diff options
Diffstat (limited to 'tests/iketests/src/java/com/android/ike')
5 files changed, 125 insertions, 47 deletions
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionStateMachineTest.java b/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionStateMachineTest.java index e81b17aa..1d760b7e 100644 --- a/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionStateMachineTest.java +++ b/tests/iketests/src/java/com/android/ike/ikev2/ChildSessionStateMachineTest.java @@ -63,12 +63,13 @@ public final class ChildSessionStateMachineTest { private ISaRecordHelper mMockSaRecordHelper; private IChildSessionCallback mMockChildSessionCallback; - private ChildSessionOptions mMockChildSessionOptions; + private ChildSessionOptions mChildSessionOptions; public ChildSessionStateMachineTest() { mMockSaRecordHelper = mock(SaRecord.ISaRecordHelper.class); mMockChildSessionCallback = mock(IChildSessionCallback.class); - mMockChildSessionOptions = mock(ChildSessionOptions.class); + + mChildSessionOptions = new ChildSessionOptions(); } @Before @@ -77,7 +78,7 @@ public final class ChildSessionStateMachineTest { mLooper = new TestLooper(); mChildSessionStateMachine = new ChildSessionStateMachine( - "ChildSessionStateMachine", mLooper.getLooper(), mMockChildSessionOptions); + "ChildSessionStateMachine", mLooper.getLooper(), mChildSessionOptions); mChildSessionStateMachine.setDbg(true); SaRecord.setSaRecordHelper(mMockSaRecordHelper); diff --git a/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionStateMachineTest.java b/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionStateMachineTest.java index e3ad450a..1dcf5b82 100644 --- a/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionStateMachineTest.java +++ b/tests/iketests/src/java/com/android/ike/ikev2/IkeSessionStateMachineTest.java @@ -17,6 +17,9 @@ package com.android.ike.ikev2; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotEquals; +import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import static org.mockito.Matchers.any; import static org.mockito.Matchers.eq; @@ -26,8 +29,14 @@ import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; +import android.content.Context; +import android.net.IpSecManager; +import android.net.IpSecManager.UdpEncapsulationSocket; +import android.os.Looper; import android.os.test.TestLooper; +import androidx.test.InstrumentationRegistry; + import com.android.ike.ikev2.ChildSessionStateMachineFactory.ChildSessionFactoryHelper; import com.android.ike.ikev2.ChildSessionStateMachineFactory.IChildSessionFactoryHelper; import com.android.ike.ikev2.IkeSessionStateMachine.ReceivedIkePacket; @@ -43,26 +52,37 @@ import com.android.ike.ikev2.message.IkePayload; import org.junit.After; import org.junit.Before; import org.junit.Test; +import org.mockito.ArgumentCaptor; +import java.net.InetAddress; import java.util.LinkedList; +import java.util.List; public final class IkeSessionStateMachineTest { + private static final String SERVER_ADDRESS = "192.0.2.100"; + + private UdpEncapsulationSocket mUdpEncapSocket; + private TestLooper mLooper; private IkeSessionStateMachine mIkeSessionStateMachine; + private IkeSessionOptions mIkeSessionOptions; + private ChildSessionOptions mChildSessionOptions; + private IIkeMessageHelper mMockIkeMessageHelper; private ISaRecordHelper mMockSaRecordHelper; - private IkeSessionOptions mMockIkeSessionOptions; private ChildSessionStateMachine mMockChildSessionStateMachine; - private ChildSessionOptions mMockChildSessionOptions; private IChildSessionFactoryHelper mMockChildSessionFactoryHelper; private IkeSaRecord mSpyCurrentIkeSaRecord; private IkeSaRecord mSpyLocalInitIkeSaRecord; private IkeSaRecord mSpyRemoteInitIkeSaRecord; + private ArgumentCaptor<IkeMessage> mIkeMessageCaptor = + ArgumentCaptor.forClass(IkeMessage.class); + private ReceivedIkePacket makeDummyUnencryptedReceivedIkePacket(int packetType) throws Exception { IkeMessage dummyIkeMessage = makeDummyIkeMessageForTest(0, 0, false, false); @@ -83,7 +103,7 @@ public final class IkeSessionStateMachineTest { byte[] dummyIkePacketBytes = new byte[0]; when(mMockIkeMessageHelper.decode( - mMockIkeSessionOptions, + mIkeSessionOptions, ikeSaRecord, dummyIkeMessage.ikeHeader, dummyIkePacketBytes)) @@ -97,27 +117,21 @@ public final class IkeSessionStateMachineTest { int firstPayloadType = isEncrypted ? IkePayload.PAYLOAD_TYPE_SK : IkePayload.PAYLOAD_TYPE_NO_NEXT; IkeHeader header = - new IkeHeader(initSpi, respSpi, firstPayloadType, 0, true, fromikeInit, 0, 0); + new IkeHeader(initSpi, respSpi, firstPayloadType, 0, true, fromikeInit, 0); return new IkeMessage(header, new LinkedList<IkePayload>()); } private void verifyDecodeEncryptedMessage(IkeSaRecord record, ReceivedIkePacket rcvPacket) throws Exception { verify(mMockIkeMessageHelper) - .decode( - mMockIkeSessionOptions, - record, - rcvPacket.ikeHeader, - rcvPacket.ikePacketBytes); + .decode(mIkeSessionOptions, record, rcvPacket.ikeHeader, rcvPacket.ikePacketBytes); } public IkeSessionStateMachineTest() { mMockIkeMessageHelper = mock(IkeMessage.IIkeMessageHelper.class); mMockSaRecordHelper = mock(SaRecord.ISaRecordHelper.class); - mMockIkeSessionOptions = mock(IkeSessionOptions.class); mMockChildSessionStateMachine = mock(ChildSessionStateMachine.class); - mMockChildSessionOptions = mock(ChildSessionOptions.class); mMockChildSessionFactoryHelper = mock(IChildSessionFactoryHelper.class); mSpyCurrentIkeSaRecord = spy(new IkeSaRecord(11, 12, true, null, null)); @@ -131,17 +145,25 @@ public final class IkeSessionStateMachineTest { } @Before - public void setUp() { + public void setUp() throws Exception { + Context context = InstrumentationRegistry.getContext(); + IpSecManager ipSecManager = (IpSecManager) context.getSystemService(Context.IPSEC_SERVICE); + mUdpEncapSocket = ipSecManager.openUdpEncapsulationSocket(); + + mIkeSessionOptions = buildIkeSessionOptions(); + mChildSessionOptions = new ChildSessionOptions(); + // Setup thread and looper mLooper = new TestLooper(); mIkeSessionStateMachine = new IkeSessionStateMachine( "IkeSessionStateMachine", mLooper.getLooper(), - mMockIkeSessionOptions, - mMockChildSessionOptions); + mIkeSessionOptions, + mChildSessionOptions); mIkeSessionStateMachine.setDbg(true); mIkeSessionStateMachine.start(); + IkeMessage.setIkeMessageHelper(mMockIkeMessageHelper); SaRecord.setSaRecordHelper(mMockSaRecordHelper); ChildSessionStateMachineFactory.setChildSessionFactoryHelper( @@ -149,17 +171,46 @@ public final class IkeSessionStateMachineTest { } @After - public void tearDown() { + public void tearDown() throws Exception { mIkeSessionStateMachine.quit(); mIkeSessionStateMachine.setDbg(false); + mUdpEncapSocket.close(); + IkeMessage.setIkeMessageHelper(new IkeMessageHelper()); SaRecord.setSaRecordHelper(new SaRecordHelper()); ChildSessionStateMachineFactory.setChildSessionFactoryHelper( new ChildSessionFactoryHelper()); } + private IkeSessionOptions buildIkeSessionOptions() throws Exception { + SaProposal saProposal = + SaProposal.Builder.newIkeSaProposalBuilder() + .addEncryptionAlgorithm( + SaProposal.ENCRYPTION_ALGORITHM_AES_CBC, SaProposal.KEY_LEN_AES_128) + .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) + .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1) + .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) + .build(); + + InetAddress serveAddress = InetAddress.getByName(SERVER_ADDRESS); + IkeSessionOptions sessionOptions = + new IkeSessionOptions.Builder(serveAddress, mUdpEncapSocket) + .addSaProposal(saProposal) + .build(); + return sessionOptions; + } + + private static boolean isIkePayloadExist( + List<IkePayload> payloadList, @IkePayload.PayloadType int payloadType) { + for (IkePayload payload : payloadList) { + if (payload.payloadType == payloadType) return true; + } + return false; + } + @Test public void testCreateIkeLocalIkeInit() throws Exception { + if (Looper.myLooper() == null) Looper.myLooper().prepare(); // Mock IKE_INIT response. ReceivedIkePacket dummyReceivedIkePacket = makeDummyUnencryptedReceivedIkePacket(IkeMessage.MESSAGE_TYPE_IKE_INIT_RESP); @@ -171,15 +222,37 @@ public final class IkeSessionStateMachineTest { IkeSessionStateMachine.CMD_RECEIVE_IKE_PACKET, dummyReceivedIkePacket); mLooper.dispatchAll(); + + // Validate outbound IKE INIT request + verify(mMockIkeMessageHelper).encode(mIkeMessageCaptor.capture()); + IkeMessage ikeInitReqMessage = mIkeMessageCaptor.getValue(); + + IkeHeader ikeHeader = ikeInitReqMessage.ikeHeader; + assertEquals(IkeHeader.EXCHANGE_TYPE_IKE_SA_INIT, ikeHeader.exchangeType); + assertFalse(ikeHeader.isResponseMsg); + assertTrue(ikeHeader.fromIkeInitiator); + + List<IkePayload> payloadList = ikeInitReqMessage.ikePayloadList; + assertTrue(isIkePayloadExist(payloadList, IkePayload.PAYLOAD_TYPE_SA)); + assertTrue(isIkePayloadExist(payloadList, IkePayload.PAYLOAD_TYPE_KE)); + assertTrue(isIkePayloadExist(payloadList, IkePayload.PAYLOAD_TYPE_NONCE)); + + IkeSocket ikeSocket = mIkeSessionStateMachine.mIkeSocket; + assertNotNull(ikeSocket); + assertNotEquals( + -1 /*not found*/, ikeSocket.mSpiToIkeSession.indexOfValue(mIkeSessionStateMachine)); + verify(mMockIkeMessageHelper) .decode(dummyReceivedIkePacket.ikeHeader, dummyReceivedIkePacket.ikePacketBytes); verify(mMockIkeMessageHelper).getMessageType(any()); + assertTrue( mIkeSessionStateMachine.getCurrentState() instanceof IkeSessionStateMachine.CreateIkeLocalIkeAuth); } private void mockIkeSetup() throws Exception { + if (Looper.myLooper() == null) Looper.myLooper().prepare(); // Mock IKE_INIT response ReceivedIkePacket dummyIkeInitRespReceivedPacket = makeDummyUnencryptedReceivedIkePacket(IkeMessage.MESSAGE_TYPE_IKE_INIT_RESP); diff --git a/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java b/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java index 428c028d..7f40d729 100644 --- a/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java +++ b/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java @@ -66,16 +66,17 @@ public final class SaProposalTest { .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) .build(); - assertEquals(IkePayload.PROTOCOL_ID_IKE, proposal.mProtocolId); + assertEquals(IkePayload.PROTOCOL_ID_IKE, proposal.getProtocolId()); assertArrayEquals( new EncryptionTransform[] {mEncryption3DesTransform}, - proposal.mEncryptionAlgorithms); + proposal.getEncryptionTransforms()); assertArrayEquals( new IntegrityTransform[] {mIntegrityHmacSha1Transform}, - proposal.mIntegrityAlgorithms); + proposal.getIntegrityTransforms()); assertArrayEquals( - new PrfTransform[] {mPrfAes128XCbcTransform}, proposal.mPseudorandomFunctions); - assertArrayEquals(new DhGroupTransform[] {mDhGroup1024Transform}, proposal.mDhGroups); + new PrfTransform[] {mPrfAes128XCbcTransform}, proposal.getPrfTransforms()); + assertArrayEquals( + new DhGroupTransform[] {mDhGroup1024Transform}, proposal.getDhGroupTransforms()); } @Test @@ -89,14 +90,15 @@ public final class SaProposalTest { .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) .build(); - assertEquals(IkePayload.PROTOCOL_ID_IKE, proposal.mProtocolId); + assertEquals(IkePayload.PROTOCOL_ID_IKE, proposal.getProtocolId()); assertArrayEquals( new EncryptionTransform[] {mEncryptionAesGcm8Transform}, - proposal.mEncryptionAlgorithms); + proposal.getEncryptionTransforms()); + assertArrayEquals( + new PrfTransform[] {mPrfAes128XCbcTransform}, proposal.getPrfTransforms()); assertArrayEquals( - new PrfTransform[] {mPrfAes128XCbcTransform}, proposal.mPseudorandomFunctions); - assertArrayEquals(new DhGroupTransform[] {mDhGroup1024Transform}, proposal.mDhGroups); - assertTrue(proposal.mIntegrityAlgorithms.length == 0); + new DhGroupTransform[] {mDhGroup1024Transform}, proposal.getDhGroupTransforms()); + assertTrue(proposal.getIntegrityTransforms().length == 0); } @Test @@ -109,14 +111,15 @@ public final class SaProposalTest { .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE) .build(); - assertEquals(IkePayload.PROTOCOL_ID_ESP, proposal.mProtocolId); + assertEquals(IkePayload.PROTOCOL_ID_ESP, proposal.getProtocolId()); assertArrayEquals( new EncryptionTransform[] {mEncryptionAesGcm8Transform}, - proposal.mEncryptionAlgorithms); + proposal.getEncryptionTransforms()); assertArrayEquals( - new IntegrityTransform[] {mIntegrityNoneTransform}, proposal.mIntegrityAlgorithms); - assertTrue(proposal.mPseudorandomFunctions.length == 0); - assertTrue(proposal.mDhGroups.length == 0); + new IntegrityTransform[] {mIntegrityNoneTransform}, + proposal.getIntegrityTransforms()); + assertTrue(proposal.getPrfTransforms().length == 0); + assertTrue(proposal.getDhGroupTransforms().length == 0); } @Test @@ -129,14 +132,16 @@ public final class SaProposalTest { .