625 lines
22 KiB
C

/******************************************************************************
*
* Copyright (C) 1999-2012 Broadcom Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
******************************************************************************/
/******************************************************************************
*
* This file contains functions for BLE address management.
*
******************************************************************************/
#include <string.h>
#include "stack/bt_types.h"
#include "stack/hcimsgs.h"
#include "stack/btu.h"
#include "btm_int.h"
#include "stack/gap_api.h"
#include "device/controller.h"
#if (defined BLE_INCLUDED && BLE_INCLUDED == TRUE)
#include "btm_ble_int.h"
#include "stack/smp_api.h"
/*******************************************************************************
**
** Function btm_gen_resolve_paddr_cmpl
**
** Description This is callback functioin when resolvable private address
** generation is complete.
**
** Returns void
**
*******************************************************************************/
static void btm_gen_resolve_paddr_cmpl(tSMP_ENC *p)
{
tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
BTM_TRACE_EVENT ("btm_gen_resolve_paddr_cmpl");
if (p) {
/* set hash to be LSB of rpAddress */
p_cb->private_addr[5] = p->param_buf[0];
p_cb->private_addr[4] = p->param_buf[1];
p_cb->private_addr[3] = p->param_buf[2];
/* set it to controller */
btsnd_hcic_ble_set_random_addr(p_cb->private_addr);
p_cb->exist_addr_bit |= BTM_BLE_GAP_ADDR_BIT_RESOLVABLE;
memcpy(p_cb->resolvale_addr, p_cb->private_addr, BD_ADDR_LEN);
if (p_cb->set_local_privacy_cback){
(*p_cb->set_local_privacy_cback)(BTM_SET_PRIVACY_SUCCESS);
p_cb->set_local_privacy_cback = NULL;
}
if (btm_cb.ble_ctr_cb.inq_var.adv_mode == BTM_BLE_ADV_ENABLE){
BTM_TRACE_DEBUG("Advertise with new resolvable private address, now.");
/**
* Restart advertising, using new resolvable private address
*/
btm_ble_stop_adv();
btm_ble_start_adv();
}
if (btm_cb.ble_ctr_cb.inq_var.state == BTM_BLE_SCANNING){
BTM_TRACE_DEBUG("Scan with new resolvable private address, now.");
/**
* Restart scaning, using new resolvable private address
*/
btm_ble_stop_scan();
btm_ble_start_scan();
}
/* start a periodical timer to refresh random addr */
btu_stop_timer_oneshot(&p_cb->raddr_timer_ent);
#if (BTM_BLE_CONFORMANCE_TESTING == TRUE)
btu_start_timer_oneshot(&p_cb->raddr_timer_ent, BTU_TTYPE_BLE_RANDOM_ADDR,
btm_cb.ble_ctr_cb.rpa_tout);
#else
btu_start_timer_oneshot(&p_cb->raddr_timer_ent, BTU_TTYPE_BLE_RANDOM_ADDR,
BTM_BLE_PRIVATE_ADDR_INT);
#endif
} else {
/* random address set failure */
BTM_TRACE_DEBUG("set random address failed");
if (p_cb->set_local_privacy_cback){
(*p_cb->set_local_privacy_cback)(BTM_SET_PRIVACY_FAIL);
p_cb->set_local_privacy_cback = NULL;
}
}
}
/*******************************************************************************
**
** Function btm_gen_resolve_paddr_low
**
** Description This function is called when random address has generate the
** random number base for low 3 byte bd address.
**
** Returns void
**
*******************************************************************************/
void btm_gen_resolve_paddr_low(tBTM_RAND_ENC *p)
{
#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
tSMP_ENC output;
BTM_TRACE_EVENT ("btm_gen_resolve_paddr_low");
if (p) {
p->param_buf[2] &= (~BLE_RESOLVE_ADDR_MASK);
p->param_buf[2] |= BLE_RESOLVE_ADDR_MSB;
p_cb->private_addr[2] = p->param_buf[0];
p_cb->private_addr[1] = p->param_buf[1];
p_cb->private_addr[0] = p->param_buf[2];
/* encrypt with ur IRK */
if (!SMP_Encrypt(btm_cb.devcb.id_keys.irk, BT_OCTET16_LEN, p->param_buf, 3, &output)) {
btm_gen_resolve_paddr_cmpl(NULL);
} else {
btm_gen_resolve_paddr_cmpl(&output);
