aboutsummaryrefslogtreecommitdiff
path: root/tests/iketests/src
AgeCommit message (Collapse)Author
2019-11-07Move API and impl to separate packagesevitayan
This commit - Moves API and implementation to separate packages so that later we can expose the API package only. - Also moves tests accordingly Bug: 143983419 Test: atest FrameworksIkeTests(all tests passed) Change-Id: I53cf15caefb09aabaeefd0167d8daeb23e5e571f
2019-11-07Make methods public for separating API and Implevitayan
This commit makes several methods from package private to public so that later we can separate API and Impl to different packages Bug: 143983419 Test: atest FrameworksIkeTests(all tests passed) Change-Id: Ie08b5ab6bdf8b27a523a4b6f28a83bbf2b02bbe0
2019-11-05Merge "Add end-to-end testing for EAP-AKA'."Cody Kesting
2019-11-01Merge "Support setting auth method to digital signature"Yan Yan
2019-10-31Support setting auth method to digital signatureevitayan
This commit adds interface to configure AUTH method to digital signature. Bug: 142139930 Test: atest FrameworksIkeTests(new tests added) Change-Id: I6d499ac6c1cdf01c64891d855405b29518ea86d0
2019-10-31Merge "Check for bidding down attack in EAP-AKA."Cody Kesting
2019-10-31Merge "Provide whether EAP-AKA' is supported to EAP-AKA."Cody Kesting
2019-10-31Add end-to-end testing for EAP-AKA'.Cody Kesting
Bug: 142667016 Test: added EapAkaPrimeTest. Test: atest FrameworksIkeTests Change-Id: I068f091497de88b031c541b3fb677b997451a111
2019-10-31Merge "Adding interface for requesting DHCPv4 server"Yan Yan
2019-10-29Check for bidding down attack in EAP-AKA.Cody Kesting
EAP-AKA' specifies the use of AT_BIDDING in EAP-AKA as a means to prevent bidding down attacks from EAP-AKA' to EAP-AKA (RFC 5448#4). To do so, the EapAkaMethodStateMachine must check for this attribute and whether EAP-AKA' is supported after successfully authenticating the server. If the server specifies that EAP-AKA' is supported, an Authentication-Reject response is sent to the server. Bug: 142742437 Test: added test case to EapAkaChallengeStateTest. Test: atest FrameworksIkeTests Change-Id: I859449c7f537ffe81d7d30c181008430abadbc96
2019-10-29Provide whether EAP-AKA' is supported to EAP-AKA.Cody Kesting
EAP-AKA' specifies the use of the AT_BIDDING attribute to prevent EAP-AKA' sessions from being downgraded to use EAP-AKA by a man-in-the-middle attack. Supporting this feature in the EAP-AKA state machine requires the state machine to know whether EAP-AKA' is supported by the peer. An additional constructor is added to EapAkaMethodStateMachine and used by the EapStateMachine so that EAP-AKA can check for bidding down attacks. Bug: 142742437 Test: atest FrameworksIkeTests Change-Id: Ife3ec6024644521f8de80bd095db884548ffe22d
2019-10-29Override MAC algorithm name for EAP-AKA'.Cody Kesting
EAP-AKA' requires the use of HMAC-SHA-256 for computing MACs on messages. To achieve this, the default behavior for EAP-SIM/AKA needs to be overwritten so that the correct MAC algorithm is used. Bug: 142668075 Test: added test case to EapAkaPrimeMethodStateMachineTest. Test: atest FrameworksIkeTests Change-Id: I33e91c4f0ae9fcd6db22e6055d42d5dab53c8297
2019-10-29Override key generation for EAP-AKA'.Cody Kesting
EAP-AKA's ChallengeState defines generateAndPersistEapAkaKeys() for generating and persisting keys as defined by EAP-AKA. EAP-AKA' needs to override this behavior to derive keys as required by the EAP-AKA' standard. This requires the use of HMAC-SHA-256 and the IKEv2 prf+ function. Bug: 142668075 Test: added test to EApAkaPrimeChallegeStateTest. Test: atest FrameworksIkeTests Change-Id: I5213a133e3429eb83199db7a9d8c70de36710b06
