Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6eb34cca authored by Jacky Cheung's avatar Jacky Cheung Committed by Jakub Pawlowski
Browse files

Fix BLE remote address resolution

The hash segment of the resolvable device address needs to be extracted
for comparison.

Bug: 62589903
Test: manual
Change-Id: I979a8ad3074b692503b0c882bd90041ba4fbfb4d
parent 8fd74ae3
Loading
Loading
Loading
Loading
+16 −17
Original line number Diff line number Diff line
@@ -182,22 +182,21 @@ void btm_gen_non_resolvable_private_addr(tBTM_BLE_ADDR_CBACK* p_cback,
 * Returns          true on match, false otherwise
 *
 ******************************************************************************/
static bool btm_ble_proc_resolve_x(tSMP_ENC* p) {
  tBTM_LE_RANDOM_CB* p_mgnt_cb = &btm_cb.ble_ctr_cb.addr_mgnt_cb;
  uint8_t comp[3];
static bool btm_ble_proc_resolve_x(const tSMP_ENC& encrypt_output,
                                   const bt_bdaddr_t& random_bda) {
  BTM_TRACE_EVENT("btm_ble_proc_resolve_x");

  /* compare the hash with 3 LSB of bd address */
  comp[0] = p_mgnt_cb->random_bda.address[5];
  comp[1] = p_mgnt_cb->random_bda.address[4];
  comp[2] = p_mgnt_cb->random_bda.address[3];
  uint8_t comp[3];
  comp[0] = random_bda.address[5];
  comp[1] = random_bda.address[4];
  comp[2] = random_bda.address[3];

  if (p) {
    if (!memcmp(p->param_buf, &comp[0], 3)) {
      /* match is found */
  if (!memcmp(encrypt_output.param_buf, comp, 3)) {
    BTM_TRACE_EVENT("match is found");
    return true;
  }
  }

  return false;
}

@@ -275,13 +274,13 @@ bool btm_ble_addr_resolvable(const bt_bdaddr_t& rpa,
 *
 ******************************************************************************/
static bool btm_ble_match_random_bda(void* data, void* context) {
  uint8_t* random_bda = (uint8_t*)context;
  bt_bdaddr_t* random_bda = (bt_bdaddr_t*)context;
  /* use the 3 MSB of bd address as prand */

  uint8_t rand[3];
  rand[0] = random_bda[2];
  rand[1] = random_bda[1];
  rand[2] = random_bda[0];
  rand[0] = random_bda->address[2];
  rand[1] = random_bda->address[1];
  rand[2] = random_bda->address[0];

  BTM_TRACE_EVENT("%s next iteration", __func__);

@@ -298,7 +297,7 @@ static bool btm_ble_match_random_bda(void* data, void* context) {
  /* generate X = E irk(R0, R1, R2) and R is random address 3 LSO */
  SMP_Encrypt(p_dev_rec->ble.keys.irk, BT_OCTET16_LEN, &rand[0], 3, &output);
  // if it was match, finish iteration, otherwise continue
  return !btm_ble_proc_resolve_x(&output);
  return !btm_ble_proc_resolve_x(output, *random_bda);
}

/*******************************************************************************