1 /*
2 * Copyright 2020 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 */
17
18 #include <gmock/gmock.h>
19 #include <gtest/gtest.h>
20
21 #include <vector>
22
23 #include "common/strings.h"
24 #include "hci/hci_layer_mock.h"
25 #include "internal_include/bt_target.h"
26 #include "stack/btm/btm_ble_sec.h"
27 #include "stack/btm/btm_dev.h"
28 #include "stack/btm/btm_int_types.h"
29 #include "stack/btm/btm_sec.h"
30 #include "stack/btm/btm_sec_cb.h"
31 #include "stack/btm/security_device_record.h"
32 #include "stack/include/btm_status.h"
33 #include "stack/include/sec_hci_link_interface.h"
34 #include "stack/test/btm/btm_test_fixtures.h"
35 #include "test/mock/mock_main_shim_entry.h"
36 #include "types/raw_address.h"
37
38 extern tBTM_CB btm_cb;
39
40 using namespace bluetooth;
41
42 using ::testing::Return;
43 using ::testing::Test;
44
45 namespace {
46 const RawAddress kRawAddress = RawAddress({0x11, 0x22, 0x33, 0x44, 0x55, 0x66});
47 const uint8_t kBdName[] = "kBdName";
48 constexpr char kTimeFormat[] = "%Y-%m-%d %H:%M:%S";
49 } // namespace
50
51 namespace bluetooth {
52 namespace testing {
53 namespace legacy {
54
55 void wipe_secrets_and_remove(tBTM_SEC_DEV_REC* p_dev_rec);
56
57 } // namespace legacy
58 } // namespace testing
59 } // namespace bluetooth
60
61 using bluetooth::testing::legacy::wipe_secrets_and_remove;
62
63 constexpr size_t kBtmSecMaxDeviceRecords = static_cast<size_t>(BTM_SEC_MAX_DEVICE_RECORDS + 1);
64
65 class StackBtmSecTest : public BtmWithMocksTest {
66 public:
67 protected:
SetUp()68 void SetUp() override { BtmWithMocksTest::SetUp(); }
TearDown()69 void TearDown() override { BtmWithMocksTest::TearDown(); }
70 };
71
72 class StackBtmSecWithQueuesTest : public StackBtmSecTest {
73 public:
74 protected:
SetUp()75 void SetUp() override {
76 StackBtmSecTest::SetUp();
77 up_thread_ = new bluetooth::os::Thread("up_thread", bluetooth::os::Thread::Priority::NORMAL);
78 up_handler_ = new bluetooth::os::Handler(up_thread_);
79 down_thread_ =
80 new bluetooth::os::Thread("down_thread", bluetooth::os::Thread::Priority::NORMAL);
81 down_handler_ = new bluetooth::os::Handler(down_thread_);
82 bluetooth::hci::testing::mock_hci_layer_ = &mock_hci_;
83 bluetooth::hci::testing::mock_gd_shim_handler_ = up_handler_;
84 }
TearDown()85 void TearDown() override {
86 up_handler_->Clear();
87 delete up_handler_;
88 delete up_thread_;
89 down_handler_->Clear();
90 delete down_handler_;
91 delete down_thread_;
92 StackBtmSecTest::TearDown();
93 }
94 bluetooth::common::BidiQueue<bluetooth::hci::ScoView, bluetooth::hci::ScoBuilder> sco_queue_{10};
95 bluetooth::hci::testing::MockHciLayer mock_hci_;
96 bluetooth::os::Thread* up_thread_;
97 bluetooth::os::Handler* up_handler_;
98 bluetooth::os::Thread* down_thread_;
99 bluetooth::os::Handler* down_handler_;
100 };
101
102 class StackBtmSecWithInitFreeTest : public StackBtmSecWithQueuesTest {
103 public:
104 protected:
SetUp()105 void SetUp() override {
106 StackBtmSecWithQueuesTest::SetUp();
