Bluedroid: Authentication fixes in Legacy and Secure Connection.
Prevent a remote device from doing a Bluetooth Impersonation Attack (BIAS) by: - Preventing remote device to downgrade secure connection feature mask. Secure connection feature mask should remain same or increase to enabled in link key generation and authentication. - Doing a mutual authentication during Legacy Authentication. Signed-off-by: Chinmay Chhajed <chinmay.chhajed@espressif.com>
This commit is contained in:
parent
26272af3b4
commit
e3350e7861
16 changed files with 271 additions and 50 deletions
|
@ -92,6 +92,19 @@ menu "Bluetooth"
|
|||
default BTDM_CTRL_AUTO_LATENCY if BTDM_CTRL_MODE_BTDM
|
||||
default n
|
||||
|
||||
config BTDM_CTRL_LEGACY_AUTH_VENDOR_EVT
|
||||
bool "Legacy Authentication Vendor Specific Event Enable"
|
||||
depends on BTDM_CTRL_MODE_BR_EDR_ONLY || BTDM_CTRL_MODE_BTDM
|
||||
default y
|
||||
help
|
||||
To protect from BIAS attack during Legacy authentication,
|
||||
Legacy authentication Vendor specific event should be enabled
|
||||
|
||||
config BTDM_CTRL_LEGACY_AUTH_VENDOR_EVT_EFF
|
||||
bool
|
||||
default BTDM_CTRL_LEGACY_AUTH_VENDOR_EVT if BTDM_CTRL_MODE_BR_EDR_ONLY || BTDM_CTRL_MODE_BTDM
|
||||
default 0
|
||||
|
||||
|
||||
config BTDM_CTRL_BLE_MAX_CONN_EFF
|
||||
int
|
||||
|
|
|
@ -1 +1 @@
|
|||
Subproject commit 17f7ef3432039ccc92ae84855813f832389c6cb6
|
||||
Subproject commit 8451fa0ed40882ca8e71335daee958c6de0341b3
|
|
@ -63,7 +63,7 @@ static UINT8 bta_dm_authorize_cback (BD_ADDR bd_addr, DEV_CLASS dev_class, BD_NA
|
|||
#if (CLASSIC_BT_INCLUDED == TRUE)
|
||||
static UINT8 bta_dm_pin_cback (BD_ADDR bd_addr, DEV_CLASS dev_class, BD_NAME bd_name, BOOLEAN min_16_digit);
|
||||
#endif /// CLASSIC_BT_INCLUDED == TRUE
|
||||
static UINT8 bta_dm_new_link_key_cback(BD_ADDR bd_addr, DEV_CLASS dev_class, BD_NAME bd_name, LINK_KEY key, UINT8 key_type);
|
||||
static UINT8 bta_dm_new_link_key_cback(BD_ADDR bd_addr, DEV_CLASS dev_class, BD_NAME bd_name, LINK_KEY key, UINT8 key_type, BOOLEAN sc_support);
|
||||
static UINT8 bta_dm_authentication_complete_cback(BD_ADDR bd_addr, DEV_CLASS dev_class, BD_NAME bd_name, int result);
|
||||
#endif ///SMP_INCLUDED == TRUE
|
||||
static void bta_dm_local_name_cback(BD_ADDR bd_addr);
|
||||
|
@ -1063,7 +1063,7 @@ void bta_dm_add_device (tBTA_DM_MSG *p_data)
|
|||
|
||||
if (!BTM_SecAddDevice (p_dev->bd_addr, p_dc, p_dev->bd_name, p_dev->features,
|
||||
trusted_services_mask, p_lc, p_dev->key_type, p_dev->io_cap,
|
||||
p_dev->pin_length)) {
|
||||
p_dev->pin_length, p_dev->sc_support)) {
|
||||
APPL_TRACE_ERROR ("BTA_DM: Error adding device %08x%04x",
|
||||
(p_dev->bd_addr[0] << 24) + (p_dev->bd_addr[1] << 16) + (p_dev->bd_addr[2] << 8) + p_dev->bd_addr[3],
|
||||
(p_dev->bd_addr[4] << 8) + p_dev->bd_addr[5]);
|
||||
|
@ -2988,7 +2988,8 @@ static UINT8 bta_dm_pin_cback (BD_ADDR bd_addr, DEV_CLASS dev_class, BD_NAME bd_
|
|||
**
|
||||
*******************************************************************************/
|
||||
static UINT8 bta_dm_new_link_key_cback(BD_ADDR bd_addr, DEV_CLASS dev_class,
|
||||
BD_NAME bd_name, LINK_KEY key, UINT8 key_type)
|
||||
BD_NAME bd_name, LINK_KEY key, UINT8 key_type,
|
||||
BOOLEAN sc_support)
|
||||
{
|
||||
tBTA_DM_SEC sec_event;
|
||||
tBTA_DM_AUTH_CMPL *p_auth_cmpl;
|
||||
|
@ -3010,6 +3011,7 @@ static UINT8 bta_dm_new_link_key_cback(BD_ADDR bd_addr, DEV_CLASS dev_class,
|
|||
p_auth_cmpl->key_present = TRUE;
|
||||
p_auth_cmpl->key_type = key_type;
|
||||
p_auth_cmpl->success = TRUE;
|
||||
p_auth_cmpl->sc_support = sc_support;
|
||||
|
||||
memcpy(p_auth_cmpl->key, key, LINK_KEY_LEN);
|
||||
sec_event.auth_cmpl.fail_reason = HCI_SUCCESS;
|
||||
|
@ -3287,6 +3289,7 @@ static void bta_dm_bl_change_cback (tBTM_BL_EVENT_DATA *p_data)
|
|||
|
||||
switch (p_msg->event) {
|
||||
case BTM_BL_CONN_EVT:
|
||||
p_msg->sc_downgrade = p_data->conn.sc_downgrade;
|
||||
p_msg->is_new = TRUE;
|
||||
