1 /**
2 * @file rpa.c
3 * Resolvable Private Address Generation and Resolution
4 */
5
6 /*
7 * Copyright (c) 2017 Nordic Semiconductor ASA
8 * Copyright (c) 2015-2016 Intel Corporation
9 *
10 * SPDX-License-Identifier: Apache-2.0
11 */
12
13 #include <ble_os.h>
14 #include <stddef.h>
15 #include <bt_errno.h>
16 #include <string.h>
17 #include <atomic.h>
18 #include <misc/util.h>
19 #include <misc/byteorder.h>
20 #include <misc/stack.h>
21
22 #ifndef ENOTSUP
23 #define ENOTSUP 134 /* unsupported*/
24 #endif
25
26 #define BT_DBG_ENABLED IS_ENABLED(CONFIG_BT_DEBUG_RPA)
27 #define LOG_MODULE_NAME bt_rpa
28 #include "common/log.h"
29
30 #if defined(CONFIG_BT_CTLR) && defined(CONFIG_BT_HOST_CRYPTO)
31 #include "../controller/util/util.h"
32 #include "../controller/hal/ecb.h"
33 #endif /* defined(CONFIG_BT_CTLR) && defined(CONFIG_BT_HOST_CRYPTO) */
34
35 #if defined(CONFIG_BT_PRIVACY) || defined(CONFIG_BT_CTLR_PRIVACY)
internal_rand(void * buf,size_t len)36 static int internal_rand(void *buf, size_t len)
37 {
38 /* Force using controller rand function. */
39 #if defined(CONFIG_BT_CTLR) && defined(CONFIG_BT_HOST_CRYPTO)
40 return util_rand(buf, len);
41 #else
42 return bt_rand(buf, len);
43 #endif
44 }
45 #endif /* defined(CONFIG_BT_PRIVACY) || defined(CONFIG_BT_CTLR_PRIVACY) */
46
internal_encrypt_le(const u8_t key[16],const u8_t plaintext[16],u8_t enc_data[16])47 static int internal_encrypt_le(const u8_t key[16], const u8_t plaintext[16],
48 u8_t enc_data[16])
49 {
50 /* Force using controller encrypt function if supported. */
51 #if defined(CONFIG_BT_CTLR) && defined(CONFIG_BT_HOST_CRYPTO) && \
52 defined(CONFIG_BT_CTLR_LE_ENC)
53 ecb_encrypt(key, plaintext, enc_data, NULL);
54 return 0;
55 #else
56 return bt_encrypt_le(key, plaintext, enc_data);
57 #endif
58 }
59
ah(const u8_t irk[16],const u8_t r[3],u8_t out[3])60 static int ah(const u8_t irk[16], const u8_t r[3], u8_t out[3])
61 {
62 u8_t res[16];
63 int err;
64
65 BT_DBG("irk %s", bt_hex(irk, 16));
66 BT_DBG("r %s", bt_hex(r, 3));
67
68 /* r' = padding || r */
69 memcpy(res, r, 3);
70 (void)memset(res + 3, 0, 13);
71
72 err = bt_encrypt_le(irk, res, res);
73 if (err) {
74 return err;
75 }
76
77 /* The output of the random address function ah is:
78 * ah(h, r) = e(k, r') mod 2^24
79 * The output of the security function e is then truncated to 24 bits
80 * by taking the least significant 24 bits of the output of e as the
81 * result of ah.
82 */
83 memcpy(out, res, 3);
84
85 return 0;
86 }
87
88 #if defined(CONFIG_BT_SMP) || defined(CONFIG_BT_CTLR_PRIVACY)
bt_rpa_irk_matches(const u8_t irk[16],const bt_addr_t * addr)89 bool bt_rpa_irk_matches(const u8_t irk[16], const bt_addr_t *addr)
90 {
91 u8_t hash[3];
92 int err;
93
94 BT_DBG("IRK %s bdaddr %s", bt_hex(irk, 16), bt_addr_str(addr));
95
96 err = ah(irk, addr->val + 3, hash);
97 if (err) {
98 return false;
99 }
100
101 return !memcmp(addr->val, hash, 3);
102 }
103 #endif
104
105 #if defined(CONFIG_BT_PRIVACY) || defined(CONFIG_BT_CTLR_PRIVACY)
bt_rpa_create(const u8_t irk[16],bt_addr_t * rpa)106 int bt_rpa_create(const u8_t irk[16], bt_addr_t *rpa)
107 {
108 int err;
109
110 err = bt_rand(rpa->val + 3, 3);
111 if (err) {
112 return err;
113 }
114
115 BT_ADDR_SET_RPA(rpa);
116
117 err = ah(irk, rpa->val + 3, rpa->val);
118 if (err) {
119 return err;
120 }
121
122 BT_DBG("Created RPA %s", bt_addr_str((bt_addr_t *)rpa->val));
123
124 return 0;
125 }
126 #else
bt_rpa_create(const u8_t irk[16],bt_addr_t * rpa)127 int bt_rpa_create(const u8_t irk[16], bt_addr_t *rpa)
128 {
129 return -ENOTSUP;
130 }
131 #endif /* CONFIG_BT_PRIVACY */
132
133