2014-09-03 09:02:42

by Jakub Tyszkowski

[permalink] [raw]
Subject: [PATCH 1/8] android/tester: Add action to verify encryption change

When encryption change is verified encryption flag is cleared so we can
detect another encryption change when device reconnects during execution
of another step in the same test case.
---
android/tester-main.c | 38 ++++++++++++++++++++++++++++++++++++++
android/tester-main.h | 2 ++
2 files changed, 40 insertions(+)

diff --git a/android/tester-main.c b/android/tester-main.c
index f5f46fb..34a71ac 100644
--- a/android/tester-main.c
+++ b/android/tester-main.c
@@ -28,6 +28,8 @@ static gint scheduled_cbacks_num;
#define EMULATOR_SIGNAL_TIMEOUT 2 /* in seconds */
#define EMULATOR_SIGNAL "emulator_started"

+static const uint8_t hci_encr_change_hdr[] = { 0x04, 0x08, 0x04, 0x00 };
+
static gboolean check_callbacks_called(gpointer user_data)
{
/*
@@ -213,6 +215,25 @@ static void mgmt_debug(const char *str, void *user_data)
tester_print("%s%s", prefix, str);
}

+static bool hciemu_post_encr_hook(const void *data, uint16_t len,
+ void *user_data)
+{
+ struct test_data *t_data = tester_get_data();
+
+ /*
+ * Expected data: header (4 octets) + conn. handle (2 octets) +
+ * encryption flag (1 octet)
+ */
+ if (len < sizeof(hci_encr_change_hdr) + 3)
+ return true;
+
+ /* Verify header, skip conn. handle and check encryption */
+ if (!memcmp(hci_encr_change_hdr, data, sizeof(hci_encr_change_hdr)))
+ t_data->is_encrypted = ((uint8_t *)data)[6] ? true : false;
+
+ return true;
+}
+
static void read_info_callback(uint8_t status, uint16_t length,
const void *param, void *user_data)
{
@@ -250,6 +271,10 @@ static void read_info_callback(uint8_t status, uint16_t length,
return;
}

+ /* set hook for encryption change */
+ hciemu_add_hook(data->hciemu, HCIEMU_HOOK_POST_EVT, 0x08,
+ hciemu_post_encr_hook, NULL);
+
tester_pre_setup_complete();
}

@@ -1804,6 +1829,19 @@ void emu_add_l2cap_server_action(void)
schedule_action_verification(step);
}

+void bt_verify_encryption_action(void)
+{
+ struct test_data *data = tester_get_data();
+ struct step *step = g_new0(struct step, 1);
+
+ step->action_status = data->is_encrypted ? BT_STATUS_SUCCESS :
+ BT_STATUS_FAIL;
+
+ data->is_encrypted = 0;
+
+ schedule_action_verification(step);
+}
+
static void rfcomm_connect_cb(uint16_t handle, uint16_t cid, void *user_data,
bool status)
{
diff --git a/android/tester-main.h b/android/tester-main.h
index 46aacce..cb8300d 100644
--- a/android/tester-main.h
+++ b/android/tester-main.h
@@ -331,6 +331,7 @@ struct test_data {
pid_t bluetoothd_pid;

struct queue *pdus;
+ bool is_encrypted;
};

/*
@@ -477,3 +478,4 @@ void bt_ssp_reply_accept_action(void);
void bt_cancel_bond_action(void);
void bt_remove_bond_action(void);
void set_default_ssp_request_handler(void);
+void bt_verify_encryption_action(void);
--
1.9.1



2014-09-04 11:57:49

by Jakub Tyszkowski

[permalink] [raw]
Subject: Re: [PATCH 5/8] emulator/btdev: Overwrite default feature mask when SPP is toggled

Hi,

On 09/04/2014 01:09 PM, Johan Hedberg wrote:
> Hi Jakub,
>
> On Thu, Sep 04, 2014, Tyszkowski Jakub wrote:
>>>> This looks suspicious to me. The only thing that should matter is
>>>> whether the host features bit is set on or not. That already looks
>>>> correct to me in the btdev_get_host_features() function. I.e. isn't your
>>>> problem with some piece of code higher up in the stack that's not
>>>> keeping SSP properly disabled? (since what you're now doing is not just
>>>> disabling SSP but making it look like SSP was never supported to begin
>>>> with as soon as you disable it).
>>>
>>> I'm trying to mimic reconnecting legacy HID device (which was previously
>>> paired with PIN) to check if security level will be raised when keyboard
>>> subclass is being found in remotes SDP records. To get the SDP records
>>> we need to trigger SDP search when remote connects the control channel.
>>> But we block such incoming connection with 'security block'.
>>>
>>> If I get the emulator code right, host and remote uses the same array of
>>> features which is reason for this patch. When emulated remote tries to
>>> connect l2cap on PSM other than the SDP one, it's being rejected if it
>>> reports SSP in features.
>>
>> Maybe the correct way to fix this is to make remote_features_complete() also
>> use btdev_get_host_features() instead of directly copying
>> "btdev->conn->features"? With this we wouldn't need to overwrite the
>> ->features.
>
> The remote_features_complete() function returns page 0 which is the
> controller features. Page 1 the host features and you need the extended
> features command for that.

Oh, I get it now.

> The actual bug seems to have been that we
> were returning the local instead of remote features when getting the
> host features in remote_ext_features_complete().

Looks like I've lost the point of view by mixing up local and remote
btdevs. Thanks for clearing that up.

> I've pushed a fix for
> it. Let me know if that was the actual problem you were having and
> things now work fine for you.

This fixes the issue I had, Thank you.
I'll be sending v2.

Jakub

2014-09-04 11:09:59

by Johan Hedberg

[permalink] [raw]
Subject: Re: [PATCH 5/8] emulator/btdev: Overwrite default feature mask when SPP is toggled

Hi Jakub,

On Thu, Sep 04, 2014, Tyszkowski Jakub wrote:
> >>This looks suspicious to me. The only thing that should matter is
> >>whether the host features bit is set on or not. That already looks
> >>correct to me in the btdev_get_host_features() function. I.e. isn't your
> >>problem with some piece of code higher up in the stack that's not
> >>keeping SSP properly disabled? (since what you're now doing is not just
> >>disabling SSP but making it look like SSP was never supported to begin
> >>with as soon as you disable it).
> >
> >I'm trying to mimic reconnecting legacy HID device (which was previously
> >paired with PIN) to check if security level will be raised when keyboard
> >subclass is being found in remotes SDP records. To get the SDP records
> >we need to trigger SDP search when remote connects the control channel.
> >But we block such incoming connection with 'security block'.
> >
> >If I get the emulator code right, host and remote uses the same array of
> >features which is reason for this patch. When emulated remote tries to
> >connect l2cap on PSM other than the SDP one, it's being rejected if it
> >reports SSP in features.
>
> Maybe the correct way to fix this is to make remote_features_complete() also
> use btdev_get_host_features() instead of directly copying
> "btdev->conn->features"? With this we wouldn't need to overwrite the
> ->features.

