1 /******************************************************************************
2 *
3 * Copyright (C) 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains functions for BLE address management.
22 *
23 ******************************************************************************/
24
25 #include <string.h>
26
27 #include "bt_types.h"
28 #include "hcimsgs.h"
29 #include "btu.h"
30 #include "btm_int.h"
31
32
33 #if (defined BLE_INCLUDED && BLE_INCLUDED == TRUE)
34 #include "smp_api.h"
35 #define BTM_BLE_PRIVATE_ADDR_INT 900 /* 15 minutes minimum for random address refreshing */
36
37 /*******************************************************************************
38 **
39 ** Function btm_gen_resolve_paddr_cmpl
40 **
41 ** Description This is callback functioin when resolvable private address
42 ** generation is complete.
43 **
44 ** Returns void
45 **
46 *******************************************************************************/
btm_gen_resolve_paddr_cmpl(tSMP_ENC * p)47 static void btm_gen_resolve_paddr_cmpl(tSMP_ENC *p)
48 {
49 tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
50 tBTM_BLE_INQ_CB *p_inq_cb = &btm_cb.ble_ctr_cb.inq_var;
51 BTM_TRACE_EVENT0 ("btm_gen_resolve_paddr_cmpl");
52 if (p && p->param_buf)
53 {
54 /* get the high bytes of the random address */
55 p_cb->private_addr[2] = p->param_buf[0];
56 p_cb->private_addr[1] = p->param_buf[1];
57 p_cb->private_addr[0] = p->param_buf[2];
58 /* mask off the 1st MSB */
59 p_cb->private_addr[0] &= 0xfe;
60 /* set the 2nd MSB to be 1 */
61 p_cb->private_addr[0] |= 0x02;
62 /* set it to controller */
63 btsnd_hcic_ble_set_random_addr(p_cb->private_addr);
64
65 p_inq_cb->own_addr_type = BLE_ADDR_RANDOM;
66
67 /* start a periodical timer to refresh random addr */
68 btu_stop_timer(&p_cb->raddr_timer_ent);
69 btu_start_timer (&p_cb->raddr_timer_ent, BTU_TTYPE_BLE_RANDOM_ADDR,
70 BTM_BLE_PRIVATE_ADDR_INT);
71
72 /* if adv is active, restart adv with new private addr */
73 if (p_inq_cb->adv_mode == BTM_BLE_ADV_ENABLE)
74 {
75 btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_DISABLE);
76
77 btsnd_hcic_ble_write_adv_params (p_inq_cb->adv_interval_min,
78 p_inq_cb->adv_interval_max,
79 p_inq_cb->evt_type,
80 p_inq_cb->own_addr_type,
81 p_inq_cb->direct_bda.type,
82 p_inq_cb->direct_bda.bda,
83 p_inq_cb->adv_chnl_map,
84 p_inq_cb->afp);
85 }
86 }
87 else
88 {
89 /* random address set failure */
90 BTM_TRACE_DEBUG0("set random address failed");
91 }
92 }
93 /*******************************************************************************
94 **
95 ** Function btm_gen_resolve_paddr_low
96 **
97 ** Description This function is called when random address has generate the
98 ** random number base for low 3 byte bd address.
99 **
100 ** Returns void
101 **
102 *******************************************************************************/
btm_gen_resolve_paddr_low(tBTM_RAND_ENC * p)103 static void btm_gen_resolve_paddr_low(tBTM_RAND_ENC *p)
104 {
105 #if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
106 tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
107 tSMP_ENC output;
108
109 BTM_TRACE_EVENT0 ("btm_gen_resolve_paddr_low");
110 if (p && p->param_buf)
111 {
112 p_cb->private_addr[5] = p->param_buf[0];
113 p_cb->private_addr[4] = p->param_buf[1];
114 p_cb->private_addr[3] = p->param_buf[2];
115
116 /* encrypt with ur IRK */
117 if (!SMP_Encrypt(btm_cb.devcb.id_keys.irk, BT_OCTET16_LEN, p->param_buf, 3, &output))
118 {
119 btm_gen_resolve_paddr_cmpl(NULL);
120 }
121 else
122 {
123 btm_gen_resolve_paddr_cmpl(&output);
124 }
125 }
126 #endif
127 }
128 /*******************************************************************************
129 **
130 ** Function btm_gen_resolvable_private_addr
131 **
132 ** Description This function generate a resolvable private address.
133 **
134 ** Returns void
135 **
136 *******************************************************************************/
btm_gen_resolvable_private_addr(void)137 void btm_gen_resolvable_private_addr (void)
138 {
139 BTM_TRACE_EVENT0 ("btm_gen_resolvable_private_addr");
140 /* generate 3B rand as BD LSB, SRK with it, get BD MSB */
141 if (!btsnd_hcic_ble_rand((void *)btm_gen_resolve_paddr_low))
142 btm_gen_resolve_paddr_cmpl(NULL);
143 }
144 /*******************************************************************************
145 **
146 ** Function btm_gen_non_resolve_paddr_cmpl
147 **
148 ** Description This is the callback function when non-resolvable private
149 ** function is generated and write to controller.
