Align with the new inclusive naming terms in the v5.3 spec in the
Bluetooth Host implementation.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
The new inclusive naming terminology changes in v5.3 of the Bluetooth
specification affect the HCI layer, so apply all relevant changes to
align with it.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
The Bluetooth Core Specification, version 5.3, has introduced multiple
changes to several widely-used terms in order to make them inclusive.
Update the public API to reflect this, excluding hci.h, which will be
done in a subsequent commit.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
In the case where keys are distributed on an unencrypted link,
we got the following call trace:
- bt_smp_recv()
- smp_error()
- smp_pairing_complete()
- bt_conn_security_changed()
- smp_pairing_complete()
- bt_auth->pairing_failed()
- smp_reset()
- bt_auth->pairing_failed()
- smp_reset()
To avoid the second call to bt_auth->pairing_failed()
we validate the that smp flags before calling the callback.
Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
Adds defines for ECC public keys, private keys, DH keys and key
coordinates. Replaces raw numbers throughout.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
Fix key distribution not calling pairing complete callback when
distributing encryption information when not bonding.
Encryption information is only distributed in legacy pairing so issue
was only seen during legacy pairing.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Moving the key check after checking that no pairing or encryption
procedure is started fixes a race condition that is seen in some PTS
tests:
GATT/CL/GAR/BI-04-C
GATT/CL/GAR/BI-16-C
GATT/CL/GAR/BI-21-C
GATT/CL/GAW/BI-05-C
GATT/CL/GAW/BI-12-C
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Refactor the SMP channel context to in order to simplify the memset of
the struct in smp_init. This makes the code easier to read, and easier
to add more structs that should not be reset by memset.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix buffer leak in L2CAP and SMP when attempting to send over a
a connection that has been disconnected.
Both L2CAP and SMP now have ownership of the buffer in case of failure
to send it and need to unref it in case of send failure.
Change the return type of bt_l2cap_send since the user of this function
has to handle releasing of the buffer when this fails.
Regression from: a77f809faa47ff9922692d2b4eab33062b8a2b4d
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Ignore peer keypress notifications as a responder, allowing the pairing
procedure to continue instead of being aborted.
The Bluetooth LE specification does not specify a behavior, the
implementation has the choice of ignoring or aborting.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Overwrite the existing bond when the IRK of the existing bond could not
resolve the RPA of the peer. This would happen if the peer has deleted
the bond and replaced the IRK that was used.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Refactor update_keys_check helper function to operate on input keys
input. This allows the function to be re-used on a keys structure that
is not the current connection keys.
This also avoids the helper function changing the connection state.
The conn->le.keys pointer should at this point always have been
assigned, as central when sending the pairing request, and as peripheral
when receiving the pairing request at the very latest.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Log the security keys that the sniffer needs in order to sucessfully
decrypt the connection.
This option allows the sniffer to work in the cases where enabling
using the SMP debug keys is not wanted, either because it changes the
way the peer behaves or is denied by the peer.
It also enables the sniffer to decrypt a connection where the bond
already exists.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Convert allowed_cmds to an array of atomic_t of size 1.
This makes it future proof in case more commands are added.
Possibly silences coverity false positives on array vs singleton usage.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Remove the depency on host emulation of ECC for the Use debug keys
option.
This allows the application to use debug keys without shifting the
ECC from the controller to the host, which could potentially alter
the behavior of the application and make debugging this way less useful.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fail after pairing request and response have been exchanged if the
selected pairing method would not result in the required security level.
This avoids the case where we would discover this after having encrypted
the connection and disconnect instead.
This was partially attempted but lacked checking for authentication
requirement when L3 was required, as well as skipping the check if L4
was required but remote did not support Secure Connections since the
check was after we had taken the legacy branch.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Set the error in the security changed callback when the encryption has
not reached the required security level.
Terminate the pairing procedure in SMP on failure to avoid the security
changed callback being called twice in this case.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Terminate the pairing procedure when disconnected while this was in
progress. This notifies the application that security has failed and
removes the key entry.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Set the SMP flag encryption pending in the case where a bond exists
with ediv and rand equal to zero, i.e LE Secure Connections bond.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
When receiving unexpected SMP PDUs with no pairing procedures in
progress don't treat it as a pairing procedure that has failed.
