1 /*
2 * Copyright 2020 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 */
17
18 #include <gmock/gmock.h>
19 #include <gtest/gtest.h>
20
21 #include <vector>
22
23 #include "common/strings.h"
24 #include "hci/hci_layer_mock.h"
25 #include "internal_include/bt_target.h"
26 #include "stack/btm/btm_ble_sec.h"
27 #include "stack/btm/btm_dev.h"
28 #include "stack/btm/btm_int_types.h"
29 #include "stack/btm/btm_sec.h"
30 #include "stack/btm/btm_sec_cb.h"
31 #include "stack/btm/security_device_record.h"
32 #include "stack/include/btm_status.h"
33 #include "stack/include/sec_hci_link_interface.h"
34 #include "stack/test/btm/btm_test_fixtures.h"
35 #include "test/mock/mock_main_shim_entry.h"
36 #include "types/raw_address.h"
37
38 extern tBTM_CB btm_cb;
39
40 using namespace bluetooth;
41
42 using ::testing::Return;
43 using ::testing::Test;
44
45 namespace {
46 const RawAddress kRawAddress = RawAddress({0x11, 0x22, 0x33, 0x44, 0x55, 0x66});
47 const uint8_t kBdName[] = "kBdName";
48 constexpr char kTimeFormat[] = "%Y-%m-%d %H:%M:%S";
49 } // namespace
50
51 using bluetooth::legacy::testing::wipe_secrets_and_remove;
52
53 constexpr size_t kBtmSecMaxDeviceRecords = static_cast<size_t>(BTM_SEC_MAX_DEVICE_RECORDS + 1);
54
55 class StackBtmSecTest : public BtmWithMocksTest {
56 public:
57 protected:
SetUp()58 void SetUp() override { BtmWithMocksTest::SetUp(); }
TearDown()59 void TearDown() override { BtmWithMocksTest::TearDown(); }
60 };
61
62 class StackBtmSecWithQueuesTest : public StackBtmSecTest {
63 public:
64 protected:
SetUp()65 void SetUp() override {
66 StackBtmSecTest::SetUp();
67 up_thread_ = new bluetooth::os::Thread("up_thread", bluetooth::os::Thread::Priority::NORMAL);
68 up_handler_ = new bluetooth::os::Handler(up_thread_);
69 down_thread_ =
70 new bluetooth::os::Thread("down_thread", bluetooth::os::Thread::Priority::NORMAL);
71 down_handler_ = new bluetooth::os::Handler(down_thread_);
72 bluetooth::hci::testing::mock_hci_layer_ =
73 std::make_unique<bluetooth::hci::testing::MockHciLayer>();
74 bluetooth::hci::testing::mock_gd_shim_handler_ = up_handler_;
75 }
TearDown()76 void TearDown() override {
77 up_handler_->Clear();
78 delete up_handler_;
79 delete up_thread_;
80 down_handler_->Clear();
81 delete down_handler_;
82 delete down_thread_;
83 bluetooth::hci::testing::mock_hci_layer_.reset();
84 StackBtmSecTest::TearDown();
85 }
86 bluetooth::common::BidiQueue<bluetooth::hci::ScoView, bluetooth::hci::ScoBuilder> sco_queue_{10};
87 bluetooth::os::Thread* up_thread_;
88 bluetooth::os::Handler* up_handler_;
89 bluetooth::os::Thread* down_thread_;
90 bluetooth::os::Handler* down_handler_;
91 };
92
93 class StackBtmSecWithInitFreeTest : public StackBtmSecWithQueuesTest {
94 public:
95 protected:
SetUp()96 void SetUp() override {
97 StackBtmSecWithQueuesTest::SetUp();
98 BTM_Sec_Init();
99 }
TearDown()100 void TearDown() override {
101 BTM_Sec_Free();
102 StackBtmSecWithQueuesTest::TearDown();
