Support encrypting outbound message with SK Payload

This commit: - Add a construtor in IkeSkPayload for building outbound IkeSkPayload - Add an interface in IkeMessage for encrypt outbound message - Move decryption-related tests from IkeSkPayloadTest to IkeEncryptedPayloadBodyTest Bug: 122555731 Test: FrameworksIkeTests IkeEncryptedPayloadBodyTest Change-Id: I9f105f5ccb0bce68a4b8e0b5d7cdd58a5b39521d
author: evitayan <evitayan@google.com> 2019-02-26 18:12:19 -0800
committer: evitayan <evitayan@google.com> 2019-03-21 17:11:07 -0700
commit: bb26e19d0cb1e9eb7cbb9a68a08e59fb9cb37f71 (patch)
tree: c5349d26d586d006706049e20e08f68a672dc433 /tests/iketests/src/java/com/android
parent: 90d2ba05c974bc636014523d23a28c9acf4164c5 (diff)
download: ike-bb26e19d0cb1e9eb7cbb9a68a08e59fb9cb37f71.tar.gz
2 files changed, 87 insertions, 67 deletions
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeEncryptedPayloadBodyTest.java b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeEncryptedPayloadBodyTest.java
index 48669e89..fcb3eff6 100644
--- a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeEncryptedPayloadBodyTest.java
+++ b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeEncryptedPayloadBodyTest.java
@@ -17,10 +17,14 @@ package com.android.ike.ikev2.message;
 
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.fail;
 
 import org.junit.Before;
 import org.junit.Test;
 
+import java.security.GeneralSecurityException;
+import java.util.Arrays;
+
 import javax.crypto.Cipher;
 import javax.crypto.Mac;
 import javax.crypto.SecretKey;
@@ -65,9 +69,40 @@ public final class IkeEncryptedPayloadBodyTest {
     private SecretKey mAesCbcKey;
     private Mac mHmacSha1IntegrityMac;
 
+    private byte[] mDataToPadAndEncrypt;
+    private byte[] mDataToAuthenticate;
+    private byte[] mEncryptedPaddedData;
+    private byte[] mIkeMessage;
+
+    private byte[] mChecksum;
+    private byte[] mIv;
+    private byte[] mPadding;
+
     // TODO: Add tests for authenticating and decrypting received message.
     @Before
     public void setUp() throws Exception {
+        mDataToPadAndEncrypt =
+                TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_UNENCRYPTED_DATA);
+        String hexStringToAuthenticate =
+                IKE_AUTH_INIT_REQUEST_HEADER
+                        + IKE_AUTH_INIT_REQUEST_SK_HEADER
+                        + IKE_AUTH_INIT_REQUEST_IV
+                        + IKE_AUTH_INIT_REQUEST_ENCRYPT_PADDED_DATA;
+        mDataToAuthenticate = TestUtils.hexStringToByteArray(hexStringToAuthenticate);
+        mEncryptedPaddedData =
+                TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_ENCRYPT_PADDED_DATA);
+        mIkeMessage =
+                TestUtils.hexStringToByteArray(
+                        IKE_AUTH_INIT_REQUEST_HEADER
+                                + IKE_AUTH_INIT_REQUEST_SK_HEADER
+                                + IKE_AUTH_INIT_REQUEST_IV
+                                + IKE_AUTH_INIT_REQUEST_ENCRYPT_PADDED_DATA
+                                + IKE_AUTH_INIT_REQUEST_CHECKSUM);
+
+        mChecksum = TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_CHECKSUM);
+        mIv = TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_IV);
+        mPadding = TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_PADDING);
+
         mAesCbcCipher = Cipher.getInstance(ENCR_ALGO_AES_CBC, IkeMessage.getSecurityProvider());
         byte[] encryptKeyBytes = TestUtils.hexStringToByteArray(ENCR_KEY_FROM_INIT_TO_RESP);
         mAesCbcKey = new SecretKeySpec(encryptKeyBytes, ENCR_ALGO_AES_CBC);
@@ -81,20 +116,30 @@ public final class IkeEncryptedPayloadBodyTest {
 
