Merge "Check for bidding down attack in EAP-AKA."

am: bca2b62073

Change-Id: Ie0c427be813b3ec736cde6b3bda287629b04c0cb

3 files changed, 62 insertions, 4 deletions

diff --git a/src/java/com/android/ike/eap/statemachine/EapAkaMethodStateMachine.java b/src/java/com/android/ike/eap/statemachine/EapAkaMethodStateMachine.java
index d2daac77..8940c330 100644
--- a/src/java/com/android/ike/eap/statemachine/EapAkaMethodStateMachine.java
+++ b/src/java/com/android/ike/eap/statemachine/EapAkaMethodStateMachine.java
@@ -29,6 +29,7 @@ import static com.android.ike.eap.message.simaka.EapAkaTypeData.EAP_AKA_NOTIFICA
 import static com.android.ike.eap.message.simaka.EapAkaTypeData.EAP_AKA_SYNCHRONIZATION_FAILURE;
 import static com.android.ike.eap.message.simaka.EapSimAkaAttribute.EAP_AT_ANY_ID_REQ;
 import static com.android.ike.eap.message.simaka.EapSimAkaAttribute.EAP_AT_AUTN;
+import static com.android.ike.eap.message.simaka.EapSimAkaAttribute.EAP_AT_BIDDING;
 import static com.android.ike.eap.message.simaka.EapSimAkaAttribute.EAP_AT_ENCR_DATA;
 import static com.android.ike.eap.message.simaka.EapSimAkaAttribute.EAP_AT_FULLAUTH_ID_REQ;
 import static com.android.ike.eap.message.simaka.EapSimAkaAttribute.EAP_AT_IV;
@@ -60,6 +61,7 @@ import com.android.ike.eap.message.simaka.EapAkaTypeData.EapAkaTypeDataDecoder;
 import com.android.ike.eap.message.simaka.EapSimAkaAttribute;
 import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtAutn;
 import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtAuts;
+import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtBidding;
 import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtClientErrorCode;
 import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtIdentity;
 import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtRandAka;
@@ -429,6 +431,18 @@ class EapAkaMethodStateMachine extends EapSimAkaMethodStateMachine {
                 return new EapError(ex);
             }
 
+            // before sending a response, check for bidding-down attacks (RFC 5448#4)
+            if (mSupportsEapAkaPrime) {
+                AtBidding atBidding = (AtBidding) eapAkaTypeData.attributeMap.get(EAP_AT_BIDDING);
+                if (atBidding != null && atBidding.doesServerSupportEapAkaPrime) {
+                    LOG.w(
+                            mTAG,
+                            "Potential bidding down attack. AT_BIDDING attr included and EAP-AKA'"
+                                + " is supported");
+                    return buildAuthenticationRejectMessage(message.eapIdentifier);
+                }
+            }
+
             // server has been authenticated, so we can send a response
             try {
                 mHadSuccessfulChallenge = true;
diff --git a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaChallengeStateTest.java b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaChallengeStateTest.java
index 4deecf30..feb02439 100644
--- a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaChallengeStateTest.java
+++ b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaChallengeStateTest.java
@@ -64,6 +64,7 @@ import com.android.ike.eap.message.EapData;
 import com.android.ike.eap.message.EapMessage;
 import com.android.ike.eap.message.simaka.EapAkaTypeData;
 import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtAutn;
+import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtBidding;
 import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtMac;
 import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtRandAka;
 import com.android.ike.eap.message.simaka.EapSimAkaTypeData.DecodeResult;
@@ -92,13 +93,24 @@ public class EapAkaChallengeStateTest extends EapAkaStateTest {
      *              020500000123456789ABCDEFFEDCBA9876543210 | AT_AUTN
      *              0B05000000000000000000000000000000000000 | AT_MAC (zeroed out)
      *
-     * MK = SHA-1(message)
+     * MK = SHA-1(Identity | IK | CK)
      * K_encr, K_aut, MSK, EMSK = PRF(MK)
      * MAC = HMAC-SHA-1(K_aut, message)
      */
     private static final byte[] REQUEST_MAC_BYTES =
             hexStringToByteArray("3EB97A1D0E62894FD0DA384D24D8983C");
 
