SecurityTest: Create bond Out of Band (f60aac29) · Commits · e / os / android_packages_modules_Bluetooth

system/gd/cert/py_security.py

+2 −0

Original line number	Diff line number	Diff line
		@@ -31,6 +31,8 @@ from security.facade_pb2 import BondMsgType
		from security.facade_pb2 import SecurityPolicyMessage
		from security.facade_pb2 import IoCapabilities
		from security.facade_pb2 import IoCapabilityMessage
		from security.facade_pb2 import OobDataBondMessage
		from security.facade_pb2 import OobDataMessage
		from security.facade_pb2 import OobDataPresentMessage
		from security.facade_pb2 import UiCallbackMsg
		from security.facade_pb2 import UiCallbackType

system/gd/security/cert/cert_security.py

+2 −2

Original line number	Diff line number	Diff line
		@@ -138,7 +138,6 @@ class CertSecurity(PySecurity):
		:return: a tuple of bytes (192c,192r,256c,256r) with increasing security; bytes may be all 0s depending on pb_oob_data_type value

		"""

		oob_data_type = self._oob_present_lookup[pb_oob_data_type]

		if (oob_data_type == hci_packets.OobDataPresent.NOT_PRESENT):
		@@ -221,7 +220,8 @@ class CertSecurity(PySecurity):
		logging.info("Cert: Waiting for controller response")
		assertThat(self._hci_event_stream).emits(
		HciMatchers.CommandComplete(hci_packets.OpCode.WRITE_SECURE_CONNECTIONS_HOST_SUPPORT))
		self._secure_connections_enabled = True
		# TODO(optedoblivion): Figure this out and remove (see classic_pairing_handler.cc)
		#self._secure_connections_enabled = True

		def accept_pairing(self, dut_address, reply_boolean):
		"""

system/gd/security/cert/security_test.py

+65 −0

Original line number	Diff line number	Diff line
		@@ -137,6 +137,27 @@ class SecurityTest(GdBaseTestClass):
		initiator.wait_for_bond_event(expected_init_bond_event)
		responder.wait_for_bond_event(expected_resp_bond_event)

		def _run_ssp_oob(self, initiator, responder, init_ui_response, resp_ui_response, expected_init_ui_event,
		expected_resp_ui_event, expected_init_bond_event, expected_resp_bond_event, p192_oob_data,
		p256_oob_data):
		initiator.enable_secure_simple_pairing()
		responder.enable_secure_simple_pairing()
		initiator.create_bond_out_of_band(responder.get_address(),
		common.BluetoothAddressTypeEnum.PUBLIC_DEVICE_ADDRESS, p192_oob_data,
		p256_oob_data)
		self._verify_ssp_oob(initiator, responder, init_ui_response, resp_ui_response, expected_init_ui_event,
		expected_resp_ui_event, expected_init_bond_event, expected_resp_bond_event, p192_oob_data,
		p256_oob_data)

		# Verifies the events for the numeric comparion test
		def _verify_ssp_oob(self, initiator, responder, init_ui_response, resp_ui_response, expected_init_ui_event,
		expected_resp_ui_event, expected_init_bond_event, expected_resp_bond_event, p192_oob_data,
		p256_oob_data):
		responder.accept_oob_pairing(initiator.get_address())
		initiator.on_user_input(responder.get_address(), init_ui_response, expected_init_ui_event)
		initiator.wait_for_bond_event(expected_init_bond_event)
		responder.wait_for_bond_event(expected_resp_bond_event)

		def test_setup_teardown(self):
		"""
		Make sure our setup and teardown is sane
		@@ -388,3 +409,47 @@ class SecurityTest(GdBaseTestClass):
		assertThat(has192R).isTrue()
		assertThat(has256C).isTrue()
		assertThat(has256R).isTrue()

