fixed the issue iOS devices cannot initiate connection

to ESP32 while there is a BLE connection to this ESP32 Closes https://github.com/espressif/esp-idf/issues/6557
2022-10-19 16:03:48 +08:00 · 2022-10-19 16:03:48 +08:00 · 042fd5f895
commit 042fd5f895
--- a/components/bt/host/bluedroid/stack/btm/btm_acl.c
+++ b/components/bt/host/bluedroid/stack/btm/btm_acl.c
@ -819,22 +819,6 @@ void btm_acl_encrypt_change (UINT16 handle, UINT8 status, UINT8 encr_enable)
        }
 #endif
    }
-#if (CLASSIC_BT_INCLUDED == TRUE)
-    /* If authentication is done through legacy authentication and esp32 has
-     * not authenticated peer deivce yet, do not proceed for encrytion and
-     * first authenticate it. */
-    else if ((BTM_BothEndsSupportSecureConnections(p->remote_addr) == 0) &&
-            ((p->legacy_auth_state & BTM_ACL_LEGACY_AUTH_SELF) == 0)) {
-        if ((p_dev_rec = btm_find_dev (p->remote_addr)) != NULL) {
-            if (btm_sec_legacy_authentication_mutual(p_dev_rec)) {
-                btm_sec_update_legacy_auth_state(btm_bda_to_acl(p_dev_rec->bd_addr, BT_TRANSPORT_BR_EDR), BTM_ACL_LEGACY_AUTH_SELF);
-            } else {
-                BTM_TRACE_ERROR("%s failed, Resources not available for Authentication procedure", __FUNCTION__);
-            }
-        }
-    }
-#endif
-
 }
 /*******************************************************************************
 **
--- a/components/bt/host/bluedroid/stack/btm/btm_sec.c
+++ b/components/bt/host/bluedroid/stack/btm/btm_sec.c
@ -5191,6 +5191,22 @@ static tBTM_STATUS btm_sec_execute_procedure (tBTM_SEC_DEV_REC *p_dev_rec)
        return (BTM_CMD_STARTED);
    }

+#if (CLASSIC_BT_INCLUDED == TRUE)
+    tACL_CONN *p_acl_cb = btm_handle_to_acl(p_dev_rec->hci_handle);
+    /*
+     * To prevent a remote device from doing a Bluetooth Impersonation Attack, a suggested fix by SIG is:
+     *
+     * "Hosts performing legacy (non-mutual) authentication must ensure a remote device is authenticated
+     *  prior to proceeding with encryption establishment, regardless of role."
+     *
+     * As an implementation, we enforce mutual authentication when devices use Legacy Authentication.
+     */
+    if ((p_acl_cb != NULL) && (BTM_BothEndsSupportSecureConnections(p_acl_cb->remote_addr) == 0) &&
+        ((p_acl_cb->legacy_auth_state & BTM_ACL_LEGACY_AUTH_SELF) == 0)) {
+        p_dev_rec->sec_flags &= ~BTM_SEC_AUTHENTICATED;
+    }
+#endif
+
    /* If connection is not authenticated and authentication is required */
    /* start authentication and return PENDING to the caller */
    if ((((!(p_dev_rec->sec_flags & BTM_SEC_AUTHENTICATED))