From 80e94cf4d05e14841b1900810a148d2a6eca4dd6 Mon Sep 17 00:00:00 2001
From: Martin Brabham <optedoblivion@google.com>
Date: Mon, 16 Nov 2020 18:01:43 -0800
Subject: [PATCH] SecurityTest: Create bond Out of Band

Bug: 162984360
Tag: #gd-refactor
Test: cert/run --host SecurityTest:test_successful_dut_initiated_ssp_oob
Change-Id: I18c58bc7d9a6f33363befd60d8089544fe060ee9
---
 gd/cert/py_security.py                             |  2 +
 gd/security/cert/cert_security.py                  |  4 +-
 gd/security/cert/security_test.py                  | 65 ++++++++++++++++++++++
 gd/security/pairing/classic_pairing_handler.cc     |  3 +-
 .../pairing/classic_pairing_handler_unittest.cc    |  6 +-
 5 files changed, 75 insertions(+), 5 deletions(-)

diff --git a/gd/cert/py_security.py b/gd/cert/py_security.py
index 3e023fbe7..d753a882f 100644
--- a/gd/cert/py_security.py
+++ b/gd/cert/py_security.py
@@ -31,6 +31,8 @@ from security.facade_pb2 import BondMsgType
 from security.facade_pb2 import SecurityPolicyMessage
 from security.facade_pb2 import IoCapabilities
 from security.facade_pb2 import IoCapabilityMessage
+from security.facade_pb2 import OobDataBondMessage
+from security.facade_pb2 import OobDataMessage
 from security.facade_pb2 import OobDataPresentMessage
 from security.facade_pb2 import UiCallbackMsg
 from security.facade_pb2 import UiCallbackType
diff --git a/gd/security/cert/cert_security.py b/gd/security/cert/cert_security.py
index 278822cdf..ef11082e3 100644
--- a/gd/security/cert/cert_security.py
+++ b/gd/security/cert/cert_security.py
@@ -138,7 +138,6 @@ class CertSecurity(PySecurity):
             :return: a tuple of bytes (192c,192r,256c,256r) with increasing security; bytes may be all 0s depending on pb_oob_data_type value
 
         """
-
         oob_data_type = self._oob_present_lookup[pb_oob_data_type]
 
         if (oob_data_type == hci_packets.OobDataPresent.NOT_PRESENT):
@@ -221,7 +220,8 @@ class CertSecurity(PySecurity):
         logging.info("Cert: Waiting for controller response")
         assertThat(self._hci_event_stream).emits(
             HciMatchers.CommandComplete(hci_packets.OpCode.WRITE_SECURE_CONNECTIONS_HOST_SUPPORT))
-        self._secure_connections_enabled = True
+        # TODO(optedoblivion): Figure this out and remove (see classic_pairing_handler.cc)
+        #self._secure_connections_enabled = True
 
     def accept_pairing(self, dut_address, reply_boolean):
         """
diff --git a/gd/security/cert/security_test.py b/gd/security/cert/security_test.py
index 06aad24a9..b9945263e 100644
--- a/gd/security/cert/security_test.py
+++ b/gd/security/cert/security_test.py
@@ -137,6 +137,27 @@ class SecurityTest(GdBaseTestClass):
         initiator.wait_for_bond_event(expected_init_bond_event)
         responder.wait_for_bond_event(expected_resp_bond_event)
 
