Component/bt: add ble disconnect when ACCEPT_SPECIFIED_SEC_AUTH failed

author zhiweijian <zhiweijian@espressif.com>

Thu, 11 Oct 2018 03:25:45 +0000 (11:25 +0800)

committer bot <bot@espressif.com>

Thu, 25 Oct 2018 06:03:16 +0000 (06:03 +0000)
author zhiweijian <zhiweijian@espressif.com>
Thu, 11 Oct 2018 03:25:45 +0000 (11:25 +0800)
committer bot <bot@espressif.com>
Thu, 25 Oct 2018 06:03:16 +0000 (06:03 +0000)
diff --git a/components/bt/bluedroid/bta/dm/bta_dm_act.c b/components/bt/bluedroid/bta/dm/bta_dm_act.c

index 95a17a4807076e5fff89a304ac8602316393337e..c2f5e1dac38a9136906e98aaed0ed1276b707b8c 100644 (file)
--- a/components/bt/bluedroid/bta/dm/bta_dm_act.c
+++ b/components/bt/bluedroid/bta/dm/bta_dm_act.c
@@ -4296,9 +4296,6 @@ static UINT8 bta_dm_ble_smp_cback (tBTM_LE_EVT event, BD_ADDR bda, tBTM_LE_EVT_D
      switch (event) {
      case BTM_LE_IO_REQ_EVT: {
          // #if (BT_SSP_INCLUDED == TRUE)
-        UINT8 enable = bta_dm_co_ble_get_accept_auth_enable();
-        UINT8 origin_auth = bta_dm_co_ble_get_auth_req();
-        BTM_BleSetAcceptAuthMode(enable, origin_auth);
          bta_dm_co_ble_io_req(bda,
                               &p_data->io_req.io_cap,
                               &p_data->io_req.oob_data,
diff --git a/components/bt/bluedroid/stack/btm/btm_ble.c b/components/bt/bluedroid/stack/btm/btm_ble.c

index 259a54ffb264f1d03ca8972928f994dc7a88e2d7..bdd991c955447cb8b92eaacc63d334dee8bc5fdd 100644 (file)
--- a/components/bt/bluedroid/stack/btm/btm_ble.c
+++ b/components/bt/bluedroid/stack/btm/btm_ble.c
@@ -443,25 +443,6 @@ void BTM_BleSetStaticPasskey(BOOLEAN add, UINT32 passkey)
  #endif
  }
  
-/*******************************************************************************
-**
-** Function         BTM_BleSetAcceptAuthMode
-**
-** Description      This function is called to set only accept specified Authentication
-**
-**
-** Parameters:      enable         - Whether to enable this function
-**
-**                  auth_mode      - Authentication mode
-**
-**
-*******************************************************************************/
-void BTM_BleSetAcceptAuthMode(UINT8 enable, UINT8 auth_mode)
-{
-#if SMP_INCLUDED == TRUE
-    SMP_SetAcceptAuthMode(enable, auth_mode);
-#endif
-}
  /*******************************************************************************
  **
  ** Function         BTM_BleConfirmReply
diff --git a/components/bt/bluedroid/stack/include/stack/btm_ble_api.h b/components/bt/bluedroid/stack/include/stack/btm_ble_api.h

index cadf970edb401abf0ee8772d94ba9d55d55fa067..e0d67ee63bea55a3b841cc027132a08670613862 100644 (file)
--- a/components/bt/bluedroid/stack/include/stack/btm_ble_api.h
+++ b/components/bt/bluedroid/stack/include/stack/btm_ble_api.h
@@ -1332,21 +1332,6 @@ void BTM_BlePasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey);
  *******************************************************************************/
  void BTM_BleSetStaticPasskey(BOOLEAN add, UINT32 passkey);
  
