diff options
author | evitayan <evitayan@google.com> | 2019-06-11 19:34:19 -0700 |
---|---|---|
committer | evitayan <evitayan@google.com> | 2019-06-17 19:52:54 -0700 |
commit | 1ca34d5653057b588aaacf240c6f6f8349585836 (patch) | |
tree | 7b3e1316116ec007364442918fbee7858f4bae0c /tests | |
parent | 73d4baae63e42eb3085ae873229f9052c81cb72a (diff) | |
download | ike-1ca34d5653057b588aaacf240c6f6f8349585836.tar.gz |
Remove DH Transform for first Child
This commit allows users to propose DH Group for
first Child SA negotiation. DH Group negotiation will
not be done during initial creation but will be done
during rekey
Bug: 134625950
Test: atest FrameworksIkeTests
Change-Id: I24f8fe40c2b5d2056331b7a1ff7a041708daa3d9
Diffstat (limited to 'tests')
6 files changed, 27 insertions, 47 deletions
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionOptionsTest.java b/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionOptionsTest.java index 3e8d3555..fab0e54a 100644 --- a/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionOptionsTest.java +++ b/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionOptionsTest.java @@ -30,7 +30,7 @@ public final class ChildSessionOptionsTest { @Test public void testBuild() throws Exception { SaProposal saProposal = - SaProposal.Builder.newChildSaProposalBuilder(true /*isFirstChildSaProposal*/) + SaProposal.Builder.newChildSaProposalBuilder() .addEncryptionAlgorithm( SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12, SaProposal.KEY_LEN_AES_128) diff --git a/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionStateMachineTest.java b/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionStateMachineTest.java index a2ea7f1c..b20a6ebb 100644 --- a/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionStateMachineTest.java +++ b/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionStateMachineTest.java @@ -181,7 +181,7 @@ public final class ChildSessionStateMachineTest { private ChildSessionOptions buildChildSessionOptions() throws Exception { SaProposal saProposal = - SaProposal.Builder.newChildSaProposalBuilder(true /*isFirstChildSaProposal*/) + SaProposal.Builder.newChildSaProposalBuilder() .addEncryptionAlgorithm( SaProposal.ENCRYPTION_ALGORITHM_AES_CBC, SaProposal.KEY_LEN_AES_128) .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) diff --git a/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionOptionsTest.java b/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionOptionsTest.java index 10e34f9e..e2ab75e7 100644 --- a/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionOptionsTest.java +++ b/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionOptionsTest.java @@ -144,7 +144,7 @@ public final class IkeSessionOptionsTest { @Test public void testBuildWithChildSaProposal() throws Exception { SaProposal saProposal = - SaProposal.Builder.newChildSaProposalBuilder(true) + SaProposal.Builder.newChildSaProposalBuilder() .addEncryptionAlgorithm( SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, SaProposal.KEY_LEN_AES_128) diff --git a/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionStateMachineTest.java b/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionStateMachineTest.java index 7a408290..ba41a08f 100644 --- a/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionStateMachineTest.java +++ b/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionStateMachineTest.java @@ -450,7 +450,7 @@ public final class IkeSessionStateMachineTest { private ChildSessionOptions buildChildSessionOptions() throws Exception { SaProposal saProposal = - SaProposal.Builder.newChildSaProposalBuilder(true /*isFirstChildSaProposal*/) + SaProposal.Builder.newChildSaProposalBuilder() .addEncryptionAlgorithm( SaProposal.ENCRYPTION_ALGORITHM_AES_CBC, SaProposal.KEY_LEN_AES_128) .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) diff --git a/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java b/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java index 7f40d729..1f841a48 100644 --- a/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java +++ b/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java @@ -102,46 +102,44 @@ public final class SaProposalTest { } @Test - public void testBuildFirstChildSaProposalWithCombinedCipher() throws Exception { - Builder builder = Builder.newChildSaProposalBuilder(true); + public void testBuildChildSaProposalWithNormalCipher() throws Exception { + Builder builder = Builder.newChildSaProposalBuilder(); + SaProposal proposal = - builder.addEncryptionAlgorithm( - SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, - SaProposal.KEY_LEN_AES_128) + builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE) + .