1 // Copyright 2023 The Pigweed Authors
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License"); you may not
4 // use this file except in compliance with the License. You may obtain a copy of
5 // the License at
6 //
7 // https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11 // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12 // License for the specific language governing permissions and limitations under
13 // the License.
14
15 // inclusive-language: disable
16
17 #include "pw_bluetooth_sapphire/internal/host/gap/secure_simple_pairing_state.h"
18
19 #include <gmock/gmock.h>
20 #include <gtest/gtest.h>
21
22 #include "pw_bluetooth_sapphire/internal/host/gap/fake_pairing_delegate.h"
23 #include "pw_bluetooth_sapphire/internal/host/gap/peer_cache.h"
24 #include "pw_bluetooth_sapphire/internal/host/hci/fake_bredr_connection.h"
25 #include "pw_bluetooth_sapphire/internal/host/sm/test_security_manager.h"
26 #include "pw_bluetooth_sapphire/internal/host/sm/types.h"
27 #include "pw_bluetooth_sapphire/internal/host/testing/controller_test.h"
28 #include "pw_bluetooth_sapphire/internal/host/testing/fake_peer.h"
29 #include "pw_bluetooth_sapphire/internal/host/testing/gtest_helpers.h"
30 #include "pw_bluetooth_sapphire/internal/host/testing/inspect.h"
31 #include "pw_bluetooth_sapphire/internal/host/testing/inspect_util.h"
32 #include "pw_bluetooth_sapphire/internal/host/testing/mock_controller.h"
33 #include "pw_bluetooth_sapphire/internal/host/testing/test_packets.h"
34 #include "pw_bluetooth_sapphire/internal/host/transport/error.h"
35
36 namespace bt::gap {
37 namespace {
38
39 using namespace inspect::testing;
40
41 using hci::testing::FakeBrEdrConnection;
42 using hci_spec::kUserConfirmationRequestEventCode;
43 using hci_spec::kUserPasskeyNotificationEventCode;
44 using hci_spec::kUserPasskeyRequestEventCode;
45 using pw::bluetooth::emboss::AuthenticationRequirements;
46 using pw::bluetooth::emboss::IoCapability;
47
48 const DeviceAddress kLEIdentityAddress(DeviceAddress::Type::kLEPublic,
49 {0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA});
50 const UInt128 kIrk{{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}};
51 const bt::sm::LTK kLtk(sm::SecurityProperties(/*encrypted=*/true,
52 /*authenticated=*/true,
53 /*secure_connections=*/true,
54 sm::kMaxEncryptionKeySize),
55 hci_spec::LinkKey(UInt128{4}, 5, 6));
56
57 const hci_spec::ConnectionHandle kTestHandle(0x0A0B);
58 const DeviceAddress kLocalAddress(DeviceAddress::Type::kBREDR,
59 {0x22, 0x11, 0x00, 0xCC, 0xBB, 0xAA});
60 const DeviceAddress kPeerAddress(DeviceAddress::Type::kBREDR,
61 {0x99, 0x88, 0x77, 0xFF, 0xEE, 0xDD});
62 const auto kTestLocalIoCap = sm::IOCapability::kDisplayYesNo;
63 const auto kTestPeerIoCap = IoCapability::DISPLAY_ONLY;
64 const uint32_t kTestPasskey = 123456;
65 const auto kTestLinkKeyValue = UInt128{0x00,
66 0x00,
67 0x00,
68 0x00,
69 0x00,
70 0x00,
71 0x00,
72 0x00,
73 0x00,
74 0x00,
75 0x00,
76 0x00,
77 0x00,
78 0x00,
79 0x00,
80 0x01};
81 const hci_spec::LinkKey kTestLinkKey(kTestLinkKeyValue, 0, 0);
82 const auto kTestUnauthenticatedLinkKeyType192 =
83 hci_spec::LinkKeyType::kUnauthenticatedCombination192;
84 const auto kTestAuthenticatedLinkKeyType192 =
85 hci_spec::LinkKeyType::kAuthenticatedCombination192;
86 const auto kTestUnauthenticatedLinkKeyType256 =
87 hci_spec::LinkKeyType::kUnauthenticatedCombination256;
88 const auto kTestLegacyLinkKeyType = hci_spec::LinkKeyType::kCombination;
89 const auto kTestChangedLinkKeyType = hci_spec::LinkKeyType::kChangedCombination;
90 const BrEdrSecurityRequirements kNoSecurityRequirements{
91 .authentication = false, .secure_connections = false};
92
NoOpStatusCallback(hci_spec::ConnectionHandle,hci::Result<>)93 void NoOpStatusCallback(hci_spec::ConnectionHandle, hci::Result<>) {}
NoOpUserConfirmationCallback(bool)94 void NoOpUserConfirmationCallback(bool) {}
NoOpUserPasskeyCallback(std::optional<uint32_t>)95 void NoOpUserPasskeyCallback(std::optional<uint32_t>) {}
96
97 class NoOpPairingDelegate final : public PairingDelegate {
98 public:
NoOpPairingDelegate(sm::IOCapability io_capability)99 NoOpPairingDelegate(sm::IOCapability io_capability)
100 : io_capability_(io_capability), weak_self_(this) {}
101
GetWeakPtr()102 PairingDelegate::WeakPtr GetWeakPtr() { return weak_self_.GetWeakPtr(); }
103
104 // PairingDelegate overrides that do nothing.
105 ~NoOpPairingDelegate() override = default;
io_capability() const106 sm::IOCapability io_capability() const override { return io_capability_; }
CompletePairing(PeerId,sm::Result<>)107 void CompletePairing(PeerId, sm::Result<>) override {}
ConfirmPairing(PeerId,ConfirmCallback)108 void ConfirmPairing(PeerId, ConfirmCallback) override {}
DisplayPasskey(PeerId,uint32_t,DisplayMethod,ConfirmCallback)109 void DisplayPasskey(PeerId,
110 uint32_t,
111 DisplayMethod,
112 ConfirmCallback) override {}
RequestPasskey(PeerId,PasskeyResponseCallback)113 void RequestPasskey(PeerId, PasskeyResponseCallback) override {}
114
115 private:
116 const sm::IOCapability io_capability_;
117 WeakSelf<PairingDelegate> weak_self_;
118 };
119
120 using TestBase = testing::FakeDispatcherControllerTest<testing::MockController>;
121 class PairingStateTest : public TestBase, public hci::LocalAddressDelegate {
122 public:
123 PairingStateTest() = default;
124 ~PairingStateTest() override = default;
125
SetUp()126 void SetUp() override {
127 TestBase::SetUp();
128 InitializeACLDataChannel();
129
130 peer_cache_ = std::make_unique<PeerCache>(dispatcher());
131 peer_ = peer_cache_->NewPeer(kPeerAddress, /*connectable=*/true);
132
133 auth_request_count_ = 0;
134 send_auth_request_callback_ = [this]() { auth_request_count_++; };
135
136 connection_ = MakeFakeConnection();
137 }
138
TearDown()139 void TearDown() override {
140 peer_ = nullptr;
141 peer_cache_ = nullptr;
142
143 EXPECT_CMD_PACKET_OUT(test_device(),
144 testing::DisconnectPacket(kTestHandle));
145 connection_.reset();
146
147 TestBase::TearDown();
148 }
149
MakeAuthRequestCallback()150 fit::closure MakeAuthRequestCallback() {
151 return send_auth_request_callback_.share();
152 }
153
MakeFakeConnection()154 std::unique_ptr<FakeBrEdrConnection> MakeFakeConnection() {
155 return std::make_unique<FakeBrEdrConnection>(
156 kTestHandle,
157 kLocalAddress,
158 kPeerAddress,
159 pw::bluetooth::emboss::ConnectionRole::CENTRAL,
160 transport()->GetWeakPtr());
161 }
162
connection() const163 FakeBrEdrConnection* connection() const { return connection_.get(); }
peer_cache() const164 PeerCache* peer_cache() const { return peer_cache_.get(); }
peer() const165 Peer* peer() const { return peer_; }
auth_request_count() const166 size_t auth_request_count() const { return auth_request_count_; }
sm_factory()167 sm::testing::TestSecurityManagerFactory* sm_factory() {
168 return &security_manager_factory_;
169 }
sm_factory_func()170 sm::BrEdrSecurityManagerFactory sm_factory_func() {
171 return fit::bind_member<
172 &sm::testing::TestSecurityManagerFactory::CreateBrEdr>(sm_factory());
173 }
174
175 private:
176 // LocalAddressDelegate overrides:
irk() const177 std::optional<UInt128> irk() const override { return kIrk; }
identity_address() const178 DeviceAddress identity_address() const override { return kLEIdentityAddress; }
EnsureLocalAddress(std::optional<DeviceAddress::Type>,AddressCallback)179 void EnsureLocalAddress(std::optional<DeviceAddress::Type>,
180 AddressCallback) override {
181 ADD_FAILURE();
182 }
183
184 std::unique_ptr<PeerCache> peer_cache_;
185 Peer* peer_;
186 size_t auth_request_count_;
187 fit::closure send_auth_request_callback_;
188 sm::testing::TestSecurityManagerFactory security_manager_factory_;
189 std::unique_ptr<FakeBrEdrConnection> connection_;
190 };
191
192 class PairingStateDeathTest : public PairingStateTest {};
193
TEST_F(PairingStateTest,PairingStateStartsAsResponder)194 TEST_F(PairingStateTest, PairingStateStartsAsResponder) {
195 NoOpPairingDelegate pairing_delegate(kTestLocalIoCap);
196
197 SecureSimplePairingState pairing_state(
198 peer()->GetWeakPtr(),
199 pairing_delegate.GetWeakPtr(),
200 connection()->GetWeakPtr(),
201 /*outgoing_connection=*/false,
202 MakeAuthRequestCallback(),
203 NoOpStatusCallback,
204 /*low_energy_address_delegate=*/this,
205 /*controller_remote_public_key_validation_supported=*/true,
206 sm_factory_func(),
207 dispatcher());
208 EXPECT_FALSE(pairing_state.initiator());
209 }
210
TEST_F(PairingStateTest,PairingStateRemainsResponderAfterPeerIoCapResponse)211 TEST_F(PairingStateTest, PairingStateRemainsResponderAfterPeerIoCapResponse) {
212 NoOpPairingDelegate pairing_delegate(kTestLocalIoCap);
213
214 SecureSimplePairingState pairing_state(
215 peer()->GetWeakPtr(),
216 pairing_delegate.GetWeakPtr(),
217 connection()->GetWeakPtr(),
218 /*outgoing_connection=*/false,
219 MakeAuthRequestCallback(),
220 NoOpStatusCallback,
221 /*low_energy_address_delegate=*/this,
222 /*controller_remote_public_key_validation_supported=*/true,
223 sm_factory_func(),
224 dispatcher());
225 pairing_state.OnIoCapabilityResponse(kTestPeerIoCap);
226 EXPECT_EQ(0u, auth_request_count());
227 EXPECT_FALSE(pairing_state.initiator());
228 }
229
TEST_F(PairingStateTest,PairingStateBecomesInitiatorAfterLocalPairingInitiated)230 TEST_F(PairingStateTest,
231 PairingStateBecomesInitiatorAfterLocalPairingInitiated) {
232 NoOpPairingDelegate pairing_delegate(kTestLocalIoCap);
233
234 SecureSimplePairingState pairing_state(
235 peer()->GetWeakPtr(),
236 pairing_delegate.GetWeakPtr(),
237 connection()->GetWeakPtr(),
238 /*outgoing_connection=*/false,
239 MakeAuthRequestCallback(),
240 NoOpStatusCallback,
241 /*low_energy_address_delegate=*/this,
242 /*controller_remote_public_key_validation_supported=*/true,
243 sm_factory_func(),
244 dispatcher());
245 pairing_state.InitiatePairing(kNoSecurityRequirements, NoOpStatusCallback);
246 EXPECT_EQ(1u, auth_request_count());
247 EXPECT_TRUE(pairing_state.initiator());
248 EXPECT_TRUE(peer()->MutBrEdr().is_pairing());
249 }
250
TEST_F(PairingStateTest,PairingStateSendsAuthenticationRequestOnceForDuplicateRequest)251 TEST_F(PairingStateTest,
252 PairingStateSendsAuthenticationRequestOnceForDuplicateRequest) {
253 NoOpPairingDelegate pairing_delegate(kTestLocalIoCap);
254
255 SecureSimplePairingState pairing_state(
256 peer()->GetWeakPtr(),
257 pairing_delegate.GetWeakPtr(),
258 connection()->GetWeakPtr(),
259 /*outgoing_connection=*/false,
260 MakeAuthRequestCallback(),
261 NoOpStatusCallback,
262 /*low_energy_address_delegate=*/this,
263 /*controller_remote_public_key_validation_supported=*/true,
264 sm_factory_func(),
265 dispatcher());
266
267 pairing_state.InitiatePairing(kNoSecurityRequirements, NoOpStatusCallback);
268 EXPECT_EQ(1u, auth_request_count());
269 EXPECT_TRUE(pairing_state.initiator());
270
271 pairing_state.InitiatePairing(kNoSecurityRequirements, NoOpStatusCallback);
272 EXPECT_EQ(1u, auth_request_count());
273 EXPECT_TRUE(pairing_state.initiator());
274 }
275
TEST_F(PairingStateTest,PairingStateRemainsResponderIfPairingInitiatedWhileResponderPairingInProgress)276 TEST_F(
277 PairingStateTest,
278 PairingStateRemainsResponderIfPairingInitiatedWhileResponderPairingInProgress) {
279 NoOpPairingDelegate pairing_delegate(kTestLocalIoCap);
280
281 SecureSimplePairingState pairing_state(
282 peer()->GetWeakPtr(),
283 pairing_delegate.GetWeakPtr(),
284 connection()->GetWeakPtr(),
285 /*outgoing_connection=*/false,
286 MakeAuthRequestCallback(),
287 NoOpStatusCallback,
288 /*low_energy_address_delegate=*/this,
289 /*controller_remote_public_key_validation_supported=*/true,
290 sm_factory_func(),
291 dispatcher());
292 pairing_state.OnIoCapabilityResponse(kTestPeerIoCap);
293 EXPECT_TRUE(peer()->MutBrEdr().is_pairing());
294 ASSERT_FALSE(pairing_state.initiator());
295
296 pairing_state.InitiatePairing(kNoSecurityRequirements, NoOpStatusCallback);
297 EXPECT_EQ(0u, auth_request_count());
298 EXPECT_FALSE(pairing_state.initiator());
299 }
300
TEST_F(PairingStateTest,StatusCallbackMayDestroyPairingState)301 TEST_F(PairingStateTest, StatusCallbackMayDestroyPairingState) {
302 NoOpPairingDelegate pairing_delegate(kTestLocalIoCap);
303
304 std::unique_ptr<SecureSimplePairingState> pairing_state;
305 bool cb_called = false;
306 auto status_cb = [&pairing_state, &cb_called](hci_spec::ConnectionHandle,
307 hci::Result<> status) {
308 EXPECT_TRUE(status.is_error());
309 cb_called = true;
310
311 // Note that this lambda is owned by the SecureSimplePairingState so its
312 // captures are invalid after this.
313 pairing_state = nullptr;
314 };
315
316 pairing_state = std::make_unique<SecureSimplePairingState>(
317 peer()->GetWeakPtr(),
318 pairing_delegate.GetWeakPtr(),
319 connection()->GetWeakPtr(),
320 /*outgoing_connection=*/false,
321 MakeAuthRequestCallback(),
322 status_cb,
323 /*low_energy_address_delegate=*/this,
324 /*controller_remote_public_key_validation_supported=*/true,
325 sm_factory_func(),
326 dispatcher());
327
328 // Unexpected event that should cause the status callback to be called with an
329 // error.
330 pairing_state->OnUserPasskeyNotification(kTestPasskey);
331
332 EXPECT_TRUE(cb_called);
333 }
334
TEST_F(PairingStateTest,InitiatorCallbackMayDestroyPairingState)335 TEST_F(PairingStateTest, InitiatorCallbackMayDestroyPairingState) {
336 NoOpPairingDelegate pairing_delegate(kTestLocalIoCap);
337
338 std::unique_ptr<SecureSimplePairingState> pairing_state =
339 std::make_unique<SecureSimplePairingState>(
340 peer()->GetWeakPtr(),
341 pairing_delegate.GetWeakPtr(),
342 connection()->GetWeakPtr(),
343 /*outgoing_connection=*/false,
344 MakeAuthRequestCallback(),
345 NoOpStatusCallback,
346 /*low_energy_address_delegate=*/this,
347 /*controller_remote_public_key_validation_supported=*/true,
348 sm_factory_func(),
349 dispatcher());
350 bool cb_called = false;
351 auto status_cb = [&pairing_state, &cb_called](hci_spec::ConnectionHandle,
352 hci::Result<> status) {
353 EXPECT_TRUE(status.is_error());
354 cb_called = true;
355
356 // Note that this lambda is owned by the SecureSimplePairingState so its
357 // captures are invalid after this.
358 pairing_state = nullptr;
359 };
360 pairing_state->InitiatePairing(kNoSecurityRequirements, status_cb);
361
362 // Unexpected event that should cause the status callback to be called with an
363 // error.
364 pairing_state->OnUserPasskeyNotification(kTestPasskey);
365
366 EXPECT_TRUE(cb_called);
367 }
368
369 // Test helper to inspect StatusCallback invocations.
370 class TestStatusHandler final {
371 public:
MakeStatusCallback()372 auto MakeStatusCallback() {
373 return [this](hci_spec::ConnectionHandle handle, hci::Result<> status) {
374 call_count_++;
375 handle_ = handle;
376 status_ = status;
377 };
378 }
379
call_count() const380 auto call_count() const { return call_count_; }
381
382 // Returns std::nullopt if |call_count() < 1|, otherwise values from the most
383 // recent callback invocation.
handle() const384 auto& handle() const { return handle_; }
status() const385 auto& status() const { return status_; }
386
387 private:
388 int call_count_ = 0;
389 std::optional<hci_spec::ConnectionHandle> handle_;
390 std::optional<hci::Result<>> status_;
391 };
392
TEST_F(PairingStateTest,TestStatusHandlerTracksStatusCallbackInvocations)393 TEST_F(PairingStateTest, TestStatusHandlerTracksStatusCallbackInvocations) {
394 TestStatusHandler handler;
395 EXPECT_EQ(0, handler.call_count());
396 EXPECT_FALSE(handler.status());
397
398 SecureSimplePairingState::StatusCallback status_cb =
399 handler.MakeStatusCallback();
400 EXPECT_EQ(0, handler.call_count());
401 EXPECT_FALSE(handler.status());
402
403 status_cb(hci_spec::ConnectionHandle(0x0A0B),
404 ToResult(pw::bluetooth::emboss::StatusCode::PAIRING_NOT_ALLOWED));
405 EXPECT_EQ(1, handler.call_count());
406 ASSERT_TRUE(handler.handle());
407 EXPECT_EQ(hci_spec::ConnectionHandle(0x0A0B), *handler.handle());
408 ASSERT_TRUE(handler.status());
409 EXPECT_EQ(ToResult(pw::bluetooth::emboss::StatusCode::PAIRING_NOT_ALLOWED),
410 *handler.status());
411 }
412
TEST_F(PairingStateTest,InitiatingPairingAfterErrorTriggersStatusCallbackWithError)413 TEST_F(PairingStateTest,
414 InitiatingPairingAfterErrorTriggersStatusCallbackWithError) {
415 NoOpPairingDelegate pairing_delegate(kTestLocalIoCap);
416
417 TestStatusHandler link_status_handler;
418
419 SecureSimplePairingState pairing_state(
420 peer()->GetWeakPtr(),
421 pairing_delegate.GetWeakPtr(),
422 connection()->GetWeakPtr(),
423 /*outgoing_connection=*/false,
424 MakeAuthRequestCallback(),
425 link_status_handler.MakeStatusCallback(),
426 /*low_energy_address_delegate=*/this,
427 /*controller_remote_public_key_validation_supported=*/true,
428 sm_factory_func(),
429 dispatcher());
430
431 // Unexpected event that should cause the status callback to be called with an
432 // error.
433 pairing_state.OnUserPasskeyNotification(kTestPasskey);
434
435 EXPECT_EQ(1, link_status_handler.call_count());
436 ASSERT_TRUE(link_status_handler.handle());
437 EXPECT_EQ(kTestHandle, *link_status_handler.handle());
438 ASSERT_TRUE(link_status_handler.status());
439 EXPECT_EQ(ToResult(HostError::kNotSupported), *link_status_handler.status());
440 EXPECT_FALSE(peer()->MutBrEdr().is_pairing());
441
442 // Try to initiate pairing again.
443 TestStatusHandler pairing_status_handler;
444 pairing_state.InitiatePairing(kNoSecurityRequirements,
445 pairing_status_handler.MakeStatusCallback());
446
447 // The status callback for pairing attempts made after a pairing failure
448 // should be rejected as canceled.
449 EXPECT_EQ(1, pairing_status_handler.call_count());
450 ASSERT_TRUE(pairing_status_handler.handle());
451 EXPECT_EQ(kTestHandle, *pairing_status_handler.handle());
452 ASSERT_TRUE(pairing_status_handler.status());
453 EXPECT_EQ(ToResult(HostError::kCanceled), *pairing_status_handler.status());
454 EXPECT_FALSE(peer()->MutBrEdr().is_pairing());
455 }
456
TEST_F(PairingStateTest,UnexpectedEncryptionChangeDoesNotTriggerStatusCallback)457 TEST_F(PairingStateTest,
458 UnexpectedEncryptionChangeDoesNotTriggerStatusCallback) {
459 NoOpPairingDelegate pairing_delegate(kTestLocalIoCap);
460
461 TestStatusHandler status_handler;
462
463 SecureSimplePairingState pairing_state(
464 peer()->GetWeakPtr(),
465 pairing_delegate.GetWeakPtr(),
466 connection()->GetWeakPtr(),
467 /*outgoing_connection=*/false,
468 MakeAuthRequestCallback(),
469 status_handler.MakeStatusCallback(),
470 /*low_energy_address_delegate=*/this,
471 /*controller_remote_public_key_validation_supported=*/true,
472 sm_factory_func(),
473 dispatcher());
474
475 // Advance state machine.
