1 /*
2 * Copyright (c) 2017 Intel Corporation
3 * Copyright (c) 2020 Nordic Semiconductor ASA
4 *
5 * SPDX-License-Identifier: Apache-2.0
6 */
7 #include <stdint.h>
8 #include <string.h>
9 #include <zephyr/bluetooth/conn.h>
10 #include <zephyr/bluetooth/mesh.h>
11 #include <zephyr/net_buf.h>
12 #include "testing.h"
13 #include "net.h"
14 #include "crypto.h"
15 #include "beacon.h"
16 #include "prov.h"
17
18 #include "common/bt_str.h"
19
20 #define LOG_LEVEL CONFIG_BT_MESH_PROV_LOG_LEVEL
21 #include <zephyr/logging/log.h>
22 LOG_MODULE_REGISTER(bt_mesh_pb_adv);
23
24 #define GPCF(gpc) (gpc & 0x03)
25 #define GPC_START(last_seg) (((last_seg) << 2) | 0x00)
26 #define GPC_ACK 0x01
27 #define GPC_CONT(seg_id) (((seg_id) << 2) | 0x02)
28 #define GPC_CTL(op) (((op) << 2) | 0x03)
29
30 #define START_PAYLOAD_MAX 20
31 #define CONT_PAYLOAD_MAX 23
32 #define RX_BUFFER_MAX 65
33
34 #define START_LAST_SEG(gpc) (gpc >> 2)
35 #define CONT_SEG_INDEX(gpc) (gpc >> 2)
36
37 #define BEARER_CTL(gpc) (gpc >> 2)
38 #define LINK_OPEN 0x00
39 #define LINK_ACK 0x01
40 #define LINK_CLOSE 0x02
41
42 #define XACT_SEG_OFFSET(_seg) (20 + ((_seg - 1) * 23))
43 #define XACT_SEG_DATA(_seg) (&link.rx.buf->data[XACT_SEG_OFFSET(_seg)])
44 #define XACT_SEG_RECV(_seg) (link.rx.seg &= ~(1 << (_seg)))
45
46 #define XACT_ID_MAX 0x7f
47 #define XACT_ID_NVAL 0xff
48 #define SEG_NVAL 0xff
49
50 #define RETRANSMIT_TIMEOUT K_MSEC(CONFIG_BT_MESH_PB_ADV_RETRANS_TIMEOUT)
51 #define BUF_TIMEOUT K_MSEC(400)
52 #define CLOSING_TIMEOUT 3
53 #define TRANSACTION_TIMEOUT 30
54
55 /* Acked messages, will do retransmissions manually, taking acks into account:
56 */
57 #define RETRANSMITS_RELIABLE CONFIG_BT_MESH_PB_ADV_TRANS_PDU_RETRANSMIT_COUNT
58 /* PDU acks: */
59 #define RETRANSMITS_ACK CONFIG_BT_MESH_PB_ADV_TRANS_ACK_RETRANSMIT_COUNT
60 /* Link close retransmits: */
61 #define RETRANSMITS_LINK_CLOSE CONFIG_BT_MESH_PB_ADV_LINK_CLOSE_RETRANSMIT_COUNT
62
63 enum {
64 ADV_LINK_ACTIVE, /* Link has been opened */
65 ADV_LINK_ACK_RECVD, /* Ack for link has been received */
66 ADV_LINK_CLOSING, /* Link is closing down */
67 ADV_LINK_INVALID, /* Error occurred during provisioning */
68 ADV_ACK_PENDING, /* An acknowledgment is being sent */
69 ADV_PROVISIONER, /* The link was opened as provisioner */
70 ADV_LINK_ACK_SENDING, /* Link Ack tx was scheduled but not finished. */
71 ADV_SENDING, /* Sending any PDU */
72
73 ADV_NUM_FLAGS,
74 };
75
76 struct pb_adv {
77 uint32_t id; /* Link ID */
78
79 ATOMIC_DEFINE(flags, ADV_NUM_FLAGS);
80
81 const struct prov_bearer_cb *cb;
82 void *cb_data;
83
84 struct {
85 uint8_t id; /* Most recent transaction ID */
86 uint8_t seg; /* Bit-field of unreceived segments */
87 uint8_t last_seg; /* Last segment (to check length) */
88 uint8_t fcs; /* Expected FCS value */
89 struct net_buf_simple *buf;
90 } rx;
91
92 struct {
93 /* Start timestamp of the transaction */
94 int64_t start;
95
96 /* Transaction id */
97 uint8_t id;
98
99 /* Current ack id */
100 uint8_t pending_ack;
101
102 /* Transaction timeout in seconds */
103 uint8_t timeout;
104
105 /* Pending outgoing adv(s) (Link Open, Gen Trans Start and Gen Trans Cont) */
106 struct bt_mesh_adv *adv[3];
107
108 /* Index of the next adv to be sent */
109 int next;
110
111 prov_bearer_send_complete_t cb;
112
113 void *cb_data;
114
115 /* Retransmit timer */
116 struct k_work_delayable retransmit;
117
118 /* Unacked adv buffers (Link Ack, Link Close and Gen Trans Ack). Array size is
119 * hardcoded to 2 allowing to send Gen Trans Ack and Link Close at the same time.