107 BTM_Sec_Init();
108 }
TearDown()109 void TearDown() override {
110 BTM_Sec_Free();
111 StackBtmSecWithQueuesTest::TearDown();
112 }
113 };
114
TEST_F(StackBtmSecWithInitFreeTest,btm_sec_encrypt_change)115 TEST_F(StackBtmSecWithInitFreeTest, btm_sec_encrypt_change) {
116 RawAddress bd_addr = RawAddress({0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6});
117 const uint16_t classic_handle = 0x1234;
118 const uint16_t ble_handle = 0x9876;
119
120 // Check the collision conditionals
121 ::btm_sec_cb.collision_start_time = 0UL;
122 btm_sec_encrypt_change(classic_handle, HCI_ERR_LMP_ERR_TRANS_COLLISION, 0x01, 0x10);
123 uint64_t collision_start_time = ::btm_sec_cb.collision_start_time;
124 ASSERT_NE(0UL, collision_start_time);
125
126 ::btm_sec_cb.collision_start_time = 0UL;
127 btm_sec_encrypt_change(classic_handle, HCI_ERR_DIFF_TRANSACTION_COLLISION, 0x01, 0x10);
128 collision_start_time = ::btm_sec_cb.collision_start_time;
129 ASSERT_NE(0UL, collision_start_time);
130
131 // No device
132 ::btm_sec_cb.collision_start_time = 0;
133 btm_sec_encrypt_change(classic_handle, HCI_SUCCESS, 0x01, 0x10);
134 ASSERT_EQ(0UL, ::btm_sec_cb.collision_start_time);
135
136 // Setup device
137 tBTM_SEC_DEV_REC* device_record = btm_sec_allocate_dev_rec();
138 ASSERT_NE(nullptr, device_record);
139 ASSERT_EQ(BTM_SEC_IN_USE, device_record->sec_rec.sec_flags);
140 device_record->bd_addr = bd_addr;
141 device_record->hci_handle = classic_handle;
142 device_record->ble_hci_handle = ble_handle;
143
144 // With classic device encryption enable
145 btm_sec_encrypt_change(classic_handle, HCI_SUCCESS, 0x01, 0x10);
146 ASSERT_EQ(BTM_SEC_IN_USE | BTM_SEC_AUTHENTICATED | BTM_SEC_ENCRYPTED,
147 device_record->sec_rec.sec_flags);
148
149 // With classic device encryption disable
150 btm_sec_encrypt_change(classic_handle, HCI_SUCCESS, 0x00, 0x10);
151 ASSERT_EQ(BTM_SEC_IN_USE | BTM_SEC_AUTHENTICATED, device_record->sec_rec.sec_flags);
152 device_record->sec_rec.sec_flags = BTM_SEC_IN_USE;
153
154 // With le device encryption enable
155 btm_sec_encrypt_change(ble_handle, HCI_SUCCESS, 0x01, 0x10);
156 ASSERT_EQ(BTM_SEC_IN_USE | BTM_SEC_LE_ENCRYPTED, device_record->sec_rec.sec_flags);
157
158 // With le device encryption disable
159 btm_sec_encrypt_change(ble_handle, HCI_SUCCESS, 0x00, 0x10);
160 ASSERT_EQ(BTM_SEC_IN_USE, device_record->sec_rec.sec_flags);
161 device_record->sec_rec.sec_flags = BTM_SEC_IN_USE;
162
163 wipe_secrets_and_remove(device_record);
164 }
165
TEST_F(StackBtmSecWithInitFreeTest,BTM_SetEncryption)166 TEST_F(StackBtmSecWithInitFreeTest, BTM_SetEncryption) {
167 const RawAddress bd_addr = RawAddress({0x11, 0x22, 0x33, 0x44, 0x55, 0x66});
168 const tBT_TRANSPORT transport{BT_TRANSPORT_LE};
169 tBTM_SEC_CALLBACK* p_callback{nullptr};
170 tBTM_BLE_SEC_ACT sec_act{BTM_BLE_SEC_ENCRYPT};
171
172 // No device
173 ASSERT_EQ(tBTM_STATUS::BTM_WRONG_MODE,
174 BTM_SetEncryption(bd_addr, transport, p_callback, nullptr, sec_act));
175
