Add a callback struct with only the pairing_confirm authentication
method. This is useful both for just-works testing as well as the
recently added fixed passkey support.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Add a new bt_passkey_set() API that can be used to set a fixed passkey
to be used for pairing. The new API also requires a new Kconfig option
to be enabled first (CONFIG_BT_FIXED_PASSKEY).
Fixes#8350
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The code was not doing the right thing when we as peripheral would
send a security request to the central. First of all, the SEQ_REQ flag
was getting cleared by the pairing request handler, resulting in
pairing_confirm() callbacks for no reason. Secondly, the behavior in
encrypt_change() was not utilizing the smp_reset() helper as it should
have done.
Fix the situation by calling smp_init() when sending a security
request, and detect that this has been done when receiving a pairing
request. Also do the appropriate cleanup if the result is an encrypt
change instead of a pairing request (in case we were already paired
with the peer).
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The smp pointer is the return value of CONTAINER_OF() which is
guaranteed to always be non-NULL.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Provide proper documentation for all of the authentication callbacks,
and clarify the usage of the cancel callback. Previously the cancel
callback was always required, even though that doesn't necessarily
make sense now that the pairing_complete/failed callbacks exist.
Fixes#8385
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
There are too many individual requests for Qav related parameters. There
are more Qav parameters that need to be supported (and will be supported
soon - both on the GET and SET side). Handling it the way it was handled
so far would render the eth mgmt API dominated by Qav parameters. That
would make the file hard to read and understand.
Instead of that - use a single GET and SET requests for all Qav
parameters. This works by adding a separate enum with Qav request type
to the ethernet_qav_param struct.
Additionally this approach makes it much easier to document it all since
we now have just a single request and documentation comments in the
ethernet_qav_param struct.
Signed-off-by: Tomasz Gorochowik <tgorochowik@antmicro.com>
Print information about supported hardware capabilities for
ethernet interfaces when executing "net iface" command.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If ethernet mgmt is enabled and the driver supports priority queues,
show info about them including the Qav status
(enabled/disabled/unsupported).
Signed-off-by: Tomasz Gorochowik <tgorochowik@antmicro.com>
Add calls responsible for getting and setting on/off status of Qav on
capable priority queues.
Signed-off-by: Tomasz Gorochowik <tgorochowik@antmicro.com>
Add basic IPv4 Link Local support as described in RFC 3927.
Signed-off-by: Matthias Boesl <matthias.boesl@gmail.com>
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Whoever added Zephyr's prefer-later-defaults Kconfig patch originally
didn't do the same for 'range's. Earlier ranges are still preferred.
Swap the ranges on BT_RFCOMM_L2CAP_MTU to give the intended behavior.
Fixes the following warning for tests/bluetooth/shell/prj_br.conf:
warning: default value 200 on BT_RFCOMM_L2CAP_MTU (defined at
subsys/bluetooth/host/Kconfig:508) clamped to 264 due to being outside
the active range ([264, 32767])
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Essentially all products that support pairing or Mesh need to be able
to support ECC. This is particularly important for traditional
peripheral/central use cases where legacy pairing is considered
insecure. With split builds we don't know if the controller supports
ECC HCI commands or not, however with a combined build we know that
the current controller lacks any special ECC support, so enable
TINYCRYPT_ECC by default for such a configuration.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
OpenThread L2 could've called multicast address registration multiple
times for specific address, which resulted in having multiple entries
containing the same multicast IPv6 address in Zephyr.
Checking if address was already registered prevents that.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
No need to keep technologies in main L2 directory so for consistency
create a directory for each of them and place each L2 component to
relevant L2 directory.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The SMP_FLAG_ENC_PENDING flag indicates that we've generated an STK
and are waiting for encryption to happen. In case the remote enables
encryption prematurely we should not try to encrypt with whatever is
stored in smp->tk, rather reject the pairing attempt.
Fixes#3222
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The recently added pairing_complete & pairing_failed callbacks
were missing a NULL-check for bt_auth, since it is possible that
there's no authentication callback structure registered at all.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
This makes use of the get_config callback added to the Ethernet API.
For now the only parameter to get is the number of available priority
queues.
Signed-off-by: Tomasz Gorochowik <tgorochowik@antmicro.com>
hci-cmd can be used to inject an arbritrary HCI command which can be
useful when testing vendor/new commands.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
commit 9b6ad4067b introduced some minor
coding style issues related to line splitting. Fix these.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Added two new callbacks for Bluetooth stack to notify
the application that pairing has been completed or failed.
fixes: #8390
Signed-off-by: Jun Li <jun.r.li@intel.com>
This reduces memory overhead on net_if_dhcpv4: 16 bytes vs 120 bytes
before. This might proove to be beneficial when there are many network
interface.
dhcpv4 ROM consumption is now 2132 bytes vs 4224 (many switches removed)
Fixes#8727
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Empty line before if (unless test uses previous line assignment) and
after } (unless it's another } ...)