150 **
151 ** Returns void
152 **
153 *******************************************************************************/
btm_gen_non_resolve_paddr_cmpl(tBTM_RAND_ENC * p)154 static void btm_gen_non_resolve_paddr_cmpl(tBTM_RAND_ENC *p)
155 {
156 tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
157 UINT8 *pp;
158 BTM_TRACE_EVENT0 ("btm_gen_non_resolve_paddr_cmpl");
159 if (p && p->param_buf)
160 {
161 pp = p->param_buf;
162 STREAM_TO_BDADDR(p_cb->private_addr, pp);
163 /* mask off the 2 MSB */
164 p_cb->private_addr[0] &= 0xfc;
165 /* write to controller */
166 btsnd_hcic_ble_set_random_addr(p_cb->private_addr);
167
168 btm_cb.ble_ctr_cb.inq_var.own_addr_type = BLE_ADDR_RANDOM;
169 }
170 else
171 {
172 BTM_TRACE_DEBUG0("btm_gen_non_resolvable_private_addr failed");
173 }
174 }
175 /*******************************************************************************
176 **
177 ** Function btm_gen_non_resolvable_private_addr
178 **
179 ** Description This function generate a non-resolvable private address.
180 **
181 **
182 ** Returns void
183 **
184 *******************************************************************************/
btm_gen_non_resolvable_private_addr(void)185 void btm_gen_non_resolvable_private_addr (void)
186 {
187 BTM_TRACE_EVENT0 ("btm_gen_non_resolvable_private_addr");
188 if (!btsnd_hcic_ble_rand((void *)btm_gen_non_resolve_paddr_cmpl))
189 {
190 btm_gen_non_resolve_paddr_cmpl(NULL);
191 }
192 }
193 #if SMP_INCLUDED == TRUE
194 /*******************************************************************************
195 ** Utility functions for Random address resolving
196 *******************************************************************************/
197 /*******************************************************************************
198 **
199 ** Function btm_ble_resolve_address_cmpl
200 **
201 ** Description This function sends the random address resolving complete
202 ** callback.
203 **
204 ** Returns None.
205 **
206 *******************************************************************************/
btm_ble_resolve_address_cmpl(void)207 static void btm_ble_resolve_address_cmpl(void)
208 {
209 tBTM_LE_RANDOM_CB *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
210 tBTM_SEC_DEV_REC *p_dev_rec = NULL;
211
212 BTM_TRACE_EVENT0 ("btm_ble_resolve_address_cmpl");
213 if (p_mgnt_cb->index < BTM_SEC_MAX_DEVICE_RECORDS)
214 p_dev_rec = &btm_cb.sec_dev_rec[p_mgnt_cb->index];
215
216 p_mgnt_cb->busy = FALSE;
217
218 (* p_mgnt_cb->p_resolve_cback)(p_dev_rec, p_mgnt_cb->p);
219 }
220 /*******************************************************************************
221 **
222 ** Function btm_ble_proc_resolve_x
223 **
224 ** Description This function compares the X with random address 3 MSO bytes
225 ** to find a match, if not match, continue for next record.
226 **
227 ** Returns None.
228 **
229 *******************************************************************************/
btm_ble_proc_resolve_x(tSMP_ENC * p)230 static BOOLEAN btm_ble_proc_resolve_x(tSMP_ENC *p)
231 {
232 tBTM_LE_RANDOM_CB *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
233 UINT8 comp[3];
234 BTM_TRACE_EVENT0 ("btm_ble_proc_resolve_x");
235 /* compare the hash with 3 LSB of bd address */
236 comp[0] = p_mgnt_cb->random_bda[5];
237 comp[1] = p_mgnt_cb->random_bda[4];
238 comp[2] = p_mgnt_cb->random_bda[3];
239
240 if (p && p->param_buf)
241 {
242 if (!memcmp(p->param_buf, &comp[0], 3))
243 {
244 /* match is found */
245 BTM_TRACE_EVENT0 ("match is found");
246 btm_ble_resolve_address_cmpl();
247 return TRUE;
248 }
249 }
250 return FALSE;
251 }
252 /*******************************************************************************
253 **
254 ** Function btm_ble_match_random_bda
255 **
256 ** Description This function match the random address to the appointed device
257 ** record, starting from calculating IRK. If record index exceed
258 ** the maximum record number, matching failed and send callback.
259 **
260 ** Returns None.
