diff options
author | Cody Kesting <ckesting@google.com> | 2019-10-07 11:18:44 -0700 |
---|---|---|
committer | Cody Kesting <ckesting@google.com> | 2019-10-08 10:44:02 -0700 |
commit | d5756ba69b5fb990e3b059b83c311a06e8019f4e (patch) | |
tree | e287d06bd3c34df90b5e9fd5c9688522cd5382f6 /tests/iketests/src | |
parent | 05bf634f6bf9638ff51c34d8fcb33101fe6d6e7d (diff) | |
download | ike-d5756ba69b5fb990e3b059b83c311a06e8019f4e.tar.gz |
Use EAP-Identity in EAP-SIM and EAP-AKA.
When the method-specific identity is not requested in EAP-SIM/AKA, the
EAP-Identity value must be used for computing the MSK and EMSK (RFC
4186#7, RFC 4187#7). This is done by setting the default identity in
both method state machines to be the EAP-Identity, such that any
identity requests in the methods will override the EAP-Identity.
Bug: 140173530
Test: atest FrameworksIkeTests
Change-Id: I34e88780fc48fe8e83a2c909b4616a929485296f
Diffstat (limited to 'tests/iketests/src')
10 files changed, 291 insertions, 63 deletions
diff --git a/tests/iketests/src/java/com/android/ike/eap/EapAkaTest.java b/tests/iketests/src/java/com/android/ike/eap/EapAkaTest.java index 6af29cdb..607ade57 100644 --- a/tests/iketests/src/java/com/android/ike/eap/EapAkaTest.java +++ b/tests/iketests/src/java/com/android/ike/eap/EapAkaTest.java @@ -44,6 +44,10 @@ public class EapAkaTest extends EapMethodEndToEndTest { private static final int SUB_ID = 1; private static final String UNFORMATTED_IDENTITY = "123456789ABCDEF"; // IMSI + // EAP_IDENTITY = hex("test@android.net") + private static final byte[] EAP_IDENTITY = + hexStringToByteArray("7465737440616E64726F69642E6E6574"); + // TODO(b/140797965): find valid AUTN/RAND values for the CTS test sim // IK: 7320EE404E055EF2B5AB0F86E96C48BE // CK: E9D1707652E13BF3E05975F601678E5C @@ -68,6 +72,24 @@ public class EapAkaTest extends EapMethodEndToEndTest { + "94B578DE0A3686E17F96F14D5341FE75" + "2012944CA394E5288BA1B2C70CB65063"); + // IK: 7320EE404E055EF2B5AB0F86E96C48BE + // CK: E9D1707652E13BF3E05975F601678E5C + // MK: 8183017CD8ADDB4617F4A2274DD5BCEA99354FB7 + // K_encr: 891D5DB8CACAF657D68BE72371F927A2 + // K_aut: E042A1CC5672358685EC012881EA02DE + private static final byte[] MSK_WITHOUT_IDENTITY_REQ = + hexStringToByteArray( + "629DE03704E15EF1B8BADFF7FA5D84D5" + + "8574B6A3A46F274796346A86AE3455AC" + + "711E2D4D3F96EE71E664B1B947D7E9E7" + + "D227CBB6199A68BD7D43E6E4863D08D6"); + private static final byte[] EMSK_WITHOUT_IDENTITY_REQ = + hexStringToByteArray( + "30A6638AE3AB5C5D29554D8256C3A287" + + "FDF6255E4D726C0622DDF89609C16A8D" + + "563768166A8111A083547DE4C8E280D6" + + "113A608DE9227FC7C02679A1E04DB3CF"); + // Base 64 of: [Length][RAND_1][Length][AUTN] private static final String BASE64_CHALLENGE_1 = "ENailvAwowVgGzEdOKAEUFwQNakUPtnhAAEXleeF2vqtmw=="; @@ -85,6 +107,10 @@ public class EapAkaTest extends EapMethodEndToEndTest { private static final String REQUEST_MAC = "90C3554783D49A18F9EAA231F3C261EC"; private static final String RESPONSE_MAC = "D085987D3D15FA50A80D0CECFA2412EB"; + private static final String REQUEST_MAC_WITHOUT_IDENTITY_REQ = + "6AD7E3F43ED99384E751F55AB8EA48B4"; + private static final String RESPONSE_MAC_WITHOUT_IDENTITY_REQ = + "83E9F5B8B44BDE39B50538BF49864209"; private static final byte[] EAP_AKA_IDENTITY_REQUEST = hexStringToByteArray( @@ -110,6 +136,21 @@ public class EapAkaTest extends EapMethodEndToEndTest { + "17010000" // EAP-AKA | Challenge | 2B padding + "03050080" + RES // AT_RES attribute + "0B050000" + RESPONSE_MAC); // AT_MAC attribute + + private static final byte[] EAP_AKA_CHALLENGE_REQUEST_WITHOUT_IDENTITY_REQ = + hexStringToByteArray( + "01CE0044" // EAP-Request | ID | length in bytes + + "17010000" // EAP-AKA | Challenge | 2B padding + + "01050000" + RAND_1 // AT_RAND attribute + + "02050000" + AUTN // AT_AUTN attribute + + "0B050000" + REQUEST_MAC_WITHOUT_IDENTITY_REQ); // AT_MAC attribute + private static final byte[] EAP_AKA_CHALLENGE_RESPONSE_WITHOUT_IDENTITY_REQUEST = + hexStringToByteArray( + "02CE0030" // EAP-Response | ID | length in bytes + + "17010000" // EAP-AKA | Challenge | 2B padding + + "03050080" + RES // AT_RES attribute + + "0B050000" + RESPONSE_MAC_WITHOUT_IDENTITY_REQ); // AT_MAC attribute + private static final byte[] EAP_AKA_CHALLENGE_REQUEST_SYNC_FAIL = hexStringToByteArray( "01CE0044" // EAP-Request | ID | length in bytes @@ -122,6 +163,7 @@ public class EapAkaTest extends EapMethodEndToEndTest { "02CE0018" // EAP-Response | ID | length in bytes + "17040000" // EAP-AKA | Challenge | 2B padding + "0404" + AUTS); // AT_AUTS attribute + private static final byte[] EAP_RESPONSE_NAK_PACKET = hexStringToByteArray("021000060317"); // NAK with EAP-AKA listed @@ -135,7 +177,10 @@ public class EapAkaTest extends EapMethodEndToEndTest { mMockTelephonyManager = mock(TelephonyManager.class); mEapSessionConfig = - new EapSessionConfig.Builder().setEapAkaConfig(SUB_ID, APPTYPE_USIM).build(); + new EapSessionConfig.Builder() + .setEapIdentity(EAP_IDENTITY) + .setEapAkaConfig(SUB_ID, APPTYPE_USIM) + .build(); mEapAuthenticator = new EapAuthenticator( mTestLooper.getLooper(), @@ -154,7 +199,13 @@ public class EapAkaTest extends EapMethodEndToEndTest { public void testEapAkaEndToEnd() { verifyEapAkaIdentity(); verifyEapAkaChallenge(); - verifyEapSuccess(); + verifyEapSuccess(MSK, EMSK); + } + + @Test + public void testEapAkaEndToEndWithoutIdentityRequest() { + verifyEapAkaChallengeWithoutIdentityReq(); + verifyEapSuccess(MSK_WITHOUT_IDENTITY_REQ, EMSK_WITHOUT_IDENTITY_REQ); } @Test @@ -166,7 +217,7 @@ public class EapAkaTest extends EapMethodEndToEndTest { verifyEapAkaChallenge(); verifyEapNotification(3); - verifyEapSuccess(); + verifyEapSuccess(MSK, EMSK); } @Test @@ -182,7 +233,7 @@ public class EapAkaTest extends EapMethodEndToEndTest { verifyEapAkaIdentity(); verifyEapAkaChallenge(); - verifyEapSuccess(); + verifyEapSuccess(MSK, EMSK); } @Test @@ -190,7 +241,7 @@ public class EapAkaTest extends EapMethodEndToEndTest { verifyEapAkaIdentity(); verifyEapAkaSynchronizationFailure(); verifyEapAkaChallenge(); - verifyEapSuccess(); + verifyEapSuccess(MSK, EMSK); } private void verifyEapAkaIdentity() { @@ -209,15 +260,19 @@ public class EapAkaTest extends EapMethodEndToEndTest { mMockContext, mMockTelephonyManager, mMockSecureRandom, mMockCallback); } - private void verifyEapAkaChallenge() { + private void verifyEapAkaChallenge( + String challengeBase64, + String responseBase64, + byte[] incomingEapPacket, + byte[] outgoingEapPacket) { // EAP-AKA/Challenge request when(mMockTelephonyManager.getIccAuthentication( TelephonyManager.APPTYPE_USIM, TelephonyManager.AUTHTYPE_EAP_AKA, - BASE64_CHALLENGE_1)) - .thenReturn(BASE_64_RESPONSE_SUCCESS); + challengeBase64)) + .thenReturn(responseBase64); - mEapAuthenticator.processEapMessage(EAP_AKA_CHALLENGE_REQUEST); + mEapAuthenticator.processEapMessage(incomingEapPacket); mTestLooper.dispatchAll(); // verify EAP-AKA/Challenge response @@ -225,36 +280,47 @@ public class EapAkaTest extends EapMethodEndToEndTest { .getIccAuthentication( TelephonyManager.APPTYPE_USIM, TelephonyManager.AUTHTYPE_EAP_AKA, - BASE64_CHALLENGE_1); - verify(mMockCallback).onResponse(eq(EAP_AKA_CHALLENGE_RESPONSE)); + challengeBase64); + verify(mMockCallback).onResponse(eq(outgoingEapPacket)); + } + + private void verifyEapAkaChallenge() { + verifyEapAkaChallenge( + BASE64_CHALLENGE_1, + BASE_64_RESPONSE_SUCCESS, + EAP_AKA_CHALLENGE_REQUEST, + EAP_AKA_CHALLENGE_RESPONSE); verifyNoMoreInteractions( mMockContext, mMockTelephonyManager, mMockSecureRandom, mMockCallback); } - private void verifyEapAkaSynchronizationFailure() { - // EAP-AKA/Challenge request - when(mMockTelephonyManager.getIccAuthentication( - TelephonyManager.APPTYPE_USIM, - TelephonyManager.AUTHTYPE_EAP_AKA, - BASE64_CHALLENGE_2)) - .thenReturn(BASE_64_RESPONSE_SYNC_FAIL); + private void