Merge branch 'bugfix/fix_ble_aa_zero_c3_s3_v5.3' into 'release/v5.3'

fix(bt/ble): Update esp32c3/s3 libbtdm_app.a (555b0a2) (v5.3)

See merge request espressif/esp-idf!35691

components/bt/controller/esp32c3/Kconfig.in

@@ -548,3 +548,11 @@ config BT_CTRL_BLE_SECURITY_ENABLE
     depends on BT_CTRL_RUN_IN_FLASH_ONLY && BT_CONTROLLER_ONLY
     bool "Enable BLE security feature"
     default y
+
+config BT_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS
+    bool "Enable enhanced Access Address check in CONNECT_IND"
+    default n
+    help
+        Enabling this option will add stricter verification of the Access Address in the CONNECT_IND PDU.
+        This improves security by ensuring that only connection requests with valid Access Addresses are accepted.
+        If disabled, only basic checks are applied, improving compatibility.

components/bt/controller/esp32c3/bt.c

@@ -275,6 +275,7 @@ extern void ets_backup_dma_copy(uint32_t reg, uint32_t mem_addr, uint32_t num, b
 #endif
 
 extern void btdm_cca_feature_enable(void);
+extern void btdm_aa_check_enhance_enable(void);
 
 extern uint32_t _bt_bss_start;
 extern uint32_t _bt_bss_end;
@@ -964,6 +965,9 @@ static void btdm_funcs_table_ready_wrapper(void)
 #if BT_BLE_CCA_MODE == 2
     btdm_cca_feature_enable();
 #endif
+#if BLE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS_ENABLED
+    btdm_aa_check_enhance_enable();
+#endif
 }
 
 bool bt_async_wakeup_request(void)

components/bt/include/esp32c3/include/esp_bt.h

@@ -291,6 +291,12 @@ typedef void (* esp_bt_hci_tl_callback_t) (void *arg, uint8_t status);
 #define BT_CTRL_BLE_SCAN     (1)
 #endif // (BT_CTRL_RUN_IN_FLASH_ONLY == 1)
 
+#ifdef CONFIG_BT_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS
+#define BLE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS_ENABLED CONFIG_BT_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS
+#else
+#define BLE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS_ENABLED 0
+#endif
+
 #define BT_CONTROLLER_INIT_CONFIG_DEFAULT() {                              \
     .magic = ESP_BT_CTRL_CONFIG_MAGIC_VAL,                                 \
     .version = ESP_BT_CTRL_CONFIG_VERSION,                                 \
@@ -336,6 +342,7 @@ typedef void (* esp_bt_hci_tl_callback_t) (void *arg, uint8_t status);
     .qa_test = BT_CTRL_BLE_TEST,                                           \
     .master_en = BT_CTRL_BLE_MASTER,                                       \
     .scan_en = BT_CTRL_BLE_SCAN,                                           \
+    .ble_aa_check = BLE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS_ENABLED,     \
 }
 
 #else
@@ -417,6 +424,7 @@ typedef struct {
     bool qa_test;                           /*!< Controller QA test feature is enabled or not */
     bool master_en;                         /*!< Controller master feature is enabled or not */
     bool scan_en;                           /*!< Controller scan feature is enabled or not */
+    bool ble_aa_check;                      /*!< True if adds a verification step for the Access Address within the CONNECT_IND PDU; false otherwise. Configurable in menuconfig */
 } esp_bt_controller_config_t;
 
 /**

examples/bluetooth/bluedroid/ble/gatt_client/main/gattc_demo.c

@@ -363,6 +363,8 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par
 
             if (adv_name != NULL) {
                 if (strlen(remote_device_name) == adv_name_len && strncmp((char *)adv_name, remote_device_name, adv_name_len) == 0) {
+                    // Note: If there are multiple devices with the same device name, the device may connect to an unintended one.
+                    // It is recommended to change the default device name to ensure it is unique.
                     ESP_LOGI(GATTC_TAG, "Device found %s", remote_device_name);
                     if (connect == false) {
                         connect = true;

examples/bluetooth/bluedroid/ble/gatt_client/tutorial/Gatt_Client_Example_Walkthrough.md

