1 /******************************************************************************
3 * Copyright (C) 1999-2012 Broadcom Corporation
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 ******************************************************************************/
19 /******************************************************************************
21 * This file contains functions for BLE address management.
23 ******************************************************************************/
27 #include "stack/bt_types.h"
28 #include "stack/hcimsgs.h"
29 #include "stack/btu.h"
31 #include "stack/gap_api.h"
32 #include "device/controller.h"
34 #if (defined BLE_INCLUDED && BLE_INCLUDED == TRUE)
35 #include "btm_ble_int.h"
36 #include "stack/smp_api.h"
39 /*******************************************************************************
41 ** Function btm_gen_resolve_paddr_cmpl
43 ** Description This is callback functioin when resolvable private address
44 ** generation is complete.
48 *******************************************************************************/
49 static void btm_gen_resolve_paddr_cmpl(tSMP_ENC *p)
51 tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
52 BTM_TRACE_EVENT ("btm_gen_resolve_paddr_cmpl");
55 /* set hash to be LSB of rpAddress */
56 p_cb->private_addr[5] = p->param_buf[0];
57 p_cb->private_addr[4] = p->param_buf[1];
58 p_cb->private_addr[3] = p->param_buf[2];
59 /* set it to controller */
60 btsnd_hcic_ble_set_random_addr(p_cb->private_addr);
62 p_cb->own_addr_type = BLE_ADDR_RANDOM;
63 if (p_cb->set_local_privacy_cback){
64 (*p_cb->set_local_privacy_cback)(BTM_SET_PRIVACY_SUCCESS);
65 p_cb->set_local_privacy_cback = NULL;
68 /* start a periodical timer to refresh random addr */
69 btu_stop_timer_oneshot(&p_cb->raddr_timer_ent);
70 #if (BTM_BLE_CONFORMANCE_TESTING == TRUE)
71 btu_start_timer_oneshot(&p_cb->raddr_timer_ent, BTU_TTYPE_BLE_RANDOM_ADDR,
72 btm_cb.ble_ctr_cb.rpa_tout);
74 btu_start_timer_oneshot(&p_cb->raddr_timer_ent, BTU_TTYPE_BLE_RANDOM_ADDR,
75 BTM_BLE_PRIVATE_ADDR_INT);
78 /* random address set failure */
79 BTM_TRACE_DEBUG("set random address failed");
80 if (p_cb->set_local_privacy_cback){
81 (*p_cb->set_local_privacy_cback)(BTM_SET_PRIVACY_FAIL);
82 p_cb->set_local_privacy_cback = NULL;
86 /*******************************************************************************
88 ** Function btm_gen_resolve_paddr_low
90 ** Description This function is called when random address has generate the
91 ** random number base for low 3 byte bd address.
95 *******************************************************************************/
96 void btm_gen_resolve_paddr_low(tBTM_RAND_ENC *p)
98 #if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
99 tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
102 BTM_TRACE_EVENT ("btm_gen_resolve_paddr_low");
104 p->param_buf[2] &= (~BLE_RESOLVE_ADDR_MASK);
105 p->param_buf[2] |= BLE_RESOLVE_ADDR_MSB;
107 p_cb->private_addr[2] = p->param_buf[0];
108 p_cb->private_addr[1] = p->param_buf[1];
109 p_cb->private_addr[0] = p->param_buf[2];
111 /* encrypt with ur IRK */
112 if (!SMP_Encrypt(btm_cb.devcb.id_keys.irk, BT_OCTET16_LEN, p->param_buf, 3, &output)) {
113 btm_gen_resolve_paddr_cmpl(NULL);
115 btm_gen_resolve_paddr_cmpl(&output);
120 /*******************************************************************************
122 ** Function btm_gen_resolvable_private_addr
124 ** Description This function generate a resolvable private address.
128 *******************************************************************************/
129 void btm_gen_resolvable_private_addr (void *p_cmd_cplt_cback)
131 BTM_TRACE_EVENT ("btm_gen_resolvable_private_addr");
132 /* generate 3B rand as BD LSB, SRK with it, get BD MSB */
133 if (!btsnd_hcic_ble_rand((void *)p_cmd_cplt_cback)) {
134 btm_gen_resolve_paddr_cmpl(NULL);
137 /*******************************************************************************
139 ** Function btm_gen_non_resolve_paddr_cmpl
141 ** Description This is the callback function when non-resolvable private
142 ** function is generated and write to controller.