476 pairing_state.InitiatePairing(kNoSecurityRequirements, NoOpStatusCallback);
477 static_cast<void>(pairing_state.OnLinkKeyRequest());
478 static_cast<void>(pairing_state.OnIoCapabilityRequest());
479 pairing_state.OnIoCapabilityResponse(kTestPeerIoCap);
480
481 ASSERT_EQ(0, connection()->start_encryption_count());
482 ASSERT_EQ(0, status_handler.call_count());
483
484 connection()->TriggerEncryptionChangeCallback(fit::ok(true));
485 EXPECT_EQ(0, status_handler.call_count());
486 }
487
TEST_F(PairingStateTest,PeerMayNotChangeLinkKeyWhenNotEncrypted)488 TEST_F(PairingStateTest, PeerMayNotChangeLinkKeyWhenNotEncrypted) {
489 NoOpPairingDelegate pairing_delegate(kTestLocalIoCap);
490
491 TestStatusHandler status_handler;
492
493 SecureSimplePairingState pairing_state(
494 peer()->GetWeakPtr(),
495 pairing_delegate.GetWeakPtr(),
496 connection()->GetWeakPtr(),
497 /*outgoing_connection=*/false,
498 MakeAuthRequestCallback(),
499 status_handler.MakeStatusCallback(),
500 /*low_energy_address_delegate=*/this,
501 /*controller_remote_public_key_validation_supported=*/true,
502 sm_factory_func(),
503 dispatcher());
504 ASSERT_FALSE(connection()->ltk().has_value());
505
506 pairing_state.OnLinkKeyNotification(kTestLinkKeyValue,
507 kTestChangedLinkKeyType);
508
509 EXPECT_FALSE(connection()->ltk().has_value());
510 EXPECT_EQ(1, status_handler.call_count());
511 ASSERT_TRUE(status_handler.handle());
512 EXPECT_EQ(kTestHandle, *status_handler.handle());
513 ASSERT_TRUE(status_handler.status());
514 EXPECT_EQ(ToResult(HostError::kInsufficientSecurity),
515 *status_handler.status());
516 }
517
TEST_F(PairingStateTest,PeerMayChangeLinkKeyWhenInIdleState)518 TEST_F(PairingStateTest, PeerMayChangeLinkKeyWhenInIdleState) {
519 NoOpPairingDelegate pairing_delegate(kTestLocalIoCap);
520
521 TestStatusHandler status_handler;
522
523 SecureSimplePairingState pairing_state(
524 peer()->GetWeakPtr(),
525 pairing_delegate.GetWeakPtr(),
526 connection()->GetWeakPtr(),
527 /*outgoing_connection=*/false,
528 MakeAuthRequestCallback(),
529 status_handler.MakeStatusCallback(),
530 /*low_energy_address_delegate=*/this,
531 /*controller_remote_public_key_validation_supported=*/true,
532 sm_factory_func(),
533 dispatcher());
534 connection()->set_link_key(hci_spec::LinkKey(UInt128(), 0, 0),
535 kTestAuthenticatedLinkKeyType192);
536
537 pairing_state.OnLinkKeyNotification(kTestLinkKeyValue,
538 kTestChangedLinkKeyType);
539
540 ASSERT_TRUE(connection()->ltk().has_value());
541 EXPECT_EQ(kTestLinkKeyValue, connection()->ltk().value().value());
542 ASSERT_TRUE(connection()->ltk_type().has_value());
543 EXPECT_EQ(kTestChangedLinkKeyType, connection()->ltk_type().value());
544 EXPECT_EQ(0, status_handler.call_count());
545 EXPECT_FALSE(peer()->MutBrEdr().is_pairing());
546 }
547
548 // Inject events that occur during the course of a successful pairing as an
549 // initiator, but not including enabling link encryption.
AdvanceToEncryptionAsInitiator(SecureSimplePairingState * pairing_state)550 void AdvanceToEncryptionAsInitiator(SecureSimplePairingState* pairing_state) {
551 static_cast<void>(pairing_state->OnLinkKeyRequest());
552 static_cast<void>(pairing_state->OnIoCapabilityRequest());
553 pairing_state->OnIoCapabilityResponse(kTestPeerIoCap);
554 pairing_state->OnUserConfirmationRequest(kTestPasskey,
555 NoOpUserConfirmationCallback);
556 pairing_state->OnSimplePairingComplete(
557 pw::bluetooth::emboss::StatusCode::SUCCESS);
558 pairing_state->OnLinkKeyNotification(kTestLinkKeyValue,
559 kTestUnauthenticatedLinkKeyType192);
560 pairing_state->OnAuthenticationComplete(
561 pw::bluetooth::emboss::StatusCode::SUCCESS);
562 }
563
TEST_F(PairingStateTest,SuccessfulEncryptionChangeTriggersStatusCallback)564 TEST_F(PairingStateTest, SuccessfulEncryptionChangeTriggersStatusCallback) {
565 NoOpPairingDelegate pairing_delegate(kTestLocalIoCap);
566
567 TestStatusHandler status_handler;
568
569 SecureSimplePairingState pairing_state(
570 peer()->GetWeakPtr(),
571 pairing_delegate.GetWeakPtr(),
572 connection()->GetWeakPtr(),
573 /*outgoing_connection=*/false,
574 MakeAuthRequestCallback(),
575 status_handler.MakeStatusCallback(),
576 /*low_energy_address_delegate=*/this,
577 /*controller_remote_public_key_validation_supported=*/true,
578 sm_factory_func(),
579 dispatcher());
580
581 // Advance state machine.
582 pairing_state.InitiatePairing(kNoSecurityRequirements, NoOpStatusCallback);
583 AdvanceToEncryptionAsInitiator(&pairing_state);
584
585 ASSERT_EQ(0, status_handler.call_count());
586
587 EXPECT_EQ(1, connection()->start_encryption_count());
588 connection()->TriggerEncryptionChangeCallback(fit::ok(true));
589 EXPECT_EQ(1, status_handler.call_count());
590 ASSERT_TRUE(status_handler.handle());
591 EXPECT_EQ(kTestHandle, *status_handler.handle());
592 ASSERT_TRUE(status_handler.status());
593 EXPECT_EQ(fit::ok(), *status_handler.status());
594 }
595
TEST_F(PairingStateTest,EncryptionChangeErrorTriggersStatusCallbackWithError)596 TEST_F(PairingStateTest, EncryptionChangeErrorTriggersStatusCallbackWithError) {
597 NoOpPairingDelegate pairing_delegate(kTestLocalIoCap);
598
599 TestStatusHandler status_handler;
600
601 SecureSimplePairingState pairing_state(
602 peer()->GetWeakPtr(),
603 pairing_delegate.GetWeakPtr(),
604 connection()->GetWeakPtr(),
605 /*outgoing_connection=*/false,
606 MakeAuthRequestCallback(),
607 status_handler.MakeStatusCallback(),
608 /*low_energy_address_delegate=*/this,
609 /*controller_remote_public_key_validation_supported=*/true,
610 sm_factory_func(),
611 dispatcher());
612
613 // Advance state machine.
614 static_cast<void>(pairing_state.InitiatePairing(kNoSecurityRequirements,
615 NoOpStatusCallback));
616 AdvanceToEncryptionAsInitiator(&pairing_state);
617
618 ASSERT_EQ(0, status_handler.call_count());
619
620 EXPECT_EQ(1, connection()->start_encryption_count());
621 connection()->TriggerEncryptionChangeCallback(
622 fit::error(Error(HostError::kInsufficientSecurity)));
623 EXPECT_EQ(1, status_handler.call_count());
624 ASSERT_TRUE(status_handler.handle());
625 EXPECT_EQ(kTestHandle, *status_handler.handle());
626 ASSERT_TRUE(status_handler.status());
627 EXPECT_EQ(ToResult(HostError::kInsufficientSecurity),
628 *status_handler.status());
629 }
630
TEST_F(PairingStateTest,EncryptionChangeToDisabledTriggersStatusCallbackWithError)631 TEST_F(PairingStateTest,
632 EncryptionChangeToDisabledTriggersStatusCallbackWithError) {
633 NoOpPairingDelegate pairing_delegate(kTestLocalIoCap);
634
635 TestStatusHandler status_handler;
636
637 SecureSimplePairingState pairing_state(
638 peer()->GetWeakPtr(),
639 pairing_delegate.GetWeakPtr(),
640 connection()->GetWeakPtr(),
641 /*outgoing_connection=*/false,
642 MakeAuthRequestCallback(),
643 status_handler.MakeStatusCallback(),
644 /*low_energy_address_delegate=*/this,
645 /*controller_remote_public_key_validation_supported=*/true,
646 sm_factory_func(),
647 dispatcher());
648
649 // Advance state machine.
650 pairing_state.InitiatePairing(kNoSecurityRequirements, NoOpStatusCallback);
651 AdvanceToEncryptionAsInitiator(&pairing_state);
652
653 ASSERT_EQ(0, status_handler.call_count());
654
655 EXPECT_EQ(1, connection()->start_encryption_count());
656 connection()->TriggerEncryptionChangeCallback(fit::ok(false));
657 EXPECT_EQ(1, status_handler.call_count());
658 ASSERT_TRUE(status_handler.handle());
659 EXPECT_EQ(kTestHandle, *status_handler.handle());
660 ASSERT_TRUE(status_handler.status());
661 EXPECT_EQ(ToResult(HostError::kFailed), *status_handler.status());
662 }
663
TEST_F(PairingStateTest,EncryptionChangeToEnableCallsInitiatorCallbacks)664 TEST_F(PairingStateTest, EncryptionChangeToEnableCallsInitiatorCallbacks) {
665 NoOpPairingDelegate pairing_delegate(kTestLocalIoCap);
666
667 SecureSimplePairingState pairing_state(
668 peer()->GetWeakPtr(),
669 pairing_delegate.GetWeakPtr(),
670 connection()->GetWeakPtr(),
671 /*outgoing_connection=*/false,
672 MakeAuthRequestCallback(),
673 NoOpStatusCallback,
674 /*low_energy_address_delegate=*/this,
675 /*controller_remote_public_key_validation_supported=*/true,
676 sm_factory_func(),
677 dispatcher());
678
679 // Advance state machine.
680 TestStatusHandler status_handler_0;
681 pairing_state.InitiatePairing(kNoSecurityRequirements,
682 status_handler_0.MakeStatusCallback());
683 AdvanceToEncryptionAsInitiator(&pairing_state);
684 EXPECT_TRUE(pairing_state.initiator());
685
686 // Try to initiate pairing while pairing is in progress.
687 TestStatusHandler status_handler_1;
688 static_cast<void>(pairing_state.InitiatePairing(
689 kNoSecurityRequirements, status_handler_1.MakeStatusCallback()));
690
691 EXPECT_TRUE(pairing_state.initiator());
692 ASSERT_EQ(0, status_handler_0.call_count());
693 ASSERT_EQ(0, status_handler_1.call_count());
694
695 connection()->TriggerEncryptionChangeCallback(fit::ok(true));
696 EXPECT_EQ(1, status_handler_0.call_count());
697 EXPECT_EQ(1, status_handler_1.call_count());
698 ASSERT_TRUE(status_handler_0.handle());
699 EXPECT_EQ(kTestHandle, *status_handler_0.handle());
700 ASSERT_TRUE(status_handler_0.status());
701 EXPECT_EQ(fit::ok(), *status_handler_0.status());
702 ASSERT_TRUE(status_handler_1.handle());
703 EXPECT_EQ(kTestHandle, *status_handler_1.handle());
704 ASSERT_TRUE(status_handler_1.status());
705 EXPECT_EQ(fit::ok(), *status_handler_1.status());
706
707 // Errors for a new pairing shouldn't invoke the initiators' callbacks.
708 pairing_state.OnUserPasskeyNotification(kTestPasskey);
709 EXPECT_EQ(1, status_handler_0.call_count());
710 EXPECT_EQ(1, status_handler_1.call_count());
711 }
712
TEST_F(PairingStateTest,InitiatingPairingOnResponderWaitsForPairingToFinish)713 TEST_F(PairingStateTest, InitiatingPairingOnResponderWaitsForPairingToFinish) {
714 NoOpPairingDelegate pairing_delegate(kTestLocalIoCap);
715
716 SecureSimplePairingState pairing_state(
717 peer()->GetWeakPtr(),
718 pairing_delegate.GetWeakPtr(),
719 connection()->GetWeakPtr(),
720 /*outgoing_connection=*/false,
721 MakeAuthRequestCallback(),
722 NoOpStatusCallback,
723 /*low_energy_address_delegate=*/this,
724 /*controller_remote_public_key_validation_supported=*/true,
725 sm_factory_func(),
726 dispatcher());
727
728 // Advance state machine as pairing responder.
729 pairing_state.OnIoCapabilityResponse(kTestPeerIoCap);
730 ASSERT_FALSE(pairing_state.initiator());
731 EXPECT_TRUE(peer()->MutBrEdr().is_pairing());
732 static_cast<void>(pairing_state.OnIoCapabilityRequest());
733 pairing_state.OnUserConfirmationRequest(kTestPasskey,
734 NoOpUserConfirmationCallback);
735
736 // Try to initiate pairing while pairing is in progress.
737 TestStatusHandler status_handler;
738 pairing_state.InitiatePairing(kNoSecurityRequirements,
739 status_handler.MakeStatusCallback());
740 EXPECT_FALSE(pairing_state.initiator());
741
742 // Keep advancing state machine.
743 pairing_state.OnSimplePairingComplete(
744 pw::bluetooth::emboss::StatusCode::SUCCESS);
745 pairing_state.OnLinkKeyNotification(kTestLinkKeyValue,
746 kTestUnauthenticatedLinkKeyType192);
747
748 EXPECT_FALSE(pairing_state.initiator());
749 ASSERT_EQ(0, status_handler.call_count());
750
751 // The attempt to initiate pairing should have its status callback notified.
752 connection()->TriggerEncryptionChangeCallback(fit::ok(true));
753 EXPECT_EQ(1, status_handler.call_count());
754 ASSERT_TRUE(status_handler.handle());
755 EXPECT_EQ(kTestHandle, *status_handler.handle());
756 ASSERT_TRUE(status_handler.status());
757 EXPECT_EQ(fit::ok(), *status_handler.status());
758 EXPECT_FALSE(peer()->MutBrEdr().is_pairing());
759
760 // Errors for a new pairing shouldn't invoke the attempted initiator's
761 // callback.
762 pairing_state.OnUserPasskeyNotification(kTestPasskey);
763 EXPECT_EQ(1, status_handler.call_count());
764 }
765
TEST_F(PairingStateTest,UnresolvedPairingCallbackIsCalledOnDestruction)766 TEST_F(PairingStateTest, UnresolvedPairingCallbackIsCalledOnDestruction) {
767 TestStatusHandler overall_status, request_status;
768 {
769 NoOpPairingDelegate pairing_delegate(kTestLocalIoCap);
770
771 SecureSimplePairingState pairing_state(
772 peer()->GetWeakPtr(),
773 pairing_delegate.GetWeakPtr(),
774 connection()->GetWeakPtr(),
775 /*outgoing_connection=*/false,
776 MakeAuthRequestCallback(),
777 overall_status.MakeStatusCallback(),
778 /*low_energy_address_delegate=*/this,
779 /*controller_remote_public_key_validation_supported=*/true,
780 sm_factory_func(),
781 dispatcher());
782
783 // Advance state machine as pairing responder.
784 pairing_state.OnIoCapabilityResponse(kTestPeerIoCap);
785 ASSERT_FALSE(pairing_state.initiator());
786 static_cast<void>(pairing_state.OnIoCapabilityRequest());
787 pairing_state.OnUserConfirmationRequest(kTestPasskey,
788 NoOpUserConfirmationCallback);
789
790 // Try to initiate pairing while pairing is in progress.
791 pairing_state.InitiatePairing(kNoSecurityRequirements,
792 request_status.MakeStatusCallback());
793 EXPECT_FALSE(pairing_state.initiator());
794
795 // Keep advancing state machine.
796 pairing_state.OnSimplePairingComplete(
797 pw::bluetooth::emboss::StatusCode::SUCCESS);
798 pairing_state.OnLinkKeyNotification(kTestLinkKeyValue,
799 kTestUnauthenticatedLinkKeyType192);
800
801 // as pairing_state falls out of scope, we expect additional pairing
802 // callbacks to be called
803 ASSERT_EQ(0, overall_status.call_count());
804 ASSERT_EQ(0, request_status.call_count());
805 }
806
807 ASSERT_EQ(0, overall_status.call_count());
808
809 ASSERT_EQ(1, request_status.call_count());
810 ASSERT_TRUE(request_status.handle());
811 EXPECT_EQ(kTestHandle, *request_status.handle());
812 EXPECT_EQ(ToResult(HostError::kLinkDisconnected), *request_status.status());
813 }
814
TEST_F(PairingStateTest,InitiatorPairingStateRejectsIoCapReqWithoutPairingDelegate)815 TEST_F(PairingStateTest,
816 InitiatorPairingStateRejectsIoCapReqWithoutPairingDelegate) {
817 TestStatusHandler owner_status_handler;
818 SecureSimplePairingState pairing_state(
819 peer()->GetWeakPtr(),
820 PairingDelegate::WeakPtr(),
821 connection()->GetWeakPtr(),
822 /*outgoing_connection=*/false,
823 MakeAuthRequestCallback(),
824 owner_status_handler.MakeStatusCallback(),
825 /*low_energy_address_delegate=*/this,
826 /*controller_remote_public_key_validation_supported=*/true,
827 sm_factory_func(),
828 dispatcher());
829
830 TestStatusHandler initiator_status_handler;
831 // Advance state machine to Initiator Waiting IOCap Request
832 pairing_state.InitiatePairing(kNoSecurityRequirements,
833 initiator_status_handler.MakeStatusCallback());
834 EXPECT_TRUE(pairing_state.initiator());
835 EXPECT_TRUE(peer()->MutBrEdr().is_pairing());
836 // We should permit the pairing state machine to continue even without a
837 // PairingDelegate, as we may have an existing bond to restore, which can be
838 // done without a PairingDelegate.
839 EXPECT_EQ(0, owner_status_handler.call_count());
840 EXPECT_EQ(0, initiator_status_handler.call_count());
841 // We will only start the pairing process if there is no stored bond
842 EXPECT_EQ(std::nullopt, pairing_state.OnLinkKeyRequest());
843 // We expect to be notified that there are no IOCapabilities, as there is no
844 // PairingDelegate to provide them
845 EXPECT_EQ(std::nullopt, pairing_state.OnIoCapabilityRequest());
846 // All callbacks should be notified of pairing failure
847 EXPECT_EQ(1, owner_status_handler.call_count());
848 EXPECT_EQ(1, initiator_status_handler.call_count());
849 ASSERT_TRUE(initiator_status_handler.status());
850 EXPECT_EQ(ToResult(HostError::kNotReady), *initiator_status_handler.status());
851 EXPECT_EQ(initiator_status_handler.status(), owner_status_handler.status());
852 EXPECT_FALSE(peer()->MutBrEdr().is_pairing());
853 }
854
TEST_F(PairingStateTest,ResponderPairingStateRejectsIoCapReqWithoutPairingDelegate)855 TEST_F(PairingStateTest,
856 ResponderPairingStateRejectsIoCapReqWithoutPairingDelegate) {
857 TestStatusHandler status_handler;
858 SecureSimplePairingState pairing_state(
859 peer()->GetWeakPtr(),
860 PairingDelegate::WeakPtr(),
861 connection()->GetWeakPtr(),
862 /*outgoing_connection=*/false,
863 MakeAuthRequestCallback(),
864 status_handler.MakeStatusCallback(),
865 /*low_energy_address_delegate=*/this,
866 /*controller_remote_public_key_validation_supported=*/true,
867 sm_factory_func(),
868 dispatcher());
869
870 // Advance state machine to Responder Waiting IOCap Request
871 pairing_state.OnIoCapabilityResponse(
872 pw::bluetooth::emboss::IoCapability::DISPLAY_YES_NO);
873 EXPECT_FALSE(pairing_state.initiator());
874 EXPECT_EQ(0, status_handler.call_count());
875 EXPECT_TRUE(peer()->MutBrEdr().is_pairing());
876
877 // We expect to be notified that there are no IOCapabilities, as there is no
878 // PairingDelegate to provide them.
879 EXPECT_EQ(std::nullopt, pairing_state.OnIoCapabilityRequest());
880 // All callbacks should be notified of pairing failure
881 EXPECT_EQ(1, status_handler.call_count());
882 ASSERT_TRUE(status_handler.status());
883 EXPECT_EQ(ToResult(HostError::kNotReady), *status_handler.status());
884 EXPECT_FALSE(peer()->MutBrEdr().is_pairing());
885 }
886
TEST_F(PairingStateTest,UnexpectedLinkKeyAuthenticationRaisesError)887 TEST_F(PairingStateTest, UnexpectedLinkKeyAuthenticationRaisesError) {
888 NoOpPairingDelegate pairing_delegate(sm::IOCapability::kDisplayOnly);
889
890 TestStatusHandler status_handler;
891
892 SecureSimplePairingState pairing_state(
893 peer()->GetWeakPtr(),
894 pairing_delegate.GetWeakPtr(),
895 connection()->GetWeakPtr(),
896 /*outgoing_connection=*/false,
897 MakeAuthRequestCallback(),
898 status_handler.MakeStatusCallback(),
899 /*low_energy_address_delegate=*/this,
900 /*controller_remote_public_key_validation_supported=*/true,
901 sm_factory_func(),
902 dispatcher());
903
904 // Advance state machine.
905 pairing_state.OnIoCapabilityResponse(IoCapability::DISPLAY_YES_NO);
906 ASSERT_FALSE(pairing_state.initiator());
907 static_cast<void>(pairing_state.OnIoCapabilityRequest());
908 pairing_state.OnUserConfirmationRequest(kTestPasskey,
909 NoOpUserConfirmationCallback);
910 pairing_state.OnSimplePairingComplete(
911 pw::bluetooth::emboss::StatusCode::SUCCESS);
912
913 // Provide an authenticated link key when this should have resulted in an
914 // unauthenticated link key
915 pairing_state.OnLinkKeyNotification(kTestLinkKeyValue,
916 kTestAuthenticatedLinkKeyType192);
917
918 EXPECT_EQ(1, status_handler.call_count());
919 ASSERT_TRUE(status_handler.handle());
920 EXPECT_EQ(kTestHandle, *status_handler.handle());
921 ASSERT_TRUE(status_handler.status());
922 EXPECT_EQ(ToResult(HostError::kInsufficientSecurity),
923 *status_handler.status());
924 }
925
TEST_F(PairingStateTest,LegacyPairingLinkKeyRaisesError)926 TEST_F(PairingStateTest, LegacyPairingLinkKeyRaisesError) {
927 NoOpPairingDelegate pairing_delegate(sm::IOCapability::kNoInputNoOutput);
928
929 TestStatusHandler status_handler;
930
931 SecureSimplePairingState pairing_state(
932 peer()->GetWeakPtr(),
933 pairing_delegate.GetWeakPtr(),
934 connection()->GetWeakPtr(),
935 /*outgoing_connection=*/false,
936 MakeAuthRequestCallback(),
937 status_handler.MakeStatusCallback(),
938 /*low_energy_address_delegate=*/this,
939 /*controller_remote_public_key_validation_supported=*/true,
940 sm_factory_func(),
941 dispatcher());
942
943 // Advance state machine.
944 pairing_state.OnIoCapabilityResponse(IoCapability::DISPLAY_YES_NO);
945 ASSERT_FALSE(pairing_state.initiator());
946 static_cast<void>(pairing_state.OnIoCapabilityRequest());
947 pairing_state.OnUserConfirmationRequest(kTestPasskey,
948 NoOpUserConfirmationCallback);
949 pairing_state.OnSimplePairingComplete(
950 pw::bluetooth::emboss::StatusCode::SUCCESS);
951
952 // Provide a legacy pairing link key type.
953 pairing_state.OnLinkKeyNotification(kTestLinkKeyValue,
954 kTestLegacyLinkKeyType);
955
956 EXPECT_EQ(1, status_handler.call_count());
957 ASSERT_TRUE(status_handler.handle());
958 EXPECT_EQ(kTestHandle, *status_handler.handle());
959 ASSERT_TRUE(status_handler.status());
960 EXPECT_EQ(ToResult(HostError::kInsufficientSecurity),
961 *status_handler.status());
962 }
963
TEST_F(PairingStateTest,PairingSetsConnectionLinkKey)964 TEST_F(PairingStateTest, PairingSetsConnectionLinkKey) {
965 NoOpPairingDelegate pairing_delegate(sm::IOCapability::kNoInputNoOutput);
966
967 TestStatusHandler status_handler;
968
969 SecureSimplePairingState pairing_state(
970 peer()->GetWeakPtr(),
971 pairing_delegate.GetWeakPtr(),
972 connection()->GetWeakPtr(),
973 /*outgoing_connection=*/false,
974 MakeAuthRequestCallback(),
975 status_handler.MakeStatusCallback(),
976 /*low_energy_address_delegate=*/this,
977 /*controller_remote_public_key_validation_supported=*/true,
978 sm_factory_func(),
979 dispatcher());
980
981 // Advance state machine.