verifyEapAkaChallengeWithoutIdentityReq() { + verifyEapAkaChallenge( + BASE64_CHALLENGE_1, + BASE_64_RESPONSE_SUCCESS, + EAP_AKA_CHALLENGE_REQUEST_WITHOUT_IDENTITY_REQ, + EAP_AKA_CHALLENGE_RESPONSE_WITHOUT_IDENTITY_REQUEST); - mEapAuthenticator.processEapMessage(EAP_AKA_CHALLENGE_REQUEST_SYNC_FAIL); - mTestLooper.dispatchAll(); + // also need to verify interactions with Context and TelephonyManager + verify(mMockContext).getSystemService(eq(Context.TELEPHONY_SERVICE)); + verify(mMockTelephonyManager).createForSubscriptionId(SUB_ID); + verifyNoMoreInteractions( + mMockContext, mMockTelephonyManager, mMockSecureRandom, mMockCallback); + } - // verify EAP-AKA/Synchronization-Failure response - verify(mMockTelephonyManager) - .getIccAuthentication( - TelephonyManager.APPTYPE_USIM, - TelephonyManager.AUTHTYPE_EAP_AKA, - BASE64_CHALLENGE_2); - verify(mMockCallback).onResponse(eq(EAP_AKA_SYNC_FAIL_RESPONSE)); + private void verifyEapAkaSynchronizationFailure() { + verifyEapAkaChallenge( + BASE64_CHALLENGE_2, + BASE_64_RESPONSE_SYNC_FAIL, + EAP_AKA_CHALLENGE_REQUEST_SYNC_FAIL, + EAP_AKA_SYNC_FAIL_RESPONSE); verifyNoMoreInteractions( mMockContext, mMockTelephonyManager, mMockSecureRandom, mMockCallback); } - private void verifyEapSuccess() { - super.verifyEapSuccess(MSK, EMSK); + @Override + protected void verifyEapSuccess(byte[] msk, byte[] emsk) { + super.verifyEapSuccess(msk, emsk); verifyNoMoreInteractions(mMockTelephonyManager); } diff --git a/tests/iketests/src/java/com/android/ike/eap/EapSimTest.java b/tests/iketests/src/java/com/android/ike/eap/EapSimTest.java index 2a9719cb..636a1e4d 100644 --- a/tests/iketests/src/java/com/android/ike/eap/EapSimTest.java +++ b/tests/iketests/src/java/com/android/ike/eap/EapSimTest.java @@ -47,6 +47,10 @@ public class EapSimTest extends EapMethodEndToEndTest { private static final byte[] NONCE = hexStringToByteArray("37f3ddd3954c4831a5ee08c574844398"); private static final String UNFORMATTED_IDENTITY = "123456789ABCDEF"; // IMSI + // EAP_IDENTITY = hex("test@android.net") + private static final byte[] EAP_IDENTITY = + hexStringToByteArray("7465737440616E64726F69642E6E6574"); + private static final int SUB_ID = 1; // Base 64 of: RAND @@ -55,21 +59,44 @@ public class EapSimTest extends EapMethodEndToEndTest { private static final String BASE64_RAND_3 = "ECEjRWeJq83vESNFZ4mrze8="; // BASE 64 of: "04" + SRES + "08" + KC + // SRES 1: 0ABCDEF0 KC 1: FEDCBA9876543210 + // SRES 2: 1ABCDEF1 KC 2: FEDCBA9876543211 + // SRES 3: 2ABCDEF2 KC 3: FEDCBA9876543212 private static final String BASE64_RESP_1 = "BAq83vAI/ty6mHZUMhA="; private static final String BASE64_RESP_2 = "BBq83vEI/ty6mHZUMhE="; private static final String BASE64_RESP_3 = "BCq83vII/ty6mHZUMhI="; - private static final byte[] MSK = hexStringToByteArray( - "9B1E2B6892BC113F6B6D0B5789DD8ADD" - + "B83BE2A84AA50FCAECD0003F92D8DA16" - + "4BF983C923695C309F1D7D68DB6992B0" - + "76EA8CE7129647A6F198F3A6AA8ADED9"); + // MK: 202FC68A3335E8A939A33BC0A0EA8C435DC10060 + // K_encr: F63E152461391FF655C2632E35D076ED + // K_aut: 48E001C8DBA37120FD0465153A56F712 + private static final byte[] MSK = + hexStringToByteArray( + "9B1E2B6892BC113F6B6D0B5789DD8ADD" + + "B83BE2A84AA50FCAECD0003F92D8DA16" + + "4BF983C923695C309F1D7D68DB6992B0" + + "76EA8CE7129647A6F198F3A6AA8ADED9"); private static final byte[] EMSK = hexStringToByteArray( "88210b6724400313539c740f417076b0" + "41da7e64658ec365bd2901a7cd7c2763" + "dad1a0508b92a42fdf85ac53c6f7e756" + "7f99b62bcaf467441b567f19b58d86ae"); + // MK: ED275A588A4C1AEC15C55261DCCD851189E5C5FD + // K_encr: FED573CFA6FC81267C08E264F50A0BB9 + // K_aut: 277B5D6A68FE5156A387996510AC5D61 + private static final byte[] MSK_WITHOUT_IDENTITY_REQ = + hexStringToByteArray( + "8023A49840433464DA1A4F2457FAB3D6" + + "B1A3CA6E5E1DB212FA1AEA17F0A5C933" + + "5541DE7448FE448AC3F09DC25BBAE1EE" + + "17DCE3D32099519CC75840F0E3FB612B"); + private static final byte[] EMSK_WITHOUT_IDENTITY_REQ = + hexStringToByteArray( + "F7E213F0E8F14A21C87F9B5DFADA9A75" + + "A8EAF4AD718BF8C3ED6557BDB60E4671" + + "E6AE109448B2F32F9B984667AE6C2B3F" + + "2FDFE67F97AF4D4727A2EA37F06B7785"); + private static final byte[] EAP_SIM_START_REQUEST = hexStringToByteArray( "01850014120a0000" // EAP header + "0f02000200010000" // AT_VERSION_LIST attribute @@ -86,9 +113,36 @@ public class EapSimTest extends EapMethodEndToEndTest { + "1123456789abcdef1123456789abcdef" // Rand 2 + "2123456789abcdef1123456789abcdef" // Rand 3 + "0b050000e4675b17fa7ba4d93db48d1af9ecbb01"); // AT_MAC attribute - private static final byte[] EAP_SIM_CHALLENGE_RESPONSE = hexStringToByteArray( - "0286001c120b0000" // EAP header - + "0b050000e5df9cb1d935ea5f54d449a038bed061"); // AT_NAC attribute + private static final byte[] EAP_SIM_CHALLENGE_RESPONSE = + hexStringToByteArray( + "0286001c120b0000" // EAP header + + "0b050000e5df9cb1d935ea5f54d449a038bed061"); // AT_MAC attribute + + private static final byte[] EAP_SIM_START_REQUEST_WITHOUT_IDENTITY_REQ = + hexStringToByteArray( + "01850010" // EAP-Request | ID | length in bytes + + "120a0000" // EAP-SIM | Start| 2B padding + + "0f02000200010000"); // AT_VERSION_LIST attribute + private static final byte[] EAP_SIM_START_RESPONSE_WITHOUT_IDENTITY_REQ = + hexStringToByteArray( + "02850020" // EAP-Response | ID | length in bytes + + "120a0000" // EAP-SIM | Start | 2B padding + + "0705000037f3ddd3954c4831a5ee08c574844398" // AT_NONCE_MT attribute + + "10010001"); // AT_SELECTED_VERSION attribute + private static final byte[] EAP_SIM_CHALLENGE_REQUEST_WITHOUT_IDENTITY_REQ = + hexStringToByteArray( + "01860050" // EAP-Request | ID | length in bytes + + "120b0000" // EAP-SIM | Challenge | 2B padding + + "010d0000" // AT_RAND attribute + + "0123456789abcdef1123456789abcdef" // Rand 1 + + "1123456789abcdef1123456789abcdef" // Rand 2 + + "2123456789abcdef1123456789abcdef" // Rand 3 + + "0b050000F2F8C10FCA946AAFE9555E2BD3693DF6"); // AT_MAC attribute + private static final byte[] EAP_SIM_CHALLENGE_RESPONSE_WITHOUT_IDENTITY_REQ = + hexStringToByteArray( + "0286001c" // EAP-Response | ID | length in bytes + + "120b0000" // EAP-SIM | Challenge | 2B padding + + "0b050000DAC3C1B7D9DBFBC923464A94F186E410"); // AT_MAC attribute private TelephonyManager mMockTelephonyManager; @@ -99,9 +153,11 @@ public class EapSimTest extends EapMethodEndToEndTest { mMockTelephonyManager = mock(TelephonyManager.class); - mEapSessionConfig = new EapSessionConfig.Builder() - .setEapSimConfig(SUB_ID, APPTYPE_USIM) - .build(); + mEapSessionConfig = + new EapSessionConfig.Builder() + .setEapIdentity(EAP_IDENTITY) + .setEapSimConfig(SUB_ID, APPTYPE_USIM) + .build(); mEapAuthenticator = new EapAuthenticator( mTestLooper.getLooper(), @@ -113,9 +169,21 @@ public class EapSimTest extends EapMethodEndToEndTest { @Test public void testEapSimEndToEnd() { - verifyEapSimStart(); - verifyEapSimChallenge(); - verifyEapSuccess(); + verifyEapSimStart(EAP_SIM_START_REQUEST, EAP_SIM_START_RESPONSE, true); + verifyEapSimChallenge(EAP_SIM_CHALLENGE_REQUEST, EAP_SIM_CHALLENGE_RESPONSE); + verifyEapSuccess(MSK, EMSK); + } + + @Test + public void testEapSimEndToEndWithoutIdentityRequest() { + verifyEapSimStart( + EAP_SIM_START_REQUEST_WITHOUT_IDENTITY_REQ, + EAP_SIM_START_RESPONSE_WITHOUT_IDENTITY_REQ, + false); + verifyEapSimChallenge( + EAP_SIM_CHALLENGE_REQUEST_WITHOUT_IDENTITY_REQ, + EAP_SIM_CHALLENGE_RESPONSE_WITHOUT_IDENTITY_REQ); + verifyEapSuccess(MSK_WITHOUT_IDENTITY_REQ, EMSK_WITHOUT_IDENTITY_REQ); } @Test @@ -133,24 +201,24 @@ public class EapSimTest extends EapMethodEndToEndTest { mMockCallback); // Switch to EAP-SIM and go through protocol - verifyEapSimStart(); - verifyEapSimChallenge(); - verifyEapSuccess(); + verifyEapSimStart(EAP_SIM_START_REQUEST, EAP_SIM_START_RESPONSE, true); + verifyEapSimChallenge(EAP_SIM_CHALLENGE_REQUEST, EAP_SIM_CHALLENGE_RESPONSE); + verifyEapSuccess(MSK, EMSK); } @Test public void verifyEapSimWithEapNotifications() { verifyEapNotification(1); - verifyEapSimStart(); + verifyEapSimStart(EAP_SIM_START_REQUEST, EAP_SIM_START_RESPONSE, true); verifyEapNotification(2); - verifyEapSimChallenge(); - + verifyEapSimChallenge(EAP_SIM_CHALLENGE_REQUEST, EAP_SIM_CHALLENGE_RESPONSE); verifyEapNotification(3); - verifyEapSuccess(); + verifyEapSuccess(MSK, EMSK); } - private