146 *******************************************************************************/
147 static void btm_gen_non_resolve_paddr_cmpl(tBTM_RAND_ENC *p)
149 tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
150 tBTM_BLE_ADDR_CBACK *p_cback = p_cb->p_generate_cback;
151 void *p_data = p_cb->p;
153 BD_ADDR static_random;
155 BTM_TRACE_EVENT ("btm_gen_non_resolve_paddr_cmpl");
157 p_cb->p_generate_cback = NULL;
161 STREAM_TO_BDADDR(static_random, pp);
162 /* mask off the 2 MSB */
163 static_random[0] &= BLE_STATIC_PRIVATE_MSB_MASK;
165 /* report complete */
167 (* p_cback)(static_random, p_data);
170 BTM_TRACE_DEBUG("btm_gen_non_resolvable_private_addr failed");
172 (* p_cback)(NULL, p_data);
176 /*******************************************************************************
178 ** Function btm_gen_non_resolvable_private_addr
180 ** Description This function generate a non-resolvable private address.
185 *******************************************************************************/
186 void btm_gen_non_resolvable_private_addr (tBTM_BLE_ADDR_CBACK *p_cback, void *p)
188 tBTM_LE_RANDOM_CB *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
190 BTM_TRACE_EVENT ("btm_gen_non_resolvable_private_addr");
192 if (p_mgnt_cb->p_generate_cback != NULL) {
196 p_mgnt_cb->p_generate_cback = p_cback;
198 if (!btsnd_hcic_ble_rand((void *)btm_gen_non_resolve_paddr_cmpl)) {
199 btm_gen_non_resolve_paddr_cmpl(NULL);
204 /*******************************************************************************
205 ** Utility functions for Random address resolving
206 *******************************************************************************/
207 /*******************************************************************************
209 ** Function btm_ble_resolve_address_cmpl
211 ** Description This function sends the random address resolving complete
216 *******************************************************************************/
217 #if SMP_INCLUDED == TRUE
218 static void btm_ble_resolve_address_cmpl(void)
220 tBTM_LE_RANDOM_CB *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
221 tBTM_SEC_DEV_REC *p_dev_rec = NULL;
223 BTM_TRACE_EVENT ("btm_ble_resolve_address_cmpl p_mgnt_cb->index = %d", p_mgnt_cb->index);
225 if (p_mgnt_cb->index < BTM_SEC_MAX_DEVICE_RECORDS) {
226 p_dev_rec = &btm_cb.sec_dev_rec[p_mgnt_cb->index];
229 p_mgnt_cb->busy = FALSE;
231 (* p_mgnt_cb->p_resolve_cback)(p_dev_rec, p_mgnt_cb->p);
233 /*******************************************************************************
235 ** Function btm_ble_proc_resolve_x
237 ** Description This function compares the X with random address 3 MSO bytes
238 ** to find a match, if not match, continue for next record.
242 *******************************************************************************/
243 static BOOLEAN btm_ble_proc_resolve_x(tSMP_ENC *p)
245 tBTM_LE_RANDOM_CB *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
247 BTM_TRACE_EVENT ("btm_ble_proc_resolve_x");
248 /* compare the hash with 3 LSB of bd address */
249 comp[0] = p_mgnt_cb->random_bda[5];
250 comp[1] = p_mgnt_cb->random_bda[4];
251 comp[2] = p_mgnt_cb->random_bda[3];
254 if (!memcmp(p->param_buf, &comp[0], 3)) {
256 BTM_TRACE_EVENT ("match is found");
257 btm_ble_resolve_address_cmpl();
264 #endif ///SMP_INCLUDED == TRUE
266 /*******************************************************************************
268 ** Function btm_ble_init_pseudo_addr
270 ** Description This function is used to initialize pseudo address.
271 ** If pseudo address is not available, use dummy address
273 ** Returns TRUE is updated; FALSE otherwise.
