diff options
author | Yan Yan <evitayan@google.com> | 2019-10-09 17:52:49 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2019-10-09 17:52:49 +0000 |
commit | 66ea9b437e83d8e140e9bfe117b09531f7160ea5 (patch) | |
tree | 12e6dcfe9780504f9dbf5edc8bd6836cc1ef2329 /tests/iketests/src | |
parent | 2ec253439bfa08b3041773fa326ca8c695ed792c (diff) | |
parent | d824ae4791450488ab87ce8d0c7b8858410045e5 (diff) | |
download | ike-66ea9b437e83d8e140e9bfe117b09531f7160ea5.tar.gz |
Merge changes I124575be,I68225683,I3bb7ad67
* changes:
Support configuring internal address requests
Refactor ChildSessionOptions
Refactor SaProposal
Diffstat (limited to 'tests/iketests/src')
7 files changed, 213 insertions, 126 deletions
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionOptionsTest.java b/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionOptionsTest.java index fab0e54a..5f8a4fc6 100644 --- a/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionOptionsTest.java +++ b/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionOptionsTest.java @@ -24,19 +24,18 @@ import static org.junit.Assert.fail; import org.junit.Test; public final class ChildSessionOptionsTest { - private static final int NUM_TS = 1; @Test public void testBuild() throws Exception { - SaProposal saProposal = - SaProposal.Builder.newChildSaProposalBuilder() + ChildSaProposal saProposal = + new ChildSaProposal.Builder() .addEncryptionAlgorithm( SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12, SaProposal.KEY_LEN_AES_128) .build(); ChildSessionOptions sessionOptions = - new ChildSessionOptions.Builder().addSaProposal(saProposal).build(); + new TunnelModeChildSessionOptions.Builder().addSaProposal(saProposal).build(); assertArrayEquals(new SaProposal[] {saProposal}, sessionOptions.getSaProposals()); assertEquals(NUM_TS, sessionOptions.getLocalTrafficSelectors().length); @@ -47,27 +46,9 @@ public final class ChildSessionOptionsTest { @Test public void testBuildWithoutSaProposal() throws Exception { try { - new ChildSessionOptions.Builder().build(); + new TunnelModeChildSessionOptions.Builder().build(); fail("Expected to fail due to the absence of SA proposal."); } catch (IllegalArgumentException expected) { } } - - @Test - public void testBuildWithIkeSaProposal() throws Exception { - SaProposal saProposal = - SaProposal.Builder.newIkeSaProposalBuilder() - .addEncryptionAlgorithm( - SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, - SaProposal.KEY_LEN_AES_128) - .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC) - .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) - .build(); - - try { - new ChildSessionOptions.Builder().addSaProposal(saProposal).build(); - fail("Expected to fail due to wrong type of SA proposal."); - } catch (IllegalArgumentException expected) { - } - } } diff --git a/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionStateMachineTest.java b/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionStateMachineTest.java index 23331286..86967f53 100644 --- a/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionStateMachineTest.java +++ b/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionStateMachineTest.java @@ -178,7 +178,7 @@ public final class ChildSessionStateMachineTest { private IntegrityTransform mChildIntegrityTransform; private DhGroupTransform mChildDhGroupTransform; - private SaProposal mMockNegotiatedProposal; + private ChildSaProposal mMockNegotiatedProposal; private Executor mSpyUserCbExecutor; private IChildSessionCallback mMockChildSessionCallback; @@ -222,7 +222,7 @@ public final class ChildSessionStateMachineTest { mMockIpSecManager = new IpSecManager(mContext, mMockIpSecService); mMockUdpEncapSocket = mock(UdpEncapsulationSocket.class); - mMockNegotiatedProposal = mock(SaProposal.class); + mMockNegotiatedProposal = mock(ChildSaProposal.class); mSpyUserCbExecutor = spy( @@ -260,8 +260,8 @@ public final class ChildSessionStateMachineTest { SaRecord.setSaRecordHelper(new SaRecordHelper()); } - private SaProposal buildSaProposal() throws Exception { - return SaProposal.Builder.newChildSaProposalBuilder() + private ChildSaProposal buildSaProposal() throws Exception { + return new ChildSaProposal.Builder() .addEncryptionAlgorithm( SaProposal.ENCRYPTION_ALGORITHM_AES_CBC, SaProposal.KEY_LEN_AES_128) .