1 /*
2 * Copyright (c) 2022 Nordic Semiconductor ASA
3 *
4 * SPDX-License-Identifier: Apache-2.0
5 */
6
7 #include <zephyr/types.h>
8 #include <zephyr/ztest.h>
9
10 #include <zephyr/bluetooth/hci.h>
11 #include <zephyr/sys/byteorder.h>
12 #include <zephyr/sys/slist.h>
13 #include <zephyr/sys/util.h>
14 #include "hal/ccm.h"
15
16 #include "util/util.h"
17 #include "util/mem.h"
18 #include "util/memq.h"
19 #include "util/dbuf.h"
20
21 #include "pdu_df.h"
22 #include "lll/pdu_vendor.h"
23 #include "pdu.h"
24 #include "ll.h"
25 #include "ll_settings.h"
26 #include "ll_feat.h"
27
28 #include "lll.h"
29 #include "lll/lll_df_types.h"
30 #include "lll_conn.h"
31 #include "lll_conn_iso.h"
32 #include "ull_tx_queue.h"
33
34 #include "isoal.h"
35 #include "ull_iso_types.h"
36 #include "ull_conn_iso_types.h"
37 #include "ull_conn_types.h"
38 #include "ull_llcp.h"
39 #include "ull_conn_internal.h"
40 #include "ull_llcp_internal.h"
41
42 #include "helper_pdu.h"
43 #include "helper_util.h"
44
45 static struct ll_conn test_conn;
46
invalid_setup(void * data)47 static void invalid_setup(void *data)
48 {
49 test_setup(&test_conn);
50 }
51
52 #define LLCTRL_PDU_SIZE (offsetof(struct pdu_data, llctrl) + sizeof(struct pdu_data_llctrl))
53
54 /* +-----+ +-------+ +-----+
55 * | UT | | LL_A | | LT |
56 * +-----+ +-------+ +-----+
57 * | | |
58 * | | <PDU> |
59 * | |<------------------|
60 * | | |
61 */
62
lt_tx_invalid_pdu_size(enum helper_pdu_opcode opcode,int adj_size)63 static void lt_tx_invalid_pdu_size(enum helper_pdu_opcode opcode, int adj_size)
64 {
65 struct pdu_data_llctrl_unknown_rsp unknown_rsp;
66 struct pdu_data pdu;
67 struct node_tx *tx;
68 /* PDU contents does not matter when testing for invalid PDU size */
69 uint8_t data[LLCTRL_PDU_SIZE] = { 0 };
70
71 /* Encode a PDU for the opcode */
72 encode_pdu(opcode, &pdu, &data);
73
74 /* Setup the LL_UNKNOWN_RSP expected for the PDU */
75 if (opcode == LL_ZERO) {
76 /* we use 0xff in response if length was 0 */
77 unknown_rsp.type = PDU_DATA_LLCTRL_TYPE_UNUSED;
78 } else {
79 unknown_rsp.type = pdu.llctrl.opcode;
80 }
81
82 /* adjust PDU len */
83 pdu.len += adj_size;
84
85 /* Connect */
86 ull_cp_state_set(&test_conn, ULL_CP_CONNECTED);
87
88 /* Prepare */
89 event_prepare(&test_conn);
90
91 /* Rx */
92 lt_tx_no_encode(&pdu, &test_conn, NULL);
93
94 /* Done */
95 event_done(&test_conn);
96
97 /* Prepare */
98 event_prepare(&test_conn);
99
100 /* Tx Queue should have one LL Control PDU */
101 lt_rx(LL_UNKNOWN_RSP, &test_conn, &tx, &unknown_rsp);
102 lt_rx_q_is_empty(&test_conn);
103
104 /* Done */
105 event_done(&test_conn);
106
107 /* Release Tx */
108 ull_cp_release_tx(&test_conn, tx);
109
110 /* There should not be a host notifications */
111 ut_rx_q_is_empty();
112
113 zassert_equal(llcp_ctx_buffers_free(), test_ctx_buffers_cnt(),
114 "Free CTX buffers %d", llcp_ctx_buffers_free());
115 }
116
ZTEST(invalid,test_invalid_pdu_ignore_rx)117 ZTEST(invalid, test_invalid_pdu_ignore_rx)
118 {
119 /* Role */
120 test_set_role(&test_conn, BT_HCI_ROLE_PERIPHERAL);
