kopia lustrzana https://github.com/espressif/esp-idf
Component/bt: add ble disconnect when ACCEPT_SPECIFIED_SEC_AUTH failed
zhiweijian
rodzic
e5f2f1ba78
commit
143c0bdaf9
|
|
@ -54,6 +54,7 @@ typedef uint8_t esp_ble_key_type_t;
|
|||
#define ESP_LE_AUTH_NO_BOND 0x00 /*!< 0*/ /* relate to BTM_LE_AUTH_NO_BOND in stack/btm_api.h */
|
||||
#define ESP_LE_AUTH_BOND 0x01 /*!< 1 << 0 */ /* relate to BTM_LE_AUTH_BOND in stack/btm_api.h */
|
||||
#define ESP_LE_AUTH_REQ_MITM (1 << 2) /*!< 1 << 2 */ /* relate to BTM_LE_AUTH_REQ_MITM in stack/btm_api.h */
|
||||
#define ESP_LE_AUTH_REQ_BOND_MITM (ESP_LE_AUTH_BOND | ESP_LE_AUTH_REQ_MITM)/*!< 0101*/
|
||||
#define ESP_LE_AUTH_REQ_SC_ONLY (1 << 3) /*!< 1 << 3 */ /* relate to BTM_LE_AUTH_REQ_SC_ONLY in stack/btm_api.h */
|
||||
#define ESP_LE_AUTH_REQ_SC_BOND (ESP_LE_AUTH_BOND | ESP_LE_AUTH_REQ_SC_ONLY) /*!< 1001 */ /* relate to BTM_LE_AUTH_REQ_SC_BOND in stack/btm_api.h */
|
||||
#define ESP_LE_AUTH_REQ_SC_MITM (ESP_LE_AUTH_REQ_MITM | ESP_LE_AUTH_REQ_SC_ONLY) /*!< 1100 */ /* relate to BTM_LE_AUTH_REQ_SC_MITM in stack/btm_api.h */
|
||||
|
|
|
|||
|
|
@ -4251,9 +4251,6 @@ static UINT8 bta_dm_ble_smp_cback (tBTM_LE_EVT event, BD_ADDR bda, tBTM_LE_EVT_D
|
|||
switch (event) {
|
||||
case BTM_LE_IO_REQ_EVT: {
|
||||
// #if (BT_SSP_INCLUDED == TRUE)
|
||||
UINT8 enable = bta_dm_co_ble_get_accept_auth_enable();
|
||||
UINT8 origin_auth = bta_dm_co_ble_get_auth_req();
|
||||
BTM_BleSetAcceptAuthMode(enable, origin_auth);
|
||||
bta_dm_co_ble_io_req(bda,
|
||||
&p_data->io_req.io_cap,
|
||||
&p_data->io_req.oob_data,
|
||||
|
|
|
|||
|
|
@ -443,25 +443,6 @@ void BTM_BleSetStaticPasskey(BOOLEAN add, UINT32 passkey)
|
|||
#endif
|
||||
}
|
||||
|
||||
/*******************************************************************************
|
||||
**
|
||||
** Function BTM_BleSetAcceptAuthMode
|
||||
**
|
||||
** Description This function is called to set only accept specified Authentication
|
||||
**
|
||||
**
|
||||
** Parameters: enable - Whether to enable this function
|
||||
**
|
||||
** auth_mode - Authentication mode
|
||||
**
|
||||
**
|
||||
*******************************************************************************/
|
||||
void BTM_BleSetAcceptAuthMode(UINT8 enable, UINT8 auth_mode)
|
||||
{
|
||||
#if SMP_INCLUDED == TRUE
|
||||
SMP_SetAcceptAuthMode(enable, auth_mode);
|
||||
#endif
|
||||
}
|
||||
/*******************************************************************************
|
||||
**
|
||||
** Function BTM_BleConfirmReply
|
||||
|
|
|
|||
|
|
@ -1330,21 +1330,6 @@ void BTM_BlePasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey);
|
|||
*******************************************************************************/
|
||||
void BTM_BleSetStaticPasskey(BOOLEAN add, UINT32 passkey);
|
||||
|
||||
/*******************************************************************************
|
||||
**
|
||||
** Function BTM_BleSetAcceptAuthMode
|
||||
**
|
||||
** Description This function is called to set only accept specified Authentication
|
||||
**
|
||||
**
|
||||
** Parameters: enable - Whether to enable this function
|
||||
**
|
||||
** auth_mode - Authentication mode
|
||||
**
|
||||
**
|
||||
*******************************************************************************/
|
||||
void BTM_BleSetAcceptAuthMode(UINT8 enable, UINT8 auth_mode);
|
||||
|
||||
