From 89ee65e1c64763d8efff45cd604857f93bdf3cb3 Mon Sep 17 00:00:00 2001 From: zhiweijian Date: Wed, 29 Aug 2018 12:03:55 +0800 Subject: [PATCH 1/3] Component/bt: add set default passkey function --- components/bt/bluedroid/api/esp_gap_ble_api.c | 17 ++++++++++ .../api/include/api/esp_gap_ble_api.h | 3 ++ components/bt/bluedroid/bta/dm/bta_dm_act.c | 4 +++ components/bt/bluedroid/bta/dm/bta_dm_api.c | 15 +++++++++ components/bt/bluedroid/bta/dm/bta_dm_main.c | 9 +++--- .../bt/bluedroid/bta/dm/include/bta_dm_int.h | 9 ++++++ .../bt/bluedroid/bta/include/bta/bta_api.h | 16 ++++++++++ .../btc/profile/std/gap/btc_gap_ble.c | 13 ++++++++ components/bt/bluedroid/stack/btm/btm_ble.c | 6 ++++ .../stack/include/stack/btm_ble_api.h | 15 +++++++++ .../bluedroid/stack/include/stack/smp_api.h | 15 +++++++++ .../bt/bluedroid/stack/smp/include/smp_int.h | 4 +++ components/bt/bluedroid/stack/smp/smp_api.c | 12 +++++++ components/bt/bluedroid/stack/smp/smp_keys.c | 32 +++++++++++++++++-- components/bt/bluedroid/stack/smp/smp_utils.c | 9 ++++-- components/bt/test/test_smp.c | 28 ++++++++++++++++ .../main/example_ble_sec_gattc_demo.c | 2 +- .../main/example_ble_sec_gatts_demo.c | 5 ++- 18 files changed, 203 insertions(+), 11 deletions(-) diff --git a/components/bt/bluedroid/api/esp_gap_ble_api.c b/components/bt/bluedroid/api/esp_gap_ble_api.c index 8ece6ecff8..0dcd89cfee 100644 --- a/components/bt/bluedroid/api/esp_gap_ble_api.c +++ b/components/bt/bluedroid/api/esp_gap_ble_api.c @@ -441,6 +441,23 @@ esp_err_t esp_ble_gap_config_scan_rsp_data_raw(uint8_t *raw_data, uint32_t raw_d esp_err_t esp_ble_gap_set_security_param(esp_ble_sm_param_t param_type, void *value, uint8_t len) { + if(param_type >= ESP_BLE_SM_MAX_PARAM) { + return ESP_ERR_INVALID_ARG; + } + if((param_type != ESP_BLE_SM_CLEAR_STATIC_PASSKEY) && ( value == NULL || len < sizeof(uint8_t) || len > sizeof(uint32_t))) { + return ESP_ERR_INVALID_ARG; + } + if((param_type == ESP_BLE_SM_SET_STATIC_PASSKEY)) { + uint32_t passkey = 0; + for(uint8_t i = 0; i < len; i++) + { + passkey += (((uint8_t *)value)[i]<<(8*i)); + } + if(passkey > 999999) { + return ESP_ERR_INVALID_ARG; + } + } + btc_msg_t msg; btc_ble_gap_args_t arg; diff --git a/components/bt/bluedroid/api/include/api/esp_gap_ble_api.h b/components/bt/bluedroid/api/include/api/esp_gap_ble_api.h index faa8ed4f06..9765c1b2b3 100644 --- a/components/bt/bluedroid/api/include/api/esp_gap_ble_api.h +++ b/components/bt/bluedroid/api/include/api/esp_gap_ble_api.h @@ -264,6 +264,9 @@ typedef enum { ESP_BLE_SM_SET_INIT_KEY, ESP_BLE_SM_SET_RSP_KEY, ESP_BLE_SM_MAX_KEY_SIZE, + ESP_BLE_SM_SET_STATIC_PASSKEY, + ESP_BLE_SM_CLEAR_STATIC_PASSKEY, + ESP_BLE_SM_MAX_PARAM, } esp_ble_sm_param_t; /// Advertising parameters diff --git a/components/bt/bluedroid/bta/dm/bta_dm_act.c b/components/bt/bluedroid/bta/dm/bta_dm_act.c index 1e9faab7de..257f12d8f8 100644 --- a/components/bt/bluedroid/bta/dm/bta_dm_act.c +++ b/components/bt/bluedroid/bta/dm/bta_dm_act.c @@ -4459,6 +4459,10 @@ void bta_dm_ble_passkey_reply (tBTA_DM_MSG *p_data) } +void bta_dm_ble_set_static_passkey(tBTA_DM_MSG *p_data) +{ + BTM_BleSetStaticPasskey(p_data->ble_set_static_passkey.add, p_data->ble_set_static_passkey.static_passkey); +} /******************************************************************************* ** ** Function bta_dm_ble_confirm_reply diff --git a/components/bt/bluedroid/bta/dm/bta_dm_api.c b/components/bt/bluedroid/bta/dm/bta_dm_api.c index 0354c04d0a..019e2aae2b 100644 --- a/components/bt/bluedroid/bta/dm/bta_dm_api.c +++ b/components/bt/bluedroid/bta/dm/bta_dm_api.c @@ -825,6 +825,21 @@ void BTA_DmBlePasskeyReply(BD_ADDR bd_addr, BOOLEAN accept, UINT32 passkey) bta_sys_sendmsg(p_msg); } } + +void BTA_DmBleSetStaticPasskey(bool add, uint32_t passkey) +{ + tBTA_DM_API_SET_DEFAULT_PASSKEY *p_msg; + + if ((p_msg = (tBTA_DM_API_SET_DEFAULT_PASSKEY *) osi_malloc(sizeof(tBTA_DM_API_SET_DEFAULT_PASSKEY))) != NULL) { + memset(p_msg, 0, sizeof(tBTA_DM_API_SET_DEFAULT_PASSKEY)); + + p_msg->hdr.event = BTA_DM_API_BLE_SET_STATIC_PASSKEY_EVT; + p_msg->add = add; + p_msg->static_passkey = passkey; + bta_sys_sendmsg(p_msg); + } +} + /******************************************************************************* ** ** Function BTA_DmBleConfirmReply diff --git a/components/bt/bluedroid/bta/dm/bta_dm_main.c b/components/bt/bluedroid/bta/dm/bta_dm_main.c index 8f4775ea2b..f3a15b09e9 100644 --- a/components/bt/bluedroid/bta/dm/bta_dm_main.c +++ b/components/bt/bluedroid/bta/dm/bta_dm_main.c @@ -86,10 +86,11 @@ const tBTA_DM_ACTION bta_dm_action[BTA_DM_MAX_EVT] = { #if BLE_INCLUDED == TRUE #if SMP_INCLUDED == TRUE - bta_dm_add_blekey, /* BTA_DM_API_ADD_BLEKEY_EVT */ - bta_dm_add_ble_device, /* BTA_DM_API_ADD_BLEDEVICE_EVT */ - bta_dm_ble_passkey_reply, /* BTA_DM_API_BLE_PASSKEY_REPLY_EVT */ - bta_dm_ble_confirm_reply, /* BTA_DM_API_BLE_CONFIRM_REPLY_EVT */ + bta_dm_add_blekey, /* BTA_DM_API_ADD_BLEKEY_EVT */ + bta_dm_add_ble_device, /* BTA_DM_API_ADD_BLEDEVICE_EVT */ + bta_dm_ble_passkey_reply, /* BTA_DM_API_BLE_PASSKEY_REPLY_EVT */ + bta_dm_ble_set_static_passkey, /* BTA_DM_API_BLE_SET_STATIC_PASSKEY_EVT */ + bta_dm_ble_confirm_reply, /* BTA_DM_API_BLE_CONFIRM_REPLY_EVT */ bta_dm_security_grant, #endif ///SMP_INCLUDED == TRUE bta_dm_ble_set_bg_conn_type, diff --git a/components/bt/bluedroid/bta/dm/include/bta_dm_int.h b/components/bt/bluedroid/bta/dm/include/bta_dm_int.h index 4499d9ed9a..e3211697af 100644 --- a/components/bt/bluedroid/bta/dm/include/bta_dm_int.h +++ b/components/bt/bluedroid/bta/dm/include/bta_dm_int.h @@ -87,6 +87,7 @@ enum { BTA_DM_API_ADD_BLEKEY_EVT, BTA_DM_API_ADD_BLEDEVICE_EVT, BTA_DM_API_BLE_PASSKEY_REPLY_EVT, + BTA_DM_API_BLE_SET_STATIC_PASSKEY_EVT, BTA_DM_API_BLE_CONFIRM_REPLY_EVT, BTA_DM_API_BLE_SEC_GRANT_EVT, #endif ///SMP_INCLUDED == TRUE @@ -444,6 +445,12 @@ typedef struct { UINT32 passkey; } tBTA_DM_API_PASSKEY_REPLY; +typedef struct { + BT_HDR hdr; + BOOLEAN add; + UINT32 static_passkey; +} tBTA_DM_API_SET_DEFAULT_PASSKEY; + typedef struct { BT_HDR hdr; BD_ADDR bd_addr; @@ -787,6 +794,7 @@ typedef union { tBTA_DM_API_ADD_BLEKEY add_ble_key; tBTA_DM_API_ADD_BLE_DEVICE add_ble_device; tBTA_DM_API_PASSKEY_REPLY ble_passkey_reply; + tBTA_DM_API_SET_DEFAULT_PASSKEY ble_set_static_passkey; tBTA_DM_API_BLE_SEC_GRANT ble_sec_grant; tBTA_DM_API_BLE_SET_BG_CONN_TYPE ble_set_bd_conn_type; tBTA_DM_API_BLE_CONN_PARAMS ble_set_conn_params; @@ -1189,6 +1197,7 @@ extern void bta_dm_add_ampkey (tBTA_DM_MSG *p_data); extern void bta_dm_add_blekey (tBTA_DM_MSG *p_data); extern void bta_dm_add_ble_device (tBTA_DM_MSG *p_data); extern void bta_dm_ble_passkey_reply (tBTA_DM_MSG *p_data); +extern void bta_dm_ble_set_static_passkey(tBTA_DM_MSG *p_data); extern void bta_dm_ble_confirm_reply (tBTA_DM_MSG *p_data); extern void bta_dm_security_grant (tBTA_DM_MSG *p_data); extern void bta_dm_ble_set_bg_conn_type (tBTA_DM_MSG *p_data); diff --git a/components/bt/bluedroid/bta/include/bta/bta_api.h b/components/bt/bluedroid/bta/include/bta/bta_api.h index ff0045f9a7..7151467317 100644 --- a/components/bt/bluedroid/bta/include/bta/bta_api.h +++ b/components/bt/bluedroid/bta/include/bta/bta_api.h @@ -1802,6 +1802,22 @@ extern void BTA_DmBleSetBgConnType(tBTA_DM_BLE_CONN_TYPE bg_conn_type, tBTA_DM_B *******************************************************************************/ extern void BTA_DmBlePasskeyReply(BD_ADDR bd_addr, BOOLEAN accept, UINT32 passkey); +/******************************************************************************* +** +** Function BTA_DmBleSetStaticPasskey +** +** Description Set BLE SMP static