The remote_features_complete() function returns page 0 which is the
controller features. Page 1 the host features and you need the extended
features command for that. The actual bug seems to have been that we
were returning the local instead of remote features when getting the
host features in remote_ext_features_complete(). I've pushed a fix for
it. Let me know if that was the actual problem you were having and
things now work fine for you.

Johan

2014-09-04 10:54:41

by Jakub Tyszkowski

[permalink] [raw]
Subject: Re: [PATCH 5/8] emulator/btdev: Overwrite default feature mask when SPP is toggled

Hi,

On 09/03/2014 03:34 PM, Tyszkowski Jakub wrote:
> Hi Johan,
>
> On 09/03/2014 11:39 AM, Johan Hedberg wrote:
>> Hi Jakub,
>>
>> On Wed, Sep 03, 2014, Jakub Tyszkowski wrote:
>>> Without this we cannot test the legacy HID Device reconnection, as L2Cap
>>> connection is refused when SSP is reported in remote device's features.
>>> ---
>>> emulator/btdev.c | 7 +++++++
>>> 1 file changed, 7 insertions(+)
>>>
>>> diff --git a/emulator/btdev.c b/emulator/btdev.c
>>> index 86fd3d9..8aebb8f 100644
>>> --- a/emulator/btdev.c
>>> +++ b/emulator/btdev.c
>>> @@ -2332,6 +2332,13 @@ static void default_cmd(struct btdev *btdev,
>>> uint16_t opcode,
>>> goto unsupported;
>>> wspm = data;
>>> btdev->simple_pairing_mode = wspm->mode;
>>> +
>>> + /* set SSP feature mask */
>>> + if (wspm->mode)
>>> + btdev->features[6] |= 0x08;
>>> + else
>>> + btdev->features[6] &= ~0x08;
>>> +
>>
>> This looks suspicious to me. The only thing that should matter is
>> whether the host features bit is set on or not. That already looks
>> correct to me in the btdev_get_host_features() function. I.e. isn't your
>> problem with some piece of code higher up in the stack that's not
>> keeping SSP properly disabled? (since what you're now doing is not just
>> disabling SSP but making it look like SSP was never supported to begin
>> with as soon as you disable it).
>>
>> Johan
>>
>
> I'm trying to mimic reconnecting legacy HID device (which was previously
> paired with PIN) to check if security level will be raised when keyboard
> subclass is being found in remotes SDP records. To get the SDP records
> we need to trigger SDP search when remote connects the control channel.
> But we block such incoming connection with 'security block'.
>
> If I get the emulator code right, host and remote uses the same array of
> features which is reason for this patch. When emulated remote tries to
> connect l2cap on PSM other than the SDP one, it's being rejected if it
> reports SSP in features.

Maybe the correct way to fix this is to make remote_features_complete()
also use btdev_get_host_features() instead of directly copying
"btdev->conn->features"? With this we wouldn't need to overwrite the
->features.

Regards,
Jakub


2014-09-03 13:34:40

by Jakub Tyszkowski

[permalink] [raw]
Subject: Re: [PATCH 5/8] emulator/btdev: Overwrite default feature mask when SPP is toggled

Hi Johan,

On 09/03/2014 11:39 AM, Johan Hedberg wrote:
> Hi Jakub,
>
> On Wed, Sep 03, 2014, Jakub Tyszkowski wrote:
>> Without this we cannot test the legacy HID Device reconnection, as L2Cap
>> connection is refused when SSP is reported in remote device's features.
>> ---
>> emulator/btdev.c | 7 +++++++
>> 1 file changed, 7 insertions(+)
>>
>> diff --git a/emulator/btdev.c b/emulator/btdev.c
>> index 86fd3d9..8aebb8f 100644
>> --- a/emulator/btdev.c
>> +++ b/emulator/btdev.c
>> @@ -2332,6 +2332,13 @@ static void default_cmd(struct btdev *btdev, uint16_t opcode,
>> goto unsupported;
>> wspm = data;
>> btdev->simple_pairing_mode = wspm->mode;
>> +
>> + /* set SSP feature mask */
>> + if (wspm->mode)
>> + btdev->features[6] |= 0x08;
>> + else
>> + btdev->features[6] &= ~0x08;
>> +
>
> This looks suspicious to me. The only thing that should matter is
> whether the host features bit is set on or not. That already looks
> correct to me in the btdev_get_host_features() function. I.e. isn't your
> problem with some piece of code higher up in the stack that's not
> keeping SSP properly disabled? (since what you're now doing is not just
> disabling SSP but making it look like SSP was never supported to begin
> with as soon as you disable it).
>
> Johan
>

I'm trying to mimic reconnecting legacy HID device (which was previously
paired with PIN) to check if security level will be raised when keyboard
subclass is being found in remotes SDP records. To get the SDP records
we need to trigger SDP search when remote connects the control channel.
But we block such incoming connection with 'security block'.

If I get the emulator code right, host and remote uses the same array of
features which is reason for this patch. When emulated remote tries to
connect l2cap on PSM other than the SDP one, it's being rejected if it
reports SSP in features.

Regards,
Jakub




2014-09-03 09:39:38

by Johan Hedberg

[permalink] [raw]
Subject: Re: [PATCH 5/8] emulator/btdev: Overwrite default feature mask when SPP is toggled

Hi Jakub,

On Wed, Sep 03, 2014, Jakub Tyszkowski wrote:
> Without this we cannot test the legacy HID Device reconnection, as L2Cap
> connection is refused when SSP is reported in remote device's features.
> ---
> emulator/btdev.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/emulator/btdev.c b/emulator/btdev.c
> index 86fd3d9..8aebb8f 100644
> --- a/emulator/btdev.c
> +++ b/emulator/btdev.c
> @@ -2332,6 +2332,13 @@ static void default_cmd(struct btdev *btdev, uint16_t opcode,
> goto unsupported;
> wspm = data;
> btdev->simple_pairing_mode = wspm->mode;
> +
> + /* set SSP feature mask */
> + if (wspm->mode)
> + btdev->features[6] |= 0x08;
> + else
> + btdev->features[6] &= ~0x08;
> +

This looks suspicious to me. The only thing that should matter is
whether the host features bit is set on or not. That already looks
correct to me in the btdev_get_host_features() function. I.e. isn't your
problem with some piece of code higher up in the stack that's not
keeping SSP properly disabled? (since what you're now doing is not just
disabling SSP but making it look like SSP was never supported to begin
with as soon as you disable it).

