Merge branch 'bugfix/add_aa_check_on_esp32c2_and_esp32c6_v5.4' into '…

…release/v5.4' Bugfix/add aa check on esp32c2 and esp32c6 (v5.4) See merge request espressif/esp-idf!35234
espressif · Nov 28, 2024 · 5e0fe45 · 5e0fe45
2 parents dac9e60 + 079acc8
commit 5e0fe45
Show file tree

Hide file tree

Showing 8 changed files with 44 additions and 7 deletions.
diff --git a/components/bt/controller/esp32c6/Kconfig.in b/components/bt/controller/esp32c6/Kconfig.in
@@ -689,3 +689,11 @@ config BT_LE_DFT_TX_POWER_LEVEL_DBM_EFF
     default 18 if BT_LE_DFT_TX_POWER_LEVEL_P18
     default 20 if BT_LE_DFT_TX_POWER_LEVEL_P20
     default 0
+
+config BT_LE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS
+    bool "Enable enhanced Access Address check in CONNECT_IND"
+    default n
+    help
+        Enabling this option will add stricter verification of the Access Address in the CONNECT_IND PDU.
+        This improves security by ensuring that only connection requests with valid Access Addresses are accepted.
+        If disabled, only basic checks are applied, improving compatibility.
diff --git a/components/bt/controller/esp32c6/esp_bt_cfg.h b/components/bt/controller/esp32c6/esp_bt_cfg.h
@@ -148,6 +148,12 @@ extern "C" {
 
 #define DEFAULT_BT_LE_COEX_PHY_CODED_TX_RX_TLIM_EFF CONFIG_BT_LE_COEX_PHY_CODED_TX_RX_TLIM_EFF
 
+#ifdef CONFIG_BT_LE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS
+#define DEFAULT_BT_LE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS  (CONFIG_BT_LE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS)
+#else
+#define DEFAULT_BT_LE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS  (0)
+#endif
+
 #ifdef CONFIG_BT_LE_HCI_INTERFACE_USE_UART
 #define HCI_UART_EN CONFIG_BT_LE_HCI_INTERFACE_USE_UART
 #else
@@ -218,7 +224,6 @@ extern "C" {
 
 #define BLE_LL_TX_PWR_DBM_N                 (CONFIG_BT_LE_DFT_TX_POWER_LEVEL_DBM_EFF)
 
-
 #define RUN_BQB_TEST                        (0)
 #define RUN_QA_TEST                         (0)
 #define NIMBLE_DISABLE_SCAN_BACKOFF         (0)

diff --git a/components/bt/controller/esp32h2/Kconfig.in b/components/bt/controller/esp32h2/Kconfig.in
@@ -690,3 +690,11 @@ config BT_LE_DFT_TX_POWER_LEVEL_DBM_EFF
     default 18 if BT_LE_DFT_TX_POWER_LEVEL_P18
     default 20 if BT_LE_DFT_TX_POWER_LEVEL_P20
     default 0
+
+config BT_LE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS
+    bool "Enable enhanced Access Address check in CONNECT_IND"
+    default n
+    help
+        Enabling this option will add stricter verification of the Access Address in the CONNECT_IND PDU.
+        This improves security by ensuring that only connection requests with valid Access Addresses are accepted.
+        If disabled, only basic checks are applied, improving compatibility.
diff --git a/components/bt/controller/esp32h2/esp_bt_cfg.h b/components/bt/controller/esp32h2/esp_bt_cfg.h
@@ -148,6 +148,12 @@ extern "C" {
 
 #define DEFAULT_BT_LE_COEX_PHY_CODED_TX_RX_TLIM_EFF CONFIG_BT_LE_COEX_PHY_CODED_TX_RX_TLIM_EFF
 
+#ifdef CONFIG_BT_LE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS
+#define DEFAULT_BT_LE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS  (CONFIG_BT_LE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS)
+#else
+#define DEFAULT_BT_LE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS  (0)
+#endif
+
 #ifdef CONFIG_BT_LE_HCI_INTERFACE_USE_UART
 #define HCI_UART_EN CONFIG_BT_LE_HCI_INTERFACE_USE_UART
 #else

diff --git a/components/bt/controller/lib_esp32c6/esp32c6-bt-lib b/components/bt/controller/lib_esp32c6/esp32c6-bt-lib
diff --git a/components/bt/controller/lib_esp32h2/esp32h2-bt-lib b/components/bt/controller/lib_esp32h2/esp32h2-bt-lib
diff --git a/components/bt/include/esp32c6/include/esp_bt.h b/components/bt/include/esp32c6/include/esp_bt.h
@@ -156,7 +156,7 @@ esp_err_t esp_ble_tx_power_set_enhanced(esp_ble_enhanced_power_type_t power_type
  */
 esp_power_level_t esp_ble_tx_power_get_enhanced(esp_ble_enhanced_power_type_t power_type, uint16_t handle);
 
