Age | Commit message (Collapse) | Author |
|
EAP-AKA' defines AT_BIDDING in RFC 5448#4 for use by EAP-AKA to prevent
bidding down attacks. This attribute is defined in
EapAkaAttributeFactory as it will be received in the EAP-AKA protocol
(not during EAP-AKA').
Bug: 142663198
Test: added AtBiddingTest.
Test: atest FrameworksIkeTests
Change-Id: Ib9f2befab1c4338f30b0dfa28905be32a703084e
|
|
|
|
|
|
|
|
* changes:
Implement KEY ID type of IKE Identification
Implement RFC 822 Address Identification
Refactor IkeIdentification
|
|
|
|
* changes:
Implement Config Attribute for DHCPv4 server
Add interfaces for requesting DNS server and subnet
Refactor IkeConfigPayload
|
|
This commit:
- Creates a new class that represents KEY ID
- Supports decoding ID payload using KEY ID
- Adds tests to verify decoding and encoding
Bug: 142139930
Test: atest FrameworksIkeTests(all tests passed)
Change-Id: I35c9c6509fd82df75ced7f5382d0a7ff6a90266a
|
|
Bug: 142663198
Test: added AtKdfTest.
Test: atest FrameworksIkeTests
Change-Id: I6b9f6e1fe98c10f4a20f1525409a8340ccfaebdf
|
|
EAP-AKA' needs an attribute factory to be used for decoding EAP-AKA'
specific attributes. The AT_KDF_INPUT attribute is also defined per RFC
5448#3.1.
Bug: 142663198
Test: added AtKdfInputTest.
Test: atest FrameworksIkeTests
Change-Id: I285d4151cd8b1dc3ec592b2ff14e1b0d549af8e5
|
|
|
|
This commit:
- Creates IkeSessionConfiguration interface
- Passes IkeSessionConfiguration to IkeSessionCallback
Bug: 140644755
Test: atest FramworksIkeTests(all passed)
Change-Id: Id31a9e01f608c1408bb9cae2c1b0b5bae4e42dc5
|
|
This class:
- Creates a new class that represents RFC822 address IKE
Identification
- Supports decoding ID payload with this ID type
- Adds tests for decoding and encoding
Bug: 142139930
Test: atest FrameworksIkeTests(all tests passed)
Change-Id: Ied38696ae658a998383f8321e1fba22ecadf3a4c
|
|
This commit moves all subclasses of IkeIdentification to separate
files.
Bug: 142139930
Test: atest FrameworksIkeTests(all tests passed)
Change-Id: Ic89a432df601f851345371c8dda4df6ebd24addf
|
|
* changes:
Fix bug in IKE fragment authentication
Decrypt IKE message with AEAD
Support AEAD decryption and encryption
|
|
|
|
Bug: 140644912
Test: atest FrameworksIkeTests(new tests added)
Change-Id: I63d76d2863382d3b992092cb7cae90fab8066f2e
|
|
This commit allows users to add requests for DNS server
and internal subnet when negotiating tunnel mode Child Session.
Bug: 140644654
Test: atest FrameworksIkeTests(all tests passed)
Change-Id: I02ac09c7958c90d1f0c9d6d4c6a692aa5bb9c3c1
|
|
This commit:
- Adds support for constructing an DNS attribute with specific
DNS server address
- Removes constructors that construct IPv4 and IPv6 subnet
attribute with specific address and related tests
- Makes construtors for inbound config attributes package private
Bug: 140644912
Test: atest FrameworksIkeTests(new tests added)
Change-Id: I7da5e6c5747b3da32eeda51e00f3010931c044f6
|
|
Bug: 122676270
Test: atest FrameworksIkeTests(new tests added)
Change-Id: Ic2d97c36bf261d5dd7eff3e2088d027649ea38c3
|
|
This commit fixes the bug in generating checksum of an outbound
IKE fragment, which is caused by omitting the fragment header.
Bug: 142504816
Test: atest FrameworksIkeTests(new tests added)
Change-Id: I285f1590bdb5ea371f382ce2a310c426c8c6aadc
|
|
Bug: 122676270
Test: atest FrameworksIkeTests(new tests added)
Change-Id: I3e3106644fe178e6f6be88631d6fc267dd4228f5
|
|
Bug: 122676479
Test: atest FrameworksIkeTests(new tests added)
Change-Id: I149c69e2eb139b3ca3be063f81ad47ec68735332
|
|
When running the EAP-AKA authentication algorithm on the UICC, the AUTN
value may be rejected by the UICC. The peer needs to return an
EAP-Response/AKA-Authentication-Reject message to the server. When this
situation occurs, TelephonyManager#getIccAuthentication will return
null, which triggers an EapSimAkaAuthenticationFailureException to be
thrown in EapSimAkaMethodStateMachine#processUiccAuthentication.
Bug: 142552679
Test: tests added in EapAkaTest and EapAkaChallengeStateTest.