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) @@ -269,7 +269,7 @@ public final class ChildSessionStateMachineTest { } private ChildSessionOptions buildChildSessionOptions() throws Exception { - return new ChildSessionOptions.Builder().addSaProposal(buildSaProposal()).build(); + return new TunnelModeChildSessionOptions.Builder().addSaProposal(buildSaProposal()).build(); } private void setUpChildSaRecords() { @@ -408,7 +408,7 @@ public final class ChildSessionStateMachineTest { instanceof ChildSessionStateMachine.Idle); // Validate negotiated SA proposal. - SaProposal negotiatedProposal = mChildSessionStateMachine.mSaProposal; + ChildSaProposal negotiatedProposal = mChildSessionStateMachine.mSaProposal; assertNotNull(negotiatedProposal); assertEquals( new EncryptionTransform[] {mChildEncryptionTransform}, diff --git a/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionOptionsTest.java b/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionOptionsTest.java index 161da31d..32325084 100644 --- a/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionOptionsTest.java +++ b/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionOptionsTest.java @@ -56,7 +56,7 @@ public final class IkeSessionOptionsTest { (Inet4Address) (InetAddressUtils.parseNumericAddress("192.0.2.100")); private UdpEncapsulationSocket mUdpEncapSocket; - private SaProposal mIkeSaProposal; + private IkeSaProposal mIkeSaProposal; private IkeIdentification mLocalIdentification; private IkeIdentification mRemoteIdentification; @@ -67,7 +67,7 @@ public final class IkeSessionOptionsTest { mUdpEncapSocket = ipSecManager.openUdpEncapsulationSocket(); mIkeSaProposal = - SaProposal.Builder.newIkeSaProposalBuilder() + new IkeSaProposal.Builder() .addEncryptionAlgorithm( SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, SaProposal.KEY_LEN_AES_128) @@ -180,22 +180,4 @@ public final class IkeSessionOptionsTest { } catch (IllegalArgumentException expected) { } } - - @Test - public void testBuildWithChildSaProposal() throws Exception { - SaProposal saProposal = - SaProposal.Builder.newChildSaProposalBuilder() - .addEncryptionAlgorithm( - SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, - SaProposal.KEY_LEN_AES_128) - .build(); - try { - new IkeSessionOptions.Builder(REMOTE_IPV4_ADDRESS, mUdpEncapSocket) - .addSaProposal(saProposal) - .setAuthPsk(PSK) - .build(); - fail("Expected to fail due to wrong type of SA proposal."); - } catch (IllegalArgumentException expected) { - } - } } diff --git a/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionStateMachineTest.java b/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionStateMachineTest.java index e34b12b8..63332d53 100644 --- a/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionStateMachineTest.java +++ b/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionStateMachineTest.java @@ -119,7 +119,6 @@ import com.android.ike.ikev2.message.IkePayload; import com.android.ike.ikev2.message.IkeSaPayload; import com.android.ike.ikev2.message.IkeSaPayload.DhGroupTransform; import com.android.ike.ikev2.message.IkeSaPayload.EncryptionTransform; -import com.android.ike.ikev2.message.IkeSaPayload.EsnTransform; import com.android.ike.ikev2.message.IkeSaPayload.IntegrityTransform; import com.android.ike.ikev2.message.IkeSaPayload.PrfTransform; import com.android.ike.ikev2.message.IkeSkfPayload; @@ -707,8 +706,8 @@ public final class IkeSessionStateMachineTest { return ikeSession; } - static SaProposal buildSaProposal() throws Exception { - return SaProposal.Builder.newIkeSaProposalBuilder() + static IkeSaProposal buildSaProposal() throws Exception { + return new IkeSaProposal.Builder() .addEncryptionAlgorithm( SaProposal.ENCRYPTION_ALGORITHM_AES_CBC, SaProposal.KEY_LEN_AES_128) .