diff options
author | Yan Yan <evitayan@google.com> | 2019-03-26 19:58:14 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2019-03-26 19:58:14 +0000 |
commit | 7a77ef4b33c8a44fef75b768f30fb39932fae79f (patch) | |
tree | a8bf102d89dcb09807b08a2ceafdff2f4f903da4 /tests/iketests/src/java/com/android | |
parent | 76da57578218cb88ccbac813c60aa88fc0817dd4 (diff) | |
parent | 923290d3ddb5d57f00e61fb433e7783aae105fbf (diff) | |
download | ike-7a77ef4b33c8a44fef75b768f30fb39932fae79f.tar.gz |
Merge "Support IkeSessionOptions for basic IKE SA setup"
Diffstat (limited to 'tests/iketests/src/java/com/android')
3 files changed, 118 insertions, 15 deletions
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionOptionsTest.java b/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionOptionsTest.java new file mode 100644 index 00000000..bdaf135a --- /dev/null +++ b/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionOptionsTest.java @@ -0,0 +1,103 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.ike.ikev2; + +import static org.junit.Assert.assertArrayEquals; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.fail; + +import android.content.Context; +import android.net.IpSecManager; +import android.net.IpSecManager.UdpEncapsulationSocket; + +import androidx.test.InstrumentationRegistry; + +import libcore.net.InetAddressUtils; + +import org.junit.After; +import org.junit.Before; +import org.junit.Test; + +import java.net.Inet4Address; + +public final class IkeSessionOptionsTest { + private static final Inet4Address IPV4_ADDRESS = + (Inet4Address) (InetAddressUtils.parseNumericAddress("192.0.2.100")); + + private UdpEncapsulationSocket mUdpEncapSocket; + + @Before + public void setUp() throws Exception { + Context context = InstrumentationRegistry.getContext(); + IpSecManager ipSecManager = (IpSecManager) context.getSystemService(Context.IPSEC_SERVICE); + mUdpEncapSocket = ipSecManager.openUdpEncapsulationSocket(); + } + + @After + public void tearDown() throws Exception { + mUdpEncapSocket.close(); + } + + @Test + public void testBuild() throws Exception { + SaProposal saProposal = + SaProposal.Builder.newIkeSaProposalBuilder() + .addEncryptionAlgorithm( + SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, + SaProposal.KEY_LEN_AES_128) + .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC) + .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) + .build(); + + IkeSessionOptions sessionOptions = + new IkeSessionOptions.Builder(IPV4_ADDRESS, mUdpEncapSocket) + .addSaProposal(saProposal) + .build(); + + assertEquals(IPV4_ADDRESS, sessionOptions.getServerAddress()); + assertEquals(mUdpEncapSocket, sessionOptions.getUdpEncapsulationSocket()); + assertArrayEquals(new SaProposal[] {saProposal}, sessionOptions.getSaProposals()); + assertFalse(sessionOptions.isIkeFragmentationSupported()); + } + + @Test + public void testBuildWithoutSaProposal() throws Exception { + try { + new IkeSessionOptions.Builder(IPV4_ADDRESS, mUdpEncapSocket).build(); + fail("Expected to fail due to absence of SA proposal."); + } catch (IllegalArgumentException expected) { + } + } + + @Test + public void testBuildWithChildSaProposal() throws Exception { + SaProposal saProposal = + SaProposal.Builder.newChildSaProposalBuilder(true) + .addEncryptionAlgorithm( + SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, + SaProposal.KEY_LEN_AES_128) + .build(); + try { + new IkeSessionOptions.Builder(IPV4_ADDRESS, mUdpEncapSocket) + .addSaProposal(saProposal) + .build(); + fail("Expected to fail due to wrong type of SA proposal."); + } catch (IllegalArgumentException expected) { + } + } +} diff --git a/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java b/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java index 2ce2a9d9..428c028d 100644 --- a/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java +++ b/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java @@ -64,7 +64,7 @@ public final class SaProposalTest { .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC) .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) - .buildOrThrow(); + .build(); assertEquals(IkePayload.PROTOCOL_ID_IKE, proposal.mProtocolId); assertArrayEquals( @@ -87,7 +87,7 @@ public final class SaProposalTest { SaProposal.KEY_LEN_AES_128) .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC) .