@@ -365,6 +365,8 @@ We are interested in the `ESP_GAP_SEARCH_INQ_RES_EVT` event, which is called eve
 		        ESP_LOGI(GATTC_TAG, " ");
 		        if (adv_name != NULL) {
 			        if (strlen(remote_device_name) == adv_name_len && strncmp((char *)adv_name, remote_device_name, adv_name_len) == 0) {
+                    // Note: If there are multiple devices with the same device name, the device may connect to an unintended one.
+                    // It is recommended to change the default device name to ensure it is unique.
                     ESP_LOGI(GATTC_TAG, "searched device %s", remote_device_name);
                     if (connect == false) {
                         connect = true;

examples/bluetooth/bluedroid/ble/gatt_security_client/main/example_ble_sec_gattc_demo.c

@@ -458,6 +458,8 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par
             ESP_LOG_BUFFER_CHAR(GATTC_TAG, adv_name, adv_name_len);
             if (adv_name != NULL) {
                 if (strlen(remote_device_name) == adv_name_len && strncmp((char *)adv_name, remote_device_name, adv_name_len) == 0) {
+                    // Note: If there are multiple devices with the same device name, the device may connect to an unintended one.
+                    // It is recommended to change the default device name to ensure it is unique.
                     ESP_LOGI(GATTC_TAG, "Device found %s", remote_device_name);
                     if (connect == false) {
                         connect = true;

examples/bluetooth/bluedroid/ble_50/ble50_security_client/main/ble50_sec_gattc_demo.c

@@ -492,6 +492,8 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par
                                             ESP_BLE_AD_TYPE_NAME_CMPL,
                                             &adv_name_len);
         if (!connect && strlen(remote_device_name) == adv_name_len && strncmp((char *)adv_name, remote_device_name, adv_name_len) == 0) {
+            // Note: If there are multiple devices with the same device name, the device may connect to an unintended one.
+            // It is recommended to change the default device name to ensure it is unique.
             connect = true;
             esp_ble_gap_stop_ext_scan();
             ESP_LOGI(GATTC_TAG, "Device found "ESP_BD_ADDR_STR"", ESP_BD_ADDR_HEX(param->ext_adv_report.params.addr));

examples/bluetooth/bluedroid/ble_50/multi-adv/main/multi_adv_demo.c

@@ -47,11 +47,6 @@
 
 static SemaphoreHandle_t test_sem = NULL;
 
-uint8_t addr_1m[6] = {0xc0, 0xde, 0x52, 0x00, 0x00, 0x01};
-uint8_t addr_2m[6] = {0xc0, 0xde, 0x52, 0x00, 0x00, 0x02};
-uint8_t addr_legacy[6] = {0xc0, 0xde, 0x52, 0x00, 0x00, 0x03};
-uint8_t addr_coded[6] = {0xc0, 0xde, 0x52, 0x00, 0x00, 0x04};
-
 esp_ble_gap_ext_adv_params_t ext_adv_params_1M = {
     .type = ESP_BLE_GAP_SET_EXT_ADV_PROP_CONNECTABLE,
     .interval_min = 0x30,
@@ -236,26 +231,39 @@ void app_main(void)
         return;
     }
 
-    vTaskDelay(200 / portTICK_PERIOD_MS);
+    // create static random address
+    esp_bd_addr_t addr_1m;
+    esp_bd_addr_t addr_2m;
+    esp_bd_addr_t addr_legacy;
+    esp_bd_addr_t addr_coded;
+    esp_ble_gap_addr_create_static(addr_1m);
+    esp_ble_gap_addr_create_static(addr_2m);
+    esp_ble_gap_addr_create_static(addr_legacy);
+    esp_ble_gap_addr_create_static(addr_coded);
 
     test_sem = xSemaphoreCreateBinary();
+
     // 1M phy extend adv, Connectable advertising
+    ESP_LOG_BUFFER_HEX(LOG_TAG, addr_1m, ESP_BD_ADDR_LEN);
     FUNC_SEND_WAIT_SEM(esp_ble_gap_ext_adv_set_params(0, &ext_adv_params_1M), test_sem);
     FUNC_SEND_WAIT_SEM(esp_ble_gap_ext_adv_set_rand_addr(0, addr_1m), test_sem);
     FUNC_SEND_WAIT_SEM(esp_ble_gap_config_ext_adv_data_raw(0, sizeof(raw_adv_data_1m), &raw_adv_data_1m[0]), test_sem);
 
     // 2M phy extend adv, Scannable advertising
+    ESP_LOG_BUFFER_HEX(LOG_TAG, addr_2m, ESP_BD_ADDR_LEN);
     FUNC_SEND_WAIT_SEM(esp_ble_gap_ext_adv_set_params(1, &ext_adv_params_2M), test_sem);
     FUNC_SEND_WAIT_SEM(esp_ble_gap_ext_adv_set_rand_addr(1, addr_2m), test_sem);
     FUNC_SEND_WAIT_SEM(esp_ble_gap_config_ext_scan_rsp_data_raw(1, sizeof(raw_scan_rsp_data_2m), raw_scan_rsp_data_2m), test_sem);
 
