Commit 9437d2ed authored by Marcel Holtmann's avatar Marcel Holtmann Committed by Johan Hedberg

Bluetooth: Fix generation of non-resolvable private addresses

When the host decides to use a non-resolvable private address, it
must ensure that this generated address does not match the public
address of the controller. Add an extra check to ensure this required
behavior.

In addition rename the variable from urpa to nrpa and fix all of the
comments in the code that use the term unresolvable instead of the
term non-resolvable as used in the Bluetooth specification.
Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
Signed-off-by: default avatarJohan Hedberg <johan.hedberg@intel.com>
parent 08f63cc5
...@@ -661,7 +661,7 @@ static void hci_req_add_le_create_conn(struct hci_request *req, ...@@ -661,7 +661,7 @@ static void hci_req_add_le_create_conn(struct hci_request *req,
memset(&cp, 0, sizeof(cp)); memset(&cp, 0, sizeof(cp));
/* Update random address, but set require_privacy to false so /* Update random address, but set require_privacy to false so
* that we never connect with an unresolvable address. * that we never connect with an non-resolvable address.
*/ */
if (hci_update_random_address(req, false, &own_addr_type)) if (hci_update_random_address(req, false, &own_addr_type))
return; return;
......
...@@ -3959,17 +3959,29 @@ int hci_update_random_address(struct hci_request *req, bool require_privacy, ...@@ -3959,17 +3959,29 @@ int hci_update_random_address(struct hci_request *req, bool require_privacy,
} }
/* In case of required privacy without resolvable private address, /* In case of required privacy without resolvable private address,
* use an unresolvable private address. This is useful for active * use an non-resolvable private address. This is useful for active
* scanning and non-connectable advertising. * scanning and non-connectable advertising.
*/ */
if (require_privacy) { if (require_privacy) {
bdaddr_t urpa; bdaddr_t nrpa;
get_random_bytes(&urpa, 6); while (true) {
urpa.b[5] &= 0x3f; /* Clear two most significant bits */ /* The non-resolvable private address is generated
* from random six bytes with the two most significant
* bits cleared.
*/
get_random_bytes(&nrpa, 6);
nrpa.b[5] &= 0x3f;
/* The non-resolvable private address shall not be
* equal to the public address.
*/
if (bacmp(&hdev->bdaddr, &nrpa))
break;
}
*own_addr_type = ADDR_LE_DEV_RANDOM; *own_addr_type = ADDR_LE_DEV_RANDOM;
set_random_addr(req, &urpa); set_random_addr(req, &nrpa);
return 0; return 0;
} }
...@@ -5625,7 +5637,7 @@ void hci_req_add_le_passive_scan(struct hci_request *req) ...@@ -5625,7 +5637,7 @@ void hci_req_add_le_passive_scan(struct hci_request *req)
u8 filter_policy; u8 filter_policy;
/* Set require_privacy to false since no SCAN_REQ are send /* Set require_privacy to false since no SCAN_REQ are send
* during passive scanning. Not using an unresolvable address * during passive scanning. Not using an non-resolvable address
* here is important so that peer devices using direct * here is important so that peer devices using direct
* advertising with our address will be correctly reported * advertising with our address will be correctly reported
* by the controller. * by the controller.
......
...@@ -3791,7 +3791,7 @@ static bool trigger_discovery(struct hci_request *req, u8 *status) ...@@ -3791,7 +3791,7 @@ static bool trigger_discovery(struct hci_request *req, u8 *status)
/* All active scans will be done with either a resolvable /* All active scans will be done with either a resolvable
* private address (when privacy feature has been enabled) * private address (when privacy feature has been enabled)
* or unresolvable private address. * or non-resolvable private address.
*/ */
err = hci_update_random_address(req, true, &own_addr_type); err = hci_update_random_address(req, true, &own_addr_type);
if (err < 0) { if (err < 0) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment