diff options
author | Cody Kesting <ckesting@google.com> | 2019-10-01 18:22:35 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2019-10-01 18:22:35 +0000 |
commit | 544fff489e16f6f92d936adacb99f3f02a0f525e (patch) | |
tree | 177485e3a926994b1ff01eb892ea1522cec229b2 /tests/iketests | |
parent | 0324795e23cc145fd2f899fd073c3b372bad5c64 (diff) | |
parent | 95fac7a530d1b0d1037ab72dace01d6cde175388 (diff) | |
download | ike-544fff489e16f6f92d936adacb99f3f02a0f525e.tar.gz |
Merge "Implement EAP MSCHAPv2 end-to-end test."
Diffstat (limited to 'tests/iketests')
-rw-r--r-- | tests/iketests/src/java/com/android/ike/eap/EapMsChapV2Test.java | 194 |
1 files changed, 194 insertions, 0 deletions
diff --git a/tests/iketests/src/java/com/android/ike/eap/EapMsChapV2Test.java b/tests/iketests/src/java/com/android/ike/eap/EapMsChapV2Test.java new file mode 100644 index 00000000..f3757298 --- /dev/null +++ b/tests/iketests/src/java/com/android/ike/eap/EapMsChapV2Test.java @@ -0,0 +1,194 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.ike.eap; + +import static com.android.ike.TestUtils.hexStringToByteArray; +import static com.android.ike.eap.message.EapTestMessageDefinitions.EAP_FAILURE_PACKET; +import static com.android.ike.eap.message.EapTestMessageDefinitions.EAP_REQUEST_AKA_IDENTITY_PACKET; +import static com.android.ike.eap.message.EapTestMessageDefinitions.EAP_SUCCESS; + +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.eq; +import static org.mockito.Mockito.doAnswer; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.verifyNoMoreInteractions; + +import com.android.ike.eap.statemachine.EapStateMachine; + +import org.junit.Before; +import org.junit.Test; + +public class EapMsChapV2Test extends EapMethodEndToEndTest { + private static final long AUTHENTICATOR_TIMEOUT_MILLIS = 250L; + + private static final String USERNAME = "User"; + private static final String PASSWORD = "clientPass"; + + private static final byte[] PEER_CHALLENGE = + hexStringToByteArray("21402324255E262A28295F2B3A337C7E"); + private static final byte[] MSK = + hexStringToByteArray( + "D5F0E9521E3EA9589645E86051C822268B7CDC149B993A1BA118CB153F56DCCB"); + + // Server-Name = hex("authenticator@android.net") + private static final byte[] EAP_MSCHAP_V2_CHALLENGE_REQUEST = + hexStringToByteArray("01110033" // EAP-Request | ID | length in bytes + + "1A0142" // EAP-MSCHAPv2 | Request | MSCHAPv2 ID + + "002E10" // MS length | Value Size (0x10) + + "5B5D7C7D7B3F2F3E3C2C602132262628" // Authenticator-Challenge + + "61757468656E74696361746F7240616E64726F69642E6E6574"); // Server-Name + private static final byte[] EAP_MSCHAP_V2_CHALLENGE_RESPONSE = + hexStringToByteArray("0211003F" // EAP-Response | ID | length in bytes + + "1A0242" // EAP-MSCHAPv2 | Response | MSCHAPv2 ID + + "003A31" // MS length | Value Size (0x31) + + "21402324255E262A28295F2B3A337C7E" // Peer-Challenge + + "0000000000000000" // 8B (reserved) + + "82309ECD8D708B5EA08FAA3981CD83544233114A3D85D6DF" // NT-Response + + "00" // Flags + + "55736572"); // hex(USERNAME) + private static final byte[] EAP_MSCHAP_V2_SUCCESS_REQUEST = + hexStringToByteArray("01120047" // EAP-Request | ID | length in bytes + + "1A03420042" // EAP-MSCHAPv2 | Success | MSCHAPv2 ID | MS length + + "533D" // hex("S=") + + "3430374135353839313135464430443632303946" + + "3531304645394330343536363933324344413536" // hex("<auth_string>") + + "204D3D" // hex(" M=") + + "7465737420416E64726F69642031323334"); // hex("test Android 1234") + private static final byte[] EAP_MSCHAP_V2_SUCCESS_RESPONSE = + hexStringToByteArray("02120006" // EAP-Response | ID | length in bytes + + "1A03"); // EAP-MSCHAPv2 | Success + private static final