-/*******************************************************************************
-**
-** Function         BTM_BleSetAcceptAuthMode
-**
-** Description      This function is called to set only accept specified Authentication
-**
-**
-** Parameters:      enable         - Whether to enable this function
-**
-**                  auth_mode      - Authentication mode
-**
-**
-*******************************************************************************/
-void BTM_BleSetAcceptAuthMode(UINT8 enable, UINT8 auth_mode);
-
  /*******************************************************************************
  **
  ** Function         BTM_BleConfirmReply
diff --git a/components/bt/bluedroid/stack/include/stack/smp_api.h b/components/bt/bluedroid/stack/include/stack/smp_api.h

index b4b6af14b362013af30449ec54e41cab0dd68907..390f6209e696c3c9fd291921d8c18eb7b4924185 100644 (file)
--- a/components/bt/bluedroid/stack/include/stack/smp_api.h
+++ b/components/bt/bluedroid/stack/include/stack/smp_api.h
@@ -417,8 +417,6 @@ extern void SMP_PasskeyReply (BD_ADDR bd_addr, UINT8 res, UINT32 passkey);
  *******************************************************************************/
  extern void SMP_SetStaticPasskey (BOOLEAN add, UINT32 passkey);
  
-extern void SMP_SetAcceptAuthMode (UINT8 enable, UINT8 auth_mode);
-
  /*******************************************************************************
  **
  ** Function         SMP_ConfirmReply
diff --git a/components/bt/bluedroid/stack/smp/include/smp_int.h b/components/bt/bluedroid/stack/smp/include/smp_int.h

index 55bf3e279b56148924853a0687f8181ff17f217d..a261e14cbaf2f370b0c88cc5c264164ee8b0129c 100644 (file)
--- a/components/bt/bluedroid/stack/smp/include/smp_int.h
+++ b/components/bt/bluedroid/stack/smp/include/smp_int.h
@@ -301,6 +301,7 @@ typedef struct {
      tSMP_OOB_FLAG   loc_oob_flag;
      tSMP_AUTH_REQ   peer_auth_req;
      tSMP_AUTH_REQ   loc_auth_req;
+    tSMP_AUTH_REQ   auth_mode;
      BOOLEAN         secure_connections_only_mode_required;/* TRUE if locally SM is required to operate */
      /* either in Secure Connections mode or not at all */
      tSMP_ASSO_MODEL selected_association_model;
diff --git a/components/bt/bluedroid/stack/smp/smp_act.c b/components/bt/bluedroid/stack/smp/smp_act.c

index 2534a587ef6171cb75a1e3605674c52d139ec7ec..87d7b978dd78ae210446582db5c6ee73f349a07f 100644 (file)
--- a/components/bt/bluedroid/stack/smp/smp_act.c
+++ b/components/bt/bluedroid/stack/smp/smp_act.c
@@ -52,6 +52,9 @@ const tSMP_ACT smp_distribute_act [] = {
      smp_set_derive_link_key
  };
  
+extern UINT8 bta_dm_co_ble_get_accept_auth_enable(void);
+extern UINT8 bta_dm_co_ble_get_auth_req(void);
+
  static bool lmp_version_below(BD_ADDR bda, uint8_t version)
  {
      tACL_CONN *acl = btm_bda_to_acl(bda, BT_TRANSPORT_LE);
@@ -498,6 +501,33 @@ void smp_proc_pair_fail(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
      p_cb->status = *(UINT8 *)p_data;
  }
  
