fix(ble): Fix authentication deadlock

lucasssvaz · lucasssvaz · commit 8ec38d74500c · 2025-10-24T16:26:14.000-03:00
diff --git a/libraries/BLE/src/BLEDevice.cpp b/libraries/BLE/src/BLEDevice.cpp
@@ -960,6 +960,10 @@ void BLEDevice::gapEventHandler(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_par
     {
       log_i("ESP_GAP_BLE_AUTH_CMPL_EVT");
 #ifdef CONFIG_BLE_SMP_ENABLE  // Check that BLE SMP (security) is configured in make menuconfig
+      // Signal that authentication has completed
+      // This unblocks any GATT operations waiting for pairing when bonding is enabled
+      BLESecurity::signalAuthenticationComplete();
+
       if (BLEDevice::m_securityCallbacks != nullptr) {
         BLEDevice::m_securityCallbacks->onAuthenticationComplete(param->ble_security.auth_cmpl);
       }
diff --git a/libraries/BLE/src/BLERemoteCharacteristic.cpp b/libraries/BLE/src/BLERemoteCharacteristic.cpp
@@ -565,6 +565,10 @@ String BLERemoteCharacteristic::readValue() {
     return String();
   }
 
+  // Wait for authentication to complete if bonding is enabled
+  // This prevents the read request from being made while pairing is in progress
+  BLESecurity::waitForAuthenticationComplete();
+
   m_semaphoreReadCharEvt.take("readValue");
 
   // Ask the BLE subsystem to retrieve the value for the remote hosted characteristic.
@@ -607,6 +611,10 @@ bool BLERemoteCharacteristic::writeValue(uint8_t *data, size_t length, bool resp
     return false;
   }
 
+  // Wait for authentication to complete if bonding is enabled
+  // This prevents the write request from being made while pairing is in progress
+  BLESecurity::waitForAuthenticationComplete();
+
   m_semaphoreWriteCharEvt.take("writeValue");
   // Invoke the ESP-IDF API to perform the write.
   esp_err_t errRc = ::esp_ble_gattc_write_char(
diff --git a/libraries/BLE/src/BLESecurity.cpp b/libraries/BLE/src/BLESecurity.cpp
@@ -46,6 +46,7 @@ bool BLESecurity::m_securityStarted = false;
 bool BLESecurity::m_passkeySet = false;
 bool BLESecurity::m_staticPasskey = true;
 bool BLESecurity::m_regenOnConnect = false;
+bool BLESecurity::m_authenticationComplete = false;
 uint8_t BLESecurity::m_iocap = ESP_IO_CAP_NONE;
 uint8_t BLESecurity::m_authReq = 0;
 uint8_t BLESecurity::m_initKey = 0;
@@ -59,6 +60,7 @@ uint32_t BLESecurity::m_passkey = BLE_SM_DEFAULT_PASSKEY;
 #if defined(CONFIG_BLUEDROID_ENABLED)
 uint8_t BLESecurity::m_keySize = 16;
 esp_ble_sec_act_t BLESecurity::m_securityLevel;
+FreeRTOS::Semaphore *BLESecurity::m_authCompleteSemaphore = nullptr;
 #endif
 
 /***************************************************************************
@@ -191,6 +193,7 @@ void BLESecurity::regenPassKeyOnConnect(bool enable) {
 void BLESecurity::resetSecurity() {
   log_d("resetSecurity: Resetting security state");
   m_securityStarted = false;
+  m_authenticationComplete = false;
 }
 
 // This function sets the authentication mode with bonding, MITM, and secure connection options.
@@ -263,6 +266,48 @@ bool BLESecurityCallbacks::onAuthorizationRequest(uint16_t connHandle, uint16_t
   return true;
 }
 
