1 /*
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
17 * under the License.
18 */
19
20 #include <stddef.h>
21 #include <string.h>
22 #include <errno.h>
23 #include "testutil/testutil.h"
24 #include "nimble/hci_common.h"
25 #include "nimble/nimble_opt.h"
26 #include "host/ble_sm.h"
27 #include "host/ble_hs_test.h"
28 #include "host/ble_hs_id.h"
29 #include "ble_hs_test_util.h"
30 #include "ble_sm_test_util.h"
31
32 int ble_sm_test_gap_event_type;
33 int ble_sm_test_gap_status;
34 struct ble_gap_sec_state ble_sm_test_sec_state;
35 static struct ble_gap_passkey_params ble_sm_test_ioact;
36
37 static struct {
38 /** Handle reported in previous repeat pairing event. */
39 struct ble_gap_repeat_pairing rp;
40
41 struct ble_sm_test_params params;
42
43 /** What the callback should return this time. */
44 int rc;
45
46 /** What the callback should return next time. */
47 int next_rc;
48
49 /**
50 * Whether the callback should erase the conflicting entry before retrying.
51 */
52 int erase_on_retry;
53
54 /** The number of times the event got reported. */
55 int num_calls;
56 } ble_sm_test_repeat_pairing;
57
58 struct ble_sm_test_util_entity {
59 uint8_t addr_type;
60 uint8_t id_addr_type;
61 uint8_t *id_addr;
62 uint8_t *rpa;
63
64 struct ble_sm_pair_cmd *pair_cmd;
65 struct ble_sm_pair_confirm *confirms;
66 struct ble_sm_pair_random *randoms;
67 struct ble_sm_id_info *id_info;
68 struct ble_sm_id_addr_info *id_addr_info;
69 struct ble_sm_sign_info *sign_info;
70 uint8_t *ltk;
71
72 uint8_t key_dist;
73
74 /*** Secure connections fields. */
75 struct ble_sm_public_key *public_key;
76 struct ble_sm_dhkey_check *dhkey_check;
77
78 /*** Legacy fields. */
79 struct ble_sm_enc_info *enc_info;
80 struct ble_sm_master_id *master_id;
81 uint64_t rand_num;
82 uint16_t ediv;
83 };
84
85 static void ble_sm_test_util_repeat_pairing(struct ble_sm_test_params *params,
86 int sc);
87
88 #define BLE_SM_TEST_UTIL_HCI_HDR(handle, pb, len) \
89 ((struct hci_data_hdr) { \
90 .hdh_handle_pb_bc = ((handle) << 0) | \
91 ((pb) << 12), \
92 .hdh_len = (len) \
93 })
94
95 static void
ble_sm_pair_cmd_parse(void * payload,int len,struct ble_sm_pair_cmd * cmd)96 ble_sm_pair_cmd_parse(void *payload, int len, struct ble_sm_pair_cmd *cmd)
97 {
98 uint8_t *u8ptr;
99
100 BLE_HS_DBG_ASSERT(len >= sizeof(struct ble_sm_pair_cmd));
101
102 u8ptr = payload;
103 cmd->io_cap = u8ptr[0];
104 cmd->oob_data_flag = u8ptr[1];
105 cmd->authreq = u8ptr[2];
106 cmd->max_enc_key_size = u8ptr[3];
107 cmd->init_key_dist = u8ptr[4];
108 cmd->resp_key_dist = u8ptr[5];
109 }
110
111 static void
ble_sm_pair_cmd_write(void * payload,int len,int is_req,struct ble_sm_pair_cmd * cmd)112 ble_sm_pair_cmd_write(void *payload, int len, int is_req,
113 struct ble_sm_pair_cmd *cmd)
114 {
115 uint8_t *u8ptr;
116
117 BLE_HS_DBG_ASSERT(
118 len >= sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_pair_cmd));
119
120 u8ptr = payload;
121 u8ptr[0] = is_req ? BLE_SM_OP_PAIR_REQ : BLE_SM_OP_PAIR_RSP;
122 u8ptr[1] = cmd->io_cap;
123 u8ptr[2] = cmd->oob_data_flag;
124 u8ptr[3] = cmd->authreq;
125 u8ptr[4] = cmd->max_enc_key_size;
126 u8ptr[5] = cmd->init_key_dist;
127 u8ptr[6] = cmd->resp_key_dist;
128 }
129
130 static void
ble_sm_pair_confirm_parse(void * payload,int len,struct ble_sm_pair_confirm * cmd)131 ble_sm_pair_confirm_parse(void *payload, int len,
132 struct ble_sm_pair_confirm *cmd)
133 {
134 BLE_HS_DBG_ASSERT(len >= sizeof(struct ble_sm_pair_confirm));
135 memcpy(cmd->value, payload, sizeof cmd->value);
136 }
137
138 static void
ble_sm_pair_confirm_write(void * payload,int len,struct ble_sm_pair_confirm * cmd)139 ble_sm_pair_confirm_write(void *payload, int len,
140 struct ble_sm_pair_confirm *cmd)
141 {
142 uint8_t *u8ptr;
143
144 BLE_HS_DBG_ASSERT(
145 len >= sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_pair_confirm));
146
147 u8ptr = payload;
148
149 u8ptr[0] = BLE_SM_OP_PAIR_CONFIRM;
150 memcpy(u8ptr + sizeof(struct ble_sm_hdr), cmd->value, sizeof cmd->value);
151 }
152
153 static void
ble_sm_pair_random_parse(void * payload,int len,struct ble_sm_pair_random * cmd)154 ble_sm_pair_random_parse(void *payload, int len,
155 struct ble_sm_pair_random *cmd)
156 {
157 BLE_HS_DBG_ASSERT(len >= sizeof(struct ble_sm_pair_random));
158 memcpy(cmd->value, payload, sizeof cmd->value);
159 }
160
161 static void
ble_sm_pair_random_write(void * payload,int len,struct ble_sm_pair_random * cmd)162 ble_sm_pair_random_write(void *payload, int len,
163 struct ble_sm_pair_random *cmd)
164 {
165 uint8_t *u8ptr;
166
167 BLE_HS_DBG_ASSERT(
168 len >= sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_pair_random));
169
170 u8ptr = payload;
171
172 u8ptr[0] = BLE_SM_OP_PAIR_RANDOM;
173 memcpy(u8ptr + sizeof(struct ble_sm_hdr), cmd->value, sizeof cmd->value);
174 }
175
176 static void
ble_sm_pair_fail_parse(void * payload,int len,struct ble_sm_pair_fail * cmd)177 ble_sm_pair_fail_parse(void *payload, int len, struct ble_sm_pair_fail *cmd)
178 {
179 uint8_t *u8ptr;
180
181 BLE_HS_DBG_ASSERT(len >= sizeof(struct ble_sm_pair_fail));
182
183 u8ptr = payload;
184 cmd->reason = u8ptr[0];
185 }
186
187 static void
ble_sm_enc_info_parse(void * payload,int len,struct ble_sm_enc_info * cmd)188 ble_sm_enc_info_parse(void *payload, int len, struct ble_sm_enc_info *cmd)
189 {
190 BLE_HS_DBG_ASSERT(len >= sizeof(struct ble_sm_enc_info));
191
192 memcpy(cmd->ltk, payload, sizeof cmd->ltk);
193 }
194
195 static void
ble_sm_enc_info_write(void * payload,int len,struct ble_sm_enc_info * cmd)196 ble_sm_enc_info_write(void *payload, int len, struct ble_sm_enc_info *cmd)
197 {
198 uint8_t *u8ptr;
199
200 BLE_HS_DBG_ASSERT(
201 len >= sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_enc_info));
202
203 u8ptr = payload;
204
205 u8ptr[0] = BLE_SM_OP_ENC_INFO;
206 memcpy(u8ptr + 1, cmd->ltk, sizeof cmd->ltk);
207 }
208
209 static void
ble_sm_master_id_parse(void * payload,int len,struct ble_sm_master_id * cmd)210 ble_sm_master_id_parse(void *payload, int len, struct ble_sm_master_id *cmd)
211 {
212 uint8_t *u8ptr;
213
214 BLE_HS_DBG_ASSERT(len >= sizeof(struct ble_sm_master_id));
215
216 u8ptr = payload;
217
218 cmd->ediv = get_le16(u8ptr);
219 cmd->rand_val = get_le64(u8ptr + 2);
220 }
221
222 static void
ble_sm_master_id_write(void * payload,int len,struct ble_sm_master_id * cmd)223 ble_sm_master_id_write(void *payload, int len, struct ble_sm_master_id *cmd)
224 {
225 uint8_t *u8ptr;
226
227 BLE_HS_DBG_ASSERT(
228 len >= sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_master_id));
229
230 u8ptr = payload;
231
232 u8ptr[0] = BLE_SM_OP_MASTER_ID;
233 put_le16(u8ptr + 1, cmd->ediv);
234 put_le64(u8ptr + 3, cmd->rand_val);
235 }
236
237 static void
ble_sm_id_info_parse(void * payload,int len,struct ble_sm_id_info * cmd)238 ble_sm_id_info_parse(void *payload, int len, struct ble_sm_id_info *cmd)
239 {
240 BLE_HS_DBG_ASSERT(len >= sizeof(struct ble_sm_id_info));
241
242 memcpy(cmd->irk, payload, 16);
243 }
244
245 static void
ble_sm_id_info_write(void * payload,int len,struct ble_sm_id_info * cmd)246 ble_sm_id_info_write(void *payload, int len, struct ble_sm_id_info *cmd)
247 {
248 uint8_t *u8ptr;
249
250 BLE_HS_DBG_ASSERT(
251 len >= sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_id_info));
252
253 u8ptr = payload;
254
255 u8ptr[0] = BLE_SM_OP_IDENTITY_INFO;
256 memcpy(u8ptr + sizeof(struct ble_sm_hdr), cmd->irk, sizeof cmd->irk);
257 }
258
259 static void
ble_sm_id_addr_info_parse(void * payload,int len,struct ble_sm_id_addr_info * cmd)260 ble_sm_id_addr_info_parse(void *payload, int len,
261 struct ble_sm_id_addr_info *cmd)
262 {
263 uint8_t *u8ptr;
264
265 BLE_HS_DBG_ASSERT(len >= sizeof(struct ble_sm_id_addr_info));
266
267 u8ptr = payload;
268
269 cmd->addr_type = *u8ptr;
270 memcpy(cmd->bd_addr, u8ptr + 1, 6);
271 }
272
273 static void
ble_sm_id_addr_info_write(void * payload,int len,struct ble_sm_id_addr_info * cmd)274 ble_sm_id_addr_info_write(void *payload, int len,
275 struct ble_sm_id_addr_info *cmd)
276 {
277 uint8_t *u8ptr;
278
279 BLE_HS_DBG_ASSERT(
280 len >= sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_id_addr_info));
281
282 u8ptr = payload;
283
284 u8ptr[0] = BLE_SM_OP_IDENTITY_ADDR_INFO;
285 u8ptr[1] = cmd->addr_type;
286 memcpy(u8ptr + 2, cmd->bd_addr, sizeof cmd->bd_addr);
287 }
288
289 static void
ble_sm_sign_info_parse(void * payload,int len,struct ble_sm_sign_info * cmd)290 ble_sm_sign_info_parse(void *payload, int len, struct ble_sm_sign_info *cmd)
291 {
292 BLE_HS_DBG_ASSERT(len >= sizeof(struct ble_sm_sign_info));
293
294 memcpy(cmd->sig_key, payload, 16);
295 }
296
297 static void
ble_sm_sign_info_write(void * payload,int len,struct ble_sm_sign_info * cmd)298 ble_sm_sign_info_write(void *payload, int len, struct ble_sm_sign_info *cmd)
299 {
300 uint8_t *u8ptr;
301
302 BLE_HS_DBG_ASSERT(
303 len >= sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_sign_info));
304
305 u8ptr = payload;
306
307 u8ptr[0] = BLE_SM_OP_SIGN_INFO;
308 memcpy(u8ptr + sizeof(struct ble_sm_hdr),
309 cmd->sig_key, sizeof cmd->sig_key);
310 }
311
312 static void
ble_sm_sec_req_parse(void * payload,int len,struct ble_sm_sec_req * cmd)313 ble_sm_sec_req_parse(void *payload, int len, struct ble_sm_sec_req *cmd)
314 {
315 uint8_t *u8ptr;
316
317 BLE_HS_DBG_ASSERT(len >= sizeof(struct ble_sm_sec_req));
318
319 u8ptr = payload;
320 cmd->authreq = *u8ptr;
321 }
322
323 static void
ble_sm_sec_req_write(void * payload,int len,struct ble_sm_sec_req * cmd)324 ble_sm_sec_req_write(void *payload, int len, struct ble_sm_sec_req *cmd)
325 {
326 uint8_t *u8ptr;
327
328 BLE_HS_DBG_ASSERT(
329 len >= sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_sec_req));
330
331 u8ptr = payload;
332
333 u8ptr[0] = BLE_SM_OP_SEC_REQ;
334 u8ptr[1] = cmd->authreq;
335 }
336
337 static void
ble_sm_public_key_parse(void * payload,int len,struct ble_sm_public_key * cmd)338 ble_sm_public_key_parse(void *payload, int len, struct ble_sm_public_key *cmd)
339 {
340 uint8_t *u8ptr;
341
342 BLE_HS_DBG_ASSERT(len >= sizeof(struct ble_sm_public_key));
343
344 u8ptr = payload;
345
346 memcpy(cmd->x, u8ptr, sizeof cmd->x);
347 u8ptr += sizeof cmd->x;
348
349 memcpy(cmd->y, u8ptr, sizeof cmd->y);
350 u8ptr += sizeof cmd->y;
351 }
352
353 static void
ble_sm_public_key_write(void * payload,int len,struct ble_sm_public_key * cmd)354 ble_sm_public_key_write(void *payload, int len, struct ble_sm_public_key *cmd)
355 {
356 uint8_t *u8ptr;
357
358 BLE_HS_DBG_ASSERT(
359 len >= sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_public_key));
360
361 u8ptr = payload;
362
363 *u8ptr = BLE_SM_OP_PAIR_PUBLIC_KEY;
364 u8ptr++;
365
366 memcpy(u8ptr, cmd->x, sizeof cmd->x);
367 memcpy(u8ptr + 32, cmd->y, sizeof cmd->y);
368 }
369
370 static void
ble_sm_dhkey_check_parse(void * payload,int len,struct ble_sm_dhkey_check * cmd)371 ble_sm_dhkey_check_parse(void *payload, int len,
372 struct ble_sm_dhkey_check *cmd)
373 {
374 BLE_HS_DBG_ASSERT(len >= sizeof(struct ble_sm_dhkey_check));
375
376 memcpy(cmd->value, payload, sizeof cmd->value);
377 }
378
379 static void
ble_sm_dhkey_check_write(void * payload,int len,struct ble_sm_dhkey_check * cmd)380 ble_sm_dhkey_check_write(void *payload, int len,
381 struct ble_sm_dhkey_check *cmd)
382 {
383 uint8_t *u8ptr;
384
385 BLE_HS_DBG_ASSERT(
386 len >= sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_dhkey_check));
387
388 u8ptr = payload;
389
390 *u8ptr = BLE_SM_OP_PAIR_DHKEY_CHECK;
391 u8ptr++;
392
393 memcpy(u8ptr, cmd->value, sizeof cmd->value);
394 }
395
396 void
ble_sm_test_util_init(void)397 ble_sm_test_util_init(void)
398 {
399 ble_hs_test_util_init();
400
401 ble_sm_test_gap_event_type = -1;
402 ble_sm_test_gap_status = -1;
403 memset(&ble_sm_test_repeat_pairing, 0, sizeof ble_sm_test_repeat_pairing);
404 ble_sm_test_repeat_pairing.rp.conn_handle = BLE_HS_CONN_HANDLE_NONE;
405
406 memset(&ble_sm_test_ioact, 0, sizeof ble_sm_test_ioact);
407 memset(&ble_sm_test_sec_state, 0xff, sizeof ble_sm_test_sec_state);
408 }
409
410 static void
ble_sm_test_util_params_to_entity(struct ble_sm_test_params * params,int initiator,struct ble_sm_test_util_entity * out_entity)411 ble_sm_test_util_params_to_entity(struct ble_sm_test_params *params,
