Fix the controller implementation to handle data packet
enqueue being pause on Encryption Request be done early in
the ULL when enqueueing packets towards LLL.
Fixes#18645.
Signed-off-by: Vinayak Kariappa Chettimada <vinayak.chettimada@gmail.com>
Rename AUTHENTICATION, to AUTH, since this is a well established short
form of the word.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Rename bt_conn_security to bt_conn_set_security, this makes the API
naming more consistent.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Rename security level enum, using level and number instead of low,
medium, high and fips.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
poll() and related things are expected to be declared in this header
by POSIX applications.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Make sure that the extension, like HBHO, sub-option length is
not too large.
Fixes#16323
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
A security vulnerability in the Bluetooth BR/EDR Bluetooth Core
specification versions 1.0 through 5.1 has been identified as
CVE-2019-9506. The Bluetooth BR/EDR encryption key negotiation
protocol is vulnerable to packet injection that could allow an
unauthenticated user to decrease the size of the entropy of the
encryption key, potentially causing information disclosure and/or
escalation of privileges via adjacent access. There is not currently
any knowledge of this being exploited.
From Core spec erratum 11838:
A device shall enforce an encryption key with at least 128-bit
equivalent strength for all services that require Security Mode 4,
Level 4. For all other services that require encryption, a device
should enforce an encryption key with at least 56-bit equivalent
strength, irrespective of whether the remote device supports Secure
Simple Pairing.
After encryption has been enabled, the Host should check the
encryption key size using either the HCI_Read_Encryption_Key_Size
command (see [Vol 2] Part E, Section 7.5.7) or a vendor-specific
method.
Fixes#18658
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
In case sufficient security level wasn't reached the error propagation
was missing, which could lead to incorrect state transitions when
update_sec_level_br() returns. Return true/false and make sure to
abort any further operations in case the update fails.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The storage for the public key is pub_key in hci_core.c.
When the public key event is generated the public key is copied into
this buffer, but the pointer to the event storage of the key is given
in the public key ready callback (bt_smp_pkey_ready).
SMP expects that it is safe to assign a global pointer to this variable.
In smp_init bt_pub_key_get is used to get the pointer to the public key.
In both cases SMP assigns the le_sc_pub_key to the pointer given.
This creates an issue when bt_smp_pkey_ready callback occurs after
smp_init during pairing procedure, SMP will then have a pointer to an
event buffer that has been released and contains invalid data.
Fixes: #18580
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Increase temporary buffer size to 8 bytes in fcb_append to prevent
stack overflow in case flash alignment is bigger then 2 bytes.
Signed-off-by: Jan Van Winkel <jan.van_winkel@dxplore.eu>
We need to increase the stack size of the main thread, to
avoid stack overflow, when executing the tests on various
platforms.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add console testing harness for expected output. This allows us
to validate that the test is running properly on hardware.
We expect output of the form (the Reboot_counter will increment
overtime).
Id: 1, Address: 192.168.1.1
Id: 2, Key: ff fe fd fc fb fa f9 f8
Id: 3, Reboot_counter: 5
Id: 4, Data: DATA
Id: 5, Longarray: 0 1 2 3 4 5 6 7 8 9 ... 7f
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Add simple console testing harness for expected output. This allows us
to validate that the test is running properly on hardware.
We expect the sample to report back somthing like:
Counter received: 1
Counter received: 2
Counter received: 3
Counter received: 4
...
etc.
So have a simple regex check for it.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Some smaller stm32l0x MCUs, such as stm32l011x, do not have GPIOH
port. Fix build for those by checking LL_SYSCFG_EXTI_PORTH macro.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Ensure that two routines won't interfere with eachother.
In current situation there is possibility that ENDRX will be called
during rx_timeout routine or vice-versa which will result in wrong
offset and length passed to user.
Signed-off-by: Mieszko Mierunski <mieszko.mierunski@nordicsemi.no>
Due to longer than expected user callback handling, rx byte counting
got out of sync with real values. It leads to incorrect values
reported to user. This fix adds sync point at the end of buffer.
When using hardware rx counting this issue should not occur.
Signed-off-by: Mieszko Mierunski <mieszko.mierunski@nordicsemi.no>
The size of the request buffer (USB_REQUEST_BUFFER_SIZE)
is configurable and depends on the needs of an application.
Check if the request buffer is not too small.
Signed-off-by: Johann Fischer <j.fischer@phytec.de>
Give the security changed callback when the peripheral initiated
security request and peer attempted to encrypt the connection but no LTK
match was found.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Make sure that a new pairing procedure with an existing bond does not
result in a security with weaker security properties.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add option to force the host to initiate pairing procedure even if the
host has encryption keys for the peer.
This option can be used to pair with a bonded peer that has deleted its
bonding information without deleting the keys. If new pairing results
in weaker keys the pairing will be aborted.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add security error to security_changed callback. Call this callback when
security has failed and provide current security level and error.
