diff options
3 files changed, 107 insertions, 8 deletions
diff --git a/src/java/com/android/ike/ikev2/SaProposal.java b/src/java/com/android/ike/ikev2/SaProposal.java index 37a81009..8fa0743d 100644 --- a/src/java/com/android/ike/ikev2/SaProposal.java +++ b/src/java/com/android/ike/ikev2/SaProposal.java @@ -54,27 +54,56 @@ public final class SaProposal { static { SUPPORTED_ENCRYPTION_ALGORITHM = new ArraySet<>(); - SUPPORTED_ENCRYPTION_ALGORITHM.add(SaProposal.ENCRYPTION_ALGORITHM_3DES); - SUPPORTED_ENCRYPTION_ALGORITHM.add(SaProposal.ENCRYPTION_ALGORITHM_AES_CBC); - SUPPORTED_ENCRYPTION_ALGORITHM.add(SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8); - SUPPORTED_ENCRYPTION_ALGORITHM.add(SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12); - SUPPORTED_ENCRYPTION_ALGORITHM.add(SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_16); + SUPPORTED_ENCRYPTION_ALGORITHM.add(ENCRYPTION_ALGORITHM_3DES); + SUPPORTED_ENCRYPTION_ALGORITHM.add(ENCRYPTION_ALGORITHM_AES_CBC); + SUPPORTED_ENCRYPTION_ALGORITHM.add(ENCRYPTION_ALGORITHM_AES_GCM_8); + SUPPORTED_ENCRYPTION_ALGORITHM.add(ENCRYPTION_ALGORITHM_AES_GCM_12); + SUPPORTED_ENCRYPTION_ALGORITHM.add(ENCRYPTION_ALGORITHM_AES_GCM_16); } public static final int KEY_LEN_AES_128 = 128; public static final int KEY_LEN_AES_192 = 192; public static final int KEY_LEN_AES_256 = 256; + @Retention(RetentionPolicy.SOURCE) + @IntDef({ + PSEUDORANDOM_FUNCTION_HMAC_SHA1, + PSEUDORANDOM_FUNCTION_AES128_XCBC + }) + + public @interface PseudorandomFunction {} + + public static final int PSEUDORANDOM_FUNCTION_HMAC_SHA1 = 2; + public static final int PSEUDORANDOM_FUNCTION_AES128_XCBC = 4; + + private static final Set<Integer> SUPPORTED_PSEUDORANDOM_FUNCTION; + + static { + SUPPORTED_PSEUDORANDOM_FUNCTION = new ArraySet<>(); + SUPPORTED_PSEUDORANDOM_FUNCTION.add(PSEUDORANDOM_FUNCTION_HMAC_SHA1); + SUPPORTED_PSEUDORANDOM_FUNCTION.add(PSEUDORANDOM_FUNCTION_AES128_XCBC); + } + /** * Check if the provided algorithm is a supported encryption algorithm. * - * @param algorithm IKE standard encryption algorithm id - * @return if the provided algorithm is a supported encryption algorithm. + * @param algorithm IKE standard encryption algorithm id. + * @return true if the provided algorithm is a supported encryption algorithm. */ public static boolean isSupportedEncryptionAlgorithm(@EncryptionAlgorithm int algorithm) { return SUPPORTED_ENCRYPTION_ALGORITHM.contains(algorithm); } + /** + * Check if the provided algorithm is a supported pseudorandom function. + * + * @param algorithm IKE standard pseudorandom function id. + * @return true if the provided algorithm is a supported pseudorandom function. + */ + public static boolean isSupportedPseudorandomFunction(@PseudorandomFunction int algorithm) { + return SUPPORTED_PSEUDORANDOM_FUNCTION.contains(algorithm); + } + // TODO: Implement constructing SaProposal with a Builder that supports adding // encryption/integrity algorithms, prf, and DH Group. } diff --git a/src/java/com/android/ike/ikev2/message/IkeSaPayload.java b/src/java/com/android/ike/ikev2/message/IkeSaPayload.java index 79a874b8..8ce034ae 100644 --- a/src/java/com/android/ike/ikev2/message/IkeSaPayload.java +++ b/src/java/com/android/ike/ikev2/message/IkeSaPayload.java @@ -17,6 +17,7 @@ package com.android.ike.ikev2.message; import static com.android.ike.ikev2.SaProposal.EncryptionAlgorithm; +import static com.android.ike.ikev2.SaProposal.PseudorandomFunction; import android.annotation.IntDef; import android.util.ArraySet; @@ -265,7 +266,9 @@ public final class IkeSaPayload extends IkePayload { switch (type) { case TRANSFORM_TYPE_ENCR: return new EncryptionTransform(id, attributeList); - // TODO: Add Integrity algorithm, PRF, DhGroup and ESN + case TRANSFORM_TYPE_PRF: + return new PrfTransform(id, attributeList); + // TODO: Add Integrity algorithm, DhGroup and ESN default: return new