Add IRK support to allow tracking of devices with random MAC addresses (#6335)

* Add IRK support to allow tracking of devices with random MAC addresses * make CONF_IRK a local definition * Add tests --------- Co-authored-by: clydebarrow <2366188+clydebarrow@users.noreply.github.com>
2026-06-07 13:24:56 +02:00 · 2024-03-10 23:58:50 +01:00
parent d4489ac373
commit 247baa414a
6 changed files with 86 additions and 2 deletions
@@ -6,6 +6,16 @@

 #ifdef USE_ESP32

+#ifdef USE_ARDUINO
+#include "mbedtls/aes.h"
+#include "mbedtls/base64.h"
+#endif
+
+#ifdef USE_ESP_IDF
+#define MBEDTLS_AES_ALT
+#include <aes_alt.h>
+#endif
+
 namespace esphome {
 namespace ble_presence {

@@ -17,6 +27,10 @@ class BLEPresenceDevice : public binary_sensor::BinarySensorInitiallyOff,
    this->match_by_ = MATCH_BY_MAC_ADDRESS;
    this->address_ = address;
  }
+  void set_irk(uint8_t *irk) {
+    this->match_by_ = MATCH_BY_IRK;
+    this->irk_ = irk;
+  }
  void set_service_uuid16(uint16_t uuid) {
    this->match_by_ = MATCH_BY_SERVICE_UUID;
    this->uuid_ = esp32_ble_tracker::ESPBTUUID::from_uint16(uuid);
@@ -62,6 +76,13 @@ class BLEPresenceDevice : public binary_sensor::BinarySensorInitiallyOff,
          return true;
        }
        break;
+      case MATCH_BY_IRK:
+        if (resolve_irk_(device.address_uint64(), this->irk_)) {
+          this->publish_state(true);
+          this->found_ = true;
+          return true;
+        }
+        break;
      case MATCH_BY_SERVICE_UUID:
        for (auto uuid : device.get_service_uuids()) {
          if (this->uuid_ == uuid) {
@@ -100,10 +121,11 @@ class BLEPresenceDevice : public binary_sensor::BinarySensorInitiallyOff,
  float get_setup_priority() const override { return setup_priority::DATA; }

 protected:
-  enum MatchType { MATCH_BY_MAC_ADDRESS, MATCH_BY_SERVICE_UUID, MATCH_BY_IBEACON_UUID };
+  enum MatchType { MATCH_BY_MAC_ADDRESS, MATCH_BY_IRK, MATCH_BY_SERVICE_UUID, MATCH_BY_IBEACON_UUID };
  MatchType match_by_;

  uint64_t address_;
+  uint8_t *irk_;

  esp32_ble_tracker::ESPBTUUID uuid_;

@@ -117,6 +139,43 @@ class BLEPresenceDevice : public binary_sensor::BinarySensorInitiallyOff,
  bool check_ibeacon_minor_{false};
  bool check_minimum_rssi_{false};

+  bool resolve_irk_(uint64_t addr64, const uint8_t *irk) {
+    uint8_t ecb_key[16];
+    uint8_t ecb_plaintext[16];
+    uint8_t ecb_ciphertext[16];
+
+    memcpy(&ecb_key, irk, 16);
+    memset(&ecb_plaintext, 0, 16);
+
+    ecb_plaintext[13] = (addr64 >> 40) & 0xff;
+    ecb_plaintext[14] = (addr64 >> 32) & 0xff;
+    ecb_plaintext[15] = (addr64 >> 24) & 0xff;
+
+    mbedtls_aes_context ctx = {0, 0, {0}};
+    mbedtls_aes_init(&ctx);
+
+    if (mbedtls_aes_setkey_enc(&ctx, ecb_key, 128) != 0) {
+      mbedtls_aes_free(&ctx);
+      return false;
+    }
+
+    if (mbedtls_aes_crypt_ecb(&ctx,
+#ifdef USE_ARDUINO
+                              MBEDTLS_AES_ENCRYPT,
+#elif defined(USE_ESP_IDF)
+                              ESP_AES_ENCRYPT,
+#endif
+                              ecb_plaintext, ecb_ciphertext) != 0) {
+      mbedtls_aes_free(&ctx);
+      return false;
+    }
+
+    mbedtls_aes_free(&ctx);
+
+    return ecb_ciphertext[15] == (addr64 & 0xff) && ecb_ciphertext[14] == ((addr64 >> 8) & 0xff) &&
+           ecb_ciphertext[13] == ((addr64 >> 16) & 0xff);
+  }
+
  bool found_{false};
 };