1 /****************************************************************************** 2 * 3 * Copyright 2016 The Android Open Source Project 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 #include <stdarg.h> 19 20 #include <gmock/gmock.h> 21 #include <gtest/gtest.h> 22 23 #include "bt_trace.h" 24 #include "hcidefs.h" 25 #include "stack/include/smp_api.h" 26 #include "stack/smp/p_256_ecc_pp.h" 27 #include "stack/smp/smp_int.h" 28 29 /* 30 * This test verifies various key distribution methods in SMP works using the 31 * following parameter set: 32 * 33 * When testing target as Master (Initiator is local, Responder is remote) 34 * 35 * Initiator's Pairing Request: 0x070710000001(01) 36 * Responder's Pairing Response: 0x050008000003(02) 37 * Initiator's Bluetooth Address: 0xA1A2A3A4A5A6 38 * Initiator's Bluetooth Address Type: 0x01 39 * Responder's Bluetooth Address: 0xB1B2B3B4B5B6 40 * Responder's Bluetooth Address Type: 0x00 41 * Initiator's Random Number: 0x5783D52156AD6F0E6388274EC6702EE0 42 * TK Encryption Key: 0x0 43 * 44 * Correct values: 45 * 46 * p1: 0x05000800000302070710000001010001 47 * p1 XOR r: 0x5283dd2156ae6d096498274ec7712ee1 48 * p1 prime: 0x02c7aa2a9857ac866ff91232df0e3c95 49 * p2: 0x00000000a1a2a3a4a5a6b1b2b3b4b5b6 50 * MConfirm (c1): 0x1e1e3fef878988ead2a74dc5bef13b86 51 * 52 * NOTE: All these values are presented in mathematical reasonable canonical 53 * form that has MSB on the left and LSB on the right. In Bluetooth packets, 54 * they are mostly reversed to be Little Endian which have LSB on the left and 55 * MSB on the right. 56 */ 57 58 // Set remote bda to 0xB1B2B3B4B5B6 59 bool BTM_ReadRemoteConnectionAddr(const RawAddress& pseudo_addr, 60 RawAddress& conn_addr, 61 tBLE_ADDR_TYPE* p_addr_type) { 62 conn_addr = RawAddress({0xB1, 0xB2, 0xB3, 0xB4, 0xB5, 0xB6}); 63 *p_addr_type = 0x00; 64 return true; 65 } 66 67 // Set local_bda to 0xA1A2A3A4A5A6 68 void BTM_ReadConnectionAddr(const RawAddress& remote_bda, 69 RawAddress& local_conn_addr, 70 tBLE_ADDR_TYPE* p_addr_type) { 71 local_conn_addr = RawAddress({0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6}); 72 *p_addr_type = 0x01; 73 } 74 75 // Require bte_logmsg.cc to run, here is just to fake it as we don't care about 76 // trace in unit test 77 void LogMsg(uint32_t trace_set_mask, const char* fmt_str, ...) { 78 va_list args; 79 va_start(args, fmt_str); 80 vprintf(fmt_str, args); 81 va_end(args); 82 } 83 84 extern void smp_gen_p1_4_confirm(tSMP_CB* p_cb, 85 tBLE_ADDR_TYPE remote_bd_addr_type, 86 BT_OCTET16 p1); 87 88 extern void smp_gen_p2_4_confirm(tSMP_CB* p_cb, const RawAddress& remote_bda, 89 BT_OCTET16 p2); 90 91 extern tSMP_STATUS smp_calculate_comfirm(tSMP_CB* p_cb, BT_OCTET16 rand, 92 tSMP_ENC* output); 93 94 namespace testing { 95 96 void dump_uint128(BT_OCTET16 a, char* buffer) { 97 for (unsigned int i = 0; i < sizeof(BT_OCTET16); ++i) { 98 snprintf(buffer, 3, "%02x", a[i]); 99 buffer += 2; 100 } 101 *buffer = '\0'; 102 } 103 104 void dump_uint128_reverse(BT_OCTET16 a, char* buffer) { 105 for (int i = (int)(sizeof(BT_OCTET16) - 1); i >= 0; --i) { 106 snprintf(buffer, 3, "%02x", a[i]); 107 buffer += 2; 108 } 109 *buffer = '\0'; 110 } 111 112 void print_uint128(BT_OCTET16 a) { 113 for (unsigned int i = 0; i < sizeof(BT_OCTET16); ++i) { 114 printf("%02x", a[i]); 115 } 116 printf("\n"); 117 } 118 119 void parse_uint128(const char* input, BT_OCTET16 output) { 120 memset(output, 0, sizeof(BT_OCTET16)); 121 for (unsigned int count = 0; count < sizeof(BT_OCTET16); count++) { 122 sscanf(input, "%2hhx", &output[count]); 123 input += 2; 124 } 125 } 126 127 void reverse_array_inplace(BT_OCTET16 a) { 128 uint8_t tmp; 129 uint8_t* a_end = a + sizeof(BT_OCTET16) - 1; 130 while (a_end > a) { 131 tmp = *a_end; 132 *a_end = *a; 133 *a = tmp; 134 ++a; 135 --a_end; 136 } 137 } 138 139 class SmpCalculateConfirmTest : public Test { 140 protected: 141 tSMP_CB p_cb_; 142 // Set random to 0x5783D52156AD6F0E6388274EC6702EE0 143 BT_OCTET16 rand_ = {0x57, 0x83, 0xD5, 0x21, 0x56, 0xAD, 0x6F, 0x0E, 144 0x63, 0x88, 0x27, 0x4E, 0xC6, 0x70, 0x2E, 0xE0}; 145 146 void SetUp() { 147 memset(p_cb_.tk, 0, sizeof(p_cb_.tk)); 148 // Set pairing request packet to 0x070710000001(01) 149 p_cb_.local_io_capability = 0x01; 150 p_cb_.loc_oob_flag = 0x00; 151 p_cb_.loc_auth_req = 0x00; 152 p_cb_.loc_enc_size = 0x10; 153 p_cb_.local_i_key = 0x07; 154 p_cb_.local_r_key = 0x07; 155 // Set pairing response packet to 0x050008000003(02) 156 p_cb_.peer_io_caps = 0x03; 157 p_cb_.peer_oob_flag = 0x00; 158 p_cb_.peer_auth_req = 0x00; 159 p_cb_.peer_enc_size = 0x08; 160 p_cb_.peer_i_key = 0x00; 161 p_cb_.peer_r_key = 0x05; 162 // Set role to master 163 p_cb_.role = HCI_ROLE_MASTER; 164 reverse_array_inplace(rand_); 165 } 166 void TearDown() {} 167 168 public: 169 }; 170 171 // Test smp_gen_p2_4_confirm function implementation 172 TEST_F(SmpCalculateConfirmTest, test_smp_gen_p2_4_confirm_as_master) { 173 BT_OCTET16 p2; 174 RawAddress remote_bda; 175 tBLE_ADDR_TYPE remote_bd_addr_type = 0; 176 BTM_ReadRemoteConnectionAddr(p_cb_.pairing_bda, remote_bda, 177 &remote_bd_addr_type); 178 BTM_ReadConnectionAddr(p_cb_.pairing_bda, p_cb_.local_bda, &p_cb_.addr_type); 179 smp_gen_p2_4_confirm(&p_cb_, remote_bda, p2); 180 // Correct p2 is 0x00000000a1a2a3a4a5a6b1b2b3b4b5b6 181 const char expected_p2_str[] = "00000000a1a2a3a4a5a6b1b2b3b4b5b6"; 182 char p2_str[2 * sizeof(BT_OCTET16) + 1]; 183 dump_uint128_reverse(p2, p2_str); 184 ASSERT_THAT(p2_str, StrEq(expected_p2_str)); 185 } 186 187 // Test smp_gen_p1_4_confirm and SMP_Encrypt function implementation 188 TEST_F(SmpCalculateConfirmTest, test_SMP_Encrypt_as_master) { 189 BT_OCTET16 p1; 190 RawAddress remote_bda; 191 tBLE_ADDR_TYPE remote_bd_addr_type = 0; 192 BTM_ReadRemoteConnectionAddr(p_cb_.pairing_bda, remote_bda, 193 &remote_bd_addr_type); 194 BTM_ReadConnectionAddr(p_cb_.pairing_bda, p_cb_.local_bda, &p_cb_.addr_type); 195 smp_gen_p1_4_confirm(&p_cb_, remote_bd_addr_type, p1); 196 // Correct p1 is 0x05000800000302070710000001010001 197 const char expected_p1_str[] = "05000800000302070710000001010001"; 198 char p1_str[2 * sizeof(BT_OCTET16) + 1]; 199 dump_uint128_reverse(p1, p1_str); 200 ASSERT_THAT(p1_str, StrEq(expected_p1_str)); 201 smp_xor_128(p1, rand_); 202 // Correct p1 xor r is 