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) - .buildOrThrow(); + .build(); assertEquals(IkePayload.PROTOCOL_ID_IKE, proposal.mProtocolId); assertArrayEquals( @@ -107,7 +107,7 @@ public final class SaProposalTest { SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, SaProposal.KEY_LEN_AES_128) .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE) - .buildOrThrow(); + .build(); assertEquals(IkePayload.PROTOCOL_ID_ESP, proposal.mProtocolId); assertArrayEquals( @@ -127,7 +127,7 @@ public final class SaProposalTest { builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE) .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) - .buildOrThrow(); + .build(); assertEquals(IkePayload.PROTOCOL_ID_ESP, proposal.mProtocolId); assertArrayEquals( @@ -143,7 +143,7 @@ public final class SaProposalTest { public void testBuildEncryptAlgosWithNoAlgorithm() throws Exception { Builder builder = Builder.newIkeSaProposalBuilder(); try { - builder.buildOrThrow(); + builder.build(); fail("Expected to fail when no encryption algorithm is proposed."); } catch (IllegalArgumentException expected) { @@ -179,7 +179,7 @@ public final class SaProposalTest { public void testBuildIkeProposalWithoutPrf() throws Exception { Builder builder = Builder.newIkeSaProposalBuilder(); try { - builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES).buildOrThrow(); + builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES).build(); fail("Expected to fail when PRF is not provided in IKE SA proposal."); } catch (IllegalArgumentException expected) { @@ -192,7 +192,7 @@ public final class SaProposalTest { try { builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1) - .buildOrThrow(); + .build(); fail("Expected to fail when PRF is provided in Child SA proposal."); } catch (IllegalArgumentException expected) { @@ -209,7 +209,7 @@ public final class SaProposalTest { builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12) .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE) .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) - .buildOrThrow(); + .build(); fail("Expected to fail when not-none integrity algorithm is proposed with AEAD"); } catch (IllegalArgumentException expected) { @@ -225,7 +225,7 @@ public final class SaProposalTest { try { builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1) - .buildOrThrow(); + .build(); fail( "Expected to fail when" @@ -245,7 +245,7 @@ public final class SaProposalTest { .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1) .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE) .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) - .buildOrThrow(); + .build(); fail( "Expected to fail when none-value integrity algorithm is proposed" @@ -262,7 +262,7 @@ public final class SaProposalTest { builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC) - .buildOrThrow(); + .build(); fail("Expected to fail when no DH Group is proposed in IKE SA proposal."); } catch (IllegalArgumentException expected) { @@ -279,7 +279,7 @@ public final class SaProposalTest { .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC) .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) .addDhGroup(SaProposal.DH_GROUP_NONE) - .buildOrThrow(); + .build(); fail("Expected to fail when none-value DH Group is proposed in IKE SA proposal."); } catch (IllegalArgumentException expected) { @@ -295,7 +295,7 @@ public final class SaProposalTest { builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) - .buildOrThrow(); + .build(); fail( "Expected to fail when" diff --git a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java index b0d927d8..2a47362c 100644 --- a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java +++ b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java @@ -153,7 +153,7 @@ public final class IkeSaPayloadTest { .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1) - .buildOrThrow(); + .build(); mSaProposalTwo = SaProposal.Builder.newIkeSaProposalBuilder() @@ -166,7 +166,7 @@ public final class IkeSaPayloadTest { .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC) .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) .addDhGroup(SaProposal.DH_GROUP_2048_BIT_MODP) - .buildOrThrow(); + .build(); mTwoSaProposalsArray = new SaProposal[] {mSaProposalOne, mSaProposalTwo}; } |