From da32fbce7a8ba762cafba912c73f0ee1f901e2af Mon Sep 17 00:00:00 2001 From: Yulong Date: Wed, 11 Oct 2017 03:33:20 -0400 Subject: [PATCH 1/2] component/bt: Fix the bug of can't pair if master send pair req but slave don't send sec req. --- .../bt/bluedroid/api/include/esp_gap_ble_api.h | 18 ++++++++++++++---- components/bt/bluedroid/stack/btm/btm_ble.c | 2 +- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/components/bt/bluedroid/api/include/esp_gap_ble_api.h b/components/bt/bluedroid/api/include/esp_gap_ble_api.h index 146bb9ec55..5c55c02a8f 100644 --- a/components/bt/bluedroid/api/include/esp_gap_ble_api.h +++ b/components/bt/bluedroid/api/include/esp_gap_ble_api.h @@ -179,10 +179,20 @@ typedef enum { /* relate to BTA_DM_BLE_SEC_xxx in bta_api.h */ typedef enum { - ESP_BLE_SEC_NONE = 0, /* relate to BTA_DM_BLE_SEC_NONE in bta_api.h */ - ESP_BLE_SEC_ENCRYPT, /* relate to BTA_DM_BLE_SEC_ENCRYPT in bta_api.h */ - ESP_BLE_SEC_ENCRYPT_NO_MITM, /* relate to BTA_DM_BLE_SEC_ENCRYPT_NO_MITM in bta_api.h */ - ESP_BLE_SEC_ENCRYPT_MITM, /* relate to BTA_DM_BLE_SEC_ENCRYPT_MITM in bta_api.h */ + ESP_BLE_SEC_ENCRYPT = 1, /* relate to BTA_DM_BLE_SEC_ENCRYPT in bta_api.h. If the device has already + bonded, the stack will used LTK to encrypt with the remote device directly. + Else if the device hasn't bonded, the stack will used the default authentication request + used the esp_ble_gap_set_security_param function set by the user. */ + ESP_BLE_SEC_ENCRYPT_NO_MITM, /* relate to BTA_DM_BLE_SEC_ENCRYPT_NO_MITM in bta_api.h. If the device has already + bonded, the stack will check the LTK Whether the authentication request has been met, if met, used the LTK + to encrypt with the remote device directly, else Re-pair with the remote device. + Else if the device hasn't bonded, the stack will used NO MITM authentication request in the current link instead of + used the authreq in the esp_ble_gap_set_security_param function set by the user. */ + ESP_BLE_SEC_ENCRYPT_MITM, /* relate to BTA_DM_BLE_SEC_ENCRYPT_MITM in bta_api.h. If the device has already + bonded, the stack will check the LTK Whether the authentication request has been met, if met, used the LTK + to encrypt with the remote device directly, else Re-pair with the remote device. + Else if the device hasn't bonded, the stack will used MITM authentication request in the current link instead of + used the authreq in the esp_ble_gap_set_security_param function set by the user. */ }esp_ble_sec_act_t; typedef enum { diff --git a/components/bt/bluedroid/stack/btm/btm_ble.c b/components/bt/bluedroid/stack/btm/btm_ble.c index fd4cb81ada..4e49b16ef2 100644 --- a/components/bt/bluedroid/stack/btm/btm_ble.c +++ b/components/bt/bluedroid/stack/btm/btm_ble.c @@ -1413,7 +1413,7 @@ tBTM_STATUS btm_ble_set_encryption (BD_ADDR bd_addr, void *p_ref_data, UINT8 lin switch (sec_act) { case BTM_BLE_SEC_ENCRYPT: - if (link_role == BTM_ROLE_MASTER) { + if (link_role == BTM_ROLE_MASTER && (p_rec->ble.key_type & BTM_LE_KEY_PENC)) { /* start link layer encryption using the security info stored */ cmd = btm_ble_start_encrypt(bd_addr, FALSE, NULL); break; From a9a423a025421f437059e4d77f40ad05995e0692 Mon Sep 17 00:00:00 2001 From: yulong Date: Mon, 23 Oct 2017 15:01:00 +0800 Subject: [PATCH 2/2] component/bt: Added the sec_act != BTM_BLE_SEC_ENCRYPT check in the btm_ble_set_encryption function when the sec_act is BTM_BLE_SEC_ENCRYPT_NO_MITM or BTM_BLE_SEC_ENCRYPT_MITM. --- components/bt/bluedroid/stack/btm/btm_ble.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/bt/bluedroid/stack/btm/btm_ble.c b/components/bt/bluedroid/stack/btm/btm_ble.c index 4e49b16ef2..72e7023c2b 100644 --- a/components/bt/bluedroid/stack/btm/btm_ble.c +++ b/components/bt/bluedroid/stack/btm/btm_ble.c @@ -1422,7 +1422,7 @@ tBTM_STATUS btm_ble_set_encryption (BD_ADDR bd_addr, void *p_ref_data, UINT8 lin sec_request to request the master to encrypt the link */ case BTM_BLE_SEC_ENCRYPT_NO_MITM: case BTM_BLE_SEC_ENCRYPT_MITM: - if (link_role == BTM_ROLE_MASTER) { + if ((link_role == BTM_ROLE_MASTER) && (sec_act != BTM_BLE_SEC_ENCRYPT)) { auth_req = (sec_act == BTM_BLE_SEC_ENCRYPT_NO_MITM) ? SMP_AUTH_GEN_BOND : (SMP_AUTH_GEN_BOND | SMP_AUTH_YN_BIT); btm_ble_link_sec_check (bd_addr, auth_req, &sec_req_act);