Rename security level enum, using level and number instead of low,
medium, high and fips.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
A security vulnerability in the Bluetooth BR/EDR Bluetooth Core
specification versions 1.0 through 5.1 has been identified as
CVE-2019-9506. The Bluetooth BR/EDR encryption key negotiation
protocol is vulnerable to packet injection that could allow an
unauthenticated user to decrease the size of the entropy of the
encryption key, potentially causing information disclosure and/or
escalation of privileges via adjacent access. There is not currently
any knowledge of this being exploited.
From Core spec erratum 11838:
A device shall enforce an encryption key with at least 128-bit
equivalent strength for all services that require Security Mode 4,
Level 4. For all other services that require encryption, a device
should enforce an encryption key with at least 56-bit equivalent
strength, irrespective of whether the remote device supports Secure
Simple Pairing.
After encryption has been enabled, the Host should check the
encryption key size using either the HCI_Read_Encryption_Key_Size
command (see [Vol 2] Part E, Section 7.5.7) or a vendor-specific
method.
Fixes#18658
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
In case sufficient security level wasn't reached the error propagation
was missing, which could lead to incorrect state transitions when
update_sec_level_br() returns. Return true/false and make sure to
abort any further operations in case the update fails.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The storage for the public key is pub_key in hci_core.c.
When the public key event is generated the public key is copied into
this buffer, but the pointer to the event storage of the key is given
in the public key ready callback (bt_smp_pkey_ready).
SMP expects that it is safe to assign a global pointer to this variable.
In smp_init bt_pub_key_get is used to get the pointer to the public key.
In both cases SMP assigns the le_sc_pub_key to the pointer given.
This creates an issue when bt_smp_pkey_ready callback occurs after
smp_init during pairing procedure, SMP will then have a pointer to an
event buffer that has been released and contains invalid data.
Fixes: #18580
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Give the security changed callback when the peripheral initiated
security request and peer attempted to encrypt the connection but no LTK
match was found.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Make sure that a new pairing procedure with an existing bond does not
result in a security with weaker security properties.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add option to force the host to initiate pairing procedure even if the
host has encryption keys for the peer.
This option can be used to pair with a bonded peer that has deleted its
bonding information without deleting the keys. If new pairing results
in weaker keys the pairing will be aborted.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add security error to security_changed callback. Call this callback when
security has failed and provide current security level and error.
Reason for failure can be.
- Pairing procedure failed, pairing aborted before link encryption.
- Link encrypt procedure failed
- Link key refresh procedure failed.
Fix missing bt_conn_unref on encryption key refresh with error status.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Stop the pairing procedure in the request phase if no storage is
available for the keys. This avoids the pairing procedure from failing
during the key distribution phase.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Proved the Authentication callback for pairing failed and pairing
complete when BR/EDR SSP is complete.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Allow SMP debug keys to behave in the same way as normal keys, in order
to debug with encryption and Bluetooth sniffer the exact way it behaves
when not using debug keys.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix reset of Encryption Procedure state on reception of
REJECT_IND and REJECT_EXT_IND.
This is a regression in commit 79cb615770 ("Bluetooth:
controller: split: Port Enc setup to be queueable")
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
The period_start timestamp wasn't getting properly initialized in the
case that retransmission was not being used. In the case of
retransmission the timestamp was getting updated in the mod_publish()
delayed work callback. Add a send_start callback and do the
initialization there, since this covers both the retransmission as
well as the no-retransmission cases.
Fixes#17820
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Post Tx pool corruption fix, clean up code and add comments
explaining the use of Tx node next field used to indicate
the Tx node's allocation from Control or Data pool.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Fix the Tx FIFO, queue and pool corruption due to missing
release of link object to Tx link pool and hence missing
reset of the per connection initially allocated Tx link
free pointer.
The bug caused Tx PDUs and associated memory to be lost
leading to missing L2CAP segment transmissions. With lost
control PDU buffers, ULL would stall processing Done events
also leading to controller asserts.
Fixes#18546.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
This removes the necessity of registering the storage for CCC and make
it part of the declaration itself.
Fixes#18547
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This adds support to provide an UUID to bt_gatt_indicate so API user
don't need to hardcode the attribute offset by hand.
Fixes#18572
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
The code for checking space in the Friend queue was faulty in the case
that we receive a message with more segments than the configured Friend
Queue size. This is not an issue for the default configuration but
still a possible one. Move the check for exceeding Friend Queue Size
to the per-LPN function, so that bt_mesh_friend_queue_has_space()
iterates all LPNs before delivering its verdict. This allows us to
return success in case no LPN matched (which is how the code was
intended to work).
Fixes#18522
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
According to Mesh Profile Specification 1.0.1 Figure 5.17, the
unprovisioned device should send its confirmation value after the
provisioner sends theirs. Previously, the confirmation value would be
sent immediately after OOB input complete. Now it first waits for the
input data, then from confirmation from the provisioner before sending
the confirmation.
