The decision to set aszmic = 1 in the net_tx structure was made after
the variable was passed to the crypto context, creating a discrepancy
between the two when aszmic is 1.
Extracts transport encryption to a separate function.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
Only set friend_cred to true when friendship established and
use friend cred security material decryption successfully.
Signed-off-by: Lingao Meng <mengabc1086@gmail.com>
Fixes bug where applications that disable model extensions end up in an
infinite loop, and adds support for walking model subtrees, as opposed
to forcing root to be unextended.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
`bt_mesh_model_tree_walk()` was too simplistic and did not track visited
nodes which caused it to fall into infinite loop. Moreover the double
next jump could skip a level causing depth value to be invalid.
Signed-off-by: Michał Narajowski <michal.narajowski@codecoup.pl>
../zephyrNew/subsys/bluetooth/mesh/prov.c: In function
'bt_mesh_prov_reset_state': ../zephyrNew/subsys/bluetooth/mesh
/prov.c:61:2⚠️ '__builtin_memset' offset [52, 292] from
the object at 'bt_mesh_prov_link' is out of the bounds of referenced
subobject 'dhkey' with type 'uint8_t[32]' {aka 'unsigned char[32]'}
at offset 19 [-Warray-bounds] 61 | memset(&bt_mesh_prov_link.dhkey, 0,
Fixes: #29634
Signed-off-by: Lingao Meng <mengabc1086@gmail.com>
Moves the virtual address labels to the transport layer, disconnecting
them from the configuration server.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
If low power node publish with unicast address other
than friend address, the friend node should relayed
this message to all network interface.
When Proxy feature enabled, message from gatt bearer should
relay to adv bearer even relay feature disabled.
Fixes: #29544
Signed-off-by: Lingao Meng <mengabc1086@gmail.com>
Currently all provisioning procedure into common source
files call `prov.c`, that will not compile separately.
Add `BT_MESH_NODE` to control whether nodes are supported
and device provisioning is supported, this will be used in
provisioner role.
Add more provisioner OOB authentication method.
Signed-off-by: Lingao Meng <mengabc1086@gmail.com>
Add Queue Size and Receive Window information to lpn
callback function to notify upper layer to determine
currently friend node information, which may be used
in future.
Add Callback structure to notification application which friendship
has been changed.
Add function `bt_mesh_friend_terminate` let's app layer determine
terminate friendship manually.
Signed-off-by: Lingao Meng <mengabc1086@gmail.com>
This is a major refactoring of the handling of the cryptographic
material of both the network and transport layers. The aim is to
encapsulate the key object manipulation, and improve overall modularity.
Pulls Applications and Subnets out of the bt_mesh and into separate
modules, with static storage types on the data. This has several
side-effects:
- The Config Server no longer operates directly on the bt_mesh.subs and
bt_mesh.apps lists, but goes through a public configuration interface,
following the pattern set in #27908.
- All iteration through the keys is done through iteration APIs
- Key resolution on RX and TX is centralized.
- Changes to the keys triggers events the other modules can register
handlers for.
- Friendship credentials are stored in the lpn and friend structures.
Part of #27842.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
According Mesh Spec 1.0.1 Section 7.2.2.2.1 Advertising
A node that does not support the Proxy feature or has the Proxy
feature disabled shall not advertise with Network ID.
Signed-off-by: Lingao Meng <mengabc1086@gmail.com>
Adds check for provisioning random values that are identical to our own,
and terminates the provisioning procedure.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
According Mesh Profile Spec 5.4.2.4 Authentication, if device
use Input OOB Authentication method, should send input complete
pub after local public key has been acked.
`bt_mesh_input_string` or `bt_mesh_input_number` directly send
`input_complete`, however does not check whether the pub key has
been sent.
Mesh Provisioning timeout set to `60` seconds, so even this
probability is extremely low, it does not mean that there is no
such probability.
Signed-off-by: Lingao Meng <mengabc1086@gmail.com>
Replaces the current zero length array for provisioner data with
ifdefs, to silence new gcc 10 warnings about array element access.
Fixes#28371.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
Fixes a memory leak when a virtual address subscription is added for a
model that either has this VA already, or the model has no more space
for subscription addresses.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
Those APIs are used for deleting appkey, unbinding an application
from SIG model, unbinding an application from vendor model on the
target node, with matching shell command.