Johan

2014-09-03 09:02:48

by Jakub Tyszkowski

[permalink] [raw]
Subject: [PATCH 7/8] android/tester: Add support for rejected connections

If we want the connection to be rejected, this can be notified to a
device in various ways. HIDHost for example expects virtual cable
unplug. This patch adds action for triggering rejected reject
connections, which requires custom verification on remotes side.
Hid host will verify it by listenning on the ctrl channel for virtual
cable unplug.
---
android/tester-main.c | 18 +++++++++++++++---
android/tester-main.h | 2 ++
2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/android/tester-main.c b/android/tester-main.c
index 5266a08..edd4c38 100644
--- a/android/tester-main.c
+++ b/android/tester-main.c
@@ -1734,17 +1734,18 @@ void emu_set_connect_cb_action(void)
schedule_action_verification(step);
}

-void emu_remote_connect_hci_action(void)
+void emu_remote_connect_hci_rejected_action(void)
{
struct test_data *data = tester_get_data();
struct bthost *bthost = hciemu_client_get_host(data->hciemu);
struct step *current_data_step = queue_peek_head(data->steps);
struct bt_action_data *action_data = current_data_step->set_data;
- struct step *step = g_new0(struct step, 1);
const uint8_t *master_addr;

master_addr = hciemu_get_master_bdaddr(data->hciemu);

+ data->expect_rejection = true;
+
tester_print("Trying to connect hci");

if (action_data)
@@ -1753,8 +1754,19 @@ void emu_remote_connect_hci_action(void)
else
bthost_hci_connect(bthost, master_addr, BDADDR_BREDR);

- step->action_status = BT_STATUS_SUCCESS;
+ /*
+ * This needs custom action verification. For example Hidhost waits
+ * for virtual cable unplug message on the ctrl channel to verify this.
+ */
+}

+void emu_remote_connect_hci_action(void)
+{
+ struct step *step = g_new0(struct step, 1);
+
+ emu_remote_connect_hci_rejected_action();
+
+ step->action_status = BT_STATUS_SUCCESS;
schedule_action_verification(step);
}

diff --git a/android/tester-main.h b/android/tester-main.h
index f3cfcb2..4228bf1 100644
--- a/android/tester-main.h
+++ b/android/tester-main.h
@@ -348,6 +348,7 @@ struct test_data {

struct queue *pdus;
bool is_encrypted;
+ bool expect_rejection;

uint16_t sdp_call_cnt;
};
@@ -474,6 +475,7 @@ void schedule_action_verification(struct step *step);
void emu_setup_powered_remote_action(void);
void emu_set_pin_code_action(void);
void emu_set_connect_cb_action(void);
+void emu_remote_connect_hci_rejected_action(void);
void emu_remote_connect_hci_action(void);
void emu_remote_disconnect_hci_action(void);
void emu_set_io_cap(void);
--
1.9.1


2014-09-03 09:02:49

by Jakub Tyszkowski

[permalink] [raw]
Subject: [PATCH 8/8] android/tester: Add Hidhost rejecting connection case

This is case for checking if hidhost does not accept connections from
unknown devices.
---
android/tester-hidhost.c | 100 +++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 100 insertions(+)

diff --git a/android/tester-hidhost.c b/android/tester-hidhost.c
index 99bc146..b5acf1a 100644
--- a/android/tester-hidhost.c
+++ b/android/tester-hidhost.c
@@ -42,6 +42,9 @@
#define HID_MODE_BREDR 0x01
#define HID_MODE_LE 0x02

+#define HID_MSG_CONTROL 0x10
+#define HID_VIRTUAL_CABLE_UNPLUG 0x05
+
#define HID_EXPECTED_REPORT_SIZE 0x02

static struct queue *list; /* List of hidhost test cases */
@@ -209,6 +212,15 @@ static struct raw_dataset hid_keyboard_rsp_data = {
.len = sizeof(hid_keyboard_rsp_pdu),
};

+static bt_scan_mode_t setprop_scan_mode_conn_val =
+ BT_SCAN_MODE_CONNECTABLE;
+
+static bt_property_t prop_test_scan_mode_conn = {
+ .type = BT_PROPERTY_ADAPTER_SCAN_MODE,
+ .val = &setprop_scan_mode_conn_val,
+ .len = sizeof(setprop_scan_mode_conn_val),
+};
+
static void hid_sdp_cid_hook_cb(const void *data, uint16_t len, void *user_data)
{
struct test_data *t_data = tester_get_data();
@@ -280,6 +292,7 @@ static void hid_ctrl_cid_hook_cb(const void *data, uint16_t len,
void *user_data)
{
struct emu_cid_data *cid_data = user_data;
+ struct test_data *t_data = tester_get_data();
uint8_t header = ((uint8_t *) data)[0];
struct step *step;

@@ -310,6 +323,14 @@ static void hid_ctrl_cid_hook_cb(const void *data, uint16_t len,

schedule_action_verification(step);
break;
+ case HID_MSG_CONTROL | HID_VIRTUAL_CABLE_UNPLUG:
+ if (t_data->expect_rejection) {
+ step = g_new0(struct step, 1);
+
+ step->action_status = BT_STATUS_SUCCESS;
+ schedule_action_verification(step);
+ }
+ break;
}
}
static void hid_ctrl_connect_cb(uint16_t handle, uint16_t cid, void *user_data)
@@ -508,6 +529,68 @@ static void hidhost_send_data_action(void)
}
}

+static void client_l2cap_rsp(uint8_t code, const void *data, uint16_t len,
+ void *user_data)
+{
+ static const uint8_t con_req[] = { 0x13, 0x00, /* PSM */
+ 0x41, 0x00 }; /* Source CID */
+ const uint16_t *psm = data;
+ struct test_data *t_data = tester_get_data();
+ struct bthost *bthost = hciemu_client_get_host(t_data->hciemu);
+
+ if (len < sizeof(*psm)) {
+ tester_warn("Invalid l2cap response.");
+ return;
+ }
+
+ switch (*psm) {
+ case 0x40:
+ tester_print("Connected ctrl channel");
+
+ bthost_add_cid_hook(bthost, cid_data.ctrl_handle, 0x40,
+ hid_ctrl_cid_hook_cb, &cid_data);
+
+ cid_data.intr_handle = cid_data.ctrl_handle;
+
+ bthost_l2cap_req(bthost, cid_data.intr_handle, 0x02,
+ con_req, sizeof(con_req),
+ client_l2cap_rsp, &cid_data);
+ break;
+ case 0x41:
+ tester_print("Connected intr channel");
+
+ bthost_add_cid_hook(bthost, cid_data.intr_handle, 0x41,
+ hid_intr_cid_hook_cb, &cid_data);
+
+ break;
+ default:
+ break;
+ }
+}
+
+static void hidhost_conn_cb(uint16_t handle, void *user_data)
+{
+ static const uint8_t con_req[] = { 0x11, 0x00, /* PSM */
+ 0x40, 0x00 }; /* Source CID */
+
+ struct test_data *data = tester_get_data();
+ struct bthost *bthost = hciemu_client_get_host(data->hciemu);
+
+ if (data->hciemu_type == HCIEMU_TYPE_BREDR) {
+ tester_warn("Not handled device type.");
+ return;
+ }
+
+ cid_data.ctrl_cid = 0x40;
+ cid_data.ctrl_handle = handle;
+
+ tester_print("Sending L2CAP Request from remote");
+
+ bthost_l2cap_req(bthost, handle, 0x02,
+ con_req, sizeof(con_req),
+ client_l2cap_rsp, &cid_data);
+}
+
static struct test_case test_cases[] = {
TEST_CASE_BREDRLE("HidHost Init",
ACTION_SUCCESS(dummy_action, NULL),
@@ -645,6 +728,23 @@ static struct test_case test_cases[] = {
BTHH_CONN_STATE_CONNECTED),
ACTION_SUCCESS(hidhost_send_data_action, NULL),
),
+ TEST_CASE_BREDRLE_NOSSP("HidHost Reject Unknown Remote Connection",
+ ACTION_SUCCESS(bluetooth_enable_action, NULL),
+ CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
+ ACTION_SUCCESS(bt_set_property_action,
+ &prop_test_scan_mode_conn),
+ CALLBACK_ADAPTER_PROPS(&prop_test_scan_mode_conn, 1),
+ ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
+ ACTION_SUCCESS(emu_add_l2cap_server_action,
+ &l2cap_setup_keyboard_sdp_data),
+ ACTION_SUCCESS(emu_add_l2cap_server_action,
+ &l2cap_setup_cc_data),
+ ACTION_SUCCESS(emu_add_l2cap_server_action,
+ &l2cap_setup_ic_data),
+ /* Trigger incoming connection */
+ ACTION_SUCCESS(emu_set_connect_cb_action, hidhost_conn_cb),
+ ACTION_SUCCESS(emu_remote_connect_hci_rejected_action, NULL),
+ ),
TEST_CASE_BREDRLE("HidHost Encrypted Out. Conn. Success",
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
--
1.9.1


