diff --git a/components/bt/controller/esp32c3/Kconfig.in b/components/bt/controller/esp32c3/Kconfig.in index 0121b3404a..bbe9406105 100644 --- a/components/bt/controller/esp32c3/Kconfig.in +++ b/components/bt/controller/esp32c3/Kconfig.in @@ -548,3 +548,11 @@ config BT_CTRL_BLE_SECURITY_ENABLE depends on BT_CTRL_RUN_IN_FLASH_ONLY && BT_CONTROLLER_ONLY bool "Enable BLE security feature" default y + +config BT_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS + bool "Enable enhanced Access Address check in CONNECT_IND" + default n + help + Enabling this option will add stricter verification of the Access Address in the CONNECT_IND PDU. + This improves security by ensuring that only connection requests with valid Access Addresses are accepted. + If disabled, only basic checks are applied, improving compatibility. diff --git a/components/bt/controller/esp32c3/bt.c b/components/bt/controller/esp32c3/bt.c index c817e61938..e393b5a86c 100644 --- a/components/bt/controller/esp32c3/bt.c +++ b/components/bt/controller/esp32c3/bt.c @@ -275,6 +275,7 @@ extern void ets_backup_dma_copy(uint32_t reg, uint32_t mem_addr, uint32_t num, b #endif extern void btdm_cca_feature_enable(void); +extern void btdm_aa_check_enhance_enable(void); extern uint32_t _bt_bss_start; extern uint32_t _bt_bss_end; @@ -964,6 +965,9 @@ static void btdm_funcs_table_ready_wrapper(void) #if BT_BLE_CCA_MODE == 2 btdm_cca_feature_enable(); #endif +#if BLE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS_ENABLED + btdm_aa_check_enhance_enable(); +#endif } bool bt_async_wakeup_request(void) diff --git a/components/bt/controller/lib_esp32c3_family b/components/bt/controller/lib_esp32c3_family index d23ae97bb9..4c16da1a1a 160000 --- a/components/bt/controller/lib_esp32c3_family +++ b/components/bt/controller/lib_esp32c3_family @@ -1 +1 @@ -Subproject commit d23ae97bb91d66e08c58bfaabaeed0a5ba7b7b5d +Subproject commit 4c16da1a1a76b439e2cf981d2f915d94df364e58 diff --git a/components/bt/include/esp32c3/include/esp_bt.h b/components/bt/include/esp32c3/include/esp_bt.h index 4273c75e25..5ad327af62 100644 --- a/components/bt/include/esp32c3/include/esp_bt.h +++ b/components/bt/include/esp32c3/include/esp_bt.h @@ -291,6 +291,12 @@ typedef void (* esp_bt_hci_tl_callback_t) (void *arg, uint8_t status); #define BT_CTRL_BLE_SCAN (1) #endif // (BT_CTRL_RUN_IN_FLASH_ONLY == 1) +#ifdef CONFIG_BT_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS +#define BLE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS_ENABLED CONFIG_BT_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS +#else +#define BLE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS_ENABLED 0 +#endif + #define BT_CONTROLLER_INIT_CONFIG_DEFAULT() { \ .magic = ESP_BT_CTRL_CONFIG_MAGIC_VAL, \ .version = ESP_BT_CTRL_CONFIG_VERSION, \ @@ -336,6 +342,7 @@ typedef void (* esp_bt_hci_tl_callback_t) (void *arg, uint8_t status); .qa_test = BT_CTRL_BLE_TEST, \ .master_en = BT_CTRL_BLE_MASTER, \ .scan_en = BT_CTRL_BLE_SCAN, \ + .ble_aa_check = BLE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS_ENABLED, \ } #else @@ -417,6 +424,7 @@ typedef struct { bool qa_test; /*!