+/*******************************************************************************
+** Function     smp_get_auth_mode
+** Description  Get the SMP pairing auth mode
+*******************************************************************************/
+uint16_t smp_get_auth_mode (tSMP_ASSO_MODEL model)
+{
+    SMP_TRACE_DEBUG("%s model %d", __func__, model);
+    uint16_t auth = 0;
+    if (model == SMP_MODEL_ENCRYPTION_ONLY || model == SMP_MODEL_SEC_CONN_JUSTWORKS) {
+        //No MITM
+        if(model == SMP_MODEL_SEC_CONN_JUSTWORKS) {
+            //SC SMP_SC_SUPPORT_BIT
+            auth |=  SMP_SC_SUPPORT_BIT;
+        }
+    } else if (model <= SMP_MODEL_KEY_NOTIF) {
+        //NO SC, MITM
+        auth |= SMP_AUTH_YN_BIT;
+    } else if (model <= SMP_MODEL_SEC_CONN_OOB) {
+        //SC, MITM
+        auth |= SMP_SC_SUPPORT_BIT;
+        auth |= SMP_AUTH_YN_BIT;
+    } else {
+        auth = 0;
+    }
+    return auth;
+} 
+
  /*******************************************************************************
  ** Function     smp_proc_pair_cmd
  ** Description  Process the SMP pairing request/response from peer device
@@ -528,7 +558,8 @@ void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
          smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
          return;
      }
-
+    p_cb->accept_specified_sec_auth = bta_dm_co_ble_get_accept_auth_enable();
+    p_cb->origin_loc_auth_req = bta_dm_co_ble_get_auth_req();
      if (p_cb->role == HCI_ROLE_SLAVE) {
          if (!(p_cb->flags & SMP_PAIR_FLAGS_WE_STARTED_DD)) {
              /* peer (master) started pairing sending Pairing Request */
@@ -551,10 +582,18 @@ void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
                  smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
                  return;
              }
-            if(p_cb->accept_specified_sec_auth) {
-                if((p_cb->origin_loc_auth_req & p_cb->peer_auth_req & p_cb->loc_auth_req) != p_cb->origin_loc_auth_req ) {
-                    SMP_TRACE_ERROR("%s pairing failed - slave requires 0x%x auth but peer auth req 0x%x local auth req 0x%x",
+            uint16_t auth = smp_get_auth_mode(p_cb->selected_association_model);
+            if(p_cb->peer_auth_req & p_cb->loc_auth_req & SMP_AUTH_GEN_BOND) {
+                auth |= SMP_AUTH_GEN_BOND;
+            }
+            p_cb->auth_mode = auth;
+            if (p_cb->accept_specified_sec_auth) {
+                if ((auth & p_cb->origin_loc_auth_req) != p_cb->origin_loc_auth_req ) {
+                    SMP_TRACE_ERROR("%s pairing failed - slave requires auth is 0x%x but peer auth is 0x%x local auth is 0x%x",
                                      __func__, p_cb->origin_loc_auth_req, p_cb->peer_auth_req, p_cb->loc_auth_req);
+                    if (BTM_IsAclConnectionUp(p_cb->pairing_bda, BT_TRANSPORT_LE)) {
+                        btm_remove_acl (p_cb->pairing_bda, BT_TRANSPORT_LE);
+                    }
                      reason = SMP_PAIR_AUTH_FAIL;
                      smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
                  }
@@ -581,10 +620,18 @@ void smp_proc_pair_cmd(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
              return;
          }
  
+        uint16_t auth = smp_get_auth_mode(p_cb->selected_association_model);
+        if(p_cb->peer_auth_req & p_cb->loc_auth_req & SMP_AUTH_GEN_BOND) {
+            auth |= SMP_AUTH_GEN_BOND;
+        }
+         p_cb->auth_mode = auth;
          if (p_cb->accept_specified_sec_auth) {
-            if ((p_cb->origin_loc_auth_req & p_cb->peer_auth_req & p_cb->loc_auth_req) != p_cb->origin_loc_auth_req ) {
-                SMP_TRACE_ERROR("%s pairing failed - master requires 0x%x auth but peer auth req 0x%x local auth req 0x%x",
+            if ((auth & p_cb->origin_loc_auth_req) != p_cb->origin_loc_auth_req ) {
+                SMP_TRACE_ERROR("%s pairing failed - master requires auth is 0x%x but peer auth is 0x%x local auth is 0x%x",
                                      __func__, p_cb->origin_loc_auth_req, p_cb->peer_auth_req, p_cb->loc_auth_req);
+                if (BTM_IsAclConnectionUp(p_cb->pairing_bda, BT_TRANSPORT_LE)) {
+                    btm_remove_acl (p_cb->pairing_bda, BT_TRANSPORT_LE);
+                }
                  reason = SMP_PAIR_AUTH_FAIL;
                  smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
              }
@@ -1334,6 +1381,22 @@ void smp_process_io_response(tSMP_CB *p_cb, tSMP_INT_DATA *p_data)
              smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
              return;
          }
+        uint16_t auth = smp_get_auth_mode(p_cb->selected_association_model);
+        if(p_cb->peer_auth_req & p_cb->loc_auth_req & SMP_AUTH_GEN_BOND) {
+            auth |= SMP_AUTH_GEN_BOND;
+        }
+        p_cb->auth_mode = auth;
+        if (p_cb->accept_specified_sec_auth) {
+            if ((auth & p_cb->origin_loc_auth_req) != p_cb->origin_loc_auth_req ) {
+                SMP_TRACE_ERROR("pairing failed - slave requires auth is 0x%x but peer auth is 0x%x local auth is 0x%x",
+                                    p_cb->origin_loc_auth_req, p_cb->peer_auth_req, p_cb->loc_auth_req);
+                if (BTM_IsAclConnectionUp(p_cb->pairing_bda, BT_TRANSPORT_LE)) {
+                    btm_remove_acl (p_cb->pairing_bda, BT_TRANSPORT_LE);
+                }
+                reason = SMP_PAIR_AUTH_FAIL;
+                smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &reason);
+            }
+        }
  
