blackbeard420/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf synced 2025-03-12 02:29:10 -04:00
Code Issues Projects Releases Wiki Activity

component/bt: support BLE Authorization

Browse Source
This commit is contained in:
XieWenxiang 2020-09-15 15:17:30 +08:00 committed by xiewenxiang
parent b585eccf36
commit 069325a7ed
12 changed files with 117 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
components/bt/host/bluedroid/api/esp_gap_ble_api.c
View File

@ -717,6 +717,13 @@ esp_err_t esp_ble_get_current_conn_params(esp_bd_addr_t bd_addr, esp_gap_conn_pa
return ESP_ERR_NOT_FOUND; return ESP_ERR_NOT_FOUND;
} }
esp_err_t esp_gap_ble_set_authorization(esp_bd_addr_t bd_addr, bool authorize)
{
if (!bd_addr) {
return ESP_ERR_INVALID_ARG;
}
if (BTM_Ble_Authorization(bd_addr, authorize)) {
return ESP_OK;
}
return ESP_FAIL;
}

11
components/bt/host/bluedroid/api/include/api/esp_gap_ble_api.h
View File

@ -1266,6 +1266,17 @@ esp_err_t esp_ble_gap_disconnect(esp_bd_addr_t remote_device);
*/ */
esp_err_t esp_ble_get_current_conn_params(esp_bd_addr_t bd_addr, esp_gap_conn_params_t *conn_params); esp_err_t esp_ble_get_current_conn_params(esp_bd_addr_t bd_addr, esp_gap_conn_params_t *conn_params);
/**
* @brief This function is called to authorized a link after Authentication(MITM protection)
*
* @param[in] bd_addr: BD address of the peer device.
* @param[out] authorize: Authorized the link or not.
*
* @return - ESP_OK : success
* - other : failed
*
*/
esp_err_t esp_gap_ble_set_authorization(esp_bd_addr_t bd_addr, bool authorize);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

2
components/bt/host/bluedroid/api/include/api/esp_gatt_defs.h
View File

@ -283,6 +283,8 @@ typedef enum {
#define ESP_GATT_PERM_WRITE_ENC_MITM (1 << 6) /* bit 6 - 0x0040 */ /* relate to BTA_GATT_PERM_WRITE_ENC_MITM in bta/bta_gatt_api.h */ #define ESP_GATT_PERM_WRITE_ENC_MITM (1 << 6) /* bit 6 - 0x0040 */ /* relate to BTA_GATT_PERM_WRITE_ENC_MITM in bta/bta_gatt_api.h */
#define ESP_GATT_PERM_WRITE_SIGNED (1 << 7) /* bit 7 - 0x0080 */ /* relate to BTA_GATT_PERM_WRITE_SIGNED in bta/bta_gatt_api.h */ #define ESP_GATT_PERM_WRITE_SIGNED (1 << 7) /* bit 7 - 0x0080 */ /* relate to BTA_GATT_PERM_WRITE_SIGNED in bta/bta_gatt_api.h */
#define ESP_GATT_PERM_WRITE_SIGNED_MITM (1 << 8) /* bit 8 - 0x0100 */ /* relate to BTA_GATT_PERM_WRITE_SIGNED_MITM in bta/bta_gatt_api.h */ #define ESP_GATT_PERM_WRITE_SIGNED_MITM (1 << 8) /* bit 8 - 0x0100 */ /* relate to BTA_GATT_PERM_WRITE_SIGNED_MITM in bta/bta_gatt_api.h */
#define ESP_GATT_PERM_READ_AUTHORIZATION (1 << 9) /* bit 9 - 0x0200 */
#define ESP_GATT_PERM_WRITE_AUTHORIZATION (1 << 10) /* bit 10 - 0x0400 */
typedef uint16_t esp_gatt_perm_t; typedef uint16_t esp_gatt_perm_t;
/* relate to BTA_GATT_CHAR_PROP_BIT_xxx in bta/bta_gatt_api.h */ /* relate to BTA_GATT_CHAR_PROP_BIT_xxx in bta/bta_gatt_api.h */

