This correctly initializes net settings related to node features
based on node configuration: either defaults in the case of
a newly node created/provisioned/imported node or the configured
values read from stored existing node.
This change makes the node initialization a bit easier to follow.
Replace if-else with switch when processing request type, descriptive
function names, more predictable code flow.
In certain circumstances, reception of PB-ADV messages may trigger
session close. This rearrange ACKs new verified messages before
performing call-back to avoid situations where the session no longer
exists after the message has been handled.
This caused static analysis errors during provisioning, which are now
addressed.
If pb_session is freed in timeout, close indication will not be sent.
pb_session is freed in pb_adv_unreg() and hence removed from tx_timeout.
Added acceptor_free() in acp_prov_close() to ensure pb_session is freed.
For initiator, transaction number starts from 0x00 where as for acceptor
transaction number starts from 0x80. Since transaction number is
pre-incremented and sent in every packet, initialize it with 0xFF for
initiator and 0x7F for acceptor.
The Foundation Model Layer uses little endian ordering. As a
consequence the (re)transmit count and interval steps in the Config
Relay, Config Model Publication and Config Network Transmit messages
use the lower 3 bits for the (re)transmission count and the higher 5
bits for the interval steps.
The figure 4.5 in section 4.3.2.16 of the Mesh Profile Bluetooth
Specification provides a good clarification.
This patch therefore fixes those messages for both the daemon and
configuration client parts.
Friendship support re-written such that it can now support multiple
nodes (on multiple mesh networks) as friends to remote Low Power Nodes
(LPNs). Validated to properly respond to Friend Requests when enabled,
and a hard coded Friend Queue size of 32 (FRND_CACHE_MAX).
Node Features are currently all under the control of the mesh daemon,
and should be ignored when attaching. Eventually all Composition
feature bits will be controlled by a master mesh.conf file, overriding
any local node specific settings.
This code fixes the Provisioner Initiator role so that the following
Out-of-Band agent calls are made correctly, and their results handled
properly:
"push", "twist", "blink", "beep", "vibrate", "in-numeric",
"out-numeric", "in-alpha", "out-alpha"
There is a confusion between the node default TTL (section 4.2.7) and
the publish TTL (section 4.2.2.5):
- The node default TTL can only take values 0x00, and 0x02 to 0x7f. The
value 0xff is not prohibited.
- The publish TTL can take values 0x00 to 0x7f, as well as 0xff which
means use the node default TTL.
Currently the default node TTL is set to 0xff (DEFAULT_TTL), and
read_default_ttl() also allows such a value. This patch fixes that to
use 0x7f (TTL_MASK) as the default value instead.
Note that the code handling OP_CONFIG_DEFAULT_TTL_SET correctly use 0x7f
(TTL_MASK) for the upper allowed limit.
This introduces a chain of callbacks to indicate whether mesh io
is initialized and mesh network is ready to use.
This fixes the reported situation when the receive callbacks
were setup before the HCI was fully initialized. In other words,
BT_HCI_CMD_LE_SET_SCAN_PARAMETERS was called before BT_HCI_CMD_RESET
and, as the result, the callback issueing BT_HCI_CMD_LE_SET_SCAN_ENABLE
command was not called.
If a provisioner app quits or the daemon is stopped while there's
an active scan for unprovisioned devices in progress, the scan needs
to be explicitly canceled.
This fixes the following build error when compiling in maintainer mode:
mesh/keyring.c: In function ‘finalize’:
mesh/keyring.c:142:8: error: ignoring return value of ‘write’, declared with attribute warn_unused_result [-Werror=unused-result]
(void)write(fd, &key, sizeof(key));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
This fixes the cleanup routine that is called after AddNode method
on org.bluez.mesh.Manager1 interface is complete: do not remove
the agent associated with the Provisioner (owner of Manager interface).
This adds a check for org.bluez.mesh.Manager1 interface calls to
validate that a message sender, i.e. thatt the sender is the original
owner of the node object generated on Attach() method call.
If the check fails, org.bluez.mesh.Error.NotAuthorized is returned.
This fixes inconsistency when reading/writing NetKey and AppKey
indices to/from JSON config storage:
- when writing, convert an integer to hex string
- when reading, convert hex string to uint16 integer
This is a major rewrite of Secure Network Beacon (SNB) handling
that includes:
* Seperating Key Refresh from IV_Index handling
This is a clearer handling of the two features. Although both features
are represented in SNB's, they run independantly.
