espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-07-31 19:24:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

Component/bt: add ble disconnect when ACCEPT_SPECIFIED_SEC_AUTH failed

Browse Source
This commit is contained in:
zhiweijian
2018-10-11 11:25:45 +08:00
parent e5f2f1ba78
commit 143c0bdaf9
11 changed files with 81 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
components/bt/bluedroid/api/include/api/esp_gap_ble_api.h
View File

@@ -54,6 +54,7 @@ typedef uint8_t esp_ble_key_type_t;
#define ESP_LE_AUTH_NO_BOND 0x00 /*!< 0*/ /* relate to BTM_LE_AUTH_NO_BOND in stack/btm_api.h */ #define ESP_LE_AUTH_NO_BOND 0x00 /*!< 0*/ /* relate to BTM_LE_AUTH_NO_BOND in stack/btm_api.h */
#define ESP_LE_AUTH_BOND 0x01 /*!< 1 << 0 */ /* relate to BTM_LE_AUTH_BOND in stack/btm_api.h */ #define ESP_LE_AUTH_BOND 0x01 /*!< 1 << 0 */ /* relate to BTM_LE_AUTH_BOND in stack/btm_api.h */
#define ESP_LE_AUTH_REQ_MITM (1 << 2) /*!< 1 << 2 */ /* relate to BTM_LE_AUTH_REQ_MITM in stack/btm_api.h */ #define ESP_LE_AUTH_REQ_MITM (1 << 2) /*!< 1 << 2 */ /* relate to BTM_LE_AUTH_REQ_MITM in stack/btm_api.h */
#define ESP_LE_AUTH_REQ_BOND_MITM (ESP_LE_AUTH_BOND | ESP_LE_AUTH_REQ_MITM)/*!< 0101*/
#define ESP_LE_AUTH_REQ_SC_ONLY (1 << 3) /*!< 1 << 3 */ /* relate to BTM_LE_AUTH_REQ_SC_ONLY in stack/btm_api.h */ #define ESP_LE_AUTH_REQ_SC_ONLY (1 << 3) /*!< 1 << 3 */ /* relate to BTM_LE_AUTH_REQ_SC_ONLY in stack/btm_api.h */
#define ESP_LE_AUTH_REQ_SC_BOND (ESP_LE_AUTH_BOND | ESP_LE_AUTH_REQ_SC_ONLY) /*!< 1001 */ /* relate to BTM_LE_AUTH_REQ_SC_BOND in stack/btm_api.h */ #define ESP_LE_AUTH_REQ_SC_BOND (ESP_LE_AUTH_BOND | ESP_LE_AUTH_REQ_SC_ONLY) /*!< 1001 */ /* relate to BTM_LE_AUTH_REQ_SC_BOND in stack/btm_api.h */
#define ESP_LE_AUTH_REQ_SC_MITM (ESP_LE_AUTH_REQ_MITM | ESP_LE_AUTH_REQ_SC_ONLY) /*!< 1100 */ /* relate to BTM_LE_AUTH_REQ_SC_MITM in stack/btm_api.h */ #define ESP_LE_AUTH_REQ_SC_MITM (ESP_LE_AUTH_REQ_MITM | ESP_LE_AUTH_REQ_SC_ONLY) /*!< 1100 */ /* relate to BTM_LE_AUTH_REQ_SC_MITM in stack/btm_api.h */

3
components/bt/bluedroid/bta/dm/bta_dm_act.c
View File

@@ -4251,9 +4251,6 @@ static UINT8 bta_dm_ble_smp_cback (tBTM_LE_EVT event, BD_ADDR bda, tBTM_LE_EVT_D
switch (event) { switch (event) {
case BTM_LE_IO_REQ_EVT: { case BTM_LE_IO_REQ_EVT: {
// #if (BT_SSP_INCLUDED == TRUE) // #if (BT_SSP_INCLUDED == TRUE)
UINT8 enable = bta_dm_co_ble_get_accept_auth_enable();
UINT8 origin_auth = bta_dm_co_ble_get_auth_req();
BTM_BleSetAcceptAuthMode(enable, origin_auth);
bta_dm_co_ble_io_req(bda, bta_dm_co_ble_io_req(bda,
&p_data->io_req.io_cap, &p_data->io_req.io_cap,
&p_data->io_req.oob_data, &p_data->io_req.oob_data,