     // 1M phy legacy adv, ADV_IND
+    ESP_LOG_BUFFER_HEX(LOG_TAG, addr_legacy, ESP_BD_ADDR_LEN);
     FUNC_SEND_WAIT_SEM(esp_ble_gap_ext_adv_set_params(2, &legacy_adv_params), test_sem);
     FUNC_SEND_WAIT_SEM(esp_ble_gap_ext_adv_set_rand_addr(2, addr_legacy), test_sem);
     FUNC_SEND_WAIT_SEM(esp_ble_gap_config_ext_adv_data_raw(2, sizeof(legacy_adv_data), &legacy_adv_data[0]), test_sem);
     FUNC_SEND_WAIT_SEM(esp_ble_gap_config_ext_scan_rsp_data_raw(2, sizeof(legacy_scan_rsp_data), &legacy_scan_rsp_data[0]), test_sem);
 
     // coded phy extend adv, Scannable advertising
+    ESP_LOG_BUFFER_HEX(LOG_TAG, addr_coded, ESP_BD_ADDR_LEN);
     FUNC_SEND_WAIT_SEM(esp_ble_gap_ext_adv_set_params(3, &ext_adv_params_coded), test_sem);
     FUNC_SEND_WAIT_SEM(esp_ble_gap_ext_adv_set_rand_addr(3, addr_coded), test_sem);
     FUNC_SEND_WAIT_SEM(esp_ble_gap_config_ext_scan_rsp_data_raw(3, sizeof(raw_scan_rsp_data_coded), &raw_scan_rsp_data_coded[0]), test_sem);

examples/bluetooth/bluedroid/ble_50/periodic_adv/main/periodic_adv_demo.c

@@ -56,9 +56,6 @@
 
 static SemaphoreHandle_t test_sem = NULL;
 
-
-uint8_t addr_2m[6] = {0xc0, 0xde, 0x52, 0x00, 0x00, 0x02};
-
 esp_ble_gap_ext_adv_params_t ext_adv_params_2M = {
     .type = ESP_BLE_GAP_SET_EXT_ADV_PROP_NONCONN_NONSCANNABLE_UNDIRECTED,
     .interval_min = 0x30,
@@ -81,18 +78,16 @@ static esp_ble_gap_periodic_adv_params_t periodic_adv_params = {
 };
 
 static uint8_t periodic_adv_raw_data[] = {
-        0x02, 0x01, 0x06,
+        0x02, ESP_BLE_AD_TYPE_FLAG, 0x06,
-        0x02, 0x0a, 0xeb,
+        0x02, ESP_BLE_AD_TYPE_TX_PWR, 0xeb,
-        0x03, 0x03, 0xab, 0xcd,
+        0x03, ESP_BLE_AD_TYPE_16SRV_CMPL, 0xab, 0xcd,
-        0x11, 0x09, 'E', 'S', 'P', '_', 'P', 'E', 'R', 'I', 'O', 'D', 'I',
+        0x11, ESP_BLE_AD_TYPE_NAME_CMPL, 'E', 'S', 'P', '_', 'P', 'E', 'R', 'I', 'O', 'D', 'I', 'C', '_', 'A', 'D', 'V'
-        'C', '_', 'A', 'D', 'V'
 };
 
 static uint8_t raw_ext_adv_data_2m[] = {
-        0x02, 0x01, 0x06,
+        0x02, ESP_BLE_AD_TYPE_FLAG, 0x06,
-        0x02, 0x0a, 0xeb,
+        0x02, ESP_BLE_AD_TYPE_TX_PWR, 0xeb,
-        0x13, 0x09, 'E', 'S', 'P', '_', 'M', 'U', 'L', 'T', 'I', '_', 'A',
+        0x11, ESP_BLE_AD_TYPE_NAME_CMPL, 'E', 'S', 'P', '_', 'E', 'X', 'T', 'E', 'N', 'D', 'E', 'D', '_', 'A', 'D', 'V'
-        'D', 'V', '_', '8', '0', 'M', 'S'
 };
 
 static esp_ble_gap_ext_adv_t ext_adv[1] = {
@@ -195,12 +190,16 @@ void app_main(void)
         return;
     }
 
