aboutsummaryrefslogtreecommitdiff
path: root/tests/iketests/src
diff options
context:
space:
mode:
authorevitayan <evitayan@google.com>2019-02-25 14:43:40 -0800
committerevitayan <evitayan@google.com>2019-03-19 10:28:57 -0700
commitca1edc492cc63971e7f8900a57c178845f88544f (patch)
tree86f2bd2c998d3c8f93d470c39908088a18d0993c /tests/iketests/src
parent1d3f038662ceeb656554fc918d1fefcfb3a8cafb (diff)
downloadike-ca1edc492cc63971e7f8900a57c178845f88544f.tar.gz
Validate SA response
This commit: - Add NoValidProposalChosenException to represent SA request/response validation failure - Support building outboune SA payload from SaProposal - Support decoding inbound Proposal to SaProposal - Support validating inbound SA response Bug: 122692043 Test: FrameworksIkeTests IkeSaPayloadTest SaProposalTest Change-Id: I49b4a91d5bf5db4e4fb18f10c8c7d6b4a5134bd4
Diffstat (limited to 'tests/iketests/src')
-rw-r--r--tests/iketests/src/java/com/android/ike/ikev2/ChildSessionStateMachineTest.java4
-rw-r--r--tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java45
-rw-r--r--tests/iketests/src/java/com/android/ike/ikev2/message/IkeMessageTest.java2
-rw-r--r--tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java270
-rw-r--r--tests/iketests/src/java/com/android/ike/ikev2/message/IkeTsPayloadTest.java3
-rw-r--r--tests/iketests/src/java/com/android/ike/ikev2/message/TestUtils.java5
6 files changed, 287 insertions, 42 deletions
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionStateMachineTest.java b/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionStateMachineTest.java
index f16ada74..e81b17aa 100644
--- a/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionStateMachineTest.java
+++ b/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionStateMachineTest.java
@@ -90,10 +90,10 @@ public final class ChildSessionStateMachineTest {
private void setUpPayloadLists() throws IkeException {
mAuthReqSaNegoPayloads.add(
TestUtils.hexStringToIkePayload(
- IkePayload.PAYLOAD_TYPE_SA, IKE_AUTH_REQ_SA_PAYLOAD));
+ IkePayload.PAYLOAD_TYPE_SA, false, IKE_AUTH_REQ_SA_PAYLOAD));
mAuthRespSaNegoPayloads.add(
TestUtils.hexStringToIkePayload(
- IkePayload.PAYLOAD_TYPE_SA, IKE_AUTH_RESP_SA_PAYLOAD));
+ IkePayload.PAYLOAD_TYPE_SA, true, IKE_AUTH_RESP_SA_PAYLOAD));
// TODO: Build and add Traffic Selector Payloads to two payload lists.
}
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java b/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java
index 4b0656da..2ce2a9d9 100644
--- a/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java
+++ b/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java
@@ -18,6 +18,7 @@ package com.android.ike.ikev2;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
@@ -27,12 +28,14 @@ import com.android.ike.ikev2.message.IkeSaPayload.DhGroupTransform;
import com.android.ike.ikev2.message.IkeSaPayload.EncryptionTransform;
import com.android.ike.ikev2.message.IkeSaPayload.IntegrityTransform;
import com.android.ike.ikev2.message.IkeSaPayload.PrfTransform;
+import com.android.ike.ikev2.message.IkeSaPayload.Transform;
import org.junit.Test;
public final class SaProposalTest {
private final EncryptionTransform mEncryption3DesTransform;
private final EncryptionTransform mEncryptionAesGcm8Transform;
+ private final EncryptionTransform mEncryptionAesGcm12Transform;
private final IntegrityTransform mIntegrityHmacSha1Transform;
private final IntegrityTransform mIntegrityNoneTransform;
private final PrfTransform mPrfAes128XCbcTransform;
@@ -43,6 +46,9 @@ public final class SaProposalTest {
mEncryptionAesGcm8Transform =
new EncryptionTransform(
SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, SaProposal.KEY_LEN_AES_128);
+ mEncryptionAesGcm12Transform =
+ new EncryptionTransform(
+ SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12, SaProposal.KEY_LEN_AES_128);
mIntegrityHmacSha1Transform =
new IntegrityTransform(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96);
mIntegrityNoneTransform = new IntegrityTransform(SaProposal.INTEGRITY_ALGORITHM_NONE);
@@ -298,4 +304,43 @@ public final class SaProposalTest {
}
}
+
+ @Test
+ public void testIsTransformSelectedFrom() throws Exception {
+ assertTrue(SaProposal.isTransformSelectedFrom(new Transform[0], new Transform[0]));
+ assertTrue(
+ SaProposal.isTransformSelectedFrom(
+ new Transform[] {mEncryptionAesGcm8Transform},
+ new Transform[] {
+ mEncryptionAesGcm8Transform, mEncryptionAesGcm12Transform
+ }));
+ assertTrue(
+ SaProposal.isTransformSelectedFrom(
+ new Transform[] {mIntegrityNoneTransform},
+ new Transform[] {mIntegrityNoneTransform}));
+
+ // No transform selected.