982 pairing_state.OnIoCapabilityResponse(IoCapability::DISPLAY_YES_NO);
983 ASSERT_FALSE(pairing_state.initiator());
984 static_cast<void>(pairing_state.OnIoCapabilityRequest());
985 pairing_state.OnUserConfirmationRequest(kTestPasskey,
986 NoOpUserConfirmationCallback);
987 pairing_state.OnSimplePairingComplete(
988 pw::bluetooth::emboss::StatusCode::SUCCESS);
989
990 ASSERT_FALSE(connection()->ltk());
991 pairing_state.OnLinkKeyNotification(kTestLinkKeyValue,
992 kTestUnauthenticatedLinkKeyType192);
993 ASSERT_TRUE(connection()->ltk());
994 EXPECT_EQ(kTestLinkKeyValue, connection()->ltk()->value());
995
996 EXPECT_EQ(0, status_handler.call_count());
997 }
998
TEST_F(PairingStateTest,SecureConnectionsRequiresSecureConnectionsLinkKeySuccess)999 TEST_F(PairingStateTest,
1000 SecureConnectionsRequiresSecureConnectionsLinkKeySuccess) {
1001 NoOpPairingDelegate pairing_delegate(sm::IOCapability::kDisplayOnly);
1002
1003 TestStatusHandler status_handler;
1004
1005 SecureSimplePairingState pairing_state(
1006 peer()->GetWeakPtr(),
1007 pairing_delegate.GetWeakPtr(),
1008 connection()->GetWeakPtr(),
1009 /*outgoing_connection=*/false,
1010 MakeAuthRequestCallback(),
1011 status_handler.MakeStatusCallback(),
1012 /*low_energy_address_delegate=*/this,
1013 /*controller_remote_public_key_validation_supported=*/true,
1014 sm_factory_func(),
1015 dispatcher());
1016
1017 // Set peer lmp_features: Secure Connections (Host Support)
1018 peer()->SetFeaturePage(
1019 1u,
1020 static_cast<uint64_t>(
1021 hci_spec::LMPFeature::kSecureConnectionsHostSupport));
1022
1023 // Set peer lmp_features: Secure Connections (Controller Support)
1024 peer()->SetFeaturePage(
1025 2u,
1026 static_cast<uint64_t>(
1027 hci_spec::LMPFeature::kSecureConnectionsControllerSupport));
1028
1029 // Advance state machine.
1030 pairing_state.OnIoCapabilityResponse(IoCapability::DISPLAY_YES_NO);
1031 ASSERT_FALSE(pairing_state.initiator());
1032 EXPECT_TRUE(peer()->MutBrEdr().is_pairing());
1033 static_cast<void>(pairing_state.OnIoCapabilityRequest());
1034 pairing_state.OnUserConfirmationRequest(kTestPasskey,
1035 NoOpUserConfirmationCallback);
1036 pairing_state.OnSimplePairingComplete(
1037 pw::bluetooth::emboss::StatusCode::SUCCESS);
1038 EXPECT_TRUE(peer()->MutBrEdr().is_pairing());
1039
1040 // Ensure that P-256 authenticated link key was provided
1041 pairing_state.OnLinkKeyNotification(
1042 kTestLinkKeyValue,
1043 kTestUnauthenticatedLinkKeyType256,
1044 /*local_secure_connections_supported=*/true);
1045
1046 ASSERT_TRUE(connection()->ltk());
1047 EXPECT_EQ(kTestLinkKeyValue, connection()->ltk()->value());
1048
1049 EXPECT_EQ(0, status_handler.call_count());
1050 EXPECT_TRUE(peer()->MutBrEdr().is_pairing());
1051 }
1052
TEST_F(PairingStateTest,SecureConnectionsRequiresSecureConnectionsLinkKeyFail)1053 TEST_F(PairingStateTest,
1054 SecureConnectionsRequiresSecureConnectionsLinkKeyFail) {
1055 NoOpPairingDelegate pairing_delegate(sm::IOCapability::kDisplayOnly);
1056
1057 TestStatusHandler status_handler;
1058
1059 SecureSimplePairingState pairing_state(
1060 peer()->GetWeakPtr(),
1061 pairing_delegate.GetWeakPtr(),
1062 connection()->GetWeakPtr(),
1063 /*outgoing_connection=*/false,
1064 MakeAuthRequestCallback(),
1065 status_handler.MakeStatusCallback(),
1066 /*low_energy_address_delegate=*/this,
1067 /*controller_remote_public_key_validation_supported=*/true,
1068 sm_factory_func(),
1069 dispatcher());
1070
1071 // Set peer lmp_features: Secure Connections (Host Support)
1072 peer()->SetFeaturePage(
1073 1u,
1074 static_cast<uint64_t>(
1075 hci_spec::LMPFeature::kSecureConnectionsHostSupport));
1076
1077 // Set peer lmp_features: Secure Connections (Controller Support)
1078 peer()->SetFeaturePage(
1079 2u,
1080 static_cast<uint64_t>(
1081 hci_spec::LMPFeature::kSecureConnectionsControllerSupport));
1082
1083 // Advance state machine.
1084 pairing_state.OnIoCapabilityResponse(IoCapability::DISPLAY_YES_NO);
1085 ASSERT_FALSE(pairing_state.initiator());
1086 static_cast<void>(pairing_state.OnIoCapabilityRequest());
1087 pairing_state.OnUserConfirmationRequest(kTestPasskey,
1088 NoOpUserConfirmationCallback);
1089 pairing_state.OnSimplePairingComplete(
1090 pw::bluetooth::emboss::StatusCode::SUCCESS);
1091
1092 // Provide P-192 authenticated link key when this should have resulted in an
1093 // P-256 link key
1094 pairing_state.OnLinkKeyNotification(
1095 kTestLinkKeyValue,
1096 kTestUnauthenticatedLinkKeyType192,
1097 /*local_secure_connections_supported=*/true);
1098
1099 EXPECT_EQ(1, status_handler.call_count());
1100 ASSERT_TRUE(status_handler.handle());
1101 EXPECT_EQ(kTestHandle, *status_handler.handle());
1102 ASSERT_TRUE(status_handler.status());
1103 EXPECT_EQ(ToResult(HostError::kInsufficientSecurity),
1104 *status_handler.status());
1105 }
1106
TEST_F(PairingStateTest,NumericComparisonPairingComparesPasskeyOnInitiatorDisplayYesNoSide)1107 TEST_F(PairingStateTest,
1108 NumericComparisonPairingComparesPasskeyOnInitiatorDisplayYesNoSide) {
1109 FakePairingDelegate pairing_delegate(kTestLocalIoCap);
1110
1111 TestStatusHandler status_handler;
1112
1113 SecureSimplePairingState pairing_state(
1114 peer()->GetWeakPtr(),
1115 pairing_delegate.GetWeakPtr(),
1116 connection()->GetWeakPtr(),
1117 /*outgoing_connection=*/false,
1118 MakeAuthRequestCallback(),
1119 status_handler.MakeStatusCallback(),
1120 /*low_energy_address_delegate=*/this,
1121 /*controller_remote_public_key_validation_supported=*/true,
1122 sm_factory_func(),
1123 dispatcher());
1124
1125 // Advance state machine.
1126 pairing_state.InitiatePairing(kNoSecurityRequirements,
1127 status_handler.MakeStatusCallback());
1128 ASSERT_TRUE(pairing_state.initiator());
1129 static_cast<void>(pairing_state.OnLinkKeyRequest());
1130 EXPECT_EQ(IoCapability::DISPLAY_YES_NO,
1131 *pairing_state.OnIoCapabilityRequest());
1132
1133 pairing_state.OnIoCapabilityResponse(IoCapability::DISPLAY_YES_NO);
1134
1135 pairing_delegate.SetDisplayPasskeyCallback(
1136 [this](PeerId peer_id,
1137 uint32_t value,
1138 PairingDelegate::DisplayMethod method,
1139 auto cb) {
1140 EXPECT_EQ(peer()->identifier(), peer_id);
1141 EXPECT_EQ(kTestPasskey, value);
1142 EXPECT_EQ(PairingDelegate::DisplayMethod::kComparison, method);
1143 ASSERT_TRUE(cb);
1144 cb(true);
1145 });
1146 bool confirmed = false;
1147 pairing_state.OnUserConfirmationRequest(
1148 kTestPasskey, [&confirmed](bool confirm) { confirmed = confirm; });
1149 EXPECT_TRUE(confirmed);
1150
1151 pairing_delegate.SetCompletePairingCallback(
1152 [this](PeerId peer_id, sm::Result<> status) {
1153 EXPECT_EQ(peer()->identifier(), peer_id);
1154 EXPECT_EQ(fit::ok(), status);
1155 });
1156 pairing_state.OnSimplePairingComplete(
1157 pw::bluetooth::emboss::StatusCode::SUCCESS);
1158
1159 EXPECT_EQ(0, status_handler.call_count());
1160 }
1161
TEST_F(PairingStateTest,NumericComparisonPairingComparesPasskeyOnResponderDisplayYesNoSide)1162 TEST_F(PairingStateTest,
1163 NumericComparisonPairingComparesPasskeyOnResponderDisplayYesNoSide) {
1164 FakePairingDelegate pairing_delegate(kTestLocalIoCap);
1165
1166 TestStatusHandler status_handler;
1167
1168 SecureSimplePairingState pairing_state(
1169 peer()->GetWeakPtr(),
1170 pairing_delegate.GetWeakPtr(),
1171 connection()->GetWeakPtr(),
1172 /*outgoing_connection=*/false,
1173 MakeAuthRequestCallback(),
1174 status_handler.MakeStatusCallback(),
1175 /*low_energy_address_delegate=*/this,
1176 /*controller_remote_public_key_validation_supported=*/true,
1177 sm_factory_func(),
1178 dispatcher());
1179
1180 // Advance state machine.
1181 pairing_state.OnIoCapabilityResponse(IoCapability::DISPLAY_YES_NO);
1182 ASSERT_FALSE(pairing_state.initiator());
1183 EXPECT_EQ(IoCapability::DISPLAY_YES_NO,
1184 *pairing_state.OnIoCapabilityRequest());
1185
1186 pairing_delegate.SetDisplayPasskeyCallback(
1187 [this](PeerId peer_id,
1188 uint32_t value,
1189 PairingDelegate::DisplayMethod method,
1190 auto cb) {
1191 EXPECT_EQ(peer()->identifier(), peer_id);
1192 EXPECT_EQ(kTestPasskey, value);
1193 EXPECT_EQ(PairingDelegate::DisplayMethod::kComparison, method);
1194 ASSERT_TRUE(cb);
1195 cb(true);
1196 });
1197 bool confirmed = false;
1198 pairing_state.OnUserConfirmationRequest(
1199 kTestPasskey, [&confirmed](bool confirm) { confirmed = confirm; });
1200 EXPECT_TRUE(confirmed);
1201
1202 pairing_delegate.SetCompletePairingCallback(
1203 [this](PeerId peer_id, sm::Result<> status) {
1204 EXPECT_EQ(peer()->identifier(), peer_id);
1205 EXPECT_EQ(fit::ok(), status);
1206 });
1207 pairing_state.OnSimplePairingComplete(
1208 pw::bluetooth::emboss::StatusCode::SUCCESS);
1209
1210 EXPECT_EQ(0, status_handler.call_count());
1211 }
1212
1213 // v5.0, Vol 3, Part C, Sec 5.2.2.6 call this "Numeric Comparison with automatic
1214 // confirmation on device B only and Yes/No confirmation on whether to pair on
1215 // device A. Device A does not show the confirmation value." and it should
1216 // result in user consent.
TEST_F(PairingStateTest,NumericComparisonWithoutValueRequestsConsentFromDisplayYesNoSide)1217 TEST_F(PairingStateTest,
1218 NumericComparisonWithoutValueRequestsConsentFromDisplayYesNoSide) {
1219 FakePairingDelegate pairing_delegate(kTestLocalIoCap);
1220
1221 TestStatusHandler status_handler;
1222
1223 SecureSimplePairingState pairing_state(
1224 peer()->GetWeakPtr(),
1225 pairing_delegate.GetWeakPtr(),
1226 connection()->GetWeakPtr(),
1227 /*outgoing_connection=*/false,
1228 MakeAuthRequestCallback(),
1229 status_handler.MakeStatusCallback(),
1230 /*low_energy_address_delegate=*/this,
1231 /*controller_remote_public_key_validation_supported=*/true,
1232 sm_factory_func(),
1233 dispatcher());
1234
1235 // Advance state machine.
1236 pairing_state.OnIoCapabilityResponse(IoCapability::NO_INPUT_NO_OUTPUT);
1237 ASSERT_FALSE(pairing_state.initiator());
1238 EXPECT_EQ(IoCapability::DISPLAY_YES_NO,
1239 *pairing_state.OnIoCapabilityRequest());
1240
1241 pairing_delegate.SetConfirmPairingCallback([this](PeerId peer_id, auto cb) {
1242 EXPECT_EQ(peer()->identifier(), peer_id);
1243 ASSERT_TRUE(cb);
1244 cb(true);
1245 });
1246 bool confirmed = false;
1247 pairing_state.OnUserConfirmationRequest(
1248 kTestPasskey, [&confirmed](bool confirm) { confirmed = confirm; });
1249 EXPECT_TRUE(confirmed);
1250
1251 pairing_delegate.SetCompletePairingCallback(
1252 [this](PeerId peer_id, sm::Result<> status) {
1253 EXPECT_EQ(peer()->identifier(), peer_id);
1254 EXPECT_EQ(fit::ok(), status);
1255 });
1256 pairing_state.OnSimplePairingComplete(
1257 pw::bluetooth::emboss::StatusCode::SUCCESS);
1258
1259 EXPECT_EQ(0, status_handler.call_count());
1260 }
1261
TEST_F(PairingStateTest,PasskeyEntryPairingDisplaysPasskeyToDisplayOnlySide)1262 TEST_F(PairingStateTest, PasskeyEntryPairingDisplaysPasskeyToDisplayOnlySide) {
1263 FakePairingDelegate pairing_delegate(sm::IOCapability::kDisplayOnly);
1264
1265 TestStatusHandler status_handler;
1266
1267 SecureSimplePairingState pairing_state(
1268 peer()->GetWeakPtr(),
1269 pairing_delegate.GetWeakPtr(),
1270 connection()->GetWeakPtr(),
1271 /*outgoing_connection=*/false,
1272 MakeAuthRequestCallback(),
1273 status_handler.MakeStatusCallback(),
1274 /*low_energy_address_delegate=*/this,
1275 /*controller_remote_public_key_validation_supported=*/true,
1276 sm_factory_func(),
1277 dispatcher());
1278
1279 // Advance state machine.
1280 pairing_state.OnIoCapabilityResponse(IoCapability::KEYBOARD_ONLY);
1281 ASSERT_FALSE(pairing_state.initiator());
1282 EXPECT_EQ(IoCapability::DISPLAY_ONLY, *pairing_state.OnIoCapabilityRequest());
1283
1284 pairing_delegate.SetDisplayPasskeyCallback(
1285 [this](PeerId peer_id,
1286 uint32_t value,
1287 PairingDelegate::DisplayMethod method,
1288 auto cb) {
1289 EXPECT_EQ(peer()->identifier(), peer_id);
1290 EXPECT_EQ(kTestPasskey, value);
1291 EXPECT_EQ(PairingDelegate::DisplayMethod::kPeerEntry, method);
1292 EXPECT_TRUE(cb);
1293 });
1294 pairing_state.OnUserPasskeyNotification(kTestPasskey);
1295
1296 pairing_delegate.SetCompletePairingCallback(
1297 [this](PeerId peer_id, sm::Result<> status) {
1298 EXPECT_EQ(peer()->identifier(), peer_id);
1299 EXPECT_EQ(fit::ok(), status);
1300 });
1301 pairing_state.OnSimplePairingComplete(
1302 pw::bluetooth::emboss::StatusCode::SUCCESS);
1303
1304 EXPECT_EQ(0, status_handler.call_count());
1305 }
1306
TEST_F(PairingStateTest,PasskeyEntryPairingRequestsPasskeyFromKeyboardOnlySide)1307 TEST_F(PairingStateTest,
1308 PasskeyEntryPairingRequestsPasskeyFromKeyboardOnlySide) {
1309 FakePairingDelegate pairing_delegate(sm::IOCapability::kKeyboardOnly);
1310
1311 TestStatusHandler status_handler;
1312
1313 SecureSimplePairingState pairing_state(
1314 peer()->GetWeakPtr(),
1315 pairing_delegate.GetWeakPtr(),
1316 connection()->GetWeakPtr(),
1317 /*outgoing_connection=*/false,
1318 MakeAuthRequestCallback(),
1319 status_handler.MakeStatusCallback(),
1320 /*low_energy_address_delegate=*/this,
1321 /*controller_remote_public_key_validation_supported=*/true,
1322 sm_factory_func(),
1323 dispatcher());
1324
1325 // Advance state machine.
1326 pairing_state.OnIoCapabilityResponse(IoCapability::DISPLAY_ONLY);
1327 ASSERT_FALSE(pairing_state.initiator());
1328 EXPECT_EQ(IoCapability::KEYBOARD_ONLY,
1329 *pairing_state.OnIoCapabilityRequest());
1330
1331 pairing_delegate.SetRequestPasskeyCallback([this](PeerId peer_id, auto cb) {
1332 EXPECT_EQ(peer()->identifier(), peer_id);
1333 ASSERT_TRUE(cb);
1334 cb(kTestPasskey);
1335 });
1336 bool cb_called = false;
1337 std::optional<uint32_t> passkey;
1338 auto passkey_cb = [&cb_called,
1339 &passkey](std::optional<uint32_t> pairing_state_passkey) {
1340 cb_called = true;
1341 passkey = pairing_state_passkey;
1342 };
1343
1344 pairing_state.OnUserPasskeyRequest(std::move(passkey_cb));
1345 EXPECT_TRUE(cb_called);
1346 ASSERT_TRUE(passkey);
1347 EXPECT_EQ(kTestPasskey, *passkey);
1348
1349 pairing_delegate.SetCompletePairingCallback(
1350 [this](PeerId peer_id, sm::Result<> status) {
1351 EXPECT_EQ(peer()->identifier(), peer_id);
1352 EXPECT_EQ(fit::ok(), status);
1353 });
1354 pairing_state.OnSimplePairingComplete(
1355 pw::bluetooth::emboss::StatusCode::SUCCESS);
1356
1357 EXPECT_EQ(0, status_handler.call_count());
1358 }
1359
TEST_F(PairingStateTest,JustWorksPairingOutgoingConnectDoesNotRequestUserActionInitiator)1360 TEST_F(PairingStateTest,
1361 JustWorksPairingOutgoingConnectDoesNotRequestUserActionInitiator) {
1362 FakePairingDelegate pairing_delegate(sm::IOCapability::kNoInputNoOutput);
1363
1364 TestStatusHandler owner_status_handler;
1365 TestStatusHandler initiator_status_handler;
1366 SecureSimplePairingState pairing_state(
1367 peer()->GetWeakPtr(),
1368 pairing_delegate.GetWeakPtr(),
1369 connection()->GetWeakPtr(),
1370 /*outgoing_connection=*/true,
1371 MakeAuthRequestCallback(),
1372 owner_status_handler.MakeStatusCallback(),
1373 /*low_energy_address_delegate=*/this,
1374 /*controller_remote_public_key_validation_supported=*/true,
1375 sm_factory_func(),
1376 dispatcher());
1377
1378 // Advance state machine to Initiator Waiting IOCap Request
1379 pairing_state.InitiatePairing(kNoSecurityRequirements,
1380 initiator_status_handler.MakeStatusCallback());
1381 EXPECT_TRUE(pairing_state.initiator());
1382 static_cast<void>(pairing_state.OnLinkKeyRequest());
1383 EXPECT_EQ(IoCapability::NO_INPUT_NO_OUTPUT,
1384 *pairing_state.OnIoCapabilityRequest());
1385
1386 pairing_state.OnIoCapabilityResponse(IoCapability::NO_INPUT_NO_OUTPUT);
1387 bool confirmed = false;
1388 pairing_state.OnUserConfirmationRequest(
1389 kTestPasskey, [&confirmed](bool confirm) { confirmed = confirm; });
1390 EXPECT_TRUE(confirmed);
1391
1392 pairing_delegate.SetCompletePairingCallback(
1393 [this](PeerId peer_id, sm::Result<> status) {
1394 EXPECT_EQ(peer()->identifier(), peer_id);
1395 EXPECT_EQ(fit::ok(), status);
1396 });
1397 pairing_state.OnSimplePairingComplete(
1398 pw::bluetooth::emboss::StatusCode::SUCCESS);
1399
1400 EXPECT_EQ(0, owner_status_handler.call_count());
1401 EXPECT_EQ(0, initiator_status_handler.call_count());
1402 }
1403
TEST_F(PairingStateTest,JustWorksPairingOutgoingConnectDoesNotRequestUserActionResponder)1404 TEST_F(PairingStateTest,
1405 JustWorksPairingOutgoingConnectDoesNotRequestUserActionResponder) {
1406 FakePairingDelegate pairing_delegate(sm::IOCapability::kNoInputNoOutput);
1407
1408 TestStatusHandler status_handler;
1409
1410 SecureSimplePairingState pairing_state(
1411 peer()->GetWeakPtr(),
1412 pairing_delegate.GetWeakPtr(),
1413 connection()->GetWeakPtr(),
1414 /*outgoing_connection=*/true,
1415 MakeAuthRequestCallback(),
1416 status_handler.MakeStatusCallback(),
1417 /*low_energy_address_delegate=*/this,
1418 /*controller_remote_public_key_validation_supported=*/true,
1419 sm_factory_func(),
1420 dispatcher());
1421
1422 // Advance state machine.
1423 pairing_state.OnIoCapabilityResponse(IoCapability::NO_INPUT_NO_OUTPUT);
1424 ASSERT_FALSE(pairing_state.initiator());
1425 EXPECT_EQ(IoCapability::NO_INPUT_NO_OUTPUT,
1426 *pairing_state.OnIoCapabilityRequest());
1427
1428 bool confirmed = false;
1429 pairing_state.OnUserConfirmationRequest(
1430 kTestPasskey, [&confirmed](bool confirm) { confirmed = confirm; });
1431 EXPECT_TRUE(confirmed);
1432
1433 pairing_delegate.SetCompletePairingCallback(
1434 [this](PeerId peer_id, sm::Result<> status) {
1435 EXPECT_EQ(peer()->identifier(), peer_id);
1436 EXPECT_EQ(fit::ok(), status);
1437 });
1438 pairing_state.OnSimplePairingComplete(
1439 pw::bluetooth::emboss::StatusCode::SUCCESS);
1440
1441 EXPECT_EQ(0, status_handler.call_count());
1442 }
1443
TEST_F(PairingStateTest,JustWorksPairingIncomingConnectRequiresConfirmationRejectedResponder)1444 TEST_F(PairingStateTest,
1445 JustWorksPairingIncomingConnectRequiresConfirmationRejectedResponder) {
1446 FakePairingDelegate pairing_delegate(sm::IOCapability::kNoInputNoOutput);
1447
1448 TestStatusHandler status_handler;
1449
1450 SecureSimplePairingState pairing_state(
1451 peer()->GetWeakPtr(),
1452 pairing_delegate.GetWeakPtr(),
1453 connection()->GetWeakPtr(),
1454 /*outgoing_connection=*/false,
1455 MakeAuthRequestCallback(),
1456 status_handler.MakeStatusCallback(),
1457 /*low_energy_address_delegate=*/this,
1458 /*controller_remote_public_key_validation_supported=*/true,
1459 sm_factory_func(),
1460 dispatcher());
1461
1462 // Advance state machine.