bdcpy(p_msg->bd_addr, p_data->conn.p_bda);
|
||||
#if BLE_INCLUDED == TRUE
|
||||
|
@ -3513,6 +3516,7 @@ void bta_dm_acl_change(tBTA_DM_MSG *p_data)
|
|||
APPL_TRACE_DEBUG("%s info: 0x%x", __func__, bta_dm_cb.device_list.peer_device[i].info);
|
||||
|
||||
if (bta_dm_cb.p_sec_cback) {
|
||||
conn.link_up.sc_downgrade = p_data->acl_change.sc_downgrade;
|
||||
bta_dm_cb.p_sec_cback(BTA_DM_LINK_UP_EVT, (tBTA_DM_SEC *)&conn);
|
||||
}
|
||||
} else {
|
||||
|
|
|
@ -733,7 +733,8 @@ void BTA_DmPasskeyReqReply(BOOLEAN accept, BD_ADDR bd_addr, UINT32 passkey)
|
|||
*******************************************************************************/
|
||||
void BTA_DmAddDevice(BD_ADDR bd_addr, DEV_CLASS dev_class, LINK_KEY link_key,
|
||||
tBTA_SERVICE_MASK trusted_mask, BOOLEAN is_trusted,
|
||||
UINT8 key_type, tBTA_IO_CAP io_cap, UINT8 pin_length)
|
||||
UINT8 key_type, tBTA_IO_CAP io_cap, UINT8 pin_length,
|
||||
UINT8 sc_support)
|
||||
{
|
||||
|
||||
tBTA_DM_API_ADD_DEVICE *p_msg;
|
||||
|
@ -746,6 +747,7 @@ void BTA_DmAddDevice(BD_ADDR bd_addr, DEV_CLASS dev_class, LINK_KEY link_key,
|
|||
p_msg->tm = trusted_mask;
|
||||
p_msg->is_trusted = is_trusted;
|
||||
p_msg->io_cap = io_cap;
|
||||
p_msg->sc_support = sc_support;
|
||||
|
||||
if (link_key) {
|
||||
p_msg->link_key_known = TRUE;
|
||||
|
|
|
@ -433,6 +433,7 @@ typedef struct {
|
|||
UINT8 new_role;
|
||||
BD_ADDR bd_addr;
|
||||
UINT8 hci_status;
|
||||
BOOLEAN sc_downgrade;
|
||||
#if BLE_INCLUDED == TRUE
|
||||
UINT16 handle;
|
||||
#endif
|
||||
|
@ -474,6 +475,7 @@ typedef struct {
|
|||
BD_NAME bd_name;
|
||||
UINT8 features[BTA_FEATURE_BYTES_PER_PAGE * (BTA_EXT_FEATURES_PAGE_MAX + 1)];
|
||||
UINT8 pin_length;
|
||||
UINT8 sc_support;
|
||||
} tBTA_DM_API_ADD_DEVICE;
|
||||
|
||||
/* data type for BTA_DM_API_REMOVE_ACL_EVT */
|
||||
|
|
|
@ -784,6 +784,7 @@ typedef struct {
|
|||
tBLE_ADDR_TYPE addr_type; /* Peer device address type */
|
||||
tBT_DEVICE_TYPE dev_type;
|
||||
UINT8 auth_mode;
|
||||
BOOLEAN sc_support; /* Denotes if peer device supported secure connection while bonding. */
|
||||
} tBTA_DM_AUTH_CMPL;
|
||||
|
||||
|
||||
|
@ -799,6 +800,7 @@ typedef struct {
|
|||
|
||||
/* Structure associated with BTA_DM_LINK_UP_EVT */
|
||||
typedef struct {
|
||||
BOOLEAN sc_downgrade; /* Security downgrade state. */
|
||||
BD_ADDR bd_addr; /* BD address peer device. */
|
||||
#if BLE_INCLUDED == TRUE
|
||||
tBTA_TRANSPORT link_type;
|
||||
|
@ -1757,7 +1759,8 @@ extern void BTA_DmPasskeyReqReply(BOOLEAN accept, BD_ADDR bd_addr, UINT32 passke
|
|||
extern void BTA_DmAddDevice(BD_ADDR bd_addr, DEV_CLASS dev_class,
|
||||
LINK_KEY link_key, tBTA_SERVICE_MASK trusted_mask,
|
||||
BOOLEAN is_trusted, UINT8 key_type,
|
||||
tBTA_IO_CAP io_cap, UINT8 pin_length);
|
||||
tBTA_IO_CAP io_cap, UINT8 pin_length,
|
||||
UINT8 sc_support);
|
||||
|
||||
/*******************************************************************************
|
||||
**
|
||||
|
|
|
@ -303,6 +303,27 @@ static void btc_dm_ble_auth_cmpl_evt (tBTA_DM_AUTH_CMPL *p_auth_cmpl)
|
|||
#endif ///BLE_INCLUDED == TRUE
|
||||
#endif ///SMP_INCLUDED == TRUE
|
||||
|
||||
static void btc_dm_link_up_evt(tBTA_DM_LINK_UP *p_link_up)
|
||||
{
|
||||
BD_ADDR bd_addr;
|
||||
bt_bdaddr_t bt_bdaddr;
|
||||
|
||||
memcpy(bd_addr, p_link_up->bd_addr, sizeof(BD_ADDR));
|
||||
memcpy(bt_bdaddr.address, p_link_up->bd_addr, sizeof(BD_ADDR));
|
||||
|
||||
if (p_link_up->sc_downgrade == 1) {
|
||||
if (btc_storage_remove_bonded_device(&bt_bdaddr) == BT_STATUS_SUCCESS) {
|
||||
if (BTA_DmRemoveDevice(bd_addr, BT_TRANSPORT_BR_EDR) == BTA_SUCCESS) {
|
||||
BTC_TRACE_EVENT(" %s() Bonding information removed.", __FUNCTION__);
|
||||
} else {
|
||||
BTC_TRACE_ERROR(" %s() BTA_DmRemoveDevice error", __FUNCTION__);
|
||||
}
|
||||
} else {
|
||||
BTC_TRACE_ERROR(" %s() btc_storage_remove_bonded_device error", __FUNCTION__);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static void btc_dm_auth_cmpl_evt (tBTA_DM_AUTH_CMPL *p_auth_cmpl)