< Controller QA test feature is enabled or not */ bool master_en; /*!< Controller master feature is enabled or not */ bool scan_en; /*!< Controller scan feature is enabled or not */ + bool ble_aa_check; /*!< True if adds a verification step for the Access Address within the CONNECT_IND PDU; false otherwise. Configurable in menuconfig */ } esp_bt_controller_config_t; /** diff --git a/examples/bluetooth/bluedroid/ble/gatt_client/main/gattc_demo.c b/examples/bluetooth/bluedroid/ble/gatt_client/main/gattc_demo.c index 8e2fd8ac13..d422224e44 100644 --- a/examples/bluetooth/bluedroid/ble/gatt_client/main/gattc_demo.c +++ b/examples/bluetooth/bluedroid/ble/gatt_client/main/gattc_demo.c @@ -363,6 +363,8 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par if (adv_name != NULL) { if (strlen(remote_device_name) == adv_name_len && strncmp((char *)adv_name, remote_device_name, adv_name_len) == 0) { + // Note: If there are multiple devices with the same device name, the device may connect to an unintended one. + // It is recommended to change the default device name to ensure it is unique. ESP_LOGI(GATTC_TAG, "Device found %s", remote_device_name); if (connect == false) { connect = true; diff --git a/examples/bluetooth/bluedroid/ble/gatt_client/tutorial/Gatt_Client_Example_Walkthrough.md b/examples/bluetooth/bluedroid/ble/gatt_client/tutorial/Gatt_Client_Example_Walkthrough.md index 273057a5c9..afeae3495e 100644 --- a/examples/bluetooth/bluedroid/ble/gatt_client/tutorial/Gatt_Client_Example_Walkthrough.md +++ b/examples/bluetooth/bluedroid/ble/gatt_client/tutorial/Gatt_Client_Example_Walkthrough.md @@ -365,6 +365,8 @@ We are interested in the `ESP_GAP_SEARCH_INQ_RES_EVT` event, which is called eve ESP_LOGI(GATTC_TAG, " "); if (adv_name != NULL) { if (strlen(remote_device_name) == adv_name_len && strncmp((char *)adv_name, remote_device_name, adv_name_len) == 0) { + // Note: If there are multiple devices with the same device name, the device may connect to an unintended one. + // It is recommended to change the default device name to ensure it is unique. ESP_LOGI(GATTC_TAG, "searched device %s", remote_device_name); if (connect == false) { connect = true; diff --git a/examples/bluetooth/bluedroid/ble/gatt_security_client/main/example_ble_sec_gattc_demo.c b/examples/bluetooth/bluedroid/ble/gatt_security_client/main/example_ble_sec_gattc_demo.c index fb5508285a..6ca23929a4 100644 --- a/examples/bluetooth/bluedroid/ble/gatt_security_client/main/example_ble_sec_gattc_demo.c +++ b/examples/bluetooth/bluedroid/ble/gatt_security_client/main/example_ble_sec_gattc_demo.c @@ -458,6 +458,8 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par ESP_LOG_BUFFER_CHAR(GATTC_TAG, adv_name, adv_name_len); if (adv_name != NULL) { if (strlen(remote_device_name) == adv_name_len && strncmp((char *)adv_name, remote_device_name, adv_name_len) == 0) { + // Note: If there are multiple devices with the same device name, the device may connect to an unintended