+    def _run_ssp_oob(self, initiator, responder, init_ui_response, resp_ui_response, expected_init_ui_event,
+                     expected_resp_ui_event, expected_init_bond_event, expected_resp_bond_event, p192_oob_data,
+                     p256_oob_data):
+        initiator.enable_secure_simple_pairing()
+        responder.enable_secure_simple_pairing()
+        initiator.create_bond_out_of_band(responder.get_address(),
+                                          common.BluetoothAddressTypeEnum.PUBLIC_DEVICE_ADDRESS, p192_oob_data,
+                                          p256_oob_data)
+        self._verify_ssp_oob(initiator, responder, init_ui_response, resp_ui_response, expected_init_ui_event,
+                             expected_resp_ui_event, expected_init_bond_event, expected_resp_bond_event, p192_oob_data,
+                             p256_oob_data)
+
+    # Verifies the events for the numeric comparion test
+    def _verify_ssp_oob(self, initiator, responder, init_ui_response, resp_ui_response, expected_init_ui_event,
+                        expected_resp_ui_event, expected_init_bond_event, expected_resp_bond_event, p192_oob_data,
+                        p256_oob_data):
+        responder.accept_oob_pairing(initiator.get_address())
+        initiator.on_user_input(responder.get_address(), init_ui_response, expected_init_ui_event)
+        initiator.wait_for_bond_event(expected_init_bond_event)
+        responder.wait_for_bond_event(expected_resp_bond_event)
+
     def test_setup_teardown(self):
         """
             Make sure our setup and teardown is sane
@@ -388,3 +409,47 @@ class SecurityTest(GdBaseTestClass):
         assertThat(has192R).isTrue()
         assertThat(has256C).isTrue()
         assertThat(has256R).isTrue()
+
+    def test_successful_dut_initiated_ssp_oob(self):
+        dut_io_capability = IoCapabilities.NO_INPUT_NO_OUTPUT
+        cert_io_capability = IoCapabilities.NO_INPUT_NO_OUTPUT
+        dut_auth_reqs = AuthenticationRequirements.DEDICATED_BONDING_MITM_PROTECTION
+        cert_auth_reqs = AuthenticationRequirements.DEDICATED_BONDING_MITM_PROTECTION
+        cert_oob_present = OobDataPresent.P192_PRESENT
+        self.dut_security.enable_secure_simple_pairing()
+        self.dut_security.enable_secure_connections()
+        self.cert_security.enable_secure_simple_pairing()
+        self.cert_security.enable_secure_connections()
+        self.dut_security.set_io_capabilities(dut_io_capability)
+        self.dut_security.set_authentication_requirements(dut_auth_reqs)
+        self.cert_security.set_io_capabilities(cert_io_capability)
+        self.cert_security.set_authentication_requirements(cert_auth_reqs)
+        init_ui_response = True
+        resp_ui_response = True
+        expected_init_ui_event = None  # None is auto accept
+        expected_resp_ui_event = None  # None is auto accept
+        expected_init_bond_event = BondMsgType.DEVICE_BONDED
+        expected_resp_bond_event = None
+        # get_oob_data returns a tuple of bytes (p192c,p192r,p256c,p256r)
+        local_oob_data = self.cert_security.get_oob_data_from_controller(cert_oob_present)
+        p192_oob_data = local_oob_data[0:2]
+        p256_oob_data = local_oob_data[2:4]
+        self._run_ssp_oob(
+            initiator=self.dut_security,
+            responder=self.cert_security,
+            init_ui_response=init_ui_response,
+            resp_ui_response=resp_ui_response,
+            expected_init_ui_event=expected_init_ui_event,
+            expected_resp_ui_event=expected_resp_ui_event,
+            expected_init_bond_event=expected_init_bond_event,
+            expected_resp_bond_event=expected_resp_bond_event,
+            p192_oob_data=p192_oob_data,
+            p256_oob_data=p256_oob_data)
+        self.dut_security.remove_bond(self.cert_security.get_address(),
+                                      common.BluetoothAddressTypeEnum.PUBLIC_DEVICE_ADDRESS)
+        self.cert_security.remove_bond(self.dut_security.get_address(),
+                                       common.BluetoothAddressTypeEnum.PUBLIC_DEVICE_ADDRESS)
+        self.dut_security.wait_for_bond_event(BondMsgType.DEVICE_UNBONDED)
+        self.cert_security.wait_for_bond_event(BondMsgType.DEVICE_UNBONDED)
+        self.dut_security.wait_for_disconnect_event()
+        self.cert_security.wait_for_disconnect_event()
diff --git a/gd/security/pairing/classic_pairing_handler.cc b/gd/security/pairing/classic_pairing_handler.cc
index 1dd64791c..a01b308c3 100644
--- a/gd/security/pairing/classic_pairing_handler.cc
+++ b/gd/security/pairing/classic_pairing_handler.cc
@@ -308,6 +308,8 @@ void ClassicPairingHandler::OnReceive(hci::RemoteOobDataRequestView packet) {
       break;
     case hci::OobDataPresent::P_192_PRESENT:
       LOG_INFO("P192 Present");
+      // TODO(optedoblivion): Figure this out and remove
+      secure_connections_enabled_ = false;
       if (secure_connections_enabled_) {
         GetChannel()->SendCommand(hci::RemoteOobExtendedDataRequestReplyBuilder::Create(
             GetRecord()->GetPseudoAddress()->GetAddress(),
@@ -340,7 +342,6 @@ void ClassicPairingHandler::OnReceive(hci::RemoteOobDataRequestView packet) {
           this->remote_p256_oob_data_.GetC(),
           this->remote_p256_oob_data_.GetR()));
       break;
-      break;
   }
 }
 
diff --git a/gd/security/pairing/classic_pairing_handler_unittest.cc b/gd/security/pairing/classic_pairing_handler_unittest.cc
index 6103c76e6..19a71af9f 100644
--- a/gd/security/pairing/classic_pairing_handler_unittest.cc
+++ b/gd/security/pairing/classic_pairing_handler_unittest.cc
@@ -655,9 +655,11 @@ TEST_F(ClassicPairingHandlerTest, locally_initiatied_no_input_no_output_no_input
   // At this point the pairing handler thinks it has NOT_PRESENT
   ReceiveOobDataRequest(device_);
   security_command_view = GetLastCommand(hci_layer_);
-  auto oob_data_req_reply = hci::RemoteOobExtendedDataRequestReplyView::Create(security_command_view);
+  // NOTE(optedoblivion): Extended data is manually disabled in the pairing handler
+  // since the controller doesn't seem to currently have support.
+  auto oob_data_req_reply = hci::RemoteOobDataRequestReplyView::Create(security_command_view);
   ASSERT_TRUE(oob_data_req_reply.IsValid());
-  ASSERT_EQ(OpCode::REMOTE_OOB_EXTENDED_DATA_REQUEST_REPLY, oob_data_req_reply.GetOpCode());
+  ASSERT_EQ(OpCode::REMOTE_OOB_DATA_REQUEST_REPLY, oob_data_req_reply.GetOpCode());
   ReceiveSimplePairingComplete(hci::ErrorCode::SUCCESS, device_);
   std::array<uint8_t, 16> link_key = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5};
   hci::KeyType key_type = hci::KeyType::DEBUG_COMBINATION;
-- 
2.11.0