aboutsummaryrefslogtreecommitdiff
path: root/tests/iketests/src
diff options
context:
space:
mode:
authorYan Yan <evitayan@google.com>2019-10-09 17:52:49 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>2019-10-09 17:52:49 +0000
commit66ea9b437e83d8e140e9bfe117b09531f7160ea5 (patch)
tree12e6dcfe9780504f9dbf5edc8bd6836cc1ef2329 /tests/iketests/src
parent2ec253439bfa08b3041773fa326ca8c695ed792c (diff)
parentd824ae4791450488ab87ce8d0c7b8858410045e5 (diff)
downloadike-66ea9b437e83d8e140e9bfe117b09531f7160ea5.tar.gz
Merge changes I124575be,I68225683,I3bb7ad67
* changes: Support configuring internal address requests Refactor ChildSessionOptions Refactor SaProposal
Diffstat (limited to 'tests/iketests/src')
-rw-r--r--tests/iketests/src/java/com/android/ike/ikev2/ChildSessionOptionsTest.java27
-rw-r--r--tests/iketests/src/java/com/android/ike/ikev2/ChildSessionStateMachineTest.java12
-rw-r--r--tests/iketests/src/java/com/android/ike/ikev2/IkeSessionOptionsTest.java22
-rw-r--r--tests/iketests/src/java/com/android/ike/ikev2/IkeSessionStateMachineTest.java14
-rw-r--r--tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java92
-rw-r--r--tests/iketests/src/java/com/android/ike/ikev2/TunnelModeChildSessionOptionsTest.java133
-rw-r--r--tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java39
7 files changed, 213 insertions, 126 deletions
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionOptionsTest.java b/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionOptionsTest.java
index fab0e54a..5f8a4fc6 100644
--- a/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionOptionsTest.java
+++ b/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionOptionsTest.java
@@ -24,19 +24,18 @@ import static org.junit.Assert.fail;
import org.junit.Test;
public final class ChildSessionOptionsTest {
-
private static final int NUM_TS = 1;
@Test
public void testBuild() throws Exception {
- SaProposal saProposal =
- SaProposal.Builder.newChildSaProposalBuilder()
+ ChildSaProposal saProposal =
+ new ChildSaProposal.Builder()
.addEncryptionAlgorithm(
SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12,
SaProposal.KEY_LEN_AES_128)
.build();
ChildSessionOptions sessionOptions =
- new ChildSessionOptions.Builder().addSaProposal(saProposal).build();
+ new TunnelModeChildSessionOptions.Builder().addSaProposal(saProposal).build();
assertArrayEquals(new SaProposal[] {saProposal}, sessionOptions.getSaProposals());
assertEquals(NUM_TS, sessionOptions.getLocalTrafficSelectors().length);
@@ -47,27 +46,9 @@ public final class ChildSessionOptionsTest {
@Test
public void testBuildWithoutSaProposal() throws Exception {
try {
- new ChildSessionOptions.Builder().build();
+ new TunnelModeChildSessionOptions.Builder().build();
fail("Expected to fail due to the absence of SA proposal.");
} catch (IllegalArgumentException expected) {
}
}
-
- @Test
- public void testBuildWithIkeSaProposal() throws Exception {
- SaProposal saProposal =
- SaProposal.Builder.newIkeSaProposalBuilder()
- .addEncryptionAlgorithm(
- SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8,
- SaProposal.KEY_LEN_AES_128)
- .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC)
- .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP)
- .build();
-
- try {
- new ChildSessionOptions.Builder().addSaProposal(saProposal).build();
- fail("Expected to fail due to wrong type of SA proposal.");
- } catch (IllegalArgumentException expected) {
- }
- }
}
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionStateMachineTest.java b/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionStateMachineTest.java
index 23331286..86967f53 100644
--- a/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionStateMachineTest.java
+++ b/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionStateMachineTest.java
@@ -178,7 +178,7 @@ public final class ChildSessionStateMachineTest {
private IntegrityTransform mChildIntegrityTransform;
private DhGroupTransform mChildDhGroupTransform;
- private SaProposal mMockNegotiatedProposal;
+ private ChildSaProposal mMockNegotiatedProposal;
private Executor mSpyUserCbExecutor;
private IChildSessionCallback mMockChildSessionCallback;
@@ -222,7 +222,7 @@ public final class ChildSessionStateMachineTest {
mMockIpSecManager = new IpSecManager(mContext, mMockIpSecService);