2019-10-29Make key lengths overridable for EAP-SIM/AKA.Cody Kesting
Both EAP-SIM and EAP-AKA have the same key lengths: K_encr and K_aut are both 16B, and MSK and EMSK are both 64B. However, EAP-AKA' uses K_aut keys with a length of 32B. Bug: 142968025 Bug: 142668075 Test: added test to EapSimAkaMethodStateMachineTest. Test: atest FrameworksIkeTests Change-Id: I1570f7823a42bce78da3aa9e4d10e3ba0a0eeddd
2019-10-29Implement HMAC-SHA-256 ByteSigner for EAP-AKA'.Cody Kesting
In order to generate the MK for an EAP-AKA' session, EAP-AKA' requires the use of an HMAC-SHA-256 algorithm to sign data as part of the IkeMacPrf function. This implements a thin wrapper around the javax.crypto.Mac implementation of the HMAC-SHA-256 algorithm. Bug: 142668075 Test: added HmacSha256ByteSignerTest. Test: atest FrameworksIkeTests Change-Id: I352b8f1317e46b1fbfb2bdb56e254ac9a340a063
2019-10-29Create CK' and IK' for EAP-AKA'.Cody Kesting
EAP-AKA' requires the use of CK' and IK' instead of using CK and IK directly as done in EAP-AKA. To convert them, the data is formatted as defined in TS 133 402 Annex A.2 and fed into the key derivation function KDF as defined in TS 133 220 Annex B.2. Bug: 142668075 Test: added test case to EapAkaPrimeChallengeStateTest. Test: atest FrameworksIkeTests Change-Id: I80b384aa3baf4a09db4bc37aebb5c9e4de3d8b90
2019-10-29Implement attribute checking for EAP-AKA'.Cody Kesting
EAP-AKA' requires additional attribute checking on top of that done by EAP-AKA. EAP-AKA' also requires AT_KDF and AT_KDF_INPUT attributes. The AT_KDF_INPUT attribute must contain a network name that matches the peer's known network name. The KDF specified by the server must be supported by the peer. Bug: 142668075 Test: added test cases to EapAkaPrimeChallengeStateTest. Test: atest FrameworksIkeTests Change-Id: I4ca1a803cae81dd821ef259dbebedc9f4b5b363e
2019-10-24Adding interface for requesting DHCPv4 serverevitayan
Bug: 140644654 Test: atest FrameworksIkeTests(all tests passed) Change-Id: Ib62e7060f3a113d7e39b0599e9720b4e88d78f28
2019-10-24Merge "Rename ChildCallback and IkeCallback"Yan Yan
2019-10-24Merge "Set server address and UDP encap socket via setters"Yan Yan
2019-10-23Set server address and UDP encap socket via settersevitayan
This commit passes server address and UDP encap socket to IkeSessionOptions.Builder via setters instead of constructor Bug: 142139930 Test: atest FrameworksIkeTests(all tests passed) Change-Id: I60b30eef022e01ae010eb2f9cfe67e09aa01ac04
2019-10-23Rename ChildCallback and IkeCallbackevitayan
This commit: - Renames IChildSessionCallback and IIkeSessionCallback - Renames #onError and #onInfo Bug: 142139930 Test: atest FrameworksIkeTests(all tests passed) Change-Id: If6e5dbe2273820e73ddcf73331341359d1f5b41c
2019-10-23Add EAP-AKA' config for checking network names.Cody Kesting
EAP-AKA' requires checking network names as part of using KDF 1. However, it recommends allowing for a user policy to ignore mismatched network names (RFC 5448#3.1). Bug: 142805103 Test: added test case to EapSessionConfigTest. Test: atest FrameworksIkeTests Change-Id: I0c7b2dd01f68360a9e2fc8ef63b9b530036ada64
2019-10-23Define skeleton ChallengeState for EAP-AKA'.Cody Kesting
