Future versions of Mesh will introduce new advertising packets, which
do not fit in the limited and rigid filtering currently used. This minor
rewrite allows registering and receiving of *any* AD types, including
the filtering on multiple octets of the incoming AD parts.
This fixes a bug when a virtual label and its size hasn't been passed
to a decryption function: instead of always using NULL pointer for
label and 0 for lable size, use actual virtual label info if decrypting
a payload addressed to a virtual destination.
This fixes how app key files are accessed when finalizing
Key Refresh procedure. Instead of using open(entry->d_name, ...)
to get file descriptor, use openat(dir_fd, entry->d_name, ...)
since entry->d_name contains a relative app key filename, not an
absolute path.
This handles a case when a Key Refresh procedure is in place with
no application keys stored in the keyring. When KR procedure is
finalized, the check for the presence of AppKeys storage directory
does not return failure if the directory does not exist.
Also, remove duplicate include.
Re-arranged for efficiency. Replay Protection was set up as an atomic
check-and-add operation. Now we check the message early so we can
discard it without taking further action, and only add it to the RPL
once fully verified that it was authorized and addressed to us.
Mesh specification requires that Replay Protection be preserved
across node restarts. This adds that storage in
<node_uuid>/rpl/<iv_index>/<src>
Realtime access remains in an l_queue structure, and stored as
messages are processed.
Replay Protection was only being applied against Application Keys,
but messages with Device Keys are just as vulnerable, and need to be
checked as well.
Scrub of Sequence Number handling of OB messages to account for in-node
delivery of segmented messages, so that each discrete message has a
unique sequence number for the RPL.
The specification calls for a flatter Replay Protection List that
applies to all processed messages, regardless of which credentials
were used to secure them. So storage and checking is now centralized
in mesh/net.c
In Public Key OOB case, when provisioner receives public key via
OOB, provisioner has to send it's public key to remote node and
and then proceed for authentication.
Handle invalid keys case.
Provisioning agent interface methods PublicKey, PrivateKey and
Cancel do not accept any parameters. So, while invoking them
explicitly set the parameters to "".
Any packet that may be handled internally by the daemon must be sent in
it's own idle_oneshot context, to prevent multiple nodes from handling
and responding in the same context, eventually corrupting memory.
This addresses the following crash:
Program terminated with signal SIGSEGV, Segmentation fault.
0 tcache_get (tc_idx=0) at malloc.c:2951
2951 tcache->entries[tc_idx] = e->next;
(gdb) bt
0 tcache_get (tc_idx=0) at malloc.c:2951
1 __GI___libc_malloc (bytes=bytes@entry=16) at malloc.c:3058
2 0x0000564cff9bc1de in l_malloc (size=size@entry=16) at ell/util.c:62
3 0x0000564cff9bd46b in l_queue_push_tail (queue=0x564d000c9710, data=data@entry=0x564d000d0d60) at ell/queue.c:136
4 0x0000564cff9beabd in idle_add (callback=callback@entry=0x564cff9be4e0 <oneshot_callback>, user_data=user_data@entry=0x564d000d4700,
flags=flags@entry=268435456, destroy=destroy@entry=0x564cff9be4c0 <idle_destroy>) at ell/main.c:292
5 0x0000564cff9be5f7 in l_idle_oneshot (callback=callback@entry=0x564cff998bc0 <tx_worker>, user_data=user_data@entry=0x564d000d83f0,
destroy=destroy@entry=0x0) at ell/idle.c:144
6 0x0000564cff998326 in send_tx (io=<optimized out>, info=0x7ffd035503f4, data=<optimized out>, len=<optimized out>)
at mesh/mesh-io-generic.c:637
7 0x0000564cff99675a in send_network_beacon (key=0x564d000cfee0) at mesh/net-keys.c:355
8 snb_timeout (timeout=0x564d000dd730, user_data=0x564d000cfee0) at mesh/net-keys.c:364
9 0x0000564cff9bdca2 in timeout_callback (fd=<optimized out>, events=<optimized out>, user_data=0x564d000dd730) at ell/timeout.c:81
10 timeout_callback (fd=<optimized out>, events=<optimized out>, user_data=0x564d000dd730) at ell/timeout.c:70
11 0x0000564cff9bedcd in l_main_iterate (timeout=<optimized out>) at ell/main.c:473
12 0x0000564cff9bee7c in l_main_run () at ell/main.c:520
13 l_main_run () at ell/main.c:502
14 0x0000564cff9bf08c in l_main_run_with_signal (callback=<optimized out>, user_data=0x0) at ell/main.c:642
15 0x0000564cff994b64 in main (argc=<optimized out>, argv=0x7ffd03550668) at mesh/main.c:268
This allows specifying io type and options when invoking the daemon.
When no "-i" is passed, meshd still runs with MESH_IO_TYPE_GENERIC and
tries to attach to the first available HCI interface.