mMockUdpEncapSocket = mock(UdpEncapsulationSocket.class);
- mMockNegotiatedProposal = mock(SaProposal.class);
+ mMockNegotiatedProposal = mock(ChildSaProposal.class);
mSpyUserCbExecutor =
spy(
@@ -260,8 +260,8 @@ public final class ChildSessionStateMachineTest {
SaRecord.setSaRecordHelper(new SaRecordHelper());
}
- private SaProposal buildSaProposal() throws Exception {
- return SaProposal.Builder.newChildSaProposalBuilder()
+ private ChildSaProposal buildSaProposal() throws Exception {
+ return new ChildSaProposal.Builder()
.addEncryptionAlgorithm(
SaProposal.ENCRYPTION_ALGORITHM_AES_CBC, SaProposal.KEY_LEN_AES_128)
.addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96)
@@ -269,7 +269,7 @@ public final class ChildSessionStateMachineTest {
}
private ChildSessionOptions buildChildSessionOptions() throws Exception {
- return new ChildSessionOptions.Builder().addSaProposal(buildSaProposal()).build();
+ return new TunnelModeChildSessionOptions.Builder().addSaProposal(buildSaProposal()).build();
}
private void setUpChildSaRecords() {
@@ -408,7 +408,7 @@ public final class ChildSessionStateMachineTest {
instanceof ChildSessionStateMachine.Idle);
// Validate negotiated SA proposal.
- SaProposal negotiatedProposal = mChildSessionStateMachine.mSaProposal;
+ ChildSaProposal negotiatedProposal = mChildSessionStateMachine.mSaProposal;
assertNotNull(negotiatedProposal);
assertEquals(
new EncryptionTransform[] {mChildEncryptionTransform},
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionOptionsTest.java b/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionOptionsTest.java
index 161da31d..32325084 100644
--- a/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionOptionsTest.java
+++ b/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionOptionsTest.java
@@ -56,7 +56,7 @@ public final class IkeSessionOptionsTest {
(Inet4Address) (InetAddressUtils.parseNumericAddress("192.0.2.100"));
private UdpEncapsulationSocket mUdpEncapSocket;
- private SaProposal mIkeSaProposal;
+ private IkeSaProposal mIkeSaProposal;
private IkeIdentification mLocalIdentification;
private IkeIdentification mRemoteIdentification;
@@ -67,7 +67,7 @@ public final class IkeSessionOptionsTest {
mUdpEncapSocket = ipSecManager.openUdpEncapsulationSocket();
mIkeSaProposal =
- SaProposal.Builder.newIkeSaProposalBuilder()
+ new IkeSaProposal.Builder()
.addEncryptionAlgorithm(
SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8,
SaProposal.KEY_LEN_AES_128)
@@ -180,22 +180,4 @@ public final class IkeSessionOptionsTest {
} catch (IllegalArgumentException expected) {
}
}
-
- @Test
- public void testBuildWithChildSaProposal() throws Exception {
- SaProposal saProposal =
- SaProposal.Builder.newChildSaProposalBuilder()
- .addEncryptionAlgorithm(
- SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8,
- SaProposal.KEY_LEN_AES_128)
- .build();
- try {
- new IkeSessionOptions.Builder(REMOTE_IPV4_ADDRESS, mUdpEncapSocket)
- .addSaProposal(saProposal)
- .setAuthPsk(PSK)
- .build();
- fail("Expected to fail due to wrong type of SA proposal.");
- } catch (IllegalArgumentException expected) {
- }
- }
}
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionStateMachineTest.java b/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionStateMachineTest.java
index e34b12b8..63332d53 100644
--- a/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionStateMachineTest.java
+++ b/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionStateMachineTest.java
@@ -119,7 +119,6 @@ import com.android.ike.ikev2.message.IkePayload;
import com.android.ike.ikev2.message.IkeSaPayload;
import com.android.ike.ikev2.message.IkeSaPayload.DhGroupTransform;
import com.android.ike.ikev2.message.IkeSaPayload.EncryptionTransform;
-import com.android.ike.ikev2.message.IkeSaPayload.EsnTransform;
import com.android.ike.ikev2.message.IkeSaPayload.IntegrityTransform;
import com.android.ike.ikev2.message.IkeSaPayload.PrfTransform;
import com.android.ike.ikev2.message.IkeSkfPayload;
@@ -707,8 +706,8 @@ public final class IkeSessionStateMachineTest {
return ikeSession;
}
- static SaProposal buildSaProposal() throws Exception {
- return SaProposal.Builder.newIkeSaProposalBuilder()
+ static IkeSaProposal buildSaProposal() throws Exception {
+ return new IkeSaProposal.Builder()
.addEncryptionAlgorithm(
