diff options
author | Cody Kesting <ckesting@google.com> | 2019-09-24 18:26:34 -0700 |
---|---|---|
committer | Cody Kesting <ckesting@google.com> | 2019-09-30 10:23:50 -0700 |
commit | 8871435e14ffab4516cf2b17252c11d7374f0dd3 (patch) | |
tree | 210a8c8759a50f04305fbe58e82906d5d3154416 /tests/iketests | |
parent | 69c4b535ea1fcd7bc41e6c3af0b9b49ba36f1d1a (diff) | |
download | ike-8871435e14ffab4516cf2b17252c11d7374f0dd3.tar.gz |
Implement MSK generation for EAP MSCHAPv2.
AwaitingEapSuccessState will return an EapSuccess object when an
EAP-Success message is received. However, this requires generating the
MSK for the current session first. Utils are defined for generating the
MSK as defined in RFC 3079. Only 128-bit (16B) keys are generated with
this implementation.
Bug: 141483998
Test: added tests for EapMsChapV2MethodStateMachineTest.
Test: atest FrameworksIkeTests
Change-Id: Ia472cc7260bb270ab5c5069c309b8cac89b2d719
Diffstat (limited to 'tests/iketests')
2 files changed, 50 insertions, 1 deletions
diff --git a/tests/iketests/src/java/com/android/ike/eap/message/EapTestMessageDefinitions.java b/tests/iketests/src/java/com/android/ike/eap/message/EapTestMessageDefinitions.java index a2a811a8..50e88a8f 100644 --- a/tests/iketests/src/java/com/android/ike/eap/message/EapTestMessageDefinitions.java +++ b/tests/iketests/src/java/com/android/ike/eap/message/EapTestMessageDefinitions.java @@ -236,7 +236,7 @@ public class EapTestMessageDefinitions { public static final byte[] EAP_REQUEST_MSCHAP_V2 = hexStringToByteArray("01" + ID + "00061A01"); - // MSCHAPv2 Test vectors taken from RFC 2759#9.2 + // MSCHAPv2 Test vectors taken from RFC 2759#9.2 and RFC 3079#3.5.3 public static final String MSCHAP_V2_USERNAME = "User"; public static final String MSCHAP_V2_USERNAME_HEX = "55736572"; public static final byte[] MSCHAP_V2_USERNAME_ASCII_BYTES = @@ -262,6 +262,20 @@ public class EapTestMessageDefinitions { hexStringToByteArray(MSCHAP_V2_NT_RESPONSE_STRING); public static final byte[] MSCHAP_V2_AUTHENTICATOR_RESPONSE = hexStringToByteArray("407A5589115FD0D6209F510FE9C04566932CDA56"); + public static final byte[] MSCHAP_V2_MASTER_KEY = + hexStringToByteArray("FDECE3717A8C838CB388E527AE3CDD31"); + + // generated based on RFC 3079#3.5.3 params + public static final String SEND_KEY = "D5F0E9521E3EA9589645E86051C82226"; + public static final byte[] MSCHAP_V2_SEND_START_KEY = hexStringToByteArray(SEND_KEY); + + // This value is labeled 'send key' in RFC 3079#3.5.3. However, it's used as 'receive key' here, + // because send and receive keys are swapped for peers relative to authenticators. + public static final String RECEIVE_KEY = "8B7CDC149B993A1BA118CB153F56DCCB"; + public static final byte[] MSCHAP_V2_RECEIVE_START_KEY = hexStringToByteArray(RECEIVE_KEY); + + // MSK: MSCHAP_V2_SEND_START_KEY + MSCHAP_V2_RECEIVE_START_KEY + public static final byte[] MSCHAP_V2_MSK = hexStringToByteArray(SEND_KEY + RECEIVE_KEY); public static final String MSCHAP_V2_ID = "42"; public static final int MSCHAP_V2_ID_INT = Integer.parseInt(MSCHAP_V2_ID, 16 /* radix */); diff --git a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapMsChapV2MethodStateMachineTest.java