pw_bluetooth_sapphire/host/att/permissions_test.cc - pigweed/pigweed - Git at Google

 // Copyright 2023 The Pigweed Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License"); you may not
 // use this file except in compliance with the License. You may obtain a copy of
 // the License at
 //
 //     https://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 // License for the specific language governing permissions and limitations under
 // the License.

 #include "pw_bluetooth_sapphire/internal/host/att/permissions.h"

 #include "pw_unit_test/framework.h"

 namespace bt::att {
 namespace {

 const AccessRequirements kDisallowed;
 const AccessRequirements kNoSecurityReq(/*encryption=*/false,
                                         /*authentication=*/false,
                                         /*authorization=*/false);
 const AccessRequirements kEncryptionReq(/*encryption=*/true,
                                         /*authentication=*/false,
                                         /*authorization=*/false);
 const AccessRequirements kEncryptionWithMinKeySizeReq(/*encryption=*/true,
                                                       /*authentication=*/false,
                                                       /*authorization=*/false,
                                                       7);
 const AccessRequirements kAuthenticationReq(/*encryption=*/false,
                                             /*authentication=*/true,
                                             /*authorization=*/false);
 const AccessRequirements kAuthorizationReq(/*encryption=*/false,
                                            /*authentication=*/false,
                                            /*authorization=*/true);
 const AccessRequirements kAuthorizationWithMinKeySizeReq(
     /*encryption=*/false,
     /*authentication=*/false,
     /*authorization=*/true,
     7);

 const sm::SecurityProperties kNoSecurity(sm::SecurityLevel::kNoSecurity,
                                          16,
                                          /*secure_connections=*/false);
 const sm::SecurityProperties kEncrypted(sm::SecurityLevel::kEncrypted,
                                         16,
                                         /*secure_connections=*/false);
 const sm::SecurityProperties kEncryptedWithMinKeySize(
     sm::SecurityLevel::kEncrypted,
     7,
     /*secure_connections=*/false);
 const sm::SecurityProperties kAuthenticated(sm::SecurityLevel::kAuthenticated,
                                             16,
                                             /*secure_connections=*/false);
 const sm::SecurityProperties kAuthenticatedWithMinKeySize(
     sm::SecurityLevel::kAuthenticated,
     7,
     /*secure_connections=*/false);

 TEST(PermissionsTest, ReadNotPermittedWhenDisallowed) {
   EXPECT_EQ(ErrorCode::kReadNotPermitted,
             CheckReadPermissions(kDisallowed, kNoSecurity).error_value());
   EXPECT_EQ(ErrorCode::kReadNotPermitted,
             CheckReadPermissions(kDisallowed, kEncrypted).error_value());
   EXPECT_EQ(ErrorCode::kReadNotPermitted,
             CheckReadPermissions(kDisallowed, kAuthenticated).error_value());
 }

 TEST(PermissionsTest, WriteNotPermittedWhenDisallowed) {
   EXPECT_EQ(ErrorCode::kWriteNotPermitted,
             CheckWritePermissions(kDisallowed, kNoSecurity).error_value());
   EXPECT_EQ(ErrorCode::kWriteNotPermitted,
             CheckWritePermissions(kDisallowed, kEncrypted).error_value());
   EXPECT_EQ(ErrorCode::kWriteNotPermitted,
             CheckWritePermissions(kDisallowed, kAuthenticated).error_value());
 }

 TEST(PermissionsTest, LinkNotSecure) {
   EXPECT_EQ(fit::ok(), CheckReadPermissions(kNoSecurityReq, kNoSecurity));
   EXPECT_EQ(fit::ok(), CheckWritePermissions(kNoSecurityReq, kNoSecurity));

   EXPECT_EQ(ErrorCode::kInsufficientAuthentication,
             CheckReadPermissions(kEncryptionReq, kNoSecurity).error_value());
   EXPECT_EQ(ErrorCode::kInsufficientAuthentication,
             CheckWritePermissions(kEncryptionReq, kNoSecurity).error_value());

