aboutsummaryrefslogtreecommitdiff
path: root/tests/iketests/src
diff options
context:
space:
mode:
authorCody Kesting <ckesting@google.com>2019-10-07 11:18:44 -0700
committerCody Kesting <ckesting@google.com>2019-10-08 10:44:02 -0700
commitd5756ba69b5fb990e3b059b83c311a06e8019f4e (patch)
treee287d06bd3c34df90b5e9fd5c9688522cd5382f6 /tests/iketests/src
parent05bf634f6bf9638ff51c34d8fcb33101fe6d6e7d (diff)
downloadike-d5756ba69b5fb990e3b059b83c311a06e8019f4e.tar.gz
Use EAP-Identity in EAP-SIM and EAP-AKA.
When the method-specific identity is not requested in EAP-SIM/AKA, the EAP-Identity value must be used for computing the MSK and EMSK (RFC 4186#7, RFC 4187#7). This is done by setting the default identity in both method state machines to be the EAP-Identity, such that any identity requests in the methods will override the EAP-Identity. Bug: 140173530 Test: atest FrameworksIkeTests Change-Id: I34e88780fc48fe8e83a2c909b4616a929485296f
Diffstat (limited to 'tests/iketests/src')
-rw-r--r--tests/iketests/src/java/com/android/ike/eap/EapAkaTest.java124
-rw-r--r--tests/iketests/src/java/com/android/ike/eap/EapSimTest.java133
-rw-r--r--tests/iketests/src/java/com/android/ike/eap/message/EapTestMessageDefinitions.java2
-rw-r--r--tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaCreatedStateTest.java4
-rw-r--r--tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaMethodStateMachineTest.java9
-rw-r--r--tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaStateTest.java5
-rw-r--r--tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimAkaMethodStateMachineTest.java7
-rw-r--r--tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimMethodStateMachineTest.java5
-rw-r--r--tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimStartStateTest.java60
-rw-r--r--tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimStateTest.java5
10 files changed, 291 insertions, 63 deletions
diff --git a/tests/iketests/src/java/com/android/ike/eap/EapAkaTest.java b/tests/iketests/src/java/com/android/ike/eap/EapAkaTest.java
index 6af29cdb..607ade57 100644
--- a/tests/iketests/src/java/com/android/ike/eap/EapAkaTest.java
+++ b/tests/iketests/src/java/com/android/ike/eap/EapAkaTest.java
@@ -44,6 +44,10 @@ public class EapAkaTest extends EapMethodEndToEndTest {
private static final int SUB_ID = 1;
private static final String UNFORMATTED_IDENTITY = "123456789ABCDEF"; // IMSI
+ // EAP_IDENTITY = hex("test@android.net")
+ private static final byte[] EAP_IDENTITY =
+ hexStringToByteArray("7465737440616E64726F69642E6E6574");
+
// TODO(b/140797965): find valid AUTN/RAND values for the CTS test sim
// IK: 7320EE404E055EF2B5AB0F86E96C48BE
// CK: E9D1707652E13BF3E05975F601678E5C
@@ -68,6 +72,24 @@ public class EapAkaTest extends EapMethodEndToEndTest {
+ "94B578DE0A3686E17F96F14D5341FE75"
+ "2012944CA394E5288BA1B2C70CB65063");
+ // IK: 7320EE404E055EF2B5AB0F86E96C48BE
+ // CK: E9D1707652E13BF3E05975F601678E5C
+ // MK: 8183017CD8ADDB4617F4A2274DD5BCEA99354FB7
+ // K_encr: 891D5DB8CACAF657D68BE72371F927A2
+ // K_aut: E042A1CC5672358685EC012881EA02DE
+ private static final byte[] MSK_WITHOUT_IDENTITY_REQ =
+ hexStringToByteArray(
+ "629DE03704E15EF1B8BADFF7FA5D84D5"
+ + "8574B6A3A46F274796346A86AE3455AC"
+ + "711E2D4D3F96EE71E664B1B947D7E9E7"
+ + "D227CBB6199A68BD7D43E6E4863D08D6");
+ private static final byte[] EMSK_WITHOUT_IDENTITY_REQ =
+ hexStringToByteArray(
+ "30A6638AE3AB5C5D29554D8256C3A287"
+ + "FDF6255E4D726C0622DDF89609C16A8D"
+ + "563768166A8111A083547DE4C8E280D6"
+ + "113A608DE9227FC7C02679A1E04DB3CF");
+
// Base 64 of: [Length][RAND_1][Length][AUTN]
private static final String BASE64_CHALLENGE_1 =
"ENailvAwowVgGzEdOKAEUFwQNakUPtnhAAEXleeF2vqtmw==";
@@ -85,6 +107,10 @@ public class EapAkaTest extends EapMethodEndToEndTest {
private static final String REQUEST_MAC = "90C3554783D49A18F9EAA231F3C261EC";
private static final String RESPONSE_MAC = "D085987D3D15FA50A80D0CECFA2412EB";
+ private static final String REQUEST_MAC_WITHOUT_IDENTITY_REQ =
+ "6AD7E3F43ED99384E751F55AB8EA48B4";
+ private static final String RESPONSE_MAC_WITHOUT_IDENTITY_REQ =
