diff options
author | evitayan <evitayan@google.com> | 2019-02-20 15:26:23 -0800 |
---|---|---|
committer | evitayan <evitayan@google.com> | 2019-03-02 15:49:05 -0800 |
commit | 1d3f038662ceeb656554fc918d1fefcfb3a8cafb (patch) | |
tree | 021e21e84664af1008cdcf5505eaf7a7c8a6311d /tests | |
parent | 4b9c2d438a40149620846ad0a9df59be60865c49 (diff) | |
download | ike-1d3f038662ceeb656554fc918d1fefcfb3a8cafb.tar.gz |
Support building and validating SaProposalandroid-q-preview-1
This commit:
- Validate proposed PRF
- Validate proposed integrity algorithm
- Validate proposed DH Group
- Fix wrong use of Set.toArray
- Add test for equals method
Bug: 122690774
Test: FrameworksIkeTests SaProposalTest
Change-Id: I3450af9c171a06d668d9039069ae3edcce2f1c30
Diffstat (limited to 'tests')
-rw-r--r-- | tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java | 248 | ||||
-rw-r--r-- | tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java | 27 |
2 files changed, 272 insertions, 3 deletions
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java b/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java index 522d44bc..4b0656da 100644 --- a/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java +++ b/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java @@ -16,19 +16,129 @@ package com.android.ike.ikev2; +import static org.junit.Assert.assertArrayEquals; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; import com.android.ike.ikev2.SaProposal.Builder; +import com.android.ike.ikev2.message.IkePayload; +import com.android.ike.ikev2.message.IkeSaPayload.DhGroupTransform; +import com.android.ike.ikev2.message.IkeSaPayload.EncryptionTransform; +import com.android.ike.ikev2.message.IkeSaPayload.IntegrityTransform; +import com.android.ike.ikev2.message.IkeSaPayload.PrfTransform; import org.junit.Test; public final class SaProposalTest { + private final EncryptionTransform mEncryption3DesTransform; + private final EncryptionTransform mEncryptionAesGcm8Transform; + private final IntegrityTransform mIntegrityHmacSha1Transform; + private final IntegrityTransform mIntegrityNoneTransform; + private final PrfTransform mPrfAes128XCbcTransform; + private final DhGroupTransform mDhGroup1024Transform; + + public SaProposalTest() { + mEncryption3DesTransform = new EncryptionTransform(SaProposal.ENCRYPTION_ALGORITHM_3DES); + mEncryptionAesGcm8Transform = + new EncryptionTransform( + SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, SaProposal.KEY_LEN_AES_128); + mIntegrityHmacSha1Transform = + new IntegrityTransform(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96); + mIntegrityNoneTransform = new IntegrityTransform(SaProposal.INTEGRITY_ALGORITHM_NONE); + mPrfAes128XCbcTransform = new PrfTransform(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC); + mDhGroup1024Transform = new DhGroupTransform(SaProposal.DH_GROUP_1024_BIT_MODP); + } + + @Test + public void testBuildIkeSaProposalWithNormalModeCipher() throws Exception { + Builder builder = Builder.newIkeSaProposalBuilder(); + SaProposal proposal = + builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) + .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) + .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC) + .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) + .buildOrThrow(); + + assertEquals(IkePayload.PROTOCOL_ID_IKE, proposal.mProtocolId); + assertArrayEquals( + new EncryptionTransform[] {mEncryption3DesTransform}, + proposal.mEncryptionAlgorithms); + assertArrayEquals( + new IntegrityTransform[] {mIntegrityHmacSha1Transform}, + proposal.mIntegrityAlgorithms); + assertArrayEquals( + new PrfTransform[] {mPrfAes128XCbcTransform}, proposal.mPseudorandomFunctions); + assertArrayEquals(new DhGroupTransform[] {mDhGroup1024Transform}, proposal.mDhGroups); + } + + @Test + public void testBuildIkeSaProposalWithCombinedModeCipher() throws Exception { + Builder builder = Builder.newIkeSaProposalBuilder(); + SaProposal proposal = + builder.addEncryptionAlgorithm( + SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, + SaProposal.KEY_LEN_AES_128) + .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC) + .