smp_set_derive_link_key
};
+extern UINT8 bta_dm_co_ble_get_accept_auth_enable(void);
+extern UINT8 bta_dm_co_ble_get_auth_req(void);
+
static bool lmp_version_below(BD_ADDR bda, uint8_t version)
{
tACL_CONN *acl = btm_bda_to_acl(bda, BT_TRANSPORT_LE);
p_cb->status = *(UINT8 *)p_data;
}
+/*******************************************************************************
+** Function smp_get_auth_mode
+** Description Get the SMP pairing auth mode
+*******************************************************************************/
+uint16_t smp_get_auth_mode (tSMP_ASSO_MODEL model)
+{
+ SMP_TRACE_DEBUG("%s model %d", __func__, model);
+ uint16_t auth = 0;
+ if (model == SMP_MODEL_ENCRYPTION_ONLY || model == SMP_MODEL_SEC_CONN_JUSTWORKS) {
+ //No MITM
+ if(model == SMP_MODEL_SEC_CONN_JUSTWORKS) {
+ //SC SMP_SC_SUPPORT_BIT
+ auth |= SMP_SC_SUPPORT_BIT;
+ }
+ } else if (model <= SMP_MODEL_KEY_NOTIF) {
+ //NO SC, MITM
+ auth |= SMP_AUTH_YN_BIT;
+ } else if (model <= SMP_MODEL_SEC_CONN_OOB) {
+ //SC, MITM
+ auth |= SMP_SC_SUPPORT_BIT;
+ auth |= SMP_AUTH_YN_BIT;
+ } else {
+ auth = 0;
+ }
+ return auth;
+}
+
/*******************************************************************************
** Function smp_proc_pair_cmd
** Description Process the SMP pairing request/response from peer device
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
return;
}
-
+ p_cb->accept_specified_sec_auth = bta_dm_co_ble_get_accept_auth_enable();
+ p_cb->origin_loc_auth_req = bta_dm_co_ble_get_auth_req();
if (p_cb->role == HCI_ROLE_SLAVE) {
if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)) {
/* peer (master) started pairing sending Pairing Request */
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
return;
}
- if(p_cb->accept_specified_sec_auth) {
- if((p_cb->origin_loc_auth_req & p_cb->peer_auth_req & p_cb->loc_auth_req) != p_cb->origin_loc_auth_req ) {
- SMP_TRACE_ERROR("%s pairing failed - slave requires 0x%x auth but peer auth req 0x%x local auth req 0x%x",
+ uint16_t auth = smp_get_auth_mode(p_cb->selected_association_model);
+ if(p_cb->peer_auth_req & p_cb->loc_auth_req & SMP_AUTH_GEN_BOND) {
+ auth |= SMP_AUTH_GEN_BOND;
+ }
+ p_cb->auth_mode = auth;
+ if (p_cb->accept_specified_sec_auth) {
+ if ((auth & p_cb->origin_loc_auth_req) != p_cb->origin_loc_auth_req ) {
+ SMP_TRACE_ERROR("%s pairing failed - slave requires auth is 0x%x but peer auth is 0x%x local auth is 0x%x",
__func__, p_cb->origin_loc_auth_req, p_cb->peer_auth_req, p_cb->loc_auth_req);
+ if (BTM_IsAclConnectionUp(p_cb->pairing_bda, BT_TRANSPORT_LE)) {
+ btm_remove_acl (p_cb->pairing_bda, BT_TRANSPORT_LE);
+ }
reason = SMP_PAIR_AUTH_FAIL;
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
}
return;
}
+ uint16_t auth = smp_get_auth_mode(p_cb->selected_association_model);
+ if(p_cb->peer_auth_req & p_cb->loc_auth_req & SMP_AUTH_GEN_BOND) {
+ auth |= SMP_AUTH_GEN_BOND;
+ }
+ p_cb->auth_mode = auth;
if (p_cb->accept_specified_sec_auth) {