+ assertFalse(
+ SaProposal.isTransformSelectedFrom(
+ new Transform[0], new Transform[] {mEncryptionAesGcm8Transform}));
+
+ // Selected transform was not part of original proposal.
+ assertFalse(
+ SaProposal.isTransformSelectedFrom(
+ new Transform[] {mPrfAes128XCbcTransform}, new Transform[0]));
+
+ // More than one transform returned.
+ assertFalse(
+ SaProposal.isTransformSelectedFrom(
+ new Transform[] {mEncryptionAesGcm8Transform, mEncryptionAesGcm12Transform},
+ new Transform[] {
+ mEncryptionAesGcm8Transform, mEncryptionAesGcm12Transform
+ }));
+
+ // Selected transform was not part of original proposal.
+ assertFalse(
+ SaProposal.isTransformSelectedFrom(
+ new Transform[] {mIntegrityNoneTransform},
+ new Transform[] {mIntegrityHmacSha1Transform}));
+ }
}
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeMessageTest.java b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeMessageTest.java
index 8584f78a..961abb30 100644
--- a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeMessageTest.java
+++ b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeMessageTest.java
@@ -98,7 +98,7 @@ public final class IkeMessageTest {
@Override
public IkePayload decodeIkePayload(
- int payloadType, boolean isCritical, byte[] payloadBody)
+ int payloadType, boolean isCritical, boolean isResp, byte[] payloadBody)
throws IkeException {
if (support(payloadType)) {
return new TestIkeSupportedPayload(payloadType, isCritical);
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java
index cfde10e5..b0d927d8 100644
--- a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java
+++ b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java
@@ -19,6 +19,7 @@ package com.android.ike.ikev2.message;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import static org.mockito.Matchers.any;
@@ -31,6 +32,7 @@ import android.util.Pair;
import com.android.ike.ikev2.SaProposal;
import com.android.ike.ikev2.exceptions.IkeException;
import com.android.ike.ikev2.exceptions.InvalidSyntaxException;
+import com.android.ike.ikev2.exceptions.NoValidProposalChosenException;
import com.android.ike.ikev2.message.IkeSaPayload.Attribute;
import com.android.ike.ikev2.message.IkeSaPayload.AttributeDecoder;
import com.android.ike.ikev2.message.IkeSaPayload.DhGroupTransform;
@@ -49,8 +51,10 @@ import org.junit.Before;
import org.junit.Test;
import java.nio.ByteBuffer;
+import java.util.Arrays;
import java.util.LinkedList;
import java.util.List;
+import java.util.Random;
public final class IkeSaPayloadTest {
private static final String PROPOSAL_RAW_PACKET =
@@ -87,30 +91,87 @@ public final class IkeSaPayloadTest {
private static final String ATTRIBUTE_RAW_PACKET = "800e0080";
private static final int PROPOSAL_NUMBER = 1;
+ private static final int PROPOSAL_NUMBER_OFFSET = 4;
@IkePayload.ProtocolId
private static final int PROPOSAL_PROTOCOL_ID = IkePayload.PROTOCOL_ID_IKE;
+ private static final int PROTOCOL_ID_OFFSET = 5;
+
private static final byte PROPOSAL_SPI_SIZE = 0;
private static final byte PROPOSAL_SPI = 0;
// Constants for multiple proposals test
private static final byte[] PROPOSAL_NUMBER_LIST = {1, 2};
- private static final int KEY_LEN = 128;
-
private AttributeDecoder mMockedAttributeDecoder;
private KeyLengthAttribute mAttributeKeyLength128;
private List<Attribute> mAttributeListWithKeyLength128;
+ private EncryptionTransform mEncrAesCbc128Transform;
+ private EncryptionTransform mEncrAesGcm8Key128Transform;
