From e97fbf2a29f795aed21321ae0726fda4aad566f9 Mon Sep 17 00:00:00 2001 From: Greg Whiteley Date: Mon, 8 Dec 2025 00:10:50 +1100 Subject: [PATCH] [esp32_ble] move extended auth request params behind ifdef --- esphome/components/esp32_ble/__init__.py | 17 ++++++++++----- esphome/components/esp32_ble/ble.cpp | 21 ++++++++++++------- esphome/components/esp32_ble/ble.h | 13 +++++++++--- ...nded-auth-req-params-single.esp32-idf.yaml | 6 ++++++ 4 files changed, 41 insertions(+), 16 deletions(-) create mode 100644 tests/components/esp32_ble_client/test-extended-auth-req-params-single.esp32-idf.yaml diff --git a/esphome/components/esp32_ble/__init__.py b/esphome/components/esp32_ble/__init__.py index 4448fe0de8..b3c6c7d9ba 100644 --- a/esphome/components/esp32_ble/__init__.py +++ b/esphome/components/esp32_ble/__init__.py @@ -272,11 +272,10 @@ CONFIG_SCHEMA = cv.Schema( cv.Optional(CONF_IO_CAPABILITY, default="none"): cv.enum( IO_CAPABILITY, lower=True ), - cv.Optional(CONF_AUTH_REQ_MODE, default="no_bond"): cv.enum( - AUTH_REQ_MODE, lower=True - ), - cv.Optional(CONF_MAX_KEY_SIZE, default="16"): cv.int_range(min=7, max=16), - cv.Optional(CONF_MIN_KEY_SIZE, default="7"): cv.int_range(min=7, max=16), + # note: no defaults so we can action them not being present + cv.Optional(CONF_AUTH_REQ_MODE): cv.enum(AUTH_REQ_MODE, lower=True), + cv.Optional(CONF_MAX_KEY_SIZE): cv.int_range(min=7, max=16), + cv.Optional(CONF_MIN_KEY_SIZE): cv.int_range(min=7, max=16), cv.Optional(CONF_ENABLE_ON_BOOT, default=True): cv.boolean, cv.Optional(CONF_ADVERTISING, default=False): cv.boolean, cv.Optional( @@ -497,6 +496,14 @@ async def to_code(config): var = cg.new_Pvariable(config[CONF_ID]) cg.add(var.set_enable_on_boot(config[CONF_ENABLE_ON_BOOT])) cg.add(var.set_io_capability(config[CONF_IO_CAPABILITY])) + + if ( + CONF_AUTH_REQ_MODE in config + or CONF_MAX_KEY_SIZE in config + or CONF_MIN_KEY_SIZE in config + ): + cg.add_define("ESPHOME_ESP32_BLE_EXTENDED_AUTH_PARAMS", None) + if CONF_AUTH_REQ_MODE in config: cg.add(var.set_auth_req(config[CONF_AUTH_REQ_MODE])) if CONF_MAX_KEY_SIZE in config: diff --git a/esphome/components/esp32_ble/ble.cpp b/esphome/components/esp32_ble/ble.cpp index 2f080b5088..aa7f4c443a 100644 --- a/esphome/components/esp32_ble/ble.cpp +++ b/esphome/components/esp32_ble/ble.cpp @@ -302,6 +302,7 @@ bool ESP32BLE::ble_setup_() { return false; } +#ifdef ESPHOME_ESP32_BLE_EXTENDED_AUTH_PARAMS if (this->max_key_size_) { err = esp_ble_gap_set_security_param(ESP_BLE_SM_MAX_KEY_SIZE, &(this->max_key_size_), sizeof(uint8_t)); if (err != ESP_OK) { @@ -326,6 +327,7 @@ bool ESP32BLE::ble_setup_() { return false; } } +#endif // ESPHOME_ESP32_BLE_EXTENDED_AUTH_PARAMS // BLE takes some time to be fully set up, 200ms should be more than enough delay(200); // NOLINT @@ -671,6 +673,15 @@ void ESP32BLE::dump_config() { break; } + char mac_s[18]; + format_mac_addr_upper(mac_address, mac_s); + ESP_LOGCONFIG(TAG, + "BLE:\n" + " MAC address: %s\n" + " IO Capability: %s", + mac_s, io_capability_s); + +#ifdef ESPHOME_ESP32_BLE_EXTENDED_AUTH_PARAMS const char *auth_req_mode_s = ""; if (this->auth_req_mode_) { switch (this->auth_req_mode_.value()) { @@ -701,14 +712,6 @@ void ESP32BLE::dump_config() { } } - char mac_s[18]; - format_mac_addr_upper(mac_address, mac_s); - - ESP_LOGCONFIG(TAG, - "BLE:\n" - " MAC address: %s\n" - " IO Capability: %s", - mac_s, io_capability_s); ESP_LOGCONFIG(TAG, " Auth Req Mode: %s", auth_req_mode_s); if (this->max_key_size_ && this->min_key_size_) { ESP_LOGCONFIG(TAG, " Key Size: %u - %u", this->min_key_size_, this->max_key_size_); @@ -717,6 +720,8 @@ void ESP32BLE::dump_config() { } else if (this->max_key_size_) { ESP_LOGCONFIG(TAG, " Key Size: %u - ", this->min_key_size_); } +#endif // ESPHOME_ESP32_BLE_EXTENDED_AUTH_PARAMS + } else { ESP_LOGCONFIG(TAG, "Bluetooth stack is not enabled"); } diff --git a/esphome/components/esp32_ble/ble.h b/esphome/components/esp32_ble/ble.h index a2dde55369..a6fc74ebdf 100644 --- a/esphome/components/esp32_ble/ble.h +++ b/esphome/components/esp32_ble/ble.h @@ -110,9 +110,12 @@ class BLEStatusEventHandler { class ESP32BLE : public Component { public: void set_io_capability(IoCapability io_capability) { this->io_cap_ = (esp_ble_io_cap_t) io_capability; } + +#ifdef ESPHOME_ESP32_BLE_EXTENDED_AUTH_PARAMS void set_max_key_size(uint8_t key_size) { this->max_key_size_ = key_size; } void set_min_key_size(uint8_t key_size) { this->min_key_size_ = key_size; } void set_auth_req(AuthReqMode req) { this->auth_req_mode_ = (esp_ble_auth_req_t) req; } +#endif void set_advertising_cycle_time(uint32_t advertising_cycle_time) { this->advertising_cycle_time_ = advertising_cycle_time; @@ -216,7 +219,6 @@ class ESP32BLE : public Component { const char *name_{nullptr}; // 4 bytes (pointer to string literal in flash) esp_ble_io_cap_t io_cap_{ESP_IO_CAP_NONE}; // 4 bytes (enum) uint32_t advertising_cycle_time_{}; // 4 bytes - optional auth_req_mode_; // 2-byte aligned members uint16_t appearance_{0}; // 2 bytes @@ -224,8 +226,13 @@ class ESP32BLE : public Component { // 1-byte aligned members (grouped together to minimize padding) BLEComponentState state_{BLE_COMPONENT_STATE_OFF}; // 1 byte (uint8_t enum) bool enable_on_boot_{}; // 1 byte - uint8_t max_key_size_{0}; // range is 7..16, 0 is unset - uint8_t min_key_size_{0}; // range is 7..16, 0 is unset + +#ifdef ESPHOME_ESP32_BLE_EXTENDED_AUTH_PARAMS + optional auth_req_mode_; + + uint8_t max_key_size_{0}; // range is 7..16, 0 is unset + uint8_t min_key_size_{0}; // range is 7..16, 0 is unset +#endif }; // NOLINTNEXTLINE(cppcoreguidelines-avoid-non-const-global-variables) diff --git a/tests/components/esp32_ble_client/test-extended-auth-req-params-single.esp32-idf.yaml b/tests/components/esp32_ble_client/test-extended-auth-req-params-single.esp32-idf.yaml new file mode 100644 index 0000000000..6e191c132f --- /dev/null +++ b/tests/components/esp32_ble_client/test-extended-auth-req-params-single.esp32-idf.yaml @@ -0,0 +1,6 @@ +esp32_ble: + io_capability: keyboard_display + # Explicitly not setting some parameters to test ifdef selection + # max_key_size: 16 + # min_key_size: 7 + auth_req_mode: sc_mitm_bond