2
components/bt/host/bluedroid/bta/include/bta/bta_gatt_api.h
View File

@ -491,6 +491,8 @@ typedef tGATT_IF tBTA_GATTS_IF;
#define BTA_GATT_PERM_WRITE_ENC_MITM GATT_PERM_WRITE_ENC_MITM /* bit 6 - 0x0040 */ #define BTA_GATT_PERM_WRITE_ENC_MITM GATT_PERM_WRITE_ENC_MITM /* bit 6 - 0x0040 */
#define BTA_GATT_PERM_WRITE_SIGNED GATT_PERM_WRITE_SIGNED /* bit 7 - 0x0080 */ #define BTA_GATT_PERM_WRITE_SIGNED GATT_PERM_WRITE_SIGNED /* bit 7 - 0x0080 */
#define BTA_GATT_PERM_WRITE_SIGNED_MITM GATT_PERM_WRITE_SIGNED_MITM /* bit 8 - 0x0100 */ #define BTA_GATT_PERM_WRITE_SIGNED_MITM GATT_PERM_WRITE_SIGNED_MITM /* bit 8 - 0x0100 */
#define BTA_GATT_PERM_READ_AUTHORIZATION GATT_PERM_READ_AUTHORIZATION /* bit 9 - 0x0200 */
#define BTA_GATT_PERM_WRITE_AUTHORIZATION GATT_PERM_WRITE_AUTHORIZATION /* bit 10 - 0x0400 */
typedef UINT16 tBTA_GATT_PERM; typedef UINT16 tBTA_GATT_PERM;
typedef tGATT_ATTR_VAL tBTA_GATT_ATTR_VAL; typedef tGATT_ATTR_VAL tBTA_GATT_ATTR_VAL;
typedef tGATTS_ATTR_CONTROL tBTA_GATTS_ATTR_CONTROL; typedef tGATTS_ATTR_CONTROL tBTA_GATTS_ATTR_CONTROL;

23
components/bt/host/bluedroid/stack/btm/btm_ble_gap.c
View File

@ -4423,5 +4423,28 @@ BOOLEAN btm_ble_topology_check(tBTM_BLE_STATE_MASK request_state_mask)
return rt; return rt;
} }
/*******************************************************************************
**
** Function BTM_Ble_Authorization
**
** Description This function is used to authorize a specified device
**
** Returns TRUE or FALSE
**
*******************************************************************************/
BOOLEAN BTM_Ble_Authorization(BD_ADDR bd_addr, BOOLEAN authorize)
{
if (bd_addr == NULL) {
BTM_TRACE_ERROR("bd_addr is NULL");
return FALSE;
}
if (btm_sec_dev_authorization(bd_addr, authorize)) {
return TRUE;
}
BTM_TRACE_ERROR("Authorization fail");
return FALSE;
}
#endif /* BLE_INCLUDED */ #endif /* BLE_INCLUDED */

36
components/bt/host/bluedroid/stack/btm/btm_sec.c
View File

@ -6287,3 +6287,39 @@ void btm_sec_handle_remote_legacy_auth_cmp(UINT16 handle)
} }
#endif /// (CLASSIC_BT_INCLUDED == TRUE) #endif /// (CLASSIC_BT_INCLUDED == TRUE)
#endif ///SMP_INCLUDED == TRUE #endif ///SMP_INCLUDED == TRUE
/******************************************************************************
**
** Function btm_sec_dev_authorization
**
** Description This function is used to authorize a specified device(BLE)
**
******************************************************************************
*/
#if (BLE_INCLUDED == TRUE)
BOOLEAN btm_sec_dev_authorization(BD_ADDR bd_addr, BOOLEAN authorized)
{
#if (SMP_INCLUDED == TRUE)
UINT8 sec_flag = 0;
tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev(bd_addr);
if (p_dev_rec) {
sec_flag = (UINT8)(p_dev_rec->sec_flags >> 8);
if (!(sec_flag & BTM_SEC_LINK_KEY_AUTHED)) {
BTM_TRACE_ERROR("Authorized should after successful Authentication(MITM protection)\n");
return FALSE;
}
if (authorized) {
p_dev_rec->sec_flags |= BTM_SEC_LE_AUTHORIZATION;
} else {
p_dev_rec->sec_flags &= ~(BTM_SEC_LE_AUTHORIZATION);
}
} else {
BTM_TRACE_ERROR("%s, can't find device\n", __func__);
return FALSE;
}
return TRUE;
#endif ///SMP_INCLUDED == TRUE
return FALSE;
}
#endif /// BLE_INCLUDE == TRUE