|
||||
{
|
||||
/* Save link key, if not temporary */
|
||||
|
@ -326,7 +347,7 @@ static void btc_dm_auth_cmpl_evt (tBTA_DM_AUTH_CMPL *p_auth_cmpl)
|
|||
__FUNCTION__, p_auth_cmpl->key_type);
|
||||
ret = btc_storage_add_bonded_device(&bd_addr,
|
||||
p_auth_cmpl->key, p_auth_cmpl->key_type,
|
||||
16);
|
||||
16, p_auth_cmpl->sc_support);
|
||||
BTC_ASSERTC(ret == BT_STATUS_SUCCESS, "storing link key failed", ret);
|
||||
} else {
|
||||
BTC_TRACE_DEBUG("%s: Temporary key. Not storing. key_type=0x%x",
|
||||
|
@ -678,6 +699,7 @@ void btc_dm_sec_cb_handler(btc_msg_t *msg)
|
|||
}
|
||||
#endif /* BTC_GAP_BT_INCLUDED == TRUE */
|
||||
case BTA_DM_LINK_UP_EVT:
|
||||
btc_dm_link_up_evt(&p_data->link_up);
|
||||
case BTA_DM_LINK_DOWN_EVT:
|
||||
case BTA_DM_HW_ERROR_EVT:
|
||||
BTC_TRACE_DEBUG( "btc_dm_sec_cback : unhandled event (%d)\n", msg->act );
|
||||
|
|
|
@ -37,7 +37,8 @@
|
|||
bt_status_t btc_storage_add_bonded_device(bt_bdaddr_t *remote_bd_addr,
|
||||
LINK_KEY link_key,
|
||||
uint8_t key_type,
|
||||
uint8_t pin_length)
|
||||
uint8_t pin_length,
|
||||
BOOLEAN sc_support)
|
||||
{
|
||||
bdstr_t bdstr;
|
||||
|
||||
|
@ -48,6 +49,7 @@ bt_status_t btc_storage_add_bonded_device(bt_bdaddr_t *remote_bd_addr,
|
|||
int ret = btc_config_set_int(bdstr, BTC_STORAGE_LINK_KEY_TYPE_STR, (int)key_type);
|
||||
ret &= btc_config_set_int(bdstr, BTC_STORAGE_PIN_LENGTH_STR, (int)pin_length);
|
||||
ret &= btc_config_set_bin(bdstr, BTC_STORAGE_LINK_KEY_STR, link_key, sizeof(LINK_KEY));
|
||||
ret &= btc_config_set_bin(bdstr, BTC_STORAGE_SC_SUPPORT, (uint8_t *)&sc_support, sizeof(sc_support));
|
||||
/* write bonded info immediately */
|
||||
btc_config_flush();
|
||||
btc_config_unlock();
|
||||
|
@ -69,6 +71,7 @@ bt_status_t btc_storage_add_bonded_device(bt_bdaddr_t *remote_bd_addr,
|
|||
static bt_status_t btc_in_fetch_bonded_devices(int add)
|
||||
{
|
||||
BOOLEAN bt_linkkey_file_found = FALSE;
|
||||
UINT8 sc_support = 0;
|
||||
|
||||
btc_config_lock();
|
||||
for (const btc_config_section_iter_t *iter = btc_config_section_begin(); iter != btc_config_section_end(); iter = btc_config_section_next(iter)) {
|
||||
|
@ -93,9 +96,11 @@ static bt_status_t btc_in_fetch_bonded_devices(int add)
|
|||
uint2devclass((UINT32)cod, dev_class);
|
||||
}
|
||||
btc_config_get_int(name, BTC_STORAGE_PIN_LENGTH_STR, &pin_length);
|
||||
size = sizeof(sc_support);
|
||||
btc_config_get_bin(name, BTC_STORAGE_SC_SUPPORT, &sc_support, &size);
|
||||
#if (SMP_INCLUDED == TRUE)
|
||||
BTA_DmAddDevice(bd_addr.address, dev_class, link_key, 0, 0,
|
||||
(UINT8)linkkey_type, 0, pin_length);
|
||||
(UINT8)linkkey_type, 0, pin_length, (UINT8)sc_support);
|
||||
#endif ///SMP_INCLUDED == TRUE
|
||||
}
|
||||
bt_linkkey_file_found = TRUE;
|
||||
|
@ -160,6 +165,9 @@ bt_status_t btc_storage_remove_bonded_device(bt_bdaddr_t *remote_bd_addr)
|
|||
if (btc_config_exist(bdstr, BTC_STORAGE_LINK_KEY_STR)) {
|
||||
ret &= btc_config_remove(bdstr, BTC_STORAGE_LINK_KEY_STR);
|
||||
}
|
||||
if (btc_config_exist(bdstr, BTC_STORAGE_SC_SUPPORT)) {
|
||||
ret &= btc_config_remove(bdstr, BTC_STORAGE_SC_SUPPORT);
|
||||
}
|
||||
/* write bonded info immediately */
|
||||
btc_config_flush();
|
||||
btc_config_unlock();
|
||||
|
@ -187,6 +195,7 @@ int btc_storage_get_num_bt_bond_devices(void)
|
|||
if (string_is_bdaddr(name) &&
|
||||
btc_config_exist(name, BTC_STORAGE_LINK_KEY_TYPE_STR) &&
|
||||
btc_config_exist(name, BTC_STORAGE_PIN_LENGTH_STR) &&
|
||||
btc_config_exist(name, BTC_STORAGE_SC_SUPPORT) &&
|
||||
btc_config_exist(name, BTC_STORAGE_LINK_KEY_STR)) {
|
||||
num_dev++;
|
||||
}
|
||||
|
@ -223,6 +232,7 @@ bt_status_t btc_storage_get_bonded_bt_devices_list(bt_bdaddr_t *bond_dev, int de
|
|||
if (string_is_bdaddr(name) &&
|
||||
btc_config_exist(name, BTC_STORAGE_LINK_KEY_TYPE_STR) &&
|
||||
btc_config_exist(name, BTC_STORAGE_PIN_LENGTH_STR) &&
|
||||
btc_config_exist(name, BTC_STORAGE_SC_SUPPORT) &&