412 int initiator,
413 struct ble_sm_test_util_entity *out_entity)
414 {
415 int sc;
416
417 memset(out_entity, 0, sizeof *out_entity);
418
419 sc = params->pair_req.authreq & BLE_SM_PAIR_AUTHREQ_SC &&
420 params->pair_rsp.authreq & BLE_SM_PAIR_AUTHREQ_SC;
421
422 if (initiator) {
423 out_entity->key_dist = params->pair_rsp.init_key_dist;
424
425 out_entity->addr_type = params->init_addr_type;
426 out_entity->id_addr = params->init_id_addr;
427 out_entity->rpa = params->init_rpa;
428
429 out_entity->pair_cmd = ¶ms->pair_req;
430 out_entity->confirms = params->confirm_req;
431 out_entity->randoms = params->random_req;
432 out_entity->id_info = ¶ms->id_info_rsp;
433 out_entity->id_addr_info = ¶ms->id_addr_info_rsp;
434 out_entity->sign_info = ¶ms->sign_info_rsp;
435
436 if (sc) {
437 out_entity->ltk = params->ltk;
438 out_entity->public_key = ¶ms->public_key_req;
439 out_entity->dhkey_check = ¶ms->dhkey_check_req;
440 } else {
441 out_entity->enc_info = ¶ms->enc_info_rsp;
442 out_entity->master_id = ¶ms->master_id_rsp;
443 if (out_entity->key_dist & BLE_SM_PAIR_KEY_DIST_ENC) {
444 out_entity->rand_num = params->master_id_rsp.rand_val;
445 out_entity->ediv = params->master_id_rsp.ediv;
446 out_entity->ltk = params->enc_info_rsp.ltk;
447 }
448 }
449 } else {
450 out_entity->key_dist = params->pair_rsp.resp_key_dist;
451
452 out_entity->addr_type = params->resp_addr_type;
453 out_entity->id_addr = params->resp_id_addr;
454 out_entity->rpa = params->resp_rpa;
455
456 out_entity->pair_cmd = ¶ms->pair_rsp;
457 out_entity->confirms = params->confirm_rsp;
458 out_entity->randoms = params->random_rsp;
459 out_entity->id_info = ¶ms->id_info_req;
460 out_entity->id_addr_info = ¶ms->id_addr_info_req;
461 out_entity->sign_info = ¶ms->sign_info_req;
462
463 if (sc) {
464 out_entity->ltk = params->ltk;
465 out_entity->public_key = ¶ms->public_key_rsp;
466 out_entity->dhkey_check = ¶ms->dhkey_check_rsp;
467 } else {
468 out_entity->enc_info = ¶ms->enc_info_req;
469 out_entity->master_id = ¶ms->master_id_req;
470 if (out_entity->key_dist & BLE_SM_PAIR_KEY_DIST_ENC) {
471 out_entity->rand_num = params->master_id_req.rand_val;
472 out_entity->ediv = params->master_id_req.ediv;
473 out_entity->ltk = params->enc_info_req.ltk;
474 }
475 }
476 }
477
478 out_entity->id_addr_type =
479 ble_hs_misc_addr_type_to_id(out_entity->addr_type);
480 }
481
482 static void
ble_sm_test_util_params_to_entities(struct ble_sm_test_params * params,int we_are_initiator,struct ble_sm_test_util_entity * out_us,struct ble_sm_test_util_entity * out_peer)483 ble_sm_test_util_params_to_entities(struct ble_sm_test_params *params,
484 int we_are_initiator,
485 struct ble_sm_test_util_entity *out_us,
486 struct ble_sm_test_util_entity *out_peer)
487 {
488 ble_sm_test_util_params_to_entity(params, we_are_initiator, out_us);
489 ble_sm_test_util_params_to_entity(params, !we_are_initiator, out_peer);
490 }
491
492 static void
ble_sm_test_util_init_good(struct ble_sm_test_params * params,int we_are_initiator,struct ble_hs_conn ** out_conn,struct ble_sm_test_util_entity * out_us,struct ble_sm_test_util_entity * out_peer)493 ble_sm_test_util_init_good(struct ble_sm_test_params *params,
494 int we_are_initiator,
495 struct ble_hs_conn **out_conn,
496 struct ble_sm_test_util_entity *out_us,
497 struct ble_sm_test_util_entity *out_peer)
498 {
499 struct ble_hs_conn *conn;
500
501 ble_sm_test_util_init();
502
503 ble_sm_test_util_params_to_entities(params, we_are_initiator,
504 out_us, out_peer);
505
506 ble_hs_cfg.sm_io_cap = out_us->pair_cmd->io_cap;
507 ble_hs_cfg.sm_oob_data_flag = out_us->pair_cmd->oob_data_flag;
508 ble_hs_cfg.sm_bonding = !!(out_us->pair_cmd->authreq &
509 BLE_SM_PAIR_AUTHREQ_BOND);
510 ble_hs_cfg.sm_mitm = !!(out_us->pair_cmd->authreq &
511 BLE_SM_PAIR_AUTHREQ_MITM);
512 ble_hs_cfg.sm_sc = !!(out_us->pair_cmd->authreq &
513 BLE_SM_PAIR_AUTHREQ_SC);
514 ble_hs_cfg.sm_keypress = !!(out_us->pair_cmd->authreq &
515 BLE_SM_PAIR_AUTHREQ_KEYPRESS);
516
517 if (we_are_initiator) {
518 ble_hs_cfg.sm_our_key_dist = out_us->pair_cmd->init_key_dist;
519 ble_hs_cfg.sm_their_key_dist = out_us->pair_cmd->resp_key_dist;
520 } else {
521 ble_hs_cfg.sm_our_key_dist = out_us->pair_cmd->resp_key_dist;
522 ble_hs_cfg.sm_their_key_dist = out_us->pair_cmd->init_key_dist;
523 }
524
525 ble_hs_id_set_pub(out_us->id_addr);
526 ble_sm_dbg_set_next_pair_rand(out_us->randoms[0].value);
527 ble_sm_dbg_set_next_ediv(out_us->ediv);
528 ble_sm_dbg_set_next_master_id_rand(out_us->rand_num);
529 ble_sm_dbg_set_next_ltk(out_us->ltk);
530 ble_hs_test_util_set_our_irk(out_us->id_info->irk, 0, 0);
531 ble_sm_dbg_set_next_csrk(out_us->sign_info->sig_key);
532
533 if (out_us->public_key != NULL) {
534 ble_sm_dbg_set_sc_keys((uint8_t *)out_us->public_key,
535 params->our_priv_key);
536 }
537
538 ble_hs_test_util_create_rpa_conn(2, out_us->addr_type, out_us->rpa,
539 out_peer->addr_type,
540 out_peer->id_addr, out_peer->rpa,
541 BLE_HS_TEST_CONN_FEAT_ALL,
542 ble_sm_test_util_conn_cb,
543 NULL);
544
545 /* This test code and modifies the connection object after unlocking
546 * the host mutex. It is not OK for real code to do this, but this test
547 * can assume the connection list is unchanging.
548 */
549 ble_hs_lock();
550 conn = ble_hs_conn_find(2);
551 TEST_ASSERT_FATAL(conn != NULL);
552 ble_hs_unlock();
553
554 if (!we_are_initiator) {
555 /* Peer is the initiator so we must be the slave. */
556 conn->bhc_flags &= ~BLE_HS_CONN_F_MASTER;
557 }
558
559 if (out_conn != NULL) {
560 *out_conn = conn;
561 }
562 }
563
564 static int
ble_sm_test_util_repeat_pairing_cb(const struct ble_gap_repeat_pairing * rp)565 ble_sm_test_util_repeat_pairing_cb(const struct ble_gap_repeat_pairing *rp)
566 {
567 struct ble_store_value_sec value_sec;
568 struct ble_store_key_sec key_sec;
569 struct ble_gap_conn_desc desc;
570 int rc;
571
572 TEST_ASSERT_FATAL(rp->conn_handle != BLE_HS_CONN_HANDLE_NONE);
573
574 ble_sm_test_repeat_pairing.num_calls++;
575
576 rc = ble_gap_conn_find(rp->conn_handle, &desc);
577 TEST_ASSERT_FATAL(rc == 0);
578
579 memset(&key_sec, 0, sizeof key_sec);
580 key_sec.peer_addr = desc.peer_id_addr;
581 rc = ble_store_read_peer_sec(&key_sec, &value_sec);
582 TEST_ASSERT_FATAL(rc == 0);
583
584 /* Verify current bond is reported correctly. */
585 TEST_ASSERT(rp->cur_key_size == value_sec.key_size);
586 TEST_ASSERT(rp->cur_authenticated == value_sec.authenticated);
587 TEST_ASSERT(rp->cur_sc == value_sec.sc);
588
589 /* Verify new pairing request is reported correctly. */
590 TEST_ASSERT(
591 rp->new_key_size ==
592 min(ble_sm_test_repeat_pairing.params.pair_req.max_enc_key_size,
593 ble_sm_test_repeat_pairing.params.pair_rsp.max_enc_key_size));
594 TEST_ASSERT(
595 rp->new_authenticated ==
596 !!(ble_sm_test_repeat_pairing.params.passkey_info.passkey.action));
597 TEST_ASSERT(
598 rp->new_sc ==
599 ((ble_sm_test_repeat_pairing.params.pair_req.authreq &
600 BLE_SM_PAIR_AUTHREQ_SC)
601 &&
602 (ble_sm_test_repeat_pairing.params.pair_rsp.authreq &
603 BLE_SM_PAIR_AUTHREQ_SC)));
604 TEST_ASSERT(
605 rp->new_bonding ==
606 ((ble_sm_test_repeat_pairing.params.pair_req.authreq &
607 BLE_SM_PAIR_AUTHREQ_BOND)
608 &&
609 (ble_sm_test_repeat_pairing.params.pair_rsp.authreq &
610 BLE_SM_PAIR_AUTHREQ_BOND)));
611
612 if (ble_sm_test_repeat_pairing.rp.conn_handle ==
613 BLE_HS_CONN_HANDLE_NONE) {
614
615 ble_sm_test_repeat_pairing.rp.conn_handle = rp->conn_handle;
616 } else {
617 /* Ensure the correct connection handle gets reported each time. */
618 TEST_ASSERT(rp->conn_handle ==
619 ble_sm_test_repeat_pairing.rp.conn_handle);
620 }
621
622 ble_sm_test_repeat_pairing.rp = *rp;
623
624 if (ble_sm_test_repeat_pairing.rc == BLE_GAP_REPEAT_PAIRING_RETRY &&
625 ble_sm_test_repeat_pairing.erase_on_retry) {
626
627 rc = ble_gap_conn_find(rp->conn_handle, &desc);
628 TEST_ASSERT_FATAL(rc == 0);
629
630 rc = ble_store_util_delete_peer(&desc.peer_id_addr);
631 TEST_ASSERT_FATAL(rc == 0);
632 }
633
634 rc = ble_sm_test_repeat_pairing.rc;
635 ble_sm_test_repeat_pairing.rc = ble_sm_test_repeat_pairing.next_rc;
636
637 return rc;
638 }
639
640 int
ble_sm_test_util_conn_cb(struct ble_gap_event * event,void * arg)641 ble_sm_test_util_conn_cb(struct ble_gap_event *event, void *arg)
642 {
643 struct ble_gap_conn_desc desc;
644 int rc;
645
646 switch (event->type) {
647 case BLE_GAP_EVENT_ENC_CHANGE:
648 ble_sm_test_gap_status = event->enc_change.status;
649
650 rc = ble_gap_conn_find(event->enc_change.conn_handle, &desc);
651 TEST_ASSERT_FATAL(rc == 0);
652 ble_sm_test_sec_state = desc.sec_state;
653 rc = 0;
654 break;
655
656 case BLE_GAP_EVENT_PASSKEY_ACTION:
657 ble_sm_test_ioact = event->passkey.params;
658 rc = 0;
659 break;
660
661 case BLE_GAP_EVENT_REPEAT_PAIRING:
662 rc = ble_sm_test_util_repeat_pairing_cb(&event->repeat_pairing);
663 break;
664
665 default:
666 return 0;
667 }
668
669 ble_sm_test_gap_event_type = event->type;
670 return rc;
671 }
672
673 static void
ble_sm_test_util_rx_pair_cmd(uint16_t conn_handle,uint8_t op,struct ble_sm_pair_cmd * cmd,int rx_status)674 ble_sm_test_util_rx_pair_cmd(uint16_t conn_handle, uint8_t op,
675 struct ble_sm_pair_cmd *cmd,
676 int rx_status)
677 {
678 struct hci_data_hdr hci_hdr;
679 struct os_mbuf *om;
680 void *v;
681 int payload_len;
682 int rc;
683
684 hci_hdr = BLE_SM_TEST_UTIL_HCI_HDR(
685 2, BLE_HCI_PB_FIRST_FLUSH,
686 BLE_L2CAP_HDR_SZ +
687 sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_pair_cmd));
688
689 om = ble_hs_mbuf_l2cap_pkt();
690 TEST_ASSERT_FATAL(om != NULL);
691
692 payload_len = sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_pair_cmd);
693
694 v = os_mbuf_extend(om, payload_len);
695 TEST_ASSERT_FATAL(v != NULL);
696
697 ble_sm_pair_cmd_write(v, payload_len, op == BLE_SM_OP_PAIR_REQ, cmd);
698
699 rc = ble_hs_test_util_l2cap_rx_first_frag(conn_handle, BLE_L2CAP_CID_SM,
700 &hci_hdr, om);
701 TEST_ASSERT(rc == rx_status);
702 }
703
704 static void
ble_sm_test_util_rx_pair_req(uint16_t conn_handle,struct ble_sm_pair_cmd * req,int rx_status)705 ble_sm_test_util_rx_pair_req(uint16_t conn_handle,
706 struct ble_sm_pair_cmd *req,
707 int rx_status)
708 {
709 ble_sm_test_util_rx_pair_cmd(conn_handle, BLE_SM_OP_PAIR_REQ,
710 req, rx_status);
711 }
712
713 static void
ble_sm_test_util_rx_pair_rsp(uint16_t conn_handle,struct ble_sm_pair_cmd * rsp,int rx_status)714 ble_sm_test_util_rx_pair_rsp(uint16_t conn_handle, struct ble_sm_pair_cmd *rsp,
715 int rx_status)
716 {
717 ble_sm_test_util_rx_pair_cmd(conn_handle, BLE_SM_OP_PAIR_RSP,
718 rsp, rx_status);
719 }
720
721 static void
ble_sm_test_util_rx_confirm(uint16_t conn_handle,struct ble_sm_pair_confirm * cmd)722 ble_sm_test_util_rx_confirm(uint16_t conn_handle,
723 struct ble_sm_pair_confirm *cmd)
724 {
725 struct hci_data_hdr hci_hdr;
726 struct os_mbuf *om;
727 void *v;
728 int payload_len;
729 int rc;
730
731 hci_hdr = BLE_SM_TEST_UTIL_HCI_HDR(
732 2, BLE_HCI_PB_FIRST_FLUSH,
733 BLE_L2CAP_HDR_SZ +
734 sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_pair_confirm));
735
736 om = ble_hs_mbuf_l2cap_pkt();
737 TEST_ASSERT_FATAL(om != NULL);
738
739 payload_len =
740 sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_pair_confirm);
741
742 v = os_mbuf_extend(om, payload_len);
743 TEST_ASSERT_FATAL(v != NULL);
744
745 ble_sm_pair_confirm_write(v, payload_len, cmd);
746
747 rc = ble_hs_test_util_l2cap_rx_first_frag(conn_handle, BLE_L2CAP_CID_SM,
748 &hci_hdr, om);
749 TEST_ASSERT_FATAL(rc == 0);
750 }
751
752 static void
ble_sm_test_util_rx_random(uint16_t conn_handle,struct ble_sm_pair_random * cmd,int exp_status)753 ble_sm_test_util_rx_random(uint16_t conn_handle,
754 struct ble_sm_pair_random *cmd,
755 int exp_status)
756 {
757 struct hci_data_hdr hci_hdr;
758 struct os_mbuf *om;
759 void *v;
760 int payload_len;
761 int rc;
762
763 hci_hdr = BLE_SM_TEST_UTIL_HCI_HDR(
764 2, BLE_HCI_PB_FIRST_FLUSH,
765 BLE_L2CAP_HDR_SZ + sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_pair_random));
766
767 om = ble_hs_mbuf_l2cap_pkt();
768 TEST_ASSERT_FATAL(om != NULL);
769
770 payload_len = sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_pair_random);
