Implement encryption key size negotiation (32a7737c) · Commits · e / os / android_packages_modules_Bluetooth

system/gd/security/cert/le_security_test.py

+38 −0

Original line number	Diff line number	Diff line
		@@ -41,6 +41,8 @@ from security.facade_pb2 import UiMsgType
		from security.facade_pb2 import LeAuthRequirementsMessage
		from security.facade_pb2 import LeIoCapabilityMessage
		from security.facade_pb2 import LeOobDataPresentMessage
		from security.facade_pb2 import LeMaximumEncryptionKeySizeMessage

		import time
		from bluetooth_packets_python3.hci_packets import OpCode

		@@ -469,6 +471,42 @@ class LeSecurityTest(GdBaseTestClass):
		assertThat(self.dut_security.get_bond_stream()).emits(
		SecurityMatchers.BondMsg(BondMsgType.DEVICE_BONDED, self.cert_address))

		@metadata(
		pts_test_id="SM/MAS/EKS/BV-01-C",
		pts_test_name="IUT initiator, Lower Tester Maximum Encryption Key Size = Min_Encryption_Key_Length")
		def test_min_encryption_key_size_equal_to_max(self):
		"""
		Verify that the IUT uses correct key size during encryption as initiator.
		"""
		self._prepare_cert_for_connection()

		self.dut.security.SetLeIoCapability(KEYBOARD_DISPLAY)
		self.dut.security.SetLeOobDataPresent(OOB_NOT_PRESENT)
		self.dut_security.SetLeAuthRequirements(secure_connections=1)
		self.dut.security.SetLeMaximumEncryptionKeySize(
		LeMaximumEncryptionKeySizeMessage(maximum_encryption_key_size=0x10))

		self.cert.security.SetLeIoCapability(NO_INPUT_NO_OUTPUT)
		self.cert.security.SetLeOobDataPresent(OOB_NOT_PRESENT)
		self.cert_security.SetLeAuthRequirements(mitm=1, secure_connections=1)
		self.cert.security.SetLeMaximumEncryptionKeySize(
		LeMaximumEncryptionKeySizeMessage(maximum_encryption_key_size=0x07))

		# 1. IUT transmits a Pairing Request
		self.dut.security.CreateBondLe(self.cert_address)

		assertThat(self.cert_security.get_ui_stream()).emits(
		SecurityMatchers.UiMsg(UiMsgType.DISPLAY_PAIRING_PROMPT, self.dut_address))

		# 2. Lower Tester responds with Pairing Response command with Maximum Encryption Key Size field set to Min_Encryption_Key_Length’.
		self.cert.security.SendUiCallback(
		UiCallbackMsg(
		message_type=UiCallbackType.PAIRING_PROMPT, boolean=True, unique_id=1, address=self.dut_address))

		# 3. IUT and Lower Tester perform phase 2 of the LE pairing and establish an encrypted link with the key generated in phase 2.
		assertThat(self.dut_security.get_bond_stream()).emits(
		SecurityMatchers.BondMsg(BondMsgType.DEVICE_BONDED, self.cert_address))

		@metadata(
		pts_test_id="SM/MAS/SCPK/BV-01-C", pts_test_name="Passkey Entry, IUT Initiator, Secure Connections – Success")
		def test_passkey_entry_iut_initiator_secure_connections(self):

system/gd/security/facade.cc

+9 −0

Original line number	Diff line number	Diff line
		@@ -216,6 +216,15 @@ class SecurityModuleFacadeService : public SecurityModuleFacade::Service, public
		return ::grpc::Status::OK;
		}

		::grpc::Status SetLeMaximumEncryptionKeySize(
		::grpc::ServerContext* context,
		const LeMaximumEncryptionKeySizeMessage* request,
		::google::protobuf::Empty* response) override {
		security_module_->GetFacadeConfigurationApi()->SetLeMaximumEncryptionKeySize(
		request->maximum_encryption_key_size());
		return ::grpc::Status::OK;
		}

		::grpc::Status SetLeOobDataPresent(
		::grpc::ServerContext* context,
		const LeOobDataPresentMessage* request,

system/gd/security/facade.proto

+5 −0

Original line number	Diff line number	Diff line
		@@ -17,6 +17,7 @@ service SecurityModuleFacade {
		rpc SetOobDataPresent(OobDataPresentMessage) returns (google.protobuf.Empty) {}
		rpc SetLeIoCapability(LeIoCapabilityMessage) returns (google.protobuf.Empty) {}
		rpc SetLeAuthRequirements(LeAuthRequirementsMessage) returns (google.protobuf.Empty) {}
		rpc SetLeMaximumEncryptionKeySize(LeMaximumEncryptionKeySizeMessage) returns (google.protobuf.Empty) {}
		rpc GetOutOfBandData(google.protobuf.Empty) returns (OobDataMessage) {}
		rpc SetOutOfBandData(OobDataMessage) returns (google.protobuf.Empty) {}
		rpc SetLeOobDataPresent(LeOobDataPresentMessage) returns (google.protobuf.Empty) {}
		@@ -128,6 +129,10 @@ message LeAuthRequirementsMessage {
		uint32 reserved_bits = 6;
		}

		message LeMaximumEncryptionKeySizeMessage {
		uint32 maximum_encryption_key_size = 1;
		}

		message LeOobDataPresentMessage {
		enum LeOobDataFlag {
		NOT_PRESENT = 0;

system/gd/security/facade_configuration_api.cc

+7 −0

Original line number	Diff line number	Diff line
		@@ -51,6 +51,13 @@ void FacadeConfigurationApi::SetLeAuthRequirements(uint8_t auth_req) {
		security_handler_->CallOn(security_manager_impl_, &internal::SecurityManagerImpl::SetLeAuthRequirements, auth_req);
		}

		void FacadeConfigurationApi::SetLeMaximumEncryptionKeySize(uint8_t maximum_encryption_key_size) {
		security_handler_->CallOn(
		security_manager_impl_,
		&internal::SecurityManagerImpl::SetLeMaximumEncryptionKeySize,
		maximum_encryption_key_size);
		}

		void FacadeConfigurationApi::SetLeOobDataPresent(OobDataFlag oob_present) {
		security_handler_->CallOn(security_manager_impl_, &internal::SecurityManagerImpl::SetLeOobDataPresent, oob_present);
		}

system/gd/security/facade_configuration_api.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -49,6 +49,7 @@ class FacadeConfigurationApi {

		void SetLeIoCapability(security::IoCapability io_capability);
		void SetLeAuthRequirements(uint8_t auth_req);
		void SetLeMaximumEncryptionKeySize(uint8_t maximum_encryption_key_size);
		void SetLeOobDataPresent(OobDataFlag oob_present);
		void GetOutOfBandData(std::array<uint8_t, 16>* le_sc_confirmation_value, std::array<uint8_t, 16>* le_sc_random_value);
		void SetOutOfBandData(