diff options
author | Cody Kesting <ckesting@google.com> | 2019-10-31 17:45:03 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2019-10-31 17:45:03 +0000 |
commit | bca2b6207375e7bb0045243a66f2f7b633728667 (patch) | |
tree | efe437cce3008b642d02b0c0d6572393c9d10535 /tests/iketests/src/java/com | |
parent | 15f3dbc19af65abd88fd2cf476d44f725cc11c39 (diff) | |
parent | cfe5ee62b28eb0bf9b9c79b02aaa7582f59db695 (diff) | |
download | ike-bca2b6207375e7bb0045243a66f2f7b633728667.tar.gz |
Merge "Check for bidding down attack in EAP-AKA."
Diffstat (limited to 'tests/iketests/src/java/com')
-rw-r--r-- | tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaChallengeStateTest.java | 50 | ||||
-rw-r--r-- | tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaStateTest.java | 2 |
2 files changed, 48 insertions, 4 deletions
diff --git a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaChallengeStateTest.java b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaChallengeStateTest.java index 4deecf30..feb02439 100644 --- a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaChallengeStateTest.java +++ b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaChallengeStateTest.java @@ -64,6 +64,7 @@ import com.android.ike.eap.message.EapData; import com.android.ike.eap.message.EapMessage; import com.android.ike.eap.message.simaka.EapAkaTypeData; import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtAutn; +import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtBidding; import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtMac; import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtRandAka; import com.android.ike.eap.message.simaka.EapSimAkaTypeData.DecodeResult; @@ -92,13 +93,24 @@ public class EapAkaChallengeStateTest extends EapAkaStateTest { * 020500000123456789ABCDEFFEDCBA9876543210 | AT_AUTN * 0B05000000000000000000000000000000000000 | AT_MAC (zeroed out) * - * MK = SHA-1(message) + * MK = SHA-1(Identity | IK | CK) * K_encr, K_aut, MSK, EMSK = PRF(MK) * MAC = HMAC-SHA-1(K_aut, message) */ private static final byte[] REQUEST_MAC_BYTES = hexStringToByteArray("3EB97A1D0E62894FD0DA384D24D8983C"); + /** + * message = 01100048 | EAP-Request, ID, length in bytes + * 17010000 | EAP-AKA, AKA-Challenge, padding + * 0105000000112233445566778899AABBCCDDEEFF | AT_RAND + * 020500000123456789ABCDEFFEDCBA9876543210 | AT_AUTN + * 88018000 | AT_BIDDING + * 0B05000000000000000000000000000000000000 | AT_MAC (zeroed out) + */ + private static final byte[] BIDDING_DOWN_MAC = + hexStringToByteArray("9CB543894A5EFDC32DF6A6CE1AB0E01A"); + @Before public void setUp() { super.setUp(); @@ -352,8 +364,6 @@ public class EapAkaChallengeStateTest extends EapAkaStateTest { @Test public void testProcessValidChallenge() throws Exception { - // TODO(b/140258387): update test vectors with externally generated values - EapData eapData = new EapData(EAP_TYPE_AKA, DUMMY_EAP_TYPE_DATA); EapMessage eapMessage = new EapMessage(EAP_CODE_REQUEST, ID_INT, eapData); @@ -383,4 +393,38 @@ public class EapAkaChallengeStateTest extends EapAkaStateTest { BASE_64_CHALLENGE); verifyNoMoreInteractions(mMockEapAkaTypeDataDecoder, mMockTelephonyManager); } + + @Test + public void testProcessBiddingDownAttack() throws Exception { + EapData eapData = new EapData(EAP_TYPE_AKA, DUMMY_EAP_TYPE_DATA); + EapMessage eapMessage = new EapMessage(EAP_CODE_REQUEST, ID_INT, eapData); + + AtRandAka atRandAka = new AtRandAka(RAND_1_BYTES); + AtAutn atAutn = new AtAutn(AUTN_BYTES); + AtBidding atBidding = new AtBidding(true); + AtMac atMac = new AtMac(BIDDING_DOWN_MAC); + + DecodeResult<EapAkaTypeData> decodeResult = + new DecodeResult<>( + new EapAkaTypeData( + EAP_AKA_CHALLENGE, + Arrays.asList(atRandAka, atAutn, atBidding, atMac))); + when(mMockEapAkaTypeDataDecoder.decode(eq(DUMMY_EAP_TYPE_DATA))).thenReturn(decodeResult); + when(mMockTelephonyManager.getIccAuthentication( + TelephonyManager.APPTYPE_USIM, + TelephonyManager.AUTHTYPE_EAP_AKA, + BASE_64_CHALLENGE)) + .thenReturn(EAP_AKA_UICC_RESP_SUCCESS_BASE_64); + + EapResponse eapResponse = (EapResponse) mEapAkaMethodStateMachine.process(eapMessage); + assertArrayEquals(EAP_AKA_AUTHENTICATION_REJECT, eapResponse.packet); + + verify(mMockEapAkaTypeDataDecoder).decode(eq(DUMMY_EAP_TYPE_DATA)); + verify(mMockTelephonyManager) + .getIccAuthentication( + TelephonyManager.APPTYPE_USIM, + TelephonyManager.AUTHTYPE_EAP_AKA, + BASE_64_CHALLENGE); + verifyNoMoreInteractions(mMockEapAkaTypeDataDecoder, mMockTelephonyManager); + } } diff --git a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaStateTest.java b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaStateTest.java index d138cb40..0347b669 100644 --- a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaStateTest.java +++ b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaStateTest.java @@ -86,7 +86,7 @@ public class EapAkaStateTest { EAP_IDENTITY_BYTES, mEapAkaConfig, mMockEapAkaTypeDataDecoder, - false); + true); verify(mMockTelephonyManager).createForSubscriptionId(SUB_ID); } |