275 *******************************************************************************/
276 BOOLEAN btm_ble_init_pseudo_addr (tBTM_SEC_DEV_REC *p_dev_rec, BD_ADDR new_pseudo_addr)
278 #if (SMP_INCLUDED == TRUE)
279 BD_ADDR dummy_bda = {0};
281 if (memcmp(p_dev_rec->ble.pseudo_addr, dummy_bda, BD_ADDR_LEN) == 0) {
282 memcpy(p_dev_rec->ble.pseudo_addr, new_pseudo_addr, BD_ADDR_LEN);
285 #endif ///SMP_INCLUDED == TRUE
289 /*******************************************************************************
291 ** Function btm_ble_addr_resolvable
293 ** Description This function checks if a RPA is resolvable by the device key.
295 ** Returns TRUE is resolvable; FALSE otherwise.
297 *******************************************************************************/
298 BOOLEAN btm_ble_addr_resolvable (BD_ADDR rpa, tBTM_SEC_DEV_REC *p_dev_rec)
301 #if (SMP_INCLUDED == TRUE)
302 if (!BTM_BLE_IS_RESOLVE_BDA(rpa)) {
308 if ((p_dev_rec->device_type & BT_DEVICE_TYPE_BLE) &&
309 (p_dev_rec->ble.key_type & BTM_LE_KEY_PID)) {
310 BTM_TRACE_DEBUG("%s try to resolve", __func__);
311 /* use the 3 MSB of bd address as prand */
316 /* generate X = E irk(R0, R1, R2) and R is random address 3 LSO */
317 SMP_Encrypt(p_dev_rec->ble.keys.irk, BT_OCTET16_LEN,
318 &rand[0], 3, &output);
324 if (!memcmp(output.param_buf, &rand[0], 3)) {
325 btm_ble_init_pseudo_addr (p_dev_rec, rpa);
329 #endif ///SMP_INCLUDED == TRUE
333 #if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
334 /*******************************************************************************
336 ** Function btm_ble_match_random_bda
338 ** Description This function match the random address to the appointed device
339 ** record, starting from calculating IRK. If record index exceed
340 ** the maximum record number, matching failed and send callback.
344 *******************************************************************************/
345 static BOOLEAN btm_ble_match_random_bda(UINT16 rec_index)
347 /* use the 3 MSB of bd address as prand */
349 tBTM_LE_RANDOM_CB *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
351 rand[0] = p_mgnt_cb->random_bda[2];
352 rand[1] = p_mgnt_cb->random_bda[1];
353 rand[2] = p_mgnt_cb->random_bda[0];
355 BTM_TRACE_EVENT("%s rec_index = %d", __func__, rec_index);
357 if (rec_index < BTM_SEC_MAX_DEVICE_RECORDS) {
359 tBTM_SEC_DEV_REC *p_dev_rec;
360 p_dev_rec = &btm_cb.sec_dev_rec[rec_index];
362 BTM_TRACE_DEBUG("sec_flags = %02x device_type = %d", p_dev_rec->sec_flags,
363 p_dev_rec->device_type);
365 if ((p_dev_rec->device_type & BT_DEVICE_TYPE_BLE) &&
366 (p_dev_rec->ble.key_type & BTM_LE_KEY_PID)) {
367 /* generate X = E irk(R0, R1, R2) and R is random address 3 LSO */
368 SMP_Encrypt(p_dev_rec->ble.keys.irk, BT_OCTET16_LEN,
369 &rand[0], 3, &output);
370 return btm_ble_proc_resolve_x(&output);
375 } else { /* no match found */
376 btm_ble_resolve_address_cmpl();
380 #endif ///BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE
382 /*******************************************************************************
384 ** Function btm_ble_resolve_random_addr
386 ** Description This function is called to resolve a random address.
388 ** Returns pointer to the security record of the device whom a random
389 ** address is matched to.