120 */
121 struct unacked_adv_ctx {
122 struct bt_mesh_adv *adv;
123 prov_bearer_send_complete_t cb;
124 void *cb_data;
125 } unacked[2];
126
127 /* Last sent unacked[] buffer */
128 int last_unacked;
129 } tx;
130
131 /* Protocol timeout */
132 struct k_work_delayable prot_timer;
133 };
134
135 struct prov_rx {
136 uint32_t link_id;
137 uint8_t xact_id;
138 uint8_t gpc;
139 };
140
141 NET_BUF_SIMPLE_DEFINE_STATIC(rx_buf, RX_BUFFER_MAX);
142
143 static struct pb_adv link = { .rx = { .buf = &rx_buf } };
144
145 static void gen_prov_ack_send(uint8_t xact_id);
146 static void link_open(struct prov_rx *rx, struct net_buf_simple *buf);
147 static void link_ack(struct prov_rx *rx, struct net_buf_simple *buf);
148 static void link_close(struct prov_rx *rx, struct net_buf_simple *buf);
149 static void prov_link_close(enum prov_bearer_link_status status);
150 static void close_link(enum prov_bearer_link_status status);
151
152 static void tx_work_handler(struct k_work *work);
153 static K_WORK_DELAYABLE_DEFINE(tx_work, tx_work_handler);
154
tx_schedule(void)155 static void tx_schedule(void)
156 {
157 uint16_t random_delay;
158
159 if (atomic_test_bit(link.flags, ADV_SENDING)) {
160 LOG_DBG("Another tx is in progress");
161 return;
162 }
163
164 (void)bt_rand(&random_delay, sizeof(random_delay));
165 random_delay = 20 + (random_delay % 30);
166
167 LOG_DBG("Next PDU delayed by %ums", random_delay);
168
169 (void)k_work_schedule(&tx_work, K_MSEC(random_delay));
170 }
171
send_unacked(struct bt_mesh_adv * adv,prov_bearer_send_complete_t cb,void * cb_data)172 static int send_unacked(struct bt_mesh_adv *adv, prov_bearer_send_complete_t cb,
173 void *cb_data)
174 {
175 for (int i = 0; i < ARRAY_SIZE(link.tx.unacked); i++) {
176 if (link.tx.unacked[i].adv != NULL) {
177 continue;
178 }
179
180 link.tx.unacked[i].adv = adv;
181 link.tx.unacked[i].cb = cb;
182 link.tx.unacked[i].cb_data = cb_data;
183
184 tx_schedule();
185
186 return 0;
187 }
188
189 LOG_WRN("No memory to send unacked PDU: %s", bt_hex(adv->b.data, adv->b.len));
190 return -ENOMEM;
191 }
192
send_reliable(void)193 static void send_reliable(void)
194 {
195 /* Dropping next tx adv index to start transmission from the first adv buffer. */
196 link.tx.next = 0;
197
198 tx_schedule();
199 }
200
delayed_adv_send_end(int err,void * user_data)201 static void delayed_adv_send_end(int err, void *user_data)
202 {
203 bool unacked = (bool)user_data;
204 struct unacked_adv_ctx *unacked_adv = &link.tx.unacked[link.tx.last_unacked];
205
206 if (unacked && unacked_adv->adv != NULL) {
207 if (unacked_adv->cb) {
208 unacked_adv->cb(err, unacked_adv->cb_data);
209 }
210
211 bt_mesh_adv_unref(unacked_adv->adv);
212 unacked_adv->adv = NULL;
213 }
214
215 atomic_clear_bit(link.flags, ADV_SENDING);
216 tx_schedule();
217 }
218
delayed_adv_send_start(uint16_t duration,int err,void * user_data)219 static void delayed_adv_send_start(uint16_t duration, int err, void *user_data)
220 {
221 if (err) {
222 delayed_adv_send_end(err, user_data);
223 }
224 }
225
226 static const struct bt_mesh_send_cb delayed_adv_send_cb = {
227 .start = delayed_adv_send_start,
228 .end = delayed_adv_send_end,
229 };
230
tx_work_handler(struct k_work * work)231 static void tx_work_handler(struct k_work *work)
232 {
233 int i;
234
235 /* Send Link Ack, Link Close and Gen Trans Ack first. */
236 for (i = 0; i < ARRAY_SIZE(link.tx.unacked); i++) {
237 int idx = (i + link.tx.last_unacked) % ARRAY_SIZE(link.tx.unacked);
238 struct unacked_adv_ctx *unacked = &link.tx.unacked[idx];
239
240 if (!unacked->adv) {
241 continue;
242 }
243
244 atomic_set_bit(link.flags, ADV_SENDING);
245 bt_mesh_adv_send(unacked->adv, &delayed_adv_send_cb, (void *)true);
246
247 link.tx.last_unacked = idx;
248
249 return;
250 }
251
252 /* Send Trans Start, Trans Cont and Link Open */
253 if (link.tx.next >= ARRAY_SIZE(link.tx.adv) || link.tx.adv[link.tx.next] == NULL) {