103 }
104 };
105
TEST_F(StackBtmSecWithInitFreeTest,btm_sec_encrypt_change)106 TEST_F(StackBtmSecWithInitFreeTest, btm_sec_encrypt_change) {
107 RawAddress bd_addr = RawAddress({0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6});
108 const uint16_t classic_handle = 0x1234;
109 const uint16_t ble_handle = 0x9876;
110
111 // Check the collision conditionals
112 ::btm_sec_cb.collision_start_time = 0UL;
113 btm_sec_encrypt_change(classic_handle, HCI_ERR_LMP_ERR_TRANS_COLLISION, 0x01, 0x10);
114 uint64_t collision_start_time = ::btm_sec_cb.collision_start_time;
115 ASSERT_NE(0UL, collision_start_time);
116
117 ::btm_sec_cb.collision_start_time = 0UL;
118 btm_sec_encrypt_change(classic_handle, HCI_ERR_DIFF_TRANSACTION_COLLISION, 0x01, 0x10);
119 collision_start_time = ::btm_sec_cb.collision_start_time;
120 ASSERT_NE(0UL, collision_start_time);
121
122 // No device
123 ::btm_sec_cb.collision_start_time = 0;
124 btm_sec_encrypt_change(classic_handle, HCI_SUCCESS, 0x01, 0x10);
125 ASSERT_EQ(0UL, ::btm_sec_cb.collision_start_time);
126
127 // Setup device
128 tBTM_SEC_DEV_REC* device_record = btm_sec_allocate_dev_rec();
129 ASSERT_NE(nullptr, device_record);
130 ASSERT_EQ(BTM_SEC_IN_USE, device_record->sec_rec.sec_flags);
131 device_record->bd_addr = bd_addr;
132 device_record->hci_handle = classic_handle;
133 device_record->ble_hci_handle = ble_handle;
134
135 // With classic device encryption enable
136 btm_sec_encrypt_change(classic_handle, HCI_SUCCESS, 0x01, 0x10);
137 ASSERT_EQ(BTM_SEC_IN_USE | BTM_SEC_AUTHENTICATED | BTM_SEC_ENCRYPTED,
138 device_record->sec_rec.sec_flags);
139
140 // With classic device encryption disable
141 btm_sec_encrypt_change(classic_handle, HCI_SUCCESS, 0x00, 0x10);
142 ASSERT_EQ(BTM_SEC_IN_USE | BTM_SEC_AUTHENTICATED, device_record->sec_rec.sec_flags);
143 device_record->sec_rec.sec_flags = BTM_SEC_IN_USE;
144
145 // With le device encryption enable
146 btm_sec_encrypt_change(ble_handle, HCI_SUCCESS, 0x01, 0x10);
147 ASSERT_EQ(BTM_SEC_IN_USE | BTM_SEC_LE_ENCRYPTED, device_record->sec_rec.sec_flags);
148
149 // With le device encryption disable
150 btm_sec_encrypt_change(ble_handle, HCI_SUCCESS, 0x00, 0x10);
151 ASSERT_EQ(BTM_SEC_IN_USE, device_record->sec_rec.sec_flags);
152 device_record->sec_rec.sec_flags = BTM_SEC_IN_USE;
153
154 wipe_secrets_and_remove(device_record);
155 }
156
TEST_F(StackBtmSecWithInitFreeTest,BTM_SetEncryption)157 TEST_F(StackBtmSecWithInitFreeTest, BTM_SetEncryption) {
158 const RawAddress bd_addr = RawAddress({0x11, 0x22, 0x33, 0x44, 0x55, 0x66});
159 const tBT_TRANSPORT transport{BT_TRANSPORT_LE};
160 tBTM_SEC_CALLBACK* p_callback{nullptr};
161 tBTM_BLE_SEC_ACT sec_act{BTM_BLE_SEC_ENCRYPT};
162
163 // No device
164 ASSERT_EQ(tBTM_STATUS::BTM_WRONG_MODE,
165 BTM_SetEncryption(bd_addr, transport, p_callback, nullptr, sec_act));
166
167 // With device
168 tBTM_SEC_DEV_REC* device_record = btm_sec_allocate_dev_rec();
169 ASSERT_NE(nullptr, device_record);