UnrecognizedTransform(type, id, attributeList); } @@ -435,6 +438,47 @@ public final class IkeSaPayload extends IkePayload { } /** + * PrfTransform represents an pseudorandom function. + * + * <p>Currently it does not have any supported {@link Attribute}. + * + * @see <a href="https://tools.ietf.org/html/rfc7296#section-3.3.2">RFC 7296, Internet Key + * Exchange Protocol Version 2 (IKEv2). + */ + public static final class PrfTransform extends Transform { + @Override + protected boolean isSupportedTransformId(int id) { + return SaProposal.isSupportedPseudorandomFunction(id); + } + + /** + * Contruct an instance of PrfTransform in the context of {@link SaProposal}. + * + * @param id the IKE standard Transform ID. + */ + public PrfTransform(@PseudorandomFunction int id) { + super(Transform.TRANSFORM_TYPE_PRF, id); + } + + /** + * Contruct an instance of PrfTransform in the context of abstract class {@link Transform}. + * + * @param id the IKE standard Transform ID. + * @param attributeList the decoded list of Attribute. + * @throws InvalidSyntaxException for syntax error. + */ + protected PrfTransform(int id, List<Attribute> attributeList) + throws InvalidSyntaxException { + super(Transform.TRANSFORM_TYPE_PRF, id, attributeList); + } + + @Override + public String getTransformTypeString() { + return "Pseudorandom Function"; + } + } + + /** * UnrecognizedTransform represents a Transform with unrecognized Transform Type. * * <p>Proposals containing an UnrecognizedTransform should be ignored. diff --git a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java index e2909fc0..20bc67e0 100644 --- a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java +++ b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeSaPayloadTest.java @@ -34,6 +34,7 @@ import com.android.ike.ikev2.message.IkeSaPayload.Attribute; import com.android.ike.ikev2.message.IkeSaPayload.AttributeDecoder; import com.android.ike.ikev2.message.IkeSaPayload.EncryptionTransform; import com.android.ike.ikev2.message.IkeSaPayload.KeyLengthAttribute; +import com.android.ike.ikev2.message.IkeSaPayload.PrfTransform; import com.android.ike.ikev2.message.IkeSaPayload.Proposal; import com.android.ike.ikev2.message.IkeSaPayload.Transform; import com.android.ike.ikev2.message.IkeSaPayload.TransformDecoder; @@ -71,6 +72,7 @@ public final class IkeSaPayloadTest { + "400001e030000080400001f030000080400000f030000080400001003" + "00000804000012000000080400000e"; private static final String ENCR_TRANSFORM_RAW_PACKET = "0300000c0100000c800e0080"; + private static final String PRF_TRANSFORM_RAW_PACKET = "0000000802000002"; private static final int TRANSFORM_TYPE_POSITION = 4; private static final int TRANSFORM_ID_POSITION = 7; @@ -167,6 +169,30 @@ public final class IkeSaPayloadTest { } @Test + public void testDecodePrfTransform() throws Exception { + byte[] inputPacket = TestUtils.hexStringToByteArray(PRF_TRANSFORM_RAW_PACKET); + ByteBuffer inputBuffer = ByteBuffer.wrap(inputPacket); + + when(mMockedAttributeDecoder.decodeAttributes(anyInt(), any())) + .thenReturn(new LinkedList<Attribute>()); + Transform.sAttributeDecoder = mMockedAttributeDecoder; + + Transform transform = Transform.readFrom(inputBuffer); + assertEquals(Transform.TRANSFORM_TYPE_PRF, transform.type); + assertEquals(SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1, transform.id); + assertTrue(transform.isSupported); + } + + @Test + public void testConstructPrfTransformWithUnSupportedId() throws Exception { + try { + new PrfTransform(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC + 1); + fail("Expected IllegalArgumentException for unsupported Transform ID"); + } catch (IllegalArgumentException expected) { + } + } + + @Test public void testDecodeUnrecognizedTransform() throws Exception { byte[] inputPacket = TestUtils.hexStringToByteArray(ENCR_TRANSFORM_RAW_PACKET); inputPacket[TRANSFORM_TYPE_POSITION] = 6; |