254 LOG_DBG("All PDUs were sent");
255 return;
256 }
257
258 atomic_set_bit(link.flags, ADV_SENDING);
259 bt_mesh_adv_send(link.tx.adv[link.tx.next], &delayed_adv_send_cb, (void *)false);
260
261 link.tx.next++;
262
263 if (link.tx.next == ARRAY_SIZE(link.tx.adv) || link.tx.adv[link.tx.next] == NULL) {
264 /* All ack-able PDUs are sent. Now we can run the retransmit timer. */
265 LOG_DBG("Starting retransmit timer");
266 k_work_reschedule(&link.tx.retransmit, RETRANSMIT_TIMEOUT);
267 }
268 }
269
last_seg(uint16_t len)270 static uint8_t last_seg(uint16_t len)
271 {
272 if (len <= START_PAYLOAD_MAX) {
273 return 0;
274 }
275
276 len -= START_PAYLOAD_MAX;
277
278 return 1 + (len / CONT_PAYLOAD_MAX);
279 }
280
free_segments(void)281 static void free_segments(void)
282 {
283 int i;
284 bool canceled = false;
285
286 for (i = 0; i < ARRAY_SIZE(link.tx.adv); i++) {
287 struct bt_mesh_adv *adv = link.tx.adv[i];
288 int err;
289
290 if (!adv) {
291 break;
292 }
293
294 link.tx.adv[i] = NULL;
295
296 /* Terminate active adv */
297 if (adv->ctx.busy == 0U) {
298 err = bt_mesh_adv_terminate(adv);
299 if (err == 0) {
300 canceled = true;
301 }
302 } else {
303 /* Mark as canceled */
304 adv->ctx.busy = 0U;
305 canceled = true;
306 }
307
308 bt_mesh_adv_unref(adv);
309 }
310
311 if (canceled) {
312 atomic_clear_bit(link.flags, ADV_SENDING);
313 tx_schedule();
314 }
315 }
316
next_transaction_id(uint8_t id)317 static uint8_t next_transaction_id(uint8_t id)
318 {
319 return (((id + 1) & XACT_ID_MAX) | (id & (XACT_ID_MAX+1)));
320 }
321
prov_clear_tx(void)322 static void prov_clear_tx(void)
323 {
324 LOG_DBG("");
325
326 /* If this fails, the work handler will not find any advs to send,
327 * and return without rescheduling. The work handler also checks the
328 * LINK_ACTIVE flag, so if this call is part of reset_adv_link, it'll
329 * exit early.
330 */
331 (void)k_work_cancel_delayable(&link.tx.retransmit);
332
333 free_segments();
334 }
335
reset_adv_link(void)336 static void reset_adv_link(void)
337 {
338 LOG_DBG("");
339 prov_clear_tx();
340
341 /* If this fails, the work handler will exit early on the LINK_ACTIVE
342 * check.
343 */
344 (void)k_work_cancel_delayable(&link.prot_timer);
345
346 if (atomic_test_bit(link.flags, ADV_PROVISIONER)) {
347 /* Clear everything except the retransmit and protocol timer
348 * delayed work objects.
349 */
350 (void)memset(&link, 0, offsetof(struct pb_adv, tx.retransmit));
351 link.rx.id = XACT_ID_NVAL;
352 } else {
353 /* If provisioned, reset the link callback to stop receiving provisioning advs,
354 * otherwise keep the callback to accept another provisioning attempt.
355 */
356 if (bt_mesh_is_provisioned()) {
357 link.cb = NULL;
358 }
359
360 link.id = 0;
361 atomic_clear(link.flags);
362 link.rx.id = XACT_ID_MAX;
363 link.tx.id = XACT_ID_NVAL;
364 }
365
366 link.tx.pending_ack = XACT_ID_NVAL;
367 link.rx.buf = &rx_buf;
368 net_buf_simple_reset(link.rx.buf);
369 }
370
close_link(enum prov_bearer_link_status reason)371 static void close_link(enum prov_bearer_link_status reason)
372 {
373 const struct prov_bearer_cb *cb = link.cb;
374 void *cb_data = link.cb_data;
375
376 reset_adv_link();
377 cb->link_closed(&bt_mesh_pb_adv, cb_data, reason);
378 }
379
adv_create(uint8_t retransmits)380 static struct bt_mesh_adv *adv_create(uint8_t retransmits)
381 {
382 struct bt_mesh_adv *adv;
383
384 adv = bt_mesh_adv_create(BT_MESH_ADV_PROV, BT_MESH_ADV_TAG_PROV,
385 BT_MESH_TRANSMIT(retransmits, 20),
386 BUF_TIMEOUT);
387 if (!adv) {
388 LOG_ERR("Out of provisioning advs");
389 return NULL;
390 }
391
392 return adv;
393 }
394
ack_complete(int err,void * user_data)395 static void ack_complete(int err, void *user_data)
396 {
397 LOG_DBG("xact 0x%x complete", (uint8_t)link.tx.pending_ack);
398 atomic_clear_bit(link.flags, ADV_ACK_PENDING);
399 }
400