Indentation fixed as well.
Fixes#8727
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
- Pre-assigned are always coming first.
- Always declare at the beginning of a code block
Fixes#8727
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Add write only TLS secure option to set peer verification level for
TLS connection.
This option accepts an integer with a peer verification
level, compatible with mbedtls values (0 - none, 1 - optional, 2 -
required.
By default, socket mimics mebdTLS behavior - (none for server, required
for client).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add TLS secure socket option to read a ciphersuite chosen during TLS
handshake. Might be useful during development.
This is a read-only option that returns an integer containing an
IANA assigned ciphersuite identifier of chosen ciphersuite.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add TLS secure socket option that enables to narrow list of ciphersuites
available for TLS connection.
This option accepts an array of integers with IANA assigned ciphersuite
identifiers and returns such.
By default, every statically configured ciphersuite is available for a
socket and getsockopt returns an array of these.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add write-only TLS secure socket option to set hostname.
This option accepts a string containing the hostname. May be NULL, to
disable hostname verification.
By default, an empty string is set as a hostname for TLS clients,
to enforce hostname verification in mbedTLS.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add TLS secure socket option to select TLS credentials to use.
This option accepts and returns an array of sec_tag_t that indicate
which TLS credentials should be used with specific socket.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add TLS credential management subsystem that enables to register TLS
credentials in the system. Once specific credentials are registered in
the system, they will be available for TLS secure sockets to use.
To use a TLS credential with a socket, the following steps have to be
taken:
1. TLS credential has to be registered in a system-wide pool, using the
API provided in "net/tls_credentials.h" header file.
2. TLS credential (and other TLS parameters) should be set on a socket
using setsockopt().
Note, that there is no need to repeat step 1 for different sockets using
the same credentials. Once TLS credential is registered in the system,
it can be used with mulitple sockets, as long as it's not deleted.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
When an echo request is sent to an unknown neighbor, a Neighbor
Solicitation request is sent, however if the source address
cannot be determined the NS request is dropped but the pending
packet is not freed.
Signed-off-by: Léonard Bise <leonard.bise@gmail.com>
Summary: revised attempt at addressing issue 6290. The
following provides an alternative to using
CONFIG_APPLICATION_MEMORY by compartmentalizing data into
Memory Domains. Dependent on MPU limitations, supports
compartmentalized Memory Domains for 1...N logical
applications. This is considered an initial attempt at
designing flexible compartmentalized Memory Domains for
multiple logical applications and, with the provided python
script and edited CMakeLists.txt, provides support for power
of 2 aligned MPU architectures.
Overview: The current patch uses qualifiers to group data into
subsections. The qualifier usage allows for dynamic subsection
creation and affords the developer a large amount of flexibility
in the grouping, naming, and size of the resulting partitions and
domains that are built on these subsections. By additional macro
calls, functions are created that help calculate the size,
address, and permissions for the subsections and enable the
developer to control application data in specified partitions and
memory domains.
Background: Initial attempts focused on creating a single
section in the linker script that then contained internally
grouped variables/data to allow MPU/MMU alignment and protection.
This did not provide additional functionality beyond
CONFIG_APPLICATION_MEMORY as we were unable to reliably group
data or determine their grouping via exported linker symbols.
Thus, the resulting decision was made to dynamically create
subsections using the current qualifier method. An attempt to
group the data by object file was tested, but found that this
broke applications such as ztest where two object files are
created: ztest and main. This also creates an issue of grouping
the two object files together in the same memory domain while
also allowing for compartmenting other data among threads.
Because it is not possible to know a) the name of the partition
and thus the symbol in the linker, b) the size of all the data
in the subsection, nor c) the overall number of partitions
created by the developer, it was not feasible to align the
subsections at compile time without using dynamically generated
linker script for MPU architectures requiring power of 2
alignment.
In order to provide support for MPU architectures that require a
power of 2 alignment, a python script is run at build prior to
when linker_priv_stacks.cmd is generated. This script scans the
built object files for all possible partitions and the names given
to them. It then generates a linker file (app_smem.ld) that is
included in the main linker.ld file. This app_smem.ld allows the
compiler and linker to then create each subsection and align to
the next power of 2.
Usage:
- Requires: app_memory/app_memdomain.h .
- _app_dmem(id) marks a variable to be placed into a data
section for memory partition id.
- _app_bmem(id) marks a variable to be placed into a bss
section for memory partition id.
- These are seen in the linker.map as "data_smem_id" and
"data_smem_idb".
- To create a k_mem_partition, call the macro
app_mem_partition(part0) where "part0" is the name then used to
refer to that partition. This macro only creates a function and
necessary data structures for the later "initialization".
- To create a memory domain for the partition, the macro
app_mem_domain(dom0) is called where "dom0" is the name then
used for the memory domain.
- To initialize the partition (effectively adding the partition
to a linked list), init_part_part0() is called. This is followed
by init_app_memory(), which walks all partitions in the linked
list and calculates the sizes for each partition.