|
||||
btc_config_exist(name, BTC_STORAGE_LINK_KEY_STR)) {
|
||||
string_to_bdaddr(name, &bd_addr);
|
||||
memcpy(bond_dev, &bd_addr, sizeof(bt_bdaddr_t));
|
||||
|
|
|
@ -25,6 +25,7 @@
|
|||
#define BTC_STORAGE_LINK_KEY_STR "LinkKey" /* same as the ble */
|
||||
#define BTC_STORAGE_LINK_KEY_TYPE_STR "LinkKeyType"
|
||||
#define BTC_STORAGE_PIN_LENGTH_STR "PinLength"
|
||||
#define BTC_STORAGE_SC_SUPPORT "SCSupport"
|
||||
|
||||
/*******************************************************************************
|
||||
**
|
||||
|
@ -40,7 +41,8 @@
|
|||
bt_status_t btc_storage_add_bonded_device(bt_bdaddr_t *remote_bd_addr,
|
||||
LINK_KEY link_key,
|
||||
uint8_t key_type,
|
||||
uint8_t pin_length);
|
||||
uint8_t pin_length,
|
||||
BOOLEAN sc_support);
|
||||
|
||||
/*******************************************************************************
|
||||
**
|
||||
|
|
|
@ -276,6 +276,9 @@ void btm_acl_created (BD_ADDR bda, DEV_CLASS dc, BD_NAME bdn,
|
|||
|
||||
btm_pm_sm_alloc(xx);
|
||||
|
||||
#if (CLASSIC_BT_INCLUDED == TRUE)
|
||||
btm_sec_update_legacy_auth_state(p, BTM_ACL_LEGACY_AUTH_NONE);
|
||||
#endif
|
||||
|
||||
if (dc) {
|
||||
memcpy (p->remote_dc, dc, DEV_CLASS_LEN);
|
||||
|
@ -299,6 +302,7 @@ void btm_acl_created (BD_ADDR bda, DEV_CLASS dc, BD_NAME bdn,
|
|||
#endif
|
||||
|
||||
if (p_dev_rec && !(transport == BT_TRANSPORT_LE)) {
|
||||
if (!p_dev_rec->remote_secure_connection_previous_state) {
|
||||
/* If remote features already known, copy them and continue connection setup */
|
||||
if ((p_dev_rec->num_read_pages) &&
|
||||
(p_dev_rec->num_read_pages <= (HCI_EXT_FEATURES_PAGE_MAX + 1))) {
|
||||
|
@ -322,6 +326,11 @@ void btm_acl_created (BD_ADDR bda, DEV_CLASS dc, BD_NAME bdn,
|
|||
btm_establish_continue (p);
|
||||
return;
|
||||
}
|
||||
} else {
|
||||
/* If remote features indicated secure connection (SC) mode, check the remote feautres again*/
|
||||
/* this is to prevent from BIAS attack where attacker can downgrade SC mode*/
|
||||
btm_read_remote_features (p->hci_handle);
|
||||
}
|
||||
}
|
||||
|
||||
#if (BLE_INCLUDED == TRUE)
|
||||
|
@ -791,6 +800,22 @@ void btm_acl_encrypt_change (UINT16 handle, UINT8 status, UINT8 encr_enable)
|
|||
}
|
||||
#endif
|
||||
}
|
||||
#if (CLASSIC_BT_INCLUDED == TRUE)
|
||||
/* If authentication is done through legacy authentication and esp32 has
|
||||
* not authenticated peer deivce yet, do not proceed for encrytion and
|
||||
* first authenticate it. */
|
||||
else if ((BTM_BothEndsSupportSecureConnections(p->remote_addr) == 0) &&
|
||||
((p->legacy_auth_state & BTM_ACL_LEGACY_AUTH_SELF) == 0)) {
|
||||
if ((p_dev_rec = btm_find_dev (p->remote_addr)) != NULL) {
|
||||
if (btm_sec_legacy_authentication_mutual(p_dev_rec)) {
|
||||
btm_sec_update_legacy_auth_state(btm_bda_to_acl(p_dev_rec->bd_addr, BT_TRANSPORT_BR_EDR), BTM_ACL_LEGACY_AUTH_SELF);
|
||||
} else {
|
||||
BTM_TRACE_ERROR("%s failed, Resources not available for Authentication procedure", __FUNCTION__);
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
}
|
||||
/*******************************************************************************
|
||||
**
|
||||
|
@ -1212,6 +1237,7 @@ void btm_establish_continue (tACL_CONN *p_acl_cb)
|
|||
evt_data.conn.p_bdn = p_acl_cb->remote_name;
|
||||
evt_data.conn.p_dc = p_acl_cb->remote_dc;
|
||||
evt_data.conn.p_features = p_acl_cb->peer_lmp_features[HCI_EXT_FEATURES_PAGE_0];
|
||||
evt_data.conn.sc_downgrade = p_acl_cb->sc_downgrade;
|
||||
#if BLE_INCLUDED == TRUE
|
||||
evt_data.conn.handle = p_acl_cb->hci_handle;
|
||||
evt_data.conn.transport = p_acl_cb->transport;
|
||||
|
|
|
@ -60,7 +60,7 @@ static tBTM_SEC_DEV_REC *btm_find_oldest_dev (void);
|
|||
BOOLEAN BTM_SecAddDevice (BD_ADDR bd_addr, DEV_CLASS dev_class, BD_NAME bd_name,
|
||||
UINT8 *features, UINT32 trusted_mask[],
|
||||
LINK_KEY link_key, UINT8 key_type, tBTM_IO_CAP io_cap,
|
||||
UINT8 pin_length)
|
||||
