Added BD_ADDR comparison in l2cu_lcp_allocate and removed check from
security connection request handler as it's handled in l2cu_lcp_allocate
for both connection request and create connection.
There was no need for this function as there is already a way present to
fetch own mac address. Own mac addr can be fetched by calling
controller_get_interface().
components/bt: Do not use feature: timer support isr dispatch method
disable controller after wake up finished.
protect critical section of power down
choose clk in sleep
components/coex: mac bb power down in light sleep
components/coex: Macro changed
components/os: protect reserved interrupt number
update phy to phy_version 300,6e46ba7,Jan 25 2021
some bugfix
free osi_funcs struct memory duiring failure of controller_init when necessary
components/bt: use s_lp_stat.phy_enabled to control the on/off of phy module
clean up style for controller_disable
clean up some empty functions and unnecessary comments
Added async wakeup src "BTDM_ASYNC_WAKEUP_SRC_TMR"
remove use of assert in controller_init, set error code upon some exceptions
move stop esp_timer early to phase0, add state variable wakeup_timer_started
Refactor bluetooth hardware PowerUp/PowerDown functions
component/bt: fix use of a deprecated MACRO "CONFIG_ESP32_WIFI_SW_COEXIST_ENABLE"
component/bt: fix sleep wakeup in controller disable procedure
remove use of s_pm_lock_sem
1. Modified the waking up approach from async to sync: post a message to controller task upon vhci downstream packets or controller disable, and in response, controller task goes through the wake-up procedure
2. Added Controller status check for the esp_vhci APIs
3. Adjust the procedure during controller_init, check the validity of arguments first
Some minor modifications for bluetooth sleep control and configuration
1. use variable flag s_btdm_allow_light_sleep to control the use of s_light_sleep_pm_lock
2. use variable btdm_lpclk_sel to choose bluetooth sleep clock, support only for external 32kHz crystal temporarily
component/bt: improve async_wakeup function
1. check power state first and then decide if wakeup needs to be performed
2. change the meaning of the return value, if wakeup request is posted to controller task, then return true, otherwise return false
put sleep control logics in controller init/deinit/enable/disable together
Use s_lp_cntl struct: replace bool-typed variable sleep_backup_en with s_lp_cntl.mac_bb_pd
Use s_lp_cntl struct: replace bool-typed variable s_btdm_allow_light_sleep with s_lp_cntl.no_light_sleep
Use s_lp_cntl struct: replace global variable btdm_lpclk_sel with s_lp_cntl.lpclk_sel
create semaphore s_wakeup_req_sem only when low power mode is required
Use s_lp_cntl struct: use s_lp_cntl.wakeup_timer_required to control the wakeup timer
use s_lp_stat to replace original state variable sleep_backup_done and s_pm_lock_acquired
one minor change for mac_bb_pd settings init: return error status if memeory allocation failed
1. Use bt_app_gap_init function
2. Add Security Simple Pair doc
3. Update README
Update SPP demo
1. Add input module for bt_spp_initiator demo to show the security simple pair features
2. Update README of bt_spp_acceptor and bt_spp_initiator demo.
Format comment in esp_a2dp_api.h
Format comment in esp_avrc_api.h
Format comment in esp_spp_api.h
Fix bt_discovery build err
Update HFP API guide error
Remove BTA_AV_DEBUG
Remove Trailing Whitespace & End of Files
This commit fixes 'Impersonation in Passkey entry protocol'
(CVE-2020-26558) and suggests fixes for other vulnerabilites like
'Impersonation in the Pin Pairing Protocol' (CVE-2020-26555) and
'Authentication of the LE Legacy Pairing Protocol'
CVE-2020-26558 can be easily implemented if the peer device can
impersonate our public key. This commit adds a check by comparing our
and received public key and returns failed pairing if keys are same.
This commit also adds comments suggesting to use secure connection when
supported by all devices.
Previously if starting/stopping BLE advertising when BLE Mesh
is enabled, the corresponding events will be notified through
the callback registered by esp_ble_mesh_register_prov_callback().
