diff options
Diffstat (limited to 'tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java')
-rw-r--r-- | tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java | 351 |
1 files changed, 351 insertions, 0 deletions
diff --git a/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java b/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java new file mode 100644 index 00000000..7f40d729 --- /dev/null +++ b/tests/iketests/src/java/com/android/ike/ikev2/SaProposalTest.java @@ -0,0 +1,351 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.ike.ikev2; + +import static org.junit.Assert.assertArrayEquals; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; + +import com.android.ike.ikev2.SaProposal.Builder; +import com.android.ike.ikev2.message.IkePayload; +import com.android.ike.ikev2.message.IkeSaPayload.DhGroupTransform; +import com.android.ike.ikev2.message.IkeSaPayload.EncryptionTransform; +import com.android.ike.ikev2.message.IkeSaPayload.IntegrityTransform; +import com.android.ike.ikev2.message.IkeSaPayload.PrfTransform; +import com.android.ike.ikev2.message.IkeSaPayload.Transform; + +import org.junit.Test; + +public final class SaProposalTest { + private final EncryptionTransform mEncryption3DesTransform; + private final EncryptionTransform mEncryptionAesGcm8Transform; + private final EncryptionTransform mEncryptionAesGcm12Transform; + private final IntegrityTransform mIntegrityHmacSha1Transform; + private final IntegrityTransform mIntegrityNoneTransform; + private final PrfTransform mPrfAes128XCbcTransform; + private final DhGroupTransform mDhGroup1024Transform; + + public SaProposalTest() { + mEncryption3DesTransform = new EncryptionTransform(SaProposal.ENCRYPTION_ALGORITHM_3DES); + mEncryptionAesGcm8Transform = + new EncryptionTransform( + SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, SaProposal.KEY_LEN_AES_128); + mEncryptionAesGcm12Transform = + new EncryptionTransform( + SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12, SaProposal.KEY_LEN_AES_128); + mIntegrityHmacSha1Transform = + new IntegrityTransform(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96); + mIntegrityNoneTransform = new IntegrityTransform(SaProposal.INTEGRITY_ALGORITHM_NONE); + mPrfAes128XCbcTransform = new PrfTransform(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC); + mDhGroup1024Transform = new DhGroupTransform(SaProposal.DH_GROUP_1024_BIT_MODP); + } + + @Test + public void testBuildIkeSaProposalWithNormalModeCipher() throws Exception { + Builder builder = Builder.newIkeSaProposalBuilder(); + SaProposal proposal = + builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) + .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) + .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC) + .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) + .build(); + + assertEquals(IkePayload.PROTOCOL_ID_IKE, proposal.getProtocolId()); + assertArrayEquals( + new EncryptionTransform[] {mEncryption3DesTransform}, + proposal.getEncryptionTransforms()); + assertArrayEquals( + new IntegrityTransform[] {mIntegrityHmacSha1Transform}, + proposal.getIntegrityTransforms()); + assertArrayEquals( + new PrfTransform[] {mPrfAes128XCbcTransform}, proposal.getPrfTransforms()); + assertArrayEquals( + new DhGroupTransform[] {mDhGroup1024Transform}, proposal.getDhGroupTransforms()); + } + + @Test + public void testBuildIkeSaProposalWithCombinedModeCipher() throws Exception { + Builder builder = Builder.newIkeSaProposalBuilder(); + SaProposal proposal = + builder.addEncryptionAlgorithm( + SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, + SaProposal.KEY_LEN_AES_128) + .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC) + .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) + .build(); + + assertEquals(IkePayload.PROTOCOL_ID_IKE, proposal.getProtocolId()); + assertArrayEquals( + new EncryptionTransform[] {mEncryptionAesGcm8Transform}, + proposal.getEncryptionTransforms()); + assertArrayEquals( + new PrfTransform[] {mPrfAes128XCbcTransform}, proposal.getPrfTransforms()); + assertArrayEquals( + new DhGroupTransform[] {mDhGroup1024Transform}, proposal.getDhGroupTransforms()); + assertTrue(proposal.getIntegrityTransforms().length == 0); + } + + @Test + public void testBuildFirstChildSaProposalWithCombinedCipher() throws Exception { + Builder builder = Builder.newChildSaProposalBuilder(true); + SaProposal proposal = + builder.addEncryptionAlgorithm( + SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_8, + SaProposal.KEY_LEN_AES_128) + .