UINT8 pin_length, UINT8 sc_support)
|
||||
{
|
||||
#if (SMP_INCLUDED == TRUE)
|
||||
tBTM_SEC_DEV_REC *p_dev_rec;
|
||||
|
@ -99,6 +99,7 @@ BOOLEAN BTM_SecAddDevice (BD_ADDR bd_addr, DEV_CLASS dev_class, BD_NAME bd_name,
|
|||
|
||||
p_dev_rec->bond_type = BOND_TYPE_UNKNOWN; /* Default value */
|
||||
p_dev_rec->timestamp = btm_cb.dev_rec_count++;
|
||||
p_dev_rec->remote_secure_connection_previous_state = sc_support;
|
||||
|
||||
if (dev_class) {
|
||||
memcpy (p_dev_rec->dev_class, dev_class, DEV_CLASS_LEN);
|
||||
|
|
|
@ -792,13 +792,24 @@ void btm_vendor_specific_evt (UINT8 *p, UINT8 evt_len)
|
|||
{
|
||||
UINT8 i;
|
||||
|
||||
BTM_TRACE_DEBUG ("BTM Event: Vendor Specific event from controller");
|
||||
#if (CLASSIC_BT_INCLUDED == TRUE)
|
||||
UINT8 sub_event;
|
||||
UINT8 *p_evt = p;
|
||||
|
||||
STREAM_TO_UINT8(sub_event, p_evt);
|
||||
/* Check in subevent if authentication is through Legacy Authentication. */
|
||||
if (sub_event == ESP_VS_REM_LEGACY_AUTH_CMP) {
|
||||
UINT16 hci_handle;
|
||||
STREAM_TO_UINT16(hci_handle, p_evt);
|
||||
btm_sec_handle_remote_legacy_auth_cmp(hci_handle);
|
||||
}
|
||||
#endif /// (CLASSIC_BT_INCLUDED == TRUE)
|
||||
for (i = 0; i < BTM_MAX_VSE_CALLBACKS; i++) {
|
||||
if (btm_cb.devcb.p_vend_spec_cb[i]) {
|
||||
(*btm_cb.devcb.p_vend_spec_cb[i])(evt_len, p);
|
||||
}
|
||||
}
|
||||
BTM_TRACE_DEBUG ("BTM Event: Vendor Specific event from controller");
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -3931,10 +3931,11 @@ void btm_sec_auth_complete (UINT16 handle, UINT8 status)
|
|||
(BTM_SEC_AUTHENTICATED | BTM_SEC_ENCRYPTED))) {
|
||||
status = HCI_SUCCESS;
|
||||
}
|
||||
|
||||
/* Currently we do not notify user if it is a keyboard which connects */
|
||||
/* User probably Disabled the keyboard while it was asleap. Let her try */
|
||||
/* User probably Disabled the keyboard while it was asleep. Let her try */
|
||||
if (btm_cb.api.p_auth_complete_callback) {
|
||||
/* report the suthentication status */
|
||||
/* report the authentication status */
|
||||
if (old_state != BTM_PAIR_STATE_IDLE) {
|
||||
(*btm_cb.api.p_auth_complete_callback) (p_dev_rec->bd_addr,
|
||||
p_dev_rec->dev_class,
|
||||
|
@ -3944,6 +3945,9 @@ void btm_sec_auth_complete (UINT16 handle, UINT8 status)
|
|||
|
||||
p_dev_rec->sec_state = BTM_SEC_STATE_IDLE;
|
||||
|
||||
#if (CLASSIC_BT_INCLUDED == TRUE)
|
||||
btm_sec_update_legacy_auth_state(btm_bda_to_acl(p_dev_rec->bd_addr, BT_TRANSPORT_BR_EDR), BTM_ACL_LEGACY_AUTH_SELF);
|
||||
#endif
|
||||
/* If this is a bonding procedure can disconnect the link now */
|
||||
if (are_bonding) {
|
||||
p_dev_rec->security_required &= ~BTM_SEC_OUT_AUTHENTICATE;
|
||||
|
@ -4673,12 +4677,24 @@ void btm_sec_link_key_notification (UINT8 *p_bda, UINT8 *p_link_key, UINT8 key_t
|
|||
/* If connection was made to do bonding restore link security if changed */
|
||||
btm_restore_mode();
|
||||
|
||||
/* Store the previous state of secure connection as current state. Since
|
||||
* this is the first encounter with the remote device, whatever the remote
|
||||
* device's SC state is, it cannot lower the SC level from this. */
|
||||
p_dev_rec->remote_secure_connection_previous_state = p_dev_rec->remote_supports_secure_connections;
|
||||
if (p_dev_rec->remote_supports_secure_connections) {
|
||||
BTM_TRACE_EVENT ("Remote device supports Secure Connection");
|
||||
} else {
|
||||
BTM_TRACE_EVENT ("Remote device does not support Secure Connection");
|
||||
}
|
||||
if (key_type != BTM_LKEY_TYPE_CHANGED_COMB) {
|
||||
p_dev_rec->link_key_type = key_type;
|
||||
}
|
||||
|
||||
p_dev_rec->sec_flags |= BTM_SEC_LINK_KEY_KNOWN;
|
||||
|
||||
#if (CLASSIC_BT_INCLUDED == TRUE)
|
||||
btm_sec_update_legacy_auth_state(btm_bda_to_acl(p_dev_rec->bd_addr, BT_TRANSPORT_BR_EDR), BTM_ACL_LEGACY_AUTH_NONE);
|
||||
#endif
|
||||
/*
|
||||
* Until this point in time, we do not know if MITM was enabled, hence we
|
||||
* add the extended security flag here.
