diff --git a/components/bt/controller/esp32c3/Kconfig.in b/components/bt/controller/esp32c3/Kconfig.in index cfaa75b60d..76756fdbcb 100644 --- a/components/bt/controller/esp32c3/Kconfig.in +++ b/components/bt/controller/esp32c3/Kconfig.in @@ -550,3 +550,10 @@ config BT_CTRL_BLE_SECURITY_ENABLE depends on BT_CTRL_RUN_IN_FLASH_ONLY && BT_CONTROLLER_ONLY bool "Enable BLE security feature" default y +config BT_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS + bool "Enable enhanced Access Address check in CONNECT_IND" + default n + help + Enabling this option will add stricter verification of the Access Address in the CONNECT_IND PDU. + This improves security by ensuring that only connection requests with valid Access Addresses are accepted. + If disabled, only basic checks are applied, improving compatibility. diff --git a/components/bt/controller/esp32c3/bt.c b/components/bt/controller/esp32c3/bt.c index 2ab73319a3..19eea2ee87 100644 --- a/components/bt/controller/esp32c3/bt.c +++ b/components/bt/controller/esp32c3/bt.c @@ -275,6 +275,7 @@ extern void ets_backup_dma_copy(uint32_t reg, uint32_t mem_addr, uint32_t num, b #endif extern void btdm_cca_feature_enable(void); +extern void btdm_aa_check_enhance_enable(void); extern uint32_t _bt_bss_start; extern uint32_t _bt_bss_end; @@ -964,6 +965,9 @@ static void btdm_funcs_table_ready_wrapper(void) #if BT_BLE_CCA_MODE == 2 btdm_cca_feature_enable(); #endif +#if BLE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS_ENABLED + btdm_aa_check_enhance_enable(); +#endif } bool bt_async_wakeup_request(void) diff --git a/components/bt/controller/lib_esp32c3_family b/components/bt/controller/lib_esp32c3_family index d23ae97bb9..c57c0b11c3 160000 --- a/components/bt/controller/lib_esp32c3_family +++ b/components/bt/controller/lib_esp32c3_family @@ -1 +1 @@ -Subproject commit d23ae97bb91d66e08c58bfaabaeed0a5ba7b7b5d +Subproject commit c57c0b11c3c0065a16b66685715100a189ef9b27 diff --git a/components/bt/include/esp32c3/include/esp_bt.h b/components/bt/include/esp32c3/include/esp_bt.h index b9d1963a1c..d40a654bf3 100644 --- a/components/bt/include/esp32c3/include/esp_bt.h +++ b/components/bt/include/esp32c3/include/esp_bt.h @@ -317,6 +317,12 @@ typedef void (* esp_bt_hci_tl_callback_t) (void *arg, uint8_t status); #define BT_CTRL_BLE_SCAN (1) #endif // (BT_CTRL_RUN_IN_FLASH_ONLY == 1) +#ifdef CONFIG_BT_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS +#define BLE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS_ENABLED CONFIG_BT_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS +#else +#define BLE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS_ENABLED 0 +#endif + #define BT_CONTROLLER_INIT_CONFIG_DEFAULT() { \ .magic = ESP_BT_CTRL_CONFIG_MAGIC_VAL, \ .version = ESP_BT_CTRL_CONFIG_VERSION, \ @@ -362,6 +368,7 @@ typedef void (* esp_bt_hci_tl_callback_t) (void *arg, uint8_t status); .qa_test = BT_CTRL_BLE_TEST, \ .master_en = BT_CTRL_BLE_MASTER, \ .scan_en = BT_CTRL_BLE_SCAN, \ + .ble_aa_check = BLE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS_ENABLED, \ } #else @@ -486,6 +493,7 @@ typedef struct { bool qa_test; /*!< In the flash mode, True if the QA test feature is enabled; false otherwise (default). Configurable in menuconfig.*/ bool master_en; /*!< In the flash mode, True if the master feature is enabled (default); false otherwise. Configurable in menuconfig.*/ bool scan_en; /*!< In the flash mode, True if the scan feature is enabled (default); false otherwise. Configurable in menuconfig.*/ + bool ble_aa_check; /*!< True if adds a verification step for the Access Address within the CONNECT_IND PDU; false otherwise. Configurable in menuconfig */ } esp_bt_controller_config_t; /**