- if ((p_cb->origin_loc_auth_req & p_cb->peer_auth_req & p_cb->loc_auth_req) != p_cb->origin_loc_auth_req ) {
- SMP_TRACE_ERROR("%s pairing failed - master requires 0x%x auth but peer auth req 0x%x local auth req 0x%x",
+ if ((auth & p_cb->origin_loc_auth_req) != p_cb->origin_loc_auth_req ) {
+ SMP_TRACE_ERROR("%s pairing failed - master requires auth is 0x%x but peer auth is 0x%x local auth is 0x%x",
__func__, p_cb->origin_loc_auth_req, p_cb->peer_auth_req, p_cb->loc_auth_req);
+ if (BTM_IsAclConnectionUp(p_cb->pairing_bda, BT_TRANSPORT_LE)) {
+ btm_remove_acl (p_cb->pairing_bda, BT_TRANSPORT_LE);
+ }
reason = SMP_PAIR_AUTH_FAIL;
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
}
smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
return;
}
+ uint16_t auth = smp_get_auth_mode(p_cb->selected_association_model);
+ if(p_cb->peer_auth_req & p_cb->loc_auth_req & SMP_AUTH_GEN_BOND) {
+ auth |= SMP_AUTH_GEN_BOND;
+ }
+ p_cb->auth_mode = auth;
+ if (p_cb->accept_specified_sec_auth) {
+ if ((auth & p_cb->origin_loc_auth_req) != p_cb->origin_loc_auth_req ) {
+ SMP_TRACE_ERROR("pairing failed - slave requires auth is 0x%x but peer auth is 0x%x local auth is 0x%x",
+ p_cb->origin_loc_auth_req, p_cb->peer_auth_req, p_cb->loc_auth_req);
+ if (BTM_IsAclConnectionUp(p_cb->pairing_bda, BT_TRANSPORT_LE)) {
+ btm_remove_acl (p_cb->pairing_bda, BT_TRANSPORT_LE);
+ }
+ reason = SMP_PAIR_AUTH_FAIL;
+ smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
+ }
+ }
if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) {
if (smp_request_oob_data(p_cb)) {
case ESP_LE_AUTH_REQ_MITM:
auth_str = "ESP_LE_AUTH_REQ_MITM";
break;
+ case ESP_LE_AUTH_REQ_BOND_MITM:
+ auth_str = "ESP_LE_AUTH_REQ_BOND_MITM";
+ break;
case ESP_LE_AUTH_REQ_SC_ONLY:
auth_str = "ESP_LE_AUTH_REQ_SC_ONLY";
break;
}
/* set the security iocap & auth_req & key size & init key response key parameters to the stack*/
- esp_ble_auth_req_t auth_req = ESP_LE_AUTH_BOND; //bonding with peer device after authentication
- esp_ble_io_cap_t iocap = ESP_IO_CAP_NONE; //set the IO capability to No output No input
+ esp_ble_auth_req_t auth_req = ESP_LE_AUTH_REQ_SC_MITM_BOND; //bonding with peer device after authentication
+ esp_ble_io_cap_t iocap = ESP_IO_CAP_OUT; //set the IO capability to No output No input
uint8_t key_size = 16; //the key size should be 7~16 bytes
uint8_t init_key = ESP_BLE_ENC_KEY_MASK | ESP_BLE_ID_KEY_MASK;
uint8_t rsp_key = ESP_BLE_ENC_KEY_MASK | ESP_BLE_ID_KEY_MASK;
//set static passkey
uint32_t passkey = 123456;
- uint8_t auth_option = ESP_BLE_ONLY_ACCEPT_SPECIFIED_AUTH_DISABLE;
+ uint8_t auth_option = ESP_BLE_ONLY_ACCEPT_SPECIFIED_AUTH_ENABLE;
esp_ble_gap_set_security_param(ESP_BLE_SM_SET_STATIC_PASSKEY, &passkey, sizeof(uint32_t));
esp_ble_gap_set_security_param(ESP_BLE_SM_AUTHEN_REQ_MODE, &auth_req, sizeof(uint8_t));
esp_ble_gap_set_security_param(ESP_BLE_SM_IOCAP_MODE, &iocap, sizeof(uint8_t));
projects / esp-idf / commitdiff