|
||||
|
@ -4711,7 +4727,8 @@ void btm_sec_link_key_notification (UINT8 *p_bda, UINT8 *p_link_key, UINT8 key_t
|
|||
__FUNCTION__, p_dev_rec->link_key_type);
|
||||
(*btm_cb.api.p_link_key_callback) (p_bda, p_dev_rec->dev_class,
|
||||
p_dev_rec->sec_bd_name,
|
||||
p_link_key, p_dev_rec->link_key_type);
|
||||
p_link_key, p_dev_rec->link_key_type,
|
||||
p_dev_rec->remote_supports_secure_connections);
|
||||
}
|
||||
} else {
|
||||
if ((p_dev_rec->link_key_type == BTM_LKEY_TYPE_UNAUTH_COMB_P_256) ||
|
||||
|
@ -4768,7 +4785,8 @@ void btm_sec_link_key_notification (UINT8 *p_bda, UINT8 *p_link_key, UINT8 key_t
|
|||
} else {
|
||||
(*btm_cb.api.p_link_key_callback) (p_bda, p_dev_rec->dev_class,
|
||||
p_dev_rec->sec_bd_name,
|
||||
p_link_key, p_dev_rec->link_key_type);
|
||||
p_link_key, p_dev_rec->link_key_type,
|
||||
p_dev_rec->remote_supports_secure_connections);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -5561,7 +5579,9 @@ static void btm_send_link_key_notif (tBTM_SEC_DEV_REC *p_dev_rec)
|
|||
if (btm_cb.api.p_link_key_callback) {
|
||||
(*btm_cb.api.p_link_key_callback) (p_dev_rec->bd_addr, p_dev_rec->dev_class,
|
||||
p_dev_rec->sec_bd_name, p_dev_rec->link_key,
|
||||
p_dev_rec->link_key_type);
|
||||
p_dev_rec->link_key_type,
|
||||
p_dev_rec->remote_supports_secure_connections);
|
||||
|
||||
}
|
||||
}
|
||||
#endif ///SMP_INCLUDED == TRUE
|
||||
|
@ -5919,6 +5939,29 @@ void btm_sec_set_peer_sec_caps(tACL_CONN *p_acl_cb, tBTM_SEC_DEV_REC *p_dev_rec)
|
|||
BTM_TRACE_API("%s: sm4: 0x%02x, rmt_support_for_secure_connections %d\n", __FUNCTION__,
|
||||
p_dev_rec->sm4, p_dev_rec->remote_supports_secure_connections);
|
||||
|
||||
/* Store previous state of remote device to check if peer device downgraded
|
||||
* it's secure connection state. */
|
||||
#if (CLASSIC_BT_INCLUDED == TRUE)
|
||||
if (p_dev_rec->remote_supports_secure_connections >= p_dev_rec->remote_secure_connection_previous_state) {
|
||||
p_dev_rec->remote_secure_connection_previous_state = p_dev_rec->remote_supports_secure_connections;
|
||||
} else {
|
||||
BTM_TRACE_ERROR("Remote Device downgraded security from SC, deleting Link Key");
|
||||
|
||||
/* Mark in ACL packet that secure connection is downgraded. */
|
||||
p_acl_cb->sc_downgrade = 1;
|
||||
p_dev_rec->remote_secure_connection_previous_state = 0;
|
||||
|
||||
/* As peer device downgraded it's security, peer device is a suspicious
|
||||
* device. Hence remove pairing information by removing link key
|
||||
* information. */
|
||||
memset(p_dev_rec->link_key, 0, LINK_KEY_LEN);
|
||||
p_dev_rec->sec_flags &= ~(BTM_SEC_AUTHORIZED | BTM_SEC_AUTHENTICATED
|
||||
| BTM_SEC_ENCRYPTED | BTM_SEC_NAME_KNOWN
|
||||
| BTM_SEC_LINK_KEY_KNOWN | BTM_SEC_LINK_KEY_AUTHED
|
||||
| BTM_SEC_ROLE_SWITCHED | BTM_SEC_16_DIGIT_PIN_AUTHED);
|
||||
return;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (p_dev_rec->remote_features_needed) {
|
||||
BTM_TRACE_EVENT("%s: Now device in SC Only mode, waiting for peer remote features!\n",
|
||||
|
@ -6184,5 +6227,62 @@ static BOOLEAN btm_sec_is_master(tBTM_SEC_DEV_REC *p_dev_rec)
|
|||
tACL_CONN *p = btm_bda_to_acl(p_dev_rec->bd_addr, BT_TRANSPORT_BR_EDR);
|
||||
return (p && (p->link_role == BTM_ROLE_MASTER));
|
||||
}
|
||||
#endif ///SMP_INCLUDED == TRUE
|
||||
|
||||
#if (CLASSIC_BT_INCLUDED == TRUE)
|
||||
/*******************************************************************************
|
||||
**
|
||||
** Function btm_sec_legacy_authentication_mutual
|
||||
**
|
||||
** Description This function is called when legacy authentication is used
|
||||
** and only remote device has completed the authentication
|
||||
**
|
||||