Options "-i <n>" and "-i hci<n>" are just shortcuts for
"--io=generic:<n>" and "--io=generic:hci<n>", respectively.
When responding with NetKey List Status, packed NetKey indices into
3 octets per pair. If number of NetKeys is odd, append the last key
index as a 2-octet value.
First valid SNB received from the network should cause the node to
switch into IV_UPD_NORMAL state.
Otherwise, it will never try to enter IV Update procedure when sequence
number approaches the IV_UPDATE_SEQ_TRIGGER, because that's only allowed
in IV_UPD_NORMAL.
After introducing "remote" flag for DevKeyMessageReceived in
c8cd5b04cc, we can now allow applications
to received DevKey messages from external addresses as well as from
local ones.
This enables applications to properly implement models using DevKey
security, by accepting only requests with "remote" flag set to false.
When a netkey is deleted all the appkeys bound to this key has
to be deleted as well. This fixes app_key queue manipulation to
avoid issues caused by modifying the queue while iterating over it:
instead of iteration over all the entries, find a first bound key,
delete it, find next... and so on, until there are no bound keys
left in the app_keys queue.
When deleting an AppKey from a node, call mesh_config_app_key_del()
only from appkey level (i.e., keep it contained in appkey.c and
remove the duplicate call in node.c)
Also, simplify the node_app_key_delete() argument list.
This patch fixes saving IV received in SNB to storage.
Previously after creating new node with IV 0 (or loading node with
IV > 0 but after long inactivity) first received SNB should update IV
(and reset sequence number to 0 if necessary).
The bug would prevent new IV being saved in storage which resulted in
sequence number being set to 0 on first SNB received after every daemon
reset but IV never being updated.
5.3.2 of Mesh Profile Bluetooth specification:
To open a link, the provisioner shall start the link establishment
timer, set to 60 seconds, and then shall start sending Link Open
messages.
On timeout, close indication will be sent. Provisioner cancels the
Link Establishment timer, when the link is open i.e. in pb_adv_tx().
This removes a roundabout logic that was required to delete
a json entry from a json array using libjsonc utilities.
A new API function, json_object_array_del_idx(), implemented in
json-c version 0.13 simplifies array entry removal to one call.
Also, add requirement to configure.ac for json-c version >= 0.13
D-Bus spec mandates that GetManagedObjects method of
org.freedesktop.DBus.ObjectManager interface returns *children* only:
https://dbus.freedesktop.org/doc/dbus-specification.html
> All returned object paths are children of the object path implementing
> this interface, i.e. their object paths start with the ObjectManager's
> object path plus '/'
Both test scripts and ELL abuse this by returning application interfaces
via ObjectManager attached to the same path, but other D-Bus
implementations do not, making Attach() fail because mandatory
interfaces cannot be found.
This patch fixes the issue by scanning hierarchy returned by
GetManagedObjects for object implementing org.bluez.mesh.Application1
interface and keeping that as node's app_path.
This adds key file with default settings for the mesh daemon.
The following settings are included:
Beacon: Default setting for to indicate whether
secure network beaconing is enabled for a
node whose Beacon state hasn't been configured
by a configuration client, i.e., this setting
apllies to a newly provisioned, created or
imported node.
Relay: Default setting for supporting relay
Friendship: Default setting for supporting Friendship
CRPL: Default depth of replay protection list.
FriendQueueSize: Default size of friend queue: the number
of messages that each Friend node can store
for the Low Power node.
ProvTimeout: Provisioning timeout in seconds.
The daemon handles multiple nodes, that may or may not be on the same
mesh network. While each node my be seperately configured to beacon or
not beacon, there is nothing gained (except redundent traffic) for each
node to beacon seperately. Beaconing is therefore centralized with the
Network Key the SNB represents, with each *received* beacon delivered
to each node. But for SNBs generated, we keep a count of how many nodes
want beacons sent for a specific key. If 1 or more, we beacon, if 0
nodes want the beacon sent, then we do not beacon.
This adds consistency checks for mandatory properties on
org.bluez.mesh.Element1 interface:
- disallow duplicate models on the same element
- disallow elements with duplicate indices
- disallow configuration server model on any element but primary
This correctly initializes net settings related to node features
based on node configuration: either defaults in the case of
a newly node created/provisioned/imported node or the configured
values read from stored existing node.
This change makes the node initialization a bit easier to follow.
Replace if-else with switch when processing request type, descriptive
function names, more predictable code flow.
In certain circumstances, reception of PB-ADV messages may trigger
session close. This rearrange ACKs new verified messages before
performing call-back to avoid situations where the session no longer
exists after the message has been handled.
This caused static analysis errors during provisioning, which are now
addressed.
If pb_session is freed in timeout, close indication will not be sent.
pb_session is freed in pb_adv_unreg() and hence removed from tx_timeout.
Added acceptor_free() in acp_prov_close() to ensure pb_session is freed.
