diff options
Diffstat (limited to 'tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeMacIntegrityTest.java')
-rw-r--r-- | tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeMacIntegrityTest.java | 128 |
1 files changed, 128 insertions, 0 deletions
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeMacIntegrityTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeMacIntegrityTest.java new file mode 100644 index 00000000..ed625660 --- /dev/null +++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeMacIntegrityTest.java @@ -0,0 +1,128 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.internal.net.ipsec.ike.crypto; + +import static org.junit.Assert.assertArrayEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; + +import android.net.IpSecAlgorithm; +import android.net.ipsec.ike.SaProposal; + +import com.android.internal.net.TestUtils; +import com.android.internal.net.ipsec.ike.message.IkeMessage; +import com.android.internal.net.ipsec.ike.message.IkeSaPayload.IntegrityTransform; + +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +import java.util.Arrays; + +@RunWith(JUnit4.class) +public final class IkeMacIntegrityTest { + private static final String DATA_TO_AUTH_HEX_STRING = + "5f54bf6d8b48e6e1909232b3d1edcb5c2e20230800000001000000ec" + + "230000d0b9132b7bb9f658dfdc648e5017a6322a030c316c" + + "e55f365760d46426ce5cfc78bd1ed9abff63eb9594c1bd58" + + "46de333ecd3ea2b705d18293b130395300ba92a351041345" + + "0a10525cea51b2753b4e92b081fd78d995659a98f742278f" + + "f9b8fd3e21554865c15c79a5134d66b2744966089e416c60" + + "a274e44a9a3f084eb02f3bdce1e7de9de8d9a62773ab563b" + + "9a69ba1db03c752acb6136452b8a86c41addb4210d68c423" + + "efed80e26edca5fa3fe5d0a5ca9375ce332c474b93fb1fa3" + + "59eb4e81"; + private static final String INTEGRITY_KEY_HEX_STRING = + "554fbf5a05b7f511e05a30ce23d874db9ef55e51"; + private static final String CHECKSUM_HEX_STRING = "ae6e0f22abdad69ba8007d50"; + + private IkeMacIntegrity mHmacSha1IntegrityMac; + private byte[] mHmacSha1IntegrityKey; + + private byte[] mDataToAuthenticate; + + @Before + public void setUp() throws Exception { + mHmacSha1IntegrityMac = + IkeMacIntegrity.create( + new IntegrityTransform(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96), + IkeMessage.getSecurityProvider()); + mHmacSha1IntegrityKey = TestUtils.hexStringToByteArray(INTEGRITY_KEY_HEX_STRING); + + mDataToAuthenticate = TestUtils.hexStringToByteArray(DATA_TO_AUTH_HEX_STRING); + } + + @Test + public void testGenerateChecksum() throws Exception { + byte[] calculatedChecksum = + mHmacSha1IntegrityMac.generateChecksum(mHmacSha1IntegrityKey, mDataToAuthenticate); + + byte[] expectedChecksum = TestUtils.hexStringToByteArray(CHECKSUM_HEX_STRING); + assertArrayEquals(expectedChecksum, calculatedChecksum); + } + + @Test + public void testGenerateChecksumWithDifferentKey() throws Exception { + byte[] integrityKey = mHmacSha1IntegrityKey.clone(); + integrityKey[0]++; + + byte[] calculatedChecksum = + mHmacSha1IntegrityMac.generateChecksum(integrityKey, mDataToAuthenticate); + + byte[] expectedChecksum = TestUtils.hexStringToByteArray(CHECKSUM_HEX_STRING); + assertFalse(Arrays.equals(expectedChecksum, calculatedChecksum)); + } + + @Test + public void testGenerateChecksumWithInvalidKey() throws Exception { + byte[] integrityKey = TestUtils.hexStringToByteArray(INTEGRITY_KEY_HEX_STRING + "0000"); + + try { + byte[] calculatedChecksum = + mHmacSha1IntegrityMac.generateChecksum(integrityKey, mDataToAuthenticate); + fail("Expected to fail due to invalid authentication key."); + } catch (IllegalArgumentException expected) { + + } + } + + @Test + public void testBuildIpSecAlgorithm() throws Exception { + IpSecAlgorithm ipsecAlgorithm = + mHmacSha1IntegrityMac.buildIpSecAlgorithmWithKey(mHmacSha1IntegrityKey); + + IpSecAlgorithm expectedIpSecAlgorithm = + new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA1, mHmacSha1IntegrityKey, 96); + + assertTrue(IpSecAlgorithm.equals(expectedIpSecAlgorithm, ipsecAlgorithm)); + } + + @Test + public void buildIpSecAlgorithmWithInvalidKey() throws Exception { + byte[] encryptionKey = TestUtils.hexStringToByteArray(INTEGRITY_KEY_HEX_STRING + "00"); + + try { + mHmacSha1IntegrityMac.buildIpSecAlgorithmWithKey(encryptionKey); + + fail("Expected to fail due to integrity key with wrong length."); + } catch (IllegalArgumentException expected) { + + } + } +} |