+ private IntegrityTransform mIntegHmacSha1Transform;
+ private PrfTransform mPrfHmacSha1Transform;
+ private DhGroupTransform mDhGroup1024Transform;
+
+ private Transform[] mValidNegotiatedTransformSet;
+
+ private SaProposal mSaProposalOne;
+ private SaProposal mSaProposalTwo;
+ private SaProposal[] mTwoSaProposalsArray;
+
@Before
public void setUp() throws Exception {
mMockedAttributeDecoder = mock(AttributeDecoder.class);
mAttributeKeyLength128 = new KeyLengthAttribute(SaProposal.KEY_LEN_AES_128);
mAttributeListWithKeyLength128 = new LinkedList<>();
mAttributeListWithKeyLength128.add(mAttributeKeyLength128);
+
+ mEncrAesCbc128Transform =
+ new EncryptionTransform(
+ SaProposal.ENCRYPTION_ALGORITHM_AES_CBC, SaProposal.KEY_LEN_AES_128);
+ mEncrAesGcm8Key128Transform =
+ new EncryptionTransform(
+ SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, SaProposal.KEY_LEN_AES_128);
+ mIntegHmacSha1Transform =
+ new IntegrityTransform(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96);
+ mPrfHmacSha1Transform = new PrfTransform(SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1);
+ mDhGroup1024Transform = new DhGroupTransform(SaProposal.DH_GROUP_1024_BIT_MODP);
+
+ mValidNegotiatedTransformSet =
+ new Transform[] {
+ mEncrAesCbc128Transform,
+ mIntegHmacSha1Transform,
+ mPrfHmacSha1Transform,
+ mDhGroup1024Transform
+ };
+
+ mSaProposalOne =
+ SaProposal.Builder.newIkeSaProposalBuilder()
+ .addEncryptionAlgorithm(
+ SaProposal.ENCRYPTION_ALGORITHM_AES_CBC, SaProposal.KEY_LEN_AES_128)
+ .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96)
+ .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP)
+ .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1)
+ .buildOrThrow();
+
+ mSaProposalTwo =
+ SaProposal.Builder.newIkeSaProposalBuilder()
+ .addEncryptionAlgorithm(
+ SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8,
+ SaProposal.KEY_LEN_AES_128)
+ .addEncryptionAlgorithm(
+ SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12,
+ SaProposal.KEY_LEN_AES_128)
+ .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC)
+ .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP)
+ .addDhGroup(SaProposal.DH_GROUP_2048_BIT_MODP)
+ .buildOrThrow();
+ mTwoSaProposalsArray = new SaProposal[] {mSaProposalOne, mSaProposalTwo};
}
+ // TODO: Add tearDown() to reset Proposal.sTransformDecoder and Transform.sAttributeDecoder.
+
@Test
public void testDecodeAttribute() throws Exception {
byte[] inputPacket = TestUtils.hexStringToByteArray(ATTRIBUTE_RAW_PACKET);
@@ -121,7 +182,7 @@ public final class IkeSaPayloadTest {
assertTrue(attribute instanceof KeyLengthAttribute);
assertEquals(Attribute.ATTRIBUTE_TYPE_KEY_LENGTH, attribute.type);
- assertEquals(KEY_LEN, ((KeyLengthAttribute) attribute).keyLength);
+ assertEquals(SaProposal.KEY_LEN_AES_128, ((KeyLengthAttribute) attribute).keyLength);
}
@Test
@@ -385,37 +446,47 @@ public final class IkeSaPayloadTest {
@Test
public void testTransformEquals() throws Exception {
- EncryptionTransform mEncrAesGcm8Key128TransformLeft =
- new EncryptionTransform(
- SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, SaProposal.KEY_LEN_AES_128);
- EncryptionTransform mEncrAesGcm8Key128TransformRight =
+ EncryptionTransform mEncrAesGcm8Key128TransformOther =
new EncryptionTransform(
SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, SaProposal.KEY_LEN_AES_128);
- assertEquals(mEncrAesGcm8Key128TransformLeft, mEncrAesGcm8Key128TransformRight);