-#define CONFIG_VERSION  0x20240422
+#define CONFIG_VERSION  0x20241121
 #define CONFIG_MAGIC    0x5A5AA5A5
 
 /**
@@ -213,6 +213,8 @@ typedef struct {
     uint8_t ignore_wl_for_direct_adv;                /*!< Ignore the whitelist for direct advertising */
     uint8_t enable_pcl;                              /*!< Enable power control */
     uint8_t csa2_select;                             /*!< Select CSA#2*/
+    uint8_t enable_csr;                              /*!< Enable CSR */
+    uint8_t ble_aa_check;                            /*!< True if adds a verification step for the Access Address within the CONNECT_IND PDU; false otherwise. Configurable in menuconfig */
     uint32_t config_magic;                           /*!< Magic number for configuration validation */
 } esp_bt_controller_config_t;
 
@@ -262,6 +264,8 @@ typedef struct {
     .ignore_wl_for_direct_adv   = 0,                                                    \
     .enable_pcl                 = DEFAULT_BT_LE_POWER_CONTROL_ENABLED,                  \
     .csa2_select                = DEFAULT_BT_LE_50_FEATURE_SUPPORT,                     \
+    .enable_csr                 = 0,                                                    \
+    .ble_aa_check               = DEFAULT_BT_LE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS,  \
     .config_magic = CONFIG_MAGIC,                                                       \
 }
 #elif CONFIG_IDF_TARGET_ESP32C61
@@ -309,6 +313,8 @@ typedef struct {
     .ignore_wl_for_direct_adv   = 0,                                                    \
     .enable_pcl                 = DEFAULT_BT_LE_POWER_CONTROL_ENABLED,                  \
     .csa2_select                = DEFAULT_BT_LE_50_FEATURE_SUPPORT,                     \
+    .enable_csr                 = 0,                                                    \
+    .ble_aa_check               = DEFAULT_BT_LE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS,  \
     .config_magic = CONFIG_MAGIC,                                                       \
 }
 #endif

diff --git a/components/bt/include/esp32h2/include/esp_bt.h b/components/bt/include/esp32h2/include/esp_bt.h
@@ -161,7 +161,7 @@ esp_err_t esp_ble_tx_power_set_enhanced(esp_ble_enhanced_power_type_t power_type
  */
 esp_power_level_t esp_ble_tx_power_get_enhanced(esp_ble_enhanced_power_type_t power_type, uint16_t handle);
 
-#define CONFIG_VERSION  0x20240422
+#define CONFIG_VERSION  0x20241121
 #define CONFIG_MAGIC    0x5A5AA5A5
 
 /**
@@ -214,7 +214,9 @@ typedef struct {
     uint8_t cpu_freq_mhz;                        /*!< CPU frequency in megahertz */
     uint8_t ignore_wl_for_direct_adv;            /*!< Ignore the white list for directed advertising */
     uint8_t enable_pcl;                          /*!< Enable power control */
-    uint8_t csa2_select;                             /*!< Select CSA#2*/
+    uint8_t csa2_select;                         /*!< Select CSA#2*/
+    uint8_t enable_csr;                          /*!< Enable CSR */
+    uint8_t ble_aa_check;                        /*!< True if adds a verification step for the Access Address within the CONNECT_IND PDU; false otherwise. Configurable in menuconfig */
     uint32_t config_magic;                       /*!< Configuration magic value */
 } esp_bt_controller_config_t;
 
@@ -262,7 +264,9 @@ typedef struct {
     .cpu_freq_mhz               = CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ,                      \
     .ignore_wl_for_direct_adv   = 0,                                                    \
     .enable_pcl                 = 0,                                                    \
-    .csa2_select                = DEFAULT_BT_LE_50_FEATURE_SUPPORT,                      \
+    .csa2_select                = DEFAULT_BT_LE_50_FEATURE_SUPPORT,                     \
+    .enable_csr                 = 0,                                                    \
+    .ble_aa_check               = DEFAULT_BT_LE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS,  \
     .config_magic = CONFIG_MAGIC,                                                       \
 }