     @Test
     public void testCalculateChecksum() throws Exception {
-        String hexStringToAuthenticate =
-                IKE_AUTH_INIT_REQUEST_HEADER
-                        + IKE_AUTH_INIT_REQUEST_SK_HEADER
-                        + IKE_AUTH_INIT_REQUEST_IV
-                        + IKE_AUTH_INIT_REQUEST_ENCRYPT_PADDED_DATA;
-        byte[] byteToAuthenticate = TestUtils.hexStringToByteArray(hexStringToAuthenticate);
-
-        byte[] expectedCheckSum = TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_CHECKSUM);
-
         byte[] calculatedChecksum =
                 IkeEncryptedPayloadBody.calculateChecksum(
-                        byteToAuthenticate, mHmacSha1IntegrityMac, HMAC_SHA1_CHECKSUM_LEN);
+                        mDataToAuthenticate, mHmacSha1IntegrityMac, HMAC_SHA1_CHECKSUM_LEN);
+
+        assertArrayEquals(mChecksum, calculatedChecksum);
+    }
+
+    @Test
+    public void testValidateChecksum() throws Exception {
+        IkeEncryptedPayloadBody.validateChecksumOrThrow(
+                mDataToAuthenticate, mHmacSha1IntegrityMac, mChecksum);
+    }
 
-        assertArrayEquals(expectedCheckSum, calculatedChecksum);
+    @Test
+    public void testThrowForInvalidChecksum() throws Exception {
+        byte[] dataToAuthenticate = Arrays.copyOf(mDataToAuthenticate, mDataToAuthenticate.length);
+        dataToAuthenticate[0]++;
+
+        try {
+            IkeEncryptedPayloadBody.validateChecksumOrThrow(
+                    dataToAuthenticate, mHmacSha1IntegrityMac, mChecksum);
+            fail("Expected GeneralSecurityException due to mismatched checksum.");
+        } catch (GeneralSecurityException expected) {
+        }
     }
 
     @Test
@@ -132,40 +177,37 @@ public final class IkeEncryptedPayloadBodyTest {
 
     @Test
     public void testEncrypt() throws Exception {
-        byte[] dataToEncrypt =
-                TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_UNENCRYPTED_DATA);
-        byte[] iv = TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_IV);
-        byte[] padding = TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_PADDING);
-
         byte[] calculatedData =
                 IkeEncryptedPayloadBody.encrypt(
-                        dataToEncrypt, mAesCbcCipher, mAesCbcKey, iv, padding);
-        byte[] expectedData =
-                TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_ENCRYPT_PADDED_DATA);
+                        mDataToPadAndEncrypt, mAesCbcCipher, mAesCbcKey, mIv, mPadding);
+
+        assertArrayEquals(mEncryptedPaddedData, calculatedData);
+    }
+
+    @Test
+    public void testDecrypt() throws Exception {
+        byte[] calculatedPlainText =
+                IkeEncryptedPayloadBody.decrypt(
+                        mEncryptedPaddedData, mAesCbcCipher, mAesCbcKey, mIv);
 
-        assertArrayEquals(expectedData, calculatedData);
+        assertArrayEquals(mDataToPadAndEncrypt, calculatedPlainText);
     }
 
     @Test
     public void testBuildAndEncodeOutboundIkeEncryptedPayloadBody() throws Exception {
-        byte[] ikeAndPayloadHeader =
-                TestUtils.hexStringToByteArray(
-                        IKE_AUTH_INIT_REQUEST_HEADER + IKE_AUTH_INIT_REQUEST_SK_HEADER);
-        byte[] unencryptedPayloads =
-                TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_UNENCRYPTED_DATA);
-        byte[] iv = TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_IV);
-        byte[] padding = TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_PADDING);
+        IkeHeader ikeHeader = new IkeHeader(mIkeMessage);
 
