• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /******************************************************************************
2  *
3  *  Copyright (C) 1999-2012 Broadcom Corporation
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 /******************************************************************************
20  *
21  *  This file contains functions for BLE address management.
22  *
23  ******************************************************************************/
24 
25 #include <string.h>
26 
27 #include "bt_types.h"
28 #include "hcimsgs.h"
29 #include "btu.h"
30 #include "btm_int.h"
31 
32 
33 #if (defined BLE_INCLUDED && BLE_INCLUDED == TRUE)
34     #include "smp_api.h"
35     #define BTM_BLE_PRIVATE_ADDR_INT    900             /* 15 minutes minimum for random address refreshing */
36 
37 /*******************************************************************************
38 **
39 ** Function         btm_gen_resolve_paddr_cmpl
40 **
41 ** Description      This is callback functioin when resolvable private address
42 **                  generation is complete.
43 **
44 ** Returns          void
45 **
46 *******************************************************************************/
btm_gen_resolve_paddr_cmpl(tSMP_ENC * p)47 static void btm_gen_resolve_paddr_cmpl(tSMP_ENC *p)
48 {
49     tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
50     tBTM_BLE_INQ_CB  *p_inq_cb = &btm_cb.ble_ctr_cb.inq_var;
51     BTM_TRACE_EVENT0 ("btm_gen_resolve_paddr_cmpl");
52     if (p && p->param_buf)
53     {
54         /* get the high bytes of the random address */
55         p_cb->private_addr[2] = p->param_buf[0];
56         p_cb->private_addr[1] = p->param_buf[1];
57         p_cb->private_addr[0] = p->param_buf[2];
58         /* mask off the 1st MSB */
59         p_cb->private_addr[0] &= 0xfe;
60         /* set the 2nd MSB to be 1 */
61         p_cb->private_addr[0] |= 0x02;
62         /* set it to controller */
63         btsnd_hcic_ble_set_random_addr(p_cb->private_addr);
64 
65         p_inq_cb->own_addr_type = BLE_ADDR_RANDOM;
66 
67         /* start a periodical timer to refresh random addr */
68         btu_stop_timer(&p_cb->raddr_timer_ent);
69         btu_start_timer (&p_cb->raddr_timer_ent, BTU_TTYPE_BLE_RANDOM_ADDR,
70                          BTM_BLE_PRIVATE_ADDR_INT);
71 
72         /* if adv is active, restart adv with new private addr */
73         if (p_inq_cb->adv_mode == BTM_BLE_ADV_ENABLE)
74         {
75             btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_DISABLE);
76 
77             btsnd_hcic_ble_write_adv_params (p_inq_cb->adv_interval_min,
78                                              p_inq_cb->adv_interval_max,
79                                              p_inq_cb->evt_type,
80                                              p_inq_cb->own_addr_type,
81                                              p_inq_cb->direct_bda.type,
82                                              p_inq_cb->direct_bda.bda,
83                                              p_inq_cb->adv_chnl_map,
84                                              p_inq_cb->afp);
85         }
86     }
87     else
88     {
89         /* random address set failure */
90         BTM_TRACE_DEBUG0("set random address failed");
91     }
92 }
93 /*******************************************************************************
94 **
95 ** Function         btm_gen_resolve_paddr_low
96 **
97 ** Description      This function is called when random address has generate the
98 **                  random number base for low 3 byte bd address.
99 **
100 ** Returns          void
101 **
102 *******************************************************************************/
btm_gen_resolve_paddr_low(tBTM_RAND_ENC * p)103 static void btm_gen_resolve_paddr_low(tBTM_RAND_ENC *p)
104 {
105 #if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
106     tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
107     tSMP_ENC    output;
108 
109     BTM_TRACE_EVENT0 ("btm_gen_resolve_paddr_low");
110     if (p && p->param_buf)
111     {
112         p_cb->private_addr[5] = p->param_buf[0];
113         p_cb->private_addr[4] = p->param_buf[1];
114         p_cb->private_addr[3] = p->param_buf[2];
115 
116         /* encrypt with ur IRK */
117         if (!SMP_Encrypt(btm_cb.devcb.id_keys.irk, BT_OCTET16_LEN, p->param_buf, 3, &output))
118         {
119             btm_gen_resolve_paddr_cmpl(NULL);
120         }
121         else
122         {
123             btm_gen_resolve_paddr_cmpl(&output);
124         }
125     }
126 #endif
127 }
128 /*******************************************************************************
129 **
130 ** Function         btm_gen_resolvable_private_addr
131 **
132 ** Description      This function generate a resolvable private address.
133 **
134 ** Returns          void
135 **
136 *******************************************************************************/
btm_gen_resolvable_private_addr(void)137 void btm_gen_resolvable_private_addr (void)
138 {
139     BTM_TRACE_EVENT0 ("btm_gen_resolvable_private_addr");
140     /* generate 3B rand as BD LSB, SRK with it, get BD MSB */
141     if (!btsnd_hcic_ble_rand((void *)btm_gen_resolve_paddr_low))
142         btm_gen_resolve_paddr_cmpl(NULL);
143 }
144 /*******************************************************************************
145 **
146 ** Function         btm_gen_non_resolve_paddr_cmpl
147 **
148 ** Description      This is the callback function when non-resolvable private
149 **                  function is generated and write to controller.
