conn->dst might already contain identity address from previous
pairing. In order to store IRK distributed in new pairing we
should check address used in connection.
Change-Id: If4bfaf445d31684125246cc98cfad1aab45875ca
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
This callback is called if security level of a connection was changed.
Change-Id: I268da245cf4b7f6d2bfbd57969ce2da6c34fc69f
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
bt_conn role can be set when LE Connection Complete event is received.
Controller indicates to both Hosts forming the connection their role
in this connection.
Change-Id: I35455eff54afa30665611415ac52e19089f2e649
Signed-off-by: Mariusz Skamra <mariusz.skamra@tieto.com>
This callback is called if identity was resolved for remote device
that was using Resolvable Private Address while connection. From
now on only Identity Address is used.
Change-Id: I5976be575a8e4ad8c13f56d7bc274d751ae37511
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
Since initiator and responder addresses are already tracked it is
no longer needed to store source address in bt_conn structure.
Change-Id: I048e4d4659f4b7d29b101f9f3c5708f66c773906
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
When remote device initiate pairing but its IRK is already known
identity address was used to calculate confirmation value. This
resulted in 'Confirm Value Failed' error and pairing failure.
To avoid any confusion simply track initiator and responder addresses
used for connection.
This fix re-enabling security with iPhone if device was unpaired
only on iPhone side.
Change-Id: I07d9589bee5fea7f6b028472b1709090a5755e31
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
When sending security request for connection with pending high
security level, authentication requirements should indicate that
MITM is required.
< ACL Data TX: Handle 64 flags 0x00 dlen 6
SMP: Security Request (0x0b) len 1
Authentication requirement: Bonding, MITM, Legacy,
No Keypresses (0x05)
Change-Id: Ie78e021726063b0eee415bfa7189962fe0b2d94b
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
When re-pairing was successful (indicated by enabling encryption with
STK) old keys are no longer needed as those will be replaced by keys
distributed in new pairing.
Change-Id: If2a81e8e94f35eb04ce9a7e4d782094632cbd77a
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
Fail if we have keys that are stronger than keys that will be
distributed in new pairing. This is to avoid replacing authenticated
keys with unauthenticated ones.
Change-Id: If81b158f68a818d7a6e5d2854b482f34516b4737
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
Keys from same pairing have are of similar key type and
this can be stored in single place.
Change-Id: I38426c282604769424098af6ee26e0cf9cb5f358
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
There is no need for separate lists of each key type as this
lookup optimization is of little benefit. Removing those results in
much simpler and smaller code. Using array over list also improves
data locality and thus cache utilization.
This patch results in following code size reduction:
keys.o from 14208 to 10028 bytes
microkernel.elf from 599417 to 597091 bytes
Change-Id: Ia8fe21ca3d79f668d8550c4376fa403e8778861e
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
Ensure smp->remote_dist tracks unreceived PDUs both for slave and
master role, and use the same logic in all PDU handlers for
remote_dist and allowed_cmds.
Change-Id: If4769d0be0118e8e764d7483f0d93ef8b61fa398
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Other function name was used "bt_gatt_attr_read_included" by include
than the implementation "bt_gatt_attr_read_include" has.
Function naming mismatch caused linker error if used included service
define.
Change-Id: Ib4b4d07050d634cb1578c8a8948322acad85a307
Signed-off-by: Grzegorz Kolodziejczyk <grzegorz.kolodziejczyk@tieto.com>
This fix following build error:
CC net/bluetooth/hci_core.o
In file included from net/bluetooth/hci_core.c:43:0:
net/bluetooth/hci_core.c: In function 'update_conn_params':
net/bluetooth/hci_core.c:751:49: error: 'evt' undeclared
(first use in this function)
BT_DBG("status %u, handle %u,features 0x%x\n", evt->status, handle,
Change-Id: Ic3c15d17c73b26d44913327df577495afc80f356
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
Adds host bits to initiate LL LE Exchange Feature procedure if
supported. Both the master and slave can initate it for controllers
newer than 4.0. For 4.0 controllers only master can do that.
Inform upper stack layers of the slave about the connection is ready
to use only when LE Exchange Feature isn't supported. Otherwise
upper layers shall be notified about new connection when Connection
Parameters Update procedure is finished.
Change-Id: Ief29744e498873f79fc6f62f98c083fecaeae24e
Signed-off-by: Arkadiusz Lichwa <arkadiusz.lichwa@tieto.com>
Signed-off-by: Mariusz Skamra <mariusz.skamra@tieto.com>
Since then bt_conn_connected as well as bt_l2cap_disconnected callback
can be called from bt_conn_set_state directly.
Also connected cb could be called from there, however
eg. introduction of some additional state is required TBD.
Change-Id: Ida6906272e1468ef5b41ba8dba2a936db049d308
Signed-off-by: Mariusz Skamra <mariusz.skamra@tieto.com>
Makes bt_l2cap_update_conn_param to return an error if command was not
sent.
Change-Id: Ie7351040bd371bb161afc2f2a2c10e015bcdc8e4
Signed-off-by: Mariusz Skamra <mariusz.skamra@tieto.com>
There is no need to have sparate bool in context structure while
flags field is available.