}
}
#endif
}
/*******************************************************************************
**
** Function btm_gen_resolvable_private_addr
**
** Description This function generate a resolvable private address.
**
** Returns void
**
*******************************************************************************/
void btm_gen_resolvable_private_addr (void *p_cmd_cplt_cback)
{
BTM_TRACE_EVENT ("btm_gen_resolvable_private_addr");
/* generate 3B rand as BD LSB, SRK with it, get BD MSB */
if (!btsnd_hcic_ble_rand((void *)p_cmd_cplt_cback)) {
btm_gen_resolve_paddr_cmpl(NULL);
}
}
/*******************************************************************************
**
** Function btm_gen_non_resolve_paddr_cmpl
**
** Description This is the callback function when non-resolvable private
** function is generated and write to controller.
**
** Returns void
**
*******************************************************************************/
static void btm_gen_non_resolve_paddr_cmpl(tBTM_RAND_ENC *p)
{
tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
tBTM_BLE_ADDR_CBACK *p_cback = p_cb->p_generate_cback;
void *p_data = p_cb->p;
UINT8 *pp;
BD_ADDR static_random;
BTM_TRACE_EVENT ("btm_gen_non_resolve_paddr_cmpl");
p_cb->p_generate_cback = NULL;
if (p) {
pp = p->param_buf;
STREAM_TO_BDADDR(static_random, pp);
/* mask off the 2 MSB */
static_random[0] &= BLE_STATIC_PRIVATE_MSB_MASK;
/* report complete */
if (p_cback) {
(* p_cback)(static_random, p_data);
}
} else {
BTM_TRACE_DEBUG("btm_gen_non_resolvable_private_addr failed");
if (p_cback) {
(* p_cback)(NULL, p_data);
}
}
}
/*******************************************************************************
**
** Function btm_gen_non_resolvable_private_addr
**
** Description This function generate a non-resolvable private address.
**
**
** Returns void
**
*******************************************************************************/
void btm_gen_non_resolvable_private_addr (tBTM_BLE_ADDR_CBACK *p_cback, void *p)
{
tBTM_LE_RANDOM_CB *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
BTM_TRACE_EVENT ("btm_gen_non_resolvable_private_addr");
if (p_mgnt_cb->p_generate_cback != NULL) {
return;
}
p_mgnt_cb->p_generate_cback = p_cback;
p_mgnt_cb->p = p;
if (!btsnd_hcic_ble_rand((void *)btm_gen_non_resolve_paddr_cmpl)) {
btm_gen_non_resolve_paddr_cmpl(NULL);
}
}
/*******************************************************************************
** Utility functions for Random address resolving
*******************************************************************************/
/*******************************************************************************
**
** Function btm_ble_resolve_address_cmpl
**
** Description This function sends the random address resolving complete
** callback.
**
** Returns None.
**
*******************************************************************************/
#if SMP_INCLUDED == TRUE
static void btm_ble_resolve_address_cmpl(void)
{
tBTM_LE_RANDOM_CB *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
BTM_TRACE_EVENT ("btm_ble_resolve_address_cmpl p_mgnt_cb->p_dev_rec = 0x%08x", (uint32_t)p_mgnt_cb->p_dev_rec);
p_mgnt_cb->busy = FALSE;
(* p_mgnt_cb->p_resolve_cback)(p_mgnt_cb->p_dev_rec, p_mgnt_cb->p);
}
/*******************************************************************************
**
** Function btm_ble_proc_resolve_x
**
** Description This function compares the X with random address 3 MSO bytes
** to find a match, if not match, continue for next record.
**
** Returns None.
**
*******************************************************************************/
static BOOLEAN btm_ble_proc_resolve_x(tSMP_ENC *p)
{
tBTM_LE_RANDOM_CB *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
UINT8 comp[3];
BTM_TRACE_EVENT ("btm_ble_proc_resolve_x");
/* compare the hash with 3 LSB of bd address */
comp[0] = p_mgnt_cb->random_bda[5];
comp[1] = p_mgnt_cb->random_bda[4];
comp[2] = p_mgnt_cb->random_bda[3];
if (p) {
if (!memcmp(p->param_buf, &comp[0], 3)) {
/* match is found */
BTM_TRACE_EVENT ("match is found");
btm_ble_resolve_address_cmpl();
return TRUE;
}
}
return FALSE;