2014-09-03 09:02:47

by Jakub Tyszkowski

[permalink] [raw]
Subject: [PATCH 6/8] android/tester: Enable SSP in emulator by default

We should decide if the SSP feature will be used before the emulated
adapter features are retrieved so the SSP feature flag is correct.
For this setting the ssp feature had to be moved to 'pre_setup' stage.

To make this possible and most of the time automatic the '_NOSSP'
postfixed macros were added.
---
android/tester-a2dp.c | 4 ----
android/tester-bluetooth.c | 12 ++----------
android/tester-gatt.c | 10 ----------
android/tester-hdp.c | 4 ----
android/tester-hidhost.c | 9 ---------
android/tester-main.c | 20 +++++---------------
android/tester-main.h | 19 ++++++++++++++++++-
android/tester-pan.c | 4 +---
android/tester-socket.c | 2 --
9 files changed, 26 insertions(+), 58 deletions(-)

diff --git a/android/tester-a2dp.c b/android/tester-a2dp.c
index 6d4043b..17bf168 100644
--- a/android/tester-a2dp.c
+++ b/android/tester-a2dp.c
@@ -190,7 +190,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_add_l2cap_server_action, &l2cap_setup_data),
ACTION_SUCCESS(a2dp_connect_action, NULL),
CALLBACK_AV_CONN_STATE(CB_A2DP_CONN_STATE,
@@ -207,7 +206,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_add_l2cap_server_action, &l2cap_setup_data),
ACTION_SUCCESS(a2dp_connect_action, NULL),
CALLBACK_AV_CONN_STATE(CB_A2DP_CONN_STATE,
@@ -227,7 +225,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_add_l2cap_server_action, &l2cap_setup_data),
ACTION_SUCCESS(a2dp_connect_action, NULL),
CALLBACK_AV_CONN_STATE(CB_A2DP_CONN_STATE,
@@ -246,7 +243,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_add_l2cap_server_action, &l2cap_setup_data),
ACTION_SUCCESS(a2dp_connect_action, NULL),
CALLBACK_AV_CONN_STATE(CB_A2DP_CONN_STATE,
diff --git a/android/tester-bluetooth.c b/android/tester-bluetooth.c
index a97e28e..a9d8d43 100644
--- a/android/tester-bluetooth.c
+++ b/android/tester-bluetooth.c
@@ -982,7 +982,7 @@ static struct test_case test_cases[] = {
ACTION_FAIL(bt_set_device_prop_action,
&prop_test_remote_ble_disc_timeout_req),
),
- TEST_CASE_BREDR("Bluetooth Create Bond PIN - Success",
+ TEST_CASE_BREDR_NOSSP("Bluetooth Create Bond PIN - Success",
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
@@ -1005,7 +1005,7 @@ static struct test_case test_cases[] = {
CALLBACK_BOND_STATE(BT_BOND_STATE_BONDED,
&prop_emu_remote_bdadr, 1),
),
- TEST_CASE_BREDR("Bluetooth Create Bond PIN - Bad PIN",
+ TEST_CASE_BREDR_NOSSP("Bluetooth Create Bond PIN - Bad PIN",
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
@@ -1033,7 +1033,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(bt_start_discovery_action, NULL),
CALLBACK_STATE(CB_BT_DISCOVERY_STATE_CHANGED,
BT_DISCOVERY_STARTED),
@@ -1056,7 +1055,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(bt_start_discovery_action, NULL),
CALLBACK_STATE(CB_BT_DISCOVERY_STATE_CHANGED,
BT_DISCOVERY_STARTED),
@@ -1080,7 +1078,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(bt_create_bond_action,
&prop_test_remote_ble_bdaddr_req),
CALLBACK_BOND_STATE(BT_BOND_STATE_BONDING,
@@ -1098,7 +1095,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(bt_create_bond_action, &prop_test_bdaddr_req),
CALLBACK_BOND_STATE(BT_BOND_STATE_BONDING,
&prop_test_bdaddr, 1),
@@ -1112,7 +1108,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(bt_start_discovery_action, NULL),
CALLBACK_STATE(CB_BT_DISCOVERY_STATE_CHANGED,
BT_DISCOVERY_STARTED),
@@ -1137,7 +1132,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(bt_start_discovery_action, NULL),
CALLBACK_STATE(CB_BT_DISCOVERY_STATE_CHANGED,
BT_DISCOVERY_STARTED),
@@ -1168,7 +1162,6 @@ static struct test_case test_cases[] = {
&prop_test_scanmode_conn_discov),
CALLBACK_ADAPTER_PROPS(&prop_test_scanmode_conn_discov, 1),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_set_io_cap, &no_input_no_output_io_cap),
ACTION_SUCCESS(emu_set_connect_cb_action, conn_cb),
ACTION_SUCCESS(emu_remote_connect_hci_action, NULL),
@@ -1189,7 +1182,6 @@ static struct test_case test_cases[] = {
&prop_test_scanmode_conn_discov),
CALLBACK_ADAPTER_PROPS(&prop_test_scanmode_conn_discov, 1),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_set_io_cap, &no_input_no_output_io_cap),
ACTION_SUCCESS(emu_set_connect_cb_action, conn_cb),
ACTION_SUCCESS(emu_remote_connect_hci_action, NULL),
diff --git a/android/tester-gatt.c b/android/tester-gatt.c
index 625d949..c042800 100644
--- a/android/tester-gatt.c
+++ b/android/tester-gatt.c
@@ -441,7 +441,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(gatt_client_register_action, &client_app_uuid),
CALLBACK_STATUS(CB_GATTC_REGISTER_CLIENT, BT_STATUS_SUCCESS),
ACTION_SUCCESS(gatt_client_start_scan_action,
@@ -456,7 +455,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_set_connect_cb_action, gatt_conn_cb),
ACTION_SUCCESS(gatt_client_register_action, &client_app_uuid),
CALLBACK_STATUS(CB_GATTC_REGISTER_CLIENT, BT_STATUS_SUCCESS),
@@ -477,7 +475,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_set_connect_cb_action, gatt_conn_cb),
ACTION_SUCCESS(gatt_client_register_action, &client_app_uuid),
CALLBACK_STATUS(CB_GATTC_REGISTER_CLIENT, BT_STATUS_SUCCESS),
@@ -503,7 +500,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_set_connect_cb_action, gatt_conn_cb),
