()` was successful, which
is confusing to end-users.
Signed-off-by: Paul Adelsbach <paul@boxsection.org>
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
`rp->le_max_num` was passed unchecked into `k_sem_init()`, this could
lead to the value being uninitialized and an unknown behavior.
To fix that issue, the `rp->le_max_num` value is checked the same way as
`bt_dev.le.acl_mtu` was already checked. The same things has been done
for `rp->acl_max_num` and `rp->iso_max_num` in
`read_buffer_size_v2_complete()` function.
Signed-off-by: Théo Battrel <theo.battrel@nordicsemi.no>
The SC indication can be sent only if the GATT Service Changed is
enabled in the configuration. Change fixes build issues related to
implicit sc_indicate declaration when Service Changed is disabled.
Fixes: #54813
Signed-off-by: Marek Pieta <Marek.Pieta@nordicsemi.no>
Change removes GATT Client dependency for storing CCC and CF on pairing
complete and identity resolved. These features are needed also if GATT
Client role is disabled.
Signed-off-by: Marek Pieta <Marek.Pieta@nordicsemi.no>
On bond establishment: save the CF and CCC data that have been written
before the peer was bonded.
On identity resolved: update the CF data to use the peer's identity address
instead of its private address (same as is currently done for the CCC).
Fixes#54770.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Fixes a bug introduced in the previous refactoring: we would always mark
all peers as change-unaware. Now we only do so when the hash has been
recalculated.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Previously, if the app registered a bunch of services at boot before
calling `settings_load()`, then the hash would be silently overwritten.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
The spec says we have to persist the change-aware status of bonded peers
between resets.
This stores it at the end of the CF storage that we currently have.
Fixes#54173
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Store the Client supported features value when it is written to, instead of
only on disconnection/identity resolved.
Works around the situation where a user bonds, CF is written and the device
is abruptly powered off, discarding the CF value, but keeping the bond.
Fixes#54172.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Refactoring the periodic advertisment report receive function
to make the handling of data reassembly more readable.
Signed-off-by: Pierce Lowe <pierce.lowe@nordicsemi.no>
This changes the periodic scanner to drop periodic adv
reports with incomplete data. This avoids incorrect data
being sent to application in the case where the periodic
adv data is not successfully received by the scanner.
Fixes zephyrproject-rtos#54072
Signed-off-by: Pierce Lowe <pierce.lowe@nordicsemi.no>
9.4.2 section, Part C, Vol 3 of the Bluetooth Core specification v5.3
states the following in the case that the device is in non-bondable
mode:
If Security Manager pairing is supported, the Host shall set the
Bonding_Flags to ‘No Bonding’ as defined in [Vol 3] Part H, Section
3.5.1 and bonding information shall not be exchanged or stored.
Fixes#54104
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Redefine mask of host-controlled feature bits to include only features
that are supported by the controller. This fixes a conformance test
failure where setting an unsupported host-controlled feature bit was
not rejected as it should.
Set the Connected Isochronous Streams (Host Support) bit from the host
only if unicast support is configured to avoid failures in
broadcast-only configurations.
Signed-off-by: Wolfgang Puffitsch <wopu@demant.com>
When using extended advertising commands, the advertising set is not
considered to be over until we receive `BT_HCI_EVT_LE_ADV_SET_TERMINATED`
from the controller. Only then do we clear the `BT_ADV_ENABLED` flag.
The problem is that `bt_le_adv_resume` is called on connection established,
which can happen before adv set terminated, and in that case it will
early-return because `BT_ADV_ENABLED` is still set.
This change triggers `bt_le_adv_resume` when we get
`BT_HCI_EVT_LE_ADV_SET_TERMINATED`.
Fixes#53048
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
allow disabling reports (synchronise but don't generate sync reports)
and allows enabling sync reporting with filtering of duplicates.
the default option remains to establish sync, with sync reports,
but without duplicate filtering.
Signed-off-by: Raphael Treccani-Chinelli <raphael.treccani@nordicsemi.no>
Wait until encrypt change to trigger the re-subscription quirk.
Otherwise it could fail with insufficient security.
Also gate it behind a kconfig to make apparent its dependencies:
If `add_subscriptions()` is executed in the first place, that means that
the device was bonded and thus that it has to encrypt the link eventually.
`BT_GATT_AUTO_SEC_REQ` should take care of that.
Also add a new flag to `bt_gatt_subscribe_params` to not send the same CCC
write multiple times in some cases.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Co-authored-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>
This reverts commit 5824ac90ecd8dd06d9ea117d345dbc6b069e5840.
The resulting revert takes into account changes to the predicate that
guards the use of `resp_addr`.
In the resulting revert, the predicate guarding the use of `resp_addr`
is differs from the naive revert because the intention of that predicate
is to know when `conn.c:bt_conn_le_create` decided to use the Host
resolver. And, the logic in `conn.c:bt_conn_le_create` has changed. The
changes to the logic in `conn.c` are in the following commits:
89780d715d5a09325ba9
Signed-off-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>
Unit test project for bt_keys_update_usage().
This part of subsys/bluetooth/host/keys.c unit testing.
Signed-off-by: Ahmed Moheb <ahmed.moheb@nordicsemi.no>
The call to bt_adv_reset_adv_pool is only required in the
broadcaster role, and not in the observer role, regardless
of the setting of CONFIG_BT_EXT_ADV
As the code was this call was also made for the observer.
Note: handling of the setting of CONFIG_BT_EXT_ADV
is already handled in the bt_adv_reset_adv_pool function
Signed-off-by: Andries Kruithof <andries.kruithof@nordicsemi.no>
There is special handling done for resolved addresses to convert
them to "regular" addresses for the upper layers.
This commits adds two helper functions to check if they are
resolved, and if so, then properly copied.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
We only expose random/public address types to the upper layers.
This is done by checking if the address type of events are
resolved addresses, and if so, then we translate them to
public/random.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Clear the `ATT_CONNECTED` flag when a channel is detached (could be after
an ATT timeout).
Also convert the assert checking it in `chan send` to an `if` test, since
the channel could be disconnected from a different thread than the one
triggering `chan_send`.
Fixes#53247.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
ISO Synchronized Receiver only builds do not transmit and
hence may not have any tx buffers allocated in a
Controller, leaving bt_dev.le.acl_pkts semaphore
uninitialized or bt_conn_get_pkts() returning NULL.
Do not use the semaphore if no Tx buffers allocated in a
Controller.
Regression in commit ef19c64f1b ("Bluetooth: host: poll on
CTLR buffers instead of host TX queue").
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
The way that the braodcast clause for handling failing
ISO data path would end up in the __ASSERT. It has been
slightly modified to make it use if-else properly.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
The macro BT_CONN_INTERVAL_TO_MS was used a fair amount
of places, but it often was used with integers. This meant
that sometimes the resulting (integer) value would be
incorrect, as something like 7.5ms interval would not
be properly stored as a integer in millisecond units.
Adding BT_CONN_INTERVAL_TO_US allows users to still use
integers to store the result, but in a more accurate unit.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
This fixes deadlock that happened waiting for meta data in system
workqueue.
The meta data always get freed in the system workqueue,
so if we're in the same workqueue but there are no immediate
contexts available, there's no chance we'll get one by waiting.
Fixes: #53455
Signed-off-by: Mariusz Skamra <mariusz.skamra@codecoup.pl>