3
components/bt/host/bluedroid/stack/btm/include/btm_int.h
View File

@ -550,6 +550,7 @@ typedef struct {
#define BTM_SEC_ROLE_SWITCHED 0x40 #define BTM_SEC_ROLE_SWITCHED 0x40
#define BTM_SEC_IN_USE 0x80 #define BTM_SEC_IN_USE 0x80
/* LE link security flag */ /* LE link security flag */
#define BTM_SEC_LE_AUTHORIZATION 0x0100 /* LE link is authorized */
#define BTM_SEC_LE_AUTHENTICATED 0x0200 /* LE link is encrypted after pairing with MITM */ #define BTM_SEC_LE_AUTHENTICATED 0x0200 /* LE link is encrypted after pairing with MITM */
#define BTM_SEC_LE_ENCRYPTED 0x0400 /* LE link is encrypted */ #define BTM_SEC_LE_ENCRYPTED 0x0400 /* LE link is encrypted */
#define BTM_SEC_LE_NAME_KNOWN 0x0800 /* not used */ #define BTM_SEC_LE_NAME_KNOWN 0x0800 /* not used */
@ -1170,6 +1171,8 @@ void btm_sec_handle_remote_legacy_auth_cmp(UINT16 handle);
void btm_sec_update_legacy_auth_state(tACL_CONN *p_acl_cb, UINT8 legacy_auth_state); void btm_sec_update_legacy_auth_state(tACL_CONN *p_acl_cb, UINT8 legacy_auth_state);
BOOLEAN btm_sec_legacy_authentication_mutual (tBTM_SEC_DEV_REC *p_dev_rec); BOOLEAN btm_sec_legacy_authentication_mutual (tBTM_SEC_DEV_REC *p_dev_rec);
BOOLEAN btm_sec_dev_authorization(BD_ADDR bd_addr, BOOLEAN authorized);
/* /*
#ifdef __cplusplus #ifdef __cplusplus
} }

11
components/bt/host/bluedroid/stack/gatt/gatt_db.c
View File

@ -154,7 +154,11 @@ static tGATT_STATUS gatts_check_attr_readability(tGATT_ATTR16 *p_attr,
GATT_TRACE_ERROR( "GATT_INSUF_KEY_SIZE\n"); GATT_TRACE_ERROR( "GATT_INSUF_KEY_SIZE\n");
return GATT_INSUF_KEY_SIZE; return GATT_INSUF_KEY_SIZE;
} }
/* LE Authorization check*/
if ((perm & GATT_READ_AUTHORIZATION) && (!(sec_flag & GATT_SEC_FLAG_LKEY_AUTHED) || !(sec_flag & GATT_SEC_FLAG_AUTHORIZATION))) {
GATT_TRACE_ERROR( "GATT_INSUF_AUTHORIZATION\n");
return GATT_INSUF_AUTHORIZATION;
}
if (read_long) { if (read_long) {
switch (p_attr->uuid) { switch (p_attr->uuid) {
@ -1118,6 +1122,11 @@ tGATT_STATUS gatts_write_attr_perm_check (tGATT_SVC_DB *p_db, UINT8 op_code,
status = GATT_INSUF_KEY_SIZE; status = GATT_INSUF_KEY_SIZE;
GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_KEY_SIZE"); GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_KEY_SIZE");
} }
/* LE Authorization check*/
else if ((perm & GATT_WRITE_AUTHORIZATION) && (!(sec_flag & GATT_SEC_FLAG_LKEY_AUTHED) || !(sec_flag & GATT_SEC_FLAG_AUTHORIZATION))){
status = GATT_INSUF_AUTHORIZATION;
GATT_TRACE_ERROR( "gatts_write_attr_perm_check - GATT_INSUF_AUTHORIZATION");
}
/* LE security mode 2 attribute */ /* LE security mode 2 attribute */
else if (perm & GATT_WRITE_SIGNED_PERM && op_code != GATT_SIGN_CMD_WRITE && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED) else if (perm & GATT_WRITE_SIGNED_PERM && op_code != GATT_SIGN_CMD_WRITE && !(sec_flag & GATT_SEC_FLAG_ENCRYPTED)
&& (perm & GATT_WRITE_ALLOWED) == 0) { && (perm & GATT_WRITE_ALLOWED) == 0) {