SaProposal.ENCRYPTION_ALGORITHM_AES_CBC, SaProposal.KEY_LEN_AES_128)
.addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96)
@@ -736,14 +735,14 @@ public final class IkeSessionStateMachineTest {
}
private ChildSessionOptions buildChildSessionOptions() throws Exception {
- SaProposal saProposal =
- SaProposal.Builder.newChildSaProposalBuilder()
+ ChildSaProposal saProposal =
+ new ChildSaProposal.Builder()
.addEncryptionAlgorithm(
SaProposal.ENCRYPTION_ALGORITHM_AES_CBC, SaProposal.KEY_LEN_AES_128)
.addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96)
.build();
- return new ChildSessionOptions.Builder().addSaProposal(saProposal).build();
+ return new TransportModeChildSessionOptions.Builder().addSaProposal(saProposal).build();
}
private ReceivedIkePacket makeIkeInitResponse() throws Exception {
@@ -1192,7 +1191,7 @@ public final class IkeSessionStateMachineTest {
verifyRetransmissionStarted();
// Validate negotiated SA proposal.
- SaProposal negotiatedProposal = mIkeSessionStateMachine.mSaProposal;
+ IkeSaProposal negotiatedProposal = mIkeSessionStateMachine.mSaProposal;
assertNotNull(negotiatedProposal);
assertEquals(
@@ -1202,7 +1201,6 @@ public final class IkeSessionStateMachineTest {
new IntegrityTransform[] {mIkeIntegrityTransform},
negotiatedProposal.getIntegrityTransforms());
assertEquals(new PrfTransform[] {mIkePrfTransform}, negotiatedProposal.getPrfTransforms());
- assertEquals(new EsnTransform[0], negotiatedProposal.getEsnTransforms());
// Validate current IkeSaRecord.
verify(mMockSaRecordHelper)
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java b/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java
index 1f841a48..da1a0f09 100644
--- a/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java
+++ b/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java
@@ -16,13 +16,15 @@
package com.android.ike.ikev2;
+import static com.android.ike.ikev2.SaProposal.KEY_LEN_AES_128;
+import static com.android.ike.ikev2.SaProposal.KEY_LEN_UNUSED;
+
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import com.android.ike.ikev2.SaProposal.Builder;
import com.android.ike.ikev2.message.IkePayload;
import com.android.ike.ikev2.message.IkeSaPayload.DhGroupTransform;
import com.android.ike.ikev2.message.IkeSaPayload.EncryptionTransform;
@@ -42,7 +44,8 @@ public final class SaProposalTest {
private final DhGroupTransform mDhGroup1024Transform;
public SaProposalTest() {
- mEncryption3DesTransform = new EncryptionTransform(SaProposal.ENCRYPTION_ALGORITHM_3DES);
+ mEncryption3DesTransform =
+ new EncryptionTransform(SaProposal.ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED);
mEncryptionAesGcm8Transform =
new EncryptionTransform(
SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, SaProposal.KEY_LEN_AES_128);
@@ -58,9 +61,10 @@ public final class SaProposalTest {
@Test
public void testBuildIkeSaProposalWithNormalModeCipher() throws Exception {
- Builder builder = Builder.newIkeSaProposalBuilder();
- SaProposal proposal =
- builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES)
+ IkeSaProposal proposal =
+ new IkeSaProposal.Builder()
+ .addEncryptionAlgorithm(
+ SaProposal.ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED)
.addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96)
.addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC)
.addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP)
@@ -81,9 +85,9 @@ public final class SaProposalTest {
@Test
public void testBuildIkeSaProposalWithCombinedModeCipher() throws Exception {
- Builder builder = Builder.newIkeSaProposalBuilder();
- SaProposal proposal =
- builder.addEncryptionAlgorithm(
+ IkeSaProposal proposal =
+ new IkeSaProposal.Builder()
+ .addEncryptionAlgorithm(
SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8,
SaProposal.KEY_LEN_AES_128)
.addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC)
@@ -103,10 +107,10 @@ public final class SaProposalTest {
@Test
public void testBuildChildSaProposalWithNormalCipher() throws Exception {
- Builder builder = Builder.newChildSaProposalBuilder();
-
- SaProposal proposal =
- builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES)
+ ChildSaProposal proposal =
+ new ChildSaProposal.Builder()
+ .addEncryptionAlgorithm(
+ SaProposal.ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED)
.addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE)
.addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP)
.build();
@@ -120,33 +124,31 @@ public final class SaProposalTest {
proposal.getIntegrityTransforms());
assertArrayEquals(
new DhGroupTransform[] {mDhGroup1024Transform}, proposal.getDhGroupTransforms());
- assertTrue(proposal.getPrfTransforms().length == 0);
}
@Test
public void testGetCopyWithoutDhGroup() throws Exception {
- SaProposal proposal =
- Builder.newChildSaProposalBuilder()
- .addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES)
+ ChildSaProposal proposal =
+ new ChildSaProposal.Builder()
+ .addEncryptionAlgorithm(
+ SaProposal.ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED)
.addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE)
.addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP)
.build();
- SaProposal proposalWithoutDh = proposal.getCopyWithoutDhTransform();
+ ChildSaProposal proposalWithoutDh = proposal.getCopyWithoutDhTransform();
assertArrayEquals(
proposal.getEncryptionTransforms(), proposalWithoutDh.getEncryptionTransforms());
assertArrayEquals(
proposal.getIntegrityTransforms(), proposalWithoutDh.getIntegrityTransforms());
- assertArrayEquals(proposal.getPrfTransforms(), proposalWithoutDh.getPrfTransforms());
assertTrue(proposal.getDhGroupTransforms().length == 1);
assertTrue(proposalWithoutDh.getDhGroupTransforms().length == 0);
}
@Test
public void testBuildEncryptAlgosWithNoAlgorithm() throws Exception {
- Builder builder = Builder.newIkeSaProposalBuilder();
try {
- builder.build();
+ new IkeSaProposal.Builder().build();
fail("Expected to fail when no encryption algorithm is proposed.");
} catch (IllegalArgumentException expected) {
@@ -155,9 +157,8 @@ public final class SaProposalTest {
@Test
public void testBuildEncryptAlgosWithUnrecognizedAlgorithm() throws Exception {
- Builder builder = Builder.newIkeSaProposalBuilder();
try {
- builder.addEncryptionAlgorithm(-1);
+ new IkeSaProposal.Builder().addEncryptionAlgorithm(-1, KEY_LEN_UNUSED);
fail("Expected to fail when unrecognized encryption algorithm is proposed.");
} catch (IllegalArgumentException expected) {
@@ -166,10 +167,11 @@ public final class SaProposalTest {
@Test
public void testBuildEncryptAlgosWithTwoModes() throws Exception {
- Builder builder = Builder.newIkeSaProposalBuilder();
try {
- builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES)
- .addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12);
+ new IkeSaProposal.Builder()
+ .addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED)
+ .addEncryptionAlgorithm(
+ SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12, KEY_LEN_AES_128);
fail(
"Expected to fail when "
+ "normal and combined-mode ciphers are proposed together.");
@@ -180,24 +182,11 @@ public final class SaProposalTest {
@Test
public void testBuildIkeProposalWithoutPrf() throws Exception {
- Builder builder = Builder.newIkeSaProposalBuilder();
try {
- builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES).build();
- fail("Expected to fail when PRF is not provided in IKE SA proposal.");
- } catch (IllegalArgumentException expected) {
-
- }
- }
-
- @Test
- public void testBuildChildProposalWithPrf() throws Exception {
- Builder builder = Builder.newChildSaProposalBuilder();
- try {
- builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES)
- .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1)
+ new IkeSaProposal.Builder()
+ .addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED)
.build();
-
- fail("Expected to fail when PRF is provided in Child SA proposal.");
+ fail("Expected to fail when PRF is not provided in IKE SA proposal.");
} catch (IllegalArgumentException expected) {
}
@@ -207,9 +196,10 @@ public final class SaProposalTest {
// algorithm.
@Test
public void testBuildAeadWithIntegrityAlgo() throws Exception {
- Builder builder = Builder.newChildSaProposalBuilder();
try {
- builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12)
+ new ChildSaProposal.Builder()
+ .addEncryptionAlgorithm(
+ SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12, KEY_LEN_AES_128)
.addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE)
.addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96)
.build();
@@ -224,9 +214,9 @@ public final class SaProposalTest {
// integrity algorithm.
