From 512e4d58368443a5b3d76d9cd43bacb16142cc67 Mon Sep 17 00:00:00 2001 From: zhiweijian Date: Fri, 27 Jul 2018 11:18:52 +0800 Subject: [PATCH] Component/bt: fix SC_MITM_BOND failed in smp for iphones --- components/bt/bluedroid/stack/btm/btm_ble.c | 2 +- components/bt/bluedroid/stack/btm/btm_sec.c | 13 ++----------- .../bt/bluedroid/stack/btm/include/btm_int.h | 2 +- components/bt/bluedroid/stack/l2cap/l2c_api.c | 2 +- components/bt/bluedroid/stack/smp/smp_act.c | 14 +++++++++++++- .../main/example_ble_sec_gatts_demo.c | 3 +++ 6 files changed, 21 insertions(+), 15 deletions(-) diff --git a/components/bt/bluedroid/stack/btm/btm_ble.c b/components/bt/bluedroid/stack/btm/btm_ble.c index 838aaec6c2..0de41650c0 100644 --- a/components/bt/bluedroid/stack/btm/btm_ble.c +++ b/components/bt/bluedroid/stack/btm/btm_ble.c @@ -1225,7 +1225,7 @@ void btm_sec_save_le_key(BD_ADDR bd_addr, tBTM_LE_KEY_TYPE key_type, tBTM_LE_KEY /* Set that link key is known since this shares field with BTM_SEC_FLAG_LKEY_KNOWN flag in stack/btm_api.h*/ p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_KNOWN; - if ( p_keys->pcsrk_key.sec_level == SMP_SEC_AUTHENTICATED) { + if ( p_keys->lenc_key.sec_level == SMP_SEC_AUTHENTICATED) { p_rec->sec_flags |= BTM_SEC_LE_LINK_KEY_AUTHED; } else { p_rec->sec_flags &= ~BTM_SEC_LE_LINK_KEY_AUTHED; diff --git a/components/bt/bluedroid/stack/btm/btm_sec.c b/components/bt/bluedroid/stack/btm/btm_sec.c index f195c4174c..3b928abc8f 100644 --- a/components/bt/bluedroid/stack/btm/btm_sec.c +++ b/components/bt/bluedroid/stack/btm/btm_sec.c @@ -1361,7 +1361,7 @@ tBTM_STATUS BTM_SetEncryption (BD_ADDR bd_addr, tBT_TRANSPORT transport, tBTM_SE return (BTM_SUCCESS); } - + p_dev_rec->enc_init_by_we = TRUE; /* enqueue security request if security is active */ if (p_dev_rec->p_callback || (p_dev_rec->sec_state != BTM_SEC_STATE_IDLE)) { BTM_TRACE_WARNING ("Security Manager: BTM_SetEncryption busy, enqueue request\n"); @@ -4018,7 +4018,6 @@ void btm_sec_encrypt_change (UINT16 handle, UINT8 status, UINT8 encr_enable) #if BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE tACL_CONN *p_acl = NULL; UINT8 acl_idx = btm_handle_to_acl_index(handle); - tGATT_TCB *p_tcb = NULL; #endif BTM_TRACE_EVENT ("Security Manager: encrypt_change status:%d State:%d, encr_enable = %d\n", status, (p_dev_rec) ? p_dev_rec->sec_state : 0, encr_enable); @@ -4046,14 +4045,6 @@ void btm_sec_encrypt_change (UINT16 handle, UINT8 status, UINT8 encr_enable) p_dev_rec->sec_flags |= BTM_SEC_16_DIGIT_PIN_AUTHED; } } else { -#if BLE_INCLUDED == TRUE - /* Before the application layer has received the connection event, the device has received an - encrypted request from the peer device. The device should wait until the application layer - receives the connection event before updating 'sec_flags'. */ - if ((p_tcb = gatt_find_tcb_by_addr(p_dev_rec->ble.pseudo_addr, BT_TRANSPORT_LE)) == NULL) { - //do nothing - } else -#endif p_dev_rec->sec_flags |= (BTM_SEC_LE_AUTHENTICATED | BTM_SEC_LE_ENCRYPTED); } } @@ -4543,7 +4534,7 @@ void btm_sec_disconnected (UINT16 handle, UINT8 reason) if (!p_dev_rec) { return; } - + p_dev_rec->enc_init_by_we = FALSE; transport = (handle == p_dev_rec->hci_handle) ? BT_TRANSPORT_BR_EDR : BT_TRANSPORT_LE; p_dev_rec->rs_disc_pending = BTM_SEC_RS_NOT_PENDING; /* reset flag */ diff --git a/components/bt/bluedroid/stack/btm/include/btm_int.h b/components/bt/bluedroid/stack/btm/include/btm_int.h index