ACTION_SUCCESS(gatt_client_register_action, &client_app_uuid),
CALLBACK_STATUS(CB_GATTC_REGISTER_CLIENT, BT_STATUS_SUCCESS),
@@ -539,7 +535,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_set_connect_cb_action, gatt_conn_cb),
ACTION_SUCCESS(bt_set_property_action,
&prop_test_scan_mode_conn),
@@ -567,7 +562,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_set_connect_cb_action, gatt_conn_cb),
ACTION_SUCCESS(bt_set_property_action,
&prop_test_scan_mode_conn),
@@ -615,7 +609,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_set_connect_cb_action, gatt_conn_cb),
ACTION_SUCCESS(gatt_client_register_action, &client_app_uuid),
CALLBACK_STATUS(CB_GATTC_REGISTER_CLIENT, BT_STATUS_SUCCESS),
@@ -640,7 +633,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_set_connect_cb_action, gatt_conn_cb),
ACTION_SUCCESS(gatt_client_register_action, &client_app_uuid),
CALLBACK_STATUS(CB_GATTC_REGISTER_CLIENT, BT_STATUS_SUCCESS),
@@ -666,7 +658,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_set_connect_cb_action, gatt_conn_cb),
ACTION_SUCCESS(gatt_client_register_action, &client_app_uuid),
CALLBACK_STATUS(CB_GATTC_REGISTER_CLIENT, BT_STATUS_SUCCESS),
@@ -690,7 +681,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_set_connect_cb_action, gatt_conn_cb),
ACTION_SUCCESS(gatt_client_register_action, &client_app_uuid),
CALLBACK_STATUS(CB_GATTC_REGISTER_CLIENT, BT_STATUS_SUCCESS),
diff --git a/android/tester-hdp.c b/android/tester-hdp.c
index 9ecef21..569ecd3 100644
--- a/android/tester-hdp.c
+++ b/android/tester-hdp.c
@@ -482,7 +482,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_add_l2cap_server_action,
&l2cap_setup_sdp_data),
ACTION_SUCCESS(emu_add_l2cap_server_action,
@@ -503,7 +502,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_add_l2cap_server_action,
&l2cap_setup_sdp_data),
ACTION_SUCCESS(emu_add_l2cap_server_action,
@@ -527,7 +525,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_add_l2cap_server_action,
&l2cap_setup_sdp_data),
ACTION_SUCCESS(emu_add_l2cap_server_action,
@@ -551,7 +548,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_add_l2cap_server_action,
&l2cap_setup_sdp_data),
ACTION_SUCCESS(emu_add_l2cap_server_action,
diff --git a/android/tester-hidhost.c b/android/tester-hidhost.c
index 143b5a6..99bc146 100644
--- a/android/tester-hidhost.c
+++ b/android/tester-hidhost.c
@@ -516,7 +516,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_add_l2cap_server_action,
&l2cap_setup_sdp_data),
ACTION_SUCCESS(emu_add_l2cap_server_action,
@@ -535,7 +534,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_add_l2cap_server_action,
&l2cap_setup_sdp_data),
ACTION_SUCCESS(emu_add_l2cap_server_action,
@@ -553,7 +551,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_add_l2cap_server_action,
&l2cap_setup_sdp_data),
ACTION_SUCCESS(emu_add_l2cap_server_action,
@@ -571,7 +568,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_add_l2cap_server_action,
&l2cap_setup_sdp_data),
ACTION_SUCCESS(emu_add_l2cap_server_action,
@@ -588,7 +584,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_add_l2cap_server_action,
&l2cap_setup_sdp_data),
ACTION_SUCCESS(emu_add_l2cap_server_action,
@@ -605,7 +600,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_add_l2cap_server_action,
&l2cap_setup_sdp_data),
ACTION_SUCCESS(emu_add_l2cap_server_action,
@@ -623,7 +617,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_add_l2cap_server_action,
&l2cap_setup_sdp_data),
ACTION_SUCCESS(emu_add_l2cap_server_action,
@@ -641,7 +634,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_add_l2cap_server_action,
&l2cap_setup_sdp_data),
ACTION_SUCCESS(emu_add_l2cap_server_action,
@@ -657,7 +649,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(set_default_ssp_request_handler, NULL),
ACTION_SUCCESS(emu_add_l2cap_server_action,
&l2cap_setup_keyboard_sdp_data),
diff --git a/android/tester-main.c b/android/tester-main.c
index 34a71ac..5266a08 100644
--- a/android/tester-main.c
+++ b/android/tester-main.c
@@ -282,12 +282,17 @@ static void index_added_callback(uint16_t index, uint16_t length,
const void *param, void *user_data)
{
struct test_data *data = tester_get_data();
+ const struct test_case *test_steps = data->test_data;
+ struct bthost *bthost;

tester_print("Index Added callback");
tester_print(" Index: 0x%04x", index);

data->mgmt_index = index;

+ bthost = hciemu_client_get_host(data->hciemu);
+ bthost_write_ssp_mode(bthost, test_steps->no_ssp_feat ? 0x00 : 0x01);
+
mgmt_send(data->mgmt, MGMT_OP_READ_INFO, data->mgmt_index, 0, NULL,
read_info_callback, NULL, NULL);
}
@@ -1714,21 +1719,6 @@ void emu_set_pin_code_action(void)
schedule_action_verification(step);
}

-void emu_set_ssp_mode_action(void)
-{
- struct test_data *data = tester_get_data();
- struct bthost *bthost;
- struct step *step = g_new0(struct step, 1);
-
- bthost = hciemu_client_get_host(data->hciemu);
-
- bthost_write_ssp_mode(bthost, 0x01);
-
- step->action_status = BT_STATUS_SUCCESS;
-
- schedule_action_verification(step);
-}
-
void emu_set_connect_cb_action(void)
{
struct test_data *data = tester_get_data();
diff --git a/android/tester-main.h b/android/tester-main.h
index 5fa4649..f3cfcb2 100644
--- a/android/tester-main.h
+++ b/android/tester-main.h
@@ -54,6 +54,14 @@
#include <hardware/bt_gatt_client.h>
#include <hardware/bt_gatt_server.h>