With this commit, the func esp_ble_mesh_register_ble_callback()
needs to be invoked for resgitering the callback used for BLE
coexistence related functionalities (i.e. ADV/SCAN).
Include external ram section in the linker template to process it
through linker script generation mechanism. This enables redirection of .bss section to external memory using linker fragments
libnet80211, libpp, libbt, liblwip: Redirect .bss through fragments
1.Fix supervision timeout in LLC DISC busy statue can not disconnect issue.
2.Solve the problem that the ble terminate ack packet may lose with a high probability in coex mode.
Rewrite ble dynamic prio to fix ble disconn in conn_param_update/channel_map_update
Rewrite ble dynamic prio in connection establishment
Fix ble dynamic prio with latency
Fix status bit set error when conn fail
use eventgroup to sync spp_vfs_write
each connection has a switch_delay_timer not sharing a one
revert functions like spp_find_slot_by_xxx
fix vfs read bug when peer close
Since we have provided separate functions for deleting node
information with node's unicast address, device uuid, etc.
So we update the behavior of this function, which will only
be used to delete device information which is not provisioned
or just under provisioning.
- Simplify PHY access API
- Move coexist initializing and deinitializing out from PHY API
to Wi-Fi and Bluetooth
- Remove coexist pause and resume for they are no longer needed.
* Fix the issue that deinit node with "erase_flash"
set to true, but info is not erased from nvs
* Reuse bt_mesh_cfg_reset() when deinit node
* Optimize Provisioner related erase operations
* No store pending timeout will be used when Node
is not provisioned OR Provisioner is disabled
and erase operation is performed
* Change the default timeout for settings operation
to 0, and rpl store rate to 0
1. Add g_av_with_rc to avrc_tg_init function
2. Remove g_av_open_fail
3. Add comment in API files
4. Add a2dp init & deinit state variable to inidcate a2dp statement
When reset the rx info of transport layer, the
rpl list will always cleared, and rpl stored
in the nvs will only be erased when erase flag
is true and BLE_MESH_SETTINGS is enabled.
Compared with the previous solution, it should
be more clear.
1. Add reaction for a2dp snk & src disconn req when no link up
2. Change state machine set before EVT upto APP layer in some cases
3. Add bool open_fail to choose whether post disconnection evt to app layer
Provisioner should always uses the latest IV Index for provisioning.
For example, if the current IV Index is 0x00000001, but prov->iv_index
is still initialized with 0x00000000, and if Provisioner uses prov->
iv_index for provisioning, this will cause the Provisioner failing to
control the node.
So here bt_mesh.iv_index is used instead of prov->iv_index.
- Previously when a model is initialized or deinitialized, in the
access layer, we need to check the model id with the ids in the
table in order to find the proper model operation function.
- Currently all the operation functions of each model will be set
during the mesh initialization. When the model is found, we can
directly use the corresponding callback for different operations.
- Currently only init/deinit operations are registered, later we
will add more operations.
* changing dependencies from unity->cmock
* added component.mk and Makefile.projbuild
* ignore test dir in gen_esp_err_to_name.py
* added some brief introduction of CMock in IDF
1. Add logs for SPP not enabled successfully
2. Add information to Applicatioin layer that the A2DP is connecting to peer device
Regular BTC and BTU Task name & Add BTC Init protection
1. Regular the BTC Task Name to Close a Github issue
Closes https://github.com/espressif/esp-idf/issues/4966
2. Add BTC Init failure protection
3. Regular BTU Task Name with BTC
4. Correct the comment of
a. SDP_ServiceSearchRequest and SDP_ServiceSearchRequest2
b. l2cu_create_conn_after_switch
5. Correct comment of esp_bt_hf_vra();
6. Fix cpp compilier region
Some Bluetooth devices - such as an Xbox One S controller (model 1708) - report more than two external features pages and are rejected immediately. Pages 1 and 2 are marked as unhandled in btm_devctl.c anyway, so there is no reason to block devices with more pages.