771
772 v = os_mbuf_extend(om, payload_len);
773 TEST_ASSERT_FATAL(v != NULL);
774
775 ble_sm_pair_random_write(v, payload_len, cmd);
776
777 rc = ble_hs_test_util_l2cap_rx_first_frag(conn_handle, BLE_L2CAP_CID_SM,
778 &hci_hdr, om);
779 TEST_ASSERT_FATAL(rc == exp_status);
780 }
781
782 void
ble_sm_test_util_rx_sec_req(uint16_t conn_handle,struct ble_sm_sec_req * cmd,int exp_status)783 ble_sm_test_util_rx_sec_req(uint16_t conn_handle, struct ble_sm_sec_req *cmd,
784 int exp_status)
785 {
786 struct hci_data_hdr hci_hdr;
787 struct os_mbuf *om;
788 void *v;
789 int payload_len;
790 int rc;
791
792 hci_hdr = BLE_SM_TEST_UTIL_HCI_HDR(
793 2, BLE_HCI_PB_FIRST_FLUSH,
794 BLE_L2CAP_HDR_SZ + sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_sec_req));
795
796 om = ble_hs_mbuf_l2cap_pkt();
797 TEST_ASSERT_FATAL(om != NULL);
798
799 payload_len = sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_sec_req);
800
801 v = os_mbuf_extend(om, payload_len);
802 TEST_ASSERT_FATAL(v != NULL);
803
804 ble_sm_sec_req_write(v, payload_len, cmd);
805
806 rc = ble_hs_test_util_l2cap_rx_first_frag(conn_handle, BLE_L2CAP_CID_SM,
807 &hci_hdr, om);
808 TEST_ASSERT_FATAL(rc == exp_status);
809 }
810
811 static void
ble_sm_test_util_rx_public_key(uint16_t conn_handle,struct ble_sm_public_key * cmd)812 ble_sm_test_util_rx_public_key(uint16_t conn_handle,
813 struct ble_sm_public_key *cmd)
814 {
815 struct hci_data_hdr hci_hdr;
816 struct os_mbuf *om;
817 void *v;
818 int payload_len;
819 int rc;
820
821 hci_hdr = BLE_SM_TEST_UTIL_HCI_HDR(
822 2, BLE_HCI_PB_FIRST_FLUSH,
823 BLE_L2CAP_HDR_SZ + sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_public_key));
824
825 om = ble_hs_mbuf_l2cap_pkt();
826 TEST_ASSERT_FATAL(om != NULL);
827
828 payload_len = sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_public_key);
829
830 v = os_mbuf_extend(om, payload_len);
831 TEST_ASSERT_FATAL(v != NULL);
832
833 ble_sm_public_key_write(v, payload_len, cmd);
834
835 rc = ble_hs_test_util_l2cap_rx_first_frag(conn_handle, BLE_L2CAP_CID_SM,
836 &hci_hdr, om);
837 TEST_ASSERT_FATAL(rc == 0);
838 }
839
840 static void
ble_sm_test_util_rx_dhkey_check(uint16_t conn_handle,struct ble_sm_dhkey_check * cmd,int exp_status)841 ble_sm_test_util_rx_dhkey_check(uint16_t conn_handle,
842 struct ble_sm_dhkey_check *cmd,
843 int exp_status)
844 {
845 struct hci_data_hdr hci_hdr;
846 struct os_mbuf *om;
847 void *v;
848 int payload_len;
849 int rc;
850
851 hci_hdr = BLE_SM_TEST_UTIL_HCI_HDR(
852 2, BLE_HCI_PB_FIRST_FLUSH,
853 BLE_L2CAP_HDR_SZ + sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_dhkey_check));
854
855 om = ble_hs_mbuf_l2cap_pkt();
856 TEST_ASSERT_FATAL(om != NULL);
857
858 payload_len = sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_dhkey_check);
859
860 v = os_mbuf_extend(om, payload_len);
861 TEST_ASSERT_FATAL(v != NULL);
862
863 ble_sm_dhkey_check_write(v, payload_len, cmd);
864
865 rc = ble_hs_test_util_l2cap_rx_first_frag(conn_handle, BLE_L2CAP_CID_SM,
866 &hci_hdr, om);
867 TEST_ASSERT_FATAL(rc == exp_status);
868 }
869
870 static void
ble_sm_test_util_rx_enc_info(uint16_t conn_handle,struct ble_sm_enc_info * cmd,int exp_status)871 ble_sm_test_util_rx_enc_info(uint16_t conn_handle,
872 struct ble_sm_enc_info *cmd,
873 int exp_status)
874 {
875 struct hci_data_hdr hci_hdr;
876 struct os_mbuf *om;
877 void *v;
878 int payload_len;
879 int rc;
880
881 hci_hdr = BLE_SM_TEST_UTIL_HCI_HDR(
882 2, BLE_HCI_PB_FIRST_FLUSH,
883 BLE_L2CAP_HDR_SZ + sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_enc_info));
884
885 om = ble_hs_mbuf_l2cap_pkt();
886 TEST_ASSERT_FATAL(om != NULL);
887
888 payload_len = sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_enc_info);
889
890 v = os_mbuf_extend(om, payload_len);
891 TEST_ASSERT_FATAL(v != NULL);
892
893 ble_sm_enc_info_write(v, payload_len, cmd);
894
895 rc = ble_hs_test_util_l2cap_rx_first_frag(conn_handle, BLE_L2CAP_CID_SM,
896 &hci_hdr, om);
897 TEST_ASSERT_FATAL(rc == exp_status);
898 }
899
900 static void
ble_sm_test_util_rx_master_id(uint16_t conn_handle,struct ble_sm_master_id * cmd,int exp_status)901 ble_sm_test_util_rx_master_id(uint16_t conn_handle,
902 struct ble_sm_master_id *cmd,
903 int exp_status)
904 {
905 struct hci_data_hdr hci_hdr;
906 struct os_mbuf *om;
907 void *v;
908 int payload_len;
909 int rc;
910
911 hci_hdr = BLE_SM_TEST_UTIL_HCI_HDR(
912 2, BLE_HCI_PB_FIRST_FLUSH,
913 BLE_L2CAP_HDR_SZ + sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_master_id));
914
915 om = ble_hs_mbuf_l2cap_pkt();
916 TEST_ASSERT_FATAL(om != NULL);
917
918 payload_len = sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_master_id);
919
920 v = os_mbuf_extend(om, payload_len);
921 TEST_ASSERT_FATAL(v != NULL);
922
923 ble_sm_master_id_write(v, payload_len, cmd);
924
925 rc = ble_hs_test_util_l2cap_rx_first_frag(conn_handle, BLE_L2CAP_CID_SM,
926 &hci_hdr, om);
927 TEST_ASSERT_FATAL(rc == exp_status);
928 }
929
930 static void
ble_sm_test_util_rx_id_info(uint16_t conn_handle,struct ble_sm_id_info * cmd,int exp_status)931 ble_sm_test_util_rx_id_info(uint16_t conn_handle,
932 struct ble_sm_id_info *cmd,
933 int exp_status)
934 {
935 struct hci_data_hdr hci_hdr;
936 struct os_mbuf *om;
937 void *v;
938 int payload_len;
939 int rc;
940
941 hci_hdr = BLE_SM_TEST_UTIL_HCI_HDR(
942 2, BLE_HCI_PB_FIRST_FLUSH,
943 BLE_L2CAP_HDR_SZ + sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_id_info));
944
945 om = ble_hs_mbuf_l2cap_pkt();
946 TEST_ASSERT_FATAL(om != NULL);
947
948 payload_len = sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_id_info);
949
950 v = os_mbuf_extend(om, payload_len);
951 TEST_ASSERT_FATAL(v != NULL);
952
953 ble_sm_id_info_write(v, payload_len, cmd);
954
955 rc = ble_hs_test_util_l2cap_rx_first_frag(conn_handle, BLE_L2CAP_CID_SM,
956 &hci_hdr, om);
957 TEST_ASSERT_FATAL(rc == exp_status);
958 }
959
960 static void
ble_sm_test_util_rx_id_addr_info(uint16_t conn_handle,struct ble_sm_id_addr_info * cmd,int exp_status)961 ble_sm_test_util_rx_id_addr_info(uint16_t conn_handle,
962 struct ble_sm_id_addr_info *cmd,
963 int exp_status)
964 {
965 struct hci_data_hdr hci_hdr;
966 struct os_mbuf *om;
967 void *v;
968 int payload_len;
969 int rc;
970
971 hci_hdr = BLE_SM_TEST_UTIL_HCI_HDR(
972 2, BLE_HCI_PB_FIRST_FLUSH,
973 BLE_L2CAP_HDR_SZ + sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_id_addr_info));
974
975 om = ble_hs_mbuf_l2cap_pkt();
976 TEST_ASSERT_FATAL(om != NULL);
977
978 payload_len = sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_id_addr_info);
979
980 v = os_mbuf_extend(om, payload_len);
981 TEST_ASSERT_FATAL(v != NULL);
982
983 ble_sm_id_addr_info_write(v, payload_len, cmd);
984
985 rc = ble_hs_test_util_l2cap_rx_first_frag(conn_handle, BLE_L2CAP_CID_SM,
986 &hci_hdr, om);
987 TEST_ASSERT_FATAL(rc == exp_status);
988 }
989
990 static void
ble_sm_test_util_rx_sign_info(uint16_t conn_handle,struct ble_sm_sign_info * cmd,int exp_status)991 ble_sm_test_util_rx_sign_info(uint16_t conn_handle,
992 struct ble_sm_sign_info *cmd,
993 int exp_status)
994 {
995 struct hci_data_hdr hci_hdr;
996 struct os_mbuf *om;
997 void *v;
998 int payload_len;
999 int rc;
1000
1001 hci_hdr = BLE_SM_TEST_UTIL_HCI_HDR(
1002 2, BLE_HCI_PB_FIRST_FLUSH,
1003 BLE_L2CAP_HDR_SZ + sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_sign_info));
1004
1005 om = ble_hs_mbuf_l2cap_pkt();
1006 TEST_ASSERT_FATAL(om != NULL);
1007
1008 payload_len = sizeof(struct ble_sm_hdr) + sizeof(struct ble_sm_sign_info);
1009
1010 v = os_mbuf_extend(om, payload_len);
1011 TEST_ASSERT_FATAL(v != NULL);
1012
1013 ble_sm_sign_info_write(v, payload_len, cmd);
1014
1015 rc = ble_hs_test_util_l2cap_rx_first_frag(conn_handle, BLE_L2CAP_CID_SM,
1016 &hci_hdr, om);
1017 TEST_ASSERT_FATAL(rc == exp_status);
1018 }
1019
1020 static struct os_mbuf *
ble_sm_test_util_verify_tx_hdr(uint8_t sm_op,uint16_t payload_len)1021 ble_sm_test_util_verify_tx_hdr(uint8_t sm_op, uint16_t payload_len)
1022 {
1023 struct os_mbuf *om;
1024
1025 om = ble_hs_test_util_prev_tx_dequeue_pullup();
1026 TEST_ASSERT_FATAL(om != NULL);
1027
1028 TEST_ASSERT(OS_MBUF_PKTLEN(om) == sizeof(struct ble_sm_hdr) + payload_len);
1029 TEST_ASSERT_FATAL(om->om_data[0] == sm_op);
1030
1031 om->om_data += sizeof(struct ble_sm_hdr);
1032 om->om_len -= sizeof(struct ble_sm_hdr);
1033
1034 return om;
1035 }
1036
1037 static void
ble_sm_test_util_verify_tx_pair_cmd(uint8_t op,struct ble_sm_pair_cmd * exp_cmd)1038 ble_sm_test_util_verify_tx_pair_cmd(
1039 uint8_t op,
1040 struct ble_sm_pair_cmd *exp_cmd)
1041 {
1042 struct ble_sm_pair_cmd cmd;
1043 struct os_mbuf *om;
1044
1045 om = ble_sm_test_util_verify_tx_hdr(op, sizeof(struct ble_sm_pair_cmd));
1046 ble_sm_pair_cmd_parse(om->om_data, om->om_len, &cmd);
1047
1048 TEST_ASSERT(cmd.io_cap == exp_cmd->io_cap);
1049 TEST_ASSERT(cmd.oob_data_flag == exp_cmd->oob_data_flag);
1050 TEST_ASSERT(cmd.authreq == exp_cmd->authreq);
1051 TEST_ASSERT(cmd.max_enc_key_size == exp_cmd->max_enc_key_size);
1052 TEST_ASSERT(cmd.init_key_dist == exp_cmd->init_key_dist);
1053 TEST_ASSERT(cmd.resp_key_dist == exp_cmd->resp_key_dist);
1054 }
1055
1056 static void
ble_sm_test_util_verify_tx_pair_req(struct ble_sm_pair_cmd * exp_req)1057 ble_sm_test_util_verify_tx_pair_req(
1058 struct ble_sm_pair_cmd *exp_req)
1059 {
1060 ble_sm_test_util_verify_tx_pair_cmd(BLE_SM_OP_PAIR_REQ,
1061 exp_req);
1062 }
1063
1064 static void
ble_sm_test_util_verify_tx_pair_rsp(struct ble_sm_pair_cmd * exp_rsp)1065 ble_sm_test_util_verify_tx_pair_rsp(
1066 struct ble_sm_pair_cmd *exp_rsp)
1067 {
1068 ble_sm_test_util_verify_tx_pair_cmd(BLE_SM_OP_PAIR_RSP,
1069 exp_rsp);
1070 }
1071
1072 static void
ble_sm_test_util_verify_tx_pair_confirm(struct ble_sm_pair_confirm * exp_cmd)1073 ble_sm_test_util_verify_tx_pair_confirm(
1074 struct ble_sm_pair_confirm *exp_cmd)
1075 {
1076 struct ble_sm_pair_confirm cmd;
1077 struct os_mbuf *om;
1078
1079 om = ble_sm_test_util_verify_tx_hdr(BLE_SM_OP_PAIR_CONFIRM, sizeof(cmd));
1080 ble_sm_pair_confirm_parse(om->om_data, om->om_len, &cmd);
1081
1082 TEST_ASSERT(memcmp(cmd.value, exp_cmd->value, 16) == 0);
1083 }
1084
1085 static void
ble_sm_test_util_verify_tx_pair_random(struct ble_sm_pair_random * exp_cmd)1086 ble_sm_test_util_verify_tx_pair_random(
1087 struct ble_sm_pair_random *exp_cmd)
1088 {
1089 struct ble_sm_pair_random cmd;
1090 struct os_mbuf *om;
1091
1092 om = ble_sm_test_util_verify_tx_hdr(BLE_SM_OP_PAIR_RANDOM,
1093 sizeof(struct ble_sm_pair_random));
1094 ble_sm_pair_random_parse(om->om_data, om->om_len, &cmd);
1095
1096 TEST_ASSERT(memcmp(cmd.value, exp_cmd->value, 16) == 0);
1097 }
1098
1099 static void
ble_sm_test_util_verify_tx_public_key(struct ble_sm_public_key * exp_cmd)1100 ble_sm_test_util_verify_tx_public_key(
1101 struct ble_sm_public_key *exp_cmd)
1102 {
1103 struct ble_sm_public_key cmd;
1104 struct os_mbuf *om;
1105
1106 om = ble_sm_test_util_verify_tx_hdr(BLE_SM_OP_PAIR_PUBLIC_KEY,
1107 sizeof(struct ble_sm_public_key));
1108 ble_sm_public_key_parse(om->om_data, om->om_len, &cmd);
1109
1110 TEST_ASSERT(memcmp(cmd.x, exp_cmd->x, sizeof cmd.x) == 0);
1111 TEST_ASSERT(memcmp(cmd.y, exp_cmd->y, sizeof cmd.y) == 0);
1112 }
1113
1114 static void
ble_sm_test_util_verify_tx_dhkey_check(struct ble_sm_dhkey_check * exp_cmd)1115 ble_sm_test_util_verify_tx_dhkey_check(
1116 struct ble_sm_dhkey_check *exp_cmd)
1117 {
1118 struct ble_sm_dhkey_check cmd;
1119 struct os_mbuf *om;
1120
1121 om = ble_sm_test_util_verify_tx_hdr(BLE_SM_OP_PAIR_DHKEY_CHECK,
1122 sizeof(struct ble_sm_dhkey_check));
1123 ble_sm_dhkey_check_parse(om->om_data, om->om_len, &cmd);
1124
1125 TEST_ASSERT(memcmp(cmd.value, exp_cmd->value, 16) == 0);
1126 }
1127
1128 static void
ble_sm_test_util_verify_tx_enc_info(struct ble_sm_enc_info * exp_cmd)1129 ble_sm_test_util_verify_tx_enc_info(struct ble_sm_enc_info *exp_cmd)
1130 {
1131 struct ble_sm_enc_info cmd;
1132 struct os_mbuf *om;
1133
1134 om = ble_sm_test_util_verify_tx_hdr(BLE_SM_OP_ENC_INFO,
1135 sizeof(struct ble_sm_enc_info));
1136 ble_sm_enc_info_parse(om->om_data, om->om_len, &cmd);
1137
1138 TEST_ASSERT(memcmp(cmd.ltk, exp_cmd->ltk, 16) == 0);
1139
