BT/Bluedroid: Add support to set min encryption key size requirement (backport)

- Backport of IDF MR!6122. - Modifies `smp_utils.c` to add check on encryption key size received from peer. - Modifies `esp_ble_gap_set_security_param` API to add minimum encryption key size requirement.
2024-10-05 20:47:46 -04:00 · 2019-09-25 11:57:21 +08:00 · 2019-09-25 11:57:21 +08:00 · 499accb652
commit 499accb652
parent 988147a451
6 changed files with 57 additions and 6 deletions
--- a/components/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h
+++ b/components/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h
@ -267,14 +267,25 @@ typedef enum {

 typedef enum {
    ESP_BLE_SM_PASSKEY = 0,
+    /* Authentication requirements of local device */
    ESP_BLE_SM_AUTHEN_REQ_MODE,
+    /* The IO capability of local device */
    ESP_BLE_SM_IOCAP_MODE,
+    /* Initiator Key Distribution/Generation */
    ESP_BLE_SM_SET_INIT_KEY,
+    /* Responder Key Distribution/Generation */
    ESP_BLE_SM_SET_RSP_KEY,
+    /* Maximum Encryption key size to support */
    ESP_BLE_SM_MAX_KEY_SIZE,
+    /* Minimum Encryption key size requirement from Peer */
+    ESP_BLE_SM_MIN_KEY_SIZE,
+    /* Set static Passkey */
    ESP_BLE_SM_SET_STATIC_PASSKEY,
+    /* Reset static Passkey */
    ESP_BLE_SM_CLEAR_STATIC_PASSKEY,
+    /* Accept only specified SMP Authentication requirement */
    ESP_BLE_SM_ONLY_ACCEPT_SPECIFIED_SEC_AUTH,
+    /* Enable/Disable OOB support */
    ESP_BLE_SM_OOB_SUPPORT,
    ESP_BLE_SM_MAX_PARAM,
 } esp_ble_sm_param_t;
@ -377,7 +388,7 @@ typedef struct {
                                                        advertising reports for each packet received */
 } esp_ble_scan_params_t;

-/// connection parameters information 
+/// connection parameters information
 typedef struct {
    uint16_t             interval;                  /*!< connection interval */
    uint16_t             latency;                   /*!< Slave latency for the connection in number of connection events. Range: 0x0000 to 0x01F3 */
@ -598,7 +609,7 @@ typedef enum {
 typedef enum {
    ESP_BLE_DUPLICATE_SCAN_EXCEPTIONAL_INFO_ADV_ADDR       = 0,  /*!< BLE advertising address , device info will be added into ESP_BLE_DUPLICATE_SCAN_EXCEPTIONAL_ADDR_LIST */
    ESP_BLE_DUPLICATE_SCAN_EXCEPTIONAL_INFO_MESH_LINK_ID,        /*!< BLE mesh link ID, it is for BLE mesh, device info will be added into ESP_BLE_DUPLICATE_SCAN_EXCEPTIONAL_MESH_LINK_ID_LIST */
-    ESP_BLE_DUPLICATE_SCAN_EXCEPTIONAL_INFO_MESH_BEACON_TYPE,    /*!< BLE mesh beacon AD type, the format is | Len | 0x2B | Beacon Type | Beacon Data | */     
+    ESP_BLE_DUPLICATE_SCAN_EXCEPTIONAL_INFO_MESH_BEACON_TYPE,    /*!< BLE mesh beacon AD type, the format is | Len | 0x2B | Beacon Type | Beacon Data | */
    ESP_BLE_DUPLICATE_SCAN_EXCEPTIONAL_INFO_MESH_PROV_SRV_ADV,   /*!< BLE mesh provisioning service uuid, the format is | 0x02 | 0x01 | flags | 0x03 | 0x03 | 0x1827 | .... |` */
    ESP_BLE_DUPLICATE_SCAN_EXCEPTIONAL_INFO_MESH_PROXY_SRV_ADV,  /*!< BLE mesh adv with proxy service uuid, the format is | 0x02 | 0x01 | flags | 0x03 | 0x03 | 0x1828 | .... |` */
 } esp_ble_duplicate_exceptional_info_type_t;
--- a/components/bt/host/bluedroid/bta/dm/bta_dm_co.c
+++ b/components/bt/host/bluedroid/bta/dm/bta_dm_co.c
@ -48,6 +48,7 @@ tBTE_APPL_CFG bte_appl_cfg = {
    BTM_BLE_INITIATOR_KEY_SIZE,
    BTM_BLE_RESPONDER_KEY_SIZE,
    BTM_BLE_MAX_KEY_SIZE,
+    BTM_BLE_MIN_KEY_SIZE,
    BTM_BLE_ONLY_ACCEPT_SPECIFIED_SEC_AUTH_DISABLE,
    BTM_BLE_OOB_DISABLE,
 };
@ -407,7 +408,7 @@ void bta_dm_co_ble_set_rsp_key_req(UINT8 rsp_key)
 void bta_dm_co_ble_set_max_key_size(UINT8 ble_key_size)
 {
 #if (SMP_INCLUDED == TRUE)
-    if(ble_key_size >= BTM_BLE_MIN_KEY_SIZE && ble_key_size <= BTM_BLE_MAX_KEY_SIZE) {
+    if(ble_key_size >= bte_appl_cfg.ble_min_key_size && ble_key_size <= BTM_BLE_MAX_KEY_SIZE) {
        bte_appl_cfg.ble_max_key_size = ble_key_size;
    } else {
        APPL_TRACE_ERROR("%s error:Invalid key size value, key_size =%d",__func__, ble_key_size);
@ -415,6 +416,17 @@ void bta_dm_co_ble_set_max_key_size(UINT8 ble_key_size)
 #endif  ///SMP_INCLUDED == TRUE
 }