+ "83E9F5B8B44BDE39B50538BF49864209";
private static final byte[] EAP_AKA_IDENTITY_REQUEST =
hexStringToByteArray(
@@ -110,6 +136,21 @@ public class EapAkaTest extends EapMethodEndToEndTest {
+ "17010000" // EAP-AKA | Challenge | 2B padding
+ "03050080" + RES // AT_RES attribute
+ "0B050000" + RESPONSE_MAC); // AT_MAC attribute
+
+ private static final byte[] EAP_AKA_CHALLENGE_REQUEST_WITHOUT_IDENTITY_REQ =
+ hexStringToByteArray(
+ "01CE0044" // EAP-Request | ID | length in bytes
+ + "17010000" // EAP-AKA | Challenge | 2B padding
+ + "01050000" + RAND_1 // AT_RAND attribute
+ + "02050000" + AUTN // AT_AUTN attribute
+ + "0B050000" + REQUEST_MAC_WITHOUT_IDENTITY_REQ); // AT_MAC attribute
+ private static final byte[] EAP_AKA_CHALLENGE_RESPONSE_WITHOUT_IDENTITY_REQUEST =
+ hexStringToByteArray(
+ "02CE0030" // EAP-Response | ID | length in bytes
+ + "17010000" // EAP-AKA | Challenge | 2B padding
+ + "03050080" + RES // AT_RES attribute
+ + "0B050000" + RESPONSE_MAC_WITHOUT_IDENTITY_REQ); // AT_MAC attribute
+
private static final byte[] EAP_AKA_CHALLENGE_REQUEST_SYNC_FAIL =
hexStringToByteArray(
"01CE0044" // EAP-Request | ID | length in bytes
@@ -122,6 +163,7 @@ public class EapAkaTest extends EapMethodEndToEndTest {
"02CE0018" // EAP-Response | ID | length in bytes
+ "17040000" // EAP-AKA | Challenge | 2B padding
+ "0404" + AUTS); // AT_AUTS attribute
+
private static final byte[] EAP_RESPONSE_NAK_PACKET =
hexStringToByteArray("021000060317"); // NAK with EAP-AKA listed
@@ -135,7 +177,10 @@ public class EapAkaTest extends EapMethodEndToEndTest {
mMockTelephonyManager = mock(TelephonyManager.class);
mEapSessionConfig =
- new EapSessionConfig.Builder().setEapAkaConfig(SUB_ID, APPTYPE_USIM).build();
+ new EapSessionConfig.Builder()
+ .setEapIdentity(EAP_IDENTITY)
+ .setEapAkaConfig(SUB_ID, APPTYPE_USIM)
+ .build();
mEapAuthenticator =
new EapAuthenticator(
mTestLooper.getLooper(),
@@ -154,7 +199,13 @@ public class EapAkaTest extends EapMethodEndToEndTest {
public void testEapAkaEndToEnd() {
verifyEapAkaIdentity();
verifyEapAkaChallenge();
- verifyEapSuccess();
+ verifyEapSuccess(MSK, EMSK);
+ }
+
+ @Test
+ public void testEapAkaEndToEndWithoutIdentityRequest() {
+ verifyEapAkaChallengeWithoutIdentityReq();
+ verifyEapSuccess(MSK_WITHOUT_IDENTITY_REQ, EMSK_WITHOUT_IDENTITY_REQ);
}
@Test
@@ -166,7 +217,7 @@ public class EapAkaTest extends EapMethodEndToEndTest {
verifyEapAkaChallenge();
verifyEapNotification(3);
- verifyEapSuccess();
+ verifyEapSuccess(MSK, EMSK);
}
@Test
@@ -182,7 +233,7 @@ public class EapAkaTest extends EapMethodEndToEndTest {
verifyEapAkaIdentity();
verifyEapAkaChallenge();
- verifyEapSuccess();
+ verifyEapSuccess(MSK, EMSK);
}
@Test
@@ -190,7 +241,7 @@ public class EapAkaTest extends EapMethodEndToEndTest {
verifyEapAkaIdentity();
verifyEapAkaSynchronizationFailure();
verifyEapAkaChallenge();
- verifyEapSuccess();
+ verifyEapSuccess(MSK, EMSK);
}
private void verifyEapAkaIdentity() {
@@ -209,15 +260,19 @@ public class EapAkaTest extends EapMethodEndToEndTest {
mMockContext, mMockTelephonyManager, mMockSecureRandom, mMockCallback);
}
- private void verifyEapAkaChallenge() {
+ private void verifyEapAkaChallenge(
+ String challengeBase64,
+ String responseBase64,
+ byte[] incomingEapPacket,
+ byte[] outgoingEapPacket) {
// EAP-AKA/Challenge request
when(mMockTelephonyManager.getIccAuthentication(
TelephonyManager.APPTYPE_USIM,
TelephonyManager.AUTHTYPE_EAP_AKA,
- BASE64_CHALLENGE_1))
- .thenReturn(BASE_64_RESPONSE_SUCCESS);
+ challengeBase64))
+ .thenReturn(responseBase64);
- mEapAuthenticator.processEapMessage(EAP_AKA_CHALLENGE_REQUEST);
+ mEapAuthenticator.processEapMessage(incomingEapPacket);
mTestLooper.dispatchAll();
// verify EAP-AKA/Challenge response
@@ -225,36 +280,47 @@ public class EapAkaTest extends EapMethodEndToEndTest {
.getIccAuthentication(
TelephonyManager.APPTYPE_USIM,
TelephonyManager.AUTHTYPE_EAP_AKA,
- BASE64_CHALLENGE_1);
- verify(mMockCallback).onResponse(eq(EAP_AKA_CHALLENGE_RESPONSE));
+ challengeBase64);
+ verify(mMockCallback).onResponse(eq(outgoingEapPacket));
+ }
+