170 device_record->bd_addr = bd_addr;
171 device_record->hci_handle = 0x1234;
172
173 ASSERT_EQ(tBTM_STATUS::BTM_WRONG_MODE,
174 BTM_SetEncryption(bd_addr, transport, p_callback, nullptr, sec_act));
175
176 wipe_secrets_and_remove(device_record);
177 }
178
TEST_F(StackBtmSecTest,btm_ble_sec_req_act_text)179 TEST_F(StackBtmSecTest, btm_ble_sec_req_act_text) {
180 ASSERT_EQ("BTM_BLE_SEC_REQ_ACT_NONE", btm_ble_sec_req_act_text(BTM_BLE_SEC_REQ_ACT_NONE));
181 ASSERT_EQ("BTM_BLE_SEC_REQ_ACT_ENCRYPT", btm_ble_sec_req_act_text(BTM_BLE_SEC_REQ_ACT_ENCRYPT));
182 ASSERT_EQ("BTM_BLE_SEC_REQ_ACT_PAIR", btm_ble_sec_req_act_text(BTM_BLE_SEC_REQ_ACT_PAIR));
183 ASSERT_EQ("BTM_BLE_SEC_REQ_ACT_DISCARD", btm_ble_sec_req_act_text(BTM_BLE_SEC_REQ_ACT_DISCARD));
184 }
185
TEST_F(StackBtmSecWithInitFreeTest,btm_sec_allocate_dev_rec__all)186 TEST_F(StackBtmSecWithInitFreeTest, btm_sec_allocate_dev_rec__all) {
187 tBTM_SEC_DEV_REC* records[kBtmSecMaxDeviceRecords];
188
189 // Fill up the records
190 for (size_t i = 0; i < kBtmSecMaxDeviceRecords; i++) {
191 ASSERT_EQ(i, list_length(::btm_sec_cb.sec_dev_rec));
192 records[i] = btm_sec_allocate_dev_rec();
193 ASSERT_NE(nullptr, records[i]);
194 }
195
196 // Second pass up the records
197 for (size_t i = 0; i < kBtmSecMaxDeviceRecords; i++) {
198 ASSERT_EQ(kBtmSecMaxDeviceRecords, list_length(::btm_sec_cb.sec_dev_rec));
199 records[i] = btm_sec_allocate_dev_rec();
200 ASSERT_NE(nullptr, records[i]);
201 }
202
203 // NOTE: The memory allocated for each record is automatically
204 // allocated by the btm module and freed when the device record
205 // list is freed.
206 // Further, the memory for each record is reused when necessary.
207 }
208
TEST_F(StackBtmSecTest,btm_oob_data_text)209 TEST_F(StackBtmSecTest, btm_oob_data_text) {
210 std::vector<std::pair<tBTM_OOB_DATA, std::string>> datas = {
211 std::make_pair(BTM_OOB_NONE, "BTM_OOB_NONE"),
212 std::make_pair(BTM_OOB_PRESENT_192, "BTM_OOB_PRESENT_192"),
213 std::make_pair(BTM_OOB_PRESENT_256, "BTM_OOB_PRESENT_256"),
214 std::make_pair(BTM_OOB_PRESENT_192_AND_256, "BTM_OOB_PRESENT_192_AND_256"),
215 std::make_pair(BTM_OOB_UNKNOWN, "BTM_OOB_UNKNOWN"),
216 };
217 for (const auto& data : datas) {
218 ASSERT_STREQ(data.second.c_str(), btm_oob_data_text(data.first).c_str());
219 }
220 auto unknown = std::format("UNKNOWN[{}]", std::numeric_limits<std::uint8_t>::max());
221 ASSERT_STREQ(
222 unknown.c_str(),
223 btm_oob_data_text(static_cast<tBTM_OOB_DATA>(std::numeric_limits<std::uint8_t>::max()))
224 .c_str());
225 }
226
TEST_F(StackBtmSecTest,bond_type_text)227 TEST_F(StackBtmSecTest, bond_type_text) {
228 std::vector<std::pair<tBTM_BOND_TYPE, std::string>> datas = {
229 std::make_pair(BOND_TYPE_UNKNOWN, "BOND_TYPE_UNKNOWN"),
230 std::make_pair(BOND_TYPE_PERSISTENT, "BOND_TYPE_PERSISTENT"),
231 std::make_pair(BOND_TYPE_TEMPORARY, "BOND_TYPE_TEMPORARY"),
232 };
233 for (const auto& data : datas) {