/*******************************************************************************
|
||||
**
|
||||
** Function BTM_BleConfirmReply
|
||||
|
|
|
|||
|
|
@ -417,8 +417,6 @@ extern void SMP_PasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey);
|
|||
*******************************************************************************/
|
||||
extern void SMP_SetStaticPasskey (BOOLEAN add, UINT32 passkey);
|
||||
|
||||
extern void SMP_SetAcceptAuthMode (UINT8 enable, UINT8 auth_mode);
|
||||
|
||||
/*******************************************************************************
|
||||
**
|
||||
** Function SMP_ConfirmReply
|
||||
|
|
|
|||
|
|
@ -301,6 +301,7 @@ typedef struct {
|
|||
tSMP_OOB_FLAG loc_oob_flag;
|
||||
tSMP_AUTH_REQ peer_auth_req;
|
||||
tSMP_AUTH_REQ loc_auth_req;
|
||||
tSMP_AUTH_REQ auth_mode;
|
||||
BOOLEAN secure_connections_only_mode_required;/* TRUE if locally SM is required to operate */
|
||||
/* either in Secure Connections mode or not at all */
|
||||
tSMP_ASSO_MODEL selected_association_model;
|
||||
|
|
|
|||
|
|
@ -52,6 +52,9 @@ const tSMP_ACT smp_distribute_act [] = {
|
|||
smp_set_derive_link_key
|
||||
};
|
||||
|
||||
extern UINT8 bta_dm_co_ble_get_accept_auth_enable(void);
|
||||
extern UINT8 bta_dm_co_ble_get_auth_req(void);
|
||||
|
||||
static bool lmp_version_below(BD_ADDR bda, uint8_t version)
|
||||
{
|
||||
tACL_CONN *acl = btm_bda_to_acl(bda, BT_TRANSPORT_LE);
|
||||
|
|
@ -498,6 +501,33 @@ void smp_proc_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
|
|||
p_cb->status = *(UINT8 *)p_data;
|
||||
}
|
||||
|
||||
/*******************************************************************************
|
||||
** Function smp_get_auth_mode
|
||||
** Description Get the SMP pairing auth mode
|
||||
*******************************************************************************/
|
||||
uint16_t smp_get_auth_mode (tSMP_ASSO_MODEL model)
|
||||
{
|
||||
SMP_TRACE_DEBUG("%s model %d", __func__, model);
|
||||
uint16_t auth = 0;
|
||||
if (model == SMP_MODEL_ENCRYPTION_ONLY || model == SMP_MODEL_SEC_CONN_JUSTWORKS) {
|
||||
//No MITM
|
||||
if(model == SMP_MODEL_SEC_CONN_JUSTWORKS) {
|
||||
//SC SMP_SC_SUPPORT_BIT
|
||||
auth |= SMP_SC_SUPPORT_BIT;
|
||||
}
|
||||
} else if (model <= SMP_MODEL_KEY_NOTIF) {
|
||||
//NO SC, MITM
|
||||
auth |= SMP_AUTH_YN_BIT;
|
||||
} else if (model <= SMP_MODEL_SEC_CONN_OOB) {
|
||||
//SC, MITM
|
||||
auth |= SMP_SC_SUPPORT_BIT;
|
||||
auth |= SMP_AUTH_YN_BIT;
|
||||
} else {
|
||||
auth = 0;
|
||||
}
|
||||
return auth;
|
||||
}
|
||||
|
||||
/*******************************************************************************
|
||||
** Function smp_proc_pair_cmd
|
||||
** Description Process the SMP pairing request/response from peer device
|
||||
|
|
@ -528,7 +558,8 @@ void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
|
|||
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
|
||||
return;
|
||||
}
|
||||
|
||||
p_cb->accept_specified_sec_auth = bta_dm_co_ble_get_accept_auth_enable();
|
||||
p_cb->origin_loc_auth_req = bta_dm_co_ble_get_auth_req();
|
||||
if (p_cb->role == HCI_ROLE_SLAVE) {
|
||||
if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)) {
|
||||
/* peer (master) started pairing sending Pairing Request */
|
||||
|
|
@ -551,10 +582,18 @@ void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
|
|||
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
|
||||
return;
|
||||
}