+    /**
+     * message =    01100048 | EAP-Request, ID, length in bytes
+     *              17010000 | EAP-AKA, AKA-Challenge, padding
+     *              0105000000112233445566778899AABBCCDDEEFF | AT_RAND
+     *              020500000123456789ABCDEFFEDCBA9876543210 | AT_AUTN
+     *              88018000 | AT_BIDDING
+     *              0B05000000000000000000000000000000000000 | AT_MAC (zeroed out)
+     */
+    private static final byte[] BIDDING_DOWN_MAC =
+            hexStringToByteArray("9CB543894A5EFDC32DF6A6CE1AB0E01A");
+
     @Before
     public void setUp() {
         super.setUp();
@@ -352,8 +364,6 @@ public class EapAkaChallengeStateTest extends EapAkaStateTest {
 
     @Test
     public void testProcessValidChallenge() throws Exception {
-        // TODO(b/140258387): update test vectors with externally generated values
-
         EapData eapData = new EapData(EAP_TYPE_AKA, DUMMY_EAP_TYPE_DATA);
         EapMessage eapMessage = new EapMessage(EAP_CODE_REQUEST, ID_INT, eapData);
 
@@ -383,4 +393,38 @@ public class EapAkaChallengeStateTest extends EapAkaStateTest {
                         BASE_64_CHALLENGE);
         verifyNoMoreInteractions(mMockEapAkaTypeDataDecoder, mMockTelephonyManager);
     }
+
+    @Test
+    public void testProcessBiddingDownAttack() throws Exception {
+        EapData eapData = new EapData(EAP_TYPE_AKA, DUMMY_EAP_TYPE_DATA);
+        EapMessage eapMessage = new EapMessage(EAP_CODE_REQUEST, ID_INT, eapData);
+
+        AtRandAka atRandAka = new AtRandAka(RAND_1_BYTES);
+        AtAutn atAutn = new AtAutn(AUTN_BYTES);
+        AtBidding atBidding = new AtBidding(true);
+        AtMac atMac = new AtMac(BIDDING_DOWN_MAC);
+
+        DecodeResult<EapAkaTypeData> decodeResult =
+                new DecodeResult<>(
+                        new EapAkaTypeData(
+                                EAP_AKA_CHALLENGE,
+                                Arrays.asList(atRandAka, atAutn, atBidding, atMac)));
+        when(mMockEapAkaTypeDataDecoder.decode(eq(DUMMY_EAP_TYPE_DATA))).thenReturn(decodeResult);
+        when(mMockTelephonyManager.getIccAuthentication(
+                TelephonyManager.APPTYPE_USIM,
+                TelephonyManager.AUTHTYPE_EAP_AKA,
+                BASE_64_CHALLENGE))
+                .thenReturn(EAP_AKA_UICC_RESP_SUCCESS_BASE_64);
+
+        EapResponse eapResponse = (EapResponse) mEapAkaMethodStateMachine.process(eapMessage);
+        assertArrayEquals(EAP_AKA_AUTHENTICATION_REJECT, eapResponse.packet);
+
+        verify(mMockEapAkaTypeDataDecoder).decode(eq(DUMMY_EAP_TYPE_DATA));
+        verify(mMockTelephonyManager)
+                .getIccAuthentication(
+                        TelephonyManager.APPTYPE_USIM,
+                        TelephonyManager.AUTHTYPE_EAP_AKA,
+                        BASE_64_CHALLENGE);
+        verifyNoMoreInteractions(mMockEapAkaTypeDataDecoder, mMockTelephonyManager);
+    }
 }
diff --git a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaStateTest.java b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaStateTest.java
index d138cb40..0347b669 100644
--- a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaStateTest.java
+++ b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaStateTest.java
@@ -86,7 +86,7 @@ public class EapAkaStateTest {
                         EAP_IDENTITY_BYTES,
                         mEapAkaConfig,
                         mMockEapAkaTypeDataDecoder,
-                        false);
+                        true);
 
         verify(mMockTelephonyManager).createForSubscriptionId(SUB_ID);
     }