1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
|
/*****************************************************************************
**
** Name: btm_ble_addr.c
**
** Description: This file contains functions for BLE address management.
**
**
**
** Copyright (c) 1999-2010, Broadcom Corp., All Rights Reserved.
** WIDCOMM Bluetooth Core. Proprietary and confidential.
******************************************************************************/
#include <string.h>
#include "bt_types.h"
#include "hcimsgs.h"
#include "btu.h"
#include "btm_int.h"
#if (defined BLE_INCLUDED && BLE_INCLUDED == TRUE)
#include "smp_api.h"
#define BTM_BLE_PRIVATE_ADDR_INT 900 /* 15 minutes minimum for random address refreshing */
/*******************************************************************************
**
** Function btm_gen_resolve_paddr_cmpl
**
** Description This is callback functioin when resolvable private address
** generation is complete.
**
** Returns void
**
*******************************************************************************/
static void btm_gen_resolve_paddr_cmpl(tSMP_ENC *p)
{
tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
tBTM_BLE_INQ_CB *p_inq_cb = &btm_cb.ble_ctr_cb.inq_var;
BTM_TRACE_EVENT0 ("btm_gen_resolve_paddr_cmpl");
if (p && p->param_buf)
{
/* get the high bytes of the random address */
p_cb->private_addr[2] = p->param_buf[0];
p_cb->private_addr[1] = p->param_buf[1];
p_cb->private_addr[0] = p->param_buf[2];
/* mask off the 1st MSB */
p_cb->private_addr[0] &= 0xfe;
/* set the 2nd MSB to be 1 */
p_cb->private_addr[0] |= 0x02;
/* set it to controller */
btsnd_hcic_ble_set_random_addr(p_cb->private_addr);
p_inq_cb->own_addr_type = BLE_ADDR_RANDOM;
/* start a periodical timer to refresh random addr */
btu_stop_timer(&p_cb->raddr_timer_ent);
btu_start_timer (&p_cb->raddr_timer_ent, BTU_TTYPE_BLE_RANDOM_ADDR,
BTM_BLE_PRIVATE_ADDR_INT);
/* if adv is active, restart adv with new private addr */
if (p_inq_cb->adv_mode == BTM_BLE_ADV_ENABLE)
{
btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_DISABLE);
btsnd_hcic_ble_write_adv_params (p_inq_cb->adv_interval_min,
p_inq_cb->adv_interval_max,
p_inq_cb->evt_type,
p_inq_cb->own_addr_type,
p_inq_cb->direct_bda.type,
p_inq_cb->direct_bda.bda,
p_inq_cb->adv_chnl_map,
p_inq_cb->afp);
}
}
else
{
/* random address set failure */
BTM_TRACE_DEBUG0("set random address failed");
}
}
/*******************************************************************************
**
** Function btm_gen_resolve_paddr_low
**
** Description This function is called when random address has generate the
** random number base for low 3 byte bd address.
**
** Returns void
**
*******************************************************************************/
static void btm_gen_resolve_paddr_low(tBTM_RAND_ENC *p)
{
#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
tSMP_ENC output;
BTM_TRACE_EVENT0 ("btm_gen_resolve_paddr_low");
if (p && p->param_buf)
{
p_cb->private_addr[5] = p->param_buf[0];
p_cb->private_addr[4] = p->param_buf[1];
p_cb->private_addr[3] = p->param_buf[2];
/* encrypt with ur IRK */
if (!SMP_Encrypt(btm_cb.devcb.id_keys.irk, BT_OCTET16_LEN, p->param_buf, 3, &output))
{
btm_gen_resolve_paddr_cmpl(NULL);
}
else
{
btm_gen_resolve_paddr_cmpl(&output);
