diff options
| author | Cody Kesting <ckesting@google.com> | 2019-10-31 10:10:30 -0700 |
|---|---|---|
| committer | android-build-merger <android-build-merger@google.com> | 2019-10-31 10:10:30 -0700 |
| commit | a33fc93cea853512e9aed44bea4c214dc063ad34 (patch) | |
| tree | 0824c115eec18989fc00b7e058938bb045d32ecc | |
| parent | d5d47e5625dcd904e35cfe385f784fa85cd31543 (diff) | |
| parent | 14a0feeaa53f8577fa5276932a15cfddb41b2d88 (diff) | |
| download | ike-a33fc93cea853512e9aed44bea4c214dc063ad34.tar.gz | |
Override MAC algorithm name for EAP-AKA'. am: dd35ecf8c6
am: 14a0feeaa5
Change-Id: Ie228466ccf4a4187144bdff6a8b8474369fdd48a
3 files changed, 36 insertions, 2 deletions
diff --git a/src/java/com/android/ike/eap/statemachine/EapAkaMethodStateMachine.java b/src/java/com/android/ike/eap/statemachine/EapAkaMethodStateMachine.java index 81681014..bfe52213 100644 --- a/src/java/com/android/ike/eap/statemachine/EapAkaMethodStateMachine.java +++ b/src/java/com/android/ike/eap/statemachine/EapAkaMethodStateMachine.java @@ -405,7 +405,7 @@ class EapAkaMethodStateMachine extends EapSimAkaMethodStateMachine { if (!isValidMac(mTAG, message, eapAkaTypeData, new byte[0])) { return buildClientErrorResponse( message.eapIdentifier, - EAP_TYPE_AKA, + getEapMethod(), AtClientErrorCode.UNABLE_TO_PROCESS); } } catch (GeneralSecurityException diff --git a/src/java/com/android/ike/eap/statemachine/EapAkaPrimeMethodStateMachine.java b/src/java/com/android/ike/eap/statemachine/EapAkaPrimeMethodStateMachine.java index b70c3f71..9ba7dc28 100644 --- a/src/java/com/android/ike/eap/statemachine/EapAkaPrimeMethodStateMachine.java +++ b/src/java/com/android/ike/eap/statemachine/EapAkaPrimeMethodStateMachine.java @@ -154,6 +154,11 @@ public class EapAkaPrimeMethodStateMachine extends EapAkaMethodStateMachine { return new ChallengeState(identity); } + @Override + protected String getMacAlgorithm() { + return MAC_ALGORITHM_STRING; + } + protected class ChallengeState extends EapAkaMethodStateMachine.ChallengeState { private final String mTAG = ChallengeState.class.getSimpleName(); @@ -173,7 +178,7 @@ public class EapAkaPrimeMethodStateMachine extends EapAkaMethodStateMachine { if (!isValidChallengeAttributes(eapAkaPrimeTypeData)) { return buildAuthenticationRejectMessage(message.eapIdentifier); } - return null; + return super.handleChallengeAuthentication(message, eapAkaPrimeTypeData); } @VisibleForTesting diff --git a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaPrimeMethodStateMachineTest.java b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaPrimeMethodStateMachineTest.java index 84f92b42..ce46dc42 100644 --- a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaPrimeMethodStateMachineTest.java +++ b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaPrimeMethodStateMachineTest.java @@ -16,6 +16,11 @@ package com.android.ike.eap.statemachine; +import static com.android.ike.TestUtils.hexStringToByteArray; +import static com.android.ike.eap.message.EapData.EAP_TYPE_AKA_PRIME; +import static com.android.ike.eap.message.EapMessage.EAP_CODE_REQUEST; +import static com.android.ike.eap.message.EapTestMessageDefinitions.ID_INT; +import static com.android.ike.eap.message.simaka.EapAkaTypeData.EAP_AKA_CHALLENGE; import static com.android.ike.eap.statemachine.EapAkaPrimeMethodStateMachine.K_AUT_LEN; import static com.android.ike.eap.statemachine.EapAkaPrimeMethodStateMachine.K_RE_LEN; import static com.android.ike.eap.statemachine.EapSimAkaMethodStateMachine.KEY_LEN; @@ -24,11 +29,23 @@ import static com.android.ike.eap.statemachine.EapSimAkaMethodStateMachine.SESSI import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; +import com.android.ike.eap.message.EapData; +import com.android.ike.eap.message.EapMessage; +import com.android.ike.eap.message.simaka.EapAkaPrimeTypeData; +import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtMac; import com.android.ike.eap.statemachine.EapAkaMethodStateMachine.CreatedState; import org.junit.Test; +import java.util.Arrays; + public class EapAkaPrimeMethodStateMachineTest extends EapAkaPrimeTest { + private static final String TAG = EapAkaPrimeMethodStateMachineTest.class.getSimpleName(); + private static final byte[] K_AUT = + hexStringToByteArray( + "000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F"); + private static final byte[] MAC = hexStringToByteArray("0322b08b59cae2df8f766162ac76f30b"); + @Test public void testEapAkaPrimeMethodStateMachineStartState() { assertTrue(mStateMachine.getState() instanceof CreatedState); @@ -42,4 +59,16 @@ public class EapAkaPrimeMethodStateMachineTest extends EapAkaPrimeTest { assertEquals(SESSION_KEY_LENGTH, mStateMachine.getMskLength()); assertEquals(SESSION_KEY_LENGTH, mStateMachine.getEmskLength()); } + + @Test + public void testIsValidMacUsesHmacSha256() throws Exception { + System.arraycopy(K_AUT, 0, mStateMachine.mKAut, 0, K_AUT.length); + + EapData eapData = new EapData(EAP_TYPE_AKA_PRIME, new byte[0]); + EapMessage eapMessage = new EapMessage(EAP_CODE_REQUEST, ID_INT, eapData); + EapAkaPrimeTypeData eapAkaPrimeTypeData = + new EapAkaPrimeTypeData(EAP_AKA_CHALLENGE, Arrays.asList(new AtMac(MAC))); + + assertTrue(mStateMachine.isValidMac(TAG, eapMessage, eapAkaPrimeTypeData, new byte[0])); + } } |