void verifyEapSimStart() { + private void verifyEapSimStart( + byte[] incomingEapPacket, byte[] outgoingEapPacket, boolean expectIdentityRequest) { // EAP-SIM/Start request when(mMockContext.getSystemService(Context.TELEPHONY_SERVICE)) .thenReturn(mMockTelephonyManager); @@ -163,15 +231,19 @@ public class EapSimTest extends EapMethodEndToEndTest { return null; }).when(mMockSecureRandom).nextBytes(eq(new byte[NONCE.length])); - mEapAuthenticator.processEapMessage(EAP_SIM_START_REQUEST); + mEapAuthenticator.processEapMessage(incomingEapPacket); mTestLooper.dispatchAll(); verify(mMockContext).getSystemService(eq(Context.TELEPHONY_SERVICE)); verify(mMockTelephonyManager).createForSubscriptionId(SUB_ID); - verify(mMockTelephonyManager).getSubscriberId(); + + if (expectIdentityRequest) { + verify(mMockTelephonyManager).getSubscriberId(); + } + verify(mMockSecureRandom).nextBytes(any(byte[].class)); // verify EAP-SIM/Start response - verify(mMockCallback).onResponse(eq(EAP_SIM_START_RESPONSE)); + verify(mMockCallback).onResponse(eq(outgoingEapPacket)); verifyNoMoreInteractions( mMockContext, mMockTelephonyManager, @@ -179,7 +251,7 @@ public class EapSimTest extends EapMethodEndToEndTest { mMockCallback); } - private void verifyEapSimChallenge() { + private void verifyEapSimChallenge(byte[] incomingEapPacket, byte[] outgoingEapPacket) { // EAP-SIM/Challenge request when(mMockTelephonyManager .getIccAuthentication( @@ -200,7 +272,7 @@ public class EapSimTest extends EapMethodEndToEndTest { BASE64_RAND_3)) .thenReturn(BASE64_RESP_3); - mEapAuthenticator.processEapMessage(EAP_SIM_CHALLENGE_REQUEST); + mEapAuthenticator.processEapMessage(incomingEapPacket); mTestLooper.dispatchAll(); // verify EAP-SIM/Challenge response @@ -219,7 +291,7 @@ public class EapSimTest extends EapMethodEndToEndTest { eq(TelephonyManager.APPTYPE_USIM), eq(TelephonyManager.AUTHTYPE_EAP_SIM), eq(BASE64_RAND_3)); - verify(mMockCallback).onResponse(eq(EAP_SIM_CHALLENGE_RESPONSE)); + verify(mMockCallback).onResponse(eq(outgoingEapPacket)); verifyNoMoreInteractions( mMockContext, mMockTelephonyManager, @@ -227,8 +299,9 @@ public class EapSimTest extends EapMethodEndToEndTest { mMockCallback); } - private void verifyEapSuccess() { - super.verifyEapSuccess(MSK, EMSK); + @Override + protected void verifyEapSuccess(byte[] msk, byte[] emsk) { + super.verifyEapSuccess(msk, emsk); verifyNoMoreInteractions(mMockTelephonyManager); } diff --git a/tests/iketests/src/java/com/android/ike/eap/message/EapTestMessageDefinitions.java b/tests/iketests/src/java/com/android/ike/eap/message/EapTestMessageDefinitions.java index 79cb2e77..960cd34c 100644 --- a/tests/iketests/src/java/com/android/ike/eap/message/EapTestMessageDefinitions.java +++ b/tests/iketests/src/java/com/android/ike/eap/message/EapTestMessageDefinitions.java @@ -69,6 +69,8 @@ public class EapTestMessageDefinitions { // EAP-SIM response containing SELECTED_VERSION (1) and IDENTITY attributes public static final byte[] EAP_SIM_RESPONSE_PACKET = hexStringToByteArray( "02" + ID + "0024120A0000100100010E060011" + IDENTITY_STRING + "000000"); + public static final byte[] EAP_SIM_RESPONSE_WITHOUT_IDENTITY = + hexStringToByteArray("02" + ID + "0020120A000007050000" + NONCE_MT_STRING + "10010001"); public static final byte[] EAP_SIM_NOTIFICATION_RESPONSE = hexStringToByteArray( "02" + ID + "0008120C0000"); public static final byte[] EAP_AKA_NOTIFICATION_RESPONSE = diff --git a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaCreatedStateTest.java b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaCreatedStateTest.java index 5c0a6df2..c32fefac 100644 --- a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaCreatedStateTest.java +++ b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaCreatedStateTest.java @@ -24,6 +24,7 @@ import static com.android.ike.eap.message.EapTestMessageDefinitions.ID_INT; import static