passkey. +** +** Parameters: add - add static passkey when add is true +** clear static passkey when add is false +** passkey - static passkey value +** +** +** Returns void +** +*******************************************************************************/ +extern void BTA_DmBleSetStaticPasskey(bool add, uint32_t passkey); + /******************************************************************************* ** ** Function BTA_DmBleConfirmReply diff --git a/components/bt/bluedroid/btc/profile/std/gap/btc_gap_ble.c b/components/bt/bluedroid/btc/profile/std/gap/btc_gap_ble.c index 7200be90f5..33e1ea6701 100644 --- a/components/bt/bluedroid/btc/profile/std/gap/btc_gap_ble.c +++ b/components/bt/bluedroid/btc/profile/std/gap/btc_gap_ble.c @@ -1116,6 +1116,19 @@ void btc_gap_ble_call_handler(btc_msg_t *msg) bta_dm_co_ble_set_max_key_size(key_size); break; } + case ESP_BLE_SM_SET_STATIC_PASSKEY: { + uint32_t passkey = 0; + for(uint8_t i = 0; i < arg->set_security_param.len; i++) + { + passkey += (((uint8_t *)value)[i]<<(8*i)); + } + BTA_DmBleSetStaticPasskey(true, passkey); + break; + } + case ESP_BLE_SM_CLEAR_STATIC_PASSKEY: { + BTA_DmBleSetStaticPasskey(false, 0); + break; + } default: break; } diff --git a/components/bt/bluedroid/stack/btm/btm_ble.c b/components/bt/bluedroid/stack/btm/btm_ble.c index 0de41650c0..3470fbf17f 100644 --- a/components/bt/bluedroid/stack/btm/btm_ble.c +++ b/components/bt/bluedroid/stack/btm/btm_ble.c @@ -423,6 +423,12 @@ void BTM_BlePasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey) #endif } +void BTM_BleSetStaticPasskey(BOOLEAN add, UINT32 passkey) +{ +#if SMP_INCLUDED == TRUE + SMP_SetStaticPasskey(add, passkey); +#endif +} /******************************************************************************* ** ** Function BTM_BleConfirmReply diff --git a/components/bt/bluedroid/stack/include/stack/btm_ble_api.h b/components/bt/bluedroid/stack/include/stack/btm_ble_api.h index b470bd0d00..0a07c643b4 100644 --- a/components/bt/bluedroid/stack/include/stack/btm_ble_api.h +++ b/components/bt/bluedroid/stack/include/stack/btm_ble_api.h @@ -1315,6 +1315,21 @@ void BTM_SecurityGrant(BD_ADDR bd_addr, UINT8 res); //extern void BTM_BlePasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey); +/******************************************************************************* +** +** Function BTM_BleSetStaticPasskey +** +** Description This function is called to set static passkey +** +** +** Parameters: add - set static passkey when add is TRUE +** clear static passkey when add is FALSE +** passkey - static passkey +** +** +*******************************************************************************/ +void BTM_BleSetStaticPasskey(BOOLEAN add, UINT32 passkey); + /******************************************************************************* ** ** Function BTM_BleConfirmReply diff --git a/components/bt/bluedroid/stack/include/stack/smp_api.h b/components/bt/bluedroid/stack/include/stack/smp_api.h index 722850c3d4..6a3ca5afa8 100644 --- a/components/bt/bluedroid/stack/include/stack/smp_api.h +++ b/components/bt/bluedroid/stack/include/stack/smp_api.h @@ -401,6 +401,21 @@ extern void SMP_SecurityGrant(BD_ADDR bd_addr, UINT8 res); *******************************************************************************/ extern void SMP_PasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey); +/******************************************************************************* +** +** Function SMP_SetStaticPasskey +** +** Description This function is called to set static passkey +** +** +** Parameters: add - set static passkey when add is TRUE +** clear static passkey when add is FALSE +** passkey - static passkey +** +** +*******************************************************************************/ +extern void SMP_SetStaticPasskey (BOOLEAN add, UINT32 passkey); + /******************************************************************************* ** ** Function SMP_ConfirmReply diff --git a/components/bt/bluedroid/stack/smp/include/smp_int.h b/components/bt/bluedroid/stack/smp/include/smp_int.h index 10d6f4bc69..029869efcc 100644 --- a/components/bt/bluedroid/stack/smp/include/smp_int.h +++ b/components/bt/bluedroid/stack/smp/include/smp_int.h @@ -132,6 +132,8 @@ typedef UINT8 tSMP_EVENT; /* Assumption it's only using the low 8 bits, if bigger than that, need to expand it to 16 bits */ #define SMP_SEC_KEY_MASK 0x00ff +#define SMP_PASSKEY_MASK 0xfff00000 + /* SMP pairing state */ enum { SMP_STATE_IDLE, @@ -331,6 +333,8 @@ typedef struct { UINT8 rcvd_cmd_len; UINT16 total_tx_unacked; BOOLEAN wait_for_authorization_complete; + BOOLEAN use_static_passkey; + UINT32 static_passkey; } tSMP_CB; /* Server Action functions are of this type */ diff --git a/components/bt/bluedroid/stack/smp/smp_api.c b/components/bt/bluedroid/stack/smp/smp_api.c index 5e8b436ec8..ecd222c22a 100644 --- a/components/bt/bluedroid/stack/smp/smp_api.c +++ b/components/bt/bluedroid/stack/smp/smp_api.c @@ -328,6 +328,18 @@ void SMP_PasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey) return; } +void SMP_SetStaticPasskey (BOOLEAN add, UINT32 passkey) +{ + SMP_TRACE_DEBUG("static passkey %6d", passkey); + tSMP_CB *p_cb = & smp_cb; + if(add) { + p_cb->static_passkey = passkey; + p_cb->use_static_passkey = true; + } else { + p_cb->static_passkey = 0; + p_cb->use_static_passkey = false; + } +} /******************************************************************************* ** ** Function SMP_ConfirmReply diff --git a/components/bt/bluedroid/stack/smp/smp_keys.c b/components/bt/bluedroid/stack/smp/smp_keys.c index a147a158ff..94806a5a60 100644 --- a/components/bt/bluedroid/stack/smp/smp_keys.c +++ b/components/bt/bluedroid/stack/smp/smp_keys.c @@ -71,8 +71,6 @@ static const tSMP_ACT smp_encrypt_action[] = { smp_generate_rand_cont /* SMP_GEN_SRAND_MRAND_CONT */ }; -#define SMP_PASSKEY_MASK 0xfff00000 - void smp_debug_print_nbyte_little_endian(UINT8 *p, const UINT8 *key_name, UINT8 len) { #if SMP_DEBUG == TRUE @@ -186,6 +184,29 @@ BOOLEAN smp_encrypt_data (UINT8 *key, UINT8 key_len, return TRUE; } +void smp_use_static_passkey(void) +{ + tSMP_CB *p_cb = &smp_cb; + UINT8 *tt = p_cb->tk; + tSMP_KEY key; + UINT32 passkey = p_cb->static_passkey; + /* save the TK */ + memset(p_cb->tk, 0, BT_OCTET16_LEN); + UINT32_TO_STREAM(tt, passkey); + + key.key_type = SMP_KEY_TYPE_TK; + key.p_data = p_cb->tk; + + if (p_cb->p_callback) { + (*p_cb->p_callback)(SMP_PASSKEY_NOTIF_EVT, p_cb->pairing_bda, (tSMP_EVT_DATA *)&passkey); + } + + if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_PASSKEY_DISP) { + smp_sm_event(&smp_cb, SMP_KEY_READY_EVT, &passkey); + } else { + smp_sm_event(p_cb, SMP_KEY_READY_EVT, (tSMP_INT_DATA *)&key); + } +} /******************************************************************************* ** ** Function smp_generate_passkey @@ -199,7 +220,12 @@ void smp_generate_passkey(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) { UNUSED(p_data); - SMP_TRACE_DEBUG ("%s", __func__); + if(p_cb->use_static_passkey) { + SMP_TRACE_DEBUG ("%s use static passkey %6d", __func__, p_cb->static_passkey); + smp_use_static_passkey(); + return; + } + SMP_TRACE_DEBUG ("%s generate rand passkey", __func__); p_cb->rand_enc_proc_state = SMP_GEN_TK; /* generate MRand or SRand */ diff --git a/components/bt/bluedroid/stack/smp/smp_utils.c b/components/bt/bluedroid/stack/smp/smp_utils.c index 91dac6dec2..31497591f0 100644 --- a/components/bt/bluedroid/stack/smp/smp_utils.c +++ b/components/bt/bluedroid/stack/smp/smp_utils.c @@ -877,16 +877,21 @@ void smp_xor_128(BT_OCTET16 a, BT_OCTET16 b) ** Returns