This causes unexpected SMP PDUs to trigger the pairing failed and
security changed callback at unexpected times.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Rename auth_err_get to security_err_get which better reflect the
error namespace it converts to. Also update to using the enum definition
instead of uint8_t for local variable holding returned value.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
when BT_PASSKEY_INVALID was set, it never updated the fixed
passkey which made its use ineffective
Signed-off-by: Faisal Saleem <faisal.saleem@setec.com.au>
Allow to request a higher security level during the key distribution
phase.
This is required by ATT and L2CAP since they only react to the encrypt
change event where they resend the current request.
The current request might require a higher security level still and
might have to request a higher security level before the pairing
procedure has been finished.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix the update keys check allowing to overwrite the keys when using
debug keys. Instead the check disallowed overwriting keys made using
debug keys.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix fixed passkey for legacy pairing. The pairing procedure fails
because the temporary key (TK) has not been set for this pairing
procedure.
Fix this by always requesting the legacy TK.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Improve logging of pairing procedure when it fails with error code
unspecified. Since this is returned in many places debugging this
failure is not easy without adding additional debugging.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix parallel pairing procedures using LE SC requiring the DHKey
calculation at the same time. This would otherwise end all other
pairing procedures with the SMP error code "unspecified" since
the call to bt_gen_dh_key would fail.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Set the allowed command bitmask before sending the SMP packet. This
avoids a race-condition in case the sending of the PDU made the
current thread not ready and would not be scheduled back in time
to set the bit before receiving the next SMP packet.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Do not abort pairing when peer sends a SMP command with an opcode
reserved for future use, as per spec.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Add a dummy SMP command handler for keypress notification, that does
nothing (yet). This allows the next commit to work properly.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Fix bt_le_oob_get_local and bt_le_ext_adv_oob_get_local stuck forever
waiting for the sc_local_pkey_ready semaphore when SC HCI commands
are not supported in the controller.
By using the le_sc_supported helper function the runtime check of HCI
commands and the feature check of CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY
is combined to be handled int the same way.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Move the le_sc_supported helper function up in the source file so that
it can be re-used in other places without a forward declaration.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Notify L2CAP when pairing procedure fails during SMP pairing
process. L2CAP needs to be notified so that it can cancel
ongoing connection-oriented channel requests.
Rename bt_l2cap_encrypt_change to bt_l2cap_security_changed and
call it from bt_conn_security_changed always, so that L2CAP
is informed when changing security fails.
This also fixes security_changed conn callback not called when
auth_complete returns an error.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reject the security request immediately when receiving a security
request that does not support LE Secury Connections pairing.
This would have been rejected during the pairing procedure, but
PTS testing expects the security request to be rejected.
Ref: GAP/SEC/SEM/BV-29-C
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Convert bluetooth host to using k_timeout_struct for the timeout values.
This is mostly replacing s32_t with k_timeout_t.
In l2cap the handling of no timeout in send channel request was removed
since the timeout is both documented as minimum of 1 second and never
given any no timeout value.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix an an issue where established bonding information in the peripheral
are deleted when the central does not have the bond information.
This could be because the central has removed the bond information, or
this is in fact not the central but someone spoofing it's identity, or
an accidental RPA match.
This is a regression from: a3e89e84a8
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix directed advertising from privacy disabled peer. In this case we
need to have the local IRK in the controllers resolving list in order to
have the controller resolve the initiator address of the directed
advertising pdu (ADV_DIR_IND).
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
When OOB callbacks are present it is possible to achieve authenticated
pairing without having the remote OOB data present. Using OOB with
LE Secure Connection only one side of the pairing procedure is required
to have the OOB data present. If we have given the remote our OOB data
then pairing can proceed.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Added CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY option that completely disables
all legacy and SC pairing modes(except for Out of Band) and frees the
memory previously used by these.
Added CONFIG_BT_SMP_DISABLE_LEGACY_JW_PASSKEY option that force rejects
pair requests that lead to legacy Just Works or Passkey pairing.
Signed-off-by: Iván Morales <ivan98ams@gmail.com>
Avoid the HCI-USB race condition where HCI data and HCI events can be
re-ordered, and pairing information appears to be sent unencrypted.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