com.android.ike.eap.message.simaka.EapAkaTypeData.EAP_AKA_CHALLENGE; import static com.android.ike.eap.message.simaka.EapAkaTypeData.EAP_AKA_IDENTITY; +import static org.junit.Assert.assertArrayEquals; import static org.junit.Assert.assertTrue; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.times; @@ -81,7 +82,8 @@ public class EapAkaCreatedStateTest extends EapAkaStateTest { mEapAkaMethodStateMachine.process(eapMessage); - assertTrue(mEapAkaMethodStateMachine.getState() instanceof ChallengeState); + ChallengeState challengeState = (ChallengeState) mEapAkaMethodStateMachine.getState(); + assertArrayEquals(EAP_IDENTITY_BYTES, challengeState.mIdentity); // decoded in CreatedState and ChallengeState verify(mMockEapAkaTypeDataDecoder, times(2)).decode(DUMMY_EAP_TYPE_DATA); diff --git a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaMethodStateMachineTest.java b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaMethodStateMachineTest.java index c14dd04f..23c2649b 100644 --- a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaMethodStateMachineTest.java +++ b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaMethodStateMachineTest.java @@ -64,6 +64,10 @@ public class EapAkaMethodStateMachineTest { private static final int SUB_ID = 1; private static final byte[] DUMMY_EAP_TYPE_DATA = hexStringToByteArray("112233445566"); + // EAP-Identity = hex("test@android.net") + protected static final byte[] EAP_IDENTITY_BYTES = + hexStringToByteArray("7465737440616E64726F69642E6E6574"); + protected TelephonyManager mMockTelephonyManager; private EapAkaTypeDataDecoder mMockEapAkaTypeDataDecoder; @@ -80,7 +84,10 @@ public class EapAkaMethodStateMachineTest { mEapAkaMethodStateMachine = new EapAkaMethodStateMachine( - mMockTelephonyManager, mEapAkaConfig, mMockEapAkaTypeDataDecoder); + mMockTelephonyManager, + EAP_IDENTITY_BYTES, + mEapAkaConfig, + mMockEapAkaTypeDataDecoder); verify(mMockTelephonyManager).createForSubscriptionId(SUB_ID); } diff --git a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaStateTest.java b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaStateTest.java index 2f5c64e9..02ea9202 100644 --- a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaStateTest.java +++ b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapAkaStateTest.java @@ -62,6 +62,10 @@ public class EapAkaStateTest { protected static final String NOTIFICATION_MESSAGE = "test"; protected static final byte[] DUMMY_EAP_TYPE_DATA = hexStringToByteArray("112233445566"); + // EAP-Identity = hex("test@android.net") + protected static final byte[] EAP_IDENTITY_BYTES = + hexStringToByteArray("7465737440616E64726F69642E6E6574"); + protected TelephonyManager mMockTelephonyManager; protected EapAkaTypeDataDecoder mMockEapAkaTypeDataDecoder; @@ -79,6 +83,7 @@ public class EapAkaStateTest { mEapAkaMethodStateMachine = new EapAkaMethodStateMachine( mMockTelephonyManager, + EAP_IDENTITY_BYTES, mEapAkaConfig, mMockEapAkaTypeDataDecoder); diff --git a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimAkaMethodStateMachineTest.java b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimAkaMethodStateMachineTest.java index 71c5307f..f3cc5a03 100644 --- a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimAkaMethodStateMachineTest.java +++ b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimAkaMethodStateMachineTest.java @@ -126,6 +126,10 @@ public class EapSimAkaMethodStateMachineTest { private static final byte[] UICC_RESPONSE = hexStringToByteArray("04" + SRES_1 + "08" + KC_1); + // EAP-Identity = hex("test@android.net") + protected static final byte[] EAP_IDENTITY_BYTES = + hexStringToByteArray("7465737440616E64726F69642E6E6574"); + // K_encr + K_aut + MSK + EMSK private static final int PRF_OUTPUT_BYTES = (2 * KEY_LEN) + (2 * SESSION_KEY_LENGTH); @@ -139,7 +143,8 @@ public class EapSimAkaMethodStateMachineTest { mEapSimConfig = new EapSimConfig(SUB_ID, TelephonyManager.APPTYPE_USIM); mStateMachine = - new EapSimAkaMethodStateMachine(mMockTelephonyManager, mEapSimConfig) { + new