19
components/bt/bluedroid/stack/btm/btm_ble.c
View File

@@ -443,25 +443,6 @@ void BTM_BleSetStaticPasskey(BOOLEAN add, UINT32 passkey)
#endif #endif
} }
/*******************************************************************************
**
** Function BTM_BleSetAcceptAuthMode
**
** Description This function is called to set only accept specified Authentication
**
**
** Parameters: enable - Whether to enable this function
**
** auth_mode - Authentication mode
**
**
*******************************************************************************/
void BTM_BleSetAcceptAuthMode(UINT8 enable, UINT8 auth_mode)
{
#if SMP_INCLUDED == TRUE
SMP_SetAcceptAuthMode(enable, auth_mode);
#endif
}
/******************************************************************************* /*******************************************************************************
** **
** Function BTM_BleConfirmReply ** Function BTM_BleConfirmReply

15
components/bt/bluedroid/stack/include/stack/btm_ble_api.h
View File

@@ -1330,21 +1330,6 @@ void BTM_BlePasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey);
*******************************************************************************/ *******************************************************************************/
void BTM_BleSetStaticPasskey(BOOLEAN add, UINT32 passkey); void BTM_BleSetStaticPasskey(BOOLEAN add, UINT32 passkey);
/*******************************************************************************
**
** Function BTM_BleSetAcceptAuthMode
**
** Description This function is called to set only accept specified Authentication
**
**
** Parameters: enable - Whether to enable this function
**
** auth_mode - Authentication mode
**
**
*******************************************************************************/
void BTM_BleSetAcceptAuthMode(UINT8 enable, UINT8 auth_mode);
/******************************************************************************* /*******************************************************************************
** **
** Function BTM_BleConfirmReply ** Function BTM_BleConfirmReply

2
components/bt/bluedroid/stack/include/stack/smp_api.h
View File

@@ -417,8 +417,6 @@ extern void SMP_PasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey);
*******************************************************************************/ *******************************************************************************/
extern void SMP_SetStaticPasskey (BOOLEAN add, UINT32 passkey); extern void SMP_SetStaticPasskey (BOOLEAN add, UINT32 passkey);
extern void SMP_SetAcceptAuthMode (UINT8 enable, UINT8 auth_mode);
/******************************************************************************* /*******************************************************************************
** **
** Function SMP_ConfirmReply ** Function SMP_ConfirmReply

1
components/bt/bluedroid/stack/smp/include/smp_int.h
View File

@@ -301,6 +301,7 @@ typedef struct {
tSMP_OOB_FLAG loc_oob_flag; tSMP_OOB_FLAG loc_oob_flag;
tSMP_AUTH_REQ peer_auth_req; tSMP_AUTH_REQ peer_auth_req;
tSMP_AUTH_REQ loc_auth_req; tSMP_AUTH_REQ loc_auth_req;
tSMP_AUTH_REQ auth_mode;
BOOLEAN secure_connections_only_mode_required;/* TRUE if locally SM is required to operate */ BOOLEAN secure_connections_only_mode_required;/* TRUE if locally SM is required to operate */
/* either in Secure Connections mode or not at all */ /* either in Secure Connections mode or not at all */
tSMP_ASSO_MODEL selected_association_model; tSMP_ASSO_MODEL selected_association_model;

