This commit introduces a new Kconfig symbol MCUMGR_SMP_BT_AUTHEN.
When selected it configures the Bluetooth mcumgr transport to require
an authenticated connection.
If the Bluetooth mcumgr transport is selected then this new symbol is
selected by default. Bluetooth SMP is also selected to ensure Zephyr
is configured with Bluetooth security features enabled to provide
Bluetooth authentication APIs to the user's app. Users can choose to
disable this level of security for the Bluetooth mcumgr transport if
they do not require it.
Fixes#16482
Signed-off-by: Nick Ward <nix.ward@gmail.com>
This adds support to set different permissions to CCCD so security can
be checked when enabling notification which conforms to:
BLUETOOTH CORE SPECIFICATION Version 5.1 | Vol 3, Part G page 2360:
'3.3.3.3 Client Characteristic Configuration
Authentication and authorization may be required by the server to
write the configuration descriptor.'
In addition to that also ensure that notification are not re-enabled
until the proper security level is reached to conform to the following
statement:
'10.3.1.1 Handling of GATT indications and notifications
A client “requests” a server to send indications and notifications
by appropriately configuring the server via a Client Characteristic
Configuration Descriptor. Since the configuration is persistent
across a disconnection and reconnection, security requirements must
be checked against the configuration upon a reconnection before
sending indications or notifications. When a server reconnects to a
client to send an indication or notification for which security is
required, the server shall initiate or request encryption with the
client prior to sending an indication or notification. If the client
does not have an LTK indicating that the client has lost the bond,
enabling encryption will fail.'
Fixes#17983
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This removes the necessity of registering the storage for CCC and make
it part of the declaration itself.
Fixes#18547
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This adds a possibility to unregister GATT SMP service.
Using this function, device can disable Firmware Update
functionality, if not needed.
Signed-off-by: Mariusz Skamra <mariusz.skamra@codecoup.pl>
This fixes freeing net_buf without bt_conn_unref call.
As the result, the OTA was broken.
Fixes 8636
Signed-off-by: Mariusz Skamra <mariusz.skamra@codecoup.pl>
Instead of storing a bt_addr_le_t, just store a pointer to the bt_conn
object (which is what the code is interested in anyway). This way the
user data size requirement drops from 7 to 4, which is the default
that all current users are happy with.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Nick Ward