          if (p_cb->selected_association_model == SMP_MODEL_SEC_CONN_OOB) {
              if (smp_request_oob_data(p_cb)) {
diff --git a/components/bt/bluedroid/stack/smp/smp_api.c b/components/bt/bluedroid/stack/smp/smp_api.c

index 8ec1394dd87fa53830b881ed68ec8d91f7a3fb39..36811cd245f14648618749d8138f3bfdb6964b5e 100644 (file)
--- a/components/bt/bluedroid/stack/smp/smp_api.c
+++ b/components/bt/bluedroid/stack/smp/smp_api.c
@@ -354,27 +354,6 @@ void SMP_SetStaticPasskey (BOOLEAN add, UINT32 passkey)
      }
  }
  
-/*******************************************************************************
-**
-** Function         SMP_SetAcceptAuthMode
-**
-** Description      This function is called to set only accept specified Authentication
-**
-**
-** Parameters:      enable         - Whether to enable this function
-**
-**                  auth_mode      - Authentication mode
-**
-**
-*******************************************************************************/
-void SMP_SetAcceptAuthMode (UINT8 enable, UINT8 auth_mode)
-{
-    tSMP_CB *p_cb = & smp_cb;
-
-    p_cb->accept_specified_sec_auth = enable;
-    p_cb->origin_loc_auth_req = auth_mode;
-    
-}
  /*******************************************************************************
  **
  ** Function         SMP_ConfirmReply
diff --git a/components/bt/bluedroid/stack/smp/smp_utils.c b/components/bt/bluedroid/stack/smp/smp_utils.c

index eeaf66b2955a6a14e6fa6153c82db5ad60e19a48..37460cf2935f0d33e6bafa97324408147281270d 100644 (file)
--- a/components/bt/bluedroid/stack/smp/smp_utils.c
+++ b/components/bt/bluedroid/stack/smp/smp_utils.c
@@ -973,7 +973,7 @@ void smp_proc_pairing_cmpl(tSMP_CB *p_cb)
      evt_data.cmplt.auth_mode = 0;
      if (p_cb->status == SMP_SUCCESS) {
          evt_data.cmplt.sec_level = p_cb->sec_level;
-        evt_data.cmplt.auth_mode = (p_cb->peer_auth_req & p_cb->loc_auth_req);
+        evt_data.cmplt.auth_mode = p_cb->auth_mode;
      }
  
      evt_data.cmplt.is_pair_cancel  = FALSE;
author	zhiweijian <zhiweijian@espressif.com>
	Thu, 11 Oct 2018 03:25:45 +0000 (11:25 +0800)
committer	bot <bot@espressif.com>
	Thu, 25 Oct 2018 06:03:16 +0000 (06:03 +0000)
components/bt/bluedroid/bta/dm/bta_dm_act.c		patch \| blob \| history
components/bt/bluedroid/stack/btm/btm_ble.c		patch \| blob \| history
components/bt/bluedroid/stack/include/stack/btm_ble_api.h		patch \| blob \| history
components/bt/bluedroid/stack/include/stack/smp_api.h		patch \| blob \| history
components/bt/bluedroid/stack/smp/include/smp_int.h		patch \| blob \| history
components/bt/bluedroid/stack/smp/smp_act.c		patch \| blob \| history
components/bt/bluedroid/stack/smp/smp_api.c		patch \| blob \| history
components/bt/bluedroid/stack/smp/smp_utils.c		patch \| blob \| history