Fixes: #18178.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
Qualification test case MESH/NODE/FRND/FN/BV-08-C requires that we do
not store more messages than the reported Friend Queue size. The
implementation was so far opportunistic and stored more if it could
(it would later discard if necessary to make sure all queues can store
the required amount). The spec also requires the queues to have new
messages overwrite old ones (in the style of a circular buffer), so we
have to keep track of which buffers are part of the same segmented
message (so we discard all buffers belonging to the same message).
To pass the test case, add APIs to check for space in the Friend
queue, and track the number of buffers for each incoming segmented
message.
Fixes#18090
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The bt_mesh_trans_resend() function had no users, and had in fact not
even a prototype in a header file. Just remove it.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
When sent solely to the Friend Queue the send callbacks were not
getting called for unsegmented messages.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
This fixes the dead code when parsing Find Information response since
the index counter can never be zero, instead it checks there are any
attributes found and if there nothing don't proceed with discovering
which was the original intent of the now dead code.
Fixes#18384
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Due to conditional compile path ending in LL_ASSERT(0), the compiler
sees code following the assert as using uninitialized variables.
Signed-off-by: Morten Priess <mtpr@oticon.com>
When the database changes and a client becomes change unware it should
also clear the out of sync flag as the following request should return
an error:
Core Spec 5.1 | Vol 3, Part G, 2.5.2.1 Robust Caching:
'The error response is sent only once after the client becomes
change-unaware, unless the client disconnects or the database changes
again before the client becomes change-aware in which case the error
response shall be sent again.'
Fixes: #18183
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This fixes the following crash:
ASSERTION FAIL [0] @ ZEPHYR_BASE/subsys/logging/log_core.c:180
argument 2 in log message "%s: Stored CCCs for %s (%s)"
missing log_strdup().
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Fix issue unable to connect to bonded peer when host resolution is used
either because the controller does not support privacy, or the
controller resolving list was exceeded.
In this case we need to use the RPA from the advertising report
directly, there is a small chance of the peer cycling the RPA here, in
which case the connection might be unsuccessful.
Bug introduced here: 45da629b24Fixes: #18306
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Disable Advertising Extensions by default, since they are not really
operational and they take RAM.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
When compiling a sample like a beacon, none of the `if defined()`
statements in the switch case are actually compiled in, so the compiler
complains of an orphan mem_release();break; sequence.
Add a type that we know will always be compiled in in order to avoid
this issue.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
When in Low Power mode an LPN may receive messages sent by nodes other
than its friend during its brief receive window. These messages get
rejected by the transport layer. At some point in the future the LPN
will receive these messages from its friend, however they will have
already been added to the network message cache earlier.
When the transport layer rejects a message due to it being received from
a non-friend node while in Low Power mode it must be removed from the
network message cache so that it can be correctly received from its
friend in the future.
Fixes#17809
Signed-off-by: Rich Barlow <rich@bennellick.com>
The commit 1c7b668804 tried to fix
resending segments to the GATT bearer, however it got the buffer
refernce counting wrong. The bt_mesh_net_resend() function doesn't
own a reference to the buffer, i.e. it's not responsible for unrefing
it. E.g. bt_mesh_adv_send() takes its own reference.
What was missing however was the handling of the callbacks. Use the
recently introduced send_cb_finalize() helper to make sure they're
called.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
There are several places that require the send callbacks to be called
immediately. Reduce the code a bit by introducing a helper for this.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The RPA timer should always be running, even with privacy supported by
the controller. In order to select an IRK to generate the private
the controller is instructed by provided an identity address.
If we want to advertise privately without providing an identity address
the host has to set the private address.
Fixes: #18150
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
The Mesh Profile Specification states in section 3.10.5 IV Update
procedure: "The IV Update procedure is initiated by any node that is a
member of a primary subnet", meaning if we're not on the primary
subnet we should not try to initiate the procedure.
Additionally this fixes initiating IV Update in all cases where the
sequence is updated, by putting the code into bt_mesh_next_seq().
Fixes#17977
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
This branch is inherited from old code that used to start the timer as
soon as a message was queued for transmission rather than when it was
actually transmitted (the case today). It'll also cause a race in case
the publication goes over the GATT layer since the "sent" callback
happens synchronously in that case.
Fixes#17821
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The GATT bearer is a reliable one so there should theoretically never
be a need to resend segments. If however for some strange reason the
proxy client doesn't immediately ack all segments we should do the
resending on the GATT bearer, rather than sending them over
advertising.
Fixes#17907
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The code was incorrectly bailing out with "return 0" rather than
continue. Also, it was incorrectly making a reference to
tx->seg[seg_o] since when a PDU goes through the friend queue we don't
use the usual retransmission mechanism.
Fixes: #17932
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
In case a queued buffer is canceled before sending we have to unref
it, since that's what adv_send() would do as well.
Fixes#17936Fixes#18013
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Mesh Profile 3.6.7.2 Publishing Heartbeat messages:
"
Triggered publishing of Heartbeat messages is enabled by
the Heartbeat Publication Features state (see Section 4.2.17.5):
...
- If the Low Power bit is set to 1, a Heartbeat message shall be
published when the node establishes or loses Friendship (see Section
3.6.6.1).
"
Fixes#18194
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
