Merge "Implement EAP MSCHAPv2 end-to-end test."

author: Cody Kesting <ckesting@google.com> 2019-10-01 18:22:35 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> 2019-10-01 18:22:35 +0000
commit: 544fff489e16f6f92d936adacb99f3f02a0f525e (patch)
tree: 177485e3a926994b1ff01eb892ea1522cec229b2 /tests/iketests
parent: 0324795e23cc145fd2f899fd073c3b372bad5c64 (diff)
parent: 95fac7a530d1b0d1037ab72dace01d6cde175388 (diff)
download: ike-544fff489e16f6f92d936adacb99f3f02a0f525e.tar.gz
1 files changed, 194 insertions, 0 deletions
diff --git a/tests/iketests/src/java/com/android/ike/eap/EapMsChapV2Test.java b/tests/iketests/src/java/com/android/ike/eap/EapMsChapV2Test.java
new file mode 100644
index 00000000..f3757298
--- /dev/null
+++ b/tests/iketests/src/java/com/android/ike/eap/EapMsChapV2Test.java
@@ -0,0 +1,194 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.ike.eap;
+
+import static com.android.ike.TestUtils.hexStringToByteArray;
+import static com.android.ike.eap.message.EapTestMessageDefinitions.EAP_FAILURE_PACKET;
+import static com.android.ike.eap.message.EapTestMessageDefinitions.EAP_REQUEST_AKA_IDENTITY_PACKET;
+import static com.android.ike.eap.message.EapTestMessageDefinitions.EAP_SUCCESS;
+
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.doAnswer;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyNoMoreInteractions;
+
+import com.android.ike.eap.statemachine.EapStateMachine;
+
+import org.junit.Before;
+import org.junit.Test;
+
+public class EapMsChapV2Test extends EapMethodEndToEndTest {
+    private static final long AUTHENTICATOR_TIMEOUT_MILLIS = 250L;
+
+    private static final String USERNAME = "User";
+    private static final String PASSWORD = "clientPass";
+
+    private static final byte[] PEER_CHALLENGE =
+            hexStringToByteArray("21402324255E262A28295F2B3A337C7E");
+    private static final byte[] MSK =
+            hexStringToByteArray(
+                    "D5F0E9521E3EA9589645E86051C822268B7CDC149B993A1BA118CB153F56DCCB");
+
+    // Server-Name = hex("authenticator@android.net")
+    private static final byte[] EAP_MSCHAP_V2_CHALLENGE_REQUEST =
+            hexStringToByteArray("01110033" // EAP-Request | ID | length in bytes
+                    + "1A0142" // EAP-MSCHAPv2 | Request | MSCHAPv2 ID
+                    + "002E10" // MS length | Value Size (0x10)
+                    + "5B5D7C7D7B3F2F3E3C2C602132262628" // Authenticator-Challenge
+                    + "61757468656E74696361746F7240616E64726F69642E6E6574"); // Server-Name
+    private static final byte[] EAP_MSCHAP_V2_CHALLENGE_RESPONSE =
+            hexStringToByteArray("0211003F" // EAP-Response | ID | length in bytes
+                    + "1A0242" // EAP-MSCHAPv2 | Response | MSCHAPv2 ID
+                    + "003A31" // MS length | Value Size (0x31)
+                    + "21402324255E262A28295F2B3A337C7E" // Peer-Challenge
+                    + "0000000000000000" // 8B (reserved)
+                    + "82309ECD8D708B5EA08FAA3981CD83544233114A3D85D6DF" // NT-Response
+                    + "00" // Flags
+                    + "55736572"); // hex(USERNAME)
+    private static final byte[] EAP_MSCHAP_V2_SUCCESS_REQUEST =
+            hexStringToByteArray("01120047" // EAP-Request | ID | length in bytes
+                    + "1A03420042" // EAP-MSCHAPv2 | Success | MSCHAPv2 ID | MS length
+                    + "533D" // hex("S=")
+                    + "3430374135353839313135464430443632303946"
+                            + "3531304645394330343536363933324344413536" // hex("<auth_string>")
+                    + "204D3D" // hex(" M=")
+                            + "7465737420416E64726F69642031323334"); // hex("test Android 1234")
+    private static final byte[] EAP_MSCHAP_V2_SUCCESS_RESPONSE =
+            hexStringToByteArray("02120006" // EAP-Response | ID | length in bytes
+                    + "1A03"); // EAP-MSCHAPv2 | Success
+    private static final byte[] EAP_MSCHAP_V2_FAILURE_REQUEST =
+            hexStringToByteArray("01130049" // EAP-Request | ID | length in bytes
+                    + "1A04420044" // EAP-MSCHAPv2 | Failure | MSCHAPv2 ID | MS length
+                    + "453D363437" // hex("E=647")
+                    + "20523D31" // hex(" R=1")
+                    + "20433D" // hex(" C=")
+                            + "30303031303230333034303530363037"
+                            + "30383039304130423043304430453046" // hex("<authenticator challenge>")