ack_pending(void)401 static bool ack_pending(void)
402 {
403 return atomic_test_bit(link.flags, ADV_ACK_PENDING);
404 }
405
prov_failed(uint8_t err)406 static void prov_failed(uint8_t err)
407 {
408 LOG_DBG("%u", err);
409 link.cb->error(&bt_mesh_pb_adv, link.cb_data, err);
410 atomic_set_bit(link.flags, ADV_LINK_INVALID);
411 }
412
prov_msg_recv(void)413 static void prov_msg_recv(void)
414 {
415 k_work_reschedule(&link.prot_timer, bt_mesh_prov_protocol_timeout_get());
416
417 if (!bt_mesh_fcs_check(link.rx.buf, link.rx.fcs)) {
418 LOG_ERR("Incorrect FCS");
419 return;
420 }
421
422 gen_prov_ack_send(link.rx.id);
423
424 if (atomic_test_bit(link.flags, ADV_LINK_INVALID)) {
425 LOG_WRN("Unexpected msg 0x%02x on invalidated link", link.rx.buf->data[0]);
426 prov_failed(PROV_ERR_UNEXP_PDU);
427 return;
428 }
429
430 link.cb->recv(&bt_mesh_pb_adv, link.cb_data, link.rx.buf);
431 }
432
protocol_timeout(struct k_work * work)433 static void protocol_timeout(struct k_work *work)
434 {
435 if (!atomic_test_bit(link.flags, ADV_LINK_ACTIVE)) {
436 return;
437 }
438
439 LOG_DBG("");
440
441 link.rx.seg = 0U;
442 prov_link_close(PROV_BEARER_LINK_STATUS_TIMEOUT);
443 }
444 /*******************************************************************************
445 * Generic provisioning
446 ******************************************************************************/
447
gen_prov_ack_send(uint8_t xact_id)448 static void gen_prov_ack_send(uint8_t xact_id)
449 {
450 struct bt_mesh_adv *adv;
451 bool pending = atomic_test_and_set_bit(link.flags, ADV_ACK_PENDING);
452 int err;
453
454 LOG_DBG("xact_id 0x%x", xact_id);
455
456 if (pending && link.tx.pending_ack == xact_id) {
457 LOG_DBG("Not sending duplicate ack");
458 return;
459 }
460
461 adv = adv_create(RETRANSMITS_ACK);
462 if (!adv) {
463 atomic_clear_bit(link.flags, ADV_ACK_PENDING);
464 return;
465 }
466
467 if (!pending) {
468 link.tx.pending_ack = xact_id;
469 }
470
471 net_buf_simple_add_be32(&adv->b, link.id);
472 net_buf_simple_add_u8(&adv->b, xact_id);
473 net_buf_simple_add_u8(&adv->b, GPC_ACK);
474
475 err = send_unacked(adv, pending ? NULL : ack_complete, NULL);
476 if (err) {
477 atomic_clear_bit(link.flags, ADV_ACK_PENDING);
478 }
479 }
480
gen_prov_cont(struct prov_rx * rx,struct net_buf_simple * buf)481 static void gen_prov_cont(struct prov_rx *rx, struct net_buf_simple *buf)
482 {
483 uint8_t seg = CONT_SEG_INDEX(rx->gpc);
484
485 if (link.tx.adv[0]) {
486 LOG_DBG("Ongoing tx transaction has not been completed yet");
487 return;
488 }
489
490 LOG_DBG("len %u, seg_index %u", buf->len, seg);
491
492 if (!link.rx.seg && link.rx.id == rx->xact_id) {
493 if (!ack_pending()) {
494 LOG_DBG("Resending ack");
495 gen_prov_ack_send(rx->xact_id);
496 }
497
498 return;
499 }
500
501 if (!link.rx.seg &&
502 next_transaction_id(link.rx.id) == rx->xact_id) {
503 LOG_DBG("Start segment lost");
504
505 link.rx.id = rx->xact_id;
506
507 net_buf_simple_reset(link.rx.buf);
508
509 link.rx.seg = SEG_NVAL;
510 link.rx.last_seg = SEG_NVAL;
511
512 prov_clear_tx();
513 } else if (rx->xact_id != link.rx.id) {
514 LOG_WRN("Data for unknown transaction (0x%x != 0x%x)", rx->xact_id, link.rx.id);
515 return;
516 }
517
518 if (seg > link.rx.last_seg) {
519 LOG_ERR("Invalid segment index %u", seg);
520 prov_failed(PROV_ERR_NVAL_FMT);
521 return;
522 }
523
524 if (!(link.rx.seg & BIT(seg))) {
525 LOG_DBG("Ignoring already received segment");
526 return;
527 }
528
529 if (XACT_SEG_OFFSET(seg) + buf->len > RX_BUFFER_MAX) {
530 LOG_WRN("Rx buffer overflow. Malformed generic prov frame?");
531 return;
532 }
533
534 memcpy(XACT_SEG_DATA(seg), buf->data, buf->len);
535 XACT_SEG_RECV(seg);
536
537 if (seg == link.rx.last_seg && !(link.rx.seg & BIT(0))) {
538 uint8_t expect_len;
539
540 expect_len = (link.rx.buf->len - 20U -
541 ((link.rx.last_seg - 1) * 23U));
542 if (expect_len != buf->len) {