void ** *******************************************************************************/ -void smp_cb_cleanup(tSMP_CB *p_cb) +void smp_cb_cleanup(tSMP_CB *p_cb) { tSMP_CALLBACK *p_callback = p_cb->p_callback; UINT8 trace_level = p_cb->trace_level; - + UINT32 static_passkey = p_cb->static_passkey; + BOOLEAN use_static_passkey = p_cb->use_static_passkey; SMP_TRACE_EVENT("smp_cb_cleanup\n"); memset(p_cb, 0, sizeof(tSMP_CB)); p_cb->p_callback = p_callback; p_cb->trace_level = trace_level; + if(use_static_passkey) { + p_cb->use_static_passkey = use_static_passkey; + p_cb->static_passkey = static_passkey; + } } /******************************************************************************* diff --git a/components/bt/test/test_smp.c b/components/bt/test/test_smp.c index 8758f9ccf4..f667fbe12a 100644 --- a/components/bt/test/test_smp.c +++ b/components/bt/test/test_smp.c @@ -105,3 +105,31 @@ TEST_CASE("ble_smp_public_key_check", "[ble_smp]") TEST_ASSERT(ECC_CheckPointIsInElliCur_P256(&public_key)); } } + +TEST_CASE("ble_smp_set_clear_static_passkey", "[ble_smp]") +{ + /* We wait init finish 200ms here */ + vTaskDelay(200 / portTICK_PERIOD_MS); + esp_ble_auth_req_t auth_req = ESP_LE_AUTH_BOND; + uint32_t passkey = 123456; + /* test len = 0 when type != ESP_BLE_SM_CLEAR_STATIC_PASSKEY */ + TEST_ASSERT(esp_ble_gap_set_security_param(ESP_BLE_SM_AUTHEN_REQ_MODE, &auth_req, 0) == ESP_ERR_INVALID_ARG); + /* test function */ + TEST_ASSERT(esp_ble_gap_set_security_param(ESP_BLE_SM_AUTHEN_REQ_MODE, &auth_req, sizeof(esp_ble_auth_req_t)) != ESP_ERR_INVALID_ARG); + /* test type >= ESP_BLE_SM_MAX_PARAM */ + TEST_ASSERT(esp_ble_gap_set_security_param(ESP_BLE_SM_MAX_PARAM, &passkey, sizeof(uint32_t)) == ESP_ERR_INVALID_ARG); + /* test len < sizeof(uint32_t) when type is ESP_BLE_SM_SET_STATIC_PASSKEY */ + TEST_ASSERT(esp_ble_gap_set_security_param(ESP_BLE_SM_SET_STATIC_PASSKEY, &passkey, sizeof(uint8_t)) != ESP_ERR_INVALID_ARG); + /* test value is NULL when type != ESP_BLE_SM_CLEAR_STATIC_PASSKEY */ + TEST_ASSERT(esp_ble_gap_set_security_param(ESP_BLE_SM_SET_STATIC_PASSKEY, NULL, sizeof(uint8_t)) == ESP_ERR_INVALID_ARG); + /* test value is NULL and len is 0 when type != ESP_BLE_SM_CLEAR_STATIC_PASSKEY */ + TEST_ASSERT(esp_ble_gap_set_security_param(ESP_BLE_SM_SET_STATIC_PASSKEY, NULL, 0) == ESP_ERR_INVALID_ARG); + /* test function */ + TEST_ASSERT(esp_ble_gap_set_security_param(ESP_BLE_SM_SET_STATIC_PASSKEY, &passkey, sizeof(uint32_t)) != ESP_ERR_INVALID_ARG); + /* test function */ + TEST_ASSERT(esp_ble_gap_set_security_param(ESP_BLE_SM_CLEAR_STATIC_PASSKEY, &passkey, sizeof(uint32_t)) != ESP_ERR_INVALID_ARG); + /* test function */ + TEST_ASSERT(esp_ble_gap_set_security_param(ESP_BLE_SM_CLEAR_STATIC_PASSKEY, NULL, sizeof(uint32_t)) != ESP_ERR_INVALID_ARG); + /* test function */ + TEST_ASSERT(esp_ble_gap_set_security_param(ESP_BLE_SM_CLEAR_STATIC_PASSKEY, NULL, 0) != ESP_ERR_INVALID_ARG); +} diff --git a/examples/bluetooth/gatt_security_client/main/example_ble_sec_gattc_demo.c b/examples/bluetooth/gatt_security_client/main/example_ble_sec_gattc_demo.c index 6a5e4933a5..a4408cccb6 100644 --- a/examples/bluetooth/gatt_security_client/main/example_ble_sec_gattc_demo.c +++ b/examples/bluetooth/gatt_security_client/main/example_ble_sec_gattc_demo.c @@ -365,7 +365,7 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par break; case ESP_GAP_BLE_PASSKEY_NOTIF_EVT: ///the app will receive this evt when the IO has Output capability and the peer device IO has Input capability. ///show the passkey number to the user to input it in the peer deivce. - ESP_LOGI(GATTC_TAG, "The passkey Notify number:%d", param->ble_security.key_notif.passkey); + ESP_LOGI(GATTC_TAG, "The passkey Notify number:%06d", param->ble_security.key_notif.passkey); break; case ESP_GAP_BLE_KEY_EVT: //shows the ble key info share with peer device to the user. diff --git a/examples/bluetooth/gatt_security_server/main/example_ble_sec_gatts_demo.c b/examples/bluetooth/gatt_security_server/main/example_ble_sec_gatts_demo.c index e6b2ddd638..1f99bd82b6 100644 --- a/examples/bluetooth/gatt_security_server/main/example_ble_sec_gatts_demo.c +++ b/examples/bluetooth/gatt_security_server/main/example_ble_sec_gatts_demo.c @@ -306,7 +306,7 @@ static void gap_event_handler(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param break; case ESP_GAP_BLE_PASSKEY_NOTIF_EVT: ///the app will receive this evt when the IO has Output capability and the peer device IO has Input capability. ///show the passkey number to the user to input it in the peer deivce. - ESP_LOGI(GATTS_TABLE_TAG, "The passkey Notify number:%d", param->ble_security.key_notif.passkey); + ESP_LOGI(GATTS_TABLE_TAG, "The passkey Notify number:%06d", param->ble_security.key_notif.passkey); break; case ESP_GAP_BLE_KEY_EVT: //shows the ble key info share with peer device to the user. @@ -523,6 +523,9 @@ void app_main() uint8_t key_size = 16; //the key size should be 7~16 bytes uint8_t init_key = ESP_BLE_ENC_KEY_MASK | ESP_BLE_ID_KEY_MASK; uint8_t rsp_key = ESP_BLE_ENC_KEY_MASK | ESP_BLE_ID_KEY_MASK; + //set static passkey + uint32_t passkey = 123456; + esp_ble_gap_set_security_param(ESP_BLE_SM_SET_STATIC_PASSKEY, &passkey, sizeof(uint32_t)); esp_ble_gap_set_security_param(ESP_BLE_SM_AUTHEN_REQ_MODE, &auth_req, sizeof(uint8_t)); esp_ble_gap_set_security_param(ESP_BLE_SM_IOCAP_MODE, &iocap, sizeof(uint8_t)); esp_ble_gap_set_security_param(ESP_BLE_SM_MAX_KEY_SIZE, &key_size, sizeof(uint8_t)); From e5f2f1ba78e6f4fcaa8fcc24d95bff63382f24d6 Mon Sep 17 00:00:00 2001 From: zhiweijian Date: Thu, 27 Sep 2018 16:22:31 +0800 Subject: [PATCH 2/3] Component/bt: add only accept sepecified Authentication --- .../api/include/api/esp_gap_ble_api.h | 7 +++- components/bt/bluedroid/bta/dm/bta_dm_act.c | 11 +++-- components/bt/bluedroid/bta/dm/bta_dm_co.c | 38 ++++++++++++++++-- .../bt/bluedroid/bta/include/bta/bta_api.h | 1 + .../bt/bluedroid/bta/include/bta/bta_dm_co.h | 6 +++ components/bt/bluedroid/btc/core/btc_dm.c | 1 + .../btc/profile/std/gap/btc_gap_ble.c | 6 +++ .../common/include/common/bte_appl.h | 1 + components/bt/bluedroid/stack/btm/btm_ble.c | 33 +++++++++++++++ .../bluedroid/stack/include/stack/btm_api.h | 1 + .../stack/include/stack/btm_ble_api.h | 15 +++++++ .../bluedroid/stack/include/stack/smp_api.h | 3 ++ .../bt/bluedroid/stack/smp/include/smp_int.h | 2 + components/bt/bluedroid/stack/smp/smp_act.c | 17 ++++++++ components/bt/bluedroid/stack/smp/smp_api.c | 35 ++++++++++++++++ components/bt/bluedroid/stack/smp/smp_utils.c | 3 +- .../main/example_ble_sec_gattc_demo.c | 40 ++++++++++++++++++- .../main/example_ble_sec_gatts_demo.c | 39 +++++++++++++++++- .../bluetooth/gatt_server/main/gatts_demo.c | 2 +- .../main/gatts_table_creat_demo.c | 2 +- 20 files changed, 250 insertions(+), 13 deletions(-) diff --git a/components/bt/bluedroid/api/include/api/esp_gap_ble_api.h b/components/bt/bluedroid/api/include/api/esp_gap_ble_api.h index 9765c1b2b3..b0247abe2c 100644 --- a/components/bt/bluedroid/api/include/api/esp_gap_ble_api.h +++ b/components/bt/bluedroid/api/include/api/esp_gap_ble_api.h @@ -60,6 +60,9 @@ typedef uint8_t esp_ble_key_type_t; #define ESP_LE_AUTH_REQ_SC_MITM_BOND (ESP_LE_AUTH_REQ_MITM | ESP_LE_AUTH_REQ_SC_ONLY | ESP_LE_AUTH_BOND) /*!< 1101 */ /* relate to BTM_LE_AUTH_REQ_SC_MITM_BOND in stack/btm_api.h */ typedef uint8_t esp_ble_auth_req_t; /*!< combination of the above bit pattern */ +#define ESP_BLE_ONLY_ACCEPT_SPECIFIED_AUTH_DISABLE 0 +#define ESP_BLE_ONLY_ACCEPT_SPECIFIED_AUTH_ENABLE 1 + /* relate to BTM_IO_CAP_xxx in stack/btm_api.h */ #define ESP_IO_CAP_OUT 0 /*!