+void bta_dm_co_ble_set_min_key_size(UINT8 ble_key_size)
+{
+#if (SMP_INCLUDED == TRUE)
+    if(ble_key_size >= BTM_BLE_MIN_KEY_SIZE && ble_key_size <= bte_appl_cfg.ble_max_key_size) {
+        bte_appl_cfg.ble_min_key_size = ble_key_size;
+    } else {
+        APPL_TRACE_ERROR("%s error:Invalid key size value, key_size =%d",__func__, ble_key_size);
+    }
+#endif  ///SMP_INCLUDED == TRUE
+}
+
 void bta_dm_co_ble_set_accept_auth_enable(UINT8 enable)
 {
 #if (SMP_INCLUDED == TRUE)
--- a/components/bt/host/bluedroid/bta/include/bta/bta_dm_co.h
+++ b/components/bt/host/bluedroid/bta/include/bta/bta_dm_co.h
@ -206,6 +206,8 @@ extern void bta_dm_co_ble_set_rsp_key_req(UINT8 rsp_key);

 extern void bta_dm_co_ble_set_max_key_size(UINT8 ble_key_size);

+extern void bta_dm_co_ble_set_min_key_size(UINT8 ble_key_size);
+
 extern void bta_dm_co_ble_set_accept_auth_enable(UINT8 enable);

 extern UINT8 bta_dm_co_ble_get_accept_auth_enable(void);
--- a/components/bt/host/bluedroid/btc/profile/std/gap/btc_gap_ble.c
+++ b/components/bt/host/bluedroid/btc/profile/std/gap/btc_gap_ble.c
@ -1196,6 +1196,12 @@ void btc_gap_ble_call_handler(btc_msg_t *msg)
                bta_dm_co_ble_set_max_key_size(key_size);
                break;
            }
+            case ESP_BLE_SM_MIN_KEY_SIZE: {
+                uint8_t key_size = 0;
+                STREAM_TO_UINT8(key_size, value);
+                bta_dm_co_ble_set_min_key_size(key_size);
+                break;
+            }
            case ESP_BLE_SM_SET_STATIC_PASSKEY: {
                uint32_t passkey = 0;
                for(uint8_t i = 0; i < arg->set_security_param.len; i++)
--- a/components/bt/host/bluedroid/common/include/common/bte_appl.h
+++ b/components/bt/host/bluedroid/common/include/common/bte_appl.h
@ -31,6 +31,7 @@ typedef struct {
    UINT8   ble_init_key;
    UINT8   ble_resp_key;
    UINT8   ble_max_key_size;
+    UINT8   ble_min_key_size;
    UINT8   ble_accept_auth_enable;
    UINT8   oob_support;
 #endif
@ -48,4 +49,4 @@ typedef struct {
 #endif
 } tBTE_BT_APPL_CFG;

-extern tBTE_BT_APPL_CFG bte_bt_appl_cfg;
+extern tBTE_BT_APPL_CFG bte_bt_appl_cfg;
--- a/components/bt/host/bluedroid/stack/smp/smp_utils.c
+++ b/components/bt/host/bluedroid/stack/smp/smp_utils.c
@ -36,6 +36,7 @@
 #include "smp_int.h"
 #include "device/controller.h"
 #include "btm_int.h"
+#include "common/bte_appl.h"

 #define SMP_PAIRING_REQ_SIZE    7
 #define SMP_CONFIRM_CMD_SIZE    (BT_OCTET16_LEN + 1)
@ -1140,9 +1141,27 @@ BOOLEAN smp_pairing_request_response_parameters_are_valid(tSMP_CB *p_cb)
        return FALSE;
    }

-    if ((enc_size < SMP_ENCR_KEY_SIZE_MIN) || (enc_size > SMP_ENCR_KEY_SIZE_MAX)) {
+    /* `bte_appl_cfg.ble_min_enc_key_size` will be `SMP_ENCR_KEY_SIZE_MIN` by
+     * default if not set explicitly  */
+#if (BLE_INCLUDED == TRUE)
+    if (enc_size < bte_appl_cfg.ble_min_key_size) {
        SMP_TRACE_WARNING("Rcvd from the peer cmd 0x%02x with Maximum Encryption \
-            Key value (0x%02x) out of range).\n",
+            Key value (0x%02x) less than minimum required key size).\n",
+                          p_cb->rcvd_cmd_code, enc_size);
+        return FALSE;
+    }
+#else
+    if (enc_size < SMP_ENCR_KEY_SIZE_MIN) {
+        SMP_TRACE_WARNING("Rcvd from the peer cmd 0x%02x with Maximum Encryption \
+            Key value (0x%02x) less than minimum required key size).\n",
+                          p_cb->rcvd_cmd_code, enc_size);
+        return FALSE;
+    }
+#endif
+
+    if (enc_size > SMP_ENCR_KEY_SIZE_MAX) {
+        SMP_TRACE_WARNING("Rcvd from the peer cmd 0x%02x with Maximum Encryption \
+            Key value (0x%02x) greater than supported by stack).\n",
                          p_cb->rcvd_cmd_code, enc_size);
        return FALSE;
    }