diff options
Diffstat (limited to 'tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto')
4 files changed, 0 insertions, 639 deletions
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeCombinedModeCipherTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeCombinedModeCipherTest.java deleted file mode 100644 index a3b2253e..00000000 --- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeCombinedModeCipherTest.java +++ /dev/null @@ -1,160 +0,0 @@ -/* - * Copyright (C) 2019 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.android.internal.net.ipsec.ike.crypto; - -import static org.junit.Assert.assertArrayEquals; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; - -import android.net.IpSecAlgorithm; -import android.net.ipsec.ike.SaProposal; - -import com.android.internal.net.TestUtils; -import com.android.internal.net.ipsec.ike.message.IkeMessage; -import com.android.internal.net.ipsec.ike.message.IkeSaPayload.EncryptionTransform; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; - -import java.util.Arrays; -import java.util.Random; - -import javax.crypto.AEADBadTagException; - -@RunWith(JUnit4.class) -public final class IkeCombinedModeCipherTest { - private static final String IV = "fbd69d9de2dafc5e"; - private static final String ENCRYPTED_PADDED_DATA_WITH_CHECKSUM = - "f4109834e9f3559758c05edf119917521b885f67f0d14ced43"; - private static final String UNENCRYPTED_PADDED_DATA = "000000080000400f00"; - private static final String ADDITIONAL_AUTH_DATA = - "77c708b4523e39a471dc683c1d4f21362e202508000000060000004129000025"; - private static final String KEY = - "7C04513660DEC572D896105254EF92608054F8E6EE19E79CE52AB8697B2B5F2C2AA90C29"; - - private static final int AES_GCM_IV_LEN = 8; - private static final int AES_GCM_16_CHECKSUM_LEN = 128; - - private IkeCombinedModeCipher mAesGcm16Cipher; - - private byte[] mAesGcmKey; - private byte[] mIv; - private byte[] mEncryptedPaddedDataWithChecksum; - private byte[] mUnencryptedPaddedData; - private byte[] mAdditionalAuthData; - - @Before - public void setUp() { - mAesGcm16Cipher = - (IkeCombinedModeCipher) - IkeCipher.create( - new EncryptionTransform( - SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_16, - SaProposal.KEY_LEN_AES_256), - IkeMessage.getSecurityProvider()); - - mAesGcmKey = TestUtils.hexStringToByteArray(KEY); - mIv = TestUtils.hexStringToByteArray(IV); - mEncryptedPaddedDataWithChecksum = - TestUtils.hexStringToByteArray(ENCRYPTED_PADDED_DATA_WITH_CHECKSUM); - mUnencryptedPaddedData = TestUtils.hexStringToByteArray(UNENCRYPTED_PADDED_DATA); - mAdditionalAuthData = TestUtils.hexStringToByteArray(ADDITIONAL_AUTH_DATA); - } - - @Test - public void testBuild() throws Exception { - assertTrue(mAesGcm16Cipher.isAead()); - assertEquals(AES_GCM_IV_LEN, mAesGcm16Cipher.generateIv().length); - } - - @Test - public void testGenerateRandomIv() throws Exception { - assertFalse(Arrays.equals(mAesGcm16Cipher.generateIv(), mAesGcm16Cipher.generateIv())); - } - - @Test - public void testEncrypt() throws Exception { - byte[] calculatedData = - mAesGcm16Cipher.encrypt( - mUnencryptedPaddedData, mAdditionalAuthData, mAesGcmKey, mIv); - - assertArrayEquals(mEncryptedPaddedDataWithChecksum, calculatedData); - } - - @Test - public void testDecrypt() throws Exception { - byte[] calculatedData = - mAesGcm16Cipher.decrypt( - mEncryptedPaddedDataWithChecksum, mAdditionalAuthData, mAesGcmKey, mIv); - - assertArrayEquals(mUnencryptedPaddedData, calculatedData); - } - - @Test - public void testEncryptWithWrongKeyLen() throws Exception { - byte[] encryptionKey = TestUtils.hexStringToByteArray(KEY + "00"); - - try { - mAesGcm16Cipher.encrypt( - mUnencryptedPaddedData, mAdditionalAuthData, encryptionKey, mIv); - fail("Expected to fail because encryption key has wrong length."); - } catch (IllegalArgumentException expected) { - - } - } - - @Test - public void testDecrypWithWrongKey() throws Exception { - byte[] encryptionKey = new byte[mAesGcmKey.length]; - new Random().nextBytes(encryptionKey); - - try { - mAesGcm16Cipher.decrypt( - mEncryptedPaddedDataWithChecksum, mAdditionalAuthData, encryptionKey, mIv); - fail("Expected to fail because decryption key is wrong"); - } catch (AEADBadTagException expected) { - - } - } - - @Test - public void testBuildIpSecAlgorithm() throws Exception { - IpSecAlgorithm ipsecAlgorithm = mAesGcm16Cipher.buildIpSecAlgorithmWithKey(mAesGcmKey); - - IpSecAlgorithm expectedIpSecAlgorithm = - new IpSecAlgorithm( - IpSecAlgorithm.AUTH_CRYPT_AES_GCM, mAesGcmKey, AES_GCM_16_CHECKSUM_LEN); - - assertTrue(IpSecAlgorithm.equals(expectedIpSecAlgorithm, ipsecAlgorithm)); - } - - @Test - public void buildIpSecAlgorithmWithInvalidKey() throws Exception { - byte[] encryptionKey = TestUtils.hexStringToByteArray(KEY + "00"); - - try { - mAesGcm16Cipher.buildIpSecAlgorithmWithKey(encryptionKey); - fail("Expected to fail because encryption key has wrong length."); - } catch (IllegalArgumentException expected) { - - } - } -} diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeMacIntegrityTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeMacIntegrityTest.java deleted file mode 100644 index ed625660..00000000 --- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeMacIntegrityTest.java +++ /dev/null @@ -1,128 +0,0 @@ -/* - * Copyright (C) 2019 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.android.internal.net.ipsec.ike.crypto; - -import static org.junit.Assert.assertArrayEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; - -import android.net.IpSecAlgorithm; -import android.net.ipsec.ike.SaProposal; - -import com.android.internal.net.TestUtils; -import com.android.internal.net.ipsec.ike.message.IkeMessage; -import com.android.internal.net.ipsec.ike.message.IkeSaPayload.IntegrityTransform; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; - -import java.util.Arrays; - -@RunWith(JUnit4.class) -public final class IkeMacIntegrityTest { - private static final String DATA_TO_AUTH_HEX_STRING = - "5f54bf6d8b48e6e1909232b3d1edcb5c2e20230800000001000000ec" - + "230000d0b9132b7bb9f658dfdc648e5017a6322a030c316c" - + "e55f365760d46426ce5cfc78bd1ed9abff63eb9594c1bd58" - + "46de333ecd3ea2b705d18293b130395300ba92a351041345" - + "0a10525cea51b2753b4e92b081fd78d995659a98f742278f" - + "f9b8fd3e21554865c15c79a5134d66b2744966089e416c60" - + "a274e44a9a3f084eb02f3bdce1e7de9de8d9a62773ab563b" - + "9a69ba1db03c752acb6136452b8a86c41addb4210d68c423" - + "efed80e26edca5fa3fe5d0a5ca9375ce332c474b93fb1fa3" - + "59eb4e81"; - private static final String INTEGRITY_KEY_HEX_STRING = - "554fbf5a05b7f511e05a30ce23d874db9ef55e51"; - private static final String CHECKSUM_HEX_STRING = "ae6e0f22abdad69ba8007d50"; - - private IkeMacIntegrity mHmacSha1IntegrityMac; - private byte[] mHmacSha1IntegrityKey; - - private byte[] mDataToAuthenticate; - - @Before - public void setUp() throws Exception { - mHmacSha1IntegrityMac = - IkeMacIntegrity.create( - new IntegrityTransform(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96), - IkeMessage.getSecurityProvider()); - mHmacSha1IntegrityKey = TestUtils.hexStringToByteArray(INTEGRITY_KEY_HEX_STRING); - - mDataToAuthenticate = TestUtils.hexStringToByteArray(DATA_TO_AUTH_HEX_STRING); - } - - @Test - public void