+ private void verifyEapAkaChallenge() {
+ verifyEapAkaChallenge(
+ BASE64_CHALLENGE_1,
+ BASE_64_RESPONSE_SUCCESS,
+ EAP_AKA_CHALLENGE_REQUEST,
+ EAP_AKA_CHALLENGE_RESPONSE);
verifyNoMoreInteractions(
mMockContext, mMockTelephonyManager, mMockSecureRandom, mMockCallback);
}
- private void verifyEapAkaSynchronizationFailure() {
- // EAP-AKA/Challenge request
- when(mMockTelephonyManager.getIccAuthentication(
- TelephonyManager.APPTYPE_USIM,
- TelephonyManager.AUTHTYPE_EAP_AKA,
- BASE64_CHALLENGE_2))
- .thenReturn(BASE_64_RESPONSE_SYNC_FAIL);
+ private void verifyEapAkaChallengeWithoutIdentityReq() {
+ verifyEapAkaChallenge(
+ BASE64_CHALLENGE_1,
+ BASE_64_RESPONSE_SUCCESS,
+ EAP_AKA_CHALLENGE_REQUEST_WITHOUT_IDENTITY_REQ,
+ EAP_AKA_CHALLENGE_RESPONSE_WITHOUT_IDENTITY_REQUEST);
- mEapAuthenticator.processEapMessage(EAP_AKA_CHALLENGE_REQUEST_SYNC_FAIL);
- mTestLooper.dispatchAll();
+ // also need to verify interactions with Context and TelephonyManager
+ verify(mMockContext).getSystemService(eq(Context.TELEPHONY_SERVICE));
+ verify(mMockTelephonyManager).createForSubscriptionId(SUB_ID);
+ verifyNoMoreInteractions(
+ mMockContext, mMockTelephonyManager, mMockSecureRandom, mMockCallback);
+ }
- // verify EAP-AKA/Synchronization-Failure response
- verify(mMockTelephonyManager)
- .getIccAuthentication(
- TelephonyManager.APPTYPE_USIM,
- TelephonyManager.AUTHTYPE_EAP_AKA,
- BASE64_CHALLENGE_2);
- verify(mMockCallback).onResponse(eq(EAP_AKA_SYNC_FAIL_RESPONSE));
+ private void verifyEapAkaSynchronizationFailure() {
+ verifyEapAkaChallenge(
+ BASE64_CHALLENGE_2,
+ BASE_64_RESPONSE_SYNC_FAIL,
+ EAP_AKA_CHALLENGE_REQUEST_SYNC_FAIL,
+ EAP_AKA_SYNC_FAIL_RESPONSE);
verifyNoMoreInteractions(
mMockContext, mMockTelephonyManager, mMockSecureRandom, mMockCallback);
}
- private void verifyEapSuccess() {
- super.verifyEapSuccess(MSK, EMSK);
+ @Override
+ protected void verifyEapSuccess(byte[] msk, byte[] emsk) {
+ super.verifyEapSuccess(msk, emsk);
verifyNoMoreInteractions(mMockTelephonyManager);
}
diff --git a/tests/iketests/src/java/com/android/ike/eap/EapSimTest.java b/tests/iketests/src/java/com/android/ike/eap/EapSimTest.java
index 2a9719cb..636a1e4d 100644
--- a/tests/iketests/src/java/com/android/ike/eap/EapSimTest.java
+++ b/tests/iketests/src/java/com/android/ike/eap/EapSimTest.java
@@ -47,6 +47,10 @@ public class EapSimTest extends EapMethodEndToEndTest {
private static final byte[] NONCE = hexStringToByteArray("37f3ddd3954c4831a5ee08c574844398");
private static final String UNFORMATTED_IDENTITY = "123456789ABCDEF"; // IMSI
+ // EAP_IDENTITY = hex("test@android.net")
+ private static final byte[] EAP_IDENTITY =
+ hexStringToByteArray("7465737440616E64726F69642E6E6574");
+
private static final int SUB_ID = 1;
// Base 64 of: RAND
@@ -55,21 +59,44 @@ public class EapSimTest extends EapMethodEndToEndTest {
private static final String BASE64_RAND_3 = "ECEjRWeJq83vESNFZ4mrze8=";
// BASE 64 of: "04" + SRES + "08" + KC
+ // SRES 1: 0ABCDEF0 KC 1: FEDCBA9876543210
+ // SRES 2: 1ABCDEF1 KC 2: FEDCBA9876543211
+ // SRES 3: 2ABCDEF2 KC 3: FEDCBA9876543212
private static final String BASE64_RESP_1 = "BAq83vAI/ty6mHZUMhA=";
private static final String BASE64_RESP_2 = "BBq83vEI/ty6mHZUMhE=";
private static final String BASE64_RESP_3 = "BCq83vII/ty6mHZUMhI=";
- private static final byte[] MSK = hexStringToByteArray(
- "9B1E2B6892BC113F6B6D0B5789DD8ADD"
- + "B83BE2A84AA50FCAECD0003F92D8DA16"
- + "4BF983C923695C309F1D7D68DB6992B0"
- + "76EA8CE7129647A6F198F3A6AA8ADED9");
+ // MK: 202FC68A3335E8A939A33BC0A0EA8C435DC10060
+ // K_encr: F63E152461391FF655C2632E35D076ED
+ // K_aut: 48E001C8DBA37120FD0465153A56F712
+ private static final byte[] MSK =
+ hexStringToByteArray(
+ "9B1E2B6892BC113F6B6D0B5789DD8ADD"
+ + "B83BE2A84AA50FCAECD0003F92D8DA16"
+ + "4BF983C923695C309F1D7D68DB6992B0"
+ + "76EA8CE7129647A6F198F3A6AA8ADED9");
private static final byte[] EMSK = hexStringToByteArray(
"88210b6724400313539c740f417076b0"
+ "41da7e64658ec365bd2901a7cd7c2763"
+ "dad1a0508b92a42fdf85ac53c6f7e756"
+ "7f99b62bcaf467441b567f19b58d86ae");
+ // MK: ED275A588A4C1AEC15C55261DCCD851189E5C5FD