Reason for failure can be.
- Pairing procedure failed, pairing aborted before link encryption.
- Link encrypt procedure failed
- Link key refresh procedure failed.
Fix missing bt_conn_unref on encryption key refresh with error status.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Stop the pairing procedure in the request phase if no storage is
available for the keys. This avoids the pairing procedure from failing
during the key distribution phase.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Proved the Authentication callback for pairing failed and pairing
complete when BR/EDR SSP is complete.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Allow SMP debug keys to behave in the same way as normal keys, in order
to debug with encryption and Bluetooth sniffer the exact way it behaves
when not using debug keys.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
A second semaphore is used for the second trickle timer, so that if the
first timer expires twice before the second one, the test would still
wait before proceeding to check on cb_2_called.
Fixes#18598.
Signed-off-by: Vincent Wan <vincent.wan@linaro.org>
The commit fixes the way we determine an available
NVIC IRQ line to perform the zero-latency IRQ test.
The test can now run properly on SOCs that do not
have a continous set of implemented NVIC IRQ lines.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The reason we decide to ignore it in code coverage:
1.No test case can cover the function for code coverage.
2.Even if we added a test for testing, it would be marked as
"never be called by other code" because the function cause
CPU halted and it can't return.
Signed-off-by: Peng Su <peng.su@intel.com>
Set the recommended thread stack size to 40 bytes in case a build is
made for a 64-bit native posix board
Signed-off-by: Jan Van Winkel <jan.van_winkel@dxplore.eu>
When LWM2M_RD_CLIENT_SUPPORT_BOOTSTRAP is enabled:
- Mark the first server as a bootstrap server
- Create second server and security instances (used by bootstrap
server)
This allows bootstrap support to be tested out of the box with
the following:
- setup Leshan bss-server-demo (bootstrap server) on port 5783
- setup Leshan server-demo (lwm2m server) on port 5683
- add an entry into the bootstrap server:
LWM2M Server=coap://[2001:db8::2]:5683
- build the sample like so:
west build -t run -b qemu_x86 \
-s zephyr/samples/net/lwm2m_client/ -- \
-DCONFIG_LWM2M_RD_CLIENT_SUPPORT_BOOTSTRAP=y \
-DCONFIG_LWM2M_PEER_PORT=5783
Signed-off-by: Michael Scott <mike@foundries.io>
When the bootstrap support was added, it looks like I somehow missed
the handling block in the engine.
Let's add it now to fix boostrap support.
Fixes: https://github.com/zephyrproject-rtos/zephyr/issues/18080
Signed-off-by: Michael Scott <mike@foundries.io>
- LWM2M_SECURITY_INSTANCE_COUNT wasn't following the standard of
having the unconditional default in the last position
- LWM2M_SERVER_INSTANCE_COUNT needs another instance when
bootstrap is enabled.
Signed-off-by: Michael Scott <mike@foundries.io>
LwM2M boostrap support is enabled via the config option:
LWM2M_RD_CLIENT_SUPPORT_BOOTSTRAP. If enabled, this config sets
the default # of server and security instances. However, this is
not working correctly because LWM2M_RD_CLIENT_SUPPORT_BOOTSTRAP
is defined below it's uses in the Kconfig file.
Let's move the RD_CLIENT configs higher in the Kconfig to fix this
behavior.
Signed-off-by: Michael Scott <mike@foundries.io>
The sphinx-tabs extension provides a tabbed interface within documents
that will let us dynamically display information based on a user
selection, for example, for instruction variations based on the user's
development OS (Linux, macOS, Windows).
I'm adding this early so it can get integrated into the CI doc build
before subsequent PRs using this extension are submitted.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
The test assumes that storage is clear before it runs. This
might be not true as lot of devices are only partially erased by
'west flash'.
Patch introduce procedure for testing whether test runs the first
time and clear storage if so.
The procedure uses mark which is stored inside SoC embedded program
flash. It will not work one devices on which read/write to it is
impossible.
fixes#16463
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
CONFIG_NUM_IRQS blindly assumes CONFIG_2ND_LEVEL_INTERRUPTS
and CONFIG_3RD_LEVEL_INTERRUPTS are always enabled together,
which is not always the case. So fix the #define.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
There are only 178 interrupt lines on CC3220SF. Hence we should not set
NUM_IRQS to a value exceeding that value. We are changing it to 178.
Fixes#18593
Signed-off-by: Vincent Wan <vincent.wan@linaro.org>
CONFIG_NET_SOCKETS_POSIX_NAMES is incompatible with POSIX_API, so it's
disabled by the build system. It's no longer required anyway.
It is a leftover from before #16557 was merged.
Signed-off-by: Piotr Zierhoffer <pzierhoffer@antmicro.com>
west is yet another python package, so lets add it here. This will
provide us with one single file with all python requirements that can be
used during setup and for example for docker images.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Vinayak Kariappa Chettimada