* Creating a Seperate IV_Index initialization and updating state
distinct from the current values sent and received in SNBs.
If a restart occured during an IV Update procedure (96 hours long)
the IVU bit got lost, and Sequence number resetting was not done
correctly.
* Assuring that all Nodes handled by daemon receive each incoming
beacon. SNB handling previously stopped after the first node
successfuly handled it, although the SNB may be valid for many local
nodes.
This fixes the following segfault:
node_init_cb (node=0x0, agent=0x0) at mesh/mesh.c:359
reply = dbus_error(join_pending->msg, MESH_ERROR_FAILED,
user_data=0x5555555be170) at mesh/node.c:1760
dbus=<optimized out>) at ell/dbus.c:216
user_data=0x5555555a6e00) at ell/dbus.c:279
user_data=0x5555555a7ef0) at ell/io.c:126
at ell/main.c:642
at mesh/main.c:205
The fault was caused by the premature deletion of preserved state.
This moves setup of disconnect watch for the application calling the Join()
method into the node_init_cb(), after a temporary node has been
successfully created.
Move appkey_packet_decrypt to mesh/model, rename it to
app_packet_decrypt, make it private and change arguments to be aligned
with other decryption functions.
Also, simplify the implementation using an inline loop, removing the
need of mod_decrypt struct.
We do *not* automatically create populated key rings for imported or
joined nodes, but we also do not *forbid* any node from adding a key
in it's possesion to the local key ring.
There are two (known) use cases for Import()
1. Node previously existed on a different physical piece of hardware,
and is being migrated to this daemon.
2. Node was newly provisioned Out-Of-Band, and this is the net result
of the provisioning.
In *neither* case is it a given that the Node should be able to
provision another node (the effect of adding the Net Key to the key
ring). In neither case is it a given that the Node should be able to
modify it's own Config Server states (the effect of adding it's
Device Key to the key ring).
When sending or receiving Device Key (privileged) mesh messages, the
remote vs local device key must be specified. This allows Apps to
specify Key Ring stored device keys, and sanity checks that the correct
key exists before allowing the transmission. Loopback messages to local
servers *must* use keys from the Key Ring to indicate privilege has been
granted.
This changes the prototypes for mesh_config_model_binding_add() and
mesh_config_model_binding_del() to take the element's address as input
parameter instead of the element's index. The change aligns the API
with other functions that handle storage of model states.
Designed so that if an unexpcted abort() occurs, the bound NetKey remains
in state 2 or 3. If successful, the NetKey is set to Phase 0, and all
bound AppKeys are in their correct state.
This handles the case when an inbound message is addressed to
a fixed group, i.e., all-proxies, all-friends, all-relays and
all-nodes. The message is delivered to a primary element only,
and, with the exception of all-nodes case, if the corresponding
feature is enabled on the node.
One time test at startup to ensure either kernel version v4.9 or later,
*or* that required AES-CCM support has been back-ported. If support not
there, daemon will run without providing D-Bus service or attaching to
controllers (prevents systemd thrashing).
To enable applications to talk to the local node's internal models, it's
useful to know its unicast addresses. They are known after CreateNetwork
and Import, but after Join, the allocated address is only known to the
provisioner.
This patch enables read only access to list of allocated unicast
addresses.
This consolidates definitions of commonly used constant values
into a single header file. The constant values are based on mesh
specification, plus a few internal utility constants (masks, etc.)
Also, removes redundant redefinition maximum message length.
This confines sequence overcommit logic in mesh-config-json, as other
storages might use a different mechanism to ensure reliability.
Also, refactored logic to calculate overcommit value to avoid division
by zero when messages are sent too fast.
This method allows local nodes to be imported from an external
provisioning database, enabling applications to create mesh nodes
without using provisioning procedure.
The procedure is similar to provisioning procedure, but all data
exchange happens over D-Bus.
Instead of validating application by enumerating D-Bus objects, create a
temporary node instance and check if composition data generated for the
temporary matches the node loaded from storage.
This allows node validation logic (primary element, mandatory models etc)
to be confined in node_generate_comp() function.
This also streamlines code implementing Attach(), Join() and
CreateNetwork() calls.
When a model receives a message, it is required by the spec
to respond using the same credentials. When an App Key is used,
this is trivial because App keys are bound to Net keys, so only
the App Index is required. Messages received on a Device key
however, need the Net Index preserved from original message for
re-use during the response.