+ // K_encr: FED573CFA6FC81267C08E264F50A0BB9
+ // K_aut: 277B5D6A68FE5156A387996510AC5D61
+ private static final byte[] MSK_WITHOUT_IDENTITY_REQ =
+ hexStringToByteArray(
+ "8023A49840433464DA1A4F2457FAB3D6"
+ + "B1A3CA6E5E1DB212FA1AEA17F0A5C933"
+ + "5541DE7448FE448AC3F09DC25BBAE1EE"
+ + "17DCE3D32099519CC75840F0E3FB612B");
+ private static final byte[] EMSK_WITHOUT_IDENTITY_REQ =
+ hexStringToByteArray(
+ "F7E213F0E8F14A21C87F9B5DFADA9A75"
+ + "A8EAF4AD718BF8C3ED6557BDB60E4671"
+ + "E6AE109448B2F32F9B984667AE6C2B3F"
+ + "2FDFE67F97AF4D4727A2EA37F06B7785");
+
private static final byte[] EAP_SIM_START_REQUEST = hexStringToByteArray(
"01850014120a0000" // EAP header
+ "0f02000200010000" // AT_VERSION_LIST attribute
@@ -86,9 +113,36 @@ public class EapSimTest extends EapMethodEndToEndTest {
+ "1123456789abcdef1123456789abcdef" // Rand 2
+ "2123456789abcdef1123456789abcdef" // Rand 3
+ "0b050000e4675b17fa7ba4d93db48d1af9ecbb01"); // AT_MAC attribute
- private static final byte[] EAP_SIM_CHALLENGE_RESPONSE = hexStringToByteArray(
- "0286001c120b0000" // EAP header
- + "0b050000e5df9cb1d935ea5f54d449a038bed061"); // AT_NAC attribute
+ private static final byte[] EAP_SIM_CHALLENGE_RESPONSE =
+ hexStringToByteArray(
+ "0286001c120b0000" // EAP header
+ + "0b050000e5df9cb1d935ea5f54d449a038bed061"); // AT_MAC attribute
+
+ private static final byte[] EAP_SIM_START_REQUEST_WITHOUT_IDENTITY_REQ =
+ hexStringToByteArray(
+ "01850010" // EAP-Request | ID | length in bytes
+ + "120a0000" // EAP-SIM | Start| 2B padding
+ + "0f02000200010000"); // AT_VERSION_LIST attribute
+ private static final byte[] EAP_SIM_START_RESPONSE_WITHOUT_IDENTITY_REQ =
+ hexStringToByteArray(
+ "02850020" // EAP-Response | ID | length in bytes
+ + "120a0000" // EAP-SIM | Start | 2B padding
+ + "0705000037f3ddd3954c4831a5ee08c574844398" // AT_NONCE_MT attribute
+ + "10010001"); // AT_SELECTED_VERSION attribute
+ private static final byte[] EAP_SIM_CHALLENGE_REQUEST_WITHOUT_IDENTITY_REQ =
+ hexStringToByteArray(
+ "01860050" // EAP-Request | ID | length in bytes
+ + "120b0000" // EAP-SIM | Challenge | 2B padding
+ + "010d0000" // AT_RAND attribute
+ + "0123456789abcdef1123456789abcdef" // Rand 1
+ + "1123456789abcdef1123456789abcdef" // Rand 2
+ + "2123456789abcdef1123456789abcdef" // Rand 3
+ + "0b050000F2F8C10FCA946AAFE9555E2BD3693DF6"); // AT_MAC attribute
+ private static final byte[] EAP_SIM_CHALLENGE_RESPONSE_WITHOUT_IDENTITY_REQ =
+ hexStringToByteArray(
+ "0286001c" // EAP-Response | ID | length in bytes
+ + "120b0000" // EAP-SIM | Challenge | 2B padding
+ + "0b050000DAC3C1B7D9DBFBC923464A94F186E410"); // AT_MAC attribute
private TelephonyManager mMockTelephonyManager;
@@ -99,9 +153,11 @@ public class EapSimTest extends EapMethodEndToEndTest {
mMockTelephonyManager = mock(TelephonyManager.class);
- mEapSessionConfig = new EapSessionConfig.Builder()
- .setEapSimConfig(SUB_ID, APPTYPE_USIM)
- .build();
+ mEapSessionConfig =
+ new EapSessionConfig.Builder()
+ .setEapIdentity(EAP_IDENTITY)
+ .setEapSimConfig(SUB_ID, APPTYPE_USIM)
+ .build();
mEapAuthenticator =
new EapAuthenticator(
mTestLooper.getLooper(),
@@ -113,9 +169,21 @@ public class EapSimTest extends EapMethodEndToEndTest {
@Test
public void testEapSimEndToEnd() {
- verifyEapSimStart();
- verifyEapSimChallenge();
- verifyEapSuccess();
+ verifyEapSimStart(EAP_SIM_START_REQUEST, EAP_SIM_START_RESPONSE, true);
+ verifyEapSimChallenge(EAP_SIM_CHALLENGE_REQUEST, EAP_SIM_CHALLENGE_RESPONSE);
+ verifyEapSuccess(MSK, EMSK);
+ }
+
+ @Test
+ public void testEapSimEndToEndWithoutIdentityRequest() {
+ verifyEapSimStart(
+ EAP_SIM_START_REQUEST_WITHOUT_IDENTITY_REQ,
+ EAP_SIM_START_RESPONSE_WITHOUT_IDENTITY_REQ,
+ false);
+ verifyEapSimChallenge(
+ EAP_SIM_CHALLENGE_REQUEST_WITHOUT_IDENTITY_REQ,
+ EAP_SIM_CHALLENGE_RESPONSE_WITHOUT_IDENTITY_REQ);
+ verifyEapSuccess(MSK_WITHOUT_IDENTITY_REQ, EMSK_WITHOUT_IDENTITY_REQ);
}
@Test
@@ -133,24 +201,24 @@ public class EapSimTest extends EapMethodEndToEndTest {
mMockCallback);
// Switch to EAP-SIM and go through protocol
- verifyEapSimStart();
- verifyEapSimChallenge();