< DisplayOnly */ /* relate to BTM_IO_CAP_OUT in stack/btm_api.h */ #define ESP_IO_CAP_IO 1 /*!< DisplayYesNo */ /* relate to BTM_IO_CAP_IO in stack/btm_api.h */ @@ -266,6 +269,7 @@ typedef enum { ESP_BLE_SM_MAX_KEY_SIZE, ESP_BLE_SM_SET_STATIC_PASSKEY, ESP_BLE_SM_CLEAR_STATIC_PASSKEY, + ESP_BLE_SM_ONLY_ACCEPT_SPECIFIED_SEC_AUTH, ESP_BLE_SM_MAX_PARAM, } esp_ble_sm_param_t; @@ -511,7 +515,8 @@ typedef struct uint8_t fail_reason; /*!< The HCI reason/error code for when success=FALSE */ esp_ble_addr_type_t addr_type; /*!< Peer device address type */ esp_bt_dev_type_t dev_type; /*!< Device type */ -} esp_ble_auth_cmpl_t; /*!< The ble authentication complite cb type */ + esp_ble_auth_req_t auth_mode; /*!< authentication mode */ +} esp_ble_auth_cmpl_t; /*!< The ble authentication complete cb type */ /** * @brief union associated with ble security diff --git a/components/bt/bluedroid/bta/dm/bta_dm_act.c b/components/bt/bluedroid/bta/dm/bta_dm_act.c index 257f12d8f8..74a95c99c8 100644 --- a/components/bt/bluedroid/bta/dm/bta_dm_act.c +++ b/components/bt/bluedroid/bta/dm/bta_dm_act.c @@ -4249,9 +4249,11 @@ static UINT8 bta_dm_ble_smp_cback (tBTM_LE_EVT event, BD_ADDR bda, tBTM_LE_EVT_D memset(&sec_event, 0, sizeof(tBTA_DM_SEC)); switch (event) { - case BTM_LE_IO_REQ_EVT: - // #if (BTM_LOCAL_IO_CAPS != BTM_IO_CAP_NONE) - + case BTM_LE_IO_REQ_EVT: { + // #if (BT_SSP_INCLUDED == TRUE) + UINT8 enable = bta_dm_co_ble_get_accept_auth_enable(); + UINT8 origin_auth = bta_dm_co_ble_get_auth_req(); + BTM_BleSetAcceptAuthMode(enable, origin_auth); bta_dm_co_ble_io_req(bda, &p_data->io_req.io_cap, &p_data->io_req.oob_data, @@ -4266,6 +4268,7 @@ static UINT8 bta_dm_ble_smp_cback (tBTM_LE_EVT event, BD_ADDR bda, tBTM_LE_EVT_D APPL_TRACE_EVENT("io mitm: %d oob_data:%d\n", p_data->io_req.auth_req, p_data->io_req.oob_data); break; + } case BTM_LE_SEC_REQUEST_EVT: bdcpy(sec_event.ble_req.bd_addr, bda); @@ -4341,7 +4344,7 @@ static UINT8 bta_dm_ble_smp_cback (tBTM_LE_EVT event, BD_ADDR bda, tBTM_LE_EVT_D } } - + sec_event.auth_cmpl.auth_mode = p_data->complt.auth_mode; if (bta_dm_cb.p_sec_cback) { //bta_dm_cb.p_sec_cback(BTA_DM_AUTH_CMPL_EVT, &sec_event); bta_dm_cb.p_sec_cback(BTA_DM_BLE_AUTH_CMPL_EVT, &sec_event); diff --git a/components/bt/bluedroid/bta/dm/bta_dm_co.c b/components/bt/bluedroid/bta/dm/bta_dm_co.c index dbfabc3b7a..cb13209508 100644 --- a/components/bt/bluedroid/bta/dm/bta_dm_co.c +++ b/components/bt/bluedroid/bta/dm/bta_dm_co.c @@ -31,6 +31,10 @@ #endif /* #if (defined(BTIF_INCLUDED) && BTIF_INCLUDED == TRUE) */ #if (defined BLE_INCLUDED && BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE) #include "common/bte_appl.h" + +#define BTM_BLE_ONLY_ACCEPT_SPECIFIED_SEC_AUTH_DISABLE 0 +#define BTM_BLE_ONLY_ACCEPT_SPECIFIED_SEC_AUTH_ENABLE 1 + tBTE_APPL_CFG bte_appl_cfg = { #if SMP_INCLUDED == TRUE BTA_LE_AUTH_REQ_SC_MITM_BOND, // Authentication requirements @@ -40,7 +44,8 @@ tBTE_APPL_CFG bte_appl_cfg = { BTM_LOCAL_IO_CAPS_BLE, BTM_BLE_INITIATOR_KEY_SIZE, BTM_BLE_RESPONDER_KEY_SIZE, - BTM_BLE_MAX_KEY_SIZE + BTM_BLE_MAX_KEY_SIZE, + BTM_BLE_ONLY_ACCEPT_SPECIFIED_SEC_AUTH_DISABLE }; #endif @@ -319,7 +324,7 @@ void bta_dm_co_ble_io_req(BD_ADDR bd_addr, tBTA_IO_CAP *p_io_cap, #endif ///SMP_INCLUDED == TRUE } -void bta_dm_co_ble_set_io_cap(UINT8 ble_io_cap) +void bta_dm_co_ble_set_io_cap(UINT8 ble_io_cap) { #if (SMP_INCLUDED == TRUE) if(ble_io_cap < BTM_IO_CAP_MAX ) { @@ -330,7 +335,7 @@ void bta_dm_co_ble_set_io_cap(UINT8 ble_io_cap) #endif ///SMP_INCLUDED == TRUE } -void bta_dm_co_ble_set_auth_req(UINT8 ble_auth_req) +void bta_dm_co_ble_set_auth_req(UINT8 ble_auth_req) { #if (SMP_INCLUDED == TRUE) bte_appl_cfg.ble_auth_req = ble_auth_req; @@ -363,5 +368,32 @@ void bta_dm_co_ble_set_max_key_size(UINT8 ble_key_size) } #endif ///SMP_INCLUDED == TRUE } + +void bta_dm_co_ble_set_accept_auth_enable(UINT8 enable) +{ +#if (SMP_INCLUDED == TRUE) + if (enable) { + enable = BTM_BLE_ONLY_ACCEPT_SPECIFIED_SEC_AUTH_ENABLE; + } + bte_appl_cfg.ble_accept_auth_enable = enable; +#endif ///SMP_INCLUDED == TRUE +} + +UINT8 bta_dm_co_ble_get_accept_auth_enable(void) +{ +#if (SMP_INCLUDED == TRUE) + return bte_appl_cfg.ble_accept_auth_enable; +#endif ///SMP_INCLUDED == TRUE + return 0; +} + +UINT8 bta_dm_co_ble_get_auth_req(void) +{ +#if (SMP_INCLUDED == TRUE) + return bte_appl_cfg.ble_auth_req; +#endif ///SMP_INCLUDED == TRUE + return 0; +} + #endif diff --git a/components/bt/bluedroid/bta/include/bta/bta_api.h b/components/bt/bluedroid/bta/include/bta/bta_api.h index 7151467317..9df81399d9 100644 --- a/components/bt/bluedroid/bta/include/bta/bta_api.h +++ b/components/bt/bluedroid/bta/include/bta/bta_api.h @@ -763,6 +763,7 @@ typedef struct { UINT8 fail_reason; /* The HCI reason/error code for when success=FALSE */ tBLE_ADDR_TYPE addr_type; /* Peer device address type */ tBT_DEVICE_TYPE dev_type; + UINT8 auth_mode; } tBTA_DM_AUTH_CMPL; diff --git a/components/bt/bluedroid/bta/include/bta/bta_dm_co.h b/components/bt/bluedroid/bta/include/bta/bta_dm_co.h index 1f1f648a9f..ebdd055563 100644 --- a/components/bt/bluedroid/bta/include/bta/bta_dm_co.h +++ b/components/bt/bluedroid/bta/include/bta/bta_dm_co.h @@ -190,4 +190,10 @@ extern void bta_dm_co_ble_set_init_key_req(UINT8 init_key); extern void bta_dm_co_ble_set_rsp_key_req(UINT8 rsp_key); extern void bta_dm_co_ble_set_max_key_size(UINT8 ble_key_size); + +extern void bta_dm_co_ble_set_accept_auth_enable(UINT8 enable); + +extern UINT8 bta_dm_co_ble_get_accept_auth_enable(void); + +extern UINT8 bta_dm_co_ble_get_auth_req(void); #endif diff --git a/components/bt/bluedroid/btc/core/btc_dm.c b/components/bt/bluedroid/btc/core/btc_dm.c index 4578b76c6d..db7e2140a0 100644 --- a/components/bt/bluedroid/btc/core/btc_dm.c +++ b/components/bt/bluedroid/btc/core/btc_dm.c @@ -584,6 +584,7 @@ void btc_dm_sec_cb_handler(btc_msg_t *msg) param.ble_security.auth_cmpl.key_present = p_data->auth_cmpl.key_present; memcpy(param.ble_security.auth_cmpl.bd_addr, p_data->auth_cmpl.bd_addr, sizeof(BD_ADDR)); memcpy(param.ble_security.auth_cmpl.key, p_data->auth_cmpl.key, sizeof(LINK_KEY)); + param.ble_security.auth_cmpl.auth_mode = p_data->auth_cmpl.auth_mode; btc_dm_ble_auth_cmpl_evt(&p_data->auth_cmpl); break; } diff --git a/components/bt/bluedroid/btc/profile/std/gap/btc_gap_ble.c b/components/bt/bluedroid/btc/profile/std/gap/btc_gap_ble.c index 33e1ea6701..86cc125ae8 100644 --- a/components/bt/bluedroid/btc/profile/std/gap/btc_gap_ble.c +++ b/components/bt/bluedroid/btc/profile/std/gap/btc_gap_ble.c @@ -1129,6 +1129,12 @@ void btc_gap_ble_call_handler(btc_msg_t *msg) BTA_DmBleSetStaticPasskey(false, 0); break; } + case ESP_BLE_SM_ONLY_ACCEPT_SPECIFIED_SEC_AUTH: { + uint8_t enable = 0; + STREAM_TO_UINT8(enable, value); + bta_dm_co_ble_set_accept_auth_enable(enable); + break; + } default: break; } diff --git a/components/bt/bluedroid/common/include/common/bte_appl.h b/components/bt/bluedroid/common/include/common/bte_appl.h index 4850250b8a..11538c939f 100644 --- a/components/bt/bluedroid/common/include/common/bte_appl.h +++ b/components/bt/bluedroid/common/include/common/bte_appl.h @@ -31,6 +31,7 @@ typedef struct { UINT8 ble_init_key; UINT8 ble_resp_key; UINT8 ble_max_key_size; + UINT8 ble_accept_auth_enable; #endif } tBTE_APPL_CFG; diff --git a/components/bt/bluedroid/stack/btm/btm_ble.c b/components/bt/bluedroid/stack/btm/btm_ble.c index 3470fbf17f..4d5a214b40 100644 --- a/components/bt/bluedroid/stack/btm/btm_ble.c +++ b/components/bt/bluedroid/stack/btm/btm_ble.c @@ -423,12 +423,45 @@ void BTM_BlePasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey) #endif } +/******************************************************************************* +** +** Function BTM_BleSetStaticPasskey +** +** Description This function is called to set static passkey +** +** +** Parameters: add - set static passkey when add is TRUE +** clear static passkey when add is FALSE +** passkey - static passkey +** +** +*******************************************************************************/ void BTM_BleSetStaticPasskey(BOOLEAN add, UINT32 passkey) { #if SMP_INCLUDED == TRUE SMP_SetStaticPasskey(add, passkey); #endif } + +/******************************************************************************* +** +** Function BTM_BleSetAcceptAuthMode +** +** Description This function is called to set only accept specified Authentication +** +** +** Parameters: enable - Whether to enable this function +** +** auth_mode - Authentication mode +** +** +*******************************************************************************/ +void BTM_BleSetAcceptAuthMode(UINT8 enable, UINT8 auth_mode) +{ +#if SMP_INCLUDED == TRUE + SMP_SetAcceptAuthMode(enable, auth_mode); +#endif +} /******************************************************************************* ** ** Function BTM_BleConfirmReply diff --git a/components/bt/bluedroid/stack/include/stack/btm_api.h b/components/bt/bluedroid/stack/include/stack/btm_api.h index c483268aec..f686a12175 100644 --- a/components/bt/bluedroid/stack/include/stack/btm_api.h +++ b/components/bt/bluedroid/stack/include/stack/btm_api.h @@ -1642,6 +1642,7 @@ typedef struct { UINT8 sec_level; BOOLEAN is_pair_cancel; BOOLEAN smp_over_br; + tSMP_AUTH_REQ auth_mode; } tBTM_LE_COMPLT; #endif diff --git a/components/bt/bluedroid/stack/include/stack/btm_ble_api.h b/components/bt/bluedroid/stack/include/stack/btm_ble_api.h index 0a07c643b4..62ff55f847 100644 --- a/components/bt/bluedroid/stack/include/stack/btm_ble_api.h +++ b/components/bt/bluedroid/stack/include/stack/btm_ble_api.h @@ -1330,6 +1330,21 @@ void BTM_BlePasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey); *******************************************************************************/ void BTM_BleSetStaticPasskey(BOOLEAN add, UINT32 passkey); +/******************************************************************************* +** +** Function BTM_BleSetAcceptAuthMode +** +** Description This function is called to set only accept specified Authentication +** +** +** Parameters: enable - Whether to enable this function +** +** auth_mode - Authentication mode +** +** +*******************************************************************************/ +void BTM_BleSetAcceptAuthMode(UINT8 enable, UINT8 auth_mode); + /******************************************************************************* ** ** Function BTM_BleConfirmReply diff --git a/components/bt/bluedroid/stack/include/stack/smp_api.h b/components/bt/bluedroid/stack/include/stack/smp_api.h index 6a3ca5afa8..b4b6af14b3 100644 --- a/components/bt/bluedroid/stack/include/stack/smp_api.h +++ b/components/bt/bluedroid/stack/include/stack/smp_api.h @@ -224,6 +224,7 @@ typedef struct { tSMP_SEC_LEVEL sec_level; BOOLEAN is_pair_cancel; BOOLEAN smp_over_br; + tSMP_AUTH_REQ auth_mode; } tSMP_CMPL; typedef struct { @@ -416,6 +417,8 @@ extern void SMP_PasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey); *******************************************************************************/ extern void SMP_SetStaticPasskey (BOOLEAN add, UINT32 passkey); +extern void SMP_SetAcceptAuthMode (UINT8 enable, UINT8 auth_mode); + /******************************************************************************* ** ** Function SMP_ConfirmReply diff --git a/components/bt/bluedroid/stack/smp/include/smp_int.h b/components/bt/bluedroid/stack/smp/include/smp_int.h index 029869efcc..55bf3e279b 100644 --- a/components/bt/bluedroid/stack/smp/include/smp_int.h +++ b/components/bt/bluedroid/stack/smp/include/smp_int.h @@ -335,6 +335,8 @@ typedef struct { BOOLEAN wait_for_authorization_complete; BOOLEAN use_static_passkey; UINT32 static_passkey; + BOOLEAN accept_specified_sec_auth; + tSMP_AUTH_REQ origin_loc_auth_req; } tSMP_CB; /* Server Action functions are of this type */ diff --git a/components/bt/bluedroid/stack/smp/smp_act.c b/components/bt/bluedroid/stack/smp/smp_act.c index bf3fe7def6..2534a587ef 100644 --- a/components/bt/bluedroid/stack/smp/smp_act.c +++ b/components/bt/bluedroid/stack/smp/smp_act.c @@ -551,6 +551,14 @@ void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); return; } + if(p_cb->accept_specified_sec_auth) { + if((p_cb->origin_loc_auth_req & p_cb->peer_auth_req & p_cb->loc_auth_req) != p_cb->origin_loc_auth_req ) { + SMP_TRACE_ERROR("%s pairing failed - slave requires 0x%x auth but peer auth req 0x%x local auth req 0x%x", + __func__, p_cb->origin_loc_auth_req, p_cb->peer_auth_req, p_cb->loc_auth_req); + reason = SMP_PAIR_AUTH_FAIL; + smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); + } + } if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) { if (smp_request_oob_data(p_cb)) { @@ -573,6 +581,15 @@ void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) return; } + if (p_cb->accept_specified_sec_auth) { + if ((p_cb->origin_loc_auth_req & p_cb->peer_auth_req & p_cb->loc_auth_req) != p_cb->origin_loc_auth_req ) { + SMP_TRACE_ERROR("%s pairing failed - master requires 0x%x auth but peer auth req 0x%x local auth req 0x%x", + __func__, p_cb->origin_loc_auth_req, p_cb->peer_auth_req, p_cb->loc_auth_req); + reason = SMP_PAIR_AUTH_FAIL; + smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); + } + } + if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) { if (smp_request_oob_data(p_cb)) { return; diff --git a/components/bt/bluedroid/stack/smp/smp_api.c b/components/bt/bluedroid/stack/smp/smp_api.c index ecd222c22a..8ec1394dd8 100644 --- a/components/bt/bluedroid/stack/smp/smp_api.c +++ b/components/bt/bluedroid/stack/smp/smp_api.c @@ -328,6 +328,19 @@ void SMP_PasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey) return; } +/******************************************************************************* +** +** Function SMP_SetStaticPasskey +** +** Description This function is called to set static passkey +** +** +** Parameters: add - set static passkey when add is TRUE +** clear static passkey when add is FALSE +** passkey - static passkey +** +** +*******************************************************************************/ void SMP_SetStaticPasskey (BOOLEAN add, UINT32 passkey) { SMP_TRACE_DEBUG("static passkey %6d", passkey); @@ -340,6 +353,28 @@ void SMP_SetStaticPasskey (BOOLEAN add, UINT32 passkey) p_cb->use_static_passkey = false; } } + +/******************************************************************************* +** +** Function SMP_SetAcceptAuthMode +** +** Description This function is called to set only accept specified Authentication +** +** +** Parameters: enable - Whether to enable this function +** +** auth_mode - Authentication mode +** +** +*******************************************************************************/ +void SMP_SetAcceptAuthMode (UINT8 enable, UINT8 auth_mode) +{ + tSMP_CB *p_cb = & smp_cb; + + p_cb->accept_specified_sec_auth = enable; + p_cb->origin_loc_auth_req = auth_mode; + +} /******************************************************************************* ** ** Function SMP_ConfirmReply diff --git a/components/bt/bluedroid/stack/smp/smp_utils.c b/components/bt/bluedroid/stack/smp/smp_utils.c index 31497591f0..4af028248b 100644 --- a/components/bt/bluedroid/stack/smp/smp_utils.c +++ b/components/bt/bluedroid/stack/smp/smp_utils.c @@ -962,9 +962,10 @@ void smp_proc_pairing_cmpl(tSMP_CB *p_cb) evt_data.cmplt.reason = p_cb->status; evt_data.cmplt.smp_over_br = p_cb->smp_over_br; - + evt_data.cmplt.auth_mode = 0; if (p_cb->status == SMP_SUCCESS) { evt_data.cmplt.sec_level = p_cb->sec_level; + evt_data.cmplt.auth_mode = (p_cb->peer_auth_req & p_cb->loc_auth_req); } evt_data.cmplt.is_pair_cancel = FALSE; diff --git a/examples/bluetooth/gatt_security_client/main/example_ble_sec_gattc_demo.c b/examples/bluetooth/gatt_security_client/main/example_ble_sec_gattc_demo.c index a4408cccb6..d2de988cb6 100644 --- a/examples/bluetooth/gatt_security_client/main/example_ble_sec_gattc_demo.c +++ b/examples/bluetooth/gatt_security_client/main/example_ble_sec_gattc_demo.c @@ -126,6 +126,39 @@ static const char *esp_key_type_to_str(esp_ble_key_type_t key_type) return key_str; } +static char *esp_auth_req_to_str(esp_ble_auth_req_t auth_req) +{ + char *auth_str = NULL; + switch(auth_req) { + case ESP_LE_AUTH_NO_BOND: + auth_str = "ESP_LE_AUTH_NO_BOND"; + break; + case ESP_LE_AUTH_BOND: + auth_str = "ESP_LE_AUTH_BOND"; + break; + case ESP_LE_AUTH_REQ_MITM: + auth_str = "ESP_LE_AUTH_REQ_MITM"; + break; + case ESP_LE_AUTH_REQ_SC_ONLY: + auth_str = "ESP_LE_AUTH_REQ_SC_ONLY"; + break; + case ESP_LE_AUTH_REQ_SC_BOND: + auth_str = "ESP_LE_AUTH_REQ_SC_BOND"; + break; + case ESP_LE_AUTH_REQ_SC_MITM: + auth_str = "ESP_LE_AUTH_REQ_SC_MITM"; + break; + case ESP_LE_AUTH_REQ_SC_MITM_BOND: + auth_str = "ESP_LE_AUTH_REQ_SC_MITM_BOND"; + break; + default: + auth_str = "INVALID BLE AUTH REQ"; + break; + } + + return auth_str; +} + static void gattc_profile_event_handler(esp_gattc_cb_event_t event, esp_gatt_if_t gattc_if, esp_ble_gattc_cb_param_t *param) { esp_ble_gattc_cb_param_t *p_data = (esp_ble_gattc_cb_param_t *)param; @@ -302,7 +335,7 @@ static void gattc_profile_event_handler(esp_gattc_cb_event_t event, esp_gatt_if_ ESP_LOGI(GATTC_TAG, "Write char success "); break; case ESP_GATTC_DISCONNECT_EVT: - ESP_LOGI(GATTC_TAG, "ESP_GATTC_DISCONNECT_EVT, reason = %d", p_data->disconnect.reason); + ESP_LOGI(GATTC_TAG, "ESP_GATTC_DISCONNECT_EVT, reason = 0x%x", p_data->disconnect.reason); connect = false; get_service = false; break; @@ -379,6 +412,11 @@ static void esp_gap_cb(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param_t *par (bd_addr[4] << 8) + bd_addr[5]); ESP_LOGI(GATTC_TAG, "address type = %d", param->ble_security.auth_cmpl.addr_type); ESP_LOGI(GATTC_TAG, "pair status = %s",param->ble_security.auth_cmpl.success ? "success" : "fail"); + if (!param->ble_security.auth_cmpl.success) { + ESP_LOGI(GATTC_TAG, "fail reason = 0x%x",param->ble_security.auth_cmpl.fail_reason); + } else { + ESP_LOGI(GATTC_TAG, "auth mode = %s",esp_auth_req_to_str(param->ble_security.auth_cmpl.auth_mode)); + } break; } case ESP_GAP_BLE_SCAN_RESULT_EVT: { diff --git a/examples/bluetooth/gatt_security_server/main/example_ble_sec_gatts_demo.c b/examples/bluetooth/gatt_security_server/main/example_ble_sec_gatts_demo.c index 1f99bd82b6..8f3f11a6b9 100644 --- a/examples/bluetooth/gatt_security_server/main/example_ble_sec_gatts_demo.c +++ b/examples/bluetooth/gatt_security_server/main/example_ble_sec_gatts_demo.c @@ -227,6 +227,39 @@ static char *esp_key_type_to_str(esp_ble_key_type_t key_type) return key_str; } +static char *esp_auth_req_to_str(esp_ble_auth_req_t auth_req) +{ + char *auth_str = NULL; + switch(auth_req) { + case ESP_LE_AUTH_NO_BOND: + auth_str = "ESP_LE_AUTH_NO_BOND"; + break; + case ESP_LE_AUTH_BOND: + auth_str = "ESP_LE_AUTH_BOND"; + break; + case ESP_LE_AUTH_REQ_MITM: + auth_str = "ESP_LE_AUTH_REQ_MITM"; + break; + case ESP_LE_AUTH_REQ_SC_ONLY: + auth_str = "ESP_LE_AUTH_REQ_SC_ONLY"; + break; + case ESP_LE_AUTH_REQ_SC_BOND: + auth_str = "ESP_LE_AUTH_REQ_SC_BOND"; + break; + case ESP_LE_AUTH_REQ_SC_MITM: + auth_str = "ESP_LE_AUTH_REQ_SC_MITM"; + break; + case ESP_LE_AUTH_REQ_SC_MITM_BOND: + auth_str = "ESP_LE_AUTH_REQ_SC_MITM_BOND"; + break; + default: + auth_str = "INVALID BLE AUTH REQ"; + break; + } + + return auth_str; +} + static void show_bonded_devices(void) { int dev_num = esp_ble_get_bond_device_num(); @@ -322,6 +355,8 @@ static void gap_event_handler(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param ESP_LOGI(GATTS_TABLE_TAG, "pair status = %s",param->ble_security.auth_cmpl.success ? "success" : "fail"); if(!param->ble_security.auth_cmpl.success) { ESP_LOGI(GATTS_TABLE_TAG, "fail reason = 0x%x",param->ble_security.auth_cmpl.fail_reason); + } else { + ESP_LOGI(GATTS_TABLE_TAG, "auth mode = %s",esp_auth_req_to_str(param->ble_security.auth_cmpl.auth_mode)); } show_bonded_devices(); break; @@ -398,7 +433,7 @@ static void gatts_profile_event_handler(esp_gatts_cb_event_t event, esp_ble_set_encryption(param->connect.remote_bda, ESP_BLE_SEC_ENCRYPT_MITM); break; case ESP_GATTS_DISCONNECT_EVT: - ESP_LOGI(GATTS_TABLE_TAG, "ESP_GATTS_DISCONNECT_EVT"); + ESP_LOGI(GATTS_TABLE_TAG, "ESP_GATTS_DISCONNECT_EVT, disconnect reason 0x%x", param->disconnect.reason); /* start advertising again when missing the connect */ esp_ble_gap_start_advertising(&heart_rate_adv_params); break; @@ -525,10 +560,12 @@ void app_main() uint8_t rsp_key = ESP_BLE_ENC_KEY_MASK | ESP_BLE_ID_KEY_MASK; //set static passkey uint32_t passkey = 123456; + uint8_t auth_option = ESP_BLE_ONLY_ACCEPT_SPECIFIED_AUTH_DISABLE; esp_ble_gap_set_security_param(ESP_BLE_SM_SET_STATIC_PASSKEY, &passkey, sizeof(uint32_t)); esp_ble_gap_set_security_param(ESP_BLE_SM_AUTHEN_REQ_MODE, &auth_req, sizeof(uint8_t)); esp_ble_gap_set_security_param(ESP_BLE_SM_IOCAP_MODE, &iocap, sizeof(uint8_t)); esp_ble_gap_set_security_param(ESP_BLE_SM_MAX_KEY_SIZE, &key_size, sizeof(uint8_t)); + esp_ble_gap_set_security_param(ESP_BLE_SM_ONLY_ACCEPT_SPECIFIED_SEC_AUTH, &auth_option, sizeof(uint8_t)); /* If your BLE device act as a Slave, the init_key means you hope which types of key of the master should distribut to you, and the response key means which key you can distribut to the Master; If your BLE device act as a master, the response key means you hope which types of key of the slave should distribut to you, diff --git a/examples/bluetooth/gatt_server/main/gatts_demo.c b/examples/bluetooth/gatt_server/main/gatts_demo.c index 57f17b1dd2..1cb7afb9e9 100644 --- a/examples/bluetooth/gatt_server/main/gatts_demo.c +++ b/examples/bluetooth/gatt_server/main/gatts_demo.c @@ -481,7 +481,7 @@ static void gatts_profile_a_event_handler(esp_gatts_cb_event_t event, esp_gatt_i break; } case ESP_GATTS_DISCONNECT_EVT: - ESP_LOGI(GATTS_TAG, "ESP_GATTS_DISCONNECT_EVT"); + ESP_LOGI(GATTS_TAG, "ESP_GATTS_DISCONNECT_EVT, disconnect reason 0x%x", param->disconnect.reason); esp_ble_gap_start_advertising(&adv_params); break; case ESP_GATTS_CONF_EVT: diff --git a/examples/bluetooth/gatt_server_service_table/main/gatts_table_creat_demo.c b/examples/bluetooth/gatt_server_service_table/main/gatts_table_creat_demo.c index 704e735b90..92b1c06301 100644 --- a/examples/bluetooth/gatt_server_service_table/main/gatts_table_creat_demo.c +++ b/examples/bluetooth/gatt_server_service_table/main/gatts_table_creat_demo.c @@ -452,7 +452,7 @@ static void gatts_profile_event_handler(esp_gatts_cb_event_t event, esp_gatt_if_ esp_ble_gap_update_conn_params(&conn_params); break; case ESP_GATTS_DISCONNECT_EVT: - ESP_LOGI(GATTS_TABLE_TAG, "ESP_GATTS_DISCONNECT_EVT, reason = %d", param->disconnect.reason); + ESP_LOGI(GATTS_TABLE_TAG, "ESP_GATTS_DISCONNECT_EVT, reason = 0x%x", param->disconnect.reason); esp_ble_gap_start_advertising(&adv_params); break; case ESP_GATTS_CREAT_ATTR_TAB_EVT:{ From 143c0bdaf98243ef05ffa6d7d903430d4be3aac6 Mon Sep 17 