150 **
151 ** Returns          void
152 **
153 *******************************************************************************/
btm_gen_non_resolve_paddr_cmpl(tBTM_RAND_ENC * p)154 static void btm_gen_non_resolve_paddr_cmpl(tBTM_RAND_ENC *p)
155 {
156     tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
157     UINT8   *pp;
158     BTM_TRACE_EVENT0 ("btm_gen_non_resolve_paddr_cmpl");
159     if (p && p->param_buf)
160     {
161         pp = p->param_buf;
162         STREAM_TO_BDADDR(p_cb->private_addr, pp);
163         /* mask off the 2 MSB */
164         p_cb->private_addr[0] &= 0xfc;
165         /* write to controller */
166         btsnd_hcic_ble_set_random_addr(p_cb->private_addr);
167 
168         btm_cb.ble_ctr_cb.inq_var.own_addr_type = BLE_ADDR_RANDOM;
169     }
170     else
171     {
172         BTM_TRACE_DEBUG0("btm_gen_non_resolvable_private_addr failed");
173     }
174 }
175 /*******************************************************************************
176 **
177 ** Function         btm_gen_non_resolvable_private_addr
178 **
179 ** Description      This function generate a non-resolvable private address.
180 **
181 **
182 ** Returns          void
183 **
184 *******************************************************************************/
btm_gen_non_resolvable_private_addr(void)185 void btm_gen_non_resolvable_private_addr (void)
186 {
187     BTM_TRACE_EVENT0 ("btm_gen_non_resolvable_private_addr");
188     if (!btsnd_hcic_ble_rand((void *)btm_gen_non_resolve_paddr_cmpl))
189     {
190         btm_gen_non_resolve_paddr_cmpl(NULL);
191     }
192 }
193     #if SMP_INCLUDED == TRUE
194 /*******************************************************************************
195 **  Utility functions for Random address resolving
196 *******************************************************************************/
197 /*******************************************************************************
198 **
199 ** Function         btm_ble_resolve_address_cmpl
200 **
201 ** Description      This function sends the random address resolving complete
202 **                  callback.
203 **
204 ** Returns          None.
205 **
206 *******************************************************************************/
btm_ble_resolve_address_cmpl(void)207 static void btm_ble_resolve_address_cmpl(void)
208 {
209     tBTM_LE_RANDOM_CB   *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
210     tBTM_SEC_DEV_REC    *p_dev_rec = NULL;
211 
212     BTM_TRACE_EVENT0 ("btm_ble_resolve_address_cmpl");
213     if (p_mgnt_cb->index < BTM_SEC_MAX_DEVICE_RECORDS)
214         p_dev_rec = &btm_cb.sec_dev_rec[p_mgnt_cb->index];
215 
216     p_mgnt_cb->busy = FALSE;
217 
218     (* p_mgnt_cb->p_resolve_cback)(p_dev_rec, p_mgnt_cb->p);
219 }
220 /*******************************************************************************
221 **
222 ** Function         btm_ble_proc_resolve_x
223 **
224 ** Description      This function compares the X with random address 3 MSO bytes
225 **                  to find a match, if not match, continue for next record.
226 **
227 ** Returns          None.
228 **
229 *******************************************************************************/
btm_ble_proc_resolve_x(tSMP_ENC * p)230 static BOOLEAN btm_ble_proc_resolve_x(tSMP_ENC *p)
231 {
232     tBTM_LE_RANDOM_CB   *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
233     UINT8    comp[3];
234     BTM_TRACE_EVENT0 ("btm_ble_proc_resolve_x");
235     /* compare the hash with 3 LSB of bd address */
236     comp[0] = p_mgnt_cb->random_bda[5];
237     comp[1] = p_mgnt_cb->random_bda[4];
238     comp[2] = p_mgnt_cb->random_bda[3];
239 
240     if (p && p->param_buf)
241     {
242         if (!memcmp(p->param_buf, &comp[0], 3))
243         {
244             /* match is found */
245             BTM_TRACE_EVENT0 ("match is found");
246             btm_ble_resolve_address_cmpl();
247             return TRUE;
248         }
249     }
250     return FALSE;
251 }
252 /*******************************************************************************
253 **
254 ** Function         btm_ble_match_random_bda
255 **
256 ** Description      This function match the random address to the appointed device
257 **                  record, starting from calculating IRK. If record index exceed
258 **                  the maximum record number, matching failed and send callback.
259 **
260 ** Returns          None.