391 *******************************************************************************/
392 void btm_ble_resolve_random_addr(BD_ADDR random_bda, tBTM_BLE_RESOLVE_CBACK *p_cback, void *p)
394 #if (SMP_INCLUDED == TRUE)
395 tBTM_LE_RANDOM_CB *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
397 BTM_TRACE_EVENT ("btm_ble_resolve_random_addr");
398 if ( !p_mgnt_cb->busy) {
400 p_mgnt_cb->busy = TRUE;
401 p_mgnt_cb->index = 0;
402 p_mgnt_cb->p_resolve_cback = p_cback;
403 memcpy(p_mgnt_cb->random_bda, random_bda, BD_ADDR_LEN);
404 /* start to resolve random address */
405 /* check for next security record */
407 if (btm_ble_match_random_bda(p_mgnt_cb->index)) {
408 /* atch found or went through the list */
421 /*******************************************************************************
422 ** address mapping between pseudo address and real connection address
423 *******************************************************************************/
424 /*******************************************************************************
426 ** Function btm_find_dev_by_identity_addr
428 ** Description find the security record whose LE static address is matching
430 *******************************************************************************/
431 tBTM_SEC_DEV_REC *btm_find_dev_by_identity_addr(BD_ADDR bd_addr, UINT8 addr_type)
433 #if BLE_PRIVACY_SPT == TRUE
435 tBTM_SEC_DEV_REC *p_dev_rec = &btm_cb.sec_dev_rec[0];
437 for (i = 0; i < BTM_SEC_MAX_DEVICE_RECORDS; i ++, p_dev_rec ++) {
438 if ((p_dev_rec->sec_flags & BTM_SEC_IN_USE) &&
439 memcmp(p_dev_rec->ble.static_addr, bd_addr, BD_ADDR_LEN) == 0) {
440 if ((p_dev_rec->ble.static_addr_type & (~BLE_ADDR_TYPE_ID_BIT)) !=
441 (addr_type & (~BLE_ADDR_TYPE_ID_BIT))) {
442 BTM_TRACE_WARNING("%s find pseudo->random match with diff addr type: %d vs %d",
443 __func__, p_dev_rec->ble.static_addr_type, addr_type);
446 /* found the match */
455 /*******************************************************************************
457 ** Function btm_identity_addr_to_random_pseudo
459 ** Description This function map a static BD address to a pseudo random address
460 ** in security database.
462 *******************************************************************************/
463 BOOLEAN btm_identity_addr_to_random_pseudo(BD_ADDR bd_addr, UINT8 *p_addr_type, BOOLEAN refresh)
465 #if BLE_PRIVACY_SPT == TRUE
466 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev_by_identity_addr(bd_addr, *p_addr_type);
468 BTM_TRACE_EVENT ("%s", __func__);
469 /* evt reported on static address, map static address to random pseudo */
470 if (p_dev_rec != NULL) {
471 /* if RPA offloading is supported, or 4.2 controller, do RPA refresh */
472 if (refresh && controller_get_interface()->get_ble_resolving_list_max_size() != 0) {
473 btm_ble_read_resolving_list_entry(p_dev_rec);
476 /* assign the original address to be the current report address */
477 if (!btm_ble_init_pseudo_addr (p_dev_rec, bd_addr)) {
478 memcpy(bd_addr, p_dev_rec->ble.pseudo_addr, BD_ADDR_LEN);
481 *p_addr_type = p_dev_rec->ble.ble_addr_type;
488 /*******************************************************************************
490 ** Function btm_random_pseudo_to_identity_addr
492 ** Description This function map a random pseudo address to a public address
493 ** random_pseudo is input and output parameter
495 *******************************************************************************/
496 BOOLEAN btm_random_pseudo_to_identity_addr(BD_ADDR random_pseudo, UINT8 *p_static_addr_type)
498 #if BLE_PRIVACY_SPT == TRUE
499 tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (random_pseudo);
501 if (p_dev_rec != NULL) {
502 if (p_dev_rec->ble.in_controller_list & BTM_RESOLVING_LIST_BIT) {
503 * p_static_addr_type = p_dev_rec->ble.static_addr_type;
504 memcpy(random_pseudo, p_dev_rec->ble.static_addr, BD_ADDR_LEN);
505 if (controller_get_interface()->supports_ble_privacy() && p_dev_rec->ble.ble_addr_type != BLE_ADDR_PUBLIC) {
506 *p_static_addr_type |= BLE_ADDR_TYPE_ID_BIT;
515 /*******************************************************************************
517 ** Function btm_ble_refresh_peer_resolvable_private_addr
519 ** Description This function refresh the currently used resolvable remote private address into security
520 ** database and set active connection address.
