gap: treat AES-CCM encrypted connections as mutually authenticated, fixes #309

CHANGELOG.md

@@ -15,12 +15,13 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ## Changes August 2020
 
 ### Fixed
+- ESP32: fix authentication for incoming Secure Connections
 
 ### Added
 - `btstack_run_loop_base`: added `btstack_run_loop_base_dump_timer`
 - GAP: request role change for classic connection via `gap_request_role`
 ### Changed
-
+- GAP: treat AES-CCM encrypted connection as muhtually authenticated (BIAS)
 
 ## Changes July 2020
 

src/hci.c

@@ -2117,7 +2117,7 @@ static void handle_command_complete_event(uint8_t * packet, uint16_t size){
                 uint8_t key_size = 0;
                 if (status == 0){
                     key_size = packet[OFFSET_OF_DATA_IN_COMMAND_COMPLETE+3];
-                    log_info("Handle %x04x key Size: %u", handle, key_size);
+                    log_info("Handle %04x key Size: %u", handle, key_size);
                 } else {
                     log_info("Read Encryption Key Size failed 0x%02x-> assuming insecure connection with key size of 1", status);
                 }
@@ -2471,6 +2471,11 @@ static void event_handler(uint8_t *packet, uint16_t size){
                             break;
                         }
 
+                        // if AES-CCM is used, authentication used SC -> authentication was mutual and we can skip explicit authentication
+                        if (connected_uses_aes_ccm){
+                            conn->authentication_flags |= CONNECTION_AUTHENTICATED;
+                        }
+
                         if ((hci_stack->local_supported_commands[0] & 0x80) != 0){
                             // For Classic, we need to validate encryption key size first, if possible (== supported by Controller)
                             conn->bonding_flags |= BONDING_SEND_READ_ENCRYPTION_KEY_SIZE;