1140 /* Ensure LTK is sent in little endian. */
1141 TEST_ASSERT(memcmp(om->om_data, cmd.ltk, 16) == 0);
1142 }
1143
1144 static void
ble_sm_test_util_verify_tx_master_id(struct ble_sm_master_id * exp_cmd)1145 ble_sm_test_util_verify_tx_master_id(struct ble_sm_master_id *exp_cmd)
1146 {
1147 struct ble_sm_master_id cmd;
1148 struct os_mbuf *om;
1149
1150 om = ble_sm_test_util_verify_tx_hdr(BLE_SM_OP_MASTER_ID,
1151 sizeof(struct ble_sm_master_id));
1152 ble_sm_master_id_parse(om->om_data, om->om_len, &cmd);
1153
1154 TEST_ASSERT(cmd.ediv == exp_cmd->ediv);
1155 TEST_ASSERT(cmd.rand_val == exp_cmd->rand_val);
1156 }
1157
1158 static void
ble_sm_test_util_verify_tx_id_info(struct ble_sm_id_info * exp_cmd)1159 ble_sm_test_util_verify_tx_id_info(struct ble_sm_id_info *exp_cmd)
1160 {
1161 struct ble_sm_id_info cmd;
1162 struct os_mbuf *om;
1163
1164 om = ble_sm_test_util_verify_tx_hdr(BLE_SM_OP_IDENTITY_INFO,
1165 sizeof(struct ble_sm_id_info));
1166 ble_sm_id_info_parse(om->om_data, om->om_len, &cmd);
1167
1168 TEST_ASSERT(memcmp(cmd.irk, exp_cmd->irk, 16) == 0);
1169
1170 /* Ensure IRK is sent in little endian. */
1171 TEST_ASSERT(memcmp(om->om_data, cmd.irk, 16) == 0);
1172 }
1173
1174 static void
ble_sm_test_util_verify_tx_id_addr_info(struct ble_sm_id_addr_info * exp_cmd)1175 ble_sm_test_util_verify_tx_id_addr_info(struct ble_sm_id_addr_info *exp_cmd)
1176 {
1177 struct ble_sm_id_addr_info cmd;
1178 struct os_mbuf *om;
1179 const uint8_t *our_id_addr;
1180 int rc;
1181
1182 ble_hs_lock();
1183 rc = ble_hs_id_addr(exp_cmd->addr_type, &our_id_addr, NULL);
1184 ble_hs_unlock();
1185
1186 TEST_ASSERT_FATAL(rc == 0);
1187
1188 om = ble_sm_test_util_verify_tx_hdr(BLE_SM_OP_IDENTITY_ADDR_INFO,
1189 sizeof(struct ble_sm_id_addr_info));
1190 ble_sm_id_addr_info_parse(om->om_data, om->om_len, &cmd);
1191
1192 TEST_ASSERT(cmd.addr_type == exp_cmd->addr_type);
1193 TEST_ASSERT(memcmp(cmd.bd_addr, exp_cmd->bd_addr, 6) == 0);
1194 TEST_ASSERT(memcmp(cmd.bd_addr, our_id_addr, 6) == 0);
1195 }
1196
1197 static void
ble_sm_test_util_verify_tx_sign_info(struct ble_sm_sign_info * exp_cmd)1198 ble_sm_test_util_verify_tx_sign_info(struct ble_sm_sign_info *exp_cmd)
1199 {
1200 struct ble_sm_sign_info cmd;
1201 struct os_mbuf *om;
1202
1203 om = ble_sm_test_util_verify_tx_hdr(BLE_SM_OP_SIGN_INFO,
1204 sizeof(struct ble_sm_sign_info));
1205 ble_sm_sign_info_parse(om->om_data, om->om_len, &cmd);
1206
1207 TEST_ASSERT(memcmp(cmd.sig_key, exp_cmd->sig_key, 16) == 0);
1208
1209 /* Ensure CSRK is sent in little endian. */
1210 TEST_ASSERT(memcmp(om->om_data, cmd.sig_key, 16) == 0);
1211 }
1212
1213 static void
ble_sm_test_util_verify_tx_sec_req(struct ble_sm_sec_req * exp_cmd)1214 ble_sm_test_util_verify_tx_sec_req(struct ble_sm_sec_req *exp_cmd)
1215 {
1216 struct ble_sm_sec_req cmd;
1217 struct os_mbuf *om;
1218
1219 om = ble_sm_test_util_verify_tx_hdr(BLE_SM_OP_SEC_REQ, sizeof(struct ble_sm_sec_req));
1220 ble_sm_sec_req_parse(om->om_data, om->om_len, &cmd);
1221
1222 TEST_ASSERT(cmd.authreq == exp_cmd->authreq);
1223 }
1224
1225 void
ble_sm_test_util_verify_tx_pair_fail(struct ble_sm_pair_fail * exp_cmd)1226 ble_sm_test_util_verify_tx_pair_fail(
1227 struct ble_sm_pair_fail *exp_cmd)
1228 {
1229 struct ble_sm_pair_fail cmd;
1230 struct os_mbuf *om;
1231
1232 om = ble_sm_test_util_verify_tx_hdr(BLE_SM_OP_PAIR_FAIL,
1233 sizeof(struct ble_sm_pair_fail));
1234 ble_sm_pair_fail_parse(om->om_data, om->om_len, &cmd);
1235
1236 TEST_ASSERT(cmd.reason == exp_cmd->reason);
1237 }
1238
1239 static void
ble_sm_test_util_rx_lt_key_req(uint16_t conn_handle,uint64_t r,uint16_t ediv)1240 ble_sm_test_util_rx_lt_key_req(uint16_t conn_handle, uint64_t r, uint16_t ediv)
1241 {
1242 struct hci_le_lt_key_req evt;
1243 int rc;
1244
1245 evt.subevent_code = BLE_HCI_LE_SUBEV_LT_KEY_REQ;
1246 evt.connection_handle = conn_handle;
1247 evt.random_number = r;
1248 evt.encrypted_diversifier = ediv;
1249
1250 rc = ble_sm_ltk_req_rx(&evt);
1251 TEST_ASSERT_FATAL(rc == 0);
1252 }
1253
1254 static void
ble_sm_test_util_verify_tx_lt_key_req_reply(uint16_t conn_handle,uint8_t * stk)1255 ble_sm_test_util_verify_tx_lt_key_req_reply(uint16_t conn_handle, uint8_t *stk)
1256 {
1257 uint8_t param_len;
1258 uint8_t *param;
1259
1260 param = ble_hs_test_util_hci_verify_tx(BLE_HCI_OGF_LE,
1261 BLE_HCI_OCF_LE_LT_KEY_REQ_REPLY,
1262 ¶m_len);
1263 TEST_ASSERT(param_len == BLE_HCI_LT_KEY_REQ_REPLY_LEN);
1264 TEST_ASSERT(get_le16(param + 0) == conn_handle);
1265 TEST_ASSERT(memcmp(param + 2, stk, 16) == 0);
1266 }
1267
1268 static void
ble_sm_test_util_verify_tx_lt_key_req_neg_reply(uint16_t conn_handle)1269 ble_sm_test_util_verify_tx_lt_key_req_neg_reply(uint16_t conn_handle)
1270 {
1271 uint8_t param_len;
1272 uint8_t *param;
1273
1274 param = ble_hs_test_util_hci_verify_tx(BLE_HCI_OGF_LE,
1275 BLE_HCI_OCF_LE_LT_KEY_REQ_NEG_REPLY,
1276 ¶m_len);
1277 TEST_ASSERT(param_len == BLE_HCI_LT_KEY_REQ_NEG_REPLY_LEN);
1278 TEST_ASSERT(get_le16(param + 0) == conn_handle);
1279 }
1280
1281 static void
ble_sm_test_util_set_lt_key_req_neg_reply_ack(uint8_t status,uint16_t conn_handle)1282 ble_sm_test_util_set_lt_key_req_neg_reply_ack(uint8_t status,
1283 uint16_t conn_handle)
1284 {
1285 static uint8_t params[BLE_HCI_LT_KEY_REQ_NEG_REPLY_ACK_PARAM_LEN];
1286
1287 put_le16(params, conn_handle);
1288 ble_hs_test_util_hci_ack_set_params(
1289 ble_hs_hci_util_opcode_join(BLE_HCI_OGF_LE,
1290 BLE_HCI_OCF_LE_LT_KEY_REQ_NEG_REPLY),
1291 status, params, sizeof params);
1292 }
1293
1294 static void
ble_sm_test_util_set_lt_key_req_reply_ack(uint8_t status,uint16_t conn_handle)1295 ble_sm_test_util_set_lt_key_req_reply_ack(uint8_t status, uint16_t conn_handle)
1296 {
1297 static uint8_t params[BLE_HCI_LT_KEY_REQ_REPLY_ACK_PARAM_LEN];
1298
1299 put_le16(params, conn_handle);
1300 ble_hs_test_util_hci_ack_set_params(
1301 ble_hs_hci_util_opcode_join(BLE_HCI_OGF_LE,
1302 BLE_HCI_OCF_LE_LT_KEY_REQ_REPLY),
1303 status, params, sizeof params);
1304 }
1305
1306 static void
ble_sm_test_util_rx_enc_change(uint16_t conn_handle,uint8_t status,uint8_t encryption_enabled)1307 ble_sm_test_util_rx_enc_change(uint16_t conn_handle, uint8_t status,
1308 uint8_t encryption_enabled)
1309 {
1310 struct hci_encrypt_change evt;
1311
1312 evt.status = status;
1313 evt.encryption_enabled = encryption_enabled;
1314 evt.connection_handle = conn_handle;
1315
1316 ble_sm_enc_change_rx(&evt);
1317 }
1318
1319 static void
ble_sm_test_util_verify_tx_start_enc(uint16_t conn_handle,uint64_t random_number,uint16_t ediv,uint8_t * ltk)1320 ble_sm_test_util_verify_tx_start_enc(uint16_t conn_handle,
1321 uint64_t random_number,
1322 uint16_t ediv,
1323 uint8_t *ltk)
1324 {
1325 uint8_t param_len;
1326 uint8_t *param;
1327
1328 param = ble_hs_test_util_hci_verify_tx(BLE_HCI_OGF_LE,
1329 BLE_HCI_OCF_LE_START_ENCRYPT,
1330 ¶m_len);
1331 TEST_ASSERT(param_len == BLE_HCI_LE_START_ENCRYPT_LEN);
1332 TEST_ASSERT(get_le16(param + 0) == conn_handle);
1333 TEST_ASSERT(get_le64(param + 2) == random_number);
1334 TEST_ASSERT(get_le16(param + 10) == ediv);
1335 TEST_ASSERT(memcmp(param + 12, ltk, 16) == 0);
1336 }
1337
1338 static void
ble_sm_test_util_verify_tx_add_resolve_list(uint8_t peer_id_addr_type,uint8_t * peer_id_addr,uint8_t * peer_irk,uint8_t * our_irk)1339 ble_sm_test_util_verify_tx_add_resolve_list(uint8_t peer_id_addr_type,
1340 uint8_t *peer_id_addr,
1341 uint8_t *peer_irk,
1342 uint8_t *our_irk)
1343 {
1344 uint8_t param_len;
1345 uint8_t *param;
1346
1347 ble_hs_test_util_hci_verify_tx(BLE_HCI_OGF_LE,
1348 BLE_HCI_OCF_LE_SET_ADV_ENABLE,
1349 NULL);
1350
1351 param = ble_hs_test_util_hci_verify_tx(BLE_HCI_OGF_LE,
1352 BLE_HCI_OCF_LE_ADD_RESOLV_LIST,
1353 ¶m_len);
1354 TEST_ASSERT(param_len == BLE_HCI_ADD_TO_RESOLV_LIST_LEN);
1355 TEST_ASSERT(param[0] == peer_id_addr_type);
1356 TEST_ASSERT(memcmp(param + 1, peer_id_addr, 6) == 0);
1357
1358 /* Ensure IRKs are sent in little endian. */
1359 TEST_ASSERT(memcmp(param + 7, peer_irk, 16) == 0);
1360 TEST_ASSERT(memcmp(param + 23, our_irk, 16) == 0);
1361 }
1362
1363 void
ble_sm_test_util_io_inject(struct ble_sm_test_passkey_info * passkey_info,uint8_t cur_sm_state)1364 ble_sm_test_util_io_inject(struct ble_sm_test_passkey_info *passkey_info,
1365 uint8_t cur_sm_state)
1366 {
1367 uint8_t io_sm_state;
1368 int rc;
1369
1370 io_sm_state = ble_sm_ioact_state(passkey_info->passkey.action);
1371 if (io_sm_state != cur_sm_state) {
1372 TEST_ASSERT(ble_sm_test_ioact.action == BLE_SM_IOACT_NONE);
1373 return;
1374 }
1375
1376 TEST_ASSERT(ble_sm_test_ioact.action == passkey_info->passkey.action);
1377
1378 if (passkey_info->passkey.action == BLE_SM_IOACT_NUMCMP) {
1379 TEST_ASSERT(ble_sm_test_ioact.numcmp == passkey_info->exp_numcmp);
1380 }
1381
1382 rc = ble_sm_inject_io(2, &passkey_info->passkey);
1383 TEST_ASSERT(rc == 0);
1384
1385 ble_sm_test_ioact.action = BLE_SM_IOACT_NONE;
1386 }
1387
1388 void
ble_sm_test_util_io_inject_bad(uint16_t conn_handle,uint8_t correct_io_act)1389 ble_sm_test_util_io_inject_bad(uint16_t conn_handle, uint8_t correct_io_act)
1390 {
1391 struct ble_sm_proc *proc;
1392 struct ble_sm_io io;
1393 uint8_t io_sm_state;
1394 int already_injected;
1395 int rc;
1396 int i;
1397
1398 /* Lock mutex to prevent thread-safety assert from failing. */
1399 ble_hs_lock();
1400 proc = ble_sm_proc_find(conn_handle, BLE_SM_PROC_STATE_NONE, -1, NULL);
1401 ble_hs_unlock();
1402
1403 TEST_ASSERT_FATAL(proc != NULL);
1404
1405 io_sm_state = ble_sm_ioact_state(correct_io_act);
1406
1407 for (i = 1; i < BLE_SM_IOACT_MAX_PLUS_ONE; i++) {
1408 if (io_sm_state != proc->state ||
1409 i != correct_io_act ||
1410 proc->flags & BLE_SM_PROC_F_IO_INJECTED) {
1411
1412 already_injected = proc->flags & BLE_SM_PROC_F_IO_INJECTED;
1413
1414 io.action = i;
1415 rc = ble_sm_inject_io(conn_handle, &io);
1416
1417 if (already_injected) {
1418 TEST_ASSERT(rc == BLE_HS_EALREADY);
1419 } else {
1420 TEST_ASSERT(rc == BLE_HS_EINVAL);
1421 }
1422 }
1423 }
1424 }
1425
1426 void
ble_sm_test_util_io_check_pre(struct ble_sm_test_passkey_info * passkey_info,uint8_t cur_sm_state)1427 ble_sm_test_util_io_check_pre(struct ble_sm_test_passkey_info *passkey_info,
1428 uint8_t cur_sm_state)
1429 {
1430 uint8_t io_sm_state;
1431 int rc;
1432
1433 io_sm_state = ble_sm_ioact_state(passkey_info->passkey.action);
1434 if (io_sm_state != cur_sm_state) {
1435 return;
1436 }
1437
1438 if (!passkey_info->io_before_rx) {
1439 return;
1440 }
1441
1442 if (passkey_info->passkey.action == BLE_SM_IOACT_NUMCMP) {
1443 TEST_ASSERT(ble_sm_test_ioact.numcmp == passkey_info->exp_numcmp);
1444 }
1445
1446 rc = ble_sm_inject_io(2, &passkey_info->passkey);
1447 TEST_ASSERT(rc == 0);
1448 }
1449
1450 void
ble_sm_test_util_io_check_post(struct ble_sm_test_passkey_info * passkey_info,uint8_t cur_sm_state)1451 ble_sm_test_util_io_check_post(struct ble_sm_test_passkey_info *passkey_info,
1452 uint8_t cur_sm_state)
1453 {
1454 uint8_t io_sm_state;
1455 int rc;
1456
1457 io_sm_state = ble_sm_ioact_state(passkey_info->passkey.action);
1458 if (io_sm_state != cur_sm_state) {
1459 return;
1460 }
1461
1462 if (passkey_info->io_before_rx) {
1463 return;
1464 }
1465
1466 if (passkey_info->passkey.action == BLE_SM_IOACT_NUMCMP) {
1467 TEST_ASSERT(ble_sm_test_ioact.numcmp == passkey_info->exp_numcmp);
1468 }
1469
1470 /* Ensure response not sent until user performs IO. */
1471 TEST_ASSERT(ble_hs_test_util_prev_tx_queue_sz() == 0);
1472
1473 rc = ble_sm_inject_io(2, &passkey_info->passkey);
1474 TEST_ASSERT_FATAL(rc == 0);
1475 }
1476
1477 static void
ble_sm_test_util_verify_persist(struct ble_sm_test_params * params,int we_are_initiator)1478 ble_sm_test_util_verify_persist(struct ble_sm_test_params *params,
1479 int we_are_initiator)
1480 {
1481 struct ble_sm_test_util_entity peer_entity;
1482 struct ble_sm_test_util_entity our_entity;
1483 struct ble_store_value_sec value_sec;
1484 struct ble_store_key_sec key_sec;
1485 int csrk_expected;
1486 int ltk_expected;
1487 int peer_irk_expected;
1488 int our_irk_expected;
1489 int bonding;
1490 int sc;
1491 int rc;
1492
1493 ble_sm_test_util_params_to_entities(params, we_are_initiator,
1494 &our_entity, &peer_entity);
1495