1463 pairing_state.OnIoCapabilityResponse(IoCapability::NO_INPUT_NO_OUTPUT);
1464 ASSERT_FALSE(pairing_state.initiator());
1465 EXPECT_EQ(IoCapability::NO_INPUT_NO_OUTPUT,
1466 *pairing_state.OnIoCapabilityRequest());
1467
1468 pairing_delegate.SetConfirmPairingCallback([this](PeerId peer_id, auto cb) {
1469 EXPECT_EQ(peer()->identifier(), peer_id);
1470 ASSERT_TRUE(cb);
1471 cb(false);
1472 });
1473 bool confirmed = true;
1474 pairing_state.OnUserConfirmationRequest(
1475 kTestPasskey, [&confirmed](bool confirm) { confirmed = confirm; });
1476 EXPECT_FALSE(confirmed);
1477
1478 // Eventually the controller sends a SimplePairingComplete indicating the
1479 // failure.
1480 pairing_delegate.SetCompletePairingCallback(
1481 [this](PeerId peer_id, sm::Result<> status) {
1482 EXPECT_EQ(peer()->identifier(), peer_id);
1483 EXPECT_TRUE(status.is_error());
1484 });
1485 pairing_state.OnSimplePairingComplete(
1486 pw::bluetooth::emboss::StatusCode::AUTHENTICATION_FAILURE);
1487
1488 EXPECT_EQ(1, status_handler.call_count());
1489 ASSERT_TRUE(status_handler.status());
1490 EXPECT_EQ(ToResult(pw::bluetooth::emboss::StatusCode::AUTHENTICATION_FAILURE),
1491 *status_handler.status());
1492 }
1493
TEST_F(PairingStateTest,JustWorksPairingIncomingConnectRequiresConfirmationRejectedInitiator)1494 TEST_F(PairingStateTest,
1495 JustWorksPairingIncomingConnectRequiresConfirmationRejectedInitiator) {
1496 FakePairingDelegate pairing_delegate(sm::IOCapability::kNoInputNoOutput);
1497
1498 TestStatusHandler owner_status_handler;
1499 TestStatusHandler initiator_status_handler;
1500 SecureSimplePairingState pairing_state(
1501 peer()->GetWeakPtr(),
1502 pairing_delegate.GetWeakPtr(),
1503 connection()->GetWeakPtr(),
1504 /*outgoing_connection=*/false,
1505 MakeAuthRequestCallback(),
1506 owner_status_handler.MakeStatusCallback(),
1507 /*low_energy_address_delegate=*/this,
1508 /*controller_remote_public_key_validation_supported=*/true,
1509 sm_factory_func(),
1510 dispatcher());
1511
1512 // Advance state machine to Initiator Waiting IOCap Request
1513 pairing_state.InitiatePairing(kNoSecurityRequirements,
1514 initiator_status_handler.MakeStatusCallback());
1515 EXPECT_TRUE(pairing_state.initiator());
1516 static_cast<void>(pairing_state.OnLinkKeyRequest());
1517 EXPECT_EQ(IoCapability::NO_INPUT_NO_OUTPUT,
1518 *pairing_state.OnIoCapabilityRequest());
1519
1520 pairing_state.OnIoCapabilityResponse(IoCapability::NO_INPUT_NO_OUTPUT);
1521
1522 pairing_delegate.SetConfirmPairingCallback([this](PeerId peer_id, auto cb) {
1523 EXPECT_EQ(peer()->identifier(), peer_id);
1524 ASSERT_TRUE(cb);
1525 cb(false);
1526 });
1527 bool confirmed = true;
1528 pairing_state.OnUserConfirmationRequest(
1529 kTestPasskey, [&confirmed](bool confirm) { confirmed = confirm; });
1530 EXPECT_FALSE(confirmed);
1531
1532 // Eventually the controller sends a SimplePairingComplete indicating the
1533 // failure.
1534 pairing_delegate.SetCompletePairingCallback(
1535 [this](PeerId peer_id, sm::Result<> status) {
1536 EXPECT_EQ(peer()->identifier(), peer_id);
1537 EXPECT_TRUE(status.is_error());
1538 });
1539 pairing_state.OnSimplePairingComplete(
1540 pw::bluetooth::emboss::StatusCode::AUTHENTICATION_FAILURE);
1541
1542 EXPECT_EQ(1, owner_status_handler.call_count());
1543 ASSERT_TRUE(owner_status_handler.status());
1544 EXPECT_EQ(ToResult(pw::bluetooth::emboss::StatusCode::AUTHENTICATION_FAILURE),
1545 *owner_status_handler.status());
1546 EXPECT_EQ(1, initiator_status_handler.call_count());
1547 ASSERT_TRUE(initiator_status_handler.status());
1548 EXPECT_EQ(ToResult(pw::bluetooth::emboss::StatusCode::AUTHENTICATION_FAILURE),
1549 *initiator_status_handler.status());
1550 }
1551
TEST_F(PairingStateTest,JustWorksPairingIncomingConnectRequiresConfirmationAcceptedResponder)1552 TEST_F(PairingStateTest,
1553 JustWorksPairingIncomingConnectRequiresConfirmationAcceptedResponder) {
1554 FakePairingDelegate pairing_delegate(sm::IOCapability::kNoInputNoOutput);
1555
1556 TestStatusHandler status_handler;
1557
1558 SecureSimplePairingState pairing_state(
1559 peer()->GetWeakPtr(),
1560 pairing_delegate.GetWeakPtr(),
1561 connection()->GetWeakPtr(),
1562 /*outgoing_connection=*/false,
1563 MakeAuthRequestCallback(),
1564 status_handler.MakeStatusCallback(),
1565 /*low_energy_address_delegate=*/this,
1566 /*controller_remote_public_key_validation_supported=*/true,
1567 sm_factory_func(),
1568 dispatcher());
1569
1570 // Advance state machine.
1571 pairing_state.OnIoCapabilityResponse(IoCapability::NO_INPUT_NO_OUTPUT);
1572 ASSERT_FALSE(pairing_state.initiator());
1573 EXPECT_EQ(IoCapability::NO_INPUT_NO_OUTPUT,
1574 *pairing_state.OnIoCapabilityRequest());
1575
1576 pairing_delegate.SetConfirmPairingCallback([this](PeerId peer_id, auto cb) {
1577 EXPECT_EQ(peer()->identifier(), peer_id);
1578 ASSERT_TRUE(cb);
1579 cb(true);
1580 });
1581 bool confirmed = false;
1582 pairing_state.OnUserConfirmationRequest(
1583 kTestPasskey, [&confirmed](bool confirm) { confirmed = confirm; });
1584 EXPECT_TRUE(confirmed);
1585
1586 pairing_delegate.SetCompletePairingCallback(
1587 [this](PeerId peer_id, sm::Result<> status) {
1588 EXPECT_EQ(peer()->identifier(), peer_id);
1589 EXPECT_EQ(fit::ok(), status);
1590 });
1591 pairing_state.OnSimplePairingComplete(
1592 pw::bluetooth::emboss::StatusCode::SUCCESS);
1593
1594 EXPECT_EQ(0, status_handler.call_count());
1595 }
1596
TEST_F(PairingStateTest,JustWorksPairingIncomingConnectRequiresConfirmationAcceptedInitiator)1597 TEST_F(PairingStateTest,
1598 JustWorksPairingIncomingConnectRequiresConfirmationAcceptedInitiator) {
1599 FakePairingDelegate pairing_delegate(sm::IOCapability::kNoInputNoOutput);
1600
1601 TestStatusHandler owner_status_handler;
1602 TestStatusHandler initiator_status_handler;
1603 SecureSimplePairingState pairing_state(
1604 peer()->GetWeakPtr(),
1605 pairing_delegate.GetWeakPtr(),
1606 connection()->GetWeakPtr(),
1607 /*outgoing_connection=*/false,
1608 MakeAuthRequestCallback(),
1609 owner_status_handler.MakeStatusCallback(),
1610 /*low_energy_address_delegate=*/this,
1611 /*controller_remote_public_key_validation_supported=*/true,
1612 sm_factory_func(),
1613 dispatcher());
1614
1615 // Advance state machine to Initiator Waiting IOCap Request
1616 pairing_state.InitiatePairing(kNoSecurityRequirements,
1617 initiator_status_handler.MakeStatusCallback());
1618 EXPECT_TRUE(pairing_state.initiator());
1619 static_cast<void>(pairing_state.OnLinkKeyRequest());
1620 EXPECT_EQ(IoCapability::NO_INPUT_NO_OUTPUT,
1621 *pairing_state.OnIoCapabilityRequest());
1622
1623 pairing_state.OnIoCapabilityResponse(IoCapability::NO_INPUT_NO_OUTPUT);
1624
1625 pairing_delegate.SetConfirmPairingCallback([this](PeerId peer_id, auto cb) {
1626 EXPECT_EQ(peer()->identifier(), peer_id);
1627 ASSERT_TRUE(cb);
1628 cb(true);
1629 });
1630 bool confirmed = false;
1631 pairing_state.OnUserConfirmationRequest(
1632 kTestPasskey, [&confirmed](bool confirm) { confirmed = confirm; });
1633 EXPECT_TRUE(confirmed);
1634
1635 pairing_delegate.SetCompletePairingCallback(
1636 [this](PeerId peer_id, sm::Result<> status) {
1637 EXPECT_EQ(peer()->identifier(), peer_id);
1638 EXPECT_EQ(fit::ok(), status);
1639 });
1640 pairing_state.OnSimplePairingComplete(
1641 pw::bluetooth::emboss::StatusCode::SUCCESS);
1642
1643 EXPECT_EQ(0, owner_status_handler.call_count());
1644 EXPECT_EQ(0, initiator_status_handler.call_count());
1645 }
1646
1647 // Event injectors. Return values are necessarily ignored in order to make types
1648 // match, so don't use these functions to test return values. Likewise,
1649 // arguments have been filled with test defaults for a successful pairing flow.
LinkKeyRequest(SecureSimplePairingState * pairing_state)1650 void LinkKeyRequest(SecureSimplePairingState* pairing_state) {
1651 static_cast<void>(pairing_state->OnLinkKeyRequest());
1652 }
IoCapabilityRequest(SecureSimplePairingState * pairing_state)1653 void IoCapabilityRequest(SecureSimplePairingState* pairing_state) {
1654 static_cast<void>(pairing_state->OnIoCapabilityRequest());
1655 }
IoCapabilityResponse(SecureSimplePairingState * pairing_state)1656 void IoCapabilityResponse(SecureSimplePairingState* pairing_state) {
1657 pairing_state->OnIoCapabilityResponse(kTestPeerIoCap);
1658 }
UserConfirmationRequest(SecureSimplePairingState * pairing_state)1659 void UserConfirmationRequest(SecureSimplePairingState* pairing_state) {
1660 pairing_state->OnUserConfirmationRequest(kTestPasskey,
1661 NoOpUserConfirmationCallback);
1662 }
UserPasskeyRequest(SecureSimplePairingState * pairing_state)1663 void UserPasskeyRequest(SecureSimplePairingState* pairing_state) {
1664 pairing_state->OnUserPasskeyRequest(NoOpUserPasskeyCallback);
1665 }
UserPasskeyNotification(SecureSimplePairingState * pairing_state)1666 void UserPasskeyNotification(SecureSimplePairingState* pairing_state) {
1667 pairing_state->OnUserPasskeyNotification(kTestPasskey);
1668 }
SimplePairingComplete(SecureSimplePairingState * pairing_state)1669 void SimplePairingComplete(SecureSimplePairingState* pairing_state) {
1670 pairing_state->OnSimplePairingComplete(
1671 pw::bluetooth::emboss::StatusCode::SUCCESS);
1672 }
LinkKeyNotification(SecureSimplePairingState * pairing_state)1673 void LinkKeyNotification(SecureSimplePairingState* pairing_state) {
1674 pairing_state->OnLinkKeyNotification(kTestLinkKeyValue,
1675 kTestUnauthenticatedLinkKeyType192);
1676 }
AuthenticationComplete(SecureSimplePairingState * pairing_state)1677 void AuthenticationComplete(SecureSimplePairingState* pairing_state) {
1678 pairing_state->OnAuthenticationComplete(
1679 pw::bluetooth::emboss::StatusCode::SUCCESS);
1680 }
1681
1682 // Test suite fixture that genericizes an injected pairing state event. The
1683 // event being tested should be retrieved with the GetParam method, which
1684 // returns a default event injector. For example:
1685 //
1686 // SecureSimplePairingState pairing_state;
1687 // GetParam()(&pairing_state);
1688 //
1689 // This is named so that the instantiated test description looks correct:
1690 //
1691 // PairingStateTest/HandlesEvent.<test case>/<index of event>
1692 class HandlesEvent : public PairingStateTest,
1693 public ::testing::WithParamInterface<void (*)(
1694 SecureSimplePairingState*)> {
1695 public:
SetUp()1696 void SetUp() override {
1697 PairingStateTest::SetUp();
1698
1699 pairing_delegate_ = std::make_unique<NoOpPairingDelegate>(kTestLocalIoCap);
1700 pairing_state_ = std::make_unique<SecureSimplePairingState>(
1701 peer()->GetWeakPtr(),
1702 pairing_delegate_->GetWeakPtr(),
1703 connection()->GetWeakPtr(),
1704 /*outgoing_connection=*/false,
1705 MakeAuthRequestCallback(),
1706 status_handler_.MakeStatusCallback(),
1707 /*low_energy_address_delegate=*/this,
1708 /*controller_remote_public_key_validation_supported=*/true,
1709 sm_factory_func(),
1710 dispatcher());
1711 }
1712
TearDown()1713 void TearDown() override {
1714 pairing_state_.reset();
1715 PairingStateTest::TearDown();
1716 }
1717
status_handler() const1718 const TestStatusHandler& status_handler() const { return status_handler_; }
pairing_state()1719 SecureSimplePairingState& pairing_state() { return *pairing_state_; }
1720
1721 // Returns an event injector that was passed to INSTANTIATE_TEST_SUITE_P.
event() const1722 auto* event() const { return GetParam(); }
1723
InjectEvent()1724 void InjectEvent() { event()(&pairing_state()); }
1725
1726 private:
1727 TestStatusHandler status_handler_;
1728 std::unique_ptr<NoOpPairingDelegate> pairing_delegate_;
1729 std::unique_ptr<SecureSimplePairingState> pairing_state_;
1730 };
1731
1732 // The tests here exercise that SecureSimplePairingState can be successfully
1733 // advances through the expected pairing flow and generates errors when the
1734 // pairing flow occurs out of order. This is intended to cover its internal
1735 // state machine transitions and not the side effects.
1736 INSTANTIATE_TEST_SUITE_P(PairingStateTest,
1737 HandlesEvent,
1738 ::testing::Values(LinkKeyRequest,
1739 IoCapabilityRequest,
1740 IoCapabilityResponse,
1741 UserConfirmationRequest,
1742 UserPasskeyRequest,
1743 UserPasskeyNotification,
1744 SimplePairingComplete,
1745 LinkKeyNotification,
1746 AuthenticationComplete));
1747
TEST_P(HandlesEvent,InIdleState)1748 TEST_P(HandlesEvent, InIdleState) {
1749 RETURN_IF_FATAL(InjectEvent());
1750 if (event() == LinkKeyRequest || event() == IoCapabilityResponse) {
1751 EXPECT_EQ(0, status_handler().call_count());
1752 } else {
1753 EXPECT_EQ(1, status_handler().call_count());
1754 ASSERT_TRUE(status_handler().handle());
1755 EXPECT_EQ(kTestHandle, *status_handler().handle());
1756 ASSERT_TRUE(status_handler().status());
1757 EXPECT_EQ(ToResult(HostError::kNotSupported), status_handler().status());
1758 }
1759 }
1760
TEST_P(HandlesEvent,InInitiatorWaitLinkKeyRequestState)1761 TEST_P(HandlesEvent, InInitiatorWaitLinkKeyRequestState) {
1762 // Advance state machine.
1763 static_cast<void>(pairing_state().InitiatePairing(kNoSecurityRequirements,
1764 NoOpStatusCallback));
1765
1766 RETURN_IF_FATAL(InjectEvent());
1767 if (event() == LinkKeyRequest) {
1768 EXPECT_EQ(0, status_handler().call_count());
1769 } else {
1770 EXPECT_EQ(1, status_handler().call_count());
1771 ASSERT_TRUE(status_handler().status());
1772 EXPECT_EQ(ToResult(HostError::kNotSupported), status_handler().status());
1773 }
1774 }
1775
TEST_P(HandlesEvent,InInitiatorWaitIoCapRequest)1776 TEST_P(HandlesEvent, InInitiatorWaitIoCapRequest) {
1777 // Advance state machine.
1778 pairing_state().InitiatePairing(kNoSecurityRequirements, NoOpStatusCallback);
1779 static_cast<void>(pairing_state().OnLinkKeyRequest());
1780
1781 RETURN_IF_FATAL(InjectEvent());
1782 if (event() == IoCapabilityRequest) {
1783 EXPECT_EQ(0, status_handler().call_count());
1784 } else {
1785 EXPECT_EQ(1, status_handler().call_count());
1786 ASSERT_TRUE(status_handler().status());
1787 EXPECT_EQ(ToResult(HostError::kNotSupported), status_handler().status());
1788 }
1789 }
1790
TEST_P(HandlesEvent,InInitiatorWaitAuthCompleteSkippingSimplePairing)1791 TEST_P(HandlesEvent, InInitiatorWaitAuthCompleteSkippingSimplePairing) {
1792 EXPECT_TRUE(peer()->MutBrEdr().SetBondData(
1793 sm::LTK(sm::SecurityProperties(kTestUnauthenticatedLinkKeyType192),
1794 kTestLinkKey)));
1795
1796 // Advance state machine.
1797 pairing_state().InitiatePairing(kNoSecurityRequirements, NoOpStatusCallback);
1798 EXPECT_NE(std::nullopt, pairing_state().OnLinkKeyRequest());
1799
1800 RETURN_IF_FATAL(InjectEvent());
1801 if (event() == AuthenticationComplete) {
1802 EXPECT_EQ(0, status_handler().call_count());
1803 EXPECT_EQ(1, connection()->start_encryption_count());
1804 } else {
1805 EXPECT_EQ(1, status_handler().call_count());
1806 ASSERT_TRUE(status_handler().status());
1807 EXPECT_EQ(ToResult(HostError::kNotSupported), status_handler().status());
1808 }
1809 }
1810
TEST_P(HandlesEvent,InInitiatorWaitIoCapResponseState)1811 TEST_P(HandlesEvent, InInitiatorWaitIoCapResponseState) {
1812 // Advance state machine.
1813 static_cast<void>(pairing_state().InitiatePairing(kNoSecurityRequirements,
1814 NoOpStatusCallback));
1815 static_cast<void>(pairing_state().OnLinkKeyRequest());
1816 static_cast<void>(pairing_state().OnIoCapabilityRequest());
1817
1818 RETURN_IF_FATAL(InjectEvent());
1819 if (event() == IoCapabilityResponse) {
1820 EXPECT_EQ(0, status_handler().call_count());
1821 } else {
1822 EXPECT_EQ(1, status_handler().call_count());
1823 ASSERT_TRUE(status_handler().status());
1824 EXPECT_EQ(ToResult(HostError::kNotSupported), status_handler().status());
1825 }
1826 }
1827
TEST_P(HandlesEvent,InResponderWaitIoCapRequestState)1828 TEST_P(HandlesEvent, InResponderWaitIoCapRequestState) {
1829 // Advance state machine.
1830 pairing_state().OnIoCapabilityResponse(kTestPeerIoCap);
1831
1832 RETURN_IF_FATAL(InjectEvent());
1833 if (event() == IoCapabilityRequest) {
1834 EXPECT_EQ(0, status_handler().call_count());
1835 } else {
1836 EXPECT_EQ(1, status_handler().call_count());
1837 ASSERT_TRUE(status_handler().status());
1838 EXPECT_EQ(ToResult(HostError::kNotSupported), status_handler().status());
1839 }
1840 }
1841
TEST_P(HandlesEvent,InErrorStateAfterIoCapRequestRejectedWithoutPairingDelegate)1842 TEST_P(HandlesEvent,
1843 InErrorStateAfterIoCapRequestRejectedWithoutPairingDelegate) {
1844 // Clear the default pairing delegate set by the fixture.
1845 pairing_state().SetPairingDelegate(PairingDelegate::WeakPtr());
1846
1847 // Advance state machine.
1848 pairing_state().OnIoCapabilityResponse(kTestPeerIoCap);
1849 EXPECT_FALSE(pairing_state().OnIoCapabilityRequest());
1850
1851 // SecureSimplePairingState no longer accepts events because being not ready
1852 // to pair has raised an error.
1853 RETURN_IF_FATAL(InjectEvent());
1854 EXPECT_LE(1, status_handler().call_count());
1855 ASSERT_TRUE(status_handler().status());
1856 if (event() == LinkKeyRequest || event() == IoCapabilityResponse) {
1857 // Peer attempted to pair again, which raises an additional "not ready"
1858 // error.
1859 EXPECT_EQ(ToResult(HostError::kNotReady), status_handler().status());
1860 } else {
1861 EXPECT_EQ(ToResult(HostError::kNotSupported), status_handler().status());
1862 }
1863 }
1864
TEST_P(HandlesEvent,InWaitUserConfirmationStateAsInitiator)1865 TEST_P(HandlesEvent, InWaitUserConfirmationStateAsInitiator) {
1866 NoOpPairingDelegate pairing_delegate(sm::IOCapability::kDisplayOnly);
1867 pairing_state().SetPairingDelegate(pairing_delegate.GetWeakPtr());
1868
1869 // Advance state machine.
1870 pairing_state().InitiatePairing(kNoSecurityRequirements, NoOpStatusCallback);
1871 static_cast<void>(pairing_state().OnLinkKeyRequest());
1872 static_cast<void>(pairing_state().OnIoCapabilityRequest());
1873 pairing_state().OnIoCapabilityResponse(IoCapability::DISPLAY_YES_NO);
1874 ASSERT_TRUE(pairing_state().initiator());
1875
1876 RETURN_IF_FATAL(InjectEvent());
1877 if (event() == UserConfirmationRequest) {
1878 EXPECT_EQ(0, status_handler().call_count());
1879 } else {
1880 EXPECT_EQ(1, status_handler().call_count());
1881 ASSERT_TRUE(status_handler().status());
1882 EXPECT_EQ(ToResult(HostError::kNotSupported), status_handler().status());
1883 }
1884 }
1885
TEST_P(HandlesEvent,InWaitUserPasskeyRequestStateAsInitiator)1886 TEST_P(HandlesEvent, InWaitUserPasskeyRequestStateAsInitiator) {
1887 NoOpPairingDelegate pairing_delegate(sm::IOCapability::kKeyboardOnly);
1888 pairing_state().SetPairingDelegate(pairing_delegate.GetWeakPtr());
1889
1890 // Advance state machine.
1891 pairing_state().InitiatePairing(kNoSecurityRequirements, NoOpStatusCallback);
1892 static_cast<void>(pairing_state().OnLinkKeyRequest());
1893 static_cast<void>(pairing_state().OnIoCapabilityRequest());
1894 pairing_state().OnIoCapabilityResponse(IoCapability::DISPLAY_ONLY);
1895 ASSERT_TRUE(pairing_state().initiator());
1896
1897 RETURN_IF_FATAL(InjectEvent());
1898 if (event() == UserPasskeyRequest) {
1899 EXPECT_EQ(0, status_handler().call_count());
1900 } else {
1901 EXPECT_EQ(1, status_handler().call_count());
1902 ASSERT_TRUE(status_handler().status());
1903 EXPECT_EQ(ToResult(HostError::kNotSupported), status_handler().status());
1904 }
1905 }
1906
TEST_P(HandlesEvent,InWaitUserPasskeyNotificationStateAsInitiator)1907 TEST_P(HandlesEvent, InWaitUserPasskeyNotificationStateAsInitiator) {
1908 NoOpPairingDelegate pairing_delegate(sm::IOCapability::kDisplayOnly);
1909 pairing_state().SetPairingDelegate(pairing_delegate.GetWeakPtr());
1910
1911 // Advance state machine.