+ assertEquals(mEncrAesGcm8Key128Transform, mEncrAesGcm8Key128TransformOther);
- EncryptionTransform mEncrAesGcm8Key192TransformLeft =
+ EncryptionTransform mEncrAesGcm8Key192Transform =
new EncryptionTransform(
SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, SaProposal.KEY_LEN_AES_192);
- assertNotEquals(mEncrAesGcm8Key128TransformLeft, mEncrAesGcm8Key192TransformLeft);
+ assertNotEquals(mEncrAesGcm8Key128Transform, mEncrAesGcm8Key192Transform);
- IntegrityTransform mIntegHmacSha1TransformLeft =
- new IntegrityTransform(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96);
- IntegrityTransform mIntegHmacSha1TransformRight =
+ IntegrityTransform mIntegHmacSha1TransformOther =
new IntegrityTransform(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96);
- assertNotEquals(mEncrAesGcm8Key128TransformLeft, mIntegHmacSha1TransformLeft);
- assertEquals(mIntegHmacSha1TransformLeft, mIntegHmacSha1TransformRight);
+ assertNotEquals(mEncrAesGcm8Key128Transform, mIntegHmacSha1Transform);
+ assertEquals(mIntegHmacSha1Transform, mIntegHmacSha1TransformOther);
+ }
+
+ private TransformDecoder getDummyTransformDecoder(Transform[] decodedTransforms) {
+ return new TransformDecoder() {
+ @Override
+ public Transform[] decodeTransforms(int count, ByteBuffer inputBuffer)
+ throws IkeException {
+ for (int i = 0; i < count; i++) {
+ // Read length field and move position
+ inputBuffer.getShort();
+ int length = Short.toUnsignedInt(inputBuffer.getShort());
+ byte[] temp = new byte[length - 4];
+ inputBuffer.get(temp);
+ }
+ return decodedTransforms;
+ }
+ };
}
@Test
public void testDecodeSingleProposal() throws Exception {
byte[] inputPacket = TestUtils.hexStringToByteArray(PROPOSAL_RAW_PACKET);
ByteBuffer inputBuffer = ByteBuffer.wrap(inputPacket);
- TransformDecoder mockedDecoder = mock(TransformDecoder.class);
- when(mockedDecoder.decodeTransforms(anyInt(), any())).thenReturn(new Transform[0]);
- Proposal.sTransformDecoder = mockedDecoder;
+ Proposal.sTransformDecoder = getDummyTransformDecoder(new Transform[0]);
Proposal proposal = Proposal.readFrom(inputBuffer);
@@ -423,29 +494,16 @@ public final class IkeSaPayloadTest {
assertEquals(PROPOSAL_PROTOCOL_ID, proposal.protocolId);
assertEquals(PROPOSAL_SPI_SIZE, proposal.spiSize);
assertEquals(PROPOSAL_SPI, proposal.spi);
- assertEquals(0, proposal.transformArray.length);
+ assertFalse(proposal.hasUnrecognizedTransform);
+ assertNotNull(proposal.saProposal);
}
@Test
- public void testDecodeMultipleProposal() throws Exception {
+ public void testDecodeSaRequestWithMultipleProposal() throws Exception {
byte[] inputPacket = TestUtils.hexStringToByteArray(TWO_PROPOSAL_RAW_PACKET);
- Proposal.sTransformDecoder =
- new TransformDecoder() {
- @Override
- public Transform[] decodeTransforms(int count, ByteBuffer inputBuffer)
- throws IkeException {
- for (int i = 0; i < count; i++) {
- // Read length field and move position
- inputBuffer.getShort();
- int length = Short.toUnsignedInt(inputBuffer.getShort());
- byte[] temp = new byte[length - 4];
- inputBuffer.get(temp);
- }
- return new Transform[0];
- }
- };
+ Proposal.sTransformDecoder = getDummyTransformDecoder(new Transform[0]);
- IkeSaPayload payload = new IkeSaPayload(false, inputPacket);
+ IkeSaPayload payload = new IkeSaPayload(false, false, inputPacket);
assertEquals(PROPOSAL_NUMBER_LIST.length, payload.proposalList.size());
for (int i = 0; i < payload.proposalList.size(); i++) {
@@ -455,4 +513,144 @@ public final class IkeSaPayloadTest {