   EXPECT_EQ(
       ErrorCode::kInsufficientAuthentication,
       CheckReadPermissions(kAuthenticationReq, kNoSecurity).error_value());
   EXPECT_EQ(
       ErrorCode::kInsufficientAuthentication,
       CheckWritePermissions(kAuthenticationReq, kNoSecurity).error_value());

   EXPECT_EQ(ErrorCode::kInsufficientAuthentication,
             CheckReadPermissions(kAuthorizationReq, kNoSecurity).error_value());
   EXPECT_EQ(
       ErrorCode::kInsufficientAuthentication,
       CheckWritePermissions(kAuthorizationReq, kNoSecurity).error_value());
 }

 TEST(PermissionsTest, LinkEncrypted) {
   EXPECT_EQ(fit::ok(), CheckReadPermissions(kNoSecurityReq, kEncrypted));
   EXPECT_EQ(fit::ok(), CheckWritePermissions(kNoSecurityReq, kEncrypted));

   EXPECT_EQ(fit::ok(), CheckReadPermissions(kEncryptionReq, kEncrypted));
   EXPECT_EQ(fit::ok(), CheckWritePermissions(kEncryptionReq, kEncrypted));

   EXPECT_EQ(ErrorCode::kInsufficientAuthentication,
             CheckReadPermissions(kAuthenticationReq, kEncrypted).error_value());
   EXPECT_EQ(
       ErrorCode::kInsufficientAuthentication,
       CheckWritePermissions(kAuthenticationReq, kEncrypted).error_value());

   EXPECT_EQ(ErrorCode::kInsufficientAuthentication,
             CheckReadPermissions(kAuthorizationReq, kEncrypted).error_value());
   EXPECT_EQ(ErrorCode::kInsufficientAuthentication,
             CheckWritePermissions(kAuthorizationReq, kEncrypted).error_value());

   EXPECT_EQ(fit::ok(),
             CheckReadPermissions(kEncryptionWithMinKeySizeReq,
                                  kEncryptedWithMinKeySize));
   EXPECT_EQ(fit::ok(),
             CheckWritePermissions(kEncryptionWithMinKeySizeReq,
                                   kEncryptedWithMinKeySize));

   EXPECT_EQ(ErrorCode::kInsufficientEncryptionKeySize,
             CheckReadPermissions(kEncryptionReq, kEncryptedWithMinKeySize)
                 .error_value());
   EXPECT_EQ(ErrorCode::kInsufficientEncryptionKeySize,
             CheckWritePermissions(kEncryptionReq, kEncryptedWithMinKeySize)
                 .error_value());
 }

 TEST(PermissionsTest, LinkAuthenticated) {
   EXPECT_EQ(fit::ok(), CheckReadPermissions(kNoSecurityReq, kAuthenticated));
   EXPECT_EQ(fit::ok(), CheckWritePermissions(kNoSecurityReq, kAuthenticated));

   EXPECT_EQ(fit::ok(), CheckReadPermissions(kEncryptionReq, kAuthenticated));
   EXPECT_EQ(fit::ok(), CheckWritePermissions(kEncryptionReq, kAuthenticated));

   EXPECT_EQ(fit::ok(),
             CheckReadPermissions(kAuthenticationReq, kAuthenticated));
   EXPECT_EQ(fit::ok(),
             CheckWritePermissions(kAuthenticationReq, kAuthenticated));

   EXPECT_EQ(fit::ok(), CheckReadPermissions(kAuthorizationReq, kAuthenticated));
   EXPECT_EQ(fit::ok(),
             CheckWritePermissions(kAuthorizationReq, kAuthenticated));

   EXPECT_EQ(ErrorCode::kInsufficientEncryptionKeySize,
             CheckReadPermissions(kEncryptionReq, kAuthenticatedWithMinKeySize)
                 .error_value());
   EXPECT_EQ(ErrorCode::kInsufficientEncryptionKeySize,
             CheckWritePermissions(kEncryptionReq, kAuthenticatedWithMinKeySize)
                 .error_value());
 }

 }  // namespace
 }  // namespace bt::att
	// Copyright 2023 The Pigweed Authors
	//
	// Licensed under the Apache License, Version 2.0 (the "License"); you may not
	// use this file except in compliance with the License. You may obtain a copy of
	// the License at
	//
	// https://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
	// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
	// License for the specific language governing permissions and limitations under
	// the License.