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE) + .build(); + + assertEquals(IkePayload.PROTOCOL_ID_ESP, proposal.getProtocolId()); + assertArrayEquals( + new EncryptionTransform[] {mEncryptionAesGcm8Transform}, + proposal.getEncryptionTransforms()); + assertArrayEquals( + new IntegrityTransform[] {mIntegrityNoneTransform}, + proposal.getIntegrityTransforms()); + assertTrue(proposal.getPrfTransforms().length == 0); + assertTrue(proposal.getDhGroupTransforms().length == 0); + } + + @Test + public void testBuildAdditionalChildSaProposalWithNormalCipher() throws Exception { + Builder builder = Builder.newChildSaProposalBuilder(false); + + SaProposal proposal = + builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) + .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE) + .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) + .build(); + + assertEquals(IkePayload.PROTOCOL_ID_ESP, proposal.getProtocolId()); + assertArrayEquals( + new EncryptionTransform[] {mEncryption3DesTransform}, + proposal.getEncryptionTransforms()); + assertArrayEquals( + new IntegrityTransform[] {mIntegrityNoneTransform}, + proposal.getIntegrityTransforms()); + assertArrayEquals( + new DhGroupTransform[] {mDhGroup1024Transform}, proposal.getDhGroupTransforms()); + assertTrue(proposal.getPrfTransforms().length == 0); + } + + @Test + public void testBuildEncryptAlgosWithNoAlgorithm() throws Exception { + Builder builder = Builder.newIkeSaProposalBuilder(); + try { + builder.build(); + fail("Expected to fail when no encryption algorithm is proposed."); + } catch (IllegalArgumentException expected) { + + } + } + + @Test + public void testBuildEncryptAlgosWithUnrecognizedAlgorithm() throws Exception { + Builder builder = Builder.newIkeSaProposalBuilder(); + try { + builder.addEncryptionAlgorithm(-1); + fail("Expected to fail when unrecognized encryption algorithm is proposed."); + } catch (IllegalArgumentException expected) { + + } + } + + @Test + public void testBuildEncryptAlgosWithTwoModes() throws Exception { + Builder builder = Builder.newIkeSaProposalBuilder(); + try { + builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) + .addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12); + fail( + "Expected to fail when " + + "normal and combined-mode ciphers are proposed together."); + } catch (IllegalArgumentException expected) { + + } + } + + @Test + public void testBuildIkeProposalWithoutPrf() throws Exception { + Builder builder = Builder.newIkeSaProposalBuilder(); + try { + builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES).build(); + fail("Expected to fail when PRF is not provided in IKE SA proposal."); + } catch (IllegalArgumentException expected) { + + } + } + + @Test + public void testBuildChildProposalWithPrf() throws Exception { + Builder builder = Builder.newChildSaProposalBuilder(false); + try { + builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) + .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1) + .build(); + + fail("Expected to fail when PRF is provided in Child SA proposal."); + } catch (IllegalArgumentException expected) { + + } + } + + // Test throwing exception when building IKE SA Proposal with AEAD and not-none integrity + // algorithm. + @Test + public void testBuildAeadWithIntegrityAlgo() throws Exception { + Builder builder = Builder.newChildSaProposalBuilder(false); + try { + builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_AES_GCM_12) + .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE) + .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) + .build(); + + fail("Expected to fail when not-none integrity algorithm is proposed with AEAD"); + } catch (IllegalArgumentException expected) { + + } + } + + // Test throwing exception when building IKE SA Proposal with normal mode cipher and without + // integrity algorithm. + @Test + public void testBuildIkeProposalNormalCipherWithoutIntegrityAlgo() throws Exception { + Builder builder = Builder.newChildSaProposalBuilder(false); + try { + builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) + .