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) @@ -736,14 +735,14 @@ public final class IkeSessionStateMachineTest { } private ChildSessionOptions buildChildSessionOptions() throws Exception { - SaProposal saProposal = - SaProposal.Builder.newChildSaProposalBuilder() + ChildSaProposal saProposal = + new ChildSaProposal.Builder() .addEncryptionAlgorithm( SaProposal.ENCRYPTION_ALGORITHM_AES_CBC, SaProposal.KEY_LEN_AES_128) .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) .build(); - return new ChildSessionOptions.Builder().addSaProposal(saProposal).build(); + return new TransportModeChildSessionOptions.Builder().addSaProposal(saProposal).build(); } private ReceivedIkePacket makeIkeInitResponse() throws Exception { @@ -1192,7 +1191,7 @@ public final class IkeSessionStateMachineTest { verifyRetransmissionStarted(); // Validate negotiated SA proposal. - SaProposal negotiatedProposal = mIkeSessionStateMachine.mSaProposal; + IkeSaProposal negotiatedProposal = mIkeSessionStateMachine.mSaProposal; assertNotNull(negotiatedProposal); assertEquals( @@ -1202,7 +1201,6 @@ public final class IkeSessionStateMachineTest { new IntegrityTransform[] {mIkeIntegrityTransform}, negotiatedProposal.getIntegrityTransforms()); assertEquals(new PrfTransform[] {mIkePrfTransform}, negotiatedProposal.getPrfTransforms()); - assertEquals(new EsnTransform[0], negotiatedProposal.getEsnTransforms()); // Validate current IkeSaRecord. verify(mMockSaRecordHelper) diff --git a/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java b/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java index 1f841a48..da1a0f09 100644 --- a/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java +++ b/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java @@ -16,13 +16,15 @@ package com.android.ike.ikev2; +import static com.android.ike.ikev2.SaProposal.KEY_LEN_AES_128; +import static com.android.ike.ikev2.SaProposal.KEY_LEN_UNUSED; + import static org.junit.Assert.assertArrayEquals; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; -import com.android.ike.ikev2.SaProposal.Builder; import com.android.ike.ikev2.message.IkePayload; import com.android.ike.ikev2.message.IkeSaPayload.DhGroupTransform; import com.android.ike.ikev2.message.IkeSaPayload.EncryptionTransform; @@ -42,7 +44,8 @@ public final class SaProposalTest { private final DhGroupTransform mDhGroup1024Transform; public SaProposalTest() { - mEncryption3DesTransform = new EncryptionTransform(SaProposal.ENCRYPTION_ALGORITHM_3DES); + mEncryption3DesTransform = + new EncryptionTransform(SaProposal.ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED); mEncryptionAesGcm8Transform = new EncryptionTransform( SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, SaProposal.KEY_LEN_AES_128); @@ -58,9 +61,10 @@ public final class SaProposalTest { @Test public void testBuildIkeSaProposalWithNormalModeCipher() throws Exception { - Builder builder = Builder.newIkeSaProposalBuilder(); - SaProposal proposal = - builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) + IkeSaProposal proposal = + new IkeSaProposal.Builder() + .addEncryptionAlgorithm( + SaProposal.ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED) .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC) .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) @@ -81,9 +85,9 @@ public final class SaProposalTest { @Test public void testBuildIkeSaProposalWithCombinedModeCipher() throws Exception { - Builder builder = Builder.newIkeSaProposalBuilder(); - SaProposal proposal = - builder.addEncryptionAlgorithm( + IkeSaProposal proposal = + new IkeSaProposal.Builder() + .addEncryptionAlgorithm( SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, SaProposal.KEY_LEN_AES_128) .