b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapMsChapV2MethodStateMachineTest.java index f671a423..4d57e43d 100644 --- a/tests/iketests/src/java/com/android/ike/eap/statemachine/EapMsChapV2MethodStateMachineTest.java +++ b/tests/iketests/src/java/com/android/ike/eap/statemachine/EapMsChapV2MethodStateMachineTest.java @@ -20,12 +20,16 @@ import static com.android.ike.eap.message.EapData.EAP_TYPE_MSCHAP_V2; import static com.android.ike.eap.message.EapTestMessageDefinitions.MSCHAP_V2_AUTHENTICATOR_CHALLENGE; import static com.android.ike.eap.message.EapTestMessageDefinitions.MSCHAP_V2_AUTHENTICATOR_RESPONSE; import static com.android.ike.eap.message.EapTestMessageDefinitions.MSCHAP_V2_CHALLENGE; +import static com.android.ike.eap.message.EapTestMessageDefinitions.MSCHAP_V2_MASTER_KEY; +import static com.android.ike.eap.message.EapTestMessageDefinitions.MSCHAP_V2_MSK; import static com.android.ike.eap.message.EapTestMessageDefinitions.MSCHAP_V2_NT_RESPONSE; import static com.android.ike.eap.message.EapTestMessageDefinitions.MSCHAP_V2_PASSWORD; import static com.android.ike.eap.message.EapTestMessageDefinitions.MSCHAP_V2_PASSWORD_HASH; import static com.android.ike.eap.message.EapTestMessageDefinitions.MSCHAP_V2_PASSWORD_HASH_HASH; import static com.android.ike.eap.message.EapTestMessageDefinitions.MSCHAP_V2_PASSWORD_UTF_BYTES; import static com.android.ike.eap.message.EapTestMessageDefinitions.MSCHAP_V2_PEER_CHALLENGE; +import static com.android.ike.eap.message.EapTestMessageDefinitions.MSCHAP_V2_RECEIVE_START_KEY; +import static com.android.ike.eap.message.EapTestMessageDefinitions.MSCHAP_V2_SEND_START_KEY; import static com.android.ike.eap.message.EapTestMessageDefinitions.MSCHAP_V2_USERNAME; import static com.android.ike.eap.message.EapTestMessageDefinitions.MSCHAP_V2_USERNAME_ASCII_BYTES; @@ -35,6 +39,7 @@ import static org.junit.Assert.assertTrue; import com.android.ike.eap.EapSessionConfig.EapMsChapV2Config; import com.android.ike.eap.statemachine.EapMsChapV2MethodStateMachine.CreatedState; +import com.android.ike.utils.Log; import org.junit.Before; import org.junit.Test; @@ -143,4 +148,34 @@ public class EapMsChapV2MethodStateMachineTest { MSCHAP_V2_USERNAME, MSCHAP_V2_AUTHENTICATOR_RESPONSE)); } + + @Test + public void testGetMasterKey() throws Exception { + byte[] masterKey = + EapMsChapV2MethodStateMachine.getMasterKey( + MSCHAP_V2_PASSWORD_HASH_HASH, MSCHAP_V2_NT_RESPONSE); + assertArrayEquals(MSCHAP_V2_MASTER_KEY, masterKey); + } + + @Test + public void testGetAsymmetricStartKeySendKey() throws Exception { + byte[] startKey = + EapMsChapV2MethodStateMachine.getAsymmetricStartKey(MSCHAP_V2_MASTER_KEY, true); + assertArrayEquals(Log.byteArrayToHexString(startKey), MSCHAP_V2_SEND_START_KEY, startKey); + } + + @Test + public void testGetAsymmetricStartKeyReceiveKey() throws Exception { + byte[] receiveKey = + EapMsChapV2MethodStateMachine.getAsymmetricStartKey(MSCHAP_V2_MASTER_KEY, false); + assertArrayEquals(MSCHAP_V2_RECEIVE_START_KEY, receiveKey); + } + + @Test + public void testGenerateMsk() throws Exception { + byte[] msk = + EapMsChapV2MethodStateMachine.generateMsk( + MSCHAP_V2_PASSWORD, MSCHAP_V2_NT_RESPONSE); + assertArrayEquals(MSCHAP_V2_MSK, msk); + } } |