Bug: 142668075 Test: updated EapAkaPrimeCreatedStateTest. Test: updated EapAkaPrimeIdentityStateTest. Test: added EapAkaPrimeChallengeStateTest. Test: atest FrameworksIkeTests Change-Id: I7b36c48859ca0c665736f8c7ece6eff25dc1a888
2019-10-23Add test for IdentityState for EAP-AKA'.Cody Kesting
EAP-AKA' utilizes the IdentityState from EAP-AKA. Tests need to be added to ensure that functionality for the IdentityState and its transitions to the ChallengeState are preserved. Bug: 142668075 Test: added EapAkaPrimeIdentityStateTest. Test: atest FrameworksIkeTests Change-Id: I96c08a44e3bed76c85196af7796757d67ae8d09b
2019-10-23Add test for CreatedState for EAP-AKA'.Cody Kesting
EAP-AKA' utilizes the CreatedState from EAP-AKA. Tests need to be added to ensure that functionality for the CreatedState and its transitions to the IdentityState and ChallengeState are preserved. Bug: 142668075 Test: added EapAkaPrimteStateTest and EapAkaPrimeCreatedStateTest. Test: atest FrameworksIkeTests Change-Id: I5331ecff8dc29ebcbcc9b88e328cde4847aa416f
2019-10-23Define skeleton state machine for EAP-AKA'.Cody Kesting
Create skeleton method state machine for EAP-AKA'. Because much of the behavior will depend on the EAP-AKA method state machine, EapAkaPrimeMethodStateMachine extends the EapAkaMethodStateMachine. Bug: 142665199 Test: added test case to MethodStateTest. Test: added EapAkaPrimeMethodStateMachineTest. Test: atest FrameworksIkeTests Change-Id: I0a721e22ee5761f2b35dc4de240f6cc431b2c5bc
2019-10-23Implement EAP Session Configs for EAP-AKA'.Cody Kesting
Bug: 142805103 Test: added EapSessionConfigTest. Test: atest FrameworksIkeTests Change-Id: I8f1c08df9feb4d4ac9c26494430e4315c543961a
2019-10-23Define EapAkaPrimeTypeData for EAP-AKA'.Cody Kesting
EAP-AKA' requires a separate AttributeFactory from EAP-AKA, so a separate Type Data is defined. EapAkaPrimeTypeData requires TypeData decoding for AT_KDF_INPUT, AT_KDF, and AT_BIDDING attributes. Note that the EAP-AKA' specifies that multiple AT_KDF attributes can be sent to the peer from the server. However, only 1 KDF (using CK' and IK') is specified at this time. Because of this, we return an AtClientError attribute if multiple KDF values are sent in the EAP-Request/AKA'/Challenge message. Bug: 142666520 Test: added test EapAkaPrimeTypeDataTest. Test: atest FrameworksIkeTests Change-Id: I82b7c7ee2aec307f74dc50da7b34ae8f12d20c8c
2019-10-23Implement AT_BIDDING for EAP-AKA'.Cody Kesting
EAP-AKA' defines AT_BIDDING in RFC 5448#4 for use by EAP-AKA to prevent bidding down attacks. This attribute is defined in EapAkaAttributeFactory as it will be received in the EAP-AKA protocol (not during EAP-AKA'). Bug: 142663198 Test: added AtBiddingTest. Test: atest FrameworksIkeTests Change-Id: Ib9f2befab1c4338f30b0dfa28905be32a703084e
2019-10-23Merge "Define EAP_AT_KDF attribute for EAP-AKA'."Cody Kesting
2019-10-23Merge "Create EAP-AKA' Attribute Factory and AT_KDF_INPUT."Cody Kesting
2019-10-22Merge "Create interface of IkeSessionConfiguration"Yan Yan
2019-10-22Merge changes I35c9c650,Ied38696a,Ic89a432dYan Yan
* changes: Implement KEY ID type of IKE Identification Implement RFC 822 Address Identification Refactor IkeIdentification
2019-10-22Merge "Encrypt IKE message with AEAD"Yan Yan
2019-10-22Merge changes I63d76d28,I02ac09c7,I7da5e6c5Yan Yan
* changes: Implement Config Attribute for DHCPv4 server Add interfaces for requesting DNS server and subnet Refactor IkeConfigPayload
2019-10-22Implement KEY ID type of IKE Identificationevitayan