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC) @@ -103,10 +107,10 @@ public final class SaProposalTest { @Test public void testBuildChildSaProposalWithNormalCipher() throws Exception { - Builder builder = Builder.newChildSaProposalBuilder(); - - SaProposal proposal = - builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) + ChildSaProposal proposal = + new ChildSaProposal.Builder() + .addEncryptionAlgorithm( + SaProposal.ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED) .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE) .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) .build(); @@ -120,33 +124,31 @@ public final class SaProposalTest { proposal.getIntegrityTransforms()); assertArrayEquals( new DhGroupTransform[] {mDhGroup1024Transform}, proposal.getDhGroupTransforms()); - assertTrue(proposal.getPrfTransforms().length == 0); } @Test public void testGetCopyWithoutDhGroup() throws Exception { - SaProposal proposal = - Builder.newChildSaProposalBuilder() - .addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) + ChildSaProposal proposal = + new ChildSaProposal.Builder() + .addEncryptionAlgorithm( + SaProposal.ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED) .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE) .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) .build(); - SaProposal proposalWithoutDh = proposal.getCopyWithoutDhTransform(); + ChildSaProposal proposalWithoutDh = proposal.getCopyWithoutDhTransform(); assertArrayEquals( proposal.getEncryptionTransforms(), proposalWithoutDh.getEncryptionTransforms()); assertArrayEquals( proposal.getIntegrityTransforms(), proposalWithoutDh.getIntegrityTransforms()); - assertArrayEquals(proposal.getPrfTransforms(), proposalWithoutDh.getPrfTransforms()); assertTrue(proposal.getDhGroupTransforms().length == 1); assertTrue(proposalWithoutDh.getDhGroupTransforms().length == 0); } @Test public void testBuildEncryptAlgosWithNoAlgorithm() throws Exception { - Builder builder = Builder.newIkeSaProposalBuilder(); try { - builder.build(); + new IkeSaProposal.Builder().build(); fail("Expected to fail when no encryption algorithm is proposed."); } catch (IllegalArgumentException expected) { @@ -155,9 +157,8 @@ public final class SaProposalTest { @Test public void testBuildEncryptAlgosWithUnrecognizedAlgorithm() throws Exception { - Builder builder = Builder.newIkeSaProposalBuilder(); try { - builder.addEncryptionAlgorithm(-1); + new IkeSaProposal.Builder().addEncryptionAlgorithm(-1, KEY_LEN_UNUSED); fail("Expected to fail when unrecognized encryption algorithm is proposed."); } catch (IllegalArgumentException expected) { @@ -166,10 +167,11 @@ public final class SaProposalTest { @Test public void testBuildEncryptAlgosWithTwoModes() throws Exception { - Builder builder = Builder.newIkeSaProposalBuilder(); try { - builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) - .addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12); + new IkeSaProposal.Builder() + .addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED) + .addEncryptionAlgorithm( + SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12, KEY_LEN_AES_128); fail( "Expected to fail when " + "normal and combined-mode ciphers are proposed together."); @@ -180,24 +182,11 @@ public final class SaProposalTest { @Test public void testBuildIkeProposalWithoutPrf() throws Exception { - Builder builder = Builder.newIkeSaProposalBuilder(); try { - builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES).build(); - fail("Expected to fail when PRF is not provided in IKE SA proposal."); - } catch (IllegalArgumentException expected) { - - } - } - - @Test - public void testBuildChildProposalWithPrf() throws Exception { - Builder builder = Builder.newChildSaProposalBuilder(); - try { - builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) - .