EapSimAkaMethodStateMachine( + mMockTelephonyManager, EAP_IDENTITY_BYTES, mEapSimConfig) { @Override EapSimAkaTypeData getEapSimAkaTypeData(AtClientErrorCode clientErrorCode) { return new EapSimTypeData( diff --git a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimMethodStateMachineTest.java b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimMethodStateMachineTest.java index 6ec51035..8aa41311 100644 --- a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimMethodStateMachineTest.java +++ b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimMethodStateMachineTest.java @@ -65,6 +65,10 @@ public class EapSimMethodStateMachineTest { private static final int SUB_ID = 1; private static final byte[] DUMMY_EAP_TYPE_DATA = hexStringToByteArray("112233445566"); + // EAP-Identity = hex("test@android.net") + protected static final byte[] EAP_IDENTITY_BYTES = + hexStringToByteArray("7465737440616E64726F69642E6E6574"); + private TelephonyManager mMockTelephonyManager; private EapSimTypeDataDecoder mMockEapSimTypeDataDecoder; @@ -83,6 +87,7 @@ public class EapSimMethodStateMachineTest { mEapSimMethodStateMachine = new EapSimMethodStateMachine( mMockTelephonyManager, + EAP_IDENTITY_BYTES, mEapSimConfig, new SecureRandom(), mMockEapSimTypeDataDecoder); diff --git a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimStartStateTest.java b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimStartStateTest.java index a45b52b8..4965c8fa 100644 --- a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimStartStateTest.java +++ b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimStartStateTest.java @@ -22,6 +22,7 @@ import static com.android.ike.eap.message.EapMessage.EAP_CODE_FAILURE; import static com.android.ike.eap.message.EapMessage.EAP_CODE_REQUEST; import static com.android.ike.eap.message.EapMessage.EAP_CODE_SUCCESS; import static com.android.ike.eap.message.EapTestMessageDefinitions.EAP_SIM_IDENTITY; +import static com.android.ike.eap.message.EapTestMessageDefinitions.EAP_SIM_RESPONSE_WITHOUT_IDENTITY; import static com.android.ike.eap.message.EapTestMessageDefinitions.ID_INT; import static com.android.ike.eap.message.EapTestMessageDefinitions.IMSI; import static com.android.ike.eap.message.simaka.EapSimAkaAttribute.EAP_AT_ANY_ID_REQ; @@ -30,12 +31,17 @@ import static com.android.ike.eap.message.simaka.EapSimAkaAttribute.EAP_AT_IV; import static com.android.ike.eap.message.simaka.EapSimAkaAttribute.EAP_AT_MAC; import static com.android.ike.eap.message.simaka.EapSimAkaAttribute.EAP_AT_PERMANENT_ID_REQ; import static com.android.ike.eap.message.simaka.EapSimAkaAttribute.EAP_AT_VERSION_LIST; +import static com.android.ike.eap.message.simaka.EapSimTypeData.EAP_SIM_CHALLENGE; import static com.android.ike.eap.message.simaka.EapSimTypeData.EAP_SIM_START; +import static com.android.ike.eap.message.simaka.attributes.EapTestAttributeDefinitions.NONCE_MT; import static org.junit.Assert.assertArrayEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; +import static org.mockito.ArgumentMatchers.eq; +import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.verifyNoMoreInteractions; import static org.mockito.Mockito.when; @@ -43,6 +49,7 @@ import static org.mockito.Mockito.when; import com.android.ike.eap.EapResult; import com.android.ike.eap.EapResult.EapError; import com.android.ike.eap.EapResult.EapFailure; +import com.android.ike.eap.EapResult.EapResponse; import com.android.ike.eap.exceptions.EapInvalidRequestException; import com.android.ike.eap.exceptions.simaka.EapSimAkaIdentityUnavailableException; import com.android.ike.eap.message.EapData; @@ -51,12 +58,15 @@ import com.android.ike.eap.message.simaka.EapSimAkaAttribute; import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtAnyIdReq; import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtIdentity; import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtMac; +import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtNonceMt; import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtPermanentIdReq; import