543 LOG_ERR("Incorrect last seg len: %u != %u", expect_len, buf->len);
544 prov_failed(PROV_ERR_NVAL_FMT);
545 return;
546 }
547 }
548
549 if (!link.rx.seg) {
550 prov_msg_recv();
551 }
552 }
553
gen_prov_ack(struct prov_rx * rx,struct net_buf_simple * buf)554 static void gen_prov_ack(struct prov_rx *rx, struct net_buf_simple *buf)
555 {
556 LOG_DBG("len %u", buf->len);
557
558 if (!link.tx.adv[0]) {
559 return;
560 }
561
562 if (rx->xact_id == link.tx.id) {
563 /* Don't clear resending of link_close messages */
564 if (!atomic_test_bit(link.flags, ADV_LINK_CLOSING)) {
565 prov_clear_tx();
566 }
567
568 if (link.tx.cb) {
569 link.tx.cb(0, link.tx.cb_data);
570 }
571 }
572 }
573
gen_prov_start(struct prov_rx * rx,struct net_buf_simple * buf)574 static void gen_prov_start(struct prov_rx *rx, struct net_buf_simple *buf)
575 {
576 uint8_t seg = SEG_NVAL;
577
578 if (link.tx.adv[0]) {
579 LOG_DBG("Ongoing tx transaction has not been completed yet");
580 return;
581 }
582
583 if (rx->xact_id == link.rx.id) {
584 if (!link.rx.seg) {
585 if (!ack_pending()) {
586 LOG_DBG("Resending ack");
587 gen_prov_ack_send(rx->xact_id);
588 }
589
590 return;
591 }
592
593 if (!(link.rx.seg & BIT(0))) {
594 LOG_DBG("Ignoring duplicate segment");
595 return;
596 }
597 } else if (rx->xact_id != next_transaction_id(link.rx.id)) {
598 LOG_WRN("Unexpected xact 0x%x, expected 0x%x", rx->xact_id,
599 next_transaction_id(link.rx.id));
600 return;
601 }
602
603 net_buf_simple_reset(link.rx.buf);
604 link.rx.buf->len = net_buf_simple_pull_be16(buf);
605 link.rx.id = rx->xact_id;
606 link.rx.fcs = net_buf_simple_pull_u8(buf);
607
608 LOG_DBG("len %u last_seg %u total_len %u fcs 0x%02x", buf->len, START_LAST_SEG(rx->gpc),
609 link.rx.buf->len, link.rx.fcs);
610
611 if (link.rx.buf->len < 1) {
612 LOG_ERR("Ignoring zero-length provisioning PDU");
613 prov_failed(PROV_ERR_NVAL_FMT);
614 return;
615 }
616
617 if (link.rx.buf->len > link.rx.buf->size) {
618 LOG_ERR("Too large provisioning PDU (%u bytes)", link.rx.buf->len);
619 prov_failed(PROV_ERR_NVAL_FMT);
620 return;
621 }
622
623 if (START_LAST_SEG(rx->gpc) > 0 && link.rx.buf->len <= 20U) {
624 LOG_ERR("Too small total length for multi-segment PDU");
625 prov_failed(PROV_ERR_NVAL_FMT);
626 return;
627 }
628
629 if (START_LAST_SEG(rx->gpc) != last_seg(link.rx.buf->len)) {
630 LOG_ERR("Invalid SegN (%u, calculated %u)", START_LAST_SEG(rx->gpc),
631 last_seg(link.rx.buf->len));
632 prov_failed(PROV_ERR_NVAL_FMT);
633 return;
634 }
635
636 prov_clear_tx();
637
638 link.rx.last_seg = START_LAST_SEG(rx->gpc);
639
640 if ((link.rx.seg & BIT(0)) &&
641 (find_msb_set((~link.rx.seg) & SEG_NVAL) - 1 > link.rx.last_seg)) {
642 LOG_ERR("Invalid segment index %u", seg);
643 prov_failed(PROV_ERR_NVAL_FMT);
644 return;
645 }
646
647 if (link.rx.seg) {
648 seg = link.rx.seg;
649 }
650
651 link.rx.seg = seg & ((1 << (START_LAST_SEG(rx->gpc) + 1)) - 1);
652 memcpy(link.rx.buf->data, buf->data, buf->len);
653 XACT_SEG_RECV(0);
654
655 if (!link.rx.seg) {
656 prov_msg_recv();
657 }
658 }
659
gen_prov_ctl(struct prov_rx * rx,struct net_buf_simple * buf)660 static void gen_prov_ctl(struct prov_rx *rx, struct net_buf_simple *buf)
661 {
662 LOG_DBG("op 0x%02x len %u", BEARER_CTL(rx->gpc), buf->len);
663
664 switch (BEARER_CTL(rx->gpc)) {
665 case LINK_OPEN:
666 link_open(rx, buf);
667 break;
668 case LINK_ACK:
669 if (!atomic_test_bit(link.flags, ADV_LINK_ACTIVE)) {
670 return;
671 }
672
673 link_ack(rx, buf);
674 break;
675 case LINK_CLOSE:
676 if (!atomic_test_bit(link.flags, ADV_LINK_ACTIVE)) {
677 return;
678 }
679
680 link_close(rx, buf);
681 break;
682 default:
683 LOG_ERR("Unknown bearer opcode: 0x%02x", BEARER_CTL(rx->gpc));
684
685 if (IS_ENABLED(CONFIG_BT_TESTING)) {
686 bt_mesh_test_prov_invalid_bearer(BEARER_CTL(rx->gpc));
687 }
688
689 return;
690 }
691 }
692
693 static const struct {
694 void (*func)(struct prov_rx *rx, struct net_buf_simple *buf);