2
components/bt/host/bluedroid/stack/gatt/gatt_utils.c
View File

@ -1423,7 +1423,7 @@ void gatt_sr_get_sec_info(BD_ADDR rem_bda, tBT_TRANSPORT transport, UINT8 *p_sec
BTM_GetSecurityFlagsByTransport(rem_bda, &sec_flag, transport); BTM_GetSecurityFlagsByTransport(rem_bda, &sec_flag, transport);
sec_flag &= (GATT_SEC_FLAG_LKEY_UNAUTHED | GATT_SEC_FLAG_LKEY_AUTHED | GATT_SEC_FLAG_ENCRYPTED); sec_flag &= (GATT_SEC_FLAG_LKEY_UNAUTHED | GATT_SEC_FLAG_LKEY_AUTHED | GATT_SEC_FLAG_ENCRYPTED | GATT_SEC_FLAG_AUTHORIZATION);
#if (SMP_INCLUDED == TRUE) #if (SMP_INCLUDED == TRUE)
*p_key_size = btm_ble_read_sec_key_size(rem_bda); *p_key_size = btm_ble_read_sec_key_size(rem_bda);
#endif ///SMP_INCLUDED == TRUE #endif ///SMP_INCLUDED == TRUE

1
components/bt/host/bluedroid/stack/gatt/include/gatt_int.h
View File

@ -95,6 +95,7 @@ typedef UINT8 tGATT_SEC_ACTION;
#define GATT_SEC_FLAG_LKEY_UNAUTHED BTM_SEC_FLAG_LKEY_KNOWN #define GATT_SEC_FLAG_LKEY_UNAUTHED BTM_SEC_FLAG_LKEY_KNOWN
#define GATT_SEC_FLAG_LKEY_AUTHED BTM_SEC_FLAG_LKEY_AUTHED #define GATT_SEC_FLAG_LKEY_AUTHED BTM_SEC_FLAG_LKEY_AUTHED
#define GATT_SEC_FLAG_ENCRYPTED BTM_SEC_FLAG_ENCRYPTED #define GATT_SEC_FLAG_ENCRYPTED BTM_SEC_FLAG_ENCRYPTED
#define GATT_SEC_FLAG_AUTHORIZATION BTM_SEC_FLAG_AUTHORIZED
typedef UINT8 tGATT_SEC_FLAG; typedef UINT8 tGATT_SEC_FLAG;
/* Find Information Response Type /* Find Information Response Type

11
components/bt/host/bluedroid/stack/include/stack/btm_ble_api.h
View File

@ -2112,6 +2112,17 @@ tBTM_STATUS BTM_UpdateBleDuplicateExceptionalList(uint8_t subcode, uint32_t type
*******************************************************************************/ *******************************************************************************/
BOOLEAN BTM_GetCurrentConnParams(BD_ADDR bda, uint16_t *interval, uint16_t *latency, uint16_t *timeout); BOOLEAN BTM_GetCurrentConnParams(BD_ADDR bda, uint16_t *interval, uint16_t *latency, uint16_t *timeout);
/*******************************************************************************
**
** Function BTM_Ble_Authorization
**
** Description This function is used to authorize a specified device
**
** Returns TRUE or FALSE
**
*******************************************************************************/
BOOLEAN BTM_Ble_Authorization(BD_ADDR bd_addr, BOOLEAN authorize);
/* /*
#ifdef __cplusplus #ifdef __cplusplus
} }