+                    + "20563D33" // hex(" V=3")
+                    + "204D3D" // hex(" M=")
+                    + "7465737420416E64726F69642031323334"); // hex("test Android 1234")
+    private static final byte[] EAP_MSCHAP_V2_FAILURE_RESPONSE =
+            hexStringToByteArray("02130006" // EAP-Response | ID | length in bytes
+                    + "1A04"); // EAP-MSCHAPv2 | Failure
+
+    private static final byte[] EAP_RESPONSE_NAK_PACKET = hexStringToByteArray("02100006031A");
+
+    @Before
+    @Override
+    public void setUp() {
+        super.setUp();
+
+        mEapSessionConfig =
+                new EapSessionConfig.Builder().setEapMsChapV2Config(USERNAME, PASSWORD).build();
+        mEapAuthenticator =
+                new EapAuthenticator(
+                        mTestLooper.getLooper(),
+                        mMockCallback,
+                        new EapStateMachine(mMockContext, mEapSessionConfig, mMockSecureRandom),
+                        (runnable) -> runnable.run(),
+                        AUTHENTICATOR_TIMEOUT_MILLIS);
+    }
+
+    @Test
+    public void testEapMsChapV2EndToEndSuccess() {
+        verifyEapMsChapV2Challenge();
+        verifyEapMsChapV2SuccessRequest();
+        verifyEapSuccess();
+    }
+
+    @Test
+    public void testEapMsChapV2EndToEndFailure() {
+        verifyEapMsChapV2Challenge();
+        verifyEapMsChapV2FailureRequest();
+        verifyEapFailure();
+    }
+
+    @Test
+    public void testEapMsChapV2UnsupportedType() {
+        mEapAuthenticator.processEapMessage(EAP_REQUEST_AKA_IDENTITY_PACKET);
+        mTestLooper.dispatchAll();
+
+        // verify EAP-Response/Nak returned
+        verify(mMockCallback).onResponse(eq(EAP_RESPONSE_NAK_PACKET));
+        verifyNoMoreInteractions(mMockCallback);
+
+        verifyEapMsChapV2Challenge();
+        verifyEapMsChapV2SuccessRequest();
+        verifyEapSuccess();
+    }
+
+    @Test
+    public void verifyEapMsChapV2WithEapNotifications() {
+        verifyEapNotification(1);
+
+        verifyEapMsChapV2Challenge();
+        verifyEapNotification(2);
+
+        verifyEapMsChapV2SuccessRequest();
+        verifyEapNotification(3);
+
+        verifyEapSuccess();
+    }
+
+    private void verifyEapMsChapV2Challenge() {
+        doAnswer(invocation -> {
+            byte[] dst = invocation.getArgument(0);
+            System.arraycopy(PEER_CHALLENGE, 0, dst, 0, PEER_CHALLENGE.length);
+            return null;
+        }).when(mMockSecureRandom).nextBytes(eq(new byte[PEER_CHALLENGE.length]));
+
+        mEapAuthenticator.processEapMessage(EAP_MSCHAP_V2_CHALLENGE_REQUEST);
+        mTestLooper.dispatchAll();
+
+        verify(mMockCallback).onResponse(eq(EAP_MSCHAP_V2_CHALLENGE_RESPONSE));
+        verify(mMockSecureRandom).nextBytes(any(byte[].class));
+        verifyNoMoreInteractions(mMockCallback);
+    }
+
+    private void verifyEapMsChapV2SuccessRequest() {
+        mEapAuthenticator.processEapMessage(EAP_MSCHAP_V2_SUCCESS_REQUEST);
+        mTestLooper.dispatchAll();
+
+        verify(mMockCallback).onResponse(eq(EAP_MSCHAP_V2_SUCCESS_RESPONSE));
+        verifyNoMoreInteractions(mMockCallback);
+    }
+
+    private void verifyEapSuccess() {
+        mEapAuthenticator.processEapMessage(EAP_SUCCESS);
+        mTestLooper.dispatchAll();
+
+        verify(mMockCallback).onSuccess(eq(MSK), eq(new byte[0]));
+        verifyNoMoreInteractions(mMockCallback);
+    }
+
+    private void verifyEapMsChapV2FailureRequest() {
+        mEapAuthenticator.processEapMessage(EAP_MSCHAP_V2_FAILURE_REQUEST);
+        mTestLooper.dispatchAll();
+
+        verify(mMockCallback).onResponse(eq(EAP_MSCHAP_V2_FAILURE_RESPONSE));
+        verifyNoMoreInteractions(mMockCallback);
+    }
+
+    private void verifyEapFailure() {
+        mEapAuthenticator.processEapMessage(EAP_FAILURE_PACKET);
+        mTestLooper.dispatchAll();
+
+        verify(mMockCallback).onFail();
+        verifyNoMoreInteractions(mMockCallback);
+    }
+}
author	Cody Kesting <ckesting@google.com>	2019-10-01 18:22:35 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	2019-10-01 18:22:35 +0000
commit	544fff489e16f6f92d936adacb99f3f02a0f525e (patch)
tree	177485e3a926994b1ff01eb892ea1522cec229b2 /tests/iketests
parent	0324795e23cc145fd2f899fd073c3b372bad5c64 (diff)
parent	95fac7a530d1b0d1037ab72dace01d6cde175388 (diff)
download	ike-544fff489e16f6f92d936adacb99f3f02a0f525e.tar.gz