695 bool require_link;
696 uint8_t min_len;
697 } gen_prov[] = {
698 { gen_prov_start, true, 3 },
699 { gen_prov_ack, true, 0 },
700 { gen_prov_cont, true, 0 },
701 { gen_prov_ctl, false, 0 },
702 };
703
gen_prov_recv(struct prov_rx * rx,struct net_buf_simple * buf)704 static void gen_prov_recv(struct prov_rx *rx, struct net_buf_simple *buf)
705 {
706 if (buf->len < gen_prov[GPCF(rx->gpc)].min_len) {
707 LOG_ERR("Too short GPC message type %u", GPCF(rx->gpc));
708 return;
709 }
710
711 if (!atomic_test_bit(link.flags, ADV_LINK_ACTIVE) &&
712 gen_prov[GPCF(rx->gpc)].require_link) {
713 LOG_DBG("Ignoring message that requires active link");
714 return;
715 }
716
717 gen_prov[GPCF(rx->gpc)].func(rx, buf);
718 }
719
720 /*******************************************************************************
721 * TX
722 ******************************************************************************/
723
prov_retransmit(struct k_work * work)724 static void prov_retransmit(struct k_work *work)
725 {
726 LOG_DBG("");
727
728 if (!atomic_test_bit(link.flags, ADV_LINK_ACTIVE)) {
729 LOG_WRN("Link not active");
730 return;
731 }
732
733 if (k_uptime_get() - link.tx.start > link.tx.timeout * MSEC_PER_SEC) {
734 LOG_WRN("Giving up transaction");
735 prov_link_close(PROV_BEARER_LINK_STATUS_TIMEOUT);
736 return;
737 }
738
739 send_reliable();
740 }
741
ctl_adv_create(uint8_t op,const void * data,uint8_t data_len,uint8_t retransmits)742 static struct bt_mesh_adv *ctl_adv_create(uint8_t op, const void *data, uint8_t data_len,
743 uint8_t retransmits)
744 {
745 struct bt_mesh_adv *adv;
746
747 LOG_DBG("op 0x%02x data_len %u", op, data_len);
748
749 adv = adv_create(retransmits);
750 if (!adv) {
751 return NULL;
752 }
753
754 net_buf_simple_add_be32(&adv->b, link.id);
755 /* Transaction ID, always 0 for Bearer messages */
756 net_buf_simple_add_u8(&adv->b, 0x00);
757 net_buf_simple_add_u8(&adv->b, GPC_CTL(op));
758 net_buf_simple_add_mem(&adv->b, data, data_len);
759
760 return adv;
761 }
762
bearer_ctl_send(struct bt_mesh_adv * adv)763 static int bearer_ctl_send(struct bt_mesh_adv *adv)
764 {
765 if (!adv) {
766 return -ENOMEM;
767 }
768
769 prov_clear_tx();
770 k_work_reschedule(&link.prot_timer, bt_mesh_prov_protocol_timeout_get());
771
772 link.tx.start = k_uptime_get();
773 link.tx.adv[0] = adv;
774 send_reliable();
775
776 return 0;
777 }
778
buf_sent(int err,void * user_data)779 static void buf_sent(int err, void *user_data)
780 {
781 enum prov_bearer_link_status reason = (enum prov_bearer_link_status)(int)user_data;
782
783 atomic_clear_bit(link.flags, ADV_LINK_ACK_SENDING);
784
785 if (atomic_test_and_clear_bit(link.flags, ADV_LINK_CLOSING)) {
786 close_link(reason);
787 return;
788 }
789 }
790
bearer_ctl_send_unacked(struct bt_mesh_adv * adv,void * user_data)791 static int bearer_ctl_send_unacked(struct bt_mesh_adv *adv, void *user_data)
792 {
793 int err;
794
795 if (!adv) {
796 return -ENOMEM;
797 }
798
799 prov_clear_tx();
800 k_work_reschedule(&link.prot_timer, bt_mesh_prov_protocol_timeout_get());
801
802 err = send_unacked(adv, &buf_sent, user_data);
803 if (err) {
804 bt_mesh_adv_unref(adv);
805 }
806
807 return err;
808 }
809
prov_send_adv(struct net_buf_simple * msg,prov_bearer_send_complete_t cb,void * cb_data)810 static int prov_send_adv(struct net_buf_simple *msg,
811 prov_bearer_send_complete_t cb, void *cb_data)
812 {
813 struct bt_mesh_adv *start, *adv;
814 uint8_t seg_len, seg_id;
815
816 prov_clear_tx();
817 k_work_reschedule(&link.prot_timer, bt_mesh_prov_protocol_timeout_get());
818
819 start = adv_create(RETRANSMITS_RELIABLE);
820 if (!start) {
821 return -ENOBUFS;
822 }
823
824 link.tx.id = next_transaction_id(link.tx.id);
825 net_buf_simple_add_be32(&start->b, link.id);
826 net_buf_simple_add_u8(&start->b, link.tx.id);
827
828 net_buf_simple_add_u8(&start->b, GPC_START(last_seg(msg->len)));