261 **
262 *******************************************************************************/
btm_ble_match_random_bda(UINT16 rec_index)263 static BOOLEAN btm_ble_match_random_bda(UINT16 rec_index)
264 {
265 #if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
266 tBTM_SEC_DEV_REC *p_dev_rec;
267 tBTM_LE_RANDOM_CB *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
268 UINT8 rand[3];
269 tSMP_ENC output;
270
271 /* use the 3 MSB of bd address as prand */
272 rand[0] = p_mgnt_cb->random_bda[2];
273 rand[1] = p_mgnt_cb->random_bda[1];
274 rand[2] = p_mgnt_cb->random_bda[0];
275
276 BTM_TRACE_EVENT1("btm_ble_match_random_bda rec_index = %d", rec_index);
277
278 if (rec_index < BTM_SEC_MAX_DEVICE_RECORDS)
279 {
280 p_dev_rec = &btm_cb.sec_dev_rec[rec_index];
281
282 BTM_TRACE_ERROR2("sec_flags = %02x device_type = %d", p_dev_rec->sec_flags, p_dev_rec->device_type);
283
284 if ((p_dev_rec->device_type == BT_DEVICE_TYPE_BLE) &&
285 (p_dev_rec->ble.key_type & BTM_LE_KEY_PID))
286 {
287 /* generate X = E irk(R0, R1, R2) and R is random address 3 LSO */
288 SMP_Encrypt(p_dev_rec->ble.keys.irk, BT_OCTET16_LEN,
289 &rand[0], 3, &output);
290 return btm_ble_proc_resolve_x(&output);
291 }
292 else
293 {
294 // not completed
295 return FALSE;
296 }
297 }
298 else /* no match found */
299 {
300 btm_ble_resolve_address_cmpl();
301 return TRUE;
302 }
303 #endif
304 }
305
306 /*******************************************************************************
307 **
308 ** Function btm_ble_resolve_random_addr
309 **
310 ** Description This function is called to resolve a random address.
311 **
312 ** Returns pointer to the security record of the device whom a random
313 ** address is matched to.
314 **
315 *******************************************************************************/
btm_ble_resolve_random_addr(BD_ADDR random_bda,tBTM_BLE_RESOLVE_CBACK * p_cback,void * p)316 void btm_ble_resolve_random_addr(BD_ADDR random_bda, tBTM_BLE_RESOLVE_CBACK * p_cback, void *p)
317 {
318 tBTM_LE_RANDOM_CB *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
319
320 BTM_TRACE_EVENT0 ("btm_ble_resolve_random_addr");
321 if ( !p_mgnt_cb->busy)
322 {
323 p_mgnt_cb->p = p;
324 p_mgnt_cb->busy = TRUE;
325 p_mgnt_cb->index = 0;
326 p_mgnt_cb->p_resolve_cback = p_cback;
327 memcpy(p_mgnt_cb->random_bda, random_bda, BD_ADDR_LEN);
328 /* start to resolve random address */
329 /* check for next security record */
330 while (TRUE)
331 {
332 if (btm_ble_match_random_bda(p_mgnt_cb->index++))
333 {
334 // match found or went through the list
335 break;
336 }
337 }
338 }
339 else
340 (*p_cback)(NULL, p);
341 }
342 #endif
343 /*******************************************************************************
344 ** address mapping between pseudo address and real connection address
345 *******************************************************************************/
346 /*******************************************************************************
347 **
348 ** Function btm_ble_map_bda_to_conn_bda
349 **
350 ** Description This function map a BD address to the real connection address
351 ** and return the connection address type.
352 *******************************************************************************/
btm_ble_map_bda_to_conn_bda(BD_ADDR bd_addr)353 tBLE_ADDR_TYPE btm_ble_map_bda_to_conn_bda(BD_ADDR bd_addr)
354 {
355 tBTM_SEC_DEV_REC *p_dev_rec = NULL;
356 BTM_TRACE_EVENT0 ("btm_ble_map_bda_to_conn_bda");
357 if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL &&
358 p_dev_rec->device_type == BT_DEVICE_TYPE_BLE)
359 {
360 if (p_dev_rec->ble.ble_addr_type != BLE_ADDR_PUBLIC)
361 {
362 memcpy(bd_addr, p_dev_rec->ble.static_addr, BD_ADDR_LEN);
363 }
364 return p_dev_rec->ble.ble_addr_type;
365 }
366 else
367 return BLE_ADDR_PUBLIC;
368 }
369 /*******************************************************************************
370 **
371 ** Function btm_ble_map_bda_to_pseudo_bda
372 **
373 ** Description This function map a BD address to a pseudo address when the
374 ** address given is a random address.
375 **
376 *******************************************************************************/
btm_ble_map_bda_to_pseudo_bda(BD_ADDR bd_addr)377 void btm_ble_map_bda_to_pseudo_bda(BD_ADDR bd_addr)
378 {
379 BTM_TRACE_EVENT0 ("btm_ble_map_bda_to_pseudo_bda");
380 }
381 #endif
382
383
384