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1) + new IkeSaProposal.Builder() + .addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED) .build(); - - fail("Expected to fail when PRF is provided in Child SA proposal."); + fail("Expected to fail when PRF is not provided in IKE SA proposal."); } catch (IllegalArgumentException expected) { } @@ -207,9 +196,10 @@ public final class SaProposalTest { // algorithm. @Test public void testBuildAeadWithIntegrityAlgo() throws Exception { - Builder builder = Builder.newChildSaProposalBuilder(); try { - builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12) + new ChildSaProposal.Builder() + .addEncryptionAlgorithm( + SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12, KEY_LEN_AES_128) .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE) .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) .build(); @@ -224,9 +214,9 @@ public final class SaProposalTest { // integrity algorithm. @Test public void testBuildIkeProposalNormalCipherWithoutIntegrityAlgo() throws Exception { - Builder builder = Builder.newChildSaProposalBuilder(); try { - builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) + new IkeSaProposal.Builder() + .addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED) .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1) .build(); @@ -242,9 +232,9 @@ public final class SaProposalTest { // integrity algorithm. @Test public void testBuildIkeProposalNormalCipherWithNoneValueIntegrityAlgo() throws Exception { - Builder builder = Builder.newChildSaProposalBuilder(); try { - builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) + new IkeSaProposal.Builder() + .addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED) .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1) .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE) .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) @@ -260,9 +250,9 @@ public final class SaProposalTest { @Test public void testBuildIkeProposalWithoutDhGroup() throws Exception { - Builder builder = Builder.newIkeSaProposalBuilder(); try { - builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) + new IkeSaProposal.Builder() + .addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED) .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC) .build(); @@ -275,9 +265,9 @@ public final class SaProposalTest { @Test public void testBuildIkeProposalWithNoneValueDhGroup() throws Exception { - Builder builder = Builder.newIkeSaProposalBuilder(); try { - builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) + new IkeSaProposal.Builder() + .addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES, KEY_LEN_UNUSED) .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC) .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) diff --git a/tests/iketests/src/java/com/android/ike/ikev2/TunnelModeChildSessionOptionsTest.java b/tests/iketests/src/java/com/android/ike/ikev2/TunnelModeChildSessionOptionsTest.java new file mode 100644 index 00000000..a67d44f9 --- /dev/null +++ b/tests/iketests/src/java/com/android/ike/ikev2/TunnelModeChildSessionOptionsTest.java @@ -0,0 +1,133 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.ike.ikev2; + +import static android.system.OsConstants.AF_INET; +import static android.system.OsConstants.AF_INET6; + +import static com.android.ike.ikev2.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_ADDRESS; +import static com.android.ike.ikev2.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP4_NETMASK; +import static com.android.ike.ikev2.message.IkeConfigPayload.CONFIG_ATTR_INTERNAL_IP6_ADDRESS; + +import static org.junit.Assert.assertArrayEquals; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.fail; + +import android.util.SparseArray; + +import com.android.ike.ikev2.message.IkeConfigPayload.ConfigAttribute; + +import libcore.net.InetAddressUtils; + +import org.junit.Before; +import org.junit.Test; + +import java.net.Inet4Address; +import java.net.Inet6Address; + +public final class TunnelModeChildSessionOptionsTest { + private static final int NUM_TS = 1; + + private static final int IP4_PREFIX_LEN = 32; + private static final int IP6_PREFIX_LEN = 64; + + private static final Inet4Address IPV4_ADDRESS = + (Inet4Address) (InetAddressUtils.parseNumericAddress("192.0.2.100")); + private static final Inet6Address