Generate digital signature for outbound packet

Bug: 122685769 Test: atest FrameworksIkeTests(new tests passed) Change-Id: Icadb710f4728d86515413f47b5f9367661a691c3
author: evitayan <evitayan@google.com> 2019-09-25 15:42:29 -0700
committer: evitayan <evitayan@google.com> 2019-10-09 14:36:36 -0700
commit: ce55d5c4edd8c81f3d78d38b2f7f0ad6c1f8cd16 (patch)
tree: 2ec40371cc520ec65fce72b2b84dfb813a7d1c0d /tests/iketests/src
parent: 17c6ae863388d6319f970a103c01156a6cb3065f (diff)
download: ike-ce55d5c4edd8c81f3d78d38b2f7f0ad6c1f8cd16.tar.gz
2 files changed, 43 insertions, 5 deletions
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeAuthDigitalSignPayloadTest.java b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeAuthDigitalSignPayloadTest.java
index 52f9259a..239bd504 100644
--- a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeAuthDigitalSignPayloadTest.java
+++ b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeAuthDigitalSignPayloadTest.java
@@ -16,6 +16,8 @@
 
 package com.android.ike.ikev2.message;
 
+import static com.android.ike.ikev2.message.IkeAuthDigitalSignPayload.SIGNATURE_ALGO_RSA_SHA2_256;
+
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
@@ -31,6 +33,7 @@ import com.android.ike.ikev2.testutils.CertUtils;
 import org.junit.Before;
 import org.junit.Test;
 
+import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 
 public final class IkeAuthDigitalSignPayloadTest {
@@ -92,9 +95,7 @@ public final class IkeAuthDigitalSignPayloadTest {
 
         assertTrue(payload instanceof IkeAuthDigitalSignPayload);
         IkeAuthDigitalSignPayload dsPayload = (IkeAuthDigitalSignPayload) payload;
-        assertEquals(
-                IkeAuthDigitalSignPayload.SIGNATURE_ALGO_RSA_SHA2_256,
-                dsPayload.signatureAlgoAndHash);
+        assertEquals(SIGNATURE_ALGO_RSA_SHA2_256, dsPayload.signatureAlgoAndHash);
         assertArrayEquals(dsPayload.signature, TestUtils.hexStringToByteArray(SIGNATURE));
     }
 
@@ -136,7 +137,24 @@ public final class IkeAuthDigitalSignPayloadTest {
                     PRF_RESP_KEY);
             fail("Expected to fail due to wrong certificate.");
         } catch (AuthenticationFailedException expected) {
-
         }
     }
+
+    @Test
+    public void testGenerateSignature() throws Exception {
+        PrivateKey key = CertUtils.createRsaPrivateKeyFromKeyFile("end-cert-key-a.key");
+
+        IkeAuthDigitalSignPayload authPayload =
+                new IkeAuthDigitalSignPayload(
+                        SIGNATURE_ALGO_RSA_SHA2_256,
+                        key,
+                        IKE_INIT_RESP_REQUEST,
+                        NONCE_INIT_RESP,
+                        ID_RESP_PAYLOAD_BODY,
+                        mIkeHmacSha1Prf,
+                        PRF_RESP_KEY);
+
+        assertEquals(SIGNATURE_ALGO_RSA_SHA2_256, authPayload.signatureAlgoAndHash);
+        assertArrayEquals(authPayload.signature, TestUtils.hexStringToByteArray(SIGNATURE));
+    }
 }
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/testutils/CertUtils.java b/tests/iketests/src/java/com/android/ike/ikev2/testutils/CertUtils.java
index e44551a0..e42e5647 100644
--- a/tests/iketests/src/java/com/android/ike/ikev2/testutils/CertUtils.java
+++ b/tests/iketests/src/java/com/android/ike/ikev2/testutils/CertUtils.java
@@ -21,14 +21,21 @@ import android.content.Context;
 import androidx.test.InstrumentationRegistry;
 
 import com.android.ike.ikev2.message.IkeMessage;
+import com.android.org.bouncycastle.util.io.pem.PemObject;
+import com.android.org.bouncycastle.util.io.pem.PemReader;
 
 import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.security.KeyFactory;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.spec.PKCS8EncodedKeySpec;
 
-/** CertUtils provides utility methods for creating X509 certificate. */
+/** CertUtils provides utility methods for creating X509 certificate and private key. */
 public final class CertUtils {
     private static final String PEM_FOLDER_NAME = "pem";
+    private static final String KEY_FOLDER_NAME = "key";
 
     /** Creates an X509Certificate with a pem file */
     public static X509Certificate createCertFromPemFile(String fileName) throws Exception {
@@ -40,4 +47,17 @@ public final class CertUtils {
                 CertificateFactory.getInstance("X.509", IkeMessage.getSecurityProvider());
         return (X509Certificate) factory.generateCertificate(inputStream);
     }
+
+    /** Creates an private key from a PKCS8 format key file */
+    public static RSAPrivateKey createRsaPrivateKeyFromKeyFile(String fileName) throws Exception {
+        Context context = InstrumentationRegistry.getContext();
+        InputStream inputStream =
+                context.getResources().getAssets().open(KEY_FOLDER_NAME + "/" + fileName);
+
+        PemObject pemObject = new PemReader(new InputStreamReader(inputStream)).readPemObject();
+
+        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+        return (RSAPrivateKey)
+                keyFactory.generatePrivate(new PKCS8EncodedKeySpec(pemObject.getContent()));
+    }
 }
author	evitayan <evitayan@google.com>	2019-09-25 15:42:29 -0700
committer	evitayan <evitayan@google.com>	2019-10-09 14:36:36 -0700
commit	ce55d5c4edd8c81f3d78d38b2f7f0ad6c1f8cd16 (patch)
tree	2ec40371cc520ec65fce72b2b84dfb813a7d1c0d /tests/iketests/src
parent	17c6ae863388d6319f970a103c01156a6cb3065f (diff)
download	ike-ce55d5c4edd8c81f3d78d38b2f7f0ad6c1f8cd16.tar.gz