1496 sc = params->pair_req.authreq & BLE_SM_PAIR_AUTHREQ_SC &&
1497 params->pair_rsp.authreq & BLE_SM_PAIR_AUTHREQ_SC;
1498
1499 bonding = params->pair_req.authreq & BLE_SM_PAIR_AUTHREQ_BOND &&
1500 params->pair_rsp.authreq & BLE_SM_PAIR_AUTHREQ_BOND;
1501
1502 memset(&key_sec, 0, sizeof key_sec);
1503 key_sec.peer_addr = *BLE_ADDR_ANY;
1504
1505 rc = ble_store_read_peer_sec(&key_sec, &value_sec);
1506 if (!bonding) {
1507 TEST_ASSERT(rc == BLE_HS_ENOENT);
1508 peer_irk_expected = 0;
1509 } else {
1510 TEST_ASSERT_FATAL(rc == 0);
1511
1512 ltk_expected =
1513 sc || !!(peer_entity.key_dist & BLE_SM_PAIR_KEY_DIST_ENC);
1514 peer_irk_expected =
1515 !!(peer_entity.key_dist & BLE_SM_PAIR_KEY_DIST_ID);
1516 csrk_expected =
1517 !!(peer_entity.key_dist & BLE_SM_PAIR_KEY_DIST_SIGN);
1518
1519 TEST_ASSERT(value_sec.peer_addr.type == peer_entity.id_addr_type);
1520 TEST_ASSERT(
1521 memcmp(value_sec.peer_addr.val, peer_entity.id_addr, 6) == 0);
1522 TEST_ASSERT(value_sec.ediv == peer_entity.ediv);
1523 TEST_ASSERT(value_sec.rand_num == peer_entity.rand_num);
1524 TEST_ASSERT(value_sec.authenticated == params->authenticated);
1525
1526 TEST_ASSERT(value_sec.ltk_present == ltk_expected);
1527 TEST_ASSERT(memcmp(value_sec.ltk, peer_entity.ltk, 16) == 0);
1528
1529 TEST_ASSERT(value_sec.irk_present == peer_irk_expected);
1530 if (peer_irk_expected) {
1531 TEST_ASSERT(memcmp(value_sec.irk,
1532 peer_entity.id_info->irk, 16) == 0);
1533 }
1534
1535 TEST_ASSERT(value_sec.csrk_present == csrk_expected);
1536 if (csrk_expected) {
1537 TEST_ASSERT(memcmp(value_sec.csrk,
1538 peer_entity.sign_info->sig_key, 16) == 0);
1539 }
1540 }
1541
1542 rc = ble_store_read_our_sec(&key_sec, &value_sec);
1543 if (!bonding) {
1544 TEST_ASSERT(rc == BLE_HS_ENOENT);
1545 } else {
1546 TEST_ASSERT_FATAL(rc == 0);
1547
1548 ltk_expected =
1549 sc || !!(our_entity.key_dist & BLE_SM_PAIR_KEY_DIST_ENC);
1550 our_irk_expected =
1551 !!(our_entity.key_dist & BLE_SM_PAIR_KEY_DIST_ID);
1552 csrk_expected =
1553 !!(our_entity.key_dist & BLE_SM_PAIR_KEY_DIST_SIGN);
1554
1555 TEST_ASSERT(value_sec.peer_addr.type == peer_entity.id_addr_type);
1556 TEST_ASSERT(memcmp(value_sec.peer_addr.val, peer_entity.id_addr, 6) == 0);
1557 TEST_ASSERT(value_sec.ediv == our_entity.ediv);
1558 TEST_ASSERT(value_sec.rand_num == our_entity.rand_num);
1559 TEST_ASSERT(value_sec.authenticated == params->authenticated);
1560
1561 TEST_ASSERT(value_sec.ltk_present == ltk_expected);
1562 TEST_ASSERT(memcmp(value_sec.ltk, our_entity.ltk, 16) == 0);
1563
1564 TEST_ASSERT(value_sec.irk_present == our_irk_expected);
1565 if (our_irk_expected) {
1566 TEST_ASSERT(memcmp(value_sec.irk,
1567 our_entity.id_info->irk, 16) == 0);
1568 }
1569
1570 TEST_ASSERT(value_sec.csrk_present == csrk_expected);
1571 if (csrk_expected) {
1572 TEST_ASSERT(memcmp(value_sec.csrk,
1573 our_entity.sign_info->sig_key, 16) == 0);
1574 }
1575 }
1576
1577 /* Verify no other keys were persisted. */
1578 key_sec.idx++;
1579 rc = ble_store_read_our_sec(&key_sec, &value_sec);
1580 TEST_ASSERT_FATAL(rc == BLE_HS_ENOENT);
1581 rc = ble_store_read_peer_sec(&key_sec, &value_sec);
1582 TEST_ASSERT_FATAL(rc == BLE_HS_ENOENT);
1583
1584 /* Verify we sent the peer's IRK to the controller. */
1585 if (peer_irk_expected) {
1586 ble_sm_test_util_verify_tx_add_resolve_list(peer_entity.id_addr_type,
1587 peer_entity.id_addr,
1588 peer_entity.id_info->irk,
1589 our_entity.id_info->irk);
1590 }
1591 }
1592
1593 static void
ble_sm_test_util_peer_bonding_good(int send_enc_req,uint8_t our_addr_type,uint8_t * our_rpa,uint8_t peer_addr_type,uint8_t * peer_id_addr,uint8_t * peer_rpa,uint8_t * ltk,int authenticated,uint16_t ediv,uint64_t rand_num)1594 ble_sm_test_util_peer_bonding_good(int send_enc_req,
1595 uint8_t our_addr_type,
1596 uint8_t *our_rpa,
1597 uint8_t peer_addr_type,
1598 uint8_t *peer_id_addr,
1599 uint8_t *peer_rpa,
1600 uint8_t *ltk, int authenticated,
1601 uint16_t ediv, uint64_t rand_num)
1602 {
1603 struct ble_hs_conn *conn;
1604 int rc;
1605
1606 ble_hs_test_util_create_rpa_conn(2, our_addr_type, our_rpa, peer_addr_type,
1607 peer_id_addr, peer_rpa,
1608 BLE_HS_TEST_CONN_FEAT_ALL,
1609 ble_sm_test_util_conn_cb, NULL);
1610
1611 /* This test inspects and modifies the connection object after unlocking
1612 * the host mutex. It is not OK for real code to do this, but this test
1613 * can assume the connection list is unchanging.
1614 */
1615 ble_hs_lock();
1616 conn = ble_hs_conn_find(2);
1617 TEST_ASSERT_FATAL(conn != NULL);
1618 conn->bhc_flags &= ~BLE_HS_CONN_F_MASTER;
1619 ble_hs_unlock();
1620
1621 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
1622 TEST_ASSERT(ble_sm_num_procs() == 0);
1623
1624 if (send_enc_req) {
1625 rc = ble_sm_slave_initiate(2);
1626 TEST_ASSERT(rc == 0);
1627 }
1628
1629 /* Receive a long term key request from the controller. */
1630 ble_sm_test_util_set_lt_key_req_reply_ack(0, 2);
1631 ble_sm_test_util_rx_lt_key_req(2, rand_num, ediv);
1632 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
1633
1634 /* Ensure the LTK request event got sent to the application. */
1635 TEST_ASSERT(ble_sm_test_store_obj_type == BLE_STORE_OBJ_TYPE_OUR_SEC);
1636 TEST_ASSERT(ble_sm_test_store_key.sec.peer_addr.type ==
1637 ble_hs_misc_addr_type_to_id(peer_addr_type));
1638 TEST_ASSERT(ble_sm_test_store_key.sec.ediv_rand_present);
1639 TEST_ASSERT(ble_sm_test_store_key.sec.ediv == ediv);
1640 TEST_ASSERT(ble_sm_test_store_key.sec.rand_num == rand_num);
1641
1642 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
1643 TEST_ASSERT(ble_sm_num_procs() == 1);
1644 ble_sm_test_util_io_inject_bad(2, BLE_SM_IOACT_NONE);
1645
1646 /* Ensure we sent the expected long term key request reply command. */
1647 ble_sm_test_util_verify_tx_lt_key_req_reply(2, ltk);
1648 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
1649 TEST_ASSERT(ble_sm_num_procs() == 1);
1650 ble_sm_test_util_io_inject_bad(2, BLE_SM_IOACT_NONE);
1651
1652 /* Receive an encryption changed event. */
1653 ble_sm_test_util_rx_enc_change(2, 0, 1);
1654
1655 /* Pairing should now be complete. */
1656 TEST_ASSERT(ble_sm_num_procs() == 0);
1657
1658 /* Verify that security callback was executed. */
1659 TEST_ASSERT(ble_sm_test_gap_event_type == BLE_GAP_EVENT_ENC_CHANGE);
1660 TEST_ASSERT(ble_sm_test_gap_status == 0);
1661 TEST_ASSERT(ble_sm_test_sec_state.encrypted);
1662 TEST_ASSERT(ble_sm_test_sec_state.authenticated ==
1663 authenticated);
1664
1665 /* Verify that connection has correct security state. */
1666 TEST_ASSERT(ble_sm_test_sec_state.encrypted);
1667 TEST_ASSERT(ble_sm_test_sec_state.authenticated ==
1668 authenticated);
1669
1670 ble_hs_test_util_conn_disconnect(2);
1671 }
1672
1673 void
ble_sm_test_util_peer_bonding_bad(uint16_t ediv,uint64_t rand_num)1674 ble_sm_test_util_peer_bonding_bad(uint16_t ediv, uint64_t rand_num)
1675 {
1676 struct ble_hs_conn *conn;
1677
1678 ble_sm_test_util_init();
1679
1680 ble_hs_test_util_create_conn(2, ((uint8_t[6]){1,2,3,4,5,6}),
1681 ble_sm_test_util_conn_cb,
1682 NULL);
1683
1684 /* This test inspects and modifies the connection object after unlocking
1685 * the host mutex. It is not OK for real code to do this, but this test
1686 * can assume the connection list is unchanging.
1687 */
1688 ble_hs_lock();
1689 conn = ble_hs_conn_find(2);
1690 TEST_ASSERT_FATAL(conn != NULL);
1691 conn->bhc_flags &= ~BLE_HS_CONN_F_MASTER;
1692 ble_hs_unlock();
1693
1694 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
1695 TEST_ASSERT(ble_sm_num_procs() == 0);
1696
1697 /* Receive a long term key request from the controller. */
1698 ble_sm_test_util_set_lt_key_req_neg_reply_ack(0, 2);
1699 ble_sm_test_util_rx_lt_key_req(2, rand_num, ediv);
1700 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
1701
1702 /* Ensure the LTK request event got sent to the application. */
1703 TEST_ASSERT(ble_sm_test_store_obj_type ==
1704 BLE_STORE_OBJ_TYPE_OUR_SEC);
1705 TEST_ASSERT(ble_sm_test_store_key.sec.ediv_rand_present);
1706 TEST_ASSERT(ble_sm_test_store_key.sec.ediv == ediv);
1707 TEST_ASSERT(ble_sm_test_store_key.sec.rand_num == rand_num);
1708
1709 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
1710
1711 /* Ensure we sent the expected long term key request neg reply command. */
1712 ble_sm_test_util_verify_tx_lt_key_req_neg_reply(2);
1713
1714 /* Ensure the security procedure was aborted. */
1715 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
1716 TEST_ASSERT(!conn->bhc_sec_state.authenticated);
1717 TEST_ASSERT(ble_sm_num_procs() == 0);
1718 }
1719
1720 /**
1721 * @param send_enc_req Whether this procedure is initiated by a slave
1722 * security request;
1723 * 1: Peer sends a security request at start.
1724 * 0: No security request; we initiate.
1725 */
1726 static void
ble_sm_test_util_us_bonding_good(int send_enc_req,uint8_t our_addr_type,uint8_t * our_rpa,uint8_t peer_addr_type,uint8_t * peer_id_addr,uint8_t * peer_rpa,uint8_t * ltk,int authenticated,uint16_t ediv,uint64_t rand_num)1727 ble_sm_test_util_us_bonding_good(int send_enc_req, uint8_t our_addr_type,
1728 uint8_t *our_rpa,
1729 uint8_t peer_addr_type,
1730 uint8_t *peer_id_addr, uint8_t *peer_rpa,
1731 uint8_t *ltk, int authenticated,
1732 uint16_t ediv, uint64_t rand_num)
1733 {
1734 struct ble_sm_sec_req sec_req;
1735 struct ble_hs_conn *conn;
1736
1737 ble_hs_test_util_create_rpa_conn(2, our_addr_type, our_rpa,
1738 peer_addr_type, peer_id_addr,
1739 peer_rpa, BLE_HS_TEST_CONN_FEAT_ALL,
1740 ble_sm_test_util_conn_cb, NULL);
1741
1742 /* This test inspects and modifies the connection object after unlocking
1743 * the host mutex. It is not OK for real code to do this, but this test
1744 * can assume the connection list is unchanging.
1745 */
1746 ble_hs_lock();
1747 conn = ble_hs_conn_find(2);
1748 TEST_ASSERT_FATAL(conn != NULL);
1749 ble_hs_unlock();
1750
1751 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
1752 TEST_ASSERT(ble_sm_num_procs() == 0);
1753
1754 ble_hs_test_util_hci_ack_set(
1755 ble_hs_hci_util_opcode_join(BLE_HCI_OGF_LE,
1756 BLE_HCI_OCF_LE_START_ENCRYPT),
1757 0);
1758
1759 if (send_enc_req) {
1760 sec_req.authreq = 0;
1761 sec_req.authreq |= BLE_SM_PAIR_AUTHREQ_BOND;
1762 if (authenticated) {
1763 sec_req.authreq |= BLE_SM_PAIR_AUTHREQ_MITM;
1764 }
1765 ble_sm_test_util_rx_sec_req(2, &sec_req, 0);
1766 } else {
1767 ble_gap_security_initiate(2);
1768 }
1769
1770 /* Ensure we sent the expected start encryption command. */
1771 ble_sm_test_util_verify_tx_start_enc(2, rand_num, ediv, ltk);
1772 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
1773 TEST_ASSERT(ble_sm_num_procs() == 1);
1774 ble_sm_test_util_io_inject_bad(2, BLE_SM_IOACT_NONE);
1775
1776 /* Receive an encryption changed event. */
1777 ble_sm_test_util_rx_enc_change(2, 0, 1);
1778
1779 /* Pairing should now be complete. */
1780 TEST_ASSERT(ble_sm_num_procs() == 0);
1781
1782 /* Verify that security callback was executed. */
1783 TEST_ASSERT(ble_sm_test_gap_event_type == BLE_GAP_EVENT_ENC_CHANGE);
1784 TEST_ASSERT(ble_sm_test_gap_status == 0);
1785 TEST_ASSERT(ble_sm_test_sec_state.encrypted);
1786 TEST_ASSERT(ble_sm_test_sec_state.authenticated ==
1787 authenticated);
1788
1789 /* Verify that connection has correct security state. */
1790 TEST_ASSERT(ble_sm_test_sec_state.encrypted);
1791 TEST_ASSERT(ble_sm_test_sec_state.authenticated ==
1792 authenticated);
1793
1794 ble_hs_test_util_conn_disconnect(2);
1795 }
1796
1797 void
ble_sm_test_util_peer_fail_inval(int we_are_master,uint8_t * init_id_addr,uint8_t * resp_addr,struct ble_sm_pair_cmd * pair_req,struct ble_sm_pair_fail * pair_fail)1798 ble_sm_test_util_peer_fail_inval(
1799 int we_are_master,
1800 uint8_t *init_id_addr,
1801 uint8_t *resp_addr,
1802 struct ble_sm_pair_cmd *pair_req,
1803 struct ble_sm_pair_fail *pair_fail)
1804 {
1805 struct ble_hs_conn *conn;
1806
1807 ble_sm_test_util_init();
1808 ble_hs_id_set_pub(resp_addr);
1809
1810 ble_hs_test_util_create_conn(2, init_id_addr, ble_sm_test_util_conn_cb,
1811 NULL);
1812
1813 /* This test inspects and modifies the connection object after unlocking
1814 * the host mutex. It is not OK for real code to do this, but this test
1815 * can assume the connection list is unchanging.