|
||||
if(p_cb->accept_specified_sec_auth) {
|
||||
if((p_cb->origin_loc_auth_req & p_cb->peer_auth_req & p_cb->loc_auth_req) != p_cb->origin_loc_auth_req ) {
|
||||
SMP_TRACE_ERROR("%s pairing failed - slave requires 0x%x auth but peer auth req 0x%x local auth req 0x%x",
|
||||
uint16_t auth = smp_get_auth_mode(p_cb->selected_association_model);
|
||||
if(p_cb->peer_auth_req & p_cb->loc_auth_req & SMP_AUTH_GEN_BOND) {
|
||||
auth |= SMP_AUTH_GEN_BOND;
|
||||
}
|
||||
p_cb->auth_mode = auth;
|
||||
if (p_cb->accept_specified_sec_auth) {
|
||||
if ((auth & p_cb->origin_loc_auth_req) != p_cb->origin_loc_auth_req ) {
|
||||
SMP_TRACE_ERROR("%s pairing failed - slave requires auth is 0x%x but peer auth is 0x%x local auth is 0x%x",
|
||||
__func__, p_cb->origin_loc_auth_req, p_cb->peer_auth_req, p_cb->loc_auth_req);
|
||||
if (BTM_IsAclConnectionUp(p_cb->pairing_bda, BT_TRANSPORT_LE)) {
|
||||
btm_remove_acl (p_cb->pairing_bda, BT_TRANSPORT_LE);
|
||||
}
|
||||
reason = SMP_PAIR_AUTH_FAIL;
|
||||
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
|
||||
}
|
||||
|
|
@ -581,10 +620,18 @@ void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
|
|||
return;
|
||||
}
|
||||
|
||||
uint16_t auth = smp_get_auth_mode(p_cb->selected_association_model);
|
||||
if(p_cb->peer_auth_req & p_cb->loc_auth_req & SMP_AUTH_GEN_BOND) {
|
||||
auth |= SMP_AUTH_GEN_BOND;
|
||||
}
|
||||
p_cb->auth_mode = auth;
|
||||
if (p_cb->accept_specified_sec_auth) {
|
||||
if ((p_cb->origin_loc_auth_req & p_cb->peer_auth_req & p_cb->loc_auth_req) != p_cb->origin_loc_auth_req ) {
|
||||
SMP_TRACE_ERROR("%s pairing failed - master requires 0x%x auth but peer auth req 0x%x local auth req 0x%x",
|
||||
if ((auth & p_cb->origin_loc_auth_req) != p_cb->origin_loc_auth_req ) {
|
||||
SMP_TRACE_ERROR("%s pairing failed - master requires auth is 0x%x but peer auth is 0x%x local auth is 0x%x",
|
||||
__func__, p_cb->origin_loc_auth_req, p_cb->peer_auth_req, p_cb->loc_auth_req);
|
||||
if (BTM_IsAclConnectionUp(p_cb->pairing_bda, BT_TRANSPORT_LE)) {
|
||||
btm_remove_acl (p_cb->pairing_bda, BT_TRANSPORT_LE);
|
||||
}
|
||||
reason = SMP_PAIR_AUTH_FAIL;
|
||||
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
|
||||
}
|
||||
|
|
@ -1334,6 +1381,22 @@ void smp_process_io_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
|
|||
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
|
||||
return;
|
||||
}
|
||||
uint16_t auth = smp_get_auth_mode(p_cb->selected_association_model);
|
||||
if(p_cb->peer_auth_req & p_cb->loc_auth_req & SMP_AUTH_GEN_BOND) {
|
||||
auth |= SMP_AUTH_GEN_BOND;
|
||||
}
|
||||
p_cb->auth_mode = auth;
|
||||
if (p_cb->accept_specified_sec_auth) {
|
||||
if ((auth & p_cb->origin_loc_auth_req) != p_cb->origin_loc_auth_req ) {
|
||||
SMP_TRACE_ERROR("pairing failed - slave requires auth is 0x%x but peer auth is 0x%x local auth is 0x%x",
|
||||
p_cb->origin_loc_auth_req, p_cb->peer_auth_req, p_cb->loc_auth_req);
|
||||
if (BTM_IsAclConnectionUp(p_cb->pairing_bda, BT_TRANSPORT_LE)) {
|
||||
btm_remove_acl (p_cb->pairing_bda, BT_TRANSPORT_LE);
|
||||
}
|
||||
reason = SMP_PAIR_AUTH_FAIL;
|
||||
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
|
||||
}
|
||||
}
|
||||
|
||||
if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) {
|
||||
if (smp_request_oob_data(p_cb)) {
|
||||
|
|
|
|||
|
|
@ -354,27 +354,6 @@ void SMP_SetStaticPasskey (BOOLEAN add, UINT32 passkey)
