From 042fd5f895c12a60586695bec979669f01ccd9bb Mon Sep 17 00:00:00 2001
From: Jin Cheng <jincheng@espressif.com>
Date: Wed, 19 Oct 2022 16:03:48 +0800
Subject: [PATCH] fixed the issue iOS devices cannot initiate connection to
 ESP32 while there is a BLE connection to this ESP32

Closes https://github.com/espressif/esp-idf/issues/6557
---
 components/bt/host/bluedroid/stack/btm/btm_acl.c | 16 ----------------
 components/bt/host/bluedroid/stack/btm/btm_sec.c | 16 ++++++++++++++++
 2 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/components/bt/host/bluedroid/stack/btm/btm_acl.c b/components/bt/host/bluedroid/stack/btm/btm_acl.c
index 1fe596ada33..7c05a8eea27 100644
--- a/components/bt/host/bluedroid/stack/btm/btm_acl.c
+++ b/components/bt/host/bluedroid/stack/btm/btm_acl.c
@@ -819,22 +819,6 @@ void btm_acl_encrypt_change (UINT16 handle, UINT8 status, UINT8 encr_enable)
         }
 #endif
     }
-#if (CLASSIC_BT_INCLUDED == TRUE)
-    /* If authentication is done through legacy authentication and esp32 has
-     * not authenticated peer deivce yet, do not proceed for encrytion and
-     * first authenticate it. */
-    else if ((BTM_BothEndsSupportSecureConnections(p->remote_addr) == 0) &&
-            ((p->legacy_auth_state & BTM_ACL_LEGACY_AUTH_SELF) == 0)) {
-        if ((p_dev_rec = btm_find_dev (p->remote_addr)) != NULL) {
-            if (btm_sec_legacy_authentication_mutual(p_dev_rec)) {
-                btm_sec_update_legacy_auth_state(btm_bda_to_acl(p_dev_rec->bd_addr, BT_TRANSPORT_BR_EDR), BTM_ACL_LEGACY_AUTH_SELF);
-            } else {
-                BTM_TRACE_ERROR("%s failed, Resources not available for Authentication procedure", __FUNCTION__);
-            }
-        }
-    }
-#endif
-
 }
 /*******************************************************************************
 **
diff --git a/components/bt/host/bluedroid/stack/btm/btm_sec.c b/components/bt/host/bluedroid/stack/btm/btm_sec.c
index cd61d6388d5..04543c10533 100644
--- a/components/bt/host/bluedroid/stack/btm/btm_sec.c
+++ b/components/bt/host/bluedroid/stack/btm/btm_sec.c
@@ -5191,6 +5191,22 @@ static tBTM_STATUS btm_sec_execute_procedure (tBTM_SEC_DEV_REC *p_dev_rec)
         return (BTM_CMD_STARTED);
     }
 
+#if (CLASSIC_BT_INCLUDED == TRUE)
+    tACL_CONN *p_acl_cb = btm_handle_to_acl(p_dev_rec->hci_handle);
+    /*
+     * To prevent a remote device from doing a Bluetooth Impersonation Attack, a suggested fix by SIG is:
+     *
+     * "Hosts performing legacy (non-mutual) authentication must ensure a remote device is authenticated
+     *  prior to proceeding with encryption establishment, regardless of role."
+     *
+     * As an implementation, we enforce mutual authentication when devices use Legacy Authentication.
+     */
+    if ((p_acl_cb != NULL) && (BTM_BothEndsSupportSecureConnections(p_acl_cb->remote_addr) == 0) &&
+        ((p_acl_cb->legacy_auth_state & BTM_ACL_LEGACY_AUTH_SELF) == 0)) {
+        p_dev_rec->sec_flags &= ~BTM_SEC_AUTHENTICATED;
+    }
+#endif
+
     /* If connection is not authenticated and authentication is required */
     /* start authentication and return PENDING to the caller */
     if ((((!(p_dev_rec->sec_flags & BTM_SEC_AUTHENTICATED))