829 net_buf_simple_add_be16(&start->b, msg->len);
830 net_buf_simple_add_u8(&start->b, bt_mesh_fcs_calc(msg->data, msg->len));
831
832 link.tx.adv[0] = start;
833 link.tx.cb = cb;
834 link.tx.cb_data = cb_data;
835 link.tx.start = k_uptime_get();
836
837 LOG_DBG("xact_id: 0x%x len: %u", link.tx.id, msg->len);
838
839 seg_len = MIN(msg->len, START_PAYLOAD_MAX);
840 LOG_DBG("seg 0 len %u: %s", seg_len, bt_hex(msg->data, seg_len));
841 net_buf_simple_add_mem(&start->b, msg->data, seg_len);
842 net_buf_simple_pull(msg, seg_len);
843
844 adv = start;
845 for (seg_id = 1U; msg->len > 0; seg_id++) {
846 if (seg_id >= ARRAY_SIZE(link.tx.adv)) {
847 LOG_ERR("Too big message");
848 free_segments();
849 return -E2BIG;
850 }
851
852 adv = adv_create(RETRANSMITS_RELIABLE);
853 if (!adv) {
854 free_segments();
855 return -ENOBUFS;
856 }
857
858 link.tx.adv[seg_id] = adv;
859
860 seg_len = MIN(msg->len, CONT_PAYLOAD_MAX);
861
862 LOG_DBG("seg %u len %u: %s", seg_id, seg_len, bt_hex(msg->data, seg_len));
863
864 net_buf_simple_add_be32(&adv->b, link.id);
865 net_buf_simple_add_u8(&adv->b, link.tx.id);
866 net_buf_simple_add_u8(&adv->b, GPC_CONT(seg_id));
867 net_buf_simple_add_mem(&adv->b, msg->data, seg_len);
868 net_buf_simple_pull(msg, seg_len);
869 }
870
871 send_reliable();
872
873 return 0;
874 }
875
876 /*******************************************************************************
877 * Link management rx
878 ******************************************************************************/
879
link_open(struct prov_rx * rx,struct net_buf_simple * buf)880 static void link_open(struct prov_rx *rx, struct net_buf_simple *buf)
881 {
882 int err;
883
884 LOG_DBG("len %u", buf->len);
885
886 if (buf->len < 16) {
887 LOG_ERR("Too short bearer open message (len %u)", buf->len);
888 return;
889 }
890
891 if (atomic_test_bit(link.flags, ADV_LINK_ACTIVE)) {
892 /* Send another link ack if the provisioner missed the last */
893 if (link.id != rx->link_id) {
894 LOG_DBG("Ignoring bearer open: link already active");
895 return;
896 }
897
898 if (atomic_test_bit(link.flags, ADV_LINK_ACK_SENDING)) {
899 LOG_DBG("Still sending Link Ack");
900 return;
901 }
902
903 /* Ignore errors, message will be attempted again if we keep receiving link open: */
904 atomic_set_bit(link.flags, ADV_LINK_ACK_SENDING);
905 (void)bearer_ctl_send_unacked(
906 ctl_adv_create(LINK_ACK, NULL, 0, RETRANSMITS_ACK),
907 (void *)PROV_BEARER_LINK_STATUS_SUCCESS);
908 return;
909 }
910
911 if (memcmp(buf->data, bt_mesh_prov_get()->uuid, 16)) {
912 LOG_DBG("Bearer open message not for us");
913 return;
914 }
915
916 link.id = rx->link_id;
917 atomic_set_bit(link.flags, ADV_LINK_ACTIVE);
918 net_buf_simple_reset(link.rx.buf);
919
920 atomic_set_bit(link.flags, ADV_LINK_ACK_SENDING);
921 err = bearer_ctl_send_unacked(
922 ctl_adv_create(LINK_ACK, NULL, 0, RETRANSMITS_ACK),
923 (void *)PROV_BEARER_LINK_STATUS_SUCCESS);
924 if (err) {
925 reset_adv_link();
926 return;
927 }
928
929 link.cb->link_opened(&bt_mesh_pb_adv, link.cb_data);
930 }
931
link_ack(struct prov_rx * rx,struct net_buf_simple * buf)932 static void link_ack(struct prov_rx *rx, struct net_buf_simple *buf)
933 {
934 LOG_DBG("len %u", buf->len);
935
936 if (atomic_test_bit(link.flags, ADV_PROVISIONER)) {
937 if (atomic_test_and_set_bit(link.flags, ADV_LINK_ACK_RECVD)) {
938 return;
939 }
940
941 prov_clear_tx();
942
943 link.tx.timeout = TRANSACTION_TIMEOUT;
944
945 link.cb->link_opened(&bt_mesh_pb_adv, link.cb_data);
946 }
947 }
948
link_close(struct prov_rx * rx,struct net_buf_simple * buf)949 static void link_close(struct prov_rx *rx, struct net_buf_simple *buf)
950 {
951 LOG_DBG("len %u", buf->len);
952
953 if (buf->len != 1) {
954 return;
955 }
956
957 close_link(net_buf_simple_pull_u8(buf));
958 }
959
960 /*******************************************************************************