1912 pairing_state().InitiatePairing(kNoSecurityRequirements, NoOpStatusCallback);
1913 static_cast<void>(pairing_state().OnLinkKeyRequest());
1914 static_cast<void>(pairing_state().OnIoCapabilityRequest());
1915 pairing_state().OnIoCapabilityResponse(IoCapability::KEYBOARD_ONLY);
1916 ASSERT_TRUE(pairing_state().initiator());
1917
1918 RETURN_IF_FATAL(InjectEvent());
1919 if (event() == UserPasskeyNotification) {
1920 EXPECT_EQ(0, status_handler().call_count());
1921 } else {
1922 EXPECT_EQ(1, status_handler().call_count());
1923 ASSERT_TRUE(status_handler().status());
1924 EXPECT_EQ(ToResult(HostError::kNotSupported), status_handler().status());
1925 }
1926 }
1927
1928 // TODO(xow): Split into three tests depending on the pairing event expected.
TEST_P(HandlesEvent,InWaitUserConfirmationStateAsResponder)1929 TEST_P(HandlesEvent, InWaitUserConfirmationStateAsResponder) {
1930 NoOpPairingDelegate pairing_delegate(sm::IOCapability::kDisplayOnly);
1931 pairing_state().SetPairingDelegate(pairing_delegate.GetWeakPtr());
1932
1933 // Advance state machine.
1934 pairing_state().OnIoCapabilityResponse(IoCapability::DISPLAY_YES_NO);
1935 static_cast<void>(pairing_state().OnIoCapabilityRequest());
1936 ASSERT_FALSE(pairing_state().initiator());
1937
1938 RETURN_IF_FATAL(InjectEvent());
1939 if (event() == UserConfirmationRequest) {
1940 EXPECT_EQ(0, status_handler().call_count());
1941 } else {
1942 EXPECT_EQ(1, status_handler().call_count());
1943 ASSERT_TRUE(status_handler().status());
1944 EXPECT_EQ(ToResult(HostError::kNotSupported), status_handler().status());
1945 }
1946 }
1947
TEST_P(HandlesEvent,InWaitUserPasskeyRequestStateAsResponder)1948 TEST_P(HandlesEvent, InWaitUserPasskeyRequestStateAsResponder) {
1949 NoOpPairingDelegate pairing_delegate(sm::IOCapability::kKeyboardOnly);
1950 pairing_state().SetPairingDelegate(pairing_delegate.GetWeakPtr());
1951
1952 // Advance state machine.
1953 pairing_state().OnIoCapabilityResponse(IoCapability::DISPLAY_ONLY);
1954 static_cast<void>(pairing_state().OnIoCapabilityRequest());
1955 ASSERT_FALSE(pairing_state().initiator());
1956
1957 RETURN_IF_FATAL(InjectEvent());
1958 if (event() == UserPasskeyRequest) {
1959 EXPECT_EQ(0, status_handler().call_count());
1960 } else {
1961 EXPECT_EQ(1, status_handler().call_count());
1962 ASSERT_TRUE(status_handler().status());
1963 EXPECT_EQ(ToResult(HostError::kNotSupported), status_handler().status());
1964 }
1965 }
1966
TEST_P(HandlesEvent,InWaitUserNotificationStateAsResponder)1967 TEST_P(HandlesEvent, InWaitUserNotificationStateAsResponder) {
1968 NoOpPairingDelegate pairing_delegate(sm::IOCapability::kDisplayOnly);
1969 pairing_state().SetPairingDelegate(pairing_delegate.GetWeakPtr());
1970
1971 // Advance state machine.
1972 pairing_state().OnIoCapabilityResponse(IoCapability::KEYBOARD_ONLY);
1973 static_cast<void>(pairing_state().OnIoCapabilityRequest());
1974 ASSERT_FALSE(pairing_state().initiator());
1975
1976 RETURN_IF_FATAL(InjectEvent());
1977 if (event() == UserPasskeyNotification) {
1978 EXPECT_EQ(0, status_handler().call_count());
1979 } else {
1980 EXPECT_EQ(1, status_handler().call_count());
1981 ASSERT_TRUE(status_handler().status());
1982 EXPECT_EQ(ToResult(HostError::kNotSupported), status_handler().status());
1983 }
1984 }
1985
TEST_P(HandlesEvent,InWaitPairingCompleteState)1986 TEST_P(HandlesEvent, InWaitPairingCompleteState) {
1987 // Advance state machine.
1988 pairing_state().OnIoCapabilityResponse(kTestPeerIoCap);
1989 static_cast<void>(pairing_state().OnIoCapabilityRequest());
1990 pairing_state().OnUserConfirmationRequest(kTestPasskey,
1991 NoOpUserConfirmationCallback);
1992
1993 RETURN_IF_FATAL(InjectEvent());
1994 if (event() == SimplePairingComplete) {
1995 EXPECT_EQ(0, status_handler().call_count());
1996 } else {
1997 EXPECT_EQ(1, status_handler().call_count());
1998 ASSERT_TRUE(status_handler().status());
1999 EXPECT_EQ(ToResult(HostError::kNotSupported), status_handler().status());
2000 }
2001 }
2002
TEST_P(HandlesEvent,InWaitLinkKeyState)2003 TEST_P(HandlesEvent, InWaitLinkKeyState) {
2004 // Advance state machine.
2005 pairing_state().OnIoCapabilityResponse(kTestPeerIoCap);
2006 static_cast<void>(pairing_state().OnIoCapabilityRequest());
2007 pairing_state().OnUserConfirmationRequest(kTestPasskey,
2008 NoOpUserConfirmationCallback);
2009 pairing_state().OnSimplePairingComplete(
2010 pw::bluetooth::emboss::StatusCode::SUCCESS);
2011 EXPECT_EQ(0, connection()->start_encryption_count());
2012
2013 RETURN_IF_FATAL(InjectEvent());
2014 if (event() == LinkKeyNotification) {
2015 EXPECT_EQ(0, status_handler().call_count());
2016 EXPECT_EQ(1, connection()->start_encryption_count());
2017 } else {
2018 EXPECT_EQ(1, status_handler().call_count());
2019 ASSERT_TRUE(status_handler().status());
2020 EXPECT_EQ(ToResult(HostError::kNotSupported), status_handler().status());
2021 }
2022 }
2023
TEST_P(HandlesEvent,InInitiatorWaitAuthCompleteStateAfterSimplePairing)2024 TEST_P(HandlesEvent, InInitiatorWaitAuthCompleteStateAfterSimplePairing) {
2025 // Advance state machine.
2026 pairing_state().InitiatePairing(kNoSecurityRequirements, NoOpStatusCallback);
2027 static_cast<void>(pairing_state().OnLinkKeyRequest());
2028 static_cast<void>(pairing_state().OnIoCapabilityRequest());
2029 pairing_state().OnIoCapabilityResponse(kTestPeerIoCap);
2030 pairing_state().OnUserConfirmationRequest(kTestPasskey,
2031 NoOpUserConfirmationCallback);
2032 pairing_state().OnSimplePairingComplete(
2033 pw::bluetooth::emboss::StatusCode::SUCCESS);
2034 pairing_state().OnLinkKeyNotification(kTestLinkKeyValue,
2035 kTestUnauthenticatedLinkKeyType192);
2036 ASSERT_TRUE(pairing_state().initiator());
2037 EXPECT_EQ(0, connection()->start_encryption_count());
2038
2039 RETURN_IF_FATAL(InjectEvent());
2040 if (event() == AuthenticationComplete) {
2041 EXPECT_EQ(0, status_handler().call_count());
2042 EXPECT_EQ(1, connection()->start_encryption_count());
2043 } else {
2044 EXPECT_EQ(1, status_handler().call_count());
2045 ASSERT_TRUE(status_handler().status());
2046 EXPECT_EQ(ToResult(HostError::kNotSupported), status_handler().status());
2047 }
2048 }
2049
TEST_P(HandlesEvent,InWaitEncryptionStateAsInitiator)2050 TEST_P(HandlesEvent, InWaitEncryptionStateAsInitiator) {
2051 // Advance state machine.
2052 pairing_state().InitiatePairing(kNoSecurityRequirements, NoOpStatusCallback);
2053 static_cast<void>(pairing_state().OnLinkKeyRequest());
2054 static_cast<void>(pairing_state().OnIoCapabilityRequest());
2055 pairing_state().OnIoCapabilityResponse(kTestPeerIoCap);
2056 pairing_state().OnUserConfirmationRequest(kTestPasskey,
2057 NoOpUserConfirmationCallback);
2058 pairing_state().OnSimplePairingComplete(
2059 pw::bluetooth::emboss::StatusCode::SUCCESS);
2060 pairing_state().OnLinkKeyNotification(kTestLinkKeyValue,
2061 kTestUnauthenticatedLinkKeyType192);
2062 pairing_state().OnAuthenticationComplete(
2063 pw::bluetooth::emboss::StatusCode::SUCCESS);
2064 ASSERT_TRUE(pairing_state().initiator());
2065
2066 RETURN_IF_FATAL(InjectEvent());
2067
2068 if (event() == IoCapabilityResponse) {
2069 // Restarting the pairing is allowed in this state.
2070 EXPECT_EQ(0, status_handler().call_count());
2071 } else {
2072 // Should not receive anything else other than OnEncryptionChange.
2073 EXPECT_EQ(1, status_handler().call_count());
2074 ASSERT_TRUE(status_handler().status());
2075 EXPECT_EQ(ToResult(HostError::kNotSupported), status_handler().status());
2076 }
2077 }
2078
TEST_P(HandlesEvent,InWaitEncryptionStateAsResponder)2079 TEST_P(HandlesEvent, InWaitEncryptionStateAsResponder) {
2080 // Advance state machine.
2081 pairing_state().OnIoCapabilityResponse(kTestPeerIoCap);
2082 static_cast<void>(pairing_state().OnIoCapabilityRequest());
2083 pairing_state().OnUserConfirmationRequest(kTestPasskey,
2084 NoOpUserConfirmationCallback);
2085 pairing_state().OnSimplePairingComplete(
2086 pw::bluetooth::emboss::StatusCode::SUCCESS);
2087 pairing_state().OnLinkKeyNotification(kTestLinkKeyValue,
2088 kTestUnauthenticatedLinkKeyType192);
2089 ASSERT_FALSE(pairing_state().initiator());
2090
2091 RETURN_IF_FATAL(InjectEvent());
2092
2093 if (event() == IoCapabilityResponse) {
2094 // Restarting the pairing is allowed in this state.
2095 EXPECT_EQ(0, status_handler().call_count());
2096 } else {
2097 // Should not receive anything else other than OnEncryptionChange.
2098 EXPECT_EQ(1, status_handler().call_count());
2099 ASSERT_TRUE(status_handler().status());
2100 EXPECT_EQ(ToResult(HostError::kNotSupported), status_handler().status());
2101 }
2102 }
2103
TEST_P(HandlesEvent,InWaitEncryptionStateAsResponderForBonded)2104 TEST_P(HandlesEvent, InWaitEncryptionStateAsResponderForBonded) {
2105 // We are previously bonded.
2106 auto existing_link_key = sm::LTK(
2107 sm::SecurityProperties(kTestUnauthenticatedLinkKeyType192), kTestLinkKey);
2108 EXPECT_TRUE(peer()->MutBrEdr().SetBondData(existing_link_key));
2109
2110 // Advance state machine.
2111 static_cast<void>(pairing_state().OnLinkKeyRequest());
2112 ASSERT_FALSE(pairing_state().initiator());
2113
2114 RETURN_IF_FATAL(InjectEvent());
2115
2116 if (event() == IoCapabilityResponse) {
2117 // This re-starts the pairing as a responder.
2118 EXPECT_EQ(0, status_handler().call_count());
2119 } else {
2120 // Should not receive anything else other than OnEncryptionChange, receiving
2121 // anything else is a failure.
2122 EXPECT_EQ(1, status_handler().call_count());
2123 ASSERT_TRUE(status_handler().status());
2124 EXPECT_EQ(ToResult(HostError::kNotSupported), status_handler().status());
2125 }
2126 }
2127
TEST_P(HandlesEvent,InIdleStateAfterOnePairing)2128 TEST_P(HandlesEvent, InIdleStateAfterOnePairing) {
2129 // Advance state machine.
2130 static_cast<void>(pairing_state().InitiatePairing(kNoSecurityRequirements,
2131 NoOpStatusCallback));
2132 static_cast<void>(pairing_state().OnLinkKeyRequest());
2133 static_cast<void>(pairing_state().OnIoCapabilityRequest());
2134 pairing_state().OnIoCapabilityResponse(kTestPeerIoCap);
2135 pairing_state().OnUserConfirmationRequest(kTestPasskey,
2136 NoOpUserConfirmationCallback);
2137 pairing_state().OnSimplePairingComplete(
2138 pw::bluetooth::emboss::StatusCode::SUCCESS);
2139 pairing_state().OnLinkKeyNotification(kTestLinkKeyValue,
2140 kTestUnauthenticatedLinkKeyType192);
2141 pairing_state().OnAuthenticationComplete(
2142 pw::bluetooth::emboss::StatusCode::SUCCESS);
2143 ASSERT_TRUE(pairing_state().initiator());
2144
2145 // Successfully enabling encryption should allow pairing to start again.
2146 pairing_state().OnEncryptionChange(fit::ok(true));
2147 EXPECT_EQ(1, status_handler().call_count());
2148 ASSERT_TRUE(status_handler().status());
2149 EXPECT_EQ(fit::ok(), *status_handler().status());
2150 EXPECT_FALSE(pairing_state().initiator());
2151
2152 RETURN_IF_FATAL(InjectEvent());
2153 if (event() == LinkKeyRequest || event() == IoCapabilityResponse) {
2154 EXPECT_EQ(1, status_handler().call_count());
2155 } else {
2156 EXPECT_EQ(2, status_handler().call_count());
2157 ASSERT_TRUE(status_handler().status());
2158 EXPECT_EQ(ToResult(HostError::kNotSupported), status_handler().status());
2159 }
2160 }
2161
TEST_P(HandlesEvent,InFailedStateAfterPairingFailed)2162 TEST_P(HandlesEvent, InFailedStateAfterPairingFailed) {
2163 // Advance state machine.
2164 pairing_state().OnIoCapabilityResponse(kTestPeerIoCap);
2165 static_cast<void>(pairing_state().OnIoCapabilityRequest());
2166 pairing_state().OnUserConfirmationRequest(kTestPasskey,
2167 NoOpUserConfirmationCallback);
2168
2169 // Inject failure status.
2170 pairing_state().OnSimplePairingComplete(
2171 pw::bluetooth::emboss::StatusCode::AUTHENTICATION_FAILURE);
2172 EXPECT_EQ(1, status_handler().call_count());
2173 ASSERT_TRUE(status_handler().status());
2174 EXPECT_FALSE(status_handler().status()->is_ok());
2175
2176 RETURN_IF_FATAL(InjectEvent());
2177 EXPECT_EQ(2, status_handler().call_count());
2178 ASSERT_TRUE(status_handler().status());
2179 EXPECT_EQ(ToResult(HostError::kNotSupported), status_handler().status());
2180 }
2181
TEST_P(HandlesEvent,InFailedStateAfterAuthenticationFailed)2182 TEST_P(HandlesEvent, InFailedStateAfterAuthenticationFailed) {
2183 // Advance state machine.
2184 static_cast<void>(pairing_state().InitiatePairing(kNoSecurityRequirements,
2185 NoOpStatusCallback));
2186 static_cast<void>(pairing_state().OnLinkKeyRequest());
2187 static_cast<void>(pairing_state().OnIoCapabilityRequest());
2188 pairing_state().OnIoCapabilityResponse(kTestPeerIoCap);
2189 pairing_state().OnUserConfirmationRequest(kTestPasskey,
2190 NoOpUserConfirmationCallback);
2191 pairing_state().OnSimplePairingComplete(
2192 pw::bluetooth::emboss::StatusCode::SUCCESS);
2193 pairing_state().OnLinkKeyNotification(kTestLinkKeyValue,
2194 kTestUnauthenticatedLinkKeyType192);
2195
2196 // Inject failure status.
2197 pairing_state().OnAuthenticationComplete(
2198 pw::bluetooth::emboss::StatusCode::AUTHENTICATION_FAILURE);
2199 EXPECT_EQ(1, status_handler().call_count());
2200 ASSERT_TRUE(status_handler().status());
2201 EXPECT_FALSE(status_handler().status()->is_ok());
2202
2203 RETURN_IF_FATAL(InjectEvent());
2204 EXPECT_EQ(2, status_handler().call_count());
2205 ASSERT_TRUE(status_handler().status());
2206 EXPECT_EQ(ToResult(HostError::kNotSupported), status_handler().status());
2207 }
2208
2209 // PairingAction expected answers are inferred from "device A" Authentication
2210 // Stage 1 specs in v5.0 Vol 3, Part C, Sec 5.2.2.6, Table 5.7.
TEST_F(PairingStateTest,GetInitiatorPairingAction)2211 TEST_F(PairingStateTest, GetInitiatorPairingAction) {
2212 EXPECT_EQ(PairingAction::kAutomatic,
2213 GetInitiatorPairingAction(IoCapability::DISPLAY_ONLY,
2214 IoCapability::DISPLAY_ONLY));
2215 EXPECT_EQ(PairingAction::kDisplayPasskey,
2216 GetInitiatorPairingAction(IoCapability::DISPLAY_ONLY,
2217 IoCapability::DISPLAY_YES_NO));
2218 EXPECT_EQ(PairingAction::kDisplayPasskey,
2219 GetInitiatorPairingAction(IoCapability::DISPLAY_ONLY,
2220 IoCapability::KEYBOARD_ONLY));
2221 EXPECT_EQ(PairingAction::kAutomatic,
2222 GetInitiatorPairingAction(IoCapability::DISPLAY_ONLY,
2223 IoCapability::NO_INPUT_NO_OUTPUT));
2224
2225 EXPECT_EQ(PairingAction::kComparePasskey,
2226 GetInitiatorPairingAction(IoCapability::DISPLAY_YES_NO,
2227 IoCapability::DISPLAY_ONLY));
2228 EXPECT_EQ(PairingAction::kDisplayPasskey,
2229 GetInitiatorPairingAction(IoCapability::DISPLAY_YES_NO,
2230 IoCapability::DISPLAY_YES_NO));
2231 EXPECT_EQ(PairingAction::kDisplayPasskey,
2232 GetInitiatorPairingAction(IoCapability::DISPLAY_YES_NO,
2233 IoCapability::KEYBOARD_ONLY));
2234 EXPECT_EQ(PairingAction::kGetConsent,
2235 GetInitiatorPairingAction(IoCapability::DISPLAY_YES_NO,
2236 IoCapability::NO_INPUT_NO_OUTPUT));
2237
2238 EXPECT_EQ(PairingAction::kRequestPasskey,
2239 GetInitiatorPairingAction(IoCapability::KEYBOARD_ONLY,
2240 IoCapability::DISPLAY_ONLY));
2241 EXPECT_EQ(PairingAction::kRequestPasskey,
2242 GetInitiatorPairingAction(IoCapability::KEYBOARD_ONLY,
2243 IoCapability::DISPLAY_YES_NO));
2244 EXPECT_EQ(PairingAction::kRequestPasskey,
2245 GetInitiatorPairingAction(IoCapability::KEYBOARD_ONLY,
2246 IoCapability::KEYBOARD_ONLY));
2247 EXPECT_EQ(PairingAction::kAutomatic,
2248 GetInitiatorPairingAction(IoCapability::KEYBOARD_ONLY,
2249 IoCapability::NO_INPUT_NO_OUTPUT));
2250
2251 EXPECT_EQ(PairingAction::kAutomatic,
2252 GetInitiatorPairingAction(IoCapability::NO_INPUT_NO_OUTPUT,
2253 IoCapability::DISPLAY_ONLY));
2254 EXPECT_EQ(PairingAction::kAutomatic,
2255 GetInitiatorPairingAction(IoCapability::NO_INPUT_NO_OUTPUT,
2256 IoCapability::DISPLAY_YES_NO));
2257 EXPECT_EQ(PairingAction::kAutomatic,
2258 GetInitiatorPairingAction(IoCapability::NO_INPUT_NO_OUTPUT,
2259 IoCapability::KEYBOARD_ONLY));
2260 EXPECT_EQ(PairingAction::kAutomatic,
2261 GetInitiatorPairingAction(IoCapability::NO_INPUT_NO_OUTPUT,
2262 IoCapability::NO_INPUT_NO_OUTPUT));
2263 }
2264
2265 // Ibid., but for "device B."
TEST_F(PairingStateTest,GetResponderPairingAction)2266 TEST_F(PairingStateTest, GetResponderPairingAction) {
2267 EXPECT_EQ(PairingAction::kAutomatic,
2268 GetResponderPairingAction(IoCapability::DISPLAY_ONLY,
2269 IoCapability::DISPLAY_ONLY));
2270 EXPECT_EQ(PairingAction::kComparePasskey,
2271 GetResponderPairingAction(IoCapability::DISPLAY_ONLY,
2272 IoCapability::DISPLAY_YES_NO));
2273 EXPECT_EQ(PairingAction::kRequestPasskey,
2274 GetResponderPairingAction(IoCapability::DISPLAY_ONLY,
2275 IoCapability::KEYBOARD_ONLY));
2276 EXPECT_EQ(PairingAction::kAutomatic,
2277 GetResponderPairingAction(IoCapability::DISPLAY_ONLY,
2278 IoCapability::NO_INPUT_NO_OUTPUT));
2279
2280 EXPECT_EQ(PairingAction::kDisplayPasskey,
2281 GetResponderPairingAction(IoCapability::DISPLAY_YES_NO,
2282 IoCapability::DISPLAY_ONLY));
2283 EXPECT_EQ(PairingAction::kComparePasskey,
2284 GetResponderPairingAction(IoCapability::DISPLAY_YES_NO,
2285 IoCapability::DISPLAY_YES_NO));
2286 EXPECT_EQ(PairingAction::kRequestPasskey,
2287 GetResponderPairingAction(IoCapability::DISPLAY_YES_NO,
2288 IoCapability::KEYBOARD_ONLY));
2289 EXPECT_EQ(PairingAction::kAutomatic,
2290 GetResponderPairingAction(IoCapability::DISPLAY_YES_NO,
2291 IoCapability::NO_INPUT_NO_OUTPUT));
2292
2293 EXPECT_EQ(PairingAction::kDisplayPasskey,
2294 GetResponderPairingAction(IoCapability::KEYBOARD_ONLY,
2295 IoCapability::DISPLAY_ONLY));
2296 EXPECT_EQ(PairingAction::kDisplayPasskey,
2297 GetResponderPairingAction(IoCapability::KEYBOARD_ONLY,
2298 IoCapability::DISPLAY_YES_NO));
2299 EXPECT_EQ(PairingAction::kRequestPasskey,
2300 GetResponderPairingAction(IoCapability::KEYBOARD_ONLY,
2301 IoCapability::KEYBOARD_ONLY));
2302 EXPECT_EQ(PairingAction::kAutomatic,
2303 GetResponderPairingAction(IoCapability::KEYBOARD_ONLY,
2304 IoCapability::NO_INPUT_NO_OUTPUT));
2305
2306 EXPECT_EQ(PairingAction::kAutomatic,
2307 GetResponderPairingAction(IoCapability::NO_INPUT_NO_OUTPUT,
2308 IoCapability::DISPLAY_ONLY));
2309 EXPECT_EQ(PairingAction::kGetConsent,
2310 GetResponderPairingAction(IoCapability::NO_INPUT_NO_OUTPUT,
2311 IoCapability::DISPLAY_YES_NO));
2312 EXPECT_EQ(PairingAction::kGetConsent,
2313 GetResponderPairingAction(IoCapability::NO_INPUT_NO_OUTPUT,
2314 IoCapability::KEYBOARD_ONLY));
2315 EXPECT_EQ(PairingAction::kAutomatic,
2316 GetResponderPairingAction(IoCapability::NO_INPUT_NO_OUTPUT,
2317 IoCapability::NO_INPUT_NO_OUTPUT));
2318 }
2319
2320 // Events are obtained from ibid. association models, mapped to HCI sequences in
2321 // v5.0 Vol 3, Vol 2, Part F, Sec 4.2.10–15.