9
components/bt/host/bluedroid/stack/include/stack/gatt_api.h
View File

@ -174,18 +174,21 @@ typedef UINT16 tGATT_DISCONN_REASON;
#define GATT_PERM_WRITE_ENC_MITM (1 << 6) /* bit 6 */ #define GATT_PERM_WRITE_ENC_MITM (1 << 6) /* bit 6 */
#define GATT_PERM_WRITE_SIGNED (1 << 7) /* bit 7 */ #define GATT_PERM_WRITE_SIGNED (1 << 7) /* bit 7 */
#define GATT_PERM_WRITE_SIGNED_MITM (1 << 8) /* bit 8 */ #define GATT_PERM_WRITE_SIGNED_MITM (1 << 8) /* bit 8 */
#define GATT_PERM_READ_AUTHORIZATION (1 << 9) /* bit 9 */
#define GATT_PERM_WRITE_AUTHORIZATION (1 << 10)/* bit 10 */
typedef UINT16 tGATT_PERM; typedef UINT16 tGATT_PERM;
#define GATT_ENCRYPT_KEY_SIZE_MASK (0xF000) /* the MS nibble of tGATT_PERM; key size 7=0; size 16=9 */ #define GATT_ENCRYPT_KEY_SIZE_MASK (0xF000) /* the MS nibble of tGATT_PERM; key size 7=0; size 16=9 */
#define GATT_READ_ALLOWED (GATT_PERM_READ | GATT_PERM_READ_ENCRYPTED | GATT_PERM_READ_ENC_MITM) #define GATT_READ_ALLOWED (GATT_PERM_READ | GATT_PERM_READ_ENCRYPTED | GATT_PERM_READ_ENC_MITM | GATT_PERM_READ_AUTHORIZATION)
#define GATT_READ_AUTH_REQUIRED (GATT_PERM_READ_ENCRYPTED) #define GATT_READ_AUTH_REQUIRED (GATT_PERM_READ_ENCRYPTED)
#define GATT_READ_MITM_REQUIRED (GATT_PERM_READ_ENC_MITM) #define GATT_READ_MITM_REQUIRED (GATT_PERM_READ_ENC_MITM)
#define GATT_READ_ENCRYPTED_REQUIRED (GATT_PERM_READ_ENCRYPTED | GATT_PERM_READ_ENC_MITM) #define GATT_READ_ENCRYPTED_REQUIRED (GATT_PERM_READ_ENCRYPTED | GATT_PERM_READ_ENC_MITM)
#define GATT_READ_AUTHORIZATION (GATT_PERM_READ_AUTHORIZATION)
#define GATT_WRITE_ALLOWED (GATT_PERM_WRITE | GATT_PERM_WRITE_ENCRYPTED | GATT_PERM_WRITE_ENC_MITM | \ #define GATT_WRITE_ALLOWED (GATT_PERM_WRITE | GATT_PERM_WRITE_ENCRYPTED | GATT_PERM_WRITE_ENC_MITM | \
GATT_PERM_WRITE_SIGNED | GATT_PERM_WRITE_SIGNED_MITM) GATT_PERM_WRITE_SIGNED | GATT_PERM_WRITE_SIGNED_MITM | GATT_PERM_WRITE_AUTHORIZATION)
#define GATT_WRITE_AUTH_REQUIRED (GATT_PERM_WRITE_ENCRYPTED | GATT_PERM_WRITE_SIGNED) #define GATT_WRITE_AUTH_REQUIRED (GATT_PERM_WRITE_ENCRYPTED | GATT_PERM_WRITE_SIGNED)
@ -195,6 +198,8 @@ typedef UINT16 tGATT_PERM;
#define GATT_WRITE_SIGNED_PERM (GATT_PERM_WRITE_SIGNED | GATT_PERM_WRITE_SIGNED_MITM) #define GATT_WRITE_SIGNED_PERM (GATT_PERM_WRITE_SIGNED | GATT_PERM_WRITE_SIGNED_MITM)
#define GATT_WRITE_AUTHORIZATION (GATT_PERM_WRITE_AUTHORIZATION)
/* Characteristic properties /* Characteristic properties
*/ */