234 ASSERT_STREQ(data.second.c_str(), bond_type_text(data.first).c_str());
235 }
236 auto unknown = std::format("UNKNOWN[{}]", std::numeric_limits<std::uint8_t>::max());
237 ASSERT_STREQ(unknown.c_str(),
238 bond_type_text(static_cast<tBTM_BOND_TYPE>(std::numeric_limits<std::uint8_t>::max()))
239 .c_str());
240 }
241
TEST_F(StackBtmSecWithInitFreeTest,wipe_secrets_and_remove)242 TEST_F(StackBtmSecWithInitFreeTest, wipe_secrets_and_remove) {
243 RawAddress bd_addr = RawAddress({0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6});
244 const uint16_t classic_handle = 0x1234;
245 const uint16_t ble_handle = 0x9876;
246
247 // Setup device
248 tBTM_SEC_DEV_REC* device_record = btm_sec_allocate_dev_rec();
249 ASSERT_NE(nullptr, device_record);
250 ASSERT_EQ(BTM_SEC_IN_USE, device_record->sec_rec.sec_flags);
251 device_record->bd_addr = bd_addr;
252 device_record->hci_handle = classic_handle;
253 device_record->ble_hci_handle = ble_handle;
254
255 wipe_secrets_and_remove(device_record);
256 }
257
TEST_F(StackBtmSecWithInitFreeTest,btm_sec_rmt_name_request_complete)258 TEST_F(StackBtmSecWithInitFreeTest, btm_sec_rmt_name_request_complete) {
259 btm_cb.history_ = std::make_shared<TimestampedStringCircularBuffer>(kBtmLogHistoryBufferSize);
260
261 btm_sec_rmt_name_request_complete(&kRawAddress, kBdName, HCI_SUCCESS);
262 btm_sec_rmt_name_request_complete(nullptr, nullptr, HCI_SUCCESS);
263 btm_sec_rmt_name_request_complete(nullptr, kBdName, HCI_SUCCESS);
264 btm_sec_rmt_name_request_complete(&kRawAddress, nullptr, HCI_SUCCESS);
265
266 btm_sec_rmt_name_request_complete(&kRawAddress, kBdName, HCI_ERR_HW_FAILURE);
267 btm_sec_rmt_name_request_complete(nullptr, nullptr, HCI_ERR_HW_FAILURE);
268 btm_sec_rmt_name_request_complete(nullptr, kBdName, HCI_ERR_HW_FAILURE);
269 btm_sec_rmt_name_request_complete(&kRawAddress, nullptr, HCI_ERR_HW_FAILURE);
270
271 std::vector<common::TimestampedEntry<std::string>> history = btm_cb.history_->Pull();
272 for (auto& record : history) {
273 time_t then = record.timestamp / 1000;
274 struct tm tm;
275 localtime_r(&then, &tm);
276 auto s2 = common::StringFormatTime(kTimeFormat, tm);
277 log::debug("{}.{} {}", s2, static_cast<unsigned int>(record.timestamp % 1000), record.entry);
278 }
279 ASSERT_EQ(8U, history.size());
280 }
281
TEST_F(StackBtmSecWithInitFreeTest,btm_sec_temp_bond_auth_authenticated_temporary)282 TEST_F(StackBtmSecWithInitFreeTest, btm_sec_temp_bond_auth_authenticated_temporary) {
283 RawAddress bd_addr = RawAddress({0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6});
284 const uint16_t classic_handle = 0x1234;
285 const uint16_t ble_handle = 0x9876;
286 bool rval = false;
287
288 tBTM_SEC_DEV_REC* device_record = btm_sec_allocate_dev_rec();
289 device_record->bd_addr = bd_addr;
290 device_record->hci_handle = classic_handle;
291 device_record->ble_hci_handle = ble_handle;
292
293 device_record->sec_rec.sec_flags |= BTM_SEC_AUTHENTICATED;