TEST_F(PairingStateTest,GetExpectedEvent)2322 TEST_F(PairingStateTest, GetExpectedEvent) {
2323 EXPECT_EQ(
2324 kUserConfirmationRequestEventCode,
2325 GetExpectedEvent(IoCapability::DISPLAY_ONLY, IoCapability::DISPLAY_ONLY));
2326 EXPECT_EQ(kUserConfirmationRequestEventCode,
2327 GetExpectedEvent(IoCapability::DISPLAY_ONLY,
2328 IoCapability::DISPLAY_YES_NO));
2329 EXPECT_EQ(kUserPasskeyNotificationEventCode,
2330 GetExpectedEvent(IoCapability::DISPLAY_ONLY,
2331 IoCapability::KEYBOARD_ONLY));
2332 EXPECT_EQ(kUserConfirmationRequestEventCode,
2333 GetExpectedEvent(IoCapability::DISPLAY_ONLY,
2334 IoCapability::NO_INPUT_NO_OUTPUT));
2335
2336 EXPECT_EQ(kUserConfirmationRequestEventCode,
2337 GetExpectedEvent(IoCapability::DISPLAY_YES_NO,
2338 IoCapability::DISPLAY_ONLY));
2339 EXPECT_EQ(kUserConfirmationRequestEventCode,
2340 GetExpectedEvent(IoCapability::DISPLAY_YES_NO,
2341 IoCapability::DISPLAY_YES_NO));
2342 EXPECT_EQ(kUserPasskeyNotificationEventCode,
2343 GetExpectedEvent(IoCapability::DISPLAY_YES_NO,
2344 IoCapability::KEYBOARD_ONLY));
2345 EXPECT_EQ(kUserConfirmationRequestEventCode,
2346 GetExpectedEvent(IoCapability::DISPLAY_YES_NO,
2347 IoCapability::NO_INPUT_NO_OUTPUT));
2348
2349 EXPECT_EQ(kUserPasskeyRequestEventCode,
2350 GetExpectedEvent(IoCapability::KEYBOARD_ONLY,
2351 IoCapability::DISPLAY_ONLY));
2352 EXPECT_EQ(kUserPasskeyRequestEventCode,
2353 GetExpectedEvent(IoCapability::KEYBOARD_ONLY,
2354 IoCapability::DISPLAY_YES_NO));
2355 EXPECT_EQ(kUserPasskeyRequestEventCode,
2356 GetExpectedEvent(IoCapability::KEYBOARD_ONLY,
2357 IoCapability::KEYBOARD_ONLY));
2358 EXPECT_EQ(kUserConfirmationRequestEventCode,
2359 GetExpectedEvent(IoCapability::KEYBOARD_ONLY,
2360 IoCapability::NO_INPUT_NO_OUTPUT));
2361
2362 EXPECT_EQ(kUserConfirmationRequestEventCode,
2363 GetExpectedEvent(IoCapability::NO_INPUT_NO_OUTPUT,
2364 IoCapability::DISPLAY_ONLY));
2365 EXPECT_EQ(kUserConfirmationRequestEventCode,
2366 GetExpectedEvent(IoCapability::NO_INPUT_NO_OUTPUT,
2367 IoCapability::DISPLAY_YES_NO));
2368 EXPECT_EQ(kUserConfirmationRequestEventCode,
2369 GetExpectedEvent(IoCapability::NO_INPUT_NO_OUTPUT,
2370 IoCapability::KEYBOARD_ONLY));
2371 EXPECT_EQ(kUserConfirmationRequestEventCode,
2372 GetExpectedEvent(IoCapability::NO_INPUT_NO_OUTPUT,
2373 IoCapability::NO_INPUT_NO_OUTPUT));
2374 }
2375
2376 // Level of authentication from ibid. table.
TEST_F(PairingStateTest,IsPairingAuthenticated)2377 TEST_F(PairingStateTest, IsPairingAuthenticated) {
2378 EXPECT_FALSE(IsPairingAuthenticated(IoCapability::DISPLAY_ONLY,
2379 IoCapability::DISPLAY_ONLY));
2380 EXPECT_FALSE(IsPairingAuthenticated(IoCapability::DISPLAY_ONLY,
2381 IoCapability::DISPLAY_YES_NO));
2382 EXPECT_TRUE(IsPairingAuthenticated(IoCapability::DISPLAY_ONLY,
2383 IoCapability::KEYBOARD_ONLY));
2384 EXPECT_FALSE(IsPairingAuthenticated(IoCapability::DISPLAY_ONLY,
2385 IoCapability::NO_INPUT_NO_OUTPUT));
2386
2387 EXPECT_FALSE(IsPairingAuthenticated(IoCapability::DISPLAY_YES_NO,
2388 IoCapability::DISPLAY_ONLY));
2389 EXPECT_TRUE(IsPairingAuthenticated(IoCapability::DISPLAY_YES_NO,
2390 IoCapability::DISPLAY_YES_NO));
2391 EXPECT_TRUE(IsPairingAuthenticated(IoCapability::DISPLAY_YES_NO,
2392 IoCapability::KEYBOARD_ONLY));
2393 EXPECT_FALSE(IsPairingAuthenticated(IoCapability::DISPLAY_YES_NO,
2394 IoCapability::NO_INPUT_NO_OUTPUT));
2395
2396 EXPECT_TRUE(IsPairingAuthenticated(IoCapability::KEYBOARD_ONLY,
2397 IoCapability::DISPLAY_ONLY));
2398 EXPECT_TRUE(IsPairingAuthenticated(IoCapability::KEYBOARD_ONLY,
2399 IoCapability::DISPLAY_YES_NO));
2400 EXPECT_TRUE(IsPairingAuthenticated(IoCapability::KEYBOARD_ONLY,
2401 IoCapability::KEYBOARD_ONLY));
2402 EXPECT_FALSE(IsPairingAuthenticated(IoCapability::KEYBOARD_ONLY,
2403 IoCapability::NO_INPUT_NO_OUTPUT));
2404
2405 EXPECT_FALSE(IsPairingAuthenticated(IoCapability::NO_INPUT_NO_OUTPUT,
2406 IoCapability::DISPLAY_ONLY));
2407 EXPECT_FALSE(IsPairingAuthenticated(IoCapability::NO_INPUT_NO_OUTPUT,
2408 IoCapability::DISPLAY_YES_NO));
2409 EXPECT_FALSE(IsPairingAuthenticated(IoCapability::NO_INPUT_NO_OUTPUT,
2410 IoCapability::KEYBOARD_ONLY));
2411 EXPECT_FALSE(IsPairingAuthenticated(IoCapability::NO_INPUT_NO_OUTPUT,
2412 IoCapability::NO_INPUT_NO_OUTPUT));
2413 }
2414
TEST_F(PairingStateTest,GetInitiatorAuthenticationRequirements)2415 TEST_F(PairingStateTest, GetInitiatorAuthenticationRequirements) {
2416 EXPECT_EQ(AuthenticationRequirements::MITM_GENERAL_BONDING,
2417 GetInitiatorAuthenticationRequirements(IoCapability::DISPLAY_ONLY));
2418 EXPECT_EQ(
2419 AuthenticationRequirements::MITM_GENERAL_BONDING,
2420 GetInitiatorAuthenticationRequirements(IoCapability::DISPLAY_YES_NO));
2421 EXPECT_EQ(
2422 AuthenticationRequirements::MITM_GENERAL_BONDING,
2423 GetInitiatorAuthenticationRequirements(IoCapability::KEYBOARD_ONLY));
2424 EXPECT_EQ(
2425 AuthenticationRequirements::GENERAL_BONDING,
2426 GetInitiatorAuthenticationRequirements(IoCapability::NO_INPUT_NO_OUTPUT));
2427 }
2428
TEST_F(PairingStateTest,GetResponderAuthenticationRequirements)2429 TEST_F(PairingStateTest, GetResponderAuthenticationRequirements) {
2430 EXPECT_EQ(AuthenticationRequirements::GENERAL_BONDING,
2431 GetResponderAuthenticationRequirements(IoCapability::DISPLAY_ONLY,
2432 IoCapability::DISPLAY_ONLY));
2433 EXPECT_EQ(AuthenticationRequirements::GENERAL_BONDING,
2434 GetResponderAuthenticationRequirements(
2435 IoCapability::DISPLAY_ONLY, IoCapability::DISPLAY_YES_NO));
2436 EXPECT_EQ(AuthenticationRequirements::MITM_GENERAL_BONDING,
2437 GetResponderAuthenticationRequirements(
2438 IoCapability::DISPLAY_ONLY, IoCapability::KEYBOARD_ONLY));
2439 EXPECT_EQ(AuthenticationRequirements::GENERAL_BONDING,
2440 GetResponderAuthenticationRequirements(
2441 IoCapability::DISPLAY_ONLY, IoCapability::NO_INPUT_NO_OUTPUT));
2442
2443 EXPECT_EQ(AuthenticationRequirements::GENERAL_BONDING,
2444 GetResponderAuthenticationRequirements(IoCapability::DISPLAY_YES_NO,
2445 IoCapability::DISPLAY_ONLY));
2446 EXPECT_EQ(AuthenticationRequirements::MITM_GENERAL_BONDING,
2447 GetResponderAuthenticationRequirements(
2448 IoCapability::DISPLAY_YES_NO, IoCapability::DISPLAY_YES_NO));
2449 EXPECT_EQ(AuthenticationRequirements::MITM_GENERAL_BONDING,
2450 GetResponderAuthenticationRequirements(
2451 IoCapability::DISPLAY_YES_NO, IoCapability::KEYBOARD_ONLY));
2452 EXPECT_EQ(
2453 AuthenticationRequirements::GENERAL_BONDING,
2454 GetResponderAuthenticationRequirements(IoCapability::DISPLAY_YES_NO,
2455 IoCapability::NO_INPUT_NO_OUTPUT));
2456
2457 EXPECT_EQ(AuthenticationRequirements::MITM_GENERAL_BONDING,
2458 GetResponderAuthenticationRequirements(IoCapability::KEYBOARD_ONLY,
2459 IoCapability::DISPLAY_ONLY));
2460 EXPECT_EQ(AuthenticationRequirements::MITM_GENERAL_BONDING,
2461 GetResponderAuthenticationRequirements(
2462 IoCapability::KEYBOARD_ONLY, IoCapability::DISPLAY_YES_NO));
2463 EXPECT_EQ(AuthenticationRequirements::MITM_GENERAL_BONDING,
2464 GetResponderAuthenticationRequirements(
2465 IoCapability::KEYBOARD_ONLY, IoCapability::KEYBOARD_ONLY));
2466 EXPECT_EQ(AuthenticationRequirements::GENERAL_BONDING,
2467 GetResponderAuthenticationRequirements(
2468 IoCapability::KEYBOARD_ONLY, IoCapability::NO_INPUT_NO_OUTPUT));
2469
2470 EXPECT_EQ(AuthenticationRequirements::GENERAL_BONDING,
2471 GetResponderAuthenticationRequirements(
2472 IoCapability::NO_INPUT_NO_OUTPUT, IoCapability::DISPLAY_ONLY));
2473 EXPECT_EQ(
2474 AuthenticationRequirements::GENERAL_BONDING,
2475 GetResponderAuthenticationRequirements(IoCapability::NO_INPUT_NO_OUTPUT,
2476 IoCapability::DISPLAY_YES_NO));
2477 EXPECT_EQ(AuthenticationRequirements::GENERAL_BONDING,
2478 GetResponderAuthenticationRequirements(
2479 IoCapability::NO_INPUT_NO_OUTPUT, IoCapability::KEYBOARD_ONLY));
2480 EXPECT_EQ(
2481 AuthenticationRequirements::GENERAL_BONDING,
2482 GetResponderAuthenticationRequirements(IoCapability::NO_INPUT_NO_OUTPUT,
2483 IoCapability::NO_INPUT_NO_OUTPUT));
2484 }
2485
TEST_F(PairingStateTest,SkipPairingIfExistingKeyMeetsSecurityRequirements)2486 TEST_F(PairingStateTest, SkipPairingIfExistingKeyMeetsSecurityRequirements) {
2487 NoOpPairingDelegate pairing_delegate(sm::IOCapability::kNoInputNoOutput);
2488
2489 TestStatusHandler status_handler;
2490
2491 SecureSimplePairingState pairing_state(
2492 peer()->GetWeakPtr(),
2493 pairing_delegate.GetWeakPtr(),
2494 connection()->GetWeakPtr(),
2495 /*outgoing_connection=*/false,
2496 MakeAuthRequestCallback(),
2497 status_handler.MakeStatusCallback(),
2498 /*low_energy_address_delegate=*/this,
2499 /*controller_remote_public_key_validation_supported=*/true,
2500 sm_factory_func(),
2501 dispatcher());
2502
2503 connection()->set_link_key(kTestLinkKey, kTestAuthenticatedLinkKeyType192);
2504
2505 constexpr BrEdrSecurityRequirements kSecurityRequirements{
2506 .authentication = true, .secure_connections = false};
2507 TestStatusHandler initiator_status_handler;
2508 pairing_state.InitiatePairing(kSecurityRequirements,
2509 initiator_status_handler.MakeStatusCallback());
2510 EXPECT_EQ(0u, auth_request_count());
2511 EXPECT_FALSE(pairing_state.initiator());
2512 EXPECT_EQ(0, status_handler.call_count());
2513 ASSERT_EQ(1, initiator_status_handler.call_count());
2514 EXPECT_EQ(fit::ok(), *initiator_status_handler.status());
2515 }
2516
TEST_F(PairingStateTest,InitiatorAuthRequiredCausesOnLinkKeyRequestToReturnNullIfUnauthenticatedKeyExists)2517 TEST_F(
2518 PairingStateTest,
2519 InitiatorAuthRequiredCausesOnLinkKeyRequestToReturnNullIfUnauthenticatedKeyExists) {
2520 NoOpPairingDelegate pairing_delegate(sm::IOCapability::kNoInputNoOutput);
2521
2522 TestStatusHandler status_handler;
2523
2524 SecureSimplePairingState pairing_state(
2525 peer()->GetWeakPtr(),
2526 pairing_delegate.GetWeakPtr(),
2527 connection()->GetWeakPtr(),
2528 /*outgoing_connection=*/false,
2529 MakeAuthRequestCallback(),
2530 status_handler.MakeStatusCallback(),
2531 /*low_energy_address_delegate=*/this,
2532 /*controller_remote_public_key_validation_supported=*/true,
2533 sm_factory_func(),
2534 dispatcher());
2535
2536 BrEdrSecurityRequirements security{.authentication = true,
2537 .secure_connections = false};
2538 pairing_state.InitiatePairing(security, status_handler.MakeStatusCallback());
2539
2540 EXPECT_TRUE(peer()->MutBrEdr().SetBondData(
2541 sm::LTK(sm::SecurityProperties(kTestUnauthenticatedLinkKeyType192),
2542 kTestLinkKey)));
2543
2544 EXPECT_EQ(std::nullopt, pairing_state.OnLinkKeyRequest());
2545 EXPECT_EQ(0, status_handler.call_count());
2546 }
2547
TEST_F(PairingStateTest,InitiatorNoSecurityRequirementsCausesOnLinkKeyRequestToReturnExistingKey)2548 TEST_F(
2549 PairingStateTest,
2550 InitiatorNoSecurityRequirementsCausesOnLinkKeyRequestToReturnExistingKey) {
2551 NoOpPairingDelegate pairing_delegate(sm::IOCapability::kNoInputNoOutput);
2552
2553 TestStatusHandler status_handler;
2554
2555 SecureSimplePairingState pairing_state(
2556 peer()->GetWeakPtr(),
2557 pairing_delegate.GetWeakPtr(),
2558 connection()->GetWeakPtr(),
2559 /*outgoing_connection=*/false,
2560 MakeAuthRequestCallback(),
2561 status_handler.MakeStatusCallback(),
2562 /*low_energy_address_delegate=*/this,
2563 /*controller_remote_public_key_validation_supported=*/true,
2564 sm_factory_func(),
2565 dispatcher());
2566
2567 pairing_state.InitiatePairing(kNoSecurityRequirements, NoOpStatusCallback);
2568
2569 EXPECT_TRUE(peer()->MutBrEdr().SetBondData(
2570 sm::LTK(sm::SecurityProperties(kTestUnauthenticatedLinkKeyType192),
2571 kTestLinkKey)));
2572 EXPECT_FALSE(connection()->ltk().has_value());
2573
2574 auto reply_key = pairing_state.OnLinkKeyRequest();
2575 ASSERT_TRUE(reply_key.has_value());
2576 EXPECT_EQ(kTestLinkKey, reply_key.value());
2577 EXPECT_EQ(0, status_handler.call_count());
2578 EXPECT_TRUE(connection()->ltk().has_value());
2579 }
2580
TEST_F(PairingStateTest,InitiatorOnLinkKeyRequestReturnsNullIfBondDataDoesNotExist)2581 TEST_F(PairingStateTest,
2582 InitiatorOnLinkKeyRequestReturnsNullIfBondDataDoesNotExist) {
2583 NoOpPairingDelegate pairing_delegate(sm::IOCapability::kNoInputNoOutput);
2584
2585 TestStatusHandler status_handler;
2586
2587 SecureSimplePairingState pairing_state(
2588 peer()->GetWeakPtr(),
2589 pairing_delegate.GetWeakPtr(),
2590 connection()->GetWeakPtr(),
2591 /*outgoing_connection=*/false,
2592 MakeAuthRequestCallback(),
2593 status_handler.MakeStatusCallback(),
2594 /*low_energy_address_delegate=*/this,
2595 /*controller_remote_public_key_validation_supported=*/true,
2596 sm_factory_func(),
2597 dispatcher());
2598
2599 pairing_state.InitiatePairing(kNoSecurityRequirements, NoOpStatusCallback);
2600
2601 auto reply_key = pairing_state.OnLinkKeyRequest();
2602 EXPECT_FALSE(reply_key.has_value());
2603 EXPECT_EQ(0, status_handler.call_count());
2604 }
2605
TEST_F(PairingStateTest,IdleStateOnLinkKeyRequestReturnsLinkKeyWhenBondDataExists)2606 TEST_F(PairingStateTest,
2607 IdleStateOnLinkKeyRequestReturnsLinkKeyWhenBondDataExists) {
2608 NoOpPairingDelegate pairing_delegate(sm::IOCapability::kNoInputNoOutput);
2609
2610 TestStatusHandler status_handler;
2611
2612 SecureSimplePairingState pairing_state(
2613 peer()->GetWeakPtr(),
2614 pairing_delegate.GetWeakPtr(),
2615 connection()->GetWeakPtr(),
2616 /*outgoing_connection=*/false,
2617 MakeAuthRequestCallback(),
2618 status_handler.MakeStatusCallback(),
2619 /*low_energy_address_delegate=*/this,
2620 /*controller_remote_public_key_validation_supported=*/true,
2621 sm_factory_func(),
2622 dispatcher());
2623
2624 EXPECT_TRUE(peer()->MutBrEdr().SetBondData(
2625 sm::LTK(sm::SecurityProperties(kTestUnauthenticatedLinkKeyType192),
2626 kTestLinkKey)));
2627 EXPECT_FALSE(connection()->ltk().has_value());
2628
2629 auto reply_key = pairing_state.OnLinkKeyRequest();
2630 ASSERT_TRUE(reply_key.has_value());
2631 EXPECT_EQ(kTestLinkKey, reply_key.value());
2632 EXPECT_EQ(0, status_handler.call_count());
2633 EXPECT_TRUE(connection()->ltk().has_value());
2634 }
2635
TEST_F(PairingStateTest,IdleStateOnLinkKeyRequestReturnsNullWhenBondDataDoesNotExist)2636 TEST_F(PairingStateTest,
2637 IdleStateOnLinkKeyRequestReturnsNullWhenBondDataDoesNotExist) {
2638 NoOpPairingDelegate pairing_delegate(sm::IOCapability::kNoInputNoOutput);
2639
2640 TestStatusHandler status_handler;
2641
2642 SecureSimplePairingState pairing_state(
2643 peer()->GetWeakPtr(),
2644 pairing_delegate.GetWeakPtr(),
2645 connection()->GetWeakPtr(),
2646 /*outgoing_connection=*/false,
2647 MakeAuthRequestCallback(),
2648 status_handler.MakeStatusCallback(),
2649 /*low_energy_address_delegate=*/this,
2650 /*controller_remote_public_key_validation_supported=*/true,
2651 sm_factory_func(),
2652 dispatcher());
2653
2654 auto reply_key = pairing_state.OnLinkKeyRequest();
2655 EXPECT_FALSE(reply_key.has_value());
2656 EXPECT_EQ(0, status_handler.call_count());
2657 }
2658
TEST_F(PairingStateTest,SimplePairingCompleteWithErrorCodeReceivedEarlyFailsPairing)2659 TEST_F(PairingStateTest,
2660 SimplePairingCompleteWithErrorCodeReceivedEarlyFailsPairing) {
2661 NoOpPairingDelegate pairing_delegate(sm::IOCapability::kNoInputNoOutput);
2662
2663 TestStatusHandler status_handler;
2664
2665 SecureSimplePairingState pairing_state(
2666 peer()->GetWeakPtr(),
2667 pairing_delegate.GetWeakPtr(),
2668 connection()->GetWeakPtr(),
2669 /*outgoing_connection=*/false,
2670 MakeAuthRequestCallback(),
2671 status_handler.MakeStatusCallback(),
2672 /*low_energy_address_delegate=*/this,
2673 /*controller_remote_public_key_validation_supported=*/true,
2674 sm_factory_func(),
2675 dispatcher());
2676
2677 pairing_state.InitiatePairing(kNoSecurityRequirements, NoOpStatusCallback);
2678
2679 EXPECT_EQ(std::nullopt, pairing_state.OnLinkKeyRequest());
2680 EXPECT_EQ(IoCapability::NO_INPUT_NO_OUTPUT,
2681 *pairing_state.OnIoCapabilityRequest());
2682 EXPECT_EQ(0, status_handler.call_count());
2683
2684 const auto status_code =
2685 pw::bluetooth::emboss::StatusCode::PAIRING_NOT_ALLOWED;
2686 pairing_state.OnSimplePairingComplete(status_code);
2687 ASSERT_EQ(1, status_handler.call_count());
2688 EXPECT_EQ(ToResult(status_code), status_handler.status().value());
2689 }
2690
TEST_F(PairingStateDeathTest,OnLinkKeyRequestReceivedMissingPeerAsserts)2691 TEST_F(PairingStateDeathTest, OnLinkKeyRequestReceivedMissingPeerAsserts) {
2692 NoOpPairingDelegate pairing_delegate(sm::IOCapability::kNoInputNoOutput);
2693
2694 TestStatusHandler status_handler;
2695
2696 SecureSimplePairingState pairing_state(
2697 peer()->GetWeakPtr(),
2698 pairing_delegate.GetWeakPtr(),
2699 connection()->GetWeakPtr(),
2700 /*outgoing_connection=*/false,
2701 MakeAuthRequestCallback(),
2702 status_handler.MakeStatusCallback(),
2703 /*low_energy_address_delegate=*/this,
2704 /*controller_remote_public_key_validation_supported=*/true,
2705 sm_factory_func(),
2706 dispatcher());
2707
2708 pairing_state.InitiatePairing(kNoSecurityRequirements, NoOpStatusCallback);
2709
2710 EXPECT_TRUE(peer_cache()->RemoveDisconnectedPeer(peer()->identifier()));
2711
2712 ASSERT_DEATH_IF_SUPPORTED(
2713 { [[maybe_unused]] auto reply_key = pairing_state.OnLinkKeyRequest(); },
2714 ".*peer.*");
2715 }
2716
TEST_F(PairingStateTest,AuthenticationCompleteWithErrorCodeReceivedEarlyFailsPairing)2717 TEST_F(PairingStateTest,
2718 AuthenticationCompleteWithErrorCodeReceivedEarlyFailsPairing) {
2719 NoOpPairingDelegate pairing_delegate(sm::IOCapability::kNoInputNoOutput);
2720
2721 TestStatusHandler status_handler;
2722
2723 SecureSimplePairingState pairing_state(
2724 peer()->GetWeakPtr(),
2725 pairing_delegate.GetWeakPtr(),
2726 connection()->GetWeakPtr(),
2727 /*outgoing_connection=*/false,
2728 MakeAuthRequestCallback(),
2729 status_handler.MakeStatusCallback(),
2730 /*low_energy_address_delegate=*/this,
2731 /*controller_remote_public_key_validation_supported=*/true,
2732 sm_factory_func(),
2733 dispatcher());
2734
2735 pairing_state.InitiatePairing(kNoSecurityRequirements, NoOpStatusCallback);
2736
2737 EXPECT_EQ(std::nullopt, pairing_state.OnLinkKeyRequest());
2738 EXPECT_EQ(0, status_handler.call_count());
2739
2740 const auto status_code =
2741 pw::bluetooth::emboss::StatusCode::AUTHENTICATION_FAILURE;
2742 pairing_state.OnAuthenticationComplete(status_code);
2743 ASSERT_EQ(1, status_handler.call_count());
2744 EXPECT_EQ(ToResult(status_code), status_handler.status().value());
2745 }
2746
TEST_F(PairingStateTest,AuthenticationCompleteWithMissingKeyRetriesWithoutKeyAndDoesntAutoConfirmRejected)2747 TEST_F(
2748 PairingStateTest,
2749 AuthenticationCompleteWithMissingKeyRetriesWithoutKeyAndDoesntAutoConfirmRejected) {
2750 FakePairingDelegate pairing_delegate(sm::IOCapability::kNoInputNoOutput);
2751
2752 TestStatusHandler status_handler;
2753
2754 SecureSimplePairingState pairing_state(
2755 peer()->GetWeakPtr(),
2756 pairing_delegate.GetWeakPtr(),
2757 connection()->GetWeakPtr(),
2758 /*outgoing_connection=*/true,
2759 MakeAuthRequestCallback(),
2760 status_handler.MakeStatusCallback(),
2761 /*low_energy_address_delegate=*/this,
2762 /*controller_remote_public_key_validation_supported=*/true,
2763 sm_factory_func(),
2764 dispatcher());
2765
2766 auto existing_link_key = sm::LTK(
2767 sm::SecurityProperties(kTestUnauthenticatedLinkKeyType192), kTestLinkKey);
2768
2769 EXPECT_TRUE(peer()->MutBrEdr().SetBondData(existing_link_key));
2770 EXPECT_FALSE(connection()->ltk().has_value());
2771
2772 pairing_state.InitiatePairing(kNoSecurityRequirements, NoOpStatusCallback);
2773 EXPECT_EQ(1u, auth_request_count());
2774
2775 auto reply_key = pairing_state.OnLinkKeyRequest();
2776 ASSERT_TRUE(reply_key.has_value());
2777 EXPECT_EQ(kTestLinkKey, reply_key.value());
2778 EXPECT_EQ(0, status_handler.call_count());
2779
2780 // Peer says that they don't have a key.
