/******************************************************************************
*
* Copyright (C) 1999-2012 Broadcom Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
******************************************************************************/
/******************************************************************************
*
* This file contains functions for BLE address management.
*
******************************************************************************/
#include <string.h>
#include "bt_types.h"
#include "hcimsgs.h"
#include "btu.h"
#include "btm_int.h"
#if (defined BLE_INCLUDED && BLE_INCLUDED == TRUE)
#include "smp_api.h"
#define BTM_BLE_PRIVATE_ADDR_INT 900 /* 15 minutes minimum for random address refreshing */
/*******************************************************************************
**
** Function btm_gen_resolve_paddr_cmpl
**
** Description This is callback functioin when resolvable private address
** generation is complete.
**
** Returns void
**
*******************************************************************************/
static void btm_gen_resolve_paddr_cmpl(tSMP_ENC *p)
{
tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
tBTM_BLE_INQ_CB *p_inq_cb = &btm_cb.ble_ctr_cb.inq_var;
BTM_TRACE_EVENT0 ("btm_gen_resolve_paddr_cmpl");
if (p && p->param_buf)
{
/* get the high bytes of the random address */
p_cb->private_addr[2] = p->param_buf[0];
p_cb->private_addr[1] = p->param_buf[1];
p_cb->private_addr[0] = p->param_buf[2];
/* mask off the 1st MSB */
p_cb->private_addr[0] &= 0xfe;
/* set the 2nd MSB to be 1 */
p_cb->private_addr[0] |= 0x02;
/* set it to controller */
btsnd_hcic_ble_set_random_addr(p_cb->private_addr);
p_inq_cb->own_addr_type = BLE_ADDR_RANDOM;
/* start a periodical timer to refresh random addr */
btu_stop_timer(&p_cb->raddr_timer_ent);
btu_start_timer (&p_cb->raddr_timer_ent, BTU_TTYPE_BLE_RANDOM_ADDR,
BTM_BLE_PRIVATE_ADDR_INT);
/* if adv is active, restart adv with new private addr */
if (p_inq_cb->adv_mode == BTM_BLE_ADV_ENABLE)
{
btsnd_hcic_ble_set_adv_enable (BTM_BLE_ADV_DISABLE);
btsnd_hcic_ble_write_adv_params (p_inq_cb->adv_interval_min,
p_inq_cb->adv_interval_max,
p_inq_cb->evt_type,
p_inq_cb->own_addr_type,
p_inq_cb->direct_bda.type,
p_inq_cb->direct_bda.bda,
p_inq_cb->adv_chnl_map,
p_inq_cb->afp);
}
}
else
{
/* random address set failure */
BTM_TRACE_DEBUG0("set random address failed");
}
}
/*******************************************************************************
**
** Function btm_gen_resolve_paddr_low
**
** Description This function is called when random address has generate the
** random number base for low 3 byte bd address.
**
** Returns void
**
*******************************************************************************/
static void btm_gen_resolve_paddr_low(tBTM_RAND_ENC *p)
{
#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
tSMP_ENC output;
BTM_TRACE_EVENT0 ("btm_gen_resolve_paddr_low");
if (p && p->param_buf)
{
p_cb->private_addr[5] = p->param_buf[0];
p_cb->private_addr[4] = p->param_buf[1];
p_cb->private_addr[3] = p->param_buf[2];
/* encrypt with ur IRK */
if (!SMP_Encrypt(btm_cb.devcb.id_keys.irk, BT_OCTET16_LEN, p->param_buf, 3, &output))
{
btm_gen_resolve_paddr_cmpl(NULL);
}
else
{
btm_gen_resolve_paddr_cmpl(&output);