This commit: - Creates a new class that represents KEY ID - Supports decoding ID payload using KEY ID - Adds tests to verify decoding and encoding Bug: 142139930 Test: atest FrameworksIkeTests(all tests passed) Change-Id: I35c9c6509fd82df75ced7f5382d0a7ff6a90266a
2019-10-19Define EAP_AT_KDF attribute for EAP-AKA'.Cody Kesting
Bug: 142663198 Test: added AtKdfTest. Test: atest FrameworksIkeTests Change-Id: I6b9f6e1fe98c10f4a20f1525409a8340ccfaebdf
2019-10-19Create EAP-AKA' Attribute Factory and AT_KDF_INPUT.Cody Kesting
EAP-AKA' needs an attribute factory to be used for decoding EAP-AKA' specific attributes. The AT_KDF_INPUT attribute is also defined per RFC 5448#3.1. Bug: 142663198 Test: added AtKdfInputTest. Test: atest FrameworksIkeTests Change-Id: I285d4151cd8b1dc3ec592b2ff14e1b0d549af8e5
2019-10-19Merge "Generate digital signature for outbound packet"Yan Yan
2019-10-18Create interface of IkeSessionConfigurationevitayan
This commit: - Creates IkeSessionConfiguration interface - Passes IkeSessionConfiguration to IkeSessionCallback Bug: 140644755 Test: atest FramworksIkeTests(all passed) Change-Id: Id31a9e01f608c1408bb9cae2c1b0b5bae4e42dc5
2019-10-18Implement RFC 822 Address Identificationevitayan
This class: - Creates a new class that represents RFC822 address IKE Identification - Supports decoding ID payload with this ID type - Adds tests for decoding and encoding Bug: 142139930 Test: atest FrameworksIkeTests(all tests passed) Change-Id: Ied38696ae658a998383f8321e1fba22ecadf3a4c
2019-10-18Refactor IkeIdentificationevitayan
This commit moves all subclasses of IkeIdentification to separate files. Bug: 142139930 Test: atest FrameworksIkeTests(all tests passed) Change-Id: Ic89a432df601f851345371c8dda4df6ebd24addf
2019-10-18Merge changes I285f1590,I3e310664,I149c69e2Yan Yan
* changes: Fix bug in IKE fragment authentication Decrypt IKE message with AEAD Support AEAD decryption and encryption
2019-10-18Merge "Support requesting internal addresses"Yan Yan
2019-10-17Implement Config Attribute for DHCPv4 serverevitayan
Bug: 140644912 Test: atest FrameworksIkeTests(new tests added) Change-Id: I63d76d2863382d3b992092cb7cae90fab8066f2e
2019-10-17Add interfaces for requesting DNS server and subnetevitayan
This commit allows users to add requests for DNS server and internal subnet when negotiating tunnel mode Child Session. Bug: 140644654 Test: atest FrameworksIkeTests(all tests passed) Change-Id: I02ac09c7958c90d1f0c9d6d4c6a692aa5bb9c3c1
2019-10-17Refactor IkeConfigPayloadevitayan
This commit: - Adds support for constructing an DNS attribute with specific DNS server address - Removes constructors that construct IPv4 and IPv6 subnet attribute with specific address and related tests - Makes construtors for inbound config attributes package private Bug: 140644912 Test: atest FrameworksIkeTests(new tests added) Change-Id: I7da5e6c5747b3da32eeda51e00f3010931c044f6
2019-10-17Encrypt IKE message with AEADevitayan
Bug: 122676270 Test: atest FrameworksIkeTests(new tests added) Change-Id: Ic2d97c36bf261d5dd7eff3e2088d027649ea38c3
2019-10-17Fix bug in IKE fragment authenticationevitayan
This commit fixes the bug in generating checksum of an outbound IKE fragment, which is caused by omitting the fragment header. Bug: 142504816 Test: atest FrameworksIkeTests(new tests added) Change-Id: I285f1590bdb5ea371f382ce2a310c426c8c6aadc
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-02 16:08:16 +0000