2781 pairing_state.OnAuthenticationComplete(
2782 pw::bluetooth::emboss::StatusCode::PIN_OR_KEY_MISSING);
2783 ASSERT_EQ(0, status_handler.call_count());
2784 // We should retry the authentication request, this time pretending we don't
2785 // have a key.
2786 EXPECT_EQ(2u, auth_request_count());
2787
2788 EXPECT_EQ(std::nullopt, pairing_state.OnLinkKeyRequest());
2789 EXPECT_EQ(0, status_handler.call_count());
2790
2791 static_cast<void>(pairing_state.OnIoCapabilityRequest());
2792 pairing_state.OnIoCapabilityResponse(IoCapability::NO_INPUT_NO_OUTPUT);
2793 pairing_delegate.SetConfirmPairingCallback([this](PeerId peer_id, auto cb) {
2794 EXPECT_EQ(peer()->identifier(), peer_id);
2795 ASSERT_TRUE(cb);
2796 cb(false);
2797 });
2798 bool confirmed = true;
2799 pairing_state.OnUserConfirmationRequest(
2800 kTestPasskey, [&confirmed](bool confirm) { confirmed = confirm; });
2801
2802 EXPECT_FALSE(confirmed);
2803
2804 pairing_delegate.SetCompletePairingCallback(
2805 [this](PeerId peer_id, sm::Result<> status) {
2806 EXPECT_EQ(peer()->identifier(), peer_id);
2807 EXPECT_TRUE(status.is_error());
2808 });
2809
2810 // The controller sends a SimplePairingComplete indicating the failure after
2811 // we send a Negative Confirmation.
2812 const auto status_code =
2813 pw::bluetooth::emboss::StatusCode::AUTHENTICATION_FAILURE;
2814 pairing_state.OnSimplePairingComplete(status_code);
2815
2816 // The bonding key should not have been touched.
2817 EXPECT_EQ(existing_link_key, peer()->bredr()->link_key());
2818
2819 EXPECT_EQ(1, status_handler.call_count());
2820 ASSERT_TRUE(status_handler.status().has_value());
2821 EXPECT_EQ(ToResult(status_code), status_handler.status().value());
2822 }
2823
TEST_F(PairingStateTest,ResponderSignalsCompletionOfPairing)2824 TEST_F(PairingStateTest, ResponderSignalsCompletionOfPairing) {
2825 NoOpPairingDelegate pairing_delegate(kTestLocalIoCap);
2826
2827 TestStatusHandler status_handler;
2828
2829 SecureSimplePairingState pairing_state(
2830 peer()->GetWeakPtr(),
2831 pairing_delegate.GetWeakPtr(),
2832 connection()->GetWeakPtr(),
2833 /*outgoing_connection=*/false,
2834 MakeAuthRequestCallback(),
2835 status_handler.MakeStatusCallback(),
2836 /*low_energy_address_delegate=*/this,
2837 /*controller_remote_public_key_validation_supported=*/true,
2838 sm_factory_func(),
2839 dispatcher());
2840 EXPECT_FALSE(pairing_state.initiator());
2841 EXPECT_FALSE(peer()->MutBrEdr().is_pairing());
2842
2843 auto existing_link_key = sm::LTK(
2844 sm::SecurityProperties(kTestUnauthenticatedLinkKeyType192), kTestLinkKey);
2845
2846 EXPECT_TRUE(peer()->MutBrEdr().SetBondData(existing_link_key));
2847 EXPECT_FALSE(connection()->ltk().has_value());
2848
2849 auto reply_key = pairing_state.OnLinkKeyRequest();
2850 ASSERT_TRUE(reply_key.has_value());
2851 EXPECT_EQ(kTestLinkKey, reply_key.value());
2852 EXPECT_EQ(0, status_handler.call_count());
2853 EXPECT_TRUE(peer()->MutBrEdr().is_pairing());
2854
2855 // If a pairing request comes in after the peer has already asked for the key,
2856 // we add it's completion to the queue.
2857 TestStatusHandler new_pairing_handler;
2858 pairing_state.InitiatePairing(kNoSecurityRequirements,
2859 new_pairing_handler.MakeStatusCallback());
2860
2861 connection()->TriggerEncryptionChangeCallback(fit::ok(true));
2862
2863 auto expected_status = pw::bluetooth::emboss::StatusCode::SUCCESS;
2864 EXPECT_EQ(1, status_handler.call_count());
2865 ASSERT_TRUE(status_handler.status().has_value());
2866 EXPECT_EQ(ToResult(expected_status), status_handler.status().value());
2867 EXPECT_FALSE(peer()->MutBrEdr().is_pairing());
2868
2869 // and the new pairing handler gets called back too
2870 EXPECT_EQ(1, new_pairing_handler.call_count());
2871 ASSERT_TRUE(new_pairing_handler.status().has_value());
2872 EXPECT_EQ(ToResult(expected_status), new_pairing_handler.status().value());
2873
2874 // The link key should be stored in the connection now.
2875 EXPECT_EQ(kTestLinkKey, connection()->ltk());
2876 }
2877
TEST_F(PairingStateTest,AuthenticationCompleteWithMissingKeyRetriesWithoutKeyAndDoesntAutoConfirmAccepted)2878 TEST_F(
2879 PairingStateTest,
2880 AuthenticationCompleteWithMissingKeyRetriesWithoutKeyAndDoesntAutoConfirmAccepted) {
2881 FakePairingDelegate pairing_delegate(sm::IOCapability::kNoInputNoOutput);
2882
2883 TestStatusHandler status_handler;
2884
2885 SecureSimplePairingState pairing_state(
2886 peer()->GetWeakPtr(),
2887 pairing_delegate.GetWeakPtr(),
2888 connection()->GetWeakPtr(),
2889 /*outgoing_connection=*/true,
2890 MakeAuthRequestCallback(),
2891 status_handler.MakeStatusCallback(),
2892 /*low_energy_address_delegate=*/this,
2893 /*controller_remote_public_key_validation_supported=*/true,
2894 sm_factory_func(),
2895 dispatcher());
2896
2897 auto existing_link_key = sm::LTK(
2898 sm::SecurityProperties(kTestUnauthenticatedLinkKeyType192), kTestLinkKey);
2899
2900 EXPECT_TRUE(peer()->MutBrEdr().SetBondData(existing_link_key));
2901 EXPECT_FALSE(connection()->ltk().has_value());
2902
2903 pairing_state.InitiatePairing(kNoSecurityRequirements, NoOpStatusCallback);
2904 EXPECT_EQ(1u, auth_request_count());
2905
2906 auto reply_key = pairing_state.OnLinkKeyRequest();
2907 ASSERT_TRUE(reply_key.has_value());
2908 EXPECT_EQ(kTestLinkKey, reply_key.value());
2909 EXPECT_EQ(0, status_handler.call_count());
2910
2911 // Peer says that they don't have a key.
2912 pairing_state.OnAuthenticationComplete(
2913 pw::bluetooth::emboss::StatusCode::PIN_OR_KEY_MISSING);
2914 ASSERT_EQ(0, status_handler.call_count());
2915 // We should retry the authentication request, this time pretending we don't
2916 // have a key.
2917 EXPECT_EQ(2u, auth_request_count());
2918
2919 EXPECT_EQ(std::nullopt, pairing_state.OnLinkKeyRequest());
2920 EXPECT_EQ(0, status_handler.call_count());
2921
2922 static_cast<void>(pairing_state.OnIoCapabilityRequest());
2923 pairing_state.OnIoCapabilityResponse(IoCapability::NO_INPUT_NO_OUTPUT);
2924 pairing_delegate.SetConfirmPairingCallback([this](PeerId peer_id, auto cb) {
2925 EXPECT_EQ(peer()->identifier(), peer_id);
2926 ASSERT_TRUE(cb);
2927 cb(true);
2928 });
2929 bool confirmed = false;
2930 pairing_state.OnUserConfirmationRequest(
2931 kTestPasskey, [&confirmed](bool confirm) { confirmed = confirm; });
2932
2933 EXPECT_TRUE(confirmed);
2934
2935 pairing_delegate.SetCompletePairingCallback(
2936 [this](PeerId peer_id, sm::Result<> status) {
2937 EXPECT_EQ(peer()->identifier(), peer_id);
2938 EXPECT_EQ(fit::ok(), status);
2939 });
2940
2941 // The controller sends a SimplePairingComplete indicating the success, then
2942 // the controller sends us the new link key, and Authentication Complete.
2943 // Negative Confirmation.
2944 auto status_code = pw::bluetooth::emboss::StatusCode::SUCCESS;
2945 pairing_state.OnSimplePairingComplete(status_code);
2946
2947 const auto new_link_key_value = UInt128{0xC0,
2948 0xDE,
2949 0xFA,
2950 0xCE,
2951 0x00,
2952 0x00,
2953 0x00,
2954 0x00,
2955 0x00,
2956 0x00,
2957 0x00,
2958 0x00,
2959 0x00,
2960 0x00,
2961 0x00,
2962 0x04};
2963
2964 pairing_state.OnLinkKeyNotification(new_link_key_value,
2965 kTestUnauthenticatedLinkKeyType192);
2966 pairing_state.OnAuthenticationComplete(
2967 pw::bluetooth::emboss::StatusCode::SUCCESS);
2968 // then we request encryption, which when it finishes, completes pairing.
2969 ASSERT_EQ(1, connection()->start_encryption_count());
2970 connection()->TriggerEncryptionChangeCallback(fit::ok(true));
2971
2972 EXPECT_EQ(1, status_handler.call_count());
2973 ASSERT_TRUE(status_handler.status().has_value());
2974 EXPECT_EQ(ToResult(status_code), status_handler.status().value());
2975
2976 // The new link key should be stored in the connection now.
2977 auto new_link_key = hci_spec::LinkKey(new_link_key_value, 0, 0);
2978 EXPECT_EQ(new_link_key, connection()->ltk());
2979 }
2980
TEST_F(PairingStateTest,MultipleQueuedPairingRequestsWithSameSecurityRequirementsCompleteAtSameTimeWithSuccess)2981 TEST_F(
2982 PairingStateTest,
2983 MultipleQueuedPairingRequestsWithSameSecurityRequirementsCompleteAtSameTimeWithSuccess) {
2984 NoOpPairingDelegate pairing_delegate(sm::IOCapability::kNoInputNoOutput);
2985
2986 TestStatusHandler status_handler;
2987
2988 SecureSimplePairingState pairing_state(
2989 peer()->GetWeakPtr(),
2990 pairing_delegate.GetWeakPtr(),
2991 connection()->GetWeakPtr(),
2992 /*outgoing_connection=*/false,
2993 MakeAuthRequestCallback(),
2994 status_handler.MakeStatusCallback(),
2995 /*low_energy_address_delegate=*/this,
2996 /*controller_remote_public_key_validation_supported=*/true,
2997 sm_factory_func(),
2998 dispatcher());
2999
3000 TestStatusHandler initiate_status_handler_0;
3001 pairing_state.InitiatePairing(kNoSecurityRequirements,
3002 initiate_status_handler_0.MakeStatusCallback());
3003 EXPECT_EQ(1u, auth_request_count());
3004
3005 TestStatusHandler initiate_status_handler_1;
3006 pairing_state.InitiatePairing(kNoSecurityRequirements,
3007 initiate_status_handler_1.MakeStatusCallback());
3008 EXPECT_EQ(1u, auth_request_count());
3009
3010 AdvanceToEncryptionAsInitiator(&pairing_state);
3011 EXPECT_EQ(0, status_handler.call_count());
3012 EXPECT_EQ(1, connection()->start_encryption_count());
3013
3014 connection()->TriggerEncryptionChangeCallback(fit::ok(true));
3015 EXPECT_EQ(1, status_handler.call_count());
3016 ASSERT_TRUE(status_handler.status());
3017 EXPECT_EQ(fit::ok(), *status_handler.status());
3018 ASSERT_EQ(1, initiate_status_handler_0.call_count());
3019 EXPECT_EQ(fit::ok(), *initiate_status_handler_0.status());
3020 ASSERT_EQ(1, initiate_status_handler_1.call_count());
3021 EXPECT_EQ(fit::ok(), *initiate_status_handler_1.status());
3022 }
3023
TEST_F(PairingStateTest,MultipleQueuedPairingRequestsWithAuthSecurityRequirementsCompleteAtSameTimeWithInsufficientSecurityFailure)3024 TEST_F(
3025 PairingStateTest,
3026 MultipleQueuedPairingRequestsWithAuthSecurityRequirementsCompleteAtSameTimeWithInsufficientSecurityFailure) {
3027 NoOpPairingDelegate pairing_delegate(sm::IOCapability::kNoInputNoOutput);
3028
3029 TestStatusHandler status_handler;
3030
3031 SecureSimplePairingState pairing_state(
3032 peer()->GetWeakPtr(),
3033 pairing_delegate.GetWeakPtr(),
3034 connection()->GetWeakPtr(),
3035 /*outgoing_connection=*/false,
3036 MakeAuthRequestCallback(),
3037 status_handler.MakeStatusCallback(),
3038 /*low_energy_address_delegate=*/this,
3039 /*controller_remote_public_key_validation_supported=*/true,
3040 sm_factory_func(),
3041 dispatcher());
3042
3043 constexpr BrEdrSecurityRequirements kSecurityRequirements{
3044 .authentication = true, .secure_connections = false};
3045
3046 TestStatusHandler initiate_status_handler_0;
3047 pairing_state.InitiatePairing(kSecurityRequirements,
3048 initiate_status_handler_0.MakeStatusCallback());
3049 EXPECT_EQ(1u, auth_request_count());
3050
3051 TestStatusHandler initiate_status_handler_1;
3052 pairing_state.InitiatePairing(kSecurityRequirements,
3053 initiate_status_handler_1.MakeStatusCallback());
3054 EXPECT_EQ(1u, auth_request_count());
3055
3056 // Pair with unauthenticated link key.
3057 AdvanceToEncryptionAsInitiator(&pairing_state);
3058 EXPECT_EQ(0, status_handler.call_count());
3059 EXPECT_EQ(1, connection()->start_encryption_count());
3060
3061 connection()->TriggerEncryptionChangeCallback(fit::ok(true));
3062 EXPECT_EQ(1, status_handler.call_count());
3063 ASSERT_TRUE(status_handler.status());
3064 EXPECT_EQ(fit::ok(), *status_handler.status());
3065 ASSERT_EQ(1, initiate_status_handler_0.call_count());
3066 EXPECT_EQ(ToResult(HostError::kInsufficientSecurity),
3067 initiate_status_handler_0.status().value());
3068 ASSERT_EQ(1, initiate_status_handler_1.call_count());
3069 EXPECT_EQ(ToResult(HostError::kInsufficientSecurity),
3070 initiate_status_handler_1.status().value());
3071 }
3072
TEST_F(PairingStateTest,AuthPairingRequestDuringInitiatorNoAuthPairingFailsQueuedAuthPairingRequest)3073 TEST_F(
3074 PairingStateTest,
3075 AuthPairingRequestDuringInitiatorNoAuthPairingFailsQueuedAuthPairingRequest) {
3076 NoOpPairingDelegate pairing_delegate(sm::IOCapability::kNoInputNoOutput);
3077
3078 TestStatusHandler status_handler;
3079
3080 SecureSimplePairingState pairing_state(
3081 peer()->GetWeakPtr(),
3082 pairing_delegate.GetWeakPtr(),
3083 connection()->GetWeakPtr(),
3084 /*outgoing_connection=*/false,
3085 MakeAuthRequestCallback(),
3086 status_handler.MakeStatusCallback(),
3087 /*low_energy_address_delegate=*/this,
3088 /*controller_remote_public_key_validation_supported=*/true,
3089 sm_factory_func(),
3090 dispatcher());
3091
3092 TestStatusHandler initiate_status_handler_0;
3093 pairing_state.InitiatePairing(kNoSecurityRequirements,
3094 initiate_status_handler_0.MakeStatusCallback());
3095
3096 TestStatusHandler initiate_status_handler_1;
3097 constexpr BrEdrSecurityRequirements kSecurityRequirements{
3098 .authentication = true, .secure_connections = false};
3099 pairing_state.InitiatePairing(kSecurityRequirements,
3100 initiate_status_handler_1.MakeStatusCallback());
3101
3102 // Pair with unauthenticated link key.
3103 AdvanceToEncryptionAsInitiator(&pairing_state);
3104
3105 EXPECT_EQ(0, status_handler.call_count());
3106 EXPECT_EQ(1, connection()->start_encryption_count());
3107
3108 FakePairingDelegate fake_pairing_delegate(kTestLocalIoCap);
3109 pairing_state.SetPairingDelegate(fake_pairing_delegate.GetWeakPtr());
3110
3111 connection()->TriggerEncryptionChangeCallback(fit::ok(true));
3112 EXPECT_EQ(1, status_handler.call_count());
3113 ASSERT_TRUE(status_handler.status());
3114 EXPECT_EQ(fit::ok(), *status_handler.status());
3115 ASSERT_EQ(1, initiate_status_handler_0.call_count());
3116 EXPECT_EQ(fit::ok(), *initiate_status_handler_0.status());
3117 ASSERT_EQ(1, initiate_status_handler_1.call_count());
3118 EXPECT_EQ(ToResult(HostError::kInsufficientSecurity),
3119 initiate_status_handler_1.status().value());
3120
3121 // Pairing for second request should not start.
3122 EXPECT_FALSE(pairing_state.initiator());
3123 }
3124
TEST_F(PairingStateTest,InitiatingPairingDuringAuthenticationWithExistingUnauthenticatedLinkKey)3125 TEST_F(
3126 PairingStateTest,
3127 InitiatingPairingDuringAuthenticationWithExistingUnauthenticatedLinkKey) {
3128 FakePairingDelegate pairing_delegate(kTestLocalIoCap);
3129
3130 TestStatusHandler status_handler;
3131
3132 SecureSimplePairingState pairing_state(
3133 peer()->GetWeakPtr(),
3134 pairing_delegate.GetWeakPtr(),
3135 connection()->GetWeakPtr(),
3136 /*outgoing_connection=*/false,
3137 MakeAuthRequestCallback(),
3138 status_handler.MakeStatusCallback(),
3139 /*low_energy_address_delegate=*/this,
3140 /*controller_remote_public_key_validation_supported=*/true,
3141 sm_factory_func(),
3142 dispatcher());
3143
3144 EXPECT_TRUE(peer()->MutBrEdr().SetBondData(
3145 sm::LTK(sm::SecurityProperties(kTestUnauthenticatedLinkKeyType192),
3146 kTestLinkKey)));
3147
3148 TestStatusHandler initiator_status_handler_0;
3149 pairing_state.InitiatePairing(
3150 kNoSecurityRequirements, initiator_status_handler_0.MakeStatusCallback());
3151 EXPECT_EQ(1u, auth_request_count());
3152
3153 TestStatusHandler initiator_status_handler_1;
3154 constexpr BrEdrSecurityRequirements kSecurityRequirements{
3155 .authentication = true, .secure_connections = false};
3156 pairing_state.InitiatePairing(
3157 kSecurityRequirements, initiator_status_handler_1.MakeStatusCallback());
3158 EXPECT_EQ(1u, auth_request_count());
3159
3160 // Authenticate with link key.
3161 EXPECT_NE(std::nullopt, pairing_state.OnLinkKeyRequest());
3162 EXPECT_TRUE(connection()->ltk().has_value());
3163 pairing_state.OnAuthenticationComplete(
3164 pw::bluetooth::emboss::StatusCode::SUCCESS);
3165
3166 EXPECT_EQ(0, status_handler.call_count());
3167 EXPECT_EQ(1, connection()->start_encryption_count());
3168
3169 connection()->TriggerEncryptionChangeCallback(fit::ok(true));
3170 ASSERT_EQ(1, status_handler.call_count());
3171 EXPECT_EQ(fit::ok(), *status_handler.status());
3172 ASSERT_EQ(1, initiator_status_handler_0.call_count());
3173 EXPECT_EQ(fit::ok(), *initiator_status_handler_0.status());
3174 EXPECT_EQ(0, initiator_status_handler_1.call_count());
3175
3176 pairing_delegate.SetDisplayPasskeyCallback(
3177 [](PeerId, uint32_t, PairingDelegate::DisplayMethod, auto cb) {
3178 cb(true);
3179 });
3180 pairing_delegate.SetCompletePairingCallback(
3181 [](PeerId, sm::Result<> status) { EXPECT_EQ(fit::ok(), status); });
3182
3183 // Pairing for second request should start.