testGenerateChecksum() throws Exception { - byte[] calculatedChecksum = - mHmacSha1IntegrityMac.generateChecksum(mHmacSha1IntegrityKey, mDataToAuthenticate); - - byte[] expectedChecksum = TestUtils.hexStringToByteArray(CHECKSUM_HEX_STRING); - assertArrayEquals(expectedChecksum, calculatedChecksum); - } - - @Test - public void testGenerateChecksumWithDifferentKey() throws Exception { - byte[] integrityKey = mHmacSha1IntegrityKey.clone(); - integrityKey[0]++; - - byte[] calculatedChecksum = - mHmacSha1IntegrityMac.generateChecksum(integrityKey, mDataToAuthenticate); - - byte[] expectedChecksum = TestUtils.hexStringToByteArray(CHECKSUM_HEX_STRING); - assertFalse(Arrays.equals(expectedChecksum, calculatedChecksum)); - } - - @Test - public void testGenerateChecksumWithInvalidKey() throws Exception { - byte[] integrityKey = TestUtils.hexStringToByteArray(INTEGRITY_KEY_HEX_STRING + "0000"); - - try { - byte[] calculatedChecksum = - mHmacSha1IntegrityMac.generateChecksum(integrityKey, mDataToAuthenticate); - fail("Expected to fail due to invalid authentication key."); - } catch (IllegalArgumentException expected) { - - } - } - - @Test - public void testBuildIpSecAlgorithm() throws Exception { - IpSecAlgorithm ipsecAlgorithm = - mHmacSha1IntegrityMac.buildIpSecAlgorithmWithKey(mHmacSha1IntegrityKey); - - IpSecAlgorithm expectedIpSecAlgorithm = - new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA1, mHmacSha1IntegrityKey, 96); - - assertTrue(IpSecAlgorithm.equals(expectedIpSecAlgorithm, ipsecAlgorithm)); - } - - @Test - public void buildIpSecAlgorithmWithInvalidKey() throws Exception { - byte[] encryptionKey = TestUtils.hexStringToByteArray(INTEGRITY_KEY_HEX_STRING + "00"); - - try { - mHmacSha1IntegrityMac.buildIpSecAlgorithmWithKey(encryptionKey); - - fail("Expected to fail due to integrity key with wrong length."); - } catch (IllegalArgumentException expected) { - - } - } -} diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeMacPrfTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeMacPrfTest.java deleted file mode 100644 index 717886f7..00000000 --- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeMacPrfTest.java +++ /dev/null @@ -1,187 +0,0 @@ -/* - * Copyright (C) 2019 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.android.internal.net.ipsec.ike.crypto; - -import static org.junit.Assert.assertArrayEquals; -import static org.junit.Assert.assertFalse; - -import android.net.ipsec.ike.SaProposal; - -import com.android.internal.net.TestUtils; -import com.android.internal.net.ipsec.ike.message.IkeMessage; -import com.android.internal.net.ipsec.ike.message.IkeSaPayload.PrfTransform; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; - -import java.util.Arrays; - -@RunWith(JUnit4.class) -public final class IkeMacPrfTest { - - private static final String PRF_KEY_HEX_STRING = "094787780EE466E2CB049FA327B43908BC57E485"; - private static final String DATA_TO_SIGN_HEX_STRING = "010000000a50500d"; - private static final String CALCULATED_MAC_HEX_STRING = - "D83B20CC6A0932B2A7CEF26E4020ABAAB64F0C6A"; - - private static final String IKE_INIT_SPI = "5F54BF6D8B48E6E1"; - private static final String IKE_RESP_SPI = "909232B3D1EDCB5C"; - - private static final String IKE_NONCE_INIT_HEX_STRING = - "C39B7F368F4681B89FA9B7BE6465ABD7C5F68B6ED5D3B4C72CB4240EB5C46412"; - private static final String IKE_NONCE_RESP_HEX_STRING = - "9756112CA539F5C25ABACC7EE92B73091942A9C06950F98848F1AF1694C4DDFF"; - - private static final String IKE_SHARED_DH_KEY_HEX_STRING = - "C14155DEA40056BD9C76FB4819687B7A397582F4CD5AFF4B" - + "8F441C56E0C08C84234147A0BA249A555835A048E3CA2980" - + "7D057A61DD26EEFAD9AF9C01497005E52858E29FB42EB849" - + "6731DF96A11CCE1F51137A9A1B900FA81AEE7898E373D4E4" - + "8B899BBECA091314ECD4B6E412EF4B0FEF798F54735F3180" - + "7424A318287F20E8"; - - private static final String IKE_SKEYSEED_HEX_STRING = - "8C42F3B1F5F81C7BAAC5F33E9A4F01987B2F9657"; - private static final String IKE_SK_D_HEX_STRING = "C86B56EFCF684DCC2877578AEF3137167FE0EBF6"; - private static final String IKE_SK_AUTH_INIT_HEX_STRING = - "554FBF5A05B7F511E05A30CE23D874DB9EF55E51"; - private static final String IKE_SK_AUTH_RESP_HEX_STRING = - "36D83420788337CA32ECAA46892C48808DCD58B1"; - private static final String IKE_SK_ENCR_INIT_HEX_STRING = "5CBFD33F75796C0188C4A3A546AEC4A1"; - private static final String IKE_SK_ENCR_RESP_HEX_STRING = "C33B35FCF29514CD9D8B4A695E1A816E"; - private static final String IKE_SK_PRF_INIT_HEX_STRING = - "094787780EE466E2CB049FA327B43908BC57E485"; - private static final String IKE_SK_PRF_RESP_HEX_STRING = - "A30E6B08BE56C0E6BFF4744143C75219299E1BEB"; - private static final String IKE_KEY_MAT = - IKE_SK_D_HEX_STRING - + IKE_SK_AUTH_INIT_HEX_STRING - + IKE_SK_AUTH_RESP_HEX_STRING - + IKE_SK_ENCR_INIT_HEX_STRING - + IKE_SK_ENCR_RESP_HEX_STRING - + IKE_SK_PRF_INIT_HEX_STRING - + IKE_SK_PRF_RESP_HEX_STRING; - - private static final int IKE_AUTH_ALGO_KEY_LEN = 20; - private static final int IKE_ENCR_ALGO_KEY_LEN = 16; - private static final int IKE_PRF_KEY_LEN = 20; - private static final int IKE_SK_D_KEY_LEN = IKE_PRF_KEY_LEN; - - private static final String FIRST_CHILD_ENCR_INIT_HEX_STRING = - "1B865CEA6E2C23973E8C5452ADC5CD7D"; - private static final String FIRST_CHILD_ENCR_RESP_HEX_STRING = - "5E82FEDACC6DCB0756DDD7553907EBD1"; - private static final String FIRST_CHILD_AUTH_INIT_HEX_STRING = - "A7A5A44F7EF4409657206C7DC52B7E692593B51E"; - private static final String FIRST_CHILD_AUTH_RESP_HEX_STRING = - "CDE612189FD46DE870FAEC04F92B40B0BFDBD9E1"; - private static final String FIRST_CHILD_KEY_MAT = - FIRST_CHILD_ENCR_INIT_HEX_STRING - + FIRST_CHILD_AUTH_INIT_HEX_STRING - + FIRST_CHILD_ENCR_RESP_HEX_STRING - + FIRST_CHILD_AUTH_RESP_HEX_STRING; - - private static final int FIRST_CHILD_AUTH_ALGO_KEY_LEN = 20; - private static final int FIRST_CHILD_ENCR_ALGO_KEY_LEN = 16; - - private IkeMacPrf mIkeHmacSha1Prf; - - @Before - public void setUp() throws Exception { - mIkeHmacSha1Prf = - IkeMacPrf.create( - new PrfTransform(SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1), - IkeMessage.getSecurityProvider()); - } - - @Test - public void testsignBytes() throws Exception { - byte[] skpBytes = TestUtils.hexStringToByteArray(PRF_KEY_HEX_STRING); - byte[] dataBytes = TestUtils.hexStringToByteArray(DATA_TO_SIGN_HEX_STRING); - - byte[] calculatedBytes = mIkeHmacSha1Prf.signBytes(skpBytes, dataBytes); - - byte[] expectedBytes = TestUtils.hexStringToByteArray(CALCULATED_MAC_HEX_STRING); - assertArrayEquals(expectedBytes, calculatedBytes); - } - - @Test - public void testGenerateSKeySeed() throws Exception { - byte[] nonceInit = TestUtils.hexStringToByteArray(IKE_NONCE_INIT_HEX_STRING); - byte[] nonceResp = TestUtils.hexStringToByteArray(IKE_NONCE_RESP_HEX_STRING); - byte[] sharedDhKey = TestUtils.hexStringToByteArray(IKE_SHARED_DH_KEY_HEX_STRING); - - byte[] calculatedSKeySeed = - mIkeHmacSha1Prf.generateSKeySeed(nonceInit, nonceResp, sharedDhKey); - - byte[] expectedSKeySeed = TestUtils.hexStringToByteArray(IKE_SKEYSEED_HEX_STRING); - assertArrayEquals(expectedSKeySeed, calculatedSKeySeed); - } - - @Test - public void testGenerateRekeyedSKeySeed() throws Exception { - byte[] nonceInit = TestUtils.hexStringToByteArray(IKE_NONCE_INIT_HEX_STRING); - byte[] nonceResp = TestUtils.hexStringToByteArray(IKE_NONCE_RESP_HEX_STRING); - byte[] sharedDhKey = TestUtils.hexStringToByteArray(IKE_SHARED_DH_KEY_HEX_STRING); - byte[] old_skd = TestUtils.hexStringToByteArray(IKE_SK_D_HEX_STRING); - - byte[] calculatedSKeySeed = - mIkeHmacSha1Prf.generateRekeyedSKeySeed(old_skd, nonceInit, nonceResp, sharedDhKey); - - // Verify that the new sKeySeed is different. - // TODO: Find actual test vectors to test positive case. - byte[] oldSKeySeed = TestUtils.hexStringToByteArray(IKE_SKEYSEED_HEX_STRING); - assertFalse(Arrays.equals(oldSKeySeed, calculatedSKeySeed)); - } - - @Test - public void testGenerateKeyMatForIke() throws Exception { - byte[] prfKey = TestUtils.hexStringToByteArray(IKE_SKEYSEED_HEX_STRING); - byte[] prfData = - TestUtils.hexStringToByteArray( - IKE_NONCE_INIT_HEX_STRING - + IKE_NONCE_RESP_HEX_STRING - + IKE_INIT_SPI - + IKE_RESP_SPI); - int keyMaterialLen = - IKE_SK_D_KEY_LEN - + IKE_AUTH_ALGO_KEY_LEN * 2 - + IKE_ENCR_ALGO_KEY_LEN * 2 - + IKE_PRF_KEY_LEN * 2; - - byte[] calculatedKeyMat = mIkeHmacSha1Prf.generateKeyMat(prfKey, prfData, keyMaterialLen); - - byte[] expectedKeyMat = TestUtils.hexStringToByteArray(IKE_KEY_MAT); - assertArrayEquals(expectedKeyMat, calculatedKeyMat); - } - - @Test - public void testGenerateKeyMatForFirstChild() throws Exception { - byte[] prfKey = TestUtils.hexStringToByteArray(IKE_SK_D_HEX_STRING); - byte[] prfData = - TestUtils.hexStringToByteArray( - IKE_NONCE_INIT_HEX_STRING + IKE_NONCE_RESP_HEX_STRING); - int keyMaterialLen = FIRST_CHILD_AUTH_ALGO_KEY_LEN * 2 + FIRST_CHILD_ENCR_ALGO_KEY_LEN * 2; - - byte[] calculatedKeyMat = mIkeHmacSha1Prf.generateKeyMat(prfKey, prfData, keyMaterialLen); - - byte[] expectedKeyMat = TestUtils.hexStringToByteArray(FIRST_CHILD_KEY_MAT); - assertArrayEquals(expectedKeyMat, calculatedKeyMat); - } -} diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeNormalModeCipherTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeNormalModeCipherTest.java deleted file mode 100644 index 3f3a0e10..00000000 --- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/crypto/IkeNormalModeCipherTest.java +++ /dev/null @@ -1,164 +0,0 @@ -/* - * Copyright (C) 2019 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.android.internal.net.ipsec.ike.crypto; - -import static org.junit.Assert.assertArrayEquals; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; - -import android.net.IpSecAlgorithm; -import android.net.ipsec.ike.SaProposal; - -import com.android.internal.net.TestUtils; -import com.android.internal.net.ipsec.ike.message.IkeMessage; -import com.android.internal.net.ipsec.ike.message.IkeSaPayload.EncryptionTransform; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; - -import java.util.Arrays; - -import javax.crypto.IllegalBlockSizeException; - -@RunWith(JUnit4.class) -public final class IkeNormalModeCipherTest { - private static final String IKE_AUTH_INIT_REQUEST_IV = "b9132b7bb9f658dfdc648e5017a6322a"; - private static final String IKE_AUTH_INIT_REQUEST_ENCRYPT_PADDED_DATA = - "030c316ce55f365760d46426ce5cfc78bd1ed9abff63eb9594c1bd58" - + "46de333ecd3ea2b705d18293b130395300ba92a351041345" - + "0a10525cea51b2753b4e92b081fd78d995659a98f742278f" - + "f9b8fd3e21554865c15c79a5134d66b2744966089e416c60" - + "a274e44a9a3f084eb02f3bdce1e7de9de8d9a62773ab563b" - + "9a69ba1db03c752acb6136452b8a86c41addb4210d68c423" - + "efed80e26edca5fa3fe5d0a5ca9375ce332c474b93fb1fa3" - + "59eb4e81"; - private static final String IKE_AUTH_INIT_REQUEST_UNENCRYPTED_PADDED_DATA = - "2400000c010000000a50500d2700000c010000000a505050" - + "2100001c02000000df7c038aefaaa32d3f44b228b52a3327" - + "44dfb2c12c00002c00000028010304032ad4c0a20300000c" - + "0100000c800e008003000008030000020000000805000000" - + "2d00001801000000070000100000ffff00000000ffffffff" - + "2900001801000000070000100000ffff00000000ffffffff" - + "29000008000040000000000c000040010000000100000000" - + "000000000000000b"; - - private static final String ENCR_KEY_FROM_INIT_TO_RESP = "5cbfd33f75796c0188c4a3a546aec4a1"; - - private static final int AES_BLOCK_SIZE = 16; - - private IkeNormalModeCipher mAesCbcCipher; - private byte[] mAesCbcKey; - - private byte[] mIv; - private byte[] mEncryptedPaddedData; - private byte[] mUnencryptedPaddedData; - - @Before - public void setUp() throws Exception { - mAesCbcCipher = - (IkeNormalModeCipher) - IkeCipher.create( - new EncryptionTransform( - SaProposal.ENCRYPTION_ALGORITHM_AES_CBC, - SaProposal.KEY_LEN_AES_128), - IkeMessage.getSecurityProvider()); - mAesCbcKey = TestUtils.hexStringToByteArray(ENCR_KEY_FROM_INIT_TO_RESP); - - mIv = TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_IV); - mEncryptedPaddedData = - TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_ENCRYPT_PADDED_DATA); - mUnencryptedPaddedData = - TestUtils.hexStringToByteArray(IKE_AUTH_INIT_REQUEST_UNENCRYPTED_PADDED_DATA); - } - - @Test - public void testBuild() throws Exception { - assertFalse(mAesCbcCipher.isAead()); - assertEquals(AES_BLOCK_SIZE, mAesCbcCipher.getBlockSize()); - assertEquals(AES_BLOCK_SIZE, mAesCbcCipher.generateIv().length); - } - - @Test - public void testGenerateRandomIv() throws Exception { - assertFalse(Arrays.equals(mAesCbcCipher.generateIv(), mAesCbcCipher.generateIv())); - } - - @Test - public void testEncryptWithNormalCipher() throws Exception { - byte[] calculatedData = mAesCbcCipher.encrypt(mUnencryptedPaddedData, mAesCbcKey, mIv); - - assertArrayEquals(mEncryptedPaddedData, calculatedData); - } - - @Test - public void testDecryptWithNormalCipher() throws Exception { - byte[] calculatedData = mAesCbcCipher.decrypt(mEncryptedPaddedData, mAesCbcKey, mIv); - assertArrayEquals(mUnencryptedPaddedData, calculatedData); - } - - @Test - public void testEncryptWithWrongKey() throws Exception { - byte[] encryptionKey = TestUtils.hexStringToByteArray(ENCR_KEY_FROM_INIT_TO_RESP + "00"); - - try { - mAesCbcCipher.encrypt(mEncryptedPaddedData, encryptionKey, mIv); - fail("Expected to fail due to encryption key with wrong length."); - } catch (IllegalArgumentException expected) { - - } - } - - @Test - public void testDecryptWithNormalCipherWithBadPad() throws Exception { - byte[] dataToDecrypt = - TestUtils.hexStringToByteArray( - IKE_AUTH_INIT_REQUEST_UNENCRYPTED_PADDED_DATA + "00"); - try { - mAesCbcCipher.decrypt(dataToDecrypt, mAesCbcKey, mIv); - fail("Expected to fail when try to decrypt data with bad padding"); - } catch (IllegalBlockSizeException expected) { - - } - } - - @Test - public void testBuildIpSecAlgorithm() throws Exception { - IpSecAlgorithm ipsecAlgorithm = mAesCbcCipher.buildIpSecAlgorithmWithKey(mAesCbcKey); - - IpSecAlgorithm expectedIpSecAlgorithm = - new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, mAesCbcKey); - - assertTrue(IpSecAlgorithm.equals(expectedIpSecAlgorithm, ipsecAlgorithm)); - } - - @Test - public void buildIpSecAlgorithmWithInvalidKey() throws Exception { - byte[] encryptionKey = TestUtils.hexStringToByteArray(ENCR_KEY_FROM_INIT_TO_RESP + "00"); - - try { - mAesCbcCipher.buildIpSecAlgorithmWithKey(encryptionKey); - - fail("Expected to fail due to encryption key with wrong length."); - } catch (IllegalArgumentException expected) { - - } - } -} |