- Once the partition is initialized, the domain can be
initialized with init_domain_dom0(part0) which initializes the
domain with partition part0.
- After the domain has been initialized, the current thread
can be added using add_thread_dom0(k_current_get()).
- The code used in ztests ans kernel/init has been added under
a conditional #ifdef to isolate the code from other tests.
The userspace test CMakeLists.txt file has commands to insert
the CONFIG_APP_SHARED_MEM definition into the required build
targets.
Example:
/* create partition at top of file outside functions */
app_mem_partition(part0);
/* create domain */
app_mem_domain(dom0);
_app_dmem(dom0) int var1;
_app_bmem(dom0) static volatile int var2;
int main()
{
init_part_part0();
init_app_memory();
init_domain_dom0(part0);
add_thread_dom0(k_current_get());
...
}
- If multiple partitions are being created, a variadic
preprocessor macro can be used as provided in
app_macro_support.h:
FOR_EACH(app_mem_partition, part0, part1, part2);
or, for multiple domains, similarly:
FOR_EACH(app_mem_domain, dom0, dom1);
Similarly, the init_part_* can also be used in the macro:
FOR_EACH(init_part, part0, part1, part2);
Testing:
- This has been successfully tested on qemu_x86 and the
ARM frdm_k64f board. It compiles and builds power of 2
aligned subsections for the linker script on the 96b_carbon
boards. These power of 2 alignments have been checked by
hand and are viewable in the zephyr.map file that is
produced during build. However, due to a shortage of
available MPU regions on the 96b_carbon board, we are unable
to test this.
- When run on the 96b_carbon board, the test suite will
enter execution, but each individaul test will fail due to
an MPU FAULT. This is expected as the required number of
MPU regions exceeds the number allowed due to the static
allocation. As the MPU driver does not detect this issue,
the fault occurs because the data being accessed has been
placed outside the active MPU region.
- This now compiles successfully for the ARC boards
em_starterkit_em7d and em_starterkit_em7d_v22. However,
as we lack ARC hardware to run this build on, we are unable
to test this build.
Current known issues:
1) While the script and edited CMakeLists.txt creates the
ability to align to the next power of 2, this does not
address the shortage of available MPU regions on certain
devices (e.g. 96b_carbon). In testing the APB and PPB
regions were commented out.
2) checkpatch.pl lists several issues regarding the
following:
a) Complex macros. The FOR_EACH macros as defined in
app_macro_support.h are listed as complex macros needing
parentheses. Adding parentheses breaks their
functionality, and we have otherwise been unable to
resolve the reported error.
b) __aligned() preferred. The _app_dmem_pad() and
_app_bmem_pad() macros give warnings that __aligned()
is preferred. Prior iterations had this implementation,
which resulted in errors due to "complex macros".
c) Trailing semicolon. The macro init_part(name) has
a trailing semicolon as the semicolon is needed for the
inlined macro call that is generated when this macro
expands.
Update: updated to alternative CONFIG_APPLCATION_MEMORY.
Added config option CONFIG_APP_SHARED_MEM to enable a new section
app_smem to contain the shared memory component. This commit
seperates the Kconfig definition from the definition used for the
conditional code. The change is in response to changes in the
way the build system treats definitions. The python script used
to generate a linker script for app_smem was also midified to
simplify the alignment directives. A default linker script
app_smem.ld was added to remove the conditional includes dependency
on CONFIG_APP_SHARED_MEM. By addining the default linker script
the prebuild stages link properly prior to the python script running
Signed-off-by: Joshua Domagalski <jedomag@tycho.nsa.gov>
Signed-off-by: Shawn Mosley <smmosle@tycho.nsa.gov>
Update the RX SDU Kconfig value to something that reflects better
current use cases and doesn't waste memory needlessly. Also lower the
minimum to two segments, since while many samples need three for their
composition data (typically the biggest transferred payload), it's
possible to have a very simple node whose composition fits in two
segments.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The Mesh specification doesn't support more than 32 transport layer
segments, the way the number was so far derived from the advertising
buffer count could result in a highre numbe than 32, thereby wasting
memory. Make the number of supported segments build-time configurable
through a new BT_MESH_TX_SEG_MAX configuration option.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The printk family of functions is used elsewhere, so make this
consistent. Also, printk has a smaller stack footprint.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The settings subsystem has been adding nffs's include dir to the
global set of paths. Presumably because app's will need acces. But
this is no longer necessary as we default to linking 'app' with FS,
which again has the NFFS include paths.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
This patch removes the need for application build script code to
explicitly link 'app' with a filesystem implementation.
It does this by introducing a zephyr interface library called 'FS'
that contains the usage requirements for linking with the filesystem
library subsys__fs and using Kconfig to default to linking the 'app'
library with this interface library.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Move struct members around in networking code so that we avoid
unnecessary holes inside structs. No functionality changes by
this commit.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
