Provide whether EAP-AKA' is supported to EAP-AKA.

EAP-AKA' specifies the use of the AT_BIDDING attribute to prevent
EAP-AKA' sessions from being downgraded to use EAP-AKA by a
man-in-the-middle attack. Supporting this feature in the EAP-AKA state
machine requires the state machine to know whether EAP-AKA' is supported
by the peer. An additional constructor is added to
EapAkaMethodStateMachine and used by the EapStateMachine so that EAP-AKA
can check for bidding down attacks.

Bug: 142742437
Test: atest FrameworksIkeTests
Change-Id: Ife3ec6024644521f8de80bd095db884548ffe22d

4 files changed, 26 insertions, 6 deletions

diff --git a/src/java/com/android/ike/eap/statemachine/EapAkaMethodStateMachine.java b/src/java/com/android/ike/eap/statemachine/EapAkaMethodStateMachine.java
index bfe52213..d2daac77 100644
--- a/src/java/com/android/ike/eap/statemachine/EapAkaMethodStateMachine.java
+++ b/src/java/com/android/ike/eap/statemachine/EapAkaMethodStateMachine.java
@@ -104,13 +104,24 @@ class EapAkaMethodStateMachine extends EapSimAkaMethodStateMachine {
     private static final String AKA_IDENTITY_PREFIX = "0";
 
     private final EapAkaTypeDataDecoder mEapAkaTypeDataDecoder;
+    private final boolean mSupportsEapAkaPrime;
 
-    EapAkaMethodStateMachine(Context context, byte[] eapIdentity, EapAkaConfig eapAkaConfig) {
+    protected EapAkaMethodStateMachine(
+            Context context, byte[] eapIdentity, EapAkaConfig eapAkaConfig) {
+        this(context, eapIdentity, eapAkaConfig, false);
+    }
+
+    EapAkaMethodStateMachine(
+            Context context,
+            byte[] eapIdentity,
+            EapAkaConfig eapAkaConfig,
+            boolean supportsEapAkaPrime) {
         this(
                 (TelephonyManager) context.getSystemService(Context.TELEPHONY_SERVICE),
                 eapIdentity,
                 eapAkaConfig,
-                EapAkaTypeData.getEapAkaTypeDataDecoder());
+                EapAkaTypeData.getEapAkaTypeDataDecoder(),
+                supportsEapAkaPrime);
     }
 
     @VisibleForTesting
@@ -118,12 +129,14 @@ class EapAkaMethodStateMachine extends EapSimAkaMethodStateMachine {
             TelephonyManager telephonyManager,
             byte[] eapIdentity,
             EapAkaConfig eapAkaConfig,
-            EapAkaTypeDataDecoder eapAkaTypeDataDecoder) {
+            EapAkaTypeDataDecoder eapAkaTypeDataDecoder,
+            boolean supportsEapAkaPrime) {
         super(
                 telephonyManager.createForSubscriptionId(eapAkaConfig.subId),
                 eapIdentity,
                 eapAkaConfig);
         mEapAkaTypeDataDecoder = eapAkaTypeDataDecoder;
+        mSupportsEapAkaPrime = supportsEapAkaPrime;
 
         transitionTo(new CreatedState());
     }
diff --git a/src/java/com/android/ike/eap/statemachine/EapStateMachine.java b/src/java/com/android/ike/eap/statemachine/EapStateMachine.java
index e1d793c1..f2030a1d 100644
--- a/src/java/com/android/ike/eap/statemachine/EapStateMachine.java
+++ b/src/java/com/android/ike/eap/statemachine/EapStateMachine.java
@@ -325,8 +325,13 @@ public class EapStateMachine extends SimpleStateMachine<byte[], EapResult> {
                             mContext, mEapSessionConfig.eapIdentity, eapSimConfig, mSecureRandom);
                 case EAP_TYPE_AKA:
                     EapAkaConfig eapAkaConfig = (EapAkaConfig) eapMethodConfig;
+                    boolean supportsEapAkaPrime =
+                            mEapSessionConfig.eapConfigs.containsKey(EAP_TYPE_AKA_PRIME);
                     return new EapAkaMethodStateMachine(
-                            mContext, mEapSessionConfig.eapIdentity, eapAkaConfig);
+                            mContext,
+                            mEapSessionConfig.eapIdentity,
+                            eapAkaConfig,
+                            supportsEapAkaPrime);
                 case EAP_TYPE_AKA_PRIME:
                     EapAkaPrimeConfig eapAkaPrimeConfig = (EapAkaPrimeConfig) eapMethodConfig;
                     return new EapAkaPrimeMethodStateMachine(
diff --git a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaMethodStateMachineTest.java b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaMethodStateMachineTest.java
index 23c2649b..12e33c8b 100644
--- a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaMethodStateMachineTest.java
+++ b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaMethodStateMachineTest.java
@@ -87,7 +87,8 @@ public class EapAkaMethodStateMachineTest {
                         mMockTelephonyManager,
                         EAP_IDENTITY_BYTES,
                         mEapAkaConfig,
-                        mMockEapAkaTypeDataDecoder);
+                        mMockEapAkaTypeDataDecoder,
+                        false);
 
         verify(mMockTelephonyManager).createForSubscriptionId(SUB_ID);
     }
diff --git a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaStateTest.java b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaStateTest.java
index 02ea9202..d138cb40 100644
--- a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaStateTest.java
+++ b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaStateTest.java
@@ -85,7 +85,8 @@ public class EapAkaStateTest {
                         mMockTelephonyManager,
                         EAP_IDENTITY_BYTES,
                         mEapAkaConfig,
-                        mMockEapAkaTypeDataDecoder);
+                        mMockEapAkaTypeDataDecoder,
+                        false);
 
         verify(mMockTelephonyManager).createForSubscriptionId(SUB_ID);
     }