00:00:00 2001 From: zhiweijian Date: Thu, 11 Oct 2018 11:25:45 +0800 Subject: [PATCH 3/3] Component/bt: add ble disconnect when ACCEPT_SPECIFIED_SEC_AUTH failed --- .../api/include/api/esp_gap_ble_api.h | 1 + components/bt/bluedroid/bta/dm/bta_dm_act.c | 3 - components/bt/bluedroid/stack/btm/btm_ble.c | 19 ----- .../stack/include/stack/btm_ble_api.h | 15 ---- .../bluedroid/stack/include/stack/smp_api.h | 2 - .../bt/bluedroid/stack/smp/include/smp_int.h | 1 + components/bt/bluedroid/stack/smp/smp_act.c | 75 +++++++++++++++++-- components/bt/bluedroid/stack/smp/smp_api.c | 21 ------ components/bt/bluedroid/stack/smp/smp_utils.c | 2 +- .../main/example_ble_sec_gattc_demo.c | 3 + .../main/example_ble_sec_gatts_demo.c | 9 ++- 11 files changed, 81 insertions(+), 70 deletions(-) diff --git a/components/bt/bluedroid/api/include/api/esp_gap_ble_api.h b/components/bt/bluedroid/api/include/api/esp_gap_ble_api.h index b0247abe2c..54250ce63c 100644 --- a/components/bt/bluedroid/api/include/api/esp_gap_ble_api.h +++ b/components/bt/bluedroid/api/include/api/esp_gap_ble_api.h @@ -54,6 +54,7 @@ typedef uint8_t esp_ble_key_type_t; #define ESP_LE_AUTH_NO_BOND 0x00 /*!< 0*/ /* relate to BTM_LE_AUTH_NO_BOND in stack/btm_api.h */ #define ESP_LE_AUTH_BOND 0x01 /*!< 1 << 0 */ /* relate to BTM_LE_AUTH_BOND in stack/btm_api.h */ #define ESP_LE_AUTH_REQ_MITM (1 << 2) /*!< 1 << 2 */ /* relate to BTM_LE_AUTH_REQ_MITM in stack/btm_api.h */ +#define ESP_LE_AUTH_REQ_BOND_MITM (ESP_LE_AUTH_BOND | ESP_LE_AUTH_REQ_MITM)/*!< 0101*/ #define ESP_LE_AUTH_REQ_SC_ONLY (1 << 3) /*!< 1 << 3 */ /* relate to BTM_LE_AUTH_REQ_SC_ONLY in stack/btm_api.h */ #define ESP_LE_AUTH_REQ_SC_BOND (ESP_LE_AUTH_BOND | ESP_LE_AUTH_REQ_SC_ONLY) /*!< 1001 */ /* relate to BTM_LE_AUTH_REQ_SC_BOND in stack/btm_api.h */ #define ESP_LE_AUTH_REQ_SC_MITM (ESP_LE_AUTH_REQ_MITM | ESP_LE_AUTH_REQ_SC_ONLY) /*!< 1100 */ /* relate to BTM_LE_AUTH_REQ_SC_MITM in stack/btm_api.h */ diff --git a/components/bt/bluedroid/bta/dm/bta_dm_act.c b/components/bt/bluedroid/bta/dm/bta_dm_act.c index 74a95c99c8..7ee978b97b 100644 --- a/components/bt/bluedroid/bta/dm/bta_dm_act.c +++ b/components/bt/bluedroid/bta/dm/bta_dm_act.c @@ -4251,9 +4251,6 @@ static UINT8 bta_dm_ble_smp_cback (tBTM_LE_EVT event, BD_ADDR bda, tBTM_LE_EVT_D switch (event) { case BTM_LE_IO_REQ_EVT: { // #if (BT_SSP_INCLUDED == TRUE) - UINT8 enable = bta_dm_co_ble_get_accept_auth_enable(); - UINT8 origin_auth = bta_dm_co_ble_get_auth_req(); - BTM_BleSetAcceptAuthMode(enable, origin_auth); bta_dm_co_ble_io_req(bda, &p_data->io_req.io_cap, &p_data->io_req.oob_data, diff --git a/components/bt/bluedroid/stack/btm/btm_ble.c b/components/bt/bluedroid/stack/btm/btm_ble.c index 4d5a214b40..059a22ee12 100644 --- a/components/bt/bluedroid/stack/btm/btm_ble.c +++ b/components/bt/bluedroid/stack/btm/btm_ble.c @@ -443,25 +443,6 @@ void BTM_BleSetStaticPasskey(BOOLEAN add, UINT32 passkey) #endif } -/******************************************************************************* -** -** Function BTM_BleSetAcceptAuthMode -** -** Description This function is called to set only accept specified Authentication -** -** -** Parameters: enable - Whether to enable this function -** -** auth_mode - Authentication mode -** -** -*******************************************************************************/ -void BTM_BleSetAcceptAuthMode(UINT8 enable, UINT8 auth_mode) -{ -#if SMP_INCLUDED == TRUE - SMP_SetAcceptAuthMode(enable, auth_mode); -#endif -} /******************************************************************************* ** ** Function BTM_BleConfirmReply diff --git a/components/bt/bluedroid/stack/include/stack/btm_ble_api.h b/components/bt/bluedroid/stack/include/stack/btm_ble_api.h index 62ff55f847..0a07c643b4 100644 --- a/components/bt/bluedroid/stack/include/stack/btm_ble_api.h +++ b/components/bt/bluedroid/stack/include/stack/btm_ble_api.h @@ -1330,21 +1330,6 @@ void BTM_BlePasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey); *******************************************************************************/ void BTM_BleSetStaticPasskey(BOOLEAN add, UINT32 passkey); -/******************************************************************************* -** -** Function BTM_BleSetAcceptAuthMode -** -** Description This function is called to set only accept specified Authentication -** -** -** Parameters: enable - Whether to enable this function -** -** auth_mode - Authentication mode -** -** -*******************************************************************************/ -void BTM_BleSetAcceptAuthMode(UINT8 enable, UINT8 auth_mode); - /******************************************************************************* ** ** Function BTM_BleConfirmReply diff --git a/components/bt/bluedroid/stack/include/stack/smp_api.h b/components/bt/bluedroid/stack/include/stack/smp_api.h index b4b6af14b3..390f6209e6 100644 --- a/components/bt/bluedroid/stack/include/stack/smp_api.h +++ b/components/bt/bluedroid/stack/include/stack/smp_api.h @@ -417,8 +417,6 @@ extern void SMP_PasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey); *******************************************************************************/ extern void SMP_SetStaticPasskey (BOOLEAN add, UINT32 passkey); -extern void SMP_SetAcceptAuthMode (UINT8 enable, UINT8 auth_mode); - /******************************************************************************* ** ** Function SMP_ConfirmReply diff --git a/components/bt/bluedroid/stack/smp/include/smp_int.h b/components/bt/bluedroid/stack/smp/include/smp_int.h index 55bf3e279b..a261e14cba 100644 --- a/components/bt/bluedroid/stack/smp/include/smp_int.h +++ b/components/bt/bluedroid/stack/smp/include/smp_int.h @@ -301,6 +301,7 @@ typedef struct { tSMP_OOB_FLAG loc_oob_flag; tSMP_AUTH_REQ peer_auth_req; tSMP_AUTH_REQ loc_auth_req; + tSMP_AUTH_REQ auth_mode; BOOLEAN secure_connections_only_mode_required;/* TRUE if locally SM is required to operate */ /* either in Secure Connections mode or not at all */ tSMP_ASSO_MODEL selected_association_model; diff --git a/components/bt/bluedroid/stack/smp/smp_act.c b/components/bt/bluedroid/stack/smp/smp_act.c index 2534a587ef..87d7b978dd 100644 --- a/components/bt/bluedroid/stack/smp/smp_act.c +++ b/components/bt/bluedroid/stack/smp/smp_act.c @@ -52,6 +52,9 @@ const tSMP_ACT smp_distribute_act [] = { smp_set_derive_link_key }; +extern UINT8 bta_dm_co_ble_get_accept_auth_enable(void); +extern UINT8 bta_dm_co_ble_get_auth_req(void); + static bool lmp_version_below(BD_ADDR bda, uint8_t version) { tACL_CONN *acl = btm_bda_to_acl(bda, BT_TRANSPORT_LE); @@ -498,6 +501,33 @@ void smp_proc_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) p_cb->status = *(UINT8 *)p_data; } +/******************************************************************************* +** Function smp_get_auth_mode +** Description Get the SMP pairing auth mode +*******************************************************************************/ +uint16_t smp_get_auth_mode (tSMP_ASSO_MODEL model) +{ + SMP_TRACE_DEBUG("%s model %d", __func__, model); + uint16_t auth = 0; + if (model == SMP_MODEL_ENCRYPTION_ONLY || model == SMP_MODEL_SEC_CONN_JUSTWORKS) { + //No MITM + if(model == SMP_MODEL_SEC_CONN_JUSTWORKS) { + //SC SMP_SC_SUPPORT_BIT + auth |= SMP_SC_SUPPORT_BIT; + } + } else if (model <= SMP_MODEL_KEY_NOTIF) { + //NO SC, MITM + auth |= SMP_AUTH_YN_BIT; + } else if (model <= SMP_MODEL_SEC_CONN_OOB) { + //SC, MITM + auth |= SMP_SC_SUPPORT_BIT; + auth |= SMP_AUTH_YN_BIT; + } else { + auth = 0; + } + return auth; +} + /******************************************************************************* ** Function