73
components/bt/bluedroid/stack/smp/smp_act.c
View File

@@ -52,6 +52,9 @@ const tSMP_ACT smp_distribute_act [] = {
smp_set_derive_link_key smp_set_derive_link_key
}; };
extern UINT8 bta_dm_co_ble_get_accept_auth_enable(void);
extern UINT8 bta_dm_co_ble_get_auth_req(void);
static bool lmp_version_below(BD_ADDR bda, uint8_t version) static bool lmp_version_below(BD_ADDR bda, uint8_t version)
{ {
tACL_CONN *acl = btm_bda_to_acl(bda, BT_TRANSPORT_LE); tACL_CONN *acl = btm_bda_to_acl(bda, BT_TRANSPORT_LE);
@@ -498,6 +501,33 @@ void smp_proc_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
p_cb->status = *(UINT8 *)p_data; p_cb->status = *(UINT8 *)p_data;
} }
/*******************************************************************************
** Function smp_get_auth_mode
** Description Get the SMP pairing auth mode
*******************************************************************************/
uint16_t smp_get_auth_mode (tSMP_ASSO_MODEL model)
{
SMP_TRACE_DEBUG("%s model %d", __func__, model);
uint16_t auth = 0;
if (model == SMP_MODEL_ENCRYPTION_ONLY || model == SMP_MODEL_SEC_CONN_JUSTWORKS) {
//No MITM
if(model == SMP_MODEL_SEC_CONN_JUSTWORKS) {
//SC SMP_SC_SUPPORT_BIT
auth |= SMP_SC_SUPPORT_BIT;
}
} else if (model <= SMP_MODEL_KEY_NOTIF) {
//NO SC, MITM
auth |= SMP_AUTH_YN_BIT;
} else if (model <= SMP_MODEL_SEC_CONN_OOB) {
//SC, MITM
auth |= SMP_SC_SUPPORT_BIT;
auth |= SMP_AUTH_YN_BIT;
} else {
auth = 0;
}
return auth;
}
/******************************************************************************* /*******************************************************************************
** Function smp_proc_pair_cmd ** Function smp_proc_pair_cmd
** Description Process the SMP pairing request/response from peer device ** Description Process the SMP pairing request/response from peer device
@@ -528,7 +558,8 @@ void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
return; return;
} }
p_cb->accept_specified_sec_auth = bta_dm_co_ble_get_accept_auth_enable();
p_cb->origin_loc_auth_req = bta_dm_co_ble_get_auth_req();
if (p_cb->role == HCI_ROLE_SLAVE) { if (p_cb->role == HCI_ROLE_SLAVE) {
if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)) { if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)) {
/* peer (master) started pairing sending Pairing Request */ /* peer (master) started pairing sending Pairing Request */
@@ -551,10 +582,18 @@ void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
return; return;
} }
uint16_t auth = smp_get_auth_mode(p_cb->selected_association_model);
if(p_cb->peer_auth_req & p_cb->loc_auth_req & SMP_AUTH_GEN_BOND) {
auth |= SMP_AUTH_GEN_BOND;
}
p_cb->auth_mode = auth;
if (p_cb->accept_specified_sec_auth) { if (p_cb->accept_specified_sec_auth) {
if((p_cb->origin_loc_auth_req & p_cb->peer_auth_req & p_cb->loc_auth_req) != p_cb->origin_loc_auth_req ) { if ((auth & p_cb->origin_loc_auth_req) != p_cb->origin_loc_auth_req ) {
SMP_TRACE_ERROR("%s pairing failed - slave requires 0x%x auth but peer auth req 0x%x local auth req 0x%x", SMP_TRACE_ERROR("%s pairing failed - slave requires auth is 0x%x but peer auth is 0x%x local auth is 0x%x",
__func__, p_cb->origin_loc_auth_req, p_cb->peer_auth_req, p_cb->loc_auth_req); __func__, p_cb->origin_loc_auth_req, p_cb->peer_auth_req, p_cb->loc_auth_req);
if (BTM_IsAclConnectionUp(p_cb->pairing_bda, BT_TRANSPORT_LE)) {
btm_remove_acl (p_cb->pairing_bda, BT_TRANSPORT_LE);
}
reason = SMP_PAIR_AUTH_FAIL; reason = SMP_PAIR_AUTH_FAIL;
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
} }
@@ -581,10 +620,18 @@ void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
return; return;
} }
uint16_t auth = smp_get_auth_mode(p_cb->selected_association_model);
if(p_cb->peer_auth_req & p_cb->loc_auth_req & SMP_AUTH_GEN_BOND) {
auth |= SMP_AUTH_GEN_BOND;
}
p_cb->auth_mode = auth;
if (p_cb->accept_specified_sec_auth) { if (p_cb->accept_specified_sec_auth) {
if ((p_cb->origin_loc_auth_req & p_cb->peer_auth_req & p_cb->loc_auth_req) != p_cb->origin_loc_auth_req ) { if ((auth & p_cb->origin_loc_auth_req) != p_cb->origin_loc_auth_req ) {
SMP_TRACE_ERROR("%s pairing failed - master requires 0x%x auth but peer auth req 0x%x local auth req 0x%x", SMP_TRACE_ERROR("%s pairing failed - master requires auth is 0x%x but peer auth is 0x%x local auth is 0x%x",
__func__, p_cb->origin_loc_auth_req, p_cb->peer_auth_req, p_cb->loc_auth_req); __func__, p_cb->origin_loc_auth_req, p_cb->peer_auth_req, p_cb->loc_auth_req);
if (BTM_IsAclConnectionUp(p_cb->pairing_bda, BT_TRANSPORT_LE)) {
btm_remove_acl (p_cb->pairing_bda, BT_TRANSPORT_LE);
}
reason = SMP_PAIR_AUTH_FAIL; reason = SMP_PAIR_AUTH_FAIL;
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
} }
@@ -1334,6 +1381,22 @@ void smp_process_io_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
return; return;
} }
uint16_t auth = smp_get_auth_mode(p_cb->selected_association_model);
if(p_cb->peer_auth_req & p_cb->loc_auth_req & SMP_AUTH_GEN_BOND) {
auth |= SMP_AUTH_GEN_BOND;
}
p_cb->auth_mode = auth;
if (p_cb->accept_specified_sec_auth) {
if ((auth & p_cb->origin_loc_auth_req) != p_cb->origin_loc_auth_req ) {
SMP_TRACE_ERROR("pairing failed - slave requires auth is 0x%x but peer auth is 0x%x local auth is 0x%x",
p_cb->origin_loc_auth_req, p_cb->peer_auth_req, p_cb->loc_auth_req);
if (BTM_IsAclConnectionUp(p_cb->pairing_bda, BT_TRANSPORT_LE)) {
btm_remove_acl (p_cb->pairing_bda, BT_TRANSPORT_LE);
}
reason = SMP_PAIR_AUTH_FAIL;
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
}
}
if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) { if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) {
if (smp_request_oob_data(p_cb)) { if (smp_request_oob_data(p_cb)) {