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) + .buildOrThrow(); + + assertEquals(IkePayload.PROTOCOL_ID_IKE, proposal.mProtocolId); + assertArrayEquals( + new EncryptionTransform[] {mEncryptionAesGcm8Transform}, + proposal.mEncryptionAlgorithms); + assertArrayEquals( + new PrfTransform[] {mPrfAes128XCbcTransform}, proposal.mPseudorandomFunctions); + assertArrayEquals(new DhGroupTransform[] {mDhGroup1024Transform}, proposal.mDhGroups); + assertTrue(proposal.mIntegrityAlgorithms.length == 0); + } + + @Test + public void testBuildFirstChildSaProposalWithCombinedCipher() throws Exception { + Builder builder = Builder.newChildSaProposalBuilder(true); + SaProposal proposal = + builder.addEncryptionAlgorithm( + SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, + SaProposal.KEY_LEN_AES_128) + .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE) + .buildOrThrow(); + + assertEquals(IkePayload.PROTOCOL_ID_ESP, proposal.mProtocolId); + assertArrayEquals( + new EncryptionTransform[] {mEncryptionAesGcm8Transform}, + proposal.mEncryptionAlgorithms); + assertArrayEquals( + new IntegrityTransform[] {mIntegrityNoneTransform}, proposal.mIntegrityAlgorithms); + assertTrue(proposal.mPseudorandomFunctions.length == 0); + assertTrue(proposal.mDhGroups.length == 0); + } + + @Test + public void testBuildAdditionalChildSaProposalWithNormalCipher() throws Exception { + Builder builder = Builder.newChildSaProposalBuilder(false); + + SaProposal proposal = + builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) + .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE) + .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) + .buildOrThrow(); + + assertEquals(IkePayload.PROTOCOL_ID_ESP, proposal.mProtocolId); + assertArrayEquals( + new EncryptionTransform[] {mEncryption3DesTransform}, + proposal.mEncryptionAlgorithms); + assertArrayEquals( + new IntegrityTransform[] {mIntegrityNoneTransform}, proposal.mIntegrityAlgorithms); + assertArrayEquals(new DhGroupTransform[] {mDhGroup1024Transform}, proposal.mDhGroups); + assertTrue(proposal.mPseudorandomFunctions.length == 0); + } + @Test public void testBuildEncryptAlgosWithNoAlgorithm() throws Exception { Builder builder = Builder.newIkeSaProposalBuilder(); try { builder.buildOrThrow(); - fail("Encryption algorithm is not provided."); + fail("Expected to fail when no encryption algorithm is proposed."); } catch (IllegalArgumentException expected) { } @@ -39,7 +149,7 @@ public final class SaProposalTest { Builder builder = Builder.newIkeSaProposalBuilder(); try { builder.addEncryptionAlgorithm(-1); - fail("Encryption algorithm is not recognized."); + fail("Expected to fail when unrecognized encryption algorithm is proposed."); } catch (IllegalArgumentException expected) { } @@ -51,7 +161,139 @@ public final class SaProposalTest { try { builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) .addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12); - fail("Expect failure when normal and combined-mode ciphers are proposed together."); + fail( + "Expected to fail when " + + "normal and combined-mode ciphers are proposed together."); + } catch (IllegalArgumentException expected) { + + } + } + + @Test + public void testBuildIkeProposalWithoutPrf() throws Exception { + Builder builder = Builder.newIkeSaProposalBuilder(); + try { + builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES).buildOrThrow(); + fail("Expected to fail when PRF is not provided in IKE SA proposal."); + } catch (IllegalArgumentException expected) { + + } + } + + @Test + public void testBuildChildProposalWithPrf() throws Exception { + Builder builder = Builder.newChildSaProposalBuilder(false); + try { + builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) + .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1) + .buildOrThrow(); + + fail("Expected to fail when PRF is provided in Child SA proposal."); + } catch (IllegalArgumentException expected) { + + } + } + + // Test throwing exception when building IKE SA Proposal with AEAD and not-none integrity + // algorithm. + @Test + public void testBuildAeadWithIntegrityAlgo() throws Exception { + Builder builder = Builder.newChildSaProposalBuilder(false); + try { + builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12) + .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE) + .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) + .buildOrThrow(); + + fail("Expected to fail when not-none integrity algorithm is proposed with AEAD"); + } catch (IllegalArgumentException expected) { + + } + } + + // Test throwing exception when building IKE SA Proposal with normal mode cipher and without + // integrity algorithm. + @Test + public void testBuildIkeProposalNormalCipherWithoutIntegrityAlgo() throws Exception { + Builder builder = Builder.newChildSaProposalBuilder(false); + try { + builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) + .