+ #define TEST_CASE_BREDR_NOSSP(text, ...) { \
+ HCIEMU_TYPE_BREDR, \
+ text, \
+ sizeof((struct step[]) {__VA_ARGS__}) / sizeof(struct step), \
+ (struct step[]) {__VA_ARGS__}, \
+ true, \
+ }
+
#define TEST_CASE_BREDR(text, ...) { \
HCIEMU_TYPE_BREDR, \
text, \
@@ -61,6 +69,14 @@
(struct step[]) {__VA_ARGS__}, \
}

+#define TEST_CASE_BREDRLE_NOSSP(text, ...) { \
+ HCIEMU_TYPE_BREDRLE, \
+ text, \
+ sizeof((struct step[]) {__VA_ARGS__}) / sizeof(struct step), \
+ (struct step[]) {__VA_ARGS__}, \
+ true, \
+ }
+
#define TEST_CASE_BREDRLE(text, ...) { \
HCIEMU_TYPE_BREDRLE, \
text, \
@@ -431,6 +447,8 @@ struct test_case {
const char *title;
const uint16_t step_num;
const struct step *step;
+
+ const bool no_ssp_feat;
};

/* Get, remove test cases API */
@@ -455,7 +473,6 @@ void schedule_action_verification(struct step *step);
/* Emulator actions */
void emu_setup_powered_remote_action(void);
void emu_set_pin_code_action(void);
-void emu_set_ssp_mode_action(void);
void emu_set_connect_cb_action(void);
void emu_remote_connect_hci_action(void);
void emu_remote_disconnect_hci_action(void);
diff --git a/android/tester-pan.c b/android/tester-pan.c
index 8d41d34..0cc2409 100644
--- a/android/tester-pan.c
+++ b/android/tester-pan.c
@@ -1,3 +1,4 @@
+
/*
* Copyright (C) 2014 Intel Corporation
*
@@ -151,7 +152,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_add_l2cap_server_action, &l2cap_setup_data),
ACTION_SUCCESS(pan_connect_action, NULL),
CALLBACK_PAN_CONN_STATE(CB_PAN_CONNECTION_STATE,
@@ -176,7 +176,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_add_l2cap_server_action, &l2cap_setup_data),
ACTION_SUCCESS(pan_connect_action, NULL),
CALLBACK_PAN_CONN_STATE(CB_PAN_CONNECTION_STATE,
@@ -202,7 +201,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(emu_add_l2cap_server_action, &l2cap_setup_data),
ACTION_SUCCESS(pan_connect_action, NULL),
CALLBACK_PAN_CONN_STATE(CB_PAN_CONNECTION_STATE,
diff --git a/android/tester-socket.c b/android/tester-socket.c
index c44fa28..672599d 100644
--- a/android/tester-socket.c
+++ b/android/tester-socket.c
@@ -403,7 +403,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(bt_create_bond_action,
&prop_emu_remote_bdaddr_req),
CALLBACK_BOND_STATE(BT_BOND_STATE_BONDING,
@@ -427,7 +426,6 @@ static struct test_case test_cases[] = {
ACTION_SUCCESS(bluetooth_enable_action, NULL),
CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
- ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
ACTION_SUCCESS(bt_create_bond_action,
&prop_emu_remote_bdaddr_req),
CALLBACK_BOND_STATE(BT_BOND_STATE_BONDING,
--
1.9.1


2014-09-03 09:02:44

by Jakub Tyszkowski

[permalink] [raw]
Subject: [PATCH 3/8] android/tester: Add case verifying encryption on HIDHost

This case verifies if encryption is enabled when connecting to
HID Keyboard device.
---
android/tester-hidhost.c | 96 ++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 96 insertions(+)

diff --git a/android/tester-hidhost.c b/android/tester-hidhost.c
index b454db4..479be1e 100644
--- a/android/tester-hidhost.c
+++ b/android/tester-hidhost.c
@@ -140,6 +140,74 @@ static struct raw_dataset hid_rsp_data = {
.len = sizeof(hid_rsp_pdu),
};