}
}
#endif
}
/*******************************************************************************
**
** Function btm_gen_resolvable_private_addr
**
** Description This function generate a resolvable private address.
**
** Returns void
**
*******************************************************************************/
void btm_gen_resolvable_private_addr (void)
{
BTM_TRACE_EVENT0 ("btm_gen_resolvable_private_addr");
/* generate 3B rand as BD LSB, SRK with it, get BD MSB */
if (!btsnd_hcic_ble_rand((void *)btm_gen_resolve_paddr_low))
btm_gen_resolve_paddr_cmpl(NULL);
}
/*******************************************************************************
**
** Function btm_gen_non_resolve_paddr_cmpl
**
** Description This is the callback function when non-resolvable private
** function is generated and write to controller.
**
** Returns void
**
*******************************************************************************/
static void btm_gen_non_resolve_paddr_cmpl(tBTM_RAND_ENC *p)
{
tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
UINT8 *pp;
BTM_TRACE_EVENT0 ("btm_gen_non_resolve_paddr_cmpl");
if (p && p->param_buf)
{
pp = p->param_buf;
STREAM_TO_BDADDR(p_cb->private_addr, pp);
/* mask off the 2 MSB */
p_cb->private_addr[0] &= 0xfc;
/* write to controller */
btsnd_hcic_ble_set_random_addr(p_cb->private_addr);
btm_cb.ble_ctr_cb.inq_var.own_addr_type = BLE_ADDR_RANDOM;
}
else
{
BTM_TRACE_DEBUG0("btm_gen_non_resolvable_private_addr failed");
}
}
/*******************************************************************************
**
** Function btm_gen_non_resolvable_private_addr
**
** Description This function generate a non-resolvable private address.
**
**
** Returns void
**
*******************************************************************************/
void btm_gen_non_resolvable_private_addr (void)
{
BTM_TRACE_EVENT0 ("btm_gen_non_resolvable_private_addr");
if (!btsnd_hcic_ble_rand((void *)btm_gen_non_resolve_paddr_cmpl))
{
btm_gen_non_resolve_paddr_cmpl(NULL);
}
}
#if SMP_INCLUDED == TRUE
/*******************************************************************************
** Utility functions for Random address resolving
*******************************************************************************/
/*******************************************************************************
**
** Function btm_ble_resolve_address_cmpl
**
** Description This function sends the random address resolving complete
** callback.
**
** Returns None.
**
*******************************************************************************/
static void btm_ble_resolve_address_cmpl(void)
{
tBTM_LE_RANDOM_CB *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
tBTM_SEC_DEV_REC *p_dev_rec = NULL;
BTM_TRACE_EVENT0 ("btm_ble_resolve_address_cmpl");
if (p_mgnt_cb->index < BTM_SEC_MAX_DEVICE_RECORDS)
p_dev_rec = &btm_cb.sec_dev_rec[p_mgnt_cb->index];
p_mgnt_cb->busy = FALSE;
(* p_mgnt_cb->p_resolve_cback)(p_dev_rec, p_mgnt_cb->p);
}
/*******************************************************************************
**
** Function btm_ble_proc_resolve_x
**
** Description This function compares the X with random address 3 MSO bytes
** to find a match, if not match, continue for next record.
**
** Returns None.
**
*******************************************************************************/
static BOOLEAN btm_ble_proc_resolve_x(tSMP_ENC *p)
{
tBTM_LE_RANDOM_CB *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
UINT8 comp[3];
BTM_TRACE_EVENT0 ("btm_ble_proc_resolve_x");
/* compare the hash with 3 LSB of bd address */
comp[0] = p_mgnt_cb->random_bda[5];
comp[1] = p_mgnt_cb->random_bda[4];
comp[2] = p_mgnt_cb->random_bda[3];
if (p && p->param_buf)
{
if (!memcmp(p->param_buf, &comp[0], 3))
{
/* match is found */
BTM_TRACE_EVENT0 ("match is found");
btm_ble_resolve_address_cmpl();
return TRUE;
}
}
return FALSE;
