diff --git a/components/bt/controller/esp32c6/Kconfig.in b/components/bt/controller/esp32c6/Kconfig.in index 07089db18e28..421b4f591722 100644 --- a/components/bt/controller/esp32c6/Kconfig.in +++ b/components/bt/controller/esp32c6/Kconfig.in @@ -689,3 +689,11 @@ config BT_LE_DFT_TX_POWER_LEVEL_DBM_EFF default 18 if BT_LE_DFT_TX_POWER_LEVEL_P18 default 20 if BT_LE_DFT_TX_POWER_LEVEL_P20 default 0 + +config BT_LE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS + bool "Enable enhanced Access Address check in CONNECT_IND" + default n + help + Enabling this option will add stricter verification of the Access Address in the CONNECT_IND PDU. + This improves security by ensuring that only connection requests with valid Access Addresses are accepted. + If disabled, only basic checks are applied, improving compatibility. diff --git a/components/bt/controller/esp32c6/esp_bt_cfg.h b/components/bt/controller/esp32c6/esp_bt_cfg.h index 4e24c1861400..3634a40c3c79 100644 --- a/components/bt/controller/esp32c6/esp_bt_cfg.h +++ b/components/bt/controller/esp32c6/esp_bt_cfg.h @@ -148,6 +148,12 @@ extern "C" { #define DEFAULT_BT_LE_COEX_PHY_CODED_TX_RX_TLIM_EFF CONFIG_BT_LE_COEX_PHY_CODED_TX_RX_TLIM_EFF +#ifdef CONFIG_BT_LE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS +#define DEFAULT_BT_LE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS (CONFIG_BT_LE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS) +#else +#define DEFAULT_BT_LE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS (0) +#endif + #ifdef CONFIG_BT_LE_HCI_INTERFACE_USE_UART #define HCI_UART_EN CONFIG_BT_LE_HCI_INTERFACE_USE_UART #else @@ -218,7 +224,6 @@ extern "C" { #define BLE_LL_TX_PWR_DBM_N (CONFIG_BT_LE_DFT_TX_POWER_LEVEL_DBM_EFF) - #define RUN_BQB_TEST (0) #define RUN_QA_TEST (0) #define NIMBLE_DISABLE_SCAN_BACKOFF (0) diff --git a/components/bt/controller/esp32h2/Kconfig.in b/components/bt/controller/esp32h2/Kconfig.in index d188d03230bd..4b281d029cee 100644 --- a/components/bt/controller/esp32h2/Kconfig.in +++ b/components/bt/controller/esp32h2/Kconfig.in @@ -690,3 +690,11 @@ config BT_LE_DFT_TX_POWER_LEVEL_DBM_EFF default 18 if BT_LE_DFT_TX_POWER_LEVEL_P18 default 20 if BT_LE_DFT_TX_POWER_LEVEL_P20 default 0 + +config BT_LE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS + bool "Enable enhanced Access Address check in CONNECT_IND" + default n + help + Enabling this option will add stricter verification of the Access Address in the CONNECT_IND PDU. + This improves security by ensuring that only connection requests with valid Access Addresses are accepted. + If disabled, only basic checks are applied, improving compatibility. diff --git a/components/bt/controller/esp32h2/esp_bt_cfg.h b/components/bt/controller/esp32h2/esp_bt_cfg.h index 22a09be3adc6..3634a40c3c79 100644 --- a/components/bt/controller/esp32h2/esp_bt_cfg.h +++ b/components/bt/controller/esp32h2/esp_bt_cfg.h @@ -148,6 +148,12 @@ extern "C" { #define DEFAULT_BT_LE_COEX_PHY_CODED_TX_RX_TLIM_EFF CONFIG_BT_LE_COEX_PHY_CODED_TX_RX_TLIM_EFF +#ifdef CONFIG_BT_LE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS +#define DEFAULT_BT_LE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS (CONFIG_BT_LE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS) +#else +#define DEFAULT_BT_LE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS (0) +#endif + #ifdef CONFIG_BT_LE_HCI_INTERFACE_USE_UART #define HCI_UART_EN CONFIG_BT_LE_HCI_INTERFACE_USE_UART #else diff --git a/components/bt/controller/lib_esp32c6/esp32c6-bt-lib b/components/bt/controller/lib_esp32c6/esp32c6-bt-lib index b86a06d38cc3..2ac61ac611a5 160000 --- a/components/bt/controller/lib_esp32c6/esp32c6-bt-lib +++ b/components/bt/controller/lib_esp32c6/esp32c6-bt-lib @@ -1 +1 @@ -Subproject commit b86a06d38cc3de4660b67d992259f727ba590296 +Subproject commit 2ac61ac611a5e8776bd679440f6921859a89dcd6 diff --git a/components/bt/controller/lib_esp32h2/esp32h2-bt-lib b/components/bt/controller/lib_esp32h2/esp32h2-bt-lib index 90f1ef76ab90..faf7470485f0 160000 --- a/components/bt/controller/lib_esp32h2/esp32h2-bt-lib +++ b/components/bt/controller/lib_esp32h2/esp32h2-bt-lib @@ -1 +1 @@ -Subproject commit 90f1ef76ab9021b123e3037e9df782549f386e30 +Subproject commit faf7470485f08b1657f2b8ec3ae7c762cff116e6 diff --git a/components/bt/include/esp32c6/include/esp_bt.h b/components/bt/include/esp32c6/include/esp_bt.h index 584181485b37..663e025f9f08 100644 --- a/components/bt/include/esp32c6/include/esp_bt.h +++ b/components/bt/include/esp32c6/include/esp_bt.h @@ -156,7 +156,7 @@ esp_err_t esp_ble_tx_power_set_enhanced(esp_ble_enhanced_power_type_t power_type */ esp_power_level_t esp_ble_tx_power_get_enhanced(esp_ble_enhanced_power_type_t power_type, uint16_t handle); -#define CONFIG_VERSION 0x20240422 +#define CONFIG_VERSION 0x20241121 #define CONFIG_MAGIC 0x5A5AA5A5 /** @@ -213,6 +213,8 @@ typedef struct { uint8_t ignore_wl_for_direct_adv; /*!< Ignore the whitelist for direct advertising */ uint8_t enable_pcl; /*!< Enable power control */ uint8_t csa2_select; /*!< Select CSA#2*/ + uint8_t enable_csr; /*!< Enable CSR */ + uint8_t ble_aa_check; /*!< True if adds a verification step for the Access Address within the CONNECT_IND PDU; false otherwise. Configurable in menuconfig */ uint32_t config_magic; /*!< Magic number for configuration validation */ } esp_bt_controller_config_t; @@ -262,6 +264,8 @@ typedef struct { .ignore_wl_for_direct_adv = 0, \ .enable_pcl = DEFAULT_BT_LE_POWER_CONTROL_ENABLED, \ .csa2_select = DEFAULT_BT_LE_50_FEATURE_SUPPORT, \ + .enable_csr = 0, \ + .ble_aa_check = DEFAULT_BT_LE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS, \ .config_magic = CONFIG_MAGIC, \ } #elif CONFIG_IDF_TARGET_ESP32C61 @@ -309,6 +313,8 @@ typedef struct { .ignore_wl_for_direct_adv = 0, \ .enable_pcl = DEFAULT_BT_LE_POWER_CONTROL_ENABLED, \ .csa2_select = DEFAULT_BT_LE_50_FEATURE_SUPPORT, \ + .enable_csr = 0, \ + .ble_aa_check = DEFAULT_BT_LE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS, \ .config_magic = CONFIG_MAGIC, \ } #endif diff --git a/components/bt/include/esp32h2/include/esp_bt.h b/components/bt/include/esp32h2/include/esp_bt.h index 95cf36cc58af..c21a1bc85428 100644 --- a/components/bt/include/esp32h2/include/esp_bt.h +++ b/components/bt/include/esp32h2/include/esp_bt.h @@ -161,7 +161,7 @@ esp_err_t esp_ble_tx_power_set_enhanced(esp_ble_enhanced_power_type_t power_type */ esp_power_level_t esp_ble_tx_power_get_enhanced(esp_ble_enhanced_power_type_t power_type, uint16_t handle); -#define CONFIG_VERSION 0x20240422 +#define CONFIG_VERSION 0x20241121 #define CONFIG_MAGIC 0x5A5AA5A5 /** @@ -214,7 +214,9 @@ typedef struct { uint8_t cpu_freq_mhz; /*!< CPU frequency in megahertz */ uint8_t ignore_wl_for_direct_adv; /*!< Ignore the white list for directed advertising */ uint8_t enable_pcl; /*!< Enable power control */ - uint8_t csa2_select; /*!< Select CSA#2*/ + uint8_t csa2_select; /*!< Select CSA#2*/ + uint8_t enable_csr; /*!< Enable CSR */ + uint8_t ble_aa_check; /*!< True if adds a verification step for the Access Address within the CONNECT_IND PDU; false otherwise. Configurable in menuconfig */ uint32_t config_magic; /*!< Configuration magic value */ } esp_bt_controller_config_t; @@ -262,7 +264,9 @@ typedef struct { .cpu_freq_mhz = CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ, \ .ignore_wl_for_direct_adv = 0, \ .enable_pcl = 0, \ - .csa2_select = DEFAULT_BT_LE_50_FEATURE_SUPPORT, \ + .csa2_select = DEFAULT_BT_LE_50_FEATURE_SUPPORT, \ + .enable_csr = 0, \ + .ble_aa_check = DEFAULT_BT_LE_CTRL_CHECK_CONNECT_IND_ACCESS_ADDRESS, \ .config_magic = CONFIG_MAGIC, \ }