         IkeEncryptedPayloadBody paylaodBody =
                 new IkeEncryptedPayloadBody(
-                        ikeAndPayloadHeader,
-                        unencryptedPayloads,
+                        ikeHeader,
+                        IkePayload.PAYLOAD_TYPE_ID_INITIATOR,
+                        mDataToPadAndEncrypt,
                         mHmacSha1IntegrityMac,
                         HMAC_SHA1_CHECKSUM_LEN,
                         mAesCbcCipher,
                         mAesCbcKey,
-                        iv,
-                        padding);
+                        mIv,
+                        mPadding);
 
         byte[] expectedEncodedData =
                 TestUtils.hexStringToByteArray(
@@ -174,4 +216,17 @@ public final class IkeEncryptedPayloadBodyTest {
                                 + IKE_AUTH_INIT_REQUEST_CHECKSUM);
         assertArrayEquals(expectedEncodedData, paylaodBody.encode());
     }
+
+    @Test
+    public void testAuthenticateAndDecryptInboundIkeEncryptedPayloadBody() throws Exception {
+        IkeEncryptedPayloadBody paylaodBody =
+                new IkeEncryptedPayloadBody(
+                        mIkeMessage,
+                        mHmacSha1IntegrityMac,
+                        HMAC_SHA1_CHECKSUM_LEN,
+                        mAesCbcCipher,
+                        mAesCbcKey);
+
+        assertArrayEquals(mDataToPadAndEncrypt, paylaodBody.getUnencryptedData());
+    }
 }
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSkPayloadTest.java b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSkPayloadTest.java
index aebd1194..13866fb6 100644
--- a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSkPayloadTest.java
+++ b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSkPayloadTest.java
@@ -17,13 +17,11 @@
 package com.android.ike.ikev2.message;
 
 import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.fail;
 
 import org.junit.Before;
 import org.junit.Test;
 
 import java.nio.ByteBuffer;
-import java.security.GeneralSecurityException;
 import java.util.Arrays;
 
 import javax.crypto.Cipher;
@@ -82,44 +80,11 @@ public final class IkeSkPayloadTest {
     }
 
     @Test
-    public void testAuthenticateAndDecryptMessage() throws Exception {
-        byte[] message = TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_HEX_STRING);
-
-        IkeSkPayload payload =
-                IkePayloadFactory.getIkeSkPayload(
-                                message,
-                                mHmacSha1IntegrityMac,
-                                CHECKSUM_LEN,
-                                mAesCbcDecryptCipher,
-                                mAesCbcDecryptKey)
-                        .first;
-        byte[] expectedPlaintext =
-                TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_DECRYPTED_BODY_HEX_STRING);
-        assertArrayEquals(expectedPlaintext, payload.getUnencryptedPayloads());
-    }
-
-    @Test
-    public void testThrowExceptionForInvalidChecksum() throws Exception {
-        byte[] message = TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_HEX_STRING);
-        // Change last bit of checksum.
-        message[message.length - 1]++;
-        try {
-            IkePayloadFactory.getIkeSkPayload(
-                    message,
-                    mHmacSha1IntegrityMac,
-                    CHECKSUM_LEN,
-                    mAesCbcDecryptCipher,
-                    mAesCbcDecryptKey);
-            fail("Expected GeneralSecurityException: Invalid checksum.");
-        } catch (GeneralSecurityException expected) {
-        }
-    }
-
-    @Test
     public void testEncode() throws Exception {
         byte[] message = TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_HEX_STRING);
         byte[] payloadBytes =
                 Arrays.copyOfRange(message, IkeHeader.IKE_HEADER_LENGTH, message.length);
+
         IkeSkPayload payload =
                 IkePayloadFactory.getIkeSkPayload(
                                 message,
author	evitayan <evitayan@google.com>	2019-02-26 18:12:19 -0800
committer	evitayan <evitayan@google.com>	2019-03-21 17:11:07 -0700
commit	bb26e19d0cb1e9eb7cbb9a68a08e59fb9cb37f71 (patch)
tree	c5349d26d586d006706049e20e08f68a672dc433 /tests/iketests/src/java/com/android
parent	90d2ba05c974bc636014523d23a28c9acf4164c5 (diff)
download	ike-bb26e19d0cb1e9eb7cbb9a68a08e59fb9cb37f71.tar.gz