com.android.ike.eap.message.simaka.EapSimAkaAttribute.AtVersionList; import com.android.ike.eap.message.simaka.EapSimAkaTypeData.DecodeResult; import com.android.ike.eap.message.simaka.EapSimTypeData; import com.android.ike.eap.statemachine.EapMethodStateMachine.FinalState; +import com.android.ike.eap.statemachine.EapSimMethodStateMachine.ChallengeState; import com.android.ike.eap.statemachine.EapSimMethodStateMachine.StartState; +import com.android.ike.utils.Log; import org.junit.Before; import org.junit.Test; @@ -72,7 +82,15 @@ public class EapSimStartStateTest extends EapSimStateTest { @Before public void setUp() { super.setUp(); - mStartState = mEapSimMethodStateMachine.new StartState(null); + + AtNonceMt atNonceMt = null; + try { + atNonceMt = new AtNonceMt(NONCE_MT); + } catch (Exception e) { + fail("Failed to create AtNonceMt attribute in setUp()"); + } + + mStartState = mEapSimMethodStateMachine.new StartState(atNonceMt); mEapSimMethodStateMachine.transitionTo(mStartState); mAttributes = new LinkedHashMap<>(); @@ -193,4 +211,44 @@ public class EapSimStartStateTest extends EapSimStateTest { assertNull(atIdentity); verifyNoMoreInteractions(mMockTelephonyManager); } + + @Test + public void testProcessWithoutIdentityRequest() throws Exception { + EapMessage eapMessage = + new EapMessage( + EAP_CODE_REQUEST, ID_INT, new EapData(EAP_TYPE_SIM, DUMMY_EAP_TYPE_DATA)); + + // Send EAP-SIM/Start message without Identity request + mAttributes.put(EAP_AT_VERSION_LIST, new AtVersionList(8, 1)); + DecodeResult eapSimStartDecodeResult = + new DecodeResult(new EapSimTypeData(EAP_SIM_START, mAttributes)); + when(mMockEapSimTypeDataDecoder.decode(DUMMY_EAP_TYPE_DATA)) + .thenReturn(eapSimStartDecodeResult); + + EapResult result = mEapSimMethodStateMachine.process(eapMessage); + EapResponse eapResponse = (EapResponse) result; + assertArrayEquals( + Log.byteArrayToHexString(eapResponse.packet), + EAP_SIM_RESPONSE_WITHOUT_IDENTITY, + eapResponse.packet); + + verify(mMockEapSimTypeDataDecoder).decode(eq(DUMMY_EAP_TYPE_DATA)); + + // Send EAP-SIM/Challenge message + DecodeResult eapSimChallengeDecodeResult = + new DecodeResult(new EapSimTypeData(EAP_SIM_CHALLENGE, new LinkedHashMap<>())); + when(mMockEapSimTypeDataDecoder.decode(DUMMY_EAP_TYPE_DATA)) + .thenReturn(eapSimChallengeDecodeResult); + + // We only care about the transition to ChallengeState - the response doesn't matter + mEapSimMethodStateMachine.process(eapMessage); + ChallengeState challengeState = (ChallengeState) mEapSimMethodStateMachine.getState(); + assertArrayEquals(EAP_IDENTITY_BYTES, challengeState.mIdentity); + + // verify decode called 3x times: + // 1. decode in EAP-SIM/Start test above + // 2. decode in EAP-SIM/Challenge test for StartState + // 3. decode in EAP-SIM/Challenge test for ChallengeState + verify(mMockEapSimTypeDataDecoder, times(3)).decode(eq(DUMMY_EAP_TYPE_DATA)); + } } diff --git a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimStateTest.java b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimStateTest.java index 562da213..9a0a3c2c 100644 --- a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimStateTest.java +++ b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapSimStateTest.java @@ -63,6 +63,10 @@ public class EapSimStateTest { protected static final String NOTIFICATION_MESSAGE = "test"; protected static final byte[] DUMMY_EAP_TYPE_DATA = hexStringToByteArray("112233445566"); + // EAP-Identity = hex("test@android.net") + protected static final byte[] EAP_IDENTITY_BYTES = + hexStringToByteArray("7465737440616E64726F69642E6E6574"); + protected TelephonyManager mMockTelephonyManager; protected EapSimTypeDataDecoder mMockEapSimTypeDataDecoder; @@ -80,6 +84,7 @@ public class EapSimStateTest { mEapSimMethodStateMachine = new EapSimMethodStateMachine( mMockTelephonyManager, + EAP_IDENTITY_BYTES, mEapSimConfig, new SecureRandom(), mMockEapSimTypeDataDecoder); |