}
#endif ///SMP_INCLUDED == TRUE
/*******************************************************************************
**
** Function btm_ble_init_pseudo_addr
**
** Description This function is used to initialize pseudo address.
** If pseudo address is not available, use dummy address
**
** Returns TRUE is updated; FALSE otherwise.
**
*******************************************************************************/
BOOLEAN btm_ble_init_pseudo_addr (tBTM_SEC_DEV_REC *p_dev_rec, BD_ADDR new_pseudo_addr)
{
#if (SMP_INCLUDED == TRUE)
BD_ADDR dummy_bda = {0};
if (memcmp(p_dev_rec->ble.pseudo_addr, dummy_bda, BD_ADDR_LEN) == 0) {
memcpy(p_dev_rec->ble.pseudo_addr, new_pseudo_addr, BD_ADDR_LEN);
return TRUE;
}
#endif ///SMP_INCLUDED == TRUE
return FALSE;
}
/*******************************************************************************
**
** Function btm_ble_addr_resolvable
**
** Description This function checks if a RPA is resolvable by the device key.
**
** Returns TRUE is resolvable; FALSE otherwise.
**
*******************************************************************************/
BOOLEAN btm_ble_addr_resolvable (BD_ADDR rpa, tBTM_SEC_DEV_REC *p_dev_rec)
{
BOOLEAN rt = FALSE;
#if (SMP_INCLUDED == TRUE)
if (!BTM_BLE_IS_RESOLVE_BDA(rpa)) {
return rt;
}
UINT8 rand[3];
tSMP_ENC output;
if ((p_dev_rec->device_type & BT_DEVICE_TYPE_BLE) &&
(p_dev_rec->ble.key_type & BTM_LE_KEY_PID)) {
BTM_TRACE_DEBUG("%s try to resolve", __func__);
/* use the 3 MSB of bd address as prand */
rand[0] = rpa[2];
rand[1] = rpa[1];
rand[2] = rpa[0];
/* generate X = E irk(R0, R1, R2) and R is random address 3 LSO */
SMP_Encrypt(p_dev_rec->ble.keys.irk, BT_OCTET16_LEN,
&rand[0], 3, &output);
rand[0] = rpa[5];
rand[1] = rpa[4];
rand[2] = rpa[3];
if (!memcmp(output.param_buf, &rand[0], 3)) {
btm_ble_init_pseudo_addr (p_dev_rec, rpa);
rt = TRUE;
}
}
#endif ///SMP_INCLUDED == TRUE
return rt;
}
#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
/*******************************************************************************
**
** Function btm_ble_match_random_bda
**
** Description This function match the random address to the appointed device
** record, starting from calculating IRK. If record index exceed
** the maximum record number, matching failed and send callback.
**
** Returns None.
**
*******************************************************************************/
static BOOLEAN btm_ble_match_random_bda(tBTM_SEC_DEV_REC *p_dev_rec)
{
/* use the 3 MSB of bd address as prand */
tBTM_LE_RANDOM_CB *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
UINT8 rand[3];
rand[0] = p_mgnt_cb->random_bda[2];
rand[1] = p_mgnt_cb->random_bda[1];
rand[2] = p_mgnt_cb->random_bda[0];
BTM_TRACE_EVENT("%s p_dev_rec = 0x%08x", __func__, (uint32_t)p_dev_rec);
{
tSMP_ENC output;
BTM_TRACE_DEBUG("sec_flags = %02x device_type = %d", p_dev_rec->sec_flags,
p_dev_rec->device_type);
if ((p_dev_rec->device_type & BT_DEVICE_TYPE_BLE) &&
(p_dev_rec->ble.key_type & BTM_LE_KEY_PID)) {
/* generate X = E irk(R0, R1, R2) and R is random address 3 LSO */
SMP_Encrypt(p_dev_rec->ble.keys.irk, BT_OCTET16_LEN,
&rand[0], 3, &output);
return btm_ble_proc_resolve_x(&output);
} else {
// not completed
return FALSE;