+// This function waits for authentication to complete when bonding is enabled
+// It prevents GATT operations from proceeding before pairing completes
+void BLESecurity::waitForAuthenticationComplete(uint32_t timeoutMs) {
+#if defined(CONFIG_BLUEDROID_ENABLED)
+  // Only wait if bonding is enabled
+  if ((m_authReq & ESP_LE_AUTH_BOND) == 0) {
+    return;
+  }
+
+  // If already authenticated, no need to wait
+  if (m_authenticationComplete) {
+    return;
+  }
+
+  // Semaphore should have been created in startSecurity()
+  if (m_authCompleteSemaphore == nullptr) {
+    log_e("Authentication semaphore not initialized");
+    return;
+  }
+
+  // Wait for authentication with timeout
+  bool success = m_authCompleteSemaphore->timedWait("waitForAuthenticationComplete", timeoutMs / portTICK_PERIOD_MS);
+
+  if (!success) {
+    log_w("Timeout waiting for authentication to complete");
+  }
+#endif
+}
+
+// This function signals that authentication has completed
+// Called from ESP_GAP_BLE_AUTH_CMPL_EVT handler
+void BLESecurity::signalAuthenticationComplete() {
+#if defined(CONFIG_BLUEDROID_ENABLED)
+  m_authenticationComplete = true;
+
+  // Signal waiting threads if semaphore exists
+  if (m_authCompleteSemaphore != nullptr) {
+    m_authCompleteSemaphore->give();
+  }
+#endif
+}
+
 /***************************************************************************
  *                          Bluedroid functions                            *
  ***************************************************************************/
@@ -285,6 +330,18 @@ bool BLESecurity::startSecurity(esp_bd_addr_t bd_addr, int *rcPtr) {
   }
 
   if (m_securityEnabled) {
+    // Initialize semaphore before starting security to avoid race condition
+    if (m_authCompleteSemaphore == nullptr) {
+      m_authCompleteSemaphore = new FreeRTOS::Semaphore("AuthComplete");
+    }
+
+    // Reset authentication complete flag when starting new security negotiation
+    m_authenticationComplete = false;
+
+    // Consume any pending semaphore signals from previous operations
+    // This ensures the next wait will block until the new auth completes
+    m_authCompleteSemaphore->take("startSecurity-reset");
+
     int rc = esp_ble_set_encryption(bd_addr, m_securityLevel);
     if (rc != ESP_OK) {
       log_e("esp_ble_set_encryption: rc=%d %s", rc, GeneralUtils::errorToString(rc));
diff --git a/libraries/BLE/src/BLESecurity.h b/libraries/BLE/src/BLESecurity.h
@@ -25,6 +25,7 @@
 #include "BLEDevice.h"
 #include "BLEClient.h"
 #include "BLEServer.h"
+#include "RTOS.h"
 
 /***************************************************************************
  *                           Bluedroid includes                            *
@@ -104,6 +105,8 @@ class BLESecurity {
   static uint32_t generateRandomPassKey();
   static void regenPassKeyOnConnect(bool enable = false);
   static void resetSecurity();
+  static void waitForAuthenticationComplete(uint32_t timeoutMs = 10000);
+  static void signalAuthenticationComplete();
 
   /***************************************************************************
    *                       Bluedroid public declarations                     *
@@ -140,6 +143,7 @@ class BLESecurity {
   static bool m_passkeySet;
   static bool m_staticPasskey;
   static bool m_regenOnConnect;
+  static bool m_authenticationComplete;
   static uint8_t m_iocap;
   static uint8_t m_authReq;
   static uint8_t m_initKey;
@@ -153,6 +157,7 @@ class BLESecurity {
 #if defined(CONFIG_BLUEDROID_ENABLED)
   static uint8_t m_keySize;
   static esp_ble_sec_act_t m_securityLevel;
+  static class FreeRTOS::Semaphore *m_authCompleteSemaphore;
 #endif
 
 };  // BLESecurity

Original file line number	Diff line number	Diff line change
`@@ -960,6 +960,10 @@ void BLEDevice::gapEventHandler(esp_gap_ble_cb_event_t event, esp_ble_gap_cb_par`
`960`	`960`	`{`
`961`	`961`	`log_i("ESP_GAP_BLE_AUTH_CMPL_EVT");`
`962`	`962`	`#ifdef CONFIG_BLE_SMP_ENABLE // Check that BLE SMP (security) is configured in make menuconfig`
	`963`	`+ // Signal that authentication has completed`
	`964`	`+ // This unblocks any GATT operations waiting for pairing when bonding is enabled`
	`965`	`+ BLESecurity::signalAuthenticationComplete();`
	`966`	`+`
`963`	`967`	`if (BLEDevice::m_securityCallbacks != nullptr) {`
`964`	`968`	`BLEDevice::m_securityCallbacks->onAuthenticationComplete(param->ble_security.auth_cmpl);`
`965`	`969`	`}`