Component/bt: add ble disconnect when ACCEPT_SPECIFIED_SEC_AUTH failed

This commit is contained in:
zhiweijian 2018-10-11 11:25:45 +08:00 committed by bot
parent 7c29a39d6f
commit 6b96a3c23b
8 changed files with 71 additions and 67 deletions

View File

@ -4296,9 +4296,6 @@ static UINT8 bta_dm_ble_smp_cback (tBTM_LE_EVT event, BD_ADDR bda, tBTM_LE_EVT_D
switch (event) {
case BTM_LE_IO_REQ_EVT: {
// #if (BT_SSP_INCLUDED == TRUE)
UINT8 enable = bta_dm_co_ble_get_accept_auth_enable();
UINT8 origin_auth = bta_dm_co_ble_get_auth_req();
BTM_BleSetAcceptAuthMode(enable, origin_auth);
bta_dm_co_ble_io_req(bda,
&p_data->io_req.io_cap,
&p_data->io_req.oob_data,

View File

@ -443,25 +443,6 @@ void BTM_BleSetStaticPasskey(BOOLEAN add, UINT32 passkey)
#endif
}
/*******************************************************************************
**
** Function BTM_BleSetAcceptAuthMode
**
** Description This function is called to set only accept specified Authentication
**
**
** Parameters: enable - Whether to enable this function
**
** auth_mode - Authentication mode
**
**
*******************************************************************************/
void BTM_BleSetAcceptAuthMode(UINT8 enable, UINT8 auth_mode)
{
#if SMP_INCLUDED == TRUE
SMP_SetAcceptAuthMode(enable, auth_mode);
#endif
}
/*******************************************************************************
**
** Function BTM_BleConfirmReply

View File

@ -1332,21 +1332,6 @@ void BTM_BlePasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey);
*******************************************************************************/
void BTM_BleSetStaticPasskey(BOOLEAN add, UINT32 passkey);
/*******************************************************************************
**
** Function BTM_BleSetAcceptAuthMode
**
** Description This function is called to set only accept specified Authentication
**
**
** Parameters: enable - Whether to enable this function
**
** auth_mode - Authentication mode
**
**
*******************************************************************************/
void BTM_BleSetAcceptAuthMode(UINT8 enable, UINT8 auth_mode);
/*******************************************************************************
**
** Function BTM_BleConfirmReply

View File

@ -417,8 +417,6 @@ extern void SMP_PasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey);
*******************************************************************************/
extern void SMP_SetStaticPasskey (BOOLEAN add, UINT32 passkey);
extern void SMP_SetAcceptAuthMode (UINT8 enable, UINT8 auth_mode);
/*******************************************************************************
**
** Function SMP_ConfirmReply

View File

@ -301,6 +301,7 @@ typedef struct {
tSMP_OOB_FLAG loc_oob_flag;
tSMP_AUTH_REQ peer_auth_req;
tSMP_AUTH_REQ loc_auth_req;
tSMP_AUTH_REQ auth_mode;
BOOLEAN secure_connections_only_mode_required;/* TRUE if locally SM is required to operate */
/* either in Secure Connections mode or not at all */
tSMP_ASSO_MODEL selected_association_model;

