diff options
author | Cody Kesting <ckesting@google.com> | 2019-10-25 10:12:15 -0700 |
---|---|---|
committer | Cody Kesting <ckesting@google.com> | 2019-10-29 12:33:41 -0700 |
commit | cfe5ee62b28eb0bf9b9c79b02aaa7582f59db695 (patch) | |
tree | 1eec34f55abbdba2ce16044009c6398e2c6bc20e /tests/iketests/src/java/com | |
parent | dd3fd194ba0e7f9581963b52af1cbcf0cfbc6526 (diff) | |
download | ike-cfe5ee62b28eb0bf9b9c79b02aaa7582f59db695.tar.gz |
Check for bidding down attack in EAP-AKA.
EAP-AKA' specifies the use of AT_BIDDING in EAP-AKA as a means to
prevent bidding down attacks from EAP-AKA' to EAP-AKA (RFC 5448#4). To
do so, the EapAkaMethodStateMachine must check for this attribute and
whether EAP-AKA' is supported after successfully authenticating the
server. If the server specifies that EAP-AKA' is supported, an
Authentication-Reject response is sent to the server.
Bug: 142742437
Test: added test case to EapAkaChallengeStateTest.
Test: atest FrameworksIkeTests
Change-Id: I859449c7f537ffe81d7d30c181008430abadbc96
Diffstat (limited to 'tests/iketests/src/java/com')
-rw-r--r-- | tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaChallengeStateTest.java | 50 | ||||
-rw-r--r-- | tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaStateTest.java | 2 |
2 files changed, 48 insertions, 4 deletions
diff --git a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaChallengeStateTest.java b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaChallengeStateTest.java index 4deecf30..feb02439 100644 --- a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaChallengeStateTest.java +++ b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaChallengeStateTest.java @@ -64,6 +64,7 @@ import com.android.ike.eap.message.EapData; import com.android.ike.eap.message.EapMessage; import com.android.ike.eap.message.simaka.EapAkaTypeData; import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtAutn; +import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtBidding; import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtMac; import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtRandAka; import com.android.ike.eap.message.simaka.EapSimAkaTypeData.DecodeResult; @@ -92,13 +93,24 @@ public class EapAkaChallengeStateTest extends EapAkaStateTest { * 020500000123456789ABCDEFFEDCBA9876543210 | AT_AUTN * 0B05000000000000000000000000000000000000 | AT_MAC (zeroed out) * - * MK = SHA-1(message) + * MK = SHA-1(Identity | IK | CK) * K_encr, K_aut, MSK, EMSK = PRF(MK) * MAC = HMAC-SHA-1(K_aut, message) */ private static final byte[] REQUEST_MAC_BYTES = hexStringToByteArray("3EB97A1D0E62894FD0DA384D24D8983C"); + /** + * message = 01100048 | EAP-Request, ID, length in bytes + * 17010000 | EAP-AKA, AKA-Challenge, padding + * 0105000000112233445566778899AABBCCDDEEFF | AT_RAND + * 020500000123456789ABCDEFFEDCBA9876543210 | AT_AUTN + * 88018000 | AT_BIDDING + * 0B05000000000000000000000000000000000000 | AT_MAC (zeroed out) + */ + private static final byte[] BIDDING_DOWN_MAC = + hexStringToByteArray("9CB543894A5EFDC32DF6A6CE1AB0E01A"); + @Before public void setUp() { super.setUp(); @@ -352,8 +364,6 @@ public class EapAkaChallengeStateTest extends EapAkaStateTest { @Test public void testProcessValidChallenge() throws Exception { - // TODO(b/140258387): update test vectors with externally generated values - EapData eapData = new EapData(EAP_TYPE_AKA, DUMMY_EAP_TYPE_DATA); EapMessage eapMessage = new EapMessage(EAP_CODE_REQUEST, ID_INT, eapData); @@ -383,4 +393,38 @@ public class EapAkaChallengeStateTest extends EapAkaStateTest { BASE_64_CHALLENGE); verifyNoMoreInteractions(mMockEapAkaTypeDataDecoder, mMockTelephonyManager); } + + @Test + public void testProcessBiddingDownAttack() throws Exception { + EapData eapData = new EapData(EAP_TYPE_AKA, DUMMY_EAP_TYPE_DATA); + EapMessage eapMessage = new EapMessage(EAP_CODE_REQUEST, ID_INT, eapData); + + AtRandAka atRandAka = new AtRandAka(RAND_1_BYTES); + AtAutn atAutn = new AtAutn(AUTN_BYTES); + AtBidding atBidding = new AtBidding(true); + AtMac atMac = new AtMac(BIDDING_DOWN_MAC); + + DecodeResult<EapAkaTypeData> decodeResult = + new DecodeResult<>( + new EapAkaTypeData( + EAP_AKA_CHALLENGE, + Arrays.asList(atRandAka, atAutn, atBidding, atMac))); + when(mMockEapAkaTypeDataDecoder.decode(eq(DUMMY_EAP_TYPE_DATA))).thenReturn(decodeResult); + when(mMockTelephonyManager.getIccAuthentication( + TelephonyManager.APPTYPE_USIM, + TelephonyManager.AUTHTYPE_EAP_AKA, + BASE_64_CHALLENGE)) + .thenReturn(EAP_AKA_UICC_RESP_SUCCESS_BASE_64); + + EapResponse eapResponse = (EapResponse) mEapAkaMethodStateMachine.process(eapMessage); + assertArrayEquals(EAP_AKA_AUTHENTICATION_REJECT, eapResponse.packet); + + verify(mMockEapAkaTypeDataDecoder).decode(eq(DUMMY_EAP_TYPE_DATA)); + verify(mMockTelephonyManager) + .getIccAuthentication( + TelephonyManager.APPTYPE_USIM, + TelephonyManager.AUTHTYPE_EAP_AKA, + BASE_64_CHALLENGE); + verifyNoMoreInteractions(mMockEapAkaTypeDataDecoder, mMockTelephonyManager); + } } diff --git a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaStateTest.java b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaStateTest.java index d138cb40..0347b669 100644 --- a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaStateTest.java +++ b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaStateTest.java @@ -86,7 +86,7 @@ public class EapAkaStateTest { EAP_IDENTITY_BYTES, mEapAkaConfig, mMockEapAkaTypeDataDecoder, - false); + true); verify(mMockTelephonyManager).createForSubscriptionId(SUB_ID); } |