- verifyEapSuccess();
+ verifyEapSimStart(EAP_SIM_START_REQUEST, EAP_SIM_START_RESPONSE, true);
+ verifyEapSimChallenge(EAP_SIM_CHALLENGE_REQUEST, EAP_SIM_CHALLENGE_RESPONSE);
+ verifyEapSuccess(MSK, EMSK);
}
@Test
public void verifyEapSimWithEapNotifications() {
verifyEapNotification(1);
- verifyEapSimStart();
+ verifyEapSimStart(EAP_SIM_START_REQUEST, EAP_SIM_START_RESPONSE, true);
verifyEapNotification(2);
- verifyEapSimChallenge();
-
+ verifyEapSimChallenge(EAP_SIM_CHALLENGE_REQUEST, EAP_SIM_CHALLENGE_RESPONSE);
verifyEapNotification(3);
- verifyEapSuccess();
+ verifyEapSuccess(MSK, EMSK);
}
- private void verifyEapSimStart() {
+ private void verifyEapSimStart(
+ byte[] incomingEapPacket, byte[] outgoingEapPacket, boolean expectIdentityRequest) {
// EAP-SIM/Start request
when(mMockContext.getSystemService(Context.TELEPHONY_SERVICE))
.thenReturn(mMockTelephonyManager);
@@ -163,15 +231,19 @@ public class EapSimTest extends EapMethodEndToEndTest {
return null;
}).when(mMockSecureRandom).nextBytes(eq(new byte[NONCE.length]));
- mEapAuthenticator.processEapMessage(EAP_SIM_START_REQUEST);
+ mEapAuthenticator.processEapMessage(incomingEapPacket);
mTestLooper.dispatchAll();
verify(mMockContext).getSystemService(eq(Context.TELEPHONY_SERVICE));
verify(mMockTelephonyManager).createForSubscriptionId(SUB_ID);
- verify(mMockTelephonyManager).getSubscriberId();
+
+ if (expectIdentityRequest) {
+ verify(mMockTelephonyManager).getSubscriberId();
+ }
+
verify(mMockSecureRandom).nextBytes(any(byte[].class));
// verify EAP-SIM/Start response
- verify(mMockCallback).onResponse(eq(EAP_SIM_START_RESPONSE));
+ verify(mMockCallback).onResponse(eq(outgoingEapPacket));
verifyNoMoreInteractions(
mMockContext,
mMockTelephonyManager,
@@ -179,7 +251,7 @@ public class EapSimTest extends EapMethodEndToEndTest {
mMockCallback);
}
- private void verifyEapSimChallenge() {
+ private void verifyEapSimChallenge(byte[] incomingEapPacket, byte[] outgoingEapPacket) {
// EAP-SIM/Challenge request
when(mMockTelephonyManager
.getIccAuthentication(
@@ -200,7 +272,7 @@ public class EapSimTest extends EapMethodEndToEndTest {
BASE64_RAND_3))
.thenReturn(BASE64_RESP_3);
- mEapAuthenticator.processEapMessage(EAP_SIM_CHALLENGE_REQUEST);
+ mEapAuthenticator.processEapMessage(incomingEapPacket);
mTestLooper.dispatchAll();
// verify EAP-SIM/Challenge response
@@ -219,7 +291,7 @@ public class EapSimTest extends EapMethodEndToEndTest {
eq(TelephonyManager.APPTYPE_USIM),
eq(TelephonyManager.AUTHTYPE_EAP_SIM),
eq(BASE64_RAND_3));
- verify(mMockCallback).onResponse(eq(EAP_SIM_CHALLENGE_RESPONSE));
+ verify(mMockCallback).onResponse(eq(outgoingEapPacket));
verifyNoMoreInteractions(
mMockContext,
mMockTelephonyManager,
@@ -227,8 +299,9 @@ public class EapSimTest extends EapMethodEndToEndTest {
mMockCallback);
}
- private void verifyEapSuccess() {
- super.verifyEapSuccess(MSK, EMSK);
+ @Override
+ protected void verifyEapSuccess(byte[] msk, byte[] emsk) {
+ super.verifyEapSuccess(msk, emsk);
verifyNoMoreInteractions(mMockTelephonyManager);
}
diff --git a/tests/iketests/src/java/com/android/ike/eap/message/EapTestMessageDefinitions.java b/tests/iketests/src/java/com/android/ike/eap/message/EapTestMessageDefinitions.java
index 79cb2e77..960cd34c 100644
--- a/tests/iketests/src/java/com/android/ike/eap/message/EapTestMessageDefinitions.java
+++ b/tests/iketests/src/java/com/android/ike/eap/message/EapTestMessageDefinitions.java
@@ -69,6 +69,8 @@ public class EapTestMessageDefinitions {
// EAP-SIM response containing SELECTED_VERSION (1) and IDENTITY attributes
public static final byte[] EAP_SIM_RESPONSE_PACKET = hexStringToByteArray(
"02" + ID + "0024120A0000100100010E060011" + IDENTITY_STRING + "000000");
+ public static final byte[] EAP_SIM_RESPONSE_WITHOUT_IDENTITY =
+ hexStringToByteArray("02" + ID + "0020120A000007050000" + NONCE_MT_STRING + "10010001");
public static final byte[] EAP_SIM_NOTIFICATION_RESPONSE = hexStringToByteArray(
"02" + ID + "0008120C0000");
public static final byte[] EAP_AKA_NOTIFICATION_RESPONSE =