1816 */
1817 ble_hs_lock();
1818 conn = ble_hs_conn_find(2);
1819 TEST_ASSERT_FATAL(conn != NULL);
1820 ble_hs_unlock();
1821
1822 if (!we_are_master) {
1823 conn->bhc_flags &= ~BLE_HS_CONN_F_MASTER;
1824 }
1825
1826 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
1827 TEST_ASSERT(ble_sm_num_procs() == 0);
1828
1829 /* Receive a pair request from the peer. */
1830 ble_sm_test_util_rx_pair_req(2, pair_req,
1831 BLE_HS_SM_US_ERR(pair_fail->reason));
1832 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
1833 TEST_ASSERT(ble_sm_num_procs() == 0);
1834
1835 /* Ensure we sent the expected pair fail. */
1836 ble_sm_test_util_verify_tx_pair_fail(pair_fail);
1837 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
1838 TEST_ASSERT(ble_sm_num_procs() == 0);
1839
1840 /* Verify that security callback was not executed. */
1841 TEST_ASSERT(ble_sm_test_gap_event_type == -1);
1842 TEST_ASSERT(ble_sm_test_gap_status == -1);
1843
1844 /* Verify that connection has correct security state. */
1845 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
1846 TEST_ASSERT(!conn->bhc_sec_state.authenticated);
1847 }
1848
1849 void
ble_sm_test_util_peer_lgcy_fail_confirm(uint8_t * init_id_addr,uint8_t * resp_addr,struct ble_sm_pair_cmd * pair_req,struct ble_sm_pair_cmd * pair_rsp,struct ble_sm_pair_confirm * confirm_req,struct ble_sm_pair_confirm * confirm_rsp,struct ble_sm_pair_random * random_req,struct ble_sm_pair_random * random_rsp,struct ble_sm_pair_fail * fail_rsp)1850 ble_sm_test_util_peer_lgcy_fail_confirm(
1851 uint8_t *init_id_addr,
1852 uint8_t *resp_addr,
1853 struct ble_sm_pair_cmd *pair_req,
1854 struct ble_sm_pair_cmd *pair_rsp,
1855 struct ble_sm_pair_confirm *confirm_req,
1856 struct ble_sm_pair_confirm *confirm_rsp,
1857 struct ble_sm_pair_random *random_req,
1858 struct ble_sm_pair_random *random_rsp,
1859 struct ble_sm_pair_fail *fail_rsp)
1860 {
1861 struct ble_hs_conn *conn;
1862
1863 ble_sm_test_util_init();
1864 ble_hs_id_set_pub(resp_addr);
1865 ble_sm_dbg_set_next_pair_rand(random_rsp->value);
1866
1867 if (pair_rsp->authreq & BLE_SM_PAIR_AUTHREQ_SC) {
1868 ble_hs_cfg.sm_sc = 1;
1869 } else {
1870 ble_hs_cfg.sm_sc = 0;
1871 }
1872
1873 ble_hs_test_util_create_conn(2, init_id_addr, ble_sm_test_util_conn_cb,
1874 NULL);
1875
1876 /* This test inspects and modifies the connection object after unlocking
1877 * the host mutex. It is not OK for real code to do this, but this test
1878 * can assume the connection list is unchanging.
1879 */
1880 ble_hs_lock();
1881 conn = ble_hs_conn_find(2);
1882 TEST_ASSERT_FATAL(conn != NULL);
1883 ble_hs_unlock();
1884
1885 /* Peer is the initiator so we must be the slave. */
1886 conn->bhc_flags &= ~BLE_HS_CONN_F_MASTER;
1887
1888 TEST_ASSERT(ble_sm_num_procs() == 0);
1889
1890 /* Receive a pair request from the peer. */
1891 ble_sm_test_util_rx_pair_req(2, pair_req, 0);
1892 TEST_ASSERT(ble_sm_num_procs() == 1);
1893 ble_sm_test_util_io_inject_bad(2, BLE_SM_IOACT_NONE);
1894
1895 /* Ensure we sent the expected pair response. */
1896 ble_sm_test_util_verify_tx_pair_rsp(pair_rsp);
1897 TEST_ASSERT(ble_sm_num_procs() == 1);
1898 ble_sm_test_util_io_inject_bad(2, BLE_SM_IOACT_NONE);
1899
1900 /* Receive a pair confirm from the peer. */
1901 ble_sm_test_util_rx_confirm(2, confirm_req);
1902 TEST_ASSERT(ble_sm_num_procs() == 1);
1903 ble_sm_test_util_io_inject_bad(2, BLE_SM_IOACT_NONE);
1904
1905 /* Ensure we sent the expected pair confirm. */
1906 ble_sm_test_util_verify_tx_pair_confirm(confirm_rsp);
1907 TEST_ASSERT(ble_sm_num_procs() == 1);
1908 ble_sm_test_util_io_inject_bad(2, BLE_SM_IOACT_NONE);
1909
1910 /* Receive a pair random from the peer. */
1911 ble_sm_test_util_rx_random(
1912 2, random_req, BLE_HS_SM_US_ERR(BLE_SM_ERR_CONFIRM_MISMATCH));
1913
1914 /* Ensure we sent the expected pair fail. */
1915 ble_sm_test_util_verify_tx_pair_fail(fail_rsp);
1916
1917 /* The proc should now be freed. */
1918 TEST_ASSERT(ble_sm_num_procs() == 0);
1919
1920 /* Verify that security callback was executed. */
1921 TEST_ASSERT(ble_sm_test_gap_event_type == BLE_GAP_EVENT_ENC_CHANGE);
1922 TEST_ASSERT(ble_sm_test_gap_status ==
1923 BLE_HS_SM_US_ERR(BLE_SM_ERR_CONFIRM_MISMATCH));
1924 TEST_ASSERT(!ble_sm_test_sec_state.encrypted);
1925 TEST_ASSERT(!ble_sm_test_sec_state.authenticated);
1926
1927 /* Verify that connection has correct security state. */
1928 TEST_ASSERT(ble_sm_test_sec_state.encrypted ==
1929 conn->bhc_sec_state.encrypted);
1930 TEST_ASSERT(ble_sm_test_sec_state.authenticated ==
1931 conn->bhc_sec_state.authenticated);
1932 }
1933
1934 static void
ble_sm_test_util_bonding_all(struct ble_sm_test_params * params,int we_are_original_initiator)1935 ble_sm_test_util_bonding_all(struct ble_sm_test_params *params,
1936 int we_are_original_initiator)
1937 {
1938 struct ble_sm_test_util_entity peer_entity;
1939 struct ble_sm_test_util_entity our_entity;
1940 int sc;
1941
1942 if (!(params->pair_req.authreq & BLE_SM_PAIR_AUTHREQ_BOND) ||
1943 !(params->pair_rsp.authreq & BLE_SM_PAIR_AUTHREQ_BOND)) {
1944
1945 /* Bonding not performed. */
1946 return;
1947 }
1948
1949 sc = params->pair_req.authreq & BLE_SM_PAIR_AUTHREQ_SC &&
1950 params->pair_rsp.authreq & BLE_SM_PAIR_AUTHREQ_SC;
1951
1952 ble_sm_test_util_params_to_entities(params, we_are_original_initiator,
1953 &our_entity, &peer_entity);
1954
1955 if (sc || peer_entity.key_dist & BLE_SM_PAIR_KEY_DIST_ENC) {
1956 /* We are master; we initiate procedure. */
1957 ble_sm_test_util_us_bonding_good(0, our_entity.addr_type,
1958 our_entity.rpa,
1959 peer_entity.addr_type,
1960 peer_entity.id_addr,
1961 peer_entity.rpa,
1962 peer_entity.ltk,
1963 params->authenticated,
1964 peer_entity.ediv,
1965 peer_entity.rand_num);
1966
1967 /* We are master; peer initiates procedure via security request. */
1968 ble_sm_test_util_us_bonding_good(1, our_entity.addr_type,
1969 our_entity.rpa,
1970 peer_entity.addr_type,
1971 peer_entity.id_addr,
1972 peer_entity.rpa,
1973 peer_entity.ltk,
1974 params->authenticated,
1975 peer_entity.ediv,
1976 peer_entity.rand_num);
1977 }
1978
1979 if (sc || our_entity.key_dist & BLE_SM_PAIR_KEY_DIST_ENC) {
1980 /* Peer is master; peer initiates procedure. */
1981 ble_sm_test_util_peer_bonding_good(0, our_entity.addr_type,
1982 our_entity.rpa,
1983 peer_entity.addr_type,
1984 peer_entity.id_addr,
1985 peer_entity.rpa,
1986 our_entity.ltk,
1987 params->authenticated,
1988 our_entity.ediv,
1989 our_entity.rand_num);
1990
1991 /* Peer is master; we initiate procedure via security request. */
1992 ble_sm_test_util_peer_bonding_good(1, our_entity.addr_type,
1993 our_entity.rpa,
1994 peer_entity.addr_type,
1995 peer_entity.id_addr,
1996 peer_entity.rpa,
1997 our_entity.ltk,
1998 params->authenticated,
1999 our_entity.ediv,
2000 our_entity.rand_num);
2001 }
2002 }
2003
2004 static void
ble_sm_test_util_rx_keys(struct ble_sm_test_params * params,int we_are_initiator)2005 ble_sm_test_util_rx_keys(struct ble_sm_test_params *params,
2006 int we_are_initiator)
2007 {
2008 struct ble_sm_id_addr_info *peer_id_addr_info;
2009 struct ble_sm_sign_info *peer_sign_info;
2010 struct ble_sm_master_id *peer_master_id;
2011 struct ble_sm_enc_info *peer_enc_info;
2012 struct ble_sm_id_info *peer_id_info;
2013 uint8_t peer_key_dist;
2014 int sc;
2015
2016 if (we_are_initiator) {
2017 peer_key_dist = params->pair_rsp.resp_key_dist;
2018 peer_id_addr_info = ¶ms->id_addr_info_req;
2019 peer_sign_info = ¶ms->sign_info_req;
2020 peer_master_id = ¶ms->master_id_req;
2021 peer_enc_info = ¶ms->enc_info_req;
2022 peer_id_info = ¶ms->id_info_req;
2023 } else {
2024 peer_key_dist = params->pair_rsp.init_key_dist;
2025 peer_id_addr_info = ¶ms->id_addr_info_rsp;
2026 peer_sign_info = ¶ms->sign_info_rsp;
2027 peer_master_id = ¶ms->master_id_rsp;
2028 peer_enc_info = ¶ms->enc_info_rsp;
2029 peer_id_info = ¶ms->id_info_rsp;
2030 }
2031
2032 sc = params->pair_req.authreq & BLE_SM_PAIR_AUTHREQ_SC &&
2033 params->pair_rsp.authreq & BLE_SM_PAIR_AUTHREQ_SC;
2034
2035 /* Receive key material from peer. */
2036 if (!sc && (peer_key_dist & BLE_SM_PAIR_KEY_DIST_ENC)) {
2037 ble_sm_test_util_rx_enc_info(2, peer_enc_info, 0);
2038 ble_sm_test_util_rx_master_id(2, peer_master_id, 0);
2039 }
2040 if (peer_key_dist & BLE_SM_PAIR_KEY_DIST_ID) {
2041
2042 ble_hs_test_util_hci_ack_set_seq(((struct ble_hs_test_util_hci_ack[]) {
2043 {
2044 .opcode = ble_hs_hci_util_opcode_join(
2045 BLE_HCI_OGF_LE, BLE_HCI_OCF_LE_SET_ADV_ENABLE),
2046 },
2047 {
2048 .opcode = ble_hs_hci_util_opcode_join(
2049 BLE_HCI_OGF_LE, BLE_HCI_OCF_LE_ADD_RESOLV_LIST),
2050 },
2051 {
2052 .opcode = ble_hs_hci_util_opcode_join(
2053 BLE_HCI_OGF_LE, BLE_HCI_OCF_LE_SET_PRIVACY_MODE),
2054 },
2055 { 0 }
2056 }));
2057
2058 ble_sm_test_util_rx_id_info(2, peer_id_info, 0);
2059 ble_sm_test_util_rx_id_addr_info(2, peer_id_addr_info, 0);
2060 }
2061 if (peer_key_dist & BLE_SM_PAIR_KEY_DIST_SIGN) {
2062 ble_sm_test_util_rx_sign_info(2, peer_sign_info, 0);
2063 }
2064 }
2065
2066 static void
ble_sm_test_util_verify_tx_keys(struct ble_sm_test_params * params,int we_are_initiator)2067 ble_sm_test_util_verify_tx_keys(struct ble_sm_test_params *params,
2068 int we_are_initiator)
2069 {
2070 struct ble_sm_id_addr_info *our_id_addr_info;
2071 struct ble_sm_sign_info *our_sign_info;
2072 struct ble_sm_master_id *our_master_id;
2073 struct ble_sm_enc_info *our_enc_info;
2074 struct ble_sm_id_info *our_id_info;
2075 uint8_t our_key_dist;
2076 int sc;
2077
2078 if (we_are_initiator) {
2079 our_key_dist = params->pair_rsp.init_key_dist;
2080 our_id_addr_info = ¶ms->id_addr_info_rsp;
2081 our_sign_info = ¶ms->sign_info_rsp;
2082 our_master_id = ¶ms->master_id_rsp;
2083 our_enc_info = ¶ms->enc_info_rsp;
2084 our_id_info = ¶ms->id_info_rsp;
2085 } else {
2086 our_key_dist = params->pair_rsp.resp_key_dist;
2087 our_id_addr_info = ¶ms->id_addr_info_req;
2088 our_sign_info = ¶ms->sign_info_req;
2089 our_master_id = ¶ms->master_id_req;
2090 our_enc_info = ¶ms->enc_info_req;
2091 our_id_info = ¶ms->id_info_req;
2092 }
2093
2094 sc = params->pair_req.authreq & BLE_SM_PAIR_AUTHREQ_SC &&
2095 params->pair_rsp.authreq & BLE_SM_PAIR_AUTHREQ_SC;
2096
2097 if (!sc && our_key_dist & BLE_SM_PAIR_KEY_DIST_ENC) {
2098 ble_sm_test_util_verify_tx_enc_info(our_enc_info);
2099 ble_sm_test_util_verify_tx_master_id(our_master_id);
2100 }
2101 if (our_key_dist & BLE_SM_PAIR_KEY_DIST_ID) {
2102 ble_sm_test_util_verify_tx_id_info(our_id_info);
2103 ble_sm_test_util_verify_tx_id_addr_info(our_id_addr_info);
2104 }
2105 if (our_key_dist & BLE_SM_PAIR_KEY_DIST_SIGN) {
2106 ble_sm_test_util_verify_tx_sign_info(our_sign_info);
2107 }
2108 }
2109
2110 static void
ble_sm_test_util_us_lgcy_good_once_no_init(struct ble_sm_test_params * params,struct ble_hs_conn * conn,struct ble_sm_test_util_entity * our_entity,struct ble_sm_test_util_entity * peer_entity)2111 ble_sm_test_util_us_lgcy_good_once_no_init(
2112 struct ble_sm_test_params *params,
2113 struct ble_hs_conn *conn,
2114 struct ble_sm_test_util_entity *our_entity,
2115 struct ble_sm_test_util_entity *peer_entity)
2116 {
2117 int rc;
2118
2119 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2120 TEST_ASSERT(ble_sm_num_procs() == 0);
2121
2122 ble_hs_test_util_hci_ack_set(
2123 ble_hs_hci_util_opcode_join(BLE_HCI_OGF_LE,
2124 BLE_HCI_OCF_LE_START_ENCRYPT), 0);
2125 if (params->sec_req.authreq != 0) {
2126 ble_sm_test_util_rx_sec_req(2, ¶ms->sec_req, 0);
2127 } else {
2128 /* Initiate the pairing procedure. */
2129 rc = ble_gap_security_initiate(2);
2130 TEST_ASSERT_FATAL(rc == 0);
2131 }
2132
2133 /* Ensure we sent the expected pair request. */
2134 ble_sm_test_util_verify_tx_pair_req(our_entity->pair_cmd);
2135 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2136 TEST_ASSERT(ble_sm_num_procs() == 1);
2137 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2138
2139 /* Receive a pair response from the peer. */
2140 ble_sm_test_util_rx_pair_rsp(2, peer_entity->pair_cmd, 0);
2141 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2142 TEST_ASSERT(ble_sm_num_procs() == 1);
2143 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2144
2145 ble_sm_test_util_io_inject(¶ms->passkey_info,
2146 BLE_SM_PROC_STATE_CONFIRM);
2147
2148 /* Ensure we sent the expected pair confirm. */
2149 ble_sm_test_util_verify_tx_pair_confirm(our_entity->confirms);
2150 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2151 TEST_ASSERT(ble_sm_num_procs() == 1);
2152 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2153
2154 /* Receive a pair confirm from the peer. */
2155 ble_sm_test_util_rx_confirm(2, peer_entity->confirms);
2156 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2157 TEST_ASSERT(ble_sm_num_procs() == 1);
2158 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2159
2160 /* Ensure we sent the expected pair random. */
2161 ble_sm_test_util_verify_tx_pair_random(our_entity->randoms);
2162 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2163 TEST_ASSERT(ble_sm_num_procs() == 1);
2164 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2165
2166 /* Receive a pair random from the peer. */
2167 ble_sm_test_util_rx_random(2, peer_entity->randoms, 0);
2168 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2169 TEST_ASSERT(ble_sm_num_procs() == 1);
2170 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2171
2172 /* Ensure we sent the expected start encryption command. */
2173 ble_sm_test_util_verify_tx_start_enc(2, 0, 0, params->stk);
2174 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2175 TEST_ASSERT(ble_sm_num_procs() == 1);
2176 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2177
2178 /* Receive an encryption changed event. */
2179 ble_sm_test_util_rx_enc_change(2, 0, 1);
2180
2181 /* Receive key material from peer. */
2182 ble_sm_test_util_rx_keys(params, 1);
2183
2184 /* Verify key material gets sent to peer. */
2185 ble_sm_test_util_verify_tx_keys(params, 1);
2186
2187 /* Pairing should now be complete. */
2188 TEST_ASSERT(ble_sm_num_procs() == 0);
2189
2190 /* Verify that security callback was executed. */
2191 TEST_ASSERT(ble_sm_test_gap_event_type == BLE_GAP_EVENT_ENC_CHANGE);
2192 TEST_ASSERT(ble_sm_test_gap_status == 0);
2193 TEST_ASSERT(ble_sm_test_sec_state.encrypted);
2194 TEST_ASSERT(ble_sm_test_sec_state.authenticated == params->authenticated);
2195
2196 /* Verify that connection has correct security state. */
2197 TEST_ASSERT(ble_sm_test_sec_state.encrypted ==
2198 conn->bhc_sec_state.encrypted);
2199 TEST_ASSERT(ble_sm_test_sec_state.authenticated ==
2200 conn->bhc_sec_state.authenticated);
2201
2202 /* Verify the appropriate security material was persisted. */
