1 // Copyright 2023 The Pigweed Authors
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License"); you may not
4 // use this file except in compliance with the License. You may obtain a copy of
5 // the License at
6 //
7 // https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11 // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12 // License for the specific language governing permissions and limitations under
13 // the License.
14
15 #include "pw_bluetooth_sapphire/internal/host/att/permissions.h"
16
17 #include "pw_unit_test/framework.h"
18
19 namespace bt::att {
20 namespace {
21
22 const AccessRequirements kDisallowed;
23 const AccessRequirements kNoSecurityReq(/*encryption=*/false,
24 /*authentication=*/false,
25 /*authorization=*/false);
26 const AccessRequirements kEncryptionReq(/*encryption=*/true,
27 /*authentication=*/false,
28 /*authorization=*/false);
29 const AccessRequirements kEncryptionWithMinKeySizeReq(/*encryption=*/true,
30 /*authentication=*/false,
31 /*authorization=*/false,
32 7);
33 const AccessRequirements kAuthenticationReq(/*encryption=*/false,
34 /*authentication=*/true,
35 /*authorization=*/false);
36 const AccessRequirements kAuthorizationReq(/*encryption=*/false,
37 /*authentication=*/false,
38 /*authorization=*/true);
39 const AccessRequirements kAuthorizationWithMinKeySizeReq(
40 /*encryption=*/false,
41 /*authentication=*/false,
42 /*authorization=*/true,
43 7);
44
45 const sm::SecurityProperties kNoSecurity(sm::SecurityLevel::kNoSecurity,
46 16,
47 /*secure_connections=*/false);
48 const sm::SecurityProperties kEncrypted(sm::SecurityLevel::kEncrypted,
49 16,
50 /*secure_connections=*/false);
51 const sm::SecurityProperties kEncryptedWithMinKeySize(
52 sm::SecurityLevel::kEncrypted,
53 7,
54 /*secure_connections=*/false);
55 const sm::SecurityProperties kAuthenticated(sm::SecurityLevel::kAuthenticated,
56 16,
57 /*secure_connections=*/false);
58 const sm::SecurityProperties kAuthenticatedWithMinKeySize(
59 sm::SecurityLevel::kAuthenticated,
60 7,
61 /*secure_connections=*/false);
62
TEST(PermissionsTest,ReadNotPermittedWhenDisallowed)63 TEST(PermissionsTest, ReadNotPermittedWhenDisallowed) {
64 EXPECT_EQ(ErrorCode::kReadNotPermitted,
65 CheckReadPermissions(kDisallowed, kNoSecurity).error_value());
66 EXPECT_EQ(ErrorCode::kReadNotPermitted,
67 CheckReadPermissions(kDisallowed, kEncrypted).error_value());
68 EXPECT_EQ(ErrorCode::kReadNotPermitted,
69 CheckReadPermissions(kDisallowed, kAuthenticated).error_value());
70 }
71
TEST(PermissionsTest,WriteNotPermittedWhenDisallowed)72 TEST(PermissionsTest, WriteNotPermittedWhenDisallowed) {
73 EXPECT_EQ(ErrorCode::kWriteNotPermitted,
74 CheckWritePermissions(kDisallowed, kNoSecurity).error_value());
75 EXPECT_EQ(ErrorCode::kWriteNotPermitted,
76 CheckWritePermissions(kDisallowed, kEncrypted).error_value());
77 EXPECT_EQ(ErrorCode::kWriteNotPermitted,
78 CheckWritePermissions(kDisallowed, kAuthenticated).error_value());
79 }
80
TEST(PermissionsTest,LinkNotSecure)81 TEST(PermissionsTest, LinkNotSecure) {
82 EXPECT_EQ(fit::ok(), CheckReadPermissions(kNoSecurityReq, kNoSecurity));
83 EXPECT_EQ(fit::ok(), CheckWritePermissions(kNoSecurityReq, kNoSecurity));
84
85 EXPECT_EQ(ErrorCode::kInsufficientAuthentication,