bde7af9a2e..5b678af166 100644 --- a/components/bt/bluedroid/stack/btm/include/btm_int.h +++ b/components/bt/bluedroid/stack/btm/include/btm_int.h @@ -618,7 +618,7 @@ typedef struct { // btla-specific -- #define BTM_SEC_NO_LAST_SERVICE_ID 0 UINT8 last_author_service_id; /* ID of last serviced authorized: Reset after each l2cap connection */ - + BOOLEAN enc_init_by_we; } tBTM_SEC_DEV_REC; #define BTM_SEC_IS_SM4(sm) ((BOOLEAN)(BTM_SM4_TRUE == ((sm)&BTM_SM4_TRUE))) diff --git a/components/bt/bluedroid/stack/l2cap/l2c_api.c b/components/bt/bluedroid/stack/l2cap/l2c_api.c index 7c7404e2a4..5637cac647 100644 --- a/components/bt/bluedroid/stack/l2cap/l2c_api.c +++ b/components/bt/bluedroid/stack/l2cap/l2c_api.c @@ -1887,7 +1887,7 @@ BOOLEAN L2CA_RemoveFixedChnl (UINT16 fixed_cid, BD_ADDR rem_bda) p_lcb = l2cu_find_lcb_by_bd_addr (rem_bda, transport); if ( ((p_lcb) == NULL) || (!p_lcb->p_fixed_ccbs[fixed_cid - L2CAP_FIRST_FIXED_CHNL]) ) { - L2CAP_TRACE_WARNING ("L2CA_RemoveFixedChnl() CID: 0x%04x BDA: %08x%04x not connected", fixed_cid, + L2CAP_TRACE_DEBUG ("L2CA_RemoveFixedChnl() CID: 0x%04x BDA: %08x%04x not connected", fixed_cid, (rem_bda[0] << 24) + (rem_bda[1] << 16) + (rem_bda[2] << 8) + rem_bda[3], (rem_bda[4] << 8) + rem_bda[5]); return (FALSE); } diff --git a/components/bt/bluedroid/stack/smp/smp_act.c b/components/bt/bluedroid/stack/smp/smp_act.c index 0b5d50be2e..ee73e9289f 100644 --- a/components/bt/bluedroid/stack/smp/smp_act.c +++ b/components/bt/bluedroid/stack/smp/smp_act.c @@ -1831,7 +1831,7 @@ void smp_set_local_oob_random_commitment(tSMP_CB *p_cb, tSMP_INT_DATA *p_data) void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable) { tSMP_CB *p_cb = &smp_cb; - + tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (bda); SMP_TRACE_DEBUG("%s encr_enable=%d\n", __func__, encr_enable); if (memcmp(&smp_cb.pairing_bda[0], bda, BD_ADDR_LEN) == 0) { @@ -1842,6 +1842,18 @@ void smp_link_encrypted(BD_ADDR bda, UINT8 encr_enable) btm_ble_update_sec_key_size(bda, p_cb->loc_enc_size); } + smp_sm_event(&smp_cb, SMP_ENCRYPTED_EVT, &encr_enable); + } + else if(p_dev_rec && !p_dev_rec->enc_init_by_we){ + + /* + if enc_init_by_we is false, it means that client initiates encryption before slave calls esp_ble_set_encryption() + we need initiate pairing_bda and p_cb->role then encryption, for example iPhones + */ + memcpy(&smp_cb.pairing_bda[0], bda, BD_ADDR_LEN); + p_cb->state = SMP_STATE_ENCRYPTION_PENDING; + p_cb->role = HCI_ROLE_SLAVE; + p_dev_rec->enc_init_by_we = FALSE; smp_sm_event(&smp_cb, SMP_ENCRYPTED_EVT, &encr_enable); } } diff --git a/examples/bluetooth/gatt_security_server/main/example_ble_sec_gatts_demo.c b/examples/bluetooth/gatt_security_server/main/example_ble_sec_gatts_demo.c index 3f3ce98f0e..eded119d94 100644 --- a/examples/bluetooth/gatt_security_server/main/example_ble_sec_gatts_demo.c +++ b/examples/bluetooth/gatt_security_server/main/example_ble_sec_gatts_demo.c @@ -320,6 +320,9 @@ static void gap_event_handler(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_param (bd_addr[4] << 8) + bd_addr[5]); ESP_LOGI(GATTS_TABLE_TAG, "address type = %d", param->ble_security.auth_cmpl.addr_type); ESP_LOGI(GATTS_TABLE_TAG, "pair status = %s",param->ble_security.auth_cmpl.success ? "success" : "fail"); + if(!param->ble_security.auth_cmpl.success) { + ESP_LOGI(GATTS_TABLE_TAG, "fail reason = 0x%x",param->ble_security.auth_cmpl.fail_reason); + } show_bonded_devices(); break; }