}
}
}
#endif ///BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE
/*******************************************************************************
**
** Function btm_ble_resolve_random_addr
**
** Description This function is called to resolve a random address.
**
** Returns pointer to the security record of the device whom a random
** address is matched to.
**
*******************************************************************************/
void btm_ble_resolve_random_addr(BD_ADDR random_bda, tBTM_BLE_RESOLVE_CBACK *p_cback, void *p)
{
#if (SMP_INCLUDED == TRUE)
tBTM_LE_RANDOM_CB *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
list_node_t *p_node = NULL;
tBTM_SEC_DEV_REC *p_dev_rec = NULL;
BTM_TRACE_EVENT ("btm_ble_resolve_random_addr");
if ( !p_mgnt_cb->busy) {
p_mgnt_cb->p = p;
p_mgnt_cb->busy = TRUE;
p_mgnt_cb->p_dev_rec = NULL;
p_mgnt_cb->p_resolve_cback = p_cback;
memcpy(p_mgnt_cb->random_bda, random_bda, BD_ADDR_LEN);
/* start to resolve random address */
/* check for next security record */
for (p_node = list_begin(btm_cb.p_sec_dev_rec_list); p_node; p_node = list_next(p_node)) {
p_dev_rec = list_node(p_node);
p_mgnt_cb->p_dev_rec = p_dev_rec;
if (btm_ble_match_random_bda(p_dev_rec)) {
break;
}
p_mgnt_cb->p_dev_rec = NULL;
}
btm_ble_resolve_address_cmpl();
} else {
(*p_cback)(NULL, p);
}
#endif
}
/*******************************************************************************
** address mapping between pseudo address and real connection address
*******************************************************************************/
/*******************************************************************************
**
** Function btm_find_dev_by_identity_addr
**
** Description find the security record whose LE static address is matching
**
*******************************************************************************/
tBTM_SEC_DEV_REC *btm_find_dev_by_identity_addr(BD_ADDR bd_addr, UINT8 addr_type)
{
#if BLE_PRIVACY_SPT == TRUE
tBTM_SEC_DEV_REC *p_dev_rec = NULL;
list_node_t *p_node = NULL;
tSecDevContext context;
context.type = SEC_DEV_ID_ADDR;
context.context.p_bd_addr = bd_addr;
context.free_check = FALSE;
p_node = list_foreach(btm_cb.p_sec_dev_rec_list, btm_find_sec_dev_in_list, &context);
if (p_node) {
p_dev_rec = list_node(p_node);
if ((p_dev_rec->ble.static_addr_type & (~BLE_ADDR_TYPE_ID_BIT)) !=
(addr_type & (~BLE_ADDR_TYPE_ID_BIT))) {
BTM_TRACE_WARNING("%s find pseudo->random match with diff addr type: %d vs %d",
__func__, p_dev_rec->ble.static_addr_type, addr_type);
}
}
return p_dev_rec;
#endif
return NULL;
}
/*******************************************************************************
**
** Function btm_identity_addr_to_random_pseudo
**
** Description This function map a static BD address to a pseudo random address
** in security database.
**
*******************************************************************************/
BOOLEAN btm_identity_addr_to_random_pseudo(BD_ADDR bd_addr, UINT8 *p_addr_type, BOOLEAN refresh)
{
#if BLE_PRIVACY_SPT == TRUE
tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev_by_identity_addr(bd_addr, *p_addr_type);
BTM_TRACE_EVENT ("%s", __func__);
/* evt reported on static address, map static address to random pseudo */
if (p_dev_rec != NULL) {
/* if RPA offloading is supported, or 4.2 controller, do RPA refresh */
if (refresh && controller_get_interface()->get_ble_resolving_list_max_size() != 0) {
btm_ble_read_resolving_list_entry(p_dev_rec);
}
/* assign the original address to be the current report address */
if (!btm_ble_init_pseudo_addr (p_dev_rec, bd_addr)) {
memcpy(bd_addr, p_dev_rec->ble.pseudo_addr, BD_ADDR_LEN);
}
*p_addr_type = p_dev_rec->ble.ble_addr_type;
return TRUE;
}
#endif
return FALSE;
}
/*******************************************************************************
**
** Function btm_random_pseudo_to_identity_addr
**
** Description This function map a random pseudo address to a public address
** random_pseudo is input and output parameter
**
*******************************************************************************/
BOOLEAN btm_random_pseudo_to_identity_addr(BD_ADDR random_pseudo, UINT8 *p_static_addr_type)
{
#if BLE_PRIVACY_SPT == TRUE
tBTM_SEC_DEV_REC *p_dev_rec = btm_find_dev (random_pseudo);
if (p_dev_rec != NULL) {
if (p_dev_rec->ble.in_controller_list & BTM_RESOLVING_LIST_BIT) {
* p_static_addr_type = p_dev_rec->ble.static_addr_type;
memcpy(random_pseudo, p_dev_rec->ble.static_addr, BD_ADDR_LEN);
if (controller_get_interface()->supports_ble_privacy() && p_dev_rec->ble.ble_addr_type != BLE_ADDR_PUBLIC) {
*p_static_addr_type |= BLE_ADDR_TYPE_ID_BIT;
}
return TRUE;
}
}
#endif
return FALSE;