Signed-off-by: YanBiao Hao <haoyanbiao@126.com>
Many #ifdefs can be removed, but the UNPROV_BEACON_INT Kconfig
variable needs to be also made available also. This is done by making
its prompt (user selectability) optional rather than the option
itself. This approach is fine for "parameter style" options, but
should probably not be used for feature enabling options.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Adds a Config Client API for deleting netkeys on the target node, with
matching shell command.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
Changes the local network interface to exclusively handle packets for
the local interface, duplicating the buffers in the process.
The loopback mechanism now operates its own packet pool for the local
interface queue. The loopback is moved ahead of encryption, allowing the
local interface packets to go back up the stack without network crypto,
saving a full round of encrypt/decrypt for self-send.
Packets for group addresses the local node subscribes to are now
duplicated, with one unencrypted variant going into the network
queue, and the network bound packets following the regular path to the
advertiser.
Introduces one new configuration for setting the number of loopback
buffers.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
-Wimplicit-fallthrough=2 requires a fallthrough comment or a compiler
to tells gcc that this happens intentionally.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Starts the periodic heartbeat publish period at the end of the
publication, instead of at the ordering time. This ensures that the
heartbeat period doesn't get shortened by other enqueued messages.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
When performing node reset over a proxy connection, the disconnection is
asynchronous, and will finish after the reset callback goes to the
application. If the application restarts provisioning in this callback,
the disconnected-event is triggered after PB GATT is reactivated, and
this error is printed without any faults actually occurring.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
Adds a high-level documentation page for the Bluetooth Mesh Shell
subsystem, documenting all available commands and their parameters.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
Resolves a corner case where the segmented sending would be rescheduled
before the segments were done sending. This would happen if the
processing of each segment took longer than the retry delay. The
consequence of this was that some segments were resent multiple times at
the cost of other segments, occasionally causing a loss of transfers.
Rearranges, realigns and documents seg_tx structure bitfields in
transport.c. Removes bitwidth of counter fields, and collecting all flag
fields into one byte.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
Adds idle wait callback to proxy by counting the number of pending
notifications.
Ensures that all connected nodes have received messages before resetting
the mesh stack.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
Reverse the order of these checks because invalid PDU type will
never be expected. If PDU type is invalid we should respond with
error 0x0002 - Invalid format.
Signed-off-by: Michał Narajowski <michal.narajowski@codecoup.pl>
Friend Request is also transmitted over local queue and
if both Friend and LPN features are enabled then we would
try to establish friendship with ourselves.
Fixes MESH/NODE/FRND/LPN testcases.
Signed-off-by: Michał Narajowski <michal.narajowski@codecoup.pl>
The hardcoded value was arbitrary and interfered with message cache
mechanism causing invalid behavior and PTS test to fail.
Fixes MESH/NODE/RLY/BV-02-C.
Signed-off-by: Michał Narajowski <michal.narajowski@codecoup.pl>
According to Mesh Profile Test Specification we should still
relay messages with DST address that is RFU.
Fixes MESH/NODE/RLY/BV-01-C.
Signed-off-by: Michał Narajowski <michal.narajowski@codecoup.pl>
Key refresh procedure was ignored on non-primary subnet.
Mesh Profile Specification v1.0.1:
3.10.4 Key Refresh procedure
"This procedure is used when the security of one or more network
keys and/or one or more of the application keys has been compromised
or could be compromised."
"It is possible to update each NetKey independently of all other
NetKeys. A Key Refresh procedure for one NetKey can be in a different
phase to another Key Refresh procedure for other NetKeys."
Signed-off-by: Michał Narajowski <michal.narajowski@codecoup.pl>
Reset provisioning bearers when bt_mesh_reset() is called. Accept
another provisioning attempt after link close.
Signed-off-by: Michał Narajowski <michal.narajowski@codecoup.pl>
This value was used quite often in the file so adding a
descriptive name should improve readability.
Signed-off-by: Michał Narajowski <michal.narajowski@codecoup.pl>
The comparison of a current tx link transaction id caused
us to not send ack and in effect fail provisioning.
Signed-off-by: Michał Narajowski <michal.narajowski@codecoup.pl>