one. + // It is recommended to change the default device name to ensure it is unique. ESP_LOGI(GATTC_TAG, "Device found %s", remote_device_name); if (connect == false) { connect = true; diff --git a/examples/bluetooth/bluedroid/ble_50/ble50_security_client/main/ble50_sec_gattc_demo.c b/examples/bluetooth/bluedroid/ble_50/ble50_security_client/main/ble50_sec_gattc_demo.c index 54275b3057..e253fe1703 100644 --- a/examples/bluetooth/bluedroid/ble_50/ble50_security_client/main/ble50_sec_gattc_demo.c +++ b/examples/bluetooth/bluedroid/ble_50/ble50_security_client/main/ble50_sec_gattc_demo.c @@ -492,6 +492,8 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par ESP_BLE_AD_TYPE_NAME_CMPL, &adv_name_len); if (!connect && strlen(remote_device_name) == adv_name_len && strncmp((char *)adv_name, remote_device_name, adv_name_len) == 0) { + // Note: If there are multiple devices with the same device name, the device may connect to an unintended one. + // It is recommended to change the default device name to ensure it is unique. connect = true; esp_ble_gap_stop_ext_scan(); ESP_LOGI(GATTC_TAG, "Device found "ESP_BD_ADDR_STR"", ESP_BD_ADDR_HEX(param->ext_adv_report.params.addr)); diff --git a/examples/bluetooth/bluedroid/ble_50/multi-adv/main/multi_adv_demo.c b/examples/bluetooth/bluedroid/ble_50/multi-adv/main/multi_adv_demo.c index f7785ebaa3..db750ce70b 100644 --- a/examples/bluetooth/bluedroid/ble_50/multi-adv/main/multi_adv_demo.c +++ b/examples/bluetooth/bluedroid/ble_50/multi-adv/main/multi_adv_demo.c @@ -47,11 +47,6 @@ static SemaphoreHandle_t test_sem = NULL; -uint8_t addr_1m[6] = {0xc0, 0xde, 0x52, 0x00, 0x00, 0x01}; -uint8_t addr_2m[6] = {0xc0, 0xde, 0x52, 0x00, 0x00, 0x02}; -uint8_t addr_legacy[6] = {0xc0, 0xde, 0x52, 0x00, 0x00, 0x03}; -uint8_t addr_coded[6] = {0xc0, 0xde, 0x52, 0x00, 0x00, 0x04}; - esp_ble_gap_ext_adv_params_t ext_adv_params_1M = { .type = ESP_BLE_GAP_SET_EXT_ADV_PROP_CONNECTABLE, .interval_min = 0x30, @@ -236,26 +231,39 @@ void app_main(void) return; } - vTaskDelay(200 / portTICK_PERIOD_MS); + // create static random address + esp_bd_addr_t addr_1m; + esp_bd_addr_t addr_2m; + esp_bd_addr_t addr_legacy; + esp_bd_addr_t addr_coded; + esp_ble_gap_addr_create_static(addr_1m); + esp_ble_gap_addr_create_static(addr_2m); + esp_ble_gap_addr_create_static(addr_legacy); + esp_ble_gap_addr_create_static(addr_coded); test_sem = xSemaphoreCreateBinary(); + // 1M phy extend adv, Connectable advertising + ESP_LOG_BUFFER_HEX(LOG_TAG, addr_1m, ESP_BD_ADDR_LEN); FUNC_SEND_WAIT_SEM(esp_ble_gap_ext_adv_set_params(0, &ext_adv_params_1M), test_sem); FUNC_SEND_WAIT_SEM(esp_ble_gap_ext_adv_set_rand_addr(0, addr_1m), test_sem); FUNC_SEND_WAIT_SEM(esp_ble_gap_config_ext_adv_data_raw(0, sizeof(raw_adv_data_1m), &raw_adv_data_1m[0]), test_sem); // 2M phy extend adv, Scannable advertising + ESP_LOG_BUFFER_HEX(LOG_TAG, addr_2m, ESP_BD_ADDR_LEN); FUNC_SEND_WAIT_SEM(esp_ble_gap_ext_adv_set_params(1, &ext_adv_params_2M), test_sem); FUNC_SEND_WAIT_SEM(esp_ble_gap_ext_adv_set_rand_addr(1, addr_2m), test_sem); FUNC_SEND_WAIT_SEM(esp_ble_gap_config_ext_scan_rsp_data_raw(1, sizeof(raw_scan_rsp_data_2m), raw_scan_rsp_data_2m), test_sem); // 