diff --git a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaCreatedStateTest.java b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaCreatedStateTest.java
index 5c0a6df2..c32fefac 100644
--- a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaCreatedStateTest.java
+++ b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaCreatedStateTest.java
@@ -24,6 +24,7 @@ import static com.android.ike.eap.message.EapTestMessageDefinitions.ID_INT;
import static com.android.ike.eap.message.simaka.EapAkaTypeData.EAP_AKA_CHALLENGE;
import static com.android.ike.eap.message.simaka.EapAkaTypeData.EAP_AKA_IDENTITY;
+import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertTrue;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.times;
@@ -81,7 +82,8 @@ public class EapAkaCreatedStateTest extends EapAkaStateTest {
mEapAkaMethodStateMachine.process(eapMessage);
- assertTrue(mEapAkaMethodStateMachine.getState() instanceof ChallengeState);
+ ChallengeState challengeState = (ChallengeState) mEapAkaMethodStateMachine.getState();
+ assertArrayEquals(EAP_IDENTITY_BYTES, challengeState.mIdentity);
// decoded in CreatedState and ChallengeState
verify(mMockEapAkaTypeDataDecoder, times(2)).decode(DUMMY_EAP_TYPE_DATA);
diff --git a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaMethodStateMachineTest.java b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaMethodStateMachineTest.java
index c14dd04f..23c2649b 100644
--- a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaMethodStateMachineTest.java
+++ b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaMethodStateMachineTest.java
@@ -64,6 +64,10 @@ public class EapAkaMethodStateMachineTest {
private static final int SUB_ID = 1;
private static final byte[] DUMMY_EAP_TYPE_DATA = hexStringToByteArray("112233445566");
+ // EAP-Identity = hex("test@android.net")
+ protected static final byte[] EAP_IDENTITY_BYTES =
+ hexStringToByteArray("7465737440616E64726F69642E6E6574");
+
protected TelephonyManager mMockTelephonyManager;
private EapAkaTypeDataDecoder mMockEapAkaTypeDataDecoder;
@@ -80,7 +84,10 @@ public class EapAkaMethodStateMachineTest {
mEapAkaMethodStateMachine =
new EapAkaMethodStateMachine(
- mMockTelephonyManager, mEapAkaConfig, mMockEapAkaTypeDataDecoder);
+ mMockTelephonyManager,
+ EAP_IDENTITY_BYTES,
+ mEapAkaConfig,
+ mMockEapAkaTypeDataDecoder);
verify(mMockTelephonyManager).createForSubscriptionId(SUB_ID);
}
diff --git a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaStateTest.java b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaStateTest.java
index 2f5c64e9..02ea9202 100644
--- a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaStateTest.java
+++ b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaStateTest.java
@@ -62,6 +62,10 @@ public class EapAkaStateTest {
protected static final String NOTIFICATION_MESSAGE = "test";
protected static final byte[] DUMMY_EAP_TYPE_DATA = hexStringToByteArray("112233445566");
+ // EAP-Identity = hex("test@android.net")
+ protected static final byte[] EAP_IDENTITY_BYTES =
+ hexStringToByteArray("7465737440616E64726F69642E6E6574");
+
protected TelephonyManager mMockTelephonyManager;
protected EapAkaTypeDataDecoder mMockEapAkaTypeDataDecoder;
@@ -79,6 +83,7 @@ public class EapAkaStateTest {
mEapAkaMethodStateMachine =
new EapAkaMethodStateMachine(
mMockTelephonyManager,
+ EAP_IDENTITY_BYTES,
mEapAkaConfig,
mMockEapAkaTypeDataDecoder);
diff --git a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimAkaMethodStateMachineTest.java b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimAkaMethodStateMachineTest.java
index 71c5307f..f3cc5a03 100644
--- a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimAkaMethodStateMachineTest.java
+++ b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimAkaMethodStateMachineTest.java
@@ -126,6 +126,10 @@ public class EapSimAkaMethodStateMachineTest {
private static final byte[] UICC_RESPONSE =
hexStringToByteArray("04" + SRES_1 + "08" + KC_1);
+ // EAP-Identity = hex("test@android.net")
+ protected static final byte[] EAP_IDENTITY_BYTES =
+ hexStringToByteArray("7465737440616E64726F69642E6E6574");
+
// K_encr + K_aut + MSK + EMSK