961 * Higher level functionality
962 ******************************************************************************/
963
bt_mesh_pb_adv_recv(struct net_buf_simple * buf)964 void bt_mesh_pb_adv_recv(struct net_buf_simple *buf)
965 {
966 struct prov_rx rx;
967
968 if (!link.cb) {
969 return;
970 }
971
972 if (buf->len < 6) {
973 LOG_WRN("Too short provisioning packet (len %u)", buf->len);
974 return;
975 }
976
977 rx.link_id = net_buf_simple_pull_be32(buf);
978 rx.xact_id = net_buf_simple_pull_u8(buf);
979 rx.gpc = net_buf_simple_pull_u8(buf);
980
981 if (atomic_test_bit(link.flags, ADV_LINK_ACTIVE) && link.id != rx.link_id) {
982 return;
983 }
984
985 LOG_DBG("link_id 0x%08x xact_id 0x%x", rx.link_id, rx.xact_id);
986
987 gen_prov_recv(&rx, buf);
988 }
989
prov_link_open(const uint8_t uuid[16],uint8_t timeout,const struct prov_bearer_cb * cb,void * cb_data)990 static int prov_link_open(const uint8_t uuid[16], uint8_t timeout,
991 const struct prov_bearer_cb *cb, void *cb_data)
992 {
993 int err;
994
995 LOG_DBG("uuid %s", bt_hex(uuid, 16));
996
997 err = bt_mesh_adv_enable();
998 if (err) {
999 LOG_ERR("Failed enabling advertiser");
1000 return err;
1001 }
1002
1003 if (atomic_test_and_set_bit(link.flags, ADV_LINK_ACTIVE)) {
1004 return -EBUSY;
1005 }
1006
1007 atomic_set_bit(link.flags, ADV_PROVISIONER);
1008
1009 bt_rand(&link.id, sizeof(link.id));
1010 link.tx.id = XACT_ID_MAX;
1011 link.rx.id = XACT_ID_NVAL;
1012 link.cb = cb;
1013 link.cb_data = cb_data;
1014
1015 /* The link open time is configurable, but this will be changed to TRANSACTION_TIMEOUT once
1016 * the link is established.
1017 */
1018 link.tx.timeout = timeout;
1019
1020 net_buf_simple_reset(link.rx.buf);
1021
1022 return bearer_ctl_send(ctl_adv_create(LINK_OPEN, uuid, 16, RETRANSMITS_RELIABLE));
1023 }
1024
prov_link_accept(const struct prov_bearer_cb * cb,void * cb_data)1025 static int prov_link_accept(const struct prov_bearer_cb *cb, void *cb_data)
1026 {
1027 int err;
1028
1029 err = bt_mesh_adv_enable();
1030 if (err) {
1031 LOG_ERR("Failed enabling advertiser");
1032 return err;
1033 }
1034
1035 if (atomic_test_bit(link.flags, ADV_LINK_ACTIVE)) {
1036 return -EBUSY;
1037 }
1038
1039 link.rx.id = XACT_ID_MAX;
1040 link.tx.id = XACT_ID_NVAL;
1041 link.cb = cb;
1042 link.cb_data = cb_data;
1043 link.tx.timeout = TRANSACTION_TIMEOUT;
1044
1045 /* Make sure we're scanning for provisioning invitations */
1046 bt_mesh_scan_enable();
1047 /* Enable unprovisioned beacon sending */
1048 bt_mesh_beacon_enable();
1049
1050 return 0;
1051 }
1052
prov_link_close(enum prov_bearer_link_status status)1053 static void prov_link_close(enum prov_bearer_link_status status)
1054 {
1055 int err;
1056
1057 if (atomic_test_and_set_bit(link.flags, ADV_LINK_CLOSING)) {
1058 return;
1059 }
1060
1061 /*
1062 * According to MshPRTv1.1: 5.3.1.4.3, the close message should
1063 * be restransmitted at least three times. Retransmit the LINK_CLOSE
1064 * message until CLOSING_TIMEOUT has elapsed.
1065 */
1066 link.tx.timeout = CLOSING_TIMEOUT;
1067 /* Ignore errors, the link will time out eventually if this doesn't get sent */
1068 err = bearer_ctl_send_unacked(
1069 ctl_adv_create(LINK_CLOSE, &status, 1, RETRANSMITS_LINK_CLOSE),
1070 (void *)status);
1071 if (err) {
1072 close_link(status);
1073 }
1074 }
1075
bt_mesh_pb_adv_init(void)1076 void bt_mesh_pb_adv_init(void)
1077 {
1078 k_work_init_delayable(&link.prot_timer, protocol_timeout);
1079 k_work_init_delayable(&link.tx.retransmit, prov_retransmit);
1080 }
1081
bt_mesh_pb_adv_reset(void)1082 void bt_mesh_pb_adv_reset(void)
1083 {
1084 reset_adv_link();
1085 }
1086
1087 const struct prov_bearer bt_mesh_pb_adv = {
1088 .type = BT_MESH_PROV_ADV,
1089 .link_open = prov_link_open,
1090 .link_accept = prov_link_accept,
1091 .link_close = prov_link_close,
1092 .send = prov_send_adv,
1093 .clear_tx = prov_clear_tx,
1094 };
1095
