diff options
Diffstat (limited to 'tests/iketests/src/java/com/android/ike/ikev2/message/IkeAuthPayloadTest.java')
-rw-r--r-- | tests/iketests/src/java/com/android/ike/ikev2/message/IkeAuthPayloadTest.java | 133 |
1 files changed, 133 insertions, 0 deletions
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/message/IkeAuthPayloadTest.java b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeAuthPayloadTest.java new file mode 100644 index 00000000..7c630b76 --- /dev/null +++ b/tests/iketests/src/java/com/android/ike/ikev2/message/IkeAuthPayloadTest.java @@ -0,0 +1,133 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.ike.ikev2.message; + +import static org.junit.Assert.assertArrayEquals; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; + +import org.junit.Test; + +import javax.crypto.Mac; + +public final class IkeAuthPayloadTest { + private static final String PSK_AUTH_PAYLOAD_HEX_STRING = + "02000000df7c038aefaaa32d3f44b228b52a332744dfb2c1"; + private static final String PSK_AUTH_PAYLOAD_SIGNATURE_HEX_STRING = + "df7c038aefaaa32d3f44b228b52a332744dfb2c1"; + private static final String PSK_ID_PAYLOAD_HEX_STRING = "010000000a50500d"; + private static final String PSK_SKP_HEX_STRING = "094787780EE466E2CB049FA327B43908BC57E485"; + private static final String PSK_SIGNED_OCTETS_APPENDIX_HEX_STRING = + "D83B20CC6A0932B2A7CEF26E4020ABAAB64F0C6A"; + private static final String PSK_IKE_INIT_REQUEST_HEX_STRING = + "5f54bf6d8b48e6e1000000000000000021202208" + + "0000000000000150220000300000002c01010004" + + "0300000c0100000c800e00800300000803000002" + + "0300000804000002000000080200000228000088" + + "00020000b4a2faf4bb54878ae21d638512ece55d" + + "9236fc5046ab6cef82220f421f3ce6361faf3656" + + "4ecb6d28798a94aad7b2b4b603ddeaaa5630adb9" + + "ece8ac37534036040610ebdd92f46bef84f0be7d" + + "b860351843858f8acf87056e272377f70c9f2d81" + + "e29c7b0ce4f291a3a72476bb0b278fd4b7b0a4c2" + + "6bbeb08214c707137607958729000024c39b7f36" + + "8f4681b89fa9b7be6465abd7c5f68b6ed5d3b4c7" + + "2cb4240eb5c464122900001c00004004e54f73b7" + + "d83f6beb881eab2051d8663f421d10b02b00001c" + + "00004005d915368ca036004cb578ae3e3fb26850" + + "9aeab19000000020699369228741c6d4ca094c93" + + "e242c9de19e7b7c60000000500000500"; + private static final String PSK_NONCE_RESP_HEX_STRING = + "9756112ca539f5c25abacc7ee92b73091942a9c06950f98848f1af1694c4ddff"; + private static final String PSK_INIT_SIGNED_OCTETS = + "5F54BF6D8B48E6E1000000000000000021202208" + + "0000000000000150220000300000002C01010004" + + "0300000C0100000C800E00800300000803000002" + + "0300000804000002000000080200000228000088" + + "00020000B4A2FAF4BB54878AE21D638512ECE55D" + + "9236FC5046AB6CEF82220F421F3CE6361FAF3656" + + "4ECB6D28798A94AAD7B2B4B603DDEAAA5630ADB9" + + "ECE8AC37534036040610EBDD92F46BEF84F0BE7D" + + "B860351843858F8ACF87056E272377F70C9F2D81" + + "E29C7B0CE4F291A3A72476BB0B278FD4B7B0A4C2" + + "6BBEB08214C707137607958729000024C39B7F36" + + "8F4681B89FA9B7BE6465ABD7C5F68B6ED5D3B4C7" + + "2CB4240EB5C464122900001C00004004E54F73B7" + + "D83F6BEB881EAB2051D8663F421D10B02B00001C" + + "00004005D915368CA036004CB578AE3E3FB26850" + + "9AEAB19000000020699369228741C6D4CA094C93" + + "E242C9DE19E7B7C600000005000005009756112C" + + "A539F5C25ABACC7EE92B73091942A9C06950F988" + + "48F1AF1694C4DDFFD83B20CC6A0932B2A7CEF26E" + + "4020ABAAB64F0C6A"; + + private static final int AUTH_METHOD_POSITION = 0; + + private static final String PRF_HMAC_SHA1_ALGO_NAME = "HmacSHA1"; + + @Test + public void testDecodeIkeAuthPayload() throws Exception { + byte[] inputPacket = TestUtils.hexStringToByteArray(PSK_AUTH_PAYLOAD_HEX_STRING); + IkeAuthPayload payload = IkeAuthPayload.getIkeAuthPayload(false, inputPacket); + + assertEquals(IkeAuthPayload.AUTH_METHOD_PRE_SHARED_KEY, payload.authMethod); + assertTrue(payload instanceof IkeAuthPskPayload); + + byte[] expectedSignature = + TestUtils.hexStringToByteArray(PSK_AUTH_PAYLOAD_SIGNATURE_HEX_STRING); + assertArrayEquals(expectedSignature, ((IkeAuthPskPayload) payload).signature); + } + + @Test + public void testDecodeIkeAuthPayloadWithUnsupportedMethod() throws Exception { + byte[] inputPacket = TestUtils.hexStringToByteArray(PSK_AUTH_PAYLOAD_HEX_STRING); + inputPacket[AUTH_METHOD_POSITION] = 0; + try { + IkeAuthPayload payload = IkeAuthPayload.getIkeAuthPayload(false, inputPacket); + fail("Expected Exception: authentication method is not supported"); + } catch (UnsupportedOperationException e) { + // TODO: Catch AuthenticationFailedException after it is implemented. + } + } + + @Test + public void testSignWithPrf() throws Exception { + Mac prfMac = Mac.getInstance(PRF_HMAC_SHA1_ALGO_NAME, IkeMessage.getSecurityProvider()); + byte[] skpBytes = TestUtils.hexStringToByteArray(PSK_SKP_HEX_STRING); + byte[] idBytes = TestUtils.hexStringToByteArray(PSK_ID_PAYLOAD_HEX_STRING); + byte[] calculatedBytes = IkeAuthPayload.signWithPrf(prfMac, skpBytes, idBytes); + + byte[] expectedBytes = + TestUtils.hexStringToByteArray(PSK_SIGNED_OCTETS_APPENDIX_HEX_STRING); + assertArrayEquals(expectedBytes, calculatedBytes); + } + + @Test + public void testGetSignedOctets() throws Exception { + Mac prfMac = Mac.getInstance(PRF_HMAC_SHA1_ALGO_NAME, IkeMessage.getSecurityProvider()); + byte[] skpBytes = TestUtils.hexStringToByteArray(PSK_SKP_HEX_STRING); + byte[] idBytes = TestUtils.hexStringToByteArray(PSK_ID_PAYLOAD_HEX_STRING); + byte[] ikeInitRequest = TestUtils.hexStringToByteArray(PSK_IKE_INIT_REQUEST_HEX_STRING); + byte[] nonceResp = TestUtils.hexStringToByteArray(PSK_NONCE_RESP_HEX_STRING); + + byte[] calculatedBytes = + IkeAuthPayload.getSignedOctets( + ikeInitRequest, nonceResp, idBytes, prfMac, skpBytes); + byte[] expectedBytes = TestUtils.hexStringToByteArray(PSK_INIT_SIGNED_OCTETS); + } +} |