176 // With device
177 tBTM_SEC_DEV_REC* device_record = btm_sec_allocate_dev_rec();
178 ASSERT_NE(nullptr, device_record);
179 device_record->bd_addr = bd_addr;
180 device_record->hci_handle = 0x1234;
181
182 ASSERT_EQ(tBTM_STATUS::BTM_WRONG_MODE,
183 BTM_SetEncryption(bd_addr, transport, p_callback, nullptr, sec_act));
184
185 wipe_secrets_and_remove(device_record);
186 }
187
TEST_F(StackBtmSecTest,btm_ble_sec_req_act_text)188 TEST_F(StackBtmSecTest, btm_ble_sec_req_act_text) {
189 ASSERT_EQ("BTM_BLE_SEC_REQ_ACT_NONE", btm_ble_sec_req_act_text(BTM_BLE_SEC_REQ_ACT_NONE));
190 ASSERT_EQ("BTM_BLE_SEC_REQ_ACT_ENCRYPT", btm_ble_sec_req_act_text(BTM_BLE_SEC_REQ_ACT_ENCRYPT));
191 ASSERT_EQ("BTM_BLE_SEC_REQ_ACT_PAIR", btm_ble_sec_req_act_text(BTM_BLE_SEC_REQ_ACT_PAIR));
192 ASSERT_EQ("BTM_BLE_SEC_REQ_ACT_DISCARD", btm_ble_sec_req_act_text(BTM_BLE_SEC_REQ_ACT_DISCARD));
193 }
194
TEST_F(StackBtmSecWithInitFreeTest,btm_sec_allocate_dev_rec__all)195 TEST_F(StackBtmSecWithInitFreeTest, btm_sec_allocate_dev_rec__all) {
196 tBTM_SEC_DEV_REC* records[kBtmSecMaxDeviceRecords];
197
198 // Fill up the records
199 for (size_t i = 0; i < kBtmSecMaxDeviceRecords; i++) {
200 ASSERT_EQ(i, list_length(::btm_sec_cb.sec_dev_rec));
201 records[i] = btm_sec_allocate_dev_rec();
202 ASSERT_NE(nullptr, records[i]);
203 }
204
205 // Second pass up the records
206 for (size_t i = 0; i < kBtmSecMaxDeviceRecords; i++) {
207 ASSERT_EQ(kBtmSecMaxDeviceRecords, list_length(::btm_sec_cb.sec_dev_rec));
208 records[i] = btm_sec_allocate_dev_rec();
209 ASSERT_NE(nullptr, records[i]);
210 }
211
212 // NOTE: The memory allocated for each record is automatically
213 // allocated by the btm module and freed when the device record
214 // list is freed.
215 // Further, the memory for each record is reused when necessary.
216 }
217
TEST_F(StackBtmSecTest,btm_oob_data_text)218 TEST_F(StackBtmSecTest, btm_oob_data_text) {
219 std::vector<std::pair<tBTM_OOB_DATA, std::string>> datas = {
220 std::make_pair(BTM_OOB_NONE, "BTM_OOB_NONE"),
221 std::make_pair(BTM_OOB_PRESENT_192, "BTM_OOB_PRESENT_192"),
222 std::make_pair(BTM_OOB_PRESENT_256, "BTM_OOB_PRESENT_256"),
223 std::make_pair(BTM_OOB_PRESENT_192_AND_256, "BTM_OOB_PRESENT_192_AND_256"),
224 std::make_pair(BTM_OOB_UNKNOWN, "BTM_OOB_UNKNOWN"),
225 };
226 for (const auto& data : datas) {
227 ASSERT_STREQ(data.second.c_str(), btm_oob_data_text(data.first).c_str());
228 }
229 auto unknown = base::StringPrintf("UNKNOWN[%hhu]", std::numeric_limits<std::uint8_t>::max());
230 ASSERT_STREQ(
231 unknown.c_str(),
232 btm_oob_data_text(static_cast<tBTM_OOB_DATA>(std::numeric_limits<std::uint8_t>::max()))
233 .c_str());
234 }
235
TEST_F(StackBtmSecTest,bond_type_text)236 TEST_F(StackBtmSecTest, bond_type_text) {
237 std::vector<std::pair<tBTM_BOND_TYPE, std::string>> datas = {
238 std::make_pair(BOND_TYPE_UNKNOWN, "BOND_TYPE_UNKNOWN"),
239 std::make_pair(BOND_TYPE_PERSISTENT, "BOND_TYPE_PERSISTENT"),
240 std::make_pair(BOND_TYPE_TEMPORARY, "BOND_TYPE_TEMPORARY"),