}
}
#endif
}
/*******************************************************************************
**
** Function btm_gen_resolvable_private_addr
**
** Description This function generate a resolvable private address.
**
** Returns void
**
*******************************************************************************/
void btm_gen_resolvable_private_addr (void)
{
BTM_TRACE_EVENT0 ("btm_gen_resolvable_private_addr");
/* generate 3B rand as BD LSB, SRK with it, get BD MSB */
if (!btsnd_hcic_ble_rand((void *)btm_gen_resolve_paddr_low))
btm_gen_resolve_paddr_cmpl(NULL);
}
/*******************************************************************************
**
** Function btm_gen_non_resolve_paddr_cmpl
**
** Description This is the callback function when non-resolvable private
** function is generated and write to controller.
**
** Returns void
**
*******************************************************************************/
static void btm_gen_non_resolve_paddr_cmpl(tBTM_RAND_ENC *p)
{
tBTM_LE_RANDOM_CB *p_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
UINT8 *pp;
BTM_TRACE_EVENT0 ("btm_gen_non_resolve_paddr_cmpl");
if (p && p->param_buf)
{
pp = p->param_buf;
STREAM_TO_BDADDR(p_cb->private_addr, pp);
/* mask off the 2 MSB */
p_cb->private_addr[0] &= 0xfc;
/* write to controller */
btsnd_hcic_ble_set_random_addr(p_cb->private_addr);
btm_cb.ble_ctr_cb.inq_var.own_addr_type = BLE_ADDR_RANDOM;
}
else
{
BTM_TRACE_DEBUG0("btm_gen_non_resolvable_private_addr failed");
}
}
/*******************************************************************************
**
** Function btm_gen_non_resolvable_private_addr
**
** Description This function generate a non-resolvable private address.
**
**
** Returns void
**
*******************************************************************************/
void btm_gen_non_resolvable_private_addr (void)
{
BTM_TRACE_EVENT0 ("btm_gen_non_resolvable_private_addr");
if (!btsnd_hcic_ble_rand((void *)btm_gen_non_resolve_paddr_cmpl))
{
btm_gen_non_resolve_paddr_cmpl(NULL);
}
}
#if SMP_INCLUDED == TRUE
/*******************************************************************************
** Utility functions for Random address resolving
*******************************************************************************/
/*******************************************************************************
**
** Function btm_ble_resolve_address_cmpl
**
** Description This function sends the random address resolving complete
** callback.
**
** Returns None.
**
*******************************************************************************/
static void btm_ble_resolve_address_cmpl(void)
{
tBTM_LE_RANDOM_CB *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
tBTM_SEC_DEV_REC *p_dev_rec = NULL;
BTM_TRACE_EVENT0 ("btm_ble_resolve_address_cmpl");
if (p_mgnt_cb->index < BTM_SEC_MAX_DEVICE_RECORDS)
p_dev_rec = &btm_cb.sec_dev_rec[p_mgnt_cb->index];
p_mgnt_cb->busy = FALSE;
(* p_mgnt_cb->p_resolve_cback)(p_dev_rec, p_mgnt_cb->p);
}
/*******************************************************************************
**
** Function btm_ble_proc_resolve_x
**
** Description This function compares the X with random address 3 MSO bytes
** to find a match, if not match, continue for next record.
**
** Returns None.
**
*******************************************************************************/
static BOOLEAN btm_ble_proc_resolve_x(tSMP_ENC *p)
{
tBTM_LE_RANDOM_CB *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
UINT8 comp[3];
BTM_TRACE_EVENT0 ("btm_ble_proc_resolve_x");
/* compare the hash with 3 LSB of bd address */
comp[0] = p_mgnt_cb->random_bda[5];
comp[1] = p_mgnt_cb->random_bda[4];
comp[2] = p_mgnt_cb->random_bda[3];
if (p && p->param_buf)
{
if (!memcmp(p->param_buf, &comp[0], 3))
{
/* match is found */
BTM_TRACE_EVENT0 ("match is found");
btm_ble_resolve_address_cmpl();
return TRUE;
}
}
return FALSE;