21
components/bt/bluedroid/stack/smp/smp_api.c
View File

@@ -354,27 +354,6 @@ void SMP_SetStaticPasskey (BOOLEAN add, UINT32 passkey)
} }
} }
/*******************************************************************************
**
** Function SMP_SetAcceptAuthMode
**
** Description This function is called to set only accept specified Authentication
**
**
** Parameters: enable - Whether to enable this function
**
** auth_mode - Authentication mode
**
**
*******************************************************************************/
void SMP_SetAcceptAuthMode (UINT8 enable, UINT8 auth_mode)
{
tSMP_CB *p_cb = & smp_cb;
p_cb->accept_specified_sec_auth = enable;
p_cb->origin_loc_auth_req = auth_mode;
}
/******************************************************************************* /*******************************************************************************
** **
** Function SMP_ConfirmReply ** Function SMP_ConfirmReply

2
components/bt/bluedroid/stack/smp/smp_utils.c
View File

@@ -965,7 +965,7 @@ void smp_proc_pairing_cmpl(tSMP_CB *p_cb)
evt_data.cmplt.auth_mode = 0; evt_data.cmplt.auth_mode = 0;
if (p_cb->status == SMP_SUCCESS) { if (p_cb->status == SMP_SUCCESS) {
evt_data.cmplt.sec_level = p_cb->sec_level; evt_data.cmplt.sec_level = p_cb->sec_level;
evt_data.cmplt.auth_mode = (p_cb->peer_auth_req & p_cb->loc_auth_req); evt_data.cmplt.auth_mode = p_cb->auth_mode;
} }
evt_data.cmplt.is_pair_cancel = FALSE; evt_data.cmplt.is_pair_cancel = FALSE;

3
examples/bluetooth/gatt_security_client/main/example_ble_sec_gattc_demo.c
View File