Change-Id: Ib1bcf9794c32268897b0a873787566a620f3097b
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
If ref is zero other struct bt_conn fields should be considered
garbage. Using ref count instead of address is also faster.
Change-Id: Ic3b30c0fdbce8f93f81095d3671be0e54eac1455
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
If slave is requesting MITM protection verify if LTK is authenticated
before enabling encryption.
Change-Id: I6642f88945b0ca0310880935edbcfa2a6764c8d8
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
If authenticated key was used for encryption resulting security
level is high. If resulting security level is lower then
requested level link is disconnected.
Change-Id: Ib66f722e6bb52e943d2b5cefb58f018707ce725b
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
If high security is required but keys are unauthenticated start
pairing instead of encrypting with too weak keys.
Change-Id: I35e5f0c1ab86660479288908152d61823ffb102e
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
There is no point in initializing security if required security level
is not reachable due to local IO capabilities.
Change-Id: I00d3cc552fcce4d1aac9498c90dcd826735dcb2b
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
This allows to store information if key was generated during
authenticated or unauthenticated pairing.
Change-Id: Idd398749c869e6278bf10909cfb768ba09565d54
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
If JustWorks pairing is used for pairing don't report failure.
Change-Id: I23cee54a74dd021c1f273d987ca67066452d7801
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
Flags for indicating if stored TK is valid and if confirm sending
was delayed are required for properly handling passkey entry input.
This is to avoid using incorrent TK or sending SMP commands in invalid
order.
Change-Id: I11e162331e93311f292f0723fc9f860c753d7d96
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
This allows to request passkey being entered by user.
Change-Id: I6a56c65ca689473659a13c19f8578058476d2685
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
This allows to track which pairing method was used and is
a preparation for storing information if resulting keys
are authenticated.
Change-Id: Ib9fc762d19bd4add6f0b431745eeb9e2780016d4
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
This makes the code more consistent by always trying to name bt_buf
variables as buf.
Change-Id: I10d54260c5cf2f6aea5300668d5eb68f3da2a8ba
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
The term 'context' is vague and overloaded. Its usage for 'an execution
context' is now referred as such, in both comments and some APIs' names.
When the execution context can only be a fiber or a task (i.e. not an
ISR), it is referred to as a 'thread', again in comments and everywhere
in the code.
APIs that had their names changed:
- nano_context_id_t is now nano_thread_id_t
- context_self_get() is now sys_thread_self_get()
- context_type_get() is now sys_execution_context_type_get()
- context_custom_data_set/get() are now
sys_thread_custom_data_set/get()
The 'context' prefix namespace does not have to be reserved by the
kernel anymore.
The Context Control Structure (CCS) data structure is now the Thread
Control Structure (TCS):
- struct ccs is now struct tcs
- tCCS is now tTCS
Change-Id: I7526a76c5b01e7c86333078e2d2e77c9feef5364
Signed-off-by: Benjamin Walsh <benjamin.walsh@windriver.com>
Include all headers to signature verification process.
Change-Id: I14e152e8529bca380faeb8e9a1be00e4e8d84f9a
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Verify that message is signed correctly using early distributed CSRK
key.
Change-Id: I30b24e90f3503907449c310dd4f59f32e6acca6f
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Add support for signed write with sign parameter for write without
response.
Change-Id: I79008532d88b10d34db1f68898ad4258dd3e761b
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
cnt is in le byte order so print keys->remote_csrk.cnt instead.
Change-Id: I2c2970f0bdf91960d978fea248bc0dbc23fdfd53
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
bt_smp_sign_packet() signs data packet adding signature and count at
the end of data.
Change-Id: I6cca931cf33d74a765f4b4aa126aae10bee7ef4c
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
This adds validation for passed callbacks. Previously registered
callbacks need to be explicitly unregistered by passing NULL.
It is no longer possible to implicitly overwrite callback
structure.
Input Output Capabilities generation is factored out to separate
function. This is in preparation for adding more callbacks.
Change-Id: Ie809ea2daa80f9c54585efb459b49af1107007d3
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
This allows to register agent with display capability resulting
in DisplayOnly InputOuput Capability being used.
Change-Id: I98931af35c51a71882b60303c0f5d4da19eefbc4
Signed-off-by: Szymon Janc <ext.szymon.janc@tieto.com>
bt_smp_sign_verify() checks signature if csrk is present.
Change-Id: I90be8be769539860a245b141bf27549a3506a111
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Sign data using AES-CMAC algorithm and add test to self-tests executed
at init.
Change-Id: If01ec38a9897f74c26d1ba5c32304114d208549a
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Make menuconfig screen more logical placing self-tests option inside
Bluetooth block. Currently self-tests looks not belonging to
Bluetooth.
Change-Id: I1ad2826b1dd09fb7c9b67aace1ad5f280543104d
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Checking for (!conn && conn->state != BT_CONN_CONNECTED) makes NULL
dereference in a case conn is NULL.
Change-Id: I73c93e4eefad046eecb76958184880ef8b72676e
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
This split the use of ATT Write Command and ATT Write Request since with
the former it is possible to sign the data thus making combinations of
parameters in bt_gatt_write complex/confusing.
Change-Id: I0349acd16d22ea4e38ac3e5ad8c3cdc318851633
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