(IDFGH-3515)
Signed-off-by: liqigan <liqigan@espressif.com>
Merges https://github.com/espressif/esp-idf/pull/5481
Closes https://github.com/espressif/esp-idf/issues/5470
Currently only keep func pointer for the followings:
- Invalid parameter (mesh btc & mesh stack)
- Out of memory (mesh btc & mesh stack)
- Unknown act (mesh btc)
- Invalid model user data (mesh stack)
- BT_DBG("%s", __func__) (mesh btc & mesh stack)
- A few other specific situations (buf ref debug, send status check)
Different bluetooth host has different behaviors, so it's better
to maintain a scan check mechanism of BLE Mesh itself.
Fixes an issue when only PB-GATT is enabled for node, which will
output a scan error log when the device is provisioned.
Update send_ttl mainly for server models. When a server model
receives a message, and the status is required to be replied
by the application, we need to set send_ttl to the msg context.
If send_ttl is not updated in btc, and the applcation does not
set the TTL either, then the status will be replied with TTL=0,
which may cause the client side (e.g. the phone App) failed to
receive the status.
Closes https://github.com/espressif/esp-idf/issues/5300
ctx values to cb_params for the mesh stack.
recv_rssi was not copied.
This means the rssi could not be read when receiving generic server messages using ble_mesh.
1.In the description of the ESP_API header file, it should be the event that the application layer needs to handle, not the BTA layer.
2.Fix name typo of BTA_GATTS_CREATE_SRVC_EVT event
Closes https://github.com/espressif/esp-idf/issues/5446
Also remove some redundant CONFIG_BLE_MESH_PROXY checks, because
when the following options are satisfied, the CONFIG_BLE_MESH_PROXY
option will be selected mandatorily.
Prevent a remote device from doing a Bluetooth Impersonation Attack
(BIAS) by:
- Preventing remote device to downgrade secure connection
feature mask. Secure connection feature mask should remain same or
increase to enabled in link key generation and authentication.
- Doing a mutual authentication during Legacy Authentication.
Signed-off-by: Chinmay Chhajed <chinmay.chhajed@espressif.com>
- Before updating the "beacon_sent" of a subnet, we need to check
if the subnet still exists, especially for a Provisioner.
- Fix a bug which will cause Provisioner failed to send Secure
Network Beacon if no device is provisioned
- This issue was introduced in the commit: a788e7cd3d
which updated the bt_hex() function incorrectly.
- And in bt_hex(), we use 2 for the two-dimensional array, because currently
at most two bt_hex() will be used at the same time. Also this will save
some DRAM compared with using 4.
Previously the model recv operation is a littl fuzzy.
With the changes, the model recv operation is splitted into:
- find op
- check app_idx
- check dst
- check length
- update info & handle message
Bugfix/collection of confirmed fixes from baidu project
Closes BT-826, BT-542, BCI-31, BCI-34, BT-840, and AUD-1857
See merge request espressif/esp-idf!8675
The transport segmented TX nack and seg_pending fields must be at least
6 bits to avoid overflow for 32 segment messages. This change rearranges
the seg_tx fields to gather all state flag fields in one byte, while
making the counter fields whole bytes.
Ensures that friend messages are enqueued, even if the packet is
received with an appkey is unknown to the friend. Previously, sdu_recv
would return EINVAL if the appkey was unknown, which would prevent the
lower transport layer from adding the packet to the friend queue. This
is irrelevant for the logic in lower transport, and should not be
returned as an error.
Device name will be reset when deinit mesh stack. If not
initializing device name during the next mesh stack init,
it will fail to set the device name when using bluedroid.
Since bt_mesh_friend_init() will only be invoked when
a device is provisioned or Provisioner is enabled, so
we add a flag to indicate if the friend functionality
is initialized in case deinit before initialization.
Old version of BLE Mesh has no device role storage, because
previously we only support storing mesh node info.