1M phy legacy adv, ADV_IND + ESP_LOG_BUFFER_HEX(LOG_TAG, addr_legacy, ESP_BD_ADDR_LEN); FUNC_SEND_WAIT_SEM(esp_ble_gap_ext_adv_set_params(2, &legacy_adv_params), test_sem); FUNC_SEND_WAIT_SEM(esp_ble_gap_ext_adv_set_rand_addr(2, addr_legacy), test_sem); FUNC_SEND_WAIT_SEM(esp_ble_gap_config_ext_adv_data_raw(2, sizeof(legacy_adv_data), &legacy_adv_data[0]), test_sem); FUNC_SEND_WAIT_SEM(esp_ble_gap_config_ext_scan_rsp_data_raw(2, sizeof(legacy_scan_rsp_data), &legacy_scan_rsp_data[0]), test_sem); // coded phy extend adv, Scannable advertising + ESP_LOG_BUFFER_HEX(LOG_TAG, addr_coded, ESP_BD_ADDR_LEN); FUNC_SEND_WAIT_SEM(esp_ble_gap_ext_adv_set_params(3, &ext_adv_params_coded), test_sem); FUNC_SEND_WAIT_SEM(esp_ble_gap_ext_adv_set_rand_addr(3, addr_coded), test_sem); FUNC_SEND_WAIT_SEM(esp_ble_gap_config_ext_scan_rsp_data_raw(3, sizeof(raw_scan_rsp_data_coded), &raw_scan_rsp_data_coded[0]), test_sem); diff --git a/examples/bluetooth/bluedroid/ble_50/periodic_adv/main/periodic_adv_demo.c b/examples/bluetooth/bluedroid/ble_50/periodic_adv/main/periodic_adv_demo.c index 838d47711d..aa7ffdac2a 100644 --- a/examples/bluetooth/bluedroid/ble_50/periodic_adv/main/periodic_adv_demo.c +++ b/examples/bluetooth/bluedroid/ble_50/periodic_adv/main/periodic_adv_demo.c @@ -56,9 +56,6 @@ static SemaphoreHandle_t test_sem = NULL; - -uint8_t addr_2m[6] = {0xc0, 0xde, 0x52, 0x00, 0x00, 0x02}; - esp_ble_gap_ext_adv_params_t ext_adv_params_2M = { .type = ESP_BLE_GAP_SET_EXT_ADV_PROP_NONCONN_NONSCANNABLE_UNDIRECTED, .interval_min = 0x30, @@ -81,18 +78,16 @@ static esp_ble_gap_periodic_adv_params_t periodic_adv_params = { }; static uint8_t periodic_adv_raw_data[] = { - 0x02, 0x01, 0x06, - 0x02, 0x0a, 0xeb, - 0x03, 0x03, 0xab, 0xcd, - 0x11, 0x09, 'E', 'S', 'P', '_', 'P', 'E', 'R', 'I', 'O', 'D', 'I', - 'C', '_', 'A', 'D', 'V' + 0x02, ESP_BLE_AD_TYPE_FLAG, 0x06, + 0x02, ESP_BLE_AD_TYPE_TX_PWR, 0xeb, + 0x03, ESP_BLE_AD_TYPE_16SRV_CMPL, 0xab, 0xcd, + 0x11, ESP_BLE_AD_TYPE_NAME_CMPL, 'E', 'S', 'P', '_', 'P', 'E', 'R', 'I', 'O', 'D', 'I', 'C', '_', 'A', 'D', 'V' }; static uint8_t raw_ext_adv_data_2m[] = { - 0x02, 0x01, 0x06, - 0x02, 0x0a, 0xeb, - 0x13, 0x09, 'E', 'S', 'P', '_', 'M', 'U', 'L', 'T', 'I', '_', 'A', - 'D', 'V', '_', '8', '0', 'M', 'S' + 0x02, ESP_BLE_AD_TYPE_FLAG, 0x06, + 0x02, ESP_BLE_AD_TYPE_TX_PWR, 0xeb, + 0x11, ESP_BLE_AD_TYPE_NAME_CMPL, 'E', 'S', 'P', '_', 'E', 'X', 'T', 'E', 'N', 'D', 'E', 'D', '_', 'A', 'D', 'V' }; static esp_ble_gap_ext_adv_t ext_adv[1] = { @@ -195,12 +190,16 @@ void app_main(void) return; } - vTaskDelay(200 / portTICK_PERIOD_MS); + // create static random address + esp_bd_addr_t rand_addr; + esp_ble_gap_addr_create_static(rand_addr); test_sem = xSemaphoreCreateBinary(); - // 2M phy extend adv, Connectable advertising + + // 2M phy extend adv, Non-Connectable and Non-Scannable Undirected advertising + ESP_LOG_BUFFER_HEX(LOG_TAG, rand_addr, ESP_BD_ADDR_LEN); FUNC_SEND_WAIT_SEM(esp_ble_gap_ext_adv_set_params(EXT_ADV_HANDLE, &ext_adv_params_2M), test_sem); - FUNC_SEND_WAIT_SEM(esp_ble_gap_ext_adv_set_rand_addr(EXT_ADV_HANDLE, addr_2m), test_sem); + FUNC_SEND_WAIT_SEM(esp_ble_gap_ext_adv_set_rand_addr(EXT_ADV_HANDLE, rand_addr), test_sem); FUNC_SEND_WAIT_SEM(esp_ble_gap_config_ext_adv_data_raw(EXT_ADV_HANDLE, sizeof(raw_ext_adv_data_2m), &raw_ext_adv_data_2m[0]), test_sem); // start all adv diff --git a/examples/bluetooth/bluedroid/ble_50/periodic_adv/tutorial/Periodic_adv_Example_Walkthrough.md b/examples/bluetooth/bluedroid/ble_50/periodic_adv/tutorial/Periodic_adv_Example_Walkthrough.md index 4cab5258ac..3f99664ac6 100644 --- a/examples/bluetooth/bluedroid/ble_50/periodic_adv/tutorial/Periodic_adv_Example_Walkthrough.md +++ b/examples/bluetooth/bluedroid/ble_50/periodic_adv/tutorial/Periodic_adv_Example_Walkthrough.md @@ -216,10 +216,9 @@ Ext adv raw data: ```c static uint8_t raw_ext_adv_data_2m[] = { - 0x02, 0x01, 0x06, - 0x02, 0x0a, 0xeb, - 0x13, 0x09, 'E', 'S', 'P', '_', 'M', 'U', 'L', 'T', 'I', '_', 'A', - 'D', 'V', '_', '8', '0', 'M', 'S' + 0x02, ESP_BLE_AD_TYPE_FLAG, 0x06, + 0x02, ESP_BLE_AD_TYPE_TX_PWR, 0xeb, + 0x11, ESP_BLE_AD_TYPE_NAME_CMPL, 'E', 'S', 'P', '_', 'E', 'X', 'T', 'E', 'N', 'D', 'E', 'D', '_', 'A', 'D', 'V' }; ``` @@ -236,11 +235,10 @@ static esp_ble_gap_periodic_adv_params_t periodic_adv_params = { ```c static uint8_t periodic_adv_raw_data[] = { - 0x02, 0x01, 0x06, - 0x02, 0x0a, 0xeb, - 0x03, 0x03, 0xab, 0xcd, - 0x11, 0x09, 'E', 'S', 'P', '_', 'P', 'E', 'R', 'I', 'O', 'D', 'I', - 'C', '_', 'A', 'D', 'V' + 0x02, ESP_BLE_AD_TYPE_FLAG, 0x06, + 0x02, ESP_BLE_AD_TYPE_TX_PWR, 0xeb, + 0x03, ESP_BLE_AD_TYPE_16SRV_CMPL, 0xab, 0xcd, + 0x11, ESP_BLE_AD_TYPE_NAME_CMPL, 'E', 'S', 'P', '_', 'P', 'E', 'R', 'I', 'O', 'D', 'I', 'C', '_', 'A', 'D', 'V' }; ``` diff --git a/examples/bluetooth/bluedroid/ble_50/periodic_sync/main/periodic_sync_demo.c b/examples/bluetooth/bluedroid/ble_50/periodic_sync/main/periodic_sync_demo.c index 038c5b262d..f70bf1e8b2 100644 --- a/examples/bluetooth/bluedroid/ble_50/periodic_sync/main/periodic_sync_demo.c +++ b/examples/bluetooth/bluedroid/ble_50/periodic_sync/main/periodic_sync_demo.c @@ -48,7 +48,7 @@ #define EXT_SCAN_DURATION 0 #define EXT_SCAN_PERIOD 0 -static char remote_device_name[ESP_BLE_ADV_NAME_LEN_MAX] = "ESP_MULTI_ADV_80MS"; +static char remote_device_name[ESP_BLE_ADV_NAME_LEN_MAX] = "ESP_EXTENDED_ADV"; static SemaphoreHandle_t test_sem = NULL; static esp_ble_ext_scan_params_t ext_scan_params = { @@ -114,6 +114,8 @@ static void gap_event_handler(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param ESP_BLE_AD_TYPE_NAME_CMPL, &adv_name_len); if ((adv_name != NULL) && (memcmp(adv_name, remote_device_name, adv_name_len) == 0) && !periodic_sync) { + // Note: If there are multiple devices with the same device name, the device may sync to an unintended one. + // It is recommended to change the default device name to ensure it is unique. periodic_sync = true; char adv_temp_name[30] = {'0'}; memcpy(adv_temp_name, adv_name, adv_name_len);