Merge branch 'feat/add_sdkconfig_for_secure_connection' into 'master'

feat(bt): add sdkconfig for secure connection host support feature

See merge request espressif/esp-idf!38895

components/bt/host/bluedroid/api/esp_bt_main.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2015-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -128,6 +128,21 @@ esp_err_t esp_bluedroid_init_with_cfg(esp_bluedroid_config_t *cfg)
         return ESP_ERR_INVALID_ARG;
     }
 
+    if (cfg->sc_en) {
+#if (SC_MODE_INCLUDED == FALSE)
+        LOG_ERROR("Secure Connections should not be enabled when target controller is ESP32.\n");
+        LOG_ERROR("It may trigger unresolved bugs in the controller.\n");
+        return ESP_ERR_INVALID_ARG;
+#endif // SC_MODE_INCLUDED
+
+        if (!cfg->ssp_en) {
+            LOG_ERROR("secure simple pairing should be enabled when secure connection host support is enabled\n");
+            return ESP_ERR_INVALID_ARG;
+        }
+
+        LOG_WARN("Please make sure to clear the bond list before enabling the secure connection host support\n");
+    }
+
 #if (BT_CONTROLLER_INCLUDED == TRUE)
     if (esp_bt_controller_get_status() != ESP_BT_CONTROLLER_STATUS_ENABLED) {
         LOG_ERROR("Controller not initialised\n");
@@ -144,7 +159,7 @@ esp_err_t esp_bluedroid_init_with_cfg(esp_bluedroid_config_t *cfg)
     osi_mem_dbg_init();
 #endif
 
-    ret = bluedriod_config_init(cfg);
+    ret = bluedroid_config_init(cfg);
     if (ret != BT_STATUS_SUCCESS) {
         LOG_ERROR("Bluedroid stack initialize fail, ret:%d", ret);
         return ESP_FAIL;
@@ -228,7 +243,7 @@ esp_err_t esp_bluedroid_deinit(void)
 
     btc_deinit();
 
-    bluedriod_config_deinit();
+    bluedroid_config_deinit();
 
 #if (BT_HCI_LOG_INCLUDED == TRUE)
     bt_hci_log_deinit();

components/bt/host/bluedroid/api/esp_gap_bt_api.c

@@ -322,7 +322,7 @@ esp_err_t esp_bt_gap_set_security_param(esp_bt_sp_param_t param_type,
         return ESP_ERR_INVALID_STATE;
     }
 
-    if (!(bluedriod_config_get()->get_ssp_enabled())) {
+    if (!(bluedroid_config_get()->get_ssp_enabled())) {
         ESP_LOGE(TAG, "%s is not supported when `ssp_en` in `esp_bluedroid_config_t` is disabled!", __func__);
         return ESP_ERR_NOT_SUPPORTED;
     }
@@ -347,7 +347,7 @@ esp_err_t esp_bt_gap_ssp_passkey_reply(esp_bd_addr_t bd_addr, bool accept, uint3
         return ESP_ERR_INVALID_STATE;
     }
 
-    if (!(bluedriod_config_get()->get_ssp_enabled())) {
+    if (!(bluedroid_config_get()->get_ssp_enabled())) {
         ESP_LOGE(TAG, "%s is not supported when `ssp_en` in `esp_bluedroid_config_t` is disabled!", __func__);
         return ESP_ERR_NOT_SUPPORTED;
     }
@@ -371,7 +371,7 @@ esp_err_t esp_bt_gap_ssp_confirm_reply(esp_bd_addr_t bd_addr, bool accept)
         return ESP_ERR_INVALID_STATE;
     }
 
-    if (!(bluedriod_config_get()->get_ssp_enabled())) {
+    if (!(bluedroid_config_get()->get_ssp_enabled())) {
         ESP_LOGE(TAG, "%s is not supported when `ssp_en` in `esp_bluedroid_config_t` is disabled!", __func__);
         return ESP_ERR_NOT_SUPPORTED;
     }

components/bt/host/bluedroid/api/include/api/esp_bt_main.h

@@ -30,11 +30,13 @@ typedef enum {
  */
 typedef struct {
     bool ssp_en; /*!< Whether SSP(secure simple pairing) or legacy pairing is used for Classic Bluetooth */
+    bool sc_en; /*!< Whether secure connection host support is enabled or disabled for Classic Bluetooth */
 } esp_bluedroid_config_t;
 
 #define BT_BLUEDROID_INIT_CONFIG_DEFAULT()                                                                             \
     {                                                                                                                  \
         .ssp_en = true,                                                                                                \
+        .sc_en = false,                                                                                                \
     }
 