294 device_record->sec_rec.sec_flags |= BTM_SEC_NAME_KNOWN;
295 device_record->sec_rec.bond_type = BOND_TYPE_TEMPORARY;
296
297 btm_sec_cb.security_mode = BTM_SEC_MODE_SERVICE;
298 btm_sec_cb.pairing_state = BTM_PAIR_STATE_IDLE;
299
300 uint16_t sec_req = BTM_SEC_IN_AUTHENTICATE;
301 tBTM_STATUS status = tBTM_STATUS::BTM_UNDEFINED;
302
303 status = btm_sec_mx_access_request(bd_addr, false, sec_req, NULL, NULL);
304
305 ASSERT_EQ(status, tBTM_STATUS::BTM_FAILED_ON_SECURITY);
306 }
307
TEST_F(StackBtmSecWithInitFreeTest,btm_sec_temp_bond_auth_non_authenticated_temporary)308 TEST_F(StackBtmSecWithInitFreeTest, btm_sec_temp_bond_auth_non_authenticated_temporary) {
309 RawAddress bd_addr = RawAddress({0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6});
310 const uint16_t classic_handle = 0x1234;
311 const uint16_t ble_handle = 0x9876;
312 bool rval = false;
313
314 tBTM_SEC_DEV_REC* device_record = btm_sec_allocate_dev_rec();
315 device_record->bd_addr = bd_addr;
316 device_record->hci_handle = classic_handle;
317 device_record->ble_hci_handle = ble_handle;
318
319 device_record->sec_rec.sec_flags &= ~BTM_SEC_AUTHENTICATED;
320 device_record->sec_rec.sec_flags |= BTM_SEC_NAME_KNOWN;
321 device_record->sec_rec.bond_type = BOND_TYPE_TEMPORARY;
322
323 btm_sec_cb.security_mode = BTM_SEC_MODE_SERVICE;
324 btm_sec_cb.pairing_state = BTM_PAIR_STATE_IDLE;
325
326 uint16_t sec_req = BTM_SEC_IN_AUTHENTICATE;
327 tBTM_STATUS status = tBTM_STATUS::BTM_UNDEFINED;
328
329 status = btm_sec_mx_access_request(bd_addr, false, sec_req, NULL, NULL);
330
331 // We're testing the temp bonding security behavior here, so all we care about
332 // is that it doesn't fail on security.
333 ASSERT_NE(status, tBTM_STATUS::BTM_FAILED_ON_SECURITY);
334 }
335
TEST_F(StackBtmSecWithInitFreeTest,btm_sec_temp_bond_auth_authenticated_persistent)336 TEST_F(StackBtmSecWithInitFreeTest, btm_sec_temp_bond_auth_authenticated_persistent) {
337 RawAddress bd_addr = RawAddress({0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6});
338 const uint16_t classic_handle = 0x1234;
339 const uint16_t ble_handle = 0x9876;
340 bool rval = false;
341
342 tBTM_SEC_DEV_REC* device_record = btm_sec_allocate_dev_rec();
343 device_record->bd_addr = bd_addr;
344 device_record->hci_handle = classic_handle;
345 device_record->ble_hci_handle = ble_handle;
346
347 device_record->sec_rec.sec_flags |= BTM_SEC_AUTHENTICATED;
348 device_record->sec_rec.sec_flags |= BTM_SEC_NAME_KNOWN;
349 device_record->sec_rec.bond_type = BOND_TYPE_PERSISTENT;
350
351 btm_sec_cb.security_mode = BTM_SEC_MODE_SERVICE;
352 btm_sec_cb.pairing_state = BTM_PAIR_STATE_IDLE;
353
354 uint16_t sec_req = BTM_SEC_IN_AUTHENTICATE;
355 tBTM_STATUS status = tBTM_STATUS::BTM_UNDEFINED;
356
357 status = btm_sec_mx_access_request(bd_addr, false, sec_req, NULL, NULL);
358
359 // We're testing the temp bonding security behavior here, so all we care about
360 // is that it doesn't fail on security.