2203 ble_sm_test_util_verify_persist(params, 1);
2204
2205 ble_hs_test_util_conn_disconnect(2);
2206 }
2207
2208 static void
ble_sm_test_util_us_lgcy_good_once(struct ble_sm_test_params * params)2209 ble_sm_test_util_us_lgcy_good_once(struct ble_sm_test_params *params)
2210 {
2211 struct ble_sm_test_util_entity peer_entity;
2212 struct ble_sm_test_util_entity our_entity;
2213 struct ble_hs_conn *conn;
2214
2215 ble_sm_test_util_init_good(params, 1, &conn, &our_entity, &peer_entity);
2216 ble_sm_test_util_us_lgcy_good_once_no_init(
2217 params, conn, &our_entity, &peer_entity);
2218 }
2219
2220 void
ble_sm_test_util_us_lgcy_good(struct ble_sm_test_params * params)2221 ble_sm_test_util_us_lgcy_good(struct ble_sm_test_params *params)
2222 {
2223 ble_addr_t peer_addr;
2224 int rc;
2225
2226 /*** We are master. */
2227
2228 /* We initiate pairing. */
2229 params->sec_req.authreq = 0;
2230 ble_sm_test_util_us_lgcy_good_once(params);
2231
2232 /* Peer initiates with security request. */
2233 params->sec_req.authreq = params->pair_rsp.authreq;
2234 ble_sm_test_util_us_lgcy_good_once(params);
2235
2236 /* Verify link can be restored via the encryption procedure. */
2237 ble_sm_test_util_bonding_all(params, 1);
2238
2239 /* Verify programmatic unbonding. */
2240 peer_addr.type = ble_hs_misc_addr_type_to_id(params->resp_addr_type);
2241 memcpy(peer_addr.val, params->resp_id_addr, sizeof peer_addr.val);
2242 rc = ble_store_util_delete_peer(&peer_addr);
2243 TEST_ASSERT(rc == 0);
2244
2245 TEST_ASSERT(ble_hs_test_util_num_our_secs() == 0);
2246 TEST_ASSERT(ble_hs_test_util_num_peer_secs() == 0);
2247 }
2248
2249 void
ble_sm_test_util_peer_lgcy_good_once_no_init(struct ble_sm_test_params * params,struct ble_hs_conn * conn,struct ble_sm_test_util_entity * our_entity,struct ble_sm_test_util_entity * peer_entity)2250 ble_sm_test_util_peer_lgcy_good_once_no_init(
2251 struct ble_sm_test_params *params,
2252 struct ble_hs_conn *conn,
2253 struct ble_sm_test_util_entity *our_entity,
2254 struct ble_sm_test_util_entity *peer_entity)
2255 {
2256 int rc;
2257
2258 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2259 TEST_ASSERT(ble_sm_num_procs() == 0);
2260
2261 if (params->sec_req.authreq != 0) {
2262 rc = ble_sm_slave_initiate(2);
2263 TEST_ASSERT(rc == 0);
2264
2265 /* Ensure we sent the expected security request. */
2266 ble_sm_test_util_verify_tx_sec_req(¶ms->sec_req);
2267 }
2268
2269 /* Receive a pair request from the peer. */
2270 ble_sm_test_util_rx_pair_req(2, peer_entity->pair_cmd, 0);
2271 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2272 TEST_ASSERT(ble_sm_num_procs() == 1);
2273 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2274
2275 /* Ensure we sent the expected pair response. */
2276 ble_sm_test_util_verify_tx_pair_rsp(our_entity->pair_cmd);
2277 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2278 TEST_ASSERT(ble_sm_num_procs() == 1);
2279 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2280
2281 ble_sm_test_util_io_check_pre(¶ms->passkey_info,
2282 BLE_SM_PROC_STATE_CONFIRM);
2283
2284 /* Receive a pair confirm from the peer. */
2285 ble_sm_test_util_rx_confirm(2, peer_entity->confirms);
2286 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2287 TEST_ASSERT(ble_sm_num_procs() == 1);
2288 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2289
2290 ble_sm_test_util_io_check_post(¶ms->passkey_info,
2291 BLE_SM_PROC_STATE_CONFIRM);
2292
2293 /* Ensure we sent the expected pair confirm. */
2294 ble_sm_test_util_verify_tx_pair_confirm(our_entity->confirms);
2295 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2296 TEST_ASSERT(ble_sm_num_procs() == 1);
2297 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2298
2299 /* Receive a pair random from the peer. */
2300 ble_sm_test_util_rx_random(2, peer_entity->randoms, 0);
2301 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2302 TEST_ASSERT(ble_sm_num_procs() == 1);
2303 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2304
2305 /* Ensure we sent the expected pair random. */
2306 ble_sm_test_util_verify_tx_pair_random(our_entity->randoms);
2307 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2308 TEST_ASSERT(ble_sm_num_procs() == 1);
2309 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2310
2311 /* Receive a long term key request from the controller. */
2312 ble_sm_test_util_set_lt_key_req_reply_ack(0, 2);
2313 ble_sm_test_util_rx_lt_key_req(2, 0, 0);
2314 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2315 TEST_ASSERT(ble_sm_num_procs() == 1);
2316 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2317
2318 /* Ensure we sent the expected long term key request reply command. */
2319 ble_sm_test_util_verify_tx_lt_key_req_reply(2, params->stk);
2320 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2321 TEST_ASSERT(ble_sm_num_procs() == 1);
2322 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2323
2324 /* Receive an encryption changed event. */
2325 ble_sm_test_util_rx_enc_change(2, 0, 1);
2326
2327 /* Verify key material gets sent to peer. */
2328 ble_sm_test_util_verify_tx_keys(params, 0);
2329
2330 /* Receive key material from peer. */
2331 ble_sm_test_util_rx_keys(params, 0);
2332
2333 /* Pairing should now be complete. */
2334 TEST_ASSERT(ble_sm_num_procs() == 0);
2335
2336 /* Verify that security callback was executed. */
2337 TEST_ASSERT(ble_sm_test_gap_event_type == BLE_GAP_EVENT_ENC_CHANGE);
2338 TEST_ASSERT(ble_sm_test_gap_status == 0);
2339 TEST_ASSERT(ble_sm_test_sec_state.encrypted);
2340 TEST_ASSERT(ble_sm_test_sec_state.authenticated ==
2341 params->authenticated);
2342
2343 /* Verify that connection has correct security state. */
2344 TEST_ASSERT(ble_sm_test_sec_state.encrypted ==
2345 conn->bhc_sec_state.encrypted);
2346 TEST_ASSERT(ble_sm_test_sec_state.authenticated ==
2347 conn->bhc_sec_state.authenticated);
2348
2349 /* Verify the appropriate security material was persisted. */
2350 ble_sm_test_util_verify_persist(params, 0);
2351
2352 ble_hs_test_util_conn_disconnect(2);
2353 }
2354
2355 void
ble_sm_test_util_peer_lgcy_good_once(struct ble_sm_test_params * params)2356 ble_sm_test_util_peer_lgcy_good_once(struct ble_sm_test_params *params)
2357 {
2358 struct ble_sm_test_util_entity peer_entity;
2359 struct ble_sm_test_util_entity our_entity;
2360 struct ble_hs_conn *conn;
2361
2362 ble_sm_test_util_init_good(params, 0, &conn, &our_entity, &peer_entity);
2363 ble_sm_test_util_peer_lgcy_good_once_no_init(
2364 params, conn, &our_entity, &peer_entity);
2365 }
2366
2367 void
ble_sm_test_util_peer_lgcy_good(struct ble_sm_test_params * params)2368 ble_sm_test_util_peer_lgcy_good(struct ble_sm_test_params *params)
2369 {
2370 ble_addr_t peer_addr;
2371 int rc;
2372
2373 /*** Peer is master. */
2374
2375 /* Peer performs IO first; peer initiates pairing. */
2376 params->passkey_info.io_before_rx = 0;
2377 params->sec_req.authreq = 0;
2378 ble_sm_test_util_peer_lgcy_good_once(params);
2379
2380 /* Peer performs IO first; we initiate with security request. */
2381 params->passkey_info.io_before_rx = 0;
2382 params->sec_req.authreq = params->pair_rsp.authreq;
2383 ble_sm_test_util_peer_lgcy_good_once(params);
2384
2385 /* We perform IO first; peer initiates pairing. */
2386 params->passkey_info.io_before_rx = 1;
2387 params->sec_req.authreq = 0;
2388 ble_sm_test_util_peer_lgcy_good_once(params);
2389
2390 /* We perform IO first; we initiate with security request. */
2391 params->passkey_info.io_before_rx = 1;
2392 params->sec_req.authreq = params->pair_rsp.authreq;
2393 ble_sm_test_util_peer_lgcy_good_once(params);
2394
2395 /* Verify link can be restored via the encryption procedure. */
2396 ble_sm_test_util_bonding_all(params, 0);
2397
2398 /* Verify repeating pairing event generated when peer attempts to pair
2399 * while bonded.
2400 */
2401 ble_sm_test_util_repeat_pairing(params, 0);
2402
2403 /* Verify programmatic unbonding. */
2404 peer_addr.type = ble_hs_misc_addr_type_to_id(params->init_addr_type);
2405 memcpy(peer_addr.val, params->init_id_addr, sizeof peer_addr.val);
2406 rc = ble_store_util_delete_peer(&peer_addr);
2407 TEST_ASSERT(rc == 0);
2408
2409 TEST_ASSERT(ble_hs_test_util_num_our_secs() == 0);
2410 TEST_ASSERT(ble_hs_test_util_num_peer_secs() == 0);
2411 }
2412
2413 static void
ble_sm_test_util_us_sc_good_once_no_init(struct ble_sm_test_params * params,struct ble_hs_conn * conn,struct ble_sm_test_util_entity * our_entity,struct ble_sm_test_util_entity * peer_entity)2414 ble_sm_test_util_us_sc_good_once_no_init(
2415 struct ble_sm_test_params *params,
2416 struct ble_hs_conn *conn,
2417 struct ble_sm_test_util_entity *our_entity,
2418 struct ble_sm_test_util_entity *peer_entity)
2419 {
2420 int num_iters;
2421 int rc;
2422 int i;
2423
2424 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2425 TEST_ASSERT(ble_sm_num_procs() == 0);
2426
2427 ble_hs_test_util_hci_ack_set(
2428 ble_hs_hci_util_opcode_join(BLE_HCI_OGF_LE,
2429 BLE_HCI_OCF_LE_START_ENCRYPT), 0);
2430 if (params->sec_req.authreq != 0) {
2431 ble_sm_test_util_rx_sec_req(2, ¶ms->sec_req, 0);
2432 } else {
2433 /* Initiate the pairing procedure. */
2434 rc = ble_gap_security_initiate(2);
2435 TEST_ASSERT_FATAL(rc == 0);
2436 }
2437
2438 /* Ensure we sent the expected pair request. */
2439 ble_sm_test_util_verify_tx_pair_req(our_entity->pair_cmd);
2440 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2441 TEST_ASSERT(ble_sm_num_procs() == 1);
2442 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2443
2444 /* Receive a pair response from the peer. */
2445 ble_sm_test_util_rx_pair_rsp(2, peer_entity->pair_cmd, 0);
2446 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2447 TEST_ASSERT(ble_sm_num_procs() == 1);
2448 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2449
2450 /* Ensure we sent the expected public key. */
2451 ble_sm_test_util_verify_tx_public_key(our_entity->public_key);
2452 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2453 TEST_ASSERT(ble_sm_num_procs() == 1);
2454 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2455
2456 /* Receive a public key from the peer. */
2457 ble_sm_test_util_rx_public_key(2, peer_entity->public_key);
2458 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2459 TEST_ASSERT(ble_sm_num_procs() == 1);
2460 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2461
2462 switch (params->pair_alg) {
2463 case BLE_SM_PAIR_ALG_PASSKEY:
2464 num_iters = 20;
2465 break;
2466
2467 default:
2468 num_iters = 1;
2469 break;
2470 }
2471
2472 ble_sm_test_util_io_inject(¶ms->passkey_info,
2473 BLE_SM_PROC_STATE_CONFIRM);
2474
2475 for (i = 0; i < num_iters; i++) {
2476 if (params->pair_alg != BLE_SM_PAIR_ALG_JW &&
2477 params->pair_alg != BLE_SM_PAIR_ALG_NUMCMP) {
2478
2479 if (i < num_iters - 1) {
2480 ble_sm_dbg_set_next_pair_rand(
2481 our_entity->randoms[i + 1].value);
2482 }
2483
2484 /* Ensure we sent the expected pair confirm. */
2485 ble_sm_test_util_verify_tx_pair_confirm(our_entity->confirms + i);
2486 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2487 TEST_ASSERT(ble_sm_num_procs() == 1);
2488 ble_sm_test_util_io_inject_bad(
2489 2, params->passkey_info.passkey.action);
2490 }
2491
2492 /* Receive a pair confirm from the peer. */
2493 ble_sm_test_util_rx_confirm(2, peer_entity->confirms + i);
2494 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2495 TEST_ASSERT(ble_sm_num_procs() == 1);
2496 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2497
2498 /* Ensure we sent the expected pair random. */
2499 ble_sm_test_util_verify_tx_pair_random(our_entity->randoms + i);
2500 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2501 TEST_ASSERT(ble_sm_num_procs() == 1);
2502 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2503
2504 /* Receive a pair random from the peer. */
2505 ble_sm_test_util_rx_random(2, peer_entity->randoms + i, 0);
2506 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2507 TEST_ASSERT(ble_sm_num_procs() == 1);
2508 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2509 }
2510
2511 ble_sm_test_util_io_inject(¶ms->passkey_info,
2512 BLE_SM_PROC_STATE_DHKEY_CHECK);
2513
2514 /* Ensure we sent the expected dhkey check. */
2515 ble_sm_test_util_verify_tx_dhkey_check(our_entity->dhkey_check);
2516 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2517 TEST_ASSERT(ble_sm_num_procs() == 1);
2518 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2519
2520 /* Receive a dhkey check from the peer. */
2521 ble_sm_test_util_rx_dhkey_check(2, peer_entity->dhkey_check, 0);
2522 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2523 TEST_ASSERT(ble_sm_num_procs() == 1);
2524 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2525
2526 /* Ensure we sent the expected start encryption command. */
2527 ble_sm_test_util_verify_tx_start_enc(2, 0, 0, params->ltk);
2528 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2529 TEST_ASSERT(ble_sm_num_procs() == 1);
2530 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2531
2532 /* Receive an encryption changed event. */
2533 ble_sm_test_util_rx_enc_change(2, 0, 1);
2534
2535 /* Receive key material from peer. */
2536 ble_sm_test_util_rx_keys(params, 1);
2537
2538 /* Verify key material gets sent to peer. */
2539 ble_sm_test_util_verify_tx_keys(params, 1);
2540
2541 /* Pairing should now be complete. */
2542 TEST_ASSERT(ble_sm_num_procs() == 0);
2543
2544 /* Verify that security callback was executed. */
2545 TEST_ASSERT(ble_sm_test_gap_event_type == BLE_GAP_EVENT_ENC_CHANGE);
2546 TEST_ASSERT(ble_sm_test_gap_status == 0);
2547 TEST_ASSERT(ble_sm_test_sec_state.encrypted);
2548 TEST_ASSERT(ble_sm_test_sec_state.authenticated ==
2549 params->authenticated);
2550
2551 /* Verify that connection has correct security state. */
2552 TEST_ASSERT(ble_sm_test_sec_state.encrypted ==
2553 conn->bhc_sec_state.encrypted);
2554 TEST_ASSERT(ble_sm_test_sec_state.authenticated ==
2555 conn->bhc_sec_state.authenticated);
2556
2557 /* Verify the appropriate security material was persisted. */
2558 ble_sm_test_util_verify_persist(params, 1);
2559
2560 ble_hs_test_util_conn_disconnect(2);
2561 }
2562
2563 static void
ble_sm_test_util_us_sc_good_once(struct ble_sm_test_params * params)2564 ble_sm_test_util_us_sc_good_once(struct ble_sm_test_params *params)
2565 {
2566 struct ble_sm_test_util_entity peer_entity;
2567 struct ble_sm_test_util_entity our_entity;
2568 struct ble_hs_conn *conn;
2569
2570 ble_sm_test_util_init_good(params, 1, &conn, &our_entity, &peer_entity);
2571 ble_sm_test_util_us_sc_good_once_no_init(
2572 params, conn, &our_entity, &peer_entity);
2573 }
2574
2575 void