3184 EXPECT_EQ(2u, auth_request_count());
3185 EXPECT_TRUE(pairing_state.initiator());
3186 EXPECT_EQ(std::nullopt, pairing_state.OnLinkKeyRequest());
3187 EXPECT_EQ(IoCapability::DISPLAY_YES_NO,
3188 *pairing_state.OnIoCapabilityRequest());
3189 pairing_state.OnIoCapabilityResponse(IoCapability::DISPLAY_YES_NO);
3190
3191 bool confirmed = false;
3192 pairing_state.OnUserConfirmationRequest(
3193 kTestPasskey, [&confirmed](bool confirm) { confirmed = confirm; });
3194 EXPECT_TRUE(confirmed);
3195
3196 pairing_state.OnSimplePairingComplete(
3197 pw::bluetooth::emboss::StatusCode::SUCCESS);
3198 pairing_state.OnLinkKeyNotification(kTestLinkKeyValue,
3199 kTestAuthenticatedLinkKeyType192);
3200 pairing_state.OnAuthenticationComplete(
3201 pw::bluetooth::emboss::StatusCode::SUCCESS);
3202 EXPECT_EQ(2, connection()->start_encryption_count());
3203
3204 connection()->TriggerEncryptionChangeCallback(fit::ok(true));
3205 ASSERT_EQ(2, status_handler.call_count());
3206 EXPECT_EQ(fit::ok(), *status_handler.status());
3207 EXPECT_EQ(1, initiator_status_handler_0.call_count());
3208 ASSERT_EQ(1, initiator_status_handler_1.call_count());
3209 EXPECT_EQ(fit::ok(), *initiator_status_handler_1.status());
3210
3211 // No further pairing should occur.
3212 EXPECT_EQ(2u, auth_request_count());
3213 EXPECT_FALSE(pairing_state.initiator());
3214 }
3215
3216 #ifndef NINSPECT
TEST_F(PairingStateTest,Inspect)3217 TEST_F(PairingStateTest, Inspect) {
3218 NoOpPairingDelegate pairing_delegate(kTestLocalIoCap);
3219
3220 TestStatusHandler status_handler;
3221
3222 inspect::Inspector inspector;
3223
3224 SecureSimplePairingState pairing_state(
3225 peer()->GetWeakPtr(),
3226 pairing_delegate.GetWeakPtr(),
3227 connection()->GetWeakPtr(),
3228 /*outgoing_connection=*/false,
3229 MakeAuthRequestCallback(),
3230 status_handler.MakeStatusCallback(),
3231 /*low_energy_address_delegate=*/this,
3232 /*controller_remote_public_key_validation_supported=*/true,
3233 sm_factory_func(),
3234 dispatcher());
3235
3236 pairing_state.AttachInspect(inspector.GetRoot(), "pairing_state");
3237
3238 auto security_properties_matcher =
3239 AllOf(NodeMatches(AllOf(NameMatches("security_properties"),
3240 PropertyList(UnorderedElementsAre(
3241 StringIs("level", "not secure"),
3242 BoolIs("encrypted", false),
3243 BoolIs("secure_connections", false),
3244 BoolIs("authenticated", false),
3245 StringIs("key_type", "kCombination"))))));
3246
3247 auto pairing_state_matcher =
3248 AllOf(NodeMatches(AllOf(NameMatches("pairing_state"),
3249 PropertyList(UnorderedElementsAre(
3250 StringIs("encryption_status", "OFF"))))),
3251 ChildrenMatch(UnorderedElementsAre(security_properties_matcher)));
3252
3253 inspect::Hierarchy hierarchy = bt::testing::ReadInspect(inspector);
3254 EXPECT_THAT(hierarchy, ChildrenMatch(ElementsAre(pairing_state_matcher)));
3255 }
3256 #endif // NINSPECT
3257
TEST_F(PairingStateTest,CentralInitiatorCrossTransportKeyDerivationSuccessFollowedByRepair)3258 TEST_F(PairingStateTest,
3259 CentralInitiatorCrossTransportKeyDerivationSuccessFollowedByRepair) {
3260 ASSERT_EQ(connection()->role(),
3261 pw::bluetooth::emboss::ConnectionRole::CENTRAL);
3262
3263 NoOpPairingDelegate pairing_delegate(kTestLocalIoCap);
3264 SecureSimplePairingState pairing_state(
3265 peer()->GetWeakPtr(),
3266 pairing_delegate.GetWeakPtr(),
3267 connection()->GetWeakPtr(),
3268 /*outgoing_connection=*/false,
3269 MakeAuthRequestCallback(),
3270 NoOpStatusCallback,
3271 /*low_energy_address_delegate=*/this,
3272 /*controller_remote_public_key_validation_supported=*/true,
3273 sm_factory_func(),
3274 dispatcher());
3275
3276 l2cap::testing::FakeChannel sm_channel(
3277 l2cap::kSMPChannelId, l2cap::kSMPChannelId, kTestHandle, LinkType::kACL);
3278 pairing_state.SetSecurityManagerChannel(sm_channel.GetWeakPtr());
3279 WeakSelf<sm::testing::TestSecurityManager>::WeakPtr security_manager =
3280 sm_factory()->GetTestSm(kTestHandle);
3281 ASSERT_TRUE(security_manager.is_alive());
3282 sm::PairingData pairing_data;
3283 pairing_data.local_ltk = kLtk;
3284 pairing_data.peer_ltk = kLtk;
3285 security_manager->set_pairing_data(pairing_data);
3286
3287 TestStatusHandler status_handler_0;
3288 pairing_state.InitiatePairing(kNoSecurityRequirements,
3289 status_handler_0.MakeStatusCallback());
3290 AdvanceToEncryptionAsInitiator(&pairing_state);
3291 EXPECT_TRUE(pairing_state.initiator());
3292 ASSERT_EQ(0, status_handler_0.call_count());
3293 EXPECT_FALSE(peer()->le());
3294
3295 connection()->TriggerEncryptionChangeCallback(fit::ok(true));
3296 ASSERT_TRUE(status_handler_0.status());
3297 EXPECT_EQ(fit::ok(), *status_handler_0.status());
3298 ASSERT_TRUE(security_manager->last_identity_info().has_value());
3299 EXPECT_EQ(security_manager->last_identity_info()->irk, kIrk);
3300 EXPECT_EQ(security_manager->last_identity_info()->address,
3301 kLEIdentityAddress);
3302 ASSERT_TRUE(peer()->le());
3303 ASSERT_TRUE(peer()->le()->bond_data().has_value());
3304 EXPECT_EQ(peer()->le()->bond_data().value(), pairing_data);
3305 }
3306
3307 // When re-connecting (i.e. no new link key generated, just authentication &
3308 // encryption), no CTKD should take place.
TEST_F(PairingStateTest,CentralInitiatorSkipCrossTransportKeyDerivationIfLinkKeyAlreadyExists)3309 TEST_F(PairingStateTest,
3310 CentralInitiatorSkipCrossTransportKeyDerivationIfLinkKeyAlreadyExists) {
3311 ASSERT_EQ(connection()->role(),
3312 pw::bluetooth::emboss::ConnectionRole::CENTRAL);
3313 EXPECT_TRUE(peer()->MutBrEdr().SetBondData(
3314 sm::LTK(sm::SecurityProperties(kTestUnauthenticatedLinkKeyType256),
3315 kTestLinkKey)));
3316
3317 EXPECT_FALSE(peer()->le());
3318 NoOpPairingDelegate pairing_delegate(kTestLocalIoCap);
3319 SecureSimplePairingState pairing_state(
3320 peer()->GetWeakPtr(),
3321 pairing_delegate.GetWeakPtr(),
3322 connection()->GetWeakPtr(),
3323 /*outgoing_connection=*/false,
3324 MakeAuthRequestCallback(),
3325 NoOpStatusCallback,
3326 /*low_energy_address_delegate=*/this,
3327 /*controller_remote_public_key_validation_supported=*/true,
3328 sm_factory_func(),
3329 dispatcher());
3330
3331 l2cap::testing::FakeChannel sm_channel(
3332 l2cap::kSMPChannelId, l2cap::kSMPChannelId, kTestHandle, LinkType::kACL);
3333 pairing_state.SetSecurityManagerChannel(sm_channel.GetWeakPtr());
3334 WeakSelf<sm::testing::TestSecurityManager>::WeakPtr security_manager =
3335 sm_factory()->GetTestSm(kTestHandle);
3336 ASSERT_TRUE(security_manager.is_alive());
3337 sm::PairingData pairing_data;
3338 pairing_data.local_ltk = kLtk;
3339 pairing_data.peer_ltk = kLtk;
3340 security_manager->set_pairing_data(pairing_data);
3341
3342 TestStatusHandler status_handler;
3343 pairing_state.InitiatePairing(kNoSecurityRequirements,
3344 status_handler.MakeStatusCallback());
3345 EXPECT_NE(std::nullopt, pairing_state.OnLinkKeyRequest());
3346 pairing_state.OnAuthenticationComplete(
3347 pw::bluetooth::emboss::StatusCode::SUCCESS);
3348 EXPECT_EQ(0, status_handler.call_count());
3349 connection()->TriggerEncryptionChangeCallback(fit::ok(true));
3350 EXPECT_EQ(1, status_handler.call_count());
3351 EXPECT_FALSE(security_manager->last_identity_info().has_value());
3352 EXPECT_FALSE(peer()->le());
3353 }
3354
TEST_F(PairingStateTest,CentralInitiatorCrossTransportKeyDerivationFailure)3355 TEST_F(PairingStateTest, CentralInitiatorCrossTransportKeyDerivationFailure) {
3356 ASSERT_EQ(connection()->role(),
3357 pw::bluetooth::emboss::ConnectionRole::CENTRAL);
3358
3359 NoOpPairingDelegate pairing_delegate(kTestLocalIoCap);
3360 SecureSimplePairingState pairing_state(
3361 peer()->GetWeakPtr(),
3362 pairing_delegate.GetWeakPtr(),
3363 connection()->GetWeakPtr(),
3364 /*outgoing_connection=*/false,
3365 MakeAuthRequestCallback(),
3366 NoOpStatusCallback,
3367 /*low_energy_address_delegate=*/this,
3368 /*controller_remote_public_key_validation_supported=*/true,
3369 sm_factory_func(),
3370 dispatcher());
3371
3372 l2cap::testing::FakeChannel sm_channel(
3373 l2cap::kSMPChannelId, l2cap::kSMPChannelId, kTestHandle, LinkType::kACL);
3374 pairing_state.SetSecurityManagerChannel(sm_channel.GetWeakPtr());
3375
3376 // Not setting the pairing data ensures that CTKD fails.
3377 WeakSelf<sm::testing::TestSecurityManager>::WeakPtr security_manager =
3378 sm_factory()->GetTestSm(kTestHandle);
3379 ASSERT_TRUE(security_manager.is_alive());
3380
3381 TestStatusHandler status_handler;
3382 pairing_state.InitiatePairing(kNoSecurityRequirements,
3383 status_handler.MakeStatusCallback());
3384 AdvanceToEncryptionAsInitiator(&pairing_state);
3385 EXPECT_TRUE(pairing_state.initiator());
3386 ASSERT_EQ(0, status_handler.call_count());
3387 EXPECT_FALSE(peer()->le());
3388
3389 connection()->TriggerEncryptionChangeCallback(fit::ok(true));
3390 ASSERT_TRUE(status_handler.status());
3391 // The main pairing should still succeed.
3392 EXPECT_EQ(fit::ok(), *status_handler.status());
3393 EXPECT_FALSE(peer()->le());
3394 EXPECT_FALSE(security_manager->last_identity_info().has_value());
3395 }
3396
TEST_F(PairingStateTest,PeripheralCrossTransportKeyDerivationSuccess)3397 TEST_F(PairingStateTest, PeripheralCrossTransportKeyDerivationSuccess) {
3398 connection()->set_role(pw::bluetooth::emboss::ConnectionRole::PERIPHERAL);
3399
3400 NoOpPairingDelegate pairing_delegate(kTestLocalIoCap);
3401 SecureSimplePairingState pairing_state(
3402 peer()->GetWeakPtr(),
3403 pairing_delegate.GetWeakPtr(),
3404 connection()->GetWeakPtr(),
3405 /*outgoing_connection=*/false,
3406 MakeAuthRequestCallback(),
3407 NoOpStatusCallback,
3408 /*low_energy_address_delegate=*/this,
3409 /*controller_remote_public_key_validation_supported=*/true,
3410 sm_factory_func(),
3411 dispatcher());
3412
3413 l2cap::testing::FakeChannel sm_channel(
3414 l2cap::kSMPChannelId, l2cap::kSMPChannelId, kTestHandle, LinkType::kACL);
3415 pairing_state.SetSecurityManagerChannel(sm_channel.GetWeakPtr());
3416 WeakSelf<sm::testing::TestSecurityManager>::WeakPtr security_manager =
3417 sm_factory()->GetTestSm(kTestHandle);
3418 ASSERT_TRUE(security_manager.is_alive());
3419
3420 EXPECT_FALSE(peer()->le());
3421
3422 sm::PairingData pairing_data;
3423 pairing_data.local_ltk = kLtk;
3424 pairing_data.peer_ltk = kLtk;
3425 security_manager->TriggerPairingComplete(pairing_data);
3426
3427 ASSERT_TRUE(peer()->le());
3428 ASSERT_TRUE(peer()->le()->bond_data().has_value());
3429 EXPECT_EQ(peer()->le()->bond_data().value(), pairing_data);
3430 EXPECT_TRUE(security_manager->last_identity_info().has_value());
3431 }
3432
TEST_F(PairingStateTest,CentralResponderCrossTransportKeyDerivationSuccess)3433 TEST_F(PairingStateTest, CentralResponderCrossTransportKeyDerivationSuccess) {
3434 ASSERT_EQ(connection()->role(),
3435 pw::bluetooth::emboss::ConnectionRole::CENTRAL);
3436
3437 NoOpPairingDelegate pairing_delegate(kTestLocalIoCap);
3438
3439 SecureSimplePairingState pairing_state(
3440 peer()->GetWeakPtr(),
3441 pairing_delegate.GetWeakPtr(),
3442 connection()->GetWeakPtr(),
3443 /*outgoing_connection=*/false,
3444 MakeAuthRequestCallback(),
3445 NoOpStatusCallback,
3446 /*low_energy_address_delegate=*/this,
3447 /*controller_remote_public_key_validation_supported=*/true,
3448 sm_factory_func(),
3449 dispatcher());
3450
3451 l2cap::testing::FakeChannel sm_channel(
3452 l2cap::kSMPChannelId, l2cap::kSMPChannelId, kTestHandle, LinkType::kACL);
3453 pairing_state.SetSecurityManagerChannel(sm_channel.GetWeakPtr());
3454 WeakSelf<sm::testing::TestSecurityManager>::WeakPtr security_manager =
3455 sm_factory()->GetTestSm(kTestHandle);
3456 ASSERT_TRUE(security_manager.is_alive());
3457 sm::PairingData pairing_data;
3458 pairing_data.local_ltk = kLtk;
3459 pairing_data.peer_ltk = kLtk;
3460 security_manager->set_pairing_data(pairing_data);
3461
3462 // Start responder flow
3463 pairing_state.OnIoCapabilityResponse(kTestPeerIoCap);
3464 ASSERT_FALSE(pairing_state.initiator());
3465 static_cast<void>(pairing_state.OnIoCapabilityRequest());
3466 pairing_state.OnUserConfirmationRequest(kTestPasskey,
3467 NoOpUserConfirmationCallback);
3468
3469 pairing_state.OnSimplePairingComplete(
3470 pw::bluetooth::emboss::StatusCode::SUCCESS);
3471 pairing_state.OnLinkKeyNotification(kTestLinkKeyValue,
3472 kTestUnauthenticatedLinkKeyType192);
3473
3474 connection()->TriggerEncryptionChangeCallback(fit::ok(true));
3475 ASSERT_TRUE(security_manager->last_identity_info().has_value());
3476 ASSERT_TRUE(peer()->le());
3477 ASSERT_TRUE(peer()->le()->bond_data().has_value());
3478 }
3479
TEST_F(PairingStateTest,SetNullSecurityManagerChannelIgnored)3480 TEST_F(PairingStateTest, SetNullSecurityManagerChannelIgnored) {
3481 NoOpPairingDelegate pairing_delegate(kTestLocalIoCap);
3482 SecureSimplePairingState pairing_state(
3483 peer()->GetWeakPtr(),
3484 pairing_delegate.GetWeakPtr(),
3485 connection()->GetWeakPtr(),
3486 /*outgoing_connection=*/false,
3487 MakeAuthRequestCallback(),
3488 NoOpStatusCallback,
3489 /*low_energy_address_delegate=*/this,
3490 /*controller_remote_public_key_validation_supported=*/true,
3491 sm_factory_func(),
3492 dispatcher());
3493 pairing_state.SetSecurityManagerChannel(l2cap::Channel::WeakPtr());
3494 }
3495
TEST_F(PairingStateTest,InitiatorWaitForLEPairingToComplete)3496 TEST_F(PairingStateTest, InitiatorWaitForLEPairingToComplete) {
3497 NoOpPairingDelegate pairing_delegate(kTestLocalIoCap);
3498 SecureSimplePairingState pairing_state(
3499 peer()->GetWeakPtr(),
3500 pairing_delegate.GetWeakPtr(),
3501 connection()->GetWeakPtr(),
3502 /*outgoing_connection=*/false,
3503 MakeAuthRequestCallback(),
3504 NoOpStatusCallback,
3505 /*low_energy_address_delegate=*/this,
3506 /*controller_remote_public_key_validation_supported=*/true,
3507 sm_factory_func(),
3508 dispatcher());
3509
3510 std::optional<Peer::PairingToken> pairing_token =
3511 peer()->MutLe().RegisterPairing();
3512
3513 // Queue 2 requests to ensure that edge case is handled.
3514 TestStatusHandler status_handler_0;
3515 pairing_state.InitiatePairing(kNoSecurityRequirements,
3516 status_handler_0.MakeStatusCallback());
3517 TestStatusHandler status_handler_1;
3518 pairing_state.InitiatePairing(kNoSecurityRequirements,
3519 status_handler_1.MakeStatusCallback());
3520 RunUntilIdle();
3521 EXPECT_EQ(auth_request_count(), 0u);
3522
3523 pairing_token.reset();
3524 EXPECT_EQ(auth_request_count(), 1u);
3525
3526 AdvanceToEncryptionAsInitiator(&pairing_state);
3527 EXPECT_TRUE(pairing_state.initiator());
3528 ASSERT_EQ(0, status_handler_0.call_count());
3529 ASSERT_EQ(0, status_handler_1.call_count());
3530
3531 connection()->TriggerEncryptionChangeCallback(fit::ok(true));
3532 ASSERT_TRUE(status_handler_0.status());
3533 EXPECT_EQ(fit::ok(), *status_handler_0.status());
3534 ASSERT_TRUE(status_handler_1.status());
3535 EXPECT_EQ(fit::ok(), *status_handler_1.status());
3536 }
3537
TEST_F(PairingStateTest,LinkKeyRequestWhileInitiatorWaitsForLEPairingToComplete)3538 TEST_F(PairingStateTest,
3539 LinkKeyRequestWhileInitiatorWaitsForLEPairingToComplete) {
3540 NoOpPairingDelegate pairing_delegate(kTestLocalIoCap);
3541 SecureSimplePairingState pairing_state(
3542 peer()->GetWeakPtr(),
3543 pairing_delegate.GetWeakPtr(),
3544 connection()->GetWeakPtr(),
3545 /*outgoing_connection=*/false,
3546 MakeAuthRequestCallback(),
3547 NoOpStatusCallback,
3548 /*low_energy_address_delegate=*/this,
3549 /*controller_remote_public_key_validation_supported=*/true,
3550 sm_factory_func(),
3551 dispatcher());
3552
3553 std::optional<Peer::PairingToken> pairing_token =
3554 peer()->MutLe().RegisterPairing();
3555
3556 TestStatusHandler status_handler_0;
3557 pairing_state.InitiatePairing(kNoSecurityRequirements,
3558 status_handler_0.MakeStatusCallback());
3559 RunUntilIdle();
3560 EXPECT_EQ(auth_request_count(), 0u);
3561
3562 EXPECT_TRUE(peer()->MutBrEdr().SetBondData(
3563 sm::LTK(sm::SecurityProperties(kTestUnauthenticatedLinkKeyType192),
3564 kTestLinkKey)));
3565
3566 static_cast<void>(pairing_state.OnLinkKeyRequest());
3567 ASSERT_EQ(0, status_handler_0.call_count());
3568
3569 connection()->TriggerEncryptionChangeCallback(fit::ok(true));
3570 ASSERT_TRUE(status_handler_0.status());
3571 EXPECT_EQ(fit::ok(), *status_handler_0.status());
3572
3573 // The end of LE pairing should be ignored now.
3574 pairing_token.reset();
3575 EXPECT_EQ(auth_request_count(), 0u);
3576 }
3577
TEST_F(PairingStateTest,IoCapabilityResponseWhileInitiatorWaitsForLEPairingToComplete)3578 TEST_F(PairingStateTest,
3579 IoCapabilityResponseWhileInitiatorWaitsForLEPairingToComplete) {
3580 NoOpPairingDelegate pairing_delegate(kTestLocalIoCap);
3581 SecureSimplePairingState pairing_state(
3582 peer()->GetWeakPtr(),
3583 pairing_delegate.GetWeakPtr(),
3584 connection()->GetWeakPtr(),
3585 /*outgoing_connection=*/false,
3586 MakeAuthRequestCallback(),
3587 NoOpStatusCallback,
3588 /*low_energy_address_delegate=*/this,
3589 /*controller_remote_public_key_validation_supported=*/true,
3590 sm_factory_func(),
3591 dispatcher());
3592
3593 std::optional<Peer::PairingToken> pairing_token =
3594 peer()->MutLe().RegisterPairing();
3595
3596 TestStatusHandler status_handler_0;
3597 pairing_state.InitiatePairing(kNoSecurityRequirements,
3598 status_handler_0.MakeStatusCallback());
3599 RunUntilIdle();
3600 EXPECT_EQ(auth_request_count(), 0u);
3601
3602 pairing_state.OnIoCapabilityResponse(kTestPeerIoCap);
3603 ASSERT_FALSE(pairing_state.initiator());
3604 static_cast<void>(pairing_state.OnIoCapabilityRequest());
3605 pairing_state.OnUserConfirmationRequest(kTestPasskey,
3606 NoOpUserConfirmationCallback);
3607
3608 pairing_state.OnSimplePairingComplete(
3609 pw::bluetooth::emboss::StatusCode::SUCCESS);
3610 pairing_state.OnLinkKeyNotification(kTestLinkKeyValue,
3611 kTestUnauthenticatedLinkKeyType192);
3612
3613 connection()->TriggerEncryptionChangeCallback(fit::ok(true));
3614 ASSERT_TRUE(status_handler_0.status());
3615 EXPECT_EQ(fit::ok(), *status_handler_0.status());
3616
3617 // The end of LE pairing should be ignored now.
3618 pairing_token.reset();
3619 EXPECT_EQ(auth_request_count(), 0u);
3620 }
3621
3622 } // namespace
3623 } // namespace bt::gap
3624