121
122 /* Test too small PDUs */
123 lt_tx_invalid_pdu_size(LL_ZERO, 0); /* 0 length PDU */
124 lt_tx_invalid_pdu_size(LL_VERSION_IND, -1);
125 /* lt_tx_invalid_pdu_size(LL_LE_PING_REQ, -1); */
126 /* lt_tx_invalid_pdu_size(LL_LE_PING_RSP, -1); */
127 lt_tx_invalid_pdu_size(LL_FEATURE_REQ, -1);
128 lt_tx_invalid_pdu_size(LL_PERIPH_FEAT_XCHG, -1);
129 lt_tx_invalid_pdu_size(LL_FEATURE_RSP, -1);
130 lt_tx_invalid_pdu_size(LL_MIN_USED_CHANS_IND, -1);
131 lt_tx_invalid_pdu_size(LL_REJECT_IND, -1);
132 lt_tx_invalid_pdu_size(LL_REJECT_EXT_IND, -1);
133 lt_tx_invalid_pdu_size(LL_ENC_REQ, -1);
134 lt_tx_invalid_pdu_size(LL_ENC_RSP, -1);
135 /* lt_tx_invalid_pdu_size(LL_START_ENC_REQ, -1); 0 length */
136 /* lt_tx_invalid_pdu_size(LL_START_ENC_RSP, -1); 0 length */
137 /* lt_tx_invalid_pdu_size(LL_PAUSE_ENC_REQ, -1); 0 length */
138 /* lt_tx_invalid_pdu_size(LL_PAUSE_ENC_RSP, -1); 0 length */
139 lt_tx_invalid_pdu_size(LL_PHY_REQ, -1);
140 lt_tx_invalid_pdu_size(LL_PHY_RSP, -1);
141 lt_tx_invalid_pdu_size(LL_PHY_UPDATE_IND, -1);
142 lt_tx_invalid_pdu_size(LL_UNKNOWN_RSP, -1);
143 lt_tx_invalid_pdu_size(LL_CONNECTION_UPDATE_IND, -1);
144 lt_tx_invalid_pdu_size(LL_CONNECTION_PARAM_REQ, -1);
145 lt_tx_invalid_pdu_size(LL_CONNECTION_PARAM_RSP, -1);
146 lt_tx_invalid_pdu_size(LL_TERMINATE_IND, -1);
147 lt_tx_invalid_pdu_size(LL_CHAN_MAP_UPDATE_IND, -1);
148 lt_tx_invalid_pdu_size(LL_LENGTH_REQ, -1);
149 lt_tx_invalid_pdu_size(LL_LENGTH_RSP, -1);
150 lt_tx_invalid_pdu_size(LL_CTE_REQ, -1);
151 /* lt_tx_invalid_pdu_size(LL_CTE_RSP, -1); 0 length */
152
153 /* Test too big PDUs */
154 lt_tx_invalid_pdu_size(LL_VERSION_IND, 1);
155 lt_tx_invalid_pdu_size(LL_LE_PING_REQ, 1);
156 lt_tx_invalid_pdu_size(LL_LE_PING_RSP, 1);
157 lt_tx_invalid_pdu_size(LL_FEATURE_REQ, 1);
158 lt_tx_invalid_pdu_size(LL_PERIPH_FEAT_XCHG, 1);
159 lt_tx_invalid_pdu_size(LL_FEATURE_RSP, 1);
160 lt_tx_invalid_pdu_size(LL_MIN_USED_CHANS_IND, 1);
161 lt_tx_invalid_pdu_size(LL_REJECT_IND, 1);
162 lt_tx_invalid_pdu_size(LL_REJECT_EXT_IND, 1);
163 lt_tx_invalid_pdu_size(LL_ENC_REQ, 1);
164 lt_tx_invalid_pdu_size(LL_ENC_RSP, 1);
165 lt_tx_invalid_pdu_size(LL_START_ENC_REQ, 1);
166 lt_tx_invalid_pdu_size(LL_START_ENC_RSP, 1);
167 lt_tx_invalid_pdu_size(LL_PAUSE_ENC_REQ, 1);
168 lt_tx_invalid_pdu_size(LL_PAUSE_ENC_RSP, 1);
169 lt_tx_invalid_pdu_size(LL_PHY_REQ, 1);
170 lt_tx_invalid_pdu_size(LL_PHY_RSP, 1);
171 lt_tx_invalid_pdu_size(LL_PHY_UPDATE_IND, 1);
172 lt_tx_invalid_pdu_size(LL_UNKNOWN_RSP, 1);
173 lt_tx_invalid_pdu_size(LL_CONNECTION_UPDATE_IND, 1);
174 lt_tx_invalid_pdu_size(LL_CONNECTION_PARAM_REQ, 1);
175 lt_tx_invalid_pdu_size(LL_CONNECTION_PARAM_RSP, 1);
176 lt_tx_invalid_pdu_size(LL_TERMINATE_IND, 1);
177 lt_tx_invalid_pdu_size(LL_CHAN_MAP_UPDATE_IND, 1);
178 lt_tx_invalid_pdu_size(LL_LENGTH_REQ, 1);
179 lt_tx_invalid_pdu_size(LL_LENGTH_RSP, 1);
180 lt_tx_invalid_pdu_size(LL_CTE_REQ, 1);
181 lt_tx_invalid_pdu_size(LL_CTE_RSP, 1);
182 }
183
184 ZTEST_SUITE(invalid, NULL, NULL, invalid_setup, NULL, NULL);
185