}
/*******************************************************************************
**
** Function btm_ble_match_random_bda
**
** Description This function match the random address to the appointed device
** record, starting from calculating IRK. If record index exceed
** the maximum record number, matching failed and send callback.
**
** Returns None.
**
*******************************************************************************/
static BOOLEAN btm_ble_match_random_bda(UINT16 rec_index)
{
#if (BLE_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
tBTM_SEC_DEV_REC *p_dev_rec;
tBTM_LE_RANDOM_CB *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
UINT8 rand[3];
tSMP_ENC output;
/* use the 3 MSB of bd address as prand */
rand[0] = p_mgnt_cb->random_bda[2];
rand[1] = p_mgnt_cb->random_bda[1];
rand[2] = p_mgnt_cb->random_bda[0];
BTM_TRACE_EVENT1("btm_ble_match_random_bda rec_index = %d", rec_index);
if (rec_index < BTM_SEC_MAX_DEVICE_RECORDS)
{
p_dev_rec = &btm_cb.sec_dev_rec[rec_index];
BTM_TRACE_ERROR2("sec_flags = %02x device_type = %d", p_dev_rec->sec_flags, p_dev_rec->device_type);
if ((p_dev_rec->device_type == BT_DEVICE_TYPE_BLE) &&
(p_dev_rec->ble.key_type & BTM_LE_KEY_PID))
{
/* generate X = E irk(R0, R1, R2) and R is random address 3 LSO */
SMP_Encrypt(p_dev_rec->ble.keys.irk, BT_OCTET16_LEN,
&rand[0], 3, &output);
return btm_ble_proc_resolve_x(&output);
}
else
{
// not completed
return FALSE;
}
}
else /* no match found */
{
btm_ble_resolve_address_cmpl();
return TRUE;
}
#endif
}
/*******************************************************************************
**
** Function btm_ble_resolve_random_addr
**
** Description This function is called to resolve a random address.
**
** Returns pointer to the security record of the device whom a random
** address is matched to.
**
*******************************************************************************/
void btm_ble_resolve_random_addr(BD_ADDR random_bda, tBTM_BLE_RESOLVE_CBACK * p_cback, void *p)
{
tBTM_LE_RANDOM_CB *p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
BTM_TRACE_EVENT0 ("btm_ble_resolve_random_addr");
if ( !p_mgnt_cb->busy)
{
p_mgnt_cb->p = p;
p_mgnt_cb->busy = TRUE;
p_mgnt_cb->index = 0;
p_mgnt_cb->p_resolve_cback = p_cback;
memcpy(p_mgnt_cb->random_bda, random_bda, BD_ADDR_LEN);
/* start to resolve random address */
/* check for next security record */
while (TRUE)
{
if (btm_ble_match_random_bda(p_mgnt_cb->index++))
{
// match found or went through the list
break;
}
}
}
else
(*p_cback)(NULL, p);
}
#endif
/*******************************************************************************
** address mapping between pseudo address and real connection address
*******************************************************************************/
/*******************************************************************************
**
** Function btm_ble_map_bda_to_conn_bda
**
** Description This function map a BD address to the real connection address
** and return the connection address type.
*******************************************************************************/
tBLE_ADDR_TYPE btm_ble_map_bda_to_conn_bda(BD_ADDR bd_addr)
{
tBTM_SEC_DEV_REC *p_dev_rec = NULL;
BTM_TRACE_EVENT0 ("btm_ble_map_bda_to_conn_bda");
if ((p_dev_rec = btm_find_dev (bd_addr)) != NULL &&
p_dev_rec->device_type == BT_DEVICE_TYPE_BLE)
{
if (p_dev_rec->ble.ble_addr_type != BLE_ADDR_PUBLIC)
{
memcpy(bd_addr, p_dev_rec->ble.static_addr, BD_ADDR_LEN);
}
return p_dev_rec->ble.ble_addr_type;
}
else
return BLE_ADDR_PUBLIC;
}
/*******************************************************************************
**
** Function btm_ble_map_bda_to_pseudo_bda
**
** Description This function map a BD address to a pseudo address when the
** address given is a random address.
**
*******************************************************************************/
void btm_ble_map_bda_to_pseudo_bda(BD_ADDR bd_addr)
{
BTM_TRACE_EVENT0 ("btm_ble_map_bda_to_pseudo_bda");
}
#endif