86 CheckReadPermissions(kEncryptionReq, kNoSecurity).error_value());
87 EXPECT_EQ(ErrorCode::kInsufficientAuthentication,
88 CheckWritePermissions(kEncryptionReq, kNoSecurity).error_value());
89
90 EXPECT_EQ(
91 ErrorCode::kInsufficientAuthentication,
92 CheckReadPermissions(kAuthenticationReq, kNoSecurity).error_value());
93 EXPECT_EQ(
94 ErrorCode::kInsufficientAuthentication,
95 CheckWritePermissions(kAuthenticationReq, kNoSecurity).error_value());
96
97 EXPECT_EQ(ErrorCode::kInsufficientAuthentication,
98 CheckReadPermissions(kAuthorizationReq, kNoSecurity).error_value());
99 EXPECT_EQ(
100 ErrorCode::kInsufficientAuthentication,
101 CheckWritePermissions(kAuthorizationReq, kNoSecurity).error_value());
102 }
103
TEST(PermissionsTest,LinkEncrypted)104 TEST(PermissionsTest, LinkEncrypted) {
105 EXPECT_EQ(fit::ok(), CheckReadPermissions(kNoSecurityReq, kEncrypted));
106 EXPECT_EQ(fit::ok(), CheckWritePermissions(kNoSecurityReq, kEncrypted));
107
108 EXPECT_EQ(fit::ok(), CheckReadPermissions(kEncryptionReq, kEncrypted));
109 EXPECT_EQ(fit::ok(), CheckWritePermissions(kEncryptionReq, kEncrypted));
110
111 EXPECT_EQ(ErrorCode::kInsufficientAuthentication,
112 CheckReadPermissions(kAuthenticationReq, kEncrypted).error_value());
113 EXPECT_EQ(
114 ErrorCode::kInsufficientAuthentication,
115 CheckWritePermissions(kAuthenticationReq, kEncrypted).error_value());
116
117 EXPECT_EQ(ErrorCode::kInsufficientAuthentication,
118 CheckReadPermissions(kAuthorizationReq, kEncrypted).error_value());
119 EXPECT_EQ(ErrorCode::kInsufficientAuthentication,
120 CheckWritePermissions(kAuthorizationReq, kEncrypted).error_value());
121
122 EXPECT_EQ(fit::ok(),
123 CheckReadPermissions(kEncryptionWithMinKeySizeReq,
124 kEncryptedWithMinKeySize));
125 EXPECT_EQ(fit::ok(),
126 CheckWritePermissions(kEncryptionWithMinKeySizeReq,
127 kEncryptedWithMinKeySize));
128
129 EXPECT_EQ(ErrorCode::kInsufficientEncryptionKeySize,
130 CheckReadPermissions(kEncryptionReq, kEncryptedWithMinKeySize)
131 .error_value());
132 EXPECT_EQ(ErrorCode::kInsufficientEncryptionKeySize,
133 CheckWritePermissions(kEncryptionReq, kEncryptedWithMinKeySize)
134 .error_value());
135 }
136
TEST(PermissionsTest,LinkAuthenticated)137 TEST(PermissionsTest, LinkAuthenticated) {
138 EXPECT_EQ(fit::ok(), CheckReadPermissions(kNoSecurityReq, kAuthenticated));
139 EXPECT_EQ(fit::ok(), CheckWritePermissions(kNoSecurityReq, kAuthenticated));
140
141 EXPECT_EQ(fit::ok(), CheckReadPermissions(kEncryptionReq, kAuthenticated));
142 EXPECT_EQ(fit::ok(), CheckWritePermissions(kEncryptionReq, kAuthenticated));
143
144 EXPECT_EQ(fit::ok(),
145 CheckReadPermissions(kAuthenticationReq, kAuthenticated));
146 EXPECT_EQ(fit::ok(),
147 CheckWritePermissions(kAuthenticationReq, kAuthenticated));
148
149 EXPECT_EQ(fit::ok(), CheckReadPermissions(kAuthorizationReq, kAuthenticated));
150 EXPECT_EQ(fit::ok(),
151 CheckWritePermissions(kAuthorizationReq, kAuthenticated));
152
153 EXPECT_EQ(ErrorCode::kInsufficientEncryptionKeySize,
154 CheckReadPermissions(kEncryptionReq, kAuthenticatedWithMinKeySize)
155 .error_value());
156 EXPECT_EQ(ErrorCode::kInsufficientEncryptionKeySize,
157 CheckWritePermissions(kEncryptionReq, kAuthenticatedWithMinKeySize)
158 .error_value());
159 }
160
161 } // namespace
162 } // namespace bt::att
163