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) .build(); - assertEquals(IkePayload.PROTOCOL_ID_ESP, proposal.mProtocolId); + assertEquals(IkePayload.PROTOCOL_ID_ESP, proposal.getProtocolId()); assertArrayEquals( new EncryptionTransform[] {mEncryption3DesTransform}, - proposal.mEncryptionAlgorithms); + proposal.getEncryptionTransforms()); + assertArrayEquals( + new IntegrityTransform[] {mIntegrityNoneTransform}, + proposal.getIntegrityTransforms()); assertArrayEquals( - new IntegrityTransform[] {mIntegrityNoneTransform}, proposal.mIntegrityAlgorithms); - assertArrayEquals(new DhGroupTransform[] {mDhGroup1024Transform}, proposal.mDhGroups); - assertTrue(proposal.mPseudorandomFunctions.length == 0); + new DhGroupTransform[] {mDhGroup1024Transform}, proposal.getDhGroupTransforms()); + assertTrue(proposal.getPrfTransforms().length == 0); } @Test diff --git a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeHeaderTest.java b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeHeaderTest.java index 1bc52c3b..08b1612b 100644 --- a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeHeaderTest.java +++ b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeHeaderTest.java @@ -62,6 +62,7 @@ public final class IkeHeaderTest { private static final int IKE_MSG_ID = 0; private static final int IKE_MSG_LENGTH = 336; + private static final int IKE_MSG_BODY_LENGTH = IKE_MSG_LENGTH - IkeHeader.IKE_HEADER_LENGTH; // Byte offsets of version field in IKE message header. private static final int VERSION_OFFSET = 17; @@ -89,7 +90,7 @@ public final class IkeHeaderTest { assertFalse(header.isResponseMsg); assertTrue(header.fromIkeInitiator); assertEquals(IKE_MSG_ID, header.messageId); - assertEquals(IKE_MSG_LENGTH, header.messageLength); + assertEquals(IKE_MSG_LENGTH, header.getInboundMessageLength()); } @Test @@ -142,7 +143,7 @@ public final class IkeHeaderTest { IkeHeader header = new IkeHeader(inputPacket); ByteBuffer byteBuffer = ByteBuffer.allocate(IkeHeader.IKE_HEADER_LENGTH); - header.encodeToByteBuffer(byteBuffer); + header.encodeToByteBuffer(byteBuffer, IKE_MSG_BODY_LENGTH); byte[] expectedPacket = TestUtils.hexStringToByteArray(IKE_HEADER_HEX_STRING); assertArrayEquals(expectedPacket, byteBuffer.array()); diff --git a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeKePayloadTest.java b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeKePayloadTest.java index 4f45f26d..1bb0b709 100644 --- a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeKePayloadTest.java +++ b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeKePayloadTest.java @@ -18,11 +18,10 @@ package com.android.ike.ikev2.message; import static org.junit.Assert.assertArrayEquals; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; -import android.util.Pair; - import com.android.ike.ikev2.IkeDhParams; import com.android.ike.ikev2.SaProposal; import com.android.ike.ikev2.exceptions.InvalidSyntaxException; @@ -100,6 +99,7 @@ public final class IkeKePayloadTest { IkeKePayload payload = new IkeKePayload(CRITICAL_BIT, inputPacket); + assertFalse(payload.isOutbound); assertEquals(EXPECTED_DH_GROUP, payload.dhGroup); byte[] keyExchangeData = TestUtils.hexStringToByteArray(KEY_EXCHANGE_DATA_RAW_PACKET); @@ -138,11 +138,11 @@ public final class IkeKePayloadTest { @Test public void testGetIkeKePayload() throws Exception { - Pair<DHPrivateKeySpec, IkeKePayload> pair = - IkeKePayload.getKePayload(SaProposal.DH_GROUP_1024_BIT_MODP); + IkeKePayload payload = new IkeKePayload(SaProposal.DH_GROUP_1024_BIT_MODP); // Test DHPrivateKeySpec - DHPrivateKeySpec privateKeySpec = pair.first; + assertTrue(payload.isOutbound); + DHPrivateKeySpec privateKeySpec = payload.localPrivateKey; BigInteger primeValue = privateKeySpec.getP(); BigInteger expectedPrimeValue = new BigInteger(IkeDhParams.PRIME_1024_BIT_MODP, 16); @@ -153,8 +153,6 @@ public final class IkeKePayloadTest { assertEquals(0, expectedGenValue.compareTo(genValue)); // Test IkeKePayload - IkeKePayload payload = pair.second; - assertEquals(EXPECTED_DH_GROUP, payload.dhGroup); assertEquals(EXPECTED_KE_DATA_LEN, payload.keyExchangeData.length); } |