Verify received PSK signature

Bug: 122687442 Test: FrameworksIkeTests IkeAuthPskPayloadTest Change-Id: Ib959d2ea455808858a7646f15111260a082c1be3
author: evitayan <evitayan@google.com> 2019-02-20 16:48:52 -0800
committer: evitayan <evitayan@google.com> 2019-02-25 14:49:57 -0800
commit: 6c7e8b9823ea35a8c4ce81a87f3ee737edd82055 (patch)
tree: 27f25ac9f422fbeb677da658a184d392e84610c2 /tests/iketests/src
parent: 4b94676d40b428c75748221e7f79442415bc6dc7 (diff)
download: ike-6c7e8b9823ea35a8c4ce81a87f3ee737edd82055.tar.gz
1 files changed, 56 insertions, 11 deletions
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeAuthPskPayloadTest.java b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeAuthPskPayloadTest.java
index 398e9626..baa8059c 100644
--- a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeAuthPskPayloadTest.java
+++ b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeAuthPskPayloadTest.java
@@ -18,17 +18,22 @@ package com.android.ike.ikev2.message;
 
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.fail;
+
+import com.android.ike.ikev2.exceptions.AuthenticationFailedException;
 
 import org.junit.Test;
 
 import java.nio.ByteBuffer;
+import java.util.Arrays;
 
 import javax.crypto.Mac;
 
-
 public final class IkeAuthPskPayloadTest {
     private static final String PSK_AUTH_PAYLOAD_HEX_STRING =
             "2100001c02000000df7c038aefaaa32d3f44b228b52a332744dfb2c1";
+    private static final String PSK_AUTH_PAYLOAD_BODY_HEX_STRING =
+            "02000000df7c038aefaaa32d3f44b228b52a332744dfb2c1";
     private static final String PSK_AUTH_PAYLOAD_SIGNATURE_HEX_STRING =
             "df7c038aefaaa32d3f44b228b52a332744dfb2c1";
 
@@ -59,24 +64,26 @@ public final class IkeAuthPskPayloadTest {
 
     private static final String PRF_HMAC_SHA1_ALGO_NAME = "HmacSHA1";
 
+    private static final byte[] PSK = TestUtils.hexStringToByteArray(PSK_HEX_STRING);
+    private static final byte[] IKE_INIT_REQUEST =
+            TestUtils.hexStringToByteArray(PSK_IKE_INIT_REQUEST_HEX_STRING);
+    private static final byte[] NONCE = TestUtils.hexStringToByteArray(PSK_NONCE_RESP_HEX_STRING);
+    private static final byte[] ID_PAYLOAD_BODY =
+            TestUtils.hexStringToByteArray(PSK_ID_INITIATOR_PAYLOAD_HEX_STRING);
+    private static final byte[] PRF_KEY = TestUtils.hexStringToByteArray(PSK_SKP_HEX_STRING);
+    private static final byte[] SIGNATURE =
+            TestUtils.hexStringToByteArray(PSK_AUTH_PAYLOAD_SIGNATURE_HEX_STRING);
+
     @Test
     public void testBuildOutboundIkeAuthPskPayload() throws Exception {
-        byte[] psk = TestUtils.hexStringToByteArray(PSK_HEX_STRING);
-        byte[] ikeInitBytes = TestUtils.hexStringToByteArray(PSK_IKE_INIT_REQUEST_HEX_STRING);
-        byte[] nonce = TestUtils.hexStringToByteArray(PSK_NONCE_RESP_HEX_STRING);
-        byte[] idPayloadBodyBytes =
-                TestUtils.hexStringToByteArray(PSK_ID_INITIATOR_PAYLOAD_HEX_STRING);
-        byte[] prfKeyBytes = TestUtils.hexStringToByteArray(PSK_SKP_HEX_STRING);
         Mac prfMac = Mac.getInstance(PRF_HMAC_SHA1_ALGO_NAME, IkeMessage.getSecurityProvider());
 
         IkeAuthPskPayload payload =
                 new IkeAuthPskPayload(
-                        psk, ikeInitBytes, nonce, idPayloadBodyBytes, prfMac, prfKeyBytes);
+                        PSK, IKE_INIT_REQUEST, NONCE, ID_PAYLOAD_BODY, prfMac, PRF_KEY);
 
         assertEquals(IkeAuthPayload.AUTH_METHOD_PRE_SHARED_KEY, payload.authMethod);
-        byte[] expectedSignature =
-                TestUtils.hexStringToByteArray(PSK_AUTH_PAYLOAD_SIGNATURE_HEX_STRING);
-        assertArrayEquals(expectedSignature, payload.signature);
+        assertArrayEquals(SIGNATURE, payload.signature);
 
         // Verify payload length
         int payloadLength = payload.getPayloadLength();
@@ -88,4 +95,42 @@ public final class IkeAuthPskPayloadTest {
         payload.encodeToByteBuffer(IkePayload.PAYLOAD_TYPE_SA, byteBuffer);
         assertArrayEquals(expectedPayload, byteBuffer.array());
     }
+
+    private IkeAuthPskPayload buildPskPayload() throws Exception {
+        byte[] payloadBody = TestUtils.hexStringToByteArray(PSK_AUTH_PAYLOAD_BODY_HEX_STRING);
+        IkeAuthPskPayload pskPayload =
+                (IkeAuthPskPayload) IkeAuthPayload.getIkeAuthPayload(false, payloadBody);
+        return pskPayload;
+    }
+
+    @Test
+    public void testDecodeIkeAuthPskPayload() throws Exception {
+        IkeAuthPskPayload pskPayload = buildPskPayload();
+
+        assertArrayEquals(SIGNATURE, pskPayload.signature);
+    }
+
+    @Test
+    public void testVerifyReceivedSignature() throws Exception {
+        Mac prfMac = Mac.getInstance(PRF_HMAC_SHA1_ALGO_NAME, IkeMessage.getSecurityProvider());
+        IkeAuthPskPayload pskPayload = buildPskPayload();
+
+        pskPayload.verifyInboundSignature(
+                PSK, IKE_INIT_REQUEST, NONCE, ID_PAYLOAD_BODY, prfMac, PRF_KEY);
+    }
+
+    @Test
+    public void testVerifyReceivedSignatureFailure() throws Exception {
+        Mac prfMac = Mac.getInstance(PRF_HMAC_SHA1_ALGO_NAME, IkeMessage.getSecurityProvider());
+        IkeAuthPskPayload pskPayload = buildPskPayload();
+        byte[] nonce = Arrays.copyOf(NONCE, NONCE.length);
+        nonce[0]++;
+
+        try {
+            pskPayload.verifyInboundSignature(
+                    PSK, IKE_INIT_REQUEST, nonce, ID_PAYLOAD_BODY, prfMac, PRF_KEY);
+            fail("Expected signature verification to have failed due to mismatched signatures.");
+        } catch (AuthenticationFailedException expected) {
+        }
+    }
 }
author	evitayan <evitayan@google.com>	2019-02-20 16:48:52 -0800
committer	evitayan <evitayan@google.com>	2019-02-25 14:49:57 -0800
commit	6c7e8b9823ea35a8c4ce81a87f3ee737edd82055 (patch)
tree	27f25ac9f422fbeb677da658a184d392e84610c2 /tests/iketests/src
parent	4b94676d40b428c75748221e7f79442415bc6dc7 (diff)
download	ike-6c7e8b9823ea35a8c4ce81a87f3ee737edd82055.tar.gz