 /**

components/bt/host/bluedroid/common/include/common/bt_target.h

@@ -1339,10 +1339,12 @@
 **************************/
 
 /* 4.1/4.2 secure connections feature */
-#ifndef SC_MODE_INCLUDED
-// Disable AES-CCM (BT 4.1) for BT Classic to workaround controller AES issue. E0 encryption (BT 4.0) will be used.
+#if defined(CONFIG_IDF_TARGET_ESP32) && (BT_CONTROLLER_INCLUDED == TRUE)
+// Disable AES-CCM (BT 4.1) for BT Classic to workaround controller AES issue on ESP32 controller. E0 encryption (BT 4.0) will be used.
 #define SC_MODE_INCLUDED                FALSE
-#endif
+#else
+#define SC_MODE_INCLUDED                TRUE
+#endif // CONFIG_IDF_TARGET_ESP32
 
 /* Used for conformance testing ONLY */
 #ifndef BTM_BLE_CONFORMANCE_TESTING

components/bt/host/bluedroid/config/include/config/stack_config.h

@@ -12,10 +12,11 @@
 
 struct bluedroid_config {
     bool (*get_ssp_enabled)(void);
+    bool (*get_sc_enabled) (void);
 };
 
-bt_status_t bluedriod_config_init(esp_bluedroid_config_t *cfg);
+bt_status_t bluedroid_config_init(esp_bluedroid_config_t *cfg);
 
-void bluedriod_config_deinit(void);
+void bluedroid_config_deinit(void);
 
-const struct bluedroid_config *bluedriod_config_get(void);
+const struct bluedroid_config *bluedroid_config_get(void);

components/bt/host/bluedroid/config/stack_config.c

@@ -25,7 +25,14 @@ static bool get_ssp_enabled(void)
     return cfg->ssp_en;
 }
 
-bt_status_t bluedriod_config_init(esp_bluedroid_config_t *cfg)
+static bool get_sc_enabled(void)
+{
+    assert(s_stack_config_env);
+    esp_bluedroid_config_t *cfg = &s_stack_config_env->cfg;
+    return cfg->sc_en;
+}
+
+bt_status_t bluedroid_config_init(esp_bluedroid_config_t *cfg)
 {
     s_stack_config_env = osi_calloc(sizeof(struct stack_config_env_tag));
     if (!s_stack_config_env) {
@@ -36,11 +43,12 @@ bt_status_t bluedriod_config_init(esp_bluedroid_config_t *cfg)
 
     struct bluedroid_config *interface = &s_stack_config_env->interface;
     interface->get_ssp_enabled = get_ssp_enabled;
+    interface->get_sc_enabled = get_sc_enabled;
 
     return BT_STATUS_SUCCESS;
 }
 
-void bluedriod_config_deinit(void)
+void bluedroid_config_deinit(void)
 {
     if (s_stack_config_env) {
         osi_free(s_stack_config_env);
@@ -48,7 +56,7 @@ void bluedriod_config_deinit(void)
     }
 }
 
-const struct bluedroid_config *bluedriod_config_get(void)
+const struct bluedroid_config *bluedroid_config_get(void)
 {
     assert(s_stack_config_env);
     return &s_stack_config_env->interface;

components/bt/host/bluedroid/device/controller.c

@@ -188,7 +188,7 @@ static void start_up(void)
     // dependent on what we configure from page 0 and host SSP configuration
     controller_param.simple_pairing_supported = HCI_SIMPLE_PAIRING_SUPPORTED(
                                                     controller_param.features_classic[0].as_array) &&
-                                                (bluedriod_config_get()->get_ssp_enabled());
+                                                (bluedroid_config_get()->get_ssp_enabled());
     if (controller_param.simple_pairing_supported) {
         response = AWAIT_COMMAND(controller_param.packet_factory->make_write_simple_pairing_mode(HCI_SP_MODE_ENABLED));
         controller_param.packet_parser->parse_generic_command_complete(response);
@@ -223,13 +223,13 @@ static void start_up(void)
     }
 #endif
 
-#if (SC_MODE_INCLUDED == TRUE)
+if ((bluedroid_config_get()->get_sc_enabled())) {
     controller_param.secure_connections_supported = HCI_SC_CTRLR_SUPPORTED(controller_param.features_classic[2].as_array);
     if (controller_param.secure_connections_supported) {
         response = AWAIT_COMMAND(controller_param.packet_factory->make_write_secure_connections_host_support(HCI_SC_MODE_ENABLED));
         controller_param.packet_parser->parse_generic_command_complete(response);
     }
-#endif
+}
 
 #if (BLE_INCLUDED == TRUE)
 #if (CLASSIC_BT_INCLUDED)