361 ASSERT_NE(status, tBTM_STATUS::BTM_FAILED_ON_SECURITY);
362 }
363
TEST_F(StackBtmSecWithInitFreeTest,btm_sec_temp_bond_auth_upgrade_needed)364 TEST_F(StackBtmSecWithInitFreeTest, btm_sec_temp_bond_auth_upgrade_needed) {
365 RawAddress bd_addr = RawAddress({0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6});
366 const uint16_t classic_handle = 0x1234;
367 const uint16_t ble_handle = 0x9876;
368 bool rval = false;
369
370 tBTM_SEC_DEV_REC* device_record = btm_sec_allocate_dev_rec();
371 device_record->bd_addr = bd_addr;
372 device_record->hci_handle = classic_handle;
373 device_record->ble_hci_handle = ble_handle;
374
375 device_record->sec_rec.sec_flags |= BTM_SEC_NAME_KNOWN;
376 device_record->sec_rec.sec_flags |= BTM_SEC_LINK_KEY_KNOWN;
377 device_record->sec_rec.bond_type = BOND_TYPE_PERSISTENT;
378
379 btm_sec_cb.security_mode = BTM_SEC_MODE_SERVICE;
380 btm_sec_cb.pairing_state = BTM_PAIR_STATE_IDLE;
381
382 uint16_t sec_req = BTM_SEC_IN_AUTHENTICATE | BTM_SEC_IN_MIN_16_DIGIT_PIN;
383 tBTM_STATUS status = tBTM_STATUS::BTM_UNDEFINED;
384
385 // This should be marked in btm_sec_execute_procedure with "start_auth"
386 // because BTM_SEC_IN_AUTHENTICATE is required but the security flags
387 // do not contain BTM_SEC_AUTHENTICATED
388
389 status = btm_sec_mx_access_request(bd_addr, false, sec_req, NULL, NULL);
390
391 // In this case we expect it to clear several security flags and return
392 // BTM_CMD_STARTED.
393 ASSERT_EQ(status, tBTM_STATUS::BTM_CMD_STARTED);
394 ASSERT_FALSE(device_record->sec_rec.sec_flags & BTM_SEC_LINK_KEY_KNOWN);
395 }
396
TEST_F(StackBtmSecWithInitFreeTest,btm_sec_temp_bond_auth_encryption_required)397 TEST_F(StackBtmSecWithInitFreeTest, btm_sec_temp_bond_auth_encryption_required) {
398 RawAddress bd_addr = RawAddress({0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6});
399 const uint16_t classic_handle = 0x1234;
400 const uint16_t ble_handle = 0x9876;
401 bool rval = false;
402
403 tBTM_SEC_DEV_REC* device_record = btm_sec_allocate_dev_rec();
404 device_record->bd_addr = bd_addr;
405 device_record->hci_handle = classic_handle;
406 device_record->ble_hci_handle = ble_handle;
407
408 device_record->sec_rec.sec_flags |= BTM_SEC_AUTHENTICATED;
409 device_record->sec_rec.sec_flags |= BTM_SEC_NAME_KNOWN;
410 device_record->sec_rec.bond_type = BOND_TYPE_PERSISTENT;
411
412 btm_sec_cb.security_mode = BTM_SEC_MODE_SERVICE;
413 btm_sec_cb.pairing_state = BTM_PAIR_STATE_IDLE;
414
415 uint16_t sec_req = BTM_SEC_IN_AUTHENTICATE | BTM_SEC_OUT_ENCRYPT;
416 tBTM_STATUS status = tBTM_STATUS::BTM_UNDEFINED;
417
418 // In this case we need to encrypt the link, so we will mark the link
419 // encrypted and return BTM_CMD_STARTED.
420 status = btm_sec_mx_access_request(bd_addr, true, sec_req, NULL, NULL);
421
422 ASSERT_EQ(status, tBTM_STATUS::BTM_CMD_STARTED);
423 ASSERT_EQ(device_record->sec_rec.classic_link, tSECURITY_STATE::ENCRYPTING);
424 }
425