SecurityTest: Create bond Out of Band

author Martin Brabham <optedoblivion@google.com>

Tue, 17 Nov 2020 02:01:43 +0000 (18:01 -0800)

committer Martin Brabham <optedoblivion@google.com>

Fri, 20 Nov 2020 17:32:06 +0000 (09:32 -0800)
author Martin Brabham <optedoblivion@google.com>
Tue, 17 Nov 2020 02:01:43 +0000 (18:01 -0800)
committer Martin Brabham <optedoblivion@google.com>
Fri, 20 Nov 2020 17:32:06 +0000 (09:32 -0800)
diff --git a/gd/cert/py_security.py b/gd/cert/py_security.py

index 3e023fb..d753a88 100644 (file)
--- a/gd/cert/py_security.py
+++ b/gd/cert/py_security.py
@@ -31,6 +31,8 @@ from security.facade_pb2 import BondMsgType
  from security.facade_pb2 import SecurityPolicyMessage
  from security.facade_pb2 import IoCapabilities
  from security.facade_pb2 import IoCapabilityMessage
+from security.facade_pb2 import OobDataBondMessage
+from security.facade_pb2 import OobDataMessage
  from security.facade_pb2 import OobDataPresentMessage
  from security.facade_pb2 import UiCallbackMsg
  from security.facade_pb2 import UiCallbackType
diff --git a/gd/security/cert/cert_security.py b/gd/security/cert/cert_security.py

index 278822c..ef11082 100644 (file)
--- a/gd/security/cert/cert_security.py
+++ b/gd/security/cert/cert_security.py
@@ -138,7 +138,6 @@ class CertSecurity(PySecurity):
              :return: a tuple of bytes (192c,192r,256c,256r) with increasing security; bytes may be all 0s depending on pb_oob_data_type value
  
          """
-
          oob_data_type = self._oob_present_lookup[pb_oob_data_type]
  
          if (oob_data_type == hci_packets.OobDataPresent.NOT_PRESENT):
@@ -221,7 +220,8 @@ class CertSecurity(PySecurity):
          logging.info("Cert: Waiting for controller response")
          assertThat(self._hci_event_stream).emits(
              HciMatchers.CommandComplete(hci_packets.OpCode.WRITE_SECURE_CONNECTIONS_HOST_SUPPORT))
-        self._secure_connections_enabled = True
+        # TODO(optedoblivion): Figure this out and remove (see classic_pairing_handler.cc)
+        #self._secure_connections_enabled = True
  
      def accept_pairing(self, dut_address, reply_boolean):
          """
diff --git a/gd/security/cert/security_test.py b/gd/security/cert/security_test.py

index 06aad24..b994526 100644 (file)
--- a/gd/security/cert/security_test.py
+++ b/gd/security/cert/security_test.py
@@ -137,6 +137,27 @@ class SecurityTest(GdBaseTestClass):
          initiator.wait_for_bond_event(expected_init_bond_event)
          responder.wait_for_bond_event(expected_resp_bond_event)
  
+    def _run_ssp_oob(self, initiator, responder, init_ui_response, resp_ui_response, expected_init_ui_event,
+                     expected_resp_ui_event, expected_init_bond_event, expected_resp_bond_event, p192_oob_data,
+                     p256_oob_data):
+        initiator.enable_secure_simple_pairing()
+        responder.enable_secure_simple_pairing()
+        initiator.create_bond_out_of_band(responder.get_address(),
+                                          common.BluetoothAddressTypeEnum.PUBLIC_DEVICE_ADDRESS, p192_oob_data,
+                                          p256_oob_data)
+        self._verify_ssp_oob(initiator, responder, init_ui_response, resp_ui_response, expected_init_ui_event,
+                             expected_resp_ui_event, expected_init_bond_event, expected_resp_bond_event, p192_oob_data,
+                             p256_oob_data)
+
+    # Verifies the events for the numeric comparion test
+    def _verify_ssp_oob(self, initiator, responder, init_ui_response, resp_ui_response, expected_init_ui_event,
+                        expected_resp_ui_event, expected_init_bond_event, expected_resp_bond_event, p192_oob_data,
+                        p256_oob_data):
+        responder.accept_oob_pairing(initiator.get_address())
+        initiator.on_user_input(responder.get_address(), init_ui_response, expected_init_ui_event)
+        initiator.wait_for_bond_event(expected_init_bond_event)
+        responder.wait_for_bond_event(expected_resp_bond_event)
+
      def test_setup_teardown(self):
          """
              Make sure our setup and teardown is sane
@@ -388,3 +409,47 @@ class SecurityTest(GdBaseTestClass):
          assertThat(has192R).isTrue()
          assertThat(has256C).isTrue()
          assertThat(has256R).isTrue()
+
+    def test_successful_dut_initiated_ssp_oob(self):
+        dut_io_capability = IoCapabilities.NO_INPUT_NO_OUTPUT
+        cert_io_capability = IoCapabilities.NO_INPUT_NO_OUTPUT
+        dut_auth_reqs = AuthenticationRequirements.DEDICATED_BONDING_MITM_PROTECTION
+        cert_auth_reqs = AuthenticationRequirements.DEDICATED_BONDING_MITM_PROTECTION
+        cert_oob_present = OobDataPresent.P192_PRESENT
+        self.dut_security.enable_secure_simple_pairing()
+        self.dut_security.enable_secure_connections()
+        self.cert_security.enable_secure_simple_pairing()
+        self.cert_security.enable_secure_connections()
+        self.dut_security.set_io_capabilities(dut_io_capability)
+        self.dut_security.set_authentication_requirements(dut_auth_reqs)
+        self.cert_security.set_io_capabilities(cert_io_capability)
+        self.cert_security.set_authentication_requirements(cert_auth_reqs)
+        init_ui_response = True
+        resp_ui_response = True
+        expected_init_ui_event = None  # None is auto accept
+        expected_resp_ui_event = None  # None is auto accept
+        expected_init_bond_event = BondMsgType.DEVICE_BONDED
+        expected_resp_bond_event = None
+        # get_oob_data returns a tuple of bytes (p192c,p192r,p256c,p256r)
+        local_oob_data = self.cert_security.get_oob_data_from_controller(cert_oob_present)
+        p192_oob_data = local_oob_data[0:2]
+        p256_oob_data = local_oob_data[2:4]
+        self._run_ssp_oob(
+            initiator=self.dut_security,
+            responder=self.cert_security,
+            init_ui_response=init_ui_response,
+            resp_ui_response=resp_ui_response,
+            expected_init_ui_event=expected_init_ui_event,
+            expected_resp_ui_event=expected_resp_ui_event,
+            expected_init_bond_event=expected_init_bond_event,
+            expected_resp_bond_event=expected_resp_bond_event,
+            p192_oob_data=p192_oob_data,
+            p256_oob_data=p256_oob_data)
+        self.dut_security.remove_bond(self.cert_security.get_address(),
+                                      common.BluetoothAddressTypeEnum.PUBLIC_DEVICE_ADDRESS)
+        self.cert_security.remove_bond(self.dut_security.get_address(),
+                                       common.BluetoothAddressTypeEnum.PUBLIC_DEVICE_ADDRESS)
+        self.dut_security.wait_for_bond_event(BondMsgType.DEVICE_UNBONDED)
+        self.cert_security.wait_for_bond_event(BondMsgType.DEVICE_UNBONDED)
+        self.dut_security.wait_for_disconnect_event()
+        self.cert_security.wait_for_disconnect_event()
diff --git a/gd/security/pairing/classic_pairing_handler.cc b/gd/security/pairing/classic_pairing_handler.cc