This renames mesh_config_srv_init() to cfgmod_server_init() to avoid
confusion with mesh_config_..> API and to reflect that the call pertains
to configuration server model.
This adds APIs to set a directory for storing node's key ring info.
The directory is named MESH_STORAGE_DIR/<node uuid>. This directory
may contain additional node info plus node configuration, if node
configuration storage follows the same layout (as it does when
JSON based config file format is used).
This eliminates storage_set...() routines as an intermediate
layer between mesh_config layer and the rest of the daemon when
storing updated node configuration values.
For the JSON based implementation, each call to mesh_config_write...()
routines results in writing to the node configuration file.
This moves writing out of node configuration from storage.c down to
mesh-config-<format-specific>.c to allow for more generic storage layout.
New generalized API in mesh-config.h:
mesh_config_save_config(struct mesh_config *cfg, bool no_wait,
mesh_config_status_func_t cb, void *user_data)
replaces the old one in storage.h:
storage_save_config(struct mesh_node *node, bool no_wait,
mesh_status_func_t cb, void *user_data)
Currently, only JSON format is supported for storing node configuration:
mesh_config_save_config is implemented in mesh-config-json.c
This removes dependency on json-s/json.h header from everywhere
in the code except for mesh-config-json.c. The details about
node configuration storage format are obfuscated: a pointer
to an opaque mesh_config structure is stored with mesh_node and is
passed around to mae all the storage related operations.
This moves mesh-db.h to mesh-config.h and mesh-db.c to mesh-config-json.c.
mesh-config.h declares common APIs for storing mesh node configuration.
mesh-config-json.c defines the APIs for JSOn specific storage.
This allows for future parallel implementation a different (not JSON-based)
mechanism of storing node configuration.
This commit moves initialization of configuration parameters
for node->net when the local node state is restored from stored
configuration. Old location: storage.c, new locaiton node.c.
Provisioning packets are defined in the specification
as packed big endian structures. Instead of specifying
an octet array, we now use struct matching the spec.
Provisioning uses the same AD type for Provisioning that
is also used by the Secure Network Beacon, but their
usage is distinct from each other. This change allows
us to enable/disable Unprovisioned Device Beacon capture
without disrupting SNB handling.
This fixes a segmentation fault introduced by earlier changes.
Segmentation fault was used by accessing a queu that has been
destroyed, but the corresponding pointer hasn't been set to NULL.
This adds ability to receive messages encrypted using known remote
device key. Such a key must be added to the node's keyring using
ImportRemoteNode() method of org.bluez.mesh.Management1 interface.
Decrypted messages are then forwarded to the application using
DevKeyMessageReceived() D-Bus API.
Also, messages originating from a local node and encrypted using local
device key are forwarde to the application as well, if they weren't
handled by internal model. This allows e.g. receiving status messages
from a local Config Server in the application.
This patch implements D-Bus DevKeySend() method of org.bluez.mesh.Node1
interface, allowing the application to send messages encrypted using
a known remote device key.
At the moment the call ignores net_index argument and sends messages
using the primary subnet.
Also, it's no longer possible to use 'magic' key_index value 0x7fff
(denoting local device key) when calling regular Send(). Applications
should use DevKeySend() instead.
This is needed to distinguish incoming messages encrypted using a device
key: if the key is local, the message can be forwarded to internal
models. If the key is a known remote one, it will be forwarded to the
application via DevKeyMessageReceived() API.
This consolidates multiple places where node's object paths,
interfaces, etc. are de-allocated, into one routine:
free_node_dbus_resources().
This also addresses memory leaks assosiated with inconsistent freeing
of object path strings.
This fixes incorrect conditional checks in restore_model_state()
which could lead to dereferencing a NULL pointer.
Wrong: if (l_queue_isempty(mod->bindings) || !mod->cbs->bind) ...
Fixed: if (!l_queue_isempty(mod->bindings) && cbs->bind) ...
Currently when the get_managed_objects_cb() fails it frees
the node resources but the node still remains on the "nodes" queue.
This implementation calls node_remove() instead of
free_node_resources()."
This adds proper checks for model publication removal:
the publication is not virtual and the publication address is set to zero,
i.e., UNASSIGNED_ADDRESS.
Also removes double memory allocation for model publication and
miscellaneous redundancies.
This tightens up the accounting for locally stored virtual addresses.
Alos, use meaningful variable names to identify components of a
mesh virtual address.
Since IV Index is used in application nonces, we need to honor IVI flag
not only in network layer crypto, but also in application layer.