Test: atest FrameworksIkeTests
Change-Id: I93b97ba11473380f882b1d3ab57ac0bdd6f4001b
|
|
This commit adds support to request internal address and return
the address to users through callback
Bug: 140644912
Test: atest FrameworksIkeTests(new tests added)
Change-Id: I116519381c3fb06bc513546bb3bba704f643f508
|
|
|
|
Each EAP method has end-to-end testing for making sure that unsupported
EAP methods are NAK'd. The tests then verify that a happy-path
authentication procedure is possible following the NAK.
EAP-Failure message handling is also refactored to avoid redundant
implementations for it.
Bug: 141880296
Test: atest FrameworksIkeTests
Change-Id: Ibea4fdb796d63a124d59dc88d9de72541ad61317
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This commit makes IkeCipher abstract and create IkeNormalModeCipher
and IkeCombinedModeCipher that represents different modes encryption
algorithms
Bug: 122676479
Test: atest FrameworksIkeTests(all tests passed)
Change-Id: I64d1836898ec4f2b04fe24e130d8ff41d8f7c119
|
|
Bug: 122685769
Test: atest FrameworksIkeTests(new tests passed)
Change-Id: Icadb710f4728d86515413f47b5f9367661a691c3
|
|
* changes:
Decode and validate configure payload
Create ChildSessionConfiguration
|
|
* changes:
Authenticate remote side using digital signature
Validate received digital signature
Validate received certificates
|
|
* changes:
Support configuring internal address requests
Refactor ChildSessionOptions
Refactor SaProposal
|
|
EAP-AKA type data decoding testing is supplemented with a
test using unknown, skippable attributes.
Bug: 142279431
Test: added test case to EapAkaTypeDataTest.
Test: atest FrameworksIkeTests
Change-Id: I39f40e20de5e363961d0e03d1ad5e1cc76afa42c
|
|
When the method-specific identity is not requested in EAP-SIM/AKA, the
EAP-Identity value must be used for computing the MSK and EMSK (RFC
4186#7, RFC 4187#7). This is done by setting the default identity in
both method state machines to be the EAP-Identity, such that any
identity requests in the methods will override the EAP-Identity.
Bug: 140173530
Test: atest FrameworksIkeTests
Change-Id: I34e88780fc48fe8e83a2c909b4616a929485296f
|
|
Each EAP method implements its own verification testing for the proper
handling of EAP-Success messages. This can be moved to the
EapMethodEndToEndTest class with parameterized MSK and EMSK.
Bug: 141880296
Test: atest FrameworksIkeTests
Change-Id: I76cb3a5de6749b8cec8d18c44ef69450fbb119c8
|
|
EAP MSCHAPv2 converts the username and user password to their byte[]
representations in its authentication procedures. These conversions
should use the Java-defined StandardCharsets for specifying how to
format the byte[] representations.
Bug: 142065239
Test: atest FrameworksIkeTests
Change-Id: Ic532236f56b6d5c9f07fee4c3360ec8f683fd768
|
|
The EAP library currently has some logging. It is standardized and
improved so that more error cases are logged.
Bug: 141989627
Test: atest FrameworksIkeTests
Change-Id: I742a6183c277a80690df4cc96b6faae9cb3560ae
|
|
Bug: 140644755
Test: atest FramworksIkeTests(new tests added)
Change-Id: I410191180ea009a0e0bd07d839614e20102af61d
|
|
Bug: 140644654
Test: atest FrameworksIkeTests(new tests added)
Change-Id: I650b5add045a56888f6e49c3e94efb63e356c3f9
|
|
EAP-SIM and EAP-AKA both use Type Data constructors for constructing
their responses that take the int eapSubtype and a List<Attribute>.
These values need to be validated, as this will help catch
implementation errors if they are used incorrectly within the EAP
library implementation.
Bug: 139805493
Test: added test cases to EapAkaTypeDataTest and EapSimTypeDataTest.
Test: atest FrameworksIkeTests
Change-Id: I346cd756f9afab75450ef9228733bedac21f121e
|
|
Bug: 140644654
Test: atest FrameworksIkeTests(new tests added)
Change-Id: I124575be73dc73381fe38c72beceb3176777807c
|
|
This commit creates separate classes for transport and tunnel
mode ChildSessionOptions and make ChildSessionOptions abstract
Bug: 140644654
Test: atest FrameworksIkeTests(all tests passed)
Change-Id: I6822568301be5dbc91f138cf242d264a200461ba
|
|
Make SaProposal abstract and create subclasses IkeSaProposal and
ChildProposal for IKE and Child negotiation separately.
Bug: 142139930
Test: atest FrameworksIkeTests(all passed)
Change-Id: I3bb7ad679228ff6f88e42b18a80ecc9db0576e3e
|
|
Bug: 124233517
Test: atest FrameworksIkeTests(new tests passed)
Change-Id: Icf0f64a69b3349967ccd59ae52ecbdb4dd7b4e58
|