View File

@ -52,6 +52,9 @@ const tSMP_ACT smp_distribute_act [] = {
smp_set_derive_link_key
};
extern UINT8 bta_dm_co_ble_get_accept_auth_enable(void);
extern UINT8 bta_dm_co_ble_get_auth_req(void);
static bool lmp_version_below(BD_ADDR bda, uint8_t version)
{
tACL_CONN *acl = btm_bda_to_acl(bda, BT_TRANSPORT_LE);
@ -498,6 +501,33 @@ void smp_proc_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
p_cb->status = *(UINT8 *)p_data;
}
/*******************************************************************************
** Function smp_get_auth_mode
** Description Get the SMP pairing auth mode
*******************************************************************************/
uint16_t smp_get_auth_mode (tSMP_ASSO_MODEL model)
{
SMP_TRACE_DEBUG("%s model %d", __func__, model);
uint16_t auth = 0;
if (model == SMP_MODEL_ENCRYPTION_ONLY || model == SMP_MODEL_SEC_CONN_JUSTWORKS) {
//No MITM
if(model == SMP_MODEL_SEC_CONN_JUSTWORKS) {
//SC SMP_SC_SUPPORT_BIT
auth |= SMP_SC_SUPPORT_BIT;
}
} else if (model <= SMP_MODEL_KEY_NOTIF) {
//NO SC, MITM
auth |= SMP_AUTH_YN_BIT;
} else if (model <= SMP_MODEL_SEC_CONN_OOB) {
//SC, MITM
auth |= SMP_SC_SUPPORT_BIT;
auth |= SMP_AUTH_YN_BIT;
} else {
auth = 0;
}
return auth;
}
/*******************************************************************************
** Function smp_proc_pair_cmd
** Description Process the SMP pairing request/response from peer device
@ -528,7 +558,8 @@ void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
return;
}
p_cb->accept_specified_sec_auth = bta_dm_co_ble_get_accept_auth_enable();
p_cb->origin_loc_auth_req = bta_dm_co_ble_get_auth_req();
if (p_cb->role == HCI_ROLE_SLAVE) {
if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)) {
/* peer (master) started pairing sending Pairing Request */
@ -551,10 +582,18 @@ void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
return;
}
if(p_cb->accept_specified_sec_auth) {
if((p_cb->origin_loc_auth_req & p_cb->peer_auth_req & p_cb->loc_auth_req) != p_cb->origin_loc_auth_req ) {
SMP_TRACE_ERROR("%s pairing failed - slave requires 0x%x auth but peer auth req 0x%x local auth req 0x%x",
uint16_t auth = smp_get_auth_mode(p_cb->selected_association_model);
if(p_cb->peer_auth_req & p_cb->loc_auth_req & SMP_AUTH_GEN_BOND) {
auth |= SMP_AUTH_GEN_BOND;
}
p_cb->auth_mode = auth;
if (p_cb->accept_specified_sec_auth) {
if ((auth & p_cb->origin_loc_auth_req) != p_cb->origin_loc_auth_req ) {
SMP_TRACE_ERROR("%s pairing failed - slave requires auth is 0x%x but peer auth is 0x%x local auth is 0x%x",
__func__, p_cb->origin_loc_auth_req, p_cb->peer_auth_req, p_cb->loc_auth_req);
if (BTM_IsAclConnectionUp(p_cb->pairing_bda, BT_TRANSPORT_LE)) {
btm_remove_acl (p_cb->pairing_bda, BT_TRANSPORT_LE);
}
reason = SMP_PAIR_AUTH_FAIL;
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
}
@ -581,10 +620,18 @@ void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
return;
}
uint16_t auth = smp_get_auth_mode(p_cb->selected_association_model);
if(p_cb->peer_auth_req & p_cb->loc_auth_req & SMP_AUTH_GEN_BOND) {
auth |= SMP_AUTH_GEN_BOND;
}
p_cb->auth_mode = auth;
if (p_cb->accept_specified_sec_auth) {
if ((p_cb->origin_loc_auth_req & p_cb->peer_auth_req & p_cb->loc_auth_req) != p_cb->origin_loc_auth_req ) {
SMP_TRACE_ERROR("%s pairing failed - master requires 0x%x auth but peer auth req 0x%x local auth req 0x%x",
if ((auth & p_cb->origin_loc_auth_req) != p_cb->origin_loc_auth_req ) {
SMP_TRACE_ERROR("%s pairing failed - master requires auth is 0x%x but peer auth is 0x%x local auth is 0x%x",
__func__, p_cb->origin_loc_auth_req, p_cb->peer_auth_req, p_cb->loc_auth_req);
if (BTM_IsAclConnectionUp(p_cb->pairing_bda, BT_TRANSPORT_LE)) {
btm_remove_acl (p_cb->pairing_bda, BT_TRANSPORT_LE);
}
reason = SMP_PAIR_AUTH_FAIL;
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
}
@ -1334,6 +1381,22 @@ void smp_process_io_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
return;
}
uint16_t auth = smp_get_auth_mode(p_cb->selected_association_model);
if(p_cb->peer_auth_req & p_cb->loc_auth_req & SMP_AUTH_GEN_BOND) {
auth |= SMP_AUTH_GEN_BOND;
}
p_cb->auth_mode = auth;
if (p_cb->accept_specified_sec_auth) {
if ((auth & p_cb->origin_loc_auth_req) != p_cb->origin_loc_auth_req ) {
SMP_TRACE_ERROR("pairing failed - slave requires auth is 0x%x but peer auth is 0x%x local auth is 0x%x",
p_cb->origin_loc_auth_req, p_cb->peer_auth_req, p_cb->loc_auth_req);
if (BTM_IsAclConnectionUp(p_cb->pairing_bda, BT_TRANSPORT_LE)) {
btm_remove_acl (p_cb->pairing_bda, BT_TRANSPORT_LE);
}
reason = SMP_PAIR_AUTH_FAIL;
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
}
}
if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) {
if (smp_request_oob_data(p_cb)) {

View File

@ -354,27 +354,6 @@ void SMP_SetStaticPasskey (BOOLEAN add, UINT32 passkey)
}
}
/*******************************************************************************
**
** Function SMP_SetAcceptAuthMode
**
** Description This function is called to set only accept specified Authentication
**
**
** Parameters: enable - Whether to enable this function
**
** auth_mode - Authentication mode
**
**
*******************************************************************************/
void SMP_SetAcceptAuthMode (UINT8 enable, UINT8 auth_mode)
{
tSMP_CB *p_cb = & smp_cb;
p_cb->accept_specified_sec_auth = enable;
p_cb->origin_loc_auth_req = auth_mode;
}
/*******************************************************************************
**
** Function SMP_ConfirmReply

View File

@ -973,7 +973,7 @@ void smp_proc_pairing_cmpl(tSMP_CB *p_cb)
evt_data.cmplt.auth_mode = 0;
if (p_cb->status == SMP_SUCCESS) {
evt_data.cmplt.sec_level = p_cb->sec_level;
evt_data.cmplt.auth_mode = (p_cb->peer_auth_req & p_cb->loc_auth_req);
evt_data.cmplt.auth_mode = p_cb->auth_mode;
}
evt_data.cmplt.is_pair_cancel = FALSE;