diff options
author | evitayan <evitayan@google.com> | 2019-02-26 18:12:19 -0800 |
---|---|---|
committer | evitayan <evitayan@google.com> | 2019-03-21 17:11:07 -0700 |
commit | bb26e19d0cb1e9eb7cbb9a68a08e59fb9cb37f71 (patch) | |
tree | c5349d26d586d006706049e20e08f68a672dc433 /tests/iketests/src/java/com/android | |
parent | 90d2ba05c974bc636014523d23a28c9acf4164c5 (diff) | |
download | ike-bb26e19d0cb1e9eb7cbb9a68a08e59fb9cb37f71.tar.gz |
Support encrypting outbound message with SK Payload
This commit:
- Add a construtor in IkeSkPayload for building outbound
IkeSkPayload
- Add an interface in IkeMessage for encrypt outbound message
- Move decryption-related tests from IkeSkPayloadTest to
IkeEncryptedPayloadBodyTest
Bug: 122555731
Test: FrameworksIkeTests IkeEncryptedPayloadBodyTest
Change-Id: I9f105f5ccb0bce68a4b8e0b5d7cdd58a5b39521d
Diffstat (limited to 'tests/iketests/src/java/com/android')
-rw-r--r-- | tests/iketests/src/java/com/android/ike/ikev2/message/IkeEncryptedPayloadBodyTest.java | 117 | ||||
-rw-r--r-- | tests/iketests/src/java/com/android/ike/ikev2/message/IkeSkPayloadTest.java | 37 |
2 files changed, 87 insertions, 67 deletions
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeEncryptedPayloadBodyTest.java b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeEncryptedPayloadBodyTest.java index 48669e89..fcb3eff6 100644 --- a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeEncryptedPayloadBodyTest.java +++ b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeEncryptedPayloadBodyTest.java @@ -17,10 +17,14 @@ package com.android.ike.ikev2.message; import static org.junit.Assert.assertArrayEquals; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.fail; import org.junit.Before; import org.junit.Test; +import java.security.GeneralSecurityException; +import java.util.Arrays; + import javax.crypto.Cipher; import javax.crypto.Mac; import javax.crypto.SecretKey; @@ -65,9 +69,40 @@ public final class IkeEncryptedPayloadBodyTest { private SecretKey mAesCbcKey; private Mac mHmacSha1IntegrityMac; + private byte[] mDataToPadAndEncrypt; + private byte[] mDataToAuthenticate; + private byte[] mEncryptedPaddedData; + private byte[] mIkeMessage; + + private byte[] mChecksum; + private byte[] mIv; + private byte[] mPadding; + // TODO: Add tests for authenticating and decrypting received message. @Before public void setUp() throws Exception { + mDataToPadAndEncrypt = + TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_UNENCRYPTED_DATA); + String hexStringToAuthenticate = + IKE_AUTH_INIT_REQUEST_HEADER + + IKE_AUTH_INIT_REQUEST_SK_HEADER + + IKE_AUTH_INIT_REQUEST_IV + + IKE_AUTH_INIT_REQUEST_ENCRYPT_PADDED_DATA; + mDataToAuthenticate = TestUtils.hexStringToByteArray(hexStringToAuthenticate); + mEncryptedPaddedData = + TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_ENCRYPT_PADDED_DATA); + mIkeMessage = + TestUtils.hexStringToByteArray( + IKE_AUTH_INIT_REQUEST_HEADER + + IKE_AUTH_INIT_REQUEST_SK_HEADER + + IKE_AUTH_INIT_REQUEST_IV + + IKE_AUTH_INIT_REQUEST_ENCRYPT_PADDED_DATA + + IKE_AUTH_INIT_REQUEST_CHECKSUM); + + mChecksum = TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_CHECKSUM); + mIv = TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_IV); + mPadding = TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_PADDING); + mAesCbcCipher = Cipher.getInstance(ENCR_ALGO_AES_CBC, IkeMessage.getSecurityProvider()); byte[] encryptKeyBytes = TestUtils.hexStringToByteArray(ENCR_KEY_FROM_INIT_TO_RESP); mAesCbcKey = new SecretKeySpec(encryptKeyBytes, ENCR_ALGO_AES_CBC); @@ -81,20 +116,30 @@ public final class IkeEncryptedPayloadBodyTest { @Test public void testCalculateChecksum() throws Exception { - String hexStringToAuthenticate = - IKE_AUTH_INIT_REQUEST_HEADER - + IKE_AUTH_INIT_REQUEST_SK_HEADER - + IKE_AUTH_INIT_REQUEST_IV - + IKE_AUTH_INIT_REQUEST_ENCRYPT_PADDED_DATA; - byte[] byteToAuthenticate = TestUtils.hexStringToByteArray(hexStringToAuthenticate); - - byte[] expectedCheckSum = TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_CHECKSUM); - byte[] calculatedChecksum = IkeEncryptedPayloadBody.calculateChecksum( - byteToAuthenticate, mHmacSha1IntegrityMac, HMAC_SHA1_CHECKSUM_LEN); + mDataToAuthenticate, mHmacSha1IntegrityMac, HMAC_SHA1_CHECKSUM_LEN); + + assertArrayEquals(mChecksum, calculatedChecksum); + } + + @Test + public void testValidateChecksum() throws Exception { + IkeEncryptedPayloadBody.validateChecksumOrThrow( + mDataToAuthenticate, mHmacSha1IntegrityMac, mChecksum); + } - assertArrayEquals(expectedCheckSum, calculatedChecksum); + @Test + public void testThrowForInvalidChecksum() throws Exception { + byte[] dataToAuthenticate = Arrays.copyOf(mDataToAuthenticate, mDataToAuthenticate.length); + dataToAuthenticate[0]++; + + try { + IkeEncryptedPayloadBody.validateChecksumOrThrow( + dataToAuthenticate, mHmacSha1IntegrityMac, mChecksum); + fail("Expected GeneralSecurityException due to mismatched checksum."); + } catch (GeneralSecurityException expected) { + } } @Test @@ -132,40 +177,37 @@ public final class IkeEncryptedPayloadBodyTest { @Test public void testEncrypt() throws Exception { - byte[] dataToEncrypt = - TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_UNENCRYPTED_DATA); - byte[] iv = TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_IV); - byte[] padding = TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_PADDING); - byte[] calculatedData = IkeEncryptedPayloadBody.encrypt( - dataToEncrypt, mAesCbcCipher, mAesCbcKey, iv, padding); - byte[] expectedData = - TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_ENCRYPT_PADDED_DATA); + mDataToPadAndEncrypt, mAesCbcCipher, mAesCbcKey, mIv, mPadding); + + assertArrayEquals(mEncryptedPaddedData, calculatedData); + } + + @Test + public void testDecrypt() throws Exception { + byte[] calculatedPlainText = + IkeEncryptedPayloadBody.decrypt( + mEncryptedPaddedData, mAesCbcCipher, mAesCbcKey, mIv); - assertArrayEquals(expectedData, calculatedData); + assertArrayEquals(mDataToPadAndEncrypt, calculatedPlainText); } @Test public void testBuildAndEncodeOutboundIkeEncryptedPayloadBody() throws Exception { - byte[] ikeAndPayloadHeader = - TestUtils.hexStringToByteArray( - IKE_AUTH_INIT_REQUEST_HEADER + IKE_AUTH_INIT_REQUEST_SK_HEADER); - byte[] unencryptedPayloads = - TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_UNENCRYPTED_DATA); - byte[] iv = TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_IV); - byte[] padding = TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_PADDING); + IkeHeader ikeHeader = new IkeHeader(mIkeMessage); IkeEncryptedPayloadBody paylaodBody = new IkeEncryptedPayloadBody( - ikeAndPayloadHeader, - unencryptedPayloads, + ikeHeader, + IkePayload.PAYLOAD_TYPE_ID_INITIATOR, + mDataToPadAndEncrypt, mHmacSha1IntegrityMac, HMAC_SHA1_CHECKSUM_LEN, mAesCbcCipher, mAesCbcKey, - iv, - padding); + mIv, + mPadding); byte[] expectedEncodedData = TestUtils.hexStringToByteArray( @@ -174,4 +216,17 @@ public final class IkeEncryptedPayloadBodyTest { + IKE_AUTH_INIT_REQUEST_CHECKSUM); assertArrayEquals(expectedEncodedData, paylaodBody.encode()); } + + @Test + public void testAuthenticateAndDecryptInboundIkeEncryptedPayloadBody() throws Exception { + IkeEncryptedPayloadBody paylaodBody = + new IkeEncryptedPayloadBody( + mIkeMessage, + mHmacSha1IntegrityMac, + HMAC_SHA1_CHECKSUM_LEN, + mAesCbcCipher, + mAesCbcKey); + + assertArrayEquals(mDataToPadAndEncrypt, paylaodBody.getUnencryptedData()); + } } diff --git a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSkPayloadTest.java b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSkPayloadTest.java index aebd1194..13866fb6 100644 --- a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSkPayloadTest.java +++ b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSkPayloadTest.java @@ -17,13 +17,11 @@ package com.android.ike.ikev2.message; import static org.junit.Assert.assertArrayEquals; -import static org.junit.Assert.fail; import org.junit.Before; import org.junit.Test; import java.nio.ByteBuffer; -import java.security.GeneralSecurityException; import java.util.Arrays; import javax.crypto.Cipher; @@ -82,44 +80,11 @@ public final class IkeSkPayloadTest { } @Test - public void testAuthenticateAndDecryptMessage() throws Exception { - byte[] message = TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_HEX_STRING); - - IkeSkPayload payload = - IkePayloadFactory.getIkeSkPayload( - message, - mHmacSha1IntegrityMac, - CHECKSUM_LEN, - mAesCbcDecryptCipher, - mAesCbcDecryptKey) - .first; - byte[] expectedPlaintext = - TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_DECRYPTED_BODY_HEX_STRING); - assertArrayEquals(expectedPlaintext, payload.getUnencryptedPayloads()); - } - - @Test - public void testThrowExceptionForInvalidChecksum() throws Exception { - byte[] message = TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_HEX_STRING); - // Change last bit of checksum. - message[message.length - 1]++; - try { - IkePayloadFactory.getIkeSkPayload( - message, - mHmacSha1IntegrityMac, - CHECKSUM_LEN, - mAesCbcDecryptCipher, - mAesCbcDecryptKey); - fail("Expected GeneralSecurityException: Invalid checksum."); - } catch (GeneralSecurityException expected) { - } - } - - @Test public void testEncode() throws Exception { byte[] message = TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_HEX_STRING); byte[] payloadBytes = Arrays.copyOfRange(message, IkeHeader.IKE_HEADER_LENGTH, message.length); + IkeSkPayload payload = IkePayloadFactory.getIkeSkPayload( message, |