@Test
public void testBuildIkeProposalNormalCipherWithoutIntegrityAlgo() throws Exception {
- Builder builder = Builder.newChildSaProposalBuilder();
try {
- builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES)
+ new IkeSaProposal.Builder()
+ .addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED)
.addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1)
.build();
@@ -242,9 +232,9 @@ public final class SaProposalTest {
// integrity algorithm.
@Test
public void testBuildIkeProposalNormalCipherWithNoneValueIntegrityAlgo() throws Exception {
- Builder builder = Builder.newChildSaProposalBuilder();
try {
- builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES)
+ new IkeSaProposal.Builder()
+ .addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED)
.addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1)
.addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE)
.addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96)
@@ -260,9 +250,9 @@ public final class SaProposalTest {
@Test
public void testBuildIkeProposalWithoutDhGroup() throws Exception {
- Builder builder = Builder.newIkeSaProposalBuilder();
try {
- builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES)
+ new IkeSaProposal.Builder()
+ .addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED)
.addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96)
.addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC)
.build();
@@ -275,9 +265,9 @@ public final class SaProposalTest {
@Test
public void testBuildIkeProposalWithNoneValueDhGroup() throws Exception {
- Builder builder = Builder.newIkeSaProposalBuilder();
try {
- builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES)
+ new IkeSaProposal.Builder()
+ .addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED)
.addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96)
.addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC)
.addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP)
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/TunnelModeChildSessionOptionsTest.java b/tests/iketests/src/java/com/android/ike/ikev2/TunnelModeChildSessionOptionsTest.java
new file mode 100644
index 00000000..a67d44f9
--- /dev/null
+++ b/tests/iketests/src/java/com/android/ike/ikev2/TunnelModeChildSessionOptionsTest.java
@@ -0,0 +1,133 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.ike.ikev2;
+
+import static android.system.OsConstants.AF_INET;
+import static android.system.OsConstants.AF_INET6;
+
+import static com.android.ike.ikev2.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_ADDRESS;
+import static com.android.ike.ikev2.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_NETMASK;
+import static com.android.ike.ikev2.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP6_ADDRESS;
+
+import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.fail;
+
+import android.util.SparseArray;
+
+import com.android.ike.ikev2.message.IkeConfigPayload.ConfigAttribute;
+
+import libcore.net.InetAddressUtils;
+
+import org.junit.Before;
+import org.junit.Test;
+
+import java.net.Inet4Address;
+import java.net.Inet6Address;
+
+public final class TunnelModeChildSessionOptionsTest {
+ private static final int NUM_TS = 1;
+
+ private static final int IP4_PREFIX_LEN = 32;
+ private static final int IP6_PREFIX_LEN = 64;
+
+ private static final Inet4Address IPV4_ADDRESS =
+ (Inet4Address) (InetAddressUtils.parseNumericAddress("192.0.2.100"));
+ private static final Inet6Address IPV6_ADDRESS =
+ (Inet6Address) (InetAddressUtils.parseNumericAddress("2001:db8::1"));
+
+ private ChildSaProposal mSaProposal;
+
+ @Before
+ public void setup() {
+ mSaProposal =
+ new ChildSaProposal.Builder()
+ .addEncryptionAlgorithm(
+ SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12,
+ SaProposal.KEY_LEN_AES_128)
+ .build();
+ }
+