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) .build(); assertEquals(IkePayload.PROTOCOL_ID_ESP, proposal.getProtocolId()); assertArrayEquals( - new EncryptionTransform[] {mEncryptionAesGcm8Transform}, + new EncryptionTransform[] {mEncryption3DesTransform}, proposal.getEncryptionTransforms()); assertArrayEquals( new IntegrityTransform[] {mIntegrityNoneTransform}, proposal.getIntegrityTransforms()); + assertArrayEquals( + new DhGroupTransform[] {mDhGroup1024Transform}, proposal.getDhGroupTransforms()); assertTrue(proposal.getPrfTransforms().length == 0); - assertTrue(proposal.getDhGroupTransforms().length == 0); } @Test - public void testBuildAdditionalChildSaProposalWithNormalCipher() throws Exception { - Builder builder = Builder.newChildSaProposalBuilder(false); - + public void testGetCopyWithoutDhGroup() throws Exception { SaProposal proposal = - builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) + Builder.newChildSaProposalBuilder() + .addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE) .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) .build(); + SaProposal proposalWithoutDh = proposal.getCopyWithoutDhTransform(); - assertEquals(IkePayload.PROTOCOL_ID_ESP, proposal.getProtocolId()); assertArrayEquals( - new EncryptionTransform[] {mEncryption3DesTransform}, - proposal.getEncryptionTransforms()); - assertArrayEquals( - new IntegrityTransform[] {mIntegrityNoneTransform}, - proposal.getIntegrityTransforms()); + proposal.getEncryptionTransforms(), proposalWithoutDh.getEncryptionTransforms()); assertArrayEquals( - new DhGroupTransform[] {mDhGroup1024Transform}, proposal.getDhGroupTransforms()); - assertTrue(proposal.getPrfTransforms().length == 0); + proposal.getIntegrityTransforms(), proposalWithoutDh.getIntegrityTransforms()); + assertArrayEquals(proposal.getPrfTransforms(), proposalWithoutDh.getPrfTransforms()); + assertTrue(proposal.getDhGroupTransforms().length == 1); + assertTrue(proposalWithoutDh.getDhGroupTransforms().length == 0); } @Test @@ -193,7 +191,7 @@ public final class SaProposalTest { @Test public void testBuildChildProposalWithPrf() throws Exception { - Builder builder = Builder.newChildSaProposalBuilder(false); + Builder builder = Builder.newChildSaProposalBuilder(); try { builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1) @@ -209,7 +207,7 @@ public final class SaProposalTest { // algorithm. @Test public void testBuildAeadWithIntegrityAlgo() throws Exception { - Builder builder = Builder.newChildSaProposalBuilder(false); + Builder builder = Builder.newChildSaProposalBuilder(); try { builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12) .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE) @@ -226,7 +224,7 @@ public final class SaProposalTest { // integrity algorithm. @Test public void testBuildIkeProposalNormalCipherWithoutIntegrityAlgo() throws Exception { - Builder builder = Builder.newChildSaProposalBuilder(false); + Builder builder = Builder.newChildSaProposalBuilder(); try { builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1) @@ -244,7 +242,7 @@ public final class SaProposalTest { // integrity algorithm. @Test public void testBuildIkeProposalNormalCipherWithNoneValueIntegrityAlgo() throws Exception { - Builder builder = Builder.newChildSaProposalBuilder(false); + Builder builder = Builder.newChildSaProposalBuilder(); try { builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1) @@ -292,24 +290,6 @@ public final class SaProposalTest { } } - // Test throwing exception when building first Child SA Proposal with not-none-value DH Group. - @Test - public void testBuildFirstChildProposalWithNotNoneValueDhGroup() throws Exception { - Builder builder = Builder.newChildSaProposalBuilder(true); - try { - builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) - .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) - .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) - .build(); - - fail( - "Expected to fail when" - + " not-none-value DH Group is proposed in first Child SA proposal."); - } catch (IllegalArgumentException expected) { - - } - } - @Test public void testIsTransformSelectedFrom() throws Exception { assertTrue(SaProposal.isTransformSelectedFrom(new Transform[0], new Transform[0])); diff --git a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java index 24cc11a3..fae4cd23 100644 --- a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java +++ b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java @@ -207,13 +207,13 @@ public final class IkeSaPayloadTest { mTwoIkeSaProposalsArray = new SaProposal[] {mIkeSaProposalOne, mIkeSaProposalTwo}; mChildSaProposalOne = - SaProposal.Builder.newChildSaProposalBuilder(true /*isFirstChildSaProposal*/) + SaProposal.Builder.newChildSaProposalBuilder() .addEncryptionAlgorithm( SaProposal.ENCRYPTION_ALGORITHM_AES_CBC, SaProposal.KEY_LEN_AES_128) .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) .build(); mChildSaProposalTwo = - SaProposal.Builder.newChildSaProposalBuilder(true /*isFirstChildSaProposal*/) + SaProposal.Builder.newChildSaProposalBuilder() .addEncryptionAlgorithm( SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, SaProposal.KEY_LEN_AES_128) |