@@ -139,6 +139,9 @@ static char *esp_auth_req_to_str(esp_ble_auth_req_t auth_req)
case ESP_LE_AUTH_REQ_MITM: case ESP_LE_AUTH_REQ_MITM:
auth_str = "ESP_LE_AUTH_REQ_MITM"; auth_str = "ESP_LE_AUTH_REQ_MITM";
break; break;
case ESP_LE_AUTH_REQ_BOND_MITM:
auth_str = "ESP_LE_AUTH_REQ_BOND_MITM";
break;
case ESP_LE_AUTH_REQ_SC_ONLY: case ESP_LE_AUTH_REQ_SC_ONLY:
auth_str = "ESP_LE_AUTH_REQ_SC_ONLY"; auth_str = "ESP_LE_AUTH_REQ_SC_ONLY";
break; break;

9
examples/bluetooth/gatt_security_server/main/example_ble_sec_gatts_demo.c
View File

@@ -240,6 +240,9 @@ static char *esp_auth_req_to_str(esp_ble_auth_req_t auth_req)
case ESP_LE_AUTH_REQ_MITM: case ESP_LE_AUTH_REQ_MITM:
auth_str = "ESP_LE_AUTH_REQ_MITM"; auth_str = "ESP_LE_AUTH_REQ_MITM";
break; break;
case ESP_LE_AUTH_REQ_BOND_MITM:
auth_str = "ESP_LE_AUTH_REQ_BOND_MITM";
break;
case ESP_LE_AUTH_REQ_SC_ONLY: case ESP_LE_AUTH_REQ_SC_ONLY:
auth_str = "ESP_LE_AUTH_REQ_SC_ONLY"; auth_str = "ESP_LE_AUTH_REQ_SC_ONLY";
break; break;
@@ -553,14 +556,14 @@ void app_main()
} }
/* set the security iocap & auth_req & key size & init key response key parameters to the stack*/ /* set the security iocap & auth_req & key size & init key response key parameters to the stack*/
esp_ble_auth_req_t auth_req = ESP_LE_AUTH_BOND; //bonding with peer device after authentication esp_ble_auth_req_t auth_req = ESP_LE_AUTH_REQ_SC_MITM_BOND; //bonding with peer device after authentication
esp_ble_io_cap_t iocap = ESP_IO_CAP_NONE; //set the IO capability to No output No input esp_ble_io_cap_t iocap = ESP_IO_CAP_OUT; //set the IO capability to No output No input
uint8_t key_size = 16; //the key size should be 7~16 bytes uint8_t key_size = 16; //the key size should be 7~16 bytes
uint8_t init_key = ESP_BLE_ENC_KEY_MASK | ESP_BLE_ID_KEY_MASK; uint8_t init_key = ESP_BLE_ENC_KEY_MASK | ESP_BLE_ID_KEY_MASK;
uint8_t rsp_key = ESP_BLE_ENC_KEY_MASK | ESP_BLE_ID_KEY_MASK; uint8_t rsp_key = ESP_BLE_ENC_KEY_MASK | ESP_BLE_ID_KEY_MASK;
//set static passkey //set static passkey
uint32_t passkey = 123456; uint32_t passkey = 123456;
uint8_t auth_option = ESP_BLE_ONLY_ACCEPT_SPECIFIED_AUTH_DISABLE; uint8_t auth_option = ESP_BLE_ONLY_ACCEPT_SPECIFIED_AUTH_ENABLE;
esp_ble_gap_set_security_param(ESP_BLE_SM_SET_STATIC_PASSKEY, &passkey, sizeof(uint32_t)); esp_ble_gap_set_security_param(ESP_BLE_SM_SET_STATIC_PASSKEY, &passkey, sizeof(uint32_t));
esp_ble_gap_set_security_param(ESP_BLE_SM_AUTHEN_REQ_MODE, &auth_req, sizeof(uint8_t)); esp_ble_gap_set_security_param(ESP_BLE_SM_AUTHEN_REQ_MODE, &auth_req, sizeof(uint8_t));
esp_ble_gap_set_security_param(ESP_BLE_SM_IOCAP_MODE, &iocap, sizeof(uint8_t)); esp_ble_gap_set_security_param(ESP_BLE_SM_IOCAP_MODE, &iocap, sizeof(uint8_t));