241 };
242 for (const auto& data : datas) {
243 ASSERT_STREQ(data.second.c_str(), bond_type_text(data.first).c_str());
244 }
245 auto unknown = base::StringPrintf("UNKNOWN[%hhu]", std::numeric_limits<std::uint8_t>::max());
246 ASSERT_STREQ(unknown.c_str(),
247 bond_type_text(static_cast<tBTM_BOND_TYPE>(std::numeric_limits<std::uint8_t>::max()))
248 .c_str());
249 }
250
TEST_F(StackBtmSecWithInitFreeTest,wipe_secrets_and_remove)251 TEST_F(StackBtmSecWithInitFreeTest, wipe_secrets_and_remove) {
252 RawAddress bd_addr = RawAddress({0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6});
253 const uint16_t classic_handle = 0x1234;
254 const uint16_t ble_handle = 0x9876;
255
256 // Setup device
257 tBTM_SEC_DEV_REC* device_record = btm_sec_allocate_dev_rec();
258 ASSERT_NE(nullptr, device_record);
259 ASSERT_EQ(BTM_SEC_IN_USE, device_record->sec_rec.sec_flags);
260 device_record->bd_addr = bd_addr;
261 device_record->hci_handle = classic_handle;
262 device_record->ble_hci_handle = ble_handle;
263
264 wipe_secrets_and_remove(device_record);
265 }
266
TEST_F(StackBtmSecWithInitFreeTest,btm_sec_rmt_name_request_complete)267 TEST_F(StackBtmSecWithInitFreeTest, btm_sec_rmt_name_request_complete) {
268 btm_cb.history_ = std::make_shared<TimestampedStringCircularBuffer>(kBtmLogHistoryBufferSize);
269
270 btm_sec_rmt_name_request_complete(&kRawAddress, kBdName, HCI_SUCCESS);
271 btm_sec_rmt_name_request_complete(nullptr, nullptr, HCI_SUCCESS);
272 btm_sec_rmt_name_request_complete(nullptr, kBdName, HCI_SUCCESS);
273 btm_sec_rmt_name_request_complete(&kRawAddress, nullptr, HCI_SUCCESS);
274
275 btm_sec_rmt_name_request_complete(&kRawAddress, kBdName, HCI_ERR_HW_FAILURE);
276 btm_sec_rmt_name_request_complete(nullptr, nullptr, HCI_ERR_HW_FAILURE);
277 btm_sec_rmt_name_request_complete(nullptr, kBdName, HCI_ERR_HW_FAILURE);
278 btm_sec_rmt_name_request_complete(&kRawAddress, nullptr, HCI_ERR_HW_FAILURE);
279
280 std::vector<common::TimestampedEntry<std::string>> history = btm_cb.history_->Pull();
281 for (auto& record : history) {
282 time_t then = record.timestamp / 1000;
283 struct tm tm;
284 localtime_r(&then, &tm);
285 auto s2 = common::StringFormatTime(kTimeFormat, tm);
286 log::debug("{}.{} {}", s2, static_cast<unsigned int>(record.timestamp % 1000), record.entry);
287 }
288 ASSERT_EQ(8U, history.size());
289 }
290
TEST_F(StackBtmSecWithInitFreeTest,btm_sec_temp_bond_auth_authenticated_temporary)291 TEST_F(StackBtmSecWithInitFreeTest, btm_sec_temp_bond_auth_authenticated_temporary) {
292 RawAddress bd_addr = RawAddress({0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6});
293 const uint16_t classic_handle = 0x1234;
294 const uint16_t ble_handle = 0x9876;
295 bool rval = false;
296
297 tBTM_SEC_DEV_REC* device_record = btm_sec_allocate_dev_rec();
298 device_record->bd_addr = bd_addr;
299 device_record->hci_handle = classic_handle;
300 device_record->ble_hci_handle = ble_handle;
301
302 device_record->sec_rec.sec_flags |= BTM_SEC_AUTHENTICATED;