-    vTaskDelay(200 / portTICK_PERIOD_MS);
+    // create static random address
+    esp_bd_addr_t rand_addr;
+    esp_ble_gap_addr_create_static(rand_addr);
 
     test_sem = xSemaphoreCreateBinary();
-    // 2M phy extend adv, Connectable advertising
+
+    // 2M phy extend adv, Non-Connectable and Non-Scannable Undirected advertising
+    ESP_LOG_BUFFER_HEX(LOG_TAG, rand_addr, ESP_BD_ADDR_LEN);
     FUNC_SEND_WAIT_SEM(esp_ble_gap_ext_adv_set_params(EXT_ADV_HANDLE, &ext_adv_params_2M), test_sem);
-    FUNC_SEND_WAIT_SEM(esp_ble_gap_ext_adv_set_rand_addr(EXT_ADV_HANDLE, addr_2m), test_sem);
+    FUNC_SEND_WAIT_SEM(esp_ble_gap_ext_adv_set_rand_addr(EXT_ADV_HANDLE, rand_addr), test_sem);
     FUNC_SEND_WAIT_SEM(esp_ble_gap_config_ext_adv_data_raw(EXT_ADV_HANDLE, sizeof(raw_ext_adv_data_2m), &raw_ext_adv_data_2m[0]), test_sem);
 
     // start all adv

examples/bluetooth/bluedroid/ble_50/periodic_adv/tutorial/Periodic_adv_Example_Walkthrough.md

@@ -216,10 +216,9 @@ Ext adv raw data:
 
 ```c
 static uint8_t raw_ext_adv_data_2m[] = {
-        0x02, 0x01, 0x06,
+        0x02, ESP_BLE_AD_TYPE_FLAG, 0x06,
-        0x02, 0x0a, 0xeb,
+        0x02, ESP_BLE_AD_TYPE_TX_PWR, 0xeb,
-        0x13, 0x09, 'E', 'S', 'P', '_', 'M', 'U', 'L', 'T', 'I', '_', 'A',
+        0x11, ESP_BLE_AD_TYPE_NAME_CMPL, 'E', 'S', 'P', '_', 'E', 'X', 'T', 'E', 'N', 'D', 'E', 'D', '_', 'A', 'D', 'V'
-        'D', 'V', '_', '8', '0', 'M', 'S'
 };
 ```
 
@@ -236,11 +235,10 @@ static esp_ble_gap_periodic_adv_params_t periodic_adv_params = {
 
 ```c
 static uint8_t periodic_adv_raw_data[] = {
-        0x02, 0x01, 0x06,
+        0x02, ESP_BLE_AD_TYPE_FLAG, 0x06,
-        0x02, 0x0a, 0xeb,
+        0x02, ESP_BLE_AD_TYPE_TX_PWR, 0xeb,
-        0x03, 0x03, 0xab, 0xcd,
+        0x03, ESP_BLE_AD_TYPE_16SRV_CMPL, 0xab, 0xcd,
-        0x11, 0x09, 'E', 'S', 'P', '_', 'P', 'E', 'R', 'I', 'O', 'D', 'I',
+        0x11, ESP_BLE_AD_TYPE_NAME_CMPL, 'E', 'S', 'P', '_', 'P', 'E', 'R', 'I', 'O', 'D', 'I', 'C', '_', 'A', 'D', 'V'
-        'C', '_', 'A', 'D', 'V'
 };
 ```
 

examples/bluetooth/bluedroid/ble_50/periodic_sync/main/periodic_sync_demo.c

@@ -48,7 +48,7 @@
 #define EXT_SCAN_DURATION     0
 #define EXT_SCAN_PERIOD       0
 
-static char remote_device_name[ESP_BLE_ADV_NAME_LEN_MAX] = "ESP_MULTI_ADV_80MS";
+static char remote_device_name[ESP_BLE_ADV_NAME_LEN_MAX] = "ESP_EXTENDED_ADV";
 static SemaphoreHandle_t test_sem = NULL;
 
 static esp_ble_ext_scan_params_t ext_scan_params = {
@@ -114,6 +114,8 @@ static void gap_event_handler(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param
                                             ESP_BLE_AD_TYPE_NAME_CMPL,
                                             &adv_name_len);
 	    if ((adv_name != NULL) && (memcmp(adv_name, remote_device_name, adv_name_len) == 0) && !periodic_sync) {
+            // Note: If there are multiple devices with the same device name, the device may sync to an unintended one.
+            // It is recommended to change the default device name to ensure it is unique.
             periodic_sync = true;
 	        char adv_temp_name[30] = {'0'};
 	        memcpy(adv_temp_name, adv_name, adv_name_len);