** Returns TRUE if aunthentication command sent successfully
|
||||
**
|
||||
*******************************************************************************/
|
||||
BOOLEAN btm_sec_legacy_authentication_mutual (tBTM_SEC_DEV_REC *p_dev_rec)
|
||||
{
|
||||
return (btm_sec_start_authentication (p_dev_rec));
|
||||
}
|
||||
|
||||
/*******************************************************************************
|
||||
**
|
||||
** Function btm_sec_update_legacy_auth_state
|
||||
**
|
||||
** Description This function updates the legacy authentication state
|
||||
**
|
||||
** Returns void
|
||||
**
|
||||
*******************************************************************************/
|
||||
void btm_sec_update_legacy_auth_state(tACL_CONN *p_acl_cb, UINT8 legacy_auth_state)
|
||||
{
|
||||
if (p_acl_cb) {
|
||||
tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev_by_handle (p_acl_cb->hci_handle);
|
||||
if (p_dev_rec) {
|
||||
if ((BTM_BothEndsSupportSecureConnections(p_dev_rec->bd_addr) == 0) &&
|
||||
(legacy_auth_state != BTM_ACL_LEGACY_AUTH_NONE)) {
|
||||
p_acl_cb->legacy_auth_state |= legacy_auth_state;
|
||||
} else {
|
||||
p_acl_cb->legacy_auth_state = BTM_ACL_LEGACY_AUTH_NONE;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*******************************************************************************
|
||||
**
|
||||
** Function btm_sec_handle_remote_legacy_auth_cmp
|
||||
**
|
||||
** Description This function updates the legacy authneticaiton state
|
||||
** to indicate that remote device has completed the authentication
|
||||
**
|
||||
** Returns void
|
||||
**
|
||||
*******************************************************************************/
|
||||
void btm_sec_handle_remote_legacy_auth_cmp(UINT16 handle)
|
||||
{
|
||||
tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev_by_handle (handle);
|
||||
tACL_CONN *p_acl_cb = btm_bda_to_acl(p_dev_rec->bd_addr, BT_TRANSPORT_BR_EDR);
|
||||
btm_sec_update_legacy_auth_state(p_acl_cb, BTM_ACL_LEGACY_AUTH_REMOTE);
|
||||
}
|
||||
#endif /// (CLASSIC_BT_INCLUDED == TRUE)
|
||||
#endif ///SMP_INCLUDED == TRUE
|
||||
|
|
|
@ -41,6 +41,8 @@
|
|||
#include "stack/smp_api.h"
|
||||
#endif
|
||||
|
||||
#define ESP_VS_REM_LEGACY_AUTH_CMP 0x03
|
||||
|
||||
#if BTM_MAX_LOC_BD_NAME_LEN > 0
|
||||
typedef char tBTM_LOC_BD_NAME[BTM_MAX_LOC_BD_NAME_LEN + 1];
|
||||
#endif
|
||||
|
@ -93,6 +95,13 @@ UINT8 lmp_version;
|
|||
BOOLEAN in_use;
|
||||
UINT8 link_role;
|
||||
BOOLEAN link_up_issued; /* True if busy_level link up has been issued */
|
||||
BOOLEAN sc_downgrade; /* Store if security is downgraded or not. */
|
||||
|
||||
#define BTM_ACL_LEGACY_AUTH_NONE (0)
|
||||
#define BTM_ACL_LEGACY_AUTH_SELF (1<<0)
|
||||
#define BTM_ACL_LEGACY_AUTH_REMOTE (1<<1)
|
||||
#define BTM_ACL_LEGACY_AUTH_MUTUAL (1<<2)
|
||||
UINT8 legacy_auth_state;
|
||||
|
||||
#define BTM_ACL_SWKEY_STATE_IDLE 0
|
||||
#define BTM_ACL_SWKEY_STATE_MODE_CHANGE 1
|
||||
|
@ -606,6 +615,8 @@ typedef struct {
|
|||
/* "Secure Connections Only" mode and it receives */
|
||||
/* HCI_IO_CAPABILITY_REQUEST_EVT from the peer before */
|
||||
/* it knows peer's support for Secure Connections */
|
||||
BOOLEAN remote_secure_connection_previous_state; /* Stores if peer ever supported
|
||||
secure connection. This will be helpful to know when peer device downgrades it's security. */
|
||||
|
||||
UINT16 ble_hci_handle; /* use in DUMO connection */
|
||||
UINT8 enc_key_size; /* current link encryption key size */
|
||||
|
@ -1166,6 +1177,10 @@ void btm_ble_sem_free(void);
|
|||
|
||||
void btm_ble_lock_free(void);
|
||||
|
||||
void btm_sec_handle_remote_legacy_auth_cmp(UINT16 handle);
|
||||