303 device_record->sec_rec.sec_flags |= BTM_SEC_NAME_KNOWN;
304 device_record->sec_rec.bond_type = BOND_TYPE_TEMPORARY;
305
306 btm_sec_cb.security_mode = BTM_SEC_MODE_SERVICE;
307 btm_sec_cb.pairing_state = BTM_PAIR_STATE_IDLE;
308
309 uint16_t sec_req = BTM_SEC_IN_AUTHENTICATE;
310 tBTM_STATUS status = tBTM_STATUS::BTM_UNDEFINED;
311
312 status = btm_sec_mx_access_request(bd_addr, false, sec_req, NULL, NULL);
313
314 ASSERT_EQ(status, tBTM_STATUS::BTM_FAILED_ON_SECURITY);
315 }
316
TEST_F(StackBtmSecWithInitFreeTest,btm_sec_temp_bond_auth_non_authenticated_temporary)317 TEST_F(StackBtmSecWithInitFreeTest, btm_sec_temp_bond_auth_non_authenticated_temporary) {
318 RawAddress bd_addr = RawAddress({0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6});
319 const uint16_t classic_handle = 0x1234;
320 const uint16_t ble_handle = 0x9876;
321 bool rval = false;
322
323 tBTM_SEC_DEV_REC* device_record = btm_sec_allocate_dev_rec();
324 device_record->bd_addr = bd_addr;
325 device_record->hci_handle = classic_handle;
326 device_record->ble_hci_handle = ble_handle;
327
328 device_record->sec_rec.sec_flags &= ~BTM_SEC_AUTHENTICATED;
329 device_record->sec_rec.sec_flags |= BTM_SEC_NAME_KNOWN;
330 device_record->sec_rec.bond_type = BOND_TYPE_TEMPORARY;
331
332 btm_sec_cb.security_mode = BTM_SEC_MODE_SERVICE;
333 btm_sec_cb.pairing_state = BTM_PAIR_STATE_IDLE;
334
335 uint16_t sec_req = BTM_SEC_IN_AUTHENTICATE;
336 tBTM_STATUS status = tBTM_STATUS::BTM_UNDEFINED;
337
338 status = btm_sec_mx_access_request(bd_addr, false, sec_req, NULL, NULL);
339
340 // We're testing the temp bonding security behavior here, so all we care about
341 // is that it doesn't fail on security.
342 ASSERT_NE(status, tBTM_STATUS::BTM_FAILED_ON_SECURITY);
343 }
344
TEST_F(StackBtmSecWithInitFreeTest,btm_sec_temp_bond_auth_authenticated_persistent)345 TEST_F(StackBtmSecWithInitFreeTest, btm_sec_temp_bond_auth_authenticated_persistent) {
346 RawAddress bd_addr = RawAddress({0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6});
347 const uint16_t classic_handle = 0x1234;
348 const uint16_t ble_handle = 0x9876;
349 bool rval = false;
350
351 tBTM_SEC_DEV_REC* device_record = btm_sec_allocate_dev_rec();
352 device_record->bd_addr = bd_addr;
353 device_record->hci_handle = classic_handle;
354 device_record->ble_hci_handle = ble_handle;
355
356 device_record->sec_rec.sec_flags |= BTM_SEC_AUTHENTICATED;
357 device_record->sec_rec.sec_flags |= BTM_SEC_NAME_KNOWN;
358 device_record->sec_rec.bond_type = BOND_TYPE_PERSISTENT;
359
360 btm_sec_cb.security_mode = BTM_SEC_MODE_SERVICE;
361 btm_sec_cb.pairing_state = BTM_PAIR_STATE_IDLE;
362
363 uint16_t sec_req = BTM_SEC_IN_AUTHENTICATE;
364 tBTM_STATUS status = tBTM_STATUS::BTM_UNDEFINED;
365
366 status = btm_sec_mx_access_request(bd_addr, false, sec_req, NULL, NULL);
367
368 // We're testing the temp bonding security behavior here, so all we care about
369 // is that it doesn't fail on security.