261 **
262 *******************************************************************************/
btm_ble_match_random_bda(UINT16 rec_index)263 static BOOLEAN btm_ble_match_random_bda(UINT16 rec_index)
264 {
265 #if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
266     tBTM_SEC_DEV_REC    *p_dev_rec;
267     tBTM_LE_RANDOM_CB   *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
268     UINT8       rand[3];
269     tSMP_ENC    output;
270 
271     /* use the 3 MSB of bd address as prand */
272     rand[0] = p_mgnt_cb->random_bda[2];
273     rand[1] = p_mgnt_cb->random_bda[1];
274     rand[2] = p_mgnt_cb->random_bda[0];
275 
276     BTM_TRACE_EVENT1("btm_ble_match_random_bda rec_index = %d", rec_index);
277 
278     if (rec_index < BTM_SEC_MAX_DEVICE_RECORDS)
279     {
280         p_dev_rec = &btm_cb.sec_dev_rec[rec_index];
281 
282         BTM_TRACE_ERROR2("sec_flags = %02x device_type = %d", p_dev_rec->sec_flags, p_dev_rec->device_type);
283 
284         if ((p_dev_rec->device_type == BT_DEVICE_TYPE_BLE) &&
285             (p_dev_rec->ble.key_type & BTM_LE_KEY_PID))
286         {
287             /* generate X = E irk(R0, R1, R2) and R is random address 3 LSO */
288             SMP_Encrypt(p_dev_rec->ble.keys.irk, BT_OCTET16_LEN,
289                         &rand[0], 3, &output);
290             return btm_ble_proc_resolve_x(&output);
291         }
292         else
293         {
294             // not completed
295             return FALSE;
296         }
297     }
298     else /* no  match found */
299     {
300         btm_ble_resolve_address_cmpl();
301         return TRUE;
302     }
303 #endif
304 }
305 
306 /*******************************************************************************
307 **
308 ** Function         btm_ble_resolve_random_addr
309 **
310 ** Description      This function is called to resolve a random address.
311 **
312 ** Returns          pointer to the security record of the device whom a random
313 **                  address is matched to.
314 **
315 *******************************************************************************/
btm_ble_resolve_random_addr(BD_ADDR random_bda,tBTM_BLE_RESOLVE_CBACK * p_cback,void * p)316 void btm_ble_resolve_random_addr(BD_ADDR random_bda, tBTM_BLE_RESOLVE_CBACK * p_cback, void *p)
317 {
318     tBTM_LE_RANDOM_CB   *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
319 
320     BTM_TRACE_EVENT0 ("btm_ble_resolve_random_addr");
321     if ( !p_mgnt_cb->busy)
322     {
323         p_mgnt_cb->p = p;
324         p_mgnt_cb->busy = TRUE;
325         p_mgnt_cb->index = 0;
326         p_mgnt_cb->p_resolve_cback = p_cback;
327         memcpy(p_mgnt_cb->random_bda, random_bda, BD_ADDR_LEN);
328         /* start to resolve random address */
329         /* check for next security record */
330         while (TRUE)
331         {
332             if (btm_ble_match_random_bda(p_mgnt_cb->index++))
333             {
334                 // match found or went through the list
335                 break;
336             }
337         }
338     }
339     else
340         (*p_cback)(NULL, p);
341 }
342     #endif
343 /*******************************************************************************
344 **  address mapping between pseudo address and real connection address
345 *******************************************************************************/
346 /*******************************************************************************
347 **
348 ** Function         btm_ble_map_bda_to_conn_bda
349 **
350 ** Description      This function map a BD address to the real connection address
351 **                  and return the connection address type.
352 *******************************************************************************/
btm_ble_map_bda_to_conn_bda(BD_ADDR bd_addr)353 tBLE_ADDR_TYPE btm_ble_map_bda_to_conn_bda(BD_ADDR bd_addr)
354 {
355     tBTM_SEC_DEV_REC    *p_dev_rec = NULL;
356     BTM_TRACE_EVENT0 ("btm_ble_map_bda_to_conn_bda");
357     if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL &&
358         p_dev_rec->device_type == BT_DEVICE_TYPE_BLE)
359     {
360         if (p_dev_rec->ble.ble_addr_type != BLE_ADDR_PUBLIC)
361         {
362             memcpy(bd_addr, p_dev_rec->ble.static_addr, BD_ADDR_LEN);
363         }
364         return p_dev_rec->ble.ble_addr_type;
365     }
366     else
367         return BLE_ADDR_PUBLIC;
368 }
369 /*******************************************************************************
370 **
371 ** Function         btm_ble_map_bda_to_pseudo_bda
372 **
373 ** Description      This function map a BD address to a pseudo address when the
374 **                  address given is a random address.
375 **
376 *******************************************************************************/
btm_ble_map_bda_to_pseudo_bda(BD_ADDR bd_addr)377 void btm_ble_map_bda_to_pseudo_bda(BD_ADDR bd_addr)
378 {
379     BTM_TRACE_EVENT0 ("btm_ble_map_bda_to_pseudo_bda");
380 }
381 #endif
382 
383 
384