private static final int PRF_OUTPUT_BYTES = (2 * KEY_LEN) + (2 * SESSION_KEY_LENGTH);
@@ -139,7 +143,8 @@ public class EapSimAkaMethodStateMachineTest {
mEapSimConfig = new EapSimConfig(SUB_ID, TelephonyManager.APPTYPE_USIM);
mStateMachine =
- new EapSimAkaMethodStateMachine(mMockTelephonyManager, mEapSimConfig) {
+ new EapSimAkaMethodStateMachine(
+ mMockTelephonyManager, EAP_IDENTITY_BYTES, mEapSimConfig) {
@Override
EapSimAkaTypeData getEapSimAkaTypeData(AtClientErrorCode clientErrorCode) {
return new EapSimTypeData(
diff --git a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimMethodStateMachineTest.java b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimMethodStateMachineTest.java
index 6ec51035..8aa41311 100644
--- a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimMethodStateMachineTest.java
+++ b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimMethodStateMachineTest.java
@@ -65,6 +65,10 @@ public class EapSimMethodStateMachineTest {
private static final int SUB_ID = 1;
private static final byte[] DUMMY_EAP_TYPE_DATA = hexStringToByteArray("112233445566");
+ // EAP-Identity = hex("test@android.net")
+ protected static final byte[] EAP_IDENTITY_BYTES =
+ hexStringToByteArray("7465737440616E64726F69642E6E6574");
+
private TelephonyManager mMockTelephonyManager;
private EapSimTypeDataDecoder mMockEapSimTypeDataDecoder;
@@ -83,6 +87,7 @@ public class EapSimMethodStateMachineTest {
mEapSimMethodStateMachine =
new EapSimMethodStateMachine(
mMockTelephonyManager,
+ EAP_IDENTITY_BYTES,
mEapSimConfig,
new SecureRandom(),
mMockEapSimTypeDataDecoder);
diff --git a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimStartStateTest.java b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimStartStateTest.java
index a45b52b8..4965c8fa 100644
--- a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimStartStateTest.java
+++ b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimStartStateTest.java
@@ -22,6 +22,7 @@ import static com.android.ike.eap.message.EapMessage.EAP_CODE_FAILURE;
import static com.android.ike.eap.message.EapMessage.EAP_CODE_REQUEST;
import static com.android.ike.eap.message.EapMessage.EAP_CODE_SUCCESS;
import static com.android.ike.eap.message.EapTestMessageDefinitions.EAP_SIM_IDENTITY;
+import static com.android.ike.eap.message.EapTestMessageDefinitions.EAP_SIM_RESPONSE_WITHOUT_IDENTITY;
import static com.android.ike.eap.message.EapTestMessageDefinitions.ID_INT;
import static com.android.ike.eap.message.EapTestMessageDefinitions.IMSI;
import static com.android.ike.eap.message.simaka.EapSimAkaAttribute.EAP_AT_ANY_ID_REQ;
@@ -30,12 +31,17 @@ import static com.android.ike.eap.message.simaka.EapSimAkaAttribute.EAP_AT_IV;
import static com.android.ike.eap.message.simaka.EapSimAkaAttribute.EAP_AT_MAC;
import static com.android.ike.eap.message.simaka.EapSimAkaAttribute.EAP_AT_PERMANENT_ID_REQ;
import static com.android.ike.eap.message.simaka.EapSimAkaAttribute.EAP_AT_VERSION_LIST;
+import static com.android.ike.eap.message.simaka.EapSimTypeData.EAP_SIM_CHALLENGE;
import static com.android.ike.eap.message.simaka.EapSimTypeData.EAP_SIM_START;
+import static com.android.ike.eap.message.simaka.attributes.EapTestAttributeDefinitions.NONCE_MT;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
import static org.mockito.Mockito.when;
@@ -43,6 +49,7 @@ import static org.mockito.Mockito.when;
import com.android.ike.eap.EapResult;
import com.android.ike.eap.EapResult.EapError;
import com.android.ike.eap.EapResult.EapFailure;
+import com.android.ike.eap.EapResult.EapResponse;
import com.android.ike.eap.exceptions.EapInvalidRequestException;
import com.android.ike.eap.exceptions.simaka.EapSimAkaIdentityUnavailableException;
import com.android.ike.eap.message.EapData;
@@ -51,12 +58,15 @@ import com.android.ike.eap.message.simaka.EapSimAkaAttribute;
import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtAnyIdReq;
import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtIdentity;
import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtMac;
+import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtNonceMt;