	#include "pw_bluetooth_sapphire/internal/host/att/permissions.h"

	#include "pw_unit_test/framework.h"

	namespace bt::att {
	namespace {

	const AccessRequirements kDisallowed;
	const AccessRequirements kNoSecurityReq(/encryption=/false,
	/authentication=/false,
	/authorization=/false);
	const AccessRequirements kEncryptionReq(/encryption=/true,
	/authentication=/false,
	/authorization=/false);
	const AccessRequirements kEncryptionWithMinKeySizeReq(/encryption=/true,
	/authentication=/false,
	/authorization=/false,
	7);
	const AccessRequirements kAuthenticationReq(/encryption=/false,
	/authentication=/true,
	/authorization=/false);
	const AccessRequirements kAuthorizationReq(/encryption=/false,
	/authentication=/false,
	/authorization=/true);
	const AccessRequirements kAuthorizationWithMinKeySizeReq(
	/encryption=/false,
	/authentication=/false,
	/authorization=/true,
	7);

	const sm::SecurityProperties kNoSecurity(sm::SecurityLevel::kNoSecurity,
	16,
	/secure_connections=/false);
	const sm::SecurityProperties kEncrypted(sm::SecurityLevel::kEncrypted,
	16,
	/secure_connections=/false);
	const sm::SecurityProperties kEncryptedWithMinKeySize(
	sm::SecurityLevel::kEncrypted,
	7,
	/secure_connections=/false);
	const sm::SecurityProperties kAuthenticated(sm::SecurityLevel::kAuthenticated,
	16,
	/secure_connections=/false);
	const sm::SecurityProperties kAuthenticatedWithMinKeySize(
	sm::SecurityLevel::kAuthenticated,
	7,
	/secure_connections=/false);

	TEST(PermissionsTest, ReadNotPermittedWhenDisallowed) {
	EXPECT_EQ(ErrorCode::kReadNotPermitted,
	CheckReadPermissions(kDisallowed, kNoSecurity).error_value());
	EXPECT_EQ(ErrorCode::kReadNotPermitted,
	CheckReadPermissions(kDisallowed, kEncrypted).error_value());
	EXPECT_EQ(ErrorCode::kReadNotPermitted,
	CheckReadPermissions(kDisallowed, kAuthenticated).error_value());
	}

	TEST(PermissionsTest, WriteNotPermittedWhenDisallowed) {
	EXPECT_EQ(ErrorCode::kWriteNotPermitted,
	CheckWritePermissions(kDisallowed, kNoSecurity).error_value());
	EXPECT_EQ(ErrorCode::kWriteNotPermitted,
	CheckWritePermissions(kDisallowed, kEncrypted).error_value());
	EXPECT_EQ(ErrorCode::kWriteNotPermitted,
	CheckWritePermissions(kDisallowed, kAuthenticated).error_value());
	}

	TEST(PermissionsTest, LinkNotSecure) {
	EXPECT_EQ(fit::ok(), CheckReadPermissions(kNoSecurityReq, kNoSecurity));
	EXPECT_EQ(fit::ok(), CheckWritePermissions(kNoSecurityReq, kNoSecurity));

	EXPECT_EQ(ErrorCode::kInsufficientAuthentication,
	CheckReadPermissions(kEncryptionReq, kNoSecurity).error_value());
	EXPECT_EQ(ErrorCode::kInsufficientAuthentication,
	CheckWritePermissions(kEncryptionReq, kNoSecurity).error_value());