370 ASSERT_NE(status, tBTM_STATUS::BTM_FAILED_ON_SECURITY);
371 }
372
TEST_F(StackBtmSecWithInitFreeTest,btm_sec_temp_bond_auth_upgrade_needed)373 TEST_F(StackBtmSecWithInitFreeTest, btm_sec_temp_bond_auth_upgrade_needed) {
374 RawAddress bd_addr = RawAddress({0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6});
375 const uint16_t classic_handle = 0x1234;
376 const uint16_t ble_handle = 0x9876;
377 bool rval = false;
378
379 tBTM_SEC_DEV_REC* device_record = btm_sec_allocate_dev_rec();
380 device_record->bd_addr = bd_addr;
381 device_record->hci_handle = classic_handle;
382 device_record->ble_hci_handle = ble_handle;
383
384 device_record->sec_rec.sec_flags |= BTM_SEC_NAME_KNOWN;
385 device_record->sec_rec.sec_flags |= BTM_SEC_LINK_KEY_KNOWN;
386 device_record->sec_rec.bond_type = BOND_TYPE_PERSISTENT;
387
388 btm_sec_cb.security_mode = BTM_SEC_MODE_SERVICE;
389 btm_sec_cb.pairing_state = BTM_PAIR_STATE_IDLE;
390
391 uint16_t sec_req = BTM_SEC_IN_AUTHENTICATE | BTM_SEC_IN_MIN_16_DIGIT_PIN;
392 tBTM_STATUS status = tBTM_STATUS::BTM_UNDEFINED;
393
394 // This should be marked in btm_sec_execute_procedure with "start_auth"
395 // because BTM_SEC_IN_AUTHENTICATE is required but the security flags
396 // do not contain BTM_SEC_AUTHENTICATED
397
398 status = btm_sec_mx_access_request(bd_addr, false, sec_req, NULL, NULL);
399
400 // In this case we expect it to clear several security flags and return
401 // BTM_CMD_STARTED.
402 ASSERT_EQ(status, tBTM_STATUS::BTM_CMD_STARTED);
403 ASSERT_FALSE(device_record->sec_rec.sec_flags & BTM_SEC_LINK_KEY_KNOWN);
404 }
405
TEST_F(StackBtmSecWithInitFreeTest,btm_sec_temp_bond_auth_encryption_required)406 TEST_F(StackBtmSecWithInitFreeTest, btm_sec_temp_bond_auth_encryption_required) {
407 RawAddress bd_addr = RawAddress({0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6});
408 const uint16_t classic_handle = 0x1234;
409 const uint16_t ble_handle = 0x9876;
410 bool rval = false;
411
412 tBTM_SEC_DEV_REC* device_record = btm_sec_allocate_dev_rec();
413 device_record->bd_addr = bd_addr;
414 device_record->hci_handle = classic_handle;
415 device_record->ble_hci_handle = ble_handle;
416
417 device_record->sec_rec.sec_flags |= BTM_SEC_AUTHENTICATED;
418 device_record->sec_rec.sec_flags |= BTM_SEC_NAME_KNOWN;
419 device_record->sec_rec.bond_type = BOND_TYPE_PERSISTENT;
420
421 btm_sec_cb.security_mode = BTM_SEC_MODE_SERVICE;
422 btm_sec_cb.pairing_state = BTM_PAIR_STATE_IDLE;
423
424 uint16_t sec_req = BTM_SEC_IN_AUTHENTICATE | BTM_SEC_OUT_ENCRYPT;
425 tBTM_STATUS status = tBTM_STATUS::BTM_UNDEFINED;
426
427 // In this case we need to encrypt the link, so we will mark the link
428 // encrypted and return BTM_CMD_STARTED.
429 status = btm_sec_mx_access_request(bd_addr, true, sec_req, NULL, NULL);
430
431 ASSERT_EQ(status, tBTM_STATUS::BTM_CMD_STARTED);
432 ASSERT_EQ(device_record->sec_rec.classic_link, tSECURITY_STATE::ENCRYPTING);
433 }
434