assertEquals(0, proposal.spiSize);
}
}
+
+ @Test
+ public void testDecodeSaResponseWithMultipleProposal() throws Exception {
+ byte[] inputPacket = TestUtils.hexStringToByteArray(TWO_PROPOSAL_RAW_PACKET);
+ Proposal.sTransformDecoder = getDummyTransformDecoder(new Transform[0]);
+
+ try {
+ new IkeSaPayload(false, true, inputPacket);
+ fail("Expected to fail due to more than one proposal in response SA payload.");
+ } catch (InvalidSyntaxException expected) {
+
+ }
+ }
+
+ @Test
+ public void testBuildIkeSaResponsePayload() throws Exception {
+ final long ikeSpi = new Random().nextLong();
+ final SaProposal[] saProposals = new SaProposal[] {mSaProposalOne};
+ IkeSaPayload saPayload =
+ new IkeSaPayload(
+ true, true, IkePayload.SPI_LEN_IKE, new long[] {ikeSpi}, saProposals);
+
+ assertTrue(saPayload.isSaResponse);
+ assertEquals(saProposals.length, saPayload.proposalList.size());
+
+ Proposal proposal = saPayload.proposalList.get(0);
+ assertEquals(IkePayload.PROTOCOL_ID_IKE, proposal.protocolId);
+ assertEquals(IkePayload.SPI_LEN_IKE, proposal.spiSize);
+ assertEquals(ikeSpi, proposal.spi);
+ assertEquals(mSaProposalOne, proposal.saProposal);
+ }
+
+ @Test
+ public void testBuildInitialIkeSaRequestPayload() throws Exception {
+ IkeSaPayload saPayload = new IkeSaPayload(mTwoSaProposalsArray);
+
+ assertFalse(saPayload.isSaResponse);
+ assertEquals(PROPOSAL_NUMBER_LIST.length, saPayload.proposalList.size());
+
+ for (int i = 0; i < saPayload.proposalList.size(); i++) {
+ Proposal proposal = saPayload.proposalList.get(i);
+ assertEquals(PROPOSAL_NUMBER_LIST[i], proposal.number);
+ assertEquals(IkePayload.PROTOCOL_ID_IKE, proposal.protocolId);
+ assertEquals(IkePayload.SPI_LEN_NOT_INCLUDED, proposal.spiSize);
+ assertEquals(mTwoSaProposalsArray[i], proposal.saProposal);
+ }
+ }
+
+ private void buildAndVerifySaRespProposal(byte[] saResponseBytes, Transform[] decodedTransforms)
+ throws Exception {
+ // Build response SA payload from decoding bytes.
+ Proposal.sTransformDecoder = getDummyTransformDecoder(decodedTransforms);
+ IkeSaPayload respPayload = new IkeSaPayload(false, true, saResponseBytes);
+
+ // Build request SA payload from SaProposal.
+ IkeSaPayload reqPayload = new IkeSaPayload(mTwoSaProposalsArray);
+
+ SaProposal saProposal = respPayload.getVerifiedNegotiatedProposal(reqPayload);
+
+ assertEquals(respPayload.proposalList.get(0).saProposal, saProposal);
+ }
+
+ @Test
+ public void testGetVerifiedNegotiatedProposal() throws Exception {
+ byte[] inputPacket = TestUtils.hexStringToByteArray(PROPOSAL_RAW_PACKET);
+
+ buildAndVerifySaRespProposal(inputPacket, mValidNegotiatedTransformSet);
+ }
+
+ // Test throwing when negotiated proposal in SA response payload has unrecognized Transform.
+ @Test
+ public void testGetVerifiedNegotiatedProposalWithUnrecogTransform() throws Exception {
+ byte[] inputPacket = TestUtils.hexStringToByteArray(PROPOSAL_RAW_PACKET);
+
+ Transform[] negotiatedTransformSet =
+ Arrays.copyOfRange(
+ mValidNegotiatedTransformSet, 0, mValidNegotiatedTransformSet.length);
+ negotiatedTransformSet[0] = new UnrecognizedTransform(-1, 1, new LinkedList<>());
+
+ try {
+ buildAndVerifySaRespProposal(inputPacket, negotiatedTransformSet);
+ fail("Expected to fail because negotiated proposal has unrecognized Transform.");
+ } catch (NoValidProposalChosenException expected) {
+ }
+ }
+
+ // Test throwing when negotiated proposal has invalid proposal number.