	EXPECT_EQ(
	ErrorCode::kInsufficientAuthentication,
	CheckReadPermissions(kAuthenticationReq, kNoSecurity).error_value());
	EXPECT_EQ(
	ErrorCode::kInsufficientAuthentication,
	CheckWritePermissions(kAuthenticationReq, kNoSecurity).error_value());

	EXPECT_EQ(ErrorCode::kInsufficientAuthentication,
	CheckReadPermissions(kAuthorizationReq, kNoSecurity).error_value());
	EXPECT_EQ(
	ErrorCode::kInsufficientAuthentication,
	CheckWritePermissions(kAuthorizationReq, kNoSecurity).error_value());
	}

	TEST(PermissionsTest, LinkEncrypted) {
	EXPECT_EQ(fit::ok(), CheckReadPermissions(kNoSecurityReq, kEncrypted));
	EXPECT_EQ(fit::ok(), CheckWritePermissions(kNoSecurityReq, kEncrypted));

	EXPECT_EQ(fit::ok(), CheckReadPermissions(kEncryptionReq, kEncrypted));
	EXPECT_EQ(fit::ok(), CheckWritePermissions(kEncryptionReq, kEncrypted));

	EXPECT_EQ(ErrorCode::kInsufficientAuthentication,
	CheckReadPermissions(kAuthenticationReq, kEncrypted).error_value());
	EXPECT_EQ(
	ErrorCode::kInsufficientAuthentication,
	CheckWritePermissions(kAuthenticationReq, kEncrypted).error_value());

	EXPECT_EQ(ErrorCode::kInsufficientAuthentication,
	CheckReadPermissions(kAuthorizationReq, kEncrypted).error_value());
	EXPECT_EQ(ErrorCode::kInsufficientAuthentication,
	CheckWritePermissions(kAuthorizationReq, kEncrypted).error_value());

	EXPECT_EQ(fit::ok(),
	CheckReadPermissions(kEncryptionWithMinKeySizeReq,
	kEncryptedWithMinKeySize));
	EXPECT_EQ(fit::ok(),
	CheckWritePermissions(kEncryptionWithMinKeySizeReq,
	kEncryptedWithMinKeySize));

	EXPECT_EQ(ErrorCode::kInsufficientEncryptionKeySize,
	CheckReadPermissions(kEncryptionReq, kEncryptedWithMinKeySize)
	.error_value());
	EXPECT_EQ(ErrorCode::kInsufficientEncryptionKeySize,
	CheckWritePermissions(kEncryptionReq, kEncryptedWithMinKeySize)
	.error_value());
	}

	TEST(PermissionsTest, LinkAuthenticated) {
	EXPECT_EQ(fit::ok(), CheckReadPermissions(kNoSecurityReq, kAuthenticated));
	EXPECT_EQ(fit::ok(), CheckWritePermissions(kNoSecurityReq, kAuthenticated));

	EXPECT_EQ(fit::ok(), CheckReadPermissions(kEncryptionReq, kAuthenticated));
	EXPECT_EQ(fit::ok(), CheckWritePermissions(kEncryptionReq, kAuthenticated));

	EXPECT_EQ(fit::ok(),
	CheckReadPermissions(kAuthenticationReq, kAuthenticated));
	EXPECT_EQ(fit::ok(),
	CheckWritePermissions(kAuthenticationReq, kAuthenticated));

	EXPECT_EQ(fit::ok(), CheckReadPermissions(kAuthorizationReq, kAuthenticated));
	EXPECT_EQ(fit::ok(),
	CheckWritePermissions(kAuthorizationReq, kAuthenticated));

	EXPECT_EQ(ErrorCode::kInsufficientEncryptionKeySize,
	CheckReadPermissions(kEncryptionReq, kAuthenticatedWithMinKeySize)
	.error_value());
	EXPECT_EQ(ErrorCode::kInsufficientEncryptionKeySize,
	CheckWritePermissions(kEncryptionReq, kAuthenticatedWithMinKeySize)
	.error_value());
	}

	} // namespace
	} // namespace bt::att