smp_proc_pair_cmd ** Description Process the SMP pairing request/response from peer device @@ -528,7 +558,8 @@ void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); return; } - + p_cb->accept_specified_sec_auth = bta_dm_co_ble_get_accept_auth_enable(); + p_cb->origin_loc_auth_req = bta_dm_co_ble_get_auth_req(); if (p_cb->role == HCI_ROLE_SLAVE) { if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)) { /* peer (master) started pairing sending Pairing Request */ @@ -551,10 +582,18 @@ void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); return; } - if(p_cb->accept_specified_sec_auth) { - if((p_cb->origin_loc_auth_req & p_cb->peer_auth_req & p_cb->loc_auth_req) != p_cb->origin_loc_auth_req ) { - SMP_TRACE_ERROR("%s pairing failed - slave requires 0x%x auth but peer auth req 0x%x local auth req 0x%x", + uint16_t auth = smp_get_auth_mode(p_cb->selected_association_model); + if(p_cb->peer_auth_req & p_cb->loc_auth_req & SMP_AUTH_GEN_BOND) { + auth |= SMP_AUTH_GEN_BOND; + } + p_cb->auth_mode = auth; + if (p_cb->accept_specified_sec_auth) { + if ((auth & p_cb->origin_loc_auth_req) != p_cb->origin_loc_auth_req ) { + SMP_TRACE_ERROR("%s pairing failed - slave requires auth is 0x%x but peer auth is 0x%x local auth is 0x%x", __func__, p_cb->origin_loc_auth_req, p_cb->peer_auth_req, p_cb->loc_auth_req); + if (BTM_IsAclConnectionUp(p_cb->pairing_bda, BT_TRANSPORT_LE)) { + btm_remove_acl (p_cb->pairing_bda, BT_TRANSPORT_LE); + } reason = SMP_PAIR_AUTH_FAIL; smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); } @@ -581,10 +620,18 @@ void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) return; } + uint16_t auth = smp_get_auth_mode(p_cb->selected_association_model); + if(p_cb->peer_auth_req & p_cb->loc_auth_req & SMP_AUTH_GEN_BOND) { + auth |= SMP_AUTH_GEN_BOND; + } + p_cb->auth_mode = auth; if (p_cb->accept_specified_sec_auth) { - if ((p_cb->origin_loc_auth_req & p_cb->peer_auth_req & p_cb->loc_auth_req) != p_cb->origin_loc_auth_req ) { - SMP_TRACE_ERROR("%s pairing failed - master requires 0x%x auth but peer auth req 0x%x local auth req 0x%x", + if ((auth & p_cb->origin_loc_auth_req) != p_cb->origin_loc_auth_req ) { + SMP_TRACE_ERROR("%s pairing failed - master requires auth is 0x%x but peer auth is 0x%x local auth is 0x%x", __func__, p_cb->origin_loc_auth_req, p_cb->peer_auth_req, p_cb->loc_auth_req); + if (BTM_IsAclConnectionUp(p_cb->pairing_bda, BT_TRANSPORT_LE)) { + btm_remove_acl (p_cb->pairing_bda, BT_TRANSPORT_LE); + } reason = SMP_PAIR_AUTH_FAIL; smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); } @@ -1334,6 +1381,22 @@ void smp_process_io_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); return; } + uint16_t auth = smp_get_auth_mode(p_cb->selected_association_model); + if(p_cb->peer_auth_req & p_cb->loc_auth_req & SMP_AUTH_GEN_BOND) { + auth |= SMP_AUTH_GEN_BOND; + } + p_cb->auth_mode = auth; + if (p_cb->accept_specified_sec_auth) { + if ((auth & p_cb->origin_loc_auth_req) != p_cb->origin_loc_auth_req ) { + SMP_TRACE_ERROR("pairing failed - slave requires auth is 0x%x but peer auth is 0x%x local auth is 0x%x", + p_cb->origin_loc_auth_req, p_cb->peer_auth_req, p_cb->loc_auth_req); + if (BTM_IsAclConnectionUp(p_cb->pairing_bda, BT_TRANSPORT_LE)) { + btm_remove_acl (p_cb->pairing_bda, BT_TRANSPORT_LE); + } + reason = SMP_PAIR_AUTH_FAIL; + smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason); + } + } if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) { if (smp_request_oob_data(p_cb)) { diff --git a/components/bt/bluedroid/stack/smp/smp_api.c b/components/bt/bluedroid/stack/smp/smp_api.c index 8ec1394dd8..36811cd245 100644 --- a/components/bt/bluedroid/stack/smp/smp_api.c +++ b/components/bt/bluedroid/stack/smp/smp_api.c @@ -354,27 +354,6 @@ void SMP_SetStaticPasskey (BOOLEAN add, UINT32 passkey) } } -/******************************************************************************* -** -** Function SMP_SetAcceptAuthMode -** -** Description This function is called to set only accept specified Authentication -** -** -** Parameters: enable - Whether to enable this function -** -** auth_mode - Authentication mode -** -** -*******************************************************************************/ -void SMP_SetAcceptAuthMode (UINT8 enable, UINT8 auth_mode) -{ - tSMP_CB *p_cb = & smp_cb; - - p_cb->accept_specified_sec_auth = enable; - p_cb->origin_loc_auth_req = auth_mode; - -} /******************************************************************************* ** ** Function SMP_ConfirmReply diff --git a/components/bt/bluedroid/stack/smp/smp_utils.c b/components/bt/bluedroid/stack/smp/smp_utils.c index 4af028248b..59bd0f8d67 100644 --- a/components/bt/bluedroid/stack/smp/smp_utils.c +++ b/components/bt/bluedroid/stack/smp/smp_utils.c @@ -965,7 +965,7 @@ void smp_proc_pairing_cmpl(tSMP_CB *p_cb) evt_data.cmplt.auth_mode = 0; if (p_cb->status == SMP_SUCCESS) { evt_data.cmplt.sec_level = p_cb->sec_level; - evt_data.cmplt.auth_mode = (p_cb->peer_auth_req & p_cb->loc_auth_req); + evt_data.cmplt.auth_mode = p_cb->auth_mode; } evt_data.cmplt.is_pair_cancel = FALSE; diff --git a/examples/bluetooth/gatt_security_client/main/example_ble_sec_gattc_demo.c b/examples/bluetooth/gatt_security_client/main/example_ble_sec_gattc_demo.c index d2de988cb6..002696ed64 100644 --- a/examples/bluetooth/gatt_security_client/main/example_ble_sec_gattc_demo.c +++ b/examples/bluetooth/gatt_security_client/main/example_ble_sec_gattc_demo.c @@ -139,6 +139,9 @@ static char *esp_auth_req_to_str(esp_ble_auth_req_t auth_req) case ESP_LE_AUTH_REQ_MITM: auth_str = "ESP_LE_AUTH_REQ_MITM"; break; + case ESP_LE_AUTH_REQ_BOND_MITM: + auth_str = "ESP_LE_AUTH_REQ_BOND_MITM"; + break; case ESP_LE_AUTH_REQ_SC_ONLY: auth_str = "ESP_LE_AUTH_REQ_SC_ONLY"; break; diff --git a/examples/bluetooth/gatt_security_server/main/example_ble_sec_gatts_demo.c b/examples/bluetooth/gatt_security_server/main/example_ble_sec_gatts_demo.c index 8f3f11a6b9..00a40dc0c1 100644 --- a/examples/bluetooth/gatt_security_server/main/example_ble_sec_gatts_demo.c +++ b/examples/bluetooth/gatt_security_server/main/example_ble_sec_gatts_demo.c @@ -240,6 +240,9 @@ static char *esp_auth_req_to_str(esp_ble_auth_req_t auth_req) case ESP_LE_AUTH_REQ_MITM: auth_str = "ESP_LE_AUTH_REQ_MITM"; break; + case ESP_LE_AUTH_REQ_BOND_MITM: + auth_str = "ESP_LE_AUTH_REQ_BOND_MITM"; + break; case ESP_LE_AUTH_REQ_SC_ONLY: auth_str = "ESP_LE_AUTH_REQ_SC_ONLY"; break; @@ -553,14 +556,14 @@ void app_main() } /* set the security iocap & auth_req & key size & init key response key parameters to the stack*/ - esp_ble_auth_req_t auth_req = ESP_LE_AUTH_BOND; //bonding with peer device after authentication - esp_ble_io_cap_t iocap = ESP_IO_CAP_NONE; //set the IO capability to No output No input + esp_ble_auth_req_t auth_req = ESP_LE_AUTH_REQ_SC_MITM_BOND; //bonding with peer device after authentication + esp_ble_io_cap_t iocap = ESP_IO_CAP_OUT; //set the IO capability to No output No input uint8_t key_size = 16; //the key size should be 7~16 bytes uint8_t init_key = ESP_BLE_ENC_KEY_MASK | ESP_BLE_ID_KEY_MASK; uint8_t rsp_key = ESP_BLE_ENC_KEY_MASK | ESP_BLE_ID_KEY_MASK; //set static passkey uint32_t passkey = 123456; - uint8_t auth_option = ESP_BLE_ONLY_ACCEPT_SPECIFIED_AUTH_DISABLE; + uint8_t auth_option = ESP_BLE_ONLY_ACCEPT_SPECIFIED_AUTH_ENABLE; esp_ble_gap_set_security_param(ESP_BLE_SM_SET_STATIC_PASSKEY, &passkey, sizeof(uint32_t)); esp_ble_gap_set_security_param(ESP_BLE_SM_AUTHEN_REQ_MODE, &auth_req, sizeof(uint8_t)); esp_ble_gap_set_security_param(ESP_BLE_SM_IOCAP_MODE, &iocap, sizeof(uint8_t));