+ @Test
+ public void testGetVerifiedNegotiatedProposalWithInvalidNumber() throws Exception {
+ byte[] inputPacket = TestUtils.hexStringToByteArray(PROPOSAL_RAW_PACKET);
+ inputPacket[PROPOSAL_NUMBER_OFFSET] = (byte) 10;
+
+ try {
+ buildAndVerifySaRespProposal(inputPacket, mValidNegotiatedTransformSet);
+ fail("Expected to fail due to invalid proposal number.");
+ } catch (NoValidProposalChosenException expected) {
+ }
+ }
+
+ // Test throwing when negotiated proposal has mismatched protocol ID.
+ @Test
+ public void testGetVerifiedNegotiatedProposalWithMisMatchedProtocol() throws Exception {
+ byte[] inputPacket = TestUtils.hexStringToByteArray(PROPOSAL_RAW_PACKET);
+ inputPacket[PROTOCOL_ID_OFFSET] = IkePayload.PROTOCOL_ID_ESP;
+
+ try {
+ buildAndVerifySaRespProposal(inputPacket, mValidNegotiatedTransformSet);
+ fail("Expected to fail due to mismatched protocol ID.");
+ } catch (NoValidProposalChosenException expected) {
+ }
+ }
+
+ // Test throwing when negotiated proposal has Transform that was not proposed in request.
+ @Test
+ public void testGetVerifiedNegotiatedProposalWithMismatchedTransform() throws Exception {
+ byte[] inputPacket = TestUtils.hexStringToByteArray(PROPOSAL_RAW_PACKET);
+
+ Transform[] negotiatedTransformSet =
+ Arrays.copyOfRange(
+ mValidNegotiatedTransformSet, 0, mValidNegotiatedTransformSet.length);
+ negotiatedTransformSet[0] = mEncrAesGcm8Key128Transform;
+
+ try {
+ buildAndVerifySaRespProposal(inputPacket, negotiatedTransformSet);
+ fail("Expected to fail due to mismatched Transform.");
+ } catch (NoValidProposalChosenException expected) {
+ }
+ }
+
+ // Test throwing when negotiated proposal is lack of a certain type Transform.
+ @Test
+ public void testGetVerifiedNegotiatedProposalWithoutTransform() throws Exception {
+ byte[] inputPacket = TestUtils.hexStringToByteArray(PROPOSAL_RAW_PACKET);
+
+ try {
+ buildAndVerifySaRespProposal(inputPacket, new Transform[0]);
+ fail("Expected to fail due to absence of Transform.");
+ } catch (NoValidProposalChosenException expected) {
+ }
+ }
}
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeTsPayloadTest.java b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeTsPayloadTest.java
index f1c8b6e6..67f394f4 100644
--- a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeTsPayloadTest.java
+++ b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeTsPayloadTest.java
@@ -34,7 +34,8 @@ public final class IkeTsPayloadTest {
ByteBuffer.wrap(TestUtils.hexStringToByteArray(TS_INITIATOR_PAYLOAD_HEX_STRING));
IkePayload payload =
- IkePayloadFactory.getIkePayload(IkePayload.PAYLOAD_TYPE_TS_INITIATOR, inputBuffer)
+ IkePayloadFactory.getIkePayload(
+ IkePayload.PAYLOAD_TYPE_TS_INITIATOR, false, inputBuffer)
.first;
assertTrue(payload instanceof IkeTsPayload);
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/message/TestUtils.java b/tests/iketests/src/java/com/android/ike/ikev2/message/TestUtils.java
index ac3d5018..1fcdac06 100644
--- a/tests/iketests/src/java/com/android/ike/ikev2/message/TestUtils.java
+++ b/tests/iketests/src/java/com/android/ike/ikev2/message/TestUtils.java
@@ -41,11 +41,12 @@ public final class TestUtils {
}
public static IkePayload hexStringToIkePayload(
- @IkePayload.PayloadType int payloadType, String payloadHexString) throws IkeException {
+ @IkePayload.PayloadType int payloadType, boolean isResp, String payloadHexString)
+ throws IkeException {
byte[] payloadBytes = hexStringToByteArray(payloadHexString);
// Returned Pair consists of the IkePayload and the following IkePayload's type.
Pair<IkePayload, Integer> pair =
- IkePayloadFactory.getIkePayload(payloadType, ByteBuffer.wrap(payloadBytes));
+ IkePayloadFactory.getIkePayload(payloadType, isResp, ByteBuffer.wrap(payloadBytes));
return pair.first;
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 09:59:49 +0000