|
|||
}
|
||||
}
|
||||
|
||||
/*******************************************************************************
|
||||
**
|
||||
** Function SMP_SetAcceptAuthMode
|
||||
**
|
||||
** Description This function is called to set only accept specified Authentication
|
||||
**
|
||||
**
|
||||
** Parameters: enable - Whether to enable this function
|
||||
**
|
||||
** auth_mode - Authentication mode
|
||||
**
|
||||
**
|
||||
*******************************************************************************/
|
||||
void SMP_SetAcceptAuthMode (UINT8 enable, UINT8 auth_mode)
|
||||
{
|
||||
tSMP_CB *p_cb = & smp_cb;
|
||||
|
||||
p_cb->accept_specified_sec_auth = enable;
|
||||
p_cb->origin_loc_auth_req = auth_mode;
|
||||
|
||||
}
|
||||
/*******************************************************************************
|
||||
**
|
||||
** Function SMP_ConfirmReply
|
||||
|
|
|
|||
|
|
@ -965,7 +965,7 @@ void smp_proc_pairing_cmpl(tSMP_CB *p_cb)
|
|||
evt_data.cmplt.auth_mode = 0;
|
||||
if (p_cb->status == SMP_SUCCESS) {
|
||||
evt_data.cmplt.sec_level = p_cb->sec_level;
|
||||
evt_data.cmplt.auth_mode = (p_cb->peer_auth_req & p_cb->loc_auth_req);
|
||||
evt_data.cmplt.auth_mode = p_cb->auth_mode;
|
||||
}
|
||||
|
||||
evt_data.cmplt.is_pair_cancel = FALSE;
|
||||
|
|
|
|||
|
|
@ -139,6 +139,9 @@ static char *esp_auth_req_to_str(esp_ble_auth_req_t auth_req)
|
|||
case ESP_LE_AUTH_REQ_MITM:
|
||||
auth_str = "ESP_LE_AUTH_REQ_MITM";
|
||||
break;
|
||||
case ESP_LE_AUTH_REQ_BOND_MITM:
|
||||
auth_str = "ESP_LE_AUTH_REQ_BOND_MITM";
|
||||
break;
|
||||
case ESP_LE_AUTH_REQ_SC_ONLY:
|
||||
auth_str = "ESP_LE_AUTH_REQ_SC_ONLY";
|
||||
break;
|
||||
|
|
|
|||
|
|
@ -240,6 +240,9 @@ static char *esp_auth_req_to_str(esp_ble_auth_req_t auth_req)
|
|||
case ESP_LE_AUTH_REQ_MITM:
|
||||
auth_str = "ESP_LE_AUTH_REQ_MITM";
|
||||
break;
|
||||
case ESP_LE_AUTH_REQ_BOND_MITM:
|
||||
auth_str = "ESP_LE_AUTH_REQ_BOND_MITM";
|
||||
break;
|
||||
case ESP_LE_AUTH_REQ_SC_ONLY:
|
||||
auth_str = "ESP_LE_AUTH_REQ_SC_ONLY";
|
||||
break;
|
||||
|
|
@ -553,14 +556,14 @@ void app_main()
|
|||
}
|
||||
|
||||
/* set the security iocap & auth_req & key size & init key response key parameters to the stack*/
|
||||
esp_ble_auth_req_t auth_req = ESP_LE_AUTH_BOND; //bonding with peer device after authentication
|
||||
esp_ble_io_cap_t iocap = ESP_IO_CAP_NONE; //set the IO capability to No output No input
|
||||
esp_ble_auth_req_t auth_req = ESP_LE_AUTH_REQ_SC_MITM_BOND; //bonding with peer device after authentication
|
||||
esp_ble_io_cap_t iocap = ESP_IO_CAP_OUT; //set the IO capability to No output No input
|
||||
uint8_t key_size = 16; //the key size should be 7~16 bytes
|
||||
uint8_t init_key = ESP_BLE_ENC_KEY_MASK | ESP_BLE_ID_KEY_MASK;
|
||||
uint8_t rsp_key = ESP_BLE_ENC_KEY_MASK | ESP_BLE_ID_KEY_MASK;
|
||||
//set static passkey
|
||||
uint32_t passkey = 123456;
|
||||
uint8_t auth_option = ESP_BLE_ONLY_ACCEPT_SPECIFIED_AUTH_DISABLE;
|
||||
uint8_t auth_option = ESP_BLE_ONLY_ACCEPT_SPECIFIED_AUTH_ENABLE;
|
||||
esp_ble_gap_set_security_param(ESP_BLE_SM_SET_STATIC_PASSKEY, &passkey, sizeof(uint32_t));
|
||||
esp_ble_gap_set_security_param(ESP_BLE_SM_AUTHEN_REQ_MODE, &auth_req, sizeof(uint8_t));
|
||||
esp_ble_gap_set_security_param(ESP_BLE_SM_IOCAP_MODE, &iocap, sizeof(uint8_t));
|
||||
|
|
|
|||
Ładowanie…
Reference in New Issue