IPV6_ADDRESS = + (Inet6Address) (InetAddressUtils.parseNumericAddress("2001:db8::1")); + + private ChildSaProposal mSaProposal; + + @Before + public void setup() { + mSaProposal = + new ChildSaProposal.Builder() + .addEncryptionAlgorithm( + SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12, + SaProposal.KEY_LEN_AES_128) + .build(); + } + + private void verifyCommon(TunnelModeChildSessionOptions childOptions) { + assertArrayEquals(new SaProposal[] {mSaProposal}, childOptions.getSaProposals()); + assertEquals(NUM_TS, childOptions.getLocalTrafficSelectors().length); + assertEquals(NUM_TS, childOptions.getRemoteTrafficSelectors().length); + assertFalse(childOptions.isTransportMode()); + } + + private void verifyAttrTypes( + SparseArray exptectedAttrCntMap, TunnelModeChildSessionOptions childOptions) { + ConfigAttribute[] configAttributes = childOptions.getConfigurationRequests(); + + SparseArray<Integer> atrrCntMap = exptectedAttrCntMap.clone(); + + for (int i = 0; i < configAttributes.length; i++) { + int attType = configAttributes[i].attributeType; + assertNotNull(atrrCntMap.get(attType)); + + atrrCntMap.put(attType, atrrCntMap.get(attType) - 1); + if (atrrCntMap.get(attType) == 0) atrrCntMap.remove(attType); + } + + assertEquals(0, atrrCntMap.size()); + } + + @Test + public void testBuildChildSessionOptionsWithoutConfigReq() { + TunnelModeChildSessionOptions childOptions = + new TunnelModeChildSessionOptions.Builder().addSaProposal(mSaProposal).build(); + + verifyCommon(childOptions); + assertEquals(0, childOptions.getConfigurationRequests().length); + } + + @Test + public void testBuildChildSessionOptionsWithAddressReq() { + TunnelModeChildSessionOptions childOptions = + new TunnelModeChildSessionOptions.Builder() + .addSaProposal(mSaProposal) + .addInternalAddressRequest(AF_INET, 1) + .addInternalAddressRequest(AF_INET6, 2) + .addInternalAddressRequest(IPV4_ADDRESS, IP4_PREFIX_LEN) + .addInternalAddressRequest(IPV6_ADDRESS, IP6_PREFIX_LEN) + .build(); + + verifyCommon(childOptions); + + SparseArray<Integer> exptectedAttrCntMap = new SparseArray<>(); + exptectedAttrCntMap.put(CONFIG_ATTR_INTERNAL_IP4_ADDRESS, 2); + exptectedAttrCntMap.put(CONFIG_ATTR_INTERNAL_IP6_ADDRESS, 3); + exptectedAttrCntMap.put(CONFIG_ATTR_INTERNAL_IP4_NETMASK, 1); + + verifyAttrTypes(exptectedAttrCntMap, childOptions); + } + + @Test + public void testBuildChildSessionOptionsWithInvalidAddressReq() { + try { + new TunnelModeChildSessionOptions.Builder() + .addSaProposal(mSaProposal) + .addInternalAddressRequest(IPV4_ADDRESS, 31) + .build(); + fail("Expected to fail due to invalid IPv4 prefix length."); + } catch (IllegalArgumentException expected) { + + } + } +} diff --git a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java index e389ec02..7a6bd4c7 100644 --- a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java +++ b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java @@ -36,6 +36,8 @@ import android.net.IpSecSpiResponse; import android.util.Pair; import com.android.ike.TestUtils; +import com.android.ike.ikev2.ChildSaProposal; +import com.android.ike.ikev2.IkeSaProposal; import com.android.ike.ikev2.SaProposal; import com.android.ike.ikev2.exceptions.IkeProtocolException; import com.android.ike.ikev2.exceptions.InvalidSyntaxException; @@ -73,8 +75,8 @@ import java.util.List; public final class IkeSaPayloadTest { private static final String OUTBOUND_SA_PAYLOAD_HEADER = "22000030"; private static final String OUTBOUND_PROPOSAL_RAW_PACKET = - "0000002C010100040300000C0100000C800E0080030000080200000203000008030" - + "000020000000804000002"; + "0000002C010100040300000C0100000C800E0080030000080300000203000008040" + + "000020000000802000002"; private static final String INBOUND_PROPOSAL_RAW_PACKET = "0000002c010100040300000c0100000c800e0080030000080300000203000008040" + "000020000000802000002"; @@ -146,13 +148,13 @@ public final class IkeSaPayloadTest { private Transform[] mValidNegotiatedTransformSet; - private SaProposal