522 *******************************************************************************/
523 void btm_ble_refresh_peer_resolvable_private_addr(BD_ADDR pseudo_bda, BD_ADDR rpa,
526 #if BLE_PRIVACY_SPT == TRUE
527 UINT8 rra_dummy = FALSE;
528 BD_ADDR dummy_bda = {0};
530 if (memcmp(dummy_bda, rpa, BD_ADDR_LEN) == 0) {
534 /* update security record here, in adv event or connection complete process */
535 tBTM_SEC_DEV_REC *p_sec_rec = btm_find_dev(pseudo_bda);
536 if (p_sec_rec != NULL) {
537 memcpy(p_sec_rec->ble.cur_rand_addr, rpa, BD_ADDR_LEN);
539 /* unknown, if dummy address, set to static */
540 if (rra_type == BTM_BLE_ADDR_PSEUDO) {
541 p_sec_rec->ble.active_addr_type = rra_dummy ? BTM_BLE_ADDR_STATIC : BTM_BLE_ADDR_RRA;
543 p_sec_rec->ble.active_addr_type = rra_type;
546 BTM_TRACE_ERROR("No matching known device in record");
550 BTM_TRACE_DEBUG("%s: active_addr_type: %d ",
551 __func__, p_sec_rec->ble.active_addr_type);
553 /* connection refresh remote address */
554 tACL_CONN *p_acl = btm_bda_to_acl(p_sec_rec->bd_addr, BT_TRANSPORT_LE);
556 p_acl = btm_bda_to_acl(p_sec_rec->ble.pseudo_addr, BT_TRANSPORT_LE);
560 if (rra_type == BTM_BLE_ADDR_PSEUDO) {
561 /* use static address, resolvable_private_addr is empty */
563 p_acl->active_remote_addr_type = p_sec_rec->ble.static_addr_type;
564 memcpy(p_acl->active_remote_addr, p_sec_rec->ble.static_addr, BD_ADDR_LEN);
566 p_acl->active_remote_addr_type = BLE_ADDR_RANDOM;
567 memcpy(p_acl->active_remote_addr, rpa, BD_ADDR_LEN);
570 p_acl->active_remote_addr_type = rra_type;
571 memcpy(p_acl->active_remote_addr, rpa, BD_ADDR_LEN);
574 BTM_TRACE_DEBUG("p_acl->active_remote_addr_type: %d ", p_acl->active_remote_addr_type);
575 BTM_TRACE_DEBUG("%s conn_addr: %02x:%02x:%02x:%02x:%02x:%02x",
576 __func__, p_acl->active_remote_addr[0], p_acl->active_remote_addr[1],
577 p_acl->active_remote_addr[2], p_acl->active_remote_addr[3],
578 p_acl->active_remote_addr[4], p_acl->active_remote_addr[5]);
583 /*******************************************************************************
585 ** Function btm_ble_refresh_local_resolvable_private_addr
587 ** Description This function refresh the currently used resolvable private address for the
588 ** active link to the remote device
590 *******************************************************************************/
591 void btm_ble_refresh_local_resolvable_private_addr(BD_ADDR pseudo_addr,
594 #if BLE_PRIVACY_SPT == TRUE
595 tACL_CONN *p = btm_bda_to_acl(pseudo_addr, BT_TRANSPORT_LE);
596 BD_ADDR dummy_bda = {0};
600 * Temporary solutions for pair with random address:
601 * use BLE_ADDR_RANDOM when adverting with random adress or in privacy mode
602 * We will do futher work here
604 if (btm_cb.ble_ctr_cb.privacy_mode != BTM_PRIVACY_NONE || btm_cb.ble_ctr_cb.addr_mgnt_cb.own_addr_type == BLE_ADDR_RANDOM) {
605 p->conn_addr_type = BLE_ADDR_RANDOM;
606 if (memcmp(local_rpa, dummy_bda, BD_ADDR_LEN)) {
607 memcpy(p->conn_addr, local_rpa, BD_ADDR_LEN);
609 memcpy(p->conn_addr, btm_cb.ble_ctr_cb.addr_mgnt_cb.private_addr, BD_ADDR_LEN);
612 p->conn_addr_type = BLE_ADDR_PUBLIC;
613 memcpy(p->conn_addr, &controller_get_interface()->get_address()->address, BD_ADDR_LEN);