+static const uint8_t hid_keyboard_rsp_pdu[] = { 0x07,
+ 0x00, 0x01, /* Transaction id */
+ 0x02, 0x04, /* Response length */
+ 0x02, 0x01, /* Attributes length */
+ 0x36, 0x01, 0xfe, 0x36, 0x01, 0x93, 0x09, 0x00, 0x00,
+ 0x0a, 0x00, 0x01, 0x00, 0x00, 0x09, 0x00, 0x01, 0x35,
+ 0x03, 0x19, 0x11, 0x24, 0x09, 0x00, 0x04, 0x35, 0x0d,
+ 0x35, 0x06, 0x19, 0x01, 0x00, 0x09, 0x00, 0x11, 0x35,
+ 0x03, 0x19, 0x00, 0x11, 0x09, 0x00, 0x06, 0x35, 0x09,
+ 0x09, 0x65, 0x6e, 0x09, 0x00, 0x6a, 0x09, 0x01, 0x00,
+ 0x09, 0x00, 0x09, 0x35, 0x08, 0x35, 0x06, 0x19, 0x11,
+ 0x24, 0x09, 0x01, 0x00, 0x09, 0x00, 0x0d, 0x35, 0x0f,
+ 0x35, 0x0d, 0x35, 0x06, 0x19, 0x01, 0x00, 0x09, 0x00,
+ 0x13, 0x35, 0x03, 0x19, 0x00, 0x11, 0x09, 0x01, 0x00,
+ 0x25, 0x10, 0x53, 0x41, 0x4d, 0x53, 0x55, 0x4e, 0x47,
+ 0x20, 0x4b, 0x65, 0x79, 0x62, 0x6f, 0x61, 0x72, 0x64,
+ 0x09, 0x01, 0x01, 0x25, 0x08, 0x4b, 0x65, 0x79, 0x62,
+ 0x6f, 0x61, 0x72, 0x64, 0x09, 0x01, 0x02, 0x25, 0x0d,
+ 0x43, 0x53, 0x52, 0x20, 0x48, 0x49, 0x44, 0x45, 0x6e,
+ 0x67, 0x69, 0x6e, 0x65, 0x09, 0x02, 0x00, 0x09, 0x01,
+ 0x00, 0x09, 0x02, 0x01, 0x09, 0x01, 0x11, 0x09, 0x02,
+ 0x02, 0x08, 0x40, 0x09, 0x02, 0x03, 0x08, 0x23, 0x09,
+ 0x02, 0x04, 0x28, 0x01, 0x09, 0x02, 0x05, 0x28, 0x01,
+ 0x09, 0x02, 0x06, 0x35, 0xb7, 0x35, 0xb5, 0x08, 0x22,
+ 0x25, 0xb1, 0x05, 0x01, 0x09, 0x06, 0xa1, 0x01, 0x05,
+ 0x07, 0x85, 0x01, 0x19, 0xe0, 0x29, 0xe7, 0x15, 0x00,
+ 0x25, 0x01, 0x75, 0x01, 0x95, 0x08, 0x81, 0x02, 0x95,
+ 0x01, 0x75, 0x08, 0x81, 0x01, 0x95, 0x05, 0x75, 0x01,
+ 0x05, 0x08, 0x85, 0x01, 0x19, 0x01, 0x29, 0x05, 0x91,
+ 0x02, 0x95, 0x01, 0x75, 0x03, 0x91, 0x03, 0x95, 0x06,
+ 0x75, 0x08, 0x15, 0x00, 0x25, 0x65, 0x05, 0x07, 0x19,
+ 0x00, 0x29, 0x6f, 0x81, 0x00, 0xc0, 0x05, 0x0c, 0x09,
+ 0x01, 0xa1, 0x01, 0x85, 0x02, 0x05, 0x0c, 0x15, 0x00,
+ 0x25, 0x01, 0x75, 0x01, 0x95, 0x18, 0x09, 0xe2, 0x09,
+ 0xea, 0x09, 0xe9, 0x09, 0xb7, 0x09, 0xcd, 0x0a, 0x23,
+ 0x02, 0x0a, 0x8a, 0x01, 0x0a, 0x21, 0x02, 0x75, 0x01,
+ 0x95, 0x03, 0x81, 0x02, 0x75, 0x01, 0x95, 0x05, 0x81,
+ 0x01, 0x05, 0x08, 0x85, 0xff, 0x95, 0x01, 0x75, 0x02,
+ 0x09, 0x24, 0x09, 0x26, 0x81, 0x02, 0x75, 0x06, 0x81,
+ 0x01, 0xc0, 0x06, 0x7f, 0xff, 0x09, 0x01, 0xa1, 0x01,
+ 0x85, 0x03, 0x15, 0x00, 0x25, 0x01, 0x09, 0xb9, 0x09,
+ 0xb5, 0x09, 0xba, 0x09, 0xbb, 0x09, 0xbc, 0x09, 0xbd,
+ 0x09, 0xb6, 0x09, 0xb7, 0x75, 0x01, 0x95, 0x06, 0x81,
+ 0x02, 0x75, 0x01, 0x95, 0x02, 0x81, 0x01, 0xc0, 0x09,
+ 0x02, 0x07, 0x35, 0x08, 0x35, 0x06, 0x09, 0x04, 0x09,
+ 0x09, 0x01, 0x00, 0x09, 0x02, 0x08, 0x28, 0x00, 0x09,
+ 0x02, 0x09, 0x28, 0x01, 0x09, 0x02, 0x0a, 0x28, 0x01,
+ 0x09, 0x02, 0x0b, 0x09, 0x01, 0x00, 0x09, 0x02, 0x0c,
+ 0x09, 0x1f, 0x40, 0x09, 0x02, 0x0d, 0x28, 0x00, 0x09,
+ 0x02, 0x0e, 0x28, 0x01, 0x36, 0x00, 0x65, 0x09, 0x00,
+ 0x00, 0x0a, 0x00, 0x01, 0x00, 0x01, 0x09, 0x00, 0x01,
+ 0x35, 0x03, 0x19, 0x12, 0x00, 0x09, 0x00, 0x04, 0x35,
+ 0x0d, 0x35, 0x06, 0x19, 0x01, 0x00, 0x09, 0x00, 0x01,
+ 0x35, 0x03, 0x19, 0x00, 0x01, 0x09, 0x00, 0x06, 0x35,
+ 0x09, 0x09, 0x65, 0x6e, 0x09, 0x00, 0x6a, 0x09, 0x01,
+ 0x00, 0x09, 0x00, 0x09, 0x35, 0x08, 0x35, 0x06, 0x19,
+ 0x12, 0x00, 0x09, 0x01, 0x00, 0x09, 0x01, 0x01, 0x25,
+ 0x00, 0x09, 0x02, 0x00, 0x09, 0x01, 0x00, 0x09, 0x02,
+ 0x01, 0x09, 0x23, 0x3d, 0x09, 0x02, 0x02, 0x09, 0x01,
+ 0x3d, 0x09, 0x02, 0x03, 0x09, 0x00, 0x00, 0x09, 0x02,
+ 0x04, 0x28, 0x01, 0x09, 0x02, 0x05, 0x09, 0x00, 0x02,
+ 0x00 }; /* no continuation */
+
+static struct raw_dataset hid_keyboard_rsp_data = {
+ .pdu = hid_keyboard_rsp_pdu,
+ .len = sizeof(hid_keyboard_rsp_pdu),
+};
+
static void hid_sdp_cid_hook_cb(const void *data, uint16_t len, void *user_data)
{
struct test_data *t_data = tester_get_data();
@@ -284,6 +352,12 @@ static struct emu_set_l2cap_data l2cap_setup_sdp_data = {
.user_data = &hid_rsp_data,
};

+static struct emu_set_l2cap_data l2cap_setup_keyboard_sdp_data = {
+ .psm = 1,
+ .func = hid_sdp_search_cb,
+ .user_data = &hid_keyboard_rsp_data,
+};
+
/* Emulate Control Channel (PSM = 17) */
static struct emu_set_l2cap_data l2cap_setup_cc_data = {
.psm = 17,
@@ -571,6 +645,28 @@ static struct test_case test_cases[] = {
BTHH_CONN_STATE_CONNECTED),
ACTION_SUCCESS(hidhost_send_data_action, NULL),
),
+ TEST_CASE_BREDRLE("HidHost Encrypted Out. Conn. Success",
+ ACTION_SUCCESS(bluetooth_enable_action, NULL),
+ CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_ON),
+ ACTION_SUCCESS(emu_setup_powered_remote_action, NULL),
+ ACTION_SUCCESS(emu_set_ssp_mode_action, NULL),
+ ACTION_SUCCESS(set_default_ssp_request_handler, NULL),
+ ACTION_SUCCESS(emu_add_l2cap_server_action,
+ &l2cap_setup_keyboard_sdp_data),
+ ACTION_SUCCESS(emu_add_l2cap_server_action,
+ &l2cap_setup_cc_data),
+ ACTION_SUCCESS(emu_add_l2cap_server_action,
+ &l2cap_setup_ic_data),
+ ACTION_SUCCESS(hidhost_connect_action, NULL),
+ CALLBACK_STATE(CB_HH_CONNECTION_STATE,
+ BTHH_CONN_STATE_CONNECTED),
+ ACTION_SUCCESS(hidhost_send_data_action, NULL),
+ ACTION_SUCCESS(bt_verify_encryption_action, NULL),
+ ACTION_SUCCESS(bluetooth_disable_action, NULL),
+ CALLBACK_STATE(CB_HH_CONNECTION_STATE,
+ BTHH_CONN_STATE_DISCONNECTED),
+ CALLBACK_STATE(CB_BT_ADAPTER_STATE_CHANGED, BT_STATE_OFF),
+ ),
};

struct queue *get_hidhost_tests(void)
--
1.9.1


2014-09-03 09:02:46

by Jakub Tyszkowski

[permalink] [raw]
Subject: [PATCH 5/8] emulator/btdev: Overwrite default feature mask when SPP is toggled