byte[] EAP_MSCHAP_V2_FAILURE_REQUEST = + hexStringToByteArray("01130049" // EAP-Request | ID | length in bytes + + "1A04420044" // EAP-MSCHAPv2 | Failure | MSCHAPv2 ID | MS length + + "453D363437" // hex("E=647") + + "20523D31" // hex(" R=1") + + "20433D" // hex(" C=") + + "30303031303230333034303530363037" + + "30383039304130423043304430453046" // hex("<authenticator challenge>") + + "20563D33" // hex(" V=3") + + "204D3D" // hex(" M=") + + "7465737420416E64726F69642031323334"); // hex("test Android 1234") + private static final byte[] EAP_MSCHAP_V2_FAILURE_RESPONSE = + hexStringToByteArray("02130006" // EAP-Response | ID | length in bytes + + "1A04"); // EAP-MSCHAPv2 | Failure + + private static final byte[] EAP_RESPONSE_NAK_PACKET = hexStringToByteArray("02100006031A"); + + @Before + @Override + public void setUp() { + super.setUp(); + + mEapSessionConfig = + new EapSessionConfig.Builder().setEapMsChapV2Config(USERNAME, PASSWORD).build(); + mEapAuthenticator = + new EapAuthenticator( + mTestLooper.getLooper(), + mMockCallback, + new EapStateMachine(mMockContext, mEapSessionConfig, mMockSecureRandom), + (runnable) -> runnable.run(), + AUTHENTICATOR_TIMEOUT_MILLIS); + } + + @Test + public void testEapMsChapV2EndToEndSuccess() { + verifyEapMsChapV2Challenge(); + verifyEapMsChapV2SuccessRequest(); + verifyEapSuccess(); + } + + @Test + public void testEapMsChapV2EndToEndFailure() { + verifyEapMsChapV2Challenge(); + verifyEapMsChapV2FailureRequest(); + verifyEapFailure(); + } + + @Test + public void testEapMsChapV2UnsupportedType() { + mEapAuthenticator.processEapMessage(EAP_REQUEST_AKA_IDENTITY_PACKET); + mTestLooper.dispatchAll(); + + // verify EAP-Response/Nak returned + verify(mMockCallback).onResponse(eq(EAP_RESPONSE_NAK_PACKET)); + verifyNoMoreInteractions(mMockCallback); + + verifyEapMsChapV2Challenge(); + verifyEapMsChapV2SuccessRequest(); + verifyEapSuccess(); + } + + @Test + public void verifyEapMsChapV2WithEapNotifications() { + verifyEapNotification(1); + + verifyEapMsChapV2Challenge(); + verifyEapNotification(2); + + verifyEapMsChapV2SuccessRequest(); + verifyEapNotification(3); + + verifyEapSuccess(); + } + + private void verifyEapMsChapV2Challenge() { + doAnswer(invocation -> { + byte[] dst = invocation.getArgument(0); + System.arraycopy(PEER_CHALLENGE, 0, dst, 0, PEER_CHALLENGE.length); + return null; + }).when(mMockSecureRandom).nextBytes(eq(new byte[PEER_CHALLENGE.length])); + + mEapAuthenticator.processEapMessage(EAP_MSCHAP_V2_CHALLENGE_REQUEST); + mTestLooper.dispatchAll(); + + verify(mMockCallback).onResponse(eq(EAP_MSCHAP_V2_CHALLENGE_RESPONSE)); + verify(mMockSecureRandom).nextBytes(any(byte[].class)); + verifyNoMoreInteractions(mMockCallback); + } + + private void verifyEapMsChapV2SuccessRequest() { + mEapAuthenticator.processEapMessage(EAP_MSCHAP_V2_SUCCESS_REQUEST); + mTestLooper.dispatchAll(); + + verify(mMockCallback).onResponse(eq(EAP_MSCHAP_V2_SUCCESS_RESPONSE)); + verifyNoMoreInteractions(mMockCallback); + } + + private void verifyEapSuccess() { + mEapAuthenticator.processEapMessage(EAP_SUCCESS); + mTestLooper.dispatchAll(); + + verify(mMockCallback).onSuccess(eq(MSK), eq(new byte[0])); + verifyNoMoreInteractions(mMockCallback); + } + + private void verifyEapMsChapV2FailureRequest() { + mEapAuthenticator.processEapMessage(EAP_MSCHAP_V2_FAILURE_REQUEST); + mTestLooper.dispatchAll(); + + verify(mMockCallback).onResponse(eq(EAP_MSCHAP_V2_FAILURE_RESPONSE)); + verifyNoMoreInteractions(mMockCallback); + } + + private void verifyEapFailure() { + mEapAuthenticator.processEapMessage(EAP_FAILURE_PACKET); + mTestLooper.dispatchAll(); + + verify(mMockCallback).onFail(); + verifyNoMoreInteractions(mMockCallback); + } +} |