BT/Bluedroid : Add support to set min encryption key requirement (Backport v3.3)

- Backport(v3.3) of IDF MR!6122 - Modifies `smp_utils.c` to add check on encryption key size received from peer. - Modifies `esp_ble_gap_set_security_param` API to add minimum encryption key size requirement.
2025-08-19 15:59:08 +00:00 · 2019-09-29 16:06:27 +08:00
parent a06b88d7f6
commit 9c87165bc8
6 changed files with 57 additions and 6 deletions
--- a/components/bt/bluedroid/stack/smp/smp_utils.c
+++ b/components/bt/bluedroid/stack/smp/smp_utils.c
@@ -36,6 +36,7 @@
 #include "smp_int.h"
 #include "device/controller.h"
 #include "btm_int.h"
+#include "common/bte_appl.h"

 #define SMP_PAIRING_REQ_SIZE    7
 #define SMP_CONFIRM_CMD_SIZE    (BT_OCTET16_LEN + 1)
@@ -590,7 +591,7 @@ static BT_HDR *smp_build_id_addr_cmd(UINT8 cmd_code, tSMP_CB *p_cb)
        p = (UINT8 *)(p_buf + 1) + L2CAP_MIN_OFFSET;

        UINT8_TO_STREAM (p, SMP_OPCODE_ID_ADDR);
-        /* Identity Address Information is used in the Transport Specific Key Distribution phase to distribute 
+        /* Identity Address Information is used in the Transport Specific Key Distribution phase to distribute
        its public device address or static random address. if slave using static random address is encrypted,
        it should distribute its static random address */
        if(btm_cb.ble_ctr_cb.addr_mgnt_cb.own_addr_type == BLE_ADDR_RANDOM && memcmp(btm_cb.ble_ctr_cb.addr_mgnt_cb.static_rand_addr, btm_cb.ble_ctr_cb.addr_mgnt_cb.private_addr,6) == 0) {
@@ -1119,9 +1120,27 @@ BOOLEAN smp_pairing_request_response_parameters_are_valid(tSMP_CB *p_cb)
        return FALSE;
    }

-    if ((enc_size < SMP_ENCR_KEY_SIZE_MIN) || (enc_size > SMP_ENCR_KEY_SIZE_MAX)) {
+    /* `bte_appl_cfg.ble_min_enc_key_size` will be `SMP_ENCR_KEY_SIZE_MIN` by
+     * default if not set explicitly  */
+#if (BLE_INCLUDED == TRUE)
+    if (enc_size < bte_appl_cfg.ble_min_key_size) {
        SMP_TRACE_WARNING("Rcvd from the peer cmd 0x%02x with Maximum Encryption \
-            Key value (0x%02x) out of range).\n",
+            Key value (0x%02x) less than minimum required key size).\n",
+                          p_cb->rcvd_cmd_code, enc_size);
+        return FALSE;
+    }
+#else
+    if (enc_size < SMP_ENCR_KEY_SIZE_MIN) {
+        SMP_TRACE_WARNING("Rcvd from the peer cmd 0x%02x with Maximum Encryption \
+            Key value (0x%02x) less than minimum required key size).\n",
+                          p_cb->rcvd_cmd_code, enc_size);
+        return FALSE;
+    }
+#endif
+
+    if (enc_size > SMP_ENCR_KEY_SIZE_MAX) {
+        SMP_TRACE_WARNING("Rcvd from the peer cmd 0x%02x with Maximum Encryption \
+            Key value (0x%02x) greater than supported by stack).\n",
                          p_cb->rcvd_cmd_code, enc_size);
        return FALSE;
    }