index 1dd6479..a01b308 100644 (file)
--- a/gd/security/pairing/classic_pairing_handler.cc
+++ b/gd/security/pairing/classic_pairing_handler.cc
@@ -308,6 +308,8 @@ void ClassicPairingHandler::OnReceive(hci::RemoteOobDataRequestView packet) {
        break;
      case hci::OobDataPresent::P_192_PRESENT:
        LOG_INFO("P192 Present");
+      // TODO(optedoblivion): Figure this out and remove
+      secure_connections_enabled_ = false;
        if (secure_connections_enabled_) {
          GetChannel()->SendCommand(hci::RemoteOobExtendedDataRequestReplyBuilder::Create(
              GetRecord()->GetPseudoAddress()->GetAddress(),
@@ -340,7 +342,6 @@ void ClassicPairingHandler::OnReceive(hci::RemoteOobDataRequestView packet) {
            this->remote_p256_oob_data_.GetC(),
            this->remote_p256_oob_data_.GetR()));
        break;
-      break;
    }
  }
  
diff --git a/gd/security/pairing/classic_pairing_handler_unittest.cc b/gd/security/pairing/classic_pairing_handler_unittest.cc

index 6103c76..19a71af 100644 (file)
--- a/gd/security/pairing/classic_pairing_handler_unittest.cc
+++ b/gd/security/pairing/classic_pairing_handler_unittest.cc
@@ -655,9 +655,11 @@ TEST_F(ClassicPairingHandlerTest, locally_initiatied_no_input_no_output_no_input
    // At this point the pairing handler thinks it has NOT_PRESENT
    ReceiveOobDataRequest(device_);
    security_command_view = GetLastCommand(hci_layer_);
-  auto oob_data_req_reply = hci::RemoteOobExtendedDataRequestReplyView::Create(security_command_view);
+  // NOTE(optedoblivion): Extended data is manually disabled in the pairing handler
+  // since the controller doesn't seem to currently have support.
+  auto oob_data_req_reply = hci::RemoteOobDataRequestReplyView::Create(security_command_view);
    ASSERT_TRUE(oob_data_req_reply.IsValid());
-  ASSERT_EQ(OpCode::REMOTE_OOB_EXTENDED_DATA_REQUEST_REPLY, oob_data_req_reply.GetOpCode());
+  ASSERT_EQ(OpCode::REMOTE_OOB_DATA_REQUEST_REPLY, oob_data_req_reply.GetOpCode());
    ReceiveSimplePairingComplete(hci::ErrorCode::SUCCESS, device_);
    std::array<uint8_t, 16> link_key = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5};
    hci::KeyType key_type = hci::KeyType::DEBUG_COMBINATION;
author	Martin Brabham <optedoblivion@google.com>
	Tue, 17 Nov 2020 02:01:43 +0000 (18:01 -0800)
committer	Martin Brabham <optedoblivion@google.com>
	Fri, 20 Nov 2020 17:32:06 +0000 (09:32 -0800)
gd/cert/py_security.py		patch \| blob \| history
gd/security/cert/cert_security.py		patch \| blob \| history
gd/security/cert/security_test.py		patch \| blob \| history
gd/security/pairing/classic_pairing_handler.cc		patch \| blob \| history
gd/security/pairing/classic_pairing_handler_unittest.cc		patch \| blob \| history