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1) + .buildOrThrow(); + + fail( + "Expected to fail when" + + " no integrity algorithm is proposed with non-combined cipher"); + } catch (IllegalArgumentException expected) { + + } + } + + // Test throwing exception when building IKE SA Proposal with normal mode cipher and none-value + // integrity algorithm. + @Test + public void testBuildIkeProposalNormalCipherWithNoneValueIntegrityAlgo() throws Exception { + Builder builder = Builder.newChildSaProposalBuilder(false); + try { + builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) + .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1) + .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE) + .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) + .buildOrThrow(); + + fail( + "Expected to fail when none-value integrity algorithm is proposed" + + " with non-combined cipher"); + } catch (IllegalArgumentException expected) { + + } + } + + @Test + public void testBuildIkeProposalWithoutDhGroup() throws Exception { + Builder builder = Builder.newIkeSaProposalBuilder(); + try { + builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) + .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) + .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC) + .buildOrThrow(); + + fail("Expected to fail when no DH Group is proposed in IKE SA proposal."); + } catch (IllegalArgumentException expected) { + + } + } + + @Test + public void testBuildIkeProposalWithNoneValueDhGroup() throws Exception { + Builder builder = Builder.newIkeSaProposalBuilder(); + try { + builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) + .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) + .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC) + .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) + .addDhGroup(SaProposal.DH_GROUP_NONE) + .buildOrThrow(); + + fail("Expected to fail when none-value DH Group is proposed in IKE SA proposal."); + } catch (IllegalArgumentException expected) { + + } + } + + // Test throwing exception when building first Child SA Proposal with not-none-value DH Group. + @Test + public void testBuildFirstChildProposalWithNotNoneValueDhGroup() throws Exception { + Builder builder = Builder.newChildSaProposalBuilder(true); + try { + builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) + .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) + .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) + .buildOrThrow(); + + fail( + "Expected to fail when" + + " not-none-value DH Group is proposed in first Child SA proposal."); } catch (IllegalArgumentException expected) { } diff --git a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java index d2db6db9..cfde10e5 100644 --- a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java +++ b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java @@ -18,6 +18,7 @@ package com.android.ike.ikev2.message; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotEquals; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; import static org.mockito.Matchers.any; @@ -383,6 +384,32 @@ public final class IkeSaPayloadTest { } @Test + public void testTransformEquals() throws Exception { + EncryptionTransform mEncrAesGcm8Key128TransformLeft = + new EncryptionTransform( + SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, SaProposal.KEY_LEN_AES_128); + EncryptionTransform mEncrAesGcm8Key128TransformRight = + new EncryptionTransform( + SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, SaProposal.KEY_LEN_AES_128); + + assertEquals(mEncrAesGcm8Key128TransformLeft, mEncrAesGcm8Key128TransformRight); + + EncryptionTransform mEncrAesGcm8Key192TransformLeft = + new EncryptionTransform( + SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, SaProposal.KEY_LEN_AES_192); + + assertNotEquals(mEncrAesGcm8Key128TransformLeft, mEncrAesGcm8Key192TransformLeft); + + IntegrityTransform mIntegHmacSha1TransformLeft = + new IntegrityTransform(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96); + IntegrityTransform mIntegHmacSha1TransformRight = + new IntegrityTransform(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96); + + assertNotEquals(mEncrAesGcm8Key128TransformLeft, mIntegHmacSha1TransformLeft); + assertEquals(mIntegHmacSha1TransformLeft, mIntegHmacSha1TransformRight); + } + + @Test public void testDecodeSingleProposal() throws Exception { byte[] inputPacket = TestUtils.hexStringToByteArray(PROPOSAL_RAW_PACKET); ByteBuffer inputBuffer = ByteBuffer.wrap(inputPacket); |