		def test_successful_dut_initiated_ssp_oob(self):
		dut_io_capability = IoCapabilities.NO_INPUT_NO_OUTPUT
		cert_io_capability = IoCapabilities.NO_INPUT_NO_OUTPUT
		dut_auth_reqs = AuthenticationRequirements.DEDICATED_BONDING_MITM_PROTECTION
		cert_auth_reqs = AuthenticationRequirements.DEDICATED_BONDING_MITM_PROTECTION
		cert_oob_present = OobDataPresent.P192_PRESENT
		self.dut_security.enable_secure_simple_pairing()
		self.dut_security.enable_secure_connections()
		self.cert_security.enable_secure_simple_pairing()
		self.cert_security.enable_secure_connections()
		self.dut_security.set_io_capabilities(dut_io_capability)
		self.dut_security.set_authentication_requirements(dut_auth_reqs)
		self.cert_security.set_io_capabilities(cert_io_capability)
		self.cert_security.set_authentication_requirements(cert_auth_reqs)
		init_ui_response = True
		resp_ui_response = True
		expected_init_ui_event = None # None is auto accept
		expected_resp_ui_event = None # None is auto accept
		expected_init_bond_event = BondMsgType.DEVICE_BONDED
		expected_resp_bond_event = None
		# get_oob_data returns a tuple of bytes (p192c,p192r,p256c,p256r)
		local_oob_data = self.cert_security.get_oob_data_from_controller(cert_oob_present)
		p192_oob_data = local_oob_data[0:2]
		p256_oob_data = local_oob_data[2:4]
		self._run_ssp_oob(
		initiator=self.dut_security,
		responder=self.cert_security,
		init_ui_response=init_ui_response,
		resp_ui_response=resp_ui_response,
		expected_init_ui_event=expected_init_ui_event,
		expected_resp_ui_event=expected_resp_ui_event,
		expected_init_bond_event=expected_init_bond_event,
		expected_resp_bond_event=expected_resp_bond_event,
		p192_oob_data=p192_oob_data,
		p256_oob_data=p256_oob_data)
		self.dut_security.remove_bond(self.cert_security.get_address(),
		common.BluetoothAddressTypeEnum.PUBLIC_DEVICE_ADDRESS)
		self.cert_security.remove_bond(self.dut_security.get_address(),
		common.BluetoothAddressTypeEnum.PUBLIC_DEVICE_ADDRESS)
		self.dut_security.wait_for_bond_event(BondMsgType.DEVICE_UNBONDED)
		self.cert_security.wait_for_bond_event(BondMsgType.DEVICE_UNBONDED)
		self.dut_security.wait_for_disconnect_event()
		self.cert_security.wait_for_disconnect_event()

system/gd/security/pairing/classic_pairing_handler.cc

+2 −1

Original line number	Diff line number	Diff line
		@@ -308,6 +308,8 @@ void ClassicPairingHandler::OnReceive(hci::RemoteOobDataRequestView packet) {
		break;
		case hci::OobDataPresent::P_192_PRESENT:
		LOG_INFO("P192 Present");
		// TODO(optedoblivion): Figure this out and remove
		secure_connections_enabled_ = false;
		if (secure_connections_enabled_) {
		GetChannel()->SendCommand(hci::RemoteOobExtendedDataRequestReplyBuilder::Create(
		GetRecord()->GetPseudoAddress()->GetAddress(),
		@@ -340,7 +342,6 @@ void ClassicPairingHandler::OnReceive(hci::RemoteOobDataRequestView packet) {
		this->remote_p256_oob_data_.GetC(),
		this->remote_p256_oob_data_.GetR()));
		break;
		break;
		}
		}

system/gd/security/pairing/classic_pairing_handler_unittest.cc

+4 −2

Original line number	Diff line number	Diff line
		@@ -655,9 +655,11 @@ TEST_F(ClassicPairingHandlerTest, locally_initiatied_no_input_no_output_no_input
		// At this point the pairing handler thinks it has NOT_PRESENT
		ReceiveOobDataRequest(device_);
		security_command_view = GetLastCommand(hci_layer_);
		auto oob_data_req_reply = hci::RemoteOobExtendedDataRequestReplyView::Create(security_command_view);
		// NOTE(optedoblivion): Extended data is manually disabled in the pairing handler
		// since the controller doesn't seem to currently have support.
		auto oob_data_req_reply = hci::RemoteOobDataRequestReplyView::Create(security_command_view);
		ASSERT_TRUE(oob_data_req_reply.IsValid());
		ASSERT_EQ(OpCode::REMOTE_OOB_EXTENDED_DATA_REQUEST_REPLY, oob_data_req_reply.GetOpCode());
		ASSERT_EQ(OpCode::REMOTE_OOB_DATA_REQUEST_REPLY, oob_data_req_reply.GetOpCode());
		ReceiveSimplePairingComplete(hci::ErrorCode::SUCCESS, device_);
		std::array<uint8_t, 16> link_key = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5};
		hci::KeyType key_type = hci::KeyType::DEBUG_COMBINATION;