+ private void verifyCommon(TunnelModeChildSessionOptions childOptions) {
+ assertArrayEquals(new SaProposal[] {mSaProposal}, childOptions.getSaProposals());
+ assertEquals(NUM_TS, childOptions.getLocalTrafficSelectors().length);
+ assertEquals(NUM_TS, childOptions.getRemoteTrafficSelectors().length);
+ assertFalse(childOptions.isTransportMode());
+ }
+
+ private void verifyAttrTypes(
+ SparseArray exptectedAttrCntMap, TunnelModeChildSessionOptions childOptions) {
+ ConfigAttribute[] configAttributes = childOptions.getConfigurationRequests();
+
+ SparseArray<Integer> atrrCntMap = exptectedAttrCntMap.clone();
+
+ for (int i = 0; i < configAttributes.length; i++) {
+ int attType = configAttributes[i].attributeType;
+ assertNotNull(atrrCntMap.get(attType));
+
+ atrrCntMap.put(attType, atrrCntMap.get(attType) - 1);
+ if (atrrCntMap.get(attType) == 0) atrrCntMap.remove(attType);
+ }
+
+ assertEquals(0, atrrCntMap.size());
+ }
+
+ @Test
+ public void testBuildChildSessionOptionsWithoutConfigReq() {
+ TunnelModeChildSessionOptions childOptions =
+ new TunnelModeChildSessionOptions.Builder().addSaProposal(mSaProposal).build();
+
+ verifyCommon(childOptions);
+ assertEquals(0, childOptions.getConfigurationRequests().length);
+ }
+
+ @Test
+ public void testBuildChildSessionOptionsWithAddressReq() {
+ TunnelModeChildSessionOptions childOptions =
+ new TunnelModeChildSessionOptions.Builder()
+ .addSaProposal(mSaProposal)
+ .addInternalAddressRequest(AF_INET, 1)
+ .addInternalAddressRequest(AF_INET6, 2)
+ .addInternalAddressRequest(IPV4_ADDRESS, IP4_PREFIX_LEN)
+ .addInternalAddressRequest(IPV6_ADDRESS, IP6_PREFIX_LEN)
+ .build();
+
+ verifyCommon(childOptions);
+
+ SparseArray<Integer> exptectedAttrCntMap = new SparseArray<>();
+ exptectedAttrCntMap.put(CONFIG_ATTR_INTERNAL_IP4_ADDRESS, 2);
+ exptectedAttrCntMap.put(CONFIG_ATTR_INTERNAL_IP6_ADDRESS, 3);
+ exptectedAttrCntMap.put(CONFIG_ATTR_INTERNAL_IP4_NETMASK, 1);
+
+ verifyAttrTypes(exptectedAttrCntMap, childOptions);
+ }
+
+ @Test
+ public void testBuildChildSessionOptionsWithInvalidAddressReq() {
+ try {
+ new TunnelModeChildSessionOptions.Builder()
+ .addSaProposal(mSaProposal)
+ .addInternalAddressRequest(IPV4_ADDRESS, 31)
+ .build();
+ fail("Expected to fail due to invalid IPv4 prefix length.");
+ } catch (IllegalArgumentException expected) {
+
+ }
+ }
+}
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java
index e389ec02..7a6bd4c7 100644
--- a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java
+++ b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java
@@ -36,6 +36,8 @@ import android.net.IpSecSpiResponse;
import android.util.Pair;
import com.android.ike.TestUtils;
+import com.android.ike.ikev2.ChildSaProposal;
+import com.android.ike.ikev2.IkeSaProposal;
import com.android.ike.ikev2.SaProposal;
import com.android.ike.ikev2.exceptions.IkeProtocolException;
import com.android.ike.ikev2.exceptions.InvalidSyntaxException;
@@ -73,8 +75,8 @@ import java.util.List;
public final class IkeSaPayloadTest {
private static final String OUTBOUND_SA_PAYLOAD_HEADER = "22000030";
private static final String OUTBOUND_PROPOSAL_RAW_PACKET =
- "0000002C010100040300000C0100000C800E0080030000080200000203000008030"
- + "000020000000804000002";
+ "0000002C010100040300000C0100000C800E0080030000080300000203000008040"
+ + "000020000000802000002";
private static final String INBOUND_PROPOSAL_RAW_PACKET =
"0000002c010100040300000c0100000c800e0080030000080300000203000008040"
+ "000020000000802000002";
@@ -146,13 +148,13 @@ public final class IkeSaPayloadTest {
private Transform[] mValidNegotiatedTransformSet;
- private SaProposal mIkeSaProposalOne;
- private SaProposal mIkeSaProposalTwo;
- private SaProposal[] mTwoIkeSaProposalsArray;
+ private IkeSaProposal mIkeSaProposalOne;
+ private IkeSaProposal mIkeSaProposalTwo;
+ private IkeSaProposal[] mTwoIkeSaProposalsArray;