mIkeSaProposalOne; - private SaProposal mIkeSaProposalTwo; - private SaProposal[] mTwoIkeSaProposalsArray; + private IkeSaProposal mIkeSaProposalOne; + private IkeSaProposal mIkeSaProposalTwo; + private IkeSaProposal[] mTwoIkeSaProposalsArray; - private SaProposal mChildSaProposalOne; - private SaProposal mChildSaProposalTwo; - private SaProposal[] mTwoChildSaProposalsArray; + private ChildSaProposal mChildSaProposalOne; + private ChildSaProposal mChildSaProposalTwo; + private ChildSaProposal[] mTwoChildSaProposalsArray; private MockIpSecTestUtils mMockIpSecTestUtils; private IpSecService mMockIpSecService; @@ -189,7 +191,7 @@ public final class IkeSaPayloadTest { }; mIkeSaProposalOne = - SaProposal.Builder.newIkeSaProposalBuilder() + new IkeSaProposal.Builder() .addEncryptionAlgorithm( SaProposal.ENCRYPTION_ALGORITHM_AES_CBC, SaProposal.KEY_LEN_AES_128) .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) @@ -198,7 +200,7 @@ public final class IkeSaPayloadTest { .build(); mIkeSaProposalTwo = - SaProposal.Builder.newIkeSaProposalBuilder() + new IkeSaProposal.Builder() .addEncryptionAlgorithm( SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, SaProposal.KEY_LEN_AES_128) @@ -209,21 +211,22 @@ public final class IkeSaPayloadTest { .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) .addDhGroup(SaProposal.DH_GROUP_2048_BIT_MODP) .build(); - mTwoIkeSaProposalsArray = new SaProposal[] {mIkeSaProposalOne, mIkeSaProposalTwo}; + mTwoIkeSaProposalsArray = new IkeSaProposal[] {mIkeSaProposalOne, mIkeSaProposalTwo}; mChildSaProposalOne = - SaProposal.Builder.newChildSaProposalBuilder() + new ChildSaProposal.Builder() .addEncryptionAlgorithm( SaProposal.ENCRYPTION_ALGORITHM_AES_CBC, SaProposal.KEY_LEN_AES_128) .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) .build(); mChildSaProposalTwo = - SaProposal.Builder.newChildSaProposalBuilder() + new ChildSaProposal.Builder() .addEncryptionAlgorithm( SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, SaProposal.KEY_LEN_AES_128) .build(); - mTwoChildSaProposalsArray = new SaProposal[] {mChildSaProposalOne, mChildSaProposalTwo}; + mTwoChildSaProposalsArray = + new ChildSaProposal[] {mChildSaProposalOne, mChildSaProposalTwo}; mMockIpSecTestUtils = MockIpSecTestUtils.setUpMockIpSec(); mIpSecManager = mMockIpSecTestUtils.getIpSecManager(); @@ -625,7 +628,7 @@ public final class IkeSaPayloadTest { assertEquals(IkePayload.SPI_LEN_NOT_INCLUDED, proposal.spiSize); assertEquals(IkePayload.SPI_NOT_INCLUDED, proposal.spi); assertFalse(proposal.hasUnrecognizedTransform); - assertNotNull(proposal.saProposal); + assertNotNull(proposal.getSaProposal()); } @Test @@ -734,7 +737,7 @@ public final class IkeSaPayloadTest { @Test public void testEncodeIkeSaPayload() throws Exception { IkeSaPayload saPayload = - IkeSaPayload.createInitialIkeSaPayload(new SaProposal[] {mIkeSaProposalOne}); + IkeSaPayload.createInitialIkeSaPayload(new IkeSaProposal[] {mIkeSaProposalOne}); ByteBuffer byteBuffer = ByteBuffer.allocate(saPayload.getPayloadLength()); saPayload.encodeToByteBuffer(IkePayload.PAYLOAD_TYPE_KE, byteBuffer); @@ -760,7 +763,7 @@ public final class IkeSaPayloadTest { IkeProposal reqProposal = negotiatedProposalPair.first; IkeProposal respProposal = negotiatedProposalPair.second; - assertEquals(respPayload.proposalList.get(0).saProposal, respProposal.saProposal); + assertEquals(respPayload.proposalList.get(0).getSaProposal(), respProposal.getSaProposal()); // SA Payload for IKE INIT exchange does not include IKE SPIs. assertNull(reqProposal.getIkeSpiResource()); @@ -789,7 +792,7 @@ public final class IkeSaPayloadTest { ChildProposal respProposal = negotiatedProposalPair.second; // Verify results - assertEquals(respPayload.proposalList.get(0).saProposal, respProposal.saProposal); + assertEquals(respPayload.proposalList.get(0).getSaProposal(), respProposal.getSaProposal()); int initSpi = isLocalInit ? CHILD_SPI_LOCAL_ONE : CHILD_SPI_REMOTE; int respSpi = isLocalInit ? CHILD_SPI_REMOTE : CHILD_SPI_LOCAL_ONE; |