void btm_sec_update_legacy_auth_state(tACL_CONN *p_acl_cb, UINT8 legacy_auth_state);
|
||||
BOOLEAN btm_sec_legacy_authentication_mutual (tBTM_SEC_DEV_REC *p_dev_rec);
|
||||
|
||||
/*
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
|
|
@ -849,6 +849,7 @@ typedef struct {
|
|||
DEV_CLASS_PTR p_dc; /* The device class */
|
||||
BD_NAME_PTR p_bdn; /* The device name */
|
||||
UINT8 *p_features; /* pointer to the remote device's features page[0] (supported features page) */
|
||||
BOOLEAN sc_downgrade; /* Secure connection downgrade state. */
|
||||
#if BLE_INCLUDED == TRUE
|
||||
UINT16 handle; /* connection handle */
|
||||
tBT_TRANSPORT transport; /* link is LE or not */
|
||||
|
@ -1372,7 +1373,7 @@ typedef UINT8 (tBTM_PIN_CALLBACK) (BD_ADDR bd_addr, DEV_CLASS dev_class,
|
|||
*/
|
||||
typedef UINT8 (tBTM_LINK_KEY_CALLBACK) (BD_ADDR bd_addr, DEV_CLASS dev_class,
|
||||
tBTM_BD_NAME bd_name, UINT8 *key,
|
||||
UINT8 key_type);
|
||||
UINT8 key_type, BOOLEAN sc_support);
|
||||
|
||||
|
||||
/* Remote Name Resolved. Parameters are
|
||||
|
@ -3426,7 +3427,8 @@ UINT8 BTM_SecClrService (UINT8 service_id);
|
|||
BOOLEAN BTM_SecAddDevice (BD_ADDR bd_addr, DEV_CLASS dev_class,
|
||||
BD_NAME bd_name, UINT8 *features,
|
||||
UINT32 trusted_mask[], LINK_KEY link_key,
|
||||
UINT8 key_type, tBTM_IO_CAP io_cap, UINT8 pin_length);
|
||||
UINT8 key_type, tBTM_IO_CAP io_cap, UINT8 pin_length,
|
||||
UINT8 sc_support);
|
||||
|
||||
|
||||
/*******************************************************************************
|
||||
|
|
|
@ -25,7 +25,7 @@
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define ESP_BT_CONTROLLER_CONFIG_MAGIC_VAL 0x20200106
|
||||
#define ESP_BT_CONTROLLER_CONFIG_MAGIC_VAL 0x20200611
|
||||
|
||||
/**
|
||||
* @brief Bluetooth mode for controller enable/disable
|
||||
|
@ -117,6 +117,12 @@ the adv packet will be discarded until the memory is restored. */
|
|||
#define BTDM_CTRL_AUTO_LATENCY_EFF false
|
||||
#endif
|
||||
|
||||
#ifdef CONFIG_BTDM_CTRL_LEGACY_AUTH_VENDOR_EVT_EFF
|
||||
#define BTDM_CTRL_LEGACY_AUTH_VENDOR_EVT_EFF CONFIG_BTDM_CTRL_LEGACY_AUTH_VENDOR_EVT_EFF
|
||||
#else
|
||||
#define BTDM_CTRL_LEGACY_AUTH_VENDOR_EVT_EFF false
|
||||
#endif
|
||||
|
||||
#define BTDM_CONTROLLER_BLE_MAX_CONN_LIMIT 9 //Maximum BLE connection limitation
|
||||
#define BTDM_CONTROLLER_BR_EDR_MAX_ACL_CONN_LIMIT 7 //Maximum ACL connection limitation
|
||||
#define BTDM_CONTROLLER_BR_EDR_MAX_SYNC_CONN_LIMIT 3 //Maximum SCO/eSCO connection limitation
|
||||
|
@ -140,6 +146,7 @@ the adv packet will be discarded until the memory is restored. */
|
|||
.bt_max_acl_conn = CONFIG_BTDM_CTRL_BR_EDR_MAX_ACL_CONN_EFF, \
|
||||
.bt_sco_datapath = CONFIG_BTDM_CTRL_BR_EDR_SCO_DATA_PATH_EFF, \
|
||||
.auto_latency = BTDM_CTRL_AUTO_LATENCY_EFF, \
|
||||
.bt_legacy_auth_vs_evt = BTDM_CTRL_LEGACY_AUTH_VENDOR_EVT_EFF, \
|
||||
.bt_max_sync_conn = CONFIG_BTDM_CTRL_BR_EDR_MAX_SYNC_CONN_EFF, \
|
||||
.ble_sca = CONFIG_BTDM_BLE_SLEEP_CLOCK_ACCURACY_INDEX_EFF, \
|
||||
.magic = ESP_BT_CONTROLLER_CONFIG_MAGIC_VAL, \
|
||||
|
@ -173,6 +180,7 @@ typedef struct {
|
|||
uint8_t bt_max_acl_conn; /*!< BR/EDR maximum ACL connection numbers */
|
||||
uint8_t bt_sco_datapath; /*!< SCO data path, i.e. HCI or PCM module */
|
||||
bool auto_latency; /*!< BLE auto latency, used to enhance classic BT performance */
|
||||
bool bt_legacy_auth_vs_evt; /*!< BR/EDR Legacy auth complete event required to protect from BIAS attack */
|
||||
/*
|
||||
* Following parameters can not be configured runtime when call esp_bt_controller_init()
|
||||
* It will be overwrite with a constant value which in menuconfig or from a macro.
|
||||
|
|
Loading…
Reference in a new issue