}
/*******************************************************************************
**
** Function btm_ble_match_random_bda
**
** Description This function match the random address to the appointed device
** record, starting from calculating IRK. If record index exceed
** the maximum record number, matching failed and send callback.
**
** Returns None.
**
*******************************************************************************/
static BOOLEAN btm_ble_match_random_bda(UINT16 rec_index)
{
#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
tBTM_SEC_DEV_REC *p_dev_rec;
tBTM_LE_RANDOM_CB *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
UINT8 rand[3];
tSMP_ENC output;
/* use the 3 MSB of bd address as prand */
rand[0] = p_mgnt_cb->random_bda[2];
rand[1] = p_mgnt_cb->random_bda[1];
rand[2] = p_mgnt_cb->random_bda[0];
BTM_TRACE_EVENT1("btm_ble_match_random_bda rec_index = %d", rec_index);
if (rec_index < BTM_SEC_MAX_DEVICE_RECORDS)
{
p_dev_rec = &btm_cb.sec_dev_rec[rec_index];
BTM_TRACE_ERROR2("sec_flags = %02x device_type = %d", p_dev_rec->sec_flags, p_dev_rec->device_type);
if ((p_dev_rec->device_type == BT_DEVICE_TYPE_BLE) &&
(p_dev_rec->ble.key_type & BTM_LE_KEY_PID))
{
/* generate X = E irk(R0, R1, R2) and R is random address 3 LSO */
SMP_Encrypt(p_dev_rec->ble.keys.irk, BT_OCTET16_LEN,
&rand[0], 3, &output);
return btm_ble_proc_resolve_x(&output);
}
else
{
// not completed
return FALSE;
}
}
else /* no match found */
{
btm_ble_resolve_address_cmpl();
return TRUE;
}
#endif
}
/*******************************************************************************
**
** Function btm_ble_resolve_random_addr
**
** Description This function is called to resolve a random address.
**
** Returns pointer to the security record of the device whom a random
** address is matched to.
**
*******************************************************************************/
void btm_ble_resolve_random_addr(BD_ADDR random_bda, tBTM_BLE_RESOLVE_CBACK * p_cback, void *p)
{
tBTM_LE_RANDOM_CB *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
BTM_TRACE_EVENT0 ("btm_ble_resolve_random_addr");
if ( !p_mgnt_cb->busy)
{
p_mgnt_cb->p = p;
p_mgnt_cb->busy = TRUE;
p_mgnt_cb->index = 0;
p_mgnt_cb->p_resolve_cback = p_cback;
memcpy(p_mgnt_cb->random_bda, random_bda, BD_ADDR_LEN);
/* start to resolve random address */
/* check for next security record */
while (TRUE)
{
if (btm_ble_match_random_bda(p_mgnt_cb->index++))
{
// match found or went through the list
break;
}
}
}
else
(*p_cback)(NULL, p);
}
#endif
/*******************************************************************************
** address mapping between pseudo address and real connection address
*******************************************************************************/
/*******************************************************************************
**
** Function btm_ble_map_bda_to_conn_bda
**
** Description This function map a BD address to the real connection address
** and return the connection address type.
*******************************************************************************/
tBLE_ADDR_TYPE btm_ble_map_bda_to_conn_bda(BD_ADDR bd_addr)
{
tBTM_SEC_DEV_REC *p_dev_rec = NULL;
BTM_TRACE_EVENT0 ("btm_ble_map_bda_to_conn_bda");
if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL &&
p_dev_rec->device_type == BT_DEVICE_TYPE_BLE)
{
if (p_dev_rec->ble.ble_addr_type != BLE_ADDR_PUBLIC)
{
memcpy(bd_addr, p_dev_rec->ble.static_addr, BD_ADDR_LEN);
}
return p_dev_rec->ble.ble_addr_type;
}
else
return BLE_ADDR_PUBLIC;
}
/*******************************************************************************
**
** Function btm_ble_map_bda_to_pseudo_bda
**
** Description This function map a BD address to a pseudo address when the
** address given is a random address.
**
*******************************************************************************/
void btm_ble_map_bda_to_pseudo_bda(BD_ADDR bd_addr)
{
BTM_TRACE_EVENT0 ("btm_ble_map_bda_to_pseudo_bda");
}
#endif
|