import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtPermanentIdReq;
import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtVersionList;
import com.android.ike.eap.message.simaka.EapSimAkaTypeData.DecodeResult;
import com.android.ike.eap.message.simaka.EapSimTypeData;
import com.android.ike.eap.statemachine.EapMethodStateMachine.FinalState;
+import com.android.ike.eap.statemachine.EapSimMethodStateMachine.ChallengeState;
import com.android.ike.eap.statemachine.EapSimMethodStateMachine.StartState;
+import com.android.ike.utils.Log;
import org.junit.Before;
import org.junit.Test;
@@ -72,7 +82,15 @@ public class EapSimStartStateTest extends EapSimStateTest {
@Before
public void setUp() {
super.setUp();
- mStartState = mEapSimMethodStateMachine.new StartState(null);
+
+ AtNonceMt atNonceMt = null;
+ try {
+ atNonceMt = new AtNonceMt(NONCE_MT);
+ } catch (Exception e) {
+ fail("Failed to create AtNonceMt attribute in setUp()");
+ }
+
+ mStartState = mEapSimMethodStateMachine.new StartState(atNonceMt);
mEapSimMethodStateMachine.transitionTo(mStartState);
mAttributes = new LinkedHashMap<>();
@@ -193,4 +211,44 @@ public class EapSimStartStateTest extends EapSimStateTest {
assertNull(atIdentity);
verifyNoMoreInteractions(mMockTelephonyManager);
}
+
+ @Test
+ public void testProcessWithoutIdentityRequest() throws Exception {
+ EapMessage eapMessage =
+ new EapMessage(
+ EAP_CODE_REQUEST, ID_INT, new EapData(EAP_TYPE_SIM, DUMMY_EAP_TYPE_DATA));
+
+ // Send EAP-SIM/Start message without Identity request
+ mAttributes.put(EAP_AT_VERSION_LIST, new AtVersionList(8, 1));
+ DecodeResult eapSimStartDecodeResult =
+ new DecodeResult(new EapSimTypeData(EAP_SIM_START, mAttributes));
+ when(mMockEapSimTypeDataDecoder.decode(DUMMY_EAP_TYPE_DATA))
+ .thenReturn(eapSimStartDecodeResult);
+
+ EapResult result = mEapSimMethodStateMachine.process(eapMessage);
+ EapResponse eapResponse = (EapResponse) result;
+ assertArrayEquals(
+ Log.byteArrayToHexString(eapResponse.packet),
+ EAP_SIM_RESPONSE_WITHOUT_IDENTITY,
+ eapResponse.packet);
+
+ verify(mMockEapSimTypeDataDecoder).decode(eq(DUMMY_EAP_TYPE_DATA));
+
+ // Send EAP-SIM/Challenge message
+ DecodeResult eapSimChallengeDecodeResult =
+ new DecodeResult(new EapSimTypeData(EAP_SIM_CHALLENGE, new LinkedHashMap<>()));
+ when(mMockEapSimTypeDataDecoder.decode(DUMMY_EAP_TYPE_DATA))
+ .thenReturn(eapSimChallengeDecodeResult);
+
+ // We only care about the transition to ChallengeState - the response doesn't matter
+ mEapSimMethodStateMachine.process(eapMessage);
+ ChallengeState challengeState = (ChallengeState) mEapSimMethodStateMachine.getState();
+ assertArrayEquals(EAP_IDENTITY_BYTES, challengeState.mIdentity);
+
+ // verify decode called 3x times:
+ // 1. decode in EAP-SIM/Start test above
+ // 2. decode in EAP-SIM/Challenge test for StartState
+ // 3. decode in EAP-SIM/Challenge test for ChallengeState
+ verify(mMockEapSimTypeDataDecoder, times(3)).decode(eq(DUMMY_EAP_TYPE_DATA));
+ }
}
diff --git a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimStateTest.java b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimStateTest.java
index 562da213..9a0a3c2c 100644
--- a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimStateTest.java
+++ b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimStateTest.java
@@ -63,6 +63,10 @@ public class EapSimStateTest {
protected static final String NOTIFICATION_MESSAGE = "test";
protected static final byte[] DUMMY_EAP_TYPE_DATA = hexStringToByteArray("112233445566");
+ // EAP-Identity = hex("test@android.net")
+ protected static final byte[] EAP_IDENTITY_BYTES =
+ hexStringToByteArray("7465737440616E64726F69642E6E6574");
+
protected TelephonyManager mMockTelephonyManager;
protected EapSimTypeDataDecoder mMockEapSimTypeDataDecoder;
@@ -80,6 +84,7 @@ public class EapSimStateTest {
mEapSimMethodStateMachine =
new EapSimMethodStateMachine(
mMockTelephonyManager,
+ EAP_IDENTITY_BYTES,
mEapSimConfig,
new SecureRandom(),
mMockEapSimTypeDataDecoder);
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-18 07:34:21 +0000