ble_sm_test_util_us_sc_good(struct ble_sm_test_params * params)2576 ble_sm_test_util_us_sc_good(struct ble_sm_test_params *params)
2577 {
2578 ble_addr_t peer_addr;
2579 int rc;
2580
2581 /*** We are master. */
2582
2583 /* We initiate pairing. */
2584 params->passkey_info.io_before_rx = 0;
2585 params->sec_req.authreq = 0;
2586 ble_sm_test_util_us_sc_good_once(params);
2587
2588 /* Peer initiates with security request. */
2589 params->passkey_info.io_before_rx = 0;
2590 params->sec_req.authreq = params->pair_rsp.authreq;
2591 ble_sm_test_util_us_sc_good_once(params);
2592
2593 /* Verify link can be restored via the encryption procedure. */
2594 ble_sm_test_util_bonding_all(params, 1);
2595
2596 /* Verify programmatic unbonding. */
2597 peer_addr.type = ble_hs_misc_addr_type_to_id(params->resp_addr_type);
2598 memcpy(peer_addr.val, params->resp_id_addr, sizeof peer_addr.val);
2599 rc = ble_store_util_delete_peer(&peer_addr);
2600 TEST_ASSERT(rc == 0);
2601
2602 TEST_ASSERT(ble_hs_test_util_num_our_secs() == 0);
2603 TEST_ASSERT(ble_hs_test_util_num_peer_secs() == 0);
2604 }
2605
2606 static void
ble_sm_test_util_peer_sc_good_once_no_init(struct ble_sm_test_params * params,struct ble_hs_conn * conn,struct ble_sm_test_util_entity * our_entity,struct ble_sm_test_util_entity * peer_entity)2607 ble_sm_test_util_peer_sc_good_once_no_init(
2608 struct ble_sm_test_params *params,
2609 struct ble_hs_conn *conn,
2610 struct ble_sm_test_util_entity *our_entity,
2611 struct ble_sm_test_util_entity *peer_entity)
2612 {
2613 int num_iters;
2614 int rc;
2615 int i;
2616
2617 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2618 TEST_ASSERT(ble_sm_num_procs() == 0);
2619
2620 if (params->sec_req.authreq != 0) {
2621 rc = ble_sm_slave_initiate(2);
2622 TEST_ASSERT(rc == 0);
2623
2624 /* Ensure we sent the expected security request. */
2625 ble_sm_test_util_verify_tx_sec_req(¶ms->sec_req);
2626 }
2627
2628 /* Receive a pair request from the peer. */
2629 ble_sm_test_util_rx_pair_req(2, peer_entity->pair_cmd, 0);
2630 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2631 TEST_ASSERT(ble_sm_num_procs() == 1);
2632 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2633
2634 /* Ensure we sent the expected pair response. */
2635 ble_sm_test_util_verify_tx_pair_rsp(our_entity->pair_cmd);
2636 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2637 TEST_ASSERT(ble_sm_num_procs() == 1);
2638 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2639
2640 /* Receive a public key from the peer. */
2641 ble_sm_test_util_rx_public_key(2, peer_entity->public_key);
2642 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2643 TEST_ASSERT(ble_sm_num_procs() == 1);
2644 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2645
2646 /* Ensure we sent the expected public key. */
2647 ble_sm_test_util_verify_tx_public_key(our_entity->public_key);
2648 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2649 TEST_ASSERT(ble_sm_num_procs() == 1);
2650 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2651
2652 switch (params->pair_alg) {
2653 case BLE_SM_PAIR_ALG_PASSKEY:
2654 num_iters = 20;
2655 break;
2656
2657 default:
2658 num_iters = 1;
2659 break;
2660 }
2661
2662 ble_sm_test_util_io_check_pre(¶ms->passkey_info,
2663 BLE_SM_PROC_STATE_CONFIRM);
2664
2665 for (i = 0; i < num_iters; i++) {
2666 if (params->pair_alg != BLE_SM_PAIR_ALG_JW &&
2667 params->pair_alg != BLE_SM_PAIR_ALG_NUMCMP) {
2668
2669 /* Receive a pair confirm from the peer. */
2670 ble_sm_test_util_rx_confirm(2, peer_entity->confirms + i);
2671 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2672 TEST_ASSERT(ble_sm_num_procs() == 1);
2673 ble_sm_test_util_io_inject_bad(
2674 2, params->passkey_info.passkey.action);
2675
2676 if (i < num_iters - 1) {
2677 ble_sm_dbg_set_next_pair_rand(
2678 our_entity->randoms[i + 1].value);
2679 }
2680 }
2681
2682 if (i == 0) {
2683 ble_sm_test_util_io_check_post(¶ms->passkey_info,
2684 BLE_SM_PROC_STATE_CONFIRM);
2685 }
2686
2687 /* Ensure we sent the expected pair confirm. */
2688 ble_sm_test_util_verify_tx_pair_confirm(our_entity->confirms + i);
2689 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2690 TEST_ASSERT(ble_sm_num_procs() == 1);
2691 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2692
2693 /* Receive a pair random from the peer. */
2694 ble_sm_test_util_rx_random(2, peer_entity->randoms + i, 0);
2695 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2696 TEST_ASSERT(ble_sm_num_procs() == 1);
2697 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2698
2699 /* Ensure we sent the expected pair random. */
2700 ble_sm_test_util_verify_tx_pair_random(our_entity->randoms + i);
2701 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2702 TEST_ASSERT(ble_sm_num_procs() == 1);
2703 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2704
2705 }
2706
2707 ble_sm_test_util_io_check_pre(¶ms->passkey_info,
2708 BLE_SM_PROC_STATE_DHKEY_CHECK);
2709
2710 /* Receive a dhkey check from the peer. */
2711 ble_sm_test_util_rx_dhkey_check(2, peer_entity->dhkey_check, 0);
2712 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2713 TEST_ASSERT(ble_sm_num_procs() == 1);
2714 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2715
2716 ble_sm_test_util_io_check_post(¶ms->passkey_info,
2717 BLE_SM_PROC_STATE_DHKEY_CHECK);
2718
2719 /* Ensure we sent the expected dhkey check. */
2720 ble_sm_test_util_verify_tx_dhkey_check(our_entity->dhkey_check);
2721 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2722 TEST_ASSERT(ble_sm_num_procs() == 1);
2723 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2724
2725 /* Receive a long term key request from the controller. */
2726 ble_sm_test_util_set_lt_key_req_reply_ack(0, 2);
2727 ble_sm_test_util_rx_lt_key_req(2, 0, 0);
2728 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2729 TEST_ASSERT(ble_sm_num_procs() == 1);
2730 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2731
2732 /* Ensure we sent the expected long term key request reply command. */
2733 ble_sm_test_util_verify_tx_lt_key_req_reply(2, params->ltk);
2734 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2735 TEST_ASSERT(ble_sm_num_procs() == 1);
2736 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2737
2738 /* Receive an encryption changed event. */
2739 ble_sm_test_util_rx_enc_change(2, 0, 1);
2740
2741 /* Verify key material gets sent to peer. */
2742 ble_sm_test_util_verify_tx_keys(params, 0);
2743
2744 /* Receive key material from peer. */
2745 ble_sm_test_util_rx_keys(params, 0);
2746
2747 /* Pairing should now be complete. */
2748 TEST_ASSERT(ble_sm_num_procs() == 0);
2749
2750 /* Verify that security callback was executed. */
2751 TEST_ASSERT(ble_sm_test_gap_event_type == BLE_GAP_EVENT_ENC_CHANGE);
2752 TEST_ASSERT(ble_sm_test_gap_status == 0);
2753 TEST_ASSERT(ble_sm_test_sec_state.encrypted);
2754 TEST_ASSERT(ble_sm_test_sec_state.authenticated ==
2755 params->authenticated);
2756
2757 /* Verify that connection has correct security state. */
2758 TEST_ASSERT(ble_sm_test_sec_state.encrypted ==
2759 conn->bhc_sec_state.encrypted);
2760 TEST_ASSERT(ble_sm_test_sec_state.authenticated ==
2761 conn->bhc_sec_state.authenticated);
2762
2763 /* Verify the appropriate security material was persisted. */
2764 ble_sm_test_util_verify_persist(params, 0);
2765
2766 ble_hs_test_util_conn_disconnect(2);
2767 }
2768
2769 static void
ble_sm_test_util_peer_sc_good_once(struct ble_sm_test_params * params)2770 ble_sm_test_util_peer_sc_good_once(struct ble_sm_test_params *params)
2771 {
2772 struct ble_sm_test_util_entity peer_entity;
2773 struct ble_sm_test_util_entity our_entity;
2774 struct ble_hs_conn *conn;
2775
2776 ble_sm_test_util_init_good(params, 0, &conn, &our_entity, &peer_entity);
2777 ble_sm_test_util_peer_sc_good_once_no_init(
2778 params, conn, &our_entity, &peer_entity);
2779 }
2780
2781 void
ble_sm_test_util_peer_sc_good(struct ble_sm_test_params * params)2782 ble_sm_test_util_peer_sc_good(struct ble_sm_test_params *params)
2783 {
2784 ble_addr_t peer_addr;
2785 int rc;
2786
2787 /*** Peer is master. */
2788
2789 /* Peer performs IO first; peer initiates pairing. */
2790 params->passkey_info.io_before_rx = 0;
2791 params->sec_req.authreq = 0;
2792 ble_sm_test_util_peer_sc_good_once(params);
2793
2794 /* Peer performs IO first; we initiate with security request. */
2795 params->passkey_info.io_before_rx = 0;
2796 params->sec_req.authreq = params->pair_req.authreq;
2797 ble_sm_test_util_peer_sc_good_once(params);
2798
2799 /* We perform IO first; peer initiates pairing. */
2800 params->passkey_info.io_before_rx = 1;
2801 params->sec_req.authreq = 0;
2802 ble_sm_test_util_peer_sc_good_once(params);
2803
2804 /* We perform IO first; we initiate with security request. */
2805 params->passkey_info.io_before_rx = 1;
2806 params->sec_req.authreq = params->pair_req.authreq;
2807 ble_sm_test_util_peer_sc_good_once(params);
2808
2809 /* Verify link can be restored via the encryption procedure. */
2810 ble_sm_test_util_bonding_all(params, 0);
2811
2812 /* Verify repeating pairing event generated when peer attempts to pair
2813 * while bonded.
2814 */
2815 ble_sm_test_util_repeat_pairing(params, 1);
2816
2817 /* Verify programmatic unbonding. */
2818 peer_addr.type = ble_hs_misc_addr_type_to_id(params->init_addr_type);
2819 memcpy(peer_addr.val, params->init_id_addr, sizeof peer_addr.val);
2820 rc = ble_store_util_delete_peer(&peer_addr);
2821 TEST_ASSERT(rc == 0);
2822
2823 TEST_ASSERT(ble_hs_test_util_num_our_secs() == 0);
2824 TEST_ASSERT(ble_hs_test_util_num_peer_secs() == 0);
2825 }
2826
2827 void
ble_sm_test_util_us_fail_inval(struct ble_sm_test_params * params)2828 ble_sm_test_util_us_fail_inval(struct ble_sm_test_params *params)
2829 {
2830 struct ble_hs_conn *conn;
2831 int rc;
2832
2833 ble_sm_test_util_init();
2834 ble_hs_id_set_pub(params->resp_id_addr);
2835
2836 ble_sm_dbg_set_next_pair_rand(((uint8_t[16]){0}));
2837
2838 ble_hs_test_util_create_conn(2, params->init_id_addr,
2839 ble_sm_test_util_conn_cb,
2840 NULL);
2841
2842 /* This test inspects and modifies the connection object after unlocking
2843 * the host mutex. It is not OK for real code to do this, but this test
2844 * can assume the connection list is unchanging.
2845 */
2846 ble_hs_lock();
2847 conn = ble_hs_conn_find(2);
2848 TEST_ASSERT_FATAL(conn != NULL);
2849 ble_hs_unlock();
2850
2851 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2852 TEST_ASSERT(ble_sm_num_procs() == 0);
2853
2854 /* Initiate the pairing procedure. */
2855 rc = ble_hs_test_util_security_initiate(2, 0);
2856 TEST_ASSERT_FATAL(rc == 0);
2857
2858 /* Ensure we sent the expected pair request. */
2859 ble_sm_test_util_verify_tx_pair_req(¶ms->pair_req);
2860 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2861 TEST_ASSERT(ble_sm_num_procs() == 1);
2862 ble_sm_test_util_io_inject_bad(2, params->passkey_info.passkey.action);
2863
2864 /* Receive a pair response from the peer. */
2865 ble_sm_test_util_rx_pair_rsp(
2866 2, ¶ms->pair_rsp, BLE_HS_SM_US_ERR(params->pair_fail.reason));
2867 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2868 TEST_ASSERT(ble_sm_num_procs() == 0);
2869
2870 /* Ensure we sent the expected pair fail. */
2871 ble_sm_test_util_verify_tx_pair_fail(¶ms->pair_fail);
2872 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2873 TEST_ASSERT(ble_sm_num_procs() == 0);
2874
2875 /* Verify that security callback was not executed. */
2876 TEST_ASSERT(ble_sm_test_gap_event_type == -1);
2877 TEST_ASSERT(ble_sm_test_gap_status == -1);
2878
2879 /* Verify that connection has correct security state. */
2880 TEST_ASSERT(!conn->bhc_sec_state.encrypted);
2881 TEST_ASSERT(!conn->bhc_sec_state.authenticated);
2882 }
2883
2884 static void
ble_sm_test_util_repeat_pairing(struct ble_sm_test_params * params,int sc)2885 ble_sm_test_util_repeat_pairing(struct ble_sm_test_params *params, int sc)
2886 {
2887 struct ble_sm_test_util_entity peer_entity;
2888 struct ble_sm_test_util_entity our_entity;
2889 struct ble_hs_conn *conn;
2890
2891 ble_sm_test_util_params_to_entities(params, 0, &our_entity, &peer_entity);
2892
2893 ble_sm_test_repeat_pairing.params = *params;
2894 ble_hs_id_set_pub(our_entity.id_addr);
2895 ble_sm_dbg_set_next_pair_rand(our_entity.randoms[0].value);
2896 ble_sm_dbg_set_next_ediv(our_entity.ediv);
2897 ble_sm_dbg_set_next_master_id_rand(our_entity.rand_num);
2898 ble_sm_dbg_set_next_ltk(our_entity.ltk);
2899 ble_hs_test_util_set_our_irk(our_entity.id_info->irk, 0, 0);
2900 ble_sm_dbg_set_next_csrk(our_entity.sign_info->sig_key);
2901
2902 ble_hs_test_util_create_rpa_conn(2, our_entity.addr_type, our_entity.rpa,
2903 peer_entity.addr_type,
2904 peer_entity.id_addr, peer_entity.rpa,
2905 BLE_HS_TEST_CONN_FEAT_ALL,
2906 ble_sm_test_util_conn_cb,
2907 NULL);
2908 ble_hs_lock();
2909 conn = ble_hs_conn_find(2);
2910 TEST_ASSERT_FATAL(conn != NULL);
2911 conn->bhc_flags &= ~BLE_HS_CONN_F_MASTER;
2912 ble_hs_unlock();
2913
2914 ble_hs_test_util_prev_tx_queue_clear();
2915
2916 /* First repeat pairing event: retry;
2917 * Second repeat pairing event: ignore.
2918 */
2919 ble_sm_test_repeat_pairing.rc = BLE_GAP_REPEAT_PAIRING_RETRY;
2920 ble_sm_test_repeat_pairing.next_rc = BLE_GAP_REPEAT_PAIRING_IGNORE;
2921
2922 /* Receive a pair request from the peer. */
2923 ble_sm_test_util_rx_pair_req(2, peer_entity.pair_cmd, BLE_HS_EALREADY);
2924
2925 /* Verify repeat pairing event got reported twice. */
2926 TEST_ASSERT(ble_sm_test_repeat_pairing.num_calls == 2);
2927
2928 /* Verify no pairing procedures in progress. */
2929 TEST_ASSERT(ble_sm_num_procs() == 0);
2930
2931 /* Verify no SM messages were sent. */
2932 TEST_ASSERT(ble_hs_test_util_prev_tx_dequeue() == NULL);
2933
2934 /*** Receive another pairing request. */
2935
2936 ble_sm_test_repeat_pairing.num_calls = 0;
2937
2938 /* First repeat pairing event: erase and retry. */
2939 ble_sm_test_repeat_pairing.rc = BLE_GAP_REPEAT_PAIRING_RETRY;
2940 ble_sm_test_repeat_pairing.erase_on_retry = 1;
2941
2942 ble_hs_lock();
2943 conn = ble_hs_conn_find(2);
2944 TEST_ASSERT_FATAL(conn != NULL);
2945 ble_hs_unlock();
2946
2947 /* Receive a pair request from the peer; verify pairing procedure completes
2948 * successfully.
2949 */
2950 if (!sc) {
2951 ble_sm_test_util_peer_lgcy_good_once_no_init(
2952 params, conn, &our_entity, &peer_entity);
2953 } else {
2954 ble_sm_test_util_peer_sc_good_once_no_init(
2955 params, conn, &our_entity, &peer_entity);
2956 }
2957
2958 /* Verify repeat pairing event got reported once. */
2959 TEST_ASSERT(ble_sm_test_repeat_pairing.num_calls == 1);
2960 }
2961