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1) + .build(); + + fail( + "Expected to fail when" + + " no integrity algorithm is proposed with non-combined cipher"); + } catch (IllegalArgumentException expected) { + + } + } + + // Test throwing exception when building IKE SA Proposal with normal mode cipher and none-value + // integrity algorithm. + @Test + public void testBuildIkeProposalNormalCipherWithNoneValueIntegrityAlgo() throws Exception { + Builder builder = Builder.newChildSaProposalBuilder(false); + try { + builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) + .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1) + .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_NONE) + .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) + .build(); + + fail( + "Expected to fail when none-value integrity algorithm is proposed" + + " with non-combined cipher"); + } catch (IllegalArgumentException expected) { + + } + } + + @Test + public void testBuildIkeProposalWithoutDhGroup() throws Exception { + Builder builder = Builder.newIkeSaProposalBuilder(); + try { + builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) + .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) + .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC) + .build(); + + fail("Expected to fail when no DH Group is proposed in IKE SA proposal."); + } catch (IllegalArgumentException expected) { + + } + } + + @Test + public void testBuildIkeProposalWithNoneValueDhGroup() throws Exception { + Builder builder = Builder.newIkeSaProposalBuilder(); + try { + builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) + .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) + .addPseudorandomFunction(SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC) + .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) + .addDhGroup(SaProposal.DH_GROUP_NONE) + .build(); + + fail("Expected to fail when none-value DH Group is proposed in IKE SA proposal."); + } catch (IllegalArgumentException expected) { + + } + } + + // Test throwing exception when building first Child SA Proposal with not-none-value DH Group. + @Test + public void testBuildFirstChildProposalWithNotNoneValueDhGroup() throws Exception { + Builder builder = Builder.newChildSaProposalBuilder(true); + try { + builder.addEncryptionAlgorithm(SaProposal.ENCRYPTION_ALGORITHM_3DES) + .addIntegrityAlgorithm(SaProposal.INTEGRITY_ALGORITHM_HMAC_SHA1_96) + .addDhGroup(SaProposal.DH_GROUP_1024_BIT_MODP) + .build(); + + fail( + "Expected to fail when" + + " not-none-value DH Group is proposed in first Child SA proposal."); + } catch (IllegalArgumentException expected) { + + } + } + + @Test + public void testIsTransformSelectedFrom() throws Exception { + assertTrue(SaProposal.isTransformSelectedFrom(new Transform[0], new Transform[0])); + assertTrue( + SaProposal.isTransformSelectedFrom( + new Transform[] {mEncryptionAesGcm8Transform}, + new Transform[] { + mEncryptionAesGcm8Transform, mEncryptionAesGcm12Transform + })); + assertTrue( + SaProposal.isTransformSelectedFrom( + new Transform[] {mIntegrityNoneTransform}, + new Transform[] {mIntegrityNoneTransform})); + + // No transform selected. + assertFalse( + SaProposal.isTransformSelectedFrom( + new Transform[0], new Transform[] {mEncryptionAesGcm8Transform})); + + // Selected transform was not part of original proposal. + assertFalse( + SaProposal.isTransformSelectedFrom( + new Transform[] {mPrfAes128XCbcTransform}, new Transform[0])); + + // More than one transform returned. + assertFalse( + SaProposal.isTransformSelectedFrom( + new Transform[] {mEncryptionAesGcm8Transform, mEncryptionAesGcm12Transform}, + new Transform[] { + mEncryptionAesGcm8Transform, mEncryptionAesGcm12Transform + })); + + // Selected transform was not part of original proposal. + assertFalse( + SaProposal.isTransformSelectedFrom( + new Transform[] {mIntegrityNoneTransform}, + new Transform[] {mIntegrityHmacSha1Transform})); + } +} |