This means that if IVI field of incoming packet is different than in
current IV Index, try to decode *both* net and app layers using IV Index
decreased by one.
This removes check for "mesh" as the parent directory name and, instead,
verifies that the node configuration directory name is the hexadecimal
string representating the node's UUID.
Mesh daemon internally implements the Config Server SIG model.
When generating node, if the Mesh Element in mesh application
returns modelId 0 among its supported models, it should be skipped,
otherwise it will be duplicated and saved in the storage file.
This patch fixes correctly skipping Config Server model during node
creation.
This patch separates 'mesh' module from 'mesh_io', particularly
regarding configuration and initialization.
Main code is no longer aware of MGMT and HCI usage - querying available
HCI interfaces now happens in mesh-io-generic.
MGMT code is now extracted into mesh-mgmt module, which mesh-io-generic
uses to query interfaces.
This patch cleans up redundant checks in add_key() and mesh_net_set_key():
no need to check the result of l_queue_push_tail() and no need to check
if subnet is valid after it was successfully created.
This patch modifies the behavior of node configuration parsing:
if "elements" property is not present, th configuration file
for this node is regarded as malformed.
Also, clean up style.
Due to known AEAD encryption deficiencies in old versions of the
kernel, we have added a section on identifying and back-porting
mesh to otherwise non-supporting platforms.
Implements following org.bluez.mesh.Management1 methods:
ImportRemoteNode()
DeleteRemoteNode()
These methods are used to maintain Device Key keyring storage.
Implements following org.bluez.mesh.Management1 methods:
CompleteAppKeyUpdate()
SetKeyPhase()
These methods are used to maintain Key Refresh settings
in the keyring storage.
Implements following org.bluez.mesh.Management1 methods:
CreateAppKey()
ImportAppKey()
UpdateAppKey()
DeleteAppKey()
These methods are used to maintain App Key keyring storage.
Implements following org.bluez.mesh.Management1 methods:
CreateSubnet()
ImportSubnet()
UpdateSubnet()
DeleteSubnet()
These methods are used to maintain Net Key keyring storage.
This adds check for the presence of org.bluez.mesh.Provisioner1
interface when collecting information about mesh application
that is received in callback of GetManagedObjects() method.
Set "provisioner" flag in the node structure to trueto indicate
that the node may act aa a provisioner.
This implements internal key storage add/delete/fetch for the three
basic key types managed in Mesh: Network, Application and Device.
This key storage is separate from keys assigned to nodes within the
mesh, and are used to support Configuration Client functionality.
Add a tree structure to a nodes data storage, in order to safely handle
Replay Protection list, Refactor local Sequence Numbers, and add Key
storage for Config Client nodes.
This implements CreateNetwork() method on org.bluez.mesh.Network1
interface. Invoking this method generates a self-provisioned
local node associated with a brand new mesh network. This new
network is bare bones: only one network key is defined. The new node
assumes the role of mesh network manager and will be able to use
soon to be implemented methods of org.bluez.mesh.Management1 interface
to provision remote nodes into its network and to add/update/remove
network and application keys.
Instead of keeping track of unique 16bit node identifiers, reuse their
UUIDs to create both storage directories and dbus objects.
Because of that:
- UUID is no longer stored in the JSON file, it's inferred from the
directory name instead
- Join(), CreateNetwork() and ImportLocalNode() APIs return an error if
given UUID already registered within the daemon
Consolidate functions to parse and process properties of mesh
element objects. Also, add validation of element composition
when processing Attach() method.
This changes the prototype for the callback function of
Attach() method call: remove unused node_path argument and make the
callback more generalized and re-usable for other method calls.
This fixes the accidental swap of conditional checks: on failure,
remove agent info if agent is registered and remove temporary node,
if one has been created.
If a node is already attached to an application process,
disallow another appication to attach to the same node.
This means that an Attach() method called with the token
identifying a node that is already in use, returns an error
org.bluez.mesh.Error.AlreadyExists
Fix issue assuming that failed calls to json_object_object_get_ex() will
always NULL the out parameter. Re-coded to always check the returned
boolean for success or failure.
This fixes the situation when a new app key binding is being
added to a model and the list of bindings does not exist yet.
If the list does not exist, it is created and the binding is
added to it.
Also, remove unnecessary memory alloc check when model subscriptions
are added.
Use correct parameters when calling l_dbus_message_iter_get_fixed_array().
Also, check the return value and the length of the processed array and
return an error if the checks fail.