If the binary of the node is upgraded from old version to a
new version (support storing provisioner info), the mesh info
of the node will not be restored because mesh role does not
exist in the flash.
When fast provisioning is enabled, Provisioner shall not
ignore messages from the nodes whose addresses are not in
the provisioning database. Because other nodes which are
not provisioned by the Primary Provisioner will send node
address messages to the Primary Provisioner.
When using fast provisioning, the Provisioner functionality
will be enabled. Unicast addresses within the pre-allocated
range will be used for provisioning nodes. And during the
address assignment, the allocated unicast address will be
checked that if it's duplicated with other nodes addresses
and the Provisioner's own addresses.
So before starting using fast provisioning, we need to update
the Provisioner address.
Since the behavior of sending segmented messages has been
changed properly, the calculation of timeout value which
will be used when sending an acknowledged message by a
client model also needs to be updated.
Add mutex to protect some variables of the mesh segmented
messages.
Currently the timeout handler of mesh will be executed in
the btc task, while the received mesh messages will be
handled in the btu task. In case some variables are set to
NULL when handled in the btu task, meanwhile these variables
are also accessed in the timeout handler, so we add mutex to
protect these variables and related operations.
The publication context is checked for NULL in bt_mesh_model_publish()
however it was dereferenced before that. Move the assignment to
ctx.send_rel to the same place where other ctx members are set.
Split mesh_util.h into mesh_byteorder.h, mesh_compiler.h,
mesh_ffs.h and mesh_util.h based on the classification of
Zephyr, which will make further porting more clear.
The Friend queue uses the message SeqAuth to determine whether the
message is already in the queue. To facilitate this, the SeqAuth is
passed around as a pointer throughout the transport modules. In the
bt_mesh_ctl_send functions, this parameter is also exposed in the API,
but the internal usage is inconsistent and buggy. Also, no one actually
uses this parameter.
- Removes seq_auth param from bt_mesh_ctl_send, instead passing NULL
directly to the friend module, to enforce its addition to the queue.
- Makes the seq_auth pointer const throughout the friend module.
Changes the behavior of the message cache to optimize for cache
capacity. Previously, the message cache's primary function was to avoid
decrypting messages multiple times, although the cache's main function
in the spec is to avoid message rebroadcasting. Optimizing for minimal
decryption causes us to fill the network cache faster, which in turn
causes more cache misses, potentially outweighing the advantage.
Now stores src + seq in message cache instead of field hash value. This
cuts cache size in two, while including more of the sequence number than
before.
Adds messages to the cache only after the packet is successfully
decrypted. This reduces noise in the cache, and ensures that no
invalid deobfuscations are added.
Additionally, this fixes a bug where multiple calls to net_decrypt with
the same packet failed, as the message cache found its own entry from
the previous call.
Implements several changes to the transport layer segmented tx to
improve group message performance:
- Moves retransmit counter to tx context instead of per packet. As every
unacked packet is sent every retransmit, the retransmit counters would
be the same in each segment. This makes it easier to control progress.
- Delays the scheduling of the retransmit until the completion of the
last segment by adding a seg_pending counter. This is essentially the
same as the old behavior, except that the old behavior might retrigger
the sending before all segments are finished if the advertising is
slow.
- Allows the group transmits to stop as soon as all retransmits have
been exhausted, instead of timing out waiting for acks that won't
come. This allows group tx to finish without error.
- Fixes a bug where a failed TX would block IV update.
- Cancels any pending transmissions of acked segments.
- Reduces log level for several common group tx scenarios that aren't
erronous.
Backport of https://github.com/apache/mynewt-nimble/pull/724
Mesh spec 1.0.1 changes proxy disabling behavior to only affect the
relaying from proxy nodes. Previously, disabling proxy would shut down
all proxy and node activity.