Without this we cannot test the legacy HID Device reconnection, as L2Cap
connection is refused when SSP is reported in remote device's features.
---
emulator/btdev.c | 7 +++++++
1 file changed, 7 insertions(+)

diff --git a/emulator/btdev.c b/emulator/btdev.c
index 86fd3d9..8aebb8f 100644
--- a/emulator/btdev.c
+++ b/emulator/btdev.c
@@ -2332,6 +2332,13 @@ static void default_cmd(struct btdev *btdev, uint16_t opcode,
goto unsupported;
wspm = data;
btdev->simple_pairing_mode = wspm->mode;
+
+ /* set SSP feature mask */
+ if (wspm->mode)
+ btdev->features[6] |= 0x08;
+ else
+ btdev->features[6] &= ~0x08;
+
status = BT_HCI_ERR_SUCCESS;
cmd_complete(btdev, opcode, &status, sizeof(status));
break;
--
1.9.1


2014-09-03 09:02:45

by Jakub Tyszkowski

[permalink] [raw]
Subject: [PATCH 4/8] android/tester: Fix HIDHost cases sending fixed tid sdp responses

Multiple cases were affected because of hardcoded transaction id for
emulated remote's SDP responses.

This resulted in the following error in the daemon:
bluetoothd[13486]: sdp_process: Protocol error.

To solve this, sdp response counter was added.
---
android/tester-hidhost.c | 10 +++++++++-
android/tester-main.h | 2 ++
2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/android/tester-hidhost.c b/android/tester-hidhost.c
index 479be1e..143b5a6 100644
--- a/android/tester-hidhost.c
+++ b/android/tester-hidhost.c
@@ -21,6 +21,7 @@
#include "tester-main.h"

#include "android/utils.h"
+#include "src/shared/util.h"

#define HID_GET_REPORT_PROTOCOL 0x60
#define HID_GET_BOOT_PROTOCOL 0x61
@@ -214,6 +215,7 @@ static void hid_sdp_cid_hook_cb(const void *data, uint16_t len, void *user_data)
struct bthost *bthost = hciemu_client_get_host(t_data->hciemu);
struct emu_cid_data *cid_data = user_data;
struct raw_dataset *sdp_data = cid_data->user_data;
+ uint8_t *sdp_buf;

if (!memcmp(did_req_pdu, data, len)) {
bthost_send_cid(bthost, cid_data->sdp_handle, cid_data->sdp_cid,
@@ -221,8 +223,14 @@ static void hid_sdp_cid_hook_cb(const void *data, uint16_t len, void *user_data)
return;
}

+ /* Increment transaction id for each SDP response */
+ sdp_buf = g_memdup(sdp_data->pdu, sdp_data->len);
+ put_be16(++t_data->sdp_call_cnt, &sdp_buf[1]);
+
bthost_send_cid(bthost, cid_data->sdp_handle, cid_data->sdp_cid,
- sdp_data->pdu, sdp_data->len);
+ sdp_buf, sdp_data->len);
+
+ g_free(sdp_buf);
}
static void hid_sdp_search_cb(uint16_t handle, uint16_t cid, void *user_data)
{
diff --git a/android/tester-main.h b/android/tester-main.h
index cb8300d..5fa4649 100644
--- a/android/tester-main.h
+++ b/android/tester-main.h
@@ -332,6 +332,8 @@ struct test_data {

struct queue *pdus;
bool is_encrypted;
+
+ uint16_t sdp_call_cnt;
};

/*
--
1.9.1


2014-09-03 09:02:43

by Jakub Tyszkowski

[permalink] [raw]
Subject: [PATCH 2/8] android/tester: Allow HIDHost to use custom sdp response

This is needed to test security levels for different devices. So far we
had Mouse device but, we need to test security level elevation for
keyboards.
---
android/tester-hidhost.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/android/tester-hidhost.c b/android/tester-hidhost.c
index c7e3a67..b454db4 100644
--- a/android/tester-hidhost.c
+++ b/android/tester-hidhost.c
@@ -55,10 +55,17 @@ struct emu_cid_data {
uint16_t ctrl_cid;
uint16_t intr_handle;
uint16_t intr_cid;
+
+ void *user_data;
};

static struct emu_cid_data cid_data;

+struct raw_dataset {
+ const void *pdu;
+ int len;
+};
+
static const uint8_t did_req_pdu[] = { 0x06, /* PDU id */
0x00, 0x00, /* Transaction id */
0x00, 0x0f, /* Req length */
@@ -128,11 +135,17 @@ static const uint8_t hid_rsp_pdu[] = { 0x07, /* PDU id */
0x00, 0x09, 0x02, 0x0e, 0x28, 0x01,
0x00 }; /* no continuation */

+static struct raw_dataset hid_rsp_data = {
+ .pdu = hid_rsp_pdu,
+ .len = sizeof(hid_rsp_pdu),
+};
+
static void hid_sdp_cid_hook_cb(const void *data, uint16_t len, void *user_data)
{
struct test_data *t_data = tester_get_data();
struct bthost *bthost = hciemu_client_get_host(t_data->hciemu);
struct emu_cid_data *cid_data = user_data;
+ struct raw_dataset *sdp_data = cid_data->user_data;

if (!memcmp(did_req_pdu, data, len)) {
bthost_send_cid(bthost, cid_data->sdp_handle, cid_data->sdp_cid,
@@ -141,7 +154,7 @@ static void hid_sdp_cid_hook_cb(const void *data, uint16_t len, void *user_data)
}

bthost_send_cid(bthost, cid_data->sdp_handle, cid_data->sdp_cid,
- hid_rsp_pdu, sizeof(hid_rsp_pdu));
+ sdp_data->pdu, sdp_data->len);
}
static void hid_sdp_search_cb(uint16_t handle, uint16_t cid, void *user_data)
{
@@ -150,6 +163,7 @@ static void hid_sdp_search_cb(uint16_t handle, uint16_t cid, void *user_data)

cid_data.sdp_handle = handle;
cid_data.sdp_cid = cid;
+ cid_data.user_data = user_data;

bthost_add_cid_hook(bthost, handle, cid, hid_sdp_cid_hook_cb,
&cid_data);
@@ -267,7 +281,7 @@ static void hid_intr_connect_cb(uint16_t handle, uint16_t cid, void *user_data)
static struct emu_set_l2cap_data l2cap_setup_sdp_data = {
.psm = 1,
.func = hid_sdp_search_cb,
- .user_data = NULL,
+ .user_data = &hid_rsp_data,
};

/* Emulate Control Channel (PSM = 17) */
--
1.9.1