- private SaProposal mChildSaProposalOne;
- private SaProposal mChildSaProposalTwo;
- private SaProposal[] mTwoChildSaProposalsArray;
+ private ChildSaProposal mChildSaProposalOne;
+ private ChildSaProposal mChildSaProposalTwo;
+ private ChildSaProposal[] mTwoChildSaProposalsArray;
private MockIpSecTestUtils mMockIpSecTestUtils;
private IpSecService mMockIpSecService;
@@ -189,7 +191,7 @@ public final class IkeSaPayloadTest {
};
mIkeSaProposalOne =
- SaProposal.Builder.newIkeSaProposalBuilder()
+ new IkeSaProposal.Builder()
.addEncryptionAlgorithm(
SaProposal.ENCRYPTION_ALGORITHM_AES_CBC, SaProposal.KEY_LEN_AES_128)
.addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96)
@@ -198,7 +200,7 @@ public final class IkeSaPayloadTest {
.build();
mIkeSaProposalTwo =
- SaProposal.Builder.newIkeSaProposalBuilder()
+ new IkeSaProposal.Builder()
.addEncryptionAlgorithm(
SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8,
SaProposal.KEY_LEN_AES_128)
@@ -209,21 +211,22 @@ public final class IkeSaPayloadTest {
.addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP)
.addDhGroup(SaProposal.DH_GROUP_2048_BIT_MODP)
.build();
- mTwoIkeSaProposalsArray = new SaProposal[] {mIkeSaProposalOne, mIkeSaProposalTwo};
+ mTwoIkeSaProposalsArray = new IkeSaProposal[] {mIkeSaProposalOne, mIkeSaProposalTwo};
mChildSaProposalOne =
- SaProposal.Builder.newChildSaProposalBuilder()
+ new ChildSaProposal.Builder()
.addEncryptionAlgorithm(
SaProposal.ENCRYPTION_ALGORITHM_AES_CBC, SaProposal.KEY_LEN_AES_128)
.addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96)
.build();
mChildSaProposalTwo =
- SaProposal.Builder.newChildSaProposalBuilder()
+ new ChildSaProposal.Builder()
.addEncryptionAlgorithm(
SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8,
SaProposal.KEY_LEN_AES_128)
.build();
- mTwoChildSaProposalsArray = new SaProposal[] {mChildSaProposalOne, mChildSaProposalTwo};
+ mTwoChildSaProposalsArray =
+ new ChildSaProposal[] {mChildSaProposalOne, mChildSaProposalTwo};
mMockIpSecTestUtils = MockIpSecTestUtils.setUpMockIpSec();
mIpSecManager = mMockIpSecTestUtils.getIpSecManager();
@@ -625,7 +628,7 @@ public final class IkeSaPayloadTest {
assertEquals(IkePayload.SPI_LEN_NOT_INCLUDED, proposal.spiSize);
assertEquals(IkePayload.SPI_NOT_INCLUDED, proposal.spi);
assertFalse(proposal.hasUnrecognizedTransform);
- assertNotNull(proposal.saProposal);
+ assertNotNull(proposal.getSaProposal());
}
@Test
@@ -734,7 +737,7 @@ public final class IkeSaPayloadTest {
@Test
public void testEncodeIkeSaPayload() throws Exception {
IkeSaPayload saPayload =
- IkeSaPayload.createInitialIkeSaPayload(new SaProposal[] {mIkeSaProposalOne});
+ IkeSaPayload.createInitialIkeSaPayload(new IkeSaProposal[] {mIkeSaProposalOne});
ByteBuffer byteBuffer = ByteBuffer.allocate(saPayload.getPayloadLength());
saPayload.encodeToByteBuffer(IkePayload.PAYLOAD_TYPE_KE, byteBuffer);
@@ -760,7 +763,7 @@ public final class IkeSaPayloadTest {
IkeProposal reqProposal = negotiatedProposalPair.first;
IkeProposal respProposal = negotiatedProposalPair.second;
- assertEquals(respPayload.proposalList.get(0).saProposal, respProposal.saProposal);
+ assertEquals(respPayload.proposalList.get(0).getSaProposal(), respProposal.getSaProposal());
// SA Payload for IKE INIT exchange does not include IKE SPIs.
assertNull(reqProposal.getIkeSpiResource());
@@ -789,7 +792,7 @@ public final class IkeSaPayloadTest {
ChildProposal respProposal = negotiatedProposalPair.second;
// Verify results
- assertEquals(respPayload.proposalList.get(0).saProposal, respProposal.saProposal);
+ assertEquals(respPayload.proposalList.get(0).getSaProposal(), respProposal.getSaProposal());
int initSpi = isLocalInit ? CHILD_SPI_LOCAL_ONE : CHILD_SPI_REMOTE;
int respSpi = isLocalInit ? CHILD_SPI_REMOTE : CHILD_SPI_LOCAL_ONE;
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-18 06:46:32 +0000