Tweaks from the original commit:
- Removed redundant call to bt_mesh_adv_update() in gatt_proxy_set()
- Removed invalid ref to 4.2.11.1 in node_identity_set()
---
According to Mesh Profile Spec 1.0.1, Section 4.2.11:
"If the Proxy feature is disabled, a GATT client device can connect
over GATT to that node for configuration and control. Messages from
the GATT bearer are not relayed to the advertising bearer."
Moreover some notes have been removed from the spec compared to
version 1.0:
Mesh Profile Spec 1.0, Section 4.2.11:
"Upon transition from GATT Proxy state 0x01 to GATT Proxy state 0x00
the GATT Bearer Server shall disconnect all GATT Bearer Clients."
"The Configuration Client should turn off the Proxy state as the last
step in the configuration process."
Mesh Profile Spec 1.0, Section 4.2.11.1:
"When the GATT Proxy state is set to 0x00, the Node Identity state
for all subnets shall be set to 0x00 and shall not be changed."
Until now the choice of reliable sending (segmented messages with
acks) was implicitly dependent on the size of the payload. Add a new
member to the bt_mesh_model_pub to force using segment acks even when
the payload would fit a single unsegmented message.
When PB-GATT support has been enabled the provisioning code "borrows"
the buffer from the proxy code. However, the way that initialization
was happening the proxy buffers were initialized only after
provisioning initialization, resulting in a corrupted buffer with
buf->data pointing to NULL. Reorder the initialization calls so that
proxy is done first and provisioning only after it.
Allow models to skip a periodic publish interval by returning an error
from the publish update callback.
Previously, an error return from publish update would cancel periodic
publishing. This can't be recovered from, and as such, no valid model
implementation could return an error from this callback, and there was
no way to skip a periodic publish.
The function bt_mesh_ctl_send() used to support maximum length of
11 bytes. The segmentation complies with the BLE Mesh Standard.
The ack is disabled in case of non unicast address.
Previously only mesh node info is supported to be stored
in flash. So when trying to reset the node, we only need
to judge if the BLE_MESH_VALID flag is set.
Currently we support storing both node & Provisioner info
in flash, when trying to erase the node info from flash,
the BLE_MESH_NODE flag will be checked. So we need to set
bt_mesh.flags to 0 when all the erase operations are done.
- Adds HID Host support in Buedroid
- Adds BLE HID Host and Device support
- Adds some general HID utilities and definitions to help integrate with other stacks and native USB
During BLE Mesh Provisioner initialization, the stack will restore
the nodes information if settings storage is enabled.
Previously when a failure happens (e.g. found the same uuid) during
the restore procedure, the information of the following nodes will
not be restored and error will be directly returned.
But this will introduce some problem with user experience, because
some newly provisioned nodes information will not be restored and
Provisioner will not be able to control those nodes.
So we change the operation here, when a failure happens during the
restore procedure, Provisioner will only ignore the information of
the current node and continue restoring other nodes information.
With this change, if a Provisioner has provisioned the maximum
number of nodes, it can still report the unprovisioned device
beacon from other nodes to the application layer. And this will
be more reasonable compared with the previous implementation.
Previously when the node array of Provisioner is full, no beacon
from unprovisioned devices will be reported, only some warning
logs will be given.
Previously only check the node address when it is assigned by the
application layer. Here we also check the address when the address
is allocated internally. And this will be useful when some mesh
internal tests are performed.
Previously the BLE_MESH_MAX_STORED_NODES option is added for
internal mesh test, which will be a little confusing for the
users to understand.
Here we remove this option, instead the BLE_MESH_MAX_PROV_NODES
will be used for all the cases. For mesh internal test, when
the test function is called to add some nodes info, the info
will be stored in the array of provisioned nodes directly.
The replay protection list of Provisioner should be at least equal
to the number of nodes with the precondition that each node contains
only one element.
The help information of replay protection list is updated, and the
maximum number of nodes for Provisioner is adjusted based on the
replay protection list size.
Using the ble mesh white list test functions, a node can choose to
only receive mesh messages from a specific node and relay the
messages for it. Messages from other nodes will be ignored.