Whitelisting and CC2564C

[sven.kr...@gmail.com]

Hi,

I've done some experiments with ble whitelisting. The goal is to limit the access from other central devices. I want to allow to connect only from bonded devices. 

The implementation looks like this:

  uint8_t result = gap_whitelist_clear();

  filter_policy = 0;

  if (_whitelist_enabled){

    for (int i = 0; i < le_device_db_max_count(); i++){

      int addr_type;

      bd_addr_t addr;

      le_device_db_info(i, &addr_type, addr, NULL);

      if ((addr_type == BD_ADDR_TYPE_LE_PUBLIC) || ((addr_type == BD_ADDR_TYPE_LE_RANDOM))){

        result = gap_whitelist_add((bd_addr_type_t)addr_type, addr);

        log_data(LoggerTypeInfo, addr, sizeof(bd_addr_t), "Setup whitelist for type %d: result %d\n", addr_type, result);

      }

    }

    /* filter_policy:

       0: scan any conn any, 

       1: scan whitelist con any, 

       2: scan any conn whitelist, 

       3: scan whitelist con whitelist

    */

    filter_policy = 3;

  }

  gap_advertisements_set_data(adv_data_len, (uint8_t*) adv_data);

  gap_advertisements_set_params(adv_int_min, adv_int_max, 0, BD_ADDR_TYPE_LE_PUBLIC, null_addr, 0x07, filter_policy);

  gap_advertisements_enable(1);

This works great if I connect with my linux PC.  But Android use Resolvable Private Addresses (RPA). The address of the Andriod phone changes periodically. I figured out that ENABLE_LE_PRIVACY_ADDRESS_RESOLUTION should do the trick. But it doesn't work. The Android phone is not able to connect if whitelisting with filter_policy=3 is enabled. The Android phone is properly bonded.

Do you know if the CC2564C may has a lacking support for this? I could find any information about.

Kind regards

Sven

[Matthias Ringwald]

Hi Sven

When using an advertising filter policy, the Controller has to decide if it accepts a connect or scan request in minimal time (I think in the order of 200 us).
This works if the addresses to accept are static. For resolvable private addresses, it needs to do a few AES-128 hashes to see if it's in the list, which requires support by the Controller.

ENABLE_LE_PRIVACY_ADDRESS_RESOLUTION enables support for this in the stack, but it requires support in the Controller.

The CC2564C does not support this feautre as far as I know. In most cases, if a feature is not listed on the datasheet on the first page, it's not implemented :)

While using a Controller without support for that, your best option is to allow connect from everyone, and wait for BTstack to check the LE Device DB. It will then emit
either SM_EVENT_IDENTITY_RESOLVING_SUCCEEDED or SM_EVENT_IDENTITY_RESOLVING_FAILED. You can then call gap_disconnect() if the resolving fails.

Best regards,
Matthias

> --
> You received this message because you are subscribed to the Google Groups "btstack-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to btstack-dev...@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/btstack-dev/5694cec0a2adf1fcf6c9a2b164e9297cea78011f.camel%40gmail.com.