0x5283dd2156ae6d096498274ec7712ee1 203 const char expected_p1_xor_r_str[] = "5283dd2156ae6d096498274ec7712ee1"; 204 char p1_xor_r_str[2 * sizeof(BT_OCTET16) + 1]; 205 dump_uint128_reverse(p1, p1_xor_r_str); 206 ASSERT_THAT(p1_xor_r_str, StrEq(expected_p1_xor_r_str)); 207 tSMP_ENC output; 208 memset(&output, 0, sizeof(tSMP_ENC)); 209 ASSERT_TRUE( 210 SMP_Encrypt(p_cb_.tk, BT_OCTET16_LEN, p1, BT_OCTET16_LEN, &output)); 211 const char expected_p1_prime_str[] = "02c7aa2a9857ac866ff91232df0e3c95"; 212 char p1_prime_str[2 * sizeof(BT_OCTET16) + 1]; 213 dump_uint128_reverse(output.param_buf, p1_prime_str); 214 ASSERT_THAT(p1_prime_str, StrEq(expected_p1_prime_str)); 215 } 216 217 // Test smp_calculate_comfirm function implementation 218 TEST_F(SmpCalculateConfirmTest, test_smp_calculate_comfirm_as_master) { 219 tSMP_ENC output; 220 tSMP_STATUS status = smp_calculate_comfirm(&p_cb_, rand_, &output); 221 EXPECT_EQ(status, SMP_SUCCESS); 222 // Correct MConfirm is 0x1e1e3fef878988ead2a74dc5bef13b86 223 const char expected_confirm_str[] = "1e1e3fef878988ead2a74dc5bef13b86"; 224 char confirm_str[2 * sizeof(BT_OCTET16) + 1]; 225 dump_uint128_reverse(output.param_buf, confirm_str); 226 ASSERT_THAT(confirm_str, StrEq(expected_confirm_str)); 227 } 228 229 // Test ECC point validation 230 TEST(SmpEccValidationTest, test_valid_points) { 231 Point p; 232 233 // Test data from Bluetooth Core Specification 234 // Version 5.0 | Vol 2, Part G | 7.1.2 235 236 // Sample 1 237 p.x[7] = 0x20b003d2; 238 p.x[6] = 0xf297be2c; 239 p.x[5] = 0x5e2c83a7; 240 p.x[4] = 0xe9f9a5b9; 241 p.x[3] = 0xeff49111; 242 p.x[2] = 0xacf4fddb; 243 p.x[1] = 0xcc030148; 244 p.x[0] = 0x0e359de6; 245 246 p.y[7] = 0xdc809c49; 247 p.y[6] = 0x652aeb6d; 248 p.y[5] = 0x63329abf; 249 p.y[4] = 0x5a52155c; 250 p.y[3] = 0x766345c2; 251 p.y[2] = 0x8fed3024; 252 p.y[1] = 0x741c8ed0; 253 p.y[0] = 0x1589d28b; 254 255 EXPECT_TRUE(ECC_ValidatePoint(p)); 256 257 // Sample 2 258 p.x[7] = 0x2c31a47b; 259 p.x[6] = 0x5779809e; 260 p.x[5] = 0xf44cb5ea; 261 p.x[4] = 0xaf5c3e43; 262 p.x[3] = 0xd5f8faad; 263 p.x[2] = 0x4a8794cb; 264 p.x[1] = 0x987e9b03; 265 p.x[0] = 0x745c78dd; 266 267 p.y[7] = 0x91951218; 268 p.y[6] = 0x3898dfbe; 269 p.y[5] = 0xcd52e240; 270 p.y[4] = 0x8e43871f; 271 p.y[3] = 0xd0211091; 272 p.y[2] = 0x17bd3ed4; 273 p.y[1] = 0xeaf84377; 274 p.y[0] = 0x43715d4f; 275 276 EXPECT_TRUE(ECC_ValidatePoint(p)); 277 } 278 279 TEST(SmpEccValidationTest, test_invalid_points) { 280 Point p; 281 multiprecision_init(p.x, 8); 282 multiprecision_init(p.y, 8); 283 284 EXPECT_FALSE(ECC_ValidatePoint(p)); 285 286 // Sample 1 287 p.x[7] = 0x20b003d2; 288 p.x[6] = 0xf297be2c; 289 p.x[5] = 0x5e2c83a7; 290 p.x[4] = 0xe9f9a5b9; 291 p.x[3] = 0xeff49111; 292 p.x[2] = 0xacf4fddb; 293 p.x[1] = 0xcc030148; 294 p.x[0] = 0x0e359de6; 295 296 EXPECT_FALSE(ECC_ValidatePoint(p)); 297 298 p.y[7] = 0xdc809c49; 299 p.y[6] = 0x652aeb6d; 300 p.y[5] = 0x63329abf; 301 p.y[4] = 0x5a52155c; 302 p.y[3] = 0x766345c2; 303 p.y[2] = 0x8fed3024; 304 p.y[1] = 0x741c8ed0; 305 p.y[0] = 0x1589d28b; 306 307 p.y[0]--; 308 309 EXPECT_FALSE(ECC_ValidatePoint(p)); 310 } 311 } // namespace testing 312