}
/*******************************************************************************
**
** Function btm_ble_refresh_peer_resolvable_private_addr
**
** Description This function refresh the currently used resolvable remote private address into security
** database and set active connection address.
**
*******************************************************************************/
void btm_ble_refresh_peer_resolvable_private_addr(BD_ADDR pseudo_bda, BD_ADDR rpa,
UINT8 rra_type)
{
#if BLE_PRIVACY_SPT == TRUE
UINT8 rra_dummy = FALSE;
BD_ADDR dummy_bda = {0};
if (memcmp(dummy_bda, rpa, BD_ADDR_LEN) == 0) {
rra_dummy = TRUE;
}
/* update security record here, in adv event or connection complete process */
tBTM_SEC_DEV_REC *p_sec_rec = btm_find_dev(pseudo_bda);
if (p_sec_rec != NULL) {
memcpy(p_sec_rec->ble.cur_rand_addr, rpa, BD_ADDR_LEN);
/* unknown, if dummy address, set to static */
if (rra_type == BTM_BLE_ADDR_PSEUDO) {
p_sec_rec->ble.active_addr_type = rra_dummy ? BTM_BLE_ADDR_STATIC : BTM_BLE_ADDR_RRA;
} else {
p_sec_rec->ble.active_addr_type = rra_type;
}
} else {
BTM_TRACE_ERROR("No matching known device in record");
return;
}
BTM_TRACE_DEBUG("%s: active_addr_type: %d ",
__func__, p_sec_rec->ble.active_addr_type);
/* connection refresh remote address */
tACL_CONN *p_acl = btm_bda_to_acl(p_sec_rec->bd_addr, BT_TRANSPORT_LE);
if (p_acl == NULL) {
p_acl = btm_bda_to_acl(p_sec_rec->ble.pseudo_addr, BT_TRANSPORT_LE);
}
if (p_acl != NULL) {
if (rra_type == BTM_BLE_ADDR_PSEUDO) {
/* use static address, resolvable_private_addr is empty */
if (rra_dummy) {
p_acl->active_remote_addr_type = p_sec_rec->ble.static_addr_type;
memcpy(p_acl->active_remote_addr, p_sec_rec->ble.static_addr, BD_ADDR_LEN);
} else {
p_acl->active_remote_addr_type = BLE_ADDR_RANDOM;
memcpy(p_acl->active_remote_addr, rpa, BD_ADDR_LEN);
}
} else {
p_acl->active_remote_addr_type = rra_type;
memcpy(p_acl->active_remote_addr, rpa, BD_ADDR_LEN);
}
BTM_TRACE_DEBUG("p_acl->active_remote_addr_type: %d ", p_acl->active_remote_addr_type);
BTM_TRACE_DEBUG("%s conn_addr: %02x:%02x:%02x:%02x:%02x:%02x",
__func__, p_acl->active_remote_addr[0], p_acl->active_remote_addr[1],
p_acl->active_remote_addr[2], p_acl->active_remote_addr[3],
p_acl->active_remote_addr[4], p_acl->active_remote_addr[5]);
}
#endif
}
/*******************************************************************************
**
** Function btm_ble_refresh_local_resolvable_private_addr
**
** Description This function refresh the currently used resolvable private address for the
** active link to the remote device
**
*******************************************************************************/
void btm_ble_refresh_local_resolvable_private_addr(BD_ADDR pseudo_addr,
BD_ADDR local_rpa)
{
#if BLE_PRIVACY_SPT == TRUE
tACL_CONN *p = btm_bda_to_acl(pseudo_addr, BT_TRANSPORT_LE);
BD_ADDR dummy_bda = {0};
if (p != NULL) {
if (btm_cb.ble_ctr_cb.addr_mgnt_cb.own_addr_type == BLE_ADDR_RANDOM) {
p->conn_addr_type = BLE_ADDR_RANDOM;
if (memcmp(local_rpa, dummy_bda, BD_ADDR_LEN)) {
memcpy(p->conn_addr, local_rpa, BD_ADDR_LEN);
} else {
memcpy(p->conn_addr, btm_cb.ble_ctr_cb.addr_mgnt_cb.private_addr, BD_ADDR_LEN);
}
} else {
p->conn_addr_type = BLE_ADDR_PUBLIC;
memcpy(p->conn_addr, &controller_get_interface()->get_address()->address, BD_ADDR_LEN);
}
}
#endif
}
#endif